linux/net/mac80211/cfg.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * mac80211 configuration hooks for cfg80211
   4 *
   5 * Copyright 2006-2010  Johannes Berg <johannes@sipsolutions.net>
   6 * Copyright 2013-2015  Intel Mobile Communications GmbH
   7 * Copyright (C) 2015-2017 Intel Deutschland GmbH
   8 * Copyright (C) 2018-2020 Intel Corporation
   9 */
  10
  11#include <linux/ieee80211.h>
  12#include <linux/nl80211.h>
  13#include <linux/rtnetlink.h>
  14#include <linux/slab.h>
  15#include <net/net_namespace.h>
  16#include <linux/rcupdate.h>
  17#include <linux/fips.h>
  18#include <linux/if_ether.h>
  19#include <net/cfg80211.h>
  20#include "ieee80211_i.h"
  21#include "driver-ops.h"
  22#include "rate.h"
  23#include "mesh.h"
  24#include "wme.h"
  25
  26static void ieee80211_set_mu_mimo_follow(struct ieee80211_sub_if_data *sdata,
  27                                         struct vif_params *params)
  28{
  29        bool mu_mimo_groups = false;
  30        bool mu_mimo_follow = false;
  31
  32        if (params->vht_mumimo_groups) {
  33                u64 membership;
  34
  35                BUILD_BUG_ON(sizeof(membership) != WLAN_MEMBERSHIP_LEN);
  36
  37                memcpy(sdata->vif.bss_conf.mu_group.membership,
  38                       params->vht_mumimo_groups, WLAN_MEMBERSHIP_LEN);
  39                memcpy(sdata->vif.bss_conf.mu_group.position,
  40                       params->vht_mumimo_groups + WLAN_MEMBERSHIP_LEN,
  41                       WLAN_USER_POSITION_LEN);
  42                ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MU_GROUPS);
  43                /* don't care about endianness - just check for 0 */
  44                memcpy(&membership, params->vht_mumimo_groups,
  45                       WLAN_MEMBERSHIP_LEN);
  46                mu_mimo_groups = membership != 0;
  47        }
  48
  49        if (params->vht_mumimo_follow_addr) {
  50                mu_mimo_follow =
  51                        is_valid_ether_addr(params->vht_mumimo_follow_addr);
  52                ether_addr_copy(sdata->u.mntr.mu_follow_addr,
  53                                params->vht_mumimo_follow_addr);
  54        }
  55
  56        sdata->vif.mu_mimo_owner = mu_mimo_groups || mu_mimo_follow;
  57}
  58
  59static int ieee80211_set_mon_options(struct ieee80211_sub_if_data *sdata,
  60                                     struct vif_params *params)
  61{
  62        struct ieee80211_local *local = sdata->local;
  63        struct ieee80211_sub_if_data *monitor_sdata;
  64
  65        /* check flags first */
  66        if (params->flags && ieee80211_sdata_running(sdata)) {
  67                u32 mask = MONITOR_FLAG_COOK_FRAMES | MONITOR_FLAG_ACTIVE;
  68
  69                /*
  70                 * Prohibit MONITOR_FLAG_COOK_FRAMES and
  71                 * MONITOR_FLAG_ACTIVE to be changed while the
  72                 * interface is up.
  73                 * Else we would need to add a lot of cruft
  74                 * to update everything:
  75                 *      cooked_mntrs, monitor and all fif_* counters
  76                 *      reconfigure hardware
  77                 */
  78                if ((params->flags & mask) != (sdata->u.mntr.flags & mask))
  79                        return -EBUSY;
  80        }
  81
  82        /* also validate MU-MIMO change */
  83        monitor_sdata = rtnl_dereference(local->monitor_sdata);
  84
  85        if (!monitor_sdata &&
  86            (params->vht_mumimo_groups || params->vht_mumimo_follow_addr))
  87                return -EOPNOTSUPP;
  88
  89        /* apply all changes now - no failures allowed */
  90
  91        if (monitor_sdata)
  92                ieee80211_set_mu_mimo_follow(monitor_sdata, params);
  93
  94        if (params->flags) {
  95                if (ieee80211_sdata_running(sdata)) {
  96                        ieee80211_adjust_monitor_flags(sdata, -1);
  97                        sdata->u.mntr.flags = params->flags;
  98                        ieee80211_adjust_monitor_flags(sdata, 1);
  99
 100                        ieee80211_configure_filter(local);
 101                } else {
 102                        /*
 103                         * Because the interface is down, ieee80211_do_stop
 104                         * and ieee80211_do_open take care of "everything"
 105                         * mentioned in the comment above.
 106                         */
 107                        sdata->u.mntr.flags = params->flags;
 108                }
 109        }
 110
 111        return 0;
 112}
 113
 114static struct wireless_dev *ieee80211_add_iface(struct wiphy *wiphy,
 115                                                const char *name,
 116                                                unsigned char name_assign_type,
 117                                                enum nl80211_iftype type,
 118                                                struct vif_params *params)
 119{
 120        struct ieee80211_local *local = wiphy_priv(wiphy);
 121        struct wireless_dev *wdev;
 122        struct ieee80211_sub_if_data *sdata;
 123        int err;
 124
 125        err = ieee80211_if_add(local, name, name_assign_type, &wdev, type, params);
 126        if (err)
 127                return ERR_PTR(err);
 128
 129        sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 130
 131        if (type == NL80211_IFTYPE_MONITOR) {
 132                err = ieee80211_set_mon_options(sdata, params);
 133                if (err) {
 134                        ieee80211_if_remove(sdata);
 135                        return NULL;
 136                }
 137        }
 138
 139        return wdev;
 140}
 141
 142static int ieee80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
 143{
 144        ieee80211_if_remove(IEEE80211_WDEV_TO_SUB_IF(wdev));
 145
 146        return 0;
 147}
 148
 149static int ieee80211_change_iface(struct wiphy *wiphy,
 150                                  struct net_device *dev,
 151                                  enum nl80211_iftype type,
 152                                  struct vif_params *params)
 153{
 154        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 155        struct ieee80211_local *local = sdata->local;
 156        struct sta_info *sta;
 157        int ret;
 158
 159        ret = ieee80211_if_change_type(sdata, type);
 160        if (ret)
 161                return ret;
 162
 163        if (type == NL80211_IFTYPE_AP_VLAN && params->use_4addr == 0) {
 164                RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
 165                ieee80211_check_fast_rx_iface(sdata);
 166        } else if (type == NL80211_IFTYPE_STATION && params->use_4addr >= 0) {
 167                struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
 168
 169                if (params->use_4addr == ifmgd->use_4addr)
 170                        return 0;
 171
 172                sdata->u.mgd.use_4addr = params->use_4addr;
 173                if (!ifmgd->associated)
 174                        return 0;
 175
 176                mutex_lock(&local->sta_mtx);
 177                sta = sta_info_get(sdata, ifmgd->bssid);
 178                if (sta)
 179                        drv_sta_set_4addr(local, sdata, &sta->sta,
 180                                          params->use_4addr);
 181                mutex_unlock(&local->sta_mtx);
 182
 183                if (params->use_4addr)
 184                        ieee80211_send_4addr_nullfunc(local, sdata);
 185        }
 186
 187        if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
 188                ret = ieee80211_set_mon_options(sdata, params);
 189                if (ret)
 190                        return ret;
 191        }
 192
 193        return 0;
 194}
 195
 196static int ieee80211_start_p2p_device(struct wiphy *wiphy,
 197                                      struct wireless_dev *wdev)
 198{
 199        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 200        int ret;
 201
 202        mutex_lock(&sdata->local->chanctx_mtx);
 203        ret = ieee80211_check_combinations(sdata, NULL, 0, 0);
 204        mutex_unlock(&sdata->local->chanctx_mtx);
 205        if (ret < 0)
 206                return ret;
 207
 208        return ieee80211_do_open(wdev, true);
 209}
 210
 211static void ieee80211_stop_p2p_device(struct wiphy *wiphy,
 212                                      struct wireless_dev *wdev)
 213{
 214        ieee80211_sdata_stop(IEEE80211_WDEV_TO_SUB_IF(wdev));
 215}
 216
 217static int ieee80211_start_nan(struct wiphy *wiphy,
 218                               struct wireless_dev *wdev,
 219                               struct cfg80211_nan_conf *conf)
 220{
 221        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 222        int ret;
 223
 224        mutex_lock(&sdata->local->chanctx_mtx);
 225        ret = ieee80211_check_combinations(sdata, NULL, 0, 0);
 226        mutex_unlock(&sdata->local->chanctx_mtx);
 227        if (ret < 0)
 228                return ret;
 229
 230        ret = ieee80211_do_open(wdev, true);
 231        if (ret)
 232                return ret;
 233
 234        ret = drv_start_nan(sdata->local, sdata, conf);
 235        if (ret)
 236                ieee80211_sdata_stop(sdata);
 237
 238        sdata->u.nan.conf = *conf;
 239
 240        return ret;
 241}
 242
 243static void ieee80211_stop_nan(struct wiphy *wiphy,
 244                               struct wireless_dev *wdev)
 245{
 246        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 247
 248        drv_stop_nan(sdata->local, sdata);
 249        ieee80211_sdata_stop(sdata);
 250}
 251
 252static int ieee80211_nan_change_conf(struct wiphy *wiphy,
 253                                     struct wireless_dev *wdev,
 254                                     struct cfg80211_nan_conf *conf,
 255                                     u32 changes)
 256{
 257        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 258        struct cfg80211_nan_conf new_conf;
 259        int ret = 0;
 260
 261        if (sdata->vif.type != NL80211_IFTYPE_NAN)
 262                return -EOPNOTSUPP;
 263
 264        if (!ieee80211_sdata_running(sdata))
 265                return -ENETDOWN;
 266
 267        new_conf = sdata->u.nan.conf;
 268
 269        if (changes & CFG80211_NAN_CONF_CHANGED_PREF)
 270                new_conf.master_pref = conf->master_pref;
 271
 272        if (changes & CFG80211_NAN_CONF_CHANGED_BANDS)
 273                new_conf.bands = conf->bands;
 274
 275        ret = drv_nan_change_conf(sdata->local, sdata, &new_conf, changes);
 276        if (!ret)
 277                sdata->u.nan.conf = new_conf;
 278
 279        return ret;
 280}
 281
 282static int ieee80211_add_nan_func(struct wiphy *wiphy,
 283                                  struct wireless_dev *wdev,
 284                                  struct cfg80211_nan_func *nan_func)
 285{
 286        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 287        int ret;
 288
 289        if (sdata->vif.type != NL80211_IFTYPE_NAN)
 290                return -EOPNOTSUPP;
 291
 292        if (!ieee80211_sdata_running(sdata))
 293                return -ENETDOWN;
 294
 295        spin_lock_bh(&sdata->u.nan.func_lock);
 296
 297        ret = idr_alloc(&sdata->u.nan.function_inst_ids,
 298                        nan_func, 1, sdata->local->hw.max_nan_de_entries + 1,
 299                        GFP_ATOMIC);
 300        spin_unlock_bh(&sdata->u.nan.func_lock);
 301
 302        if (ret < 0)
 303                return ret;
 304
 305        nan_func->instance_id = ret;
 306
 307        WARN_ON(nan_func->instance_id == 0);
 308
 309        ret = drv_add_nan_func(sdata->local, sdata, nan_func);
 310        if (ret) {
 311                spin_lock_bh(&sdata->u.nan.func_lock);
 312                idr_remove(&sdata->u.nan.function_inst_ids,
 313                           nan_func->instance_id);
 314                spin_unlock_bh(&sdata->u.nan.func_lock);
 315        }
 316
 317        return ret;
 318}
 319
 320static struct cfg80211_nan_func *
 321ieee80211_find_nan_func_by_cookie(struct ieee80211_sub_if_data *sdata,
 322                                  u64 cookie)
 323{
 324        struct cfg80211_nan_func *func;
 325        int id;
 326
 327        lockdep_assert_held(&sdata->u.nan.func_lock);
 328
 329        idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, id) {
 330                if (func->cookie == cookie)
 331                        return func;
 332        }
 333
 334        return NULL;
 335}
 336
 337static void ieee80211_del_nan_func(struct wiphy *wiphy,
 338                                  struct wireless_dev *wdev, u64 cookie)
 339{
 340        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 341        struct cfg80211_nan_func *func;
 342        u8 instance_id = 0;
 343
 344        if (sdata->vif.type != NL80211_IFTYPE_NAN ||
 345            !ieee80211_sdata_running(sdata))
 346                return;
 347
 348        spin_lock_bh(&sdata->u.nan.func_lock);
 349
 350        func = ieee80211_find_nan_func_by_cookie(sdata, cookie);
 351        if (func)
 352                instance_id = func->instance_id;
 353
 354        spin_unlock_bh(&sdata->u.nan.func_lock);
 355
 356        if (instance_id)
 357                drv_del_nan_func(sdata->local, sdata, instance_id);
 358}
 359
 360static int ieee80211_set_noack_map(struct wiphy *wiphy,
 361                                  struct net_device *dev,
 362                                  u16 noack_map)
 363{
 364        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 365
 366        sdata->noack_map = noack_map;
 367
 368        ieee80211_check_fast_xmit_iface(sdata);
 369
 370        return 0;
 371}
 372
 373static int ieee80211_set_tx(struct ieee80211_sub_if_data *sdata,
 374                            const u8 *mac_addr, u8 key_idx)
 375{
 376        struct ieee80211_local *local = sdata->local;
 377        struct ieee80211_key *key;
 378        struct sta_info *sta;
 379        int ret = -EINVAL;
 380
 381        if (!wiphy_ext_feature_isset(local->hw.wiphy,
 382                                     NL80211_EXT_FEATURE_EXT_KEY_ID))
 383                return -EINVAL;
 384
 385        sta = sta_info_get_bss(sdata, mac_addr);
 386
 387        if (!sta)
 388                return -EINVAL;
 389
 390        if (sta->ptk_idx == key_idx)
 391                return 0;
 392
 393        mutex_lock(&local->key_mtx);
 394        key = key_mtx_dereference(local, sta->ptk[key_idx]);
 395
 396        if (key && key->conf.flags & IEEE80211_KEY_FLAG_NO_AUTO_TX)
 397                ret = ieee80211_set_tx_key(key);
 398
 399        mutex_unlock(&local->key_mtx);
 400        return ret;
 401}
 402
 403static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
 404                             u8 key_idx, bool pairwise, const u8 *mac_addr,
 405                             struct key_params *params)
 406{
 407        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 408        struct ieee80211_local *local = sdata->local;
 409        struct sta_info *sta = NULL;
 410        const struct ieee80211_cipher_scheme *cs = NULL;
 411        struct ieee80211_key *key;
 412        int err;
 413
 414        if (!ieee80211_sdata_running(sdata))
 415                return -ENETDOWN;
 416
 417        if (pairwise && params->mode == NL80211_KEY_SET_TX)
 418                return ieee80211_set_tx(sdata, mac_addr, key_idx);
 419
 420        /* reject WEP and TKIP keys if WEP failed to initialize */
 421        switch (params->cipher) {
 422        case WLAN_CIPHER_SUITE_WEP40:
 423        case WLAN_CIPHER_SUITE_TKIP:
 424        case WLAN_CIPHER_SUITE_WEP104:
 425                if (WARN_ON_ONCE(fips_enabled))
 426                        return -EINVAL;
 427                break;
 428        case WLAN_CIPHER_SUITE_CCMP:
 429        case WLAN_CIPHER_SUITE_CCMP_256:
 430        case WLAN_CIPHER_SUITE_AES_CMAC:
 431        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 432        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 433        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 434        case WLAN_CIPHER_SUITE_GCMP:
 435        case WLAN_CIPHER_SUITE_GCMP_256:
 436                break;
 437        default:
 438                cs = ieee80211_cs_get(local, params->cipher, sdata->vif.type);
 439                break;
 440        }
 441
 442        key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
 443                                  params->key, params->seq_len, params->seq,
 444                                  cs);
 445        if (IS_ERR(key))
 446                return PTR_ERR(key);
 447
 448        if (pairwise)
 449                key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
 450
 451        if (params->mode == NL80211_KEY_NO_TX)
 452                key->conf.flags |= IEEE80211_KEY_FLAG_NO_AUTO_TX;
 453
 454        mutex_lock(&local->sta_mtx);
 455
 456        if (mac_addr) {
 457                sta = sta_info_get_bss(sdata, mac_addr);
 458                /*
 459                 * The ASSOC test makes sure the driver is ready to
 460                 * receive the key. When wpa_supplicant has roamed
 461                 * using FT, it attempts to set the key before
 462                 * association has completed, this rejects that attempt
 463                 * so it will set the key again after association.
 464                 *
 465                 * TODO: accept the key if we have a station entry and
 466                 *       add it to the device after the station.
