xref: /openbmc/linux/net/mac80211/mlme.c (revision d2999e1b)
1 /*
2  * BSS client mode implementation
3  * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
4  * Copyright 2004, Instant802 Networks, Inc.
5  * Copyright 2005, Devicescape Software, Inc.
6  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
7  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License version 2 as
11  * published by the Free Software Foundation.
12  */
13 
14 #include <linux/delay.h>
15 #include <linux/if_ether.h>
16 #include <linux/skbuff.h>
17 #include <linux/if_arp.h>
18 #include <linux/etherdevice.h>
19 #include <linux/moduleparam.h>
20 #include <linux/rtnetlink.h>
21 #include <linux/pm_qos.h>
22 #include <linux/crc32.h>
23 #include <linux/slab.h>
24 #include <linux/export.h>
25 #include <net/mac80211.h>
26 #include <asm/unaligned.h>
27 
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "led.h"
32 
33 #define IEEE80211_AUTH_TIMEOUT		(HZ / 5)
34 #define IEEE80211_AUTH_TIMEOUT_LONG	(HZ / 2)
35 #define IEEE80211_AUTH_TIMEOUT_SHORT	(HZ / 10)
36 #define IEEE80211_AUTH_MAX_TRIES	3
37 #define IEEE80211_AUTH_WAIT_ASSOC	(HZ * 5)
38 #define IEEE80211_ASSOC_TIMEOUT		(HZ / 5)
39 #define IEEE80211_ASSOC_TIMEOUT_LONG	(HZ / 2)
40 #define IEEE80211_ASSOC_TIMEOUT_SHORT	(HZ / 10)
41 #define IEEE80211_ASSOC_MAX_TRIES	3
42 
43 static int max_nullfunc_tries = 2;
44 module_param(max_nullfunc_tries, int, 0644);
45 MODULE_PARM_DESC(max_nullfunc_tries,
46 		 "Maximum nullfunc tx tries before disconnecting (reason 4).");
47 
48 static int max_probe_tries = 5;
49 module_param(max_probe_tries, int, 0644);
50 MODULE_PARM_DESC(max_probe_tries,
51 		 "Maximum probe tries before disconnecting (reason 4).");
52 
53 /*
54  * Beacon loss timeout is calculated as N frames times the
55  * advertised beacon interval.  This may need to be somewhat
56  * higher than what hardware might detect to account for
57  * delays in the host processing frames. But since we also
58  * probe on beacon miss before declaring the connection lost
59  * default to what we want.
60  */
61 static int beacon_loss_count = 7;
62 module_param(beacon_loss_count, int, 0644);
63 MODULE_PARM_DESC(beacon_loss_count,
64 		 "Number of beacon intervals before we decide beacon was lost.");
65 
66 /*
67  * Time the connection can be idle before we probe
68  * it to see if we can still talk to the AP.
69  */
70 #define IEEE80211_CONNECTION_IDLE_TIME	(30 * HZ)
71 /*
72  * Time we wait for a probe response after sending
73  * a probe request because of beacon loss or for
74  * checking the connection still works.
75  */
76 static int probe_wait_ms = 500;
77 module_param(probe_wait_ms, int, 0644);
78 MODULE_PARM_DESC(probe_wait_ms,
79 		 "Maximum time(ms) to wait for probe response"
80 		 " before disconnecting (reason 4).");
81 
82 /*
83  * Weight given to the latest Beacon frame when calculating average signal
84  * strength for Beacon frames received in the current BSS. This must be
85  * between 1 and 15.
86  */
87 #define IEEE80211_SIGNAL_AVE_WEIGHT	3
88 
89 /*
90  * How many Beacon frames need to have been used in average signal strength
91  * before starting to indicate signal change events.
92  */
93 #define IEEE80211_SIGNAL_AVE_MIN_COUNT	4
94 
95 /*
96  * We can have multiple work items (and connection probing)
97  * scheduling this timer, but we need to take care to only
98  * reschedule it when it should fire _earlier_ than it was
99  * asked for before, or if it's not pending right now. This
100  * function ensures that. Note that it then is required to
101  * run this function for all timeouts after the first one
102  * has happened -- the work that runs from this timer will
103  * do that.
104  */
105 static void run_again(struct ieee80211_sub_if_data *sdata,
106 		      unsigned long timeout)
107 {
108 	sdata_assert_lock(sdata);
109 
110 	if (!timer_pending(&sdata->u.mgd.timer) ||
111 	    time_before(timeout, sdata->u.mgd.timer.expires))
112 		mod_timer(&sdata->u.mgd.timer, timeout);
113 }
114 
115 void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
116 {
117 	if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
118 		return;
119 
120 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
121 		return;
122 
123 	mod_timer(&sdata->u.mgd.bcn_mon_timer,
124 		  round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
125 }
126 
127 void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
128 {
129 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
130 
131 	if (unlikely(!sdata->u.mgd.associated))
132 		return;
133 
134 	ifmgd->probe_send_count = 0;
135 
136 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
137 		return;
138 
139 	mod_timer(&sdata->u.mgd.conn_mon_timer,
140 		  round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
141 }
142 
143 static int ecw2cw(int ecw)
144 {
145 	return (1 << ecw) - 1;
146 }
147 
148 static u32
149 ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
150 			     struct ieee80211_supported_band *sband,
151 			     struct ieee80211_channel *channel,
152 			     const struct ieee80211_ht_operation *ht_oper,
153 			     const struct ieee80211_vht_operation *vht_oper,
154 			     struct cfg80211_chan_def *chandef, bool tracking)
155 {
156 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
157 	struct cfg80211_chan_def vht_chandef;
158 	u32 ht_cfreq, ret;
159 
160 	chandef->chan = channel;
161 	chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
162 	chandef->center_freq1 = channel->center_freq;
163 	chandef->center_freq2 = 0;
164 
165 	if (!ht_oper || !sband->ht_cap.ht_supported) {
166 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
167 		goto out;
168 	}
169 
170 	chandef->width = NL80211_CHAN_WIDTH_20;
171 
172 	ht_cfreq = ieee80211_channel_to_frequency(ht_oper->primary_chan,
173 						  channel->band);
174 	/* check that channel matches the right operating channel */
175 	if (!tracking && channel->center_freq != ht_cfreq) {
176 		/*
177 		 * It's possible that some APs are confused here;
178 		 * Netgear WNDR3700 sometimes reports 4 higher than
179 		 * the actual channel in association responses, but
180 		 * since we look at probe response/beacon data here
181 		 * it should be OK.
182 		 */
183 		sdata_info(sdata,
184 			   "Wrong control channel: center-freq: %d ht-cfreq: %d ht->primary_chan: %d band: %d - Disabling HT\n",
185 			   channel->center_freq, ht_cfreq,
186 			   ht_oper->primary_chan, channel->band);
187 		ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
188 		goto out;
189 	}
190 
191 	/* check 40 MHz support, if we have it */
192 	if (sband->ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) {
193 		switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
194 		case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
195 			chandef->width = NL80211_CHAN_WIDTH_40;
196 			chandef->center_freq1 += 10;
197 			break;
198 		case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
199 			chandef->width = NL80211_CHAN_WIDTH_40;
200 			chandef->center_freq1 -= 10;
201 			break;
202 		}
203 	} else {
204 		/* 40 MHz (and 80 MHz) must be supported for VHT */
205 		ret = IEEE80211_STA_DISABLE_VHT;
206 		/* also mark 40 MHz disabled */
207 		ret |= IEEE80211_STA_DISABLE_40MHZ;
208 		goto out;
209 	}
210 
211 	if (!vht_oper || !sband->vht_cap.vht_supported) {
212 		ret = IEEE80211_STA_DISABLE_VHT;
213 		goto out;
214 	}
215 
216 	vht_chandef.chan = channel;
217 	vht_chandef.center_freq1 =
218 		ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx,
219 					       channel->band);
220 	vht_chandef.center_freq2 = 0;
221 
222 	switch (vht_oper->chan_width) {
223 	case IEEE80211_VHT_CHANWIDTH_USE_HT:
224 		vht_chandef.width = chandef->width;
225 		vht_chandef.center_freq1 = chandef->center_freq1;
226 		break;
227 	case IEEE80211_VHT_CHANWIDTH_80MHZ:
228 		vht_chandef.width = NL80211_CHAN_WIDTH_80;
229 		break;
230 	case IEEE80211_VHT_CHANWIDTH_160MHZ:
231 		vht_chandef.width = NL80211_CHAN_WIDTH_160;
232 		break;
233 	case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
234 		vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
235 		vht_chandef.center_freq2 =
236 			ieee80211_channel_to_frequency(
237 				vht_oper->center_freq_seg2_idx,
238 				channel->band);
239 		break;
240 	default:
241 		if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
242 			sdata_info(sdata,
243 				   "AP VHT operation IE has invalid channel width (%d), disable VHT\n",
244 				   vht_oper->chan_width);
245 		ret = IEEE80211_STA_DISABLE_VHT;
246 		goto out;
247 	}
248 
249 	if (!cfg80211_chandef_valid(&vht_chandef)) {
250 		if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
251 			sdata_info(sdata,
252 				   "AP VHT information is invalid, disable VHT\n");
253 		ret = IEEE80211_STA_DISABLE_VHT;
254 		goto out;
255 	}
256 
257 	if (cfg80211_chandef_identical(chandef, &vht_chandef)) {
258 		ret = 0;
259 		goto out;
260 	}
261 
262 	if (!cfg80211_chandef_compatible(chandef, &vht_chandef)) {
263 		if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
264 			sdata_info(sdata,
265 				   "AP VHT information doesn't match HT, disable VHT\n");
266 		ret = IEEE80211_STA_DISABLE_VHT;
267 		goto out;
268 	}
269 
270 	*chandef = vht_chandef;
271 
272 	ret = 0;
273 
274 out:
275 	/*
276 	 * When tracking the current AP, don't do any further checks if the
277 	 * new chandef is identical to the one we're currently using for the
278 	 * connection. This keeps us from playing ping-pong with regulatory,
279 	 * without it the following can happen (for example):
280 	 *  - connect to an AP with 80 MHz, world regdom allows 80 MHz
281 	 *  - AP advertises regdom US
282 	 *  - CRDA loads regdom US with 80 MHz prohibited (old database)
283 	 *  - the code below detects an unsupported channel, downgrades, and
284 	 *    we disconnect from the AP in the caller
285 	 *  - disconnect causes CRDA to reload world regdomain and the game
286 	 *    starts anew.
287 	 * (see https://bugzilla.kernel.org/show_bug.cgi?id=70881)
288 	 *
289 	 * It seems possible that there are still scenarios with CSA or real
290 	 * bandwidth changes where a this could happen, but those cases are
291 	 * less common and wouldn't completely prevent using the AP.
292 	 */
293 	if (tracking &&
294 	    cfg80211_chandef_identical(chandef, &sdata->vif.bss_conf.chandef))
295 		return ret;
296 
297 	/* don't print the message below for VHT mismatch if VHT is disabled */
298 	if (ret & IEEE80211_STA_DISABLE_VHT)
299 		vht_chandef = *chandef;
300 
301 	/*
302 	 * Ignore the DISABLED flag when we're already connected and only
303 	 * tracking the APs beacon for bandwidth changes - otherwise we
304 	 * might get disconnected here if we connect to an AP, update our
305 	 * regulatory information based on the AP's country IE and the
306 	 * information we have is wrong/outdated and disables the channel
307 	 * that we're actually using for the connection to the AP.
308 	 */
309 	while (!cfg80211_chandef_usable(sdata->local->hw.wiphy, chandef,
310 					tracking ? 0 :
311 						   IEEE80211_CHAN_DISABLED)) {
312 		if (WARN_ON(chandef->width == NL80211_CHAN_WIDTH_20_NOHT)) {
313 			ret = IEEE80211_STA_DISABLE_HT |
314 			      IEEE80211_STA_DISABLE_VHT;
315 			break;
316 		}
317 
318 		ret |= ieee80211_chandef_downgrade(chandef);
319 	}
320 
321 	if (chandef->width != vht_chandef.width && !tracking)
322 		sdata_info(sdata,
323 			   "capabilities/regulatory prevented using AP HT/VHT configuration, downgraded\n");
324 
325 	WARN_ON_ONCE(!cfg80211_chandef_valid(chandef));
326 	return ret;
327 }
328 
329 static int ieee80211_config_bw(struct ieee80211_sub_if_data *sdata,
330 			       struct sta_info *sta,
331 			       const struct ieee80211_ht_operation *ht_oper,
332 			       const struct ieee80211_vht_operation *vht_oper,
333 			       const u8 *bssid, u32 *changed)
334 {
335 	struct ieee80211_local *local = sdata->local;
336 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
337 	struct ieee80211_supported_band *sband;
338 	struct ieee80211_channel *chan;
339 	struct cfg80211_chan_def chandef;
340 	u16 ht_opmode;
341 	u32 flags;
342 	enum ieee80211_sta_rx_bandwidth new_sta_bw;
343 	int ret;
344 
345 	/* if HT was/is disabled, don't track any bandwidth changes */
346 	if (ifmgd->flags & IEEE80211_STA_DISABLE_HT || !ht_oper)
347 		return 0;
348 
349 	/* don't check VHT if we associated as non-VHT station */
350 	if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
351 		vht_oper = NULL;
352 
353 	if (WARN_ON_ONCE(!sta))
354 		return -EINVAL;
355 
356 	/*
357 	 * if bss configuration changed store the new one -
358 	 * this may be applicable even if channel is identical
359 	 */
360 	ht_opmode = le16_to_cpu(ht_oper->operation_mode);
361 	if (sdata->vif.bss_conf.ht_operation_mode != ht_opmode) {
362 		*changed |= BSS_CHANGED_HT;
363 		sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
364 	}
365 
366 	chan = sdata->vif.bss_conf.chandef.chan;
367 	sband = local->hw.wiphy->bands[chan->band];
368 
369 	/* calculate new channel (type) based on HT/VHT operation IEs */
370 	flags = ieee80211_determine_chantype(sdata, sband, chan, ht_oper,
371 					     vht_oper, &chandef, true);
372 
373 	/*
374 	 * Downgrade the new channel if we associated with restricted
375 	 * capabilities. For example, if we associated as a 20 MHz STA
376 	 * to a 40 MHz AP (due to regulatory, capabilities or config
377 	 * reasons) then switching to a 40 MHz channel now won't do us
378 	 * any good -- we couldn't use it with the AP.
379 	 */
380 	if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
381 	    chandef.width == NL80211_CHAN_WIDTH_80P80)
382 		flags |= ieee80211_chandef_downgrade(&chandef);
383 	if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
384 	    chandef.width == NL80211_CHAN_WIDTH_160)
385 		flags |= ieee80211_chandef_downgrade(&chandef);
386 	if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
387 	    chandef.width > NL80211_CHAN_WIDTH_20)
388 		flags |= ieee80211_chandef_downgrade(&chandef);
389 
390 	if (cfg80211_chandef_identical(&chandef, &sdata->vif.bss_conf.chandef))
391 		return 0;
392 
393 	sdata_info(sdata,
394 		   "AP %pM changed bandwidth, new config is %d MHz, width %d (%d/%d MHz)\n",
395 		   ifmgd->bssid, chandef.chan->center_freq, chandef.width,
396 		   chandef.center_freq1, chandef.center_freq2);
397 
398 	if (flags != (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
399 				      IEEE80211_STA_DISABLE_VHT |
400 				      IEEE80211_STA_DISABLE_40MHZ |
401 				      IEEE80211_STA_DISABLE_80P80MHZ |
402 				      IEEE80211_STA_DISABLE_160MHZ)) ||
403 	    !cfg80211_chandef_valid(&chandef)) {
404 		sdata_info(sdata,
405 			   "AP %pM changed bandwidth in a way we can't support - disconnect\n",
406 			   ifmgd->bssid);
407 		return -EINVAL;
408 	}
409 
410 	switch (chandef.width) {
411 	case NL80211_CHAN_WIDTH_20_NOHT:
412 	case NL80211_CHAN_WIDTH_20:
413 		new_sta_bw = IEEE80211_STA_RX_BW_20;
414 		break;
415 	case NL80211_CHAN_WIDTH_40:
416 		new_sta_bw = IEEE80211_STA_RX_BW_40;
417 		break;
418 	case NL80211_CHAN_WIDTH_80:
419 		new_sta_bw = IEEE80211_STA_RX_BW_80;
420 		break;
421 	case NL80211_CHAN_WIDTH_80P80:
422 	case NL80211_CHAN_WIDTH_160:
423 		new_sta_bw = IEEE80211_STA_RX_BW_160;
424 		break;
425 	default:
426 		return -EINVAL;
427 	}
428 
429 	if (new_sta_bw > sta->cur_max_bandwidth)
430 		new_sta_bw = sta->cur_max_bandwidth;
431 
432 	if (new_sta_bw < sta->sta.bandwidth) {
433 		sta->sta.bandwidth = new_sta_bw;
434 		rate_control_rate_update(local, sband, sta,
435 					 IEEE80211_RC_BW_CHANGED);
436 	}
437 
438 	ret = ieee80211_vif_change_bandwidth(sdata, &chandef, changed);
439 	if (ret) {
440 		sdata_info(sdata,
441 			   "AP %pM changed bandwidth to incompatible one - disconnect\n",
442 			   ifmgd->bssid);
443 		return ret;
444 	}
445 
446 	if (new_sta_bw > sta->sta.bandwidth) {
447 		sta->sta.bandwidth = new_sta_bw;
448 		rate_control_rate_update(local, sband, sta,
449 					 IEEE80211_RC_BW_CHANGED);
450 	}
451 
452 	return 0;
453 }
454 
455 /* frame sending functions */
456 
457 static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
458 				struct sk_buff *skb, u8 ap_ht_param,
459 				struct ieee80211_supported_band *sband,
460 				struct ieee80211_channel *channel,
461 				enum ieee80211_smps_mode smps)
462 {
463 	u8 *pos;
464 	u32 flags = channel->flags;
465 	u16 cap;
466 	struct ieee80211_sta_ht_cap ht_cap;
467 
468 	BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
469 
470 	memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
471 	ieee80211_apply_htcap_overrides(sdata, &ht_cap);
472 
473 	/* determine capability flags */
474 	cap = ht_cap.cap;
475 
476 	switch (ap_ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
477 	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
478 		if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
479 			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
480 			cap &= ~IEEE80211_HT_CAP_SGI_40;
481 		}
482 		break;
483 	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
484 		if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
485 			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
486 			cap &= ~IEEE80211_HT_CAP_SGI_40;
487 		}
488 		break;
489 	}
490 
491 	/*
492 	 * If 40 MHz was disabled associate as though we weren't
493 	 * capable of 40 MHz -- some broken APs will never fall
494 	 * back to trying to transmit in 20 MHz.
495 	 */
496 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_40MHZ) {
497 		cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
498 		cap &= ~IEEE80211_HT_CAP_SGI_40;
499 	}
500 
501 	/* set SM PS mode properly */
502 	cap &= ~IEEE80211_HT_CAP_SM_PS;
503 	switch (smps) {
504 	case IEEE80211_SMPS_AUTOMATIC:
505 	case IEEE80211_SMPS_NUM_MODES:
506 		WARN_ON(1);
507 	case IEEE80211_SMPS_OFF:
508 		cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
509 			IEEE80211_HT_CAP_SM_PS_SHIFT;
510 		break;
511 	case IEEE80211_SMPS_STATIC:
512 		cap |= WLAN_HT_CAP_SM_PS_STATIC <<
513 			IEEE80211_HT_CAP_SM_PS_SHIFT;
514 		break;
515 	case IEEE80211_SMPS_DYNAMIC:
516 		cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
517 			IEEE80211_HT_CAP_SM_PS_SHIFT;
518 		break;
519 	}
520 
521 	/* reserve and fill IE */
522 	pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
523 	ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
524 }
525 
526 static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
527 				 struct sk_buff *skb,
528 				 struct ieee80211_supported_band *sband,
529 				 struct ieee80211_vht_cap *ap_vht_cap)
530 {
531 	u8 *pos;
532 	u32 cap;
533 	struct ieee80211_sta_vht_cap vht_cap;
534 	u32 mask, ap_bf_sts, our_bf_sts;
535 
536 	BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
537 
538 	memcpy(&vht_cap, &sband->vht_cap, sizeof(vht_cap));
539 	ieee80211_apply_vhtcap_overrides(sdata, &vht_cap);
540 
541 	/* determine capability flags */
542 	cap = vht_cap.cap;
543 
544 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_80P80MHZ) {
545 		cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
546 		cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
547 	}
548 
549 	if (sdata->u.mgd.flags & IEEE80211_STA_DISABLE_160MHZ) {
550 		cap &= ~IEEE80211_VHT_CAP_SHORT_GI_160;
551 		cap &= ~IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
552 	}
553 
554 	/*
555 	 * Some APs apparently get confused if our capabilities are better
556 	 * than theirs, so restrict what we advertise in the assoc request.
