1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Interface handling
4
 *
5
 * Copyright 2002-2005, Instant802 Networks, Inc.
6
 * Copyright 2005-2006, Devicescape Software, Inc.
7
 * Copyright (c) 2006 Jiri Benc <[email protected]>
8
 * Copyright 2008, Johannes Berg <[email protected]>
9
 * Copyright 2013-2014  Intel Mobile Communications GmbH
10
 * Copyright (c) 2016        Intel Deutschland GmbH
11
 * Copyright (C) 2018-2025 Intel Corporation
12
 */
13
#include <linux/slab.h>
14
#include <linux/kernel.h>
15
#include <linux/if_arp.h>
16
#include <linux/netdevice.h>
17
#include <linux/rtnetlink.h>
18
#include <linux/kcov.h>
19
#include <net/mac80211.h>
20
#include <net/ieee80211_radiotap.h>
21
#include "ieee80211_i.h"
22
#include "sta_info.h"
23
#include "debugfs_netdev.h"
24
#include "mesh.h"
25
#include "led.h"
26
#include "driver-ops.h"
27
#include "wme.h"
28
#include "rate.h"
29

30
/**
31
 * DOC: Interface list locking
32
 *
33
 * The interface list in each struct ieee80211_local is protected
34
 * three-fold:
35
 *
36
 * (1) modifications may only be done under the RTNL *and* wiphy mutex
37
 *     *and* iflist_mtx
38
 * (2) modifications are done in an RCU manner so atomic readers
39
 *     can traverse the list in RCU-safe blocks.
40
 *
41
 * As a consequence, reads (traversals) of the list can be protected
42
 * by either the RTNL, the wiphy mutex, the iflist_mtx or RCU.
43
 */
44

45
static void ieee80211_iface_work(struct wiphy *wiphy, struct wiphy_work *work);
46

47
bool __ieee80211_recalc_txpower(struct ieee80211_link_data *link)
48
{
49
	struct ieee80211_chanctx_conf *chanctx_conf;
50
	int power;
51

52
	rcu_read_lock();
53
	chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
54
	if (!chanctx_conf) {
55
		rcu_read_unlock();
56
		return false;
57
	}
58

59
	power = ieee80211_chandef_max_power(&chanctx_conf->def);
60
	rcu_read_unlock();
61

62
	if (link->user_power_level != IEEE80211_UNSET_POWER_LEVEL)
63
		power = min(power, link->user_power_level);
64

65
	if (link->ap_power_level != IEEE80211_UNSET_POWER_LEVEL)
66
		power = min(power, link->ap_power_level);
67

68
	if (power != link->conf->txpower) {
69
		link->conf->txpower = power;
70
		return true;
71
	}
72

73
	return false;
74
}
75

76
void ieee80211_recalc_txpower(struct ieee80211_link_data *link,
77
			      bool update_bss)
78
{
79
	if (__ieee80211_recalc_txpower(link) ||
80
	    (update_bss && ieee80211_sdata_running(link->sdata)))
81
		ieee80211_link_info_change_notify(link->sdata, link,
82
						  BSS_CHANGED_TXPOWER);
83
}
84

85
static u32 __ieee80211_idle_off(struct ieee80211_local *local)
86
{
87
	if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
88
		return 0;
89

90
	local->hw.conf.flags &= ~IEEE80211_CONF_IDLE;
91
	return IEEE80211_CONF_CHANGE_IDLE;
92
}
93

94
static u32 __ieee80211_idle_on(struct ieee80211_local *local)
95
{
96
	if (local->hw.conf.flags & IEEE80211_CONF_IDLE)
97
		return 0;
98

99
	ieee80211_flush_queues(local, NULL, false);
100

101
	local->hw.conf.flags |= IEEE80211_CONF_IDLE;
102
	return IEEE80211_CONF_CHANGE_IDLE;
103
}
104

105
static u32 __ieee80211_recalc_idle(struct ieee80211_local *local,
106
				   bool force_active)
107
{
108
	bool working, scanning, active;
109
	unsigned int led_trig_start = 0, led_trig_stop = 0;
110

111
	lockdep_assert_wiphy(local->hw.wiphy);
112

113
	active = force_active ||
114
		 !list_empty(&local->chanctx_list) ||
115
		 local->monitors;
116

117
	working = !local->ops->remain_on_channel &&
118
		  !list_empty(&local->roc_list);
119

120
	scanning = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
121
		   test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
122

123
	if (working || scanning)
124
		led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_WORK;
125
	else
126
		led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_WORK;
127

128
	if (active)
129
		led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
130
	else
131
		led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
132

133
	ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
134

135
	if (working || scanning || active)
136
		return __ieee80211_idle_off(local);
137
	return __ieee80211_idle_on(local);
138
}
139

140
u32 ieee80211_idle_off(struct ieee80211_local *local)
141
{
142
	return __ieee80211_recalc_idle(local, true);
143
}
144

145
void ieee80211_recalc_idle(struct ieee80211_local *local)
146
{
147
	u32 change = __ieee80211_recalc_idle(local, false);
148
	if (change)
149
		ieee80211_hw_config(local, -1, change);
150
}
151

152
static int ieee80211_verify_mac(struct ieee80211_sub_if_data *sdata, u8 *addr,
153
				bool check_dup)
154
{
155
	struct ieee80211_local *local = sdata->local;
156
	struct ieee80211_sub_if_data *iter;
157
	u64 new, mask, tmp;
158
	u8 *m;
159
	int ret = 0;
160

161
	lockdep_assert_wiphy(local->hw.wiphy);
162

163
	if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
164
		return 0;
165

166
	m = addr;
167
	new =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
168
		((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
169
		((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
170

171
	m = local->hw.wiphy->addr_mask;
172
	mask =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
173
		((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
174
		((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
175

176
	if (!check_dup)
177
		return ret;
178

179
	list_for_each_entry(iter, &local->interfaces, list) {
180
		if (iter == sdata)
181
			continue;
182

183
		if (iter->vif.type == NL80211_IFTYPE_MONITOR &&
184
		    !(iter->u.mntr.flags & MONITOR_FLAG_ACTIVE))
185
			continue;
186

187
		m = iter->vif.addr;
188
		tmp =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
189
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
190
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
191

192
		if ((new & ~mask) != (tmp & ~mask)) {
193
			ret = -EINVAL;
194
			break;
195
		}
196
	}
197

198
	return ret;
199
}
200

201
static int ieee80211_can_powered_addr_change(struct ieee80211_sub_if_data *sdata)
202
{
203
	struct ieee80211_roc_work *roc;
204
	struct ieee80211_local *local = sdata->local;
205
	struct ieee80211_sub_if_data *scan_sdata;
206
	int ret = 0;
207

208
	lockdep_assert_wiphy(local->hw.wiphy);
209

210
	/* To be the most flexible here we want to only limit changing the
211
	 * address if the specific interface is doing offchannel work or
212
	 * scanning.
213
	 */
214
	if (netif_carrier_ok(sdata->dev))
215
		return -EBUSY;
216

217
	/* First check no ROC work is happening on this iface */
218
	list_for_each_entry(roc, &local->roc_list, list) {
219
		if (roc->sdata != sdata)
220
			continue;
221

222
		if (roc->started) {
223
			ret = -EBUSY;
224
			goto unlock;
225
		}
226
	}
227

228
	/* And if this iface is scanning */
229
	if (local->scanning) {
230
		scan_sdata = rcu_dereference_protected(local->scan_sdata,
231
						       lockdep_is_held(&local->hw.wiphy->mtx));
232
		if (sdata == scan_sdata)
233
			ret = -EBUSY;
234
	}
235

236
	switch (sdata->vif.type) {
237
	case NL80211_IFTYPE_STATION:
238
	case NL80211_IFTYPE_P2P_CLIENT:
239
		/* More interface types could be added here but changing the
240
		 * address while powered makes the most sense in client modes.
241
		 */
242
		break;
243
	default:
244
		ret = -EOPNOTSUPP;
245
	}
246

247
unlock:
248
	return ret;
249
}
250

251
static int _ieee80211_change_mac(struct ieee80211_sub_if_data *sdata,
252
				 void *addr)
253
{
254
	struct ieee80211_local *local = sdata->local;
255
	struct sockaddr *sa = addr;
256
	bool check_dup = true;
257
	bool live = false;
258
	int ret;
259

260
	if (ieee80211_sdata_running(sdata)) {
261
		ret = ieee80211_can_powered_addr_change(sdata);
262
		if (ret)
263
			return ret;
264

265
		live = true;
266
	}
267

268
	if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
269
	    !(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))
270
		check_dup = false;
271

272
	ret = ieee80211_verify_mac(sdata, sa->sa_data, check_dup);
273
	if (ret)
274
		return ret;
275

276
	if (live)
277
		drv_remove_interface(local, sdata);
278
	ret = eth_mac_addr(sdata->dev, sa);
279

280
	if (ret == 0) {
281
		memcpy(sdata->vif.addr, sa->sa_data, ETH_ALEN);
282
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
283
	}
284

285
	/* Regardless of eth_mac_addr() return we still want to add the
286
	 * interface back. This should not fail...
287
	 */
288
	if (live)
289
		WARN_ON(drv_add_interface(local, sdata));
290

291
	return ret;
292
}
293

294
static int ieee80211_change_mac(struct net_device *dev, void *addr)
295
{
296
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
297
	struct ieee80211_local *local = sdata->local;
298

299
	/*
300
	 * This happens during unregistration if there's a bond device
301
	 * active (maybe other cases?) and we must get removed from it.
302
	 * But we really don't care anymore if it's not registered now.
303
	 */
304
	if (!dev->ieee80211_ptr->registered)
305
		return 0;
306

307
	guard(wiphy)(local->hw.wiphy);
308

309
	return _ieee80211_change_mac(sdata, addr);
310
}
311

312
static inline int identical_mac_addr_allowed(int type1, int type2)
313
{
314
	return type1 == NL80211_IFTYPE_MONITOR ||
315
		type2 == NL80211_IFTYPE_MONITOR ||
316
		type1 == NL80211_IFTYPE_P2P_DEVICE ||
317
		type2 == NL80211_IFTYPE_P2P_DEVICE ||
318
		(type1 == NL80211_IFTYPE_AP && type2 == NL80211_IFTYPE_AP_VLAN) ||
319
		(type1 == NL80211_IFTYPE_AP_VLAN &&
320
			(type2 == NL80211_IFTYPE_AP ||
321
			 type2 == NL80211_IFTYPE_AP_VLAN));
322
}
323

324
static int ieee80211_check_concurrent_iface(struct ieee80211_sub_if_data *sdata,
325
					    enum nl80211_iftype iftype)
326
{
327
	struct ieee80211_local *local = sdata->local;
328
	struct ieee80211_sub_if_data *nsdata;
329

330
	ASSERT_RTNL();
331
	lockdep_assert_wiphy(local->hw.wiphy);
332

333
	/* we hold the RTNL here so can safely walk the list */
334
	list_for_each_entry(nsdata, &local->interfaces, list) {
335
		if (nsdata != sdata && ieee80211_sdata_running(nsdata)) {
336
			/*
337
			 * Only OCB and monitor mode may coexist
338
			 */
339
			if ((sdata->vif.type == NL80211_IFTYPE_OCB &&
340
			     nsdata->vif.type != NL80211_IFTYPE_MONITOR) ||
341
			    (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
342
			     nsdata->vif.type == NL80211_IFTYPE_OCB))
343
				return -EBUSY;
344

