~hc/RK356X_SDK_RELEASE.git

..	..	@@ -1,10 +1,11 @@
	1	+// SPDX-License-Identifier: GPL-2.0-only
1	2	/*
2	3	* This is the new netlink-based wireless configuration interface.
3	4	*
4	5	* Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net>
5	6	* Copyright 2013-2014 Intel Mobile Communications GmbH
6	7	* Copyright 2015-2017 Intel Deutschland GmbH
7		- * Copyright (C) 2018 Intel Corporation
	8	+ * Copyright (C) 2018-2021 Intel Corporation
8	9	*/
9	10
10	11	#include <linux/if.h>
..	..	@@ -19,6 +20,7 @@
19	20	#include <linux/netlink.h>
20	21	#include <linux/nospec.h>
21	22	#include <linux/etherdevice.h>
	23	+#include <linux/if_vlan.h>
22	24	#include <net/net_namespace.h>
23	25	#include <net/genetlink.h>
24	26	#include <net/cfg80211.h>
..	..	@@ -207,14 +209,27 @@
207	209	unsigned int len = nla_len(attr);
208	210	const struct element *elem;
209	211	const struct ieee80211_mgmt mgmt = (void )data;
210		- unsigned int fixedlen = offsetof(struct ieee80211_mgmt,
211		- u.beacon.variable);
	212	+ unsigned int fixedlen, hdrlen;
	213	+ bool s1g_bcn;
	214	+
	215	+ if (len < offsetofend(typeof(*mgmt), frame_control))
	216	+ goto err;
	217	+
	218	+ s1g_bcn = ieee80211_is_s1g_beacon(mgmt->frame_control);
	219	+ if (s1g_bcn) {
	220	+ fixedlen = offsetof(struct ieee80211_ext,
	221	+ u.s1g_beacon.variable);
	222	+ hdrlen = offsetof(struct ieee80211_ext, u.s1g_beacon);
	223	+ } else {
	224	+ fixedlen = offsetof(struct ieee80211_mgmt,
	225	+ u.beacon.variable);
	226	+ hdrlen = offsetof(struct ieee80211_mgmt, u.beacon);
	227	+ }
212	228
213	229	if (len < fixedlen)
214	230	goto err;
215	231
216		- if (ieee80211_hdrlen(mgmt->frame_control) !=
217		- offsetof(struct ieee80211_mgmt, u.beacon))
	232	+ if (ieee80211_hdrlen(mgmt->frame_control) != hdrlen)
218	233	goto err;
219	234
220	235	data += fixedlen;
..	..	@@ -232,8 +247,164 @@
232	247	return -EINVAL;
233	248	}
234	249
	250	+static int validate_ie_attr(const struct nlattr *attr,
	251	+ struct netlink_ext_ack *extack)
	252	+{
	253	+ const u8 *data = nla_data(attr);
	254	+ unsigned int len = nla_len(attr);
	255	+ const struct element *elem;
	256	+
	257	+ for_each_element(elem, data, len) {
	258	+ /* nothing */
	259	+ }
	260	+
	261	+ if (for_each_element_completed(elem, data, len))
	262	+ return 0;
	263	+
	264	+ NL_SET_ERR_MSG_ATTR(extack, attr, "malformed information elements");
	265	+ return -EINVAL;
	266	+}
	267	+
235	268	/* policy for the attributes */
	269	+static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR];
	270	+
	271	+static const struct nla_policy
	272	+nl80211_ftm_responder_policy[NL80211_FTM_RESP_ATTR_MAX + 1] = {
	273	+ [NL80211_FTM_RESP_ATTR_ENABLED] = { .type = NLA_FLAG, },
	274	+ [NL80211_FTM_RESP_ATTR_LCI] = { .type = NLA_BINARY,
	275	+ .len = U8_MAX },
	276	+ [NL80211_FTM_RESP_ATTR_CIVICLOC] = { .type = NLA_BINARY,
	277	+ .len = U8_MAX },
	278	+};
	279	+
	280	+static const struct nla_policy
	281	+nl80211_pmsr_ftm_req_attr_policy[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1] = {
	282	+ [NL80211_PMSR_FTM_REQ_ATTR_ASAP] = { .type = NLA_FLAG },
	283	+ [NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE] = { .type = NLA_U32 },
	284	+ [NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP] =
	285	+ NLA_POLICY_MAX(NLA_U8, 15),
	286	+ [NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD] = { .type = NLA_U16 },
	287	+ [NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION] =
	288	+ NLA_POLICY_MAX(NLA_U8, 15),
	289	+ [NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST] =
	290	+ NLA_POLICY_MAX(NLA_U8, 31),
	291	+ [NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES] = { .type = NLA_U8 },
	292	+ [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI] = { .type = NLA_FLAG },
	293	+ [NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC] = { .type = NLA_FLAG },
	294	+ [NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED] = { .type = NLA_FLAG },
	295	+ [NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED] = { .type = NLA_FLAG },
	296	+};
	297	+
	298	+static const struct nla_policy
	299	+nl80211_pmsr_req_data_policy[NL80211_PMSR_TYPE_MAX + 1] = {
	300	+ [NL80211_PMSR_TYPE_FTM] =
	301	+ NLA_POLICY_NESTED(nl80211_pmsr_ftm_req_attr_policy),
	302	+};
	303	+
	304	+static const struct nla_policy
	305	+nl80211_pmsr_req_attr_policy[NL80211_PMSR_REQ_ATTR_MAX + 1] = {
	306	+ [NL80211_PMSR_REQ_ATTR_DATA] =
	307	+ NLA_POLICY_NESTED(nl80211_pmsr_req_data_policy),
	308	+ [NL80211_PMSR_REQ_ATTR_GET_AP_TSF] = { .type = NLA_FLAG },
	309	+};
	310	+
	311	+static const struct nla_policy
	312	+nl80211_psmr_peer_attr_policy[NL80211_PMSR_PEER_ATTR_MAX + 1] = {
	313	+ [NL80211_PMSR_PEER_ATTR_ADDR] = NLA_POLICY_ETH_ADDR,
	314	+ [NL80211_PMSR_PEER_ATTR_CHAN] = NLA_POLICY_NESTED(nl80211_policy),
	315	+ [NL80211_PMSR_PEER_ATTR_REQ] =
	316	+ NLA_POLICY_NESTED(nl80211_pmsr_req_attr_policy),
	317	+ [NL80211_PMSR_PEER_ATTR_RESP] = { .type = NLA_REJECT },
	318	+};
	319	+
	320	+static const struct nla_policy
	321	+nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
	322	+ [NL80211_PMSR_ATTR_MAX_PEERS] = { .type = NLA_REJECT },
	323	+ [NL80211_PMSR_ATTR_REPORT_AP_TSF] = { .type = NLA_REJECT },
	324	+ [NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR] = { .type = NLA_REJECT },
	325	+ [NL80211_PMSR_ATTR_TYPE_CAPA] = { .type = NLA_REJECT },
	326	+ [NL80211_PMSR_ATTR_PEERS] =
	327	+ NLA_POLICY_NESTED_ARRAY(nl80211_psmr_peer_attr_policy),
	328	+};
	329	+
	330	+static const struct nla_policy
	331	+he_obss_pd_policy[NL80211_HE_OBSS_PD_ATTR_MAX + 1] = {
	332	+ [NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET] =
	333	+ NLA_POLICY_RANGE(NLA_U8, 1, 20),
	334	+ [NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET] =
	335	+ NLA_POLICY_RANGE(NLA_U8, 1, 20),
	336	+ [NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET] =
	337	+ NLA_POLICY_RANGE(NLA_U8, 1, 20),
	338	+ [NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP] =
	339	+ NLA_POLICY_EXACT_LEN(8),
	340	+ [NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP] =
	341	+ NLA_POLICY_EXACT_LEN(8),
	342	+ [NL80211_HE_OBSS_PD_ATTR_SR_CTRL] = { .type = NLA_U8 },
	343	+};
	344	+
	345	+static const struct nla_policy
	346	+he_bss_color_policy[NL80211_HE_BSS_COLOR_ATTR_MAX + 1] = {
	347	+ [NL80211_HE_BSS_COLOR_ATTR_COLOR] = NLA_POLICY_RANGE(NLA_U8, 1, 63),
	348	+ [NL80211_HE_BSS_COLOR_ATTR_DISABLED] = { .type = NLA_FLAG },
	349	+ [NL80211_HE_BSS_COLOR_ATTR_PARTIAL] = { .type = NLA_FLAG },
	350	+};
	351	+
	352	+static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
	353	+ [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
	354	+ .len = NL80211_MAX_SUPP_RATES },
	355	+ [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
	356	+ .len = NL80211_MAX_SUPP_HT_RATES },
	357	+ [NL80211_TXRATE_VHT] = NLA_POLICY_EXACT_LEN_WARN(sizeof(struct nl80211_txrate_vht)),
	358	+ [NL80211_TXRATE_GI] = { .type = NLA_U8 },
	359	+ [NL80211_TXRATE_HE] = NLA_POLICY_EXACT_LEN(sizeof(struct nl80211_txrate_he)),
	360	+ [NL80211_TXRATE_HE_GI] = NLA_POLICY_RANGE(NLA_U8,
	361	+ NL80211_RATE_INFO_HE_GI_0_8,
	362	+ NL80211_RATE_INFO_HE_GI_3_2),
	363	+ [NL80211_TXRATE_HE_LTF] = NLA_POLICY_RANGE(NLA_U8,
	364	+ NL80211_RATE_INFO_HE_1XLTF,
	365	+ NL80211_RATE_INFO_HE_4XLTF),
	366	+};
	367	+
	368	+static const struct nla_policy
	369	+nl80211_tid_config_attr_policy[NL80211_TID_CONFIG_ATTR_MAX + 1] = {
	370	+ [NL80211_TID_CONFIG_ATTR_VIF_SUPP] = { .type = NLA_U64 },
	371	+ [NL80211_TID_CONFIG_ATTR_PEER_SUPP] = { .type = NLA_U64 },
	372	+ [NL80211_TID_CONFIG_ATTR_OVERRIDE] = { .type = NLA_FLAG },
	373	+ [NL80211_TID_CONFIG_ATTR_TIDS] = NLA_POLICY_RANGE(NLA_U16, 1, 0xff),
	374	+ [NL80211_TID_CONFIG_ATTR_NOACK] =
	375	+ NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
	376	+ [NL80211_TID_CONFIG_ATTR_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
	377	+ [NL80211_TID_CONFIG_ATTR_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
	378	+ [NL80211_TID_CONFIG_ATTR_AMPDU_CTRL] =
	379	+ NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
	380	+ [NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL] =
	381	+ NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
	382	+ [NL80211_TID_CONFIG_ATTR_AMSDU_CTRL] =
	383	+ NLA_POLICY_MAX(NLA_U8, NL80211_TID_CONFIG_DISABLE),
	384	+ [NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE] =
	385	+ NLA_POLICY_MAX(NLA_U8, NL80211_TX_RATE_FIXED),
	386	+ [NL80211_TID_CONFIG_ATTR_TX_RATE] =
	387	+ NLA_POLICY_NESTED(nl80211_txattr_policy),
	388	+};
	389	+
	390	+static const struct nla_policy
	391	+nl80211_fils_discovery_policy[NL80211_FILS_DISCOVERY_ATTR_MAX + 1] = {
	392	+ [NL80211_FILS_DISCOVERY_ATTR_INT_MIN] = NLA_POLICY_MAX(NLA_U32, 10000),
	393	+ [NL80211_FILS_DISCOVERY_ATTR_INT_MAX] = NLA_POLICY_MAX(NLA_U32, 10000),
	394	+ NLA_POLICY_RANGE(NLA_BINARY,
	395	+ NL80211_FILS_DISCOVERY_TMPL_MIN_LEN,
	396	+ IEEE80211_MAX_DATA_LEN),
	397	+};
	398	+
	399	+static const struct nla_policy
	400	+nl80211_unsol_bcast_probe_resp_policy[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1] = {
	401	+ [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] = NLA_POLICY_MAX(NLA_U32, 20),
	402	+ [NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL] = { .type = NLA_BINARY,
	403	+ .len = IEEE80211_MAX_DATA_LEN }
	404	+};
	405	+
236	406	static const struct nla_policy nl80211_policy[NUM_NL80211_ATTR] = {
	407	+ [0] = { .strict_start_type = NL80211_ATTR_HE_OBSS_PD },
237	408	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
238	409	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
239	410	.len = 20-1 },
..	..	@@ -241,55 +412,71 @@
241	412
242	413	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
243	414	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
244		- [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = { .type = NLA_U8 },
245		- [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = { .type = NLA_U8 },
	415	+ [NL80211_ATTR_WIPHY_EDMG_CHANNELS] = NLA_POLICY_RANGE(NLA_U8,
	416	+ NL80211_EDMG_CHANNELS_MIN,
	417	+ NL80211_EDMG_CHANNELS_MAX),
	418	+ [NL80211_ATTR_WIPHY_EDMG_BW_CONFIG] = NLA_POLICY_RANGE(NLA_U8,
	419	+ NL80211_EDMG_BW_CONFIG_MIN,
	420	+ NL80211_EDMG_BW_CONFIG_MAX),
	421	+
246	422	[NL80211_ATTR_CHANNEL_WIDTH] = { .type = NLA_U32 },
247	423	[NL80211_ATTR_CENTER_FREQ1] = { .type = NLA_U32 },
	424	+ [NL80211_ATTR_CENTER_FREQ1_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
248	425	[NL80211_ATTR_CENTER_FREQ2] = { .type = NLA_U32 },
249	426
250		- [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
251		- [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
	427	+ [NL80211_ATTR_WIPHY_RETRY_SHORT] = NLA_POLICY_MIN(NLA_U8, 1),
	428	+ [NL80211_ATTR_WIPHY_RETRY_LONG] = NLA_POLICY_MIN(NLA_U8, 1),
252	429	[NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
253	430	[NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
254	431	[NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },
255	432	[NL80211_ATTR_WIPHY_DYN_ACK] = { .type = NLA_FLAG },
256	433
257		- [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
	434	+ [NL80211_ATTR_IFTYPE] = NLA_POLICY_MAX(NLA_U32, NL80211_IFTYPE_MAX),
258	435	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
259	436	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
260	437
261		- [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
262		- [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },
	438	+ [NL80211_ATTR_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
	439	+ [NL80211_ATTR_PREV_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
263	440
264	441	[NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
265	442	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
266	443	.len = WLAN_MAX_KEY_LEN },
267		- [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
	444	+ [NL80211_ATTR_KEY_IDX] = NLA_POLICY_MAX(NLA_U8, 7),
268	445	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
269	446	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
270	447	[NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
271		- [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },
	448	+ [NL80211_ATTR_KEY_TYPE] =
	449	+ NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES),
272	450
273	451	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
274	452	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
275		- [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
276		- .len = IEEE80211_MAX_DATA_LEN },
277		- [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
278		- .len = IEEE80211_MAX_DATA_LEN },
279		- [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
	453	+ [NL80211_ATTR_BEACON_HEAD] =
	454	+ NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_beacon_head,
	455	+ IEEE80211_MAX_DATA_LEN),
	456	+ [NL80211_ATTR_BEACON_TAIL] =
	457	+ NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
	458	+ IEEE80211_MAX_DATA_LEN),
	459	+ [NL80211_ATTR_STA_AID] =
	460	+ NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
280	461	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
281	462	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
282	463	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
283	464	.len = NL80211_MAX_SUPP_RATES },
284		- [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
	465	+ [NL80211_ATTR_STA_PLINK_ACTION] =
	466	+ NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_ACTIONS - 1),
	467	+ [NL80211_ATTR_STA_TX_POWER_SETTING] =
	468	+ NLA_POLICY_RANGE(NLA_U8,
	469	+ NL80211_TX_POWER_AUTOMATIC,
	470	+ NL80211_TX_POWER_FIXED),
	471	+ [NL80211_ATTR_STA_TX_POWER] = { .type = NLA_S16 },
285	472	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
286	473	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
287	474	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
288	475	.len = IEEE80211_MAX_MESH_ID_LEN },
289		- [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_BINARY,
290		- .len = ETH_ALEN },
	476	+ [NL80211_ATTR_MPATH_NEXT_HOP] = NLA_POLICY_ETH_ADDR_COMPAT,
291	477
292		- [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
	478	+ /* allow 3 for NUL-termination, we used to declare this NLA_STRING */
	479	+ [NL80211_ATTR_REG_ALPHA2] = NLA_POLICY_RANGE(NLA_BINARY, 2, 3),
293	480	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
294	481
295	482	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
..	..	@@ -302,11 +489,12 @@
302	489	[NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
303	490	[NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },
304	491
305		- [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },
	492	+ [NL80211_ATTR_HT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_HT_CAPABILITY_LEN),
306	493
307	494	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
308		- [NL80211_ATTR_IE] = { .type = NLA_BINARY,
309		- .len = IEEE80211_MAX_DATA_LEN },
	495	+ [NL80211_ATTR_IE] = NLA_POLICY_VALIDATE_FN(NLA_BINARY,
	496	+ validate_ie_attr,
	497	+ IEEE80211_MAX_DATA_LEN),
310	498	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
311	499	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
312	500
..	..	@@ -316,7 +504,9 @@
316	504	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
317	505	[NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
318	506	[NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
319		- [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
	507	+ [NL80211_ATTR_USE_MFP] = NLA_POLICY_RANGE(NLA_U32,
	508	+ NL80211_MFP_NO,
	509	+ NL80211_MFP_OPTIONAL),
320	510	[NL80211_ATTR_STA_FLAGS2] = {
321	511	.len = sizeof(struct nl80211_sta_flag_update),
322	512	},
..	..	@@ -330,14 +520,16 @@
330	520	[NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
331	521	[NL80211_ATTR_PID] = { .type = NLA_U32 },
332	522	[NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
333		- [NL80211_ATTR_PMKID] = { .len = WLAN_PMKID_LEN },
	523	+ [NL80211_ATTR_PMKID] = NLA_POLICY_EXACT_LEN_WARN(WLAN_PMKID_LEN),
334	524	[NL80211_ATTR_DURATION] = { .type = NLA_U32 },
335	525	[NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
336	526	[NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
337	527	[NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
338	528	.len = IEEE80211_MAX_DATA_LEN },
339	529	[NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
340		- [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
	530	+ [NL80211_ATTR_PS_STATE] = NLA_POLICY_RANGE(NLA_U32,
	531	+ NL80211_PS_DISABLED,
	532	+ NL80211_PS_ENABLED),
341	533	[NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
342	534	[NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
343	535	[NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
..	..	@@ -350,17 +542,25 @@
350	542	[NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
351	543	[NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
352	544	[NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
353		- [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
	545	+ [NL80211_ATTR_STA_PLINK_STATE] =
	546	+ NLA_POLICY_MAX(NLA_U8, NUM_NL80211_PLINK_STATES - 1),
354	547	[NL80211_ATTR_MEASUREMENT_DURATION] = { .type = NLA_U16 },
355	548	[NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY] = { .type = NLA_FLAG },
	549	+ [NL80211_ATTR_MESH_PEER_AID] =
	550	+ NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
356	551	[NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
357	552	[NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
358	553	[NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
359		- [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
360		- [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
361		- .len = IEEE80211_MAX_DATA_LEN },
362		- [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
363		- .len = IEEE80211_MAX_DATA_LEN },
	554	+ [NL80211_ATTR_HIDDEN_SSID] =
	555	+ NLA_POLICY_RANGE(NLA_U32,
	556	+ NL80211_HIDDEN_SSID_NOT_IN_USE,
	557	+ NL80211_HIDDEN_SSID_ZERO_CONTENTS),
	558	+ [NL80211_ATTR_IE_PROBE_RESP] =
	559	+ NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
	560	+ IEEE80211_MAX_DATA_LEN),
	561	+ [NL80211_ATTR_IE_ASSOC_RESP] =
	562	+ NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
	563	+ IEEE80211_MAX_DATA_LEN),
364	564	[NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
365	565	[NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
366	566	[NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
..	..	@@ -383,12 +583,18 @@
383	583	[NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
384	584	[NL80211_ATTR_WDEV] = { .type = NLA_U64 },
385	585	[NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
386		- [NL80211_ATTR_AUTH_DATA] = { .type = NLA_BINARY, },
387		- [NL80211_ATTR_VHT_CAPABILITY] = { .len = NL80211_VHT_CAPABILITY_LEN },
	586	+
	587	+ /* need to include at least Auth Transaction and Status Code */
	588	+ [NL80211_ATTR_AUTH_DATA] = NLA_POLICY_MIN_LEN(4),
	589	+
	590	+ [NL80211_ATTR_VHT_CAPABILITY] = NLA_POLICY_EXACT_LEN_WARN(NL80211_VHT_CAPABILITY_LEN),
388	591	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },
389		- [NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },
390		- [NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },
391		- [NL80211_ATTR_LOCAL_MESH_POWER_MODE] = {. type = NLA_U32 },
	592	+ [NL80211_ATTR_P2P_CTWINDOW] = NLA_POLICY_MAX(NLA_U8, 127),
	593	+ [NL80211_ATTR_P2P_OPPPS] = NLA_POLICY_MAX(NLA_U8, 1),
	594	+ [NL80211_ATTR_LOCAL_MESH_POWER_MODE] =
	595	+ NLA_POLICY_RANGE(NLA_U32,
	596	+ NL80211_MESH_POWER_UNKNOWN + 1,
	597	+ NL80211_MESH_POWER_MAX),
392	598	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },
393	599	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },
394	600	[NL80211_ATTR_STA_CAPABILITY] = { .type = NLA_U16 },
..	..	@@ -402,53 +608,63 @@
402	608	[NL80211_ATTR_IE_RIC] = { .type = NLA_BINARY,
403	609	.len = IEEE80211_MAX_DATA_LEN },
404	610	[NL80211_ATTR_CRIT_PROT_ID] = { .type = NLA_U16 },
405		- [NL80211_ATTR_MAX_CRIT_PROT_DURATION] = { .type = NLA_U16 },
406		- [NL80211_ATTR_PEER_AID] = { .type = NLA_U16 },
	611	+ [NL80211_ATTR_MAX_CRIT_PROT_DURATION] =
	612	+ NLA_POLICY_MAX(NLA_U16, NL80211_CRIT_PROTO_MAX_DURATION),
	613	+ [NL80211_ATTR_PEER_AID] =
	614	+ NLA_POLICY_RANGE(NLA_U16, 1, IEEE80211_MAX_AID),
407	615	[NL80211_ATTR_CH_SWITCH_COUNT] = { .type = NLA_U32 },
408	616	[NL80211_ATTR_CH_SWITCH_BLOCK_TX] = { .type = NLA_FLAG },
409	617	[NL80211_ATTR_CSA_IES] = { .type = NLA_NESTED },
410		- [NL80211_ATTR_CSA_C_OFF_BEACON] = { .type = NLA_BINARY },
411		- [NL80211_ATTR_CSA_C_OFF_PRESP] = { .type = NLA_BINARY },
412		- [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = { .type = NLA_BINARY },
413		- [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] = { .type = NLA_BINARY },
	618	+ [NL80211_ATTR_CNTDWN_OFFS_BEACON] = { .type = NLA_BINARY },
	619	+ [NL80211_ATTR_CNTDWN_OFFS_PRESP] = { .type = NLA_BINARY },
	620	+ [NL80211_ATTR_STA_SUPPORTED_CHANNELS] = NLA_POLICY_MIN_LEN(2),
	621	+ /*
	622	+ * The value of the Length field of the Supported Operating
	623	+ * Classes element is between 2 and 253.
	624	+ */
	625	+ [NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES] =
	626	+ NLA_POLICY_RANGE(NLA_BINARY, 2, 253),
414	627	[NL80211_ATTR_HANDLE_DFS] = { .type = NLA_FLAG },
415	628	[NL80211_ATTR_OPMODE_NOTIF] = { .type = NLA_U8 },
416	629	[NL80211_ATTR_VENDOR_ID] = { .type = NLA_U32 },
417	630	[NL80211_ATTR_VENDOR_SUBCMD] = { .type = NLA_U32 },
418	631	[NL80211_ATTR_VENDOR_DATA] = { .type = NLA_BINARY },
419		- [NL80211_ATTR_QOS_MAP] = { .type = NLA_BINARY,
420		- .len = IEEE80211_QOS_MAP_LEN_MAX },
421		- [NL80211_ATTR_MAC_HINT] = { .len = ETH_ALEN },
	632	+ [NL80211_ATTR_QOS_MAP] = NLA_POLICY_RANGE(NLA_BINARY,
	633	+ IEEE80211_QOS_MAP_LEN_MIN,
	634	+ IEEE80211_QOS_MAP_LEN_MAX),
	635	+ [NL80211_ATTR_MAC_HINT] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
422	636	[NL80211_ATTR_WIPHY_FREQ_HINT] = { .type = NLA_U32 },
423	637	[NL80211_ATTR_TDLS_PEER_CAPABILITY] = { .type = NLA_U32 },
424	638	[NL80211_ATTR_SOCKET_OWNER] = { .type = NLA_FLAG },
425	639	[NL80211_ATTR_CSA_C_OFFSETS_TX] = { .type = NLA_BINARY },
426	640	[NL80211_ATTR_USE_RRM] = { .type = NLA_FLAG },
427		- [NL80211_ATTR_TSID] = { .type = NLA_U8 },
428		- [NL80211_ATTR_USER_PRIO] = { .type = NLA_U8 },
	641	+ [NL80211_ATTR_TSID] = NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_TIDS - 1),
	642	+ [NL80211_ATTR_USER_PRIO] =
	643	+ NLA_POLICY_MAX(NLA_U8, IEEE80211_NUM_UPS - 1),
429	644	[NL80211_ATTR_ADMITTED_TIME] = { .type = NLA_U16 },
430	645	[NL80211_ATTR_SMPS_MODE] = { .type = NLA_U8 },
431	646	[NL80211_ATTR_OPER_CLASS] = { .type = NLA_U8 },
432		- [NL80211_ATTR_MAC_MASK] = { .len = ETH_ALEN },
	647	+ [NL80211_ATTR_MAC_MASK] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
433	648	[NL80211_ATTR_WIPHY_SELF_MANAGED_REG] = { .type = NLA_FLAG },
434	649	[NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 },
435	650	[NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 },
436	651	[NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG },
437	652	[NL80211_ATTR_PBSS] = { .type = NLA_FLAG },
438	653	[NL80211_ATTR_BSS_SELECT] = { .type = NLA_NESTED },
439		- [NL80211_ATTR_STA_SUPPORT_P2P_PS] = { .type = NLA_U8 },
	654	+ [NL80211_ATTR_STA_SUPPORT_P2P_PS] =
	655	+ NLA_POLICY_MAX(NLA_U8, NUM_NL80211_P2P_PS_STATUS - 1),
440	656	[NL80211_ATTR_MU_MIMO_GROUP_DATA] = {
441	657	.len = VHT_MUMIMO_GROUPS_DATA_LEN
442	658	},
443		- [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = { .len = ETH_ALEN },
444		- [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
	659	+ [NL80211_ATTR_MU_MIMO_FOLLOW_MAC_ADDR] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
	660	+ [NL80211_ATTR_NAN_MASTER_PREF] = NLA_POLICY_MIN(NLA_U8, 1),
445	661	[NL80211_ATTR_BANDS] = { .type = NLA_U32 },
446	662	[NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
447	663	[NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
448	664	.len = FILS_MAX_KEK_LEN },
449		- [NL80211_ATTR_FILS_NONCES] = { .len = 2 * FILS_NONCE_LEN },
	665	+ [NL80211_ATTR_FILS_NONCES] = NLA_POLICY_EXACT_LEN_WARN(2 * FILS_NONCE_LEN),
450	666	[NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED] = { .type = NLA_FLAG, },
451		- [NL80211_ATTR_BSSID] = { .len = ETH_ALEN },
	667	+ [NL80211_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
452	668	[NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI] = { .type = NLA_S8 },
453	669	[NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST] = {
454	670	.len = sizeof(struct nl80211_bss_select_rssi_adjust)
..	..	@@ -461,16 +677,52 @@
461	677	[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] = { .type = NLA_U16 },
462	678	[NL80211_ATTR_FILS_ERP_RRK] = { .type = NLA_BINARY,
463	679	.len = FILS_ERP_MAX_RRK_LEN },
464		- [NL80211_ATTR_FILS_CACHE_ID] = { .len = 2 },
	680	+ [NL80211_ATTR_FILS_CACHE_ID] = NLA_POLICY_EXACT_LEN_WARN(2),
465	681	[NL80211_ATTR_PMK] = { .type = NLA_BINARY, .len = PMK_MAX_LEN },
	682	+ [NL80211_ATTR_PMKR0_NAME] = NLA_POLICY_EXACT_LEN(WLAN_PMK_NAME_LEN),
466	683	[NL80211_ATTR_SCHED_SCAN_MULTI] = { .type = NLA_FLAG },
467	684	[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT] = { .type = NLA_FLAG },
468	685
469	686	[NL80211_ATTR_TXQ_LIMIT] = { .type = NLA_U32 },
470	687	[NL80211_ATTR_TXQ_MEMORY_LIMIT] = { .type = NLA_U32 },
471	688	[NL80211_ATTR_TXQ_QUANTUM] = { .type = NLA_U32 },
472		- [NL80211_ATTR_HE_CAPABILITY] = { .type = NLA_BINARY,
473		- .len = NL80211_HE_MAX_CAPABILITY_LEN },
	689	+ [NL80211_ATTR_HE_CAPABILITY] =
	690	+ NLA_POLICY_RANGE(NLA_BINARY,
	691	+ NL80211_HE_MIN_CAPABILITY_LEN,
	692	+ NL80211_HE_MAX_CAPABILITY_LEN),
	693	+ [NL80211_ATTR_FTM_RESPONDER] =
	694	+ NLA_POLICY_NESTED(nl80211_ftm_responder_policy),
	695	+ [NL80211_ATTR_TIMEOUT] = NLA_POLICY_MIN(NLA_U32, 1),
	696	+ [NL80211_ATTR_PEER_MEASUREMENTS] =
	697	+ NLA_POLICY_NESTED(nl80211_pmsr_attr_policy),
	698	+ [NL80211_ATTR_AIRTIME_WEIGHT] = NLA_POLICY_MIN(NLA_U16, 1),
	699	+ [NL80211_ATTR_SAE_PASSWORD] = { .type = NLA_BINARY,
	700	+ .len = SAE_PASSWORD_MAX_LEN },
	701	+ [NL80211_ATTR_TWT_RESPONDER] = { .type = NLA_FLAG },
	702	+ [NL80211_ATTR_HE_OBSS_PD] = NLA_POLICY_NESTED(he_obss_pd_policy),
	703	+ [NL80211_ATTR_VLAN_ID] = NLA_POLICY_RANGE(NLA_U16, 1, VLAN_N_VID - 2),
	704	+ [NL80211_ATTR_HE_BSS_COLOR] = NLA_POLICY_NESTED(he_bss_color_policy),
	705	+ [NL80211_ATTR_TID_CONFIG] =
	706	+ NLA_POLICY_NESTED_ARRAY(nl80211_tid_config_attr_policy),
	707	+ [NL80211_ATTR_CONTROL_PORT_NO_PREAUTH] = { .type = NLA_FLAG },
	708	+ [NL80211_ATTR_PMK_LIFETIME] = NLA_POLICY_MIN(NLA_U32, 1),
	709	+ [NL80211_ATTR_PMK_REAUTH_THRESHOLD] = NLA_POLICY_RANGE(NLA_U8, 1, 100),
	710	+ [NL80211_ATTR_RECEIVE_MULTICAST] = { .type = NLA_FLAG },
	711	+ [NL80211_ATTR_WIPHY_FREQ_OFFSET] = NLA_POLICY_RANGE(NLA_U32, 0, 999),
	712	+ [NL80211_ATTR_SCAN_FREQ_KHZ] = { .type = NLA_NESTED },
	713	+ [NL80211_ATTR_HE_6GHZ_CAPABILITY] =
	714	+ NLA_POLICY_EXACT_LEN(sizeof(struct ieee80211_he_6ghz_capa)),
	715	+ [NL80211_ATTR_FILS_DISCOVERY] =
	716	+ NLA_POLICY_NESTED(nl80211_fils_discovery_policy),
	717	+ [NL80211_ATTR_UNSOL_BCAST_PROBE_RESP] =
	718	+ NLA_POLICY_NESTED(nl80211_unsol_bcast_probe_resp_policy),
	719	+ [NL80211_ATTR_S1G_CAPABILITY] =
	720	+ NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
	721	+ [NL80211_ATTR_S1G_CAPABILITY_MASK] =
	722	+ NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
	723	+ [NL80211_ATTR_SAE_PWE] =
	724	+ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
	725	+ NL80211_SAE_PWE_BOTH),
474	726	};
475	727
476	728	/* policy for the key attributes */
..	..	@@ -481,8 +733,9 @@
481	733	[NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
482	734	[NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
483	735	[NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
484		- [NL80211_KEY_TYPE] = { .type = NLA_U32 },
	736	+ [NL80211_KEY_TYPE] = NLA_POLICY_MAX(NLA_U32, NUM_NL80211_KEYTYPES - 1),
485	737	[NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
	738	+ [NL80211_KEY_MODE] = NLA_POLICY_RANGE(NLA_U8, 0, NL80211_KEY_SET_TX),
486	739	};
487	740
488	741	/* policy for the key default flags */
..	..	@@ -512,10 +765,10 @@
512	765	nl80211_wowlan_tcp_policy[NUM_NL80211_WOWLAN_TCP] = {
513	766	[NL80211_WOWLAN_TCP_SRC_IPV4] = { .type = NLA_U32 },
514	767	[NL80211_WOWLAN_TCP_DST_IPV4] = { .type = NLA_U32 },
515		- [NL80211_WOWLAN_TCP_DST_MAC] = { .len = ETH_ALEN },
	768	+ [NL80211_WOWLAN_TCP_DST_MAC] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
516	769	[NL80211_WOWLAN_TCP_SRC_PORT] = { .type = NLA_U16 },
517	770	[NL80211_WOWLAN_TCP_DST_PORT] = { .type = NLA_U16 },
518		- [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = { .len = 1 },
	771	+ [NL80211_WOWLAN_TCP_DATA_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
519	772	[NL80211_WOWLAN_TCP_DATA_PAYLOAD_SEQ] = {
520	773	.len = sizeof(struct nl80211_wowlan_tcp_data_seq)
521	774	},
..	..	@@ -523,8 +776,8 @@
523	776	.len = sizeof(struct nl80211_wowlan_tcp_data_token)
524	777	},
525	778	[NL80211_WOWLAN_TCP_DATA_INTERVAL] = { .type = NLA_U32 },
526		- [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = { .len = 1 },
527		- [NL80211_WOWLAN_TCP_WAKE_MASK] = { .len = 1 },
	779	+ [NL80211_WOWLAN_TCP_WAKE_PAYLOAD] = NLA_POLICY_MIN_LEN(1),
	780	+ [NL80211_WOWLAN_TCP_WAKE_MASK] = NLA_POLICY_MIN_LEN(1),
528	781	};
529	782	#endif /* CONFIG_PM */
530	783
..	..	@@ -532,25 +785,44 @@
532	785	static const struct nla_policy
533	786	nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = {
534	787	[NL80211_ATTR_COALESCE_RULE_DELAY] = { .type = NLA_U32 },
535		- [NL80211_ATTR_COALESCE_RULE_CONDITION] = { .type = NLA_U32 },
	788	+ [NL80211_ATTR_COALESCE_RULE_CONDITION] =
	789	+ NLA_POLICY_RANGE(NLA_U32,
	790	+ NL80211_COALESCE_CONDITION_MATCH,
	791	+ NL80211_COALESCE_CONDITION_NO_MATCH),
536	792	[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN] = { .type = NLA_NESTED },
537	793	};
538	794
539	795	/* policy for GTK rekey offload attributes */
540	796	static const struct nla_policy
541	797	nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
542		- [NL80211_REKEY_DATA_KEK] = { .type = NLA_BINARY,
543		- .len = FILS_MAX_KEK_LEN },
544		- [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
545		- [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
	798	+ [NL80211_REKEY_DATA_KEK] = {
	799	+ .type = NLA_BINARY,
	800	+ .len = NL80211_KEK_EXT_LEN
	801	+ },
	802	+ [NL80211_REKEY_DATA_KCK] = {
	803	+ .type = NLA_BINARY,
	804	+ .len = NL80211_KCK_EXT_LEN
	805	+ },
	806	+ [NL80211_REKEY_DATA_REPLAY_CTR] = NLA_POLICY_EXACT_LEN(NL80211_REPLAY_CTR_LEN),
	807	+ [NL80211_REKEY_DATA_AKM] = { .type = NLA_U32 },
	808	+};
	809	+
	810	+static const struct nla_policy
	811	+nl80211_match_band_rssi_policy[NUM_NL80211_BANDS] = {
	812	+ [NL80211_BAND_2GHZ] = { .type = NLA_S32 },
	813	+ [NL80211_BAND_5GHZ] = { .type = NLA_S32 },
	814	+ [NL80211_BAND_6GHZ] = { .type = NLA_S32 },
	815	+ [NL80211_BAND_60GHZ] = { .type = NLA_S32 },
546	816	};
547	817
548	818	static const struct nla_policy
549	819	nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
550	820	[NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
551	821	.len = IEEE80211_MAX_SSID_LEN },
552		- [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = { .len = ETH_ALEN },
	822	+ [NL80211_SCHED_SCAN_MATCH_ATTR_BSSID] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
553	823	[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
	824	+ [NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI] =
	825	+ NLA_POLICY_NESTED(nl80211_match_band_rssi_policy),
554	826	};
555	827
556	828	static const struct nla_policy
..	..	@@ -571,7 +843,8 @@
571	843	/* policy for NAN function attributes */
572	844	static const struct nla_policy
573	845	nl80211_nan_func_policy[NL80211_NAN_FUNC_ATTR_MAX + 1] = {
574		- [NL80211_NAN_FUNC_TYPE] = { .type = NLA_U8 },
	846	+ [NL80211_NAN_FUNC_TYPE] =
	847	+ NLA_POLICY_MAX(NLA_U8, NL80211_NAN_FUNC_MAX_TYPE),
575	848	[NL80211_NAN_FUNC_SERVICE_ID] = {
576	849	.len = NL80211_NAN_FUNC_SERVICE_ID_LEN },
577	850	[NL80211_NAN_FUNC_PUBLISH_TYPE] = { .type = NLA_U8 },
..	..	@@ -579,7 +852,7 @@
579	852	[NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE] = { .type = NLA_FLAG },
580	853	[NL80211_NAN_FUNC_FOLLOW_UP_ID] = { .type = NLA_U8 },
581	854	[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] = { .type = NLA_U8 },
582		- [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = { .len = ETH_ALEN },
	855	+ [NL80211_NAN_FUNC_FOLLOW_UP_DEST] = NLA_POLICY_EXACT_LEN_WARN(ETH_ALEN),
583	856	[NL80211_NAN_FUNC_CLOSE_RANGE] = { .type = NLA_FLAG },
584	857	[NL80211_NAN_FUNC_TTL] = { .type = NLA_U32 },
585	858	[NL80211_NAN_FUNC_SERVICE_INFO] = { .type = NLA_BINARY,
..	..	@@ -609,23 +882,32 @@
609	882	[NL80211_PKTPAT_OFFSET] = { .type = NLA_U32 },
610	883	};
611	884
612		-static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
613		- struct netlink_callback *cb,
614		- struct cfg80211_registered_device **rdev,
615		- struct wireless_dev **wdev)
	885	+int nl80211_prepare_wdev_dump(struct netlink_callback *cb,
	886	+ struct cfg80211_registered_device **rdev,
	887	+ struct wireless_dev **wdev)
616	888	{
617	889	int err;
618	890
619	891	if (!cb->args[0]) {
620		- err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
621		- genl_family_attrbuf(&nl80211_fam),
622		- nl80211_fam.maxattr, nl80211_policy, NULL);
623		- if (err)
624		- return err;
	892	+ struct nlattr **attrbuf;
625	893
626		- *wdev = __cfg80211_wdev_from_attrs(
627		- sock_net(skb->sk),
628		- genl_family_attrbuf(&nl80211_fam));
	894	+ attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
	895	+ GFP_KERNEL);
	896	+ if (!attrbuf)
	897	+ return -ENOMEM;
	898	+
	899	+ err = nlmsg_parse_deprecated(cb->nlh,
	900	+ GENL_HDRLEN + nl80211_fam.hdrsize,
	901	+ attrbuf, nl80211_fam.maxattr,
	902	+ nl80211_policy, NULL);
	903	+ if (err) {
	904	+ kfree(attrbuf);
	905	+ return err;
	906	+ }
	907	+
	908	+ *wdev = __cfg80211_wdev_from_attrs(sock_net(cb->skb->sk),
	909	+ attrbuf);
	910	+ kfree(attrbuf);
629	911	if (IS_ERR(*wdev))
630	912	return PTR_ERR(*wdev);
631	913	rdev = wiphy_to_rdev((wdev)->wiphy);
..	..	@@ -656,39 +938,9 @@
656	938	return 0;
657	939	}
658	940
659		-/* IE validation */
660		-static bool is_valid_ie_attr(const struct nlattr *attr)
661		-{
662		- const u8 *pos;
663		- int len;
664		-
665		- if (!attr)
666		- return true;
667		-
668		- pos = nla_data(attr);
669		- len = nla_len(attr);
670		-
671		- while (len) {
672		- u8 elemlen;
673		-
674		- if (len < 2)
675		- return false;
676		- len -= 2;
677		-
678		- elemlen = pos[1];
679		- if (elemlen > len)
680		- return false;
681		-
682		- len -= elemlen;
683		- pos += 2 + elemlen;
684		- }
685		-
686		- return true;
687		-}
688		-
689	941	/* message building helper */
690		-static inline void nl80211hdr_put(struct sk_buff skb, u32 portid, u32 seq,
691		- int flags, u8 cmd)
	942	+void nl80211hdr_put(struct sk_buff skb, u32 portid, u32 seq,
	943	+ int flags, u8 cmd)
692	944	{
693	945	/* since there is no private header just add the generic one */
694	946	return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
..	..	@@ -699,13 +951,13 @@
699	951	{
700	952	int j;
701	953	struct nlattr *nl_wmm_rules =
702		- nla_nest_start(msg, NL80211_FREQUENCY_ATTR_WMM);
	954	+ nla_nest_start_noflag(msg, NL80211_FREQUENCY_ATTR_WMM);
703	955
704	956	if (!nl_wmm_rules)
705	957	goto nla_put_failure;
706	958
707	959	for (j = 0; j < IEEE80211_NUM_ACS; j++) {
708		- struct nlattr *nl_wmm_rule = nla_nest_start(msg, j);
	960	+ struct nlattr *nl_wmm_rule = nla_nest_start_noflag(msg, j);
709	961
710	962	if (!nl_wmm_rule)
711	963	goto nla_put_failure;
..	..	@@ -740,9 +992,14 @@
740	992	if (!large && chan->flags &
741	993	(IEEE80211_CHAN_NO_10MHZ \| IEEE80211_CHAN_NO_20MHZ))
742	994	return 0;
	995	+ if (!large && chan->freq_offset)
	996	+ return 0;
743	997
744	998	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
745	999	chan->center_freq))
	1000	+ goto nla_put_failure;
	1001	+
	1002	+ if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_OFFSET, chan->freq_offset))
746	1003	goto nla_put_failure;
747	1004
748	1005	if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
..	..	@@ -800,6 +1057,24 @@
800	1057	if ((chan->flags & IEEE80211_CHAN_NO_10MHZ) &&
801	1058	nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_10MHZ))
802	1059	goto nla_put_failure;
	1060	+ if ((chan->flags & IEEE80211_CHAN_NO_HE) &&
	1061	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_HE))
	1062	+ goto nla_put_failure;
	1063	+ if ((chan->flags & IEEE80211_CHAN_1MHZ) &&
	1064	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_1MHZ))
	1065	+ goto nla_put_failure;
	1066	+ if ((chan->flags & IEEE80211_CHAN_2MHZ) &&
	1067	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_2MHZ))
	1068	+ goto nla_put_failure;
	1069	+ if ((chan->flags & IEEE80211_CHAN_4MHZ) &&
	1070	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_4MHZ))
	1071	+ goto nla_put_failure;
	1072	+ if ((chan->flags & IEEE80211_CHAN_8MHZ) &&
	1073	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_8MHZ))
	1074	+ goto nla_put_failure;
	1075	+ if ((chan->flags & IEEE80211_CHAN_16MHZ) &&
	1076	+ nla_put_flag(msg, NL80211_FREQUENCY_ATTR_16MHZ))
	1077	+ goto nla_put_failure;
