1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * mac80211 configuration hooks for cfg80211
4
 *
5
 * Copyright 2006-2010	Johannes Berg <[email protected]>
6
 * Copyright 2013-2015  Intel Mobile Communications GmbH
7
 * Copyright (C) 2015-2017 Intel Deutschland GmbH
8
 * Copyright (C) 2018-2025 Intel Corporation
9
 */
10

11
#include <linux/ieee80211.h>
12
#include <linux/nl80211.h>
13
#include <linux/rtnetlink.h>
14
#include <linux/slab.h>
15
#include <net/net_namespace.h>
16
#include <linux/rcupdate.h>
17
#include <linux/fips.h>
18
#include <linux/if_ether.h>
19
#include <net/cfg80211.h>
20
#include "ieee80211_i.h"
21
#include "driver-ops.h"
22
#include "rate.h"
23
#include "mesh.h"
24
#include "wme.h"
25

26
static struct ieee80211_link_data *
27
ieee80211_link_or_deflink(struct ieee80211_sub_if_data *sdata, int link_id,
28
			  bool require_valid)
29
{
30
	struct ieee80211_link_data *link;
31

32
	if (link_id < 0) {
33
		/*
34
		 * For keys, if sdata is not an MLD, we might not use
35
		 * the return value at all (if it's not a pairwise key),
36
		 * so in that case (require_valid==false) don't error.
37
		 */
38
		if (require_valid && ieee80211_vif_is_mld(&sdata->vif))
39
			return ERR_PTR(-EINVAL);
40

41
		return &sdata->deflink;
42
	}
43

44
	link = sdata_dereference(sdata->link[link_id], sdata);
45
	if (!link)
46
		return ERR_PTR(-ENOLINK);
47
	return link;
48
}
49

50
static void ieee80211_set_mu_mimo_follow(struct ieee80211_sub_if_data *sdata,
51
					 struct vif_params *params)
52
{
53
	bool mu_mimo_groups = false;
54
	bool mu_mimo_follow = false;
55

56
	if (params->vht_mumimo_groups) {
57
		u64 membership;
58

59
		BUILD_BUG_ON(sizeof(membership) != WLAN_MEMBERSHIP_LEN);
60

61
		memcpy(sdata->vif.bss_conf.mu_group.membership,
62
		       params->vht_mumimo_groups, WLAN_MEMBERSHIP_LEN);
63
		memcpy(sdata->vif.bss_conf.mu_group.position,
64
		       params->vht_mumimo_groups + WLAN_MEMBERSHIP_LEN,
65
		       WLAN_USER_POSITION_LEN);
66

67
		/* don't care about endianness - just check for 0 */
68
		memcpy(&membership, params->vht_mumimo_groups,
69
		       WLAN_MEMBERSHIP_LEN);
70
		mu_mimo_groups = membership != 0;
71

72
		/* Unset following if configured explicitly */
73
		eth_broadcast_addr(sdata->u.mntr.mu_follow_addr);
74
	}
75

76
	if (params->vht_mumimo_follow_addr) {
77
		mu_mimo_follow =
78
			is_valid_ether_addr(params->vht_mumimo_follow_addr);
79
		ether_addr_copy(sdata->u.mntr.mu_follow_addr,
80
				params->vht_mumimo_follow_addr);
81

82
		/* Unset current membership until a management frame is RXed */
83
		memset(sdata->vif.bss_conf.mu_group.membership, 0,
84
		       WLAN_MEMBERSHIP_LEN);
85
	}
86

87
	sdata->vif.bss_conf.mu_mimo_owner = mu_mimo_groups || mu_mimo_follow;
88

89
	/* Notify only after setting mu_mimo_owner */
90
	if (sdata->vif.bss_conf.mu_mimo_owner &&
91
	    sdata->flags & IEEE80211_SDATA_IN_DRIVER)
92
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
93
						  BSS_CHANGED_MU_GROUPS);
94
}
95

96
static int ieee80211_set_mon_options(struct ieee80211_sub_if_data *sdata,
97
				     struct vif_params *params)
98
{
99
	struct ieee80211_local *local = sdata->local;
100
	struct ieee80211_sub_if_data *monitor_sdata = NULL;
101

102
	/* check flags first */
103
	if (params->flags && ieee80211_sdata_running(sdata)) {
104
		u32 mask = MONITOR_FLAG_ACTIVE;
105

106
		/*
107
		 * Prohibit MONITOR_FLAG_ACTIVE to be changed
108
		 * while the interface is up.
109
		 * Else we would need to add a lot of cruft
110
		 * to update everything:
111
		 *	monitor and all fif_* counters
112
		 *	reconfigure hardware
113
		 */
114
		if ((params->flags & mask) != (sdata->u.mntr.flags & mask))
115
			return -EBUSY;
116
	}
117

118
	/* validate whether MU-MIMO can be configured */
119
	if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) &&
120
	    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR) &&
121
	    (params->vht_mumimo_groups || params->vht_mumimo_follow_addr))
122
		return -EOPNOTSUPP;
123

124
	/* Also update dependent monitor_sdata if required */
125
	if (test_bit(SDATA_STATE_RUNNING, &sdata->state) &&
126
	    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
127
		monitor_sdata = wiphy_dereference(local->hw.wiphy,
128
						  local->monitor_sdata);
129

130
	/* apply all changes now - no failures allowed */
131

132
	if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) ||
133
	    ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
134
		/* This is copied in when the VIF is activated */
135
		ieee80211_set_mu_mimo_follow(sdata, params);
136

137
		if (monitor_sdata)
138
			ieee80211_set_mu_mimo_follow(monitor_sdata, params);
139
	}
140

141
	if (params->flags) {
142
		if (ieee80211_sdata_running(sdata)) {
143
			ieee80211_adjust_monitor_flags(sdata, -1);
144
			sdata->u.mntr.flags = params->flags;
145
			ieee80211_adjust_monitor_flags(sdata, 1);
146

147
			ieee80211_configure_filter(local);
148
		} else {
149
			/*
150
			 * Because the interface is down, ieee80211_do_stop
151
			 * and ieee80211_do_open take care of "everything"
152
			 * mentioned in the comment above.
153
			 */
154
			sdata->u.mntr.flags = params->flags;
155
		}
156
	}
157

158
	return 0;
159
}
160

161
static int ieee80211_set_ap_mbssid_options(struct ieee80211_sub_if_data *sdata,
162
					   struct cfg80211_mbssid_config *params,
163
					   struct ieee80211_bss_conf *link_conf)
164
{
165
	struct ieee80211_sub_if_data *tx_sdata;
166
	struct ieee80211_bss_conf *old;
167

168
	link_conf->bssid_index = 0;
169
	link_conf->nontransmitted = false;
170
	link_conf->ema_ap = false;
171
	link_conf->bssid_indicator = 0;
172

173
	if (sdata->vif.type != NL80211_IFTYPE_AP || !params->tx_wdev)
174
		return -EINVAL;
175

176
	old = sdata_dereference(link_conf->tx_bss_conf, sdata);
177
	if (old)
178
		return -EALREADY;
179

180
	tx_sdata = IEEE80211_WDEV_TO_SUB_IF(params->tx_wdev);
181
	if (!tx_sdata)
182
		return -EINVAL;
183

184
	if (tx_sdata == sdata) {
185
		rcu_assign_pointer(link_conf->tx_bss_conf, link_conf);
186
	} else {
187
		struct ieee80211_bss_conf *tx_bss_conf;
188

189
		tx_bss_conf = sdata_dereference(tx_sdata->vif.link_conf[params->tx_link_id],
190
						sdata);
191
		if (rcu_access_pointer(tx_bss_conf->tx_bss_conf) != tx_bss_conf)
192
			return -EINVAL;
193

194
		rcu_assign_pointer(link_conf->tx_bss_conf, tx_bss_conf);
195

196
		link_conf->nontransmitted = true;
197
		link_conf->bssid_index = params->index;
198
		link_conf->bssid_indicator = tx_bss_conf->bssid_indicator;
199
	}
200
	if (params->ema)
201
		link_conf->ema_ap = true;
202

203
	return 0;
204
}
205

206
static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy,
207
						const char *name,
208
						unsigned char name_assign_type,
209
						enum nl80211_iftype type,
210
						struct vif_params *params)
211
{
212
	struct ieee80211_local *local = wiphy_priv(wiphy);
213
	struct wireless_dev *wdev;
214
	struct ieee80211_sub_if_data *sdata;
215
	int err;
216

217
	err = ieee80211_if_add(local, name, name_assign_type, &wdev, type, params);
218
	if (err)
219
		return ERR_PTR(err);
220

221
	sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
222

223
	if (type == NL80211_IFTYPE_MONITOR) {
224
		err = ieee80211_set_mon_options(sdata, params);
225
		if (err) {
226
			ieee80211_if_remove(sdata);
227
			return NULL;
228
		}
229
	}
230

231
	/* Let the driver know that an interface is going to be added.
232
	 * Indicate so only for interface types that will be added to the
233
	 * driver.
234
	 */
235
	switch (type) {
236
	case NL80211_IFTYPE_AP_VLAN:
237
		break;
238
	case NL80211_IFTYPE_MONITOR:
239
		if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF) ||
240
		    !(params->flags & MONITOR_FLAG_ACTIVE))
241
			break;
242
		fallthrough;
243
	default:
244
		drv_prep_add_interface(local,
245
				       ieee80211_vif_type_p2p(&sdata->vif));
246
		break;
247
	}
248

249
	return wdev;
250
}
251

252
static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
253
{
254
	ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
255

256
	return 0;
257
}
258

259
static int ieee80211_change_iface(struct wiphy *wiphy,
260
				  struct net_device *dev,
261
				  enum nl80211_iftype type,
262
				  struct vif_params *params)
263
{
264
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
265
	struct ieee80211_local *local = sdata->local;
266
	struct sta_info *sta;
267
	int ret;
268

269
	lockdep_assert_wiphy(local->hw.wiphy);
270

271
	ret = ieee80211_if_change_type(sdata, type);
272
	if (ret)
273
		return ret;
274

275
	if (type == NL80211_IFTYPE_AP_VLAN && params->use_4addr == 0) {
276
		RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
277
		ieee80211_check_fast_rx_iface(sdata);
278
	} else if (type == NL80211_IFTYPE_STATION && params->use_4addr >= 0) {
279
		struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
280

281
		if (params->use_4addr == ifmgd->use_4addr)
282
			return 0;
283

284
		/* FIXME: no support for 4-addr MLO yet */
285
		if (ieee80211_vif_is_mld(&sdata->vif))
286
			return -EOPNOTSUPP;
287

288
		sdata->u.mgd.use_4addr = params->use_4addr;
289
		if (!ifmgd->associated)
290
			return 0;
291

292
		sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
293
		if (sta)
294
			drv_sta_set_4addr(local, sdata, &sta->sta,
295
					  params->use_4addr);
296

297
		if (params->use_4addr)
298
			ieee80211_send_4addr_nullfunc(local, sdata);
299
	}
300

301
	if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
302
		ret = ieee80211_set_mon_options(sdata, params);
303
		if (ret)
304
			return ret;
305
	}
306

307
	return 0;
308
}
309

310
static int ieee80211_start_p2p_device(struct wiphy *wiphy,
311
				      struct wireless_dev *wdev)
312
{
313
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
314
	int ret;
315

316
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
317

318
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
319
	if (ret < 0)
320
		return ret;
321

322
	return ieee80211_do_open(wdev, true);
323
}
324

325
static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
326
				      struct wireless_dev *wdev)
327
{
328
	ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
329
}
330

331
static void ieee80211_nan_conf_free(struct cfg80211_nan_conf *conf)
332
{
333
	kfree(conf->cluster_id);
334
	kfree(conf->extra_nan_attrs);
335
	kfree(conf->vendor_elems);
336
	memset(conf, 0, sizeof(*conf));
337
}
338

339
static void ieee80211_stop_nan(struct wiphy *wiphy,
340
			       struct wireless_dev *wdev)
341
{
342
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
343

344
	if (!sdata->u.nan.started)
345
		return;
346

347
	drv_stop_nan(sdata->local, sdata);
348
	sdata->u.nan.started = false;
349

350
	ieee80211_nan_conf_free(&sdata->u.nan.conf);
351

352
	ieee80211_sdata_stop(sdata);
353
	ieee80211_recalc_idle(sdata->local);
354
}
355

356
static int ieee80211_nan_conf_copy(struct cfg80211_nan_conf *dst,
357
				   struct cfg80211_nan_conf *src,
358
				   u32 changes)
359
{
360
	if (changes & CFG80211_NAN_CONF_CHANGED_PREF)
361
		dst->master_pref = src->master_pref;
362

363
	if (changes & CFG80211_NAN_CONF_CHANGED_BANDS)
364
		dst->bands = src->bands;
365

366
	if (changes & CFG80211_NAN_CONF_CHANGED_CONFIG) {
367
		dst->scan_period = src->scan_period;
368
		dst->scan_dwell_time = src->scan_dwell_time;
369
		dst->discovery_beacon_interval =
370
			src->discovery_beacon_interval;
371
		dst->enable_dw_notification = src->enable_dw_notification;
372
		memcpy(&dst->band_cfgs, &src->band_cfgs,
373
		       sizeof(dst->band_cfgs));
374

375
		kfree(dst->cluster_id);
376
		dst->cluster_id = NULL;
377

378
		kfree(dst->extra_nan_attrs);
379
		dst->extra_nan_attrs = NULL;
380
		dst->extra_nan_attrs_len = 0;
381

382
		kfree(dst->vendor_elems);
383
		dst->vendor_elems = NULL;
384
		dst->vendor_elems_len = 0;
385

386
		if (src->cluster_id) {
387
			dst->cluster_id = kmemdup(src->cluster_id, ETH_ALEN,
388
						  GFP_KERNEL);
389
			if (!dst->cluster_id)
390
				goto no_mem;
391
		}
392

393
		if (src->extra_nan_attrs && src->extra_nan_attrs_len) {
394
			dst->extra_nan_attrs = kmemdup(src->extra_nan_attrs,
395
						       src->extra_nan_attrs_len,
396
						       GFP_KERNEL);
397
			if (!dst->extra_nan_attrs)
398
				goto no_mem;
399

400
			dst->extra_nan_attrs_len = src->extra_nan_attrs_len;
401
		}
402

403
		if (src->vendor_elems && src->vendor_elems_len) {
404
			dst->vendor_elems = kmemdup(src->vendor_elems,
405
						    src->vendor_elems_len,
406
						    GFP_KERNEL);
407
			if (!dst->vendor_elems)
408
				goto no_mem;
409

410
			dst->vendor_elems_len = src->vendor_elems_len;
411
		}
412
	}
413

414
	return 0;
415

416
no_mem:
417
	ieee80211_nan_conf_free(dst);
418
	return -ENOMEM;
419
}
420

421
static int ieee80211_start_nan(struct wiphy *wiphy,
422
			       struct wireless_dev *wdev,
423
			       struct cfg80211_nan_conf *conf)
424
{
425
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
426
	int ret;
427

428
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
429

430
	if (sdata->u.nan.started)
431
		return -EALREADY;
432

433
	ret = ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
434
	if (ret < 0)
435
		return ret;
436

437
	ret = ieee80211_do_open(wdev, true);
438
	if (ret)
439
		return ret;
440

441
	ret = drv_start_nan(sdata->local, sdata, conf);
442
	if (ret) {
443
		ieee80211_sdata_stop(sdata);
444
		return ret;
445
	}
446

447
	sdata->u.nan.started = true;
448
	ieee80211_recalc_idle(sdata->local);
449

450
	ret = ieee80211_nan_conf_copy(&sdata->u.nan.conf, conf, 0xFFFFFFFF);
451
	if (ret) {
452
		ieee80211_stop_nan(wiphy, wdev);
453
		return ret;
454
	}
455

456
	return 0;
457
}
458

459
static int ieee80211_nan_change_conf(struct wiphy *wiphy,
460
				     struct wireless_dev *wdev,
461
				     struct cfg80211_nan_conf *conf,
462
				     u32 changes)
463
{
464
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
465
	struct cfg80211_nan_conf new_conf = {};
466
	int ret = 0;
467

468
	if (sdata->vif.type != NL80211_IFTYPE_NAN)
469
		return -EOPNOTSUPP;
470

471
	if (!ieee80211_sdata_running(sdata))
472
		return -ENETDOWN;
473

474
	if (!changes)
475
		return 0;
476

477
	/* First make a full copy of the previous configuration and then apply
478
	 * the changes. This might be a little wasteful, but it is simpler.
479
	 */
480
	ret = ieee80211_nan_conf_copy(&new_conf, &sdata->u.nan.conf,
481
				      0xFFFFFFFF);
482
	if (ret < 0)
483
		return ret;
484

485
	ret = ieee80211_nan_conf_copy(&new_conf, conf, changes);
486
	if (ret < 0)
487
		return ret;
488

489
	ret = drv_nan_change_conf(sdata->local, sdata, &new_conf, changes);
490
	if (ret) {
491
		ieee80211_nan_conf_free(&new_conf);
492
	} else {
493
		ieee80211_nan_conf_free(&sdata->u.nan.conf);
494
		sdata->u.nan.conf = new_conf;
495
	}
496

497
	return ret;
498
}
499

500
static int ieee80211_add_nan_func(struct wiphy *wiphy,
501
				  struct wireless_dev *wdev,
502
				  struct cfg80211_nan_func *nan_func)
503
{
504
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
505
	int ret;
506

507
	if (sdata->vif.type != NL80211_IFTYPE_NAN)
508
		return -EOPNOTSUPP;
509

510
	if (!ieee80211_sdata_running(sdata))
511
		return -ENETDOWN;
512

513
	spin_lock_bh(&sdata->u.nan.func_lock);
514

515
	ret = idr_alloc(&sdata->u.nan.function_inst_ids,
516
			nan_func, 1, sdata->local->hw.max_nan_de_entries + 1,
517
			GFP_ATOMIC);
518
	spin_unlock_bh(&sdata->u.nan.func_lock);
519

520
	if (ret < 0)
521
		return ret;
522

523
	nan_func->instance_id = ret;
524

525
	WARN_ON(nan_func->instance_id == 0);
526

527
	ret = drv_add_nan_func(sdata->local, sdata, nan_func);
528
	if (ret) {
529
		spin_lock_bh(&sdata->u.nan.func_lock);
530
		idr_remove(&sdata->u.nan.function_inst_ids,
531
			   nan_func->instance_id);
532
		spin_unlock_bh(&sdata->u.nan.func_lock);
533
	}
534

535
	return ret;
536
}
537

538
static struct cfg80211_nan_func *
539
ieee80211_find_nan_func_by_cookie(struct ieee80211_sub_if_data *sdata,
540
				  u64 cookie)
541
{
542
	struct cfg80211_nan_func *func;
543
	int id;
544

545
	lockdep_assert_held(&sdata->u.nan.func_lock);
546

547
	idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, id) {
548
		if (func->cookie == cookie)
549
			return func;
550
	}
551

552
	return NULL;
553
}
554

555
static void ieee80211_del_nan_func(struct wiphy *wiphy,
556
				  struct wireless_dev *wdev, u64 cookie)
557
{
558
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
559
	struct cfg80211_nan_func *func;
560
	u8 instance_id = 0;
561

562
	if (sdata->vif.type != NL80211_IFTYPE_NAN ||
563
	    !ieee80211_sdata_running(sdata))
564
		return;
565

566
	spin_lock_bh(&sdata->u.nan.func_lock);
567

568
	func = ieee80211_find_nan_func_by_cookie(sdata, cookie);
569
	if (func)
570
		instance_id = func->instance_id;
571

572
	spin_unlock_bh(&sdata->u.nan.func_lock);
573

574
	if (instance_id)
575
		drv_del_nan_func(sdata->local, sdata, instance_id);
576
}
577

578
static int ieee80211_set_noack_map(struct wiphy *wiphy,
579
				  struct net_device *dev,
580
				  u16 noack_map)
581
{
582
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
583

584
	sdata->noack_map = noack_map;
585

586
	ieee80211_check_fast_xmit_iface(sdata);
587

588
	return 0;
589
}
590

591
static int ieee80211_set_tx(struct ieee80211_sub_if_data *sdata,
592
			    const u8 *mac_addr, u8 key_idx)
593
{
594
	struct ieee80211_local *local = sdata->local;
595
	struct ieee80211_key *key;
596
	struct sta_info *sta;
597
	int ret = -EINVAL;
598

599
	if (!wiphy_ext_feature_isset(local->hw.wiphy,
600
				     NL80211_EXT_FEATURE_EXT_KEY_ID))
601
		return -EINVAL;
602

603
	sta = sta_info_get_bss(sdata, mac_addr);
604

605
	if (!sta)
606
		return -EINVAL;
607

608
	if (sta->ptk_idx == key_idx)
609
		return 0;
610

611
	key = wiphy_dereference(local->hw.wiphy, sta->ptk[key_idx]);
612

613
	if (key && key->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)
614
		ret = ieee80211_set_tx_key(key);
615

616
	return ret;
617
}
618

619
static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
620
			     int link_id, u8 key_idx, bool pairwise,
621
			     const u8 *mac_addr, struct key_params *params)
622
{
623
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
624
	struct ieee80211_link_data *link =
625
		ieee80211_link_or_deflink(sdata, link_id, false);
626
	struct ieee80211_local *local = sdata->local;
627
	struct sta_info *sta = NULL;
628
	struct ieee80211_key *key;
629
	int err;
630

631
	lockdep_assert_wiphy(local->hw.wiphy);
632

633
	if (!ieee80211_sdata_running(sdata))
634
		return -ENETDOWN;
635

636
	if (IS_ERR(link))
637
		return PTR_ERR(link);
638

639
	if (WARN_ON(pairwise && link_id >= 0))
640
		return -EINVAL;
641

642
	if (pairwise && params->mode == NL80211_KEY_SET_TX)
643
		return ieee80211_set_tx(sdata, mac_addr, key_idx);
644

645
	/* reject WEP and TKIP keys if WEP failed to initialize */
646
	switch (params->cipher) {
647
	case WLAN_CIPHER_SUITE_WEP40:
648
	case WLAN_CIPHER_SUITE_TKIP:
649
	case WLAN_CIPHER_SUITE_WEP104:
650
		if (link_id >= 0)
651
			return -EINVAL;
652
		if (WARN_ON_ONCE(fips_enabled))
653
			return -EINVAL;
654
		break;
655
	default:
656
		break;
657
	}
658

659
	key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
660
				  params->key, params->seq_len, params->seq);
661
	if (IS_ERR(key))
662
		return PTR_ERR(key);
663

664
	if (pairwise) {
665
		key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
666
		key->conf.link_id = -1;
667
	} else {
668
		key->conf.link_id = link->link_id;
669
	}
670

671
	if (params->mode == NL80211_KEY_NO_TX)
672
		key->conf.flags |= IEEE80211_KEY_FLAG_NO_AUTO_TX;
673

674
	if (mac_addr) {
675
		sta = sta_info_get_bss(sdata, mac_addr);
676
		/*
677
		 * The ASSOC test makes sure the driver is ready to
678
		 * receive the key. When wpa_supplicant has roamed
679
		 * using FT, it attempts to set the key before
680
		 * association has completed, this rejects that attempt
681
		 * so it will set the key again after association.
682
		 *
683
		 * TODO: accept the key if we have a station entry and
684
		 *       add it to the device after the station.
685
		 */
686
		if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) {
687
			ieee80211_key_free_unused(key);
688
			return -ENOENT;
689
		}
690
	}
691

692
	switch (sdata->vif.type) {
693
	case NL80211_IFTYPE_STATION:
694
		if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
695
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
696
		break;
697
	case NL80211_IFTYPE_AP:
698
	case NL80211_IFTYPE_AP_VLAN:
699
		/* Keys without a station are used for TX only */
700
		if (sta && test_sta_flag(sta, WLAN_STA_MFP))
701
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
702
		break;
703
	case NL80211_IFTYPE_ADHOC:
704
		/* no MFP (yet) */
705
		break;
706
	case NL80211_IFTYPE_MESH_POINT:
707
#ifdef CONFIG_MAC80211_MESH
708
		if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)
709
			key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
710
		break;
711
#endif
712
	case NL80211_IFTYPE_WDS:
713
	case NL80211_IFTYPE_MONITOR:
714
	case NL80211_IFTYPE_P2P_DEVICE:
715
	case NL80211_IFTYPE_NAN:
716
	case NL80211_IFTYPE_UNSPECIFIED:
717
	case NUM_NL80211_IFTYPES:
718
	case NL80211_IFTYPE_P2P_CLIENT:
719
	case NL80211_IFTYPE_P2P_GO:
720
	case NL80211_IFTYPE_OCB:
721
		/* shouldn't happen */
722
		WARN_ON_ONCE(1);
723
		break;
724
	}
725

726
	err = ieee80211_key_link(key, link, sta);
727
	/* KRACK protection, shouldn't happen but just silently accept key */
728
	if (err == -EALREADY)
729
		err = 0;
730

731
	return err;
732
}
733

734
static struct ieee80211_key *
735
ieee80211_lookup_key(struct ieee80211_sub_if_data *sdata, int link_id,
736
		     u8 key_idx, bool pairwise, const u8 *mac_addr)
737
{
738
	struct ieee80211_local *local __maybe_unused = sdata->local;
739
	struct ieee80211_link_data *link = &sdata->deflink;
740
	struct ieee80211_key *key;
741

742
	if (link_id >= 0) {
743
		link = sdata_dereference(sdata->link[link_id], sdata);
744
		if (!link)
745
			return NULL;
746
	}
747

748
	if (mac_addr) {
749
		struct sta_info *sta;
750
		struct link_sta_info *link_sta;
751

752
		sta = sta_info_get_bss(sdata, mac_addr);
753
		if (!sta)
754
			return NULL;
755

756
		if (link_id >= 0) {
757
			link_sta = rcu_dereference_check(sta->link[link_id],
758
							 lockdep_is_held(&local->hw.wiphy->mtx));
759
			if (!link_sta)
760
				return NULL;
761
		} else {
762
			link_sta = &sta->deflink;
763
		}
764

765
		if (pairwise && key_idx < NUM_DEFAULT_KEYS)
766
			return wiphy_dereference(local->hw.wiphy,
767
						 sta->ptk[key_idx]);
768

