xref: /openbmc/linux/net/mac80211/cfg.c (revision 12eb4683)
1 /*
2  * mac80211 configuration hooks for cfg80211
3  *
4  * Copyright 2006-2010	Johannes Berg <johannes@sipsolutions.net>
5  *
6  * This file is GPLv2 as found in COPYING.
7  */
8 
9 #include <linux/ieee80211.h>
10 #include <linux/nl80211.h>
11 #include <linux/rtnetlink.h>
12 #include <linux/slab.h>
13 #include <net/net_namespace.h>
14 #include <linux/rcupdate.h>
15 #include <linux/if_ether.h>
16 #include <net/cfg80211.h>
17 #include "ieee80211_i.h"
18 #include "driver-ops.h"
19 #include "cfg.h"
20 #include "rate.h"
21 #include "mesh.h"
22 
23 static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy,
24 						const char *name,
25 						enum nl80211_iftype type,
26 						u32 *flags,
27 						struct vif_params *params)
28 {
29 	struct ieee80211_local *local = wiphy_priv(wiphy);
30 	struct wireless_dev *wdev;
31 	struct ieee80211_sub_if_data *sdata;
32 	int err;
33 
34 	err = ieee80211_if_add(local, name, &wdev, type, params);
35 	if (err)
36 		return ERR_PTR(err);
37 
38 	if (type == NL80211_IFTYPE_MONITOR && flags) {
39 		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
40 		sdata->u.mntr_flags = *flags;
41 	}
42 
43 	return wdev;
44 }
45 
46 static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
47 {
48 	ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
49 
50 	return 0;
51 }
52 
53 static int ieee80211_change_iface(struct wiphy *wiphy,
54 				  struct net_device *dev,
55 				  enum nl80211_iftype type, u32 *flags,
56 				  struct vif_params *params)
57 {
58 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
59 	int ret;
60 
61 	ret = ieee80211_if_change_type(sdata, type);
62 	if (ret)
63 		return ret;
64 
65 	if (type == NL80211_IFTYPE_AP_VLAN &&
66 	    params && params->use_4addr == 0)
67 		RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
68 	else if (type == NL80211_IFTYPE_STATION &&
69 		 params && params->use_4addr >= 0)
70 		sdata->u.mgd.use_4addr = params->use_4addr;
71 
72 	if (sdata->vif.type == NL80211_IFTYPE_MONITOR && flags) {
73 		struct ieee80211_local *local = sdata->local;
74 
75 		if (ieee80211_sdata_running(sdata)) {
76 			u32 mask = MONITOR_FLAG_COOK_FRAMES |
77 				   MONITOR_FLAG_ACTIVE;
78 
79 			/*
80 			 * Prohibit MONITOR_FLAG_COOK_FRAMES and
81 			 * MONITOR_FLAG_ACTIVE to be changed while the
82 			 * interface is up.
83 			 * Else we would need to add a lot of cruft
84 			 * to update everything:
85 			 *	cooked_mntrs, monitor and all fif_* counters
86 			 *	reconfigure hardware
87 			 */
88 			if ((*flags & mask) != (sdata->u.mntr_flags & mask))
89 				return -EBUSY;
90 
91 			ieee80211_adjust_monitor_flags(sdata, -1);
92 			sdata->u.mntr_flags = *flags;
93 			ieee80211_adjust_monitor_flags(sdata, 1);
94 
95 			ieee80211_configure_filter(local);
96 		} else {
97 			/*
98 			 * Because the interface is down, ieee80211_do_stop
99 			 * and ieee80211_do_open take care of "everything"
100 			 * mentioned in the comment above.
101 			 */
102 			sdata->u.mntr_flags = *flags;
103 		}
104 	}
105 
106 	return 0;
107 }
108 
109 static int ieee80211_start_p2p_device(struct wiphy *wiphy,
110 				      struct wireless_dev *wdev)
111 {
112 	return ieee80211_do_open(wdev, true);
113 }
114 
115 static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
116 				      struct wireless_dev *wdev)
117 {
118 	ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
119 }
120 
121 static int ieee80211_set_noack_map(struct wiphy *wiphy,
122 				  struct net_device *dev,
123 				  u16 noack_map)
124 {
125 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
126 
127 	sdata->noack_map = noack_map;
128 	return 0;
129 }
130 
131 static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
132 			     u8 key_idx, bool pairwise, const u8 *mac_addr,
133 			     struct key_params *params)
134 {
135 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
136 	struct sta_info *sta = NULL;
137 	struct ieee80211_key *key;
138 	int err;
139 
140 	if (!ieee80211_sdata_running(sdata))
141 		return -ENETDOWN;
142 
143 	/* reject WEP and TKIP keys if WEP failed to initialize */
144 	switch (params->cipher) {
145 	case WLAN_CIPHER_SUITE_WEP40:
146 	case WLAN_CIPHER_SUITE_TKIP:
147 	case WLAN_CIPHER_SUITE_WEP104:
148 		if (IS_ERR(sdata->local->wep_tx_tfm))
149 			return -EINVAL;
150 		break;
151 	default:
152 		break;
153 	}
154 
155 	key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
156 				  params->key, params->seq_len, params->seq);
157 	if (IS_ERR(key))
158 		return PTR_ERR(key);
159 
160 	if (pairwise)
161 		key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
162 
163 	mutex_lock(&sdata->local->sta_mtx);
164 
165 	if (mac_addr) {
166 		if (ieee80211_vif_is_mesh(&sdata->vif))
167 			sta = sta_info_get(sdata, mac_addr);
168 		else
169 			sta = sta_info_get_bss(sdata, mac_addr);
170 		/*
171 		 * The ASSOC test makes sure the driver is ready to
172 		 * receive the key. When wpa_supplicant has roamed
173 		 * using FT, it attempts to set the key before
174 		 * association has completed, this rejects that attempt
175 		 * so it will set the key again after assocation.
176 		 *
177 		 * TODO: accept the key if we have a station entry and
178 		 *       add it to the device after the station.
179 		 */
180 		if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) {
181 			ieee80211_key_free_unused(key);
182 			err = -ENOENT;
183 			goto out_unlock;
184 		}
185 	}
186 
187 	switch (sdata->vif.type) {
188 	case NL80211_IFTYPE_STATION:
189 		if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
190 			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
191 		break;
192 	case NL80211_IFTYPE_AP:
193 	case NL80211_IFTYPE_AP_VLAN:
194 		/* Keys without a station are used for TX only */
195 		if (key->sta && test_sta_flag(key->sta, WLAN_STA_MFP))
196 			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
197 		break;
198 	case NL80211_IFTYPE_ADHOC:
199 		/* no MFP (yet) */
200 		break;
201 	case NL80211_IFTYPE_MESH_POINT:
202 #ifdef CONFIG_MAC80211_MESH
203 		if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)
204 			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
205 		break;
206 #endif
207 	case NL80211_IFTYPE_WDS:
208 	case NL80211_IFTYPE_MONITOR:
209 	case NL80211_IFTYPE_P2P_DEVICE:
210 	case NL80211_IFTYPE_UNSPECIFIED:
211 	case NUM_NL80211_IFTYPES:
212 	case NL80211_IFTYPE_P2P_CLIENT:
213 	case NL80211_IFTYPE_P2P_GO:
214 		/* shouldn't happen */
215 		WARN_ON_ONCE(1);
216 		break;
217 	}
218 
219 	err = ieee80211_key_link(key, sdata, sta);
220 
221  out_unlock:
222 	mutex_unlock(&sdata->local->sta_mtx);
223 
224 	return err;
225 }
226 
227 static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
228 			     u8 key_idx, bool pairwise, const u8 *mac_addr)
229 {
230 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
231 	struct ieee80211_local *local = sdata->local;
232 	struct sta_info *sta;
233 	struct ieee80211_key *key = NULL;
234 	int ret;
235 
236 	mutex_lock(&local->sta_mtx);
237 	mutex_lock(&local->key_mtx);
238 
239 	if (mac_addr) {
240 		ret = -ENOENT;
241 
242 		sta = sta_info_get_bss(sdata, mac_addr);
243 		if (!sta)
244 			goto out_unlock;
245 
246 		if (pairwise)
247 			key = key_mtx_dereference(local, sta->ptk);
248 		else
249 			key = key_mtx_dereference(local, sta->gtk[key_idx]);
250 	} else
251 		key = key_mtx_dereference(local, sdata->keys[key_idx]);
252 
253 	if (!key) {
254 		ret = -ENOENT;
255 		goto out_unlock;
256 	}
257 
258 	ieee80211_key_free(key, true);
259 
260 	ret = 0;
261  out_unlock:
262 	mutex_unlock(&local->key_mtx);
263 	mutex_unlock(&local->sta_mtx);
264 
265 	return ret;
266 }
267 
268 static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
269 			     u8 key_idx, bool pairwise, const u8 *mac_addr,
270 			     void *cookie,
271 			     void (*callback)(void *cookie,
272 					      struct key_params *params))
273 {
274 	struct ieee80211_sub_if_data *sdata;
275 	struct sta_info *sta = NULL;
276 	u8 seq[6] = {0};
277 	struct key_params params;
278 	struct ieee80211_key *key = NULL;
279 	u64 pn64;
280 	u32 iv32;
281 	u16 iv16;
282 	int err = -ENOENT;
283 
284 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
285 
286 	rcu_read_lock();
287 
288 	if (mac_addr) {
289 		sta = sta_info_get_bss(sdata, mac_addr);
290 		if (!sta)
291 			goto out;
292 
293 		if (pairwise)
294 			key = rcu_dereference(sta->ptk);
295 		else if (key_idx < NUM_DEFAULT_KEYS)
296 			key = rcu_dereference(sta->gtk[key_idx]);
297 	} else
298 		key = rcu_dereference(sdata->keys[key_idx]);
299 
300 	if (!key)
301 		goto out;
302 
303 	memset(&params, 0, sizeof(params));
304 
305 	params.cipher = key->conf.cipher;
306 
307 	switch (key->conf.cipher) {
308 	case WLAN_CIPHER_SUITE_TKIP:
309 		iv32 = key->u.tkip.tx.iv32;
310 		iv16 = key->u.tkip.tx.iv16;
311 
312 		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
313 			drv_get_tkip_seq(sdata->local,
314 					 key->conf.hw_key_idx,
315 					 &iv32, &iv16);
316 
317 		seq[0] = iv16 & 0xff;
318 		seq[1] = (iv16 >> 8) & 0xff;
319 		seq[2] = iv32 & 0xff;
320 		seq[3] = (iv32 >> 8) & 0xff;
321 		seq[4] = (iv32 >> 16) & 0xff;
322 		seq[5] = (iv32 >> 24) & 0xff;
323 		params.seq = seq;
324 		params.seq_len = 6;
325 		break;
326 	case WLAN_CIPHER_SUITE_CCMP:
327 		pn64 = atomic64_read(&key->u.ccmp.tx_pn);
328 		seq[0] = pn64;
329 		seq[1] = pn64 >> 8;
330 		seq[2] = pn64 >> 16;
331 		seq[3] = pn64 >> 24;
332 		seq[4] = pn64 >> 32;
333 		seq[5] = pn64 >> 40;
334 		params.seq = seq;
335 		params.seq_len = 6;
336 		break;
337 	case WLAN_CIPHER_SUITE_AES_CMAC:
338 		pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);
339 		seq[0] = pn64;
340 		seq[1] = pn64 >> 8;
341 		seq[2] = pn64 >> 16;
342 		seq[3] = pn64 >> 24;
343 		seq[4] = pn64 >> 32;
344 		seq[5] = pn64 >> 40;
345 		params.seq = seq;
346 		params.seq_len = 6;
347 		break;
348 	}
349 
350 	params.key = key->conf.key;
351 	params.key_len = key->conf.keylen;
352 
353 	callback(cookie, &params);
354 	err = 0;
355 
356  out:
357 	rcu_read_unlock();
358 	return err;
359 }
360 
361 static int ieee80211_config_default_key(struct wiphy *wiphy,
362 					struct net_device *dev,
363 					u8 key_idx, bool uni,
364 					bool multi)
365 {
366 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
367 
368 	ieee80211_set_default_key(sdata, key_idx, uni, multi);
369 
370 	return 0;
371 }
372 
373 static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
374 					     struct net_device *dev,
375 					     u8 key_idx)
376 {
377 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
378 
379 	ieee80211_set_default_mgmt_key(sdata, key_idx);
380 
381 	return 0;
382 }
383 
384 void sta_set_rate_info_tx(struct sta_info *sta,
385 			  const struct ieee80211_tx_rate *rate,
386 			  struct rate_info *rinfo)
387 {
388 	rinfo->flags = 0;
389 	if (rate->flags & IEEE80211_TX_RC_MCS) {
390 		rinfo->flags |= RATE_INFO_FLAGS_MCS;
391 		rinfo->mcs = rate->idx;
392 	} else if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
393 		rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
394 		rinfo->mcs = ieee80211_rate_get_vht_mcs(rate);
395 		rinfo->nss = ieee80211_rate_get_vht_nss(rate);
396 	} else {
397 		struct ieee80211_supported_band *sband;
398 		int shift = ieee80211_vif_get_shift(&sta->sdata->vif);
399 		u16 brate;
400 
401 		sband = sta->local->hw.wiphy->bands[
402 				ieee80211_get_sdata_band(sta->sdata)];
403 		brate = sband->bitrates[rate->idx].bitrate;
404 		rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
405 	}
406 	if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
407 		rinfo->flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
408 	if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
409 		rinfo->flags |= RATE_INFO_FLAGS_80_MHZ_WIDTH;
410 	if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
411 		rinfo->flags |= RATE_INFO_FLAGS_160_MHZ_WIDTH;
412 	if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
413 		rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
414 }
415 
416 void sta_set_rate_info_rx(struct sta_info *sta, struct rate_info *rinfo)
417 {
418 	rinfo->flags = 0;
419 
420 	if (sta->last_rx_rate_flag & RX_FLAG_HT) {
421 		rinfo->flags |= RATE_INFO_FLAGS_MCS;
422 		rinfo->mcs = sta->last_rx_rate_idx;
423 	} else if (sta->last_rx_rate_flag & RX_FLAG_VHT) {
424 		rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
425 		rinfo->nss = sta->last_rx_rate_vht_nss;
426 		rinfo->mcs = sta->last_rx_rate_idx;
427 	} else {
428 		struct ieee80211_supported_band *sband;
429 		int shift = ieee80211_vif_get_shift(&sta->sdata->vif);
430 		u16 brate;
431 
432 		sband = sta->local->hw.wiphy->bands[
433 				ieee80211_get_sdata_band(sta->sdata)];
434 		brate = sband->bitrates[sta->last_rx_rate_idx].bitrate;
435 		rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
436 	}
437 
438 	if (sta->last_rx_rate_flag & RX_FLAG_40MHZ)
439 		rinfo->flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
440 	if (sta->last_rx_rate_flag & RX_FLAG_SHORT_GI)
441 		rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
442 	if (sta->last_rx_rate_flag & RX_FLAG_80MHZ)
443 		rinfo->flags |= RATE_INFO_FLAGS_80_MHZ_WIDTH;
444 	if (sta->last_rx_rate_flag & RX_FLAG_80P80MHZ)
445 		rinfo->flags |= RATE_INFO_FLAGS_80P80_MHZ_WIDTH;
446 	if (sta->last_rx_rate_flag & RX_FLAG_160MHZ)
447 		rinfo->flags |= RATE_INFO_FLAGS_160_MHZ_WIDTH;
448 }
449 
450 static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
451 {
452 	struct ieee80211_sub_if_data *sdata = sta->sdata;
453 	struct ieee80211_local *local = sdata->local;
454 	struct timespec uptime;
455 	u64 packets = 0;
456 	int i, ac;
457 
458 	sinfo->generation = sdata->local->sta_generation;
459 
460 	sinfo->filled = STATION_INFO_INACTIVE_TIME |
461 			STATION_INFO_RX_BYTES64 |
462 			STATION_INFO_TX_BYTES64 |
463 			STATION_INFO_RX_PACKETS |
464 			STATION_INFO_TX_PACKETS |
465 			STATION_INFO_TX_RETRIES |
466 			STATION_INFO_TX_FAILED |
467 			STATION_INFO_TX_BITRATE |
468 			STATION_INFO_RX_BITRATE |
469 			STATION_INFO_RX_DROP_MISC |
470 			STATION_INFO_BSS_PARAM |
471 			STATION_INFO_CONNECTED_TIME |
472 			STATION_INFO_STA_FLAGS |
473 			STATION_INFO_BEACON_LOSS_COUNT;
474 
475 	do_posix_clock_monotonic_gettime(&uptime);
476 	sinfo->connected_time = uptime.tv_sec - sta->last_connected;
477 
478 	sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx);
479 	sinfo->tx_bytes = 0;
480 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
481 		sinfo->tx_bytes += sta->tx_bytes[ac];
482 		packets += sta->tx_packets[ac];
483 	}
484 	sinfo->tx_packets = packets;
485 	sinfo->rx_bytes = sta->rx_bytes;
486 	sinfo->rx_packets = sta->rx_packets;
487 	sinfo->tx_retries = sta->tx_retry_count;
488 	sinfo->tx_failed = sta->tx_retry_failed;
489 	sinfo->rx_dropped_misc = sta->rx_dropped;