803	1078	}
804	1079
805	1080	if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
..	..	@@ -834,7 +1109,7 @@
834	1109	return false; \
835	1110	} while (0)
836	1111
837		- txqattr = nla_nest_start(msg, attrtype);
	1112	+ txqattr = nla_nest_start_noflag(msg, attrtype);
838	1113	if (!txqattr)
839	1114	return false;
840	1115
..	..	@@ -869,8 +1144,9 @@
869	1144	struct key_parse *k)
870	1145	{
871	1146	struct nlattr *tb[NL80211_KEY_MAX + 1];
872		- int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
873		- nl80211_key_policy, info->extack);
	1147	+ int err = nla_parse_nested_deprecated(tb, NL80211_KEY_MAX, key,
	1148	+ nl80211_key_policy,
	1149	+ info->extack);
874	1150	if (err)
875	1151	return err;
876	1152
..	..	@@ -901,26 +1177,26 @@
901	1177	if (tb[NL80211_KEY_CIPHER])
902	1178	k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
903	1179
904		- if (tb[NL80211_KEY_TYPE]) {
	1180	+ if (tb[NL80211_KEY_TYPE])
905	1181	k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
906		- if (k->type < 0 \|\| k->type >= NUM_NL80211_KEYTYPES)
907		- return genl_err_attr(info, -EINVAL,
908		- tb[NL80211_KEY_TYPE]);
909		- }
910	1182
911	1183	if (tb[NL80211_KEY_DEFAULT_TYPES]) {
912	1184	struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
913	1185
914		- err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
915		- tb[NL80211_KEY_DEFAULT_TYPES],
916		- nl80211_key_default_policy,
917		- info->extack);
	1186	+ err = nla_parse_nested_deprecated(kdt,
	1187	+ NUM_NL80211_KEY_DEFAULT_TYPES - 1,
	1188	+ tb[NL80211_KEY_DEFAULT_TYPES],
	1189	+ nl80211_key_default_policy,
	1190	+ info->extack);
918	1191	if (err)
919	1192	return err;
920	1193
921	1194	k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
922	1195	k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
923	1196	}
	1197	+
	1198	+ if (tb[NL80211_KEY_MODE])
	1199	+ k->p.mode = nla_get_u8(tb[NL80211_KEY_MODE]);
924	1200
925	1201	return 0;
926	1202	}
..	..	@@ -953,21 +1229,16 @@
953	1229	if (k->defmgmt)
954	1230	k->def_multi = true;
955	1231
956		- if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
	1232	+ if (info->attrs[NL80211_ATTR_KEY_TYPE])
957	1233	k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
958		- if (k->type < 0 \|\| k->type >= NUM_NL80211_KEYTYPES) {
959		- GENL_SET_ERR_MSG(info, "key type out of range");
960		- return -EINVAL;
961		- }
962		- }
963	1234
964	1235	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
965	1236	struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
966		- int err = nla_parse_nested(kdt,
967		- NUM_NL80211_KEY_DEFAULT_TYPES - 1,
968		- info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
969		- nl80211_key_default_policy,
970		- info->extack);
	1237	+ int err = nla_parse_nested_deprecated(kdt,
	1238	+ NUM_NL80211_KEY_DEFAULT_TYPES - 1,
	1239	+ info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
	1240	+ nl80211_key_default_policy,
	1241	+ info->extack);
971	1242	if (err)
972	1243	return err;
973	1244
..	..	@@ -1151,13 +1422,11 @@
1151	1422	}
1152	1423
1153	1424	static struct ieee80211_channel nl80211_get_valid_chan(struct wiphy wiphy,
1154		- struct nlattr *tb)
	1425	+ u32 freq)
1155	1426	{
1156	1427	struct ieee80211_channel *chan;
1157	1428
1158		- if (tb == NULL)
1159		- return NULL;
1160		- chan = ieee80211_get_channel(wiphy, nla_get_u32(tb));
	1429	+ chan = ieee80211_get_channel_khz(wiphy, freq);
1161	1430	if (!chan \|\| chan->flags & IEEE80211_CHAN_DISABLED)
1162	1431	return NULL;
1163	1432	return chan;
..	..	@@ -1165,7 +1434,7 @@
1165	1434
1166	1435	static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
1167	1436	{
1168		- struct nlattr *nl_modes = nla_nest_start(msg, attr);
	1437	+ struct nlattr *nl_modes = nla_nest_start_noflag(msg, attr);
1169	1438	int i;
1170	1439
1171	1440	if (!nl_modes)
..	..	@@ -1193,8 +1462,8 @@
1193	1462	struct nlattr *nl_combis;
1194	1463	int i, j;
1195	1464
1196		- nl_combis = nla_nest_start(msg,
1197		- NL80211_ATTR_INTERFACE_COMBINATIONS);
	1465	+ nl_combis = nla_nest_start_noflag(msg,
	1466	+ NL80211_ATTR_INTERFACE_COMBINATIONS);
1198	1467	if (!nl_combis)
1199	1468	goto nla_put_failure;
1200	1469
..	..	@@ -1204,18 +1473,19 @@
1204	1473
1205	1474	c = &wiphy->iface_combinations[i];
1206	1475
1207		- nl_combi = nla_nest_start(msg, i + 1);
	1476	+ nl_combi = nla_nest_start_noflag(msg, i + 1);
1208	1477	if (!nl_combi)
1209	1478	goto nla_put_failure;
1210	1479
1211		- nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
	1480	+ nl_limits = nla_nest_start_noflag(msg,
	1481	+ NL80211_IFACE_COMB_LIMITS);
1212	1482	if (!nl_limits)
1213	1483	goto nla_put_failure;
1214	1484
1215	1485	for (j = 0; j < c->n_limits; j++) {
1216	1486	struct nlattr *nl_limit;
1217	1487
1218		- nl_limit = nla_nest_start(msg, j + 1);
	1488	+ nl_limit = nla_nest_start_noflag(msg, j + 1);
1219	1489	if (!nl_limit)
1220	1490	goto nla_put_failure;
1221	1491	if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
..	..	@@ -1268,7 +1538,8 @@
1268	1538	if (!tcp)
1269	1539	return 0;
1270	1540
1271		- nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
	1541	+ nl_tcp = nla_nest_start_noflag(msg,
	1542	+ NL80211_WOWLAN_TRIG_TCP_CONNECTION);
1272	1543	if (!nl_tcp)
1273	1544	return -ENOBUFS;
1274	1545
..	..	@@ -1308,7 +1579,8 @@
1308	1579	if (!rdev->wiphy.wowlan)
1309	1580	return 0;
1310	1581
1311		- nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
	1582	+ nl_wowlan = nla_nest_start_noflag(msg,
	1583	+ NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
1312	1584	if (!nl_wowlan)
1313	1585	return -ENOBUFS;
1314	1586
..	..	@@ -1380,6 +1652,7 @@
1380	1652
1381	1653	static int
1382	1654	nl80211_send_iftype_data(struct sk_buff *msg,
	1655	+ const struct ieee80211_supported_band *sband,
1383	1656	const struct ieee80211_sband_iftype_data *iftdata)
1384	1657	{
1385	1658	const struct ieee80211_sta_he_cap *he_cap = &iftdata->he_cap;
..	..	@@ -1403,11 +1676,18 @@
1403	1676	return -ENOBUFS;
1404	1677	}
1405	1678
	1679	+ if (sband->band == NL80211_BAND_6GHZ &&
	1680	+ nla_put(msg, NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA,
	1681	+ sizeof(iftdata->he_6ghz_capa),
	1682	+ &iftdata->he_6ghz_capa))
	1683	+ return -ENOBUFS;
	1684	+
1406	1685	return 0;
1407	1686	}
1408	1687
1409	1688	static int nl80211_send_band_rateinfo(struct sk_buff *msg,
1410		- struct ieee80211_supported_band *sband)
	1689	+ struct ieee80211_supported_band *sband,
	1690	+ bool large)
1411	1691	{
1412	1692	struct nlattr nl_rates, nl_rate;
1413	1693	struct ieee80211_rate *rate;
..	..	@@ -1435,9 +1715,10 @@
1435	1715	sband->vht_cap.cap)))
1436	1716	return -ENOBUFS;
1437	1717
1438		- if (sband->n_iftype_data) {
	1718	+ if (large && sband->n_iftype_data) {
1439	1719	struct nlattr *nl_iftype_data =
1440		- nla_nest_start(msg, NL80211_BAND_ATTR_IFTYPE_DATA);
	1720	+ nla_nest_start_noflag(msg,
	1721	+ NL80211_BAND_ATTR_IFTYPE_DATA);
1441	1722	int err;
1442	1723
1443	1724	if (!nl_iftype_data)
..	..	@@ -1446,11 +1727,11 @@
1446	1727	for (i = 0; i < sband->n_iftype_data; i++) {
1447	1728	struct nlattr *iftdata;
1448	1729
1449		- iftdata = nla_nest_start(msg, i + 1);
	1730	+ iftdata = nla_nest_start_noflag(msg, i + 1);
1450	1731	if (!iftdata)
1451	1732	return -ENOBUFS;
1452	1733
1453		- err = nl80211_send_iftype_data(msg,
	1734	+ err = nl80211_send_iftype_data(msg, sband,
1454	1735	&sband->iftype_data[i]);
1455	1736	if (err)
1456	1737	return err;
..	..	@@ -1462,7 +1743,7 @@
1462	1743	}
1463	1744
1464	1745	/* add EDMG info */
1465		- if (sband->edmg_cap.channels &&
	1746	+ if (large && sband->edmg_cap.channels &&
1466	1747	(nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_CHANNELS,
1467	1748	sband->edmg_cap.channels) \|\|
1468	1749	nla_put_u8(msg, NL80211_BAND_ATTR_EDMG_BW_CONFIG,
..	..	@@ -1471,12 +1752,12 @@
1471	1752	return -ENOBUFS;
1472	1753
1473	1754	/* add bitrates */
1474		- nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
	1755	+ nl_rates = nla_nest_start_noflag(msg, NL80211_BAND_ATTR_RATES);
1475	1756	if (!nl_rates)
1476	1757	return -ENOBUFS;
1477	1758
1478	1759	for (i = 0; i < sband->n_bitrates; i++) {
1479		- nl_rate = nla_nest_start(msg, i);
	1760	+ nl_rate = nla_nest_start_noflag(msg, i);
1480	1761	if (!nl_rate)
1481	1762	return -ENOBUFS;
1482	1763
..	..	@@ -1509,12 +1790,12 @@
1509	1790	if (!mgmt_stypes)
1510	1791	return 0;
1511	1792
1512		- nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
	1793	+ nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_TX_FRAME_TYPES);
1513	1794	if (!nl_ifs)
1514	1795	return -ENOBUFS;
1515	1796
1516	1797	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1517		- nl_ftypes = nla_nest_start(msg, ift);
	1798	+ nl_ftypes = nla_nest_start_noflag(msg, ift);
1518	1799	if (!nl_ftypes)
1519	1800	return -ENOBUFS;
1520	1801	i = 0;
..	..	@@ -1532,12 +1813,12 @@
1532	1813
1533	1814	nla_nest_end(msg, nl_ifs);
1534	1815
1535		- nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
	1816	+ nl_ifs = nla_nest_start_noflag(msg, NL80211_ATTR_RX_FRAME_TYPES);
1536	1817	if (!nl_ifs)
1537	1818	return -ENOBUFS;
1538	1819
1539	1820	for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
1540		- nl_ftypes = nla_nest_start(msg, ift);
	1821	+ nl_ftypes = nla_nest_start_noflag(msg, ift);
1541	1822	if (!nl_ftypes)
1542	1823	return -ENOBUFS;
1543	1824	i = 0;
..	..	@@ -1647,6 +1928,97 @@
1647	1928	}
1648	1929
1649	1930	static int
	1931	+nl80211_send_pmsr_ftm_capa(const struct cfg80211_pmsr_capabilities *cap,
	1932	+ struct sk_buff *msg)
	1933	+{
	1934	+ struct nlattr *ftm;
	1935	+
	1936	+ if (!cap->ftm.supported)
	1937	+ return 0;
	1938	+
	1939	+ ftm = nla_nest_start_noflag(msg, NL80211_PMSR_TYPE_FTM);
	1940	+ if (!ftm)
	1941	+ return -ENOBUFS;
	1942	+
	1943	+ if (cap->ftm.asap && nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_ASAP))
	1944	+ return -ENOBUFS;
	1945	+ if (cap->ftm.non_asap &&
	1946	+ nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_ASAP))
	1947	+ return -ENOBUFS;
	1948	+ if (cap->ftm.request_lci &&
	1949	+ nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_LCI))
	1950	+ return -ENOBUFS;
	1951	+ if (cap->ftm.request_civicloc &&
	1952	+ nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_REQ_CIVICLOC))
	1953	+ return -ENOBUFS;
	1954	+ if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_PREAMBLES,
	1955	+ cap->ftm.preambles))
	1956	+ return -ENOBUFS;
	1957	+ if (nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_BANDWIDTHS,
	1958	+ cap->ftm.bandwidths))
	1959	+ return -ENOBUFS;
	1960	+ if (cap->ftm.max_bursts_exponent >= 0 &&
	1961	+ nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_BURSTS_EXPONENT,
	1962	+ cap->ftm.max_bursts_exponent))
	1963	+ return -ENOBUFS;
	1964	+ if (cap->ftm.max_ftms_per_burst &&
	1965	+ nla_put_u32(msg, NL80211_PMSR_FTM_CAPA_ATTR_MAX_FTMS_PER_BURST,
	1966	+ cap->ftm.max_ftms_per_burst))
	1967	+ return -ENOBUFS;
	1968	+ if (cap->ftm.trigger_based &&
	1969	+ nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_TRIGGER_BASED))
	1970	+ return -ENOBUFS;
	1971	+ if (cap->ftm.non_trigger_based &&
	1972	+ nla_put_flag(msg, NL80211_PMSR_FTM_CAPA_ATTR_NON_TRIGGER_BASED))
	1973	+ return -ENOBUFS;
	1974	+
	1975	+ nla_nest_end(msg, ftm);
	1976	+ return 0;
	1977	+}
	1978	+
	1979	+static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
	1980	+ struct sk_buff *msg)
	1981	+{
	1982	+ const struct cfg80211_pmsr_capabilities *cap = rdev->wiphy.pmsr_capa;
	1983	+ struct nlattr pmsr, caps;
	1984	+
	1985	+ if (!cap)
	1986	+ return 0;
	1987	+
	1988	+ /*
	1989	+ * we don't need to clean up anything here since the caller
	1990	+ * will genlmsg_cancel() if we fail
	1991	+ */
	1992	+
	1993	+ pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
	1994	+ if (!pmsr)
	1995	+ return -ENOBUFS;
	1996	+
	1997	+ if (nla_put_u32(msg, NL80211_PMSR_ATTR_MAX_PEERS, cap->max_peers))
	1998	+ return -ENOBUFS;
	1999	+
	2000	+ if (cap->report_ap_tsf &&
	2001	+ nla_put_flag(msg, NL80211_PMSR_ATTR_REPORT_AP_TSF))
	2002	+ return -ENOBUFS;
	2003	+
	2004	+ if (cap->randomize_mac_addr &&
	2005	+ nla_put_flag(msg, NL80211_PMSR_ATTR_RANDOMIZE_MAC_ADDR))
	2006	+ return -ENOBUFS;
	2007	+
	2008	+ caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
	2009	+ if (!caps)
	2010	+ return -ENOBUFS;
	2011	+
	2012	+ if (nl80211_send_pmsr_ftm_capa(cap, msg))
	2013	+ return -ENOBUFS;
	2014	+
	2015	+ nla_nest_end(msg, caps);
	2016	+ nla_nest_end(msg, pmsr);
	2017	+
	2018	+ return 0;
	2019	+}
	2020	+
	2021	+static int
1650	2022	nl80211_put_iftype_akm_suites(struct cfg80211_registered_device *rdev,
1651	2023	struct sk_buff *msg)
1652	2024	{
..	..	@@ -1684,6 +2056,48 @@
1684	2056	nla_nest_end(msg, nested);
1685	2057
1686	2058	return 0;
	2059	+}
	2060	+
	2061	+static int
	2062	+nl80211_put_tid_config_support(struct cfg80211_registered_device *rdev,
	2063	+ struct sk_buff *msg)
	2064	+{
	2065	+ struct nlattr *supp;
	2066	+
	2067	+ if (!rdev->wiphy.tid_config_support.vif &&
	2068	+ !rdev->wiphy.tid_config_support.peer)
	2069	+ return 0;
	2070	+
	2071	+ supp = nla_nest_start(msg, NL80211_ATTR_TID_CONFIG);
	2072	+ if (!supp)
	2073	+ return -ENOSPC;
	2074	+
	2075	+ if (rdev->wiphy.tid_config_support.vif &&
	2076	+ nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_VIF_SUPP,
	2077	+ rdev->wiphy.tid_config_support.vif,
	2078	+ NL80211_TID_CONFIG_ATTR_PAD))
	2079	+ goto fail;
	2080	+
	2081	+ if (rdev->wiphy.tid_config_support.peer &&
	2082	+ nla_put_u64_64bit(msg, NL80211_TID_CONFIG_ATTR_PEER_SUPP,
	2083	+ rdev->wiphy.tid_config_support.peer,
	2084	+ NL80211_TID_CONFIG_ATTR_PAD))
	2085	+ goto fail;
	2086	+
	2087	+ /* for now we just use the same value ... makes more sense */
	2088	+ if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_SHORT,
	2089	+ rdev->wiphy.tid_config_support.max_retry))
	2090	+ goto fail;
	2091	+ if (nla_put_u8(msg, NL80211_TID_CONFIG_ATTR_RETRY_LONG,
	2092	+ rdev->wiphy.tid_config_support.max_retry))
	2093	+ goto fail;
	2094	+
	2095	+ nla_nest_end(msg, supp);
	2096	+
	2097	+ return 0;
	2098	+fail:
	2099	+ nla_nest_cancel(msg, supp);
	2100	+ return -ENOBUFS;
1687	2101	}
1688	2102
1689	2103	struct nl80211_dump_wiphy_state {
..	..	@@ -1747,13 +2161,7 @@
1747	2161	nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
1748	2162	rdev->wiphy.max_sched_scan_ie_len) \|\|
1749	2163	nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
1750		- rdev->wiphy.max_match_sets) \|\|
1751		- nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
1752		- rdev->wiphy.max_sched_scan_plans) \|\|
1753		- nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
1754		- rdev->wiphy.max_sched_scan_plan_interval) \|\|
1755		- nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
1756		- rdev->wiphy.max_sched_scan_plan_iterations))
	2164	+ rdev->wiphy.max_match_sets))
1757	2165	goto nla_put_failure;
1758	2166
1759	2167	if ((rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
..	..	@@ -1777,6 +2185,7 @@
1777	2185	state->split_start++;
1778	2186	if (state->split)
1779	2187	break;
	2188	+ fallthrough;
1780	2189	case 1:
1781	2190	if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
1782	2191	sizeof(u32) * rdev->wiphy.n_cipher_suites,
..	..	@@ -1823,6 +2232,7 @@
1823	2232	state->split_start++;
1824	2233	if (state->split)
1825	2234	break;
	2235	+ fallthrough;
1826	2236	case 2:
1827	2237	if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
1828	2238	rdev->wiphy.interface_modes))
..	..	@@ -1830,8 +2240,10 @@
1830	2240	state->split_start++;
1831	2241	if (state->split)
1832	2242	break;
	2243	+ fallthrough;
1833	2244	case 3:
1834		- nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
	2245	+ nl_bands = nla_nest_start_noflag(msg,
	2246	+ NL80211_ATTR_WIPHY_BANDS);
1835	2247	if (!nl_bands)
1836	2248	goto nla_put_failure;
1837	2249
..	..	@@ -1839,33 +2251,40 @@
1839	2251	band < NUM_NL80211_BANDS; band++) {
1840	2252	struct ieee80211_supported_band *sband;
1841	2253
	2254	+ /* omit higher bands for ancient software */
	2255	+ if (band > NL80211_BAND_5GHZ && !state->split)
	2256	+ break;
	2257	+
1842	2258	sband = rdev->wiphy.bands[band];
1843	2259
1844	2260	if (!sband)
1845	2261	continue;
1846	2262
1847		- nl_band = nla_nest_start(msg, band);
	2263	+ nl_band = nla_nest_start_noflag(msg, band);
1848	2264	if (!nl_band)
1849	2265	goto nla_put_failure;
1850	2266
1851	2267	switch (state->chan_start) {
1852	2268	case 0:
1853		- if (nl80211_send_band_rateinfo(msg, sband))
	2269	+ if (nl80211_send_band_rateinfo(msg, sband,
	2270	+ state->split))
1854	2271	goto nla_put_failure;
1855	2272	state->chan_start++;
1856	2273	if (state->split)
1857	2274	break;
	2275	+ fallthrough;
1858	2276	default:
1859	2277	/* add frequencies */
1860		- nl_freqs = nla_nest_start(
1861		- msg, NL80211_BAND_ATTR_FREQS);
	2278	+ nl_freqs = nla_nest_start_noflag(msg,
	2279	+ NL80211_BAND_ATTR_FREQS);
1862	2280	if (!nl_freqs)
1863	2281	goto nla_put_failure;
1864	2282
1865	2283	for (i = state->chan_start - 1;
1866	2284	i < sband->n_channels;
1867	2285	i++) {
1868		- nl_freq = nla_nest_start(msg, i);
	2286	+ nl_freq = nla_nest_start_noflag(msg,
	2287	+ i);
1869	2288	if (!nl_freq)
1870	2289	goto nla_put_failure;
1871	2290
..	..	@@ -1908,8 +2327,10 @@
1908	2327	state->split_start++;
1909	2328	if (state->split)
1910	2329	break;
	2330	+ fallthrough;
1911	2331	case 4:
1912		- nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
	2332	+ nl_cmds = nla_nest_start_noflag(msg,
	2333	+ NL80211_ATTR_SUPPORTED_COMMANDS);
1913	2334	if (!nl_cmds)
1914	2335	goto nla_put_failure;
1915	2336
..	..	@@ -1927,6 +2348,7 @@
1927	2348	CMD(add_tx_ts, ADD_TX_TS);
1928	2349	CMD(set_multicast_to_unicast, SET_MULTICAST_TO_UNICAST);
1929	2350	CMD(update_connect_params, UPDATE_CONNECT_PARAMS);
	2351	+ CMD(update_ft_ies, UPDATE_FT_IES);
1930	2352	}
1931	2353	#undef CMD
1932	2354
..	..	@@ -1934,6 +2356,7 @@
1934	2356	state->split_start++;
1935	2357	if (state->split)
1936	2358	break;
	2359	+ fallthrough;
1937	2360	case 5:
1938	2361	if (rdev->ops->remain_on_channel &&
1939	2362	(rdev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
..	..	@@ -1946,11 +2369,10 @@
1946	2369	nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
1947	2370	goto nla_put_failure;
1948	2371
1949		- if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
1950		- goto nla_put_failure;
1951	2372	state->split_start++;
1952	2373	if (state->split)
1953	2374	break;
	2375	+ fallthrough;
1954	2376	case 6:
1955	2377	#ifdef CONFIG_PM
1956	2378	if (nl80211_send_wowlan(msg, rdev, state->split))
..	..	@@ -1961,6 +2383,7 @@
1961	2383	#else
1962	2384	state->split_start++;
1963	2385	#endif
	2386	+ fallthrough;
1964	2387	case 7:
1965	2388	if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
1966	2389	rdev->wiphy.software_iftypes))
..	..	@@ -1973,6 +2396,7 @@
1973	2396	state->split_start++;
1974	2397	if (state->split)
1975	2398	break;
	2399	+ fallthrough;
1976	2400	case 8:
1977	2401	if ((rdev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
1978	2402	nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
..	..	@@ -2018,6 +2442,17 @@
2018	2442	state->split_start = 0;
2019	2443	break;
2020	2444	case 9:
	2445	+ if (nl80211_send_mgmt_stypes(msg, mgmt_stypes))
	2446	+ goto nla_put_failure;
	2447	+
	2448	+ if (nla_put_u32(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS,
	2449	+ rdev->wiphy.max_sched_scan_plans) \|\|
	2450	+ nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL,
	2451	+ rdev->wiphy.max_sched_scan_plan_interval) \|\|
	2452	+ nla_put_u32(msg, NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS,
	2453	+ rdev->wiphy.max_sched_scan_plan_iterations))
	2454	+ goto nla_put_failure;
	2455	+
2021	2456	if (rdev->wiphy.extended_capabilities &&
2022	2457	(nla_put(msg, NL80211_ATTR_EXT_CAPA,
2023	2458	rdev->wiphy.extended_capabilities_len,
..	..	@@ -2032,6 +2467,30 @@
2032	2467	sizeof(*rdev->wiphy.vht_capa_mod_mask),
2033	2468	rdev->wiphy.vht_capa_mod_mask))
2034	2469	goto nla_put_failure;
	2470	+
	2471	+ if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
	2472	+ rdev->wiphy.perm_addr))
	2473	+ goto nla_put_failure;
	2474	+
	2475	+ if (!is_zero_ether_addr(rdev->wiphy.addr_mask) &&
	2476	+ nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
	2477	+ rdev->wiphy.addr_mask))
	2478	+ goto nla_put_failure;
	2479	+
	2480	+ if (rdev->wiphy.n_addresses > 1) {
	2481	+ void *attr;
	2482	+
	2483	+ attr = nla_nest_start(msg, NL80211_ATTR_MAC_ADDRS);
	2484	+ if (!attr)
	2485	+ goto nla_put_failure;
	2486	+
	2487	+ for (i = 0; i < rdev->wiphy.n_addresses; i++)
	2488	+ if (nla_put(msg, i + 1, ETH_ALEN,
	2489	+ rdev->wiphy.addresses[i].addr))
	2490	+ goto nla_put_failure;
	2491	+
	2492	+ nla_nest_end(msg, attr);
	2493	+ }
2035	2494
2036	2495	state->split_start++;
2037	2496	break;
..	..	@@ -2056,7 +2515,8 @@
2056	2515	const struct nl80211_vendor_cmd_info *info;
2057	2516	struct nlattr *nested;
2058	2517
2059		- nested = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
	2518	+ nested = nla_nest_start_noflag(msg,
	2519	+ NL80211_ATTR_VENDOR_DATA);
2060	2520	if (!nested)
2061	2521	goto nla_put_failure;
2062	2522
..	..	@@ -2072,8 +2532,8 @@
2072	2532	const struct nl80211_vendor_cmd_info *info;
2073	2533	struct nlattr *nested;
2074	2534
2075		- nested = nla_nest_start(msg,
2076		- NL80211_ATTR_VENDOR_EVENTS);
	2535	+ nested = nla_nest_start_noflag(msg,
	2536	+ NL80211_ATTR_VENDOR_EVENTS);
2077	2537	if (!nested)
2078	2538	goto nla_put_failure;
2079	2539
..	..	@@ -2110,7 +2570,8 @@
2110	2570	struct nlattr *nested;
2111	2571	u32 bss_select_support = rdev->wiphy.bss_select_support;
2112	2572
2113		- nested = nla_nest_start(msg, NL80211_ATTR_BSS_SELECT);
	2573	+ nested = nla_nest_start_noflag(msg,
	2574	+ NL80211_ATTR_BSS_SELECT);
2114	2575	if (!nested)
2115	2576	goto nla_put_failure;
2116	2577
..	..	@@ -2132,8 +2593,8 @@
2132	2593	rdev->wiphy.iftype_ext_capab) {
2133	2594	struct nlattr nested_ext_capab, nested;
2134	2595
2135		- nested = nla_nest_start(msg,
2136		- NL80211_ATTR_IFTYPE_EXT_CAPA);
	2596	+ nested = nla_nest_start_noflag(msg,
	2597	+ NL80211_ATTR_IFTYPE_EXT_CAPA);
2137	2598	if (!nested)
2138	2599	goto nla_put_failure;
2139	2600
..	..	@@ -2143,7 +2604,8 @@
2143	2604
2144	2605	capab = &rdev->wiphy.iftype_ext_capab[i];
2145	2606
2146		- nested_ext_capab = nla_nest_start(msg, i);
	2607	+ nested_ext_capab = nla_nest_start_noflag(msg,
	2608	+ i);
2147	2609	if (!nested_ext_capab \|\|
2148	2610	nla_put_u32(msg, NL80211_ATTR_IFTYPE,
2149	2611	capab->iftype) \|\|
..	..	@@ -2192,7 +2654,25 @@
2192	2654	goto nla_put_failure;
2193	2655	}
2194	2656
	2657	+ state->split_start++;
	2658	+ break;
	2659	+ case 14:
	2660	+ if (nl80211_send_pmsr_capa(rdev, msg))
	2661	+ goto nla_put_failure;
	2662	+
	2663	+ state->split_start++;
	2664	+ break;
	2665	+ case 15:
	2666	+ if (rdev->wiphy.akm_suites &&
	2667	+ nla_put(msg, NL80211_ATTR_AKM_SUITES,
	2668	+ sizeof(u32) * rdev->wiphy.n_akm_suites,
	2669	+ rdev->wiphy.akm_suites))
	2670	+ goto nla_put_failure;
	2671	+
2195	2672	if (nl80211_put_iftype_akm_suites(rdev, msg))
	2673	+ goto nla_put_failure;
	2674	+
	2675	+ if (nl80211_put_tid_config_support(rdev, msg))
2196	2676	goto nla_put_failure;
2197	2677
2198	2678	/* done */
..	..	@@ -2212,12 +2692,21 @@
2212	2692	struct netlink_callback *cb,
2213	2693	struct nl80211_dump_wiphy_state *state)
2214	2694	{
2215		- struct nlattr **tb = genl_family_attrbuf(&nl80211_fam);
2216		- int ret = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, tb,
2217		- nl80211_fam.maxattr, nl80211_policy, NULL);
	2695	+ struct nlattr *tb = kcalloc(NUM_NL80211_ATTR, sizeof(tb), GFP_KERNEL);
	2696	+ int ret;
	2697	+
	2698	+ if (!tb)
	2699	+ return -ENOMEM;
	2700	+
	2701	+ ret = nlmsg_parse_deprecated(cb->nlh,
	2702	+ GENL_HDRLEN + nl80211_fam.hdrsize,
	2703	+ tb, nl80211_fam.maxattr,
	2704	+ nl80211_policy, NULL);
2218	2705	/* ignore parse errors for backward compatibility */
2219		- if (ret)
2220		- return 0;
	2706	+ if (ret) {
	2707	+ ret = 0;
	2708	+ goto out;
	2709	+ }
2221	2710
2222	2711	state->split = tb[NL80211_ATTR_SPLIT_WIPHY_DUMP];
2223	2712	if (tb[NL80211_ATTR_WIPHY])
..	..	@@ -2230,8 +2719,10 @@
2230	2719	int ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
2231	2720
2232	2721	netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2233		- if (!netdev)
2234		- return -ENODEV;
	2722	+ if (!netdev) {
	2723	+ ret = -ENODEV;
	2724	+ goto out;
	2725	+ }
2235	2726	if (netdev->ieee80211_ptr) {
2236	2727	rdev = wiphy_to_rdev(
2237	2728	netdev->ieee80211_ptr->wiphy);
..	..	@@ -2239,7 +2730,10 @@
2239	2730	}
2240	2731	}
2241	2732
2242		- return 0;
	2733	+ ret = 0;
	2734	+out:
	2735	+ kfree(tb);
	2736	+ return ret;
2243	2737	}
2244	2738
2245	2739	static int nl80211_dump_wiphy(struct sk_buff skb, struct netlink_callback cb)
..	..	@@ -2395,33 +2889,41 @@
2395	2889	wdev->iftype == NL80211_IFTYPE_P2P_GO;
2396	2890	}
2397	2891
2398		-static int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
2399		- struct genl_info *info,
2400		- struct cfg80211_chan_def *chandef)
	2892	+int nl80211_parse_chandef(struct cfg80211_registered_device *rdev,
	2893	+ struct genl_info *info,
	2894	+ struct cfg80211_chan_def *chandef)
2401	2895	{
	2896	+ struct netlink_ext_ack *extack = info->extack;
	2897	+ struct nlattr **attrs = info->attrs;
2402	2898	u32 control_freq;
2403	2899
2404		- if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
	2900	+ if (!attrs[NL80211_ATTR_WIPHY_FREQ])
2405	2901	return -EINVAL;
2406	2902
2407		- control_freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	2903	+ control_freq = MHZ_TO_KHZ(
	2904	+ nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
	2905	+ if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
	2906	+ control_freq +=
	2907	+ nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
2408	2908
2409	2909	memset(chandef, 0, sizeof(*chandef));
2410		-
2411		- chandef->chan = ieee80211_get_channel(&rdev->wiphy, control_freq);
	2910	+ chandef->chan = ieee80211_get_channel_khz(&rdev->wiphy, control_freq);
2412	2911	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
2413		- chandef->center_freq1 = control_freq;
	2912	+ chandef->center_freq1 = KHZ_TO_MHZ(control_freq);
	2913	+ chandef->freq1_offset = control_freq % 1000;
2414	2914	chandef->center_freq2 = 0;
2415	2915
2416	2916	/* Primary channel not allowed */
2417		- if (!chandef->chan \|\| chandef->chan->flags & IEEE80211_CHAN_DISABLED)
	2917	+ if (!chandef->chan \|\| chandef->chan->flags & IEEE80211_CHAN_DISABLED) {
	2918	+ NL_SET_ERR_MSG_ATTR(extack, attrs[NL80211_ATTR_WIPHY_FREQ],
	2919	+ "Channel is disabled");
2418	2920	return -EINVAL;
	2921	+ }
2419	2922
2420		- if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
	2923	+ if (attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
2421	2924	enum nl80211_channel_type chantype;
2422	2925
2423		- chantype = nla_get_u32(
2424		- info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
	2926	+ chantype = nla_get_u32(attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
2425	2927
2426	2928	switch (chantype) {
2427	2929	case NL80211_CHAN_NO_HT:
..	..	@@ -2431,29 +2933,52 @@
2431	2933	cfg80211_chandef_create(chandef, chandef->chan,
2432	2934	chantype);
2433	2935	/* user input for center_freq is incorrect */
2434		- if (info->attrs[NL80211_ATTR_CENTER_FREQ1] &&
2435		- chandef->center_freq1 != nla_get_u32(
2436		- info->attrs[NL80211_ATTR_CENTER_FREQ1]))
	2936	+ if (attrs[NL80211_ATTR_CENTER_FREQ1] &&
	2937	+ chandef->center_freq1 != nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1])) {
	2938	+ NL_SET_ERR_MSG_ATTR(extack,
	2939	+ attrs[NL80211_ATTR_CENTER_FREQ1],
	2940	+ "bad center frequency 1");
2437	2941	return -EINVAL;
	2942	+ }
2438	2943	/* center_freq2 must be zero */
2439		- if (info->attrs[NL80211_ATTR_CENTER_FREQ2] &&
2440		- nla_get_u32(info->attrs[NL80211_ATTR_CENTER_FREQ2]))
	2944	+ if (attrs[NL80211_ATTR_CENTER_FREQ2] &&
	2945	+ nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2])) {
	2946	+ NL_SET_ERR_MSG_ATTR(extack,
	2947	+ attrs[NL80211_ATTR_CENTER_FREQ2],
	2948	+ "center frequency 2 can't be used");
2441	2949	return -EINVAL;
	2950	+ }
2442	2951	break;
2443	2952	default:
	2953	+ NL_SET_ERR_MSG_ATTR(extack,
	2954	+ attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE],
	2955	+ "invalid channel type");
2444	2956	return -EINVAL;
2445	2957	}
2446		- } else if (info->attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
	2958	+ } else if (attrs[NL80211_ATTR_CHANNEL_WIDTH]) {
2447	2959	chandef->width =
2448		- nla_get_u32(info->attrs[NL80211_ATTR_CHANNEL_WIDTH]);
2449		- if (info->attrs[NL80211_ATTR_CENTER_FREQ1])
	2960	+ nla_get_u32(attrs[NL80211_ATTR_CHANNEL_WIDTH]);
	2961	+ if (chandef->chan->band == NL80211_BAND_S1GHZ) {
	2962	+ /* User input error for channel width doesn't match channel */
	2963	+ if (chandef->width != ieee80211_s1g_channel_width(chandef->chan)) {
	2964	+ NL_SET_ERR_MSG_ATTR(extack,
	2965	+ attrs[NL80211_ATTR_CHANNEL_WIDTH],
	2966	+ "bad channel width");
	2967	+ return -EINVAL;
	2968	+ }
	2969	+ }
	2970	+ if (attrs[NL80211_ATTR_CENTER_FREQ1]) {
2450	2971	chandef->center_freq1 =
2451		- nla_get_u32(
2452		- info->attrs[NL80211_ATTR_CENTER_FREQ1]);
2453		- if (info->attrs[NL80211_ATTR_CENTER_FREQ2])
	2972	+ nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ1]);
	2973	+ if (attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET])
	2974	+ chandef->freq1_offset = nla_get_u32(
	2975	+ attrs[NL80211_ATTR_CENTER_FREQ1_OFFSET]);
	2976	+ else
	2977	+ chandef->freq1_offset = 0;
	2978	+ }
	2979	+ if (attrs[NL80211_ATTR_CENTER_FREQ2])
2454	2980	chandef->center_freq2 =
2455		- nla_get_u32(
2456		- info->attrs[NL80211_ATTR_CENTER_FREQ2]);
	2981	+ nla_get_u32(attrs[NL80211_ATTR_CENTER_FREQ2]);
2457	2982	}
2458	2983
2459	2984	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_CHANNELS]) {
..	..	@@ -2468,17 +2993,23 @@
2468	2993	chandef->edmg.channels = 0;
2469	2994	}
2470	2995
2471		- if (!cfg80211_chandef_valid(chandef))
	2996	+ if (!cfg80211_chandef_valid(chandef)) {
	2997	+ NL_SET_ERR_MSG(extack, "invalid channel definition");
2472	2998	return -EINVAL;
	2999	+ }
2473	3000
2474	3001	if (!cfg80211_chandef_usable(&rdev->wiphy, chandef,
2475		- IEEE80211_CHAN_DISABLED))
	3002	+ IEEE80211_CHAN_DISABLED)) {
	3003	+ NL_SET_ERR_MSG(extack, "(extension) channel is disabled");
2476	3004	return -EINVAL;
	3005	+ }
2477	3006
2478	3007	if ((chandef->width == NL80211_CHAN_WIDTH_5 \|\|
2479	3008	chandef->width == NL80211_CHAN_WIDTH_10) &&
2480		- !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ))
	3009	+ !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_5_10_MHZ)) {
	3010	+ NL_SET_ERR_MSG(extack, "5/10 MHz not supported");
2481	3011	return -EINVAL;
	3012	+ }
2482	3013
2483	3014	return 0;
2484	3015	}
..	..	@@ -2653,10 +3184,11 @@
2653	3184	nla_for_each_nested(nl_txq_params,
2654	3185	info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
2655	3186	rem_txq_params) {
2656		- result = nla_parse_nested(tb, NL80211_TXQ_ATTR_MAX,
2657		- nl_txq_params,
2658		- txq_params_policy,
2659		- info->extack);
	3187	+ result = nla_parse_nested_deprecated(tb,
	3188	+ NL80211_TXQ_ATTR_MAX,
	3189	+ nl_txq_params,
	3190	+ txq_params_policy,
	3191	+ info->extack);
2660	3192	if (result)
2661	3193	return result;
2662	3194	result = parse_txq_params(tb, &txq_params);
..	..	@@ -2738,8 +3270,6 @@
2738	3270	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
2739	3271	retry_short = nla_get_u8(
2740	3272	info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
2741		- if (retry_short == 0)
2742		- return -EINVAL;
2743	3273
2744	3274	changed \|= WIPHY_PARAM_RETRY_SHORT;
2745	3275	}
..	..	@@ -2747,8 +3277,6 @@
2747	3277	if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
2748	3278	retry_long = nla_get_u8(
2749	3279	info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
2750		- if (retry_long == 0)
2751		- return -EINVAL;
2752	3280
2753	3281	changed \|= WIPHY_PARAM_RETRY_LONG;
2754	3282	}
..	..	@@ -2871,12 +3399,6 @@
2871	3399	return 0;
2872	3400	}
2873	3401
2874		-static inline u64 wdev_id(struct wireless_dev *wdev)
2875		-{
2876		- return (u64)wdev->identifier \|
2877		- ((u64)wiphy_to_rdev(wdev->wiphy)->wiphy_idx << 32);
2878		-}
2879		-
2880	3402	static int nl80211_send_chandef(struct sk_buff *msg,
2881	3403	const struct cfg80211_chan_def *chandef)
2882	3404	{
..	..	@@ -2885,6 +3407,9 @@
2885	3407
2886	3408	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
2887	3409	chandef->chan->center_freq))
	3410	+ return -ENOBUFS;
	3411	+ if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
	3412	+ chandef->chan->freq_offset))
2888	3413	return -ENOBUFS;
2889	3414	switch (chandef->width) {
2890	3415	case NL80211_CHAN_WIDTH_20_NOHT:
..	..	@@ -2909,14 +3434,15 @@
2909	3434
2910	3435	static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
2911	3436	struct cfg80211_registered_device *rdev,
2912		- struct wireless_dev *wdev, bool removal)
	3437	+ struct wireless_dev *wdev,
	3438	+ enum nl80211_commands cmd)
2913	3439	{
2914	3440	struct net_device *dev = wdev->netdev;
2915		- u8 cmd = NL80211_CMD_NEW_INTERFACE;
2916	3441	void *hdr;
2917	3442
2918		- if (removal)
2919		- cmd = NL80211_CMD_DEL_INTERFACE;
	3443	+ WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
	3444	+ cmd != NL80211_CMD_DEL_INTERFACE &&
	3445	+ cmd != NL80211_CMD_SET_INTERFACE);
2920	3446
2921	3447	hdr = nl80211hdr_put(msg, portid, seq, flags, cmd);
2922	3448	if (!hdr)
..	..	@@ -2962,6 +3488,7 @@
2962	3488	wdev_lock(wdev);
2963	3489	switch (wdev->iftype) {
2964	3490	case NL80211_IFTYPE_AP:
	3491	+ case NL80211_IFTYPE_P2P_GO:
2965	3492	if (wdev->ssid_len &&
2966	3493	nla_put(msg, NL80211_ATTR_SSID, wdev->ssid_len, wdev->ssid))
2967	3494	goto nla_put_failure_locked;
..	..	@@ -3064,7 +3591,8 @@
3064	3591	}
3065	3592	if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
3066	3593	cb->nlh->nlmsg_seq, NLM_F_MULTI,
3067		- rdev, wdev, false) < 0) {
	3594	+ rdev, wdev,
	3595	+ NL80211_CMD_NEW_INTERFACE) < 0) {
3068	3596	goto out;
3069	3597	}
3070	3598	if_idx++;
..	..	@@ -3094,7 +3622,7 @@
3094	3622	return -ENOMEM;
3095	3623
3096	3624	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3097		- rdev, wdev, false) < 0) {
	3625	+ rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3098	3626	nlmsg_free(msg);
3099	3627	return -ENOBUFS;
3100	3628	}
..	..	@@ -3121,8 +3649,7 @@
3121	3649	if (!nla)
3122	3650	return -EINVAL;
3123	3651
3124		- if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, nla,
3125		- mntr_flags_policy, NULL))
	3652	+ if (nla_parse_nested_deprecated(flags, NL80211_MNTR_FLAG_MAX, nla, mntr_flags_policy, NULL))
3126	3653	return -EINVAL;
3127	3654
3128	3655	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
..	..	@@ -3202,7 +3729,7 @@
3202	3729	enum nl80211_iftype iftype)
3203	3730	{
3204	3731	if (!use_4addr) {
3205		- if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
	3732	+ if (netdev && netif_is_bridge_port(netdev))
3206	3733	return -EBUSY;
3207	3734	return 0;
3208	3735	}
..	..	@@ -3240,8 +3767,6 @@
3240	3767	ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3241	3768	if (otype != ntype)
3242	3769	change = true;
3243		- if (ntype > NL80211_IFTYPE_MAX)
3244		- return -EINVAL;
3245	3770	}
3246	3771
3247	3772	if (info->attrs[NL80211_ATTR_MESH_ID]) {
..	..	@@ -3286,6 +3811,12 @@
3286	3811	if (!err && params.use_4addr != -1)
3287	3812	dev->ieee80211_ptr->use_4addr = params.use_4addr;
3288	3813
	3814	+ if (change && !err) {
	3815	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
	3816	+
	3817	+ nl80211_notify_iface(rdev, wdev, NL80211_CMD_SET_INTERFACE);
	3818	+ }
	3819	+
3289	3820	return err;
3290	3821	}
3291	3822
..	..	@@ -3306,11 +3837,8 @@
3306	3837	if (!info->attrs[NL80211_ATTR_IFNAME])
3307	3838	return -EINVAL;
3308	3839
3309		- if (info->attrs[NL80211_ATTR_IFTYPE]) {
	3840	+ if (info->attrs[NL80211_ATTR_IFTYPE])
3310	3841	type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
3311		- if (type > NL80211_IFTYPE_MAX)
3312		- return -EINVAL;
3313		- }
3314	3842
3315	3843	if (!rdev->ops->add_virtual_intf)
3316	3844	return -EOPNOTSUPP;
..	..	@@ -3375,34 +3903,18 @@
3375	3903	* P2P Device and NAN do not have a netdev, so don't go
3376	3904	* through the netdev notifier and must be added here
3377	3905	*/
3378		- mutex_init(&wdev->mtx);
3379		- INIT_LIST_HEAD(&wdev->event_list);
3380		- spin_lock_init(&wdev->event_lock);
3381		- INIT_LIST_HEAD(&wdev->mgmt_registrations);
3382		- spin_lock_init(&wdev->mgmt_registrations_lock);
3383		-
3384		- wdev->identifier = ++rdev->wdev_id;
3385		- list_add_rcu(&wdev->list, &rdev->wiphy.wdev_list);
3386		- rdev->devlist_generation++;
	3906	+ cfg80211_init_wdev(wdev);
	3907	+ cfg80211_register_wdev(rdev, wdev);
3387	3908	break;
3388	3909	default:
3389	3910	break;
3390	3911	}
3391	3912
3392	3913	if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
3393		- rdev, wdev, false) < 0) {
	3914	+ rdev, wdev, NL80211_CMD_NEW_INTERFACE) < 0) {
3394	3915	nlmsg_free(msg);
3395	3916	return -ENOBUFS;
3396	3917	}
3397		-
3398		- /*
3399		- * For wdevs which have no associated netdev object (e.g. of type
3400		- * NL80211_IFTYPE_P2P_DEVICE), emit the NEW_INTERFACE event here.
