1
// SPDX-License-Identifier: GPL-2.0-only
2
/*
3
 * Interface handling
4
 *
5
 * Copyright 2002-2005, Instant802 Networks, Inc.
6
 * Copyright 2005-2006, Devicescape Software, Inc.
7
 * Copyright (c) 2006 Jiri Benc <[email protected]>
8
 * Copyright 2008, Johannes Berg <[email protected]>
9
 * Copyright 2013-2014  Intel Mobile Communications GmbH
10
 * Copyright (c) 2016        Intel Deutschland GmbH
11
 * Copyright (C) 2018-2025 Intel Corporation
12
 */
13
#include <linux/slab.h>
14
#include <linux/kernel.h>
15
#include <linux/if_arp.h>
16
#include <linux/netdevice.h>
17
#include <linux/rtnetlink.h>
18
#include <linux/kcov.h>
19
#include <net/mac80211.h>
20
#include <net/ieee80211_radiotap.h>
21
#include "ieee80211_i.h"
22
#include "sta_info.h"
23
#include "debugfs_netdev.h"
24
#include "mesh.h"
25
#include "led.h"
26
#include "driver-ops.h"
27
#include "wme.h"
28
#include "rate.h"
29

30
/**
31
 * DOC: Interface list locking
32
 *
33
 * The interface list in each struct ieee80211_local is protected
34
 * three-fold:
35
 *
36
 * (1) modifications may only be done under the RTNL *and* wiphy mutex
37
 *     *and* iflist_mtx
38
 * (2) modifications are done in an RCU manner so atomic readers
39
 *     can traverse the list in RCU-safe blocks.
40
 *
41
 * As a consequence, reads (traversals) of the list can be protected
42
 * by either the RTNL, the wiphy mutex, the iflist_mtx or RCU.
43
 */
44

45
static void ieee80211_iface_work(struct wiphy *wiphy, struct wiphy_work *work);
46

47
bool __ieee80211_recalc_txpower(struct ieee80211_link_data *link)
48
{
49
	struct ieee80211_chanctx_conf *chanctx_conf;
50
	int power;
51

52
	rcu_read_lock();
53
	chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
54
	if (!chanctx_conf) {
55
		rcu_read_unlock();
56
		return false;
57
	}
58

59
	power = ieee80211_chandef_max_power(&chanctx_conf->def);
60
	rcu_read_unlock();
61

62
	if (link->user_power_level != IEEE80211_UNSET_POWER_LEVEL)
63
		power = min(power, link->user_power_level);
64

65
	if (link->ap_power_level != IEEE80211_UNSET_POWER_LEVEL)
66
		power = min(power, link->ap_power_level);
67

68
	if (power != link->conf->txpower) {
69
		link->conf->txpower = power;
70
		return true;
71
	}
72

73
	return false;
74
}
75

76
void ieee80211_recalc_txpower(struct ieee80211_link_data *link,
77
			      bool update_bss)
78
{
79
	if (__ieee80211_recalc_txpower(link) ||
80
	    (update_bss && ieee80211_sdata_running(link->sdata)))
81
		ieee80211_link_info_change_notify(link->sdata, link,
82
						  BSS_CHANGED_TXPOWER);
83
}
84

85
static u32 __ieee80211_idle_off(struct ieee80211_local *local)
86
{
87
	if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
88
		return 0;
89

90
	local->hw.conf.flags &= ~IEEE80211_CONF_IDLE;
91
	return IEEE80211_CONF_CHANGE_IDLE;
92
}
93

94
static u32 __ieee80211_idle_on(struct ieee80211_local *local)
95
{
96
	if (local->hw.conf.flags & IEEE80211_CONF_IDLE)
97
		return 0;
98

99
	ieee80211_flush_queues(local, NULL, false);
100

101
	local->hw.conf.flags |= IEEE80211_CONF_IDLE;
102
	return IEEE80211_CONF_CHANGE_IDLE;
103
}
104

105
static u32 __ieee80211_recalc_idle(struct ieee80211_local *local,
106
				   bool force_active)
107
{
108
	bool working, scanning, active;
109
	unsigned int led_trig_start = 0, led_trig_stop = 0;
110
	struct ieee80211_sub_if_data *iter;
111

112
	lockdep_assert_wiphy(local->hw.wiphy);
113

114
	active = force_active ||
115
		 !list_empty(&local->chanctx_list) ||
116
		 local->monitors;
117

118
	working = !local->ops->remain_on_channel &&
119
		  !list_empty(&local->roc_list);
120

121
	list_for_each_entry(iter, &local->interfaces, list) {
122
		if (iter->vif.type == NL80211_IFTYPE_NAN &&
123
		    iter->u.nan.started) {
124
			working = true;
125
			break;
126
		}
127
	}
128

129
	scanning = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
130
		   test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
131

132
	if (working || scanning)
133
		led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_WORK;
134
	else
135
		led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_WORK;
136

137
	if (active)
138
		led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
139
	else
140
		led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
141

142
	ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
143

144
	if (working || scanning || active)
145
		return __ieee80211_idle_off(local);
146
	return __ieee80211_idle_on(local);
147
}
148

149
u32 ieee80211_idle_off(struct ieee80211_local *local)
150
{
151
	return __ieee80211_recalc_idle(local, true);
152
}
153

154
void ieee80211_recalc_idle(struct ieee80211_local *local)
155
{
156
	u32 change = __ieee80211_recalc_idle(local, false);
157
	if (change)
158
		ieee80211_hw_config(local, -1, change);
159
}
160

161
static int ieee80211_verify_mac(struct ieee80211_sub_if_data *sdata, u8 *addr,
162
				bool check_dup)
163
{
164
	struct ieee80211_local *local = sdata->local;
165
	struct ieee80211_sub_if_data *iter;
166
	u64 new, mask, tmp;
167
	u8 *m;
168
	int ret = 0;
169

170
	lockdep_assert_wiphy(local->hw.wiphy);
171

172
	if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
173
		return 0;
174

175
	m = addr;
176
	new =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
177
		((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
178
		((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
179

180
	m = local->hw.wiphy->addr_mask;
181
	mask =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
182
		((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
183
		((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
184

185
	if (!check_dup)
186
		return ret;
187

188
	list_for_each_entry(iter, &local->interfaces, list) {
189
		if (iter == sdata)
190
			continue;
191

192
		if (iter->vif.type == NL80211_IFTYPE_MONITOR &&
193
		    !(iter->u.mntr.flags & MONITOR_FLAG_ACTIVE))
194
			continue;
195

196
		m = iter->vif.addr;
197
		tmp =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
198
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
199
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
200

201
		if ((new & ~mask) != (tmp & ~mask)) {
202
			ret = -EINVAL;
203
			break;
204
		}
205
	}
206

207
	return ret;
208
}
209

210
static int ieee80211_can_powered_addr_change(struct ieee80211_sub_if_data *sdata)
211
{
212
	struct ieee80211_roc_work *roc;
213
	struct ieee80211_local *local = sdata->local;
214
	struct ieee80211_sub_if_data *scan_sdata;
215
	int ret = 0;
216

217
	lockdep_assert_wiphy(local->hw.wiphy);
218

219
	/* To be the most flexible here we want to only limit changing the
220
	 * address if the specific interface is doing offchannel work or
221
	 * scanning.
222
	 */
223
	if (netif_carrier_ok(sdata->dev))
224
		return -EBUSY;
225

226
	/* if any stations are set known (so they know this vif too), reject */
227
	if (sta_info_get_by_idx(sdata, 0))
228
		return -EBUSY;
229

230
	/* First check no ROC work is happening on this iface */
231
	list_for_each_entry(roc, &local->roc_list, list) {
232
		if (roc->sdata != sdata)
233
			continue;
234

235
		if (roc->started) {
236
			ret = -EBUSY;
237
			goto unlock;
238
		}
239
	}
240

241
	/* And if this iface is scanning */
242
	if (local->scanning) {
243
		scan_sdata = rcu_dereference_protected(local->scan_sdata,
244
						       lockdep_is_held(&local->hw.wiphy->mtx));
245
		if (sdata == scan_sdata)
246
			ret = -EBUSY;
247
	}
248

249
	/*
250
	 * More interface types could be added here but changing the
251
	 * address while powered makes the most sense in client modes.
252
	 */
253
	switch (sdata->vif.type) {
254
	case NL80211_IFTYPE_STATION:
255
	case NL80211_IFTYPE_P2P_CLIENT:
256
		/* refuse while connecting */
257
		if (sdata->u.mgd.auth_data || sdata->u.mgd.assoc_data)
258
			return -EBUSY;
259
		break;
260
	default:
261
		ret = -EOPNOTSUPP;
262
	}
263

264
unlock:
265
	return ret;
266
}
267

268
static int _ieee80211_change_mac(struct ieee80211_sub_if_data *sdata,
269
				 void *addr)
270
{
271
	struct ieee80211_local *local = sdata->local;
272
	struct sockaddr *sa = addr;
273
	bool check_dup = true;
274
	bool live = false;
275
	int ret;
276

277
	if (ieee80211_sdata_running(sdata)) {
278
		ret = ieee80211_can_powered_addr_change(sdata);
279
		if (ret)
280
			return ret;
281

282
		live = true;
283
	}
284

285
	if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
286
	    !(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))
287
		check_dup = false;
288

289
	ret = ieee80211_verify_mac(sdata, sa->sa_data, check_dup);
290
	if (ret)
291
		return ret;
292

293
	if (live)
294
		drv_remove_interface(local, sdata);
295
	ret = eth_mac_addr(sdata->dev, sa);
296

297
	if (ret == 0) {
298
		memcpy(sdata->vif.addr, sa->sa_data, ETH_ALEN);
299
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
300
	}
301

302
	/* Regardless of eth_mac_addr() return we still want to add the
303
	 * interface back. This should not fail...
304
	 */
305
	if (live)
306
		WARN_ON(drv_add_interface(local, sdata));
307

308
	return ret;
309
}
310

311
static int ieee80211_change_mac(struct net_device *dev, void *addr)
312
{
313
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
314
	struct ieee80211_local *local = sdata->local;
315

316
	/*
317
	 * This happens during unregistration if there's a bond device
318
	 * active (maybe other cases?) and we must get removed from it.
319
	 * But we really don't care anymore if it's not registered now.
320
	 */
321
	if (!dev->ieee80211_ptr->registered)
322
		return 0;
323

324
	guard(wiphy)(local->hw.wiphy);
325

326
	return _ieee80211_change_mac(sdata, addr);
327
}
328

329
static inline int identical_mac_addr_allowed(int type1, int type2)
330
{
331
	return type1 == NL80211_IFTYPE_MONITOR ||
332
		type2 == NL80211_IFTYPE_MONITOR ||
333
		type1 == NL80211_IFTYPE_P2P_DEVICE ||
334
		type2 == NL80211_IFTYPE_P2P_DEVICE ||
335
		(type1 == NL80211_IFTYPE_AP && type2 == NL80211_IFTYPE_AP_VLAN) ||
336
		(type1 == NL80211_IFTYPE_AP_VLAN &&
337
			(type2 == NL80211_IFTYPE_AP ||
338
			 type2 == NL80211_IFTYPE_AP_VLAN));
339
}
340

341
static int ieee80211_check_concurrent_iface(struct ieee80211_sub_if_data *sdata,
342
					    enum nl80211_iftype iftype)
343
{
344
	struct ieee80211_local *local = sdata->local;
345
	struct ieee80211_sub_if_data *nsdata;
346

347
	ASSERT_RTNL();
348
	lockdep_assert_wiphy(local->hw.wiphy);
349

350
	/* we hold the RTNL here so can safely walk the list */
351
	list_for_each_entry(nsdata, &local->interfaces, list) {
352
		if (nsdata != sdata && ieee80211_sdata_running(nsdata)) {
353
			struct ieee80211_link_data *link;
354

