1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * mac80211 configuration hooks for cfg80211
4
 *
5
 * Copyright 2006-2010	Johannes Berg <[email protected]>
6
 * Copyright 2013-2015  Intel Mobile Communications GmbH
7
 * Copyright (C) 2015-2017 Intel Deutschland GmbH
8
 * Copyright (C) 2018-2025 Intel Corporation
9
 */
10

11
#include <linux/ieee80211.h>
12
#include <linux/nl80211.h>
13
#include <linux/rtnetlink.h>
14
#include <linux/slab.h>
15
#include <net/net_namespace.h>
16
#include <linux/rcupdate.h>
17
#include <linux/fips.h>
18
#include <linux/if_ether.h>
19
#include <net/cfg80211.h>
20
#include "ieee80211_i.h"
21
#include "driver-ops.h"
22
#include "rate.h"
23
#include "mesh.h"
24
#include "wme.h"
25

26
static struct ieee80211_link_data *
27
ieee80211_link_or_deflink(struct ieee80211_sub_if_data *sdata, int link_id,
28
			  bool require_valid)
29
{
30
	struct ieee80211_link_data *link;
31

32
	if (link_id < 0) {
33
		/*
34
		 * For keys, if sdata is not an MLD, we might not use
35
		 * the return value at all (if it's not a pairwise key),
36
		 * so in that case (require_valid==false) don't error.
37
		 */
38
		if (require_valid && ieee80211_vif_is_mld(&sdata->vif))
39
			return ERR_PTR(-EINVAL);
40

41
		return &sdata->deflink;
42
	}
43

44
	link = sdata_dereference(sdata->link[link_id], sdata);
45
	if (!link)
46
		return ERR_PTR(-ENOLINK);
47
	return link;
48
}
49

50
static void ieee80211_set_mu_mimo_follow(struct ieee80211_sub_if_data *sdata,
51
					 struct vif_params *params)
52
{
53
	bool mu_mimo_groups = false;
54
	bool mu_mimo_follow = false;
55

56
	if (params->vht_mumimo_groups) {
57
		u64 membership;
58

59
		BUILD_BUG_ON(sizeof(membership) != WLAN_MEMBERSHIP_LEN);
60

61
		memcpy(sdata->vif.bss_conf.mu_group.membership,
62
		       params->vht_mumimo_groups, WLAN_MEMBERSHIP_LEN);
63
		memcpy(sdata->vif.bss_conf.mu_group.position,
64
		       params->vht_mumimo_groups + WLAN_MEMBERSHIP_LEN,
65
		       WLAN_USER_POSITION_LEN);
66
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
67
						  BSS_CHANGED_MU_GROUPS);
68
		/* don't care about endianness - just check for 0 */
69
		memcpy(&membership, params->vht_mumimo_groups,
70
		       WLAN_MEMBERSHIP_LEN);
71
		mu_mimo_groups = membership != 0;
72
	}
73

74
	if (params->vht_mumimo_follow_addr) {
75
		mu_mimo_follow =
76
			is_valid_ether_addr(params->vht_mumimo_follow_addr);
77
		ether_addr_copy(sdata->u.mntr.mu_follow_addr,
78
				params->vht_mumimo_follow_addr);
79
	}
80

81
	sdata->vif.bss_conf.mu_mimo_owner = mu_mimo_groups || mu_mimo_follow;
82
}
83

84
static int ieee80211_set_mon_options(struct ieee80211_sub_if_data *sdata,
85
				     struct vif_params *params)
86
{
87
	struct ieee80211_local *local = sdata->local;
88
	struct ieee80211_sub_if_data *monitor_sdata;
89

90
	/* check flags first */
91
	if (params->flags && ieee80211_sdata_running(sdata)) {
92
		u32 mask = MONITOR_FLAG_ACTIVE;
93

94
		/*
95
		 * Prohibit MONITOR_FLAG_ACTIVE to be changed
96
		 * while the interface is up.
97
		 * Else we would need to add a lot of cruft
98
		 * to update everything:
99
		 *	monitor and all fif_* counters
100
		 *	reconfigure hardware
101
		 */
102
		if ((params->flags & mask) != (sdata->u.mntr.flags & mask))
103
			return -EBUSY;
104
	}
105

106
	/* also validate MU-MIMO change */
107
	if (ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
108
		monitor_sdata = sdata;
109
	else
110
		monitor_sdata = wiphy_dereference(local->hw.wiphy,
111
						  local->monitor_sdata);
112

113
	if (!monitor_sdata &&
114
	    (params->vht_mumimo_groups || params->vht_mumimo_follow_addr))
115
		return -EOPNOTSUPP;
116

117
	/* apply all changes now - no failures allowed */
118

119
	if (monitor_sdata &&
120
		(ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) ||
121
		 ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)))
122
		ieee80211_set_mu_mimo_follow(monitor_sdata, params);
123

124
	if (params->flags) {
125
		if (ieee80211_sdata_running(sdata)) {
126
			ieee80211_adjust_monitor_flags(sdata, -1);
127
			sdata->u.mntr.flags = params->flags;
128
			ieee80211_adjust_monitor_flags(sdata, 1);
129

130
			ieee80211_configure_filter(local);
131
		} else {
132
			/*
133
			 * Because the interface is down, ieee80211_do_stop
134
			 * and ieee80211_do_open take care of "everything"
135
			 * mentioned in the comment above.
136
			 */
137
			sdata->u.mntr.flags = params->flags;
138
		}
139
	}
140

141
	return 0;
142
}
143

144
static int ieee80211_set_ap_mbssid_options(struct ieee80211_sub_if_data *sdata,
145
					   struct cfg80211_mbssid_config *params,
146
					   struct ieee80211_bss_conf *link_conf)
147
{
148
	struct ieee80211_sub_if_data *tx_sdata;
149
	struct ieee80211_bss_conf *old;
150

151
	link_conf->bssid_index = 0;
152
	link_conf->nontransmitted = false;
153
	link_conf->ema_ap = false;
154
	link_conf->bssid_indicator = 0;
155

156
	if (sdata->vif.type != NL80211_IFTYPE_AP || !params->tx_wdev)
157
		return -EINVAL;
158

159
	old = sdata_dereference(link_conf->tx_bss_conf, sdata);
160
	if (old)
161
		return -EALREADY;
162

163
	tx_sdata = IEEE80211_WDEV_TO_SUB_IF(params->tx_wdev);
164
	if (!tx_sdata)
165
		return -EINVAL;
166

167
	if (tx_sdata == sdata) {
168
		rcu_assign_pointer(link_conf->tx_bss_conf, link_conf);
169
	} else {
170
		struct ieee80211_bss_conf *tx_bss_conf;
171

172
		tx_bss_conf = sdata_dereference(tx_sdata->vif.link_conf[params->tx_link_id],
173
						sdata);
174
		if (rcu_access_pointer(tx_bss_conf->tx_bss_conf) != tx_bss_conf)
175
			return -EINVAL;
176

177
		rcu_assign_pointer(link_conf->tx_bss_conf, tx_bss_conf);
178

179
		link_conf->nontransmitted = true;
180
		link_conf->bssid_index = params->index;
181
		link_conf->bssid_indicator = tx_bss_conf->bssid_indicator;
182
	}
183
	if (params->ema)
184
		link_conf->ema_ap = true;
185

186
	return 0;
187
}
188

189
static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy,
190
						const char *name,
191
						unsigned char name_assign_type,
192
						enum nl80211_iftype type,
193
						struct vif_params *params)
194
{
195
	struct ieee80211_local *local = wiphy_priv(wiphy);
196
	struct wireless_dev *wdev;
197
	struct ieee80211_sub_if_data *sdata;
198
	int err;
199

200
	err = ieee80211_if_add(local, name, name_assign_type, &wdev, type, params);
201
	if (err)
202
		return ERR_PTR(err);
203

204
	sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
205

206
	if (type == NL80211_IFTYPE_MONITOR) {
207
		err = ieee80211_set_mon_options(sdata, params);
208
		if (err) {
209
			ieee80211_if_remove(sdata);
210
			return NULL;
211
		}
212
	}
213

214
	/* Let the driver know that an interface is going to be added.
215
	 * Indicate so only for interface types that will be added to the
216
	 * driver.
217
	 */
218
	switch (type) {
219
	case NL80211_IFTYPE_AP_VLAN:
220
		break;
221
	case NL80211_IFTYPE_MONITOR:
222
		if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) ||
223
		    !(params->flags & MONITOR_FLAG_ACTIVE))
224
			break;
225
		fallthrough;
226
	default:
227
		drv_prep_add_interface(local,
228
				       ieee80211_vif_type_p2p(&sdata->vif));
229
		break;
230
	}
231

232
	return wdev;
233
}
234

235
static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
236
{
237
	ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
238

239
	return 0;
240
}
241

242
static int ieee80211_change_iface(struct wiphy *wiphy,
243
				  struct net_device *dev,
244
				  enum nl80211_iftype type,
245
				  struct vif_params *params)
246
{
247
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
248
	struct ieee80211_local *local = sdata->local;
249
	struct sta_info *sta;
250
	int ret;
251

252
	lockdep_assert_wiphy(local->hw.wiphy);
253

254
	ret = ieee80211_if_change_type(sdata, type);
255
	if (ret)
256
		return ret;
257

258
	if (type == NL80211_IFTYPE_AP_VLAN && params->use_4addr == 0) {
259
		RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
260
		ieee80211_check_fast_rx_iface(sdata);
261
	} else if (type == NL80211_IFTYPE_STATION && params->use_4addr >= 0) {
262
		struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
263

264
		if (params->use_4addr == ifmgd->use_4addr)
265
			return 0;
266

267
		/* FIXME: no support for 4-addr MLO yet */
268
		if (ieee80211_vif_is_mld(&sdata->vif))
269
			return -EOPNOTSUPP;
270

271
		sdata->u.mgd.use_4addr = params->use_4addr;
272
		if (!ifmgd->associated)
273
			return 0;
274

275
		sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
276
		if (sta)
277
			drv_sta_set_4addr(local, sdata, &sta->sta,
278
					  params->use_4addr);
279

280
		if (params->use_4addr)
281
			ieee80211_send_4addr_nullfunc(local, sdata);
282
	}
283

284
	if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
285
		ret = ieee80211_set_mon_options(sdata, params);
286
		if (ret)
287
			return ret;
288
	}
289

290
	return 0;
291
}
292

293
static int ieee80211_start_p2p_device(struct wiphy *wiphy,
294
				      struct wireless_dev *wdev)
295
{
296
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
297
	int ret;
298

299
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
300

301
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
302
	if (ret < 0)
303
		return ret;
304

305
	return ieee80211_do_open(wdev, true);
306
}
307

308
static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
309
				      struct wireless_dev *wdev)
310
{
311
	ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
312
}
313

314
static int ieee80211_start_nan(struct wiphy *wiphy,
315
			       struct wireless_dev *wdev,
316
			       struct cfg80211_nan_conf *conf)
317
{
318
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
319
	int ret;
320

321
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
322

323
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
324
	if (ret < 0)
325
		return ret;
326

327
	ret = ieee80211_do_open(wdev, true);
328
	if (ret)
329
		return ret;
330

331
	ret = drv_start_nan(sdata->local, sdata, conf);
332
	if (ret)
333
		ieee80211_sdata_stop(sdata);
334

335
	sdata->u.nan.conf = *conf;
336

337
	return ret;
338
}
339

340
static void ieee80211_stop_nan(struct wiphy *wiphy,
341
			       struct wireless_dev *wdev)
342
{
343
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
344

345
	drv_stop_nan(sdata->local, sdata);
346
	ieee80211_sdata_stop(sdata);
347
}
348

349
static int ieee80211_nan_change_conf(struct wiphy *wiphy,
350
				     struct wireless_dev *wdev,
351
				     struct cfg80211_nan_conf *conf,
352
				     u32 changes)
353
{
354
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
355
	struct cfg80211_nan_conf new_conf;
356
	int ret = 0;
357

358
	if (sdata->vif.type != NL80211_IFTYPE_NAN)
359
		return -EOPNOTSUPP;
360

361
	if (!ieee80211_sdata_running(sdata))
362
		return -ENETDOWN;
363

364
	new_conf = sdata->u.nan.conf;
365

366
	if (changes & CFG80211_NAN_CONF_CHANGED_PREF)
367
		new_conf.master_pref = conf->master_pref;
368

369
	if (changes & CFG80211_NAN_CONF_CHANGED_BANDS)
370
		new_conf.bands = conf->bands;
371

372
	ret = drv_nan_change_conf(sdata->local, sdata, &new_conf, changes);
373
	if (!ret)
374
		sdata->u.nan.conf = new_conf;
375

376
	return ret;
377
}
378

379
static int ieee80211_add_nan_func(struct wiphy *wiphy,
380
				  struct wireless_dev *wdev,
381
				  struct cfg80211_nan_func *nan_func)
382
{
383
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
384
	int ret;
385

386
	if (sdata->vif.type != NL80211_IFTYPE_NAN)
387
		return -EOPNOTSUPP;
388

389
	if (!ieee80211_sdata_running(sdata))
390
		return -ENETDOWN;
391

392
	spin_lock_bh(&sdata->u.nan.func_lock);
393

394
	ret = idr_alloc(&sdata->u.nan.function_inst_ids,
395
			nan_func, 1, sdata->local->hw.max_nan_de_entries + 1,
396
			GFP_ATOMIC);
397
	spin_unlock_bh(&sdata->u.nan.func_lock);
398

399
	if (ret < 0)
400
		return ret;
401

402
	nan_func->instance_id = ret;
403

404
	WARN_ON(nan_func->instance_id == 0);
405

406
	ret = drv_add_nan_func(sdata->local, sdata, nan_func);
407
	if (ret) {
408
		spin_lock_bh(&sdata->u.nan.func_lock);
409
		idr_remove(&sdata->u.nan.function_inst_ids,
410
			   nan_func->instance_id);
411
		spin_unlock_bh(&sdata->u.nan.func_lock);
412
	}
413

414
	return ret;
415
}
416

417
static struct cfg80211_nan_func *
418
ieee80211_find_nan_func_by_cookie(struct ieee80211_sub_if_data *sdata,
419
				  u64 cookie)
420
{
421
	struct cfg80211_nan_func *func;
422
	int id;
423

424
	lockdep_assert_held(&sdata->u.nan.func_lock);
425

426
	idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, id) {
427
		if (func->cookie == cookie)
428
			return func;
429
	}
430

431
	return NULL;
432
}
433

434
static void ieee80211_del_nan_func(struct wiphy *wiphy,
435
				  struct wireless_dev *wdev, u64 cookie)
436
{
437
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
438
	struct cfg80211_nan_func *func;
439
	u8 instance_id = 0;
440

441
	if (sdata->vif.type != NL80211_IFTYPE_NAN ||
442
	    !ieee80211_sdata_running(sdata))
443
		return;
444

445
	spin_lock_bh(&sdata->u.nan.func_lock);
446

447
	func = ieee80211_find_nan_func_by_cookie(sdata, cookie);
448
	if (func)
449
		instance_id = func->instance_id;
450

451
	spin_unlock_bh(&sdata->u.nan.func_lock);
452

453
	if (instance_id)
454
		drv_del_nan_func(sdata->local, sdata, instance_id);
455
}
456

457
static int ieee80211_set_noack_map(struct wiphy *wiphy,
458
				  struct net_device *dev,
459
				  u16 noack_map)
460
{
461
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
462

463
	sdata->noack_map = noack_map;
464

465
	ieee80211_check_fast_xmit_iface(sdata);
466

467
	return 0;
468
}
469

470
static int ieee80211_set_tx(struct ieee80211_sub_if_data *sdata,
471
			    const u8 *mac_addr, u8 key_idx)
472
{
473
	struct ieee80211_local *local = sdata->local;
474
	struct ieee80211_key *key;
475
	struct sta_info *sta;
476
	int ret = -EINVAL;
477

478
	if (!wiphy_ext_feature_isset(local->hw.wiphy,
479
				     NL80211_EXT_FEATURE_EXT_KEY_ID))
480
		return -EINVAL;
481

482
	sta = sta_info_get_bss(sdata, mac_addr);
483

484
	if (!sta)
485
		return -EINVAL;
486

487
	if (sta->ptk_idx == key_idx)
488
		return 0;
489

490
	key = wiphy_dereference(local->hw.wiphy, sta->ptk[key_idx]);
491

492
	if (key && key->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)
493
		ret = ieee80211_set_tx_key(key);
494

495
	return ret;
496
}
497

498
static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
499
			     int link_id, u8 key_idx, bool pairwise,
500
			     const u8 *mac_addr, struct key_params *params)
501
{
502
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
503
	struct ieee80211_link_data *link =
504
		ieee80211_link_or_deflink(sdata, link_id, false);
505
	struct ieee80211_local *local = sdata->local;
506
	struct sta_info *sta = NULL;
507
	struct ieee80211_key *key;
508
	int err;
509

510
	lockdep_assert_wiphy(local->hw.wiphy);
511

512
	if (!ieee80211_sdata_running(sdata))
513
		return -ENETDOWN;
514

515
	if (IS_ERR(link))
516
		return PTR_ERR(link);
517

518
	if (WARN_ON(pairwise && link_id >= 0))
519
		return -EINVAL;
520

521
	if (pairwise && params->mode == NL80211_KEY_SET_TX)
522
		return ieee80211_set_tx(sdata, mac_addr, key_idx);
523

524
	/* reject WEP and TKIP keys if WEP failed to initialize */
525
	switch (params->cipher) {
526
	case WLAN_CIPHER_SUITE_WEP40:
527
	case WLAN_CIPHER_SUITE_TKIP:
528
	case WLAN_CIPHER_SUITE_WEP104:
529
		if (link_id >= 0)
530
			return -EINVAL;
531
		if (WARN_ON_ONCE(fips_enabled))
532
			return -EINVAL;
533
		break;
534
	default:
535
		break;
536
	}
537

538
	key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
539
				  params->key, params->seq_len, params->seq);
540
	if (IS_ERR(key))
541
		return PTR_ERR(key);
542

543
	if (pairwise) {
544
		key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
545
		key->conf.link_id = -1;
546
	} else {
547
		key->conf.link_id = link->link_id;
548
	}
549

550
	if (params->mode == NL80211_KEY_NO_TX)
551
		key->conf.flags |= IEEE80211_KEY_FLAG_NO_AUTO_TX;
552

553
	if (mac_addr) {
554
		sta = sta_info_get_bss(sdata, mac_addr);
555
		/*
556
		 * The ASSOC test makes sure the driver is ready to
557
		 * receive the key. When wpa_supplicant has roamed
558
		 * using FT, it attempts to set the key before
559
		 * association has completed, this rejects that attempt
560
		 * so it will set the key again after association.
561
		 *
562
		 * TODO: accept the key if we have a station entry and
563
		 *       add it to the device after the station.
564
		 */
565
		if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) {
566
			ieee80211_key_free_unused(key);
567
			return -ENOENT;
568
		}
569
	}
570

571
	switch (sdata->vif.type) {
572
	case NL80211_IFTYPE_STATION:
573
		if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
574
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
575
		break;
576
	case NL80211_IFTYPE_AP:
577
	case NL80211_IFTYPE_AP_VLAN:
578
		/* Keys without a station are used for TX only */
579
		if (sta && test_sta_flag(sta, WLAN_STA_MFP))
580
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
581
		break;
582
	case NL80211_IFTYPE_ADHOC:
583
		/* no MFP (yet) */
584
		break;
585
	case NL80211_IFTYPE_MESH_POINT:
586
#ifdef CONFIG_MAC80211_MESH
587
		if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)
588
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
589
		break;
590
#endif
591
	case NL80211_IFTYPE_WDS:
592
	case NL80211_IFTYPE_MONITOR:
593
	case NL80211_IFTYPE_P2P_DEVICE:
594
	case NL80211_IFTYPE_NAN:
595
	case NL80211_IFTYPE_UNSPECIFIED:
596
	case NUM_NL80211_IFTYPES:
597
	case NL80211_IFTYPE_P2P_CLIENT:
598
	case NL80211_IFTYPE_P2P_GO:
599
	case NL80211_IFTYPE_OCB:
600
		/* shouldn't happen */
601
		WARN_ON_ONCE(1);
602
		break;
603
	}
604

605
	err = ieee80211_key_link(key, link, sta);
606
	/* KRACK protection, shouldn't happen but just silently accept key */
607
	if (err == -EALREADY)
608
		err = 0;
609

610
	return err;
611
}
612

613
static struct ieee80211_key *
614
ieee80211_lookup_key(struct ieee80211_sub_if_data *sdata, int link_id,
615
		     u8 key_idx, bool pairwise, const u8 *mac_addr)
616
{
617
	struct ieee80211_local *local __maybe_unused = sdata->local;
618
	struct ieee80211_link_data *link = &sdata->deflink;
619
	struct ieee80211_key *key;
620

621
	if (link_id >= 0) {
622
		link = sdata_dereference(sdata->link[link_id], sdata);
623
		if (!link)
624
			return NULL;
625
	}
626

627
	if (mac_addr) {
628
		struct sta_info *sta;
629
		struct link_sta_info *link_sta;
630

631
		sta = sta_info_get_bss(sdata, mac_addr);
632
		if (!sta)
633
			return NULL;
634

635
		if (link_id >= 0) {
636
			link_sta = rcu_dereference_check(sta->link[link_id],
637
							 lockdep_is_held(&local->hw.wiphy->mtx));
638
			if (!link_sta)
639
				return NULL;
640
		} else {
641
			link_sta = &sta->deflink;
642
		}
643

644
		if (pairwise && key_idx < NUM_DEFAULT_KEYS)
645
			return wiphy_dereference(local->hw.wiphy,
646
						 sta->ptk[key_idx]);
647

648
		if (!pairwise &&
649
		    key_idx < NUM_DEFAULT_KEYS +
650
			      NUM_DEFAULT_MGMT_KEYS +
651
			      NUM_DEFAULT_BEACON_KEYS)
652
			return wiphy_dereference(local->hw.wiphy,
653
						 link_sta->gtk[key_idx]);
654

655
		return NULL;
656
	}
657

658
	if (pairwise && key_idx < NUM_DEFAULT_KEYS)
659
		return wiphy_dereference(local->hw.wiphy, sdata->keys[key_idx]);
660

661
	key = wiphy_dereference(local->hw.wiphy, link->gtk[key_idx]);
662
	if (key)
663
		return key;
664

665
	/* or maybe it was a WEP key */
666
	if (key_idx < NUM_DEFAULT_KEYS)
667
		return wiphy_dereference(local->hw.wiphy, sdata->keys[key_idx]);
668

669
	return NULL;
670
}
671

672
static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
673
			     int link_id, u8 key_idx, bool pairwise,
674
			     const u8 *mac_addr)
675
{
676
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
677
	struct ieee80211_local *local = sdata->local;
678
	struct ieee80211_key *key;
679

680
	lockdep_assert_wiphy(local->hw.wiphy);
681

682
	key = ieee80211_lookup_key(sdata, link_id, key_idx, pairwise, mac_addr);
683
	if (!key)
684
		return -ENOENT;
685

686
	ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION);
687

688
	return 0;
689
}
690

691
static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
692
			     int link_id, u8 key_idx, bool pairwise,
693
			     const u8 *mac_addr, void *cookie,
694
			     void (*callback)(void *cookie,
695
					      struct key_params *params))
696
{
697
	struct ieee80211_sub_if_data *sdata;
698
	u8 seq[6] = {0};
699
	struct key_params params;
700
	struct ieee80211_key *key;
701
	u64 pn64;
702
	u32 iv32;
703
	u16 iv16;
704
	int err = -ENOENT;
705
	struct ieee80211_key_seq kseq = {};
706

707
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
708

709
	rcu_read_lock();
710

711
	key = ieee80211_lookup_key(sdata, link_id, key_idx, pairwise, mac_addr);
712
	if (!key)
713
		goto out;
714

715
	memset(&params, 0, sizeof(params));
716

717
	params.cipher = key->conf.cipher;
718

719
	switch (key->conf.cipher) {
720
	case WLAN_CIPHER_SUITE_TKIP:
721
		pn64 = atomic64_read(&key->conf.tx_pn);
722
		iv32 = TKIP_PN_TO_IV32(pn64);
723
		iv16 = TKIP_PN_TO_IV16(pn64);
724

725
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
726
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
727
			drv_get_key_seq(sdata->local, key, &kseq);
728
			iv32 = kseq.tkip.iv32;
729
			iv16 = kseq.tkip.iv16;
730
		}
731

732
		seq[0] = iv16 & 0xff;
733
		seq[1] = (iv16 >> 8) & 0xff;
734
		seq[2] = iv32 & 0xff;
735
		seq[3] = (iv32 >> 8) & 0xff;
736
		seq[4] = (iv32 >> 16) & 0xff;
737
		seq[5] = (iv32 >> 24) & 0xff;
738
		params.seq = seq;
739
		params.seq_len = 6;
740
		break;
741
	case WLAN_CIPHER_SUITE_CCMP:
742
	case WLAN_CIPHER_SUITE_CCMP_256:
743
	case WLAN_CIPHER_SUITE_AES_CMAC:
744
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
745
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
746
			     offsetof(typeof(kseq), aes_cmac));
747
		fallthrough;
748
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
749
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
750
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
751
			     offsetof(typeof(kseq), aes_gmac));
752
		fallthrough;
753
	case WLAN_CIPHER_SUITE_GCMP:
754
	case WLAN_CIPHER_SUITE_GCMP_256:
755
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
756
			     offsetof(typeof(kseq), gcmp));
757