557 	 */
558 	if (!(ap_vht_cap->vht_cap_info &
559 			cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
560 		cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
561 
562 	mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK;
563 
564 	ap_bf_sts = le32_to_cpu(ap_vht_cap->vht_cap_info) & mask;
565 	our_bf_sts = cap & mask;
566 
567 	if (ap_bf_sts < our_bf_sts) {
568 		cap &= ~mask;
569 		cap |= ap_bf_sts;
570 	}
571 
572 	/* reserve and fill IE */
573 	pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
574 	ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
575 }
576 
577 static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
578 {
579 	struct ieee80211_local *local = sdata->local;
580 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
581 	struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
582 	struct sk_buff *skb;
583 	struct ieee80211_mgmt *mgmt;
584 	u8 *pos, qos_info;
585 	size_t offset = 0, noffset;
586 	int i, count, rates_len, supp_rates_len, shift;
587 	u16 capab;
588 	struct ieee80211_supported_band *sband;
589 	struct ieee80211_chanctx_conf *chanctx_conf;
590 	struct ieee80211_channel *chan;
591 	u32 rate_flags, rates = 0;
592 
593 	sdata_assert_lock(sdata);
594 
595 	rcu_read_lock();
596 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
597 	if (WARN_ON(!chanctx_conf)) {
598 		rcu_read_unlock();
599 		return;
600 	}
601 	chan = chanctx_conf->def.chan;
602 	rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
603 	rcu_read_unlock();
604 	sband = local->hw.wiphy->bands[chan->band];
605 	shift = ieee80211_vif_get_shift(&sdata->vif);
606 
607 	if (assoc_data->supp_rates_len) {
608 		/*
609 		 * Get all rates supported by the device and the AP as
610 		 * some APs don't like getting a superset of their rates
611 		 * in the association request (e.g. D-Link DAP 1353 in
612 		 * b-only mode)...
613 		 */
614 		rates_len = ieee80211_parse_bitrates(&chanctx_conf->def, sband,
615 						     assoc_data->supp_rates,
616 						     assoc_data->supp_rates_len,
617 						     &rates);
618 	} else {
619 		/*
620 		 * In case AP not provide any supported rates information
621 		 * before association, we send information element(s) with
622 		 * all rates that we support.
623 		 */
624 		rates_len = 0;
625 		for (i = 0; i < sband->n_bitrates; i++) {
626 			if ((rate_flags & sband->bitrates[i].flags)
627 			    != rate_flags)
628 				continue;
629 			rates |= BIT(i);
630 			rates_len++;
631 		}
632 	}
633 
634 	skb = alloc_skb(local->hw.extra_tx_headroom +
635 			sizeof(*mgmt) + /* bit too much but doesn't matter */
636 			2 + assoc_data->ssid_len + /* SSID */
637 			4 + rates_len + /* (extended) rates */
638 			4 + /* power capability */
639 			2 + 2 * sband->n_channels + /* supported channels */
640 			2 + sizeof(struct ieee80211_ht_cap) + /* HT */
641 			2 + sizeof(struct ieee80211_vht_cap) + /* VHT */
642 			assoc_data->ie_len + /* extra IEs */
643 			9, /* WMM */
644 			GFP_KERNEL);
645 	if (!skb)
646 		return;
647 
648 	skb_reserve(skb, local->hw.extra_tx_headroom);
649 
650 	capab = WLAN_CAPABILITY_ESS;
651 
652 	if (sband->band == IEEE80211_BAND_2GHZ) {
653 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
654 			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
655 		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
656 			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
657 	}
658 
659 	if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
660 		capab |= WLAN_CAPABILITY_PRIVACY;
661 
662 	if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
663 	    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
664 		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
665 
666 	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
667 	memset(mgmt, 0, 24);
668 	memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
669 	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
670 	memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
671 
672 	if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
673 		skb_put(skb, 10);
674 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
675 						  IEEE80211_STYPE_REASSOC_REQ);
676 		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
677 		mgmt->u.reassoc_req.listen_interval =
678 				cpu_to_le16(local->hw.conf.listen_interval);
679 		memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
680 		       ETH_ALEN);
681 	} else {
682 		skb_put(skb, 4);
683 		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
684 						  IEEE80211_STYPE_ASSOC_REQ);
685 		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
686 		mgmt->u.assoc_req.listen_interval =
687 				cpu_to_le16(local->hw.conf.listen_interval);
688 	}
689 
690 	/* SSID */
691 	pos = skb_put(skb, 2 + assoc_data->ssid_len);
692 	*pos++ = WLAN_EID_SSID;
693 	*pos++ = assoc_data->ssid_len;
694 	memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
695 
696 	/* add all rates which were marked to be used above */
697 	supp_rates_len = rates_len;
698 	if (supp_rates_len > 8)
699 		supp_rates_len = 8;
700 
701 	pos = skb_put(skb, supp_rates_len + 2);
702 	*pos++ = WLAN_EID_SUPP_RATES;
703 	*pos++ = supp_rates_len;
704 
705 	count = 0;
706 	for (i = 0; i < sband->n_bitrates; i++) {
707 		if (BIT(i) & rates) {
708 			int rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
709 						5 * (1 << shift));
710 			*pos++ = (u8) rate;
711 			if (++count == 8)
712 				break;
713 		}
714 	}
715 
716 	if (rates_len > count) {
717 		pos = skb_put(skb, rates_len - count + 2);
718 		*pos++ = WLAN_EID_EXT_SUPP_RATES;
719 		*pos++ = rates_len - count;
720 
721 		for (i++; i < sband->n_bitrates; i++) {
722 			if (BIT(i) & rates) {
723 				int rate;
724 				rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
725 						    5 * (1 << shift));
726 				*pos++ = (u8) rate;
727 			}
728 		}
729 	}
730 
731 	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
732 		/* 1. power capabilities */
733 		pos = skb_put(skb, 4);
734 		*pos++ = WLAN_EID_PWR_CAPABILITY;
735 		*pos++ = 2;
736 		*pos++ = 0; /* min tx power */
737 		 /* max tx power */
738 		*pos++ = ieee80211_chandef_max_power(&chanctx_conf->def);
739 
740 		/* 2. supported channels */
741 		/* TODO: get this in reg domain format */
742 		pos = skb_put(skb, 2 * sband->n_channels + 2);
743 		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
744 		*pos++ = 2 * sband->n_channels;
745 		for (i = 0; i < sband->n_channels; i++) {
746 			*pos++ = ieee80211_frequency_to_channel(
747 					sband->channels[i].center_freq);
748 			*pos++ = 1; /* one channel in the subband*/
749 		}
750 	}
751 
752 	/* if present, add any custom IEs that go before HT */
753 	if (assoc_data->ie_len) {
754 		static const u8 before_ht[] = {
755 			WLAN_EID_SSID,
756 			WLAN_EID_SUPP_RATES,
757 			WLAN_EID_EXT_SUPP_RATES,
758 			WLAN_EID_PWR_CAPABILITY,
759 			WLAN_EID_SUPPORTED_CHANNELS,
760 			WLAN_EID_RSN,
761 			WLAN_EID_QOS_CAPA,
762 			WLAN_EID_RRM_ENABLED_CAPABILITIES,
763 			WLAN_EID_MOBILITY_DOMAIN,
764 			WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
765 		};
766 		noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
767 					     before_ht, ARRAY_SIZE(before_ht),
768 					     offset);
769 		pos = skb_put(skb, noffset - offset);
770 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
771 		offset = noffset;
772 	}
773 
774 	if (WARN_ON_ONCE((ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
775 			 !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)))
776 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
777 
778 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
779 		ieee80211_add_ht_ie(sdata, skb, assoc_data->ap_ht_param,
780 				    sband, chan, sdata->smps_mode);
781 
782 	/* if present, add any custom IEs that go before VHT */
783 	if (assoc_data->ie_len) {
784 		static const u8 before_vht[] = {
785 			WLAN_EID_SSID,
786 			WLAN_EID_SUPP_RATES,
787 			WLAN_EID_EXT_SUPP_RATES,
788 			WLAN_EID_PWR_CAPABILITY,
789 			WLAN_EID_SUPPORTED_CHANNELS,
790 			WLAN_EID_RSN,
791 			WLAN_EID_QOS_CAPA,
792 			WLAN_EID_RRM_ENABLED_CAPABILITIES,
793 			WLAN_EID_MOBILITY_DOMAIN,
794 			WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
795 			WLAN_EID_HT_CAPABILITY,
796 			WLAN_EID_BSS_COEX_2040,
797 			WLAN_EID_EXT_CAPABILITY,
798 			WLAN_EID_QOS_TRAFFIC_CAPA,
799 			WLAN_EID_TIM_BCAST_REQ,
800 			WLAN_EID_INTERWORKING,
801 		};
802 		noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
803 					     before_vht, ARRAY_SIZE(before_vht),
804 					     offset);
805 		pos = skb_put(skb, noffset - offset);
806 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
807 		offset = noffset;
808 	}
809 
810 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
811 		ieee80211_add_vht_ie(sdata, skb, sband,
812 				     &assoc_data->ap_vht_cap);
813 
814 	/* if present, add any custom non-vendor IEs that go after HT */
815 	if (assoc_data->ie_len) {
816 		noffset = ieee80211_ie_split_vendor(assoc_data->ie,
817 						    assoc_data->ie_len,
818 						    offset);
819 		pos = skb_put(skb, noffset - offset);
820 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
821 		offset = noffset;
822 	}
823 
824 	if (assoc_data->wmm) {
825 		if (assoc_data->uapsd) {
826 			qos_info = ifmgd->uapsd_queues;
827 			qos_info |= (ifmgd->uapsd_max_sp_len <<
828 				     IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
829 		} else {
830 			qos_info = 0;
831 		}
832 
833 		pos = skb_put(skb, 9);
834 		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
835 		*pos++ = 7; /* len */
836 		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
837 		*pos++ = 0x50;
838 		*pos++ = 0xf2;
839 		*pos++ = 2; /* WME */
840 		*pos++ = 0; /* WME info */
841 		*pos++ = 1; /* WME ver */
842 		*pos++ = qos_info;
843 	}
844 
845 	/* add any remaining custom (i.e. vendor specific here) IEs */
846 	if (assoc_data->ie_len) {
847 		noffset = assoc_data->ie_len;
848 		pos = skb_put(skb, noffset - offset);
849 		memcpy(pos, assoc_data->ie + offset, noffset - offset);
850 	}
851 
852 	drv_mgd_prepare_tx(local, sdata);
853 
854 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
855 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
856 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
857 						IEEE80211_TX_INTFL_MLME_CONN_TX;
858 	ieee80211_tx_skb(sdata, skb);
859 }
860 
861 void ieee80211_send_pspoll(struct ieee80211_local *local,
862 			   struct ieee80211_sub_if_data *sdata)
863 {
864 	struct ieee80211_pspoll *pspoll;
865 	struct sk_buff *skb;
866 
867 	skb = ieee80211_pspoll_get(&local->hw, &sdata->vif);
868 	if (!skb)
869 		return;
870 
871 	pspoll = (struct ieee80211_pspoll *) skb->data;
872 	pspoll->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
873 
874 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
875 	ieee80211_tx_skb(sdata, skb);
876 }
877 
878 void ieee80211_send_nullfunc(struct ieee80211_local *local,
879 			     struct ieee80211_sub_if_data *sdata,
880 			     int powersave)
881 {
882 	struct sk_buff *skb;
883 	struct ieee80211_hdr_3addr *nullfunc;
884 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
885 
886 	skb = ieee80211_nullfunc_get(&local->hw, &sdata->vif);
887 	if (!skb)
888 		return;
889 
890 	nullfunc = (struct ieee80211_hdr_3addr *) skb->data;
891 	if (powersave)
892 		nullfunc->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
893 
894 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
895 					IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
896 
897 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
898 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
899 
900 	if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
901 		IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_USE_MINRATE;
902 
903 	ieee80211_tx_skb(sdata, skb);
904 }
905 
906 static void ieee80211_send_4addr_nullfunc(struct ieee80211_local *local,
907 					  struct ieee80211_sub_if_data *sdata)
908 {
909 	struct sk_buff *skb;
910 	struct ieee80211_hdr *nullfunc;
911 	__le16 fc;
912 
913 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
914 		return;
915 
916 	skb = dev_alloc_skb(local->hw.extra_tx_headroom + 30);
917 	if (!skb)
918 		return;
919 
920 	skb_reserve(skb, local->hw.extra_tx_headroom);
921 
922 	nullfunc = (struct ieee80211_hdr *) skb_put(skb, 30);
923 	memset(nullfunc, 0, 30);
924 	fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_NULLFUNC |
925 			 IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
926 	nullfunc->frame_control = fc;
927 	memcpy(nullfunc->addr1, sdata->u.mgd.bssid, ETH_ALEN);
928 	memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
929 	memcpy(nullfunc->addr3, sdata->u.mgd.bssid, ETH_ALEN);
930 	memcpy(nullfunc->addr4, sdata->vif.addr, ETH_ALEN);
931 
932 	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
933 	ieee80211_tx_skb(sdata, skb);
934 }
935 
936 /* spectrum management related things */
937 static void ieee80211_chswitch_work(struct work_struct *work)
938 {
939 	struct ieee80211_sub_if_data *sdata =
940 		container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
941 	struct ieee80211_local *local = sdata->local;
942 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
943 	u32 changed = 0;
944 	int ret;
945 
946 	if (!ieee80211_sdata_running(sdata))
947 		return;
948 
949 	sdata_lock(sdata);
950 	if (!ifmgd->associated)
951 		goto out;
952 
953 	mutex_lock(&local->mtx);
954 	ret = ieee80211_vif_change_channel(sdata, &changed);
955 	mutex_unlock(&local->mtx);
956 	if (ret) {
957 		sdata_info(sdata,
958 			   "vif channel switch failed, disconnecting\n");
959 		ieee80211_queue_work(&sdata->local->hw,
960 				     &ifmgd->csa_connection_drop_work);
961 		goto out;
962 	}
963 
964 	if (!local->use_chanctx) {
965 		local->_oper_chandef = sdata->csa_chandef;
966 		/* Call "hw_config" only if doing sw channel switch.
967 		 * Otherwise update the channel directly
968 		 */
969 		if (!local->ops->channel_switch)
970 			ieee80211_hw_config(local, 0);
971 		else
972 			local->hw.conf.chandef = local->_oper_chandef;
973 	}
974 
975 	/* XXX: shouldn't really modify cfg80211-owned data! */
976 	ifmgd->associated->channel = sdata->csa_chandef.chan;
977 
978 	ieee80211_bss_info_change_notify(sdata, changed);
979 
980 	mutex_lock(&local->mtx);
981 	sdata->vif.csa_active = false;
982 	/* XXX: wait for a beacon first? */
983 	if (!ieee80211_csa_needs_block_tx(local))
984 		ieee80211_wake_queues_by_reason(&local->hw,
985 					IEEE80211_MAX_QUEUE_MAP,
986 					IEEE80211_QUEUE_STOP_REASON_CSA);
987 	mutex_unlock(&local->mtx);
988 
989 	ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
990 
991 	ieee80211_sta_reset_beacon_monitor(sdata);
992 	ieee80211_sta_reset_conn_monitor(sdata);
993 
994 out:
995 	sdata_unlock(sdata);
996 }
997 
998 void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
999 {
1000 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1001 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1002 
1003 	trace_api_chswitch_done(sdata, success);
1004 	if (!success) {
1005 		sdata_info(sdata,
1006 			   "driver channel switch failed, disconnecting\n");
1007 		ieee80211_queue_work(&sdata->local->hw,
1008 				     &ifmgd->csa_connection_drop_work);
1009 	} else {
1010 		ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
1011 	}
1012 }
1013 EXPORT_SYMBOL(ieee80211_chswitch_done);
1014 
1015 static void ieee80211_chswitch_timer(unsigned long data)
1016 {
1017 	struct ieee80211_sub_if_data *sdata =
1018 		(struct ieee80211_sub_if_data *) data;
1019 
1020 	ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1021 }
1022 
1023 static void
1024 ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1025 				 u64 timestamp, struct ieee802_11_elems *elems,
1026 				 bool beacon)
1027 {
1028 	struct ieee80211_local *local = sdata->local;
1029 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1030 	struct cfg80211_bss *cbss = ifmgd->associated;
1031 	struct ieee80211_chanctx *chanctx;
1032 	enum ieee80211_band current_band;
1033 	struct ieee80211_csa_ie csa_ie;
1034 	int res;
1035 
1036 	sdata_assert_lock(sdata);
1037 
1038 	if (!cbss)
1039 		return;
1040 
1041 	if (local->scanning)
1042 		return;
1043 
1044 	/* disregard subsequent announcements if we are already processing */
1045 	if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1046 		return;
1047 
1048 	current_band = cbss->channel->band;
1049 	memset(&csa_ie, 0, sizeof(csa_ie));
1050 	res = ieee80211_parse_ch_switch_ie(sdata, elems, beacon, current_band,
1051 					   ifmgd->flags,
1052 					   ifmgd->associated->bssid, &csa_ie);
1053 	if (res	< 0)
1054 		ieee80211_queue_work(&local->hw,
1055 				     &ifmgd->csa_connection_drop_work);
1056 	if (res)
1057 		return;
1058 
1059 	if (!cfg80211_chandef_usable(local->hw.wiphy, &csa_ie.chandef,
1060 				     IEEE80211_CHAN_DISABLED)) {
1061 		sdata_info(sdata,
1062 			   "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1063 			   ifmgd->associated->bssid,
1064 			   csa_ie.chandef.chan->center_freq,
1065 			   csa_ie.chandef.width, csa_ie.chandef.center_freq1,
1066 			   csa_ie.chandef.center_freq2);
1067 		ieee80211_queue_work(&local->hw,
1068 				     &ifmgd->csa_connection_drop_work);
1069 		return;
1070 	}
1071 
1072 	ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1073 
1074 	mutex_lock(&local->chanctx_mtx);
1075 	if (local->use_chanctx) {
1076 		u32 num_chanctx = 0;
1077 		list_for_each_entry(chanctx, &local->chanctx_list, list)
1078 		       num_chanctx++;
1079 
1080 		if (num_chanctx > 1 ||
1081 		    !(local->hw.flags & IEEE80211_HW_CHANCTX_STA_CSA)) {
1082 			sdata_info(sdata,
1083 				   "not handling chan-switch with channel contexts\n");
1084 			ieee80211_queue_work(&local->hw,
1085 					     &ifmgd->csa_connection_drop_work);
1086 			mutex_unlock(&local->chanctx_mtx);
1087 			return;
1088 		}
1089 	}
1090 
1091 	if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1092 		ieee80211_queue_work(&local->hw,
1093 				     &ifmgd->csa_connection_drop_work);
1094 		mutex_unlock(&local->chanctx_mtx);
1095 		return;
1096 	}
1097 	chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
1098 			       struct ieee80211_chanctx, conf);
1099 	if (ieee80211_chanctx_refcount(local, chanctx) > 1) {
1100 		sdata_info(sdata,
1101 			   "channel switch with multiple interfaces on the same channel, disconnecting\n");
1102 		ieee80211_queue_work(&local->hw,
1103 				     &ifmgd->csa_connection_drop_work);
1104 		mutex_unlock(&local->chanctx_mtx);
1105 		return;
1106 	}
1107 	mutex_unlock(&local->chanctx_mtx);
1108 
1109 	sdata->csa_chandef = csa_ie.chandef;
1110 
1111 	mutex_lock(&local->mtx);
1112 	sdata->vif.csa_active = true;
1113 	sdata->csa_block_tx = csa_ie.mode;
1114 
1115 	if (sdata->csa_block_tx)
1116 		ieee80211_stop_queues_by_reason(&local->hw,
1117 					IEEE80211_MAX_QUEUE_MAP,
1118 					IEEE80211_QUEUE_STOP_REASON_CSA);
1119 	mutex_unlock(&local->mtx);
1120 
1121 	if (local->ops->channel_switch) {
1122 		/* use driver's channel switch callback */
1123 		struct ieee80211_channel_switch ch_switch = {
1124 			.timestamp = timestamp,
1125 			.block_tx = csa_ie.mode,
1126 			.chandef = csa_ie.chandef,
1127 			.count = csa_ie.count,
1128 		};
1129 
1130 		drv_channel_switch(local, &ch_switch);
1131 		return;
1132 	}
1133 
1134 	/* channel switch handled in software */
1135 	if (csa_ie.count <= 1)
1136 		ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1137 	else
1138 		mod_timer(&ifmgd->chswitch_timer,
1139 			  TU_TO_EXP_TIME(csa_ie.count * cbss->beacon_interval));
1140 }
1141 
1142 static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
1143 				       struct ieee80211_channel *channel,
1144 				       const u8 *country_ie, u8 country_ie_len,
1145 				       const u8 *pwr_constr_elem)
1146 {
1147 	struct ieee80211_country_ie_triplet *triplet;
1148 	int chan = ieee80211_frequency_to_channel(channel->center_freq);
1149 	int i, chan_pwr, chan_increment, new_ap_level;
1150 	bool have_chan_pwr = false;
1151 
1152 	/* Invalid IE */
1153 	if (country_ie_len % 2 || country_ie_len < IEEE80211_COUNTRY_IE_MIN_LEN)
1154 		return 0;
1155 
1156 	triplet = (void *)(country_ie + 3);
1157 	country_ie_len -= 3;
1158 
1159 	switch (channel->band) {
1160 	default:
1161 		WARN_ON_ONCE(1);
1162 		/* fall through */
1163 	case IEEE80211_BAND_2GHZ:
1164 	case IEEE80211_BAND_60GHZ:
1165 		chan_increment = 1;
1166 		break;
1167 	case IEEE80211_BAND_5GHZ:
1168 		chan_increment = 4;
1169 		break;
1170 	}
1171 
1172 	/* find channel */
1173 	while (country_ie_len >= 3) {
1174 		u8 first_channel = triplet->chans.first_channel;
1175 
1176 		if (first_channel >= IEEE80211_COUNTRY_EXTENSION_ID)
1177 			goto next;
1178 
1179 		for (i = 0; i < triplet->chans.num_channels; i++) {
1180 			if (first_channel + i * chan_increment == chan) {
1181 				have_chan_pwr = true;
1182 				chan_pwr = triplet->chans.max_power;
1183 				break;
1184 			}
1185 		}
1186 		if (have_chan_pwr)
1187 			break;
1188 
1189  next:
1190 		triplet++;
1191 		country_ie_len -= 3;
1192 	}
1193 
1194 	if (!have_chan_pwr)
1195 		return 0;
1196 
1197 	new_ap_level = max_t(int, 0, chan_pwr - *pwr_constr_elem);
1198 
1199 	if (sdata->ap_power_level == new_ap_level)
1200 		return 0;
1201 
1202 	sdata_info(sdata,
1203 		   "Limiting TX power to %d (%d - %d) dBm as advertised by %pM\n",
1204 		   new_ap_level, chan_pwr, *pwr_constr_elem,
1205 		   sdata->u.mgd.bssid);
1206 	sdata->ap_power_level = new_ap_level;
1207 	if (__ieee80211_recalc_txpower(sdata))
1208 		return BSS_CHANGED_TXPOWER;
1209 	return 0;
1210 }
1211 
1212 /* powersave */
1213 static void ieee80211_enable_ps(struct ieee80211_local *local,
1214 				struct ieee80211_sub_if_data *sdata)
1215 {
1216 	struct ieee80211_conf *conf = &local->hw.conf;
1217 
1218 	/*
1219 	 * If we are scanning right now then the parameters will
1220 	 * take effect when scan finishes.
