1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2010 Broadcom Corporation
4  */
5 
6 /* Toplevel file. Relies on dhd_linux.c to send commands to the dongle. */
7 
8 #include <linux/kernel.h>
9 #include <linux/etherdevice.h>
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <net/cfg80211.h>
13 #include <net/netlink.h>
14 #include <uapi/linux/if_arp.h>
15 
16 #include <brcmu_utils.h>
17 #include <defs.h>
18 #include <brcmu_wifi.h>
19 #include <brcm_hw_ids.h>
20 #include "core.h"
21 #include "debug.h"
22 #include "tracepoint.h"
23 #include "fwil_types.h"
24 #include "p2p.h"
25 #include "btcoex.h"
26 #include "pno.h"
27 #include "fwsignal.h"
28 #include "cfg80211.h"
29 #include "feature.h"
30 #include "fwil.h"
31 #include "proto.h"
32 #include "vendor.h"
33 #include "bus.h"
34 #include "common.h"
35 
36 #define BRCMF_SCAN_IE_LEN_MAX		2048
37 
38 #define WPA_OUI				"\x00\x50\xF2"	/* WPA OUI */
39 #define WPA_OUI_TYPE			1
40 #define RSN_OUI				"\x00\x0F\xAC"	/* RSN OUI */
41 #define	WME_OUI_TYPE			2
42 #define WPS_OUI_TYPE			4
43 
44 #define VS_IE_FIXED_HDR_LEN		6
45 #define WPA_IE_VERSION_LEN		2
46 #define WPA_IE_MIN_OUI_LEN		4
47 #define WPA_IE_SUITE_COUNT_LEN		2
48 
49 #define WPA_CIPHER_NONE			0	/* None */
50 #define WPA_CIPHER_WEP_40		1	/* WEP (40-bit) */
51 #define WPA_CIPHER_TKIP			2	/* TKIP: default for WPA */
52 #define WPA_CIPHER_AES_CCM		4	/* AES (CCM) */
53 #define WPA_CIPHER_WEP_104		5	/* WEP (104-bit) */
54 
55 #define RSN_AKM_NONE			0	/* None (IBSS) */
56 #define RSN_AKM_UNSPECIFIED		1	/* Over 802.1x */
57 #define RSN_AKM_PSK			2	/* Pre-shared Key */
58 #define RSN_AKM_SHA256_1X		5	/* SHA256, 802.1X */
59 #define RSN_AKM_SHA256_PSK		6	/* SHA256, Pre-shared Key */
60 #define RSN_AKM_SAE			8	/* SAE */
61 #define RSN_CAP_LEN			2	/* Length of RSN capabilities */
62 #define RSN_CAP_PTK_REPLAY_CNTR_MASK	(BIT(2) | BIT(3))
63 #define RSN_CAP_MFPR_MASK		BIT(6)
64 #define RSN_CAP_MFPC_MASK		BIT(7)
65 #define RSN_PMKID_COUNT_LEN		2
66 
67 #define VNDR_IE_CMD_LEN			4	/* length of the set command
68 						 * string :"add", "del" (+ NUL)
69 						 */
70 #define VNDR_IE_COUNT_OFFSET		4
71 #define VNDR_IE_PKTFLAG_OFFSET		8
72 #define VNDR_IE_VSIE_OFFSET		12
73 #define VNDR_IE_HDR_SIZE		12
74 #define VNDR_IE_PARSE_LIMIT		5
75 
76 #define	DOT11_MGMT_HDR_LEN		24	/* d11 management header len */
77 #define	DOT11_BCN_PRB_FIXED_LEN		12	/* beacon/probe fixed length */
78 
79 #define BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS	320
80 #define BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS	400
81 #define BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS	20
82 
83 #define BRCMF_SCAN_CHANNEL_TIME		40
84 #define BRCMF_SCAN_UNASSOC_TIME		40
85 #define BRCMF_SCAN_PASSIVE_TIME		120
86 
87 #define BRCMF_ND_INFO_TIMEOUT		msecs_to_jiffies(2000)
88 
89 #define BRCMF_PS_MAX_TIMEOUT_MS		2000
90 
91 #define BRCMF_ASSOC_PARAMS_FIXED_SIZE \
92 	(sizeof(struct brcmf_assoc_params_le) - sizeof(u16))
93 
94 static bool check_vif_up(struct brcmf_cfg80211_vif *vif)
95 {
96 	if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state)) {
97 		brcmf_dbg(INFO, "device is not ready : status (%lu)\n",
98 			  vif->sme_state);
99 		return false;
100 	}
101 	return true;
102 }
103 
104 #define RATE_TO_BASE100KBPS(rate)   (((rate) * 10) / 2)
105 #define RATETAB_ENT(_rateid, _flags) \
106 	{                                                               \
107 		.bitrate        = RATE_TO_BASE100KBPS(_rateid),     \
108 		.hw_value       = (_rateid),                            \
109 		.flags          = (_flags),                             \
110 	}
111 
112 static struct ieee80211_rate __wl_rates[] = {
113 	RATETAB_ENT(BRCM_RATE_1M, 0),
114 	RATETAB_ENT(BRCM_RATE_2M, IEEE80211_RATE_SHORT_PREAMBLE),
115 	RATETAB_ENT(BRCM_RATE_5M5, IEEE80211_RATE_SHORT_PREAMBLE),
116 	RATETAB_ENT(BRCM_RATE_11M, IEEE80211_RATE_SHORT_PREAMBLE),
117 	RATETAB_ENT(BRCM_RATE_6M, 0),
118 	RATETAB_ENT(BRCM_RATE_9M, 0),
119 	RATETAB_ENT(BRCM_RATE_12M, 0),
120 	RATETAB_ENT(BRCM_RATE_18M, 0),
121 	RATETAB_ENT(BRCM_RATE_24M, 0),
122 	RATETAB_ENT(BRCM_RATE_36M, 0),
123 	RATETAB_ENT(BRCM_RATE_48M, 0),
124 	RATETAB_ENT(BRCM_RATE_54M, 0),
125 };
126 
127 #define wl_g_rates		(__wl_rates + 0)
128 #define wl_g_rates_size		ARRAY_SIZE(__wl_rates)
129 #define wl_a_rates		(__wl_rates + 4)
130 #define wl_a_rates_size		(wl_g_rates_size - 4)
131 
132 #define CHAN2G(_channel, _freq) {				\
133 	.band			= NL80211_BAND_2GHZ,		\
134 	.center_freq		= (_freq),			\
135 	.hw_value		= (_channel),			\
136 	.max_antenna_gain	= 0,				\
137 	.max_power		= 30,				\
138 }
139 
140 #define CHAN5G(_channel) {					\
141 	.band			= NL80211_BAND_5GHZ,		\
142 	.center_freq		= 5000 + (5 * (_channel)),	\
143 	.hw_value		= (_channel),			\
144 	.max_antenna_gain	= 0,				\
145 	.max_power		= 30,				\
146 }
147 
148 static struct ieee80211_channel __wl_2ghz_channels[] = {
149 	CHAN2G(1, 2412), CHAN2G(2, 2417), CHAN2G(3, 2422), CHAN2G(4, 2427),
150 	CHAN2G(5, 2432), CHAN2G(6, 2437), CHAN2G(7, 2442), CHAN2G(8, 2447),
151 	CHAN2G(9, 2452), CHAN2G(10, 2457), CHAN2G(11, 2462), CHAN2G(12, 2467),
152 	CHAN2G(13, 2472), CHAN2G(14, 2484)
153 };
154 
155 static struct ieee80211_channel __wl_5ghz_channels[] = {
156 	CHAN5G(34), CHAN5G(36), CHAN5G(38), CHAN5G(40), CHAN5G(42),
157 	CHAN5G(44), CHAN5G(46), CHAN5G(48), CHAN5G(52), CHAN5G(56),
158 	CHAN5G(60), CHAN5G(64), CHAN5G(100), CHAN5G(104), CHAN5G(108),
159 	CHAN5G(112), CHAN5G(116), CHAN5G(120), CHAN5G(124), CHAN5G(128),
160 	CHAN5G(132), CHAN5G(136), CHAN5G(140), CHAN5G(144), CHAN5G(149),
161 	CHAN5G(153), CHAN5G(157), CHAN5G(161), CHAN5G(165)
162 };
163 
164 /* Band templates duplicated per wiphy. The channel info
165  * above is added to the band during setup.
166  */
167 static const struct ieee80211_supported_band __wl_band_2ghz = {
168 	.band = NL80211_BAND_2GHZ,
169 	.bitrates = wl_g_rates,
170 	.n_bitrates = wl_g_rates_size,
171 };
172 
173 static const struct ieee80211_supported_band __wl_band_5ghz = {
174 	.band = NL80211_BAND_5GHZ,
175 	.bitrates = wl_a_rates,
176 	.n_bitrates = wl_a_rates_size,
177 };
178 
179 /* This is to override regulatory domains defined in cfg80211 module (reg.c)
180  * By default world regulatory domain defined in reg.c puts the flags
181  * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
182  * With respect to these flags, wpa_supplicant doesn't * start p2p
183  * operations on 5GHz channels. All the changes in world regulatory
184  * domain are to be done here.
185  */
186 static const struct ieee80211_regdomain brcmf_regdom = {
187 	.n_reg_rules = 4,
188 	.alpha2 =  "99",
189 	.reg_rules = {
190 		/* IEEE 802.11b/g, channels 1..11 */
191 		REG_RULE(2412-10, 2472+10, 40, 6, 20, 0),
192 		/* If any */
193 		/* IEEE 802.11 channel 14 - Only JP enables
194 		 * this and for 802.11b only
195 		 */
196 		REG_RULE(2484-10, 2484+10, 20, 6, 20, 0),
197 		/* IEEE 802.11a, channel 36..64 */
198 		REG_RULE(5150-10, 5350+10, 160, 6, 20, 0),
199 		/* IEEE 802.11a, channel 100..165 */
200 		REG_RULE(5470-10, 5850+10, 160, 6, 20, 0), }
201 };
202 
203 /* Note: brcmf_cipher_suites is an array of int defining which cipher suites
204  * are supported. A pointer to this array and the number of entries is passed
205  * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
206  * So the cipher suite AES_CMAC has to be the last one in the array, and when
207  * device does not support MFP then the number of suites will be decreased by 1
208  */
209 static const u32 brcmf_cipher_suites[] = {
210 	WLAN_CIPHER_SUITE_WEP40,
211 	WLAN_CIPHER_SUITE_WEP104,
212 	WLAN_CIPHER_SUITE_TKIP,
213 	WLAN_CIPHER_SUITE_CCMP,
214 	/* Keep as last entry: */
215 	WLAN_CIPHER_SUITE_AES_CMAC
216 };
217 
218 /* Vendor specific ie. id = 221, oui and type defines exact ie */
219 struct brcmf_vs_tlv {
220 	u8 id;
221 	u8 len;
222 	u8 oui[3];
223 	u8 oui_type;
224 };
225 
226 struct parsed_vndr_ie_info {
227 	u8 *ie_ptr;
228 	u32 ie_len;	/* total length including id & length field */
229 	struct brcmf_vs_tlv vndrie;
230 };
231 
232 struct parsed_vndr_ies {
233 	u32 count;
234 	struct parsed_vndr_ie_info ie_info[VNDR_IE_PARSE_LIMIT];
235 };
236 
237 static u8 nl80211_band_to_fwil(enum nl80211_band band)
238 {
239 	switch (band) {
240 	case NL80211_BAND_2GHZ:
241 		return WLC_BAND_2G;
242 	case NL80211_BAND_5GHZ:
243 		return WLC_BAND_5G;
244 	default:
245 		WARN_ON(1);
246 		break;
247 	}
248 	return 0;
249 }
250 
251 static u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf,
252 			       struct cfg80211_chan_def *ch)
253 {
254 	struct brcmu_chan ch_inf;
255 	s32 primary_offset;
256 
257 	brcmf_dbg(TRACE, "chandef: control %d center %d width %d\n",
258 		  ch->chan->center_freq, ch->center_freq1, ch->width);
259 	ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq1);
260 	primary_offset = ch->chan->center_freq - ch->center_freq1;
261 	switch (ch->width) {
262 	case NL80211_CHAN_WIDTH_20:
263 	case NL80211_CHAN_WIDTH_20_NOHT:
264 		ch_inf.bw = BRCMU_CHAN_BW_20;
265 		WARN_ON(primary_offset != 0);
266 		break;
267 	case NL80211_CHAN_WIDTH_40:
268 		ch_inf.bw = BRCMU_CHAN_BW_40;
269 		if (primary_offset > 0)
270 			ch_inf.sb = BRCMU_CHAN_SB_U;
271 		else
272 			ch_inf.sb = BRCMU_CHAN_SB_L;
273 		break;
274 	case NL80211_CHAN_WIDTH_80:
275 		ch_inf.bw = BRCMU_CHAN_BW_80;
276 		if (primary_offset == -30)
277 			ch_inf.sb = BRCMU_CHAN_SB_LL;
278 		else if (primary_offset == -10)
279 			ch_inf.sb = BRCMU_CHAN_SB_LU;
280 		else if (primary_offset == 10)
281 			ch_inf.sb = BRCMU_CHAN_SB_UL;
282 		else
283 			ch_inf.sb = BRCMU_CHAN_SB_UU;
284 		break;
285 	case NL80211_CHAN_WIDTH_160:
286 		ch_inf.bw = BRCMU_CHAN_BW_160;
287 		if (primary_offset == -70)
288 			ch_inf.sb = BRCMU_CHAN_SB_LLL;
289 		else if (primary_offset == -50)
290 			ch_inf.sb = BRCMU_CHAN_SB_LLU;
291 		else if (primary_offset == -30)
292 			ch_inf.sb = BRCMU_CHAN_SB_LUL;
293 		else if (primary_offset == -10)
294 			ch_inf.sb = BRCMU_CHAN_SB_LUU;
295 		else if (primary_offset == 10)
296 			ch_inf.sb = BRCMU_CHAN_SB_ULL;
297 		else if (primary_offset == 30)
298 			ch_inf.sb = BRCMU_CHAN_SB_ULU;
299 		else if (primary_offset == 50)
300 			ch_inf.sb = BRCMU_CHAN_SB_UUL;
301 		else
302 			ch_inf.sb = BRCMU_CHAN_SB_UUU;
303 		break;
304 	case NL80211_CHAN_WIDTH_80P80:
305 	case NL80211_CHAN_WIDTH_5:
306 	case NL80211_CHAN_WIDTH_10:
307 	default:
308 		WARN_ON_ONCE(1);
309 	}
310 	switch (ch->chan->band) {
311 	case NL80211_BAND_2GHZ:
312 		ch_inf.band = BRCMU_CHAN_BAND_2G;
313 		break;
314 	case NL80211_BAND_5GHZ:
315 		ch_inf.band = BRCMU_CHAN_BAND_5G;
316 		break;
317 	case NL80211_BAND_60GHZ:
318 	default:
319 		WARN_ON_ONCE(1);
320 	}
321 	d11inf->encchspec(&ch_inf);
322 
323 	brcmf_dbg(TRACE, "chanspec: 0x%x\n", ch_inf.chspec);
324 	return ch_inf.chspec;
325 }
326 
327 u16 channel_to_chanspec(struct brcmu_d11inf *d11inf,
328 			struct ieee80211_channel *ch)
329 {
330 	struct brcmu_chan ch_inf;
331 
332 	ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq);
333 	ch_inf.bw = BRCMU_CHAN_BW_20;
334 	d11inf->encchspec(&ch_inf);
335 
336 	return ch_inf.chspec;
337 }
338 
339 /* Traverse a string of 1-byte tag/1-byte length/variable-length value
340  * triples, returning a pointer to the substring whose first element
341  * matches tag
342  */
343 static const struct brcmf_tlv *
344 brcmf_parse_tlvs(const void *buf, int buflen, uint key)
345 {
346 	const struct brcmf_tlv *elt = buf;
347 	int totlen = buflen;
348 
349 	/* find tagged parameter */
350 	while (totlen >= TLV_HDR_LEN) {
351 		int len = elt->len;
352 
353 		/* validate remaining totlen */
354 		if ((elt->id == key) && (totlen >= (len + TLV_HDR_LEN)))
355 			return elt;
356 
357 		elt = (struct brcmf_tlv *)((u8 *)elt + (len + TLV_HDR_LEN));
358 		totlen -= (len + TLV_HDR_LEN);
359 	}
360 
361 	return NULL;
362 }
363 
364 /* Is any of the tlvs the expected entry? If
365  * not update the tlvs buffer pointer/length.
366  */
367 static bool
368 brcmf_tlv_has_ie(const u8 *ie, const u8 **tlvs, u32 *tlvs_len,
369 		 const u8 *oui, u32 oui_len, u8 type)
370 {
371 	/* If the contents match the OUI and the type */
372 	if (ie[TLV_LEN_OFF] >= oui_len + 1 &&
373 	    !memcmp(&ie[TLV_BODY_OFF], oui, oui_len) &&
374 	    type == ie[TLV_BODY_OFF + oui_len]) {
375 		return true;
376 	}
377 
378 	if (tlvs == NULL)
379 		return false;
380 	/* point to the next ie */
381 	ie += ie[TLV_LEN_OFF] + TLV_HDR_LEN;
382 	/* calculate the length of the rest of the buffer */
383 	*tlvs_len -= (int)(ie - *tlvs);
384 	/* update the pointer to the start of the buffer */
385 	*tlvs = ie;
386 
387 	return false;
388 }
389 
390 static struct brcmf_vs_tlv *
391 brcmf_find_wpaie(const u8 *parse, u32 len)
392 {
393 	const struct brcmf_tlv *ie;
394 
395 	while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
396 		if (brcmf_tlv_has_ie((const u8 *)ie, &parse, &len,
397 				     WPA_OUI, TLV_OUI_LEN, WPA_OUI_TYPE))
398 			return (struct brcmf_vs_tlv *)ie;
399 	}
400 	return NULL;
401 }
402 
403 static struct brcmf_vs_tlv *
404 brcmf_find_wpsie(const u8 *parse, u32 len)
405 {
406 	const struct brcmf_tlv *ie;
407 
408 	while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
409 		if (brcmf_tlv_has_ie((u8 *)ie, &parse, &len,
410 				     WPA_OUI, TLV_OUI_LEN, WPS_OUI_TYPE))
411 			return (struct brcmf_vs_tlv *)ie;
412 	}
413 	return NULL;
414 }
415 
416 static int brcmf_vif_change_validate(struct brcmf_cfg80211_info *cfg,
417 				     struct brcmf_cfg80211_vif *vif,
418 				     enum nl80211_iftype new_type)
419 {
420 	struct brcmf_cfg80211_vif *pos;
421 	bool check_combos = false;
422 	int ret = 0;
423 	struct iface_combination_params params = {
424 		.num_different_channels = 1,
425 	};
426 
427 	list_for_each_entry(pos, &cfg->vif_list, list)
428 		if (pos == vif) {
429 			params.iftype_num[new_type]++;
430 		} else {
431 			/* concurrent interfaces so need check combinations */
432 			check_combos = true;
433 			params.iftype_num[pos->wdev.iftype]++;
434 		}
435 
436 	if (check_combos)
437 		ret = cfg80211_check_combinations(cfg->wiphy, &params);
438 
439 	return ret;
440 }
441 
442 static int brcmf_vif_add_validate(struct brcmf_cfg80211_info *cfg,
443 				  enum nl80211_iftype new_type)
444 {
445 	struct brcmf_cfg80211_vif *pos;
446 	struct iface_combination_params params = {
447 		.num_different_channels = 1,
448 	};
449 
450 	list_for_each_entry(pos, &cfg->vif_list, list)
451 		params.iftype_num[pos->wdev.iftype]++;
452 
453 	params.iftype_num[new_type]++;
454 	return cfg80211_check_combinations(cfg->wiphy, &params);
455 }
456 
457 static void convert_key_from_CPU(struct brcmf_wsec_key *key,
458 				 struct brcmf_wsec_key_le *key_le)
459 {
460 	key_le->index = cpu_to_le32(key->index);
461 	key_le->len = cpu_to_le32(key->len);
462 	key_le->algo = cpu_to_le32(key->algo);
463 	key_le->flags = cpu_to_le32(key->flags);
464 	key_le->rxiv.hi = cpu_to_le32(key->rxiv.hi);
465 	key_le->rxiv.lo = cpu_to_le16(key->rxiv.lo);
466 	key_le->iv_initialized = cpu_to_le32(key->iv_initialized);
467 	memcpy(key_le->data, key->data, sizeof(key->data));
468 	memcpy(key_le->ea, key->ea, sizeof(key->ea));
469 }
470 
471 static int
472 send_key_to_dongle(struct brcmf_if *ifp, struct brcmf_wsec_key *key)
473 {
474 	struct brcmf_pub *drvr = ifp->drvr;
475 	int err;
476 	struct brcmf_wsec_key_le key_le;
477 
478 	convert_key_from_CPU(key, &key_le);
479 
480 	brcmf_netdev_wait_pend8021x(ifp);
481 
482 	err = brcmf_fil_bsscfg_data_set(ifp, "wsec_key", &key_le,
483 					sizeof(key_le));
484 
485 	if (err)
486 		bphy_err(drvr, "wsec_key error (%d)\n", err);
487 	return err;
488 }
489 
490 static void
491 brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev *wdev)
492 {
493 	struct brcmf_cfg80211_vif *vif;
494 	struct brcmf_if *ifp;
495 
496 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
497 	ifp = vif->ifp;
498 
499 	if ((wdev->iftype == NL80211_IFTYPE_ADHOC) ||
500 	    (wdev->iftype == NL80211_IFTYPE_AP) ||
501 	    (wdev->iftype == NL80211_IFTYPE_P2P_GO))
502 		brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
503 						ADDR_DIRECT);
504 	else
505 		brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
506 						ADDR_INDIRECT);
507 }
508 
509 static int brcmf_get_first_free_bsscfgidx(struct brcmf_pub *drvr)
510 {
511 	int bsscfgidx;
512 
513 	for (bsscfgidx = 0; bsscfgidx < BRCMF_MAX_IFS; bsscfgidx++) {
514 		/* bsscfgidx 1 is reserved for legacy P2P */
515 		if (bsscfgidx == 1)
516 			continue;
517 		if (!drvr->iflist[bsscfgidx])
518 			return bsscfgidx;
519 	}
520 
521 	return -ENOMEM;
522 }
523 
524 static int brcmf_cfg80211_request_ap_if(struct brcmf_if *ifp)
525 {
526 	struct brcmf_pub *drvr = ifp->drvr;
527 	struct brcmf_mbss_ssid_le mbss_ssid_le;
528 	int bsscfgidx;
529 	int err;
530 
531 	memset(&mbss_ssid_le, 0, sizeof(mbss_ssid_le));
532 	bsscfgidx = brcmf_get_first_free_bsscfgidx(ifp->drvr);
533 	if (bsscfgidx < 0)
534 		return bsscfgidx;
535 
536 	mbss_ssid_le.bsscfgidx = cpu_to_le32(bsscfgidx);
537 	mbss_ssid_le.SSID_len = cpu_to_le32(5);
538 	sprintf(mbss_ssid_le.SSID, "ssid%d" , bsscfgidx);
539 
540 	err = brcmf_fil_bsscfg_data_set(ifp, "bsscfg:ssid", &mbss_ssid_le,
541 					sizeof(mbss_ssid_le));
542 	if (err < 0)
543 		bphy_err(drvr, "setting ssid failed %d\n", err);
544 
545 	return err;
546 }
547 
548 /**
549  * brcmf_ap_add_vif() - create a new AP virtual interface for multiple BSS
550  *
551  * @wiphy: wiphy device of new interface.
552  * @name: name of the new interface.
553  * @params: contains mac address for AP device.
554  */
555 static
556 struct wireless_dev *brcmf_ap_add_vif(struct wiphy *wiphy, const char *name,
557 				      struct vif_params *params)
558 {
559 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
560 	struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
561 	struct brcmf_pub *drvr = cfg->pub;
562 	struct brcmf_cfg80211_vif *vif;
563 	int err;
564 
565 	if (brcmf_cfg80211_vif_event_armed(cfg))
566 		return ERR_PTR(-EBUSY);
567 
568 	brcmf_dbg(INFO, "Adding vif \"%s\"\n", name);
569 
570 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_AP);
571 	if (IS_ERR(vif))
572 		return (struct wireless_dev *)vif;
573 
574 	brcmf_cfg80211_arm_vif_event(cfg, vif);
575 
576 	err = brcmf_cfg80211_request_ap_if(ifp);
577 	if (err) {
578 		brcmf_cfg80211_arm_vif_event(cfg, NULL);
579 		goto fail;
580 	}
581 
582 	/* wait for firmware event */
583 	err = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_ADD,
584 					    BRCMF_VIF_EVENT_TIMEOUT);
585 	brcmf_cfg80211_arm_vif_event(cfg, NULL);
586 	if (!err) {
587 		bphy_err(drvr, "timeout occurred\n");
588 		err = -EIO;
589 		goto fail;
590 	}
591 
592 	/* interface created in firmware */
593 	ifp = vif->ifp;
594 	if (!ifp) {
595 		bphy_err(drvr, "no if pointer provided\n");
596 		err = -ENOENT;
597 		goto fail;
598 	}
599 
600 	strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1);
601 	err = brcmf_net_attach(ifp, true);
602 	if (err) {
603 		bphy_err(drvr, "Registering netdevice failed\n");
604 		free_netdev(ifp->ndev);
605 		goto fail;
606 	}
607 
608 	return &ifp->vif->wdev;
609 
610 fail:
611 	brcmf_free_vif(vif);
612 	return ERR_PTR(err);
613 }
614 
615 static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif)
616 {
617 	enum nl80211_iftype iftype;
618 
619 	iftype = vif->wdev.iftype;
620 	return iftype == NL80211_IFTYPE_AP || iftype == NL80211_IFTYPE_P2P_GO;
621 }
622 
623 static bool brcmf_is_ibssmode(struct brcmf_cfg80211_vif *vif)
624 {
625 	return vif->wdev.iftype == NL80211_IFTYPE_ADHOC;
626 }
627 
628 /**
629  * brcmf_mon_add_vif() - create monitor mode virtual interface
630  *
631  * @wiphy: wiphy device of new interface.
632  * @name: name of the new interface.
633  */
634 static struct wireless_dev *brcmf_mon_add_vif(struct wiphy *wiphy,
635 					      const char *name)
636 {
637 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
638 	struct brcmf_cfg80211_vif *vif;
639 	struct net_device *ndev;
640 	struct brcmf_if *ifp;
641 	int err;
642 
643 	if (cfg->pub->mon_if) {
644 		err = -EEXIST;
645 		goto err_out;
646 	}
647 
648 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_MONITOR);
649 	if (IS_ERR(vif)) {
650 		err = PTR_ERR(vif);
651 		goto err_out;
652 	}
653 
654 	ndev = alloc_netdev(sizeof(*ifp), name, NET_NAME_UNKNOWN, ether_setup);
655 	if (!ndev) {
656 		err = -ENOMEM;
657 		goto err_free_vif;
658 	}
659 	ndev->type = ARPHRD_IEEE80211_RADIOTAP;
660 	ndev->ieee80211_ptr = &vif->wdev;
661 	ndev->needs_free_netdev = true;
662 	ndev->priv_destructor = brcmf_cfg80211_free_netdev;
663 	SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
664 
665 	ifp = netdev_priv(ndev);
666 	ifp->vif = vif;
667 	ifp->ndev = ndev;
668 	ifp->drvr = cfg->pub;
669 
670 	vif->ifp = ifp;
671 	vif->wdev.netdev = ndev;
672 
673 	err = brcmf_net_mon_attach(ifp);
674 	if (err) {
675 		brcmf_err("Failed to attach %s device\n", ndev->name);
676 		free_netdev(ndev);
677 		goto err_free_vif;
678 	}
679 
680 	cfg->pub->mon_if = ifp;
681 
682 	return &vif->wdev;
683 
684 err_free_vif:
685 	brcmf_free_vif(vif);
686 err_out:
687 	return ERR_PTR(err);
688 }
689 
690 static int brcmf_mon_del_vif(struct wiphy *wiphy, struct wireless_dev *wdev)
691 {
692 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
693 	struct net_device *ndev = wdev->netdev;
694 
695 	ndev->netdev_ops->ndo_stop(ndev);
696 
697 	brcmf_net_detach(ndev, true);
698 
699 	cfg->pub->mon_if = NULL;
700 
701 	return 0;
702 }
703 
704 static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy,
705 						     const char *name,
706 						     unsigned char name_assign_type,
707 						     enum nl80211_iftype type,
708 						     struct vif_params *params)
709 {
710 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
711 	struct brcmf_pub *drvr = cfg->pub;
712 	struct wireless_dev *wdev;
713 	int err;
714 
715 	brcmf_dbg(TRACE, "enter: %s type %d\n", name, type);
716 	err = brcmf_vif_add_validate(wiphy_to_cfg(wiphy), type);
717 	if (err) {
718 		bphy_err(drvr, "iface validation failed: err=%d\n", err);
719 		return ERR_PTR(err);
720 	}
721 	switch (type) {
722 	case NL80211_IFTYPE_ADHOC:
723 	case NL80211_IFTYPE_STATION:
724 	case NL80211_IFTYPE_AP_VLAN:
725 	case NL80211_IFTYPE_WDS:
726 	case NL80211_IFTYPE_MESH_POINT:
727 		return ERR_PTR(-EOPNOTSUPP);
728 	case NL80211_IFTYPE_MONITOR:
729 		return brcmf_mon_add_vif(wiphy, name);
730 	case NL80211_IFTYPE_AP:
731 		wdev = brcmf_ap_add_vif(wiphy, name, params);
732 		break;
733 	case NL80211_IFTYPE_P2P_CLIENT:
734 	case NL80211_IFTYPE_P2P_GO:
735 	case NL80211_IFTYPE_P2P_DEVICE:
736 		wdev = brcmf_p2p_add_vif(wiphy, name, name_assign_type, type, params);
737 		break;
738 	case NL80211_IFTYPE_UNSPECIFIED:
739 	default:
740 		return ERR_PTR(-EINVAL);
741 	}
742 
743 	if (IS_ERR(wdev))
744 		bphy_err(drvr, "add iface %s type %d failed: err=%d\n", name,
745 			 type, (int)PTR_ERR(wdev));
746 	else
747 		brcmf_cfg80211_update_proto_addr_mode(wdev);
748 
749 	return wdev;
750 }
751 
752 static void brcmf_scan_config_mpc(struct brcmf_if *ifp, int mpc)
753 {
754 	if (brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_NEED_MPC))
755 		brcmf_set_mpc(ifp, mpc);
756 }
757 
758 void brcmf_set_mpc(struct brcmf_if *ifp, int mpc)
759 {
760 	struct brcmf_pub *drvr = ifp->drvr;
761 	s32 err = 0;
762 
763 	if (check_vif_up(ifp->vif)) {
764 		err = brcmf_fil_iovar_int_set(ifp, "mpc", mpc);
765 		if (err) {
766 			bphy_err(drvr, "fail to set mpc\n");
767 			return;
768 		}
769 		brcmf_dbg(INFO, "MPC : %d\n", mpc);
770 	}
771 }
772 
773 s32 brcmf_notify_escan_complete(struct brcmf_cfg80211_info *cfg,
774 				struct brcmf_if *ifp, bool aborted,
775 				bool fw_abort)
776 {
777 	struct brcmf_pub *drvr = cfg->pub;
778 	struct brcmf_scan_params_le params_le;
779 	struct cfg80211_scan_request *scan_request;
780 	u64 reqid;
781 	u32 bucket;
782 	s32 err = 0;
783 
784 	brcmf_dbg(SCAN, "Enter\n");
785 
786 	/* clear scan request, because the FW abort can cause a second call */
787 	/* to this functon and might cause a double cfg80211_scan_done      */
788 	scan_request = cfg->scan_request;
789 	cfg->scan_request = NULL;
790 
791 	if (timer_pending(&cfg->escan_timeout))
792 		del_timer_sync(&cfg->escan_timeout);
793 
794 	if (fw_abort) {
795 		/* Do a scan abort to stop the driver's scan engine */
796 		brcmf_dbg(SCAN, "ABORT scan in firmware\n");
797 		memset(&params_le, 0, sizeof(params_le));
798 		eth_broadcast_addr(params_le.bssid);
799 		params_le.bss_type = DOT11_BSSTYPE_ANY;
800 		params_le.scan_type = 0;
801 		params_le.channel_num = cpu_to_le32(1);
802 		params_le.nprobes = cpu_to_le32(1);
803 		params_le.active_time = cpu_to_le32(-1);
804 		params_le.passive_time = cpu_to_le32(-1);
805 		params_le.home_time = cpu_to_le32(-1);
806 		/* Scan is aborted by setting channel_list[0] to -1 */
807 		params_le.channel_list[0] = cpu_to_le16(-1);
808 		/* E-Scan (or anyother type) can be aborted by SCAN */
809 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCAN,
810 					     &params_le, sizeof(params_le));
811 		if (err)
812 			bphy_err(drvr, "Scan abort failed\n");
813 	}
814 
815 	brcmf_scan_config_mpc(ifp, 1);
816 
817 	/*
818 	 * e-scan can be initiated internally
819 	 * which takes precedence.
820 	 */
821 	if (cfg->int_escan_map) {
822 		brcmf_dbg(SCAN, "scheduled scan completed (%x)\n",
823 			  cfg->int_escan_map);
824 		while (cfg->int_escan_map) {
825 			bucket = __ffs(cfg->int_escan_map);
826 			cfg->int_escan_map &= ~BIT(bucket);
827 			reqid = brcmf_pno_find_reqid_by_bucket(cfg->pno,
828 							       bucket);
829 			if (!aborted) {
830 				brcmf_dbg(SCAN, "report results: reqid=%llu\n",
831 					  reqid);
832 				cfg80211_sched_scan_results(cfg_to_wiphy(cfg),
833 							    reqid);
834 			}
835 		}
836 	} else if (scan_request) {
837 		struct cfg80211_scan_info info = {
838 			.aborted = aborted,
839 		};
840 
841 		brcmf_dbg(SCAN, "ESCAN Completed scan: %s\n",
842 			  aborted ? "Aborted" : "Done");
843 		cfg80211_scan_done(scan_request, &info);
844 	}
845 	if (!test_and_clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
846 		brcmf_dbg(SCAN, "Scan complete, probably P2P scan\n");
847 
848 	return err;
849 }
850 
851 static int brcmf_cfg80211_del_ap_iface(struct wiphy *wiphy,
852 				       struct wireless_dev *wdev)
853 {
854 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
855 	struct net_device *ndev = wdev->netdev;
856 	struct brcmf_if *ifp = netdev_priv(ndev);
857 	struct brcmf_pub *drvr = cfg->pub;
858 	int ret;
859 	int err;
860 
861 	brcmf_cfg80211_arm_vif_event(cfg, ifp->vif);
862 
863 	err = brcmf_fil_bsscfg_data_set(ifp, "interface_remove", NULL, 0);
864 	if (err) {
865 		bphy_err(drvr, "interface_remove failed %d\n", err);
866 		goto err_unarm;
867 	}
868 
869 	/* wait for firmware event */
870 	ret = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_DEL,
871 					    BRCMF_VIF_EVENT_TIMEOUT);
872 	if (!ret) {
873 		bphy_err(drvr, "timeout occurred\n");
874 		err = -EIO;
875 		goto err_unarm;
876 	}
877 
878 	brcmf_remove_interface(ifp, true);
879 
880 err_unarm:
881 	brcmf_cfg80211_arm_vif_event(cfg, NULL);
882 	return err;
883 }
884 
885 static
886 int brcmf_cfg80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
887 {
888 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
889 	struct net_device *ndev = wdev->netdev;
890 
891 	if (ndev && ndev == cfg_to_ndev(cfg))
892 		return -ENOTSUPP;
893 
894 	/* vif event pending in firmware */
895 	if (brcmf_cfg80211_vif_event_armed(cfg))
896 		return -EBUSY;
897 
898 	if (ndev) {
899 		if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status) &&
900 		    cfg->escan_info.ifp == netdev_priv(ndev))
901 			brcmf_notify_escan_complete(cfg, netdev_priv(ndev),
902 						    true, true);
903 
904 		brcmf_fil_iovar_int_set(netdev_priv(ndev), "mpc", 1);
905 	}
906 
907 	switch (wdev->iftype) {
908 	case NL80211_IFTYPE_ADHOC:
909 	case NL80211_IFTYPE_STATION:
910 	case NL80211_IFTYPE_AP_VLAN:
911 	case NL80211_IFTYPE_WDS:
912 	case NL80211_IFTYPE_MESH_POINT:
913 		return -EOPNOTSUPP;
914 	case NL80211_IFTYPE_MONITOR:
915 		return brcmf_mon_del_vif(wiphy, wdev);
916 	case NL80211_IFTYPE_AP:
917 		return brcmf_cfg80211_del_ap_iface(wiphy, wdev);
918 	case NL80211_IFTYPE_P2P_CLIENT:
919 	case NL80211_IFTYPE_P2P_GO:
920 	case NL80211_IFTYPE_P2P_DEVICE:
921 		return brcmf_p2p_del_vif(wiphy, wdev);
922 	case NL80211_IFTYPE_UNSPECIFIED:
923 	default:
924 		return -EINVAL;
925 	}
926 	return -EOPNOTSUPP;
927 }
928 
929 static s32
930 brcmf_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev,
931 			 enum nl80211_iftype type,
932 			 struct vif_params *params)
933 {
934 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
935 	struct brcmf_if *ifp = netdev_priv(ndev);
936 	struct brcmf_cfg80211_vif *vif = ifp->vif;
937 	struct brcmf_pub *drvr = cfg->pub;
938 	s32 infra = 0;
939 	s32 ap = 0;
940 	s32 err = 0;
941 
942 	brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, type=%d\n", ifp->bsscfgidx,
943 		  type);
944 
945 	/* WAR: There are a number of p2p interface related problems which
946 	 * need to be handled initially (before doing the validate).
947 	 * wpa_supplicant tends to do iface changes on p2p device/client/go
948 	 * which are not always possible/allowed. However we need to return
949 	 * OK otherwise the wpa_supplicant wont start. The situation differs
950 	 * on configuration and setup (p2pon=1 module param). The first check
951 	 * is to see if the request is a change to station for p2p iface.
952 	 */
953 	if ((type == NL80211_IFTYPE_STATION) &&
954 	    ((vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) ||
955 	     (vif->wdev.iftype == NL80211_IFTYPE_P2P_GO) ||
956 	     (vif->wdev.iftype == NL80211_IFTYPE_P2P_DEVICE))) {
957 		brcmf_dbg(TRACE, "Ignoring cmd for p2p if\n");
958 		/* Now depending on whether module param p2pon=1 was used the
959 		 * response needs to be either 0 or EOPNOTSUPP. The reason is
960 		 * that if p2pon=1 is used, but a newer supplicant is used then
961 		 * we should return an error, as this combination wont work.
962 		 * In other situations 0 is returned and supplicant will start
963 		 * normally. It will give a trace in cfg80211, but it is the
964 		 * only way to get it working. Unfortunately this will result
965 		 * in situation where we wont support new supplicant in
966 		 * combination with module param p2pon=1, but that is the way
967 		 * it is. If the user tries this then unloading of driver might
968 		 * fail/lock.
