1 files changed, 97 insertions, 52 deletions
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index d1a3fb99fdf2..8515b1e5c578 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -149,7 +149,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
        struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)buf;
        const u8 *bssid = mgmt->bssid;
        int i;
-        bool found = false;
+        bool found = false, was_current = false;
        ASSERT_WDEV_LOCK(wdev);
@@ -159,6 +159,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
                cfg80211_put_bss(&wdev->current_bss->pub);
                wdev->current_bss = NULL;
                found = true;
+                was_current = true;
        } else for (i = 0; i < MAX_AUTH_BSSES; i++) {
                if (wdev->auth_bsses[i] &&
                    memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {
@@ -183,7 +184,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
        nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);
-        if (wdev->sme_state == CFG80211_SME_CONNECTED) {
+        if (wdev->sme_state == CFG80211_SME_CONNECTED && was_current) {
                u16 reason_code;
                bool from_ap;
@@ -747,31 +748,51 @@ void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
 }
 EXPORT_SYMBOL(cfg80211_new_sta);
-struct cfg80211_action_registration {
+struct cfg80211_mgmt_registration {
        struct list_head list;
        u32 nlpid;
        int match_len;
+        __le16 frame_type;
        u8 match[];
 };
-int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,
+int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid,
-                                  const u8 *match_data, int match_len)
+                                u16 frame_type, const u8 *match_data,
+                                int match_len)
 {
-        struct cfg80211_action_registration *reg, *nreg;
+        struct cfg80211_mgmt_registration *reg, *nreg;
        int err = 0;
+        u16 mgmt_type;
+        if (!wdev->wiphy->mgmt_stypes)
+                return -EOPNOTSUPP;
+        if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT)
+                return -EINVAL;
+        if (frame_type & ~(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE))
+                return -EINVAL;
+        mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
+        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type)))
+                return -EINVAL;
        nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
        if (!nreg)
                return -ENOMEM;
-        spin_lock_bh(&wdev->action_registrations_lock);
+        spin_lock_bh(&wdev->mgmt_registrations_lock);
-        list_for_each_entry(reg, &wdev->action_registrations, list) {
+        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
                int mlen = min(match_len, reg->match_len);
+                if (frame_type != le16_to_cpu(reg->frame_type))
+                        continue;
                if (memcmp(reg->match, match_data, mlen) == 0) {
                        err = -EALREADY;
                        break;
@@ -786,62 +807,75 @@ int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,
        memcpy(nreg->match, match_data, match_len);
        nreg->match_len = match_len;
        nreg->nlpid = snd_pid;
-        list_add(&nreg->list, &wdev->action_registrations);
+        nreg->frame_type = cpu_to_le16(frame_type);
+        list_add(&nreg->list, &wdev->mgmt_registrations);
 out:
-        spin_unlock_bh(&wdev->action_registrations_lock);
+        spin_unlock_bh(&wdev->mgmt_registrations_lock);
        return err;
 }
-void cfg80211_mlme_unregister_actions(struct wireless_dev *wdev, u32 nlpid)
+void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid)
 {
-        struct cfg80211_action_registration *reg, *tmp;