355
			/*
356
			 * Only OCB and monitor mode may coexist
357
			 */
358
			if ((sdata->vif.type == NL80211_IFTYPE_OCB &&
359
			     nsdata->vif.type != NL80211_IFTYPE_MONITOR) ||
360
			    (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
361
			     nsdata->vif.type == NL80211_IFTYPE_OCB))
362
				return -EBUSY;
363

364
			/*
365
			 * Allow only a single IBSS interface to be up at any
366
			 * time. This is restricted because beacon distribution
367
			 * cannot work properly if both are in the same IBSS.
368
			 *
369
			 * To remove this restriction we'd have to disallow them
370
			 * from setting the same SSID on different IBSS interfaces
371
			 * belonging to the same hardware. Then, however, we're
372
			 * faced with having to adopt two different TSF timers...
373
			 */
374
			if (iftype == NL80211_IFTYPE_ADHOC &&
375
			    nsdata->vif.type == NL80211_IFTYPE_ADHOC)
376
				return -EBUSY;
377
			/*
378
			 * will not add another interface while any channel
379
			 * switch is active.
380
			 */
381
			for_each_link_data(nsdata, link) {
382
				if (link->conf->csa_active)
383
					return -EBUSY;
384
			}
385

386
			/*
387
			 * The remaining checks are only performed for interfaces
388
			 * with the same MAC address.
389
			 */
390
			if (!ether_addr_equal(sdata->vif.addr,
391
					      nsdata->vif.addr))
392
				continue;
393

394
			/*
395
			 * check whether it may have the same address
396
			 */
397
			if (!identical_mac_addr_allowed(iftype,
398
							nsdata->vif.type))
399
				return -ENOTUNIQ;
400

401
			/* No support for VLAN with MLO yet */
402
			if (iftype == NL80211_IFTYPE_AP_VLAN &&
403
			    sdata->wdev.use_4addr &&
404
			    nsdata->vif.type == NL80211_IFTYPE_AP &&
405
			    nsdata->vif.valid_links)
406
				return -EOPNOTSUPP;
407

408
			/*
409
			 * can only add VLANs to enabled APs
410
			 */
411
			if (iftype == NL80211_IFTYPE_AP_VLAN &&
412
			    nsdata->vif.type == NL80211_IFTYPE_AP)
413
				sdata->bss = &nsdata->u.ap;
414
		}
415
	}
416

417
	return ieee80211_check_combinations(sdata, NULL, 0, 0, -1);
418
}
419

420
static int ieee80211_check_queues(struct ieee80211_sub_if_data *sdata,
421
				  enum nl80211_iftype iftype)
422
{
423
	int n_queues = sdata->local->hw.queues;
424
	int i;
425

426
	if (iftype == NL80211_IFTYPE_NAN)
427
		return 0;
428

429
	if (iftype != NL80211_IFTYPE_P2P_DEVICE) {
430
		for (i = 0; i < IEEE80211_NUM_ACS; i++) {
431
			if (WARN_ON_ONCE(sdata->vif.hw_queue[i] ==
432
					 IEEE80211_INVAL_HW_QUEUE))
433
				return -EINVAL;
434
			if (WARN_ON_ONCE(sdata->vif.hw_queue[i] >=
435
					 n_queues))
436
				return -EINVAL;
437
		}
438
	}
439

440
	if ((iftype != NL80211_IFTYPE_AP &&
441
	     iftype != NL80211_IFTYPE_P2P_GO &&
442
	     iftype != NL80211_IFTYPE_MESH_POINT) ||
443
	    !ieee80211_hw_check(&sdata->local->hw, QUEUE_CONTROL)) {
444
		sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
445
		return 0;
446
	}
447

448
	if (WARN_ON_ONCE(sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE))
449
		return -EINVAL;
450

451
	if (WARN_ON_ONCE(sdata->vif.cab_queue >= n_queues))
452
		return -EINVAL;
453

454
	return 0;
455
}
456

457
static int ieee80211_open(struct net_device *dev)
458
{
459
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
460
	int err;
461

462
	/* fail early if user set an invalid address */
463
	if (!is_valid_ether_addr(dev->dev_addr))
464
		return -EADDRNOTAVAIL;
465

466
	guard(wiphy)(sdata->local->hw.wiphy);
467

468
	err = ieee80211_check_concurrent_iface(sdata, sdata->vif.type);
469
	if (err)
470
		return err;
471

472
	return ieee80211_do_open(&sdata->wdev, true);
473
}
474

475
static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, bool going_down)
476
{
477
	struct ieee80211_local *local = sdata->local;
478
	unsigned long flags;
479
	struct sk_buff_head freeq;
480
	struct sk_buff *skb, *tmp;
481
	u32 hw_reconf_flags = 0;
482
	int i, flushed;
483
	struct ps_data *ps;
484
	struct cfg80211_chan_def chandef;
485
	bool cancel_scan;
486
	struct cfg80211_nan_func *func;
487

488
	lockdep_assert_wiphy(local->hw.wiphy);
489

490
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
491
	synchronize_rcu(); /* flush _ieee80211_wake_txqs() */
492

493
	cancel_scan = rcu_access_pointer(local->scan_sdata) == sdata;
494
	if (cancel_scan)
495
		ieee80211_scan_cancel(local);
496

497
	ieee80211_roc_purge(local, sdata);
498

499
	switch (sdata->vif.type) {
500
	case NL80211_IFTYPE_STATION:
501
		ieee80211_mgd_stop(sdata);
502
		break;
503
	case NL80211_IFTYPE_ADHOC:
504
		ieee80211_ibss_stop(sdata);
505
		break;
506
	case NL80211_IFTYPE_MONITOR:
507
		list_del_rcu(&sdata->u.mntr.list);
508
		break;
509
	case NL80211_IFTYPE_AP_VLAN:
510
		ieee80211_apvlan_link_clear(sdata);
511
		break;
512
	default:
513
		break;
514
	}
515

516
	/*
517
	 * Remove all stations associated with this interface.
518
	 *
519
	 * This must be done before calling ops->remove_interface()
520
	 * because otherwise we can later invoke ops->sta_notify()
521
	 * whenever the STAs are removed, and that invalidates driver
522
	 * assumptions about always getting a vif pointer that is valid
523
	 * (because if we remove a STA after ops->remove_interface()
524
	 * the driver will have removed the vif info already!)
525
	 *
526
	 * For AP_VLANs stations may exist since there's nothing else that
527
	 * would have removed them, but in other modes there shouldn't
528
	 * be any stations.
529
	 */
530
	flushed = sta_info_flush(sdata, -1);
531
	WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_AP_VLAN && flushed > 0);
532

533
	/* don't count this interface for allmulti while it is down */
534
	if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
535
		atomic_dec(&local->iff_allmultis);
536

537
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
538
		local->fif_pspoll--;
539
		local->fif_probe_req--;
540
	} else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
541
		local->fif_probe_req--;
542
	}
543

544
	if (sdata->dev) {
545
		netif_addr_lock_bh(sdata->dev);
546
		spin_lock_bh(&local->filter_lock);
547
		__hw_addr_unsync(&local->mc_list, &sdata->dev->mc,
548
				 sdata->dev->addr_len);
549
		spin_unlock_bh(&local->filter_lock);
550
		netif_addr_unlock_bh(sdata->dev);
551
	}
552

553
	timer_delete_sync(&local->dynamic_ps_timer);
554
	wiphy_work_cancel(local->hw.wiphy, &local->dynamic_ps_enable_work);
555

556
	WARN(ieee80211_vif_is_mld(&sdata->vif),
557
	     "destroying interface with valid links 0x%04x\n",
558
	     sdata->vif.valid_links);
559

560
	sdata->vif.bss_conf.csa_active = false;
561
	if (sdata->vif.type == NL80211_IFTYPE_STATION)
562
		sdata->deflink.u.mgd.csa.waiting_bcn = false;
563
	ieee80211_vif_unblock_queues_csa(sdata);
564

565
	wiphy_work_cancel(local->hw.wiphy, &sdata->deflink.csa.finalize_work);
566
	wiphy_work_cancel(local->hw.wiphy,
567
			  &sdata->deflink.color_change_finalize_work);
568
	wiphy_delayed_work_cancel(local->hw.wiphy,
569
				  &sdata->deflink.dfs_cac_timer_work);
570

571
	if (sdata->wdev.links[0].cac_started) {
572
		chandef = sdata->vif.bss_conf.chanreq.oper;
573
		WARN_ON(local->suspended);
574
		ieee80211_link_release_channel(&sdata->deflink);
575
		cfg80211_cac_event(sdata->dev, &chandef,
576
				   NL80211_RADAR_CAC_ABORTED,
577
				   GFP_KERNEL, 0);
578
	}
579

580
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
581
		WARN_ON(!list_empty(&sdata->u.ap.vlans));
582
	} else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
583
		/* remove all packets in parent bc_buf pointing to this dev */
584
		ps = &sdata->bss->ps;
585

586
		spin_lock_irqsave(&ps->bc_buf.lock, flags);
587
		skb_queue_walk_safe(&ps->bc_buf, skb, tmp) {
588
			if (skb->dev == sdata->dev) {
589
				__skb_unlink(skb, &ps->bc_buf);
590
				local->total_ps_buffered--;
591
				ieee80211_free_txskb(&local->hw, skb);
592
			}
593
		}
594
		spin_unlock_irqrestore(&ps->bc_buf.lock, flags);
595
	}
596

597
	if (going_down)
598
		local->open_count--;
599

600
	switch (sdata->vif.type) {
601
	case NL80211_IFTYPE_AP_VLAN:
602
		list_del(&sdata->u.vlan.list);
603
		RCU_INIT_POINTER(sdata->vif.bss_conf.chanctx_conf, NULL);
604
		/* see comment in the default case below */
605
		ieee80211_free_keys(sdata, true);
606
		/* no need to tell driver */
607
		break;
608
	case NL80211_IFTYPE_MONITOR:
609
		local->monitors--;
610

611
		if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) &&
612
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
613

614
			local->virt_monitors--;
615
			if (local->virt_monitors == 0) {
616
				local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
617
				hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
618
			}
619

620
			ieee80211_adjust_monitor_flags(sdata, -1);
621
		}
622
		break;
623
	case NL80211_IFTYPE_NAN:
624
		/* clean all the functions */
625
		spin_lock_bh(&sdata->u.nan.func_lock);
626

627
		idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, i) {
628
			idr_remove(&sdata->u.nan.function_inst_ids, i);
629
			cfg80211_free_nan_func(func);
630
		}
631
		idr_destroy(&sdata->u.nan.function_inst_ids);
632

633
		spin_unlock_bh(&sdata->u.nan.func_lock);
634
		break;
635
	default:
636
		wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->work);
637
		/*
638
		 * When we get here, the interface is marked down.
639
		 * Free the remaining keys, if there are any
640
		 * (which can happen in AP mode if userspace sets
641
		 * keys before the interface is operating)
642
		 *
643
		 * Force the key freeing to always synchronize_net()
644
		 * to wait for the RX path in case it is using this
645
		 * interface enqueuing frames at this very time on
646
		 * another CPU.
647
		 */
648
		ieee80211_free_keys(sdata, true);
649
		skb_queue_purge(&sdata->skb_queue);
650
		skb_queue_purge(&sdata->status_queue);
651
	}
652

653
	/*
654
	 * Since ieee80211_free_txskb() may issue __dev_queue_xmit()
655
	 * which should be called with interrupts enabled, reclamation
656
	 * is done in two phases:
657
	 */
658
	__skb_queue_head_init(&freeq);
659

660
	/* unlink from local queues... */
661
	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
662
	for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
663
		skb_queue_walk_safe(&local->pending[i], skb, tmp) {
664
			struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
665
			if (info->control.vif == &sdata->vif) {
666
				__skb_unlink(skb, &local->pending[i]);
667
				__skb_queue_tail(&freeq, skb);
668
			}
669
		}
670
	}
671
	spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
672