769
		if (!pairwise &&
770
		    key_idx < NUM_DEFAULT_KEYS +
771
			      NUM_DEFAULT_MGMT_KEYS +
772
			      NUM_DEFAULT_BEACON_KEYS)
773
			return wiphy_dereference(local->hw.wiphy,
774
						 link_sta->gtk[key_idx]);
775

776
		return NULL;
777
	}
778

779
	if (pairwise && key_idx < NUM_DEFAULT_KEYS)
780
		return wiphy_dereference(local->hw.wiphy, sdata->keys[key_idx]);
781

782
	key = wiphy_dereference(local->hw.wiphy, link->gtk[key_idx]);
783
	if (key)
784
		return key;
785

786
	/* or maybe it was a WEP key */
787
	if (key_idx < NUM_DEFAULT_KEYS)
788
		return wiphy_dereference(local->hw.wiphy, sdata->keys[key_idx]);
789

790
	return NULL;
791
}
792

793
static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
794
			     int link_id, u8 key_idx, bool pairwise,
795
			     const u8 *mac_addr)
796
{
797
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
798
	struct ieee80211_local *local = sdata->local;
799
	struct ieee80211_key *key;
800

801
	lockdep_assert_wiphy(local->hw.wiphy);
802

803
	key = ieee80211_lookup_key(sdata, link_id, key_idx, pairwise, mac_addr);
804
	if (!key)
805
		return -ENOENT;
806

807
	ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION);
808

809
	return 0;
810
}
811

812
static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
813
			     int link_id, u8 key_idx, bool pairwise,
814
			     const u8 *mac_addr, void *cookie,
815
			     void (*callback)(void *cookie,
816
					      struct key_params *params))
817
{
818
	struct ieee80211_sub_if_data *sdata;
819
	u8 seq[6] = {0};
820
	struct key_params params;
821
	struct ieee80211_key *key;
822
	u64 pn64;
823
	u32 iv32;
824
	u16 iv16;
825
	int err = -ENOENT;
826
	struct ieee80211_key_seq kseq = {};
827

828
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
829

830
	rcu_read_lock();
831

832
	key = ieee80211_lookup_key(sdata, link_id, key_idx, pairwise, mac_addr);
833
	if (!key)
834
		goto out;
835

836
	memset(&params, 0, sizeof(params));
837

838
	params.cipher = key->conf.cipher;
839

840
	switch (key->conf.cipher) {
841
	case WLAN_CIPHER_SUITE_TKIP:
842
		pn64 = atomic64_read(&key->conf.tx_pn);
843
		iv32 = TKIP_PN_TO_IV32(pn64);
844
		iv16 = TKIP_PN_TO_IV16(pn64);
845

846
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
847
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
848
			drv_get_key_seq(sdata->local, key, &kseq);
849
			iv32 = kseq.tkip.iv32;
850
			iv16 = kseq.tkip.iv16;
851
		}
852

853
		seq[0] = iv16 & 0xff;
854
		seq[1] = (iv16 >> 8) & 0xff;
855
		seq[2] = iv32 & 0xff;
856
		seq[3] = (iv32 >> 8) & 0xff;
857
		seq[4] = (iv32 >> 16) & 0xff;
858
		seq[5] = (iv32 >> 24) & 0xff;
859
		params.seq = seq;
860
		params.seq_len = 6;
861
		break;
862
	case WLAN_CIPHER_SUITE_CCMP:
863
	case WLAN_CIPHER_SUITE_CCMP_256:
864
	case WLAN_CIPHER_SUITE_AES_CMAC:
865
	case WLAN_CIPHER_SUITE_BIP_CMAC_256:
866
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
867
			     offsetof(typeof(kseq), aes_cmac));
868
		fallthrough;
869
	case WLAN_CIPHER_SUITE_BIP_GMAC_128:
870
	case WLAN_CIPHER_SUITE_BIP_GMAC_256:
871
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
872
			     offsetof(typeof(kseq), aes_gmac));
873
		fallthrough;
874
	case WLAN_CIPHER_SUITE_GCMP:
875
	case WLAN_CIPHER_SUITE_GCMP_256:
876
		BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
877
			     offsetof(typeof(kseq), gcmp));
878

879
		if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
880
		    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
881
			drv_get_key_seq(sdata->local, key, &kseq);
882
			memcpy(seq, kseq.ccmp.pn, 6);
883
		} else {
884
			pn64 = atomic64_read(&key->conf.tx_pn);
885
			seq[0] = pn64;
886
			seq[1] = pn64 >> 8;
887
			seq[2] = pn64 >> 16;
888
			seq[3] = pn64 >> 24;
889
			seq[4] = pn64 >> 32;
890
			seq[5] = pn64 >> 40;
891
		}
892
		params.seq = seq;
893
		params.seq_len = 6;
894
		break;
895
	default:
896
		if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
897
			break;
898
		if (WARN_ON(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
899
			break;
900
		drv_get_key_seq(sdata->local, key, &kseq);
901
		params.seq = kseq.hw.seq;
902
		params.seq_len = kseq.hw.seq_len;
903
		break;
904
	}
905

906
	callback(cookie, &params);
907
	err = 0;
908

909
 out:
910
	rcu_read_unlock();
911
	return err;
912
}
913

914
static int ieee80211_config_default_key(struct wiphy *wiphy,
915
					struct net_device *dev,
916
					int link_id, u8 key_idx, bool uni,
917
					bool multi)
918
{
919
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
920
	struct ieee80211_link_data *link =
921
		ieee80211_link_or_deflink(sdata, link_id, false);
922

923
	if (IS_ERR(link))
924
		return PTR_ERR(link);
925

926
	ieee80211_set_default_key(link, key_idx, uni, multi);
927

928
	return 0;
929
}
930

931
static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
932
					     struct net_device *dev,
933
					     int link_id, u8 key_idx)
934
{
935
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
936
	struct ieee80211_link_data *link =
937
		ieee80211_link_or_deflink(sdata, link_id, true);
938

939
	if (IS_ERR(link))
940
		return PTR_ERR(link);
941

942
	ieee80211_set_default_mgmt_key(link, key_idx);
943

944
	return 0;
945
}
946

947
static int ieee80211_config_default_beacon_key(struct wiphy *wiphy,
948
					       struct net_device *dev,
949
					       int link_id, u8 key_idx)
950
{
951
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
952
	struct ieee80211_link_data *link =
953
		ieee80211_link_or_deflink(sdata, link_id, true);
954

955
	if (IS_ERR(link))
956
		return PTR_ERR(link);
957

958
	ieee80211_set_default_beacon_key(link, key_idx);
959

960
	return 0;
961
}
962

963
void sta_set_rate_info_tx(struct sta_info *sta,
964
			  const struct ieee80211_tx_rate *rate,
965
			  struct rate_info *rinfo)
966
{
967
	rinfo->flags = 0;
968
	if (rate->flags & IEEE80211_TX_RC_MCS) {
969
		rinfo->flags |= RATE_INFO_FLAGS_MCS;
970
		rinfo->mcs = rate->idx;
971
	} else if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
972
		rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
973
		rinfo->mcs = ieee80211_rate_get_vht_mcs(rate);
974
		rinfo->nss = ieee80211_rate_get_vht_nss(rate);
975
	} else {
976
		struct ieee80211_supported_band *sband;
977

978
		sband = ieee80211_get_sband(sta->sdata);
979
		WARN_ON_ONCE(sband && !sband->bitrates);
980
		if (sband && sband->bitrates)
981
			rinfo->legacy = sband->bitrates[rate->idx].bitrate;
982
	}
983
	if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
984
		rinfo->bw = RATE_INFO_BW_40;
985
	else if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
986
		rinfo->bw = RATE_INFO_BW_80;
987
	else if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
988
		rinfo->bw = RATE_INFO_BW_160;
989
	else
990
		rinfo->bw = RATE_INFO_BW_20;
991
	if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
992
		rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
993
}
994

995
static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
996
				  int idx, u8 *mac, struct station_info *sinfo)
997
{
998
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
999
	struct ieee80211_local *local = sdata->local;
1000
	struct sta_info *sta;
1001
	int ret = -ENOENT;
1002

1003
	lockdep_assert_wiphy(local->hw.wiphy);
1004

1005
	sta = sta_info_get_by_idx(sdata, idx);
1006
	if (sta) {
1007
		ret = 0;
1008
		memcpy(mac, sta->sta.addr, ETH_ALEN);
1009
		sta_set_sinfo(sta, sinfo, true);
1010

1011
		/* Add accumulated removed link data to sinfo data for
1012
		 * consistency for MLO
1013
		 */
1014
		if (sinfo->valid_links)
1015
			sta_set_accumulated_removed_links_sinfo(sta, sinfo);
1016

1017
	}
1018

1019
	return ret;
1020
}
1021

1022
static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
1023
				 int idx, struct survey_info *survey)
1024
{
1025
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1026

1027
	return drv_get_survey(local, idx, survey);
1028
}
1029

1030
static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
1031
				 const u8 *mac, struct station_info *sinfo)
1032
{
1033
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1034
	struct ieee80211_local *local = sdata->local;
1035
	struct sta_info *sta;
1036
	int ret = -ENOENT;
1037

1038
	lockdep_assert_wiphy(local->hw.wiphy);
1039

1040
	sta = sta_info_get_bss(sdata, mac);
1041
	if (sta) {
1042
		ret = 0;
1043
		sta_set_sinfo(sta, sinfo, true);
1044

1045
		/* Add accumulated removed link data to sinfo data for
1046
		 * consistency for MLO
1047
		 */
1048
		if (sinfo->valid_links)
1049
			sta_set_accumulated_removed_links_sinfo(sta, sinfo);
1050
	}
1051

1052
	return ret;
1053
}
1054

1055
static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
1056
					 struct net_device *dev,
1057
					 struct cfg80211_chan_def *chandef)
1058
{
1059
	struct ieee80211_local *local = wiphy_priv(wiphy);
1060
	struct ieee80211_sub_if_data *sdata;
1061
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
1062
	int ret;
1063

1064
	lockdep_assert_wiphy(local->hw.wiphy);
1065

1066
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1067
	if (!ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
1068
		if (cfg80211_chandef_identical(&local->monitor_chanreq.oper,
1069
					       &chanreq.oper))
1070
			return 0;
1071

1072
		sdata = wiphy_dereference(wiphy, local->monitor_sdata);
1073
		if (!sdata)
1074
			goto done;
1075
	}
1076

1077
	if (rcu_access_pointer(sdata->deflink.conf->chanctx_conf) &&
1078
	    cfg80211_chandef_identical(&sdata->vif.bss_conf.chanreq.oper,
1079
				       &chanreq.oper))
1080
		return 0;
1081

1082
	ieee80211_link_release_channel(&sdata->deflink);
1083
	ret = ieee80211_link_use_channel(&sdata->deflink, &chanreq,
1084
					 IEEE80211_CHANCTX_SHARED);
1085
	if (ret)
1086
		return ret;
1087
done:
1088
	local->monitor_chanreq = chanreq;
1089
	return 0;
1090
}
1091

1092
static int
1093
ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
1094
			 const u8 *resp, size_t resp_len,
1095
			 const struct ieee80211_csa_settings *csa,
1096
			 const struct ieee80211_color_change_settings *cca,
1097
			 struct ieee80211_link_data *link)
1098
{
1099
	struct probe_resp *new, *old;
1100

1101
	if (!resp || !resp_len)
1102
		return 1;
1103

1104
	old = sdata_dereference(link->u.ap.probe_resp, sdata);
1105

1106
	new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
1107
	if (!new)
1108
		return -ENOMEM;
1109

1110
	new->len = resp_len;
1111
	memcpy(new->data, resp, resp_len);
1112

1113
	if (csa)
1114
		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_presp,
1115
		       csa->n_counter_offsets_presp *
1116
		       sizeof(new->cntdwn_counter_offsets[0]));
1117
	else if (cca)
1118
		new->cntdwn_counter_offsets[0] = cca->counter_offset_presp;
1119

1120
	rcu_assign_pointer(link->u.ap.probe_resp, new);
1121
	if (old)
1122
		kfree_rcu(old, rcu_head);
1123

1124
	return 0;
1125
}
1126

1127
static int ieee80211_set_fils_discovery(struct ieee80211_sub_if_data *sdata,
1128
					struct cfg80211_fils_discovery *params,
1129
					struct ieee80211_link_data *link,
1130
					struct ieee80211_bss_conf *link_conf,
1131
					u64 *changed)
1132
{
1133
	struct fils_discovery_data *new, *old = NULL;
1134
	struct ieee80211_fils_discovery *fd;
1135

1136
	if (!params->update)
1137
		return 0;
1138

1139
	fd = &link_conf->fils_discovery;
1140
	fd->min_interval = params->min_interval;
1141
	fd->max_interval = params->max_interval;
1142

1143
	old = sdata_dereference(link->u.ap.fils_discovery, sdata);
1144
	if (old)
1145
		kfree_rcu(old, rcu_head);
1146

1147
	if (params->tmpl && params->tmpl_len) {
1148
		new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
1149
		if (!new)
1150
			return -ENOMEM;
1151
		new->len = params->tmpl_len;
1152
		memcpy(new->data, params->tmpl, params->tmpl_len);
1153
		rcu_assign_pointer(link->u.ap.fils_discovery, new);
1154
	} else {
1155
		RCU_INIT_POINTER(link->u.ap.fils_discovery, NULL);
1156
	}
1157

1158
	*changed |= BSS_CHANGED_FILS_DISCOVERY;
1159
	return 0;
1160
}
1161

1162
static int
1163
ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
1164
				     struct cfg80211_unsol_bcast_probe_resp *params,
1165
				     struct ieee80211_link_data *link,
1166
				     struct ieee80211_bss_conf *link_conf,
1167
				     u64 *changed)
1168
{
1169
	struct unsol_bcast_probe_resp_data *new, *old = NULL;
1170

1171
	if (!params->update)
1172
		return 0;
1173

1174
	link_conf->unsol_bcast_probe_resp_interval = params->interval;
1175

1176
	old = sdata_dereference(link->u.ap.unsol_bcast_probe_resp, sdata);
1177
	if (old)
1178
		kfree_rcu(old, rcu_head);
1179

1180
	if (params->tmpl && params->tmpl_len) {
1181
		new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
1182
		if (!new)
1183
			return -ENOMEM;
1184
		new->len = params->tmpl_len;
1185
		memcpy(new->data, params->tmpl, params->tmpl_len);
1186
		rcu_assign_pointer(link->u.ap.unsol_bcast_probe_resp, new);
1187
	} else {
1188
		RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
1189
	}
1190

1191
	*changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
1192
	return 0;
1193
}
1194

1195
static int
1196
ieee80211_set_s1g_short_beacon(struct ieee80211_sub_if_data *sdata,
1197
			       struct ieee80211_link_data *link,
1198
			       struct cfg80211_s1g_short_beacon *params)
1199
{
1200
	struct s1g_short_beacon_data *new;
1201
	struct s1g_short_beacon_data *old =
1202
		sdata_dereference(link->u.ap.s1g_short_beacon, sdata);
1203
	size_t new_len =
1204
		sizeof(*new) + params->short_head_len + params->short_tail_len;
1205

1206
	if (!params->update)
1207
		return 0;
1208

1209
	if (!params->short_head)
1210
		return -EINVAL;
1211

1212
	new = kzalloc(new_len, GFP_KERNEL);
1213
	if (!new)
1214
		return -ENOMEM;
1215

1216
	/* Memory layout: | struct | head | tail | */
1217
	new->short_head = (u8 *)new + sizeof(*new);
1218
	new->short_head_len = params->short_head_len;
1219
	memcpy(new->short_head, params->short_head, params->short_head_len);
1220

1221
	if (params->short_tail) {
1222
		new->short_tail = new->short_head + params->short_head_len;
1223
		new->short_tail_len = params->short_tail_len;
1224
		memcpy(new->short_tail, params->short_tail,
1225
		       params->short_tail_len);
1226
	}
1227

1228
	rcu_assign_pointer(link->u.ap.s1g_short_beacon, new);
1229

1230
	if (old)
1231
		kfree_rcu(old, rcu_head);
1232

1233
	return 0;
1234
}
1235

1236
static int ieee80211_set_ftm_responder_params(
1237
				struct ieee80211_sub_if_data *sdata,
1238
				const u8 *lci, size_t lci_len,
1239
				const u8 *civicloc, size_t civicloc_len,
1240
				struct ieee80211_bss_conf *link_conf)
1241
{
1242
	struct ieee80211_ftm_responder_params *new, *old;
1243
	u8 *pos;
1244
	int len;
1245

1246
	if (!lci_len && !civicloc_len)
1247
		return 0;
1248

1249
	old = link_conf->ftmr_params;
1250
	len = lci_len + civicloc_len;
1251

1252
	new = kzalloc(sizeof(*new) + len, GFP_KERNEL);
1253
	if (!new)
1254
		return -ENOMEM;
1255

1256
	pos = (u8 *)(new + 1);
1257
	if (lci_len) {
1258
		new->lci_len = lci_len;
1259
		new->lci = pos;
1260
		memcpy(pos, lci, lci_len);
1261
		pos += lci_len;
1262
	}
1263

1264
	if (civicloc_len) {
1265
		new->civicloc_len = civicloc_len;
1266
		new->civicloc = pos;
1267
		memcpy(pos, civicloc, civicloc_len);
1268
		pos += civicloc_len;
1269
	}
1270

1271
	link_conf->ftmr_params = new;
1272
	kfree(old);
1273

1274
	return 0;
1275
}
1276

1277
static int
1278
ieee80211_copy_mbssid_beacon(u8 *pos, struct cfg80211_mbssid_elems *dst,
1279
			     struct cfg80211_mbssid_elems *src)
1280
{
1281
	int i, offset = 0;
1282

1283
	dst->cnt = src->cnt;
1284
	for (i = 0; i < src->cnt; i++) {
1285
		memcpy(pos + offset, src->elem[i].data, src->elem[i].len);
1286
		dst->elem[i].len = src->elem[i].len;
1287
		dst->elem[i].data = pos + offset;
1288
		offset += dst->elem[i].len;
1289
	}
1290

1291
	return offset;
1292
}
1293

1294
static int
1295
ieee80211_copy_rnr_beacon(u8 *pos, struct cfg80211_rnr_elems *dst,
1296
			  struct cfg80211_rnr_elems *src)
1297
{
1298
	int i, offset = 0;
1299

1300
	dst->cnt = src->cnt;
1301
	for (i = 0; i < src->cnt; i++) {
1302
		memcpy(pos + offset, src->elem[i].data, src->elem[i].len);
1303
		dst->elem[i].len = src->elem[i].len;
1304
		dst->elem[i].data = pos + offset;
1305
		offset += dst->elem[i].len;
1306
	}
1307

1308
	return offset;
1309
}
1310

1311
static int
1312
ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
1313
			struct ieee80211_link_data *link,
1314
			struct cfg80211_beacon_data *params,
1315
			const struct ieee80211_csa_settings *csa,
1316
			const struct ieee80211_color_change_settings *cca,
1317
			u64 *changed)
1318
{
1319
	struct cfg80211_mbssid_elems *mbssid = NULL;
1320
	struct cfg80211_rnr_elems *rnr = NULL;
1321
	struct beacon_data *new, *old;
1322
	int new_head_len, new_tail_len;
1323
	int size, err;
1324
	u64 _changed = BSS_CHANGED_BEACON;
1325
	struct ieee80211_bss_conf *link_conf = link->conf;
1326

1327
	old = sdata_dereference(link->u.ap.beacon, sdata);
1328

1329
	/* Need to have a beacon head if we don't have one yet */
1330
	if (!params->head && !old)
1331
		return -EINVAL;
1332

1333
	/* new or old head? */
1334
	if (params->head)
1335
		new_head_len = params->head_len;
1336
	else
1337
		new_head_len = old->head_len;
1338

1339
	/* new or old tail? */
1340
	if (params->tail || !old)
1341
		/* params->tail_len will be zero for !params->tail */
1342
		new_tail_len = params->tail_len;
1343
	else
1344
		new_tail_len = old->tail_len;
1345

1346
	size = sizeof(*new) + new_head_len + new_tail_len;
1347

1348
	if (params->mbssid_ies) {
1349
		mbssid = params->mbssid_ies;
1350
		size += struct_size(new->mbssid_ies, elem, mbssid->cnt);
1351
		if (params->rnr_ies) {
1352
			rnr = params->rnr_ies;
1353
			size += struct_size(new->rnr_ies, elem, rnr->cnt);
1354
		}
1355
		size += ieee80211_get_mbssid_beacon_len(mbssid, rnr,
1356
							mbssid->cnt);
1357
	}
1358

1359
	new = kzalloc(size, GFP_KERNEL);
1360
	if (!new)
1361
		return -ENOMEM;
1362

1363
	/* start filling the new info now */
1364

1365
	/*
1366
	 * pointers go into the block we allocated,
1367
	 * memory is | beacon_data | head | tail | mbssid_ies | rnr_ies
1368
	 */
1369
	new->head = ((u8 *) new) + sizeof(*new);
1370
	new->tail = new->head + new_head_len;
1371
	new->head_len = new_head_len;
1372
	new->tail_len = new_tail_len;
1373
	/* copy in optional mbssid_ies */
1374
	if (mbssid) {
1375
		u8 *pos = new->tail + new->tail_len;
1376

1377
		new->mbssid_ies = (void *)pos;
1378
		pos += struct_size(new->mbssid_ies, elem, mbssid->cnt);
1379
		pos += ieee80211_copy_mbssid_beacon(pos, new->mbssid_ies,
1380
						    mbssid);
1381
		if (rnr) {
1382
			new->rnr_ies = (void *)pos;
1383
			pos += struct_size(new->rnr_ies, elem, rnr->cnt);
1384
			ieee80211_copy_rnr_beacon(pos, new->rnr_ies, rnr);
1385
		}
1386
		/* update bssid_indicator */
1387
		if (new->mbssid_ies->cnt && new->mbssid_ies->elem[0].len > 2)
1388
			link_conf->bssid_indicator =
1389
					*(new->mbssid_ies->elem[0].data + 2);
1390
		else
1391
			link_conf->bssid_indicator = 0;
1392
	}
1393

1394
	if (csa) {
1395
		new->cntdwn_current_counter = csa->count;
1396
		memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_beacon,
1397
		       csa->n_counter_offsets_beacon *
1398
		       sizeof(new->cntdwn_counter_offsets[0]));
1399
	} else if (cca) {
1400
		new->cntdwn_current_counter = cca->count;
1401
		new->cntdwn_counter_offsets[0] = cca->counter_offset_beacon;
1402
	}
1403

1404
	/* copy in head */
1405
	if (params->head)
1406
		memcpy(new->head, params->head, new_head_len);
1407
	else
1408
		memcpy(new->head, old->head, new_head_len);
1409

1410
	/* copy in optional tail */
1411
	if (params->tail)
1412
		memcpy(new->tail, params->tail, new_tail_len);
1413
	else
1414
		if (old)
1415
			memcpy(new->tail, old->tail, new_tail_len);
1416

1417
	err = ieee80211_set_probe_resp(sdata, params->probe_resp,
1418
				       params->probe_resp_len, csa, cca, link);
1419
	if (err < 0) {
1420
		kfree(new);
1421
		return err;
1422
	}
1423
	if (err == 0)
1424
		_changed |= BSS_CHANGED_AP_PROBE_RESP;
1425

1426
	if (params->ftm_responder != -1) {
1427
		link_conf->ftm_responder = params->ftm_responder;
1428
		err = ieee80211_set_ftm_responder_params(sdata,
1429
							 params->lci,
1430
							 params->lci_len,
1431
							 params->civicloc,
1432
							 params->civicloc_len,
1433
							 link_conf);
1434

1435
		if (err < 0) {
1436
			kfree(new);
1437
			return err;
1438
		}
1439

1440
		_changed |= BSS_CHANGED_FTM_RESPONDER;
1441
	}
1442

1443
	rcu_assign_pointer(link->u.ap.beacon, new);
1444
	sdata->u.ap.active = true;
1445

1446
	if (old)
1447
		kfree_rcu(old, rcu_head);
1448

1449
	*changed |= _changed;
1450
	return 0;
1451
}
1452

1453
static u8 ieee80211_num_beaconing_links(struct ieee80211_sub_if_data *sdata)
1454
{
1455
	struct ieee80211_link_data *link;
1456
	u8 link_id, num = 0;
1457

1458
	if (sdata->vif.type != NL80211_IFTYPE_AP &&
1459
	    sdata->vif.type != NL80211_IFTYPE_P2P_GO)
1460
		return num;
1461

1462
	/* non-MLO mode of operation also uses link_id 0 in sdata so it is
1463
	 * safe to directly proceed with the below loop
1464
	 */
1465
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
1466
		link = sdata_dereference(sdata->link[link_id], sdata);
1467
		if (!link)
1468
			continue;
1469

1470
		if (sdata_dereference(link->u.ap.beacon, sdata))
1471
			num++;
1472
	}
1473

1474
	return num;
1475
}
1476

1477
static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
1478
			      struct cfg80211_ap_settings *params)
1479
{
1480
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1481
	struct ieee80211_local *local = sdata->local;
1482
	struct beacon_data *old;
1483
	struct ieee80211_sub_if_data *vlan;
1484
	u64 changed = BSS_CHANGED_BEACON_INT |
1485
		      BSS_CHANGED_BEACON_ENABLED |
1486
		      BSS_CHANGED_BEACON |
1487
		      BSS_CHANGED_P2P_PS |
1488
		      BSS_CHANGED_TXPOWER |
1489
		      BSS_CHANGED_TWT;
1490
	int i, err;
1491
	int prev_beacon_int;
1492
	unsigned int link_id = params->beacon.link_id;
1493
	struct ieee80211_link_data *link;
1494
	struct ieee80211_bss_conf *link_conf;
1495
	struct ieee80211_chan_req chanreq = { .oper = params->chandef };
1496
	u64 tsf;
1497

1498
	lockdep_assert_wiphy(local->hw.wiphy);
1499

1500
	link = sdata_dereference(sdata->link[link_id], sdata);
1501
	if (!link)
1502
		return -ENOLINK;
1503

1504
	link_conf = link->conf;
1505

1506
	old = sdata_dereference(link->u.ap.beacon, sdata);
1507
	if (old)
1508
		return -EALREADY;
1509