758
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
759
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
760
			drv_get_key_seq(sdata->local, key, &kseq);
761
			memcpy(seq, kseq.ccmp.pn, 6);
762
		} else {
763
			pn64 = atomic64_read(&key->conf.tx_pn);
764
			seq[0] = pn64;
765
			seq[1] = pn64 >> 8;
766
			seq[2] = pn64 >> 16;
767
			seq[3] = pn64 >> 24;
768
			seq[4] = pn64 >> 32;
769
			seq[5] = pn64 >> 40;
770
		}
771
		params.seq = seq;
772
		params.seq_len = 6;
773
		break;
774
	default:
775
		if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
776
			break;
777
		if (WARN_ON(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
778
			break;
779
		drv_get_key_seq(sdata->local, key, &kseq);
780
		params.seq = kseq.hw.seq;
781
		params.seq_len = kseq.hw.seq_len;
782
		break;
783
	}
784

785
	callback(cookie, &params);
786
	err = 0;
787

788
 out:
789
	rcu_read_unlock();
790
	return err;
791
}
792

793
static int ieee80211_config_default_key(struct wiphy *wiphy,
794
					struct net_device *dev,
795
					int link_id, u8 key_idx, bool uni,
796
					bool multi)
797
{
798
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
799
	struct ieee80211_link_data *link =
800
		ieee80211_link_or_deflink(sdata, link_id, false);
801

802
	if (IS_ERR(link))
803
		return PTR_ERR(link);
804

805
	ieee80211_set_default_key(link, key_idx, uni, multi);
806

807
	return 0;
808
}
809

810
static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
811
					     struct net_device *dev,
812
					     int link_id, u8 key_idx)
813
{
814
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
815
	struct ieee80211_link_data *link =
816
		ieee80211_link_or_deflink(sdata, link_id, true);
817

818
	if (IS_ERR(link))
819
		return PTR_ERR(link);
820

821
	ieee80211_set_default_mgmt_key(link, key_idx);
822

823
	return 0;
824
}
825

826
static int ieee80211_config_default_beacon_key(struct wiphy *wiphy,
827
					       struct net_device *dev,
828
					       int link_id, u8 key_idx)
829
{
830
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
831
	struct ieee80211_link_data *link =
832
		ieee80211_link_or_deflink(sdata, link_id, true);
833

834
	if (IS_ERR(link))
835
		return PTR_ERR(link);
836

837
	ieee80211_set_default_beacon_key(link, key_idx);
838

839
	return 0;
840
}
841

842
void sta_set_rate_info_tx(struct sta_info *sta,
843
			  const struct ieee80211_tx_rate *rate,
844
			  struct rate_info *rinfo)
845
{
846
	rinfo->flags = 0;
847
	if (rate->flags & IEEE80211_TX_RC_MCS) {
848
		rinfo->flags |= RATE_INFO_FLAGS_MCS;
849
		rinfo->mcs = rate->idx;
850
	} else if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
851
		rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
852
		rinfo->mcs = ieee80211_rate_get_vht_mcs(rate);
853
		rinfo->nss = ieee80211_rate_get_vht_nss(rate);
854
	} else {
855
		struct ieee80211_supported_band *sband;
856

857
		sband = ieee80211_get_sband(sta->sdata);
858
		WARN_ON_ONCE(sband && !sband->bitrates);
859
		if (sband && sband->bitrates)
860
			rinfo->legacy = sband->bitrates[rate->idx].bitrate;
861
	}
862
	if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
863
		rinfo->bw = RATE_INFO_BW_40;
864
	else if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
865
		rinfo->bw = RATE_INFO_BW_80;
866
	else if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
867
		rinfo->bw = RATE_INFO_BW_160;
868
	else
869
		rinfo->bw = RATE_INFO_BW_20;
870
	if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
871
		rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
872
}
873

874
static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
875
				  int idx, u8 *mac, struct station_info *sinfo)
876
{
877
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
878
	struct ieee80211_local *local = sdata->local;
879
	struct sta_info *sta;
880
	int ret = -ENOENT;
881

882
	lockdep_assert_wiphy(local->hw.wiphy);
883

884
	sta = sta_info_get_by_idx(sdata, idx);
885
	if (sta) {
886
		ret = 0;
887
		memcpy(mac, sta->sta.addr, ETH_ALEN);
888
		sta_set_sinfo(sta, sinfo, true);
889

890
		/* Add accumulated removed link data to sinfo data for
891
		 * consistency for MLO
892
		 */
893
		if (sinfo->valid_links)
894
			sta_set_accumulated_removed_links_sinfo(sta, sinfo);
895

896
	}
897

898
	return ret;
899
}
900

901
static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
902
				 int idx, struct survey_info *survey)
903
{
904
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
905

906
	return drv_get_survey(local, idx, survey);
907
}
908

909
static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
910
				 const u8 *mac, struct station_info *sinfo)
911
{
912
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
913
	struct ieee80211_local *local = sdata->local;
914
	struct sta_info *sta;
915
	int ret = -ENOENT;
916

917
	lockdep_assert_wiphy(local->hw.wiphy);
918

919
	sta = sta_info_get_bss(sdata, mac);
920
	if (sta) {
921
		ret = 0;
922
		sta_set_sinfo(sta, sinfo, true);
923

924
		/* Add accumulated removed link data to sinfo data for
925
		 * consistency for MLO
926
		 */
927
		if (sinfo->valid_links)
928
			sta_set_accumulated_removed_links_sinfo(sta, sinfo);
929
	}
930

931
	return ret;
932
}
933

934
static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
935
					 struct net_device *dev,
936
					 struct cfg80211_chan_def *chandef)
937
{
938
	struct ieee80211_local *local = wiphy_priv(wiphy);
939
	struct ieee80211_sub_if_data *sdata;
940
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
941
	int ret;
942

943
	lockdep_assert_wiphy(local->hw.wiphy);
944

945
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
946
	if (!ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
947
		if (cfg80211_chandef_identical(&local->monitor_chanreq.oper,
948
					       &chanreq.oper))
949
			return 0;
950

951
		sdata = wiphy_dereference(wiphy, local->monitor_sdata);
952
		if (!sdata)
953
			goto done;
954
	}
955

956
	if (rcu_access_pointer(sdata->deflink.conf->chanctx_conf) &&
957
	    cfg80211_chandef_identical(&sdata->vif.bss_conf.chanreq.oper,
958
				       &chanreq.oper))
959
		return 0;
960

961
	ieee80211_link_release_channel(&sdata->deflink);
962
	ret = ieee80211_link_use_channel(&sdata->deflink, &chanreq,
963
					 IEEE80211_CHANCTX_SHARED);
964
	if (ret)
965
		return ret;
966
done:
967
	local->monitor_chanreq = chanreq;
968
	return 0;
969
}
970

971
static int
972
ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
973
			 const u8 *resp, size_t resp_len,
974
			 const struct ieee80211_csa_settings *csa,
975
			 const struct ieee80211_color_change_settings *cca,
976
			 struct ieee80211_link_data *link)
977
{
978
	struct probe_resp *new, *old;
979

980
	if (!resp || !resp_len)
981
		return 1;
982

983
	old = sdata_dereference(link->u.ap.probe_resp, sdata);
984

985
	new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
986
	if (!new)
987
		return -ENOMEM;
988

989
	new->len = resp_len;
990
	memcpy(new->data, resp, resp_len);
991

992
	if (csa)
993
		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_presp,
994
		       csa->n_counter_offsets_presp *
995
		       sizeof(new->cntdwn_counter_offsets[0]));
996
	else if (cca)
997
		new->cntdwn_counter_offsets[0] = cca->counter_offset_presp;
998

999
	rcu_assign_pointer(link->u.ap.probe_resp, new);
1000
	if (old)
1001
		kfree_rcu(old, rcu_head);
1002

1003
	return 0;
1004
}
1005

1006
static int ieee80211_set_fils_discovery(struct ieee80211_sub_if_data *sdata,
1007
					struct cfg80211_fils_discovery *params,
1008
					struct ieee80211_link_data *link,
1009
					struct ieee80211_bss_conf *link_conf,
1010
					u64 *changed)
1011
{
1012
	struct fils_discovery_data *new, *old = NULL;
1013
	struct ieee80211_fils_discovery *fd;
1014

1015
	if (!params->update)
1016
		return 0;
1017

1018
	fd = &link_conf->fils_discovery;
1019
	fd->min_interval = params->min_interval;
1020
	fd->max_interval = params->max_interval;
1021

1022
	old = sdata_dereference(link->u.ap.fils_discovery, sdata);
1023
	if (old)
1024
		kfree_rcu(old, rcu_head);
1025

1026
	if (params->tmpl && params->tmpl_len) {
1027
		new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
1028
		if (!new)
1029
			return -ENOMEM;
1030
		new->len = params->tmpl_len;
1031
		memcpy(new->data, params->tmpl, params->tmpl_len);
1032
		rcu_assign_pointer(link->u.ap.fils_discovery, new);
1033
	} else {
1034
		RCU_INIT_POINTER(link->u.ap.fils_discovery, NULL);
1035
	}
1036

1037
	*changed |= BSS_CHANGED_FILS_DISCOVERY;
1038
	return 0;
1039
}
1040

1041
static int
1042
ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
1043
				     struct cfg80211_unsol_bcast_probe_resp *params,
1044
				     struct ieee80211_link_data *link,
1045
				     struct ieee80211_bss_conf *link_conf,
1046
				     u64 *changed)
1047
{
1048
	struct unsol_bcast_probe_resp_data *new, *old = NULL;
1049

1050
	if (!params->update)
1051
		return 0;
1052

1053
	link_conf->unsol_bcast_probe_resp_interval = params->interval;
1054

1055
	old = sdata_dereference(link->u.ap.unsol_bcast_probe_resp, sdata);
1056
	if (old)
1057
		kfree_rcu(old, rcu_head);
1058

1059
	if (params->tmpl && params->tmpl_len) {
1060
		new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
1061
		if (!new)
1062
			return -ENOMEM;
1063
		new->len = params->tmpl_len;
1064
		memcpy(new->data, params->tmpl, params->tmpl_len);
1065
		rcu_assign_pointer(link->u.ap.unsol_bcast_probe_resp, new);
1066
	} else {
1067
		RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
1068
	}
1069

1070
	*changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
1071
	return 0;
1072
}
1073

1074
static int
1075
ieee80211_set_s1g_short_beacon(struct ieee80211_sub_if_data *sdata,
1076
			       struct ieee80211_link_data *link,
1077
			       struct cfg80211_s1g_short_beacon *params)
1078
{
1079
	struct s1g_short_beacon_data *new;
1080
	struct s1g_short_beacon_data *old =
1081
		sdata_dereference(link->u.ap.s1g_short_beacon, sdata);
1082
	size_t new_len =
1083
		sizeof(*new) + params->short_head_len + params->short_tail_len;
1084

1085
	if (!params->update)
1086
		return 0;
1087

1088
	if (!params->short_head)
1089
		return -EINVAL;
1090

1091
	new = kzalloc(new_len, GFP_KERNEL);
1092
	if (!new)
1093
		return -ENOMEM;
1094

1095
	/* Memory layout: | struct | head | tail | */
1096
	new->short_head = (u8 *)new + sizeof(*new);
1097
	new->short_head_len = params->short_head_len;
1098
	memcpy(new->short_head, params->short_head, params->short_head_len);
1099

1100
	if (params->short_tail) {
1101
		new->short_tail = new->short_head + params->short_head_len;
1102
		new->short_tail_len = params->short_tail_len;
1103
		memcpy(new->short_tail, params->short_tail,
1104
		       params->short_tail_len);
1105
	}
1106

1107
	rcu_assign_pointer(link->u.ap.s1g_short_beacon, new);
1108

1109
	if (old)
1110
		kfree_rcu(old, rcu_head);
1111

1112
	return 0;
1113
}
1114

1115
static int ieee80211_set_ftm_responder_params(
1116
				struct ieee80211_sub_if_data *sdata,
1117
				const u8 *lci, size_t lci_len,
1118
				const u8 *civicloc, size_t civicloc_len,
1119
				struct ieee80211_bss_conf *link_conf)
1120
{
1121
	struct ieee80211_ftm_responder_params *new, *old;
1122
	u8 *pos;
1123
	int len;
1124

1125
	if (!lci_len && !civicloc_len)
1126
		return 0;
1127

1128
	old = link_conf->ftmr_params;
1129
	len = lci_len + civicloc_len;
1130

1131
	new = kzalloc(sizeof(*new) + len, GFP_KERNEL);
1132
	if (!new)
1133
		return -ENOMEM;
1134

1135
	pos = (u8 *)(new + 1);
1136
	if (lci_len) {
1137
		new->lci_len = lci_len;
1138
		new->lci = pos;
1139
		memcpy(pos, lci, lci_len);
1140
		pos += lci_len;
1141
	}
1142

1143
	if (civicloc_len) {
1144
		new->civicloc_len = civicloc_len;
1145
		new->civicloc = pos;
1146
		memcpy(pos, civicloc, civicloc_len);
1147
		pos += civicloc_len;
1148
	}
1149

1150
	link_conf->ftmr_params = new;
1151
	kfree(old);
1152

1153
	return 0;
1154
}
1155

1156
static int
1157
ieee80211_copy_mbssid_beacon(u8 *pos, struct cfg80211_mbssid_elems *dst,
1158
			     struct cfg80211_mbssid_elems *src)
1159
{
1160
	int i, offset = 0;
1161

1162
	dst->cnt = src->cnt;
1163
	for (i = 0; i < src->cnt; i++) {
1164
		memcpy(pos + offset, src->elem[i].data, src->elem[i].len);
1165
		dst->elem[i].len = src->elem[i].len;
1166
		dst->elem[i].data = pos + offset;
1167
		offset += dst->elem[i].len;
1168
	}
1169

1170
	return offset;
1171
}
1172

1173
static int
1174
ieee80211_copy_rnr_beacon(u8 *pos, struct cfg80211_rnr_elems *dst,
1175
			  struct cfg80211_rnr_elems *src)
1176
{
1177
	int i, offset = 0;
1178

1179
	dst->cnt = src->cnt;
1180
	for (i = 0; i < src->cnt; i++) {
1181
		memcpy(pos + offset, src->elem[i].data, src->elem[i].len);
1182
		dst->elem[i].len = src->elem[i].len;
1183
		dst->elem[i].data = pos + offset;
1184
		offset += dst->elem[i].len;
1185
	}
1186

1187
	return offset;
1188
}
1189

1190
static int
1191
ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
1192
			struct ieee80211_link_data *link,
1193
			struct cfg80211_beacon_data *params,
1194
			const struct ieee80211_csa_settings *csa,
1195
			const struct ieee80211_color_change_settings *cca,
1196
			u64 *changed)
1197
{
1198
	struct cfg80211_mbssid_elems *mbssid = NULL;
1199
	struct cfg80211_rnr_elems *rnr = NULL;
1200
	struct beacon_data *new, *old;
1201
	int new_head_len, new_tail_len;
1202
	int size, err;
1203
	u64 _changed = BSS_CHANGED_BEACON;
1204
	struct ieee80211_bss_conf *link_conf = link->conf;
1205

1206
	old = sdata_dereference(link->u.ap.beacon, sdata);
1207

1208
	/* Need to have a beacon head if we don't have one yet */
1209
	if (!params->head && !old)
1210
		return -EINVAL;
1211

1212
	/* new or old head? */
1213
	if (params->head)
1214
		new_head_len = params->head_len;
1215
	else
1216
		new_head_len = old->head_len;
1217

1218
	/* new or old tail? */
1219
	if (params->tail || !old)
1220
		/* params->tail_len will be zero for !params->tail */
1221
		new_tail_len = params->tail_len;
1222
	else
1223
		new_tail_len = old->tail_len;
1224

1225
	size = sizeof(*new) + new_head_len + new_tail_len;
1226

1227
	/* new or old multiple BSSID elements? */
1228
	if (params->mbssid_ies) {
1229
		mbssid = params->mbssid_ies;
1230
		size += struct_size(new->mbssid_ies, elem, mbssid->cnt);
1231
		if (params->rnr_ies) {
1232
			rnr = params->rnr_ies;
1233
			size += struct_size(new->rnr_ies, elem, rnr->cnt);
1234
		}
1235
		size += ieee80211_get_mbssid_beacon_len(mbssid, rnr,
1236
							mbssid->cnt);
1237
	} else if (old && old->mbssid_ies) {
1238
		mbssid = old->mbssid_ies;
1239
		size += struct_size(new->mbssid_ies, elem, mbssid->cnt);
1240
		if (old && old->rnr_ies) {
1241
			rnr = old->rnr_ies;
1242
			size += struct_size(new->rnr_ies, elem, rnr->cnt);
1243
		}
1244
		size += ieee80211_get_mbssid_beacon_len(mbssid, rnr,
1245
							mbssid->cnt);
1246
	}
1247

1248
	new = kzalloc(size, GFP_KERNEL);
1249
	if (!new)
1250
		return -ENOMEM;
1251

1252
	/* start filling the new info now */
1253

1254
	/*
1255
	 * pointers go into the block we allocated,
1256
	 * memory is | beacon_data | head | tail | mbssid_ies | rnr_ies
1257
	 */
1258
	new->head = ((u8 *) new) + sizeof(*new);
1259
	new->tail = new->head + new_head_len;
1260
	new->head_len = new_head_len;
1261
	new->tail_len = new_tail_len;
1262
	/* copy in optional mbssid_ies */
1263
	if (mbssid) {
1264
		u8 *pos = new->tail + new->tail_len;
1265

1266
		new->mbssid_ies = (void *)pos;
1267
		pos += struct_size(new->mbssid_ies, elem, mbssid->cnt);
1268
		pos += ieee80211_copy_mbssid_beacon(pos, new->mbssid_ies,
1269
						    mbssid);
1270
		if (rnr) {
1271
			new->rnr_ies = (void *)pos;
1272
			pos += struct_size(new->rnr_ies, elem, rnr->cnt);
1273
			ieee80211_copy_rnr_beacon(pos, new->rnr_ies, rnr);
1274
		}
1275
		/* update bssid_indicator */
1276
		if (new->mbssid_ies->cnt && new->mbssid_ies->elem[0].len > 2)
1277
			link_conf->bssid_indicator =
1278
					*(new->mbssid_ies->elem[0].data + 2);
1279
		else
1280
			link_conf->bssid_indicator = 0;
1281
	}
1282

1283
	if (csa) {
1284
		new->cntdwn_current_counter = csa->count;
1285
		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_beacon,
1286
		       csa->n_counter_offsets_beacon *
1287
		       sizeof(new->cntdwn_counter_offsets[0]));
1288
	} else if (cca) {
1289
		new->cntdwn_current_counter = cca->count;
1290
		new->cntdwn_counter_offsets[0] = cca->counter_offset_beacon;
1291
	}
1292

1293
	/* copy in head */
1294
	if (params->head)
1295
		memcpy(new->head, params->head, new_head_len);
1296
	else
1297
		memcpy(new->head, old->head, new_head_len);
1298

1299
	/* copy in optional tail */
1300
	if (params->tail)
1301
		memcpy(new->tail, params->tail, new_tail_len);
1302
	else
1303
		if (old)
1304
			memcpy(new->tail, old->tail, new_tail_len);
1305

1306
	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
1307
				       params->probe_resp_len, csa, cca, link);
1308
	if (err < 0) {
1309
		kfree(new);
1310
		return err;
1311
	}
1312
	if (err == 0)
1313
		_changed |= BSS_CHANGED_AP_PROBE_RESP;
1314

1315
	if (params->ftm_responder != -1) {
1316
		link_conf->ftm_responder = params->ftm_responder;
1317
		err = ieee80211_set_ftm_responder_params(sdata,
1318
							 params->lci,
1319
							 params->lci_len,
1320
							 params->civicloc,
1321
							 params->civicloc_len,
1322
							 link_conf);
1323

1324
		if (err < 0) {
1325
			kfree(new);
1326
			return err;
1327
		}
1328

1329
		_changed |= BSS_CHANGED_FTM_RESPONDER;
1330
	}
1331

1332
	rcu_assign_pointer(link->u.ap.beacon, new);
1333
	sdata->u.ap.active = true;
1334

1335
	if (old)
1336
		kfree_rcu(old, rcu_head);
1337

1338
	*changed |= _changed;
1339
	return 0;
1340
}
1341

1342
static u8 ieee80211_num_beaconing_links(struct ieee80211_sub_if_data *sdata)
1343
{
1344
	struct ieee80211_link_data *link;
1345
	u8 link_id, num = 0;
1346

1347
	if (sdata->vif.type != NL80211_IFTYPE_AP &&
1348
	    sdata->vif.type != NL80211_IFTYPE_P2P_GO)
1349
		return num;
1350

1351
	/* non-MLO mode of operation also uses link_id 0 in sdata so it is
1352
	 * safe to directly proceed with the below loop
1353
	 */
1354
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1355
		link = sdata_dereference(sdata->link[link_id], sdata);
1356
		if (!link)
1357
			continue;
1358

1359
		if (sdata_dereference(link->u.ap.beacon, sdata))
1360
			num++;
1361
	}
1362

1363
	return num;
1364
}
1365

1366
static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
1367
			      struct cfg80211_ap_settings *params)
1368
{
1369
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1370
	struct ieee80211_local *local = sdata->local;
1371
	struct beacon_data *old;
1372
	struct ieee80211_sub_if_data *vlan;
1373
	u64 changed = BSS_CHANGED_BEACON_INT |
1374
		      BSS_CHANGED_BEACON_ENABLED |
1375
		      BSS_CHANGED_BEACON |
1376
		      BSS_CHANGED_P2P_PS |
1377
		      BSS_CHANGED_TXPOWER |
1378
		      BSS_CHANGED_TWT;
1379
	int i, err;
1380
	int prev_beacon_int;
1381
	unsigned int link_id = params->beacon.link_id;
1382
	struct ieee80211_link_data *link;
1383
	struct ieee80211_bss_conf *link_conf;
1384
	struct ieee80211_chan_req chanreq = { .oper = params->chandef };
1385
	u64 tsf;
1386

1387
	lockdep_assert_wiphy(local->hw.wiphy);
1388

1389
	link = sdata_dereference(sdata->link[link_id], sdata);
1390
	if (!link)
1391
		return -ENOLINK;
1392

1393
	link_conf = link->conf;
1394

1395
	old = sdata_dereference(link->u.ap.beacon, sdata);
1396
	if (old)
1397
		return -EALREADY;
1398

1399
	link->smps_mode = IEEE80211_SMPS_OFF;
1400

1401
	link->needed_rx_chains = sdata->local->rx_chains;
1402

1403
	prev_beacon_int = link_conf->beacon_int;
1404
	link_conf->beacon_int = params->beacon_interval;
1405

1406
	if (params->ht_cap)
1407
		link_conf->ht_ldpc =
1408
			params->ht_cap->cap_info &
1409
				cpu_to_le16(IEEE80211_HT_CAP_LDPC_CODING);
1410

1411
	if (params->vht_cap) {
1412
		link_conf->vht_ldpc =
1413
			params->vht_cap->vht_cap_info &
1414
				cpu_to_le32(IEEE80211_VHT_CAP_RXLDPC);
1415
		link_conf->vht_su_beamformer =
1416
			params->vht_cap->vht_cap_info &
1417
				cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1418
		link_conf->vht_su_beamformee =
1419
			params->vht_cap->vht_cap_info &
1420
				cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1421
		link_conf->vht_mu_beamformer =
1422
			params->vht_cap->vht_cap_info &
1423
				cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1424
		link_conf->vht_mu_beamformee =
1425
			params->vht_cap->vht_cap_info &
1426
				cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1427
	}
1428

1429
	if (params->he_cap && params->he_oper) {
1430
		link_conf->he_support = true;
1431
		link_conf->htc_trig_based_pkt_ext =
1432
			le32_get_bits(params->he_oper->he_oper_params,
1433
			      IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
1434
		link_conf->frame_time_rts_th =
1435
			le32_get_bits(params->he_oper->he_oper_params,
1436
			      IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
1437
		changed |= BSS_CHANGED_HE_OBSS_PD;
1438

1439
		if (params->beacon.he_bss_color.enabled)
1440
			changed |= BSS_CHANGED_HE_BSS_COLOR;
1441
	}
1442

1443
	if (params->he_cap) {
1444
		link_conf->he_ldpc =
1445
			params->he_cap->phy_cap_info[1] &
1446
				IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD;
1447
		link_conf->he_su_beamformer =
1448
			params->he_cap->phy_cap_info[3] &
1449
				IEEE80211_HE_PHY_CAP3_SU_BEAMFORMER;
1450
		link_conf->he_su_beamformee =
1451
			params->he_cap->phy_cap_info[4] &
1452
				IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE;
1453
		link_conf->he_mu_beamformer =
1454
			params->he_cap->phy_cap_info[4] &
1455
				IEEE80211_HE_PHY_CAP4_MU_BEAMFORMER;
1456
		link_conf->he_full_ul_mumimo =
1457
			params->he_cap->phy_cap_info[2] &
1458
				IEEE80211_HE_PHY_CAP2_UL_MU_FULL_MU_MIMO;
1459
	}
1460

1461
	if (params->eht_cap) {
1462
		if (!link_conf->he_support)
1463
			return -EOPNOTSUPP;
1464