+        struct cfg80211_mgmt_registration *reg, *tmp;
-        spin_lock_bh(&wdev->action_registrations_lock);
+        spin_lock_bh(&wdev->mgmt_registrations_lock);
-        list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {
+        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
                if (reg->nlpid == nlpid) {
                        list_del(&reg->list);
                        kfree(reg);
                }
        }
-        spin_unlock_bh(&wdev->action_registrations_lock);
+        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 }
-void cfg80211_mlme_purge_actions(struct wireless_dev *wdev)
+void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
 {
-        struct cfg80211_action_registration *reg, *tmp;
+        struct cfg80211_mgmt_registration *reg, *tmp;
-        spin_lock_bh(&wdev->action_registrations_lock);
+        spin_lock_bh(&wdev->mgmt_registrations_lock);
-        list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {
+        list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
                list_del(&reg->list);
                kfree(reg);
        }
-        spin_unlock_bh(&wdev->action_registrations_lock);
+        spin_unlock_bh(&wdev->mgmt_registrations_lock);
 }
-int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
+int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
-                         struct net_device *dev,
+                          struct net_device *dev,
-                         struct ieee80211_channel *chan,
+                          struct ieee80211_channel *chan,
-                         enum nl80211_channel_type channel_type,
+                          enum nl80211_channel_type channel_type,
-                         bool channel_type_valid,
+                          bool channel_type_valid,
-                         const u8 *buf, size_t len, u64 *cookie)
+                          const u8 *buf, size_t len, u64 *cookie)
 {
        struct wireless_dev *wdev = dev->ieee80211_ptr;
        const struct ieee80211_mgmt *mgmt;
+        u16 stype;
+        if (!wdev->wiphy->mgmt_stypes)
+                return -EOPNOTSUPP;
-        if (rdev->ops->action == NULL)
+        if (!rdev->ops->mgmt_tx)
                return -EOPNOTSUPP;
        if (len < 24 + 1)
                return -EINVAL;
        mgmt = (const struct ieee80211_mgmt *) buf;
-        if (!ieee80211_is_action(mgmt->frame_control))
+        if (!ieee80211_is_mgmt(mgmt->frame_control))
                return -EINVAL;
-        if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
+        stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
+        if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
+                return -EINVAL;
+        if (ieee80211_is_action(mgmt->frame_control) &&
+            mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
                /* Verify that we are associated with the destination AP */
                wdev_lock(wdev);
@@ -862,64 +896,75 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
                return -EINVAL;
        /* Transmit the Action frame as requested by user space */
-        return rdev->ops->action(&rdev->wiphy, dev, chan, channel_type,
+        return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, channel_type,
-                                 channel_type_valid, buf, len, cookie);
+                                  channel_type_valid, buf, len, cookie);
 }
-bool cfg80211_rx_action(struct net_device *dev, int freq, const u8 *buf,
+bool cfg80211_rx_mgmt(struct net_device *dev, int freq, const u8 *buf,
-                        size_t len, gfp_t gfp)
+                      size_t len, gfp_t gfp)
 {
        struct wireless_dev *wdev = dev->ieee80211_ptr;
        struct wiphy *wiphy = wdev->wiphy;
        struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