673
	/* ... and perform actual reclamation with interrupts enabled. */
674
	skb_queue_walk_safe(&freeq, skb, tmp) {
675
		__skb_unlink(skb, &freeq);
676
		ieee80211_free_txskb(&local->hw, skb);
677
	}
678

679
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
680
		ieee80211_txq_remove_vlan(local, sdata);
681

682
	if (sdata->vif.txq)
683
		ieee80211_txq_purge(sdata->local, to_txq_info(sdata->vif.txq));
684

685
	sdata->bss = NULL;
686

687
	if (local->open_count == 0)
688
		ieee80211_clear_tx_pending(local);
689

690
	sdata->vif.bss_conf.beacon_int = 0;
691

692
	/*
693
	 * If the interface goes down while suspended, presumably because
694
	 * the device was unplugged and that happens before our resume,
695
	 * then the driver is already unconfigured and the remainder of
696
	 * this function isn't needed.
697
	 * XXX: what about WoWLAN? If the device has software state, e.g.
698
	 *	memory allocated, it might expect teardown commands from
699
	 *	mac80211 here?
700
	 */
701
	if (local->suspended) {
702
		WARN_ON(local->wowlan);
703
		WARN_ON(rcu_access_pointer(local->monitor_sdata));
704
		return;
705
	}
706

707
	switch (sdata->vif.type) {
708
	case NL80211_IFTYPE_AP_VLAN:
709
		break;
710
	case NL80211_IFTYPE_MONITOR:
711
		if (local->virt_monitors == 0)
712
			ieee80211_del_virtual_monitor(local);
713

714
		ieee80211_recalc_idle(local);
715
		ieee80211_recalc_offload(local);
716

717
		if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) &&
718
		    !ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
719
			break;
720

721
		ieee80211_link_release_channel(&sdata->deflink);
722
		fallthrough;
723
	default:
724
		if (!going_down)
725
			break;
726
		drv_remove_interface(local, sdata);
727

728
		/* Clear private driver data to prevent reuse */
729
		memset(sdata->vif.drv_priv, 0, local->hw.vif_data_size);
730
	}
731

732
	ieee80211_recalc_ps(local);
733

734
	if (cancel_scan)
735
		wiphy_delayed_work_flush(local->hw.wiphy, &local->scan_work);
736

737
	if (local->open_count == 0) {
738
		ieee80211_stop_device(local, false);
739

740
		/* no reconfiguring after stop! */
741
		return;
742
	}
743

744
	/* do after stop to avoid reconfiguring when we stop anyway */
745
	ieee80211_configure_filter(local);
746
	ieee80211_hw_config(local, -1, hw_reconf_flags);
747

748
	/* Passing NULL means an interface is picked for configuration */
749
	if (local->virt_monitors == local->open_count)
750
		ieee80211_add_virtual_monitor(local, NULL);
751
}
752

753
void ieee80211_stop_mbssid(struct ieee80211_sub_if_data *sdata)
754
{
755
	struct ieee80211_sub_if_data *tx_sdata;
756
	struct ieee80211_bss_conf *link_conf, *tx_bss_conf;
757
	struct ieee80211_link_data *tx_link, *link;
758
	unsigned int link_id;
759

760
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
761

762
	/* Check if any of the links of current sdata is an MBSSID. */
763
	for_each_vif_active_link(&sdata->vif, link_conf, link_id) {
764
		tx_bss_conf = sdata_dereference(link_conf->tx_bss_conf, sdata);
765
		if (!tx_bss_conf)
766
			continue;
767

768
		tx_sdata = vif_to_sdata(tx_bss_conf->vif);
769
		RCU_INIT_POINTER(link_conf->tx_bss_conf, NULL);
770

771
		/* If we are not tx sdata reset tx sdata's tx_bss_conf to avoid recusrion
772
		 * while closing tx sdata at the end of outer loop below.
773
		 */
774
		if (sdata != tx_sdata) {
775
			tx_link = sdata_dereference(tx_sdata->link[tx_bss_conf->link_id],
776
						    tx_sdata);
777
			if (!tx_link)
778
				continue;
779

780
			RCU_INIT_POINTER(tx_link->conf->tx_bss_conf, NULL);
781
		}
782

783
		/* loop through sdatas to find if any of their links
784
		 * belong to same MBSSID set as the one getting deleted.
785
		 */
786
		for_each_sdata_link(tx_sdata->local, link) {
787
			struct ieee80211_sub_if_data *link_sdata = link->sdata;
788

789
			if (link_sdata == sdata || link_sdata == tx_sdata ||
790
			    rcu_access_pointer(link->conf->tx_bss_conf) != tx_bss_conf)
791
				continue;
792

793
			RCU_INIT_POINTER(link->conf->tx_bss_conf, NULL);
794

795
			/* Remove all links of matching MLD until dynamic link
796
			 * removal can be supported.
797
			 */
798
			cfg80211_stop_iface(link_sdata->wdev.wiphy, &link_sdata->wdev,
799
					    GFP_KERNEL);
800
		}
801

802
		/* If we are not tx sdata, remove links of tx sdata and proceed */
803
		if (sdata != tx_sdata && ieee80211_sdata_running(tx_sdata))
804
			cfg80211_stop_iface(tx_sdata->wdev.wiphy,
805
					    &tx_sdata->wdev, GFP_KERNEL);
806
	}
807
}
808

809
static int ieee80211_stop(struct net_device *dev)
810
{
811
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
812

813
	/* close dependent VLAN interfaces before locking wiphy */
814
	if (sdata->vif.type == NL80211_IFTYPE_AP) {
815
		struct ieee80211_sub_if_data *vlan, *tmpsdata;
816

817
		list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
818
					 u.vlan.list)
819
			dev_close(vlan->dev);
820
	}
821

822
	guard(wiphy)(sdata->local->hw.wiphy);
823

824
	wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->activate_links_work);
825

826
	/* Close the dependent MBSSID interfaces with wiphy lock as we may be
827
	 * terminating its partner links too in case of MLD.
828
	 */
829
	if (sdata->vif.type == NL80211_IFTYPE_AP)
830
		ieee80211_stop_mbssid(sdata);
831

832
	ieee80211_do_stop(sdata, true);
833

834
	return 0;
835
}
836

837
static void ieee80211_set_multicast_list(struct net_device *dev)
838
{
839
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
840
	struct ieee80211_local *local = sdata->local;
841
	int allmulti, sdata_allmulti;
842

843
	allmulti = !!(dev->flags & IFF_ALLMULTI);
844
	sdata_allmulti = !!(sdata->flags & IEEE80211_SDATA_ALLMULTI);
845

846
	if (allmulti != sdata_allmulti) {
847
		if (dev->flags & IFF_ALLMULTI)
848
			atomic_inc(&local->iff_allmultis);
849
		else
850
			atomic_dec(&local->iff_allmultis);
851
		sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
852
	}
853

854
	spin_lock_bh(&local->filter_lock);
855
	__hw_addr_sync(&local->mc_list, &dev->mc, dev->addr_len);
856
	spin_unlock_bh(&local->filter_lock);
857
	wiphy_work_queue(local->hw.wiphy, &local->reconfig_filter);
858
}
859

860
/*
861
 * Called when the netdev is removed or, by the code below, before
862
 * the interface type changes.
863
 */
864
static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
865
{
866
	if (WARN_ON(!list_empty(&sdata->work.entry)))
867
		wiphy_work_cancel(sdata->local->hw.wiphy, &sdata->work);
868

869
	/* free extra data */
870
	ieee80211_free_keys(sdata, false);
871

872
	ieee80211_debugfs_remove_netdev(sdata);
873

874
	ieee80211_destroy_frag_cache(&sdata->frags);
875

876
	if (ieee80211_vif_is_mesh(&sdata->vif))
877
		ieee80211_mesh_teardown_sdata(sdata);
878

879
	ieee80211_vif_clear_links(sdata);
880
	ieee80211_link_stop(&sdata->deflink);
881
}
882

883
static void ieee80211_uninit(struct net_device *dev)
884
{
885
	ieee80211_teardown_sdata(IEEE80211_DEV_TO_SUB_IF(dev));
886
}
887

888
static int ieee80211_netdev_setup_tc(struct net_device *dev,
889
				     enum tc_setup_type type, void *type_data)
890
{
891
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
892
	struct ieee80211_local *local = sdata->local;
893

894
	return drv_net_setup_tc(local, sdata, dev, type, type_data);
895
}
896

897
static const struct net_device_ops ieee80211_dataif_ops = {
898
	.ndo_open		= ieee80211_open,
899
	.ndo_stop		= ieee80211_stop,
900
	.ndo_uninit		= ieee80211_uninit,
901
	.ndo_start_xmit		= ieee80211_subif_start_xmit,
902
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
903
	.ndo_set_mac_address 	= ieee80211_change_mac,
904
	.ndo_setup_tc		= ieee80211_netdev_setup_tc,
905
};
906

907
static u16 ieee80211_monitor_select_queue(struct net_device *dev,
908
					  struct sk_buff *skb,
909
					  struct net_device *sb_dev)
910
{
911
	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
912
	struct ieee80211_local *local = sdata->local;
913
	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
914
	struct ieee80211_hdr *hdr;
915
	int len_rthdr;
916

917
	if (local->hw.queues < IEEE80211_NUM_ACS)
918
		return 0;
919

920
	/* reset flags and info before parsing radiotap header */
921
	memset(info, 0, sizeof(*info));
922

923
	if (!ieee80211_parse_tx_radiotap(skb, dev))
924
		return 0; /* doesn't matter, frame will be dropped */
925

926
	len_rthdr = ieee80211_get_radiotap_len(skb->data);
927
	hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
928
	if (skb->len < len_rthdr + 2 ||
929
	    skb->len < len_rthdr + ieee80211_hdrlen(hdr->frame_control))
930
		return 0; /* doesn't matter, frame will be dropped */
931

932
	return ieee80211_select_queue_80211(sdata, skb, hdr);
933
}
934

935
static const struct net_device_ops ieee80211_monitorif_ops = {
936
	.ndo_open		= ieee80211_open,
937
	.ndo_stop		= ieee80211_stop,
938
	.ndo_uninit		= ieee80211_uninit,
939
	.ndo_start_xmit		= ieee80211_monitor_start_xmit,
940
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
941
	.ndo_set_mac_address 	= ieee80211_change_mac,
942
	.ndo_select_queue	= ieee80211_monitor_select_queue,
943
};
944

945
static int ieee80211_netdev_fill_forward_path(struct net_device_path_ctx *ctx,
946
					      struct net_device_path *path)
947
{
948
	struct ieee80211_sub_if_data *sdata;
949
	struct ieee80211_local *local;
950
	struct sta_info *sta;
951
	int ret = -ENOENT;
952

953
	sdata = IEEE80211_DEV_TO_SUB_IF(ctx->dev);
954
	local = sdata->local;
955

956
	if (!local->ops->net_fill_forward_path)
957
		return -EOPNOTSUPP;
958

959
	rcu_read_lock();
960
	switch (sdata->vif.type) {
961
	case NL80211_IFTYPE_AP_VLAN:
962
		sta = rcu_dereference(sdata->u.vlan.sta);
963
		if (sta)
964
			break;
965
		if (sdata->wdev.use_4addr)
966
			goto out;
967
		if (is_multicast_ether_addr(ctx->daddr))
968
			goto out;
969
		sta = sta_info_get_bss(sdata, ctx->daddr);
970
		break;
971
	case NL80211_IFTYPE_AP:
972
		if (is_multicast_ether_addr(ctx->daddr))
973
			goto out;
974
		sta = sta_info_get(sdata, ctx->daddr);
975
		break;
976
	case NL80211_IFTYPE_STATION:
977
		if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
978
			sta = sta_info_get(sdata, ctx->daddr);
979
			if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
980
				if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
981
					goto out;
982