345
			/*
346
			 * Allow only a single IBSS interface to be up at any
347
			 * time. This is restricted because beacon distribution
348
			 * cannot work properly if both are in the same IBSS.
349
			 *
350
			 * To remove this restriction we'd have to disallow them
351
			 * from setting the same SSID on different IBSS interfaces
352
			 * belonging to the same hardware. Then, however, we're
353
			 * faced with having to adopt two different TSF timers...
354
			 */
355
			if (iftype == NL80211_IFTYPE_ADHOC &&
356
			    nsdata->vif.type == NL80211_IFTYPE_ADHOC)
357
				return -EBUSY;
358
			/*
359
			 * will not add another interface while any channel
360
			 * switch is active.
361
			 */
362
			if (nsdata->vif.bss_conf.csa_active)
363
				return -EBUSY;
364

365
			/*
366
			 * The remaining checks are only performed for interfaces
367
			 * with the same MAC address.
368
			 */
369
			if (!ether_addr_equal(sdata->vif.addr,
370
					      nsdata->vif.addr))
371
				continue;
372

373
			/*
374
			 * check whether it may have the same address
375
			 */
376
			if (!identical_mac_addr_allowed(iftype,
377
							nsdata->vif.type))
378
				return -ENOTUNIQ;
379

380
			/* No support for VLAN with MLO yet */
381
			if (iftype == NL80211_IFTYPE_AP_VLAN &&
382
			    sdata->wdev.use_4addr &&
383
			    nsdata->vif.type == NL80211_IFTYPE_AP &&
384
			    nsdata->vif.valid_links)
385
				return -EOPNOTSUPP;
386

387
			/*
388
			 * can only add VLANs to enabled APs
389
			 */
390
			if (iftype == NL80211_IFTYPE_AP_VLAN &&
391
			    nsdata->vif.type == NL80211_IFTYPE_AP)
392
				sdata->bss = &nsdata->u.ap;
393
		}
394
	}
395

396
	return ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
397
}
398

399
static int ieee80211_check_queues(struct ieee80211_sub_if_data *sdata,
400
				  enum nl80211_iftype iftype)
401
{
402
	int n_queues = sdata->local->hw.queues;
403
	int i;
404

405
	if (iftype == NL80211_IFTYPE_NAN)
406
		return 0;
407

408
	if (iftype != NL80211_IFTYPE_P2P_DEVICE) {
409
		for (i = 0; i < IEEE80211_NUM_ACS; i++) {
410
			if (WARN_ON_ONCE(sdata->vif.hw_queue[i] ==
411
					 IEEE80211_INVAL_HW_QUEUE))
412
				return -EINVAL;
413
			if (WARN_ON_ONCE(sdata->vif.hw_queue[i] >=
414
					 n_queues))
415
				return -EINVAL;
416
		}
417
	}
418

419
	if ((iftype != NL80211_IFTYPE_AP &&
420
	     iftype != NL80211_IFTYPE_P2P_GO &&
421
	     iftype != NL80211_IFTYPE_MESH_POINT) ||
422
	    !ieee80211_hw_check(&sdata->local->hw, QUEUE_CONTROL)) {
423
		sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
424
		return 0;
425
	}
426

427
	if (WARN_ON_ONCE(sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE))
428
		return -EINVAL;
429

430
	if (WARN_ON_ONCE(sdata->vif.cab_queue >= n_queues))
431
		return -EINVAL;
432

433
	return 0;
434
}
435

436
static int ieee80211_open(struct net_device *dev)
437
{
438
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
439
	int err;
440

441
	/* fail early if user set an invalid address */
442
	if (!is_valid_ether_addr(dev->dev_addr))
443
		return -EADDRNOTAVAIL;
444

445
	guard(wiphy)(sdata->local->hw.wiphy);
446

447
	err = ieee80211_check_concurrent_iface(sdata, sdata->vif.type);
448
	if (err)
449
		return err;
450

451
	return ieee80211_do_open(&sdata->wdev, true);
452
}
453

454
static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, bool going_down)
455
{
456
	struct ieee80211_local *local = sdata->local;
457
	unsigned long flags;
458
	struct sk_buff_head freeq;
459
	struct sk_buff *skb, *tmp;
460
	u32 hw_reconf_flags = 0;
461
	int i, flushed;
462
	struct ps_data *ps;
463
	struct cfg80211_chan_def chandef;
464
	bool cancel_scan;
465
	struct cfg80211_nan_func *func;
466

467
	lockdep_assert_wiphy(local->hw.wiphy);
468

469
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
470
	synchronize_rcu(); /* flush _ieee80211_wake_txqs() */
471

472
	cancel_scan = rcu_access_pointer(local->scan_sdata) == sdata;
473
	if (cancel_scan)
474
		ieee80211_scan_cancel(local);
475

476
	ieee80211_roc_purge(local, sdata);
477

478
	switch (sdata->vif.type) {
479
	case NL80211_IFTYPE_STATION:
480
		ieee80211_mgd_stop(sdata);
481
		break;
482
	case NL80211_IFTYPE_ADHOC:
483
		ieee80211_ibss_stop(sdata);
484
		break;
485
	case NL80211_IFTYPE_MONITOR:
486
		list_del_rcu(&sdata->u.mntr.list);
487
		break;
488
	case NL80211_IFTYPE_AP_VLAN:
489
		ieee80211_apvlan_link_clear(sdata);
490
		break;
491
	default:
492
		break;
493
	}
494

495
	/*
496
	 * Remove all stations associated with this interface.
497
	 *
498
	 * This must be done before calling ops->remove_interface()
499
	 * because otherwise we can later invoke ops->sta_notify()
500
	 * whenever the STAs are removed, and that invalidates driver
501
	 * assumptions about always getting a vif pointer that is valid
502
	 * (because if we remove a STA after ops->remove_interface()
503
	 * the driver will have removed the vif info already!)
504
	 *
505
	 * For AP_VLANs stations may exist since there's nothing else that
506
	 * would have removed them, but in other modes there shouldn't
507
	 * be any stations.
508
	 */
509
	flushed = sta_info_flush(sdata, -1);
510
	WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_AP_VLAN && flushed > 0);
511

512
	/* don't count this interface for allmulti while it is down */
513
	if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
514
		atomic_dec(&local->iff_allmultis);
515

516
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
517
		local->fif_pspoll--;
518
		local->fif_probe_req--;
519
	} else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
520
		local->fif_probe_req--;
521
	}
522

523
	if (sdata->dev) {
524
		netif_addr_lock_bh(sdata->dev);
525
		spin_lock_bh(&local->filter_lock);
526
		__hw_addr_unsync(&local->mc_list, &sdata->dev->mc,
527
				 sdata->dev->addr_len);
528
		spin_unlock_bh(&local->filter_lock);
529
		netif_addr_unlock_bh(sdata->dev);
530
	}
531

532
	timer_delete_sync(&local->dynamic_ps_timer);
533
	wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
534

535
	WARN(ieee80211_vif_is_mld(&sdata->vif),
536
	     "destroying interface with valid links 0x%04x\n",
537
	     sdata->vif.valid_links);
538

539
	sdata->vif.bss_conf.csa_active = false;
540
	if (sdata->vif.type == NL80211_IFTYPE_STATION)
541
		sdata->deflink.u.mgd.csa.waiting_bcn = false;
542
	ieee80211_vif_unblock_queues_csa(sdata);
543

544
	wiphy_work_cancel(local->hw.wiphy, &sdata->deflink.csa.finalize_work);
545
	wiphy_work_cancel(local->hw.wiphy,
546
			  &sdata->deflink.color_change_finalize_work);
547
	wiphy_delayed_work_cancel(local->hw.wiphy,
548
				  &sdata->deflink.dfs_cac_timer_work);
549

550
	if (sdata->wdev.links[0].cac_started) {
551
		chandef = sdata->vif.bss_conf.chanreq.oper;
552
		WARN_ON(local->suspended);
553
		ieee80211_link_release_channel(&sdata->deflink);
554
		cfg80211_cac_event(sdata->dev, &chandef,
555
				   NL80211_RADAR_CAC_ABORTED,
556
				   GFP_KERNEL, 0);
557
	}
558

559
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
560
		WARN_ON(!list_empty(&sdata->u.ap.vlans));
561
	} else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
562
		/* remove all packets in parent bc_buf pointing to this dev */
563
		ps = &sdata->bss->ps;
564

565
		spin_lock_irqsave(&ps->bc_buf.lock, flags);
566
		skb_queue_walk_safe(&ps->bc_buf, skb, tmp) {
567
			if (skb->dev == sdata->dev) {
568
				__skb_unlink(skb, &ps->bc_buf);
569
				local->total_ps_buffered--;
570
				ieee80211_free_txskb(&local->hw, skb);
571
			}
572
		}
573
		spin_unlock_irqrestore(&ps->bc_buf.lock, flags);
574
	}
575

576
	if (going_down)
577
		local->open_count--;
578

579
	switch (sdata->vif.type) {
580
	case NL80211_IFTYPE_AP_VLAN:
581
		list_del(&sdata->u.vlan.list);
582
		RCU_INIT_POINTER(sdata->vif.bss_conf.chanctx_conf, NULL);
583
		/* see comment in the default case below */
584
		ieee80211_free_keys(sdata, true);
585
		/* no need to tell driver */
586
		break;
587
	case NL80211_IFTYPE_MONITOR:
588
		local->monitors--;
589

590
		if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) &&
591
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
592

593
			local->virt_monitors--;
594
			if (local->virt_monitors == 0) {
595
				local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
596
				hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
597
			}
598

599
			ieee80211_adjust_monitor_flags(sdata, -1);
600
		}
601
		break;
602
	case NL80211_IFTYPE_NAN:
603
		/* clean all the functions */
604
		spin_lock_bh(&sdata->u.nan.func_lock);
605

606
		idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, i) {
607
			idr_remove(&sdata->u.nan.function_inst_ids, i);
608
			cfg80211_free_nan_func(func);
609
		}
610
		idr_destroy(&sdata->u.nan.function_inst_ids);
611

612
		spin_unlock_bh(&sdata->u.nan.func_lock);
613
		break;
614
	case NL80211_IFTYPE_P2P_DEVICE:
615
		/* relies on synchronize_rcu() below */
616
		RCU_INIT_POINTER(local->p2p_sdata, NULL);
617
		fallthrough;
618
	default:
619
		wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->work);
620
		/*
621
		 * When we get here, the interface is marked down.
622
		 * Free the remaining keys, if there are any
623
		 * (which can happen in AP mode if userspace sets
624
		 * keys before the interface is operating)
625
		 *
626
		 * Force the key freeing to always synchronize_net()
627
		 * to wait for the RX path in case it is using this
628
		 * interface enqueuing frames at this very time on
629
		 * another CPU.
630
		 */
631
		ieee80211_free_keys(sdata, true);
632
		skb_queue_purge(&sdata->skb_queue);
633
		skb_queue_purge(&sdata->status_queue);
634
	}
635

636
	/*
637
	 * Since ieee80211_free_txskb() may issue __dev_queue_xmit()
638
	 * which should be called with interrupts enabled, reclamation
639
	 * is done in two phases:
640
	 */
641
	__skb_queue_head_init(&freeq);
642

643
	/* unlink from local queues... */
644
	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
645
	for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
646
		skb_queue_walk_safe(&local->pending[i], skb, tmp) {
647
			struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
648
			if (info->control.vif == &sdata->vif) {
649
				__skb_unlink(skb, &local->pending[i]);
650
				__skb_queue_tail(&freeq, skb);
651
			}
652
		}
653
	}
654
	spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
655