3401		- * For all other types, the event will be generated from the
3402		- * netdev notifier
3403		- */
3404		- if (!wdev->netdev)
3405		- nl80211_notify_iface(rdev, wdev, NL80211_CMD_NEW_INTERFACE);
3406	3918
3407	3919	return genlmsg_reply(msg, info);
3408	3920	}
..	..	@@ -3467,7 +3979,7 @@
3467	3979	params->cipher)))
3468	3980	goto nla_put_failure;
3469	3981
3470		- key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
	3982	+ key = nla_nest_start_noflag(cookie->msg, NL80211_ATTR_KEY);
3471	3983	if (!key)
3472	3984	goto nla_put_failure;
3473	3985
..	..	@@ -3505,18 +4017,26 @@
3505	4017	};
3506	4018	void *hdr;
3507	4019	struct sk_buff *msg;
	4020	+ bool bigtk_support = false;
	4021	+
	4022	+ if (wiphy_ext_feature_isset(&rdev->wiphy,
	4023	+ NL80211_EXT_FEATURE_BEACON_PROTECTION))
	4024	+ bigtk_support = true;
	4025	+
	4026	+ if ((dev->ieee80211_ptr->iftype == NL80211_IFTYPE_STATION \|\|
	4027	+ dev->ieee80211_ptr->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
	4028	+ wiphy_ext_feature_isset(&rdev->wiphy,
	4029	+ NL80211_EXT_FEATURE_BEACON_PROTECTION_CLIENT))
	4030	+ bigtk_support = true;
3508	4031
3509	4032	if (info->attrs[NL80211_ATTR_KEY_IDX]) {
3510	4033	key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
3511		- if (key_idx > 5 &&
3512		- !wiphy_ext_feature_isset(
3513		- &rdev->wiphy,
3514		- NL80211_EXT_FEATURE_BEACON_PROTECTION))
3515		- return -EINVAL;
3516		- }
3517	4034
3518		- if (key_idx > 5)
3519		- return -EINVAL;
	4035	+ if (key_idx >= 6 && key_idx <= 7 && !bigtk_support) {
	4036	+ GENL_SET_ERR_MSG(info, "BIGTK not supported");
	4037	+ return -EINVAL;
	4038	+ }
	4039	+ }
3520	4040
3521	4041	if (info->attrs[NL80211_ATTR_MAC])
3522	4042	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
..	..	@@ -3525,8 +4045,6 @@
3525	4045	if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
3526	4046	u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
3527	4047
3528		- if (kt >= NUM_NL80211_KEYTYPES)
3529		- return -EINVAL;
3530	4048	if (kt != NL80211_KEYTYPE_GROUP &&
3531	4049	kt != NL80211_KEYTYPE_PAIRWISE)
3532	4050	return -EINVAL;
..	..	@@ -3591,8 +4109,11 @@
3591	4109	if (key.idx < 0)
3592	4110	return -EINVAL;
3593	4111
3594		- /* only support setting default key */
3595		- if (!key.def && !key.defmgmt && !key.defbeacon)
	4112	+ /* Only support setting default key and
	4113	+ * Extended Key ID action NL80211_KEY_SET_TX.
	4114	+ */
	4115	+ if (!key.def && !key.defmgmt && !key.defbeacon &&
	4116	+ !(key.p.mode == NL80211_KEY_SET_TX))
3596	4117	return -EINVAL;
3597	4118
3598	4119	wdev_lock(dev->ieee80211_ptr);
..	..	@@ -3656,8 +4177,25 @@
3656	4177	err = rdev_set_default_beacon_key(rdev, dev, key.idx);
3657	4178	if (err)
3658	4179	goto out;
3659		- }
	4180	+ } else if (key.p.mode == NL80211_KEY_SET_TX &&
	4181	+ wiphy_ext_feature_isset(&rdev->wiphy,
	4182	+ NL80211_EXT_FEATURE_EXT_KEY_ID)) {
	4183	+ u8 *mac_addr = NULL;
3660	4184
	4185	+ if (info->attrs[NL80211_ATTR_MAC])
	4186	+ mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
	4187	+
	4188	+ if (!mac_addr \|\| key.idx < 0 \|\| key.idx > 1) {
	4189	+ err = -EINVAL;
	4190	+ goto out;
	4191	+ }
	4192	+
	4193	+ err = rdev_add_key(rdev, dev, key.idx,
	4194	+ NL80211_KEYTYPE_PAIRWISE,
	4195	+ mac_addr, &key.p);
	4196	+ } else {
	4197	+ err = -EINVAL;
	4198	+ }
3661	4199	out:
3662	4200	wdev_unlock(dev->ieee80211_ptr);
3663	4201
..	..	@@ -3676,8 +4214,10 @@
3676	4214	if (err)
3677	4215	return err;
3678	4216
3679		- if (!key.p.key)
	4217	+ if (!key.p.key) {
	4218	+ GENL_SET_ERR_MSG(info, "no key");
3680	4219	return -EINVAL;
	4220	+ }
3681	4221
3682	4222	if (info->attrs[NL80211_ATTR_MAC])
3683	4223	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
..	..	@@ -3691,23 +4231,36 @@
3691	4231
3692	4232	/* for now */
3693	4233	if (key.type != NL80211_KEYTYPE_PAIRWISE &&
3694		- key.type != NL80211_KEYTYPE_GROUP)
	4234	+ key.type != NL80211_KEYTYPE_GROUP) {
	4235	+ GENL_SET_ERR_MSG(info, "key type not pairwise or group");
3695	4236	return -EINVAL;
	4237	+ }
	4238	+
	4239	+ if (key.type == NL80211_KEYTYPE_GROUP &&
	4240	+ info->attrs[NL80211_ATTR_VLAN_ID])
	4241	+ key.p.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
3696	4242
3697	4243	if (!rdev->ops->add_key)
3698	4244	return -EOPNOTSUPP;
3699	4245
3700	4246	if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
3701	4247	key.type == NL80211_KEYTYPE_PAIRWISE,
3702		- mac_addr))
	4248	+ mac_addr)) {
	4249	+ GENL_SET_ERR_MSG(info, "key setting validation failed");
3703	4250	return -EINVAL;
	4251	+ }
3704	4252
3705	4253	wdev_lock(dev->ieee80211_ptr);
3706	4254	err = nl80211_key_allowed(dev->ieee80211_ptr);
3707		- if (!err)
	4255	+ if (err)
	4256	+ GENL_SET_ERR_MSG(info, "key not allowed");
	4257	+ if (!err) {
3708	4258	err = rdev_add_key(rdev, dev, key.idx,
3709	4259	key.type == NL80211_KEYTYPE_PAIRWISE,
3710	4260	mac_addr, &key.p);
	4261	+ if (err)
	4262	+ GENL_SET_ERR_MSG(info, "key addition failed");
	4263	+ }
3711	4264	wdev_unlock(dev->ieee80211_ptr);
3712	4265
3713	4266	return err;
..	..	@@ -3822,8 +4375,7 @@
3822	4375	if (n_entries > wiphy->max_acl_mac_addrs)
3823	4376	return ERR_PTR(-ENOTSUPP);
3824	4377
3825		- acl = kzalloc(sizeof(acl) + (sizeof(struct mac_address) n_entries),
3826		- GFP_KERNEL);
	4378	+ acl = kzalloc(struct_size(acl, mac_addrs, n_entries), GFP_KERNEL);
3827	4379	if (!acl)
3828	4380	return ERR_PTR(-ENOMEM);
3829	4381
..	..	@@ -3977,28 +4529,106 @@
3977	4529	return true;
3978	4530	}
3979	4531
3980		-static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = {
3981		- [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY,
3982		- .len = NL80211_MAX_SUPP_RATES },
3983		- [NL80211_TXRATE_HT] = { .type = NLA_BINARY,
3984		- .len = NL80211_MAX_SUPP_HT_RATES },
3985		- [NL80211_TXRATE_VHT] = { .len = sizeof(struct nl80211_txrate_vht)},
3986		- [NL80211_TXRATE_GI] = { .type = NLA_U8 },
3987		-};
	4532	+static u16 he_mcs_map_to_mcs_mask(u8 he_mcs_map)
	4533	+{
	4534	+ switch (he_mcs_map) {
	4535	+ case IEEE80211_HE_MCS_NOT_SUPPORTED:
	4536	+ return 0;
	4537	+ case IEEE80211_HE_MCS_SUPPORT_0_7:
	4538	+ return 0x00FF;
	4539	+ case IEEE80211_HE_MCS_SUPPORT_0_9:
	4540	+ return 0x03FF;
	4541	+ case IEEE80211_HE_MCS_SUPPORT_0_11:
	4542	+ return 0xFFF;
	4543	+ default:
	4544	+ break;
	4545	+ }
	4546	+ return 0;
	4547	+}
	4548	+
	4549	+static void he_build_mcs_mask(u16 he_mcs_map,
	4550	+ u16 he_mcs_mask[NL80211_HE_NSS_MAX])
	4551	+{
	4552	+ u8 nss;
	4553	+
	4554	+ for (nss = 0; nss < NL80211_HE_NSS_MAX; nss++) {
	4555	+ he_mcs_mask[nss] = he_mcs_map_to_mcs_mask(he_mcs_map & 0x03);
	4556	+ he_mcs_map >>= 2;
	4557	+ }
	4558	+}
	4559	+
	4560	+static u16 he_get_txmcsmap(struct genl_info *info,
	4561	+ const struct ieee80211_sta_he_cap *he_cap)
	4562	+{
	4563	+ struct net_device *dev = info->user_ptr[1];
	4564	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
	4565	+ __le16 tx_mcs;
	4566	+
	4567	+ switch (wdev->chandef.width) {
	4568	+ case NL80211_CHAN_WIDTH_80P80:
	4569	+ tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80p80;
	4570	+ break;
	4571	+ case NL80211_CHAN_WIDTH_160:
	4572	+ tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_160;
	4573	+ break;
	4574	+ default:
	4575	+ tx_mcs = he_cap->he_mcs_nss_supp.tx_mcs_80;
	4576	+ break;
	4577	+ }
	4578	+ return le16_to_cpu(tx_mcs);
	4579	+}
	4580	+
	4581	+static bool he_set_mcs_mask(struct genl_info *info,
	4582	+ struct wireless_dev *wdev,
	4583	+ struct ieee80211_supported_band *sband,
	4584	+ struct nl80211_txrate_he *txrate,
	4585	+ u16 mcs[NL80211_HE_NSS_MAX])
	4586	+{
	4587	+ const struct ieee80211_sta_he_cap *he_cap;
	4588	+ u16 tx_mcs_mask[NL80211_HE_NSS_MAX] = {};
	4589	+ u16 tx_mcs_map = 0;
	4590	+ u8 i;
	4591	+
	4592	+ he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
	4593	+ if (!he_cap)
	4594	+ return false;
	4595	+
	4596	+ memset(mcs, 0, sizeof(u16) * NL80211_HE_NSS_MAX);
	4597	+
	4598	+ tx_mcs_map = he_get_txmcsmap(info, he_cap);
	4599	+
	4600	+ /* Build he_mcs_mask from HE capabilities */
	4601	+ he_build_mcs_mask(tx_mcs_map, tx_mcs_mask);
	4602	+
	4603	+ for (i = 0; i < NL80211_HE_NSS_MAX; i++) {
	4604	+ if ((tx_mcs_mask[i] & txrate->mcs[i]) == txrate->mcs[i])
	4605	+ mcs[i] = txrate->mcs[i];
	4606	+ else
	4607	+ return false;
	4608	+ }
	4609	+
	4610	+ return true;
	4611	+}
3988	4612
3989	4613	static int nl80211_parse_tx_bitrate_mask(struct genl_info *info,
3990		- struct cfg80211_bitrate_mask *mask)
	4614	+ struct nlattr *attrs[],
	4615	+ enum nl80211_attrs attr,
	4616	+ struct cfg80211_bitrate_mask *mask,
	4617	+ struct net_device *dev)
3991	4618	{
3992	4619	struct nlattr *tb[NL80211_TXRATE_MAX + 1];
3993	4620	struct cfg80211_registered_device *rdev = info->user_ptr[0];
	4621	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
3994	4622	int rem, i;
3995	4623	struct nlattr *tx_rates;
3996	4624	struct ieee80211_supported_band *sband;
3997		- u16 vht_tx_mcs_map;
	4625	+ u16 vht_tx_mcs_map, he_tx_mcs_map;
3998	4626
3999	4627	memset(mask, 0, sizeof(*mask));
4000	4628	/* Default to all rates enabled */
4001	4629	for (i = 0; i < NUM_NL80211_BANDS; i++) {
	4630	+ const struct ieee80211_sta_he_cap *he_cap;
	4631	+
4002	4632	sband = rdev->wiphy.bands[i];
4003	4633
4004	4634	if (!sband)
..	..	@@ -4009,22 +4639,31 @@
4009	4639	sband->ht_cap.mcs.rx_mask,
4010	4640	sizeof(mask->control[i].ht_mcs));
4011	4641
4012		- if (!sband->vht_cap.vht_supported)
	4642	+ if (sband->vht_cap.vht_supported) {
	4643	+ vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
	4644	+ vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
	4645	+ }
	4646	+
	4647	+ he_cap = ieee80211_get_he_iftype_cap(sband, wdev->iftype);
	4648	+ if (!he_cap)
4013	4649	continue;
4014	4650
4015		- vht_tx_mcs_map = le16_to_cpu(sband->vht_cap.vht_mcs.tx_mcs_map);
4016		- vht_build_mcs_mask(vht_tx_mcs_map, mask->control[i].vht_mcs);
	4651	+ he_tx_mcs_map = he_get_txmcsmap(info, he_cap);
	4652	+ he_build_mcs_mask(he_tx_mcs_map, mask->control[i].he_mcs);
	4653	+
	4654	+ mask->control[i].he_gi = 0xFF;
	4655	+ mask->control[i].he_ltf = 0xFF;
4017	4656	}
4018	4657
4019	4658	/* if no rates are given set it back to the defaults */
4020		- if (!info->attrs[NL80211_ATTR_TX_RATES])
	4659	+ if (!attrs[attr])
4021	4660	goto out;
4022	4661
4023	4662	/* The nested attribute uses enum nl80211_band as the index. This maps
4024	4663	* directly to the enum nl80211_band values used in cfg80211.
4025	4664	*/
4026	4665	BUILD_BUG_ON(NL80211_MAX_SUPP_HT_RATES > IEEE80211_HT_MCS_MASK_LEN * 8);
4027		- nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) {
	4666	+ nla_for_each_nested(tx_rates, attrs[attr], rem) {
4028	4667	enum nl80211_band band = nla_type(tx_rates);
4029	4668	int err;
4030	4669
..	..	@@ -4033,8 +4672,10 @@
4033	4672	sband = rdev->wiphy.bands[band];
4034	4673	if (sband == NULL)
4035	4674	return -EINVAL;
4036		- err = nla_parse_nested(tb, NL80211_TXRATE_MAX, tx_rates,
4037		- nl80211_txattr_policy, info->extack);
	4675	+ err = nla_parse_nested_deprecated(tb, NL80211_TXRATE_MAX,
	4676	+ tx_rates,
	4677	+ nl80211_txattr_policy,
	4678	+ info->extack);
4038	4679	if (err)
4039	4680	return err;
4040	4681	if (tb[NL80211_TXRATE_LEGACY]) {
..	..	@@ -4067,13 +4708,25 @@
4067	4708	if (mask->control[band].gi > NL80211_TXRATE_FORCE_LGI)
4068	4709	return -EINVAL;
4069	4710	}
	4711	+ if (tb[NL80211_TXRATE_HE] &&
	4712	+ !he_set_mcs_mask(info, wdev, sband,
	4713	+ nla_data(tb[NL80211_TXRATE_HE]),
	4714	+ mask->control[band].he_mcs))
	4715	+ return -EINVAL;
	4716	+ if (tb[NL80211_TXRATE_HE_GI])
	4717	+ mask->control[band].he_gi =
	4718	+ nla_get_u8(tb[NL80211_TXRATE_HE_GI]);
	4719	+ if (tb[NL80211_TXRATE_HE_LTF])
	4720	+ mask->control[band].he_ltf =
	4721	+ nla_get_u8(tb[NL80211_TXRATE_HE_LTF]);
4070	4722
4071	4723	if (mask->control[band].legacy == 0) {
4072		- /* don't allow empty legacy rates if HT or VHT
	4724	+ /* don't allow empty legacy rates if HT, VHT or HE
4073	4725	* are not even supported.
4074	4726	*/
4075	4727	if (!(rdev->wiphy.bands[band]->ht_cap.ht_supported \|\|
4076		- rdev->wiphy.bands[band]->vht_cap.vht_supported))
	4728	+ rdev->wiphy.bands[band]->vht_cap.vht_supported \|\|
	4729	+ ieee80211_get_he_iftype_cap(sband, wdev->iftype)))
4077	4730	return -EINVAL;
4078	4731
4079	4732	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++)
..	..	@@ -4082,6 +4735,10 @@
4082	4735
4083	4736	for (i = 0; i < NL80211_VHT_NSS_MAX; i++)
4084	4737	if (mask->control[band].vht_mcs[i])
	4738	+ goto out;
	4739	+
	4740	+ for (i = 0; i < NL80211_HE_NSS_MAX; i++)
	4741	+ if (mask->control[band].he_mcs[i])
4085	4742	goto out;
4086	4743
4087	4744	/* legacy and mcs rates may not be both empty */
..	..	@@ -4149,26 +4806,16 @@
4149	4806	return 0;
4150	4807	}
4151	4808
4152		-static int nl80211_parse_beacon(struct nlattr *attrs[],
	4809	+static int nl80211_parse_beacon(struct cfg80211_registered_device *rdev,
	4810	+ struct nlattr *attrs[],
4153	4811	struct cfg80211_beacon_data *bcn)
4154	4812	{
4155	4813	bool haveinfo = false;
4156		-
4157		- if (!is_valid_ie_attr(attrs[NL80211_ATTR_BEACON_TAIL]) \|\|
4158		- !is_valid_ie_attr(attrs[NL80211_ATTR_IE]) \|\|
4159		- !is_valid_ie_attr(attrs[NL80211_ATTR_IE_PROBE_RESP]) \|\|
4160		- !is_valid_ie_attr(attrs[NL80211_ATTR_IE_ASSOC_RESP]))
4161		- return -EINVAL;
	4814	+ int err;
4162	4815
4163	4816	memset(bcn, 0, sizeof(*bcn));
4164	4817
4165	4818	if (attrs[NL80211_ATTR_BEACON_HEAD]) {
4166		- int ret = validate_beacon_head(attrs[NL80211_ATTR_BEACON_HEAD],
4167		- NULL);
4168		-
4169		- if (ret)
4170		- return ret;
4171		-
4172	4819	bcn->head = nla_data(attrs[NL80211_ATTR_BEACON_HEAD]);
4173	4820	bcn->head_len = nla_len(attrs[NL80211_ATTR_BEACON_HEAD]);
4174	4821	if (!bcn->head_len)
..	..	@@ -4209,6 +4856,163 @@
4209	4856	bcn->probe_resp_len = nla_len(attrs[NL80211_ATTR_PROBE_RESP]);
4210	4857	}
4211	4858
	4859	+ if (attrs[NL80211_ATTR_FTM_RESPONDER]) {
	4860	+ struct nlattr *tb[NL80211_FTM_RESP_ATTR_MAX + 1];
	4861	+
	4862	+ err = nla_parse_nested_deprecated(tb,
	4863	+ NL80211_FTM_RESP_ATTR_MAX,
	4864	+ attrs[NL80211_ATTR_FTM_RESPONDER],
	4865	+ NULL, NULL);
	4866	+ if (err)
	4867	+ return err;
	4868	+
	4869	+ if (tb[NL80211_FTM_RESP_ATTR_ENABLED] &&
	4870	+ wiphy_ext_feature_isset(&rdev->wiphy,
	4871	+ NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
	4872	+ bcn->ftm_responder = 1;
	4873	+ else
	4874	+ return -EOPNOTSUPP;
	4875	+
	4876	+ if (tb[NL80211_FTM_RESP_ATTR_LCI]) {
	4877	+ bcn->lci = nla_data(tb[NL80211_FTM_RESP_ATTR_LCI]);
	4878	+ bcn->lci_len = nla_len(tb[NL80211_FTM_RESP_ATTR_LCI]);
	4879	+ }
	4880	+
	4881	+ if (tb[NL80211_FTM_RESP_ATTR_CIVICLOC]) {
	4882	+ bcn->civicloc = nla_data(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
	4883	+ bcn->civicloc_len = nla_len(tb[NL80211_FTM_RESP_ATTR_CIVICLOC]);
	4884	+ }
	4885	+ } else {
	4886	+ bcn->ftm_responder = -1;
	4887	+ }
	4888	+
	4889	+ return 0;
	4890	+}
	4891	+
	4892	+static int nl80211_parse_he_obss_pd(struct nlattr *attrs,
	4893	+ struct ieee80211_he_obss_pd *he_obss_pd)
	4894	+{
	4895	+ struct nlattr *tb[NL80211_HE_OBSS_PD_ATTR_MAX + 1];
	4896	+ int err;
	4897	+
	4898	+ err = nla_parse_nested(tb, NL80211_HE_OBSS_PD_ATTR_MAX, attrs,
	4899	+ he_obss_pd_policy, NULL);
	4900	+ if (err)
	4901	+ return err;
	4902	+
	4903	+ if (!tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL])
	4904	+ return -EINVAL;
	4905	+
	4906	+ he_obss_pd->sr_ctrl = nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_SR_CTRL]);
	4907	+
	4908	+ if (tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET])
	4909	+ he_obss_pd->min_offset =
	4910	+ nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET]);
	4911	+ if (tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET])
	4912	+ he_obss_pd->max_offset =
	4913	+ nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET]);
	4914	+ if (tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET])
	4915	+ he_obss_pd->non_srg_max_offset =
	4916	+ nla_get_u8(tb[NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET]);
	4917	+
	4918	+ if (he_obss_pd->min_offset > he_obss_pd->max_offset)
	4919	+ return -EINVAL;
	4920	+
	4921	+ if (tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP])
	4922	+ memcpy(he_obss_pd->bss_color_bitmap,
	4923	+ nla_data(tb[NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP]),
	4924	+ sizeof(he_obss_pd->bss_color_bitmap));
	4925	+
	4926	+ if (tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP])
	4927	+ memcpy(he_obss_pd->partial_bssid_bitmap,
	4928	+ nla_data(tb[NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP]),
	4929	+ sizeof(he_obss_pd->partial_bssid_bitmap));
	4930	+
	4931	+ he_obss_pd->enable = true;
	4932	+
	4933	+ return 0;
	4934	+}
	4935	+
	4936	+static int nl80211_parse_he_bss_color(struct nlattr *attrs,
	4937	+ struct cfg80211_he_bss_color *he_bss_color)
	4938	+{
	4939	+ struct nlattr *tb[NL80211_HE_BSS_COLOR_ATTR_MAX + 1];
	4940	+ int err;
	4941	+
	4942	+ err = nla_parse_nested(tb, NL80211_HE_BSS_COLOR_ATTR_MAX, attrs,
	4943	+ he_bss_color_policy, NULL);
	4944	+ if (err)
	4945	+ return err;
	4946	+
	4947	+ if (!tb[NL80211_HE_BSS_COLOR_ATTR_COLOR])
	4948	+ return -EINVAL;
	4949	+
	4950	+ he_bss_color->color =
	4951	+ nla_get_u8(tb[NL80211_HE_BSS_COLOR_ATTR_COLOR]);
	4952	+ he_bss_color->enabled =
	4953	+ !nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_DISABLED]);
	4954	+ he_bss_color->partial =
	4955	+ nla_get_flag(tb[NL80211_HE_BSS_COLOR_ATTR_PARTIAL]);
	4956	+
	4957	+ return 0;
	4958	+}
	4959	+
	4960	+static int nl80211_parse_fils_discovery(struct cfg80211_registered_device *rdev,
	4961	+ struct nlattr *attrs,
	4962	+ struct cfg80211_ap_settings *params)
	4963	+{
	4964	+ struct nlattr *tb[NL80211_FILS_DISCOVERY_ATTR_MAX + 1];
	4965	+ int ret;
	4966	+ struct cfg80211_fils_discovery *fd = &params->fils_discovery;
	4967	+
	4968	+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
	4969	+ NL80211_EXT_FEATURE_FILS_DISCOVERY))
	4970	+ return -EINVAL;
	4971	+
	4972	+ ret = nla_parse_nested(tb, NL80211_FILS_DISCOVERY_ATTR_MAX, attrs,
	4973	+ NULL, NULL);
	4974	+ if (ret)
	4975	+ return ret;
	4976	+
	4977	+ if (!tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN] \|\|
	4978	+ !tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX] \|\|
	4979	+ !tb[NL80211_FILS_DISCOVERY_ATTR_TMPL])
	4980	+ return -EINVAL;
	4981	+
	4982	+ fd->tmpl_len = nla_len(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
	4983	+ fd->tmpl = nla_data(tb[NL80211_FILS_DISCOVERY_ATTR_TMPL]);
	4984	+ fd->min_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MIN]);
	4985	+ fd->max_interval = nla_get_u32(tb[NL80211_FILS_DISCOVERY_ATTR_INT_MAX]);
	4986	+
	4987	+ return 0;
	4988	+}
	4989	+
	4990	+static int
	4991	+nl80211_parse_unsol_bcast_probe_resp(struct cfg80211_registered_device *rdev,
	4992	+ struct nlattr *attrs,
	4993	+ struct cfg80211_ap_settings *params)
	4994	+{
	4995	+ struct nlattr *tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX + 1];
	4996	+ int ret;
	4997	+ struct cfg80211_unsol_bcast_probe_resp *presp =
	4998	+ &params->unsol_bcast_probe_resp;
	4999	+
	5000	+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
	5001	+ NL80211_EXT_FEATURE_UNSOL_BCAST_PROBE_RESP))
	5002	+ return -EINVAL;
	5003	+
	5004	+ ret = nla_parse_nested(tb, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_MAX,
	5005	+ attrs, NULL, NULL);
	5006	+ if (ret)
	5007	+ return ret;
	5008	+
	5009	+ if (!tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT] \|\|
	5010	+ !tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL])
	5011	+ return -EINVAL;
	5012	+
	5013	+ presp->tmpl = nla_data(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
	5014	+ presp->tmpl_len = nla_len(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL]);
	5015	+ presp->interval = nla_get_u32(tb[NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT]);
4212	5016	return 0;
4213	5017	}
4214	5018
..	..	@@ -4225,6 +5029,8 @@
4225	5029	params->ht_required = true;
4226	5030	if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_VHT_PHY)
4227	5031	params->vht_required = true;
	5032	+ if (rates[2 + i] == BSS_MEMBERSHIP_SELECTOR_HE_PHY)
	5033	+ params->he_required = true;
4228	5034	}
4229	5035	}
4230	5036
..	..	@@ -4253,6 +5059,12 @@
4253	5059	cap = cfg80211_find_ie(WLAN_EID_VHT_CAPABILITY, ies, ies_len);
4254	5060	if (cap && cap[1] >= sizeof(*params->vht_cap))
4255	5061	params->vht_cap = (void *)(cap + 2);
	5062	+ cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_CAPABILITY, ies, ies_len);
	5063	+ if (cap && cap[1] >= sizeof(*params->he_cap) + 1)
	5064	+ params->he_cap = (void *)(cap + 3);
	5065	+ cap = cfg80211_find_ext_ie(WLAN_EID_EXT_HE_OPERATION, ies, ies_len);
	5066	+ if (cap && cap[1] >= sizeof(*params->he_oper) + 1)
	5067	+ params->he_oper = (void *)(cap + 3);
4256	5068	}
4257	5069
4258	5070	static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
..	..	@@ -4298,6 +5110,8 @@
4298	5110	return true;
4299	5111	case NL80211_CMD_CONNECT:
4300	5112	if (!(rdev->wiphy.features & NL80211_FEATURE_SAE) &&
	5113	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	5114	+ NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
4301	5115	auth_type == NL80211_AUTHTYPE_SAE)
4302	5116	return false;
4303	5117
..	..	@@ -4312,8 +5126,9 @@
4312	5126	return false;
4313	5127	return true;
4314	5128	case NL80211_CMD_START_AP:
4315		- /* SAE not supported yet */
4316		- if (auth_type == NL80211_AUTHTYPE_SAE)
	5129	+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
	5130	+ NL80211_EXT_FEATURE_SAE_OFFLOAD_AP) &&
	5131	+ auth_type == NL80211_AUTHTYPE_SAE)
4317	5132	return false;
4318	5133	/* FILS not supported yet */
4319	5134	if (auth_type == NL80211_AUTHTYPE_FILS_SK \|\|
..	..	@@ -4352,7 +5167,7 @@
4352	5167	!info->attrs[NL80211_ATTR_BEACON_HEAD])
4353	5168	return -EINVAL;
4354	5169
4355		- err = nl80211_parse_beacon(info->attrs, &params.beacon);
	5170	+ err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon);
4356	5171	if (err)
4357	5172	return err;
4358	5173
..	..	@@ -4377,19 +5192,13 @@
4377	5192	params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
4378	5193	params.ssid_len =
4379	5194	nla_len(info->attrs[NL80211_ATTR_SSID]);
4380		- if (params.ssid_len == 0 \|\|
4381		- params.ssid_len > IEEE80211_MAX_SSID_LEN)
	5195	+ if (params.ssid_len == 0)
4382	5196	return -EINVAL;
4383	5197	}
4384	5198
4385		- if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
	5199	+ if (info->attrs[NL80211_ATTR_HIDDEN_SSID])
4386	5200	params.hidden_ssid = nla_get_u32(
4387	5201	info->attrs[NL80211_ATTR_HIDDEN_SSID]);
4388		- if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
4389		- params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
4390		- params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
4391		- return -EINVAL;
4392		- }
4393	5202
4394	5203	params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
4395	5204
..	..	@@ -4419,8 +5228,6 @@
4419	5228	return -EINVAL;
4420	5229	params.p2p_ctwindow =
4421	5230	nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
4422		- if (params.p2p_ctwindow > 127)
4423		- return -EINVAL;
4424	5231	if (params.p2p_ctwindow != 0 &&
4425	5232	!(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
4426	5233	return -EINVAL;
..	..	@@ -4432,8 +5239,6 @@
4432	5239	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
4433	5240	return -EINVAL;
4434	5241	tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
4435		- if (tmp > 1)
4436		- return -EINVAL;
4437	5242	params.p2p_opp_ps = tmp;
4438	5243	if (params.p2p_opp_ps != 0 &&
4439	5244	!(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
..	..	@@ -4454,7 +5259,10 @@
4454	5259	return -EINVAL;
4455	5260
4456	5261	if (info->attrs[NL80211_ATTR_TX_RATES]) {
4457		- err = nl80211_parse_tx_bitrate_mask(info, &params.beacon_rate);
	5262	+ err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
	5263	+ NL80211_ATTR_TX_RATES,
	5264	+ &params.beacon_rate,
	5265	+ dev);
4458	5266	if (err)
4459	5267	return err;
4460	5268
..	..	@@ -4497,6 +5305,41 @@
4497	5305	return PTR_ERR(params.acl);
4498	5306	}
4499	5307
	5308	+ params.twt_responder =
	5309	+ nla_get_flag(info->attrs[NL80211_ATTR_TWT_RESPONDER]);
	5310	+
	5311	+ if (info->attrs[NL80211_ATTR_HE_OBSS_PD]) {
	5312	+ err = nl80211_parse_he_obss_pd(
	5313	+ info->attrs[NL80211_ATTR_HE_OBSS_PD],
	5314	+ &params.he_obss_pd);
	5315	+ if (err)
	5316	+ goto out;
	5317	+ }
	5318	+
	5319	+ if (info->attrs[NL80211_ATTR_HE_BSS_COLOR]) {
	5320	+ err = nl80211_parse_he_bss_color(
	5321	+ info->attrs[NL80211_ATTR_HE_BSS_COLOR],
	5322	+ &params.he_bss_color);
	5323	+ if (err)
	5324	+ goto out;
	5325	+ }
	5326	+
	5327	+ if (info->attrs[NL80211_ATTR_FILS_DISCOVERY]) {
	5328	+ err = nl80211_parse_fils_discovery(rdev,
	5329	+ info->attrs[NL80211_ATTR_FILS_DISCOVERY],
	5330	+ &params);
	5331	+ if (err)
	5332	+ goto out;
	5333	+ }
	5334	+
	5335	+ if (info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP]) {
	5336	+ err = nl80211_parse_unsol_bcast_probe_resp(
	5337	+ rdev, info->attrs[NL80211_ATTR_UNSOL_BCAST_PROBE_RESP],
	5338	+ &params);
	5339	+ if (err)
	5340	+ goto out;
	5341	+ }
	5342	+
4500	5343	nl80211_calculate_ap_params(&params);
4501	5344
4502	5345	if (info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])
..	..	@@ -4516,6 +5359,7 @@
4516	5359	}
4517	5360	wdev_unlock(wdev);
4518	5361
	5362	+out:
4519	5363	kfree(params.acl);
4520	5364
4521	5365	return err;
..	..	@@ -4539,7 +5383,7 @@
4539	5383	if (!wdev->beacon_interval)
4540	5384	return -EINVAL;
4541	5385
4542		- err = nl80211_parse_beacon(info->attrs, &params);
	5386	+ err = nl80211_parse_beacon(rdev, info->attrs, &params);
4543	5387	if (err)
4544	5388	return err;
4545	5389
..	..	@@ -4599,8 +5443,7 @@
4599	5443	if (!nla)
4600	5444	return 0;
4601	5445
4602		- if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, nla,
4603		- sta_flags_policy, info->extack))
	5446	+ if (nla_parse_nested_deprecated(flags, NL80211_STA_FLAG_MAX, nla, sta_flags_policy, info->extack))
4604	5447	return -EINVAL;
4605	5448
4606	5449	/*
..	..	@@ -4645,15 +5488,14 @@
4645	5488	return 0;
4646	5489	}
4647	5490
4648		-static bool nl80211_put_sta_rate(struct sk_buff msg, struct rate_info info,
4649		- int attr)
	5491	+bool nl80211_put_sta_rate(struct sk_buff msg, struct rate_info info, int attr)
4650	5492	{
4651	5493	struct nlattr *rate;
4652	5494	u32 bitrate;
4653	5495	u16 bitrate_compat;
4654	5496	enum nl80211_rate_info rate_flg;
4655	5497
4656		- rate = nla_nest_start(msg, attr);
	5498	+ rate = nla_nest_start_noflag(msg, attr);
4657	5499	if (!rate)
4658	5500	return false;
4659	5501
..	..	@@ -4677,7 +5519,7 @@
4677	5519	break;
4678	5520	default:
4679	5521	WARN_ON(1);
4680		- /* fall through */
	5522	+ fallthrough;
4681	5523	case RATE_INFO_BW_20:
4682	5524	rate_flg = 0;
4683	5525	break;
..	..	@@ -4740,7 +5582,7 @@
4740	5582	if (!mask)
4741	5583	return true;
4742	5584
4743		- attr = nla_nest_start(msg, id);
	5585	+ attr = nla_nest_start_noflag(msg, id);
4744	5586	if (!attr)
4745	5587	return false;
4746	5588
..	..	@@ -4777,7 +5619,7 @@
4777	5619	nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
4778	5620	goto nla_put_failure;
4779	5621
4780		- sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
	5622	+ sinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_STA_INFO);
4781	5623	if (!sinfoattr)
4782	5624	goto nla_put_failure;
4783	5625
..	..	@@ -4797,6 +5639,7 @@
4797	5639
4798	5640	PUT_SINFO(CONNECTED_TIME, connected_time, u32);
4799	5641	PUT_SINFO(INACTIVE_TIME, inactive_time, u32);
	5642	+ PUT_SINFO_U64(ASSOC_AT_BOOTTIME, assoc_at);
4800	5643
4801	5644	if (sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES) \|
4802	5645	BIT_ULL(NL80211_STA_INFO_RX_BYTES64)) &&
..	..	@@ -4816,6 +5659,11 @@
4816	5659	PUT_SINFO(PLID, plid, u16);
4817	5660	PUT_SINFO(PLINK_STATE, plink_state, u8);
4818	5661	PUT_SINFO_U64(RX_DURATION, rx_duration);
	5662	+ PUT_SINFO_U64(TX_DURATION, tx_duration);
	5663	+
	5664	+ if (wiphy_ext_feature_isset(&rdev->wiphy,
	5665	+ NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
	5666	+ PUT_SINFO(AIRTIME_WEIGHT, airtime_weight, u16);
4819	5667
4820	5668	switch (rdev->wiphy.signal_type) {
4821	5669	case CFG80211_SIGNAL_TYPE_MBM:
..	..	@@ -4853,13 +5701,17 @@
4853	5701	PUT_SINFO(TX_RETRIES, tx_retries, u32);
4854	5702	PUT_SINFO(TX_FAILED, tx_failed, u32);
4855	5703	PUT_SINFO(EXPECTED_THROUGHPUT, expected_throughput, u32);
	5704	+ PUT_SINFO(AIRTIME_LINK_METRIC, airtime_link_metric, u32);
4856	5705	PUT_SINFO(BEACON_LOSS, beacon_loss_count, u32);
4857	5706	PUT_SINFO(LOCAL_PM, local_pm, u32);
4858	5707	PUT_SINFO(PEER_PM, peer_pm, u32);
4859	5708	PUT_SINFO(NONPEER_PM, nonpeer_pm, u32);
	5709	+ PUT_SINFO(CONNECTED_TO_GATE, connected_to_gate, u8);
	5710	+ PUT_SINFO(CONNECTED_TO_AS, connected_to_as, u8);
4860	5711
4861	5712	if (sinfo->filled & BIT_ULL(NL80211_STA_INFO_BSS_PARAM)) {
4862		- bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
	5713	+ bss_param = nla_nest_start_noflag(msg,
	5714	+ NL80211_STA_INFO_BSS_PARAM);
4863	5715	if (!bss_param)
4864	5716	goto nla_put_failure;
4865	5717
..	..	@@ -4887,12 +5739,13 @@
4887	5739	PUT_SINFO_U64(RX_DROP_MISC, rx_dropped_misc);
4888	5740	PUT_SINFO_U64(BEACON_RX, rx_beacon);
4889	5741	PUT_SINFO(BEACON_SIGNAL_AVG, rx_beacon_signal_avg, u8);
4890		- PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
4891	5742	PUT_SINFO(RX_MPDUS, rx_mpdu_count, u32);
4892	5743	PUT_SINFO(FCS_ERROR_COUNT, fcs_err_count, u32);
4893	5744	if (wiphy_ext_feature_isset(&rdev->wiphy,
4894		- NL80211_EXT_FEATURE_DATA_ACK_SIGNAL_SUPPORT))
4895		- PUT_SINFO(DATA_ACK_SIGNAL_AVG, avg_ack_signal, s8);
	5745	+ NL80211_EXT_FEATURE_ACK_SIGNAL_SUPPORT)) {
	5746	+ PUT_SINFO(ACK_SIGNAL, ack_signal, u8);
	5747	+ PUT_SINFO(ACK_SIGNAL_AVG, avg_ack_signal, s8);
	5748	+ }
4896	5749
4897	5750	#undef PUT_SINFO
4898	5751	#undef PUT_SINFO_U64