-        struct cfg80211_action_registration *reg;
+        struct cfg80211_mgmt_registration *reg;
-        const u8 *action_data;
+        const struct ieee80211_txrx_stypes *stypes =
-        int action_data_len;
+                &wiphy->mgmt_stypes[wdev->iftype];
+        struct ieee80211_mgmt *mgmt = (void *)buf;
+        const u8 *data;
+        int data_len;
        bool result = false;
+        __le16 ftype = mgmt->frame_control &
+                cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE);
+        u16 stype;
-        /* frame length - min size excluding category */
+        stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
-        action_data_len = len - (IEEE80211_MIN_ACTION_SIZE - 1);
-        /* action data starts with category */
+        if (!(stypes->rx & BIT(stype)))
-        action_data = buf + IEEE80211_MIN_ACTION_SIZE - 1;
+                return false;
-        spin_lock_bh(&wdev->action_registrations_lock);
+        data = buf + ieee80211_hdrlen(mgmt->frame_control);
+        data_len = len - ieee80211_hdrlen(mgmt->frame_control);
+        spin_lock_bh(&wdev->mgmt_registrations_lock);
+        list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
+                if (reg->frame_type != ftype)
+                        continue;
-        list_for_each_entry(reg, &wdev->action_registrations, list) {
+                if (reg->match_len > data_len)
-                if (reg->match_len > action_data_len)
                        continue;
-                if (memcmp(reg->match, action_data, reg->match_len))
+                if (memcmp(reg->match, data, reg->match_len))
                        continue;
                /* found match! */
                /* Indicate the received Action frame to user space */
-                if (nl80211_send_action(rdev, dev, reg->nlpid, freq,
+                if (nl80211_send_mgmt(rdev, dev, reg->nlpid, freq,
-                                        buf, len, gfp))
+                                      buf, len, gfp))
                        continue;
                result = true;
                break;
        }
-        spin_unlock_bh(&wdev->action_registrations_lock);
+        spin_unlock_bh(&wdev->mgmt_registrations_lock);
        return result;
 }
-EXPORT_SYMBOL(cfg80211_rx_action);
+EXPORT_SYMBOL(cfg80211_rx_mgmt);
-void cfg80211_action_tx_status(struct net_device *dev, u64 cookie,
+void cfg80211_mgmt_tx_status(struct net_device *dev, u64 cookie,
-                               const u8 *buf, size_t len, bool ack, gfp_t gfp)
+                             const u8 *buf, size_t len, bool ack, gfp_t gfp)
 {
        struct wireless_dev *wdev = dev->ieee80211_ptr;
        struct wiphy *wiphy = wdev->wiphy;
        struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
        /* Indicate TX status of the Action frame to user space */
-        nl80211_send_action_tx_status(rdev, dev, cookie, buf, len, ack, gfp);
+        nl80211_send_mgmt_tx_status(rdev, dev, cookie, buf, len, ack, gfp);
 }
-EXPORT_SYMBOL(cfg80211_action_tx_status);
+EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
 void cfg80211_cqm_rssi_notify(struct net_device *dev,
                              enum nl80211_cqm_rssi_threshold_event rssi_event,

diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c index d1a3fb99fdf2..8515b1e5c578 100644 --- a/net/wireless/mlme.c +++ b/net/wireless/mlme.c
@@ -149,7 +149,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
149	struct ieee80211_mgmt mgmt = (struct ieee80211_mgmt )buf;	149	struct ieee80211_mgmt mgmt = (struct ieee80211_mgmt )buf;
150	const u8 *bssid = mgmt->bssid;	150	const u8 *bssid = mgmt->bssid;
151	int i;	151	int i;
152	bool found = false;	152	bool found = false, was_current = false;
153		153
154	ASSERT_WDEV_LOCK(wdev);	154	ASSERT_WDEV_LOCK(wdev);
155		155
