xref: /openbmc/linux/net/wireless/pmsr.c (revision ff2b4dc8) 
19bb7e0f2SJohannes Berg /* SPDX-License-Identifier: GPL-2.0 */
29bb7e0f2SJohannes Berg /*
30dcb84edSJohannes Berg  * Copyright (C) 2018 - 2021, 2023 Intel Corporation
49bb7e0f2SJohannes Berg  */
59bb7e0f2SJohannes Berg #include <net/cfg80211.h>
69bb7e0f2SJohannes Berg #include "core.h"
79bb7e0f2SJohannes Berg #include "nl80211.h"
89bb7e0f2SJohannes Berg #include "rdev-ops.h"
99bb7e0f2SJohannes Berg 
pmsr_parse_ftm(struct cfg80211_registered_device * rdev,struct nlattr * ftmreq,struct cfg80211_pmsr_request_peer * out,struct genl_info * info)109bb7e0f2SJohannes Berg static int pmsr_parse_ftm(struct cfg80211_registered_device *rdev,
119bb7e0f2SJohannes Berg 			  struct nlattr *ftmreq,
129bb7e0f2SJohannes Berg 			  struct cfg80211_pmsr_request_peer *out,
139bb7e0f2SJohannes Berg 			  struct genl_info *info)
149bb7e0f2SJohannes Berg {
159bb7e0f2SJohannes Berg 	const struct cfg80211_pmsr_capabilities *capa = rdev->wiphy.pmsr_capa;
169bb7e0f2SJohannes Berg 	struct nlattr *tb[NL80211_PMSR_FTM_REQ_ATTR_MAX + 1];
179bb7e0f2SJohannes Berg 	u32 preamble = NL80211_PREAMBLE_DMG; /* only optional in DMG */
189bb7e0f2SJohannes Berg 
199bb7e0f2SJohannes Berg 	/* validate existing data */
209bb7e0f2SJohannes Berg 	if (!(rdev->wiphy.pmsr_capa->ftm.bandwidths & BIT(out->chandef.width))) {
219bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG(info->extack, "FTM: unsupported bandwidth");
229bb7e0f2SJohannes Berg 		return -EINVAL;
239bb7e0f2SJohannes Berg 	}
249bb7e0f2SJohannes Berg 
259bb7e0f2SJohannes Berg 	/* no validation needed - was already done via nested policy */
268cb08174SJohannes Berg 	nla_parse_nested_deprecated(tb, NL80211_PMSR_FTM_REQ_ATTR_MAX, ftmreq,
278cb08174SJohannes Berg 				    NULL, NULL);
289bb7e0f2SJohannes Berg 
299bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE])
309bb7e0f2SJohannes Berg 		preamble = nla_get_u32(tb[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE]);
319bb7e0f2SJohannes Berg 
329bb7e0f2SJohannes Berg 	/* set up values - struct is 0-initialized */
339bb7e0f2SJohannes Berg 	out->ftm.requested = true;
349bb7e0f2SJohannes Berg 
359bb7e0f2SJohannes Berg 	switch (out->chandef.chan->band) {
369bb7e0f2SJohannes Berg 	case NL80211_BAND_60GHZ:
379bb7e0f2SJohannes Berg 		/* optional */
389bb7e0f2SJohannes Berg 		break;
399bb7e0f2SJohannes Berg 	default:
409bb7e0f2SJohannes Berg 		if (!tb[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE]) {
419bb7e0f2SJohannes Berg 			NL_SET_ERR_MSG(info->extack,
429bb7e0f2SJohannes Berg 				       "FTM: must specify preamble");
439bb7e0f2SJohannes Berg 			return -EINVAL;
449bb7e0f2SJohannes Berg 		}
459bb7e0f2SJohannes Berg 	}
469bb7e0f2SJohannes Berg 
479bb7e0f2SJohannes Berg 	if (!(capa->ftm.preambles & BIT(preamble))) {
489bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
499bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE],
509bb7e0f2SJohannes Berg 				    "FTM: invalid preamble");
519bb7e0f2SJohannes Berg 		return -EINVAL;
529bb7e0f2SJohannes Berg 	}
539bb7e0f2SJohannes Berg 
549bb7e0f2SJohannes Berg 	out->ftm.preamble = preamble;
559bb7e0f2SJohannes Berg 
569bb7e0f2SJohannes Berg 	out->ftm.burst_period = 0;
579bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD])
589bb7e0f2SJohannes Berg 		out->ftm.burst_period =
59ff2b4dc8SLin Ma 			nla_get_u16(tb[NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD]);
609bb7e0f2SJohannes Berg 
619bb7e0f2SJohannes Berg 	out->ftm.asap = !!tb[NL80211_PMSR_FTM_REQ_ATTR_ASAP];
629bb7e0f2SJohannes Berg 	if (out->ftm.asap && !capa->ftm.asap) {
639bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
649bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_ASAP],
659bb7e0f2SJohannes Berg 				    "FTM: ASAP mode not supported");
669bb7e0f2SJohannes Berg 		return -EINVAL;
679bb7e0f2SJohannes Berg 	}
689bb7e0f2SJohannes Berg 
699bb7e0f2SJohannes Berg 	if (!out->ftm.asap && !capa->ftm.non_asap) {
709bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG(info->extack,
719bb7e0f2SJohannes Berg 			       "FTM: non-ASAP mode not supported");
729bb7e0f2SJohannes Berg 		return -EINVAL;
739bb7e0f2SJohannes Berg 	}
749bb7e0f2SJohannes Berg 
759bb7e0f2SJohannes Berg 	out->ftm.num_bursts_exp = 0;
769bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP])
779bb7e0f2SJohannes Berg 		out->ftm.num_bursts_exp =
78ff2b4dc8SLin Ma 			nla_get_u8(tb[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP]);