656
	/* ... and perform actual reclamation with interrupts enabled. */
657
	skb_queue_walk_safe(&freeq, skb, tmp) {
658
		__skb_unlink(skb, &freeq);
659
		ieee80211_free_txskb(&local->hw, skb);
660
	}
661

662
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
663
		ieee80211_txq_remove_vlan(local, sdata);
664

665
	if (sdata->vif.txq)
666
		ieee80211_txq_purge(sdata->local, to_txq_info(sdata->vif.txq));
667

668
	sdata->bss = NULL;
669

670
	if (local->open_count == 0)
671
		ieee80211_clear_tx_pending(local);
672

673
	sdata->vif.bss_conf.beacon_int = 0;
674

675
	/*
676
	 * If the interface goes down while suspended, presumably because
677
	 * the device was unplugged and that happens before our resume,
678
	 * then the driver is already unconfigured and the remainder of
679
	 * this function isn't needed.
680
	 * XXX: what about WoWLAN? If the device has software state, e.g.
681
	 *	memory allocated, it might expect teardown commands from
682
	 *	mac80211 here?
683
	 */
684
	if (local->suspended) {
685
		WARN_ON(local->wowlan);
686
		WARN_ON(rcu_access_pointer(local->monitor_sdata));
687
		return;
688
	}
689

690
	switch (sdata->vif.type) {
691
	case NL80211_IFTYPE_AP_VLAN:
692
		break;
693
	case NL80211_IFTYPE_MONITOR:
694
		if (local->virt_monitors == 0)
695
			ieee80211_del_virtual_monitor(local);
696

697
		ieee80211_recalc_idle(local);
698
		ieee80211_recalc_offload(local);
699

700
		if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) &&
701
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
702
			break;
703

704
		ieee80211_link_release_channel(&sdata->deflink);
705
		fallthrough;
706
	default:
707
		if (!going_down)
708
			break;
709
		drv_remove_interface(local, sdata);
710

711
		/* Clear private driver data to prevent reuse */
712
		memset(sdata->vif.drv_priv, 0, local->hw.vif_data_size);
713
	}
714

715
	ieee80211_recalc_ps(local);
716

717
	if (cancel_scan)
718
		wiphy_delayed_work_flush(local->hw.wiphy, &local->scan_work);
719

720
	if (local->open_count == 0) {
721
		ieee80211_stop_device(local, false);
722

723
		/* no reconfiguring after stop! */
724
		return;
725
	}
726

727
	/* do after stop to avoid reconfiguring when we stop anyway */
728
	ieee80211_configure_filter(local);
729
	ieee80211_hw_config(local, -1, hw_reconf_flags);
730

731
	if (local->virt_monitors == local->open_count)
732
		ieee80211_add_virtual_monitor(local);
733
}
734

735
void ieee80211_stop_mbssid(struct ieee80211_sub_if_data *sdata)
736
{
737
	struct ieee80211_sub_if_data *tx_sdata;
738
	struct ieee80211_bss_conf *link_conf, *tx_bss_conf;
739
	struct ieee80211_link_data *tx_link, *link;
740
	unsigned int link_id;
741

742
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
743

744
	/* Check if any of the links of current sdata is an MBSSID. */
745
	for_each_vif_active_link(&sdata->vif, link_conf, link_id) {
746
		tx_bss_conf = sdata_dereference(link_conf->tx_bss_conf, sdata);
747
		if (!tx_bss_conf)
748
			continue;
749

750
		tx_sdata = vif_to_sdata(tx_bss_conf->vif);
751
		RCU_INIT_POINTER(link_conf->tx_bss_conf, NULL);
752

753
		/* If we are not tx sdata reset tx sdata's tx_bss_conf to avoid recusrion
754
		 * while closing tx sdata at the end of outer loop below.
755
		 */
756
		if (sdata != tx_sdata) {
757
			tx_link = sdata_dereference(tx_sdata->link[tx_bss_conf->link_id],
758
						    tx_sdata);
759
			if (!tx_link)
760
				continue;
761

762
			RCU_INIT_POINTER(tx_link->conf->tx_bss_conf, NULL);
763
		}
764

765
		/* loop through sdatas to find if any of their links
766
		 * belong to same MBSSID set as the one getting deleted.
767
		 */
768
		for_each_sdata_link(tx_sdata->local, link) {
769
			struct ieee80211_sub_if_data *link_sdata = link->sdata;
770

771
			if (link_sdata == sdata || link_sdata == tx_sdata ||
772
			    rcu_access_pointer(link->conf->tx_bss_conf) != tx_bss_conf)
773
				continue;
774

775
			RCU_INIT_POINTER(link->conf->tx_bss_conf, NULL);
776

777
			/* Remove all links of matching MLD until dynamic link
778
			 * removal can be supported.
779
			 */
780
			cfg80211_stop_iface(link_sdata->wdev.wiphy, &link_sdata->wdev,
781
					    GFP_KERNEL);
782
		}
783

784
		/* If we are not tx sdata, remove links of tx sdata and proceed */
785
		if (sdata != tx_sdata && ieee80211_sdata_running(tx_sdata))
786
			cfg80211_stop_iface(tx_sdata->wdev.wiphy,
787
					    &tx_sdata->wdev, GFP_KERNEL);
788
	}
789
}
790

791
static int ieee80211_stop(struct net_device *dev)
792
{
793
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
794

795
	/* close dependent VLAN interfaces before locking wiphy */
796
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
797
		struct ieee80211_sub_if_data *vlan, *tmpsdata;
798

799
		list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
800
					 u.vlan.list)
801
			dev_close(vlan->dev);
802
	}
803

804
	guard(wiphy)(sdata->local->hw.wiphy);
805

806
	wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->activate_links_work);
807

808
	/* Close the dependent MBSSID interfaces with wiphy lock as we may be
809
	 * terminating its partner links too in case of MLD.
810
	 */
811
	if (sdata->vif.type == NL80211_IFTYPE_AP)
812
		ieee80211_stop_mbssid(sdata);
813

814
	ieee80211_do_stop(sdata, true);
815

816
	return 0;
817
}
818

819
static void ieee80211_set_multicast_list(struct net_device *dev)
820
{
821
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
822
	struct ieee80211_local *local = sdata->local;
823
	int allmulti, sdata_allmulti;
824

825
	allmulti = !!(dev->flags & IFF_ALLMULTI);
826
	sdata_allmulti = !!(sdata->flags & IEEE80211_SDATA_ALLMULTI);
827

828
	if (allmulti != sdata_allmulti) {
829
		if (dev->flags & IFF_ALLMULTI)
830
			atomic_inc(&local->iff_allmultis);
831
		else
832
			atomic_dec(&local->iff_allmultis);
833
		sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
834
	}
835

836
	spin_lock_bh(&local->filter_lock);
837
	__hw_addr_sync(&local->mc_list, &dev->mc, dev->addr_len);
838
	spin_unlock_bh(&local->filter_lock);
839
	wiphy_work_queue(local->hw.wiphy, &local->reconfig_filter);
840
}
841

842
/*
843
 * Called when the netdev is removed or, by the code below, before
844
 * the interface type changes.
845
 */
846
static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
847
{
848
	if (WARN_ON(!list_empty(&sdata->work.entry)))
849
		wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->work);
850

851
	/* free extra data */
852
	ieee80211_free_keys(sdata, false);
853

854
	ieee80211_debugfs_remove_netdev(sdata);
855

856
	ieee80211_destroy_frag_cache(&sdata->frags);
857

858
	if (ieee80211_vif_is_mesh(&sdata->vif))
859
		ieee80211_mesh_teardown_sdata(sdata);
860

861
	ieee80211_vif_clear_links(sdata);
862
	ieee80211_link_stop(&sdata->deflink);
863
}
864

865
static void ieee80211_uninit(struct net_device *dev)
866
{
867
	ieee80211_teardown_sdata(IEEE80211_DEV_TO_SUB_IF(dev));
868
}
869

870
static int ieee80211_netdev_setup_tc(struct net_device *dev,
871
				     enum tc_setup_type type, void *type_data)
872
{
873
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
874
	struct ieee80211_local *local = sdata->local;
875

876
	return drv_net_setup_tc(local, sdata, dev, type, type_data);
877
}
878

879
static const struct net_device_ops ieee80211_dataif_ops = {
880
	.ndo_open		= ieee80211_open,
881
	.ndo_stop		= ieee80211_stop,
882
	.ndo_uninit		= ieee80211_uninit,
883
	.ndo_start_xmit		= ieee80211_subif_start_xmit,
884
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
885
	.ndo_set_mac_address 	= ieee80211_change_mac,
886
	.ndo_setup_tc		= ieee80211_netdev_setup_tc,
887
};
888

889
static u16 ieee80211_monitor_select_queue(struct net_device *dev,
890
					  struct sk_buff *skb,
891
					  struct net_device *sb_dev)
892
{
893
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
894
	struct ieee80211_local *local = sdata->local;
895
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
896
	struct ieee80211_hdr *hdr;
897
	int len_rthdr;
898

899
	if (local->hw.queues < IEEE80211_NUM_ACS)
900
		return 0;
901

902
	/* reset flags and info before parsing radiotap header */
903
	memset(info, 0, sizeof(*info));
904

905
	if (!ieee80211_parse_tx_radiotap(skb, dev))
906
		return 0; /* doesn't matter, frame will be dropped */
907

908
	len_rthdr = ieee80211_get_radiotap_len(skb->data);
909
	hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
910
	if (skb->len < len_rthdr + 2 ||
911
	    skb->len < len_rthdr + ieee80211_hdrlen(hdr->frame_control))
912
		return 0; /* doesn't matter, frame will be dropped */
913

914
	return ieee80211_select_queue_80211(sdata, skb, hdr);
915
}
916

917
static const struct net_device_ops ieee80211_monitorif_ops = {
918
	.ndo_open		= ieee80211_open,
919
	.ndo_stop		= ieee80211_stop,
920
	.ndo_uninit		= ieee80211_uninit,
921
	.ndo_start_xmit		= ieee80211_monitor_start_xmit,
922
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
923
	.ndo_set_mac_address 	= ieee80211_change_mac,
924
	.ndo_select_queue	= ieee80211_monitor_select_queue,
925
};
926

927
static int ieee80211_netdev_fill_forward_path(struct net_device_path_ctx *ctx,
928
					      struct net_device_path *path)
929
{
930
	struct ieee80211_sub_if_data *sdata;
931
	struct ieee80211_local *local;
932
	struct sta_info *sta;
933
	int ret = -ENOENT;
934

935
	sdata = IEEE80211_DEV_TO_SUB_IF(ctx->dev);
936
	local = sdata->local;
937

938
	if (!local->ops->net_fill_forward_path)
939
		return -EOPNOTSUPP;
940

941
	rcu_read_lock();
942
	switch (sdata->vif.type) {
943
	case NL80211_IFTYPE_AP_VLAN:
944
		sta = rcu_dereference(sdata->u.vlan.sta);
945
		if (sta)
946
			break;
947
		if (sdata->wdev.use_4addr)
948
			goto out;
949
		if (is_multicast_ether_addr(ctx->daddr))
950
			goto out;
951
		sta = sta_info_get_bss(sdata, ctx->daddr);
952
		break;
953
	case NL80211_IFTYPE_AP:
954
		if (is_multicast_ether_addr(ctx->daddr))
955
			goto out;
956
		sta = sta_info_get(sdata, ctx->daddr);
957
		break;
958
	case NL80211_IFTYPE_STATION:
959
		if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
960
			sta = sta_info_get(sdata, ctx->daddr);
961
			if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
962
				if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
963
					goto out;
964

