xref: /openbmc/linux/net/mac80211/mlme.c (revision 97da55fc)
1 /*
2  * BSS client mode implementation
3  * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13 
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
27 
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 
33 #define IEEE80211_AUTH_TIMEOUT		(HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_SHORT	(HZ / 10)
35 #define IEEE80211_AUTH_MAX_TRIES	3
36 #define IEEE80211_AUTH_WAIT_ASSOC	(HZ * 5)
37 #define IEEE80211_ASSOC_TIMEOUT		(HZ / 5)
38 #define IEEE80211_ASSOC_TIMEOUT_SHORT	(HZ / 10)
39 #define IEEE80211_ASSOC_MAX_TRIES	3
40 
41 static int max_nullfunc_tries = 2;
42 module_param(max_nullfunc_tries, int, 0644);
43 MODULE_PARM_DESC(max_nullfunc_tries,
44 		 "Maximum nullfunc tx tries before disconnecting (reason 4).");
45 
46 static int max_probe_tries = 5;
47 module_param(max_probe_tries, int, 0644);
48 MODULE_PARM_DESC(max_probe_tries,
49 		 "Maximum probe tries before disconnecting (reason 4).");
50 
51 /*
52  * Beacon loss timeout is calculated as N frames times the
53  * advertised beacon interval.  This may need to be somewhat
54  * higher than what hardware might detect to account for
55  * delays in the host processing frames. But since we also
56  * probe on beacon miss before declaring the connection lost
57  * default to what we want.
58  */
59 #define IEEE80211_BEACON_LOSS_COUNT	7
60 
61 /*
62  * Time the connection can be idle before we probe
63  * it to see if we can still talk to the AP.
64  */
65 #define IEEE80211_CONNECTION_IDLE_TIME	(30 * HZ)
66 /*
67  * Time we wait for a probe response after sending
68  * a probe request because of beacon loss or for
69  * checking the connection still works.
70  */
71 static int probe_wait_ms = 500;
72 module_param(probe_wait_ms, int, 0644);
73 MODULE_PARM_DESC(probe_wait_ms,
74 		 "Maximum time(ms) to wait for probe response"
75 		 " before disconnecting (reason 4).");
76 
77 /*
78  * Weight given to the latest Beacon frame when calculating average signal
79  * strength for Beacon frames received in the current BSS. This must be
80  * between 1 and 15.
81  */
82 #define IEEE80211_SIGNAL_AVE_WEIGHT	3
83 
84 /*
85  * How many Beacon frames need to have been used in average signal strength
86  * before starting to indicate signal change events.
87  */
88 #define IEEE80211_SIGNAL_AVE_MIN_COUNT	4
89 
90 #define TMR_RUNNING_TIMER	0
91 #define TMR_RUNNING_CHANSW	1
92 
93 /*
94  * All cfg80211 functions have to be called outside a locked
95  * section so that they can acquire a lock themselves... This
96  * is much simpler than queuing up things in cfg80211, but we
97  * do need some indirection for that here.
98  */
99 enum rx_mgmt_action {
100 	/* no action required */
101 	RX_MGMT_NONE,
102 
103 	/* caller must call cfg80211_send_deauth() */
104 	RX_MGMT_CFG80211_DEAUTH,
105 
106 	/* caller must call cfg80211_send_disassoc() */
107 	RX_MGMT_CFG80211_DISASSOC,
108 
109 	/* caller must call cfg80211_send_rx_auth() */
110 	RX_MGMT_CFG80211_RX_AUTH,
111 
112 	/* caller must call cfg80211_send_rx_assoc() */
113 	RX_MGMT_CFG80211_RX_ASSOC,
114 
115 	/* caller must call cfg80211_send_assoc_timeout() */
116 	RX_MGMT_CFG80211_ASSOC_TIMEOUT,
117 
118 	/* used when a processed beacon causes a deauth */
119 	RX_MGMT_CFG80211_TX_DEAUTH,
120 };
121 
122 /* utils */
123 static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
124 {
125 	lockdep_assert_held(&ifmgd->mtx);
126 }
127 
128 /*
129  * We can have multiple work items (and connection probing)
130  * scheduling this timer, but we need to take care to only
131  * reschedule it when it should fire _earlier_ than it was
132  * asked for before, or if it's not pending right now. This
133  * function ensures that. Note that it then is required to
134  * run this function for all timeouts after the first one
135  * has happened -- the work that runs from this timer will
136  * do that.
137  */
138 static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout)
139 {
140 	ASSERT_MGD_MTX(ifmgd);
141 
142 	if (!timer_pending(&ifmgd->timer) ||
143 	    time_before(timeout, ifmgd->timer.expires))
144 		mod_timer(&ifmgd->timer, timeout);
145 }
146 
147 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
148 {
149 	if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
150 		return;
151 
152 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
153 		return;
154 
155 	mod_timer(&sdata->u.mgd.bcn_mon_timer,
156 		  round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
157 }
158 
159 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
160 {
161 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
162 
163 	if (unlikely(!sdata->u.mgd.associated))
164 		return;
165 
166 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
167 		return;
168 
169 	mod_timer(&sdata->u.mgd.conn_mon_timer,
170 		  round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
171 
172 	ifmgd->probe_send_count = 0;
173 }
174 
175 static int ecw2cw(int ecw)
176 {
177 	return (1 << ecw) - 1;
178 }
179 
180 static u32 chandef_downgrade(struct cfg80211_chan_def *c)
181 {
182 	u32 ret;
183 	int tmp;
184 
185 	switch (c->width) {
186 	case NL80211_CHAN_WIDTH_20:
187 		c->width = NL80211_CHAN_WIDTH_20_NOHT;
188 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
189 		break;
190 	case NL80211_CHAN_WIDTH_40:
191 		c->width = NL80211_CHAN_WIDTH_20;
192 		c->center_freq1 = c->chan->center_freq;
193 		ret = IEEE80211_STA_DISABLE_40MHZ |
194 		      IEEE80211_STA_DISABLE_VHT;
195 		break;
196 	case NL80211_CHAN_WIDTH_80:
197 		tmp = (30 + c->chan->center_freq - c->center_freq1)/20;
198 		/* n_P40 */
199 		tmp /= 2;
200 		/* freq_P40 */
201 		c->center_freq1 = c->center_freq1 - 20 + 40 * tmp;
202 		c->width = NL80211_CHAN_WIDTH_40;
203 		ret = IEEE80211_STA_DISABLE_VHT;
204 		break;
205 	case NL80211_CHAN_WIDTH_80P80:
206 		c->center_freq2 = 0;
207 		c->width = NL80211_CHAN_WIDTH_80;
208 		ret = IEEE80211_STA_DISABLE_80P80MHZ |
209 		      IEEE80211_STA_DISABLE_160MHZ;
210 		break;
211 	case NL80211_CHAN_WIDTH_160:
212 		/* n_P20 */
213 		tmp = (70 + c->chan->center_freq - c->center_freq1)/20;
214 		/* n_P80 */
215 		tmp /= 4;
216 		c->center_freq1 = c->center_freq1 - 40 + 80 * tmp;
217 		c->width = NL80211_CHAN_WIDTH_80;
218 		ret = IEEE80211_STA_DISABLE_80P80MHZ |
219 		      IEEE80211_STA_DISABLE_160MHZ;
220 		break;
221 	default:
222 	case NL80211_CHAN_WIDTH_20_NOHT:
223 		WARN_ON_ONCE(1);
224 		c->width = NL80211_CHAN_WIDTH_20_NOHT;
225 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
226 		break;
227 	}
228 
229 	WARN_ON_ONCE(!cfg80211_chandef_valid(c));
230 
231 	return ret;
232 }
233 
234 static u32
235 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
236 			     struct ieee80211_supported_band *sband,
237 			     struct ieee80211_channel *channel,
238 			     const struct ieee80211_ht_operation *ht_oper,
239 			     const struct ieee80211_vht_operation *vht_oper,
240 			     struct cfg80211_chan_def *chandef, bool verbose)
241 {
242 	struct cfg80211_chan_def vht_chandef;
243 	u32 ht_cfreq, ret;
244 
245 	chandef->chan = channel;
246 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
247 	chandef->center_freq1 = channel->center_freq;
248 	chandef->center_freq2 = 0;
249 
250 	if (!ht_oper || !sband->ht_cap.ht_supported) {
251 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
252 		goto out;
253 	}
254 
255 	chandef->width = NL80211_CHAN_WIDTH_20;
256 
257 	ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
258 						  channel->band);
259 	/* check that channel matches the right operating channel */
260 	if (channel->center_freq != ht_cfreq) {
261 		/*
262 		 * It's possible that some APs are confused here;
263 		 * Netgear WNDR3700 sometimes reports 4 higher than
264 		 * the actual channel in association responses, but
265 		 * since we look at probe response/beacon data here
266 		 * it should be OK.
267 		 */
268 		if (verbose)
269 			sdata_info(sdata,
270 				   "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
271 				   channel->center_freq, ht_cfreq,
272 				   ht_oper->primary_chan, channel->band);
273 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
274 		goto out;
275 	}
276 
277 	/* check 40 MHz support, if we have it */
278 	if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
279 		switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
280 		case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
281 			chandef->width = NL80211_CHAN_WIDTH_40;
282 			chandef->center_freq1 += 10;
283 			break;
284 		case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
285 			chandef->width = NL80211_CHAN_WIDTH_40;
286 			chandef->center_freq1 -= 10;
287 			break;
288 		}
289 	} else {
290 		/* 40 MHz (and 80 MHz) must be supported for VHT */
291 		ret = IEEE80211_STA_DISABLE_VHT;
292 		goto out;
293 	}
294 
295 	if (!vht_oper || !sband->vht_cap.vht_supported) {
296 		ret = IEEE80211_STA_DISABLE_VHT;
297 		goto out;
298 	}
299 
300 	vht_chandef.chan = channel;
301 	vht_chandef.center_freq1 =
302 		ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
303 					       channel->band);
304 	vht_chandef.center_freq2 = 0;
305 
306 	if (vht_oper->center_freq_seg2_idx)
307 		vht_chandef.center_freq2 =
308 			ieee80211_channel_to_frequency(
309 				vht_oper->center_freq_seg2_idx,
310 				channel->band);
311 
312 	switch (vht_oper->chan_width) {
313 	case IEEE80211_VHT_CHANWIDTH_USE_HT:
314 		vht_chandef.width = chandef->width;
315 		break;
316 	case IEEE80211_VHT_CHANWIDTH_80MHZ:
317 		vht_chandef.width = NL80211_CHAN_WIDTH_80;
318 		break;
319 	case IEEE80211_VHT_CHANWIDTH_160MHZ:
320 		vht_chandef.width = NL80211_CHAN_WIDTH_160;
321 		break;
322 	case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
323 		vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
324 		break;
325 	default:
326 		if (verbose)
327 			sdata_info(sdata,
328 				   "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
329 				   vht_oper->chan_width);
330 		ret = IEEE80211_STA_DISABLE_VHT;
331 		goto out;
332 	}
333 
334 	if (!cfg80211_chandef_valid(&vht_chandef)) {
335 		if (verbose)
336 			sdata_info(sdata,
337 				   "AP VHT information is invalid, disable VHT\n");
338 		ret = IEEE80211_STA_DISABLE_VHT;
339 		goto out;
340 	}
341 
342 	if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
343 		ret = 0;
344 		goto out;
345 	}
346 
347 	if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
348 		if (verbose)
349 			sdata_info(sdata,
350 				   "AP VHT information doesn't match HT, disable VHT\n");
351 		ret = IEEE80211_STA_DISABLE_VHT;
352 		goto out;
353 	}
354 
355 	*chandef = vht_chandef;
356 
357 	ret = 0;
358 
359 out:
360 	/* don't print the message below for VHT mismatch if VHT is disabled */
361 	if (ret & IEEE80211_STA_DISABLE_VHT)
362 		vht_chandef = *chandef;
363 
364 	while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
365 					IEEE80211_CHAN_DISABLED)) {
366 		if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
367 			ret = IEEE80211_STA_DISABLE_HT |
368 			      IEEE80211_STA_DISABLE_VHT;
369 			goto out;
370 		}
371 
372 		ret |= chandef_downgrade(chandef);
373 	}
374 
375 	if (chandef->width != vht_chandef.width && verbose)
376 		sdata_info(sdata,
377 			   "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
378 
379 	WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
380 	return ret;
381 }
382 
383 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
384 			       struct sta_info *sta,
385 			       const struct ieee80211_ht_operation *ht_oper,
386 			       const struct ieee80211_vht_operation *vht_oper,
387 			       const u8 *bssid, u32 *changed)
388 {
389 	struct ieee80211_local *local = sdata->local;
390 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
391 	struct ieee80211_supported_band *sband;
392 	struct ieee80211_channel *chan;
393 	struct cfg80211_chan_def chandef;
394 	u16 ht_opmode;
395 	u32 flags;
396 	enum ieee80211_sta_rx_bandwidth new_sta_bw;
397 	int ret;
398 
399 	/* if HT was/is disabled, don't track any bandwidth changes */
400 	if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
401 		return 0;
402 
403 	/* don't check VHT if we associated as non-VHT station */
404 	if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
405 		vht_oper = NULL;
406 
407 	if (WARN_ON_ONCE(!sta))
408 		return -EINVAL;
409 
410 	chan = sdata->vif.bss_conf.chandef.chan;
411 	sband = local->hw.wiphy->bands[chan->band];
412 
413 	/* calculate new channel (type) based on HT/VHT operation IEs */
414 	flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
415 					     vht_oper, &chandef, false);
416 
417 	/*
418 	 * Downgrade the new channel if we associated with restricted
419 	 * capabilities. For example, if we associated as a 20 MHz STA
420 	 * to a 40 MHz AP (due to regulatory, capabilities or config
421 	 * reasons) then switching to a 40 MHz channel now won't do us
422 	 * any good -- we couldn't use it with the AP.
423 	 */
424 	if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
425 	    chandef.width == NL80211_CHAN_WIDTH_80P80)
426 		flags |= chandef_downgrade(&chandef);
427 	if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
428 	    chandef.width == NL80211_CHAN_WIDTH_160)
429 		flags |= chandef_downgrade(&chandef);
430 	if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
431 	    chandef.width > NL80211_CHAN_WIDTH_20)
432 		flags |= chandef_downgrade(&chandef);
433 
434 	if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
435 		return 0;
436 
437 	sdata_info(sdata,
438 		   "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
439 		   ifmgd->bssid, chandef.chan->center_freq, chandef.width,
440 		   chandef.center_freq1, chandef.center_freq2);
441 
442 	if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
443 				      IEEE80211_STA_DISABLE_VHT |
444 				      IEEE80211_STA_DISABLE_40MHZ |
445 				      IEEE80211_STA_DISABLE_80P80MHZ |
446 				      IEEE80211_STA_DISABLE_160MHZ)) ||
447 	    !cfg80211_chandef_valid(&chandef)) {
448 		sdata_info(sdata,
449 			   "AP %pM changed bandwidth in a way we can't support - disconnect\n",
450 			   ifmgd->bssid);
451 		return -EINVAL;
452 	}
453 
454 	switch (chandef.width) {
455 	case NL80211_CHAN_WIDTH_20_NOHT:
456 	case NL80211_CHAN_WIDTH_20:
457 		new_sta_bw = IEEE80211_STA_RX_BW_20;
458 		break;
459 	case NL80211_CHAN_WIDTH_40:
460 		new_sta_bw = IEEE80211_STA_RX_BW_40;
461 		break;
462 	case NL80211_CHAN_WIDTH_80:
463 		new_sta_bw = IEEE80211_STA_RX_BW_80;
464 		break;
465 	case NL80211_CHAN_WIDTH_80P80:
466 	case NL80211_CHAN_WIDTH_160:
467 		new_sta_bw = IEEE80211_STA_RX_BW_160;
468 		break;
469 	default:
470 		return -EINVAL;
471 	}
472 
473 	if (new_sta_bw > sta->cur_max_bandwidth)
474 		new_sta_bw = sta->cur_max_bandwidth;
475 
476 	if (new_sta_bw < sta->sta.bandwidth) {
477 		sta->sta.bandwidth = new_sta_bw;
478 		rate_control_rate_update(local, sband, sta,
479 					 IEEE80211_RC_BW_CHANGED);
480 	}
481 
482 	ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
483 	if (ret) {
484 		sdata_info(sdata,
485 			   "AP %pM changed bandwidth to incompatible one - disconnect\n",
486 			   ifmgd->bssid);
487 		return ret;
488 	}
489 
490 	if (new_sta_bw > sta->sta.bandwidth) {
491 		sta->sta.bandwidth = new_sta_bw;
492 		rate_control_rate_update(local, sband, sta,
493 					 IEEE80211_RC_BW_CHANGED);
494 	}
495 
496 	ht_opmode = le16_to_cpu(ht_oper->operation_mode);
497 
498 	/* if bss configuration changed store the new one */
499 	if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
500 		*changed |= BSS_CHANGED_HT;
501 		sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
502 	}
503 
504 	return 0;
505 }
506 
507 /* frame sending functions */
508 
509 static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
510 				      struct ieee80211_supported_band *sband,
511 				      u32 *rates)
512 {
513 	int i, j, count;
514 	*rates = 0;
515 	count = 0;
516 	for (i = 0; i < supp_rates_len; i++) {
517 		int rate = (supp_rates[i] & 0x7F) * 5;
518 
519 		for (j = 0; j < sband->n_bitrates; j++)
520 			if (sband->bitrates[j].bitrate == rate) {
521 				*rates |= BIT(j);
522 				count++;
523 				break;
524 			}
525 	}
526 
527 	return count;
528 }
529 
530 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
531 				struct sk_buff *skb, u8 ap_ht_param,
532 				struct ieee80211_supported_band *sband,
533 				struct ieee80211_channel *channel,
534 				enum ieee80211_smps_mode smps)
535 {
536 	u8 *pos;
537 	u32 flags = channel->flags;
538 	u16 cap;
539 	struct ieee80211_sta_ht_cap ht_cap;
540 
541 	BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
542 
543 	memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
544 	ieee80211_apply_htcap_overrides(sdata, &ht_cap);
545 
546 	/* determine capability flags */
547 	cap = ht_cap.cap;
548 
549 	switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
550 	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
551 		if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
552 			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
553 			cap &= ~IEEE80211_HT_CAP_SGI_40;
554 		}
555 		break;
556 	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
557 		if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
558 			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
559 			cap &= ~IEEE80211_HT_CAP_SGI_40;
560 		}
561 		break;
562 	}
563 
564 	/*
565 	 * If 40 MHz was disabled associate as though we weren't
566 	 * capable of 40 MHz -- some broken APs will never fall
567 	 * back to trying to transmit in 20 MHz.