490 	sinfo->beacon_loss_count = sta->beacon_loss_count;
491 
492 	if ((sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) ||
493 	    (sta->local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)) {
494 		sinfo->filled |= STATION_INFO_SIGNAL | STATION_INFO_SIGNAL_AVG;
495 		if (!local->ops->get_rssi ||
496 		    drv_get_rssi(local, sdata, &sta->sta, &sinfo->signal))
497 			sinfo->signal = (s8)sta->last_signal;
498 		sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
499 	}
500 	if (sta->chains) {
501 		sinfo->filled |= STATION_INFO_CHAIN_SIGNAL |
502 				 STATION_INFO_CHAIN_SIGNAL_AVG;
503 
504 		sinfo->chains = sta->chains;
505 		for (i = 0; i < ARRAY_SIZE(sinfo->chain_signal); i++) {
506 			sinfo->chain_signal[i] = sta->chain_signal_last[i];
507 			sinfo->chain_signal_avg[i] =
508 				(s8) -ewma_read(&sta->chain_signal_avg[i]);
509 		}
510 	}
511 
512 	sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate);
513 	sta_set_rate_info_rx(sta, &sinfo->rxrate);
514 
515 	if (ieee80211_vif_is_mesh(&sdata->vif)) {
516 #ifdef CONFIG_MAC80211_MESH
517 		sinfo->filled |= STATION_INFO_LLID |
518 				 STATION_INFO_PLID |
519 				 STATION_INFO_PLINK_STATE |
520 				 STATION_INFO_LOCAL_PM |
521 				 STATION_INFO_PEER_PM |
522 				 STATION_INFO_NONPEER_PM;
523 
524 		sinfo->llid = le16_to_cpu(sta->llid);
525 		sinfo->plid = le16_to_cpu(sta->plid);
526 		sinfo->plink_state = sta->plink_state;
527 		if (test_sta_flag(sta, WLAN_STA_TOFFSET_KNOWN)) {
528 			sinfo->filled |= STATION_INFO_T_OFFSET;
529 			sinfo->t_offset = sta->t_offset;
530 		}
531 		sinfo->local_pm = sta->local_pm;
532 		sinfo->peer_pm = sta->peer_pm;
533 		sinfo->nonpeer_pm = sta->nonpeer_pm;
534 #endif
535 	}
536 
537 	sinfo->bss_param.flags = 0;
538 	if (sdata->vif.bss_conf.use_cts_prot)
539 		sinfo->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
540 	if (sdata->vif.bss_conf.use_short_preamble)
541 		sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
542 	if (sdata->vif.bss_conf.use_short_slot)
543 		sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
544 	sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period;
545 	sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
546 
547 	sinfo->sta_flags.set = 0;
548 	sinfo->sta_flags.mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
549 				BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
550 				BIT(NL80211_STA_FLAG_WME) |
551 				BIT(NL80211_STA_FLAG_MFP) |
552 				BIT(NL80211_STA_FLAG_AUTHENTICATED) |
553 				BIT(NL80211_STA_FLAG_ASSOCIATED) |
554 				BIT(NL80211_STA_FLAG_TDLS_PEER);
555 	if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
556 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
557 	if (test_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE))
558 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
559 	if (test_sta_flag(sta, WLAN_STA_WME))
560 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_WME);
561 	if (test_sta_flag(sta, WLAN_STA_MFP))
562 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_MFP);
563 	if (test_sta_flag(sta, WLAN_STA_AUTH))
564 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
565 	if (test_sta_flag(sta, WLAN_STA_ASSOC))
566 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
567 	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER))
568 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
569 }
570 
571 static const char ieee80211_gstrings_sta_stats[][ETH_GSTRING_LEN] = {
572 	"rx_packets", "rx_bytes", "wep_weak_iv_count",
573 	"rx_duplicates", "rx_fragments", "rx_dropped",
574 	"tx_packets", "tx_bytes", "tx_fragments",
575 	"tx_filtered", "tx_retry_failed", "tx_retries",
576 	"beacon_loss", "sta_state", "txrate", "rxrate", "signal",
577 	"channel", "noise", "ch_time", "ch_time_busy",
578 	"ch_time_ext_busy", "ch_time_rx", "ch_time_tx"
579 };
580 #define STA_STATS_LEN	ARRAY_SIZE(ieee80211_gstrings_sta_stats)
581 
582 static int ieee80211_get_et_sset_count(struct wiphy *wiphy,
583 				       struct net_device *dev,
584 				       int sset)
585 {
586 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
587 	int rv = 0;
588 
589 	if (sset == ETH_SS_STATS)
590 		rv += STA_STATS_LEN;
591 
592 	rv += drv_get_et_sset_count(sdata, sset);
593 
594 	if (rv == 0)
595 		return -EOPNOTSUPP;
596 	return rv;
597 }
598 
599 static void ieee80211_get_et_stats(struct wiphy *wiphy,
600 				   struct net_device *dev,
601 				   struct ethtool_stats *stats,
602 				   u64 *data)
603 {
604 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
605 	struct ieee80211_chanctx_conf *chanctx_conf;
606 	struct ieee80211_channel *channel;
607 	struct sta_info *sta;
608 	struct ieee80211_local *local = sdata->local;
609 	struct station_info sinfo;
610 	struct survey_info survey;
611 	int i, q;
612 #define STA_STATS_SURVEY_LEN 7
613 
614 	memset(data, 0, sizeof(u64) * STA_STATS_LEN);
615 
616 #define ADD_STA_STATS(sta)				\
617 	do {						\
618 		data[i++] += sta->rx_packets;		\
619 		data[i++] += sta->rx_bytes;		\
620 		data[i++] += sta->wep_weak_iv_count;	\
621 		data[i++] += sta->num_duplicates;	\
622 		data[i++] += sta->rx_fragments;		\
623 		data[i++] += sta->rx_dropped;		\
624 							\
625 		data[i++] += sinfo.tx_packets;		\
626 		data[i++] += sinfo.tx_bytes;		\
627 		data[i++] += sta->tx_fragments;		\
628 		data[i++] += sta->tx_filtered_count;	\
629 		data[i++] += sta->tx_retry_failed;	\
630 		data[i++] += sta->tx_retry_count;	\
631 		data[i++] += sta->beacon_loss_count;	\
632 	} while (0)
633 
634 	/* For Managed stations, find the single station based on BSSID
635 	 * and use that.  For interface types, iterate through all available
636 	 * stations and add stats for any station that is assigned to this
637 	 * network device.
638 	 */
639 
640 	mutex_lock(&local->sta_mtx);
641 
642 	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
643 		sta = sta_info_get_bss(sdata, sdata->u.mgd.bssid);
644 
645 		if (!(sta && !WARN_ON(sta->sdata->dev != dev)))
646 			goto do_survey;
647 
648 		sinfo.filled = 0;
649 		sta_set_sinfo(sta, &sinfo);
650 
651 		i = 0;
652 		ADD_STA_STATS(sta);
653 
654 		data[i++] = sta->sta_state;
655 
656 
657 		if (sinfo.filled & STATION_INFO_TX_BITRATE)
658 			data[i] = 100000 *
659 				cfg80211_calculate_bitrate(&sinfo.txrate);
660 		i++;
661 		if (sinfo.filled & STATION_INFO_RX_BITRATE)
662 			data[i] = 100000 *
663 				cfg80211_calculate_bitrate(&sinfo.rxrate);
664 		i++;
665 
666 		if (sinfo.filled & STATION_INFO_SIGNAL_AVG)
667 			data[i] = (u8)sinfo.signal_avg;
668 		i++;
669 	} else {
670 		list_for_each_entry(sta, &local->sta_list, list) {
671 			/* Make sure this station belongs to the proper dev */
672 			if (sta->sdata->dev != dev)
673 				continue;
674 
675 			sinfo.filled = 0;
676 			sta_set_sinfo(sta, &sinfo);
677 			i = 0;
678 			ADD_STA_STATS(sta);
679 		}
680 	}
681 
682 do_survey:
683 	i = STA_STATS_LEN - STA_STATS_SURVEY_LEN;
684 	/* Get survey stats for current channel */
685 	survey.filled = 0;
686 
687 	rcu_read_lock();
688 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
689 	if (chanctx_conf)
690 		channel = chanctx_conf->def.chan;
691 	else
692 		channel = NULL;
693 	rcu_read_unlock();
694 
695 	if (channel) {
696 		q = 0;
697 		do {
698 			survey.filled = 0;
699 			if (drv_get_survey(local, q, &survey) != 0) {
700 				survey.filled = 0;
701 				break;
702 			}
703 			q++;
704 		} while (channel != survey.channel);
705 	}
706 
707 	if (survey.filled)
708 		data[i++] = survey.channel->center_freq;
709 	else
710 		data[i++] = 0;
711 	if (survey.filled & SURVEY_INFO_NOISE_DBM)
712 		data[i++] = (u8)survey.noise;
713 	else
714 		data[i++] = -1LL;
715 	if (survey.filled & SURVEY_INFO_CHANNEL_TIME)
716 		data[i++] = survey.channel_time;
717 	else
718 		data[i++] = -1LL;
719 	if (survey.filled & SURVEY_INFO_CHANNEL_TIME_BUSY)
720 		data[i++] = survey.channel_time_busy;
721 	else
722 		data[i++] = -1LL;
723 	if (survey.filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY)
724 		data[i++] = survey.channel_time_ext_busy;
725 	else
726 		data[i++] = -1LL;
727 	if (survey.filled & SURVEY_INFO_CHANNEL_TIME_RX)
728 		data[i++] = survey.channel_time_rx;
729 	else
730 		data[i++] = -1LL;
731 	if (survey.filled & SURVEY_INFO_CHANNEL_TIME_TX)
732 		data[i++] = survey.channel_time_tx;
733 	else
734 		data[i++] = -1LL;
735 
736 	mutex_unlock(&local->sta_mtx);
737 
738 	if (WARN_ON(i != STA_STATS_LEN))
739 		return;
740 
741 	drv_get_et_stats(sdata, stats, &(data[STA_STATS_LEN]));
742 }
743 
744 static void ieee80211_get_et_strings(struct wiphy *wiphy,
745 				     struct net_device *dev,
746 				     u32 sset, u8 *data)
747 {
748 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
749 	int sz_sta_stats = 0;
750 
751 	if (sset == ETH_SS_STATS) {
752 		sz_sta_stats = sizeof(ieee80211_gstrings_sta_stats);
753 		memcpy(data, ieee80211_gstrings_sta_stats, sz_sta_stats);
754 	}
755 	drv_get_et_strings(sdata, sset, &(data[sz_sta_stats]));
756 }
757 
758 static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
759 				 int idx, u8 *mac, struct station_info *sinfo)
760 {
761 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
762 	struct ieee80211_local *local = sdata->local;
763 	struct sta_info *sta;
764 	int ret = -ENOENT;
765 
766 	mutex_lock(&local->sta_mtx);
767 
768 	sta = sta_info_get_by_idx(sdata, idx);
769 	if (sta) {
770 		ret = 0;
771 		memcpy(mac, sta->sta.addr, ETH_ALEN);
772 		sta_set_sinfo(sta, sinfo);
773 	}
774 
775 	mutex_unlock(&local->sta_mtx);
776 
777 	return ret;
778 }
779 
780 static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
781 				 int idx, struct survey_info *survey)
782 {
783 	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
784 
785 	return drv_get_survey(local, idx, survey);
786 }
787 
788 static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
789 				 u8 *mac, struct station_info *sinfo)
790 {
791 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
792 	struct ieee80211_local *local = sdata->local;
793 	struct sta_info *sta;
794 	int ret = -ENOENT;
795 
796 	mutex_lock(&local->sta_mtx);
797 
798 	sta = sta_info_get_bss(sdata, mac);
799 	if (sta) {
800 		ret = 0;
801 		sta_set_sinfo(sta, sinfo);
802 	}
803 
804 	mutex_unlock(&local->sta_mtx);
805 
806 	return ret;
807 }
808 
809 static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
810 					 struct cfg80211_chan_def *chandef)
811 {
812 	struct ieee80211_local *local = wiphy_priv(wiphy);
813 	struct ieee80211_sub_if_data *sdata;
814 	int ret = 0;
815 
816 	if (cfg80211_chandef_identical(&local->monitor_chandef, chandef))
817 		return 0;
818 
819 	mutex_lock(&local->iflist_mtx);
820 	if (local->use_chanctx) {
821 		sdata = rcu_dereference_protected(
822 				local->monitor_sdata,
823 				lockdep_is_held(&local->iflist_mtx));
824 		if (sdata) {
825 			ieee80211_vif_release_channel(sdata);
826 			ret = ieee80211_vif_use_channel(sdata, chandef,
827 					IEEE80211_CHANCTX_EXCLUSIVE);
828 		}
829 	} else if (local->open_count == local->monitors) {
830 		local->_oper_chandef = *chandef;
831 		ieee80211_hw_config(local, 0);
832 	}
833 
834 	if (ret == 0)
835 		local->monitor_chandef = *chandef;
836 	mutex_unlock(&local->iflist_mtx);
837 
838 	return ret;
839 }
840 
841 static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
842 				    const u8 *resp, size_t resp_len)
843 {
844 	struct probe_resp *new, *old;
845 
846 	if (!resp || !resp_len)
847 		return 1;
848 
849 	old = rtnl_dereference(sdata->u.ap.probe_resp);
850 
851 	new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
852 	if (!new)
853 		return -ENOMEM;
854 
855 	new->len = resp_len;
856 	memcpy(new->data, resp, resp_len);
857 
858 	rcu_assign_pointer(sdata->u.ap.probe_resp, new);
859 	if (old)
860 		kfree_rcu(old, rcu_head);
861 
862 	return 0;
863 }
864 
865 int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
866 			    struct cfg80211_beacon_data *params)
867 {
868 	struct beacon_data *new, *old;
869 	int new_head_len, new_tail_len;
870 	int size, err;
871 	u32 changed = BSS_CHANGED_BEACON;
872 
873 	old = rtnl_dereference(sdata->u.ap.beacon);
874 
875 	/* Need to have a beacon head if we don't have one yet */
876 	if (!params->head && !old)
877 		return -EINVAL;
878 
879 	/* new or old head? */
880 	if (params->head)
881 		new_head_len = params->head_len;
882 	else
883 		new_head_len = old->head_len;
884 
885 	/* new or old tail? */
886 	if (params->tail || !old)
887 		/* params->tail_len will be zero for !params->tail */
888 		new_tail_len = params->tail_len;
889 	else
890 		new_tail_len = old->tail_len;
891 
892 	size = sizeof(*new) + new_head_len + new_tail_len;
893 
894 	new = kzalloc(size, GFP_KERNEL);
895 	if (!new)
896 		return -ENOMEM;
897 
898 	/* start filling the new info now */
899 
900 	/*
901 	 * pointers go into the block we allocated,
902 	 * memory is | beacon_data | head | tail |
903 	 */
904 	new->head = ((u8 *) new) + sizeof(*new);
905 	new->tail = new->head + new_head_len;
906 	new->head_len = new_head_len;
907 	new->tail_len = new_tail_len;
908 
909 	/* copy in head */
910 	if (params->head)
911 		memcpy(new->head, params->head, new_head_len);
912 	else
913 		memcpy(new->head, old->head, new_head_len);
914 
915 	/* copy in optional tail */
916 	if (params->tail)
917 		memcpy(new->tail, params->tail, new_tail_len);
918 	else
919 		if (old)
920 			memcpy(new->tail, old->tail, new_tail_len);
921 
922 	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
923 				       params->probe_resp_len);
924 	if (err < 0)
925 		return err;
926 	if (err == 0)
927 		changed |= BSS_CHANGED_AP_PROBE_RESP;
928 
929 	rcu_assign_pointer(sdata->u.ap.beacon, new);
930 
931 	if (old)
932 		kfree_rcu(old, rcu_head);
933 
934 	return changed;
935 }
936 
937 static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
938 			      struct cfg80211_ap_settings *params)
939 {
940 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
941 	struct beacon_data *old;
942 	struct ieee80211_sub_if_data *vlan;
943 	u32 changed = BSS_CHANGED_BEACON_INT |
944 		      BSS_CHANGED_BEACON_ENABLED |
945 		      BSS_CHANGED_BEACON |
946 		      BSS_CHANGED_SSID |
947 		      BSS_CHANGED_P2P_PS;
948 	int err;
949 
950 	old = rtnl_dereference(sdata->u.ap.beacon);
951 	if (old)
952 		return -EALREADY;
953 
954 	/* TODO: make hostapd tell us what it wants */
955 	sdata->smps_mode = IEEE80211_SMPS_OFF;
956 	sdata->needed_rx_chains = sdata->local->rx_chains;
957 	sdata->radar_required = params->radar_required;
958 
959 	err = ieee80211_vif_use_channel(sdata, &params->chandef,
960 					IEEE80211_CHANCTX_SHARED);
961 	if (err)
962 		return err;
963 	ieee80211_vif_copy_chanctx_to_vlans(sdata, false);
964 
965 	/*
966 	 * Apply control port protocol, this allows us to
967 	 * not encrypt dynamic WEP control frames.
