cfg80211: Expose TXQ stats and parameters to userspace
[muen/linux.git] / net / wireless / nl80211.c
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
5  * Copyright 2013-2014  Intel Mobile Communications GmbH
6  * Copyright 2015-2017  Intel Deutschland GmbH
7  * Copyright (C) 2018 Intel Corporation
8  */
9
10 #include <linux/if.h>
11 #include <linux/module.h>
12 #include <linux/err.h>
13 #include <linux/slab.h>
14 #include <linux/list.h>
15 #include <linux/if_ether.h>
16 #include <linux/ieee80211.h>
17 #include <linux/nl80211.h>
18 #include <linux/rtnetlink.h>
19 #include <linux/netlink.h>
20 #include <linux/nospec.h>
21 #include <linux/etherdevice.h>
22 #include <net/net_namespace.h>
23 #include <net/genetlink.h>
24 #include <net/cfg80211.h>
25 #include <net/sock.h>
26 #include <net/inet_connection_sock.h>
27 #include "core.h"
28 #include "nl80211.h"
29 #include "reg.h"
30 #include "rdev-ops.h"
31
32 static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
33                                    struct genl_info *info,
34                                    struct cfg80211_crypto_settings *settings,
35                                    int cipher_limit);
36
37 /* the netlink family */
38 static struct genl_family nl80211_fam;
39
40 /* multicast groups */
41 enum nl80211_multicast_groups {
42         NL80211_MCGRP_CONFIG,
43         NL80211_MCGRP_SCAN,
44         NL80211_MCGRP_REGULATORY,
45         NL80211_MCGRP_MLME,
46         NL80211_MCGRP_VENDOR,
47         NL80211_MCGRP_NAN,
48         NL80211_MCGRP_TESTMODE /* keep last - ifdef! */
49 };
50
51 static const struct genl_multicast_group nl80211_mcgrps[] = {
52         [NL80211_MCGRP_CONFIG] = { .name = NL80211_MULTICAST_GROUP_CONFIG },
53         [NL80211_MCGRP_SCAN] = { .name = NL80211_MULTICAST_GROUP_SCAN },
54         [NL80211_MCGRP_REGULATORY] = { .name = NL80211_MULTICAST_GROUP_REG },
55         [NL80211_MCGRP_MLME] = { .name = NL80211_MULTICAST_GROUP_MLME },
56         [NL80211_MCGRP_VENDOR] = { .name = NL80211_MULTICAST_GROUP_VENDOR },
57         [NL80211_MCGRP_NAN] = { .name = NL80211_MULTICAST_GROUP_NAN },
58 #ifdef CONFIG_NL80211_TESTMODE
59         [NL80211_MCGRP_TESTMODE] = { .name = NL80211_MULTICAST_GROUP_TESTMODE }
60 #endif
61 };
62
63 /* returns ERR_PTR values */
64 static struct wireless_dev *
65 __cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
66 {
67         struct cfg80211_registered_device *rdev;
68         struct wireless_dev *result = NULL;
69         bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
70         bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
71         u64 wdev_id;
72         int wiphy_idx = -1;
73         int ifidx = -1;
74
75         ASSERT_RTNL();
76
77         if (!have_ifidx && !have_wdev_id)
78                 return ERR_PTR(-EINVAL);
79
80         if (have_ifidx)
81                 ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
82         if (have_wdev_id) {
83                 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
84                 wiphy_idx = wdev_id >> 32;
85         }
86
87         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
88                 struct wireless_dev *wdev;
89
90                 if (wiphy_net(&rdev->wiphy) != netns)
91                         continue;
92
93                 if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
94                         continue;
95
96                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
97                         if (have_ifidx && wdev->netdev &&
98                             wdev->netdev->ifindex == ifidx) {
99                                 result = wdev;
100                                 break;
101                         }
102                         if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
103                                 result = wdev;
104                                 break;
105                         }
106                 }
107
108                 if (result)
109                         break;
110         }
111
112         if (result)
113                 return result;
114         return ERR_PTR(-ENODEV);
115 }
116
117 static struct cfg80211_registered_device *
118 __cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
119 {
120         struct cfg80211_registered_device *rdev = NULL, *tmp;
121         struct net_device *netdev;
122
123         ASSERT_RTNL();
124
125         if (!attrs[NL80211_ATTR_WIPHY] &&
126             !attrs[NL80211_ATTR_IFINDEX] &&
127             !attrs[NL80211_ATTR_WDEV])
128                 return ERR_PTR(-EINVAL);
129
130         if (attrs[NL80211_ATTR_WIPHY])
131                 rdev = cfg80211_rdev_by_wiphy_idx(
132                                 nla_get_u32(attrs[NL80211_ATTR_WIPHY]));
133
134         if (attrs[NL80211_ATTR_WDEV]) {
135                 u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
136                 struct wireless_dev *wdev;
137                 bool found = false;
138
139                 tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
140                 if (tmp) {
141                         /* make sure wdev exists */
142                         list_for_each_entry(wdev, &tmp->wiphy.wdev_list, list) {
143                                 if (wdev->identifier != (u32)wdev_id)
144                                         continue;
145                                 found = true;
146                                 break;
147                         }
148
149                         if (!found)
150                                 tmp = NULL;
151
152                         if (rdev && tmp != rdev)
153                                 return ERR_PTR(-EINVAL);
154                         rdev = tmp;
155                 }
156         }
157
158         if (attrs[NL80211_ATTR_IFINDEX]) {
159                 int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
160
161                 netdev = __dev_get_by_index(netns, ifindex);
162                 if (netdev) {
163                         if (netdev->ieee80211_ptr)
164                                 tmp = wiphy_to_rdev(
165                                         netdev->ieee80211_ptr->wiphy);
166                         else
167                                 tmp = NULL;
168
169                         /* not wireless device -- return error */
170                         if (!tmp)
171                                 return ERR_PTR(-EINVAL);
172
173                         /* mismatch -- return error */
174                         if (rdev && tmp != rdev)
175                                 return ERR_PTR(-EINVAL);
176
177                         rdev = tmp;
178                 }
179         }
180
181         if (!rdev)
182                 return ERR_PTR(-ENODEV);
183
184         if (netns != wiphy_net(&rdev->wiphy))
185                 return ERR_PTR(-ENODEV);
186
187         return rdev;
188 }
189
190 /*
191  * This function returns a pointer to the driver
192  * that the genl_info item that is passed refers to.
193  *
194  * The result of this can be a PTR_ERR and hence must
195  * be checked with IS_ERR() for errors.
196  */
197 static struct cfg80211_registered_device *
198 cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
199 {
200         return __cfg80211_rdev_from_attrs(netns, info->attrs);
201 }
202
203 /* policy for the attributes */
204 static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
205         [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
206         [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
207                                       .len = 20-1 },
208         [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
209
210         [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
211         [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
212         [NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
213         [NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
214         [NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
215
216         [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
217         [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
218         [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
219         [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
220         [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
221         [NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
222
223         [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
224         [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
225         [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
226
227         [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
228         [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
229
230         [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
231         [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
232                                     .len = WLAN_MAX_KEY_LEN },
233         [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
234         [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
235         [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
236         [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
237         [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
238
239         [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
240         [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
241         [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
242                                        .len = IEEE80211_MAX_DATA_LEN },
243         [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
244                                        .len = IEEE80211_MAX_DATA_LEN },
245         [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
246         [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
247         [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
248         [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
249                                                .len = NL80211_MAX_SUPP_RATES },
250         [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
251         [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
252         [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
253         [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
254                                    .len = IEEE80211_MAX_MESH_ID_LEN },
255         [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
256
257         [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
258         [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
259
260         [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
261         [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
262         [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
263         [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
264                                            .len = NL80211_MAX_SUPP_RATES },
265         [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },
266
267         [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
268         [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
269
270         [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
271
272         [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
273         [NL80211_ATTR_IE] = { .type = NLA_BINARY,
274                               .len = IEEE80211_MAX_DATA_LEN },
275         [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
276         [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
277
278         [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
279                                 .len = IEEE80211_MAX_SSID_LEN },
280         [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
281         [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
282         [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
283         [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
284         [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
285         [NL80211_ATTR_STA_FLAGS2] = {
286                 .len = sizeof(struct nl80211_sta_flag_update),
287         },
288         [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
289         [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
290         [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
291         [NL80211_ATTR_CONTROL_PORT_OVER_NL80211] = { .type = NLA_FLAG },
292         [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
293         [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
294         [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
295         [NL80211_ATTR_PID] = { .type = NLA_U32 },
296         [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
297         [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
298         [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
299         [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
300         [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
301         [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
302                                  .len = IEEE80211_MAX_DATA_LEN },
303         [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
304         [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
305         [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
306         [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
307         [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
308         [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
309         [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
310         [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
311         [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
312         [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
313         [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
314         [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
315         [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
316         [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
317         [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
318         [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
319         [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
320         [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
321         [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
322         [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
323                                          .len = IEEE80211_MAX_DATA_LEN },
324         [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
325                                          .len = IEEE80211_MAX_DATA_LEN },
326         [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
327         [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
328         [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
329         [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
330         [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
331         [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
332         [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
333         [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
334         [NL80211_ATTR_TDLS_INITIATOR] = { .type = NLA_FLAG },
335         [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
336         [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
337                                       .len = IEEE80211_MAX_DATA_LEN },
338         [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
339         [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
340         [NL80211_ATTR_HT_CAPABILITY_MASK] = {
341                 .len = NL80211_HT_CAPABILITY_LEN
342         },
343         [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
344         [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
345         [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
346         [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
347         [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
348         [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
349         [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
350         [NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
351         [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
352         [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
353         [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
354         [NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
355         [NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
356         [NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
357         [NL80211_ATTR_STA_EXT_CAPABILITY] = { .type = NLA_BINARY, },
358         [NL80211_ATTR_SPLIT_WIPHY_DUMP] = { .type = NLA_FLAG, },
359         [NL80211_ATTR_DISABLE_VHT] = { .type = NLA_FLAG },
360         [NL80211_ATTR_VHT_CAPABILITY_MASK] = {
361                 .len = NL80211_VHT_CAPABILITY_LEN,
362         },
363         [NL80211_ATTR_MDID] = { .type = NLA_U16 },
364         [NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
365                                   .len = IEEE80211_MAX_DATA_LEN },
366         [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
367         [NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
368         [NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
369         [NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
370         [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
371         [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
372         [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
373         [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
374         [NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
375         [NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
376         [NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
377         [NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
378         [NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
379         [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
380                                    .len = IEEE80211_QOS_MAP_LEN_MAX },
381         [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
382         [NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
383         [NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
384         [NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
385         [NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
386         [NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
387         [NL80211_ATTR_TSID] = { .type = NLA_U8 },
388         [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
389         [NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
390         [NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
391         [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
392         [NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
393         [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
394         [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
395         [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
396         [NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
397         [NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
398         [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
399         [NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
400                 .len = VHT_MUMIMO_GROUPS_DATA_LEN
401         },
402         [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
403         [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
404         [NL80211_ATTR_BANDS] = { .type = NLA_U32 },
405         [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
406         [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
407                                     .len = FILS_MAX_KEK_LEN },
408         [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
409         [NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
410         [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
411         [NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
412         [NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
413                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
414         },
415         [NL80211_ATTR_TIMEOUT_REASON] = { .type = NLA_U32 },
416         [NL80211_ATTR_FILS_ERP_USERNAME] = { .type = NLA_BINARY,
417                                              .len = FILS_ERP_MAX_USERNAME_LEN },
418         [NL80211_ATTR_FILS_ERP_REALM] = { .type = NLA_BINARY,
419                                           .len = FILS_ERP_MAX_REALM_LEN },
420         [NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
421         [NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
422                                         .len = FILS_ERP_MAX_RRK_LEN },
423         [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
424         [NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
425         [NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
426         [NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
427
428         [NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
429         [NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
430         [NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
431 };
432
433 /* policy for the key attributes */
434 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