1510
	link->smps_mode = IEEE80211_SMPS_OFF;
1511

1512
	link->needed_rx_chains = sdata->local->rx_chains;
1513

1514
	prev_beacon_int = link_conf->beacon_int;
1515
	link_conf->beacon_int = params->beacon_interval;
1516

1517
	if (params->ht_cap)
1518
		link_conf->ht_ldpc =
1519
			params->ht_cap->cap_info &
1520
				cpu_to_le16(IEEE80211_HT_CAP_LDPC_CODING);
1521

1522
	if (params->vht_cap) {
1523
		link_conf->vht_ldpc =
1524
			params->vht_cap->vht_cap_info &
1525
				cpu_to_le32(IEEE80211_VHT_CAP_RXLDPC);
1526
		link_conf->vht_su_beamformer =
1527
			params->vht_cap->vht_cap_info &
1528
				cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE);
1529
		link_conf->vht_su_beamformee =
1530
			params->vht_cap->vht_cap_info &
1531
				cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE);
1532
		link_conf->vht_mu_beamformer =
1533
			params->vht_cap->vht_cap_info &
1534
				cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE);
1535
		link_conf->vht_mu_beamformee =
1536
			params->vht_cap->vht_cap_info &
1537
				cpu_to_le32(IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE);
1538
	}
1539

1540
	if (params->he_cap && params->he_oper) {
1541
		link_conf->he_support = true;
1542
		link_conf->htc_trig_based_pkt_ext =
1543
			le32_get_bits(params->he_oper->he_oper_params,
1544
			      IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
1545
		link_conf->frame_time_rts_th =
1546
			le32_get_bits(params->he_oper->he_oper_params,
1547
			      IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
1548
		changed |= BSS_CHANGED_HE_OBSS_PD;
1549

1550
		if (params->beacon.he_bss_color.enabled)
1551
			changed |= BSS_CHANGED_HE_BSS_COLOR;
1552
	}
1553

1554
	if (params->he_cap) {
1555
		link_conf->he_ldpc =
1556
			params->he_cap->phy_cap_info[1] &
1557
				IEEE80211_HE_PHY_CAP1_LDPC_CODING_IN_PAYLOAD;
1558
		link_conf->he_su_beamformer =
1559
			params->he_cap->phy_cap_info[3] &
1560
				IEEE80211_HE_PHY_CAP3_SU_BEAMFORMER;
1561
		link_conf->he_su_beamformee =
1562
			params->he_cap->phy_cap_info[4] &
1563
				IEEE80211_HE_PHY_CAP4_SU_BEAMFORMEE;
1564
		link_conf->he_mu_beamformer =
1565
			params->he_cap->phy_cap_info[4] &
1566
				IEEE80211_HE_PHY_CAP4_MU_BEAMFORMER;
1567
		link_conf->he_full_ul_mumimo =
1568
			params->he_cap->phy_cap_info[2] &
1569
				IEEE80211_HE_PHY_CAP2_UL_MU_FULL_MU_MIMO;
1570
	}
1571

1572
	if (params->eht_cap) {
1573
		if (!link_conf->he_support)
1574
			return -EOPNOTSUPP;
1575

1576
		link_conf->eht_support = true;
1577

1578
		link_conf->eht_su_beamformer =
1579
			params->eht_cap->fixed.phy_cap_info[0] &
1580
				IEEE80211_EHT_PHY_CAP0_SU_BEAMFORMER;
1581
		link_conf->eht_su_beamformee =
1582
			params->eht_cap->fixed.phy_cap_info[0] &
1583
				IEEE80211_EHT_PHY_CAP0_SU_BEAMFORMEE;
1584
		link_conf->eht_mu_beamformer =
1585
			params->eht_cap->fixed.phy_cap_info[7] &
1586
				(IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_80MHZ |
1587
				 IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_160MHZ |
1588
				 IEEE80211_EHT_PHY_CAP7_MU_BEAMFORMER_320MHZ);
1589
		link_conf->eht_80mhz_full_bw_ul_mumimo =
1590
			params->eht_cap->fixed.phy_cap_info[7] &
1591
				(IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_80MHZ |
1592
				 IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_160MHZ |
1593
				 IEEE80211_EHT_PHY_CAP7_NON_OFDMA_UL_MU_MIMO_320MHZ);
1594
		link_conf->eht_disable_mcs15 =
1595
			u8_get_bits(params->eht_oper->params,
1596
				    IEEE80211_EHT_OPER_MCS15_DISABLE);
1597
	} else {
1598
		link_conf->eht_su_beamformer = false;
1599
		link_conf->eht_su_beamformee = false;
1600
		link_conf->eht_mu_beamformer = false;
1601
	}
1602

1603
	if (sdata->vif.type == NL80211_IFTYPE_AP &&
1604
	    params->mbssid_config.tx_wdev) {
1605
		err = ieee80211_set_ap_mbssid_options(sdata,
1606
						      &params->mbssid_config,
1607
						      link_conf);
1608
		if (err)
1609
			return err;
1610
	}
1611

1612
	err = ieee80211_link_use_channel(link, &chanreq,
1613
					 IEEE80211_CHANCTX_SHARED);
1614
	if (!err)
1615
		ieee80211_link_copy_chanctx_to_vlans(link, false);
1616
	if (err) {
1617
		link_conf->beacon_int = prev_beacon_int;
1618
		return err;
1619
	}
1620

1621
	/*
1622
	 * Apply control port protocol, this allows us to
1623
	 * not encrypt dynamic WEP control frames.
1624
	 */
1625
	sdata->control_port_protocol = params->crypto.control_port_ethertype;
1626
	sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
1627
	sdata->control_port_over_nl80211 =
1628
				params->crypto.control_port_over_nl80211;
1629
	sdata->control_port_no_preauth =
1630
				params->crypto.control_port_no_preauth;
1631

1632
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1633
		vlan->control_port_protocol =
1634
			params->crypto.control_port_ethertype;
1635
		vlan->control_port_no_encrypt =
1636
			params->crypto.control_port_no_encrypt;
1637
		vlan->control_port_over_nl80211 =
1638
			params->crypto.control_port_over_nl80211;
1639
		vlan->control_port_no_preauth =
1640
			params->crypto.control_port_no_preauth;
1641
	}
1642

1643
	link_conf->dtim_period = params->dtim_period;
1644
	link_conf->enable_beacon = true;
1645
	link_conf->allow_p2p_go_ps = sdata->vif.p2p;
1646
	link_conf->twt_responder = params->twt_responder;
1647
	link_conf->he_obss_pd = params->he_obss_pd;
1648
	link_conf->he_bss_color = params->beacon.he_bss_color;
1649
	link_conf->s1g_long_beacon_period = params->s1g_long_beacon_period;
1650
	sdata->vif.cfg.s1g = params->chandef.chan->band == NL80211_BAND_S1GHZ;
1651

1652
	sdata->vif.cfg.ssid_len = params->ssid_len;
1653
	if (params->ssid_len)
1654
		memcpy(sdata->vif.cfg.ssid, params->ssid,
1655
		       params->ssid_len);
1656
	link_conf->hidden_ssid =
1657
		(params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
1658

1659
	memset(&link_conf->p2p_noa_attr, 0,
1660
	       sizeof(link_conf->p2p_noa_attr));
1661
	link_conf->p2p_noa_attr.oppps_ctwindow =
1662
		params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1663
	if (params->p2p_opp_ps)
1664
		link_conf->p2p_noa_attr.oppps_ctwindow |=
1665
					IEEE80211_P2P_OPPPS_ENABLE_BIT;
1666

1667
	sdata->beacon_rate_set = false;
1668
	if (wiphy_ext_feature_isset(local->hw.wiphy,
1669
				    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
1670
		for (i = 0; i < NUM_NL80211_BANDS; i++) {
1671
			sdata->beacon_rateidx_mask[i] =
1672
				params->beacon_rate.control[i].legacy;
1673
			if (sdata->beacon_rateidx_mask[i])
1674
				sdata->beacon_rate_set = true;
1675
		}
1676
	}
1677

1678
	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
1679
		link_conf->beacon_tx_rate = params->beacon_rate;
1680

1681
	err = ieee80211_assign_beacon(sdata, link, &params->beacon, NULL, NULL,
1682
				      &changed);
1683
	if (err < 0)
1684
		goto error;
1685

1686
	err = ieee80211_set_fils_discovery(sdata, &params->fils_discovery,
1687
					   link, link_conf, &changed);
1688
	if (err < 0)
1689
		goto error;
1690

1691
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
1692
						   &params->unsol_bcast_probe_resp,
1693
						   link, link_conf, &changed);
1694
	if (err < 0)
1695
		goto error;
1696

1697
	if (sdata->vif.cfg.s1g) {
1698
		err = ieee80211_set_s1g_short_beacon(sdata, link,
1699
						     &params->s1g_short_beacon);
1700
		if (err < 0)
1701
			goto error;
1702
	}
1703

1704
	err = drv_start_ap(sdata->local, sdata, link_conf);
1705
	if (err) {
1706
		old = sdata_dereference(link->u.ap.beacon, sdata);
1707

1708
		if (old)
1709
			kfree_rcu(old, rcu_head);
1710
		RCU_INIT_POINTER(link->u.ap.beacon, NULL);
1711

1712
		if (ieee80211_num_beaconing_links(sdata) == 0)
1713
			sdata->u.ap.active = false;
1714

1715
		goto error;
1716
	}
1717

1718
	tsf = drv_get_tsf(local, sdata);
1719
	ieee80211_recalc_dtim(sdata, tsf);
1720

1721
	if (link->u.ap.s1g_short_beacon)
1722
		ieee80211_recalc_sb_count(sdata, tsf);
1723

1724
	ieee80211_vif_cfg_change_notify(sdata, BSS_CHANGED_SSID);
1725
	ieee80211_link_info_change_notify(sdata, link, changed);
1726

1727
	if (ieee80211_num_beaconing_links(sdata) <= 1)
1728
		netif_carrier_on(dev);
1729

1730
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1731
		netif_carrier_on(vlan->dev);
1732

1733
	return 0;
1734

1735
error:
1736
	ieee80211_link_release_channel(link);
1737

1738
	return err;
1739
}
1740

1741
static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
1742
				   struct cfg80211_ap_update *params)
1743

1744
{
1745
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1746
	struct ieee80211_link_data *link;
1747
	struct cfg80211_beacon_data *beacon = &params->beacon;
1748
	struct beacon_data *old;
1749
	int err;
1750
	struct ieee80211_bss_conf *link_conf;
1751
	u64 changed = 0;
1752

1753
	lockdep_assert_wiphy(wiphy);
1754

1755
	link = sdata_dereference(sdata->link[beacon->link_id], sdata);
1756
	if (!link)
1757
		return -ENOLINK;
1758

1759
	link_conf = link->conf;
1760

1761
	/* don't allow changing the beacon while a countdown is in place - offset
1762
	 * of channel switch counter may change
1763
	 */
1764
	if (link_conf->csa_active || link_conf->color_change_active)
1765
		return -EBUSY;
1766

1767
	old = sdata_dereference(link->u.ap.beacon, sdata);
1768
	if (!old)
1769
		return -ENOENT;
1770

1771
	err = ieee80211_assign_beacon(sdata, link, beacon, NULL, NULL,
1772
				      &changed);
1773
	if (err < 0)
1774
		return err;
1775

1776
	err = ieee80211_set_fils_discovery(sdata, &params->fils_discovery,
1777
					   link, link_conf, &changed);
1778
	if (err < 0)
1779
		return err;
1780

1781
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
1782
						   &params->unsol_bcast_probe_resp,
1783
						   link, link_conf, &changed);
1784
	if (err < 0)
1785
		return err;
1786

1787
	if (link->u.ap.s1g_short_beacon) {
1788
		err = ieee80211_set_s1g_short_beacon(sdata, link,
1789
						     &params->s1g_short_beacon);
1790
		if (err < 0)
1791
			return err;
1792
	}
1793

1794
	if (beacon->he_bss_color_valid &&
1795
	    beacon->he_bss_color.enabled != link_conf->he_bss_color.enabled) {
1796
		link_conf->he_bss_color.enabled = beacon->he_bss_color.enabled;
1797
		changed |= BSS_CHANGED_HE_BSS_COLOR;
1798
	}
1799

1800
	ieee80211_link_info_change_notify(sdata, link, changed);
1801
	return 0;
1802
}
1803

1804
static void ieee80211_free_next_beacon(struct ieee80211_link_data *link)
1805
{
1806
	if (!link->u.ap.next_beacon)
1807
		return;
1808

1809
	kfree(link->u.ap.next_beacon->mbssid_ies);
1810
	kfree(link->u.ap.next_beacon->rnr_ies);
1811
	kfree(link->u.ap.next_beacon);
1812
	link->u.ap.next_beacon = NULL;
1813
}
1814

1815
static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev,
1816
			     unsigned int link_id)
1817
{
1818
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1819
	struct ieee80211_sub_if_data *vlan;
1820
	struct ieee80211_local *local = sdata->local;
1821
	struct beacon_data *old_beacon;
1822
	struct probe_resp *old_probe_resp;
1823
	struct fils_discovery_data *old_fils_discovery;
1824
	struct unsol_bcast_probe_resp_data *old_unsol_bcast_probe_resp;
1825
	struct s1g_short_beacon_data *old_s1g_short_beacon;
1826
	struct cfg80211_chan_def chandef;
1827
	struct ieee80211_link_data *link =
1828
		sdata_dereference(sdata->link[link_id], sdata);
1829
	struct ieee80211_bss_conf *link_conf = link->conf;
1830
	LIST_HEAD(keys);
1831

1832
	lockdep_assert_wiphy(local->hw.wiphy);
1833

1834
	old_beacon = sdata_dereference(link->u.ap.beacon, sdata);
1835
	if (!old_beacon)
1836
		return -ENOENT;
1837
	old_probe_resp = sdata_dereference(link->u.ap.probe_resp,
1838
					   sdata);
1839
	old_fils_discovery = sdata_dereference(link->u.ap.fils_discovery,
1840
					       sdata);
1841
	old_unsol_bcast_probe_resp =
1842
		sdata_dereference(link->u.ap.unsol_bcast_probe_resp,
1843
				  sdata);
1844
	old_s1g_short_beacon =
1845
		sdata_dereference(link->u.ap.s1g_short_beacon, sdata);
1846

1847
	/* abort any running channel switch or color change */
1848
	link_conf->csa_active = false;
1849
	link_conf->color_change_active = false;
1850
	ieee80211_vif_unblock_queues_csa(sdata);
1851

1852
	ieee80211_free_next_beacon(link);
1853

1854
	/* turn off carrier for this interface and dependent VLANs */
1855
	list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1856
		netif_carrier_off(vlan->dev);
1857

1858
	if (ieee80211_num_beaconing_links(sdata) <= 1) {
1859
		netif_carrier_off(dev);
1860
		sdata->u.ap.active = false;
1861
	}
1862

1863
	/* remove beacon and probe response */
1864
	RCU_INIT_POINTER(link->u.ap.beacon, NULL);
1865
	RCU_INIT_POINTER(link->u.ap.probe_resp, NULL);
1866
	RCU_INIT_POINTER(link->u.ap.fils_discovery, NULL);
1867
	RCU_INIT_POINTER(link->u.ap.unsol_bcast_probe_resp, NULL);
1868
	RCU_INIT_POINTER(link->u.ap.s1g_short_beacon, NULL);
1869
	kfree_rcu(old_beacon, rcu_head);
1870
	if (old_probe_resp)
1871
		kfree_rcu(old_probe_resp, rcu_head);
1872
	if (old_fils_discovery)
1873
		kfree_rcu(old_fils_discovery, rcu_head);
1874
	if (old_unsol_bcast_probe_resp)
1875
		kfree_rcu(old_unsol_bcast_probe_resp, rcu_head);
1876
	if (old_s1g_short_beacon)
1877
		kfree_rcu(old_s1g_short_beacon, rcu_head);
1878

1879
	kfree(link_conf->ftmr_params);
1880
	link_conf->ftmr_params = NULL;
1881

1882
	link_conf->bssid_index = 0;
1883
	link_conf->nontransmitted = false;
1884
	link_conf->ema_ap = false;
1885
	link_conf->bssid_indicator = 0;
1886
	link_conf->fils_discovery.min_interval = 0;
1887
	link_conf->fils_discovery.max_interval = 0;
1888
	link_conf->unsol_bcast_probe_resp_interval = 0;
1889

1890
	__sta_info_flush(sdata, true, link_id, NULL);
1891

1892
	ieee80211_remove_link_keys(link, &keys);
1893
	if (!list_empty(&keys)) {
1894
		synchronize_net();
1895
		ieee80211_free_key_list(local, &keys);
1896
	}
1897

1898
	ieee80211_stop_mbssid(sdata);
1899
	RCU_INIT_POINTER(link_conf->tx_bss_conf, NULL);
1900

1901
	link_conf->enable_beacon = false;
1902
	sdata->beacon_rate_set = false;
1903
	sdata->vif.cfg.ssid_len = 0;
1904
	sdata->vif.cfg.s1g = false;
1905
	clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1906
	ieee80211_link_info_change_notify(sdata, link,
1907
					  BSS_CHANGED_BEACON_ENABLED);
1908

1909
	if (sdata->wdev.links[link_id].cac_started) {
1910
		chandef = link_conf->chanreq.oper;
1911
		wiphy_delayed_work_cancel(wiphy, &link->dfs_cac_timer_work);
1912
		cfg80211_cac_event(sdata->dev, &chandef,
1913
				   NL80211_RADAR_CAC_ABORTED,
1914
				   GFP_KERNEL, link_id);
1915
	}
1916

1917
	drv_stop_ap(sdata->local, sdata, link_conf);
1918

1919
	/* free all potentially still buffered bcast frames */
1920
	local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps.bc_buf);
1921
	ieee80211_purge_tx_queue(&local->hw, &sdata->u.ap.ps.bc_buf);
1922

1923
	ieee80211_link_copy_chanctx_to_vlans(link, true);
1924
	ieee80211_link_release_channel(link);
1925

1926
	return 0;
1927
}
1928

1929
static int sta_apply_auth_flags(struct ieee80211_local *local,
1930
				struct sta_info *sta,
1931
				u32 mask, u32 set)
1932
{
1933
	int ret;
1934

1935
	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1936
	    set & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1937
	    !test_sta_flag(sta, WLAN_STA_AUTH)) {
1938
		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1939
		if (ret)
1940
			return ret;
1941
	}
1942

1943
	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1944
	    set & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1945
	    !test_sta_flag(sta, WLAN_STA_ASSOC)) {
1946
		/*
1947
		 * When peer becomes associated, init rate control as
1948
		 * well. Some drivers require rate control initialized
1949
		 * before drv_sta_state() is called.
1950
		 */
1951
		if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
1952
			rate_control_rate_init_all_links(sta);
1953

1954
		ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1955
		if (ret)
1956
			return ret;
1957
	}
1958

1959
	if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1960
		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
1961
			ret = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1962
		else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1963
			ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1964
		else
1965
			ret = 0;
1966
		if (ret)
1967
			return ret;
1968
	}
1969

1970
	if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1971
	    !(set & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
1972
	    test_sta_flag(sta, WLAN_STA_ASSOC)) {
1973
		ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1974
		if (ret)
1975
			return ret;
1976
	}
1977

1978
	if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1979
	    !(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) &&
1980
	    test_sta_flag(sta, WLAN_STA_AUTH)) {
1981
		ret = sta_info_move_state(sta, IEEE80211_STA_NONE);
1982
		if (ret)
1983
			return ret;
1984
	}
1985

1986
	return 0;
1987
}
1988

1989
static void sta_apply_mesh_params(struct ieee80211_local *local,
1990
				  struct sta_info *sta,
1991
				  struct station_parameters *params)
1992
{
1993
#ifdef CONFIG_MAC80211_MESH
1994
	struct ieee80211_sub_if_data *sdata = sta->sdata;
1995
	u64 changed = 0;
1996

1997
	if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) {
1998
		switch (params->plink_state) {
1999
		case NL80211_PLINK_ESTAB:
2000
			if (sta->mesh->plink_state != NL80211_PLINK_ESTAB)
2001
				changed = mesh_plink_inc_estab_count(sdata);
2002
			sta->mesh->plink_state = params->plink_state;
2003
			sta->mesh->aid = params->peer_aid;
2004

2005
			ieee80211_mps_sta_status_update(sta);
2006
			changed |= ieee80211_mps_set_sta_local_pm(sta,
2007
				      sdata->u.mesh.mshcfg.power_mode);
2008

2009
			ewma_mesh_tx_rate_avg_init(&sta->mesh->tx_rate_avg);
2010
			/* init at low value */
2011
			ewma_mesh_tx_rate_avg_add(&sta->mesh->tx_rate_avg, 10);
2012

2013
			break;
2014
		case NL80211_PLINK_LISTEN:
2015
		case NL80211_PLINK_BLOCKED:
2016
		case NL80211_PLINK_OPN_SNT:
2017
		case NL80211_PLINK_OPN_RCVD:
2018
		case NL80211_PLINK_CNF_RCVD:
2019
		case NL80211_PLINK_HOLDING:
2020
			if (sta->mesh->plink_state == NL80211_PLINK_ESTAB)
2021
				changed = mesh_plink_dec_estab_count(sdata);
2022
			sta->mesh->plink_state = params->plink_state;
2023

2024
			ieee80211_mps_sta_status_update(sta);
2025
			changed |= ieee80211_mps_set_sta_local_pm(sta,
2026
					NL80211_MESH_POWER_UNKNOWN);
2027
			break;
2028
		default:
2029
			/*  nothing  */
2030
			break;
2031
		}
2032
	}
2033

2034
	switch (params->plink_action) {
2035
	case NL80211_PLINK_ACTION_NO_ACTION:
2036
		/* nothing */
2037
		break;
2038
	case NL80211_PLINK_ACTION_OPEN:
2039
		changed |= mesh_plink_open(sta);
2040
		break;
2041
	case NL80211_PLINK_ACTION_BLOCK:
2042
		changed |= mesh_plink_block(sta);
2043
		break;
2044
	}
2045

2046
	if (params->local_pm)
2047
		changed |= ieee80211_mps_set_sta_local_pm(sta,
2048
							  params->local_pm);
2049

2050
	ieee80211_mbss_info_change_notify(sdata, changed);
2051
#endif
2052
}
2053

2054
enum sta_link_apply_mode {
2055
	STA_LINK_MODE_NEW,
2056
	STA_LINK_MODE_STA_MODIFY,
2057
	STA_LINK_MODE_LINK_MODIFY,
2058
};
2059

2060
static int sta_link_apply_parameters(struct ieee80211_local *local,
2061
				     struct sta_info *sta,
2062
				     enum sta_link_apply_mode mode,
2063
				     struct link_station_parameters *params)
2064
{
2065
	struct ieee80211_supported_band *sband;
2066
	struct ieee80211_sub_if_data *sdata = sta->sdata;
2067
	u32 link_id = params->link_id < 0 ? 0 : params->link_id;
2068
	struct ieee80211_link_data *link =
2069
		sdata_dereference(sdata->link[link_id], sdata);
2070
	struct link_sta_info *link_sta =
2071
		rcu_dereference_protected(sta->link[link_id],
2072
					  lockdep_is_held(&local->hw.wiphy->mtx));
2073
	bool changes = params->link_mac ||
2074
		       params->txpwr_set ||
2075
		       params->supported_rates_len ||
2076
		       params->ht_capa ||
2077
		       params->vht_capa ||
2078
		       params->he_capa ||
2079
		       params->eht_capa ||
2080
		       params->s1g_capa ||
2081
		       params->opmode_notif_used;
2082

2083
	switch (mode) {
2084
	case STA_LINK_MODE_NEW:
2085
		if (!params->link_mac)
2086
			return -EINVAL;
2087
		break;
2088
	case STA_LINK_MODE_LINK_MODIFY:
2089
		break;
2090
	case STA_LINK_MODE_STA_MODIFY:
2091
		if (params->link_id >= 0)
2092
			break;
2093
		if (!changes)
2094
			return 0;
2095
		break;
2096
	}
2097

2098
	if (!link || !link_sta)
2099
		return -EINVAL;
2100

2101
	sband = ieee80211_get_link_sband(link);
2102
	if (!sband)
2103
		return -EINVAL;
2104

2105
	if (params->link_mac) {
2106
		if (mode == STA_LINK_MODE_NEW) {
2107
			memcpy(link_sta->addr, params->link_mac, ETH_ALEN);
2108
			memcpy(link_sta->pub->addr, params->link_mac, ETH_ALEN);
2109
		} else if (!ether_addr_equal(link_sta->addr,
2110
					     params->link_mac)) {
2111
			return -EINVAL;
2112
		}
2113
	}
2114

2115
	if (params->txpwr_set) {
2116
		int ret;
2117

2118
		link_sta->pub->txpwr.type = params->txpwr.type;
2119
		if (params->txpwr.type == NL80211_TX_POWER_LIMITED)
2120
			link_sta->pub->txpwr.power = params->txpwr.power;
2121
		ret = drv_sta_set_txpwr(local, sdata, sta);
2122
		if (ret)
2123
			return ret;
2124
	}
2125

2126
	if (params->supported_rates &&
2127
	    params->supported_rates_len &&
2128
	    !ieee80211_parse_bitrates(link->conf->chanreq.oper.width,
2129
				      sband, params->supported_rates,
2130
				      params->supported_rates_len,
2131
				      &link_sta->pub->supp_rates[sband->band]))
2132
		return -EINVAL;
2133

2134
	if (params->ht_capa)
2135
		ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
2136
						  params->ht_capa, link_sta);
2137

2138
	/* VHT can override some HT caps such as the A-MSDU max length */
2139
	if (params->vht_capa)
2140
		ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
2141
						    params->vht_capa, NULL,
2142
						    link_sta);
2143

2144
	if (params->he_capa)
2145
		ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
2146
						  (void *)params->he_capa,
2147
						  params->he_capa_len,
2148
						  (void *)params->he_6ghz_capa,
2149
						  link_sta);
2150

