of: Fix NULL dereference in unflatten_and_copy()
[firefly-linux-kernel-4.4.55.git] / net / mac80211 / util.c
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2005-2006, Devicescape Software, Inc.
4  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
5  * Copyright 2007       Johannes Berg <johannes@sipsolutions.net>
6  *
7  * This program is free software; you can redistribute it and/or modify
8  * it under the terms of the GNU General Public License version 2 as
9  * published by the Free Software Foundation.
10  *
11  * utilities for mac80211
12  */
13
14 #include <net/mac80211.h>
15 #include <linux/netdevice.h>
16 #include <linux/export.h>
17 #include <linux/types.h>
18 #include <linux/slab.h>
19 #include <linux/skbuff.h>
20 #include <linux/etherdevice.h>
21 #include <linux/if_arp.h>
22 #include <linux/bitmap.h>
23 #include <linux/crc32.h>
24 #include <net/net_namespace.h>
25 #include <net/cfg80211.h>
26 #include <net/rtnetlink.h>
27
28 #include "ieee80211_i.h"
29 #include "driver-ops.h"
30 #include "rate.h"
31 #include "mesh.h"
32 #include "wme.h"
33 #include "led.h"
34 #include "wep.h"
35
36 /* privid for wiphys to determine whether they belong to us or not */
37 void *mac80211_wiphy_privid = &mac80211_wiphy_privid;
38
39 struct ieee80211_hw *wiphy_to_ieee80211_hw(struct wiphy *wiphy)
40 {
41         struct ieee80211_local *local;
42         BUG_ON(!wiphy);
43
44         local = wiphy_priv(wiphy);
45         return &local->hw;
46 }
47 EXPORT_SYMBOL(wiphy_to_ieee80211_hw);
48
49 u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len,
50                         enum nl80211_iftype type)
51 {
52         __le16 fc = hdr->frame_control;
53
54          /* drop ACK/CTS frames and incorrect hdr len (ctrl) */
55         if (len < 16)
56                 return NULL;
57
58         if (ieee80211_is_data(fc)) {
59                 if (len < 24) /* drop incorrect hdr len (data) */
60                         return NULL;
61
62                 if (ieee80211_has_a4(fc))
63                         return NULL;
64                 if (ieee80211_has_tods(fc))
65                         return hdr->addr1;
66                 if (ieee80211_has_fromds(fc))
67                         return hdr->addr2;
68
69                 return hdr->addr3;
70         }
71
72         if (ieee80211_is_mgmt(fc)) {
73                 if (len < 24) /* drop incorrect hdr len (mgmt) */
74                         return NULL;
75                 return hdr->addr3;
76         }
77
78         if (ieee80211_is_ctl(fc)) {
79                 if(ieee80211_is_pspoll(fc))
80                         return hdr->addr1;
81
82                 if (ieee80211_is_back_req(fc)) {
83                         switch (type) {
84                         case NL80211_IFTYPE_STATION:
85                                 return hdr->addr2;
86                         case NL80211_IFTYPE_AP:
87                         case NL80211_IFTYPE_AP_VLAN:
88                                 return hdr->addr1;
89                         default:
90                                 break; /* fall through to the return */
91                         }
92                 }
93         }
94
95         return NULL;
96 }
97
98 void ieee80211_tx_set_protected(struct ieee80211_tx_data *tx)
99 {
100         struct sk_buff *skb;
101         struct ieee80211_hdr *hdr;
102
103         skb_queue_walk(&tx->skbs, skb) {
104                 hdr = (struct ieee80211_hdr *) skb->data;
105                 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
106         }
107 }
108
109 int ieee80211_frame_duration(enum ieee80211_band band, size_t len,
110                              int rate, int erp, int short_preamble,
111                              int shift)
112 {
113         int dur;
114
115         /* calculate duration (in microseconds, rounded up to next higher
116          * integer if it includes a fractional microsecond) to send frame of
117          * len bytes (does not include FCS) at the given rate. Duration will
118          * also include SIFS.
119          *
120          * rate is in 100 kbps, so divident is multiplied by 10 in the
121          * DIV_ROUND_UP() operations.
122          *
123          * shift may be 2 for 5 MHz channels or 1 for 10 MHz channels, and
124          * is assumed to be 0 otherwise.
125          */
126
127         if (band == IEEE80211_BAND_5GHZ || erp) {
128                 /*
129                  * OFDM:
130                  *
131                  * N_DBPS = DATARATE x 4
132                  * N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
133                  *      (16 = SIGNAL time, 6 = tail bits)
134                  * TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
135                  *
136                  * T_SYM = 4 usec
137                  * 802.11a - 18.5.2: aSIFSTime = 16 usec
138                  * 802.11g - 19.8.4: aSIFSTime = 10 usec +
139                  *      signal ext = 6 usec
140                  */
141                 dur = 16; /* SIFS + signal ext */
142                 dur += 16; /* IEEE 802.11-2012 18.3.2.4: T_PREAMBLE = 16 usec */
143                 dur += 4; /* IEEE 802.11-2012 18.3.2.4: T_SIGNAL = 4 usec */
144
145                 /* IEEE 802.11-2012 18.3.2.4: all values above are:
146                  *  * times 4 for 5 MHz
147                  *  * times 2 for 10 MHz
148                  */
149                 dur *= 1 << shift;
150
151                 /* rates should already consider the channel bandwidth,
152                  * don't apply divisor again.
153                  */
154                 dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10,
155                                         4 * rate); /* T_SYM x N_SYM */
156         } else {
157                 /*
158                  * 802.11b or 802.11g with 802.11b compatibility:
159                  * 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
160                  * Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
161                  *
162                  * 802.11 (DS): 15.3.3, 802.11b: 18.3.4
163                  * aSIFSTime = 10 usec
164                  * aPreambleLength = 144 usec or 72 usec with short preamble
165                  * aPLCPHeaderLength = 48 usec or 24 usec with short preamble
166                  */
167                 dur = 10; /* aSIFSTime = 10 usec */
168                 dur += short_preamble ? (72 + 24) : (144 + 48);
169
170                 dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate);
171         }
172
173         return dur;
174 }
175
176 /* Exported duration function for driver use */
177 __le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw,
178                                         struct ieee80211_vif *vif,
179                                         enum ieee80211_band band,
180                                         size_t frame_len,
181                                         struct ieee80211_rate *rate)
182 {
183         struct ieee80211_sub_if_data *sdata;
184         u16 dur;
185         int erp, shift = 0;
186         bool short_preamble = false;
187
188         erp = 0;
189         if (vif) {
190                 sdata = vif_to_sdata(vif);
191                 short_preamble = sdata->vif.bss_conf.use_short_preamble;
192                 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
193                         erp = rate->flags & IEEE80211_RATE_ERP_G;
194                 shift = ieee80211_vif_get_shift(vif);
195         }
196
197         dur = ieee80211_frame_duration(band, frame_len, rate->bitrate, erp,
198                                        short_preamble, shift);
199
200         return cpu_to_le16(dur);
201 }
202 EXPORT_SYMBOL(ieee80211_generic_frame_duration);
203
204 __le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
205                               struct ieee80211_vif *vif, size_t frame_len,
206                               const struct ieee80211_tx_info *frame_txctl)
207 {
208         struct ieee80211_local *local = hw_to_local(hw);
209         struct ieee80211_rate *rate;
210         struct ieee80211_sub_if_data *sdata;
211         bool short_preamble;
212         int erp, shift = 0, bitrate;
213         u16 dur;
214         struct ieee80211_supported_band *sband;
215
216         sband = local->hw.wiphy->bands[frame_txctl->band];
217
218         short_preamble = false;
219
220         rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
221
222         erp = 0;
223         if (vif) {
224                 sdata = vif_to_sdata(vif);
225                 short_preamble = sdata->vif.bss_conf.use_short_preamble;
226                 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
227                         erp = rate->flags & IEEE80211_RATE_ERP_G;
228                 shift = ieee80211_vif_get_shift(vif);
229         }
230
231         bitrate = DIV_ROUND_UP(rate->bitrate, 1 << shift);
232
233         /* CTS duration */
234         dur = ieee80211_frame_duration(sband->band, 10, bitrate,
235                                        erp, short_preamble, shift);
236         /* Data frame duration */
237         dur += ieee80211_frame_duration(sband->band, frame_len, bitrate,
238                                         erp, short_preamble, shift);
239         /* ACK duration */
240         dur += ieee80211_frame_duration(sband->band, 10, bitrate,
241                                         erp, short_preamble, shift);
242
243         return cpu_to_le16(dur);
244 }
245 EXPORT_SYMBOL(ieee80211_rts_duration);
246
247 __le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
248                                     struct ieee80211_vif *vif,
249                                     size_t frame_len,
250                                     const struct ieee80211_tx_info *frame_txctl)
251 {
252         struct ieee80211_local *local = hw_to_local(hw);
253         struct ieee80211_rate *rate;
254         struct ieee80211_sub_if_data *sdata;
255         bool short_preamble;
256         int erp, shift = 0, bitrate;
257         u16 dur;
258         struct ieee80211_supported_band *sband;
259
260         sband = local->hw.wiphy->bands[frame_txctl->band];
261
262         short_preamble = false;
263
264         rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
265         erp = 0;
266         if (vif) {
267                 sdata = vif_to_sdata(vif);
268                 short_preamble = sdata->vif.bss_conf.use_short_preamble;
269                 if (sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
270                         erp = rate->flags & IEEE80211_RATE_ERP_G;
271                 shift = ieee80211_vif_get_shift(vif);
272         }
273
274         bitrate = DIV_ROUND_UP(rate->bitrate, 1 << shift);
275
276         /* Data frame duration */
277         dur = ieee80211_frame_duration(sband->band, frame_len, bitrate,
278                                        erp, short_preamble, shift);
279         if (!(frame_txctl->flags & IEEE80211_TX_CTL_NO_ACK)) {
280                 /* ACK duration */
281                 dur += ieee80211_frame_duration(sband->band, 10, bitrate,
282                                                 erp, short_preamble, shift);
283         }
284
285         return cpu_to_le16(dur);
286 }
287 EXPORT_SYMBOL(ieee80211_ctstoself_duration);
288
289 void ieee80211_propagate_queue_wake(struct ieee80211_local *local, int queue)
290 {
291         struct ieee80211_sub_if_data *sdata;
292         int n_acs = IEEE80211_NUM_ACS;
293
294         if (local->hw.queues < IEEE80211_NUM_ACS)
295                 n_acs = 1;
296
297         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
298                 int ac;
299
300                 if (!sdata->dev)
301                         continue;
302
303                 if (sdata->vif.cab_queue != IEEE80211_INVAL_HW_QUEUE &&
304                     local->queue_stop_reasons[sdata->vif.cab_queue] != 0)
305                         continue;
306
307                 for (ac = 0; ac < n_acs; ac++) {
308                         int ac_queue = sdata->vif.hw_queue[ac];
309
310                         if (ac_queue == queue ||
311                             (sdata->vif.cab_queue == queue &&
312                              local->queue_stop_reasons[ac_queue] == 0 &&
313                              skb_queue_empty(&local->pending[ac_queue])))
314                                 netif_wake_subqueue(sdata->dev, ac);
315                 }
316         }
317 }
318
319 static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
320                                    enum queue_stop_reason reason)
321 {