435         [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
436         [NL80211_KEY_IDX] = { .type = NLA_U8 },
437         [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
438         [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
439         [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
440         [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
441         [NL80211_KEY_TYPE] = { .type = NLA_U32 },
442         [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
443 };
444
445 /* policy for the key default flags */
446 static const struct nla_policy
447 nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
448         [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
449         [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
450 };
451
452 #ifdef CONFIG_PM
453 /* policy for WoWLAN attributes */
454 static const struct nla_policy
455 nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
456         [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
457         [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
458         [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
459         [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
460         [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
461         [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
462         [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
463         [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
464         [NL80211_WOWLAN_TRIG_TCP_CONNECTION] = { .type = NLA_NESTED },
465         [NL80211_WOWLAN_TRIG_NET_DETECT] = { .type = NLA_NESTED },
466 };
467
468 static const struct nla_policy
469 nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
470         [NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
471         [NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
472         [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
473         [NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
474         [NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
475         [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
476         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
477                 .len = sizeof(struct nl80211_wowlan_tcp_data_seq)
478         },
479         [NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN] = {
480                 .len = sizeof(struct nl80211_wowlan_tcp_data_token)
481         },
482         [NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
483         [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
484         [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
485 };
486 #endif /* CONFIG_PM */
487
488 /* policy for coalesce rule attributes */
489 static const struct nla_policy
490 nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
491         [NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
492         [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
493         [NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
494 };
495
496 /* policy for GTK rekey offload attributes */
497 static const struct nla_policy
498 nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
499         [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
500         [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
501         [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
502 };
503
504 static const struct nla_policy
505 nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
506         [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
507                                                  .len = IEEE80211_MAX_SSID_LEN },
508         [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
509         [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
510 };
511
512 static const struct nla_policy
513 nl80211_plan_policy[NL80211_SCHED_SCAN_PLAN_MAX + 1] = {
514         [NL80211_SCHED_SCAN_PLAN_INTERVAL] = { .type = NLA_U32 },
515         [NL80211_SCHED_SCAN_PLAN_ITERATIONS] = { .type = NLA_U32 },
516 };
517
518 static const struct nla_policy
519 nl80211_bss_select_policy[NL80211_BSS_SELECT_ATTR_MAX + 1] = {
520         [NL80211_BSS_SELECT_ATTR_RSSI] = { .type = NLA_FLAG },
521         [NL80211_BSS_SELECT_ATTR_BAND_PREF] = { .type = NLA_U32 },
522         [NL80211_BSS_SELECT_ATTR_RSSI_ADJUST] = {
523                 .len = sizeof(struct nl80211_bss_select_rssi_adjust)
524         },
525 };
526
527 /* policy for NAN function attributes */
528 static const struct nla_policy
529 nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
530         [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
531         [NL80211_NAN_FUNC_SERVICE_ID] = {
532                                     .len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
533         [NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
534         [NL80211_NAN_FUNC_PUBLISH_BCAST] = { .type = NLA_FLAG },
535         [NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
536         [NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
537         [NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
538         [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
539         [NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
540         [NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
541         [NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
542                         .len = NL80211_NAN_FUNC_SERVICE_SPEC_INFO_MAX_LEN },
543         [NL80211_NAN_FUNC_SRF] = { .type = NLA_NESTED },
544         [NL80211_NAN_FUNC_RX_MATCH_FILTER] = { .type = NLA_NESTED },
545         [NL80211_NAN_FUNC_TX_MATCH_FILTER] = { .type = NLA_NESTED },
546         [NL80211_NAN_FUNC_INSTANCE_ID] = { .type = NLA_U8 },
547         [NL80211_NAN_FUNC_TERM_REASON] = { .type = NLA_U8 },
548 };
549
550 /* policy for Service Response Filter attributes */
551 static const struct nla_policy
552 nl80211_nan_srf_policy[NL80211_NAN_SRF_ATTR_MAX + 1] = {
553         [NL80211_NAN_SRF_INCLUDE] = { .type = NLA_FLAG },
554         [NL80211_NAN_SRF_BF] = { .type = NLA_BINARY,
555                                  .len =  NL80211_NAN_FUNC_SRF_MAX_LEN },
556         [NL80211_NAN_SRF_BF_IDX] = { .type = NLA_U8 },
557         [NL80211_NAN_SRF_MAC_ADDRS] = { .type = NLA_NESTED },
558 };
559
560 /* policy for packet pattern attributes */
561 static const struct nla_policy
562 nl80211_packet_pattern_policy[MAX_NL80211_PKTPAT + 1] = {
563         [NL80211_PKTPAT_MASK] = { .type = NLA_BINARY, },
564         [NL80211_PKTPAT_PATTERN] = { .type = NLA_BINARY, },
565         [NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
566 };
567
568 static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
569                                      struct netlink_callback *cb,
570                                      struct cfg80211_registered_device **rdev,
571                                      struct wireless_dev **wdev)
572 {
573         int err;
574
575         if (!cb->args[0]) {
576                 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
577                                   genl_family_attrbuf(&nl80211_fam),
578                                   nl80211_fam.maxattr, nl80211_policy, NULL);
579                 if (err)
580                         return err;
581
582                 *wdev = __cfg80211_wdev_from_attrs(
583                                         sock_net(skb->sk),
584                                         genl_family_attrbuf(&nl80211_fam));
585                 if (IS_ERR(*wdev))
586                         return PTR_ERR(*wdev);
587                 *rdev = wiphy_to_rdev((*wdev)->wiphy);
588                 /* 0 is the first index - add 1 to parse only once */
589                 cb->args[0] = (*rdev)->wiphy_idx + 1;
590                 cb->args[1] = (*wdev)->identifier;
591         } else {
592                 /* subtract the 1 again here */
593                 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0] - 1);
594                 struct wireless_dev *tmp;
595
596                 if (!wiphy)
597                         return -ENODEV;
598                 *rdev = wiphy_to_rdev(wiphy);
599                 *wdev = NULL;
600
601                 list_for_each_entry(tmp, &(*rdev)->wiphy.wdev_list, list) {
602                         if (tmp->identifier == cb->args[1]) {
603                                 *wdev = tmp;
604                                 break;
605                         }
606                 }
607
608                 if (!*wdev)
609                         return -ENODEV;
610         }
611
612         return 0;
613 }
614
615 /* IE validation */
616 static bool is_valid_ie_attr(const struct nlattr *attr)
617 {
618         const u8 *pos;
619         int len;
620
621         if (!attr)
622                 return true;
623
624         pos = nla_data(attr);
625         len = nla_len(attr);
626
627         while (len) {
628                 u8 elemlen;
629
630                 if (len < 2)
631                         return false;
632                 len -= 2;
633
634                 elemlen = pos[1];
635                 if (elemlen > len)
636                         return false;
637
638                 len -= elemlen;
639                 pos += 2 + elemlen;
640         }
641
642         return true;
643 }
644
645 /* message building helper */
646 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
647                                    int flags, u8 cmd)
648 {
649         /* since there is no private header just add the generic one */
650         return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
651 }
652
653 static int nl80211_msg_put_wmm_rules(struct sk_buff *msg,
654                                      const struct ieee80211_reg_rule *rule)
655 {
656         int j;
657         struct nlattr *nl_wmm_rules =
658                 nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM);
659
660         if (!nl_wmm_rules)
661                 goto nla_put_failure;
662
663         for (j = 0; j < IEEE80211_NUM_ACS; j++) {
664                 struct nlattr *nl_wmm_rule = nla_nest_start(msg, j);
665
666                 if (!nl_wmm_rule)
667                         goto nla_put_failure;
668
669                 if (nla_put_u16(msg, NL80211_WMMR_CW_MIN,
670                                 rule->wmm_rule->client[j].cw_min) ||
671                     nla_put_u16(msg, NL80211_WMMR_CW_MAX,
672                                 rule->wmm_rule->client[j].cw_max) ||
673                     nla_put_u8(msg, NL80211_WMMR_AIFSN,
674                                rule->wmm_rule->client[j].aifsn) ||
675                     nla_put_u8(msg, NL80211_WMMR_TXOP,
676                                rule->wmm_rule->client[j].cot))
677                         goto nla_put_failure;
678
679                 nla_nest_end(msg, nl_wmm_rule);
680         }
681         nla_nest_end(msg, nl_wmm_rules);
682
683         return 0;
684
685 nla_put_failure:
686         return -ENOBUFS;
687 }
688
689 static int nl80211_msg_put_channel(struct sk_buff *msg, struct wiphy *wiphy,
690                                    struct ieee80211_channel *chan,
691                                    bool large)
692 {
693         /* Some channels must be completely excluded from the
694          * list to protect old user-space tools from breaking
695          */
696         if (!large && chan->flags &
697             (IEEE80211_CHAN_NO_10MHZ | IEEE80211_CHAN_NO_20MHZ))
698                 return 0;
699
700         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
701                         chan->center_freq))
702                 goto nla_put_failure;
703
704         if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
705             nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
706                 goto nla_put_failure;
707         if (chan->flags & IEEE80211_CHAN_NO_IR) {
708                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IR))
709                         goto nla_put_failure;
710                 if (nla_put_flag(msg, __NL80211_FREQUENCY_ATTR_NO_IBSS))
711                         goto nla_put_failure;
712         }
713         if (chan->flags & IEEE80211_CHAN_RADAR) {
714                 if (nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
715                         goto nla_put_failure;
716                 if (large) {
717                         u32 time;
718
719                         time = elapsed_jiffies_msecs(chan->dfs_state_entered);
720
721                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_STATE,
722                                         chan->dfs_state))
723                                 goto nla_put_failure;
724                         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_DFS_TIME,
725                                         time))
726                                 goto nla_put_failure;
727                         if (nla_put_u32(msg,
728                                         NL80211_FREQUENCY_ATTR_DFS_CAC_TIME,
729                                         chan->dfs_cac_ms))
730                                 goto nla_put_failure;
731                 }
732         }
733
734         if (large) {
735                 if ((chan->flags & IEEE80211_CHAN_NO_HT40MINUS) &&
736                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_MINUS))
737                         goto nla_put_failure;
738                 if ((chan->flags & IEEE80211_CHAN_NO_HT40PLUS) &&
739                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HT40_PLUS))
740                         goto nla_put_failure;
741                 if ((chan->flags & IEEE80211_CHAN_NO_80MHZ) &&
742                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_80MHZ))
743                         goto nla_put_failure;
744                 if ((chan->flags & IEEE80211_CHAN_NO_160MHZ) &&
745                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_160MHZ))
746                         goto nla_put_failure;
747                 if ((chan->flags & IEEE80211_CHAN_INDOOR_ONLY) &&
748                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_INDOOR_ONLY))
749                         goto nla_put_failure;
750                 if ((chan->flags & IEEE80211_CHAN_IR_CONCURRENT) &&
751                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_IR_CONCURRENT))
752                         goto nla_put_failure;
753                 if ((chan->flags & IEEE80211_CHAN_NO_20MHZ) &&
754                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_20MHZ))
755                         goto nla_put_failure;
756                 if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
757                     nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
758                         goto nla_put_failure;
759         }
760
761         if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
762                         DBM_TO_MBM(chan->max_power)))
763                 goto nla_put_failure;
764
765         if (large) {
766                 const struct ieee80211_reg_rule *rule =
767                         freq_reg_info(wiphy, chan->center_freq);
768
769                 if (!IS_ERR(rule) && rule->wmm_rule) {
770                         if (nl80211_msg_put_wmm_rules(msg, rule))
771                                 goto nla_put_failure;
772                 }
773         }
774
775         return 0;
776
777  nla_put_failure:
778         return -ENOBUFS;
779 }
780
781 static bool nl80211_put_txq_stats(struct sk_buff *msg,
782                                   struct cfg80211_txq_stats *txqstats,
783                                   int attrtype)
784 {
785         struct nlattr *txqattr;
786
787 #define PUT_TXQVAL_U32(attr, memb) do {                                   \
788         if (txqstats->filled & BIT(NL80211_TXQ_STATS_ ## attr) &&         \
789             nla_put_u32(msg, NL80211_TXQ_STATS_ ## attr, txqstats->memb)) \
790                 return false;                                             \
791         } while (0)
792
793         txqattr = nla_nest_start(msg, attrtype);
794         if (!txqattr)
795                 return false;
796
797         PUT_TXQVAL_U32(BACKLOG_BYTES, backlog_bytes);
798         PUT_TXQVAL_U32(BACKLOG_PACKETS, backlog_packets);
799         PUT_TXQVAL_U32(FLOWS, flows);
800         PUT_TXQVAL_U32(DROPS, drops);
801         PUT_TXQVAL_U32(ECN_MARKS, ecn_marks);
802         PUT_TXQVAL_U32(OVERLIMIT, overlimit);
803         PUT_TXQVAL_U32(OVERMEMORY, overmemory);
804         PUT_TXQVAL_U32(COLLISIONS, collisions);
805         PUT_TXQVAL_U32(TX_BYTES, tx_bytes);
806         PUT_TXQVAL_U32(TX_PACKETS, tx_packets);
807         PUT_TXQVAL_U32(MAX_FLOWS, max_flows);
808         nla_nest_end(msg, txqattr);
809
810 #undef PUT_TXQVAL_U32
811         return true;
812 }
813
814 /* netlink command implementations */
815
816 struct key_parse {
817         struct key_params p;
818         int idx;
819         int type;
820         bool def, defmgmt;
821         bool def_uni, def_multi;
822 };
823
824 static int nl80211_parse_key_new(struct genl_info *info, struct nlattr *key,
825                                  struct key_parse *k)
826 {
827         struct nlattr *tb[NL80211_KEY_MAX + 1];
828         int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
829                                    nl80211_key_policy, info->extack);
830         if (err)
831                 return err;
832
833         k->def = !!tb[NL80211_KEY_DEFAULT];
834         k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
835
836         if (k->def) {
837                 k->def_uni = true;
838                 k->def_multi = true;
839         }
840         if (k->defmgmt)
841                 k->def_multi = true;
842
843         if (tb[NL80211_KEY_IDX])
844                 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
845
846         if (tb[NL80211_KEY_DATA]) {
847                 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
848                 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
849         }
850
851         if (tb[NL80211_KEY_SEQ]) {
852                 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
853                 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
854         }
855
856         if (tb[NL80211_KEY_CIPHER])
857                 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
858
859         if (tb[NL80211_KEY_TYPE]) {
860                 k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
861                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
862                         return genl_err_attr(info, -EINVAL,
863                                              tb[NL80211_KEY_TYPE]);
864         }
865
866         if (tb[NL80211_KEY_DEFAULT_TYPES]) {
867                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
868
869                 err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
870                                        tb[NL80211_KEY_DEFAULT_TYPES],
871                                        nl80211_key_default_policy,
872                                        info->extack);
873                 if (err)
874                         return err;
875
876                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
877                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
878         }
879
880         return 0;
881 }
882
883 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
884 {
885         if (info->attrs[NL80211_ATTR_KEY_DATA]) {
886                 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
887                 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
888         }
889
890         if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
891                 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
892                 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
893         }
894
895         if (info->attrs[NL80211_ATTR_KEY_IDX])
896                 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
897
898         if (info->attrs[NL80211_ATTR_KEY_CIPHER])
899                 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
900
901         k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
902         k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
903
904         if (k->def) {
905                 k->def_uni = true;
906                 k->def_multi = true;
907         }
908         if (k->defmgmt)
909                 k->def_multi = true;
910
911         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
912                 k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
913                 if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES) {
914                         GENL_SET_ERR_MSG(info, "key type out of range");
915                         return -EINVAL;
916                 }
917         }
918
919         if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
920                 struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
921                 int err = nla_parse_nested(kdt,
922                                            NUM_NL80211_KEY_DEFAULT_TYPES - 1,
923                                            info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
924                                            nl80211_key_default_policy,
925                                            info->extack);
926                 if (err)
927                         return err;
928
