nl80211: require and validate vendor command policy

			  .subcmd = QCA_NL80211_SUBCMD_TEST },

		.flags = WIPHY_VENDOR_CMD_NEED_NETDEV,

		.doit = mac80211_hwsim_vendor_cmd_test,

		.policy = hwsim_vendor_test_policy,

		.maxattr = QCA_WLAN_VENDOR_ATTR_MAX,

	}

};

	u8 rx_nss;

};

#define VENDOR_CMD_RAW_DATA ((const struct nla_policy *)ERR_PTR(-ENODATA))

/**

 * struct wiphy_vendor_command - vendor command definition

 * @info: vendor command identifying information, as used in nl80211

 * @dumpit: dump callback, for transferring bigger/multiple items. The

 *	@storage points to cb->args[5], ie. is preserved over the multiple

 *	dumpit calls.

 * @policy: policy pointer for attributes within %NL80211_ATTR_VENDOR_DATA.

 *	Set this to %VENDOR_CMD_RAW_DATA if no policy can be given and the

 *	attribute is just raw data (e.g. a firmware command).

 * @maxattr: highest attribute number in policy

 * It's recommended to not have the same sub command with both @doit and

 * @dumpit, so that userspace can assume certain ones are get and others

 * are used with dump requests.

	int (*dumpit)(struct wiphy *wiphy, struct wireless_dev *wdev,

		      struct sk_buff *skb, const void *data, int data_len,

		      unsigned long *storage);

	const struct nla_policy *policy;

	unsigned int maxattr;

};

/**

			      validate, extack);

}

static inline int

nl80211_validate_nested(const struct nlattr *start, int maxtype,

			const struct nla_policy *policy,

			struct netlink_ext_ack *extack)

{

	return __nla_validate_nested(start, maxtype, policy,

				     NL_VALIDATE_STRICT, extack);

}

static inline int

nla_validate_nested_deprecated(const struct nlattr *start, int maxtype,

			       const struct nla_policy *policy,

		return -EINVAL;

	}

	for (i = 0; i < rdev->wiphy.n_vendor_commands; i++) {

		/*

		 * Validate we have a policy (can be explicitly set to

		 * VENDOR_CMD_RAW_DATA which is non-NULL) and also that

		 * we have at least one of doit/dumpit.

		 */

		if (WARN_ON(!rdev->wiphy.vendor_commands[i].policy))

			return -EINVAL;

		if (WARN_ON(!rdev->wiphy.vendor_commands[i].doit &&

			    !rdev->wiphy.vendor_commands[i].dumpit))

			return -EINVAL;

	}

#ifdef CONFIG_PM

	if (WARN_ON(rdev->wiphy.wowlan && rdev->wiphy.wowlan->n_patterns &&

		    (!rdev->wiphy.wowlan->pattern_min_len ||

	return 0;

}

static int nl80211_vendor_check_policy(const struct wiphy_vendor_command *vcmd,

				       struct nlattr *attr,

				       struct netlink_ext_ack *extack)

{

	if (vcmd->policy == VENDOR_CMD_RAW_DATA) {

		if (attr->nla_type & NLA_F_NESTED) {

			NL_SET_ERR_MSG_ATTR(extack, attr,

					    "unexpected nested data");

			return -EINVAL;

		}

		return 0;

	}

	if (!(attr->nla_type & NLA_F_NESTED)) {

		NL_SET_ERR_MSG_ATTR(extack, attr, "expected nested data");

		return -EINVAL;

	}

	return nl80211_validate_nested(attr, vcmd->maxattr, vcmd->policy,

				       extack);

}

static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)

{

	struct cfg80211_registered_device *rdev = info->user_ptr[0];

		if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {

			data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);

			len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);

			err = nl80211_vendor_check_policy(vcmd,

					info->attrs[NL80211_ATTR_VENDOR_DATA],

					info->extack);

			if (err)

				return err;

		}

		rdev->cur_cmd_info = info;

		err = rdev->wiphy.vendor_commands[i].doit(&rdev->wiphy, wdev,

							  data, len);

		err = vcmd->doit(&rdev->wiphy, wdev, data, len);

		rdev->cur_cmd_info = NULL;

		return err;

	}

	if (attrbuf[NL80211_ATTR_VENDOR_DATA]) {

		data = nla_data(attrbuf[NL80211_ATTR_VENDOR_DATA]);

		data_len = nla_len(attrbuf[NL80211_ATTR_VENDOR_DATA]);

		err = nl80211_vendor_check_policy(

				&(*rdev)->wiphy.vendor_commands[vcmd_idx],

				attrbuf[NL80211_ATTR_VENDOR_DATA],

				cb->extack);

		if (err)

			return err;

	}

	/* 0 is the first index - add 1 to parse only once */