968 	 */
969 	sdata->control_port_protocol = params->crypto.control_port_ethertype;
970 	sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
971 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
972 		vlan->control_port_protocol =
973 			params->crypto.control_port_ethertype;
974 		vlan->control_port_no_encrypt =
975 			params->crypto.control_port_no_encrypt;
976 	}
977 
978 	sdata->vif.bss_conf.beacon_int = params->beacon_interval;
979 	sdata->vif.bss_conf.dtim_period = params->dtim_period;
980 	sdata->vif.bss_conf.enable_beacon = true;
981 
982 	sdata->vif.bss_conf.ssid_len = params->ssid_len;
983 	if (params->ssid_len)
984 		memcpy(sdata->vif.bss_conf.ssid, params->ssid,
985 		       params->ssid_len);
986 	sdata->vif.bss_conf.hidden_ssid =
987 		(params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
988 
989 	memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
990 	       sizeof(sdata->vif.bss_conf.p2p_noa_attr));
991 	sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow =
992 		params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
993 	if (params->p2p_opp_ps)
994 		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
995 					IEEE80211_P2P_OPPPS_ENABLE_BIT;
996 
997 	err = ieee80211_assign_beacon(sdata, &params->beacon);
998 	if (err < 0)
999 		return err;
1000 	changed |= err;
1001 
1002 	err = drv_start_ap(sdata->local, sdata);
1003 	if (err) {
1004 		old = rtnl_dereference(sdata->u.ap.beacon);
1005 		if (old)
1006 			kfree_rcu(old, rcu_head);
1007 		RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1008 		return err;
1009 	}
1010 
1011 	ieee80211_bss_info_change_notify(sdata, changed);
1012 
1013 	netif_carrier_on(dev);
1014 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1015 		netif_carrier_on(vlan->dev);
1016 
1017 	return 0;
1018 }
1019 
1020 static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
1021 				   struct cfg80211_beacon_data *params)
1022 {
1023 	struct ieee80211_sub_if_data *sdata;
1024 	struct beacon_data *old;
1025 	int err;
1026 
1027 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1028 
1029 	/* don't allow changing the beacon while CSA is in place - offset
1030 	 * of channel switch counter may change
1031 	 */
1032 	if (sdata->vif.csa_active)
1033 		return -EBUSY;
1034 
1035 	old = rtnl_dereference(sdata->u.ap.beacon);
1036 	if (!old)
1037 		return -ENOENT;
1038 
1039 	err = ieee80211_assign_beacon(sdata, params);
1040 	if (err < 0)
1041 		return err;
1042 	ieee80211_bss_info_change_notify(sdata, err);
1043 	return 0;
1044 }
1045 
1046 static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1047 {
1048 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1049 	struct ieee80211_sub_if_data *vlan;
1050 	struct ieee80211_local *local = sdata->local;
1051 	struct beacon_data *old_beacon;
1052 	struct probe_resp *old_probe_resp;
1053 
1054 	old_beacon = rtnl_dereference(sdata->u.ap.beacon);
1055 	if (!old_beacon)
1056 		return -ENOENT;
1057 	old_probe_resp = rtnl_dereference(sdata->u.ap.probe_resp);
1058 
1059 	/* abort any running channel switch */
1060 	sdata->vif.csa_active = false;
1061 	cancel_work_sync(&sdata->csa_finalize_work);
1062 	cancel_work_sync(&sdata->u.ap.request_smps_work);
1063 
1064 	/* turn off carrier for this interface and dependent VLANs */
1065 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1066 		netif_carrier_off(vlan->dev);
1067 	netif_carrier_off(dev);
1068 
1069 	/* remove beacon and probe response */
1070 	RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1071 	RCU_INIT_POINTER(sdata->u.ap.probe_resp, NULL);
1072 	kfree_rcu(old_beacon, rcu_head);
1073 	if (old_probe_resp)
1074 		kfree_rcu(old_probe_resp, rcu_head);
1075 
1076 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1077 		sta_info_flush_defer(vlan);
1078 	sta_info_flush_defer(sdata);
1079 	synchronize_net();
1080 	rcu_barrier();
1081 	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1082 		sta_info_flush_cleanup(vlan);
1083 		ieee80211_free_keys(vlan);
1084 	}
1085 	sta_info_flush_cleanup(sdata);
1086 	ieee80211_free_keys(sdata);
1087 
1088 	sdata->vif.bss_conf.enable_beacon = false;
1089 	sdata->vif.bss_conf.ssid_len = 0;
1090 	clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1091 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
1092 
1093 	if (sdata->wdev.cac_started) {
1094 		cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
1095 		cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_ABORTED,
1096 				   GFP_KERNEL);
1097 	}
1098 
1099 	drv_stop_ap(sdata->local, sdata);
1100 
1101 	/* free all potentially still buffered bcast frames */
1102 	local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps.bc_buf);
1103 	skb_queue_purge(&sdata->u.ap.ps.bc_buf);
1104 
1105 	ieee80211_vif_copy_chanctx_to_vlans(sdata, true);
1106 	ieee80211_vif_release_channel(sdata);
1107 
1108 	return 0;
1109 }
1110 
1111 /* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */
1112 struct iapp_layer2_update {
1113 	u8 da[ETH_ALEN];	/* broadcast */
1114 	u8 sa[ETH_ALEN];	/* STA addr */
1115 	__be16 len;		/* 6 */
1116 	u8 dsap;		/* 0 */
1117 	u8 ssap;		/* 0 */
1118 	u8 control;
1119 	u8 xid_info[3];
1120 } __packed;
1121 
1122 static void ieee80211_send_layer2_update(struct sta_info *sta)
1123 {
1124 	struct iapp_layer2_update *msg;
1125 	struct sk_buff *skb;
1126 
1127 	/* Send Level 2 Update Frame to update forwarding tables in layer 2
1128 	 * bridge devices */
1129 
1130 	skb = dev_alloc_skb(sizeof(*msg));
1131 	if (!skb)
1132 		return;
1133 	msg = (struct iapp_layer2_update *)skb_put(skb, sizeof(*msg));
1134 
1135 	/* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID)
1136 	 * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */
1137 
1138 	eth_broadcast_addr(msg->da);
1139 	memcpy(msg->sa, sta->sta.addr, ETH_ALEN);
1140 	msg->len = htons(6);
1141 	msg->dsap = 0;
1142 	msg->ssap = 0x01;	/* NULL LSAP, CR Bit: Response */
1143 	msg->control = 0xaf;	/* XID response lsb.1111F101.
1144 				 * F=0 (no poll command; unsolicited frame) */
1145 	msg->xid_info[0] = 0x81;	/* XID format identifier */
1146 	msg->xid_info[1] = 1;	/* LLC types/classes: Type 1 LLC */
1147 	msg->xid_info[2] = 0;	/* XID sender's receive window size (RW) */
1148 
1149 	skb->dev = sta->sdata->dev;
1150 	skb->protocol = eth_type_trans(skb, sta->sdata->dev);
1151 	memset(skb->cb, 0, sizeof(skb->cb));
1152 	netif_rx_ni(skb);
1153 }
1154 
1155 static int sta_apply_auth_flags(struct ieee80211_local *local,
1156 				struct sta_info *sta,
1157 				u32 mask, u32 set)
1158 {
1159 	int ret;
1160 
1161 	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1162 	    set & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1163 	    !test_sta_flag(sta, WLAN_STA_AUTH)) {
1164 		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1165 		if (ret)
1166 			return ret;
1167 	}
1168 
1169 	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1170 	    set & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1171 	    !test_sta_flag(sta, WLAN_STA_ASSOC)) {
1172 		ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1173 		if (ret)
1174 			return ret;
1175 	}
1176 
1177 	if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1178 		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
1179 			ret = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1180 		else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1181 			ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1182 		else
1183 			ret = 0;
1184 		if (ret)
1185 			return ret;
1186 	}
1187 
1188 	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1189 	    !(set & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
1190 	    test_sta_flag(sta, WLAN_STA_ASSOC)) {
1191 		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1192 		if (ret)
1193 			return ret;
1194 	}
1195 
1196 	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1197 	    !(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) &&
1198 	    test_sta_flag(sta, WLAN_STA_AUTH)) {
1199 		ret = sta_info_move_state(sta, IEEE80211_STA_NONE);
1200 		if (ret)
1201 			return ret;
1202 	}
1203 
1204 	return 0;
1205 }
1206 
1207 static int sta_apply_parameters(struct ieee80211_local *local,
1208 				struct sta_info *sta,
1209 				struct station_parameters *params)
1210 {
1211 	int ret = 0;
1212 	struct ieee80211_supported_band *sband;
1213 	struct ieee80211_sub_if_data *sdata = sta->sdata;
1214 	enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
1215 	u32 mask, set;
1216 
1217 	sband = local->hw.wiphy->bands[band];
1218 
1219 	mask = params->sta_flags_mask;
1220 	set = params->sta_flags_set;
1221 
1222 	if (ieee80211_vif_is_mesh(&sdata->vif)) {
1223 		/*
1224 		 * In mesh mode, ASSOCIATED isn't part of the nl80211
1225 		 * API but must follow AUTHENTICATED for driver state.
1226 		 */
1227 		if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED))
1228 			mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
1229 		if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
1230 			set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
1231 	} else if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
1232 		/*
1233 		 * TDLS -- everything follows authorized, but
1234 		 * only becoming authorized is possible, not
1235 		 * going back
1236 		 */
1237 		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1238 			set |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
1239 			       BIT(NL80211_STA_FLAG_ASSOCIATED);
1240 			mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
1241 				BIT(NL80211_STA_FLAG_ASSOCIATED);
1242 		}
1243 	}
1244 
1245 	ret = sta_apply_auth_flags(local, sta, mask, set);
1246 	if (ret)
1247 		return ret;
1248 
1249 	if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) {
1250 		if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE))
1251 			set_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
1252 		else
1253 			clear_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
1254 	}
1255 
1256 	if (mask & BIT(NL80211_STA_FLAG_WME)) {
1257 		if (set & BIT(NL80211_STA_FLAG_WME)) {
1258 			set_sta_flag(sta, WLAN_STA_WME);
1259 			sta->sta.wme = true;
1260 		} else {
1261 			clear_sta_flag(sta, WLAN_STA_WME);
1262 			sta->sta.wme = false;
1263 		}
1264 	}
1265 
1266 	if (mask & BIT(NL80211_STA_FLAG_MFP)) {
1267 		if (set & BIT(NL80211_STA_FLAG_MFP))
1268 			set_sta_flag(sta, WLAN_STA_MFP);
1269 		else
1270 			clear_sta_flag(sta, WLAN_STA_MFP);
1271 	}
1272 
1273 	if (mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) {
1274 		if (set & BIT(NL80211_STA_FLAG_TDLS_PEER))
1275 			set_sta_flag(sta, WLAN_STA_TDLS_PEER);
1276 		else
1277 			clear_sta_flag(sta, WLAN_STA_TDLS_PEER);
1278 	}
1279 
1280 	if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) {
1281 		sta->sta.uapsd_queues = params->uapsd_queues;
1282 		sta->sta.max_sp = params->max_sp;
1283 	}
1284 
1285 	/*
1286 	 * cfg80211 validates this (1-2007) and allows setting the AID
1287 	 * only when creating a new station entry
1288 	 */
1289 	if (params->aid)
1290 		sta->sta.aid = params->aid;
1291 
1292 	/*
1293 	 * Some of the following updates would be racy if called on an
1294 	 * existing station, via ieee80211_change_station(). However,
1295 	 * all such changes are rejected by cfg80211 except for updates
1296 	 * changing the supported rates on an existing but not yet used
1297 	 * TDLS peer.
1298 	 */
1299 
1300 	if (params->listen_interval >= 0)
1301 		sta->listen_interval = params->listen_interval;
1302 
1303 	if (params->supported_rates) {
1304 		ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
1305 					 sband, params->supported_rates,
1306 					 params->supported_rates_len,
1307 					 &sta->sta.supp_rates[band]);
1308 	}
1309 
1310 	if (params->ht_capa)
1311 		ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
1312 						  params->ht_capa, sta);
1313 
1314 	if (params->vht_capa)
1315 		ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
1316 						    params->vht_capa, sta);
1317 
1318 	if (ieee80211_vif_is_mesh(&sdata->vif)) {
1319 #ifdef CONFIG_MAC80211_MESH
1320 		u32 changed = 0;
1321 
1322 		if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) {
1323 			switch (params->plink_state) {
1324 			case NL80211_PLINK_ESTAB:
1325 				if (sta->plink_state != NL80211_PLINK_ESTAB)
1326 					changed = mesh_plink_inc_estab_count(
1327 							sdata);
1328 				sta->plink_state = params->plink_state;
1329 
1330 				ieee80211_mps_sta_status_update(sta);
1331 				changed |= ieee80211_mps_set_sta_local_pm(sta,
1332 					      sdata->u.mesh.mshcfg.power_mode);
1333 				break;
1334 			case NL80211_PLINK_LISTEN:
1335 			case NL80211_PLINK_BLOCKED:
1336 			case NL80211_PLINK_OPN_SNT:
1337 			case NL80211_PLINK_OPN_RCVD:
1338 			case NL80211_PLINK_CNF_RCVD:
1339 			case NL80211_PLINK_HOLDING:
1340 				if (sta->plink_state == NL80211_PLINK_ESTAB)
1341 					changed = mesh_plink_dec_estab_count(
1342 							sdata);
1343 				sta->plink_state = params->plink_state;
1344 
1345 				ieee80211_mps_sta_status_update(sta);
1346 				changed |= ieee80211_mps_set_sta_local_pm(sta,
1347 						NL80211_MESH_POWER_UNKNOWN);
1348 				break;
1349 			default:
1350 				/*  nothing  */
1351 				break;
1352 			}
1353 		}
1354 
1355 		switch (params->plink_action) {
1356 		case NL80211_PLINK_ACTION_NO_ACTION:
1357 			/* nothing */
1358 			break;
1359 		case NL80211_PLINK_ACTION_OPEN:
1360 			changed |= mesh_plink_open(sta);
1361 			break;
1362 		case NL80211_PLINK_ACTION_BLOCK:
1363 			changed |= mesh_plink_block(sta);
1364 			break;
1365 		}
1366 
1367 		if (params->local_pm)
1368 			changed |=
1369 			      ieee80211_mps_set_sta_local_pm(sta,
1370 							     params->local_pm);
1371 		ieee80211_mbss_info_change_notify(sdata, changed);
1372 #endif
1373 	}
1374 
1375 	return 0;
1376 }
1377 
1378 static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
1379 				 u8 *mac, struct station_parameters *params)
1380 {
1381 	struct ieee80211_local *local = wiphy_priv(wiphy);
1382 	struct sta_info *sta;
1383 	struct ieee80211_sub_if_data *sdata;
1384 	int err;
1385 	int layer2_update;
1386 
1387 	if (params->vlan) {
1388 		sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
1389 
1390 		if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1391 		    sdata->vif.type != NL80211_IFTYPE_AP)
1392 			return -EINVAL;
1393 	} else
1394 		sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1395 
1396 	if (ether_addr_equal(mac, sdata->vif.addr))
1397 		return -EINVAL;
1398 
1399 	if (is_multicast_ether_addr(mac))
1400 		return -EINVAL;
1401 
1402 	sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
1403 	if (!sta)
1404 		return -ENOMEM;
1405 
1406 	/*
1407 	 * defaults -- if userspace wants something else we'll
1408 	 * change it accordingly in sta_apply_parameters()
1409 	 */
1410 	if (!(params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))) {
1411 		sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
1412 		sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
1413 	}
1414 
1415 	err = sta_apply_parameters(local, sta, params);
1416 	if (err) {
1417 		sta_info_free(local, sta);
1418 		return err;
1419 	}
1420 
1421 	/*
1422 	 * for TDLS, rate control should be initialized only when
1423 	 * rates are known and station is marked authorized
1424 	 */
1425 	if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER))
1426 		rate_control_rate_init(sta);
1427 
1428 	layer2_update = sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1429 		sdata->vif.type == NL80211_IFTYPE_AP;
1430 
1431 	err = sta_info_insert_rcu(sta);
1432 	if (err) {
1433 		rcu_read_unlock();
1434 		return err;
1435 	}
1436 
1437 	if (layer2_update)
1438 		ieee80211_send_layer2_update(sta);
1439 
1440 	rcu_read_unlock();
1441 
1442 	return 0;
1443 }
1444 
1445 static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
1446 				 u8 *mac)
1447 {
1448 	struct ieee80211_sub_if_data *sdata;
1449 
1450 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1451 
1452 	if (mac)
1453 		return sta_info_destroy_addr_bss(sdata, mac);
1454 
1455 	sta_info_flush(sdata);
1456 	return 0;
1457 }
1458 
1459 static int ieee80211_change_station(struct wiphy *wiphy,
1460 				    struct net_device *dev, u8 *mac,
1461 				    struct station_parameters *params)
1462 {
1463 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1464 	struct ieee80211_local *local = wiphy_priv(wiphy);
1465 	struct sta_info *sta;
1466 	struct ieee80211_sub_if_data *vlansdata;
1467 	enum cfg80211_station_type statype;
1468 	int err;
1469 
1470 	mutex_lock(&local->sta_mtx);
1471 
1472 	sta = sta_info_get_bss(sdata, mac);
1473 	if (!sta) {
1474 		err = -ENOENT;
1475 		goto out_err;
1476 	}
1477 
1478 	switch (sdata->vif.type) {
1479 	case NL80211_IFTYPE_MESH_POINT:
1480 		if (sdata->u.mesh.user_mpm)
1481 			statype = CFG80211_STA_MESH_PEER_USER;
1482 		else
1483 			statype = CFG80211_STA_MESH_PEER_KERNEL;
1484 		break;
1485 	case NL80211_IFTYPE_ADHOC:
1486 		statype = CFG80211_STA_IBSS;
1487 		break;
1488 	case NL80211_IFTYPE_STATION:
1489 		if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
1490 			statype = CFG80211_STA_AP_STA;
1491 			break;
1492 		}
1493 		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1494 			statype = CFG80211_STA_TDLS_PEER_ACTIVE;
1495 		else
1496 			statype = CFG80211_STA_TDLS_PEER_SETUP;
1497 		break;
1498 	case NL80211_IFTYPE_AP:
1499 	case NL80211_IFTYPE_AP_VLAN:
1500 		statype = CFG80211_STA_AP_CLIENT;
1501 		break;
1502 	default:
1503 		err = -EOPNOTSUPP;
1504 		goto out_err;
1505 	}
1506 
1507 	err = cfg80211_check_station_change(wiphy, params, statype);
1508 	if (err)
1509 		goto out_err;
1510 
1511 	if (params->vlan && params->vlan != sta->sdata->dev) {
1512 		bool prev_4addr = false;
1513 		bool new_4addr = false;
1514 
1515 		vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
1516 
1517 		if (params->vlan->ieee80211_ptr->use_4addr) {
1518 			if (vlansdata->u.vlan.sta) {
1519 				err = -EBUSY;
1520 				goto out_err;
1521 			}
1522 
1523 			rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
1524 			new_4addr = true;
1525 		}
1526 
1527 		if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1528 		    sta->sdata->u.vlan.sta) {