969 		 */
970 		if (cfg->p2p.p2pdev_dynamically)
971 			return -EOPNOTSUPP;
972 		else
973 			return 0;
974 	}
975 	err = brcmf_vif_change_validate(wiphy_to_cfg(wiphy), vif, type);
976 	if (err) {
977 		bphy_err(drvr, "iface validation failed: err=%d\n", err);
978 		return err;
979 	}
980 	switch (type) {
981 	case NL80211_IFTYPE_MONITOR:
982 	case NL80211_IFTYPE_WDS:
983 		bphy_err(drvr, "type (%d) : currently we do not support this type\n",
984 			 type);
985 		return -EOPNOTSUPP;
986 	case NL80211_IFTYPE_ADHOC:
987 		infra = 0;
988 		break;
989 	case NL80211_IFTYPE_STATION:
990 		infra = 1;
991 		break;
992 	case NL80211_IFTYPE_AP:
993 	case NL80211_IFTYPE_P2P_GO:
994 		ap = 1;
995 		break;
996 	default:
997 		err = -EINVAL;
998 		goto done;
999 	}
1000 
1001 	if (ap) {
1002 		if (type == NL80211_IFTYPE_P2P_GO) {
1003 			brcmf_dbg(INFO, "IF Type = P2P GO\n");
1004 			err = brcmf_p2p_ifchange(cfg, BRCMF_FIL_P2P_IF_GO);
1005 		}
1006 		if (!err) {
1007 			brcmf_dbg(INFO, "IF Type = AP\n");
1008 		}
1009 	} else {
1010 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, infra);
1011 		if (err) {
1012 			bphy_err(drvr, "WLC_SET_INFRA error (%d)\n", err);
1013 			err = -EAGAIN;
1014 			goto done;
1015 		}
1016 		brcmf_dbg(INFO, "IF Type = %s\n", brcmf_is_ibssmode(vif) ?
1017 			  "Adhoc" : "Infra");
1018 	}
1019 	ndev->ieee80211_ptr->iftype = type;
1020 
1021 	brcmf_cfg80211_update_proto_addr_mode(&vif->wdev);
1022 
1023 done:
1024 	brcmf_dbg(TRACE, "Exit\n");
1025 
1026 	return err;
1027 }
1028 
1029 static void brcmf_escan_prep(struct brcmf_cfg80211_info *cfg,
1030 			     struct brcmf_scan_params_le *params_le,
1031 			     struct cfg80211_scan_request *request)
1032 {
1033 	u32 n_ssids;
1034 	u32 n_channels;
1035 	s32 i;
1036 	s32 offset;
1037 	u16 chanspec;
1038 	char *ptr;
1039 	struct brcmf_ssid_le ssid_le;
1040 
1041 	eth_broadcast_addr(params_le->bssid);
1042 	params_le->bss_type = DOT11_BSSTYPE_ANY;
1043 	params_le->scan_type = BRCMF_SCANTYPE_ACTIVE;
1044 	params_le->channel_num = 0;
1045 	params_le->nprobes = cpu_to_le32(-1);
1046 	params_le->active_time = cpu_to_le32(-1);
1047 	params_le->passive_time = cpu_to_le32(-1);
1048 	params_le->home_time = cpu_to_le32(-1);
1049 	memset(&params_le->ssid_le, 0, sizeof(params_le->ssid_le));
1050 
1051 	n_ssids = request->n_ssids;
1052 	n_channels = request->n_channels;
1053 
1054 	/* Copy channel array if applicable */
1055 	brcmf_dbg(SCAN, "### List of channelspecs to scan ### %d\n",
1056 		  n_channels);
1057 	if (n_channels > 0) {
1058 		for (i = 0; i < n_channels; i++) {
1059 			chanspec = channel_to_chanspec(&cfg->d11inf,
1060 						       request->channels[i]);
1061 			brcmf_dbg(SCAN, "Chan : %d, Channel spec: %x\n",
1062 				  request->channels[i]->hw_value, chanspec);
1063 			params_le->channel_list[i] = cpu_to_le16(chanspec);
1064 		}
1065 	} else {
1066 		brcmf_dbg(SCAN, "Scanning all channels\n");
1067 	}
1068 	/* Copy ssid array if applicable */
1069 	brcmf_dbg(SCAN, "### List of SSIDs to scan ### %d\n", n_ssids);
1070 	if (n_ssids > 0) {
1071 		offset = offsetof(struct brcmf_scan_params_le, channel_list) +
1072 				n_channels * sizeof(u16);
1073 		offset = roundup(offset, sizeof(u32));
1074 		ptr = (char *)params_le + offset;
1075 		for (i = 0; i < n_ssids; i++) {
1076 			memset(&ssid_le, 0, sizeof(ssid_le));
1077 			ssid_le.SSID_len =
1078 					cpu_to_le32(request->ssids[i].ssid_len);
1079 			memcpy(ssid_le.SSID, request->ssids[i].ssid,
1080 			       request->ssids[i].ssid_len);
1081 			if (!ssid_le.SSID_len)
1082 				brcmf_dbg(SCAN, "%d: Broadcast scan\n", i);
1083 			else
1084 				brcmf_dbg(SCAN, "%d: scan for  %.32s size=%d\n",
1085 					  i, ssid_le.SSID, ssid_le.SSID_len);
1086 			memcpy(ptr, &ssid_le, sizeof(ssid_le));
1087 			ptr += sizeof(ssid_le);
1088 		}
1089 	} else {
1090 		brcmf_dbg(SCAN, "Performing passive scan\n");
1091 		params_le->scan_type = BRCMF_SCANTYPE_PASSIVE;
1092 	}
1093 	/* Adding mask to channel numbers */
1094 	params_le->channel_num =
1095 		cpu_to_le32((n_ssids << BRCMF_SCAN_PARAMS_NSSID_SHIFT) |
1096 			(n_channels & BRCMF_SCAN_PARAMS_COUNT_MASK));
1097 }
1098 
1099 static s32
1100 brcmf_run_escan(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp,
1101 		struct cfg80211_scan_request *request)
1102 {
1103 	struct brcmf_pub *drvr = cfg->pub;
1104 	s32 params_size = BRCMF_SCAN_PARAMS_FIXED_SIZE +
1105 			  offsetof(struct brcmf_escan_params_le, params_le);
1106 	struct brcmf_escan_params_le *params;
1107 	s32 err = 0;
1108 
1109 	brcmf_dbg(SCAN, "E-SCAN START\n");
1110 
1111 	if (request != NULL) {
1112 		/* Allocate space for populating ssids in struct */
1113 		params_size += sizeof(u32) * ((request->n_channels + 1) / 2);
1114 
1115 		/* Allocate space for populating ssids in struct */
1116 		params_size += sizeof(struct brcmf_ssid_le) * request->n_ssids;
1117 	}
1118 
1119 	params = kzalloc(params_size, GFP_KERNEL);
1120 	if (!params) {
1121 		err = -ENOMEM;
1122 		goto exit;
1123 	}
1124 	BUG_ON(params_size + sizeof("escan") >= BRCMF_DCMD_MEDLEN);
1125 	brcmf_escan_prep(cfg, &params->params_le, request);
1126 	params->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION);
1127 	params->action = cpu_to_le16(WL_ESCAN_ACTION_START);
1128 	params->sync_id = cpu_to_le16(0x1234);
1129 
1130 	err = brcmf_fil_iovar_data_set(ifp, "escan", params, params_size);
1131 	if (err) {
1132 		if (err == -EBUSY)
1133 			brcmf_dbg(INFO, "system busy : escan canceled\n");
1134 		else
1135 			bphy_err(drvr, "error (%d)\n", err);
1136 	}
1137 
1138 	kfree(params);
1139 exit:
1140 	return err;
1141 }
1142 
1143 static s32
1144 brcmf_do_escan(struct brcmf_if *ifp, struct cfg80211_scan_request *request)
1145 {
1146 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
1147 	s32 err;
1148 	struct brcmf_scan_results *results;
1149 	struct escan_info *escan = &cfg->escan_info;
1150 
1151 	brcmf_dbg(SCAN, "Enter\n");
1152 	escan->ifp = ifp;
1153 	escan->wiphy = cfg->wiphy;
1154 	escan->escan_state = WL_ESCAN_STATE_SCANNING;
1155 
1156 	brcmf_scan_config_mpc(ifp, 0);
1157 	results = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
1158 	results->version = 0;
1159 	results->count = 0;
1160 	results->buflen = WL_ESCAN_RESULTS_FIXED_SIZE;
1161 
1162 	err = escan->run(cfg, ifp, request);
1163 	if (err)
1164 		brcmf_scan_config_mpc(ifp, 1);
1165 	return err;
1166 }
1167 
1168 static s32
1169 brcmf_cfg80211_scan(struct wiphy *wiphy, struct cfg80211_scan_request *request)
1170 {
1171 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1172 	struct brcmf_pub *drvr = cfg->pub;
1173 	struct brcmf_cfg80211_vif *vif;
1174 	s32 err = 0;
1175 
1176 	brcmf_dbg(TRACE, "Enter\n");
1177 	vif = container_of(request->wdev, struct brcmf_cfg80211_vif, wdev);
1178 	if (!check_vif_up(vif))
1179 		return -EIO;
1180 
1181 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
1182 		bphy_err(drvr, "Scanning already: status (%lu)\n",
1183 			 cfg->scan_status);
1184 		return -EAGAIN;
1185 	}
1186 	if (test_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status)) {
1187 		bphy_err(drvr, "Scanning being aborted: status (%lu)\n",
1188 			 cfg->scan_status);
1189 		return -EAGAIN;
1190 	}
1191 	if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
1192 		bphy_err(drvr, "Scanning suppressed: status (%lu)\n",
1193 			 cfg->scan_status);
1194 		return -EAGAIN;
1195 	}
1196 	if (test_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state)) {
1197 		bphy_err(drvr, "Connecting: status (%lu)\n", vif->sme_state);
1198 		return -EAGAIN;
1199 	}
1200 
1201 	/* If scan req comes for p2p0, send it over primary I/F */
1202 	if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
1203 		vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif;
1204 
1205 	brcmf_dbg(SCAN, "START ESCAN\n");
1206 
1207 	cfg->scan_request = request;
1208 	set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1209 
1210 	cfg->escan_info.run = brcmf_run_escan;
1211 	err = brcmf_p2p_scan_prep(wiphy, request, vif);
1212 	if (err)
1213 		goto scan_out;
1214 
1215 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBREQ_FLAG,
1216 				    request->ie, request->ie_len);
1217 	if (err)
1218 		goto scan_out;
1219 
1220 	err = brcmf_do_escan(vif->ifp, request);
1221 	if (err)
1222 		goto scan_out;
1223 
1224 	/* Arm scan timeout timer */
1225 	mod_timer(&cfg->escan_timeout,
1226 		  jiffies + msecs_to_jiffies(BRCMF_ESCAN_TIMER_INTERVAL_MS));
1227 
1228 	return 0;
1229 
1230 scan_out:
1231 	bphy_err(drvr, "scan error (%d)\n", err);
1232 	clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1233 	cfg->scan_request = NULL;
1234 	return err;
1235 }
1236 
1237 static s32 brcmf_set_rts(struct net_device *ndev, u32 rts_threshold)
1238 {
1239 	struct brcmf_if *ifp = netdev_priv(ndev);
1240 	struct brcmf_pub *drvr = ifp->drvr;
1241 	s32 err = 0;
1242 
1243 	err = brcmf_fil_iovar_int_set(ifp, "rtsthresh", rts_threshold);
1244 	if (err)
1245 		bphy_err(drvr, "Error (%d)\n", err);
1246 
1247 	return err;
1248 }
1249 
1250 static s32 brcmf_set_frag(struct net_device *ndev, u32 frag_threshold)
1251 {
1252 	struct brcmf_if *ifp = netdev_priv(ndev);
1253 	struct brcmf_pub *drvr = ifp->drvr;
1254 	s32 err = 0;
1255 
1256 	err = brcmf_fil_iovar_int_set(ifp, "fragthresh",
1257 				      frag_threshold);
1258 	if (err)
1259 		bphy_err(drvr, "Error (%d)\n", err);
1260 
1261 	return err;
1262 }
1263 
1264 static s32 brcmf_set_retry(struct net_device *ndev, u32 retry, bool l)
1265 {
1266 	struct brcmf_if *ifp = netdev_priv(ndev);
1267 	struct brcmf_pub *drvr = ifp->drvr;
1268 	s32 err = 0;
1269 	u32 cmd = (l ? BRCMF_C_SET_LRL : BRCMF_C_SET_SRL);
1270 
1271 	err = brcmf_fil_cmd_int_set(ifp, cmd, retry);
1272 	if (err) {
1273 		bphy_err(drvr, "cmd (%d) , error (%d)\n", cmd, err);
1274 		return err;
1275 	}
1276 	return err;
1277 }
1278 
1279 static s32 brcmf_cfg80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1280 {
1281 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1282 	struct net_device *ndev = cfg_to_ndev(cfg);
1283 	struct brcmf_if *ifp = netdev_priv(ndev);
1284 	s32 err = 0;
1285 
1286 	brcmf_dbg(TRACE, "Enter\n");
1287 	if (!check_vif_up(ifp->vif))
1288 		return -EIO;
1289 
1290 	if (changed & WIPHY_PARAM_RTS_THRESHOLD &&
1291 	    (cfg->conf->rts_threshold != wiphy->rts_threshold)) {
1292 		cfg->conf->rts_threshold = wiphy->rts_threshold;
1293 		err = brcmf_set_rts(ndev, cfg->conf->rts_threshold);
1294 		if (!err)
1295 			goto done;
1296 	}
1297 	if (changed & WIPHY_PARAM_FRAG_THRESHOLD &&
1298 	    (cfg->conf->frag_threshold != wiphy->frag_threshold)) {
1299 		cfg->conf->frag_threshold = wiphy->frag_threshold;
1300 		err = brcmf_set_frag(ndev, cfg->conf->frag_threshold);
1301 		if (!err)
1302 			goto done;
1303 	}
1304 	if (changed & WIPHY_PARAM_RETRY_LONG
1305 	    && (cfg->conf->retry_long != wiphy->retry_long)) {
1306 		cfg->conf->retry_long = wiphy->retry_long;
1307 		err = brcmf_set_retry(ndev, cfg->conf->retry_long, true);
1308 		if (!err)
1309 			goto done;
1310 	}
1311 	if (changed & WIPHY_PARAM_RETRY_SHORT
1312 	    && (cfg->conf->retry_short != wiphy->retry_short)) {
1313 		cfg->conf->retry_short = wiphy->retry_short;
1314 		err = brcmf_set_retry(ndev, cfg->conf->retry_short, false);
1315 		if (!err)
1316 			goto done;
1317 	}
1318 
1319 done:
1320 	brcmf_dbg(TRACE, "Exit\n");
1321 	return err;
1322 }
1323 
1324 static void brcmf_init_prof(struct brcmf_cfg80211_profile *prof)
1325 {
1326 	memset(prof, 0, sizeof(*prof));
1327 }
1328 
1329 static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
1330 {
1331 	u16 reason;
1332 
1333 	switch (e->event_code) {
1334 	case BRCMF_E_DEAUTH:
1335 	case BRCMF_E_DEAUTH_IND:
1336 	case BRCMF_E_DISASSOC_IND:
1337 		reason = e->reason;
1338 		break;
1339 	case BRCMF_E_LINK:
1340 	default:
1341 		reason = 0;
1342 		break;
1343 	}
1344 	return reason;
1345 }
1346 
1347 static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
1348 {
1349 	struct brcmf_pub *drvr = ifp->drvr;
1350 	struct brcmf_wsec_pmk_le pmk;
1351 	int i, err;
1352 
1353 	/* convert to firmware key format */
1354 	pmk.key_len = cpu_to_le16(pmk_len << 1);
1355 	pmk.flags = cpu_to_le16(BRCMF_WSEC_PASSPHRASE);
1356 	for (i = 0; i < pmk_len; i++)
1357 		snprintf(&pmk.key[2 * i], 3, "%02x", pmk_data[i]);
1358 
1359 	/* store psk in firmware */
1360 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
1361 				     &pmk, sizeof(pmk));
1362 	if (err < 0)
1363 		bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
1364 			 pmk_len);
1365 
1366 	return err;
1367 }
1368 
1369 static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
1370 				  u16 pwd_len)
1371 {
1372 	struct brcmf_pub *drvr = ifp->drvr;
1373 	struct brcmf_wsec_sae_pwd_le sae_pwd;
1374 	int err;
1375 
1376 	if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
1377 		bphy_err(drvr, "sae_password must be less than %d\n",
1378 			 BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
1379 		return -EINVAL;
1380 	}
1381 
1382 	sae_pwd.key_len = cpu_to_le16(pwd_len);
1383 	memcpy(sae_pwd.key, pwd_data, pwd_len);
1384 
1385 	err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
1386 				       sizeof(sae_pwd));
1387 	if (err < 0)
1388 		bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
1389 			 pwd_len);
1390 
1391 	return err;
1392 }
1393 
1394 static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
1395 			    bool locally_generated)
1396 {
1397 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(vif->wdev.wiphy);
1398 	struct brcmf_pub *drvr = cfg->pub;
1399 	bool bus_up = drvr->bus_if->state == BRCMF_BUS_UP;
1400 	s32 err = 0;
1401 
1402 	brcmf_dbg(TRACE, "Enter\n");
1403 
1404 	if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTED, &vif->sme_state)) {
1405 		if (bus_up) {
1406 			brcmf_dbg(INFO, "Call WLC_DISASSOC to stop excess roaming\n");
1407 			err = brcmf_fil_cmd_data_set(vif->ifp,
1408 						     BRCMF_C_DISASSOC, NULL, 0);
1409 			if (err)
1410 				bphy_err(drvr, "WLC_DISASSOC failed (%d)\n",
1411 					 err);
1412 		}
1413 
1414 		if ((vif->wdev.iftype == NL80211_IFTYPE_STATION) ||
1415 		    (vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT))
1416 			cfg80211_disconnected(vif->wdev.netdev, reason, NULL, 0,
1417 					      locally_generated, GFP_KERNEL);
1418 	}
1419 	clear_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state);
1420 	clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
1421 	brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
1422 	if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
1423 		if (bus_up)
1424 			brcmf_set_pmk(vif->ifp, NULL, 0);
1425 		vif->profile.use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1426 	}
1427 	brcmf_dbg(TRACE, "Exit\n");
1428 }
1429 
1430 static s32
1431 brcmf_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *ndev,
1432 		      struct cfg80211_ibss_params *params)
1433 {
1434 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1435 	struct brcmf_if *ifp = netdev_priv(ndev);
1436 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1437 	struct brcmf_pub *drvr = cfg->pub;
1438 	struct brcmf_join_params join_params;
1439 	size_t join_params_size = 0;
1440 	s32 err = 0;
1441 	s32 wsec = 0;
1442 	s32 bcnprd;
1443 	u16 chanspec;
1444 	u32 ssid_len;
1445 
1446 	brcmf_dbg(TRACE, "Enter\n");
1447 	if (!check_vif_up(ifp->vif))
1448 		return -EIO;
1449 
1450 	if (params->ssid)
1451 		brcmf_dbg(CONN, "SSID: %s\n", params->ssid);
1452 	else {
1453 		brcmf_dbg(CONN, "SSID: NULL, Not supported\n");
1454 		return -EOPNOTSUPP;
1455 	}
1456 
1457 	set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1458 
1459 	if (params->bssid)
1460 		brcmf_dbg(CONN, "BSSID: %pM\n", params->bssid);
1461 	else
1462 		brcmf_dbg(CONN, "No BSSID specified\n");
1463 
1464 	if (params->chandef.chan)
1465 		brcmf_dbg(CONN, "channel: %d\n",
1466 			  params->chandef.chan->center_freq);
1467 	else
1468 		brcmf_dbg(CONN, "no channel specified\n");
1469 
1470 	if (params->channel_fixed)
1471 		brcmf_dbg(CONN, "fixed channel required\n");
1472 	else
1473 		brcmf_dbg(CONN, "no fixed channel required\n");
1474 
1475 	if (params->ie && params->ie_len)
1476 		brcmf_dbg(CONN, "ie len: %d\n", params->ie_len);
1477 	else
1478 		brcmf_dbg(CONN, "no ie specified\n");
1479 
1480 	if (params->beacon_interval)
1481 		brcmf_dbg(CONN, "beacon interval: %d\n",
1482 			  params->beacon_interval);
1483 	else
1484 		brcmf_dbg(CONN, "no beacon interval specified\n");
1485 
1486 	if (params->basic_rates)
1487 		brcmf_dbg(CONN, "basic rates: %08X\n", params->basic_rates);
1488 	else
1489 		brcmf_dbg(CONN, "no basic rates specified\n");
1490 
1491 	if (params->privacy)
1492 		brcmf_dbg(CONN, "privacy required\n");
1493 	else
1494 		brcmf_dbg(CONN, "no privacy required\n");
1495 
1496 	/* Configure Privacy for starter */
1497 	if (params->privacy)
1498 		wsec |= WEP_ENABLED;
1499 
1500 	err = brcmf_fil_iovar_int_set(ifp, "wsec", wsec);
1501 	if (err) {
1502 		bphy_err(drvr, "wsec failed (%d)\n", err);
1503 		goto done;
1504 	}
1505 
1506 	/* Configure Beacon Interval for starter */
1507 	if (params->beacon_interval)
1508 		bcnprd = params->beacon_interval;
1509 	else
1510 		bcnprd = 100;
1511 
1512 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD, bcnprd);
1513 	if (err) {
1514 		bphy_err(drvr, "WLC_SET_BCNPRD failed (%d)\n", err);
1515 		goto done;
1516 	}
1517 
1518 	/* Configure required join parameter */
1519 	memset(&join_params, 0, sizeof(struct brcmf_join_params));
1520 
1521 	/* SSID */
1522 	ssid_len = min_t(u32, params->ssid_len, IEEE80211_MAX_SSID_LEN);
1523 	memcpy(join_params.ssid_le.SSID, params->ssid, ssid_len);
1524 	join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
1525 	join_params_size = sizeof(join_params.ssid_le);
1526 
1527 	/* BSSID */
1528 	if (params->bssid) {
1529 		memcpy(join_params.params_le.bssid, params->bssid, ETH_ALEN);
1530 		join_params_size += BRCMF_ASSOC_PARAMS_FIXED_SIZE;
1531 		memcpy(profile->bssid, params->bssid, ETH_ALEN);
1532 	} else {
1533 		eth_broadcast_addr(join_params.params_le.bssid);
1534 		eth_zero_addr(profile->bssid);
1535 	}
1536 
1537 	/* Channel */
1538 	if (params->chandef.chan) {
1539 		u32 target_channel;
1540 
1541 		cfg->channel =
1542 			ieee80211_frequency_to_channel(
1543 				params->chandef.chan->center_freq);
1544 		if (params->channel_fixed) {
1545 			/* adding chanspec */
1546 			chanspec = chandef_to_chanspec(&cfg->d11inf,
1547 						       &params->chandef);
1548 			join_params.params_le.chanspec_list[0] =
1549 				cpu_to_le16(chanspec);
1550 			join_params.params_le.chanspec_num = cpu_to_le32(1);
1551 			join_params_size += sizeof(join_params.params_le);
1552 		}
1553 
1554 		/* set channel for starter */
1555 		target_channel = cfg->channel;
1556 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_CHANNEL,
1557 					    target_channel);
1558 		if (err) {
1559 			bphy_err(drvr, "WLC_SET_CHANNEL failed (%d)\n", err);
1560 			goto done;
1561 		}
1562 	} else
1563 		cfg->channel = 0;
1564 
1565 	cfg->ibss_starter = false;
1566 
1567 
1568 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
1569 				     &join_params, join_params_size);
1570 	if (err) {
1571 		bphy_err(drvr, "WLC_SET_SSID failed (%d)\n", err);
1572 		goto done;
1573 	}
1574 
1575 done:
1576 	if (err)
1577 		clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1578 	brcmf_dbg(TRACE, "Exit\n");
1579 	return err;
1580 }
1581 
1582 static s32
1583 brcmf_cfg80211_leave_ibss(struct wiphy *wiphy, struct net_device *ndev)
1584 {
1585 	struct brcmf_if *ifp = netdev_priv(ndev);
1586 
1587 	brcmf_dbg(TRACE, "Enter\n");
1588 	if (!check_vif_up(ifp->vif)) {
1589 		/* When driver is being unloaded, it can end up here. If an
1590 		 * error is returned then later on a debug trace in the wireless
1591 		 * core module will be printed. To avoid this 0 is returned.
1592 		 */
1593 		return 0;
1594 	}
1595 
1596 	brcmf_link_down(ifp->vif, WLAN_REASON_DEAUTH_LEAVING, true);
1597 	brcmf_net_setcarrier(ifp, false);
1598 
1599 	brcmf_dbg(TRACE, "Exit\n");
1600 
1601 	return 0;
1602 }
1603 
1604 static s32 brcmf_set_wpa_version(struct net_device *ndev,
1605 				 struct cfg80211_connect_params *sme)
1606 {
1607 	struct brcmf_if *ifp = netdev_priv(ndev);
1608 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1609 	struct brcmf_pub *drvr = ifp->drvr;
1610 	struct brcmf_cfg80211_security *sec;
1611 	s32 val = 0;
1612 	s32 err = 0;
1613 
1614 	if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_1)
1615 		val = WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED;
1616 	else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_2)
1617 		val = WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED;
1618 	else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_3)
1619 		val = WPA3_AUTH_SAE_PSK;
1620 	else
1621 		val = WPA_AUTH_DISABLED;
1622 	brcmf_dbg(CONN, "setting wpa_auth to 0x%0x\n", val);
1623 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", val);
1624 	if (err) {
1625 		bphy_err(drvr, "set wpa_auth failed (%d)\n", err);
1626 		return err;
1627 	}
1628 	sec = &profile->sec;
1629 	sec->wpa_versions = sme->crypto.wpa_versions;
1630 	return err;
1631 }
1632 
1633 static s32 brcmf_set_auth_type(struct net_device *ndev,
1634 			       struct cfg80211_connect_params *sme)
1635 {
1636 	struct brcmf_if *ifp = netdev_priv(ndev);
1637 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1638 	struct brcmf_pub *drvr = ifp->drvr;
1639 	struct brcmf_cfg80211_security *sec;
1640 	s32 val = 0;
1641 	s32 err = 0;
1642 
1643 	switch (sme->auth_type) {
1644 	case NL80211_AUTHTYPE_OPEN_SYSTEM:
1645 		val = 0;
1646 		brcmf_dbg(CONN, "open system\n");
1647 		break;
1648 	case NL80211_AUTHTYPE_SHARED_KEY:
1649 		val = 1;
1650 		brcmf_dbg(CONN, "shared key\n");
1651 		break;
1652 	case NL80211_AUTHTYPE_SAE:
1653 		val = 3;
1654 		brcmf_dbg(CONN, "SAE authentication\n");
1655 		break;
1656 	default:
1657 		val = 2;
1658 		brcmf_dbg(CONN, "automatic, auth type (%d)\n", sme->auth_type);
1659 		break;
1660 	}
1661 
1662 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1663 	if (err) {
1664 		bphy_err(drvr, "set auth failed (%d)\n", err);
1665 		return err;
1666 	}
1667 	sec = &profile->sec;
1668 	sec->auth_type = sme->auth_type;
1669 	return err;
1670 }
1671 
1672 static s32
1673 brcmf_set_wsec_mode(struct net_device *ndev,
1674 		    struct cfg80211_connect_params *sme)
1675 {
1676 	struct brcmf_if *ifp = netdev_priv(ndev);
1677 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1678 	struct brcmf_pub *drvr = ifp->drvr;
1679 	struct brcmf_cfg80211_security *sec;
1680 	s32 pval = 0;
1681 	s32 gval = 0;
1682 	s32 wsec;
1683 	s32 err = 0;
1684 
1685 	if (sme->crypto.n_ciphers_pairwise) {
1686 		switch (sme->crypto.ciphers_pairwise[0]) {
1687 		case WLAN_CIPHER_SUITE_WEP40:
1688 		case WLAN_CIPHER_SUITE_WEP104:
1689 			pval = WEP_ENABLED;
1690 			break;
1691 		case WLAN_CIPHER_SUITE_TKIP:
1692 			pval = TKIP_ENABLED;
1693 			break;
1694 		case WLAN_CIPHER_SUITE_CCMP:
1695 			pval = AES_ENABLED;
1696 			break;
1697 		case WLAN_CIPHER_SUITE_AES_CMAC:
1698 			pval = AES_ENABLED;
1699 			break;
1700 		default:
1701 			bphy_err(drvr, "invalid cipher pairwise (%d)\n",
1702 				 sme->crypto.ciphers_pairwise[0]);
1703 			return -EINVAL;
1704 		}
1705 	}
1706 	if (sme->crypto.cipher_group) {
1707 		switch (sme->crypto.cipher_group) {
1708 		case WLAN_CIPHER_SUITE_WEP40:
1709 		case WLAN_CIPHER_SUITE_WEP104:
1710 			gval = WEP_ENABLED;
1711 			break;
1712 		case WLAN_CIPHER_SUITE_TKIP:
1713 			gval = TKIP_ENABLED;
1714 			break;
1715 		case WLAN_CIPHER_SUITE_CCMP:
1716 			gval = AES_ENABLED;
1717 			break;
1718 		case WLAN_CIPHER_SUITE_AES_CMAC:
1719 			gval = AES_ENABLED;
1720 			break;
1721 		default:
1722 			bphy_err(drvr, "invalid cipher group (%d)\n",
1723 				 sme->crypto.cipher_group);
1724 			return -EINVAL;
1725 		}
1726 	}
1727 
1728 	brcmf_dbg(CONN, "pval (%d) gval (%d)\n", pval, gval);
1729 	/* In case of privacy, but no security and WPS then simulate */
1730 	/* setting AES. WPS-2.0 allows no security                   */
1731 	if (brcmf_find_wpsie(sme->ie, sme->ie_len) && !pval && !gval &&
1732 	    sme->privacy)
1733 		pval = AES_ENABLED;
1734 
1735 	wsec = pval | gval;
1736 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
1737 	if (err) {
1738 		bphy_err(drvr, "error (%d)\n", err);
1739 		return err;
1740 	}
1741 
1742 	sec = &profile->sec;
1743 	sec->cipher_pairwise = sme->crypto.ciphers_pairwise[0];
1744 	sec->cipher_group = sme->crypto.cipher_group;
1745 
1746 	return err;
1747 }
1748 
1749 static s32
1750 brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
1751 {
1752 	struct brcmf_if *ifp = netdev_priv(ndev);
1753 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1754 	struct brcmf_pub *drvr = ifp->drvr;
1755 	s32 val;
1756 	s32 err;
1757 	const struct brcmf_tlv *rsn_ie;
1758 	const u8 *ie;
1759 	u32 ie_len;
1760 	u32 offset;
1761 	u16 rsn_cap;
1762 	u32 mfp;
1763 	u16 count;
1764 
1765 	profile->use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1766 	profile->is_ft = false;
1767 
1768 	if (!sme->crypto.n_akm_suites)
1769 		return 0;
1770 
1771 	err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
1772 	if (err) {
1773 		bphy_err(drvr, "could not get wpa_auth (%d)\n", err);
1774 		return err;
1775 	}
1776 	if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
1777 		switch (sme->crypto.akm_suites[0]) {
1778 		case WLAN_AKM_SUITE_8021X:
1779 			val = WPA_AUTH_UNSPECIFIED;
1780 			if (sme->want_1x)
1781 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1782 			break;
1783 		case WLAN_AKM_SUITE_PSK:
1784 			val = WPA_AUTH_PSK;
1785 			break;
1786 		default:
1787 			bphy_err(drvr, "invalid akm suite (%d)\n",
1788 				 sme->crypto.akm_suites[0]);
1789 			return -EINVAL;
1790 		}
1791 	} else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
1792 		switch (sme->crypto.akm_suites[0]) {
1793 		case WLAN_AKM_SUITE_8021X:
1794 			val = WPA2_AUTH_UNSPECIFIED;
1795 			if (sme->want_1x)
1796 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1797 			break;
1798 		case WLAN_AKM_SUITE_8021X_SHA256:
1799 			val = WPA2_AUTH_1X_SHA256;
1800 			if (sme->want_1x)
1801 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1802 			break;
1803 		case WLAN_AKM_SUITE_PSK_SHA256:
1804 			val = WPA2_AUTH_PSK_SHA256;
1805 			break;
1806 		case WLAN_AKM_SUITE_PSK:
1807 			val = WPA2_AUTH_PSK;
1808 			break;
1809 		case WLAN_AKM_SUITE_FT_8021X:
1810 			val = WPA2_AUTH_UNSPECIFIED | WPA2_AUTH_FT;
1811 			profile->is_ft = true;
1812 			if (sme->want_1x)
1813 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1814 			break;
1815 		case WLAN_AKM_SUITE_FT_PSK:
1816 			val = WPA2_AUTH_PSK | WPA2_AUTH_FT;
1817 			profile->is_ft = true;
1818 			break;
1819 		default:
1820 			bphy_err(drvr, "invalid akm suite (%d)\n",
1821 				 sme->crypto.akm_suites[0]);
1822 			return -EINVAL;
1823 		}
1824 	} else if (val & WPA3_AUTH_SAE_PSK) {
1825 		switch (sme->crypto.akm_suites[0]) {
1826 		case WLAN_AKM_SUITE_SAE:
1827 			val = WPA3_AUTH_SAE_PSK;
1828 			if (sme->crypto.sae_pwd) {
1829 				brcmf_dbg(INFO, "using SAE offload\n");
1830 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1831 			}
1832 			break;
1833 		case WLAN_AKM_SUITE_FT_OVER_SAE:
1834 			val = WPA3_AUTH_SAE_PSK | WPA2_AUTH_FT;
1835 			profile->is_ft = true;
1836 			if (sme->crypto.sae_pwd) {
1837 				brcmf_dbg(INFO, "using SAE offload\n");
1838 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1839 			}
1840 			break;
1841 		default:
1842 			bphy_err(drvr, "invalid akm suite (%d)\n",
1843 				 sme->crypto.akm_suites[0]);
1844 			return -EINVAL;
1845 		}
1846 	}
1847 
1848 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X)
1849 		brcmf_dbg(INFO, "using 1X offload\n");
1850 
1851 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
1852 		goto skip_mfp_config;
1853 	/* The MFP mode (1 or 2) needs to be determined, parse IEs. The
1854 	 * IE will not be verified, just a quick search for MFP config
1855 	 */
1856 	rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
1857 				  WLAN_EID_RSN);
1858 	if (!rsn_ie)
1859 		goto skip_mfp_config;
1860 	ie = (const u8 *)rsn_ie;
1861 	ie_len = rsn_ie->len + TLV_HDR_LEN;
1862 	/* Skip unicast suite */
1863 	offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
1864 	if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1865 		goto skip_mfp_config;
1866 	/* Skip multicast suite */
1867 	count = ie[offset] + (ie[offset + 1] << 8);
1868 	offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1869 	if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1870 		goto skip_mfp_config;
1871 	/* Skip auth key management suite(s) */
1872 	count = ie[offset] + (ie[offset + 1] << 8);
1873 	offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1874 	if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
1875 		goto skip_mfp_config;
1876 	/* Ready to read capabilities */
1877 	mfp = BRCMF_MFP_NONE;
1878 	rsn_cap = ie[offset] + (ie[offset + 1] << 8);
1879 	if (rsn_cap & RSN_CAP_MFPR_MASK)
1880 		mfp = BRCMF_MFP_REQUIRED;
1881 	else if (rsn_cap & RSN_CAP_MFPC_MASK)
1882 		mfp = BRCMF_MFP_CAPABLE;
1883 	brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
1884 
1885 skip_mfp_config:
1886 	brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
1887 	err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
1888 	if (err) {
1889 		bphy_err(drvr, "could not set wpa_auth (%d)\n", err);
1890 		return err;
1891 	}
1892 
1893 	return err;
1894 }
1895 
1896 static s32
1897 brcmf_set_sharedkey(struct net_device *ndev,
1898 		    struct cfg80211_connect_params *sme)
1899 {
1900 	struct brcmf_if *ifp = netdev_priv(ndev);
1901 	struct brcmf_pub *drvr = ifp->drvr;
1902 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1903 	struct brcmf_cfg80211_security *sec;
1904 	struct brcmf_wsec_key key;
1905 	s32 val;
1906 	s32 err = 0;
1907 
1908 	brcmf_dbg(CONN, "key len (%d)\n", sme->key_len);
1909 
1910 	if (sme->key_len == 0)
1911 		return 0;
1912 
1913 	sec = &profile->sec;
1914 	brcmf_dbg(CONN, "wpa_versions 0x%x cipher_pairwise 0x%x\n",
1915 		  sec->wpa_versions, sec->cipher_pairwise);
1916 
1917 	if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2 |
1918 				 NL80211_WPA_VERSION_3))
1919 		return 0;
1920 
1921 	if (!(sec->cipher_pairwise &
1922 	    (WLAN_CIPHER_SUITE_WEP40 | WLAN_CIPHER_SUITE_WEP104)))
1923 		return 0;
1924 
1925 	memset(&key, 0, sizeof(key));
1926 	key.len = (u32) sme->key_len;
1927 	key.index = (u32) sme->key_idx;
1928 	if (key.len > sizeof(key.data)) {
1929 		bphy_err(drvr, "Too long key length (%u)\n", key.len);
1930 		return -EINVAL;
1931 	}
1932 	memcpy(key.data, sme->key, key.len);
1933 	key.flags = BRCMF_PRIMARY_KEY;
1934 	switch (sec->cipher_pairwise) {
1935 	case WLAN_CIPHER_SUITE_WEP40:
1936 		key.algo = CRYPTO_ALGO_WEP1;
1937 		break;
1938 	case WLAN_CIPHER_SUITE_WEP104:
1939 		key.algo = CRYPTO_ALGO_WEP128;
1940 		break;
1941 	default:
1942 		bphy_err(drvr, "Invalid algorithm (%d)\n",
1943 			 sme->crypto.ciphers_pairwise[0]);
1944 		return -EINVAL;
1945 	}
1946 	/* Set the new key/index */
1947 	brcmf_dbg(CONN, "key length (%d) key index (%d) algo (%d)\n",
1948 		  key.len, key.index, key.algo);
1949 	brcmf_dbg(CONN, "key \"%s\"\n", key.data);
1950 	err = send_key_to_dongle(ifp, &key);
1951 	if (err)
1952 		return err;
1953 
1954 	if (sec->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
1955 		brcmf_dbg(CONN, "set auth_type to shared key\n");
1956 		val = WL_AUTH_SHARED_KEY;	/* shared key */
1957 		err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1958 		if (err)
1959 			bphy_err(drvr, "set auth failed (%d)\n", err);
1960 	}
1961 	return err;
1962 }
1963 
1964 static
1965 enum nl80211_auth_type brcmf_war_auth_type(struct brcmf_if *ifp,
1966 					   enum nl80211_auth_type type)
1967 {
1968 	if (type == NL80211_AUTHTYPE_AUTOMATIC &&
1969 	    brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_AUTO_AUTH)) {
1970 		brcmf_dbg(CONN, "WAR: use OPEN instead of AUTO\n");
1971 		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1972 	}
1973 	return type;
1974 }
1975 
1976 static void brcmf_set_join_pref(struct brcmf_if *ifp,
1977 				struct cfg80211_bss_selection *bss_select)
1978 {
1979 	struct brcmf_pub *drvr = ifp->drvr;
1980 	struct brcmf_join_pref_params join_pref_params[2];
1981 	enum nl80211_band band;
1982 	int err, i = 0;
1983 
1984 	join_pref_params[i].len = 2;
1985 	join_pref_params[i].rssi_gain = 0;
1986 
1987 	if (bss_select->behaviour != NL80211_BSS_SELECT_ATTR_BAND_PREF)
1988 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_ASSOC_PREFER, WLC_BAND_AUTO);
1989 
1990 	switch (bss_select->behaviour) {
1991 	case __NL80211_BSS_SELECT_ATTR_INVALID:
1992 		brcmf_c_set_joinpref_default(ifp);
1993 		return;
1994 	case NL80211_BSS_SELECT_ATTR_BAND_PREF:
1995 		join_pref_params[i].type = BRCMF_JOIN_PREF_BAND;
1996 		band = bss_select->param.band_pref;
1997 		join_pref_params[i].band = nl80211_band_to_fwil(band);
1998 		i++;
1999 		break;
2000 	case NL80211_BSS_SELECT_ATTR_RSSI_ADJUST:
2001 		join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI_DELTA;
2002 		band = bss_select->param.adjust.band;
2003 		join_pref_params[i].band = nl80211_band_to_fwil(band);
2004 		join_pref_params[i].rssi_gain = bss_select->param.adjust.delta;
2005 		i++;
2006 		break;
2007 	case NL80211_BSS_SELECT_ATTR_RSSI:
2008 	default:
2009 		break;
2010 	}
2011 	join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI;
2012 	join_pref_params[i].len = 2;
2013 	join_pref_params[i].rssi_gain = 0;
2014 	join_pref_params[i].band = 0;
2015 	err = brcmf_fil_iovar_data_set(ifp, "join_pref", join_pref_params,
2016 				       sizeof(join_pref_params));
2017 	if (err)
2018 		bphy_err(drvr, "Set join_pref error (%d)\n", err);
2019 }
2020 
2021 static s32
2022 brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
2023 		       struct cfg80211_connect_params *sme)
2024 {
2025 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2026 	struct brcmf_if *ifp = netdev_priv(ndev);
2027 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2028 	struct ieee80211_channel *chan = sme->channel;
2029 	struct brcmf_pub *drvr = ifp->drvr;
2030 	struct brcmf_join_params join_params;
2031 	size_t join_params_size;
2032 	const struct brcmf_tlv *rsn_ie;
2033 	const struct brcmf_vs_tlv *wpa_ie;
2034 	const void *ie;
2035 	u32 ie_len;
2036 	struct brcmf_ext_join_params_le *ext_join_params;
2037 	u16 chanspec;
2038 	s32 err = 0;
2039 	u32 ssid_len;
2040 
2041 	brcmf_dbg(TRACE, "Enter\n");
2042 	if (!check_vif_up(ifp->vif))
2043 		return -EIO;
2044 
2045 	if (!sme->ssid) {
2046 		bphy_err(drvr, "Invalid ssid\n");
2047 		return -EOPNOTSUPP;
2048 	}
2049 
2050 	if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif) {
2051 		/* A normal (non P2P) connection request setup. */
2052 		ie = NULL;
2053 		ie_len = 0;
2054 		/* find the WPA_IE */
2055 		wpa_ie = brcmf_find_wpaie((u8 *)sme->ie, sme->ie_len);
2056 		if (wpa_ie) {
2057 			ie = wpa_ie;
2058 			ie_len = wpa_ie->len + TLV_HDR_LEN;
2059 		} else {
2060 			/* find the RSN_IE */
2061 			rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie,
2062 						  sme->ie_len,
2063 						  WLAN_EID_RSN);
2064 			if (rsn_ie) {
2065 				ie = rsn_ie;
2066 				ie_len = rsn_ie->len + TLV_HDR_LEN;
2067 			}
2068 		}
2069 		brcmf_fil_iovar_data_set(ifp, "wpaie", ie, ie_len);
2070 	}
2071 
2072 	err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
2073 				    sme->ie, sme->ie_len);
2074 	if (err)
2075 		bphy_err(drvr, "Set Assoc REQ IE Failed\n");
2076 	else
2077 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
2078 
2079 	set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2080 
2081 	if (chan) {
2082 		cfg->channel =
2083 			ieee80211_frequency_to_channel(chan->center_freq);
2084 		chanspec = channel_to_chanspec(&cfg->d11inf, chan);
2085 		brcmf_dbg(CONN, "channel=%d, center_req=%d, chanspec=0x%04x\n",
2086 			  cfg->channel, chan->center_freq, chanspec);
2087 	} else {
2088 		cfg->channel = 0;
2089 		chanspec = 0;
2090 	}
2091 
2092 	brcmf_dbg(INFO, "ie (%p), ie_len (%zd)\n", sme->ie, sme->ie_len);
2093 
2094 	err = brcmf_set_wpa_version(ndev, sme);
2095 	if (err) {
2096 		bphy_err(drvr, "wl_set_wpa_version failed (%d)\n", err);
2097 		goto done;
2098 	}
2099 
2100 	sme->auth_type = brcmf_war_auth_type(ifp, sme->auth_type);
2101 	err = brcmf_set_auth_type(ndev, sme);
2102 	if (err) {
2103 		bphy_err(drvr, "wl_set_auth_type failed (%d)\n", err);
2104 		goto done;
2105 	}
2106 
2107 	err = brcmf_set_wsec_mode(ndev, sme);
2108 	if (err) {
2109 		bphy_err(drvr, "wl_set_set_cipher failed (%d)\n", err);
2110 		goto done;
2111 	}
2112 
2113 	err = brcmf_set_key_mgmt(ndev, sme);
2114 	if (err) {
2115 		bphy_err(drvr, "wl_set_key_mgmt failed (%d)\n", err);
2116 		goto done;
2117 	}
2118 
2119 	err = brcmf_set_sharedkey(ndev, sme);
2120 	if (err) {
2121 		bphy_err(drvr, "brcmf_set_sharedkey failed (%d)\n", err);
2122 		goto done;
2123 	}
2124 
2125 	if (sme->crypto.psk &&
2126 	    profile->use_fwsup != BRCMF_PROFILE_FWSUP_SAE) {
2127 		if (WARN_ON(profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE)) {
2128 			err = -EINVAL;
2129 			goto done;
2130 		}
2131 		brcmf_dbg(INFO, "using PSK offload\n");
2132 		profile->use_fwsup = BRCMF_PROFILE_FWSUP_PSK;
2133 	}
2134 
2135 	if (profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
2136 		/* enable firmware supplicant for this interface */
2137 		err = brcmf_fil_iovar_int_set(ifp, "sup_wpa", 1);
2138 		if (err < 0) {
2139 			bphy_err(drvr, "failed to enable fw supplicant\n");
2140 			goto done;
2141 		}
2142 	}
2143 
2144 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK)
2145 		err = brcmf_set_pmk(ifp, sme->crypto.psk,
2146 				    BRCMF_WSEC_MAX_PSK_LEN);
2147 	else if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_SAE) {
2148 		/* clean up user-space RSNE */
2149 		err = brcmf_fil_iovar_data_set(ifp, "wpaie", NULL, 0);
2150 		if (err) {
2151 			bphy_err(drvr, "failed to clean up user-space RSNE\n");
2152 			goto done;
2153 		}
2154 		err = brcmf_set_sae_password(ifp, sme->crypto.sae_pwd,
2155 					     sme->crypto.sae_pwd_len);
2156 		if (!err && sme->crypto.psk)
2157 			err = brcmf_set_pmk(ifp, sme->crypto.psk,
2158 					    BRCMF_WSEC_MAX_PSK_LEN);
2159 	}
2160 	if (err)
2161 		goto done;
2162 
2163 	/* Join with specific BSSID and cached SSID
2164 	 * If SSID is zero join based on BSSID only
2165 	 */
2166 	join_params_size = offsetof(struct brcmf_ext_join_params_le, assoc_le) +
2167 		offsetof(struct brcmf_assoc_params_le, chanspec_list);
2168 	if (cfg->channel)
2169 		join_params_size += sizeof(u16);
2170 	ext_join_params = kzalloc(sizeof(*ext_join_params), GFP_KERNEL);
2171 	if (ext_join_params == NULL) {
2172 		err = -ENOMEM;
2173 		goto done;
2174 	}
2175 	ssid_len = min_t(u32, sme->ssid_len, IEEE80211_MAX_SSID_LEN);
2176 	ext_join_params->ssid_le.SSID_len = cpu_to_le32(ssid_len);
2177 	memcpy(&ext_join_params->ssid_le.SSID, sme->ssid, ssid_len);
2178 	if (ssid_len < IEEE80211_MAX_SSID_LEN)
2179 		brcmf_dbg(CONN, "SSID \"%s\", len (%d)\n",
2180 			  ext_join_params->ssid_le.SSID, ssid_len);
2181 
2182 	/* Set up join scan parameters */
2183 	ext_join_params->scan_le.scan_type = -1;
2184 	ext_join_params->scan_le.home_time = cpu_to_le32(-1);
2185 
2186 	if (sme->bssid)
2187 		memcpy(&ext_join_params->assoc_le.bssid, sme->bssid, ETH_ALEN);
2188 	else
2189 		eth_broadcast_addr(ext_join_params->assoc_le.bssid);
2190 
2191 	if (cfg->channel) {
2192 		ext_join_params->assoc_le.chanspec_num = cpu_to_le32(1);
2193 
2194 		ext_join_params->assoc_le.chanspec_list[0] =
2195 			cpu_to_le16(chanspec);
2196 		/* Increase dwell time to receive probe response or detect
2197 		 * beacon from target AP at a noisy air only during connect
2198 		 * command.