965
				break;
966
			}
967
		}
968

969
		sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
970
		break;
971
	default:
972
		goto out;
973
	}
974

975
	if (!sta)
976
		goto out;
977

978
	ret = drv_net_fill_forward_path(local, sdata, &sta->sta, ctx, path);
979
out:
980
	rcu_read_unlock();
981

982
	return ret;
983
}
984

985
static const struct net_device_ops ieee80211_dataif_8023_ops = {
986
	.ndo_open		= ieee80211_open,
987
	.ndo_stop		= ieee80211_stop,
988
	.ndo_uninit		= ieee80211_uninit,
989
	.ndo_start_xmit		= ieee80211_subif_start_xmit_8023,
990
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
991
	.ndo_set_mac_address	= ieee80211_change_mac,
992
	.ndo_fill_forward_path	= ieee80211_netdev_fill_forward_path,
993
	.ndo_setup_tc		= ieee80211_netdev_setup_tc,
994
};
995

996
static bool ieee80211_iftype_supports_hdr_offload(enum nl80211_iftype iftype)
997
{
998
	switch (iftype) {
999
	/* P2P GO and client are mapped to AP/STATION types */
1000
	case NL80211_IFTYPE_AP:
1001
	case NL80211_IFTYPE_STATION:
1002
		return true;
1003
	default:
1004
		return false;
1005
	}
1006
}
1007

1008
static bool ieee80211_set_sdata_offload_flags(struct ieee80211_sub_if_data *sdata)
1009
{
1010
	struct ieee80211_local *local = sdata->local;
1011
	u32 flags;
1012

1013
	flags = sdata->vif.offload_flags;
1014

1015
	if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
1016
	    ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1017
		flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
1018

1019
		if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
1020
		    local->hw.wiphy->frag_threshold != (u32)-1)
1021
			flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1022

1023
		if (local->virt_monitors)
1024
			flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1025
	} else {
1026
		flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1027
	}
1028

1029
	if (ieee80211_hw_check(&local->hw, SUPPORTS_RX_DECAP_OFFLOAD) &&
1030
	    ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1031
		flags |= IEEE80211_OFFLOAD_DECAP_ENABLED;
1032

1033
		if (local->virt_monitors &&
1034
		    !ieee80211_hw_check(&local->hw, SUPPORTS_CONC_MON_RX_DECAP))
1035
			flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1036
	} else {
1037
		flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1038
	}
1039

1040
	if (sdata->vif.offload_flags == flags)
1041
		return false;
1042

1043
	sdata->vif.offload_flags = flags;
1044
	ieee80211_check_fast_rx_iface(sdata);
1045
	return true;
1046
}
1047

1048
static void ieee80211_set_vif_encap_ops(struct ieee80211_sub_if_data *sdata)
1049
{
1050
	struct ieee80211_local *local = sdata->local;
1051
	struct ieee80211_sub_if_data *bss = sdata;
1052
	bool enabled;
1053

1054
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1055
		if (!sdata->bss)
1056
			return;
1057

1058
		bss = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1059
	}
1060

1061
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
1062
	    !ieee80211_iftype_supports_hdr_offload(bss->vif.type))
1063
		return;
1064

1065
	enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
1066
	if (sdata->wdev.use_4addr &&
1067
	    !(bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_4ADDR))
1068
		enabled = false;
1069

1070
	sdata->dev->netdev_ops = enabled ? &ieee80211_dataif_8023_ops :
1071
					   &ieee80211_dataif_ops;
1072
}
1073

1074
static void ieee80211_recalc_sdata_offload(struct ieee80211_sub_if_data *sdata)
1075
{
1076
	struct ieee80211_local *local = sdata->local;
1077
	struct ieee80211_sub_if_data *vsdata;
1078

1079
	if (ieee80211_set_sdata_offload_flags(sdata)) {
1080
		drv_update_vif_offload(local, sdata);
1081
		ieee80211_set_vif_encap_ops(sdata);
1082
	}
1083

1084
	list_for_each_entry(vsdata, &local->interfaces, list) {
1085
		if (vsdata->vif.type != NL80211_IFTYPE_AP_VLAN ||
1086
		    vsdata->bss != &sdata->u.ap)
1087
			continue;
1088

1089
		ieee80211_set_vif_encap_ops(vsdata);
1090
	}
1091
}
1092

1093
void ieee80211_recalc_offload(struct ieee80211_local *local)
1094
{
1095
	struct ieee80211_sub_if_data *sdata;
1096

1097
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD))
1098
		return;
1099

1100
	lockdep_assert_wiphy(local->hw.wiphy);
1101

1102
	list_for_each_entry(sdata, &local->interfaces, list) {
1103
		if (!ieee80211_sdata_running(sdata))
1104
			continue;
1105

1106
		ieee80211_recalc_sdata_offload(sdata);
1107
	}
1108
}
1109

1110
void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1111
				    const int offset)
1112
{
1113
	struct ieee80211_local *local = sdata->local;
1114
	u32 flags = sdata->u.mntr.flags;
1115

1116
#define ADJUST(_f, _s)	do {					\
1117
	if (flags & MONITOR_FLAG_##_f)				\
1118
		local->fif_##_s += offset;			\
1119
	} while (0)
1120

1121
	ADJUST(FCSFAIL, fcsfail);
1122
	ADJUST(PLCPFAIL, plcpfail);
1123
	ADJUST(CONTROL, control);
1124
	ADJUST(CONTROL, pspoll);
1125
	ADJUST(OTHER_BSS, other_bss);
1126
	if (!(flags & MONITOR_FLAG_SKIP_TX))
1127
		local->tx_mntrs += offset;
1128

1129
#undef ADJUST
1130
}
1131

1132
static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
1133
{
1134
	struct ieee80211_local *local = sdata->local;
1135
	int i;
1136

1137
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
1138
		if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1139
			sdata->vif.hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
1140
		else if (local->hw.queues >= IEEE80211_NUM_ACS)
1141
			sdata->vif.hw_queue[i] = i;
1142
		else
1143
			sdata->vif.hw_queue[i] = 0;
1144
	}
1145
	sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
1146
}
1147

1148
static void ieee80211_sdata_init(struct ieee80211_local *local,
1149
				 struct ieee80211_sub_if_data *sdata)
1150
{
1151
	sdata->local = local;
1152

1153
	INIT_LIST_HEAD(&sdata->key_list);
1154

1155
	/*
1156
	 * Initialize the default link, so we can use link_id 0 for non-MLD,
1157
	 * and that continues to work for non-MLD-aware drivers that use just
1158
	 * vif.bss_conf instead of vif.link_conf.
1159
	 *
1160
	 * Note that we never change this, so if link ID 0 isn't used in an
1161
	 * MLD connection, we get a separate allocation for it.
1162
	 */
1163
	ieee80211_link_init(sdata, -1, &sdata->deflink, &sdata->vif.bss_conf);
1164
}
1165

1166
int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
1167
{
1168
	struct ieee80211_sub_if_data *sdata;
1169
	int ret;
1170

1171
	ASSERT_RTNL();
1172
	lockdep_assert_wiphy(local->hw.wiphy);
1173

1174
	if (local->monitor_sdata ||
1175
	    ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
1176
		return 0;
1177

1178
	sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
1179
	if (!sdata)
1180
		return -ENOMEM;
1181

1182
	/* set up data */
1183
	sdata->vif.type = NL80211_IFTYPE_MONITOR;
1184
	snprintf(sdata->name, IFNAMSIZ, "%s-monitor",
1185
		 wiphy_name(local->hw.wiphy));
1186
	sdata->wdev.iftype = NL80211_IFTYPE_MONITOR;
1187
	sdata->wdev.wiphy = local->hw.wiphy;
1188

1189
	ieee80211_sdata_init(local, sdata);
1190

1191
	ieee80211_set_default_queues(sdata);
1192

1193
	if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
1194
		ret = drv_add_interface(local, sdata);
1195
		if (WARN_ON(ret)) {
1196
			/* ok .. stupid driver, it asked for this! */
1197
			kfree(sdata);
1198
			return ret;
1199
		}
1200
	}
1201

1202
	set_bit(SDATA_STATE_RUNNING, &sdata->state);
1203

1204
	ret = ieee80211_check_queues(sdata, NL80211_IFTYPE_MONITOR);
1205
	if (ret) {
1206
		kfree(sdata);
1207
		return ret;
1208
	}
1209

1210
	mutex_lock(&local->iflist_mtx);
1211
	rcu_assign_pointer(local->monitor_sdata, sdata);
1212
	mutex_unlock(&local->iflist_mtx);
1213

1214
	ret = ieee80211_link_use_channel(&sdata->deflink, &local->monitor_chanreq,
1215
					 IEEE80211_CHANCTX_EXCLUSIVE);
1216
	if (ret) {
1217
		mutex_lock(&local->iflist_mtx);
1218
		RCU_INIT_POINTER(local->monitor_sdata, NULL);
1219
		mutex_unlock(&local->iflist_mtx);
1220
		synchronize_net();
1221
		drv_remove_interface(local, sdata);
1222
		kfree(sdata);
1223
		return ret;
1224
	}
1225

1226
	skb_queue_head_init(&sdata->skb_queue);
1227
	skb_queue_head_init(&sdata->status_queue);
1228
	wiphy_work_init(&sdata->work, ieee80211_iface_work);
1229

1230
	return 0;
1231
}
1232

1233
void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
1234
{
1235
	struct ieee80211_sub_if_data *sdata;
1236

1237
	if (ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
1238
		return;
1239

1240
	ASSERT_RTNL();
1241
	lockdep_assert_wiphy(local->hw.wiphy);
1242

1243
	mutex_lock(&local->iflist_mtx);
1244

1245
	sdata = rcu_dereference_protected(local->monitor_sdata,
1246
					  lockdep_is_held(&local->iflist_mtx));
1247
	if (!sdata) {
1248
		mutex_unlock(&local->iflist_mtx);
1249
		return;
1250
	}
1251

1252
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
1253
	ieee80211_link_release_channel(&sdata->deflink);
1254

1255
	if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
1256
		drv_remove_interface(local, sdata);
1257

1258
	RCU_INIT_POINTER(local->monitor_sdata, NULL);
1259
	mutex_unlock(&local->iflist_mtx);
1260

1261
	synchronize_net();
1262

1263
	kfree(sdata);
1264
}
1265

1266
/*
1267
 * NOTE: Be very careful when changing this function, it must NOT return
1268
 * an error on interface type changes that have been pre-checked, so most
1269
 * checks should be in ieee80211_check_concurrent_iface.
1270
 */
1271
int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
1272
{
1273
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
1274
	struct net_device *dev = wdev->netdev;
1275
	struct ieee80211_local *local = sdata->local;
1276
	u64 changed = 0;
1277
	int res;
1278
	u32 hw_reconf_flags = 0;
1279

1280
	lockdep_assert_wiphy(local->hw.wiphy);
1281

1282
	switch (sdata->vif.type) {
1283
	case NL80211_IFTYPE_AP_VLAN: {
1284
		struct ieee80211_sub_if_data *master;
1285