1529 			rcu_assign_pointer(sta->sdata->u.vlan.sta, NULL);
1530 			prev_4addr = true;
1531 		}
1532 
1533 		sta->sdata = vlansdata;
1534 
1535 		if (sta->sta_state == IEEE80211_STA_AUTHORIZED &&
1536 		    prev_4addr != new_4addr) {
1537 			if (new_4addr)
1538 				atomic_dec(&sta->sdata->bss->num_mcast_sta);
1539 			else
1540 				atomic_inc(&sta->sdata->bss->num_mcast_sta);
1541 		}
1542 
1543 		ieee80211_send_layer2_update(sta);
1544 	}
1545 
1546 	err = sta_apply_parameters(local, sta, params);
1547 	if (err)
1548 		goto out_err;
1549 
1550 	/* When peer becomes authorized, init rate control as well */
1551 	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
1552 	    test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1553 		rate_control_rate_init(sta);
1554 
1555 	mutex_unlock(&local->sta_mtx);
1556 
1557 	if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1558 	     sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1559 	    sta->known_smps_mode != sta->sdata->bss->req_smps &&
1560 	    test_sta_flag(sta, WLAN_STA_AUTHORIZED) &&
1561 	    sta_info_tx_streams(sta) != 1) {
1562 		ht_dbg(sta->sdata,
1563 		       "%pM just authorized and MIMO capable - update SMPS\n",
1564 		       sta->sta.addr);
1565 		ieee80211_send_smps_action(sta->sdata,
1566 			sta->sdata->bss->req_smps,
1567 			sta->sta.addr,
1568 			sta->sdata->vif.bss_conf.bssid);
1569 	}
1570 
1571 	if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1572 	    params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1573 		ieee80211_recalc_ps(local, -1);
1574 		ieee80211_recalc_ps_vif(sdata);
1575 	}
1576 
1577 	return 0;
1578 out_err:
1579 	mutex_unlock(&local->sta_mtx);
1580 	return err;
1581 }
1582 
1583 #ifdef CONFIG_MAC80211_MESH
1584 static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1585 				 u8 *dst, u8 *next_hop)
1586 {
1587 	struct ieee80211_sub_if_data *sdata;
1588 	struct mesh_path *mpath;
1589 	struct sta_info *sta;
1590 
1591 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1592 
1593 	rcu_read_lock();
1594 	sta = sta_info_get(sdata, next_hop);
1595 	if (!sta) {
1596 		rcu_read_unlock();
1597 		return -ENOENT;
1598 	}
1599 
1600 	mpath = mesh_path_add(sdata, dst);
1601 	if (IS_ERR(mpath)) {
1602 		rcu_read_unlock();
1603 		return PTR_ERR(mpath);
1604 	}
1605 
1606 	mesh_path_fix_nexthop(mpath, sta);
1607 
1608 	rcu_read_unlock();
1609 	return 0;
1610 }
1611 
1612 static int ieee80211_del_mpath(struct wiphy *wiphy, struct net_device *dev,
1613 			       u8 *dst)
1614 {
1615 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1616 
1617 	if (dst)
1618 		return mesh_path_del(sdata, dst);
1619 
1620 	mesh_path_flush_by_iface(sdata);
1621 	return 0;
1622 }
1623 
1624 static int ieee80211_change_mpath(struct wiphy *wiphy,
1625 				    struct net_device *dev,
1626 				    u8 *dst, u8 *next_hop)
1627 {
1628 	struct ieee80211_sub_if_data *sdata;
1629 	struct mesh_path *mpath;
1630 	struct sta_info *sta;
1631 
1632 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1633 
1634 	rcu_read_lock();
1635 
1636 	sta = sta_info_get(sdata, next_hop);
1637 	if (!sta) {
1638 		rcu_read_unlock();
1639 		return -ENOENT;
1640 	}
1641 
1642 	mpath = mesh_path_lookup(sdata, dst);
1643 	if (!mpath) {
1644 		rcu_read_unlock();
1645 		return -ENOENT;
1646 	}
1647 
1648 	mesh_path_fix_nexthop(mpath, sta);
1649 
1650 	rcu_read_unlock();
1651 	return 0;
1652 }
1653 
1654 static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
1655 			    struct mpath_info *pinfo)
1656 {
1657 	struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
1658 
1659 	if (next_hop_sta)
1660 		memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
1661 	else
1662 		memset(next_hop, 0, ETH_ALEN);
1663 
1664 	memset(pinfo, 0, sizeof(*pinfo));
1665 
1666 	pinfo->generation = mesh_paths_generation;
1667 
1668 	pinfo->filled = MPATH_INFO_FRAME_QLEN |
1669 			MPATH_INFO_SN |
1670 			MPATH_INFO_METRIC |
1671 			MPATH_INFO_EXPTIME |
1672 			MPATH_INFO_DISCOVERY_TIMEOUT |
1673 			MPATH_INFO_DISCOVERY_RETRIES |
1674 			MPATH_INFO_FLAGS;
1675 
1676 	pinfo->frame_qlen = mpath->frame_queue.qlen;
1677 	pinfo->sn = mpath->sn;
1678 	pinfo->metric = mpath->metric;
1679 	if (time_before(jiffies, mpath->exp_time))
1680 		pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
1681 	pinfo->discovery_timeout =
1682 			jiffies_to_msecs(mpath->discovery_timeout);
1683 	pinfo->discovery_retries = mpath->discovery_retries;
1684 	if (mpath->flags & MESH_PATH_ACTIVE)
1685 		pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
1686 	if (mpath->flags & MESH_PATH_RESOLVING)
1687 		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
1688 	if (mpath->flags & MESH_PATH_SN_VALID)
1689 		pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
1690 	if (mpath->flags & MESH_PATH_FIXED)
1691 		pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
1692 	if (mpath->flags & MESH_PATH_RESOLVED)
1693 		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVED;
1694 }
1695 
1696 static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
1697 			       u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
1698 
1699 {
1700 	struct ieee80211_sub_if_data *sdata;
1701 	struct mesh_path *mpath;
1702 
1703 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1704 
1705 	rcu_read_lock();
1706 	mpath = mesh_path_lookup(sdata, dst);
1707 	if (!mpath) {
1708 		rcu_read_unlock();
1709 		return -ENOENT;
1710 	}
1711 	memcpy(dst, mpath->dst, ETH_ALEN);
1712 	mpath_set_pinfo(mpath, next_hop, pinfo);
1713 	rcu_read_unlock();
1714 	return 0;
1715 }
1716 
1717 static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
1718 				 int idx, u8 *dst, u8 *next_hop,
1719 				 struct mpath_info *pinfo)
1720 {
1721 	struct ieee80211_sub_if_data *sdata;
1722 	struct mesh_path *mpath;
1723 
1724 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1725 
1726 	rcu_read_lock();
1727 	mpath = mesh_path_lookup_by_idx(sdata, idx);
1728 	if (!mpath) {
1729 		rcu_read_unlock();
1730 		return -ENOENT;
1731 	}
1732 	memcpy(dst, mpath->dst, ETH_ALEN);
1733 	mpath_set_pinfo(mpath, next_hop, pinfo);
1734 	rcu_read_unlock();
1735 	return 0;
1736 }
1737 
1738 static int ieee80211_get_mesh_config(struct wiphy *wiphy,
1739 				struct net_device *dev,
1740 				struct mesh_config *conf)
1741 {
1742 	struct ieee80211_sub_if_data *sdata;
1743 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1744 
1745 	memcpy(conf, &(sdata->u.mesh.mshcfg), sizeof(struct mesh_config));
1746 	return 0;
1747 }
1748 
1749 static inline bool _chg_mesh_attr(enum nl80211_meshconf_params parm, u32 mask)
1750 {
1751 	return (mask >> (parm-1)) & 0x1;
1752 }
1753 
1754 static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
1755 		const struct mesh_setup *setup)
1756 {
1757 	u8 *new_ie;
1758 	const u8 *old_ie;
1759 	struct ieee80211_sub_if_data *sdata = container_of(ifmsh,
1760 					struct ieee80211_sub_if_data, u.mesh);
1761 
1762 	/* allocate information elements */
1763 	new_ie = NULL;
1764 	old_ie = ifmsh->ie;
1765 
1766 	if (setup->ie_len) {
1767 		new_ie = kmemdup(setup->ie, setup->ie_len,
1768 				GFP_KERNEL);
1769 		if (!new_ie)
1770 			return -ENOMEM;
1771 	}
1772 	ifmsh->ie_len = setup->ie_len;
1773 	ifmsh->ie = new_ie;
1774 	kfree(old_ie);
1775 
1776 	/* now copy the rest of the setup parameters */
1777 	ifmsh->mesh_id_len = setup->mesh_id_len;
1778 	memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
1779 	ifmsh->mesh_sp_id = setup->sync_method;
1780 	ifmsh->mesh_pp_id = setup->path_sel_proto;
1781 	ifmsh->mesh_pm_id = setup->path_metric;
1782 	ifmsh->user_mpm = setup->user_mpm;
1783 	ifmsh->mesh_auth_id = setup->auth_id;
1784 	ifmsh->security = IEEE80211_MESH_SEC_NONE;
1785 	if (setup->is_authenticated)
1786 		ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
1787 	if (setup->is_secure)
1788 		ifmsh->security |= IEEE80211_MESH_SEC_SECURED;
1789 
1790 	/* mcast rate setting in Mesh Node */
1791 	memcpy(sdata->vif.bss_conf.mcast_rate, setup->mcast_rate,
1792 						sizeof(setup->mcast_rate));
1793 	sdata->vif.bss_conf.basic_rates = setup->basic_rates;
1794 
1795 	sdata->vif.bss_conf.beacon_int = setup->beacon_interval;
1796 	sdata->vif.bss_conf.dtim_period = setup->dtim_period;
1797 
1798 	return 0;
1799 }
1800 
1801 static int ieee80211_update_mesh_config(struct wiphy *wiphy,
1802 					struct net_device *dev, u32 mask,
1803 					const struct mesh_config *nconf)
1804 {
1805 	struct mesh_config *conf;
1806 	struct ieee80211_sub_if_data *sdata;
1807 	struct ieee80211_if_mesh *ifmsh;
1808 
1809 	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1810 	ifmsh = &sdata->u.mesh;
1811 
1812 	/* Set the config options which we are interested in setting */
1813 	conf = &(sdata->u.mesh.mshcfg);
1814 	if (_chg_mesh_attr(NL80211_MESHCONF_RETRY_TIMEOUT, mask))
1815 		conf->dot11MeshRetryTimeout = nconf->dot11MeshRetryTimeout;
1816 	if (_chg_mesh_attr(NL80211_MESHCONF_CONFIRM_TIMEOUT, mask))
1817 		conf->dot11MeshConfirmTimeout = nconf->dot11MeshConfirmTimeout;
1818 	if (_chg_mesh_attr(NL80211_MESHCONF_HOLDING_TIMEOUT, mask))
1819 		conf->dot11MeshHoldingTimeout = nconf->dot11MeshHoldingTimeout;
1820 	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_PEER_LINKS, mask))
1821 		conf->dot11MeshMaxPeerLinks = nconf->dot11MeshMaxPeerLinks;
1822 	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_RETRIES, mask))
1823 		conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries;
1824 	if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask))
1825 		conf->dot11MeshTTL = nconf->dot11MeshTTL;
1826 	if (_chg_mesh_attr(NL80211_MESHCONF_ELEMENT_TTL, mask))
1827 		conf->element_ttl = nconf->element_ttl;
1828 	if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask)) {
1829 		if (ifmsh->user_mpm)
1830 			return -EBUSY;
1831 		conf->auto_open_plinks = nconf->auto_open_plinks;
1832 	}
1833 	if (_chg_mesh_attr(NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, mask))
1834 		conf->dot11MeshNbrOffsetMaxNeighbor =
1835 			nconf->dot11MeshNbrOffsetMaxNeighbor;
1836 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask))
1837 		conf->dot11MeshHWMPmaxPREQretries =
1838 			nconf->dot11MeshHWMPmaxPREQretries;
1839 	if (_chg_mesh_attr(NL80211_MESHCONF_PATH_REFRESH_TIME, mask))
1840 		conf->path_refresh_time = nconf->path_refresh_time;
1841 	if (_chg_mesh_attr(NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, mask))
1842 		conf->min_discovery_timeout = nconf->min_discovery_timeout;
1843 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, mask))
1844 		conf->dot11MeshHWMPactivePathTimeout =
1845 			nconf->dot11MeshHWMPactivePathTimeout;
1846 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, mask))
1847 		conf->dot11MeshHWMPpreqMinInterval =
1848 			nconf->dot11MeshHWMPpreqMinInterval;
1849 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, mask))
1850 		conf->dot11MeshHWMPperrMinInterval =
1851 			nconf->dot11MeshHWMPperrMinInterval;
1852 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
1853 			   mask))
1854 		conf->dot11MeshHWMPnetDiameterTraversalTime =
1855 			nconf->dot11MeshHWMPnetDiameterTraversalTime;
1856 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
1857 		conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
1858 		ieee80211_mesh_root_setup(ifmsh);
1859 	}
1860 	if (_chg_mesh_attr(NL80211_MESHCONF_GATE_ANNOUNCEMENTS, mask)) {
1861 		/* our current gate announcement implementation rides on root
1862 		 * announcements, so require this ifmsh to also be a root node
1863 		 * */
1864 		if (nconf->dot11MeshGateAnnouncementProtocol &&
1865 		    !(conf->dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT)) {
1866 			conf->dot11MeshHWMPRootMode = IEEE80211_PROACTIVE_RANN;
1867 			ieee80211_mesh_root_setup(ifmsh);
1868 		}
1869 		conf->dot11MeshGateAnnouncementProtocol =
1870 			nconf->dot11MeshGateAnnouncementProtocol;
1871 	}
1872 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_RANN_INTERVAL, mask))
1873 		conf->dot11MeshHWMPRannInterval =
1874 			nconf->dot11MeshHWMPRannInterval;
1875 	if (_chg_mesh_attr(NL80211_MESHCONF_FORWARDING, mask))
1876 		conf->dot11MeshForwarding = nconf->dot11MeshForwarding;
1877 	if (_chg_mesh_attr(NL80211_MESHCONF_RSSI_THRESHOLD, mask)) {
1878 		/* our RSSI threshold implementation is supported only for
1879 		 * devices that report signal in dBm.
1880 		 */
1881 		if (!(sdata->local->hw.flags & IEEE80211_HW_SIGNAL_DBM))
1882 			return -ENOTSUPP;
1883 		conf->rssi_threshold = nconf->rssi_threshold;
1884 	}
1885 	if (_chg_mesh_attr(NL80211_MESHCONF_HT_OPMODE, mask)) {
1886 		conf->ht_opmode = nconf->ht_opmode;
1887 		sdata->vif.bss_conf.ht_operation_mode = nconf->ht_opmode;
1888 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1889 	}
1890 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, mask))
1891 		conf->dot11MeshHWMPactivePathToRootTimeout =
1892 			nconf->dot11MeshHWMPactivePathToRootTimeout;
1893 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOT_INTERVAL, mask))
1894 		conf->dot11MeshHWMProotInterval =
1895 			nconf->dot11MeshHWMProotInterval;
1896 	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, mask))
1897 		conf->dot11MeshHWMPconfirmationInterval =
1898 			nconf->dot11MeshHWMPconfirmationInterval;
1899 	if (_chg_mesh_attr(NL80211_MESHCONF_POWER_MODE, mask)) {
1900 		conf->power_mode = nconf->power_mode;
1901 		ieee80211_mps_local_status_update(sdata);
1902 	}
1903 	if (_chg_mesh_attr(NL80211_MESHCONF_AWAKE_WINDOW, mask))
1904 		conf->dot11MeshAwakeWindowDuration =
1905 			nconf->dot11MeshAwakeWindowDuration;
1906 	if (_chg_mesh_attr(NL80211_MESHCONF_PLINK_TIMEOUT, mask))
1907 		conf->plink_timeout = nconf->plink_timeout;
1908 	ieee80211_mbss_info_change_notify(sdata, BSS_CHANGED_BEACON);
1909 	return 0;
1910 }
1911 
1912 static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev,
1913 			       const struct mesh_config *conf,
1914 			       const struct mesh_setup *setup)
1915 {
1916 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1917 	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1918 	int err;
1919 
1920 	memcpy(&ifmsh->mshcfg, conf, sizeof(struct mesh_config));
1921 	err = copy_mesh_setup(ifmsh, setup);
1922 	if (err)
1923 		return err;
1924 
1925 	/* can mesh use other SMPS modes? */
1926 	sdata->smps_mode = IEEE80211_SMPS_OFF;
1927 	sdata->needed_rx_chains = sdata->local->rx_chains;
1928 
1929 	err = ieee80211_vif_use_channel(sdata, &setup->chandef,
1930 					IEEE80211_CHANCTX_SHARED);
1931 	if (err)
1932 		return err;
1933 
1934 	return ieee80211_start_mesh(sdata);
1935 }
1936 
1937 static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
1938 {
1939 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1940 
1941 	ieee80211_stop_mesh(sdata);
1942 	ieee80211_vif_release_channel(sdata);
1943 
1944 	return 0;
1945 }
1946 #endif
1947 
1948 static int ieee80211_change_bss(struct wiphy *wiphy,
1949 				struct net_device *dev,
1950 				struct bss_parameters *params)
1951 {
1952 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1953 	enum ieee80211_band band;
1954 	u32 changed = 0;
1955 
1956 	if (!rtnl_dereference(sdata->u.ap.beacon))
1957 		return -ENOENT;
1958 
1959 	band = ieee80211_get_sdata_band(sdata);
1960 
1961 	if (params->use_cts_prot >= 0) {
1962 		sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot;
1963 		changed |= BSS_CHANGED_ERP_CTS_PROT;
1964 	}
1965 	if (params->use_short_preamble >= 0) {
1966 		sdata->vif.bss_conf.use_short_preamble =
1967 			params->use_short_preamble;
1968 		changed |= BSS_CHANGED_ERP_PREAMBLE;
1969 	}
1970 
1971 	if (!sdata->vif.bss_conf.use_short_slot &&
1972 	    band == IEEE80211_BAND_5GHZ) {
1973 		sdata->vif.bss_conf.use_short_slot = true;
1974 		changed |= BSS_CHANGED_ERP_SLOT;
1975 	}
1976 
1977 	if (params->use_short_slot_time >= 0) {
1978 		sdata->vif.bss_conf.use_short_slot =
1979 			params->use_short_slot_time;
1980 		changed |= BSS_CHANGED_ERP_SLOT;
1981 	}
1982 
1983 	if (params->basic_rates) {
1984 		ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
1985 					 wiphy->bands[band],
1986 					 params->basic_rates,
1987 					 params->basic_rates_len,
1988 					 &sdata->vif.bss_conf.basic_rates);
1989 		changed |= BSS_CHANGED_BASIC_RATES;
1990 	}
1991 
1992 	if (params->ap_isolate >= 0) {
1993 		if (params->ap_isolate)
1994 			sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
1995 		else
1996 			sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
1997 	}
1998 
1999 	if (params->ht_opmode >= 0) {
2000 		sdata->vif.bss_conf.ht_operation_mode =
2001 			(u16) params->ht_opmode;
2002 		changed |= BSS_CHANGED_HT;
2003 	}
2004 
2005 	if (params->p2p_ctwindow >= 0) {
2006 		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
2007 					~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2008 		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
2009 			params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2010 		changed |= BSS_CHANGED_P2P_PS;
2011 	}
2012 
2013 	if (params->p2p_opp_ps > 0) {
2014 		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
2015 					IEEE80211_P2P_OPPPS_ENABLE_BIT;
2016 		changed |= BSS_CHANGED_P2P_PS;
2017 	} else if (params->p2p_opp_ps == 0) {
2018 		sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
2019 					~IEEE80211_P2P_OPPPS_ENABLE_BIT;
2020 		changed |= BSS_CHANGED_P2P_PS;
2021 	}
2022 
2023 	ieee80211_bss_info_change_notify(sdata, changed);
2024 
2025 	return 0;
2026 }
2027 
2028 static int ieee80211_set_txq_params(struct wiphy *wiphy,
2029 				    struct net_device *dev,
2030 				    struct ieee80211_txq_params *params)
2031 {
2032 	struct ieee80211_local *local = wiphy_priv(wiphy);
2033 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2034 	struct ieee80211_tx_queue_params p;
2035 
2036 	if (!local->ops->conf_tx)
2037 		return -EOPNOTSUPP;
2038 
2039 	if (local->hw.queues < IEEE80211_NUM_ACS)
2040 		return -EOPNOTSUPP;
2041 
2042 	memset(&p, 0, sizeof(p));
2043 	p.aifs = params->aifs;
2044 	p.cw_max = params->cwmax;
2045 	p.cw_min = params->cwmin;
2046 	p.txop = params->txop;
2047 
2048 	/*
2049 	 * Setting tx queue params disables u-apsd because it's only
2050 	 * called in master mode.
