1	// SPDX-License-Identifier: GPL-2.0-only
2	/*
3	* Copyright 2002-2005, Instant802 Networks, Inc.
4	* Copyright 2005-2006, Devicescape Software, Inc.
5	* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6	* Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7	* Copyright 2013-2014 Intel Mobile Communications GmbH
8	* Copyright (C) 2015-2017 Intel Deutschland GmbH
9	* Copyright (C) 2018-2024 Intel Corporation
10	*
11	* utilities for mac80211
12	*/
13
14	#include <net/mac80211.h>
15	#include <linux/netdevice.h>
16	#include <linux/export.h>
17	#include <linux/types.h>
18	#include <linux/slab.h>
19	#include <linux/skbuff.h>
20	#include <linux/etherdevice.h>
21	#include <linux/if_arp.h>
22	#include <linux/bitmap.h>
23	#include <linux/crc32.h>
24	#include <net/net_namespace.h>
25	#include <net/cfg80211.h>
26	#include <net/rtnetlink.h>
27	#include <kunit/visibility.h>
28
29	#include "ieee80211_i.h"
30	#include "driver-ops.h"
31	#include "rate.h"
32	#include "mesh.h"
33	#include "wme.h"
34	#include "led.h"
35	#include "wep.h"
36
37	/* privid for wiphys to determine whether they belong to us or not */
38	const void *const mac80211_wiphy_privid = &mac80211_wiphy_privid;
39
40	struct ieee80211_hw *wiphy_to_ieee80211_hw(struct wiphy *wiphy)
41	{
42	struct ieee80211_local *local;
43
44	local = wiphy_priv(wiphy);
45	return &local->hw;
46	}
47	EXPORT_SYMBOL(wiphy_to_ieee80211_hw);
48
49	const struct ieee80211_conn_settings ieee80211_conn_settings_unlimited = {
50	.mode = IEEE80211_CONN_MODE_EHT,
51	.bw_limit = IEEE80211_CONN_BW_LIMIT_320,
52	};
53
54	u8 *ieee80211_get_bssid(struct ieee80211_hdr *hdr, size_t len,
55	enum nl80211_iftype type)
56	{
57	__le16 fc = hdr->frame_control;
58
59	if (ieee80211_is_data(fc)) {
60	if (len < 24) /* drop incorrect hdr len (data) */
61	return NULL;
62
63	if (ieee80211_has_a4(fc))
64	return NULL;
65	if (ieee80211_has_tods(fc))
66	return hdr->addr1;
67	if (ieee80211_has_fromds(fc))
68	return hdr->addr2;
69
70	return hdr->addr3;
71	}
72
73	if (ieee80211_is_s1g_beacon(fc)) {
74	struct ieee80211_ext *ext = (void *) hdr;
75
76	return ext->u.s1g_beacon.sa;
77	}
78
79	if (ieee80211_is_mgmt(fc)) {
80	if (len < 24) /* drop incorrect hdr len (mgmt) */
81	return NULL;
82	return hdr->addr3;
83	}
84
85	if (ieee80211_is_ctl(fc)) {
86	if (ieee80211_is_pspoll(fc))
87	return hdr->addr1;
88
89	if (ieee80211_is_back_req(fc)) {
90	switch (type) {
91	case NL80211_IFTYPE_STATION:
92	return hdr->addr2;
93	case NL80211_IFTYPE_AP:
94	case NL80211_IFTYPE_AP_VLAN:
95	return hdr->addr1;
96	default:
97	break; /* fall through to the return */
98	}
99	}
100	}
101
102	return NULL;
103	}
104	EXPORT_SYMBOL(ieee80211_get_bssid);
105
106	void ieee80211_tx_set_protected(struct ieee80211_tx_data *tx)
107	{
108	struct sk_buff *skb;
109	struct ieee80211_hdr *hdr;
110
111	skb_queue_walk(&tx->skbs, skb) {
112	hdr = (struct ieee80211_hdr *) skb->data;
113	hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
114	}
115	}
116
117	int ieee80211_frame_duration(enum nl80211_band band, size_t len,
118	int rate, int erp, int short_preamble)
119	{
120	int dur;
121
122	/* calculate duration (in microseconds, rounded up to next higher
123	* integer if it includes a fractional microsecond) to send frame of
124	* len bytes (does not include FCS) at the given rate. Duration will
125	* also include SIFS.
126	*
127	* rate is in 100 kbps, so divident is multiplied by 10 in the
128	* DIV_ROUND_UP() operations.
129	*/
130
131	if (band == NL80211_BAND_5GHZ || erp) {
132	/*
133	* OFDM:
134	*
135	* N_DBPS = DATARATE x 4
136	* N_SYM = Ceiling((16+8xLENGTH+6) / N_DBPS)
137	* (16 = SIGNAL time, 6 = tail bits)
138	* TXTIME = T_PREAMBLE + T_SIGNAL + T_SYM x N_SYM + Signal Ext
139	*
140	* T_SYM = 4 usec
141	* 802.11a - 18.5.2: aSIFSTime = 16 usec
142	* 802.11g - 19.8.4: aSIFSTime = 10 usec +
143	* signal ext = 6 usec
144	*/
145	dur = 16; /* SIFS + signal ext */
146	dur += 16; /* IEEE 802.11-2012 18.3.2.4: T_PREAMBLE = 16 usec */
147	dur += 4; /* IEEE 802.11-2012 18.3.2.4: T_SIGNAL = 4 usec */
148
149	/* rates should already consider the channel bandwidth,
150	* don't apply divisor again.
151	*/
152	dur += 4 * DIV_ROUND_UP((16 + 8 * (len + 4) + 6) * 10,
153	4 * rate); /* T_SYM x N_SYM */
154	} else {
155	/*
156	* 802.11b or 802.11g with 802.11b compatibility:
157	* 18.3.4: TXTIME = PreambleLength + PLCPHeaderTime +
158	* Ceiling(((LENGTH+PBCC)x8)/DATARATE). PBCC=0.