568 	 */
569 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
570 		cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
571 		cap &= ~IEEE80211_HT_CAP_SGI_40;
572 	}
573 
574 	/* set SM PS mode properly */
575 	cap &= ~IEEE80211_HT_CAP_SM_PS;
576 	switch (smps) {
577 	case IEEE80211_SMPS_AUTOMATIC:
578 	case IEEE80211_SMPS_NUM_MODES:
579 		WARN_ON(1);
580 	case IEEE80211_SMPS_OFF:
581 		cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
582 			IEEE80211_HT_CAP_SM_PS_SHIFT;
583 		break;
584 	case IEEE80211_SMPS_STATIC:
585 		cap |= WLAN_HT_CAP_SM_PS_STATIC <<
586 			IEEE80211_HT_CAP_SM_PS_SHIFT;
587 		break;
588 	case IEEE80211_SMPS_DYNAMIC:
589 		cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
590 			IEEE80211_HT_CAP_SM_PS_SHIFT;
591 		break;
592 	}
593 
594 	/* reserve and fill IE */
595 	pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
596 	ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
597 }
598 
599 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
600 				 struct sk_buff *skb,
601 				 struct ieee80211_supported_band *sband,
602 				 struct ieee80211_vht_cap *ap_vht_cap)
603 {
604 	u8 *pos;
605 	u32 cap;
606 	struct ieee80211_sta_vht_cap vht_cap;
607 	int i;
608 
609 	BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
610 
611 	memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
612 
613 	/* determine capability flags */
614 	cap = vht_cap.cap;
615 
616 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
617 		cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
618 		cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
619 	}
620 
621 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
622 		cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
623 		cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
624 	}
625 
626 	/*
627 	 * Some APs apparently get confused if our capabilities are better
628 	 * than theirs, so restrict what we advertise in the assoc request.
629 	 */
630 	if (!(ap_vht_cap->vht_cap_info &
631 			cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
632 		cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
633 
634 	if (!(ap_vht_cap->vht_cap_info &
635 			cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC)))
636 		cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 |
637 			 IEEE80211_VHT_CAP_RXSTBC_3 |
638 			 IEEE80211_VHT_CAP_RXSTBC_4);
639 
640 	for (i = 0; i < 8; i++) {
641 		int shift = i * 2;
642 		u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift;
643 		u16 ap_mcs, our_mcs;
644 
645 		ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) &
646 								mask) >> shift;
647 		our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) &
648 								mask) >> shift;
649 
650 		if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED)
651 			continue;
652 
653 		switch (ap_mcs) {
654 		default:
655 			if (our_mcs <= ap_mcs)
656 				break;
657 			/* fall through */
658 		case IEEE80211_VHT_MCS_NOT_SUPPORTED:
659 			vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask);
660 			vht_cap.vht_mcs.rx_mcs_map |=
661 				cpu_to_le16(ap_mcs << shift);
662 		}
663 	}
664 
665 	/* reserve and fill IE */
666 	pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
667 	ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
668 }
669 
670 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
671 {
672 	struct ieee80211_local *local = sdata->local;
673 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
674 	struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
675 	struct sk_buff *skb;
676 	struct ieee80211_mgmt *mgmt;
677 	u8 *pos, qos_info;
678 	size_t offset = 0, noffset;
679 	int i, count, rates_len, supp_rates_len;
680 	u16 capab;
681 	struct ieee80211_supported_band *sband;
682 	struct ieee80211_chanctx_conf *chanctx_conf;
683 	struct ieee80211_channel *chan;
684 	u32 rates = 0;
685 
686 	lockdep_assert_held(&ifmgd->mtx);
687 
688 	rcu_read_lock();
689 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
690 	if (WARN_ON(!chanctx_conf)) {
691 		rcu_read_unlock();
692 		return;
693 	}
694 	chan = chanctx_conf->def.chan;
695 	rcu_read_unlock();
696 	sband = local->hw.wiphy->bands[chan->band];
697 
698 	if (assoc_data->supp_rates_len) {
699 		/*
700 		 * Get all rates supported by the device and the AP as
701 		 * some APs don't like getting a superset of their rates
702 		 * in the association request (e.g. D-Link DAP 1353 in
703 		 * b-only mode)...
704 		 */
705 		rates_len = ieee80211_compatible_rates(assoc_data->supp_rates,
706 						       assoc_data->supp_rates_len,
707 						       sband, &rates);
708 	} else {
709 		/*
710 		 * In case AP not provide any supported rates information
711 		 * before association, we send information element(s) with
712 		 * all rates that we support.
713 		 */
714 		rates = ~0;
715 		rates_len = sband->n_bitrates;
716 	}
717 
718 	skb = alloc_skb(local->hw.extra_tx_headroom +
719 			sizeof(*mgmt) + /* bit too much but doesn't matter */
720 			2 + assoc_data->ssid_len + /* SSID */
721 			4 + rates_len + /* (extended) rates */
722 			4 + /* power capability */
723 			2 + 2 * sband->n_channels + /* supported channels */
724 			2 + sizeof(struct ieee80211_ht_cap) + /* HT */
725 			2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
726 			assoc_data->ie_len + /* extra IEs */
727 			9, /* WMM */
728 			GFP_KERNEL);
729 	if (!skb)
730 		return;
731 
732 	skb_reserve(skb, local->hw.extra_tx_headroom);
733 
734 	capab = WLAN_CAPABILITY_ESS;
735 
736 	if (sband->band == IEEE80211_BAND_2GHZ) {
737 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
738 			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
739 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
740 			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
741 	}
742 
743 	if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
744 		capab |= WLAN_CAPABILITY_PRIVACY;
745 
746 	if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
747 	    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
748 		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
749 
750 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
751 	memset(mgmt, 0, 24);
752 	memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
753 	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
754 	memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
755 
756 	if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
757 		skb_put(skb, 10);
758 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
759 						  IEEE80211_STYPE_REASSOC_REQ);
760 		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
761 		mgmt->u.reassoc_req.listen_interval =
762 				cpu_to_le16(local->hw.conf.listen_interval);
763 		memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
764 		       ETH_ALEN);
765 	} else {
766 		skb_put(skb, 4);
767 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
768 						  IEEE80211_STYPE_ASSOC_REQ);
769 		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
770 		mgmt->u.assoc_req.listen_interval =
771 				cpu_to_le16(local->hw.conf.listen_interval);
772 	}
773 
774 	/* SSID */
775 	pos = skb_put(skb, 2 + assoc_data->ssid_len);
776 	*pos++ = WLAN_EID_SSID;
777 	*pos++ = assoc_data->ssid_len;
778 	memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
779 
780 	/* add all rates which were marked to be used above */
781 	supp_rates_len = rates_len;
782 	if (supp_rates_len > 8)
783 		supp_rates_len = 8;
784 
785 	pos = skb_put(skb, supp_rates_len + 2);
786 	*pos++ = WLAN_EID_SUPP_RATES;
787 	*pos++ = supp_rates_len;
788 
789 	count = 0;
790 	for (i = 0; i < sband->n_bitrates; i++) {
791 		if (BIT(i) & rates) {
792 			int rate = sband->bitrates[i].bitrate;
793 			*pos++ = (u8) (rate / 5);
794 			if (++count == 8)
795 				break;
796 		}
797 	}
798 
799 	if (rates_len > count) {
800 		pos = skb_put(skb, rates_len - count + 2);
801 		*pos++ = WLAN_EID_EXT_SUPP_RATES;
802 		*pos++ = rates_len - count;
803 
804 		for (i++; i < sband->n_bitrates; i++) {
805 			if (BIT(i) & rates) {
806 				int rate = sband->bitrates[i].bitrate;
807 				*pos++ = (u8) (rate / 5);
808 			}
809 		}
810 	}
811 
812 	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
813 		/* 1. power capabilities */
814 		pos = skb_put(skb, 4);
815 		*pos++ = WLAN_EID_PWR_CAPABILITY;
816 		*pos++ = 2;
817 		*pos++ = 0; /* min tx power */
818 		*pos++ = chan->max_power; /* max tx power */
819 
820 		/* 2. supported channels */
821 		/* TODO: get this in reg domain format */
822 		pos = skb_put(skb, 2 * sband->n_channels + 2);
823 		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
824 		*pos++ = 2 * sband->n_channels;
825 		for (i = 0; i < sband->n_channels; i++) {
826 			*pos++ = ieee80211_frequency_to_channel(
827 					sband->channels[i].center_freq);
828 			*pos++ = 1; /* one channel in the subband*/
829 		}
830 	}
831 
832 	/* if present, add any custom IEs that go before HT */
833 	if (assoc_data->ie_len && assoc_data->ie) {
834 		static const u8 before_ht[] = {
835 			WLAN_EID_SSID,
836 			WLAN_EID_SUPP_RATES,
837 			WLAN_EID_EXT_SUPP_RATES,
838 			WLAN_EID_PWR_CAPABILITY,
839 			WLAN_EID_SUPPORTED_CHANNELS,
840 			WLAN_EID_RSN,
841 			WLAN_EID_QOS_CAPA,
842 			WLAN_EID_RRM_ENABLED_CAPABILITIES,
843 			WLAN_EID_MOBILITY_DOMAIN,
844 			WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
845 		};
846 		noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
847 					     before_ht, ARRAY_SIZE(before_ht),
848 					     offset);
849 		pos = skb_put(skb, noffset - offset);
850 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
851 		offset = noffset;
852 	}
853 
854 	if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
855 			 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
856 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
857 
858 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
859 		ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
860 				    sband, chan, sdata->smps_mode);
861 
862 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
863 		ieee80211_add_vht_ie(sdata, skb, sband,
864 				     &assoc_data->ap_vht_cap);
865 
866 	/* if present, add any custom non-vendor IEs that go after HT */
867 	if (assoc_data->ie_len && assoc_data->ie) {
868 		noffset = ieee80211_ie_split_vendor(assoc_data->ie,
869 						    assoc_data->ie_len,
870 						    offset);
871 		pos = skb_put(skb, noffset - offset);
872 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
873 		offset = noffset;
874 	}
875 
876 	if (assoc_data->wmm) {
877 		if (assoc_data->uapsd) {
878 			qos_info = ifmgd->uapsd_queues;
879 			qos_info |= (ifmgd->uapsd_max_sp_len <<
880 				     IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
881 		} else {
882 			qos_info = 0;
883 		}
884 
885 		pos = skb_put(skb, 9);
886 		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
887 		*pos++ = 7; /* len */
888 		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
889 		*pos++ = 0x50;
890 		*pos++ = 0xf2;
891 		*pos++ = 2; /* WME */
892 		*pos++ = 0; /* WME info */
893 		*pos++ = 1; /* WME ver */
894 		*pos++ = qos_info;
895 	}
896 
897 	/* add any remaining custom (i.e. vendor specific here) IEs */
898 	if (assoc_data->ie_len && assoc_data->ie) {
899 		noffset = assoc_data->ie_len;
900 		pos = skb_put(skb, noffset - offset);
901 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
902 	}
903 
904 	drv_mgd_prepare_tx(local, sdata);
905 
906 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
907 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
908 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
909 						IEEE80211_TX_INTFL_MLME_CONN_TX;
910 	ieee80211_tx_skb(sdata, skb);
911 }
912 
913 void ieee80211_send_pspoll(struct ieee80211_local *local,
914 			   struct ieee80211_sub_if_data *sdata)
915 {
916 	struct ieee80211_pspoll *pspoll;
917 	struct sk_buff *skb;
918 
919 	skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
920 	if (!skb)
921 		return;
922 
923 	pspoll = (struct ieee80211_pspoll *) skb->data;
924 	pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
925 
926 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
927 	ieee80211_tx_skb(sdata, skb);
928 }
929 
930 void ieee80211_send_nullfunc(struct ieee80211_local *local,
931 			     struct ieee80211_sub_if_data *sdata,
932 			     int powersave)
933 {
934 	struct sk_buff *skb;
935 	struct ieee80211_hdr_3addr *nullfunc;
936 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
937 
938 	skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
939 	if (!skb)
940 		return;
941 
942 	nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
943 	if (powersave)
944 		nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
945 
946 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
947 					IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
948 	if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
949 			    IEEE80211_STA_CONNECTION_POLL))
950 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
951 
952 	ieee80211_tx_skb(sdata, skb);
953 }
954 
955 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
956 					  struct ieee80211_sub_if_data *sdata)
957 {
958 	struct sk_buff *skb;
959 	struct ieee80211_hdr *nullfunc;
960 	__le16 fc;
961 
962 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
963 		return;
964 
965 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
966 	if (!skb)
967 		return;
968 
969 	skb_reserve(skb, local->hw.extra_tx_headroom);
970 
971 	nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
972 	memset(nullfunc, 0, 30);
973 	fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
974 			 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
975 	nullfunc->frame_control = fc;
976 	memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
977 	memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
978 	memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
979 	memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
980 
981 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
982 	ieee80211_tx_skb(sdata, skb);
983 }
984 
985 /* spectrum management related things */
986 static void ieee80211_chswitch_work(struct work_struct *work)
987 {
988 	struct ieee80211_sub_if_data *sdata =
989 		container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
990 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
991 
992 	if (!ieee80211_sdata_running(sdata))
993 		return;
994 
995 	mutex_lock(&ifmgd->mtx);
996 	if (!ifmgd->associated)
997 		goto out;
998 
999 	sdata->local->_oper_channel = sdata->local->csa_channel;
1000 	if (!sdata->local->ops->channel_switch) {
1001 		/* call "hw_config" only if doing sw channel switch */
1002 		ieee80211_hw_config(sdata->local,
1003 			IEEE80211_CONF_CHANGE_CHANNEL);
1004 	} else {
1005 		/* update the device channel directly */
1006 		sdata->local->hw.conf.channel = sdata->local->_oper_channel;
1007 	}
1008 
1009 	/* XXX: shouldn't really modify cfg80211-owned data! */
1010 	ifmgd->associated->channel = sdata->local->_oper_channel;
1011 
1012 	/* XXX: wait for a beacon first? */
1013 	ieee80211_wake_queues_by_reason(&sdata->local->hw,
1014 					IEEE80211_QUEUE_STOP_REASON_CSA);
1015  out:
1016 	ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
1017 	mutex_unlock(&ifmgd->mtx);
1018 }
1019 
1020 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
1021 {
1022 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1023 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1024 
1025 	trace_api_chswitch_done(sdata, success);
1026 	if (!success) {
1027 		sdata_info(sdata,
1028 			   "driver channel switch failed, disconnecting\n");
1029 		ieee80211_queue_work(&sdata->local->hw,
1030 				     &ifmgd->csa_connection_drop_work);
1031 	} else {
1032 		ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1033 	}
1034 }
1035 EXPORT_SYMBOL(ieee80211_chswitch_done);
1036 
1037 static void ieee80211_chswitch_timer(unsigned long data)
1038 {
1039 	struct ieee80211_sub_if_data *sdata =
1040 		(struct ieee80211_sub_if_data *) data;
1041 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1042 
1043 	if (sdata->local->quiescing) {
1044 		set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
1045 		return;
1046 	}
1047 
1048 	ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1049 }
1050 
1051 void
1052 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1053 				 const struct ieee80211_channel_sw_ie *sw_elem,
1054 				 struct ieee80211_bss *bss, u64 timestamp)
1055 {
1056 	struct cfg80211_bss *cbss =
1057 		container_of((void *)bss, struct cfg80211_bss, priv);
1058 	struct ieee80211_channel *new_ch;
1059 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1060 	int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num,
1061 						      cbss->channel->band);
1062 	struct ieee80211_chanctx *chanctx;
1063 
1064 	ASSERT_MGD_MTX(ifmgd);
1065 
1066 	if (!ifmgd->associated)
1067 		return;
1068 
1069 	if (sdata->local->scanning)
1070 		return;
1071 
1072 	/* Disregard subsequent beacons if we are already running a timer
1073 	   processing a CSA */
1074 
1075 	if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1076 		return;
1077 
1078 	new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
1079 	if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) {
1080 		sdata_info(sdata,
1081 			   "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1082 			   ifmgd->associated->bssid, new_freq);
1083 		ieee80211_queue_work(&sdata->local->hw,
1084 				     &ifmgd->csa_connection_drop_work);
1085 		return;
1086 	}
1087 
1088 	ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1089 
1090 	if (sdata->local->use_chanctx) {
1091 		sdata_info(sdata,
1092 			   "not handling channel switch with channel contexts\n");
1093 		ieee80211_queue_work(&sdata->local->hw,
1094 				     &ifmgd->csa_connection_drop_work);
1095 		return;
1096 	}
1097 
1098 	mutex_lock(&sdata->local->chanctx_mtx);
1099 	if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1100 		mutex_unlock(&sdata->local->chanctx_mtx);
1101 		return;
1102 	}
1103 	chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1104 			       struct ieee80211_chanctx, conf);
1105 	if (chanctx->refcount > 1) {
1106 		sdata_info(sdata,
1107 			   "channel switch with multiple interfaces on the same channel, disconnecting\n");
1108 		ieee80211_queue_work(&sdata->local->hw,
1109 				     &ifmgd->csa_connection_drop_work);
1110 		mutex_unlock(&sdata->local->chanctx_mtx);
1111 		return;
1112 	}
1113 	mutex_unlock(&sdata->local->chanctx_mtx);
1114 
1115 	sdata->local->csa_channel = new_ch;
1116 
1117 	if (sw_elem->mode)
1118 		ieee80211_stop_queues_by_reason(&sdata->local->hw,
1119 				IEEE80211_QUEUE_STOP_REASON_CSA);
1120 
1121 	if (sdata->local->ops->channel_switch) {
1122 		/* use driver's channel switch callback */
1123 		struct ieee80211_channel_switch ch_switch = {
1124 			.timestamp = timestamp,
1125 			.block_tx = sw_elem->mode,
1126 			.channel = new_ch,
1127 			.count = sw_elem->count,
1128 		};
1129 
1130 		drv_channel_switch(sdata->local, &ch_switch);
1131 		return;
1132 	}
1133 
1134 	/* channel switch handled in software */
1135 	if (sw_elem->count <= 1)
1136 		ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1137 	else
1138 		mod_timer(&ifmgd->chswitch_timer,
1139 			  TU_TO_EXP_TIME(sw_elem->count *
1140 					 cbss->beacon_interval));
1141 }
1142 
1143 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1144 				       struct ieee80211_channel *channel,
1145 				       const u8 *country_ie, u8 country_ie_len,
1146 				       const u8 *pwr_constr_elem)
1147 {
1148 	struct ieee80211_country_ie_triplet *triplet;
1149 	int chan = ieee80211_frequency_to_channel(channel->center_freq);
1150 	int i, chan_pwr, chan_increment, new_ap_level;
1151 	bool have_chan_pwr = false;
1152 
1153 	/* Invalid IE */
1154 	if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1155 		return 0;
1156 
1157 	triplet = (void *)(country_ie + 3);
1158 	country_ie_len -= 3;
1159 
1160 	switch (channel->band) {
1161 	default:
1162 		WARN_ON_ONCE(1);
1163 		/* fall through */
1164 	case IEEE80211_BAND_2GHZ:
1165 	case IEEE80211_BAND_60GHZ:
1166 		chan_increment = 1;
1167 		break;
1168 	case IEEE80211_BAND_5GHZ:
1169 		chan_increment = 4;
1170 		break;
1171 	}
1172 
1173 	/* find channel */
1174 	while (country_ie_len >= 3) {
1175 		u8 first_channel = triplet->chans.first_channel;
1176 
1177 		if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1178 			goto next;
1179 
1180 		for (i = 0; i < triplet->chans.num_channels; i++) {
1181 			if (first_channel + i * chan_increment == chan) {
1182 				have_chan_pwr = true;
1183 				chan_pwr = triplet->chans.max_power;
1184 				break;
1185 			}
1186 		}
1187 		if (have_chan_pwr)
1188 			break;
1189 
1190  next:
1191 		triplet++;
1192 		country_ie_len -= 3;
1193 	}
1194 
1195 	if (!have_chan_pwr)
1196 		return 0;
1197 
1198 	new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1199 
1200 	if (sdata->ap_power_level == new_ap_level)
1201 		return 0;
1202 
1203 	sdata_info(sdata,
1204 		   "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1205 		   new_ap_level, chan_pwr, *pwr_constr_elem,
1206 		   sdata->u.mgd.bssid);
1207 	sdata->ap_power_level = new_ap_level;
1208 	if (__ieee80211_recalc_txpower(sdata))
1209 		return BSS_CHANGED_TXPOWER;
1210 	return 0;
1211 }
1212 
1213 /* powersave */
1214 static void ieee80211_enable_ps(struct ieee80211_local *local,
1215 				struct ieee80211_sub_if_data *sdata)
1216 {
1217 	struct ieee80211_conf *conf = &local->hw.conf;
1218 
1219 	/*
1220 	 * If we are scanning right now then the parameters will
1221 	 * take effect when scan finishes.