1465
		link_conf->eht_support = true;
1466

1467
		link_conf->eht_su_beamformer =
1468
			params->eht_cap->fixed.phy_cap_info[0] &
1469
				IEEE80211_EHT_PHY_CAP0_SU_BEAMFORMER;
1470
		link_conf->eht_su_beamformee =
1471
			params->eht_cap->fixed.phy_cap_info[0] &
1472
				IEEE80211_EHT_PHY_CAP0_SU_BEAMFORMEE;
1473
		link_conf->eht_mu_beamformer =
1474
			params->eht_cap->fixed.phy_cap_info[7] &
1475
				(IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_80MHZ |
1476
				 IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_160MHZ |
1477
				 IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_320MHZ);
1478
		link_conf->eht_80mhz_full_bw_ul_mumimo =
1479
			params->eht_cap->fixed.phy_cap_info[7] &
1480
				(IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_80MHZ |
1481
				 IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_160MHZ |
1482
				 IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_320MHZ);
1483
		link_conf->eht_disable_mcs15 =
1484
			u8_get_bits(params->eht_oper->params,
1485
				    IEEE80211_EHT_OPER_MCS15_DISABLE);
1486
	} else {
1487
		link_conf->eht_su_beamformer = false;
1488
		link_conf->eht_su_beamformee = false;
1489
		link_conf->eht_mu_beamformer = false;
1490
	}
1491

1492
	if (sdata->vif.type == NL80211_IFTYPE_AP &&
1493
	    params->mbssid_config.tx_wdev) {
1494
		err = ieee80211_set_ap_mbssid_options(sdata,
1495
						      &params->mbssid_config,
1496
						      link_conf);
1497
		if (err)
1498
			return err;
1499
	}
1500

1501
	err = ieee80211_link_use_channel(link, &chanreq,
1502
					 IEEE80211_CHANCTX_SHARED);
1503
	if (!err)
1504
		ieee80211_link_copy_chanctx_to_vlans(link, false);
1505
	if (err) {
1506
		link_conf->beacon_int = prev_beacon_int;
1507
		return err;
1508
	}
1509

1510
	/*
1511
	 * Apply control port protocol, this allows us to
1512
	 * not encrypt dynamic WEP control frames.
1513
	 */
1514
	sdata->control_port_protocol = params->crypto.control_port_ethertype;
1515
	sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
1516
	sdata->control_port_over_nl80211 =
1517
				params->crypto.control_port_over_nl80211;
1518
	sdata->control_port_no_preauth =
1519
				params->crypto.control_port_no_preauth;
1520

1521
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1522
		vlan->control_port_protocol =
1523
			params->crypto.control_port_ethertype;
1524
		vlan->control_port_no_encrypt =
1525
			params->crypto.control_port_no_encrypt;
1526
		vlan->control_port_over_nl80211 =
1527
			params->crypto.control_port_over_nl80211;
1528
		vlan->control_port_no_preauth =
1529
			params->crypto.control_port_no_preauth;
1530
	}
1531

1532
	link_conf->dtim_period = params->dtim_period;
1533
	link_conf->enable_beacon = true;
1534
	link_conf->allow_p2p_go_ps = sdata->vif.p2p;
1535
	link_conf->twt_responder = params->twt_responder;
1536
	link_conf->he_obss_pd = params->he_obss_pd;
1537
	link_conf->he_bss_color = params->beacon.he_bss_color;
1538
	link_conf->s1g_long_beacon_period = params->s1g_long_beacon_period;
1539
	sdata->vif.cfg.s1g = params->chandef.chan->band == NL80211_BAND_S1GHZ;
1540

1541
	sdata->vif.cfg.ssid_len = params->ssid_len;
1542
	if (params->ssid_len)
1543
		memcpy(sdata->vif.cfg.ssid, params->ssid,
1544
		       params->ssid_len);
1545
	link_conf->hidden_ssid =
1546
		(params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
1547

1548
	memset(&link_conf->p2p_noa_attr, 0,
1549
	       sizeof(link_conf->p2p_noa_attr));
1550
	link_conf->p2p_noa_attr.oppps_ctwindow =
1551
		params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1552
	if (params->p2p_opp_ps)
1553
		link_conf->p2p_noa_attr.oppps_ctwindow |=
1554
					IEEE80211_P2P_OPPPS_ENABLE_BIT;
1555

1556
	sdata->beacon_rate_set = false;
1557
	if (wiphy_ext_feature_isset(local->hw.wiphy,
1558
				    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
1559
		for (i = 0; i < NUM_NL80211_BANDS; i++) {
1560
			sdata->beacon_rateidx_mask[i] =
1561
				params->beacon_rate.control[i].legacy;
1562
			if (sdata->beacon_rateidx_mask[i])
1563
				sdata->beacon_rate_set = true;
1564
		}
1565
	}
1566

1567
	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
1568
		link_conf->beacon_tx_rate = params->beacon_rate;
1569

1570
	err = ieee80211_assign_beacon(sdata, link, &params->beacon, NULL, NULL,
1571
				      &changed);
1572
	if (err < 0)
1573
		goto error;
1574

1575
	err = ieee80211_set_fils_discovery(sdata, &params->fils_discovery,
1576
					   link, link_conf, &changed);
1577
	if (err < 0)
1578
		goto error;
1579

1580
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
1581
						   &params->unsol_bcast_probe_resp,
1582
						   link, link_conf, &changed);
1583
	if (err < 0)
1584
		goto error;
1585

1586
	if (sdata->vif.cfg.s1g) {
1587
		err = ieee80211_set_s1g_short_beacon(sdata, link,
1588
						     &params->s1g_short_beacon);
1589
		if (err < 0)
1590
			goto error;
1591
	}
1592

1593
	err = drv_start_ap(sdata->local, sdata, link_conf);
1594
	if (err) {
1595
		old = sdata_dereference(link->u.ap.beacon, sdata);
1596

1597
		if (old)
1598
			kfree_rcu(old, rcu_head);
1599
		RCU_INIT_POINTER(link->u.ap.beacon, NULL);
1600

1601
		if (ieee80211_num_beaconing_links(sdata) == 0)
1602
			sdata->u.ap.active = false;
1603

1604
		goto error;
1605
	}
1606

1607
	tsf = drv_get_tsf(local, sdata);
1608
	ieee80211_recalc_dtim(sdata, tsf);
1609

1610
	if (link->u.ap.s1g_short_beacon)
1611
		ieee80211_recalc_sb_count(sdata, tsf);
1612

1613
	ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_SSID);
1614
	ieee80211_link_info_change_notify(sdata, link, changed);
1615

1616
	if (ieee80211_num_beaconing_links(sdata) <= 1)
1617
		netif_carrier_on(dev);
1618

1619
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1620
		netif_carrier_on(vlan->dev);
1621

1622
	return 0;
1623

1624
error:
1625
	ieee80211_link_release_channel(link);
1626

1627
	return err;
1628
}
1629

1630
static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
1631
				   struct cfg80211_ap_update *params)
1632

1633
{
1634
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1635
	struct ieee80211_link_data *link;
1636
	struct cfg80211_beacon_data *beacon = &params->beacon;
1637
	struct beacon_data *old;
1638
	int err;
1639
	struct ieee80211_bss_conf *link_conf;
1640
	u64 changed = 0;
1641

1642
	lockdep_assert_wiphy(wiphy);
1643

1644
	link = sdata_dereference(sdata->link[beacon->link_id], sdata);
1645
	if (!link)
1646
		return -ENOLINK;
1647

1648
	link_conf = link->conf;
1649

1650
	/* don't allow changing the beacon while a countdown is in place - offset
1651
	 * of channel switch counter may change
1652
	 */
1653
	if (link_conf->csa_active || link_conf->color_change_active)
1654
		return -EBUSY;
1655

1656
	old = sdata_dereference(link->u.ap.beacon, sdata);
1657
	if (!old)
1658
		return -ENOENT;
1659

1660
	err = ieee80211_assign_beacon(sdata, link, beacon, NULL, NULL,
1661
				      &changed);
1662
	if (err < 0)
1663
		return err;
1664

1665
	err = ieee80211_set_fils_discovery(sdata, &params->fils_discovery,
1666
					   link, link_conf, &changed);
1667
	if (err < 0)
1668
		return err;
1669

1670
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
1671
						   &params->unsol_bcast_probe_resp,
1672
						   link, link_conf, &changed);
1673
	if (err < 0)
1674
		return err;
1675

1676
	if (link->u.ap.s1g_short_beacon) {
1677
		err = ieee80211_set_s1g_short_beacon(sdata, link,
1678
						     &params->s1g_short_beacon);
1679
		if (err < 0)
1680
			return err;
1681
	}
1682

1683
	if (beacon->he_bss_color_valid &&
1684
	    beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {
1685
		link_conf->he_bss_color.enabled = beacon->he_bss_color.enabled;
1686
		changed |= BSS_CHANGED_HE_BSS_COLOR;
1687
	}
1688

1689
	ieee80211_link_info_change_notify(sdata, link, changed);
1690
	return 0;
1691
}
1692

1693
static void ieee80211_free_next_beacon(struct ieee80211_link_data *link)
1694
{
1695
	if (!link->u.ap.next_beacon)
1696
		return;
1697

1698
	kfree(link->u.ap.next_beacon->mbssid_ies);
1699
	kfree(link->u.ap.next_beacon->rnr_ies);
1700
	kfree(link->u.ap.next_beacon);
1701
	link->u.ap.next_beacon = NULL;
1702
}
1703

1704
static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev,
1705
			     unsigned int link_id)
1706
{
1707
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1708
	struct ieee80211_sub_if_data *vlan;
1709
	struct ieee80211_local *local = sdata->local;
1710
	struct beacon_data *old_beacon;
1711
	struct probe_resp *old_probe_resp;
1712
	struct fils_discovery_data *old_fils_discovery;
1713
	struct unsol_bcast_probe_resp_data *old_unsol_bcast_probe_resp;
1714
	struct s1g_short_beacon_data *old_s1g_short_beacon;
1715
	struct cfg80211_chan_def chandef;
1716
	struct ieee80211_link_data *link =
1717
		sdata_dereference(sdata->link[link_id], sdata);
1718
	struct ieee80211_bss_conf *link_conf = link->conf;
1719
	LIST_HEAD(keys);
1720

1721
	lockdep_assert_wiphy(local->hw.wiphy);
1722

1723
	old_beacon = sdata_dereference(link->u.ap.beacon, sdata);
1724
	if (!old_beacon)
1725
		return -ENOENT;
1726
	old_probe_resp = sdata_dereference(link->u.ap.probe_resp,
1727
					   sdata);
1728
	old_fils_discovery = sdata_dereference(link->u.ap.fils_discovery,
1729
					       sdata);
1730
	old_unsol_bcast_probe_resp =
1731
		sdata_dereference(link->u.ap.unsol_bcast_probe_resp,
1732
				  sdata);
1733
	old_s1g_short_beacon =
1734
		sdata_dereference(link->u.ap.s1g_short_beacon, sdata);
1735

1736
	/* abort any running channel switch or color change */
1737
	link_conf->csa_active = false;
1738
	link_conf->color_change_active = false;
1739
	ieee80211_vif_unblock_queues_csa(sdata);
1740

1741
	ieee80211_free_next_beacon(link);
1742

1743
	/* turn off carrier for this interface and dependent VLANs */
1744
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1745
		netif_carrier_off(vlan->dev);
1746

1747
	if (ieee80211_num_beaconing_links(sdata) <= 1) {
1748
		netif_carrier_off(dev);
1749
		sdata->u.ap.active = false;
1750
	}
1751

1752
	/* remove beacon and probe response */
1753
	RCU_INIT_POINTER(link->u.ap.beacon, NULL);
1754
	RCU_INIT_POINTER(link->u.ap.probe_resp, NULL);
1755
	RCU_INIT_POINTER(link->u.ap.fils_discovery, NULL);
1756
	RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
1757
	RCU_INIT_POINTER(link->u.ap.s1g_short_beacon, NULL);
1758
	kfree_rcu(old_beacon, rcu_head);
1759
	if (old_probe_resp)
1760
		kfree_rcu(old_probe_resp, rcu_head);
1761
	if (old_fils_discovery)
1762
		kfree_rcu(old_fils_discovery, rcu_head);
1763
	if (old_unsol_bcast_probe_resp)
1764
		kfree_rcu(old_unsol_bcast_probe_resp, rcu_head);
1765
	if (old_s1g_short_beacon)
1766
		kfree_rcu(old_s1g_short_beacon, rcu_head);
1767

1768
	kfree(link_conf->ftmr_params);
1769
	link_conf->ftmr_params = NULL;
1770

1771
	link_conf->bssid_index = 0;
1772
	link_conf->nontransmitted = false;
1773
	link_conf->ema_ap = false;
1774
	link_conf->bssid_indicator = 0;
1775

1776
	__sta_info_flush(sdata, true, link_id, NULL);
1777

1778
	ieee80211_remove_link_keys(link, &keys);
1779
	if (!list_empty(&keys)) {
1780
		synchronize_net();
1781
		ieee80211_free_key_list(local, &keys);
1782
	}
1783

1784
	ieee80211_stop_mbssid(sdata);
1785
	RCU_INIT_POINTER(link_conf->tx_bss_conf, NULL);
1786

1787
	link_conf->enable_beacon = false;
1788
	sdata->beacon_rate_set = false;
1789
	sdata->vif.cfg.ssid_len = 0;
1790
	sdata->vif.cfg.s1g = false;
1791
	clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1792
	ieee80211_link_info_change_notify(sdata, link,
1793
					  BSS_CHANGED_BEACON_ENABLED);
1794

1795
	if (sdata->wdev.links[link_id].cac_started) {
1796
		chandef = link_conf->chanreq.oper;
1797
		wiphy_delayed_work_cancel(wiphy, &link->dfs_cac_timer_work);
1798
		cfg80211_cac_event(sdata->dev, &chandef,
1799
				   NL80211_RADAR_CAC_ABORTED,
1800
				   GFP_KERNEL, link_id);
1801
	}
1802

1803
	drv_stop_ap(sdata->local, sdata, link_conf);
1804

1805
	/* free all potentially still buffered bcast frames */
1806
	local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps.bc_buf);
1807
	ieee80211_purge_tx_queue(&local->hw, &sdata->u.ap.ps.bc_buf);
1808

1809
	ieee80211_link_copy_chanctx_to_vlans(link, true);
1810
	ieee80211_link_release_channel(link);
1811

1812
	return 0;
1813
}
1814

1815
static int sta_apply_auth_flags(struct ieee80211_local *local,
1816
				struct sta_info *sta,
1817
				u32 mask, u32 set)
1818
{
1819
	int ret;
1820

1821
	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1822
	    set & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1823
	    !test_sta_flag(sta, WLAN_STA_AUTH)) {
1824
		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1825
		if (ret)
1826
			return ret;
1827
	}
1828

1829
	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1830
	    set & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1831
	    !test_sta_flag(sta, WLAN_STA_ASSOC)) {
1832
		/*
1833
		 * When peer becomes associated, init rate control as
1834
		 * well. Some drivers require rate control initialized
1835
		 * before drv_sta_state() is called.
1836
		 */
1837
		if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
1838
			rate_control_rate_init_all_links(sta);
1839

1840
		ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1841
		if (ret)
1842
			return ret;
1843
	}
1844

1845
	if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1846
		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
1847
			ret = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1848
		else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1849
			ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1850
		else
1851
			ret = 0;
1852
		if (ret)
1853
			return ret;
1854
	}
1855

1856
	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1857
	    !(set & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
1858
	    test_sta_flag(sta, WLAN_STA_ASSOC)) {
1859
		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1860
		if (ret)
1861
			return ret;
1862
	}
1863

1864
	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1865
	    !(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) &&
1866
	    test_sta_flag(sta, WLAN_STA_AUTH)) {
1867
		ret = sta_info_move_state(sta, IEEE80211_STA_NONE);
1868
		if (ret)
1869
			return ret;
1870
	}
1871

1872
	return 0;
1873
}
1874

1875
static void sta_apply_mesh_params(struct ieee80211_local *local,
1876
				  struct sta_info *sta,
1877
				  struct station_parameters *params)
1878
{
1879
#ifdef CONFIG_MAC80211_MESH
1880
	struct ieee80211_sub_if_data *sdata = sta->sdata;
1881
	u64 changed = 0;
1882

1883
	if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) {
1884
		switch (params->plink_state) {
1885
		case NL80211_PLINK_ESTAB:
1886
			if (sta->mesh->plink_state != NL80211_PLINK_ESTAB)
1887
				changed = mesh_plink_inc_estab_count(sdata);
1888
			sta->mesh->plink_state = params->plink_state;
1889
			sta->mesh->aid = params->peer_aid;
1890

1891
			ieee80211_mps_sta_status_update(sta);
1892
			changed |= ieee80211_mps_set_sta_local_pm(sta,
1893
				      sdata->u.mesh.mshcfg.power_mode);
1894

1895
			ewma_mesh_tx_rate_avg_init(&sta->mesh->tx_rate_avg);
1896
			/* init at low value */
1897
			ewma_mesh_tx_rate_avg_add(&sta->mesh->tx_rate_avg, 10);
1898

1899
			break;
1900
		case NL80211_PLINK_LISTEN:
1901
		case NL80211_PLINK_BLOCKED:
1902
		case NL80211_PLINK_OPN_SNT:
1903
		case NL80211_PLINK_OPN_RCVD:
1904
		case NL80211_PLINK_CNF_RCVD:
1905
		case NL80211_PLINK_HOLDING:
1906
			if (sta->mesh->plink_state == NL80211_PLINK_ESTAB)
1907
				changed = mesh_plink_dec_estab_count(sdata);
1908
			sta->mesh->plink_state = params->plink_state;
1909

1910
			ieee80211_mps_sta_status_update(sta);
1911
			changed |= ieee80211_mps_set_sta_local_pm(sta,
1912
					NL80211_MESH_POWER_UNKNOWN);
1913
			break;
1914
		default:
1915
			/*  nothing  */
1916
			break;
1917
		}
1918
	}
1919

1920
	switch (params->plink_action) {
1921
	case NL80211_PLINK_ACTION_NO_ACTION:
1922
		/* nothing */
1923
		break;
1924
	case NL80211_PLINK_ACTION_OPEN:
1925
		changed |= mesh_plink_open(sta);
1926
		break;
1927
	case NL80211_PLINK_ACTION_BLOCK:
1928
		changed |= mesh_plink_block(sta);
1929
		break;
1930
	}
1931

1932
	if (params->local_pm)
1933
		changed |= ieee80211_mps_set_sta_local_pm(sta,
1934
							  params->local_pm);
1935

1936
	ieee80211_mbss_info_change_notify(sdata, changed);
1937
#endif
1938
}
1939

1940
enum sta_link_apply_mode {
1941
	STA_LINK_MODE_NEW,
1942
	STA_LINK_MODE_STA_MODIFY,
1943
	STA_LINK_MODE_LINK_MODIFY,
1944
};
1945

1946
static int sta_link_apply_parameters(struct ieee80211_local *local,
1947
				     struct sta_info *sta,
1948
				     enum sta_link_apply_mode mode,
1949
				     struct link_station_parameters *params)
1950
{
1951
	struct ieee80211_supported_band *sband;
1952
	struct ieee80211_sub_if_data *sdata = sta->sdata;
1953
	u32 link_id = params->link_id < 0 ? 0 : params->link_id;
1954
	struct ieee80211_link_data *link =
1955
		sdata_dereference(sdata->link[link_id], sdata);
1956
	struct link_sta_info *link_sta =
1957
		rcu_dereference_protected(sta->link[link_id],
1958
					  lockdep_is_held(&local->hw.wiphy->mtx));
1959
	bool changes = params->link_mac ||
1960
		       params->txpwr_set ||
1961
		       params->supported_rates_len ||
1962
		       params->ht_capa ||
1963
		       params->vht_capa ||
1964
		       params->he_capa ||
1965
		       params->eht_capa ||
1966
		       params->s1g_capa ||
1967
		       params->opmode_notif_used;
1968

1969
	switch (mode) {
1970
	case STA_LINK_MODE_NEW:
1971
		if (!params->link_mac)
1972
			return -EINVAL;
1973
		break;
1974
	case STA_LINK_MODE_LINK_MODIFY:
1975
		break;
1976
	case STA_LINK_MODE_STA_MODIFY:
1977
		if (params->link_id >= 0)
1978
			break;
1979
		if (!changes)
1980
			return 0;
1981
		break;
1982
	}
1983

1984
	if (!link || !link_sta)
1985
		return -EINVAL;
1986

1987
	sband = ieee80211_get_link_sband(link);
1988
	if (!sband)
1989
		return -EINVAL;
1990

1991
	if (params->link_mac) {
1992
		if (mode == STA_LINK_MODE_NEW) {
1993
			memcpy(link_sta->addr, params->link_mac, ETH_ALEN);
1994
			memcpy(link_sta->pub->addr, params->link_mac, ETH_ALEN);
1995
		} else if (!ether_addr_equal(link_sta->addr,
1996
					     params->link_mac)) {
1997
			return -EINVAL;
1998
		}
1999
	}
2000

2001
	if (params->txpwr_set) {
2002
		int ret;
2003

2004
		link_sta->pub->txpwr.type = params->txpwr.type;
2005
		if (params->txpwr.type == NL80211_TX_POWER_LIMITED)
2006
			link_sta->pub->txpwr.power = params->txpwr.power;
2007
		ret = drv_sta_set_txpwr(local, sdata, sta);
2008
		if (ret)
2009
			return ret;
2010
	}
2011

2012
	if (params->supported_rates &&
2013
	    params->supported_rates_len &&
2014
	    !ieee80211_parse_bitrates(link->conf->chanreq.oper.width,
2015
				      sband, params->supported_rates,
2016
				      params->supported_rates_len,
2017
				      &link_sta->pub->supp_rates[sband->band]))
2018
		return -EINVAL;
2019

2020
	if (params->ht_capa)
2021
		ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2022
						  params->ht_capa, link_sta);
2023

2024
	/* VHT can override some HT caps such as the A-MSDU max length */
2025
	if (params->vht_capa)
2026
		ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2027
						    params->vht_capa, NULL,
2028
						    link_sta);
2029

2030
	if (params->he_capa)
2031
		ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
2032
						  (void *)params->he_capa,
2033
						  params->he_capa_len,
2034
						  (void *)params->he_6ghz_capa,
2035
						  link_sta);
2036

2037
	if (params->he_capa && params->eht_capa)
2038
		ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
2039
						    (u8 *)params->he_capa,
2040
						    params->he_capa_len,
2041
						    params->eht_capa,
2042
						    params->eht_capa_len,
2043
						    link_sta);
2044

2045
	if (params->s1g_capa)
2046
		ieee80211_s1g_cap_to_sta_s1g_cap(sdata, params->s1g_capa,
2047
						 link_sta);
2048

2049
	ieee80211_sta_init_nss(link_sta);
2050

2051
	if (params->opmode_notif_used) {
2052
		enum nl80211_chan_width width = link->conf->chanreq.oper.width;
2053

2054
		switch (width) {
2055
		case NL80211_CHAN_WIDTH_20:
2056
		case NL80211_CHAN_WIDTH_40:
2057
		case NL80211_CHAN_WIDTH_80:
2058
		case NL80211_CHAN_WIDTH_160:
2059
		case NL80211_CHAN_WIDTH_80P80:
2060
		case NL80211_CHAN_WIDTH_320: /* not VHT, allowed for HE/EHT */
2061
			break;
2062
		default:
2063
			return -EINVAL;
2064
		}
2065

2066
		/* returned value is only needed for rc update, but the
2067
		 * rc isn't initialized here yet, so ignore it
2068
		 */
2069
		__ieee80211_vht_handle_opmode(sdata, link_sta,
2070
					      params->opmode_notif,
2071
					      sband->band);
2072
	}
2073

2074
	return 0;
2075
}
2076

2077
static int sta_apply_parameters(struct ieee80211_local *local,
2078
				struct sta_info *sta,
2079
				struct station_parameters *params)
2080
{
2081
	struct ieee80211_sub_if_data *sdata = sta->sdata;
2082
	u32 mask, set;
2083
	int ret = 0;
2084

2085
	mask = params->sta_flags_mask;
2086
	set = params->sta_flags_set;
2087

2088
	if (ieee80211_vif_is_mesh(&sdata->vif)) {
2089
		/*
2090
		 * In mesh mode, ASSOCIATED isn't part of the nl80211
2091
		 * API but must follow AUTHENTICATED for driver state.
2092
		 */
2093
		if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED))
2094
			mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2095
		if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
2096
			set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2097
	} else if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2098
		/*
2099
		 * TDLS -- everything follows authorized, but
2100
		 * only becoming authorized is possible, not
2101
		 * going back
2102
		 */
2103
		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
2104
			set |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2105
			       BIT(NL80211_STA_FLAG_ASSOCIATED);
2106
			mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2107
				BIT(NL80211_STA_FLAG_ASSOCIATED);
2108
		}
2109
	}
2110

2111
	if (mask & BIT(NL80211_STA_FLAG_WME) &&
2112
	    local->hw.queues >= IEEE80211_NUM_ACS)
2113
		sta->sta.wme = set & BIT(NL80211_STA_FLAG_WME);
2114