159	*
160	* 802.11 (DS): 15.3.3, 802.11b: 18.3.4
161	* aSIFSTime = 10 usec
162	* aPreambleLength = 144 usec or 72 usec with short preamble
163	* aPLCPHeaderLength = 48 usec or 24 usec with short preamble
164	*/
165	dur = 10; /* aSIFSTime = 10 usec */
166	dur += short_preamble ? (72 + 24) : (144 + 48);
167
168	dur += DIV_ROUND_UP(8 * (len + 4) * 10, rate);
169	}
170
171	return dur;
172	}
173
174	/* Exported duration function for driver use */
175	__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw,
176	struct ieee80211_vif *vif,
177	enum nl80211_band band,
178	size_t frame_len,
179	struct ieee80211_rate *rate)
180	{
181	struct ieee80211_sub_if_data *sdata;
182	u16 dur;
183	int erp;
184	bool short_preamble = false;
185
186	erp = 0;
187	if (vif) {
188	sdata = vif_to_sdata(p: vif);
189	short_preamble = sdata->vif.bss_conf.use_short_preamble;
190	if (sdata->deflink.operating_11g_mode)
191	erp = rate->flags & IEEE80211_RATE_ERP_G;
192	}
193
194	dur = ieee80211_frame_duration(band, len: frame_len, rate: rate->bitrate, erp,
195	short_preamble);
196
197	return cpu_to_le16(dur);
198	}
199	EXPORT_SYMBOL(ieee80211_generic_frame_duration);
200
201	__le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
202	struct ieee80211_vif *vif, size_t frame_len,
203	const struct ieee80211_tx_info *frame_txctl)
204	{
205	struct ieee80211_local *local = hw_to_local(hw);
206	struct ieee80211_rate *rate;
207	struct ieee80211_sub_if_data *sdata;
208	bool short_preamble;
209	int erp, bitrate;
210	u16 dur;
211	struct ieee80211_supported_band *sband;
212
213	sband = local->hw.wiphy->bands[frame_txctl->band];
214
215	short_preamble = false;
216
217	rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
218
219	erp = 0;
220	if (vif) {
221	sdata = vif_to_sdata(p: vif);
222	short_preamble = sdata->vif.bss_conf.use_short_preamble;
223	if (sdata->deflink.operating_11g_mode)
224	erp = rate->flags & IEEE80211_RATE_ERP_G;
225	}
226
227	bitrate = rate->bitrate;
228
229	/* CTS duration */
230	dur = ieee80211_frame_duration(band: sband->band, len: 10, rate: bitrate,
231	erp, short_preamble);
232	/* Data frame duration */
233	dur += ieee80211_frame_duration(band: sband->band, len: frame_len, rate: bitrate,
234	erp, short_preamble);
235	/* ACK duration */
236	dur += ieee80211_frame_duration(band: sband->band, len: 10, rate: bitrate,
237	erp, short_preamble);
238
239	return cpu_to_le16(dur);
240	}
241	EXPORT_SYMBOL(ieee80211_rts_duration);
242
243	__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
244	struct ieee80211_vif *vif,
245	size_t frame_len,
246	const struct ieee80211_tx_info *frame_txctl)
247	{
248	struct ieee80211_local *local = hw_to_local(hw);
249	struct ieee80211_rate *rate;
250	struct ieee80211_sub_if_data *sdata;
251	bool short_preamble;
252	int erp, bitrate;
253	u16 dur;
254	struct ieee80211_supported_band *sband;
255
256	sband = local->hw.wiphy->bands[frame_txctl->band];
257
258	short_preamble = false;
259
260	rate = &sband->bitrates[frame_txctl->control.rts_cts_rate_idx];
261	erp = 0;
262	if (vif) {
263	sdata = vif_to_sdata(p: vif);
264	short_preamble = sdata->vif.bss_conf.use_short_preamble;
265	if (sdata->deflink.operating_11g_mode)
266	erp = rate->flags & IEEE80211_RATE_ERP_G;
267	}
268
269	bitrate = rate->bitrate;
270
271	/* Data frame duration */
272	dur = ieee80211_frame_duration(band: sband->band, len: frame_len, rate: bitrate,
273	erp, short_preamble);
274	if (!(frame_txctl->flags & IEEE80211_TX_CTL_NO_ACK)) {
275	/* ACK duration */
276	dur += ieee80211_frame_duration(band: sband->band, len: 10, rate: bitrate,
277	erp, short_preamble);
278	}
279
280	return cpu_to_le16(dur);
281	}
282	EXPORT_SYMBOL(ieee80211_ctstoself_duration);
283
284	static void wake_tx_push_queue(struct ieee80211_local *local,
285	struct ieee80211_sub_if_data *sdata,
286	struct ieee80211_txq *queue)
287	{
288	struct ieee80211_tx_control control = {
289	.sta = queue->sta,
290	};
291	struct sk_buff *skb;
292
293	while (1) {
294	skb = ieee80211_tx_dequeue(hw: &local->hw, txq: queue);
295	if (!skb)
296	break;
297
298	drv_tx(local, control: &control, skb);
299	}
300	}
301
302	/* wake_tx_queue handler for driver not implementing a custom one*/
303	void ieee80211_handle_wake_tx_queue(struct ieee80211_hw *hw,
304	struct ieee80211_txq *txq)
305	{
306	struct ieee80211_local *local = hw_to_local(hw);
307	struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: txq->vif);
308	struct ieee80211_txq *queue;
309
310	spin_lock(lock: &local->handle_wake_tx_queue_lock);
311
312	/* Use ieee80211_next_txq() for airtime fairness accounting */
313	ieee80211_txq_schedule_start(hw, ac: txq->ac);
314	while ((queue = ieee80211_next_txq(hw, ac: txq->ac))) {
315	wake_tx_push_queue(local, sdata, queue);
316	ieee80211_return_txq(hw, txq: queue, force: false);
317	}
318	ieee80211_txq_schedule_end(hw, ac: txq->ac);
319	spin_unlock(lock: &local->handle_wake_tx_queue_lock);
320	}
321	EXPORT_SYMBOL(ieee80211_handle_wake_tx_queue);
322
323	static void __ieee80211_wake_txqs(struct ieee80211_sub_if_data *sdata, int ac)
324	{
325	struct ieee80211_local *local = sdata->local;
326	struct ieee80211_vif *vif = &sdata->vif;
327	struct fq *fq = &local->fq;
328	struct ps_data *ps = NULL;
329	struct txq_info *txqi;
330	struct sta_info *sta;
331	int i;
332
333	local_bh_disable();
334	spin_lock(lock: &fq->lock);
335
336	if (!test_bit(SDATA_STATE_RUNNING, &sdata->state))
337	goto out;
338