1222 	 */
1223 	if (local->scanning)
1224 		return;
1225 
1226 	if (conf->dynamic_ps_timeout > 0 &&
1227 	    !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1228 		mod_timer(&local->dynamic_ps_timer, jiffies +
1229 			  msecs_to_jiffies(conf->dynamic_ps_timeout));
1230 	} else {
1231 		if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1232 			ieee80211_send_nullfunc(local, sdata, 1);
1233 
1234 		if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1235 		    (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1236 			return;
1237 
1238 		conf->flags |= IEEE80211_CONF_PS;
1239 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1240 	}
1241 }
1242 
1243 static void ieee80211_change_ps(struct ieee80211_local *local)
1244 {
1245 	struct ieee80211_conf *conf = &local->hw.conf;
1246 
1247 	if (local->ps_sdata) {
1248 		ieee80211_enable_ps(local, local->ps_sdata);
1249 	} else if (conf->flags & IEEE80211_CONF_PS) {
1250 		conf->flags &= ~IEEE80211_CONF_PS;
1251 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1252 		del_timer_sync(&local->dynamic_ps_timer);
1253 		cancel_work_sync(&local->dynamic_ps_enable_work);
1254 	}
1255 }
1256 
1257 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1258 {
1259 	struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1260 	struct sta_info *sta = NULL;
1261 	bool authorized = false;
1262 
1263 	if (!mgd->powersave)
1264 		return false;
1265 
1266 	if (mgd->broken_ap)
1267 		return false;
1268 
1269 	if (!mgd->associated)
1270 		return false;
1271 
1272 	if (mgd->flags & (IEEE80211_STA_BEACON_POLL |
1273 			  IEEE80211_STA_CONNECTION_POLL))
1274 		return false;
1275 
1276 	rcu_read_lock();
1277 	sta = sta_info_get(sdata, mgd->bssid);
1278 	if (sta)
1279 		authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1280 	rcu_read_unlock();
1281 
1282 	return authorized;
1283 }
1284 
1285 /* need to hold RTNL or interface lock */
1286 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1287 {
1288 	struct ieee80211_sub_if_data *sdata, *found = NULL;
1289 	int count = 0;
1290 	int timeout;
1291 
1292 	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1293 		local->ps_sdata = NULL;
1294 		return;
1295 	}
1296 
1297 	list_for_each_entry(sdata, &local->interfaces, list) {
1298 		if (!ieee80211_sdata_running(sdata))
1299 			continue;
1300 		if (sdata->vif.type == NL80211_IFTYPE_AP) {
1301 			/* If an AP vif is found, then disable PS
1302 			 * by setting the count to zero thereby setting
1303 			 * ps_sdata to NULL.
1304 			 */
1305 			count = 0;
1306 			break;
1307 		}
1308 		if (sdata->vif.type != NL80211_IFTYPE_STATION)
1309 			continue;
1310 		found = sdata;
1311 		count++;
1312 	}
1313 
1314 	if (count == 1 && ieee80211_powersave_allowed(found)) {
1315 		s32 beaconint_us;
1316 
1317 		if (latency < 0)
1318 			latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1319 
1320 		beaconint_us = ieee80211_tu_to_usec(
1321 					found->vif.bss_conf.beacon_int);
1322 
1323 		timeout = local->dynamic_ps_forced_timeout;
1324 		if (timeout < 0) {
1325 			/*
1326 			 * Go to full PSM if the user configures a very low
1327 			 * latency requirement.
1328 			 * The 2000 second value is there for compatibility
1329 			 * until the PM_QOS_NETWORK_LATENCY is configured
1330 			 * with real values.
1331 			 */
1332 			if (latency > (1900 * USEC_PER_MSEC) &&
1333 			    latency != (2000 * USEC_PER_SEC))
1334 				timeout = 0;
1335 			else
1336 				timeout = 100;
1337 		}
1338 		local->hw.conf.dynamic_ps_timeout = timeout;
1339 
1340 		if (beaconint_us > latency) {
1341 			local->ps_sdata = NULL;
1342 		} else {
1343 			int maxslp = 1;
1344 			u8 dtimper = found->u.mgd.dtim_period;
1345 
1346 			/* If the TIM IE is invalid, pretend the value is 1 */
1347 			if (!dtimper)
1348 				dtimper = 1;
1349 			else if (dtimper > 1)
1350 				maxslp = min_t(int, dtimper,
1351 						    latency / beaconint_us);
1352 
1353 			local->hw.conf.max_sleep_period = maxslp;
1354 			local->hw.conf.ps_dtim_period = dtimper;
1355 			local->ps_sdata = found;
1356 		}
1357 	} else {
1358 		local->ps_sdata = NULL;
1359 	}
1360 
1361 	ieee80211_change_ps(local);
1362 }
1363 
1364 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1365 {
1366 	bool ps_allowed = ieee80211_powersave_allowed(sdata);
1367 
1368 	if (sdata->vif.bss_conf.ps != ps_allowed) {
1369 		sdata->vif.bss_conf.ps = ps_allowed;
1370 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1371 	}
1372 }
1373 
1374 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1375 {
1376 	struct ieee80211_local *local =
1377 		container_of(work, struct ieee80211_local,
1378 			     dynamic_ps_disable_work);
1379 
1380 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1381 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1382 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1383 	}
1384 
1385 	ieee80211_wake_queues_by_reason(&local->hw,
1386 					IEEE80211_QUEUE_STOP_REASON_PS);
1387 }
1388 
1389 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1390 {
1391 	struct ieee80211_local *local =
1392 		container_of(work, struct ieee80211_local,
1393 			     dynamic_ps_enable_work);
1394 	struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1395 	struct ieee80211_if_managed *ifmgd;
1396 	unsigned long flags;
1397 	int q;
1398 
1399 	/* can only happen when PS was just disabled anyway */
1400 	if (!sdata)
1401 		return;
1402 
1403 	ifmgd = &sdata->u.mgd;
1404 
1405 	if (local->hw.conf.flags & IEEE80211_CONF_PS)
1406 		return;
1407 
1408 	if (local->hw.conf.dynamic_ps_timeout > 0) {
1409 		/* don't enter PS if TX frames are pending */
1410 		if (drv_tx_frames_pending(local)) {
1411 			mod_timer(&local->dynamic_ps_timer, jiffies +
1412 				  msecs_to_jiffies(
1413 				  local->hw.conf.dynamic_ps_timeout));
1414 			return;
1415 		}
1416 
1417 		/*
1418 		 * transmission can be stopped by others which leads to
1419 		 * dynamic_ps_timer expiry. Postpone the ps timer if it
1420 		 * is not the actual idle state.
1421 		 */
1422 		spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1423 		for (q = 0; q < local->hw.queues; q++) {
1424 			if (local->queue_stop_reasons[q]) {
1425 				spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1426 						       flags);
1427 				mod_timer(&local->dynamic_ps_timer, jiffies +
1428 					  msecs_to_jiffies(
1429 					  local->hw.conf.dynamic_ps_timeout));
1430 				return;
1431 			}
1432 		}
1433 		spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1434 	}
1435 
1436 	if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1437 	    !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1438 		netif_tx_stop_all_queues(sdata->dev);
1439 
1440 		if (drv_tx_frames_pending(local))
1441 			mod_timer(&local->dynamic_ps_timer, jiffies +
1442 				  msecs_to_jiffies(
1443 				  local->hw.conf.dynamic_ps_timeout));
1444 		else {
1445 			ieee80211_send_nullfunc(local, sdata, 1);
1446 			/* Flush to get the tx status of nullfunc frame */
1447 			drv_flush(local, false);
1448 		}
1449 	}
1450 
1451 	if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1452 	      (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1453 	    (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1454 		ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1455 		local->hw.conf.flags |= IEEE80211_CONF_PS;
1456 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1457 	}
1458 
1459 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1460 		netif_tx_wake_all_queues(sdata->dev);
1461 }
1462 
1463 void ieee80211_dynamic_ps_timer(unsigned long data)
1464 {
1465 	struct ieee80211_local *local = (void *) data;
1466 
1467 	if (local->quiescing || local->suspended)
1468 		return;
1469 
1470 	ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1471 }
1472 
1473 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1474 {
1475 	struct delayed_work *delayed_work =
1476 		container_of(work, struct delayed_work, work);
1477 	struct ieee80211_sub_if_data *sdata =
1478 		container_of(delayed_work, struct ieee80211_sub_if_data,
1479 			     dfs_cac_timer_work);
1480 
1481 	ieee80211_vif_release_channel(sdata);
1482 
1483 	cfg80211_cac_event(sdata->dev, NL80211_RADAR_CAC_FINISHED, GFP_KERNEL);
1484 }
1485 
1486 /* MLME */
1487 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1488 				     struct ieee80211_sub_if_data *sdata,
1489 				     const u8 *wmm_param, size_t wmm_param_len)
1490 {
1491 	struct ieee80211_tx_queue_params params;
1492 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1493 	size_t left;
1494 	int count;
1495 	const u8 *pos;
1496 	u8 uapsd_queues = 0;
1497 
1498 	if (!local->ops->conf_tx)
1499 		return false;
1500 
1501 	if (local->hw.queues < IEEE80211_NUM_ACS)
1502 		return false;
1503 
1504 	if (!wmm_param)
1505 		return false;
1506 
1507 	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1508 		return false;
1509 
1510 	if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1511 		uapsd_queues = ifmgd->uapsd_queues;
1512 
1513 	count = wmm_param[6] & 0x0f;
1514 	if (count == ifmgd->wmm_last_param_set)
1515 		return false;
1516 	ifmgd->wmm_last_param_set = count;
1517 
1518 	pos = wmm_param + 8;
1519 	left = wmm_param_len - 8;
1520 
1521 	memset(&params, 0, sizeof(params));
1522 
1523 	sdata->wmm_acm = 0;
1524 	for (; left >= 4; left -= 4, pos += 4) {
1525 		int aci = (pos[0] >> 5) & 0x03;
1526 		int acm = (pos[0] >> 4) & 0x01;
1527 		bool uapsd = false;
1528 		int queue;
1529 
1530 		switch (aci) {
1531 		case 1: /* AC_BK */
1532 			queue = 3;
1533 			if (acm)
1534 				sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1535 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1536 				uapsd = true;
1537 			break;
1538 		case 2: /* AC_VI */
1539 			queue = 1;
1540 			if (acm)
1541 				sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1542 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1543 				uapsd = true;
1544 			break;
1545 		case 3: /* AC_VO */
1546 			queue = 0;
1547 			if (acm)
1548 				sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1549 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1550 				uapsd = true;
1551 			break;
1552 		case 0: /* AC_BE */
1553 		default:
1554 			queue = 2;
1555 			if (acm)
1556 				sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1557 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1558 				uapsd = true;
1559 			break;
1560 		}
1561 
1562 		params.aifs = pos[0] & 0x0f;
1563 		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1564 		params.cw_min = ecw2cw(pos[1] & 0x0f);
1565 		params.txop = get_unaligned_le16(pos + 2);
1566 		params.uapsd = uapsd;
1567 
1568 		mlme_dbg(sdata,
1569 			 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1570 			 queue, aci, acm,
1571 			 params.aifs, params.cw_min, params.cw_max,
1572 			 params.txop, params.uapsd);
1573 		sdata->tx_conf[queue] = params;
1574 		if (drv_conf_tx(local, sdata, queue, &params))
1575 			sdata_err(sdata,
1576 				  "failed to set TX queue parameters for queue %d\n",
1577 				  queue);
1578 	}
1579 
1580 	/* enable WMM or activate new settings */
1581 	sdata->vif.bss_conf.qos = true;
1582 	return true;
1583 }
1584 
1585 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1586 {
1587 	lockdep_assert_held(&sdata->local->mtx);
1588 
1589 	sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1590 				IEEE80211_STA_BEACON_POLL);
1591 	ieee80211_run_deferred_scan(sdata->local);
1592 }
1593 
1594 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1595 {
1596 	mutex_lock(&sdata->local->mtx);
1597 	__ieee80211_stop_poll(sdata);
1598 	mutex_unlock(&sdata->local->mtx);
1599 }
1600 
1601 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1602 					   u16 capab, bool erp_valid, u8 erp)
1603 {
1604 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1605 	u32 changed = 0;
1606 	bool use_protection;
1607 	bool use_short_preamble;
1608 	bool use_short_slot;
1609 
1610 	if (erp_valid) {
1611 		use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1612 		use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1613 	} else {
1614 		use_protection = false;
1615 		use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1616 	}
1617 
1618 	use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1619 	if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1620 		use_short_slot = true;
1621 
1622 	if (use_protection != bss_conf->use_cts_prot) {
1623 		bss_conf->use_cts_prot = use_protection;
1624 		changed |= BSS_CHANGED_ERP_CTS_PROT;
1625 	}
1626 
1627 	if (use_short_preamble != bss_conf->use_short_preamble) {
1628 		bss_conf->use_short_preamble = use_short_preamble;
1629 		changed |= BSS_CHANGED_ERP_PREAMBLE;
1630 	}
1631 
1632 	if (use_short_slot != bss_conf->use_short_slot) {
1633 		bss_conf->use_short_slot = use_short_slot;
1634 		changed |= BSS_CHANGED_ERP_SLOT;
1635 	}
1636 
1637 	return changed;
1638 }
1639 
1640 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1641 				     struct cfg80211_bss *cbss,
1642 				     u32 bss_info_changed)
1643 {
1644 	struct ieee80211_bss *bss = (void *)cbss->priv;
1645 	struct ieee80211_local *local = sdata->local;
1646 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1647 
1648 	bss_info_changed |= BSS_CHANGED_ASSOC;
1649 	bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1650 		bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1651 
1652 	sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1653 		IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int));
1654 
1655 	sdata->u.mgd.associated = cbss;
1656 	memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1657 
1658 	sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1659 
1660 	if (sdata->vif.p2p) {
1661 		const struct cfg80211_bss_ies *ies;
1662 
1663 		rcu_read_lock();
1664 		ies = rcu_dereference(cbss->ies);
1665 		if (ies) {
1666 			u8 noa[2];
1667 			int ret;
1668 
1669 			ret = cfg80211_get_p2p_attr(
1670 					ies->data, ies->len,
1671 					IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1672 					noa, sizeof(noa));
1673 			if (ret >= 2) {
1674 				bss_conf->p2p_oppps = noa[1] & 0x80;
1675 				bss_conf->p2p_ctwindow = noa[1] & 0x7f;
1676 				bss_info_changed |= BSS_CHANGED_P2P_PS;
1677 				sdata->u.mgd.p2p_noa_index = noa[0];
1678 			}
1679 		}
1680 		rcu_read_unlock();
1681 	}
1682 
1683 	/* just to be sure */
1684 	ieee80211_stop_poll(sdata);
1685 
1686 	ieee80211_led_assoc(local, 1);
1687 
1688 	if (sdata->u.mgd.assoc_data->have_beacon) {
1689 		/*
1690 		 * If the AP is buggy we may get here with no DTIM period
1691 		 * known, so assume it's 1 which is the only safe assumption
1692 		 * in that case, although if the TIM IE is broken powersave
1693 		 * probably just won't work at all.