2115
	/* auth flags will be set later for TDLS,
2116
	 * and for unassociated stations that move to associated */
2117
	if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2118
	    !((mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
2119
	      (set & BIT(NL80211_STA_FLAG_ASSOCIATED)))) {
2120
		ret = sta_apply_auth_flags(local, sta, mask, set);
2121
		if (ret)
2122
			return ret;
2123
	}
2124

2125
	if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) {
2126
		if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE))
2127
			set_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
2128
		else
2129
			clear_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
2130
	}
2131

2132
	if (mask & BIT(NL80211_STA_FLAG_MFP)) {
2133
		sta->sta.mfp = !!(set & BIT(NL80211_STA_FLAG_MFP));
2134
		if (set & BIT(NL80211_STA_FLAG_MFP))
2135
			set_sta_flag(sta, WLAN_STA_MFP);
2136
		else
2137
			clear_sta_flag(sta, WLAN_STA_MFP);
2138
	}
2139

2140
	if (mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) {
2141
		if (set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2142
			set_sta_flag(sta, WLAN_STA_TDLS_PEER);
2143
		else
2144
			clear_sta_flag(sta, WLAN_STA_TDLS_PEER);
2145
	}
2146

2147
	if (mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
2148
		sta->sta.spp_amsdu = set & BIT(NL80211_STA_FLAG_SPP_AMSDU);
2149

2150
	/* mark TDLS channel switch support, if the AP allows it */
2151
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2152
	    !sdata->deflink.u.mgd.tdls_chan_switch_prohibited &&
2153
	    params->ext_capab_len >= 4 &&
2154
	    params->ext_capab[3] & WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH)
2155
		set_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH);
2156

2157
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2158
	    !sdata->u.mgd.tdls_wider_bw_prohibited &&
2159
	    ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
2160
	    params->ext_capab_len >= 8 &&
2161
	    params->ext_capab[7] & WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED)
2162
		set_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW);
2163

2164
	if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) {
2165
		sta->sta.uapsd_queues = params->uapsd_queues;
2166
		sta->sta.max_sp = params->max_sp;
2167
	}
2168

2169
	ieee80211_sta_set_max_amsdu_subframes(sta, params->ext_capab,
2170
					      params->ext_capab_len);
2171

2172
	/*
2173
	 * cfg80211 validates this (1-2007) and allows setting the AID
2174
	 * only when creating a new station entry
2175
	 */
2176
	if (params->aid)
2177
		sta->sta.aid = params->aid;
2178

2179
	/*
2180
	 * Some of the following updates would be racy if called on an
2181
	 * existing station, via ieee80211_change_station(). However,
2182
	 * all such changes are rejected by cfg80211 except for updates
2183
	 * changing the supported rates on an existing but not yet used
2184
	 * TDLS peer.
2185
	 */
2186

2187
	if (params->listen_interval >= 0)
2188
		sta->listen_interval = params->listen_interval;
2189

2190
	if (params->eml_cap_present)
2191
		sta->sta.eml_cap = params->eml_cap;
2192

2193
	ret = sta_link_apply_parameters(local, sta, STA_LINK_MODE_STA_MODIFY,
2194
					&params->link_sta_params);
2195
	if (ret)
2196
		return ret;
2197

2198
	if (params->support_p2p_ps >= 0)
2199
		sta->sta.support_p2p_ps = params->support_p2p_ps;
2200

2201
	if (ieee80211_vif_is_mesh(&sdata->vif))
2202
		sta_apply_mesh_params(local, sta, params);
2203

2204
	if (params->airtime_weight)
2205
		sta->airtime_weight = params->airtime_weight;
2206

2207
	/* set the STA state after all sta info from usermode has been set */
2208
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) ||
2209
	    set & BIT(NL80211_STA_FLAG_ASSOCIATED)) {
2210
		ret = sta_apply_auth_flags(local, sta, mask, set);
2211
		if (ret)
2212
			return ret;
2213
	}
2214

2215
	/* Mark the STA as MLO if MLD MAC address is available */
2216
	if (params->link_sta_params.mld_mac)
2217
		sta->sta.mlo = true;
2218

2219
	return 0;
2220
}
2221

2222
static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
2223
				 const u8 *mac,
2224
				 struct station_parameters *params)
2225
{
2226
	struct ieee80211_local *local = wiphy_priv(wiphy);
2227
	struct sta_info *sta;
2228
	struct ieee80211_sub_if_data *sdata;
2229
	int err;
2230

2231
	lockdep_assert_wiphy(local->hw.wiphy);
2232

2233
	if (params->vlan) {
2234
		sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
2235

2236
		if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2237
		    sdata->vif.type != NL80211_IFTYPE_AP)
2238
			return -EINVAL;
2239
	} else
2240
		sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2241

2242
	if (ether_addr_equal(mac, sdata->vif.addr))
2243
		return -EINVAL;
2244

2245
	if (!is_valid_ether_addr(mac))
2246
		return -EINVAL;
2247

2248
	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER) &&
2249
	    sdata->vif.type == NL80211_IFTYPE_STATION &&
2250
	    !sdata->u.mgd.associated)
2251
		return -EINVAL;
2252

2253
	/*
2254
	 * If we have a link ID, it can be a non-MLO station on an AP MLD,
2255
	 * but we need to have a link_mac in that case as well, so use the
2256
	 * STA's MAC address in that case.
2257
	 */
2258
	if (params->link_sta_params.link_id >= 0)
2259
		sta = sta_info_alloc_with_link(sdata, mac,
2260
					       params->link_sta_params.link_id,
2261
					       params->link_sta_params.link_mac ?: mac,
2262
					       GFP_KERNEL);
2263
	else
2264
		sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
2265

2266
	if (!sta)
2267
		return -ENOMEM;
2268

2269
	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2270
		sta->sta.tdls = true;
2271

2272
	/* Though the mutex is not needed here (since the station is not
2273
	 * visible yet), sta_apply_parameters (and inner functions) require
2274
	 * the mutex due to other paths.
2275
	 */
2276
	err = sta_apply_parameters(local, sta, params);
2277
	if (err) {
2278
		sta_info_free(local, sta);
2279
		return err;
2280
	}
2281

2282
	/*
2283
	 * for TDLS and for unassociated station, rate control should be
2284
	 * initialized only when rates are known and station is marked
2285
	 * authorized/associated
2286
	 */
2287
	if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2288
	    test_sta_flag(sta, WLAN_STA_ASSOC))
2289
		rate_control_rate_init_all_links(sta);
2290

2291
	return sta_info_insert(sta);
2292
}
2293

2294
static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
2295
				 struct station_del_parameters *params)
2296
{
2297
	struct ieee80211_sub_if_data *sdata;
2298

2299
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2300

2301
	if (params->mac)
2302
		return sta_info_destroy_addr_bss(sdata, params->mac);
2303

2304
	sta_info_flush(sdata, params->link_id);
2305
	return 0;
2306
}
2307

2308
static int ieee80211_change_station(struct wiphy *wiphy,
2309
				    struct net_device *dev, const u8 *mac,
2310
				    struct station_parameters *params)
2311
{
2312
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2313
	struct ieee80211_local *local = wiphy_priv(wiphy);
2314
	struct sta_info *sta;
2315
	struct ieee80211_sub_if_data *vlansdata;
2316
	enum cfg80211_station_type statype;
2317
	int err;
2318

2319
	lockdep_assert_wiphy(local->hw.wiphy);
2320

2321
	sta = sta_info_get_bss(sdata, mac);
2322
	if (!sta)
2323
		return -ENOENT;
2324

2325
	switch (sdata->vif.type) {
2326
	case NL80211_IFTYPE_MESH_POINT:
2327
		if (sdata->u.mesh.user_mpm)
2328
			statype = CFG80211_STA_MESH_PEER_USER;
2329
		else
2330
			statype = CFG80211_STA_MESH_PEER_KERNEL;
2331
		break;
2332
	case NL80211_IFTYPE_ADHOC:
2333
		statype = CFG80211_STA_IBSS;
2334
		break;
2335
	case NL80211_IFTYPE_STATION:
2336
		if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2337
			statype = CFG80211_STA_AP_STA;
2338
			break;
2339
		}
2340
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2341
			statype = CFG80211_STA_TDLS_PEER_ACTIVE;
2342
		else
2343
			statype = CFG80211_STA_TDLS_PEER_SETUP;
2344
		break;
2345
	case NL80211_IFTYPE_AP:
2346
	case NL80211_IFTYPE_AP_VLAN:
2347
		if (test_sta_flag(sta, WLAN_STA_ASSOC))
2348
			statype = CFG80211_STA_AP_CLIENT;
2349
		else
2350
			statype = CFG80211_STA_AP_CLIENT_UNASSOC;
2351
		break;
2352
	default:
2353
		return -EOPNOTSUPP;
2354
	}
2355

2356
	err = cfg80211_check_station_change(wiphy, params, statype);
2357
	if (err)
2358
		return err;
2359

2360
	if (params->vlan && params->vlan != sta->sdata->dev) {
2361
		vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
2362

2363
		if (params->vlan->ieee80211_ptr->use_4addr) {
2364
			if (vlansdata->u.vlan.sta)
2365
				return -EBUSY;
2366

2367
			rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
2368
			__ieee80211_check_fast_rx_iface(vlansdata);
2369
			drv_sta_set_4addr(local, sta->sdata, &sta->sta, true);
2370
		}
2371

2372
		if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
2373
		    sta->sdata->u.vlan.sta)
2374
			RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
2375

2376
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2377
			ieee80211_vif_dec_num_mcast(sta->sdata);
2378

2379
		sta->sdata = vlansdata;
2380
		ieee80211_check_fast_rx(sta);
2381
		ieee80211_check_fast_xmit(sta);
2382

2383
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
2384
			ieee80211_vif_inc_num_mcast(sta->sdata);
2385
			cfg80211_send_layer2_update(sta->sdata->dev,
2386
						    sta->sta.addr);
2387
		}
2388
	}
2389

2390
	err = sta_apply_parameters(local, sta, params);
2391
	if (err)
2392
		return err;
2393

2394
	if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2395
	    params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
2396
		ieee80211_recalc_ps(local);
2397
		ieee80211_recalc_ps_vif(sdata);
2398
	}
2399

2400
	return 0;
2401
}
2402

2403
#ifdef CONFIG_MAC80211_MESH
2404
static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
2405
			       const u8 *dst, const u8 *next_hop)
2406
{
2407
	struct ieee80211_sub_if_data *sdata;
2408
	struct mesh_path *mpath;
2409
	struct sta_info *sta;
2410

2411
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2412

2413
	rcu_read_lock();
2414
	sta = sta_info_get(sdata, next_hop);
2415
	if (!sta) {
2416
		rcu_read_unlock();
2417
		return -ENOENT;
2418
	}
2419

2420
	mpath = mesh_path_add(sdata, dst);
2421
	if (IS_ERR(mpath)) {
2422
		rcu_read_unlock();
2423
		return PTR_ERR(mpath);
2424
	}
2425

2426
	mesh_path_fix_nexthop(mpath, sta);
2427

2428
	rcu_read_unlock();
2429
	return 0;
2430
}
2431

2432
static int ieee80211_del_mpath(struct wiphy *wiphy, struct net_device *dev,
2433
			       const u8 *dst)
2434
{
2435
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2436

2437
	if (dst)
2438
		return mesh_path_del(sdata, dst);
2439

2440
	mesh_path_flush_by_iface(sdata);
2441
	return 0;
2442
}
2443

2444
static int ieee80211_change_mpath(struct wiphy *wiphy, struct net_device *dev,
2445
				  const u8 *dst, const u8 *next_hop)
2446
{
2447
	struct ieee80211_sub_if_data *sdata;
2448
	struct mesh_path *mpath;
2449
	struct sta_info *sta;
2450

2451
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2452

2453
	rcu_read_lock();
2454

2455
	sta = sta_info_get(sdata, next_hop);
2456
	if (!sta) {
2457
		rcu_read_unlock();
2458
		return -ENOENT;
2459
	}
2460

2461
	mpath = mesh_path_lookup(sdata, dst);
2462
	if (!mpath) {
2463
		rcu_read_unlock();
2464
		return -ENOENT;
2465
	}
2466

2467
	mesh_path_fix_nexthop(mpath, sta);
2468

2469
	rcu_read_unlock();
2470
	return 0;
2471
}
2472

2473
static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
2474
			    struct mpath_info *pinfo)
2475
{
2476
	struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
2477

2478
	if (next_hop_sta)
2479
		memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
2480
	else
2481
		eth_zero_addr(next_hop);
2482

2483
	memset(pinfo, 0, sizeof(*pinfo));
2484

2485
	pinfo->generation = mpath->sdata->u.mesh.mesh_paths_generation;
2486

2487
	pinfo->filled = MPATH_INFO_FRAME_QLEN |
2488
			MPATH_INFO_SN |
2489
			MPATH_INFO_METRIC |
2490
			MPATH_INFO_EXPTIME |
2491
			MPATH_INFO_DISCOVERY_TIMEOUT |
2492
			MPATH_INFO_DISCOVERY_RETRIES |
2493
			MPATH_INFO_FLAGS |
2494
			MPATH_INFO_HOP_COUNT |
2495
			MPATH_INFO_PATH_CHANGE;
2496

2497
	pinfo->frame_qlen = mpath->frame_queue.qlen;
2498
	pinfo->sn = mpath->sn;
2499
	pinfo->metric = mpath->metric;
2500
	if (time_before(jiffies, mpath->exp_time))
2501
		pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
2502
	pinfo->discovery_timeout =
2503
			jiffies_to_msecs(mpath->discovery_timeout);
2504
	pinfo->discovery_retries = mpath->discovery_retries;
2505
	if (mpath->flags & MESH_PATH_ACTIVE)
2506
		pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
2507
	if (mpath->flags & MESH_PATH_RESOLVING)
2508
		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
2509
	if (mpath->flags & MESH_PATH_SN_VALID)
2510
		pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
2511
	if (mpath->flags & MESH_PATH_FIXED)
2512
		pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
2513
	if (mpath->flags & MESH_PATH_RESOLVED)
2514
		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVED;
2515
	pinfo->hop_count = mpath->hop_count;
2516
	pinfo->path_change_count = mpath->path_change_count;
2517
}
2518

2519
static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
2520
			       u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
2521

2522
{
2523
	struct ieee80211_sub_if_data *sdata;
2524
	struct mesh_path *mpath;
2525

2526
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2527

2528
	rcu_read_lock();
2529
	mpath = mesh_path_lookup(sdata, dst);
2530
	if (!mpath) {
2531
		rcu_read_unlock();
2532
		return -ENOENT;
2533
	}
2534
	memcpy(dst, mpath->dst, ETH_ALEN);
2535
	mpath_set_pinfo(mpath, next_hop, pinfo);
2536
	rcu_read_unlock();
2537
	return 0;
2538
}
2539

2540
static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
2541
				int idx, u8 *dst, u8 *next_hop,
2542
				struct mpath_info *pinfo)
2543
{
2544
	struct ieee80211_sub_if_data *sdata;
2545
	struct mesh_path *mpath;
2546

2547
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2548

2549
	rcu_read_lock();
2550
	mpath = mesh_path_lookup_by_idx(sdata, idx);
2551
	if (!mpath) {
2552
		rcu_read_unlock();
2553
		return -ENOENT;
2554
	}
2555
	memcpy(dst, mpath->dst, ETH_ALEN);
2556
	mpath_set_pinfo(mpath, next_hop, pinfo);
2557
	rcu_read_unlock();
2558
	return 0;
2559
}
2560

2561
static void mpp_set_pinfo(struct mesh_path *mpath, u8 *mpp,
2562
			  struct mpath_info *pinfo)
2563
{
2564
	memset(pinfo, 0, sizeof(*pinfo));
2565
	memcpy(mpp, mpath->mpp, ETH_ALEN);
2566

2567
	pinfo->generation = mpath->sdata->u.mesh.mpp_paths_generation;
2568
}
2569

2570
static int ieee80211_get_mpp(struct wiphy *wiphy, struct net_device *dev,
2571
			     u8 *dst, u8 *mpp, struct mpath_info *pinfo)
2572

2573
{
2574
	struct ieee80211_sub_if_data *sdata;
2575
	struct mesh_path *mpath;
2576

2577
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2578

2579
	rcu_read_lock();
2580
	mpath = mpp_path_lookup(sdata, dst);
2581
	if (!mpath) {
2582
		rcu_read_unlock();
2583
		return -ENOENT;
2584
	}
2585
	memcpy(dst, mpath->dst, ETH_ALEN);
2586
	mpp_set_pinfo(mpath, mpp, pinfo);
2587
	rcu_read_unlock();
2588
	return 0;
2589
}
2590

2591
static int ieee80211_dump_mpp(struct wiphy *wiphy, struct net_device *dev,
2592
			      int idx, u8 *dst, u8 *mpp,
2593
			      struct mpath_info *pinfo)
2594
{
2595
	struct ieee80211_sub_if_data *sdata;
2596
	struct mesh_path *mpath;
2597

2598
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2599

2600
	rcu_read_lock();
2601
	mpath = mpp_path_lookup_by_idx(sdata, idx);
2602
	if (!mpath) {
2603
		rcu_read_unlock();
2604
		return -ENOENT;
2605
	}
2606
	memcpy(dst, mpath->dst, ETH_ALEN);
2607
	mpp_set_pinfo(mpath, mpp, pinfo);
2608
	rcu_read_unlock();
2609
	return 0;
2610
}
2611

2612
static int ieee80211_get_mesh_config(struct wiphy *wiphy,
2613
				struct net_device *dev,
2614
				struct mesh_config *conf)
2615
{
2616
	struct ieee80211_sub_if_data *sdata;
2617
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2618

2619
	memcpy(conf, &(sdata->u.mesh.mshcfg), sizeof(struct mesh_config));
2620
	return 0;
2621
}
2622

2623
static inline bool _chg_mesh_attr(enum nl80211_meshconf_params parm, u32 mask)
2624
{
2625
	return (mask >> (parm-1)) & 0x1;
2626
}
2627

2628
static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
2629
		const struct mesh_setup *setup)
2630
{
2631
	u8 *new_ie;
2632
	struct ieee80211_sub_if_data *sdata = container_of(ifmsh,
2633
					struct ieee80211_sub_if_data, u.mesh);
2634
	int i;
2635

2636
	/* allocate information elements */
2637
	new_ie = NULL;
2638

2639
	if (setup->ie_len) {
2640
		new_ie = kmemdup(setup->ie, setup->ie_len,
2641
				GFP_KERNEL);
2642
		if (!new_ie)
2643
			return -ENOMEM;
2644
	}
2645
	ifmsh->ie_len = setup->ie_len;
2646
	ifmsh->ie = new_ie;
2647

2648
	/* now copy the rest of the setup parameters */
2649
	ifmsh->mesh_id_len = setup->mesh_id_len;
2650
	memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
2651
	ifmsh->mesh_sp_id = setup->sync_method;
2652
	ifmsh->mesh_pp_id = setup->path_sel_proto;
2653
	ifmsh->mesh_pm_id = setup->path_metric;
2654
	ifmsh->user_mpm = setup->user_mpm;
2655
	ifmsh->mesh_auth_id = setup->auth_id;
2656
	ifmsh->security = IEEE80211_MESH_SEC_NONE;
2657
	ifmsh->userspace_handles_dfs = setup->userspace_handles_dfs;
2658
	if (setup->is_authenticated)
2659
		ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
2660
	if (setup->is_secure)
2661
		ifmsh->security |= IEEE80211_MESH_SEC_SECURED;
2662

2663
	/* mcast rate setting in Mesh Node */
2664
	memcpy(sdata->vif.bss_conf.mcast_rate, setup->mcast_rate,
2665
						sizeof(setup->mcast_rate));
2666
	sdata->vif.bss_conf.basic_rates = setup->basic_rates;
2667

2668
	sdata->vif.bss_conf.beacon_int = setup->beacon_interval;
2669
	sdata->vif.bss_conf.dtim_period = setup->dtim_period;
2670

2671
	sdata->beacon_rate_set = false;
2672
	if (wiphy_ext_feature_isset(sdata->local->hw.wiphy,
2673
				    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
2674
		for (i = 0; i < NUM_NL80211_BANDS; i++) {
2675
			sdata->beacon_rateidx_mask[i] =
2676
				setup->beacon_rate.control[i].legacy;
2677
			if (sdata->beacon_rateidx_mask[i])
2678
				sdata->beacon_rate_set = true;
2679
		}
2680
	}
2681

2682
	return 0;
2683
}
2684

2685
static int ieee80211_update_mesh_config(struct wiphy *wiphy,
2686
					struct net_device *dev, u32 mask,
2687
					const struct mesh_config *nconf)
2688
{
2689
	struct mesh_config *conf;
2690
	struct ieee80211_sub_if_data *sdata;
2691
	struct ieee80211_if_mesh *ifmsh;
2692

2693
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2694
	ifmsh = &sdata->u.mesh;
2695

2696
	/* Set the config options which we are interested in setting */
2697
	conf = &(sdata->u.mesh.mshcfg);
2698
	if (_chg_mesh_attr(NL80211_MESHCONF_RETRY_TIMEOUT, mask))
2699
		conf->dot11MeshRetryTimeout = nconf->dot11MeshRetryTimeout;
2700
	if (_chg_mesh_attr(NL80211_MESHCONF_CONFIRM_TIMEOUT, mask))
2701
		conf->dot11MeshConfirmTimeout = nconf->dot11MeshConfirmTimeout;
2702
	if (_chg_mesh_attr(NL80211_MESHCONF_HOLDING_TIMEOUT, mask))
2703
		conf->dot11MeshHoldingTimeout = nconf->dot11MeshHoldingTimeout;
2704
	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_PEER_LINKS, mask))
2705
		conf->dot11MeshMaxPeerLinks = nconf->dot11MeshMaxPeerLinks;
2706
	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_RETRIES, mask))
2707
		conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries;
2708
	if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask))
2709
		conf->dot11MeshTTL = nconf->dot11MeshTTL;
2710
	if (_chg_mesh_attr(NL80211_MESHCONF_ELEMENT_TTL, mask))
2711
		conf->element_ttl = nconf->element_ttl;
2712
	if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask)) {
2713
		if (ifmsh->user_mpm)
2714
			return -EBUSY;
2715
		conf->auto_open_plinks = nconf->auto_open_plinks;
2716
	}
2717
	if (_chg_mesh_attr(NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, mask))
2718
		conf->dot11MeshNbrOffsetMaxNeighbor =
2719
			nconf->dot11MeshNbrOffsetMaxNeighbor;
2720
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask))
2721
		conf->dot11MeshHWMPmaxPREQretries =
2722
			nconf->dot11MeshHWMPmaxPREQretries;
2723
	if (_chg_mesh_attr(NL80211_MESHCONF_PATH_REFRESH_TIME, mask))
2724
		conf->path_refresh_time = nconf->path_refresh_time;
2725
	if (_chg_mesh_attr(NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, mask))
2726
		conf->min_discovery_timeout = nconf->min_discovery_timeout;
2727
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, mask))
2728
		conf->dot11MeshHWMPactivePathTimeout =
2729
			nconf->dot11MeshHWMPactivePathTimeout;
2730
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, mask))
2731
		conf->dot11MeshHWMPpreqMinInterval =
2732
			nconf->dot11MeshHWMPpreqMinInterval;
2733
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, mask))
2734
		conf->dot11MeshHWMPperrMinInterval =
2735
			nconf->dot11MeshHWMPperrMinInterval;
2736
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2737
			   mask))
2738
		conf->dot11MeshHWMPnetDiameterTraversalTime =
2739
			nconf->dot11MeshHWMPnetDiameterTraversalTime;
2740
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
2741
		conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
2742
		ieee80211_mesh_root_setup(ifmsh);
2743
	}
2744
	if (_chg_mesh_attr(NL80211_MESHCONF_GATE_ANNOUNCEMENTS, mask)) {
2745
		/* our current gate announcement implementation rides on root
2746
		 * announcements, so require this ifmsh to also be a root node
2747
		 * */
2748
		if (nconf->dot11MeshGateAnnouncementProtocol &&
2749
		    !(conf->dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT)) {
2750
			conf->dot11MeshHWMPRootMode = IEEE80211_PROACTIVE_RANN;
2751
			ieee80211_mesh_root_setup(ifmsh);
2752
		}
2753
		conf->dot11MeshGateAnnouncementProtocol =
2754
			nconf->dot11MeshGateAnnouncementProtocol;
2755
	}
2756
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_RANN_INTERVAL, mask))
2757
		conf->dot11MeshHWMPRannInterval =
2758
			nconf->dot11MeshHWMPRannInterval;
2759
	if (_chg_mesh_attr(NL80211_MESHCONF_FORWARDING, mask))
2760
		conf->dot11MeshForwarding = nconf->dot11MeshForwarding;
2761
	if (_chg_mesh_attr(NL80211_MESHCONF_RSSI_THRESHOLD, mask)) {
2762
		/* our RSSI threshold implementation is supported only for
2763
		 * devices that report signal in dBm.
2764
		 */
2765
		if (!ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM))
2766
			return -EOPNOTSUPP;
2767
		conf->rssi_threshold = nconf->rssi_threshold;
2768
	}
2769
	if (_chg_mesh_attr(NL80211_MESHCONF_HT_OPMODE, mask)) {
2770
		conf->ht_opmode = nconf->ht_opmode;
2771
		sdata->vif.bss_conf.ht_operation_mode = nconf->ht_opmode;
2772
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
2773
						  BSS_CHANGED_HT);
2774
	}
2775
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, mask))
2776
		conf->dot11MeshHWMPactivePathToRootTimeout =
2777
			nconf->dot11MeshHWMPactivePathToRootTimeout;
2778
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOT_INTERVAL, mask))
2779
		conf->dot11MeshHWMProotInterval =
2780
			nconf->dot11MeshHWMProotInterval;
2781
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, mask))
2782
		conf->dot11MeshHWMPconfirmationInterval =
2783
			nconf->dot11MeshHWMPconfirmationInterval;
2784
	if (_chg_mesh_attr(NL80211_MESHCONF_POWER_MODE, mask)) {
2785
		conf->power_mode = nconf->power_mode;
2786
		ieee80211_mps_local_status_update(sdata);
2787
	}
2788
	if (_chg_mesh_attr(NL80211_MESHCONF_AWAKE_WINDOW, mask))
2789
		conf->dot11MeshAwakeWindowDuration =
2790
			nconf->dot11MeshAwakeWindowDuration;
2791
	if (_chg_mesh_attr(NL80211_MESHCONF_PLINK_TIMEOUT, mask))
2792
		conf->plink_timeout = nconf->plink_timeout;
2793
	if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_GATE, mask))
2794
		conf->dot11MeshConnectedToMeshGate =
2795
			nconf->dot11MeshConnectedToMeshGate;
2796
	if (_chg_mesh_attr(NL80211_MESHCONF_NOLEARN, mask))
2797
		conf->dot11MeshNolearn = nconf->dot11MeshNolearn;
2798
	if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_AS, mask))
2799
		conf->dot11MeshConnectedToAuthServer =
2800
			nconf->dot11MeshConnectedToAuthServer;
2801
	ieee80211_mbss_info_change_notify(sdata, BSS_CHANGED_BEACON);
2802
	return 0;
2803
}
2804