339	if (sdata->vif.type == NL80211_IFTYPE_AP)
340	ps = &sdata->bss->ps;
341
342	list_for_each_entry_rcu(sta, &local->sta_list, list) {
343	if (sdata != sta->sdata)
344	continue;
345
346	for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
347	struct ieee80211_txq *txq = sta->sta.txq[i];
348
349	if (!txq)
350	continue;
351
352	txqi = to_txq_info(txq);
353
354	if (ac != txq->ac)
355	continue;
356
357	if (!test_and_clear_bit(nr: IEEE80211_TXQ_DIRTY,
358	addr: &txqi->flags))
359	continue;
360
361	spin_unlock(lock: &fq->lock);
362	drv_wake_tx_queue(local, txq: txqi);
363	spin_lock(lock: &fq->lock);
364	}
365	}
366
367	if (!vif->txq)
368	goto out;
369
370	txqi = to_txq_info(txq: vif->txq);
371
372	if (!test_and_clear_bit(nr: IEEE80211_TXQ_DIRTY, addr: &txqi->flags) ||
373	(ps && atomic_read(v: &ps->num_sta_ps)) || ac != vif->txq->ac)
374	goto out;
375
376	spin_unlock(lock: &fq->lock);
377
378	drv_wake_tx_queue(local, txq: txqi);
379	local_bh_enable();
380	return;
381	out:
382	spin_unlock(lock: &fq->lock);
383	local_bh_enable();
384	}
385
386	static void
387	__releases(&local->queue_stop_reason_lock)
388	__acquires(&local->queue_stop_reason_lock)
389	_ieee80211_wake_txqs(struct ieee80211_local *local, unsigned long *flags)
390	{
391	struct ieee80211_sub_if_data *sdata;
392	int n_acs = IEEE80211_NUM_ACS;
393	int i;
394
395	rcu_read_lock();
396
397	if (local->hw.queues < IEEE80211_NUM_ACS)
398	n_acs = 1;
399
400	for (i = 0; i < local->hw.queues; i++) {
401	if (local->queue_stop_reasons[i])
402	continue;
403
404	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags: *flags);
405	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
406	int ac;
407
408	for (ac = 0; ac < n_acs; ac++) {
409	int ac_queue = sdata->vif.hw_queue[ac];
410
411	if (ac_queue == i ||
412	sdata->vif.cab_queue == i)
413	__ieee80211_wake_txqs(sdata, ac);
414	}
415	}
416	spin_lock_irqsave(&local->queue_stop_reason_lock, *flags);
417	}
418
419	rcu_read_unlock();
420	}
421
422	void ieee80211_wake_txqs(struct tasklet_struct *t)
423	{
424	struct ieee80211_local *local = from_tasklet(local, t,
425	wake_txqs_tasklet);
426	unsigned long flags;
427
428	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
429	_ieee80211_wake_txqs(local, flags: &flags);
430	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
431	}
432
433	static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
434	enum queue_stop_reason reason,
435	bool refcounted,
436	unsigned long *flags)
437	{
438	struct ieee80211_local *local = hw_to_local(hw);
439
440	trace_wake_queue(local, queue, reason);
441
442	if (WARN_ON(queue >= hw->queues))
443	return;
444
445	if (!test_bit(reason, &local->queue_stop_reasons[queue]))
446	return;
447
448	if (!refcounted) {
449	local->q_stop_reasons[queue][reason] = 0;
450	} else {
451	local->q_stop_reasons[queue][reason]--;
452	if (WARN_ON(local->q_stop_reasons[queue][reason] < 0))
453	local->q_stop_reasons[queue][reason] = 0;
454	}
455
456	if (local->q_stop_reasons[queue][reason] == 0)
457	__clear_bit(reason, &local->queue_stop_reasons[queue]);
458
459	if (local->queue_stop_reasons[queue] != 0)
460	/* someone still has this queue stopped */
461	return;
462
463	if (!skb_queue_empty(list: &local->pending[queue]))
464	tasklet_schedule(t: &local->tx_pending_tasklet);
465
466	/*
467	* Calling _ieee80211_wake_txqs here can be a problem because it may
468	* release queue_stop_reason_lock which has been taken by
469	* __ieee80211_wake_queue's caller. It is certainly not very nice to
470	* release someone's lock, but it is fine because all the callers of
471	* __ieee80211_wake_queue call it right before releasing the lock.
472	*/
473	if (reason == IEEE80211_QUEUE_STOP_REASON_DRIVER)
474	tasklet_schedule(t: &local->wake_txqs_tasklet);
475	else
476	_ieee80211_wake_txqs(local, flags);
477	}
478
479	void ieee80211_wake_queue_by_reason(struct ieee80211_hw *hw, int queue,
480	enum queue_stop_reason reason,
481	bool refcounted)
482	{
483	struct ieee80211_local *local = hw_to_local(hw);
484	unsigned long flags;
485
486	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
487	__ieee80211_wake_queue(hw, queue, reason, refcounted, flags: &flags);
488	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
489	}
490
491	void ieee80211_wake_queue(struct ieee80211_hw *hw, int queue)
492	{
493	ieee80211_wake_queue_by_reason(hw, queue,
494	reason: IEEE80211_QUEUE_STOP_REASON_DRIVER,
495	refcounted: false);
496	}
497	EXPORT_SYMBOL(ieee80211_wake_queue);
498
499	static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
500	enum queue_stop_reason reason,
501	bool refcounted)
502	{
503	struct ieee80211_local *local = hw_to_local(hw);
504
505	trace_stop_queue(local, queue, reason);
506
507	if (WARN_ON(queue >= hw->queues))
508	return;
509
510	if (!refcounted)
511	local->q_stop_reasons[queue][reason] = 1;
512	else
513	local->q_stop_reasons[queue][reason]++;
514
515	set_bit(nr: reason, addr: &local->queue_stop_reasons[queue]);
516	}
517
518	void ieee80211_stop_queue_by_reason(struct ieee80211_hw *hw, int queue,
519	enum queue_stop_reason reason,
520	bool refcounted)
521	{
522	struct ieee80211_local *local = hw_to_local(hw);
523	unsigned long flags;
524
525	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
526	__ieee80211_stop_queue(hw, queue, reason, refcounted);
527	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
528	}
529
530	void ieee80211_stop_queue(struct ieee80211_hw *hw, int queue)