2199 		 */
2200 		ext_join_params->scan_le.active_time =
2201 			cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS);
2202 		ext_join_params->scan_le.passive_time =
2203 			cpu_to_le32(BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS);
2204 		/* To sync with presence period of VSDB GO send probe request
2205 		 * more frequently. Probe request will be stopped when it gets
2206 		 * probe response from target AP/GO.
2207 		 */
2208 		ext_join_params->scan_le.nprobes =
2209 			cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS /
2210 				    BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS);
2211 	} else {
2212 		ext_join_params->scan_le.active_time = cpu_to_le32(-1);
2213 		ext_join_params->scan_le.passive_time = cpu_to_le32(-1);
2214 		ext_join_params->scan_le.nprobes = cpu_to_le32(-1);
2215 	}
2216 
2217 	brcmf_set_join_pref(ifp, &sme->bss_select);
2218 
2219 	err  = brcmf_fil_bsscfg_data_set(ifp, "join", ext_join_params,
2220 					 join_params_size);
2221 	kfree(ext_join_params);
2222 	if (!err)
2223 		/* This is it. join command worked, we are done */
2224 		goto done;
2225 
2226 	/* join command failed, fallback to set ssid */
2227 	memset(&join_params, 0, sizeof(join_params));
2228 	join_params_size = sizeof(join_params.ssid_le);
2229 
2230 	memcpy(&join_params.ssid_le.SSID, sme->ssid, ssid_len);
2231 	join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
2232 
2233 	if (sme->bssid)
2234 		memcpy(join_params.params_le.bssid, sme->bssid, ETH_ALEN);
2235 	else
2236 		eth_broadcast_addr(join_params.params_le.bssid);
2237 
2238 	if (cfg->channel) {
2239 		join_params.params_le.chanspec_list[0] = cpu_to_le16(chanspec);
2240 		join_params.params_le.chanspec_num = cpu_to_le32(1);
2241 		join_params_size += sizeof(join_params.params_le);
2242 	}
2243 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
2244 				     &join_params, join_params_size);
2245 	if (err)
2246 		bphy_err(drvr, "BRCMF_C_SET_SSID failed (%d)\n", err);
2247 
2248 done:
2249 	if (err)
2250 		clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2251 	brcmf_dbg(TRACE, "Exit\n");
2252 	return err;
2253 }
2254 
2255 static s32
2256 brcmf_cfg80211_disconnect(struct wiphy *wiphy, struct net_device *ndev,
2257 		       u16 reason_code)
2258 {
2259 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2260 	struct brcmf_if *ifp = netdev_priv(ndev);
2261 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2262 	struct brcmf_pub *drvr = cfg->pub;
2263 	struct brcmf_scb_val_le scbval;
2264 	s32 err = 0;
2265 
2266 	brcmf_dbg(TRACE, "Enter. Reason code = %d\n", reason_code);
2267 	if (!check_vif_up(ifp->vif))
2268 		return -EIO;
2269 
2270 	clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
2271 	clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2272 	cfg80211_disconnected(ndev, reason_code, NULL, 0, true, GFP_KERNEL);
2273 
2274 	memcpy(&scbval.ea, &profile->bssid, ETH_ALEN);
2275 	scbval.val = cpu_to_le32(reason_code);
2276 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_DISASSOC,
2277 				     &scbval, sizeof(scbval));
2278 	if (err)
2279 		bphy_err(drvr, "error (%d)\n", err);
2280 
2281 	brcmf_dbg(TRACE, "Exit\n");
2282 	return err;
2283 }
2284 
2285 static s32
2286 brcmf_cfg80211_set_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2287 			    enum nl80211_tx_power_setting type, s32 mbm)
2288 {
2289 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2290 	struct net_device *ndev = cfg_to_ndev(cfg);
2291 	struct brcmf_if *ifp = netdev_priv(ndev);
2292 	struct brcmf_pub *drvr = cfg->pub;
2293 	s32 err;
2294 	s32 disable;
2295 	u32 qdbm = 127;
2296 
2297 	brcmf_dbg(TRACE, "Enter %d %d\n", type, mbm);
2298 	if (!check_vif_up(ifp->vif))
2299 		return -EIO;
2300 
2301 	switch (type) {
2302 	case NL80211_TX_POWER_AUTOMATIC:
2303 		break;
2304 	case NL80211_TX_POWER_LIMITED:
2305 	case NL80211_TX_POWER_FIXED:
2306 		if (mbm < 0) {
2307 			bphy_err(drvr, "TX_POWER_FIXED - dbm is negative\n");
2308 			err = -EINVAL;
2309 			goto done;
2310 		}
2311 		qdbm =  MBM_TO_DBM(4 * mbm);
2312 		if (qdbm > 127)
2313 			qdbm = 127;
2314 		qdbm |= WL_TXPWR_OVERRIDE;
2315 		break;
2316 	default:
2317 		bphy_err(drvr, "Unsupported type %d\n", type);
2318 		err = -EINVAL;
2319 		goto done;
2320 	}
2321 	/* Make sure radio is off or on as far as software is concerned */
2322 	disable = WL_RADIO_SW_DISABLE << 16;
2323 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_RADIO, disable);
2324 	if (err)
2325 		bphy_err(drvr, "WLC_SET_RADIO error (%d)\n", err);
2326 
2327 	err = brcmf_fil_iovar_int_set(ifp, "qtxpower", qdbm);
2328 	if (err)
2329 		bphy_err(drvr, "qtxpower error (%d)\n", err);
2330 
2331 done:
2332 	brcmf_dbg(TRACE, "Exit %d (qdbm)\n", qdbm & ~WL_TXPWR_OVERRIDE);
2333 	return err;
2334 }
2335 
2336 static s32
2337 brcmf_cfg80211_get_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2338 			    s32 *dbm)
2339 {
2340 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2341 	struct brcmf_cfg80211_vif *vif = wdev_to_vif(wdev);
2342 	struct brcmf_pub *drvr = cfg->pub;
2343 	s32 qdbm = 0;
2344 	s32 err;
2345 
2346 	brcmf_dbg(TRACE, "Enter\n");
2347 	if (!check_vif_up(vif))
2348 		return -EIO;
2349 
2350 	err = brcmf_fil_iovar_int_get(vif->ifp, "qtxpower", &qdbm);
2351 	if (err) {
2352 		bphy_err(drvr, "error (%d)\n", err);
2353 		goto done;
2354 	}
2355 	*dbm = (qdbm & ~WL_TXPWR_OVERRIDE) / 4;
2356 
2357 done:
2358 	brcmf_dbg(TRACE, "Exit (0x%x %d)\n", qdbm, *dbm);
2359 	return err;
2360 }
2361 
2362 static s32
2363 brcmf_cfg80211_config_default_key(struct wiphy *wiphy, struct net_device *ndev,
2364 				  u8 key_idx, bool unicast, bool multicast)
2365 {
2366 	struct brcmf_if *ifp = netdev_priv(ndev);
2367 	struct brcmf_pub *drvr = ifp->drvr;
2368 	u32 index;
2369 	u32 wsec;
2370 	s32 err = 0;
2371 
2372 	brcmf_dbg(TRACE, "Enter\n");
2373 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2374 	if (!check_vif_up(ifp->vif))
2375 		return -EIO;
2376 
2377 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2378 	if (err) {
2379 		bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2380 		goto done;
2381 	}
2382 
2383 	if (wsec & WEP_ENABLED) {
2384 		/* Just select a new current key */
2385 		index = key_idx;
2386 		err = brcmf_fil_cmd_int_set(ifp,
2387 					    BRCMF_C_SET_KEY_PRIMARY, index);
2388 		if (err)
2389 			bphy_err(drvr, "error (%d)\n", err);
2390 	}
2391 done:
2392 	brcmf_dbg(TRACE, "Exit\n");
2393 	return err;
2394 }
2395 
2396 static s32
2397 brcmf_cfg80211_del_key(struct wiphy *wiphy, struct net_device *ndev,
2398 		       u8 key_idx, bool pairwise, const u8 *mac_addr)
2399 {
2400 	struct brcmf_if *ifp = netdev_priv(ndev);
2401 	struct brcmf_wsec_key *key;
2402 	s32 err;
2403 
2404 	brcmf_dbg(TRACE, "Enter\n");
2405 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2406 
2407 	if (!check_vif_up(ifp->vif))
2408 		return -EIO;
2409 
2410 	if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2411 		/* we ignore this key index in this case */
2412 		return -EINVAL;
2413 	}
2414 
2415 	key = &ifp->vif->profile.key[key_idx];
2416 
2417 	if (key->algo == CRYPTO_ALGO_OFF) {
2418 		brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
2419 		return -EINVAL;
2420 	}
2421 
2422 	memset(key, 0, sizeof(*key));
2423 	key->index = (u32)key_idx;
2424 	key->flags = BRCMF_PRIMARY_KEY;
2425 
2426 	/* Clear the key/index */
2427 	err = send_key_to_dongle(ifp, key);
2428 
2429 	brcmf_dbg(TRACE, "Exit\n");
2430 	return err;
2431 }
2432 
2433 static s32
2434 brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
2435 		       u8 key_idx, bool pairwise, const u8 *mac_addr,
2436 		       struct key_params *params)
2437 {
2438 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2439 	struct brcmf_if *ifp = netdev_priv(ndev);
2440 	struct brcmf_pub *drvr = cfg->pub;
2441 	struct brcmf_wsec_key *key;
2442 	s32 val;
2443 	s32 wsec;
2444 	s32 err;
2445 	u8 keybuf[8];
2446 	bool ext_key;
2447 
2448 	brcmf_dbg(TRACE, "Enter\n");
2449 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2450 	if (!check_vif_up(ifp->vif))
2451 		return -EIO;
2452 
2453 	if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2454 		/* we ignore this key index in this case */
2455 		bphy_err(drvr, "invalid key index (%d)\n", key_idx);
2456 		return -EINVAL;
2457 	}
2458 
2459 	if (params->key_len == 0)
2460 		return brcmf_cfg80211_del_key(wiphy, ndev, key_idx, pairwise,
2461 					      mac_addr);
2462 
2463 	if (params->key_len > sizeof(key->data)) {
2464 		bphy_err(drvr, "Too long key length (%u)\n", params->key_len);
2465 		return -EINVAL;
2466 	}
2467 
2468 	ext_key = false;
2469 	if (mac_addr && (params->cipher != WLAN_CIPHER_SUITE_WEP40) &&
2470 	    (params->cipher != WLAN_CIPHER_SUITE_WEP104)) {
2471 		brcmf_dbg(TRACE, "Ext key, mac %pM", mac_addr);
2472 		ext_key = true;
2473 	}
2474 
2475 	key = &ifp->vif->profile.key[key_idx];
2476 	memset(key, 0, sizeof(*key));
2477 	if ((ext_key) && (!is_multicast_ether_addr(mac_addr)))
2478 		memcpy((char *)&key->ea, (void *)mac_addr, ETH_ALEN);
2479 	key->len = params->key_len;
2480 	key->index = key_idx;
2481 	memcpy(key->data, params->key, key->len);
2482 	if (!ext_key)
2483 		key->flags = BRCMF_PRIMARY_KEY;
2484 
2485 	if (params->seq && params->seq_len == 6) {
2486 		/* rx iv */
2487 		u8 *ivptr;
2488 
2489 		ivptr = (u8 *)params->seq;
2490 		key->rxiv.hi = (ivptr[5] << 24) | (ivptr[4] << 16) |
2491 			(ivptr[3] << 8) | ivptr[2];
2492 		key->rxiv.lo = (ivptr[1] << 8) | ivptr[0];
2493 		key->iv_initialized = true;
2494 	}
2495 
2496 	switch (params->cipher) {
2497 	case WLAN_CIPHER_SUITE_WEP40:
2498 		key->algo = CRYPTO_ALGO_WEP1;
2499 		val = WEP_ENABLED;
2500 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2501 		break;
2502 	case WLAN_CIPHER_SUITE_WEP104:
2503 		key->algo = CRYPTO_ALGO_WEP128;
2504 		val = WEP_ENABLED;
2505 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2506 		break;
2507 	case WLAN_CIPHER_SUITE_TKIP:
2508 		if (!brcmf_is_apmode(ifp->vif)) {
2509 			brcmf_dbg(CONN, "Swapping RX/TX MIC key\n");
2510 			memcpy(keybuf, &key->data[24], sizeof(keybuf));
2511 			memcpy(&key->data[24], &key->data[16], sizeof(keybuf));
2512 			memcpy(&key->data[16], keybuf, sizeof(keybuf));
2513 		}
2514 		key->algo = CRYPTO_ALGO_TKIP;
2515 		val = TKIP_ENABLED;
2516 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2517 		break;
2518 	case WLAN_CIPHER_SUITE_AES_CMAC:
2519 		key->algo = CRYPTO_ALGO_AES_CCM;
2520 		val = AES_ENABLED;
2521 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2522 		break;
2523 	case WLAN_CIPHER_SUITE_CCMP:
2524 		key->algo = CRYPTO_ALGO_AES_CCM;
2525 		val = AES_ENABLED;
2526 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_CCMP\n");
2527 		break;
2528 	default:
2529 		bphy_err(drvr, "Invalid cipher (0x%x)\n", params->cipher);
2530 		err = -EINVAL;
2531 		goto done;
2532 	}
2533 
2534 	err = send_key_to_dongle(ifp, key);
2535 	if (ext_key || err)
2536 		goto done;
2537 
2538 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2539 	if (err) {
2540 		bphy_err(drvr, "get wsec error (%d)\n", err);
2541 		goto done;
2542 	}
2543 	wsec |= val;
2544 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2545 	if (err) {
2546 		bphy_err(drvr, "set wsec error (%d)\n", err);
2547 		goto done;
2548 	}
2549 
2550 done:
2551 	brcmf_dbg(TRACE, "Exit\n");
2552 	return err;
2553 }
2554 
2555 static s32
2556 brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
2557 		       bool pairwise, const u8 *mac_addr, void *cookie,
2558 		       void (*callback)(void *cookie,
2559 					struct key_params *params))
2560 {
2561 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2562 	struct key_params params;
2563 	struct brcmf_if *ifp = netdev_priv(ndev);
2564 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2565 	struct brcmf_pub *drvr = cfg->pub;
2566 	struct brcmf_cfg80211_security *sec;
2567 	s32 wsec;
2568 	s32 err = 0;
2569 
2570 	brcmf_dbg(TRACE, "Enter\n");
2571 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2572 	if (!check_vif_up(ifp->vif))
2573 		return -EIO;
2574 
2575 	memset(&params, 0, sizeof(params));
2576 
2577 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2578 	if (err) {
2579 		bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2580 		/* Ignore this error, may happen during DISASSOC */
2581 		err = -EAGAIN;
2582 		goto done;
2583 	}
2584 	if (wsec & WEP_ENABLED) {
2585 		sec = &profile->sec;
2586 		if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP40) {
2587 			params.cipher = WLAN_CIPHER_SUITE_WEP40;
2588 			brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2589 		} else if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP104) {
2590 			params.cipher = WLAN_CIPHER_SUITE_WEP104;
2591 			brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2592 		}
2593 	} else if (wsec & TKIP_ENABLED) {
2594 		params.cipher = WLAN_CIPHER_SUITE_TKIP;
2595 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2596 	} else if (wsec & AES_ENABLED) {
2597 		params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
2598 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2599 	} else  {
2600 		bphy_err(drvr, "Invalid algo (0x%x)\n", wsec);
2601 		err = -EINVAL;
2602 		goto done;
2603 	}
2604 	callback(cookie, &params);
2605 
2606 done:
2607 	brcmf_dbg(TRACE, "Exit\n");
2608 	return err;
2609 }
2610 
2611 static s32
2612 brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
2613 				       struct net_device *ndev, u8 key_idx)
2614 {
2615 	struct brcmf_if *ifp = netdev_priv(ndev);
2616 
2617 	brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
2618 
2619 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
2620 		return 0;
2621 
2622 	brcmf_dbg(INFO, "Not supported\n");
2623 
2624 	return -EOPNOTSUPP;
2625 }
2626 
2627 static void
2628 brcmf_cfg80211_reconfigure_wep(struct brcmf_if *ifp)
2629 {
2630 	struct brcmf_pub *drvr = ifp->drvr;
2631 	s32 err;
2632 	u8 key_idx;
2633 	struct brcmf_wsec_key *key;
2634 	s32 wsec;
2635 
2636 	for (key_idx = 0; key_idx < BRCMF_MAX_DEFAULT_KEYS; key_idx++) {
2637 		key = &ifp->vif->profile.key[key_idx];
2638 		if ((key->algo == CRYPTO_ALGO_WEP1) ||
2639 		    (key->algo == CRYPTO_ALGO_WEP128))
2640 			break;
2641 	}
2642 	if (key_idx == BRCMF_MAX_DEFAULT_KEYS)
2643 		return;
2644 
2645 	err = send_key_to_dongle(ifp, key);
2646 	if (err) {
2647 		bphy_err(drvr, "Setting WEP key failed (%d)\n", err);
2648 		return;
2649 	}
2650 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2651 	if (err) {
2652 		bphy_err(drvr, "get wsec error (%d)\n", err);
2653 		return;
2654 	}
2655 	wsec |= WEP_ENABLED;
2656 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2657 	if (err)
2658 		bphy_err(drvr, "set wsec error (%d)\n", err);
2659 }
2660 
2661 static void brcmf_convert_sta_flags(u32 fw_sta_flags, struct station_info *si)
2662 {
2663 	struct nl80211_sta_flag_update *sfu;
2664 
2665 	brcmf_dbg(TRACE, "flags %08x\n", fw_sta_flags);
2666 	si->filled |= BIT_ULL(NL80211_STA_INFO_STA_FLAGS);
2667 	sfu = &si->sta_flags;
2668 	sfu->mask = BIT(NL80211_STA_FLAG_WME) |
2669 		    BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2670 		    BIT(NL80211_STA_FLAG_ASSOCIATED) |
2671 		    BIT(NL80211_STA_FLAG_AUTHORIZED);
2672 	if (fw_sta_flags & BRCMF_STA_WME)
2673 		sfu->set |= BIT(NL80211_STA_FLAG_WME);
2674 	if (fw_sta_flags & BRCMF_STA_AUTHE)
2675 		sfu->set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
2676 	if (fw_sta_flags & BRCMF_STA_ASSOC)
2677 		sfu->set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2678 	if (fw_sta_flags & BRCMF_STA_AUTHO)
2679 		sfu->set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
2680 }
2681 
2682 static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si)
2683 {
2684 	struct brcmf_pub *drvr = ifp->drvr;
2685 	struct {
2686 		__le32 len;
2687 		struct brcmf_bss_info_le bss_le;
2688 	} *buf;
2689 	u16 capability;
2690 	int err;
2691 
2692 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
2693 	if (!buf)
2694 		return;
2695 
2696 	buf->len = cpu_to_le32(WL_BSS_INFO_MAX);
2697 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO, buf,
2698 				     WL_BSS_INFO_MAX);
2699 	if (err) {
2700 		bphy_err(drvr, "Failed to get bss info (%d)\n", err);
2701 		goto out_kfree;
2702 	}
2703 	si->filled |= BIT_ULL(NL80211_STA_INFO_BSS_PARAM);
2704 	si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period);
2705 	si->bss_param.dtim_period = buf->bss_le.dtim_period;
2706 	capability = le16_to_cpu(buf->bss_le.capability);
2707 	if (capability & IEEE80211_HT_STBC_PARAM_DUAL_CTS_PROT)
2708 		si->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
2709 	if (capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2710 		si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
2711 	if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2712 		si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
2713 
2714 out_kfree:
2715 	kfree(buf);
2716 }
2717 
2718 static s32
2719 brcmf_cfg80211_get_station_ibss(struct brcmf_if *ifp,
2720 				struct station_info *sinfo)
2721 {
2722 	struct brcmf_pub *drvr = ifp->drvr;
2723 	struct brcmf_scb_val_le scbval;
2724 	struct brcmf_pktcnt_le pktcnt;
2725 	s32 err;
2726 	u32 rate;
2727 	u32 rssi;
2728 
2729 	/* Get the current tx rate */
2730 	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_RATE, &rate);
2731 	if (err < 0) {
2732 		bphy_err(drvr, "BRCMF_C_GET_RATE error (%d)\n", err);
2733 		return err;
2734 	}
2735 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2736 	sinfo->txrate.legacy = rate * 5;
2737 
2738 	memset(&scbval, 0, sizeof(scbval));
2739 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI, &scbval,
2740 				     sizeof(scbval));
2741 	if (err) {
2742 		bphy_err(drvr, "BRCMF_C_GET_RSSI error (%d)\n", err);
2743 		return err;
2744 	}
2745 	rssi = le32_to_cpu(scbval.val);
2746 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2747 	sinfo->signal = rssi;
2748 
2749 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_GET_PKTCNTS, &pktcnt,
2750 				     sizeof(pktcnt));
2751 	if (err) {
2752 		bphy_err(drvr, "BRCMF_C_GET_GET_PKTCNTS error (%d)\n", err);
2753 		return err;
2754 	}
2755 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS) |
2756 			 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC) |
2757 			 BIT_ULL(NL80211_STA_INFO_TX_PACKETS) |
2758 			 BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2759 	sinfo->rx_packets = le32_to_cpu(pktcnt.rx_good_pkt);
2760 	sinfo->rx_dropped_misc = le32_to_cpu(pktcnt.rx_bad_pkt);
2761 	sinfo->tx_packets = le32_to_cpu(pktcnt.tx_good_pkt);
2762 	sinfo->tx_failed  = le32_to_cpu(pktcnt.tx_bad_pkt);
2763 
2764 	return 0;
2765 }
2766 
2767 static s32
2768 brcmf_cfg80211_get_station(struct wiphy *wiphy, struct net_device *ndev,
2769 			   const u8 *mac, struct station_info *sinfo)
2770 {
2771 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2772 	struct brcmf_if *ifp = netdev_priv(ndev);
2773 	struct brcmf_pub *drvr = cfg->pub;
2774 	struct brcmf_scb_val_le scb_val;
2775 	s32 err = 0;
2776 	struct brcmf_sta_info_le sta_info_le;
2777 	u32 sta_flags;
2778 	u32 is_tdls_peer;
2779 	s32 total_rssi_avg = 0;
2780 	s32 total_rssi = 0;
2781 	s32 count_rssi = 0;
2782 	int rssi;
2783 	u32 i;
2784 
2785 	brcmf_dbg(TRACE, "Enter, MAC %pM\n", mac);
2786 	if (!check_vif_up(ifp->vif))
2787 		return -EIO;
2788 
2789 	if (brcmf_is_ibssmode(ifp->vif))
2790 		return brcmf_cfg80211_get_station_ibss(ifp, sinfo);
2791 
2792 	memset(&sta_info_le, 0, sizeof(sta_info_le));
2793 	memcpy(&sta_info_le, mac, ETH_ALEN);
2794 	err = brcmf_fil_iovar_data_get(ifp, "tdls_sta_info",
2795 				       &sta_info_le,
2796 				       sizeof(sta_info_le));
2797 	is_tdls_peer = !err;
2798 	if (err) {
2799 		err = brcmf_fil_iovar_data_get(ifp, "sta_info",
2800 					       &sta_info_le,
2801 					       sizeof(sta_info_le));
2802 		if (err < 0) {
2803 			bphy_err(drvr, "GET STA INFO failed, %d\n", err);
2804 			goto done;
2805 		}
2806 	}
2807 	brcmf_dbg(TRACE, "version %d\n", le16_to_cpu(sta_info_le.ver));
2808 	sinfo->filled = BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME);
2809 	sinfo->inactive_time = le32_to_cpu(sta_info_le.idle) * 1000;
2810 	sta_flags = le32_to_cpu(sta_info_le.flags);
2811 	brcmf_convert_sta_flags(sta_flags, sinfo);
2812 	sinfo->sta_flags.mask |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2813 	if (is_tdls_peer)
2814 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2815 	else
2816 		sinfo->sta_flags.set &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2817 	if (sta_flags & BRCMF_STA_ASSOC) {
2818 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CONNECTED_TIME);
2819 		sinfo->connected_time = le32_to_cpu(sta_info_le.in);
2820 		brcmf_fill_bss_param(ifp, sinfo);
2821 	}
2822 	if (sta_flags & BRCMF_STA_SCBSTATS) {
2823 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2824 		sinfo->tx_failed = le32_to_cpu(sta_info_le.tx_failures);
2825 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
2826 		sinfo->tx_packets = le32_to_cpu(sta_info_le.tx_pkts);
2827 		sinfo->tx_packets += le32_to_cpu(sta_info_le.tx_mcast_pkts);
2828 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
2829 		sinfo->rx_packets = le32_to_cpu(sta_info_le.rx_ucast_pkts);
2830 		sinfo->rx_packets += le32_to_cpu(sta_info_le.rx_mcast_pkts);
2831 		if (sinfo->tx_packets) {
2832 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2833 			sinfo->txrate.legacy =
2834 				le32_to_cpu(sta_info_le.tx_rate) / 100;
2835 		}
2836 		if (sinfo->rx_packets) {
2837 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
2838 			sinfo->rxrate.legacy =
2839 				le32_to_cpu(sta_info_le.rx_rate) / 100;
2840 		}
2841 		if (le16_to_cpu(sta_info_le.ver) >= 4) {
2842 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
2843 			sinfo->tx_bytes = le64_to_cpu(sta_info_le.tx_tot_bytes);
2844 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
2845 			sinfo->rx_bytes = le64_to_cpu(sta_info_le.rx_tot_bytes);
2846 		}
2847 		for (i = 0; i < BRCMF_ANT_MAX; i++) {
2848 			if (sta_info_le.rssi[i] == 0 ||
2849 			    sta_info_le.rx_lastpkt_rssi[i] == 0)
2850 				continue;
2851 			sinfo->chains |= BIT(count_rssi);
2852 			sinfo->chain_signal[count_rssi] =
2853 				sta_info_le.rx_lastpkt_rssi[i];
2854 			sinfo->chain_signal_avg[count_rssi] =
2855 				sta_info_le.rssi[i];
2856 			total_rssi += sta_info_le.rx_lastpkt_rssi[i];
2857 			total_rssi_avg += sta_info_le.rssi[i];
2858 			count_rssi++;
2859 		}
2860 		if (count_rssi) {
2861 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2862 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
2863 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
2864 			sinfo->filled |=
2865 				BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
2866 			sinfo->signal = total_rssi / count_rssi;
2867 			sinfo->signal_avg = total_rssi_avg / count_rssi;
2868 		} else if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
2869 			&ifp->vif->sme_state)) {
2870 			memset(&scb_val, 0, sizeof(scb_val));
2871 			err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI,
2872 						     &scb_val, sizeof(scb_val));
2873 			if (err) {
2874 				bphy_err(drvr, "Could not get rssi (%d)\n",
2875 					 err);
2876 				goto done;
2877 			} else {
2878 				rssi = le32_to_cpu(scb_val.val);
2879 				sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2880 				sinfo->signal = rssi;
2881 				brcmf_dbg(CONN, "RSSI %d dBm\n", rssi);
2882 			}
2883 		}
2884 	}
2885 done:
2886 	brcmf_dbg(TRACE, "Exit\n");
2887 	return err;
2888 }
2889 
2890 static int
2891 brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
2892 			    int idx, u8 *mac, struct station_info *sinfo)
2893 {
2894 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2895 	struct brcmf_if *ifp = netdev_priv(ndev);
2896 	struct brcmf_pub *drvr = cfg->pub;
2897 	s32 err;
2898 
2899 	brcmf_dbg(TRACE, "Enter, idx %d\n", idx);
2900 
2901 	if (idx == 0) {
2902 		cfg->assoclist.count = cpu_to_le32(BRCMF_MAX_ASSOCLIST);
2903 		err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_ASSOCLIST,
2904 					     &cfg->assoclist,
2905 					     sizeof(cfg->assoclist));
2906 		if (err) {
2907 			/* GET_ASSOCLIST unsupported by firmware of older chips */
2908 			if (err == -EBADE)
2909 				bphy_info_once(drvr, "BRCMF_C_GET_ASSOCLIST unsupported\n");
2910 			else
2911 				bphy_err(drvr, "BRCMF_C_GET_ASSOCLIST failed, err=%d\n",
2912 					 err);
2913 
2914 			cfg->assoclist.count = 0;
2915 			return -EOPNOTSUPP;
2916 		}
2917 	}
2918 	if (idx < le32_to_cpu(cfg->assoclist.count)) {
2919 		memcpy(mac, cfg->assoclist.mac[idx], ETH_ALEN);
2920 		return brcmf_cfg80211_get_station(wiphy, ndev, mac, sinfo);
2921 	}
2922 	return -ENOENT;
2923 }
2924 
2925 static s32
2926 brcmf_cfg80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *ndev,
2927 			   bool enabled, s32 timeout)
2928 {
2929 	s32 pm;
2930 	s32 err = 0;
2931 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2932 	struct brcmf_if *ifp = netdev_priv(ndev);
2933 	struct brcmf_pub *drvr = cfg->pub;
2934 
2935 	brcmf_dbg(TRACE, "Enter\n");
2936 
2937 	/*
2938 	 * Powersave enable/disable request is coming from the
2939 	 * cfg80211 even before the interface is up. In that
2940 	 * scenario, driver will be storing the power save
2941 	 * preference in cfg struct to apply this to
2942 	 * FW later while initializing the dongle
2943 	 */
2944 	cfg->pwr_save = enabled;
2945 	if (!check_vif_up(ifp->vif)) {
2946 
2947 		brcmf_dbg(INFO, "Device is not ready, storing the value in cfg_info struct\n");
2948 		goto done;
2949 	}
2950 
2951 	pm = enabled ? PM_FAST : PM_OFF;
2952 	/* Do not enable the power save after assoc if it is a p2p interface */
2953 	if (ifp->vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) {
2954 		brcmf_dbg(INFO, "Do not enable power save for P2P clients\n");
2955 		pm = PM_OFF;
2956 	}
2957 	brcmf_dbg(INFO, "power save %s\n", (pm ? "enabled" : "disabled"));
2958 
2959 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, pm);
2960 	if (err) {
2961 		if (err == -ENODEV)
2962 			bphy_err(drvr, "net_device is not ready yet\n");
2963 		else
2964 			bphy_err(drvr, "error (%d)\n", err);
2965 	}
2966 
2967 	err = brcmf_fil_iovar_int_set(ifp, "pm2_sleep_ret",
2968 				min_t(u32, timeout, BRCMF_PS_MAX_TIMEOUT_MS));
2969 	if (err)
2970 		bphy_err(drvr, "Unable to set pm timeout, (%d)\n", err);
2971 
2972 done:
2973 	brcmf_dbg(TRACE, "Exit\n");
2974 	return err;
2975 }
2976 
2977 static s32 brcmf_inform_single_bss(struct brcmf_cfg80211_info *cfg,
2978 				   struct brcmf_bss_info_le *bi)
2979 {
2980 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
2981 	struct brcmf_pub *drvr = cfg->pub;
2982 	struct cfg80211_bss *bss;
2983 	enum nl80211_band band;
2984 	struct brcmu_chan ch;
2985 	u16 channel;
2986 	u32 freq;
2987 	u16 notify_capability;
2988 	u16 notify_interval;
2989 	u8 *notify_ie;
2990 	size_t notify_ielen;
2991 	struct cfg80211_inform_bss bss_data = {};
2992 
2993 	if (le32_to_cpu(bi->length) > WL_BSS_INFO_MAX) {
2994 		bphy_err(drvr, "Bss info is larger than buffer. Discarding\n");
2995 		return -EINVAL;
2996 	}
2997 
2998 	if (!bi->ctl_ch) {
2999 		ch.chspec = le16_to_cpu(bi->chanspec);
3000 		cfg->d11inf.decchspec(&ch);
3001 		bi->ctl_ch = ch.control_ch_num;
3002 	}
3003 	channel = bi->ctl_ch;
3004 
3005 	if (channel <= CH_MAX_2G_CHANNEL)
3006 		band = NL80211_BAND_2GHZ;
3007 	else
3008 		band = NL80211_BAND_5GHZ;
3009 
3010 	freq = ieee80211_channel_to_frequency(channel, band);
3011 	bss_data.chan = ieee80211_get_channel(wiphy, freq);
3012 	bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
3013 	bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
3014 
3015 	notify_capability = le16_to_cpu(bi->capability);
3016 	notify_interval = le16_to_cpu(bi->beacon_period);
3017 	notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3018 	notify_ielen = le32_to_cpu(bi->ie_length);
3019 	bss_data.signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3020 
3021 	brcmf_dbg(CONN, "bssid: %pM\n", bi->BSSID);
3022 	brcmf_dbg(CONN, "Channel: %d(%d)\n", channel, freq);
3023 	brcmf_dbg(CONN, "Capability: %X\n", notify_capability);
3024 	brcmf_dbg(CONN, "Beacon interval: %d\n", notify_interval);
3025 	brcmf_dbg(CONN, "Signal: %d\n", bss_data.signal);
3026 
3027 	bss = cfg80211_inform_bss_data(wiphy, &bss_data,
3028 				       CFG80211_BSS_FTYPE_UNKNOWN,
3029 				       (const u8 *)bi->BSSID,
3030 				       0, notify_capability,
3031 				       notify_interval, notify_ie,
3032 				       notify_ielen, GFP_KERNEL);
3033 
3034 	if (!bss)
3035 		return -ENOMEM;
3036 
3037 	cfg80211_put_bss(wiphy, bss);
3038 
3039 	return 0;
3040 }
3041 
3042 static struct brcmf_bss_info_le *
3043 next_bss_le(struct brcmf_scan_results *list, struct brcmf_bss_info_le *bss)
3044 {
3045 	if (bss == NULL)
3046 		return list->bss_info_le;
3047 	return (struct brcmf_bss_info_le *)((unsigned long)bss +
3048 					    le32_to_cpu(bss->length));
3049 }
3050 
3051 static s32 brcmf_inform_bss(struct brcmf_cfg80211_info *cfg)
3052 {
3053 	struct brcmf_pub *drvr = cfg->pub;
3054 	struct brcmf_scan_results *bss_list;
3055 	struct brcmf_bss_info_le *bi = NULL;	/* must be initialized */
3056 	s32 err = 0;
3057 	int i;
3058 
3059 	bss_list = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
3060 	if (bss_list->count != 0 &&
3061 	    bss_list->version != BRCMF_BSS_INFO_VERSION) {
3062 		bphy_err(drvr, "Version %d != WL_BSS_INFO_VERSION\n",
3063 			 bss_list->version);
3064 		return -EOPNOTSUPP;
3065 	}
3066 	brcmf_dbg(SCAN, "scanned AP count (%d)\n", bss_list->count);
3067 	for (i = 0; i < bss_list->count; i++) {
3068 		bi = next_bss_le(bss_list, bi);
3069 		err = brcmf_inform_single_bss(cfg, bi);
3070 		if (err)
3071 			break;
3072 	}
3073 	return err;
3074 }
3075 
3076 static s32 brcmf_inform_ibss(struct brcmf_cfg80211_info *cfg,
3077 			     struct net_device *ndev, const u8 *bssid)
3078 {
3079 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
3080 	struct brcmf_pub *drvr = cfg->pub;
3081 	struct ieee80211_channel *notify_channel;
3082 	struct brcmf_bss_info_le *bi = NULL;
3083 	struct ieee80211_supported_band *band;
3084 	struct cfg80211_bss *bss;
3085 	struct brcmu_chan ch;
3086 	u8 *buf = NULL;
3087 	s32 err = 0;
3088 	u32 freq;
3089 	u16 notify_capability;
3090 	u16 notify_interval;
3091 	u8 *notify_ie;
3092 	size_t notify_ielen;
3093 	s32 notify_signal;
3094 
3095 	brcmf_dbg(TRACE, "Enter\n");
3096 
3097 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
3098 	if (buf == NULL) {
3099 		err = -ENOMEM;
3100 		goto CleanUp;
3101 	}
3102 
3103 	*(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
3104 
3105 	err = brcmf_fil_cmd_data_get(netdev_priv(ndev), BRCMF_C_GET_BSS_INFO,
3106 				     buf, WL_BSS_INFO_MAX);
3107 	if (err) {
3108 		bphy_err(drvr, "WLC_GET_BSS_INFO failed: %d\n", err);
3109 		goto CleanUp;
3110 	}
3111 
3112 	bi = (struct brcmf_bss_info_le *)(buf + 4);
3113 
3114 	ch.chspec = le16_to_cpu(bi->chanspec);
3115 	cfg->d11inf.decchspec(&ch);
3116 
3117 	if (ch.band == BRCMU_CHAN_BAND_2G)
3118 		band = wiphy->bands[NL80211_BAND_2GHZ];
3119 	else
3120 		band = wiphy->bands[NL80211_BAND_5GHZ];
3121 
3122 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
3123 	cfg->channel = freq;
3124 	notify_channel = ieee80211_get_channel(wiphy, freq);
3125 
3126 	notify_capability = le16_to_cpu(bi->capability);
3127 	notify_interval = le16_to_cpu(bi->beacon_period);
3128 	notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3129 	notify_ielen = le32_to_cpu(bi->ie_length);
3130 	notify_signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3131 
3132 	brcmf_dbg(CONN, "channel: %d(%d)\n", ch.control_ch_num, freq);
3133 	brcmf_dbg(CONN, "capability: %X\n", notify_capability);
3134 	brcmf_dbg(CONN, "beacon interval: %d\n", notify_interval);
3135 	brcmf_dbg(CONN, "signal: %d\n", notify_signal);
3136 
3137 	bss = cfg80211_inform_bss(wiphy, notify_channel,
3138 				  CFG80211_BSS_FTYPE_UNKNOWN, bssid, 0,
3139 				  notify_capability, notify_interval,
3140 				  notify_ie, notify_ielen, notify_signal,
3141 				  GFP_KERNEL);
3142 
3143 	if (!bss) {
3144 		err = -ENOMEM;
3145 		goto CleanUp;
3146 	}
3147 
3148 	cfg80211_put_bss(wiphy, bss);
3149 
3150 CleanUp:
3151 
3152 	kfree(buf);
3153 
3154 	brcmf_dbg(TRACE, "Exit\n");
3155 
3156 	return err;
3157 }
3158 
3159 static s32 brcmf_update_bss_info(struct brcmf_cfg80211_info *cfg,
3160 				 struct brcmf_if *ifp)
3161 {
3162 	struct brcmf_pub *drvr = cfg->pub;
3163 	struct brcmf_bss_info_le *bi;
3164 	const struct brcmf_tlv *tim;
3165 	size_t ie_len;
3166 	u8 *ie;
3167 	s32 err = 0;
3168 
3169 	brcmf_dbg(TRACE, "Enter\n");
3170 	if (brcmf_is_ibssmode(ifp->vif))
3171 		return err;
3172 
3173 	*(__le32 *)cfg->extra_buf = cpu_to_le32(WL_EXTRA_BUF_MAX);
3174 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
3175 				     cfg->extra_buf, WL_EXTRA_BUF_MAX);
3176 	if (err) {
3177 		bphy_err(drvr, "Could not get bss info %d\n", err);
3178 		goto update_bss_info_out;
3179 	}
3180 
3181 	bi = (struct brcmf_bss_info_le *)(cfg->extra_buf + 4);
3182 	err = brcmf_inform_single_bss(cfg, bi);
3183 	if (err)
3184 		goto update_bss_info_out;
3185 
3186 	ie = ((u8 *)bi) + le16_to_cpu(bi->ie_offset);
3187 	ie_len = le32_to_cpu(bi->ie_length);
3188 
3189 	tim = brcmf_parse_tlvs(ie, ie_len, WLAN_EID_TIM);
3190 	if (!tim) {
3191 		/*
3192 		* active scan was done so we could not get dtim
3193 		* information out of probe response.