983
				break;
984
			}
985
		}
986

987
		sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
988
		break;
989
	default:
990
		goto out;
991
	}
992

993
	if (!sta)
994
		goto out;
995

996
	ret = drv_net_fill_forward_path(local, sdata, &sta->sta, ctx, path);
997
out:
998
	rcu_read_unlock();
999

1000
	return ret;
1001
}
1002

1003
static const struct net_device_ops ieee80211_dataif_8023_ops = {
1004
	.ndo_open		= ieee80211_open,
1005
	.ndo_stop		= ieee80211_stop,
1006
	.ndo_uninit		= ieee80211_uninit,
1007
	.ndo_start_xmit		= ieee80211_subif_start_xmit_8023,
1008
	.ndo_set_rx_mode	= ieee80211_set_multicast_list,
1009
	.ndo_set_mac_address	= ieee80211_change_mac,
1010
	.ndo_fill_forward_path	= ieee80211_netdev_fill_forward_path,
1011
	.ndo_setup_tc		= ieee80211_netdev_setup_tc,
1012
};
1013

1014
static bool ieee80211_iftype_supports_hdr_offload(enum nl80211_iftype iftype)
1015
{
1016
	switch (iftype) {
1017
	/* P2P GO and client are mapped to AP/STATION types */
1018
	case NL80211_IFTYPE_AP:
1019
	case NL80211_IFTYPE_STATION:
1020
		return true;
1021
	default:
1022
		return false;
1023
	}
1024
}
1025

1026
static bool ieee80211_set_sdata_offload_flags(struct ieee80211_sub_if_data *sdata)
1027
{
1028
	struct ieee80211_local *local = sdata->local;
1029
	u32 flags;
1030

1031
	flags = sdata->vif.offload_flags;
1032

1033
	if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
1034
	    ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1035
		flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
1036

1037
		if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
1038
		    local->hw.wiphy->frag_threshold != (u32)-1)
1039
			flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1040

1041
		if (local->virt_monitors)
1042
			flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1043
	} else {
1044
		flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1045
	}
1046

1047
	if (ieee80211_hw_check(&local->hw, SUPPORTS_RX_DECAP_OFFLOAD) &&
1048
	    ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1049
		flags |= IEEE80211_OFFLOAD_DECAP_ENABLED;
1050

1051
		if (local->virt_monitors &&
1052
		    !ieee80211_hw_check(&local->hw, SUPPORTS_CONC_MON_RX_DECAP))
1053
			flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1054
	} else {
1055
		flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1056
	}
1057

1058
	if (sdata->vif.offload_flags == flags)
1059
		return false;
1060

1061
	sdata->vif.offload_flags = flags;
1062
	ieee80211_check_fast_rx_iface(sdata);
1063
	return true;
1064
}
1065

1066
static void ieee80211_set_vif_encap_ops(struct ieee80211_sub_if_data *sdata)
1067
{
1068
	struct ieee80211_local *local = sdata->local;
1069
	struct ieee80211_sub_if_data *bss = sdata;
1070
	bool enabled;
1071

1072
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1073
		if (!sdata->bss)
1074
			return;
1075

1076
		bss = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1077
	}
1078

1079
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
1080
	    !ieee80211_iftype_supports_hdr_offload(bss->vif.type))
1081
		return;
1082

1083
	enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
1084
	if (sdata->wdev.use_4addr &&
1085
	    !(bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_4ADDR))
1086
		enabled = false;
1087

1088
	sdata->dev->netdev_ops = enabled ? &ieee80211_dataif_8023_ops :
1089
					   &ieee80211_dataif_ops;
1090
}
1091

1092
static void ieee80211_recalc_sdata_offload(struct ieee80211_sub_if_data *sdata)
1093
{
1094
	struct ieee80211_local *local = sdata->local;
1095
	struct ieee80211_sub_if_data *vsdata;
1096

1097
	if (ieee80211_set_sdata_offload_flags(sdata)) {
1098
		drv_update_vif_offload(local, sdata);
1099
		ieee80211_set_vif_encap_ops(sdata);
1100
	}
1101

1102
	list_for_each_entry(vsdata, &local->interfaces, list) {
1103
		if (vsdata->vif.type != NL80211_IFTYPE_AP_VLAN ||
1104
		    vsdata->bss != &sdata->u.ap)
1105
			continue;
1106

1107
		ieee80211_set_vif_encap_ops(vsdata);
1108
	}
1109
}
1110

1111
void ieee80211_recalc_offload(struct ieee80211_local *local)
1112
{
1113
	struct ieee80211_sub_if_data *sdata;
1114

1115
	if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD))
1116
		return;
1117

1118
	lockdep_assert_wiphy(local->hw.wiphy);
1119

1120
	list_for_each_entry(sdata, &local->interfaces, list) {
1121
		if (!ieee80211_sdata_running(sdata))
1122
			continue;
1123

1124
		ieee80211_recalc_sdata_offload(sdata);
1125
	}
1126
}
1127

1128
void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1129
				    const int offset)
1130
{
1131
	struct ieee80211_local *local = sdata->local;
1132
	u32 flags = sdata->u.mntr.flags;
1133

1134
#define ADJUST(_f, _s)	do {					\
1135
	if (flags & MONITOR_FLAG_##_f)				\
1136
		local->fif_##_s += offset;			\
1137
	} while (0)
1138

1139
	ADJUST(FCSFAIL, fcsfail);
1140
	ADJUST(PLCPFAIL, plcpfail);
1141
	ADJUST(CONTROL, control);
1142
	ADJUST(CONTROL, pspoll);
1143
	ADJUST(OTHER_BSS, other_bss);
1144
	if (!(flags & MONITOR_FLAG_SKIP_TX))
1145
		local->tx_mntrs += offset;
1146

1147
#undef ADJUST
1148
}
1149

1150
static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
1151
{
1152
	struct ieee80211_local *local = sdata->local;
1153
	int i;
1154

1155
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
1156
		if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1157
			sdata->vif.hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
1158
		else if (local->hw.queues >= IEEE80211_NUM_ACS)
1159
			sdata->vif.hw_queue[i] = i;
1160
		else
1161
			sdata->vif.hw_queue[i] = 0;
1162
	}
1163
	sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
1164
}
1165

1166
static void ieee80211_sdata_init(struct ieee80211_local *local,
1167
				 struct ieee80211_sub_if_data *sdata)
1168
{
1169
	sdata->local = local;
1170

1171
	INIT_LIST_HEAD(&sdata->key_list);
1172

1173
	/*
1174
	 * Initialize the default link, so we can use link_id 0 for non-MLD,
1175
	 * and that continues to work for non-MLD-aware drivers that use just
1176
	 * vif.bss_conf instead of vif.link_conf.
1177
	 *
1178
	 * Note that we never change this, so if link ID 0 isn't used in an
1179
	 * MLD connection, we get a separate allocation for it.
1180
	 */
1181
	ieee80211_link_init(sdata, -1, &sdata->deflink, &sdata->vif.bss_conf);
1182
}
1183

1184
int ieee80211_add_virtual_monitor(struct ieee80211_local *local,
1185
				  struct ieee80211_sub_if_data *creator_sdata)
1186
{
1187
	struct ieee80211_sub_if_data *sdata;
1188
	int ret;
1189

1190
	ASSERT_RTNL();
1191
	lockdep_assert_wiphy(local->hw.wiphy);
1192

1193
	if (ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
1194
		return 0;
1195

1196
	/* Already have a monitor set up, configure it */
1197
	sdata = wiphy_dereference(local->hw.wiphy, local->monitor_sdata);
1198
	if (sdata)
1199
		goto configure_monitor;
1200

1201
	sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
1202
	if (!sdata)
1203
		return -ENOMEM;
1204

1205
	/* set up data */
1206
	sdata->vif.type = NL80211_IFTYPE_MONITOR;
1207
	snprintf(sdata->name, IFNAMSIZ, "%s-monitor",
1208
		 wiphy_name(local->hw.wiphy));
1209
	sdata->wdev.iftype = NL80211_IFTYPE_MONITOR;
1210
	sdata->wdev.wiphy = local->hw.wiphy;
1211

1212
	ieee80211_sdata_init(local, sdata);
1213

1214
	ieee80211_set_default_queues(sdata);
1215

1216
	if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF)) {
1217
		ret = drv_add_interface(local, sdata);
1218
		if (WARN_ON(ret)) {
1219
			/* ok .. stupid driver, it asked for this! */
1220
			kfree(sdata);
1221
			return ret;
1222
		}
1223
	}
1224

1225
	set_bit(SDATA_STATE_RUNNING, &sdata->state);
1226

1227
	ret = ieee80211_check_queues(sdata, NL80211_IFTYPE_MONITOR);
1228
	if (ret) {
1229
		kfree(sdata);
1230
		return ret;
1231
	}
1232

1233
	mutex_lock(&local->iflist_mtx);
1234
	rcu_assign_pointer(local->monitor_sdata, sdata);
1235
	mutex_unlock(&local->iflist_mtx);
1236

1237
	ret = ieee80211_link_use_channel(&sdata->deflink, &local->monitor_chanreq,
1238
					 IEEE80211_CHANCTX_EXCLUSIVE);
1239
	if (ret) {
1240
		mutex_lock(&local->iflist_mtx);
1241
		RCU_INIT_POINTER(local->monitor_sdata, NULL);
1242
		mutex_unlock(&local->iflist_mtx);
1243
		synchronize_net();
1244
		drv_remove_interface(local, sdata);
1245
		kfree(sdata);
1246
		return ret;
1247
	}
1248

1249
	skb_queue_head_init(&sdata->skb_queue);
1250
	skb_queue_head_init(&sdata->status_queue);
1251
	wiphy_work_init(&sdata->work, ieee80211_iface_work);
1252

1253
configure_monitor:
1254
	/* Copy in the MU-MIMO configuration if set */
1255
	if (!creator_sdata) {
1256
		struct ieee80211_sub_if_data *other;
1257

1258
		list_for_each_entry_rcu(other, &local->mon_list, u.mntr.list) {
1259
			if (!other->vif.bss_conf.mu_mimo_owner)
1260
				continue;
1261

1262
			creator_sdata = other;
1263
			break;
1264
		}
1265
	}
1266

1267
	if (creator_sdata && creator_sdata->vif.bss_conf.mu_mimo_owner) {
1268
		sdata->vif.bss_conf.mu_mimo_owner = true;
1269
		memcpy(&sdata->vif.bss_conf.mu_group,
1270
		       &creator_sdata->vif.bss_conf.mu_group,
1271
		       sizeof(sdata->vif.bss_conf.mu_group));
1272
		memcpy(&sdata->u.mntr.mu_follow_addr,
1273
		       creator_sdata->u.mntr.mu_follow_addr, ETH_ALEN);
1274

1275
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
1276
						  BSS_CHANGED_MU_GROUPS);
1277
	}
1278

1279
	return 0;
1280
}
1281

1282
void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
1283
{
1284
	struct ieee80211_sub_if_data *sdata;
1285

1286
	if (ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR))
1287
		return;
1288

1289
	ASSERT_RTNL();
1290
	lockdep_assert_wiphy(local->hw.wiphy);
1291

1292
	mutex_lock(&local->iflist_mtx);
1293

1294
	sdata = rcu_dereference_protected(local->monitor_sdata,
1295
					  lockdep_is_held(&local->iflist_mtx));
1296
	if (!sdata) {
1297
		mutex_unlock(&local->iflist_mtx);
1298
		return;
1299
	}
1300

1301
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
1302
	ieee80211_link_release_channel(&sdata->deflink);
1303

1304
	if (ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
1305
		drv_remove_interface(local, sdata);
1306