1694 		 */
1695 		bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1696 		bss_info_changed |= BSS_CHANGED_DTIM_PERIOD;
1697 	} else {
1698 		bss_conf->dtim_period = 0;
1699 	}
1700 
1701 	bss_conf->assoc = 1;
1702 
1703 	/* Tell the driver to monitor connection quality (if supported) */
1704 	if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1705 	    bss_conf->cqm_rssi_thold)
1706 		bss_info_changed |= BSS_CHANGED_CQM;
1707 
1708 	/* Enable ARP filtering */
1709 	if (bss_conf->arp_addr_cnt)
1710 		bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1711 
1712 	ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1713 
1714 	mutex_lock(&local->iflist_mtx);
1715 	ieee80211_recalc_ps(local, -1);
1716 	mutex_unlock(&local->iflist_mtx);
1717 
1718 	ieee80211_recalc_smps(sdata);
1719 	ieee80211_recalc_ps_vif(sdata);
1720 
1721 	netif_tx_start_all_queues(sdata->dev);
1722 	netif_carrier_on(sdata->dev);
1723 }
1724 
1725 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1726 				   u16 stype, u16 reason, bool tx,
1727 				   u8 *frame_buf)
1728 {
1729 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1730 	struct ieee80211_local *local = sdata->local;
1731 	u32 changed = 0;
1732 
1733 	ASSERT_MGD_MTX(ifmgd);
1734 
1735 	if (WARN_ON_ONCE(tx && !frame_buf))
1736 		return;
1737 
1738 	if (WARN_ON(!ifmgd->associated))
1739 		return;
1740 
1741 	ieee80211_stop_poll(sdata);
1742 
1743 	ifmgd->associated = NULL;
1744 
1745 	/*
1746 	 * we need to commit the associated = NULL change because the
1747 	 * scan code uses that to determine whether this iface should
1748 	 * go to/wake up from powersave or not -- and could otherwise
1749 	 * wake the queues erroneously.
1750 	 */
1751 	smp_mb();
1752 
1753 	/*
1754 	 * Thus, we can only afterwards stop the queues -- to account
1755 	 * for the case where another CPU is finishing a scan at this
1756 	 * time -- we don't want the scan code to enable queues.
1757 	 */
1758 
1759 	netif_tx_stop_all_queues(sdata->dev);
1760 	netif_carrier_off(sdata->dev);
1761 
1762 	/*
1763 	 * if we want to get out of ps before disassoc (why?) we have
1764 	 * to do it before sending disassoc, as otherwise the null-packet
1765 	 * won't be valid.
1766 	 */
1767 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1768 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1769 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1770 	}
1771 	local->ps_sdata = NULL;
1772 
1773 	/* disable per-vif ps */
1774 	ieee80211_recalc_ps_vif(sdata);
1775 
1776 	/* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1777 	if (tx)
1778 		drv_flush(local, false);
1779 
1780 	/* deauthenticate/disassociate now */
1781 	if (tx || frame_buf)
1782 		ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1783 					       reason, tx, frame_buf);
1784 
1785 	/* flush out frame */
1786 	if (tx)
1787 		drv_flush(local, false);
1788 
1789 	/* clear bssid only after building the needed mgmt frames */
1790 	memset(ifmgd->bssid, 0, ETH_ALEN);
1791 
1792 	/* remove AP and TDLS peers */
1793 	sta_info_flush_defer(sdata);
1794 
1795 	/* finally reset all BSS / config parameters */
1796 	changed |= ieee80211_reset_erp_info(sdata);
1797 
1798 	ieee80211_led_assoc(local, 0);
1799 	changed |= BSS_CHANGED_ASSOC;
1800 	sdata->vif.bss_conf.assoc = false;
1801 
1802 	sdata->vif.bss_conf.p2p_ctwindow = 0;
1803 	sdata->vif.bss_conf.p2p_oppps = false;
1804 
1805 	/* on the next assoc, re-program HT parameters */
1806 	memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1807 	memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1808 
1809 	sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1810 
1811 	del_timer_sync(&local->dynamic_ps_timer);
1812 	cancel_work_sync(&local->dynamic_ps_enable_work);
1813 
1814 	/* Disable ARP filtering */
1815 	if (sdata->vif.bss_conf.arp_addr_cnt)
1816 		changed |= BSS_CHANGED_ARP_FILTER;
1817 
1818 	sdata->vif.bss_conf.qos = false;
1819 	changed |= BSS_CHANGED_QOS;
1820 
1821 	/* The BSSID (not really interesting) and HT changed */
1822 	changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1823 	ieee80211_bss_info_change_notify(sdata, changed);
1824 
1825 	/* disassociated - set to defaults now */
1826 	ieee80211_set_wmm_default(sdata, false);
1827 
1828 	del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1829 	del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1830 	del_timer_sync(&sdata->u.mgd.timer);
1831 	del_timer_sync(&sdata->u.mgd.chswitch_timer);
1832 
1833 	sdata->u.mgd.timers_running = 0;
1834 
1835 	sdata->vif.bss_conf.dtim_period = 0;
1836 
1837 	ifmgd->flags = 0;
1838 	ieee80211_vif_release_channel(sdata);
1839 }
1840 
1841 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1842 			     struct ieee80211_hdr *hdr)
1843 {
1844 	/*
1845 	 * We can postpone the mgd.timer whenever receiving unicast frames
1846 	 * from AP because we know that the connection is working both ways
1847 	 * at that time. But multicast frames (and hence also beacons) must
1848 	 * be ignored here, because we need to trigger the timer during
1849 	 * data idle periods for sending the periodic probe request to the
1850 	 * AP we're connected to.
1851 	 */
1852 	if (is_multicast_ether_addr(hdr->addr1))
1853 		return;
1854 
1855 	ieee80211_sta_reset_conn_monitor(sdata);
1856 }
1857 
1858 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1859 {
1860 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1861 	struct ieee80211_local *local = sdata->local;
1862 
1863 	mutex_lock(&local->mtx);
1864 	if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1865 			      IEEE80211_STA_CONNECTION_POLL))) {
1866 		mutex_unlock(&local->mtx);
1867 		return;
1868 	}
1869 
1870 	__ieee80211_stop_poll(sdata);
1871 
1872 	mutex_lock(&local->iflist_mtx);
1873 	ieee80211_recalc_ps(local, -1);
1874 	mutex_unlock(&local->iflist_mtx);
1875 
1876 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1877 		goto out;
1878 
1879 	/*
1880 	 * We've received a probe response, but are not sure whether
1881 	 * we have or will be receiving any beacons or data, so let's
1882 	 * schedule the timers again, just in case.
1883 	 */
1884 	ieee80211_sta_reset_beacon_monitor(sdata);
1885 
1886 	mod_timer(&ifmgd->conn_mon_timer,
1887 		  round_jiffies_up(jiffies +
1888 				   IEEE80211_CONNECTION_IDLE_TIME));
1889 out:
1890 	mutex_unlock(&local->mtx);
1891 }
1892 
1893 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1894 			     struct ieee80211_hdr *hdr, bool ack)
1895 {
1896 	if (!ieee80211_is_data(hdr->frame_control))
1897 	    return;
1898 
1899 	if (ieee80211_is_nullfunc(hdr->frame_control) &&
1900 	    sdata->u.mgd.probe_send_count > 0) {
1901 		if (ack)
1902 			ieee80211_sta_reset_conn_monitor(sdata);
1903 		else
1904 			sdata->u.mgd.nullfunc_failed = true;
1905 		ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1906 		return;
1907 	}
1908 
1909 	if (ack)
1910 		ieee80211_sta_reset_conn_monitor(sdata);
1911 }
1912 
1913 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1914 {
1915 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1916 	const u8 *ssid;
1917 	u8 *dst = ifmgd->associated->bssid;
1918 	u8 unicast_limit = max(1, max_probe_tries - 3);
1919 
1920 	/*
1921 	 * Try sending broadcast probe requests for the last three
1922 	 * probe requests after the first ones failed since some
1923 	 * buggy APs only support broadcast probe requests.
1924 	 */
1925 	if (ifmgd->probe_send_count >= unicast_limit)
1926 		dst = NULL;
1927 
1928 	/*
1929 	 * When the hardware reports an accurate Tx ACK status, it's
1930 	 * better to send a nullfunc frame instead of a probe request,
1931 	 * as it will kick us off the AP quickly if we aren't associated
1932 	 * anymore. The timeout will be reset if the frame is ACKed by
1933 	 * the AP.
1934 	 */
1935 	ifmgd->probe_send_count++;
1936 
1937 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1938 		ifmgd->nullfunc_failed = false;
1939 		ieee80211_send_nullfunc(sdata->local, sdata, 0);
1940 	} else {
1941 		int ssid_len;
1942 
1943 		rcu_read_lock();
1944 		ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1945 		if (WARN_ON_ONCE(ssid == NULL))
1946 			ssid_len = 0;
1947 		else
1948 			ssid_len = ssid[1];
1949 
1950 		ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1951 					 0, (u32) -1, true, 0,
1952 					 ifmgd->associated->channel, false);
1953 		rcu_read_unlock();
1954 	}
1955 
1956 	ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1957 	run_again(ifmgd, ifmgd->probe_timeout);
1958 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1959 		drv_flush(sdata->local, false);
1960 }
1961 
1962 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1963 				   bool beacon)
1964 {
1965 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1966 	bool already = false;
1967 
1968 	if (!ieee80211_sdata_running(sdata))
1969 		return;
1970 
1971 	mutex_lock(&ifmgd->mtx);
1972 
1973 	if (!ifmgd->associated)
1974 		goto out;
1975 
1976 	mutex_lock(&sdata->local->mtx);
1977 
1978 	if (sdata->local->tmp_channel || sdata->local->scanning) {
1979 		mutex_unlock(&sdata->local->mtx);
1980 		goto out;
1981 	}
1982 
1983 	if (beacon)
1984 		mlme_dbg_ratelimited(sdata,
1985 				     "detected beacon loss from AP - probing\n");
1986 
1987 	ieee80211_cqm_rssi_notify(&sdata->vif,
1988 		NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL);
1989 
1990 	/*
1991 	 * The driver/our work has already reported this event or the
1992 	 * connection monitoring has kicked in and we have already sent
1993 	 * a probe request. Or maybe the AP died and the driver keeps
1994 	 * reporting until we disassociate...
1995 	 *
1996 	 * In either case we have to ignore the current call to this
1997 	 * function (except for setting the correct probe reason bit)
1998 	 * because otherwise we would reset the timer every time and
1999 	 * never check whether we received a probe response!
2000 	 */
2001 	if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
2002 			    IEEE80211_STA_CONNECTION_POLL))
2003 		already = true;
2004 
2005 	if (beacon)
2006 		ifmgd->flags |= IEEE80211_STA_BEACON_POLL;
2007 	else
2008 		ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2009 
2010 	mutex_unlock(&sdata->local->mtx);
2011 
2012 	if (already)
2013 		goto out;
2014 
2015 	mutex_lock(&sdata->local->iflist_mtx);
2016 	ieee80211_recalc_ps(sdata->local, -1);
2017 	mutex_unlock(&sdata->local->iflist_mtx);
2018 
2019 	ifmgd->probe_send_count = 0;
2020 	ieee80211_mgd_probe_ap_send(sdata);
2021  out:
2022 	mutex_unlock(&ifmgd->mtx);
2023 }
2024 
2025 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2026 					  struct ieee80211_vif *vif)
2027 {
2028 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2029 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2030 	struct cfg80211_bss *cbss;
2031 	struct sk_buff *skb;
2032 	const u8 *ssid;
2033 	int ssid_len;
2034 
2035 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2036 		return NULL;
2037 
2038 	ASSERT_MGD_MTX(ifmgd);
2039 
2040 	if (ifmgd->associated)
2041 		cbss = ifmgd->associated;
2042 	else if (ifmgd->auth_data)
2043 		cbss = ifmgd->auth_data->bss;
2044 	else if (ifmgd->assoc_data)
2045 		cbss = ifmgd->assoc_data->bss;
2046 	else
2047 		return NULL;
2048 
2049 	rcu_read_lock();
2050 	ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2051 	if (WARN_ON_ONCE(ssid == NULL))
2052 		ssid_len = 0;
2053 	else
2054 		ssid_len = ssid[1];
2055 
2056 	skb = ieee80211_build_probe_req(sdata, cbss->bssid,
2057 					(u32) -1, cbss->channel,
2058 					ssid + 2, ssid_len,
2059 					NULL, 0, true);
2060 	rcu_read_unlock();
2061 
2062 	return skb;
2063 }
2064 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2065 
2066 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2067 {
2068 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2069 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2070 
2071 	mutex_lock(&ifmgd->mtx);
2072 	if (!ifmgd->associated) {
2073 		mutex_unlock(&ifmgd->mtx);
2074 		return;
2075 	}
2076 
2077 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2078 			       WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2079 			       true, frame_buf);
2080 	ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2081 	ieee80211_wake_queues_by_reason(&sdata->local->hw,
2082 					IEEE80211_QUEUE_STOP_REASON_CSA);
2083 	mutex_unlock(&ifmgd->mtx);
2084 
2085 	/*
2086 	 * must be outside lock due to cfg80211,
2087 	 * but that's not a problem.
2088 	 */
2089 	cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
2090 }
2091 
2092 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2093 {
2094 	struct ieee80211_sub_if_data *sdata =
2095 		container_of(work, struct ieee80211_sub_if_data,
2096 			     u.mgd.beacon_connection_loss_work);
2097 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2098 	struct sta_info *sta;
2099 
2100 	if (ifmgd->associated) {
2101 		rcu_read_lock();
2102 		sta = sta_info_get(sdata, ifmgd->bssid);
2103 		if (sta)
2104 			sta->beacon_loss_count++;
2105 		rcu_read_unlock();
2106 	}
2107 
2108 	if (ifmgd->connection_loss) {
2109 		sdata_info(sdata, "Connection to AP %pM lost\n",
2110 			   ifmgd->bssid);
2111 		__ieee80211_disconnect(sdata);
2112 	} else {
2113 		ieee80211_mgd_probe_ap(sdata, true);
2114 	}
2115 }
2116 
2117 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2118 {
2119 	struct ieee80211_sub_if_data *sdata =
2120 		container_of(work, struct ieee80211_sub_if_data,
2121 			     u.mgd.csa_connection_drop_work);
2122 
2123 	__ieee80211_disconnect(sdata);
2124 }
2125 
2126 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2127 {
2128 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2129 	struct ieee80211_hw *hw = &sdata->local->hw;
2130 
2131 	trace_api_beacon_loss(sdata);
2132 
2133 	WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
2134 	sdata->u.mgd.connection_loss = false;
2135 	ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2136 }
2137 EXPORT_SYMBOL(ieee80211_beacon_loss);
2138 
2139 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2140 {
2141 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2142 	struct ieee80211_hw *hw = &sdata->local->hw;
2143 
2144 	trace_api_connection_loss(sdata);
2145 
2146 	sdata->u.mgd.connection_loss = true;
2147 	ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2148 }
2149 EXPORT_SYMBOL(ieee80211_connection_loss);
2150 
2151 
2152 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2153 					bool assoc)
2154 {
2155 	struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2156 
2157 	lockdep_assert_held(&sdata->u.mgd.mtx);
2158 
2159 	if (!assoc) {
2160 		sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2161 
2162 		memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2163 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2164 		sdata->u.mgd.flags = 0;
2165 		ieee80211_vif_release_channel(sdata);
2166 	}
2167 
2168 	cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2169 	kfree(auth_data);
2170 	sdata->u.mgd.auth_data = NULL;
2171 }
2172 
2173 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2174 				     struct ieee80211_mgmt *mgmt, size_t len)
2175 {
2176 	struct ieee80211_local *local = sdata->local;
2177 	struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2178 	u8 *pos;
2179 	struct ieee802_11_elems elems;
2180 	u32 tx_flags = 0;
2181 
2182 	pos = mgmt->u.auth.variable;
2183 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2184 	if (!elems.challenge)
2185 		return;
2186 	auth_data->expected_transaction = 4;
2187 	drv_mgd_prepare_tx(sdata->local, sdata);
2188 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2189 		tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2190 			   IEEE80211_TX_INTFL_MLME_CONN_TX;
2191 	ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2192 			    elems.challenge - 2, elems.challenge_len + 2,
2193 			    auth_data->bss->bssid, auth_data->bss->bssid,
2194 			    auth_data->key, auth_data->key_len,
2195 			    auth_data->key_idx, tx_flags);
2196 }
2197 
2198 static enum rx_mgmt_action __must_check
2199 ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2200 		       struct ieee80211_mgmt *mgmt, size_t len)
2201 {
2202 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2203 	u8 bssid[ETH_ALEN];
2204 	u16 auth_alg, auth_transaction, status_code;
2205 	struct sta_info *sta;
2206 
2207 	lockdep_assert_held(&ifmgd->mtx);
2208 
2209 	if (len < 24 + 6)
2210 		return RX_MGMT_NONE;
2211 
2212 	if (!ifmgd->auth_data || ifmgd->auth_data->done)
2213 		return RX_MGMT_NONE;
2214 
2215 	memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2216 
2217 	if (!ether_addr_equal(bssid, mgmt->bssid))
2218 		return RX_MGMT_NONE;
2219 
2220 	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2221 	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2222 	status_code = le16_to_cpu(mgmt->u.auth.status_code);
2223 
2224 	if (auth_alg != ifmgd->auth_data->algorithm ||
2225 	    auth_transaction != ifmgd->auth_data->expected_transaction) {
2226 		sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2227 			   mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2228 			   auth_transaction,
2229 			   ifmgd->auth_data->expected_transaction);
2230 		return RX_MGMT_NONE;
2231 	}
2232 
2233 	if (status_code != WLAN_STATUS_SUCCESS) {
2234 		sdata_info(sdata, "%pM denied authentication (status %d)\n",
2235 			   mgmt->sa, status_code);
2236 		ieee80211_destroy_auth_data(sdata, false);
2237 		return RX_MGMT_CFG80211_RX_AUTH;
2238 	}
2239 
2240 	switch (ifmgd->auth_data->algorithm) {
2241 	case WLAN_AUTH_OPEN:
2242 	case WLAN_AUTH_LEAP:
2243 	case WLAN_AUTH_FT:
2244 	case WLAN_AUTH_SAE:
2245 		break;
2246 	case WLAN_AUTH_SHARED_KEY:
2247 		if (ifmgd->auth_data->expected_transaction != 4) {
2248 			ieee80211_auth_challenge(sdata, mgmt, len);
2249 			/* need another frame */
2250 			return RX_MGMT_NONE;
2251 		}
2252 		break;
2253 	default:
2254 		WARN_ONCE(1, "invalid auth alg %d",
2255 			  ifmgd->auth_data->algorithm);
2256 		return RX_MGMT_NONE;
2257 	}
2258 
2259 	sdata_info(sdata, "authenticated\n");
2260 	ifmgd->auth_data->done = true;
2261 	ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2262 	ifmgd->auth_data->timeout_started = true;
2263 	run_again(ifmgd, ifmgd->auth_data->timeout);
2264 
2265 	if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2266 	    ifmgd->auth_data->expected_transaction != 2) {
2267 		/*
2268 		 * Report auth frame to user space for processing since another
2269 		 * round of Authentication frames is still needed.