..	..	@@ -4901,7 +5754,8 @@
4901	5754	struct nlattr *tidsattr;
4902	5755	int tid;
4903	5756
4904		- tidsattr = nla_nest_start(msg, NL80211_STA_INFO_TID_STATS);
	5757	+ tidsattr = nla_nest_start_noflag(msg,
	5758	+ NL80211_STA_INFO_TID_STATS);
4905	5759	if (!tidsattr)
4906	5760	goto nla_put_failure;
4907	5761
..	..	@@ -4914,7 +5768,7 @@
4914	5768	if (!tidstats->filled)
4915	5769	continue;
4916	5770
4917		- tidattr = nla_nest_start(msg, tid + 1);
	5771	+ tidattr = nla_nest_start_noflag(msg, tid + 1);
4918	5772	if (!tidattr)
4919	5773	goto nla_put_failure;
4920	5774
..	..	@@ -4971,7 +5825,7 @@
4971	5825	int err;
4972	5826
4973	5827	rtnl_lock();
4974		- err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	5828	+ err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
4975	5829	if (err)
4976	5830	goto out_err;
4977	5831
..	..	@@ -5262,8 +6116,9 @@
5262	6116	return 0;
5263	6117
5264	6118	nla = info->attrs[NL80211_ATTR_STA_WME];
5265		- err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
5266		- nl80211_sta_wme_policy, info->extack);
	6119	+ err = nla_parse_nested_deprecated(tb, NL80211_STA_WME_MAX, nla,
	6120	+ nl80211_sta_wme_policy,
	6121	+ info->extack);
5267	6122	if (err)
5268	6123	return err;
5269	6124
..	..	@@ -5294,11 +6149,9 @@
5294	6149	nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_CHANNELS]);
5295	6150	/*
5296	6151	* Need to include at least one (first channel, number of
5297		- * channels) tuple for each subband, and must have proper
5298		- * tuples for the rest of the data as well.
	6152	+ * channels) tuple for each subband (checked in policy),
	6153	+ * and must have proper tuples for the rest of the data as well.
5299	6154	*/
5300		- if (params->supported_channels_len < 2)
5301		- return -EINVAL;
5302	6155	if (params->supported_channels_len % 2)
5303	6156	return -EINVAL;
5304	6157	}
..	..	@@ -5308,13 +6161,6 @@
5308	6161	nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5309	6162	params->supported_oper_classes_len =
5310	6163	nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES]);
5311		- /*
5312		- * The value of the Length field of the Supported Operating
5313		- * Classes element is between 2 and 253.
5314		- */
5315		- if (params->supported_oper_classes_len < 2 \|\|
5316		- params->supported_oper_classes_len > 253)
5317		- return -EINVAL;
5318	6164	}
5319	6165	return 0;
5320	6166	}
..	..	@@ -5337,9 +6183,6 @@
5337	6183	nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5338	6184	params->he_capa_len =
5339	6185	nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5340		-
5341		- if (params->he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5342		- return -EINVAL;
5343	6186	}
5344	6187
5345	6188	err = nl80211_parse_sta_channel_info(info, params);
..	..	@@ -5347,6 +6190,36 @@
5347	6190	return err;
5348	6191
5349	6192	return nl80211_parse_sta_wme(info, params);
	6193	+}
	6194	+
	6195	+static int nl80211_parse_sta_txpower_setting(struct genl_info *info,
	6196	+ struct station_parameters *params)
	6197	+{
	6198	+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
	6199	+ int idx;
	6200	+
	6201	+ if (info->attrs[NL80211_ATTR_STA_TX_POWER_SETTING]) {
	6202	+ if (!rdev->ops->set_tx_power \|\|
	6203	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	6204	+ NL80211_EXT_FEATURE_STA_TX_PWR))
	6205	+ return -EOPNOTSUPP;
	6206	+
	6207	+ idx = NL80211_ATTR_STA_TX_POWER_SETTING;
	6208	+ params->txpwr.type = nla_get_u8(info->attrs[idx]);
	6209	+
	6210	+ if (params->txpwr.type == NL80211_TX_POWER_LIMITED) {
	6211	+ idx = NL80211_ATTR_STA_TX_POWER;
	6212	+
	6213	+ if (info->attrs[idx])
	6214	+ params->txpwr.power =
	6215	+ nla_get_s16(info->attrs[idx]);
	6216	+ else
	6217	+ return -EINVAL;
	6218	+ }
	6219	+ params->sta_modify_mask \|= STATION_PARAM_APPLY_STA_TXPOWER;
	6220	+ }
	6221	+
	6222	+ return 0;
5350	6223	}
5351	6224
5352	6225	static int nl80211_set_station(struct sk_buff skb, struct genl_info info)
..	..	@@ -5370,23 +6243,20 @@
5370	6243	if (info->attrs[NL80211_ATTR_STA_AID])
5371	6244	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5372	6245
	6246	+ if (info->attrs[NL80211_ATTR_VLAN_ID])
	6247	+ params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
	6248	+
5373	6249	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
5374	6250	params.listen_interval =
5375	6251	nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5376	6252	else
5377	6253	params.listen_interval = -1;
5378	6254
5379		- if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5380		- u8 tmp;
5381		-
5382		- tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5383		- if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5384		- return -EINVAL;
5385		-
5386		- params.support_p2p_ps = tmp;
5387		- } else {
	6255	+ if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS])
	6256	+ params.support_p2p_ps =
	6257	+ nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
	6258	+ else
5388	6259	params.support_p2p_ps = -1;
5389		- }
5390	6260
5391	6261	if (!info->attrs[NL80211_ATTR_MAC])
5392	6262	return -EINVAL;
..	..	@@ -5416,43 +6286,45 @@
5416	6286	if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
5417	6287	return -EINVAL;
5418	6288
5419		- if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
	6289	+ if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5420	6290	params.plink_action =
5421	6291	nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5422		- if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5423		- return -EINVAL;
5424		- }
5425	6292
5426	6293	if (info->attrs[NL80211_ATTR_STA_PLINK_STATE]) {
5427	6294	params.plink_state =
5428	6295	nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);
5429		- if (params.plink_state >= NUM_NL80211_PLINK_STATES)
5430		- return -EINVAL;
5431		- if (info->attrs[NL80211_ATTR_MESH_PEER_AID]) {
	6296	+ if (info->attrs[NL80211_ATTR_MESH_PEER_AID])
5432	6297	params.peer_aid = nla_get_u16(
5433	6298	info->attrs[NL80211_ATTR_MESH_PEER_AID]);
5434		- if (params.peer_aid > IEEE80211_MAX_AID)
5435		- return -EINVAL;
5436		- }
5437	6299	params.sta_modify_mask \|= STATION_PARAM_APPLY_PLINK_STATE;
5438	6300	}
5439	6301
5440		- if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]) {
5441		- enum nl80211_mesh_power_mode pm = nla_get_u32(
	6302	+ if (info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE])
	6303	+ params.local_pm = nla_get_u32(
5442	6304	info->attrs[NL80211_ATTR_LOCAL_MESH_POWER_MODE]);
5443		-
5444		- if (pm <= NL80211_MESH_POWER_UNKNOWN \|\|
5445		- pm > NL80211_MESH_POWER_MAX)
5446		- return -EINVAL;
5447		-
5448		- params.local_pm = pm;
5449		- }
5450	6305
5451	6306	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5452	6307	params.opmode_notif_used = true;
5453	6308	params.opmode_notif =
5454	6309	nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5455	6310	}
	6311	+
	6312	+ if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
	6313	+ params.he_6ghz_capa =
	6314	+ nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
	6315	+
	6316	+ if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
	6317	+ params.airtime_weight =
	6318	+ nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
	6319	+
	6320	+ if (params.airtime_weight &&
	6321	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	6322	+ NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
	6323	+ return -EOPNOTSUPP;
	6324	+
	6325	+ err = nl80211_parse_sta_txpower_setting(info, &params);
	6326	+ if (err)
	6327	+ return err;
5456	6328
5457	6329	/* Include parameters for TDLS peer (will check later) */
5458	6330	err = nl80211_set_station_tdls(info, &params);
..	..	@@ -5523,14 +6395,12 @@
5523	6395	params.listen_interval =
5524	6396	nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
5525	6397
	6398	+ if (info->attrs[NL80211_ATTR_VLAN_ID])
	6399	+ params.vlan_id = nla_get_u16(info->attrs[NL80211_ATTR_VLAN_ID]);
	6400	+
5526	6401	if (info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]) {
5527		- u8 tmp;
5528		-
5529		- tmp = nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5530		- if (tmp >= NUM_NL80211_P2P_PS_STATUS)
5531		- return -EINVAL;
5532		-
5533		- params.support_p2p_ps = tmp;
	6402	+ params.support_p2p_ps =
	6403	+ nla_get_u8(info->attrs[NL80211_ATTR_STA_SUPPORT_P2P_PS]);
5534	6404	} else {
5535	6405	/*
5536	6406	* if not specified, assume it's supported for P2P GO interface,
..	..	@@ -5544,8 +6414,6 @@
5544	6414	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_PEER_AID]);
5545	6415	else
5546	6416	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
5547		- if (!params.aid \|\| params.aid > IEEE80211_MAX_AID)
5548		- return -EINVAL;
5549	6417
5550	6418	if (info->attrs[NL80211_ATTR_STA_CAPABILITY]) {
5551	6419	params.capability =
..	..	@@ -5573,11 +6441,11 @@
5573	6441	nla_data(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5574	6442	params.he_capa_len =
5575	6443	nla_len(info->attrs[NL80211_ATTR_HE_CAPABILITY]);
5576		-
5577		- /* max len is validated in nla policy */
5578		- if (params.he_capa_len < NL80211_HE_MIN_CAPABILITY_LEN)
5579		- return -EINVAL;
5580	6444	}
	6445	+
	6446	+ if (info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY])
	6447	+ params.he_6ghz_capa =
	6448	+ nla_data(info->attrs[NL80211_ATTR_HE_6GHZ_CAPABILITY]);
5581	6449
5582	6450	if (info->attrs[NL80211_ATTR_OPMODE_NOTIF]) {
5583	6451	params.opmode_notif_used = true;
..	..	@@ -5585,12 +6453,22 @@
5585	6453	nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
5586	6454	}
5587	6455
5588		- if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) {
	6456	+ if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
5589	6457	params.plink_action =
5590	6458	nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
5591		- if (params.plink_action >= NUM_NL80211_PLINK_ACTIONS)
5592		- return -EINVAL;
5593		- }
	6459	+
	6460	+ if (info->attrs[NL80211_ATTR_AIRTIME_WEIGHT])
	6461	+ params.airtime_weight =
	6462	+ nla_get_u16(info->attrs[NL80211_ATTR_AIRTIME_WEIGHT]);
	6463	+
	6464	+ if (params.airtime_weight &&
	6465	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	6466	+ NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
	6467	+ return -EOPNOTSUPP;
	6468	+
	6469	+ err = nl80211_parse_sta_txpower_setting(info, &params);
	6470	+ if (err)
	6471	+ return err;
5594	6472
5595	6473	err = nl80211_parse_sta_channel_info(info, &params);
5596	6474	if (err)
..	..	@@ -5613,9 +6491,13 @@
5613	6491	params.vht_capa = NULL;
5614	6492
5615	6493	/* HE requires WME */
5616		- if (params.he_capa_len)
	6494	+ if (params.he_capa_len \|\| params.he_6ghz_capa)
5617	6495	return -EINVAL;
5618	6496	}
	6497	+
	6498	+ /* Ensure that HT/VHT capabilities are not set for 6 GHz HE STA */
	6499	+ if (params.he_6ghz_capa && (params.ht_capa \|\| params.vht_capa))
	6500	+ return -EINVAL;
5619	6501
5620	6502	/* When you run into this, adjust the code below for the new flag */
5621	6503	BUILD_BUG_ON(NL80211_STA_FLAG_MAX != 7);
..	..	@@ -5723,11 +6605,22 @@
5723	6605	if (info->attrs[NL80211_ATTR_MAC])
5724	6606	params.mac = nla_data(info->attrs[NL80211_ATTR_MAC]);
5725	6607
5726		- if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
5727		- dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
5728		- dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
5729		- dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
	6608	+ switch (dev->ieee80211_ptr->iftype) {
	6609	+ case NL80211_IFTYPE_AP:
	6610	+ case NL80211_IFTYPE_AP_VLAN:
	6611	+ case NL80211_IFTYPE_MESH_POINT:
	6612	+ case NL80211_IFTYPE_P2P_GO:
	6613	+ /* always accept these */
	6614	+ break;
	6615	+ case NL80211_IFTYPE_ADHOC:
	6616	+ /* conditionally accept */
	6617	+ if (wiphy_ext_feature_isset(&rdev->wiphy,
	6618	+ NL80211_EXT_FEATURE_DEL_IBSS_STA))
	6619	+ break;
5730	6620	return -EINVAL;
	6621	+ default:
	6622	+ return -EINVAL;
	6623	+ }
5731	6624
5732	6625	if (!rdev->ops->del_station)
5733	6626	return -EOPNOTSUPP;
..	..	@@ -5774,7 +6667,7 @@
5774	6667	nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
5775	6668	goto nla_put_failure;
5776	6669
5777		- pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
	6670	+ pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MPATH_INFO);
5778	6671	if (!pinfoattr)
5779	6672	goto nla_put_failure;
5780	6673	if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
..	..	@@ -5797,7 +6690,13 @@
5797	6690	pinfo->discovery_timeout)) \|\|
5798	6691	((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
5799	6692	nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
5800		- pinfo->discovery_retries)))
	6693	+ pinfo->discovery_retries)) \|\|
	6694	+ ((pinfo->filled & MPATH_INFO_HOP_COUNT) &&
	6695	+ nla_put_u8(msg, NL80211_MPATH_INFO_HOP_COUNT,
	6696	+ pinfo->hop_count)) \|\|
	6697	+ ((pinfo->filled & MPATH_INFO_PATH_CHANGE) &&
	6698	+ nla_put_u32(msg, NL80211_MPATH_INFO_PATH_CHANGE,
	6699	+ pinfo->path_change_count)))
5801	6700	goto nla_put_failure;
5802	6701
5803	6702	nla_nest_end(msg, pinfoattr);
..	..	@@ -5822,7 +6721,7 @@
5822	6721	int err;
5823	6722
5824	6723	rtnl_lock();
5825		- err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	6724	+ err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
5826	6725	if (err)
5827	6726	goto out_err;
5828	6727
..	..	@@ -6021,7 +6920,7 @@
6021	6920	int err;
6022	6921
6023	6922	rtnl_lock();
6024		- err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	6923	+ err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
6025	6924	if (err)
6026	6925	goto out_err;
6027	6926
..	..	@@ -6103,9 +7002,7 @@
6103	7002	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6104	7003	return -EINVAL;
6105	7004	params.p2p_ctwindow =
6106		- nla_get_s8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6107		- if (params.p2p_ctwindow < 0)
6108		- return -EINVAL;
	7005	+ nla_get_u8(info->attrs[NL80211_ATTR_P2P_CTWINDOW]);
6109	7006	if (params.p2p_ctwindow != 0 &&
6110	7007	!(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_CTWIN))
6111	7008	return -EINVAL;
..	..	@@ -6117,8 +7014,6 @@
6117	7014	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
6118	7015	return -EINVAL;
6119	7016	tmp = nla_get_u8(info->attrs[NL80211_ATTR_P2P_OPPPS]);
6120		- if (tmp > 1)
6121		- return -EINVAL;
6122	7017	params.p2p_opp_ps = tmp;
6123	7018	if (params.p2p_opp_ps &&
6124	7019	!(rdev->wiphy.features & NL80211_FEATURE_P2P_GO_OPPPS))
..	..	@@ -6226,7 +7121,7 @@
6226	7121	NL80211_CMD_GET_MESH_CONFIG);
6227	7122	if (!hdr)
6228	7123	goto out;
6229		- pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
	7124	+ pinfoattr = nla_nest_start_noflag(msg, NL80211_ATTR_MESH_CONFIG);
6230	7125	if (!pinfoattr)
6231	7126	goto nla_put_failure;
6232	7127	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) \|\|
..	..	@@ -6285,7 +7180,13 @@
6285	7180	nla_put_u16(msg, NL80211_MESHCONF_AWAKE_WINDOW,
6286	7181	cur_params.dot11MeshAwakeWindowDuration) \|\|
6287	7182	nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
6288		- cur_params.plink_timeout))
	7183	+ cur_params.plink_timeout) \|\|
	7184	+ nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_GATE,
	7185	+ cur_params.dot11MeshConnectedToMeshGate) \|\|
	7186	+ nla_put_u8(msg, NL80211_MESHCONF_NOLEARN,
	7187	+ cur_params.dot11MeshNolearn) \|\|
	7188	+ nla_put_u8(msg, NL80211_MESHCONF_CONNECTED_TO_AS,
	7189	+ cur_params.dot11MeshConnectedToAuthServer))
6289	7190	goto nla_put_failure;
6290	7191	nla_nest_end(msg, pinfoattr);
6291	7192	genlmsg_end(msg, hdr);
..	..	@@ -6297,35 +7198,54 @@
6297	7198	return -ENOBUFS;
6298	7199	}
6299	7200
6300		-static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
6301		- [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
6302		- [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
6303		- [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
6304		- [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
6305		- [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
6306		- [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
6307		- [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
6308		- [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
6309		- [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
	7201	+static const struct nla_policy
	7202	+nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
	7203	+ [NL80211_MESHCONF_RETRY_TIMEOUT] =
	7204	+ NLA_POLICY_RANGE(NLA_U16, 1, 255),
	7205	+ [NL80211_MESHCONF_CONFIRM_TIMEOUT] =
	7206	+ NLA_POLICY_RANGE(NLA_U16, 1, 255),
	7207	+ [NL80211_MESHCONF_HOLDING_TIMEOUT] =
	7208	+ NLA_POLICY_RANGE(NLA_U16, 1, 255),
	7209	+ [NL80211_MESHCONF_MAX_PEER_LINKS] =
	7210	+ NLA_POLICY_RANGE(NLA_U16, 0, 255),
	7211	+ [NL80211_MESHCONF_MAX_RETRIES] = NLA_POLICY_MAX(NLA_U8, 16),
	7212	+ [NL80211_MESHCONF_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
	7213	+ [NL80211_MESHCONF_ELEMENT_TTL] = NLA_POLICY_MIN(NLA_U8, 1),
	7214	+ [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = NLA_POLICY_MAX(NLA_U8, 1),
	7215	+ [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] =
	7216	+ NLA_POLICY_RANGE(NLA_U32, 1, 255),
6310	7217	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
6311	7218	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
6312		- [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
	7219	+ [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = NLA_POLICY_MIN(NLA_U16, 1),
6313	7220	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
6314		- [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
6315		- [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
6316		- [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
6317		- [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
6318		- [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
6319		- [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
6320		- [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
6321		- [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
	7221	+ [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] =
	7222	+ NLA_POLICY_MIN(NLA_U16, 1),
	7223	+ [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] =
	7224	+ NLA_POLICY_MIN(NLA_U16, 1),
	7225	+ [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] =
	7226	+ NLA_POLICY_MIN(NLA_U16, 1),
	7227	+ [NL80211_MESHCONF_HWMP_ROOTMODE] = NLA_POLICY_MAX(NLA_U8, 4),
	7228	+ [NL80211_MESHCONF_HWMP_RANN_INTERVAL] =
	7229	+ NLA_POLICY_MIN(NLA_U16, 1),
	7230	+ [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = NLA_POLICY_MAX(NLA_U8, 1),
	7231	+ [NL80211_MESHCONF_FORWARDING] = NLA_POLICY_MAX(NLA_U8, 1),
	7232	+ [NL80211_MESHCONF_RSSI_THRESHOLD] =
	7233	+ NLA_POLICY_RANGE(NLA_S32, -255, 0),
6322	7234	[NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
6323	7235	[NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
6324		- [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
6325		- [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
6326		- [NL80211_MESHCONF_POWER_MODE] = { .type = NLA_U32 },
	7236	+ [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] =
	7237	+ NLA_POLICY_MIN(NLA_U16, 1),
	7238	+ [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] =
	7239	+ NLA_POLICY_MIN(NLA_U16, 1),
	7240	+ [NL80211_MESHCONF_POWER_MODE] =
	7241	+ NLA_POLICY_RANGE(NLA_U32,
	7242	+ NL80211_MESH_POWER_ACTIVE,
	7243	+ NL80211_MESH_POWER_MAX),
6327	7244	[NL80211_MESHCONF_AWAKE_WINDOW] = { .type = NLA_U16 },
6328	7245	[NL80211_MESHCONF_PLINK_TIMEOUT] = { .type = NLA_U32 },
	7246	+ [NL80211_MESHCONF_CONNECTED_TO_GATE] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
	7247	+ [NL80211_MESHCONF_NOLEARN] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
	7248	+ [NL80211_MESHCONF_CONNECTED_TO_AS] = NLA_POLICY_RANGE(NLA_U8, 0, 1),
6329	7249	};
6330	7250
6331	7251	static const struct nla_policy
..	..	@@ -6336,67 +7256,11 @@
6336	7256	[NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
6337	7257	[NL80211_MESH_SETUP_AUTH_PROTOCOL] = { .type = NLA_U8 },
6338	7258	[NL80211_MESH_SETUP_USERSPACE_MPM] = { .type = NLA_FLAG },
6339		- [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
6340		- .len = IEEE80211_MAX_DATA_LEN },
	7259	+ [NL80211_MESH_SETUP_IE] =
	7260	+ NLA_POLICY_VALIDATE_FN(NLA_BINARY, validate_ie_attr,
	7261	+ IEEE80211_MAX_DATA_LEN),
6341	7262	[NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
6342	7263	};
6343		-
6344		-static int nl80211_check_bool(const struct nlattr nla, u8 min, u8 max, bool out)
6345		-{
6346		- u8 val = nla_get_u8(nla);
6347		- if (val < min \|\| val > max)
6348		- return -EINVAL;
6349		- *out = val;
6350		- return 0;
6351		-}
6352		-
6353		-static int nl80211_check_u8(const struct nlattr nla, u8 min, u8 max, u8 out)
6354		-{
6355		- u8 val = nla_get_u8(nla);
6356		- if (val < min \|\| val > max)
6357		- return -EINVAL;
6358		- *out = val;
6359		- return 0;
6360		-}
6361		-
6362		-static int nl80211_check_u16(const struct nlattr nla, u16 min, u16 max, u16 out)
6363		-{
6364		- u16 val = nla_get_u16(nla);
6365		- if (val < min \|\| val > max)
6366		- return -EINVAL;
6367		- *out = val;
6368		- return 0;
6369		-}
6370		-
6371		-static int nl80211_check_u32(const struct nlattr nla, u32 min, u32 max, u32 out)
6372		-{
6373		- u32 val = nla_get_u32(nla);
6374		- if (val < min \|\| val > max)
6375		- return -EINVAL;
6376		- *out = val;
6377		- return 0;
6378		-}
6379		-
6380		-static int nl80211_check_s32(const struct nlattr nla, s32 min, s32 max, s32 out)
6381		-{
6382		- s32 val = nla_get_s32(nla);
6383		- if (val < min \|\| val > max)
6384		- return -EINVAL;
6385		- *out = val;
6386		- return 0;
6387		-}
6388		-
6389		-static int nl80211_check_power_mode(const struct nlattr *nla,
6390		- enum nl80211_mesh_power_mode min,
6391		- enum nl80211_mesh_power_mode max,
6392		- enum nl80211_mesh_power_mode *out)
6393		-{
6394		- u32 val = nla_get_u32(nla);
6395		- if (val < min \|\| val > max)
6396		- return -EINVAL;
6397		- *out = val;
6398		- return 0;
6399		-}
6400	7264
6401	7265	static int nl80211_parse_mesh_config(struct genl_info *info,
6402	7266	struct mesh_config *cfg,
..	..	@@ -6406,20 +7270,17 @@
6406	7270	u32 mask = 0;
6407	7271	u16 ht_opmode;
6408	7272
6409		-#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, min, max, mask, attr, fn) \
6410		-do { \
6411		- if (tb[attr]) { \
6412		- if (fn(tb[attr], min, max, &cfg->param)) \
6413		- return -EINVAL; \
6414		- mask \|= (1 << (attr - 1)); \
6415		- } \
	7273	+#define FILL_IN_MESH_PARAM_IF_SET(tb, cfg, param, mask, attr, fn) \
	7274	+do { \
	7275	+ if (tb[attr]) { \
	7276	+ cfg->param = fn(tb[attr]); \
	7277	+ mask \|= BIT((attr) - 1); \
	7278	+ } \
6416	7279	} while (0)
6417	7280
6418	7281	if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
6419	7282	return -EINVAL;
6420		- if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
6421		- info->attrs[NL80211_ATTR_MESH_CONFIG],
6422		- nl80211_meshconf_params_policy, info->extack))
	7283	+ if (nla_parse_nested_deprecated(tb, NL80211_MESHCONF_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_CONFIG], nl80211_meshconf_params_policy, info->extack))
6423	7284	return -EINVAL;
6424	7285
6425	7286	/* This makes sure that there aren't more than 32 mesh config
..	..	@@ -6427,75 +7288,79 @@
6427	7288	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
6428	7289
6429	7290	/* Fill in the params struct */
6430		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 1, 255,
6431		- mask, NL80211_MESHCONF_RETRY_TIMEOUT,
6432		- nl80211_check_u16);
6433		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 1, 255,
6434		- mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
6435		- nl80211_check_u16);
6436		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 1, 255,
6437		- mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
6438		- nl80211_check_u16);
6439		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 0, 255,
6440		- mask, NL80211_MESHCONF_MAX_PEER_LINKS,
6441		- nl80211_check_u16);
6442		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 0, 16,
6443		- mask, NL80211_MESHCONF_MAX_RETRIES,
6444		- nl80211_check_u8);
6445		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 1, 255,
6446		- mask, NL80211_MESHCONF_TTL, nl80211_check_u8);
6447		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, 1, 255,
6448		- mask, NL80211_MESHCONF_ELEMENT_TTL,
6449		- nl80211_check_u8);
6450		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 0, 1,
6451		- mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
6452		- nl80211_check_bool);
	7291	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, mask,
	7292	+ NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
	7293	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, mask,
	7294	+ NL80211_MESHCONF_CONFIRM_TIMEOUT,
	7295	+ nla_get_u16);
	7296	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, mask,
	7297	+ NL80211_MESHCONF_HOLDING_TIMEOUT,
	7298	+ nla_get_u16);
	7299	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, mask,
	7300	+ NL80211_MESHCONF_MAX_PEER_LINKS,
	7301	+ nla_get_u16);
	7302	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, mask,
	7303	+ NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
	7304	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, mask,
	7305	+ NL80211_MESHCONF_TTL, nla_get_u8);
	7306	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl, mask,
	7307	+ NL80211_MESHCONF_ELEMENT_TTL, nla_get_u8);
	7308	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, mask,
	7309	+ NL80211_MESHCONF_AUTO_OPEN_PLINKS,
	7310	+ nla_get_u8);
6453	7311	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor,
6454		- 1, 255, mask,
	7312	+ mask,
6455	7313	NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
6456		- nl80211_check_u32);
6457		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 0, 255,
6458		- mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
6459		- nl80211_check_u8);
6460		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 1, 65535,
6461		- mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
6462		- nl80211_check_u32);
6463		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 1, 65535,
6464		- mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
6465		- nl80211_check_u16);
	7314	+ nla_get_u32);
	7315	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, mask,
	7316	+ NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
	7317	+ nla_get_u8);
	7318	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, mask,
	7319	+ NL80211_MESHCONF_PATH_REFRESH_TIME,
	7320	+ nla_get_u32);
	7321	+ if (mask & BIT(NL80211_MESHCONF_PATH_REFRESH_TIME) &&
	7322	+ (cfg->path_refresh_time < 1 \|\| cfg->path_refresh_time > 65535))
	7323	+ return -EINVAL;
	7324	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, mask,
	7325	+ NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
	7326	+ nla_get_u16);
6466	7327	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
6467		- 1, 65535, mask,
	7328	+ mask,
6468	7329	NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
6469		- nl80211_check_u32);
6470		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
6471		- 1, 65535, mask,
	7330	+ nla_get_u32);
	7331	+ if (mask & BIT(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT) &&
	7332	+ (cfg->dot11MeshHWMPactivePathTimeout < 1 \|\|
	7333	+ cfg->dot11MeshHWMPactivePathTimeout > 65535))
	7334	+ return -EINVAL;
	7335	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, mask,
6472	7336	NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
6473		- nl80211_check_u16);
6474		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
6475		- 1, 65535, mask,
	7337	+ nla_get_u16);
	7338	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval, mask,
6476	7339	NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
6477		- nl80211_check_u16);
	7340	+ nla_get_u16);
6478	7341	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6479		- dot11MeshHWMPnetDiameterTraversalTime,
6480		- 1, 65535, mask,
	7342	+ dot11MeshHWMPnetDiameterTraversalTime, mask,
6481	7343	NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
6482		- nl80211_check_u16);
6483		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, 0, 4,
6484		- mask, NL80211_MESHCONF_HWMP_ROOTMODE,
6485		- nl80211_check_u8);
6486		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, 1, 65535,
6487		- mask, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
6488		- nl80211_check_u16);
6489		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6490		- dot11MeshGateAnnouncementProtocol, 0, 1,
	7344	+ nla_get_u16);
	7345	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
	7346	+ NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
	7347	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
	7348	+ NL80211_MESHCONF_HWMP_RANN_INTERVAL,
	7349	+ nla_get_u16);
	7350	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshGateAnnouncementProtocol,
6491	7351	mask, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
6492		- nl80211_check_bool);
6493		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, 0, 1,
6494		- mask, NL80211_MESHCONF_FORWARDING,
6495		- nl80211_check_bool);
6496		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, -255, 0,
6497		- mask, NL80211_MESHCONF_RSSI_THRESHOLD,
6498		- nl80211_check_s32);
	7352	+ nla_get_u8);
	7353	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding, mask,
	7354	+ NL80211_MESHCONF_FORWARDING, nla_get_u8);
	7355	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold, mask,
	7356	+ NL80211_MESHCONF_RSSI_THRESHOLD,
	7357	+ nla_get_s32);
	7358	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToMeshGate, mask,
	7359	+ NL80211_MESHCONF_CONNECTED_TO_GATE,
	7360	+ nla_get_u8);
	7361	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConnectedToAuthServer, mask,
	7362	+ NL80211_MESHCONF_CONNECTED_TO_AS,
	7363	+ nla_get_u8);
6499	7364	/*
6500	7365	* Check HT operation mode based on
6501	7366	* IEEE 802.11-2016 9.4.2.57 HT Operation element.