799bb7e0f2SJohannes Berg 
809bb7e0f2SJohannes Berg 	if (capa->ftm.max_bursts_exponent >= 0 &&
819bb7e0f2SJohannes Berg 	    out->ftm.num_bursts_exp > capa->ftm.max_bursts_exponent) {
829bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
839bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_NUM_BURSTS_EXP],
849bb7e0f2SJohannes Berg 				    "FTM: max NUM_BURSTS_EXP must be set lower than the device limit");
859bb7e0f2SJohannes Berg 		return -EINVAL;
869bb7e0f2SJohannes Berg 	}
879bb7e0f2SJohannes Berg 
889bb7e0f2SJohannes Berg 	out->ftm.burst_duration = 15;
899bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION])
909bb7e0f2SJohannes Berg 		out->ftm.burst_duration =
91ff2b4dc8SLin Ma 			nla_get_u8(tb[NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION]);
929bb7e0f2SJohannes Berg 
939bb7e0f2SJohannes Berg 	out->ftm.ftms_per_burst = 0;
949bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST])
959bb7e0f2SJohannes Berg 		out->ftm.ftms_per_burst =
969bb7e0f2SJohannes Berg 			nla_get_u32(tb[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST]);
979bb7e0f2SJohannes Berg 
989bb7e0f2SJohannes Berg 	if (capa->ftm.max_ftms_per_burst &&
999bb7e0f2SJohannes Berg 	    (out->ftm.ftms_per_burst > capa->ftm.max_ftms_per_burst ||
1009bb7e0f2SJohannes Berg 	     out->ftm.ftms_per_burst == 0)) {
1019bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
1029bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST],
1039bb7e0f2SJohannes Berg 				    "FTM: FTMs per burst must be set lower than the device limit but non-zero");
1049bb7e0f2SJohannes Berg 		return -EINVAL;
1059bb7e0f2SJohannes Berg 	}
1069bb7e0f2SJohannes Berg 
1079bb7e0f2SJohannes Berg 	out->ftm.ftmr_retries = 3;
1089bb7e0f2SJohannes Berg 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES])
1099bb7e0f2SJohannes Berg 		out->ftm.ftmr_retries =
110ff2b4dc8SLin Ma 			nla_get_u8(tb[NL80211_PMSR_FTM_REQ_ATTR_NUM_FTMR_RETRIES]);
1119bb7e0f2SJohannes Berg 
1129bb7e0f2SJohannes Berg 	out->ftm.request_lci = !!tb[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI];
1139bb7e0f2SJohannes Berg 	if (out->ftm.request_lci && !capa->ftm.request_lci) {
1149bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
1159bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_LCI],
1169bb7e0f2SJohannes Berg 				    "FTM: LCI request not supported");
1179bb7e0f2SJohannes Berg 	}
1189bb7e0f2SJohannes Berg 
1199bb7e0f2SJohannes Berg 	out->ftm.request_civicloc =
1209bb7e0f2SJohannes Berg 		!!tb[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC];
1219bb7e0f2SJohannes Berg 	if (out->ftm.request_civicloc && !capa->ftm.request_civicloc) {
1229bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
1239bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_FTM_REQ_ATTR_REQUEST_CIVICLOC],
1249bb7e0f2SJohannes Berg 			    "FTM: civic location request not supported");
1259bb7e0f2SJohannes Berg 	}
1269bb7e0f2SJohannes Berg 
127efb5520dSAvraham Stern 	out->ftm.trigger_based =
128efb5520dSAvraham Stern 		!!tb[NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED];
129efb5520dSAvraham Stern 	if (out->ftm.trigger_based && !capa->ftm.trigger_based) {
130efb5520dSAvraham Stern 		NL_SET_ERR_MSG_ATTR(info->extack,
131efb5520dSAvraham Stern 				    tb[NL80211_PMSR_FTM_REQ_ATTR_TRIGGER_BASED],
132efb5520dSAvraham Stern 				    "FTM: trigger based ranging is not supported");
133efb5520dSAvraham Stern 		return -EINVAL;
134efb5520dSAvraham Stern 	}
135efb5520dSAvraham Stern 
136efb5520dSAvraham Stern 	out->ftm.non_trigger_based =
137efb5520dSAvraham Stern 		!!tb[NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED];
138efb5520dSAvraham Stern 	if (out->ftm.non_trigger_based && !capa->ftm.non_trigger_based) {
139efb5520dSAvraham Stern 		NL_SET_ERR_MSG_ATTR(info->extack,
140efb5520dSAvraham Stern 				    tb[NL80211_PMSR_FTM_REQ_ATTR_NON_TRIGGER_BASED],
141efb5520dSAvraham Stern 				    "FTM: trigger based ranging is not supported");
142efb5520dSAvraham Stern 		return -EINVAL;
143efb5520dSAvraham Stern 	}
144efb5520dSAvraham Stern 
145efb5520dSAvraham Stern 	if (out->ftm.trigger_based && out->ftm.non_trigger_based) {
146efb5520dSAvraham Stern 		NL_SET_ERR_MSG(info->extack,
147efb5520dSAvraham Stern 			       "FTM: can't set both trigger based and non trigger based");
148efb5520dSAvraham Stern 		return -EINVAL;
149efb5520dSAvraham Stern 	}
150efb5520dSAvraham Stern 
151efb5520dSAvraham Stern 	if ((out->ftm.trigger_based || out->ftm.non_trigger_based) &&