2270 		 */
2271 		return RX_MGMT_CFG80211_RX_AUTH;
2272 	}
2273 
2274 	/* move station state to auth */
2275 	mutex_lock(&sdata->local->sta_mtx);
2276 	sta = sta_info_get(sdata, bssid);
2277 	if (!sta) {
2278 		WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2279 		goto out_err;
2280 	}
2281 	if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2282 		sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2283 		goto out_err;
2284 	}
2285 	mutex_unlock(&sdata->local->sta_mtx);
2286 
2287 	return RX_MGMT_CFG80211_RX_AUTH;
2288  out_err:
2289 	mutex_unlock(&sdata->local->sta_mtx);
2290 	/* ignore frame -- wait for timeout */
2291 	return RX_MGMT_NONE;
2292 }
2293 
2294 
2295 static enum rx_mgmt_action __must_check
2296 ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2297 			 struct ieee80211_mgmt *mgmt, size_t len)
2298 {
2299 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2300 	const u8 *bssid = NULL;
2301 	u16 reason_code;
2302 
2303 	lockdep_assert_held(&ifmgd->mtx);
2304 
2305 	if (len < 24 + 2)
2306 		return RX_MGMT_NONE;
2307 
2308 	if (!ifmgd->associated ||
2309 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2310 		return RX_MGMT_NONE;
2311 
2312 	bssid = ifmgd->associated->bssid;
2313 
2314 	reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2315 
2316 	sdata_info(sdata, "deauthenticated from %pM (Reason: %u)\n",
2317 		   bssid, reason_code);
2318 
2319 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2320 
2321 	return RX_MGMT_CFG80211_DEAUTH;
2322 }
2323 
2324 
2325 static enum rx_mgmt_action __must_check
2326 ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2327 			   struct ieee80211_mgmt *mgmt, size_t len)
2328 {
2329 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2330 	u16 reason_code;
2331 
2332 	lockdep_assert_held(&ifmgd->mtx);
2333 
2334 	if (len < 24 + 2)
2335 		return RX_MGMT_NONE;
2336 
2337 	if (!ifmgd->associated ||
2338 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2339 		return RX_MGMT_NONE;
2340 
2341 	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2342 
2343 	sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2344 		   mgmt->sa, reason_code);
2345 
2346 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2347 
2348 	return RX_MGMT_CFG80211_DISASSOC;
2349 }
2350 
2351 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2352 				u8 *supp_rates, unsigned int supp_rates_len,
2353 				u32 *rates, u32 *basic_rates,
2354 				bool *have_higher_than_11mbit,
2355 				int *min_rate, int *min_rate_index)
2356 {
2357 	int i, j;
2358 
2359 	for (i = 0; i < supp_rates_len; i++) {
2360 		int rate = (supp_rates[i] & 0x7f) * 5;
2361 		bool is_basic = !!(supp_rates[i] & 0x80);
2362 
2363 		if (rate > 110)
2364 			*have_higher_than_11mbit = true;
2365 
2366 		/*
2367 		 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2368 		 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2369 		 *
2370 		 * Note: Even through the membership selector and the basic
2371 		 *	 rate flag share the same bit, they are not exactly
2372 		 *	 the same.
2373 		 */
2374 		if (!!(supp_rates[i] & 0x80) &&
2375 		    (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2376 			continue;
2377 
2378 		for (j = 0; j < sband->n_bitrates; j++) {
2379 			if (sband->bitrates[j].bitrate == rate) {
2380 				*rates |= BIT(j);
2381 				if (is_basic)
2382 					*basic_rates |= BIT(j);
2383 				if (rate < *min_rate) {
2384 					*min_rate = rate;
2385 					*min_rate_index = j;
2386 				}
2387 				break;
2388 			}
2389 		}
2390 	}
2391 }
2392 
2393 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2394 					 bool assoc)
2395 {
2396 	struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2397 
2398 	lockdep_assert_held(&sdata->u.mgd.mtx);
2399 
2400 	if (!assoc) {
2401 		sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2402 
2403 		memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2404 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2405 		sdata->u.mgd.flags = 0;
2406 		ieee80211_vif_release_channel(sdata);
2407 	}
2408 
2409 	kfree(assoc_data);
2410 	sdata->u.mgd.assoc_data = NULL;
2411 }
2412 
2413 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2414 				    struct cfg80211_bss *cbss,
2415 				    struct ieee80211_mgmt *mgmt, size_t len)
2416 {
2417 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2418 	struct ieee80211_local *local = sdata->local;
2419 	struct ieee80211_supported_band *sband;
2420 	struct sta_info *sta;
2421 	u8 *pos;
2422 	u16 capab_info, aid;
2423 	struct ieee802_11_elems elems;
2424 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2425 	u32 changed = 0;
2426 	int err;
2427 
2428 	/* AssocResp and ReassocResp have identical structure */
2429 
2430 	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2431 	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2432 
2433 	if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2434 		sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2435 			   aid);
2436 	aid &= ~(BIT(15) | BIT(14));
2437 
2438 	ifmgd->broken_ap = false;
2439 
2440 	if (aid == 0 || aid > IEEE80211_MAX_AID) {
2441 		sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2442 			   aid);
2443 		aid = 0;
2444 		ifmgd->broken_ap = true;
2445 	}
2446 
2447 	pos = mgmt->u.assoc_resp.variable;
2448 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2449 
2450 	if (!elems.supp_rates) {
2451 		sdata_info(sdata, "no SuppRates element in AssocResp\n");
2452 		return false;
2453 	}
2454 
2455 	ifmgd->aid = aid;
2456 
2457 	/*
2458 	 * We previously checked these in the beacon/probe response, so
2459 	 * they should be present here. This is just a safety net.
2460 	 */
2461 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2462 	    (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2463 		sdata_info(sdata,
2464 			   "HT AP is missing WMM params or HT capability/operation in AssocResp\n");
2465 		return false;
2466 	}
2467 
2468 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2469 	    (!elems.vht_cap_elem || !elems.vht_operation)) {
2470 		sdata_info(sdata,
2471 			   "VHT AP is missing VHT capability/operation in AssocResp\n");
2472 		return false;
2473 	}
2474 
2475 	mutex_lock(&sdata->local->sta_mtx);
2476 	/*
2477 	 * station info was already allocated and inserted before
2478 	 * the association and should be available to us
2479 	 */
2480 	sta = sta_info_get(sdata, cbss->bssid);
2481 	if (WARN_ON(!sta)) {
2482 		mutex_unlock(&sdata->local->sta_mtx);
2483 		return false;
2484 	}
2485 
2486 	sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2487 
2488 	/* Set up internal HT/VHT capabilities */
2489 	if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2490 		ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2491 						  elems.ht_cap_elem, sta);
2492 
2493 	if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2494 		ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2495 						    elems.vht_cap_elem, sta);
2496 
2497 	/*
2498 	 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2499 	 * in their association response, so ignore that data for our own
2500 	 * configuration. If it changed since the last beacon, we'll get the
2501 	 * next beacon and update then.
2502 	 */
2503 
2504 	/*
2505 	 * If an operating mode notification IE is present, override the
2506 	 * NSS calculation (that would be done in rate_control_rate_init())
2507 	 * and use the # of streams from that element.
2508 	 */
2509 	if (elems.opmode_notif &&
2510 	    !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2511 		u8 nss;
2512 
2513 		nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2514 		nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2515 		nss += 1;
2516 		sta->sta.rx_nss = nss;
2517 	}
2518 
2519 	rate_control_rate_init(sta);
2520 
2521 	if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2522 		set_sta_flag(sta, WLAN_STA_MFP);
2523 
2524 	if (elems.wmm_param)
2525 		set_sta_flag(sta, WLAN_STA_WME);
2526 
2527 	err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2528 	if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2529 		err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2530 	if (err) {
2531 		sdata_info(sdata,
2532 			   "failed to move station %pM to desired state\n",
2533 			   sta->sta.addr);
2534 		WARN_ON(__sta_info_destroy(sta));
2535 		mutex_unlock(&sdata->local->sta_mtx);
2536 		return false;
2537 	}
2538 
2539 	mutex_unlock(&sdata->local->sta_mtx);
2540 
2541 	/*
2542 	 * Always handle WMM once after association regardless
2543 	 * of the first value the AP uses. Setting -1 here has
2544 	 * that effect because the AP values is an unsigned
2545 	 * 4-bit value.
2546 	 */
2547 	ifmgd->wmm_last_param_set = -1;
2548 
2549 	if (elems.wmm_param)
2550 		ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2551 					 elems.wmm_param_len);
2552 	else
2553 		ieee80211_set_wmm_default(sdata, false);
2554 	changed |= BSS_CHANGED_QOS;
2555 
2556 	/* set AID and assoc capability,
2557 	 * ieee80211_set_associated() will tell the driver */
2558 	bss_conf->aid = aid;
2559 	bss_conf->assoc_capability = capab_info;
2560 	ieee80211_set_associated(sdata, cbss, changed);
2561 
2562 	/*
2563 	 * If we're using 4-addr mode, let the AP know that we're
2564 	 * doing so, so that it can create the STA VLAN on its side
2565 	 */
2566 	if (ifmgd->use_4addr)
2567 		ieee80211_send_4addr_nullfunc(local, sdata);
2568 
2569 	/*
2570 	 * Start timer to probe the connection to the AP now.
2571 	 * Also start the timer that will detect beacon loss.
2572 	 */
2573 	ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2574 	ieee80211_sta_reset_beacon_monitor(sdata);
2575 
2576 	return true;
2577 }
2578 
2579 static enum rx_mgmt_action __must_check
2580 ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2581 			     struct ieee80211_mgmt *mgmt, size_t len,
2582 			     struct cfg80211_bss **bss)
2583 {
2584 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2585 	struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2586 	u16 capab_info, status_code, aid;
2587 	struct ieee802_11_elems elems;
2588 	u8 *pos;
2589 	bool reassoc;
2590 
2591 	lockdep_assert_held(&ifmgd->mtx);
2592 
2593 	if (!assoc_data)
2594 		return RX_MGMT_NONE;
2595 	if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2596 		return RX_MGMT_NONE;
2597 
2598 	/*
2599 	 * AssocResp and ReassocResp have identical structure, so process both
2600 	 * of them in this function.
2601 	 */
2602 
2603 	if (len < 24 + 6)
2604 		return RX_MGMT_NONE;
2605 
2606 	reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2607 	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2608 	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2609 	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2610 
2611 	sdata_info(sdata,
2612 		   "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2613 		   reassoc ? "Rea" : "A", mgmt->sa,
2614 		   capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2615 
2616 	pos = mgmt->u.assoc_resp.variable;
2617 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2618 
2619 	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2620 	    elems.timeout_int && elems.timeout_int_len == 5 &&
2621 	    elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2622 		u32 tu, ms;
2623 		tu = get_unaligned_le32(elems.timeout_int + 1);
2624 		ms = tu * 1024 / 1000;
2625 		sdata_info(sdata,
2626 			   "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2627 			   mgmt->sa, tu, ms);
2628 		assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2629 		assoc_data->timeout_started = true;
2630 		if (ms > IEEE80211_ASSOC_TIMEOUT)
2631 			run_again(ifmgd, assoc_data->timeout);
2632 		return RX_MGMT_NONE;
2633 	}
2634 
2635 	*bss = assoc_data->bss;
2636 
2637 	if (status_code != WLAN_STATUS_SUCCESS) {
2638 		sdata_info(sdata, "%pM denied association (code=%d)\n",
2639 			   mgmt->sa, status_code);
2640 		ieee80211_destroy_assoc_data(sdata, false);
2641 	} else {
2642 		if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2643 			/* oops -- internal error -- send timeout for now */
2644 			ieee80211_destroy_assoc_data(sdata, false);
2645 			cfg80211_put_bss(sdata->local->hw.wiphy, *bss);
2646 			return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2647 		}
2648 		sdata_info(sdata, "associated\n");
2649 
2650 		/*
2651 		 * destroy assoc_data afterwards, as otherwise an idle
2652 		 * recalc after assoc_data is NULL but before associated
2653 		 * is set can cause the interface to go idle
2654 		 */
2655 		ieee80211_destroy_assoc_data(sdata, true);
2656 	}
2657 
2658 	return RX_MGMT_CFG80211_RX_ASSOC;
2659 }
2660 
2661 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2662 				  struct ieee80211_mgmt *mgmt, size_t len,
2663 				  struct ieee80211_rx_status *rx_status,
2664 				  struct ieee802_11_elems *elems)
2665 {
2666 	struct ieee80211_local *local = sdata->local;
2667 	int freq;
2668 	struct ieee80211_bss *bss;
2669 	struct ieee80211_channel *channel;
2670 	bool need_ps = false;
2671 
2672 	if ((sdata->u.mgd.associated &&
2673 	     ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2674 	    (sdata->u.mgd.assoc_data &&
2675 	     ether_addr_equal(mgmt->bssid,
2676 			      sdata->u.mgd.assoc_data->bss->bssid))) {
2677 		/* not previously set so we may need to recalc */
2678 		need_ps = sdata->u.mgd.associated && !sdata->u.mgd.dtim_period;
2679 
2680 		if (elems->tim && !elems->parse_error) {
2681 			const struct ieee80211_tim_ie *tim_ie = elems->tim;
2682 			sdata->u.mgd.dtim_period = tim_ie->dtim_period;
2683 		}
2684 	}
2685 
2686 	if (elems->ds_params && elems->ds_params_len == 1)
2687 		freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2688 						      rx_status->band);
2689 	else
2690 		freq = rx_status->freq;
2691 
2692 	channel = ieee80211_get_channel(local->hw.wiphy, freq);
2693 
2694 	if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
2695 		return;
2696 
2697 	bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2698 					channel);
2699 	if (bss)
2700 		ieee80211_rx_bss_put(local, bss);
2701 
2702 	if (!sdata->u.mgd.associated)
2703 		return;
2704 
2705 	if (need_ps) {
2706 		mutex_lock(&local->iflist_mtx);
2707 		ieee80211_recalc_ps(local, -1);
2708 		mutex_unlock(&local->iflist_mtx);
2709 	}
2710 
2711 	if (elems->ch_switch_ie &&
2712 	    memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0)
2713 		ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2714 						 bss, rx_status->mactime);
2715 }
2716 
2717 
2718 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2719 					 struct sk_buff *skb)
2720 {
2721 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2722 	struct ieee80211_if_managed *ifmgd;
2723 	struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2724 	size_t baselen, len = skb->len;
2725 	struct ieee802_11_elems elems;
2726 
2727 	ifmgd = &sdata->u.mgd;
2728 
2729 	ASSERT_MGD_MTX(ifmgd);
2730 
2731 	if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2732 		return; /* ignore ProbeResp to foreign address */
2733 
2734 	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2735 	if (baselen > len)
2736 		return;
2737 
2738 	ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2739 				&elems);
2740 
2741 	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2742 
2743 	if (ifmgd->associated &&
2744 	    ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2745 		ieee80211_reset_ap_probe(sdata);
2746 
2747 	if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2748 	    ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2749 		/* got probe response, continue with auth */
2750 		sdata_info(sdata, "direct probe responded\n");
2751 		ifmgd->auth_data->tries = 0;
2752 		ifmgd->auth_data->timeout = jiffies;
2753 		ifmgd->auth_data->timeout_started = true;
2754 		run_again(ifmgd, ifmgd->auth_data->timeout);
2755 	}
2756 }
2757 
2758 /*
2759  * This is the canonical list of information elements we care about,
2760  * the filter code also gives us all changes to the Microsoft OUI
2761  * (00:50:F2) vendor IE which is used for WMM which we need to track.
2762  *
2763  * We implement beacon filtering in software since that means we can
2764  * avoid processing the frame here and in cfg80211, and userspace
2765  * will not be able to tell whether the hardware supports it or not.
2766  *
2767  * XXX: This list needs to be dynamic -- userspace needs to be able to
2768  *	add items it requires. It also needs to be able to tell us to
2769  *	look out for other vendor IEs.