..	..	@@ -6514,29 +7379,29 @@
6514	7379	cfg->ht_opmode = ht_opmode;
6515	7380	mask \|= (1 << (NL80211_MESHCONF_HT_OPMODE - 1));
6516	7381	}
6517		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
6518		- 1, 65535, mask,
6519		- NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
6520		- nl80211_check_u32);
6521		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, 1, 65535,
6522		- mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
6523		- nl80211_check_u16);
6524	7382	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
6525		- dot11MeshHWMPconfirmationInterval,
6526		- 1, 65535, mask,
	7383	+ dot11MeshHWMPactivePathToRootTimeout, mask,
	7384	+ NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
	7385	+ nla_get_u32);
	7386	+ if (mask & BIT(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT) &&
	7387	+ (cfg->dot11MeshHWMPactivePathToRootTimeout < 1 \|\|
	7388	+ cfg->dot11MeshHWMPactivePathToRootTimeout > 65535))
	7389	+ return -EINVAL;
	7390	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval, mask,
	7391	+ NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
	7392	+ nla_get_u16);
	7393	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPconfirmationInterval,
	7394	+ mask,
6527	7395	NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
6528		- nl80211_check_u16);
6529		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode,
6530		- NL80211_MESH_POWER_ACTIVE,
6531		- NL80211_MESH_POWER_MAX,
6532		- mask, NL80211_MESHCONF_POWER_MODE,
6533		- nl80211_check_power_mode);
6534		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration,
6535		- 0, 65535, mask,
6536		- NL80211_MESHCONF_AWAKE_WINDOW, nl80211_check_u16);
6537		- FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, 0, 0xffffffff,
6538		- mask, NL80211_MESHCONF_PLINK_TIMEOUT,
6539		- nl80211_check_u32);
	7396	+ nla_get_u16);
	7397	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, power_mode, mask,
	7398	+ NL80211_MESHCONF_POWER_MODE, nla_get_u32);
	7399	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshAwakeWindowDuration, mask,
	7400	+ NL80211_MESHCONF_AWAKE_WINDOW, nla_get_u16);
	7401	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, plink_timeout, mask,
	7402	+ NL80211_MESHCONF_PLINK_TIMEOUT, nla_get_u32);
	7403	+ FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNolearn, mask,
	7404	+ NL80211_MESHCONF_NOLEARN, nla_get_u8);
6540	7405	if (mask_out)
6541	7406	*mask_out = mask;
6542	7407
..	..	@@ -6553,9 +7418,7 @@
6553	7418
6554	7419	if (!info->attrs[NL80211_ATTR_MESH_SETUP])
6555	7420	return -EINVAL;
6556		- if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
6557		- info->attrs[NL80211_ATTR_MESH_SETUP],
6558		- nl80211_mesh_setup_params_policy, info->extack))
	7421	+ if (nla_parse_nested_deprecated(tb, NL80211_MESH_SETUP_ATTR_MAX, info->attrs[NL80211_ATTR_MESH_SETUP], nl80211_mesh_setup_params_policy, info->extack))
6559	7422	return -EINVAL;
6560	7423
6561	7424	if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
..	..	@@ -6579,8 +7442,6 @@
6579	7442	if (tb[NL80211_MESH_SETUP_IE]) {
6580	7443	struct nlattr *ieattr =
6581	7444	tb[NL80211_MESH_SETUP_IE];
6582		- if (!is_valid_ie_attr(ieattr))
6583		- return -EINVAL;
6584	7445	setup->ie = nla_data(ieattr);
6585	7446	setup->ie_len = nla_len(ieattr);
6586	7447	}
..	..	@@ -6646,7 +7507,7 @@
6646	7507	nla_put_u8(msg, NL80211_ATTR_DFS_REGION, regdom->dfs_region)))
6647	7508	goto nla_put_failure;
6648	7509
6649		- nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
	7510	+ nl_reg_rules = nla_nest_start_noflag(msg, NL80211_ATTR_REG_RULES);
6650	7511	if (!nl_reg_rules)
6651	7512	goto nla_put_failure;
6652	7513
..	..	@@ -6661,7 +7522,7 @@
6661	7522	freq_range = &reg_rule->freq_range;
6662	7523	power_rule = &reg_rule->power_rule;
6663	7524
6664		- nl_reg_rule = nla_nest_start(msg, i);
	7525	+ nl_reg_rule = nla_nest_start_noflag(msg, i);
6665	7526	if (!nl_reg_rule)
6666	7527	goto nla_put_failure;
6667	7528
..	..	@@ -6899,7 +7760,7 @@
6899	7760	struct nlattr *nl_reg_rule;
6900	7761	char *alpha2;
6901	7762	int rem_reg_rules, r;
6902		- u32 num_rules = 0, rule_idx = 0, size_of_regd;
	7763	+ u32 num_rules = 0, rule_idx = 0;
6903	7764	enum nl80211_dfs_regions dfs_region = NL80211_DFS_UNSET;
6904	7765	struct ieee80211_regdomain *rd;
6905	7766
..	..	@@ -6924,10 +7785,7 @@
6924	7785	if (!reg_is_valid_request(alpha2))
6925	7786	return -EINVAL;
6926	7787
6927		- size_of_regd = sizeof(struct ieee80211_regdomain) +
6928		- num_rules * sizeof(struct ieee80211_reg_rule);
6929		-
6930		- rd = kzalloc(size_of_regd, GFP_KERNEL);
	7788	+ rd = kzalloc(struct_size(rd, reg_rules, num_rules), GFP_KERNEL);
6931	7789	if (!rd)
6932	7790	return -ENOMEM;
6933	7791
..	..	@@ -6944,9 +7802,9 @@
6944	7802
6945	7803	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
6946	7804	rem_reg_rules) {
6947		- r = nla_parse_nested(tb, NL80211_REG_RULE_ATTR_MAX,
6948		- nl_reg_rule, reg_rule_policy,
6949		- info->extack);
	7805	+ r = nla_parse_nested_deprecated(tb, NL80211_REG_RULE_ATTR_MAX,
	7806	+ nl_reg_rule, reg_rule_policy,
	7807	+ info->extack);
6950	7808	if (r)
6951	7809	goto bad_reg;
6952	7810	r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
..	..	@@ -7017,8 +7875,9 @@
7017	7875	if (!nla_ok(nest, nla_len(nest)))
7018	7876	return -EINVAL;
7019	7877
7020		- err = nla_parse_nested(attr, NL80211_BSS_SELECT_ATTR_MAX, nest,
7021		- nl80211_bss_select_policy, NULL);
	7878	+ err = nla_parse_nested_deprecated(attr, NL80211_BSS_SELECT_ATTR_MAX,
	7879	+ nest, nl80211_bss_select_policy,
	7880	+ NULL);
7022	7881	if (err)
7023	7882	return err;
7024	7883
..	..	@@ -7065,8 +7924,8 @@
7065	7924	return 0;
7066	7925	}
7067	7926
7068		-static int nl80211_parse_random_mac(struct nlattr **attrs,
7069		- u8 mac_addr, u8 mac_addr_mask)
	7927	+int nl80211_parse_random_mac(struct nlattr **attrs,
	7928	+ u8 mac_addr, u8 mac_addr_mask)
7070	7929	{
7071	7930	int i;
7072	7931
..	..	@@ -7208,13 +8067,12 @@
7208	8067	struct cfg80211_registered_device *rdev = info->user_ptr[0];
7209	8068	struct wireless_dev *wdev = info->user_ptr[1];
7210	8069	struct cfg80211_scan_request *request;
	8070	+ struct nlattr *scan_freqs = NULL;
	8071	+ bool scan_freqs_khz = false;
7211	8072	struct nlattr *attr;
7212	8073	struct wiphy *wiphy;
7213	8074	int err, tmp, n_ssids = 0, n_channels, i;
7214	8075	size_t ie_len;
7215		-
7216		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
7217		- return -EINVAL;
7218	8076
7219	8077	wiphy = &rdev->wiphy;
7220	8078
..	..	@@ -7224,18 +8082,22 @@
7224	8082	if (!rdev->ops->scan)
7225	8083	return -EOPNOTSUPP;
7226	8084
7227		- if (rdev->scan_req \|\| rdev->scan_msg) {
7228		- err = -EBUSY;
7229		- goto unlock;
7230		- }
	8085	+ if (rdev->scan_req \|\| rdev->scan_msg)
	8086	+ return -EBUSY;
7231	8087
7232		- if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7233		- n_channels = validate_scan_freqs(
7234		- info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
7235		- if (!n_channels) {
7236		- err = -EINVAL;
7237		- goto unlock;
7238		- }
	8088	+ if (info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ]) {
	8089	+ if (!wiphy_ext_feature_isset(wiphy,
	8090	+ NL80211_EXT_FEATURE_SCAN_FREQ_KHZ))
	8091	+ return -EOPNOTSUPP;
	8092	+ scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQ_KHZ];
	8093	+ scan_freqs_khz = true;
	8094	+ } else if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES])
	8095	+ scan_freqs = info->attrs[NL80211_ATTR_SCAN_FREQUENCIES];
	8096	+
	8097	+ if (scan_freqs) {
	8098	+ n_channels = validate_scan_freqs(scan_freqs);
	8099	+ if (!n_channels)
	8100	+ return -EINVAL;
7239	8101	} else {
7240	8102	n_channels = ieee80211_get_num_supported_channels(wiphy);
7241	8103	}
..	..	@@ -7244,29 +8106,23 @@
7244	8106	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
7245	8107	n_ssids++;
7246	8108
7247		- if (n_ssids > wiphy->max_scan_ssids) {
7248		- err = -EINVAL;
7249		- goto unlock;
7250		- }
	8109	+ if (n_ssids > wiphy->max_scan_ssids)
	8110	+ return -EINVAL;
7251	8111
7252	8112	if (info->attrs[NL80211_ATTR_IE])
7253	8113	ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
7254	8114	else
7255	8115	ie_len = 0;
7256	8116
7257		- if (ie_len > wiphy->max_scan_ie_len) {
7258		- err = -EINVAL;
7259		- goto unlock;
7260		- }
	8117	+ if (ie_len > wiphy->max_scan_ie_len)
	8118	+ return -EINVAL;
7261	8119
7262	8120	request = kzalloc(sizeof(*request)
7263	8121	+ sizeof(request->ssids) n_ssids
7264	8122	+ sizeof(request->channels) n_channels
7265	8123	+ ie_len, GFP_KERNEL);
7266		- if (!request) {
7267		- err = -ENOMEM;
7268		- goto unlock;
7269		- }
	8124	+ if (!request)
	8125	+ return -ENOMEM;
7270	8126
7271	8127	if (n_ssids)
7272	8128	request->ssids = (void *)&request->channels[n_channels];
..	..	@@ -7279,13 +8135,16 @@
7279	8135	}
7280	8136
7281	8137	i = 0;
7282		- if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
	8138	+ if (scan_freqs) {
7283	8139	/* user specified, bail out if channel not found */
7284		- nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
	8140	+ nla_for_each_nested(attr, scan_freqs, tmp) {
7285	8141	struct ieee80211_channel *chan;
	8142	+ int freq = nla_get_u32(attr);
7286	8143
7287		- chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));
	8144	+ if (!scan_freqs_khz)
	8145	+ freq = MHZ_TO_KHZ(freq);
7288	8146
	8147	+ chan = ieee80211_get_channel_khz(wiphy, freq);
7289	8148	if (!chan) {
7290	8149	err = -EINVAL;
7291	8150	goto out_free;
..	..	@@ -7440,19 +8299,21 @@
7440	8299	request->scan_start = jiffies;
7441	8300
7442	8301	rdev->scan_req = request;
7443		- err = rdev_scan(rdev, request);
	8302	+ err = cfg80211_scan(rdev);
7444	8303
7445		- if (!err) {
7446		- nl80211_send_scan_start(rdev, wdev);
7447		- if (wdev->netdev)
7448		- dev_hold(wdev->netdev);
7449		- } else {
	8304	+ if (err)
	8305	+ goto out_free;
	8306	+
	8307	+ nl80211_send_scan_start(rdev, wdev);
	8308	+ if (wdev->netdev)
	8309	+ dev_hold(wdev->netdev);
	8310	+
	8311	+ return 0;
	8312	+
7450	8313	out_free:
7451		- rdev->scan_req = NULL;
7452		- kfree(request);
7453		- }
	8314	+ rdev->scan_req = NULL;
	8315	+ kfree(request);
7454	8316
7455		- unlock:
7456	8317	return err;
7457	8318	}
7458	8319
..	..	@@ -7514,8 +8375,10 @@
7514	8375	if (WARN_ON(i >= n_plans))
7515	8376	return -EINVAL;
7516	8377
7517		- err = nla_parse_nested(plan, NL80211_SCHED_SCAN_PLAN_MAX,
7518		- attr, nl80211_plan_policy, NULL);
	8378	+ err = nla_parse_nested_deprecated(plan,
	8379	+ NL80211_SCHED_SCAN_PLAN_MAX,
	8380	+ attr, nl80211_plan_policy,
	8381	+ NULL);
7519	8382	if (err)
7520	8383	return err;
7521	8384
..	..	@@ -7557,6 +8420,41 @@
7557	8420	return 0;
7558	8421	}
7559	8422
	8423	+static int
	8424	+nl80211_parse_sched_scan_per_band_rssi(struct wiphy *wiphy,
	8425	+ struct cfg80211_match_set *match_sets,
	8426	+ struct nlattr *tb_band_rssi,
	8427	+ s32 rssi_thold)
	8428	+{
	8429	+ struct nlattr *attr;
	8430	+ int i, tmp, ret = 0;
	8431	+
	8432	+ if (!wiphy_ext_feature_isset(wiphy,
	8433	+ NL80211_EXT_FEATURE_SCHED_SCAN_BAND_SPECIFIC_RSSI_THOLD)) {
	8434	+ if (tb_band_rssi)
	8435	+ ret = -EOPNOTSUPP;
	8436	+ else
	8437	+ for (i = 0; i < NUM_NL80211_BANDS; i++)
	8438	+ match_sets->per_band_rssi_thold[i] =
	8439	+ NL80211_SCAN_RSSI_THOLD_OFF;
	8440	+ return ret;
	8441	+ }
	8442	+
	8443	+ for (i = 0; i < NUM_NL80211_BANDS; i++)
	8444	+ match_sets->per_band_rssi_thold[i] = rssi_thold;
	8445	+
	8446	+ nla_for_each_nested(attr, tb_band_rssi, tmp) {
	8447	+ enum nl80211_band band = nla_type(attr);
	8448	+
	8449	+ if (band < 0 \|\| band >= NUM_NL80211_BANDS)
	8450	+ return -EINVAL;
	8451	+
	8452	+ match_sets->per_band_rssi_thold[band] = nla_get_s32(attr);
	8453	+ }
	8454	+
	8455	+ return 0;
	8456	+}
	8457	+
7560	8458	static struct cfg80211_sched_scan_request *
7561	8459	nl80211_parse_sched_scan(struct wiphy wiphy, struct wireless_dev wdev,
7562	8460	struct nlattr **attrs, int max_match_sets)
..	..	@@ -7568,9 +8466,6 @@
7568	8466	size_t ie_len;
7569	8467	struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];
7570	8468	s32 default_match_rssi = NL80211_SCAN_RSSI_THOLD_OFF;
7571		-
7572		- if (!is_valid_ie_attr(attrs[NL80211_ATTR_IE]))
7573		- return ERR_PTR(-EINVAL);
7574	8469
7575	8470	if (attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
7576	8471	n_channels = validate_scan_freqs(
..	..	@@ -7604,10 +8499,11 @@
7604	8499	tmp) {
7605	8500	struct nlattr *rssi;
7606	8501
7607		- err = nla_parse_nested(tb,
7608		- NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7609		- attr, nl80211_match_policy,
7610		- NULL);
	8502	+ err = nla_parse_nested_deprecated(tb,
	8503	+ NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
	8504	+ attr,
	8505	+ nl80211_match_policy,
	8506	+ NULL);
7611	8507	if (err)
7612	8508	return ERR_PTR(err);
7613	8509
..	..	@@ -7791,51 +8687,55 @@
7791	8687	tmp) {
7792	8688	struct nlattr ssid, bssid, *rssi;
7793	8689
7794		- err = nla_parse_nested(tb,
7795		- NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
7796		- attr, nl80211_match_policy,
7797		- NULL);
	8690	+ err = nla_parse_nested_deprecated(tb,
	8691	+ NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
	8692	+ attr,
	8693	+ nl80211_match_policy,
	8694	+ NULL);
7798	8695	if (err)
7799	8696	goto out_free;
7800	8697	ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
7801	8698	bssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_BSSID];
7802		- if (ssid \|\| bssid) {
7803		- if (WARN_ON(i >= n_match_sets)) {
7804		- /* this indicates a programming error,
7805		- * the loop above should have verified
7806		- * things properly
7807		- */
7808		- err = -EINVAL;
7809		- goto out_free;
7810		- }
7811	8699
7812		- if (ssid) {
7813		- if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
7814		- err = -EINVAL;
7815		- goto out_free;
7816		- }
7817		- memcpy(request->match_sets[i].ssid.ssid,
7818		- nla_data(ssid), nla_len(ssid));
7819		- request->match_sets[i].ssid.ssid_len =
7820		- nla_len(ssid);
7821		- }
7822		- if (bssid) {
7823		- if (nla_len(bssid) != ETH_ALEN) {
7824		- err = -EINVAL;
7825		- goto out_free;
7826		- }
7827		- memcpy(request->match_sets[i].bssid,
7828		- nla_data(bssid), ETH_ALEN);
7829		- }
7830		-
7831		- /* special attribute - old implementation w/a */
7832		- request->match_sets[i].rssi_thold =
7833		- default_match_rssi;
7834		- rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
7835		- if (rssi)
7836		- request->match_sets[i].rssi_thold =
7837		- nla_get_s32(rssi);
	8700	+ if (!ssid && !bssid) {
	8701	+ i++;
	8702	+ continue;
7838	8703	}
	8704	+
	8705	+ if (WARN_ON(i >= n_match_sets)) {
	8706	+ /* this indicates a programming error,
	8707	+ * the loop above should have verified
	8708	+ * things properly
	8709	+ */
	8710	+ err = -EINVAL;
	8711	+ goto out_free;
	8712	+ }
	8713	+
	8714	+ if (ssid) {
	8715	+ memcpy(request->match_sets[i].ssid.ssid,
	8716	+ nla_data(ssid), nla_len(ssid));
	8717	+ request->match_sets[i].ssid.ssid_len =
	8718	+ nla_len(ssid);
	8719	+ }
	8720	+ if (bssid)
	8721	+ memcpy(request->match_sets[i].bssid,
	8722	+ nla_data(bssid), ETH_ALEN);
	8723	+
	8724	+ /* special attribute - old implementation w/a */
	8725	+ request->match_sets[i].rssi_thold = default_match_rssi;
	8726	+ rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
	8727	+ if (rssi)
	8728	+ request->match_sets[i].rssi_thold =
	8729	+ nla_get_s32(rssi);
	8730	+
	8731	+ /* Parse per band RSSI attribute */
	8732	+ err = nl80211_parse_sched_scan_per_band_rssi(wiphy,
	8733	+ &request->match_sets[i],
	8734	+ tb[NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI],
	8735	+ request->match_sets[i].rssi_thold);
	8736	+ if (err)
	8737	+ goto out_free;
	8738	+
7839	8739	i++;
7840	8740	}
7841	8741
..	..	@@ -7929,10 +8829,8 @@
7929	8829	/* leave request id zero for legacy request
7930	8830	* or if driver does not support multi-scheduled scan
7931	8831	*/
7932		- if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1) {
7933		- while (!sched_scan_req->reqid)
7934		- sched_scan_req->reqid = rdev->wiphy.cookie_counter++;
7935		- }
	8832	+ if (want_multi && rdev->wiphy.max_sched_scan_reqs > 1)
	8833	+ sched_scan_req->reqid = cfg80211_assign_cookie(rdev);
7936	8834
7937	8835	err = rdev_sched_scan_start(rdev, dev, sched_scan_req);
7938	8836	if (err)
..	..	@@ -8038,6 +8936,60 @@
8038	8936	return err;
8039	8937	}
8040	8938
	8939	+static int nl80211_notify_radar_detection(struct sk_buff *skb,
	8940	+ struct genl_info *info)
	8941	+{
	8942	+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
	8943	+ struct net_device *dev = info->user_ptr[1];
	8944	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
	8945	+ struct wiphy *wiphy = wdev->wiphy;
	8946	+ struct cfg80211_chan_def chandef;
	8947	+ enum nl80211_dfs_regions dfs_region;
	8948	+ int err;
	8949	+
	8950	+ dfs_region = reg_get_dfs_region(wiphy);
	8951	+ if (dfs_region == NL80211_DFS_UNSET) {
	8952	+ GENL_SET_ERR_MSG(info,
	8953	+ "DFS Region is not set. Unexpected Radar indication");
	8954	+ return -EINVAL;
	8955	+ }
	8956	+
	8957	+ err = nl80211_parse_chandef(rdev, info, &chandef);
	8958	+ if (err) {
	8959	+ GENL_SET_ERR_MSG(info, "Unable to extract chandef info");
	8960	+ return err;
	8961	+ }
	8962	+
	8963	+ err = cfg80211_chandef_dfs_required(wiphy, &chandef, wdev->iftype);
	8964	+ if (err < 0) {
	8965	+ GENL_SET_ERR_MSG(info, "chandef is invalid");
	8966	+ return err;
	8967	+ }
	8968	+
	8969	+ if (err == 0) {
	8970	+ GENL_SET_ERR_MSG(info,
	8971	+ "Unexpected Radar indication for chandef/iftype");
	8972	+ return -EINVAL;
	8973	+ }
	8974	+
	8975	+ /* Do not process this notification if radar is already detected
	8976	+ * by kernel on this channel, and return success.
	8977	+ */
	8978	+ if (chandef.chan->dfs_state == NL80211_DFS_UNAVAILABLE)
	8979	+ return 0;
	8980	+
	8981	+ cfg80211_set_dfs_state(wiphy, &chandef, NL80211_DFS_UNAVAILABLE);
	8982	+
	8983	+ cfg80211_sched_dfs_chan_update(rdev);
	8984	+
	8985	+ rdev->radar_chandef = chandef;
	8986	+
	8987	+ /* Propagate this notification to other radios as well */
	8988	+ queue_work(cfg80211_wq, &rdev->propagate_radar_detect_wk);
	8989	+
	8990	+ return 0;
	8991	+}
	8992	+
8041	8993	static int nl80211_channel_switch(struct sk_buff skb, struct genl_info info)
8042	8994	{
8043	8995	struct cfg80211_registered_device *rdev = info->user_ptr[0];
..	..	@@ -8086,6 +9038,7 @@
8086	9038	}
8087	9039
8088	9040	memset(&params, 0, sizeof(params));
	9041	+ params.beacon_csa.ftm_responder = -1;
8089	9042
8090	9043	if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] \|\|
8091	9044	!info->attrs[NL80211_ATTR_CH_SWITCH_COUNT])
..	..	@@ -8107,24 +9060,24 @@
8107	9060	if (!need_new_beacon)
8108	9061	goto skip_beacons;
8109	9062
8110		- err = nl80211_parse_beacon(info->attrs, &params.beacon_after);
	9063	+ err = nl80211_parse_beacon(rdev, info->attrs, &params.beacon_after);
8111	9064	if (err)
8112	9065	return err;
8113	9066
8114		- err = nla_parse_nested(csa_attrs, NL80211_ATTR_MAX,
8115		- info->attrs[NL80211_ATTR_CSA_IES],
8116		- nl80211_policy, info->extack);
	9067	+ err = nla_parse_nested_deprecated(csa_attrs, NL80211_ATTR_MAX,
	9068	+ info->attrs[NL80211_ATTR_CSA_IES],
	9069	+ nl80211_policy, info->extack);
8117	9070	if (err)
8118	9071	return err;
8119	9072
8120		- err = nl80211_parse_beacon(csa_attrs, &params.beacon_csa);
	9073	+ err = nl80211_parse_beacon(rdev, csa_attrs, &params.beacon_csa);
8121	9074	if (err)
8122	9075	return err;
8123	9076
8124		- if (!csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON])
	9077	+ if (!csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON])
8125	9078	return -EINVAL;
8126	9079
8127		- len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
	9080	+ len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
8128	9081	if (!len \|\| (len % sizeof(u16)))
8129	9082	return -EINVAL;
8130	9083
..	..	@@ -8135,7 +9088,7 @@
8135	9088	return -EINVAL;
8136	9089
8137	9090	params.counter_offsets_beacon =
8138		- nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_BEACON]);
	9091	+ nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_BEACON]);
8139	9092
8140	9093	/* sanity checks - counters should fit and be the same */
8141	9094	for (i = 0; i < params.n_counter_offsets_beacon; i++) {
..	..	@@ -8148,8 +9101,8 @@
8148	9101	return -EINVAL;
8149	9102	}
8150	9103
8151		- if (csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]) {
8152		- len = nla_len(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
	9104	+ if (csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]) {
	9105	+ len = nla_len(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
8153	9106	if (!len \|\| (len % sizeof(u16)))
8154	9107	return -EINVAL;
8155	9108
..	..	@@ -8160,7 +9113,7 @@
8160	9113	return -EINVAL;
8161	9114
8162	9115	params.counter_offsets_presp =
8163		- nla_data(csa_attrs[NL80211_ATTR_CSA_C_OFF_PRESP]);
	9116	+ nla_data(csa_attrs[NL80211_ATTR_CNTDWN_OFFS_PRESP]);
8164	9117
8165	9118	/* sanity checks - counters should fit and be the same */
8166	9119	for (i = 0; i < params.n_counter_offsets_presp; i++) {
..	..	@@ -8237,7 +9190,7 @@
8237	9190	NL80211_ATTR_PAD))
8238	9191	goto nla_put_failure;
8239	9192
8240		- bss = nla_nest_start(msg, NL80211_ATTR_BSS);
	9193	+ bss = nla_nest_start_noflag(msg, NL80211_ATTR_BSS);
8241	9194	if (!bss)
8242	9195	goto nla_put_failure;
8243	9196	if ((!is_zero_ether_addr(res->bssid) &&
..	..	@@ -8280,6 +9233,8 @@
8280	9233	goto nla_put_failure;
8281	9234	if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) \|\|
8282	9235	nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) \|\|
	9236	+ nla_put_u32(msg, NL80211_BSS_FREQUENCY_OFFSET,
	9237	+ res->channel->freq_offset) \|\|
8283	9238	nla_put_u32(msg, NL80211_BSS_CHAN_WIDTH, res->scan_width) \|\|
8284	9239	nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
8285	9240	jiffies_to_msecs(jiffies - intbss->ts)))
..	..	@@ -8354,7 +9309,7 @@
8354	9309	int err;
8355	9310
8356	9311	rtnl_lock();
8357		- err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	9312	+ err = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8358	9313	if (err) {
8359	9314	rtnl_unlock();
8360	9315	return err;
..	..	@@ -8414,13 +9369,18 @@
8414	9369	if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
8415	9370	goto nla_put_failure;
8416	9371
8417		- infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
	9372	+ infoattr = nla_nest_start_noflag(msg, NL80211_ATTR_SURVEY_INFO);
8418	9373	if (!infoattr)
8419	9374	goto nla_put_failure;
8420	9375
8421	9376	if (survey->channel &&
8422	9377	nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
8423	9378	survey->channel->center_freq))
	9379	+ goto nla_put_failure;
	9380	+
	9381	+ if (survey->channel && survey->channel->freq_offset &&
	9382	+ nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY_OFFSET,
	9383	+ survey->channel->freq_offset))
8424	9384	goto nla_put_failure;
8425	9385
8426	9386	if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
..	..	@@ -8453,6 +9413,10 @@
8453	9413	nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
8454	9414	survey->time_scan, NL80211_SURVEY_INFO_PAD))
8455	9415	goto nla_put_failure;
	9416	+ if ((survey->filled & SURVEY_INFO_TIME_BSS_RX) &&
	9417	+ nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_BSS_RX,
	9418	+ survey->time_bss_rx, NL80211_SURVEY_INFO_PAD))
	9419	+ goto nla_put_failure;
8456	9420
8457	9421	nla_nest_end(msg, infoattr);
8458	9422
..	..	@@ -8466,7 +9430,7 @@
8466	9430
8467	9431	static int nl80211_dump_survey(struct sk_buff skb, struct netlink_callback cb)
8468	9432	{
8469		- struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
	9433	+ struct nlattr **attrbuf;
8470	9434	struct survey_info survey;
8471	9435	struct cfg80211_registered_device *rdev;
8472	9436	struct wireless_dev *wdev;
..	..	@@ -8474,8 +9438,12 @@
8474	9438	int res;
8475	9439	bool radio_stats;
8476	9440
	9441	+ attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
	9442	+ if (!attrbuf)
	9443	+ return -ENOMEM;
	9444	+
8477	9445	rtnl_lock();
8478		- res = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
	9446	+ res = nl80211_prepare_wdev_dump(cb, &rdev, &wdev);
8479	9447	if (res)
8480	9448	goto out_err;
8481	9449
..	..	@@ -8518,6 +9486,7 @@
8518	9486	cb->args[2] = survey_idx;
8519	9487	res = skb->len;
8520	9488	out_err:
	9489	+ kfree(attrbuf);
8521	9490	rtnl_unlock();
8522	9491	return res;
8523	9492	}
..	..	@@ -8525,7 +9494,8 @@
8525	9494	static bool nl80211_valid_wpa_versions(u32 wpa_versions)
8526	9495	{
8527	9496	return !(wpa_versions & ~(NL80211_WPA_VERSION_1 \|
8528		- NL80211_WPA_VERSION_2));
	9497	+ NL80211_WPA_VERSION_2 \|
	9498	+ NL80211_WPA_VERSION_3));
8529	9499	}
8530	9500
8531	9501	static int nl80211_authenticate(struct sk_buff skb, struct genl_info info)
..	..	@@ -8538,9 +9508,7 @@
8538	9508	enum nl80211_auth_type auth_type;
8539	9509	struct key_parse key;
8540	9510	bool local_state_change;
8541		-
8542		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8543		- return -EINVAL;
	9511	+ u32 freq;
8544	9512
8545	9513	if (!info->attrs[NL80211_ATTR_MAC])
8546	9514	return -EINVAL;
..	..	@@ -8597,8 +9565,12 @@
8597	9565	return -EOPNOTSUPP;
8598	9566
8599	9567	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8600		- chan = nl80211_get_valid_chan(&rdev->wiphy,
8601		- info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	9568	+ freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
	9569	+ if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
	9570	+ freq +=
	9571	+ nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
	9572	+
	9573	+ chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
8602	9574	if (!chan)
8603	9575	return -EINVAL;
8604	9576
..	..	@@ -8629,9 +9601,6 @@
8629	9601	return -EINVAL;
8630	9602	auth_data = nla_data(info->attrs[NL80211_ATTR_AUTH_DATA]);
8631	9603	auth_data_len = nla_len(info->attrs[NL80211_ATTR_AUTH_DATA]);
8632		- /* need to include at least Auth Transaction and Status Code */
8633		- if (auth_data_len < 4)
8634		- return -EINVAL;
8635	9604	}
8636	9605
8637	9606	local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];
..	..	@@ -8698,6 +9667,9 @@
8698	9667	return r;
8699	9668
8700	9669	settings->control_port_over_nl80211 = true;
	9670	+
	9671	+ if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_PREAUTH])
	9672	+ settings->control_port_no_preauth = true;
8701	9673	}
8702	9674
8703	9675	if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
..	..	@@ -8759,10 +9731,30 @@
8759	9731	if (nla_len(info->attrs[NL80211_ATTR_PMK]) != WLAN_PMK_LEN)
8760	9732	return -EINVAL;
8761	9733	if (!wiphy_ext_feature_isset(&rdev->wiphy,
8762		- NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK))
	9734	+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK) &&
	9735	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	9736	+ NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK))
8763	9737	return -EINVAL;
8764	9738	settings->psk = nla_data(info->attrs[NL80211_ATTR_PMK]);
8765	9739	}
	9740	+
	9741	+ if (info->attrs[NL80211_ATTR_SAE_PASSWORD]) {
	9742	+ if (!wiphy_ext_feature_isset(&rdev->wiphy,
	9743	+ NL80211_EXT_FEATURE_SAE_OFFLOAD) &&
	9744	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	9745	+ NL80211_EXT_FEATURE_SAE_OFFLOAD_AP))
	9746	+ return -EINVAL;
	9747	+ settings->sae_pwd =
	9748	+ nla_data(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
	9749	+ settings->sae_pwd_len =
	9750	+ nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
	9751	+ }
	9752	+
	9753	+ if (info->attrs[NL80211_ATTR_SAE_PWE])
	9754	+ settings->sae_pwe =
	9755	+ nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
	9756	+ else
	9757	+ settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
8766	9758
8767	9759	return 0;
8768	9760	}
..	..	@@ -8775,13 +9767,11 @@
8775	9767	struct cfg80211_assoc_request req = {};
8776	9768	const u8 bssid, ssid;
8777	9769	int err, ssid_len = 0;
	9770	+ u32 freq;
8778	9771
8779	9772	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8780	9773	dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8781	9774	return -EPERM;
8782		-
8783		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8784		- return -EINVAL;
8785	9775
8786	9776	if (!info->attrs[NL80211_ATTR_MAC] \|\|
8787	9777	!info->attrs[NL80211_ATTR_SSID] \|\|
..	..	@@ -8797,8 +9787,11 @@
8797	9787
8798	9788	bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
8799	9789
8800		- chan = nl80211_get_valid_chan(&rdev->wiphy,
8801		- info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	9790	+ freq = MHZ_TO_KHZ(nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
	9791	+ if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
	9792	+ freq +=
	9793	+ nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
	9794	+ chan = nl80211_get_valid_chan(&rdev->wiphy, freq);
8802	9795	if (!chan)
8803	9796	return -EINVAL;
8804	9797
..	..	@@ -8873,6 +9866,22 @@
8873	9866	nla_data(info->attrs[NL80211_ATTR_FILS_NONCES]);
8874	9867	}
8875	9868
	9869	+ if (info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]) {
	9870	+ if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY])
	9871	+ return -EINVAL;
	9872	+ memcpy(&req.s1g_capa_mask,
	9873	+ nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK]),
	9874	+ sizeof(req.s1g_capa_mask));
	9875	+ }
	9876	+
	9877	+ if (info->attrs[NL80211_ATTR_S1G_CAPABILITY]) {
	9878	+ if (!info->attrs[NL80211_ATTR_S1G_CAPABILITY_MASK])
	9879	+ return -EINVAL;
	9880	+ memcpy(&req.s1g_capa,
	9881	+ nla_data(info->attrs[NL80211_ATTR_S1G_CAPABILITY]),
	9882	+ sizeof(req.s1g_capa));
	9883	+ }
	9884	+
8876	9885	err = nl80211_crypto_settings(rdev, info, &req.crypto, 1);
8877	9886	if (!err) {
8878	9887	wdev_lock(dev->ieee80211_ptr);
..	..	@@ -8905,9 +9914,6 @@
8905	9914	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8906	9915	dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8907	9916	return -EPERM;
8908		-
8909		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8910		- return -EINVAL;
8911	9917
8912	9918	if (!info->attrs[NL80211_ATTR_MAC])
8913	9919	return -EINVAL;
..	..	@@ -8956,9 +9962,6 @@
8956	9962	if (dev->ieee80211_ptr->conn_owner_nlportid &&
8957	9963	dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid)
8958	9964	return -EPERM;
8959		-
8960		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
8961		- return -EINVAL;
8962	9965
8963	9966	if (!info->attrs[NL80211_ATTR_MAC])
8964	9967	return -EINVAL;
..	..	@@ -9033,9 +10036,6 @@
9033	10036	int err;
9034	10037
9035	10038	memset(&ibss, 0, sizeof(ibss));
9036		-
9037		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9038		- return -EINVAL;
9039	10039
9040	10040	if (!info->attrs[NL80211_ATTR_SSID] \|\|
9041	10041	!nla_len(info->attrs[NL80211_ATTR_SSID]))
..	..	@@ -9149,7 +10149,7 @@
9149	10149
9150	10150	if ((ibss.chandef.width != NL80211_CHAN_WIDTH_20_NOHT) &&
9151	10151	no_ht) {
9152		- kzfree(connkeys);
	10152	+ kfree_sensitive(connkeys);
9153	10153	return -EINVAL;
9154	10154	}
9155	10155	}
..	..	@@ -9161,7 +10161,7 @@
9161	10161	int r = validate_pae_over_nl80211(rdev, info);
9162	10162
9163	10163	if (r < 0) {
9164		- kzfree(connkeys);
	10164	+ kfree_sensitive(connkeys);
9165	10165	return r;
9166	10166	}
9167	10167
..	..	@@ -9174,7 +10174,7 @@
9174	10174	wdev_lock(dev->ieee80211_ptr);
9175	10175	err = __cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
9176	10176	if (err)
9177		- kzfree(connkeys);
	10177	+ kfree_sensitive(connkeys);
9178	10178	else if (info->attrs[NL80211_ATTR_SOCKET_OWNER])
9179	10179	dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
9180	10180	wdev_unlock(dev->ieee80211_ptr);
..	..	@@ -9270,7 +10270,7 @@
9270	10270	goto nla_put_failure;
9271	10271	}
9272	10272
9273		- data = nla_nest_start(skb, attr);
	10273	+ data = nla_nest_start_noflag(skb, attr);
9274	10274	if (!data)
9275	10275	goto nla_put_failure;
9276	10276
..	..	@@ -9289,6 +10289,7 @@
9289	10289	struct wireless_dev *wdev,
9290	10290	enum nl80211_commands cmd,
9291	10291	enum nl80211_attrs attr,
	10292	+ unsigned int portid,
9292	10293	int vendor_event_idx,
9293	10294	int approxlen, gfp_t gfp)
9294	10295	{
..	..	@@ -9312,7 +10313,7 @@
9312	10313	return NULL;
9313	10314	}
9314	10315
9315		- return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, 0, 0,
	10316	+ return __cfg80211_alloc_vendor_skb(rdev, wdev, approxlen, portid, 0,
9316	10317	cmd, attr, info, gfp);
9317	10318	}
9318	10319	EXPORT_SYMBOL(__cfg80211_alloc_event_skb);
..	..	@@ -9321,6 +10322,7 @@
9321	10322	{
9322	10323	struct cfg80211_registered_device rdev = ((void *)skb->cb)[0];
9323	10324	void hdr = ((void *)skb->cb)[1];
	10325	+ struct nlmsghdr *nlhdr = nlmsg_hdr(skb);
9324	10326	struct nlattr data = ((void *)skb->cb)[2];
9325	10327	enum nl80211_multicast_groups mcgrp = NL80211_MCGRP_TESTMODE;
9326	10328
..	..	@@ -9330,11 +10332,16 @@
9330	10332	nla_nest_end(skb, data);
9331	10333	genlmsg_end(skb, hdr);
9332	10334
9333		- if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
9334		- mcgrp = NL80211_MCGRP_VENDOR;
	10335	+ if (nlhdr->nlmsg_pid) {
	10336	+ genlmsg_unicast(wiphy_net(&rdev->wiphy), skb,
	10337	+ nlhdr->nlmsg_pid);
	10338	+ } else {
	10339	+ if (data->nla_type == NL80211_ATTR_VENDOR_DATA)
	10340	+ mcgrp = NL80211_MCGRP_VENDOR;
9335	10341
9336		- genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), skb, 0,
9337		- mcgrp, gfp);
	10342	+ genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy),
	10343	+ skb, 0, mcgrp, gfp);
	10344	+ }
9338	10345	}
9339	10346	EXPORT_SYMBOL(__cfg80211_send_event_skb);
9340	10347
..	..	@@ -9374,6 +10381,7 @@
9374	10381	struct netlink_callback *cb)
9375	10382	{
9376	10383	struct cfg80211_registered_device *rdev;
	10384	+ struct nlattr **attrbuf = NULL;
9377	10385	int err;
9378	10386	long phy_idx;
9379	10387	void *data = NULL;
..	..	@@ -9394,11 +10402,17 @@
9394	10402	goto out_err;
9395	10403	}
9396	10404	} else {
9397		- struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