152efb5520dSAvraham Stern 	    out->ftm.preamble != NL80211_PREAMBLE_HE) {
153efb5520dSAvraham Stern 		NL_SET_ERR_MSG_ATTR(info->extack,
154efb5520dSAvraham Stern 				    tb[NL80211_PMSR_FTM_REQ_ATTR_PREAMBLE],
155efb5520dSAvraham Stern 				    "FTM: non EDCA based ranging must use HE preamble");
156efb5520dSAvraham Stern 		return -EINVAL;
157efb5520dSAvraham Stern 	}
158efb5520dSAvraham Stern 
15973807523SAvraham Stern 	out->ftm.lmr_feedback =
16073807523SAvraham Stern 		!!tb[NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK];
16173807523SAvraham Stern 	if (!out->ftm.trigger_based && !out->ftm.non_trigger_based &&
16273807523SAvraham Stern 	    out->ftm.lmr_feedback) {
16373807523SAvraham Stern 		NL_SET_ERR_MSG_ATTR(info->extack,
16473807523SAvraham Stern 				    tb[NL80211_PMSR_FTM_REQ_ATTR_LMR_FEEDBACK],
16573807523SAvraham Stern 				    "FTM: LMR feedback set for EDCA based ranging");
16673807523SAvraham Stern 		return -EINVAL;
16773807523SAvraham Stern 	}
16873807523SAvraham Stern 
169dd3e4fc7SAvraham Stern 	if (tb[NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR]) {
170dd3e4fc7SAvraham Stern 		if (!out->ftm.non_trigger_based && !out->ftm.trigger_based) {
171dd3e4fc7SAvraham Stern 			NL_SET_ERR_MSG_ATTR(info->extack,
172dd3e4fc7SAvraham Stern 					    tb[NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR],
173dd3e4fc7SAvraham Stern 					    "FTM: BSS color set for EDCA based ranging");
174dd3e4fc7SAvraham Stern 			return -EINVAL;
175dd3e4fc7SAvraham Stern 		}
176dd3e4fc7SAvraham Stern 
177dd3e4fc7SAvraham Stern 		out->ftm.bss_color =
178dd3e4fc7SAvraham Stern 			nla_get_u8(tb[NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR]);
179dd3e4fc7SAvraham Stern 	}
180dd3e4fc7SAvraham Stern 
1819bb7e0f2SJohannes Berg 	return 0;
1829bb7e0f2SJohannes Berg }
1839bb7e0f2SJohannes Berg 
pmsr_parse_peer(struct cfg80211_registered_device * rdev,struct nlattr * peer,struct cfg80211_pmsr_request_peer * out,struct genl_info * info)1849bb7e0f2SJohannes Berg static int pmsr_parse_peer(struct cfg80211_registered_device *rdev,
1859bb7e0f2SJohannes Berg 			   struct nlattr *peer,
1869bb7e0f2SJohannes Berg 			   struct cfg80211_pmsr_request_peer *out,
1879bb7e0f2SJohannes Berg 			   struct genl_info *info)
1889bb7e0f2SJohannes Berg {
1899bb7e0f2SJohannes Berg 	struct nlattr *tb[NL80211_PMSR_PEER_ATTR_MAX + 1];
1909bb7e0f2SJohannes Berg 	struct nlattr *req[NL80211_PMSR_REQ_ATTR_MAX + 1];
1919bb7e0f2SJohannes Berg 	struct nlattr *treq;
1929bb7e0f2SJohannes Berg 	int err, rem;
1939bb7e0f2SJohannes Berg 
1949bb7e0f2SJohannes Berg 	/* no validation needed - was already done via nested policy */
1958cb08174SJohannes Berg 	nla_parse_nested_deprecated(tb, NL80211_PMSR_PEER_ATTR_MAX, peer,
1968cb08174SJohannes Berg 				    NULL, NULL);
1979bb7e0f2SJohannes Berg 
1989bb7e0f2SJohannes Berg 	if (!tb[NL80211_PMSR_PEER_ATTR_ADDR] ||
1999bb7e0f2SJohannes Berg 	    !tb[NL80211_PMSR_PEER_ATTR_CHAN] ||
2009bb7e0f2SJohannes Berg 	    !tb[NL80211_PMSR_PEER_ATTR_REQ]) {
2019bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack, peer,
2029bb7e0f2SJohannes Berg 				    "insufficient peer data");
2039bb7e0f2SJohannes Berg 		return -EINVAL;
2049bb7e0f2SJohannes Berg 	}
2059bb7e0f2SJohannes Berg 
2069bb7e0f2SJohannes Berg 	memcpy(out->addr, nla_data(tb[NL80211_PMSR_PEER_ATTR_ADDR]), ETH_ALEN);
2079bb7e0f2SJohannes Berg 
2089bb7e0f2SJohannes Berg 	/* reuse info->attrs */
2099bb7e0f2SJohannes Berg 	memset(info->attrs, 0, sizeof(*info->attrs) * (NL80211_ATTR_MAX + 1));
2108cb08174SJohannes Berg 	err = nla_parse_nested_deprecated(info->attrs, NL80211_ATTR_MAX,
2119bb7e0f2SJohannes Berg 					  tb[NL80211_PMSR_PEER_ATTR_CHAN],
212d15da2a2SJohannes Berg 					  NULL, info->extack);
2139bb7e0f2SJohannes Berg 	if (err)
2149bb7e0f2SJohannes Berg 		return err;
2159bb7e0f2SJohannes Berg 
2169bb7e0f2SJohannes Berg 	err = nl80211_parse_chandef(rdev, info, &out->chandef);
2179bb7e0f2SJohannes Berg 	if (err)
2189bb7e0f2SJohannes Berg 		return err;
2199bb7e0f2SJohannes Berg 
2209bb7e0f2SJohannes Berg 	/* no validation needed - was already done via nested policy */
2218cb08174SJohannes Berg 	nla_parse_nested_deprecated(req, NL80211_PMSR_REQ_ATTR_MAX,
2228cb08174SJohannes Berg 				    tb[NL80211_PMSR_PEER_ATTR_REQ], NULL,
2238cb08174SJohannes Berg 				    NULL);
2249bb7e0f2SJohannes Berg 
2259bb7e0f2SJohannes Berg 	if (!req[NL80211_PMSR_REQ_ATTR_DATA]) {
2269bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