322         struct ieee80211_local *local = hw_to_local(hw);
323
324         trace_wake_queue(local, queue, reason);
325
326         if (WARN_ON(queue >= hw->queues))
327                 return;
328
329         if (!test_bit(reason, &local->queue_stop_reasons[queue]))
330                 return;
331
332         __clear_bit(reason, &local->queue_stop_reasons[queue]);
333
334         if (local->queue_stop_reasons[queue] != 0)
335                 /* someone still has this queue stopped */
336                 return;
337
338         if (skb_queue_empty(&local->pending[queue])) {
339                 rcu_read_lock();
340                 ieee80211_propagate_queue_wake(local, queue);
341                 rcu_read_unlock();
342         } else
343                 tasklet_schedule(&local->tx_pending_tasklet);
344 }
345
346 void ieee80211_wake_queue_by_reason(struct ieee80211_hw *hw, int queue,
347                                     enum queue_stop_reason reason)
348 {
349         struct ieee80211_local *local = hw_to_local(hw);
350         unsigned long flags;
351
352         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
353         __ieee80211_wake_queue(hw, queue, reason);
354         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
355 }
356
357 void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
358 {
359         ieee80211_wake_queue_by_reason(hw, queue,
360                                        IEEE80211_QUEUE_STOP_REASON_DRIVER);
361 }
362 EXPORT_SYMBOL(ieee80211_wake_queue);
363
364 static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
365                                    enum queue_stop_reason reason)
366 {
367         struct ieee80211_local *local = hw_to_local(hw);
368         struct ieee80211_sub_if_data *sdata;
369         int n_acs = IEEE80211_NUM_ACS;
370
371         trace_stop_queue(local, queue, reason);
372
373         if (WARN_ON(queue >= hw->queues))
374                 return;
375
376         if (test_bit(reason, &local->queue_stop_reasons[queue]))
377                 return;
378
379         __set_bit(reason, &local->queue_stop_reasons[queue]);
380
381         if (local->hw.queues < IEEE80211_NUM_ACS)
382                 n_acs = 1;
383
384         rcu_read_lock();
385         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
386                 int ac;
387
388                 if (!sdata->dev)
389                         continue;
390
391                 for (ac = 0; ac < n_acs; ac++) {
392                         if (sdata->vif.hw_queue[ac] == queue ||
393                             sdata->vif.cab_queue == queue)
394                                 netif_stop_subqueue(sdata->dev, ac);
395                 }
396         }
397         rcu_read_unlock();
398 }
399
400 void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
401                                     enum queue_stop_reason reason)
402 {
403         struct ieee80211_local *local = hw_to_local(hw);
404         unsigned long flags;
405
406         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
407         __ieee80211_stop_queue(hw, queue, reason);
408         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
409 }
410
411 void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
412 {
413         ieee80211_stop_queue_by_reason(hw, queue,
414                                        IEEE80211_QUEUE_STOP_REASON_DRIVER);
415 }
416 EXPORT_SYMBOL(ieee80211_stop_queue);
417
418 void ieee80211_add_pending_skb(struct ieee80211_local *local,
419                                struct sk_buff *skb)
420 {
421         struct ieee80211_hw *hw = &local->hw;
422         unsigned long flags;
423         struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
424         int queue = info->hw_queue;
425
426         if (WARN_ON(!info->control.vif)) {
427                 ieee80211_free_txskb(&local->hw, skb);
428                 return;
429         }
430
431         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
432         __ieee80211_stop_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
433         __skb_queue_tail(&local->pending[queue], skb);
434         __ieee80211_wake_queue(hw, queue, IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
435         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
436 }
437
438 void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
439                                    struct sk_buff_head *skbs,
440                                    void (*fn)(void *data), void *data)
441 {
442         struct ieee80211_hw *hw = &local->hw;
443         struct sk_buff *skb;
444         unsigned long flags;
445         int queue, i;
446
447         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
448         while ((skb = skb_dequeue(skbs))) {
449                 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
450
451                 if (WARN_ON(!info->control.vif)) {
452                         ieee80211_free_txskb(&local->hw, skb);
453                         continue;
454                 }
455
456                 queue = info->hw_queue;
457
458                 __ieee80211_stop_queue(hw, queue,
459                                 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
460
461                 __skb_queue_tail(&local->pending[queue], skb);
462         }
463
464         if (fn)
465                 fn(data);
466
467         for (i = 0; i < hw->queues; i++)
468                 __ieee80211_wake_queue(hw, i,
469                         IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
470         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
471 }
472
473 void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw,
474                                      unsigned long queues,
475                                      enum queue_stop_reason reason)
476 {
477         struct ieee80211_local *local = hw_to_local(hw);
478         unsigned long flags;
479         int i;
480
481         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
482
483         for_each_set_bit(i, &queues, hw->queues)
484                 __ieee80211_stop_queue(hw, i, reason);
485
486         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
487 }
488
489 void ieee80211_stop_queues(struct ieee80211_hw *hw)
490 {
491         ieee80211_stop_queues_by_reason(hw, IEEE80211_MAX_QUEUE_MAP,
492                                         IEEE80211_QUEUE_STOP_REASON_DRIVER);
493 }
494 EXPORT_SYMBOL(ieee80211_stop_queues);
495
496 int ieee80211_queue_stopped(struct ieee80211_hw *hw, int queue)
497 {
498         struct ieee80211_local *local = hw_to_local(hw);
499         unsigned long flags;
500         int ret;
501
502         if (WARN_ON(queue >= hw->queues))
503                 return true;
504
505         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
506         ret = test_bit(IEEE80211_QUEUE_STOP_REASON_DRIVER,
507                        &local->queue_stop_reasons[queue]);
508         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
509         return ret;
510 }
511 EXPORT_SYMBOL(ieee80211_queue_stopped);
512
513 void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw,
514                                      unsigned long queues,
515                                      enum queue_stop_reason reason)
516 {
517         struct ieee80211_local *local = hw_to_local(hw);
518         unsigned long flags;
519         int i;
520
521         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
522
523         for_each_set_bit(i, &queues, hw->queues)
524                 __ieee80211_wake_queue(hw, i, reason);
525
526         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
527 }
528
529 void ieee80211_wake_queues(struct ieee80211_hw *hw)
530 {
531         ieee80211_wake_queues_by_reason(hw, IEEE80211_MAX_QUEUE_MAP,
532                                         IEEE80211_QUEUE_STOP_REASON_DRIVER);
533 }
534 EXPORT_SYMBOL(ieee80211_wake_queues);
535
536 void ieee80211_flush_queues(struct ieee80211_local *local,
537                             struct ieee80211_sub_if_data *sdata)
538 {
539         u32 queues;
540
541         if (!local->ops->flush)
542                 return;
543
544         if (sdata && local->hw.flags & IEEE80211_HW_QUEUE_CONTROL) {
545                 int ac;
546
547                 queues = 0;
548
549                 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
550                         queues |= BIT(sdata->vif.hw_queue[ac]);
551                 if (sdata->vif.cab_queue != IEEE80211_INVAL_HW_QUEUE)
552                         queues |= BIT(sdata->vif.cab_queue);
553         } else {
554                 /* all queues */
555                 queues = BIT(local->hw.queues) - 1;
556         }
557
558         ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
559                                         IEEE80211_QUEUE_STOP_REASON_FLUSH);
560
561         drv_flush(local, queues, false);
562
563         ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
564                                         IEEE80211_QUEUE_STOP_REASON_FLUSH);
565 }
566
567 static void __iterate_active_interfaces(struct ieee80211_local *local,
568                                         u32 iter_flags,
569                                         void (*iterator)(void *data, u8 *mac,
570                                                 struct ieee80211_vif *vif),
571                                         void *data)
572 {
573         struct ieee80211_sub_if_data *sdata;
574
575         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
576                 switch (sdata->vif.type) {
577                 case NL80211_IFTYPE_MONITOR:
578                         if (!(sdata->u.mntr_flags & MONITOR_FLAG_ACTIVE))
579                                 continue;
580                         break;
581                 case NL80211_IFTYPE_AP_VLAN:
582                         continue;
583                 default:
584                         break;
585                 }
586                 if (!(iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL) &&
587                     !(sdata->flags & IEEE80211_SDATA_IN_DRIVER))
588                         continue;
589                 if (ieee80211_sdata_running(sdata))
590                         iterator(data, sdata->vif.addr,
591                                  &sdata->vif);
592         }
593
594         sdata = rcu_dereference_check(local->monitor_sdata,
595                                       lockdep_is_held(&local->iflist_mtx) ||
596                                       lockdep_rtnl_is_held());
597         if (sdata &&
598             (iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL ||
599              sdata->flags & IEEE80211_SDATA_IN_DRIVER))
600                 iterator(data, sdata->vif.addr, &sdata->vif);
601 }
602
603 void ieee80211_iterate_active_interfaces(
604         struct ieee80211_hw *hw, u32 iter_flags,
605         void (*iterator)(void *data, u8 *mac,
606                          struct ieee80211_vif *vif),
607         void *data)
608 {
609         struct ieee80211_local *local = hw_to_local(hw);
610
611         mutex_lock(&local->iflist_mtx);
612         __iterate_active_interfaces(local, iter_flags, iterator, data);
613         mutex_unlock(&local->iflist_mtx);
614 }
615 EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces);
616
617 void ieee80211_iterate_active_interfaces_atomic(
618         struct ieee80211_hw *hw, u32 iter_flags,
619         void (*iterator)(void *data, u8 *mac,
620                          struct ieee80211_vif *vif),
621         void *data)
622 {
623         struct ieee80211_local *local = hw_to_local(hw);
624
625         rcu_read_lock();
626         __iterate_active_interfaces(local, iter_flags, iterator, data);
627         rcu_read_unlock();
628 }
629 EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_atomic);
630
631 void ieee80211_iterate_active_interfaces_rtnl(
632         struct ieee80211_hw *hw, u32 iter_flags,
633         void (*iterator)(void *data, u8 *mac,
634                          struct ieee80211_vif *vif),
635         void *data)
636 {
637         struct ieee80211_local *local = hw_to_local(hw);
638
639         ASSERT_RTNL();
640
641         __iterate_active_interfaces(local, iter_flags, iterator, data);
642 }
643 EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_rtnl);
644
645 /*
646  * Nothing should have been stuffed into the workqueue during
647  * the suspend->resume cycle. If this WARN is seen then there
648  * is a bug with either the driver suspend or something in
649  * mac80211 stuffing into the workqueue which we haven't yet
650  * cleared during mac80211's suspend cycle.