1221 	 */
1222 	if (local->scanning)
1223 		return;
1224 
1225 	if (conf->dynamic_ps_timeout > 0 &&
1226 	    !(local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)) {
1227 		mod_timer(&local->dynamic_ps_timer, jiffies +
1228 			  msecs_to_jiffies(conf->dynamic_ps_timeout));
1229 	} else {
1230 		if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1231 			ieee80211_send_nullfunc(local, sdata, 1);
1232 
1233 		if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1234 		    (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
1235 			return;
1236 
1237 		conf->flags |= IEEE80211_CONF_PS;
1238 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1239 	}
1240 }
1241 
1242 static void ieee80211_change_ps(struct ieee80211_local *local)
1243 {
1244 	struct ieee80211_conf *conf = &local->hw.conf;
1245 
1246 	if (local->ps_sdata) {
1247 		ieee80211_enable_ps(local, local->ps_sdata);
1248 	} else if (conf->flags & IEEE80211_CONF_PS) {
1249 		conf->flags &= ~IEEE80211_CONF_PS;
1250 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1251 		del_timer_sync(&local->dynamic_ps_timer);
1252 		cancel_work_sync(&local->dynamic_ps_enable_work);
1253 	}
1254 }
1255 
1256 static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
1257 {
1258 	struct ieee80211_if_managed *mgd = &sdata->u.mgd;
1259 	struct sta_info *sta = NULL;
1260 	bool authorized = false;
1261 
1262 	if (!mgd->powersave)
1263 		return false;
1264 
1265 	if (mgd->broken_ap)
1266 		return false;
1267 
1268 	if (!mgd->associated)
1269 		return false;
1270 
1271 	if (mgd->flags & IEEE80211_STA_CONNECTION_POLL)
1272 		return false;
1273 
1274 	if (!mgd->have_beacon)
1275 		return false;
1276 
1277 	rcu_read_lock();
1278 	sta = sta_info_get(sdata, mgd->bssid);
1279 	if (sta)
1280 		authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
1281 	rcu_read_unlock();
1282 
1283 	return authorized;
1284 }
1285 
1286 /* need to hold RTNL or interface lock */
1287 void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
1288 {
1289 	struct ieee80211_sub_if_data *sdata, *found = NULL;
1290 	int count = 0;
1291 	int timeout;
1292 
1293 	if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
1294 		local->ps_sdata = NULL;
1295 		return;
1296 	}
1297 
1298 	list_for_each_entry(sdata, &local->interfaces, list) {
1299 		if (!ieee80211_sdata_running(sdata))
1300 			continue;
1301 		if (sdata->vif.type == NL80211_IFTYPE_AP) {
1302 			/* If an AP vif is found, then disable PS
1303 			 * by setting the count to zero thereby setting
1304 			 * ps_sdata to NULL.
1305 			 */
1306 			count = 0;
1307 			break;
1308 		}
1309 		if (sdata->vif.type != NL80211_IFTYPE_STATION)
1310 			continue;
1311 		found = sdata;
1312 		count++;
1313 	}
1314 
1315 	if (count == 1 && ieee80211_powersave_allowed(found)) {
1316 		s32 beaconint_us;
1317 
1318 		if (latency < 0)
1319 			latency = pm_qos_request(PM_QOS_NETWORK_LATENCY);
1320 
1321 		beaconint_us = ieee80211_tu_to_usec(
1322 					found->vif.bss_conf.beacon_int);
1323 
1324 		timeout = local->dynamic_ps_forced_timeout;
1325 		if (timeout < 0) {
1326 			/*
1327 			 * Go to full PSM if the user configures a very low
1328 			 * latency requirement.
1329 			 * The 2000 second value is there for compatibility
1330 			 * until the PM_QOS_NETWORK_LATENCY is configured
1331 			 * with real values.
1332 			 */
1333 			if (latency > (1900 * USEC_PER_MSEC) &&
1334 			    latency != (2000 * USEC_PER_SEC))
1335 				timeout = 0;
1336 			else
1337 				timeout = 100;
1338 		}
1339 		local->hw.conf.dynamic_ps_timeout = timeout;
1340 
1341 		if (beaconint_us > latency) {
1342 			local->ps_sdata = NULL;
1343 		} else {
1344 			int maxslp = 1;
1345 			u8 dtimper = found->u.mgd.dtim_period;
1346 
1347 			/* If the TIM IE is invalid, pretend the value is 1 */
1348 			if (!dtimper)
1349 				dtimper = 1;
1350 			else if (dtimper > 1)
1351 				maxslp = min_t(int, dtimper,
1352 						    latency / beaconint_us);
1353 
1354 			local->hw.conf.max_sleep_period = maxslp;
1355 			local->hw.conf.ps_dtim_period = dtimper;
1356 			local->ps_sdata = found;
1357 		}
1358 	} else {
1359 		local->ps_sdata = NULL;
1360 	}
1361 
1362 	ieee80211_change_ps(local);
1363 }
1364 
1365 void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata)
1366 {
1367 	bool ps_allowed = ieee80211_powersave_allowed(sdata);
1368 
1369 	if (sdata->vif.bss_conf.ps != ps_allowed) {
1370 		sdata->vif.bss_conf.ps = ps_allowed;
1371 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_PS);
1372 	}
1373 }
1374 
1375 void ieee80211_dynamic_ps_disable_work(struct work_struct *work)
1376 {
1377 	struct ieee80211_local *local =
1378 		container_of(work, struct ieee80211_local,
1379 			     dynamic_ps_disable_work);
1380 
1381 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1382 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1383 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1384 	}
1385 
1386 	ieee80211_wake_queues_by_reason(&local->hw,
1387 					IEEE80211_MAX_QUEUE_MAP,
1388 					IEEE80211_QUEUE_STOP_REASON_PS);
1389 }
1390 
1391 void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1392 {
1393 	struct ieee80211_local *local =
1394 		container_of(work, struct ieee80211_local,
1395 			     dynamic_ps_enable_work);
1396 	struct ieee80211_sub_if_data *sdata = local->ps_sdata;
1397 	struct ieee80211_if_managed *ifmgd;
1398 	unsigned long flags;
1399 	int q;
1400 
1401 	/* can only happen when PS was just disabled anyway */
1402 	if (!sdata)
1403 		return;
1404 
1405 	ifmgd = &sdata->u.mgd;
1406 
1407 	if (local->hw.conf.flags & IEEE80211_CONF_PS)
1408 		return;
1409 
1410 	if (local->hw.conf.dynamic_ps_timeout > 0) {
1411 		/* don't enter PS if TX frames are pending */
1412 		if (drv_tx_frames_pending(local)) {
1413 			mod_timer(&local->dynamic_ps_timer, jiffies +
1414 				  msecs_to_jiffies(
1415 				  local->hw.conf.dynamic_ps_timeout));
1416 			return;
1417 		}
1418 
1419 		/*
1420 		 * transmission can be stopped by others which leads to
1421 		 * dynamic_ps_timer expiry. Postpone the ps timer if it
1422 		 * is not the actual idle state.
1423 		 */
1424 		spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1425 		for (q = 0; q < local->hw.queues; q++) {
1426 			if (local->queue_stop_reasons[q]) {
1427 				spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1428 						       flags);
1429 				mod_timer(&local->dynamic_ps_timer, jiffies +
1430 					  msecs_to_jiffies(
1431 					  local->hw.conf.dynamic_ps_timeout));
1432 				return;
1433 			}
1434 		}
1435 		spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1436 	}
1437 
1438 	if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1439 	    !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1440 		if (drv_tx_frames_pending(local)) {
1441 			mod_timer(&local->dynamic_ps_timer, jiffies +
1442 				  msecs_to_jiffies(
1443 				  local->hw.conf.dynamic_ps_timeout));
1444 		} else {
1445 			ieee80211_send_nullfunc(local, sdata, 1);
1446 			/* Flush to get the tx status of nullfunc frame */
1447 			ieee80211_flush_queues(local, sdata);
1448 		}
1449 	}
1450 
1451 	if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
1452 	      (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
1453 	    (ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1454 		ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
1455 		local->hw.conf.flags |= IEEE80211_CONF_PS;
1456 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1457 	}
1458 }
1459 
1460 void ieee80211_dynamic_ps_timer(unsigned long data)
1461 {
1462 	struct ieee80211_local *local = (void *) data;
1463 
1464 	if (local->quiescing || local->suspended)
1465 		return;
1466 
1467 	ieee80211_queue_work(&local->hw, &local->dynamic_ps_enable_work);
1468 }
1469 
1470 void ieee80211_dfs_cac_timer_work(struct work_struct *work)
1471 {
1472 	struct delayed_work *delayed_work =
1473 		container_of(work, struct delayed_work, work);
1474 	struct ieee80211_sub_if_data *sdata =
1475 		container_of(delayed_work, struct ieee80211_sub_if_data,
1476 			     dfs_cac_timer_work);
1477 	struct cfg80211_chan_def chandef = sdata->vif.bss_conf.chandef;
1478 
1479 	mutex_lock(&sdata->local->mtx);
1480 	if (sdata->wdev.cac_started) {
1481 		ieee80211_vif_release_channel(sdata);
1482 		cfg80211_cac_event(sdata->dev, &chandef,
1483 				   NL80211_RADAR_CAC_FINISHED,
1484 				   GFP_KERNEL);
1485 	}
1486 	mutex_unlock(&sdata->local->mtx);
1487 }
1488 
1489 /* MLME */
1490 static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1491 				     struct ieee80211_sub_if_data *sdata,
1492 				     const u8 *wmm_param, size_t wmm_param_len)
1493 {
1494 	struct ieee80211_tx_queue_params params;
1495 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1496 	size_t left;
1497 	int count;
1498 	const u8 *pos;
1499 	u8 uapsd_queues = 0;
1500 
1501 	if (!local->ops->conf_tx)
1502 		return false;
1503 
1504 	if (local->hw.queues < IEEE80211_NUM_ACS)
1505 		return false;
1506 
1507 	if (!wmm_param)
1508 		return false;
1509 
1510 	if (wmm_param_len < 8 || wmm_param[5] /* version */ != 1)
1511 		return false;
1512 
1513 	if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
1514 		uapsd_queues = ifmgd->uapsd_queues;
1515 
1516 	count = wmm_param[6] & 0x0f;
1517 	if (count == ifmgd->wmm_last_param_set)
1518 		return false;
1519 	ifmgd->wmm_last_param_set = count;
1520 
1521 	pos = wmm_param + 8;
1522 	left = wmm_param_len - 8;
1523 
1524 	memset(&params, 0, sizeof(params));
1525 
1526 	sdata->wmm_acm = 0;
1527 	for (; left >= 4; left -= 4, pos += 4) {
1528 		int aci = (pos[0] >> 5) & 0x03;
1529 		int acm = (pos[0] >> 4) & 0x01;
1530 		bool uapsd = false;
1531 		int queue;
1532 
1533 		switch (aci) {
1534 		case 1: /* AC_BK */
1535 			queue = 3;
1536 			if (acm)
1537 				sdata->wmm_acm |= BIT(1) | BIT(2); /* BK/- */
1538 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BK)
1539 				uapsd = true;
1540 			break;
1541 		case 2: /* AC_VI */
1542 			queue = 1;
1543 			if (acm)
1544 				sdata->wmm_acm |= BIT(4) | BIT(5); /* CL/VI */
1545 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VI)
1546 				uapsd = true;
1547 			break;
1548 		case 3: /* AC_VO */
1549 			queue = 0;
1550 			if (acm)
1551 				sdata->wmm_acm |= BIT(6) | BIT(7); /* VO/NC */
1552 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
1553 				uapsd = true;
1554 			break;
1555 		case 0: /* AC_BE */
1556 		default:
1557 			queue = 2;
1558 			if (acm)
1559 				sdata->wmm_acm |= BIT(0) | BIT(3); /* BE/EE */
1560 			if (uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_BE)
1561 				uapsd = true;
1562 			break;
1563 		}
1564 
1565 		params.aifs = pos[0] & 0x0f;
1566 		params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1567 		params.cw_min = ecw2cw(pos[1] & 0x0f);
1568 		params.txop = get_unaligned_le16(pos + 2);
1569 		params.acm = acm;
1570 		params.uapsd = uapsd;
1571 
1572 		mlme_dbg(sdata,
1573 			 "WMM queue=%d aci=%d acm=%d aifs=%d cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
1574 			 queue, aci, acm,
1575 			 params.aifs, params.cw_min, params.cw_max,
1576 			 params.txop, params.uapsd);
1577 		sdata->tx_conf[queue] = params;
1578 		if (drv_conf_tx(local, sdata, queue, &params))
1579 			sdata_err(sdata,
1580 				  "failed to set TX queue parameters for queue %d\n",
1581 				  queue);
1582 	}
1583 
1584 	/* enable WMM or activate new settings */
1585 	sdata->vif.bss_conf.qos = true;
1586 	return true;
1587 }
1588 
1589 static void __ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1590 {
1591 	lockdep_assert_held(&sdata->local->mtx);
1592 
1593 	sdata->u.mgd.flags &= ~IEEE80211_STA_CONNECTION_POLL;
1594 	ieee80211_run_deferred_scan(sdata->local);
1595 }
1596 
1597 static void ieee80211_stop_poll(struct ieee80211_sub_if_data *sdata)
1598 {
1599 	mutex_lock(&sdata->local->mtx);
1600 	__ieee80211_stop_poll(sdata);
1601 	mutex_unlock(&sdata->local->mtx);
1602 }
1603 
1604 static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
1605 					   u16 capab, bool erp_valid, u8 erp)
1606 {
1607 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1608 	u32 changed = 0;
1609 	bool use_protection;
1610 	bool use_short_preamble;
1611 	bool use_short_slot;
1612 
1613 	if (erp_valid) {
1614 		use_protection = (erp & WLAN_ERP_USE_PROTECTION) != 0;
1615 		use_short_preamble = (erp & WLAN_ERP_BARKER_PREAMBLE) == 0;
1616 	} else {
1617 		use_protection = false;
1618 		use_short_preamble = !!(capab & WLAN_CAPABILITY_SHORT_PREAMBLE);
1619 	}
1620 
1621 	use_short_slot = !!(capab & WLAN_CAPABILITY_SHORT_SLOT_TIME);
1622 	if (ieee80211_get_sdata_band(sdata) == IEEE80211_BAND_5GHZ)
1623 		use_short_slot = true;
1624 
1625 	if (use_protection != bss_conf->use_cts_prot) {
1626 		bss_conf->use_cts_prot = use_protection;
1627 		changed |= BSS_CHANGED_ERP_CTS_PROT;
1628 	}
1629 
1630 	if (use_short_preamble != bss_conf->use_short_preamble) {
1631 		bss_conf->use_short_preamble = use_short_preamble;
1632 		changed |= BSS_CHANGED_ERP_PREAMBLE;
1633 	}
1634 
1635 	if (use_short_slot != bss_conf->use_short_slot) {
1636 		bss_conf->use_short_slot = use_short_slot;
1637 		changed |= BSS_CHANGED_ERP_SLOT;
1638 	}
1639 
1640 	return changed;
1641 }
1642 
1643 static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1644 				     struct cfg80211_bss *cbss,
1645 				     u32 bss_info_changed)
1646 {
1647 	struct ieee80211_bss *bss = (void *)cbss->priv;
1648 	struct ieee80211_local *local = sdata->local;
1649 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1650 
1651 	bss_info_changed |= BSS_CHANGED_ASSOC;
1652 	bss_info_changed |= ieee80211_handle_bss_capability(sdata,
1653 		bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1654 
1655 	sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1656 		beacon_loss_count * bss_conf->beacon_int));
1657 
1658 	sdata->u.mgd.associated = cbss;
1659 	memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
1660 
1661 	sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
1662 
1663 	if (sdata->vif.p2p) {
1664 		const struct cfg80211_bss_ies *ies;
1665 
1666 		rcu_read_lock();
1667 		ies = rcu_dereference(cbss->ies);
1668 		if (ies) {
1669 			int ret;
1670 
1671 			ret = cfg80211_get_p2p_attr(
1672 					ies->data, ies->len,
1673 					IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1674 					(u8 *) &bss_conf->p2p_noa_attr,
1675 					sizeof(bss_conf->p2p_noa_attr));
1676 			if (ret >= 2) {
1677 				sdata->u.mgd.p2p_noa_index =
1678 					bss_conf->p2p_noa_attr.index;
1679 				bss_info_changed |= BSS_CHANGED_P2P_PS;
1680 			}
1681 		}
1682 		rcu_read_unlock();
1683 	}
1684 
1685 	/* just to be sure */
1686 	ieee80211_stop_poll(sdata);
1687 
1688 	ieee80211_led_assoc(local, 1);
1689 
1690 	if (sdata->u.mgd.have_beacon) {
1691 		/*
1692 		 * If the AP is buggy we may get here with no DTIM period
1693 		 * known, so assume it's 1 which is the only safe assumption
1694 		 * in that case, although if the TIM IE is broken powersave
1695 		 * probably just won't work at all.
1696 		 */
1697 		bss_conf->dtim_period = sdata->u.mgd.dtim_period ?: 1;
1698 		bss_conf->beacon_rate = bss->beacon_rate;
1699 		bss_info_changed |= BSS_CHANGED_BEACON_INFO;
1700 	} else {
1701 		bss_conf->beacon_rate = NULL;
1702 		bss_conf->dtim_period = 0;
1703 	}
1704 
1705 	bss_conf->assoc = 1;
1706 
1707 	/* Tell the driver to monitor connection quality (if supported) */
1708 	if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1709 	    bss_conf->cqm_rssi_thold)
1710 		bss_info_changed |= BSS_CHANGED_CQM;
1711 
1712 	/* Enable ARP filtering */
1713 	if (bss_conf->arp_addr_cnt)
1714 		bss_info_changed |= BSS_CHANGED_ARP_FILTER;
1715 
1716 	ieee80211_bss_info_change_notify(sdata, bss_info_changed);
1717 
1718 	mutex_lock(&local->iflist_mtx);
1719 	ieee80211_recalc_ps(local, -1);
1720 	mutex_unlock(&local->iflist_mtx);
1721 
1722 	ieee80211_recalc_smps(sdata);
1723 	ieee80211_recalc_ps_vif(sdata);
1724 
1725 	netif_carrier_on(sdata->dev);
1726 }
1727 
1728 static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1729 				   u16 stype, u16 reason, bool tx,
1730 				   u8 *frame_buf)
1731 {
1732 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1733 	struct ieee80211_local *local = sdata->local;
1734 	u32 changed = 0;
1735 
1736 	sdata_assert_lock(sdata);
1737 
1738 	if (WARN_ON_ONCE(tx && !frame_buf))
1739 		return;
1740 
1741 	if (WARN_ON(!ifmgd->associated))
1742 		return;
1743 
1744 	ieee80211_stop_poll(sdata);
1745 
1746 	ifmgd->associated = NULL;
1747 	netif_carrier_off(sdata->dev);
1748 
1749 	/*
1750 	 * if we want to get out of ps before disassoc (why?) we have
1751 	 * to do it before sending disassoc, as otherwise the null-packet
1752 	 * won't be valid.