1307
	RCU_INIT_POINTER(local->monitor_sdata, NULL);
1308
	mutex_unlock(&local->iflist_mtx);
1309

1310
	synchronize_net();
1311

1312
	kfree(sdata);
1313
}
1314

1315
/*
1316
 * NOTE: Be very careful when changing this function, it must NOT return
1317
 * an error on interface type changes that have been pre-checked, so most
1318
 * checks should be in ieee80211_check_concurrent_iface.
1319
 */
1320
int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
1321
{
1322
	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
1323
	struct net_device *dev = wdev->netdev;
1324
	struct ieee80211_local *local = sdata->local;
1325
	u64 changed = 0;
1326
	int res;
1327
	u32 hw_reconf_flags = 0;
1328

1329
	lockdep_assert_wiphy(local->hw.wiphy);
1330

1331
	switch (sdata->vif.type) {
1332
	case NL80211_IFTYPE_AP_VLAN: {
1333
		struct ieee80211_sub_if_data *master;
1334

1335
		if (!sdata->bss)
1336
			return -ENOLINK;
1337

1338
		list_add(&sdata->u.vlan.list, &sdata->bss->vlans);
1339

1340
		master = container_of(sdata->bss,
1341
				      struct ieee80211_sub_if_data, u.ap);
1342
		sdata->control_port_protocol =
1343
			master->control_port_protocol;
1344
		sdata->control_port_no_encrypt =
1345
			master->control_port_no_encrypt;
1346
		sdata->control_port_over_nl80211 =
1347
			master->control_port_over_nl80211;
1348
		sdata->control_port_no_preauth =
1349
			master->control_port_no_preauth;
1350
		sdata->vif.cab_queue = master->vif.cab_queue;
1351
		memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
1352
		       sizeof(sdata->vif.hw_queue));
1353
		sdata->vif.bss_conf.chanreq = master->vif.bss_conf.chanreq;
1354

1355
		sdata->crypto_tx_tailroom_needed_cnt +=
1356
			master->crypto_tx_tailroom_needed_cnt;
1357

1358
		ieee80211_apvlan_link_setup(sdata);
1359

1360
		break;
1361
		}
1362
	case NL80211_IFTYPE_AP:
1363
		sdata->bss = &sdata->u.ap;
1364
		break;
1365
	case NL80211_IFTYPE_MESH_POINT:
1366
	case NL80211_IFTYPE_STATION:
1367
	case NL80211_IFTYPE_MONITOR:
1368
	case NL80211_IFTYPE_ADHOC:
1369
	case NL80211_IFTYPE_P2P_DEVICE:
1370
	case NL80211_IFTYPE_OCB:
1371
	case NL80211_IFTYPE_NAN:
1372
		/* no special treatment */
1373
		break;
1374
	case NL80211_IFTYPE_UNSPECIFIED:
1375
	case NUM_NL80211_IFTYPES:
1376
	case NL80211_IFTYPE_P2P_CLIENT:
1377
	case NL80211_IFTYPE_P2P_GO:
1378
	case NL80211_IFTYPE_WDS:
1379
		/* cannot happen */
1380
		WARN_ON(1);
1381
		break;
1382
	}
1383

1384
	if (local->open_count == 0) {
1385
		/* here we can consider everything in good order (again) */
1386
		local->reconfig_failure = false;
1387

1388
		res = drv_start(local);
1389
		if (res)
1390
			goto err_del_bss;
1391
		ieee80211_led_radio(local, true);
1392
		ieee80211_mod_tpt_led_trig(local,
1393
					   IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
1394
	}
1395

1396
	/*
1397
	 * Copy the hopefully now-present MAC address to
1398
	 * this interface, if it has the special null one.
1399
	 */
1400
	if (dev && is_zero_ether_addr(dev->dev_addr)) {
1401
		eth_hw_addr_set(dev, local->hw.wiphy->perm_addr);
1402
		memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
1403

1404
		if (!is_valid_ether_addr(dev->dev_addr)) {
1405
			res = -EADDRNOTAVAIL;
1406
			goto err_stop;
1407
		}
1408
	}
1409

1410
	sdata->vif.addr_valid = sdata->vif.type != NL80211_IFTYPE_MONITOR ||
1411
				(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE);
1412
	switch (sdata->vif.type) {
1413
	case NL80211_IFTYPE_AP_VLAN:
1414
		/* no need to tell driver, but set carrier and chanctx */
1415
		if (sdata->bss->active) {
1416
			struct ieee80211_link_data *link;
1417

1418
			for_each_link_data(sdata, link) {
1419
				ieee80211_link_vlan_copy_chanctx(link);
1420
			}
1421

1422
			netif_carrier_on(dev);
1423
			ieee80211_set_vif_encap_ops(sdata);
1424
		} else {
1425
			netif_carrier_off(dev);
1426
		}
1427
		break;
1428
	case NL80211_IFTYPE_MONITOR:
1429
		if ((sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) ||
1430
		    ieee80211_hw_check(&local->hw, NO_VIRTUAL_MONITOR)) {
1431
			res = drv_add_interface(local, sdata);
1432
			if (res)
1433
				goto err_stop;
1434
		} else {
1435
			/* add/configure if there is no non-monitor interface */
1436
			if (local->virt_monitors == local->open_count) {
1437
				res = ieee80211_add_virtual_monitor(local, sdata);
1438
				if (res)
1439
					goto err_stop;
1440
			}
1441

1442
			local->virt_monitors++;
1443

1444
			/* must be before the call to ieee80211_configure_filter */
1445
			if (local->virt_monitors == 1) {
1446
				local->hw.conf.flags |= IEEE80211_CONF_MONITOR;
1447
				hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
1448
			}
1449
		}
1450

1451
		local->monitors++;
1452

1453
		ieee80211_adjust_monitor_flags(sdata, 1);
1454
		ieee80211_configure_filter(local);
1455
		ieee80211_recalc_offload(local);
1456
		ieee80211_recalc_idle(local);
1457

1458
		netif_carrier_on(dev);
1459
		list_add_tail_rcu(&sdata->u.mntr.list, &local->mon_list);
1460
		break;
1461
	default:
1462
		if (coming_up) {
1463
			ieee80211_del_virtual_monitor(local);
1464
			ieee80211_set_sdata_offload_flags(sdata);
1465

1466
			res = drv_add_interface(local, sdata);
1467
			if (res)
1468
				goto err_stop;
1469

1470
			ieee80211_set_vif_encap_ops(sdata);
1471
			res = ieee80211_check_queues(sdata,
1472
				ieee80211_vif_type_p2p(&sdata->vif));
1473
			if (res)
1474
				goto err_del_interface;
1475
		}
1476

1477
		if (sdata->vif.type == NL80211_IFTYPE_AP) {
1478
			local->fif_pspoll++;
1479
			local->fif_probe_req++;
1480

1481
			ieee80211_configure_filter(local);
1482
		} else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
1483
			local->fif_probe_req++;
1484
		}
1485

1486
		if (sdata->vif.probe_req_reg)
1487
			drv_config_iface_filter(local, sdata,
1488
						FIF_PROBE_REQ,
1489
						FIF_PROBE_REQ);
1490

1491
		if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE &&
1492
		    sdata->vif.type != NL80211_IFTYPE_NAN)
1493
			changed |= ieee80211_reset_erp_info(sdata);
1494
		ieee80211_link_info_change_notify(sdata, &sdata->deflink,
1495
						  changed);
1496

1497
		switch (sdata->vif.type) {
1498
		case NL80211_IFTYPE_STATION:
1499
		case NL80211_IFTYPE_ADHOC:
1500
		case NL80211_IFTYPE_AP:
1501
		case NL80211_IFTYPE_MESH_POINT:
1502
		case NL80211_IFTYPE_OCB:
1503
			netif_carrier_off(dev);
1504
			break;
1505
		case NL80211_IFTYPE_P2P_DEVICE:
1506
		case NL80211_IFTYPE_NAN:
1507
			break;
1508
		default:
1509
			/* not reached */
1510
			WARN_ON(1);
1511
		}
1512

1513
		/*
1514
		 * Set default queue parameters so drivers don't
1515
		 * need to initialise the hardware if the hardware
1516
		 * doesn't start up with sane defaults.
1517
		 * Enable QoS for anything but station interfaces.
1518
		 */
1519
		ieee80211_set_wmm_default(&sdata->deflink, true,
1520
			sdata->vif.type != NL80211_IFTYPE_STATION);
1521
	}
1522

1523
	/*
1524
	 * set_multicast_list will be invoked by the networking core
1525
	 * which will check whether any increments here were done in
1526
	 * error and sync them down to the hardware as filter flags.
1527
	 */
1528
	if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
1529
		atomic_inc(&local->iff_allmultis);
1530

1531
	if (coming_up)
1532
		local->open_count++;
1533

1534
	if (local->open_count == 1)
1535
		ieee80211_hw_conf_init(local);
1536
	else if (hw_reconf_flags)
1537
		ieee80211_hw_config(local, -1, hw_reconf_flags);
1538

1539
	ieee80211_recalc_ps(local);
1540

1541
	set_bit(SDATA_STATE_RUNNING, &sdata->state);
1542

1543
	return 0;
1544
 err_del_interface:
1545
	drv_remove_interface(local, sdata);
1546
 err_stop:
1547
	if (!local->open_count)
1548
		drv_stop(local, false);
1549
 err_del_bss:
1550
	sdata->bss = NULL;
1551
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1552
		list_del(&sdata->u.vlan.list);
1553
	/* might already be clear but that doesn't matter */
1554
	clear_bit(SDATA_STATE_RUNNING, &sdata->state);
1555
	return res;
1556
}
1557

1558
static void ieee80211_if_setup(struct net_device *dev)
1559
{
1560
	ether_setup(dev);
1561
	dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1562
	dev->priv_flags |= IFF_NO_QUEUE;
1563
	dev->netdev_ops = &ieee80211_dataif_ops;
1564
	dev->needs_free_netdev = true;
1565
}
1566

1567
static void ieee80211_iface_process_skb(struct ieee80211_local *local,
1568
					struct ieee80211_sub_if_data *sdata,
1569
					struct sk_buff *skb)
1570
{
1571
	struct ieee80211_mgmt *mgmt = (void *)skb->data;
1572

1573
	lockdep_assert_wiphy(local->hw.wiphy);
1574

1575
	if (ieee80211_is_action(mgmt->frame_control) &&
1576
	    mgmt->u.action.category == WLAN_CATEGORY_BACK) {
1577
		struct sta_info *sta;
1578
		int len = skb->len;
1579

1580
		sta = sta_info_get_bss(sdata, mgmt->sa);
1581
		if (sta) {
1582
			switch (mgmt->u.action.u.addba_req.action_code) {
1583
			case WLAN_ACTION_ADDBA_REQ:
1584
				ieee80211_process_addba_request(local, sta,
1585
								mgmt, len);
1586
				break;
1587
			case WLAN_ACTION_ADDBA_RESP:
1588
				ieee80211_process_addba_resp(local, sta,
1589
							     mgmt, len);
1590
				break;
1591
			case WLAN_ACTION_DELBA:
1592
				ieee80211_process_delba(sdata, sta,
1593
							mgmt, len);
1594
				break;
1595
			default:
1596
				WARN_ON(1);
1597
				break;
1598
			}
1599
		}
1600
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1601
		   mgmt->u.action.category == WLAN_CATEGORY_HT) {
1602
		switch (mgmt->u.action.u.ht_smps.action) {
1603
		case WLAN_HT_ACTION_NOTIFY_CHANWIDTH: {
1604
			u8 chanwidth = mgmt->u.action.u.ht_notify_cw.chanwidth;
1605
			struct ieee80211_rx_status *status;
1606
			struct link_sta_info *link_sta;
1607
			struct sta_info *sta;
1608

1609
			sta = sta_info_get_bss(sdata, mgmt->sa);
1610
			if (!sta)
1611
				break;
1612