929                 k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
930                 k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
931         }
932
933         return 0;
934 }
935
936 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
937 {
938         int err;
939
940         memset(k, 0, sizeof(*k));
941         k->idx = -1;
942         k->type = -1;
943
944         if (info->attrs[NL80211_ATTR_KEY])
945                 err = nl80211_parse_key_new(info, info->attrs[NL80211_ATTR_KEY], k);
946         else
947                 err = nl80211_parse_key_old(info, k);
948
949         if (err)
950                 return err;
951
952         if (k->def && k->defmgmt) {
953                 GENL_SET_ERR_MSG(info, "key with def && defmgmt is invalid");
954                 return -EINVAL;
955         }
956
957         if (k->defmgmt) {
958                 if (k->def_uni || !k->def_multi) {
959                         GENL_SET_ERR_MSG(info, "defmgmt key must be mcast");
960                         return -EINVAL;
961                 }
962         }
963
964         if (k->idx != -1) {
965                 if (k->defmgmt) {
966                         if (k->idx < 4 || k->idx > 5) {
967                                 GENL_SET_ERR_MSG(info,
968                                                  "defmgmt key idx not 4 or 5");
969                                 return -EINVAL;
970                         }
971                 } else if (k->def) {
972                         if (k->idx < 0 || k->idx > 3) {
973                                 GENL_SET_ERR_MSG(info, "def key idx not 0-3");
974                                 return -EINVAL;
975                         }
976                 } else {
977                         if (k->idx < 0 || k->idx > 5) {
978                                 GENL_SET_ERR_MSG(info, "key idx not 0-5");
979                                 return -EINVAL;
980                         }
981                 }
982         }
983
984         return 0;
985 }
986
987 static struct cfg80211_cached_keys *
988 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
989                        struct genl_info *info, bool *no_ht)
990 {
991         struct nlattr *keys = info->attrs[NL80211_ATTR_KEYS];
992         struct key_parse parse;
993         struct nlattr *key;
994         struct cfg80211_cached_keys *result;
995         int rem, err, def = 0;
996         bool have_key = false;
997
998         nla_for_each_nested(key, keys, rem) {
999                 have_key = true;
1000                 break;
1001         }
1002
1003         if (!have_key)
1004                 return NULL;
1005
1006         result = kzalloc(sizeof(*result), GFP_KERNEL);
1007         if (!result)
1008                 return ERR_PTR(-ENOMEM);
1009
1010         result->def = -1;
1011
1012         nla_for_each_nested(key, keys, rem) {
1013                 memset(&parse, 0, sizeof(parse));
1014                 parse.idx = -1;
1015
1016                 err = nl80211_parse_key_new(info, key, &parse);
1017                 if (err)
1018                         goto error;
1019                 err = -EINVAL;
1020                 if (!parse.p.key)
1021                         goto error;
1022                 if (parse.idx < 0 || parse.idx > 3) {
1023                         GENL_SET_ERR_MSG(info, "key index out of range [0-3]");
1024                         goto error;
1025                 }
1026                 if (parse.def) {
1027                         if (def) {
1028                                 GENL_SET_ERR_MSG(info,
1029                                                  "only one key can be default");
1030                                 goto error;
1031                         }
1032                         def = 1;
1033                         result->def = parse.idx;
1034                         if (!parse.def_uni || !parse.def_multi)
1035                                 goto error;
1036                 } else if (parse.defmgmt)
1037                         goto error;
1038                 err = cfg80211_validate_key_settings(rdev, &parse.p,
1039                                                      parse.idx, false, NULL);
1040                 if (err)
1041                         goto error;
1042                 if (parse.p.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1043                     parse.p.cipher != WLAN_CIPHER_SUITE_WEP104) {
1044                         GENL_SET_ERR_MSG(info, "connect key must be WEP");
1045                         err = -EINVAL;
1046                         goto error;
1047                 }
1048                 result->params[parse.idx].cipher = parse.p.cipher;
1049                 result->params[parse.idx].key_len = parse.p.key_len;
1050                 result->params[parse.idx].key = result->data[parse.idx];
1051                 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
1052
1053                 /* must be WEP key if we got here */
1054                 if (no_ht)
1055                         *no_ht = true;
1056         }
1057
1058         if (result->def < 0) {
1059                 err = -EINVAL;
1060                 GENL_SET_ERR_MSG(info, "need a default/TX key");
1061                 goto error;
1062         }
1063
1064         return result;
1065  error:
1066         kfree(result);
1067         return ERR_PTR(err);
1068 }
1069
1070 static int nl80211_key_allowed(struct wireless_dev *wdev)
1071 {
1072         ASSERT_WDEV_LOCK(wdev);
1073
1074         switch (wdev->iftype) {
1075         case NL80211_IFTYPE_AP:
1076         case NL80211_IFTYPE_AP_VLAN:
1077         case NL80211_IFTYPE_P2P_GO:
1078         case NL80211_IFTYPE_MESH_POINT:
1079                 break;
1080         case NL80211_IFTYPE_ADHOC:
1081         case NL80211_IFTYPE_STATION:
1082         case NL80211_IFTYPE_P2P_CLIENT:
1083                 if (!wdev->current_bss)
1084                         return -ENOLINK;
1085                 break;
1086         case NL80211_IFTYPE_UNSPECIFIED:
1087         case NL80211_IFTYPE_OCB:
1088         case NL80211_IFTYPE_MONITOR:
1089         case NL80211_IFTYPE_NAN:
1090         case NL80211_IFTYPE_P2P_DEVICE:
1091         case NL80211_IFTYPE_WDS:
1092         case NUM_NL80211_IFTYPES:
1093                 return -EINVAL;
1094         }
1095
1096         return 0;
1097 }
1098
1099 static struct ieee80211_channel *nl80211_get_valid_chan(struct wiphy *wiphy,
1100                                                         struct nlattr *tb)
1101 {
1102         struct ieee80211_channel *chan;
1103
1104         if (tb == NULL)
1105                 return NULL;
1106         chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
1107         if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
1108                 return NULL;
1109         return chan;
1110 }
1111
1112 static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1113 {
1114         struct nlattr *nl_modes = nla_nest_start(msg, attr);
1115         int i;
1116
1117         if (!nl_modes)
1118                 goto nla_put_failure;
1119
1120         i = 0;
1121         while (ifmodes) {
1122                 if ((ifmodes & 1) && nla_put_flag(msg, i))
1123                         goto nla_put_failure;
1124                 ifmodes >>= 1;
1125                 i++;
1126         }
1127
1128         nla_nest_end(msg, nl_modes);
1129         return 0;
1130
1131 nla_put_failure:
1132         return -ENOBUFS;
1133 }
1134
1135 static int nl80211_put_iface_combinations(struct wiphy *wiphy,
1136                                           struct sk_buff *msg,
1137                                           bool large)
1138 {
1139         struct nlattr *nl_combis;
1140         int i, j;
1141
1142         nl_combis = nla_nest_start(msg,
1143                                 NL80211_ATTR_INTERFACE_COMBINATIONS);
1144         if (!nl_combis)
1145                 goto nla_put_failure;
1146
1147         for (i = 0; i < wiphy->n_iface_combinations; i++) {
1148                 const struct ieee80211_iface_combination *c;
1149                 struct nlattr *nl_combi, *nl_limits;
1150
1151                 c = &wiphy->iface_combinations[i];
1152
1153                 nl_combi = nla_nest_start(msg, i + 1);
1154                 if (!nl_combi)
1155                         goto nla_put_failure;
1156
1157                 nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
1158                 if (!nl_limits)
1159                         goto nla_put_failure;
1160
1161                 for (j = 0; j < c->n_limits; j++) {
1162                         struct nlattr *nl_limit;
1163
1164                         nl_limit = nla_nest_start(msg, j + 1);
1165                         if (!nl_limit)
1166                                 goto nla_put_failure;
1167                         if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
1168                                         c->limits[j].max))
1169                                 goto nla_put_failure;
1170                         if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
1171                                                 c->limits[j].types))
1172                                 goto nla_put_failure;
1173                         nla_nest_end(msg, nl_limit);
1174                 }
1175
1176                 nla_nest_end(msg, nl_limits);
1177
1178                 if (c->beacon_int_infra_match &&
1179                     nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
1180                         goto nla_put_failure;
1181                 if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
1182                                 c->num_different_channels) ||
1183                     nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
1184                                 c->max_interfaces))
1185                         goto nla_put_failure;
1186                 if (large &&
1187                     (nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_WIDTHS,
1188                                 c->radar_detect_widths) ||
1189                      nla_put_u32(msg, NL80211_IFACE_COMB_RADAR_DETECT_REGIONS,
1190                                 c->radar_detect_regions)))
1191                         goto nla_put_failure;
1192                 if (c->beacon_int_min_gcd &&
1193                     nla_put_u32(msg, NL80211_IFACE_COMB_BI_MIN_GCD,
1194                                 c->beacon_int_min_gcd))
1195                         goto nla_put_failure;
1196
1197                 nla_nest_end(msg, nl_combi);
1198         }
1199
1200         nla_nest_end(msg, nl_combis);
1201
1202         return 0;
1203 nla_put_failure:
1204         return -ENOBUFS;
1205 }
1206
1207 #ifdef CONFIG_PM
1208 static int nl80211_send_wowlan_tcp_caps(struct cfg80211_registered_device *rdev,
1209                                         struct sk_buff *msg)
1210 {
1211         const struct wiphy_wowlan_tcp_support *tcp = rdev->wiphy.wowlan->tcp;
1212         struct nlattr *nl_tcp;
1213
1214         if (!tcp)
1215                 return 0;
1216
1217         nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1218         if (!nl_tcp)
1219                 return -ENOBUFS;
1220
1221         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1222                         tcp->data_payload_max))
1223                 return -ENOBUFS;
1224
1225         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD,
1226                         tcp->data_payload_max))
1227                 return -ENOBUFS;
1228
1229         if (tcp->seq && nla_put_flag(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ))
1230                 return -ENOBUFS;
1231
1232         if (tcp->tok && nla_put(msg, NL80211_WOWLAN_TCP_DATA_PAYLOAD_TOKEN,
1233                                 sizeof(*tcp->tok), tcp->tok))
1234                 return -ENOBUFS;
1235
1236         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_DATA_INTERVAL,
1237                         tcp->data_interval_max))
1238                 return -ENOBUFS;
1239
1240         if (nla_put_u32(msg, NL80211_WOWLAN_TCP_WAKE_PAYLOAD,
1241                         tcp->wake_payload_max))
1242                 return -ENOBUFS;
1243
1244         nla_nest_end(msg, nl_tcp);
1245         return 0;
1246 }
1247
1248 static int nl80211_send_wowlan(struct sk_buff *msg,
1249                                struct cfg80211_registered_device *rdev,
1250                                bool large)
1251 {
1252         struct nlattr *nl_wowlan;
1253
1254         if (!rdev->wiphy.wowlan)
1255                 return 0;
1256
1257         nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1258         if (!nl_wowlan)
1259                 return -ENOBUFS;
1260
1261         if (((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_ANY) &&
1262              nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
1263             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_DISCONNECT) &&
1264              nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
1265             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_MAGIC_PKT) &&
1266              nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
1267             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
1268              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
1269             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
1270              nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
1271             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
1272              nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
1273             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
1274              nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
1275             ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
1276              nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
1277                 return -ENOBUFS;
1278
1279         if (rdev->wiphy.wowlan->n_patterns) {
1280                 struct nl80211_pattern_support pat = {
1281                         .max_patterns = rdev->wiphy.wowlan->n_patterns,
1282                         .min_pattern_len = rdev->wiphy.wowlan->pattern_min_len,
1283                         .max_pattern_len = rdev->wiphy.wowlan->pattern_max_len,
1284                         .max_pkt_offset = rdev->wiphy.wowlan->max_pkt_offset,
1285                 };
1286
1287                 if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
1288                             sizeof(pat), &pat))
1289                         return -ENOBUFS;
1290         }
1291
1292         if ((rdev->wiphy.wowlan->flags & WIPHY_WOWLAN_NET_DETECT) &&
1293             nla_put_u32(msg, NL80211_WOWLAN_TRIG_NET_DETECT,
1294                         rdev->wiphy.wowlan->max_nd_match_sets))
1295                 return -ENOBUFS;
1296
1297         if (large && nl80211_send_wowlan_tcp_caps(rdev, msg))
1298                 return -ENOBUFS;
1299
1300         nla_nest_end(msg, nl_wowlan);
1301
1302         return 0;
1303 }
1304 #endif
1305
1306 static int nl80211_send_coalesce(struct sk_buff *msg,
1307                                  struct cfg80211_registered_device *rdev)
1308 {
1309         struct nl80211_coalesce_rule_support rule;
1310
1311         if (!rdev->wiphy.coalesce)
1312                 return 0;
1313
1314         rule.max_rules = rdev->wiphy.coalesce->n_rules;
1315         rule.max_delay = rdev->wiphy.coalesce->max_delay;
1316         rule.pat.max_patterns = rdev->wiphy.coalesce->n_patterns;
1317         rule.pat.min_pattern_len = rdev->wiphy.coalesce->pattern_min_len;
1318         rule.pat.max_pattern_len = rdev->wiphy.coalesce->pattern_max_len;
1319         rule.pat.max_pkt_offset = rdev->wiphy.coalesce->max_pkt_offset;
1320
1321         if (nla_put(msg, NL80211_ATTR_COALESCE_RULE, sizeof(rule), &rule))
1322                 return -ENOBUFS;
1323
1324         return 0;
1325 }
1326
1327 static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1328                                       struct ieee80211_supported_band *sband)
1329 {
1330         struct nlattr *nl_rates, *nl_rate;
1331         struct ieee80211_rate *rate;
1332         int i;
1333
1334         /* add HT info */
1335         if (sband->ht_cap.ht_supported &&
1336             (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
1337                      sizeof(sband->ht_cap.mcs),
1338                      &sband->ht_cap.mcs) ||
1339              nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
1340                          sband->ht_cap.cap) ||
1341              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
1342                         sband->ht_cap.ampdu_factor) ||
1343              nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
1344                         sband->ht_cap.ampdu_density)))
1345                 return -ENOBUFS;
1346
1347         /* add VHT info */
1348         if (sband->vht_cap.vht_supported &&
1349             (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
1350                      sizeof(sband->vht_cap.vht_mcs),
1351                      &sband->vht_cap.vht_mcs) ||
1352              nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
1353                          sband->vht_cap.cap)))
1354                 return -ENOBUFS;
1355
1356         /* add bitrates */
1357         nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
1358         if (!nl_rates)
1359                 return -ENOBUFS;
1360
1361         for (i = 0; i < sband->n_bitrates; i++) {
1362                 nl_rate = nla_nest_start(msg, i);
1363                 if (!nl_rate)
1364                         return -ENOBUFS;
1365
1366                 rate = &sband->bitrates[i];
1367                 if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
1368                                 rate->bitrate))
1369                         return -ENOBUFS;
1370                 if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
1371                     nla_put_flag(msg,
1372                                  NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
1373                         return -ENOBUFS;
1374
1375                 nla_nest_end(msg, nl_rate);
1376         }
1377
1378         nla_nest_end(msg, nl_rates);
1379
1380         return 0;
1381 }
1382
1383 static int
1384 nl80211_send_mgmt_stypes(struct sk_buff *msg,
1385                          const struct ieee80211_txrx_stypes *mgmt_stypes)
1386 {
1387         u16 stypes;
1388         struct nlattr *nl_ftypes, *nl_ifs;
1389         enum nl80211_iftype ift;
1390         int i;
1391
1392         if (!mgmt_stypes)
1393                 return 0;
1394
1395         nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
1396         if (!nl_ifs)
1397                 return -ENOBUFS;
1398
1399         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1400                 nl_ftypes = nla_nest_start(msg, ift);
1401                 if (!nl_ftypes)
1402                         return -ENOBUFS;
1403                 i = 0;
1404                 stypes = mgmt_stypes[ift].tx;
1405                 while (stypes) {
1406                         if ((stypes & 1) &&
1407                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1408                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1409                                 return -ENOBUFS;
1410                         stypes >>= 1;
1411                         i++;
1412                 }
1413                 nla_nest_end(msg, nl_ftypes);
1414         }
1415
1416         nla_nest_end(msg, nl_ifs);
1417
1418         nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
1419         if (!nl_ifs)
1420                 return -ENOBUFS;
1421
1422         for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1423                 nl_ftypes = nla_nest_start(msg, ift);
1424                 if (!nl_ftypes)
1425                         return -ENOBUFS;
1426                 i = 0;
1427                 stypes = mgmt_stypes[ift].rx;
1428                 while (stypes) {
1429                         if ((stypes & 1) &&
1430                             nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
1431                                         (i << 4) | IEEE80211_FTYPE_MGMT))
1432                                 return -ENOBUFS;
1433                         stypes >>= 1;
1434                         i++;
1435                 }
1436                 nla_nest_end(msg, nl_ftypes);
1437         }
1438         nla_nest_end(msg, nl_ifs);
1439
1440         return 0;
1441 }
1442
1443 #define CMD(op, n)                                                      \
1444          do {                                                           \
1445                 if (rdev->ops->op) {                                    \
1446                         i++;                                            \
1447                         if (nla_put_u32(msg, i, NL80211_CMD_ ## n))     \
1448                                 goto nla_put_failure;                   \
1449                 }                                                       \
1450         } while (0)
1451
1452 static int nl80211_add_commands_unsplit(struct cfg80211_registered_device *rdev,
1453                                         struct sk_buff *msg)
1454 {
1455         int i = 0;
1456
1457         /*
1458          * do *NOT* add anything into this function, new things need to be
1459          * advertised only to new versions of userspace that can deal with
1460          * the split (and they can't possibly care about new features...