 467                 */
 468                if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) {
 469                        ieee80211_key_free_unused(key);
 470                        err = -ENOENT;
 471                        goto out_unlock;
 472                }
 473        }
 474
 475        switch (sdata->vif.type) {
 476        case NL80211_IFTYPE_STATION:
 477                if (sdata->u.mgd.mfp != IEEE80211_MFP_DISABLED)
 478                        key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
 479                break;
 480        case NL80211_IFTYPE_AP:
 481        case NL80211_IFTYPE_AP_VLAN:
 482                /* Keys without a station are used for TX only */
 483                if (sta && test_sta_flag(sta, WLAN_STA_MFP))
 484                        key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
 485                break;
 486        case NL80211_IFTYPE_ADHOC:
 487                /* no MFP (yet) */
 488                break;
 489        case NL80211_IFTYPE_MESH_POINT:
 490#ifdef CONFIG_MAC80211_MESH
 491                if (sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)
 492                        key->conf.flags |= IEEE80211_KEY_FLAG_RX_MGMT;
 493                break;
 494#endif
 495        case NL80211_IFTYPE_WDS:
 496        case NL80211_IFTYPE_MONITOR:
 497        case NL80211_IFTYPE_P2P_DEVICE:
 498        case NL80211_IFTYPE_NAN:
 499        case NL80211_IFTYPE_UNSPECIFIED:
 500        case NUM_NL80211_IFTYPES:
 501        case NL80211_IFTYPE_P2P_CLIENT:
 502        case NL80211_IFTYPE_P2P_GO:
 503        case NL80211_IFTYPE_OCB:
 504                /* shouldn't happen */
 505                WARN_ON_ONCE(1);
 506                break;
 507        }
 508
 509        if (sta)
 510                sta->cipher_scheme = cs;
 511
 512        err = ieee80211_key_link(key, sdata, sta);
 513
 514 out_unlock:
 515        mutex_unlock(&local->sta_mtx);
 516
 517        return err;
 518}
 519
 520static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
 521                             u8 key_idx, bool pairwise, const u8 *mac_addr)
 522{
 523        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 524        struct ieee80211_local *local = sdata->local;
 525        struct sta_info *sta;
 526        struct ieee80211_key *key = NULL;
 527        int ret;
 528
 529        mutex_lock(&local->sta_mtx);
 530        mutex_lock(&local->key_mtx);
 531
 532        if (mac_addr) {
 533                ret = -ENOENT;
 534
 535                sta = sta_info_get_bss(sdata, mac_addr);
 536                if (!sta)
 537                        goto out_unlock;
 538
 539                if (pairwise)
 540                        key = key_mtx_dereference(local, sta->ptk[key_idx]);
 541                else
 542                        key = key_mtx_dereference(local, sta->gtk[key_idx]);
 543        } else
 544                key = key_mtx_dereference(local, sdata->keys[key_idx]);
 545
 546        if (!key) {
 547                ret = -ENOENT;
 548                goto out_unlock;
 549        }
 550
 551        ieee80211_key_free(key, sdata->vif.type == NL80211_IFTYPE_STATION);
 552
 553        ret = 0;
 554 out_unlock:
 555        mutex_unlock(&local->key_mtx);
 556        mutex_unlock(&local->sta_mtx);
 557
 558        return ret;
 559}
 560
 561static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
 562                             u8 key_idx, bool pairwise, const u8 *mac_addr,
 563                             void *cookie,
 564                             void (*callback)(void *cookie,
 565                                              struct key_params *params))
 566{
 567        struct ieee80211_sub_if_data *sdata;
 568        struct sta_info *sta = NULL;
 569        u8 seq[6] = {0};
 570        struct key_params params;
 571        struct ieee80211_key *key = NULL;
 572        u64 pn64;
 573        u32 iv32;
 574        u16 iv16;
 575        int err = -ENOENT;
 576        struct ieee80211_key_seq kseq = {};
 577
 578        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 579
 580        rcu_read_lock();
 581
 582        if (mac_addr) {
 583                sta = sta_info_get_bss(sdata, mac_addr);
 584                if (!sta)
 585                        goto out;
 586
 587                if (pairwise && key_idx < NUM_DEFAULT_KEYS)
 588                        key = rcu_dereference(sta->ptk[key_idx]);
 589                else if (!pairwise &&
 590                         key_idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS +
 591                         NUM_DEFAULT_BEACON_KEYS)
 592                        key = rcu_dereference(sta->gtk[key_idx]);
 593        } else
 594                key = rcu_dereference(sdata->keys[key_idx]);
 595
 596        if (!key)
 597                goto out;
 598
 599        memset(&params, 0, sizeof(params));
 600
 601        params.cipher = key->conf.cipher;
 602
 603        switch (key->conf.cipher) {
 604        case WLAN_CIPHER_SUITE_TKIP:
 605                pn64 = atomic64_read(&key->conf.tx_pn);
 606                iv32 = TKIP_PN_TO_IV32(pn64);
 607                iv16 = TKIP_PN_TO_IV16(pn64);
 608
 609                if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
 610                    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
 611                        drv_get_key_seq(sdata->local, key, &kseq);
 612                        iv32 = kseq.tkip.iv32;
 613                        iv16 = kseq.tkip.iv16;
 614                }
 615
 616                seq[0] = iv16 & 0xff;
 617                seq[1] = (iv16 >> 8) & 0xff;
 618                seq[2] = iv32 & 0xff;
 619                seq[3] = (iv32 >> 8) & 0xff;
 620                seq[4] = (iv32 >> 16) & 0xff;
 621                seq[5] = (iv32 >> 24) & 0xff;
 622                params.seq = seq;
 623                params.seq_len = 6;
 624                break;
 625        case WLAN_CIPHER_SUITE_CCMP:
 626        case WLAN_CIPHER_SUITE_CCMP_256:
 627        case WLAN_CIPHER_SUITE_AES_CMAC:
 628        case WLAN_CIPHER_SUITE_BIP_CMAC_256:
 629                BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
 630                             offsetof(typeof(kseq), aes_cmac));
 631                fallthrough;
 632        case WLAN_CIPHER_SUITE_BIP_GMAC_128:
 633        case WLAN_CIPHER_SUITE_BIP_GMAC_256:
 634                BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
 635                             offsetof(typeof(kseq), aes_gmac));
 636                fallthrough;
 637        case WLAN_CIPHER_SUITE_GCMP:
 638        case WLAN_CIPHER_SUITE_GCMP_256:
 639                BUILD_BUG_ON(offsetof(typeof(kseq), ccmp) !=
 640                             offsetof(typeof(kseq), gcmp));
 641
 642                if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
 643                    !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) {
 644                        drv_get_key_seq(sdata->local, key, &kseq);
 645                        memcpy(seq, kseq.ccmp.pn, 6);
 646                } else {
 647                        pn64 = atomic64_read(&key->conf.tx_pn);
 648                        seq[0] = pn64;
 649                        seq[1] = pn64 >> 8;
 650                        seq[2] = pn64 >> 16;
 651                        seq[3] = pn64 >> 24;
 652                        seq[4] = pn64 >> 32;
 653                        seq[5] = pn64 >> 40;
 654                }
 655                params.seq = seq;
 656                params.seq_len = 6;
 657                break;
 658        default:
 659                if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
 660                        break;
 661                if (WARN_ON(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
 662                        break;
 663                drv_get_key_seq(sdata->local, key, &kseq);
 664                params.seq = kseq.hw.seq;
 665                params.seq_len = kseq.hw.seq_len;
 666                break;
 667        }
 668
 669        params.key = key->conf.key;
 670        params.key_len = key->conf.keylen;
 671
 672        callback(cookie, &params);
 673        err = 0;
 674
 675 out:
 676        rcu_read_unlock();
 677        return err;
 678}
 679
 680static int ieee80211_config_default_key(struct wiphy *wiphy,
 681                                        struct net_device *dev,
 682                                        u8 key_idx, bool uni,
 683                                        bool multi)
 684{
 685        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 686
 687        ieee80211_set_default_key(sdata, key_idx, uni, multi);
 688
 689        return 0;
 690}
 691
 692static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
 693                                             struct net_device *dev,
 694                                             u8 key_idx)
 695{
 696        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 697
 698        ieee80211_set_default_mgmt_key(sdata, key_idx);
 699
 700        return 0;
 701}
 702
 703static int ieee80211_config_default_beacon_key(struct wiphy *wiphy,
 704                                               struct net_device *dev,
 705                                               u8 key_idx)
 706{
 707        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 708
 709        ieee80211_set_default_beacon_key(sdata, key_idx);
 710
 711        return 0;
 712}
 713
 714void sta_set_rate_info_tx(struct sta_info *sta,
 715                          const struct ieee80211_tx_rate *rate,
 716                          struct rate_info *rinfo)
 717{
 718        rinfo->flags = 0;
 719        if (rate->flags & IEEE80211_TX_RC_MCS) {
 720                rinfo->flags |= RATE_INFO_FLAGS_MCS;
 721                rinfo->mcs = rate->idx;
 722        } else if (rate->flags & IEEE80211_TX_RC_VHT_MCS) {
 723                rinfo->flags |= RATE_INFO_FLAGS_VHT_MCS;
 724                rinfo->mcs = ieee80211_rate_get_vht_mcs(rate);
 725                rinfo->nss = ieee80211_rate_get_vht_nss(rate);
 726        } else {
 727                struct ieee80211_supported_band *sband;
 728                int shift = ieee80211_vif_get_shift(&sta->sdata->vif);
 729                u16 brate;
 730
 731                sband = ieee80211_get_sband(sta->sdata);
 732                WARN_ON_ONCE(sband && !sband->bitrates);
 733                if (sband && sband->bitrates) {
 734                        brate = sband->bitrates[rate->idx].bitrate;
 735                        rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
 736                }
 737        }
 738        if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
 739                rinfo->bw = RATE_INFO_BW_40;
 740        else if (rate->flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
 741                rinfo->bw = RATE_INFO_BW_80;
 742        else if (rate->flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
 743                rinfo->bw = RATE_INFO_BW_160;
 744        else
 745                rinfo->bw = RATE_INFO_BW_20;
 746        if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
 747                rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
 748}
 749
 750static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
 751                                  int idx, u8 *mac, struct station_info *sinfo)
 752{
 753        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 754        struct ieee80211_local *local = sdata->local;
 755        struct sta_info *sta;
 756        int ret = -ENOENT;
 757
 758        mutex_lock(&local->sta_mtx);
 759
 760        sta = sta_info_get_by_idx(sdata, idx);
 761        if (sta) {
 762                ret = 0;
 763                memcpy(mac, sta->sta.addr, ETH_ALEN);
 764                sta_set_sinfo(sta, sinfo, true);
 765        }
 766
 767        mutex_unlock(&local->sta_mtx);
 768
 769        return ret;
 770}
 771
 772static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
 773                                 int idx, struct survey_info *survey)
 774{
 775        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
 776
 777        return drv_get_survey(local, idx, survey);
 778}
 779
 780static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
 781                                 const u8 *mac, struct station_info *sinfo)
 782{
 783        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
 784        struct ieee80211_local *local = sdata->local;
 785        struct sta_info *sta;
 786        int ret = -ENOENT;
 787
 788        mutex_lock(&local->sta_mtx);
 789
 790        sta = sta_info_get_bss(sdata, mac);
 791        if (sta) {
 792                ret = 0;
 793                sta_set_sinfo(sta, sinfo, true);
 794        }
 795
 796        mutex_unlock(&local->sta_mtx);
 797
 798        return ret;
 799}
 800
 801static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
 802                                         struct cfg80211_chan_def *chandef)
 803{
 804        struct ieee80211_local *local = wiphy_priv(wiphy);
 805        struct ieee80211_sub_if_data *sdata;
 806        int ret = 0;
 807
 808        if (cfg80211_chandef_identical(&local->monitor_chandef, chandef))
 809                return 0;
 810
 811        mutex_lock(&local->mtx);
 812        if (local->use_chanctx) {
 813                sdata = rtnl_dereference(local->monitor_sdata);
 814                if (sdata) {
 815                        ieee80211_vif_release_channel(sdata);
 816                        ret = ieee80211_vif_use_channel(sdata, chandef,
 817                                        IEEE80211_CHANCTX_EXCLUSIVE);
 818                }
 819        } else if (local->open_count == local->monitors) {
 820                local->_oper_chandef = *chandef;
 821                ieee80211_hw_config(local, 0);
 822        }
 823
 824        if (ret == 0)
 825                local->monitor_chandef = *chandef;
 826        mutex_unlock(&local->mtx);
 827
 828        return ret;
 829}
 830
 831static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
 832                                    const u8 *resp, size_t resp_len,
 833                                    const struct ieee80211_csa_settings *csa)
 834{
 835        struct probe_resp *new, *old;
 836
 837        if (!resp || !resp_len)
 838                return 1;
 839
 840        old = sdata_dereference(sdata->u.ap.probe_resp, sdata);
 841
 842        new = kzalloc(sizeof(struct probe_resp) + resp_len, GFP_KERNEL);
 843        if (!new)
 844                return -ENOMEM;
 845
 846        new->len = resp_len;
 847        memcpy(new->data, resp, resp_len);
 848
 849        if (csa)
 850                memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_presp,
 851                       csa->n_counter_offsets_presp *
 852                       sizeof(new->cntdwn_counter_offsets[0]));
 853
 854        rcu_assign_pointer(sdata->u.ap.probe_resp, new);
 855        if (old)
 856                kfree_rcu(old, rcu_head);
 857
 858        return 0;
 859}
 860
 861static int ieee80211_set_fils_discovery(struct ieee80211_sub_if_data *sdata,
 862                                        struct cfg80211_fils_discovery *params)
 863{
 864        struct fils_discovery_data *new, *old = NULL;
 865        struct ieee80211_fils_discovery *fd;
 866
 867        if (!params->tmpl || !params->tmpl_len)
 868                return -EINVAL;
 869
 870        fd = &sdata->vif.bss_conf.fils_discovery;
 871        fd->min_interval = params->min_interval;
 872        fd->max_interval = params->max_interval;
 873
 874        old = sdata_dereference(sdata->u.ap.fils_discovery, sdata);
 875        new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
 876        if (!new)
 877                return -ENOMEM;
 878        new->len = params->tmpl_len;
 879        memcpy(new->data, params->tmpl, params->tmpl_len);
 880        rcu_assign_pointer(sdata->u.ap.fils_discovery, new);
 881
 882        if (old)
 883                kfree_rcu(old, rcu_head);
 884
 885        return 0;
 886}
 887
 888static int
 889ieee80211_set_unsol_bcast_probe_resp(struct ieee80211_sub_if_data *sdata,
 890                                     struct cfg80211_unsol_bcast_probe_resp *params)
 891{
 892        struct unsol_bcast_probe_resp_data *new, *old = NULL;
 893
 894        if (!params->tmpl || !params->tmpl_len)
 895                return -EINVAL;
 896
 897        old = sdata_dereference(sdata->u.ap.unsol_bcast_probe_resp, sdata);
 898        new = kzalloc(sizeof(*new) + params->tmpl_len, GFP_KERNEL);
 899        if (!new)
 900                return -ENOMEM;
 901        new->len = params->tmpl_len;
 902        memcpy(new->data, params->tmpl, params->tmpl_len);
 903        rcu_assign_pointer(sdata->u.ap.unsol_bcast_probe_resp, new);
 904
 905        if (old)
 906                kfree_rcu(old, rcu_head);
 907
 908        sdata->vif.bss_conf.unsol_bcast_probe_resp_interval =
 909                                                        params->interval;
 910
 911        return 0;
 912}
 913
 914static int ieee80211_set_ftm_responder_params(
 915                                struct ieee80211_sub_if_data *sdata,
 916                                const u8 *lci, size_t lci_len,
 917                                const u8 *civicloc, size_t civicloc_len)
 918{
 919        struct ieee80211_ftm_responder_params *new, *old;
 920        struct ieee80211_bss_conf *bss_conf;
 921        u8 *pos;
 922        int len;
 923
 924        if (!lci_len && !civicloc_len)
 925                return 0;
 926
 927        bss_conf = &sdata->vif.bss_conf;
 928        old = bss_conf->ftmr_params;
 929        len = lci_len + civicloc_len;
 930
 931        new = kzalloc(sizeof(*new) + len, GFP_KERNEL);
 932        if (!new)
 933                return -ENOMEM;
 934
 935        pos = (u8 *)(new + 1);
 936        if (lci_len) {
 937                new->lci_len = lci_len;
 938                new->lci = pos;
 939                memcpy(pos, lci, lci_len);
 940                pos += lci_len;
 941        }
 942
 943        if (civicloc_len) {
 944                new->civicloc_len = civicloc_len;
 945                new->civicloc = pos;
 946                memcpy(pos, civicloc, civicloc_len);
 947                pos += civicloc_len;
 948        }
 949
 950        bss_conf->ftmr_params = new;
 951        kfree(old);
 952
 953        return 0;
 954}
 955
 956static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
 957                                   struct cfg80211_beacon_data *params,
 958                                   const struct ieee80211_csa_settings *csa)
 959{
 960        struct beacon_data *new, *old;
 961        int new_head_len, new_tail_len;
 962        int size, err;
 963        u32 changed = BSS_CHANGED_BEACON;
 964
 965        old = sdata_dereference(sdata->u.ap.beacon, sdata);
 966
 967
 968        /* Need to have a beacon head if we don't have one yet */
 969        if (!params->head && !old)
 970                return -EINVAL;
 971
 972        /* new or old head? */
 973        if (params->head)
 974                new_head_len = params->head_len;
 975        else
 976                new_head_len = old->head_len;
 977
 978        /* new or old tail? */
 979        if (params->tail || !old)
 980                /* params->tail_len will be zero for !params->tail */
 981                new_tail_len = params->tail_len;
 982        else
 983                new_tail_len = old->tail_len;
 984
 985        size = sizeof(*new) + new_head_len + new_tail_len;
 986
 987        new = kzalloc(size, GFP_KERNEL);
 988        if (!new)
 989                return -ENOMEM;
 990
 991        /* start filling the new info now */
 992
 993        /*
 994         * pointers go into the block we allocated,
 995         * memory is | beacon_data | head | tail |
 996         */
 997        new->head = ((u8 *) new) + sizeof(*new);
 998        new->tail = new->head + new_head_len;
 999        new->head_len = new_head_len;
1000        new->tail_len = new_tail_len;
1001
1002        if (csa) {
1003                new->cntdwn_current_counter = csa->count;
1004                memcpy(new->cntdwn_counter_offsets, csa->counter_offsets_beacon,
1005                       csa->n_counter_offsets_beacon *
1006                       sizeof(new->cntdwn_counter_offsets[0]));
1007        }
1008
1009        /* copy in head */
1010        if (params->head)
1011                memcpy(new->head, params->head, new_head_len);
1012        else
1013                memcpy(new->head, old->head, new_head_len);
1014
1015        /* copy in optional tail */
1016        if (params->tail)
1017                memcpy(new->tail, params->tail, new_tail_len);
1018        else
1019                if (old)
1020                        memcpy(new->tail, old->tail, new_tail_len);
1021
1022        err = ieee80211_set_probe_resp(sdata, params->probe_resp,
1023                                       params->probe_resp_len, csa);
1024        if (err < 0) {
1025                kfree(new);
1026                return err;
1027        }
1028        if (err == 0)
1029                changed |= BSS_CHANGED_AP_PROBE_RESP;
1030
1031        if (params->ftm_responder != -1) {
1032                sdata->vif.bss_conf.ftm_responder = params->ftm_responder;
1033                err = ieee80211_set_ftm_responder_params(sdata,
1034                                                         params->lci,
1035                                                         params->lci_len,
1036                                                         params->civicloc,
1037                                                         params->civicloc_len);
1038
1039                if (err < 0) {
1040                        kfree(new);
1041                        return err;
1042                }
1043
1044                changed |= BSS_CHANGED_FTM_RESPONDER;
1045        }
1046
1047        rcu_assign_pointer(sdata->u.ap.beacon, new);
1048
1049        if (old)
1050                kfree_rcu(old, rcu_head);
1051
1052        return changed;
1053}
1054
1055static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
1056                              struct cfg80211_ap_settings *params)
1057{
1058        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1059        struct ieee80211_local *local = sdata->local;
1060        struct beacon_data *old;
1061        struct ieee80211_sub_if_data *vlan;
1062        u32 changed = BSS_CHANGED_BEACON_INT |
1063                      BSS_CHANGED_BEACON_ENABLED |
1064                      BSS_CHANGED_BEACON |
1065                      BSS_CHANGED_SSID |
1066                      BSS_CHANGED_P2P_PS |
1067                      BSS_CHANGED_TXPOWER |
1068                      BSS_CHANGED_TWT;
1069        int i, err;
1070        int prev_beacon_int;
1071
1072        old = sdata_dereference(sdata->u.ap.beacon, sdata);
1073        if (old)
1074                return -EALREADY;
1075
1076        if (params->smps_mode != NL80211_SMPS_OFF)
1077                return -ENOTSUPP;
1078
1079        sdata->smps_mode = IEEE80211_SMPS_OFF;
1080
1081        sdata->needed_rx_chains = sdata->local->rx_chains;
1082
1083        prev_beacon_int = sdata->vif.bss_conf.beacon_int;
1084        sdata->vif.bss_conf.beacon_int = params->beacon_interval;
1085
1086        if (params->he_cap && params->he_oper) {
1087                sdata->vif.bss_conf.he_support = true;
1088                sdata->vif.bss_conf.htc_trig_based_pkt_ext =
1089                        le32_get_bits(params->he_oper->he_oper_params,
1090                              IEEE80211_HE_OPERATION_DFLT_PE_DURATION_MASK);
1091                sdata->vif.bss_conf.frame_time_rts_th =
1092                        le32_get_bits(params->he_oper->he_oper_params,
1093                              IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
1094                changed |= BSS_CHANGED_HE_OBSS_PD;
1095
1096                if (params->he_bss_color.enabled)
1097                        changed |= BSS_CHANGED_HE_BSS_COLOR;
1098        }
1099
1100        mutex_lock(&local->mtx);
1101        err = ieee80211_vif_use_channel(sdata, &params->chandef,
1102                                        IEEE80211_CHANCTX_SHARED);
1103        if (!err)
1104                ieee80211_vif_copy_chanctx_to_vlans(sdata, false);
1105        mutex_unlock(&local->mtx);
1106        if (err) {
1107                sdata->vif.bss_conf.beacon_int = prev_beacon_int;
1108                return err;
1109        }
1110
1111        /*
1112         * Apply control port protocol, this allows us to
1113         * not encrypt dynamic WEP control frames.