2279bb7e0f2SJohannes Berg 				    tb[NL80211_PMSR_PEER_ATTR_REQ],
2289bb7e0f2SJohannes Berg 				    "missing request type/data");
2299bb7e0f2SJohannes Berg 		return -EINVAL;
2309bb7e0f2SJohannes Berg 	}
2319bb7e0f2SJohannes Berg 
2329bb7e0f2SJohannes Berg 	if (req[NL80211_PMSR_REQ_ATTR_GET_AP_TSF])
2339bb7e0f2SJohannes Berg 		out->report_ap_tsf = true;
2349bb7e0f2SJohannes Berg 
2359bb7e0f2SJohannes Berg 	if (out->report_ap_tsf && !rdev->wiphy.pmsr_capa->report_ap_tsf) {
2369bb7e0f2SJohannes Berg 		NL_SET_ERR_MSG_ATTR(info->extack,
2379bb7e0f2SJohannes Berg 				    req[NL80211_PMSR_REQ_ATTR_GET_AP_TSF],
2389bb7e0f2SJohannes Berg 				    "reporting AP TSF is not supported");
2399bb7e0f2SJohannes Berg 		return -EINVAL;
2409bb7e0f2SJohannes Berg 	}
2419bb7e0f2SJohannes Berg 
2429bb7e0f2SJohannes Berg 	nla_for_each_nested(treq, req[NL80211_PMSR_REQ_ATTR_DATA], rem) {
2439bb7e0f2SJohannes Berg 		switch (nla_type(treq)) {
2449bb7e0f2SJohannes Berg 		case NL80211_PMSR_TYPE_FTM:
2459bb7e0f2SJohannes Berg 			err = pmsr_parse_ftm(rdev, treq, out, info);
2469bb7e0f2SJohannes Berg 			break;
2479bb7e0f2SJohannes Berg 		default:
2489bb7e0f2SJohannes Berg 			NL_SET_ERR_MSG_ATTR(info->extack, treq,
2499bb7e0f2SJohannes Berg 					    "unsupported measurement type");
2509bb7e0f2SJohannes Berg 			err = -EINVAL;
2519bb7e0f2SJohannes Berg 		}
2529bb7e0f2SJohannes Berg 	}
2539bb7e0f2SJohannes Berg 
2549bb7e0f2SJohannes Berg 	if (err)
2559bb7e0f2SJohannes Berg 		return err;
2569bb7e0f2SJohannes Berg 
2579bb7e0f2SJohannes Berg 	return 0;
2589bb7e0f2SJohannes Berg }
2599bb7e0f2SJohannes Berg 
nl80211_pmsr_start(struct sk_buff * skb,struct genl_info * info)2609bb7e0f2SJohannes Berg int nl80211_pmsr_start(struct sk_buff *skb, struct genl_info *info)
2619bb7e0f2SJohannes Berg {
2629bb7e0f2SJohannes Berg 	struct nlattr *reqattr = info->attrs[NL80211_ATTR_PEER_MEASUREMENTS];
2639bb7e0f2SJohannes Berg 	struct cfg80211_registered_device *rdev = info->user_ptr[0];
2649bb7e0f2SJohannes Berg 	struct wireless_dev *wdev = info->user_ptr[1];
2659bb7e0f2SJohannes Berg 	struct cfg80211_pmsr_request *req;
2669bb7e0f2SJohannes Berg 	struct nlattr *peers, *peer;
2679bb7e0f2SJohannes Berg 	int count, rem, err, idx;
2689bb7e0f2SJohannes Berg 
2699bb7e0f2SJohannes Berg 	if (!rdev->wiphy.pmsr_capa)
2709bb7e0f2SJohannes Berg 		return -EOPNOTSUPP;
2719bb7e0f2SJohannes Berg 
2729bb7e0f2SJohannes Berg 	if (!reqattr)
2739bb7e0f2SJohannes Berg 		return -EINVAL;
2749bb7e0f2SJohannes Berg 
2759bb7e0f2SJohannes Berg 	peers = nla_find(nla_data(reqattr), nla_len(reqattr),
2769bb7e0f2SJohannes Berg 			 NL80211_PMSR_ATTR_PEERS);
2779bb7e0f2SJohannes Berg 	if (!peers)
2789bb7e0f2SJohannes Berg 		return -EINVAL;
2799bb7e0f2SJohannes Berg 
2809bb7e0f2SJohannes Berg 	count = 0;
2819bb7e0f2SJohannes Berg 	nla_for_each_nested(peer, peers, rem) {
2829bb7e0f2SJohannes Berg 		count++;
2839bb7e0f2SJohannes Berg 
2849bb7e0f2SJohannes Berg 		if (count > rdev->wiphy.pmsr_capa->max_peers) {
2859bb7e0f2SJohannes Berg 			NL_SET_ERR_MSG_ATTR(info->extack, peer,
2869bb7e0f2SJohannes Berg 					    "Too many peers used");
2879bb7e0f2SJohannes Berg 			return -EINVAL;
2889bb7e0f2SJohannes Berg 		}
2899bb7e0f2SJohannes Berg 	}
2909bb7e0f2SJohannes Berg 
2919bb7e0f2SJohannes Berg 	req = kzalloc(struct_size(req, peers, count), GFP_KERNEL);
2929bb7e0f2SJohannes Berg 	if (!req)
2939bb7e0f2SJohannes Berg 		return -ENOMEM;
294342bc7c9SKees Cook 	req->n_peers = count;
2959bb7e0f2SJohannes Berg 
2969bb7e0f2SJohannes Berg 	if (info->attrs[NL80211_ATTR_TIMEOUT])
2979bb7e0f2SJohannes Berg 		req->timeout = nla_get_u32(info->attrs[NL80211_ATTR_TIMEOUT]);
2989bb7e0f2SJohannes Berg 
2999bb7e0f2SJohannes Berg 	if (info->attrs[NL80211_ATTR_MAC]) {
3009bb7e0f2SJohannes Berg 		if (!rdev->wiphy.pmsr_capa->randomize_mac_addr) {
3019bb7e0f2SJohannes Berg 			NL_SET_ERR_MSG_ATTR(info->extack,
3029bb7e0f2SJohannes Berg 					    info->attrs[NL80211_ATTR_MAC],
3039bb7e0f2SJohannes Berg 					    "device cannot randomize MAC address");
3049bb7e0f2SJohannes Berg 			err = -EINVAL;
3059bb7e0f2SJohannes Berg 			goto out_err;
3069bb7e0f2SJohannes Berg 		}
3079bb7e0f2SJohannes Berg 
3089bb7e0f2SJohannes Berg 		err = nl80211_parse_random_mac(info->attrs, req->mac_addr,
3099bb7e0f2SJohannes Berg 					       req->mac_addr_mask);
3109bb7e0f2SJohannes Berg 		if (err)
3119bb7e0f2SJohannes Berg 			goto out_err;
3129bb7e0f2SJohannes Berg 	} else {
3130acd9928SJohannes Berg 		memcpy(req->mac_addr, wdev_address(wdev), ETH_ALEN);