2151
	if (params->he_capa && params->eht_capa)
2152
		ieee80211_eht_cap_ie_to_sta_eht_cap(sdata, sband,
2153
						    (u8 *)params->he_capa,
2154
						    params->he_capa_len,
2155
						    params->eht_capa,
2156
						    params->eht_capa_len,
2157
						    link_sta);
2158

2159
	if (params->s1g_capa)
2160
		ieee80211_s1g_cap_to_sta_s1g_cap(sdata, params->s1g_capa,
2161
						 link_sta);
2162

2163
	ieee80211_sta_init_nss(link_sta);
2164

2165
	if (params->opmode_notif_used) {
2166
		enum nl80211_chan_width width = link->conf->chanreq.oper.width;
2167

2168
		switch (width) {
2169
		case NL80211_CHAN_WIDTH_20:
2170
		case NL80211_CHAN_WIDTH_40:
2171
		case NL80211_CHAN_WIDTH_80:
2172
		case NL80211_CHAN_WIDTH_160:
2173
		case NL80211_CHAN_WIDTH_80P80:
2174
		case NL80211_CHAN_WIDTH_320: /* not VHT, allowed for HE/EHT */
2175
			break;
2176
		default:
2177
			return -EINVAL;
2178
		}
2179

2180
		/* returned value is only needed for rc update, but the
2181
		 * rc isn't initialized here yet, so ignore it
2182
		 */
2183
		__ieee80211_vht_handle_opmode(sdata, link_sta,
2184
					      params->opmode_notif,
2185
					      sband->band);
2186
	}
2187

2188
	return 0;
2189
}
2190

2191
static int sta_apply_parameters(struct ieee80211_local *local,
2192
				struct sta_info *sta,
2193
				struct station_parameters *params)
2194
{
2195
	struct ieee80211_sub_if_data *sdata = sta->sdata;
2196
	u32 mask, set;
2197
	int ret = 0;
2198

2199
	mask = params->sta_flags_mask;
2200
	set = params->sta_flags_set;
2201

2202
	if (ieee80211_vif_is_mesh(&sdata->vif)) {
2203
		/*
2204
		 * In mesh mode, ASSOCIATED isn't part of the nl80211
2205
		 * API but must follow AUTHENTICATED for driver state.
2206
		 */
2207
		if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED))
2208
			mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2209
		if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
2210
			set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2211
	} else if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2212
		/*
2213
		 * TDLS -- everything follows authorized, but
2214
		 * only becoming authorized is possible, not
2215
		 * going back
2216
		 */
2217
		if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
2218
			set |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2219
			       BIT(NL80211_STA_FLAG_ASSOCIATED);
2220
			mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2221
				BIT(NL80211_STA_FLAG_ASSOCIATED);
2222
		}
2223
	}
2224

2225
	if (mask & BIT(NL80211_STA_FLAG_WME) &&
2226
	    local->hw.queues >= IEEE80211_NUM_ACS)
2227
		sta->sta.wme = set & BIT(NL80211_STA_FLAG_WME);
2228

2229
	/* auth flags will be set later for TDLS,
2230
	 * and for unassociated stations that move to associated */
2231
	if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2232
	    !((mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
2233
	      (set & BIT(NL80211_STA_FLAG_ASSOCIATED)))) {
2234
		ret = sta_apply_auth_flags(local, sta, mask, set);
2235
		if (ret)
2236
			return ret;
2237
	}
2238

2239
	if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) {
2240
		if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE))
2241
			set_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
2242
		else
2243
			clear_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
2244
	}
2245

2246
	if (mask & BIT(NL80211_STA_FLAG_MFP)) {
2247
		sta->sta.mfp = !!(set & BIT(NL80211_STA_FLAG_MFP));
2248
		if (set & BIT(NL80211_STA_FLAG_MFP))
2249
			set_sta_flag(sta, WLAN_STA_MFP);
2250
		else
2251
			clear_sta_flag(sta, WLAN_STA_MFP);
2252
	}
2253

2254
	if (mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) {
2255
		if (set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2256
			set_sta_flag(sta, WLAN_STA_TDLS_PEER);
2257
		else
2258
			clear_sta_flag(sta, WLAN_STA_TDLS_PEER);
2259
	}
2260

2261
	if (mask & BIT(NL80211_STA_FLAG_SPP_AMSDU))
2262
		sta->sta.spp_amsdu = set & BIT(NL80211_STA_FLAG_SPP_AMSDU);
2263

2264
	/* mark TDLS channel switch support, if the AP allows it */
2265
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2266
	    !sdata->deflink.u.mgd.tdls_chan_switch_prohibited &&
2267
	    params->ext_capab_len >= 4 &&
2268
	    params->ext_capab[3] & WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH)
2269
		set_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH);
2270

2271
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2272
	    !sdata->u.mgd.tdls_wider_bw_prohibited &&
2273
	    ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
2274
	    params->ext_capab_len >= 8 &&
2275
	    params->ext_capab[7] & WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED)
2276
		set_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW);
2277

2278
	if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) {
2279
		sta->sta.uapsd_queues = params->uapsd_queues;
2280
		sta->sta.max_sp = params->max_sp;
2281
	}
2282

2283
	ieee80211_sta_set_max_amsdu_subframes(sta, params->ext_capab,
2284
					      params->ext_capab_len);
2285

2286
	/*
2287
	 * cfg80211 validates this (1-2007) and allows setting the AID
2288
	 * only when creating a new station entry. For S1G APs, the current
2289
	 * implementation supports a maximum of 1600 AIDs.
2290
	 */
2291
	if (params->aid) {
2292
		if (sdata->vif.cfg.s1g &&
2293
		    params->aid > IEEE80211_MAX_SUPPORTED_S1G_AID)
2294
			return -EINVAL;
2295

2296
		sta->sta.aid = params->aid;
2297
	}
2298

2299
	/*
2300
	 * Some of the following updates would be racy if called on an
2301
	 * existing station, via ieee80211_change_station(). However,
2302
	 * all such changes are rejected by cfg80211 except for updates
2303
	 * changing the supported rates on an existing but not yet used
2304
	 * TDLS peer.
2305
	 */
2306

2307
	if (params->listen_interval >= 0)
2308
		sta->listen_interval = params->listen_interval;
2309

2310
	if (params->eml_cap_present)
2311
		sta->sta.eml_cap = params->eml_cap;
2312

2313
	ret = sta_link_apply_parameters(local, sta, STA_LINK_MODE_STA_MODIFY,
2314
					&params->link_sta_params);
2315
	if (ret)
2316
		return ret;
2317

2318
	if (params->support_p2p_ps >= 0)
2319
		sta->sta.support_p2p_ps = params->support_p2p_ps;
2320

2321
	if (ieee80211_vif_is_mesh(&sdata->vif))
2322
		sta_apply_mesh_params(local, sta, params);
2323

2324
	if (params->airtime_weight)
2325
		sta->airtime_weight = params->airtime_weight;
2326

2327
	/* set the STA state after all sta info from usermode has been set */
2328
	if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) ||
2329
	    set & BIT(NL80211_STA_FLAG_ASSOCIATED)) {
2330
		ret = sta_apply_auth_flags(local, sta, mask, set);
2331
		if (ret)
2332
			return ret;
2333
	}
2334

2335
	/* Mark the STA as MLO if MLD MAC address is available */
2336
	if (params->link_sta_params.mld_mac)
2337
		sta->sta.mlo = true;
2338

2339
	return 0;
2340
}
2341

2342
static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
2343
				 const u8 *mac,
2344
				 struct station_parameters *params)
2345
{
2346
	struct ieee80211_local *local = wiphy_priv(wiphy);
2347
	struct sta_info *sta;
2348
	struct ieee80211_sub_if_data *sdata;
2349
	int err;
2350

2351
	lockdep_assert_wiphy(local->hw.wiphy);
2352

2353
	if (params->vlan) {
2354
		sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
2355

2356
		if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
2357
		    sdata->vif.type != NL80211_IFTYPE_AP)
2358
			return -EINVAL;
2359
	} else
2360
		sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2361

2362
	if (ether_addr_equal(mac, sdata->vif.addr))
2363
		return -EINVAL;
2364

2365
	if (!is_valid_ether_addr(mac))
2366
		return -EINVAL;
2367

2368
	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER) &&
2369
	    sdata->vif.type == NL80211_IFTYPE_STATION &&
2370
	    !sdata->u.mgd.associated)
2371
		return -EINVAL;
2372

2373
	/*
2374
	 * If we have a link ID, it can be a non-MLO station on an AP MLD,
2375
	 * but we need to have a link_mac in that case as well, so use the
2376
	 * STA's MAC address in that case.
2377
	 */
2378
	if (params->link_sta_params.link_id >= 0)
2379
		sta = sta_info_alloc_with_link(sdata, mac,
2380
					       params->link_sta_params.link_id,
2381
					       params->link_sta_params.link_mac ?: mac,
2382
					       GFP_KERNEL);
2383
	else
2384
		sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
2385

2386
	if (!sta)
2387
		return -ENOMEM;
2388

2389
	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
2390
		sta->sta.tdls = true;
2391

2392
	/* Though the mutex is not needed here (since the station is not
2393
	 * visible yet), sta_apply_parameters (and inner functions) require
2394
	 * the mutex due to other paths.
2395
	 */
2396
	err = sta_apply_parameters(local, sta, params);
2397
	if (err) {
2398
		sta_info_free(local, sta);
2399
		return err;
2400
	}
2401

2402
	/*
2403
	 * for TDLS and for unassociated station, rate control should be
2404
	 * initialized only when rates are known and station is marked
2405
	 * authorized/associated
2406
	 */
2407
	if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
2408
	    test_sta_flag(sta, WLAN_STA_ASSOC))
2409
		rate_control_rate_init_all_links(sta);
2410

2411
	return sta_info_insert(sta);
2412
}
2413

2414
static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
2415
				 struct station_del_parameters *params)
2416
{
2417
	struct ieee80211_sub_if_data *sdata;
2418

2419
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2420

2421
	if (params->mac)
2422
		return sta_info_destroy_addr_bss(sdata, params->mac);
2423

2424
	sta_info_flush(sdata, params->link_id);
2425
	return 0;
2426
}
2427

2428
static int ieee80211_change_station(struct wiphy *wiphy,
2429
				    struct net_device *dev, const u8 *mac,
2430
				    struct station_parameters *params)
2431
{
2432
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2433
	struct ieee80211_local *local = wiphy_priv(wiphy);
2434
	struct sta_info *sta;
2435
	struct ieee80211_sub_if_data *vlansdata;
2436
	enum cfg80211_station_type statype;
2437
	int err;
2438

2439
	lockdep_assert_wiphy(local->hw.wiphy);
2440

2441
	sta = sta_info_get_bss(sdata, mac);
2442
	if (!sta)
2443
		return -ENOENT;
2444

2445
	switch (sdata->vif.type) {
2446
	case NL80211_IFTYPE_MESH_POINT:
2447
		if (sdata->u.mesh.user_mpm)
2448
			statype = CFG80211_STA_MESH_PEER_USER;
2449
		else
2450
			statype = CFG80211_STA_MESH_PEER_KERNEL;
2451
		break;
2452
	case NL80211_IFTYPE_ADHOC:
2453
		statype = CFG80211_STA_IBSS;
2454
		break;
2455
	case NL80211_IFTYPE_STATION:
2456
		if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2457
			statype = CFG80211_STA_AP_STA;
2458
			break;
2459
		}
2460
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2461
			statype = CFG80211_STA_TDLS_PEER_ACTIVE;
2462
		else
2463
			statype = CFG80211_STA_TDLS_PEER_SETUP;
2464
		break;
2465
	case NL80211_IFTYPE_AP:
2466
	case NL80211_IFTYPE_AP_VLAN:
2467
		if (test_sta_flag(sta, WLAN_STA_ASSOC))
2468
			statype = CFG80211_STA_AP_CLIENT;
2469
		else
2470
			statype = CFG80211_STA_AP_CLIENT_UNASSOC;
2471
		break;
2472
	default:
2473
		return -EOPNOTSUPP;
2474
	}
2475

2476
	err = cfg80211_check_station_change(wiphy, params, statype);
2477
	if (err)
2478
		return err;
2479

2480
	if (params->vlan && params->vlan != sta->sdata->dev) {
2481
		vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
2482

2483
		if (params->vlan->ieee80211_ptr->use_4addr) {
2484
			if (vlansdata->u.vlan.sta)
2485
				return -EBUSY;
2486

2487
			rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
2488
			__ieee80211_check_fast_rx_iface(vlansdata);
2489
			drv_sta_set_4addr(local, sta->sdata, &sta->sta, true);
2490
		}
2491

2492
		if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
2493
		    sta->sdata->u.vlan.sta)
2494
			RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
2495

2496
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2497
			ieee80211_vif_dec_num_mcast(sta->sdata);
2498

2499
		sta->sdata = vlansdata;
2500
		ieee80211_check_fast_rx(sta);
2501
		ieee80211_check_fast_xmit(sta);
2502

2503
		if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
2504
			ieee80211_vif_inc_num_mcast(sta->sdata);
2505
			cfg80211_send_layer2_update(sta->sdata->dev,
2506
						    sta->sta.addr);
2507
		}
2508
	}
2509

2510
	err = sta_apply_parameters(local, sta, params);
2511
	if (err)
2512
		return err;
2513

2514
	if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2515
	    params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
2516
		ieee80211_recalc_ps(local);
2517
		ieee80211_recalc_ps_vif(sdata);
2518
	}
2519

2520
	return 0;
2521
}
2522

2523
#ifdef CONFIG_MAC80211_MESH
2524
static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
2525
			       const u8 *dst, const u8 *next_hop)
2526
{
2527
	struct ieee80211_sub_if_data *sdata;
2528
	struct mesh_path *mpath;
2529
	struct sta_info *sta;
2530

2531
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2532

2533
	rcu_read_lock();
2534
	sta = sta_info_get(sdata, next_hop);
2535
	if (!sta) {
2536
		rcu_read_unlock();
2537
		return -ENOENT;
2538
	}
2539

2540
	mpath = mesh_path_add(sdata, dst);
2541
	if (IS_ERR(mpath)) {
2542
		rcu_read_unlock();
2543
		return PTR_ERR(mpath);
2544
	}
2545

2546
	mesh_path_fix_nexthop(mpath, sta);
2547

2548
	rcu_read_unlock();
2549
	return 0;
2550
}
2551

2552
static int ieee80211_del_mpath(struct wiphy *wiphy, struct net_device *dev,
2553
			       const u8 *dst)
2554
{
2555
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2556

2557
	if (dst)
2558
		return mesh_path_del(sdata, dst);
2559

2560
	mesh_path_flush_by_iface(sdata);
2561
	return 0;
2562
}
2563

2564
static int ieee80211_change_mpath(struct wiphy *wiphy, struct net_device *dev,
2565
				  const u8 *dst, const u8 *next_hop)
2566
{
2567
	struct ieee80211_sub_if_data *sdata;
2568
	struct mesh_path *mpath;
2569
	struct sta_info *sta;
2570

2571
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2572

2573
	rcu_read_lock();
2574

2575
	sta = sta_info_get(sdata, next_hop);
2576
	if (!sta) {
2577
		rcu_read_unlock();
2578
		return -ENOENT;
2579
	}
2580

2581
	mpath = mesh_path_lookup(sdata, dst);
2582
	if (!mpath) {
2583
		rcu_read_unlock();
2584
		return -ENOENT;
2585
	}
2586

2587
	mesh_path_fix_nexthop(mpath, sta);
2588

2589
	rcu_read_unlock();
2590
	return 0;
2591
}
2592

2593
static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
2594
			    struct mpath_info *pinfo)
2595
{
2596
	struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
2597

2598
	if (next_hop_sta)
2599
		memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
2600
	else
2601
		eth_zero_addr(next_hop);
2602

2603
	memset(pinfo, 0, sizeof(*pinfo));
2604

2605
	pinfo->generation = mpath->sdata->u.mesh.mesh_paths_generation;
2606

2607
	pinfo->filled = MPATH_INFO_FRAME_QLEN |
2608
			MPATH_INFO_SN |
2609
			MPATH_INFO_METRIC |
2610
			MPATH_INFO_EXPTIME |
2611
			MPATH_INFO_DISCOVERY_TIMEOUT |
2612
			MPATH_INFO_DISCOVERY_RETRIES |
2613
			MPATH_INFO_FLAGS |
2614
			MPATH_INFO_HOP_COUNT |
2615
			MPATH_INFO_PATH_CHANGE;
2616

2617
	pinfo->frame_qlen = mpath->frame_queue.qlen;
2618
	pinfo->sn = mpath->sn;
2619
	pinfo->metric = mpath->metric;
2620
	if (time_before(jiffies, mpath->exp_time))
2621
		pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
2622
	pinfo->discovery_timeout =
2623
			jiffies_to_msecs(mpath->discovery_timeout);
2624
	pinfo->discovery_retries = mpath->discovery_retries;
2625
	if (mpath->flags & MESH_PATH_ACTIVE)
2626
		pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
2627
	if (mpath->flags & MESH_PATH_RESOLVING)
2628
		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
2629
	if (mpath->flags & MESH_PATH_SN_VALID)
2630
		pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
2631
	if (mpath->flags & MESH_PATH_FIXED)
2632
		pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
2633
	if (mpath->flags & MESH_PATH_RESOLVED)
2634
		pinfo->flags |= NL80211_MPATH_FLAG_RESOLVED;
2635
	pinfo->hop_count = mpath->hop_count;
2636
	pinfo->path_change_count = mpath->path_change_count;
2637
}
2638

2639
static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
2640
			       u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
2641

2642
{
2643
	struct ieee80211_sub_if_data *sdata;
2644
	struct mesh_path *mpath;
2645

2646
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2647

2648
	rcu_read_lock();
2649
	mpath = mesh_path_lookup(sdata, dst);
2650
	if (!mpath) {
2651
		rcu_read_unlock();
2652
		return -ENOENT;
2653
	}
2654
	memcpy(dst, mpath->dst, ETH_ALEN);
2655
	mpath_set_pinfo(mpath, next_hop, pinfo);
2656
	rcu_read_unlock();
2657
	return 0;
2658
}
2659

2660
static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
2661
				int idx, u8 *dst, u8 *next_hop,
2662
				struct mpath_info *pinfo)
2663
{
2664
	struct ieee80211_sub_if_data *sdata;
2665
	struct mesh_path *mpath;
2666

2667
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2668

2669
	rcu_read_lock();
2670
	mpath = mesh_path_lookup_by_idx(sdata, idx);
2671
	if (!mpath) {
2672
		rcu_read_unlock();
2673
		return -ENOENT;
2674
	}
2675
	memcpy(dst, mpath->dst, ETH_ALEN);
2676
	mpath_set_pinfo(mpath, next_hop, pinfo);
2677
	rcu_read_unlock();
2678
	return 0;
2679
}
2680

2681
static void mpp_set_pinfo(struct mesh_path *mpath, u8 *mpp,
2682
			  struct mpath_info *pinfo)
2683
{
2684
	memset(pinfo, 0, sizeof(*pinfo));
2685
	memcpy(mpp, mpath->mpp, ETH_ALEN);
2686

2687
	pinfo->generation = mpath->sdata->u.mesh.mpp_paths_generation;
2688
}
2689

2690
static int ieee80211_get_mpp(struct wiphy *wiphy, struct net_device *dev,
2691
			     u8 *dst, u8 *mpp, struct mpath_info *pinfo)
2692

2693
{
2694
	struct ieee80211_sub_if_data *sdata;
2695
	struct mesh_path *mpath;
2696

2697
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2698

2699
	rcu_read_lock();
2700
	mpath = mpp_path_lookup(sdata, dst);
2701
	if (!mpath) {
2702
		rcu_read_unlock();
2703
		return -ENOENT;
2704
	}
2705
	memcpy(dst, mpath->dst, ETH_ALEN);
2706
	mpp_set_pinfo(mpath, mpp, pinfo);
2707
	rcu_read_unlock();
2708
	return 0;
2709
}
2710

2711
static int ieee80211_dump_mpp(struct wiphy *wiphy, struct net_device *dev,
2712
			      int idx, u8 *dst, u8 *mpp,
2713
			      struct mpath_info *pinfo)
2714
{
2715
	struct ieee80211_sub_if_data *sdata;
2716
	struct mesh_path *mpath;
2717

2718
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2719

2720
	rcu_read_lock();
2721
	mpath = mpp_path_lookup_by_idx(sdata, idx);
2722
	if (!mpath) {
2723
		rcu_read_unlock();
2724
		return -ENOENT;
2725
	}
2726
	memcpy(dst, mpath->dst, ETH_ALEN);
2727
	mpp_set_pinfo(mpath, mpp, pinfo);
2728
	rcu_read_unlock();
2729
	return 0;
2730
}
2731

2732
static int ieee80211_get_mesh_config(struct wiphy *wiphy,
2733
				struct net_device *dev,
2734
				struct mesh_config *conf)
2735
{
2736
	struct ieee80211_sub_if_data *sdata;
2737
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2738

2739
	memcpy(conf, &(sdata->u.mesh.mshcfg), sizeof(struct mesh_config));
2740
	return 0;
2741
}
2742

2743
static inline bool _chg_mesh_attr(enum nl80211_meshconf_params parm, u32 mask)
2744
{
2745
	return (mask >> (parm-1)) & 0x1;
2746
}
2747

2748
static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
2749
		const struct mesh_setup *setup)
2750
{
2751
	u8 *new_ie;
2752
	struct ieee80211_sub_if_data *sdata = container_of(ifmsh,
2753
					struct ieee80211_sub_if_data, u.mesh);
2754
	int i;
2755

2756
	/* allocate information elements */
2757
	new_ie = NULL;
2758

2759
	if (setup->ie_len) {
2760
		new_ie = kmemdup(setup->ie, setup->ie_len,
2761
				GFP_KERNEL);
2762
		if (!new_ie)
2763
			return -ENOMEM;
2764
	}
2765
	ifmsh->ie_len = setup->ie_len;
2766
	ifmsh->ie = new_ie;
2767

2768
	/* now copy the rest of the setup parameters */
2769
	ifmsh->mesh_id_len = setup->mesh_id_len;
2770
	memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
2771
	ifmsh->mesh_sp_id = setup->sync_method;
2772
	ifmsh->mesh_pp_id = setup->path_sel_proto;
2773
	ifmsh->mesh_pm_id = setup->path_metric;
2774
	ifmsh->user_mpm = setup->user_mpm;
2775
	ifmsh->mesh_auth_id = setup->auth_id;
2776
	ifmsh->security = IEEE80211_MESH_SEC_NONE;
2777
	ifmsh->userspace_handles_dfs = setup->userspace_handles_dfs;
2778
	if (setup->is_authenticated)
2779
		ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
2780
	if (setup->is_secure)
2781
		ifmsh->security |= IEEE80211_MESH_SEC_SECURED;
2782

2783
	/* mcast rate setting in Mesh Node */
2784
	memcpy(sdata->vif.bss_conf.mcast_rate, setup->mcast_rate,
2785
						sizeof(setup->mcast_rate));
2786
	sdata->vif.bss_conf.basic_rates = setup->basic_rates;
2787

2788
	sdata->vif.bss_conf.beacon_int = setup->beacon_interval;
2789
	sdata->vif.bss_conf.dtim_period = setup->dtim_period;
2790

2791
	sdata->beacon_rate_set = false;
2792
	if (wiphy_ext_feature_isset(sdata->local->hw.wiphy,
2793
				    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
2794
		for (i = 0; i < NUM_NL80211_BANDS; i++) {
2795
			sdata->beacon_rateidx_mask[i] =
2796
				setup->beacon_rate.control[i].legacy;
2797
			if (sdata->beacon_rateidx_mask[i])
2798
				sdata->beacon_rate_set = true;
2799
		}
2800
	}
2801

2802
	return 0;
2803
}
2804

2805
static int ieee80211_update_mesh_config(struct wiphy *wiphy,
2806
					struct net_device *dev, u32 mask,
2807
					const struct mesh_config *nconf)
2808
{
2809
	struct mesh_config *conf;
2810
	struct ieee80211_sub_if_data *sdata;
2811
	struct ieee80211_if_mesh *ifmsh;
2812

2813
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2814
	ifmsh = &sdata->u.mesh;
2815