1114         */
1115        sdata->control_port_protocol = params->crypto.control_port_ethertype;
1116        sdata->control_port_no_encrypt = params->crypto.control_port_no_encrypt;
1117        sdata->control_port_over_nl80211 =
1118                                params->crypto.control_port_over_nl80211;
1119        sdata->control_port_no_preauth =
1120                                params->crypto.control_port_no_preauth;
1121        sdata->encrypt_headroom = ieee80211_cs_headroom(sdata->local,
1122                                                        &params->crypto,
1123                                                        sdata->vif.type);
1124
1125        list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1126                vlan->control_port_protocol =
1127                        params->crypto.control_port_ethertype;
1128                vlan->control_port_no_encrypt =
1129                        params->crypto.control_port_no_encrypt;
1130                vlan->control_port_over_nl80211 =
1131                        params->crypto.control_port_over_nl80211;
1132                vlan->control_port_no_preauth =
1133                        params->crypto.control_port_no_preauth;
1134                vlan->encrypt_headroom =
1135                        ieee80211_cs_headroom(sdata->local,
1136                                              &params->crypto,
1137                                              vlan->vif.type);
1138        }
1139
1140        sdata->vif.bss_conf.dtim_period = params->dtim_period;
1141        sdata->vif.bss_conf.enable_beacon = true;
1142        sdata->vif.bss_conf.allow_p2p_go_ps = sdata->vif.p2p;
1143        sdata->vif.bss_conf.twt_responder = params->twt_responder;
1144        sdata->vif.bss_conf.he_obss_pd = params->he_obss_pd;
1145        sdata->vif.bss_conf.he_bss_color = params->he_bss_color;
1146        sdata->vif.bss_conf.s1g = params->chandef.chan->band ==
1147                                  NL80211_BAND_S1GHZ;
1148
1149        sdata->vif.bss_conf.ssid_len = params->ssid_len;
1150        if (params->ssid_len)
1151                memcpy(sdata->vif.bss_conf.ssid, params->ssid,
1152                       params->ssid_len);
1153        sdata->vif.bss_conf.hidden_ssid =
1154                (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
1155
1156        memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1157               sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1158        sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow =
1159                params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1160        if (params->p2p_opp_ps)
1161                sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
1162                                        IEEE80211_P2P_OPPPS_ENABLE_BIT;
1163
1164        sdata->beacon_rate_set = false;
1165        if (wiphy_ext_feature_isset(local->hw.wiphy,
1166                                    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
1167                for (i = 0; i < NUM_NL80211_BANDS; i++) {
1168                        sdata->beacon_rateidx_mask[i] =
1169                                params->beacon_rate.control[i].legacy;
1170                        if (sdata->beacon_rateidx_mask[i])
1171                                sdata->beacon_rate_set = true;
1172                }
1173        }
1174
1175        if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
1176                sdata->vif.bss_conf.beacon_tx_rate = params->beacon_rate;
1177
1178        err = ieee80211_assign_beacon(sdata, &params->beacon, NULL);
1179        if (err < 0)
1180                goto error;
1181        changed |= err;
1182
1183        if (params->fils_discovery.max_interval) {
1184                err = ieee80211_set_fils_discovery(sdata,
1185                                                   &params->fils_discovery);
1186                if (err < 0)
1187                        goto error;
1188                changed |= BSS_CHANGED_FILS_DISCOVERY;
1189        }
1190
1191        if (params->unsol_bcast_probe_resp.interval) {
1192                err = ieee80211_set_unsol_bcast_probe_resp(sdata,
1193                                                           &params->unsol_bcast_probe_resp);
1194                if (err < 0)
1195                        goto error;
1196                changed |= BSS_CHANGED_UNSOL_BCAST_PROBE_RESP;
1197        }
1198
1199        err = drv_start_ap(sdata->local, sdata);
1200        if (err) {
1201                old = sdata_dereference(sdata->u.ap.beacon, sdata);
1202
1203                if (old)
1204                        kfree_rcu(old, rcu_head);
1205                RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1206                goto error;
1207        }
1208
1209        ieee80211_recalc_dtim(local, sdata);
1210        ieee80211_bss_info_change_notify(sdata, changed);
1211
1212        netif_carrier_on(dev);
1213        list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1214                netif_carrier_on(vlan->dev);
1215
1216        return 0;
1217
1218error:
1219        ieee80211_vif_release_channel(sdata);
1220        return err;
1221}
1222
1223static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
1224                                   struct cfg80211_beacon_data *params)
1225{
1226        struct ieee80211_sub_if_data *sdata;
1227        struct beacon_data *old;
1228        int err;
1229
1230        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1231        sdata_assert_lock(sdata);
1232
1233        /* don't allow changing the beacon while CSA is in place - offset
1234         * of channel switch counter may change
1235         */
1236        if (sdata->vif.csa_active)
1237                return -EBUSY;
1238
1239        old = sdata_dereference(sdata->u.ap.beacon, sdata);
1240        if (!old)
1241                return -ENOENT;
1242
1243        err = ieee80211_assign_beacon(sdata, params, NULL);
1244        if (err < 0)
1245                return err;
1246        ieee80211_bss_info_change_notify(sdata, err);
1247        return 0;
1248}
1249
1250static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1251{
1252        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1253        struct ieee80211_sub_if_data *vlan;
1254        struct ieee80211_local *local = sdata->local;
1255        struct beacon_data *old_beacon;
1256        struct probe_resp *old_probe_resp;
1257        struct fils_discovery_data *old_fils_discovery;
1258        struct unsol_bcast_probe_resp_data *old_unsol_bcast_probe_resp;
1259        struct cfg80211_chan_def chandef;
1260
1261        sdata_assert_lock(sdata);
1262
1263        old_beacon = sdata_dereference(sdata->u.ap.beacon, sdata);
1264        if (!old_beacon)
1265                return -ENOENT;
1266        old_probe_resp = sdata_dereference(sdata->u.ap.probe_resp, sdata);
1267        old_fils_discovery = sdata_dereference(sdata->u.ap.fils_discovery,
1268                                               sdata);
1269        old_unsol_bcast_probe_resp =
1270                sdata_dereference(sdata->u.ap.unsol_bcast_probe_resp,
1271                                  sdata);
1272
1273        /* abort any running channel switch */
1274        mutex_lock(&local->mtx);
1275        sdata->vif.csa_active = false;
1276        if (sdata->csa_block_tx) {
1277                ieee80211_wake_vif_queues(local, sdata,
1278                                          IEEE80211_QUEUE_STOP_REASON_CSA);
1279                sdata->csa_block_tx = false;
1280        }
1281
1282        mutex_unlock(&local->mtx);
1283
1284        kfree(sdata->u.ap.next_beacon);
1285        sdata->u.ap.next_beacon = NULL;
1286
1287        /* turn off carrier for this interface and dependent VLANs */
1288        list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1289                netif_carrier_off(vlan->dev);
1290        netif_carrier_off(dev);
1291
1292        /* remove beacon and probe response */
1293        RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
1294        RCU_INIT_POINTER(sdata->u.ap.probe_resp, NULL);
1295        RCU_INIT_POINTER(sdata->u.ap.fils_discovery, NULL);
1296        RCU_INIT_POINTER(sdata->u.ap.unsol_bcast_probe_resp, NULL);
1297        kfree_rcu(old_beacon, rcu_head);
1298        if (old_probe_resp)
1299                kfree_rcu(old_probe_resp, rcu_head);
1300        if (old_fils_discovery)
1301                kfree_rcu(old_fils_discovery, rcu_head);
1302        if (old_unsol_bcast_probe_resp)
1303                kfree_rcu(old_unsol_bcast_probe_resp, rcu_head);
1304
1305        kfree(sdata->vif.bss_conf.ftmr_params);
1306        sdata->vif.bss_conf.ftmr_params = NULL;
1307
1308        __sta_info_flush(sdata, true);
1309        ieee80211_free_keys(sdata, true);
1310
1311        sdata->vif.bss_conf.enable_beacon = false;
1312        sdata->beacon_rate_set = false;
1313        sdata->vif.bss_conf.ssid_len = 0;
1314        clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1315        ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
1316
1317        if (sdata->wdev.cac_started) {
1318                chandef = sdata->vif.bss_conf.chandef;
1319                cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
1320                cfg80211_cac_event(sdata->dev, &chandef,
1321                                   NL80211_RADAR_CAC_ABORTED,
1322                                   GFP_KERNEL);
1323        }
1324
1325        drv_stop_ap(sdata->local, sdata);
1326
1327        /* free all potentially still buffered bcast frames */
1328        local->total_ps_buffered -= skb_queue_len(&sdata->u.ap.ps.bc_buf);
1329        ieee80211_purge_tx_queue(&local->hw, &sdata->u.ap.ps.bc_buf);
1330
1331        mutex_lock(&local->mtx);
1332        ieee80211_vif_copy_chanctx_to_vlans(sdata, true);
1333        ieee80211_vif_release_channel(sdata);
1334        mutex_unlock(&local->mtx);
1335
1336        return 0;
1337}
1338
1339static int sta_apply_auth_flags(struct ieee80211_local *local,
1340                                struct sta_info *sta,
1341                                u32 mask, u32 set)
1342{
1343        int ret;
1344
1345        if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1346            set & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1347            !test_sta_flag(sta, WLAN_STA_AUTH)) {
1348                ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1349                if (ret)
1350                        return ret;
1351        }
1352
1353        if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1354            set & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1355            !test_sta_flag(sta, WLAN_STA_ASSOC)) {
1356                /*
1357                 * When peer becomes associated, init rate control as
1358                 * well. Some drivers require rate control initialized
1359                 * before drv_sta_state() is called.
1360                 */
1361                if (!test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
1362                        rate_control_rate_init(sta);
1363
1364                ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1365                if (ret)
1366                        return ret;
1367        }
1368
1369        if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1370                if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
1371                        ret = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1372                else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1373                        ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1374                else
1375                        ret = 0;
1376                if (ret)
1377                        return ret;
1378        }
1379
1380        if (mask & BIT(NL80211_STA_FLAG_ASSOCIATED) &&
1381            !(set & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
1382            test_sta_flag(sta, WLAN_STA_ASSOC)) {
1383                ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1384                if (ret)
1385                        return ret;
1386        }
1387
1388        if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
1389            !(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) &&
1390            test_sta_flag(sta, WLAN_STA_AUTH)) {
1391                ret = sta_info_move_state(sta, IEEE80211_STA_NONE);
1392                if (ret)
1393                        return ret;
1394        }
1395
1396        return 0;
1397}
1398
1399static void sta_apply_mesh_params(struct ieee80211_local *local,
1400                                  struct sta_info *sta,
1401                                  struct station_parameters *params)
1402{
1403#ifdef CONFIG_MAC80211_MESH
1404        struct ieee80211_sub_if_data *sdata = sta->sdata;
1405        u32 changed = 0;
1406
1407        if (params->sta_modify_mask & STATION_PARAM_APPLY_PLINK_STATE) {
1408                switch (params->plink_state) {
1409                case NL80211_PLINK_ESTAB:
1410                        if (sta->mesh->plink_state != NL80211_PLINK_ESTAB)
1411                                changed = mesh_plink_inc_estab_count(sdata);
1412                        sta->mesh->plink_state = params->plink_state;
1413                        sta->mesh->aid = params->peer_aid;
1414
1415                        ieee80211_mps_sta_status_update(sta);
1416                        changed |= ieee80211_mps_set_sta_local_pm(sta,
1417                                      sdata->u.mesh.mshcfg.power_mode);
1418
1419                        ewma_mesh_tx_rate_avg_init(&sta->mesh->tx_rate_avg);
1420                        /* init at low value */
1421                        ewma_mesh_tx_rate_avg_add(&sta->mesh->tx_rate_avg, 10);
1422
1423                        break;
1424                case NL80211_PLINK_LISTEN:
1425                case NL80211_PLINK_BLOCKED:
1426                case NL80211_PLINK_OPN_SNT:
1427                case NL80211_PLINK_OPN_RCVD:
1428                case NL80211_PLINK_CNF_RCVD:
1429                case NL80211_PLINK_HOLDING:
1430                        if (sta->mesh->plink_state == NL80211_PLINK_ESTAB)
1431                                changed = mesh_plink_dec_estab_count(sdata);
1432                        sta->mesh->plink_state = params->plink_state;
1433
1434                        ieee80211_mps_sta_status_update(sta);
1435                        changed |= ieee80211_mps_set_sta_local_pm(sta,
1436                                        NL80211_MESH_POWER_UNKNOWN);
1437                        break;
1438                default:
1439                        /*  nothing  */
1440                        break;
1441                }
1442        }
1443
1444        switch (params->plink_action) {
1445        case NL80211_PLINK_ACTION_NO_ACTION:
1446                /* nothing */
1447                break;
1448        case NL80211_PLINK_ACTION_OPEN:
1449                changed |= mesh_plink_open(sta);
1450                break;
1451        case NL80211_PLINK_ACTION_BLOCK:
1452                changed |= mesh_plink_block(sta);
1453                break;
1454        }
1455
1456        if (params->local_pm)
1457                changed |= ieee80211_mps_set_sta_local_pm(sta,
1458                                                          params->local_pm);
1459
1460        ieee80211_mbss_info_change_notify(sdata, changed);
1461#endif
1462}
1463
1464static void sta_apply_airtime_params(struct ieee80211_local *local,
1465                                     struct sta_info *sta,
1466                                     struct station_parameters *params)
1467{
1468        u8 ac;
1469
1470        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1471                struct airtime_sched_info *air_sched = &local->airtime[ac];
1472                struct airtime_info *air_info = &sta->airtime[ac];
1473                struct txq_info *txqi;
1474                u8 tid;
1475
1476                spin_lock_bh(&air_sched->lock);
1477                for (tid = 0; tid < IEEE80211_NUM_TIDS + 1; tid++) {
1478                        if (air_info->weight == params->airtime_weight ||
1479                            !sta->sta.txq[tid] ||
1480                            ac != ieee80211_ac_from_tid(tid))
1481                                continue;
1482
1483                        airtime_weight_set(air_info, params->airtime_weight);
1484
1485                        txqi = to_txq_info(sta->sta.txq[tid]);
1486                        if (RB_EMPTY_NODE(&txqi->schedule_order))
1487                                continue;
1488
1489                        ieee80211_update_airtime_weight(local, air_sched,
1490                                                        0, true);
1491                }
1492                spin_unlock_bh(&air_sched->lock);
1493        }
1494}
1495
1496static int sta_apply_parameters(struct ieee80211_local *local,
1497                                struct sta_info *sta,
1498                                struct station_parameters *params)
1499{
1500        int ret = 0;
1501        struct ieee80211_supported_band *sband;
1502        struct ieee80211_sub_if_data *sdata = sta->sdata;
1503        u32 mask, set;
1504
1505        sband = ieee80211_get_sband(sdata);
1506        if (!sband)
1507                return -EINVAL;
1508
1509        mask = params->sta_flags_mask;
1510        set = params->sta_flags_set;
1511
1512        if (ieee80211_vif_is_mesh(&sdata->vif)) {
1513                /*
1514                 * In mesh mode, ASSOCIATED isn't part of the nl80211
1515                 * API but must follow AUTHENTICATED for driver state.