2051 	 */
2052 	p.uapsd = false;
2053 
2054 	sdata->tx_conf[params->ac] = p;
2055 	if (drv_conf_tx(local, sdata, params->ac, &p)) {
2056 		wiphy_debug(local->hw.wiphy,
2057 			    "failed to set TX queue parameters for AC %d\n",
2058 			    params->ac);
2059 		return -EINVAL;
2060 	}
2061 
2062 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
2063 
2064 	return 0;
2065 }
2066 
2067 #ifdef CONFIG_PM
2068 static int ieee80211_suspend(struct wiphy *wiphy,
2069 			     struct cfg80211_wowlan *wowlan)
2070 {
2071 	return __ieee80211_suspend(wiphy_priv(wiphy), wowlan);
2072 }
2073 
2074 static int ieee80211_resume(struct wiphy *wiphy)
2075 {
2076 	return __ieee80211_resume(wiphy_priv(wiphy));
2077 }
2078 #else
2079 #define ieee80211_suspend NULL
2080 #define ieee80211_resume NULL
2081 #endif
2082 
2083 static int ieee80211_scan(struct wiphy *wiphy,
2084 			  struct cfg80211_scan_request *req)
2085 {
2086 	struct ieee80211_sub_if_data *sdata;
2087 
2088 	sdata = IEEE80211_WDEV_TO_SUB_IF(req->wdev);
2089 
2090 	switch (ieee80211_vif_type_p2p(&sdata->vif)) {
2091 	case NL80211_IFTYPE_STATION:
2092 	case NL80211_IFTYPE_ADHOC:
2093 	case NL80211_IFTYPE_MESH_POINT:
2094 	case NL80211_IFTYPE_P2P_CLIENT:
2095 	case NL80211_IFTYPE_P2P_DEVICE:
2096 		break;
2097 	case NL80211_IFTYPE_P2P_GO:
2098 		if (sdata->local->ops->hw_scan)
2099 			break;
2100 		/*
2101 		 * FIXME: implement NoA while scanning in software,
2102 		 * for now fall through to allow scanning only when
2103 		 * beaconing hasn't been configured yet
2104 		 */
2105 	case NL80211_IFTYPE_AP:
2106 		/*
2107 		 * If the scan has been forced (and the driver supports
2108 		 * forcing), don't care about being beaconing already.
2109 		 * This will create problems to the attached stations (e.g. all
2110 		 * the  frames sent while scanning on other channel will be
2111 		 * lost)
2112 		 */
2113 		if (sdata->u.ap.beacon &&
2114 		    (!(wiphy->features & NL80211_FEATURE_AP_SCAN) ||
2115 		     !(req->flags & NL80211_SCAN_FLAG_AP)))
2116 			return -EOPNOTSUPP;
2117 		break;
2118 	default:
2119 		return -EOPNOTSUPP;
2120 	}
2121 
2122 	return ieee80211_request_scan(sdata, req);
2123 }
2124 
2125 static int
2126 ieee80211_sched_scan_start(struct wiphy *wiphy,
2127 			   struct net_device *dev,
2128 			   struct cfg80211_sched_scan_request *req)
2129 {
2130 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2131 
2132 	if (!sdata->local->ops->sched_scan_start)
2133 		return -EOPNOTSUPP;
2134 
2135 	return ieee80211_request_sched_scan_start(sdata, req);
2136 }
2137 
2138 static int
2139 ieee80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev)
2140 {
2141 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2142 
2143 	if (!sdata->local->ops->sched_scan_stop)
2144 		return -EOPNOTSUPP;
2145 
2146 	return ieee80211_request_sched_scan_stop(sdata);
2147 }
2148 
2149 static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
2150 			  struct cfg80211_auth_request *req)
2151 {
2152 	return ieee80211_mgd_auth(IEEE80211_DEV_TO_SUB_IF(dev), req);
2153 }
2154 
2155 static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
2156 			   struct cfg80211_assoc_request *req)
2157 {
2158 	return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
2159 }
2160 
2161 static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,
2162 			    struct cfg80211_deauth_request *req)
2163 {
2164 	return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);
2165 }
2166 
2167 static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
2168 			      struct cfg80211_disassoc_request *req)
2169 {
2170 	return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
2171 }
2172 
2173 static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
2174 			       struct cfg80211_ibss_params *params)
2175 {
2176 	return ieee80211_ibss_join(IEEE80211_DEV_TO_SUB_IF(dev), params);
2177 }
2178 
2179 static int ieee80211_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
2180 {
2181 	return ieee80211_ibss_leave(IEEE80211_DEV_TO_SUB_IF(dev));
2182 }
2183 
2184 static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev,
2185 				    int rate[IEEE80211_NUM_BANDS])
2186 {
2187 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2188 
2189 	memcpy(sdata->vif.bss_conf.mcast_rate, rate,
2190 	       sizeof(int) * IEEE80211_NUM_BANDS);
2191 
2192 	return 0;
2193 }
2194 
2195 static int ieee80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
2196 {
2197 	struct ieee80211_local *local = wiphy_priv(wiphy);
2198 	int err;
2199 
2200 	if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
2201 		err = drv_set_frag_threshold(local, wiphy->frag_threshold);
2202 
2203 		if (err)
2204 			return err;
2205 	}
2206 
2207 	if (changed & WIPHY_PARAM_COVERAGE_CLASS) {
2208 		err = drv_set_coverage_class(local, wiphy->coverage_class);
2209 
2210 		if (err)
2211 			return err;
2212 	}
2213 
2214 	if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
2215 		err = drv_set_rts_threshold(local, wiphy->rts_threshold);
2216 
2217 		if (err)
2218 			return err;
2219 	}
2220 
2221 	if (changed & WIPHY_PARAM_RETRY_SHORT) {
2222 		if (wiphy->retry_short > IEEE80211_MAX_TX_RETRY)
2223 			return -EINVAL;
2224 		local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
2225 	}
2226 	if (changed & WIPHY_PARAM_RETRY_LONG) {
2227 		if (wiphy->retry_long > IEEE80211_MAX_TX_RETRY)
2228 			return -EINVAL;
2229 		local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
2230 	}
2231 	if (changed &
2232 	    (WIPHY_PARAM_RETRY_SHORT | WIPHY_PARAM_RETRY_LONG))
2233 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_RETRY_LIMITS);
2234 
2235 	return 0;
2236 }
2237 
2238 static int ieee80211_set_tx_power(struct wiphy *wiphy,
2239 				  struct wireless_dev *wdev,
2240 				  enum nl80211_tx_power_setting type, int mbm)
2241 {
2242 	struct ieee80211_local *local = wiphy_priv(wiphy);
2243 	struct ieee80211_sub_if_data *sdata;
2244 
2245 	if (wdev) {
2246 		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2247 
2248 		switch (type) {
2249 		case NL80211_TX_POWER_AUTOMATIC:
2250 			sdata->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
2251 			break;
2252 		case NL80211_TX_POWER_LIMITED:
2253 		case NL80211_TX_POWER_FIXED:
2254 			if (mbm < 0 || (mbm % 100))
2255 				return -EOPNOTSUPP;
2256 			sdata->user_power_level = MBM_TO_DBM(mbm);
2257 			break;
2258 		}
2259 
2260 		ieee80211_recalc_txpower(sdata);
2261 
2262 		return 0;
2263 	}
2264 
2265 	switch (type) {
2266 	case NL80211_TX_POWER_AUTOMATIC:
2267 		local->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
2268 		break;
2269 	case NL80211_TX_POWER_LIMITED:
2270 	case NL80211_TX_POWER_FIXED:
2271 		if (mbm < 0 || (mbm % 100))
2272 			return -EOPNOTSUPP;
2273 		local->user_power_level = MBM_TO_DBM(mbm);
2274 		break;
2275 	}
2276 
2277 	mutex_lock(&local->iflist_mtx);
2278 	list_for_each_entry(sdata, &local->interfaces, list)
2279 		sdata->user_power_level = local->user_power_level;
2280 	list_for_each_entry(sdata, &local->interfaces, list)
2281 		ieee80211_recalc_txpower(sdata);
2282 	mutex_unlock(&local->iflist_mtx);
2283 
2284 	return 0;
2285 }
2286 
2287 static int ieee80211_get_tx_power(struct wiphy *wiphy,
2288 				  struct wireless_dev *wdev,
2289 				  int *dbm)
2290 {
2291 	struct ieee80211_local *local = wiphy_priv(wiphy);
2292 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2293 
2294 	if (!local->use_chanctx)
2295 		*dbm = local->hw.conf.power_level;
2296 	else
2297 		*dbm = sdata->vif.bss_conf.txpower;
2298 
2299 	return 0;
2300 }
2301 
2302 static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
2303 				  const u8 *addr)
2304 {
2305 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2306 
2307 	memcpy(&sdata->u.wds.remote_addr, addr, ETH_ALEN);
2308 
2309 	return 0;
2310 }
2311 
2312 static void ieee80211_rfkill_poll(struct wiphy *wiphy)
2313 {
2314 	struct ieee80211_local *local = wiphy_priv(wiphy);
2315 
2316 	drv_rfkill_poll(local);
2317 }
2318 
2319 #ifdef CONFIG_NL80211_TESTMODE
2320 static int ieee80211_testmode_cmd(struct wiphy *wiphy,
2321 				  struct wireless_dev *wdev,
2322 				  void *data, int len)
2323 {
2324 	struct ieee80211_local *local = wiphy_priv(wiphy);
2325 	struct ieee80211_vif *vif = NULL;
2326 
2327 	if (!local->ops->testmode_cmd)
2328 		return -EOPNOTSUPP;
2329 
2330 	if (wdev) {
2331 		struct ieee80211_sub_if_data *sdata;
2332 
2333 		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2334 		if (sdata->flags & IEEE80211_SDATA_IN_DRIVER)
2335 			vif = &sdata->vif;
2336 	}
2337 
2338 	return local->ops->testmode_cmd(&local->hw, vif, data, len);
2339 }
2340 
2341 static int ieee80211_testmode_dump(struct wiphy *wiphy,
2342 				   struct sk_buff *skb,
2343 				   struct netlink_callback *cb,
2344 				   void *data, int len)
2345 {
2346 	struct ieee80211_local *local = wiphy_priv(wiphy);
2347 
2348 	if (!local->ops->testmode_dump)
2349 		return -EOPNOTSUPP;
2350 
2351 	return local->ops->testmode_dump(&local->hw, skb, cb, data, len);
2352 }
2353 #endif
2354 
2355 int __ieee80211_request_smps_ap(struct ieee80211_sub_if_data *sdata,
2356 				enum ieee80211_smps_mode smps_mode)
2357 {
2358 	struct sta_info *sta;
2359 	enum ieee80211_smps_mode old_req;
2360 	int i;
2361 
2362 	if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_AP))
2363 		return -EINVAL;
2364 
2365 	if (sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT)
2366 		return 0;
2367 
2368 	old_req = sdata->u.ap.req_smps;
2369 	sdata->u.ap.req_smps = smps_mode;
2370 
2371 	/* AUTOMATIC doesn't mean much for AP - don't allow it */
2372 	if (old_req == smps_mode ||
2373 	    smps_mode == IEEE80211_SMPS_AUTOMATIC)
2374 		return 0;
2375 
2376 	 /* If no associated stations, there's no need to do anything */
2377 	if (!atomic_read(&sdata->u.ap.num_mcast_sta)) {
2378 		sdata->smps_mode = smps_mode;
2379 		ieee80211_queue_work(&sdata->local->hw, &sdata->recalc_smps);
2380 		return 0;
2381 	}
2382 
2383 	ht_dbg(sdata,
2384 	       "SMSP %d requested in AP mode, sending Action frame to %d stations\n",
2385 	       smps_mode, atomic_read(&sdata->u.ap.num_mcast_sta));
2386 
2387 	mutex_lock(&sdata->local->sta_mtx);
2388 	for (i = 0; i < STA_HASH_SIZE; i++) {
2389 		for (sta = rcu_dereference_protected(sdata->local->sta_hash[i],
2390 				lockdep_is_held(&sdata->local->sta_mtx));
2391 		     sta;
2392 		     sta = rcu_dereference_protected(sta->hnext,
2393 				lockdep_is_held(&sdata->local->sta_mtx))) {
2394 			/*
2395 			 * Only stations associated to our AP and
2396 			 * associated VLANs
2397 			 */
2398 			if (sta->sdata->bss != &sdata->u.ap)
2399 				continue;
2400 
2401 			/* This station doesn't support MIMO - skip it */
2402 			if (sta_info_tx_streams(sta) == 1)
2403 				continue;
2404 
2405 			/*
2406 			 * Don't wake up a STA just to send the action frame
2407 			 * unless we are getting more restrictive.
2408 			 */
2409 			if (test_sta_flag(sta, WLAN_STA_PS_STA) &&
2410 			    !ieee80211_smps_is_restrictive(sta->known_smps_mode,
2411 							   smps_mode)) {
2412 				ht_dbg(sdata,
2413 				       "Won't send SMPS to sleeping STA %pM\n",
2414 				       sta->sta.addr);
2415 				continue;
2416 			}
2417 
2418 			/*
2419 			 * If the STA is not authorized, wait until it gets
2420 			 * authorized and the action frame will be sent then.
2421 			 */
2422 			if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2423 				continue;
2424 
2425 			ht_dbg(sdata, "Sending SMPS to %pM\n", sta->sta.addr);
2426 			ieee80211_send_smps_action(sdata, smps_mode,
2427 						   sta->sta.addr,
2428 						   sdata->vif.bss_conf.bssid);
2429 		}
2430 	}
2431 	mutex_unlock(&sdata->local->sta_mtx);
2432 
2433 	sdata->smps_mode = smps_mode;
2434 	ieee80211_queue_work(&sdata->local->hw, &sdata->recalc_smps);
2435 
2436 	return 0;
2437 }
2438 
2439 int __ieee80211_request_smps_mgd(struct ieee80211_sub_if_data *sdata,
2440 				 enum ieee80211_smps_mode smps_mode)
2441 {
2442 	const u8 *ap;
2443 	enum ieee80211_smps_mode old_req;
2444 	int err;
2445 
2446 	lockdep_assert_held(&sdata->wdev.mtx);
2447 
2448 	if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION))
2449 		return -EINVAL;
2450 
2451 	old_req = sdata->u.mgd.req_smps;
2452 	sdata->u.mgd.req_smps = smps_mode;
2453 
2454 	if (old_req == smps_mode &&
2455 	    smps_mode != IEEE80211_SMPS_AUTOMATIC)
2456 		return 0;
2457 
2458 	/*
2459 	 * If not associated, or current association is not an HT
2460 	 * association, there's no need to do anything, just store
2461 	 * the new value until we associate.