651  */
652 static bool ieee80211_can_queue_work(struct ieee80211_local *local)
653 {
654         if (WARN(local->suspended && !local->resuming,
655                  "queueing ieee80211 work while going to suspend\n"))
656                 return false;
657
658         return true;
659 }
660
661 void ieee80211_queue_work(struct ieee80211_hw *hw, struct work_struct *work)
662 {
663         struct ieee80211_local *local = hw_to_local(hw);
664
665         if (!ieee80211_can_queue_work(local))
666                 return;
667
668         queue_work(local->workqueue, work);
669 }
670 EXPORT_SYMBOL(ieee80211_queue_work);
671
672 void ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
673                                   struct delayed_work *dwork,
674                                   unsigned long delay)
675 {
676         struct ieee80211_local *local = hw_to_local(hw);
677
678         if (!ieee80211_can_queue_work(local))
679                 return;
680
681         queue_delayed_work(local->workqueue, dwork, delay);
682 }
683 EXPORT_SYMBOL(ieee80211_queue_delayed_work);
684
685 u32 ieee802_11_parse_elems_crc(const u8 *start, size_t len, bool action,
686                                struct ieee802_11_elems *elems,
687                                u64 filter, u32 crc)
688 {
689         size_t left = len;
690         const u8 *pos = start;
691         bool calc_crc = filter != 0;
692         DECLARE_BITMAP(seen_elems, 256);
693         const u8 *ie;
694
695         bitmap_zero(seen_elems, 256);
696         memset(elems, 0, sizeof(*elems));
697         elems->ie_start = start;
698         elems->total_len = len;
699
700         while (left >= 2) {
701                 u8 id, elen;
702                 bool elem_parse_failed;
703
704                 id = *pos++;
705                 elen = *pos++;
706                 left -= 2;
707
708                 if (elen > left) {
709                         elems->parse_error = true;
710                         break;
711                 }
712
713                 switch (id) {
714                 case WLAN_EID_SSID:
715                 case WLAN_EID_SUPP_RATES:
716                 case WLAN_EID_FH_PARAMS:
717                 case WLAN_EID_DS_PARAMS:
718                 case WLAN_EID_CF_PARAMS:
719                 case WLAN_EID_TIM:
720                 case WLAN_EID_IBSS_PARAMS:
721                 case WLAN_EID_CHALLENGE:
722                 case WLAN_EID_RSN:
723                 case WLAN_EID_ERP_INFO:
724                 case WLAN_EID_EXT_SUPP_RATES:
725                 case WLAN_EID_HT_CAPABILITY:
726                 case WLAN_EID_HT_OPERATION:
727                 case WLAN_EID_VHT_CAPABILITY:
728                 case WLAN_EID_VHT_OPERATION:
729                 case WLAN_EID_MESH_ID:
730                 case WLAN_EID_MESH_CONFIG:
731                 case WLAN_EID_PEER_MGMT:
732                 case WLAN_EID_PREQ:
733                 case WLAN_EID_PREP:
734                 case WLAN_EID_PERR:
735                 case WLAN_EID_RANN:
736                 case WLAN_EID_CHANNEL_SWITCH:
737                 case WLAN_EID_EXT_CHANSWITCH_ANN:
738                 case WLAN_EID_COUNTRY:
739                 case WLAN_EID_PWR_CONSTRAINT:
740                 case WLAN_EID_TIMEOUT_INTERVAL:
741                 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
742                 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
743                 case WLAN_EID_CHAN_SWITCH_PARAM:
744                 /*
745                  * not listing WLAN_EID_CHANNEL_SWITCH_WRAPPER -- it seems possible
746                  * that if the content gets bigger it might be needed more than once
747                  */
748                         if (test_bit(id, seen_elems)) {
749                                 elems->parse_error = true;
750                                 left -= elen;
751                                 pos += elen;
752                                 continue;
753                         }
754                         break;
755                 }
756
757                 if (calc_crc && id < 64 && (filter & (1ULL << id)))
758                         crc = crc32_be(crc, pos - 2, elen + 2);
759
760                 elem_parse_failed = false;
761
762                 switch (id) {
763                 case WLAN_EID_SSID:
764                         elems->ssid = pos;
765                         elems->ssid_len = elen;
766                         break;
767                 case WLAN_EID_SUPP_RATES:
768                         elems->supp_rates = pos;
769                         elems->supp_rates_len = elen;
770                         break;
771                 case WLAN_EID_DS_PARAMS:
772                         if (elen >= 1)
773                                 elems->ds_params = pos;
774                         else
775                                 elem_parse_failed = true;
776                         break;
777                 case WLAN_EID_TIM:
778                         if (elen >= sizeof(struct ieee80211_tim_ie)) {
779                                 elems->tim = (void *)pos;
780                                 elems->tim_len = elen;
781                         } else
782                                 elem_parse_failed = true;
783                         break;
784                 case WLAN_EID_CHALLENGE:
785                         elems->challenge = pos;
786                         elems->challenge_len = elen;
787                         break;
788                 case WLAN_EID_VENDOR_SPECIFIC:
789                         if (elen >= 4 && pos[0] == 0x00 && pos[1] == 0x50 &&
790                             pos[2] == 0xf2) {
791                                 /* Microsoft OUI (00:50:F2) */
792
793                                 if (calc_crc)
794                                         crc = crc32_be(crc, pos - 2, elen + 2);
795
796                                 if (elen >= 5 && pos[3] == 2) {
797                                         /* OUI Type 2 - WMM IE */
798                                         if (pos[4] == 0) {
799                                                 elems->wmm_info = pos;
800                                                 elems->wmm_info_len = elen;
801                                         } else if (pos[4] == 1) {
802                                                 elems->wmm_param = pos;
803                                                 elems->wmm_param_len = elen;
804                                         }
805                                 }
806                         }
807                         break;
808                 case WLAN_EID_RSN:
809                         elems->rsn = pos;
810                         elems->rsn_len = elen;
811                         break;
812                 case WLAN_EID_ERP_INFO:
813                         if (elen >= 1)
814                                 elems->erp_info = pos;
815                         else
816                                 elem_parse_failed = true;
817                         break;
818                 case WLAN_EID_EXT_SUPP_RATES:
819                         elems->ext_supp_rates = pos;
820                         elems->ext_supp_rates_len = elen;
821                         break;
822                 case WLAN_EID_HT_CAPABILITY:
823                         if (elen >= sizeof(struct ieee80211_ht_cap))
824                                 elems->ht_cap_elem = (void *)pos;
825                         else
826                                 elem_parse_failed = true;
827                         break;
828                 case WLAN_EID_HT_OPERATION:
829                         if (elen >= sizeof(struct ieee80211_ht_operation))
830                                 elems->ht_operation = (void *)pos;
831                         else
832                                 elem_parse_failed = true;
833                         break;
834                 case WLAN_EID_VHT_CAPABILITY:
835                         if (elen >= sizeof(struct ieee80211_vht_cap))
836                                 elems->vht_cap_elem = (void *)pos;
837                         else
838                                 elem_parse_failed = true;
839                         break;
840                 case WLAN_EID_VHT_OPERATION:
841                         if (elen >= sizeof(struct ieee80211_vht_operation))
842                                 elems->vht_operation = (void *)pos;
843                         else
844                                 elem_parse_failed = true;
845                         break;
846                 case WLAN_EID_OPMODE_NOTIF:
847                         if (elen > 0)
848                                 elems->opmode_notif = pos;
849                         else
850                                 elem_parse_failed = true;
851                         break;
852                 case WLAN_EID_MESH_ID:
853                         elems->mesh_id = pos;
854                         elems->mesh_id_len = elen;
855                         break;
856                 case WLAN_EID_MESH_CONFIG:
857                         if (elen >= sizeof(struct ieee80211_meshconf_ie))
858                                 elems->mesh_config = (void *)pos;
859                         else
860                                 elem_parse_failed = true;
861                         break;
862                 case WLAN_EID_PEER_MGMT:
863                         elems->peering = pos;
864                         elems->peering_len = elen;
865                         break;
866                 case WLAN_EID_MESH_AWAKE_WINDOW:
867                         if (elen >= 2)
868                                 elems->awake_window = (void *)pos;
869                         break;
870                 case WLAN_EID_PREQ:
871                         elems->preq = pos;
872                         elems->preq_len = elen;
873                         break;
874                 case WLAN_EID_PREP:
875                         elems->prep = pos;
876                         elems->prep_len = elen;
877                         break;
878                 case WLAN_EID_PERR:
879                         elems->perr = pos;
880                         elems->perr_len = elen;
881                         break;
882                 case WLAN_EID_RANN:
883                         if (elen >= sizeof(struct ieee80211_rann_ie))
884                                 elems->rann = (void *)pos;
885                         else
886                                 elem_parse_failed = true;
887                         break;
888                 case WLAN_EID_CHANNEL_SWITCH:
889                         if (elen != sizeof(struct ieee80211_channel_sw_ie)) {
890                                 elem_parse_failed = true;
891                                 break;
892                         }
893                         elems->ch_switch_ie = (void *)pos;
894                         break;
895                 case WLAN_EID_EXT_CHANSWITCH_ANN:
896                         if (elen != sizeof(struct ieee80211_ext_chansw_ie)) {
897                                 elem_parse_failed = true;
898                                 break;
899                         }
900                         elems->ext_chansw_ie = (void *)pos;
901                         break;
902                 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
903                         if (elen != sizeof(struct ieee80211_sec_chan_offs_ie)) {
904                                 elem_parse_failed = true;
905                                 break;
906                         }
907                         elems->sec_chan_offs = (void *)pos;
908                         break;
909                 case WLAN_EID_CHAN_SWITCH_PARAM:
910                         if (elen !=
911                             sizeof(*elems->mesh_chansw_params_ie)) {
912                                 elem_parse_failed = true;
913                                 break;
914                         }
915                         elems->mesh_chansw_params_ie = (void *)pos;
916                         break;
917                 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
918                         if (!action ||
919                             elen != sizeof(*elems->wide_bw_chansw_ie)) {
920                                 elem_parse_failed = true;
921                                 break;
922                         }
923                         elems->wide_bw_chansw_ie = (void *)pos;
924                         break;
925                 case WLAN_EID_CHANNEL_SWITCH_WRAPPER:
926                         if (action) {
927                                 elem_parse_failed = true;
928                                 break;
929                         }
930                         /*
931                          * This is a bit tricky, but as we only care about
932                          * the wide bandwidth channel switch element, so
933                          * just parse it out manually.
934                          */
935                         ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH,
936                                               pos, elen);
937                         if (ie) {
938                                 if (ie[1] == sizeof(*elems->wide_bw_chansw_ie))
939                                         elems->wide_bw_chansw_ie =
940                                                 (void *)(ie + 2);
941                                 else
942                                         elem_parse_failed = true;
943                         }
944                         break;
945                 case WLAN_EID_COUNTRY:
946                         elems->country_elem = pos;
947                         elems->country_elem_len = elen;
948                         break;
949                 case WLAN_EID_PWR_CONSTRAINT:
950                         if (elen != 1) {
951                                 elem_parse_failed = true;
952                                 break;
953                         }
954                         elems->pwr_constr_elem = pos;
955                         break;
956                 case WLAN_EID_TIMEOUT_INTERVAL:
957                         if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
958                                 elems->timeout_int = (void *)pos;
959                         else
960                                 elem_parse_failed = true;
961                         break;
962                 default:
963                         break;
964                 }
965
966                 if (elem_parse_failed)
967                         elems->parse_error = true;
968                 else
969                         __set_bit(id, seen_elems);
970
971                 left -= elen;
972                 pos += elen;
973         }
974
975         if (left != 0)
976                 elems->parse_error = true;
977
978         return crc;
979 }
980
981 void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
982                                bool bss_notify)
983 {
984         struct ieee80211_local *local = sdata->local;
985         struct ieee80211_tx_queue_params qparam;
986         struct ieee80211_chanctx_conf *chanctx_conf;
987         int ac;
988         bool use_11b, enable_qos;
989         int aCWmin, aCWmax;
990
991         if (!local->ops->conf_tx)
992                 return;
993
994         if (local->hw.queues < IEEE80211_NUM_ACS)
995                 return;
996
997         memset(&qparam, 0, sizeof(qparam));
998
999         rcu_read_lock();
1000         chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
1001         use_11b = (chanctx_conf &&
1002                    chanctx_conf->def.chan->band == IEEE80211_BAND_2GHZ) &&
1003                  !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE);
1004         rcu_read_unlock();
1005
1006         /*
1007          * By default disable QoS in STA mode for old access points, which do
1008          * not support 802.11e. New APs will provide proper queue parameters,
1009          * that we will configure later.