1461          */
1462         CMD(add_virtual_intf, NEW_INTERFACE);
1463         CMD(change_virtual_intf, SET_INTERFACE);
1464         CMD(add_key, NEW_KEY);
1465         CMD(start_ap, START_AP);
1466         CMD(add_station, NEW_STATION);
1467         CMD(add_mpath, NEW_MPATH);
1468         CMD(update_mesh_config, SET_MESH_CONFIG);
1469         CMD(change_bss, SET_BSS);
1470         CMD(auth, AUTHENTICATE);
1471         CMD(assoc, ASSOCIATE);
1472         CMD(deauth, DEAUTHENTICATE);
1473         CMD(disassoc, DISASSOCIATE);
1474         CMD(join_ibss, JOIN_IBSS);
1475         CMD(join_mesh, JOIN_MESH);
1476         CMD(set_pmksa, SET_PMKSA);
1477         CMD(del_pmksa, DEL_PMKSA);
1478         CMD(flush_pmksa, FLUSH_PMKSA);
1479         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
1480                 CMD(remain_on_channel, REMAIN_ON_CHANNEL);
1481         CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
1482         CMD(mgmt_tx, FRAME);
1483         CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
1484         if (rdev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
1485                 i++;
1486                 if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
1487                         goto nla_put_failure;
1488         }
1489         if (rdev->ops->set_monitor_channel || rdev->ops->start_ap ||
1490             rdev->ops->join_mesh) {
1491                 i++;
1492                 if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
1493                         goto nla_put_failure;
1494         }
1495         CMD(set_wds_peer, SET_WDS_PEER);
1496         if (rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1497                 CMD(tdls_mgmt, TDLS_MGMT);
1498                 CMD(tdls_oper, TDLS_OPER);
1499         }
1500         if (rdev->wiphy.max_sched_scan_reqs)
1501                 CMD(sched_scan_start, START_SCHED_SCAN);
1502         CMD(probe_client, PROBE_CLIENT);
1503         CMD(set_noack_map, SET_NOACK_MAP);
1504         if (rdev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
1505                 i++;
1506                 if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
1507                         goto nla_put_failure;
1508         }
1509         CMD(start_p2p_device, START_P2P_DEVICE);
1510         CMD(set_mcast_rate, SET_MCAST_RATE);
1511 #ifdef CONFIG_NL80211_TESTMODE
1512         CMD(testmode_cmd, TESTMODE);
1513 #endif
1514
1515         if (rdev->ops->connect || rdev->ops->auth) {
1516                 i++;
1517                 if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
1518                         goto nla_put_failure;
1519         }
1520
1521         if (rdev->ops->disconnect || rdev->ops->deauth) {
1522                 i++;
1523                 if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
1524                         goto nla_put_failure;
1525         }
1526
1527         return i;
1528  nla_put_failure:
1529         return -ENOBUFS;
1530 }
1531
1532 struct nl80211_dump_wiphy_state {
1533         s64 filter_wiphy;
1534         long start;
1535         long split_start, band_start, chan_start, capa_start;
1536         bool split;
1537 };
1538
1539 static int nl80211_send_wiphy(struct cfg80211_registered_device *rdev,
1540                               enum nl80211_commands cmd,
1541                               struct sk_buff *msg, u32 portid, u32 seq,
1542                               int flags, struct nl80211_dump_wiphy_state *state)
1543 {
1544         void *hdr;
1545         struct nlattr *nl_bands, *nl_band;
1546         struct nlattr *nl_freqs, *nl_freq;
1547         struct nlattr *nl_cmds;
1548         enum nl80211_band band;
1549         struct ieee80211_channel *chan;
1550         int i;
1551         const struct ieee80211_txrx_stypes *mgmt_stypes =
1552                                 rdev->wiphy.mgmt_stypes;
1553         u32 features;
1554
1555         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
1556         if (!hdr)
1557                 return -ENOBUFS;
1558
1559         if (WARN_ON(!state))
1560                 return -EINVAL;
1561
1562         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
1563             nla_put_string(msg, NL80211_ATTR_WIPHY_NAME,
1564                            wiphy_name(&rdev->wiphy)) ||
1565             nla_put_u32(msg, NL80211_ATTR_GENERATION,
1566                         cfg80211_rdev_list_generation))
1567                 goto nla_put_failure;
1568
1569         if (cmd != NL80211_CMD_NEW_WIPHY)
1570                 goto finish;
1571
1572         switch (state->split_start) {
1573         case 0:
1574                 if (nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
1575                                rdev->wiphy.retry_short) ||
1576                     nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
1577                                rdev->wiphy.retry_long) ||
1578                     nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
1579                                 rdev->wiphy.frag_threshold) ||
1580                     nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
1581                                 rdev->wiphy.rts_threshold) ||
1582                     nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
1583                                rdev->wiphy.coverage_class) ||
1584                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
1585                                rdev->wiphy.max_scan_ssids) ||
1586                     nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
1587                                rdev->wiphy.max_sched_scan_ssids) ||
1588                     nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
1589                                 rdev->wiphy.max_scan_ie_len) ||
1590                     nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1591                                 rdev->wiphy.max_sched_scan_ie_len) ||
1592                     nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1593                                rdev->wiphy.max_match_sets) ||
1594                     nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1595                                 rdev->wiphy.max_sched_scan_plans) ||
1596                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1597                                 rdev->wiphy.max_sched_scan_plan_interval) ||
1598                     nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1599                                 rdev->wiphy.max_sched_scan_plan_iterations))
1600                         goto nla_put_failure;
1601
1602                 if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
1603                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
1604                         goto nla_put_failure;
1605                 if ((rdev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
1606                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
1607                         goto nla_put_failure;
1608                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
1609                     nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
1610                         goto nla_put_failure;
1611                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
1612                     nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
1613                         goto nla_put_failure;
1614                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
1615                     nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
1616                         goto nla_put_failure;
1617                 if ((rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
1618                     nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
1619                         goto nla_put_failure;
1620                 state->split_start++;
1621                 if (state->split)
1622                         break;
1623         case 1:
1624                 if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1625                             sizeof(u32) * rdev->wiphy.n_cipher_suites,
1626                             rdev->wiphy.cipher_suites))
1627                         goto nla_put_failure;
1628
1629                 if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
1630                                rdev->wiphy.max_num_pmkids))
1631                         goto nla_put_failure;
1632
1633                 if ((rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
1634                     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
1635                         goto nla_put_failure;
1636
1637                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
1638                                 rdev->wiphy.available_antennas_tx) ||
1639                     nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
1640                                 rdev->wiphy.available_antennas_rx))
1641                         goto nla_put_failure;
1642
1643                 if ((rdev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
1644                     nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
1645                                 rdev->wiphy.probe_resp_offload))
1646                         goto nla_put_failure;
1647
1648                 if ((rdev->wiphy.available_antennas_tx ||
1649                      rdev->wiphy.available_antennas_rx) &&
1650                     rdev->ops->get_antenna) {
1651                         u32 tx_ant = 0, rx_ant = 0;
1652                         int res;
1653
1654                         res = rdev_get_antenna(rdev, &tx_ant, &rx_ant);
1655                         if (!res) {
1656                                 if (nla_put_u32(msg,
1657                                                 NL80211_ATTR_WIPHY_ANTENNA_TX,
1658                                                 tx_ant) ||
1659                                     nla_put_u32(msg,
1660                                                 NL80211_ATTR_WIPHY_ANTENNA_RX,
1661                                                 rx_ant))
1662                                         goto nla_put_failure;
1663                         }
1664                 }
1665
1666                 state->split_start++;
1667                 if (state->split)
1668                         break;
1669         case 2:
1670                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1671                                         rdev->wiphy.interface_modes))
1672                                 goto nla_put_failure;
1673                 state->split_start++;
1674                 if (state->split)
1675                         break;
1676         case 3:
1677                 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
1678                 if (!nl_bands)
1679                         goto nla_put_failure;
1680
1681                 for (band = state->band_start;
1682                      band < NUM_NL80211_BANDS; band++) {
1683                         struct ieee80211_supported_band *sband;
1684
1685                         sband = rdev->wiphy.bands[band];
1686
1687                         if (!sband)
1688                                 continue;
1689
1690                         nl_band = nla_nest_start(msg, band);
1691                         if (!nl_band)
1692                                 goto nla_put_failure;
1693
1694                         switch (state->chan_start) {
1695                         case 0:
1696                                 if (nl80211_send_band_rateinfo(msg, sband))
1697                                         goto nla_put_failure;
1698                                 state->chan_start++;
1699                                 if (state->split)
1700                                         break;
1701                         default:
1702                                 /* add frequencies */
1703                                 nl_freqs = nla_nest_start(
1704                                         msg, NL80211_BAND_ATTR_FREQS);
1705                                 if (!nl_freqs)
1706                                         goto nla_put_failure;
1707
1708                                 for (i = state->chan_start - 1;
1709                                      i < sband->n_channels;
1710                                      i++) {
1711                                         nl_freq = nla_nest_start(msg, i);
1712                                         if (!nl_freq)
1713                                                 goto nla_put_failure;
1714
1715                                         chan = &sband->channels[i];
1716
1717                                         if (nl80211_msg_put_channel(
1718                                                         msg, &rdev->wiphy, chan,
1719                                                         state->split))
1720                                                 goto nla_put_failure;
1721
1722                                         nla_nest_end(msg, nl_freq);
1723                                         if (state->split)
1724                                                 break;
1725                                 }
1726                                 if (i < sband->n_channels)
1727                                         state->chan_start = i + 2;
1728                                 else
1729                                         state->chan_start = 0;
1730                                 nla_nest_end(msg, nl_freqs);
1731                         }
1732
1733                         nla_nest_end(msg, nl_band);
1734
1735                         if (state->split) {
1736                                 /* start again here */
1737                                 if (state->chan_start)
1738                                         band--;
1739                                 break;
1740                         }
1741                 }
1742                 nla_nest_end(msg, nl_bands);
1743
1744                 if (band < NUM_NL80211_BANDS)
1745                         state->band_start = band + 1;
1746                 else
1747                         state->band_start = 0;
1748
1749                 /* if bands & channels are done, continue outside */
1750                 if (state->band_start == 0 && state->chan_start == 0)
1751                         state->split_start++;
1752                 if (state->split)
1753                         break;
1754         case 4:
1755                 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
1756                 if (!nl_cmds)
1757                         goto nla_put_failure;
1758
1759                 i = nl80211_add_commands_unsplit(rdev, msg);
1760                 if (i < 0)
1761                         goto nla_put_failure;
1762                 if (state->split) {
1763                         CMD(crit_proto_start, CRIT_PROTOCOL_START);
1764                         CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1765                         if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH)
1766                                 CMD(channel_switch, CHANNEL_SWITCH);
1767                         CMD(set_qos_map, SET_QOS_MAP);
1768                         if (rdev->wiphy.features &
1769                                         NL80211_FEATURE_SUPPORTS_WMM_ADMISSION)
1770                                 CMD(add_tx_ts, ADD_TX_TS);
1771                         CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1772                         CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
1773                 }
1774 #undef CMD
1775
1776                 nla_nest_end(msg, nl_cmds);
1777                 state->split_start++;
1778                 if (state->split)
1779                         break;
1780         case 5:
1781                 if (rdev->ops->remain_on_channel &&
1782                     (rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
1783                     nla_put_u32(msg,
1784                                 NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
1785                                 rdev->wiphy.max_remain_on_channel_duration))
1786                         goto nla_put_failure;
1787
1788                 if ((rdev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
1789                     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1790                         goto nla_put_failure;
1791
1792                 if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1793                         goto nla_put_failure;
1794                 state->split_start++;
1795                 if (state->split)
1796                         break;
1797         case 6:
1798 #ifdef CONFIG_PM
1799                 if (nl80211_send_wowlan(msg, rdev, state->split))
1800                         goto nla_put_failure;
1801                 state->split_start++;
1802                 if (state->split)
1803                         break;
1804 #else
1805                 state->split_start++;
1806 #endif
1807         case 7:
1808                 if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1809                                         rdev->wiphy.software_iftypes))
1810                         goto nla_put_failure;
1811
1812                 if (nl80211_put_iface_combinations(&rdev->wiphy, msg,
1813                                                    state->split))
1814                         goto nla_put_failure;
1815
1816                 state->split_start++;
1817                 if (state->split)
1818                         break;
1819         case 8:
1820                 if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1821                     nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
1822                                 rdev->wiphy.ap_sme_capa))
1823                         goto nla_put_failure;
1824
1825                 features = rdev->wiphy.features;
1826                 /*
1827                  * We can only add the per-channel limit information if the
1828                  * dump is split, otherwise it makes it too big. Therefore
1829                  * only advertise it in that case.