1516                 */
1517                if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED))
1518                        mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
1519                if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
1520                        set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
1521        } else if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
1522                /*
1523                 * TDLS -- everything follows authorized, but
1524                 * only becoming authorized is possible, not
1525                 * going back
1526                 */
1527                if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1528                        set |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
1529                               BIT(NL80211_STA_FLAG_ASSOCIATED);
1530                        mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED) |
1531                                BIT(NL80211_STA_FLAG_ASSOCIATED);
1532                }
1533        }
1534
1535        if (mask & BIT(NL80211_STA_FLAG_WME) &&
1536            local->hw.queues >= IEEE80211_NUM_ACS)
1537                sta->sta.wme = set & BIT(NL80211_STA_FLAG_WME);
1538
1539        /* auth flags will be set later for TDLS,
1540         * and for unassociated stations that move to associated */
1541        if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
1542            !((mask & BIT(NL80211_STA_FLAG_ASSOCIATED)) &&
1543              (set & BIT(NL80211_STA_FLAG_ASSOCIATED)))) {
1544                ret = sta_apply_auth_flags(local, sta, mask, set);
1545                if (ret)
1546                        return ret;
1547        }
1548
1549        if (mask & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE)) {
1550                if (set & BIT(NL80211_STA_FLAG_SHORT_PREAMBLE))
1551                        set_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
1552                else
1553                        clear_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE);
1554        }
1555
1556        if (mask & BIT(NL80211_STA_FLAG_MFP)) {
1557                sta->sta.mfp = !!(set & BIT(NL80211_STA_FLAG_MFP));
1558                if (set & BIT(NL80211_STA_FLAG_MFP))
1559                        set_sta_flag(sta, WLAN_STA_MFP);
1560                else
1561                        clear_sta_flag(sta, WLAN_STA_MFP);
1562        }
1563
1564        if (mask & BIT(NL80211_STA_FLAG_TDLS_PEER)) {
1565                if (set & BIT(NL80211_STA_FLAG_TDLS_PEER))
1566                        set_sta_flag(sta, WLAN_STA_TDLS_PEER);
1567                else
1568                        clear_sta_flag(sta, WLAN_STA_TDLS_PEER);
1569        }
1570
1571        /* mark TDLS channel switch support, if the AP allows it */
1572        if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
1573            !sdata->u.mgd.tdls_chan_switch_prohibited &&
1574            params->ext_capab_len >= 4 &&
1575            params->ext_capab[3] & WLAN_EXT_CAPA4_TDLS_CHAN_SWITCH)
1576                set_sta_flag(sta, WLAN_STA_TDLS_CHAN_SWITCH);
1577
1578        if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
1579            !sdata->u.mgd.tdls_wider_bw_prohibited &&
1580            ieee80211_hw_check(&local->hw, TDLS_WIDER_BW) &&
1581            params->ext_capab_len >= 8 &&
1582            params->ext_capab[7] & WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED)
1583                set_sta_flag(sta, WLAN_STA_TDLS_WIDER_BW);
1584
1585        if (params->sta_modify_mask & STATION_PARAM_APPLY_UAPSD) {
1586                sta->sta.uapsd_queues = params->uapsd_queues;
1587                sta->sta.max_sp = params->max_sp;
1588        }
1589
1590        /* The sender might not have sent the last bit, consider it to be 0 */
1591        if (params->ext_capab_len >= 8) {
1592                u8 val = (params->ext_capab[7] &
1593                          WLAN_EXT_CAPA8_MAX_MSDU_IN_AMSDU_LSB) >> 7;
1594
1595                /* we did get all the bits, take the MSB as well */
1596                if (params->ext_capab_len >= 9) {
1597                        u8 val_msb = params->ext_capab[8] &
1598                                WLAN_EXT_CAPA9_MAX_MSDU_IN_AMSDU_MSB;
1599                        val_msb <<= 1;
1600                        val |= val_msb;
1601                }
1602
1603                switch (val) {
1604                case 1:
1605                        sta->sta.max_amsdu_subframes = 32;
1606                        break;
1607                case 2:
1608                        sta->sta.max_amsdu_subframes = 16;
1609                        break;
1610                case 3:
1611                        sta->sta.max_amsdu_subframes = 8;
1612                        break;
1613                default:
1614                        sta->sta.max_amsdu_subframes = 0;
1615                }
1616        }
1617
1618        /*
1619         * cfg80211 validates this (1-2007) and allows setting the AID
1620         * only when creating a new station entry
1621         */
1622        if (params->aid)
1623                sta->sta.aid = params->aid;
1624
1625        /*
1626         * Some of the following updates would be racy if called on an
1627         * existing station, via ieee80211_change_station(). However,
1628         * all such changes are rejected by cfg80211 except for updates
1629         * changing the supported rates on an existing but not yet used
1630         * TDLS peer.
1631         */
1632
1633        if (params->listen_interval >= 0)
1634                sta->listen_interval = params->listen_interval;
1635
1636        if (params->sta_modify_mask & STATION_PARAM_APPLY_STA_TXPOWER) {
1637                sta->sta.txpwr.type = params->txpwr.type;
1638                if (params->txpwr.type == NL80211_TX_POWER_LIMITED)
1639                        sta->sta.txpwr.power = params->txpwr.power;
1640                ret = drv_sta_set_txpwr(local, sdata, sta);
1641                if (ret)
1642                        return ret;
1643        }
1644
1645        if (params->supported_rates && params->supported_rates_len) {
1646                ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
1647                                         sband, params->supported_rates,
1648                                         params->supported_rates_len,
1649                                         &sta->sta.supp_rates[sband->band]);
1650        }
1651
1652        if (params->ht_capa)
1653                ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
1654                                                  params->ht_capa, sta);
1655
1656        /* VHT can override some HT caps such as the A-MSDU max length */
1657        if (params->vht_capa)
1658                ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband,
1659                                                    params->vht_capa, sta);
1660
1661        if (params->he_capa)
1662                ieee80211_he_cap_ie_to_sta_he_cap(sdata, sband,
1663                                                  (void *)params->he_capa,
1664                                                  params->he_capa_len,
1665                                                  (void *)params->he_6ghz_capa,
1666                                                  sta);
1667
1668        if (params->opmode_notif_used) {
1669                /* returned value is only needed for rc update, but the
1670                 * rc isn't initialized here yet, so ignore it
1671                 */
1672                __ieee80211_vht_handle_opmode(sdata, sta, params->opmode_notif,
1673                                              sband->band);
1674        }
1675
1676        if (params->support_p2p_ps >= 0)
1677                sta->sta.support_p2p_ps = params->support_p2p_ps;
1678
1679        if (ieee80211_vif_is_mesh(&sdata->vif))
1680                sta_apply_mesh_params(local, sta, params);
1681
1682        if (params->airtime_weight)
1683                sta_apply_airtime_params(local, sta, params);
1684
1685
1686        /* set the STA state after all sta info from usermode has been set */
1687        if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) ||
1688            set & BIT(NL80211_STA_FLAG_ASSOCIATED)) {
1689                ret = sta_apply_auth_flags(local, sta, mask, set);
1690                if (ret)
1691                        return ret;
1692        }
1693
1694        return 0;
1695}
1696
1697static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
1698                                 const u8 *mac,
1699                                 struct station_parameters *params)
1700{
1701        struct ieee80211_local *local = wiphy_priv(wiphy);
1702        struct sta_info *sta;
1703        struct ieee80211_sub_if_data *sdata;
1704        int err;
1705
1706        if (params->vlan) {
1707                sdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
1708
1709                if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1710                    sdata->vif.type != NL80211_IFTYPE_AP)
1711                        return -EINVAL;
1712        } else
1713                sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1714
1715        if (ether_addr_equal(mac, sdata->vif.addr))
1716                return -EINVAL;
1717
1718        if (!is_valid_ether_addr(mac))
1719                return -EINVAL;
1720
1721        if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER) &&
1722            sdata->vif.type == NL80211_IFTYPE_STATION &&
1723            !sdata->u.mgd.associated)
1724                return -EINVAL;
1725
1726        sta = sta_info_alloc(sdata, mac, GFP_KERNEL);
1727        if (!sta)
1728                return -ENOMEM;
1729
1730        if (params->sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
1731                sta->sta.tdls = true;
1732
1733        err = sta_apply_parameters(local, sta, params);
1734        if (err) {
1735                sta_info_free(local, sta);
1736                return err;
1737        }
1738
1739        /*
1740         * for TDLS and for unassociated station, rate control should be
1741         * initialized only when rates are known and station is marked
1742         * authorized/associated
1743         */
1744        if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER) &&
1745            test_sta_flag(sta, WLAN_STA_ASSOC))
1746                rate_control_rate_init(sta);
1747
1748        return sta_info_insert(sta);
1749}
1750
1751static int ieee80211_del_station(struct wiphy *wiphy, struct net_device *dev,
1752                                 struct station_del_parameters *params)
1753{
1754        struct ieee80211_sub_if_data *sdata;
1755
1756        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1757
1758        if (params->mac)
1759                return sta_info_destroy_addr_bss(sdata, params->mac);
1760
1761        sta_info_flush(sdata);
1762        return 0;
1763}
1764
1765static int ieee80211_change_station(struct wiphy *wiphy,
1766                                    struct net_device *dev, const u8 *mac,
1767                                    struct station_parameters *params)
1768{
1769        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1770        struct ieee80211_local *local = wiphy_priv(wiphy);
1771        struct sta_info *sta;
1772        struct ieee80211_sub_if_data *vlansdata;
1773        enum cfg80211_station_type statype;
1774        int err;
1775
1776        mutex_lock(&local->sta_mtx);
1777
1778        sta = sta_info_get_bss(sdata, mac);
1779        if (!sta) {
1780                err = -ENOENT;
1781                goto out_err;
1782        }
1783
1784        switch (sdata->vif.type) {
1785        case NL80211_IFTYPE_MESH_POINT:
1786                if (sdata->u.mesh.user_mpm)
1787                        statype = CFG80211_STA_MESH_PEER_USER;
1788                else
1789                        statype = CFG80211_STA_MESH_PEER_KERNEL;
1790                break;
1791        case NL80211_IFTYPE_ADHOC:
1792                statype = CFG80211_STA_IBSS;
1793                break;
1794        case NL80211_IFTYPE_STATION:
1795                if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
1796                        statype = CFG80211_STA_AP_STA;
1797                        break;
1798                }
1799                if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1800                        statype = CFG80211_STA_TDLS_PEER_ACTIVE;
1801                else
1802                        statype = CFG80211_STA_TDLS_PEER_SETUP;
1803                break;
1804        case NL80211_IFTYPE_AP:
1805        case NL80211_IFTYPE_AP_VLAN:
1806                if (test_sta_flag(sta, WLAN_STA_ASSOC))
1807                        statype = CFG80211_STA_AP_CLIENT;
1808                else
1809                        statype = CFG80211_STA_AP_CLIENT_UNASSOC;
1810                break;
1811        default:
1812                err = -EOPNOTSUPP;
1813                goto out_err;
1814        }
1815
1816        err = cfg80211_check_station_change(wiphy, params, statype);
1817        if (err)
1818                goto out_err;
1819
1820        if (params->vlan && params->vlan != sta->sdata->dev) {
1821                vlansdata = IEEE80211_DEV_TO_SUB_IF(params->vlan);
1822
1823                if (params->vlan->ieee80211_ptr->use_4addr) {
1824                        if (vlansdata->u.vlan.sta) {
1825                                err = -EBUSY;
1826                                goto out_err;
1827                        }
1828
1829                        rcu_assign_pointer(vlansdata->u.vlan.sta, sta);
1830                        __ieee80211_check_fast_rx_iface(vlansdata);
1831                        drv_sta_set_4addr(local, sta->sdata, &sta->sta, true);
1832                }
1833
1834                if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1835                    sta->sdata->u.vlan.sta) {
1836                        ieee80211_clear_fast_rx(sta);
1837                        RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL);
1838                }
1839
1840                if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
1841                        ieee80211_vif_dec_num_mcast(sta->sdata);
1842
1843                sta->sdata = vlansdata;
1844                ieee80211_check_fast_xmit(sta);
1845
1846                if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) {
1847                        ieee80211_vif_inc_num_mcast(sta->sdata);
1848                        cfg80211_send_layer2_update(sta->sdata->dev,
1849                                                    sta->sta.addr);
1850                }
1851        }
1852
1853        err = sta_apply_parameters(local, sta, params);
1854        if (err)
1855                goto out_err;
1856
1857        mutex_unlock(&local->sta_mtx);
1858
1859        if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1860            params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
1861                ieee80211_recalc_ps(local);
1862                ieee80211_recalc_ps_vif(sdata);
1863        }
1864
1865        return 0;
1866out_err:
1867        mutex_unlock(&local->sta_mtx);
1868        return err;
1869}
1870
1871#ifdef CONFIG_MAC80211_MESH
1872static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1873                               const u8 *dst, const u8 *next_hop)
1874{
1875        struct ieee80211_sub_if_data *sdata;
1876        struct mesh_path *mpath;
1877        struct sta_info *sta;
1878
1879        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1880
1881        rcu_read_lock();
1882        sta = sta_info_get(sdata, next_hop);
1883        if (!sta) {
1884                rcu_read_unlock();
1885                return -ENOENT;
1886        }
1887
1888        mpath = mesh_path_add(sdata, dst);
1889        if (IS_ERR(mpath)) {
1890                rcu_read_unlock();
1891                return PTR_ERR(mpath);
1892        }
1893
1894        mesh_path_fix_nexthop(mpath, sta);
1895
1896        rcu_read_unlock();
1897        return 0;
1898}
1899
1900static int ieee80211_del_mpath(struct wiphy *wiphy, struct net_device *dev,
1901                               const u8 *dst)
1902{
1903        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1904
1905        if (dst)
1906                return mesh_path_del(sdata, dst);
1907
1908        mesh_path_flush_by_iface(sdata);
1909        return 0;
1910}
1911
1912static int ieee80211_change_mpath(struct wiphy *wiphy, struct net_device *dev,
1913                                  const u8 *dst, const u8 *next_hop)
1914{
1915        struct ieee80211_sub_if_data *sdata;
1916        struct mesh_path *mpath;
1917        struct sta_info *sta;
1918
1919        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1920
1921        rcu_read_lock();
1922
1923        sta = sta_info_get(sdata, next_hop);
1924        if (!sta) {
1925                rcu_read_unlock();
1926                return -ENOENT;
1927        }
1928
1929        mpath = mesh_path_lookup(sdata, dst);
1930        if (!mpath) {
1931                rcu_read_unlock();
1932                return -ENOENT;
1933        }
1934
1935        mesh_path_fix_nexthop(mpath, sta);
1936
1937        rcu_read_unlock();
1938        return 0;
1939}
1940
1941static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
1942                            struct mpath_info *pinfo)
1943{
1944        struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
1945
1946        if (next_hop_sta)
1947                memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
1948        else
1949                eth_zero_addr(next_hop);
1950
1951        memset(pinfo, 0, sizeof(*pinfo));
1952
1953        pinfo->generation = mpath->sdata->u.mesh.mesh_paths_generation;
1954
1955        pinfo->filled = MPATH_INFO_FRAME_QLEN |
1956                        MPATH_INFO_SN |
1957                        MPATH_INFO_METRIC |
1958                        MPATH_INFO_EXPTIME |
1959                        MPATH_INFO_DISCOVERY_TIMEOUT |
1960                        MPATH_INFO_DISCOVERY_RETRIES |
1961                        MPATH_INFO_FLAGS |
1962                        MPATH_INFO_HOP_COUNT |
1963                        MPATH_INFO_PATH_CHANGE;
1964
1965        pinfo->frame_qlen = mpath->frame_queue.qlen;
1966        pinfo->sn = mpath->sn;
1967        pinfo->metric = mpath->metric;
1968        if (time_before(jiffies, mpath->exp_time))
1969                pinfo->exptime = jiffies_to_msecs(mpath->exp_time - jiffies);
1970        pinfo->discovery_timeout =
1971                        jiffies_to_msecs(mpath->discovery_timeout);
1972        pinfo->discovery_retries = mpath->discovery_retries;
1973        if (mpath->flags & MESH_PATH_ACTIVE)
1974                pinfo->flags |= NL80211_MPATH_FLAG_ACTIVE;
1975        if (mpath->flags & MESH_PATH_RESOLVING)
1976                pinfo->flags |= NL80211_MPATH_FLAG_RESOLVING;
1977        if (mpath->flags & MESH_PATH_SN_VALID)
1978                pinfo->flags |= NL80211_MPATH_FLAG_SN_VALID;
1979        if (mpath->flags & MESH_PATH_FIXED)
1980                pinfo->flags |= NL80211_MPATH_FLAG_FIXED;
1981        if (mpath->flags & MESH_PATH_RESOLVED)
1982                pinfo->flags |= NL80211_MPATH_FLAG_RESOLVED;
1983        pinfo->hop_count = mpath->hop_count;
1984        pinfo->path_change_count = mpath->path_change_count;
1985}
1986
1987static int ieee80211_get_mpath(struct wiphy *wiphy, struct net_device *dev,
1988                               u8 *dst, u8 *next_hop, struct mpath_info *pinfo)
1989
1990{
1991        struct ieee80211_sub_if_data *sdata;
1992        struct mesh_path *mpath;
1993
1994        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1995
1996        rcu_read_lock();
1997        mpath = mesh_path_lookup(sdata, dst);
1998        if (!mpath) {
1999                rcu_read_unlock();
2000                return -ENOENT;
2001        }
2002        memcpy(dst, mpath->dst, ETH_ALEN);
2003        mpath_set_pinfo(mpath, next_hop, pinfo);
2004        rcu_read_unlock();
2005        return 0;
2006}
2007
2008static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
2009                                int idx, u8 *dst, u8 *next_hop,
2010                                struct mpath_info *pinfo)
2011{
2012        struct ieee80211_sub_if_data *sdata;
2013        struct mesh_path *mpath;
2014
2015        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2016
2017        rcu_read_lock();
2018        mpath = mesh_path_lookup_by_idx(sdata, idx);
2019        if (!mpath) {
2020                rcu_read_unlock();
2021                return -ENOENT;
2022        }
2023        memcpy(dst, mpath->dst, ETH_ALEN);
2024        mpath_set_pinfo(mpath, next_hop, pinfo);
2025        rcu_read_unlock();
2026        return 0;
2027}
2028
2029static void mpp_set_pinfo(struct mesh_path *mpath, u8 *mpp,
2030                          struct mpath_info *pinfo)
2031{
2032        memset(pinfo, 0, sizeof(*pinfo));
2033        memcpy(mpp, mpath->mpp, ETH_ALEN);
2034
2035        pinfo->generation = mpath->sdata->u.mesh.mpp_paths_generation;
2036}
2037
2038static int ieee80211_get_mpp(struct wiphy *wiphy, struct net_device *dev,
2039                             u8 *dst, u8 *mpp, struct mpath_info *pinfo)
2040
2041{
2042        struct ieee80211_sub_if_data *sdata;
2043        struct mesh_path *mpath;
2044
2045        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2046
2047        rcu_read_lock();
2048        mpath = mpp_path_lookup(sdata, dst);
2049        if (!mpath) {
2050                rcu_read_unlock();
2051                return -ENOENT;
2052        }
2053        memcpy(dst, mpath->dst, ETH_ALEN);
2054        mpp_set_pinfo(mpath, mpp, pinfo);
2055        rcu_read_unlock();
2056        return 0;
2057}
2058
2059static int ieee80211_dump_mpp(struct wiphy *wiphy, struct net_device *dev,
2060                              int idx, u8 *dst, u8 *mpp,
2061                              struct mpath_info *pinfo)
2062{
2063        struct ieee80211_sub_if_data *sdata;
2064        struct mesh_path *mpath;
2065
2066        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2067
2068        rcu_read_lock();
2069        mpath = mpp_path_lookup_by_idx(sdata, idx);
2070        if (!mpath) {
2071                rcu_read_unlock();
2072                return -ENOENT;
2073        }
2074        memcpy(dst, mpath->dst, ETH_ALEN);
2075        mpp_set_pinfo(mpath, mpp, pinfo);
2076        rcu_read_unlock();
2077        return 0;
2078}
2079
2080static int ieee80211_get_mesh_config(struct wiphy *wiphy,
2081                                struct net_device *dev,
2082                                struct mesh_config *conf)
2083{
2084        struct ieee80211_sub_if_data *sdata;
2085        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2086