1010          */
1011         enable_qos = (sdata->vif.type != NL80211_IFTYPE_STATION);
1012
1013         /* Set defaults according to 802.11-2007 Table 7-37 */
1014         aCWmax = 1023;
1015         if (use_11b)
1016                 aCWmin = 31;
1017         else
1018                 aCWmin = 15;
1019
1020         /* Confiure old 802.11b/g medium access rules. */
1021         qparam.cw_max = aCWmax;
1022         qparam.cw_min = aCWmin;
1023         qparam.txop = 0;
1024         qparam.aifs = 2;
1025
1026         for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1027                 /* Update if QoS is enabled. */
1028                 if (enable_qos) {
1029                         switch (ac) {
1030                         case IEEE80211_AC_BK:
1031                                 qparam.cw_max = aCWmax;
1032                                 qparam.cw_min = aCWmin;
1033                                 qparam.txop = 0;
1034                                 qparam.aifs = 7;
1035                                 break;
1036                         /* never happens but let's not leave undefined */
1037                         default:
1038                         case IEEE80211_AC_BE:
1039                                 qparam.cw_max = aCWmax;
1040                                 qparam.cw_min = aCWmin;
1041                                 qparam.txop = 0;
1042                                 qparam.aifs = 3;
1043                                 break;
1044                         case IEEE80211_AC_VI:
1045                                 qparam.cw_max = aCWmin;
1046                                 qparam.cw_min = (aCWmin + 1) / 2 - 1;
1047                                 if (use_11b)
1048                                         qparam.txop = 6016/32;
1049                                 else
1050                                         qparam.txop = 3008/32;
1051                                 qparam.aifs = 2;
1052                                 break;
1053                         case IEEE80211_AC_VO:
1054                                 qparam.cw_max = (aCWmin + 1) / 2 - 1;
1055                                 qparam.cw_min = (aCWmin + 1) / 4 - 1;
1056                                 if (use_11b)
1057                                         qparam.txop = 3264/32;
1058                                 else
1059                                         qparam.txop = 1504/32;
1060                                 qparam.aifs = 2;
1061                                 break;
1062                         }
1063                 }
1064
1065                 qparam.uapsd = false;
1066
1067                 sdata->tx_conf[ac] = qparam;
1068                 drv_conf_tx(local, sdata, ac, &qparam);
1069         }
1070
1071         if (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1072             sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE) {
1073                 sdata->vif.bss_conf.qos = enable_qos;
1074                 if (bss_notify)
1075                         ieee80211_bss_info_change_notify(sdata,
1076                                                          BSS_CHANGED_QOS);
1077         }
1078 }
1079
1080 void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1081                          u16 transaction, u16 auth_alg, u16 status,
1082                          const u8 *extra, size_t extra_len, const u8 *da,
1083                          const u8 *bssid, const u8 *key, u8 key_len, u8 key_idx,
1084                          u32 tx_flags)
1085 {
1086         struct ieee80211_local *local = sdata->local;
1087         struct sk_buff *skb;
1088         struct ieee80211_mgmt *mgmt;
1089         int err;
1090
1091         /* 24 + 6 = header + auth_algo + auth_transaction + status_code */
1092         skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24 + 6 + extra_len);
1093         if (!skb)
1094                 return;
1095
1096         skb_reserve(skb, local->hw.extra_tx_headroom);
1097
1098         mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24 + 6);
1099         memset(mgmt, 0, 24 + 6);
1100         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1101                                           IEEE80211_STYPE_AUTH);
1102         memcpy(mgmt->da, da, ETH_ALEN);
1103         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1104         memcpy(mgmt->bssid, bssid, ETH_ALEN);
1105         mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
1106         mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
1107         mgmt->u.auth.status_code = cpu_to_le16(status);
1108         if (extra)
1109                 memcpy(skb_put(skb, extra_len), extra, extra_len);
1110
1111         if (auth_alg == WLAN_AUTH_SHARED_KEY && transaction == 3) {
1112                 mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
1113                 err = ieee80211_wep_encrypt(local, skb, key, key_len, key_idx);
1114                 WARN_ON(err);
1115         }
1116
1117         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1118                                         tx_flags;
1119         ieee80211_tx_skb(sdata, skb);
1120 }
1121
1122 void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
1123                                     const u8 *bssid, u16 stype, u16 reason,
1124                                     bool send_frame, u8 *frame_buf)
1125 {
1126         struct ieee80211_local *local = sdata->local;
1127         struct sk_buff *skb;
1128         struct ieee80211_mgmt *mgmt = (void *)frame_buf;
1129
1130         /* build frame */
1131         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
1132         mgmt->duration = 0; /* initialize only */
1133         mgmt->seq_ctrl = 0; /* initialize only */
1134         memcpy(mgmt->da, bssid, ETH_ALEN);
1135         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1136         memcpy(mgmt->bssid, bssid, ETH_ALEN);
1137         /* u.deauth.reason_code == u.disassoc.reason_code */
1138         mgmt->u.deauth.reason_code = cpu_to_le16(reason);
1139
1140         if (send_frame) {
1141                 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
1142                                     IEEE80211_DEAUTH_FRAME_LEN);
1143                 if (!skb)
1144                         return;
1145
1146                 skb_reserve(skb, local->hw.extra_tx_headroom);
1147
1148                 /* copy in frame */
1149                 memcpy(skb_put(skb, IEEE80211_DEAUTH_FRAME_LEN),
1150                        mgmt, IEEE80211_DEAUTH_FRAME_LEN);
1151
1152                 if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1153                     !(sdata->u.mgd.flags & IEEE80211_STA_MFP_ENABLED))
1154                         IEEE80211_SKB_CB(skb)->flags |=
1155                                 IEEE80211_TX_INTFL_DONT_ENCRYPT;
1156
1157                 ieee80211_tx_skb(sdata, skb);
1158         }
1159 }
1160
1161 int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1162                              size_t buffer_len, const u8 *ie, size_t ie_len,
1163                              enum ieee80211_band band, u32 rate_mask,
1164                              struct cfg80211_chan_def *chandef)
1165 {
1166         struct ieee80211_supported_band *sband;
1167         u8 *pos = buffer, *end = buffer + buffer_len;
1168         size_t offset = 0, noffset;
1169         int supp_rates_len, i;
1170         u8 rates[32];
1171         int num_rates;
1172         int ext_rates_len;
1173         int shift;
1174         u32 rate_flags;
1175
1176         sband = local->hw.wiphy->bands[band];
1177         if (WARN_ON_ONCE(!sband))
1178                 return 0;
1179
1180         rate_flags = ieee80211_chandef_rate_flags(chandef);
1181         shift = ieee80211_chandef_get_shift(chandef);
1182
1183         num_rates = 0;
1184         for (i = 0; i < sband->n_bitrates; i++) {
1185                 if ((BIT(i) & rate_mask) == 0)
1186                         continue; /* skip rate */
1187                 if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
1188                         continue;
1189
1190                 rates[num_rates++] =
1191                         (u8) DIV_ROUND_UP(sband->bitrates[i].bitrate,
1192                                           (1 << shift) * 5);
1193         }
1194
1195         supp_rates_len = min_t(int, num_rates, 8);
1196
1197         if (end - pos < 2 + supp_rates_len)
1198                 goto out_err;
1199         *pos++ = WLAN_EID_SUPP_RATES;
1200         *pos++ = supp_rates_len;
1201         memcpy(pos, rates, supp_rates_len);
1202         pos += supp_rates_len;
1203
1204         /* insert "request information" if in custom IEs */
1205         if (ie && ie_len) {
1206                 static const u8 before_extrates[] = {
1207                         WLAN_EID_SSID,
1208                         WLAN_EID_SUPP_RATES,
1209                         WLAN_EID_REQUEST,
1210                 };
1211                 noffset = ieee80211_ie_split(ie, ie_len,
1212                                              before_extrates,
1213                                              ARRAY_SIZE(before_extrates),
1214                                              offset);
1215                 if (end - pos < noffset - offset)
1216                         goto out_err;
1217                 memcpy(pos, ie + offset, noffset - offset);
1218                 pos += noffset - offset;
1219                 offset = noffset;
1220         }
1221
1222         ext_rates_len = num_rates - supp_rates_len;
1223         if (ext_rates_len > 0) {
1224                 if (end - pos < 2 + ext_rates_len)
1225                         goto out_err;
1226                 *pos++ = WLAN_EID_EXT_SUPP_RATES;
1227                 *pos++ = ext_rates_len;
1228                 memcpy(pos, rates + supp_rates_len, ext_rates_len);
1229                 pos += ext_rates_len;
1230         }
1231
1232         if (chandef->chan && sband->band == IEEE80211_BAND_2GHZ) {
1233                 if (end - pos < 3)
1234                         goto out_err;
1235                 *pos++ = WLAN_EID_DS_PARAMS;
1236                 *pos++ = 1;
1237                 *pos++ = ieee80211_frequency_to_channel(
1238                                 chandef->chan->center_freq);
1239         }
1240
1241         /* insert custom IEs that go before HT */
1242         if (ie && ie_len) {
1243                 static const u8 before_ht[] = {
1244                         WLAN_EID_SSID,
1245                         WLAN_EID_SUPP_RATES,
1246                         WLAN_EID_REQUEST,
1247                         WLAN_EID_EXT_SUPP_RATES,
1248                         WLAN_EID_DS_PARAMS,
1249                         WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1250                 };
1251                 noffset = ieee80211_ie_split(ie, ie_len,
1252                                              before_ht, ARRAY_SIZE(before_ht),
1253                                              offset);
1254                 if (end - pos < noffset - offset)
1255                         goto out_err;
1256                 memcpy(pos, ie + offset, noffset - offset);
1257                 pos += noffset - offset;
1258                 offset = noffset;
1259         }
1260
1261         if (sband->ht_cap.ht_supported) {
1262                 if (end - pos < 2 + sizeof(struct ieee80211_ht_cap))
1263                         goto out_err;
1264                 pos = ieee80211_ie_build_ht_cap(pos, &sband->ht_cap,
1265                                                 sband->ht_cap.cap);
1266         }
1267
1268         /*
1269          * If adding more here, adjust code in main.c
1270          * that calculates local->scan_ies_len.
1271          */
1272
1273         /* add any remaining custom IEs */
1274         if (ie && ie_len) {
1275                 noffset = ie_len;
1276                 if (end - pos < noffset - offset)
1277                         goto out_err;
1278                 memcpy(pos, ie + offset, noffset - offset);
1279                 pos += noffset - offset;
1280         }
1281
1282         if (sband->vht_cap.vht_supported) {
1283                 if (end - pos < 2 + sizeof(struct ieee80211_vht_cap))
1284                         goto out_err;
1285                 pos = ieee80211_ie_build_vht_cap(pos, &sband->vht_cap,
1286                                                  sband->vht_cap.cap);
1287         }
1288
1289         return pos - buffer;
1290  out_err:
1291         WARN_ONCE(1, "not enough space for preq IEs\n");
1292         return pos - buffer;
1293 }
1294
1295 struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1296                                           u8 *dst, u32 ratemask,
1297                                           struct ieee80211_channel *chan,
1298                                           const u8 *ssid, size_t ssid_len,
1299                                           const u8 *ie, size_t ie_len,
1300                                           bool directed)
1301 {
1302         struct ieee80211_local *local = sdata->local;
1303         struct cfg80211_chan_def chandef;
1304         struct sk_buff *skb;
1305         struct ieee80211_mgmt *mgmt;
1306         int ies_len;
1307
1308         /*
1309          * Do not send DS Channel parameter for directed probe requests
1310          * in order to maximize the chance that we get a response.  Some
1311          * badly-behaved APs don't respond when this parameter is included.