1830                  */
1831                 if (state->split)
1832                         features |= NL80211_FEATURE_ADVERTISE_CHAN_LIMITS;
1833                 if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS, features))
1834                         goto nla_put_failure;
1835
1836                 if (rdev->wiphy.ht_capa_mod_mask &&
1837                     nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
1838                             sizeof(*rdev->wiphy.ht_capa_mod_mask),
1839                             rdev->wiphy.ht_capa_mod_mask))
1840                         goto nla_put_failure;
1841
1842                 if (rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&
1843                     rdev->wiphy.max_acl_mac_addrs &&
1844                     nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,
1845                                 rdev->wiphy.max_acl_mac_addrs))
1846                         goto nla_put_failure;
1847
1848                 /*
1849                  * Any information below this point is only available to
1850                  * applications that can deal with it being split. This
1851                  * helps ensure that newly added capabilities don't break
1852                  * older tools by overrunning their buffers.
1853                  *
1854                  * We still increment split_start so that in the split
1855                  * case we'll continue with more data in the next round,
1856                  * but break unconditionally so unsplit data stops here.
1857                  */
1858                 state->split_start++;
1859                 break;
1860         case 9:
1861                 if (rdev->wiphy.extended_capabilities &&
1862                     (nla_put(msg, NL80211_ATTR_EXT_CAPA,
1863                              rdev->wiphy.extended_capabilities_len,
1864                              rdev->wiphy.extended_capabilities) ||
1865                      nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1866                              rdev->wiphy.extended_capabilities_len,
1867                              rdev->wiphy.extended_capabilities_mask)))
1868                         goto nla_put_failure;
1869
1870                 if (rdev->wiphy.vht_capa_mod_mask &&
1871                     nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK,
1872                             sizeof(*rdev->wiphy.vht_capa_mod_mask),
1873                             rdev->wiphy.vht_capa_mod_mask))
1874                         goto nla_put_failure;
1875
1876                 state->split_start++;
1877                 break;
1878         case 10:
1879                 if (nl80211_send_coalesce(msg, rdev))
1880                         goto nla_put_failure;
1881
1882                 if ((rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ) &&
1883                     (nla_put_flag(msg, NL80211_ATTR_SUPPORT_5_MHZ) ||
1884                      nla_put_flag(msg, NL80211_ATTR_SUPPORT_10_MHZ)))
1885                         goto nla_put_failure;
1886
1887                 if (rdev->wiphy.max_ap_assoc_sta &&
1888                     nla_put_u32(msg, NL80211_ATTR_MAX_AP_ASSOC_STA,
1889                                 rdev->wiphy.max_ap_assoc_sta))
1890                         goto nla_put_failure;
1891
1892                 state->split_start++;
1893                 break;
1894         case 11:
1895                 if (rdev->wiphy.n_vendor_commands) {
1896                         const struct nl80211_vendor_cmd_info *info;
1897                         struct nlattr *nested;
1898
1899                         nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1900                         if (!nested)
1901                                 goto nla_put_failure;
1902
1903                         for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {
1904                                 info = &rdev->wiphy.vendor_commands[i].info;
1905                                 if (nla_put(msg, i + 1, sizeof(*info), info))
1906                                         goto nla_put_failure;
1907                         }
1908                         nla_nest_end(msg, nested);
1909                 }
1910
1911                 if (rdev->wiphy.n_vendor_events) {
1912                         const struct nl80211_vendor_cmd_info *info;
1913                         struct nlattr *nested;
1914
1915                         nested = nla_nest_start(msg,
1916                                                 NL80211_ATTR_VENDOR_EVENTS);
1917                         if (!nested)
1918                                 goto nla_put_failure;
1919
1920                         for (i = 0; i < rdev->wiphy.n_vendor_events; i++) {
1921                                 info = &rdev->wiphy.vendor_events[i];
1922                                 if (nla_put(msg, i + 1, sizeof(*info), info))
1923                                         goto nla_put_failure;
1924                         }
1925                         nla_nest_end(msg, nested);
1926                 }
1927                 state->split_start++;
1928                 break;
1929         case 12:
1930                 if (rdev->wiphy.flags & WIPHY_FLAG_HAS_CHANNEL_SWITCH &&
1931                     nla_put_u8(msg, NL80211_ATTR_MAX_CSA_COUNTERS,
1932                                rdev->wiphy.max_num_csa_counters))
1933                         goto nla_put_failure;
1934
1935                 if (rdev->wiphy.regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED &&
1936                     nla_put_flag(msg, NL80211_ATTR_WIPHY_SELF_MANAGED_REG))
1937                         goto nla_put_failure;
1938
1939                 if (rdev->wiphy.max_sched_scan_reqs &&
1940                     nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_MAX_REQS,
1941                                 rdev->wiphy.max_sched_scan_reqs))
1942                         goto nla_put_failure;
1943
1944                 if (nla_put(msg, NL80211_ATTR_EXT_FEATURES,
1945                             sizeof(rdev->wiphy.ext_features),
1946                             rdev->wiphy.ext_features))
1947                         goto nla_put_failure;
1948
1949                 if (rdev->wiphy.bss_select_support) {
1950                         struct nlattr *nested;
1951                         u32 bss_select_support = rdev->wiphy.bss_select_support;
1952
1953                         nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
1954                         if (!nested)
1955                                 goto nla_put_failure;
1956
1957                         i = 0;
1958                         while (bss_select_support) {
1959                                 if ((bss_select_support & 1) &&
1960                                     nla_put_flag(msg, i))
1961                                         goto nla_put_failure;
1962                                 i++;
1963                                 bss_select_support >>= 1;
1964                         }
1965                         nla_nest_end(msg, nested);
1966                 }
1967
1968                 state->split_start++;
1969                 break;
1970         case 13:
1971                 if (rdev->wiphy.num_iftype_ext_capab &&
1972                     rdev->wiphy.iftype_ext_capab) {
1973                         struct nlattr *nested_ext_capab, *nested;
1974
1975                         nested = nla_nest_start(msg,
1976                                                 NL80211_ATTR_IFTYPE_EXT_CAPA);
1977                         if (!nested)
1978                                 goto nla_put_failure;
1979
1980                         for (i = state->capa_start;
1981                              i < rdev->wiphy.num_iftype_ext_capab; i++) {
1982                                 const struct wiphy_iftype_ext_capab *capab;
1983
1984                                 capab = &rdev->wiphy.iftype_ext_capab[i];
1985
1986                                 nested_ext_capab = nla_nest_start(msg, i);
1987                                 if (!nested_ext_capab ||
1988                                     nla_put_u32(msg, NL80211_ATTR_IFTYPE,
1989                                                 capab->iftype) ||
1990                                     nla_put(msg, NL80211_ATTR_EXT_CAPA,
1991                                             capab->extended_capabilities_len,
1992                                             capab->extended_capabilities) ||
1993                                     nla_put(msg, NL80211_ATTR_EXT_CAPA_MASK,
1994                                             capab->extended_capabilities_len,
1995                                             capab->extended_capabilities_mask))
1996                                         goto nla_put_failure;
1997
1998                                 nla_nest_end(msg, nested_ext_capab);
1999                                 if (state->split)
2000                                         break;
2001                         }
2002                         nla_nest_end(msg, nested);
2003                         if (i < rdev->wiphy.num_iftype_ext_capab) {
2004                                 state->capa_start = i + 1;
2005                                 break;
2006                         }
2007                 }
2008
2009                 if (nla_put_u32(msg, NL80211_ATTR_BANDS,
2010                                 rdev->wiphy.nan_supported_bands))
2011                         goto nla_put_failure;
2012
2013                 if (wiphy_ext_feature_isset(&rdev->wiphy,
2014                                             NL80211_EXT_FEATURE_TXQS)) {
2015                         struct cfg80211_txq_stats txqstats = {};
2016                         int res;
2017
2018                         res = rdev_get_txq_stats(rdev, NULL, &txqstats);
2019                         if (!res &&
2020                             !nl80211_put_txq_stats(msg, &txqstats,
2021                                                    NL80211_ATTR_TXQ_STATS))
2022                                 goto nla_put_failure;
2023
2024                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_LIMIT,
2025                                         rdev->wiphy.txq_limit))
2026                                 goto nla_put_failure;
2027                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_MEMORY_LIMIT,
2028                                         rdev->wiphy.txq_memory_limit))
2029                                 goto nla_put_failure;
2030                         if (nla_put_u32(msg, NL80211_ATTR_TXQ_QUANTUM,
2031                                         rdev->wiphy.txq_quantum))
2032                                 goto nla_put_failure;
2033                 }
2034
2035                 /* done */
2036                 state->split_start = 0;
2037                 break;
2038         }
2039  finish:
2040         genlmsg_end(msg, hdr);
2041         return 0;
2042
2043  nla_put_failure:
2044         genlmsg_cancel(msg, hdr);
2045         return -EMSGSIZE;
2046 }
2047
2048 static int nl80211_dump_wiphy_parse(struct sk_buff *skb,
2049                                     struct netlink_callback *cb,
2050                                     struct nl80211_dump_wiphy_state *state)
2051 {
2052         struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2053         int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
2054                               nl80211_fam.maxattr, nl80211_policy, NULL);
2055         /* ignore parse errors for backward compatibility */
2056         if (ret)
2057                 return 0;
2058
2059         state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2060         if (tb[NL80211_ATTR_WIPHY])
2061                 state->filter_wiphy = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
2062         if (tb[NL80211_ATTR_WDEV])
2063                 state->filter_wiphy = nla_get_u64(tb[NL80211_ATTR_WDEV]) >> 32;
2064         if (tb[NL80211_ATTR_IFINDEX]) {
2065                 struct net_device *netdev;
2066                 struct cfg80211_registered_device *rdev;
2067                 int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2068
2069                 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2070                 if (!netdev)
2071                         return -ENODEV;
2072                 if (netdev->ieee80211_ptr) {
2073                         rdev = wiphy_to_rdev(
2074                                 netdev->ieee80211_ptr->wiphy);
2075                         state->filter_wiphy = rdev->wiphy_idx;
2076                 }
2077         }
2078
2079         return 0;
2080 }
2081
2082 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
2083 {
2084         int idx = 0, ret;
2085         struct nl80211_dump_wiphy_state *state = (void *)cb->args[0];
2086         struct cfg80211_registered_device *rdev;
2087
2088         rtnl_lock();
2089         if (!state) {
2090                 state = kzalloc(sizeof(*state), GFP_KERNEL);
2091                 if (!state) {
2092                         rtnl_unlock();
2093                         return -ENOMEM;
2094                 }
2095                 state->filter_wiphy = -1;
2096                 ret = nl80211_dump_wiphy_parse(skb, cb, state);
2097                 if (ret) {
2098                         kfree(state);
2099                         rtnl_unlock();
2100                         return ret;
2101                 }
2102                 cb->args[0] = (long)state;
2103         }
2104
2105         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2106                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2107                         continue;
2108                 if (++idx <= state->start)
2109                         continue;
2110                 if (state->filter_wiphy != -1 &&
2111                     state->filter_wiphy != rdev->wiphy_idx)
2112                         continue;
2113                 /* attempt to fit multiple wiphy data chunks into the skb */
2114                 do {
2115                         ret = nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY,
2116                                                  skb,
2117                                                  NETLINK_CB(cb->skb).portid,
2118                                                  cb->nlh->nlmsg_seq,
2119                                                  NLM_F_MULTI, state);
2120                         if (ret < 0) {
2121                                 /*
2122                                  * If sending the wiphy data didn't fit (ENOBUFS
2123                                  * or EMSGSIZE returned), this SKB is still
2124                                  * empty (so it's not too big because another
2125                                  * wiphy dataset is already in the skb) and
2126                                  * we've not tried to adjust the dump allocation
2127                                  * yet ... then adjust the alloc size to be
2128                                  * bigger, and return 1 but with the empty skb.
2129                                  * This results in an empty message being RX'ed
2130                                  * in userspace, but that is ignored.
2131                                  *
2132                                  * We can then retry with the larger buffer.