@@ -159,6 +159,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
159	cfg80211_put_bss(&wdev->current_bss->pub);	159	cfg80211_put_bss(&wdev->current_bss->pub);
160	wdev->current_bss = NULL;	160	wdev->current_bss = NULL;
161	found = true;	161	found = true;
		162	was_current = true;
162	} else for (i = 0; i < MAX_AUTH_BSSES; i++) {	163	} else for (i = 0; i < MAX_AUTH_BSSES; i++) {
163	if (wdev->auth_bsses[i] &&	164	if (wdev->auth_bsses[i] &&
164	memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {	165	memcmp(wdev->auth_bsses[i]->pub.bssid, bssid, ETH_ALEN) == 0) {
@@ -183,7 +184,7 @@ void __cfg80211_send_deauth(struct net_device *dev,
183		184
184	nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);	185	nl80211_send_deauth(rdev, dev, buf, len, GFP_KERNEL);
185		186
186	if (wdev->sme_state == CFG80211_SME_CONNECTED) {	187	if (wdev->sme_state == CFG80211_SME_CONNECTED && was_current) {
187	u16 reason_code;	188	u16 reason_code;
188	bool from_ap;	189	bool from_ap;
189		190
@@ -747,31 +748,51 @@ void cfg80211_new_sta(struct net_device dev, const u8 mac_addr,
747	}	748	}
748	EXPORT_SYMBOL(cfg80211_new_sta);	749	EXPORT_SYMBOL(cfg80211_new_sta);
749		750
750	struct cfg80211_action_registration {	751	struct cfg80211_mgmt_registration {
751	struct list_head list;	752	struct list_head list;
752		753
753	u32 nlpid;	754	u32 nlpid;
754		755
755	int match_len;	756	int match_len;
756		757
		758	__le16 frame_type;
		759
757	u8 match[];	760	u8 match[];
758	};	761	};
759		762
760	int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,	763	int cfg80211_mlme_register_mgmt(struct wireless_dev *wdev, u32 snd_pid,
761	const u8 *match_data, int match_len)	764	u16 frame_type, const u8 *match_data,
		765	int match_len)
762	{	766	{
763	struct cfg80211_action_registration reg, nreg;	767	struct cfg80211_mgmt_registration reg, nreg;
764	int err = 0;	768	int err = 0;
		769	u16 mgmt_type;
		770
		771	if (!wdev->wiphy->mgmt_stypes)
		772	return -EOPNOTSUPP;
		773
		774	if ((frame_type & IEEE80211_FCTL_FTYPE) != IEEE80211_FTYPE_MGMT)
		775	return -EINVAL;
		776
		777	if (frame_type & ~(IEEE80211_FCTL_FTYPE \| IEEE80211_FCTL_STYPE))
		778	return -EINVAL;
		779
		780	mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
		781	if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].rx & BIT(mgmt_type)))
		782	return -EINVAL;
765		783
766	nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);	784	nreg = kzalloc(sizeof(*reg) + match_len, GFP_KERNEL);
767	if (!nreg)	785	if (!nreg)
768	return -ENOMEM;	786	return -ENOMEM;
769		787
770	spin_lock_bh(&wdev->action_registrations_lock);	788	spin_lock_bh(&wdev->mgmt_registrations_lock);
771		789
772	list_for_each_entry(reg, &wdev->action_registrations, list) {	790	list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
773	int mlen = min(match_len, reg->match_len);	791	int mlen = min(match_len, reg->match_len);
774		792
		793	if (frame_type != le16_to_cpu(reg->frame_type))
		794	continue;
		795
775	if (memcmp(reg->match, match_data, mlen) == 0) {	796	if (memcmp(reg->match, match_data, mlen) == 0) {
776	err = -EALREADY;	797	err = -EALREADY;
777	break;	798	break;
@@ -786,62 +807,75 @@ int cfg80211_mlme_register_action(struct wireless_dev *wdev, u32 snd_pid,
786	memcpy(nreg->match, match_data, match_len);	807	memcpy(nreg->match, match_data, match_len);
787	nreg->match_len = match_len;	808	nreg->match_len = match_len;
788	nreg->nlpid = snd_pid;	809	nreg->nlpid = snd_pid;
789	list_add(&nreg->list, &wdev->action_registrations);	810	nreg->frame_type = cpu_to_le16(frame_type);
		811	list_add(&nreg->list, &wdev->mgmt_registrations);
790		812
791	out:	813	out:
792	spin_unlock_bh(&wdev->action_registrations_lock);	814	spin_unlock_bh(&wdev->mgmt_registrations_lock);
793	return err;	815	return err;
794	}	816	}
795		817