3194 		* so we speficially query dtim information to dongle.
3195 		*/
3196 		u32 var;
3197 		err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
3198 		if (err) {
3199 			bphy_err(drvr, "wl dtim_assoc failed (%d)\n", err);
3200 			goto update_bss_info_out;
3201 		}
3202 	}
3203 
3204 update_bss_info_out:
3205 	brcmf_dbg(TRACE, "Exit");
3206 	return err;
3207 }
3208 
3209 void brcmf_abort_scanning(struct brcmf_cfg80211_info *cfg)
3210 {
3211 	struct escan_info *escan = &cfg->escan_info;
3212 
3213 	set_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3214 	if (cfg->int_escan_map || cfg->scan_request) {
3215 		escan->escan_state = WL_ESCAN_STATE_IDLE;
3216 		brcmf_notify_escan_complete(cfg, escan->ifp, true, true);
3217 	}
3218 	clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3219 	clear_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3220 }
3221 
3222 static void brcmf_cfg80211_escan_timeout_worker(struct work_struct *work)
3223 {
3224 	struct brcmf_cfg80211_info *cfg =
3225 			container_of(work, struct brcmf_cfg80211_info,
3226 				     escan_timeout_work);
3227 
3228 	brcmf_inform_bss(cfg);
3229 	brcmf_notify_escan_complete(cfg, cfg->escan_info.ifp, true, true);
3230 }
3231 
3232 static void brcmf_escan_timeout(struct timer_list *t)
3233 {
3234 	struct brcmf_cfg80211_info *cfg =
3235 			from_timer(cfg, t, escan_timeout);
3236 	struct brcmf_pub *drvr = cfg->pub;
3237 
3238 	if (cfg->int_escan_map || cfg->scan_request) {
3239 		bphy_err(drvr, "timer expired\n");
3240 		schedule_work(&cfg->escan_timeout_work);
3241 	}
3242 }
3243 
3244 static s32
3245 brcmf_compare_update_same_bss(struct brcmf_cfg80211_info *cfg,
3246 			      struct brcmf_bss_info_le *bss,
3247 			      struct brcmf_bss_info_le *bss_info_le)
3248 {
3249 	struct brcmu_chan ch_bss, ch_bss_info_le;
3250 
3251 	ch_bss.chspec = le16_to_cpu(bss->chanspec);
3252 	cfg->d11inf.decchspec(&ch_bss);
3253 	ch_bss_info_le.chspec = le16_to_cpu(bss_info_le->chanspec);
3254 	cfg->d11inf.decchspec(&ch_bss_info_le);
3255 
3256 	if (!memcmp(&bss_info_le->BSSID, &bss->BSSID, ETH_ALEN) &&
3257 		ch_bss.band == ch_bss_info_le.band &&
3258 		bss_info_le->SSID_len == bss->SSID_len &&
3259 		!memcmp(bss_info_le->SSID, bss->SSID, bss_info_le->SSID_len)) {
3260 		if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) ==
3261 			(bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL)) {
3262 			s16 bss_rssi = le16_to_cpu(bss->RSSI);
3263 			s16 bss_info_rssi = le16_to_cpu(bss_info_le->RSSI);
3264 
3265 			/* preserve max RSSI if the measurements are
3266 			* both on-channel or both off-channel
3267 			*/
3268 			if (bss_info_rssi > bss_rssi)
3269 				bss->RSSI = bss_info_le->RSSI;
3270 		} else if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) &&
3271 			(bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL) == 0) {
3272 			/* preserve the on-channel rssi measurement
3273 			* if the new measurement is off channel
3274 			*/
3275 			bss->RSSI = bss_info_le->RSSI;
3276 			bss->flags |= BRCMF_BSS_RSSI_ON_CHANNEL;
3277 		}
3278 		return 1;
3279 	}
3280 	return 0;
3281 }
3282 
3283 static s32
3284 brcmf_cfg80211_escan_handler(struct brcmf_if *ifp,
3285 			     const struct brcmf_event_msg *e, void *data)
3286 {
3287 	struct brcmf_pub *drvr = ifp->drvr;
3288 	struct brcmf_cfg80211_info *cfg = drvr->config;
3289 	s32 status;
3290 	struct brcmf_escan_result_le *escan_result_le;
3291 	u32 escan_buflen;
3292 	struct brcmf_bss_info_le *bss_info_le;
3293 	struct brcmf_bss_info_le *bss = NULL;
3294 	u32 bi_length;
3295 	struct brcmf_scan_results *list;
3296 	u32 i;
3297 	bool aborted;
3298 
3299 	status = e->status;
3300 
3301 	if (status == BRCMF_E_STATUS_ABORT)
3302 		goto exit;
3303 
3304 	if (!test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3305 		bphy_err(drvr, "scan not ready, bsscfgidx=%d\n",
3306 			 ifp->bsscfgidx);
3307 		return -EPERM;
3308 	}
3309 
3310 	if (status == BRCMF_E_STATUS_PARTIAL) {
3311 		brcmf_dbg(SCAN, "ESCAN Partial result\n");
3312 		if (e->datalen < sizeof(*escan_result_le)) {
3313 			bphy_err(drvr, "invalid event data length\n");
3314 			goto exit;
3315 		}
3316 		escan_result_le = (struct brcmf_escan_result_le *) data;
3317 		if (!escan_result_le) {
3318 			bphy_err(drvr, "Invalid escan result (NULL pointer)\n");
3319 			goto exit;
3320 		}
3321 		escan_buflen = le32_to_cpu(escan_result_le->buflen);
3322 		if (escan_buflen > BRCMF_ESCAN_BUF_SIZE ||
3323 		    escan_buflen > e->datalen ||
3324 		    escan_buflen < sizeof(*escan_result_le)) {
3325 			bphy_err(drvr, "Invalid escan buffer length: %d\n",
3326 				 escan_buflen);
3327 			goto exit;
3328 		}
3329 		if (le16_to_cpu(escan_result_le->bss_count) != 1) {
3330 			bphy_err(drvr, "Invalid bss_count %d: ignoring\n",
3331 				 escan_result_le->bss_count);
3332 			goto exit;
3333 		}
3334 		bss_info_le = &escan_result_le->bss_info_le;
3335 
3336 		if (brcmf_p2p_scan_finding_common_channel(cfg, bss_info_le))
3337 			goto exit;
3338 
3339 		if (!cfg->int_escan_map && !cfg->scan_request) {
3340 			brcmf_dbg(SCAN, "result without cfg80211 request\n");
3341 			goto exit;
3342 		}
3343 
3344 		bi_length = le32_to_cpu(bss_info_le->length);
3345 		if (bi_length != escan_buflen -	WL_ESCAN_RESULTS_FIXED_SIZE) {
3346 			bphy_err(drvr, "Ignoring invalid bss_info length: %d\n",
3347 				 bi_length);
3348 			goto exit;
3349 		}
3350 
3351 		if (!(cfg_to_wiphy(cfg)->interface_modes &
3352 					BIT(NL80211_IFTYPE_ADHOC))) {
3353 			if (le16_to_cpu(bss_info_le->capability) &
3354 						WLAN_CAPABILITY_IBSS) {
3355 				bphy_err(drvr, "Ignoring IBSS result\n");
3356 				goto exit;
3357 			}
3358 		}
3359 
3360 		list = (struct brcmf_scan_results *)
3361 				cfg->escan_info.escan_buf;
3362 		if (bi_length > BRCMF_ESCAN_BUF_SIZE - list->buflen) {
3363 			bphy_err(drvr, "Buffer is too small: ignoring\n");
3364 			goto exit;
3365 		}
3366 
3367 		for (i = 0; i < list->count; i++) {
3368 			bss = bss ? (struct brcmf_bss_info_le *)
3369 				((unsigned char *)bss +
3370 				le32_to_cpu(bss->length)) : list->bss_info_le;
3371 			if (brcmf_compare_update_same_bss(cfg, bss,
3372 							  bss_info_le))
3373 				goto exit;
3374 		}
3375 		memcpy(&cfg->escan_info.escan_buf[list->buflen], bss_info_le,
3376 		       bi_length);
3377 		list->version = le32_to_cpu(bss_info_le->version);
3378 		list->buflen += bi_length;
3379 		list->count++;
3380 	} else {
3381 		cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3382 		if (brcmf_p2p_scan_finding_common_channel(cfg, NULL))
3383 			goto exit;
3384 		if (cfg->int_escan_map || cfg->scan_request) {
3385 			brcmf_inform_bss(cfg);
3386 			aborted = status != BRCMF_E_STATUS_SUCCESS;
3387 			brcmf_notify_escan_complete(cfg, ifp, aborted, false);
3388 		} else
3389 			brcmf_dbg(SCAN, "Ignored scan complete result 0x%x\n",
3390 				  status);
3391 	}
3392 exit:
3393 	return 0;
3394 }
3395 
3396 static void brcmf_init_escan(struct brcmf_cfg80211_info *cfg)
3397 {
3398 	brcmf_fweh_register(cfg->pub, BRCMF_E_ESCAN_RESULT,
3399 			    brcmf_cfg80211_escan_handler);
3400 	cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3401 	/* Init scan_timeout timer */
3402 	timer_setup(&cfg->escan_timeout, brcmf_escan_timeout, 0);
3403 	INIT_WORK(&cfg->escan_timeout_work,
3404 		  brcmf_cfg80211_escan_timeout_worker);
3405 }
3406 
3407 static struct cfg80211_scan_request *
3408 brcmf_alloc_internal_escan_request(struct wiphy *wiphy, u32 n_netinfo) {
3409 	struct cfg80211_scan_request *req;
3410 	size_t req_size;
3411 
3412 	req_size = sizeof(*req) +
3413 		   n_netinfo * sizeof(req->channels[0]) +
3414 		   n_netinfo * sizeof(*req->ssids);
3415 
3416 	req = kzalloc(req_size, GFP_KERNEL);
3417 	if (req) {
3418 		req->wiphy = wiphy;
3419 		req->ssids = (void *)(&req->channels[0]) +
3420 			     n_netinfo * sizeof(req->channels[0]);
3421 	}
3422 	return req;
3423 }
3424 
3425 static int brcmf_internal_escan_add_info(struct cfg80211_scan_request *req,
3426 					 u8 *ssid, u8 ssid_len, u8 channel)
3427 {
3428 	struct ieee80211_channel *chan;
3429 	enum nl80211_band band;
3430 	int freq, i;
3431 
3432 	if (channel <= CH_MAX_2G_CHANNEL)
3433 		band = NL80211_BAND_2GHZ;
3434 	else
3435 		band = NL80211_BAND_5GHZ;
3436 
3437 	freq = ieee80211_channel_to_frequency(channel, band);
3438 	if (!freq)
3439 		return -EINVAL;
3440 
3441 	chan = ieee80211_get_channel(req->wiphy, freq);
3442 	if (!chan)
3443 		return -EINVAL;
3444 
3445 	for (i = 0; i < req->n_channels; i++) {
3446 		if (req->channels[i] == chan)
3447 			break;
3448 	}
3449 	if (i == req->n_channels)
3450 		req->channels[req->n_channels++] = chan;
3451 
3452 	for (i = 0; i < req->n_ssids; i++) {
3453 		if (req->ssids[i].ssid_len == ssid_len &&
3454 		    !memcmp(req->ssids[i].ssid, ssid, ssid_len))
3455 			break;
3456 	}
3457 	if (i == req->n_ssids) {
3458 		memcpy(req->ssids[req->n_ssids].ssid, ssid, ssid_len);
3459 		req->ssids[req->n_ssids++].ssid_len = ssid_len;
3460 	}
3461 	return 0;
3462 }
3463 
3464 static int brcmf_start_internal_escan(struct brcmf_if *ifp, u32 fwmap,
3465 				      struct cfg80211_scan_request *request)
3466 {
3467 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3468 	int err;
3469 
3470 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3471 		if (cfg->int_escan_map)
3472 			brcmf_dbg(SCAN, "aborting internal scan: map=%u\n",
3473 				  cfg->int_escan_map);
3474 		/* Abort any on-going scan */
3475 		brcmf_abort_scanning(cfg);
3476 	}
3477 
3478 	brcmf_dbg(SCAN, "start internal scan: map=%u\n", fwmap);
3479 	set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3480 	cfg->escan_info.run = brcmf_run_escan;
3481 	err = brcmf_do_escan(ifp, request);
3482 	if (err) {
3483 		clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3484 		return err;
3485 	}
3486 	cfg->int_escan_map = fwmap;
3487 	return 0;
3488 }
3489 
3490 static struct brcmf_pno_net_info_le *
3491 brcmf_get_netinfo_array(struct brcmf_pno_scanresults_le *pfn_v1)
3492 {
3493 	struct brcmf_pno_scanresults_v2_le *pfn_v2;
3494 	struct brcmf_pno_net_info_le *netinfo;
3495 
3496 	switch (pfn_v1->version) {
3497 	default:
3498 		WARN_ON(1);
3499 		fallthrough;
3500 	case cpu_to_le32(1):
3501 		netinfo = (struct brcmf_pno_net_info_le *)(pfn_v1 + 1);
3502 		break;
3503 	case cpu_to_le32(2):
3504 		pfn_v2 = (struct brcmf_pno_scanresults_v2_le *)pfn_v1;
3505 		netinfo = (struct brcmf_pno_net_info_le *)(pfn_v2 + 1);
3506 		break;
3507 	}
3508 
3509 	return netinfo;
3510 }
3511 
3512 /* PFN result doesn't have all the info which are required by the supplicant
3513  * (For e.g IEs) Do a target Escan so that sched scan results are reported
3514  * via wl_inform_single_bss in the required format. Escan does require the
3515  * scan request in the form of cfg80211_scan_request. For timebeing, create
3516  * cfg80211_scan_request one out of the received PNO event.
3517  */
3518 static s32
3519 brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
3520 				const struct brcmf_event_msg *e, void *data)
3521 {
3522 	struct brcmf_pub *drvr = ifp->drvr;
3523 	struct brcmf_cfg80211_info *cfg = drvr->config;
3524 	struct brcmf_pno_net_info_le *netinfo, *netinfo_start;
3525 	struct cfg80211_scan_request *request = NULL;
3526 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
3527 	int i, err = 0;
3528 	struct brcmf_pno_scanresults_le *pfn_result;
3529 	u32 bucket_map;
3530 	u32 result_count;
3531 	u32 status;
3532 	u32 datalen;
3533 
3534 	brcmf_dbg(SCAN, "Enter\n");
3535 
3536 	if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3537 		brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3538 		return 0;
3539 	}
3540 
3541 	if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3542 		brcmf_dbg(SCAN, "PFN NET LOST event. Do Nothing\n");
3543 		return 0;
3544 	}
3545 
3546 	pfn_result = (struct brcmf_pno_scanresults_le *)data;
3547 	result_count = le32_to_cpu(pfn_result->count);
3548 	status = le32_to_cpu(pfn_result->status);
3549 
3550 	/* PFN event is limited to fit 512 bytes so we may get
3551 	 * multiple NET_FOUND events. For now place a warning here.
3552 	 */
3553 	WARN_ON(status != BRCMF_PNO_SCAN_COMPLETE);
3554 	brcmf_dbg(SCAN, "PFN NET FOUND event. count: %d\n", result_count);
3555 	if (!result_count) {
3556 		bphy_err(drvr, "FALSE PNO Event. (pfn_count == 0)\n");
3557 		goto out_err;
3558 	}
3559 
3560 	netinfo_start = brcmf_get_netinfo_array(pfn_result);
3561 	datalen = e->datalen - ((void *)netinfo_start - (void *)pfn_result);
3562 	if (datalen < result_count * sizeof(*netinfo)) {
3563 		bphy_err(drvr, "insufficient event data\n");
3564 		goto out_err;
3565 	}
3566 
3567 	request = brcmf_alloc_internal_escan_request(wiphy,
3568 						     result_count);
3569 	if (!request) {
3570 		err = -ENOMEM;
3571 		goto out_err;
3572 	}
3573 
3574 	bucket_map = 0;
3575 	for (i = 0; i < result_count; i++) {
3576 		netinfo = &netinfo_start[i];
3577 
3578 		if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3579 			netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3580 		brcmf_dbg(SCAN, "SSID:%.32s Channel:%d\n",
3581 			  netinfo->SSID, netinfo->channel);
3582 		bucket_map |= brcmf_pno_get_bucket_map(cfg->pno, netinfo);
3583 		err = brcmf_internal_escan_add_info(request,
3584 						    netinfo->SSID,
3585 						    netinfo->SSID_len,
3586 						    netinfo->channel);
3587 		if (err)
3588 			goto out_err;
3589 	}
3590 
3591 	if (!bucket_map)
3592 		goto free_req;
3593 
3594 	err = brcmf_start_internal_escan(ifp, bucket_map, request);
3595 	if (!err)
3596 		goto free_req;
3597 
3598 out_err:
3599 	cfg80211_sched_scan_stopped(wiphy, 0);
3600 free_req:
3601 	kfree(request);
3602 	return err;
3603 }
3604 
3605 static int
3606 brcmf_cfg80211_sched_scan_start(struct wiphy *wiphy,
3607 				struct net_device *ndev,
3608 				struct cfg80211_sched_scan_request *req)
3609 {
3610 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3611 	struct brcmf_if *ifp = netdev_priv(ndev);
3612 	struct brcmf_pub *drvr = cfg->pub;
3613 
3614 	brcmf_dbg(SCAN, "Enter: n_match_sets=%d n_ssids=%d\n",
3615 		  req->n_match_sets, req->n_ssids);
3616 
3617 	if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
3618 		bphy_err(drvr, "Scanning suppressed: status=%lu\n",
3619 			 cfg->scan_status);
3620 		return -EAGAIN;
3621 	}
3622 
3623 	if (req->n_match_sets <= 0) {
3624 		brcmf_dbg(SCAN, "invalid number of matchsets specified: %d\n",
3625 			  req->n_match_sets);
3626 		return -EINVAL;
3627 	}
3628 
3629 	return brcmf_pno_start_sched_scan(ifp, req);
3630 }
3631 
3632 static int brcmf_cfg80211_sched_scan_stop(struct wiphy *wiphy,
3633 					  struct net_device *ndev, u64 reqid)
3634 {
3635 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3636 	struct brcmf_if *ifp = netdev_priv(ndev);
3637 
3638 	brcmf_dbg(SCAN, "enter\n");
3639 	brcmf_pno_stop_sched_scan(ifp, reqid);
3640 	if (cfg->int_escan_map)
3641 		brcmf_notify_escan_complete(cfg, ifp, true, true);
3642 	return 0;
3643 }
3644 
3645 static __always_inline void brcmf_delay(u32 ms)
3646 {
3647 	if (ms < 1000 / HZ) {
3648 		cond_resched();
3649 		mdelay(ms);
3650 	} else {
3651 		msleep(ms);
3652 	}
3653 }
3654 
3655 static s32 brcmf_config_wowl_pattern(struct brcmf_if *ifp, u8 cmd[4],
3656 				     u8 *pattern, u32 patternsize, u8 *mask,
3657 				     u32 packet_offset)
3658 {
3659 	struct brcmf_fil_wowl_pattern_le *filter;
3660 	u32 masksize;
3661 	u32 patternoffset;
3662 	u8 *buf;
3663 	u32 bufsize;
3664 	s32 ret;
3665 
3666 	masksize = (patternsize + 7) / 8;
3667 	patternoffset = sizeof(*filter) - sizeof(filter->cmd) + masksize;
3668 
3669 	bufsize = sizeof(*filter) + patternsize + masksize;
3670 	buf = kzalloc(bufsize, GFP_KERNEL);
3671 	if (!buf)
3672 		return -ENOMEM;
3673 	filter = (struct brcmf_fil_wowl_pattern_le *)buf;
3674 
3675 	memcpy(filter->cmd, cmd, 4);
3676 	filter->masksize = cpu_to_le32(masksize);
3677 	filter->offset = cpu_to_le32(packet_offset);
3678 	filter->patternoffset = cpu_to_le32(patternoffset);
3679 	filter->patternsize = cpu_to_le32(patternsize);
3680 	filter->type = cpu_to_le32(BRCMF_WOWL_PATTERN_TYPE_BITMAP);
3681 
3682 	if ((mask) && (masksize))
3683 		memcpy(buf + sizeof(*filter), mask, masksize);
3684 	if ((pattern) && (patternsize))
3685 		memcpy(buf + sizeof(*filter) + masksize, pattern, patternsize);
3686 
3687 	ret = brcmf_fil_iovar_data_set(ifp, "wowl_pattern", buf, bufsize);
3688 
3689 	kfree(buf);
3690 	return ret;
3691 }
3692 
3693 static s32
3694 brcmf_wowl_nd_results(struct brcmf_if *ifp, const struct brcmf_event_msg *e,
3695 		      void *data)
3696 {
3697 	struct brcmf_pub *drvr = ifp->drvr;
3698 	struct brcmf_cfg80211_info *cfg = drvr->config;
3699 	struct brcmf_pno_scanresults_le *pfn_result;
3700 	struct brcmf_pno_net_info_le *netinfo;
3701 
3702 	brcmf_dbg(SCAN, "Enter\n");
3703 
3704 	if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3705 		brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3706 		return 0;
3707 	}
3708 
3709 	pfn_result = (struct brcmf_pno_scanresults_le *)data;
3710 
3711 	if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3712 		brcmf_dbg(SCAN, "PFN NET LOST event. Ignore\n");
3713 		return 0;
3714 	}
3715 
3716 	if (le32_to_cpu(pfn_result->count) < 1) {
3717 		bphy_err(drvr, "Invalid result count, expected 1 (%d)\n",
3718 			 le32_to_cpu(pfn_result->count));
3719 		return -EINVAL;
3720 	}
3721 
3722 	netinfo = brcmf_get_netinfo_array(pfn_result);
3723 	if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3724 		netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3725 	memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len);
3726 	cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len;
3727 	cfg->wowl.nd->n_channels = 1;
3728 	cfg->wowl.nd->channels[0] =
3729 		ieee80211_channel_to_frequency(netinfo->channel,
3730 			netinfo->channel <= CH_MAX_2G_CHANNEL ?
3731 					NL80211_BAND_2GHZ : NL80211_BAND_5GHZ);
3732 	cfg->wowl.nd_info->n_matches = 1;
3733 	cfg->wowl.nd_info->matches[0] = cfg->wowl.nd;
3734 
3735 	/* Inform (the resume task) that the net detect information was recvd */
3736 	cfg->wowl.nd_data_completed = true;
3737 	wake_up(&cfg->wowl.nd_data_wait);
3738 
3739 	return 0;
3740 }
3741 
3742 #ifdef CONFIG_PM
3743 
3744 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3745 {
3746 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3747 	struct brcmf_pub *drvr = cfg->pub;
3748 	struct brcmf_wowl_wakeind_le wake_ind_le;
3749 	struct cfg80211_wowlan_wakeup wakeup_data;
3750 	struct cfg80211_wowlan_wakeup *wakeup;
3751 	u32 wakeind;
3752 	s32 err;
3753 	int timeout;
3754 
3755 	err = brcmf_fil_iovar_data_get(ifp, "wowl_wakeind", &wake_ind_le,
3756 				       sizeof(wake_ind_le));
3757 	if (err) {
3758 		bphy_err(drvr, "Get wowl_wakeind failed, err = %d\n", err);
3759 		return;
3760 	}
3761 
3762 	wakeind = le32_to_cpu(wake_ind_le.ucode_wakeind);
3763 	if (wakeind & (BRCMF_WOWL_MAGIC | BRCMF_WOWL_DIS | BRCMF_WOWL_BCN |
3764 		       BRCMF_WOWL_RETR | BRCMF_WOWL_NET |
3765 		       BRCMF_WOWL_PFN_FOUND)) {
3766 		wakeup = &wakeup_data;
3767 		memset(&wakeup_data, 0, sizeof(wakeup_data));
3768 		wakeup_data.pattern_idx = -1;
3769 
3770 		if (wakeind & BRCMF_WOWL_MAGIC) {
3771 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_MAGIC\n");
3772 			wakeup_data.magic_pkt = true;
3773 		}
3774 		if (wakeind & BRCMF_WOWL_DIS) {
3775 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_DIS\n");
3776 			wakeup_data.disconnect = true;
3777 		}
3778 		if (wakeind & BRCMF_WOWL_BCN) {
3779 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_BCN\n");
3780 			wakeup_data.disconnect = true;
3781 		}
3782 		if (wakeind & BRCMF_WOWL_RETR) {
3783 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_RETR\n");
3784 			wakeup_data.disconnect = true;
3785 		}
3786 		if (wakeind & BRCMF_WOWL_NET) {
3787 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_NET\n");
3788 			/* For now always map to pattern 0, no API to get
3789 			 * correct information available at the moment.
3790 			 */
3791 			wakeup_data.pattern_idx = 0;
3792 		}
3793 		if (wakeind & BRCMF_WOWL_PFN_FOUND) {
3794 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_PFN_FOUND\n");
3795 			timeout = wait_event_timeout(cfg->wowl.nd_data_wait,
3796 				cfg->wowl.nd_data_completed,
3797 				BRCMF_ND_INFO_TIMEOUT);
3798 			if (!timeout)
3799 				bphy_err(drvr, "No result for wowl net detect\n");
3800 			else
3801 				wakeup_data.net_detect = cfg->wowl.nd_info;
3802 		}
3803 		if (wakeind & BRCMF_WOWL_GTK_FAILURE) {
3804 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_GTK_FAILURE\n");
3805 			wakeup_data.gtk_rekey_failure = true;
3806 		}
3807 	} else {
3808 		wakeup = NULL;
3809 	}
3810 	cfg80211_report_wowlan_wakeup(&ifp->vif->wdev, wakeup, GFP_KERNEL);
3811 }
3812 
3813 #else
3814 
3815 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3816 {
3817 }
3818 
3819 #endif /* CONFIG_PM */
3820 
3821 static s32 brcmf_cfg80211_resume(struct wiphy *wiphy)
3822 {
3823 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3824 	struct net_device *ndev = cfg_to_ndev(cfg);
3825 	struct brcmf_if *ifp = netdev_priv(ndev);
3826 
3827 	brcmf_dbg(TRACE, "Enter\n");
3828 
3829 	if (cfg->wowl.active) {
3830 		brcmf_report_wowl_wakeind(wiphy, ifp);
3831 		brcmf_fil_iovar_int_set(ifp, "wowl_clear", 0);
3832 		brcmf_config_wowl_pattern(ifp, "clr", NULL, 0, NULL, 0);
3833 		if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3834 			brcmf_configure_arp_nd_offload(ifp, true);
3835 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM,
3836 				      cfg->wowl.pre_pmmode);
3837 		cfg->wowl.active = false;
3838 		if (cfg->wowl.nd_enabled) {
3839 			brcmf_cfg80211_sched_scan_stop(cfg->wiphy, ifp->ndev, 0);
3840 			brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3841 			brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3842 					    brcmf_notify_sched_scan_results);
3843 			cfg->wowl.nd_enabled = false;
3844 		}
3845 	}
3846 	return 0;
3847 }
3848 
3849 static void brcmf_configure_wowl(struct brcmf_cfg80211_info *cfg,
3850 				 struct brcmf_if *ifp,
3851 				 struct cfg80211_wowlan *wowl)
3852 {
3853 	u32 wowl_config;
3854 	struct brcmf_wowl_wakeind_le wowl_wakeind;
3855 	u32 i;
3856 
3857 	brcmf_dbg(TRACE, "Suspend, wowl config.\n");
3858 
3859 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3860 		brcmf_configure_arp_nd_offload(ifp, false);
3861 	brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_PM, &cfg->wowl.pre_pmmode);
3862 	brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, PM_MAX);
3863 
3864 	wowl_config = 0;
3865 	if (wowl->disconnect)
3866 		wowl_config = BRCMF_WOWL_DIS | BRCMF_WOWL_BCN | BRCMF_WOWL_RETR;
3867 	if (wowl->magic_pkt)
3868 		wowl_config |= BRCMF_WOWL_MAGIC;
3869 	if ((wowl->patterns) && (wowl->n_patterns)) {
3870 		wowl_config |= BRCMF_WOWL_NET;
3871 		for (i = 0; i < wowl->n_patterns; i++) {
3872 			brcmf_config_wowl_pattern(ifp, "add",
3873 				(u8 *)wowl->patterns[i].pattern,
3874 				wowl->patterns[i].pattern_len,
3875 				(u8 *)wowl->patterns[i].mask,
3876 				wowl->patterns[i].pkt_offset);
3877 		}
3878 	}
3879 	if (wowl->nd_config) {
3880 		brcmf_cfg80211_sched_scan_start(cfg->wiphy, ifp->ndev,
3881 						wowl->nd_config);
3882 		wowl_config |= BRCMF_WOWL_PFN_FOUND;
3883 
3884 		cfg->wowl.nd_data_completed = false;
3885 		cfg->wowl.nd_enabled = true;
3886 		/* Now reroute the event for PFN to the wowl function. */
3887 		brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3888 		brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3889 				    brcmf_wowl_nd_results);
3890 	}
3891 	if (wowl->gtk_rekey_failure)
3892 		wowl_config |= BRCMF_WOWL_GTK_FAILURE;
3893 	if (!test_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state))
3894 		wowl_config |= BRCMF_WOWL_UNASSOC;
3895 
3896 	memcpy(&wowl_wakeind, "clear", 6);
3897 	brcmf_fil_iovar_data_set(ifp, "wowl_wakeind", &wowl_wakeind,
3898 				 sizeof(wowl_wakeind));
3899 	brcmf_fil_iovar_int_set(ifp, "wowl", wowl_config);
3900 	brcmf_fil_iovar_int_set(ifp, "wowl_activate", 1);
3901 	brcmf_bus_wowl_config(cfg->pub->bus_if, true);
3902 	cfg->wowl.active = true;
3903 }
3904 
3905 static int brcmf_keepalive_start(struct brcmf_if *ifp, unsigned int interval)
3906 {
3907 	struct brcmf_mkeep_alive_pkt_le kalive = {0};
3908 	int ret = 0;
3909 
3910 	/* Configure Null function/data keepalive */
3911 	kalive.version = cpu_to_le16(1);
3912 	kalive.period_msec = cpu_to_le32(interval * MSEC_PER_SEC);
3913 	kalive.len_bytes = cpu_to_le16(0);
3914 	kalive.keep_alive_id = 0;
3915 
3916 	ret = brcmf_fil_iovar_data_set(ifp, "mkeep_alive", &kalive, sizeof(kalive));
3917 	if (ret)
3918 		brcmf_err("keep-alive packet config failed, ret=%d\n", ret);
3919 
3920 	return ret;
3921 }
3922 
3923 static s32 brcmf_cfg80211_suspend(struct wiphy *wiphy,
3924 				  struct cfg80211_wowlan *wowl)
3925 {
3926 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3927 	struct net_device *ndev = cfg_to_ndev(cfg);
3928 	struct brcmf_if *ifp = netdev_priv(ndev);
3929 	struct brcmf_cfg80211_vif *vif;
3930 
3931 	brcmf_dbg(TRACE, "Enter\n");
3932 
3933 	/* if the primary net_device is not READY there is nothing
3934 	 * we can do but pray resume goes smoothly.