2133                                  */
2134                                 if ((ret == -ENOBUFS || ret == -EMSGSIZE) &&
2135                                     !skb->len && !state->split &&
2136                                     cb->min_dump_alloc < 4096) {
2137                                         cb->min_dump_alloc = 4096;
2138                                         state->split_start = 0;
2139                                         rtnl_unlock();
2140                                         return 1;
2141                                 }
2142                                 idx--;
2143                                 break;
2144                         }
2145                 } while (state->split_start > 0);
2146                 break;
2147         }
2148         rtnl_unlock();
2149
2150         state->start = idx;
2151
2152         return skb->len;
2153 }
2154
2155 static int nl80211_dump_wiphy_done(struct netlink_callback *cb)
2156 {
2157         kfree((void *)cb->args[0]);
2158         return 0;
2159 }
2160
2161 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
2162 {
2163         struct sk_buff *msg;
2164         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2165         struct nl80211_dump_wiphy_state state = {};
2166
2167         msg = nlmsg_new(4096, GFP_KERNEL);
2168         if (!msg)
2169                 return -ENOMEM;
2170
2171         if (nl80211_send_wiphy(rdev, NL80211_CMD_NEW_WIPHY, msg,
2172                                info->snd_portid, info->snd_seq, 0,
2173                                &state) < 0) {
2174                 nlmsg_free(msg);
2175                 return -ENOBUFS;
2176         }
2177
2178         return genlmsg_reply(msg, info);
2179 }
2180
2181 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
2182         [NL80211_TXQ_ATTR_QUEUE]                = { .type = NLA_U8 },
2183         [NL80211_TXQ_ATTR_TXOP]                 = { .type = NLA_U16 },
2184         [NL80211_TXQ_ATTR_CWMIN]                = { .type = NLA_U16 },
2185         [NL80211_TXQ_ATTR_CWMAX]                = { .type = NLA_U16 },
2186         [NL80211_TXQ_ATTR_AIFS]                 = { .type = NLA_U8 },
2187 };
2188
2189 static int parse_txq_params(struct nlattr *tb[],
2190                             struct ieee80211_txq_params *txq_params)
2191 {
2192         u8 ac;
2193
2194         if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
2195             !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
2196             !tb[NL80211_TXQ_ATTR_AIFS])
2197                 return -EINVAL;
2198
2199         ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
2200         txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
2201         txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
2202         txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
2203         txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
2204
2205         if (ac >= NL80211_NUM_ACS)
2206                 return -EINVAL;
2207         txq_params->ac = array_index_nospec(ac, NL80211_NUM_ACS);
2208         return 0;
2209 }
2210
2211 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
2212 {
2213         /*
2214          * You can only set the channel explicitly for WDS interfaces,
2215          * all others have their channel managed via their respective
2216          * "establish a connection" command (connect, join, ...)
2217          *
2218          * For AP/GO and mesh mode, the channel can be set with the
2219          * channel userspace API, but is only stored and passed to the
2220          * low-level driver when the AP starts or the mesh is joined.
2221          * This is for backward compatibility, userspace can also give
2222          * the channel in the start-ap or join-mesh commands instead.
2223          *
2224          * Monitors are special as they are normally slaved to
2225          * whatever else is going on, so they have their own special
2226          * operation to set the monitor channel if possible.
2227          */
2228         return !wdev ||
2229                 wdev->iftype == NL80211_IFTYPE_AP ||
2230                 wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
2231                 wdev->iftype == NL80211_IFTYPE_MONITOR ||
2232                 wdev->iftype == NL80211_IFTYPE_P2P_GO;
2233 }
2234
2235 static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2236                                  struct genl_info *info,
2237                                  struct cfg80211_chan_def *chandef)
2238 {
2239         u32 control_freq;
2240
2241         if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
2242                 return -EINVAL;
2243
2244         control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
2245
2246         chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
2247         chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2248         chandef->center_freq1 = control_freq;
2249         chandef->center_freq2 = 0;
2250
2251         /* Primary channel not allowed */
2252         if (!chandef->chan || chandef->chan->flags & IEEE80211_CHAN_DISABLED)
2253                 return -EINVAL;
2254
2255         if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2256                 enum nl80211_channel_type chantype;
2257
2258                 chantype = nla_get_u32(
2259                                 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2260
2261                 switch (chantype) {
2262                 case NL80211_CHAN_NO_HT:
2263                 case NL80211_CHAN_HT20:
2264                 case NL80211_CHAN_HT40PLUS:
2265                 case NL80211_CHAN_HT40MINUS:
2266                         cfg80211_chandef_create(chandef, chandef->chan,
2267                                                 chantype);
2268                         /* user input for center_freq is incorrect */
2269                         if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2270                             chandef->center_freq1 != nla_get_u32(
2271                                         info->attrs[NL80211_ATTR_CENTER_FREQ1]))
2272                                 return -EINVAL;
2273                         /* center_freq2 must be zero */
2274                         if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2275                             nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
2276                                 return -EINVAL;
2277                         break;
2278                 default:
2279                         return -EINVAL;
2280                 }
2281         } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2282                 chandef->width =
2283                         nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2284                 if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
2285                         chandef->center_freq1 =
2286                                 nla_get_u32(
2287                                         info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2288                 if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
2289                         chandef->center_freq2 =
2290                                 nla_get_u32(
2291                                         info->attrs[NL80211_ATTR_CENTER_FREQ2]);
2292         }
2293
2294         if (!cfg80211_chandef_valid(chandef))
2295                 return -EINVAL;
2296
2297         if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2298                                      IEEE80211_CHAN_DISABLED))
2299                 return -EINVAL;
2300
2301         if ((chandef->width == NL80211_CHAN_WIDTH_5 ||
2302              chandef->width == NL80211_CHAN_WIDTH_10) &&
2303             !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
2304                 return -EINVAL;
2305
2306         return 0;
2307 }
2308
2309 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
2310                                  struct net_device *dev,
2311                                  struct genl_info *info)
2312 {
2313         struct cfg80211_chan_def chandef;
2314         int result;
2315         enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;
2316         struct wireless_dev *wdev = NULL;
2317
2318         if (dev)
2319                 wdev = dev->ieee80211_ptr;
2320         if (!nl80211_can_set_dev_channel(wdev))
2321                 return -EOPNOTSUPP;
2322         if (wdev)
2323                 iftype = wdev->iftype;
2324
2325         result = nl80211_parse_chandef(rdev, info, &chandef);
2326         if (result)
2327                 return result;
2328
2329         switch (iftype) {
2330         case NL80211_IFTYPE_AP:
2331         case NL80211_IFTYPE_P2P_GO:
2332                 if (!cfg80211_reg_can_beacon_relax(&rdev->wiphy, &chandef,
2333                                                    iftype)) {
2334                         result = -EINVAL;
2335                         break;
2336                 }
2337                 if (wdev->beacon_interval) {
2338                         if (!dev || !rdev->ops->set_ap_chanwidth ||
2339                             !(rdev->wiphy.features &
2340                               NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE)) {
2341                                 result = -EBUSY;
2342                                 break;
2343                         }
2344
2345                         /* Only allow dynamic channel width changes */
2346                         if (chandef.chan != wdev->preset_chandef.chan) {
2347                                 result = -EBUSY;
2348                                 break;
2349                         }
2350                         result = rdev_set_ap_chanwidth(rdev, dev, &chandef);
2351                         if (result)
2352                                 break;
2353                 }
2354                 wdev->preset_chandef = chandef;
2355                 result = 0;
2356                 break;
2357         case NL80211_IFTYPE_MESH_POINT:
2358                 result = cfg80211_set_mesh_channel(rdev, wdev, &chandef);
2359                 break;
2360         case NL80211_IFTYPE_MONITOR:
2361                 result = cfg80211_set_monitor_channel(rdev, &chandef);
2362                 break;
2363         default:
2364                 result = -EINVAL;
2365         }
2366
2367         return result;
2368 }
2369
2370 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
2371 {
2372         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2373         struct net_device *netdev = info->user_ptr[1];
2374
2375         return __nl80211_set_channel(rdev, netdev, info);
2376 }
2377
2378 static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
2379 {
2380         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2381         struct net_device *dev = info->user_ptr[1];
2382         struct wireless_dev *wdev = dev->ieee80211_ptr;
2383         const u8 *bssid;
2384
2385         if (!info->attrs[NL80211_ATTR_MAC])
2386                 return -EINVAL;
2387
2388         if (netif_running(dev))
2389                 return -EBUSY;
2390
2391         if (!rdev->ops->set_wds_peer)
2392                 return -EOPNOTSUPP;
2393
2394         if (wdev->iftype != NL80211_IFTYPE_WDS)
2395                 return -EOPNOTSUPP;
2396
2397         bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
2398         return rdev_set_wds_peer(rdev, dev, bssid);
2399 }
2400
2401 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
2402 {
2403         struct cfg80211_registered_device *rdev;
2404         struct net_device *netdev = NULL;
2405         struct wireless_dev *wdev;
2406         int result = 0, rem_txq_params = 0;
2407         struct nlattr *nl_txq_params;
2408         u32 changed;
2409         u8 retry_short = 0, retry_long = 0;
2410         u32 frag_threshold = 0, rts_threshold = 0;
2411         u8 coverage_class = 0;
2412         u32 txq_limit = 0, txq_memory_limit = 0, txq_quantum = 0;
2413
2414         ASSERT_RTNL();
2415
2416         /*
2417          * Try to find the wiphy and netdev. Normally this
2418          * function shouldn't need the netdev, but this is
2419          * done for backward compatibility -- previously
2420          * setting the channel was done per wiphy, but now
2421          * it is per netdev. Previous userland like hostapd
2422          * also passed a netdev to set_wiphy, so that it is
2423          * possible to let that go to the right netdev!
2424          */
2425
2426         if (info->attrs[NL80211_ATTR_IFINDEX]) {
2427                 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);
2428
2429                 netdev = __dev_get_by_index(genl_info_net(info), ifindex);
2430                 if (netdev && netdev->ieee80211_ptr)
2431                         rdev = wiphy_to_rdev(netdev->ieee80211_ptr->wiphy);
2432                 else
2433                         netdev = NULL;
2434         }
2435
2436         if (!netdev) {
2437                 rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
2438                                                   info->attrs);
2439                 if (IS_ERR(rdev))
2440                         return PTR_ERR(rdev);
2441                 wdev = NULL;
2442                 netdev = NULL;
2443                 result = 0;
2444         } else
2445                 wdev = netdev->ieee80211_ptr;
2446
2447         /*
2448          * end workaround code, by now the rdev is available
2449          * and locked, and wdev may or may not be NULL.
2450          */
2451
2452         if (info->attrs[NL80211_ATTR_WIPHY_NAME])
2453                 result = cfg80211_dev_rename(
2454                         rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
2455
2456         if (result)
2457                 return result;
2458
2459         if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
2460                 struct ieee80211_txq_params txq_params;
2461                 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
2462
2463                 if (!rdev->ops->set_txq_params)
2464                         return -EOPNOTSUPP;
2465
2466                 if (!netdev)
2467                         return -EINVAL;
2468
2469                 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2470                     netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
2471                         return -EINVAL;
2472
2473                 if (!netif_running(netdev))
2474                         return -ENETDOWN;
2475
2476                 nla_for_each_nested(nl_txq_params,
2477                                     info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2478                                     rem_txq_params) {
2479                         result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2480                                                   nl_txq_params,
2481                                                   txq_params_policy,
2482                                                   info->extack);
2483                         if (result)
2484                                 return result;
2485                         result = parse_txq_params(tb, &txq_params);
2486                         if (result)
2487                                 return result;
2488
2489                         result = rdev_set_txq_params(rdev, netdev,
2490                                                      &txq_params);
2491                         if (result)
2492                                 return result;
2493                 }
2494         }
2495
2496         if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2497                 result = __nl80211_set_channel(
2498                         rdev,
2499                         nl80211_can_set_dev_channel(wdev) ? netdev : NULL,
2500                         info);
2501                 if (result)
2502                         return result;
2503         }
2504
2505         if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
2506                 struct wireless_dev *txp_wdev = wdev;
2507                 enum nl80211_tx_power_setting type;
2508                 int idx, mbm = 0;
2509
2510                 if (!(rdev->wiphy.features & NL80211_FEATURE_VIF_TXPOWER))
2511                         txp_wdev = NULL;
2512
2513                 if (!rdev->ops->set_tx_power)
2514                         return -EOPNOTSUPP;
2515
2516                 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
2517                 type = nla_get_u32(info->attrs[idx]);
2518
2519                 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
2520                     (type != NL80211_TX_POWER_AUTOMATIC))
2521                         return -EINVAL;
2522
2523                 if (type != NL80211_TX_POWER_AUTOMATIC) {
2524                         idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
2525                         mbm = nla_get_u32(info->attrs[idx]);
2526                 }
2527
2528                 result = rdev_set_tx_power(rdev, txp_wdev, type, mbm);
2529                 if (result)
2530                         return result;
2531         }
2532
2533         if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
2534             info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
2535                 u32 tx_ant, rx_ant;
2536
2537                 if ((!rdev->wiphy.available_antennas_tx &&
2538                      !rdev->wiphy.available_antennas_rx) ||
2539                     !rdev->ops->set_antenna)
2540                         return -EOPNOTSUPP;
2541
2542                 tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
2543                 rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);
2544
2545                 /* reject antenna configurations which don't match the
2546                  * available antenna masks, except for the "all" mask */
2547                 if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
2548                     (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx)))
2549                         return -EINVAL;
2550
2551                 tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
2552                 rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;
2553
2554                 result = rdev_set_antenna(rdev, tx_ant, rx_ant);
2555                 if (result)
2556                         return result;
2557         }
2558
2559         changed = 0;
2560
2561         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2562                 retry_short = nla_get_u8(
2563                         info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2564                 if (retry_short == 0)
2565                         return -EINVAL;
2566
2567                 changed |= WIPHY_PARAM_RETRY_SHORT;
2568         }
2569
2570         if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2571                 retry_long = nla_get_u8(
2572                         info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2573                 if (retry_long == 0)
2574                         return -EINVAL;
2575
2576                 changed |= WIPHY_PARAM_RETRY_LONG;
2577         }
2578
2579         if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
2580                 frag_threshold = nla_get_u32(
2581                         info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
2582                 if (frag_threshold < 256)
2583                         return -EINVAL;
2584
2585                 if (frag_threshold != (u32) -1) {
2586                         /*
2587                          * Fragments (apart from the last one) are required to
2588                          * have even length. Make the fragmentation code
2589                          * simpler by stripping LSB should someone try to use
2590                          * odd threshold value.