1312          */
1313         chandef.width = sdata->vif.bss_conf.chandef.width;
1314         if (directed)
1315                 chandef.chan = NULL;
1316         else
1317                 chandef.chan = chan;
1318
1319         skb = ieee80211_probereq_get(&local->hw, &sdata->vif,
1320                                      ssid, ssid_len, 100 + ie_len);
1321         if (!skb)
1322                 return NULL;
1323
1324         ies_len = ieee80211_build_preq_ies(local, skb_tail_pointer(skb),
1325                                            skb_tailroom(skb),
1326                                            ie, ie_len, chan->band,
1327                                            ratemask, &chandef);
1328         skb_put(skb, ies_len);
1329
1330         if (dst) {
1331                 mgmt = (struct ieee80211_mgmt *) skb->data;
1332                 memcpy(mgmt->da, dst, ETH_ALEN);
1333                 memcpy(mgmt->bssid, dst, ETH_ALEN);
1334         }
1335
1336         IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1337
1338         return skb;
1339 }
1340
1341 void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1342                               const u8 *ssid, size_t ssid_len,
1343                               const u8 *ie, size_t ie_len,
1344                               u32 ratemask, bool directed, u32 tx_flags,
1345                               struct ieee80211_channel *channel, bool scan)
1346 {
1347         struct sk_buff *skb;
1348
1349         skb = ieee80211_build_probe_req(sdata, dst, ratemask, channel,
1350                                         ssid, ssid_len,
1351                                         ie, ie_len, directed);
1352         if (skb) {
1353                 IEEE80211_SKB_CB(skb)->flags |= tx_flags;
1354                 if (scan)
1355                         ieee80211_tx_skb_tid_band(sdata, skb, 7, channel->band);
1356                 else
1357                         ieee80211_tx_skb(sdata, skb);
1358         }
1359 }
1360
1361 u32 ieee80211_sta_get_rates(struct ieee80211_sub_if_data *sdata,
1362                             struct ieee802_11_elems *elems,
1363                             enum ieee80211_band band, u32 *basic_rates)
1364 {
1365         struct ieee80211_supported_band *sband;
1366         struct ieee80211_rate *bitrates;
1367         size_t num_rates;
1368         u32 supp_rates, rate_flags;
1369         int i, j, shift;
1370         sband = sdata->local->hw.wiphy->bands[band];
1371
1372         rate_flags = ieee80211_chandef_rate_flags(&sdata->vif.bss_conf.chandef);
1373         shift = ieee80211_vif_get_shift(&sdata->vif);
1374
1375         if (WARN_ON(!sband))
1376                 return 1;
1377
1378         bitrates = sband->bitrates;
1379         num_rates = sband->n_bitrates;
1380         supp_rates = 0;
1381         for (i = 0; i < elems->supp_rates_len +
1382                      elems->ext_supp_rates_len; i++) {
1383                 u8 rate = 0;
1384                 int own_rate;
1385                 bool is_basic;
1386                 if (i < elems->supp_rates_len)
1387                         rate = elems->supp_rates[i];
1388                 else if (elems->ext_supp_rates)
1389                         rate = elems->ext_supp_rates
1390                                 [i - elems->supp_rates_len];
1391                 own_rate = 5 * (rate & 0x7f);
1392                 is_basic = !!(rate & 0x80);
1393
1394                 if (is_basic && (rate & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
1395                         continue;
1396
1397                 for (j = 0; j < num_rates; j++) {
1398                         int brate;
1399                         if ((rate_flags & sband->bitrates[j].flags)
1400                             != rate_flags)
1401                                 continue;
1402
1403                         brate = DIV_ROUND_UP(sband->bitrates[j].bitrate,
1404                                              1 << shift);
1405
1406                         if (brate == own_rate) {
1407                                 supp_rates |= BIT(j);
1408                                 if (basic_rates && is_basic)
1409                                         *basic_rates |= BIT(j);
1410                         }
1411                 }
1412         }
1413         return supp_rates;
1414 }
1415
1416 void ieee80211_stop_device(struct ieee80211_local *local)
1417 {
1418         ieee80211_led_radio(local, false);
1419         ieee80211_mod_tpt_led_trig(local, 0, IEEE80211_TPT_LEDTRIG_FL_RADIO);
1420
1421         cancel_work_sync(&local->reconfig_filter);
1422
1423         flush_workqueue(local->workqueue);
1424         drv_stop(local);
1425 }
1426
1427 static void ieee80211_assign_chanctx(struct ieee80211_local *local,
1428                                      struct ieee80211_sub_if_data *sdata)
1429 {
1430         struct ieee80211_chanctx_conf *conf;
1431         struct ieee80211_chanctx *ctx;
1432
1433         if (!local->use_chanctx)
1434                 return;
1435
1436         mutex_lock(&local->chanctx_mtx);
1437         conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1438                                          lockdep_is_held(&local->chanctx_mtx));
1439         if (conf) {
1440                 ctx = container_of(conf, struct ieee80211_chanctx, conf);
1441                 drv_assign_vif_chanctx(local, sdata, ctx);
1442         }
1443         mutex_unlock(&local->chanctx_mtx);
1444 }
1445
1446 int ieee80211_reconfig(struct ieee80211_local *local)
1447 {
1448         struct ieee80211_hw *hw = &local->hw;
1449         struct ieee80211_sub_if_data *sdata;
1450         struct ieee80211_chanctx *ctx;
1451         struct sta_info *sta;
1452         int res, i;
1453         bool reconfig_due_to_wowlan = false;
1454
1455 #ifdef CONFIG_PM
1456         if (local->suspended)
1457                 local->resuming = true;
1458
1459         if (local->wowlan) {
1460                 res = drv_resume(local);
1461                 local->wowlan = false;
1462                 if (res < 0) {
1463                         local->resuming = false;
1464                         return res;
1465                 }
1466                 if (res == 0)
1467                         goto wake_up;
1468                 WARN_ON(res > 1);
1469                 /*
1470                  * res is 1, which means the driver requested
1471                  * to go through a regular reset on wakeup.
1472                  */
1473                 reconfig_due_to_wowlan = true;
1474         }
1475 #endif
1476         /* everything else happens only if HW was up & running */
1477         if (!local->open_count)
1478                 goto wake_up;
1479
1480         /*
1481          * Upon resume hardware can sometimes be goofy due to
1482          * various platform / driver / bus issues, so restarting
1483          * the device may at times not work immediately. Propagate
1484          * the error.
1485          */
1486         res = drv_start(local);
1487         if (res) {
1488                 WARN(local->suspended, "Hardware became unavailable "
1489                      "upon resume. This could be a software issue "
1490                      "prior to suspend or a hardware issue.\n");
1491                 return res;
1492         }
1493
1494         /* setup fragmentation threshold */
1495         drv_set_frag_threshold(local, hw->wiphy->frag_threshold);
1496
1497         /* setup RTS threshold */
1498         drv_set_rts_threshold(local, hw->wiphy->rts_threshold);
1499
1500         /* reset coverage class */
1501         drv_set_coverage_class(local, hw->wiphy->coverage_class);
1502
1503         ieee80211_led_radio(local, true);
1504         ieee80211_mod_tpt_led_trig(local,
1505                                    IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
1506
1507         /* add interfaces */
1508         sdata = rtnl_dereference(local->monitor_sdata);
1509         if (sdata) {
1510                 /* in HW restart it exists already */
1511                 WARN_ON(local->resuming);
1512                 res = drv_add_interface(local, sdata);
1513                 if (WARN_ON(res)) {
1514                         rcu_assign_pointer(local->monitor_sdata, NULL);
1515                         synchronize_net();
1516                         kfree(sdata);
1517                 }
1518         }
1519
1520         list_for_each_entry(sdata, &local->interfaces, list) {
1521                 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1522                     sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1523                     ieee80211_sdata_running(sdata))
1524                         res = drv_add_interface(local, sdata);
1525         }
1526
1527         /* add channel contexts */
1528         if (local->use_chanctx) {
1529                 mutex_lock(&local->chanctx_mtx);
1530                 list_for_each_entry(ctx, &local->chanctx_list, list)
1531                         WARN_ON(drv_add_chanctx(local, ctx));
1532                 mutex_unlock(&local->chanctx_mtx);
1533         }
1534
1535         list_for_each_entry(sdata, &local->interfaces, list) {
1536                 if (!ieee80211_sdata_running(sdata))
1537                         continue;
1538                 ieee80211_assign_chanctx(local, sdata);
1539         }
1540
1541         sdata = rtnl_dereference(local->monitor_sdata);
1542         if (sdata && ieee80211_sdata_running(sdata))
1543                 ieee80211_assign_chanctx(local, sdata);
1544
1545         /* add STAs back */
1546         mutex_lock(&local->sta_mtx);
1547         list_for_each_entry(sta, &local->sta_list, list) {
1548                 enum ieee80211_sta_state state;
1549
1550                 if (!sta->uploaded)
1551                         continue;
1552
1553                 /* AP-mode stations will be added later */
1554                 if (sta->sdata->vif.type == NL80211_IFTYPE_AP)
1555                         continue;
1556
1557                 for (state = IEEE80211_STA_NOTEXIST;
1558                      state < sta->sta_state; state++)
1559                         WARN_ON(drv_sta_state(local, sta->sdata, sta, state,
1560                                               state + 1));
1561         }
1562         mutex_unlock(&local->sta_mtx);
1563
1564         /* reconfigure tx conf */
1565         if (hw->queues >= IEEE80211_NUM_ACS) {
1566                 list_for_each_entry(sdata, &local->interfaces, list) {
1567                         if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1568                             sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1569                             !ieee80211_sdata_running(sdata))
1570                                 continue;
1571
1572                         for (i = 0; i < IEEE80211_NUM_ACS; i++)
1573                                 drv_conf_tx(local, sdata, i,
1574                                             &sdata->tx_conf[i]);
1575                 }
1576         }
1577
1578         /* reconfigure hardware */
1579         ieee80211_hw_config(local, ~0);
1580
1581         ieee80211_configure_filter(local);
1582
1583         /* Finally also reconfigure all the BSS information */
1584         list_for_each_entry(sdata, &local->interfaces, list) {
1585                 u32 changed;
1586
1587                 if (!ieee80211_sdata_running(sdata))
1588                         continue;
1589
1590                 /* common change flags for all interface types */
1591                 changed = BSS_CHANGED_ERP_CTS_PROT |
1592                           BSS_CHANGED_ERP_PREAMBLE |
1593                           BSS_CHANGED_ERP_SLOT |
1594                           BSS_CHANGED_HT |
1595                           BSS_CHANGED_BASIC_RATES |
1596                           BSS_CHANGED_BEACON_INT |
1597                           BSS_CHANGED_BSSID |
1598                           BSS_CHANGED_CQM |
1599                           BSS_CHANGED_QOS |
1600                           BSS_CHANGED_IDLE |
1601                           BSS_CHANGED_TXPOWER;
1602
1603                 switch (sdata->vif.type) {
1604                 case NL80211_IFTYPE_STATION:
1605                         changed |= BSS_CHANGED_ASSOC |
1606                                    BSS_CHANGED_ARP_FILTER |
1607                                    BSS_CHANGED_PS;
1608
1609                         /* Re-send beacon info report to the driver */
1610                         if (sdata->u.mgd.have_beacon)
1611                                 changed |= BSS_CHANGED_BEACON_INFO;
1612
1613                         sdata_lock(sdata);
1614                         ieee80211_bss_info_change_notify(sdata, changed);
1615                         sdata_unlock(sdata);
1616                         break;
1617                 case NL80211_IFTYPE_ADHOC:
1618                         changed |= BSS_CHANGED_IBSS;
1619                         /* fall through */
1620                 case NL80211_IFTYPE_AP:
1621                         changed |= BSS_CHANGED_SSID | BSS_CHANGED_P2P_PS;
1622
1623                         if (sdata->vif.type == NL80211_IFTYPE_AP) {
1624                                 changed |= BSS_CHANGED_AP_PROBE_RESP;
1625
1626                                 if (rcu_access_pointer(sdata->u.ap.beacon))
1627                                         drv_start_ap(local, sdata);
1628                         }
1629
1630                         /* fall through */
1631                 case NL80211_IFTYPE_MESH_POINT:
1632                         if (sdata->vif.bss_conf.enable_beacon) {
1633                                 changed |= BSS_CHANGED_BEACON |
1634                                            BSS_CHANGED_BEACON_ENABLED;
1635                                 ieee80211_bss_info_change_notify(sdata, changed);
1636                         }
1637                         break;
1638                 case NL80211_IFTYPE_WDS:
1639                         break;
1640                 case NL80211_IFTYPE_AP_VLAN:
1641                 case NL80211_IFTYPE_MONITOR:
1642                         /* ignore virtual */
1643                         break;
1644                 case NL80211_IFTYPE_P2P_DEVICE:
1645                         changed = BSS_CHANGED_IDLE;
1646                         break;
1647                 case NL80211_IFTYPE_UNSPECIFIED:
1648                 case NUM_NL80211_IFTYPES:
1649                 case NL80211_IFTYPE_P2P_CLIENT:
1650                 case NL80211_IFTYPE_P2P_GO:
1651                         WARN_ON(1);
1652                         break;
1653                 }
1654         }
1655
1656         ieee80211_recalc_ps(local, -1);
1657
1658         /*
1659          * The sta might be in psm against the ap (e.g. because
1660          * this was the state before a hw restart), so we
1661          * explicitly send a null packet in order to make sure
1662          * it'll sync against the ap (and get out of psm).