3935 	 */
3936 	if (!check_vif_up(ifp->vif))
3937 		goto exit;
3938 
3939 	/* Stop scheduled scan */
3940 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO))
3941 		brcmf_cfg80211_sched_scan_stop(wiphy, ndev, 0);
3942 
3943 	/* end any scanning */
3944 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
3945 		brcmf_abort_scanning(cfg);
3946 
3947 	if (wowl == NULL) {
3948 		brcmf_bus_wowl_config(cfg->pub->bus_if, false);
3949 		list_for_each_entry(vif, &cfg->vif_list, list) {
3950 			if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state))
3951 				continue;
3952 			/* While going to suspend if associated with AP
3953 			 * disassociate from AP to save power while system is
3954 			 * in suspended state
3955 			 */
3956 			brcmf_link_down(vif, WLAN_REASON_UNSPECIFIED, true);
3957 			/* Make sure WPA_Supplicant receives all the event
3958 			 * generated due to DISASSOC call to the fw to keep
3959 			 * the state fw and WPA_Supplicant state consistent
3960 			 */
3961 			brcmf_delay(500);
3962 		}
3963 		/* Configure MPC */
3964 		brcmf_set_mpc(ifp, 1);
3965 
3966 	} else {
3967 		/* Configure WOWL paramaters */
3968 		brcmf_configure_wowl(cfg, ifp, wowl);
3969 
3970 		/* Prevent disassociation due to inactivity with keep-alive */
3971 		brcmf_keepalive_start(ifp, 30);
3972 	}
3973 
3974 exit:
3975 	brcmf_dbg(TRACE, "Exit\n");
3976 	/* clear any scanning activity */
3977 	cfg->scan_status = 0;
3978 	return 0;
3979 }
3980 
3981 static __used s32
3982 brcmf_update_pmklist(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp)
3983 {
3984 	struct brcmf_pmk_list_le *pmk_list;
3985 	int i;
3986 	u32 npmk;
3987 	s32 err;
3988 
3989 	pmk_list = &cfg->pmk_list;
3990 	npmk = le32_to_cpu(pmk_list->npmk);
3991 
3992 	brcmf_dbg(CONN, "No of elements %d\n", npmk);
3993 	for (i = 0; i < npmk; i++)
3994 		brcmf_dbg(CONN, "PMK[%d]: %pM\n", i, &pmk_list->pmk[i].bssid);
3995 
3996 	err = brcmf_fil_iovar_data_set(ifp, "pmkid_info", pmk_list,
3997 				       sizeof(*pmk_list));
3998 
3999 	return err;
4000 }
4001 
4002 static s32
4003 brcmf_cfg80211_set_pmksa(struct wiphy *wiphy, struct net_device *ndev,
4004 			 struct cfg80211_pmksa *pmksa)
4005 {
4006 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4007 	struct brcmf_if *ifp = netdev_priv(ndev);
4008 	struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
4009 	struct brcmf_pub *drvr = cfg->pub;
4010 	s32 err;
4011 	u32 npmk, i;
4012 
4013 	brcmf_dbg(TRACE, "Enter\n");
4014 	if (!check_vif_up(ifp->vif))
4015 		return -EIO;
4016 
4017 	npmk = le32_to_cpu(cfg->pmk_list.npmk);
4018 	for (i = 0; i < npmk; i++)
4019 		if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
4020 			break;
4021 	if (i < BRCMF_MAXPMKID) {
4022 		memcpy(pmk[i].bssid, pmksa->bssid, ETH_ALEN);
4023 		memcpy(pmk[i].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
4024 		if (i == npmk) {
4025 			npmk++;
4026 			cfg->pmk_list.npmk = cpu_to_le32(npmk);
4027 		}
4028 	} else {
4029 		bphy_err(drvr, "Too many PMKSA entries cached %d\n", npmk);
4030 		return -EINVAL;
4031 	}
4032 
4033 	brcmf_dbg(CONN, "set_pmksa - PMK bssid: %pM =\n", pmk[npmk].bssid);
4034 	brcmf_dbg(CONN, "%*ph\n", WLAN_PMKID_LEN, pmk[npmk].pmkid);
4035 
4036 	err = brcmf_update_pmklist(cfg, ifp);
4037 
4038 	brcmf_dbg(TRACE, "Exit\n");
4039 	return err;
4040 }
4041 
4042 static s32
4043 brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
4044 			 struct cfg80211_pmksa *pmksa)
4045 {
4046 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4047 	struct brcmf_if *ifp = netdev_priv(ndev);
4048 	struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
4049 	struct brcmf_pub *drvr = cfg->pub;
4050 	s32 err;
4051 	u32 npmk, i;
4052 
4053 	brcmf_dbg(TRACE, "Enter\n");
4054 	if (!check_vif_up(ifp->vif))
4055 		return -EIO;
4056 
4057 	brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid);
4058 
4059 	npmk = le32_to_cpu(cfg->pmk_list.npmk);
4060 	for (i = 0; i < npmk; i++)
4061 		if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
4062 			break;
4063 
4064 	if ((npmk > 0) && (i < npmk)) {
4065 		for (; i < (npmk - 1); i++) {
4066 			memcpy(&pmk[i].bssid, &pmk[i + 1].bssid, ETH_ALEN);
4067 			memcpy(&pmk[i].pmkid, &pmk[i + 1].pmkid,
4068 			       WLAN_PMKID_LEN);
4069 		}
4070 		memset(&pmk[i], 0, sizeof(*pmk));
4071 		cfg->pmk_list.npmk = cpu_to_le32(npmk - 1);
4072 	} else {
4073 		bphy_err(drvr, "Cache entry not found\n");
4074 		return -EINVAL;
4075 	}
4076 
4077 	err = brcmf_update_pmklist(cfg, ifp);
4078 
4079 	brcmf_dbg(TRACE, "Exit\n");
4080 	return err;
4081 
4082 }
4083 
4084 static s32
4085 brcmf_cfg80211_flush_pmksa(struct wiphy *wiphy, struct net_device *ndev)
4086 {
4087 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4088 	struct brcmf_if *ifp = netdev_priv(ndev);
4089 	s32 err;
4090 
4091 	brcmf_dbg(TRACE, "Enter\n");
4092 	if (!check_vif_up(ifp->vif))
4093 		return -EIO;
4094 
4095 	memset(&cfg->pmk_list, 0, sizeof(cfg->pmk_list));
4096 	err = brcmf_update_pmklist(cfg, ifp);
4097 
4098 	brcmf_dbg(TRACE, "Exit\n");
4099 	return err;
4100 
4101 }
4102 
4103 static s32 brcmf_configure_opensecurity(struct brcmf_if *ifp)
4104 {
4105 	struct brcmf_pub *drvr = ifp->drvr;
4106 	s32 err;
4107 	s32 wpa_val;
4108 
4109 	/* set auth */
4110 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", 0);
4111 	if (err < 0) {
4112 		bphy_err(drvr, "auth error %d\n", err);
4113 		return err;
4114 	}
4115 	/* set wsec */
4116 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", 0);
4117 	if (err < 0) {
4118 		bphy_err(drvr, "wsec error %d\n", err);
4119 		return err;
4120 	}
4121 	/* set upper-layer auth */
4122 	if (brcmf_is_ibssmode(ifp->vif))
4123 		wpa_val = WPA_AUTH_NONE;
4124 	else
4125 		wpa_val = WPA_AUTH_DISABLED;
4126 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_val);
4127 	if (err < 0) {
4128 		bphy_err(drvr, "wpa_auth error %d\n", err);
4129 		return err;
4130 	}
4131 
4132 	return 0;
4133 }
4134 
4135 static bool brcmf_valid_wpa_oui(u8 *oui, bool is_rsn_ie)
4136 {
4137 	if (is_rsn_ie)
4138 		return (memcmp(oui, RSN_OUI, TLV_OUI_LEN) == 0);
4139 
4140 	return (memcmp(oui, WPA_OUI, TLV_OUI_LEN) == 0);
4141 }
4142 
4143 static s32
4144 brcmf_configure_wpaie(struct brcmf_if *ifp,
4145 		      const struct brcmf_vs_tlv *wpa_ie,
4146 		      bool is_rsn_ie)
4147 {
4148 	struct brcmf_pub *drvr = ifp->drvr;
4149 	u32 auth = 0; /* d11 open authentication */
4150 	u16 count;
4151 	s32 err = 0;
4152 	s32 len;
4153 	u32 i;
4154 	u32 wsec;
4155 	u32 pval = 0;
4156 	u32 gval = 0;
4157 	u32 wpa_auth = 0;
4158 	u32 offset;
4159 	u8 *data;
4160 	u16 rsn_cap;
4161 	u32 wme_bss_disable;
4162 	u32 mfp;
4163 
4164 	brcmf_dbg(TRACE, "Enter\n");
4165 	if (wpa_ie == NULL)
4166 		goto exit;
4167 
4168 	len = wpa_ie->len + TLV_HDR_LEN;
4169 	data = (u8 *)wpa_ie;
4170 	offset = TLV_HDR_LEN;
4171 	if (!is_rsn_ie)
4172 		offset += VS_IE_FIXED_HDR_LEN;
4173 	else
4174 		offset += WPA_IE_VERSION_LEN;
4175 
4176 	/* check for multicast cipher suite */
4177 	if (offset + WPA_IE_MIN_OUI_LEN > len) {
4178 		err = -EINVAL;
4179 		bphy_err(drvr, "no multicast cipher suite\n");
4180 		goto exit;
4181 	}
4182 
4183 	if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4184 		err = -EINVAL;
4185 		bphy_err(drvr, "ivalid OUI\n");
4186 		goto exit;
4187 	}
4188 	offset += TLV_OUI_LEN;
4189 
4190 	/* pick up multicast cipher */
4191 	switch (data[offset]) {
4192 	case WPA_CIPHER_NONE:
4193 		gval = 0;
4194 		break;
4195 	case WPA_CIPHER_WEP_40:
4196 	case WPA_CIPHER_WEP_104:
4197 		gval = WEP_ENABLED;
4198 		break;
4199 	case WPA_CIPHER_TKIP:
4200 		gval = TKIP_ENABLED;
4201 		break;
4202 	case WPA_CIPHER_AES_CCM:
4203 		gval = AES_ENABLED;
4204 		break;
4205 	default:
4206 		err = -EINVAL;
4207 		bphy_err(drvr, "Invalid multi cast cipher info\n");
4208 		goto exit;
4209 	}
4210 
4211 	offset++;
4212 	/* walk thru unicast cipher list and pick up what we recognize */
4213 	count = data[offset] + (data[offset + 1] << 8);
4214 	offset += WPA_IE_SUITE_COUNT_LEN;
4215 	/* Check for unicast suite(s) */
4216 	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4217 		err = -EINVAL;
4218 		bphy_err(drvr, "no unicast cipher suite\n");
4219 		goto exit;
4220 	}
4221 	for (i = 0; i < count; i++) {
4222 		if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4223 			err = -EINVAL;
4224 			bphy_err(drvr, "ivalid OUI\n");
4225 			goto exit;
4226 		}
4227 		offset += TLV_OUI_LEN;
4228 		switch (data[offset]) {
4229 		case WPA_CIPHER_NONE:
4230 			break;
4231 		case WPA_CIPHER_WEP_40:
4232 		case WPA_CIPHER_WEP_104:
4233 			pval |= WEP_ENABLED;
4234 			break;
4235 		case WPA_CIPHER_TKIP:
4236 			pval |= TKIP_ENABLED;
4237 			break;
4238 		case WPA_CIPHER_AES_CCM:
4239 			pval |= AES_ENABLED;
4240 			break;
4241 		default:
4242 			bphy_err(drvr, "Invalid unicast security info\n");
4243 		}
4244 		offset++;
4245 	}
4246 	/* walk thru auth management suite list and pick up what we recognize */
4247 	count = data[offset] + (data[offset + 1] << 8);
4248 	offset += WPA_IE_SUITE_COUNT_LEN;
4249 	/* Check for auth key management suite(s) */
4250 	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4251 		err = -EINVAL;
4252 		bphy_err(drvr, "no auth key mgmt suite\n");
4253 		goto exit;
4254 	}
4255 	for (i = 0; i < count; i++) {
4256 		if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4257 			err = -EINVAL;
4258 			bphy_err(drvr, "ivalid OUI\n");
4259 			goto exit;
4260 		}
4261 		offset += TLV_OUI_LEN;
4262 		switch (data[offset]) {
4263 		case RSN_AKM_NONE:
4264 			brcmf_dbg(TRACE, "RSN_AKM_NONE\n");
4265 			wpa_auth |= WPA_AUTH_NONE;
4266 			break;
4267 		case RSN_AKM_UNSPECIFIED:
4268 			brcmf_dbg(TRACE, "RSN_AKM_UNSPECIFIED\n");
4269 			is_rsn_ie ? (wpa_auth |= WPA2_AUTH_UNSPECIFIED) :
4270 				    (wpa_auth |= WPA_AUTH_UNSPECIFIED);
4271 			break;
4272 		case RSN_AKM_PSK:
4273 			brcmf_dbg(TRACE, "RSN_AKM_PSK\n");
4274 			is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
4275 				    (wpa_auth |= WPA_AUTH_PSK);
4276 			break;
4277 		case RSN_AKM_SHA256_PSK:
4278 			brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
4279 			wpa_auth |= WPA2_AUTH_PSK_SHA256;
4280 			break;
4281 		case RSN_AKM_SHA256_1X:
4282 			brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
4283 			wpa_auth |= WPA2_AUTH_1X_SHA256;
4284 			break;
4285 		case RSN_AKM_SAE:
4286 			brcmf_dbg(TRACE, "RSN_AKM_SAE\n");
4287 			wpa_auth |= WPA3_AUTH_SAE_PSK;
4288 			break;
4289 		default:
4290 			bphy_err(drvr, "Invalid key mgmt info\n");
4291 		}
4292 		offset++;
4293 	}
4294 
4295 	mfp = BRCMF_MFP_NONE;
4296 	if (is_rsn_ie) {
4297 		wme_bss_disable = 1;
4298 		if ((offset + RSN_CAP_LEN) <= len) {
4299 			rsn_cap = data[offset] + (data[offset + 1] << 8);
4300 			if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
4301 				wme_bss_disable = 0;
4302 			if (rsn_cap & RSN_CAP_MFPR_MASK) {
4303 				brcmf_dbg(TRACE, "MFP Required\n");
4304 				mfp = BRCMF_MFP_REQUIRED;
4305 				/* Firmware only supports mfp required in
4306 				 * combination with WPA2_AUTH_PSK_SHA256,
4307 				 * WPA2_AUTH_1X_SHA256, or WPA3_AUTH_SAE_PSK.
4308 				 */
4309 				if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
4310 						  WPA2_AUTH_1X_SHA256 |
4311 						  WPA3_AUTH_SAE_PSK))) {
4312 					err = -EINVAL;
4313 					goto exit;
4314 				}
4315 				/* Firmware has requirement that WPA2_AUTH_PSK/
4316 				 * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
4317 				 * is to be included in the rsn ie.
4318 				 */
4319 				if (wpa_auth & WPA2_AUTH_PSK_SHA256)
4320 					wpa_auth |= WPA2_AUTH_PSK;
4321 				else if (wpa_auth & WPA2_AUTH_1X_SHA256)
4322 					wpa_auth |= WPA2_AUTH_UNSPECIFIED;
4323 			} else if (rsn_cap & RSN_CAP_MFPC_MASK) {
4324 				brcmf_dbg(TRACE, "MFP Capable\n");
4325 				mfp = BRCMF_MFP_CAPABLE;
4326 			}
4327 		}
4328 		offset += RSN_CAP_LEN;
4329 		/* set wme_bss_disable to sync RSN Capabilities */
4330 		err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
4331 					       wme_bss_disable);
4332 		if (err < 0) {
4333 			bphy_err(drvr, "wme_bss_disable error %d\n", err);
4334 			goto exit;
4335 		}
4336 
4337 		/* Skip PMKID cnt as it is know to be 0 for AP. */
4338 		offset += RSN_PMKID_COUNT_LEN;
4339 
4340 		/* See if there is BIP wpa suite left for MFP */
4341 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
4342 		    ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
4343 			err = brcmf_fil_bsscfg_data_set(ifp, "bip",
4344 							&data[offset],
4345 							WPA_IE_MIN_OUI_LEN);
4346 			if (err < 0) {
4347 				bphy_err(drvr, "bip error %d\n", err);
4348 				goto exit;
4349 			}
4350 		}
4351 	}
4352 	/* FOR WPS , set SES_OW_ENABLED */
4353 	wsec = (pval | gval | SES_OW_ENABLED);
4354 
4355 	/* set auth */
4356 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", auth);
4357 	if (err < 0) {
4358 		bphy_err(drvr, "auth error %d\n", err);
4359 		goto exit;
4360 	}
4361 	/* set wsec */
4362 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
4363 	if (err < 0) {
4364 		bphy_err(drvr, "wsec error %d\n", err);
4365 		goto exit;
4366 	}
4367 	/* Configure MFP, this needs to go after wsec otherwise the wsec command
4368 	 * will overwrite the values set by MFP
4369 	 */
4370 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
4371 		err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
4372 		if (err < 0) {
4373 			bphy_err(drvr, "mfp error %d\n", err);
4374 			goto exit;
4375 		}
4376 	}
4377 	/* set upper-layer auth */
4378 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
4379 	if (err < 0) {
4380 		bphy_err(drvr, "wpa_auth error %d\n", err);
4381 		goto exit;
4382 	}
4383 
4384 exit:
4385 	return err;
4386 }
4387 
4388 static s32
4389 brcmf_parse_vndr_ies(const u8 *vndr_ie_buf, u32 vndr_ie_len,
4390 		     struct parsed_vndr_ies *vndr_ies)
4391 {
4392 	struct brcmf_vs_tlv *vndrie;
4393 	struct brcmf_tlv *ie;
4394 	struct parsed_vndr_ie_info *parsed_info;
4395 	s32 remaining_len;
4396 
4397 	remaining_len = (s32)vndr_ie_len;
4398 	memset(vndr_ies, 0, sizeof(*vndr_ies));
4399 
4400 	ie = (struct brcmf_tlv *)vndr_ie_buf;
4401 	while (ie) {
4402 		if (ie->id != WLAN_EID_VENDOR_SPECIFIC)
4403 			goto next;
4404 		vndrie = (struct brcmf_vs_tlv *)ie;
4405 		/* len should be bigger than OUI length + one */
4406 		if (vndrie->len < (VS_IE_FIXED_HDR_LEN - TLV_HDR_LEN + 1)) {
4407 			brcmf_err("invalid vndr ie. length is too small %d\n",
4408 				  vndrie->len);
4409 			goto next;
4410 		}
4411 		/* if wpa or wme ie, do not add ie */
4412 		if (!memcmp(vndrie->oui, (u8 *)WPA_OUI, TLV_OUI_LEN) &&
4413 		    ((vndrie->oui_type == WPA_OUI_TYPE) ||
4414 		    (vndrie->oui_type == WME_OUI_TYPE))) {
4415 			brcmf_dbg(TRACE, "Found WPA/WME oui. Do not add it\n");
4416 			goto next;
4417 		}
4418 
4419 		parsed_info = &vndr_ies->ie_info[vndr_ies->count];
4420 
4421 		/* save vndr ie information */
4422 		parsed_info->ie_ptr = (char *)vndrie;
4423 		parsed_info->ie_len = vndrie->len + TLV_HDR_LEN;
4424 		memcpy(&parsed_info->vndrie, vndrie, sizeof(*vndrie));
4425 
4426 		vndr_ies->count++;
4427 
4428 		brcmf_dbg(TRACE, "** OUI %3ph, type 0x%02x\n",
4429 			  parsed_info->vndrie.oui,
4430 			  parsed_info->vndrie.oui_type);
4431 
4432 		if (vndr_ies->count >= VNDR_IE_PARSE_LIMIT)
4433 			break;
4434 next:
4435 		remaining_len -= (ie->len + TLV_HDR_LEN);
4436 		if (remaining_len <= TLV_HDR_LEN)
4437 			ie = NULL;
4438 		else
4439 			ie = (struct brcmf_tlv *)(((u8 *)ie) + ie->len +
4440 				TLV_HDR_LEN);
4441 	}
4442 	return 0;
4443 }
4444 
4445 static u32
4446 brcmf_vndr_ie(u8 *iebuf, s32 pktflag, u8 *ie_ptr, u32 ie_len, s8 *add_del_cmd)
4447 {
4448 	strscpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN);
4449 
4450 	put_unaligned_le32(1, &iebuf[VNDR_IE_COUNT_OFFSET]);
4451 
4452 	put_unaligned_le32(pktflag, &iebuf[VNDR_IE_PKTFLAG_OFFSET]);
4453 
4454 	memcpy(&iebuf[VNDR_IE_VSIE_OFFSET], ie_ptr, ie_len);
4455 
4456 	return ie_len + VNDR_IE_HDR_SIZE;
4457 }
4458 
4459 s32 brcmf_vif_set_mgmt_ie(struct brcmf_cfg80211_vif *vif, s32 pktflag,
4460 			  const u8 *vndr_ie_buf, u32 vndr_ie_len)
4461 {
4462 	struct brcmf_pub *drvr;
4463 	struct brcmf_if *ifp;
4464 	struct vif_saved_ie *saved_ie;
4465 	s32 err = 0;
4466 	u8  *iovar_ie_buf;
4467 	u8  *curr_ie_buf;
4468 	u8  *mgmt_ie_buf = NULL;
4469 	int mgmt_ie_buf_len;
4470 	u32 *mgmt_ie_len;
4471 	u32 del_add_ie_buf_len = 0;
4472 	u32 total_ie_buf_len = 0;
4473 	u32 parsed_ie_buf_len = 0;
4474 	struct parsed_vndr_ies old_vndr_ies;
4475 	struct parsed_vndr_ies new_vndr_ies;
4476 	struct parsed_vndr_ie_info *vndrie_info;
4477 	s32 i;
4478 	u8 *ptr;
4479 	int remained_buf_len;
4480 
4481 	if (!vif)
4482 		return -ENODEV;
4483 	ifp = vif->ifp;
4484 	drvr = ifp->drvr;
4485 	saved_ie = &vif->saved_ie;
4486 
4487 	brcmf_dbg(TRACE, "bsscfgidx %d, pktflag : 0x%02X\n", ifp->bsscfgidx,
4488 		  pktflag);
4489 	iovar_ie_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
4490 	if (!iovar_ie_buf)
4491 		return -ENOMEM;
4492 	curr_ie_buf = iovar_ie_buf;
4493 	switch (pktflag) {
4494 	case BRCMF_VNDR_IE_PRBREQ_FLAG:
4495 		mgmt_ie_buf = saved_ie->probe_req_ie;
4496 		mgmt_ie_len = &saved_ie->probe_req_ie_len;
4497 		mgmt_ie_buf_len = sizeof(saved_ie->probe_req_ie);
4498 		break;
4499 	case BRCMF_VNDR_IE_PRBRSP_FLAG:
4500 		mgmt_ie_buf = saved_ie->probe_res_ie;
4501 		mgmt_ie_len = &saved_ie->probe_res_ie_len;
4502 		mgmt_ie_buf_len = sizeof(saved_ie->probe_res_ie);
4503 		break;
4504 	case BRCMF_VNDR_IE_BEACON_FLAG:
4505 		mgmt_ie_buf = saved_ie->beacon_ie;
4506 		mgmt_ie_len = &saved_ie->beacon_ie_len;
4507 		mgmt_ie_buf_len = sizeof(saved_ie->beacon_ie);
4508 		break;
4509 	case BRCMF_VNDR_IE_ASSOCREQ_FLAG:
4510 		mgmt_ie_buf = saved_ie->assoc_req_ie;
4511 		mgmt_ie_len = &saved_ie->assoc_req_ie_len;
4512 		mgmt_ie_buf_len = sizeof(saved_ie->assoc_req_ie);
4513 		break;
4514 	case BRCMF_VNDR_IE_ASSOCRSP_FLAG:
4515 		mgmt_ie_buf = saved_ie->assoc_res_ie;
4516 		mgmt_ie_len = &saved_ie->assoc_res_ie_len;
4517 		mgmt_ie_buf_len = sizeof(saved_ie->assoc_res_ie);
4518 		break;
4519 	default:
4520 		err = -EPERM;
4521 		bphy_err(drvr, "not suitable type\n");
4522 		goto exit;
4523 	}
4524 
4525 	if (vndr_ie_len > mgmt_ie_buf_len) {
4526 		err = -ENOMEM;
4527 		bphy_err(drvr, "extra IE size too big\n");
4528 		goto exit;
4529 	}
4530 
4531 	/* parse and save new vndr_ie in curr_ie_buff before comparing it */
4532 	if (vndr_ie_buf && vndr_ie_len && curr_ie_buf) {
4533 		ptr = curr_ie_buf;
4534 		brcmf_parse_vndr_ies(vndr_ie_buf, vndr_ie_len, &new_vndr_ies);
4535 		for (i = 0; i < new_vndr_ies.count; i++) {
4536 			vndrie_info = &new_vndr_ies.ie_info[i];
4537 			memcpy(ptr + parsed_ie_buf_len, vndrie_info->ie_ptr,
4538 			       vndrie_info->ie_len);
4539 			parsed_ie_buf_len += vndrie_info->ie_len;
4540 		}
4541 	}
4542 
4543 	if (mgmt_ie_buf && *mgmt_ie_len) {
4544 		if (parsed_ie_buf_len && (parsed_ie_buf_len == *mgmt_ie_len) &&
4545 		    (memcmp(mgmt_ie_buf, curr_ie_buf,
4546 			    parsed_ie_buf_len) == 0)) {
4547 			brcmf_dbg(TRACE, "Previous mgmt IE equals to current IE\n");
4548 			goto exit;
4549 		}
4550 
4551 		/* parse old vndr_ie */
4552 		brcmf_parse_vndr_ies(mgmt_ie_buf, *mgmt_ie_len, &old_vndr_ies);
4553 
4554 		/* make a command to delete old ie */
4555 		for (i = 0; i < old_vndr_ies.count; i++) {
4556 			vndrie_info = &old_vndr_ies.ie_info[i];
4557 
4558 			brcmf_dbg(TRACE, "DEL ID : %d, Len: %d , OUI:%3ph\n",
4559 				  vndrie_info->vndrie.id,
4560 				  vndrie_info->vndrie.len,
4561 				  vndrie_info->vndrie.oui);
4562 
4563 			del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4564 							   vndrie_info->ie_ptr,
4565 							   vndrie_info->ie_len,
4566 							   "del");
4567 			curr_ie_buf += del_add_ie_buf_len;
4568 			total_ie_buf_len += del_add_ie_buf_len;
4569 		}
4570 	}
4571 
4572 	*mgmt_ie_len = 0;
4573 	/* Add if there is any extra IE */
4574 	if (mgmt_ie_buf && parsed_ie_buf_len) {
4575 		ptr = mgmt_ie_buf;
4576 
4577 		remained_buf_len = mgmt_ie_buf_len;
4578 
4579 		/* make a command to add new ie */
4580 		for (i = 0; i < new_vndr_ies.count; i++) {
4581 			vndrie_info = &new_vndr_ies.ie_info[i];
4582 
4583 			/* verify remained buf size before copy data */
4584 			if (remained_buf_len < (vndrie_info->vndrie.len +
4585 							VNDR_IE_VSIE_OFFSET)) {
4586 				bphy_err(drvr, "no space in mgmt_ie_buf: len left %d",
4587 					 remained_buf_len);
4588 				break;
4589 			}
4590 			remained_buf_len -= (vndrie_info->ie_len +
4591 					     VNDR_IE_VSIE_OFFSET);
4592 
4593 			brcmf_dbg(TRACE, "ADDED ID : %d, Len: %d, OUI:%3ph\n",
4594 				  vndrie_info->vndrie.id,
4595 				  vndrie_info->vndrie.len,
4596 				  vndrie_info->vndrie.oui);
4597 
4598 			del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4599 							   vndrie_info->ie_ptr,
4600 							   vndrie_info->ie_len,
4601 							   "add");
4602 
4603 			/* save the parsed IE in wl struct */
4604 			memcpy(ptr + (*mgmt_ie_len), vndrie_info->ie_ptr,
4605 			       vndrie_info->ie_len);
4606 			*mgmt_ie_len += vndrie_info->ie_len;
4607 
4608 			curr_ie_buf += del_add_ie_buf_len;
4609 			total_ie_buf_len += del_add_ie_buf_len;
4610 		}
4611 	}
4612 	if (total_ie_buf_len) {
4613 		err  = brcmf_fil_bsscfg_data_set(ifp, "vndr_ie", iovar_ie_buf,
4614 						 total_ie_buf_len);
4615 		if (err)
4616 			bphy_err(drvr, "vndr ie set error : %d\n", err);
4617 	}
4618 
4619 exit:
4620 	kfree(iovar_ie_buf);
4621 	return err;
4622 }
4623 
4624 s32 brcmf_vif_clear_mgmt_ies(struct brcmf_cfg80211_vif *vif)
4625 {
4626 	static const s32 pktflags[] = {
4627 		BRCMF_VNDR_IE_PRBREQ_FLAG,
4628 		BRCMF_VNDR_IE_PRBRSP_FLAG,
4629 		BRCMF_VNDR_IE_BEACON_FLAG
4630 	};
4631 	int i;
4632 
4633 	for (i = 0; i < ARRAY_SIZE(pktflags); i++)
4634 		brcmf_vif_set_mgmt_ie(vif, pktflags[i], NULL, 0);
4635 
4636 	memset(&vif->saved_ie, 0, sizeof(vif->saved_ie));
4637 	return 0;
4638 }
4639 
4640 static s32
4641 brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif *vif,
4642 			struct cfg80211_beacon_data *beacon)
4643 {
4644 	struct brcmf_pub *drvr = vif->ifp->drvr;
4645 	s32 err;
4646 
4647 	/* Set Beacon IEs to FW */
4648 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_BEACON_FLAG,
4649 				    beacon->tail, beacon->tail_len);
4650 	if (err) {
4651 		bphy_err(drvr, "Set Beacon IE Failed\n");
4652 		return err;
4653 	}
4654 	brcmf_dbg(TRACE, "Applied Vndr IEs for Beacon\n");
4655 
4656 	/* Set Probe Response IEs to FW */
4657 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBRSP_FLAG,
4658 				    beacon->proberesp_ies,
4659 				    beacon->proberesp_ies_len);
4660 	if (err)
4661 		bphy_err(drvr, "Set Probe Resp IE Failed\n");
4662 	else
4663 		brcmf_dbg(TRACE, "Applied Vndr IEs for Probe Resp\n");
4664 
4665 	/* Set Assoc Response IEs to FW */
4666 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_ASSOCRSP_FLAG,
4667 				    beacon->assocresp_ies,
4668 				    beacon->assocresp_ies_len);
4669 	if (err)
4670 		brcmf_err("Set Assoc Resp IE Failed\n");
4671 	else
4672 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc Resp\n");
4673 
4674 	return err;
4675 }
4676 
4677 static s32
4678 brcmf_parse_configure_security(struct brcmf_if *ifp,
4679 			       struct cfg80211_ap_settings *settings,
4680 			       enum nl80211_iftype dev_role)
4681 {
4682 	const struct brcmf_tlv *rsn_ie;
4683 	const struct brcmf_vs_tlv *wpa_ie;
4684 	s32 err = 0;
4685 
4686 	/* find the RSN_IE */
4687 	rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4688 				  settings->beacon.tail_len, WLAN_EID_RSN);
4689 
4690 	/* find the WPA_IE */
4691 	wpa_ie = brcmf_find_wpaie((u8 *)settings->beacon.tail,
4692 				  settings->beacon.tail_len);
4693 
4694 	if (wpa_ie || rsn_ie) {
4695 		brcmf_dbg(TRACE, "WPA(2) IE is found\n");
4696 		if (wpa_ie) {
4697 			/* WPA IE */
4698 			err = brcmf_configure_wpaie(ifp, wpa_ie, false);
4699 			if (err < 0)
4700 				return err;
4701 		} else {
4702 			struct brcmf_vs_tlv *tmp_ie;
4703 
4704 			tmp_ie = (struct brcmf_vs_tlv *)rsn_ie;
4705 
4706 			/* RSN IE */
4707 			err = brcmf_configure_wpaie(ifp, tmp_ie, true);
4708 			if (err < 0)
4709 				return err;
4710 		}
4711 	} else {
4712 		brcmf_dbg(TRACE, "No WPA(2) IEs found\n");
4713 		brcmf_configure_opensecurity(ifp);
4714 	}
4715 
4716 	return err;
4717 }
4718 
4719 static s32
4720 brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
4721 			struct cfg80211_ap_settings *settings)
4722 {
4723 	s32 ie_offset;
4724 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4725 	struct brcmf_if *ifp = netdev_priv(ndev);
4726 	struct brcmf_pub *drvr = cfg->pub;
4727 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4728 	struct cfg80211_crypto_settings *crypto = &settings->crypto;
4729 	const struct brcmf_tlv *ssid_ie;
4730 	const struct brcmf_tlv *country_ie;
4731 	struct brcmf_ssid_le ssid_le;
4732 	s32 err = -EPERM;
4733 	struct brcmf_join_params join_params;
4734 	enum nl80211_iftype dev_role;
4735 	struct brcmf_fil_bss_enable_le bss_enable;
4736 	u16 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef);
4737 	bool mbss;
4738 	int is_11d;
4739 	bool supports_11d;
4740 
4741 	brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n",
4742 		  settings->chandef.chan->hw_value,
4743 		  settings->chandef.center_freq1, settings->chandef.width,
4744 		  settings->beacon_interval, settings->dtim_period);
4745 	brcmf_dbg(TRACE, "ssid=%s(%zu), auth_type=%d, inactivity_timeout=%d\n",
4746 		  settings->ssid, settings->ssid_len, settings->auth_type,
4747 		  settings->inactivity_timeout);
4748 	dev_role = ifp->vif->wdev.iftype;
4749 	mbss = ifp->vif->mbss;
4750 
4751 	/* store current 11d setting */
4752 	if (brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_REGULATORY,
4753 				  &ifp->vif->is_11d)) {
4754 		is_11d = supports_11d = false;
4755 	} else {
4756 		country_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4757 					      settings->beacon.tail_len,
4758 					      WLAN_EID_COUNTRY);
4759 		is_11d = country_ie ? 1 : 0;
4760 		supports_11d = true;
4761 	}
4762 
4763 	memset(&ssid_le, 0, sizeof(ssid_le));
4764 	if (settings->ssid == NULL || settings->ssid_len == 0) {
4765 		ie_offset = DOT11_MGMT_HDR_LEN + DOT11_BCN_PRB_FIXED_LEN;
4766 		ssid_ie = brcmf_parse_tlvs(
4767 				(u8 *)&settings->beacon.head[ie_offset],
4768 				settings->beacon.head_len - ie_offset,
4769 				WLAN_EID_SSID);
4770 		if (!ssid_ie || ssid_ie->len > IEEE80211_MAX_SSID_LEN)
4771 			return -EINVAL;
4772 
4773 		memcpy(ssid_le.SSID, ssid_ie->data, ssid_ie->len);
4774 		ssid_le.SSID_len = cpu_to_le32(ssid_ie->len);
4775 		brcmf_dbg(TRACE, "SSID is (%s) in Head\n", ssid_le.SSID);
4776 	} else {
4777 		memcpy(ssid_le.SSID, settings->ssid, settings->ssid_len);
4778 		ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len);
4779 	}
4780 
4781 	if (!mbss) {
4782 		brcmf_set_mpc(ifp, 0);
4783 		brcmf_configure_arp_nd_offload(ifp, false);
4784 	}
4785 
4786 	/* Parameters shared by all radio interfaces */
4787 	if (!mbss) {
4788 		if ((supports_11d) && (is_11d != ifp->vif->is_11d)) {
4789 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4790 						    is_11d);
4791 			if (err < 0) {
4792 				bphy_err(drvr, "Regulatory Set Error, %d\n",
4793 					 err);
4794 				goto exit;
4795 			}
4796 		}
4797 		if (settings->beacon_interval) {
4798 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
4799 						    settings->beacon_interval);
4800 			if (err < 0) {
4801 				bphy_err(drvr, "Beacon Interval Set Error, %d\n",
4802 					 err);
4803 				goto exit;
4804 			}
4805 		}
4806 		if (settings->dtim_period) {
4807 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
4808 						    settings->dtim_period);
4809 			if (err < 0) {
4810 				bphy_err(drvr, "DTIM Interval Set Error, %d\n",
4811 					 err);
4812 				goto exit;
4813 			}
4814 		}
4815 
4816 		if ((dev_role == NL80211_IFTYPE_AP) &&
4817 		    ((ifp->ifidx == 0) ||
4818 		     (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB) &&
4819 		      !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN)))) {
4820 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4821 			if (err < 0) {
4822 				bphy_err(drvr, "BRCMF_C_DOWN error %d\n",
4823 					 err);
4824 				goto exit;
4825 			}
4826 			brcmf_fil_iovar_int_set(ifp, "apsta", 0);
4827 		}
4828 
4829 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
4830 		if (err < 0) {
4831 			bphy_err(drvr, "SET INFRA error %d\n", err);
4832 			goto exit;
4833 		}
4834 	} else if (WARN_ON(supports_11d && (is_11d != ifp->vif->is_11d))) {
4835 		/* Multiple-BSS should use same 11d configuration */
4836 		err = -EINVAL;
4837 		goto exit;
4838 	}
4839 
4840 	/* Interface specific setup */
4841 	if (dev_role == NL80211_IFTYPE_AP) {
4842 		if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss))
4843 			brcmf_fil_iovar_int_set(ifp, "mbss", 1);
4844 
4845 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
4846 		if (err < 0) {
4847 			bphy_err(drvr, "setting AP mode failed %d\n",
4848 				 err);
4849 			goto exit;
4850 		}
4851 		if (!mbss) {
4852 			/* Firmware 10.x requires setting channel after enabling
4853 			 * AP and before bringing interface up.