531	{
532	ieee80211_stop_queue_by_reason(hw, queue,
533	reason: IEEE80211_QUEUE_STOP_REASON_DRIVER,
534	refcounted: false);
535	}
536	EXPORT_SYMBOL(ieee80211_stop_queue);
537
538	void ieee80211_add_pending_skb(struct ieee80211_local *local,
539	struct sk_buff *skb)
540	{
541	struct ieee80211_hw *hw = &local->hw;
542	unsigned long flags;
543	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
544	int queue = info->hw_queue;
545
546	if (WARN_ON(!info->control.vif)) {
547	ieee80211_free_txskb(hw: &local->hw, skb);
548	return;
549	}
550
551	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
552	__ieee80211_stop_queue(hw, queue, reason: IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
553	refcounted: false);
554	__skb_queue_tail(list: &local->pending[queue], newsk: skb);
555	__ieee80211_wake_queue(hw, queue, reason: IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
556	refcounted: false, flags: &flags);
557	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
558	}
559
560	void ieee80211_add_pending_skbs(struct ieee80211_local *local,
561	struct sk_buff_head *skbs)
562	{
563	struct ieee80211_hw *hw = &local->hw;
564	struct sk_buff *skb;
565	unsigned long flags;
566	int queue, i;
567
568	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
569	while ((skb = skb_dequeue(list: skbs))) {
570	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
571
572	if (WARN_ON(!info->control.vif)) {
573	ieee80211_free_txskb(hw: &local->hw, skb);
574	continue;
575	}
576
577	queue = info->hw_queue;
578
579	__ieee80211_stop_queue(hw, queue,
580	reason: IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
581	refcounted: false);
582
583	__skb_queue_tail(list: &local->pending[queue], newsk: skb);
584	}
585
586	for (i = 0; i < hw->queues; i++)
587	__ieee80211_wake_queue(hw, queue: i,
588	reason: IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
589	refcounted: false, flags: &flags);
590	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
591	}
592
593	void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw,
594	unsigned long queues,
595	enum queue_stop_reason reason,
596	bool refcounted)
597	{
598	struct ieee80211_local *local = hw_to_local(hw);
599	unsigned long flags;
600	int i;
601
602	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
603
604	for_each_set_bit(i, &queues, hw->queues)
605	__ieee80211_stop_queue(hw, queue: i, reason, refcounted);
606
607	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
608	}
609
610	void ieee80211_stop_queues(struct ieee80211_hw *hw)
611	{
612	ieee80211_stop_queues_by_reason(hw, queues: IEEE80211_MAX_QUEUE_MAP,
613	reason: IEEE80211_QUEUE_STOP_REASON_DRIVER,
614	refcounted: false);
615	}
616	EXPORT_SYMBOL(ieee80211_stop_queues);
617
618	int ieee80211_queue_stopped(struct ieee80211_hw *hw, int queue)
619	{
620	struct ieee80211_local *local = hw_to_local(hw);
621	unsigned long flags;
622	int ret;
623
624	if (WARN_ON(queue >= hw->queues))
625	return true;
626
627	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
628	ret = test_bit(IEEE80211_QUEUE_STOP_REASON_DRIVER,
629	&local->queue_stop_reasons[queue]);
630	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
631	return ret;
632	}
633	EXPORT_SYMBOL(ieee80211_queue_stopped);
634
635	void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw,
636	unsigned long queues,
637	enum queue_stop_reason reason,
638	bool refcounted)
639	{
640	struct ieee80211_local *local = hw_to_local(hw);
641	unsigned long flags;
642	int i;
643
644	spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
645
646	for_each_set_bit(i, &queues, hw->queues)
647	__ieee80211_wake_queue(hw, queue: i, reason, refcounted, flags: &flags);
648
649	spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
650	}
651
652	void ieee80211_wake_queues(struct ieee80211_hw *hw)
653	{
654	ieee80211_wake_queues_by_reason(hw, queues: IEEE80211_MAX_QUEUE_MAP,
655	reason: IEEE80211_QUEUE_STOP_REASON_DRIVER,
656	refcounted: false);
657	}
658	EXPORT_SYMBOL(ieee80211_wake_queues);
659
660	static unsigned int
661	ieee80211_get_vif_queues(struct ieee80211_local *local,
662	struct ieee80211_sub_if_data *sdata)
663	{
664	unsigned int queues;
665
666	if (sdata && ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
667	int ac;
668
669	queues = 0;
670
671	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
672	queues |= BIT(sdata->vif.hw_queue[ac]);
673	if (sdata->vif.cab_queue != IEEE80211_INVAL_HW_QUEUE)
674	queues |= BIT(sdata->vif.cab_queue);
675	} else {
676	/* all queues */
677	queues = BIT(local->hw.queues) - 1;
678	}
679
680	return queues;
681	}
682
683	void __ieee80211_flush_queues(struct ieee80211_local *local,
684	struct ieee80211_sub_if_data *sdata,
685	unsigned int queues, bool drop)
686	{
687	if (!local->ops->flush)
688	return;
689
690	/*
691	* If no queue was set, or if the HW doesn't support
692	* IEEE80211_HW_QUEUE_CONTROL - flush all queues
693	*/
694	if (!queues || !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
695	queues = ieee80211_get_vif_queues(local, sdata);
696
697	ieee80211_stop_queues_by_reason(hw: &local->hw, queues,
698	reason: IEEE80211_QUEUE_STOP_REASON_FLUSH,
699	refcounted: false);
700
701	if (drop) {
702	struct sta_info *sta;
703
704	/* Purge the queues, so the frames on them won't be
705	* sent during __ieee80211_wake_queue()
706	*/
707	list_for_each_entry(sta, &local->sta_list, list) {
708	if (sdata != sta->sdata)
709	continue;