2087        memcpy(conf, &(sdata->u.mesh.mshcfg), sizeof(struct mesh_config));
2088        return 0;
2089}
2090
2091static inline bool _chg_mesh_attr(enum nl80211_meshconf_params parm, u32 mask)
2092{
2093        return (mask >> (parm-1)) & 0x1;
2094}
2095
2096static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
2097                const struct mesh_setup *setup)
2098{
2099        u8 *new_ie;
2100        const u8 *old_ie;
2101        struct ieee80211_sub_if_data *sdata = container_of(ifmsh,
2102                                        struct ieee80211_sub_if_data, u.mesh);
2103        int i;
2104
2105        /* allocate information elements */
2106        new_ie = NULL;
2107        old_ie = ifmsh->ie;
2108
2109        if (setup->ie_len) {
2110                new_ie = kmemdup(setup->ie, setup->ie_len,
2111                                GFP_KERNEL);
2112                if (!new_ie)
2113                        return -ENOMEM;
2114        }
2115        ifmsh->ie_len = setup->ie_len;
2116        ifmsh->ie = new_ie;
2117        kfree(old_ie);
2118
2119        /* now copy the rest of the setup parameters */
2120        ifmsh->mesh_id_len = setup->mesh_id_len;
2121        memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
2122        ifmsh->mesh_sp_id = setup->sync_method;
2123        ifmsh->mesh_pp_id = setup->path_sel_proto;
2124        ifmsh->mesh_pm_id = setup->path_metric;
2125        ifmsh->user_mpm = setup->user_mpm;
2126        ifmsh->mesh_auth_id = setup->auth_id;
2127        ifmsh->security = IEEE80211_MESH_SEC_NONE;
2128        ifmsh->userspace_handles_dfs = setup->userspace_handles_dfs;
2129        if (setup->is_authenticated)
2130                ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
2131        if (setup->is_secure)
2132                ifmsh->security |= IEEE80211_MESH_SEC_SECURED;
2133
2134        /* mcast rate setting in Mesh Node */
2135        memcpy(sdata->vif.bss_conf.mcast_rate, setup->mcast_rate,
2136                                                sizeof(setup->mcast_rate));
2137        sdata->vif.bss_conf.basic_rates = setup->basic_rates;
2138
2139        sdata->vif.bss_conf.beacon_int = setup->beacon_interval;
2140        sdata->vif.bss_conf.dtim_period = setup->dtim_period;
2141
2142        sdata->beacon_rate_set = false;
2143        if (wiphy_ext_feature_isset(sdata->local->hw.wiphy,
2144                                    NL80211_EXT_FEATURE_BEACON_RATE_LEGACY)) {
2145                for (i = 0; i < NUM_NL80211_BANDS; i++) {
2146                        sdata->beacon_rateidx_mask[i] =
2147                                setup->beacon_rate.control[i].legacy;
2148                        if (sdata->beacon_rateidx_mask[i])
2149                                sdata->beacon_rate_set = true;
2150                }
2151        }
2152
2153        return 0;
2154}
2155
2156static int ieee80211_update_mesh_config(struct wiphy *wiphy,
2157                                        struct net_device *dev, u32 mask,
2158                                        const struct mesh_config *nconf)
2159{
2160        struct mesh_config *conf;
2161        struct ieee80211_sub_if_data *sdata;
2162        struct ieee80211_if_mesh *ifmsh;
2163
2164        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2165        ifmsh = &sdata->u.mesh;
2166
2167        /* Set the config options which we are interested in setting */
2168        conf = &(sdata->u.mesh.mshcfg);
2169        if (_chg_mesh_attr(NL80211_MESHCONF_RETRY_TIMEOUT, mask))
2170                conf->dot11MeshRetryTimeout = nconf->dot11MeshRetryTimeout;
2171        if (_chg_mesh_attr(NL80211_MESHCONF_CONFIRM_TIMEOUT, mask))
2172                conf->dot11MeshConfirmTimeout = nconf->dot11MeshConfirmTimeout;
2173        if (_chg_mesh_attr(NL80211_MESHCONF_HOLDING_TIMEOUT, mask))
2174                conf->dot11MeshHoldingTimeout = nconf->dot11MeshHoldingTimeout;
2175        if (_chg_mesh_attr(NL80211_MESHCONF_MAX_PEER_LINKS, mask))
2176                conf->dot11MeshMaxPeerLinks = nconf->dot11MeshMaxPeerLinks;
2177        if (_chg_mesh_attr(NL80211_MESHCONF_MAX_RETRIES, mask))
2178                conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries;
2179        if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask))
2180                conf->dot11MeshTTL = nconf->dot11MeshTTL;
2181        if (_chg_mesh_attr(NL80211_MESHCONF_ELEMENT_TTL, mask))
2182                conf->element_ttl = nconf->element_ttl;
2183        if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask)) {
2184                if (ifmsh->user_mpm)
2185                        return -EBUSY;
2186                conf->auto_open_plinks = nconf->auto_open_plinks;
2187        }
2188        if (_chg_mesh_attr(NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR, mask))
2189                conf->dot11MeshNbrOffsetMaxNeighbor =
2190                        nconf->dot11MeshNbrOffsetMaxNeighbor;
2191        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask))
2192                conf->dot11MeshHWMPmaxPREQretries =
2193                        nconf->dot11MeshHWMPmaxPREQretries;
2194        if (_chg_mesh_attr(NL80211_MESHCONF_PATH_REFRESH_TIME, mask))
2195                conf->path_refresh_time = nconf->path_refresh_time;
2196        if (_chg_mesh_attr(NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, mask))
2197                conf->min_discovery_timeout = nconf->min_discovery_timeout;
2198        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, mask))
2199                conf->dot11MeshHWMPactivePathTimeout =
2200                        nconf->dot11MeshHWMPactivePathTimeout;
2201        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, mask))
2202                conf->dot11MeshHWMPpreqMinInterval =
2203                        nconf->dot11MeshHWMPpreqMinInterval;
2204        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL, mask))
2205                conf->dot11MeshHWMPperrMinInterval =
2206                        nconf->dot11MeshHWMPperrMinInterval;
2207        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2208                           mask))
2209                conf->dot11MeshHWMPnetDiameterTraversalTime =
2210                        nconf->dot11MeshHWMPnetDiameterTraversalTime;
2211        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOTMODE, mask)) {
2212                conf->dot11MeshHWMPRootMode = nconf->dot11MeshHWMPRootMode;
2213                ieee80211_mesh_root_setup(ifmsh);
2214        }
2215        if (_chg_mesh_attr(NL80211_MESHCONF_GATE_ANNOUNCEMENTS, mask)) {
2216                /* our current gate announcement implementation rides on root
2217                 * announcements, so require this ifmsh to also be a root node
2218                 * */
2219                if (nconf->dot11MeshGateAnnouncementProtocol &&
2220                    !(conf->dot11MeshHWMPRootMode > IEEE80211_ROOTMODE_ROOT)) {
2221                        conf->dot11MeshHWMPRootMode = IEEE80211_PROACTIVE_RANN;
2222                        ieee80211_mesh_root_setup(ifmsh);
2223                }
2224                conf->dot11MeshGateAnnouncementProtocol =
2225                        nconf->dot11MeshGateAnnouncementProtocol;
2226        }
2227        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_RANN_INTERVAL, mask))
2228                conf->dot11MeshHWMPRannInterval =
2229                        nconf->dot11MeshHWMPRannInterval;
2230        if (_chg_mesh_attr(NL80211_MESHCONF_FORWARDING, mask))
2231                conf->dot11MeshForwarding = nconf->dot11MeshForwarding;
2232        if (_chg_mesh_attr(NL80211_MESHCONF_RSSI_THRESHOLD, mask)) {
2233                /* our RSSI threshold implementation is supported only for
2234                 * devices that report signal in dBm.
2235                 */
2236                if (!ieee80211_hw_check(&sdata->local->hw, SIGNAL_DBM))
2237                        return -ENOTSUPP;
2238                conf->rssi_threshold = nconf->rssi_threshold;
2239        }
2240        if (_chg_mesh_attr(NL80211_MESHCONF_HT_OPMODE, mask)) {
2241                conf->ht_opmode = nconf->ht_opmode;
2242                sdata->vif.bss_conf.ht_operation_mode = nconf->ht_opmode;
2243                ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
2244        }
2245        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT, mask))
2246                conf->dot11MeshHWMPactivePathToRootTimeout =
2247                        nconf->dot11MeshHWMPactivePathToRootTimeout;
2248        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_ROOT_INTERVAL, mask))
2249                conf->dot11MeshHWMProotInterval =
2250                        nconf->dot11MeshHWMProotInterval;
2251        if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL, mask))
2252                conf->dot11MeshHWMPconfirmationInterval =
2253                        nconf->dot11MeshHWMPconfirmationInterval;
2254        if (_chg_mesh_attr(NL80211_MESHCONF_POWER_MODE, mask)) {
2255                conf->power_mode = nconf->power_mode;
2256                ieee80211_mps_local_status_update(sdata);
2257        }
2258        if (_chg_mesh_attr(NL80211_MESHCONF_AWAKE_WINDOW, mask))
2259                conf->dot11MeshAwakeWindowDuration =
2260                        nconf->dot11MeshAwakeWindowDuration;
2261        if (_chg_mesh_attr(NL80211_MESHCONF_PLINK_TIMEOUT, mask))
2262                conf->plink_timeout = nconf->plink_timeout;
2263        if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_GATE, mask))
2264                conf->dot11MeshConnectedToMeshGate =
2265                        nconf->dot11MeshConnectedToMeshGate;
2266        if (_chg_mesh_attr(NL80211_MESHCONF_NOLEARN, mask))
2267                conf->dot11MeshNolearn = nconf->dot11MeshNolearn;
2268        if (_chg_mesh_attr(NL80211_MESHCONF_CONNECTED_TO_AS, mask))
2269                conf->dot11MeshConnectedToAuthServer =
2270                        nconf->dot11MeshConnectedToAuthServer;
2271        ieee80211_mbss_info_change_notify(sdata, BSS_CHANGED_BEACON);
2272        return 0;
2273}
2274
2275static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev,
2276                               const struct mesh_config *conf,
2277                               const struct mesh_setup *setup)
2278{
2279        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2280        struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2281        int err;
2282
2283        memcpy(&ifmsh->mshcfg, conf, sizeof(struct mesh_config));
2284        err = copy_mesh_setup(ifmsh, setup);
2285        if (err)
2286                return err;
2287
2288        sdata->control_port_over_nl80211 = setup->control_port_over_nl80211;
2289
2290        /* can mesh use other SMPS modes? */
2291        sdata->smps_mode = IEEE80211_SMPS_OFF;
2292        sdata->needed_rx_chains = sdata->local->rx_chains;
2293
2294        mutex_lock(&sdata->local->mtx);
2295        err = ieee80211_vif_use_channel(sdata, &setup->chandef,
2296                                        IEEE80211_CHANCTX_SHARED);
2297        mutex_unlock(&sdata->local->mtx);
2298        if (err)
2299                return err;
2300
2301        return ieee80211_start_mesh(sdata);
2302}
2303
2304static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
2305{
2306        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2307
2308        ieee80211_stop_mesh(sdata);
2309        mutex_lock(&sdata->local->mtx);
2310        ieee80211_vif_release_channel(sdata);
2311        kfree(sdata->u.mesh.ie);
2312        mutex_unlock(&sdata->local->mtx);
2313
2314        return 0;
2315}
2316#endif
2317
2318static int ieee80211_change_bss(struct wiphy *wiphy,
2319                                struct net_device *dev,
2320                                struct bss_parameters *params)
2321{
2322        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2323        struct ieee80211_supported_band *sband;
2324        u32 changed = 0;
2325
2326        if (!sdata_dereference(sdata->u.ap.beacon, sdata))
2327                return -ENOENT;
2328
2329        sband = ieee80211_get_sband(sdata);
2330        if (!sband)
2331                return -EINVAL;
2332
2333        if (params->use_cts_prot >= 0) {
2334                sdata->vif.bss_conf.use_cts_prot = params->use_cts_prot;
2335                changed |= BSS_CHANGED_ERP_CTS_PROT;
2336        }
2337        if (params->use_short_preamble >= 0) {
2338                sdata->vif.bss_conf.use_short_preamble =
2339                        params->use_short_preamble;
2340                changed |= BSS_CHANGED_ERP_PREAMBLE;
2341        }
2342
2343        if (!sdata->vif.bss_conf.use_short_slot &&
2344            (sband->band == NL80211_BAND_5GHZ ||
2345             sband->band == NL80211_BAND_6GHZ)) {
2346                sdata->vif.bss_conf.use_short_slot = true;
2347                changed |= BSS_CHANGED_ERP_SLOT;
2348        }
2349
2350        if (params->use_short_slot_time >= 0) {
2351                sdata->vif.bss_conf.use_short_slot =
2352                        params->use_short_slot_time;
2353                changed |= BSS_CHANGED_ERP_SLOT;
2354        }
2355
2356        if (params->basic_rates) {
2357                ieee80211_parse_bitrates(&sdata->vif.bss_conf.chandef,
2358                                         wiphy->bands[sband->band],
2359                                         params->basic_rates,
2360                                         params->basic_rates_len,
2361                                         &sdata->vif.bss_conf.basic_rates);
2362                changed |= BSS_CHANGED_BASIC_RATES;
2363                ieee80211_check_rate_mask(sdata);
2364        }
2365
2366        if (params->ap_isolate >= 0) {
2367                if (params->ap_isolate)
2368                        sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
2369                else
2370                        sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
2371                ieee80211_check_fast_rx_iface(sdata);
2372        }
2373
2374        if (params->ht_opmode >= 0) {
2375                sdata->vif.bss_conf.ht_operation_mode =
2376                        (u16) params->ht_opmode;
2377                changed |= BSS_CHANGED_HT;
2378        }
2379
2380        if (params->p2p_ctwindow >= 0) {
2381                sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
2382                                        ~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2383                sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
2384                        params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
2385                changed |= BSS_CHANGED_P2P_PS;
2386        }
2387
2388        if (params->p2p_opp_ps > 0) {
2389                sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
2390                                        IEEE80211_P2P_OPPPS_ENABLE_BIT;
2391                changed |= BSS_CHANGED_P2P_PS;
2392        } else if (params->p2p_opp_ps == 0) {
2393                sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
2394                                        ~IEEE80211_P2P_OPPPS_ENABLE_BIT;
2395                changed |= BSS_CHANGED_P2P_PS;
2396        }
2397
2398        ieee80211_bss_info_change_notify(sdata, changed);
2399
2400        return 0;
2401}
2402
2403static int ieee80211_set_txq_params(struct wiphy *wiphy,
2404                                    struct net_device *dev,
2405                                    struct ieee80211_txq_params *params)
2406{
2407        struct ieee80211_local *local = wiphy_priv(wiphy);
2408        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2409        struct ieee80211_tx_queue_params p;
2410
2411        if (!local->ops->conf_tx)
2412                return -EOPNOTSUPP;
2413
2414        if (local->hw.queues < IEEE80211_NUM_ACS)
2415                return -EOPNOTSUPP;
2416
2417        memset(&p, 0, sizeof(p));
2418        p.aifs = params->aifs;
2419        p.cw_max = params->cwmax;
2420        p.cw_min = params->cwmin;
2421        p.txop = params->txop;
2422
2423        /*
2424         * Setting tx queue params disables u-apsd because it's only
2425         * called in master mode.
2426         */
2427        p.uapsd = false;
2428
2429        ieee80211_regulatory_limit_wmm_params(sdata, &p, params->ac);
2430
2431        sdata->tx_conf[params->ac] = p;
2432        if (drv_conf_tx(local, sdata, params->ac, &p)) {
2433                wiphy_debug(local->hw.wiphy,
2434                            "failed to set TX queue parameters for AC %d\n",
2435                            params->ac);
2436                return -EINVAL;
2437        }
2438
2439        ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
2440
2441        return 0;
2442}
2443
2444#ifdef CONFIG_PM
2445static int ieee80211_suspend(struct wiphy *wiphy,
2446                             struct cfg80211_wowlan *wowlan)
2447{
2448        return __ieee80211_suspend(wiphy_priv(wiphy), wowlan);
2449}
2450
2451static int ieee80211_resume(struct wiphy *wiphy)
2452{
2453        return __ieee80211_resume(wiphy_priv(wiphy));
2454}
2455#else
2456#define ieee80211_suspend NULL
2457#define ieee80211_resume NULL
2458#endif
2459
2460static int ieee80211_scan(struct wiphy *wiphy,
2461                          struct cfg80211_scan_request *req)
2462{
2463        struct ieee80211_sub_if_data *sdata;
2464
2465        sdata = IEEE80211_WDEV_TO_SUB_IF(req->wdev);
2466
2467        switch (ieee80211_vif_type_p2p(&sdata->vif)) {
2468        case NL80211_IFTYPE_STATION:
2469        case NL80211_IFTYPE_ADHOC:
2470        case NL80211_IFTYPE_MESH_POINT:
2471        case NL80211_IFTYPE_P2P_CLIENT:
2472        case NL80211_IFTYPE_P2P_DEVICE:
2473                break;
2474        case NL80211_IFTYPE_P2P_GO:
2475                if (sdata->local->ops->hw_scan)
2476                        break;
2477                /*
2478                 * FIXME: implement NoA while scanning in software,
2479                 * for now fall through to allow scanning only when
2480                 * beaconing hasn't been configured yet
2481                 */
2482                fallthrough;
2483        case NL80211_IFTYPE_AP:
2484                /*
2485                 * If the scan has been forced (and the driver supports
2486                 * forcing), don't care about being beaconing already.
2487                 * This will create problems to the attached stations (e.g. all
2488                 * the  frames sent while scanning on other channel will be
2489                 * lost)
2490                 */
2491                if (sdata->u.ap.beacon &&
2492                    (!(wiphy->features & NL80211_FEATURE_AP_SCAN) ||
2493                     !(req->flags & NL80211_SCAN_FLAG_AP)))
2494                        return -EOPNOTSUPP;
2495                break;
2496        case NL80211_IFTYPE_NAN:
2497        default:
2498                return -EOPNOTSUPP;
2499        }
2500
2501        return ieee80211_request_scan(sdata, req);
2502}
2503
2504static void ieee80211_abort_scan(struct wiphy *wiphy, struct wireless_dev *wdev)
2505{
2506        ieee80211_scan_cancel(wiphy_priv(wiphy));
2507}
2508
2509static int
2510ieee80211_sched_scan_start(struct wiphy *wiphy,
2511                           struct net_device *dev,
2512                           struct cfg80211_sched_scan_request *req)
2513{
2514        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2515
2516        if (!sdata->local->ops->sched_scan_start)
2517                return -EOPNOTSUPP;
2518
2519        return ieee80211_request_sched_scan_start(sdata, req);
2520}
2521
2522static int
2523ieee80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev,
2524                          u64 reqid)
2525{
2526        struct ieee80211_local *local = wiphy_priv(wiphy);
2527
2528        if (!local->ops->sched_scan_stop)
2529                return -EOPNOTSUPP;
2530
2531        return ieee80211_request_sched_scan_stop(local);
2532}
2533
2534static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
2535                          struct cfg80211_auth_request *req)
2536{
2537        return ieee80211_mgd_auth(IEEE80211_DEV_TO_SUB_IF(dev), req);
2538}
2539
2540static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
2541                           struct cfg80211_assoc_request *req)
2542{
2543        return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
2544}
2545
2546static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,
2547                            struct cfg80211_deauth_request *req)
2548{
2549        return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);
2550}
2551
2552static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
2553                              struct cfg80211_disassoc_request *req)
2554{
2555        return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
2556}
2557
2558static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
2559                               struct cfg80211_ibss_params *params)
2560{
2561        return ieee80211_ibss_join(IEEE80211_DEV_TO_SUB_IF(dev), params);
2562}
2563
2564static int ieee80211_leave_ibss(struct wiphy *wiphy, struct net_device *dev)
2565{
2566        return ieee80211_ibss_leave(IEEE80211_DEV_TO_SUB_IF(dev));
2567}
2568
2569static int ieee80211_join_ocb(struct wiphy *wiphy, struct net_device *dev,
2570                              struct ocb_setup *setup)
2571{
2572        return ieee80211_ocb_join(IEEE80211_DEV_TO_SUB_IF(dev), setup);
2573}
2574
2575static int ieee80211_leave_ocb(struct wiphy *wiphy, struct net_device *dev)
2576{
2577        return ieee80211_ocb_leave(IEEE80211_DEV_TO_SUB_IF(dev));
2578}
2579
2580static int ieee80211_set_mcast_rate(struct wiphy *wiphy, struct net_device *dev,
2581                                    int rate[NUM_NL80211_BANDS])
2582{
2583        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2584
2585        memcpy(sdata->vif.bss_conf.mcast_rate, rate,
2586               sizeof(int) * NUM_NL80211_BANDS);
2587
2588        ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MCAST_RATE);
2589
2590        return 0;
2591}
2592
2593static int ieee80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
2594{
2595        struct ieee80211_local *local = wiphy_priv(wiphy);
2596        int err;
2597
2598        if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
2599                ieee80211_check_fast_xmit_all(local);
2600
2601                err = drv_set_frag_threshold(local, wiphy->frag_threshold);
2602
2603                if (err) {
2604                        ieee80211_check_fast_xmit_all(local);
2605                        return err;
2606                }
2607        }
2608
2609        if ((changed & WIPHY_PARAM_COVERAGE_CLASS) ||
2610            (changed & WIPHY_PARAM_DYN_ACK)) {
2611                s16 coverage_class;
2612
2613                coverage_class = changed & WIPHY_PARAM_COVERAGE_CLASS ?