1286
		if (!sdata->bss)
1287
			return -ENOLINK;
1288

1289
		list_add(&sdata->u.vlan.list, &sdata->bss->vlans);
1290

1291
		master = container_of(sdata->bss,
1292
				      struct ieee80211_sub_if_data, u.ap);
1293
		sdata->control_port_protocol =
1294
			master->control_port_protocol;
1295
		sdata->control_port_no_encrypt =
1296
			master->control_port_no_encrypt;
1297
		sdata->control_port_over_nl80211 =
1298
			master->control_port_over_nl80211;
1299
		sdata->control_port_no_preauth =
1300
			master->control_port_no_preauth;
1301
		sdata->vif.cab_queue = master->vif.cab_queue;
1302
		memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
1303
		       sizeof(sdata->vif.hw_queue));
1304
		sdata->vif.bss_conf.chanreq = master->vif.bss_conf.chanreq;
1305

1306
		sdata->crypto_tx_tailroom_needed_cnt +=
1307
			master->crypto_tx_tailroom_needed_cnt;
1308

1309
		ieee80211_apvlan_link_setup(sdata);
1310

1311
		break;
1312
		}
1313
	case NL80211_IFTYPE_AP:
1314
		sdata->bss = &sdata->u.ap;
1315
		break;
1316
	case NL80211_IFTYPE_MESH_POINT:
1317
	case NL80211_IFTYPE_STATION:
1318
	case NL80211_IFTYPE_MONITOR:
1319
	case NL80211_IFTYPE_ADHOC:
1320
	case NL80211_IFTYPE_P2P_DEVICE:
1321
	case NL80211_IFTYPE_OCB:
1322
	case NL80211_IFTYPE_NAN:
1323
		/* no special treatment */
1324
		break;
1325
	case NL80211_IFTYPE_UNSPECIFIED:
1326
	case NUM_NL80211_IFTYPES:
1327
	case NL80211_IFTYPE_P2P_CLIENT:
1328
	case NL80211_IFTYPE_P2P_GO:
1329
	case NL80211_IFTYPE_WDS:
1330
		/* cannot happen */
1331
		WARN_ON(1);
1332
		break;
1333
	}
1334

1335
	if (local->open_count == 0) {
1336
		/* here we can consider everything in good order (again) */
1337
		local->reconfig_failure = false;
1338

1339
		res = drv_start(local);
1340
		if (res)
1341
			goto err_del_bss;
1342
		ieee80211_led_radio(local, true);
1343
		ieee80211_mod_tpt_led_trig(local,
1344
					   IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
1345
	}
1346

1347
	/*
1348
	 * Copy the hopefully now-present MAC address to
1349
	 * this interface, if it has the special null one.
1350
	 */
1351
	if (dev && is_zero_ether_addr(dev->dev_addr)) {
1352
		eth_hw_addr_set(dev, local->hw.wiphy->perm_addr);
1353
		memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
1354

1355
		if (!is_valid_ether_addr(dev->dev_addr)) {
1356
			res = -EADDRNOTAVAIL;
1357
			goto err_stop;
1358
		}
1359
	}
1360

1361
	sdata->vif.addr_valid = sdata->vif.type != NL80211_IFTYPE_MONITOR ||
1362
				(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE);
1363
	switch (sdata->vif.type) {
1364
	case NL80211_IFTYPE_AP_VLAN:
1365
		/* no need to tell driver, but set carrier and chanctx */
1366
		if (sdata->bss->active) {
1367
			struct ieee80211_link_data *link;
1368

1369
			for_each_link_data(sdata, link) {
1370
				ieee80211_link_vlan_copy_chanctx(link);
1371
			}
1372

1373
			netif_carrier_on(dev);
1374
			ieee80211_set_vif_encap_ops(sdata);
1375
		} else {
1376
			netif_carrier_off(dev);
1377
		}
1378
		break;
1379
	case NL80211_IFTYPE_MONITOR:
1380
		if ((sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) ||
1381
		    ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
1382
			res = drv_add_interface(local, sdata);
1383
			if (res)
1384
				goto err_stop;
1385
		} else {
1386
			if (local->virt_monitors == 0 && local->open_count == 0) {
1387
				res = ieee80211_add_virtual_monitor(local);
1388
				if (res)
1389
					goto err_stop;
1390
			}
1391
			local->virt_monitors++;
1392

1393
			/* must be before the call to ieee80211_configure_filter */
1394
			if (local->virt_monitors == 1) {
1395
				local->hw.conf.flags |= IEEE80211_CONF_MONITOR;
1396
				hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
1397
			}
1398
		}
1399

1400
		local->monitors++;
1401

1402
		ieee80211_adjust_monitor_flags(sdata, 1);
1403
		ieee80211_configure_filter(local);
1404
		ieee80211_recalc_offload(local);
1405
		ieee80211_recalc_idle(local);
1406

1407
		netif_carrier_on(dev);
1408
		break;
1409
	default:
1410
		if (coming_up) {
1411
			ieee80211_del_virtual_monitor(local);
1412
			ieee80211_set_sdata_offload_flags(sdata);
1413

1414
			res = drv_add_interface(local, sdata);
1415
			if (res)
1416
				goto err_stop;
1417

1418
			ieee80211_set_vif_encap_ops(sdata);
1419
			res = ieee80211_check_queues(sdata,
1420
				ieee80211_vif_type_p2p(&sdata->vif));
1421
			if (res)
1422
				goto err_del_interface;
1423
		}
1424

1425
		if (sdata->vif.type == NL80211_IFTYPE_AP) {
1426
			local->fif_pspoll++;
1427
			local->fif_probe_req++;
1428

1429
			ieee80211_configure_filter(local);
1430
		} else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
1431
			local->fif_probe_req++;
1432
		}
1433

1434
		if (sdata->vif.probe_req_reg)
1435
			drv_config_iface_filter(local, sdata,
1436
						FIF_PROBE_REQ,
1437
						FIF_PROBE_REQ);
1438

1439
		if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE &&
1440
		    sdata->vif.type != NL80211_IFTYPE_NAN)
1441
			changed |= ieee80211_reset_erp_info(sdata);
1442
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
1443
						  changed);
1444

1445
		switch (sdata->vif.type) {
1446
		case NL80211_IFTYPE_STATION:
1447
		case NL80211_IFTYPE_ADHOC:
1448
		case NL80211_IFTYPE_AP:
1449
		case NL80211_IFTYPE_MESH_POINT:
1450
		case NL80211_IFTYPE_OCB:
1451
			netif_carrier_off(dev);
1452
			break;
1453
		case NL80211_IFTYPE_P2P_DEVICE:
1454
		case NL80211_IFTYPE_NAN:
1455
			break;
1456
		default:
1457
			/* not reached */
1458
			WARN_ON(1);
1459
		}
1460

1461
		/*
1462
		 * Set default queue parameters so drivers don't
1463
		 * need to initialise the hardware if the hardware
1464
		 * doesn't start up with sane defaults.
1465
		 * Enable QoS for anything but station interfaces.
1466
		 */
1467
		ieee80211_set_wmm_default(&sdata->deflink, true,
1468
			sdata->vif.type != NL80211_IFTYPE_STATION);
1469
	}
1470

1471
	switch (sdata->vif.type) {
1472
	case NL80211_IFTYPE_P2P_DEVICE:
1473
		rcu_assign_pointer(local->p2p_sdata, sdata);
1474
		break;
1475
	case NL80211_IFTYPE_MONITOR:
1476
		list_add_tail_rcu(&sdata->u.mntr.list, &local->mon_list);
1477
		break;
1478
	default:
1479
		break;
1480
	}
1481

1482
	/*
1483
	 * set_multicast_list will be invoked by the networking core
1484
	 * which will check whether any increments here were done in
1485
	 * error and sync them down to the hardware as filter flags.
1486
	 */
1487
	if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
1488
		atomic_inc(&local->iff_allmultis);
1489

1490
	if (coming_up)
1491
		local->open_count++;
1492

1493
	if (local->open_count == 1)
1494
		ieee80211_hw_conf_init(local);
1495
	else if (hw_reconf_flags)
1496
		ieee80211_hw_config(local, -1, hw_reconf_flags);
1497

1498
	ieee80211_recalc_ps(local);
1499

1500
	set_bit(SDATA_STATE_RUNNING, &sdata->state);
1501

1502
	return 0;
1503
 err_del_interface:
1504
	drv_remove_interface(local, sdata);
1505
 err_stop:
1506
	if (!local->open_count)
1507
		drv_stop(local, false);
1508
 err_del_bss:
1509
	sdata->bss = NULL;
1510
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1511
		list_del(&sdata->u.vlan.list);
1512
	/* might already be clear but that doesn't matter */
1513
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
1514
	return res;
1515
}
1516

1517
static void ieee80211_if_setup(struct net_device *dev)
1518
{
1519
	ether_setup(dev);
1520
	dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1521
	dev->priv_flags |= IFF_NO_QUEUE;
1522
	dev->netdev_ops = &ieee80211_dataif_ops;
1523
	dev->needs_free_netdev = true;
1524
}
1525

1526
static void ieee80211_iface_process_skb(struct ieee80211_local *local,
1527
					struct ieee80211_sub_if_data *sdata,
1528
					struct sk_buff *skb)
1529
{
1530
	struct ieee80211_mgmt *mgmt = (void *)skb->data;
1531

1532
	lockdep_assert_wiphy(local->hw.wiphy);
1533

1534
	if (ieee80211_is_action(mgmt->frame_control) &&
1535
	    mgmt->u.action.category == WLAN_CATEGORY_BACK) {
1536
		struct sta_info *sta;
1537
		int len = skb->len;
1538

1539
		sta = sta_info_get_bss(sdata, mgmt->sa);
1540
		if (sta) {
1541
			switch (mgmt->u.action.u.addba_req.action_code) {
1542
			case WLAN_ACTION_ADDBA_REQ:
1543
				ieee80211_process_addba_request(local, sta,
1544
								mgmt, len);
1545
				break;
1546
			case WLAN_ACTION_ADDBA_RESP:
1547
				ieee80211_process_addba_resp(local, sta,
1548
							     mgmt, len);
1549
				break;
1550
			case WLAN_ACTION_DELBA:
1551
				ieee80211_process_delba(sdata, sta,
1552
							mgmt, len);
1553
				break;
1554
			default:
1555
				WARN_ON(1);
1556
				break;
1557
			}
1558
		}
1559
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1560
		   mgmt->u.action.category == WLAN_CATEGORY_HT) {
1561
		switch (mgmt->u.action.u.ht_smps.action) {
1562
		case WLAN_HT_ACTION_NOTIFY_CHANWIDTH: {
1563
			u8 chanwidth = mgmt->u.action.u.ht_notify_cw.chanwidth;
1564
			struct ieee80211_rx_status *status;
1565
			struct link_sta_info *link_sta;
1566
			struct sta_info *sta;
1567

1568
			sta = sta_info_get_bss(sdata, mgmt->sa);
1569
			if (!sta)
1570
				break;
1571

1572
			status = IEEE80211_SKB_RXCB(skb);
1573
			if (!status->link_valid)
1574
				link_sta = &sta->deflink;
1575
			else
1576
				link_sta = rcu_dereference_protected(sta->link[status->link_id],
1577
							lockdep_is_held(&local->hw.wiphy->mtx));
1578
			if (link_sta)
1579
				ieee80211_ht_handle_chanwidth_notif(local, sdata, sta,
1580
								    link_sta, chanwidth,
1581
								    status->band);
1582
			break;
1583
		}
1584
		default:
1585
			WARN_ON(1);
1586
			break;
1587
		}
1588
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1589
		   mgmt->u.action.category == WLAN_CATEGORY_VHT) {
1590
		switch (mgmt->u.action.u.vht_group_notif.action_code) {
1591
		case WLAN_VHT_ACTION_OPMODE_NOTIF: {
1592
			struct ieee80211_rx_status *status;
1593
			enum nl80211_band band;
1594
			struct sta_info *sta;
1595
			u8 opmode;
1596