1663          */
1664         if (!(local->hw.conf.flags & IEEE80211_CONF_PS)) {
1665                 list_for_each_entry(sdata, &local->interfaces, list) {
1666                         if (sdata->vif.type != NL80211_IFTYPE_STATION)
1667                                 continue;
1668                         if (!sdata->u.mgd.associated)
1669                                 continue;
1670
1671                         ieee80211_send_nullfunc(local, sdata, 0);
1672                 }
1673         }
1674
1675         /* APs are now beaconing, add back stations */
1676         mutex_lock(&local->sta_mtx);
1677         list_for_each_entry(sta, &local->sta_list, list) {
1678                 enum ieee80211_sta_state state;
1679
1680                 if (!sta->uploaded)
1681                         continue;
1682
1683                 if (sta->sdata->vif.type != NL80211_IFTYPE_AP)
1684                         continue;
1685
1686                 for (state = IEEE80211_STA_NOTEXIST;
1687                      state < sta->sta_state; state++)
1688                         WARN_ON(drv_sta_state(local, sta->sdata, sta, state,
1689                                               state + 1));
1690         }
1691         mutex_unlock(&local->sta_mtx);
1692
1693         /* add back keys */
1694         list_for_each_entry(sdata, &local->interfaces, list)
1695                 if (ieee80211_sdata_running(sdata))
1696                         ieee80211_enable_keys(sdata);
1697
1698  wake_up:
1699         local->in_reconfig = false;
1700         barrier();
1701
1702         if (local->monitors == local->open_count && local->monitors > 0)
1703                 ieee80211_add_virtual_monitor(local);
1704
1705         /*
1706          * Clear the WLAN_STA_BLOCK_BA flag so new aggregation
1707          * sessions can be established after a resume.
1708          *
1709          * Also tear down aggregation sessions since reconfiguring
1710          * them in a hardware restart scenario is not easily done
1711          * right now, and the hardware will have lost information
1712          * about the sessions, but we and the AP still think they
1713          * are active. This is really a workaround though.
1714          */
1715         if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
1716                 mutex_lock(&local->sta_mtx);
1717
1718                 list_for_each_entry(sta, &local->sta_list, list) {
1719                         ieee80211_sta_tear_down_BA_sessions(
1720                                         sta, AGG_STOP_LOCAL_REQUEST);
1721                         clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
1722                 }
1723
1724                 mutex_unlock(&local->sta_mtx);
1725         }
1726
1727         ieee80211_wake_queues_by_reason(hw, IEEE80211_MAX_QUEUE_MAP,
1728                                         IEEE80211_QUEUE_STOP_REASON_SUSPEND);
1729
1730         /*
1731          * If this is for hw restart things are still running.
1732          * We may want to change that later, however.
1733          */
1734         if (!local->suspended || reconfig_due_to_wowlan)
1735                 drv_restart_complete(local);
1736
1737         if (!local->suspended)
1738                 return 0;
1739
1740 #ifdef CONFIG_PM
1741         /* first set suspended false, then resuming */
1742         local->suspended = false;
1743         mb();
1744         local->resuming = false;
1745
1746         list_for_each_entry(sdata, &local->interfaces, list) {
1747                 if (!ieee80211_sdata_running(sdata))
1748                         continue;
1749                 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1750                         ieee80211_sta_restart(sdata);
1751         }
1752
1753         mod_timer(&local->sta_cleanup, jiffies + 1);
1754 #else
1755         WARN_ON(1);
1756 #endif
1757         return 0;
1758 }
1759
1760 void ieee80211_resume_disconnect(struct ieee80211_vif *vif)
1761 {
1762         struct ieee80211_sub_if_data *sdata;
1763         struct ieee80211_local *local;
1764         struct ieee80211_key *key;
1765
1766         if (WARN_ON(!vif))
1767                 return;
1768
1769         sdata = vif_to_sdata(vif);
1770         local = sdata->local;
1771
1772         if (WARN_ON(!local->resuming))
1773                 return;
1774
1775         if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
1776                 return;
1777
1778         sdata->flags |= IEEE80211_SDATA_DISCONNECT_RESUME;
1779
1780         mutex_lock(&local->key_mtx);
1781         list_for_each_entry(key, &sdata->key_list, list)
1782                 key->flags |= KEY_FLAG_TAINTED;
1783         mutex_unlock(&local->key_mtx);
1784 }
1785 EXPORT_SYMBOL_GPL(ieee80211_resume_disconnect);
1786
1787 void ieee80211_recalc_smps(struct ieee80211_sub_if_data *sdata)
1788 {
1789         struct ieee80211_local *local = sdata->local;
1790         struct ieee80211_chanctx_conf *chanctx_conf;
1791         struct ieee80211_chanctx *chanctx;
1792
1793         mutex_lock(&local->chanctx_mtx);
1794
1795         chanctx_conf = rcu_dereference_protected(sdata->vif.chanctx_conf,
1796                                         lockdep_is_held(&local->chanctx_mtx));
1797
1798         if (WARN_ON_ONCE(!chanctx_conf))
1799                 goto unlock;
1800
1801         chanctx = container_of(chanctx_conf, struct ieee80211_chanctx, conf);
1802         ieee80211_recalc_smps_chanctx(local, chanctx);
1803  unlock:
1804         mutex_unlock(&local->chanctx_mtx);
1805 }
1806
1807 static bool ieee80211_id_in_list(const u8 *ids, int n_ids, u8 id)
1808 {
1809         int i;
1810
1811         for (i = 0; i < n_ids; i++)
1812                 if (ids[i] == id)
1813                         return true;
1814         return false;
1815 }
1816
1817 /**
1818  * ieee80211_ie_split - split an IE buffer according to ordering
1819  *
1820  * @ies: the IE buffer
1821  * @ielen: the length of the IE buffer
1822  * @ids: an array with element IDs that are allowed before
1823  *      the split
1824  * @n_ids: the size of the element ID array
1825  * @offset: offset where to start splitting in the buffer
1826  *
1827  * This function splits an IE buffer by updating the @offset
1828  * variable to point to the location where the buffer should be
1829  * split.
1830  *
1831  * It assumes that the given IE buffer is well-formed, this
1832  * has to be guaranteed by the caller!
1833  *
1834  * It also assumes that the IEs in the buffer are ordered
1835  * correctly, if not the result of using this function will not
1836  * be ordered correctly either, i.e. it does no reordering.
1837  *
1838  * The function returns the offset where the next part of the
1839  * buffer starts, which may be @ielen if the entire (remainder)
1840  * of the buffer should be used.
1841  */
1842 size_t ieee80211_ie_split(const u8 *ies, size_t ielen,
1843                           const u8 *ids, int n_ids, size_t offset)
1844 {
1845         size_t pos = offset;
1846
1847         while (pos < ielen && ieee80211_id_in_list(ids, n_ids, ies[pos]))
1848                 pos += 2 + ies[pos + 1];
1849
1850         return pos;
1851 }
1852
1853 size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset)
1854 {
1855         size_t pos = offset;
1856
1857         while (pos < ielen && ies[pos] != WLAN_EID_VENDOR_SPECIFIC)
1858                 pos += 2 + ies[pos + 1];
1859
1860         return pos;
1861 }
1862
1863 static void _ieee80211_enable_rssi_reports(struct ieee80211_sub_if_data *sdata,
1864                                             int rssi_min_thold,
1865                                             int rssi_max_thold)
1866 {
1867         trace_api_enable_rssi_reports(sdata, rssi_min_thold, rssi_max_thold);
1868
1869         if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1870                 return;
1871
1872         /*
1873          * Scale up threshold values before storing it, as the RSSI averaging
1874          * algorithm uses a scaled up value as well. Change this scaling
1875          * factor if the RSSI averaging algorithm changes.