2770  */
2771 static const u64 care_about_ies =
2772 	(1ULL << WLAN_EID_COUNTRY) |
2773 	(1ULL << WLAN_EID_ERP_INFO) |
2774 	(1ULL << WLAN_EID_CHANNEL_SWITCH) |
2775 	(1ULL << WLAN_EID_PWR_CONSTRAINT) |
2776 	(1ULL << WLAN_EID_HT_CAPABILITY) |
2777 	(1ULL << WLAN_EID_HT_OPERATION);
2778 
2779 static enum rx_mgmt_action
2780 ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2781 			 struct ieee80211_mgmt *mgmt, size_t len,
2782 			 u8 *deauth_buf, struct ieee80211_rx_status *rx_status)
2783 {
2784 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2785 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2786 	size_t baselen;
2787 	struct ieee802_11_elems elems;
2788 	struct ieee80211_local *local = sdata->local;
2789 	struct ieee80211_chanctx_conf *chanctx_conf;
2790 	struct ieee80211_channel *chan;
2791 	struct sta_info *sta;
2792 	u32 changed = 0;
2793 	bool erp_valid;
2794 	u8 erp_value = 0;
2795 	u32 ncrc;
2796 	u8 *bssid;
2797 
2798 	lockdep_assert_held(&ifmgd->mtx);
2799 
2800 	/* Process beacon from the current BSS */
2801 	baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2802 	if (baselen > len)
2803 		return RX_MGMT_NONE;
2804 
2805 	rcu_read_lock();
2806 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2807 	if (!chanctx_conf) {
2808 		rcu_read_unlock();
2809 		return RX_MGMT_NONE;
2810 	}
2811 
2812 	if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2813 		rcu_read_unlock();
2814 		return RX_MGMT_NONE;
2815 	}
2816 	chan = chanctx_conf->def.chan;
2817 	rcu_read_unlock();
2818 
2819 	if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2820 	    ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2821 		ieee802_11_parse_elems(mgmt->u.beacon.variable,
2822 				       len - baselen, &elems);
2823 
2824 		ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2825 		ifmgd->assoc_data->have_beacon = true;
2826 		ifmgd->assoc_data->need_beacon = false;
2827 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2828 			sdata->vif.bss_conf.sync_tsf =
2829 				le64_to_cpu(mgmt->u.beacon.timestamp);
2830 			sdata->vif.bss_conf.sync_device_ts =
2831 				rx_status->device_timestamp;
2832 			if (elems.tim)
2833 				sdata->vif.bss_conf.sync_dtim_count =
2834 					elems.tim->dtim_count;
2835 			else
2836 				sdata->vif.bss_conf.sync_dtim_count = 0;
2837 		}
2838 		/* continue assoc process */
2839 		ifmgd->assoc_data->timeout = jiffies;
2840 		ifmgd->assoc_data->timeout_started = true;
2841 		run_again(ifmgd, ifmgd->assoc_data->timeout);
2842 		return RX_MGMT_NONE;
2843 	}
2844 
2845 	if (!ifmgd->associated ||
2846 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2847 		return RX_MGMT_NONE;
2848 	bssid = ifmgd->associated->bssid;
2849 
2850 	/* Track average RSSI from the Beacon frames of the current AP */
2851 	ifmgd->last_beacon_signal = rx_status->signal;
2852 	if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2853 		ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2854 		ifmgd->ave_beacon_signal = rx_status->signal * 16;
2855 		ifmgd->last_cqm_event_signal = 0;
2856 		ifmgd->count_beacon_signal = 1;
2857 		ifmgd->last_ave_beacon_signal = 0;
2858 	} else {
2859 		ifmgd->ave_beacon_signal =
2860 			(IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2861 			 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2862 			 ifmgd->ave_beacon_signal) / 16;
2863 		ifmgd->count_beacon_signal++;
2864 	}
2865 
2866 	if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2867 	    ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2868 		int sig = ifmgd->ave_beacon_signal;
2869 		int last_sig = ifmgd->last_ave_beacon_signal;
2870 
2871 		/*
2872 		 * if signal crosses either of the boundaries, invoke callback
2873 		 * with appropriate parameters
2874 		 */
2875 		if (sig > ifmgd->rssi_max_thold &&
2876 		    (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2877 			ifmgd->last_ave_beacon_signal = sig;
2878 			drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2879 		} else if (sig < ifmgd->rssi_min_thold &&
2880 			   (last_sig >= ifmgd->rssi_max_thold ||
2881 			   last_sig == 0)) {
2882 			ifmgd->last_ave_beacon_signal = sig;
2883 			drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
2884 		}
2885 	}
2886 
2887 	if (bss_conf->cqm_rssi_thold &&
2888 	    ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
2889 	    !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
2890 		int sig = ifmgd->ave_beacon_signal / 16;
2891 		int last_event = ifmgd->last_cqm_event_signal;
2892 		int thold = bss_conf->cqm_rssi_thold;
2893 		int hyst = bss_conf->cqm_rssi_hyst;
2894 		if (sig < thold &&
2895 		    (last_event == 0 || sig < last_event - hyst)) {
2896 			ifmgd->last_cqm_event_signal = sig;
2897 			ieee80211_cqm_rssi_notify(
2898 				&sdata->vif,
2899 				NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
2900 				GFP_KERNEL);
2901 		} else if (sig > thold &&
2902 			   (last_event == 0 || sig > last_event + hyst)) {
2903 			ifmgd->last_cqm_event_signal = sig;
2904 			ieee80211_cqm_rssi_notify(
2905 				&sdata->vif,
2906 				NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
2907 				GFP_KERNEL);
2908 		}
2909 	}
2910 
2911 	if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
2912 		mlme_dbg_ratelimited(sdata,
2913 				     "cancelling AP probe due to a received beacon\n");
2914 		mutex_lock(&local->mtx);
2915 		ifmgd->flags &= ~IEEE80211_STA_BEACON_POLL;
2916 		ieee80211_run_deferred_scan(local);
2917 		mutex_unlock(&local->mtx);
2918 
2919 		mutex_lock(&local->iflist_mtx);
2920 		ieee80211_recalc_ps(local, -1);
2921 		mutex_unlock(&local->iflist_mtx);
2922 	}
2923 
2924 	/*
2925 	 * Push the beacon loss detection into the future since
2926 	 * we are processing a beacon from the AP just now.
2927 	 */
2928 	ieee80211_sta_reset_beacon_monitor(sdata);
2929 
2930 	ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2931 	ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2932 					  len - baselen, &elems,
2933 					  care_about_ies, ncrc);
2934 
2935 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
2936 		bool directed_tim = ieee80211_check_tim(elems.tim,
2937 							elems.tim_len,
2938 							ifmgd->aid);
2939 		if (directed_tim) {
2940 			if (local->hw.conf.dynamic_ps_timeout > 0) {
2941 				if (local->hw.conf.flags & IEEE80211_CONF_PS) {
2942 					local->hw.conf.flags &= ~IEEE80211_CONF_PS;
2943 					ieee80211_hw_config(local,
2944 							    IEEE80211_CONF_CHANGE_PS);
2945 				}
2946 				ieee80211_send_nullfunc(local, sdata, 0);
2947 			} else if (!local->pspolling && sdata->u.mgd.powersave) {
2948 				local->pspolling = true;
2949 
2950 				/*
2951 				 * Here is assumed that the driver will be
2952 				 * able to send ps-poll frame and receive a
2953 				 * response even though power save mode is
2954 				 * enabled, but some drivers might require
2955 				 * to disable power save here. This needs
2956 				 * to be investigated.
2957 				 */
2958 				ieee80211_send_pspoll(local, sdata);
2959 			}
2960 		}
2961 	}
2962 
2963 	if (sdata->vif.p2p) {
2964 		u8 noa[2];
2965 		int ret;
2966 
2967 		ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2968 					    len - baselen,
2969 					    IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2970 					    noa, sizeof(noa));
2971 		if (ret >= 2 && sdata->u.mgd.p2p_noa_index != noa[0]) {
2972 			bss_conf->p2p_oppps = noa[1] & 0x80;
2973 			bss_conf->p2p_ctwindow = noa[1] & 0x7f;
2974 			changed |= BSS_CHANGED_P2P_PS;
2975 			sdata->u.mgd.p2p_noa_index = noa[0];
2976 			/*
2977 			 * make sure we update all information, the CRC
2978 			 * mechanism doesn't look at P2P attributes.
2979 			 */
2980 			ifmgd->beacon_crc_valid = false;
2981 		}
2982 	}
2983 
2984 	if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
2985 		return RX_MGMT_NONE;
2986 	ifmgd->beacon_crc = ncrc;
2987 	ifmgd->beacon_crc_valid = true;
2988 
2989 	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2990 
2991 	if (ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2992 				     elems.wmm_param_len))
2993 		changed |= BSS_CHANGED_QOS;
2994 
2995 	/*
2996 	 * If we haven't had a beacon before, tell the driver about the
2997 	 * DTIM period (and beacon timing if desired) now.
2998 	 */
2999 	if (!bss_conf->dtim_period) {
3000 		/* a few bogus AP send dtim_period = 0 or no TIM IE */
3001 		if (elems.tim)
3002 			bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3003 		else
3004 			bss_conf->dtim_period = 1;
3005 
3006 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3007 			sdata->vif.bss_conf.sync_tsf =
3008 				le64_to_cpu(mgmt->u.beacon.timestamp);
3009 			sdata->vif.bss_conf.sync_device_ts =
3010 				rx_status->device_timestamp;
3011 			if (elems.tim)
3012 				sdata->vif.bss_conf.sync_dtim_count =
3013 					elems.tim->dtim_count;
3014 			else
3015 				sdata->vif.bss_conf.sync_dtim_count = 0;
3016 		}
3017 
3018 		changed |= BSS_CHANGED_DTIM_PERIOD;
3019 	}
3020 
3021 	if (elems.erp_info && elems.erp_info_len >= 1) {
3022 		erp_valid = true;
3023 		erp_value = elems.erp_info[0];
3024 	} else {
3025 		erp_valid = false;
3026 	}
3027 	changed |= ieee80211_handle_bss_capability(sdata,
3028 			le16_to_cpu(mgmt->u.beacon.capab_info),
3029 			erp_valid, erp_value);
3030 
3031 	mutex_lock(&local->sta_mtx);
3032 	sta = sta_info_get(sdata, bssid);
3033 
3034 	if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3035 				elems.vht_operation, bssid, &changed)) {
3036 		mutex_unlock(&local->sta_mtx);
3037 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3038 				       WLAN_REASON_DEAUTH_LEAVING,
3039 				       true, deauth_buf);
3040 		return RX_MGMT_CFG80211_TX_DEAUTH;
3041 	}
3042 
3043 	if (sta && elems.opmode_notif)
3044 		ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3045 					    rx_status->band, true);
3046 	mutex_unlock(&local->sta_mtx);
3047 
3048 	if (elems.country_elem && elems.pwr_constr_elem &&
3049 	    mgmt->u.probe_resp.capab_info &
3050 				cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3051 		changed |= ieee80211_handle_pwr_constr(sdata, chan,
3052 						       elems.country_elem,
3053 						       elems.country_elem_len,
3054 						       elems.pwr_constr_elem);
3055 
3056 	ieee80211_bss_info_change_notify(sdata, changed);
3057 
3058 	return RX_MGMT_NONE;
3059 }
3060 
3061 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3062 				  struct sk_buff *skb)
3063 {
3064 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3065 	struct ieee80211_rx_status *rx_status;
3066 	struct ieee80211_mgmt *mgmt;
3067 	struct cfg80211_bss *bss = NULL;
3068 	enum rx_mgmt_action rma = RX_MGMT_NONE;
3069 	u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3070 	u16 fc;
3071 
3072 	rx_status = (struct ieee80211_rx_status *) skb->cb;
3073 	mgmt = (struct ieee80211_mgmt *) skb->data;
3074 	fc = le16_to_cpu(mgmt->frame_control);
3075 
3076 	mutex_lock(&ifmgd->mtx);
3077 
3078 	switch (fc & IEEE80211_FCTL_STYPE) {
3079 	case IEEE80211_STYPE_BEACON:
3080 		rma = ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len,
3081 					       deauth_buf, rx_status);
3082 		break;
3083 	case IEEE80211_STYPE_PROBE_RESP:
3084 		ieee80211_rx_mgmt_probe_resp(sdata, skb);
3085 		break;
3086 	case IEEE80211_STYPE_AUTH:
3087 		rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3088 		break;
3089 	case IEEE80211_STYPE_DEAUTH:
3090 		rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3091 		break;
3092 	case IEEE80211_STYPE_DISASSOC:
3093 		rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3094 		break;
3095 	case IEEE80211_STYPE_ASSOC_RESP:
3096 	case IEEE80211_STYPE_REASSOC_RESP:
3097 		rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
3098 		break;
3099 	case IEEE80211_STYPE_ACTION:
3100 		switch (mgmt->u.action.category) {
3101 		case WLAN_CATEGORY_SPECTRUM_MGMT:
3102 			ieee80211_sta_process_chanswitch(sdata,
3103 					&mgmt->u.action.u.chan_switch.sw_elem,
3104 					(void *)ifmgd->associated->priv,
3105 					rx_status->mactime);
3106 			break;
3107 		}
3108 	}
3109 	mutex_unlock(&ifmgd->mtx);
3110 
3111 	switch (rma) {
3112 	case RX_MGMT_NONE:
3113 		/* no action */
3114 		break;
3115 	case RX_MGMT_CFG80211_DEAUTH:
3116 		cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
3117 		break;
3118 	case RX_MGMT_CFG80211_DISASSOC:
3119 		cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
3120 		break;
3121 	case RX_MGMT_CFG80211_RX_AUTH:
3122 		cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len);
3123 		break;
3124 	case RX_MGMT_CFG80211_RX_ASSOC:
3125 		cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len);
3126 		break;
3127 	case RX_MGMT_CFG80211_ASSOC_TIMEOUT:
3128 		cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid);
3129 		break;
3130 	case RX_MGMT_CFG80211_TX_DEAUTH:
3131 		cfg80211_send_deauth(sdata->dev, deauth_buf,
3132 				     sizeof(deauth_buf));
3133 		break;
3134 	default:
3135 		WARN(1, "unexpected: %d", rma);
3136 	}
3137 }
3138 
3139 static void ieee80211_sta_timer(unsigned long data)
3140 {
3141 	struct ieee80211_sub_if_data *sdata =
3142 		(struct ieee80211_sub_if_data *) data;
3143 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3144 	struct ieee80211_local *local = sdata->local;
3145 
3146 	if (local->quiescing) {
3147 		set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
3148 		return;
3149 	}
3150 
3151 	ieee80211_queue_work(&local->hw, &sdata->work);
3152 }
3153 
3154 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3155 					  u8 *bssid, u8 reason, bool tx)
3156 {
3157 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3158 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3159 
3160 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3161 			       tx, frame_buf);
3162 	mutex_unlock(&ifmgd->mtx);
3163 
3164 	/*
3165 	 * must be outside lock due to cfg80211,
3166 	 * but that's not a problem.
3167 	 */
3168 	cfg80211_send_deauth(sdata->dev, frame_buf, IEEE80211_DEAUTH_FRAME_LEN);
3169 
3170 	mutex_lock(&ifmgd->mtx);
3171 }
3172 
3173 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3174 {
3175 	struct ieee80211_local *local = sdata->local;
3176 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3177 	struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3178 	u32 tx_flags = 0;
3179 
3180 	lockdep_assert_held(&ifmgd->mtx);
3181 
3182 	if (WARN_ON_ONCE(!auth_data))
3183 		return -EINVAL;
3184 
3185 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3186 		tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3187 			   IEEE80211_TX_INTFL_MLME_CONN_TX;
3188 
3189 	auth_data->tries++;
3190 
3191 	if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3192 		sdata_info(sdata, "authentication with %pM timed out\n",
3193 			   auth_data->bss->bssid);
3194 
3195 		/*
3196 		 * Most likely AP is not in the range so remove the
3197 		 * bss struct for that AP.
3198 		 */
3199 		cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3200 
3201 		return -ETIMEDOUT;
3202 	}
3203 
3204 	drv_mgd_prepare_tx(local, sdata);
3205 
3206 	if (auth_data->bss->proberesp_ies) {
3207 		u16 trans = 1;
3208 		u16 status = 0;
3209 
3210 		sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3211 			   auth_data->bss->bssid, auth_data->tries,
3212 			   IEEE80211_AUTH_MAX_TRIES);
3213 
3214 		auth_data->expected_transaction = 2;
3215 
3216 		if (auth_data->algorithm == WLAN_AUTH_SAE) {
3217 			trans = auth_data->sae_trans;
3218 			status = auth_data->sae_status;
3219 			auth_data->expected_transaction = trans;
3220 		}
3221 
3222 		ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3223 				    auth_data->data, auth_data->data_len,
3224 				    auth_data->bss->bssid,
3225 				    auth_data->bss->bssid, NULL, 0, 0,
3226 				    tx_flags);
3227 	} else {
3228 		const u8 *ssidie;
3229 
3230 		sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3231 			   auth_data->bss->bssid, auth_data->tries,
3232 			   IEEE80211_AUTH_MAX_TRIES);
3233 
3234 		rcu_read_lock();
3235 		ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3236 		if (!ssidie) {
3237 			rcu_read_unlock();
3238 			return -EINVAL;
3239 		}
3240 		/*
3241 		 * Direct probe is sent to broadcast address as some APs
3242 		 * will not answer to direct packet in unassociated state.
3243 		 */
3244 		ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3245 					 NULL, 0, (u32) -1, true, tx_flags,
3246 					 auth_data->bss->channel, false);
3247 		rcu_read_unlock();
3248 	}
3249 
3250 	if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3251 		auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3252 		ifmgd->auth_data->timeout_started = true;
3253 		run_again(ifmgd, auth_data->timeout);
3254 	} else {
3255 		auth_data->timeout_started = false;
3256 	}
3257 
3258 	return 0;
3259 }
3260 
3261 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3262 {
3263 	struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3264 	struct ieee80211_local *local = sdata->local;
3265 
3266 	lockdep_assert_held(&sdata->u.mgd.mtx);
3267 
3268 	assoc_data->tries++;
3269 	if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3270 		sdata_info(sdata, "association with %pM timed out\n",
3271 			   assoc_data->bss->bssid);
3272 
3273 		/*
3274 		 * Most likely AP is not in the range so remove the
3275 		 * bss struct for that AP.