2462 	 */
2463 	if (!sdata->u.mgd.associated ||
2464 	    sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT)
2465 		return 0;
2466 
2467 	ap = sdata->u.mgd.associated->bssid;
2468 
2469 	if (smps_mode == IEEE80211_SMPS_AUTOMATIC) {
2470 		if (sdata->u.mgd.powersave)
2471 			smps_mode = IEEE80211_SMPS_DYNAMIC;
2472 		else
2473 			smps_mode = IEEE80211_SMPS_OFF;
2474 	}
2475 
2476 	/* send SM PS frame to AP */
2477 	err = ieee80211_send_smps_action(sdata, smps_mode,
2478 					 ap, ap);
2479 	if (err)
2480 		sdata->u.mgd.req_smps = old_req;
2481 
2482 	return err;
2483 }
2484 
2485 static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
2486 				    bool enabled, int timeout)
2487 {
2488 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2489 	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2490 
2491 	if (sdata->vif.type != NL80211_IFTYPE_STATION)
2492 		return -EOPNOTSUPP;
2493 
2494 	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS))
2495 		return -EOPNOTSUPP;
2496 
2497 	if (enabled == sdata->u.mgd.powersave &&
2498 	    timeout == local->dynamic_ps_forced_timeout)
2499 		return 0;
2500 
2501 	sdata->u.mgd.powersave = enabled;
2502 	local->dynamic_ps_forced_timeout = timeout;
2503 
2504 	/* no change, but if automatic follow powersave */
2505 	sdata_lock(sdata);
2506 	__ieee80211_request_smps_mgd(sdata, sdata->u.mgd.req_smps);
2507 	sdata_unlock(sdata);
2508 
2509 	if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
2510 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2511 
2512 	ieee80211_recalc_ps(local, -1);
2513 	ieee80211_recalc_ps_vif(sdata);
2514 
2515 	return 0;
2516 }
2517 
2518 static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
2519 					 struct net_device *dev,
2520 					 s32 rssi_thold, u32 rssi_hyst)
2521 {
2522 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2523 	struct ieee80211_vif *vif = &sdata->vif;
2524 	struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
2525 
2526 	if (rssi_thold == bss_conf->cqm_rssi_thold &&
2527 	    rssi_hyst == bss_conf->cqm_rssi_hyst)
2528 		return 0;
2529 
2530 	bss_conf->cqm_rssi_thold = rssi_thold;
2531 	bss_conf->cqm_rssi_hyst = rssi_hyst;
2532 
2533 	/* tell the driver upon association, unless already associated */
2534 	if (sdata->u.mgd.associated &&
2535 	    sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)
2536 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM);
2537 
2538 	return 0;
2539 }
2540 
2541 static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
2542 				      struct net_device *dev,
2543 				      const u8 *addr,
2544 				      const struct cfg80211_bitrate_mask *mask)
2545 {
2546 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2547 	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2548 	int i, ret;
2549 
2550 	if (!ieee80211_sdata_running(sdata))
2551 		return -ENETDOWN;
2552 
2553 	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
2554 		ret = drv_set_bitrate_mask(local, sdata, mask);
2555 		if (ret)
2556 			return ret;
2557 	}
2558 
2559 	for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
2560 		struct ieee80211_supported_band *sband = wiphy->bands[i];
2561 		int j;
2562 
2563 		sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
2564 		memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs,
2565 		       sizeof(mask->control[i].mcs));
2566 
2567 		sdata->rc_has_mcs_mask[i] = false;
2568 		if (!sband)
2569 			continue;
2570 
2571 		for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++)
2572 			if (~sdata->rc_rateidx_mcs_mask[i][j]) {
2573 				sdata->rc_has_mcs_mask[i] = true;
2574 				break;
2575 			}
2576 	}
2577 
2578 	return 0;
2579 }
2580 
2581 static int ieee80211_start_roc_work(struct ieee80211_local *local,
2582 				    struct ieee80211_sub_if_data *sdata,
2583 				    struct ieee80211_channel *channel,
2584 				    unsigned int duration, u64 *cookie,
2585 				    struct sk_buff *txskb,
2586 				    enum ieee80211_roc_type type)
2587 {
2588 	struct ieee80211_roc_work *roc, *tmp;
2589 	bool queued = false;
2590 	int ret;
2591 
2592 	lockdep_assert_held(&local->mtx);
2593 
2594 	if (local->use_chanctx && !local->ops->remain_on_channel)
2595 		return -EOPNOTSUPP;
2596 
2597 	roc = kzalloc(sizeof(*roc), GFP_KERNEL);
2598 	if (!roc)
2599 		return -ENOMEM;
2600 
2601 	roc->chan = channel;
2602 	roc->duration = duration;
2603 	roc->req_duration = duration;
2604 	roc->frame = txskb;
2605 	roc->type = type;
2606 	roc->mgmt_tx_cookie = (unsigned long)txskb;
2607 	roc->sdata = sdata;
2608 	INIT_DELAYED_WORK(&roc->work, ieee80211_sw_roc_work);
2609 	INIT_LIST_HEAD(&roc->dependents);
2610 
2611 	/* if there's one pending or we're scanning, queue this one */
2612 	if (!list_empty(&local->roc_list) ||
2613 	    local->scanning || local->radar_detect_enabled)
2614 		goto out_check_combine;
2615 
2616 	/* if not HW assist, just queue & schedule work */
2617 	if (!local->ops->remain_on_channel) {
2618 		ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);
2619 		goto out_queue;
2620 	}
2621 
2622 	/* otherwise actually kick it off here (for error handling) */
2623 
2624 	/*
2625 	 * If the duration is zero, then the driver
2626 	 * wouldn't actually do anything. Set it to
2627 	 * 10 for now.
2628 	 *
2629 	 * TODO: cancel the off-channel operation
2630 	 *       when we get the SKB's TX status and
2631 	 *       the wait time was zero before.
2632 	 */
2633 	if (!duration)
2634 		duration = 10;
2635 
2636 	ret = drv_remain_on_channel(local, sdata, channel, duration, type);
2637 	if (ret) {
2638 		kfree(roc);
2639 		return ret;
2640 	}
2641 
2642 	roc->started = true;
2643 	goto out_queue;
2644 
2645  out_check_combine:
2646 	list_for_each_entry(tmp, &local->roc_list, list) {
2647 		if (tmp->chan != channel || tmp->sdata != sdata)
2648 			continue;
2649 
2650 		/*
2651 		 * Extend this ROC if possible:
2652 		 *
2653 		 * If it hasn't started yet, just increase the duration
2654 		 * and add the new one to the list of dependents.
2655 		 * If the type of the new ROC has higher priority, modify the
2656 		 * type of the previous one to match that of the new one.
2657 		 */
2658 		if (!tmp->started) {
2659 			list_add_tail(&roc->list, &tmp->dependents);
2660 			tmp->duration = max(tmp->duration, roc->duration);
2661 			tmp->type = max(tmp->type, roc->type);
2662 			queued = true;
2663 			break;
2664 		}
2665 
2666 		/* If it has already started, it's more difficult ... */
2667 		if (local->ops->remain_on_channel) {
2668 			unsigned long j = jiffies;
2669 
2670 			/*
2671 			 * In the offloaded ROC case, if it hasn't begun, add
2672 			 * this new one to the dependent list to be handled
2673 			 * when the master one begins. If it has begun,
2674 			 * check that there's still a minimum time left and
2675 			 * if so, start this one, transmitting the frame, but
2676 			 * add it to the list directly after this one with
2677 			 * a reduced time so we'll ask the driver to execute
2678 			 * it right after finishing the previous one, in the
2679 			 * hope that it'll also be executed right afterwards,
2680 			 * effectively extending the old one.
2681 			 * If there's no minimum time left, just add it to the
2682 			 * normal list.
2683 			 * TODO: the ROC type is ignored here, assuming that it
2684 			 * is better to immediately use the current ROC.
2685 			 */
2686 			if (!tmp->hw_begun) {
2687 				list_add_tail(&roc->list, &tmp->dependents);
2688 				queued = true;
2689 				break;
2690 			}
2691 
2692 			if (time_before(j + IEEE80211_ROC_MIN_LEFT,
2693 					tmp->hw_start_time +
2694 					msecs_to_jiffies(tmp->duration))) {
2695 				int new_dur;
2696 
2697 				ieee80211_handle_roc_started(roc);
2698 
2699 				new_dur = roc->duration -
2700 					  jiffies_to_msecs(tmp->hw_start_time +
2701 							   msecs_to_jiffies(
2702 								tmp->duration) -
2703 							   j);
2704 
2705 				if (new_dur > 0) {
2706 					/* add right after tmp */
2707 					list_add(&roc->list, &tmp->list);
2708 				} else {
2709 					list_add_tail(&roc->list,
2710 						      &tmp->dependents);
2711 				}
2712 				queued = true;
2713 			}
2714 		} else if (del_timer_sync(&tmp->work.timer)) {
2715 			unsigned long new_end;
2716 
2717 			/*
2718 			 * In the software ROC case, cancel the timer, if
2719 			 * that fails then the finish work is already
2720 			 * queued/pending and thus we queue the new ROC
2721 			 * normally, if that succeeds then we can extend
2722 			 * the timer duration and TX the frame (if any.)
2723 			 */
2724 
2725 			list_add_tail(&roc->list, &tmp->dependents);
2726 			queued = true;
2727 
2728 			new_end = jiffies + msecs_to_jiffies(roc->duration);
2729 
2730 			/* ok, it was started & we canceled timer */
2731 			if (time_after(new_end, tmp->work.timer.expires))
2732 				mod_timer(&tmp->work.timer, new_end);
2733 			else
2734 				add_timer(&tmp->work.timer);
2735 
2736 			ieee80211_handle_roc_started(roc);
2737 		}
2738 		break;
2739 	}
2740 
2741  out_queue:
2742 	if (!queued)
2743 		list_add_tail(&roc->list, &local->roc_list);
2744 
2745 	/*
2746 	 * cookie is either the roc cookie (for normal roc)
2747 	 * or the SKB (for mgmt TX)
2748 	 */
2749 	if (!txskb) {
2750 		/* local->mtx protects this */
2751 		local->roc_cookie_counter++;
2752 		roc->cookie = local->roc_cookie_counter;
2753 		/* wow, you wrapped 64 bits ... more likely a bug */
2754 		if (WARN_ON(roc->cookie == 0)) {
2755 			roc->cookie = 1;
2756 			local->roc_cookie_counter++;
2757 		}
2758 		*cookie = roc->cookie;
2759 	} else {
2760 		*cookie = (unsigned long)txskb;
2761 	}
2762 
2763 	return 0;
2764 }
2765 
2766 static int ieee80211_remain_on_channel(struct wiphy *wiphy,
2767 				       struct wireless_dev *wdev,
2768 				       struct ieee80211_channel *chan,
2769 				       unsigned int duration,
2770 				       u64 *cookie)
2771 {
2772 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2773 	struct ieee80211_local *local = sdata->local;
2774 	int ret;
2775 
2776 	mutex_lock(&local->mtx);
2777 	ret = ieee80211_start_roc_work(local, sdata, chan,
2778 				       duration, cookie, NULL,
2779 				       IEEE80211_ROC_TYPE_NORMAL);
2780 	mutex_unlock(&local->mtx);
2781 
2782 	return ret;
2783 }
2784 
2785 static int ieee80211_cancel_roc(struct ieee80211_local *local,
2786 				u64 cookie, bool mgmt_tx)
2787 {
2788 	struct ieee80211_roc_work *roc, *tmp, *found = NULL;
2789 	int ret;
2790 
2791 	mutex_lock(&local->mtx);
2792 	list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
2793 		struct ieee80211_roc_work *dep, *tmp2;
2794 
2795 		list_for_each_entry_safe(dep, tmp2, &roc->dependents, list) {
2796 			if (!mgmt_tx && dep->cookie != cookie)
2797 				continue;
2798 			else if (mgmt_tx && dep->mgmt_tx_cookie != cookie)
2799 				continue;
2800 			/* found dependent item -- just remove it */
2801 			list_del(&dep->list);
2802 			mutex_unlock(&local->mtx);
2803 
2804 			ieee80211_roc_notify_destroy(dep, true);
2805 			return 0;
2806 		}
2807 
2808 		if (!mgmt_tx && roc->cookie != cookie)
2809 			continue;
2810 		else if (mgmt_tx && roc->mgmt_tx_cookie != cookie)
2811 			continue;
2812 
2813 		found = roc;
2814 		break;
2815 	}
2816 
2817 	if (!found) {
2818 		mutex_unlock(&local->mtx);
2819 		return -ENOENT;
2820 	}
2821 
2822 	/*
2823 	 * We found the item to cancel, so do that. Note that it
2824 	 * may have dependents, which we also cancel (and send
2825 	 * the expired signal for.) Not doing so would be quite
2826 	 * tricky here, but we may need to fix it later.
2827 	 */
2828 
2829 	if (local->ops->remain_on_channel) {
2830 		if (found->started) {
2831 			ret = drv_cancel_remain_on_channel(local);
2832 			if (WARN_ON_ONCE(ret)) {
2833 				mutex_unlock(&local->mtx);
2834 				return ret;
2835 			}
2836 		}
2837 
2838 		list_del(&found->list);
2839 
2840 		if (found->started)
2841 			ieee80211_start_next_roc(local);
2842 		mutex_unlock(&local->mtx);
2843 
2844 		ieee80211_roc_notify_destroy(found, true);
2845 	} else {
2846 		/* work may be pending so use it all the time */
2847 		found->abort = true;
2848 		ieee80211_queue_delayed_work(&local->hw, &found->work, 0);
2849 
2850 		mutex_unlock(&local->mtx);
2851 
2852 		/* work will clean up etc */
2853 		flush_delayed_work(&found->work);
2854 		WARN_ON(!found->to_be_freed);
2855 		kfree(found);
2856 	}
2857 
2858 	return 0;
2859 }
2860 
2861 static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
2862 					      struct wireless_dev *wdev,
2863 					      u64 cookie)
2864 {
2865 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2866 	struct ieee80211_local *local = sdata->local;
2867 
2868 	return ieee80211_cancel_roc(local, cookie, false);
2869 }
2870 
2871 static int ieee80211_start_radar_detection(struct wiphy *wiphy,
2872 					   struct net_device *dev,
2873 					   struct cfg80211_chan_def *chandef)
2874 {
2875 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2876 	struct ieee80211_local *local = sdata->local;
2877 	unsigned long timeout;
2878 	int err;
2879 
2880 	if (!list_empty(&local->roc_list) || local->scanning)
2881 		return -EBUSY;
2882 
2883 	/* whatever, but channel contexts should not complain about that one */
2884 	sdata->smps_mode = IEEE80211_SMPS_OFF;
2885 	sdata->needed_rx_chains = local->rx_chains;
2886 	sdata->radar_required = true;
2887 
2888 	mutex_lock(&local->iflist_mtx);
2889 	err = ieee80211_vif_use_channel(sdata, chandef,
2890 					IEEE80211_CHANCTX_SHARED);
2891 	mutex_unlock(&local->iflist_mtx);
2892 	if (err)
2893 		return err;
2894 
2895 	timeout = msecs_to_jiffies(IEEE80211_DFS_MIN_CAC_TIME_MS);
2896 	ieee80211_queue_delayed_work(&sdata->local->hw,
2897 				     &sdata->dfs_cac_timer_work, timeout);
2898 
2899 	return 0;
2900 }
2901 
2902 static struct cfg80211_beacon_data *
2903 cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
2904 {
2905 	struct cfg80211_beacon_data *new_beacon;
2906 	u8 *pos;
2907 	int len;
2908 
2909 	len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
2910 	      beacon->proberesp_ies_len + beacon->assocresp_ies_len +
2911 	      beacon->probe_resp_len;
2912 
2913 	new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL);
2914 	if (!new_beacon)
2915 		return NULL;
2916 
2917 	pos = (u8 *)(new_beacon + 1);
2918 	if (beacon->head_len) {
2919 		new_beacon->head_len = beacon->head_len;
2920 		new_beacon->head = pos;
2921 		memcpy(pos, beacon->head, beacon->head_len);
2922 		pos += beacon->head_len;
2923 	}
2924 	if (beacon->tail_len) {
2925 		new_beacon->tail_len = beacon->tail_len;
2926 		new_beacon->tail = pos;
2927 		memcpy(pos, beacon->tail, beacon->tail_len);
2928 		pos += beacon->tail_len;
2929 	}
2930 	if (beacon->beacon_ies_len) {
2931 		new_beacon->beacon_ies_len = beacon->beacon_ies_len;
2932 		new_beacon->beacon_ies = pos;
2933 		memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len);
2934 		pos += beacon->beacon_ies_len;
2935 	}
2936 	if (beacon->proberesp_ies_len) {
2937 		new_beacon->proberesp_ies_len = beacon->proberesp_ies_len;
2938 		new_beacon->proberesp_ies = pos;