1876          */
1877         sdata->u.mgd.rssi_min_thold = rssi_min_thold*16;
1878         sdata->u.mgd.rssi_max_thold = rssi_max_thold*16;
1879 }
1880
1881 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif,
1882                                     int rssi_min_thold,
1883                                     int rssi_max_thold)
1884 {
1885         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1886
1887         WARN_ON(rssi_min_thold == rssi_max_thold ||
1888                 rssi_min_thold > rssi_max_thold);
1889
1890         _ieee80211_enable_rssi_reports(sdata, rssi_min_thold,
1891                                        rssi_max_thold);
1892 }
1893 EXPORT_SYMBOL(ieee80211_enable_rssi_reports);
1894
1895 void ieee80211_disable_rssi_reports(struct ieee80211_vif *vif)
1896 {
1897         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1898
1899         _ieee80211_enable_rssi_reports(sdata, 0, 0);
1900 }
1901 EXPORT_SYMBOL(ieee80211_disable_rssi_reports);
1902
1903 u8 *ieee80211_ie_build_ht_cap(u8 *pos, struct ieee80211_sta_ht_cap *ht_cap,
1904                               u16 cap)
1905 {
1906         __le16 tmp;
1907
1908         *pos++ = WLAN_EID_HT_CAPABILITY;
1909         *pos++ = sizeof(struct ieee80211_ht_cap);
1910         memset(pos, 0, sizeof(struct ieee80211_ht_cap));
1911
1912         /* capability flags */
1913         tmp = cpu_to_le16(cap);
1914         memcpy(pos, &tmp, sizeof(u16));
1915         pos += sizeof(u16);
1916
1917         /* AMPDU parameters */
1918         *pos++ = ht_cap->ampdu_factor |
1919                  (ht_cap->ampdu_density <<
1920                         IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
1921
1922         /* MCS set */
1923         memcpy(pos, &ht_cap->mcs, sizeof(ht_cap->mcs));
1924         pos += sizeof(ht_cap->mcs);
1925
1926         /* extended capabilities */
1927         pos += sizeof(__le16);
1928
1929         /* BF capabilities */
1930         pos += sizeof(__le32);
1931
1932         /* antenna selection */
1933         pos += sizeof(u8);
1934
1935         return pos;
1936 }
1937
1938 u8 *ieee80211_ie_build_vht_cap(u8 *pos, struct ieee80211_sta_vht_cap *vht_cap,
1939                                u32 cap)
1940 {
1941         __le32 tmp;
1942
1943         *pos++ = WLAN_EID_VHT_CAPABILITY;
1944         *pos++ = sizeof(struct ieee80211_vht_cap);
1945         memset(pos, 0, sizeof(struct ieee80211_vht_cap));
1946
1947         /* capability flags */
1948         tmp = cpu_to_le32(cap);
1949         memcpy(pos, &tmp, sizeof(u32));
1950         pos += sizeof(u32);
1951
1952         /* VHT MCS set */
1953         memcpy(pos, &vht_cap->vht_mcs, sizeof(vht_cap->vht_mcs));
1954         pos += sizeof(vht_cap->vht_mcs);
1955
1956         return pos;
1957 }
1958
1959 u8 *ieee80211_ie_build_ht_oper(u8 *pos, struct ieee80211_sta_ht_cap *ht_cap,
1960                                const struct cfg80211_chan_def *chandef,
1961                                u16 prot_mode)
1962 {
1963         struct ieee80211_ht_operation *ht_oper;
1964         /* Build HT Information */
1965         *pos++ = WLAN_EID_HT_OPERATION;
1966         *pos++ = sizeof(struct ieee80211_ht_operation);
1967         ht_oper = (struct ieee80211_ht_operation *)pos;
1968         ht_oper->primary_chan = ieee80211_frequency_to_channel(
1969                                         chandef->chan->center_freq);
1970         switch (chandef->width) {
1971         case NL80211_CHAN_WIDTH_160:
1972         case NL80211_CHAN_WIDTH_80P80:
1973         case NL80211_CHAN_WIDTH_80:
1974         case NL80211_CHAN_WIDTH_40:
1975                 if (chandef->center_freq1 > chandef->chan->center_freq)
1976                         ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
1977                 else
1978                         ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
1979                 break;
1980         default:
1981                 ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1982                 break;
1983         }
1984         if (ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
1985             chandef->width != NL80211_CHAN_WIDTH_20_NOHT &&
1986             chandef->width != NL80211_CHAN_WIDTH_20)
1987                 ht_oper->ht_param |= IEEE80211_HT_PARAM_CHAN_WIDTH_ANY;
1988
1989         ht_oper->operation_mode = cpu_to_le16(prot_mode);
1990         ht_oper->stbc_param = 0x0000;
1991
1992         /* It seems that Basic MCS set and Supported MCS set
1993            are identical for the first 10 bytes */
1994         memset(&ht_oper->basic_set, 0, 16);
1995         memcpy(&ht_oper->basic_set, &ht_cap->mcs, 10);
1996
1997         return pos + sizeof(struct ieee80211_ht_operation);
1998 }
1999
2000 void ieee80211_ht_oper_to_chandef(struct ieee80211_channel *control_chan,
2001                                   const struct ieee80211_ht_operation *ht_oper,
2002                                   struct cfg80211_chan_def *chandef)
2003 {
2004         enum nl80211_channel_type channel_type;
2005
2006         if (!ht_oper) {
2007                 cfg80211_chandef_create(chandef, control_chan,
2008                                         NL80211_CHAN_NO_HT);
2009                 return;
2010         }
2011
2012         switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
2013         case IEEE80211_HT_PARAM_CHA_SEC_NONE:
2014                 channel_type = NL80211_CHAN_HT20;
2015                 break;
2016         case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
2017                 channel_type = NL80211_CHAN_HT40PLUS;
2018                 break;
2019         case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
2020                 channel_type = NL80211_CHAN_HT40MINUS;
2021                 break;
2022         default:
2023                 channel_type = NL80211_CHAN_NO_HT;
2024         }
2025
2026         cfg80211_chandef_create(chandef, control_chan, channel_type);
2027 }
2028
2029 int ieee80211_parse_bitrates(struct cfg80211_chan_def *chandef,
2030                              const struct ieee80211_supported_band *sband,
2031                              const u8 *srates, int srates_len, u32 *rates)
2032 {
2033         u32 rate_flags = ieee80211_chandef_rate_flags(chandef);
2034         int shift = ieee80211_chandef_get_shift(chandef);
2035         struct ieee80211_rate *br;
2036         int brate, rate, i, j, count = 0;
2037
2038         *rates = 0;
2039
2040         for (i = 0; i < srates_len; i++) {
2041                 rate = srates[i] & 0x7f;
2042
2043                 for (j = 0; j < sband->n_bitrates; j++) {
2044                         br = &sband->bitrates[j];
2045                         if ((rate_flags & br->flags) != rate_flags)
2046                                 continue;
2047
2048                         brate = DIV_ROUND_UP(br->bitrate, (1 << shift) * 5);
2049                         if (brate == rate) {
2050                                 *rates |= BIT(j);
2051                                 count++;
2052                                 break;
2053                         }
2054                 }
2055         }
2056         return count;
2057 }
2058
2059 int ieee80211_add_srates_ie(struct ieee80211_sub_if_data *sdata,
2060                             struct sk_buff *skb, bool need_basic,
2061                             enum ieee80211_band band)
2062 {
2063         struct ieee80211_local *local = sdata->local;
2064         struct ieee80211_supported_band *sband;
2065         int rate, shift;
2066         u8 i, rates, *pos;
2067         u32 basic_rates = sdata->vif.bss_conf.basic_rates;
2068         u32 rate_flags;
2069
2070         shift = ieee80211_vif_get_shift(&sdata->vif);
2071         rate_flags = ieee80211_chandef_rate_flags(&sdata->vif.bss_conf.chandef);
2072         sband = local->hw.wiphy->bands[band];
2073         rates = 0;
2074         for (i = 0; i < sband->n_bitrates; i++) {
2075                 if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
2076                         continue;
2077                 rates++;
2078         }
2079         if (rates > 8)
2080                 rates = 8;
2081
2082         if (skb_tailroom(skb) < rates + 2)
2083                 return -ENOMEM;
2084
2085         pos = skb_put(skb, rates + 2);
2086         *pos++ = WLAN_EID_SUPP_RATES;
2087         *pos++ = rates;
2088         for (i = 0; i < rates; i++) {
2089                 u8 basic = 0;
2090                 if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
2091                         continue;
2092
2093                 if (need_basic && basic_rates & BIT(i))
2094                         basic = 0x80;
2095                 rate = sband->bitrates[i].bitrate;
2096                 rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
2097                                     5 * (1 << shift));
2098                 *pos++ = basic | (u8) rate;
2099         }
2100
2101         return 0;
2102 }
2103
2104 int ieee80211_add_ext_srates_ie(struct ieee80211_sub_if_data *sdata,
2105                                 struct sk_buff *skb, bool need_basic,
2106                                 enum ieee80211_band band)
2107 {
2108         struct ieee80211_local *local = sdata->local;
2109         struct ieee80211_supported_band *sband;
2110         int rate, shift;
2111         u8 i, exrates, *pos;
2112         u32 basic_rates = sdata->vif.bss_conf.basic_rates;
2113         u32 rate_flags;
2114
2115         rate_flags = ieee80211_chandef_rate_flags(&sdata->vif.bss_conf.chandef);
2116         shift = ieee80211_vif_get_shift(&sdata->vif);
2117
2118         sband = local->hw.wiphy->bands[band];
2119         exrates = 0;
2120         for (i = 0; i < sband->n_bitrates; i++) {
2121                 if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
2122                         continue;
2123                 exrates++;
2124         }
2125
2126         if (exrates > 8)
2127                 exrates -= 8;
2128         else
2129                 exrates = 0;
2130
2131         if (skb_tailroom(skb) < exrates + 2)
2132                 return -ENOMEM;
2133
2134         if (exrates) {
2135                 pos = skb_put(skb, exrates + 2);
2136                 *pos++ = WLAN_EID_EXT_SUPP_RATES;
2137                 *pos++ = exrates;
2138                 for (i = 8; i < sband->n_bitrates; i++) {
2139                         u8 basic = 0;
2140                         if ((rate_flags & sband->bitrates[i].flags)
2141                             != rate_flags)
2142                                 continue;
2143                         if (need_basic && basic_rates & BIT(i))
2144                                 basic = 0x80;
2145                         rate = DIV_ROUND_UP(sband->bitrates[i].bitrate,
2146                                             5 * (1 << shift));
2147                         *pos++ = basic | (u8) rate;
2148                 }
2149         }
2150         return 0;
2151 }
2152
2153 int ieee80211_ave_rssi(struct ieee80211_vif *vif)
2154 {
2155         struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2156         struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2157
2158         if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION)) {
2159                 /* non-managed type inferfaces */
2160                 return 0;
2161         }
2162         return ifmgd->ave_beacon_signal / 16;
2163 }
2164 EXPORT_SYMBOL_GPL(ieee80211_ave_rssi);
2165
2166 u8 ieee80211_mcs_to_chains(const struct ieee80211_mcs_info *mcs)
2167 {
2168         if (!mcs)
2169                 return 1;
2170
2171         /* TODO: consider rx_highest */
2172
2173         if (mcs->rx_mask[3])
2174                 return 4;
2175         if (mcs->rx_mask[2])
2176                 return 3;
2177         if (mcs->rx_mask[1])
2178                 return 2;
2179         return 1;
2180 }
2181
2182 /**
2183  * ieee80211_calculate_rx_timestamp - calculate timestamp in frame
2184  * @local: mac80211 hw info struct
2185  * @status: RX status
2186  * @mpdu_len: total MPDU length (including FCS)
2187  * @mpdu_offset: offset into MPDU to calculate timestamp at
2188  *
2189  * This function calculates the RX timestamp at the given MPDU offset, taking
2190  * into account what the RX timestamp was. An offset of 0 will just normalize
2191  * the timestamp to TSF at beginning of MPDU reception.