2805
static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev,
2806
			       const struct mesh_config *conf,
2807
			       const struct mesh_setup *setup)
2808
{
2809
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2810
	struct ieee80211_chan_req chanreq = { .oper = setup->chandef };
2811
	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2812
	int err;
2813

2814
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2815

2816
	memcpy(&ifmsh->mshcfg, conf, sizeof(struct mesh_config));
2817
	err = copy_mesh_setup(ifmsh, setup);
2818
	if (err)
2819
		return err;
2820

2821
	sdata->control_port_over_nl80211 = setup->control_port_over_nl80211;
2822

2823
	/* can mesh use other SMPS modes? */
2824
	sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
2825
	sdata->deflink.needed_rx_chains = sdata->local->rx_chains;
2826

2827
	err = ieee80211_link_use_channel(&sdata->deflink, &chanreq,
2828
					 IEEE80211_CHANCTX_SHARED);
2829
	if (err)
2830
		return err;
2831

2832
	return ieee80211_start_mesh(sdata);
2833
}
2834

2835
static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
2836
{
2837
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2838

2839
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2840

2841
	ieee80211_stop_mesh(sdata);
2842
	ieee80211_link_release_channel(&sdata->deflink);
2843
	kfree(sdata->u.mesh.ie);
2844

2845
	return 0;
2846
}
2847
#endif
2848

2849
static int ieee80211_change_bss(struct wiphy *wiphy,
2850
				struct net_device *dev,
2851
				struct bss_parameters *params)
2852
{
2853
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2854
	struct ieee80211_link_data *link;
2855
	struct ieee80211_supported_band *sband;
2856
	u64 changed = 0;
2857

2858
	link = ieee80211_link_or_deflink(sdata, params->link_id, true);
2859
	if (IS_ERR(link))
2860
		return PTR_ERR(link);
2861

2862
	if (!sdata_dereference(link->u.ap.beacon, sdata))
2863
		return -ENOENT;
2864

2865
	sband = ieee80211_get_link_sband(link);
2866
	if (!sband)
2867
		return -EINVAL;
2868

2869
	if (params->basic_rates) {
2870
		if (!ieee80211_parse_bitrates(link->conf->chanreq.oper.width,
2871
					      wiphy->bands[sband->band],
2872
					      params->basic_rates,
2873
					      params->basic_rates_len,
2874
					      &link->conf->basic_rates))
2875
			return -EINVAL;
2876
		changed |= BSS_CHANGED_BASIC_RATES;
2877
		ieee80211_check_rate_mask(link);
2878
	}
2879

2880
	if (params->use_cts_prot >= 0) {
2881
		link->conf->use_cts_prot = params->use_cts_prot;
2882
		changed |= BSS_CHANGED_ERP_CTS_PROT;
2883
	}
2884
	if (params->use_short_preamble >= 0) {
2885
		link->conf->use_short_preamble = params->use_short_preamble;
2886
		changed |= BSS_CHANGED_ERP_PREAMBLE;
2887
	}
2888

2889
	if (!link->conf->use_short_slot &&
2890
	    (sband->band == NL80211_BAND_5GHZ ||
2891
	     sband->band == NL80211_BAND_6GHZ)) {
2892
		link->conf->use_short_slot = true;
2893
		changed |= BSS_CHANGED_ERP_SLOT;
2894
	}
2895

2896
	if (params->use_short_slot_time >= 0) {
2897
		link->conf->use_short_slot = params->use_short_slot_time;
2898
		changed |= BSS_CHANGED_ERP_SLOT;
2899
	}
2900

2901
	if (params->ap_isolate >= 0) {
2902
		if (params->ap_isolate)
2903
			sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
2904
		else
2905
			sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
2906
		ieee80211_check_fast_rx_iface(sdata);
2907
	}
2908

2909
	if (params->ht_opmode >= 0) {
2910
		link->conf->ht_operation_mode = (u16)params->ht_opmode;
2911
		changed |= BSS_CHANGED_HT;
2912
	}
2913

2914
	if (params->p2p_ctwindow >= 0) {
2915
		link->conf->p2p_noa_attr.oppps_ctwindow &=
2916
					~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2917
		link->conf->p2p_noa_attr.oppps_ctwindow |=
2918
			params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2919
		changed |= BSS_CHANGED_P2P_PS;
2920
	}
2921

2922
	if (params->p2p_opp_ps > 0) {
2923
		link->conf->p2p_noa_attr.oppps_ctwindow |=
2924
					IEEE80211_P2P_OPPPS_ENABLE_BIT;
2925
		changed |= BSS_CHANGED_P2P_PS;
2926
	} else if (params->p2p_opp_ps == 0) {
2927
		link->conf->p2p_noa_attr.oppps_ctwindow &=
2928
					~IEEE80211_P2P_OPPPS_ENABLE_BIT;
2929
		changed |= BSS_CHANGED_P2P_PS;
2930
	}
2931

2932
	ieee80211_link_info_change_notify(sdata, link, changed);
2933

2934
	return 0;
2935
}
2936

2937
static int ieee80211_set_txq_params(struct wiphy *wiphy,
2938
				    struct net_device *dev,
2939
				    struct ieee80211_txq_params *params)
2940
{
2941
	struct ieee80211_local *local = wiphy_priv(wiphy);
2942
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2943
	struct ieee80211_link_data *link =
2944
		ieee80211_link_or_deflink(sdata, params->link_id, true);
2945
	struct ieee80211_tx_queue_params p;
2946

2947
	if (!local->ops->conf_tx)
2948
		return -EOPNOTSUPP;
2949

2950
	if (local->hw.queues < IEEE80211_NUM_ACS)
2951
		return -EOPNOTSUPP;
2952

2953
	if (IS_ERR(link))
2954
		return PTR_ERR(link);
2955

2956
	memset(&p, 0, sizeof(p));
2957
	p.aifs = params->aifs;
2958
	p.cw_max = params->cwmax;
2959
	p.cw_min = params->cwmin;
2960
	p.txop = params->txop;
2961

2962
	/*
2963
	 * Setting tx queue params disables u-apsd because it's only
2964
	 * called in master mode.
2965
	 */
2966
	p.uapsd = false;
2967

2968
	ieee80211_regulatory_limit_wmm_params(sdata, &p, params->ac);
2969

2970
	link->tx_conf[params->ac] = p;
2971
	if (drv_conf_tx(local, link, params->ac, &p)) {
2972
		wiphy_debug(local->hw.wiphy,
2973
			    "failed to set TX queue parameters for AC %d\n",
2974
			    params->ac);
2975
		return -EINVAL;
2976
	}
2977

2978
	ieee80211_link_info_change_notify(sdata, link,
2979
					  BSS_CHANGED_QOS);
2980

2981
	return 0;
2982
}
2983

2984
#ifdef CONFIG_PM
2985
static int ieee80211_suspend(struct wiphy *wiphy,
2986
			     struct cfg80211_wowlan *wowlan)
2987
{
2988
	return __ieee80211_suspend(wiphy_priv(wiphy), wowlan);
2989
}
2990

2991
static int ieee80211_resume(struct wiphy *wiphy)
2992
{
2993
	return __ieee80211_resume(wiphy_priv(wiphy));
2994
}
2995
#else
2996
#define ieee80211_suspend NULL
2997
#define ieee80211_resume NULL
2998
#endif
2999

3000
static int ieee80211_scan(struct wiphy *wiphy,
3001
			  struct cfg80211_scan_request *req)
3002
{
3003
	struct ieee80211_sub_if_data *sdata;
3004

3005
	sdata = IEEE80211_WDEV_TO_SUB_IF(req->wdev);
3006

3007
	switch (ieee80211_vif_type_p2p(&sdata->vif)) {
3008
	case NL80211_IFTYPE_STATION:
3009
	case NL80211_IFTYPE_ADHOC:
3010
	case NL80211_IFTYPE_MESH_POINT:
3011
	case NL80211_IFTYPE_P2P_CLIENT:
3012
	case NL80211_IFTYPE_P2P_DEVICE:
3013
		break;
3014
	case NL80211_IFTYPE_P2P_GO:
3015
		if (sdata->local->ops->hw_scan)
3016
			break;
3017
		/*
3018
		 * FIXME: implement NoA while scanning in software,
3019
		 * for now fall through to allow scanning only when
3020
		 * beaconing hasn't been configured yet
3021
		 */
3022
		fallthrough;
3023
	case NL80211_IFTYPE_AP:
3024
		/*
3025
		 * If the scan has been forced (and the driver supports
3026
		 * forcing), don't care about being beaconing already.
3027
		 * This will create problems to the attached stations (e.g. all
3028
		 * the frames sent while scanning on other channel will be
3029
		 * lost)
3030
		 */
3031
		if (ieee80211_num_beaconing_links(sdata) &&
3032
		    (!(wiphy->features & NL80211_FEATURE_AP_SCAN) ||
3033
		     !(req->flags & NL80211_SCAN_FLAG_AP)))
3034
			return -EOPNOTSUPP;
3035
		break;
3036
	case NL80211_IFTYPE_NAN:
3037
	default:
3038
		return -EOPNOTSUPP;
3039
	}
3040

3041
	return ieee80211_request_scan(sdata, req);
3042
}
3043

3044
static void ieee80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev)
3045
{
3046
	ieee80211_scan_cancel(wiphy_priv(wiphy));
3047
}
3048

3049
static int
3050
ieee80211_sched_scan_start(struct wiphy *wiphy,
3051
			   struct net_device *dev,
3052
			   struct cfg80211_sched_scan_request *req)
3053
{
3054
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3055

3056
	if (!sdata->local->ops->sched_scan_start)
3057
		return -EOPNOTSUPP;
3058

3059
	return ieee80211_request_sched_scan_start(sdata, req);
3060
}
3061

3062
static int
3063
ieee80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev,
3064
			  u64 reqid)
3065
{
3066
	struct ieee80211_local *local = wiphy_priv(wiphy);
3067

3068
	if (!local->ops->sched_scan_stop)
3069
		return -EOPNOTSUPP;
3070

3071
	return ieee80211_request_sched_scan_stop(local);
3072
}
3073

3074
static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
3075
			  struct cfg80211_auth_request *req)
3076
{
3077
	return ieee80211_mgd_auth(IEEE80211_DEV_TO_SUB_IF(dev), req);
3078
}
3079

3080
static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
3081
			   struct cfg80211_assoc_request *req)
3082
{
3083
	return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
3084
}
3085

3086
static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,
3087
			    struct cfg80211_deauth_request *req)
3088
{
3089
	return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);
3090
}
3091

3092
static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
3093
			      struct cfg80211_disassoc_request *req)
3094
{
3095
	return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
3096
}
3097

3098
static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
3099
			       struct cfg80211_ibss_params *params)
3100
{
3101
	return ieee80211_ibss_join(IEEE80211_DEV_TO_SUB_IF(dev), params);
3102
}
3103

3104
static int ieee80211_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
3105
{
3106
	return ieee80211_ibss_leave(IEEE80211_DEV_TO_SUB_IF(dev));
3107
}
3108

3109
static int ieee80211_join_ocb(struct wiphy *wiphy, struct net_device *dev,
3110
			      struct ocb_setup *setup)
3111
{
3112
	return ieee80211_ocb_join(IEEE80211_DEV_TO_SUB_IF(dev), setup);
3113
}
3114

3115
static int ieee80211_leave_ocb(struct wiphy *wiphy, struct net_device *dev)
3116
{
3117
	return ieee80211_ocb_leave(IEEE80211_DEV_TO_SUB_IF(dev));
3118
}
3119

3120
static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev,
3121
				    int rate[NUM_NL80211_BANDS])
3122
{
3123
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3124

3125
	memcpy(sdata->vif.bss_conf.mcast_rate, rate,
3126
	       sizeof(int) * NUM_NL80211_BANDS);
3127

3128
	if (ieee80211_sdata_running(sdata))
3129
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3130
						  BSS_CHANGED_MCAST_RATE);
3131

3132
	return 0;
3133
}
3134

3135
static int ieee80211_set_wiphy_params(struct wiphy *wiphy, int radio_idx,
3136
				      u32 changed)
3137
{
3138
	struct ieee80211_local *local = wiphy_priv(wiphy);
3139
	int err;
3140

3141
	if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
3142
		ieee80211_check_fast_xmit_all(local);
3143

3144
		err = drv_set_frag_threshold(local, radio_idx,
3145
					     wiphy->frag_threshold);
3146

3147
		if (err) {
3148
			ieee80211_check_fast_xmit_all(local);
3149
			return err;
3150
		}
3151
	}
3152

3153
	if ((changed & WIPHY_PARAM_COVERAGE_CLASS) ||
3154
	    (changed & WIPHY_PARAM_DYN_ACK)) {
3155
		s16 coverage_class;
3156

3157
		coverage_class = changed & WIPHY_PARAM_COVERAGE_CLASS ?
3158
					wiphy->coverage_class : -1;
3159
		err = drv_set_coverage_class(local, radio_idx,
3160
					     coverage_class);
3161

3162
		if (err)
3163
			return err;
3164
	}
3165

3166
	if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
3167
		u32 rts_threshold;
3168

3169
		if ((radio_idx == -1) || (radio_idx >= wiphy->n_radio))
3170
			rts_threshold = wiphy->rts_threshold;
3171
		else
3172
			rts_threshold =
3173
				wiphy->radio_cfg[radio_idx].rts_threshold;
3174

3175
		err = drv_set_rts_threshold(local, radio_idx, rts_threshold);
3176

3177
		if (err)
3178
			return err;
3179
	}
3180

3181
	if (changed & WIPHY_PARAM_RETRY_SHORT) {
3182
		if (wiphy->retry_short > IEEE80211_MAX_TX_RETRY)
3183
			return -EINVAL;
3184
		local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
3185
	}
3186
	if (changed & WIPHY_PARAM_RETRY_LONG) {
3187
		if (wiphy->retry_long > IEEE80211_MAX_TX_RETRY)
3188
			return -EINVAL;
3189
		local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
3190
	}
3191
	if (changed &
3192
	    (WIPHY_PARAM_RETRY_SHORT | WIPHY_PARAM_RETRY_LONG))
3193
		ieee80211_hw_config(local, radio_idx,
3194
				    IEEE80211_CONF_CHANGE_RETRY_LIMITS);
3195

3196
	if (changed & (WIPHY_PARAM_TXQ_LIMIT |
3197
		       WIPHY_PARAM_TXQ_MEMORY_LIMIT |
3198
		       WIPHY_PARAM_TXQ_QUANTUM))
3199
		ieee80211_txq_set_params(local, radio_idx);
3200

3201
	return 0;
3202
}
3203

3204
static int ieee80211_set_tx_power(struct wiphy *wiphy,
3205
				  struct wireless_dev *wdev, int radio_idx,
3206
				  enum nl80211_tx_power_setting type, int mbm)
3207
{
3208
	struct ieee80211_local *local = wiphy_priv(wiphy);
3209
	struct ieee80211_sub_if_data *sdata;
3210
	enum nl80211_tx_power_setting txp_type = type;
3211
	bool update_txp_type = false;
3212
	bool has_monitor = false;
3213
	int user_power_level;
3214
	int old_power = local->user_power_level;
3215

3216
	lockdep_assert_wiphy(local->hw.wiphy);
3217

3218
	switch (type) {
3219
	case NL80211_TX_POWER_AUTOMATIC:
3220
		user_power_level = IEEE80211_UNSET_POWER_LEVEL;
3221
		txp_type = NL80211_TX_POWER_LIMITED;
3222
		break;
3223
	case NL80211_TX_POWER_LIMITED:
3224
	case NL80211_TX_POWER_FIXED:
3225
		if (mbm < 0 || (mbm % 100))
3226
			return -EOPNOTSUPP;
3227
		user_power_level = MBM_TO_DBM(mbm);
3228
		break;
3229
	default:
3230
		return -EINVAL;
3231
	}
3232

3233
	if (wdev) {
3234
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3235

3236
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3237
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
3238
			if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
3239
				return -EOPNOTSUPP;
3240

3241
			sdata = wiphy_dereference(local->hw.wiphy,
3242
						  local->monitor_sdata);
3243
			if (!sdata)
3244
				return -EOPNOTSUPP;
3245
		}
3246

3247
		for (int link_id = 0;
3248
		     link_id < ARRAY_SIZE(sdata->link);
3249
		     link_id++) {
3250
			struct ieee80211_link_data *link =
3251
				wiphy_dereference(wiphy, sdata->link[link_id]);
3252

3253
			if (!link)
3254
				continue;
3255

3256
			link->user_power_level = user_power_level;
3257

3258
			if (txp_type != link->conf->txpower_type) {
3259
				update_txp_type = true;
3260
				link->conf->txpower_type = txp_type;
3261
			}
3262

3263
			ieee80211_recalc_txpower(link, update_txp_type);
3264
		}
3265
		return 0;
3266
	}
3267

3268
	local->user_power_level = user_power_level;
3269

3270
	list_for_each_entry(sdata, &local->interfaces, list) {
3271
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3272
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
3273
			has_monitor = true;
3274
			continue;
3275
		}
3276

3277
		for (int link_id = 0;
3278
		     link_id < ARRAY_SIZE(sdata->link);
3279
		     link_id++) {
3280
			struct ieee80211_link_data *link =
3281
				wiphy_dereference(wiphy, sdata->link[link_id]);
3282

3283
			if (!link)
3284
				continue;
3285

3286
			link->user_power_level = local->user_power_level;
3287
			if (txp_type != link->conf->txpower_type)
3288
				update_txp_type = true;
3289
			link->conf->txpower_type = txp_type;
3290
		}
3291
	}
3292
	list_for_each_entry(sdata, &local->interfaces, list) {
3293
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3294
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
3295
			continue;
3296

3297
		for (int link_id = 0;
3298
		     link_id < ARRAY_SIZE(sdata->link);
3299
		     link_id++) {
3300
			struct ieee80211_link_data *link =
3301
				wiphy_dereference(wiphy, sdata->link[link_id]);
3302

3303
			if (!link)
3304
				continue;
3305

3306
			ieee80211_recalc_txpower(link, update_txp_type);
3307
		}
3308
	}
3309

3310
	if (has_monitor) {
3311
		sdata = wiphy_dereference(local->hw.wiphy,
3312
					  local->monitor_sdata);
3313
		if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
3314
			sdata->deflink.user_power_level = local->user_power_level;
3315
			if (txp_type != sdata->vif.bss_conf.txpower_type)
3316
				update_txp_type = true;
3317
			sdata->vif.bss_conf.txpower_type = txp_type;
3318

3319
			ieee80211_recalc_txpower(&sdata->deflink,
3320
						 update_txp_type);
3321
		}
3322
	}
3323

3324
	if (local->emulate_chanctx &&
3325
	    (old_power != local->user_power_level))
3326
		ieee80211_hw_conf_chan(local);
3327

3328
	return 0;
3329
}
3330

3331
static int ieee80211_get_tx_power(struct wiphy *wiphy,
3332
				  struct wireless_dev *wdev,
3333
				  int radio_idx,
3334
				  unsigned int link_id,
3335
				  int *dbm)
3336
{
3337
	struct ieee80211_local *local = wiphy_priv(wiphy);
3338
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3339
	struct ieee80211_link_data *link_data;
3340

3341
	if (local->ops->get_txpower &&
3342
	    (sdata->flags & IEEE80211_SDATA_IN_DRIVER))
3343
		return drv_get_txpower(local, sdata, link_id, dbm);
3344

3345
	if (local->emulate_chanctx) {
3346
		*dbm = local->hw.conf.power_level;
3347
	} else {
3348
		link_data = wiphy_dereference(wiphy, sdata->link[link_id]);
3349

3350
		if (link_data)
3351
			*dbm = link_data->conf->txpower;
3352
		else
3353
			return -ENOLINK;
3354
	}
3355

3356
	/* INT_MIN indicates no power level was set yet */
3357
	if (*dbm == INT_MIN)
3358
		return -EINVAL;
3359

3360
	return 0;
3361
}
3362

3363
static void ieee80211_rfkill_poll(struct wiphy *wiphy)
3364
{
3365
	struct ieee80211_local *local = wiphy_priv(wiphy);
3366

3367
	drv_rfkill_poll(local);
3368
}
3369

3370
#ifdef CONFIG_NL80211_TESTMODE
3371
static int ieee80211_testmode_cmd(struct wiphy *wiphy,
3372
				  struct wireless_dev *wdev,
3373
				  void *data, int len)
3374
{
3375
	struct ieee80211_local *local = wiphy_priv(wiphy);
3376
	struct ieee80211_vif *vif = NULL;
3377

3378
	if (!local->ops->testmode_cmd)
3379
		return -EOPNOTSUPP;
3380

3381
	if (wdev) {
3382
		struct ieee80211_sub_if_data *sdata;
3383

3384
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3385
		if (sdata->flags & IEEE80211_SDATA_IN_DRIVER)
3386
			vif = &sdata->vif;
3387
	}
3388

3389
	return local->ops->testmode_cmd(&local->hw, vif, data, len);
3390
}
3391

3392
static int ieee80211_testmode_dump(struct wiphy *wiphy,
3393
				   struct sk_buff *skb,
3394
				   struct netlink_callback *cb,
3395
				   void *data, int len)
3396
{
3397
	struct ieee80211_local *local = wiphy_priv(wiphy);
3398

3399
	if (!local->ops->testmode_dump)
3400
		return -EOPNOTSUPP;
3401

3402
	return local->ops->testmode_dump(&local->hw, skb, cb, data, len);
3403
}
3404
#endif
3405

3406
int __ieee80211_request_smps_mgd(struct ieee80211_sub_if_data *sdata,
3407
				 struct ieee80211_link_data *link,
3408
				 enum ieee80211_smps_mode smps_mode)
3409
{
3410
	const u8 *ap;
3411
	enum ieee80211_smps_mode old_req;
3412
	int err;
3413
	struct sta_info *sta;
3414
	bool tdls_peer_found = false;
3415

3416
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
3417

3418
	if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION))
3419
		return -EINVAL;
3420

3421
	if (!ieee80211_vif_link_active(&sdata->vif, link->link_id))
3422
		return 0;
3423

3424
	old_req = link->u.mgd.req_smps;
3425
	link->u.mgd.req_smps = smps_mode;
3426

3427
	/* The driver indicated that EML is enabled for the interface, which
3428
	 * implies that SMPS flows towards the AP should be stopped.
3429
	 */
3430
	if (sdata->vif.driver_flags & IEEE80211_VIF_EML_ACTIVE)
3431
		return 0;
3432

3433
	if (old_req == smps_mode &&
3434
	    smps_mode != IEEE80211_SMPS_AUTOMATIC)
3435
		return 0;
3436

3437
	/*
3438
	 * If not associated, or current association is not an HT
3439
	 * association, there's no need to do anything, just store
3440
	 * the new value until we associate.
3441
	 */
3442
	if (!sdata->u.mgd.associated ||
3443
	    link->conf->chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT)
3444
		return 0;
3445

3446
	ap = sdata->vif.cfg.ap_addr;
3447

3448
	rcu_read_lock();
3449
	list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
3450
		if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
3451
		    !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
3452
			continue;
3453

3454
		tdls_peer_found = true;
3455
		break;
3456
	}
3457
	rcu_read_unlock();
3458

3459
	if (smps_mode == IEEE80211_SMPS_AUTOMATIC) {
3460
		if (tdls_peer_found || !sdata->u.mgd.powersave)
3461
			smps_mode = IEEE80211_SMPS_OFF;
3462
		else
3463
			smps_mode = IEEE80211_SMPS_DYNAMIC;
3464
	}
3465