2614                                        wiphy->coverage_class : -1;
2615                err = drv_set_coverage_class(local, coverage_class);
2616
2617                if (err)
2618                        return err;
2619        }
2620
2621        if (changed & WIPHY_PARAM_RTS_THRESHOLD) {
2622                err = drv_set_rts_threshold(local, wiphy->rts_threshold);
2623
2624                if (err)
2625                        return err;
2626        }
2627
2628        if (changed & WIPHY_PARAM_RETRY_SHORT) {
2629                if (wiphy->retry_short > IEEE80211_MAX_TX_RETRY)
2630                        return -EINVAL;
2631                local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
2632        }
2633        if (changed & WIPHY_PARAM_RETRY_LONG) {
2634                if (wiphy->retry_long > IEEE80211_MAX_TX_RETRY)
2635                        return -EINVAL;
2636                local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
2637        }
2638        if (changed &
2639            (WIPHY_PARAM_RETRY_SHORT | WIPHY_PARAM_RETRY_LONG))
2640                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_RETRY_LIMITS);
2641
2642        if (changed & (WIPHY_PARAM_TXQ_LIMIT |
2643                       WIPHY_PARAM_TXQ_MEMORY_LIMIT |
2644                       WIPHY_PARAM_TXQ_QUANTUM))
2645                ieee80211_txq_set_params(local);
2646
2647        return 0;
2648}
2649
2650static int ieee80211_set_tx_power(struct wiphy *wiphy,
2651                                  struct wireless_dev *wdev,
2652                                  enum nl80211_tx_power_setting type, int mbm)
2653{
2654        struct ieee80211_local *local = wiphy_priv(wiphy);
2655        struct ieee80211_sub_if_data *sdata;
2656        enum nl80211_tx_power_setting txp_type = type;
2657        bool update_txp_type = false;
2658        bool has_monitor = false;
2659
2660        if (wdev) {
2661                sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2662
2663                if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
2664                        sdata = rtnl_dereference(local->monitor_sdata);
2665                        if (!sdata)
2666                                return -EOPNOTSUPP;
2667                }
2668
2669                switch (type) {
2670                case NL80211_TX_POWER_AUTOMATIC:
2671                        sdata->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
2672                        txp_type = NL80211_TX_POWER_LIMITED;
2673                        break;
2674                case NL80211_TX_POWER_LIMITED:
2675                case NL80211_TX_POWER_FIXED:
2676                        if (mbm < 0 || (mbm % 100))
2677                                return -EOPNOTSUPP;
2678                        sdata->user_power_level = MBM_TO_DBM(mbm);
2679                        break;
2680                }
2681
2682                if (txp_type != sdata->vif.bss_conf.txpower_type) {
2683                        update_txp_type = true;
2684                        sdata->vif.bss_conf.txpower_type = txp_type;
2685                }
2686
2687                ieee80211_recalc_txpower(sdata, update_txp_type);
2688
2689                return 0;
2690        }
2691
2692        switch (type) {
2693        case NL80211_TX_POWER_AUTOMATIC:
2694                local->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
2695                txp_type = NL80211_TX_POWER_LIMITED;
2696                break;
2697        case NL80211_TX_POWER_LIMITED:
2698        case NL80211_TX_POWER_FIXED:
2699                if (mbm < 0 || (mbm % 100))
2700                        return -EOPNOTSUPP;
2701                local->user_power_level = MBM_TO_DBM(mbm);
2702                break;
2703        }
2704
2705        mutex_lock(&local->iflist_mtx);
2706        list_for_each_entry(sdata, &local->interfaces, list) {
2707                if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
2708                        has_monitor = true;
2709                        continue;
2710                }
2711                sdata->user_power_level = local->user_power_level;
2712                if (txp_type != sdata->vif.bss_conf.txpower_type)
2713                        update_txp_type = true;
2714                sdata->vif.bss_conf.txpower_type = txp_type;
2715        }
2716        list_for_each_entry(sdata, &local->interfaces, list) {
2717                if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
2718                        continue;
2719                ieee80211_recalc_txpower(sdata, update_txp_type);
2720        }
2721        mutex_unlock(&local->iflist_mtx);
2722
2723        if (has_monitor) {
2724                sdata = rtnl_dereference(local->monitor_sdata);
2725                if (sdata) {
2726                        sdata->user_power_level = local->user_power_level;
2727                        if (txp_type != sdata->vif.bss_conf.txpower_type)
2728                                update_txp_type = true;
2729                        sdata->vif.bss_conf.txpower_type = txp_type;
2730
2731                        ieee80211_recalc_txpower(sdata, update_txp_type);
2732                }
2733        }
2734
2735        return 0;
2736}
2737
2738static int ieee80211_get_tx_power(struct wiphy *wiphy,
2739                                  struct wireless_dev *wdev,
2740                                  int *dbm)
2741{
2742        struct ieee80211_local *local = wiphy_priv(wiphy);
2743        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2744
2745        if (local->ops->get_txpower)
2746                return drv_get_txpower(local, sdata, dbm);
2747
2748        if (!local->use_chanctx)
2749                *dbm = local->hw.conf.power_level;
2750        else
2751                *dbm = sdata->vif.bss_conf.txpower;
2752
2753        return 0;
2754}
2755
2756static void ieee80211_rfkill_poll(struct wiphy *wiphy)
2757{
2758        struct ieee80211_local *local = wiphy_priv(wiphy);
2759
2760        drv_rfkill_poll(local);
2761}
2762
2763#ifdef CONFIG_NL80211_TESTMODE
2764static int ieee80211_testmode_cmd(struct wiphy *wiphy,
2765                                  struct wireless_dev *wdev,
2766                                  void *data, int len)
2767{
2768        struct ieee80211_local *local = wiphy_priv(wiphy);
2769        struct ieee80211_vif *vif = NULL;
2770
2771        if (!local->ops->testmode_cmd)
2772                return -EOPNOTSUPP;
2773
2774        if (wdev) {
2775                struct ieee80211_sub_if_data *sdata;
2776
2777                sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
2778                if (sdata->flags & IEEE80211_SDATA_IN_DRIVER)
2779                        vif = &sdata->vif;
2780        }
2781
2782        return local->ops->testmode_cmd(&local->hw, vif, data, len);
2783}
2784
2785static int ieee80211_testmode_dump(struct wiphy *wiphy,
2786                                   struct sk_buff *skb,
2787                                   struct netlink_callback *cb,
2788                                   void *data, int len)
2789{
2790        struct ieee80211_local *local = wiphy_priv(wiphy);
2791
2792        if (!local->ops->testmode_dump)
2793                return -EOPNOTSUPP;
2794
2795        return local->ops->testmode_dump(&local->hw, skb, cb, data, len);
2796}
2797#endif
2798
2799int __ieee80211_request_smps_mgd(struct ieee80211_sub_if_data *sdata,
2800                                 enum ieee80211_smps_mode smps_mode)
2801{
2802        const u8 *ap;
2803        enum ieee80211_smps_mode old_req;
2804        int err;
2805        struct sta_info *sta;
2806        bool tdls_peer_found = false;
2807
2808        lockdep_assert_held(&sdata->wdev.mtx);
2809
2810        if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION))
2811                return -EINVAL;
2812
2813        old_req = sdata->u.mgd.req_smps;
2814        sdata->u.mgd.req_smps = smps_mode;
2815
2816        if (old_req == smps_mode &&
2817            smps_mode != IEEE80211_SMPS_AUTOMATIC)
2818                return 0;
2819
2820        /*
2821         * If not associated, or current association is not an HT
2822         * association, there's no need to do anything, just store
2823         * the new value until we associate.
2824         */
2825        if (!sdata->u.mgd.associated ||
2826            sdata->vif.bss_conf.chandef.width == NL80211_CHAN_WIDTH_20_NOHT)
2827                return 0;
2828
2829        ap = sdata->u.mgd.associated->bssid;
2830
2831        rcu_read_lock();
2832        list_for_each_entry_rcu(sta, &sdata->local->sta_list, list) {
2833                if (!sta->sta.tdls || sta->sdata != sdata || !sta->uploaded ||
2834                    !test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2835                        continue;
2836
2837                tdls_peer_found = true;
2838                break;
2839        }
2840        rcu_read_unlock();
2841
2842        if (smps_mode == IEEE80211_SMPS_AUTOMATIC) {
2843                if (tdls_peer_found || !sdata->u.mgd.powersave)
2844                        smps_mode = IEEE80211_SMPS_OFF;
2845                else
2846                        smps_mode = IEEE80211_SMPS_DYNAMIC;
2847        }
2848
2849        /* send SM PS frame to AP */
2850        err = ieee80211_send_smps_action(sdata, smps_mode,
2851                                         ap, ap);
2852        if (err)
2853                sdata->u.mgd.req_smps = old_req;
2854        else if (smps_mode != IEEE80211_SMPS_OFF && tdls_peer_found)
2855                ieee80211_teardown_tdls_peers(sdata);
2856
2857        return err;
2858}
2859
2860static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
2861                                    bool enabled, int timeout)
2862{
2863        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2864        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2865
2866        if (sdata->vif.type != NL80211_IFTYPE_STATION)
2867                return -EOPNOTSUPP;
2868
2869        if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
2870                return -EOPNOTSUPP;
2871
2872        if (enabled == sdata->u.mgd.powersave &&
2873            timeout == local->dynamic_ps_forced_timeout)
2874                return 0;
2875
2876        sdata->u.mgd.powersave = enabled;
2877        local->dynamic_ps_forced_timeout = timeout;
2878
2879        /* no change, but if automatic follow powersave */
2880        sdata_lock(sdata);
2881        __ieee80211_request_smps_mgd(sdata, sdata->u.mgd.req_smps);
2882        sdata_unlock(sdata);
2883
2884        if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
2885                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
2886
2887        ieee80211_recalc_ps(local);
2888        ieee80211_recalc_ps_vif(sdata);
2889        ieee80211_check_fast_rx_iface(sdata);
2890
2891        return 0;
2892}
2893
2894static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
2895                                         struct net_device *dev,
2896                                         s32 rssi_thold, u32 rssi_hyst)
2897{
2898        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2899        struct ieee80211_vif *vif = &sdata->vif;
2900        struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
2901
2902        if (rssi_thold == bss_conf->cqm_rssi_thold &&
2903            rssi_hyst == bss_conf->cqm_rssi_hyst)
2904                return 0;
2905
2906        if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER &&
2907            !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI))
2908                return -EOPNOTSUPP;
2909
2910        bss_conf->cqm_rssi_thold = rssi_thold;
2911        bss_conf->cqm_rssi_hyst = rssi_hyst;
2912        bss_conf->cqm_rssi_low = 0;
2913        bss_conf->cqm_rssi_high = 0;
2914        sdata->u.mgd.last_cqm_event_signal = 0;
2915
2916        /* tell the driver upon association, unless already associated */
2917        if (sdata->u.mgd.associated &&
2918            sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)
2919                ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM);
2920
2921        return 0;
2922}
2923
2924static int ieee80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
2925                                               struct net_device *dev,
2926                                               s32 rssi_low, s32 rssi_high)
2927{
2928        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2929        struct ieee80211_vif *vif = &sdata->vif;
2930        struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
2931
2932        if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
2933                return -EOPNOTSUPP;
2934
2935        bss_conf->cqm_rssi_low = rssi_low;
2936        bss_conf->cqm_rssi_high = rssi_high;
2937        bss_conf->cqm_rssi_thold = 0;
2938        bss_conf->cqm_rssi_hyst = 0;
2939        sdata->u.mgd.last_cqm_event_signal = 0;
2940
2941        /* tell the driver upon association, unless already associated */
2942        if (sdata->u.mgd.associated &&
2943            sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)
2944                ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM);
2945
2946        return 0;
2947}
2948
2949static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
2950                                      struct net_device *dev,
2951                                      const u8 *addr,
2952                                      const struct cfg80211_bitrate_mask *mask)
2953{
2954        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2955        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2956        int i, ret;
2957
2958        if (!ieee80211_sdata_running(sdata))
2959                return -ENETDOWN;
2960
2961        /*
2962         * If active validate the setting and reject it if it doesn't leave
2963         * at least one basic rate usable, since we really have to be able
2964         * to send something, and if we're an AP we have to be able to do
2965         * so at a basic rate so that all clients can receive it.