710	ieee80211_purge_sta_txqs(sta);
711	}
712	}
713
714	drv_flush(local, sdata, queues, drop);
715
716	ieee80211_wake_queues_by_reason(hw: &local->hw, queues,
717	reason: IEEE80211_QUEUE_STOP_REASON_FLUSH,
718	refcounted: false);
719	}
720
721	void ieee80211_flush_queues(struct ieee80211_local *local,
722	struct ieee80211_sub_if_data *sdata, bool drop)
723	{
724	__ieee80211_flush_queues(local, sdata, queues: 0, drop);
725	}
726
727	void ieee80211_stop_vif_queues(struct ieee80211_local *local,
728	struct ieee80211_sub_if_data *sdata,
729	enum queue_stop_reason reason)
730	{
731	ieee80211_stop_queues_by_reason(hw: &local->hw,
732	queues: ieee80211_get_vif_queues(local, sdata),
733	reason, refcounted: true);
734	}
735
736	void ieee80211_wake_vif_queues(struct ieee80211_local *local,
737	struct ieee80211_sub_if_data *sdata,
738	enum queue_stop_reason reason)
739	{
740	ieee80211_wake_queues_by_reason(hw: &local->hw,
741	queues: ieee80211_get_vif_queues(local, sdata),
742	reason, refcounted: true);
743	}
744
745	static void __iterate_interfaces(struct ieee80211_local *local,
746	u32 iter_flags,
747	void (*iterator)(void *data, u8 *mac,
748	struct ieee80211_vif *vif),
749	void *data)
750	{
751	struct ieee80211_sub_if_data *sdata;
752	bool active_only = iter_flags & IEEE80211_IFACE_ITER_ACTIVE;
753
754	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
755	switch (sdata->vif.type) {
756	case NL80211_IFTYPE_MONITOR:
757	if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))
758	continue;
759	break;
760	case NL80211_IFTYPE_AP_VLAN:
761	continue;
762	default:
763	break;
764	}
765	if (!(iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL) &&
766	active_only && !(sdata->flags & IEEE80211_SDATA_IN_DRIVER))
767	continue;
768	if ((iter_flags & IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER) &&
769	!(sdata->flags & IEEE80211_SDATA_IN_DRIVER))
770	continue;
771	if (ieee80211_sdata_running(sdata) || !active_only)
772	iterator(data, sdata->vif.addr,
773	&sdata->vif);
774	}
775
776	sdata = rcu_dereference_check(local->monitor_sdata,
777	lockdep_is_held(&local->iflist_mtx) ||
778	lockdep_is_held(&local->hw.wiphy->mtx));
779	if (sdata &&
780	(iter_flags & IEEE80211_IFACE_ITER_RESUME_ALL || !active_only ||
781	sdata->flags & IEEE80211_SDATA_IN_DRIVER))
782	iterator(data, sdata->vif.addr, &sdata->vif);
783	}
784
785	void ieee80211_iterate_interfaces(
786	struct ieee80211_hw *hw, u32 iter_flags,
787	void (*iterator)(void *data, u8 *mac,
788	struct ieee80211_vif *vif),
789	void *data)
790	{
791	struct ieee80211_local *local = hw_to_local(hw);
792
793	mutex_lock(&local->iflist_mtx);
794	__iterate_interfaces(local, iter_flags, iterator, data);
795	mutex_unlock(lock: &local->iflist_mtx);
796	}
797	EXPORT_SYMBOL_GPL(ieee80211_iterate_interfaces);
798
799	void ieee80211_iterate_active_interfaces_atomic(
800	struct ieee80211_hw *hw, u32 iter_flags,
801	void (*iterator)(void *data, u8 *mac,
802	struct ieee80211_vif *vif),
803	void *data)
804	{
805	struct ieee80211_local *local = hw_to_local(hw);
806
807	rcu_read_lock();
808	__iterate_interfaces(local, iter_flags: iter_flags | IEEE80211_IFACE_ITER_ACTIVE,
809	iterator, data);
810	rcu_read_unlock();
811	}
812	EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_atomic);
813
814	void ieee80211_iterate_active_interfaces_mtx(
815	struct ieee80211_hw *hw, u32 iter_flags,
816	void (*iterator)(void *data, u8 *mac,
817	struct ieee80211_vif *vif),
818	void *data)
819	{
820	struct ieee80211_local *local = hw_to_local(hw);
821
822	lockdep_assert_wiphy(hw->wiphy);
823
824	__iterate_interfaces(local, iter_flags: iter_flags | IEEE80211_IFACE_ITER_ACTIVE,
825	iterator, data);
826	}
827	EXPORT_SYMBOL_GPL(ieee80211_iterate_active_interfaces_mtx);
828
829	static void __iterate_stations(struct ieee80211_local *local,
830	void (*iterator)(void *data,
831	struct ieee80211_sta *sta),
832	void *data)
833	{
834	struct sta_info *sta;
835
836	list_for_each_entry_rcu(sta, &local->sta_list, list) {
837	if (!sta->uploaded)
838	continue;
839
840	iterator(data, &sta->sta);
841	}
842	}
843
844	void ieee80211_iterate_stations_atomic(struct ieee80211_hw *hw,
845	void (*iterator)(void *data,
846	struct ieee80211_sta *sta),
847	void *data)
848	{
849	struct ieee80211_local *local = hw_to_local(hw);
850
851	rcu_read_lock();
852	__iterate_stations(local, iterator, data);
853	rcu_read_unlock();
854	}
855	EXPORT_SYMBOL_GPL(ieee80211_iterate_stations_atomic);
856
857	struct ieee80211_vif *wdev_to_ieee80211_vif(struct wireless_dev *wdev)
858	{
859	struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
860
861	if (!ieee80211_sdata_running(sdata) ||
862	!(sdata->flags & IEEE80211_SDATA_IN_DRIVER))
863	return NULL;
864	return &sdata->vif;
865	}
866	EXPORT_SYMBOL_GPL(wdev_to_ieee80211_vif);
867
868	struct wireless_dev *ieee80211_vif_to_wdev(struct ieee80211_vif *vif)
869	{
870	if (!vif)
871	return NULL;
872
873	return &vif_to_sdata(p: vif)->wdev;
874	}
875	EXPORT_SYMBOL_GPL(ieee80211_vif_to_wdev);
876
877	/*
878	* Nothing should have been stuffed into the workqueue during
879	* the suspend->resume cycle. Since we can't check each caller
880	* of this function if we are already quiescing / suspended,
881	* check here and don't WARN since this can actually happen when
882	* the rx path (for example) is racing against __ieee80211_suspend
883	* and suspending / quiescing was set after the rx path checked
884	* them.