2816
	/* Set the config options which we are interested in setting */
2817
	conf = &(sdata->u.mesh.mshcfg);
2818
	if (_chg_mesh_attr(NL80211_MESHCONF_RETRY_TIMEOUT, mask))
2819
		conf->dot11MeshRetryTimeout = nconf->dot11MeshRetryTimeout;
2820
	if (_chg_mesh_attr(NL80211_MESHCONF_CONFIRM_TIMEOUT, mask))
2821
		conf->dot11MeshConfirmTimeout = nconf->dot11MeshConfirmTimeout;
2822
	if (_chg_mesh_attr(NL80211_MESHCONF_HOLDING_TIMEOUT, mask))
2823
		conf->dot11MeshHoldingTimeout = nconf->dot11MeshHoldingTimeout;
2824
	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_PEER_LINKS, mask))
2825
		conf->dot11MeshMaxPeerLinks = nconf->dot11MeshMaxPeerLinks;
2826
	if (_chg_mesh_attr(NL80211_MESHCONF_MAX_RETRIES, mask))
2827
		conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries;
2828
	if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask))
2829
		conf->dot11MeshTTL = nconf->dot11MeshTTL;
2830
	if (_chg_mesh_attr(NL80211_MESHCONF_ELEMENT_TTL, mask))
2831
		conf->element_ttl = nconf->element_ttl;
2832
	if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask)) {
2833
		if (ifmsh->user_mpm)
2834
			return -EBUSY;
2835
		conf->auto_open_plinks = nconf->auto_open_plinks;
2836
	}
2837
	if (_chg_mesh_attr(NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, mask))
2838
		conf->dot11MeshNbrOffsetMaxNeighbor =
2839
			nconf->dot11MeshNbrOffsetMaxNeighbor;
2840
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask))
2841
		conf->dot11MeshHWMPmaxPREQretries =
2842
			nconf->dot11MeshHWMPmaxPREQretries;
2843
	if (_chg_mesh_attr(NL80211_MESHCONF_PATH_REFRESH_TIME, mask))
2844
		conf->path_refresh_time = nconf->path_refresh_time;
2845
	if (_chg_mesh_attr(NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, mask))
2846
		conf->min_discovery_timeout = nconf->min_discovery_timeout;
2847
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, mask))
2848
		conf->dot11MeshHWMPactivePathTimeout =
2849
			nconf->dot11MeshHWMPactivePathTimeout;
2850
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, mask))
2851
		conf->dot11MeshHWMPpreqMinInterval =
2852
			nconf->dot11MeshHWMPpreqMinInterval;
2853
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, mask))
2854
		conf->dot11MeshHWMPperrMinInterval =
2855
			nconf->dot11MeshHWMPperrMinInterval;
2856
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2857
			   mask))
2858
		conf->dot11MeshHWMPnetDiameterTraversalTime =
2859
			nconf->dot11MeshHWMPnetDiameterTraversalTime;
2860
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
2861
		conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
2862
		ieee80211_mesh_root_setup(ifmsh);
2863
	}
2864
	if (_chg_mesh_attr(NL80211_MESHCONF_GATE_ANNOUNCEMENTS, mask)) {
2865
		/* our current gate announcement implementation rides on root
2866
		 * announcements, so require this ifmsh to also be a root node
2867
		 * */
2868
		if (nconf->dot11MeshGateAnnouncementProtocol &&
2869
		    !(conf->dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT)) {
2870
			conf->dot11MeshHWMPRootMode = IEEE80211_PROACTIVE_RANN;
2871
			ieee80211_mesh_root_setup(ifmsh);
2872
		}
2873
		conf->dot11MeshGateAnnouncementProtocol =
2874
			nconf->dot11MeshGateAnnouncementProtocol;
2875
	}
2876
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_RANN_INTERVAL, mask))
2877
		conf->dot11MeshHWMPRannInterval =
2878
			nconf->dot11MeshHWMPRannInterval;
2879
	if (_chg_mesh_attr(NL80211_MESHCONF_FORWARDING, mask))
2880
		conf->dot11MeshForwarding = nconf->dot11MeshForwarding;
2881
	if (_chg_mesh_attr(NL80211_MESHCONF_RSSI_THRESHOLD, mask)) {
2882
		/* our RSSI threshold implementation is supported only for
2883
		 * devices that report signal in dBm.
2884
		 */
2885
		if (!ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM))
2886
			return -EOPNOTSUPP;
2887
		conf->rssi_threshold = nconf->rssi_threshold;
2888
	}
2889
	if (_chg_mesh_attr(NL80211_MESHCONF_HT_OPMODE, mask)) {
2890
		conf->ht_opmode = nconf->ht_opmode;
2891
		sdata->vif.bss_conf.ht_operation_mode = nconf->ht_opmode;
2892
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
2893
						  BSS_CHANGED_HT);
2894
	}
2895
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, mask))
2896
		conf->dot11MeshHWMPactivePathToRootTimeout =
2897
			nconf->dot11MeshHWMPactivePathToRootTimeout;
2898
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOT_INTERVAL, mask))
2899
		conf->dot11MeshHWMProotInterval =
2900
			nconf->dot11MeshHWMProotInterval;
2901
	if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, mask))
2902
		conf->dot11MeshHWMPconfirmationInterval =
2903
			nconf->dot11MeshHWMPconfirmationInterval;
2904
	if (_chg_mesh_attr(NL80211_MESHCONF_POWER_MODE, mask)) {
2905
		conf->power_mode = nconf->power_mode;
2906
		ieee80211_mps_local_status_update(sdata);
2907
	}
2908
	if (_chg_mesh_attr(NL80211_MESHCONF_AWAKE_WINDOW, mask))
2909
		conf->dot11MeshAwakeWindowDuration =
2910
			nconf->dot11MeshAwakeWindowDuration;
2911
	if (_chg_mesh_attr(NL80211_MESHCONF_PLINK_TIMEOUT, mask))
2912
		conf->plink_timeout = nconf->plink_timeout;
2913
	if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_GATE, mask))
2914
		conf->dot11MeshConnectedToMeshGate =
2915
			nconf->dot11MeshConnectedToMeshGate;
2916
	if (_chg_mesh_attr(NL80211_MESHCONF_NOLEARN, mask))
2917
		conf->dot11MeshNolearn = nconf->dot11MeshNolearn;
2918
	if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_AS, mask))
2919
		conf->dot11MeshConnectedToAuthServer =
2920
			nconf->dot11MeshConnectedToAuthServer;
2921
	ieee80211_mbss_info_change_notify(sdata, BSS_CHANGED_BEACON);
2922
	return 0;
2923
}
2924

2925
static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev,
2926
			       const struct mesh_config *conf,
2927
			       const struct mesh_setup *setup)
2928
{
2929
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2930
	struct ieee80211_chan_req chanreq = { .oper = setup->chandef };
2931
	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2932
	int err;
2933

2934
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2935

2936
	memcpy(&ifmsh->mshcfg, conf, sizeof(struct mesh_config));
2937
	err = copy_mesh_setup(ifmsh, setup);
2938
	if (err)
2939
		return err;
2940

2941
	sdata->control_port_over_nl80211 = setup->control_port_over_nl80211;
2942

2943
	/* can mesh use other SMPS modes? */
2944
	sdata->deflink.smps_mode = IEEE80211_SMPS_OFF;
2945
	sdata->deflink.needed_rx_chains = sdata->local->rx_chains;
2946

2947
	err = ieee80211_link_use_channel(&sdata->deflink, &chanreq,
2948
					 IEEE80211_CHANCTX_SHARED);
2949
	if (err)
2950
		return err;
2951

2952
	return ieee80211_start_mesh(sdata);
2953
}
2954

2955
static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
2956
{
2957
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2958

2959
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2960

2961
	ieee80211_stop_mesh(sdata);
2962
	ieee80211_link_release_channel(&sdata->deflink);
2963
	kfree(sdata->u.mesh.ie);
2964

2965
	return 0;
2966
}
2967
#endif
2968

2969
static int ieee80211_change_bss(struct wiphy *wiphy,
2970
				struct net_device *dev,
2971
				struct bss_parameters *params)
2972
{
2973
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2974
	struct ieee80211_link_data *link;
2975
	struct ieee80211_supported_band *sband;
2976
	u64 changed = 0;
2977

2978
	link = ieee80211_link_or_deflink(sdata, params->link_id, true);
2979
	if (IS_ERR(link))
2980
		return PTR_ERR(link);
2981

2982
	if (!sdata_dereference(link->u.ap.beacon, sdata))
2983
		return -ENOENT;
2984

2985
	sband = ieee80211_get_link_sband(link);
2986
	if (!sband)
2987
		return -EINVAL;
2988

2989
	if (params->basic_rates) {
2990
		if (!ieee80211_parse_bitrates(link->conf->chanreq.oper.width,
2991
					      wiphy->bands[sband->band],
2992
					      params->basic_rates,
2993
					      params->basic_rates_len,
2994
					      &link->conf->basic_rates))
2995
			return -EINVAL;
2996
		changed |= BSS_CHANGED_BASIC_RATES;
2997
		ieee80211_check_rate_mask(link);
2998
	}
2999

3000
	if (params->use_cts_prot >= 0) {
3001
		link->conf->use_cts_prot = params->use_cts_prot;
3002
		changed |= BSS_CHANGED_ERP_CTS_PROT;
3003
	}
3004
	if (params->use_short_preamble >= 0) {
3005
		link->conf->use_short_preamble = params->use_short_preamble;
3006
		changed |= BSS_CHANGED_ERP_PREAMBLE;
3007
	}
3008

3009
	if (!link->conf->use_short_slot &&
3010
	    (sband->band == NL80211_BAND_5GHZ ||
3011
	     sband->band == NL80211_BAND_6GHZ)) {
3012
		link->conf->use_short_slot = true;
3013
		changed |= BSS_CHANGED_ERP_SLOT;
3014
	}
3015

3016
	if (params->use_short_slot_time >= 0) {
3017
		link->conf->use_short_slot = params->use_short_slot_time;
3018
		changed |= BSS_CHANGED_ERP_SLOT;
3019
	}
3020

3021
	if (params->ap_isolate >= 0) {
3022
		if (params->ap_isolate)
3023
			sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
3024
		else
3025
			sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
3026
		ieee80211_check_fast_rx_iface(sdata);
3027
	}
3028

3029
	if (params->ht_opmode >= 0) {
3030
		link->conf->ht_operation_mode = (u16)params->ht_opmode;
3031
		changed |= BSS_CHANGED_HT;
3032
	}
3033

3034
	if (params->p2p_ctwindow >= 0) {
3035
		link->conf->p2p_noa_attr.oppps_ctwindow &=
3036
					~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
3037
		link->conf->p2p_noa_attr.oppps_ctwindow |=
3038
			params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
3039
		changed |= BSS_CHANGED_P2P_PS;
3040
	}
3041

3042
	if (params->p2p_opp_ps > 0) {
3043
		link->conf->p2p_noa_attr.oppps_ctwindow |=
3044
					IEEE80211_P2P_OPPPS_ENABLE_BIT;
3045
		changed |= BSS_CHANGED_P2P_PS;
3046
	} else if (params->p2p_opp_ps == 0) {
3047
		link->conf->p2p_noa_attr.oppps_ctwindow &=
3048
					~IEEE80211_P2P_OPPPS_ENABLE_BIT;
3049
		changed |= BSS_CHANGED_P2P_PS;
3050
	}
3051

3052
	ieee80211_link_info_change_notify(sdata, link, changed);
3053

3054
	return 0;
3055
}
3056

3057
static int ieee80211_set_txq_params(struct wiphy *wiphy,
3058
				    struct net_device *dev,
3059
				    struct ieee80211_txq_params *params)
3060
{
3061
	struct ieee80211_local *local = wiphy_priv(wiphy);
3062
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3063
	struct ieee80211_link_data *link =
3064
		ieee80211_link_or_deflink(sdata, params->link_id, true);
3065
	struct ieee80211_tx_queue_params p;
3066

3067
	if (!local->ops->conf_tx)
3068
		return -EOPNOTSUPP;
3069

3070
	if (local->hw.queues < IEEE80211_NUM_ACS)
3071
		return -EOPNOTSUPP;
3072

3073
	if (IS_ERR(link))
3074
		return PTR_ERR(link);
3075

3076
	memset(&p, 0, sizeof(p));
3077
	p.aifs = params->aifs;
3078
	p.cw_max = params->cwmax;
3079
	p.cw_min = params->cwmin;
3080
	p.txop = params->txop;
3081

3082
	/*
3083
	 * Setting tx queue params disables u-apsd because it's only
3084
	 * called in master mode.
3085
	 */
3086
	p.uapsd = false;
3087

3088
	ieee80211_regulatory_limit_wmm_params(sdata, &p, params->ac);
3089

3090
	link->tx_conf[params->ac] = p;
3091
	if (drv_conf_tx(local, link, params->ac, &p)) {
3092
		wiphy_debug(local->hw.wiphy,
3093
			    "failed to set TX queue parameters for AC %d\n",
3094
			    params->ac);
3095
		return -EINVAL;
3096
	}
3097

3098
	ieee80211_link_info_change_notify(sdata, link,
3099
					  BSS_CHANGED_QOS);
3100

3101
	return 0;
3102
}
3103

3104
#ifdef CONFIG_PM
3105
static int ieee80211_suspend(struct wiphy *wiphy,
3106
			     struct cfg80211_wowlan *wowlan)
3107
{
3108
	return __ieee80211_suspend(wiphy_priv(wiphy), wowlan);
3109
}
3110

3111
static int ieee80211_resume(struct wiphy *wiphy)
3112
{
3113
	return __ieee80211_resume(wiphy_priv(wiphy));
3114
}
3115
#else
3116
#define ieee80211_suspend NULL
3117
#define ieee80211_resume NULL
3118
#endif
3119

3120
static int ieee80211_scan(struct wiphy *wiphy,
3121
			  struct cfg80211_scan_request *req)
3122
{
3123
	struct ieee80211_sub_if_data *sdata;
3124
	struct ieee80211_link_data *link;
3125
	struct ieee80211_channel *chan;
3126
	int radio_idx;
3127

3128
	sdata = IEEE80211_WDEV_TO_SUB_IF(req->wdev);
3129

3130
	switch (ieee80211_vif_type_p2p(&sdata->vif)) {
3131
	case NL80211_IFTYPE_STATION:
3132
	case NL80211_IFTYPE_ADHOC:
3133
	case NL80211_IFTYPE_MESH_POINT:
3134
	case NL80211_IFTYPE_P2P_CLIENT:
3135
	case NL80211_IFTYPE_P2P_DEVICE:
3136
		break;
3137
	case NL80211_IFTYPE_P2P_GO:
3138
		if (sdata->local->ops->hw_scan)
3139
			break;
3140
		/*
3141
		 * FIXME: implement NoA while scanning in software,
3142
		 * for now fall through to allow scanning only when
3143
		 * beaconing hasn't been configured yet
3144
		 */
3145
		fallthrough;
3146
	case NL80211_IFTYPE_AP:
3147
		/*
3148
		 * If the scan has been forced (and the driver supports
3149
		 * forcing), don't care about being beaconing already.
3150
		 * This will create problems to the attached stations (e.g. all
3151
		 * the frames sent while scanning on other channel will be
3152
		 * lost)
3153
		 */
3154
		for_each_link_data(sdata, link) {
3155
			/* if the link is not beaconing, ignore it */
3156
			if (!sdata_dereference(link->u.ap.beacon, sdata))
3157
				continue;
3158

3159
			chan = link->conf->chanreq.oper.chan;
3160
			radio_idx = cfg80211_get_radio_idx_by_chan(wiphy, chan);
3161

3162
			if (ieee80211_is_radio_idx_in_scan_req(wiphy, req,
3163
							       radio_idx) &&
3164
			    (!(wiphy->features & NL80211_FEATURE_AP_SCAN) ||
3165
			     !(req->flags & NL80211_SCAN_FLAG_AP)))
3166
				return -EOPNOTSUPP;
3167
		}
3168
		break;
3169
	case NL80211_IFTYPE_NAN:
3170
	default:
3171
		return -EOPNOTSUPP;
3172
	}
3173

3174
	return ieee80211_request_scan(sdata, req);
3175
}
3176

3177
static void ieee80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev)
3178
{
3179
	ieee80211_scan_cancel(wiphy_priv(wiphy));
3180
}
3181

3182
static int
3183
ieee80211_sched_scan_start(struct wiphy *wiphy,
3184
			   struct net_device *dev,
3185
			   struct cfg80211_sched_scan_request *req)
3186
{
3187
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3188

3189
	if (!sdata->local->ops->sched_scan_start)
3190
		return -EOPNOTSUPP;
3191

3192
	return ieee80211_request_sched_scan_start(sdata, req);
3193
}
3194

3195
static int
3196
ieee80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev,
3197
			  u64 reqid)
3198
{
3199
	struct ieee80211_local *local = wiphy_priv(wiphy);
3200

3201
	if (!local->ops->sched_scan_stop)
3202
		return -EOPNOTSUPP;
3203

3204
	return ieee80211_request_sched_scan_stop(local);
3205
}
3206

3207
static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
3208
			  struct cfg80211_auth_request *req)
3209
{
3210
	return ieee80211_mgd_auth(IEEE80211_DEV_TO_SUB_IF(dev), req);
3211
}
3212

3213
static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
3214
			   struct cfg80211_assoc_request *req)
3215
{
3216
	return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
3217
}
3218

3219
static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,
3220
			    struct cfg80211_deauth_request *req)
3221
{
3222
	return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);
3223
}
3224

3225
static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
3226
			      struct cfg80211_disassoc_request *req)
3227
{
3228
	return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
3229
}
3230

3231
static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
3232
			       struct cfg80211_ibss_params *params)
3233
{
3234
	return ieee80211_ibss_join(IEEE80211_DEV_TO_SUB_IF(dev), params);
3235
}
3236

3237
static int ieee80211_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
3238
{
3239
	return ieee80211_ibss_leave(IEEE80211_DEV_TO_SUB_IF(dev));
3240
}
3241

3242
static int ieee80211_join_ocb(struct wiphy *wiphy, struct net_device *dev,
3243
			      struct ocb_setup *setup)
3244
{
3245
	return ieee80211_ocb_join(IEEE80211_DEV_TO_SUB_IF(dev), setup);
3246
}
3247

3248
static int ieee80211_leave_ocb(struct wiphy *wiphy, struct net_device *dev)
3249
{
3250
	return ieee80211_ocb_leave(IEEE80211_DEV_TO_SUB_IF(dev));
3251
}
3252

3253
static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev,
3254
				    int rate[NUM_NL80211_BANDS])
3255
{
3256
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3257

3258
	memcpy(sdata->vif.bss_conf.mcast_rate, rate,
3259
	       sizeof(int) * NUM_NL80211_BANDS);
3260

3261
	if (ieee80211_sdata_running(sdata))
3262
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
3263
						  BSS_CHANGED_MCAST_RATE);
3264

3265
	return 0;
3266
}
3267

3268
static int ieee80211_set_wiphy_params(struct wiphy *wiphy, int radio_idx,
3269
				      u32 changed)
3270
{
3271
	struct ieee80211_local *local = wiphy_priv(wiphy);
3272
	int err;
3273

3274
	if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
3275
		ieee80211_check_fast_xmit_all(local);
3276

3277
		err = drv_set_frag_threshold(local, radio_idx,
3278
					     wiphy->frag_threshold);
3279

3280
		if (err) {
3281
			ieee80211_check_fast_xmit_all(local);
3282
			return err;
3283
		}
3284
	}
3285

3286
	if ((changed & WIPHY_PARAM_COVERAGE_CLASS) ||
3287
	    (changed & WIPHY_PARAM_DYN_ACK)) {
3288
		s16 coverage_class;
3289

3290
		coverage_class = changed & WIPHY_PARAM_COVERAGE_CLASS ?
3291
					wiphy->coverage_class : -1;
3292
		err = drv_set_coverage_class(local, radio_idx,
3293
					     coverage_class);
3294

3295
		if (err)
3296
			return err;
3297
	}
3298

3299
	if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
3300
		u32 rts_threshold;
3301

3302
		if ((radio_idx == -1) || (radio_idx >= wiphy->n_radio))
3303
			rts_threshold = wiphy->rts_threshold;
3304
		else
3305
			rts_threshold =
3306
				wiphy->radio_cfg[radio_idx].rts_threshold;
3307

3308
		err = drv_set_rts_threshold(local, radio_idx, rts_threshold);
3309

3310
		if (err)
3311
			return err;
3312
	}
3313

3314
	if (changed & WIPHY_PARAM_RETRY_SHORT) {
3315
		if (wiphy->retry_short > IEEE80211_MAX_TX_RETRY)
3316
			return -EINVAL;
3317
		local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
3318
	}
3319
	if (changed & WIPHY_PARAM_RETRY_LONG) {
3320
		if (wiphy->retry_long > IEEE80211_MAX_TX_RETRY)
3321
			return -EINVAL;
3322
		local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
3323
	}
3324
	if (changed &
3325
	    (WIPHY_PARAM_RETRY_SHORT | WIPHY_PARAM_RETRY_LONG))
3326
		ieee80211_hw_config(local, radio_idx,
3327
				    IEEE80211_CONF_CHANGE_RETRY_LIMITS);
3328

3329
	if (changed & (WIPHY_PARAM_TXQ_LIMIT |
3330
		       WIPHY_PARAM_TXQ_MEMORY_LIMIT |
3331
		       WIPHY_PARAM_TXQ_QUANTUM))
3332
		ieee80211_txq_set_params(local, radio_idx);
3333

3334
	return 0;
3335
}
3336

3337
static int ieee80211_set_tx_power(struct wiphy *wiphy,
3338
				  struct wireless_dev *wdev, int radio_idx,
3339
				  enum nl80211_tx_power_setting type, int mbm)
3340
{
3341
	struct ieee80211_local *local = wiphy_priv(wiphy);
3342
	struct ieee80211_sub_if_data *sdata;
3343
	enum nl80211_tx_power_setting txp_type = type;
3344
	bool update_txp_type = false;
3345
	bool has_monitor = false;
3346
	int user_power_level;
3347
	int old_power = local->user_power_level;
3348

3349
	lockdep_assert_wiphy(local->hw.wiphy);
3350

3351
	switch (type) {
3352
	case NL80211_TX_POWER_AUTOMATIC:
3353
		user_power_level = IEEE80211_UNSET_POWER_LEVEL;
3354
		txp_type = NL80211_TX_POWER_LIMITED;
3355
		break;
3356
	case NL80211_TX_POWER_LIMITED:
3357
	case NL80211_TX_POWER_FIXED:
3358
		if (mbm < 0 || (mbm % 100))
3359
			return -EOPNOTSUPP;
3360
		user_power_level = MBM_TO_DBM(mbm);
3361
		break;
3362
	default:
3363
		return -EINVAL;
3364
	}
3365

3366
	if (wdev) {
3367
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3368

3369
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3370
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
3371
			if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
3372
				return -EOPNOTSUPP;
3373

3374
			sdata = wiphy_dereference(local->hw.wiphy,
3375
						  local->monitor_sdata);
3376
			if (!sdata)
3377
				return -EOPNOTSUPP;
3378
		}
3379

3380
		for (int link_id = 0;
3381
		     link_id < ARRAY_SIZE(sdata->link);
3382
		     link_id++) {
3383
			struct ieee80211_link_data *link =
3384
				wiphy_dereference(wiphy, sdata->link[link_id]);
3385

3386
			if (!link)
3387
				continue;
3388

3389
			link->user_power_level = user_power_level;
3390

3391
			if (txp_type != link->conf->txpower_type) {
3392
				update_txp_type = true;
3393
				link->conf->txpower_type = txp_type;
3394
			}
3395

3396
			ieee80211_recalc_txpower(link, update_txp_type);
3397
		}
3398
		return 0;
3399
	}
3400

3401
	local->user_power_level = user_power_level;
3402

3403
	list_for_each_entry(sdata, &local->interfaces, list) {
3404
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3405
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
3406
			has_monitor = true;
3407
			continue;
3408
		}
3409

3410
		for (int link_id = 0;
3411
		     link_id < ARRAY_SIZE(sdata->link);
3412
		     link_id++) {
3413
			struct ieee80211_link_data *link =
3414
				wiphy_dereference(wiphy, sdata->link[link_id]);
3415

3416
			if (!link)
3417
				continue;
3418

3419
			link->user_power_level = local->user_power_level;
3420
			if (txp_type != link->conf->txpower_type)
3421
				update_txp_type = true;
3422
			link->conf->txpower_type = txp_type;
3423
		}
3424
	}
3425
	list_for_each_entry(sdata, &local->interfaces, list) {
3426
		if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
3427
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
3428
			continue;
3429

3430
		for (int link_id = 0;
3431
		     link_id < ARRAY_SIZE(sdata->link);
3432
		     link_id++) {
3433
			struct ieee80211_link_data *link =
3434
				wiphy_dereference(wiphy, sdata->link[link_id]);
3435

3436
			if (!link)
3437
				continue;
3438

3439
			ieee80211_recalc_txpower(link, update_txp_type);
3440
		}
3441
	}
3442

3443
	if (has_monitor) {
3444
		sdata = wiphy_dereference(local->hw.wiphy,
3445
					  local->monitor_sdata);
3446
		if (sdata && ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
3447
			sdata->deflink.user_power_level = local->user_power_level;
3448
			if (txp_type != sdata->vif.bss_conf.txpower_type)
3449
				update_txp_type = true;
3450
			sdata->vif.bss_conf.txpower_type = txp_type;
3451

3452
			ieee80211_recalc_txpower(&sdata->deflink,
3453
						 update_txp_type);
3454
		}
3455
	}
3456

3457
	if (local->emulate_chanctx &&
3458
	    (old_power != local->user_power_level))
3459
		ieee80211_hw_conf_chan(local);
3460

3461
	return 0;
3462
}
3463

3464
static int ieee80211_get_tx_power(struct wiphy *wiphy,
3465
				  struct wireless_dev *wdev,
3466
				  int radio_idx,
3467
				  unsigned int link_id,
3468
				  int *dbm)
3469
{
3470
	struct ieee80211_local *local = wiphy_priv(wiphy);
3471
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3472
	struct ieee80211_link_data *link_data;
3473

3474
	if (local->ops->get_txpower &&
3475
	    (sdata->flags & IEEE80211_SDATA_IN_DRIVER))
3476
		return drv_get_txpower(local, sdata, link_id, dbm);
3477

3478
	if (local->emulate_chanctx) {
3479
		*dbm = local->hw.conf.power_level;
3480
	} else {
3481
		link_data = wiphy_dereference(wiphy, sdata->link[link_id]);
3482

3483
		if (link_data)
3484
			*dbm = link_data->conf->txpower;
3485
		else
3486
			return -ENOLINK;
3487
	}
3488

3489
	/* INT_MIN indicates no power level was set yet */
3490
	if (*dbm == INT_MIN)
3491
		return -EINVAL;
3492

3493
	return 0;
3494
}
3495

3496
static void ieee80211_rfkill_poll(struct wiphy *wiphy)
3497
{
3498
	struct ieee80211_local *local = wiphy_priv(wiphy);
3499

3500
	drv_rfkill_poll(local);
3501
}
3502

3503
#ifdef CONFIG_NL80211_TESTMODE
3504
static int ieee80211_testmode_cmd(struct wiphy *wiphy,
3505
				  struct wireless_dev *wdev,
3506
				  void *data, int len)
3507
{
3508
	struct ieee80211_local *local = wiphy_priv(wiphy);
3509
	struct ieee80211_vif *vif = NULL;
3510

3511
	if (!local->ops->testmode_cmd)
3512
		return -EOPNOTSUPP;
3513

3514
	if (wdev) {
3515
		struct ieee80211_sub_if_data *sdata;
3516

3517
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3518
		if (sdata->flags & IEEE80211_SDATA_IN_DRIVER)
3519
			vif = &sdata->vif;
3520
	}
3521

3522
	return local->ops->testmode_cmd(&local->hw, vif, data, len);
3523
}
3524

3525
static int ieee80211_testmode_dump(struct wiphy *wiphy,
3526
				   struct sk_buff *skb,
3527
				   struct netlink_callback *cb,
3528
				   void *data, int len)
3529
{
3530
	struct ieee80211_local *local = wiphy_priv(wiphy);
3531