3466
	/* send SM PS frame to AP */
3467
	err = ieee80211_send_smps_action(sdata, smps_mode,
3468
					 ap, ap,
3469
					 ieee80211_vif_is_mld(&sdata->vif) ?
3470
					 link->link_id : -1);
3471
	if (err)
3472
		link->u.mgd.req_smps = old_req;
3473
	else if (smps_mode != IEEE80211_SMPS_OFF && tdls_peer_found)
3474
		ieee80211_teardown_tdls_peers(link);
3475

3476
	return err;
3477
}
3478

3479
static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
3480
				    bool enabled, int timeout)
3481
{
3482
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3483
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3484
	unsigned int link_id;
3485

3486
	if (sdata->vif.type != NL80211_IFTYPE_STATION)
3487
		return -EOPNOTSUPP;
3488

3489
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
3490
		return -EOPNOTSUPP;
3491

3492
	if (enabled == sdata->u.mgd.powersave &&
3493
	    timeout == local->dynamic_ps_forced_timeout)
3494
		return 0;
3495

3496
	sdata->u.mgd.powersave = enabled;
3497
	local->dynamic_ps_forced_timeout = timeout;
3498

3499
	/* no change, but if automatic follow powersave */
3500
	for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
3501
		struct ieee80211_link_data *link;
3502

3503
		link = sdata_dereference(sdata->link[link_id], sdata);
3504

3505
		if (!link)
3506
			continue;
3507
		__ieee80211_request_smps_mgd(sdata, link,
3508
					     link->u.mgd.req_smps);
3509
	}
3510

3511
	if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
3512
		ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3513

3514
	ieee80211_recalc_ps(local);
3515
	ieee80211_recalc_ps_vif(sdata);
3516
	ieee80211_check_fast_rx_iface(sdata);
3517

3518
	return 0;
3519
}
3520

3521
static void ieee80211_set_cqm_rssi_link(struct ieee80211_sub_if_data *sdata,
3522
					struct ieee80211_link_data *link,
3523
					s32 rssi_thold, u32 rssi_hyst,
3524
					s32 rssi_low, s32 rssi_high)
3525
{
3526
	struct ieee80211_bss_conf *conf;
3527

3528
	if (!link || !link->conf)
3529
		return;
3530

3531
	conf = link->conf;
3532

3533
	if (rssi_thold && rssi_hyst &&
3534
	    rssi_thold == conf->cqm_rssi_thold &&
3535
	    rssi_hyst == conf->cqm_rssi_hyst)
3536
		return;
3537

3538
	conf->cqm_rssi_thold = rssi_thold;
3539
	conf->cqm_rssi_hyst = rssi_hyst;
3540
	conf->cqm_rssi_low = rssi_low;
3541
	conf->cqm_rssi_high = rssi_high;
3542
	link->u.mgd.last_cqm_event_signal = 0;
3543

3544
	if (!ieee80211_vif_link_active(&sdata->vif, link->link_id))
3545
		return;
3546

3547
	if (sdata->u.mgd.associated &&
3548
	    (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI))
3549
		ieee80211_link_info_change_notify(sdata, link, BSS_CHANGED_CQM);
3550
}
3551

3552
static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
3553
					 struct net_device *dev,
3554
					 s32 rssi_thold, u32 rssi_hyst)
3555
{
3556
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3557
	struct ieee80211_vif *vif = &sdata->vif;
3558
	int link_id;
3559

3560
	if (vif->driver_flags & IEEE80211_VIF_BEACON_FILTER &&
3561
	    !(vif->driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI))
3562
		return -EOPNOTSUPP;
3563

3564
	/* For MLD, handle CQM change on all the active links */
3565
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3566
		struct ieee80211_link_data *link =
3567
			sdata_dereference(sdata->link[link_id], sdata);
3568

3569
		ieee80211_set_cqm_rssi_link(sdata, link, rssi_thold, rssi_hyst,
3570
					    0, 0);
3571
	}
3572

3573
	return 0;
3574
}
3575

3576
static int ieee80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
3577
					       struct net_device *dev,
3578
					       s32 rssi_low, s32 rssi_high)
3579
{
3580
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3581
	struct ieee80211_vif *vif = &sdata->vif;
3582
	int link_id;
3583

3584
	if (vif->driver_flags & IEEE80211_VIF_BEACON_FILTER)
3585
		return -EOPNOTSUPP;
3586

3587
	/* For MLD, handle CQM change on all the active links */
3588
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3589
		struct ieee80211_link_data *link =
3590
			sdata_dereference(sdata->link[link_id], sdata);
3591

3592
		ieee80211_set_cqm_rssi_link(sdata, link, 0, 0,
3593
					    rssi_low, rssi_high);
3594
	}
3595

3596
	return 0;
3597
}
3598

3599
static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
3600
				      struct net_device *dev,
3601
				      unsigned int link_id,
3602
				      const u8 *addr,
3603
				      const struct cfg80211_bitrate_mask *mask)
3604
{
3605
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3606
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3607
	int i, ret;
3608

3609
	if (!ieee80211_sdata_running(sdata))
3610
		return -ENETDOWN;
3611

3612
	/*
3613
	 * If active validate the setting and reject it if it doesn't leave
3614
	 * at least one basic rate usable, since we really have to be able
3615
	 * to send something, and if we're an AP we have to be able to do
3616
	 * so at a basic rate so that all clients can receive it.
3617
	 */
3618
	if (rcu_access_pointer(sdata->vif.bss_conf.chanctx_conf) &&
3619
	    sdata->vif.bss_conf.chanreq.oper.chan) {
3620
		u32 basic_rates = sdata->vif.bss_conf.basic_rates;
3621
		enum nl80211_band band;
3622

3623
		band = sdata->vif.bss_conf.chanreq.oper.chan->band;
3624

3625
		if (!(mask->control[band].legacy & basic_rates))
3626
			return -EINVAL;
3627
	}
3628

3629
	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3630
		ret = drv_set_bitrate_mask(local, sdata, mask);
3631
		if (ret)
3632
			return ret;
3633
	}
3634

3635
	for (i = 0; i < NUM_NL80211_BANDS; i++) {
3636
		struct ieee80211_supported_band *sband = wiphy->bands[i];
3637
		int j;
3638

3639
		sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
3640
		memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].ht_mcs,
3641
		       sizeof(mask->control[i].ht_mcs));
3642
		memcpy(sdata->rc_rateidx_vht_mcs_mask[i],
3643
		       mask->control[i].vht_mcs,
3644
		       sizeof(mask->control[i].vht_mcs));
3645

3646
		sdata->rc_has_mcs_mask[i] = false;
3647
		sdata->rc_has_vht_mcs_mask[i] = false;
3648
		if (!sband)
3649
			continue;
3650

3651
		for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
3652
			if (sdata->rc_rateidx_mcs_mask[i][j] != 0xff) {
3653
				sdata->rc_has_mcs_mask[i] = true;
3654
				break;
3655
			}
3656
		}
3657

3658
		for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
3659
			if (sdata->rc_rateidx_vht_mcs_mask[i][j] != 0xffff) {
3660
				sdata->rc_has_vht_mcs_mask[i] = true;
3661
				break;
3662
			}
3663
		}
3664
	}
3665

3666
	return 0;
3667
}
3668

3669
static bool ieee80211_is_scan_ongoing(struct wiphy *wiphy,
3670
				      struct ieee80211_local *local,
3671
				      struct cfg80211_chan_def *chandef)
3672
{
3673
	struct cfg80211_scan_request *scan_req;
3674
	int chan_radio_idx, req_radio_idx;
3675
	struct ieee80211_roc_work *roc;
3676

3677
	if (list_empty(&local->roc_list) && !local->scanning)
3678
		return false;
3679

3680
	if (wiphy->n_radio < 2)
3681
		return true;
3682

3683
	req_radio_idx = cfg80211_get_radio_idx_by_chan(wiphy, chandef->chan);
3684
	if (req_radio_idx < 0)
3685
		return true;
3686

3687
	if (local->scanning) {
3688
		scan_req = wiphy_dereference(wiphy, local->scan_req);
3689
		/*
3690
		 * Scan is going on but info is not there. Should not happen
3691
		 * but if it does, let's not take risk and assume we can't use
3692
		 * the hw hence return true
3693
		 */
3694
		if (WARN_ON_ONCE(!scan_req))
3695
			return true;
3696

3697
		return ieee80211_is_radio_idx_in_scan_req(wiphy, scan_req,
3698
							  req_radio_idx);
3699
	}
3700

3701
	list_for_each_entry(roc, &local->roc_list, list) {
3702
		chan_radio_idx = cfg80211_get_radio_idx_by_chan(wiphy,
3703
								roc->chan);
3704
		/*
3705
		 * The roc work is added but chan_radio_idx is invalid.
3706
		 * Should not happen but if it does, let's not take
3707
		 * risk and return true.
3708
		 */
3709
		if (chan_radio_idx < 0)
3710
			return true;
3711

3712
		if (chan_radio_idx == req_radio_idx)
3713
			return true;
3714
	}
3715

3716
	return false;
3717
}
3718

3719
static int ieee80211_start_radar_detection(struct wiphy *wiphy,
3720
					   struct net_device *dev,
3721
					   struct cfg80211_chan_def *chandef,
3722
					   u32 cac_time_ms, int link_id)
3723
{
3724
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3725
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
3726
	struct ieee80211_local *local = sdata->local;
3727
	struct ieee80211_link_data *link_data;
3728
	int err;
3729

3730
	lockdep_assert_wiphy(local->hw.wiphy);
3731

3732
	if (ieee80211_is_scan_ongoing(wiphy, local, chandef))
3733
		return -EBUSY;
3734

3735
	link_data = sdata_dereference(sdata->link[link_id], sdata);
3736
	if (!link_data)
3737
		return -ENOLINK;
3738

3739
	/* whatever, but channel contexts should not complain about that one */
3740
	link_data->smps_mode = IEEE80211_SMPS_OFF;
3741
	link_data->needed_rx_chains = local->rx_chains;
3742

3743
	err = ieee80211_link_use_channel(link_data, &chanreq,
3744
					 IEEE80211_CHANCTX_SHARED);
3745
	if (err)
3746
		return err;
3747

3748
	wiphy_delayed_work_queue(wiphy, &link_data->dfs_cac_timer_work,
3749
				 msecs_to_jiffies(cac_time_ms));
3750

3751
	return 0;
3752
}
3753

3754
static void ieee80211_end_cac(struct wiphy *wiphy,
3755
			      struct net_device *dev, unsigned int link_id)
3756
{
3757
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3758
	struct ieee80211_local *local = sdata->local;
3759
	struct ieee80211_link_data *link_data;
3760

3761
	lockdep_assert_wiphy(local->hw.wiphy);
3762

3763
	list_for_each_entry(sdata, &local->interfaces, list) {
3764
		link_data = sdata_dereference(sdata->link[link_id], sdata);
3765
		if (!link_data)
3766
			continue;
3767

3768
		wiphy_delayed_work_cancel(wiphy,
3769
					  &link_data->dfs_cac_timer_work);
3770

3771
		if (sdata->wdev.links[link_id].cac_started) {
3772
			ieee80211_link_release_channel(link_data);
3773
			sdata->wdev.links[link_id].cac_started = false;
3774
		}
3775
	}
3776
}
3777

3778
static struct cfg80211_beacon_data *
3779
cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
3780
{
3781
	struct cfg80211_beacon_data *new_beacon;
3782
	u8 *pos;
3783
	int len;
3784

3785
	len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
3786
	      beacon->proberesp_ies_len + beacon->assocresp_ies_len +
3787
	      beacon->probe_resp_len + beacon->lci_len + beacon->civicloc_len;
3788

3789
	if (beacon->mbssid_ies)
3790
		len += ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies,
3791
						       beacon->rnr_ies,
3792
						       beacon->mbssid_ies->cnt);
3793

3794
	new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL);
3795
	if (!new_beacon)
3796
		return NULL;
3797

3798
	if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
3799
		new_beacon->mbssid_ies =
3800
			kzalloc(struct_size(new_beacon->mbssid_ies,
3801
					    elem, beacon->mbssid_ies->cnt),
3802
				GFP_KERNEL);
3803
		if (!new_beacon->mbssid_ies) {
3804
			kfree(new_beacon);
3805
			return NULL;
3806
		}
3807

3808
		if (beacon->rnr_ies && beacon->rnr_ies->cnt) {
3809
			new_beacon->rnr_ies =
3810
				kzalloc(struct_size(new_beacon->rnr_ies,
3811
						    elem, beacon->rnr_ies->cnt),
3812
					GFP_KERNEL);
3813
			if (!new_beacon->rnr_ies) {
3814
				kfree(new_beacon->mbssid_ies);
3815
				kfree(new_beacon);
3816
				return NULL;
3817
			}
3818
		}
3819
	}
3820

3821
	pos = (u8 *)(new_beacon + 1);
3822
	if (beacon->head_len) {
3823
		new_beacon->head_len = beacon->head_len;
3824
		new_beacon->head = pos;
3825
		memcpy(pos, beacon->head, beacon->head_len);
3826
		pos += beacon->head_len;
3827
	}
3828
	if (beacon->tail_len) {
3829
		new_beacon->tail_len = beacon->tail_len;
3830
		new_beacon->tail = pos;
3831
		memcpy(pos, beacon->tail, beacon->tail_len);
3832
		pos += beacon->tail_len;
3833
	}
3834
	if (beacon->beacon_ies_len) {
3835
		new_beacon->beacon_ies_len = beacon->beacon_ies_len;
3836
		new_beacon->beacon_ies = pos;
3837
		memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len);
3838
		pos += beacon->beacon_ies_len;
3839
	}
3840
	if (beacon->proberesp_ies_len) {
3841
		new_beacon->proberesp_ies_len = beacon->proberesp_ies_len;
3842
		new_beacon->proberesp_ies = pos;
3843
		memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len);
3844
		pos += beacon->proberesp_ies_len;
3845
	}
3846
	if (beacon->assocresp_ies_len) {
3847
		new_beacon->assocresp_ies_len = beacon->assocresp_ies_len;
3848
		new_beacon->assocresp_ies = pos;
3849
		memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len);
3850
		pos += beacon->assocresp_ies_len;
3851
	}
3852
	if (beacon->probe_resp_len) {
3853
		new_beacon->probe_resp_len = beacon->probe_resp_len;
3854
		new_beacon->probe_resp = pos;
3855
		memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
3856
		pos += beacon->probe_resp_len;
3857
	}
3858
	if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
3859
		pos += ieee80211_copy_mbssid_beacon(pos,
3860
						    new_beacon->mbssid_ies,
3861
						    beacon->mbssid_ies);
3862
		if (beacon->rnr_ies && beacon->rnr_ies->cnt)
3863
			pos += ieee80211_copy_rnr_beacon(pos,
3864
							 new_beacon->rnr_ies,
3865
							 beacon->rnr_ies);
3866
	}
3867

3868
	/* might copy -1, meaning no changes requested */
3869
	new_beacon->ftm_responder = beacon->ftm_responder;
3870
	if (beacon->lci) {
3871
		new_beacon->lci_len = beacon->lci_len;
3872
		new_beacon->lci = pos;
3873
		memcpy(pos, beacon->lci, beacon->lci_len);
3874
		pos += beacon->lci_len;
3875
	}
3876
	if (beacon->civicloc) {
3877
		new_beacon->civicloc_len = beacon->civicloc_len;
3878
		new_beacon->civicloc = pos;
3879
		memcpy(pos, beacon->civicloc, beacon->civicloc_len);
3880
		pos += beacon->civicloc_len;
3881
	}
3882

3883
	return new_beacon;
3884
}
3885

3886
void ieee80211_csa_finish(struct ieee80211_vif *vif, unsigned int link_id)
3887
{
3888
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3889
	struct ieee80211_local *local = sdata->local;
3890
	struct ieee80211_bss_conf *tx_bss_conf;
3891
	struct ieee80211_link_data *link_data;
3892

3893
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
3894
		return;
3895

3896
	rcu_read_lock();
3897

3898
	link_data = rcu_dereference(sdata->link[link_id]);
3899
	if (WARN_ON(!link_data)) {
3900
		rcu_read_unlock();
3901
		return;
3902
	}
3903

3904
	tx_bss_conf = rcu_dereference(link_data->conf->tx_bss_conf);
3905
	if (tx_bss_conf == link_data->conf) {
3906
		/* Trigger ieee80211_csa_finish() on the non-transmitting
3907
		 * interfaces when channel switch is received on
3908
		 * transmitting interface
3909
		 */
3910
		struct ieee80211_link_data *iter;
3911

3912
		for_each_sdata_link_rcu(local, iter) {
3913
			if (iter->sdata == sdata ||
3914
			    rcu_access_pointer(iter->conf->tx_bss_conf) != tx_bss_conf)
3915
				continue;
3916

3917
			wiphy_work_queue(iter->sdata->local->hw.wiphy,
3918
					 &iter->csa.finalize_work);
3919
		}
3920
	}
3921

3922
	wiphy_work_queue(local->hw.wiphy, &link_data->csa.finalize_work);
3923

3924
	rcu_read_unlock();
3925
}
3926
EXPORT_SYMBOL(ieee80211_csa_finish);
3927

3928
void ieee80211_channel_switch_disconnect(struct ieee80211_vif *vif)
3929
{
3930
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3931
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3932
	struct ieee80211_local *local = sdata->local;
3933

3934
	sdata_info(sdata, "channel switch failed, disconnecting\n");
3935
	wiphy_work_queue(local->hw.wiphy, &ifmgd->csa_connection_drop_work);
3936
}
3937
EXPORT_SYMBOL(ieee80211_channel_switch_disconnect);
3938

3939
static int ieee80211_set_after_csa_beacon(struct ieee80211_link_data *link_data,
3940
					  u64 *changed)
3941
{
3942
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
3943
	int err;
3944

3945
	switch (sdata->vif.type) {
3946
	case NL80211_IFTYPE_AP:
3947
		if (!link_data->u.ap.next_beacon)
3948
			return -EINVAL;
3949

3950
		err = ieee80211_assign_beacon(sdata, link_data,
3951
					      link_data->u.ap.next_beacon,
3952
					      NULL, NULL, changed);
3953
		ieee80211_free_next_beacon(link_data);
3954

3955
		if (err < 0)
3956
			return err;
3957
		break;
3958
	case NL80211_IFTYPE_ADHOC:
3959
		err = ieee80211_ibss_finish_csa(sdata, changed);
3960
		if (err < 0)
3961
			return err;
3962
		break;
3963
#ifdef CONFIG_MAC80211_MESH
3964
	case NL80211_IFTYPE_MESH_POINT:
3965
		err = ieee80211_mesh_finish_csa(sdata, changed);
3966
		if (err < 0)
3967
			return err;
3968
		break;
3969
#endif
3970
	default:
3971
		WARN_ON(1);
3972
		return -EINVAL;
3973
	}
3974

3975
	return 0;
3976
}
3977

3978
static int __ieee80211_csa_finalize(struct ieee80211_link_data *link_data)
3979
{
3980
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
3981
	struct ieee80211_local *local = sdata->local;
3982
	struct ieee80211_bss_conf *link_conf = link_data->conf;
3983
	u64 changed = 0;
3984
	int err;
3985

3986
	lockdep_assert_wiphy(local->hw.wiphy);
3987

3988
	/*
3989
	 * using reservation isn't immediate as it may be deferred until later
3990
	 * with multi-vif. once reservation is complete it will re-schedule the
3991
	 * work with no reserved_chanctx so verify chandef to check if it
3992
	 * completed successfully
3993
	 */
3994

3995
	if (link_data->reserved_chanctx) {
3996
		/*
3997
		 * with multi-vif csa driver may call ieee80211_csa_finish()
3998
		 * many times while waiting for other interfaces to use their
3999
		 * reservations
4000
		 */
4001
		if (link_data->reserved_ready)
4002
			return 0;
4003

4004
		return ieee80211_link_use_reserved_context(link_data);
4005
	}
4006

4007
	if (!cfg80211_chandef_identical(&link_conf->chanreq.oper,
4008
					&link_data->csa.chanreq.oper))
4009
		return -EINVAL;
4010

4011
	link_conf->csa_active = false;
4012

4013
	err = ieee80211_set_after_csa_beacon(link_data, &changed);
4014
	if (err)
4015
		return err;
4016

4017
	ieee80211_link_info_change_notify(sdata, link_data, changed);
4018

4019
	ieee80211_vif_unblock_queues_csa(sdata);
4020

4021
	err = drv_post_channel_switch(link_data);
4022
	if (err)
4023
		return err;
4024

4025
	cfg80211_ch_switch_notify(sdata->dev, &link_data->csa.chanreq.oper,
4026
				  link_data->link_id);
4027

4028
	return 0;
4029
}
4030

4031
static void ieee80211_csa_finalize(struct ieee80211_link_data *link_data)
4032
{
4033
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4034

4035
	if (__ieee80211_csa_finalize(link_data)) {
4036
		sdata_info(sdata, "failed to finalize CSA on link %d, disconnecting\n",
4037
			   link_data->link_id);
4038
		cfg80211_stop_iface(sdata->local->hw.wiphy, &sdata->wdev,
4039
				    GFP_KERNEL);
4040
	}
4041
}
4042

4043
void ieee80211_csa_finalize_work(struct wiphy *wiphy, struct wiphy_work *work)
4044
{
4045
	struct ieee80211_link_data *link =
4046
		container_of(work, struct ieee80211_link_data, csa.finalize_work);
4047
	struct ieee80211_sub_if_data *sdata = link->sdata;
4048
	struct ieee80211_local *local = sdata->local;
4049

4050
	lockdep_assert_wiphy(local->hw.wiphy);
4051

4052
	/* AP might have been stopped while waiting for the lock. */
4053
	if (!link->conf->csa_active)
4054
		return;
4055

4056
	if (!ieee80211_sdata_running(sdata))
4057
		return;
4058

4059
	ieee80211_csa_finalize(link);
4060
}
4061

4062
static int ieee80211_set_csa_beacon(struct ieee80211_link_data *link_data,
4063
				    struct cfg80211_csa_settings *params,
4064
				    u64 *changed)
4065
{
4066
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4067
	struct ieee80211_csa_settings csa = {};
4068
	int err;
4069

4070
	switch (sdata->vif.type) {
4071
	case NL80211_IFTYPE_AP:
4072
		link_data->u.ap.next_beacon =
4073
			cfg80211_beacon_dup(&params->beacon_after);
4074
		if (!link_data->u.ap.next_beacon)
4075
			return -ENOMEM;
4076

4077
		/*
4078
		 * With a count of 0, we don't have to wait for any
4079
		 * TBTT before switching, so complete the CSA
4080
		 * immediately.  In theory, with a count == 1 we
4081
		 * should delay the switch until just before the next
4082
		 * TBTT, but that would complicate things so we switch
4083
		 * immediately too.  If we would delay the switch
4084
		 * until the next TBTT, we would have to set the probe
4085
		 * response here.
4086
		 *
4087
		 * TODO: A channel switch with count <= 1 without
4088
		 * sending a CSA action frame is kind of useless,
4089
		 * because the clients won't know we're changing
4090
		 * channels.  The action frame must be implemented
4091
		 * either here or in the userspace.
4092
		 */
4093
		if (params->count <= 1)
4094
			break;
4095

4096
		if ((params->n_counter_offsets_beacon >
4097
		     IEEE80211_MAX_CNTDWN_COUNTERS_NUM) ||
4098
		    (params->n_counter_offsets_presp >
4099
		     IEEE80211_MAX_CNTDWN_COUNTERS_NUM)) {
4100
			ieee80211_free_next_beacon(link_data);
4101
			return -EINVAL;
4102
		}
4103

4104
		csa.counter_offsets_beacon = params->counter_offsets_beacon;
4105
		csa.counter_offsets_presp = params->counter_offsets_presp;
4106
		csa.n_counter_offsets_beacon = params->n_counter_offsets_beacon;
4107
		csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
4108
		csa.count = params->count;
4109

4110
		err = ieee80211_assign_beacon(sdata, link_data,
4111
					      &params->beacon_csa, &csa,
4112
					      NULL, changed);
4113
		if (err < 0) {
4114
			ieee80211_free_next_beacon(link_data);
4115
			return err;
4116
		}
4117

4118
		break;
4119
	case NL80211_IFTYPE_ADHOC:
4120
		if (!sdata->vif.cfg.ibss_joined)
4121
			return -EINVAL;
4122

4123
		if (params->chandef.width != sdata->u.ibss.chandef.width)
4124
			return -EINVAL;
4125

4126
		switch (params->chandef.width) {
4127
		case NL80211_CHAN_WIDTH_40:
4128
			if (cfg80211_get_chandef_type(&params->chandef) !=
4129
			    cfg80211_get_chandef_type(&sdata->u.ibss.chandef))
4130
				return -EINVAL;
4131
			break;
4132
		case NL80211_CHAN_WIDTH_5:
4133
		case NL80211_CHAN_WIDTH_10:
4134
		case NL80211_CHAN_WIDTH_20_NOHT:
4135
		case NL80211_CHAN_WIDTH_20:
4136
			break;
4137
		default:
4138
			return -EINVAL;
4139
		}
4140

4141
		/* changes into another band are not supported */
4142
		if (sdata->u.ibss.chandef.chan->band !=
4143
		    params->chandef.chan->band)
4144
			return -EINVAL;
4145

4146
		/* see comments in the NL80211_IFTYPE_AP block */
4147
		if (params->count > 1) {
4148
			err = ieee80211_ibss_csa_beacon(sdata, params, changed);
4149
			if (err < 0)
4150
				return err;
4151
		}
4152