2591                          */
2592                         frag_threshold &= ~0x1;
2593                 }
2594                 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
2595         }
2596
2597         if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
2598                 rts_threshold = nla_get_u32(
2599                         info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
2600                 changed |= WIPHY_PARAM_RTS_THRESHOLD;
2601         }
2602
2603         if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
2604                 if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK])
2605                         return -EINVAL;
2606
2607                 coverage_class = nla_get_u8(
2608                         info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
2609                 changed |= WIPHY_PARAM_COVERAGE_CLASS;
2610         }
2611
2612         if (info->attrs[NL80211_ATTR_WIPHY_DYN_ACK]) {
2613                 if (!(rdev->wiphy.features & NL80211_FEATURE_ACKTO_ESTIMATION))
2614                         return -EOPNOTSUPP;
2615
2616                 changed |= WIPHY_PARAM_DYN_ACK;
2617         }
2618
2619         if (info->attrs[NL80211_ATTR_TXQ_LIMIT]) {
2620                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2621                                              NL80211_EXT_FEATURE_TXQS))
2622                         return -EOPNOTSUPP;
2623                 txq_limit = nla_get_u32(
2624                         info->attrs[NL80211_ATTR_TXQ_LIMIT]);
2625                 changed |= WIPHY_PARAM_TXQ_LIMIT;
2626         }
2627
2628         if (info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]) {
2629                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2630                                              NL80211_EXT_FEATURE_TXQS))
2631                         return -EOPNOTSUPP;
2632                 txq_memory_limit = nla_get_u32(
2633                         info->attrs[NL80211_ATTR_TXQ_MEMORY_LIMIT]);
2634                 changed |= WIPHY_PARAM_TXQ_MEMORY_LIMIT;
2635         }
2636
2637         if (info->attrs[NL80211_ATTR_TXQ_QUANTUM]) {
2638                 if (!wiphy_ext_feature_isset(&rdev->wiphy,
2639                                              NL80211_EXT_FEATURE_TXQS))
2640                         return -EOPNOTSUPP;
2641                 txq_quantum = nla_get_u32(
2642                         info->attrs[NL80211_ATTR_TXQ_QUANTUM]);
2643                 changed |= WIPHY_PARAM_TXQ_QUANTUM;
2644         }
2645
2646         if (changed) {
2647                 u8 old_retry_short, old_retry_long;
2648                 u32 old_frag_threshold, old_rts_threshold;
2649                 u8 old_coverage_class;
2650                 u32 old_txq_limit, old_txq_memory_limit, old_txq_quantum;
2651
2652                 if (!rdev->ops->set_wiphy_params)
2653                         return -EOPNOTSUPP;
2654
2655                 old_retry_short = rdev->wiphy.retry_short;
2656                 old_retry_long = rdev->wiphy.retry_long;
2657                 old_frag_threshold = rdev->wiphy.frag_threshold;
2658                 old_rts_threshold = rdev->wiphy.rts_threshold;
2659                 old_coverage_class = rdev->wiphy.coverage_class;
2660                 old_txq_limit = rdev->wiphy.txq_limit;
2661                 old_txq_memory_limit = rdev->wiphy.txq_memory_limit;
2662                 old_txq_quantum = rdev->wiphy.txq_quantum;
2663
2664                 if (changed & WIPHY_PARAM_RETRY_SHORT)
2665                         rdev->wiphy.retry_short = retry_short;
2666                 if (changed & WIPHY_PARAM_RETRY_LONG)
2667                         rdev->wiphy.retry_long = retry_long;
2668                 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
2669                         rdev->wiphy.frag_threshold = frag_threshold;
2670                 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
2671                         rdev->wiphy.rts_threshold = rts_threshold;
2672                 if (changed & WIPHY_PARAM_COVERAGE_CLASS)
2673                         rdev->wiphy.coverage_class = coverage_class;
2674                 if (changed & WIPHY_PARAM_TXQ_LIMIT)
2675                         rdev->wiphy.txq_limit = txq_limit;
2676                 if (changed & WIPHY_PARAM_TXQ_MEMORY_LIMIT)
2677                         rdev->wiphy.txq_memory_limit = txq_memory_limit;
2678                 if (changed & WIPHY_PARAM_TXQ_QUANTUM)
2679                         rdev->wiphy.txq_quantum = txq_quantum;
2680
2681                 result = rdev_set_wiphy_params(rdev, changed);
2682                 if (result) {
2683                         rdev->wiphy.retry_short = old_retry_short;
2684                         rdev->wiphy.retry_long = old_retry_long;
2685                         rdev->wiphy.frag_threshold = old_frag_threshold;
2686                         rdev->wiphy.rts_threshold = old_rts_threshold;
2687                         rdev->wiphy.coverage_class = old_coverage_class;
2688                         rdev->wiphy.txq_limit = old_txq_limit;
2689                         rdev->wiphy.txq_memory_limit = old_txq_memory_limit;
2690                         rdev->wiphy.txq_quantum = old_txq_quantum;
2691                         return result;
2692                 }
2693         }
2694         return 0;
2695 }
2696
2697 static inline u64 wdev_id(struct wireless_dev *wdev)
2698 {
2699         return (u64)wdev->identifier |
2700                ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2701 }
2702
2703 static int nl80211_send_chandef(struct sk_buff *msg,
2704                                 const struct cfg80211_chan_def *chandef)
2705 {
2706         if (WARN_ON(!cfg80211_chandef_valid(chandef)))
2707                 return -EINVAL;
2708
2709         if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2710                         chandef->chan->center_freq))
2711                 return -ENOBUFS;
2712         switch (chandef->width) {
2713         case NL80211_CHAN_WIDTH_20_NOHT:
2714         case NL80211_CHAN_WIDTH_20:
2715         case NL80211_CHAN_WIDTH_40:
2716                 if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
2717                                 cfg80211_get_chandef_type(chandef)))
2718                         return -ENOBUFS;
2719                 break;
2720         default:
2721                 break;
2722         }
2723         if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, chandef->width))
2724                 return -ENOBUFS;
2725         if (nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1, chandef->center_freq1))
2726                 return -ENOBUFS;
2727         if (chandef->center_freq2 &&
2728             nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2, chandef->center_freq2))
2729                 return -ENOBUFS;
2730         return 0;
2731 }
2732
2733 static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2734                               struct cfg80211_registered_device *rdev,
2735                               struct wireless_dev *wdev, bool removal)
2736 {
2737         struct net_device *dev = wdev->netdev;
2738         u8 cmd = NL80211_CMD_NEW_INTERFACE;
2739         void *hdr;
2740
2741         if (removal)
2742                 cmd = NL80211_CMD_DEL_INTERFACE;
2743
2744         hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2745         if (!hdr)
2746                 return -1;
2747
2748         if (dev &&
2749             (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
2750              nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
2751                 goto nla_put_failure;
2752
2753         if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
2754             nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
2755             nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
2756                               NL80211_ATTR_PAD) ||
2757             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
2758             nla_put_u32(msg, NL80211_ATTR_GENERATION,
2759                         rdev->devlist_generation ^
2760                         (cfg80211_rdev_list_generation << 2)))
2761                 goto nla_put_failure;
2762
2763         if (rdev->ops->get_channel) {
2764                 int ret;
2765                 struct cfg80211_chan_def chandef;
2766
2767                 ret = rdev_get_channel(rdev, wdev, &chandef);
2768                 if (ret == 0) {
2769                         if (nl80211_send_chandef(msg, &chandef))
2770                                 goto nla_put_failure;
2771                 }
2772         }
2773
2774         if (rdev->ops->get_tx_power) {
2775                 int dbm, ret;
2776
2777                 ret = rdev_get_tx_power(rdev, wdev, &dbm);
2778                 if (ret == 0 &&
2779                     nla_put_u32(msg, NL80211_ATTR_WIPHY_TX_POWER_LEVEL,
2780                                 DBM_TO_MBM(dbm)))
2781                         goto nla_put_failure;
2782         }
2783
2784         wdev_lock(wdev);
2785         switch (wdev->iftype) {
2786         case NL80211_IFTYPE_AP:
2787                 if (wdev->ssid_len &&
2788                     nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2789                         goto nla_put_failure_locked;
2790                 break;
2791         case NL80211_IFTYPE_STATION:
2792         case NL80211_IFTYPE_P2P_CLIENT:
2793         case NL80211_IFTYPE_ADHOC: {
2794                 const u8 *ssid_ie;
2795                 if (!wdev->current_bss)
2796                         break;
2797                 rcu_read_lock();
2798                 ssid_ie = ieee80211_bss_get_ie(&wdev->current_bss->pub,
2799                                                WLAN_EID_SSID);
2800                 if (ssid_ie &&
2801                     nla_put(msg, NL80211_ATTR_SSID, ssid_ie[1], ssid_ie + 2))
2802                         goto nla_put_failure_rcu_locked;
2803                 rcu_read_unlock();
2804                 break;
2805                 }
2806         default:
2807                 /* nothing */
2808                 break;
2809         }
2810         wdev_unlock(wdev);
2811
2812         if (rdev->ops->get_txq_stats) {
2813                 struct cfg80211_txq_stats txqstats = {};
2814                 int ret = rdev_get_txq_stats(rdev, wdev, &txqstats);
2815
2816                 if (ret == 0 &&
2817                     !nl80211_put_txq_stats(msg, &txqstats,
2818                                            NL80211_ATTR_TXQ_STATS))
2819                         goto nla_put_failure;
2820         }
2821
2822         genlmsg_end(msg, hdr);
2823         return 0;
2824
2825  nla_put_failure_rcu_locked:
2826         rcu_read_unlock();
2827  nla_put_failure_locked:
2828         wdev_unlock(wdev);
2829  nla_put_failure:
2830         genlmsg_cancel(msg, hdr);
2831         return -EMSGSIZE;
2832 }
2833
2834 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
2835 {
2836         int wp_idx = 0;
2837         int if_idx = 0;
2838         int wp_start = cb->args[0];
2839         int if_start = cb->args[1];
2840         int filter_wiphy = -1;
2841         struct cfg80211_registered_device *rdev;
2842         struct wireless_dev *wdev;
2843         int ret;
2844
2845         rtnl_lock();
2846         if (!cb->args[2]) {
2847                 struct nl80211_dump_wiphy_state state = {
2848                         .filter_wiphy = -1,
2849                 };
2850
2851                 ret = nl80211_dump_wiphy_parse(skb, cb, &state);
2852                 if (ret)
2853                         goto out_unlock;
2854
2855                 filter_wiphy = state.filter_wiphy;
2856
2857                 /*
2858                  * if filtering, set cb->args[2] to +1 since 0 is the default
2859                  * value needed to determine that parsing is necessary.
2860                  */
2861                 if (filter_wiphy >= 0)
2862                         cb->args[2] = filter_wiphy + 1;
2863                 else
2864                         cb->args[2] = -1;
2865         } else if (cb->args[2] > 0) {
2866                 filter_wiphy = cb->args[2] - 1;
2867         }
2868
2869         list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
2870                 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
2871                         continue;
2872                 if (wp_idx < wp_start) {
2873                         wp_idx++;
2874                         continue;
2875                 }
2876
2877                 if (filter_wiphy >= 0 && filter_wiphy != rdev->wiphy_idx)
2878                         continue;
2879
2880                 if_idx = 0;
2881
2882                 list_for_each_entry(wdev, &rdev->wiphy.wdev_list, list) {
2883                         if (if_idx < if_start) {
2884                                 if_idx++;
2885                                 continue;
2886                         }
2887                         if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
2888                                                cb->nlh->nlmsg_seq, NLM_F_MULTI,
2889                                                rdev, wdev, false) < 0) {
2890                                 goto out;
2891                         }
2892                         if_idx++;
2893                 }
2894
2895                 wp_idx++;
2896         }
2897  out:
2898         cb->args[0] = wp_idx;
2899         cb->args[1] = if_idx;
2900
2901         ret = skb->len;
2902  out_unlock:
2903         rtnl_unlock();
2904
2905         return ret;
2906 }
2907
2908 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
2909 {
2910         struct sk_buff *msg;
2911         struct cfg80211_registered_device *rdev = info->user_ptr[0];
2912         struct wireless_dev *wdev = info->user_ptr[1];
2913
2914         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2915         if (!msg)
2916                 return -ENOMEM;
2917
2918         if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
2919                                rdev, wdev, false) < 0) {
2920                 nlmsg_free(msg);
2921                 return -ENOBUFS;
2922         }
2923
2924         return genlmsg_reply(msg, info);
2925 }
2926
2927 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
2928         [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
2929         [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
2930         [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
2931         [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
2932         [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
2933         [NL80211_MNTR_FLAG_ACTIVE] = { .type = NLA_FLAG },
2934 };
2935
2936 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
2937 {
2938         struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
2939         int flag;
2940
2941         *mntrflags = 0;
2942
2943         if (!nla)
2944                 return -EINVAL;
2945
2946         if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
2947                              mntr_flags_policy, NULL))
2948                 return -EINVAL;
2949
2950         for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
2951                 if (flags[flag])
2952                         *mntrflags |= (1<<flag);
2953
2954         *mntrflags |= MONITOR_FLAG_CHANGED;
2955
2956         return 0;
2957 }
2958
2959 static int nl80211_parse_mon_options(struct cfg80211_registered_device *rdev,
2960                                      enum nl80211_iftype type,
2961                                      struct genl_info *info,
2962                                      struct vif_params *params)
2963 {
2964         bool change = false;
2965         int err;
2966
2967         if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
2968                 if (type != NL80211_IFTYPE_MONITOR)
2969                         return -EINVAL;
2970
2971                 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
2972                                           &params->flags);
2973                 if (err)
2974                         return err;
2975
2976                 change = true;
2977         }
2978
2979         if (params->flags & MONITOR_FLAG_ACTIVE &&
2980             !(rdev->wiphy.features & NL80211_FEATURE_ACTIVE_MONITOR))
2981                 return -EOPNOTSUPP;
2982
2983         if (info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]) {
2984                 const u8 *mumimo_groups;
2985                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
2986
2987                 if (type != NL80211_IFTYPE_MONITOR)
2988                         return -EINVAL;
2989
2990                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
2991                         return -EOPNOTSUPP;
2992
2993                 mumimo_groups =
2994                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_GROUP_DATA]);
2995
2996                 /* bits 0 and 63 are reserved and must be zero */
2997                 if ((mumimo_groups[0] & BIT(0)) ||
2998                     (mumimo_groups[VHT_MUMIMO_GROUPS_DATA_LEN - 1] & BIT(7)))
2999                         return -EINVAL;
3000
3001                 params->vht_mumimo_groups = mumimo_groups;
3002                 change = true;
3003         }
3004
3005         if (info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]) {
3006                 u32 cap_flag = NL80211_EXT_FEATURE_MU_MIMO_AIR_SNIFFER;
3007
3008                 if (type != NL80211_IFTYPE_MONITOR)
3009                         return -EINVAL;
3010
3011                 if (!wiphy_ext_feature_isset(&rdev->wiphy, cap_flag))
3012                         return -EOPNOTSUPP;
3013
3014                 params->vht_mumimo_follow_addr =
3015                         nla_data(info->attrs[NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR]);