3532
	if (!local->ops->testmode_dump)
3533
		return -EOPNOTSUPP;
3534

3535
	return local->ops->testmode_dump(&local->hw, skb, cb, data, len);
3536
}
3537
#endif
3538

3539
int __ieee80211_request_smps_mgd(struct ieee80211_sub_if_data *sdata,
3540
				 struct ieee80211_link_data *link,
3541
				 enum ieee80211_smps_mode smps_mode)
3542
{
3543
	const u8 *ap;
3544
	enum ieee80211_smps_mode old_req;
3545
	int err;
3546
	struct sta_info *sta;
3547
	bool tdls_peer_found = false;
3548

3549
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
3550

3551
	if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION))
3552
		return -EINVAL;
3553

3554
	if (!ieee80211_vif_link_active(&sdata->vif, link->link_id))
3555
		return 0;
3556

3557
	old_req = link->u.mgd.req_smps;
3558
	link->u.mgd.req_smps = smps_mode;
3559

3560
	/* The driver indicated that EML is enabled for the interface, which
3561
	 * implies that SMPS flows towards the AP should be stopped.
3562
	 */
3563
	if (sdata->vif.driver_flags & IEEE80211_VIF_EML_ACTIVE)
3564
		return 0;
3565

3566
	if (old_req == smps_mode &&
3567
	    smps_mode != IEEE80211_SMPS_AUTOMATIC)
3568
		return 0;
3569

3570
	/*
3571
	 * If not associated, or current association is not an HT
3572
	 * association, there's no need to do anything, just store
3573
	 * the new value until we associate.
3574
	 */
3575
	if (!sdata->u.mgd.associated ||
3576
	    link->conf->chanreq.oper.width == NL80211_CHAN_WIDTH_20_NOHT)
3577
		return 0;
3578

3579
	ap = sdata->vif.cfg.ap_addr;
3580

3581
	rcu_read_lock();
3582
	list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
3583
		if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
3584
		    !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
3585
			continue;
3586

3587
		tdls_peer_found = true;
3588
		break;
3589
	}
3590
	rcu_read_unlock();
3591

3592
	if (smps_mode == IEEE80211_SMPS_AUTOMATIC) {
3593
		if (tdls_peer_found || !sdata->u.mgd.powersave)
3594
			smps_mode = IEEE80211_SMPS_OFF;
3595
		else
3596
			smps_mode = IEEE80211_SMPS_DYNAMIC;
3597
	}
3598

3599
	/* send SM PS frame to AP */
3600
	err = ieee80211_send_smps_action(sdata, smps_mode,
3601
					 ap, ap,
3602
					 ieee80211_vif_is_mld(&sdata->vif) ?
3603
					 link->link_id : -1);
3604
	if (err)
3605
		link->u.mgd.req_smps = old_req;
3606
	else if (smps_mode != IEEE80211_SMPS_OFF && tdls_peer_found)
3607
		ieee80211_teardown_tdls_peers(link);
3608

3609
	return err;
3610
}
3611

3612
static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
3613
				    bool enabled, int timeout)
3614
{
3615
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3616
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3617
	unsigned int link_id;
3618

3619
	if (sdata->vif.type != NL80211_IFTYPE_STATION)
3620
		return -EOPNOTSUPP;
3621

3622
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
3623
		return -EOPNOTSUPP;
3624

3625
	if (enabled == sdata->u.mgd.powersave &&
3626
	    timeout == local->dynamic_ps_forced_timeout)
3627
		return 0;
3628

3629
	sdata->u.mgd.powersave = enabled;
3630
	local->dynamic_ps_forced_timeout = timeout;
3631

3632
	/* no change, but if automatic follow powersave */
3633
	for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
3634
		struct ieee80211_link_data *link;
3635

3636
		link = sdata_dereference(sdata->link[link_id], sdata);
3637

3638
		if (!link)
3639
			continue;
3640
		__ieee80211_request_smps_mgd(sdata, link,
3641
					     link->u.mgd.req_smps);
3642
	}
3643

3644
	if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
3645
		ieee80211_hw_config(local, -1, IEEE80211_CONF_CHANGE_PS);
3646

3647
	ieee80211_recalc_ps(local);
3648
	ieee80211_recalc_ps_vif(sdata);
3649
	ieee80211_check_fast_rx_iface(sdata);
3650

3651
	return 0;
3652
}
3653

3654
static void ieee80211_set_cqm_rssi_link(struct ieee80211_sub_if_data *sdata,
3655
					struct ieee80211_link_data *link,
3656
					s32 rssi_thold, u32 rssi_hyst,
3657
					s32 rssi_low, s32 rssi_high)
3658
{
3659
	struct ieee80211_bss_conf *conf;
3660

3661
	if (!link || !link->conf)
3662
		return;
3663

3664
	conf = link->conf;
3665

3666
	if (rssi_thold && rssi_hyst &&
3667
	    rssi_thold == conf->cqm_rssi_thold &&
3668
	    rssi_hyst == conf->cqm_rssi_hyst)
3669
		return;
3670

3671
	conf->cqm_rssi_thold = rssi_thold;
3672
	conf->cqm_rssi_hyst = rssi_hyst;
3673
	conf->cqm_rssi_low = rssi_low;
3674
	conf->cqm_rssi_high = rssi_high;
3675
	link->u.mgd.last_cqm_event_signal = 0;
3676

3677
	if (!ieee80211_vif_link_active(&sdata->vif, link->link_id))
3678
		return;
3679

3680
	if (sdata->u.mgd.associated &&
3681
	    (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI))
3682
		ieee80211_link_info_change_notify(sdata, link, BSS_CHANGED_CQM);
3683
}
3684

3685
static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
3686
					 struct net_device *dev,
3687
					 s32 rssi_thold, u32 rssi_hyst)
3688
{
3689
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3690
	struct ieee80211_vif *vif = &sdata->vif;
3691
	int link_id;
3692

3693
	if (vif->driver_flags & IEEE80211_VIF_BEACON_FILTER &&
3694
	    !(vif->driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI))
3695
		return -EOPNOTSUPP;
3696

3697
	/* For MLD, handle CQM change on all the active links */
3698
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3699
		struct ieee80211_link_data *link =
3700
			sdata_dereference(sdata->link[link_id], sdata);
3701

3702
		ieee80211_set_cqm_rssi_link(sdata, link, rssi_thold, rssi_hyst,
3703
					    0, 0);
3704
	}
3705

3706
	return 0;
3707
}
3708

3709
static int ieee80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
3710
					       struct net_device *dev,
3711
					       s32 rssi_low, s32 rssi_high)
3712
{
3713
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3714
	struct ieee80211_vif *vif = &sdata->vif;
3715
	int link_id;
3716

3717
	if (vif->driver_flags & IEEE80211_VIF_BEACON_FILTER)
3718
		return -EOPNOTSUPP;
3719

3720
	/* For MLD, handle CQM change on all the active links */
3721
	for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
3722
		struct ieee80211_link_data *link =
3723
			sdata_dereference(sdata->link[link_id], sdata);
3724

3725
		ieee80211_set_cqm_rssi_link(sdata, link, 0, 0,
3726
					    rssi_low, rssi_high);
3727
	}
3728

3729
	return 0;
3730
}
3731

3732
static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
3733
				      struct net_device *dev,
3734
				      unsigned int link_id,
3735
				      const u8 *addr,
3736
				      const struct cfg80211_bitrate_mask *mask)
3737
{
3738
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3739
	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
3740
	int i, ret;
3741

3742
	if (!ieee80211_sdata_running(sdata))
3743
		return -ENETDOWN;
3744

3745
	/*
3746
	 * If active validate the setting and reject it if it doesn't leave
3747
	 * at least one basic rate usable, since we really have to be able
3748
	 * to send something, and if we're an AP we have to be able to do
3749
	 * so at a basic rate so that all clients can receive it.
3750
	 */
3751
	if (rcu_access_pointer(sdata->vif.bss_conf.chanctx_conf) &&
3752
	    sdata->vif.bss_conf.chanreq.oper.chan) {
3753
		u32 basic_rates = sdata->vif.bss_conf.basic_rates;
3754
		enum nl80211_band band;
3755

3756
		band = sdata->vif.bss_conf.chanreq.oper.chan->band;
3757

3758
		if (!(mask->control[band].legacy & basic_rates))
3759
			return -EINVAL;
3760
	}
3761

3762
	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3763
		ret = drv_set_bitrate_mask(local, sdata, mask);
3764
		if (ret)
3765
			return ret;
3766
	}
3767

3768
	for (i = 0; i < NUM_NL80211_BANDS; i++) {
3769
		struct ieee80211_supported_band *sband = wiphy->bands[i];
3770
		int j;
3771

3772
		sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
3773
		memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].ht_mcs,
3774
		       sizeof(mask->control[i].ht_mcs));
3775
		memcpy(sdata->rc_rateidx_vht_mcs_mask[i],
3776
		       mask->control[i].vht_mcs,
3777
		       sizeof(mask->control[i].vht_mcs));
3778

3779
		sdata->rc_has_mcs_mask[i] = false;
3780
		sdata->rc_has_vht_mcs_mask[i] = false;
3781
		if (!sband)
3782
			continue;
3783

3784
		for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
3785
			if (sdata->rc_rateidx_mcs_mask[i][j] != 0xff) {
3786
				sdata->rc_has_mcs_mask[i] = true;
3787
				break;
3788
			}
3789
		}
3790

3791
		for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
3792
			if (sdata->rc_rateidx_vht_mcs_mask[i][j] != 0xffff) {
3793
				sdata->rc_has_vht_mcs_mask[i] = true;
3794
				break;
3795
			}
3796
		}
3797
	}
3798

3799
	return 0;
3800
}
3801

3802
static bool ieee80211_is_scan_ongoing(struct wiphy *wiphy,
3803
				      struct ieee80211_local *local,
3804
				      struct cfg80211_chan_def *chandef)
3805
{
3806
	struct cfg80211_scan_request *scan_req;
3807
	int chan_radio_idx, req_radio_idx;
3808
	struct ieee80211_roc_work *roc;
3809

3810
	if (list_empty(&local->roc_list) && !local->scanning)
3811
		return false;
3812

3813
	req_radio_idx = cfg80211_get_radio_idx_by_chan(wiphy, chandef->chan);
3814

3815
	if (local->scanning) {
3816
		scan_req = wiphy_dereference(wiphy, local->scan_req);
3817
		/*
3818
		 * Scan is going on but info is not there. Should not happen
3819
		 * but if it does, let's not take risk and assume we can't use
3820
		 * the hw hence return true
3821
		 */
3822
		if (WARN_ON_ONCE(!scan_req))
3823
			return true;
3824

3825
		return ieee80211_is_radio_idx_in_scan_req(wiphy, scan_req,
3826
							  req_radio_idx);
3827
	}
3828

3829
	list_for_each_entry(roc, &local->roc_list, list) {
3830
		chan_radio_idx = cfg80211_get_radio_idx_by_chan(wiphy,
3831
								roc->chan);
3832
		if (chan_radio_idx == req_radio_idx)
3833
			return true;
3834
	}
3835

3836
	return false;
3837
}
3838

3839
static int ieee80211_start_radar_detection(struct wiphy *wiphy,
3840
					   struct net_device *dev,
3841
					   struct cfg80211_chan_def *chandef,
3842
					   u32 cac_time_ms, int link_id)
3843
{
3844
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3845
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
3846
	struct ieee80211_local *local = sdata->local;
3847
	struct ieee80211_link_data *link_data;
3848
	int err;
3849

3850
	lockdep_assert_wiphy(local->hw.wiphy);
3851

3852
	if (ieee80211_is_scan_ongoing(wiphy, local, chandef))
3853
		return -EBUSY;
3854

3855
	link_data = sdata_dereference(sdata->link[link_id], sdata);
3856
	if (!link_data)
3857
		return -ENOLINK;
3858

3859
	/* whatever, but channel contexts should not complain about that one */
3860
	link_data->smps_mode = IEEE80211_SMPS_OFF;
3861
	link_data->needed_rx_chains = local->rx_chains;
3862

3863
	err = ieee80211_link_use_channel(link_data, &chanreq,
3864
					 IEEE80211_CHANCTX_SHARED);
3865
	if (err)
3866
		return err;
3867

3868
	wiphy_delayed_work_queue(wiphy, &link_data->dfs_cac_timer_work,
3869
				 msecs_to_jiffies(cac_time_ms));
3870

3871
	return 0;
3872
}
3873

3874
static void ieee80211_end_cac(struct wiphy *wiphy,
3875
			      struct net_device *dev, unsigned int link_id)
3876
{
3877
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3878
	struct ieee80211_local *local = sdata->local;
3879
	struct ieee80211_link_data *link_data;
3880

3881
	lockdep_assert_wiphy(local->hw.wiphy);
3882

3883
	list_for_each_entry(sdata, &local->interfaces, list) {
3884
		link_data = sdata_dereference(sdata->link[link_id], sdata);
3885
		if (!link_data)
3886
			continue;
3887

3888
		wiphy_delayed_work_cancel(wiphy,
3889
					  &link_data->dfs_cac_timer_work);
3890

3891
		if (sdata->wdev.links[link_id].cac_started) {
3892
			ieee80211_link_release_channel(link_data);
3893
			sdata->wdev.links[link_id].cac_started = false;
3894
		}
3895
	}
3896
}
3897

3898
static struct cfg80211_beacon_data *
3899
cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
3900
{
3901
	struct cfg80211_beacon_data *new_beacon;
3902
	u8 *pos;
3903
	int len;
3904

3905
	len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
3906
	      beacon->proberesp_ies_len + beacon->assocresp_ies_len +
3907
	      beacon->probe_resp_len + beacon->lci_len + beacon->civicloc_len;
3908

3909
	if (beacon->mbssid_ies)
3910
		len += ieee80211_get_mbssid_beacon_len(beacon->mbssid_ies,
3911
						       beacon->rnr_ies,
3912
						       beacon->mbssid_ies->cnt);
3913

3914
	new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL);
3915
	if (!new_beacon)
3916
		return NULL;
3917

3918
	if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
3919
		new_beacon->mbssid_ies =
3920
			kzalloc(struct_size(new_beacon->mbssid_ies,
3921
					    elem, beacon->mbssid_ies->cnt),
3922
				GFP_KERNEL);
3923
		if (!new_beacon->mbssid_ies) {
3924
			kfree(new_beacon);
3925
			return NULL;
3926
		}
3927

3928
		if (beacon->rnr_ies && beacon->rnr_ies->cnt) {
3929
			new_beacon->rnr_ies =
3930
				kzalloc(struct_size(new_beacon->rnr_ies,
3931
						    elem, beacon->rnr_ies->cnt),
3932
					GFP_KERNEL);
3933
			if (!new_beacon->rnr_ies) {
3934
				kfree(new_beacon->mbssid_ies);
3935
				kfree(new_beacon);
3936
				return NULL;
3937
			}
3938
		}
3939
	}
3940

3941
	pos = (u8 *)(new_beacon + 1);
3942
	if (beacon->head_len) {
3943
		new_beacon->head_len = beacon->head_len;
3944
		new_beacon->head = pos;
3945
		memcpy(pos, beacon->head, beacon->head_len);
3946
		pos += beacon->head_len;
3947
	}
3948
	if (beacon->tail_len) {
3949
		new_beacon->tail_len = beacon->tail_len;
3950
		new_beacon->tail = pos;
3951
		memcpy(pos, beacon->tail, beacon->tail_len);
3952
		pos += beacon->tail_len;
3953
	}
3954
	if (beacon->beacon_ies_len) {
3955
		new_beacon->beacon_ies_len = beacon->beacon_ies_len;
3956
		new_beacon->beacon_ies = pos;
3957
		memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len);
3958
		pos += beacon->beacon_ies_len;
3959
	}
3960
	if (beacon->proberesp_ies_len) {
3961
		new_beacon->proberesp_ies_len = beacon->proberesp_ies_len;
3962
		new_beacon->proberesp_ies = pos;
3963
		memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len);
3964
		pos += beacon->proberesp_ies_len;
3965
	}
3966
	if (beacon->assocresp_ies_len) {
3967
		new_beacon->assocresp_ies_len = beacon->assocresp_ies_len;
3968
		new_beacon->assocresp_ies = pos;
3969
		memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len);
3970
		pos += beacon->assocresp_ies_len;
3971
	}
3972
	if (beacon->probe_resp_len) {
3973
		new_beacon->probe_resp_len = beacon->probe_resp_len;
3974
		new_beacon->probe_resp = pos;
3975
		memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
3976
		pos += beacon->probe_resp_len;
3977
	}
3978
	if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
3979
		pos += ieee80211_copy_mbssid_beacon(pos,
3980
						    new_beacon->mbssid_ies,
3981
						    beacon->mbssid_ies);
3982
		if (beacon->rnr_ies && beacon->rnr_ies->cnt)
3983
			pos += ieee80211_copy_rnr_beacon(pos,
3984
							 new_beacon->rnr_ies,
3985
							 beacon->rnr_ies);
3986
	}
3987

3988
	/* might copy -1, meaning no changes requested */
3989
	new_beacon->ftm_responder = beacon->ftm_responder;
3990
	if (beacon->lci) {
3991
		new_beacon->lci_len = beacon->lci_len;
3992
		new_beacon->lci = pos;
3993
		memcpy(pos, beacon->lci, beacon->lci_len);
3994
		pos += beacon->lci_len;
3995
	}
3996
	if (beacon->civicloc) {
3997
		new_beacon->civicloc_len = beacon->civicloc_len;
3998
		new_beacon->civicloc = pos;
3999
		memcpy(pos, beacon->civicloc, beacon->civicloc_len);
4000
		pos += beacon->civicloc_len;
4001
	}
4002

4003
	return new_beacon;
4004
}
4005

4006
void ieee80211_csa_finish(struct ieee80211_vif *vif, unsigned int link_id)
4007
{
4008
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4009
	struct ieee80211_local *local = sdata->local;
4010
	struct ieee80211_bss_conf *tx_bss_conf;
4011
	struct ieee80211_link_data *link_data;
4012

4013
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
4014
		return;
4015

4016
	rcu_read_lock();
4017

4018
	link_data = rcu_dereference(sdata->link[link_id]);
4019
	if (WARN_ON(!link_data)) {
4020
		rcu_read_unlock();
4021
		return;
4022
	}
4023

4024
	tx_bss_conf = rcu_dereference(link_data->conf->tx_bss_conf);
4025
	if (tx_bss_conf == link_data->conf) {
4026
		/* Trigger ieee80211_csa_finish() on the non-transmitting
4027
		 * interfaces when channel switch is received on
4028
		 * transmitting interface
4029
		 */
4030
		struct ieee80211_link_data *iter;
4031

4032
		for_each_sdata_link_rcu(local, iter) {
4033
			if (iter->sdata == sdata ||
4034
			    rcu_access_pointer(iter->conf->tx_bss_conf) != tx_bss_conf)
4035
				continue;
4036

4037
			wiphy_work_queue(iter->sdata->local->hw.wiphy,
4038
					 &iter->csa.finalize_work);
4039
		}
4040
	}
4041

4042
	wiphy_work_queue(local->hw.wiphy, &link_data->csa.finalize_work);
4043

4044
	rcu_read_unlock();
4045
}
4046
EXPORT_SYMBOL(ieee80211_csa_finish);
4047

4048
void ieee80211_channel_switch_disconnect(struct ieee80211_vif *vif)
4049
{
4050
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4051
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4052
	struct ieee80211_local *local = sdata->local;
4053

4054
	sdata_info(sdata, "channel switch failed, disconnecting\n");
4055
	wiphy_work_queue(local->hw.wiphy, &ifmgd->csa_connection_drop_work);
4056
}
4057
EXPORT_SYMBOL(ieee80211_channel_switch_disconnect);
4058

4059
static int ieee80211_set_after_csa_beacon(struct ieee80211_link_data *link_data,
4060
					  u64 *changed)
4061
{
4062
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4063
	int err;
4064

4065
	switch (sdata->vif.type) {
4066
	case NL80211_IFTYPE_AP:
4067
		if (!link_data->u.ap.next_beacon)
4068
			return -EINVAL;
4069

4070
		err = ieee80211_assign_beacon(sdata, link_data,
4071
					      link_data->u.ap.next_beacon,
4072
					      NULL, NULL, changed);
4073
		ieee80211_free_next_beacon(link_data);
4074

4075
		if (err < 0)
4076
			return err;
4077
		break;
4078
	case NL80211_IFTYPE_ADHOC:
4079
		err = ieee80211_ibss_finish_csa(sdata, changed);
4080
		if (err < 0)
4081
			return err;
4082
		break;
4083
#ifdef CONFIG_MAC80211_MESH
4084
	case NL80211_IFTYPE_MESH_POINT:
4085
		err = ieee80211_mesh_finish_csa(sdata, changed);
4086
		if (err < 0)
4087
			return err;
4088
		break;
4089
#endif
4090
	default:
4091
		WARN_ON(1);
4092
		return -EINVAL;
4093
	}
4094

4095
	return 0;
4096
}
4097

4098
static int __ieee80211_csa_finalize(struct ieee80211_link_data *link_data)
4099
{
4100
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4101
	struct ieee80211_local *local = sdata->local;
4102
	struct ieee80211_bss_conf *link_conf = link_data->conf;
4103
	u64 changed = 0;
4104
	int err;
4105

4106
	lockdep_assert_wiphy(local->hw.wiphy);
4107

4108
	/*
4109
	 * using reservation isn't immediate as it may be deferred until later
4110
	 * with multi-vif. once reservation is complete it will re-schedule the
4111
	 * work with no reserved_chanctx so verify chandef to check if it
4112
	 * completed successfully
4113
	 */
4114

4115
	if (link_data->reserved_chanctx) {
4116
		/*
4117
		 * with multi-vif csa driver may call ieee80211_csa_finish()
4118
		 * many times while waiting for other interfaces to use their
4119
		 * reservations
4120
		 */
4121
		if (link_data->reserved_ready)
4122
			return 0;
4123

4124
		return ieee80211_link_use_reserved_context(link_data);
4125
	}
4126

4127
	if (!cfg80211_chandef_identical(&link_conf->chanreq.oper,
4128
					&link_data->csa.chanreq.oper))
4129
		return -EINVAL;
4130

4131
	link_conf->csa_active = false;
4132

4133
	err = ieee80211_set_after_csa_beacon(link_data, &changed);
4134
	if (err)
4135
		return err;
4136

4137
	ieee80211_link_info_change_notify(sdata, link_data, changed);
4138

4139
	ieee80211_vif_unblock_queues_csa(sdata);
4140

4141
	err = drv_post_channel_switch(link_data);
4142
	if (err)
4143
		return err;
4144

4145
	cfg80211_ch_switch_notify(sdata->dev, &link_data->csa.chanreq.oper,
4146
				  link_data->link_id);
4147

4148
	return 0;
4149
}
4150

4151
static void ieee80211_csa_finalize(struct ieee80211_link_data *link_data)
4152
{
4153
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4154

4155
	if (__ieee80211_csa_finalize(link_data)) {
4156
		sdata_info(sdata, "failed to finalize CSA on link %d, disconnecting\n",
4157
			   link_data->link_id);
4158
		cfg80211_stop_iface(sdata->local->hw.wiphy, &sdata->wdev,
4159
				    GFP_KERNEL);
4160
	}
4161
}
4162

4163
void ieee80211_csa_finalize_work(struct wiphy *wiphy, struct wiphy_work *work)
4164
{
4165
	struct ieee80211_link_data *link =
4166
		container_of(work, struct ieee80211_link_data, csa.finalize_work);
4167
	struct ieee80211_sub_if_data *sdata = link->sdata;
4168
	struct ieee80211_local *local = sdata->local;
4169

4170
	lockdep_assert_wiphy(local->hw.wiphy);
4171

4172
	/* AP might have been stopped while waiting for the lock. */
4173
	if (!link->conf->csa_active)
4174
		return;
4175

4176
	if (!ieee80211_sdata_running(sdata))
4177
		return;
4178

4179
	ieee80211_csa_finalize(link);
4180
}
4181

4182
static int ieee80211_set_csa_beacon(struct ieee80211_link_data *link_data,
4183
				    struct cfg80211_csa_settings *params,
4184
				    u64 *changed)
4185
{
4186
	struct ieee80211_sub_if_data *sdata = link_data->sdata;
4187
	struct ieee80211_csa_settings csa = {};
4188
	int err;
4189

4190
	switch (sdata->vif.type) {
4191
	case NL80211_IFTYPE_AP:
4192
		link_data->u.ap.next_beacon =
4193
			cfg80211_beacon_dup(&params->beacon_after);
4194
		if (!link_data->u.ap.next_beacon)
4195
			return -ENOMEM;
4196

4197
		/*
4198
		 * With a count of 0, we don't have to wait for any
4199
		 * TBTT before switching, so complete the CSA
4200
		 * immediately.  In theory, with a count == 1 we
4201
		 * should delay the switch until just before the next
4202
		 * TBTT, but that would complicate things so we switch
4203
		 * immediately too.  If we would delay the switch
4204
		 * until the next TBTT, we would have to set the probe
4205
		 * response here.
4206
		 *
4207
		 * TODO: A channel switch with count <= 1 without
4208
		 * sending a CSA action frame is kind of useless,
4209
		 * because the clients won't know we're changing
4210
		 * channels.  The action frame must be implemented
4211
		 * either here or in the userspace.
4212
		 */
4213
		if (params->count <= 1)
4214
			break;
4215

4216
		if ((params->n_counter_offsets_beacon >
4217
		     IEEE80211_MAX_CNTDWN_COUNTERS_NUM) ||
4218
		    (params->n_counter_offsets_presp >
4219
		     IEEE80211_MAX_CNTDWN_COUNTERS_NUM)) {
4220
			ieee80211_free_next_beacon(link_data);
4221
			return -EINVAL;
4222
		}
4223

4224
		csa.counter_offsets_beacon = params->counter_offsets_beacon;
4225
		csa.counter_offsets_presp = params->counter_offsets_presp;
4226
		csa.n_counter_offsets_beacon = params->n_counter_offsets_beacon;
4227
		csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
4228
		csa.count = params->count;
4229

4230
		err = ieee80211_assign_beacon(sdata, link_data,
4231
					      &params->beacon_csa, &csa,
4232
					      NULL, changed);
4233
		if (err < 0) {
4234
			ieee80211_free_next_beacon(link_data);
4235
			return err;
4236
		}
4237