1753 	 */
1754 	if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1755 		local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1756 		ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1757 	}
1758 	local->ps_sdata = NULL;
1759 
1760 	/* disable per-vif ps */
1761 	ieee80211_recalc_ps_vif(sdata);
1762 
1763 	/* flush out any pending frame (e.g. DELBA) before deauth/disassoc */
1764 	if (tx)
1765 		ieee80211_flush_queues(local, sdata);
1766 
1767 	/* deauthenticate/disassociate now */
1768 	if (tx || frame_buf)
1769 		ieee80211_send_deauth_disassoc(sdata, ifmgd->bssid, stype,
1770 					       reason, tx, frame_buf);
1771 
1772 	/* flush out frame */
1773 	if (tx)
1774 		ieee80211_flush_queues(local, sdata);
1775 
1776 	/* clear bssid only after building the needed mgmt frames */
1777 	memset(ifmgd->bssid, 0, ETH_ALEN);
1778 
1779 	/* remove AP and TDLS peers */
1780 	sta_info_flush(sdata);
1781 
1782 	/* finally reset all BSS / config parameters */
1783 	changed |= ieee80211_reset_erp_info(sdata);
1784 
1785 	ieee80211_led_assoc(local, 0);
1786 	changed |= BSS_CHANGED_ASSOC;
1787 	sdata->vif.bss_conf.assoc = false;
1788 
1789 	ifmgd->p2p_noa_index = -1;
1790 	memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1791 	       sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1792 
1793 	/* on the next assoc, re-program HT/VHT parameters */
1794 	memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
1795 	memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask));
1796 	memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa));
1797 	memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask));
1798 
1799 	sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
1800 
1801 	del_timer_sync(&local->dynamic_ps_timer);
1802 	cancel_work_sync(&local->dynamic_ps_enable_work);
1803 
1804 	/* Disable ARP filtering */
1805 	if (sdata->vif.bss_conf.arp_addr_cnt)
1806 		changed |= BSS_CHANGED_ARP_FILTER;
1807 
1808 	sdata->vif.bss_conf.qos = false;
1809 	changed |= BSS_CHANGED_QOS;
1810 
1811 	/* The BSSID (not really interesting) and HT changed */
1812 	changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1813 	ieee80211_bss_info_change_notify(sdata, changed);
1814 
1815 	/* disassociated - set to defaults now */
1816 	ieee80211_set_wmm_default(sdata, false);
1817 
1818 	del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1819 	del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1820 	del_timer_sync(&sdata->u.mgd.timer);
1821 	del_timer_sync(&sdata->u.mgd.chswitch_timer);
1822 
1823 	sdata->vif.bss_conf.dtim_period = 0;
1824 	sdata->vif.bss_conf.beacon_rate = NULL;
1825 
1826 	ifmgd->have_beacon = false;
1827 
1828 	ifmgd->flags = 0;
1829 	mutex_lock(&local->mtx);
1830 	ieee80211_vif_release_channel(sdata);
1831 
1832 	sdata->vif.csa_active = false;
1833 	if (!ieee80211_csa_needs_block_tx(local))
1834 		ieee80211_wake_queues_by_reason(&local->hw,
1835 					IEEE80211_MAX_QUEUE_MAP,
1836 					IEEE80211_QUEUE_STOP_REASON_CSA);
1837 	mutex_unlock(&local->mtx);
1838 
1839 	sdata->encrypt_headroom = IEEE80211_ENCRYPT_HEADROOM;
1840 }
1841 
1842 void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1843 			     struct ieee80211_hdr *hdr)
1844 {
1845 	/*
1846 	 * We can postpone the mgd.timer whenever receiving unicast frames
1847 	 * from AP because we know that the connection is working both ways
1848 	 * at that time. But multicast frames (and hence also beacons) must
1849 	 * be ignored here, because we need to trigger the timer during
1850 	 * data idle periods for sending the periodic probe request to the
1851 	 * AP we're connected to.
1852 	 */
1853 	if (is_multicast_ether_addr(hdr->addr1))
1854 		return;
1855 
1856 	ieee80211_sta_reset_conn_monitor(sdata);
1857 }
1858 
1859 static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1860 {
1861 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1862 	struct ieee80211_local *local = sdata->local;
1863 
1864 	mutex_lock(&local->mtx);
1865 	if (!(ifmgd->flags & IEEE80211_STA_CONNECTION_POLL))
1866 		goto out;
1867 
1868 	__ieee80211_stop_poll(sdata);
1869 
1870 	mutex_lock(&local->iflist_mtx);
1871 	ieee80211_recalc_ps(local, -1);
1872 	mutex_unlock(&local->iflist_mtx);
1873 
1874 	if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1875 		goto out;
1876 
1877 	/*
1878 	 * We've received a probe response, but are not sure whether
1879 	 * we have or will be receiving any beacons or data, so let's
1880 	 * schedule the timers again, just in case.
1881 	 */
1882 	ieee80211_sta_reset_beacon_monitor(sdata);
1883 
1884 	mod_timer(&ifmgd->conn_mon_timer,
1885 		  round_jiffies_up(jiffies +
1886 				   IEEE80211_CONNECTION_IDLE_TIME));
1887 out:
1888 	mutex_unlock(&local->mtx);
1889 }
1890 
1891 void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1892 			     struct ieee80211_hdr *hdr, bool ack)
1893 {
1894 	if (!ieee80211_is_data(hdr->frame_control))
1895 	    return;
1896 
1897 	if (ieee80211_is_nullfunc(hdr->frame_control) &&
1898 	    sdata->u.mgd.probe_send_count > 0) {
1899 		if (ack)
1900 			ieee80211_sta_reset_conn_monitor(sdata);
1901 		else
1902 			sdata->u.mgd.nullfunc_failed = true;
1903 		ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1904 		return;
1905 	}
1906 
1907 	if (ack)
1908 		ieee80211_sta_reset_conn_monitor(sdata);
1909 }
1910 
1911 static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1912 {
1913 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1914 	const u8 *ssid;
1915 	u8 *dst = ifmgd->associated->bssid;
1916 	u8 unicast_limit = max(1, max_probe_tries - 3);
1917 
1918 	/*
1919 	 * Try sending broadcast probe requests for the last three
1920 	 * probe requests after the first ones failed since some
1921 	 * buggy APs only support broadcast probe requests.
1922 	 */
1923 	if (ifmgd->probe_send_count >= unicast_limit)
1924 		dst = NULL;
1925 
1926 	/*
1927 	 * When the hardware reports an accurate Tx ACK status, it's
1928 	 * better to send a nullfunc frame instead of a probe request,
1929 	 * as it will kick us off the AP quickly if we aren't associated
1930 	 * anymore. The timeout will be reset if the frame is ACKed by
1931 	 * the AP.
1932 	 */
1933 	ifmgd->probe_send_count++;
1934 
1935 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1936 		ifmgd->nullfunc_failed = false;
1937 		ieee80211_send_nullfunc(sdata->local, sdata, 0);
1938 	} else {
1939 		int ssid_len;
1940 
1941 		rcu_read_lock();
1942 		ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1943 		if (WARN_ON_ONCE(ssid == NULL))
1944 			ssid_len = 0;
1945 		else
1946 			ssid_len = ssid[1];
1947 
1948 		ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid_len, NULL,
1949 					 0, (u32) -1, true, 0,
1950 					 ifmgd->associated->channel, false);
1951 		rcu_read_unlock();
1952 	}
1953 
1954 	ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1955 	run_again(sdata, ifmgd->probe_timeout);
1956 	if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
1957 		ieee80211_flush_queues(sdata->local, sdata);
1958 }
1959 
1960 static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1961 				   bool beacon)
1962 {
1963 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1964 	bool already = false;
1965 
1966 	if (!ieee80211_sdata_running(sdata))
1967 		return;
1968 
1969 	sdata_lock(sdata);
1970 
1971 	if (!ifmgd->associated)
1972 		goto out;
1973 
1974 	mutex_lock(&sdata->local->mtx);
1975 
1976 	if (sdata->local->tmp_channel || sdata->local->scanning) {
1977 		mutex_unlock(&sdata->local->mtx);
1978 		goto out;
1979 	}
1980 
1981 	if (beacon) {
1982 		mlme_dbg_ratelimited(sdata,
1983 				     "detected beacon loss from AP (missed %d beacons) - probing\n",
1984 				     beacon_loss_count);
1985 
1986 		ieee80211_cqm_rssi_notify(&sdata->vif,
1987 					  NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
1988 					  GFP_KERNEL);
1989 	}
1990 
1991 	/*
1992 	 * The driver/our work has already reported this event or the
1993 	 * connection monitoring has kicked in and we have already sent
1994 	 * a probe request. Or maybe the AP died and the driver keeps
1995 	 * reporting until we disassociate...
1996 	 *
1997 	 * In either case we have to ignore the current call to this
1998 	 * function (except for setting the correct probe reason bit)
1999 	 * because otherwise we would reset the timer every time and
2000 	 * never check whether we received a probe response!
2001 	 */
2002 	if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL)
2003 		already = true;
2004 
2005 	ifmgd->flags |= IEEE80211_STA_CONNECTION_POLL;
2006 
2007 	mutex_unlock(&sdata->local->mtx);
2008 
2009 	if (already)
2010 		goto out;
2011 
2012 	mutex_lock(&sdata->local->iflist_mtx);
2013 	ieee80211_recalc_ps(sdata->local, -1);
2014 	mutex_unlock(&sdata->local->iflist_mtx);
2015 
2016 	ifmgd->probe_send_count = 0;
2017 	ieee80211_mgd_probe_ap_send(sdata);
2018  out:
2019 	sdata_unlock(sdata);
2020 }
2021 
2022 struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
2023 					  struct ieee80211_vif *vif)
2024 {
2025 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2026 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2027 	struct cfg80211_bss *cbss;
2028 	struct sk_buff *skb;
2029 	const u8 *ssid;
2030 	int ssid_len;
2031 
2032 	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
2033 		return NULL;
2034 
2035 	sdata_assert_lock(sdata);
2036 
2037 	if (ifmgd->associated)
2038 		cbss = ifmgd->associated;
2039 	else if (ifmgd->auth_data)
2040 		cbss = ifmgd->auth_data->bss;
2041 	else if (ifmgd->assoc_data)
2042 		cbss = ifmgd->assoc_data->bss;
2043 	else
2044 		return NULL;
2045 
2046 	rcu_read_lock();
2047 	ssid = ieee80211_bss_get_ie(cbss, WLAN_EID_SSID);
2048 	if (WARN_ON_ONCE(ssid == NULL))
2049 		ssid_len = 0;
2050 	else
2051 		ssid_len = ssid[1];
2052 
2053 	skb = ieee80211_build_probe_req(sdata, cbss->bssid,
2054 					(u32) -1, cbss->channel,
2055 					ssid + 2, ssid_len,
2056 					NULL, 0, true);
2057 	rcu_read_unlock();
2058 
2059 	return skb;
2060 }
2061 EXPORT_SYMBOL(ieee80211_ap_probereq_get);
2062 
2063 static void __ieee80211_disconnect(struct ieee80211_sub_if_data *sdata)
2064 {
2065 	struct ieee80211_local *local = sdata->local;
2066 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2067 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
2068 
2069 	sdata_lock(sdata);
2070 	if (!ifmgd->associated) {
2071 		sdata_unlock(sdata);
2072 		return;
2073 	}
2074 
2075 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
2076 			       WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2077 			       true, frame_buf);
2078 	ifmgd->flags &= ~IEEE80211_STA_CSA_RECEIVED;
2079 
2080 	mutex_lock(&local->mtx);
2081 	sdata->vif.csa_active = false;
2082 	if (!ieee80211_csa_needs_block_tx(local))
2083 		ieee80211_wake_queues_by_reason(&local->hw,
2084 					IEEE80211_MAX_QUEUE_MAP,
2085 					IEEE80211_QUEUE_STOP_REASON_CSA);
2086 	mutex_unlock(&local->mtx);
2087 
2088 	cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
2089 			      IEEE80211_DEAUTH_FRAME_LEN);
2090 	sdata_unlock(sdata);
2091 }
2092 
2093 static void ieee80211_beacon_connection_loss_work(struct work_struct *work)
2094 {
2095 	struct ieee80211_sub_if_data *sdata =
2096 		container_of(work, struct ieee80211_sub_if_data,
2097 			     u.mgd.beacon_connection_loss_work);
2098 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2099 	struct sta_info *sta;
2100 
2101 	if (ifmgd->associated) {
2102 		rcu_read_lock();
2103 		sta = sta_info_get(sdata, ifmgd->bssid);
2104 		if (sta)
2105 			sta->beacon_loss_count++;
2106 		rcu_read_unlock();
2107 	}
2108 
2109 	if (ifmgd->connection_loss) {
2110 		sdata_info(sdata, "Connection to AP %pM lost\n",
2111 			   ifmgd->bssid);
2112 		__ieee80211_disconnect(sdata);
2113 	} else {
2114 		ieee80211_mgd_probe_ap(sdata, true);
2115 	}
2116 }
2117 
2118 static void ieee80211_csa_connection_drop_work(struct work_struct *work)
2119 {
2120 	struct ieee80211_sub_if_data *sdata =
2121 		container_of(work, struct ieee80211_sub_if_data,
2122 			     u.mgd.csa_connection_drop_work);
2123 
2124 	__ieee80211_disconnect(sdata);
2125 }
2126 
2127 void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2128 {
2129 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2130 	struct ieee80211_hw *hw = &sdata->local->hw;
2131 
2132 	trace_api_beacon_loss(sdata);
2133 
2134 	sdata->u.mgd.connection_loss = false;
2135 	ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2136 }
2137 EXPORT_SYMBOL(ieee80211_beacon_loss);
2138 
2139 void ieee80211_connection_loss(struct ieee80211_vif *vif)
2140 {
2141 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2142 	struct ieee80211_hw *hw = &sdata->local->hw;
2143 
2144 	trace_api_connection_loss(sdata);
2145 
2146 	sdata->u.mgd.connection_loss = true;
2147 	ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2148 }
2149 EXPORT_SYMBOL(ieee80211_connection_loss);
2150 
2151 
2152 static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
2153 					bool assoc)
2154 {
2155 	struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2156 
2157 	sdata_assert_lock(sdata);
2158 
2159 	if (!assoc) {
2160 		sta_info_destroy_addr(sdata, auth_data->bss->bssid);
2161 
2162 		memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2163 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2164 		sdata->u.mgd.flags = 0;
2165 		mutex_lock(&sdata->local->mtx);
2166 		ieee80211_vif_release_channel(sdata);
2167 		mutex_unlock(&sdata->local->mtx);
2168 	}
2169 
2170 	cfg80211_put_bss(sdata->local->hw.wiphy, auth_data->bss);
2171 	kfree(auth_data);
2172 	sdata->u.mgd.auth_data = NULL;
2173 }
2174 
2175 static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2176 				     struct ieee80211_mgmt *mgmt, size_t len)
2177 {
2178 	struct ieee80211_local *local = sdata->local;
2179 	struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
2180 	u8 *pos;
2181 	struct ieee802_11_elems elems;
2182 	u32 tx_flags = 0;
2183 
2184 	pos = mgmt->u.auth.variable;
2185 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2186 	if (!elems.challenge)
2187 		return;
2188 	auth_data->expected_transaction = 4;
2189 	drv_mgd_prepare_tx(sdata->local, sdata);
2190 	if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2191 		tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2192 			   IEEE80211_TX_INTFL_MLME_CONN_TX;
2193 	ieee80211_send_auth(sdata, 3, auth_data->algorithm, 0,
2194 			    elems.challenge - 2, elems.challenge_len + 2,
2195 			    auth_data->bss->bssid, auth_data->bss->bssid,
2196 			    auth_data->key, auth_data->key_len,
2197 			    auth_data->key_idx, tx_flags);
2198 }
2199 
2200 static void ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
2201 				   struct ieee80211_mgmt *mgmt, size_t len)
2202 {
2203 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2204 	u8 bssid[ETH_ALEN];
2205 	u16 auth_alg, auth_transaction, status_code;
2206 	struct sta_info *sta;
2207 
2208 	sdata_assert_lock(sdata);
2209 
2210 	if (len < 24 + 6)
2211 		return;
2212 
2213 	if (!ifmgd->auth_data || ifmgd->auth_data->done)
2214 		return;
2215 
2216 	memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2217 
2218 	if (!ether_addr_equal(bssid, mgmt->bssid))
2219 		return;
2220 
2221 	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
2222 	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
2223 	status_code = le16_to_cpu(mgmt->u.auth.status_code);
2224 
2225 	if (auth_alg != ifmgd->auth_data->algorithm ||
2226 	    auth_transaction != ifmgd->auth_data->expected_transaction) {
2227 		sdata_info(sdata, "%pM unexpected authentication state: alg %d (expected %d) transact %d (expected %d)\n",
2228 			   mgmt->sa, auth_alg, ifmgd->auth_data->algorithm,
2229 			   auth_transaction,
2230 			   ifmgd->auth_data->expected_transaction);
2231 		return;
2232 	}
2233 
2234 	if (status_code != WLAN_STATUS_SUCCESS) {
2235 		sdata_info(sdata, "%pM denied authentication (status %d)\n",
2236 			   mgmt->sa, status_code);
2237 		ieee80211_destroy_auth_data(sdata, false);
2238 		cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2239 		return;
2240 	}
2241 
2242 	switch (ifmgd->auth_data->algorithm) {
2243 	case WLAN_AUTH_OPEN:
2244 	case WLAN_AUTH_LEAP:
2245 	case WLAN_AUTH_FT:
2246 	case WLAN_AUTH_SAE:
2247 		break;
2248 	case WLAN_AUTH_SHARED_KEY:
2249 		if (ifmgd->auth_data->expected_transaction != 4) {
2250 			ieee80211_auth_challenge(sdata, mgmt, len);
2251 			/* need another frame */
2252 			return;
2253 		}
2254 		break;
2255 	default:
2256 		WARN_ONCE(1, "invalid auth alg %d",
2257 			  ifmgd->auth_data->algorithm);
2258 		return;
2259 	}
2260 
2261 	sdata_info(sdata, "authenticated\n");
2262 	ifmgd->auth_data->done = true;
2263 	ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
2264 	ifmgd->auth_data->timeout_started = true;
2265 	run_again(sdata, ifmgd->auth_data->timeout);
2266 
2267 	if (ifmgd->auth_data->algorithm == WLAN_AUTH_SAE &&
2268 	    ifmgd->auth_data->expected_transaction != 2) {
2269 		/*
2270 		 * Report auth frame to user space for processing since another
2271 		 * round of Authentication frames is still needed.