31476763741SMao Wenan 		eth_broadcast_addr(req->mac_addr_mask);
3159bb7e0f2SJohannes Berg 	}
3169bb7e0f2SJohannes Berg 
3179bb7e0f2SJohannes Berg 	idx = 0;
3189bb7e0f2SJohannes Berg 	nla_for_each_nested(peer, peers, rem) {
3199bb7e0f2SJohannes Berg 		/* NB: this reuses info->attrs, but we no longer need it */
3209bb7e0f2SJohannes Berg 		err = pmsr_parse_peer(rdev, peer, &req->peers[idx], info);
3219bb7e0f2SJohannes Berg 		if (err)
3229bb7e0f2SJohannes Berg 			goto out_err;
3239bb7e0f2SJohannes Berg 		idx++;
3249bb7e0f2SJohannes Berg 	}
3259bb7e0f2SJohannes Berg 	req->cookie = cfg80211_assign_cookie(rdev);
326ff1bab1bSJohannes Berg 	req->nl_portid = info->snd_portid;
3279bb7e0f2SJohannes Berg 
3289bb7e0f2SJohannes Berg 	err = rdev_start_pmsr(rdev, wdev, req);
3299bb7e0f2SJohannes Berg 	if (err)
3309bb7e0f2SJohannes Berg 		goto out_err;
3319bb7e0f2SJohannes Berg 
3329bb7e0f2SJohannes Berg 	list_add_tail(&req->list, &wdev->pmsr_list);
3339bb7e0f2SJohannes Berg 
3349bb7e0f2SJohannes Berg 	nl_set_extack_cookie_u64(info->extack, req->cookie);
3359bb7e0f2SJohannes Berg 	return 0;
3369bb7e0f2SJohannes Berg out_err:
3379bb7e0f2SJohannes Berg 	kfree(req);
3389bb7e0f2SJohannes Berg 	return err;
3399bb7e0f2SJohannes Berg }
3409bb7e0f2SJohannes Berg 
cfg80211_pmsr_complete(struct wireless_dev * wdev,struct cfg80211_pmsr_request * req,gfp_t gfp)3419bb7e0f2SJohannes Berg void cfg80211_pmsr_complete(struct wireless_dev *wdev,
3429bb7e0f2SJohannes Berg 			    struct cfg80211_pmsr_request *req,
3439bb7e0f2SJohannes Berg 			    gfp_t gfp)
3449bb7e0f2SJohannes Berg {
3459bb7e0f2SJohannes Berg 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
3460288e5e1SAvraham Stern 	struct cfg80211_pmsr_request *tmp, *prev, *to_free = NULL;
3479bb7e0f2SJohannes Berg 	struct sk_buff *msg;
3489bb7e0f2SJohannes Berg 	void *hdr;
3499bb7e0f2SJohannes Berg 
3509bb7e0f2SJohannes Berg 	trace_cfg80211_pmsr_complete(wdev->wiphy, wdev, req->cookie);
3519bb7e0f2SJohannes Berg 
3529bb7e0f2SJohannes Berg 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
3539bb7e0f2SJohannes Berg 	if (!msg)
3549bb7e0f2SJohannes Berg 		goto free_request;
3559bb7e0f2SJohannes Berg 
3569bb7e0f2SJohannes Berg 	hdr = nl80211hdr_put(msg, 0, 0, 0,
3579bb7e0f2SJohannes Berg 			     NL80211_CMD_PEER_MEASUREMENT_COMPLETE);
3589bb7e0f2SJohannes Berg 	if (!hdr)
3599bb7e0f2SJohannes Berg 		goto free_msg;
3609bb7e0f2SJohannes Berg 
3619bb7e0f2SJohannes Berg 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
3629bb7e0f2SJohannes Berg 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
3639bb7e0f2SJohannes Berg 			      NL80211_ATTR_PAD))
3649bb7e0f2SJohannes Berg 		goto free_msg;
3659bb7e0f2SJohannes Berg 
3669bb7e0f2SJohannes Berg 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->cookie,
3679bb7e0f2SJohannes Berg 			      NL80211_ATTR_PAD))
3689bb7e0f2SJohannes Berg 		goto free_msg;
3699bb7e0f2SJohannes Berg 
3709bb7e0f2SJohannes Berg 	genlmsg_end(msg, hdr);
3719bb7e0f2SJohannes Berg 	genlmsg_unicast(wiphy_net(wdev->wiphy), msg, req->nl_portid);
3729bb7e0f2SJohannes Berg 	goto free_request;
3739bb7e0f2SJohannes Berg free_msg:
3749bb7e0f2SJohannes Berg 	nlmsg_free(msg);
3759bb7e0f2SJohannes Berg free_request:
3769bb7e0f2SJohannes Berg 	spin_lock_bh(&wdev->pmsr_lock);
3770288e5e1SAvraham Stern 	/*
3780288e5e1SAvraham Stern 	 * cfg80211_pmsr_process_abort() may have already moved this request
3790288e5e1SAvraham Stern 	 * to the free list, and will free it later. In this case, don't free
3800288e5e1SAvraham Stern 	 * it here.
3810288e5e1SAvraham Stern 	 */
3820288e5e1SAvraham Stern 	list_for_each_entry_safe(tmp, prev, &wdev->pmsr_list, list) {
3830288e5e1SAvraham Stern 		if (tmp == req) {
3849bb7e0f2SJohannes Berg 			list_del(&req->list);
3850288e5e1SAvraham Stern 			to_free = req;
3860288e5e1SAvraham Stern 			break;
3870288e5e1SAvraham Stern 		}
3880288e5e1SAvraham Stern 	}
3899bb7e0f2SJohannes Berg 	spin_unlock_bh(&wdev->pmsr_lock);
3900288e5e1SAvraham Stern 	kfree(to_free);
3919bb7e0f2SJohannes Berg }
3929bb7e0f2SJohannes Berg EXPORT_SYMBOL_GPL(cfg80211_pmsr_complete);
3939bb7e0f2SJohannes Berg 
nl80211_pmsr_send_ftm_res(struct sk_buff * msg,struct cfg80211_pmsr_result * res)3949bb7e0f2SJohannes Berg static int nl80211_pmsr_send_ftm_res(struct sk_buff *msg,
3959bb7e0f2SJohannes Berg 				     struct cfg80211_pmsr_result *res)
3969bb7e0f2SJohannes Berg {
3979bb7e0f2SJohannes Berg 	if (res->status == NL80211_PMSR_STATUS_FAILURE) {