1597
			status = IEEE80211_SKB_RXCB(skb);
1598
			band = status->band;
1599
			opmode = mgmt->u.action.u.vht_opmode_notif.operating_mode;
1600

1601
			sta = sta_info_get_bss(sdata, mgmt->sa);
1602

1603
			if (sta)
1604
				ieee80211_vht_handle_opmode(sdata,
1605
							    &sta->deflink,
1606
							    opmode, band);
1607

1608
			break;
1609
		}
1610
		case WLAN_VHT_ACTION_GROUPID_MGMT:
1611
			ieee80211_process_mu_groups(sdata, &sdata->deflink,
1612
						    mgmt);
1613
			break;
1614
		default:
1615
			WARN_ON(1);
1616
			break;
1617
		}
1618
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1619
		   mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1620
		switch (mgmt->u.action.u.s1g.action_code) {
1621
		case WLAN_S1G_TWT_TEARDOWN:
1622
		case WLAN_S1G_TWT_SETUP:
1623
			ieee80211_s1g_rx_twt_action(sdata, skb);
1624
			break;
1625
		default:
1626
			break;
1627
		}
1628
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1629
		   mgmt->u.action.category == WLAN_CATEGORY_PROTECTED_EHT) {
1630
		if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1631
			switch (mgmt->u.action.u.ttlm_req.action_code) {
1632
			case WLAN_PROTECTED_EHT_ACTION_TTLM_REQ:
1633
				ieee80211_process_neg_ttlm_req(sdata, mgmt,
1634
							       skb->len);
1635
				break;
1636
			case WLAN_PROTECTED_EHT_ACTION_TTLM_RES:
1637
				ieee80211_process_neg_ttlm_res(sdata, mgmt,
1638
							       skb->len);
1639
				break;
1640
			case WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN:
1641
				ieee80211_process_ttlm_teardown(sdata);
1642
				break;
1643
			case WLAN_PROTECTED_EHT_ACTION_LINK_RECONFIG_RESP:
1644
				ieee80211_process_ml_reconf_resp(sdata, mgmt,
1645
								 skb->len);
1646
				break;
1647
			case WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_RESP:
1648
				ieee80211_process_epcs_ena_resp(sdata, mgmt,
1649
								skb->len);
1650
				break;
1651
			case WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_TEARDOWN:
1652
				ieee80211_process_epcs_teardown(sdata, mgmt,
1653
								skb->len);
1654
				break;
1655
			default:
1656
				break;
1657
			}
1658
		}
1659
	} else if (ieee80211_is_ext(mgmt->frame_control)) {
1660
		if (sdata->vif.type == NL80211_IFTYPE_STATION)
1661
			ieee80211_sta_rx_queued_ext(sdata, skb);
1662
		else
1663
			WARN_ON(1);
1664
	} else if (ieee80211_is_data_qos(mgmt->frame_control)) {
1665
		struct ieee80211_hdr *hdr = (void *)mgmt;
1666
		struct sta_info *sta;
1667

1668
		/*
1669
		 * So the frame isn't mgmt, but frame_control
1670
		 * is at the right place anyway, of course, so
1671
		 * the if statement is correct.
1672
		 *
1673
		 * Warn if we have other data frame types here,
1674
		 * they must not get here.
1675
		 */
1676
		WARN_ON(hdr->frame_control &
1677
				cpu_to_le16(IEEE80211_STYPE_NULLFUNC));
1678
		WARN_ON(!(hdr->seq_ctrl &
1679
				cpu_to_le16(IEEE80211_SCTL_FRAG)));
1680
		/*
1681
		 * This was a fragment of a frame, received while
1682
		 * a block-ack session was active. That cannot be
1683
		 * right, so terminate the session.
1684
		 */
1685
		sta = sta_info_get_bss(sdata, mgmt->sa);
1686
		if (sta) {
1687
			u16 tid = ieee80211_get_tid(hdr);
1688

1689
			__ieee80211_stop_rx_ba_session(
1690
				sta, tid, WLAN_BACK_RECIPIENT,
1691
				WLAN_REASON_QSTA_REQUIRE_SETUP,
1692
				true);
1693
		}
1694
	} else switch (sdata->vif.type) {
1695
	case NL80211_IFTYPE_STATION:
1696
		ieee80211_sta_rx_queued_mgmt(sdata, skb);
1697
		break;
1698
	case NL80211_IFTYPE_ADHOC:
1699
		ieee80211_ibss_rx_queued_mgmt(sdata, skb);
1700
		break;
1701
	case NL80211_IFTYPE_MESH_POINT:
1702
		if (!ieee80211_vif_is_mesh(&sdata->vif))
1703
			break;
1704
		ieee80211_mesh_rx_queued_mgmt(sdata, skb);
1705
		break;
1706
	default:
1707
		WARN(1, "frame for unexpected interface type");
1708
		break;
1709
	}
1710
}
1711

1712
static void ieee80211_iface_process_status(struct ieee80211_sub_if_data *sdata,
1713
					   struct sk_buff *skb)
1714
{
1715
	struct ieee80211_mgmt *mgmt = (void *)skb->data;
1716

1717
	if (ieee80211_is_action(mgmt->frame_control) &&
1718
	    mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1719
		switch (mgmt->u.action.u.s1g.action_code) {
1720
		case WLAN_S1G_TWT_TEARDOWN:
1721
		case WLAN_S1G_TWT_SETUP:
1722
			ieee80211_s1g_status_twt_action(sdata, skb);
1723
			break;
1724
		default:
1725
			break;
1726
		}
1727
	}
1728
}
1729

1730
static void ieee80211_iface_work(struct wiphy *wiphy, struct wiphy_work *work)
1731
{
1732
	struct ieee80211_sub_if_data *sdata =
1733
		container_of(work, struct ieee80211_sub_if_data, work);
1734
	struct ieee80211_local *local = sdata->local;
1735
	struct sk_buff *skb;
1736

1737
	if (!ieee80211_sdata_running(sdata))
1738
		return;
1739

1740
	if (test_bit(SCAN_SW_SCANNING, &local->scanning))
1741
		return;
1742

1743
	if (!ieee80211_can_run_worker(local))
1744
		return;
1745

1746
	/* first process frames */
1747
	while ((skb = skb_dequeue(&sdata->skb_queue))) {
1748
		kcov_remote_start_common(skb_get_kcov_handle(skb));
1749

1750
		if (skb->protocol == cpu_to_be16(ETH_P_TDLS))
1751
			ieee80211_process_tdls_channel_switch(sdata, skb);
1752
		else
1753
			ieee80211_iface_process_skb(local, sdata, skb);
1754

1755
		kfree_skb(skb);
1756
		kcov_remote_stop();
1757
	}
1758

1759
	/* process status queue */
1760
	while ((skb = skb_dequeue(&sdata->status_queue))) {
1761
		kcov_remote_start_common(skb_get_kcov_handle(skb));
1762

1763
		ieee80211_iface_process_status(sdata, skb);
1764
		kfree_skb(skb);
1765

1766
		kcov_remote_stop();
1767
	}
1768

1769
	/* then other type-dependent work */
1770
	switch (sdata->vif.type) {
1771
	case NL80211_IFTYPE_STATION:
1772
		ieee80211_sta_work(sdata);
1773
		break;
1774
	case NL80211_IFTYPE_ADHOC:
1775
		ieee80211_ibss_work(sdata);
1776
		break;
1777
	case NL80211_IFTYPE_MESH_POINT:
1778
		if (!ieee80211_vif_is_mesh(&sdata->vif))
1779
			break;
1780
		ieee80211_mesh_work(sdata);
1781
		break;
1782
	case NL80211_IFTYPE_OCB:
1783
		ieee80211_ocb_work(sdata);
1784
		break;
1785
	default:
1786
		break;
1787
	}
1788
}
1789

1790
static void ieee80211_activate_links_work(struct wiphy *wiphy,
1791
					  struct wiphy_work *work)
1792
{
1793
	struct ieee80211_sub_if_data *sdata =
1794
		container_of(work, struct ieee80211_sub_if_data,
1795
			     activate_links_work);
1796
	struct ieee80211_local *local = wiphy_priv(wiphy);
1797

1798
	if (local->in_reconfig)
1799
		return;
1800

1801
	ieee80211_set_active_links(&sdata->vif, sdata->desired_active_links);
1802
	sdata->desired_active_links = 0;
1803
}
1804

1805
/*
1806
 * Helper function to initialise an interface to a specific type.
1807
 */
1808
static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1809
				  enum nl80211_iftype type)
1810
{
1811
	static const u8 bssid_wildcard[ETH_ALEN] = {0xff, 0xff, 0xff,
1812
						    0xff, 0xff, 0xff};
1813

1814
	/* clear type-dependent unions */
1815
	memset(&sdata->u, 0, sizeof(sdata->u));
1816
	memset(&sdata->deflink.u, 0, sizeof(sdata->deflink.u));
1817

1818
	/* and set some type-dependent values */
1819
	sdata->vif.type = type;
1820
	sdata->vif.p2p = false;
1821
	sdata->wdev.iftype = type;
1822

1823
	sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
1824
	sdata->control_port_no_encrypt = false;
1825
	sdata->control_port_over_nl80211 = false;
1826
	sdata->control_port_no_preauth = false;
1827
	sdata->vif.cfg.idle = true;
1828
	sdata->vif.bss_conf.txpower = INT_MIN; /* unset */
1829

1830
	sdata->noack_map = 0;
1831

1832
	/* only monitor/p2p-device differ */
1833
	if (sdata->dev) {
1834
		sdata->dev->netdev_ops = &ieee80211_dataif_ops;
1835
		sdata->dev->type = ARPHRD_ETHER;
1836
	}
1837

1838
	skb_queue_head_init(&sdata->skb_queue);
1839
	skb_queue_head_init(&sdata->status_queue);
1840
	wiphy_work_init(&sdata->work, ieee80211_iface_work);
1841
	wiphy_work_init(&sdata->activate_links_work,
1842
			ieee80211_activate_links_work);
1843