796	void cfg80211_mlme_unregister_actions(struct wireless_dev *wdev, u32 nlpid)	818	void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlpid)
797	{	819	{
798	struct cfg80211_action_registration reg, tmp;	820	struct cfg80211_mgmt_registration reg, tmp;
799		821
800	spin_lock_bh(&wdev->action_registrations_lock);	822	spin_lock_bh(&wdev->mgmt_registrations_lock);
801		823
802	list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {	824	list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
803	if (reg->nlpid == nlpid) {	825	if (reg->nlpid == nlpid) {
804	list_del(&reg->list);	826	list_del(&reg->list);
805	kfree(reg);	827	kfree(reg);
806	}	828	}
807	}	829	}
808		830
809	spin_unlock_bh(&wdev->action_registrations_lock);	831	spin_unlock_bh(&wdev->mgmt_registrations_lock);
810	}	832	}
811		833
812	void cfg80211_mlme_purge_actions(struct wireless_dev *wdev)	834	void cfg80211_mlme_purge_registrations(struct wireless_dev *wdev)
813	{	835	{
814	struct cfg80211_action_registration reg, tmp;	836	struct cfg80211_mgmt_registration reg, tmp;
815		837
816	spin_lock_bh(&wdev->action_registrations_lock);	838	spin_lock_bh(&wdev->mgmt_registrations_lock);
817		839
818	list_for_each_entry_safe(reg, tmp, &wdev->action_registrations, list) {	840	list_for_each_entry_safe(reg, tmp, &wdev->mgmt_registrations, list) {
819	list_del(&reg->list);	841	list_del(&reg->list);
820	kfree(reg);	842	kfree(reg);
821	}	843	}
822		844
823	spin_unlock_bh(&wdev->action_registrations_lock);	845	spin_unlock_bh(&wdev->mgmt_registrations_lock);
824	}	846	}
825		847
826	int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,	848	int cfg80211_mlme_mgmt_tx(struct cfg80211_registered_device *rdev,
827	struct net_device *dev,	849	struct net_device *dev,
828	struct ieee80211_channel *chan,	850	struct ieee80211_channel *chan,
829	enum nl80211_channel_type channel_type,	851	enum nl80211_channel_type channel_type,
830	bool channel_type_valid,	852	bool channel_type_valid,
831	const u8 buf, size_t len, u64 cookie)	853	const u8 buf, size_t len, u64 cookie)
832	{	854	{
833	struct wireless_dev *wdev = dev->ieee80211_ptr;	855	struct wireless_dev *wdev = dev->ieee80211_ptr;
834	const struct ieee80211_mgmt *mgmt;	856	const struct ieee80211_mgmt *mgmt;
		857	u16 stype;
		858
		859	if (!wdev->wiphy->mgmt_stypes)
		860	return -EOPNOTSUPP;
835		861
836	if (rdev->ops->action == NULL)	862	if (!rdev->ops->mgmt_tx)
837	return -EOPNOTSUPP;	863	return -EOPNOTSUPP;
		864
838	if (len < 24 + 1)	865	if (len < 24 + 1)
839	return -EINVAL;	866	return -EINVAL;
840		867
841	mgmt = (const struct ieee80211_mgmt *) buf;	868	mgmt = (const struct ieee80211_mgmt *) buf;
842	if (!ieee80211_is_action(mgmt->frame_control))	869
		870	if (!ieee80211_is_mgmt(mgmt->frame_control))
843	return -EINVAL;	871	return -EINVAL;
844	if (mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {	872
		873	stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
		874	if (!(wdev->wiphy->mgmt_stypes[wdev->iftype].tx & BIT(stype >> 4)))
		875	return -EINVAL;
		876
		877	if (ieee80211_is_action(mgmt->frame_control) &&
		878	mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) {
845	/* Verify that we are associated with the destination AP */	879	/* Verify that we are associated with the destination AP */
846	wdev_lock(wdev);	880	wdev_lock(wdev);
847		881
@@ -862,64 +896,75 @@ int cfg80211_mlme_action(struct cfg80211_registered_device *rdev,
862	return -EINVAL;	896	return -EINVAL;
863		897
864	/* Transmit the Action frame as requested by user space */	898	/* Transmit the Action frame as requested by user space */
865	return rdev->ops->action(&rdev->wiphy, dev, chan, channel_type,	899	return rdev->ops->mgmt_tx(&rdev->wiphy, dev, chan, channel_type,
866	channel_type_valid, buf, len, cookie);	900	channel_type_valid, buf, len, cookie);
867	}	901	}
868		902
869	bool cfg80211_rx_action(struct net_device dev, int freq, const u8 buf,	903	bool cfg80211_rx_mgmt(struct net_device dev, int freq, const u8 buf,