885	*/
886	static bool ieee80211_can_queue_work(struct ieee80211_local *local)
887	{
888	if (local->quiescing || (local->suspended && !local->resuming)) {
889	pr_warn("queueing ieee80211 work while going to suspend\n");
890	return false;
891	}
892
893	return true;
894	}
895
896	void ieee80211_queue_work(struct ieee80211_hw *hw, struct work_struct *work)
897	{
898	struct ieee80211_local *local = hw_to_local(hw);
899
900	if (!ieee80211_can_queue_work(local))
901	return;
902
903	queue_work(wq: local->workqueue, work);
904	}
905	EXPORT_SYMBOL(ieee80211_queue_work);
906
907	void ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
908	struct delayed_work *dwork,
909	unsigned long delay)
910	{
911	struct ieee80211_local *local = hw_to_local(hw);
912
913	if (!ieee80211_can_queue_work(local))
914	return;
915
916	queue_delayed_work(wq: local->workqueue, dwork, delay);
917	}
918	EXPORT_SYMBOL(ieee80211_queue_delayed_work);
919
920	void ieee80211_regulatory_limit_wmm_params(struct ieee80211_sub_if_data *sdata,
921	struct ieee80211_tx_queue_params
922	*qparam, int ac)
923	{
924	struct ieee80211_chanctx_conf *chanctx_conf;
925	const struct ieee80211_reg_rule *rrule;
926	const struct ieee80211_wmm_ac *wmm_ac;
927	u16 center_freq = 0;
928
929	if (sdata->vif.type != NL80211_IFTYPE_AP &&
930	sdata->vif.type != NL80211_IFTYPE_STATION)
931	return;
932
933	rcu_read_lock();
934	chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
935	if (chanctx_conf)
936	center_freq = chanctx_conf->def.chan->center_freq;
937
938	if (!center_freq) {
939	rcu_read_unlock();
940	return;
941	}
942
943	rrule = freq_reg_info(wiphy: sdata->wdev.wiphy, MHZ_TO_KHZ(center_freq));
944
945	if (IS_ERR_OR_NULL(ptr: rrule) || !rrule->has_wmm) {
946	rcu_read_unlock();
947	return;
948	}
949
950	if (sdata->vif.type == NL80211_IFTYPE_AP)
951	wmm_ac = &rrule->wmm_rule.ap[ac];
952	else
953	wmm_ac = &rrule->wmm_rule.client[ac];
954	qparam->cw_min = max_t(u16, qparam->cw_min, wmm_ac->cw_min);
955	qparam->cw_max = max_t(u16, qparam->cw_max, wmm_ac->cw_max);
956	qparam->aifs = max_t(u8, qparam->aifs, wmm_ac->aifsn);
957	qparam->txop = min_t(u16, qparam->txop, wmm_ac->cot / 32);
958	rcu_read_unlock();
959	}
960
961	void ieee80211_set_wmm_default(struct ieee80211_link_data *link,
962	bool bss_notify, bool enable_qos)
963	{
964	struct ieee80211_sub_if_data *sdata = link->sdata;
965	struct ieee80211_local *local = sdata->local;
966	struct ieee80211_tx_queue_params qparam;
967	struct ieee80211_chanctx_conf *chanctx_conf;
968	int ac;
969	bool use_11b;
970	bool is_ocb; /* Use another EDCA parameters if dot11OCBActivated=true */
971	int aCWmin, aCWmax;
972
973	if (!local->ops->conf_tx)
974	return;
975
976	if (local->hw.queues < IEEE80211_NUM_ACS)
977	return;
978
979	memset(&qparam, 0, sizeof(qparam));
980
981	rcu_read_lock();
982	chanctx_conf = rcu_dereference(link->conf->chanctx_conf);
983	use_11b = (chanctx_conf &&
984	chanctx_conf->def.chan->band == NL80211_BAND_2GHZ) &&
985	!link->operating_11g_mode;
986	rcu_read_unlock();
987
988	is_ocb = (sdata->vif.type == NL80211_IFTYPE_OCB);
989
990	/* Set defaults according to 802.11-2007 Table 7-37 */
991	aCWmax = 1023;
992	if (use_11b)
993	aCWmin = 31;
994	else
995	aCWmin = 15;
996
997	/* Confiure old 802.11b/g medium access rules. */
998	qparam.cw_max = aCWmax;
999	qparam.cw_min = aCWmin;
1000	qparam.txop = 0;
1001	qparam.aifs = 2;
1002
1003	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1004	/* Update if QoS is enabled. */
1005	if (enable_qos) {
1006	switch (ac) {
1007	case IEEE80211_AC_BK:
1008	qparam.cw_max = aCWmax;
1009	qparam.cw_min = aCWmin;
1010	qparam.txop = 0;
1011	if (is_ocb)
1012	qparam.aifs = 9;
1013	else
1014	qparam.aifs = 7;
1015	break;
1016	/* never happens but let's not leave undefined */
1017	default:
1018	case IEEE80211_AC_BE:
1019	qparam.cw_max = aCWmax;
1020	qparam.cw_min = aCWmin;
1021	qparam.txop = 0;
1022	if (is_ocb)
1023	qparam.aifs = 6;
1024	else
1025	qparam.aifs = 3;
1026	break;
1027	case IEEE80211_AC_VI:
1028	qparam.cw_max = aCWmin;
1029	qparam.cw_min = (aCWmin + 1) / 2 - 1;
1030	if (is_ocb)
1031	qparam.txop = 0;
1032	else if (use_11b)
1033	qparam.txop = 6016/32;
1034	else
1035	qparam.txop = 3008/32;
1036
1037	if (is_ocb)
1038	qparam.aifs = 3;
1039	else
1040	qparam.aifs = 2;
1041	break;
1042	case IEEE80211_AC_VO:
1043	qparam.cw_max = (aCWmin + 1) / 2 - 1;
1044	qparam.cw_min = (aCWmin + 1) / 4 - 1;
1045	if (is_ocb)
1046	qparam.txop = 0;
1047	else if (use_11b)
1048	qparam.txop = 3264/32;
1049	else
1050	qparam.txop = 1504/32;
1051	qparam.aifs = 2;
1052	break;
1053	}
1054	}
1055	ieee80211_regulatory_limit_wmm_params(sdata, qparam: &qparam, ac);
1056
1057	qparam.uapsd = false;
1058
1059	link->tx_conf[ac] = qparam;
1060	drv_conf_tx(local, link, ac, params: &qparam);
1061	}
1062
1063	if (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1064	sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE &&
1065	sdata->vif.type != NL80211_IFTYPE_NAN) {
1066	link->conf->qos = enable_qos;
1067	if (bss_notify)
1068	ieee80211_link_info_change_notify(sdata, link,
1069	changed: BSS_CHANGED_QOS);
1070	}
1071	}
1072
1073	void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1074	u16 transaction, u16 auth_alg, u16 status,
1075	const u8 *extra, size_t extra_len, const u8 *da,