3989bb7e0f2SJohannes Berg 		if (nla_put_u32(msg, NL80211_PMSR_FTM_RESP_ATTR_FAIL_REASON,
3999bb7e0f2SJohannes Berg 				res->ftm.failure_reason))
4009bb7e0f2SJohannes Berg 			goto error;
4019bb7e0f2SJohannes Berg 
4029bb7e0f2SJohannes Berg 		if (res->ftm.failure_reason ==
4039bb7e0f2SJohannes Berg 			NL80211_PMSR_FTM_FAILURE_PEER_BUSY &&
4049bb7e0f2SJohannes Berg 		    res->ftm.busy_retry_time &&
4059bb7e0f2SJohannes Berg 		    nla_put_u32(msg, NL80211_PMSR_FTM_RESP_ATTR_BUSY_RETRY_TIME,
4069bb7e0f2SJohannes Berg 				res->ftm.busy_retry_time))
4079bb7e0f2SJohannes Berg 			goto error;
4089bb7e0f2SJohannes Berg 
4099bb7e0f2SJohannes Berg 		return 0;
4109bb7e0f2SJohannes Berg 	}
4119bb7e0f2SJohannes Berg 
4129bb7e0f2SJohannes Berg #define PUT(tp, attr, val)						\
4139bb7e0f2SJohannes Berg 	do {								\
4149bb7e0f2SJohannes Berg 		if (nla_put_##tp(msg,					\
4159bb7e0f2SJohannes Berg 				 NL80211_PMSR_FTM_RESP_ATTR_##attr,	\
4169bb7e0f2SJohannes Berg 				 res->ftm.val))				\
4179bb7e0f2SJohannes Berg 			goto error;					\
4189bb7e0f2SJohannes Berg 	} while (0)
4199bb7e0f2SJohannes Berg 
4209bb7e0f2SJohannes Berg #define PUTOPT(tp, attr, val)						\
4219bb7e0f2SJohannes Berg 	do {								\
4229bb7e0f2SJohannes Berg 		if (res->ftm.val##_valid)				\
4239bb7e0f2SJohannes Berg 			PUT(tp, attr, val);				\
4249bb7e0f2SJohannes Berg 	} while (0)
4259bb7e0f2SJohannes Berg 
4269bb7e0f2SJohannes Berg #define PUT_U64(attr, val)						\
4279bb7e0f2SJohannes Berg 	do {								\
4289bb7e0f2SJohannes Berg 		if (nla_put_u64_64bit(msg,				\
4299bb7e0f2SJohannes Berg 				      NL80211_PMSR_FTM_RESP_ATTR_##attr,\
4309bb7e0f2SJohannes Berg 				      res->ftm.val,			\
4319bb7e0f2SJohannes Berg 				      NL80211_PMSR_FTM_RESP_ATTR_PAD))	\
4329bb7e0f2SJohannes Berg 			goto error;					\
4339bb7e0f2SJohannes Berg 	} while (0)
4349bb7e0f2SJohannes Berg 
4359bb7e0f2SJohannes Berg #define PUTOPT_U64(attr, val)						\
4369bb7e0f2SJohannes Berg 	do {								\
4379bb7e0f2SJohannes Berg 		if (res->ftm.val##_valid)				\
4389bb7e0f2SJohannes Berg 			PUT_U64(attr, val);				\
4399bb7e0f2SJohannes Berg 	} while (0)
4409bb7e0f2SJohannes Berg 
4419bb7e0f2SJohannes Berg 	if (res->ftm.burst_index >= 0)
4429bb7e0f2SJohannes Berg 		PUT(u32, BURST_INDEX, burst_index);
4439bb7e0f2SJohannes Berg 	PUTOPT(u32, NUM_FTMR_ATTEMPTS, num_ftmr_attempts);
4449bb7e0f2SJohannes Berg 	PUTOPT(u32, NUM_FTMR_SUCCESSES, num_ftmr_successes);
4459bb7e0f2SJohannes Berg 	PUT(u8, NUM_BURSTS_EXP, num_bursts_exp);
4469bb7e0f2SJohannes Berg 	PUT(u8, BURST_DURATION, burst_duration);
4479bb7e0f2SJohannes Berg 	PUT(u8, FTMS_PER_BURST, ftms_per_burst);
4489bb7e0f2SJohannes Berg 	PUTOPT(s32, RSSI_AVG, rssi_avg);
4499bb7e0f2SJohannes Berg 	PUTOPT(s32, RSSI_SPREAD, rssi_spread);
4509bb7e0f2SJohannes Berg 	if (res->ftm.tx_rate_valid &&
4519bb7e0f2SJohannes Berg 	    !nl80211_put_sta_rate(msg, &res->ftm.tx_rate,
4529bb7e0f2SJohannes Berg 				  NL80211_PMSR_FTM_RESP_ATTR_TX_RATE))
4539bb7e0f2SJohannes Berg 		goto error;
4549bb7e0f2SJohannes Berg 	if (res->ftm.rx_rate_valid &&
4559bb7e0f2SJohannes Berg 	    !nl80211_put_sta_rate(msg, &res->ftm.rx_rate,
4569bb7e0f2SJohannes Berg 				  NL80211_PMSR_FTM_RESP_ATTR_RX_RATE))
4579bb7e0f2SJohannes Berg 		goto error;
4589bb7e0f2SJohannes Berg 	PUTOPT_U64(RTT_AVG, rtt_avg);
4599bb7e0f2SJohannes Berg 	PUTOPT_U64(RTT_VARIANCE, rtt_variance);
4609bb7e0f2SJohannes Berg 	PUTOPT_U64(RTT_SPREAD, rtt_spread);
4619bb7e0f2SJohannes Berg 	PUTOPT_U64(DIST_AVG, dist_avg);
4629bb7e0f2SJohannes Berg 	PUTOPT_U64(DIST_VARIANCE, dist_variance);
4639bb7e0f2SJohannes Berg 	PUTOPT_U64(DIST_SPREAD, dist_spread);
4649bb7e0f2SJohannes Berg 	if (res->ftm.lci && res->ftm.lci_len &&
4659bb7e0f2SJohannes Berg 	    nla_put(msg, NL80211_PMSR_FTM_RESP_ATTR_LCI,
4669bb7e0f2SJohannes Berg 		    res->ftm.lci_len, res->ftm.lci))
4679bb7e0f2SJohannes Berg 		goto error;
4689bb7e0f2SJohannes Berg 	if (res->ftm.civicloc && res->ftm.civicloc_len &&
4699bb7e0f2SJohannes Berg 	    nla_put(msg, NL80211_PMSR_FTM_RESP_ATTR_CIVICLOC,
4709bb7e0f2SJohannes Berg 		    res->ftm.civicloc_len, res->ftm.civicloc))
4719bb7e0f2SJohannes Berg 		goto error;
4729bb7e0f2SJohannes Berg #undef PUT
4739bb7e0f2SJohannes Berg #undef PUTOPT
4749bb7e0f2SJohannes Berg #undef PUT_U64
4759bb7e0f2SJohannes Berg #undef PUTOPT_U64
4769bb7e0f2SJohannes Berg 
4779bb7e0f2SJohannes Berg 	return 0;
4789bb7e0f2SJohannes Berg error:
4799bb7e0f2SJohannes Berg 	return -ENOSPC;
4809bb7e0f2SJohannes Berg }