2272 		 */
2273 		cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2274 		return;
2275 	}
2276 
2277 	/* move station state to auth */
2278 	mutex_lock(&sdata->local->sta_mtx);
2279 	sta = sta_info_get(sdata, bssid);
2280 	if (!sta) {
2281 		WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
2282 		goto out_err;
2283 	}
2284 	if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
2285 		sdata_info(sdata, "failed moving %pM to auth\n", bssid);
2286 		goto out_err;
2287 	}
2288 	mutex_unlock(&sdata->local->sta_mtx);
2289 
2290 	cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2291 	return;
2292  out_err:
2293 	mutex_unlock(&sdata->local->sta_mtx);
2294 	/* ignore frame -- wait for timeout */
2295 }
2296 
2297 #define case_WLAN(type) \
2298 	case WLAN_REASON_##type: return #type
2299 
2300 static const char *ieee80211_get_reason_code_string(u16 reason_code)
2301 {
2302 	switch (reason_code) {
2303 	case_WLAN(UNSPECIFIED);
2304 	case_WLAN(PREV_AUTH_NOT_VALID);
2305 	case_WLAN(DEAUTH_LEAVING);
2306 	case_WLAN(DISASSOC_DUE_TO_INACTIVITY);
2307 	case_WLAN(DISASSOC_AP_BUSY);
2308 	case_WLAN(CLASS2_FRAME_FROM_NONAUTH_STA);
2309 	case_WLAN(CLASS3_FRAME_FROM_NONASSOC_STA);
2310 	case_WLAN(DISASSOC_STA_HAS_LEFT);
2311 	case_WLAN(STA_REQ_ASSOC_WITHOUT_AUTH);
2312 	case_WLAN(DISASSOC_BAD_POWER);
2313 	case_WLAN(DISASSOC_BAD_SUPP_CHAN);
2314 	case_WLAN(INVALID_IE);
2315 	case_WLAN(MIC_FAILURE);
2316 	case_WLAN(4WAY_HANDSHAKE_TIMEOUT);
2317 	case_WLAN(GROUP_KEY_HANDSHAKE_TIMEOUT);
2318 	case_WLAN(IE_DIFFERENT);
2319 	case_WLAN(INVALID_GROUP_CIPHER);
2320 	case_WLAN(INVALID_PAIRWISE_CIPHER);
2321 	case_WLAN(INVALID_AKMP);
2322 	case_WLAN(UNSUPP_RSN_VERSION);
2323 	case_WLAN(INVALID_RSN_IE_CAP);
2324 	case_WLAN(IEEE8021X_FAILED);
2325 	case_WLAN(CIPHER_SUITE_REJECTED);
2326 	case_WLAN(DISASSOC_UNSPECIFIED_QOS);
2327 	case_WLAN(DISASSOC_QAP_NO_BANDWIDTH);
2328 	case_WLAN(DISASSOC_LOW_ACK);
2329 	case_WLAN(DISASSOC_QAP_EXCEED_TXOP);
2330 	case_WLAN(QSTA_LEAVE_QBSS);
2331 	case_WLAN(QSTA_NOT_USE);
2332 	case_WLAN(QSTA_REQUIRE_SETUP);
2333 	case_WLAN(QSTA_TIMEOUT);
2334 	case_WLAN(QSTA_CIPHER_NOT_SUPP);
2335 	case_WLAN(MESH_PEER_CANCELED);
2336 	case_WLAN(MESH_MAX_PEERS);
2337 	case_WLAN(MESH_CONFIG);
2338 	case_WLAN(MESH_CLOSE);
2339 	case_WLAN(MESH_MAX_RETRIES);
2340 	case_WLAN(MESH_CONFIRM_TIMEOUT);
2341 	case_WLAN(MESH_INVALID_GTK);
2342 	case_WLAN(MESH_INCONSISTENT_PARAM);
2343 	case_WLAN(MESH_INVALID_SECURITY);
2344 	case_WLAN(MESH_PATH_ERROR);
2345 	case_WLAN(MESH_PATH_NOFORWARD);
2346 	case_WLAN(MESH_PATH_DEST_UNREACHABLE);
2347 	case_WLAN(MAC_EXISTS_IN_MBSS);
2348 	case_WLAN(MESH_CHAN_REGULATORY);
2349 	case_WLAN(MESH_CHAN);
2350 	default: return "<unknown>";
2351 	}
2352 }
2353 
2354 static void ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
2355 				     struct ieee80211_mgmt *mgmt, size_t len)
2356 {
2357 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2358 	const u8 *bssid = NULL;
2359 	u16 reason_code;
2360 
2361 	sdata_assert_lock(sdata);
2362 
2363 	if (len < 24 + 2)
2364 		return;
2365 
2366 	if (!ifmgd->associated ||
2367 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2368 		return;
2369 
2370 	bssid = ifmgd->associated->bssid;
2371 
2372 	reason_code = le16_to_cpu(mgmt->u.deauth.reason_code);
2373 
2374 	sdata_info(sdata, "deauthenticated from %pM (Reason: %u=%s)\n",
2375 		   bssid, reason_code, ieee80211_get_reason_code_string(reason_code));
2376 
2377 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2378 
2379 	cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2380 }
2381 
2382 
2383 static void ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
2384 				       struct ieee80211_mgmt *mgmt, size_t len)
2385 {
2386 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2387 	u16 reason_code;
2388 
2389 	sdata_assert_lock(sdata);
2390 
2391 	if (len < 24 + 2)
2392 		return;
2393 
2394 	if (!ifmgd->associated ||
2395 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2396 		return;
2397 
2398 	reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
2399 
2400 	sdata_info(sdata, "disassociated from %pM (Reason: %u)\n",
2401 		   mgmt->sa, reason_code);
2402 
2403 	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2404 
2405 	cfg80211_rx_mlme_mgmt(sdata->dev, (u8 *)mgmt, len);
2406 }
2407 
2408 static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
2409 				u8 *supp_rates, unsigned int supp_rates_len,
2410 				u32 *rates, u32 *basic_rates,
2411 				bool *have_higher_than_11mbit,
2412 				int *min_rate, int *min_rate_index,
2413 				int shift, u32 rate_flags)
2414 {
2415 	int i, j;
2416 
2417 	for (i = 0; i < supp_rates_len; i++) {
2418 		int rate = supp_rates[i] & 0x7f;
2419 		bool is_basic = !!(supp_rates[i] & 0x80);
2420 
2421 		if ((rate * 5 * (1 << shift)) > 110)
2422 			*have_higher_than_11mbit = true;
2423 
2424 		/*
2425 		 * BSS_MEMBERSHIP_SELECTOR_HT_PHY is defined in 802.11n-2009
2426 		 * 7.3.2.2 as a magic value instead of a rate. Hence, skip it.
2427 		 *
2428 		 * Note: Even through the membership selector and the basic
2429 		 *	 rate flag share the same bit, they are not exactly
2430 		 *	 the same.
2431 		 */
2432 		if (!!(supp_rates[i] & 0x80) &&
2433 		    (supp_rates[i] & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
2434 			continue;
2435 
2436 		for (j = 0; j < sband->n_bitrates; j++) {
2437 			struct ieee80211_rate *br;
2438 			int brate;
2439 
2440 			br = &sband->bitrates[j];
2441 			if ((rate_flags & br->flags) != rate_flags)
2442 				continue;
2443 
2444 			brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2445 			if (brate == rate) {
2446 				*rates |= BIT(j);
2447 				if (is_basic)
2448 					*basic_rates |= BIT(j);
2449 				if ((rate * 5) < *min_rate) {
2450 					*min_rate = rate * 5;
2451 					*min_rate_index = j;
2452 				}
2453 				break;
2454 			}
2455 		}
2456 	}
2457 }
2458 
2459 static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
2460 					 bool assoc)
2461 {
2462 	struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2463 
2464 	sdata_assert_lock(sdata);
2465 
2466 	if (!assoc) {
2467 		sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
2468 
2469 		memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
2470 		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
2471 		sdata->u.mgd.flags = 0;
2472 		mutex_lock(&sdata->local->mtx);
2473 		ieee80211_vif_release_channel(sdata);
2474 		mutex_unlock(&sdata->local->mtx);
2475 	}
2476 
2477 	kfree(assoc_data);
2478 	sdata->u.mgd.assoc_data = NULL;
2479 }
2480 
2481 static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2482 				    struct cfg80211_bss *cbss,
2483 				    struct ieee80211_mgmt *mgmt, size_t len)
2484 {
2485 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2486 	struct ieee80211_local *local = sdata->local;
2487 	struct ieee80211_supported_band *sband;
2488 	struct sta_info *sta;
2489 	u8 *pos;
2490 	u16 capab_info, aid;
2491 	struct ieee802_11_elems elems;
2492 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2493 	const struct cfg80211_bss_ies *bss_ies = NULL;
2494 	struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2495 	u32 changed = 0;
2496 	int err;
2497 	bool ret;
2498 
2499 	/* AssocResp and ReassocResp have identical structure */
2500 
2501 	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2502 	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2503 
2504 	if ((aid & (BIT(15) | BIT(14))) != (BIT(15) | BIT(14)))
2505 		sdata_info(sdata, "invalid AID value 0x%x; bits 15:14 not set\n",
2506 			   aid);
2507 	aid &= ~(BIT(15) | BIT(14));
2508 
2509 	ifmgd->broken_ap = false;
2510 
2511 	if (aid == 0 || aid > IEEE80211_MAX_AID) {
2512 		sdata_info(sdata, "invalid AID value %d (out of range), turn off PS\n",
2513 			   aid);
2514 		aid = 0;
2515 		ifmgd->broken_ap = true;
2516 	}
2517 
2518 	pos = mgmt->u.assoc_resp.variable;
2519 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2520 
2521 	if (!elems.supp_rates) {
2522 		sdata_info(sdata, "no SuppRates element in AssocResp\n");
2523 		return false;
2524 	}
2525 
2526 	ifmgd->aid = aid;
2527 
2528 	/*
2529 	 * Some APs are erroneously not including some information in their
2530 	 * (re)association response frames. Try to recover by using the data
2531 	 * from the beacon or probe response. This seems to afflict mobile
2532 	 * 2G/3G/4G wifi routers, reported models include the "Onda PN51T",
2533 	 * "Vodafone PocketWiFi 2", "ZTE MF60" and a similar T-Mobile device.
2534 	 */
2535 	if ((assoc_data->wmm && !elems.wmm_param) ||
2536 	    (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2537 	     (!elems.ht_cap_elem || !elems.ht_operation)) ||
2538 	    (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2539 	     (!elems.vht_cap_elem || !elems.vht_operation))) {
2540 		const struct cfg80211_bss_ies *ies;
2541 		struct ieee802_11_elems bss_elems;
2542 
2543 		rcu_read_lock();
2544 		ies = rcu_dereference(cbss->ies);
2545 		if (ies)
2546 			bss_ies = kmemdup(ies, sizeof(*ies) + ies->len,
2547 					  GFP_ATOMIC);
2548 		rcu_read_unlock();
2549 		if (!bss_ies)
2550 			return false;
2551 
2552 		ieee802_11_parse_elems(bss_ies->data, bss_ies->len,
2553 				       false, &bss_elems);
2554 		if (assoc_data->wmm &&
2555 		    !elems.wmm_param && bss_elems.wmm_param) {
2556 			elems.wmm_param = bss_elems.wmm_param;
2557 			sdata_info(sdata,
2558 				   "AP bug: WMM param missing from AssocResp\n");
2559 		}
2560 
2561 		/*
2562 		 * Also check if we requested HT/VHT, otherwise the AP doesn't
2563 		 * have to include the IEs in the (re)association response.
2564 		 */
2565 		if (!elems.ht_cap_elem && bss_elems.ht_cap_elem &&
2566 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2567 			elems.ht_cap_elem = bss_elems.ht_cap_elem;
2568 			sdata_info(sdata,
2569 				   "AP bug: HT capability missing from AssocResp\n");
2570 		}
2571 		if (!elems.ht_operation && bss_elems.ht_operation &&
2572 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
2573 			elems.ht_operation = bss_elems.ht_operation;
2574 			sdata_info(sdata,
2575 				   "AP bug: HT operation missing from AssocResp\n");
2576 		}
2577 		if (!elems.vht_cap_elem && bss_elems.vht_cap_elem &&
2578 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2579 			elems.vht_cap_elem = bss_elems.vht_cap_elem;
2580 			sdata_info(sdata,
2581 				   "AP bug: VHT capa missing from AssocResp\n");
2582 		}
2583 		if (!elems.vht_operation && bss_elems.vht_operation &&
2584 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) {
2585 			elems.vht_operation = bss_elems.vht_operation;
2586 			sdata_info(sdata,
2587 				   "AP bug: VHT operation missing from AssocResp\n");
2588 		}
2589 	}
2590 
2591 	/*
2592 	 * We previously checked these in the beacon/probe response, so
2593 	 * they should be present here. This is just a safety net.
2594 	 */
2595 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
2596 	    (!elems.wmm_param || !elems.ht_cap_elem || !elems.ht_operation)) {
2597 		sdata_info(sdata,
2598 			   "HT AP is missing WMM params or HT capability/operation\n");
2599 		ret = false;
2600 		goto out;
2601 	}
2602 
2603 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
2604 	    (!elems.vht_cap_elem || !elems.vht_operation)) {
2605 		sdata_info(sdata,
2606 			   "VHT AP is missing VHT capability/operation\n");
2607 		ret = false;
2608 		goto out;
2609 	}
2610 
2611 	mutex_lock(&sdata->local->sta_mtx);
2612 	/*
2613 	 * station info was already allocated and inserted before
2614 	 * the association and should be available to us
2615 	 */
2616 	sta = sta_info_get(sdata, cbss->bssid);
2617 	if (WARN_ON(!sta)) {
2618 		mutex_unlock(&sdata->local->sta_mtx);
2619 		ret = false;
2620 		goto out;
2621 	}
2622 
2623 	sband = local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
2624 
2625 	/* Set up internal HT/VHT capabilities */
2626 	if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_HT))
2627 		ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2628 						  elems.ht_cap_elem, sta);
2629 
2630 	if (elems.vht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_VHT))
2631 		ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2632 						    elems.vht_cap_elem, sta);
2633 
2634 	/*
2635 	 * Some APs, e.g. Netgear WNDR3700, report invalid HT operation data
2636 	 * in their association response, so ignore that data for our own
2637 	 * configuration. If it changed since the last beacon, we'll get the
2638 	 * next beacon and update then.
2639 	 */
2640 
2641 	/*
2642 	 * If an operating mode notification IE is present, override the
2643 	 * NSS calculation (that would be done in rate_control_rate_init())
2644 	 * and use the # of streams from that element.
2645 	 */
2646 	if (elems.opmode_notif &&
2647 	    !(*elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_TYPE_BF)) {
2648 		u8 nss;
2649 
2650 		nss = *elems.opmode_notif & IEEE80211_OPMODE_NOTIF_RX_NSS_MASK;
2651 		nss >>= IEEE80211_OPMODE_NOTIF_RX_NSS_SHIFT;
2652 		nss += 1;
2653 		sta->sta.rx_nss = nss;
2654 	}
2655 
2656 	rate_control_rate_init(sta);
2657 
2658 	if (ifmgd->flags & IEEE80211_STA_MFP_ENABLED)
2659 		set_sta_flag(sta, WLAN_STA_MFP);
2660 
2661 	if (elems.wmm_param)
2662 		set_sta_flag(sta, WLAN_STA_WME);
2663 
2664 	err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2665 	if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2666 		err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
2667 	if (err) {
2668 		sdata_info(sdata,
2669 			   "failed to move station %pM to desired state\n",
2670 			   sta->sta.addr);
2671 		WARN_ON(__sta_info_destroy(sta));
2672 		mutex_unlock(&sdata->local->sta_mtx);
2673 		ret = false;
2674 		goto out;
2675 	}
2676 
2677 	mutex_unlock(&sdata->local->sta_mtx);
2678 
2679 	/*
2680 	 * Always handle WMM once after association regardless
2681 	 * of the first value the AP uses. Setting -1 here has
2682 	 * that effect because the AP values is an unsigned
2683 	 * 4-bit value.
2684 	 */
2685 	ifmgd->wmm_last_param_set = -1;
2686 
2687 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) && elems.wmm_param)
2688 		ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
2689 					 elems.wmm_param_len);
2690 	else
2691 		ieee80211_set_wmm_default(sdata, false);
2692 	changed |= BSS_CHANGED_QOS;
2693 
2694 	/* set AID and assoc capability,
2695 	 * ieee80211_set_associated() will tell the driver */
2696 	bss_conf->aid = aid;
2697 	bss_conf->assoc_capability = capab_info;
2698 	ieee80211_set_associated(sdata, cbss, changed);
2699 
2700 	/*
2701 	 * If we're using 4-addr mode, let the AP know that we're
2702 	 * doing so, so that it can create the STA VLAN on its side
2703 	 */
2704 	if (ifmgd->use_4addr)
2705 		ieee80211_send_4addr_nullfunc(local, sdata);
2706 
2707 	/*
2708 	 * Start timer to probe the connection to the AP now.
2709 	 * Also start the timer that will detect beacon loss.
2710 	 */
2711 	ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
2712 	ieee80211_sta_reset_beacon_monitor(sdata);
2713 
2714 	ret = true;
2715  out:
2716 	kfree(bss_ies);
2717 	return ret;
2718 }
2719 
2720 static void ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2721 					 struct ieee80211_mgmt *mgmt,
2722 					 size_t len)
2723 {
2724 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2725 	struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2726 	u16 capab_info, status_code, aid;
2727 	struct ieee802_11_elems elems;
2728 	u8 *pos;
2729 	bool reassoc;
2730 	struct cfg80211_bss *bss;
2731 
2732 	sdata_assert_lock(sdata);
2733 
2734 	if (!assoc_data)
2735 		return;
2736 	if (!ether_addr_equal(assoc_data->bss->bssid, mgmt->bssid))
2737 		return;
2738 
2739 	/*
2740 	 * AssocResp and ReassocResp have identical structure, so process both
2741 	 * of them in this function.
2742 	 */
2743 
2744 	if (len < 24 + 6)
2745 		return;
2746 
2747 	reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2748 	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2749 	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2750 	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2751 
2752 	sdata_info(sdata,
2753 		   "RX %sssocResp from %pM (capab=0x%x status=%d aid=%d)\n",
2754 		   reassoc ? "Rea" : "A", mgmt->sa,
2755 		   capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2756 
2757 	pos = mgmt->u.assoc_resp.variable;
2758 	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2759 
2760 	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2761 	    elems.timeout_int &&
2762 	    elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2763 		u32 tu, ms;
2764 		tu = le32_to_cpu(elems.timeout_int->value);
2765 		ms = tu * 1024 / 1000;
2766 		sdata_info(sdata,
2767 			   "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
2768 			   mgmt->sa, tu, ms);
2769 		assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2770 		assoc_data->timeout_started = true;
2771 		if (ms > IEEE80211_ASSOC_TIMEOUT)
2772 			run_again(sdata, assoc_data->timeout);
2773 		return;
2774 	}
2775 
2776 	bss = assoc_data->bss;
2777 
2778 	if (status_code != WLAN_STATUS_SUCCESS) {
2779 		sdata_info(sdata, "%pM denied association (code=%d)\n",
2780 			   mgmt->sa, status_code);
2781 		ieee80211_destroy_assoc_data(sdata, false);
2782 	} else {
2783 		if (!ieee80211_assoc_success(sdata, bss, mgmt, len)) {
2784 			/* oops -- internal error -- send timeout for now */
2785 			ieee80211_destroy_assoc_data(sdata, false);
2786 			cfg80211_assoc_timeout(sdata->dev, bss);
2787 			return;
2788 		}
2789 		sdata_info(sdata, "associated\n");
2790 
2791 		/*
2792 		 * destroy assoc_data afterwards, as otherwise an idle
2793 		 * recalc after assoc_data is NULL but before associated
2794 		 * is set can cause the interface to go idle
2795 		 */
2796 		ieee80211_destroy_assoc_data(sdata, true);
2797 	}
2798 
2799 	cfg80211_rx_assoc_resp(sdata->dev, bss, (u8 *)mgmt, len);
2800 }
2801 
2802 static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2803 				  struct ieee80211_mgmt *mgmt, size_t len,
2804 				  struct ieee80211_rx_status *rx_status,
2805 				  struct ieee802_11_elems *elems)
2806 {
2807 	struct ieee80211_local *local = sdata->local;
2808 	struct ieee80211_bss *bss;
2809 	struct ieee80211_channel *channel;
2810 
2811 	sdata_assert_lock(sdata);
2812 
2813 	channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
2814 	if (!channel)
2815 		return;
2816 
2817 	bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
2818 					channel);
2819 	if (bss) {
2820 		sdata->vif.bss_conf.beacon_rate = bss->beacon_rate;
2821 		ieee80211_rx_bss_put(local, bss);
2822 	}
2823 }
2824 
2825 
2826 static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2827 					 struct sk_buff *skb)
2828 {
2829 	struct ieee80211_mgmt *mgmt = (void *)skb->data;
2830 	struct ieee80211_if_managed *ifmgd;
2831 	struct ieee80211_rx_status *rx_status = (void *) skb->cb;
2832 	size_t baselen, len = skb->len;
2833 	struct ieee802_11_elems elems;
2834 
2835 	ifmgd = &sdata->u.mgd;
2836 
2837 	sdata_assert_lock(sdata);
2838 
2839 	if (!ether_addr_equal(mgmt->da, sdata->vif.addr))
2840 		return; /* ignore ProbeResp to foreign address */
2841 
2842 	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
2843 	if (baselen > len)
2844 		return;
2845 
2846 	ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2847 			       false, &elems);
2848 
2849 	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2850 
2851 	if (ifmgd->associated &&
2852 	    ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2853 		ieee80211_reset_ap_probe(sdata);
2854 
2855 	if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2856 	    ether_addr_equal(mgmt->bssid, ifmgd->auth_data->bss->bssid)) {
2857 		/* got probe response, continue with auth */
2858 		sdata_info(sdata, "direct probe responded\n");
2859 		ifmgd->auth_data->tries = 0;
2860 		ifmgd->auth_data->timeout = jiffies;
2861 		ifmgd->auth_data->timeout_started = true;
2862 		run_again(sdata, ifmgd->auth_data->timeout);
2863 	}
2864 }
2865 
2866 /*
2867  * This is the canonical list of information elements we care about,
2868  * the filter code also gives us all changes to the Microsoft OUI
2869  * (00:50:F2) vendor IE which is used for WMM which we need to track.
2870  *
2871  * We implement beacon filtering in software since that means we can
2872  * avoid processing the frame here and in cfg80211, and userspace
2873  * will not be able to tell whether the hardware supports it or not.
2874  *
2875  * XXX: This list needs to be dynamic -- userspace needs to be able to
2876  *	add items it requires. It also needs to be able to tell us to
2877  *	look out for other vendor IEs.