	10405	+ attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf),
	10406	+ GFP_KERNEL);
	10407	+ if (!attrbuf) {
	10408	+ err = -ENOMEM;
	10409	+ goto out_err;
	10410	+ }
9398	10411
9399		- err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
9400		- attrbuf, nl80211_fam.maxattr,
9401		- nl80211_policy, NULL);
	10412	+ err = nlmsg_parse_deprecated(cb->nlh,
	10413	+ GENL_HDRLEN + nl80211_fam.hdrsize,
	10414	+ attrbuf, nl80211_fam.maxattr,
	10415	+ nl80211_policy, NULL);
9402	10416	if (err)
9403	10417	goto out_err;
9404	10418
..	..	@@ -9437,7 +10451,7 @@
9437	10451	break;
9438	10452	}
9439	10453
9440		- tmdata = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
	10454	+ tmdata = nla_nest_start_noflag(skb, NL80211_ATTR_TESTDATA);
9441	10455	if (!tmdata) {
9442	10456	genlmsg_cancel(skb, hdr);
9443	10457	break;
..	..	@@ -9460,6 +10474,7 @@
9460	10474	/* see above */
9461	10475	cb->args[0] = phy_idx + 1;
9462	10476	out_err:
	10477	+ kfree(attrbuf);
9463	10478	rtnl_unlock();
9464	10479	return err;
9465	10480	}
..	..	@@ -9472,12 +10487,10 @@
9472	10487	struct cfg80211_connect_params connect;
9473	10488	struct wiphy *wiphy;
9474	10489	struct cfg80211_cached_keys *connkeys = NULL;
	10490	+ u32 freq = 0;
9475	10491	int err;
9476	10492
9477	10493	memset(&connect, 0, sizeof(connect));
9478		-
9479		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9480		- return -EINVAL;
9481	10494
9482	10495	if (!info->attrs[NL80211_ATTR_SSID] \|\|
9483	10496	!nla_len(info->attrs[NL80211_ATTR_SSID]))
..	..	@@ -9537,11 +10550,6 @@
9537	10550	!wiphy_ext_feature_isset(&rdev->wiphy,
9538	10551	NL80211_EXT_FEATURE_MFP_OPTIONAL))
9539	10552	return -EOPNOTSUPP;
9540		-
9541		- if (connect.mfp != NL80211_MFP_REQUIRED &&
9542		- connect.mfp != NL80211_MFP_NO &&
9543		- connect.mfp != NL80211_MFP_OPTIONAL)
9544		- return -EINVAL;
9545	10553	} else {
9546	10554	connect.mfp = NL80211_MFP_NO;
9547	10555	}
..	..	@@ -9550,14 +10558,21 @@
9550	10558	connect.prev_bssid =
9551	10559	nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
9552	10560
9553		- if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
9554		- connect.channel = nl80211_get_valid_chan(
9555		- wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ]);
	10561	+ if (info->attrs[NL80211_ATTR_WIPHY_FREQ])
	10562	+ freq = MHZ_TO_KHZ(nla_get_u32(
	10563	+ info->attrs[NL80211_ATTR_WIPHY_FREQ]));
	10564	+ if (info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET])
	10565	+ freq +=
	10566	+ nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_OFFSET]);
	10567	+
	10568	+ if (freq) {
	10569	+ connect.channel = nl80211_get_valid_chan(wiphy, freq);
9556	10570	if (!connect.channel)
9557	10571	return -EINVAL;
9558	10572	} else if (info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]) {
9559		- connect.channel_hint = nl80211_get_valid_chan(
9560		- wiphy, info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
	10573	+ freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ_HINT]);
	10574	+ freq = MHZ_TO_KHZ(freq);
	10575	+ connect.channel_hint = nl80211_get_valid_chan(wiphy, freq);
9561	10576	if (!connect.channel_hint)
9562	10577	return -EINVAL;
9563	10578	}
..	..	@@ -9568,7 +10583,7 @@
9568	10583
9569	10584	if (info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG])
9570	10585	connect.edmg.bw_config =
9571		- nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
	10586	+ nla_get_u8(info->attrs[NL80211_ATTR_WIPHY_EDMG_BW_CONFIG]);
9572	10587	}
9573	10588
9574	10589	if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
..	..	@@ -9587,7 +10602,7 @@
9587	10602
9588	10603	if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) {
9589	10604	if (!info->attrs[NL80211_ATTR_HT_CAPABILITY_MASK]) {
9590		- kzfree(connkeys);
	10605	+ kfree_sensitive(connkeys);
9591	10606	return -EINVAL;
9592	10607	}
9593	10608	memcpy(&connect.ht_capa,
..	..	@@ -9605,7 +10620,7 @@
9605	10620
9606	10621	if (info->attrs[NL80211_ATTR_VHT_CAPABILITY]) {
9607	10622	if (!info->attrs[NL80211_ATTR_VHT_CAPABILITY_MASK]) {
9608		- kzfree(connkeys);
	10623	+ kfree_sensitive(connkeys);
9609	10624	return -EINVAL;
9610	10625	}
9611	10626	memcpy(&connect.vht_capa,
..	..	@@ -9619,7 +10634,7 @@
9619	10634	(rdev->wiphy.features & NL80211_FEATURE_QUIET)) &&
9620	10635	!wiphy_ext_feature_isset(&rdev->wiphy,
9621	10636	NL80211_EXT_FEATURE_RRM)) {
9622		- kzfree(connkeys);
	10637	+ kfree_sensitive(connkeys);
9623	10638	return -EINVAL;
9624	10639	}
9625	10640	connect.flags \|= ASSOC_REQ_USE_RRM;
..	..	@@ -9627,21 +10642,21 @@
9627	10642
9628	10643	connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]);
9629	10644	if (connect.pbss && !rdev->wiphy.bands[NL80211_BAND_60GHZ]) {
9630		- kzfree(connkeys);
	10645	+ kfree_sensitive(connkeys);
9631	10646	return -EOPNOTSUPP;
9632	10647	}
9633	10648
9634	10649	if (info->attrs[NL80211_ATTR_BSS_SELECT]) {
9635	10650	/* bss selection makes no sense if bssid is set */
9636	10651	if (connect.bssid) {
9637		- kzfree(connkeys);
	10652	+ kfree_sensitive(connkeys);
9638	10653	return -EINVAL;
9639	10654	}
9640	10655
9641	10656	err = parse_bss_select(info->attrs[NL80211_ATTR_BSS_SELECT],
9642	10657	wiphy, &connect.bss_select);
9643	10658	if (err) {
9644		- kzfree(connkeys);
	10659	+ kfree_sensitive(connkeys);
9645	10660	return err;
9646	10661	}
9647	10662	}
..	..	@@ -9671,13 +10686,13 @@
9671	10686	info->attrs[NL80211_ATTR_FILS_ERP_REALM] \|\|
9672	10687	info->attrs[NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM] \|\|
9673	10688	info->attrs[NL80211_ATTR_FILS_ERP_RRK]) {
9674		- kzfree(connkeys);
	10689	+ kfree_sensitive(connkeys);
9675	10690	return -EINVAL;
9676	10691	}
9677	10692
9678	10693	if (nla_get_flag(info->attrs[NL80211_ATTR_EXTERNAL_AUTH_SUPPORT])) {
9679	10694	if (!info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9680		- kzfree(connkeys);
	10695	+ kfree_sensitive(connkeys);
9681	10696	GENL_SET_ERR_MSG(info,
9682	10697	"external auth requires connection ownership");
9683	10698	return -EINVAL;
..	..	@@ -9690,7 +10705,7 @@
9690	10705	err = cfg80211_connect(rdev, dev, &connect, connkeys,
9691	10706	connect.prev_bssid);
9692	10707	if (err)
9693		- kzfree(connkeys);
	10708	+ kfree_sensitive(connkeys);
9694	10709
9695	10710	if (!err && info->attrs[NL80211_ATTR_SOCKET_OWNER]) {
9696	10711	dev->ieee80211_ptr->conn_owner_nlportid = info->snd_portid;
..	..	@@ -9698,8 +10713,7 @@
9698	10713	memcpy(dev->ieee80211_ptr->disconnect_bssid,
9699	10714	connect.bssid, ETH_ALEN);
9700	10715	else
9701		- memset(dev->ieee80211_ptr->disconnect_bssid,
9702		- 0, ETH_ALEN);
	10716	+ eth_zero_addr(dev->ieee80211_ptr->disconnect_bssid);
9703	10717	}
9704	10718
9705	10719	wdev_unlock(dev->ieee80211_ptr);
..	..	@@ -9723,8 +10737,6 @@
9723	10737	return -EOPNOTSUPP;
9724	10738
9725	10739	if (info->attrs[NL80211_ATTR_IE]) {
9726		- if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
9727		- return -EINVAL;
9728	10740	connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
9729	10741	connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
9730	10742	changed \|= UPDATE_ASSOC_IES;
..	..	@@ -9883,8 +10895,20 @@
9883	10895	pmksa.pmk_len = nla_len(info->attrs[NL80211_ATTR_PMK]);
9884	10896	}
9885	10897
	10898	+ if (info->attrs[NL80211_ATTR_PMK_LIFETIME])
	10899	+ pmksa.pmk_lifetime =
	10900	+ nla_get_u32(info->attrs[NL80211_ATTR_PMK_LIFETIME]);
	10901	+
	10902	+ if (info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD])
	10903	+ pmksa.pmk_reauth_threshold =
	10904	+ nla_get_u8(
	10905	+ info->attrs[NL80211_ATTR_PMK_REAUTH_THRESHOLD]);
	10906	+
9886	10907	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
9887		- dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
	10908	+ dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT &&
	10909	+ !(dev->ieee80211_ptr->iftype == NL80211_IFTYPE_AP &&
	10910	+ wiphy_ext_feature_isset(&rdev->wiphy,
	10911	+ NL80211_EXT_FEATURE_AP_PMKSA_CACHING)))
9888	10912	return -EOPNOTSUPP;
9889	10913
9890	10914	switch (info->genlhdr->cmd) {
..	..	@@ -10081,16 +11105,23 @@
10081	11105	struct cfg80211_bitrate_mask mask;
10082	11106	struct cfg80211_registered_device *rdev = info->user_ptr[0];
10083	11107	struct net_device *dev = info->user_ptr[1];
	11108	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
10084	11109	int err;
10085	11110
10086	11111	if (!rdev->ops->set_bitrate_mask)
10087	11112	return -EOPNOTSUPP;
10088	11113
10089		- err = nl80211_parse_tx_bitrate_mask(info, &mask);
	11114	+ wdev_lock(wdev);
	11115	+ err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
	11116	+ NL80211_ATTR_TX_RATES, &mask,
	11117	+ dev);
10090	11118	if (err)
10091		- return err;
	11119	+ goto out;
10092	11120
10093		- return rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
	11121	+ err = rdev_set_bitrate_mask(rdev, dev, NULL, &mask);
	11122	+out:
	11123	+ wdev_unlock(wdev);
	11124	+ return err;
10094	11125	}
10095	11126
10096	11127	static int nl80211_register_mgmt(struct sk_buff skb, struct genl_info info)
..	..	@@ -10124,9 +11155,19 @@
10124	11155	if (!rdev->ops->mgmt_tx)
10125	11156	return -EOPNOTSUPP;
10126	11157
	11158	+ if (info->attrs[NL80211_ATTR_RECEIVE_MULTICAST] &&
	11159	+ !wiphy_ext_feature_isset(&rdev->wiphy,
	11160	+ NL80211_EXT_FEATURE_MULTICAST_REGISTRATIONS)) {
	11161	+ GENL_SET_ERR_MSG(info,
	11162	+ "multicast RX registrations are not supported");
	11163	+ return -EOPNOTSUPP;
	11164	+ }
	11165	+
10127	11166	return cfg80211_mlme_register_mgmt(wdev, info->snd_portid, frame_type,
10128		- nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
10129		- nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]));
	11167	+ nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]),
	11168	+ nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]),
	11169	+ info->attrs[NL80211_ATTR_RECEIVE_MULTICAST],
	11170	+ info->extack);
10130	11171	}
10131	11172
10132	11173	static int nl80211_tx_mgmt(struct sk_buff skb, struct genl_info info)
..	..	@@ -10308,9 +11349,6 @@
10308	11349	return -EINVAL;
10309	11350
10310	11351	ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]);
10311		-
10312		- if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED)
10313		- return -EINVAL;
10314	11352
10315	11353	wdev = dev->ieee80211_ptr;
10316	11354
..	..	@@ -10544,8 +11582,9 @@
10544	11582	if (!cqm)
10545	11583	return -EINVAL;
10546	11584
10547		- err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm,
10548		- nl80211_attr_cqm_policy, info->extack);
	11585	+ err = nla_parse_nested_deprecated(attrs, NL80211_ATTR_CQM_MAX, cqm,
	11586	+ nl80211_attr_cqm_policy,
	11587	+ info->extack);
10549	11588	if (err)
10550	11589	return err;
10551	11590
..	..	@@ -10684,7 +11723,10 @@
10684	11723	}
10685	11724
10686	11725	if (info->attrs[NL80211_ATTR_TX_RATES]) {
10687		- err = nl80211_parse_tx_bitrate_mask(info, &setup.beacon_rate);
	11726	+ err = nl80211_parse_tx_bitrate_mask(info, info->attrs,
	11727	+ NL80211_ATTR_TX_RATES,
	11728	+ &setup.beacon_rate,
	11729	+ dev);
10688	11730	if (err)
10689	11731	return err;
10690	11732
..	..	@@ -10737,12 +11779,12 @@
10737	11779	if (!wowlan->n_patterns)
10738	11780	return 0;
10739	11781
10740		- nl_pats = nla_nest_start(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
	11782	+ nl_pats = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN);
10741	11783	if (!nl_pats)
10742	11784	return -ENOBUFS;
10743	11785
10744	11786	for (i = 0; i < wowlan->n_patterns; i++) {
10745		- nl_pat = nla_nest_start(msg, i + 1);
	11787	+ nl_pat = nla_nest_start_noflag(msg, i + 1);
10746	11788	if (!nl_pat)
10747	11789	return -ENOBUFS;
10748	11790	pat_len = wowlan->patterns[i].pattern_len;
..	..	@@ -10768,7 +11810,8 @@
10768	11810	if (!tcp)
10769	11811	return 0;
10770	11812
10771		- nl_tcp = nla_nest_start(msg, NL80211_WOWLAN_TRIG_TCP_CONNECTION);
	11813	+ nl_tcp = nla_nest_start_noflag(msg,
	11814	+ NL80211_WOWLAN_TRIG_TCP_CONNECTION);
10772	11815	if (!nl_tcp)
10773	11816	return -ENOBUFS;
10774	11817
..	..	@@ -10812,7 +11855,7 @@
10812	11855	if (!req)
10813	11856	return 0;
10814	11857
10815		- nd = nla_nest_start(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
	11858	+ nd = nla_nest_start_noflag(msg, NL80211_WOWLAN_TRIG_NET_DETECT);
10816	11859	if (!nd)
10817	11860	return -ENOBUFS;
10818	11861
..	..	@@ -10838,7 +11881,7 @@
10838	11881	return -ENOBUFS;
10839	11882	}
10840	11883
10841		- freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
	11884	+ freqs = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_FREQUENCIES);
10842	11885	if (!freqs)
10843	11886	return -ENOBUFS;
10844	11887
..	..	@@ -10850,12 +11893,13 @@
10850	11893	nla_nest_end(msg, freqs);
10851	11894
10852	11895	if (req->n_match_sets) {
10853		- matches = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
	11896	+ matches = nla_nest_start_noflag(msg,
	11897	+ NL80211_ATTR_SCHED_SCAN_MATCH);
10854	11898	if (!matches)
10855	11899	return -ENOBUFS;
10856	11900
10857	11901	for (i = 0; i < req->n_match_sets; i++) {
10858		- match = nla_nest_start(msg, i);
	11902	+ match = nla_nest_start_noflag(msg, i);
10859	11903	if (!match)
10860	11904	return -ENOBUFS;
10861	11905
..	..	@@ -10868,17 +11912,16 @@
10868	11912	nla_nest_end(msg, matches);
10869	11913	}
10870	11914
10871		- scan_plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
	11915	+ scan_plans = nla_nest_start_noflag(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
10872	11916	if (!scan_plans)
10873	11917	return -ENOBUFS;
10874	11918
10875	11919	for (i = 0; i < req->n_scan_plans; i++) {
10876		- scan_plan = nla_nest_start(msg, i + 1);
	11920	+ scan_plan = nla_nest_start_noflag(msg, i + 1);
10877	11921	if (!scan_plan)
10878	11922	return -ENOBUFS;
10879	11923
10880		- if (!scan_plan \|\|
10881		- nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
	11924	+ if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
10882	11925	req->scan_plans[i].interval) \|\|
10883	11926	(req->scan_plans[i].iterations &&
10884	11927	nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
..	..	@@ -10923,7 +11966,8 @@
10923	11966	if (rdev->wiphy.wowlan_config) {
10924	11967	struct nlattr *nl_wowlan;
10925	11968
10926		- nl_wowlan = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
	11969	+ nl_wowlan = nla_nest_start_noflag(msg,
	11970	+ NL80211_ATTR_WOWLAN_TRIGGERS);
10927	11971	if (!nl_wowlan)
10928	11972	goto nla_put_failure;
10929	11973
..	..	@@ -10981,8 +12025,8 @@
10981	12025	if (!rdev->wiphy.wowlan->tcp)
10982	12026	return -EINVAL;
10983	12027
10984		- err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TCP, attr,
10985		- nl80211_wowlan_tcp_policy, NULL);
	12028	+ err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TCP, attr,
	12029	+ nl80211_wowlan_tcp_policy, NULL);
10986	12030	if (err)
10987	12031	return err;
10988	12032
..	..	@@ -11127,8 +12171,8 @@
11127	12171	goto out;
11128	12172	}
11129	12173
11130		- err = nla_parse_nested(tb, NL80211_ATTR_MAX, attr, nl80211_policy,
11131		- NULL);
	12174	+ err = nla_parse_nested_deprecated(tb, NL80211_ATTR_MAX, attr,
	12175	+ nl80211_policy, NULL);
11132	12176	if (err)
11133	12177	goto out;
11134	12178
..	..	@@ -11163,9 +12207,9 @@
11163	12207	goto set_wakeup;
11164	12208	}
11165	12209
11166		- err = nla_parse_nested(tb, MAX_NL80211_WOWLAN_TRIG,
11167		- info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
11168		- nl80211_wowlan_policy, info->extack);
	12210	+ err = nla_parse_nested_deprecated(tb, MAX_NL80211_WOWLAN_TRIG,
	12211	+ info->attrs[NL80211_ATTR_WOWLAN_TRIGGERS],
	12212	+ nl80211_wowlan_policy, info->extack);
11169	12213	if (err)
11170	12214	return err;
11171	12215
..	..	@@ -11247,9 +12291,11 @@
11247	12291	rem) {
11248	12292	u8 *mask_pat;
11249	12293
11250		- err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11251		- nl80211_packet_pattern_policy,
11252		- info->extack);
	12294	+ err = nla_parse_nested_deprecated(pat_tb,
	12295	+ MAX_NL80211_PKTPAT,
	12296	+ pat,
	12297	+ nl80211_packet_pattern_policy,
	12298	+ info->extack);
11253	12299	if (err)
11254	12300	goto error;
11255	12301
..	..	@@ -11357,12 +12403,12 @@
11357	12403	if (!rdev->coalesce->n_rules)
11358	12404	return 0;
11359	12405
11360		- nl_rules = nla_nest_start(msg, NL80211_ATTR_COALESCE_RULE);
	12406	+ nl_rules = nla_nest_start_noflag(msg, NL80211_ATTR_COALESCE_RULE);
11361	12407	if (!nl_rules)
11362	12408	return -ENOBUFS;
11363	12409
11364	12410	for (i = 0; i < rdev->coalesce->n_rules; i++) {
11365		- nl_rule = nla_nest_start(msg, i + 1);
	12411	+ nl_rule = nla_nest_start_noflag(msg, i + 1);
11366	12412	if (!nl_rule)
11367	12413	return -ENOBUFS;
11368	12414
..	..	@@ -11375,13 +12421,13 @@
11375	12421	rule->condition))
11376	12422	return -ENOBUFS;
11377	12423
11378		- nl_pats = nla_nest_start(msg,
11379		- NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
	12424	+ nl_pats = nla_nest_start_noflag(msg,
	12425	+ NL80211_ATTR_COALESCE_RULE_PKT_PATTERN);
11380	12426	if (!nl_pats)
11381	12427	return -ENOBUFS;
11382	12428
11383	12429	for (j = 0; j < rule->n_patterns; j++) {
11384		- nl_pat = nla_nest_start(msg, j + 1);
	12430	+ nl_pat = nla_nest_start_noflag(msg, j + 1);
11385	12431	if (!nl_pat)
11386	12432	return -ENOBUFS;
11387	12433	pat_len = rule->patterns[j].pattern_len;
..	..	@@ -11462,8 +12508,8 @@
11462	12508	int rem, pat_len, mask_len, pkt_offset, n_patterns = 0;
11463	12509	struct nlattr *pat_tb[NUM_NL80211_PKTPAT];
11464	12510
11465		- err = nla_parse_nested(tb, NL80211_ATTR_COALESCE_RULE_MAX, rule,
11466		- nl80211_coalesce_policy, NULL);
	12511	+ err = nla_parse_nested_deprecated(tb, NL80211_ATTR_COALESCE_RULE_MAX,
	12512	+ rule, nl80211_coalesce_policy, NULL);
11467	12513	if (err)
11468	12514	return err;
11469	12515
..	..	@@ -11476,9 +12522,6 @@
11476	12522	if (tb[NL80211_ATTR_COALESCE_RULE_CONDITION])
11477	12523	new_rule->condition =
11478	12524	nla_get_u32(tb[NL80211_ATTR_COALESCE_RULE_CONDITION]);
11479		- if (new_rule->condition != NL80211_COALESCE_CONDITION_MATCH &&
11480		- new_rule->condition != NL80211_COALESCE_CONDITION_NO_MATCH)
11481		- return -EINVAL;
11482	12525
11483	12526	if (!tb[NL80211_ATTR_COALESCE_RULE_PKT_PATTERN])
11484	12527	return -EINVAL;
..	..	@@ -11501,8 +12544,10 @@
11501	12544	rem) {
11502	12545	u8 *mask_pat;
11503	12546
11504		- err = nla_parse_nested(pat_tb, MAX_NL80211_PKTPAT, pat,
11505		- nl80211_packet_pattern_policy, NULL);
	12547	+ err = nla_parse_nested_deprecated(pat_tb, MAX_NL80211_PKTPAT,
	12548	+ pat,
	12549	+ nl80211_packet_pattern_policy,
	12550	+ NULL);
11506	12551	if (err)
11507	12552	return err;
11508	12553
..	..	@@ -11624,37 +12669,31 @@
11624	12669	if (!info->attrs[NL80211_ATTR_REKEY_DATA])
11625	12670	return -EINVAL;
11626	12671
11627		- err = nla_parse_nested(tb, MAX_NL80211_REKEY_DATA,
11628		- info->attrs[NL80211_ATTR_REKEY_DATA],
11629		- nl80211_rekey_policy, info->extack);
	12672	+ err = nla_parse_nested_deprecated(tb, MAX_NL80211_REKEY_DATA,
	12673	+ info->attrs[NL80211_ATTR_REKEY_DATA],
	12674	+ nl80211_rekey_policy, info->extack);
11630	12675	if (err)
11631	12676	return err;
11632	12677
11633	12678	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] \|\| !tb[NL80211_REKEY_DATA_KEK] \|\|
11634	12679	!tb[NL80211_REKEY_DATA_KCK])
11635	12680	return -EINVAL;
11636		- if (!tb[NL80211_REKEY_DATA_KEK] \|\| !tb[NL80211_REKEY_DATA_REPLAY_CTR] \|\|
11637		- (!wiphy_ext_feature_isset(&rdev->wiphy,
11638		- NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&
11639		- !wiphy_ext_feature_isset(&rdev->wiphy,
11640		- NL80211_EXT_FEATURE_FILS_STA) &&
11641		- !tb[NL80211_REKEY_DATA_KCK]))
11642		- return -EINVAL;
11643		-
11644		- if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)
	12681	+ if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN &&
	12682	+ !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
	12683	+ nla_len(tb[NL80211_REKEY_DATA_KEK]) == NL80211_KEK_EXT_LEN))
11645	12684	return -ERANGE;
11646		- if (nla_len(tb[NL80211_REKEY_DATA_KEK]) < NL80211_KEK_LEN)
11647		- return -ERANGE;
11648		- if (tb[NL80211_REKEY_DATA_KCK] &&
11649		- nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)
	12685	+ if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN &&
	12686	+ !(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK &&
	12687	+ nla_len(tb[NL80211_REKEY_DATA_KCK]) == NL80211_KCK_EXT_LEN))
11650	12688	return -ERANGE;
11651	12689
11652		- memset(&rekey_data, 0, sizeof(rekey_data));
11653	12690	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);
11654		- rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
11655		- if (tb[NL80211_REKEY_DATA_KCK])
11656		- rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
	12691	+ rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);
11657	12692	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);
	12693	+ rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);
	12694	+ rekey_data.kck_len = nla_len(tb[NL80211_REKEY_DATA_KCK]);
	12695	+ if (tb[NL80211_REKEY_DATA_AKM])
	12696	+ rekey_data.akm = nla_get_u32(tb[NL80211_REKEY_DATA_AKM]);
11658	12697
11659	12698	wdev_lock(wdev);
11660	12699	if (!wdev->current_bss) {
..	..	@@ -11843,8 +12882,6 @@
11843	12882
11844	12883	conf.master_pref =
11845	12884	nla_get_u8(info->attrs[NL80211_ATTR_NAN_MASTER_PREF]);
11846		- if (!conf.master_pref)
11847		- return -EINVAL;
11848	12885
11849	12886	if (info->attrs[NL80211_ATTR_BANDS]) {
11850	12887	u32 bands = nla_get_u32(info->attrs[NL80211_ATTR_BANDS]);
..	..	@@ -11918,6 +12955,9 @@
11918	12955	i = 0;
11919	12956	nla_for_each_nested(attr, attr_filter, rem) {
11920	12957	filter[i].filter = nla_memdup(attr, GFP_KERNEL);
	12958	+ if (!filter[i].filter)
	12959	+ goto err;
	12960	+
11921	12961	filter[i].len = nla_len(attr);
11922	12962	i++;
11923	12963	}
..	..	@@ -11930,6 +12970,15 @@
11930	12970	}
11931	12971
11932	12972	return 0;
	12973	+
	12974	+err:
	12975	+ i = 0;
	12976	+ nla_for_each_nested(attr, attr_filter, rem) {
	12977	+ kfree(filter[i].filter);
	12978	+ i++;
	12979	+ }
	12980	+ kfree(filter);
	12981	+ return -ENOMEM;
11933	12982	}
11934	12983
11935	12984	static int nl80211_nan_add_func(struct sk_buff *skb,
..	..	@@ -11952,9 +13001,10 @@
11952	13001	if (!info->attrs[NL80211_ATTR_NAN_FUNC])
11953	13002	return -EINVAL;
11954	13003
11955		- err = nla_parse_nested(tb, NL80211_NAN_FUNC_ATTR_MAX,
11956		- info->attrs[NL80211_ATTR_NAN_FUNC],
11957		- nl80211_nan_func_policy, info->extack);
	13004	+ err = nla_parse_nested_deprecated(tb, NL80211_NAN_FUNC_ATTR_MAX,
	13005	+ info->attrs[NL80211_ATTR_NAN_FUNC],
	13006	+ nl80211_nan_func_policy,
	13007	+ info->extack);
11958	13008	if (err)
11959	13009	return err;
11960	13010
..	..	@@ -11962,10 +13012,9 @@
11962	13012	if (!func)
11963	13013	return -ENOMEM;
11964	13014
11965		- func->cookie = wdev->wiphy->cookie_counter++;
	13015	+ func->cookie = cfg80211_assign_cookie(rdev);
11966	13016
11967		- if (!tb[NL80211_NAN_FUNC_TYPE] \|\|
11968		- nla_get_u8(tb[NL80211_NAN_FUNC_TYPE]) > NL80211_NAN_FUNC_MAX_TYPE) {
	13017	+ if (!tb[NL80211_NAN_FUNC_TYPE]) {
11969	13018	err = -EINVAL;
11970	13019	goto out;
11971	13020	}
..	..	@@ -12050,9 +13099,11 @@
12050	13099	if (tb[NL80211_NAN_FUNC_SRF]) {
12051	13100	struct nlattr *srf_tb[NUM_NL80211_NAN_SRF_ATTR];
12052	13101
12053		- err = nla_parse_nested(srf_tb, NL80211_NAN_SRF_ATTR_MAX,
12054		- tb[NL80211_NAN_FUNC_SRF],
12055		- nl80211_nan_srf_policy, info->extack);
	13102	+ err = nla_parse_nested_deprecated(srf_tb,
	13103	+ NL80211_NAN_SRF_ATTR_MAX,
	13104	+ tb[NL80211_NAN_FUNC_SRF],
	13105	+ nl80211_nan_srf_policy,
	13106	+ info->extack);
12056	13107	if (err)
12057	13108	goto out;
12058	13109
..	..	@@ -12150,7 +13201,7 @@
12150	13201	NL80211_ATTR_PAD))
12151	13202	goto nla_put_failure;
12152	13203
12153		- func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
	13204	+ func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12154	13205	if (!func_attr)
12155	13206	goto nla_put_failure;
12156	13207
..	..	@@ -12267,11 +13318,12 @@
12267	13318	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, match->addr))
12268	13319	goto nla_put_failure;
12269	13320
12270		- match_attr = nla_nest_start(msg, NL80211_ATTR_NAN_MATCH);
	13321	+ match_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_MATCH);
12271	13322	if (!match_attr)
12272	13323	goto nla_put_failure;
12273	13324
12274		- local_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_LOCAL);
	13325	+ local_func_attr = nla_nest_start_noflag(msg,
	13326	+ NL80211_NAN_MATCH_FUNC_LOCAL);
12275	13327	if (!local_func_attr)
12276	13328	goto nla_put_failure;
12277	13329
..	..	@@ -12280,7 +13332,8 @@
12280	13332
12281	13333	nla_nest_end(msg, local_func_attr);
12282	13334
12283		- peer_func_attr = nla_nest_start(msg, NL80211_NAN_MATCH_FUNC_PEER);
	13335	+ peer_func_attr = nla_nest_start_noflag(msg,
	13336	+ NL80211_NAN_MATCH_FUNC_PEER);
12284	13337	if (!peer_func_attr)
12285	13338	goto nla_put_failure;
12286	13339
..	..	@@ -12346,7 +13399,7 @@
12346	13399	NL80211_ATTR_PAD))
12347	13400	goto nla_put_failure;
12348	13401
12349		- func_attr = nla_nest_start(msg, NL80211_ATTR_NAN_FUNC);
	13402	+ func_attr = nla_nest_start_noflag(msg, NL80211_ATTR_NAN_FUNC);
12350	13403	if (!func_attr)
12351	13404	goto nla_put_failure;
12352	13405
..	..	@@ -12408,8 +13461,7 @@
12408	13461	return -EOPNOTSUPP;
12409	13462
12410	13463	if (!info->attrs[NL80211_ATTR_MDID] \|\|
12411		- !info->attrs[NL80211_ATTR_IE] \|\|
12412		- !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
	13464	+ !info->attrs[NL80211_ATTR_IE])
12413	13465	return -EINVAL;
12414	13466
12415	13467	memset(&ft_params, 0, sizeof(ft_params));
..	..	@@ -12452,9 +13504,6 @@
12452	13504	duration =
12453	13505	nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
12454	13506
12455		- if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
12456		- return -ERANGE;
12457		-
12458	13507	ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
12459	13508	if (!ret)
12460	13509	rdev->crit_proto_nlportid = info->snd_portid;
..	..	@@ -12476,6 +13525,28 @@
12476	13525	rdev_crit_proto_stop(rdev, wdev);
12477	13526	}
12478	13527	return 0;
	13528	+}
	13529	+
	13530	+static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,
	13531	+ struct nlattr *attr,
	13532	+ struct netlink_ext_ack *extack)
	13533	+{
	13534	+ if (vcmd->policy == VENDOR_CMD_RAW_DATA) {
	13535	+ if (attr->nla_type & NLA_F_NESTED) {
	13536	+ NL_SET_ERR_MSG_ATTR(extack, attr,
	13537	+ "unexpected nested data");
	13538	+ return -EINVAL;
	13539	+ }
	13540	+
	13541	+ return 0;
	13542	+ }
	13543	+
	13544	+ if (!(attr->nla_type & NLA_F_NESTED)) {
	13545	+ NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");
	13546	+ return -EINVAL;
	13547	+ }
	13548	+
	13549	+ return nla_validate_nested(attr, vcmd->maxattr, vcmd->policy, extack);
12479	13550	}
12480	13551
12481	13552	static int nl80211_vendor_cmd(struct sk_buff skb, struct genl_info info)
..	..	@@ -12536,11 +13607,16 @@
12536	13607	if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
12537	13608	data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
12538	13609	len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
	13610	+
	13611	+ err = nl80211_vendor_check_policy(vcmd,
	13612	+ info->attrs[NL80211_ATTR_VENDOR_DATA],
	13613	+ info->extack);
	13614	+ if (err)
	13615	+ return err;
12539	13616	}
12540	13617
12541	13618	rdev->cur_cmd_info = info;
12542		- err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,
12543		- data, len);
	13619	+ err = vcmd->doit(&rdev->wiphy, wdev, data, len);
12544	13620	rdev->cur_cmd_info = NULL;
12545	13621	return err;
12546	13622	}
..	..	@@ -12553,7 +13629,7 @@
12553	13629	struct cfg80211_registered_device **rdev,
12554	13630	struct wireless_dev **wdev)
12555	13631	{
12556		- struct nlattr **attrbuf = genl_family_attrbuf(&nl80211_fam);
	13632	+ struct nlattr **attrbuf;
12557	13633	u32 vid, subcmd;
12558	13634	unsigned int i;
12559	13635	int vcmd_idx = -1;
..	..	@@ -12584,22 +13660,32 @@
12584	13660	return 0;
12585	13661	}
12586	13662
12587		- err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, attrbuf,
12588		- nl80211_fam.maxattr, nl80211_policy, NULL);
	13663	+ attrbuf = kcalloc(NUM_NL80211_ATTR, sizeof(*attrbuf), GFP_KERNEL);
	13664	+ if (!attrbuf)
	13665	+ return -ENOMEM;
	13666	+
	13667	+ err = nlmsg_parse_deprecated(cb->nlh,
	13668	+ GENL_HDRLEN + nl80211_fam.hdrsize,
	13669	+ attrbuf, nl80211_fam.maxattr,
	13670	+ nl80211_policy, NULL);
12589	13671	if (err)
12590		- return err;
	13672	+ goto out;
12591	13673
12592	13674	if (!attrbuf[NL80211_ATTR_VENDOR_ID] \|\|
12593		- !attrbuf[NL80211_ATTR_VENDOR_SUBCMD])
12594		- return -EINVAL;
	13675	+ !attrbuf[NL80211_ATTR_VENDOR_SUBCMD]) {
	13676	+ err = -EINVAL;
	13677	+ goto out;
	13678	+ }
12595	13679
12596	13680	*wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk), attrbuf);
12597	13681	if (IS_ERR(*wdev))
12598	13682	*wdev = NULL;
12599	13683
12600	13684	*rdev = __cfg80211_rdev_from_attrs(sock_net(skb->sk), attrbuf);
12601		- if (IS_ERR(*rdev))
12602		- return PTR_ERR(*rdev);
	13685	+ if (IS_ERR(*rdev)) {
	13686	+ err = PTR_ERR(*rdev);
	13687	+ goto out;
	13688	+ }
12603	13689
12604	13690	vid = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_ID]);
12605	13691	subcmd = nla_get_u32(attrbuf[NL80211_ATTR_VENDOR_SUBCMD]);
..	..	@@ -12612,19 +13698,30 @@
12612	13698	if (vcmd->info.vendor_id != vid \|\| vcmd->info.subcmd != subcmd)
12613	13699	continue;
12614	13700
12615		- if (!vcmd->dumpit)
12616		- return -EOPNOTSUPP;
	13701	+ if (!vcmd->dumpit) {
	13702	+ err = -EOPNOTSUPP;
	13703	+ goto out;
	13704	+ }
12617	13705
12618	13706	vcmd_idx = i;
12619	13707	break;
12620	13708	}
12621	13709
12622		- if (vcmd_idx < 0)
12623		- return -EOPNOTSUPP;
	13710	+ if (vcmd_idx < 0) {
	13711	+ err = -EOPNOTSUPP;
	13712	+ goto out;
	13713	+ }
12624	13714
12625	13715	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {
12626	13716	data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);
12627	13717	data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);
	13718	+
	13719	+ err = nl80211_vendor_check_policy(
	13720	+ &(*rdev)->wiphy.vendor_commands[vcmd_idx],
	13721	+ attrbuf[NL80211_ATTR_VENDOR_DATA],
	13722	+ cb->extack);
	13723	+ if (err)
	13724	+ goto out;
12628	13725	}
12629	13726
12630	13727	/* 0 is the first index - add 1 to parse only once */
..	..	@@ -12636,7 +13733,10 @@
12636	13733	cb->args[4] = data_len;
12637	13734
12638	13735	/* keep rtnl locked in successful case */
12639		- return 0;
	13736	+ err = 0;
	13737	+out:
	13738	+ kfree(attrbuf);
	13739	+ return err;
12640	13740	}
12641	13741
12642	13742	static int nl80211_vendor_cmd_dump(struct sk_buff *skb,
..	..	@@ -12696,7 +13796,8 @@
12696	13796	break;
12697	13797	}
12698	13798
12699		- vendor_data = nla_nest_start(skb, NL80211_ATTR_VENDOR_DATA);
	13799	+ vendor_data = nla_nest_start_noflag(skb,
	13800	+ NL80211_ATTR_VENDOR_DATA);
12700	13801	if (!vendor_data) {
12701	13802	genlmsg_cancel(skb, hdr);
12702	13803	break;
..	..	@@ -12709,7 +13810,7 @@
12709	13810	if (err == -ENOBUFS \|\| err == -ENOENT) {
12710	13811	genlmsg_cancel(skb, hdr);
12711	13812	break;
12712		- } else if (err) {
	13813	+ } else if (err <= 0) {
12713	13814	genlmsg_cancel(skb, hdr);
12714	13815	goto out;
12715	13816	}
..	..	@@ -12760,6 +13861,17 @@
12760	13861	}
12761	13862	EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_reply);
12762	13863
	13864	+unsigned int cfg80211_vendor_cmd_get_sender(struct wiphy *wiphy)
	13865	+{
	13866	+ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
	13867	+
	13868	+ if (WARN_ON(!rdev->cur_cmd_info))
	13869	+ return 0;
	13870	+
	13871	+ return rdev->cur_cmd_info->snd_portid;
	13872	+}
	13873	+EXPORT_SYMBOL_GPL(cfg80211_vendor_cmd_get_sender);
	13874	+
12763	13875	static int nl80211_set_qos_map(struct sk_buff *skb,
12764	13876	struct genl_info *info)
12765	13877	{
..	..	@@ -12776,8 +13888,7 @@
12776	13888	pos = nla_data(info->attrs[NL80211_ATTR_QOS_MAP]);
12777	13889	len = nla_len(info->attrs[NL80211_ATTR_QOS_MAP]);
12778	13890
12779		- if (len % 2 \|\| len < IEEE80211_QOS_MAP_LEN_MIN \|\|
12780		- len > IEEE80211_QOS_MAP_LEN_MAX)
	13891	+ if (len % 2)
12781	13892	return -EINVAL;
12782	13893
12783	13894	qos_map = kzalloc(sizeof(struct cfg80211_qos_map), GFP_KERNEL);
..	..	@@ -12829,12 +13940,7 @@
12829	13940	return -EINVAL;
12830	13941
12831	13942	tsid = nla_get_u8(info->attrs[NL80211_ATTR_TSID]);
12832		- if (tsid >= IEEE80211_NUM_TIDS)
12833		- return -EINVAL;
12834		-
12835	13943	up = nla_get_u8(info->attrs[NL80211_ATTR_USER_PRIO]);
12836		- if (up >= IEEE80211_NUM_UPS)
12837		- return -EINVAL;
12838	13944
12839	13945	/* WMM uses TIDs 0-7 even for TSPEC */
12840	13946	if (tsid >= IEEE80211_FIRST_TSPEC_TSID) {
..	..	@@ -13050,17 +14156,9 @@
13050	14156	goto out;
13051	14157	}
13052	14158
13053		- if (info->attrs[NL80211_ATTR_PMKR0_NAME]) {
13054		- int r0_name_len = nla_len(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13055		-
13056		- if (r0_name_len != WLAN_PMK_NAME_LEN) {
13057		- ret = -EINVAL;
13058		- goto out;
13059		- }
13060		-
	14159	+ if (info->attrs[NL80211_ATTR_PMKR0_NAME])
13061	14160	pmk_conf.pmk_r0_name =
13062	14161	nla_data(info->attrs[NL80211_ATTR_PMKR0_NAME]);
13063		- }
13064	14162
13065	14163	ret = rdev_set_pmk(rdev, dev, &pmk_conf);
13066	14164	out:
..	..	@@ -13119,8 +14217,7 @@
13119	14217
13120	14218	if (info->attrs[NL80211_ATTR_SSID]) {
13121	14219	params.ssid.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
13122		- if (params.ssid.ssid_len == 0 \|\|
13123		- params.ssid.ssid_len > IEEE80211_MAX_SSID_LEN)
	14220	+ if (params.ssid.ssid_len == 0)
13124	14221	return -EINVAL;
13125	14222	memcpy(params.ssid.ssid,
13126	14223	nla_data(info->attrs[NL80211_ATTR_SSID]),
..	..	@@ -13140,6 +14237,7 @@
13140	14237
13141	14238	static int nl80211_tx_control_port(struct sk_buff skb, struct genl_info info)
13142	14239	{
	14240	+ bool dont_wait_for_ack = info->attrs[NL80211_ATTR_DONT_WAIT_FOR_ACK];