4153
		ieee80211_send_action_csa(sdata, params);
4154

4155
		break;
4156
#ifdef CONFIG_MAC80211_MESH
4157
	case NL80211_IFTYPE_MESH_POINT: {
4158
		struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
4159

4160
		/* changes into another band are not supported */
4161
		if (sdata->vif.bss_conf.chanreq.oper.chan->band !=
4162
		    params->chandef.chan->band)
4163
			return -EINVAL;
4164

4165
		if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_NONE) {
4166
			ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_INIT;
4167
			if (!ifmsh->pre_value)
4168
				ifmsh->pre_value = 1;
4169
			else
4170
				ifmsh->pre_value++;
4171
		}
4172

4173
		/* see comments in the NL80211_IFTYPE_AP block */
4174
		if (params->count > 1) {
4175
			err = ieee80211_mesh_csa_beacon(sdata, params, changed);
4176
			if (err < 0) {
4177
				ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
4178
				return err;
4179
			}
4180
		}
4181

4182
		if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT)
4183
			ieee80211_send_action_csa(sdata, params);
4184

4185
		break;
4186
		}
4187
#endif
4188
	default:
4189
		return -EOPNOTSUPP;
4190
	}
4191

4192
	return 0;
4193
}
4194

4195
static void ieee80211_color_change_abort(struct ieee80211_link_data *link)
4196
{
4197
	link->conf->color_change_active = false;
4198

4199
	ieee80211_free_next_beacon(link);
4200

4201
	cfg80211_color_change_aborted_notify(link->sdata->dev, link->link_id);
4202
}
4203

4204
static int
4205
__ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
4206
			   struct cfg80211_csa_settings *params)
4207
{
4208
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4209
	struct ieee80211_chan_req chanreq = { .oper = params->chandef };
4210
	struct ieee80211_local *local = sdata->local;
4211
	struct ieee80211_channel_switch ch_switch = {
4212
		.link_id = params->link_id,
4213
	};
4214
	struct ieee80211_chanctx_conf *conf;
4215
	struct ieee80211_chanctx *chanctx;
4216
	struct ieee80211_bss_conf *link_conf;
4217
	struct ieee80211_link_data *link_data;
4218
	u64 changed = 0;
4219
	u8 link_id = params->link_id;
4220
	int err;
4221

4222
	lockdep_assert_wiphy(local->hw.wiphy);
4223

4224
	if (ieee80211_is_scan_ongoing(wiphy, local, &params->chandef))
4225
		return -EBUSY;
4226

4227
	if (sdata->wdev.links[link_id].cac_started)
4228
		return -EBUSY;
4229

4230
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
4231
		return -EINVAL;
4232

4233
	link_data = wiphy_dereference(wiphy, sdata->link[link_id]);
4234
	if (!link_data)
4235
		return -ENOLINK;
4236

4237
	link_conf = link_data->conf;
4238

4239
	if (chanreq.oper.punctured && !link_conf->eht_support)
4240
		return -EINVAL;
4241

4242
	/* don't allow another channel switch if one is already active. */
4243
	if (link_conf->csa_active)
4244
		return -EBUSY;
4245

4246
	conf = wiphy_dereference(wiphy, link_conf->chanctx_conf);
4247
	if (!conf) {
4248
		err = -EBUSY;
4249
		goto out;
4250
	}
4251

4252
	if (params->chandef.chan->freq_offset) {
4253
		/* this may work, but is untested */
4254
		err = -EOPNOTSUPP;
4255
		goto out;
4256
	}
4257

4258
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
4259
						   &params->unsol_bcast_probe_resp,
4260
						   link_data, link_conf, &changed);
4261
	if (err)
4262
		goto out;
4263

4264
	chanctx = container_of(conf, struct ieee80211_chanctx, conf);
4265

4266
	ch_switch.timestamp = 0;
4267
	ch_switch.device_timestamp = 0;
4268
	ch_switch.block_tx = params->block_tx;
4269
	ch_switch.chandef = chanreq.oper;
4270
	ch_switch.count = params->count;
4271

4272
	err = drv_pre_channel_switch(sdata, &ch_switch);
4273
	if (err)
4274
		goto out;
4275

4276
	err = ieee80211_link_reserve_chanctx(link_data, &chanreq,
4277
					     chanctx->mode,
4278
					     params->radar_required);
4279
	if (err)
4280
		goto out;
4281

4282
	/* if reservation is invalid then this will fail */
4283
	err = ieee80211_check_combinations(sdata, NULL, chanctx->mode, 0, -1);
4284
	if (err) {
4285
		ieee80211_link_unreserve_chanctx(link_data);
4286
		goto out;
4287
	}
4288

4289
	/* if there is a color change in progress, abort it */
4290
	if (link_conf->color_change_active)
4291
		ieee80211_color_change_abort(link_data);
4292

4293
	err = ieee80211_set_csa_beacon(link_data, params, &changed);
4294
	if (err) {
4295
		ieee80211_link_unreserve_chanctx(link_data);
4296
		goto out;
4297
	}
4298

4299
	link_data->csa.chanreq = chanreq;
4300
	link_conf->csa_active = true;
4301

4302
	if (params->block_tx)
4303
		ieee80211_vif_block_queues_csa(sdata);
4304

4305
	cfg80211_ch_switch_started_notify(sdata->dev,
4306
					  &link_data->csa.chanreq.oper, link_id,
4307
					  params->count, params->block_tx);
4308

4309
	if (changed) {
4310
		ieee80211_link_info_change_notify(sdata, link_data, changed);
4311
		drv_channel_switch_beacon(sdata, &link_data->csa.chanreq.oper);
4312
	} else {
4313
		/* if the beacon didn't change, we can finalize immediately */
4314
		ieee80211_csa_finalize(link_data);
4315
	}
4316

4317
out:
4318
	return err;
4319
}
4320

4321
int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
4322
			     struct cfg80211_csa_settings *params)
4323
{
4324
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4325
	struct ieee80211_local *local = sdata->local;
4326

4327
	lockdep_assert_wiphy(local->hw.wiphy);
4328

4329
	return __ieee80211_channel_switch(wiphy, dev, params);
4330
}
4331

4332
u64 ieee80211_mgmt_tx_cookie(struct ieee80211_local *local)
4333
{
4334
	lockdep_assert_wiphy(local->hw.wiphy);
4335

4336
	local->roc_cookie_counter++;
4337

4338
	/* wow, you wrapped 64 bits ... more likely a bug */
4339
	if (WARN_ON(local->roc_cookie_counter == 0))
4340
		local->roc_cookie_counter++;
4341

4342
	return local->roc_cookie_counter;
4343
}
4344

4345
int ieee80211_attach_ack_skb(struct ieee80211_local *local, struct sk_buff *skb,
4346
			     u64 *cookie, gfp_t gfp)
4347
{
4348
	unsigned long spin_flags;
4349
	struct sk_buff *ack_skb;
4350
	int id;
4351

4352
	ack_skb = skb_copy(skb, gfp);
4353
	if (!ack_skb)
4354
		return -ENOMEM;
4355

4356
	spin_lock_irqsave(&local->ack_status_lock, spin_flags);
4357
	id = idr_alloc(&local->ack_status_frames, ack_skb,
4358
		       1, 0x2000, GFP_ATOMIC);
4359
	spin_unlock_irqrestore(&local->ack_status_lock, spin_flags);
4360

4361
	if (id < 0) {
4362
		kfree_skb(ack_skb);
4363
		return -ENOMEM;
4364
	}
4365

4366
	IEEE80211_SKB_CB(skb)->status_data_idr = 1;
4367
	IEEE80211_SKB_CB(skb)->status_data = id;
4368

4369
	*cookie = ieee80211_mgmt_tx_cookie(local);
4370
	IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
4371

4372
	return 0;
4373
}
4374

4375
static void
4376
ieee80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
4377
					  struct wireless_dev *wdev,
4378
					  struct mgmt_frame_regs *upd)
4379
{
4380
	struct ieee80211_local *local = wiphy_priv(wiphy);
4381
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4382
	u32 preq_mask = BIT(IEEE80211_STYPE_PROBE_REQ >> 4);
4383
	u32 action_mask = BIT(IEEE80211_STYPE_ACTION >> 4);
4384
	bool global_change, intf_change;
4385

4386
	global_change =
4387
		(local->probe_req_reg != !!(upd->global_stypes & preq_mask)) ||
4388
		(local->rx_mcast_action_reg !=
4389
		 !!(upd->global_mcast_stypes & action_mask));
4390
	local->probe_req_reg = upd->global_stypes & preq_mask;
4391
	local->rx_mcast_action_reg = upd->global_mcast_stypes & action_mask;
4392

4393
	intf_change = (sdata->vif.probe_req_reg !=
4394
		       !!(upd->interface_stypes & preq_mask)) ||
4395
		(sdata->vif.rx_mcast_action_reg !=
4396
		 !!(upd->interface_mcast_stypes & action_mask));
4397
	sdata->vif.probe_req_reg = upd->interface_stypes & preq_mask;
4398
	sdata->vif.rx_mcast_action_reg =
4399
		upd->interface_mcast_stypes & action_mask;
4400

4401
	if (!local->open_count)
4402
		return;
4403

4404
	if (intf_change && ieee80211_sdata_running(sdata))
4405
		drv_config_iface_filter(local, sdata,
4406
					sdata->vif.probe_req_reg ?
4407
						FIF_PROBE_REQ : 0,
4408
					FIF_PROBE_REQ);
4409

4410
	if (global_change)
4411
		ieee80211_configure_filter(local);
4412
}
4413

4414
static int ieee80211_set_antenna(struct wiphy *wiphy, int radio_idx,
4415
				 u32 tx_ant, u32 rx_ant)
4416
{
4417
	struct ieee80211_local *local = wiphy_priv(wiphy);
4418
	int ret;
4419

4420
	if (local->started)
4421
		return -EOPNOTSUPP;
4422

4423
	ret = drv_set_antenna(local, tx_ant, rx_ant);
4424
	if (ret)
4425
		return ret;
4426

4427
	local->rx_chains = hweight8(rx_ant);
4428
	return 0;
4429
}
4430

4431
static int ieee80211_get_antenna(struct wiphy *wiphy, int radio_idx,
4432
				 u32 *tx_ant, u32 *rx_ant)
4433
{
4434
	struct ieee80211_local *local = wiphy_priv(wiphy);
4435

4436
	return drv_get_antenna(local, radio_idx, tx_ant, rx_ant);
4437
}
4438

4439
static int ieee80211_set_rekey_data(struct wiphy *wiphy,
4440
				    struct net_device *dev,
4441
				    struct cfg80211_gtk_rekey_data *data)
4442
{
4443
	struct ieee80211_local *local = wiphy_priv(wiphy);
4444
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4445

4446
	if (!local->ops->set_rekey_data)
4447
		return -EOPNOTSUPP;
4448

4449
	drv_set_rekey_data(local, sdata, data);
4450

4451
	return 0;
4452
}
4453

4454
static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
4455
				  const u8 *peer, u64 *cookie)
4456
{
4457
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4458
	struct ieee80211_local *local = sdata->local;
4459
	struct ieee80211_qos_hdr *nullfunc;
4460
	struct sk_buff *skb;
4461
	int size = sizeof(*nullfunc);
4462
	__le16 fc;
4463
	bool qos;
4464
	struct ieee80211_tx_info *info;
4465
	struct sta_info *sta;
4466
	struct ieee80211_chanctx_conf *chanctx_conf;
4467
	enum nl80211_band band;
4468
	int ret;
4469

4470
	/* the lock is needed to assign the cookie later */
4471
	lockdep_assert_wiphy(local->hw.wiphy);
4472

4473
	rcu_read_lock();
4474
	sta = sta_info_get_bss(sdata, peer);
4475
	if (!sta) {
4476
		ret = -ENOLINK;
4477
		goto unlock;
4478
	}
4479

4480
	qos = sta->sta.wme;
4481

4482
	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
4483
	if (WARN_ON(!chanctx_conf)) {
4484
		ret = -EINVAL;
4485
		goto unlock;
4486
	}
4487
	band = chanctx_conf->def.chan->band;
4488

4489
	if (qos) {
4490
		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
4491
				 IEEE80211_STYPE_QOS_NULLFUNC |
4492
				 IEEE80211_FCTL_FROMDS);
4493
	} else {
4494
		size -= 2;
4495
		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
4496
				 IEEE80211_STYPE_NULLFUNC |
4497
				 IEEE80211_FCTL_FROMDS);
4498
	}
4499

4500
	skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
4501
	if (!skb) {
4502
		ret = -ENOMEM;
4503
		goto unlock;
4504
	}
4505

4506
	skb->dev = dev;
4507

4508
	skb_reserve(skb, local->hw.extra_tx_headroom);
4509

4510
	nullfunc = skb_put(skb, size);
4511
	nullfunc->frame_control = fc;
4512
	nullfunc->duration_id = 0;
4513
	memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
4514
	memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
4515
	memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
4516
	nullfunc->seq_ctrl = 0;
4517

4518
	info = IEEE80211_SKB_CB(skb);
4519

4520
	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
4521
		       IEEE80211_TX_INTFL_NL80211_FRAME_TX;
4522
	info->band = band;
4523

4524
	skb_set_queue_mapping(skb, IEEE80211_AC_VO);
4525
	skb->priority = 7;
4526
	if (qos)
4527
		nullfunc->qos_ctrl = cpu_to_le16(7);
4528

4529
	ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_ATOMIC);
4530
	if (ret) {
4531
		kfree_skb(skb);
4532
		goto unlock;
4533
	}
4534

4535
	local_bh_disable();
4536
	ieee80211_xmit(sdata, sta, skb);
4537
	local_bh_enable();
4538

4539
	ret = 0;
4540
unlock:
4541
	rcu_read_unlock();
4542

4543
	return ret;
4544
}
4545

4546
static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
4547
				     struct wireless_dev *wdev,
4548
				     unsigned int link_id,
4549
				     struct cfg80211_chan_def *chandef)
4550
{
4551
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4552
	struct ieee80211_local *local = wiphy_priv(wiphy);
4553
	struct ieee80211_chanctx_conf *chanctx_conf;
4554
	struct ieee80211_link_data *link;
4555
	int ret = -ENODATA;
4556

4557
	rcu_read_lock();
4558
	link = rcu_dereference(sdata->link[link_id]);
4559
	if (!link) {
4560
		ret = -ENOLINK;
4561
		goto out;
4562
	}
4563

4564
	chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
4565
	if (chanctx_conf) {
4566
		*chandef = link->conf->chanreq.oper;
4567
		ret = 0;
4568
	} else if (local->open_count > 0 &&
4569
		   local->open_count == local->virt_monitors &&
4570
		   sdata->vif.type == NL80211_IFTYPE_MONITOR) {
4571
		*chandef = local->monitor_chanreq.oper;
4572
		ret = 0;
4573
	}
4574
out:
4575
	rcu_read_unlock();
4576

4577
	return ret;
4578
}
4579

4580
#ifdef CONFIG_PM
4581
static void ieee80211_set_wakeup(struct wiphy *wiphy, bool enabled)
4582
{
4583
	drv_set_wakeup(wiphy_priv(wiphy), enabled);
4584
}
4585
#endif
4586

4587
static int ieee80211_set_qos_map(struct wiphy *wiphy,
4588
				 struct net_device *dev,
4589
				 struct cfg80211_qos_map *qos_map)
4590
{
4591
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4592
	struct mac80211_qos_map *new_qos_map, *old_qos_map;
4593

4594
	if (qos_map) {
4595
		new_qos_map = kzalloc(sizeof(*new_qos_map), GFP_KERNEL);
4596
		if (!new_qos_map)
4597
			return -ENOMEM;
4598
		memcpy(&new_qos_map->qos_map, qos_map, sizeof(*qos_map));
4599
	} else {
4600
		/* A NULL qos_map was passed to disable QoS mapping */
4601
		new_qos_map = NULL;
4602
	}
4603

4604
	old_qos_map = sdata_dereference(sdata->qos_map, sdata);
4605
	rcu_assign_pointer(sdata->qos_map, new_qos_map);
4606
	if (old_qos_map)
4607
		kfree_rcu(old_qos_map, rcu_head);
4608

4609
	return 0;
4610
}
4611

4612
static int ieee80211_set_ap_chanwidth(struct wiphy *wiphy,
4613
				      struct net_device *dev,
4614
				      unsigned int link_id,
4615
				      struct cfg80211_chan_def *chandef)
4616
{
4617
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4618
	struct ieee80211_link_data *link;
4619
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
4620
	int ret;
4621
	u64 changed = 0;
4622

4623
	link = sdata_dereference(sdata->link[link_id], sdata);
4624

4625
	ret = ieee80211_link_change_chanreq(link, &chanreq, &changed);
4626
	if (ret == 0)
4627
		ieee80211_link_info_change_notify(sdata, link, changed);
4628

4629
	return ret;
4630
}
4631

4632
static int ieee80211_add_tx_ts(struct wiphy *wiphy, struct net_device *dev,
4633
			       u8 tsid, const u8 *peer, u8 up,
4634
			       u16 admitted_time)
4635
{
4636
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4637
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4638
	int ac = ieee802_1d_to_ac[up];
4639

4640
	if (sdata->vif.type != NL80211_IFTYPE_STATION)
4641
		return -EOPNOTSUPP;
4642

4643
	if (!(sdata->wmm_acm & BIT(up)))
4644
		return -EINVAL;
4645

4646
	if (ifmgd->tx_tspec[ac].admitted_time)
4647
		return -EBUSY;
4648

4649
	if (admitted_time) {
4650
		ifmgd->tx_tspec[ac].admitted_time = 32 * admitted_time;
4651
		ifmgd->tx_tspec[ac].tsid = tsid;
4652
		ifmgd->tx_tspec[ac].up = up;
4653
	}
4654

4655
	return 0;
4656
}
4657

4658
static int ieee80211_del_tx_ts(struct wiphy *wiphy, struct net_device *dev,
4659
			       u8 tsid, const u8 *peer)
4660
{
4661
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4662
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4663
	struct ieee80211_local *local = wiphy_priv(wiphy);
4664
	int ac;
4665

4666
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4667
		struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
4668

4669
		/* skip unused entries */
4670
		if (!tx_tspec->admitted_time)
4671
			continue;
4672

4673
		if (tx_tspec->tsid != tsid)
4674
			continue;
4675

4676
		/* due to this new packets will be reassigned to non-ACM ACs */
4677
		tx_tspec->up = -1;
4678

4679
		/* Make sure that all packets have been sent to avoid to
4680
		 * restore the QoS params on packets that are still on the
4681
		 * queues.
4682
		 */
4683
		synchronize_net();
4684
		ieee80211_flush_queues(local, sdata, false);
4685

4686
		/* restore the normal QoS parameters
4687
		 * (unconditionally to avoid races)
4688
		 */
4689
		tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
4690
		tx_tspec->downgraded = false;
4691
		ieee80211_sta_handle_tspec_ac_params(sdata);
4692

4693
		/* finally clear all the data */
4694
		memset(tx_tspec, 0, sizeof(*tx_tspec));
4695

4696
		return 0;
4697
	}
4698

4699
	return -ENOENT;
4700
}
4701

4702
void ieee80211_nan_func_terminated(struct ieee80211_vif *vif,
4703
				   u8 inst_id,
4704
				   enum nl80211_nan_func_term_reason reason,
4705
				   gfp_t gfp)
4706
{
4707
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4708
	struct cfg80211_nan_func *func;
4709
	u64 cookie;
4710

4711
	if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
4712
		return;
4713

4714
	spin_lock_bh(&sdata->u.nan.func_lock);
4715

4716
	func = idr_find(&sdata->u.nan.function_inst_ids, inst_id);
4717
	if (WARN_ON(!func)) {
4718
		spin_unlock_bh(&sdata->u.nan.func_lock);
4719
		return;
4720
	}
4721

4722
	cookie = func->cookie;
4723
	idr_remove(&sdata->u.nan.function_inst_ids, inst_id);
4724

4725
	spin_unlock_bh(&sdata->u.nan.func_lock);
4726

4727
	cfg80211_free_nan_func(func);
4728

4729
	cfg80211_nan_func_terminated(ieee80211_vif_to_wdev(vif), inst_id,
4730
				     reason, cookie, gfp);
4731
}
4732
EXPORT_SYMBOL(ieee80211_nan_func_terminated);
4733

4734
void ieee80211_nan_func_match(struct ieee80211_vif *vif,
4735
			      struct cfg80211_nan_match_params *match,
4736
			      gfp_t gfp)
4737
{
4738
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4739
	struct cfg80211_nan_func *func;
4740

4741
	if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
4742
		return;
4743

4744
	spin_lock_bh(&sdata->u.nan.func_lock);
4745

4746
	func = idr_find(&sdata->u.nan.function_inst_ids,  match->inst_id);
4747
	if (WARN_ON(!func)) {
4748
		spin_unlock_bh(&sdata->u.nan.func_lock);
4749
		return;
4750
	}
4751
	match->cookie = func->cookie;
4752

4753
	spin_unlock_bh(&sdata->u.nan.func_lock);
4754

4755
	cfg80211_nan_match(ieee80211_vif_to_wdev(vif), match, gfp);
4756
}
4757
EXPORT_SYMBOL(ieee80211_nan_func_match);
4758

4759
static int ieee80211_set_multicast_to_unicast(struct wiphy *wiphy,
4760
					      struct net_device *dev,
4761
					      const bool enabled)
4762
{
4763
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4764

4765
	sdata->u.ap.multicast_to_unicast = enabled;
4766

4767
	return 0;
4768
}
4769

4770
void ieee80211_fill_txq_stats(struct cfg80211_txq_stats *txqstats,
4771
			      struct txq_info *txqi)
4772
{
4773
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_BYTES))) {
4774
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_BYTES);
4775
		txqstats->backlog_bytes = txqi->tin.backlog_bytes;
4776
	}
4777

4778
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS))) {
4779
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS);
4780
		txqstats->backlog_packets = txqi->tin.backlog_packets;
4781
	}
4782

4783
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_FLOWS))) {
4784
		txqstats->filled |= BIT(NL80211_TXQ_STATS_FLOWS);
4785
		txqstats->flows = txqi->tin.flows;
4786
	}
4787

4788
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_DROPS))) {
4789
		txqstats->filled |= BIT(NL80211_TXQ_STATS_DROPS);
4790
		txqstats->drops = txqi->cstats.drop_count;
4791
	}
4792

4793
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_ECN_MARKS))) {
4794
		txqstats->filled |= BIT(NL80211_TXQ_STATS_ECN_MARKS);
4795
		txqstats->ecn_marks = txqi->cstats.ecn_mark;
4796
	}
4797

4798
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_OVERLIMIT))) {
4799
		txqstats->filled |= BIT(NL80211_TXQ_STATS_OVERLIMIT);
4800
		txqstats->overlimit = txqi->tin.overlimit;
4801
	}
4802

4803
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_COLLISIONS))) {
4804
		txqstats->filled |= BIT(NL80211_TXQ_STATS_COLLISIONS);
4805
		txqstats->collisions = txqi->tin.collisions;
4806
	}
4807

4808
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_BYTES))) {
4809
		txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_BYTES);
4810
		txqstats->tx_bytes = txqi->tin.tx_bytes;
4811
	}
4812

4813
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_PACKETS))) {
4814
		txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_PACKETS);
4815
		txqstats->tx_packets = txqi->tin.tx_packets;
4816
	}
4817
}
4818

4819
static int ieee80211_get_txq_stats(struct wiphy *wiphy,
4820
				   struct wireless_dev *wdev,
4821
				   struct cfg80211_txq_stats *txqstats)
4822
{
4823
	struct ieee80211_local *local = wiphy_priv(wiphy);
4824
	struct ieee80211_sub_if_data *sdata;
4825
	int ret = 0;
4826

4827
	spin_lock_bh(&local->fq.lock);
4828
	rcu_read_lock();
4829

4830
	if (wdev) {
4831
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4832
		if (!sdata->vif.txq) {
4833
			ret = 1;
4834
			goto out;
4835
		}
4836
		ieee80211_fill_txq_stats(txqstats, to_txq_info(sdata->vif.txq));
4837
	} else {
4838
		/* phy stats */
4839
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS) |
4840
				    BIT(NL80211_TXQ_STATS_BACKLOG_BYTES) |
4841
				    BIT(NL80211_TXQ_STATS_OVERLIMIT) |
4842
				    BIT(NL80211_TXQ_STATS_OVERMEMORY) |
4843
				    BIT(NL80211_TXQ_STATS_COLLISIONS) |
4844
				    BIT(NL80211_TXQ_STATS_MAX_FLOWS);
4845
		txqstats->backlog_packets = local->fq.backlog;
4846
		txqstats->backlog_bytes = local->fq.memory_usage;
4847
		txqstats->overlimit = local->fq.overlimit;
4848
		txqstats->overmemory = local->fq.overmemory;
4849
		txqstats->collisions = local->fq.collisions;
4850
		txqstats->max_flows = local->fq.flows_cnt;
4851
	}
4852

4853
out:
4854
	rcu_read_unlock();
4855
	spin_unlock_bh(&local->fq.lock);
4856

4857
	return ret;
4858
}
4859

4860
static int
4861
ieee80211_get_ftm_responder_stats(struct wiphy *wiphy,
4862
				  struct net_device *dev,
4863
				  struct cfg80211_ftm_responder_stats *ftm_stats)
4864
{
4865
	struct ieee80211_local *local = wiphy_priv(wiphy);
4866
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4867