1844
	switch (type) {
1845
	case NL80211_IFTYPE_P2P_GO:
1846
		type = NL80211_IFTYPE_AP;
1847
		sdata->vif.type = type;
1848
		sdata->vif.p2p = true;
1849
		fallthrough;
1850
	case NL80211_IFTYPE_AP:
1851
		skb_queue_head_init(&sdata->u.ap.ps.bc_buf);
1852
		INIT_LIST_HEAD(&sdata->u.ap.vlans);
1853
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1854
		break;
1855
	case NL80211_IFTYPE_P2P_CLIENT:
1856
		type = NL80211_IFTYPE_STATION;
1857
		sdata->vif.type = type;
1858
		sdata->vif.p2p = true;
1859
		fallthrough;
1860
	case NL80211_IFTYPE_STATION:
1861
		sdata->vif.bss_conf.bssid = sdata->deflink.u.mgd.bssid;
1862
		ieee80211_sta_setup_sdata(sdata);
1863
		break;
1864
	case NL80211_IFTYPE_OCB:
1865
		sdata->vif.bss_conf.bssid = bssid_wildcard;
1866
		ieee80211_ocb_setup_sdata(sdata);
1867
		break;
1868
	case NL80211_IFTYPE_ADHOC:
1869
		sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
1870
		ieee80211_ibss_setup_sdata(sdata);
1871
		break;
1872
	case NL80211_IFTYPE_MESH_POINT:
1873
		if (ieee80211_vif_is_mesh(&sdata->vif))
1874
			ieee80211_mesh_init_sdata(sdata);
1875
		break;
1876
	case NL80211_IFTYPE_MONITOR:
1877
		sdata->dev->type = ARPHRD_IEEE80211_RADIOTAP;
1878
		sdata->dev->netdev_ops = &ieee80211_monitorif_ops;
1879
		sdata->u.mntr.flags = MONITOR_FLAG_CONTROL |
1880
				      MONITOR_FLAG_OTHER_BSS;
1881
		break;
1882
	case NL80211_IFTYPE_NAN:
1883
		idr_init(&sdata->u.nan.function_inst_ids);
1884
		spin_lock_init(&sdata->u.nan.func_lock);
1885
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1886
		break;
1887
	case NL80211_IFTYPE_AP_VLAN:
1888
	case NL80211_IFTYPE_P2P_DEVICE:
1889
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1890
		break;
1891
	case NL80211_IFTYPE_UNSPECIFIED:
1892
	case NL80211_IFTYPE_WDS:
1893
	case NUM_NL80211_IFTYPES:
1894
		WARN_ON(1);
1895
		break;
1896
	}
1897

1898
	/* need to do this after the switch so vif.type is correct */
1899
	ieee80211_link_setup(&sdata->deflink);
1900

1901
	ieee80211_debugfs_recreate_netdev(sdata, false);
1902
}
1903

1904
static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1905
					   enum nl80211_iftype type)
1906
{
1907
	struct ieee80211_local *local = sdata->local;
1908
	int ret, err;
1909
	enum nl80211_iftype internal_type = type;
1910
	bool p2p = false;
1911

1912
	ASSERT_RTNL();
1913

1914
	if (!local->ops->change_interface)
1915
		return -EBUSY;
1916

1917
	/* for now, don't support changing while links exist */
1918
	if (ieee80211_vif_is_mld(&sdata->vif))
1919
		return -EBUSY;
1920

1921
	switch (sdata->vif.type) {
1922
	case NL80211_IFTYPE_AP:
1923
		if (!list_empty(&sdata->u.ap.vlans))
1924
			return -EBUSY;
1925
		break;
1926
	case NL80211_IFTYPE_STATION:
1927
	case NL80211_IFTYPE_ADHOC:
1928
	case NL80211_IFTYPE_OCB:
1929
		/*
1930
		 * Could maybe also all others here?
1931
		 * Just not sure how that interacts
1932
		 * with the RX/config path e.g. for
1933
		 * mesh.
1934
		 */
1935
		break;
1936
	default:
1937
		return -EBUSY;
1938
	}
1939

1940
	switch (type) {
1941
	case NL80211_IFTYPE_AP:
1942
	case NL80211_IFTYPE_STATION:
1943
	case NL80211_IFTYPE_ADHOC:
1944
	case NL80211_IFTYPE_OCB:
1945
		/*
1946
		 * Could probably support everything
1947
		 * but here.
1948
		 */
1949
		break;
1950
	case NL80211_IFTYPE_P2P_CLIENT:
1951
		p2p = true;
1952
		internal_type = NL80211_IFTYPE_STATION;
1953
		break;
1954
	case NL80211_IFTYPE_P2P_GO:
1955
		p2p = true;
1956
		internal_type = NL80211_IFTYPE_AP;
1957
		break;
1958
	default:
1959
		return -EBUSY;
1960
	}
1961

1962
	ret = ieee80211_check_concurrent_iface(sdata, internal_type);
1963
	if (ret)
1964
		return ret;
1965

1966
	ieee80211_stop_vif_queues(local, sdata,
1967
				  IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
1968
	/* do_stop will synchronize_rcu() first thing */
1969
	ieee80211_do_stop(sdata, false);
1970

1971
	ieee80211_teardown_sdata(sdata);
1972

1973
	ieee80211_set_sdata_offload_flags(sdata);
1974
	ret = drv_change_interface(local, sdata, internal_type, p2p);
1975
	if (ret)
1976
		type = ieee80211_vif_type_p2p(&sdata->vif);
1977

1978
	/*
1979
	 * Ignore return value here, there's not much we can do since
1980
	 * the driver changed the interface type internally already.
1981
	 * The warnings will hopefully make driver authors fix it :-)
1982
	 */
1983
	ieee80211_check_queues(sdata, type);
1984

1985
	ieee80211_setup_sdata(sdata, type);
1986
	ieee80211_set_vif_encap_ops(sdata);
1987

1988
	err = ieee80211_do_open(&sdata->wdev, false);
1989
	WARN(err, "type change: do_open returned %d", err);
1990

1991
	ieee80211_wake_vif_queues(local, sdata,
1992
				  IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
1993
	return ret;
1994
}
1995

1996
int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1997
			     enum nl80211_iftype type)
1998
{
1999
	int ret;
2000

2001
	ASSERT_RTNL();
2002

2003
	if (type == ieee80211_vif_type_p2p(&sdata->vif))
2004
		return 0;
2005

2006
	if (ieee80211_sdata_running(sdata)) {
2007
		ret = ieee80211_runtime_change_iftype(sdata, type);
2008
		if (ret)
2009
			return ret;
2010
	} else {
2011
		/* Purge and reset type-dependent state. */
2012
		ieee80211_teardown_sdata(sdata);
2013
		ieee80211_setup_sdata(sdata, type);
2014
	}
2015

2016
	/* reset some values that shouldn't be kept across type changes */
2017
	if (type == NL80211_IFTYPE_STATION)
2018
		sdata->u.mgd.use_4addr = false;
2019

2020
	return 0;
2021
}
2022

2023
static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
2024
				       u8 *perm_addr, enum nl80211_iftype type)
2025
{
2026
	struct ieee80211_sub_if_data *sdata;
2027
	u64 mask, start, addr, val, inc;
2028
	u8 *m;
2029
	u8 tmp_addr[ETH_ALEN];
2030
	int i;
2031

2032
	lockdep_assert_wiphy(local->hw.wiphy);
2033

2034
	/* default ... something at least */
2035
	memcpy(perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
2036

2037
	if (is_zero_ether_addr(local->hw.wiphy->addr_mask) &&
2038
	    local->hw.wiphy->n_addresses <= 1)
2039
		return;
2040

2041
	switch (type) {
2042
	case NL80211_IFTYPE_MONITOR:
2043
		/* doesn't matter */
2044
		break;
2045
	case NL80211_IFTYPE_AP_VLAN:
2046
		/* match up with an AP interface */
2047
		list_for_each_entry(sdata, &local->interfaces, list) {
2048
			if (sdata->vif.type != NL80211_IFTYPE_AP)
2049
				continue;
2050
			memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2051
			break;
2052
		}
2053
		/* keep default if no AP interface present */
2054
		break;
2055
	case NL80211_IFTYPE_P2P_CLIENT:
2056
	case NL80211_IFTYPE_P2P_GO:
2057
		if (ieee80211_hw_check(&local->hw, P2P_DEV_ADDR_FOR_INTF)) {
2058
			list_for_each_entry(sdata, &local->interfaces, list) {
2059
				if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE)
2060
					continue;
2061
				if (!ieee80211_sdata_running(sdata))
2062
					continue;
2063
				memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2064
				return;
2065
			}
2066
		}
2067
		fallthrough;
2068
	default:
2069
		/* assign a new address if possible -- try n_addresses first */
2070
		for (i = 0; i < local->hw.wiphy->n_addresses; i++) {
2071
			bool used = false;
2072

2073
			list_for_each_entry(sdata, &local->interfaces, list) {
2074
				if (ether_addr_equal(local->hw.wiphy->addresses[i].addr,
2075
						     sdata->vif.addr)) {
2076
					used = true;
2077
					break;
2078
				}
2079
			}
2080

2081
			if (!used) {
2082
				memcpy(perm_addr,
2083
				       local->hw.wiphy->addresses[i].addr,
2084
				       ETH_ALEN);
2085
				break;
2086
			}
2087
		}
2088

2089
		/* try mask if available */
2090
		if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
2091
			break;
2092

2093
		m = local->hw.wiphy->addr_mask;
2094
		mask =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2095
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2096
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2097

2098
		if (__ffs64(mask) + hweight64(mask) != fls64(mask)) {
2099
			/* not a contiguous mask ... not handled now! */
2100
			pr_info("not contiguous\n");
2101
			break;
2102
		}
2103

2104
		/*
2105
		 * Pick address of existing interface in case user changed
2106
		 * MAC address manually, default to perm_addr.
2107
		 */
2108
		m = local->hw.wiphy->perm_addr;
2109
		list_for_each_entry(sdata, &local->interfaces, list) {
2110
			if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
2111
				continue;
2112
			m = sdata->vif.addr;
2113
			break;
2114
		}
2115
		start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2116
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2117
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2118

2119
		inc = 1ULL<<__ffs64(mask);
2120
		val = (start & mask);
2121
		addr = (start & ~mask) | (val & mask);
2122
		do {
2123
			bool used = false;
2124

2125
			tmp_addr[5] = addr >> 0*8;
2126
			tmp_addr[4] = addr >> 1*8;
2127
			tmp_addr[3] = addr >> 2*8;
2128
			tmp_addr[2] = addr >> 3*8;
2129
			tmp_addr[1] = addr >> 4*8;
2130
			tmp_addr[0] = addr >> 5*8;
2131

2132
			val += inc;
2133

2134
			list_for_each_entry(sdata, &local->interfaces, list) {
2135
				if (ether_addr_equal(tmp_addr, sdata->vif.addr)) {
2136
					used = true;
2137
					break;
2138
				}
2139
			}
2140

2141
			if (!used) {
2142
				memcpy(perm_addr, tmp_addr, ETH_ALEN);
2143
				break;
2144
			}
2145
			addr = (start & ~mask) | (val & mask);
2146
		} while (addr != start);
2147

2148
		break;
2149
	}
2150
}
2151

2152
int ieee80211_if_add(struct ieee80211_local *local, const char *name,
2153
		     unsigned char name_assign_type,
2154
		     struct wireless_dev **new_wdev, enum nl80211_iftype type,
2155
		     struct vif_params *params)
2156
{
2157
	struct net_device *ndev = NULL;
2158
	struct ieee80211_sub_if_data *sdata = NULL;
2159
	struct txq_info *txqi;
2160
	int ret, i;
2161

2162
	ASSERT_RTNL();
2163
	lockdep_assert_wiphy(local->hw.wiphy);
2164

2165
	if (type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN) {
2166
		struct wireless_dev *wdev;
2167

2168
		sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size,
2169
				GFP_KERNEL);
2170
		if (!sdata)
2171
			return -ENOMEM;
2172
		wdev = &sdata->wdev;
2173

2174
		sdata->dev = NULL;
2175
		strscpy(sdata->name, name, IFNAMSIZ);
2176
		ieee80211_assign_perm_addr(local, wdev->address, type);
2177
		memcpy(sdata->vif.addr, wdev->address, ETH_ALEN);
2178
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2179
	} else {
2180
		int size = ALIGN(sizeof(*sdata) + local->hw.vif_data_size,
2181
				 sizeof(void *));
2182
		int txq_size = 0;
2183