13143	14241	struct cfg80211_registered_device *rdev = info->user_ptr[0];
13144	14242	struct net_device *dev = info->user_ptr[1];
13145	14243	struct wireless_dev *wdev = dev->ieee80211_ptr;
..	..	@@ -13148,6 +14246,7 @@
13148	14246	u8 *dest;
13149	14247	u16 proto;
13150	14248	bool noencrypt;
	14249	+ u64 cookie = 0;
13151	14250	int err;
13152	14251
13153	14252	if (!wiphy_ext_feature_isset(&rdev->wiphy,
..	..	@@ -13192,12 +14291,86 @@
13192	14291	noencrypt =
13193	14292	nla_get_flag(info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT]);
13194	14293
13195		- return rdev_tx_control_port(rdev, dev, buf, len,
13196		- dest, cpu_to_be16(proto), noencrypt);
13197		-
	14294	+ err = rdev_tx_control_port(rdev, dev, buf, len,
	14295	+ dest, cpu_to_be16(proto), noencrypt,
	14296	+ dont_wait_for_ack ? NULL : &cookie);
	14297	+ if (!err && !dont_wait_for_ack)
	14298	+ nl_set_extack_cookie_u64(info->extack, cookie);
	14299	+ return err;
13198	14300	out:
13199	14301	wdev_unlock(wdev);
13200	14302	return err;
	14303	+}
	14304	+
	14305	+static int nl80211_get_ftm_responder_stats(struct sk_buff *skb,
	14306	+ struct genl_info *info)
	14307	+{
	14308	+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
	14309	+ struct net_device *dev = info->user_ptr[1];
	14310	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
	14311	+ struct cfg80211_ftm_responder_stats ftm_stats = {};
	14312	+ struct sk_buff *msg;
	14313	+ void *hdr;
	14314	+ struct nlattr *ftm_stats_attr;
	14315	+ int err;
	14316	+
	14317	+ if (wdev->iftype != NL80211_IFTYPE_AP \|\| !wdev->beacon_interval)
	14318	+ return -EOPNOTSUPP;
	14319	+
	14320	+ err = rdev_get_ftm_responder_stats(rdev, dev, &ftm_stats);
	14321	+ if (err)
	14322	+ return err;
	14323	+
	14324	+ if (!ftm_stats.filled)
	14325	+ return -ENODATA;
	14326	+
	14327	+ msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
	14328	+ if (!msg)
	14329	+ return -ENOMEM;
	14330	+
	14331	+ hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
	14332	+ NL80211_CMD_GET_FTM_RESPONDER_STATS);
	14333	+ if (!hdr)
	14334	+ goto nla_put_failure;
	14335	+
	14336	+ if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
	14337	+ goto nla_put_failure;
	14338	+
	14339	+ ftm_stats_attr = nla_nest_start_noflag(msg,
	14340	+ NL80211_ATTR_FTM_RESPONDER_STATS);
	14341	+ if (!ftm_stats_attr)
	14342	+ goto nla_put_failure;
	14343	+
	14344	+#define SET_FTM(field, name, type) \
	14345	+ do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
	14346	+ nla_put_ ## type(msg, NL80211_FTM_STATS_ ## name, \
	14347	+ ftm_stats.field)) \
	14348	+ goto nla_put_failure; } while (0)
	14349	+#define SET_FTM_U64(field, name) \
	14350	+ do { if ((ftm_stats.filled & BIT(NL80211_FTM_STATS_ ## name)) && \
	14351	+ nla_put_u64_64bit(msg, NL80211_FTM_STATS_ ## name, \
	14352	+ ftm_stats.field, NL80211_FTM_STATS_PAD)) \
	14353	+ goto nla_put_failure; } while (0)
	14354	+
	14355	+ SET_FTM(success_num, SUCCESS_NUM, u32);
	14356	+ SET_FTM(partial_num, PARTIAL_NUM, u32);
	14357	+ SET_FTM(failed_num, FAILED_NUM, u32);
	14358	+ SET_FTM(asap_num, ASAP_NUM, u32);
	14359	+ SET_FTM(non_asap_num, NON_ASAP_NUM, u32);
	14360	+ SET_FTM_U64(total_duration_ms, TOTAL_DURATION_MSEC);
	14361	+ SET_FTM(unknown_triggers_num, UNKNOWN_TRIGGERS_NUM, u32);
	14362	+ SET_FTM(reschedule_requests_num, RESCHEDULE_REQUESTS_NUM, u32);
	14363	+ SET_FTM(out_of_window_triggers_num, OUT_OF_WINDOW_TRIGGERS_NUM, u32);
	14364	+#undef SET_FTM
	14365	+
	14366	+ nla_nest_end(msg, ftm_stats_attr);
	14367	+
	14368	+ genlmsg_end(msg, hdr);
	14369	+ return genlmsg_reply(msg, info);
	14370	+
	14371	+nla_put_failure:
	14372	+ nlmsg_free(msg);
	14373	+ return -ENOBUFS;
13201	14374	}
13202	14375
13203	14376	static int nl80211_update_owe_info(struct sk_buff skb, struct genl_info info)
..	..	@@ -13223,6 +14396,204 @@
13223	14396	}
13224	14397
13225	14398	return rdev_update_owe_info(rdev, dev, &owe_info);
	14399	+}
	14400	+
	14401	+static int nl80211_probe_mesh_link(struct sk_buff skb, struct genl_info info)
	14402	+{
	14403	+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
	14404	+ struct net_device *dev = info->user_ptr[1];
	14405	+ struct wireless_dev *wdev = dev->ieee80211_ptr;
	14406	+ struct station_info sinfo = {};
	14407	+ const u8 *buf;
	14408	+ size_t len;
	14409	+ u8 *dest;
	14410	+ int err;
	14411	+
	14412	+ if (!rdev->ops->probe_mesh_link \|\| !rdev->ops->get_station)
	14413	+ return -EOPNOTSUPP;
	14414	+
	14415	+ if (!info->attrs[NL80211_ATTR_MAC] \|\|
	14416	+ !info->attrs[NL80211_ATTR_FRAME]) {
	14417	+ GENL_SET_ERR_MSG(info, "Frame or MAC missing");
	14418	+ return -EINVAL;
	14419	+ }
	14420	+
	14421	+ if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
	14422	+ return -EOPNOTSUPP;
	14423	+
	14424	+ dest = nla_data(info->attrs[NL80211_ATTR_MAC]);
	14425	+ buf = nla_data(info->attrs[NL80211_ATTR_FRAME]);
	14426	+ len = nla_len(info->attrs[NL80211_ATTR_FRAME]);
	14427	+
	14428	+ if (len < sizeof(struct ethhdr))
	14429	+ return -EINVAL;
	14430	+
	14431	+ if (!ether_addr_equal(buf, dest) \|\| is_multicast_ether_addr(buf) \|\|
	14432	+ !ether_addr_equal(buf + ETH_ALEN, dev->dev_addr))
	14433	+ return -EINVAL;
	14434	+
	14435	+ err = rdev_get_station(rdev, dev, dest, &sinfo);
	14436	+ if (err)
	14437	+ return err;
	14438	+
	14439	+ cfg80211_sinfo_release_content(&sinfo);
	14440	+
	14441	+ return rdev_probe_mesh_link(rdev, dev, dest, buf, len);
	14442	+}
	14443	+
	14444	+static int parse_tid_conf(struct cfg80211_registered_device *rdev,
	14445	+ struct nlattr attrs[], struct net_device dev,
	14446	+ struct cfg80211_tid_cfg *tid_conf,
	14447	+ struct genl_info info, const u8 peer)
	14448	+{
	14449	+ struct netlink_ext_ack *extack = info->extack;
	14450	+ u64 mask;
	14451	+ int err;
	14452	+
	14453	+ if (!attrs[NL80211_TID_CONFIG_ATTR_TIDS])
	14454	+ return -EINVAL;
	14455	+
	14456	+ tid_conf->config_override =
	14457	+ nla_get_flag(attrs[NL80211_TID_CONFIG_ATTR_OVERRIDE]);
	14458	+ tid_conf->tids = nla_get_u16(attrs[NL80211_TID_CONFIG_ATTR_TIDS]);
	14459	+
	14460	+ if (tid_conf->config_override) {
	14461	+ if (rdev->ops->reset_tid_config) {
	14462	+ err = rdev_reset_tid_config(rdev, dev, peer,
	14463	+ tid_conf->tids);
	14464	+ if (err)
	14465	+ return err;
	14466	+ } else {
	14467	+ return -EINVAL;
	14468	+ }
	14469	+ }
	14470	+
	14471	+ if (attrs[NL80211_TID_CONFIG_ATTR_NOACK]) {
	14472	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_NOACK);
	14473	+ tid_conf->noack =
	14474	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_NOACK]);
	14475	+ }
	14476	+
	14477	+ if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]) {
	14478	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_RETRY_SHORT);
	14479	+ tid_conf->retry_short =
	14480	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_SHORT]);
	14481	+
	14482	+ if (tid_conf->retry_short > rdev->wiphy.max_data_retry_count)
	14483	+ return -EINVAL;
	14484	+ }
	14485	+
	14486	+ if (attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]) {
	14487	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_RETRY_LONG);
	14488	+ tid_conf->retry_long =
	14489	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RETRY_LONG]);
	14490	+
	14491	+ if (tid_conf->retry_long > rdev->wiphy.max_data_retry_count)
	14492	+ return -EINVAL;
	14493	+ }
	14494	+
	14495	+ if (attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]) {
	14496	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_AMPDU_CTRL);
	14497	+ tid_conf->ampdu =
	14498	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMPDU_CTRL]);
	14499	+ }
	14500	+
	14501	+ if (attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]) {
	14502	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL);
	14503	+ tid_conf->rtscts =
	14504	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL]);
	14505	+ }
	14506	+
	14507	+ if (attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]) {
	14508	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_AMSDU_CTRL);
	14509	+ tid_conf->amsdu =
	14510	+ nla_get_u8(attrs[NL80211_TID_CONFIG_ATTR_AMSDU_CTRL]);
	14511	+ }
	14512	+
	14513	+ if (attrs[NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE]) {
	14514	+ u32 idx = NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE, attr;
	14515	+
	14516	+ tid_conf->txrate_type = nla_get_u8(attrs[idx]);
	14517	+
	14518	+ if (tid_conf->txrate_type != NL80211_TX_RATE_AUTOMATIC) {
	14519	+ attr = NL80211_TID_CONFIG_ATTR_TX_RATE;
	14520	+ err = nl80211_parse_tx_bitrate_mask(info, attrs, attr,
	14521	+ &tid_conf->txrate_mask, dev);
	14522	+ if (err)
	14523	+ return err;
	14524	+
	14525	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE);
	14526	+ }
	14527	+ tid_conf->mask \|= BIT(NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE);
	14528	+ }
	14529	+
	14530	+ if (peer)
	14531	+ mask = rdev->wiphy.tid_config_support.peer;
	14532	+ else
	14533	+ mask = rdev->wiphy.tid_config_support.vif;
	14534	+
	14535	+ if (tid_conf->mask & ~mask) {
	14536	+ NL_SET_ERR_MSG(extack, "unsupported TID configuration");
	14537	+ return -ENOTSUPP;
	14538	+ }
	14539	+
	14540	+ return 0;
	14541	+}
	14542	+
	14543	+static int nl80211_set_tid_config(struct sk_buff *skb,
	14544	+ struct genl_info *info)
	14545	+{
	14546	+ struct cfg80211_registered_device *rdev = info->user_ptr[0];
	14547	+ struct nlattr *attrs[NL80211_TID_CONFIG_ATTR_MAX + 1];
	14548	+ struct net_device *dev = info->user_ptr[1];
	14549	+ struct cfg80211_tid_config *tid_config;
	14550	+ struct nlattr *tid;
	14551	+ int conf_idx = 0, rem_conf;
	14552	+ int ret = -EINVAL;
	14553	+ u32 num_conf = 0;
	14554	+
	14555	+ if (!info->attrs[NL80211_ATTR_TID_CONFIG])
	14556	+ return -EINVAL;
	14557	+
	14558	+ if (!rdev->ops->set_tid_config)
	14559	+ return -EOPNOTSUPP;
	14560	+
	14561	+ nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
	14562	+ rem_conf)
	14563	+ num_conf++;
	14564	+
	14565	+ tid_config = kzalloc(struct_size(tid_config, tid_conf, num_conf),
	14566	+ GFP_KERNEL);
	14567	+ if (!tid_config)
	14568	+ return -ENOMEM;
	14569	+
	14570	+ tid_config->n_tid_conf = num_conf;
	14571	+
	14572	+ if (info->attrs[NL80211_ATTR_MAC])
	14573	+ tid_config->peer = nla_data(info->attrs[NL80211_ATTR_MAC]);
	14574	+
	14575	+ nla_for_each_nested(tid, info->attrs[NL80211_ATTR_TID_CONFIG],
	14576	+ rem_conf) {
	14577	+ ret = nla_parse_nested(attrs, NL80211_TID_CONFIG_ATTR_MAX,
	14578	+ tid, NULL, NULL);
	14579	+
	14580	+ if (ret)
	14581	+ goto bad_tid_conf;
	14582	+
	14583	+ ret = parse_tid_conf(rdev, attrs, dev,
	14584	+ &tid_config->tid_conf[conf_idx],
	14585	+ info, tid_config->peer);
	14586	+ if (ret)
	14587	+ goto bad_tid_conf;
	14588	+
	14589	+ conf_idx++;
	14590	+ }
	14591	+
	14592	+ ret = rdev_set_tid_config(rdev, dev, tid_config);
	14593	+
	14594	+bad_tid_conf:
	14595	+ kfree(tid_config);
	14596	+ return ret;
13226	14597	}
13227	14598
13228	14599	#define NL80211_FLAG_NEED_WIPHY 0x01
..	..	@@ -13331,66 +14702,69 @@
13331	14702	static const struct genl_ops nl80211_ops[] = {
13332	14703	{
13333	14704	.cmd = NL80211_CMD_GET_WIPHY,
	14705	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13334	14706	.doit = nl80211_get_wiphy,
13335	14707	.dumpit = nl80211_dump_wiphy,
13336	14708	.done = nl80211_dump_wiphy_done,
13337		- .policy = nl80211_policy,
13338	14709	/* can be retrieved by unprivileged users */
13339	14710	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13340	14711	NL80211_FLAG_NEED_RTNL,
13341	14712	},
	14713	+};
	14714	+
	14715	+static const struct genl_small_ops nl80211_small_ops[] = {
13342	14716	{
13343	14717	.cmd = NL80211_CMD_SET_WIPHY,
	14718	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13344	14719	.doit = nl80211_set_wiphy,
13345		- .policy = nl80211_policy,
13346	14720	.flags = GENL_UNS_ADMIN_PERM,
13347	14721	.internal_flags = NL80211_FLAG_NEED_RTNL,
13348	14722	},
13349	14723	{
13350	14724	.cmd = NL80211_CMD_GET_INTERFACE,
	14725	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13351	14726	.doit = nl80211_get_interface,
13352	14727	.dumpit = nl80211_dump_interface,
13353		- .policy = nl80211_policy,
13354	14728	/* can be retrieved by unprivileged users */
13355	14729	.internal_flags = NL80211_FLAG_NEED_WDEV \|
13356	14730	NL80211_FLAG_NEED_RTNL,
13357	14731	},
13358	14732	{
13359	14733	.cmd = NL80211_CMD_SET_INTERFACE,
	14734	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13360	14735	.doit = nl80211_set_interface,
13361		- .policy = nl80211_policy,
13362	14736	.flags = GENL_UNS_ADMIN_PERM,
13363	14737	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13364	14738	NL80211_FLAG_NEED_RTNL,
13365	14739	},
13366	14740	{
13367	14741	.cmd = NL80211_CMD_NEW_INTERFACE,
	14742	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13368	14743	.doit = nl80211_new_interface,
13369		- .policy = nl80211_policy,
13370	14744	.flags = GENL_UNS_ADMIN_PERM,
13371	14745	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13372	14746	NL80211_FLAG_NEED_RTNL,
13373	14747	},
13374	14748	{
13375	14749	.cmd = NL80211_CMD_DEL_INTERFACE,
	14750	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13376	14751	.doit = nl80211_del_interface,
13377		- .policy = nl80211_policy,
13378	14752	.flags = GENL_UNS_ADMIN_PERM,
13379	14753	.internal_flags = NL80211_FLAG_NEED_WDEV \|
13380	14754	NL80211_FLAG_NEED_RTNL,
13381	14755	},
13382	14756	{
13383	14757	.cmd = NL80211_CMD_GET_KEY,
	14758	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13384	14759	.doit = nl80211_get_key,
13385		- .policy = nl80211_policy,
13386	14760	.flags = GENL_UNS_ADMIN_PERM,
13387	14761	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13388	14762	NL80211_FLAG_NEED_RTNL,
13389	14763	},
13390	14764	{
13391	14765	.cmd = NL80211_CMD_SET_KEY,
	14766	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13392	14767	.doit = nl80211_set_key,
13393		- .policy = nl80211_policy,
13394	14768	.flags = GENL_UNS_ADMIN_PERM,
13395	14769	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13396	14770	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13398,8 +14772,8 @@
13398	14772	},
13399	14773	{
13400	14774	.cmd = NL80211_CMD_NEW_KEY,
	14775	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13401	14776	.doit = nl80211_new_key,
13402		- .policy = nl80211_policy,
13403	14777	.flags = GENL_UNS_ADMIN_PERM,
13404	14778	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13405	14779	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13407,15 +14781,15 @@
13407	14781	},
13408	14782	{
13409	14783	.cmd = NL80211_CMD_DEL_KEY,
	14784	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13410	14785	.doit = nl80211_del_key,
13411		- .policy = nl80211_policy,
13412	14786	.flags = GENL_UNS_ADMIN_PERM,
13413	14787	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13414	14788	NL80211_FLAG_NEED_RTNL,
13415	14789	},
13416	14790	{
13417	14791	.cmd = NL80211_CMD_SET_BEACON,
13418		- .policy = nl80211_policy,
	14792	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13419	14793	.flags = GENL_UNS_ADMIN_PERM,
13420	14794	.doit = nl80211_set_beacon,
13421	14795	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
..	..	@@ -13423,7 +14797,7 @@
13423	14797	},
13424	14798	{
13425	14799	.cmd = NL80211_CMD_START_AP,
13426		- .policy = nl80211_policy,
	14800	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13427	14801	.flags = GENL_UNS_ADMIN_PERM,
13428	14802	.doit = nl80211_start_ap,
13429	14803	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
..	..	@@ -13431,7 +14805,7 @@
13431	14805	},
13432	14806	{
13433	14807	.cmd = NL80211_CMD_STOP_AP,
13434		- .policy = nl80211_policy,
	14808	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13435	14809	.flags = GENL_UNS_ADMIN_PERM,
13436	14810	.doit = nl80211_stop_ap,
13437	14811	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
..	..	@@ -13439,172 +14813,172 @@
13439	14813	},
13440	14814	{
13441	14815	.cmd = NL80211_CMD_GET_STATION,
	14816	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13442	14817	.doit = nl80211_get_station,
13443	14818	.dumpit = nl80211_dump_station,
13444		- .policy = nl80211_policy,
13445	14819	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13446	14820	NL80211_FLAG_NEED_RTNL,
13447	14821	},
13448	14822	{
13449	14823	.cmd = NL80211_CMD_SET_STATION,
	14824	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13450	14825	.doit = nl80211_set_station,
13451		- .policy = nl80211_policy,
13452	14826	.flags = GENL_UNS_ADMIN_PERM,
13453	14827	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13454	14828	NL80211_FLAG_NEED_RTNL,
13455	14829	},
13456	14830	{
13457	14831	.cmd = NL80211_CMD_NEW_STATION,
	14832	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13458	14833	.doit = nl80211_new_station,
13459		- .policy = nl80211_policy,
13460	14834	.flags = GENL_UNS_ADMIN_PERM,
13461	14835	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13462	14836	NL80211_FLAG_NEED_RTNL,
13463	14837	},
13464	14838	{
13465	14839	.cmd = NL80211_CMD_DEL_STATION,
	14840	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13466	14841	.doit = nl80211_del_station,
13467		- .policy = nl80211_policy,
13468	14842	.flags = GENL_UNS_ADMIN_PERM,
13469	14843	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13470	14844	NL80211_FLAG_NEED_RTNL,
13471	14845	},
13472	14846	{
13473	14847	.cmd = NL80211_CMD_GET_MPATH,
	14848	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13474	14849	.doit = nl80211_get_mpath,
13475	14850	.dumpit = nl80211_dump_mpath,
13476		- .policy = nl80211_policy,
13477	14851	.flags = GENL_UNS_ADMIN_PERM,
13478	14852	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13479	14853	NL80211_FLAG_NEED_RTNL,
13480	14854	},
13481	14855	{
13482	14856	.cmd = NL80211_CMD_GET_MPP,
	14857	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13483	14858	.doit = nl80211_get_mpp,
13484	14859	.dumpit = nl80211_dump_mpp,
13485		- .policy = nl80211_policy,
13486	14860	.flags = GENL_UNS_ADMIN_PERM,
13487	14861	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13488	14862	NL80211_FLAG_NEED_RTNL,
13489	14863	},
13490	14864	{
13491	14865	.cmd = NL80211_CMD_SET_MPATH,
	14866	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13492	14867	.doit = nl80211_set_mpath,
13493		- .policy = nl80211_policy,
13494	14868	.flags = GENL_UNS_ADMIN_PERM,
13495	14869	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13496	14870	NL80211_FLAG_NEED_RTNL,
13497	14871	},
13498	14872	{
13499	14873	.cmd = NL80211_CMD_NEW_MPATH,
	14874	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13500	14875	.doit = nl80211_new_mpath,
13501		- .policy = nl80211_policy,
13502	14876	.flags = GENL_UNS_ADMIN_PERM,
13503	14877	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13504	14878	NL80211_FLAG_NEED_RTNL,
13505	14879	},
13506	14880	{
13507	14881	.cmd = NL80211_CMD_DEL_MPATH,
	14882	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13508	14883	.doit = nl80211_del_mpath,
13509		- .policy = nl80211_policy,
13510	14884	.flags = GENL_UNS_ADMIN_PERM,
13511	14885	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13512	14886	NL80211_FLAG_NEED_RTNL,
13513	14887	},
13514	14888	{
13515	14889	.cmd = NL80211_CMD_SET_BSS,
	14890	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13516	14891	.doit = nl80211_set_bss,
13517		- .policy = nl80211_policy,
13518	14892	.flags = GENL_UNS_ADMIN_PERM,
13519	14893	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13520	14894	NL80211_FLAG_NEED_RTNL,
13521	14895	},
13522	14896	{
13523	14897	.cmd = NL80211_CMD_GET_REG,
	14898	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13524	14899	.doit = nl80211_get_reg_do,
13525	14900	.dumpit = nl80211_get_reg_dump,
13526		- .policy = nl80211_policy,
13527	14901	.internal_flags = NL80211_FLAG_NEED_RTNL,
13528	14902	/* can be retrieved by unprivileged users */
13529	14903	},
13530	14904	#ifdef CONFIG_CFG80211_CRDA_SUPPORT
13531	14905	{
13532	14906	.cmd = NL80211_CMD_SET_REG,
	14907	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13533	14908	.doit = nl80211_set_reg,
13534		- .policy = nl80211_policy,
13535	14909	.flags = GENL_ADMIN_PERM,
13536	14910	.internal_flags = NL80211_FLAG_NEED_RTNL,
13537	14911	},
13538	14912	#endif
13539	14913	{
13540	14914	.cmd = NL80211_CMD_REQ_SET_REG,
	14915	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13541	14916	.doit = nl80211_req_set_reg,
13542		- .policy = nl80211_policy,
13543	14917	.flags = GENL_ADMIN_PERM,
13544	14918	},
13545	14919	{
13546	14920	.cmd = NL80211_CMD_RELOAD_REGDB,
	14921	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13547	14922	.doit = nl80211_reload_regdb,
13548		- .policy = nl80211_policy,
13549	14923	.flags = GENL_ADMIN_PERM,
13550	14924	},
13551	14925	{
13552	14926	.cmd = NL80211_CMD_GET_MESH_CONFIG,
	14927	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13553	14928	.doit = nl80211_get_mesh_config,
13554		- .policy = nl80211_policy,
13555	14929	/* can be retrieved by unprivileged users */
13556	14930	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13557	14931	NL80211_FLAG_NEED_RTNL,
13558	14932	},
13559	14933	{
13560	14934	.cmd = NL80211_CMD_SET_MESH_CONFIG,
	14935	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13561	14936	.doit = nl80211_update_mesh_config,
13562		- .policy = nl80211_policy,
13563	14937	.flags = GENL_UNS_ADMIN_PERM,
13564	14938	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13565	14939	NL80211_FLAG_NEED_RTNL,
13566	14940	},
13567	14941	{
13568	14942	.cmd = NL80211_CMD_TRIGGER_SCAN,
	14943	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13569	14944	.doit = nl80211_trigger_scan,
13570		- .policy = nl80211_policy,
13571	14945	.flags = GENL_UNS_ADMIN_PERM,
13572	14946	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13573	14947	NL80211_FLAG_NEED_RTNL,
13574	14948	},
13575	14949	{
13576	14950	.cmd = NL80211_CMD_ABORT_SCAN,
	14951	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13577	14952	.doit = nl80211_abort_scan,
13578		- .policy = nl80211_policy,
13579	14953	.flags = GENL_UNS_ADMIN_PERM,
13580	14954	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13581	14955	NL80211_FLAG_NEED_RTNL,
13582	14956	},
13583	14957	{
13584	14958	.cmd = NL80211_CMD_GET_SCAN,
13585		- .policy = nl80211_policy,
	14959	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13586	14960	.dumpit = nl80211_dump_scan,
13587	14961	},
13588	14962	{
13589	14963	.cmd = NL80211_CMD_START_SCHED_SCAN,
	14964	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13590	14965	.doit = nl80211_start_sched_scan,
13591		- .policy = nl80211_policy,
13592	14966	.flags = GENL_UNS_ADMIN_PERM,
13593	14967	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13594	14968	NL80211_FLAG_NEED_RTNL,
13595	14969	},
13596	14970	{
13597	14971	.cmd = NL80211_CMD_STOP_SCHED_SCAN,
	14972	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13598	14973	.doit = nl80211_stop_sched_scan,
13599		- .policy = nl80211_policy,
13600	14974	.flags = GENL_UNS_ADMIN_PERM,
13601	14975	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13602	14976	NL80211_FLAG_NEED_RTNL,
13603	14977	},
13604	14978	{
13605	14979	.cmd = NL80211_CMD_AUTHENTICATE,
	14980	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13606	14981	.doit = nl80211_authenticate,
13607		- .policy = nl80211_policy,
13608	14982	.flags = GENL_UNS_ADMIN_PERM,
13609	14983	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13610	14984	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13612,8 +14986,8 @@
13612	14986	},
13613	14987	{
13614	14988	.cmd = NL80211_CMD_ASSOCIATE,
	14989	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13615	14990	.doit = nl80211_associate,
13616		- .policy = nl80211_policy,
13617	14991	.flags = GENL_UNS_ADMIN_PERM,
13618	14992	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13619	14993	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13621,32 +14995,32 @@
13621	14995	},
13622	14996	{
13623	14997	.cmd = NL80211_CMD_DEAUTHENTICATE,
	14998	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13624	14999	.doit = nl80211_deauthenticate,
13625		- .policy = nl80211_policy,
13626	15000	.flags = GENL_UNS_ADMIN_PERM,
13627	15001	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13628	15002	NL80211_FLAG_NEED_RTNL,
13629	15003	},
13630	15004	{
13631	15005	.cmd = NL80211_CMD_DISASSOCIATE,
	15006	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13632	15007	.doit = nl80211_disassociate,
13633		- .policy = nl80211_policy,
13634	15008	.flags = GENL_UNS_ADMIN_PERM,
13635	15009	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13636	15010	NL80211_FLAG_NEED_RTNL,
13637	15011	},
13638	15012	{
13639	15013	.cmd = NL80211_CMD_JOIN_IBSS,
	15014	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13640	15015	.doit = nl80211_join_ibss,
13641		- .policy = nl80211_policy,
13642	15016	.flags = GENL_UNS_ADMIN_PERM,
13643	15017	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13644	15018	NL80211_FLAG_NEED_RTNL,
13645	15019	},
13646	15020	{
13647	15021	.cmd = NL80211_CMD_LEAVE_IBSS,
	15022	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13648	15023	.doit = nl80211_leave_ibss,
13649		- .policy = nl80211_policy,
13650	15024	.flags = GENL_UNS_ADMIN_PERM,
13651	15025	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13652	15026	NL80211_FLAG_NEED_RTNL,
..	..	@@ -13654,9 +15028,9 @@
13654	15028	#ifdef CONFIG_NL80211_TESTMODE
13655	15029	{
13656	15030	.cmd = NL80211_CMD_TESTMODE,
	15031	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13657	15032	.doit = nl80211_testmode_do,
13658	15033	.dumpit = nl80211_testmode_dump,
13659		- .policy = nl80211_policy,
13660	15034	.flags = GENL_UNS_ADMIN_PERM,
13661	15035	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13662	15036	NL80211_FLAG_NEED_RTNL,
..	..	@@ -13664,8 +15038,8 @@
13664	15038	#endif
13665	15039	{
13666	15040	.cmd = NL80211_CMD_CONNECT,
	15041	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13667	15042	.doit = nl80211_connect,
13668		- .policy = nl80211_policy,
13669	15043	.flags = GENL_UNS_ADMIN_PERM,
13670	15044	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13671	15045	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13673,8 +15047,8 @@
13673	15047	},
13674	15048	{
13675	15049	.cmd = NL80211_CMD_UPDATE_CONNECT_PARAMS,
	15050	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13676	15051	.doit = nl80211_update_connect_params,
13677		- .policy = nl80211_policy,
13678	15052	.flags = GENL_ADMIN_PERM,
13679	15053	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13680	15054	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13682,29 +15056,29 @@
13682	15056	},
13683	15057	{
13684	15058	.cmd = NL80211_CMD_DISCONNECT,
	15059	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13685	15060	.doit = nl80211_disconnect,
13686		- .policy = nl80211_policy,
13687	15061	.flags = GENL_UNS_ADMIN_PERM,
13688	15062	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13689	15063	NL80211_FLAG_NEED_RTNL,
13690	15064	},
13691	15065	{
13692	15066	.cmd = NL80211_CMD_SET_WIPHY_NETNS,
	15067	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13693	15068	.doit = nl80211_wiphy_netns,
13694		- .policy = nl80211_policy,
13695	15069	.flags = GENL_UNS_ADMIN_PERM,
13696	15070	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13697	15071	NL80211_FLAG_NEED_RTNL,
13698	15072	},
13699	15073	{
13700	15074	.cmd = NL80211_CMD_GET_SURVEY,
13701		- .policy = nl80211_policy,
	15075	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13702	15076	.dumpit = nl80211_dump_survey,
13703	15077	},
13704	15078	{
13705	15079	.cmd = NL80211_CMD_SET_PMKSA,
	15080	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13706	15081	.doit = nl80211_setdel_pmksa,
13707		- .policy = nl80211_policy,
13708	15082	.flags = GENL_UNS_ADMIN_PERM,
13709	15083	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13710	15084	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13712,136 +15086,136 @@
13712	15086	},
13713	15087	{
13714	15088	.cmd = NL80211_CMD_DEL_PMKSA,
	15089	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13715	15090	.doit = nl80211_setdel_pmksa,
13716		- .policy = nl80211_policy,
13717	15091	.flags = GENL_UNS_ADMIN_PERM,
13718	15092	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13719	15093	NL80211_FLAG_NEED_RTNL,
13720	15094	},
13721	15095	{
13722	15096	.cmd = NL80211_CMD_FLUSH_PMKSA,
	15097	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13723	15098	.doit = nl80211_flush_pmksa,
13724		- .policy = nl80211_policy,
13725	15099	.flags = GENL_UNS_ADMIN_PERM,
13726	15100	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13727	15101	NL80211_FLAG_NEED_RTNL,
13728	15102	},
13729	15103	{
13730	15104	.cmd = NL80211_CMD_REMAIN_ON_CHANNEL,
	15105	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13731	15106	.doit = nl80211_remain_on_channel,
13732		- .policy = nl80211_policy,
13733	15107	.flags = GENL_UNS_ADMIN_PERM,
13734	15108	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13735	15109	NL80211_FLAG_NEED_RTNL,
13736	15110	},
13737	15111	{
13738	15112	.cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL,
	15113	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13739	15114	.doit = nl80211_cancel_remain_on_channel,
13740		- .policy = nl80211_policy,
13741	15115	.flags = GENL_UNS_ADMIN_PERM,
13742	15116	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13743	15117	NL80211_FLAG_NEED_RTNL,
13744	15118	},
13745	15119	{
13746	15120	.cmd = NL80211_CMD_SET_TX_BITRATE_MASK,
	15121	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13747	15122	.doit = nl80211_set_tx_bitrate_mask,
13748		- .policy = nl80211_policy,
13749	15123	.flags = GENL_UNS_ADMIN_PERM,
13750	15124	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13751	15125	NL80211_FLAG_NEED_RTNL,
13752	15126	},
13753	15127	{
13754	15128	.cmd = NL80211_CMD_REGISTER_FRAME,
	15129	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13755	15130	.doit = nl80211_register_mgmt,
13756		- .policy = nl80211_policy,
13757	15131	.flags = GENL_UNS_ADMIN_PERM,
13758	15132	.internal_flags = NL80211_FLAG_NEED_WDEV \|
13759	15133	NL80211_FLAG_NEED_RTNL,
13760	15134	},
13761	15135	{
13762	15136	.cmd = NL80211_CMD_FRAME,
	15137	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13763	15138	.doit = nl80211_tx_mgmt,
13764		- .policy = nl80211_policy,
13765	15139	.flags = GENL_UNS_ADMIN_PERM,
13766	15140	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13767	15141	NL80211_FLAG_NEED_RTNL,
13768	15142	},
13769	15143	{
13770	15144	.cmd = NL80211_CMD_FRAME_WAIT_CANCEL,
	15145	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13771	15146	.doit = nl80211_tx_mgmt_cancel_wait,
13772		- .policy = nl80211_policy,
13773	15147	.flags = GENL_UNS_ADMIN_PERM,
13774	15148	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13775	15149	NL80211_FLAG_NEED_RTNL,
13776	15150	},
13777	15151	{
13778	15152	.cmd = NL80211_CMD_SET_POWER_SAVE,
	15153	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13779	15154	.doit = nl80211_set_power_save,
13780		- .policy = nl80211_policy,
13781	15155	.flags = GENL_UNS_ADMIN_PERM,
13782	15156	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13783	15157	NL80211_FLAG_NEED_RTNL,
13784	15158	},
13785	15159	{
13786	15160	.cmd = NL80211_CMD_GET_POWER_SAVE,
	15161	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13787	15162	.doit = nl80211_get_power_save,
13788		- .policy = nl80211_policy,
13789	15163	/* can be retrieved by unprivileged users */
13790	15164	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13791	15165	NL80211_FLAG_NEED_RTNL,
13792	15166	},
13793	15167	{
13794	15168	.cmd = NL80211_CMD_SET_CQM,
	15169	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13795	15170	.doit = nl80211_set_cqm,
13796		- .policy = nl80211_policy,
13797	15171	.flags = GENL_UNS_ADMIN_PERM,
13798	15172	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13799	15173	NL80211_FLAG_NEED_RTNL,
13800	15174	},
13801	15175	{
13802	15176	.cmd = NL80211_CMD_SET_CHANNEL,
	15177	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13803	15178	.doit = nl80211_set_channel,
13804		- .policy = nl80211_policy,
13805	15179	.flags = GENL_UNS_ADMIN_PERM,
13806	15180	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13807	15181	NL80211_FLAG_NEED_RTNL,
13808	15182	},
13809	15183	{
13810	15184	.cmd = NL80211_CMD_SET_WDS_PEER,
	15185	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13811	15186	.doit = nl80211_set_wds_peer,
13812		- .policy = nl80211_policy,
13813	15187	.flags = GENL_UNS_ADMIN_PERM,
13814	15188	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13815	15189	NL80211_FLAG_NEED_RTNL,
13816	15190	},
13817	15191	{
13818	15192	.cmd = NL80211_CMD_JOIN_MESH,
	15193	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13819	15194	.doit = nl80211_join_mesh,
13820		- .policy = nl80211_policy,
13821	15195	.flags = GENL_UNS_ADMIN_PERM,
13822	15196	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13823	15197	NL80211_FLAG_NEED_RTNL,
13824	15198	},
13825	15199	{
13826	15200	.cmd = NL80211_CMD_LEAVE_MESH,
	15201	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13827	15202	.doit = nl80211_leave_mesh,
13828		- .policy = nl80211_policy,
13829	15203	.flags = GENL_UNS_ADMIN_PERM,
13830	15204	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13831	15205	NL80211_FLAG_NEED_RTNL,
13832	15206	},
13833	15207	{
13834	15208	.cmd = NL80211_CMD_JOIN_OCB,
	15209	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13835	15210	.doit = nl80211_join_ocb,
13836		- .policy = nl80211_policy,
13837	15211	.flags = GENL_UNS_ADMIN_PERM,
13838	15212	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13839	15213	NL80211_FLAG_NEED_RTNL,
13840	15214	},
13841	15215	{
13842	15216	.cmd = NL80211_CMD_LEAVE_OCB,
	15217	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13843	15218	.doit = nl80211_leave_ocb,
13844		- .policy = nl80211_policy,
13845	15219	.flags = GENL_UNS_ADMIN_PERM,