4854 			 */
4855 			err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4856 			if (err < 0) {
4857 				bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4858 					 chanspec, err);
4859 				goto exit;
4860 			}
4861 		}
4862 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4863 		if (err < 0) {
4864 			bphy_err(drvr, "BRCMF_C_UP error (%d)\n", err);
4865 			goto exit;
4866 		}
4867 
4868 		if (crypto->psk) {
4869 			brcmf_dbg(INFO, "using PSK offload\n");
4870 			profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_PSK);
4871 			err = brcmf_set_pmk(ifp, crypto->psk,
4872 					    BRCMF_WSEC_MAX_PSK_LEN);
4873 			if (err < 0)
4874 				goto exit;
4875 		}
4876 		if (crypto->sae_pwd) {
4877 			brcmf_dbg(INFO, "using SAE offload\n");
4878 			profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE);
4879 			err = brcmf_set_sae_password(ifp, crypto->sae_pwd,
4880 						     crypto->sae_pwd_len);
4881 			if (err < 0)
4882 				goto exit;
4883 		}
4884 		if (profile->use_fwauth == 0)
4885 			profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4886 
4887 		err = brcmf_parse_configure_security(ifp, settings,
4888 						     NL80211_IFTYPE_AP);
4889 		if (err < 0) {
4890 			bphy_err(drvr, "brcmf_parse_configure_security error\n");
4891 			goto exit;
4892 		}
4893 
4894 		/* On DOWN the firmware removes the WEP keys, reconfigure
4895 		 * them if they were set.
4896 		 */
4897 		brcmf_cfg80211_reconfigure_wep(ifp);
4898 
4899 		memset(&join_params, 0, sizeof(join_params));
4900 		/* join parameters starts with ssid */
4901 		memcpy(&join_params.ssid_le, &ssid_le, sizeof(ssid_le));
4902 		/* create softap */
4903 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4904 					     &join_params, sizeof(join_params));
4905 		if (err < 0) {
4906 			bphy_err(drvr, "SET SSID error (%d)\n", err);
4907 			goto exit;
4908 		}
4909 
4910 		err = brcmf_fil_iovar_int_set(ifp, "closednet",
4911 					      settings->hidden_ssid);
4912 		if (err) {
4913 			bphy_err(drvr, "%s closednet error (%d)\n",
4914 				 settings->hidden_ssid ?
4915 				 "enabled" : "disabled",
4916 				 err);
4917 			goto exit;
4918 		}
4919 
4920 		brcmf_dbg(TRACE, "AP mode configuration complete\n");
4921 	} else if (dev_role == NL80211_IFTYPE_P2P_GO) {
4922 		err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4923 		if (err < 0) {
4924 			bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4925 				 chanspec, err);
4926 			goto exit;
4927 		}
4928 
4929 		err = brcmf_parse_configure_security(ifp, settings,
4930 						     NL80211_IFTYPE_P2P_GO);
4931 		if (err < 0) {
4932 			brcmf_err("brcmf_parse_configure_security error\n");
4933 			goto exit;
4934 		}
4935 
4936 		err = brcmf_fil_bsscfg_data_set(ifp, "ssid", &ssid_le,
4937 						sizeof(ssid_le));
4938 		if (err < 0) {
4939 			bphy_err(drvr, "setting ssid failed %d\n", err);
4940 			goto exit;
4941 		}
4942 		bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
4943 		bss_enable.enable = cpu_to_le32(1);
4944 		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
4945 					       sizeof(bss_enable));
4946 		if (err < 0) {
4947 			bphy_err(drvr, "bss_enable config failed %d\n", err);
4948 			goto exit;
4949 		}
4950 
4951 		brcmf_dbg(TRACE, "GO mode configuration complete\n");
4952 	} else {
4953 		WARN_ON(1);
4954 	}
4955 
4956 	brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon);
4957 	set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
4958 	brcmf_net_setcarrier(ifp, true);
4959 
4960 exit:
4961 	if ((err) && (!mbss)) {
4962 		brcmf_set_mpc(ifp, 1);
4963 		brcmf_configure_arp_nd_offload(ifp, true);
4964 	}
4965 	return err;
4966 }
4967 
4968 static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev)
4969 {
4970 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4971 	struct brcmf_if *ifp = netdev_priv(ndev);
4972 	struct brcmf_pub *drvr = cfg->pub;
4973 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4974 	s32 err;
4975 	struct brcmf_fil_bss_enable_le bss_enable;
4976 	struct brcmf_join_params join_params;
4977 
4978 	brcmf_dbg(TRACE, "Enter\n");
4979 
4980 	if (ifp->vif->wdev.iftype == NL80211_IFTYPE_AP) {
4981 		/* Due to most likely deauths outstanding we sleep */
4982 		/* first to make sure they get processed by fw. */
4983 		msleep(400);
4984 
4985 		if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) {
4986 			if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK))
4987 				brcmf_set_pmk(ifp, NULL, 0);
4988 			if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE))
4989 				brcmf_set_sae_password(ifp, NULL, 0);
4990 			profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4991 		}
4992 
4993 		if (ifp->vif->mbss) {
4994 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4995 			return err;
4996 		}
4997 
4998 		/* First BSS doesn't get a full reset */
4999 		if (ifp->bsscfgidx == 0)
5000 			brcmf_fil_iovar_int_set(ifp, "closednet", 0);
5001 
5002 		memset(&join_params, 0, sizeof(join_params));
5003 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
5004 					     &join_params, sizeof(join_params));
5005 		if (err < 0)
5006 			bphy_err(drvr, "SET SSID error (%d)\n", err);
5007 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
5008 		if (err < 0)
5009 			bphy_err(drvr, "BRCMF_C_DOWN error %d\n", err);
5010 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0);
5011 		if (err < 0)
5012 			bphy_err(drvr, "setting AP mode failed %d\n", err);
5013 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
5014 			brcmf_fil_iovar_int_set(ifp, "mbss", 0);
5015 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
5016 				      ifp->vif->is_11d);
5017 		/* Bring device back up so it can be used again */
5018 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
5019 		if (err < 0)
5020 			bphy_err(drvr, "BRCMF_C_UP error %d\n", err);
5021 
5022 		brcmf_vif_clear_mgmt_ies(ifp->vif);
5023 	} else {
5024 		bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
5025 		bss_enable.enable = cpu_to_le32(0);
5026 		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
5027 					       sizeof(bss_enable));
5028 		if (err < 0)
5029 			bphy_err(drvr, "bss_enable config failed %d\n", err);
5030 	}
5031 	brcmf_set_mpc(ifp, 1);
5032 	brcmf_configure_arp_nd_offload(ifp, true);
5033 	clear_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
5034 	brcmf_net_setcarrier(ifp, false);
5035 
5036 	return err;
5037 }
5038 
5039 static s32
5040 brcmf_cfg80211_change_beacon(struct wiphy *wiphy, struct net_device *ndev,
5041 			     struct cfg80211_beacon_data *info)
5042 {
5043 	struct brcmf_if *ifp = netdev_priv(ndev);
5044 	s32 err;
5045 
5046 	brcmf_dbg(TRACE, "Enter\n");
5047 
5048 	err = brcmf_config_ap_mgmt_ie(ifp->vif, info);
5049 
5050 	return err;
5051 }
5052 
5053 static int
5054 brcmf_cfg80211_del_station(struct wiphy *wiphy, struct net_device *ndev,
5055 			   struct station_del_parameters *params)
5056 {
5057 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5058 	struct brcmf_pub *drvr = cfg->pub;
5059 	struct brcmf_scb_val_le scbval;
5060 	struct brcmf_if *ifp = netdev_priv(ndev);
5061 	s32 err;
5062 
5063 	if (!params->mac)
5064 		return -EFAULT;
5065 
5066 	brcmf_dbg(TRACE, "Enter %pM\n", params->mac);
5067 
5068 	if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
5069 		ifp = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif->ifp;
5070 	if (!check_vif_up(ifp->vif))
5071 		return -EIO;
5072 
5073 	memcpy(&scbval.ea, params->mac, ETH_ALEN);
5074 	scbval.val = cpu_to_le32(params->reason_code);
5075 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCB_DEAUTHENTICATE_FOR_REASON,
5076 				     &scbval, sizeof(scbval));
5077 	if (err)
5078 		bphy_err(drvr, "SCB_DEAUTHENTICATE_FOR_REASON failed %d\n",
5079 			 err);
5080 
5081 	brcmf_dbg(TRACE, "Exit\n");
5082 	return err;
5083 }
5084 
5085 static int
5086 brcmf_cfg80211_change_station(struct wiphy *wiphy, struct net_device *ndev,
5087 			      const u8 *mac, struct station_parameters *params)
5088 {
5089 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5090 	struct brcmf_pub *drvr = cfg->pub;
5091 	struct brcmf_if *ifp = netdev_priv(ndev);
5092 	s32 err;
5093 
5094 	brcmf_dbg(TRACE, "Enter, MAC %pM, mask 0x%04x set 0x%04x\n", mac,
5095 		  params->sta_flags_mask, params->sta_flags_set);
5096 
5097 	/* Ignore all 00 MAC */
5098 	if (is_zero_ether_addr(mac))
5099 		return 0;
5100 
5101 	if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5102 		return 0;
5103 
5104 	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED))
5105 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_AUTHORIZE,
5106 					     (void *)mac, ETH_ALEN);
5107 	else
5108 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_DEAUTHORIZE,
5109 					     (void *)mac, ETH_ALEN);
5110 	if (err < 0)
5111 		bphy_err(drvr, "Setting SCB (de-)authorize failed, %d\n", err);
5112 
5113 	return err;
5114 }
5115 
5116 static void
5117 brcmf_cfg80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
5118 					       struct wireless_dev *wdev,
5119 					       struct mgmt_frame_regs *upd)
5120 {
5121 	struct brcmf_cfg80211_vif *vif;
5122 
5123 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5124 
5125 	vif->mgmt_rx_reg = upd->interface_stypes;
5126 }
5127 
5128 
5129 static int
5130 brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
5131 		       struct cfg80211_mgmt_tx_params *params, u64 *cookie)
5132 {
5133 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5134 	struct ieee80211_channel *chan = params->chan;
5135 	struct brcmf_pub *drvr = cfg->pub;
5136 	const u8 *buf = params->buf;
5137 	size_t len = params->len;
5138 	const struct ieee80211_mgmt *mgmt;
5139 	struct brcmf_cfg80211_vif *vif;
5140 	s32 err = 0;
5141 	s32 ie_offset;
5142 	s32 ie_len;
5143 	struct brcmf_fil_action_frame_le *action_frame;
5144 	struct brcmf_fil_af_params_le *af_params;
5145 	bool ack;
5146 	s32 chan_nr;
5147 	u32 freq;
5148 
5149 	brcmf_dbg(TRACE, "Enter\n");
5150 
5151 	*cookie = 0;
5152 
5153 	mgmt = (const struct ieee80211_mgmt *)buf;
5154 
5155 	if (!ieee80211_is_mgmt(mgmt->frame_control)) {
5156 		bphy_err(drvr, "Driver only allows MGMT packet type\n");
5157 		return -EPERM;
5158 	}
5159 
5160 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5161 
5162 	if (ieee80211_is_probe_resp(mgmt->frame_control)) {
5163 		/* Right now the only reason to get a probe response */
5164 		/* is for p2p listen response or for p2p GO from     */
5165 		/* wpa_supplicant. Unfortunately the probe is send   */
5166 		/* on primary ndev, while dongle wants it on the p2p */
5167 		/* vif. Since this is only reason for a probe        */
5168 		/* response to be sent, the vif is taken from cfg.   */
5169 		/* If ever desired to send proberesp for non p2p     */
5170 		/* response then data should be checked for          */
5171 		/* "DIRECT-". Note in future supplicant will take    */
5172 		/* dedicated p2p wdev to do this and then this 'hack'*/
5173 		/* is not needed anymore.                            */
5174 		ie_offset =  DOT11_MGMT_HDR_LEN +
5175 			     DOT11_BCN_PRB_FIXED_LEN;
5176 		ie_len = len - ie_offset;
5177 		if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif)
5178 			vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5179 		err = brcmf_vif_set_mgmt_ie(vif,
5180 					    BRCMF_VNDR_IE_PRBRSP_FLAG,
5181 					    &buf[ie_offset],
5182 					    ie_len);
5183 		cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true,
5184 					GFP_KERNEL);
5185 	} else if (ieee80211_is_action(mgmt->frame_control)) {
5186 		if (len > BRCMF_FIL_ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN) {
5187 			bphy_err(drvr, "invalid action frame length\n");
5188 			err = -EINVAL;
5189 			goto exit;
5190 		}
5191 		af_params = kzalloc(sizeof(*af_params), GFP_KERNEL);
5192 		if (af_params == NULL) {
5193 			bphy_err(drvr, "unable to allocate frame\n");
5194 			err = -ENOMEM;
5195 			goto exit;
5196 		}
5197 		action_frame = &af_params->action_frame;
5198 		/* Add the packet Id */
5199 		action_frame->packet_id = cpu_to_le32(*cookie);
5200 		/* Add BSSID */
5201 		memcpy(&action_frame->da[0], &mgmt->da[0], ETH_ALEN);
5202 		memcpy(&af_params->bssid[0], &mgmt->bssid[0], ETH_ALEN);
5203 		/* Add the length exepted for 802.11 header  */
5204 		action_frame->len = cpu_to_le16(len - DOT11_MGMT_HDR_LEN);
5205 		/* Add the channel. Use the one specified as parameter if any or
5206 		 * the current one (got from the firmware) otherwise
5207 		 */
5208 		if (chan)
5209 			freq = chan->center_freq;
5210 		else
5211 			brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
5212 					      &freq);
5213 		chan_nr = ieee80211_frequency_to_channel(freq);
5214 		af_params->channel = cpu_to_le32(chan_nr);
5215 		af_params->dwell_time = cpu_to_le32(params->wait);
5216 		memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN],
5217 		       le16_to_cpu(action_frame->len));
5218 
5219 		brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, freq=%d\n",
5220 			  *cookie, le16_to_cpu(action_frame->len), freq);
5221 
5222 		ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg),
5223 						  af_params);
5224 
5225 		cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
5226 					GFP_KERNEL);
5227 		kfree(af_params);
5228 	} else {
5229 		brcmf_dbg(TRACE, "Unhandled, fc=%04x!!\n", mgmt->frame_control);
5230 		brcmf_dbg_hex_dump(true, buf, len, "payload, len=%zu\n", len);
5231 	}
5232 
5233 exit:
5234 	return err;
5235 }
5236 
5237 static int brcmf_cfg80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
5238 						    struct net_device *ndev,
5239 						    s32 rssi_low, s32 rssi_high)
5240 {
5241 	struct brcmf_cfg80211_vif *vif;
5242 	struct brcmf_if *ifp;
5243 	int err = 0;
5244 
5245 	brcmf_dbg(TRACE, "low=%d high=%d", rssi_low, rssi_high);
5246 
5247 	ifp = netdev_priv(ndev);
5248 	vif = ifp->vif;
5249 
5250 	if (rssi_low != vif->cqm_rssi_low || rssi_high != vif->cqm_rssi_high) {
5251 		/* The firmware will send an event when the RSSI is less than or
5252 		 * equal to a configured level and the previous RSSI event was
5253 		 * less than or equal to a different level. Set a third level
5254 		 * so that we also detect the transition from rssi <= rssi_high
5255 		 * to rssi > rssi_high.
5256 		 */
5257 		struct brcmf_rssi_event_le config = {
5258 			.rate_limit_msec = cpu_to_le32(0),
5259 			.rssi_level_num = 3,
5260 			.rssi_levels = {
5261 				clamp_val(rssi_low, S8_MIN, S8_MAX - 2),
5262 				clamp_val(rssi_high, S8_MIN + 1, S8_MAX - 1),
5263 				S8_MAX,
5264 			},
5265 		};
5266 
5267 		err = brcmf_fil_iovar_data_set(ifp, "rssi_event", &config,
5268 					       sizeof(config));
5269 		if (err) {
5270 			err = -EINVAL;
5271 		} else {
5272 			vif->cqm_rssi_low = rssi_low;
5273 			vif->cqm_rssi_high = rssi_high;
5274 		}
5275 	}
5276 
5277 	return err;
5278 }
5279 
5280 static int
5281 brcmf_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy,
5282 					struct wireless_dev *wdev,
5283 					u64 cookie)
5284 {
5285 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5286 	struct brcmf_pub *drvr = cfg->pub;
5287 	struct brcmf_cfg80211_vif *vif;
5288 	int err = 0;
5289 
5290 	brcmf_dbg(TRACE, "Enter p2p listen cancel\n");
5291 
5292 	vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5293 	if (vif == NULL) {
5294 		bphy_err(drvr, "No p2p device available for probe response\n");
5295 		err = -ENODEV;
5296 		goto exit;
5297 	}
5298 	brcmf_p2p_cancel_remain_on_channel(vif->ifp);
5299 exit:
5300 	return err;
5301 }
5302 
5303 static int brcmf_cfg80211_get_channel(struct wiphy *wiphy,
5304 				      struct wireless_dev *wdev,
5305 				      struct cfg80211_chan_def *chandef)
5306 {
5307 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5308 	struct net_device *ndev = wdev->netdev;
5309 	struct brcmf_pub *drvr = cfg->pub;
5310 	struct brcmu_chan ch;
5311 	enum nl80211_band band = 0;
5312 	enum nl80211_chan_width width = 0;
5313 	u32 chanspec;
5314 	int freq, err;
5315 
5316 	if (!ndev || drvr->bus_if->state != BRCMF_BUS_UP)
5317 		return -ENODEV;
5318 
5319 	err = brcmf_fil_iovar_int_get(netdev_priv(ndev), "chanspec", &chanspec);
5320 	if (err) {
5321 		bphy_err(drvr, "chanspec failed (%d)\n", err);
5322 		return err;
5323 	}
5324 
5325 	ch.chspec = chanspec;
5326 	cfg->d11inf.decchspec(&ch);
5327 
5328 	switch (ch.band) {
5329 	case BRCMU_CHAN_BAND_2G:
5330 		band = NL80211_BAND_2GHZ;
5331 		break;
5332 	case BRCMU_CHAN_BAND_5G:
5333 		band = NL80211_BAND_5GHZ;
5334 		break;
5335 	}
5336 
5337 	switch (ch.bw) {
5338 	case BRCMU_CHAN_BW_80:
5339 		width = NL80211_CHAN_WIDTH_80;
5340 		break;
5341 	case BRCMU_CHAN_BW_40:
5342 		width = NL80211_CHAN_WIDTH_40;
5343 		break;
5344 	case BRCMU_CHAN_BW_20:
5345 		width = NL80211_CHAN_WIDTH_20;
5346 		break;
5347 	case BRCMU_CHAN_BW_80P80:
5348 		width = NL80211_CHAN_WIDTH_80P80;
5349 		break;
5350 	case BRCMU_CHAN_BW_160:
5351 		width = NL80211_CHAN_WIDTH_160;
5352 		break;
5353 	}
5354 
5355 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band);
5356 	chandef->chan = ieee80211_get_channel(wiphy, freq);
5357 	chandef->width = width;
5358 	chandef->center_freq1 = ieee80211_channel_to_frequency(ch.chnum, band);
5359 	chandef->center_freq2 = 0;
5360 
5361 	return 0;
5362 }
5363 
5364 static int brcmf_cfg80211_crit_proto_start(struct wiphy *wiphy,
5365 					   struct wireless_dev *wdev,
5366 					   enum nl80211_crit_proto_id proto,
5367 					   u16 duration)
5368 {
5369 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5370 	struct brcmf_cfg80211_vif *vif;
5371 
5372 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5373 
5374 	/* only DHCP support for now */
5375 	if (proto != NL80211_CRIT_PROTO_DHCP)
5376 		return -EINVAL;
5377 
5378 	/* suppress and abort scanning */
5379 	set_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5380 	brcmf_abort_scanning(cfg);
5381 
5382 	return brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_DISABLED, duration);
5383 }
5384 
5385 static void brcmf_cfg80211_crit_proto_stop(struct wiphy *wiphy,
5386 					   struct wireless_dev *wdev)
5387 {
5388 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5389 	struct brcmf_cfg80211_vif *vif;
5390 
5391 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5392 
5393 	brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
5394 	clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5395 }
5396 
5397 static s32
5398 brcmf_notify_tdls_peer_event(struct brcmf_if *ifp,
5399 			     const struct brcmf_event_msg *e, void *data)
5400 {
5401 	switch (e->reason) {
5402 	case BRCMF_E_REASON_TDLS_PEER_DISCOVERED:
5403 		brcmf_dbg(TRACE, "TDLS Peer Discovered\n");
5404 		break;
5405 	case BRCMF_E_REASON_TDLS_PEER_CONNECTED:
5406 		brcmf_dbg(TRACE, "TDLS Peer Connected\n");
5407 		brcmf_proto_add_tdls_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5408 		break;
5409 	case BRCMF_E_REASON_TDLS_PEER_DISCONNECTED:
5410 		brcmf_dbg(TRACE, "TDLS Peer Disconnected\n");
5411 		brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5412 		break;
5413 	}
5414 
5415 	return 0;
5416 }
5417 
5418 static int brcmf_convert_nl80211_tdls_oper(enum nl80211_tdls_operation oper)
5419 {
5420 	int ret;
5421 
5422 	switch (oper) {
5423 	case NL80211_TDLS_DISCOVERY_REQ:
5424 		ret = BRCMF_TDLS_MANUAL_EP_DISCOVERY;
5425 		break;
5426 	case NL80211_TDLS_SETUP:
5427 		ret = BRCMF_TDLS_MANUAL_EP_CREATE;
5428 		break;
5429 	case NL80211_TDLS_TEARDOWN:
5430 		ret = BRCMF_TDLS_MANUAL_EP_DELETE;
5431 		break;
5432 	default:
5433 		brcmf_err("unsupported operation: %d\n", oper);
5434 		ret = -EOPNOTSUPP;
5435 	}
5436 	return ret;
5437 }
5438 
5439 static int brcmf_cfg80211_tdls_oper(struct wiphy *wiphy,
5440 				    struct net_device *ndev, const u8 *peer,
5441 				    enum nl80211_tdls_operation oper)
5442 {
5443 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5444 	struct brcmf_pub *drvr = cfg->pub;
5445 	struct brcmf_if *ifp;
5446 	struct brcmf_tdls_iovar_le info;
5447 	int ret = 0;
5448 
5449 	ret = brcmf_convert_nl80211_tdls_oper(oper);
5450 	if (ret < 0)
5451 		return ret;
5452 
5453 	ifp = netdev_priv(ndev);
5454 	memset(&info, 0, sizeof(info));
5455 	info.mode = (u8)ret;
5456 	if (peer)
5457 		memcpy(info.ea, peer, ETH_ALEN);
5458 
5459 	ret = brcmf_fil_iovar_data_set(ifp, "tdls_endpoint",
5460 				       &info, sizeof(info));
5461 	if (ret < 0)
5462 		bphy_err(drvr, "tdls_endpoint iovar failed: ret=%d\n", ret);
5463 
5464 	return ret;
5465 }
5466 
5467 static int
5468 brcmf_cfg80211_update_conn_params(struct wiphy *wiphy,
5469 				  struct net_device *ndev,
5470 				  struct cfg80211_connect_params *sme,
5471 				  u32 changed)
5472 {
5473 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5474 	struct brcmf_pub *drvr = cfg->pub;
5475 	struct brcmf_if *ifp;
5476 	int err;
5477 
5478 	if (!(changed & UPDATE_ASSOC_IES))
5479 		return 0;
5480 
5481 	ifp = netdev_priv(ndev);
5482 	err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
5483 				    sme->ie, sme->ie_len);
5484 	if (err)
5485 		bphy_err(drvr, "Set Assoc REQ IE Failed\n");
5486 	else
5487 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
5488 
5489 	return err;
5490 }
5491 
5492 #ifdef CONFIG_PM
5493 static int
5494 brcmf_cfg80211_set_rekey_data(struct wiphy *wiphy, struct net_device *ndev,
5495 			      struct cfg80211_gtk_rekey_data *gtk)
5496 {
5497 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5498 	struct brcmf_pub *drvr = cfg->pub;
5499 	struct brcmf_if *ifp = netdev_priv(ndev);
5500 	struct brcmf_gtk_keyinfo_le gtk_le;
5501 	int ret;
5502 
5503 	brcmf_dbg(TRACE, "Enter, bssidx=%d\n", ifp->bsscfgidx);
5504 
5505 	memcpy(gtk_le.kck, gtk->kck, sizeof(gtk_le.kck));
5506 	memcpy(gtk_le.kek, gtk->kek, sizeof(gtk_le.kek));
5507 	memcpy(gtk_le.replay_counter, gtk->replay_ctr,
5508 	       sizeof(gtk_le.replay_counter));
5509 
5510 	ret = brcmf_fil_iovar_data_set(ifp, "gtk_key_info", &gtk_le,
5511 				       sizeof(gtk_le));
5512 	if (ret < 0)
5513 		bphy_err(drvr, "gtk_key_info iovar failed: ret=%d\n", ret);
5514 
5515 	return ret;
5516 }
5517 #endif
5518 
5519 static int brcmf_cfg80211_set_pmk(struct wiphy *wiphy, struct net_device *dev,
5520 				  const struct cfg80211_pmk_conf *conf)
5521 {
5522 	struct brcmf_if *ifp;
5523 
5524 	brcmf_dbg(TRACE, "enter\n");
5525 
5526 	/* expect using firmware supplicant for 1X */
5527 	ifp = netdev_priv(dev);
5528 	if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5529 		return -EINVAL;
5530 
5531 	if (conf->pmk_len > BRCMF_WSEC_MAX_PSK_LEN)
5532 		return -ERANGE;
5533 
5534 	return brcmf_set_pmk(ifp, conf->pmk, conf->pmk_len);
5535 }
5536 
5537 static int brcmf_cfg80211_del_pmk(struct wiphy *wiphy, struct net_device *dev,
5538 				  const u8 *aa)
5539 {
5540 	struct brcmf_if *ifp;
5541 
5542 	brcmf_dbg(TRACE, "enter\n");
5543 	ifp = netdev_priv(dev);
5544 	if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5545 		return -EINVAL;
5546 
5547 	return brcmf_set_pmk(ifp, NULL, 0);
5548 }
5549 
5550 static struct cfg80211_ops brcmf_cfg80211_ops = {
5551 	.add_virtual_intf = brcmf_cfg80211_add_iface,
5552 	.del_virtual_intf = brcmf_cfg80211_del_iface,
5553 	.change_virtual_intf = brcmf_cfg80211_change_iface,
5554 	.scan = brcmf_cfg80211_scan,
5555 	.set_wiphy_params = brcmf_cfg80211_set_wiphy_params,
5556 	.join_ibss = brcmf_cfg80211_join_ibss,
5557 	.leave_ibss = brcmf_cfg80211_leave_ibss,
5558 	.get_station = brcmf_cfg80211_get_station,
5559 	.dump_station = brcmf_cfg80211_dump_station,
5560 	.set_tx_power = brcmf_cfg80211_set_tx_power,
5561 	.get_tx_power = brcmf_cfg80211_get_tx_power,
5562 	.add_key = brcmf_cfg80211_add_key,
5563 	.del_key = brcmf_cfg80211_del_key,
5564 	.get_key = brcmf_cfg80211_get_key,
5565 	.set_default_key = brcmf_cfg80211_config_default_key,
5566 	.set_default_mgmt_key = brcmf_cfg80211_config_default_mgmt_key,
5567 	.set_power_mgmt = brcmf_cfg80211_set_power_mgmt,
5568 	.connect = brcmf_cfg80211_connect,
5569 	.disconnect = brcmf_cfg80211_disconnect,
5570 	.suspend = brcmf_cfg80211_suspend,
5571 	.resume = brcmf_cfg80211_resume,
5572 	.set_pmksa = brcmf_cfg80211_set_pmksa,
5573 	.del_pmksa = brcmf_cfg80211_del_pmksa,
5574 	.flush_pmksa = brcmf_cfg80211_flush_pmksa,
5575 	.start_ap = brcmf_cfg80211_start_ap,
5576 	.stop_ap = brcmf_cfg80211_stop_ap,
5577 	.change_beacon = brcmf_cfg80211_change_beacon,
5578 	.del_station = brcmf_cfg80211_del_station,
5579 	.change_station = brcmf_cfg80211_change_station,
5580 	.sched_scan_start = brcmf_cfg80211_sched_scan_start,
5581 	.sched_scan_stop = brcmf_cfg80211_sched_scan_stop,
5582 	.update_mgmt_frame_registrations =
5583 		brcmf_cfg80211_update_mgmt_frame_registrations,
5584 	.mgmt_tx = brcmf_cfg80211_mgmt_tx,
5585 	.set_cqm_rssi_range_config = brcmf_cfg80211_set_cqm_rssi_range_config,
5586 	.remain_on_channel = brcmf_p2p_remain_on_channel,
5587 	.cancel_remain_on_channel = brcmf_cfg80211_cancel_remain_on_channel,
5588 	.get_channel = brcmf_cfg80211_get_channel,
5589 	.start_p2p_device = brcmf_p2p_start_device,
5590 	.stop_p2p_device = brcmf_p2p_stop_device,
5591 	.crit_proto_start = brcmf_cfg80211_crit_proto_start,
5592 	.crit_proto_stop = brcmf_cfg80211_crit_proto_stop,
5593 	.tdls_oper = brcmf_cfg80211_tdls_oper,
5594 	.update_connect_params = brcmf_cfg80211_update_conn_params,
5595 	.set_pmk = brcmf_cfg80211_set_pmk,
5596 	.del_pmk = brcmf_cfg80211_del_pmk,
5597 };
5598 
5599 struct cfg80211_ops *brcmf_cfg80211_get_ops(struct brcmf_mp_device *settings)
5600 {
5601 	struct cfg80211_ops *ops;
5602 
5603 	ops = kmemdup(&brcmf_cfg80211_ops, sizeof(brcmf_cfg80211_ops),
5604 		       GFP_KERNEL);
5605 
5606 	if (ops && settings->roamoff)
5607 		ops->update_connect_params = NULL;
5608 
5609 	return ops;
5610 }
5611 
5612 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
5613 					   enum nl80211_iftype type)
5614 {
5615 	struct brcmf_cfg80211_vif *vif_walk;
5616 	struct brcmf_cfg80211_vif *vif;
5617 	bool mbss;
5618 	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
5619 
5620 	brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n",
5621 		  sizeof(*vif));
5622 	vif = kzalloc(sizeof(*vif), GFP_KERNEL);
5623 	if (!vif)
5624 		return ERR_PTR(-ENOMEM);
5625 
5626 	vif->wdev.wiphy = cfg->wiphy;
5627 	vif->wdev.iftype = type;
5628 
5629 	brcmf_init_prof(&vif->profile);
5630 
5631 	if (type == NL80211_IFTYPE_AP &&
5632 	    brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) {
5633 		mbss = false;
5634 		list_for_each_entry(vif_walk, &cfg->vif_list, list) {
5635 			if (vif_walk->wdev.iftype == NL80211_IFTYPE_AP) {
5636 				mbss = true;
5637 				break;
5638 			}
5639 		}
5640 		vif->mbss = mbss;
5641 	}
5642 
5643 	list_add_tail(&vif->list, &cfg->vif_list);
5644 	return vif;
5645 }
5646 
5647 void brcmf_free_vif(struct brcmf_cfg80211_vif *vif)
5648 {
5649 	list_del(&vif->list);
5650 	kfree(vif);
5651 }
5652 
5653 void brcmf_cfg80211_free_netdev(struct net_device *ndev)
5654 {
5655 	struct brcmf_cfg80211_vif *vif;
5656 	struct brcmf_if *ifp;
5657 
5658 	ifp = netdev_priv(ndev);
5659 	vif = ifp->vif;
5660 
5661 	if (vif)
5662 		brcmf_free_vif(vif);
5663 }
5664 
5665 static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
5666 			    const struct brcmf_event_msg *e)
5667 {
5668 	u32 event = e->event_code;
5669 	u32 status = e->status;
5670 
5671 	if ((vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_PSK ||
5672 	     vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_SAE) &&
5673 	    event == BRCMF_E_PSK_SUP &&
5674 	    status == BRCMF_E_STATUS_FWSUP_COMPLETED)
5675 		set_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5676 	if (event == BRCMF_E_SET_SSID && status == BRCMF_E_STATUS_SUCCESS) {
5677 		brcmf_dbg(CONN, "Processing set ssid\n");
5678 		memcpy(vif->profile.bssid, e->addr, ETH_ALEN);
5679 		if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK &&
5680 		    vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_SAE)
5681 			return true;
5682 
5683 		set_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5684 	}
5685 
5686 	if (test_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state) &&
5687 	    test_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state)) {
5688 		clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5689 		clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5690 		return true;
5691 	}
5692 	return false;
5693 }
5694 
5695 static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
5696 			    const struct brcmf_event_msg *e)
5697 {
5698 	u32 event = e->event_code;
5699 	u16 flags = e->flags;
5700 
5701 	if ((event == BRCMF_E_DEAUTH) || (event == BRCMF_E_DEAUTH_IND) ||
5702 	    (event == BRCMF_E_DISASSOC_IND) ||
5703 	    ((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
5704 		brcmf_dbg(CONN, "Processing link down\n");
5705 		clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5706 		clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5707 		return true;
5708 	}
5709 	return false;
5710 }
5711 
5712 static bool brcmf_is_nonetwork(struct brcmf_cfg80211_info *cfg,
5713 			       const struct brcmf_event_msg *e)
5714 {
5715 	u32 event = e->event_code;
5716 	u32 status = e->status;
5717 
5718 	if (event == BRCMF_E_LINK && status == BRCMF_E_STATUS_NO_NETWORKS) {
5719 		brcmf_dbg(CONN, "Processing Link %s & no network found\n",
5720 			  e->flags & BRCMF_EVENT_MSG_LINK ? "up" : "down");
5721 		return true;
5722 	}
5723 
5724 	if (event == BRCMF_E_SET_SSID && status != BRCMF_E_STATUS_SUCCESS) {
5725 		brcmf_dbg(CONN, "Processing connecting & no network found\n");
5726 		return true;
5727 	}
5728 
5729 	if (event == BRCMF_E_PSK_SUP &&
5730 	    status != BRCMF_E_STATUS_FWSUP_COMPLETED) {
5731 		brcmf_dbg(CONN, "Processing failed supplicant state: %u\n",
5732 			  status);
5733 		return true;
5734 	}
5735 
5736 	return false;
5737 }
5738 
5739 static void brcmf_clear_assoc_ies(struct brcmf_cfg80211_info *cfg)
5740 {
5741 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5742 
5743 	kfree(conn_info->req_ie);
5744 	conn_info->req_ie = NULL;
5745 	conn_info->req_ie_len = 0;
5746 	kfree(conn_info->resp_ie);
5747 	conn_info->resp_ie = NULL;
5748 	conn_info->resp_ie_len = 0;
5749 }
5750 
5751 u8 brcmf_map_prio_to_prec(void *config, u8 prio)
5752 {
5753 	struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5754 
5755 	if (!cfg)
5756 		return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ?
5757 		       (prio ^ 2) : prio;
5758 
5759 	/* For those AC(s) with ACM flag set to 1, convert its 4-level priority
5760 	 * to an 8-level precedence which is the same as BE's
5761 	 */
5762 	if (prio > PRIO_8021D_EE &&
5763 	    cfg->ac_priority[prio] == cfg->ac_priority[PRIO_8021D_BE])
5764 		return cfg->ac_priority[prio] * 2;
5765 
5766 	/* Conversion of 4-level priority to 8-level precedence */
5767 	if (prio == PRIO_8021D_BE || prio == PRIO_8021D_BK ||
5768 	    prio == PRIO_8021D_CL || prio == PRIO_8021D_VO)
5769 		return cfg->ac_priority[prio] * 2;
5770 	else
5771 		return cfg->ac_priority[prio] * 2 + 1;
5772 }
5773 
5774 u8 brcmf_map_prio_to_aci(void *config, u8 prio)
5775 {
5776 	/* Prio here refers to the 802.1d priority in range of 0 to 7.
5777 	 * ACI here refers to the WLAN AC Index in range of 0 to 3.
5778 	 * This function will return ACI corresponding to input prio.
5779 	 */
5780 	struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5781 
5782 	if (cfg)
5783 		return cfg->ac_priority[prio];
5784 
5785 	return prio;
5786 }
5787 
5788 static void brcmf_init_wmm_prio(u8 *priority)
5789 {
5790 	/* Initialize AC priority array to default
5791 	 * 802.1d priority as per following table:
5792 	 * 802.1d prio 0,3 maps to BE
5793 	 * 802.1d prio 1,2 maps to BK
5794 	 * 802.1d prio 4,5 maps to VI
5795 	 * 802.1d prio 6,7 maps to VO
5796 	 */
5797 	priority[0] = BRCMF_FWS_FIFO_AC_BE;
5798 	priority[3] = BRCMF_FWS_FIFO_AC_BE;
5799 	priority[1] = BRCMF_FWS_FIFO_AC_BK;
5800 	priority[2] = BRCMF_FWS_FIFO_AC_BK;
5801 	priority[4] = BRCMF_FWS_FIFO_AC_VI;
5802 	priority[5] = BRCMF_FWS_FIFO_AC_VI;
5803 	priority[6] = BRCMF_FWS_FIFO_AC_VO;
5804 	priority[7] = BRCMF_FWS_FIFO_AC_VO;
5805 }
5806 
5807 static void brcmf_wifi_prioritize_acparams(const
5808 	struct brcmf_cfg80211_edcf_acparam *acp, u8 *priority)
5809 {
5810 	u8 aci;
5811 	u8 aifsn;
5812 	u8 ecwmin;
5813 	u8 ecwmax;
5814 	u8 acm;
5815 	u8 ranking_basis[EDCF_AC_COUNT];
5816 	u8 aci_prio[EDCF_AC_COUNT]; /* AC_BE, AC_BK, AC_VI, AC_VO */
5817 	u8 index;
5818 
5819 	for (aci = 0; aci < EDCF_AC_COUNT; aci++, acp++) {
5820 		aifsn  = acp->ACI & EDCF_AIFSN_MASK;
5821 		acm = (acp->ACI & EDCF_ACM_MASK) ? 1 : 0;
5822 		ecwmin = acp->ECW & EDCF_ECWMIN_MASK;
5823 		ecwmax = (acp->ECW & EDCF_ECWMAX_MASK) >> EDCF_ECWMAX_SHIFT;
5824 		brcmf_dbg(CONN, "ACI %d aifsn %d acm %d ecwmin %d ecwmax %d\n",
5825 			  aci, aifsn, acm, ecwmin, ecwmax);
5826 		/* Default AC_VO will be the lowest ranking value */
5827 		ranking_basis[aci] = aifsn + ecwmin + ecwmax;
5828 		/* Initialise priority starting at 0 (AC_BE) */
5829 		aci_prio[aci] = 0;
5830 
5831 		/* If ACM is set, STA can't use this AC as per 802.11.