1613
			status = IEEE80211_SKB_RXCB(skb);
1614
			if (!status->link_valid)
1615
				link_sta = &sta->deflink;
1616
			else
1617
				link_sta = rcu_dereference_protected(sta->link[status->link_id],
1618
							lockdep_is_held(&local->hw.wiphy->mtx));
1619
			if (link_sta)
1620
				ieee80211_ht_handle_chanwidth_notif(local, sdata, sta,
1621
								    link_sta, chanwidth,
1622
								    status->band);
1623
			break;
1624
		}
1625
		default:
1626
			WARN_ON(1);
1627
			break;
1628
		}
1629
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1630
		   mgmt->u.action.category == WLAN_CATEGORY_VHT) {
1631
		switch (mgmt->u.action.u.vht_group_notif.action_code) {
1632
		case WLAN_VHT_ACTION_OPMODE_NOTIF: {
1633
			struct ieee80211_rx_status *status;
1634
			enum nl80211_band band;
1635
			struct sta_info *sta;
1636
			u8 opmode;
1637

1638
			status = IEEE80211_SKB_RXCB(skb);
1639
			band = status->band;
1640
			opmode = mgmt->u.action.u.vht_opmode_notif.operating_mode;
1641

1642
			sta = sta_info_get_bss(sdata, mgmt->sa);
1643

1644
			if (sta)
1645
				ieee80211_vht_handle_opmode(sdata,
1646
							    &sta->deflink,
1647
							    opmode, band);
1648

1649
			break;
1650
		}
1651
		case WLAN_VHT_ACTION_GROUPID_MGMT:
1652
			ieee80211_process_mu_groups(sdata, &sdata->deflink,
1653
						    mgmt);
1654
			break;
1655
		default:
1656
			WARN_ON(1);
1657
			break;
1658
		}
1659
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1660
		   mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1661
		switch (mgmt->u.action.u.s1g.action_code) {
1662
		case WLAN_S1G_TWT_TEARDOWN:
1663
		case WLAN_S1G_TWT_SETUP:
1664
			ieee80211_s1g_rx_twt_action(sdata, skb);
1665
			break;
1666
		default:
1667
			break;
1668
		}
1669
	} else if (ieee80211_is_action(mgmt->frame_control) &&
1670
		   mgmt->u.action.category == WLAN_CATEGORY_PROTECTED_EHT) {
1671
		if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1672
			switch (mgmt->u.action.u.ttlm_req.action_code) {
1673
			case WLAN_PROTECTED_EHT_ACTION_TTLM_REQ:
1674
				ieee80211_process_neg_ttlm_req(sdata, mgmt,
1675
							       skb->len);
1676
				break;
1677
			case WLAN_PROTECTED_EHT_ACTION_TTLM_RES:
1678
				ieee80211_process_neg_ttlm_res(sdata, mgmt,
1679
							       skb->len);
1680
				break;
1681
			case WLAN_PROTECTED_EHT_ACTION_TTLM_TEARDOWN:
1682
				ieee80211_process_ttlm_teardown(sdata);
1683
				break;
1684
			case WLAN_PROTECTED_EHT_ACTION_LINK_RECONFIG_RESP:
1685
				ieee80211_process_ml_reconf_resp(sdata, mgmt,
1686
								 skb->len);
1687
				break;
1688
			case WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_RESP:
1689
				ieee80211_process_epcs_ena_resp(sdata, mgmt,
1690
								skb->len);
1691
				break;
1692
			case WLAN_PROTECTED_EHT_ACTION_EPCS_ENABLE_TEARDOWN:
1693
				ieee80211_process_epcs_teardown(sdata, mgmt,
1694
								skb->len);
1695
				break;
1696
			default:
1697
				break;
1698
			}
1699
		}
1700
	} else if (ieee80211_is_ext(mgmt->frame_control)) {
1701
		if (sdata->vif.type == NL80211_IFTYPE_STATION)
1702
			ieee80211_sta_rx_queued_ext(sdata, skb);
1703
		else
1704
			WARN_ON(1);
1705
	} else if (ieee80211_is_data_qos(mgmt->frame_control)) {
1706
		struct ieee80211_hdr *hdr = (void *)mgmt;
1707
		struct sta_info *sta;
1708

1709
		/*
1710
		 * So the frame isn't mgmt, but frame_control
1711
		 * is at the right place anyway, of course, so
1712
		 * the if statement is correct.
1713
		 *
1714
		 * Warn if we have other data frame types here,
1715
		 * they must not get here.
1716
		 */
1717
		WARN_ON(hdr->frame_control &
1718
				cpu_to_le16(IEEE80211_STYPE_NULLFUNC));
1719
		WARN_ON(!(hdr->seq_ctrl &
1720
				cpu_to_le16(IEEE80211_SCTL_FRAG)));
1721
		/*
1722
		 * This was a fragment of a frame, received while
1723
		 * a block-ack session was active. That cannot be
1724
		 * right, so terminate the session.
1725
		 */
1726
		sta = sta_info_get_bss(sdata, mgmt->sa);
1727
		if (sta) {
1728
			u16 tid = ieee80211_get_tid(hdr);
1729

1730
			__ieee80211_stop_rx_ba_session(
1731
				sta, tid, WLAN_BACK_RECIPIENT,
1732
				WLAN_REASON_QSTA_REQUIRE_SETUP,
1733
				true);
1734
		}
1735
	} else switch (sdata->vif.type) {
1736
	case NL80211_IFTYPE_STATION:
1737
		ieee80211_sta_rx_queued_mgmt(sdata, skb);
1738
		break;
1739
	case NL80211_IFTYPE_ADHOC:
1740
		ieee80211_ibss_rx_queued_mgmt(sdata, skb);
1741
		break;
1742
	case NL80211_IFTYPE_MESH_POINT:
1743
		if (!ieee80211_vif_is_mesh(&sdata->vif))
1744
			break;
1745
		ieee80211_mesh_rx_queued_mgmt(sdata, skb);
1746
		break;
1747
	default:
1748
		WARN(1, "frame for unexpected interface type");
1749
		break;
1750
	}
1751
}
1752

1753
static void ieee80211_iface_process_status(struct ieee80211_sub_if_data *sdata,
1754
					   struct sk_buff *skb)
1755
{
1756
	struct ieee80211_mgmt *mgmt = (void *)skb->data;
1757

1758
	if (ieee80211_is_action(mgmt->frame_control) &&
1759
	    mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1760
		switch (mgmt->u.action.u.s1g.action_code) {
1761
		case WLAN_S1G_TWT_TEARDOWN:
1762
		case WLAN_S1G_TWT_SETUP:
1763
			ieee80211_s1g_status_twt_action(sdata, skb);
1764
			break;
1765
		default:
1766
			break;
1767
		}
1768
	}
1769
}
1770

1771
static void ieee80211_iface_work(struct wiphy *wiphy, struct wiphy_work *work)
1772
{
1773
	struct ieee80211_sub_if_data *sdata =
1774
		container_of(work, struct ieee80211_sub_if_data, work);
1775
	struct ieee80211_local *local = sdata->local;
1776
	struct sk_buff *skb;
1777

1778
	if (!ieee80211_sdata_running(sdata))
1779
		return;
1780

1781
	if (test_bit(SCAN_SW_SCANNING, &local->scanning))
1782
		return;
1783

1784
	if (!ieee80211_can_run_worker(local))
1785
		return;
1786

1787
	/* first process frames */
1788
	while ((skb = skb_dequeue(&sdata->skb_queue))) {
1789
		kcov_remote_start_common(skb_get_kcov_handle(skb));
1790

1791
		if (skb->protocol == cpu_to_be16(ETH_P_TDLS))
1792
			ieee80211_process_tdls_channel_switch(sdata, skb);
1793
		else
1794
			ieee80211_iface_process_skb(local, sdata, skb);
1795

1796
		kfree_skb(skb);
1797
		kcov_remote_stop();
1798
	}
1799

1800
	/* process status queue */
1801
	while ((skb = skb_dequeue(&sdata->status_queue))) {
1802
		kcov_remote_start_common(skb_get_kcov_handle(skb));
1803

1804
		ieee80211_iface_process_status(sdata, skb);
1805
		kfree_skb(skb);
1806

1807
		kcov_remote_stop();
1808
	}
1809

1810
	/* then other type-dependent work */
1811
	switch (sdata->vif.type) {
1812
	case NL80211_IFTYPE_STATION:
1813
		ieee80211_sta_work(sdata);
1814
		break;
1815
	case NL80211_IFTYPE_ADHOC:
1816
		ieee80211_ibss_work(sdata);
1817
		break;
1818
	case NL80211_IFTYPE_MESH_POINT:
1819
		if (!ieee80211_vif_is_mesh(&sdata->vif))
1820
			break;
1821
		ieee80211_mesh_work(sdata);
1822
		break;
1823
	case NL80211_IFTYPE_OCB:
1824
		ieee80211_ocb_work(sdata);
1825
		break;
1826
	default:
1827
		break;
1828
	}
1829
}
1830

1831
static void ieee80211_activate_links_work(struct wiphy *wiphy,
1832
					  struct wiphy_work *work)
1833
{
1834
	struct ieee80211_sub_if_data *sdata =
1835
		container_of(work, struct ieee80211_sub_if_data,
1836
			     activate_links_work);
1837
	struct ieee80211_local *local = wiphy_priv(wiphy);
1838

1839
	if (local->in_reconfig)
1840
		return;
1841

1842
	ieee80211_set_active_links(&sdata->vif, sdata->desired_active_links);
1843
	sdata->desired_active_links = 0;
1844
}
1845

1846
/*
1847
 * Helper function to initialise an interface to a specific type.
1848
 */
1849
static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1850
				  enum nl80211_iftype type)
1851
{
1852
	static const u8 bssid_wildcard[ETH_ALEN] = {0xff, 0xff, 0xff,
1853
						    0xff, 0xff, 0xff};
1854

1855
	/* clear type-dependent unions */
1856
	memset(&sdata->u, 0, sizeof(sdata->u));
1857
	memset(&sdata->deflink.u, 0, sizeof(sdata->deflink.u));
1858

1859
	/* and set some type-dependent values */
1860
	sdata->vif.type = type;
1861
	sdata->vif.p2p = false;
1862
	sdata->wdev.iftype = type;
1863

1864
	sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
1865
	sdata->control_port_no_encrypt = false;
1866
	sdata->control_port_over_nl80211 = false;
1867
	sdata->control_port_no_preauth = false;
1868
	sdata->vif.cfg.idle = true;
1869
	sdata->vif.bss_conf.txpower = INT_MIN; /* unset */
1870

1871
	sdata->noack_map = 0;
1872

1873
	/* only monitor/p2p-device differ */
1874
	if (sdata->dev) {
1875
		sdata->dev->netdev_ops = &ieee80211_dataif_ops;
1876
		sdata->dev->type = ARPHRD_ETHER;
1877
	}
1878

1879
	skb_queue_head_init(&sdata->skb_queue);
1880
	skb_queue_head_init(&sdata->status_queue);
1881
	wiphy_work_init(&sdata->work, ieee80211_iface_work);
1882
	wiphy_work_init(&sdata->activate_links_work,
1883
			ieee80211_activate_links_work);
1884