2966         */
2967        if (rcu_access_pointer(sdata->vif.chanctx_conf) &&
2968            sdata->vif.bss_conf.chandef.chan) {
2969                u32 basic_rates = sdata->vif.bss_conf.basic_rates;
2970                enum nl80211_band band = sdata->vif.bss_conf.chandef.chan->band;
2971
2972                if (!(mask->control[band].legacy & basic_rates))
2973                        return -EINVAL;
2974        }
2975
2976        if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
2977                ret = drv_set_bitrate_mask(local, sdata, mask);
2978                if (ret)
2979                        return ret;
2980        }
2981
2982        for (i = 0; i < NUM_NL80211_BANDS; i++) {
2983                struct ieee80211_supported_band *sband = wiphy->bands[i];
2984                int j;
2985
2986                sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
2987                memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].ht_mcs,
2988                       sizeof(mask->control[i].ht_mcs));
2989                memcpy(sdata->rc_rateidx_vht_mcs_mask[i],
2990                       mask->control[i].vht_mcs,
2991                       sizeof(mask->control[i].vht_mcs));
2992
2993                sdata->rc_has_mcs_mask[i] = false;
2994                sdata->rc_has_vht_mcs_mask[i] = false;
2995                if (!sband)
2996                        continue;
2997
2998                for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++) {
2999                        if (sdata->rc_rateidx_mcs_mask[i][j] != 0xff) {
3000                                sdata->rc_has_mcs_mask[i] = true;
3001                                break;
3002                        }
3003                }
3004
3005                for (j = 0; j < NL80211_VHT_NSS_MAX; j++) {
3006                        if (sdata->rc_rateidx_vht_mcs_mask[i][j] != 0xffff) {
3007                                sdata->rc_has_vht_mcs_mask[i] = true;
3008                                break;
3009                        }
3010                }
3011        }
3012
3013        return 0;
3014}
3015
3016static int ieee80211_start_radar_detection(struct wiphy *wiphy,
3017                                           struct net_device *dev,
3018                                           struct cfg80211_chan_def *chandef,
3019                                           u32 cac_time_ms)
3020{
3021        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3022        struct ieee80211_local *local = sdata->local;
3023        int err;
3024
3025        mutex_lock(&local->mtx);
3026        if (!list_empty(&local->roc_list) || local->scanning) {
3027                err = -EBUSY;
3028                goto out_unlock;
3029        }
3030
3031        /* whatever, but channel contexts should not complain about that one */
3032        sdata->smps_mode = IEEE80211_SMPS_OFF;
3033        sdata->needed_rx_chains = local->rx_chains;
3034
3035        err = ieee80211_vif_use_channel(sdata, chandef,
3036                                        IEEE80211_CHANCTX_SHARED);
3037        if (err)
3038                goto out_unlock;
3039
3040        ieee80211_queue_delayed_work(&sdata->local->hw,
3041                                     &sdata->dfs_cac_timer_work,
3042                                     msecs_to_jiffies(cac_time_ms));
3043
3044 out_unlock:
3045        mutex_unlock(&local->mtx);
3046        return err;
3047}
3048
3049static void ieee80211_end_cac(struct wiphy *wiphy,
3050                              struct net_device *dev)
3051{
3052        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3053        struct ieee80211_local *local = sdata->local;
3054
3055        mutex_lock(&local->mtx);
3056        list_for_each_entry(sdata, &local->interfaces, list) {
3057                /* it might be waiting for the local->mtx, but then
3058                 * by the time it gets it, sdata->wdev.cac_started
3059                 * will no longer be true
3060                 */
3061                cancel_delayed_work(&sdata->dfs_cac_timer_work);
3062
3063                if (sdata->wdev.cac_started) {
3064                        ieee80211_vif_release_channel(sdata);
3065                        sdata->wdev.cac_started = false;
3066                }
3067        }
3068        mutex_unlock(&local->mtx);
3069}
3070
3071static struct cfg80211_beacon_data *
3072cfg80211_beacon_dup(struct cfg80211_beacon_data *beacon)
3073{
3074        struct cfg80211_beacon_data *new_beacon;
3075        u8 *pos;
3076        int len;
3077
3078        len = beacon->head_len + beacon->tail_len + beacon->beacon_ies_len +
3079              beacon->proberesp_ies_len + beacon->assocresp_ies_len +
3080              beacon->probe_resp_len + beacon->lci_len + beacon->civicloc_len;
3081
3082        new_beacon = kzalloc(sizeof(*new_beacon) + len, GFP_KERNEL);
3083        if (!new_beacon)
3084                return NULL;
3085
3086        pos = (u8 *)(new_beacon + 1);
3087        if (beacon->head_len) {
3088                new_beacon->head_len = beacon->head_len;
3089                new_beacon->head = pos;
3090                memcpy(pos, beacon->head, beacon->head_len);
3091                pos += beacon->head_len;
3092        }
3093        if (beacon->tail_len) {
3094                new_beacon->tail_len = beacon->tail_len;
3095                new_beacon->tail = pos;
3096                memcpy(pos, beacon->tail, beacon->tail_len);
3097                pos += beacon->tail_len;
3098        }
3099        if (beacon->beacon_ies_len) {
3100                new_beacon->beacon_ies_len = beacon->beacon_ies_len;
3101                new_beacon->beacon_ies = pos;
3102                memcpy(pos, beacon->beacon_ies, beacon->beacon_ies_len);
3103                pos += beacon->beacon_ies_len;
3104        }
3105        if (beacon->proberesp_ies_len) {
3106                new_beacon->proberesp_ies_len = beacon->proberesp_ies_len;
3107                new_beacon->proberesp_ies = pos;
3108                memcpy(pos, beacon->proberesp_ies, beacon->proberesp_ies_len);
3109                pos += beacon->proberesp_ies_len;
3110        }
3111        if (beacon->assocresp_ies_len) {
3112                new_beacon->assocresp_ies_len = beacon->assocresp_ies_len;
3113                new_beacon->assocresp_ies = pos;
3114                memcpy(pos, beacon->assocresp_ies, beacon->assocresp_ies_len);
3115                pos += beacon->assocresp_ies_len;
3116        }
3117        if (beacon->probe_resp_len) {
3118                new_beacon->probe_resp_len = beacon->probe_resp_len;
3119                new_beacon->probe_resp = pos;
3120                memcpy(pos, beacon->probe_resp, beacon->probe_resp_len);
3121                pos += beacon->probe_resp_len;
3122        }
3123
3124        /* might copy -1, meaning no changes requested */
3125        new_beacon->ftm_responder = beacon->ftm_responder;
3126        if (beacon->lci) {
3127                new_beacon->lci_len = beacon->lci_len;
3128                new_beacon->lci = pos;
3129                memcpy(pos, beacon->lci, beacon->lci_len);
3130                pos += beacon->lci_len;
3131        }
3132        if (beacon->civicloc) {
3133                new_beacon->civicloc_len = beacon->civicloc_len;
3134                new_beacon->civicloc = pos;
3135                memcpy(pos, beacon->civicloc, beacon->civicloc_len);
3136                pos += beacon->civicloc_len;
3137        }
3138
3139        return new_beacon;
3140}
3141
3142void ieee80211_csa_finish(struct ieee80211_vif *vif)
3143{
3144        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3145
3146        ieee80211_queue_work(&sdata->local->hw,
3147                             &sdata->csa_finalize_work);
3148}
3149EXPORT_SYMBOL(ieee80211_csa_finish);
3150
3151static int ieee80211_set_after_csa_beacon(struct ieee80211_sub_if_data *sdata,
3152                                          u32 *changed)
3153{
3154        int err;
3155
3156        switch (sdata->vif.type) {
3157        case NL80211_IFTYPE_AP:
3158                err = ieee80211_assign_beacon(sdata, sdata->u.ap.next_beacon,
3159                                              NULL);
3160                kfree(sdata->u.ap.next_beacon);
3161                sdata->u.ap.next_beacon = NULL;
3162
3163                if (err < 0)
3164                        return err;
3165                *changed |= err;
3166                break;
3167        case NL80211_IFTYPE_ADHOC:
3168                err = ieee80211_ibss_finish_csa(sdata);
3169                if (err < 0)
3170                        return err;
3171                *changed |= err;
3172                break;
3173#ifdef CONFIG_MAC80211_MESH
3174        case NL80211_IFTYPE_MESH_POINT:
3175                err = ieee80211_mesh_finish_csa(sdata);
3176                if (err < 0)
3177                        return err;
3178                *changed |= err;
3179                break;
3180#endif
3181        default:
3182                WARN_ON(1);
3183                return -EINVAL;
3184        }
3185
3186        return 0;
3187}
3188
3189static int __ieee80211_csa_finalize(struct ieee80211_sub_if_data *sdata)
3190{
3191        struct ieee80211_local *local = sdata->local;
3192        u32 changed = 0;
3193        int err;
3194
3195        sdata_assert_lock(sdata);
3196        lockdep_assert_held(&local->mtx);
3197        lockdep_assert_held(&local->chanctx_mtx);
3198
3199        /*
3200         * using reservation isn't immediate as it may be deferred until later
3201         * with multi-vif. once reservation is complete it will re-schedule the
3202         * work with no reserved_chanctx so verify chandef to check if it
3203         * completed successfully
3204         */
3205
3206        if (sdata->reserved_chanctx) {
3207                /*
3208                 * with multi-vif csa driver may call ieee80211_csa_finish()
3209                 * many times while waiting for other interfaces to use their
3210                 * reservations
3211                 */
3212                if (sdata->reserved_ready)
3213                        return 0;
3214
3215                return ieee80211_vif_use_reserved_context(sdata);
3216        }
3217
3218        if (!cfg80211_chandef_identical(&sdata->vif.bss_conf.chandef,
3219                                        &sdata->csa_chandef))
3220                return -EINVAL;
3221
3222        sdata->vif.csa_active = false;
3223
3224        err = ieee80211_set_after_csa_beacon(sdata, &changed);
3225        if (err)
3226                return err;
3227
3228        ieee80211_bss_info_change_notify(sdata, changed);
3229
3230        if (sdata->csa_block_tx) {
3231                ieee80211_wake_vif_queues(local, sdata,
3232                                          IEEE80211_QUEUE_STOP_REASON_CSA);
3233                sdata->csa_block_tx = false;
3234        }
3235
3236        err = drv_post_channel_switch(sdata);
3237        if (err)
3238                return err;
3239
3240        cfg80211_ch_switch_notify(sdata->dev, &sdata->csa_chandef);
3241
3242        return 0;
3243}
3244
3245static void ieee80211_csa_finalize(struct ieee80211_sub_if_data *sdata)
3246{
3247        if (__ieee80211_csa_finalize(sdata)) {
3248                sdata_info(sdata, "failed to finalize CSA, disconnecting\n");
3249                cfg80211_stop_iface(sdata->local->hw.wiphy, &sdata->wdev,
3250                                    GFP_KERNEL);
3251        }
3252}
3253
3254void ieee80211_csa_finalize_work(struct work_struct *work)
3255{
3256        struct ieee80211_sub_if_data *sdata =
3257                container_of(work, struct ieee80211_sub_if_data,
3258                             csa_finalize_work);
3259        struct ieee80211_local *local = sdata->local;
3260
3261        sdata_lock(sdata);
3262        mutex_lock(&local->mtx);
3263        mutex_lock(&local->chanctx_mtx);
3264
3265        /* AP might have been stopped while waiting for the lock. */
3266        if (!sdata->vif.csa_active)
3267                goto unlock;
3268
3269        if (!ieee80211_sdata_running(sdata))
3270                goto unlock;
3271
3272        ieee80211_csa_finalize(sdata);
3273
3274unlock:
3275        mutex_unlock(&local->chanctx_mtx);
3276        mutex_unlock(&local->mtx);
3277        sdata_unlock(sdata);
3278}
3279
3280static int ieee80211_set_csa_beacon(struct ieee80211_sub_if_data *sdata,
3281                                    struct cfg80211_csa_settings *params,
3282                                    u32 *changed)
3283{
3284        struct ieee80211_csa_settings csa = {};
3285        int err;
3286
3287        switch (sdata->vif.type) {
3288        case NL80211_IFTYPE_AP:
3289                sdata->u.ap.next_beacon =
3290                        cfg80211_beacon_dup(&params->beacon_after);
3291                if (!sdata->u.ap.next_beacon)
3292                        return -ENOMEM;
3293
3294                /*
3295                 * With a count of 0, we don't have to wait for any
3296                 * TBTT before switching, so complete the CSA
3297                 * immediately.  In theory, with a count == 1 we
3298                 * should delay the switch until just before the next
3299                 * TBTT, but that would complicate things so we switch
3300                 * immediately too.  If we would delay the switch
3301                 * until the next TBTT, we would have to set the probe
3302                 * response here.
3303                 *
3304                 * TODO: A channel switch with count <= 1 without
3305                 * sending a CSA action frame is kind of useless,
3306                 * because the clients won't know we're changing
3307                 * channels.  The action frame must be implemented
3308                 * either here or in the userspace.
3309                 */
3310                if (params->count <= 1)
3311                        break;
3312
3313                if ((params->n_counter_offsets_beacon >
3314                     IEEE80211_MAX_CNTDWN_COUNTERS_NUM) ||
3315                    (params->n_counter_offsets_presp >
3316                     IEEE80211_MAX_CNTDWN_COUNTERS_NUM))
3317                        return -EINVAL;
3318
3319                csa.counter_offsets_beacon = params->counter_offsets_beacon;
3320                csa.counter_offsets_presp = params->counter_offsets_presp;
3321                csa.n_counter_offsets_beacon = params->n_counter_offsets_beacon;
3322                csa.n_counter_offsets_presp = params->n_counter_offsets_presp;
3323                csa.count = params->count;
3324
3325                err = ieee80211_assign_beacon(sdata, &params->beacon_csa, &csa);
3326                if (err < 0) {
3327                        kfree(sdata->u.ap.next_beacon);
3328                        return err;
3329                }
3330                *changed |= err;
3331
3332                break;
3333        case NL80211_IFTYPE_ADHOC:
3334                if (!sdata->vif.bss_conf.ibss_joined)
3335                        return -EINVAL;
3336
3337                if (params->chandef.width != sdata->u.ibss.chandef.width)
3338                        return -EINVAL;
3339
3340                switch (params->chandef.width) {
3341                case NL80211_CHAN_WIDTH_40:
3342                        if (cfg80211_get_chandef_type(&params->chandef) !=
3343                            cfg80211_get_chandef_type(&sdata->u.ibss.chandef))
3344                                return -EINVAL;
3345                        break;
3346                case NL80211_CHAN_WIDTH_5:
3347                case NL80211_CHAN_WIDTH_10:
3348                case NL80211_CHAN_WIDTH_20_NOHT:
3349                case NL80211_CHAN_WIDTH_20:
3350                        break;
3351                default:
3352                        return -EINVAL;
3353                }
3354
3355                /* changes into another band are not supported */
3356                if (sdata->u.ibss.chandef.chan->band !=
3357                    params->chandef.chan->band)
3358                        return -EINVAL;
3359
3360                /* see comments in the NL80211_IFTYPE_AP block */
3361                if (params->count > 1) {
3362                        err = ieee80211_ibss_csa_beacon(sdata, params);
3363                        if (err < 0)
3364                                return err;
3365                        *changed |= err;
3366                }
3367
3368                ieee80211_send_action_csa(sdata, params);
3369
3370                break;
3371#ifdef CONFIG_MAC80211_MESH
3372        case NL80211_IFTYPE_MESH_POINT: {
3373                struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
3374
3375                if (params->chandef.width != sdata->vif.bss_conf.chandef.width)
3376                        return -EINVAL;
3377
3378                /* changes into another band are not supported */
3379                if (sdata->vif.bss_conf.chandef.chan->band !=
3380                    params->chandef.chan->band)
3381                        return -EINVAL;
3382
3383                if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_NONE) {
3384                        ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_INIT;
3385                        if (!ifmsh->pre_value)
3386                                ifmsh->pre_value = 1;
3387                        else
3388                                ifmsh->pre_value++;
3389                }
3390
3391                /* see comments in the NL80211_IFTYPE_AP block */
3392                if (params->count > 1) {
3393                        err = ieee80211_mesh_csa_beacon(sdata, params);
3394                        if (err < 0) {
3395                                ifmsh->csa_role = IEEE80211_MESH_CSA_ROLE_NONE;
3396                                return err;
3397                        }
3398                        *changed |= err;
3399                }
3400
3401                if (ifmsh->csa_role == IEEE80211_MESH_CSA_ROLE_INIT)
3402                        ieee80211_send_action_csa(sdata, params);
3403
3404                break;
3405                }
3406#endif
3407        default:
3408                return -EOPNOTSUPP;
3409        }
3410
3411        return 0;
3412}
3413
3414static int
3415__ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
3416                           struct cfg80211_csa_settings *params)
3417{
3418        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3419        struct ieee80211_local *local = sdata->local;
3420        struct ieee80211_channel_switch ch_switch;
3421        struct ieee80211_chanctx_conf *conf;
3422        struct ieee80211_chanctx *chanctx;
3423        u32 changed = 0;
3424        int err;
3425
3426        sdata_assert_lock(sdata);
3427        lockdep_assert_held(&local->mtx);
3428
3429        if (!list_empty(&local->roc_list) || local->scanning)
3430                return -EBUSY;
3431
3432        if (sdata->wdev.cac_started)
3433                return -EBUSY;
3434
3435        if (cfg80211_chandef_identical(&params->chandef,
3436                                       &sdata->vif.bss_conf.chandef))
3437                return -EINVAL;
3438
3439        /* don't allow another channel switch if one is already active. */
3440        if (sdata->vif.csa_active)
3441                return -EBUSY;
3442
3443        mutex_lock(&local->chanctx_mtx);
3444        conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
3445                                         lockdep_is_held(&local->chanctx_mtx));
3446        if (!conf) {
3447                err = -EBUSY;
3448                goto out;
3449        }
3450
3451        if (params->chandef.chan->freq_offset) {
3452                /* this may work, but is untested */
3453                err = -EOPNOTSUPP;
3454                goto out;
3455        }
3456
3457        chanctx = container_of(conf, struct ieee80211_chanctx, conf);
3458
3459        ch_switch.timestamp = 0;
3460        ch_switch.device_timestamp = 0;
3461        ch_switch.block_tx = params->block_tx;
3462        ch_switch.chandef = params->chandef;
3463        ch_switch.count = params->count;
3464
3465        err = drv_pre_channel_switch(sdata, &ch_switch);
3466        if (err)
3467                goto out;
3468
3469        err = ieee80211_vif_reserve_chanctx(sdata, &params->chandef,
3470                                            chanctx->mode,
3471                                            params->radar_required);
3472        if (err)
3473                goto out;
3474
3475        /* if reservation is invalid then this will fail */
3476        err = ieee80211_check_combinations(sdata, NULL, chanctx->mode, 0);
3477        if (err) {
3478                ieee80211_vif_unreserve_chanctx(sdata);
3479                goto out;
3480        }
3481
3482        err = ieee80211_set_csa_beacon(sdata, params, &changed);
3483        if (err) {
3484                ieee80211_vif_unreserve_chanctx(sdata);
3485                goto out;
3486        }
3487
3488        sdata->csa_chandef = params->chandef;
3489        sdata->csa_block_tx = params->block_tx;
3490        sdata->vif.csa_active = true;
3491
3492        if (sdata->csa_block_tx)
3493                ieee80211_stop_vif_queues(local, sdata,
3494                                          IEEE80211_QUEUE_STOP_REASON_CSA);
3495
3496        cfg80211_ch_switch_started_notify(sdata->dev, &sdata->csa_chandef,
3497                                          params->count, params->block_tx);
3498
3499        if (changed) {
3500                ieee80211_bss_info_change_notify(sdata, changed);
3501                drv_channel_switch_beacon(sdata, &params->chandef);
3502        } else {
3503                /* if the beacon didn't change, we can finalize immediately */
3504                ieee80211_csa_finalize(sdata);
3505        }
3506
3507out:
3508        mutex_unlock(&local->chanctx_mtx);
3509        return err;
3510}
3511
3512int ieee80211_channel_switch(struct wiphy *wiphy, struct net_device *dev,
3513                             struct cfg80211_csa_settings *params)
3514{
3515        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3516        struct ieee80211_local *local = sdata->local;
3517        int err;
3518
3519        mutex_lock(&local->mtx);
3520        err = __ieee80211_channel_switch(wiphy, dev, params);
3521        mutex_unlock(&local->mtx);
3522
3523        return err;
3524}
3525
3526u64 ieee80211_mgmt_tx_cookie(struct ieee80211_local *local)
3527{
3528        lockdep_assert_held(&local->mtx);
3529
3530        local->roc_cookie_counter++;
3531
3532        /* wow, you wrapped 64 bits ... more likely a bug */
3533        if (WARN_ON(local->roc_cookie_counter == 0))
3534                local->roc_cookie_counter++;
3535
3536        return local->roc_cookie_counter;
3537}
3538
3539int ieee80211_attach_ack_skb(struct ieee80211_local *local, struct sk_buff *skb,
3540                             u64 *cookie, gfp_t gfp)
3541{
3542        unsigned long spin_flags;
3543        struct sk_buff *ack_skb;
3544        int id;
3545
3546        ack_skb = skb_copy(skb, gfp);
3547        if (!ack_skb)
3548                return -ENOMEM;
3549
3550        spin_lock_irqsave(&local->ack_status_lock, spin_flags);
3551        id = idr_alloc(&local->ack_status_frames, ack_skb,
3552                       1, 0x2000, GFP_ATOMIC);
3553        spin_unlock_irqrestore(&local->ack_status_lock, spin_flags);
3554
3555        if (id < 0) {
3556                kfree_skb(ack_skb);
3557                return -ENOMEM;
3558        }
3559
3560        IEEE80211_SKB_CB(skb)->ack_frame_id = id;
3561
3562        *cookie = ieee80211_mgmt_tx_cookie(local);
3563        IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
3564
3565        return 0;
3566}
3567
3568static void
3569ieee80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
3570                                          struct wireless_dev *wdev,
3571                                          struct mgmt_frame_regs *upd)
3572{
3573        struct ieee80211_local *local = wiphy_priv(wiphy);
3574        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3575        u32 preq_mask = BIT(IEEE80211_STYPE_PROBE_REQ >> 4);
3576        u32 action_mask = BIT(IEEE80211_STYPE_ACTION >> 4);
3577        bool global_change, intf_change;
3578
3579        global_change =
3580                (local->probe_req_reg != !!(upd->global_stypes & preq_mask)) ||
3581                (local->rx_mcast_action_reg !=
3582                 !!(upd->global_mcast_stypes & action_mask));
3583        local->probe_req_reg = upd->global_stypes & preq_mask;
3584        local->rx_mcast_action_reg = upd->global_mcast_stypes & action_mask;
3585
3586        intf_change = (sdata->vif.probe_req_reg !=
3587                       !!(upd->interface_stypes & preq_mask)) ||
3588                (sdata->vif.rx_mcast_action_reg !=
3589                 !!(upd->interface_mcast_stypes & action_mask));
3590        sdata->vif.probe_req_reg = upd->interface_stypes & preq_mask;
3591        sdata->vif.rx_mcast_action_reg =
3592                upd->interface_mcast_stypes & action_mask;
3593
3594        if (!local->open_count)
3595                return;
3596
3597        if (intf_change && ieee80211_sdata_running(sdata))
3598                drv_config_iface_filter(local, sdata,
3599                                        sdata->vif.probe_req_reg ?