1076	const u8 *bssid, const u8 *key, u8 key_len, u8 key_idx,
1077	u32 tx_flags)
1078	{
1079	struct ieee80211_local *local = sdata->local;
1080	struct sk_buff *skb;
1081	struct ieee80211_mgmt *mgmt;
1082	bool multi_link = ieee80211_vif_is_mld(vif: &sdata->vif);
1083	struct {
1084	u8 id;
1085	u8 len;
1086	u8 ext_id;
1087	struct ieee80211_multi_link_elem ml;
1088	struct ieee80211_mle_basic_common_info basic;
1089	} __packed mle = {
1090	.id = WLAN_EID_EXTENSION,
1091	.len = sizeof(mle) - 2,
1092	.ext_id = WLAN_EID_EXT_EHT_MULTI_LINK,
1093	.ml.control = cpu_to_le16(IEEE80211_ML_CONTROL_TYPE_BASIC),
1094	.basic.len = sizeof(mle.basic),
1095	};
1096	int err;
1097
1098	memcpy(mle.basic.mld_mac_addr, sdata->vif.addr, ETH_ALEN);
1099
1100	/* 24 + 6 = header + auth_algo + auth_transaction + status_code */
1101	skb = dev_alloc_skb(length: local->hw.extra_tx_headroom + IEEE80211_WEP_IV_LEN +
1102	24 + 6 + extra_len + IEEE80211_WEP_ICV_LEN +
1103	multi_link * sizeof(mle));
1104	if (!skb)
1105	return;
1106
1107	skb_reserve(skb, len: local->hw.extra_tx_headroom + IEEE80211_WEP_IV_LEN);
1108
1109	mgmt = skb_put_zero(skb, len: 24 + 6);
1110	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
1111	IEEE80211_STYPE_AUTH);
1112	memcpy(mgmt->da, da, ETH_ALEN);
1113	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1114	memcpy(mgmt->bssid, bssid, ETH_ALEN);
1115	mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
1116	mgmt->u.auth.auth_transaction = cpu_to_le16(transaction);
1117	mgmt->u.auth.status_code = cpu_to_le16(status);
1118	if (extra)
1119	skb_put_data(skb, data: extra, len: extra_len);
1120	if (multi_link)
1121	skb_put_data(skb, data: &mle, len: sizeof(mle));
1122
1123	if (auth_alg == WLAN_AUTH_SHARED_KEY && transaction == 3) {
1124	mgmt->frame_control |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
1125	err = ieee80211_wep_encrypt(local, skb, key, keylen: key_len, keyidx: key_idx);
1126	if (WARN_ON(err)) {
1127	kfree_skb(skb);
1128	return;
1129	}
1130	}
1131
1132	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
1133	tx_flags;
1134	ieee80211_tx_skb(sdata, skb);
1135	}
1136
1137	void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
1138	const u8 *da, const u8 *bssid,
1139	u16 stype, u16 reason,
1140	bool send_frame, u8 *frame_buf)
1141	{
1142	struct ieee80211_local *local = sdata->local;
1143	struct sk_buff *skb;
1144	struct ieee80211_mgmt *mgmt = (void *)frame_buf;
1145
1146	/* build frame */
1147	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
1148	mgmt->duration = 0; /* initialize only */
1149	mgmt->seq_ctrl = 0; /* initialize only */
1150	memcpy(mgmt->da, da, ETH_ALEN);
1151	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
1152	memcpy(mgmt->bssid, bssid, ETH_ALEN);
1153	/* u.deauth.reason_code == u.disassoc.reason_code */
1154	mgmt->u.deauth.reason_code = cpu_to_le16(reason);
1155
1156	if (send_frame) {
1157	skb = dev_alloc_skb(length: local->hw.extra_tx_headroom +
1158	IEEE80211_DEAUTH_FRAME_LEN);
1159	if (!skb)
1160	return;
1161
1162	skb_reserve(skb, len: local->hw.extra_tx_headroom);
1163
1164	/* copy in frame */
1165	skb_put_data(skb, data: mgmt, IEEE80211_DEAUTH_FRAME_LEN);
1166
1167	if (sdata->vif.type != NL80211_IFTYPE_STATION ||
1168	!(sdata->u.mgd.flags & IEEE80211_STA_MFP_ENABLED))
1169	IEEE80211_SKB_CB(skb)->flags |=
1170	IEEE80211_TX_INTFL_DONT_ENCRYPT;
1171
1172	ieee80211_tx_skb(sdata, skb);
1173	}
1174	}
1175
1176	static int ieee80211_put_s1g_cap(struct sk_buff *skb,
1177	struct ieee80211_sta_s1g_cap *s1g_cap)
1178	{
1179	if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_s1g_cap))
1180	return -ENOBUFS;
1181
1182	skb_put_u8(skb, val: WLAN_EID_S1G_CAPABILITIES);
1183	skb_put_u8(skb, val: sizeof(struct ieee80211_s1g_cap));
1184
1185	skb_put_data(skb, data: &s1g_cap->cap, len: sizeof(s1g_cap->cap));
1186	skb_put_data(skb, data: &s1g_cap->nss_mcs, len: sizeof(s1g_cap->nss_mcs));
1187
1188	return 0;
1189	}
1190
1191	static int ieee80211_put_preq_ies_band(struct sk_buff *skb,
1192	struct ieee80211_sub_if_data *sdata,
1193	const u8 *ie, size_t ie_len,
1194	size_t *offset,
1195	enum nl80211_band band,
1196	u32 rate_mask,
1197	struct cfg80211_chan_def *chandef,
1198	u32 flags)
1199	{
1200	struct ieee80211_local *local = sdata->local;
1201	struct ieee80211_supported_band *sband;
1202	int i, err;
1203	size_t noffset;
1204	u32 rate_flags;
1205	bool have_80mhz = false;
1206
1207	*offset = 0;
1208
1209	sband = local->hw.wiphy->bands[band];
1210	if (WARN_ON_ONCE(!sband))
1211	return 0;
1212
1213	rate_flags = ieee80211_chandef_rate_flags(chandef);
1214
1215	/* For direct scan add S1G IE and consider its override bits */
1216	if (band == NL80211_BAND_S1GHZ)
1217	return ieee80211_put_s1g_cap(skb, s1g_cap: &sband->s1g_cap);
1218
1219	err = ieee80211_put_srates_elem(skb, sband, basic_rates: 0, rate_flags,
1220	masked_rates: ~rate_mask, element_id: WLAN_EID_SUPP_RATES);
1221	if (err)
1222	return err;
1223
1224	/* insert "request information" if in custom IEs */
1225	if (ie && ie_len) {
1226	static const u8 before_extrates[] = {
1227	WLAN_EID_SSID,
1228	WLAN_EID_SUPP_RATES,
1229	WLAN_EID_REQUEST,
1230	};
1231	noffset = ieee80211_ie_split(ies: ie, ielen: ie_len,
1232	ids: before_extrates,
1233	ARRAY_SIZE(before_extrates),