1885
	switch (type) {
1886
	case NL80211_IFTYPE_P2P_GO:
1887
		type = NL80211_IFTYPE_AP;
1888
		sdata->vif.type = type;
1889
		sdata->vif.p2p = true;
1890
		fallthrough;
1891
	case NL80211_IFTYPE_AP:
1892
		skb_queue_head_init(&sdata->u.ap.ps.bc_buf);
1893
		INIT_LIST_HEAD(&sdata->u.ap.vlans);
1894
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1895
		break;
1896
	case NL80211_IFTYPE_P2P_CLIENT:
1897
		type = NL80211_IFTYPE_STATION;
1898
		sdata->vif.type = type;
1899
		sdata->vif.p2p = true;
1900
		fallthrough;
1901
	case NL80211_IFTYPE_STATION:
1902
		sdata->vif.bss_conf.bssid = sdata->deflink.u.mgd.bssid;
1903
		ieee80211_sta_setup_sdata(sdata);
1904
		break;
1905
	case NL80211_IFTYPE_OCB:
1906
		sdata->vif.bss_conf.bssid = bssid_wildcard;
1907
		ieee80211_ocb_setup_sdata(sdata);
1908
		break;
1909
	case NL80211_IFTYPE_ADHOC:
1910
		sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
1911
		ieee80211_ibss_setup_sdata(sdata);
1912
		break;
1913
	case NL80211_IFTYPE_MESH_POINT:
1914
		if (ieee80211_vif_is_mesh(&sdata->vif))
1915
			ieee80211_mesh_init_sdata(sdata);
1916
		break;
1917
	case NL80211_IFTYPE_MONITOR:
1918
		sdata->dev->type = ARPHRD_IEEE80211_RADIOTAP;
1919
		sdata->dev->netdev_ops = &ieee80211_monitorif_ops;
1920
		sdata->u.mntr.flags = MONITOR_FLAG_CONTROL |
1921
				      MONITOR_FLAG_OTHER_BSS;
1922
		break;
1923
	case NL80211_IFTYPE_NAN:
1924
		idr_init(&sdata->u.nan.function_inst_ids);
1925
		spin_lock_init(&sdata->u.nan.func_lock);
1926
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1927
		break;
1928
	case NL80211_IFTYPE_AP_VLAN:
1929
	case NL80211_IFTYPE_P2P_DEVICE:
1930
		sdata->vif.bss_conf.bssid = sdata->vif.addr;
1931
		break;
1932
	case NL80211_IFTYPE_UNSPECIFIED:
1933
	case NL80211_IFTYPE_WDS:
1934
	case NUM_NL80211_IFTYPES:
1935
		WARN_ON(1);
1936
		break;
1937
	}
1938

1939
	/* need to do this after the switch so vif.type is correct */
1940
	ieee80211_link_setup(&sdata->deflink);
1941

1942
	ieee80211_debugfs_recreate_netdev(sdata, false);
1943
}
1944

1945
static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1946
					   enum nl80211_iftype type)
1947
{
1948
	struct ieee80211_local *local = sdata->local;
1949
	int ret, err;
1950
	enum nl80211_iftype internal_type = type;
1951
	bool p2p = false;
1952

1953
	ASSERT_RTNL();
1954

1955
	if (!local->ops->change_interface)
1956
		return -EBUSY;
1957

1958
	/* for now, don't support changing while links exist */
1959
	if (ieee80211_vif_is_mld(&sdata->vif))
1960
		return -EBUSY;
1961

1962
	switch (sdata->vif.type) {
1963
	case NL80211_IFTYPE_AP:
1964
		if (!list_empty(&sdata->u.ap.vlans))
1965
			return -EBUSY;
1966
		break;
1967
	case NL80211_IFTYPE_STATION:
1968
	case NL80211_IFTYPE_ADHOC:
1969
	case NL80211_IFTYPE_OCB:
1970
		/*
1971
		 * Could maybe also all others here?
1972
		 * Just not sure how that interacts
1973
		 * with the RX/config path e.g. for
1974
		 * mesh.
1975
		 */
1976
		break;
1977
	default:
1978
		return -EBUSY;
1979
	}
1980

1981
	switch (type) {
1982
	case NL80211_IFTYPE_AP:
1983
	case NL80211_IFTYPE_STATION:
1984
	case NL80211_IFTYPE_ADHOC:
1985
	case NL80211_IFTYPE_OCB:
1986
		/*
1987
		 * Could probably support everything
1988
		 * but here.
1989
		 */
1990
		break;
1991
	case NL80211_IFTYPE_P2P_CLIENT:
1992
		p2p = true;
1993
		internal_type = NL80211_IFTYPE_STATION;
1994
		break;
1995
	case NL80211_IFTYPE_P2P_GO:
1996
		p2p = true;
1997
		internal_type = NL80211_IFTYPE_AP;
1998
		break;
1999
	default:
2000
		return -EBUSY;
2001
	}
2002

2003
	ret = ieee80211_check_concurrent_iface(sdata, internal_type);
2004
	if (ret)
2005
		return ret;
2006

2007
	ieee80211_stop_vif_queues(local, sdata,
2008
				  IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
2009
	/* do_stop will synchronize_rcu() first thing */
2010
	ieee80211_do_stop(sdata, false);
2011

2012
	ieee80211_teardown_sdata(sdata);
2013

2014
	ieee80211_set_sdata_offload_flags(sdata);
2015
	ret = drv_change_interface(local, sdata, internal_type, p2p);
2016
	if (ret)
2017
		type = ieee80211_vif_type_p2p(&sdata->vif);
2018

2019
	/*
2020
	 * Ignore return value here, there's not much we can do since
2021
	 * the driver changed the interface type internally already.
2022
	 * The warnings will hopefully make driver authors fix it :-)
2023
	 */
2024
	ieee80211_check_queues(sdata, type);
2025

2026
	ieee80211_setup_sdata(sdata, type);
2027
	ieee80211_set_vif_encap_ops(sdata);
2028

2029
	err = ieee80211_do_open(&sdata->wdev, false);
2030
	WARN(err, "type change: do_open returned %d", err);
2031

2032
	ieee80211_wake_vif_queues(local, sdata,
2033
				  IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
2034
	return ret;
2035
}
2036

2037
int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
2038
			     enum nl80211_iftype type)
2039
{
2040
	int ret;
2041

2042
	ASSERT_RTNL();
2043

2044
	if (type == ieee80211_vif_type_p2p(&sdata->vif))
2045
		return 0;
2046

2047
	if (ieee80211_sdata_running(sdata)) {
2048
		ret = ieee80211_runtime_change_iftype(sdata, type);
2049
		if (ret)
2050
			return ret;
2051
	} else {
2052
		/* Purge and reset type-dependent state. */
2053
		ieee80211_teardown_sdata(sdata);
2054
		ieee80211_setup_sdata(sdata, type);
2055
	}
2056

2057
	/* reset some values that shouldn't be kept across type changes */
2058
	if (type == NL80211_IFTYPE_STATION)
2059
		sdata->u.mgd.use_4addr = false;
2060

2061
	return 0;
2062
}
2063

2064
static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
2065
				       u8 *perm_addr, enum nl80211_iftype type)
2066
{
2067
	struct ieee80211_sub_if_data *sdata;
2068
	u64 mask, start, addr, val, inc;
2069
	u8 *m;
2070
	u8 tmp_addr[ETH_ALEN];
2071
	int i;
2072

2073
	lockdep_assert_wiphy(local->hw.wiphy);
2074

2075
	/* default ... something at least */
2076
	memcpy(perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
2077

2078
	if (is_zero_ether_addr(local->hw.wiphy->addr_mask) &&
2079
	    local->hw.wiphy->n_addresses <= 1)
2080
		return;
2081

2082
	switch (type) {
2083
	case NL80211_IFTYPE_MONITOR:
2084
		/* doesn't matter */
2085
		break;
2086
	case NL80211_IFTYPE_AP_VLAN:
2087
		/* match up with an AP interface */
2088
		list_for_each_entry(sdata, &local->interfaces, list) {
2089
			if (sdata->vif.type != NL80211_IFTYPE_AP)
2090
				continue;
2091
			memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2092
			break;
2093
		}
2094
		/* keep default if no AP interface present */
2095
		break;
2096
	case NL80211_IFTYPE_P2P_CLIENT:
2097
	case NL80211_IFTYPE_P2P_GO:
2098
		if (ieee80211_hw_check(&local->hw, P2P_DEV_ADDR_FOR_INTF)) {
2099
			list_for_each_entry(sdata, &local->interfaces, list) {
2100
				if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE)
2101
					continue;
2102
				if (!ieee80211_sdata_running(sdata))
2103
					continue;
2104
				memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2105
				return;
2106
			}
2107
		}
2108
		fallthrough;
2109
	default:
2110
		/* assign a new address if possible -- try n_addresses first */
2111
		for (i = 0; i < local->hw.wiphy->n_addresses; i++) {
2112
			bool used = false;
2113

2114
			list_for_each_entry(sdata, &local->interfaces, list) {
2115
				if (ether_addr_equal(local->hw.wiphy->addresses[i].addr,
2116
						     sdata->vif.addr)) {
2117
					used = true;
2118
					break;
2119
				}
2120
			}
2121

2122
			if (!used) {
2123
				memcpy(perm_addr,
2124
				       local->hw.wiphy->addresses[i].addr,
2125
				       ETH_ALEN);
2126
				break;
2127
			}
2128
		}
2129

2130
		/* try mask if available */
2131
		if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
2132
			break;
2133

2134
		m = local->hw.wiphy->addr_mask;
2135
		mask =	((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2136
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2137
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2138

2139
		if (__ffs64(mask) + hweight64(mask) != fls64(mask)) {
2140
			/* not a contiguous mask ... not handled now! */
2141
			pr_info("not contiguous\n");
2142
			break;
2143
		}
2144

2145
		/*
2146
		 * Pick address of existing interface in case user changed
2147
		 * MAC address manually, default to perm_addr.
2148
		 */
2149
		m = local->hw.wiphy->perm_addr;
2150
		list_for_each_entry(sdata, &local->interfaces, list) {
2151
			if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
2152
				continue;
2153
			m = sdata->vif.addr;
2154
			break;
2155
		}
2156
		start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2157
			((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2158
			((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2159

2160
		inc = 1ULL<<__ffs64(mask);
2161
		val = (start & mask);
2162
		addr = (start & ~mask) | (val & mask);
2163
		do {
2164
			bool used = false;
2165

2166
			tmp_addr[5] = addr >> 0*8;
2167
			tmp_addr[4] = addr >> 1*8;
2168
			tmp_addr[3] = addr >> 2*8;
2169
			tmp_addr[2] = addr >> 3*8;
2170
			tmp_addr[1] = addr >> 4*8;
2171
			tmp_addr[0] = addr >> 5*8;
2172

2173
			val += inc;
2174

2175
			list_for_each_entry(sdata, &local->interfaces, list) {
2176
				if (ether_addr_equal(tmp_addr, sdata->vif.addr)) {
2177
					used = true;
2178
					break;
2179
				}
2180
			}
2181

2182
			if (!used) {
2183
				memcpy(perm_addr, tmp_addr, ETH_ALEN);
2184
				break;
2185
			}
2186
			addr = (start & ~mask) | (val & mask);
2187
		} while (addr != start);
2188

2189
		break;
2190
	}
2191
}
2192

2193
int ieee80211_if_add(struct ieee80211_local *local, const char *name,
2194
		     unsigned char name_assign_type,
2195
		     struct wireless_dev **new_wdev, enum nl80211_iftype type,
2196
		     struct vif_params *params)
2197
{
2198
	struct net_device *ndev = NULL;
2199
	struct ieee80211_sub_if_data *sdata = NULL;
2200
	struct txq_info *txqi;
2201
	int ret, i;
2202

2203
	ASSERT_RTNL();
2204
	lockdep_assert_wiphy(local->hw.wiphy);
2205

2206
	if (type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN) {
2207
		struct wireless_dev *wdev;
2208

2209
		sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size,
2210
				GFP_KERNEL);
2211
		if (!sdata)
2212
			return -ENOMEM;
2213
		wdev = &sdata->wdev;
2214

2215
		sdata->dev = NULL;
2216
		strscpy(sdata->name, name, IFNAMSIZ);
2217
		ieee80211_assign_perm_addr(local, wdev->address, type);
2218
		memcpy(sdata->vif.addr, wdev->address, ETH_ALEN);
2219
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2220
	} else {
2221
		int size = ALIGN(sizeof(*sdata) + local->hw.vif_data_size,
2222
				 sizeof(void *));
2223
		int txq_size = 0;
2224