4819bb7e0f2SJohannes Berg 
nl80211_pmsr_send_result(struct sk_buff * msg,struct cfg80211_pmsr_result * res)4829bb7e0f2SJohannes Berg static int nl80211_pmsr_send_result(struct sk_buff *msg,
4839bb7e0f2SJohannes Berg 				    struct cfg80211_pmsr_result *res)
4849bb7e0f2SJohannes Berg {
4859bb7e0f2SJohannes Berg 	struct nlattr *pmsr, *peers, *peer, *resp, *data, *typedata;
4869bb7e0f2SJohannes Berg 
487ae0be8deSMichal Kubecek 	pmsr = nla_nest_start_noflag(msg, NL80211_ATTR_PEER_MEASUREMENTS);
4889bb7e0f2SJohannes Berg 	if (!pmsr)
4899bb7e0f2SJohannes Berg 		goto error;
4909bb7e0f2SJohannes Berg 
491ae0be8deSMichal Kubecek 	peers = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_PEERS);
4929bb7e0f2SJohannes Berg 	if (!peers)
4939bb7e0f2SJohannes Berg 		goto error;
4949bb7e0f2SJohannes Berg 
495ae0be8deSMichal Kubecek 	peer = nla_nest_start_noflag(msg, 1);
4969bb7e0f2SJohannes Berg 	if (!peer)
4979bb7e0f2SJohannes Berg 		goto error;
4989bb7e0f2SJohannes Berg 
4999bb7e0f2SJohannes Berg 	if (nla_put(msg, NL80211_PMSR_PEER_ATTR_ADDR, ETH_ALEN, res->addr))
5009bb7e0f2SJohannes Berg 		goto error;
5019bb7e0f2SJohannes Berg 
502ae0be8deSMichal Kubecek 	resp = nla_nest_start_noflag(msg, NL80211_PMSR_PEER_ATTR_RESP);
5039bb7e0f2SJohannes Berg 	if (!resp)
5049bb7e0f2SJohannes Berg 		goto error;
5059bb7e0f2SJohannes Berg 
5069bb7e0f2SJohannes Berg 	if (nla_put_u32(msg, NL80211_PMSR_RESP_ATTR_STATUS, res->status) ||
5079bb7e0f2SJohannes Berg 	    nla_put_u64_64bit(msg, NL80211_PMSR_RESP_ATTR_HOST_TIME,
5089bb7e0f2SJohannes Berg 			      res->host_time, NL80211_PMSR_RESP_ATTR_PAD))
5099bb7e0f2SJohannes Berg 		goto error;
5109bb7e0f2SJohannes Berg 
5119bb7e0f2SJohannes Berg 	if (res->ap_tsf_valid &&
5129bb7e0f2SJohannes Berg 	    nla_put_u64_64bit(msg, NL80211_PMSR_RESP_ATTR_AP_TSF,
513b6584202SAvraham Stern 			      res->ap_tsf, NL80211_PMSR_RESP_ATTR_PAD))
5149bb7e0f2SJohannes Berg 		goto error;
5159bb7e0f2SJohannes Berg 
5169bb7e0f2SJohannes Berg 	if (res->final && nla_put_flag(msg, NL80211_PMSR_RESP_ATTR_FINAL))
5179bb7e0f2SJohannes Berg 		goto error;
5189bb7e0f2SJohannes Berg 
519ae0be8deSMichal Kubecek 	data = nla_nest_start_noflag(msg, NL80211_PMSR_RESP_ATTR_DATA);
5209bb7e0f2SJohannes Berg 	if (!data)
5219bb7e0f2SJohannes Berg 		goto error;
5229bb7e0f2SJohannes Berg 
523ae0be8deSMichal Kubecek 	typedata = nla_nest_start_noflag(msg, res->type);
5249bb7e0f2SJohannes Berg 	if (!typedata)
5259bb7e0f2SJohannes Berg 		goto error;
5269bb7e0f2SJohannes Berg 
5279bb7e0f2SJohannes Berg 	switch (res->type) {
5289bb7e0f2SJohannes Berg 	case NL80211_PMSR_TYPE_FTM:
5299bb7e0f2SJohannes Berg 		if (nl80211_pmsr_send_ftm_res(msg, res))
5309bb7e0f2SJohannes Berg 			goto error;
5319bb7e0f2SJohannes Berg 		break;
5329bb7e0f2SJohannes Berg 	default:
5339bb7e0f2SJohannes Berg 		WARN_ON(1);
5349bb7e0f2SJohannes Berg 	}
5359bb7e0f2SJohannes Berg 
5369bb7e0f2SJohannes Berg 	nla_nest_end(msg, typedata);
5379bb7e0f2SJohannes Berg 	nla_nest_end(msg, data);
5389bb7e0f2SJohannes Berg 	nla_nest_end(msg, resp);
5399bb7e0f2SJohannes Berg 	nla_nest_end(msg, peer);
5409bb7e0f2SJohannes Berg 	nla_nest_end(msg, peers);
5419bb7e0f2SJohannes Berg 	nla_nest_end(msg, pmsr);
5429bb7e0f2SJohannes Berg 
5439bb7e0f2SJohannes Berg 	return 0;
5449bb7e0f2SJohannes Berg error:
5459bb7e0f2SJohannes Berg 	return -ENOSPC;
5469bb7e0f2SJohannes Berg }
5479bb7e0f2SJohannes Berg 
cfg80211_pmsr_report(struct wireless_dev * wdev,struct cfg80211_pmsr_request * req,struct cfg80211_pmsr_result * result,gfp_t gfp)5489bb7e0f2SJohannes Berg void cfg80211_pmsr_report(struct wireless_dev *wdev,
5499bb7e0f2SJohannes Berg 			  struct cfg80211_pmsr_request *req,
5509bb7e0f2SJohannes Berg 			  struct cfg80211_pmsr_result *result,
5519bb7e0f2SJohannes Berg 			  gfp_t gfp)
5529bb7e0f2SJohannes Berg {
5539bb7e0f2SJohannes Berg 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
5549bb7e0f2SJohannes Berg 	struct sk_buff *msg;
5559bb7e0f2SJohannes Berg 	void *hdr;
5569bb7e0f2SJohannes Berg 	int err;
5579bb7e0f2SJohannes Berg 
5589bb7e0f2SJohannes Berg 	trace_cfg80211_pmsr_report(wdev->wiphy, wdev, req->cookie,
5599bb7e0f2SJohannes Berg 				   result->addr);
5609bb7e0f2SJohannes Berg 
5619bb7e0f2SJohannes Berg 	/*
5629bb7e0f2SJohannes Berg 	 * Currently, only variable items are LCI and civic location,
5639bb7e0f2SJohannes Berg 	 * both of which are reasonably short so we don't need to
5649bb7e0f2SJohannes Berg 	 * worry about them here for the allocation.