3276 		 */
3277 		cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3278 
3279 		return -ETIMEDOUT;
3280 	}
3281 
3282 	sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3283 		   assoc_data->bss->bssid, assoc_data->tries,
3284 		   IEEE80211_ASSOC_MAX_TRIES);
3285 	ieee80211_send_assoc(sdata);
3286 
3287 	if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3288 		assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3289 		assoc_data->timeout_started = true;
3290 		run_again(&sdata->u.mgd, assoc_data->timeout);
3291 	} else {
3292 		assoc_data->timeout_started = false;
3293 	}
3294 
3295 	return 0;
3296 }
3297 
3298 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3299 				  __le16 fc, bool acked)
3300 {
3301 	struct ieee80211_local *local = sdata->local;
3302 
3303 	sdata->u.mgd.status_fc = fc;
3304 	sdata->u.mgd.status_acked = acked;
3305 	sdata->u.mgd.status_received = true;
3306 
3307 	ieee80211_queue_work(&local->hw, &sdata->work);
3308 }
3309 
3310 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3311 {
3312 	struct ieee80211_local *local = sdata->local;
3313 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3314 
3315 	mutex_lock(&ifmgd->mtx);
3316 
3317 	if (ifmgd->status_received) {
3318 		__le16 fc = ifmgd->status_fc;
3319 		bool status_acked = ifmgd->status_acked;
3320 
3321 		ifmgd->status_received = false;
3322 		if (ifmgd->auth_data &&
3323 		    (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3324 			if (status_acked) {
3325 				ifmgd->auth_data->timeout =
3326 					jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3327 				run_again(ifmgd, ifmgd->auth_data->timeout);
3328 			} else {
3329 				ifmgd->auth_data->timeout = jiffies - 1;
3330 			}
3331 			ifmgd->auth_data->timeout_started = true;
3332 		} else if (ifmgd->assoc_data &&
3333 			   (ieee80211_is_assoc_req(fc) ||
3334 			    ieee80211_is_reassoc_req(fc))) {
3335 			if (status_acked) {
3336 				ifmgd->assoc_data->timeout =
3337 					jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3338 				run_again(ifmgd, ifmgd->assoc_data->timeout);
3339 			} else {
3340 				ifmgd->assoc_data->timeout = jiffies - 1;
3341 			}
3342 			ifmgd->assoc_data->timeout_started = true;
3343 		}
3344 	}
3345 
3346 	if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3347 	    time_after(jiffies, ifmgd->auth_data->timeout)) {
3348 		if (ifmgd->auth_data->done) {
3349 			/*
3350 			 * ok ... we waited for assoc but userspace didn't,
3351 			 * so let's just kill the auth data
3352 			 */
3353 			ieee80211_destroy_auth_data(sdata, false);
3354 		} else if (ieee80211_probe_auth(sdata)) {
3355 			u8 bssid[ETH_ALEN];
3356 
3357 			memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3358 
3359 			ieee80211_destroy_auth_data(sdata, false);
3360 
3361 			mutex_unlock(&ifmgd->mtx);
3362 			cfg80211_send_auth_timeout(sdata->dev, bssid);
3363 			mutex_lock(&ifmgd->mtx);
3364 		}
3365 	} else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3366 		run_again(ifmgd, ifmgd->auth_data->timeout);
3367 
3368 	if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3369 	    time_after(jiffies, ifmgd->assoc_data->timeout)) {
3370 		if ((ifmgd->assoc_data->need_beacon &&
3371 		     !ifmgd->assoc_data->have_beacon) ||
3372 		    ieee80211_do_assoc(sdata)) {
3373 			u8 bssid[ETH_ALEN];
3374 
3375 			memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN);
3376 
3377 			ieee80211_destroy_assoc_data(sdata, false);
3378 
3379 			mutex_unlock(&ifmgd->mtx);
3380 			cfg80211_send_assoc_timeout(sdata->dev, bssid);
3381 			mutex_lock(&ifmgd->mtx);
3382 		}
3383 	} else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3384 		run_again(ifmgd, ifmgd->assoc_data->timeout);
3385 
3386 	if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
3387 			    IEEE80211_STA_CONNECTION_POLL) &&
3388 	    ifmgd->associated) {
3389 		u8 bssid[ETH_ALEN];
3390 		int max_tries;
3391 
3392 		memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3393 
3394 		if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3395 			max_tries = max_nullfunc_tries;
3396 		else
3397 			max_tries = max_probe_tries;
3398 
3399 		/* ACK received for nullfunc probing frame */
3400 		if (!ifmgd->probe_send_count)
3401 			ieee80211_reset_ap_probe(sdata);
3402 		else if (ifmgd->nullfunc_failed) {
3403 			if (ifmgd->probe_send_count < max_tries) {
3404 				mlme_dbg(sdata,
3405 					 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3406 					 bssid, ifmgd->probe_send_count,
3407 					 max_tries);
3408 				ieee80211_mgd_probe_ap_send(sdata);
3409 			} else {
3410 				mlme_dbg(sdata,
3411 					 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3412 					 bssid);
3413 				ieee80211_sta_connection_lost(sdata, bssid,
3414 					WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3415 					false);
3416 			}
3417 		} else if (time_is_after_jiffies(ifmgd->probe_timeout))
3418 			run_again(ifmgd, ifmgd->probe_timeout);
3419 		else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3420 			mlme_dbg(sdata,
3421 				 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3422 				 bssid, probe_wait_ms);
3423 			ieee80211_sta_connection_lost(sdata, bssid,
3424 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3425 		} else if (ifmgd->probe_send_count < max_tries) {
3426 			mlme_dbg(sdata,
3427 				 "No probe response from AP %pM after %dms, try %d/%i\n",
3428 				 bssid, probe_wait_ms,
3429 				 ifmgd->probe_send_count, max_tries);
3430 			ieee80211_mgd_probe_ap_send(sdata);
3431 		} else {
3432 			/*
3433 			 * We actually lost the connection ... or did we?
3434 			 * Let's make sure!
3435 			 */
3436 			wiphy_debug(local->hw.wiphy,
3437 				    "%s: No probe response from AP %pM"
3438 				    " after %dms, disconnecting.\n",
3439 				    sdata->name,
3440 				    bssid, probe_wait_ms);
3441 
3442 			ieee80211_sta_connection_lost(sdata, bssid,
3443 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3444 		}
3445 	}
3446 
3447 	mutex_unlock(&ifmgd->mtx);
3448 }
3449 
3450 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3451 {
3452 	struct ieee80211_sub_if_data *sdata =
3453 		(struct ieee80211_sub_if_data *) data;
3454 	struct ieee80211_local *local = sdata->local;
3455 
3456 	if (local->quiescing)
3457 		return;
3458 
3459 	sdata->u.mgd.connection_loss = false;
3460 	ieee80211_queue_work(&sdata->local->hw,
3461 			     &sdata->u.mgd.beacon_connection_loss_work);
3462 }
3463 
3464 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3465 {
3466 	struct ieee80211_sub_if_data *sdata =
3467 		(struct ieee80211_sub_if_data *) data;
3468 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3469 	struct ieee80211_local *local = sdata->local;
3470 
3471 	if (local->quiescing)
3472 		return;
3473 
3474 	ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3475 }
3476 
3477 static void ieee80211_sta_monitor_work(struct work_struct *work)
3478 {
3479 	struct ieee80211_sub_if_data *sdata =
3480 		container_of(work, struct ieee80211_sub_if_data,
3481 			     u.mgd.monitor_work);
3482 
3483 	ieee80211_mgd_probe_ap(sdata, false);
3484 }
3485 
3486 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3487 {
3488 	u32 flags;
3489 
3490 	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3491 		__ieee80211_stop_poll(sdata);
3492 
3493 		/* let's probe the connection once */
3494 		flags = sdata->local->hw.flags;
3495 		if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3496 			ieee80211_queue_work(&sdata->local->hw,
3497 					     &sdata->u.mgd.monitor_work);
3498 		/* and do all the other regular work too */
3499 		ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3500 	}
3501 }
3502 
3503 #ifdef CONFIG_PM
3504 void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
3505 {
3506 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3507 
3508 	/*
3509 	 * Stop timers before deleting work items, as timers
3510 	 * could race and re-add the work-items. They will be
3511 	 * re-established on connection.
3512 	 */
3513 	del_timer_sync(&ifmgd->conn_mon_timer);
3514 	del_timer_sync(&ifmgd->bcn_mon_timer);
3515 
3516 	/*
3517 	 * we need to use atomic bitops for the running bits
3518 	 * only because both timers might fire at the same
3519 	 * time -- the code here is properly synchronised.
3520 	 */
3521 
3522 	cancel_work_sync(&ifmgd->request_smps_work);
3523 
3524 	cancel_work_sync(&ifmgd->monitor_work);
3525 	cancel_work_sync(&ifmgd->beacon_connection_loss_work);
3526 	cancel_work_sync(&ifmgd->csa_connection_drop_work);
3527 	if (del_timer_sync(&ifmgd->timer))
3528 		set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
3529 
3530 	if (del_timer_sync(&ifmgd->chswitch_timer))
3531 		set_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running);
3532 	cancel_work_sync(&ifmgd->chswitch_work);
3533 }
3534 
3535 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3536 {
3537 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3538 
3539 	mutex_lock(&ifmgd->mtx);
3540 	if (!ifmgd->associated) {
3541 		mutex_unlock(&ifmgd->mtx);
3542 		return;
3543 	}
3544 
3545 	if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3546 		sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3547 		mlme_dbg(sdata, "driver requested disconnect after resume\n");
3548 		ieee80211_sta_connection_lost(sdata,
3549 					      ifmgd->associated->bssid,
3550 					      WLAN_REASON_UNSPECIFIED,
3551 					      true);
3552 		mutex_unlock(&ifmgd->mtx);
3553 		return;
3554 	}
3555 	mutex_unlock(&ifmgd->mtx);
3556 
3557 	if (test_and_clear_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running))
3558 		add_timer(&ifmgd->timer);
3559 	if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
3560 		add_timer(&ifmgd->chswitch_timer);
3561 	ieee80211_sta_reset_beacon_monitor(sdata);
3562 
3563 	mutex_lock(&sdata->local->mtx);
3564 	ieee80211_restart_sta_timer(sdata);
3565 	mutex_unlock(&sdata->local->mtx);
3566 }
3567 #endif
3568 
3569 /* interface setup */
3570 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3571 {
3572 	struct ieee80211_if_managed *ifmgd;
3573 
3574 	ifmgd = &sdata->u.mgd;
3575 	INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3576 	INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3577 	INIT_WORK(&ifmgd->beacon_connection_loss_work,
3578 		  ieee80211_beacon_connection_loss_work);
3579 	INIT_WORK(&ifmgd->csa_connection_drop_work,
3580 		  ieee80211_csa_connection_drop_work);
3581 	INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
3582 	setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3583 		    (unsigned long) sdata);
3584 	setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3585 		    (unsigned long) sdata);
3586 	setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3587 		    (unsigned long) sdata);
3588 	setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3589 		    (unsigned long) sdata);
3590 
3591 	ifmgd->flags = 0;
3592 	ifmgd->powersave = sdata->wdev.ps;
3593 	ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
3594 	ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
3595 
3596 	mutex_init(&ifmgd->mtx);
3597 
3598 	if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3599 		ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3600 	else
3601 		ifmgd->req_smps = IEEE80211_SMPS_OFF;
3602 }
3603 
3604 /* scan finished notification */
3605 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3606 {
3607 	struct ieee80211_sub_if_data *sdata;
3608 
3609 	/* Restart STA timers */
3610 	rcu_read_lock();
3611 	list_for_each_entry_rcu(sdata, &local->interfaces, list)
3612 		ieee80211_restart_sta_timer(sdata);
3613 	rcu_read_unlock();
3614 }
3615 
3616 int ieee80211_max_network_latency(struct notifier_block *nb,
3617 				  unsigned long data, void *dummy)
3618 {
3619 	s32 latency_usec = (s32) data;
3620 	struct ieee80211_local *local =
3621 		container_of(nb, struct ieee80211_local,
3622 			     network_latency_notifier);
3623 
3624 	mutex_lock(&local->iflist_mtx);
3625 	ieee80211_recalc_ps(local, latency_usec);
3626 	mutex_unlock(&local->iflist_mtx);
3627 
3628 	return 0;
3629 }
3630 
3631 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3632 				     struct cfg80211_bss *cbss)
3633 {
3634 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3635 	const u8 *ht_cap_ie, *vht_cap_ie;
3636 	const struct ieee80211_ht_cap *ht_cap;
3637 	const struct ieee80211_vht_cap *vht_cap;
3638 	u8 chains = 1;
3639 
3640 	if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3641 		return chains;
3642 
3643 	ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3644 	if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3645 		ht_cap = (void *)(ht_cap_ie + 2);
3646 		chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3647 		/*
3648 		 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3649 		 *	 "Tx Unequal Modulation Supported" fields.
3650 		 */
3651 	}
3652 
3653 	if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3654 		return chains;
3655 
3656 	vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3657 	if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3658 		u8 nss;
3659 		u16 tx_mcs_map;
3660 
3661 		vht_cap = (void *)(vht_cap_ie + 2);
3662 		tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3663 		for (nss = 8; nss > 0; nss--) {
3664 			if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3665 					IEEE80211_VHT_MCS_NOT_SUPPORTED)
3666 				break;
3667 		}
3668 		/* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3669 		chains = max(chains, nss);
3670 	}
3671 
3672 	return chains;
3673 }
3674 
3675 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3676 				  struct cfg80211_bss *cbss)
3677 {
3678 	struct ieee80211_local *local = sdata->local;
3679 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3680 	const struct ieee80211_ht_operation *ht_oper = NULL;
3681 	const struct ieee80211_vht_operation *vht_oper = NULL;
3682 	struct ieee80211_supported_band *sband;
3683 	struct cfg80211_chan_def chandef;
3684 	int ret;
3685 
3686 	sband = local->hw.wiphy->bands[cbss->channel->band];
3687 
3688 	ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3689 			  IEEE80211_STA_DISABLE_80P80MHZ |
3690 			  IEEE80211_STA_DISABLE_160MHZ);
3691 
3692 	rcu_read_lock();
3693 
3694 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3695 	    sband->ht_cap.ht_supported) {
3696 		const u8 *ht_oper_ie, *ht_cap;
3697 
3698 		ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3699 		if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3700 			ht_oper = (void *)(ht_oper_ie + 2);
3701 
3702 		ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3703 		if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3704 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3705 			ht_oper = NULL;
3706 		}
3707 	}
3708 
3709 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3710 	    sband->vht_cap.vht_supported) {
3711 		const u8 *vht_oper_ie, *vht_cap;
3712 
3713 		vht_oper_ie = ieee80211_bss_get_ie(cbss,
3714 						   WLAN_EID_VHT_OPERATION);
3715 		if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3716 			vht_oper = (void *)(vht_oper_ie + 2);
3717 		if (vht_oper && !ht_oper) {
3718 			vht_oper = NULL;
3719 			sdata_info(sdata,
3720 				   "AP advertised VHT without HT, disabling both\n");
3721 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3722 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3723 		}
3724 
3725 		vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3726 		if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3727 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3728 			vht_oper = NULL;
3729 		}
3730 	}
3731 
3732 	ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3733 						     cbss->channel,
3734 						     ht_oper, vht_oper,
3735 						     &chandef, true);
3736 
3737 	sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3738 				      local->rx_chains);
3739 
3740 	rcu_read_unlock();
3741 
3742 	/* will change later if needed */
3743 	sdata->smps_mode = IEEE80211_SMPS_OFF;
3744 
3745 	/*
3746 	 * If this fails (possibly due to channel context sharing
3747 	 * on incompatible channels, e.g. 80+80 and 160 sharing the
3748 	 * same control channel) try to use a smaller bandwidth.
3749 	 */
3750 	ret = ieee80211_vif_use_channel(sdata, &chandef,
3751 					IEEE80211_CHANCTX_SHARED);
3752 	while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3753 		ifmgd->flags |= chandef_downgrade(&chandef);
3754 		ret = ieee80211_vif_use_channel(sdata, &chandef,
3755 						IEEE80211_CHANCTX_SHARED);
3756 	}
3757 	return ret;
3758 }
3759 
3760 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3761 				     struct cfg80211_bss *cbss, bool assoc)
3762 {
3763 	struct ieee80211_local *local = sdata->local;
3764 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3765 	struct ieee80211_bss *bss = (void *)cbss->priv;
3766 	struct sta_info *new_sta = NULL;
3767 	bool have_sta = false;
3768 	int err;
3769 
3770 	if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3771 		return -EINVAL;
3772 
3773 	if (assoc) {
3774 		rcu_read_lock();
3775 		have_sta = sta_info_get(sdata, cbss->bssid);
3776 		rcu_read_unlock();
3777 	}
3778 
3779 	if (!have_sta) {
3780 		new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3781 		if (!new_sta)
3782 			return -ENOMEM;
3783 	}
3784 
3785 	if (new_sta) {
3786 		u32 rates = 0, basic_rates = 0;
3787 		bool have_higher_than_11mbit;
3788 		int min_rate = INT_MAX, min_rate_index = -1;
3789 		struct ieee80211_supported_band *sband;
3790 		const struct cfg80211_bss_ies *ies;
3791 
3792 		sband = local->hw.wiphy->bands[cbss->channel->band];
3793 
3794 		err = ieee80211_prep_channel(sdata, cbss);
3795 		if (err) {
3796 			sta_info_free(local, new_sta);
3797 			return err;
3798 		}
3799 
3800 		ieee80211_get_rates(sband, bss->supp_rates,
3801 				    bss->supp_rates_len,
3802 				    &rates, &basic_rates,
3803 				    &have_higher_than_11mbit,
3804 				    &min_rate, &min_rate_index);
3805 
3806 		/*
3807 		 * This used to be a workaround for basic rates missing
3808 		 * in the association response frame. Now that we no
3809 		 * longer use the basic rates from there, it probably
3810 		 * doesn't happen any more, but keep the workaround so
3811 		 * in case some *other* APs are buggy in different ways
3812 		 * we can connect -- with a warning.