3016                 change = true;
3017         }
3018
3019         return change ? 1 : 0;
3020 }
3021
3022 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
3023                                struct net_device *netdev, u8 use_4addr,
3024                                enum nl80211_iftype iftype)
3025 {
3026         if (!use_4addr) {
3027                 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
3028                         return -EBUSY;
3029                 return 0;
3030         }
3031
3032         switch (iftype) {
3033         case NL80211_IFTYPE_AP_VLAN:
3034                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
3035                         return 0;
3036                 break;
3037         case NL80211_IFTYPE_STATION:
3038                 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
3039                         return 0;
3040                 break;
3041         default:
3042                 break;
3043         }
3044
3045         return -EOPNOTSUPP;
3046 }
3047
3048 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
3049 {
3050         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3051         struct vif_params params;
3052         int err;
3053         enum nl80211_iftype otype, ntype;
3054         struct net_device *dev = info->user_ptr[1];
3055         bool change = false;
3056
3057         memset(&params, 0, sizeof(params));
3058
3059         otype = ntype = dev->ieee80211_ptr->iftype;
3060
3061         if (info->attrs[NL80211_ATTR_IFTYPE]) {
3062                 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3063                 if (otype != ntype)
3064                         change = true;
3065                 if (ntype > NL80211_IFTYPE_MAX)
3066                         return -EINVAL;
3067         }
3068
3069         if (info->attrs[NL80211_ATTR_MESH_ID]) {
3070                 struct wireless_dev *wdev = dev->ieee80211_ptr;
3071
3072                 if (ntype != NL80211_IFTYPE_MESH_POINT)
3073                         return -EINVAL;
3074                 if (netif_running(dev))
3075                         return -EBUSY;
3076
3077                 wdev_lock(wdev);
3078                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3079                              IEEE80211_MAX_MESH_ID_LEN);
3080                 wdev->mesh_id_up_len =
3081                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3082                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3083                        wdev->mesh_id_up_len);
3084                 wdev_unlock(wdev);
3085         }
3086
3087         if (info->attrs[NL80211_ATTR_4ADDR]) {
3088                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3089                 change = true;
3090                 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
3091                 if (err)
3092                         return err;
3093         } else {
3094                 params.use_4addr = -1;
3095         }
3096
3097         err = nl80211_parse_mon_options(rdev, ntype, info, &params);
3098         if (err < 0)
3099                 return err;
3100         if (err > 0)
3101                 change = true;
3102
3103         if (change)
3104                 err = cfg80211_change_iface(rdev, dev, ntype, &params);
3105         else
3106                 err = 0;
3107
3108         if (!err && params.use_4addr != -1)
3109                 dev->ieee80211_ptr->use_4addr = params.use_4addr;
3110
3111         return err;
3112 }
3113
3114 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
3115 {
3116         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3117         struct vif_params params;
3118         struct wireless_dev *wdev;
3119         struct sk_buff *msg;
3120         int err;
3121         enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
3122
3123         /* to avoid failing a new interface creation due to pending removal */
3124         cfg80211_destroy_ifaces(rdev);
3125
3126         memset(&params, 0, sizeof(params));
3127
3128         if (!info->attrs[NL80211_ATTR_IFNAME])
3129                 return -EINVAL;
3130
3131         if (info->attrs[NL80211_ATTR_IFTYPE]) {
3132                 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3133                 if (type > NL80211_IFTYPE_MAX)
3134                         return -EINVAL;
3135         }
3136
3137         if (!rdev->ops->add_virtual_intf ||
3138             !(rdev->wiphy.interface_modes & (1 << type)))
3139                 return -EOPNOTSUPP;
3140
3141         if ((type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN ||
3142              rdev->wiphy.features & NL80211_FEATURE_MAC_ON_CREATE) &&
3143             info->attrs[NL80211_ATTR_MAC]) {
3144                 nla_memcpy(params.macaddr, info->attrs[NL80211_ATTR_MAC],
3145                            ETH_ALEN);
3146                 if (!is_valid_ether_addr(params.macaddr))
3147                         return -EADDRNOTAVAIL;
3148         }
3149
3150         if (info->attrs[NL80211_ATTR_4ADDR]) {
3151                 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
3152                 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
3153                 if (err)
3154                         return err;
3155         }
3156
3157         err = nl80211_parse_mon_options(rdev, type, info, &params);
3158         if (err < 0)
3159                 return err;
3160
3161         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3162         if (!msg)
3163                 return -ENOMEM;
3164
3165         wdev = rdev_add_virtual_intf(rdev,
3166                                 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
3167                                 NET_NAME_USER, type, &params);
3168         if (WARN_ON(!wdev)) {
3169                 nlmsg_free(msg);
3170                 return -EPROTO;
3171         } else if (IS_ERR(wdev)) {
3172                 nlmsg_free(msg);
3173                 return PTR_ERR(wdev);
3174         }
3175
3176         if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
3177                 wdev->owner_nlportid = info->snd_portid;
3178
3179         switch (type) {
3180         case NL80211_IFTYPE_MESH_POINT:
3181                 if (!info->attrs[NL80211_ATTR_MESH_ID])
3182                         break;
3183                 wdev_lock(wdev);
3184                 BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
3185                              IEEE80211_MAX_MESH_ID_LEN);
3186                 wdev->mesh_id_up_len =
3187                         nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
3188                 memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
3189                        wdev->mesh_id_up_len);
3190                 wdev_unlock(wdev);
3191                 break;
3192         case NL80211_IFTYPE_NAN:
3193         case NL80211_IFTYPE_P2P_DEVICE:
3194                 /*
3195                  * P2P Device and NAN do not have a netdev, so don't go
3196                  * through the netdev notifier and must be added here
3197                  */
3198                 mutex_init(&wdev->mtx);
3199                 INIT_LIST_HEAD(&wdev->event_list);
3200                 spin_lock_init(&wdev->event_lock);
3201                 INIT_LIST_HEAD(&wdev->mgmt_registrations);
3202                 spin_lock_init(&wdev->mgmt_registrations_lock);
3203
3204                 wdev->identifier = ++rdev->wdev_id;
3205                 list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3206                 rdev->devlist_generation++;
3207                 break;
3208         default:
3209                 break;
3210         }
3211
3212         if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3213                                rdev, wdev, false) < 0) {
3214                 nlmsg_free(msg);
3215                 return -ENOBUFS;
3216         }
3217
3218         /*
3219          * For wdevs which have no associated netdev object (e.g. of type
3220          * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3221          * For all other types, the event will be generated from the
3222          * netdev notifier
3223          */
3224         if (!wdev->netdev)
3225                 nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3226
3227         return genlmsg_reply(msg, info);
3228 }
3229
3230 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
3231 {
3232         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3233         struct wireless_dev *wdev = info->user_ptr[1];
3234
3235         if (!rdev->ops->del_virtual_intf)
3236                 return -EOPNOTSUPP;
3237
3238         /*
3239          * If we remove a wireless device without a netdev then clear
3240          * user_ptr[1] so that nl80211_post_doit won't dereference it
3241          * to check if it needs to do dev_put(). Otherwise it crashes
3242          * since the wdev has been freed, unlike with a netdev where
3243          * we need the dev_put() for the netdev to really be freed.
3244          */
3245         if (!wdev->netdev)
3246                 info->user_ptr[1] = NULL;
3247
3248         return rdev_del_virtual_intf(rdev, wdev);
3249 }
3250
3251 static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
3252 {
3253         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3254         struct net_device *dev = info->user_ptr[1];
3255         u16 noack_map;
3256
3257         if (!info->attrs[NL80211_ATTR_NOACK_MAP])
3258                 return -EINVAL;
3259
3260         if (!rdev->ops->set_noack_map)
3261                 return -EOPNOTSUPP;
3262
3263         noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);
3264
3265         return rdev_set_noack_map(rdev, dev, noack_map);
3266 }
3267
3268 struct get_key_cookie {
3269         struct sk_buff *msg;
3270         int error;
3271         int idx;
3272 };
3273
3274 static void get_key_callback(void *c, struct key_params *params)
3275 {
3276         struct nlattr *key;
3277         struct get_key_cookie *cookie = c;
3278
3279         if ((params->key &&
3280              nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
3281                      params->key_len, params->key)) ||
3282             (params->seq &&
3283              nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
3284                      params->seq_len, params->seq)) ||
3285             (params->cipher &&
3286              nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
3287                          params->cipher)))
3288                 goto nla_put_failure;
3289
3290         key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
3291         if (!key)
3292                 goto nla_put_failure;
3293
3294         if ((params->key &&
3295              nla_put(cookie->msg, NL80211_KEY_DATA,
3296                      params->key_len, params->key)) ||
3297             (params->seq &&
3298              nla_put(cookie->msg, NL80211_KEY_SEQ,
3299                      params->seq_len, params->seq)) ||
3300             (params->cipher &&
3301              nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
3302                          params->cipher)))
3303                 goto nla_put_failure;
3304
3305         if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
3306                 goto nla_put_failure;
3307
3308         nla_nest_end(cookie->msg, key);
3309
3310         return;
3311  nla_put_failure:
3312         cookie->error = 1;
3313 }
3314
3315 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
3316 {
3317         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3318         int err;
3319         struct net_device *dev = info->user_ptr[1];
3320         u8 key_idx = 0;
3321         const u8 *mac_addr = NULL;
3322         bool pairwise;
3323         struct get_key_cookie cookie = {
3324                 .error = 0,
3325         };
3326         void *hdr;
3327         struct sk_buff *msg;
3328
3329         if (info->attrs[NL80211_ATTR_KEY_IDX])
3330                 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3331
3332         if (key_idx > 5)
3333                 return -EINVAL;
3334
3335         if (info->attrs[NL80211_ATTR_MAC])
3336                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3337
3338         pairwise = !!mac_addr;
3339         if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3340                 u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3341
3342                 if (kt >= NUM_NL80211_KEYTYPES)
3343                         return -EINVAL;
3344                 if (kt != NL80211_KEYTYPE_GROUP &&
3345                     kt != NL80211_KEYTYPE_PAIRWISE)
3346                         return -EINVAL;
3347                 pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
3348         }
3349
3350         if (!rdev->ops->get_key)
3351                 return -EOPNOTSUPP;
3352
3353         if (!pairwise && mac_addr && !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
3354                 return -ENOENT;
3355
3356         msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3357         if (!msg)
3358                 return -ENOMEM;
3359
3360         hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
3361                              NL80211_CMD_NEW_KEY);
3362         if (!hdr)
3363                 goto nla_put_failure;
3364
3365         cookie.msg = msg;
3366         cookie.idx = key_idx;
3367
3368         if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
3369             nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
3370                 goto nla_put_failure;
3371         if (mac_addr &&
3372             nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
3373                 goto nla_put_failure;
3374
3375         err = rdev_get_key(rdev, dev, key_idx, pairwise, mac_addr, &cookie,
3376                            get_key_callback);
3377
3378         if (err)
3379                 goto free_msg;
3380
3381         if (cookie.error)
3382                 goto nla_put_failure;
3383
3384         genlmsg_end(msg, hdr);
3385         return genlmsg_reply(msg, info);
3386
3387  nla_put_failure:
3388         err = -ENOBUFS;
3389  free_msg:
3390         nlmsg_free(msg);
3391         return err;
3392 }
3393
3394 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
3395 {
3396         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3397         struct key_parse key;
3398         int err;
3399         struct net_device *dev = info->user_ptr[1];
3400
3401         err = nl80211_parse_key(info, &key);
3402         if (err)
3403                 return err;
3404
3405         if (key.idx < 0)
3406                 return -EINVAL;
3407
3408         /* only support setting default key */
3409         if (!key.def && !key.defmgmt)
3410                 return -EINVAL;
3411
3412         wdev_lock(dev->ieee80211_ptr);
3413
3414         if (key.def) {
3415                 if (!rdev->ops->set_default_key) {
3416                         err = -EOPNOTSUPP;
3417                         goto out;
3418                 }
3419
3420                 err = nl80211_key_allowed(dev->ieee80211_ptr);
3421                 if (err)
3422                         goto out;
3423
3424                 err = rdev_set_default_key(rdev, dev, key.idx,
3425                                                  key.def_uni, key.def_multi);
3426
3427                 if (err)
3428                         goto out;
3429
3430 #ifdef CONFIG_CFG80211_WEXT
3431                 dev->ieee80211_ptr->wext.default_key = key.idx;
3432 #endif
3433         } else {
3434                 if (key.def_uni || !key.def_multi) {
3435                         err = -EINVAL;
3436                         goto out;
3437                 }
3438
3439                 if (!rdev->ops->set_default_mgmt_key) {
3440                         err = -EOPNOTSUPP;
3441                         goto out;
3442                 }
3443
3444                 err = nl80211_key_allowed(dev->ieee80211_ptr);
3445                 if (err)
3446                         goto out;
3447
3448                 err = rdev_set_default_mgmt_key(rdev, dev, key.idx);
3449                 if (err)
3450                         goto out;
3451
3452 #ifdef CONFIG_CFG80211_WEXT
3453                 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
3454 #endif
3455         }
3456
3457  out:
3458         wdev_unlock(dev->ieee80211_ptr);
3459
3460         return err;
3461 }
3462
3463 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
3464 {
3465         struct cfg80211_registered_device *rdev = info->user_ptr[0];
3466         int err;
3467         struct net_device *dev = info->user_ptr[1];
3468         struct key_parse key;
3469         const u8 *mac_addr = NULL;
3470
3471         err = nl80211_parse_key(info, &key);
3472         if (err)
3473                 return err;
3474
3475         if (!key.p.key)
3476                 return -EINVAL;
3477
3478         if (info->attrs[NL80211_ATTR_MAC])
3479                 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
3480
3481         if (key.type == -1) {
3482                 if (mac_addr)
3483                         key.type = NL80211_KEYTYPE_PAIRWISE;
3484                 else
3485                         key.type = NL80211_KEYTYPE_GROUP;
3486         }
3487
3488         /* for now */
3489         if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3490             key.type != NL80211_KEYTYPE_GROUP)
3491                 return -EINVAL;
3492
3493         if (!rdev->ops->add_key)
3494                 return -EOPNOTSUPP;
3495
3496         if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3497                                            key.type == NL80211_KEYTYPE_PAIRWISE,
3498                                            mac_addr))
3499                 return -EINVAL;
3500
3501         wdev_lock(dev->ieee80211_ptr);