5659bb7e0f2SJohannes Berg 	 */
5669bb7e0f2SJohannes Berg 	msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
5679bb7e0f2SJohannes Berg 	if (!msg)
5689bb7e0f2SJohannes Berg 		return;
5699bb7e0f2SJohannes Berg 
5709bb7e0f2SJohannes Berg 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_PEER_MEASUREMENT_RESULT);
5719bb7e0f2SJohannes Berg 	if (!hdr)
5729bb7e0f2SJohannes Berg 		goto free;
5739bb7e0f2SJohannes Berg 
5749bb7e0f2SJohannes Berg 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
5759bb7e0f2SJohannes Berg 	    nla_put_u64_64bit(msg, NL80211_ATTR_WDEV, wdev_id(wdev),
5769bb7e0f2SJohannes Berg 			      NL80211_ATTR_PAD))
5779bb7e0f2SJohannes Berg 		goto free;
5789bb7e0f2SJohannes Berg 
5799bb7e0f2SJohannes Berg 	if (nla_put_u64_64bit(msg, NL80211_ATTR_COOKIE, req->cookie,
5809bb7e0f2SJohannes Berg 			      NL80211_ATTR_PAD))
5819bb7e0f2SJohannes Berg 		goto free;
5829bb7e0f2SJohannes Berg 
5839bb7e0f2SJohannes Berg 	err = nl80211_pmsr_send_result(msg, result);
5849bb7e0f2SJohannes Berg 	if (err) {
5859bb7e0f2SJohannes Berg 		pr_err_ratelimited("peer measurement result: message didn't fit!");
5869bb7e0f2SJohannes Berg 		goto free;
5879bb7e0f2SJohannes Berg 	}
5889bb7e0f2SJohannes Berg 
5899bb7e0f2SJohannes Berg 	genlmsg_end(msg, hdr);
5909bb7e0f2SJohannes Berg 	genlmsg_unicast(wiphy_net(wdev->wiphy), msg, req->nl_portid);
5919bb7e0f2SJohannes Berg 	return;
5929bb7e0f2SJohannes Berg free:
5939bb7e0f2SJohannes Berg 	nlmsg_free(msg);
5949bb7e0f2SJohannes Berg }
5959bb7e0f2SJohannes Berg EXPORT_SYMBOL_GPL(cfg80211_pmsr_report);
5969bb7e0f2SJohannes Berg 
cfg80211_pmsr_process_abort(struct wireless_dev * wdev)59773350424SJohannes Berg static void cfg80211_pmsr_process_abort(struct wireless_dev *wdev)
5989bb7e0f2SJohannes Berg {
5999bb7e0f2SJohannes Berg 	struct cfg80211_registered_device *rdev = wiphy_to_rdev(wdev->wiphy);
6009bb7e0f2SJohannes Berg 	struct cfg80211_pmsr_request *req, *tmp;
6019bb7e0f2SJohannes Berg 	LIST_HEAD(free_list);
6029bb7e0f2SJohannes Berg 
60373350424SJohannes Berg 	lockdep_assert_held(&wdev->mtx);
60473350424SJohannes Berg 
6059bb7e0f2SJohannes Berg 	spin_lock_bh(&wdev->pmsr_lock);
6069bb7e0f2SJohannes Berg 	list_for_each_entry_safe(req, tmp, &wdev->pmsr_list, list) {
6079bb7e0f2SJohannes Berg 		if (req->nl_portid)
6089bb7e0f2SJohannes Berg 			continue;
6099bb7e0f2SJohannes Berg 		list_move_tail(&req->list, &free_list);
6109bb7e0f2SJohannes Berg 	}
6119bb7e0f2SJohannes Berg 	spin_unlock_bh(&wdev->pmsr_lock);
6129bb7e0f2SJohannes Berg 
6139bb7e0f2SJohannes Berg 	list_for_each_entry_safe(req, tmp, &free_list, list) {
6149bb7e0f2SJohannes Berg 		rdev_abort_pmsr(rdev, wdev, req);
6159bb7e0f2SJohannes Berg 
6169bb7e0f2SJohannes Berg 		kfree(req);
6179bb7e0f2SJohannes Berg 	}
6189bb7e0f2SJohannes Berg }
6199bb7e0f2SJohannes Berg 
cfg80211_pmsr_free_wk(struct work_struct * work)62073350424SJohannes Berg void cfg80211_pmsr_free_wk(struct work_struct *work)
62173350424SJohannes Berg {
62273350424SJohannes Berg 	struct wireless_dev *wdev = container_of(work, struct wireless_dev,
62373350424SJohannes Berg 						 pmsr_free_wk);
62473350424SJohannes Berg 
6250dcb84edSJohannes Berg 	wiphy_lock(wdev->wiphy);
62673350424SJohannes Berg 	wdev_lock(wdev);
62773350424SJohannes Berg 	cfg80211_pmsr_process_abort(wdev);
62873350424SJohannes Berg 	wdev_unlock(wdev);
6290dcb84edSJohannes Berg 	wiphy_unlock(wdev->wiphy);
63073350424SJohannes Berg }
63173350424SJohannes Berg 
cfg80211_pmsr_wdev_down(struct wireless_dev * wdev)6329bb7e0f2SJohannes Berg void cfg80211_pmsr_wdev_down(struct wireless_dev *wdev)
6339bb7e0f2SJohannes Berg {
6349bb7e0f2SJohannes Berg 	struct cfg80211_pmsr_request *req;
6359bb7e0f2SJohannes Berg 	bool found = false;
6369bb7e0f2SJohannes Berg 
6379bb7e0f2SJohannes Berg 	spin_lock_bh(&wdev->pmsr_lock);
6389bb7e0f2SJohannes Berg 	list_for_each_entry(req, &wdev->pmsr_list, list) {
6399bb7e0f2SJohannes Berg 		found = true;
6409bb7e0f2SJohannes Berg 		req->nl_portid = 0;
6419bb7e0f2SJohannes Berg 	}
6429bb7e0f2SJohannes Berg 	spin_unlock_bh(&wdev->pmsr_lock);
6439bb7e0f2SJohannes Berg 
6449bb7e0f2SJohannes Berg 	if (found)
64573350424SJohannes Berg 		cfg80211_pmsr_process_abort(wdev);
64673350424SJohannes Berg 
6479bb7e0f2SJohannes Berg 	WARN_ON(!list_empty(&wdev->pmsr_list));
6489bb7e0f2SJohannes Berg }
6499bb7e0f2SJohannes Berg 
cfg80211_release_pmsr(struct wireless_dev * wdev,u32 portid)6509bb7e0f2SJohannes Berg void cfg80211_release_pmsr(struct wireless_dev *wdev, u32 portid)
6519bb7e0f2SJohannes Berg {
6529bb7e0f2SJohannes Berg 	struct cfg80211_pmsr_request *req;
6539bb7e0f2SJohannes Berg 
6549bb7e0f2SJohannes Berg 	spin_lock_bh(&wdev->pmsr_lock);
6559bb7e0f2SJohannes Berg 	list_for_each_entry(req, &wdev->pmsr_list, list) {
6569bb7e0f2SJohannes Berg 		if (req->nl_portid == portid) {
6579bb7e0f2SJohannes Berg 			req->nl_portid = 0;
6589bb7e0f2SJohannes Berg 			schedule_work(&wdev->pmsr_free_wk);
6599bb7e0f2SJohannes Berg 		}
6609bb7e0f2SJohannes Berg 	}
6619bb7e0f2SJohannes Berg 	spin_unlock_bh(&wdev->pmsr_lock);
6629bb7e0f2SJohannes Berg }
663