4868
	return drv_get_ftm_responder_stats(local, sdata, ftm_stats);
4869
}
4870

4871
static int
4872
ieee80211_start_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
4873
		     struct cfg80211_pmsr_request *request)
4874
{
4875
	struct ieee80211_local *local = wiphy_priv(wiphy);
4876
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
4877

4878
	return drv_start_pmsr(local, sdata, request);
4879
}
4880

4881
static void
4882
ieee80211_abort_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
4883
		     struct cfg80211_pmsr_request *request)
4884
{
4885
	struct ieee80211_local *local = wiphy_priv(wiphy);
4886
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
4887

4888
	return drv_abort_pmsr(local, sdata, request);
4889
}
4890

4891
static int ieee80211_set_tid_config(struct wiphy *wiphy,
4892
				    struct net_device *dev,
4893
				    struct cfg80211_tid_config *tid_conf)
4894
{
4895
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4896
	struct sta_info *sta;
4897

4898
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
4899

4900
	if (!sdata->local->ops->set_tid_config)
4901
		return -EOPNOTSUPP;
4902

4903
	if (!tid_conf->peer)
4904
		return drv_set_tid_config(sdata->local, sdata, NULL, tid_conf);
4905

4906
	sta = sta_info_get_bss(sdata, tid_conf->peer);
4907
	if (!sta)
4908
		return -ENOENT;
4909

4910
	return drv_set_tid_config(sdata->local, sdata, &sta->sta, tid_conf);
4911
}
4912

4913
static int ieee80211_reset_tid_config(struct wiphy *wiphy,
4914
				      struct net_device *dev,
4915
				      const u8 *peer, u8 tids)
4916
{
4917
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4918
	struct sta_info *sta;
4919

4920
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
4921

4922
	if (!sdata->local->ops->reset_tid_config)
4923
		return -EOPNOTSUPP;
4924

4925
	if (!peer)
4926
		return drv_reset_tid_config(sdata->local, sdata, NULL, tids);
4927

4928
	sta = sta_info_get_bss(sdata, peer);
4929
	if (!sta)
4930
		return -ENOENT;
4931

4932
	return drv_reset_tid_config(sdata->local, sdata, &sta->sta, tids);
4933
}
4934

4935
static int ieee80211_set_sar_specs(struct wiphy *wiphy,
4936
				   struct cfg80211_sar_specs *sar)
4937
{
4938
	struct ieee80211_local *local = wiphy_priv(wiphy);
4939

4940
	if (!local->ops->set_sar_specs)
4941
		return -EOPNOTSUPP;
4942

4943
	return local->ops->set_sar_specs(&local->hw, sar);
4944
}
4945

4946
static int
4947
ieee80211_set_after_color_change_beacon(struct ieee80211_link_data *link,
4948
					u64 *changed)
4949
{
4950
	struct ieee80211_sub_if_data *sdata = link->sdata;
4951

4952
	switch (sdata->vif.type) {
4953
	case NL80211_IFTYPE_AP: {
4954
		int ret;
4955

4956
		if (!link->u.ap.next_beacon)
4957
			return -EINVAL;
4958

4959
		ret = ieee80211_assign_beacon(sdata, link,
4960
					      link->u.ap.next_beacon,
4961
					      NULL, NULL, changed);
4962
		ieee80211_free_next_beacon(link);
4963

4964
		if (ret < 0)
4965
			return ret;
4966

4967
		break;
4968
	}
4969
	default:
4970
		WARN_ON_ONCE(1);
4971
		return -EINVAL;
4972
	}
4973

4974
	return 0;
4975
}
4976

4977
static int
4978
ieee80211_set_color_change_beacon(struct ieee80211_link_data *link,
4979
				  struct cfg80211_color_change_settings *params,
4980
				  u64 *changed)
4981
{
4982
	struct ieee80211_sub_if_data *sdata = link->sdata;
4983
	struct ieee80211_color_change_settings color_change = {};
4984
	int err;
4985

4986
	switch (sdata->vif.type) {
4987
	case NL80211_IFTYPE_AP:
4988
		link->u.ap.next_beacon =
4989
			cfg80211_beacon_dup(&params->beacon_next);
4990
		if (!link->u.ap.next_beacon)
4991
			return -ENOMEM;
4992

4993
		if (params->count <= 1)
4994
			break;
4995

4996
		color_change.counter_offset_beacon =
4997
			params->counter_offset_beacon;
4998
		color_change.counter_offset_presp =
4999
			params->counter_offset_presp;
5000
		color_change.count = params->count;
5001

5002
		err = ieee80211_assign_beacon(sdata, link,
5003
					      &params->beacon_color_change,
5004
					      NULL, &color_change, changed);
5005
		if (err < 0) {
5006
			ieee80211_free_next_beacon(link);
5007
			return err;
5008
		}
5009
		break;
5010
	default:
5011
		return -EOPNOTSUPP;
5012
	}
5013

5014
	return 0;
5015
}
5016

5017
static void
5018
ieee80211_color_change_bss_config_notify(struct ieee80211_link_data *link,
5019
					 u8 color, int enable, u64 changed)
5020
{
5021
	struct ieee80211_sub_if_data *sdata = link->sdata;
5022

5023
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5024

5025
	link->conf->he_bss_color.color = color;
5026
	link->conf->he_bss_color.enabled = enable;
5027
	changed |= BSS_CHANGED_HE_BSS_COLOR;
5028

5029
	ieee80211_link_info_change_notify(sdata, link, changed);
5030

5031
	if (!link->conf->nontransmitted &&
5032
	    rcu_access_pointer(link->conf->tx_bss_conf)) {
5033
		struct ieee80211_link_data *tmp;
5034

5035
		for_each_sdata_link(sdata->local, tmp) {
5036
			if (tmp->sdata == sdata ||
5037
			    rcu_access_pointer(tmp->conf->tx_bss_conf) != link->conf)
5038
				continue;
5039

5040
			tmp->conf->he_bss_color.color = color;
5041
			tmp->conf->he_bss_color.enabled = enable;
5042
			ieee80211_link_info_change_notify(tmp->sdata, tmp,
5043
							  BSS_CHANGED_HE_BSS_COLOR);
5044
		}
5045
	}
5046
}
5047

5048
static int ieee80211_color_change_finalize(struct ieee80211_link_data *link)
5049
{
5050
	struct ieee80211_sub_if_data *sdata = link->sdata;
5051
	struct ieee80211_local *local = sdata->local;
5052
	u64 changed = 0;
5053
	int err;
5054

5055
	lockdep_assert_wiphy(local->hw.wiphy);
5056

5057
	link->conf->color_change_active = false;
5058

5059
	err = ieee80211_set_after_color_change_beacon(link, &changed);
5060
	if (err) {
5061
		cfg80211_color_change_aborted_notify(sdata->dev, link->link_id);
5062
		return err;
5063
	}
5064

5065
	ieee80211_color_change_bss_config_notify(link,
5066
						 link->conf->color_change_color,
5067
						 1, changed);
5068
	cfg80211_color_change_notify(sdata->dev, link->link_id);
5069

5070
	return 0;
5071
}
5072

5073
void ieee80211_color_change_finalize_work(struct wiphy *wiphy,
5074
					  struct wiphy_work *work)
5075
{
5076
	struct ieee80211_link_data *link =
5077
		container_of(work, struct ieee80211_link_data,
5078
			     color_change_finalize_work);
5079
	struct ieee80211_sub_if_data *sdata = link->sdata;
5080
	struct ieee80211_bss_conf *link_conf = link->conf;
5081
	struct ieee80211_local *local = sdata->local;
5082

5083
	lockdep_assert_wiphy(local->hw.wiphy);
5084

5085
	/* AP might have been stopped while waiting for the lock. */
5086
	if (!link_conf->color_change_active)
5087
		return;
5088

5089
	if (!ieee80211_sdata_running(sdata))
5090
		return;
5091

5092
	ieee80211_color_change_finalize(link);
5093
}
5094

5095
void ieee80211_color_collision_detection_work(struct wiphy *wiphy,
5096
					      struct wiphy_work *work)
5097
{
5098
	struct ieee80211_link_data *link =
5099
		container_of(work, struct ieee80211_link_data,
5100
			     color_collision_detect_work.work);
5101
	struct ieee80211_sub_if_data *sdata = link->sdata;
5102

5103
	cfg80211_obss_color_collision_notify(sdata->dev, link->color_bitmap,
5104
					     link->link_id);
5105
}
5106

5107
void ieee80211_color_change_finish(struct ieee80211_vif *vif, u8 link_id)
5108
{
5109
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5110
	struct ieee80211_link_data *link;
5111

5112
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5113
		return;
5114

5115
	rcu_read_lock();
5116

5117
	link = rcu_dereference(sdata->link[link_id]);
5118
	if (WARN_ON(!link)) {
5119
		rcu_read_unlock();
5120
		return;
5121
	}
5122

5123
	wiphy_work_queue(sdata->local->hw.wiphy,
5124
			 &link->color_change_finalize_work);
5125

5126
	rcu_read_unlock();
5127
}
5128
EXPORT_SYMBOL_GPL(ieee80211_color_change_finish);
5129

5130
void
5131
ieee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
5132
				      u64 color_bitmap, u8 link_id)
5133
{
5134
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5135
	struct ieee80211_link_data *link;
5136

5137
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5138
		return;
5139

5140
	rcu_read_lock();
5141

5142
	link = rcu_dereference(sdata->link[link_id]);
5143
	if (WARN_ON(!link)) {
5144
		rcu_read_unlock();
5145
		return;
5146
	}
5147

5148
	if (link->conf->color_change_active || link->conf->csa_active) {
5149
		rcu_read_unlock();
5150
		return;
5151
	}
5152

5153
	if (wiphy_delayed_work_pending(sdata->local->hw.wiphy,
5154
				       &link->color_collision_detect_work)) {
5155
		rcu_read_unlock();
5156
		return;
5157
	}
5158

5159
	link->color_bitmap = color_bitmap;
5160
	/* queue the color collision detection event every 500 ms in order to
5161
	 * avoid sending too much netlink messages to userspace.
5162
	 */
5163
	wiphy_delayed_work_queue(sdata->local->hw.wiphy,
5164
				 &link->color_collision_detect_work,
5165
				 msecs_to_jiffies(500));
5166

5167
	rcu_read_unlock();
5168
}
5169
EXPORT_SYMBOL_GPL(ieee80211_obss_color_collision_notify);
5170

5171
static int
5172
ieee80211_color_change(struct wiphy *wiphy, struct net_device *dev,
5173
		       struct cfg80211_color_change_settings *params)
5174
{
5175
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5176
	struct ieee80211_local *local = sdata->local;
5177
	struct ieee80211_bss_conf *link_conf;
5178
	struct ieee80211_link_data *link;
5179
	u8 link_id = params->link_id;
5180
	u64 changed = 0;
5181
	int err;
5182

5183
	lockdep_assert_wiphy(local->hw.wiphy);
5184

5185
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5186
		return -EINVAL;
5187

5188
	link = wiphy_dereference(wiphy, sdata->link[link_id]);
5189
	if (!link)
5190
		return -ENOLINK;
5191

5192
	link_conf = link->conf;
5193

5194
	if (link_conf->nontransmitted)
5195
		return -EINVAL;
5196

5197
	/* don't allow another color change if one is already active or if csa
5198
	 * is active
5199
	 */
5200
	if (link_conf->color_change_active || link_conf->csa_active) {
5201
		err = -EBUSY;
5202
		goto out;
5203
	}
5204

5205
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
5206
						   &params->unsol_bcast_probe_resp,
5207
						   link, link_conf, &changed);
5208
	if (err)
5209
		goto out;
5210

5211
	err = ieee80211_set_color_change_beacon(link, params, &changed);
5212
	if (err)
5213
		goto out;
5214

5215
	link_conf->color_change_active = true;
5216
	link_conf->color_change_color = params->color;
5217

5218
	cfg80211_color_change_started_notify(sdata->dev, params->count, link_id);
5219

5220
	if (changed)
5221
		ieee80211_color_change_bss_config_notify(link, 0, 0, changed);
5222
	else
5223
		/* if the beacon didn't change, we can finalize immediately */
5224
		ieee80211_color_change_finalize(link);
5225

5226
out:
5227

5228
	return err;
5229
}
5230

5231
static int
5232
ieee80211_set_radar_background(struct wiphy *wiphy,
5233
			       struct cfg80211_chan_def *chandef)
5234
{
5235
	struct ieee80211_local *local = wiphy_priv(wiphy);
5236

5237
	if (!local->ops->set_radar_background)
5238
		return -EOPNOTSUPP;
5239

5240
	return local->ops->set_radar_background(&local->hw, chandef);
5241
}
5242

5243
static int ieee80211_add_intf_link(struct wiphy *wiphy,
5244
				   struct wireless_dev *wdev,
5245
				   unsigned int link_id)
5246
{
5247
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
5248

5249
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5250

5251
	if (wdev->use_4addr)
5252
		return -EOPNOTSUPP;
5253

5254
	return ieee80211_vif_set_links(sdata, wdev->valid_links, 0);
5255
}
5256

5257
static void ieee80211_del_intf_link(struct wiphy *wiphy,
5258
				    struct wireless_dev *wdev,
5259
				    unsigned int link_id)
5260
{
5261
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
5262
	u16 new_links = wdev->valid_links & ~BIT(link_id);
5263

5264
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5265

5266
	/* During the link teardown process, certain functions require the
5267
	 * link_id to remain in the valid_links bitmap. Therefore, instead
5268
	 * of removing the link_id from the bitmap, pass a masked value to
5269
	 * simulate as if link_id does not exist anymore.
5270
	 */
5271
	ieee80211_vif_set_links(sdata, new_links, 0);
5272
}
5273

5274
static int
5275
ieee80211_add_link_station(struct wiphy *wiphy, struct net_device *dev,
5276
			   struct link_station_parameters *params)
5277
{
5278
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5279
	struct ieee80211_local *local = wiphy_priv(wiphy);
5280
	struct sta_info *sta;
5281
	int ret;
5282

5283
	lockdep_assert_wiphy(local->hw.wiphy);
5284

5285
	sta = sta_info_get_bss(sdata, params->mld_mac);
5286
	if (!sta)
5287
		return -ENOENT;
5288

5289
	if (!sta->sta.valid_links)
5290
		return -EINVAL;
5291

5292
	if (sta->sta.valid_links & BIT(params->link_id))
5293
		return -EALREADY;
5294

5295
	ret = ieee80211_sta_allocate_link(sta, params->link_id);
5296
	if (ret)
5297
		return ret;
5298

5299
	ret = sta_link_apply_parameters(local, sta, STA_LINK_MODE_NEW, params);
5300
	if (ret) {
5301
		ieee80211_sta_free_link(sta, params->link_id);
5302
		return ret;
5303
	}
5304

5305
	if (test_sta_flag(sta, WLAN_STA_ASSOC)) {
5306
		struct link_sta_info *link_sta;
5307

5308
		link_sta = sdata_dereference(sta->link[params->link_id], sdata);
5309
		rate_control_rate_init(link_sta);
5310
	}
5311

5312
	/* ieee80211_sta_activate_link frees the link upon failure */
5313
	return ieee80211_sta_activate_link(sta, params->link_id);
5314
}
5315

5316
static int
5317
ieee80211_mod_link_station(struct wiphy *wiphy, struct net_device *dev,
5318
			   struct link_station_parameters *params)
5319
{
5320
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5321
	struct ieee80211_local *local = wiphy_priv(wiphy);
5322
	struct sta_info *sta;
5323

5324
	lockdep_assert_wiphy(local->hw.wiphy);
5325

5326
	sta = sta_info_get_bss(sdata, params->mld_mac);
5327
	if (!sta)
5328
		return -ENOENT;
5329

5330
	if (!(sta->sta.valid_links & BIT(params->link_id)))
5331
		return -EINVAL;
5332

5333
	return sta_link_apply_parameters(local, sta, STA_LINK_MODE_LINK_MODIFY,
5334
					 params);
5335
}
5336

5337
static int
5338
ieee80211_del_link_station(struct wiphy *wiphy, struct net_device *dev,
5339
			   struct link_station_del_parameters *params)
5340
{
5341
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5342
	struct sta_info *sta;
5343

5344
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5345

5346
	sta = sta_info_get_bss(sdata, params->mld_mac);
5347
	if (!sta)
5348
		return -ENOENT;
5349

5350
	if (!(sta->sta.valid_links & BIT(params->link_id)))
5351
		return -EINVAL;
5352

5353
	/* must not create a STA without links */
5354
	if (sta->sta.valid_links == BIT(params->link_id))
5355
		return -EINVAL;
5356

5357
	ieee80211_sta_remove_link(sta, params->link_id);
5358

5359
	return 0;
5360
}
5361

5362
static int ieee80211_set_hw_timestamp(struct wiphy *wiphy,
5363
				      struct net_device *dev,
5364
				      struct cfg80211_set_hw_timestamp *hwts)
5365
{
5366
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5367
	struct ieee80211_local *local = sdata->local;
5368

5369
	if (!local->ops->set_hw_timestamp)
5370
		return -EOPNOTSUPP;
5371

5372
	if (!check_sdata_in_driver(sdata))
5373
		return -EIO;
5374

5375
	return local->ops->set_hw_timestamp(&local->hw, &sdata->vif, hwts);
5376
}
5377

5378
static int
5379
ieee80211_set_ttlm(struct wiphy *wiphy, struct net_device *dev,
5380
		   struct cfg80211_ttlm_params *params)
5381
{
5382
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5383

5384
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5385

5386
	return ieee80211_req_neg_ttlm(sdata, params);
5387
}
5388

5389
static int
5390
ieee80211_assoc_ml_reconf(struct wiphy *wiphy, struct net_device *dev,
5391
			  struct cfg80211_ml_reconf_req *req)
5392
{
5393
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5394

5395
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5396

5397
	return ieee80211_mgd_assoc_ml_reconf(sdata, req);
5398
}
5399

5400
static int
5401
ieee80211_set_epcs(struct wiphy *wiphy, struct net_device *dev, bool enable)
5402
{
5403
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5404

5405
	return ieee80211_mgd_set_epcs(sdata, enable);
5406
}
5407

5408
const struct cfg80211_ops mac80211_config_ops = {
5409
	.add_virtual_intf = ieee80211_add_iface,
5410
	.del_virtual_intf = ieee80211_del_iface,
5411
	.change_virtual_intf = ieee80211_change_iface,
5412
	.start_p2p_device = ieee80211_start_p2p_device,
5413
	.stop_p2p_device = ieee80211_stop_p2p_device,
5414
	.add_key = ieee80211_add_key,
5415
	.del_key = ieee80211_del_key,
5416
	.get_key = ieee80211_get_key,
5417
	.set_default_key = ieee80211_config_default_key,
5418
	.set_default_mgmt_key = ieee80211_config_default_mgmt_key,
5419
	.set_default_beacon_key = ieee80211_config_default_beacon_key,
5420
	.start_ap = ieee80211_start_ap,
5421
	.change_beacon = ieee80211_change_beacon,
5422
	.stop_ap = ieee80211_stop_ap,
5423
	.add_station = ieee80211_add_station,
5424
	.del_station = ieee80211_del_station,
5425
	.change_station = ieee80211_change_station,
5426
	.get_station = ieee80211_get_station,
5427
	.dump_station = ieee80211_dump_station,
5428
	.dump_survey = ieee80211_dump_survey,
5429
#ifdef CONFIG_MAC80211_MESH
5430
	.add_mpath = ieee80211_add_mpath,
5431
	.del_mpath = ieee80211_del_mpath,
5432
	.change_mpath = ieee80211_change_mpath,
5433
	.get_mpath = ieee80211_get_mpath,
5434
	.dump_mpath = ieee80211_dump_mpath,
5435
	.get_mpp = ieee80211_get_mpp,
5436
	.dump_mpp = ieee80211_dump_mpp,
5437
	.update_mesh_config = ieee80211_update_mesh_config,
5438
	.get_mesh_config = ieee80211_get_mesh_config,
5439
	.join_mesh = ieee80211_join_mesh,
5440
	.leave_mesh = ieee80211_leave_mesh,
5441
#endif
5442
	.join_ocb = ieee80211_join_ocb,
5443
	.leave_ocb = ieee80211_leave_ocb,
5444
	.change_bss = ieee80211_change_bss,
5445
	.inform_bss = ieee80211_inform_bss,
5446
	.set_txq_params = ieee80211_set_txq_params,
5447
	.set_monitor_channel = ieee80211_set_monitor_channel,
5448
	.suspend = ieee80211_suspend,
5449
	.resume = ieee80211_resume,
5450
	.scan = ieee80211_scan,
5451
	.abort_scan = ieee80211_abort_scan,
5452
	.sched_scan_start = ieee80211_sched_scan_start,
5453
	.sched_scan_stop = ieee80211_sched_scan_stop,
5454
	.auth = ieee80211_auth,
5455
	.assoc = ieee80211_assoc,
5456
	.deauth = ieee80211_deauth,
5457
	.disassoc = ieee80211_disassoc,
5458
	.join_ibss = ieee80211_join_ibss,
5459
	.leave_ibss = ieee80211_leave_ibss,
5460
	.set_mcast_rate = ieee80211_set_mcast_rate,
5461
	.set_wiphy_params = ieee80211_set_wiphy_params,
5462
	.set_tx_power = ieee80211_set_tx_power,
5463
	.get_tx_power = ieee80211_get_tx_power,
5464
	.rfkill_poll = ieee80211_rfkill_poll,
5465
	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
5466
	CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump)
5467
	.set_power_mgmt = ieee80211_set_power_mgmt,
5468
	.set_bitrate_mask = ieee80211_set_bitrate_mask,
5469
	.remain_on_channel = ieee80211_remain_on_channel,
5470
	.cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
5471
	.mgmt_tx = ieee80211_mgmt_tx,
5472
	.mgmt_tx_cancel_wait = ieee80211_mgmt_tx_cancel_wait,
5473
	.set_cqm_rssi_config = ieee80211_set_cqm_rssi_config,
5474
	.set_cqm_rssi_range_config = ieee80211_set_cqm_rssi_range_config,
5475
	.update_mgmt_frame_registrations =
5476
		ieee80211_update_mgmt_frame_registrations,
5477
	.set_antenna = ieee80211_set_antenna,
5478
	.get_antenna = ieee80211_get_antenna,
5479
	.set_rekey_data = ieee80211_set_rekey_data,
5480
	.tdls_oper = ieee80211_tdls_oper,
5481
	.tdls_mgmt = ieee80211_tdls_mgmt,
5482
	.tdls_channel_switch = ieee80211_tdls_channel_switch,
5483
	.tdls_cancel_channel_switch = ieee80211_tdls_cancel_channel_switch,
5484
	.probe_client = ieee80211_probe_client,
5485
	.set_noack_map = ieee80211_set_noack_map,
5486
#ifdef CONFIG_PM
5487
	.set_wakeup = ieee80211_set_wakeup,
5488
#endif
5489
	.get_channel = ieee80211_cfg_get_channel,
5490
	.start_radar_detection = ieee80211_start_radar_detection,
5491
	.end_cac = ieee80211_end_cac,
5492
	.channel_switch = ieee80211_channel_switch,
5493
	.set_qos_map = ieee80211_set_qos_map,
5494
	.set_ap_chanwidth = ieee80211_set_ap_chanwidth,
5495
	.add_tx_ts = ieee80211_add_tx_ts,
5496
	.del_tx_ts = ieee80211_del_tx_ts,
5497
	.start_nan = ieee80211_start_nan,
5498
	.stop_nan = ieee80211_stop_nan,
5499
	.nan_change_conf = ieee80211_nan_change_conf,
5500
	.add_nan_func = ieee80211_add_nan_func,
5501
	.del_nan_func = ieee80211_del_nan_func,
5502
	.set_multicast_to_unicast = ieee80211_set_multicast_to_unicast,
5503
	.tx_control_port = ieee80211_tx_control_port,
5504
	.get_txq_stats = ieee80211_get_txq_stats,
5505
	.get_ftm_responder_stats = ieee80211_get_ftm_responder_stats,
5506
	.start_pmsr = ieee80211_start_pmsr,
5507
	.abort_pmsr = ieee80211_abort_pmsr,
5508
	.probe_mesh_link = ieee80211_probe_mesh_link,
5509
	.set_tid_config = ieee80211_set_tid_config,
5510
	.reset_tid_config = ieee80211_reset_tid_config,
5511
	.set_sar_specs = ieee80211_set_sar_specs,
5512
	.color_change = ieee80211_color_change,
5513
	.set_radar_background = ieee80211_set_radar_background,
5514
	.add_intf_link = ieee80211_add_intf_link,
5515
	.del_intf_link = ieee80211_del_intf_link,
5516
	.add_link_station = ieee80211_add_link_station,
5517
	.mod_link_station = ieee80211_mod_link_station,
5518
	.del_link_station = ieee80211_del_link_station,
5519
	.set_hw_timestamp = ieee80211_set_hw_timestamp,
5520
	.set_ttlm = ieee80211_set_ttlm,
5521
	.get_radio_mask = ieee80211_get_radio_mask,
5522
	.assoc_ml_reconf = ieee80211_assoc_ml_reconf,
5523
	.set_epcs = ieee80211_set_epcs,
5524
};
5525

5526