5832 		 * Change the ranking to BE
5833 		 */
5834 		if (aci != AC_BE && aci != AC_BK && acm == 1)
5835 			ranking_basis[aci] = ranking_basis[AC_BE];
5836 	}
5837 
5838 	/* Ranking method which works for AC priority
5839 	 * swapping when values for cwmin, cwmax and aifsn are varied
5840 	 * Compare each aci_prio against each other aci_prio
5841 	 */
5842 	for (aci = 0; aci < EDCF_AC_COUNT; aci++) {
5843 		for (index = 0; index < EDCF_AC_COUNT; index++) {
5844 			if (index != aci) {
5845 				/* Smaller ranking value has higher priority,
5846 				 * so increment priority for each ACI which has
5847 				 * a higher ranking value
5848 				 */
5849 				if (ranking_basis[aci] < ranking_basis[index])
5850 					aci_prio[aci]++;
5851 			}
5852 		}
5853 	}
5854 
5855 	/* By now, aci_prio[] will be in range of 0 to 3.
5856 	 * Use ACI prio to get the new priority value for
5857 	 * each 802.1d traffic type, in this range.
5858 	 */
5859 	if (!(aci_prio[AC_BE] == aci_prio[AC_BK] &&
5860 	      aci_prio[AC_BK] == aci_prio[AC_VI] &&
5861 	      aci_prio[AC_VI] == aci_prio[AC_VO])) {
5862 		/* 802.1d 0,3 maps to BE */
5863 		priority[0] = aci_prio[AC_BE];
5864 		priority[3] = aci_prio[AC_BE];
5865 
5866 		/* 802.1d 1,2 maps to BK */
5867 		priority[1] = aci_prio[AC_BK];
5868 		priority[2] = aci_prio[AC_BK];
5869 
5870 		/* 802.1d 4,5 maps to VO */
5871 		priority[4] = aci_prio[AC_VI];
5872 		priority[5] = aci_prio[AC_VI];
5873 
5874 		/* 802.1d 6,7 maps to VO */
5875 		priority[6] = aci_prio[AC_VO];
5876 		priority[7] = aci_prio[AC_VO];
5877 	} else {
5878 		/* Initialize to default priority */
5879 		brcmf_init_wmm_prio(priority);
5880 	}
5881 
5882 	brcmf_dbg(CONN, "Adj prio BE 0->%d, BK 1->%d, BK 2->%d, BE 3->%d\n",
5883 		  priority[0], priority[1], priority[2], priority[3]);
5884 
5885 	brcmf_dbg(CONN, "Adj prio VI 4->%d, VI 5->%d, VO 6->%d, VO 7->%d\n",
5886 		  priority[4], priority[5], priority[6], priority[7]);
5887 }
5888 
5889 static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
5890 			       struct brcmf_if *ifp)
5891 {
5892 	struct brcmf_pub *drvr = cfg->pub;
5893 	struct brcmf_cfg80211_assoc_ielen_le *assoc_info;
5894 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5895 	struct brcmf_cfg80211_edcf_acparam edcf_acparam_info[EDCF_AC_COUNT];
5896 	u32 req_len;
5897 	u32 resp_len;
5898 	s32 err = 0;
5899 
5900 	brcmf_clear_assoc_ies(cfg);
5901 
5902 	err = brcmf_fil_iovar_data_get(ifp, "assoc_info",
5903 				       cfg->extra_buf, WL_ASSOC_INFO_MAX);
5904 	if (err) {
5905 		bphy_err(drvr, "could not get assoc info (%d)\n", err);
5906 		return err;
5907 	}
5908 	assoc_info =
5909 		(struct brcmf_cfg80211_assoc_ielen_le *)cfg->extra_buf;
5910 	req_len = le32_to_cpu(assoc_info->req_len);
5911 	resp_len = le32_to_cpu(assoc_info->resp_len);
5912 	if (req_len) {
5913 		err = brcmf_fil_iovar_data_get(ifp, "assoc_req_ies",
5914 					       cfg->extra_buf,
5915 					       WL_ASSOC_INFO_MAX);
5916 		if (err) {
5917 			bphy_err(drvr, "could not get assoc req (%d)\n", err);
5918 			return err;
5919 		}
5920 		conn_info->req_ie_len = req_len;
5921 		conn_info->req_ie =
5922 		    kmemdup(cfg->extra_buf, conn_info->req_ie_len,
5923 			    GFP_KERNEL);
5924 		if (!conn_info->req_ie)
5925 			conn_info->req_ie_len = 0;
5926 	} else {
5927 		conn_info->req_ie_len = 0;
5928 		conn_info->req_ie = NULL;
5929 	}
5930 	if (resp_len) {
5931 		err = brcmf_fil_iovar_data_get(ifp, "assoc_resp_ies",
5932 					       cfg->extra_buf,
5933 					       WL_ASSOC_INFO_MAX);
5934 		if (err) {
5935 			bphy_err(drvr, "could not get assoc resp (%d)\n", err);
5936 			return err;
5937 		}
5938 		conn_info->resp_ie_len = resp_len;
5939 		conn_info->resp_ie =
5940 		    kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
5941 			    GFP_KERNEL);
5942 		if (!conn_info->resp_ie)
5943 			conn_info->resp_ie_len = 0;
5944 
5945 		err = brcmf_fil_iovar_data_get(ifp, "wme_ac_sta",
5946 					       edcf_acparam_info,
5947 					       sizeof(edcf_acparam_info));
5948 		if (err) {
5949 			brcmf_err("could not get wme_ac_sta (%d)\n", err);
5950 			return err;
5951 		}
5952 
5953 		brcmf_wifi_prioritize_acparams(edcf_acparam_info,
5954 					       cfg->ac_priority);
5955 	} else {
5956 		conn_info->resp_ie_len = 0;
5957 		conn_info->resp_ie = NULL;
5958 	}
5959 	brcmf_dbg(CONN, "req len (%d) resp len (%d)\n",
5960 		  conn_info->req_ie_len, conn_info->resp_ie_len);
5961 
5962 	return err;
5963 }
5964 
5965 static s32
5966 brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
5967 		       struct net_device *ndev,
5968 		       const struct brcmf_event_msg *e)
5969 {
5970 	struct brcmf_if *ifp = netdev_priv(ndev);
5971 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5972 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5973 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
5974 	struct ieee80211_channel *notify_channel = NULL;
5975 	struct ieee80211_supported_band *band;
5976 	struct brcmf_bss_info_le *bi;
5977 	struct brcmu_chan ch;
5978 	struct cfg80211_roam_info roam_info = {};
5979 	u32 freq;
5980 	s32 err = 0;
5981 	u8 *buf;
5982 
5983 	brcmf_dbg(TRACE, "Enter\n");
5984 
5985 	brcmf_get_assoc_ies(cfg, ifp);
5986 	memcpy(profile->bssid, e->addr, ETH_ALEN);
5987 	brcmf_update_bss_info(cfg, ifp);
5988 
5989 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
5990 	if (buf == NULL) {
5991 		err = -ENOMEM;
5992 		goto done;
5993 	}
5994 
5995 	/* data sent to dongle has to be little endian */
5996 	*(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
5997 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
5998 				     buf, WL_BSS_INFO_MAX);
5999 
6000 	if (err)
6001 		goto done;
6002 
6003 	bi = (struct brcmf_bss_info_le *)(buf + 4);
6004 	ch.chspec = le16_to_cpu(bi->chanspec);
6005 	cfg->d11inf.decchspec(&ch);
6006 
6007 	if (ch.band == BRCMU_CHAN_BAND_2G)
6008 		band = wiphy->bands[NL80211_BAND_2GHZ];
6009 	else
6010 		band = wiphy->bands[NL80211_BAND_5GHZ];
6011 
6012 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
6013 	notify_channel = ieee80211_get_channel(wiphy, freq);
6014 
6015 done:
6016 	kfree(buf);
6017 
6018 	roam_info.channel = notify_channel;
6019 	roam_info.bssid = profile->bssid;
6020 	roam_info.req_ie = conn_info->req_ie;
6021 	roam_info.req_ie_len = conn_info->req_ie_len;
6022 	roam_info.resp_ie = conn_info->resp_ie;
6023 	roam_info.resp_ie_len = conn_info->resp_ie_len;
6024 
6025 	cfg80211_roamed(ndev, &roam_info, GFP_KERNEL);
6026 	brcmf_dbg(CONN, "Report roaming result\n");
6027 
6028 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X && profile->is_ft) {
6029 		cfg80211_port_authorized(ndev, profile->bssid, GFP_KERNEL);
6030 		brcmf_dbg(CONN, "Report port authorized\n");
6031 	}
6032 
6033 	set_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
6034 	brcmf_dbg(TRACE, "Exit\n");
6035 	return err;
6036 }
6037 
6038 static s32
6039 brcmf_bss_connect_done(struct brcmf_cfg80211_info *cfg,
6040 		       struct net_device *ndev, const struct brcmf_event_msg *e,
6041 		       bool completed)
6042 {
6043 	struct brcmf_if *ifp = netdev_priv(ndev);
6044 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6045 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
6046 	struct cfg80211_connect_resp_params conn_params;
6047 
6048 	brcmf_dbg(TRACE, "Enter\n");
6049 
6050 	if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6051 			       &ifp->vif->sme_state)) {
6052 		memset(&conn_params, 0, sizeof(conn_params));
6053 		if (completed) {
6054 			brcmf_get_assoc_ies(cfg, ifp);
6055 			brcmf_update_bss_info(cfg, ifp);
6056 			set_bit(BRCMF_VIF_STATUS_CONNECTED,
6057 				&ifp->vif->sme_state);
6058 			conn_params.status = WLAN_STATUS_SUCCESS;
6059 		} else {
6060 			conn_params.status = WLAN_STATUS_AUTH_TIMEOUT;
6061 		}
6062 		conn_params.bssid = profile->bssid;
6063 		conn_params.req_ie = conn_info->req_ie;
6064 		conn_params.req_ie_len = conn_info->req_ie_len;
6065 		conn_params.resp_ie = conn_info->resp_ie;
6066 		conn_params.resp_ie_len = conn_info->resp_ie_len;
6067 		cfg80211_connect_done(ndev, &conn_params, GFP_KERNEL);
6068 		brcmf_dbg(CONN, "Report connect result - connection %s\n",
6069 			  completed ? "succeeded" : "failed");
6070 	}
6071 	brcmf_dbg(TRACE, "Exit\n");
6072 	return 0;
6073 }
6074 
6075 static s32
6076 brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
6077 			       struct net_device *ndev,
6078 			       const struct brcmf_event_msg *e, void *data)
6079 {
6080 	struct brcmf_pub *drvr = cfg->pub;
6081 	static int generation;
6082 	u32 event = e->event_code;
6083 	u32 reason = e->reason;
6084 	struct station_info *sinfo;
6085 
6086 	brcmf_dbg(CONN, "event %s (%u), reason %d\n",
6087 		  brcmf_fweh_event_name(event), event, reason);
6088 	if (event == BRCMF_E_LINK && reason == BRCMF_E_REASON_LINK_BSSCFG_DIS &&
6089 	    ndev != cfg_to_ndev(cfg)) {
6090 		brcmf_dbg(CONN, "AP mode link down\n");
6091 		complete(&cfg->vif_disabled);
6092 		return 0;
6093 	}
6094 
6095 	if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
6096 	    (reason == BRCMF_E_STATUS_SUCCESS)) {
6097 		if (!data) {
6098 			bphy_err(drvr, "No IEs present in ASSOC/REASSOC_IND\n");
6099 			return -EINVAL;
6100 		}
6101 
6102 		sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
6103 		if (!sinfo)
6104 			return -ENOMEM;
6105 
6106 		sinfo->assoc_req_ies = data;
6107 		sinfo->assoc_req_ies_len = e->datalen;
6108 		generation++;
6109 		sinfo->generation = generation;
6110 		cfg80211_new_sta(ndev, e->addr, sinfo, GFP_KERNEL);
6111 
6112 		kfree(sinfo);
6113 	} else if ((event == BRCMF_E_DISASSOC_IND) ||
6114 		   (event == BRCMF_E_DEAUTH_IND) ||
6115 		   (event == BRCMF_E_DEAUTH)) {
6116 		cfg80211_del_sta(ndev, e->addr, GFP_KERNEL);
6117 	}
6118 	return 0;
6119 }
6120 
6121 static s32
6122 brcmf_notify_connect_status(struct brcmf_if *ifp,
6123 			    const struct brcmf_event_msg *e, void *data)
6124 {
6125 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6126 	struct net_device *ndev = ifp->ndev;
6127 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6128 	struct ieee80211_channel *chan;
6129 	s32 err = 0;
6130 
6131 	if ((e->event_code == BRCMF_E_DEAUTH) ||
6132 	    (e->event_code == BRCMF_E_DEAUTH_IND) ||
6133 	    (e->event_code == BRCMF_E_DISASSOC_IND) ||
6134 	    ((e->event_code == BRCMF_E_LINK) && (!e->flags))) {
6135 		brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
6136 	}
6137 
6138 	if (brcmf_is_apmode(ifp->vif)) {
6139 		err = brcmf_notify_connect_status_ap(cfg, ndev, e, data);
6140 	} else if (brcmf_is_linkup(ifp->vif, e)) {
6141 		brcmf_dbg(CONN, "Linkup\n");
6142 		if (brcmf_is_ibssmode(ifp->vif)) {
6143 			brcmf_inform_ibss(cfg, ndev, e->addr);
6144 			chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
6145 			memcpy(profile->bssid, e->addr, ETH_ALEN);
6146 			cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
6147 			clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6148 				  &ifp->vif->sme_state);
6149 			set_bit(BRCMF_VIF_STATUS_CONNECTED,
6150 				&ifp->vif->sme_state);
6151 		} else
6152 			brcmf_bss_connect_done(cfg, ndev, e, true);
6153 		brcmf_net_setcarrier(ifp, true);
6154 	} else if (brcmf_is_linkdown(ifp->vif, e)) {
6155 		brcmf_dbg(CONN, "Linkdown\n");
6156 		if (!brcmf_is_ibssmode(ifp->vif) &&
6157 		    test_bit(BRCMF_VIF_STATUS_CONNECTED,
6158 			     &ifp->vif->sme_state)) {
6159 			if (memcmp(profile->bssid, e->addr, ETH_ALEN))
6160 				return err;
6161 
6162 			brcmf_bss_connect_done(cfg, ndev, e, false);
6163 			brcmf_link_down(ifp->vif,
6164 					brcmf_map_fw_linkdown_reason(e),
6165 					e->event_code &
6166 					(BRCMF_E_DEAUTH_IND |
6167 					BRCMF_E_DISASSOC_IND)
6168 					? false : true);
6169 			brcmf_init_prof(ndev_to_prof(ndev));
6170 			if (ndev != cfg_to_ndev(cfg))
6171 				complete(&cfg->vif_disabled);
6172 			brcmf_net_setcarrier(ifp, false);
6173 		}
6174 	} else if (brcmf_is_nonetwork(cfg, e)) {
6175 		if (brcmf_is_ibssmode(ifp->vif))
6176 			clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6177 				  &ifp->vif->sme_state);
6178 		else
6179 			brcmf_bss_connect_done(cfg, ndev, e, false);
6180 	}
6181 
6182 	return err;
6183 }
6184 
6185 static s32
6186 brcmf_notify_roaming_status(struct brcmf_if *ifp,
6187 			    const struct brcmf_event_msg *e, void *data)
6188 {
6189 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6190 	u32 event = e->event_code;
6191 	u32 status = e->status;
6192 
6193 	if (event == BRCMF_E_ROAM && status == BRCMF_E_STATUS_SUCCESS) {
6194 		if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
6195 			     &ifp->vif->sme_state)) {
6196 			brcmf_bss_roaming_done(cfg, ifp->ndev, e);
6197 		} else {
6198 			brcmf_bss_connect_done(cfg, ifp->ndev, e, true);
6199 			brcmf_net_setcarrier(ifp, true);
6200 		}
6201 	}
6202 
6203 	return 0;
6204 }
6205 
6206 static s32
6207 brcmf_notify_mic_status(struct brcmf_if *ifp,
6208 			const struct brcmf_event_msg *e, void *data)
6209 {
6210 	u16 flags = e->flags;
6211 	enum nl80211_key_type key_type;
6212 
6213 	if (flags & BRCMF_EVENT_MSG_GROUP)
6214 		key_type = NL80211_KEYTYPE_GROUP;
6215 	else
6216 		key_type = NL80211_KEYTYPE_PAIRWISE;
6217 
6218 	cfg80211_michael_mic_failure(ifp->ndev, (u8 *)&e->addr, key_type, -1,
6219 				     NULL, GFP_KERNEL);
6220 
6221 	return 0;
6222 }
6223 
6224 static s32 brcmf_notify_rssi(struct brcmf_if *ifp,
6225 			     const struct brcmf_event_msg *e, void *data)
6226 {
6227 	struct brcmf_cfg80211_vif *vif = ifp->vif;
6228 	struct brcmf_rssi_be *info = data;
6229 	s32 rssi, snr, noise;
6230 	s32 low, high, last;
6231 
6232 	if (e->datalen < sizeof(*info)) {
6233 		brcmf_err("insufficient RSSI event data\n");
6234 		return 0;
6235 	}
6236 
6237 	rssi = be32_to_cpu(info->rssi);
6238 	snr = be32_to_cpu(info->snr);
6239 	noise = be32_to_cpu(info->noise);
6240 
6241 	low = vif->cqm_rssi_low;
6242 	high = vif->cqm_rssi_high;
6243 	last = vif->cqm_rssi_last;
6244 
6245 	brcmf_dbg(TRACE, "rssi=%d snr=%d noise=%d low=%d high=%d last=%d\n",
6246 		  rssi, snr, noise, low, high, last);
6247 
6248 	vif->cqm_rssi_last = rssi;
6249 
6250 	if (rssi <= low || rssi == 0) {
6251 		brcmf_dbg(INFO, "LOW rssi=%d\n", rssi);
6252 		cfg80211_cqm_rssi_notify(ifp->ndev,
6253 					 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6254 					 rssi, GFP_KERNEL);
6255 	} else if (rssi > high) {
6256 		brcmf_dbg(INFO, "HIGH rssi=%d\n", rssi);
6257 		cfg80211_cqm_rssi_notify(ifp->ndev,
6258 					 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6259 					 rssi, GFP_KERNEL);
6260 	}
6261 
6262 	return 0;
6263 }
6264 
6265 static s32 brcmf_notify_vif_event(struct brcmf_if *ifp,
6266 				  const struct brcmf_event_msg *e, void *data)
6267 {
6268 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6269 	struct brcmf_if_event *ifevent = (struct brcmf_if_event *)data;
6270 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6271 	struct brcmf_cfg80211_vif *vif;
6272 
6273 	brcmf_dbg(TRACE, "Enter: action %u flags %u ifidx %u bsscfgidx %u\n",
6274 		  ifevent->action, ifevent->flags, ifevent->ifidx,
6275 		  ifevent->bsscfgidx);
6276 
6277 	spin_lock(&event->vif_event_lock);
6278 	event->action = ifevent->action;
6279 	vif = event->vif;
6280 
6281 	switch (ifevent->action) {
6282 	case BRCMF_E_IF_ADD:
6283 		/* waiting process may have timed out */
6284 		if (!cfg->vif_event.vif) {
6285 			spin_unlock(&event->vif_event_lock);
6286 			return -EBADF;
6287 		}
6288 
6289 		ifp->vif = vif;
6290 		vif->ifp = ifp;
6291 		if (ifp->ndev) {
6292 			vif->wdev.netdev = ifp->ndev;
6293 			ifp->ndev->ieee80211_ptr = &vif->wdev;
6294 			SET_NETDEV_DEV(ifp->ndev, wiphy_dev(cfg->wiphy));
6295 		}
6296 		spin_unlock(&event->vif_event_lock);
6297 		wake_up(&event->vif_wq);
6298 		return 0;
6299 
6300 	case BRCMF_E_IF_DEL:
6301 		spin_unlock(&event->vif_event_lock);
6302 		/* event may not be upon user request */
6303 		if (brcmf_cfg80211_vif_event_armed(cfg))
6304 			wake_up(&event->vif_wq);
6305 		return 0;
6306 
6307 	case BRCMF_E_IF_CHANGE:
6308 		spin_unlock(&event->vif_event_lock);
6309 		wake_up(&event->vif_wq);
6310 		return 0;
6311 
6312 	default:
6313 		spin_unlock(&event->vif_event_lock);
6314 		break;
6315 	}
6316 	return -EINVAL;
6317 }
6318 
6319 static void brcmf_init_conf(struct brcmf_cfg80211_conf *conf)
6320 {
6321 	conf->frag_threshold = (u32)-1;
6322 	conf->rts_threshold = (u32)-1;
6323 	conf->retry_short = (u32)-1;
6324 	conf->retry_long = (u32)-1;
6325 }
6326 
6327 static void brcmf_register_event_handlers(struct brcmf_cfg80211_info *cfg)
6328 {
6329 	brcmf_fweh_register(cfg->pub, BRCMF_E_LINK,
6330 			    brcmf_notify_connect_status);
6331 	brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH_IND,
6332 			    brcmf_notify_connect_status);
6333 	brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH,
6334 			    brcmf_notify_connect_status);
6335 	brcmf_fweh_register(cfg->pub, BRCMF_E_DISASSOC_IND,
6336 			    brcmf_notify_connect_status);
6337 	brcmf_fweh_register(cfg->pub, BRCMF_E_ASSOC_IND,
6338 			    brcmf_notify_connect_status);
6339 	brcmf_fweh_register(cfg->pub, BRCMF_E_REASSOC_IND,
6340 			    brcmf_notify_connect_status);
6341 	brcmf_fweh_register(cfg->pub, BRCMF_E_ROAM,
6342 			    brcmf_notify_roaming_status);
6343 	brcmf_fweh_register(cfg->pub, BRCMF_E_MIC_ERROR,
6344 			    brcmf_notify_mic_status);
6345 	brcmf_fweh_register(cfg->pub, BRCMF_E_SET_SSID,
6346 			    brcmf_notify_connect_status);
6347 	brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
6348 			    brcmf_notify_sched_scan_results);
6349 	brcmf_fweh_register(cfg->pub, BRCMF_E_IF,
6350 			    brcmf_notify_vif_event);
6351 	brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_PROBEREQ_MSG,
6352 			    brcmf_p2p_notify_rx_mgmt_p2p_probereq);
6353 	brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_DISC_LISTEN_COMPLETE,
6354 			    brcmf_p2p_notify_listen_complete);
6355 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_RX,
6356 			    brcmf_p2p_notify_action_frame_rx);
6357 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_COMPLETE,
6358 			    brcmf_p2p_notify_action_tx_complete);
6359 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE,
6360 			    brcmf_p2p_notify_action_tx_complete);
6361 	brcmf_fweh_register(cfg->pub, BRCMF_E_PSK_SUP,
6362 			    brcmf_notify_connect_status);
6363 	brcmf_fweh_register(cfg->pub, BRCMF_E_RSSI, brcmf_notify_rssi);
6364 }
6365 
6366 static void brcmf_deinit_priv_mem(struct brcmf_cfg80211_info *cfg)
6367 {
6368 	kfree(cfg->conf);
6369 	cfg->conf = NULL;
6370 	kfree(cfg->extra_buf);
6371 	cfg->extra_buf = NULL;
6372 	kfree(cfg->wowl.nd);
6373 	cfg->wowl.nd = NULL;
6374 	kfree(cfg->wowl.nd_info);
6375 	cfg->wowl.nd_info = NULL;
6376 	kfree(cfg->escan_info.escan_buf);
6377 	cfg->escan_info.escan_buf = NULL;
6378 }
6379 
6380 static s32 brcmf_init_priv_mem(struct brcmf_cfg80211_info *cfg)
6381 {
6382 	cfg->conf = kzalloc(sizeof(*cfg->conf), GFP_KERNEL);
6383 	if (!cfg->conf)
6384 		goto init_priv_mem_out;
6385 	cfg->extra_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
6386 	if (!cfg->extra_buf)
6387 		goto init_priv_mem_out;
6388 	cfg->wowl.nd = kzalloc(sizeof(*cfg->wowl.nd) + sizeof(u32), GFP_KERNEL);
6389 	if (!cfg->wowl.nd)
6390 		goto init_priv_mem_out;
6391 	cfg->wowl.nd_info = kzalloc(sizeof(*cfg->wowl.nd_info) +
6392 				    sizeof(struct cfg80211_wowlan_nd_match *),
6393 				    GFP_KERNEL);
6394 	if (!cfg->wowl.nd_info)
6395 		goto init_priv_mem_out;
6396 	cfg->escan_info.escan_buf = kzalloc(BRCMF_ESCAN_BUF_SIZE, GFP_KERNEL);
6397 	if (!cfg->escan_info.escan_buf)
6398 		goto init_priv_mem_out;
6399 
6400 	return 0;
6401 
6402 init_priv_mem_out:
6403 	brcmf_deinit_priv_mem(cfg);
6404 
6405 	return -ENOMEM;
6406 }
6407 
6408 static s32 wl_init_priv(struct brcmf_cfg80211_info *cfg)
6409 {
6410 	s32 err = 0;
6411 
6412 	cfg->scan_request = NULL;
6413 	cfg->pwr_save = true;
6414 	cfg->dongle_up = false;		/* dongle is not up yet */
6415 	err = brcmf_init_priv_mem(cfg);
6416 	if (err)
6417 		return err;
6418 	brcmf_register_event_handlers(cfg);
6419 	mutex_init(&cfg->usr_sync);
6420 	brcmf_init_escan(cfg);
6421 	brcmf_init_conf(cfg->conf);
6422 	brcmf_init_wmm_prio(cfg->ac_priority);
6423 	init_completion(&cfg->vif_disabled);
6424 	return err;
6425 }
6426 
6427 static void wl_deinit_priv(struct brcmf_cfg80211_info *cfg)
6428 {
6429 	cfg->dongle_up = false;	/* dongle down */
6430 	brcmf_abort_scanning(cfg);
6431 	brcmf_deinit_priv_mem(cfg);
6432 }
6433 
6434 static void init_vif_event(struct brcmf_cfg80211_vif_event *event)
6435 {
6436 	init_waitqueue_head(&event->vif_wq);
6437 	spin_lock_init(&event->vif_event_lock);
6438 }
6439 
6440 static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
6441 {
6442 	struct brcmf_pub *drvr = ifp->drvr;
6443 	s32 err;
6444 	u32 bcn_timeout;
6445 	__le32 roamtrigger[2];
6446 	__le32 roam_delta[2];
6447 
6448 	/* Configure beacon timeout value based upon roaming setting */
6449 	if (ifp->drvr->settings->roamoff)
6450 		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_OFF;
6451 	else
6452 		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
6453 	err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
6454 	if (err) {
6455 		bphy_err(drvr, "bcn_timeout error (%d)\n", err);
6456 		goto roam_setup_done;
6457 	}
6458 
6459 	/* Enable/Disable built-in roaming to allow supplicant to take care of
6460 	 * roaming.
6461 	 */
6462 	brcmf_dbg(INFO, "Internal Roaming = %s\n",
6463 		  ifp->drvr->settings->roamoff ? "Off" : "On");
6464 	err = brcmf_fil_iovar_int_set(ifp, "roam_off",
6465 				      ifp->drvr->settings->roamoff);
6466 	if (err) {
6467 		bphy_err(drvr, "roam_off error (%d)\n", err);
6468 		goto roam_setup_done;
6469 	}
6470 
6471 	roamtrigger[0] = cpu_to_le32(WL_ROAM_TRIGGER_LEVEL);
6472 	roamtrigger[1] = cpu_to_le32(BRCM_BAND_ALL);
6473 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
6474 				     (void *)roamtrigger, sizeof(roamtrigger));
6475 	if (err)
6476 		bphy_err(drvr, "WLC_SET_ROAM_TRIGGER error (%d)\n", err);
6477 
6478 	roam_delta[0] = cpu_to_le32(WL_ROAM_DELTA);
6479 	roam_delta[1] = cpu_to_le32(BRCM_BAND_ALL);
6480 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
6481 				     (void *)roam_delta, sizeof(roam_delta));
6482 	if (err)
6483 		bphy_err(drvr, "WLC_SET_ROAM_DELTA error (%d)\n", err);
6484 
6485 	return 0;
6486 
6487 roam_setup_done:
6488 	return err;
6489 }
6490 
6491 static s32
6492 brcmf_dongle_scantime(struct brcmf_if *ifp)
6493 {
6494 	struct brcmf_pub *drvr = ifp->drvr;
6495 	s32 err = 0;
6496 
6497 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_CHANNEL_TIME,
6498 				    BRCMF_SCAN_CHANNEL_TIME);
6499 	if (err) {
6500 		bphy_err(drvr, "Scan assoc time error (%d)\n", err);
6501 		goto dongle_scantime_out;
6502 	}
6503 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_UNASSOC_TIME,
6504 				    BRCMF_SCAN_UNASSOC_TIME);
6505 	if (err) {
6506 		bphy_err(drvr, "Scan unassoc time error (%d)\n", err);
6507 		goto dongle_scantime_out;
6508 	}
6509 
6510 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_PASSIVE_TIME,
6511 				    BRCMF_SCAN_PASSIVE_TIME);
6512 	if (err) {
6513 		bphy_err(drvr, "Scan passive time error (%d)\n", err);
6514 		goto dongle_scantime_out;
6515 	}
6516 
6517 dongle_scantime_out:
6518 	return err;
6519 }
6520 
6521 static void brcmf_update_bw40_channel_flag(struct ieee80211_channel *channel,
6522 					   struct brcmu_chan *ch)
6523 {
6524 	u32 ht40_flag;
6525 
6526 	ht40_flag = channel->flags & IEEE80211_CHAN_NO_HT40;
6527 	if (ch->sb == BRCMU_CHAN_SB_U) {
6528 		if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6529 			channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6530 		channel->flags |= IEEE80211_CHAN_NO_HT40PLUS;
6531 	} else {
6532 		/* It should be one of
6533 		 * IEEE80211_CHAN_NO_HT40 or
6534 		 * IEEE80211_CHAN_NO_HT40PLUS
6535 		 */
6536 		channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6537 		if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6538 			channel->flags |= IEEE80211_CHAN_NO_HT40MINUS;
6539 	}
6540 }
6541 
6542 static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg,
6543 				    u32 bw_cap[])
6544 {
6545 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
6546 	struct brcmf_pub *drvr = cfg->pub;
6547 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6548 	struct ieee80211_supported_band *band;
6549 	struct ieee80211_channel *channel;
6550 	struct brcmf_chanspec_list *list;
6551 	struct brcmu_chan ch;
6552 	int err;
6553 	u8 *pbuf;
6554 	u32 i, j;
6555 	u32 total;
6556 	u32 chaninfo;
6557 
6558 	pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6559 
6560 	if (pbuf == NULL)
6561 		return -ENOMEM;
6562 
6563 	list = (struct brcmf_chanspec_list *)pbuf;
6564 
6565 	err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6566 				       BRCMF_DCMD_MEDLEN);
6567 	if (err) {
6568 		bphy_err(drvr, "get chanspecs error (%d)\n", err);
6569 		goto fail_pbuf;
6570 	}
6571 
6572 	band = wiphy->bands[NL80211_BAND_2GHZ];
6573 	if (band)
6574 		for (i = 0; i < band->n_channels; i++)
6575 			band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6576 	band = wiphy->bands[NL80211_BAND_5GHZ];
6577 	if (band)
6578 		for (i = 0; i < band->n_channels; i++)
6579 			band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6580 
6581 	total = le32_to_cpu(list->count);
6582 	for (i = 0; i < total; i++) {
6583 		ch.chspec = (u16)le32_to_cpu(list->element[i]);
6584 		cfg->d11inf.decchspec(&ch);
6585 
6586 		if (ch.band == BRCMU_CHAN_BAND_2G) {
6587 			band = wiphy->bands[NL80211_BAND_2GHZ];
6588 		} else if (ch.band == BRCMU_CHAN_BAND_5G) {
6589 			band = wiphy->bands[NL80211_BAND_5GHZ];
6590 		} else {
6591 			bphy_err(drvr, "Invalid channel Spec. 0x%x.\n",
6592 				 ch.chspec);
6593 			continue;
6594 		}
6595 		if (!band)
6596 			continue;
6597 		if (!(bw_cap[band->band] & WLC_BW_40MHZ_BIT) &&
6598 		    ch.bw == BRCMU_CHAN_BW_40)
6599 			continue;
6600 		if (!(bw_cap[band->band] & WLC_BW_80MHZ_BIT) &&
6601 		    ch.bw == BRCMU_CHAN_BW_80)
6602 			continue;
6603 
6604 		channel = NULL;
6605 		for (j = 0; j < band->n_channels; j++) {
6606 			if (band->channels[j].hw_value == ch.control_ch_num) {
6607 				channel = &band->channels[j];
6608 				break;
6609 			}
6610 		}
6611 		if (!channel) {
6612 			/* It seems firmware supports some channel we never
6613 			 * considered. Something new in IEEE standard?
6614 			 */
6615 			bphy_err(drvr, "Ignoring unexpected firmware channel %d\n",
6616 				 ch.control_ch_num);
6617 			continue;
6618 		}
6619 
6620 		if (channel->orig_flags & IEEE80211_CHAN_DISABLED)
6621 			continue;
6622 
6623 		/* assuming the chanspecs order is HT20,
6624 		 * HT40 upper, HT40 lower, and VHT80.
6625 		 */
6626 		switch (ch.bw) {
6627 		case BRCMU_CHAN_BW_160:
6628 			channel->flags &= ~IEEE80211_CHAN_NO_160MHZ;
6629 			break;
6630 		case BRCMU_CHAN_BW_80:
6631 			channel->flags &= ~IEEE80211_CHAN_NO_80MHZ;
6632 			break;
6633 		case BRCMU_CHAN_BW_40:
6634 			brcmf_update_bw40_channel_flag(channel, &ch);
6635 			break;
6636 		default:
6637 			wiphy_warn(wiphy, "Firmware reported unsupported bandwidth %d\n",
6638 				   ch.bw);
6639 			fallthrough;
6640 		case BRCMU_CHAN_BW_20:
6641 			/* enable the channel and disable other bandwidths
6642 			 * for now as mentioned order assure they are enabled
6643 			 * for subsequent chanspecs.