2192  */
2193 u64 ieee80211_calculate_rx_timestamp(struct ieee80211_local *local,
2194                                      struct ieee80211_rx_status *status,
2195                                      unsigned int mpdu_len,
2196                                      unsigned int mpdu_offset)
2197 {
2198         u64 ts = status->mactime;
2199         struct rate_info ri;
2200         u16 rate;
2201
2202         if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
2203                 return 0;
2204
2205         memset(&ri, 0, sizeof(ri));
2206
2207         /* Fill cfg80211 rate info */
2208         if (status->flag & RX_FLAG_HT) {
2209                 ri.mcs = status->rate_idx;
2210                 ri.flags |= RATE_INFO_FLAGS_MCS;
2211                 if (status->flag & RX_FLAG_40MHZ)
2212                         ri.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
2213                 if (status->flag & RX_FLAG_SHORT_GI)
2214                         ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
2215         } else if (status->flag & RX_FLAG_VHT) {
2216                 ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
2217                 ri.mcs = status->rate_idx;
2218                 ri.nss = status->vht_nss;
2219                 if (status->flag & RX_FLAG_40MHZ)
2220                         ri.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
2221                 if (status->flag & RX_FLAG_80MHZ)
2222                         ri.flags |= RATE_INFO_FLAGS_80_MHZ_WIDTH;
2223                 if (status->flag & RX_FLAG_80P80MHZ)
2224                         ri.flags |= RATE_INFO_FLAGS_80P80_MHZ_WIDTH;
2225                 if (status->flag & RX_FLAG_160MHZ)
2226                         ri.flags |= RATE_INFO_FLAGS_160_MHZ_WIDTH;
2227                 if (status->flag & RX_FLAG_SHORT_GI)
2228                         ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
2229         } else {
2230                 struct ieee80211_supported_band *sband;
2231                 int shift = 0;
2232                 int bitrate;
2233
2234                 if (status->flag & RX_FLAG_10MHZ)
2235                         shift = 1;
2236                 if (status->flag & RX_FLAG_5MHZ)
2237                         shift = 2;
2238
2239                 sband = local->hw.wiphy->bands[status->band];
2240                 bitrate = sband->bitrates[status->rate_idx].bitrate;
2241                 ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift));
2242         }
2243
2244         rate = cfg80211_calculate_bitrate(&ri);
2245         if (WARN_ONCE(!rate,
2246                       "Invalid bitrate: flags=0x%x, idx=%d, vht_nss=%d\n",
2247                       status->flag, status->rate_idx, status->vht_nss))
2248                 return 0;
2249
2250         /* rewind from end of MPDU */
2251         if (status->flag & RX_FLAG_MACTIME_END)
2252                 ts -= mpdu_len * 8 * 10 / rate;
2253
2254         ts += mpdu_offset * 8 * 10 / rate;
2255
2256         return ts;
2257 }
2258
2259 void ieee80211_dfs_cac_cancel(struct ieee80211_local *local)
2260 {
2261         struct ieee80211_sub_if_data *sdata;
2262
2263         mutex_lock(&local->iflist_mtx);
2264         list_for_each_entry(sdata, &local->interfaces, list) {
2265                 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
2266
2267                 if (sdata->wdev.cac_started) {
2268                         ieee80211_vif_release_channel(sdata);
2269                         cfg80211_cac_event(sdata->dev,
2270                                            NL80211_RADAR_CAC_ABORTED,
2271                                            GFP_KERNEL);
2272                 }
2273         }
2274         mutex_unlock(&local->iflist_mtx);
2275 }
2276
2277 void ieee80211_dfs_radar_detected_work(struct work_struct *work)
2278 {
2279         struct ieee80211_local *local =
2280                 container_of(work, struct ieee80211_local, radar_detected_work);
2281         struct cfg80211_chan_def chandef;
2282
2283         ieee80211_dfs_cac_cancel(local);
2284
2285         if (local->use_chanctx)
2286                 /* currently not handled */
2287                 WARN_ON(1);
2288         else {
2289                 chandef = local->hw.conf.chandef;
2290                 cfg80211_radar_event(local->hw.wiphy, &chandef, GFP_KERNEL);
2291         }
2292 }
2293
2294 void ieee80211_radar_detected(struct ieee80211_hw *hw)
2295 {
2296         struct ieee80211_local *local = hw_to_local(hw);
2297
2298         trace_api_radar_detected(local);
2299
2300         ieee80211_queue_work(hw, &local->radar_detected_work);
2301 }
2302 EXPORT_SYMBOL(ieee80211_radar_detected);
2303
2304 u32 ieee80211_chandef_downgrade(struct cfg80211_chan_def *c)
2305 {
2306         u32 ret;
2307         int tmp;
2308
2309         switch (c->width) {
2310         case NL80211_CHAN_WIDTH_20:
2311                 c->width = NL80211_CHAN_WIDTH_20_NOHT;
2312                 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
2313                 break;
2314         case NL80211_CHAN_WIDTH_40:
2315                 c->width = NL80211_CHAN_WIDTH_20;
2316                 c->center_freq1 = c->chan->center_freq;
2317                 ret = IEEE80211_STA_DISABLE_40MHZ |
2318                       IEEE80211_STA_DISABLE_VHT;
2319                 break;
2320         case NL80211_CHAN_WIDTH_80:
2321                 tmp = (30 + c->chan->center_freq - c->center_freq1)/20;
2322                 /* n_P40 */
2323                 tmp /= 2;
2324                 /* freq_P40 */
2325                 c->center_freq1 = c->center_freq1 - 20 + 40 * tmp;
2326                 c->width = NL80211_CHAN_WIDTH_40;
2327                 ret = IEEE80211_STA_DISABLE_VHT;
2328                 break;
2329         case NL80211_CHAN_WIDTH_80P80:
2330                 c->center_freq2 = 0;
2331                 c->width = NL80211_CHAN_WIDTH_80;
2332                 ret = IEEE80211_STA_DISABLE_80P80MHZ |
2333                       IEEE80211_STA_DISABLE_160MHZ;
2334                 break;
2335         case NL80211_CHAN_WIDTH_160:
2336                 /* n_P20 */
2337                 tmp = (70 + c->chan->center_freq - c->center_freq1)/20;
2338                 /* n_P80 */
2339                 tmp /= 4;
2340                 c->center_freq1 = c->center_freq1 - 40 + 80 * tmp;
2341                 c->width = NL80211_CHAN_WIDTH_80;
2342                 ret = IEEE80211_STA_DISABLE_80P80MHZ |
2343                       IEEE80211_STA_DISABLE_160MHZ;
2344                 break;
2345         default:
2346         case NL80211_CHAN_WIDTH_20_NOHT:
2347                 WARN_ON_ONCE(1);
2348                 c->width = NL80211_CHAN_WIDTH_20_NOHT;
2349                 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
2350                 break;
2351         case NL80211_CHAN_WIDTH_5:
2352         case NL80211_CHAN_WIDTH_10:
2353                 WARN_ON_ONCE(1);
2354                 /* keep c->width */
2355                 ret = IEEE80211_STA_DISABLE_HT | IEEE80211_STA_DISABLE_VHT;
2356                 break;
2357         }
2358
2359         WARN_ON_ONCE(!cfg80211_chandef_valid(c));
2360
2361         return ret;
2362 }
2363
2364 /*
2365  * Returns true if smps_mode_new is strictly more restrictive than
2366  * smps_mode_old.
2367  */
2368 bool ieee80211_smps_is_restrictive(enum ieee80211_smps_mode smps_mode_old,
2369                                    enum ieee80211_smps_mode smps_mode_new)
2370 {
2371         if (WARN_ON_ONCE(smps_mode_old == IEEE80211_SMPS_AUTOMATIC ||
2372                          smps_mode_new == IEEE80211_SMPS_AUTOMATIC))
2373                 return false;
2374
2375         switch (smps_mode_old) {
2376         case IEEE80211_SMPS_STATIC:
2377                 return false;
2378         case IEEE80211_SMPS_DYNAMIC:
2379                 return smps_mode_new == IEEE80211_SMPS_STATIC;
2380         case IEEE80211_SMPS_OFF:
2381                 return smps_mode_new != IEEE80211_SMPS_OFF;
2382         default:
2383                 WARN_ON(1);
2384         }
2385
2386         return false;
2387 }
2388
2389 int ieee80211_send_action_csa(struct ieee80211_sub_if_data *sdata,
2390                               struct cfg80211_csa_settings *csa_settings)
2391 {
2392         struct sk_buff *skb;
2393         struct ieee80211_mgmt *mgmt;
2394         struct ieee80211_local *local = sdata->local;
2395         int freq;
2396         int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.chan_switch) +
2397                                sizeof(mgmt->u.action.u.chan_switch);
2398         u8 *pos;
2399
2400         if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
2401             sdata->vif.type != NL80211_IFTYPE_MESH_POINT)
2402                 return -EOPNOTSUPP;
2403
2404         skb = dev_alloc_skb(local->tx_headroom + hdr_len +
2405                             5 + /* channel switch announcement element */
2406                             3 + /* secondary channel offset element */
2407                             8); /* mesh channel switch parameters element */
2408         if (!skb)
2409                 return -ENOMEM;
2410
2411         skb_reserve(skb, local->tx_headroom);
2412         mgmt = (struct ieee80211_mgmt *)skb_put(skb, hdr_len);
2413         memset(mgmt, 0, hdr_len);
2414         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
2415                                           IEEE80211_STYPE_ACTION);
2416
2417         eth_broadcast_addr(mgmt->da);
2418         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
2419         if (ieee80211_vif_is_mesh(&sdata->vif)) {
2420                 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
2421         } else {
2422                 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
2423                 memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN);
2424         }
2425         mgmt->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
2426         mgmt->u.action.u.chan_switch.action_code = WLAN_ACTION_SPCT_CHL_SWITCH;
2427         pos = skb_put(skb, 5);
2428         *pos++ = WLAN_EID_CHANNEL_SWITCH;                       /* EID */
2429         *pos++ = 3;                                             /* IE length */
2430         *pos++ = csa_settings->block_tx ? 1 : 0;                /* CSA mode */
2431         freq = csa_settings->chandef.chan->center_freq;
2432         *pos++ = ieee80211_frequency_to_channel(freq);          /* channel */
2433         *pos++ = csa_settings->count;                           /* count */
2434
2435         if (csa_settings->chandef.width == NL80211_CHAN_WIDTH_40) {
2436                 enum nl80211_channel_type ch_type;
2437
2438                 skb_put(skb, 3);
2439                 *pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET;     /* EID */
2440                 *pos++ = 1;                                     /* IE length */
2441                 ch_type = cfg80211_get_chandef_type(&csa_settings->chandef);
2442                 if (ch_type == NL80211_CHAN_HT40PLUS)
2443                         *pos++ = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
2444                 else
2445                         *pos++ = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
2446         }
2447
2448         if (ieee80211_vif_is_mesh(&sdata->vif)) {
2449                 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
2450                 __le16 pre_value;
2451
2452                 skb_put(skb, 8);
2453                 *pos++ = WLAN_EID_CHAN_SWITCH_PARAM;            /* EID */
2454                 *pos++ = 6;                                     /* IE length */
2455                 *pos++ = sdata->u.mesh.mshcfg.dot11MeshTTL;     /* Mesh TTL */
2456                 *pos = 0x00;    /* Mesh Flag: Tx Restrict, Initiator, Reason */
2457                 *pos |= WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
2458                 *pos++ |= csa_settings->block_tx ?
2459                           WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT : 0x00;
2460                 put_unaligned_le16(WLAN_REASON_MESH_CHAN, pos); /* Reason Cd */
2461                 pos += 2;
2462                 if (!ifmsh->pre_value)
2463                         ifmsh->pre_value = 1;
2464                 else
2465                         ifmsh->pre_value++;
2466                 pre_value = cpu_to_le16(ifmsh->pre_value);
2467                 memcpy(pos, &pre_value, 2);             /* Precedence Value */
2468                 pos += 2;
2469                 ifmsh->chsw_init = true;
2470         }
2471
2472         ieee80211_tx_skb(sdata, skb);
2473         return 0;
2474 }