2225
		if (type != NL80211_IFTYPE_AP_VLAN &&
2226
		    (type != NL80211_IFTYPE_MONITOR ||
2227
		     (params->flags & MONITOR_FLAG_ACTIVE)))
2228
			txq_size += sizeof(struct txq_info) +
2229
				    local->hw.txq_data_size;
2230

2231
		ndev = alloc_netdev_mqs(size + txq_size,
2232
					name, name_assign_type,
2233
					ieee80211_if_setup, 1, 1);
2234
		if (!ndev)
2235
			return -ENOMEM;
2236

2237
		dev_net_set(ndev, wiphy_net(local->hw.wiphy));
2238

2239
		ndev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS;
2240

2241
		ndev->needed_headroom = local->tx_headroom +
2242
					4*6 /* four MAC addresses */
2243
					+ 2 + 2 + 2 + 2 /* ctl, dur, seq, qos */
2244
					+ 6 /* mesh */
2245
					+ 8 /* rfc1042/bridge tunnel */
2246
					- ETH_HLEN /* ethernet hard_header_len */
2247
					+ IEEE80211_ENCRYPT_HEADROOM;
2248
		ndev->needed_tailroom = IEEE80211_ENCRYPT_TAILROOM;
2249

2250
		ret = dev_alloc_name(ndev, ndev->name);
2251
		if (ret < 0) {
2252
			free_netdev(ndev);
2253
			return ret;
2254
		}
2255

2256
		ieee80211_assign_perm_addr(local, ndev->perm_addr, type);
2257
		if (is_valid_ether_addr(params->macaddr))
2258
			eth_hw_addr_set(ndev, params->macaddr);
2259
		else
2260
			eth_hw_addr_set(ndev, ndev->perm_addr);
2261
		SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
2262

2263
		/* don't use IEEE80211_DEV_TO_SUB_IF -- it checks too much */
2264
		sdata = netdev_priv(ndev);
2265
		ndev->ieee80211_ptr = &sdata->wdev;
2266
		memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN);
2267
		ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2268
		memcpy(sdata->name, ndev->name, IFNAMSIZ);
2269

2270
		if (txq_size) {
2271
			txqi = netdev_priv(ndev) + size;
2272
			ieee80211_txq_init(sdata, NULL, txqi, 0);
2273
		}
2274

2275
		sdata->dev = ndev;
2276
	}
2277

2278
	/* initialise type-independent data */
2279
	sdata->wdev.wiphy = local->hw.wiphy;
2280

2281
	ieee80211_sdata_init(local, sdata);
2282

2283
	ieee80211_init_frag_cache(&sdata->frags);
2284

2285
	wiphy_delayed_work_init(&sdata->dec_tailroom_needed_wk,
2286
				ieee80211_delayed_tailroom_dec);
2287

2288
	for (i = 0; i < NUM_NL80211_BANDS; i++) {
2289
		struct ieee80211_supported_band *sband;
2290
		sband = local->hw.wiphy->bands[i];
2291
		sdata->rc_rateidx_mask[i] =
2292
			sband ? (1 << sband->n_bitrates) - 1 : 0;
2293
		if (sband) {
2294
			__le16 cap;
2295
			u16 *vht_rate_mask;
2296

2297
			memcpy(sdata->rc_rateidx_mcs_mask[i],
2298
			       sband->ht_cap.mcs.rx_mask,
2299
			       sizeof(sdata->rc_rateidx_mcs_mask[i]));
2300

2301
			cap = sband->vht_cap.vht_mcs.rx_mcs_map;
2302
			vht_rate_mask = sdata->rc_rateidx_vht_mcs_mask[i];
2303
			ieee80211_get_vht_mask_from_cap(cap, vht_rate_mask);
2304
		} else {
2305
			memset(sdata->rc_rateidx_mcs_mask[i], 0,
2306
			       sizeof(sdata->rc_rateidx_mcs_mask[i]));
2307
			memset(sdata->rc_rateidx_vht_mcs_mask[i], 0,
2308
			       sizeof(sdata->rc_rateidx_vht_mcs_mask[i]));
2309
		}
2310
	}
2311

2312
	ieee80211_set_default_queues(sdata);
2313

2314
	/* setup type-dependent data */
2315
	ieee80211_setup_sdata(sdata, type);
2316

2317
	if (ndev) {
2318
		ndev->ieee80211_ptr->use_4addr = params->use_4addr;
2319
		if (type == NL80211_IFTYPE_STATION)
2320
			sdata->u.mgd.use_4addr = params->use_4addr;
2321

2322
		ndev->features |= local->hw.netdev_features;
2323
		ndev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
2324
		ndev->hw_features |= ndev->features &
2325
					MAC80211_SUPPORTED_FEATURES_TX;
2326
		sdata->vif.netdev_features = local->hw.netdev_features;
2327

2328
		netdev_set_default_ethtool_ops(ndev, &ieee80211_ethtool_ops);
2329

2330
		/* MTU range is normally 256 - 2304, where the upper limit is
2331
		 * the maximum MSDU size. Monitor interfaces send and receive
2332
		 * MPDU and A-MSDU frames which may be much larger so we do
2333
		 * not impose an upper limit in that case.
2334
		 */
2335
		ndev->min_mtu = 256;
2336
		if (type == NL80211_IFTYPE_MONITOR)
2337
			ndev->max_mtu = 0;
2338
		else
2339
			ndev->max_mtu = local->hw.max_mtu;
2340

2341
		ret = cfg80211_register_netdevice(ndev);
2342
		if (ret) {
2343
			free_netdev(ndev);
2344
			return ret;
2345
		}
2346
	}
2347

2348
	mutex_lock(&local->iflist_mtx);
2349
	list_add_tail_rcu(&sdata->list, &local->interfaces);
2350
	mutex_unlock(&local->iflist_mtx);
2351

2352
	if (new_wdev)
2353
		*new_wdev = &sdata->wdev;
2354

2355
	return 0;
2356
}
2357

2358
void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
2359
{
2360
	ASSERT_RTNL();
2361
	lockdep_assert_wiphy(sdata->local->hw.wiphy);
2362

2363
	mutex_lock(&sdata->local->iflist_mtx);
2364
	list_del_rcu(&sdata->list);
2365
	mutex_unlock(&sdata->local->iflist_mtx);
2366

2367
	if (sdata->vif.txq)
2368
		ieee80211_txq_purge(sdata->local, to_txq_info(sdata->vif.txq));
2369

2370
	synchronize_rcu();
2371

2372
	cfg80211_unregister_wdev(&sdata->wdev);
2373

2374
	if (!sdata->dev) {
2375
		ieee80211_teardown_sdata(sdata);
2376
		kfree(sdata);
2377
	}
2378
}
2379

2380
void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata)
2381
{
2382
	if (WARN_ON_ONCE(!test_bit(SDATA_STATE_RUNNING, &sdata->state)))
2383
		return;
2384
	ieee80211_do_stop(sdata, true);
2385
}
2386

2387
void ieee80211_remove_interfaces(struct ieee80211_local *local)
2388
{
2389
	struct ieee80211_sub_if_data *sdata, *tmp;
2390
	LIST_HEAD(unreg_list);
2391

2392
	ASSERT_RTNL();
2393

2394
	/* Before destroying the interfaces, make sure they're all stopped so
2395
	 * that the hardware is stopped. Otherwise, the driver might still be
2396
	 * iterating the interfaces during the shutdown, e.g. from a worker
2397
	 * or from RX processing or similar, and if it does so (using atomic
2398
	 * iteration) while we're manipulating the list, the iteration will
2399
	 * crash.
2400
	 *
2401
	 * After this, the hardware should be stopped and the driver should
2402
	 * have stopped all of its activities, so that we can do RCU-unaware
2403
	 * manipulations of the interface list below.
2404
	 */
2405
	cfg80211_shutdown_all_interfaces(local->hw.wiphy);
2406

2407
	guard(wiphy)(local->hw.wiphy);
2408

2409
	WARN(local->open_count, "%s: open count remains %d\n",
2410
	     wiphy_name(local->hw.wiphy), local->open_count);
2411

2412
	mutex_lock(&local->iflist_mtx);
2413
	list_splice_init(&local->interfaces, &unreg_list);
2414
	mutex_unlock(&local->iflist_mtx);
2415

2416
	list_for_each_entry_safe(sdata, tmp, &unreg_list, list) {
2417
		bool netdev = sdata->dev;
2418

2419
		/*
2420
		 * Remove IP addresses explicitly, since the notifier will
2421
		 * skip the callbacks if wdev->registered is false, since
2422
		 * we can't acquire the wiphy_lock() again there if already
2423
		 * inside this locked section.
2424
		 */
2425
		sdata->vif.cfg.arp_addr_cnt = 0;
2426
		if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2427
		    sdata->u.mgd.associated)
2428
			ieee80211_vif_cfg_change_notify(sdata,
2429
							BSS_CHANGED_ARP_FILTER);
2430

2431
		list_del(&sdata->list);
2432
		cfg80211_unregister_wdev(&sdata->wdev);
2433

2434
		if (!netdev)
2435
			kfree(sdata);
2436
	}
2437
}
2438

2439
static int netdev_notify(struct notifier_block *nb,
2440
			 unsigned long state, void *ptr)
2441
{
2442
	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
2443
	struct ieee80211_sub_if_data *sdata;
2444

2445
	if (state != NETDEV_CHANGENAME)
2446
		return NOTIFY_DONE;
2447

2448
	if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
2449
		return NOTIFY_DONE;
2450

2451
	if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
2452
		return NOTIFY_DONE;
2453

2454
	sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2455
	memcpy(sdata->name, dev->name, IFNAMSIZ);
2456
	ieee80211_debugfs_rename_netdev(sdata);
2457

2458
	return NOTIFY_OK;
2459
}
2460

2461
static struct notifier_block mac80211_netdev_notifier = {
2462
	.notifier_call = netdev_notify,
2463
};
2464

2465
int ieee80211_iface_init(void)
2466
{
2467
	return register_netdevice_notifier(&mac80211_netdev_notifier);
2468
}
2469

2470
void ieee80211_iface_exit(void)
2471
{
2472
	unregister_netdevice_notifier(&mac80211_netdev_notifier);
2473
}
2474

2475
void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata)
2476
{
2477
	if (sdata->vif.type == NL80211_IFTYPE_AP)
2478
		atomic_inc(&sdata->u.ap.num_mcast_sta);
2479
	else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2480
		atomic_inc(&sdata->u.vlan.num_mcast_sta);
2481
}
2482

2483
void ieee80211_vif_dec_num_mcast(struct ieee80211_sub_if_data *sdata)
2484
{
2485
	if (sdata->vif.type == NL80211_IFTYPE_AP)
2486
		atomic_dec(&sdata->u.ap.num_mcast_sta);
2487
	else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2488
		atomic_dec(&sdata->u.vlan.num_mcast_sta);
2489
}
2490

2491
void ieee80211_vif_block_queues_csa(struct ieee80211_sub_if_data *sdata)
2492
{
2493
	struct ieee80211_local *local = sdata->local;
2494

2495
	if (ieee80211_hw_check(&local->hw, HANDLES_QUIET_CSA))
2496
		return;
2497

2498
	ieee80211_stop_vif_queues_norefcount(local, sdata,
2499
					     IEEE80211_QUEUE_STOP_REASON_CSA);
2500
}
2501

2502
void ieee80211_vif_unblock_queues_csa(struct ieee80211_sub_if_data *sdata)
2503
{
2504
	struct ieee80211_local *local = sdata->local;
2505

2506
	ieee80211_wake_vif_queues_norefcount(local, sdata,
2507
					     IEEE80211_QUEUE_STOP_REASON_CSA);
2508
}
2509

2510