3813 		 */
3814 		if (!basic_rates && min_rate_index >= 0) {
3815 			sdata_info(sdata,
3816 				   "No basic rates, using min rate instead\n");
3817 			basic_rates = BIT(min_rate_index);
3818 		}
3819 
3820 		new_sta->sta.supp_rates[cbss->channel->band] = rates;
3821 		sdata->vif.bss_conf.basic_rates = basic_rates;
3822 
3823 		/* cf. IEEE 802.11 9.2.12 */
3824 		if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3825 		    have_higher_than_11mbit)
3826 			sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3827 		else
3828 			sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3829 
3830 		memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3831 
3832 		/* set timing information */
3833 		sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3834 		rcu_read_lock();
3835 		ies = rcu_dereference(cbss->beacon_ies);
3836 		if (ies) {
3837 			const u8 *tim_ie;
3838 
3839 			sdata->vif.bss_conf.sync_tsf = ies->tsf;
3840 			sdata->vif.bss_conf.sync_device_ts =
3841 				bss->device_ts_beacon;
3842 			tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3843 						  ies->data, ies->len);
3844 			if (tim_ie && tim_ie[1] >= 2)
3845 				sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3846 			else
3847 				sdata->vif.bss_conf.sync_dtim_count = 0;
3848 		} else if (!(local->hw.flags &
3849 					IEEE80211_HW_TIMING_BEACON_ONLY)) {
3850 			ies = rcu_dereference(cbss->proberesp_ies);
3851 			/* must be non-NULL since beacon IEs were NULL */
3852 			sdata->vif.bss_conf.sync_tsf = ies->tsf;
3853 			sdata->vif.bss_conf.sync_device_ts =
3854 				bss->device_ts_presp;
3855 			sdata->vif.bss_conf.sync_dtim_count = 0;
3856 		} else {
3857 			sdata->vif.bss_conf.sync_tsf = 0;
3858 			sdata->vif.bss_conf.sync_device_ts = 0;
3859 			sdata->vif.bss_conf.sync_dtim_count = 0;
3860 		}
3861 		rcu_read_unlock();
3862 
3863 		/* tell driver about BSSID, basic rates and timing */
3864 		ieee80211_bss_info_change_notify(sdata,
3865 			BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3866 			BSS_CHANGED_BEACON_INT);
3867 
3868 		if (assoc)
3869 			sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
3870 
3871 		err = sta_info_insert(new_sta);
3872 		new_sta = NULL;
3873 		if (err) {
3874 			sdata_info(sdata,
3875 				   "failed to insert STA entry for the AP (error %d)\n",
3876 				   err);
3877 			return err;
3878 		}
3879 	} else
3880 		WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
3881 
3882 	return 0;
3883 }
3884 
3885 /* config hooks */
3886 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3887 		       struct cfg80211_auth_request *req)
3888 {
3889 	struct ieee80211_local *local = sdata->local;
3890 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3891 	struct ieee80211_mgd_auth_data *auth_data;
3892 	u16 auth_alg;
3893 	int err;
3894 
3895 	/* prepare auth data structure */
3896 
3897 	switch (req->auth_type) {
3898 	case NL80211_AUTHTYPE_OPEN_SYSTEM:
3899 		auth_alg = WLAN_AUTH_OPEN;
3900 		break;
3901 	case NL80211_AUTHTYPE_SHARED_KEY:
3902 		if (IS_ERR(local->wep_tx_tfm))
3903 			return -EOPNOTSUPP;
3904 		auth_alg = WLAN_AUTH_SHARED_KEY;
3905 		break;
3906 	case NL80211_AUTHTYPE_FT:
3907 		auth_alg = WLAN_AUTH_FT;
3908 		break;
3909 	case NL80211_AUTHTYPE_NETWORK_EAP:
3910 		auth_alg = WLAN_AUTH_LEAP;
3911 		break;
3912 	case NL80211_AUTHTYPE_SAE:
3913 		auth_alg = WLAN_AUTH_SAE;
3914 		break;
3915 	default:
3916 		return -EOPNOTSUPP;
3917 	}
3918 
3919 	auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
3920 			    req->ie_len, GFP_KERNEL);
3921 	if (!auth_data)
3922 		return -ENOMEM;
3923 
3924 	auth_data->bss = req->bss;
3925 
3926 	if (req->sae_data_len >= 4) {
3927 		__le16 *pos = (__le16 *) req->sae_data;
3928 		auth_data->sae_trans = le16_to_cpu(pos[0]);
3929 		auth_data->sae_status = le16_to_cpu(pos[1]);
3930 		memcpy(auth_data->data, req->sae_data + 4,
3931 		       req->sae_data_len - 4);
3932 		auth_data->data_len += req->sae_data_len - 4;
3933 	}
3934 
3935 	if (req->ie && req->ie_len) {
3936 		memcpy(&auth_data->data[auth_data->data_len],
3937 		       req->ie, req->ie_len);
3938 		auth_data->data_len += req->ie_len;
3939 	}
3940 
3941 	if (req->key && req->key_len) {
3942 		auth_data->key_len = req->key_len;
3943 		auth_data->key_idx = req->key_idx;
3944 		memcpy(auth_data->key, req->key, req->key_len);
3945 	}
3946 
3947 	auth_data->algorithm = auth_alg;
3948 
3949 	/* try to authenticate/probe */
3950 
3951 	mutex_lock(&ifmgd->mtx);
3952 
3953 	if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
3954 	    ifmgd->assoc_data) {
3955 		err = -EBUSY;
3956 		goto err_free;
3957 	}
3958 
3959 	if (ifmgd->auth_data)
3960 		ieee80211_destroy_auth_data(sdata, false);
3961 
3962 	/* prep auth_data so we don't go into idle on disassoc */
3963 	ifmgd->auth_data = auth_data;
3964 
3965 	if (ifmgd->associated)
3966 		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3967 
3968 	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3969 
3970 	err = ieee80211_prep_connection(sdata, req->bss, false);
3971 	if (err)
3972 		goto err_clear;
3973 
3974 	err = ieee80211_probe_auth(sdata);
3975 	if (err) {
3976 		sta_info_destroy_addr(sdata, req->bss->bssid);
3977 		goto err_clear;
3978 	}
3979 
3980 	/* hold our own reference */
3981 	cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
3982 	err = 0;
3983 	goto out_unlock;
3984 
3985  err_clear:
3986 	memset(ifmgd->bssid, 0, ETH_ALEN);
3987 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
3988 	ifmgd->auth_data = NULL;
3989  err_free:
3990 	kfree(auth_data);
3991  out_unlock:
3992 	mutex_unlock(&ifmgd->mtx);
3993 
3994 	return err;
3995 }
3996 
3997 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
3998 			struct cfg80211_assoc_request *req)
3999 {
4000 	struct ieee80211_local *local = sdata->local;
4001 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4002 	struct ieee80211_bss *bss = (void *)req->bss->priv;
4003 	struct ieee80211_mgd_assoc_data *assoc_data;
4004 	const struct cfg80211_bss_ies *beacon_ies;
4005 	struct ieee80211_supported_band *sband;
4006 	const u8 *ssidie, *ht_ie, *vht_ie;
4007 	int i, err;
4008 
4009 	assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4010 	if (!assoc_data)
4011 		return -ENOMEM;
4012 
4013 	rcu_read_lock();
4014 	ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4015 	if (!ssidie) {
4016 		rcu_read_unlock();
4017 		kfree(assoc_data);
4018 		return -EINVAL;
4019 	}
4020 	memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4021 	assoc_data->ssid_len = ssidie[1];
4022 	rcu_read_unlock();
4023 
4024 	mutex_lock(&ifmgd->mtx);
4025 
4026 	if (ifmgd->associated)
4027 		ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
4028 
4029 	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4030 		err = -EBUSY;
4031 		goto err_free;
4032 	}
4033 
4034 	if (ifmgd->assoc_data) {
4035 		err = -EBUSY;
4036 		goto err_free;
4037 	}
4038 
4039 	if (ifmgd->auth_data) {
4040 		bool match;
4041 
4042 		/* keep sta info, bssid if matching */
4043 		match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4044 		ieee80211_destroy_auth_data(sdata, match);
4045 	}
4046 
4047 	/* prepare assoc data */
4048 
4049 	ifmgd->beacon_crc_valid = false;
4050 
4051 	/*
4052 	 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4053 	 * We still associate in non-HT mode (11a/b/g) if any one of these
4054 	 * ciphers is configured as pairwise.
4055 	 * We can set this to true for non-11n hardware, that'll be checked
4056 	 * separately along with the peer capabilities.
4057 	 */
4058 	for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4059 		if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4060 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4061 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4062 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4063 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4064 			netdev_info(sdata->dev,
4065 				    "disabling HT/VHT due to WEP/TKIP use\n");
4066 		}
4067 	}
4068 
4069 	if (req->flags & ASSOC_REQ_DISABLE_HT) {
4070 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4071 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4072 	}
4073 
4074 	/* Also disable HT if we don't support it or the AP doesn't use WMM */
4075 	sband = local->hw.wiphy->bands[req->bss->channel->band];
4076 	if (!sband->ht_cap.ht_supported ||
4077 	    local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4078 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4079 		if (!bss->wmm_used)
4080 			netdev_info(sdata->dev,
4081 				    "disabling HT as WMM/QoS is not supported by the AP\n");
4082 	}
4083 
4084 	/* disable VHT if we don't support it or the AP doesn't use WMM */
4085 	if (!sband->vht_cap.vht_supported ||
4086 	    local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used) {
4087 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4088 		if (!bss->wmm_used)
4089 			netdev_info(sdata->dev,
4090 				    "disabling VHT as WMM/QoS is not supported by the AP\n");
4091 	}
4092 
4093 	memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4094 	memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4095 	       sizeof(ifmgd->ht_capa_mask));
4096 
4097 	if (req->ie && req->ie_len) {
4098 		memcpy(assoc_data->ie, req->ie, req->ie_len);
4099 		assoc_data->ie_len = req->ie_len;
4100 	}
4101 
4102 	assoc_data->bss = req->bss;
4103 
4104 	if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4105 		if (ifmgd->powersave)
4106 			sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4107 		else
4108 			sdata->smps_mode = IEEE80211_SMPS_OFF;
4109 	} else
4110 		sdata->smps_mode = ifmgd->req_smps;
4111 
4112 	assoc_data->capability = req->bss->capability;
4113 	assoc_data->wmm = bss->wmm_used &&
4114 			  (local->hw.queues >= IEEE80211_NUM_ACS);
4115 	assoc_data->supp_rates = bss->supp_rates;
4116 	assoc_data->supp_rates_len = bss->supp_rates_len;
4117 
4118 	rcu_read_lock();
4119 	ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4120 	if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4121 		assoc_data->ap_ht_param =
4122 			((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4123 	else
4124 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4125 	vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4126 	if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4127 		memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4128 		       sizeof(struct ieee80211_vht_cap));
4129 	else
4130 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4131 	rcu_read_unlock();
4132 
4133 	if (bss->wmm_used && bss->uapsd_supported &&
4134 	    (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
4135 		assoc_data->uapsd = true;
4136 		ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4137 	} else {
4138 		assoc_data->uapsd = false;
4139 		ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4140 	}
4141 
4142 	if (req->prev_bssid)
4143 		memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4144 
4145 	if (req->use_mfp) {
4146 		ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4147 		ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4148 	} else {
4149 		ifmgd->mfp = IEEE80211_MFP_DISABLED;
4150 		ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4151 	}
4152 
4153 	if (req->crypto.control_port)
4154 		ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4155 	else
4156 		ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4157 
4158 	sdata->control_port_protocol = req->crypto.control_port_ethertype;
4159 	sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4160 
4161 	/* kick off associate process */
4162 
4163 	ifmgd->assoc_data = assoc_data;
4164 	ifmgd->dtim_period = 0;
4165 
4166 	err = ieee80211_prep_connection(sdata, req->bss, true);
4167 	if (err)
4168 		goto err_clear;
4169 
4170 	rcu_read_lock();
4171 	beacon_ies = rcu_dereference(req->bss->beacon_ies);
4172 
4173 	if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4174 	    !beacon_ies) {
4175 		/*
4176 		 * Wait up to one beacon interval ...
4177 		 * should this be more if we miss one?
4178 		 */
4179 		sdata_info(sdata, "waiting for beacon from %pM\n",
4180 			   ifmgd->bssid);
4181 		assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4182 		assoc_data->timeout_started = true;
4183 		assoc_data->need_beacon = true;
4184 	} else if (beacon_ies) {
4185 		const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4186 						    beacon_ies->data,
4187 						    beacon_ies->len);
4188 		u8 dtim_count = 0;
4189 
4190 		if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4191 			const struct ieee80211_tim_ie *tim;
4192 			tim = (void *)(tim_ie + 2);
4193 			ifmgd->dtim_period = tim->dtim_period;
4194 			dtim_count = tim->dtim_count;
4195 		}
4196 		assoc_data->have_beacon = true;
4197 		assoc_data->timeout = jiffies;
4198 		assoc_data->timeout_started = true;
4199 
4200 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4201 			sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4202 			sdata->vif.bss_conf.sync_device_ts =
4203 				bss->device_ts_beacon;
4204 			sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4205 		}
4206 	} else {
4207 		assoc_data->timeout = jiffies;
4208 		assoc_data->timeout_started = true;
4209 	}
4210 	rcu_read_unlock();
4211 
4212 	run_again(ifmgd, assoc_data->timeout);
4213 
4214 	if (bss->corrupt_data) {
4215 		char *corrupt_type = "data";
4216 		if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4217 			if (bss->corrupt_data &
4218 					IEEE80211_BSS_CORRUPT_PROBE_RESP)
4219 				corrupt_type = "beacon and probe response";
4220 			else
4221 				corrupt_type = "beacon";
4222 		} else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4223 			corrupt_type = "probe response";
4224 		sdata_info(sdata, "associating with AP with corrupt %s\n",
4225 			   corrupt_type);
4226 	}
4227 
4228 	err = 0;
4229 	goto out;
4230  err_clear:
4231 	memset(ifmgd->bssid, 0, ETH_ALEN);
4232 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4233 	ifmgd->assoc_data = NULL;
4234  err_free:
4235 	kfree(assoc_data);
4236  out:
4237 	mutex_unlock(&ifmgd->mtx);
4238 
4239 	return err;
4240 }
4241 
4242 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4243 			 struct cfg80211_deauth_request *req)
4244 {
4245 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4246 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4247 	bool tx = !req->local_state_change;
4248 	bool sent_frame = false;
4249 
4250 	mutex_lock(&ifmgd->mtx);
4251 
4252 	sdata_info(sdata,
4253 		   "deauthenticating from %pM by local choice (reason=%d)\n",
4254 		   req->bssid, req->reason_code);
4255 
4256 	if (ifmgd->auth_data) {
4257 		drv_mgd_prepare_tx(sdata->local, sdata);
4258 		ieee80211_send_deauth_disassoc(sdata, req->bssid,
4259 					       IEEE80211_STYPE_DEAUTH,
4260 					       req->reason_code, tx,
4261 					       frame_buf);
4262 		ieee80211_destroy_auth_data(sdata, false);
4263 		mutex_unlock(&ifmgd->mtx);
4264 
4265 		sent_frame = tx;
4266 		goto out;
4267 	}
4268 
4269 	if (ifmgd->associated &&
4270 	    ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4271 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4272 				       req->reason_code, tx, frame_buf);
4273 		sent_frame = tx;
4274 	}
4275 	mutex_unlock(&ifmgd->mtx);
4276 
4277  out:
4278 	if (sent_frame)
4279 		__cfg80211_send_deauth(sdata->dev, frame_buf,
4280 				       IEEE80211_DEAUTH_FRAME_LEN);
4281 
4282 	return 0;
4283 }
4284 
4285 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4286 			   struct cfg80211_disassoc_request *req)
4287 {
4288 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4289 	u8 bssid[ETH_ALEN];
4290 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4291 
4292 	mutex_lock(&ifmgd->mtx);
4293 
4294 	/*
4295 	 * cfg80211 should catch this ... but it's racy since
4296 	 * we can receive a disassoc frame, process it, hand it
4297 	 * to cfg80211 while that's in a locked section already
4298 	 * trying to tell us that the user wants to disconnect.
4299 	 */
4300 	if (ifmgd->associated != req->bss) {
4301 		mutex_unlock(&ifmgd->mtx);
4302 		return -ENOLINK;
4303 	}
4304 
4305 	sdata_info(sdata,
4306 		   "disassociating from %pM by local choice (reason=%d)\n",
4307 		   req->bss->bssid, req->reason_code);
4308 
4309 	memcpy(bssid, req->bss->bssid, ETH_ALEN);
4310 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4311 			       req->reason_code, !req->local_state_change,
4312 			       frame_buf);
4313 	mutex_unlock(&ifmgd->mtx);
4314 
4315 	__cfg80211_send_disassoc(sdata->dev, frame_buf,
4316 				 IEEE80211_DEAUTH_FRAME_LEN);
4317 
4318 	return 0;
4319 }
4320 
4321 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4322 {
4323 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4324 
4325 	/*
4326 	 * Make sure some work items will not run after this,
4327 	 * they will not do anything but might not have been
4328 	 * cancelled when disconnecting.
4329 	 */
4330 	cancel_work_sync(&ifmgd->monitor_work);
4331 	cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4332 	cancel_work_sync(&ifmgd->request_smps_work);
4333 	cancel_work_sync(&ifmgd->csa_connection_drop_work);
4334 	cancel_work_sync(&ifmgd->chswitch_work);
4335 
4336 	mutex_lock(&ifmgd->mtx);
4337 	if (ifmgd->assoc_data)
4338 		ieee80211_destroy_assoc_data(sdata, false);
4339 	if (ifmgd->auth_data)
4340 		ieee80211_destroy_auth_data(sdata, false);
4341 	del_timer_sync(&ifmgd->timer);
4342 	mutex_unlock(&ifmgd->mtx);
4343 }
4344 
4345 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4346 			       enum nl80211_cqm_rssi_threshold_event rssi_event,
4347 			       gfp_t gfp)
4348 {
4349 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4350 
4351 	trace_api_cqm_rssi_notify(sdata, rssi_event);
4352 
4353 	cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4354 }
4355 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
4356