870	size_t len, gfp_t gfp)	904	size_t len, gfp_t gfp)
871	{	905	{
872	struct wireless_dev *wdev = dev->ieee80211_ptr;	906	struct wireless_dev *wdev = dev->ieee80211_ptr;
873	struct wiphy *wiphy = wdev->wiphy;	907	struct wiphy *wiphy = wdev->wiphy;
874	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);	908	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
875	struct cfg80211_action_registration *reg;	909	struct cfg80211_mgmt_registration *reg;
876	const u8 *action_data;	910	const struct ieee80211_txrx_stypes *stypes =
877	int action_data_len;	911	&wiphy->mgmt_stypes[wdev->iftype];
		912	struct ieee80211_mgmt mgmt = (void )buf;
		913	const u8 *data;
		914	int data_len;
878	bool result = false;	915	bool result = false;
		916	__le16 ftype = mgmt->frame_control &
		917	cpu_to_le16(IEEE80211_FCTL_FTYPE \| IEEE80211_FCTL_STYPE);
		918	u16 stype;
879		919
880	/* frame length - min size excluding category */	920	stype = (le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE) >> 4;
881	action_data_len = len - (IEEE80211_MIN_ACTION_SIZE - 1);
882		921
883	/* action data starts with category */	922	if (!(stypes->rx & BIT(stype)))
884	action_data = buf + IEEE80211_MIN_ACTION_SIZE - 1;	923	return false;
885		924
886	spin_lock_bh(&wdev->action_registrations_lock);	925	data = buf + ieee80211_hdrlen(mgmt->frame_control);
		926	data_len = len - ieee80211_hdrlen(mgmt->frame_control);
		927
		928	spin_lock_bh(&wdev->mgmt_registrations_lock);
		929
		930	list_for_each_entry(reg, &wdev->mgmt_registrations, list) {
		931	if (reg->frame_type != ftype)
		932	continue;
887		933
888	list_for_each_entry(reg, &wdev->action_registrations, list) {	934	if (reg->match_len > data_len)
889	if (reg->match_len > action_data_len)
890	continue;	935	continue;
891		936
892	if (memcmp(reg->match, action_data, reg->match_len))	937	if (memcmp(reg->match, data, reg->match_len))
893	continue;	938	continue;
894		939
895	/* found match! */	940	/* found match! */
896		941
897	/* Indicate the received Action frame to user space */	942	/* Indicate the received Action frame to user space */
898	if (nl80211_send_action(rdev, dev, reg->nlpid, freq,	943	if (nl80211_send_mgmt(rdev, dev, reg->nlpid, freq,
899	buf, len, gfp))	944	buf, len, gfp))
900	continue;	945	continue;
901		946
902	result = true;	947	result = true;
903	break;	948	break;
904	}	949	}
905		950
906	spin_unlock_bh(&wdev->action_registrations_lock);	951	spin_unlock_bh(&wdev->mgmt_registrations_lock);
907		952
908	return result;	953	return result;
909	}	954	}
910	EXPORT_SYMBOL(cfg80211_rx_action);	955	EXPORT_SYMBOL(cfg80211_rx_mgmt);
911		956
912	void cfg80211_action_tx_status(struct net_device *dev, u64 cookie,	957	void cfg80211_mgmt_tx_status(struct net_device *dev, u64 cookie,
913	const u8 *buf, size_t len, bool ack, gfp_t gfp)	958	const u8 *buf, size_t len, bool ack, gfp_t gfp)
914	{	959	{
915	struct wireless_dev *wdev = dev->ieee80211_ptr;	960	struct wireless_dev *wdev = dev->ieee80211_ptr;
916	struct wiphy *wiphy = wdev->wiphy;	961	struct wiphy *wiphy = wdev->wiphy;
917	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);	962	struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
918		963
919	/* Indicate TX status of the Action frame to user space */	964	/* Indicate TX status of the Action frame to user space */
920	nl80211_send_action_tx_status(rdev, dev, cookie, buf, len, ack, gfp);	965	nl80211_send_mgmt_tx_status(rdev, dev, cookie, buf, len, ack, gfp);
921	}	966	}
922	EXPORT_SYMBOL(cfg80211_action_tx_status);	967	EXPORT_SYMBOL(cfg80211_mgmt_tx_status);
923		968
924	void cfg80211_cqm_rssi_notify(struct net_device *dev,	969	void cfg80211_cqm_rssi_notify(struct net_device *dev,
925	enum nl80211_cqm_rssi_threshold_event rssi_event,	970	enum nl80211_cqm_rssi_threshold_event rssi_event,