2878  */
2879 static const u64 care_about_ies =
2880 	(1ULL << WLAN_EID_COUNTRY) |
2881 	(1ULL << WLAN_EID_ERP_INFO) |
2882 	(1ULL << WLAN_EID_CHANNEL_SWITCH) |
2883 	(1ULL << WLAN_EID_PWR_CONSTRAINT) |
2884 	(1ULL << WLAN_EID_HT_CAPABILITY) |
2885 	(1ULL << WLAN_EID_HT_OPERATION);
2886 
2887 static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2888 				     struct ieee80211_mgmt *mgmt, size_t len,
2889 				     struct ieee80211_rx_status *rx_status)
2890 {
2891 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2892 	struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
2893 	size_t baselen;
2894 	struct ieee802_11_elems elems;
2895 	struct ieee80211_local *local = sdata->local;
2896 	struct ieee80211_chanctx_conf *chanctx_conf;
2897 	struct ieee80211_channel *chan;
2898 	struct sta_info *sta;
2899 	u32 changed = 0;
2900 	bool erp_valid;
2901 	u8 erp_value = 0;
2902 	u32 ncrc;
2903 	u8 *bssid;
2904 	u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
2905 
2906 	sdata_assert_lock(sdata);
2907 
2908 	/* Process beacon from the current BSS */
2909 	baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
2910 	if (baselen > len)
2911 		return;
2912 
2913 	rcu_read_lock();
2914 	chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2915 	if (!chanctx_conf) {
2916 		rcu_read_unlock();
2917 		return;
2918 	}
2919 
2920 	if (rx_status->freq != chanctx_conf->def.chan->center_freq) {
2921 		rcu_read_unlock();
2922 		return;
2923 	}
2924 	chan = chanctx_conf->def.chan;
2925 	rcu_read_unlock();
2926 
2927 	if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2928 	    ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2929 		ieee802_11_parse_elems(mgmt->u.beacon.variable,
2930 				       len - baselen, false, &elems);
2931 
2932 		ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2933 		if (elems.tim && !elems.parse_error) {
2934 			const struct ieee80211_tim_ie *tim_ie = elems.tim;
2935 			ifmgd->dtim_period = tim_ie->dtim_period;
2936 		}
2937 		ifmgd->have_beacon = true;
2938 		ifmgd->assoc_data->need_beacon = false;
2939 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
2940 			sdata->vif.bss_conf.sync_tsf =
2941 				le64_to_cpu(mgmt->u.beacon.timestamp);
2942 			sdata->vif.bss_conf.sync_device_ts =
2943 				rx_status->device_timestamp;
2944 			if (elems.tim)
2945 				sdata->vif.bss_conf.sync_dtim_count =
2946 					elems.tim->dtim_count;
2947 			else
2948 				sdata->vif.bss_conf.sync_dtim_count = 0;
2949 		}
2950 		/* continue assoc process */
2951 		ifmgd->assoc_data->timeout = jiffies;
2952 		ifmgd->assoc_data->timeout_started = true;
2953 		run_again(sdata, ifmgd->assoc_data->timeout);
2954 		return;
2955 	}
2956 
2957 	if (!ifmgd->associated ||
2958 	    !ether_addr_equal(mgmt->bssid, ifmgd->associated->bssid))
2959 		return;
2960 	bssid = ifmgd->associated->bssid;
2961 
2962 	/* Track average RSSI from the Beacon frames of the current AP */
2963 	ifmgd->last_beacon_signal = rx_status->signal;
2964 	if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
2965 		ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
2966 		ifmgd->ave_beacon_signal = rx_status->signal * 16;
2967 		ifmgd->last_cqm_event_signal = 0;
2968 		ifmgd->count_beacon_signal = 1;
2969 		ifmgd->last_ave_beacon_signal = 0;
2970 	} else {
2971 		ifmgd->ave_beacon_signal =
2972 			(IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
2973 			 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
2974 			 ifmgd->ave_beacon_signal) / 16;
2975 		ifmgd->count_beacon_signal++;
2976 	}
2977 
2978 	if (ifmgd->rssi_min_thold != ifmgd->rssi_max_thold &&
2979 	    ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT) {
2980 		int sig = ifmgd->ave_beacon_signal;
2981 		int last_sig = ifmgd->last_ave_beacon_signal;
2982 
2983 		/*
2984 		 * if signal crosses either of the boundaries, invoke callback
2985 		 * with appropriate parameters
2986 		 */
2987 		if (sig > ifmgd->rssi_max_thold &&
2988 		    (last_sig <= ifmgd->rssi_min_thold || last_sig == 0)) {
2989 			ifmgd->last_ave_beacon_signal = sig;
2990 			drv_rssi_callback(local, sdata, RSSI_EVENT_HIGH);
2991 		} else if (sig < ifmgd->rssi_min_thold &&
2992 			   (last_sig >= ifmgd->rssi_max_thold ||
2993 			   last_sig == 0)) {
2994 			ifmgd->last_ave_beacon_signal = sig;
2995 			drv_rssi_callback(local, sdata, RSSI_EVENT_LOW);
2996 		}
2997 	}
2998 
2999 	if (bss_conf->cqm_rssi_thold &&
3000 	    ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
3001 	    !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
3002 		int sig = ifmgd->ave_beacon_signal / 16;
3003 		int last_event = ifmgd->last_cqm_event_signal;
3004 		int thold = bss_conf->cqm_rssi_thold;
3005 		int hyst = bss_conf->cqm_rssi_hyst;
3006 		if (sig < thold &&
3007 		    (last_event == 0 || sig < last_event - hyst)) {
3008 			ifmgd->last_cqm_event_signal = sig;
3009 			ieee80211_cqm_rssi_notify(
3010 				&sdata->vif,
3011 				NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
3012 				GFP_KERNEL);
3013 		} else if (sig > thold &&
3014 			   (last_event == 0 || sig > last_event + hyst)) {
3015 			ifmgd->last_cqm_event_signal = sig;
3016 			ieee80211_cqm_rssi_notify(
3017 				&sdata->vif,
3018 				NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
3019 				GFP_KERNEL);
3020 		}
3021 	}
3022 
3023 	if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL) {
3024 		mlme_dbg_ratelimited(sdata,
3025 				     "cancelling AP probe due to a received beacon\n");
3026 		ieee80211_reset_ap_probe(sdata);
3027 	}
3028 
3029 	/*
3030 	 * Push the beacon loss detection into the future since
3031 	 * we are processing a beacon from the AP just now.
3032 	 */
3033 	ieee80211_sta_reset_beacon_monitor(sdata);
3034 
3035 	ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
3036 	ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
3037 					  len - baselen, false, &elems,
3038 					  care_about_ies, ncrc);
3039 
3040 	if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
3041 		bool directed_tim = ieee80211_check_tim(elems.tim,
3042 							elems.tim_len,
3043 							ifmgd->aid);
3044 		if (directed_tim) {
3045 			if (local->hw.conf.dynamic_ps_timeout > 0) {
3046 				if (local->hw.conf.flags & IEEE80211_CONF_PS) {
3047 					local->hw.conf.flags &= ~IEEE80211_CONF_PS;
3048 					ieee80211_hw_config(local,
3049 							    IEEE80211_CONF_CHANGE_PS);
3050 				}
3051 				ieee80211_send_nullfunc(local, sdata, 0);
3052 			} else if (!local->pspolling && sdata->u.mgd.powersave) {
3053 				local->pspolling = true;
3054 
3055 				/*
3056 				 * Here is assumed that the driver will be
3057 				 * able to send ps-poll frame and receive a
3058 				 * response even though power save mode is
3059 				 * enabled, but some drivers might require
3060 				 * to disable power save here. This needs
3061 				 * to be investigated.
3062 				 */
3063 				ieee80211_send_pspoll(local, sdata);
3064 			}
3065 		}
3066 	}
3067 
3068 	if (sdata->vif.p2p) {
3069 		struct ieee80211_p2p_noa_attr noa = {};
3070 		int ret;
3071 
3072 		ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
3073 					    len - baselen,
3074 					    IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
3075 					    (u8 *) &noa, sizeof(noa));
3076 		if (ret >= 2) {
3077 			if (sdata->u.mgd.p2p_noa_index != noa.index) {
3078 				/* valid noa_attr and index changed */
3079 				sdata->u.mgd.p2p_noa_index = noa.index;
3080 				memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3081 				changed |= BSS_CHANGED_P2P_PS;
3082 				/*
3083 				 * make sure we update all information, the CRC
3084 				 * mechanism doesn't look at P2P attributes.
3085 				 */
3086 				ifmgd->beacon_crc_valid = false;
3087 			}
3088 		} else if (sdata->u.mgd.p2p_noa_index != -1) {
3089 			/* noa_attr not found and we had valid noa_attr before */
3090 			sdata->u.mgd.p2p_noa_index = -1;
3091 			memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
3092 			changed |= BSS_CHANGED_P2P_PS;
3093 			ifmgd->beacon_crc_valid = false;
3094 		}
3095 	}
3096 
3097 	if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
3098 		return;
3099 	ifmgd->beacon_crc = ncrc;
3100 	ifmgd->beacon_crc_valid = true;
3101 
3102 	ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
3103 
3104 	ieee80211_sta_process_chanswitch(sdata, rx_status->mactime,
3105 					 &elems, true);
3106 
3107 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_WMM) &&
3108 	    ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
3109 				     elems.wmm_param_len))
3110 		changed |= BSS_CHANGED_QOS;
3111 
3112 	/*
3113 	 * If we haven't had a beacon before, tell the driver about the
3114 	 * DTIM period (and beacon timing if desired) now.
3115 	 */
3116 	if (!ifmgd->have_beacon) {
3117 		/* a few bogus AP send dtim_period = 0 or no TIM IE */
3118 		if (elems.tim)
3119 			bss_conf->dtim_period = elems.tim->dtim_period ?: 1;
3120 		else
3121 			bss_conf->dtim_period = 1;
3122 
3123 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
3124 			sdata->vif.bss_conf.sync_tsf =
3125 				le64_to_cpu(mgmt->u.beacon.timestamp);
3126 			sdata->vif.bss_conf.sync_device_ts =
3127 				rx_status->device_timestamp;
3128 			if (elems.tim)
3129 				sdata->vif.bss_conf.sync_dtim_count =
3130 					elems.tim->dtim_count;
3131 			else
3132 				sdata->vif.bss_conf.sync_dtim_count = 0;
3133 		}
3134 
3135 		changed |= BSS_CHANGED_BEACON_INFO;
3136 		ifmgd->have_beacon = true;
3137 
3138 		mutex_lock(&local->iflist_mtx);
3139 		ieee80211_recalc_ps(local, -1);
3140 		mutex_unlock(&local->iflist_mtx);
3141 
3142 		ieee80211_recalc_ps_vif(sdata);
3143 	}
3144 
3145 	if (elems.erp_info) {
3146 		erp_valid = true;
3147 		erp_value = elems.erp_info[0];
3148 	} else {
3149 		erp_valid = false;
3150 	}
3151 	changed |= ieee80211_handle_bss_capability(sdata,
3152 			le16_to_cpu(mgmt->u.beacon.capab_info),
3153 			erp_valid, erp_value);
3154 
3155 	mutex_lock(&local->sta_mtx);
3156 	sta = sta_info_get(sdata, bssid);
3157 
3158 	if (ieee80211_config_bw(sdata, sta, elems.ht_operation,
3159 				elems.vht_operation, bssid, &changed)) {
3160 		mutex_unlock(&local->sta_mtx);
3161 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3162 				       WLAN_REASON_DEAUTH_LEAVING,
3163 				       true, deauth_buf);
3164 		cfg80211_tx_mlme_mgmt(sdata->dev, deauth_buf,
3165 				      sizeof(deauth_buf));
3166 		return;
3167 	}
3168 
3169 	if (sta && elems.opmode_notif)
3170 		ieee80211_vht_handle_opmode(sdata, sta, *elems.opmode_notif,
3171 					    rx_status->band, true);
3172 	mutex_unlock(&local->sta_mtx);
3173 
3174 	if (elems.country_elem && elems.pwr_constr_elem &&
3175 	    mgmt->u.probe_resp.capab_info &
3176 				cpu_to_le16(WLAN_CAPABILITY_SPECTRUM_MGMT))
3177 		changed |= ieee80211_handle_pwr_constr(sdata, chan,
3178 						       elems.country_elem,
3179 						       elems.country_elem_len,
3180 						       elems.pwr_constr_elem);
3181 
3182 	ieee80211_bss_info_change_notify(sdata, changed);
3183 }
3184 
3185 void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3186 				  struct sk_buff *skb)
3187 {
3188 	struct ieee80211_rx_status *rx_status;
3189 	struct ieee80211_mgmt *mgmt;
3190 	u16 fc;
3191 	struct ieee802_11_elems elems;
3192 	int ies_len;
3193 
3194 	rx_status = (struct ieee80211_rx_status *) skb->cb;
3195 	mgmt = (struct ieee80211_mgmt *) skb->data;
3196 	fc = le16_to_cpu(mgmt->frame_control);
3197 
3198 	sdata_lock(sdata);
3199 
3200 	switch (fc & IEEE80211_FCTL_STYPE) {
3201 	case IEEE80211_STYPE_BEACON:
3202 		ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
3203 		break;
3204 	case IEEE80211_STYPE_PROBE_RESP:
3205 		ieee80211_rx_mgmt_probe_resp(sdata, skb);
3206 		break;
3207 	case IEEE80211_STYPE_AUTH:
3208 		ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
3209 		break;
3210 	case IEEE80211_STYPE_DEAUTH:
3211 		ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
3212 		break;
3213 	case IEEE80211_STYPE_DISASSOC:
3214 		ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
3215 		break;
3216 	case IEEE80211_STYPE_ASSOC_RESP:
3217 	case IEEE80211_STYPE_REASSOC_RESP:
3218 		ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len);
3219 		break;
3220 	case IEEE80211_STYPE_ACTION:
3221 		if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3222 			ies_len = skb->len -
3223 				  offsetof(struct ieee80211_mgmt,
3224 					   u.action.u.chan_switch.variable);
3225 
3226 			if (ies_len < 0)
3227 				break;
3228 
3229 			ieee802_11_parse_elems(
3230 				mgmt->u.action.u.chan_switch.variable,
3231 				ies_len, true, &elems);
3232 
3233 			if (elems.parse_error)
3234 				break;
3235 
3236 			ieee80211_sta_process_chanswitch(sdata,
3237 							 rx_status->mactime,
3238 							 &elems, false);
3239 		} else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3240 			ies_len = skb->len -
3241 				  offsetof(struct ieee80211_mgmt,
3242 					   u.action.u.ext_chan_switch.variable);
3243 
3244 			if (ies_len < 0)
3245 				break;
3246 
3247 			ieee802_11_parse_elems(
3248 				mgmt->u.action.u.ext_chan_switch.variable,
3249 				ies_len, true, &elems);
3250 
3251 			if (elems.parse_error)
3252 				break;
3253 
3254 			/* for the handling code pretend this was also an IE */
3255 			elems.ext_chansw_ie =
3256 				&mgmt->u.action.u.ext_chan_switch.data;
3257 
3258 			ieee80211_sta_process_chanswitch(sdata,
3259 							 rx_status->mactime,
3260 							 &elems, false);
3261 		}
3262 		break;
3263 	}
3264 	sdata_unlock(sdata);
3265 }
3266 
3267 static void ieee80211_sta_timer(unsigned long data)
3268 {
3269 	struct ieee80211_sub_if_data *sdata =
3270 		(struct ieee80211_sub_if_data *) data;
3271 
3272 	ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3273 }
3274 
3275 static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
3276 					  u8 *bssid, u8 reason, bool tx)
3277 {
3278 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3279 
3280 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
3281 			       tx, frame_buf);
3282 
3283 	cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3284 			      IEEE80211_DEAUTH_FRAME_LEN);
3285 }
3286 
3287 static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
3288 {
3289 	struct ieee80211_local *local = sdata->local;
3290 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3291 	struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
3292 	u32 tx_flags = 0;
3293 
3294 	sdata_assert_lock(sdata);
3295 
3296 	if (WARN_ON_ONCE(!auth_data))
3297 		return -EINVAL;
3298 
3299 	auth_data->tries++;
3300 
3301 	if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
3302 		sdata_info(sdata, "authentication with %pM timed out\n",
3303 			   auth_data->bss->bssid);
3304 
3305 		/*
3306 		 * Most likely AP is not in the range so remove the
3307 		 * bss struct for that AP.
3308 		 */
3309 		cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
3310 
3311 		return -ETIMEDOUT;
3312 	}
3313 
3314 	drv_mgd_prepare_tx(local, sdata);
3315 
3316 	if (auth_data->bss->proberesp_ies) {
3317 		u16 trans = 1;
3318 		u16 status = 0;
3319 
3320 		sdata_info(sdata, "send auth to %pM (try %d/%d)\n",
3321 			   auth_data->bss->bssid, auth_data->tries,
3322 			   IEEE80211_AUTH_MAX_TRIES);
3323 
3324 		auth_data->expected_transaction = 2;
3325 
3326 		if (auth_data->algorithm == WLAN_AUTH_SAE) {
3327 			trans = auth_data->sae_trans;
3328 			status = auth_data->sae_status;
3329 			auth_data->expected_transaction = trans;
3330 		}
3331 
3332 		if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3333 			tx_flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
3334 				   IEEE80211_TX_INTFL_MLME_CONN_TX;
3335 
3336 		ieee80211_send_auth(sdata, trans, auth_data->algorithm, status,
3337 				    auth_data->data, auth_data->data_len,
3338 				    auth_data->bss->bssid,
3339 				    auth_data->bss->bssid, NULL, 0, 0,
3340 				    tx_flags);
3341 	} else {
3342 		const u8 *ssidie;
3343 
3344 		sdata_info(sdata, "direct probe to %pM (try %d/%i)\n",
3345 			   auth_data->bss->bssid, auth_data->tries,
3346 			   IEEE80211_AUTH_MAX_TRIES);
3347 
3348 		rcu_read_lock();
3349 		ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
3350 		if (!ssidie) {
3351 			rcu_read_unlock();
3352 			return -EINVAL;
3353 		}
3354 		/*
3355 		 * Direct probe is sent to broadcast address as some APs
3356 		 * will not answer to direct packet in unassociated state.
3357 		 */
3358 		ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
3359 					 NULL, 0, (u32) -1, true, 0,
3360 					 auth_data->bss->channel, false);
3361 		rcu_read_unlock();
3362 	}
3363 
3364 	if (tx_flags == 0) {
3365 		auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
3366 		auth_data->timeout_started = true;
3367 		run_again(sdata, auth_data->timeout);
3368 	} else {
3369 		auth_data->timeout =
3370 			round_jiffies_up(jiffies + IEEE80211_AUTH_TIMEOUT_LONG);
3371 		auth_data->timeout_started = true;
3372 		run_again(sdata, auth_data->timeout);
3373 	}
3374 
3375 	return 0;
3376 }
3377 
3378 static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
3379 {
3380 	struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
3381 	struct ieee80211_local *local = sdata->local;
3382 
3383 	sdata_assert_lock(sdata);
3384 
3385 	assoc_data->tries++;
3386 	if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
3387 		sdata_info(sdata, "association with %pM timed out\n",
3388 			   assoc_data->bss->bssid);
3389 
3390 		/*
3391 		 * Most likely AP is not in the range so remove the
3392 		 * bss struct for that AP.
3393 		 */
3394 		cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
3395 
3396 		return -ETIMEDOUT;
3397 	}
3398 
3399 	sdata_info(sdata, "associate with %pM (try %d/%d)\n",
3400 		   assoc_data->bss->bssid, assoc_data->tries,
3401 		   IEEE80211_ASSOC_MAX_TRIES);
3402 	ieee80211_send_assoc(sdata);
3403 
3404 	if (!(local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)) {
3405 		assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
3406 		assoc_data->timeout_started = true;
3407 		run_again(sdata, assoc_data->timeout);
3408 	} else {
3409 		assoc_data->timeout =
3410 			round_jiffies_up(jiffies +
3411 					 IEEE80211_ASSOC_TIMEOUT_LONG);
3412 		assoc_data->timeout_started = true;
3413 		run_again(sdata, assoc_data->timeout);
3414 	}
3415 
3416 	return 0;
3417 }
3418 
3419 void ieee80211_mgd_conn_tx_status(struct ieee80211_sub_if_data *sdata,
3420 				  __le16 fc, bool acked)
3421 {
3422 	struct ieee80211_local *local = sdata->local;
3423 
3424 	sdata->u.mgd.status_fc = fc;
3425 	sdata->u.mgd.status_acked = acked;
3426 	sdata->u.mgd.status_received = true;
3427 
3428 	ieee80211_queue_work(&local->hw, &sdata->work);
3429 }
3430 
3431 void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
3432 {
3433 	struct ieee80211_local *local = sdata->local;
3434 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3435 
3436 	sdata_lock(sdata);
3437 
3438 	if (ifmgd->status_received) {
3439 		__le16 fc = ifmgd->status_fc;
3440 		bool status_acked = ifmgd->status_acked;
3441 
3442 		ifmgd->status_received = false;
3443 		if (ifmgd->auth_data &&
3444 		    (ieee80211_is_probe_req(fc) || ieee80211_is_auth(fc))) {
3445 			if (status_acked) {
3446 				ifmgd->auth_data->timeout =
3447 					jiffies + IEEE80211_AUTH_TIMEOUT_SHORT;
3448 				run_again(sdata, ifmgd->auth_data->timeout);
3449 			} else {
3450 				ifmgd->auth_data->timeout = jiffies - 1;
3451 			}
3452 			ifmgd->auth_data->timeout_started = true;
3453 		} else if (ifmgd->assoc_data &&
3454 			   (ieee80211_is_assoc_req(fc) ||
3455 			    ieee80211_is_reassoc_req(fc))) {
3456 			if (status_acked) {
3457 				ifmgd->assoc_data->timeout =
3458 					jiffies + IEEE80211_ASSOC_TIMEOUT_SHORT;
3459 				run_again(sdata, ifmgd->assoc_data->timeout);
3460 			} else {
3461 				ifmgd->assoc_data->timeout = jiffies - 1;
3462 			}
3463 			ifmgd->assoc_data->timeout_started = true;
3464 		}
3465 	}
3466 
3467 	if (ifmgd->auth_data && ifmgd->auth_data->timeout_started &&
3468 	    time_after(jiffies, ifmgd->auth_data->timeout)) {
3469 		if (ifmgd->auth_data->done) {
3470 			/*
3471 			 * ok ... we waited for assoc but userspace didn't,
3472 			 * so let's just kill the auth data
3473 			 */
3474 			ieee80211_destroy_auth_data(sdata, false);
3475 		} else if (ieee80211_probe_auth(sdata)) {
3476 			u8 bssid[ETH_ALEN];
3477 
3478 			memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
3479 
3480 			ieee80211_destroy_auth_data(sdata, false);
3481 
3482 			cfg80211_auth_timeout(sdata->dev, bssid);
3483 		}
3484 	} else if (ifmgd->auth_data && ifmgd->auth_data->timeout_started)
3485 		run_again(sdata, ifmgd->auth_data->timeout);
3486 
3487 	if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started &&
3488 	    time_after(jiffies, ifmgd->assoc_data->timeout)) {
3489 		if ((ifmgd->assoc_data->need_beacon && !ifmgd->have_beacon) ||
3490 		    ieee80211_do_assoc(sdata)) {
3491 			struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
3492 
3493 			ieee80211_destroy_assoc_data(sdata, false);
3494 			cfg80211_assoc_timeout(sdata->dev, bss);
3495 		}
3496 	} else if (ifmgd->assoc_data && ifmgd->assoc_data->timeout_started)
3497 		run_again(sdata, ifmgd->assoc_data->timeout);
3498 
3499 	if (ifmgd->flags & IEEE80211_STA_CONNECTION_POLL &&
3500 	    ifmgd->associated) {
3501 		u8 bssid[ETH_ALEN];
3502 		int max_tries;
3503 
3504 		memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
3505 
3506 		if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
3507 			max_tries = max_nullfunc_tries;
3508 		else
3509 			max_tries = max_probe_tries;
3510 
3511 		/* ACK received for nullfunc probing frame */
3512 		if (!ifmgd->probe_send_count)
3513 			ieee80211_reset_ap_probe(sdata);
3514 		else if (ifmgd->nullfunc_failed) {
3515 			if (ifmgd->probe_send_count < max_tries) {
3516 				mlme_dbg(sdata,
3517 					 "No ack for nullfunc frame to AP %pM, try %d/%i\n",
3518 					 bssid, ifmgd->probe_send_count,
3519 					 max_tries);
3520 				ieee80211_mgd_probe_ap_send(sdata);
3521 			} else {
3522 				mlme_dbg(sdata,
3523 					 "No ack for nullfunc frame to AP %pM, disconnecting.\n",
3524 					 bssid);
3525 				ieee80211_sta_connection_lost(sdata, bssid,
3526 					WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
3527 					false);
3528 			}
3529 		} else if (time_is_after_jiffies(ifmgd->probe_timeout))
3530 			run_again(sdata, ifmgd->probe_timeout);
3531 		else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
3532 			mlme_dbg(sdata,
3533 				 "Failed to send nullfunc to AP %pM after %dms, disconnecting\n",
3534 				 bssid, probe_wait_ms);
3535 			ieee80211_sta_connection_lost(sdata, bssid,
3536 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3537 		} else if (ifmgd->probe_send_count < max_tries) {
3538 			mlme_dbg(sdata,
3539 				 "No probe response from AP %pM after %dms, try %d/%i\n",
3540 				 bssid, probe_wait_ms,
3541 				 ifmgd->probe_send_count, max_tries);
3542 			ieee80211_mgd_probe_ap_send(sdata);
3543 		} else {
3544 			/*
3545 			 * We actually lost the connection ... or did we?