2939 		memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len);
2940 		pos += beacon->proberesp_ies_len;
2941 	}
2942 	if (beacon->assocresp_ies_len) {
2943 		new_beacon->assocresp_ies_len = beacon->assocresp_ies_len;
2944 		new_beacon->assocresp_ies = pos;
2945 		memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len);
2946 		pos += beacon->assocresp_ies_len;
2947 	}
2948 	if (beacon->probe_resp_len) {
2949 		new_beacon->probe_resp_len = beacon->probe_resp_len;
2950 		beacon->probe_resp = pos;
2951 		memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
2952 		pos += beacon->probe_resp_len;
2953 	}
2954 
2955 	return new_beacon;
2956 }
2957 
2958 void ieee80211_csa_finalize_work(struct work_struct *work)
2959 {
2960 	struct ieee80211_sub_if_data *sdata =
2961 		container_of(work, struct ieee80211_sub_if_data,
2962 			     csa_finalize_work);
2963 	struct ieee80211_local *local = sdata->local;
2964 	int err, changed = 0;
2965 
2966 	if (!ieee80211_sdata_running(sdata))
2967 		return;
2968 
2969 	sdata->radar_required = sdata->csa_radar_required;
2970 	err = ieee80211_vif_change_channel(sdata, &local->csa_chandef,
2971 					   &changed);
2972 	if (WARN_ON(err < 0))
2973 		return;
2974 
2975 	if (!local->use_chanctx) {
2976 		local->_oper_chandef = local->csa_chandef;
2977 		ieee80211_hw_config(local, 0);
2978 	}
2979 
2980 	ieee80211_bss_info_change_notify(sdata, changed);
2981 
2982 	switch (sdata->vif.type) {
2983 	case NL80211_IFTYPE_AP:
2984 		err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon);
2985 		if (err < 0)
2986 			return;
2987 		changed |= err;
2988 		kfree(sdata->u.ap.next_beacon);
2989 		sdata->u.ap.next_beacon = NULL;
2990 
2991 		ieee80211_bss_info_change_notify(sdata, err);
2992 		break;
2993 	case NL80211_IFTYPE_ADHOC:
2994 		ieee80211_ibss_finish_csa(sdata);
2995 		break;
2996 #ifdef CONFIG_MAC80211_MESH
2997 	case NL80211_IFTYPE_MESH_POINT:
2998 		err = ieee80211_mesh_finish_csa(sdata);
2999 		if (err < 0)
3000 			return;
3001 		break;
3002 #endif
3003 	default:
3004 		WARN_ON(1);
3005 		return;
3006 	}
3007 	sdata->vif.csa_active = false;
3008 
3009 	ieee80211_wake_queues_by_reason(&sdata->local->hw,
3010 					IEEE80211_MAX_QUEUE_MAP,
3011 					IEEE80211_QUEUE_STOP_REASON_CSA);
3012 
3013 	cfg80211_ch_switch_notify(sdata->dev, &local->csa_chandef);
3014 }
3015 
3016 static int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
3017 				    struct cfg80211_csa_settings *params)
3018 {
3019 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3020 	struct ieee80211_local *local = sdata->local;
3021 	struct ieee80211_chanctx_conf *chanctx_conf;
3022 	struct ieee80211_chanctx *chanctx;
3023 	struct ieee80211_if_mesh __maybe_unused *ifmsh;
3024 	int err, num_chanctx;
3025 
3026 	if (!list_empty(&local->roc_list) || local->scanning)
3027 		return -EBUSY;
3028 
3029 	if (sdata->wdev.cac_started)
3030 		return -EBUSY;
3031 
3032 	if (cfg80211_chandef_identical(&params->chandef,
3033 				       &sdata->vif.bss_conf.chandef))
3034 		return -EINVAL;
3035 
3036 	rcu_read_lock();
3037 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3038 	if (!chanctx_conf) {
3039 		rcu_read_unlock();
3040 		return -EBUSY;
3041 	}
3042 
3043 	/* don't handle for multi-VIF cases */
3044 	chanctx = container_of(chanctx_conf, struct ieee80211_chanctx, conf);
3045 	if (chanctx->refcount > 1) {
3046 		rcu_read_unlock();
3047 		return -EBUSY;
3048 	}
3049 	num_chanctx = 0;
3050 	list_for_each_entry_rcu(chanctx, &local->chanctx_list, list)
3051 		num_chanctx++;
3052 	rcu_read_unlock();
3053 
3054 	if (num_chanctx > 1)
3055 		return -EBUSY;
3056 
3057 	/* don't allow another channel switch if one is already active. */
3058 	if (sdata->vif.csa_active)
3059 		return -EBUSY;
3060 
3061 	switch (sdata->vif.type) {
3062 	case NL80211_IFTYPE_AP:
3063 		sdata->csa_counter_offset_beacon =
3064 			params->counter_offset_beacon;
3065 		sdata->csa_counter_offset_presp = params->counter_offset_presp;
3066 		sdata->u.ap.next_beacon =
3067 			cfg80211_beacon_dup(&params->beacon_after);
3068 		if (!sdata->u.ap.next_beacon)
3069 			return -ENOMEM;
3070 
3071 		err = ieee80211_assign_beacon(sdata, &params->beacon_csa);
3072 		if (err < 0) {
3073 			kfree(sdata->u.ap.next_beacon);
3074 			return err;
3075 		}
3076 		break;
3077 	case NL80211_IFTYPE_ADHOC:
3078 		if (!sdata->vif.bss_conf.ibss_joined)
3079 			return -EINVAL;
3080 
3081 		if (params->chandef.width != sdata->u.ibss.chandef.width)
3082 			return -EINVAL;
3083 
3084 		switch (params->chandef.width) {
3085 		case NL80211_CHAN_WIDTH_40:
3086 			if (cfg80211_get_chandef_type(&params->chandef) !=
3087 			    cfg80211_get_chandef_type(&sdata->u.ibss.chandef))
3088 				return -EINVAL;
3089 		case NL80211_CHAN_WIDTH_5:
3090 		case NL80211_CHAN_WIDTH_10:
3091 		case NL80211_CHAN_WIDTH_20_NOHT:
3092 		case NL80211_CHAN_WIDTH_20:
3093 			break;
3094 		default:
3095 			return -EINVAL;
3096 		}
3097 
3098 		/* changes into another band are not supported */
3099 		if (sdata->u.ibss.chandef.chan->band !=
3100 		    params->chandef.chan->band)
3101 			return -EINVAL;
3102 
3103 		err = ieee80211_ibss_csa_beacon(sdata, params);
3104 		if (err < 0)
3105 			return err;
3106 		break;
3107 #ifdef CONFIG_MAC80211_MESH
3108 	case NL80211_IFTYPE_MESH_POINT:
3109 		ifmsh = &sdata->u.mesh;
3110 
3111 		if (!ifmsh->mesh_id)
3112 			return -EINVAL;
3113 
3114 		if (params->chandef.width != sdata->vif.bss_conf.chandef.width)
3115 			return -EINVAL;
3116 
3117 		/* changes into another band are not supported */
3118 		if (sdata->vif.bss_conf.chandef.chan->band !=
3119 		    params->chandef.chan->band)
3120 			return -EINVAL;
3121 
3122 		ifmsh->chsw_init = true;
3123 		if (!ifmsh->pre_value)
3124 			ifmsh->pre_value = 1;
3125 		else
3126 			ifmsh->pre_value++;
3127 
3128 		err = ieee80211_mesh_csa_beacon(sdata, params, true);
3129 		if (err < 0) {
3130 			ifmsh->chsw_init = false;
3131 			return err;
3132 		}
3133 		break;
3134 #endif
3135 	default:
3136 		return -EOPNOTSUPP;
3137 	}
3138 
3139 	sdata->csa_radar_required = params->radar_required;
3140 
3141 	if (params->block_tx)
3142 		ieee80211_stop_queues_by_reason(&local->hw,
3143 				IEEE80211_MAX_QUEUE_MAP,
3144 				IEEE80211_QUEUE_STOP_REASON_CSA);
3145 
3146 	local->csa_chandef = params->chandef;
3147 	sdata->vif.csa_active = true;
3148 
3149 	ieee80211_bss_info_change_notify(sdata, err);
3150 	drv_channel_switch_beacon(sdata, &params->chandef);
3151 
3152 	return 0;
3153 }
3154 
3155 static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
3156 			     struct ieee80211_channel *chan, bool offchan,
3157 			     unsigned int wait, const u8 *buf, size_t len,
3158 			     bool no_cck, bool dont_wait_for_ack, u64 *cookie)
3159 {
3160 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3161 	struct ieee80211_local *local = sdata->local;
3162 	struct sk_buff *skb;
3163 	struct sta_info *sta;
3164 	const struct ieee80211_mgmt *mgmt = (void *)buf;
3165 	bool need_offchan = false;
3166 	u32 flags;
3167 	int ret;
3168 
3169 	if (dont_wait_for_ack)
3170 		flags = IEEE80211_TX_CTL_NO_ACK;
3171 	else
3172 		flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
3173 			IEEE80211_TX_CTL_REQ_TX_STATUS;
3174 
3175 	if (no_cck)
3176 		flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
3177 
3178 	switch (sdata->vif.type) {
3179 	case NL80211_IFTYPE_ADHOC:
3180 		if (!sdata->vif.bss_conf.ibss_joined)
3181 			need_offchan = true;
3182 		/* fall through */
3183 #ifdef CONFIG_MAC80211_MESH
3184 	case NL80211_IFTYPE_MESH_POINT:
3185 		if (ieee80211_vif_is_mesh(&sdata->vif) &&
3186 		    !sdata->u.mesh.mesh_id_len)
3187 			need_offchan = true;
3188 		/* fall through */
3189 #endif
3190 	case NL80211_IFTYPE_AP:
3191 	case NL80211_IFTYPE_AP_VLAN:
3192 	case NL80211_IFTYPE_P2P_GO:
3193 		if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
3194 		    !ieee80211_vif_is_mesh(&sdata->vif) &&
3195 		    !rcu_access_pointer(sdata->bss->beacon))
3196 			need_offchan = true;
3197 		if (!ieee80211_is_action(mgmt->frame_control) ||
3198 		    mgmt->u.action.category == WLAN_CATEGORY_PUBLIC ||
3199 		    mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED ||
3200 		    mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT)
3201 			break;
3202 		rcu_read_lock();
3203 		sta = sta_info_get(sdata, mgmt->da);
3204 		rcu_read_unlock();
3205 		if (!sta)
3206 			return -ENOLINK;
3207 		break;
3208 	case NL80211_IFTYPE_STATION:
3209 	case NL80211_IFTYPE_P2P_CLIENT:
3210 		if (!sdata->u.mgd.associated)
3211 			need_offchan = true;
3212 		break;
3213 	case NL80211_IFTYPE_P2P_DEVICE:
3214 		need_offchan = true;
3215 		break;
3216 	default:
3217 		return -EOPNOTSUPP;
3218 	}
3219 
3220 	/* configurations requiring offchan cannot work if no channel has been
3221 	 * specified
3222 	 */
3223 	if (need_offchan && !chan)
3224 		return -EINVAL;
3225 
3226 	mutex_lock(&local->mtx);
3227 
3228 	/* Check if the operating channel is the requested channel */
3229 	if (!need_offchan) {
3230 		struct ieee80211_chanctx_conf *chanctx_conf;
3231 
3232 		rcu_read_lock();
3233 		chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3234 
3235 		if (chanctx_conf) {
3236 			need_offchan = chan && (chan != chanctx_conf->def.chan);
3237 		} else if (!chan) {
3238 			ret = -EINVAL;
3239 			rcu_read_unlock();
3240 			goto out_unlock;
3241 		} else {
3242 			need_offchan = true;
3243 		}
3244 		rcu_read_unlock();
3245 	}
3246 
3247 	if (need_offchan && !offchan) {
3248 		ret = -EBUSY;
3249 		goto out_unlock;
3250 	}
3251 
3252 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
3253 	if (!skb) {
3254 		ret = -ENOMEM;
3255 		goto out_unlock;
3256 	}
3257 	skb_reserve(skb, local->hw.extra_tx_headroom);
3258 
3259 	memcpy(skb_put(skb, len), buf, len);
3260 
3261 	IEEE80211_SKB_CB(skb)->flags = flags;
3262 
3263 	skb->dev = sdata->dev;
3264 
3265 	if (!need_offchan) {
3266 		*cookie = (unsigned long) skb;
3267 		ieee80211_tx_skb(sdata, skb);
3268 		ret = 0;
3269 		goto out_unlock;
3270 	}
3271 
3272 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN |
3273 					IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
3274 	if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
3275 		IEEE80211_SKB_CB(skb)->hw_queue =
3276 			local->hw.offchannel_tx_hw_queue;
3277 
3278 	/* This will handle all kinds of coalescing and immediate TX */
3279 	ret = ieee80211_start_roc_work(local, sdata, chan,
3280 				       wait, cookie, skb,
3281 				       IEEE80211_ROC_TYPE_MGMT_TX);
3282 	if (ret)
3283 		kfree_skb(skb);
3284  out_unlock:
3285 	mutex_unlock(&local->mtx);
3286 	return ret;
3287 }
3288 
3289 static int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
3290 					 struct wireless_dev *wdev,
3291 					 u64 cookie)
3292 {
3293 	struct ieee80211_local *local = wiphy_priv(wiphy);
3294 
3295 	return ieee80211_cancel_roc(local, cookie, true);
3296 }
3297 
3298 static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
3299 					  struct wireless_dev *wdev,
3300 					  u16 frame_type, bool reg)
3301 {
3302 	struct ieee80211_local *local = wiphy_priv(wiphy);
3303 
3304 	switch (frame_type) {
3305 	case IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_PROBE_REQ:
3306 		if (reg)
3307 			local->probe_req_reg++;
3308 		else
3309 			local->probe_req_reg--;
3310 
3311 		if (!local->open_count)
3312 			break;
3313 
3314 		ieee80211_queue_work(&local->hw, &local->reconfig_filter);
3315 		break;
3316 	default:
3317 		break;
3318 	}
3319 }
3320 
3321 static int ieee80211_set_antenna(struct wiphy *wiphy, u32 tx_ant, u32 rx_ant)
3322 {
3323 	struct ieee80211_local *local = wiphy_priv(wiphy);
3324 
3325 	if (local->started)
3326 		return -EOPNOTSUPP;
3327 
3328 	return drv_set_antenna(local, tx_ant, rx_ant);
3329 }
3330 
3331 static int ieee80211_get_antenna(struct wiphy *wiphy, u32 *tx_ant, u32 *rx_ant)
3332 {
3333 	struct ieee80211_local *local = wiphy_priv(wiphy);
3334 
3335 	return drv_get_antenna(local, tx_ant, rx_ant);
3336 }
3337 
3338 static int ieee80211_set_ringparam(struct wiphy *wiphy, u32 tx, u32 rx)
3339 {
3340 	struct ieee80211_local *local = wiphy_priv(wiphy);
3341 
3342 	return drv_set_ringparam(local, tx, rx);
3343 }
3344 
3345 static void ieee80211_get_ringparam(struct wiphy *wiphy,
3346 				    u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max)
3347 {
3348 	struct ieee80211_local *local = wiphy_priv(wiphy);
3349 
3350 	drv_get_ringparam(local, tx, tx_max, rx, rx_max);
3351 }
3352 
3353 static int ieee80211_set_rekey_data(struct wiphy *wiphy,
3354 				    struct net_device *dev,
3355 				    struct cfg80211_gtk_rekey_data *data)
3356 {
3357 	struct ieee80211_local *local = wiphy_priv(wiphy);
3358 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3359 
3360 	if (!local->ops->set_rekey_data)
3361 		return -EOPNOTSUPP;
3362 
3363 	drv_set_rekey_data(local, sdata, data);
3364 
3365 	return 0;
3366 }
3367 
3368 static void ieee80211_tdls_add_ext_capab(struct sk_buff *skb)
3369 {
3370 	u8 *pos = (void *)skb_put(skb, 7);
3371 
3372 	*pos++ = WLAN_EID_EXT_CAPABILITY;
3373 	*pos++ = 5; /* len */
3374 	*pos++ = 0x0;
3375 	*pos++ = 0x0;
3376 	*pos++ = 0x0;
3377 	*pos++ = 0x0;
3378 	*pos++ = WLAN_EXT_CAPA5_TDLS_ENABLED;
3379 }
3380 
3381 static u16 ieee80211_get_tdls_sta_capab(struct ieee80211_sub_if_data *sdata)
3382 {
3383 	struct ieee80211_local *local = sdata->local;
3384 	u16 capab;
3385 
3386 	capab = 0;
3387 	if (ieee80211_get_sdata_band(sdata) != IEEE80211_BAND_2GHZ)
3388 		return capab;
3389 
3390 	if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
3391 		capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
3392 	if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
3393 		capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
3394 
3395 	return capab;
3396 }
3397 
3398 static void ieee80211_tdls_add_link_ie(struct sk_buff *skb, u8 *src_addr,
3399 				       u8 *peer, u8 *bssid)
3400 {
3401 	struct ieee80211_tdls_lnkie *lnkid;
3402 
3403 	lnkid = (void *)skb_put(skb, sizeof(struct ieee80211_tdls_lnkie));
3404 
3405 	lnkid->ie_type = WLAN_EID_LINK_ID;
3406 	lnkid->ie_len = sizeof(struct ieee80211_tdls_lnkie) - 2;
3407 
3408 	memcpy(lnkid->bssid, bssid, ETH_ALEN);
3409 	memcpy(lnkid->init_sta, src_addr, ETH_ALEN);
3410 	memcpy(lnkid->resp_sta, peer, ETH_ALEN);
3411 }
3412 
3413 static int
3414 ieee80211_prep_tdls_encap_data(struct wiphy *wiphy, struct net_device *dev,
3415 			       u8 *peer, u8 action_code, u8 dialog_token,
3416 			       u16 status_code, struct sk_buff *skb)
3417 {
3418 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3419 	enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
3420 	struct ieee80211_tdls_data *tf;
3421 
3422 	tf = (void *)skb_put(skb, offsetof(struct ieee80211_tdls_data, u));
3423 
3424 	memcpy(tf->da, peer, ETH_ALEN);
3425 	memcpy(tf->sa, sdata->vif.addr, ETH_ALEN);
3426 	tf->ether_type = cpu_to_be16(ETH_P_TDLS);
3427 	tf->payload_type = WLAN_TDLS_SNAP_RFTYPE;
3428 
3429 	switch (action_code) {
3430 	case WLAN_TDLS_SETUP_REQUEST:
3431 		tf->category = WLAN_CATEGORY_TDLS;