2184
		if (type != NL80211_IFTYPE_AP_VLAN &&
2185
		    (type != NL80211_IFTYPE_MONITOR ||
2186
		     (params->flags & MONITOR_FLAG_ACTIVE)))
2187
			txq_size += sizeof(struct txq_info) +
2188
				    local->hw.txq_data_size;
2189

2190
		ndev = alloc_netdev_mqs(size + txq_size,
2191
					name, name_assign_type,
2192
					ieee80211_if_setup, 1, 1);
2193
		if (!ndev)
2194
			return -ENOMEM;
2195

2196
		dev_net_set(ndev, wiphy_net(local->hw.wiphy));
2197

2198
		ndev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
2199

2200
		ndev->needed_headroom = local->tx_headroom +
2201
					4*6 /* four MAC addresses */
2202
					+ 2 + 2 + 2 + 2 /* ctl, dur, seq, qos */
2203
					+ 6 /* mesh */
2204
					+ 8 /* rfc1042/bridge tunnel */
2205
					- ETH_HLEN /* ethernet hard_header_len */
2206
					+ IEEE80211_ENCRYPT_HEADROOM;
2207
		ndev->needed_tailroom = IEEE80211_ENCRYPT_TAILROOM;
2208

2209
		ret = dev_alloc_name(ndev, ndev->name);
2210
		if (ret < 0) {
2211
			free_netdev(ndev);
2212
			return ret;
2213
		}
2214

2215
		ieee80211_assign_perm_addr(local, ndev->perm_addr, type);
2216
		if (is_valid_ether_addr(params->macaddr))
2217
			eth_hw_addr_set(ndev, params->macaddr);
2218
		else
2219
			eth_hw_addr_set(ndev, ndev->perm_addr);
2220
		SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
2221

2222
		/* don't use IEEE80211_DEV_TO_SUB_IF -- it checks too much */
2223
		sdata = netdev_priv(ndev);
2224
		ndev->ieee80211_ptr = &sdata->wdev;
2225
		memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN);
2226
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2227
		memcpy(sdata->name, ndev->name, IFNAMSIZ);
2228

2229
		if (txq_size) {
2230
			txqi = netdev_priv(ndev) + size;
2231
			ieee80211_txq_init(sdata, NULL, txqi, 0);
2232
		}
2233

2234
		sdata->dev = ndev;
2235
	}
2236

2237
	/* initialise type-independent data */
2238
	sdata->wdev.wiphy = local->hw.wiphy;
2239

2240
	ieee80211_sdata_init(local, sdata);
2241

2242
	ieee80211_init_frag_cache(&sdata->frags);
2243

2244
	wiphy_delayed_work_init(&sdata->dec_tailroom_needed_wk,
2245
				ieee80211_delayed_tailroom_dec);
2246

2247
	for (i = 0; i < NUM_NL80211_BANDS; i++) {
2248
		struct ieee80211_supported_band *sband;
2249
		sband = local->hw.wiphy->bands[i];
2250
		sdata->rc_rateidx_mask[i] =
2251
			sband ? (1 << sband->n_bitrates) - 1 : 0;
2252
		if (sband) {
2253
			__le16 cap;
2254
			u16 *vht_rate_mask;
2255

2256
			memcpy(sdata->rc_rateidx_mcs_mask[i],
2257
			       sband->ht_cap.mcs.rx_mask,
2258
			       sizeof(sdata->rc_rateidx_mcs_mask[i]));
2259

2260
			cap = sband->vht_cap.vht_mcs.rx_mcs_map;
2261
			vht_rate_mask = sdata->rc_rateidx_vht_mcs_mask[i];
2262
			ieee80211_get_vht_mask_from_cap(cap, vht_rate_mask);
2263
		} else {
2264
			memset(sdata->rc_rateidx_mcs_mask[i], 0,
2265
			       sizeof(sdata->rc_rateidx_mcs_mask[i]));
2266
			memset(sdata->rc_rateidx_vht_mcs_mask[i], 0,
2267
			       sizeof(sdata->rc_rateidx_vht_mcs_mask[i]));
2268
		}
2269
	}
2270

2271
	ieee80211_set_default_queues(sdata);
2272

2273
	/* setup type-dependent data */
2274
	ieee80211_setup_sdata(sdata, type);
2275

2276
	if (ndev) {
2277
		ndev->ieee80211_ptr->use_4addr = params->use_4addr;
2278
		if (type == NL80211_IFTYPE_STATION)
2279
			sdata->u.mgd.use_4addr = params->use_4addr;
2280

2281
		ndev->features |= local->hw.netdev_features;
2282
		ndev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
2283
		ndev->hw_features |= ndev->features &
2284
					MAC80211_SUPPORTED_FEATURES_TX;
2285
		sdata->vif.netdev_features = local->hw.netdev_features;
2286

2287
		netdev_set_default_ethtool_ops(ndev, &ieee80211_ethtool_ops);
2288

2289
		/* MTU range is normally 256 - 2304, where the upper limit is
2290
		 * the maximum MSDU size. Monitor interfaces send and receive
2291
		 * MPDU and A-MSDU frames which may be much larger so we do
2292
		 * not impose an upper limit in that case.
2293
		 */
2294
		ndev->min_mtu = 256;
2295
		if (type == NL80211_IFTYPE_MONITOR)
2296
			ndev->max_mtu = 0;
2297
		else
2298
			ndev->max_mtu = local->hw.max_mtu;
2299

2300
		ret = cfg80211_register_netdevice(ndev);
2301
		if (ret) {
2302
			free_netdev(ndev);
2303
			return ret;
2304
		}
2305
	}
2306

2307
	mutex_lock(&local->iflist_mtx);
2308
	list_add_tail_rcu(&sdata->list, &local->interfaces);
2309
	mutex_unlock(&local->iflist_mtx);
2310

2311
	if (new_wdev)
2312
		*new_wdev = &sdata->wdev;
2313

2314
	return 0;
2315
}
2316

2317
void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
2318
{
2319
	ASSERT_RTNL();
2320
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2321

2322
	mutex_lock(&sdata->local->iflist_mtx);
2323
	list_del_rcu(&sdata->list);
2324
	mutex_unlock(&sdata->local->iflist_mtx);
2325

2326
	if (sdata->vif.txq)
2327
		ieee80211_txq_purge(sdata->local, to_txq_info(sdata->vif.txq));
2328

2329
	synchronize_rcu();
2330

2331
	cfg80211_unregister_wdev(&sdata->wdev);
2332

2333
	if (!sdata->dev) {
2334
		ieee80211_teardown_sdata(sdata);
2335
		kfree(sdata);
2336
	}
2337
}
2338

2339
void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata)
2340
{
2341
	if (WARN_ON_ONCE(!test_bit(SDATA_STATE_RUNNING, &sdata->state)))
2342
		return;
2343
	ieee80211_do_stop(sdata, true);
2344
}
2345

2346
void ieee80211_remove_interfaces(struct ieee80211_local *local)
2347
{
2348
	struct ieee80211_sub_if_data *sdata, *tmp;
2349
	LIST_HEAD(unreg_list);
2350

2351
	ASSERT_RTNL();
2352

2353
	/* Before destroying the interfaces, make sure they're all stopped so
2354
	 * that the hardware is stopped. Otherwise, the driver might still be
2355
	 * iterating the interfaces during the shutdown, e.g. from a worker
2356
	 * or from RX processing or similar, and if it does so (using atomic
2357
	 * iteration) while we're manipulating the list, the iteration will
2358
	 * crash.
2359
	 *
2360
	 * After this, the hardware should be stopped and the driver should
2361
	 * have stopped all of its activities, so that we can do RCU-unaware
2362
	 * manipulations of the interface list below.
2363
	 */
2364
	cfg80211_shutdown_all_interfaces(local->hw.wiphy);
2365

2366
	guard(wiphy)(local->hw.wiphy);
2367

2368
	WARN(local->open_count, "%s: open count remains %d\n",
2369
	     wiphy_name(local->hw.wiphy), local->open_count);
2370

2371
	mutex_lock(&local->iflist_mtx);
2372
	list_splice_init(&local->interfaces, &unreg_list);
2373
	mutex_unlock(&local->iflist_mtx);
2374

2375
	list_for_each_entry_safe(sdata, tmp, &unreg_list, list) {
2376
		bool netdev = sdata->dev;
2377

2378
		/*
2379
		 * Remove IP addresses explicitly, since the notifier will
2380
		 * skip the callbacks if wdev->registered is false, since
2381
		 * we can't acquire the wiphy_lock() again there if already
2382
		 * inside this locked section.
2383
		 */
2384
		sdata->vif.cfg.arp_addr_cnt = 0;
2385
		if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2386
		    sdata->u.mgd.associated)
2387
			ieee80211_vif_cfg_change_notify(sdata,
2388
							BSS_CHANGED_ARP_FILTER);
2389

2390
		list_del(&sdata->list);
2391
		cfg80211_unregister_wdev(&sdata->wdev);
2392

2393
		if (!netdev)
2394
			kfree(sdata);
2395
	}
2396
}
2397

2398
static int netdev_notify(struct notifier_block *nb,
2399
			 unsigned long state, void *ptr)
2400
{
2401
	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
2402
	struct ieee80211_sub_if_data *sdata;
2403

2404
	if (state != NETDEV_CHANGENAME)
2405
		return NOTIFY_DONE;
2406

2407
	if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
2408
		return NOTIFY_DONE;
2409

2410
	if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
2411
		return NOTIFY_DONE;
2412

2413
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2414
	memcpy(sdata->name, dev->name, IFNAMSIZ);
2415
	ieee80211_debugfs_rename_netdev(sdata);
2416

2417
	return NOTIFY_OK;
2418
}
2419

2420
static struct notifier_block mac80211_netdev_notifier = {
2421
	.notifier_call = netdev_notify,
2422
};
2423

2424
int ieee80211_iface_init(void)
2425
{
2426
	return register_netdevice_notifier(&mac80211_netdev_notifier);
2427
}
2428

2429
void ieee80211_iface_exit(void)
2430
{
2431
	unregister_netdevice_notifier(&mac80211_netdev_notifier);
2432
}
2433

2434
void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata)
2435
{
2436
	if (sdata->vif.type == NL80211_IFTYPE_AP)
2437
		atomic_inc(&sdata->u.ap.num_mcast_sta);
2438
	else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2439
		atomic_inc(&sdata->u.vlan.num_mcast_sta);
2440
}
2441

2442
void ieee80211_vif_dec_num_mcast(struct ieee80211_sub_if_data *sdata)
2443
{
2444
	if (sdata->vif.type == NL80211_IFTYPE_AP)
2445
		atomic_dec(&sdata->u.ap.num_mcast_sta);
2446
	else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2447
		atomic_dec(&sdata->u.vlan.num_mcast_sta);
2448
}
2449

2450
void ieee80211_vif_block_queues_csa(struct ieee80211_sub_if_data *sdata)
2451
{
2452
	struct ieee80211_local *local = sdata->local;
2453

2454
	if (ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA))
2455
		return;
2456

2457
	ieee80211_stop_vif_queues_norefcount(local, sdata,
2458
					     IEEE80211_QUEUE_STOP_REASON_CSA);
2459
}
2460

2461
void ieee80211_vif_unblock_queues_csa(struct ieee80211_sub_if_data *sdata)
2462
{
2463
	struct ieee80211_local *local = sdata->local;
2464

2465
	ieee80211_wake_vif_queues_norefcount(local, sdata,
2466
					     IEEE80211_QUEUE_STOP_REASON_CSA);
2467
}
2468

2469