3546 			 * Let's make sure!
3547 			 */
3548 			wiphy_debug(local->hw.wiphy,
3549 				    "%s: No probe response from AP %pM"
3550 				    " after %dms, disconnecting.\n",
3551 				    sdata->name,
3552 				    bssid, probe_wait_ms);
3553 
3554 			ieee80211_sta_connection_lost(sdata, bssid,
3555 				WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false);
3556 		}
3557 	}
3558 
3559 	sdata_unlock(sdata);
3560 }
3561 
3562 static void ieee80211_sta_bcn_mon_timer(unsigned long data)
3563 {
3564 	struct ieee80211_sub_if_data *sdata =
3565 		(struct ieee80211_sub_if_data *) data;
3566 	struct ieee80211_local *local = sdata->local;
3567 
3568 	if (local->quiescing)
3569 		return;
3570 
3571 	if (sdata->vif.csa_active)
3572 		return;
3573 
3574 	sdata->u.mgd.connection_loss = false;
3575 	ieee80211_queue_work(&sdata->local->hw,
3576 			     &sdata->u.mgd.beacon_connection_loss_work);
3577 }
3578 
3579 static void ieee80211_sta_conn_mon_timer(unsigned long data)
3580 {
3581 	struct ieee80211_sub_if_data *sdata =
3582 		(struct ieee80211_sub_if_data *) data;
3583 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3584 	struct ieee80211_local *local = sdata->local;
3585 
3586 	if (local->quiescing)
3587 		return;
3588 
3589 	if (sdata->vif.csa_active)
3590 		return;
3591 
3592 	ieee80211_queue_work(&local->hw, &ifmgd->monitor_work);
3593 }
3594 
3595 static void ieee80211_sta_monitor_work(struct work_struct *work)
3596 {
3597 	struct ieee80211_sub_if_data *sdata =
3598 		container_of(work, struct ieee80211_sub_if_data,
3599 			     u.mgd.monitor_work);
3600 
3601 	ieee80211_mgd_probe_ap(sdata, false);
3602 }
3603 
3604 static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
3605 {
3606 	u32 flags;
3607 
3608 	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
3609 		__ieee80211_stop_poll(sdata);
3610 
3611 		/* let's probe the connection once */
3612 		flags = sdata->local->hw.flags;
3613 		if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
3614 			ieee80211_queue_work(&sdata->local->hw,
3615 					     &sdata->u.mgd.monitor_work);
3616 		/* and do all the other regular work too */
3617 		ieee80211_queue_work(&sdata->local->hw, &sdata->work);
3618 	}
3619 }
3620 
3621 #ifdef CONFIG_PM
3622 void ieee80211_mgd_quiesce(struct ieee80211_sub_if_data *sdata)
3623 {
3624 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3625 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
3626 
3627 	sdata_lock(sdata);
3628 
3629 	if (ifmgd->auth_data || ifmgd->assoc_data) {
3630 		const u8 *bssid = ifmgd->auth_data ?
3631 				ifmgd->auth_data->bss->bssid :
3632 				ifmgd->assoc_data->bss->bssid;
3633 
3634 		/*
3635 		 * If we are trying to authenticate / associate while suspending,
3636 		 * cfg80211 won't know and won't actually abort those attempts,
3637 		 * thus we need to do that ourselves.
3638 		 */
3639 		ieee80211_send_deauth_disassoc(sdata, bssid,
3640 					       IEEE80211_STYPE_DEAUTH,
3641 					       WLAN_REASON_DEAUTH_LEAVING,
3642 					       false, frame_buf);
3643 		if (ifmgd->assoc_data)
3644 			ieee80211_destroy_assoc_data(sdata, false);
3645 		if (ifmgd->auth_data)
3646 			ieee80211_destroy_auth_data(sdata, false);
3647 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
3648 				      IEEE80211_DEAUTH_FRAME_LEN);
3649 	}
3650 
3651 	sdata_unlock(sdata);
3652 }
3653 
3654 void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
3655 {
3656 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3657 
3658 	sdata_lock(sdata);
3659 	if (!ifmgd->associated) {
3660 		sdata_unlock(sdata);
3661 		return;
3662 	}
3663 
3664 	if (sdata->flags & IEEE80211_SDATA_DISCONNECT_RESUME) {
3665 		sdata->flags &= ~IEEE80211_SDATA_DISCONNECT_RESUME;
3666 		mlme_dbg(sdata, "driver requested disconnect after resume\n");
3667 		ieee80211_sta_connection_lost(sdata,
3668 					      ifmgd->associated->bssid,
3669 					      WLAN_REASON_UNSPECIFIED,
3670 					      true);
3671 		sdata_unlock(sdata);
3672 		return;
3673 	}
3674 	sdata_unlock(sdata);
3675 }
3676 #endif
3677 
3678 /* interface setup */
3679 void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3680 {
3681 	struct ieee80211_if_managed *ifmgd;
3682 
3683 	ifmgd = &sdata->u.mgd;
3684 	INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
3685 	INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
3686 	INIT_WORK(&ifmgd->beacon_connection_loss_work,
3687 		  ieee80211_beacon_connection_loss_work);
3688 	INIT_WORK(&ifmgd->csa_connection_drop_work,
3689 		  ieee80211_csa_connection_drop_work);
3690 	INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_mgd_work);
3691 	setup_timer(&ifmgd->timer, ieee80211_sta_timer,
3692 		    (unsigned long) sdata);
3693 	setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
3694 		    (unsigned long) sdata);
3695 	setup_timer(&ifmgd->conn_mon_timer, ieee80211_sta_conn_mon_timer,
3696 		    (unsigned long) sdata);
3697 	setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
3698 		    (unsigned long) sdata);
3699 
3700 	ifmgd->flags = 0;
3701 	ifmgd->powersave = sdata->wdev.ps;
3702 	ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3703 	ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3704 	ifmgd->p2p_noa_index = -1;
3705 
3706 	if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
3707 		ifmgd->req_smps = IEEE80211_SMPS_AUTOMATIC;
3708 	else
3709 		ifmgd->req_smps = IEEE80211_SMPS_OFF;
3710 }
3711 
3712 /* scan finished notification */
3713 void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3714 {
3715 	struct ieee80211_sub_if_data *sdata;
3716 
3717 	/* Restart STA timers */
3718 	rcu_read_lock();
3719 	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3720 		if (ieee80211_sdata_running(sdata))
3721 			ieee80211_restart_sta_timer(sdata);
3722 	}
3723 	rcu_read_unlock();
3724 }
3725 
3726 int ieee80211_max_network_latency(struct notifier_block *nb,
3727 				  unsigned long data, void *dummy)
3728 {
3729 	s32 latency_usec = (s32) data;
3730 	struct ieee80211_local *local =
3731 		container_of(nb, struct ieee80211_local,
3732 			     network_latency_notifier);
3733 
3734 	mutex_lock(&local->iflist_mtx);
3735 	ieee80211_recalc_ps(local, latency_usec);
3736 	mutex_unlock(&local->iflist_mtx);
3737 
3738 	return NOTIFY_OK;
3739 }
3740 
3741 static u8 ieee80211_ht_vht_rx_chains(struct ieee80211_sub_if_data *sdata,
3742 				     struct cfg80211_bss *cbss)
3743 {
3744 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3745 	const u8 *ht_cap_ie, *vht_cap_ie;
3746 	const struct ieee80211_ht_cap *ht_cap;
3747 	const struct ieee80211_vht_cap *vht_cap;
3748 	u8 chains = 1;
3749 
3750 	if (ifmgd->flags & IEEE80211_STA_DISABLE_HT)
3751 		return chains;
3752 
3753 	ht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3754 	if (ht_cap_ie && ht_cap_ie[1] >= sizeof(*ht_cap)) {
3755 		ht_cap = (void *)(ht_cap_ie + 2);
3756 		chains = ieee80211_mcs_to_chains(&ht_cap->mcs);
3757 		/*
3758 		 * TODO: use "Tx Maximum Number Spatial Streams Supported" and
3759 		 *	 "Tx Unequal Modulation Supported" fields.
3760 		 */
3761 	}
3762 
3763 	if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
3764 		return chains;
3765 
3766 	vht_cap_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3767 	if (vht_cap_ie && vht_cap_ie[1] >= sizeof(*vht_cap)) {
3768 		u8 nss;
3769 		u16 tx_mcs_map;
3770 
3771 		vht_cap = (void *)(vht_cap_ie + 2);
3772 		tx_mcs_map = le16_to_cpu(vht_cap->supp_mcs.tx_mcs_map);
3773 		for (nss = 8; nss > 0; nss--) {
3774 			if (((tx_mcs_map >> (2 * (nss - 1))) & 3) !=
3775 					IEEE80211_VHT_MCS_NOT_SUPPORTED)
3776 				break;
3777 		}
3778 		/* TODO: use "Tx Highest Supported Long GI Data Rate" field? */
3779 		chains = max(chains, nss);
3780 	}
3781 
3782 	return chains;
3783 }
3784 
3785 static int ieee80211_prep_channel(struct ieee80211_sub_if_data *sdata,
3786 				  struct cfg80211_bss *cbss)
3787 {
3788 	struct ieee80211_local *local = sdata->local;
3789 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3790 	const struct ieee80211_ht_operation *ht_oper = NULL;
3791 	const struct ieee80211_vht_operation *vht_oper = NULL;
3792 	struct ieee80211_supported_band *sband;
3793 	struct cfg80211_chan_def chandef;
3794 	int ret;
3795 
3796 	sband = local->hw.wiphy->bands[cbss->channel->band];
3797 
3798 	ifmgd->flags &= ~(IEEE80211_STA_DISABLE_40MHZ |
3799 			  IEEE80211_STA_DISABLE_80P80MHZ |
3800 			  IEEE80211_STA_DISABLE_160MHZ);
3801 
3802 	rcu_read_lock();
3803 
3804 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT) &&
3805 	    sband->ht_cap.ht_supported) {
3806 		const u8 *ht_oper_ie, *ht_cap;
3807 
3808 		ht_oper_ie = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_OPERATION);
3809 		if (ht_oper_ie && ht_oper_ie[1] >= sizeof(*ht_oper))
3810 			ht_oper = (void *)(ht_oper_ie + 2);
3811 
3812 		ht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_HT_CAPABILITY);
3813 		if (!ht_cap || ht_cap[1] < sizeof(struct ieee80211_ht_cap)) {
3814 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3815 			ht_oper = NULL;
3816 		}
3817 	}
3818 
3819 	if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT) &&
3820 	    sband->vht_cap.vht_supported) {
3821 		const u8 *vht_oper_ie, *vht_cap;
3822 
3823 		vht_oper_ie = ieee80211_bss_get_ie(cbss,
3824 						   WLAN_EID_VHT_OPERATION);
3825 		if (vht_oper_ie && vht_oper_ie[1] >= sizeof(*vht_oper))
3826 			vht_oper = (void *)(vht_oper_ie + 2);
3827 		if (vht_oper && !ht_oper) {
3828 			vht_oper = NULL;
3829 			sdata_info(sdata,
3830 				   "AP advertised VHT without HT, disabling both\n");
3831 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
3832 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3833 		}
3834 
3835 		vht_cap = ieee80211_bss_get_ie(cbss, WLAN_EID_VHT_CAPABILITY);
3836 		if (!vht_cap || vht_cap[1] < sizeof(struct ieee80211_vht_cap)) {
3837 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
3838 			vht_oper = NULL;
3839 		}
3840 	}
3841 
3842 	ifmgd->flags |= ieee80211_determine_chantype(sdata, sband,
3843 						     cbss->channel,
3844 						     ht_oper, vht_oper,
3845 						     &chandef, false);
3846 
3847 	sdata->needed_rx_chains = min(ieee80211_ht_vht_rx_chains(sdata, cbss),
3848 				      local->rx_chains);
3849 
3850 	rcu_read_unlock();
3851 
3852 	/* will change later if needed */
3853 	sdata->smps_mode = IEEE80211_SMPS_OFF;
3854 
3855 	mutex_lock(&local->mtx);
3856 	/*
3857 	 * If this fails (possibly due to channel context sharing
3858 	 * on incompatible channels, e.g. 80+80 and 160 sharing the
3859 	 * same control channel) try to use a smaller bandwidth.
3860 	 */
3861 	ret = ieee80211_vif_use_channel(sdata, &chandef,
3862 					IEEE80211_CHANCTX_SHARED);
3863 
3864 	/* don't downgrade for 5 and 10 MHz channels, though. */
3865 	if (chandef.width == NL80211_CHAN_WIDTH_5 ||
3866 	    chandef.width == NL80211_CHAN_WIDTH_10)
3867 		goto out;
3868 
3869 	while (ret && chandef.width != NL80211_CHAN_WIDTH_20_NOHT) {
3870 		ifmgd->flags |= ieee80211_chandef_downgrade(&chandef);
3871 		ret = ieee80211_vif_use_channel(sdata, &chandef,
3872 						IEEE80211_CHANCTX_SHARED);
3873 	}
3874  out:
3875 	mutex_unlock(&local->mtx);
3876 	return ret;
3877 }
3878 
3879 static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
3880 				     struct cfg80211_bss *cbss, bool assoc)
3881 {
3882 	struct ieee80211_local *local = sdata->local;
3883 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3884 	struct ieee80211_bss *bss = (void *)cbss->priv;
3885 	struct sta_info *new_sta = NULL;
3886 	bool have_sta = false;
3887 	int err;
3888 
3889 	if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
3890 		return -EINVAL;
3891 
3892 	if (assoc) {
3893 		rcu_read_lock();
3894 		have_sta = sta_info_get(sdata, cbss->bssid);
3895 		rcu_read_unlock();
3896 	}
3897 
3898 	if (!have_sta) {
3899 		new_sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
3900 		if (!new_sta)
3901 			return -ENOMEM;
3902 	}
3903 	if (new_sta) {
3904 		u32 rates = 0, basic_rates = 0;
3905 		bool have_higher_than_11mbit;
3906 		int min_rate = INT_MAX, min_rate_index = -1;
3907 		struct ieee80211_chanctx_conf *chanctx_conf;
3908 		struct ieee80211_supported_band *sband;
3909 		const struct cfg80211_bss_ies *ies;
3910 		int shift;
3911 		u32 rate_flags;
3912 
3913 		sband = local->hw.wiphy->bands[cbss->channel->band];
3914 
3915 		err = ieee80211_prep_channel(sdata, cbss);
3916 		if (err) {
3917 			sta_info_free(local, new_sta);
3918 			return -EINVAL;
3919 		}
3920 		shift = ieee80211_vif_get_shift(&sdata->vif);
3921 
3922 		rcu_read_lock();
3923 		chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3924 		if (WARN_ON(!chanctx_conf)) {
3925 			rcu_read_unlock();
3926 			sta_info_free(local, new_sta);
3927 			return -EINVAL;
3928 		}
3929 		rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
3930 		rcu_read_unlock();
3931 
3932 		ieee80211_get_rates(sband, bss->supp_rates,
3933 				    bss->supp_rates_len,
3934 				    &rates, &basic_rates,
3935 				    &have_higher_than_11mbit,
3936 				    &min_rate, &min_rate_index,
3937 				    shift, rate_flags);
3938 
3939 		/*
3940 		 * This used to be a workaround for basic rates missing
3941 		 * in the association response frame. Now that we no
3942 		 * longer use the basic rates from there, it probably
3943 		 * doesn't happen any more, but keep the workaround so
3944 		 * in case some *other* APs are buggy in different ways
3945 		 * we can connect -- with a warning.