4238
		break;
4239
	case NL80211_IFTYPE_ADHOC:
4240
		if (!sdata->vif.cfg.ibss_joined)
4241
			return -EINVAL;
4242

4243
		if (params->chandef.width != sdata->u.ibss.chandef.width)
4244
			return -EINVAL;
4245

4246
		switch (params->chandef.width) {
4247
		case NL80211_CHAN_WIDTH_40:
4248
			if (cfg80211_get_chandef_type(&params->chandef) !=
4249
			    cfg80211_get_chandef_type(&sdata->u.ibss.chandef))
4250
				return -EINVAL;
4251
			break;
4252
		case NL80211_CHAN_WIDTH_5:
4253
		case NL80211_CHAN_WIDTH_10:
4254
		case NL80211_CHAN_WIDTH_20_NOHT:
4255
		case NL80211_CHAN_WIDTH_20:
4256
			break;
4257
		default:
4258
			return -EINVAL;
4259
		}
4260

4261
		/* changes into another band are not supported */
4262
		if (sdata->u.ibss.chandef.chan->band !=
4263
		    params->chandef.chan->band)
4264
			return -EINVAL;
4265

4266
		/* see comments in the NL80211_IFTYPE_AP block */
4267
		if (params->count > 1) {
4268
			err = ieee80211_ibss_csa_beacon(sdata, params, changed);
4269
			if (err < 0)
4270
				return err;
4271
		}
4272

4273
		ieee80211_send_action_csa(sdata, params);
4274

4275
		break;
4276
#ifdef CONFIG_MAC80211_MESH
4277
	case NL80211_IFTYPE_MESH_POINT: {
4278
		struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
4279

4280
		/* changes into another band are not supported */
4281
		if (sdata->vif.bss_conf.chanreq.oper.chan->band !=
4282
		    params->chandef.chan->band)
4283
			return -EINVAL;
4284

4285
		if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_NONE) {
4286
			ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_INIT;
4287
			if (!ifmsh->pre_value)
4288
				ifmsh->pre_value = 1;
4289
			else
4290
				ifmsh->pre_value++;
4291
		}
4292

4293
		/* see comments in the NL80211_IFTYPE_AP block */
4294
		if (params->count > 1) {
4295
			err = ieee80211_mesh_csa_beacon(sdata, params, changed);
4296
			if (err < 0) {
4297
				ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
4298
				return err;
4299
			}
4300
		}
4301

4302
		if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT)
4303
			ieee80211_send_action_csa(sdata, params);
4304

4305
		break;
4306
		}
4307
#endif
4308
	default:
4309
		return -EOPNOTSUPP;
4310
	}
4311

4312
	return 0;
4313
}
4314

4315
static void ieee80211_color_change_abort(struct ieee80211_link_data *link)
4316
{
4317
	link->conf->color_change_active = false;
4318

4319
	ieee80211_free_next_beacon(link);
4320

4321
	cfg80211_color_change_aborted_notify(link->sdata->dev, link->link_id);
4322
}
4323

4324
static int
4325
__ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
4326
			   struct cfg80211_csa_settings *params)
4327
{
4328
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4329
	struct ieee80211_chan_req chanreq = { .oper = params->chandef };
4330
	struct ieee80211_local *local = sdata->local;
4331
	struct ieee80211_channel_switch ch_switch = {
4332
		.link_id = params->link_id,
4333
	};
4334
	struct ieee80211_chanctx_conf *conf;
4335
	struct ieee80211_chanctx *chanctx;
4336
	struct ieee80211_bss_conf *link_conf;
4337
	struct ieee80211_link_data *link_data;
4338
	u64 changed = 0;
4339
	u8 link_id = params->link_id;
4340
	int err;
4341

4342
	lockdep_assert_wiphy(local->hw.wiphy);
4343

4344
	if (ieee80211_is_scan_ongoing(wiphy, local, &params->chandef))
4345
		return -EBUSY;
4346

4347
	if (sdata->wdev.links[link_id].cac_started)
4348
		return -EBUSY;
4349

4350
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
4351
		return -EINVAL;
4352

4353
	link_data = wiphy_dereference(wiphy, sdata->link[link_id]);
4354
	if (!link_data)
4355
		return -ENOLINK;
4356

4357
	link_conf = link_data->conf;
4358

4359
	if (chanreq.oper.punctured && !link_conf->eht_support)
4360
		return -EINVAL;
4361

4362
	/* don't allow another channel switch if one is already active. */
4363
	if (link_conf->csa_active)
4364
		return -EBUSY;
4365

4366
	conf = wiphy_dereference(wiphy, link_conf->chanctx_conf);
4367
	if (!conf) {
4368
		err = -EBUSY;
4369
		goto out;
4370
	}
4371

4372
	if (params->chandef.chan->freq_offset) {
4373
		/* this may work, but is untested */
4374
		err = -EOPNOTSUPP;
4375
		goto out;
4376
	}
4377

4378
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
4379
						   &params->unsol_bcast_probe_resp,
4380
						   link_data, link_conf, &changed);
4381
	if (err)
4382
		goto out;
4383

4384
	chanctx = container_of(conf, struct ieee80211_chanctx, conf);
4385

4386
	ch_switch.timestamp = 0;
4387
	ch_switch.device_timestamp = 0;
4388
	ch_switch.block_tx = params->block_tx;
4389
	ch_switch.chandef = chanreq.oper;
4390
	ch_switch.count = params->count;
4391

4392
	err = drv_pre_channel_switch(sdata, &ch_switch);
4393
	if (err)
4394
		goto out;
4395

4396
	err = ieee80211_link_reserve_chanctx(link_data, &chanreq,
4397
					     chanctx->mode,
4398
					     params->radar_required);
4399
	if (err)
4400
		goto out;
4401

4402
	/* if reservation is invalid then this will fail */
4403
	err = ieee80211_check_combinations(sdata, NULL, chanctx->mode, 0, -1);
4404
	if (err) {
4405
		ieee80211_link_unreserve_chanctx(link_data);
4406
		goto out;
4407
	}
4408

4409
	/* if there is a color change in progress, abort it */
4410
	if (link_conf->color_change_active)
4411
		ieee80211_color_change_abort(link_data);
4412

4413
	err = ieee80211_set_csa_beacon(link_data, params, &changed);
4414
	if (err) {
4415
		ieee80211_link_unreserve_chanctx(link_data);
4416
		goto out;
4417
	}
4418

4419
	link_data->csa.chanreq = chanreq;
4420
	link_conf->csa_active = true;
4421

4422
	if (params->block_tx)
4423
		ieee80211_vif_block_queues_csa(sdata);
4424

4425
	cfg80211_ch_switch_started_notify(sdata->dev,
4426
					  &link_data->csa.chanreq.oper, link_id,
4427
					  params->count, params->block_tx);
4428

4429
	if (changed) {
4430
		ieee80211_link_info_change_notify(sdata, link_data, changed);
4431
		drv_channel_switch_beacon(sdata, &link_data->csa.chanreq.oper);
4432
	} else {
4433
		/* if the beacon didn't change, we can finalize immediately */
4434
		ieee80211_csa_finalize(link_data);
4435
	}
4436

4437
out:
4438
	return err;
4439
}
4440

4441
int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
4442
			     struct cfg80211_csa_settings *params)
4443
{
4444
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4445
	struct ieee80211_local *local = sdata->local;
4446

4447
	lockdep_assert_wiphy(local->hw.wiphy);
4448

4449
	return __ieee80211_channel_switch(wiphy, dev, params);
4450
}
4451

4452
u64 ieee80211_mgmt_tx_cookie(struct ieee80211_local *local)
4453
{
4454
	lockdep_assert_wiphy(local->hw.wiphy);
4455

4456
	local->roc_cookie_counter++;
4457

4458
	/* wow, you wrapped 64 bits ... more likely a bug */
4459
	if (WARN_ON(local->roc_cookie_counter == 0))
4460
		local->roc_cookie_counter++;
4461

4462
	return local->roc_cookie_counter;
4463
}
4464

4465
int ieee80211_attach_ack_skb(struct ieee80211_local *local, struct sk_buff *skb,
4466
			     u64 *cookie, gfp_t gfp)
4467
{
4468
	unsigned long spin_flags;
4469
	struct sk_buff *ack_skb;
4470
	int id;
4471

4472
	ack_skb = skb_copy(skb, gfp);
4473
	if (!ack_skb)
4474
		return -ENOMEM;
4475

4476
	spin_lock_irqsave(&local->ack_status_lock, spin_flags);
4477
	id = idr_alloc(&local->ack_status_frames, ack_skb,
4478
		       1, 0x2000, GFP_ATOMIC);
4479
	spin_unlock_irqrestore(&local->ack_status_lock, spin_flags);
4480

4481
	if (id < 0) {
4482
		kfree_skb(ack_skb);
4483
		return -ENOMEM;
4484
	}
4485

4486
	IEEE80211_SKB_CB(skb)->status_data_idr = 1;
4487
	IEEE80211_SKB_CB(skb)->status_data = id;
4488

4489
	*cookie = ieee80211_mgmt_tx_cookie(local);
4490
	IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
4491

4492
	return 0;
4493
}
4494

4495
static void
4496
ieee80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
4497
					  struct wireless_dev *wdev,
4498
					  struct mgmt_frame_regs *upd)
4499
{
4500
	struct ieee80211_local *local = wiphy_priv(wiphy);
4501
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4502
	u32 preq_mask = BIT(IEEE80211_STYPE_PROBE_REQ >> 4);
4503
	u32 action_mask = BIT(IEEE80211_STYPE_ACTION >> 4);
4504
	bool global_change, intf_change;
4505

4506
	global_change =
4507
		(local->probe_req_reg != !!(upd->global_stypes & preq_mask)) ||
4508
		(local->rx_mcast_action_reg !=
4509
		 !!(upd->global_mcast_stypes & action_mask));
4510
	local->probe_req_reg = upd->global_stypes & preq_mask;
4511
	local->rx_mcast_action_reg = upd->global_mcast_stypes & action_mask;
4512

4513
	intf_change = (sdata->vif.probe_req_reg !=
4514
		       !!(upd->interface_stypes & preq_mask)) ||
4515
		(sdata->vif.rx_mcast_action_reg !=
4516
		 !!(upd->interface_mcast_stypes & action_mask));
4517
	sdata->vif.probe_req_reg = upd->interface_stypes & preq_mask;
4518
	sdata->vif.rx_mcast_action_reg =
4519
		upd->interface_mcast_stypes & action_mask;
4520

4521
	if (!local->open_count)
4522
		return;
4523

4524
	if (intf_change && ieee80211_sdata_running(sdata))
4525
		drv_config_iface_filter(local, sdata,
4526
					sdata->vif.probe_req_reg ?
4527
						FIF_PROBE_REQ : 0,
4528
					FIF_PROBE_REQ);
4529

4530
	if (global_change)
4531
		ieee80211_configure_filter(local);
4532
}
4533

4534
static int ieee80211_set_antenna(struct wiphy *wiphy, int radio_idx,
4535
				 u32 tx_ant, u32 rx_ant)
4536
{
4537
	struct ieee80211_local *local = wiphy_priv(wiphy);
4538
	int ret;
4539

4540
	if (local->started)
4541
		return -EOPNOTSUPP;
4542

4543
	ret = drv_set_antenna(local, tx_ant, rx_ant);
4544
	if (ret)
4545
		return ret;
4546

4547
	local->rx_chains = hweight8(rx_ant);
4548
	return 0;
4549
}
4550

4551
static int ieee80211_get_antenna(struct wiphy *wiphy, int radio_idx,
4552
				 u32 *tx_ant, u32 *rx_ant)
4553
{
4554
	struct ieee80211_local *local = wiphy_priv(wiphy);
4555

4556
	return drv_get_antenna(local, radio_idx, tx_ant, rx_ant);
4557
}
4558

4559
static int ieee80211_set_rekey_data(struct wiphy *wiphy,
4560
				    struct net_device *dev,
4561
				    struct cfg80211_gtk_rekey_data *data)
4562
{
4563
	struct ieee80211_local *local = wiphy_priv(wiphy);
4564
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4565

4566
	if (!local->ops->set_rekey_data)
4567
		return -EOPNOTSUPP;
4568

4569
	drv_set_rekey_data(local, sdata, data);
4570

4571
	return 0;
4572
}
4573

4574
static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
4575
				  const u8 *peer, u64 *cookie)
4576
{
4577
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4578
	struct ieee80211_local *local = sdata->local;
4579
	struct ieee80211_qos_hdr *nullfunc;
4580
	struct sk_buff *skb;
4581
	int size = sizeof(*nullfunc);
4582
	__le16 fc;
4583
	bool qos;
4584
	struct ieee80211_tx_info *info;
4585
	struct sta_info *sta;
4586
	struct ieee80211_chanctx_conf *chanctx_conf;
4587
	enum nl80211_band band;
4588
	int ret;
4589

4590
	/* the lock is needed to assign the cookie later */
4591
	lockdep_assert_wiphy(local->hw.wiphy);
4592

4593
	rcu_read_lock();
4594
	sta = sta_info_get_bss(sdata, peer);
4595
	if (!sta) {
4596
		ret = -ENOLINK;
4597
		goto unlock;
4598
	}
4599

4600
	qos = sta->sta.wme;
4601

4602
	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
4603
	if (WARN_ON(!chanctx_conf)) {
4604
		ret = -EINVAL;
4605
		goto unlock;
4606
	}
4607
	band = chanctx_conf->def.chan->band;
4608

4609
	if (qos) {
4610
		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
4611
				 IEEE80211_STYPE_QOS_NULLFUNC |
4612
				 IEEE80211_FCTL_FROMDS);
4613
	} else {
4614
		size -= 2;
4615
		fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
4616
				 IEEE80211_STYPE_NULLFUNC |
4617
				 IEEE80211_FCTL_FROMDS);
4618
	}
4619

4620
	skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
4621
	if (!skb) {
4622
		ret = -ENOMEM;
4623
		goto unlock;
4624
	}
4625

4626
	skb->dev = dev;
4627

4628
	skb_reserve(skb, local->hw.extra_tx_headroom);
4629

4630
	nullfunc = skb_put(skb, size);
4631
	nullfunc->frame_control = fc;
4632
	nullfunc->duration_id = 0;
4633
	memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
4634
	memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
4635
	memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
4636
	nullfunc->seq_ctrl = 0;
4637

4638
	info = IEEE80211_SKB_CB(skb);
4639

4640
	info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
4641
		       IEEE80211_TX_INTFL_NL80211_FRAME_TX;
4642
	info->band = band;
4643

4644
	skb_set_queue_mapping(skb, IEEE80211_AC_VO);
4645
	skb->priority = 7;
4646
	if (qos)
4647
		nullfunc->qos_ctrl = cpu_to_le16(7);
4648

4649
	ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_ATOMIC);
4650
	if (ret) {
4651
		kfree_skb(skb);
4652
		goto unlock;
4653
	}
4654

4655
	local_bh_disable();
4656
	ieee80211_xmit(sdata, sta, skb);
4657
	local_bh_enable();
4658

4659
	ret = 0;
4660
unlock:
4661
	rcu_read_unlock();
4662

4663
	return ret;
4664
}
4665

4666
static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
4667
				     struct wireless_dev *wdev,
4668
				     unsigned int link_id,
4669
				     struct cfg80211_chan_def *chandef)
4670
{
4671
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4672
	struct ieee80211_local *local = wiphy_priv(wiphy);
4673
	struct ieee80211_chanctx_conf *chanctx_conf;
4674
	struct ieee80211_link_data *link;
4675
	int ret = -ENODATA;
4676

4677
	rcu_read_lock();
4678
	link = rcu_dereference(sdata->link[link_id]);
4679
	if (!link) {
4680
		ret = -ENOLINK;
4681
		goto out;
4682
	}
4683

4684
	chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
4685
	if (chanctx_conf) {
4686
		*chandef = link->conf->chanreq.oper;
4687
		ret = 0;
4688
	} else if (local->open_count > 0 &&
4689
		   local->open_count == local->virt_monitors &&
4690
		   sdata->vif.type == NL80211_IFTYPE_MONITOR) {
4691
		*chandef = local->monitor_chanreq.oper;
4692
		ret = 0;
4693
	}
4694
out:
4695
	rcu_read_unlock();
4696

4697
	return ret;
4698
}
4699

4700
#ifdef CONFIG_PM
4701
static void ieee80211_set_wakeup(struct wiphy *wiphy, bool enabled)
4702
{
4703
	drv_set_wakeup(wiphy_priv(wiphy), enabled);
4704
}
4705
#endif
4706

4707
static int ieee80211_set_qos_map(struct wiphy *wiphy,
4708
				 struct net_device *dev,
4709
				 struct cfg80211_qos_map *qos_map)
4710
{
4711
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4712
	struct mac80211_qos_map *new_qos_map, *old_qos_map;
4713

4714
	if (qos_map) {
4715
		new_qos_map = kzalloc(sizeof(*new_qos_map), GFP_KERNEL);
4716
		if (!new_qos_map)
4717
			return -ENOMEM;
4718
		memcpy(&new_qos_map->qos_map, qos_map, sizeof(*qos_map));
4719
	} else {
4720
		/* A NULL qos_map was passed to disable QoS mapping */
4721
		new_qos_map = NULL;
4722
	}
4723

4724
	old_qos_map = sdata_dereference(sdata->qos_map, sdata);
4725
	rcu_assign_pointer(sdata->qos_map, new_qos_map);
4726
	if (old_qos_map)
4727
		kfree_rcu(old_qos_map, rcu_head);
4728

4729
	return 0;
4730
}
4731

4732
static int ieee80211_set_ap_chanwidth(struct wiphy *wiphy,
4733
				      struct net_device *dev,
4734
				      unsigned int link_id,
4735
				      struct cfg80211_chan_def *chandef)
4736
{
4737
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4738
	struct ieee80211_link_data *link;
4739
	struct ieee80211_chan_req chanreq = { .oper = *chandef };
4740
	int ret;
4741
	u64 changed = 0;
4742

4743
	link = sdata_dereference(sdata->link[link_id], sdata);
4744

4745
	ret = ieee80211_link_change_chanreq(link, &chanreq, &changed);
4746
	if (ret == 0)
4747
		ieee80211_link_info_change_notify(sdata, link, changed);
4748

4749
	return ret;
4750
}
4751

4752
static int ieee80211_add_tx_ts(struct wiphy *wiphy, struct net_device *dev,
4753
			       u8 tsid, const u8 *peer, u8 up,
4754
			       u16 admitted_time)
4755
{
4756
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4757
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4758
	int ac = ieee802_1d_to_ac[up];
4759

4760
	if (sdata->vif.type != NL80211_IFTYPE_STATION)
4761
		return -EOPNOTSUPP;
4762

4763
	if (!(sdata->wmm_acm & BIT(up)))
4764
		return -EINVAL;
4765

4766
	if (ifmgd->tx_tspec[ac].admitted_time)
4767
		return -EBUSY;
4768

4769
	if (admitted_time) {
4770
		ifmgd->tx_tspec[ac].admitted_time = 32 * admitted_time;
4771
		ifmgd->tx_tspec[ac].tsid = tsid;
4772
		ifmgd->tx_tspec[ac].up = up;
4773
	}
4774

4775
	return 0;
4776
}
4777

4778
static int ieee80211_del_tx_ts(struct wiphy *wiphy, struct net_device *dev,
4779
			       u8 tsid, const u8 *peer)
4780
{
4781
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4782
	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4783
	struct ieee80211_local *local = wiphy_priv(wiphy);
4784
	int ac;
4785

4786
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
4787
		struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
4788

4789
		/* skip unused entries */
4790
		if (!tx_tspec->admitted_time)
4791
			continue;
4792

4793
		if (tx_tspec->tsid != tsid)
4794
			continue;
4795

4796
		/* due to this new packets will be reassigned to non-ACM ACs */
4797
		tx_tspec->up = -1;
4798

4799
		/* Make sure that all packets have been sent to avoid to
4800
		 * restore the QoS params on packets that are still on the
4801
		 * queues.
4802
		 */
4803
		synchronize_net();
4804
		ieee80211_flush_queues(local, sdata, false);
4805

4806
		/* restore the normal QoS parameters
4807
		 * (unconditionally to avoid races)
4808
		 */
4809
		tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
4810
		tx_tspec->downgraded = false;
4811
		ieee80211_sta_handle_tspec_ac_params(sdata);
4812

4813
		/* finally clear all the data */
4814
		memset(tx_tspec, 0, sizeof(*tx_tspec));
4815

4816
		return 0;
4817
	}
4818

4819
	return -ENOENT;
4820
}
4821

4822
void ieee80211_nan_func_terminated(struct ieee80211_vif *vif,
4823
				   u8 inst_id,
4824
				   enum nl80211_nan_func_term_reason reason,
4825
				   gfp_t gfp)
4826
{
4827
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4828
	struct cfg80211_nan_func *func;
4829
	u64 cookie;
4830

4831
	if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
4832
		return;
4833

4834
	spin_lock_bh(&sdata->u.nan.func_lock);
4835

4836
	func = idr_find(&sdata->u.nan.function_inst_ids, inst_id);
4837
	if (WARN_ON(!func)) {
4838
		spin_unlock_bh(&sdata->u.nan.func_lock);
4839
		return;
4840
	}
4841

4842
	cookie = func->cookie;
4843
	idr_remove(&sdata->u.nan.function_inst_ids, inst_id);
4844

4845
	spin_unlock_bh(&sdata->u.nan.func_lock);
4846

4847
	cfg80211_free_nan_func(func);
4848

4849
	cfg80211_nan_func_terminated(ieee80211_vif_to_wdev(vif), inst_id,
4850
				     reason, cookie, gfp);
4851
}
4852
EXPORT_SYMBOL(ieee80211_nan_func_terminated);
4853

4854
void ieee80211_nan_func_match(struct ieee80211_vif *vif,
4855
			      struct cfg80211_nan_match_params *match,
4856
			      gfp_t gfp)
4857
{
4858
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4859
	struct cfg80211_nan_func *func;
4860

4861
	if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
4862
		return;
4863

4864
	spin_lock_bh(&sdata->u.nan.func_lock);
4865

4866
	func = idr_find(&sdata->u.nan.function_inst_ids,  match->inst_id);
4867
	if (WARN_ON(!func)) {
4868
		spin_unlock_bh(&sdata->u.nan.func_lock);
4869
		return;
4870
	}
4871
	match->cookie = func->cookie;
4872

4873
	spin_unlock_bh(&sdata->u.nan.func_lock);
4874

4875
	cfg80211_nan_match(ieee80211_vif_to_wdev(vif), match, gfp);
4876
}
4877
EXPORT_SYMBOL(ieee80211_nan_func_match);
4878

4879
static int ieee80211_set_multicast_to_unicast(struct wiphy *wiphy,
4880
					      struct net_device *dev,
4881
					      const bool enabled)
4882
{
4883
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4884

4885
	sdata->u.ap.multicast_to_unicast = enabled;
4886

4887
	return 0;
4888
}
4889

4890
void ieee80211_fill_txq_stats(struct cfg80211_txq_stats *txqstats,
4891
			      struct txq_info *txqi)
4892
{
4893
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_BYTES))) {
4894
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_BYTES);
4895
		txqstats->backlog_bytes = txqi->tin.backlog_bytes;
4896
	}
4897

4898
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS))) {
4899
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS);
4900
		txqstats->backlog_packets = txqi->tin.backlog_packets;
4901
	}
4902

4903
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_FLOWS))) {
4904
		txqstats->filled |= BIT(NL80211_TXQ_STATS_FLOWS);
4905
		txqstats->flows = txqi->tin.flows;
4906
	}
4907

4908
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_DROPS))) {
4909
		txqstats->filled |= BIT(NL80211_TXQ_STATS_DROPS);
4910
		txqstats->drops = txqi->cstats.drop_count;
4911
	}
4912

4913
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_ECN_MARKS))) {
4914
		txqstats->filled |= BIT(NL80211_TXQ_STATS_ECN_MARKS);
4915
		txqstats->ecn_marks = txqi->cstats.ecn_mark;
4916
	}
4917

4918
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_OVERLIMIT))) {
4919
		txqstats->filled |= BIT(NL80211_TXQ_STATS_OVERLIMIT);
4920
		txqstats->overlimit = txqi->tin.overlimit;
4921
	}
4922

4923
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_COLLISIONS))) {
4924
		txqstats->filled |= BIT(NL80211_TXQ_STATS_COLLISIONS);
4925
		txqstats->collisions = txqi->tin.collisions;
4926
	}
4927

4928
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_BYTES))) {
4929
		txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_BYTES);
4930
		txqstats->tx_bytes = txqi->tin.tx_bytes;
4931
	}
4932

4933
	if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_PACKETS))) {
4934
		txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_PACKETS);
4935
		txqstats->tx_packets = txqi->tin.tx_packets;
4936
	}
4937
}
4938

4939
static int ieee80211_get_txq_stats(struct wiphy *wiphy,
4940
				   struct wireless_dev *wdev,
4941
				   struct cfg80211_txq_stats *txqstats)
4942
{
4943
	struct ieee80211_local *local = wiphy_priv(wiphy);
4944
	struct ieee80211_sub_if_data *sdata;
4945
	int ret = 0;
4946

4947
	spin_lock_bh(&local->fq.lock);
4948

4949
	if (wdev) {
4950
		sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4951
		if (!sdata->vif.txq) {
4952
			ret = 1;
4953
			goto out;
4954
		}
4955
		ieee80211_fill_txq_stats(txqstats, to_txq_info(sdata->vif.txq));
4956
	} else {
4957
		/* phy stats */
4958
		txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS) |
4959
				    BIT(NL80211_TXQ_STATS_BACKLOG_BYTES) |
4960
				    BIT(NL80211_TXQ_STATS_OVERLIMIT) |
4961
				    BIT(NL80211_TXQ_STATS_OVERMEMORY) |
4962
				    BIT(NL80211_TXQ_STATS_COLLISIONS) |
4963
				    BIT(NL80211_TXQ_STATS_MAX_FLOWS);
4964
		txqstats->backlog_packets = local->fq.backlog;
4965
		txqstats->backlog_bytes = local->fq.memory_usage;
4966
		txqstats->overlimit = local->fq.overlimit;
4967
		txqstats->overmemory = local->fq.overmemory;
4968
		txqstats->collisions = local->fq.collisions;
4969
		txqstats->max_flows = local->fq.flows_cnt;
4970
	}
4971