3600                                                FIF_PROBE_REQ : 0,
3601                                        FIF_PROBE_REQ);
3602
3603        if (global_change)
3604                ieee80211_configure_filter(local);
3605}
3606
3607static int ieee80211_set_antenna(struct wiphy *wiphy, u32 tx_ant, u32 rx_ant)
3608{
3609        struct ieee80211_local *local = wiphy_priv(wiphy);
3610
3611        if (local->started)
3612                return -EOPNOTSUPP;
3613
3614        return drv_set_antenna(local, tx_ant, rx_ant);
3615}
3616
3617static int ieee80211_get_antenna(struct wiphy *wiphy, u32 *tx_ant, u32 *rx_ant)
3618{
3619        struct ieee80211_local *local = wiphy_priv(wiphy);
3620
3621        return drv_get_antenna(local, tx_ant, rx_ant);
3622}
3623
3624static int ieee80211_set_rekey_data(struct wiphy *wiphy,
3625                                    struct net_device *dev,
3626                                    struct cfg80211_gtk_rekey_data *data)
3627{
3628        struct ieee80211_local *local = wiphy_priv(wiphy);
3629        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3630
3631        if (!local->ops->set_rekey_data)
3632                return -EOPNOTSUPP;
3633
3634        drv_set_rekey_data(local, sdata, data);
3635
3636        return 0;
3637}
3638
3639static int ieee80211_probe_client(struct wiphy *wiphy, struct net_device *dev,
3640                                  const u8 *peer, u64 *cookie)
3641{
3642        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3643        struct ieee80211_local *local = sdata->local;
3644        struct ieee80211_qos_hdr *nullfunc;
3645        struct sk_buff *skb;
3646        int size = sizeof(*nullfunc);
3647        __le16 fc;
3648        bool qos;
3649        struct ieee80211_tx_info *info;
3650        struct sta_info *sta;
3651        struct ieee80211_chanctx_conf *chanctx_conf;
3652        enum nl80211_band band;
3653        int ret;
3654
3655        /* the lock is needed to assign the cookie later */
3656        mutex_lock(&local->mtx);
3657
3658        rcu_read_lock();
3659        chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3660        if (WARN_ON(!chanctx_conf)) {
3661                ret = -EINVAL;
3662                goto unlock;
3663        }
3664        band = chanctx_conf->def.chan->band;
3665        sta = sta_info_get_bss(sdata, peer);
3666        if (sta) {
3667                qos = sta->sta.wme;
3668        } else {
3669                ret = -ENOLINK;
3670                goto unlock;
3671        }
3672
3673        if (qos) {
3674                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
3675                                 IEEE80211_STYPE_QOS_NULLFUNC |
3676                                 IEEE80211_FCTL_FROMDS);
3677        } else {
3678                size -= 2;
3679                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
3680                                 IEEE80211_STYPE_NULLFUNC |
3681                                 IEEE80211_FCTL_FROMDS);
3682        }
3683
3684        skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
3685        if (!skb) {
3686                ret = -ENOMEM;
3687                goto unlock;
3688        }
3689
3690        skb->dev = dev;
3691
3692        skb_reserve(skb, local->hw.extra_tx_headroom);
3693
3694        nullfunc = skb_put(skb, size);
3695        nullfunc->frame_control = fc;
3696        nullfunc->duration_id = 0;
3697        memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
3698        memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
3699        memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
3700        nullfunc->seq_ctrl = 0;
3701
3702        info = IEEE80211_SKB_CB(skb);
3703
3704        info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS |
3705                       IEEE80211_TX_INTFL_NL80211_FRAME_TX;
3706        info->band = band;
3707
3708        skb_set_queue_mapping(skb, IEEE80211_AC_VO);
3709        skb->priority = 7;
3710        if (qos)
3711                nullfunc->qos_ctrl = cpu_to_le16(7);
3712
3713        ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_ATOMIC);
3714        if (ret) {
3715                kfree_skb(skb);
3716                goto unlock;
3717        }
3718
3719        local_bh_disable();
3720        ieee80211_xmit(sdata, sta, skb);
3721        local_bh_enable();
3722
3723        ret = 0;
3724unlock:
3725        rcu_read_unlock();
3726        mutex_unlock(&local->mtx);
3727
3728        return ret;
3729}
3730
3731static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
3732                                     struct wireless_dev *wdev,
3733                                     struct cfg80211_chan_def *chandef)
3734{
3735        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
3736        struct ieee80211_local *local = wiphy_priv(wiphy);
3737        struct ieee80211_chanctx_conf *chanctx_conf;
3738        int ret = -ENODATA;
3739
3740        rcu_read_lock();
3741        chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
3742        if (chanctx_conf) {
3743                *chandef = sdata->vif.bss_conf.chandef;
3744                ret = 0;
3745        } else if (local->open_count > 0 &&
3746                   local->open_count == local->monitors &&
3747                   sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3748                if (local->use_chanctx)
3749                        *chandef = local->monitor_chandef;
3750                else
3751                        *chandef = local->_oper_chandef;
3752                ret = 0;
3753        }
3754        rcu_read_unlock();
3755
3756        return ret;
3757}
3758
3759#ifdef CONFIG_PM
3760static void ieee80211_set_wakeup(struct wiphy *wiphy, bool enabled)
3761{
3762        drv_set_wakeup(wiphy_priv(wiphy), enabled);
3763}
3764#endif
3765
3766static int ieee80211_set_qos_map(struct wiphy *wiphy,
3767                                 struct net_device *dev,
3768                                 struct cfg80211_qos_map *qos_map)
3769{
3770        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3771        struct mac80211_qos_map *new_qos_map, *old_qos_map;
3772
3773        if (qos_map) {
3774                new_qos_map = kzalloc(sizeof(*new_qos_map), GFP_KERNEL);
3775                if (!new_qos_map)
3776                        return -ENOMEM;
3777                memcpy(&new_qos_map->qos_map, qos_map, sizeof(*qos_map));
3778        } else {
3779                /* A NULL qos_map was passed to disable QoS mapping */
3780                new_qos_map = NULL;
3781        }
3782
3783        old_qos_map = sdata_dereference(sdata->qos_map, sdata);
3784        rcu_assign_pointer(sdata->qos_map, new_qos_map);
3785        if (old_qos_map)
3786                kfree_rcu(old_qos_map, rcu_head);
3787
3788        return 0;
3789}
3790
3791static int ieee80211_set_ap_chanwidth(struct wiphy *wiphy,
3792                                      struct net_device *dev,
3793                                      struct cfg80211_chan_def *chandef)
3794{
3795        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3796        int ret;
3797        u32 changed = 0;
3798
3799        ret = ieee80211_vif_change_bandwidth(sdata, chandef, &changed);
3800        if (ret == 0)
3801                ieee80211_bss_info_change_notify(sdata, changed);
3802
3803        return ret;
3804}
3805
3806static int ieee80211_add_tx_ts(struct wiphy *wiphy, struct net_device *dev,
3807                               u8 tsid, const u8 *peer, u8 up,
3808                               u16 admitted_time)
3809{
3810        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3811        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3812        int ac = ieee802_1d_to_ac[up];
3813
3814        if (sdata->vif.type != NL80211_IFTYPE_STATION)
3815                return -EOPNOTSUPP;
3816
3817        if (!(sdata->wmm_acm & BIT(up)))
3818                return -EINVAL;
3819
3820        if (ifmgd->tx_tspec[ac].admitted_time)
3821                return -EBUSY;
3822
3823        if (admitted_time) {
3824                ifmgd->tx_tspec[ac].admitted_time = 32 * admitted_time;
3825                ifmgd->tx_tspec[ac].tsid = tsid;
3826                ifmgd->tx_tspec[ac].up = up;
3827        }
3828
3829        return 0;
3830}
3831
3832static int ieee80211_del_tx_ts(struct wiphy *wiphy, struct net_device *dev,
3833                               u8 tsid, const u8 *peer)
3834{
3835        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3836        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3837        struct ieee80211_local *local = wiphy_priv(wiphy);
3838        int ac;
3839
3840        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
3841                struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac];
3842
3843                /* skip unused entries */
3844                if (!tx_tspec->admitted_time)
3845                        continue;
3846
3847                if (tx_tspec->tsid != tsid)
3848                        continue;
3849
3850                /* due to this new packets will be reassigned to non-ACM ACs */
3851                tx_tspec->up = -1;
3852
3853                /* Make sure that all packets have been sent to avoid to
3854                 * restore the QoS params on packets that are still on the
3855                 * queues.
3856                 */
3857                synchronize_net();
3858                ieee80211_flush_queues(local, sdata, false);
3859
3860                /* restore the normal QoS parameters
3861                 * (unconditionally to avoid races)
3862                 */
3863                tx_tspec->action = TX_TSPEC_ACTION_STOP_DOWNGRADE;
3864                tx_tspec->downgraded = false;
3865                ieee80211_sta_handle_tspec_ac_params(sdata);
3866
3867                /* finally clear all the data */
3868                memset(tx_tspec, 0, sizeof(*tx_tspec));
3869
3870                return 0;
3871        }
3872
3873        return -ENOENT;
3874}
3875
3876void ieee80211_nan_func_terminated(struct ieee80211_vif *vif,
3877                                   u8 inst_id,
3878                                   enum nl80211_nan_func_term_reason reason,
3879                                   gfp_t gfp)
3880{
3881        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3882        struct cfg80211_nan_func *func;
3883        u64 cookie;
3884
3885        if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
3886                return;
3887
3888        spin_lock_bh(&sdata->u.nan.func_lock);
3889
3890        func = idr_find(&sdata->u.nan.function_inst_ids, inst_id);
3891        if (WARN_ON(!func)) {
3892                spin_unlock_bh(&sdata->u.nan.func_lock);
3893                return;
3894        }
3895
3896        cookie = func->cookie;
3897        idr_remove(&sdata->u.nan.function_inst_ids, inst_id);
3898
3899        spin_unlock_bh(&sdata->u.nan.func_lock);
3900
3901        cfg80211_free_nan_func(func);
3902
3903        cfg80211_nan_func_terminated(ieee80211_vif_to_wdev(vif), inst_id,
3904                                     reason, cookie, gfp);
3905}
3906EXPORT_SYMBOL(ieee80211_nan_func_terminated);
3907
3908void ieee80211_nan_func_match(struct ieee80211_vif *vif,
3909                              struct cfg80211_nan_match_params *match,
3910                              gfp_t gfp)
3911{
3912        struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
3913        struct cfg80211_nan_func *func;
3914
3915        if (WARN_ON(vif->type != NL80211_IFTYPE_NAN))
3916                return;
3917
3918        spin_lock_bh(&sdata->u.nan.func_lock);
3919
3920        func = idr_find(&sdata->u.nan.function_inst_ids,  match->inst_id);
3921        if (WARN_ON(!func)) {
3922                spin_unlock_bh(&sdata->u.nan.func_lock);
3923                return;
3924        }
3925        match->cookie = func->cookie;
3926
3927        spin_unlock_bh(&sdata->u.nan.func_lock);
3928
3929        cfg80211_nan_match(ieee80211_vif_to_wdev(vif), match, gfp);
3930}
3931EXPORT_SYMBOL(ieee80211_nan_func_match);
3932
3933static int ieee80211_set_multicast_to_unicast(struct wiphy *wiphy,
3934                                              struct net_device *dev,
3935                                              const bool enabled)
3936{
3937        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
3938
3939        sdata->u.ap.multicast_to_unicast = enabled;
3940
3941        return 0;
3942}
3943
3944void ieee80211_fill_txq_stats(struct cfg80211_txq_stats *txqstats,
3945                              struct txq_info *txqi)
3946{
3947        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_BYTES))) {
3948                txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_BYTES);
3949                txqstats->backlog_bytes = txqi->tin.backlog_bytes;
3950        }
3951
3952        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS))) {
3953                txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS);
3954                txqstats->backlog_packets = txqi->tin.backlog_packets;
3955        }
3956
3957        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_FLOWS))) {
3958                txqstats->filled |= BIT(NL80211_TXQ_STATS_FLOWS);
3959                txqstats->flows = txqi->tin.flows;
3960        }
3961
3962        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_DROPS))) {
3963                txqstats->filled |= BIT(NL80211_TXQ_STATS_DROPS);
3964                txqstats->drops = txqi->cstats.drop_count;
3965        }
3966
3967        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_ECN_MARKS))) {
3968                txqstats->filled |= BIT(NL80211_TXQ_STATS_ECN_MARKS);
3969                txqstats->ecn_marks = txqi->cstats.ecn_mark;
3970        }
3971
3972        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_OVERLIMIT))) {
3973                txqstats->filled |= BIT(NL80211_TXQ_STATS_OVERLIMIT);
3974                txqstats->overlimit = txqi->tin.overlimit;
3975        }
3976
3977        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_COLLISIONS))) {
3978                txqstats->filled |= BIT(NL80211_TXQ_STATS_COLLISIONS);
3979                txqstats->collisions = txqi->tin.collisions;
3980        }
3981
3982        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_BYTES))) {
3983                txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_BYTES);
3984                txqstats->tx_bytes = txqi->tin.tx_bytes;
3985        }
3986
3987        if (!(txqstats->filled & BIT(NL80211_TXQ_STATS_TX_PACKETS))) {
3988                txqstats->filled |= BIT(NL80211_TXQ_STATS_TX_PACKETS);
3989                txqstats->tx_packets = txqi->tin.tx_packets;
3990        }
3991}
3992
3993static int ieee80211_get_txq_stats(struct wiphy *wiphy,
3994                                   struct wireless_dev *wdev,
3995                                   struct cfg80211_txq_stats *txqstats)
3996{
3997        struct ieee80211_local *local = wiphy_priv(wiphy);
3998        struct ieee80211_sub_if_data *sdata;
3999        int ret = 0;
4000
4001        if (!local->ops->wake_tx_queue)
4002                return 1;
4003
4004        spin_lock_bh(&local->fq.lock);
4005        rcu_read_lock();
4006
4007        if (wdev) {
4008                sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
4009                if (!sdata->vif.txq) {
4010                        ret = 1;
4011                        goto out;
4012                }
4013                ieee80211_fill_txq_stats(txqstats, to_txq_info(sdata->vif.txq));
4014        } else {
4015                /* phy stats */
4016                txqstats->filled |= BIT(NL80211_TXQ_STATS_BACKLOG_PACKETS) |
4017                                    BIT(NL80211_TXQ_STATS_BACKLOG_BYTES) |
4018                                    BIT(NL80211_TXQ_STATS_OVERLIMIT) |
4019                                    BIT(NL80211_TXQ_STATS_OVERMEMORY) |
4020                                    BIT(NL80211_TXQ_STATS_COLLISIONS) |
4021                                    BIT(NL80211_TXQ_STATS_MAX_FLOWS);
4022                txqstats->backlog_packets = local->fq.backlog;
4023                txqstats->backlog_bytes = local->fq.memory_usage;
4024                txqstats->overlimit = local->fq.overlimit;
4025                txqstats->overmemory = local->fq.overmemory;
4026                txqstats->collisions = local->fq.collisions;
4027                txqstats->max_flows = local->fq.flows_cnt;
4028        }
4029
4030out:
4031        rcu_read_unlock();
4032        spin_unlock_bh(&local->fq.lock);
4033
4034        return ret;
4035}
4036
4037static int
4038ieee80211_get_ftm_responder_stats(struct wiphy *wiphy,
4039                                  struct net_device *dev,
4040                                  struct cfg80211_ftm_responder_stats *ftm_stats)
4041{
4042        struct ieee80211_local *local = wiphy_priv(wiphy);
4043        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4044
4045        return drv_get_ftm_responder_stats(local, sdata, ftm_stats);
4046}
4047
4048static int
4049ieee80211_start_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
4050                     struct cfg80211_pmsr_request *request)
4051{
4052        struct ieee80211_local *local = wiphy_priv(wiphy);
4053        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
4054
4055        return drv_start_pmsr(local, sdata, request);
4056}
4057
4058static void
4059ieee80211_abort_pmsr(struct wiphy *wiphy, struct wireless_dev *dev,
4060                     struct cfg80211_pmsr_request *request)
4061{
4062        struct ieee80211_local *local = wiphy_priv(wiphy);
4063        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(dev);
4064
4065        return drv_abort_pmsr(local, sdata, request);
4066}
4067
4068static int ieee80211_set_tid_config(struct wiphy *wiphy,
4069                                    struct net_device *dev,
4070                                    struct cfg80211_tid_config *tid_conf)
4071{
4072        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4073        struct sta_info *sta;
4074        int ret;
4075
4076        if (!sdata->local->ops->set_tid_config)
4077                return -EOPNOTSUPP;
4078
4079        if (!tid_conf->peer)
4080                return drv_set_tid_config(sdata->local, sdata, NULL, tid_conf);
4081
4082        mutex_lock(&sdata->local->sta_mtx);
4083        sta = sta_info_get_bss(sdata, tid_conf->peer);
4084        if (!sta) {
4085                mutex_unlock(&sdata->local->sta_mtx);
4086                return -ENOENT;
4087        }
4088
4089        ret = drv_set_tid_config(sdata->local, sdata, &sta->sta, tid_conf);
4090        mutex_unlock(&sdata->local->sta_mtx);
4091
4092        return ret;
4093}
4094
4095static int ieee80211_reset_tid_config(struct wiphy *wiphy,
4096                                      struct net_device *dev,
4097                                      const u8 *peer, u8 tids)
4098{
4099        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4100        struct sta_info *sta;
4101        int ret;
4102
4103        if (!sdata->local->ops->reset_tid_config)
4104                return -EOPNOTSUPP;
4105
4106        if (!peer)
4107                return drv_reset_tid_config(sdata->local, sdata, NULL, tids);
4108
4109        mutex_lock(&sdata->local->sta_mtx);
4110        sta = sta_info_get_bss(sdata, peer);
4111        if (!sta) {
4112                mutex_unlock(&sdata->local->sta_mtx);
4113                return -ENOENT;
4114        }
4115
4116        ret = drv_reset_tid_config(sdata->local, sdata, &sta->sta, tids);
4117        mutex_unlock(&sdata->local->sta_mtx);
4118
4119        return ret;
4120}
4121
4122static int ieee80211_set_sar_specs(struct wiphy *wiphy,
4123                                   struct cfg80211_sar_specs *sar)
4124{
4125        struct ieee80211_local *local = wiphy_priv(wiphy);
4126
4127        if (!local->ops->set_sar_specs)
4128                return -EOPNOTSUPP;
4129
4130        return local->ops->set_sar_specs(&local->hw, sar);
4131}
4132
4133const struct cfg80211_ops mac80211_config_ops = {
4134        .add_virtual_intf = ieee80211_add_iface,
4135        .del_virtual_intf = ieee80211_del_iface,
4136        .change_virtual_intf = ieee80211_change_iface,
4137        .start_p2p_device = ieee80211_start_p2p_device,
4138        .stop_p2p_device = ieee80211_stop_p2p_device,
4139        .add_key = ieee80211_add_key,
4140        .del_key = ieee80211_del_key,
4141        .get_key = ieee80211_get_key,
4142        .set_default_key = ieee80211_config_default_key,
4143        .