13846	15220	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13847	15221	NL80211_FLAG_NEED_RTNL,
..	..	@@ -13849,16 +15223,16 @@
13849	15223	#ifdef CONFIG_PM
13850	15224	{
13851	15225	.cmd = NL80211_CMD_GET_WOWLAN,
	15226	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13852	15227	.doit = nl80211_get_wowlan,
13853		- .policy = nl80211_policy,
13854	15228	/* can be retrieved by unprivileged users */
13855	15229	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13856	15230	NL80211_FLAG_NEED_RTNL,
13857	15231	},
13858	15232	{
13859	15233	.cmd = NL80211_CMD_SET_WOWLAN,
	15234	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13860	15235	.doit = nl80211_set_wowlan,
13861		- .policy = nl80211_policy,
13862	15236	.flags = GENL_UNS_ADMIN_PERM,
13863	15237	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13864	15238	NL80211_FLAG_NEED_RTNL,
..	..	@@ -13866,8 +15240,8 @@
13866	15240	#endif
13867	15241	{
13868	15242	.cmd = NL80211_CMD_SET_REKEY_OFFLOAD,
	15243	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13869	15244	.doit = nl80211_set_rekey_data,
13870		- .policy = nl80211_policy,
13871	15245	.flags = GENL_UNS_ADMIN_PERM,
13872	15246	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13873	15247	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -13875,189 +15249,189 @@
13875	15249	},
13876	15250	{
13877	15251	.cmd = NL80211_CMD_TDLS_MGMT,
	15252	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13878	15253	.doit = nl80211_tdls_mgmt,
13879		- .policy = nl80211_policy,
13880	15254	.flags = GENL_UNS_ADMIN_PERM,
13881	15255	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13882	15256	NL80211_FLAG_NEED_RTNL,
13883	15257	},
13884	15258	{
13885	15259	.cmd = NL80211_CMD_TDLS_OPER,
	15260	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13886	15261	.doit = nl80211_tdls_oper,
13887		- .policy = nl80211_policy,
13888	15262	.flags = GENL_UNS_ADMIN_PERM,
13889	15263	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13890	15264	NL80211_FLAG_NEED_RTNL,
13891	15265	},
13892	15266	{
13893	15267	.cmd = NL80211_CMD_UNEXPECTED_FRAME,
	15268	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13894	15269	.doit = nl80211_register_unexpected_frame,
13895		- .policy = nl80211_policy,
13896	15270	.flags = GENL_UNS_ADMIN_PERM,
13897	15271	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13898	15272	NL80211_FLAG_NEED_RTNL,
13899	15273	},
13900	15274	{
13901	15275	.cmd = NL80211_CMD_PROBE_CLIENT,
	15276	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13902	15277	.doit = nl80211_probe_client,
13903		- .policy = nl80211_policy,
13904	15278	.flags = GENL_UNS_ADMIN_PERM,
13905	15279	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
13906	15280	NL80211_FLAG_NEED_RTNL,
13907	15281	},
13908	15282	{
13909	15283	.cmd = NL80211_CMD_REGISTER_BEACONS,
	15284	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13910	15285	.doit = nl80211_register_beacons,
13911		- .policy = nl80211_policy,
13912	15286	.flags = GENL_UNS_ADMIN_PERM,
13913	15287	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
13914	15288	NL80211_FLAG_NEED_RTNL,
13915	15289	},
13916	15290	{
13917	15291	.cmd = NL80211_CMD_SET_NOACK_MAP,
	15292	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13918	15293	.doit = nl80211_set_noack_map,
13919		- .policy = nl80211_policy,
13920	15294	.flags = GENL_UNS_ADMIN_PERM,
13921	15295	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13922	15296	NL80211_FLAG_NEED_RTNL,
13923	15297	},
13924	15298	{
13925	15299	.cmd = NL80211_CMD_START_P2P_DEVICE,
	15300	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13926	15301	.doit = nl80211_start_p2p_device,
13927		- .policy = nl80211_policy,
13928	15302	.flags = GENL_UNS_ADMIN_PERM,
13929	15303	.internal_flags = NL80211_FLAG_NEED_WDEV \|
13930	15304	NL80211_FLAG_NEED_RTNL,
13931	15305	},
13932	15306	{
13933	15307	.cmd = NL80211_CMD_STOP_P2P_DEVICE,
	15308	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13934	15309	.doit = nl80211_stop_p2p_device,
13935		- .policy = nl80211_policy,
13936	15310	.flags = GENL_UNS_ADMIN_PERM,
13937	15311	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13938	15312	NL80211_FLAG_NEED_RTNL,
13939	15313	},
13940	15314	{
13941	15315	.cmd = NL80211_CMD_START_NAN,
	15316	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13942	15317	.doit = nl80211_start_nan,
13943		- .policy = nl80211_policy,
13944	15318	.flags = GENL_ADMIN_PERM,
13945	15319	.internal_flags = NL80211_FLAG_NEED_WDEV \|
13946	15320	NL80211_FLAG_NEED_RTNL,
13947	15321	},
13948	15322	{
13949	15323	.cmd = NL80211_CMD_STOP_NAN,
	15324	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13950	15325	.doit = nl80211_stop_nan,
13951		- .policy = nl80211_policy,
13952	15326	.flags = GENL_ADMIN_PERM,
13953	15327	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13954	15328	NL80211_FLAG_NEED_RTNL,
13955	15329	},
13956	15330	{
13957	15331	.cmd = NL80211_CMD_ADD_NAN_FUNCTION,
	15332	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13958	15333	.doit = nl80211_nan_add_func,
13959		- .policy = nl80211_policy,
13960	15334	.flags = GENL_ADMIN_PERM,
13961	15335	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13962	15336	NL80211_FLAG_NEED_RTNL,
13963	15337	},
13964	15338	{
13965	15339	.cmd = NL80211_CMD_DEL_NAN_FUNCTION,
	15340	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13966	15341	.doit = nl80211_nan_del_func,
13967		- .policy = nl80211_policy,
13968	15342	.flags = GENL_ADMIN_PERM,
13969	15343	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13970	15344	NL80211_FLAG_NEED_RTNL,
13971	15345	},
13972	15346	{
13973	15347	.cmd = NL80211_CMD_CHANGE_NAN_CONFIG,
	15348	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13974	15349	.doit = nl80211_nan_change_config,
13975		- .policy = nl80211_policy,
13976	15350	.flags = GENL_ADMIN_PERM,
13977	15351	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
13978	15352	NL80211_FLAG_NEED_RTNL,
13979	15353	},
13980	15354	{
13981	15355	.cmd = NL80211_CMD_SET_MCAST_RATE,
	15356	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13982	15357	.doit = nl80211_set_mcast_rate,
13983		- .policy = nl80211_policy,
13984	15358	.flags = GENL_UNS_ADMIN_PERM,
13985	15359	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13986	15360	NL80211_FLAG_NEED_RTNL,
13987	15361	},
13988	15362	{
13989	15363	.cmd = NL80211_CMD_SET_MAC_ACL,
	15364	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13990	15365	.doit = nl80211_set_mac_acl,
13991		- .policy = nl80211_policy,
13992	15366	.flags = GENL_UNS_ADMIN_PERM,
13993	15367	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
13994	15368	NL80211_FLAG_NEED_RTNL,
13995	15369	},
13996	15370	{
13997	15371	.cmd = NL80211_CMD_RADAR_DETECT,
	15372	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
13998	15373	.doit = nl80211_start_radar_detection,
13999		- .policy = nl80211_policy,
14000	15374	.flags = GENL_UNS_ADMIN_PERM,
14001	15375	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14002	15376	NL80211_FLAG_NEED_RTNL,
14003	15377	},
14004	15378	{
14005	15379	.cmd = NL80211_CMD_GET_PROTOCOL_FEATURES,
	15380	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14006	15381	.doit = nl80211_get_protocol_features,
14007		- .policy = nl80211_policy,
14008	15382	},
14009	15383	{
14010	15384	.cmd = NL80211_CMD_UPDATE_FT_IES,
	15385	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14011	15386	.doit = nl80211_update_ft_ies,
14012		- .policy = nl80211_policy,
14013	15387	.flags = GENL_UNS_ADMIN_PERM,
14014	15388	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14015	15389	NL80211_FLAG_NEED_RTNL,
14016	15390	},
14017	15391	{
14018	15392	.cmd = NL80211_CMD_CRIT_PROTOCOL_START,
	15393	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14019	15394	.doit = nl80211_crit_protocol_start,
14020		- .policy = nl80211_policy,
14021	15395	.flags = GENL_UNS_ADMIN_PERM,
14022	15396	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
14023	15397	NL80211_FLAG_NEED_RTNL,
14024	15398	},
14025	15399	{
14026	15400	.cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
	15401	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14027	15402	.doit = nl80211_crit_protocol_stop,
14028		- .policy = nl80211_policy,
14029	15403	.flags = GENL_UNS_ADMIN_PERM,
14030	15404	.internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
14031	15405	NL80211_FLAG_NEED_RTNL,
14032	15406	},
14033	15407	{
14034	15408	.cmd = NL80211_CMD_GET_COALESCE,
	15409	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14035	15410	.doit = nl80211_get_coalesce,
14036		- .policy = nl80211_policy,
14037	15411	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
14038	15412	NL80211_FLAG_NEED_RTNL,
14039	15413	},
14040	15414	{
14041	15415	.cmd = NL80211_CMD_SET_COALESCE,
	15416	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14042	15417	.doit = nl80211_set_coalesce,
14043		- .policy = nl80211_policy,
14044	15418	.flags = GENL_UNS_ADMIN_PERM,
14045	15419	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
14046	15420	NL80211_FLAG_NEED_RTNL,
14047	15421	},
14048	15422	{
14049	15423	.cmd = NL80211_CMD_CHANNEL_SWITCH,
	15424	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14050	15425	.doit = nl80211_channel_switch,
14051		- .policy = nl80211_policy,
14052	15426	.flags = GENL_UNS_ADMIN_PERM,
14053	15427	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14054	15428	NL80211_FLAG_NEED_RTNL,
14055	15429	},
14056	15430	{
14057	15431	.cmd = NL80211_CMD_VENDOR,
	15432	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14058	15433	.doit = nl80211_vendor_cmd,
14059	15434	.dumpit = nl80211_vendor_cmd_dump,
14060		- .policy = nl80211_policy,
14061	15435	.flags = GENL_UNS_ADMIN_PERM,
14062	15436	.internal_flags = NL80211_FLAG_NEED_WIPHY \|
14063	15437	NL80211_FLAG_NEED_RTNL \|
..	..	@@ -14065,79 +15439,102 @@
14065	15439	},
14066	15440	{
14067	15441	.cmd = NL80211_CMD_SET_QOS_MAP,
	15442	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14068	15443	.doit = nl80211_set_qos_map,
14069		- .policy = nl80211_policy,
14070	15444	.flags = GENL_UNS_ADMIN_PERM,
14071	15445	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14072	15446	NL80211_FLAG_NEED_RTNL,
14073	15447	},
14074	15448	{
14075	15449	.cmd = NL80211_CMD_ADD_TX_TS,
	15450	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14076	15451	.doit = nl80211_add_tx_ts,
14077		- .policy = nl80211_policy,
14078	15452	.flags = GENL_UNS_ADMIN_PERM,
14079	15453	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14080	15454	NL80211_FLAG_NEED_RTNL,
14081	15455	},
14082	15456	{
14083	15457	.cmd = NL80211_CMD_DEL_TX_TS,
	15458	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14084	15459	.doit = nl80211_del_tx_ts,
14085		- .policy = nl80211_policy,
14086	15460	.flags = GENL_UNS_ADMIN_PERM,
14087	15461	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14088	15462	NL80211_FLAG_NEED_RTNL,
14089	15463	},
14090	15464	{
14091	15465	.cmd = NL80211_CMD_TDLS_CHANNEL_SWITCH,
	15466	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14092	15467	.doit = nl80211_tdls_channel_switch,
14093		- .policy = nl80211_policy,
14094	15468	.flags = GENL_UNS_ADMIN_PERM,
14095	15469	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14096	15470	NL80211_FLAG_NEED_RTNL,
14097	15471	},
14098	15472	{
14099	15473	.cmd = NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH,
	15474	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14100	15475	.doit = nl80211_tdls_cancel_channel_switch,
14101		- .policy = nl80211_policy,
14102	15476	.flags = GENL_UNS_ADMIN_PERM,
14103	15477	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14104	15478	NL80211_FLAG_NEED_RTNL,
14105	15479	},
14106	15480	{
14107	15481	.cmd = NL80211_CMD_SET_MULTICAST_TO_UNICAST,
	15482	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14108	15483	.doit = nl80211_set_multicast_to_unicast,
14109		- .policy = nl80211_policy,
14110	15484	.flags = GENL_UNS_ADMIN_PERM,
14111	15485	.internal_flags = NL80211_FLAG_NEED_NETDEV \|
14112	15486	NL80211_FLAG_NEED_RTNL,
14113	15487	},
14114	15488	{
14115	15489	.cmd = NL80211_CMD_SET_PMK,
	15490	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14116	15491	.doit = nl80211_set_pmk,
14117		- .policy = nl80211_policy,
14118	15492	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14119	15493	NL80211_FLAG_NEED_RTNL \|
14120	15494	NL80211_FLAG_CLEAR_SKB,
14121	15495	},
14122	15496	{
14123	15497	.cmd = NL80211_CMD_DEL_PMK,
	15498	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14124	15499	.doit = nl80211_del_pmk,
14125		- .policy = nl80211_policy,
14126	15500	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14127	15501	NL80211_FLAG_NEED_RTNL,
14128	15502	},
14129	15503	{
14130	15504	.cmd = NL80211_CMD_EXTERNAL_AUTH,
	15505	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14131	15506	.doit = nl80211_external_auth,
14132		- .policy = nl80211_policy,
14133	15507	.flags = GENL_ADMIN_PERM,
14134	15508	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14135	15509	NL80211_FLAG_NEED_RTNL,
14136	15510	},
14137	15511	{
14138	15512	.cmd = NL80211_CMD_CONTROL_PORT_FRAME,
	15513	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
14139	15514	.doit = nl80211_tx_control_port,
14140		- .policy = nl80211_policy,
	15515	+ .flags = GENL_UNS_ADMIN_PERM,
	15516	+ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
	15517	+ NL80211_FLAG_NEED_RTNL,
	15518	+ },
	15519	+ {
	15520	+ .cmd = NL80211_CMD_GET_FTM_RESPONDER_STATS,
	15521	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
	15522	+ .doit = nl80211_get_ftm_responder_stats,
	15523	+ .internal_flags = NL80211_FLAG_NEED_NETDEV \|
	15524	+ NL80211_FLAG_NEED_RTNL,
	15525	+ },
	15526	+ {
	15527	+ .cmd = NL80211_CMD_PEER_MEASUREMENT_START,
	15528	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
	15529	+ .doit = nl80211_pmsr_start,
	15530	+ .flags = GENL_UNS_ADMIN_PERM,
	15531	+ .internal_flags = NL80211_FLAG_NEED_WDEV_UP \|
	15532	+ NL80211_FLAG_NEED_RTNL,
	15533	+ },
	15534	+ {
	15535	+ .cmd = NL80211_CMD_NOTIFY_RADAR,
	15536	+ .validate = GENL_DONT_VALIDATE_STRICT \| GENL_DONT_VALIDATE_DUMP,
	15537	+ .doit = nl80211_notify_radar_detection,
14141	15538	.flags = GENL_UNS_ADMIN_PERM,
14142	15539	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14143	15540	NL80211_FLAG_NEED_RTNL,
..	..	@@ -14149,6 +15546,20 @@
14149	15546	.internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
14150	15547	NL80211_FLAG_NEED_RTNL,
14151	15548	},
	15549	+ {
	15550	+ .cmd = NL80211_CMD_PROBE_MESH_LINK,
	15551	+ .doit = nl80211_probe_mesh_link,
	15552	+ .flags = GENL_UNS_ADMIN_PERM,
	15553	+ .internal_flags = NL80211_FLAG_NEED_NETDEV_UP \|
	15554	+ NL80211_FLAG_NEED_RTNL,
	15555	+ },
	15556	+ {
	15557	+ .cmd = NL80211_CMD_SET_TID_CONFIG,
	15558	+ .doit = nl80211_set_tid_config,
	15559	+ .flags = GENL_UNS_ADMIN_PERM,
	15560	+ .internal_flags = NL80211_FLAG_NEED_NETDEV \|
	15561	+ NL80211_FLAG_NEED_RTNL,
	15562	+ },
14152	15563	};
14153	15564
14154	15565	static struct genl_family nl80211_fam __ro_after_init = {
..	..	@@ -14156,14 +15567,18 @@
14156	15567	.hdrsize = 0, /* no private header */
14157	15568	.version = 1, /* no particular meaning now */
14158	15569	.maxattr = NL80211_ATTR_MAX,
	15570	+ .policy = nl80211_policy,
14159	15571	.netnsok = true,
14160	15572	.pre_doit = nl80211_pre_doit,
14161	15573	.post_doit = nl80211_post_doit,
14162	15574	.module = THIS_MODULE,
14163	15575	.ops = nl80211_ops,
14164	15576	.n_ops = ARRAY_SIZE(nl80211_ops),
	15577	+ .small_ops = nl80211_small_ops,
	15578	+ .n_small_ops = ARRAY_SIZE(nl80211_small_ops),
14165	15579	.mcgrps = nl80211_mcgrps,
14166	15580	.n_mcgrps = ARRAY_SIZE(nl80211_mcgrps),
	15581	+ .parallel_ops = true,
14167	15582	};
14168	15583
14169	15584	/* notification functions */
..	..	@@ -14196,15 +15611,11 @@
14196	15611	{
14197	15612	struct sk_buff *msg;
14198	15613
14199		- WARN_ON(cmd != NL80211_CMD_NEW_INTERFACE &&
14200		- cmd != NL80211_CMD_DEL_INTERFACE);
14201		-
14202	15614	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
14203	15615	if (!msg)
14204	15616	return;
14205	15617
14206		- if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev,
14207		- cmd == NL80211_CMD_DEL_INTERFACE) < 0) {
	15618	+ if (nl80211_send_iface(msg, 0, 0, 0, rdev, wdev, cmd) < 0) {
14208	15619	nlmsg_free(msg);
14209	15620	return;
14210	15621	}
..	..	@@ -14219,11 +15630,12 @@
14219	15630	struct cfg80211_scan_request *req = rdev->scan_req;
14220	15631	struct nlattr *nest;
14221	15632	int i;
	15633	+ struct cfg80211_scan_info *info;
14222	15634
14223	15635	if (WARN_ON(!req))
14224	15636	return 0;
14225	15637
14226		- nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
	15638	+ nest = nla_nest_start_noflag(msg, NL80211_ATTR_SCAN_SSIDS);
14227	15639	if (!nest)
14228	15640	goto nla_put_failure;
14229	15641	for (i = 0; i < req->n_ssids; i++) {
..	..	@@ -14232,14 +15644,27 @@
14232	15644	}
14233	15645	nla_nest_end(msg, nest);
14234	15646
14235		- nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
14236		- if (!nest)
14237		- goto nla_put_failure;
14238		- for (i = 0; i < req->n_channels; i++) {
14239		- if (nla_put_u32(msg, i, req->channels[i]->center_freq))
	15647	+ if (req->flags & NL80211_SCAN_FLAG_FREQ_KHZ) {
	15648	+ nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQ_KHZ);
	15649	+ if (!nest)
14240	15650	goto nla_put_failure;
	15651	+ for (i = 0; i < req->n_channels; i++) {
	15652	+ if (nla_put_u32(msg, i,
	15653	+ ieee80211_channel_to_khz(req->channels[i])))
	15654	+ goto nla_put_failure;
	15655	+ }
	15656	+ nla_nest_end(msg, nest);
	15657	+ } else {
	15658	+ nest = nla_nest_start_noflag(msg,
	15659	+ NL80211_ATTR_SCAN_FREQUENCIES);
	15660	+ if (!nest)
	15661	+ goto nla_put_failure;
	15662	+ for (i = 0; i < req->n_channels; i++) {
	15663	+ if (nla_put_u32(msg, i, req->channels[i]->center_freq))
	15664	+ goto nla_put_failure;
	15665	+ }
	15666	+ nla_nest_end(msg, nest);
14241	15667	}
14242		- nla_nest_end(msg, nest);
14243	15668
14244	15669	if (req->ie &&
14245	15670	nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
..	..	@@ -14249,11 +15674,13 @@
14249	15674	nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
14250	15675	goto nla_put_failure;
14251	15676
14252		- if (req->info.scan_start_tsf &&
	15677	+ info = rdev->int_scan_req ? &rdev->int_scan_req->info :
	15678	+ &rdev->scan_req->info;
	15679	+ if (info->scan_start_tsf &&
14253	15680	(nla_put_u64_64bit(msg, NL80211_ATTR_SCAN_START_TIME_TSF,
14254		- req->info.scan_start_tsf, NL80211_BSS_PAD) \|\|
	15681	+ info->scan_start_tsf, NL80211_BSS_PAD) \|\|
14255	15682	nla_put(msg, NL80211_ATTR_SCAN_START_TIME_TSF_BSSID, ETH_ALEN,
14256		- req->info.tsf_bssid)))
	15683	+ info->tsf_bssid)))
14257	15684	goto nla_put_failure;
14258	15685
14259	15686	return 0;
..	..	@@ -14444,12 +15871,10 @@
14444	15871	return;
14445	15872
14446	15873	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd_id);
14447		- if (!hdr) {
14448		- nlmsg_free(msg);
14449		- return;
14450		- }
	15874	+ if (!hdr)
	15875	+ goto nla_put_failure;
14451	15876
14452		- if (nl80211_reg_change_event_fill(msg, request) == false)
	15877	+ if (!nl80211_reg_change_event_fill(msg, request))
14453	15878	goto nla_put_failure;
14454	15879
14455	15880	genlmsg_end(msg, hdr);
..	..	@@ -14469,12 +15894,13 @@
14469	15894	struct net_device *netdev,
14470	15895	const u8 *buf, size_t len,
14471	15896	enum nl80211_commands cmd, gfp_t gfp,
14472		- int uapsd_queues)
	15897	+ int uapsd_queues, const u8 *req_ies,
	15898	+ size_t req_ies_len)
14473	15899	{
14474	15900	struct sk_buff *msg;
14475	15901	void *hdr;
14476	15902
14477		- msg = nlmsg_new(100 + len, gfp);
	15903	+ msg = nlmsg_new(100 + len + req_ies_len, gfp);
14478	15904	if (!msg)
14479	15905	return;
14480	15906
..	..	@@ -14486,12 +15912,14 @@
14486	15912
14487	15913	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) \|\|
14488	15914	nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) \|\|
14489		- nla_put(msg, NL80211_ATTR_FRAME, len, buf))
	15915	+ nla_put(msg, NL80211_ATTR_FRAME, len, buf) \|\|
	15916	+ (req_ies &&
	15917	+ nla_put(msg, NL80211_ATTR_REQ_IE, req_ies_len, req_ies)))
14490	15918	goto nla_put_failure;
14491	15919
14492	15920	if (uapsd_queues >= 0) {
14493	15921	struct nlattr *nla_wmm =
14494		- nla_nest_start(msg, NL80211_ATTR_STA_WME);
	15922	+ nla_nest_start_noflag(msg, NL80211_ATTR_STA_WME);
14495	15923	if (!nla_wmm)
14496	15924	goto nla_put_failure;
14497	15925
..	..	@@ -14517,15 +15945,17 @@
14517	15945	size_t len, gfp_t gfp)
14518	15946	{
14519	15947	nl80211_send_mlme_event(rdev, netdev, buf, len,
14520		- NL80211_CMD_AUTHENTICATE, gfp, -1);
	15948	+ NL80211_CMD_AUTHENTICATE, gfp, -1, NULL, 0);
14521	15949	}
14522	15950
14523	15951	void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
14524	15952	struct net_device netdev, const u8 buf,
14525		- size_t len, gfp_t gfp, int uapsd_queues)
	15953	+ size_t len, gfp_t gfp, int uapsd_queues,
	15954	+ const u8 *req_ies, size_t req_ies_len)
14526	15955	{
14527	15956	nl80211_send_mlme_event(rdev, netdev, buf, len,
14528		- NL80211_CMD_ASSOCIATE, gfp, uapsd_queues);
	15957	+ NL80211_CMD_ASSOCIATE, gfp, uapsd_queues,
	15958	+ req_ies, req_ies_len);
14529	15959	}
14530	15960
14531	15961	void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
..	..	@@ -14533,7 +15963,7 @@
14533	15963	size_t len, gfp_t gfp)
14534	15964	{
14535	15965	nl80211_send_mlme_event(rdev, netdev, buf, len,
14536		- NL80211_CMD_DEAUTHENTICATE, gfp, -1);
	15966	+ NL80211_CMD_DEAUTHENTICATE, gfp, -1, NULL, 0);
14537	15967	}
14538	15968
14539	15969	void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
..	..	@@ -14541,7 +15971,7 @@
14541	15971	size_t len, gfp_t gfp)
14542	15972	{
14543	15973	nl80211_send_mlme_event(rdev, netdev, buf, len,
14544		- NL80211_CMD_DISASSOCIATE, gfp, -1);
	15974	+ NL80211_CMD_DISASSOCIATE, gfp, -1, NULL, 0);
14545	15975	}
14546	15976
14547	15977	void cfg80211_rx_unprot_mlme_mgmt(struct net_device dev, const u8 buf,
..	..	@@ -14556,13 +15986,23 @@
14556	15986	if (WARN_ON(len < 2))
14557	15987	return;
14558	15988
14559		- if (ieee80211_is_deauth(mgmt->frame_control))
	15989	+ if (ieee80211_is_deauth(mgmt->frame_control)) {
14560	15990	cmd = NL80211_CMD_UNPROT_DEAUTHENTICATE;
14561		- else
	15991	+ } else if (ieee80211_is_disassoc(mgmt->frame_control)) {
14562	15992	cmd = NL80211_CMD_UNPROT_DISASSOCIATE;
	15993	+ } else if (ieee80211_is_beacon(mgmt->frame_control)) {
	15994	+ if (wdev->unprot_beacon_reported &&
	15995	+ elapsed_jiffies_msecs(wdev->unprot_beacon_reported) < 10000)
	15996	+ return;
	15997	+ cmd = NL80211_CMD_UNPROT_BEACON;
	15998	+ wdev->unprot_beacon_reported = jiffies;
	15999	+ } else {
	16000	+ return;
	16001	+ }
14563	16002
14564	16003	trace_cfg80211_rx_unprot_mlme_mgmt(dev, buf, len);
14565		- nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1);
	16004	+ nl80211_send_mlme_event(rdev, dev, buf, len, cmd, GFP_ATOMIC, -1,
	16005	+ NULL, 0);
14566	16006	}
14567	16007	EXPORT_SYMBOL(cfg80211_rx_unprot_mlme_mgmt);
14568	16008
..	..	@@ -14741,7 +16181,9 @@
14741	16181	return;
14742	16182	}
14743	16183
14744		- if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
	16184	+ if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) \|\|
	16185	+ nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) \|\|
	16186	+ nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
14745	16187	goto nla_put_failure;
14746	16188
14747	16189	genlmsg_end(msg, hdr);
..	..	@@ -14823,7 +16265,8 @@
14823	16265	}
14824	16266
14825	16267	void cfg80211_notify_new_peer_candidate(struct net_device dev, const u8 addr,
14826		- const u8* ie, u8 ie_len, gfp_t gfp)
	16268	+ const u8 *ie, u8 ie_len,
	16269	+ int sig_dbm, gfp_t gfp)
14827	16270	{
14828	16271	struct wireless_dev *wdev = dev->ieee80211_ptr;
14829	16272	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
..	..	@@ -14849,7 +16292,9 @@
14849	16292	nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) \|\|
14850	16293	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) \|\|
14851	16294	(ie_len && ie &&
14852		- nla_put(msg, NL80211_ATTR_IE, ie_len , ie)))
	16295	+ nla_put(msg, NL80211_ATTR_IE, ie_len, ie)) \|\|
	16296	+ (sig_dbm &&
	16297	+ nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)))
14853	16298	goto nla_put_failure;
14854	16299
14855	16300	genlmsg_end(msg, hdr);
..	..	@@ -14926,7 +16371,7 @@
14926	16371	goto nla_put_failure;
14927	16372
14928	16373	/* Before */
14929		- nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
	16374	+ nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_BEFORE);
14930	16375	if (!nl_freq)
14931	16376	goto nla_put_failure;
14932	16377
..	..	@@ -14935,7 +16380,7 @@
14935	16380	nla_nest_end(msg, nl_freq);
14936	16381
14937	16382	/* After */
14938		- nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
	16383	+ nl_freq = nla_nest_start_noflag(msg, NL80211_ATTR_FREQ_AFTER);
14939	16384	if (!nl_freq)
14940	16385	goto nla_put_failure;
14941	16386
..	..	@@ -15027,6 +16472,19 @@
15027	16472	rdev, wdev, cookie, chan, 0, gfp);
15028	16473	}
15029	16474	EXPORT_SYMBOL(cfg80211_remain_on_channel_expired);
	16475	+
	16476	+void cfg80211_tx_mgmt_expired(struct wireless_dev *wdev, u64 cookie,
	16477	+ struct ieee80211_channel *chan,
	16478	+ gfp_t gfp)
	16479	+{
	16480	+ struct wiphy *wiphy = wdev->wiphy;
	16481	+ struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
	16482	+
	16483	+ trace_cfg80211_tx_mgmt_expired(wdev, cookie, chan);
	16484	+ nl80211_send_remain_on_chan_event(NL80211_CMD_FRAME_WAIT_CANCEL,
	16485	+ rdev, wdev, cookie, chan, 0, gfp);
	16486	+}
	16487	+EXPORT_SYMBOL(cfg80211_tx_mgmt_expired);
15030	16488
15031	16489	void cfg80211_new_sta(struct net_device dev, const u8 mac_addr,
15032	16490	struct station_info *sinfo, gfp_t gfp)
..	..	@@ -15219,7 +16677,8 @@
15219	16677	netdev->ifindex)) \|\|
15220	16678	nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
15221	16679	NL80211_ATTR_PAD) \|\|
15222		- nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) \|\|
	16680	+ nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, KHZ_TO_MHZ(freq)) \|\|
	16681	+ nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET, freq % 1000) \|\|
15223	16682	(sig_dbm &&
15224	16683	nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) \|\|
15225	16684	nla_put(msg, NL80211_ATTR_FRAME, len, buf) \|\|
..	..	@@ -15236,8 +16695,9 @@
15236	16695	return -ENOBUFS;
15237	16696	}
15238	16697
15239		-void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
15240		- const u8 *buf, size_t len, bool ack, gfp_t gfp)
	16698	+static void nl80211_frame_tx_status(struct wireless_dev *wdev, u64 cookie,
	16699	+ const u8 *buf, size_t len, bool ack,
	16700	+ gfp_t gfp, enum nl80211_commands command)
15241	16701	{
15242	16702	struct wiphy *wiphy = wdev->wiphy;
15243	16703	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
..	..	@@ -15245,13 +16705,16 @@
15245	16705	struct sk_buff *msg;
15246	16706	void *hdr;
15247	16707
15248		- trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
	16708	+ if (command == NL80211_CMD_FRAME_TX_STATUS)
	16709	+ trace_cfg80211_mgmt_tx_status(wdev, cookie, ack);
	16710	+ else
	16711	+ trace_cfg80211_control_port_tx_status(wdev, cookie, ack);
15249	16712
15250	16713	msg = nlmsg_new(100 + len, gfp);
15251	16714	if (!msg)
15252	16715	return;
15253	16716
15254		- hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FRAME_TX_STATUS);
	16717	+ hdr = nl80211hdr_put(msg, 0, 0, 0, command);
15255	16718	if (!hdr) {
15256	16719	nlmsg_free(msg);
15257	16720	return;
..	..	@@ -15274,8 +16737,24 @@
15274	16737	NL80211_MCGRP_MLME, gfp);
15275	16738	return;
15276	16739
15277		- nla_put_failure:
	16740	+nla_put_failure:
15278	16741	nlmsg_free(msg);
	16742	+}
	16743	+
	16744	+void cfg80211_control_port_tx_status(struct wireless_dev *wdev, u64 cookie,
	16745	+ const u8 *buf, size_t len, bool ack,
	16746	+ gfp_t gfp)
	16747	+{
	16748	+ nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
	16749	+ NL80211_CMD_CONTROL_PORT_FRAME_TX_STATUS);
	16750	+}
	16751	+EXPORT_SYMBOL(cfg80211_control_port_tx_status);
	16752	+
	16753	+void cfg80211_mgmt_tx_status(struct wireless_dev *wdev, u64 cookie,
	16754	+ const u8 *buf, size_t len, bool ack, gfp_t gfp)
	16755	+{
	16756	+ nl80211_frame_tx_status(wdev, cookie, buf, len, ack, gfp,
	16757	+ NL80211_CMD_FRAME_TX_STATUS);
15279	16758	}
15280	16759	EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
15281	16760
..	..	@@ -15369,7 +16848,7 @@
15369	16848	if (mac && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac))
15370	16849	goto nla_put_failure;
15371	16850
15372		- cb[1] = nla_nest_start(msg, NL80211_ATTR_CQM);
	16851	+ cb[1] = nla_nest_start_noflag(msg, NL80211_ATTR_CQM);
15373	16852	if (!cb[1])
15374	16853	goto nla_put_failure;
15375	16854
..	..	@@ -15530,7 +17009,7 @@
15530	17009	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid))
15531	17010	goto nla_put_failure;
15532	17011
15533		- rekey_attr = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA);
	17012	+ rekey_attr = nla_nest_start_noflag(msg, NL80211_ATTR_REKEY_DATA);
15534	17013	if (!rekey_attr)
15535	17014	goto nla_put_failure;
15536	17015
..	..	@@ -15585,7 +17064,7 @@
15585	17064	nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex))
15586	17065	goto nla_put_failure;
15587	17066
15588		- attr = nla_nest_start(msg, NL80211_ATTR_PMKSA_CANDIDATE);
	17067	+ attr = nla_nest_start_noflag(msg, NL80211_ATTR_PMKSA_CANDIDATE);
15589	17068	if (!attr)
15590	17069	goto nla_put_failure;
15591	17070
..	..	@@ -15673,9 +17152,12 @@
15673	17152	wdev->chandef = *chandef;
15674	17153	wdev->preset_chandef = *chandef;
15675	17154
15676		- if (wdev->iftype == NL80211_IFTYPE_STATION &&
	17155	+ if ((wdev->iftype == NL80211_IFTYPE_STATION \|\|
	17156	+ wdev->iftype == NL80211_IFTYPE_P2P_CLIENT) &&
15677	17157	!WARN_ON(!wdev->current_bss))
15678		- wdev->current_bss->pub.channel = chandef->chan;
	17158	+ cfg80211_update_assoc_bss_entry(wdev, chandef->chan);
	17159	+
	17160	+ cfg80211_sched_dfs_chan_update(rdev);
15679	17161
15680	17162	nl80211_ch_switch_notify(rdev, dev, chandef, GFP_KERNEL,
15681	17163	NL80211_CMD_CH_SWITCH_NOTIFY, 0);
..	..	@@ -15843,9 +17325,8 @@
15843	17325	}
15844	17326	EXPORT_SYMBOL(cfg80211_probe_status);
15845	17327
15846		-void cfg80211_report_obss_beacon(struct wiphy *wiphy,
15847		- const u8 *frame, size_t len,
15848		- int freq, int sig_dbm)
	17328	+void cfg80211_report_obss_beacon_khz(struct wiphy wiphy, const u8 frame,
	17329	+ size_t len, int freq, int sig_dbm)
15849	17330	{
15850	17331	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wiphy);
15851	17332	struct sk_buff *msg;
..	..	@@ -15868,7 +17349,10 @@
15868	17349
15869	17350	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) \|\|
15870	17351	(freq &&
15871		- nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) \|\|
	17352	+ (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
	17353	+ KHZ_TO_MHZ(freq)) \|\|
	17354	+ nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_OFFSET,
	17355	+ freq % 1000))) \|\|
15872	17356	(sig_dbm &&
15873	17357	nla_put_u32(msg, NL80211_ATTR_RX_SIGNAL_DBM, sig_dbm)) \|\|
15874	17358	nla_put(msg, NL80211_ATTR_FRAME, len, frame))
..	..	@@ -15885,7 +17369,7 @@
15885	17369	spin_unlock_bh(&rdev->beacon_registrations_lock);
15886	17370	nlmsg_free(msg);
15887	17371	}
15888		-EXPORT_SYMBOL(cfg80211_report_obss_beacon);
	17372	+EXPORT_SYMBOL(cfg80211_report_obss_beacon_khz);
15889	17373
15890	17374	#ifdef CONFIG_PM
15891	17375	static int cfg80211_net_detect_results(struct sk_buff *msg,
..	..	@@ -15895,15 +17379,15 @@
15895	17379	struct nlattr nl_results, nl_match, *nl_freqs;
15896	17380	int i, j;
15897	17381
15898		- nl_results = nla_nest_start(
15899		- msg, NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
	17382	+ nl_results = nla_nest_start_noflag(msg,
	17383	+ NL80211_WOWLAN_TRIG_NET_DETECT_RESULTS);
15900	17384	if (!nl_results)
15901	17385	return -EMSGSIZE;
15902	17386
15903	17387	for (i = 0; i < nd->n_matches; i++) {
15904	17388	struct cfg80211_wowlan_nd_match *match = nd->matches[i];
15905	17389
15906		- nl_match = nla_nest_start(msg, i);
	17390	+ nl_match = nla_nest_start_noflag(msg, i);
15907	17391	if (!nl_match)
15908	17392	break;
15909	17393
..	..	@@ -15921,8 +17405,8 @@
15921	17405	}
15922	17406
15923	17407	if (match->n_channels) {
15924		- nl_freqs = nla_nest_start(
15925		- msg, NL80211_ATTR_SCAN_FREQUENCIES);
	17408	+ nl_freqs = nla_nest_start_noflag(msg,
	17409	+ NL80211_ATTR_SCAN_FREQUENCIES);
15926	17410	if (!nl_freqs) {
15927	17411	nla_nest_cancel(msg, nl_match);
15928	17412	goto out;
..	..	@@ -15981,7 +17465,8 @@
15981	17465	if (wakeup) {
15982	17466	struct nlattr *reasons;
15983	17467
15984		- reasons = nla_nest_start(msg, NL80211_ATTR_WOWLAN_TRIGGERS);
	17468	+ reasons = nla_nest_start_noflag(msg,
	17469	+ NL80211_ATTR_WOWLAN_TRIGGERS);
15985	17470	if (!reasons)
15986	17471	goto free_msg;
15987	17472
..	..	@@ -16137,6 +17622,8 @@
16137	17622	} else if (wdev->conn_owner_nlportid == notify->portid) {
16138	17623	schedule_work(&wdev->disconnect_wk);
16139	17624	}
	17625	+
	17626	+ cfg80211_release_pmsr(wdev, notify->portid);
16140	17627	}
16141	17628
16142	17629	spin_lock_bh(&rdev->beacon_registrations_lock);
..	..	@@ -16246,16 +17733,6 @@
16246	17733	nlmsg_free(msg);
16247	17734	}
16248	17735	EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
16249		-
16250		-void cfg80211_ap_stopped(struct net_device *netdev, gfp_t gfp)
16251		-{
16252		- struct wireless_dev *wdev = netdev->ieee80211_ptr;
16253		- struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
16254		-
16255		- nl80211_send_mlme_event(rdev, netdev, NULL, 0,
16256		- NL80211_CMD_STOP_AP, gfp, -1);
16257		-}
16258		-EXPORT_SYMBOL(cfg80211_ap_stopped);
16259	17736
16260	17737	void nl80211_send_ap_stopped(struct wireless_dev *wdev)
16261	17738	{