6644 			 */
6645 			channel->flags = IEEE80211_CHAN_NO_HT40 |
6646 					 IEEE80211_CHAN_NO_80MHZ |
6647 					 IEEE80211_CHAN_NO_160MHZ;
6648 			ch.bw = BRCMU_CHAN_BW_20;
6649 			cfg->d11inf.encchspec(&ch);
6650 			chaninfo = ch.chspec;
6651 			err = brcmf_fil_bsscfg_int_get(ifp, "per_chan_info",
6652 						       &chaninfo);
6653 			if (!err) {
6654 				if (chaninfo & WL_CHAN_RADAR)
6655 					channel->flags |=
6656 						(IEEE80211_CHAN_RADAR |
6657 						 IEEE80211_CHAN_NO_IR);
6658 				if (chaninfo & WL_CHAN_PASSIVE)
6659 					channel->flags |=
6660 						IEEE80211_CHAN_NO_IR;
6661 			}
6662 		}
6663 	}
6664 
6665 fail_pbuf:
6666 	kfree(pbuf);
6667 	return err;
6668 }
6669 
6670 static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
6671 {
6672 	struct brcmf_pub *drvr = cfg->pub;
6673 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6674 	struct ieee80211_supported_band *band;
6675 	struct brcmf_fil_bwcap_le band_bwcap;
6676 	struct brcmf_chanspec_list *list;
6677 	u8 *pbuf;
6678 	u32 val;
6679 	int err;
6680 	struct brcmu_chan ch;
6681 	u32 num_chan;
6682 	int i, j;
6683 
6684 	/* verify support for bw_cap command */
6685 	val = WLC_BAND_5G;
6686 	err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &val);
6687 
6688 	if (!err) {
6689 		/* only set 2G bandwidth using bw_cap command */
6690 		band_bwcap.band = cpu_to_le32(WLC_BAND_2G);
6691 		band_bwcap.bw_cap = cpu_to_le32(WLC_BW_CAP_40MHZ);
6692 		err = brcmf_fil_iovar_data_set(ifp, "bw_cap", &band_bwcap,
6693 					       sizeof(band_bwcap));
6694 	} else {
6695 		brcmf_dbg(INFO, "fallback to mimo_bw_cap\n");
6696 		val = WLC_N_BW_40ALL;
6697 		err = brcmf_fil_iovar_int_set(ifp, "mimo_bw_cap", val);
6698 	}
6699 
6700 	if (!err) {
6701 		/* update channel info in 2G band */
6702 		pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6703 
6704 		if (pbuf == NULL)
6705 			return -ENOMEM;
6706 
6707 		ch.band = BRCMU_CHAN_BAND_2G;
6708 		ch.bw = BRCMU_CHAN_BW_40;
6709 		ch.sb = BRCMU_CHAN_SB_NONE;
6710 		ch.chnum = 0;
6711 		cfg->d11inf.encchspec(&ch);
6712 
6713 		/* pass encoded chanspec in query */
6714 		*(__le16 *)pbuf = cpu_to_le16(ch.chspec);
6715 
6716 		err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6717 					       BRCMF_DCMD_MEDLEN);
6718 		if (err) {
6719 			bphy_err(drvr, "get chanspecs error (%d)\n", err);
6720 			kfree(pbuf);
6721 			return err;
6722 		}
6723 
6724 		band = cfg_to_wiphy(cfg)->bands[NL80211_BAND_2GHZ];
6725 		list = (struct brcmf_chanspec_list *)pbuf;
6726 		num_chan = le32_to_cpu(list->count);
6727 		for (i = 0; i < num_chan; i++) {
6728 			ch.chspec = (u16)le32_to_cpu(list->element[i]);
6729 			cfg->d11inf.decchspec(&ch);
6730 			if (WARN_ON(ch.band != BRCMU_CHAN_BAND_2G))
6731 				continue;
6732 			if (WARN_ON(ch.bw != BRCMU_CHAN_BW_40))
6733 				continue;
6734 			for (j = 0; j < band->n_channels; j++) {
6735 				if (band->channels[j].hw_value == ch.control_ch_num)
6736 					break;
6737 			}
6738 			if (WARN_ON(j == band->n_channels))
6739 				continue;
6740 
6741 			brcmf_update_bw40_channel_flag(&band->channels[j], &ch);
6742 		}
6743 		kfree(pbuf);
6744 	}
6745 	return err;
6746 }
6747 
6748 static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
6749 {
6750 	struct brcmf_pub *drvr = ifp->drvr;
6751 	u32 band, mimo_bwcap;
6752 	int err;
6753 
6754 	band = WLC_BAND_2G;
6755 	err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6756 	if (!err) {
6757 		bw_cap[NL80211_BAND_2GHZ] = band;
6758 		band = WLC_BAND_5G;
6759 		err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6760 		if (!err) {
6761 			bw_cap[NL80211_BAND_5GHZ] = band;
6762 			return;
6763 		}
6764 		WARN_ON(1);
6765 		return;
6766 	}
6767 	brcmf_dbg(INFO, "fallback to mimo_bw_cap info\n");
6768 	mimo_bwcap = 0;
6769 	err = brcmf_fil_iovar_int_get(ifp, "mimo_bw_cap", &mimo_bwcap);
6770 	if (err)
6771 		/* assume 20MHz if firmware does not give a clue */
6772 		mimo_bwcap = WLC_N_BW_20ALL;
6773 
6774 	switch (mimo_bwcap) {
6775 	case WLC_N_BW_40ALL:
6776 		bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_40MHZ_BIT;
6777 		fallthrough;
6778 	case WLC_N_BW_20IN2G_40IN5G:
6779 		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_40MHZ_BIT;
6780 		fallthrough;
6781 	case WLC_N_BW_20ALL:
6782 		bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_20MHZ_BIT;
6783 		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
6784 		break;
6785 	default:
6786 		bphy_err(drvr, "invalid mimo_bw_cap value\n");
6787 	}
6788 }
6789 
6790 static void brcmf_update_ht_cap(struct ieee80211_supported_band *band,
6791 				u32 bw_cap[2], u32 nchain)
6792 {
6793 	band->ht_cap.ht_supported = true;
6794 	if (bw_cap[band->band] & WLC_BW_40MHZ_BIT) {
6795 		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
6796 		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
6797 	}
6798 	band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
6799 	band->ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
6800 	band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
6801 	band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_16;
6802 	memset(band->ht_cap.mcs.rx_mask, 0xff, nchain);
6803 	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
6804 }
6805 
6806 static __le16 brcmf_get_mcs_map(u32 nchain, enum ieee80211_vht_mcs_support supp)
6807 {
6808 	u16 mcs_map;
6809 	int i;
6810 
6811 	for (i = 0, mcs_map = 0xFFFF; i < nchain; i++)
6812 		mcs_map = (mcs_map << 2) | supp;
6813 
6814 	return cpu_to_le16(mcs_map);
6815 }
6816 
6817 static void brcmf_update_vht_cap(struct ieee80211_supported_band *band,
6818 				 u32 bw_cap[2], u32 nchain, u32 txstreams,
6819 				 u32 txbf_bfe_cap, u32 txbf_bfr_cap)
6820 {
6821 	__le16 mcs_map;
6822 
6823 	/* not allowed in 2.4G band */
6824 	if (band->band == NL80211_BAND_2GHZ)
6825 		return;
6826 
6827 	band->vht_cap.vht_supported = true;
6828 	/* 80MHz is mandatory */
6829 	band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_80;
6830 	if (bw_cap[band->band] & WLC_BW_160MHZ_BIT) {
6831 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
6832 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_160;
6833 	}
6834 	/* all support 256-QAM */
6835 	mcs_map = brcmf_get_mcs_map(nchain, IEEE80211_VHT_MCS_SUPPORT_0_9);
6836 	band->vht_cap.vht_mcs.rx_mcs_map = mcs_map;
6837 	band->vht_cap.vht_mcs.tx_mcs_map = mcs_map;
6838 
6839 	/* Beamforming support information */
6840 	if (txbf_bfe_cap & BRCMF_TXBF_SU_BFE_CAP)
6841 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
6842 	if (txbf_bfe_cap & BRCMF_TXBF_MU_BFE_CAP)
6843 		band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
6844 	if (txbf_bfr_cap & BRCMF_TXBF_SU_BFR_CAP)
6845 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE;
6846 	if (txbf_bfr_cap & BRCMF_TXBF_MU_BFR_CAP)
6847 		band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE;
6848 
6849 	if ((txbf_bfe_cap || txbf_bfr_cap) && (txstreams > 1)) {
6850 		band->vht_cap.cap |=
6851 			(2 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT);
6852 		band->vht_cap.cap |= ((txstreams - 1) <<
6853 				IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT);
6854 		band->vht_cap.cap |=
6855 			IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
6856 	}
6857 }
6858 
6859 static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
6860 {
6861 	struct brcmf_pub *drvr = cfg->pub;
6862 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6863 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
6864 	u32 nmode = 0;
6865 	u32 vhtmode = 0;
6866 	u32 bw_cap[2] = { WLC_BW_20MHZ_BIT, WLC_BW_20MHZ_BIT };
6867 	u32 rxchain;
6868 	u32 nchain;
6869 	int err;
6870 	s32 i;
6871 	struct ieee80211_supported_band *band;
6872 	u32 txstreams = 0;
6873 	u32 txbf_bfe_cap = 0;
6874 	u32 txbf_bfr_cap = 0;
6875 
6876 	(void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
6877 	err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
6878 	if (err) {
6879 		bphy_err(drvr, "nmode error (%d)\n", err);
6880 	} else {
6881 		brcmf_get_bwcap(ifp, bw_cap);
6882 	}
6883 	brcmf_dbg(INFO, "nmode=%d, vhtmode=%d, bw_cap=(%d, %d)\n",
6884 		  nmode, vhtmode, bw_cap[NL80211_BAND_2GHZ],
6885 		  bw_cap[NL80211_BAND_5GHZ]);
6886 
6887 	err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
6888 	if (err) {
6889 		/* rxchain unsupported by firmware of older chips */
6890 		if (err == -EBADE)
6891 			bphy_info_once(drvr, "rxchain unsupported\n");
6892 		else
6893 			bphy_err(drvr, "rxchain error (%d)\n", err);
6894 
6895 		nchain = 1;
6896 	} else {
6897 		for (nchain = 0; rxchain; nchain++)
6898 			rxchain = rxchain & (rxchain - 1);
6899 	}
6900 	brcmf_dbg(INFO, "nchain=%d\n", nchain);
6901 
6902 	err = brcmf_construct_chaninfo(cfg, bw_cap);
6903 	if (err) {
6904 		bphy_err(drvr, "brcmf_construct_chaninfo failed (%d)\n", err);
6905 		return err;
6906 	}
6907 
6908 	if (vhtmode) {
6909 		(void)brcmf_fil_iovar_int_get(ifp, "txstreams", &txstreams);
6910 		(void)brcmf_fil_iovar_int_get(ifp, "txbf_bfe_cap",
6911 					      &txbf_bfe_cap);
6912 		(void)brcmf_fil_iovar_int_get(ifp, "txbf_bfr_cap",
6913 					      &txbf_bfr_cap);
6914 	}
6915 
6916 	for (i = 0; i < ARRAY_SIZE(wiphy->bands); i++) {
6917 		band = wiphy->bands[i];
6918 		if (band == NULL)
6919 			continue;
6920 
6921 		if (nmode)
6922 			brcmf_update_ht_cap(band, bw_cap, nchain);
6923 		if (vhtmode)
6924 			brcmf_update_vht_cap(band, bw_cap, nchain, txstreams,
6925 					     txbf_bfe_cap, txbf_bfr_cap);
6926 	}
6927 
6928 	return 0;
6929 }
6930 
6931 static const struct ieee80211_txrx_stypes
6932 brcmf_txrx_stypes[NUM_NL80211_IFTYPES] = {
6933 	[NL80211_IFTYPE_STATION] = {
6934 		.tx = 0xffff,
6935 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6936 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6937 	},
6938 	[NL80211_IFTYPE_P2P_CLIENT] = {
6939 		.tx = 0xffff,
6940 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6941 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6942 	},
6943 	[NL80211_IFTYPE_P2P_GO] = {
6944 		.tx = 0xffff,
6945 		.rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6946 		      BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6947 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6948 		      BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6949 		      BIT(IEEE80211_STYPE_AUTH >> 4) |
6950 		      BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6951 		      BIT(IEEE80211_STYPE_ACTION >> 4)
6952 	},
6953 	[NL80211_IFTYPE_P2P_DEVICE] = {
6954 		.tx = 0xffff,
6955 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6956 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6957 	},
6958 	[NL80211_IFTYPE_AP] = {
6959 		.tx = 0xffff,
6960 		.rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6961 		      BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6962 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6963 		      BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6964 		      BIT(IEEE80211_STYPE_AUTH >> 4) |
6965 		      BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6966 		      BIT(IEEE80211_STYPE_ACTION >> 4)
6967 	}
6968 };
6969 
6970 /**
6971  * brcmf_setup_ifmodes() - determine interface modes and combinations.
6972  *
6973  * @wiphy: wiphy object.
6974  * @ifp: interface object needed for feat module api.
6975  *
6976  * The interface modes and combinations are determined dynamically here
6977  * based on firmware functionality.
6978  *
6979  * no p2p and no mbss:
6980  *
6981  *	#STA <= 1, #AP <= 1, channels = 1, 2 total
6982  *
6983  * no p2p and mbss:
6984  *
6985  *	#STA <= 1, #AP <= 1, channels = 1, 2 total
6986  *	#AP <= 4, matching BI, channels = 1, 4 total
6987  *
6988  * no p2p and rsdb:
6989  *	#STA <= 1, #AP <= 2, channels = 2, 4 total
6990  *
6991  * p2p, no mchan, and mbss:
6992  *
6993  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 1, 3 total
6994  *	#STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6995  *	#AP <= 4, matching BI, channels = 1, 4 total
6996  *
6997  * p2p, mchan, and mbss:
6998  *
6999  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 2, 3 total
7000  *	#STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
7001  *	#AP <= 4, matching BI, channels = 1, 4 total
7002  *
7003  * p2p, rsdb, and no mbss:
7004  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 2, AP <= 2,
7005  *	 channels = 2, 4 total
7006  */
7007 static int brcmf_setup_ifmodes(struct wiphy *wiphy, struct brcmf_if *ifp)
7008 {
7009 	struct ieee80211_iface_combination *combo = NULL;
7010 	struct ieee80211_iface_limit *c0_limits = NULL;
7011 	struct ieee80211_iface_limit *p2p_limits = NULL;
7012 	struct ieee80211_iface_limit *mbss_limits = NULL;
7013 	bool mon_flag, mbss, p2p, rsdb, mchan;
7014 	int i, c, n_combos, n_limits;
7015 
7016 	mon_flag = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MONITOR_FLAG);
7017 	mbss = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS);
7018 	p2p = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_P2P);
7019 	rsdb = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB);
7020 	mchan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN);
7021 
7022 	n_combos = 1 + !!(p2p && !rsdb) + !!mbss;
7023 	combo = kcalloc(n_combos, sizeof(*combo), GFP_KERNEL);
7024 	if (!combo)
7025 		goto err;
7026 
7027 	wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
7028 				 BIT(NL80211_IFTYPE_ADHOC) |
7029 				 BIT(NL80211_IFTYPE_AP);
7030 	if (mon_flag)
7031 		wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
7032 	if (p2p)
7033 		wiphy->interface_modes |= BIT(NL80211_IFTYPE_P2P_CLIENT) |
7034 					  BIT(NL80211_IFTYPE_P2P_GO) |
7035 					  BIT(NL80211_IFTYPE_P2P_DEVICE);
7036 
7037 	c = 0;
7038 	i = 0;
7039 	n_limits = 1 + mon_flag + (p2p ? 2 : 0) + (rsdb || !p2p);
7040 	c0_limits = kcalloc(n_limits, sizeof(*c0_limits), GFP_KERNEL);
7041 	if (!c0_limits)
7042 		goto err;
7043 
7044 	combo[c].num_different_channels = 1 + (rsdb || (p2p && mchan));
7045 	c0_limits[i].max = 1;
7046 	c0_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7047 	if (mon_flag) {
7048 		c0_limits[i].max = 1;
7049 		c0_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7050 	}
7051 	if (p2p) {
7052 		c0_limits[i].max = 1;
7053 		c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7054 		c0_limits[i].max = 1 + rsdb;
7055 		c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
7056 				       BIT(NL80211_IFTYPE_P2P_GO);
7057 	}
7058 	if (p2p && rsdb) {
7059 		c0_limits[i].max = 2;
7060 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7061 		combo[c].max_interfaces = 4;
7062 	} else if (p2p) {
7063 		combo[c].max_interfaces = i;
7064 	} else if (rsdb) {
7065 		c0_limits[i].max = 2;
7066 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7067 		combo[c].max_interfaces = 3;
7068 	} else {
7069 		c0_limits[i].max = 1;
7070 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7071 		combo[c].max_interfaces = i;
7072 	}
7073 	combo[c].n_limits = i;
7074 	combo[c].limits = c0_limits;
7075 
7076 	if (p2p && !rsdb) {
7077 		c++;
7078 		i = 0;
7079 		p2p_limits = kcalloc(4, sizeof(*p2p_limits), GFP_KERNEL);
7080 		if (!p2p_limits)
7081 			goto err;
7082 		p2p_limits[i].max = 1;
7083 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7084 		p2p_limits[i].max = 1;
7085 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7086 		p2p_limits[i].max = 1;
7087 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT);
7088 		p2p_limits[i].max = 1;
7089 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7090 		combo[c].num_different_channels = 1;
7091 		combo[c].max_interfaces = i;
7092 		combo[c].n_limits = i;
7093 		combo[c].limits = p2p_limits;
7094 	}
7095 
7096 	if (mbss) {
7097 		c++;
7098 		i = 0;
7099 		n_limits = 1 + mon_flag;
7100 		mbss_limits = kcalloc(n_limits, sizeof(*mbss_limits),
7101 				      GFP_KERNEL);
7102 		if (!mbss_limits)
7103 			goto err;
7104 		mbss_limits[i].max = 4;
7105 		mbss_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7106 		if (mon_flag) {
7107 			mbss_limits[i].max = 1;
7108 			mbss_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7109 		}
7110 		combo[c].beacon_int_infra_match = true;
7111 		combo[c].num_different_channels = 1;
7112 		combo[c].max_interfaces = 4 + mon_flag;
7113 		combo[c].n_limits = i;
7114 		combo[c].limits = mbss_limits;
7115 	}
7116 
7117 	wiphy->n_iface_combinations = n_combos;
7118 	wiphy->iface_combinations = combo;
7119 	return 0;
7120 
7121 err:
7122 	kfree(c0_limits);
7123 	kfree(p2p_limits);
7124 	kfree(mbss_limits);
7125 	kfree(combo);
7126 	return -ENOMEM;
7127 }
7128 
7129 #ifdef CONFIG_PM
7130 static const struct wiphy_wowlan_support brcmf_wowlan_support = {
7131 	.flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
7132 	.n_patterns = BRCMF_WOWL_MAXPATTERNS,
7133 	.pattern_max_len = BRCMF_WOWL_MAXPATTERNSIZE,
7134 	.pattern_min_len = 1,
7135 	.max_pkt_offset = 1500,
7136 };
7137 #endif
7138 
7139 static void brcmf_wiphy_wowl_params(struct wiphy *wiphy, struct brcmf_if *ifp)
7140 {
7141 #ifdef CONFIG_PM
7142 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7143 	struct brcmf_pub *drvr = cfg->pub;
7144 	struct wiphy_wowlan_support *wowl;
7145 
7146 	wowl = kmemdup(&brcmf_wowlan_support, sizeof(brcmf_wowlan_support),
7147 		       GFP_KERNEL);
7148 	if (!wowl) {
7149 		bphy_err(drvr, "only support basic wowlan features\n");
7150 		wiphy->wowlan = &brcmf_wowlan_support;
7151 		return;
7152 	}
7153 
7154 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7155 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ND)) {
7156 			wowl->flags |= WIPHY_WOWLAN_NET_DETECT;
7157 			wowl->max_nd_match_sets = BRCMF_PNO_MAX_PFN_COUNT;
7158 			init_waitqueue_head(&cfg->wowl.nd_data_wait);
7159 		}
7160 	}
7161 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK)) {
7162 		wowl->flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY;
7163 		wowl->flags |= WIPHY_WOWLAN_GTK_REKEY_FAILURE;
7164 	}
7165 
7166 	wiphy->wowlan = wowl;
7167 #endif
7168 }
7169 
7170 static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
7171 {
7172 	struct brcmf_pub *drvr = ifp->drvr;
7173 	const struct ieee80211_iface_combination *combo;
7174 	struct ieee80211_supported_band *band;
7175 	u16 max_interfaces = 0;
7176 	bool gscan;
7177 	__le32 bandlist[3];
7178 	u32 n_bands;
7179 	int err, i;
7180 
7181 	wiphy->max_scan_ssids = WL_NUM_SCAN_MAX;
7182 	wiphy->max_scan_ie_len = BRCMF_SCAN_IE_LEN_MAX;
7183 	wiphy->max_num_pmkids = BRCMF_MAXPMKID;
7184 
7185 	err = brcmf_setup_ifmodes(wiphy, ifp);
7186 	if (err)
7187 		return err;
7188 
7189 	for (i = 0, combo = wiphy->iface_combinations;
7190 	     i < wiphy->n_iface_combinations; i++, combo++) {
7191 		max_interfaces = max(max_interfaces, combo->max_interfaces);
7192 	}
7193 
7194 	for (i = 0; i < max_interfaces && i < ARRAY_SIZE(drvr->addresses);
7195 	     i++) {
7196 		u8 *addr = drvr->addresses[i].addr;
7197 
7198 		memcpy(addr, drvr->mac, ETH_ALEN);
7199 		if (i) {
7200 			addr[0] |= BIT(1);
7201 			addr[ETH_ALEN - 1] ^= i;
7202 		}
7203 	}
7204 	wiphy->addresses = drvr->addresses;
7205 	wiphy->n_addresses = i;
7206 
7207 	wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
7208 	wiphy->cipher_suites = brcmf_cipher_suites;
7209 	wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
7210 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
7211 		wiphy->n_cipher_suites--;
7212 	wiphy->bss_select_support = BIT(NL80211_BSS_SELECT_ATTR_RSSI) |
7213 				    BIT(NL80211_BSS_SELECT_ATTR_BAND_PREF) |
7214 				    BIT(NL80211_BSS_SELECT_ATTR_RSSI_ADJUST);
7215 
7216 	wiphy->flags |= WIPHY_FLAG_NETNS_OK |
7217 			WIPHY_FLAG_PS_ON_BY_DEFAULT |
7218 			WIPHY_FLAG_HAVE_AP_SME |
7219 			WIPHY_FLAG_OFFCHAN_TX |
7220 			WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
7221 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS))
7222 		wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
7223 	if (!ifp->drvr->settings->roamoff)
7224 		wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM;
7225 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWSUP)) {
7226 		wiphy_ext_feature_set(wiphy,
7227 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK);
7228 		wiphy_ext_feature_set(wiphy,
7229 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X);
7230 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7231 			wiphy_ext_feature_set(wiphy,
7232 					      NL80211_EXT_FEATURE_SAE_OFFLOAD);
7233 	}
7234 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) {
7235 		wiphy_ext_feature_set(wiphy,
7236 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK);
7237 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7238 			wiphy_ext_feature_set(wiphy,
7239 					      NL80211_EXT_FEATURE_SAE_OFFLOAD_AP);
7240 	}
7241 	wiphy->mgmt_stypes = brcmf_txrx_stypes;
7242 	wiphy->max_remain_on_channel_duration = 5000;
7243 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7244 		gscan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_GSCAN);
7245 		brcmf_pno_wiphy_params(wiphy, gscan);
7246 	}
7247 	/* vendor commands/events support */
7248 	wiphy->vendor_commands = brcmf_vendor_cmds;
7249 	wiphy->n_vendor_commands = BRCMF_VNDR_CMDS_LAST - 1;
7250 
7251 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL))
7252 		brcmf_wiphy_wowl_params(wiphy, ifp);
7253 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
7254 				     sizeof(bandlist));
7255 	if (err) {
7256 		bphy_err(drvr, "could not obtain band info: err=%d\n", err);
7257 		return err;
7258 	}
7259 	/* first entry in bandlist is number of bands */
7260 	n_bands = le32_to_cpu(bandlist[0]);
7261 	for (i = 1; i <= n_bands && i < ARRAY_SIZE(bandlist); i++) {
7262 		if (bandlist[i] == cpu_to_le32(WLC_BAND_2G)) {
7263 			band = kmemdup(&__wl_band_2ghz, sizeof(__wl_band_2ghz),
7264 				       GFP_KERNEL);
7265 			if (!band)
7266 				return -ENOMEM;
7267 
7268 			band->channels = kmemdup(&__wl_2ghz_channels,
7269 						 sizeof(__wl_2ghz_channels),
7270 						 GFP_KERNEL);
7271 			if (!band->channels) {
7272 				kfree(band);
7273 				return -ENOMEM;
7274 			}
7275 
7276 			band->n_channels = ARRAY_SIZE(__wl_2ghz_channels);
7277 			wiphy->bands[NL80211_BAND_2GHZ] = band;
7278 		}
7279 		if (bandlist[i] == cpu_to_le32(WLC_BAND_5G)) {
7280 			band = kmemdup(&__wl_band_5ghz, sizeof(__wl_band_5ghz),
7281 				       GFP_KERNEL);
7282 			if (!band)
7283 				return -ENOMEM;
7284 
7285 			band->channels = kmemdup(&__wl_5ghz_channels,
7286 						 sizeof(__wl_5ghz_channels),
7287 						 GFP_KERNEL);
7288 			if (!band->channels) {
7289 				kfree(band);
7290 				return -ENOMEM;
7291 			}
7292 
7293 			band->n_channels = ARRAY_SIZE(__wl_5ghz_channels);
7294 			wiphy->bands[NL80211_BAND_5GHZ] = band;
7295 		}
7296 	}
7297 
7298 	if (wiphy->bands[NL80211_BAND_5GHZ] &&
7299 	    brcmf_feat_is_enabled(ifp, BRCMF_FEAT_DOT11H))
7300 		wiphy_ext_feature_set(wiphy,
7301 				      NL80211_EXT_FEATURE_DFS_OFFLOAD);
7302 
7303 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
7304 
7305 	wiphy_read_of_freq_limits(wiphy);
7306 
7307 	return 0;
7308 }
7309 
7310 static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
7311 {
7312 	struct brcmf_pub *drvr = cfg->pub;
7313 	struct net_device *ndev;
7314 	struct wireless_dev *wdev;
7315 	struct brcmf_if *ifp;
7316 	s32 power_mode;
7317 	s32 err = 0;
7318 
7319 	if (cfg->dongle_up)
7320 		return err;
7321 
7322 	ndev = cfg_to_ndev(cfg);
7323 	wdev = ndev->ieee80211_ptr;
7324 	ifp = netdev_priv(ndev);
7325 
7326 	/* make sure RF is ready for work */
7327 	brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 0);
7328 
7329 	brcmf_dongle_scantime(ifp);
7330 
7331 	power_mode = cfg->pwr_save ? PM_FAST : PM_OFF;
7332 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, power_mode);
7333 	if (err)
7334 		goto default_conf_out;
7335 	brcmf_dbg(INFO, "power save set to %s\n",
7336 		  (power_mode ? "enabled" : "disabled"));
7337 
7338 	err = brcmf_dongle_roam(ifp);
7339 	if (err)
7340 		goto default_conf_out;
7341 	err = brcmf_cfg80211_change_iface(wdev->wiphy, ndev, wdev->iftype,
7342 					  NULL);
7343 	if (err)
7344 		goto default_conf_out;
7345 
7346 	brcmf_configure_arp_nd_offload(ifp, true);
7347 
7348 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_FAKEFRAG, 1);
7349 	if (err) {
7350 		bphy_err(drvr, "failed to set frameburst mode\n");
7351 		goto default_conf_out;
7352 	}
7353 
7354 	cfg->dongle_up = true;
7355 default_conf_out:
7356 
7357 	return err;
7358 
7359 }
7360 
7361 static s32 __brcmf_cfg80211_up(struct brcmf_if *ifp)
7362 {
7363 	set_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7364 
7365 	return brcmf_config_dongle(ifp->drvr->config);
7366 }
7367 
7368 static s32 __brcmf_cfg80211_down(struct brcmf_if *ifp)
7369 {
7370 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7371 
7372 	/*
7373 	 * While going down, if associated with AP disassociate
7374 	 * from AP to save power
7375 	 */
7376 	if (check_vif_up(ifp->vif)) {
7377 		brcmf_link_down(ifp->vif, WLAN_REASON_UNSPECIFIED, true);
7378 
7379 		/* Make sure WPA_Supplicant receives all the event
7380 		   generated due to DISASSOC call to the fw to keep
7381 		   the state fw and WPA_Supplicant state consistent
7382 		 */
7383 		brcmf_delay(500);
7384 	}
7385 
7386 	brcmf_abort_scanning(cfg);
7387 	clear_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7388 
7389 	return 0;
7390 }
7391 
7392 s32 brcmf_cfg80211_up(struct net_device *ndev)
7393 {
7394 	struct brcmf_if *ifp = netdev_priv(ndev);
7395 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7396 	s32 err = 0;
7397 
7398 	mutex_lock(&cfg->usr_sync);
7399 	err = __brcmf_cfg80211_up(ifp);
7400 	mutex_unlock(&cfg->usr_sync);
7401 
7402 	return err;
7403 }
7404 
7405 s32 brcmf_cfg80211_down(struct net_device *ndev)
7406 {
7407 	struct brcmf_if *ifp = netdev_priv(ndev);
7408 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7409 	s32 err = 0;
7410 
7411 	mutex_lock(&cfg->usr_sync);
7412 	err = __brcmf_cfg80211_down(ifp);
7413 	mutex_unlock(&cfg->usr_sync);
7414 
7415 	return err;
7416 }
7417 
7418 enum nl80211_iftype brcmf_cfg80211_get_iftype(struct brcmf_if *ifp)
7419 {
7420 	struct wireless_dev *wdev = &ifp->vif->wdev;
7421 
7422 	return wdev->iftype;
7423 }
7424 
7425 bool brcmf_get_vif_state_any(struct brcmf_cfg80211_info *cfg,
7426 			     unsigned long state)
7427 {
7428 	struct brcmf_cfg80211_vif *vif;
7429 
7430 	list_for_each_entry(vif, &cfg->vif_list, list) {
7431 		if (test_bit(state, &vif->sme_state))
7432 			return true;
7433 	}
7434 	return false;
7435 }
7436 
7437 static inline bool vif_event_equals(struct brcmf_cfg80211_vif_event *event,
7438 				    u8 action)
7439 {
7440 	u8 evt_action;
7441 
7442 	spin_lock(&event->vif_event_lock);
7443 	evt_action = event->action;
7444 	spin_unlock(&event->vif_event_lock);
7445 	return evt_action == action;
7446 }
7447 
7448 void brcmf_cfg80211_arm_vif_event(struct brcmf_cfg80211_info *cfg,
7449 				  struct brcmf_cfg80211_vif *vif)
7450 {
7451 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7452 
7453 	spin_lock(&event->vif_event_lock);
7454 	event->vif = vif;
7455 	event->action = 0;
7456 	spin_unlock(&event->vif_event_lock);
7457 }
7458 
7459 bool brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info *cfg)
7460 {
7461 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7462 	bool armed;
7463 
7464 	spin_lock(&event->vif_event_lock);
7465 	armed = event->vif != NULL;
7466 	spin_unlock(&event->vif_event_lock);
7467 
7468 	return armed;
7469 }
7470 
7471 int brcmf_cfg80211_wait_vif_event(struct brcmf_cfg80211_info *cfg,
7472 				  u8 action, ulong timeout)
7473 {
7474 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7475 
7476 	return wait_event_timeout(event->vif_wq,
7477 				  vif_event_equals(event, action), timeout);
7478 }
7479 
7480 static bool brmcf_use_iso3166_ccode_fallback(struct brcmf_pub *drvr)
7481 {
7482 	switch (drvr->bus_if->chip) {
7483 	case BRCM_CC_4345_CHIP_ID:
7484 	case BRCM_CC_43602_CHIP_ID:
7485 		return true;
7486 	default:
7487 		return false;
7488 	}
7489 }
7490 
7491 static s32 brcmf_translate_country_code(struct brcmf_pub *drvr, char alpha2[2],
7492 					struct brcmf_fil_country_le *ccreq)
7493 {
7494 	struct brcmfmac_pd_cc *country_codes;
7495 	struct brcmfmac_pd_cc_entry *cc;
7496 	s32 found_index;
7497 	int i;
7498 
7499 	if ((alpha2[0] == ccreq->country_abbrev[0]) &&
7500 	    (alpha2[1] == ccreq->country_abbrev[1])) {
7501 		brcmf_dbg(TRACE, "Country code already set\n");
7502 		return -EAGAIN;
7503 	}
7504 
7505 	country_codes = drvr->settings->country_codes;
7506 	if (!country_codes) {
7507 		if (brmcf_use_iso3166_ccode_fallback(drvr)) {
7508 			brcmf_dbg(TRACE, "No country codes configured for device, using ISO3166 code and 0 rev\n");
7509 			memset(ccreq, 0, sizeof(*ccreq));
7510 			ccreq->country_abbrev[0] = alpha2[0];
7511 			ccreq->country_abbrev[1] = alpha2[1];
7512 			ccreq->ccode[0] = alpha2[0];
7513 			ccreq->ccode[1] = alpha2[1];
7514 			return 0;
7515 		}
7516 
7517 		brcmf_dbg(TRACE, "No country codes configured for device\n");
7518 		return -EINVAL;
7519 	}
7520 
7521 	found_index = -1;
7522 	for (i = 0; i < country_codes->table_size; i++) {
7523 		cc = &country_codes->table[i];
7524 		if ((cc->iso3166[0] == '\0') && (found_index == -1))
7525 			found_index = i;
7526 		if ((cc->iso3166[0] == alpha2[0]) &&
7527 		    (cc->iso3166[1] == alpha2[1])) {
7528 			found_index = i;
7529 			break;
7530 		}
7531 	}
7532 	if (found_index == -1) {
7533 		brcmf_dbg(TRACE, "No country code match found\n");
7534 		return -EINVAL;
7535 	}
7536 	memset(ccreq, 0, sizeof(*ccreq));
7537 	ccreq->rev = cpu_to_le32(country_codes->table[found_index].rev);
7538 	memcpy(ccreq->ccode, country_codes->table[found_index].cc,
7539 	       BRCMF_COUNTRY_BUF_SZ);
7540 	ccreq->country_abbrev[0] = alpha2[0];
7541 	ccreq->country_abbrev[1] = alpha2[1];
7542 	ccreq->country_abbrev[2] = 0;
7543 
7544 	return 0;
7545 }
7546 
7547 static void brcmf_cfg80211_reg_notifier(struct wiphy *wiphy,
7548 					struct regulatory_request *req)
7549 {
7550 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7551 	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
7552 	struct brcmf_pub *drvr = cfg->pub;
7553 	struct brcmf_fil_country_le ccreq;
7554 	s32 err;
7555 	int i;
7556 
7557 	/* The country code gets set to "00" by default at boot, ignore */
7558 	if (req->alpha2[0] == '0' && req->alpha2[1] == '0')
7559 		return;
7560 
7561 	/* ignore non-ISO3166 country codes */
7562 	for (i = 0; i < 2; i++)
7563 		if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
7564 			bphy_err(drvr, "not an ISO3166 code (0x%02x 0x%02x)\n",
7565 				 req->alpha2[0], req->alpha2[1]);
7566 			return;
7567 		}
7568 
7569 	brcmf_dbg(TRACE, "Enter: initiator=%d, alpha=%c%c\n", req->initiator,
7570 		  req->alpha2[0], req->alpha2[1]);
7571 
7572 	err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
7573 	if (err) {
7574 		bphy_err(drvr, "Country code iovar returned err = %d\n", err);
7575 		return;
7576 	}
7577 
7578 	err = brcmf_translate_country_code(ifp->drvr, req->alpha2, &ccreq);
7579 	if (err)
7580 		return;
7581 
7582 	err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
7583 	if (err) {
7584 		bphy_err(drvr, "Firmware rejected country setting\n");
7585 		return;
7586 	}
7587 	brcmf_setup_wiphybands(cfg);
7588 }
7589 
7590 static void brcmf_free_wiphy(struct wiphy *wiphy)
7591 {
7592 	int i;
7593 
7594 	if (!wiphy)
7595 		return;
7596 
7597 	if (wiphy->iface_combinations) {
7598 		for (i = 0; i < wiphy->n_iface_combinations; i++)
7599 			kfree(wiphy->iface_combinations[i].limits);
7600 	}
7601 	kfree(wiphy->iface_combinations);
7602 	if (wiphy->bands[NL80211_BAND_2GHZ]) {
7603 		kfree(wiphy->bands[NL80211_BAND_2GHZ]->channels);
7604 		kfree(wiphy->bands[NL80211_BAND_2GHZ]);
7605 	}
7606 	if (wiphy->bands[NL80211_BAND_5GHZ]) {
7607 		kfree(wiphy->bands[NL80211_BAND_5GHZ]->channels);
7608 		kfree(wiphy->bands[NL80211_BAND_5GHZ]);
7609 	}
7610 #if IS_ENABLED(CONFIG_PM)
7611 	if (wiphy->wowlan != &brcmf_wowlan_support)
7612 		kfree(wiphy->wowlan);
7613 #endif
7614 }
7615 
7616 struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
7617 						  struct cfg80211_ops *ops,
7618 						  bool p2pdev_forced)
7619 {
7620 	struct wiphy *wiphy = drvr->wiphy;
7621 	struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev;
7622 	struct brcmf_cfg80211_info *cfg;
7623 	struct brcmf_cfg80211_vif *vif;
7624 	struct brcmf_if *ifp;
7625 	s32 err = 0;
7626 	s32 io_type;
7627 	u16 *cap = NULL;
7628 
7629 	if (!ndev) {
7630 		bphy_err(drvr, "ndev is invalid\n");
7631 		return NULL;
7632 	}
7633 
7634 	cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
7635 	if (!cfg) {
7636 		bphy_err(drvr, "Could not allocate wiphy device\n");
7637 		return NULL;
7638 	}
7639 
7640 	cfg->wiphy = wiphy;
7641 	cfg->pub = drvr;
7642 	init_vif_event(&cfg->vif_event);
7643 	INIT_LIST_HEAD(&cfg->vif_list);
7644 
7645 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_STATION);
7646 	if (IS_ERR(vif))
7647 		goto wiphy_out;
7648 
7649 	ifp = netdev_priv(ndev);
7650 	vif->ifp = ifp;
7651 	vif->wdev.netdev = ndev;
7652 	ndev->ieee80211_ptr = &vif->wdev;
7653 	SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
7654 
7655 	err = wl_init_priv(cfg);
7656 	if (err) {
7657 		bphy_err(drvr, "Failed to init iwm_priv (%d)\n", err);
7658 		brcmf_free_vif(vif);
7659 		goto wiphy_out;
7660 	}
7661 	ifp->vif = vif;
7662 
7663 	/* determine d11 io type before wiphy setup */
7664 	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
7665 	if (err) {
7666 		bphy_err(drvr, "Failed to get D11 version (%d)\n", err);
7667 		goto priv_out;
7668 	}
7669 	cfg->d11inf.io_type = (u8)io_type;
7670 	brcmu_d11_attach(&cfg->d11inf);
7671 
7672 	/* regulatory notifer below needs access to cfg so
7673 	 * assign it now.
7674 	 */
7675 	drvr->config = cfg;
7676 
7677 	err = brcmf_setup_wiphy(wiphy, ifp);
7678 	if (err < 0)
7679 		goto priv_out;
7680 
7681 	brcmf_dbg(INFO, "Registering custom regulatory\n");
7682 	wiphy->reg_notifier = brcmf_cfg80211_reg_notifier;
7683 	wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;
7684 	wiphy_apply_custom_regulatory(wiphy, &brcmf_regdom);
7685 
7686 	/* firmware defaults to 40MHz disabled in 2G band. We signal
7687 	 * cfg80211 here that we do and have it decide we can enable
7688 	 * it. But first check if device does support 2G operation.
7689 	 */
7690 	if (wiphy->bands[NL80211_BAND_2GHZ]) {
7691 		cap = &wiphy->bands[NL80211_BAND_2GHZ]->ht_cap.cap;
7692 		*cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7693 	}
7694 #ifdef CONFIG_PM
7695 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK))
7696 		ops->set_rekey_data = brcmf_cfg80211_set_rekey_data;
7697 #endif
7698 	err = wiphy_register(wiphy);
7699 	if (err < 0) {
7700 		bphy_err(drvr, "Could not register wiphy device (%d)\n", err);
7701 		goto priv_out;
7702 	}
7703 
7704 	err = brcmf_setup_wiphybands(cfg);
7705 	if (err) {
7706 		bphy_err(drvr, "Setting wiphy bands failed (%d)\n", err);
7707 		goto wiphy_unreg_out;
7708 	}
7709 
7710 	/* If cfg80211 didn't disable 40MHz HT CAP in wiphy_register(),
7711 	 * setup 40MHz in 2GHz band and enable OBSS scanning.
7712 	 */
7713 	if (cap && (*cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) {
7714 		err = brcmf_enable_bw40_2g(cfg);
7715 		if (!err)
7716 			err = brcmf_fil_iovar_int_set(ifp, "obss_coex",
7717 						      BRCMF_OBSS_COEX_AUTO);
7718 		else
7719 			*cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7720 	}
7721 
7722 	err = brcmf_fweh_activate_events(ifp);
7723 	if (err) {
7724 		bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7725 		goto wiphy_unreg_out;
7726 	}
7727 
7728 	err = brcmf_p2p_attach(cfg, p2pdev_forced);
7729 	if (err) {
7730 		bphy_err(drvr, "P2P initialisation failed (%d)\n", err);
7731 		goto wiphy_unreg_out;
7732 	}
7733 	err = brcmf_btcoex_attach(cfg);
7734 	if (err) {
7735 		bphy_err(drvr, "BT-coex initialisation failed (%d)\n", err);
7736 		brcmf_p2p_detach(&cfg->p2p);
7737 		goto wiphy_unreg_out;
7738 	}
7739 	err = brcmf_pno_attach(cfg);
7740 	if (err) {
7741 		bphy_err(drvr, "PNO initialisation failed (%d)\n", err);
7742 		brcmf_btcoex_detach(cfg);
7743 		brcmf_p2p_detach(&cfg->p2p);
7744 		goto wiphy_unreg_out;
7745 	}
7746 
7747 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS)) {
7748 		err = brcmf_fil_iovar_int_set(ifp, "tdls_enable", 1);
7749 		if (err) {
7750 			brcmf_dbg(INFO, "TDLS not enabled (%d)\n", err);
7751 			wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_TDLS;
7752 		} else {
7753 			brcmf_fweh_register(cfg->pub, BRCMF_E_TDLS_PEER_EVENT,
7754 					    brcmf_notify_tdls_peer_event);
7755 		}
7756 	}
7757 
7758 	/* (re-) activate FWEH event handling */
7759 	err = brcmf_fweh_activate_events(ifp);
7760 	if (err) {
7761 		bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7762 		goto detach;
7763 	}
7764 
7765 	/* Fill in some of the advertised nl80211 supported features */
7766 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SCAN_RANDOM_MAC)) {
7767 		wiphy->features |= NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7768 #ifdef CONFIG_PM
7769 		if (wiphy->wowlan &&
7770 		    wiphy->wowlan->flags & WIPHY_WOWLAN_NET_DETECT)
7771 			wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7772 #endif
7773 	}
7774 
7775 	return cfg;
7776 
7777 detach:
7778 	brcmf_pno_detach(cfg);
7779 	brcmf_btcoex_detach(cfg);
7780 	brcmf_p2p_detach(&cfg->p2p);
7781 wiphy_unreg_out:
7782 	wiphy_unregister(cfg->wiphy);
7783 priv_out:
7784 	wl_deinit_priv(cfg);
7785 	brcmf_free_vif(vif);
7786 	ifp->vif = NULL;
7787 wiphy_out:
7788 	brcmf_free_wiphy(wiphy);
7789 	kfree(cfg);
7790 	return NULL;
7791 }
7792 
7793 void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
7794 {
7795 	if (!cfg)
7796 		return;
7797 
7798 	brcmf_pno_detach(cfg);
7799 	brcmf_btcoex_detach(cfg);
7800 	wiphy_unregister(cfg->wiphy);
7801 	wl_deinit_priv(cfg);
7802 	brcmf_free_wiphy(cfg->wiphy);
7803 	kfree(cfg);
7804 }
7805