3946 		 */
3947 		if (!basic_rates && min_rate_index >= 0) {
3948 			sdata_info(sdata,
3949 				   "No basic rates, using min rate instead\n");
3950 			basic_rates = BIT(min_rate_index);
3951 		}
3952 
3953 		new_sta->sta.supp_rates[cbss->channel->band] = rates;
3954 		sdata->vif.bss_conf.basic_rates = basic_rates;
3955 
3956 		/* cf. IEEE 802.11 9.2.12 */
3957 		if (cbss->channel->band == IEEE80211_BAND_2GHZ &&
3958 		    have_higher_than_11mbit)
3959 			sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3960 		else
3961 			sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
3962 
3963 		memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
3964 
3965 		/* set timing information */
3966 		sdata->vif.bss_conf.beacon_int = cbss->beacon_interval;
3967 		rcu_read_lock();
3968 		ies = rcu_dereference(cbss->beacon_ies);
3969 		if (ies) {
3970 			const u8 *tim_ie;
3971 
3972 			sdata->vif.bss_conf.sync_tsf = ies->tsf;
3973 			sdata->vif.bss_conf.sync_device_ts =
3974 				bss->device_ts_beacon;
3975 			tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
3976 						  ies->data, ies->len);
3977 			if (tim_ie && tim_ie[1] >= 2)
3978 				sdata->vif.bss_conf.sync_dtim_count = tim_ie[2];
3979 			else
3980 				sdata->vif.bss_conf.sync_dtim_count = 0;
3981 		} else if (!(local->hw.flags &
3982 					IEEE80211_HW_TIMING_BEACON_ONLY)) {
3983 			ies = rcu_dereference(cbss->proberesp_ies);
3984 			/* must be non-NULL since beacon IEs were NULL */
3985 			sdata->vif.bss_conf.sync_tsf = ies->tsf;
3986 			sdata->vif.bss_conf.sync_device_ts =
3987 				bss->device_ts_presp;
3988 			sdata->vif.bss_conf.sync_dtim_count = 0;
3989 		} else {
3990 			sdata->vif.bss_conf.sync_tsf = 0;
3991 			sdata->vif.bss_conf.sync_device_ts = 0;
3992 			sdata->vif.bss_conf.sync_dtim_count = 0;
3993 		}
3994 		rcu_read_unlock();
3995 
3996 		/* tell driver about BSSID, basic rates and timing */
3997 		ieee80211_bss_info_change_notify(sdata,
3998 			BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES |
3999 			BSS_CHANGED_BEACON_INT);
4000 
4001 		if (assoc)
4002 			sta_info_pre_move_state(new_sta, IEEE80211_STA_AUTH);
4003 
4004 		err = sta_info_insert(new_sta);
4005 		new_sta = NULL;
4006 		if (err) {
4007 			sdata_info(sdata,
4008 				   "failed to insert STA entry for the AP (error %d)\n",
4009 				   err);
4010 			return err;
4011 		}
4012 	} else
4013 		WARN_ON_ONCE(!ether_addr_equal(ifmgd->bssid, cbss->bssid));
4014 
4015 	return 0;
4016 }
4017 
4018 /* config hooks */
4019 int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
4020 		       struct cfg80211_auth_request *req)
4021 {
4022 	struct ieee80211_local *local = sdata->local;
4023 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4024 	struct ieee80211_mgd_auth_data *auth_data;
4025 	u16 auth_alg;
4026 	int err;
4027 
4028 	/* prepare auth data structure */
4029 
4030 	switch (req->auth_type) {
4031 	case NL80211_AUTHTYPE_OPEN_SYSTEM:
4032 		auth_alg = WLAN_AUTH_OPEN;
4033 		break;
4034 	case NL80211_AUTHTYPE_SHARED_KEY:
4035 		if (IS_ERR(local->wep_tx_tfm))
4036 			return -EOPNOTSUPP;
4037 		auth_alg = WLAN_AUTH_SHARED_KEY;
4038 		break;
4039 	case NL80211_AUTHTYPE_FT:
4040 		auth_alg = WLAN_AUTH_FT;
4041 		break;
4042 	case NL80211_AUTHTYPE_NETWORK_EAP:
4043 		auth_alg = WLAN_AUTH_LEAP;
4044 		break;
4045 	case NL80211_AUTHTYPE_SAE:
4046 		auth_alg = WLAN_AUTH_SAE;
4047 		break;
4048 	default:
4049 		return -EOPNOTSUPP;
4050 	}
4051 
4052 	auth_data = kzalloc(sizeof(*auth_data) + req->sae_data_len +
4053 			    req->ie_len, GFP_KERNEL);
4054 	if (!auth_data)
4055 		return -ENOMEM;
4056 
4057 	auth_data->bss = req->bss;
4058 
4059 	if (req->sae_data_len >= 4) {
4060 		__le16 *pos = (__le16 *) req->sae_data;
4061 		auth_data->sae_trans = le16_to_cpu(pos[0]);
4062 		auth_data->sae_status = le16_to_cpu(pos[1]);
4063 		memcpy(auth_data->data, req->sae_data + 4,
4064 		       req->sae_data_len - 4);
4065 		auth_data->data_len += req->sae_data_len - 4;
4066 	}
4067 
4068 	if (req->ie && req->ie_len) {
4069 		memcpy(&auth_data->data[auth_data->data_len],
4070 		       req->ie, req->ie_len);
4071 		auth_data->data_len += req->ie_len;
4072 	}
4073 
4074 	if (req->key && req->key_len) {
4075 		auth_data->key_len = req->key_len;
4076 		auth_data->key_idx = req->key_idx;
4077 		memcpy(auth_data->key, req->key, req->key_len);
4078 	}
4079 
4080 	auth_data->algorithm = auth_alg;
4081 
4082 	/* try to authenticate/probe */
4083 
4084 	if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
4085 	    ifmgd->assoc_data) {
4086 		err = -EBUSY;
4087 		goto err_free;
4088 	}
4089 
4090 	if (ifmgd->auth_data)
4091 		ieee80211_destroy_auth_data(sdata, false);
4092 
4093 	/* prep auth_data so we don't go into idle on disassoc */
4094 	ifmgd->auth_data = auth_data;
4095 
4096 	if (ifmgd->associated) {
4097 		u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4098 
4099 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4100 				       WLAN_REASON_UNSPECIFIED,
4101 				       false, frame_buf);
4102 
4103 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4104 				      sizeof(frame_buf));
4105 	}
4106 
4107 	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
4108 
4109 	err = ieee80211_prep_connection(sdata, req->bss, false);
4110 	if (err)
4111 		goto err_clear;
4112 
4113 	err = ieee80211_probe_auth(sdata);
4114 	if (err) {
4115 		sta_info_destroy_addr(sdata, req->bss->bssid);
4116 		goto err_clear;
4117 	}
4118 
4119 	/* hold our own reference */
4120 	cfg80211_ref_bss(local->hw.wiphy, auth_data->bss);
4121 	return 0;
4122 
4123  err_clear:
4124 	memset(ifmgd->bssid, 0, ETH_ALEN);
4125 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4126 	ifmgd->auth_data = NULL;
4127  err_free:
4128 	kfree(auth_data);
4129 	return err;
4130 }
4131 
4132 static bool ieee80211_usable_wmm_params(struct ieee80211_sub_if_data *sdata,
4133 					const u8 *wmm_param, int len)
4134 {
4135 	const u8 *pos;
4136 	size_t left;
4137 
4138 	if (len < 8)
4139 		return false;
4140 
4141 	if (wmm_param[5] != 1 /* version */)
4142 		return false;
4143 
4144 	pos = wmm_param + 8;
4145 	left = len - 8;
4146 
4147 	for (; left >= 4; left -= 4, pos += 4) {
4148 		u8 aifsn = pos[0] & 0x0f;
4149 		u8 ecwmin = pos[1] & 0x0f;
4150 		u8 ecwmax = (pos[1] & 0xf0) >> 4;
4151 		int aci = (pos[0] >> 5) & 0x03;
4152 
4153 		if (aifsn < 2) {
4154 			sdata_info(sdata,
4155 				   "AP has invalid WMM params (AIFSN=%d for ACI %d), disabling WMM\n",
4156 				   aifsn, aci);
4157 			return false;
4158 		}
4159 		if (ecwmin > ecwmax) {
4160 			sdata_info(sdata,
4161 				   "AP has invalid WMM params (ECWmin/max=%d/%d for ACI %d), disabling WMM\n",
4162 				   ecwmin, ecwmax, aci);
4163 			return false;
4164 		}
4165 	}
4166 
4167 	return true;
4168 }
4169 
4170 int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4171 			struct cfg80211_assoc_request *req)
4172 {
4173 	struct ieee80211_local *local = sdata->local;
4174 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4175 	struct ieee80211_bss *bss = (void *)req->bss->priv;
4176 	struct ieee80211_mgd_assoc_data *assoc_data;
4177 	const struct cfg80211_bss_ies *beacon_ies;
4178 	struct ieee80211_supported_band *sband;
4179 	const u8 *ssidie, *ht_ie, *vht_ie;
4180 	int i, err;
4181 
4182 	assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
4183 	if (!assoc_data)
4184 		return -ENOMEM;
4185 
4186 	rcu_read_lock();
4187 	ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
4188 	if (!ssidie) {
4189 		rcu_read_unlock();
4190 		kfree(assoc_data);
4191 		return -EINVAL;
4192 	}
4193 	memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
4194 	assoc_data->ssid_len = ssidie[1];
4195 	rcu_read_unlock();
4196 
4197 	if (ifmgd->associated) {
4198 		u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4199 
4200 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4201 				       WLAN_REASON_UNSPECIFIED,
4202 				       false, frame_buf);
4203 
4204 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4205 				      sizeof(frame_buf));
4206 	}
4207 
4208 	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4209 		err = -EBUSY;
4210 		goto err_free;
4211 	}
4212 
4213 	if (ifmgd->assoc_data) {
4214 		err = -EBUSY;
4215 		goto err_free;
4216 	}
4217 
4218 	if (ifmgd->auth_data) {
4219 		bool match;
4220 
4221 		/* keep sta info, bssid if matching */
4222 		match = ether_addr_equal(ifmgd->bssid, req->bss->bssid);
4223 		ieee80211_destroy_auth_data(sdata, match);
4224 	}
4225 
4226 	/* prepare assoc data */
4227 
4228 	ifmgd->beacon_crc_valid = false;
4229 
4230 	assoc_data->wmm = bss->wmm_used &&
4231 			  (local->hw.queues >= IEEE80211_NUM_ACS);
4232 	if (assoc_data->wmm) {
4233 		/* try to check validity of WMM params IE */
4234 		const struct cfg80211_bss_ies *ies;
4235 		const u8 *wp, *start, *end;
4236 
4237 		rcu_read_lock();
4238 		ies = rcu_dereference(req->bss->ies);
4239 		start = ies->data;
4240 		end = start + ies->len;
4241 
4242 		while (true) {
4243 			wp = cfg80211_find_vendor_ie(
4244 				WLAN_OUI_MICROSOFT,
4245 				WLAN_OUI_TYPE_MICROSOFT_WMM,
4246 				start, end - start);
4247 			if (!wp)
4248 				break;
4249 			start = wp + wp[1] + 2;
4250 			/* if this IE is too short, try the next */
4251 			if (wp[1] <= 4)
4252 				continue;
4253 			/* if this IE is WMM params, we found what we wanted */
4254 			if (wp[6] == 1)
4255 				break;
4256 		}
4257 
4258 		if (!wp || !ieee80211_usable_wmm_params(sdata, wp + 2,
4259 							wp[1] - 2)) {
4260 			assoc_data->wmm = false;
4261 			ifmgd->flags |= IEEE80211_STA_DISABLE_WMM;
4262 		}
4263 		rcu_read_unlock();
4264 	}
4265 
4266 	/*
4267 	 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
4268 	 * We still associate in non-HT mode (11a/b/g) if any one of these
4269 	 * ciphers is configured as pairwise.
4270 	 * We can set this to true for non-11n hardware, that'll be checked
4271 	 * separately along with the peer capabilities.
4272 	 */
4273 	for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) {
4274 		if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
4275 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
4276 		    req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) {
4277 			ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4278 			ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4279 			netdev_info(sdata->dev,
4280 				    "disabling HT/VHT due to WEP/TKIP use\n");
4281 		}
4282 	}
4283 
4284 	if (req->flags & ASSOC_REQ_DISABLE_HT) {
4285 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4286 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4287 	}
4288 
4289 	if (req->flags & ASSOC_REQ_DISABLE_VHT)
4290 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4291 
4292 	/* Also disable HT if we don't support it or the AP doesn't use WMM */
4293 	sband = local->hw.wiphy->bands[req->bss->channel->band];
4294 	if (!sband->ht_cap.ht_supported ||
4295 	    local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4296 	    ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4297 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4298 		if (!bss->wmm_used &&
4299 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4300 			netdev_info(sdata->dev,
4301 				    "disabling HT as WMM/QoS is not supported by the AP\n");
4302 	}
4303 
4304 	/* disable VHT if we don't support it or the AP doesn't use WMM */
4305 	if (!sband->vht_cap.vht_supported ||
4306 	    local->hw.queues < IEEE80211_NUM_ACS || !bss->wmm_used ||
4307 	    ifmgd->flags & IEEE80211_STA_DISABLE_WMM) {
4308 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4309 		if (!bss->wmm_used &&
4310 		    !(ifmgd->flags & IEEE80211_STA_DISABLE_WMM))
4311 			netdev_info(sdata->dev,
4312 				    "disabling VHT as WMM/QoS is not supported by the AP\n");
4313 	}
4314 
4315 	memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
4316 	memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
4317 	       sizeof(ifmgd->ht_capa_mask));
4318 
4319 	memcpy(&ifmgd->vht_capa, &req->vht_capa, sizeof(ifmgd->vht_capa));
4320 	memcpy(&ifmgd->vht_capa_mask, &req->vht_capa_mask,
4321 	       sizeof(ifmgd->vht_capa_mask));
4322 
4323 	if (req->ie && req->ie_len) {
4324 		memcpy(assoc_data->ie, req->ie, req->ie_len);
4325 		assoc_data->ie_len = req->ie_len;
4326 	}
4327 
4328 	assoc_data->bss = req->bss;
4329 
4330 	if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
4331 		if (ifmgd->powersave)
4332 			sdata->smps_mode = IEEE80211_SMPS_DYNAMIC;
4333 		else
4334 			sdata->smps_mode = IEEE80211_SMPS_OFF;
4335 	} else
4336 		sdata->smps_mode = ifmgd->req_smps;
4337 
4338 	assoc_data->capability = req->bss->capability;
4339 	assoc_data->supp_rates = bss->supp_rates;
4340 	assoc_data->supp_rates_len = bss->supp_rates_len;
4341 
4342 	rcu_read_lock();
4343 	ht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_OPERATION);
4344 	if (ht_ie && ht_ie[1] >= sizeof(struct ieee80211_ht_operation))
4345 		assoc_data->ap_ht_param =
4346 			((struct ieee80211_ht_operation *)(ht_ie + 2))->ht_param;
4347 	else
4348 		ifmgd->flags |= IEEE80211_STA_DISABLE_HT;
4349 	vht_ie = ieee80211_bss_get_ie(req->bss, WLAN_EID_VHT_CAPABILITY);
4350 	if (vht_ie && vht_ie[1] >= sizeof(struct ieee80211_vht_cap))
4351 		memcpy(&assoc_data->ap_vht_cap, vht_ie + 2,
4352 		       sizeof(struct ieee80211_vht_cap));
4353 	else
4354 		ifmgd->flags |= IEEE80211_STA_DISABLE_VHT;
4355 	rcu_read_unlock();
4356 
4357 	if (bss->wmm_used && bss->uapsd_supported &&
4358 	    (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4359 	    sdata->wmm_acm != 0xff) {
4360 		assoc_data->uapsd = true;
4361 		ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4362 	} else {
4363 		assoc_data->uapsd = false;
4364 		ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
4365 	}
4366 
4367 	if (req->prev_bssid)
4368 		memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
4369 
4370 	if (req->use_mfp) {
4371 		ifmgd->mfp = IEEE80211_MFP_REQUIRED;
4372 		ifmgd->flags |= IEEE80211_STA_MFP_ENABLED;
4373 	} else {
4374 		ifmgd->mfp = IEEE80211_MFP_DISABLED;
4375 		ifmgd->flags &= ~IEEE80211_STA_MFP_ENABLED;
4376 	}
4377 
4378 	if (req->crypto.control_port)
4379 		ifmgd->flags |= IEEE80211_STA_CONTROL_PORT;
4380 	else
4381 		ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
4382 
4383 	sdata->control_port_protocol = req->crypto.control_port_ethertype;
4384 	sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
4385 	sdata->encrypt_headroom = ieee80211_cs_headroom(local, &req->crypto,
4386 							sdata->vif.type);
4387 
4388 	/* kick off associate process */
4389 
4390 	ifmgd->assoc_data = assoc_data;
4391 	ifmgd->dtim_period = 0;
4392 	ifmgd->have_beacon = false;
4393 
4394 	err = ieee80211_prep_connection(sdata, req->bss, true);
4395 	if (err)
4396 		goto err_clear;
4397 
4398 	rcu_read_lock();
4399 	beacon_ies = rcu_dereference(req->bss->beacon_ies);
4400 
4401 	if (sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_BEFORE_ASSOC &&
4402 	    !beacon_ies) {
4403 		/*
4404 		 * Wait up to one beacon interval ...
4405 		 * should this be more if we miss one?
4406 		 */
4407 		sdata_info(sdata, "waiting for beacon from %pM\n",
4408 			   ifmgd->bssid);
4409 		assoc_data->timeout = TU_TO_EXP_TIME(req->bss->beacon_interval);
4410 		assoc_data->timeout_started = true;
4411 		assoc_data->need_beacon = true;
4412 	} else if (beacon_ies) {
4413 		const u8 *tim_ie = cfg80211_find_ie(WLAN_EID_TIM,
4414 						    beacon_ies->data,
4415 						    beacon_ies->len);
4416 		u8 dtim_count = 0;
4417 
4418 		if (tim_ie && tim_ie[1] >= sizeof(struct ieee80211_tim_ie)) {
4419 			const struct ieee80211_tim_ie *tim;
4420 			tim = (void *)(tim_ie + 2);
4421 			ifmgd->dtim_period = tim->dtim_period;
4422 			dtim_count = tim->dtim_count;
4423 		}
4424 		ifmgd->have_beacon = true;
4425 		assoc_data->timeout = jiffies;
4426 		assoc_data->timeout_started = true;
4427 
4428 		if (local->hw.flags & IEEE80211_HW_TIMING_BEACON_ONLY) {
4429 			sdata->vif.bss_conf.sync_tsf = beacon_ies->tsf;
4430 			sdata->vif.bss_conf.sync_device_ts =
4431 				bss->device_ts_beacon;
4432 			sdata->vif.bss_conf.sync_dtim_count = dtim_count;
4433 		}
4434 	} else {
4435 		assoc_data->timeout = jiffies;
4436 		assoc_data->timeout_started = true;
4437 	}
4438 	rcu_read_unlock();
4439 
4440 	run_again(sdata, assoc_data->timeout);
4441 
4442 	if (bss->corrupt_data) {
4443 		char *corrupt_type = "data";
4444 		if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
4445 			if (bss->corrupt_data &
4446 					IEEE80211_BSS_CORRUPT_PROBE_RESP)
4447 				corrupt_type = "beacon and probe response";
4448 			else
4449 				corrupt_type = "beacon";
4450 		} else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
4451 			corrupt_type = "probe response";
4452 		sdata_info(sdata, "associating with AP with corrupt %s\n",
4453 			   corrupt_type);
4454 	}
4455 
4456 	return 0;
4457  err_clear:
4458 	memset(ifmgd->bssid, 0, ETH_ALEN);
4459 	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
4460 	ifmgd->assoc_data = NULL;
4461  err_free:
4462 	kfree(assoc_data);
4463 	return err;
4464 }
4465 
4466 int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
4467 			 struct cfg80211_deauth_request *req)
4468 {
4469 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4470 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4471 	bool tx = !req->local_state_change;
4472 
4473 	if (ifmgd->auth_data &&
4474 	    ether_addr_equal(ifmgd->auth_data->bss->bssid, req->bssid)) {
4475 		sdata_info(sdata,
4476 			   "aborting authentication with %pM by local choice (Reason: %u=%s)\n",
4477 			   req->bssid, req->reason_code,
4478 			   ieee80211_get_reason_code_string(req->reason_code));
4479 
4480 		drv_mgd_prepare_tx(sdata->local, sdata);
4481 		ieee80211_send_deauth_disassoc(sdata, req->bssid,
4482 					       IEEE80211_STYPE_DEAUTH,
4483 					       req->reason_code, tx,
4484 					       frame_buf);
4485 		ieee80211_destroy_auth_data(sdata, false);
4486 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4487 				      IEEE80211_DEAUTH_FRAME_LEN);
4488 
4489 		return 0;
4490 	}
4491 
4492 	if (ifmgd->associated &&
4493 	    ether_addr_equal(ifmgd->associated->bssid, req->bssid)) {
4494 		sdata_info(sdata,
4495 			   "deauthenticating from %pM by local choice (Reason: %u=%s)\n",
4496 			   req->bssid, req->reason_code,
4497 			   ieee80211_get_reason_code_string(req->reason_code));
4498 
4499 		ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
4500 				       req->reason_code, tx, frame_buf);
4501 		cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4502 				      IEEE80211_DEAUTH_FRAME_LEN);
4503 		return 0;
4504 	}
4505 
4506 	return -ENOTCONN;
4507 }
4508 
4509 int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
4510 			   struct cfg80211_disassoc_request *req)
4511 {
4512 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4513 	u8 bssid[ETH_ALEN];
4514 	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
4515 
4516 	/*
4517 	 * cfg80211 should catch this ... but it's racy since
4518 	 * we can receive a disassoc frame, process it, hand it
4519 	 * to cfg80211 while that's in a locked section already
4520 	 * trying to tell us that the user wants to disconnect.
4521 	 */
4522 	if (ifmgd->associated != req->bss)
4523 		return -ENOLINK;
4524 
4525 	sdata_info(sdata,
4526 		   "disassociating from %pM by local choice (Reason: %u=%s)\n",
4527 		   req->bss->bssid, req->reason_code, ieee80211_get_reason_code_string(req->reason_code));
4528 
4529 	memcpy(bssid, req->bss->bssid, ETH_ALEN);
4530 	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
4531 			       req->reason_code, !req->local_state_change,
4532 			       frame_buf);
4533 
4534 	cfg80211_tx_mlme_mgmt(sdata->dev, frame_buf,
4535 			      IEEE80211_DEAUTH_FRAME_LEN);
4536 
4537 	return 0;
4538 }
4539 
4540 void ieee80211_mgd_stop(struct ieee80211_sub_if_data *sdata)
4541 {
4542 	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4543 
4544 	/*
4545 	 * Make sure some work items will not run after this,
4546 	 * they will not do anything but might not have been
4547 	 * cancelled when disconnecting.
4548 	 */
4549 	cancel_work_sync(&ifmgd->monitor_work);
4550 	cancel_work_sync(&ifmgd->beacon_connection_loss_work);
4551 	cancel_work_sync(&ifmgd->request_smps_work);
4552 	cancel_work_sync(&ifmgd->csa_connection_drop_work);
4553 	cancel_work_sync(&ifmgd->chswitch_work);
4554 
4555 	sdata_lock(sdata);
4556 	if (ifmgd->assoc_data) {
4557 		struct cfg80211_bss *bss = ifmgd->assoc_data->bss;
4558 		ieee80211_destroy_assoc_data(sdata, false);
4559 		cfg80211_assoc_timeout(sdata->dev, bss);
4560 	}
4561 	if (ifmgd->auth_data)
4562 		ieee80211_destroy_auth_data(sdata, false);
4563 	del_timer_sync(&ifmgd->timer);
4564 	sdata_unlock(sdata);
4565 }
4566 
4567 void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
4568 			       enum nl80211_cqm_rssi_threshold_event rssi_event,
4569 			       gfp_t gfp)
4570 {
4571 	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4572 
4573 	trace_api_cqm_rssi_notify(sdata, rssi_event);
4574 
4575 	cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
4576 }
4577 EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
4578