3432 		tf->action_code = WLAN_TDLS_SETUP_REQUEST;
3433 
3434 		skb_put(skb, sizeof(tf->u.setup_req));
3435 		tf->u.setup_req.dialog_token = dialog_token;
3436 		tf->u.setup_req.capability =
3437 			cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
3438 
3439 		ieee80211_add_srates_ie(sdata, skb, false, band);
3440 		ieee80211_add_ext_srates_ie(sdata, skb, false, band);
3441 		ieee80211_tdls_add_ext_capab(skb);
3442 		break;
3443 	case WLAN_TDLS_SETUP_RESPONSE:
3444 		tf->category = WLAN_CATEGORY_TDLS;
3445 		tf->action_code = WLAN_TDLS_SETUP_RESPONSE;
3446 
3447 		skb_put(skb, sizeof(tf->u.setup_resp));
3448 		tf->u.setup_resp.status_code = cpu_to_le16(status_code);
3449 		tf->u.setup_resp.dialog_token = dialog_token;
3450 		tf->u.setup_resp.capability =
3451 			cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
3452 
3453 		ieee80211_add_srates_ie(sdata, skb, false, band);
3454 		ieee80211_add_ext_srates_ie(sdata, skb, false, band);
3455 		ieee80211_tdls_add_ext_capab(skb);
3456 		break;
3457 	case WLAN_TDLS_SETUP_CONFIRM:
3458 		tf->category = WLAN_CATEGORY_TDLS;
3459 		tf->action_code = WLAN_TDLS_SETUP_CONFIRM;
3460 
3461 		skb_put(skb, sizeof(tf->u.setup_cfm));
3462 		tf->u.setup_cfm.status_code = cpu_to_le16(status_code);
3463 		tf->u.setup_cfm.dialog_token = dialog_token;
3464 		break;
3465 	case WLAN_TDLS_TEARDOWN:
3466 		tf->category = WLAN_CATEGORY_TDLS;
3467 		tf->action_code = WLAN_TDLS_TEARDOWN;
3468 
3469 		skb_put(skb, sizeof(tf->u.teardown));
3470 		tf->u.teardown.reason_code = cpu_to_le16(status_code);
3471 		break;
3472 	case WLAN_TDLS_DISCOVERY_REQUEST:
3473 		tf->category = WLAN_CATEGORY_TDLS;
3474 		tf->action_code = WLAN_TDLS_DISCOVERY_REQUEST;
3475 
3476 		skb_put(skb, sizeof(tf->u.discover_req));
3477 		tf->u.discover_req.dialog_token = dialog_token;
3478 		break;
3479 	default:
3480 		return -EINVAL;
3481 	}
3482 
3483 	return 0;
3484 }
3485 
3486 static int
3487 ieee80211_prep_tdls_direct(struct wiphy *wiphy, struct net_device *dev,
3488 			   u8 *peer, u8 action_code, u8 dialog_token,
3489 			   u16 status_code, struct sk_buff *skb)
3490 {
3491 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3492 	enum ieee80211_band band = ieee80211_get_sdata_band(sdata);
3493 	struct ieee80211_mgmt *mgmt;
3494 
3495 	mgmt = (void *)skb_put(skb, 24);
3496 	memset(mgmt, 0, 24);
3497 	memcpy(mgmt->da, peer, ETH_ALEN);
3498 	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
3499 	memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
3500 
3501 	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
3502 					  IEEE80211_STYPE_ACTION);
3503 
3504 	switch (action_code) {
3505 	case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
3506 		skb_put(skb, 1 + sizeof(mgmt->u.action.u.tdls_discover_resp));
3507 		mgmt->u.action.category = WLAN_CATEGORY_PUBLIC;
3508 		mgmt->u.action.u.tdls_discover_resp.action_code =
3509 			WLAN_PUB_ACTION_TDLS_DISCOVER_RES;
3510 		mgmt->u.action.u.tdls_discover_resp.dialog_token =
3511 			dialog_token;
3512 		mgmt->u.action.u.tdls_discover_resp.capability =
3513 			cpu_to_le16(ieee80211_get_tdls_sta_capab(sdata));
3514 
3515 		ieee80211_add_srates_ie(sdata, skb, false, band);
3516 		ieee80211_add_ext_srates_ie(sdata, skb, false, band);
3517 		ieee80211_tdls_add_ext_capab(skb);
3518 		break;
3519 	default:
3520 		return -EINVAL;
3521 	}
3522 
3523 	return 0;
3524 }
3525 
3526 static int ieee80211_tdls_mgmt(struct wiphy *wiphy, struct net_device *dev,
3527 			       u8 *peer, u8 action_code, u8 dialog_token,
3528 			       u16 status_code, const u8 *extra_ies,
3529 			       size_t extra_ies_len)
3530 {
3531 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3532 	struct ieee80211_local *local = sdata->local;
3533 	struct sk_buff *skb = NULL;
3534 	bool send_direct;
3535 	int ret;
3536 
3537 	if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
3538 		return -ENOTSUPP;
3539 
3540 	/* make sure we are in managed mode, and associated */
3541 	if (sdata->vif.type != NL80211_IFTYPE_STATION ||
3542 	    !sdata->u.mgd.associated)
3543 		return -EINVAL;
3544 
3545 	tdls_dbg(sdata, "TDLS mgmt action %d peer %pM\n",
3546 		 action_code, peer);
3547 
3548 	skb = dev_alloc_skb(local->hw.extra_tx_headroom +
3549 			    max(sizeof(struct ieee80211_mgmt),
3550 				sizeof(struct ieee80211_tdls_data)) +
3551 			    50 + /* supported rates */
3552 			    7 + /* ext capab */
3553 			    extra_ies_len +
3554 			    sizeof(struct ieee80211_tdls_lnkie));
3555 	if (!skb)
3556 		return -ENOMEM;
3557 
3558 	skb_reserve(skb, local->hw.extra_tx_headroom);
3559 
3560 	switch (action_code) {
3561 	case WLAN_TDLS_SETUP_REQUEST:
3562 	case WLAN_TDLS_SETUP_RESPONSE:
3563 	case WLAN_TDLS_SETUP_CONFIRM:
3564 	case WLAN_TDLS_TEARDOWN:
3565 	case WLAN_TDLS_DISCOVERY_REQUEST:
3566 		ret = ieee80211_prep_tdls_encap_data(wiphy, dev, peer,
3567 						     action_code, dialog_token,
3568 						     status_code, skb);
3569 		send_direct = false;
3570 		break;
3571 	case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
3572 		ret = ieee80211_prep_tdls_direct(wiphy, dev, peer, action_code,
3573 						 dialog_token, status_code,
3574 						 skb);
3575 		send_direct = true;
3576 		break;
3577 	default:
3578 		ret = -ENOTSUPP;
3579 		break;
3580 	}
3581 
3582 	if (ret < 0)
3583 		goto fail;
3584 
3585 	if (extra_ies_len)
3586 		memcpy(skb_put(skb, extra_ies_len), extra_ies, extra_ies_len);
3587 
3588 	/* the TDLS link IE is always added last */
3589 	switch (action_code) {
3590 	case WLAN_TDLS_SETUP_REQUEST:
3591 	case WLAN_TDLS_SETUP_CONFIRM:
3592 	case WLAN_TDLS_TEARDOWN:
3593 	case WLAN_TDLS_DISCOVERY_REQUEST:
3594 		/* we are the initiator */
3595 		ieee80211_tdls_add_link_ie(skb, sdata->vif.addr, peer,
3596 					   sdata->u.mgd.bssid);
3597 		break;
3598 	case WLAN_TDLS_SETUP_RESPONSE:
3599 	case WLAN_PUB_ACTION_TDLS_DISCOVER_RES:
3600 		/* we are the responder */
3601 		ieee80211_tdls_add_link_ie(skb, peer, sdata->vif.addr,
3602 					   sdata->u.mgd.bssid);
3603 		break;
3604 	default:
3605 		ret = -ENOTSUPP;
3606 		goto fail;
3607 	}
3608 
3609 	if (send_direct) {
3610 		ieee80211_tx_skb(sdata, skb);
3611 		return 0;
3612 	}
3613 
3614 	/*
3615 	 * According to 802.11z: Setup req/resp are sent in AC_BK, otherwise
3616 	 * we should default to AC_VI.
3617 	 */
3618 	switch (action_code) {
3619 	case WLAN_TDLS_SETUP_REQUEST:
3620 	case WLAN_TDLS_SETUP_RESPONSE:
3621 		skb_set_queue_mapping(skb, IEEE80211_AC_BK);
3622 		skb->priority = 2;
3623 		break;
3624 	default:
3625 		skb_set_queue_mapping(skb, IEEE80211_AC_VI);
3626 		skb->priority = 5;
3627 		break;
3628 	}
3629 
3630 	/* disable bottom halves when entering the Tx path */
3631 	local_bh_disable();
3632 	ret = ieee80211_subif_start_xmit(skb, dev);
3633 	local_bh_enable();
3634 
3635 	return ret;
3636 
3637 fail:
3638 	dev_kfree_skb(skb);
3639 	return ret;
3640 }
3641 
3642 static int ieee80211_tdls_oper(struct wiphy *wiphy, struct net_device *dev,
3643 			       u8 *peer, enum nl80211_tdls_operation oper)
3644 {
3645 	struct sta_info *sta;
3646 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3647 
3648 	if (!(wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS))
3649 		return -ENOTSUPP;
3650 
3651 	if (sdata->vif.type != NL80211_IFTYPE_STATION)
3652 		return -EINVAL;
3653 
3654 	tdls_dbg(sdata, "TDLS oper %d peer %pM\n", oper, peer);
3655 
3656 	switch (oper) {
3657 	case NL80211_TDLS_ENABLE_LINK:
3658 		rcu_read_lock();
3659 		sta = sta_info_get(sdata, peer);
3660 		if (!sta) {
3661 			rcu_read_unlock();
3662 			return -ENOLINK;
3663 		}
3664 
3665 		set_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH);
3666 		rcu_read_unlock();
3667 		break;
3668 	case NL80211_TDLS_DISABLE_LINK:
3669 		return sta_info_destroy_addr(sdata, peer);
3670 	case NL80211_TDLS_TEARDOWN:
3671 	case NL80211_TDLS_SETUP:
3672 	case NL80211_TDLS_DISCOVERY_REQ:
3673 		/* We don't support in-driver setup/teardown/discovery */
3674 		return -ENOTSUPP;
3675 	default:
3676 		return -ENOTSUPP;
3677 	}
3678 
3679 	return 0;
3680 }
3681 
3682 static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
3683 				  const u8 *peer, u64 *cookie)
3684 {
3685 	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3686 	struct ieee80211_local *local = sdata->local;
3687 	struct ieee80211_qos_hdr *nullfunc;
3688 	struct sk_buff *skb;
3689 	int size = sizeof(*nullfunc);
3690 	__le16 fc;
3691 	bool qos;
3692 	struct ieee80211_tx_info *info;
3693 	struct sta_info *sta;
3694 	struct ieee80211_chanctx_conf *chanctx_conf;
3695 	enum ieee80211_band band;
3696 
3697 	rcu_read_lock();
3698 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3699 	if (WARN_ON(!chanctx_conf)) {
3700 		rcu_read_unlock();
3701 		return -EINVAL;
3702 	}
3703 	band = chanctx_conf->def.chan->band;
3704 	sta = sta_info_get_bss(sdata, peer);
3705 	if (sta) {
3706 		qos = test_sta_flag(sta, WLAN_STA_WME);
3707 	} else {
3708 		rcu_read_unlock();
3709 		return -ENOLINK;
3710 	}
3711 
3712 	if (qos) {
3713 		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
3714 				 IEEE80211_STYPE_QOS_NULLFUNC |
3715 				 IEEE80211_FCTL_FROMDS);
3716 	} else {
3717 		size -= 2;
3718 		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
3719 				 IEEE80211_STYPE_NULLFUNC |
3720 				 IEEE80211_FCTL_FROMDS);
3721 	}
3722 
3723 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
3724 	if (!skb) {
3725 		rcu_read_unlock();
3726 		return -ENOMEM;
3727 	}
3728 
3729 	skb->dev = dev;
3730 
3731 	skb_reserve(skb, local->hw.extra_tx_headroom);
3732 
3733 	nullfunc = (void *) skb_put(skb, size);
3734 	nullfunc->frame_control = fc;
3735 	nullfunc->duration_id = 0;
3736 	memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
3737 	memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
3738 	memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
3739 	nullfunc->seq_ctrl = 0;
3740 
3741 	info = IEEE80211_SKB_CB(skb);
3742 
3743 	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
3744 		       IEEE80211_TX_INTFL_NL80211_FRAME_TX;
3745 
3746 	skb_set_queue_mapping(skb, IEEE80211_AC_VO);
3747 	skb->priority = 7;
3748 	if (qos)
3749 		nullfunc->qos_ctrl = cpu_to_le16(7);
3750 
3751 	local_bh_disable();
3752 	ieee80211_xmit(sdata, skb, band);
3753 	local_bh_enable();
3754 	rcu_read_unlock();
3755 
3756 	*cookie = (unsigned long) skb;
3757 	return 0;
3758 }
3759 
3760 static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
3761 				     struct wireless_dev *wdev,
3762 				     struct cfg80211_chan_def *chandef)
3763 {
3764 	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3765 	struct ieee80211_local *local = wiphy_priv(wiphy);
3766 	struct ieee80211_chanctx_conf *chanctx_conf;
3767 	int ret = -ENODATA;
3768 
3769 	rcu_read_lock();
3770 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3771 	if (chanctx_conf) {
3772 		*chandef = chanctx_conf->def;
3773 		ret = 0;
3774 	} else if (local->open_count > 0 &&
3775 		   local->open_count == local->monitors &&
3776 		   sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3777 		if (local->use_chanctx)
3778 			*chandef = local->monitor_chandef;
3779 		else
3780 			*chandef = local->_oper_chandef;
3781 		ret = 0;
3782 	}
3783 	rcu_read_unlock();
3784 
3785 	return ret;
3786 }
3787 
3788 #ifdef CONFIG_PM
3789 static void ieee80211_set_wakeup(struct wiphy *wiphy, bool enabled)
3790 {
3791 	drv_set_wakeup(wiphy_priv(wiphy), enabled);
3792 }
3793 #endif
3794 
3795 struct cfg80211_ops mac80211_config_ops = {
3796 	.add_virtual_intf = ieee80211_add_iface,
3797 	.del_virtual_intf = ieee80211_del_iface,
3798 	.change_virtual_intf = ieee80211_change_iface,
3799 	.start_p2p_device = ieee80211_start_p2p_device,
3800 	.stop_p2p_device = ieee80211_stop_p2p_device,
3801 	.add_key = ieee80211_add_key,
3802 	.del_key = ieee80211_del_key,
3803 	.get_key = ieee80211_get_key,
3804 	.set_default_key = ieee80211_config_default_key,
3805 	.set_default_mgmt_key = ieee80211_config_default_mgmt_key,
3806 	.start_ap = ieee80211_start_ap,
3807 	.change_beacon = ieee80211_change_beacon,
3808 	.stop_ap = ieee80211_stop_ap,
3809 	.add_station = ieee80211_add_station,
3810 	.del_station = ieee80211_del_station,
3811 	.change_station = ieee80211_change_station,
3812 	.get_station = ieee80211_get_station,
3813 	.dump_station = ieee80211_dump_station,
3814 	.dump_survey = ieee80211_dump_survey,
3815 #ifdef CONFIG_MAC80211_MESH
3816 	.add_mpath = ieee80211_add_mpath,
3817 	.del_mpath = ieee80211_del_mpath,
3818 	.change_mpath = ieee80211_change_mpath,
3819 	.get_mpath = ieee80211_get_mpath,
3820 	.dump_mpath = ieee80211_dump_mpath,
3821 	.update_mesh_config = ieee80211_update_mesh_config,
3822 	.get_mesh_config = ieee80211_get_mesh_config,
3823 	.join_mesh = ieee80211_join_mesh,
3824 	.leave_mesh = ieee80211_leave_mesh,
3825 #endif
3826 	.change_bss = ieee80211_change_bss,
3827 	.set_txq_params = ieee80211_set_txq_params,
3828 	.set_monitor_channel = ieee80211_set_monitor_channel,
3829 	.suspend = ieee80211_suspend,
3830 	.resume = ieee80211_resume,
3831 	.scan = ieee80211_scan,
3832 	.sched_scan_start = ieee80211_sched_scan_start,
3833 	.sched_scan_stop = ieee80211_sched_scan_stop,
3834 	.auth = ieee80211_auth,
3835 	.assoc = ieee80211_assoc,
3836 	.deauth = ieee80211_deauth,
3837 	.disassoc = ieee80211_disassoc,
3838 	.join_ibss = ieee80211_join_ibss,
3839 	.leave_ibss = ieee80211_leave_ibss,
3840 	.set_mcast_rate = ieee80211_set_mcast_rate,
3841 	.set_wiphy_params = ieee80211_set_wiphy_params,
3842 	.set_tx_power = ieee80211_set_tx_power,
3843 	.get_tx_power = ieee80211_get_tx_power,
3844 	.set_wds_peer = ieee80211_set_wds_peer,
3845 	.rfkill_poll = ieee80211_rfkill_poll,
3846 	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
3847 	CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump)
3848 	.set_power_mgmt = ieee80211_set_power_mgmt,
3849 	.set_bitrate_mask = ieee80211_set_bitrate_mask,
3850 	.remain_on_channel = ieee80211_remain_on_channel,
3851 	.cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
3852 	.mgmt_tx = ieee80211_mgmt_tx,
3853 	.mgmt_tx_cancel_wait = ieee80211_mgmt_tx_cancel_wait,
3854 	.set_cqm_rssi_config = ieee80211_set_cqm_rssi_config,
3855 	.mgmt_frame_register = ieee80211_mgmt_frame_register,
3856 	.set_antenna = ieee80211_set_antenna,
3857 	.get_antenna = ieee80211_get_antenna,
3858 	.set_ringparam = ieee80211_set_ringparam,
3859 	.get_ringparam = ieee80211_get_ringparam,
3860 	.set_rekey_data = ieee80211_set_rekey_data,
3861 	.tdls_oper = ieee80211_tdls_oper,
3862 	.tdls_mgmt = ieee80211_tdls_mgmt,
3863 	.probe_client = ieee80211_probe_client,
3864 	.set_noack_map = ieee80211_set_noack_map,
3865 #ifdef CONFIG_PM
3866 	.set_wakeup = ieee80211_set_wakeup,
3867 #endif
3868 	.get_et_sset_count = ieee80211_get_et_sset_count,
3869 	.get_et_stats = ieee80211_get_et_stats,
3870 	.get_et_strings = ieee80211_get_et_strings,
3871 	.get_channel = ieee80211_cfg_get_channel,
3872 	.start_radar_detection = ieee80211_start_radar_detection,
3873 	.channel_switch = ieee80211_channel_switch,
3874 };
3875