4972
out:
4973
	spin_unlock_bh(&local->fq.lock);
4974

4975
	return ret;
4976
}
4977

4978
static int
4979
ieee80211_get_ftm_responder_stats(struct wiphy *wiphy,
4980
				  struct net_device *dev,
4981
				  struct cfg80211_ftm_responder_stats *ftm_stats)
4982
{
4983
	struct ieee80211_local *local = wiphy_priv(wiphy);
4984
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4985

4986
	return drv_get_ftm_responder_stats(local, sdata, ftm_stats);
4987
}
4988

4989
static int
4990
ieee80211_start_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
4991
		     struct cfg80211_pmsr_request *request)
4992
{
4993
	struct ieee80211_local *local = wiphy_priv(wiphy);
4994
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
4995

4996
	return drv_start_pmsr(local, sdata, request);
4997
}
4998

4999
static void
5000
ieee80211_abort_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
5001
		     struct cfg80211_pmsr_request *request)
5002
{
5003
	struct ieee80211_local *local = wiphy_priv(wiphy);
5004
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
5005

5006
	return drv_abort_pmsr(local, sdata, request);
5007
}
5008

5009
static int ieee80211_set_tid_config(struct wiphy *wiphy,
5010
				    struct net_device *dev,
5011
				    struct cfg80211_tid_config *tid_conf)
5012
{
5013
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5014
	struct sta_info *sta;
5015

5016
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5017

5018
	if (!sdata->local->ops->set_tid_config)
5019
		return -EOPNOTSUPP;
5020

5021
	if (!tid_conf->peer)
5022
		return drv_set_tid_config(sdata->local, sdata, NULL, tid_conf);
5023

5024
	sta = sta_info_get_bss(sdata, tid_conf->peer);
5025
	if (!sta)
5026
		return -ENOENT;
5027

5028
	return drv_set_tid_config(sdata->local, sdata, &sta->sta, tid_conf);
5029
}
5030

5031
static int ieee80211_reset_tid_config(struct wiphy *wiphy,
5032
				      struct net_device *dev,
5033
				      const u8 *peer, u8 tids)
5034
{
5035
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5036
	struct sta_info *sta;
5037

5038
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5039

5040
	if (!sdata->local->ops->reset_tid_config)
5041
		return -EOPNOTSUPP;
5042

5043
	if (!peer)
5044
		return drv_reset_tid_config(sdata->local, sdata, NULL, tids);
5045

5046
	sta = sta_info_get_bss(sdata, peer);
5047
	if (!sta)
5048
		return -ENOENT;
5049

5050
	return drv_reset_tid_config(sdata->local, sdata, &sta->sta, tids);
5051
}
5052

5053
static int ieee80211_set_sar_specs(struct wiphy *wiphy,
5054
				   struct cfg80211_sar_specs *sar)
5055
{
5056
	struct ieee80211_local *local = wiphy_priv(wiphy);
5057

5058
	if (!local->ops->set_sar_specs)
5059
		return -EOPNOTSUPP;
5060

5061
	return local->ops->set_sar_specs(&local->hw, sar);
5062
}
5063

5064
static int
5065
ieee80211_set_after_color_change_beacon(struct ieee80211_link_data *link,
5066
					u64 *changed)
5067
{
5068
	struct ieee80211_sub_if_data *sdata = link->sdata;
5069

5070
	switch (sdata->vif.type) {
5071
	case NL80211_IFTYPE_AP: {
5072
		int ret;
5073

5074
		if (!link->u.ap.next_beacon)
5075
			return -EINVAL;
5076

5077
		ret = ieee80211_assign_beacon(sdata, link,
5078
					      link->u.ap.next_beacon,
5079
					      NULL, NULL, changed);
5080
		ieee80211_free_next_beacon(link);
5081

5082
		if (ret < 0)
5083
			return ret;
5084

5085
		break;
5086
	}
5087
	default:
5088
		WARN_ON_ONCE(1);
5089
		return -EINVAL;
5090
	}
5091

5092
	return 0;
5093
}
5094

5095
static int
5096
ieee80211_set_color_change_beacon(struct ieee80211_link_data *link,
5097
				  struct cfg80211_color_change_settings *params,
5098
				  u64 *changed)
5099
{
5100
	struct ieee80211_sub_if_data *sdata = link->sdata;
5101
	struct ieee80211_color_change_settings color_change = {};
5102
	int err;
5103

5104
	switch (sdata->vif.type) {
5105
	case NL80211_IFTYPE_AP:
5106
		link->u.ap.next_beacon =
5107
			cfg80211_beacon_dup(&params->beacon_next);
5108
		if (!link->u.ap.next_beacon)
5109
			return -ENOMEM;
5110

5111
		if (params->count <= 1)
5112
			break;
5113

5114
		color_change.counter_offset_beacon =
5115
			params->counter_offset_beacon;
5116
		color_change.counter_offset_presp =
5117
			params->counter_offset_presp;
5118
		color_change.count = params->count;
5119

5120
		err = ieee80211_assign_beacon(sdata, link,
5121
					      &params->beacon_color_change,
5122
					      NULL, &color_change, changed);
5123
		if (err < 0) {
5124
			ieee80211_free_next_beacon(link);
5125
			return err;
5126
		}
5127
		break;
5128
	default:
5129
		return -EOPNOTSUPP;
5130
	}
5131

5132
	return 0;
5133
}
5134

5135
static void
5136
ieee80211_color_change_bss_config_notify(struct ieee80211_link_data *link,
5137
					 u8 color, int enable, u64 changed)
5138
{
5139
	struct ieee80211_sub_if_data *sdata = link->sdata;
5140

5141
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5142

5143
	link->conf->he_bss_color.color = color;
5144
	link->conf->he_bss_color.enabled = enable;
5145
	changed |= BSS_CHANGED_HE_BSS_COLOR;
5146

5147
	ieee80211_link_info_change_notify(sdata, link, changed);
5148

5149
	if (!link->conf->nontransmitted &&
5150
	    rcu_access_pointer(link->conf->tx_bss_conf)) {
5151
		struct ieee80211_link_data *tmp;
5152

5153
		for_each_sdata_link(sdata->local, tmp) {
5154
			if (tmp->sdata == sdata ||
5155
			    rcu_access_pointer(tmp->conf->tx_bss_conf) != link->conf)
5156
				continue;
5157

5158
			tmp->conf->he_bss_color.color = color;
5159
			tmp->conf->he_bss_color.enabled = enable;
5160
			ieee80211_link_info_change_notify(tmp->sdata, tmp,
5161
							  BSS_CHANGED_HE_BSS_COLOR);
5162
		}
5163
	}
5164
}
5165

5166
static int ieee80211_color_change_finalize(struct ieee80211_link_data *link)
5167
{
5168
	struct ieee80211_sub_if_data *sdata = link->sdata;
5169
	struct ieee80211_local *local = sdata->local;
5170
	u64 changed = 0;
5171
	int err;
5172

5173
	lockdep_assert_wiphy(local->hw.wiphy);
5174

5175
	link->conf->color_change_active = false;
5176

5177
	err = ieee80211_set_after_color_change_beacon(link, &changed);
5178
	if (err) {
5179
		cfg80211_color_change_aborted_notify(sdata->dev, link->link_id);
5180
		return err;
5181
	}
5182

5183
	ieee80211_color_change_bss_config_notify(link,
5184
						 link->conf->color_change_color,
5185
						 1, changed);
5186
	cfg80211_color_change_notify(sdata->dev, link->link_id);
5187

5188
	return 0;
5189
}
5190

5191
void ieee80211_color_change_finalize_work(struct wiphy *wiphy,
5192
					  struct wiphy_work *work)
5193
{
5194
	struct ieee80211_link_data *link =
5195
		container_of(work, struct ieee80211_link_data,
5196
			     color_change_finalize_work);
5197
	struct ieee80211_sub_if_data *sdata = link->sdata;
5198
	struct ieee80211_bss_conf *link_conf = link->conf;
5199
	struct ieee80211_local *local = sdata->local;
5200

5201
	lockdep_assert_wiphy(local->hw.wiphy);
5202

5203
	/* AP might have been stopped while waiting for the lock. */
5204
	if (!link_conf->color_change_active)
5205
		return;
5206

5207
	if (!ieee80211_sdata_running(sdata))
5208
		return;
5209

5210
	ieee80211_color_change_finalize(link);
5211
}
5212

5213
void ieee80211_color_collision_detection_work(struct wiphy *wiphy,
5214
					      struct wiphy_work *work)
5215
{
5216
	struct ieee80211_link_data *link =
5217
		container_of(work, struct ieee80211_link_data,
5218
			     color_collision_detect_work.work);
5219
	struct ieee80211_sub_if_data *sdata = link->sdata;
5220

5221
	cfg80211_obss_color_collision_notify(sdata->dev, link->color_bitmap,
5222
					     link->link_id);
5223
}
5224

5225
void ieee80211_color_change_finish(struct ieee80211_vif *vif, u8 link_id)
5226
{
5227
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5228
	struct ieee80211_link_data *link;
5229

5230
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5231
		return;
5232

5233
	rcu_read_lock();
5234

5235
	link = rcu_dereference(sdata->link[link_id]);
5236
	if (WARN_ON(!link)) {
5237
		rcu_read_unlock();
5238
		return;
5239
	}
5240

5241
	wiphy_work_queue(sdata->local->hw.wiphy,
5242
			 &link->color_change_finalize_work);
5243

5244
	rcu_read_unlock();
5245
}
5246
EXPORT_SYMBOL_GPL(ieee80211_color_change_finish);
5247

5248
void
5249
ieee80211_obss_color_collision_notify(struct ieee80211_vif *vif,
5250
				      u64 color_bitmap, u8 link_id)
5251
{
5252
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5253
	struct ieee80211_link_data *link;
5254

5255
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5256
		return;
5257

5258
	rcu_read_lock();
5259

5260
	link = rcu_dereference(sdata->link[link_id]);
5261
	if (WARN_ON(!link)) {
5262
		rcu_read_unlock();
5263
		return;
5264
	}
5265

5266
	if (link->conf->color_change_active || link->conf->csa_active) {
5267
		rcu_read_unlock();
5268
		return;
5269
	}
5270

5271
	if (wiphy_delayed_work_pending(sdata->local->hw.wiphy,
5272
				       &link->color_collision_detect_work)) {
5273
		rcu_read_unlock();
5274
		return;
5275
	}
5276

5277
	link->color_bitmap = color_bitmap;
5278
	/* queue the color collision detection event every 500 ms in order to
5279
	 * avoid sending too much netlink messages to userspace.
5280
	 */
5281
	wiphy_delayed_work_queue(sdata->local->hw.wiphy,
5282
				 &link->color_collision_detect_work,
5283
				 msecs_to_jiffies(500));
5284

5285
	rcu_read_unlock();
5286
}
5287
EXPORT_SYMBOL_GPL(ieee80211_obss_color_collision_notify);
5288

5289
static int
5290
ieee80211_color_change(struct wiphy *wiphy, struct net_device *dev,
5291
		       struct cfg80211_color_change_settings *params)
5292
{
5293
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5294
	struct ieee80211_local *local = sdata->local;
5295
	struct ieee80211_bss_conf *link_conf;
5296
	struct ieee80211_link_data *link;
5297
	u8 link_id = params->link_id;
5298
	u64 changed = 0;
5299
	int err;
5300

5301
	lockdep_assert_wiphy(local->hw.wiphy);
5302

5303
	if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5304
		return -EINVAL;
5305

5306
	link = wiphy_dereference(wiphy, sdata->link[link_id]);
5307
	if (!link)
5308
		return -ENOLINK;
5309

5310
	link_conf = link->conf;
5311

5312
	if (link_conf->nontransmitted)
5313
		return -EINVAL;
5314

5315
	/* don't allow another color change if one is already active or if csa
5316
	 * is active
5317
	 */
5318
	if (link_conf->color_change_active || link_conf->csa_active) {
5319
		err = -EBUSY;
5320
		goto out;
5321
	}
5322

5323
	err = ieee80211_set_unsol_bcast_probe_resp(sdata,
5324
						   &params->unsol_bcast_probe_resp,
5325
						   link, link_conf, &changed);
5326
	if (err)
5327
		goto out;
5328

5329
	err = ieee80211_set_color_change_beacon(link, params, &changed);
5330
	if (err)
5331
		goto out;
5332

5333
	link_conf->color_change_active = true;
5334
	link_conf->color_change_color = params->color;
5335

5336
	cfg80211_color_change_started_notify(sdata->dev, params->count, link_id);
5337

5338
	if (changed)
5339
		ieee80211_color_change_bss_config_notify(link, 0, 0, changed);
5340
	else
5341
		/* if the beacon didn't change, we can finalize immediately */
5342
		ieee80211_color_change_finalize(link);
5343

5344
out:
5345

5346
	return err;
5347
}
5348

5349
static int
5350
ieee80211_set_radar_background(struct wiphy *wiphy,
5351
			       struct cfg80211_chan_def *chandef)
5352
{
5353
	struct ieee80211_local *local = wiphy_priv(wiphy);
5354

5355
	if (!local->ops->set_radar_background)
5356
		return -EOPNOTSUPP;
5357

5358
	return local->ops->set_radar_background(&local->hw, chandef);
5359
}
5360

5361
static int ieee80211_add_intf_link(struct wiphy *wiphy,
5362
				   struct wireless_dev *wdev,
5363
				   unsigned int link_id)
5364
{
5365
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
5366

5367
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5368

5369
	if (wdev->use_4addr)
5370
		return -EOPNOTSUPP;
5371

5372
	return ieee80211_vif_set_links(sdata, wdev->valid_links, 0);
5373
}
5374

5375
static void ieee80211_del_intf_link(struct wiphy *wiphy,
5376
				    struct wireless_dev *wdev,
5377
				    unsigned int link_id)
5378
{
5379
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
5380
	u16 new_links = wdev->valid_links & ~BIT(link_id);
5381

5382
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5383

5384
	/* During the link teardown process, certain functions require the
5385
	 * link_id to remain in the valid_links bitmap. Therefore, instead
5386
	 * of removing the link_id from the bitmap, pass a masked value to
5387
	 * simulate as if link_id does not exist anymore.
5388
	 */
5389
	ieee80211_vif_set_links(sdata, new_links, 0);
5390
}
5391

5392
static int
5393
ieee80211_add_link_station(struct wiphy *wiphy, struct net_device *dev,
5394
			   struct link_station_parameters *params)
5395
{
5396
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5397
	struct ieee80211_local *local = wiphy_priv(wiphy);
5398
	struct sta_info *sta;
5399
	int ret;
5400

5401
	lockdep_assert_wiphy(local->hw.wiphy);
5402

5403
	sta = sta_info_get_bss(sdata, params->mld_mac);
5404
	if (!sta)
5405
		return -ENOENT;
5406

5407
	if (!sta->sta.valid_links)
5408
		return -EINVAL;
5409

5410
	if (sta->sta.valid_links & BIT(params->link_id))
5411
		return -EALREADY;
5412

5413
	ret = ieee80211_sta_allocate_link(sta, params->link_id);
5414
	if (ret)
5415
		return ret;
5416

5417
	ret = sta_link_apply_parameters(local, sta, STA_LINK_MODE_NEW, params);
5418
	if (ret) {
5419
		ieee80211_sta_free_link(sta, params->link_id);
5420
		return ret;
5421
	}
5422

5423
	if (test_sta_flag(sta, WLAN_STA_ASSOC)) {
5424
		struct link_sta_info *link_sta;
5425

5426
		link_sta = sdata_dereference(sta->link[params->link_id], sdata);
5427
		rate_control_rate_init(link_sta);
5428
	}
5429

5430
	/* ieee80211_sta_activate_link frees the link upon failure */
5431
	return ieee80211_sta_activate_link(sta, params->link_id);
5432
}
5433

5434
static int
5435
ieee80211_mod_link_station(struct wiphy *wiphy, struct net_device *dev,
5436
			   struct link_station_parameters *params)
5437
{
5438
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5439
	struct ieee80211_local *local = wiphy_priv(wiphy);
5440
	struct sta_info *sta;
5441

5442
	lockdep_assert_wiphy(local->hw.wiphy);
5443

5444
	sta = sta_info_get_bss(sdata, params->mld_mac);
5445
	if (!sta)
5446
		return -ENOENT;
5447

5448
	if (!(sta->sta.valid_links & BIT(params->link_id)))
5449
		return -EINVAL;
5450

5451
	return sta_link_apply_parameters(local, sta, STA_LINK_MODE_LINK_MODIFY,
5452
					 params);
5453
}
5454

5455
static int
5456
ieee80211_del_link_station(struct wiphy *wiphy, struct net_device *dev,
5457
			   struct link_station_del_parameters *params)
5458
{
5459
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5460
	struct sta_info *sta;
5461

5462
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5463

5464
	sta = sta_info_get_bss(sdata, params->mld_mac);
5465
	if (!sta)
5466
		return -ENOENT;
5467

5468
	if (!(sta->sta.valid_links & BIT(params->link_id)))
5469
		return -EINVAL;
5470

5471
	/* must not create a STA without links */
5472
	if (sta->sta.valid_links == BIT(params->link_id))
5473
		return -EINVAL;
5474

5475
	ieee80211_sta_remove_link(sta, params->link_id);
5476

5477
	return 0;
5478
}
5479

5480
static int ieee80211_set_hw_timestamp(struct wiphy *wiphy,
5481
				      struct net_device *dev,
5482
				      struct cfg80211_set_hw_timestamp *hwts)
5483
{
5484
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5485
	struct ieee80211_local *local = sdata->local;
5486

5487
	if (!local->ops->set_hw_timestamp)
5488
		return -EOPNOTSUPP;
5489

5490
	if (!check_sdata_in_driver(sdata))
5491
		return -EIO;
5492

5493
	return local->ops->set_hw_timestamp(&local->hw, &sdata->vif, hwts);
5494
}
5495

5496
static int
5497
ieee80211_set_ttlm(struct wiphy *wiphy, struct net_device *dev,
5498
		   struct cfg80211_ttlm_params *params)
5499
{
5500
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5501

5502
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5503

5504
	return ieee80211_req_neg_ttlm(sdata, params);
5505
}
5506

5507
static int
5508
ieee80211_assoc_ml_reconf(struct wiphy *wiphy, struct net_device *dev,
5509
			  struct cfg80211_ml_reconf_req *req)
5510
{
5511
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5512

5513
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
5514

5515
	return ieee80211_mgd_assoc_ml_reconf(sdata, req);
5516
}
5517

5518
static int
5519
ieee80211_set_epcs(struct wiphy *wiphy, struct net_device *dev, bool enable)
5520
{
5521
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5522

5523
	return ieee80211_mgd_set_epcs(sdata, enable);
5524
}
5525

5526
const struct cfg80211_ops mac80211_config_ops = {
5527
	.add_virtual_intf = ieee80211_add_iface,
5528
	.del_virtual_intf = ieee80211_del_iface,
5529
	.change_virtual_intf = ieee80211_change_iface,
5530
	.start_p2p_device = ieee80211_start_p2p_device,
5531
	.stop_p2p_device = ieee80211_stop_p2p_device,
5532
	.add_key = ieee80211_add_key,
5533
	.del_key = ieee80211_del_key,
5534
	.get_key = ieee80211_get_key,
5535
	.set_default_key = ieee80211_config_default_key,
5536
	.set_default_mgmt_key = ieee80211_config_default_mgmt_key,
5537
	.set_default_beacon_key = ieee80211_config_default_beacon_key,
5538
	.start_ap = ieee80211_start_ap,
5539
	.change_beacon = ieee80211_change_beacon,
5540
	.stop_ap = ieee80211_stop_ap,
5541
	.add_station = ieee80211_add_station,
5542
	.del_station = ieee80211_del_station,
5543
	.change_station = ieee80211_change_station,
5544
	.get_station = ieee80211_get_station,
5545
	.dump_station = ieee80211_dump_station,
5546
	.dump_survey = ieee80211_dump_survey,
5547
#ifdef CONFIG_MAC80211_MESH
5548
	.add_mpath = ieee80211_add_mpath,
5549
	.del_mpath = ieee80211_del_mpath,
5550
	.change_mpath = ieee80211_change_mpath,
5551
	.get_mpath = ieee80211_get_mpath,
5552
	.dump_mpath = ieee80211_dump_mpath,
5553
	.get_mpp = ieee80211_get_mpp,
5554
	.dump_mpp = ieee80211_dump_mpp,
5555
	.update_mesh_config = ieee80211_update_mesh_config,
5556
	.get_mesh_config = ieee80211_get_mesh_config,
5557
	.join_mesh = ieee80211_join_mesh,
5558
	.leave_mesh = ieee80211_leave_mesh,
5559
#endif
5560
	.join_ocb = ieee80211_join_ocb,
5561
	.leave_ocb = ieee80211_leave_ocb,
5562
	.change_bss = ieee80211_change_bss,
5563
	.inform_bss = ieee80211_inform_bss,
5564
	.set_txq_params = ieee80211_set_txq_params,
5565
	.set_monitor_channel = ieee80211_set_monitor_channel,
5566
	.suspend = ieee80211_suspend,
5567
	.resume = ieee80211_resume,
5568
	.scan = ieee80211_scan,
5569
	.abort_scan = ieee80211_abort_scan,
5570
	.sched_scan_start = ieee80211_sched_scan_start,
5571
	.sched_scan_stop = ieee80211_sched_scan_stop,
5572
	.auth = ieee80211_auth,
5573
	.assoc = ieee80211_assoc,
5574
	.deauth = ieee80211_deauth,
5575
	.disassoc = ieee80211_disassoc,
5576
	.join_ibss = ieee80211_join_ibss,
5577
	.leave_ibss = ieee80211_leave_ibss,
5578
	.set_mcast_rate = ieee80211_set_mcast_rate,
5579
	.set_wiphy_params = ieee80211_set_wiphy_params,
5580
	.set_tx_power = ieee80211_set_tx_power,
5581
	.get_tx_power = ieee80211_get_tx_power,
5582
	.rfkill_poll = ieee80211_rfkill_poll,
5583
	CFG80211_TESTMODE_CMD(ieee80211_testmode_cmd)
5584
	CFG80211_TESTMODE_DUMP(ieee80211_testmode_dump)
5585
	.set_power_mgmt = ieee80211_set_power_mgmt,
5586
	.set_bitrate_mask = ieee80211_set_bitrate_mask,
5587
	.remain_on_channel = ieee80211_remain_on_channel,
5588
	.cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
5589
	.mgmt_tx = ieee80211_mgmt_tx,
5590
	.mgmt_tx_cancel_wait = ieee80211_mgmt_tx_cancel_wait,
5591
	.set_cqm_rssi_config = ieee80211_set_cqm_rssi_config,
5592
	.set_cqm_rssi_range_config = ieee80211_set_cqm_rssi_range_config,
5593
	.update_mgmt_frame_registrations =
5594
		ieee80211_update_mgmt_frame_registrations,
5595
	.set_antenna = ieee80211_set_antenna,
5596
	.get_antenna = ieee80211_get_antenna,
5597
	.set_rekey_data = ieee80211_set_rekey_data,
5598
	.tdls_oper = ieee80211_tdls_oper,
5599
	.tdls_mgmt = ieee80211_tdls_mgmt,
5600
	.tdls_channel_switch = ieee80211_tdls_channel_switch,
5601
	.tdls_cancel_channel_switch = ieee80211_tdls_cancel_channel_switch,
5602
	.probe_client = ieee80211_probe_client,
5603
	.set_noack_map = ieee80211_set_noack_map,
5604
#ifdef CONFIG_PM
5605
	.set_wakeup = ieee80211_set_wakeup,
5606
#endif
5607
	.get_channel = ieee80211_cfg_get_channel,
5608
	.start_radar_detection = ieee80211_start_radar_detection,
5609
	.end_cac = ieee80211_end_cac,
5610
	.channel_switch = ieee80211_channel_switch,
5611
	.set_qos_map = ieee80211_set_qos_map,
5612
	.set_ap_chanwidth = ieee80211_set_ap_chanwidth,
5613
	.add_tx_ts = ieee80211_add_tx_ts,
5614
	.del_tx_ts = ieee80211_del_tx_ts,
5615
	.start_nan = ieee80211_start_nan,
5616
	.stop_nan = ieee80211_stop_nan,
5617
	.nan_change_conf = ieee80211_nan_change_conf,
5618
	.add_nan_func = ieee80211_add_nan_func,
5619
	.del_nan_func = ieee80211_del_nan_func,
5620
	.set_multicast_to_unicast = ieee80211_set_multicast_to_unicast,
5621
	.tx_control_port = ieee80211_tx_control_port,
5622
	.get_txq_stats = ieee80211_get_txq_stats,
5623
	.get_ftm_responder_stats = ieee80211_get_ftm_responder_stats,
5624
	.start_pmsr = ieee80211_start_pmsr,
5625
	.abort_pmsr = ieee80211_abort_pmsr,
5626
	.probe_mesh_link = ieee80211_probe_mesh_link,
5627
	.set_tid_config = ieee80211_set_tid_config,
5628
	.reset_tid_config = ieee80211_reset_tid_config,
5629
	.set_sar_specs = ieee80211_set_sar_specs,
5630
	.color_change = ieee80211_color_change,
5631
	.set_radar_background = ieee80211_set_radar_background,
5632
	.add_intf_link = ieee80211_add_intf_link,
5633
	.del_intf_link = ieee80211_del_intf_link,
5634
	.add_link_station = ieee80211_add_link_station,
5635
	.mod_link_station = ieee80211_mod_link_station,
5636
	.del_link_station = ieee80211_del_link_station,
5637
	.set_hw_timestamp = ieee80211_set_hw_timestamp,
5638
	.set_ttlm = ieee80211_set_ttlm,
5639
	.get_radio_mask = ieee80211_get_radio_mask,
5640
	.assoc_ml_reconf = ieee80211_assoc_ml_reconf,
5641
	.set_epcs = ieee80211_set_epcs,
5642
};
5643

5644