1234	offset: *offset);
1235	if (skb_tailroom(skb) < noffset - *offset)
1236	return -ENOBUFS;
1237	skb_put_data(skb, data: ie + *offset, len: noffset - *offset);
1238	*offset = noffset;
1239	}
1240
1241	err = ieee80211_put_srates_elem(skb, sband, basic_rates: 0, rate_flags,
1242	masked_rates: ~rate_mask, element_id: WLAN_EID_EXT_SUPP_RATES);
1243	if (err)
1244	return err;
1245
1246	if (chandef->chan && sband->band == NL80211_BAND_2GHZ) {
1247	if (skb_tailroom(skb) < 3)
1248	return -ENOBUFS;
1249	skb_put_u8(skb, val: WLAN_EID_DS_PARAMS);
1250	skb_put_u8(skb, val: 1);
1251	skb_put_u8(skb,
1252	val: ieee80211_frequency_to_channel(freq: chandef->chan->center_freq));
1253	}
1254
1255	if (flags & IEEE80211_PROBE_FLAG_MIN_CONTENT)
1256	return 0;
1257
1258	/* insert custom IEs that go before HT */
1259	if (ie && ie_len) {
1260	static const u8 before_ht[] = {
1261	/*
1262	* no need to list the ones split off already
1263	* (or generated here)
1264	*/
1265	WLAN_EID_DS_PARAMS,
1266	WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
1267	};
1268	noffset = ieee80211_ie_split(ies: ie, ielen: ie_len,
1269	ids: before_ht, ARRAY_SIZE(before_ht),
1270	offset: *offset);
1271	if (skb_tailroom(skb) < noffset - *offset)
1272	return -ENOBUFS;
1273	skb_put_data(skb, data: ie + *offset, len: noffset - *offset);
1274	*offset = noffset;
1275	}
1276
1277	if (sband->ht_cap.ht_supported) {
1278	u8 *pos;
1279
1280	if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_ht_cap))
1281	return -ENOBUFS;
1282
1283	pos = skb_put(skb, len: 2 + sizeof(struct ieee80211_ht_cap));
1284	ieee80211_ie_build_ht_cap(pos, ht_cap: &sband->ht_cap,
1285	cap: sband->ht_cap.cap);
1286	}
1287
1288	/* insert custom IEs that go before VHT */
1289	if (ie && ie_len) {
1290	static const u8 before_vht[] = {
1291	/*
1292	* no need to list the ones split off already
1293	* (or generated here)
1294	*/
1295	WLAN_EID_BSS_COEX_2040,
1296	WLAN_EID_EXT_CAPABILITY,
1297	WLAN_EID_SSID_LIST,
1298	WLAN_EID_CHANNEL_USAGE,
1299	WLAN_EID_INTERWORKING,
1300	WLAN_EID_MESH_ID,
1301	/* 60 GHz (Multi-band, DMG, MMS) can't happen */
1302	};
1303	noffset = ieee80211_ie_split(ies: ie, ielen: ie_len,
1304	ids: before_vht, ARRAY_SIZE(before_vht),
1305	offset: *offset);
1306	if (skb_tailroom(skb) < noffset - *offset)
1307	return -ENOBUFS;
1308	skb_put_data(skb, data: ie + *offset, len: noffset - *offset);
1309	*offset = noffset;
1310	}
1311
1312	/* Check if any channel in this sband supports at least 80 MHz */
1313	for (i = 0; i < sband->n_channels; i++) {
1314	if (sband->channels[i].flags & (IEEE80211_CHAN_DISABLED |
1315	IEEE80211_CHAN_NO_80MHZ))
1316	continue;
1317
1318	have_80mhz = true;
1319	break;
1320	}
1321
1322	if (sband->vht_cap.vht_supported && have_80mhz) {
1323	u8 *pos;
1324
1325	if (skb_tailroom(skb) < 2 + sizeof(struct ieee80211_vht_cap))
1326	return -ENOBUFS;
1327
1328	pos = skb_put(skb, len: 2 + sizeof(struct ieee80211_vht_cap));
1329	ieee80211_ie_build_vht_cap(pos, vht_cap: &sband->vht_cap,
1330	cap: sband->vht_cap.cap);
1331	}
1332
1333	/* insert custom IEs that go before HE */
1334	if (ie && ie_len) {
1335	static const u8 before_he[] = {
1336	/*
1337	* no need to list the ones split off before VHT
1338	* or generated here
1339	*/
1340	WLAN_EID_EXTENSION, WLAN_EID_EXT_FILS_REQ_PARAMS,
1341	WLAN_EID_AP_CSN,
1342	/* TODO: add 11ah/11aj/11ak elements */
1343	};
1344	noffset = ieee80211_ie_split(ies: ie, ielen: ie_len,
1345	ids: before_he, ARRAY_SIZE(before_he),
1346	offset: *offset);
1347	if (skb_tailroom(skb) < noffset - *offset)
1348	return -ENOBUFS;
1349	skb_put_data(skb, data: ie + *offset, len: noffset - *offset);
1350	*offset = noffset;
1351	}
1352
1353	if (cfg80211_any_usable_channels(wiphy: local->hw.wiphy, BIT(sband->band),
1354	prohibited_flags: IEEE80211_CHAN_NO_HE)) {
1355	err = ieee80211_put_he_cap(skb, sdata, sband, NULL);
1356	if (err)
1357	return err;
1358	}
1359
1360	if (cfg80211_any_usable_channels(wiphy: local->hw.wiphy, BIT(sband->band),
1361	prohibited_flags: IEEE80211_CHAN_NO_HE |
1362	IEEE80211_CHAN_NO_EHT)) {
1363	err = ieee80211_put_eht_cap(skb, sdata, sband, NULL);
1364	if (err)
1365	return err;
1366	}
1367
1368	err = ieee80211_put_he_6ghz_cap(skb, sdata, smps_mode: IEEE80211_SMPS_OFF);
1369	if (err)
1370	return err;
1371
1372	/*
1373	* If adding more here, adjust code in main.c
1374	* that calculates local->scan_ies_len.
1375	*/
1376
1377	return 0;
1378	}
1379
1380	static int ieee80211_put_preq_ies(struct sk_buff *skb,
1381	struct ieee80211_sub_if_data *sdata,
1382	struct ieee80211_scan_ies *ie_desc,
1383	const u8 *ie, size_t ie_len,
1384	u8 bands_used, u32 *rate_masks,
1385	struct cfg80211_chan_def *chandef,
1386	u32 flags)
1387	{
1388	size_t custom_ie_offset = 0;
1389	int i, err;
1390
1391	memset(ie_desc, 0, sizeof(*ie_desc));
1392
1393	for (i = 0; i < NUM_NL80211_BANDS; i++) {
1394	if (bands_used & BIT(i)) {
1395	ie_desc->ies[i] = skb_tail_pointer(skb);
1396	err = ieee80211_put_preq_ies_band(skb, sdata,
1397	ie, ie_len,
1398	offset: &custom_ie_offset,
1399	band: i, rate_mask: rate_masks[i],
1400	chandef, flags);
1401	if (err)
1402	return err;
1403	ie_desc->len[i] = skb_tail_pointer(skb) -
1404	ie_desc->ies[i];
1405	}
1406	}
1407
1408	/* add any remaining custom IEs */
1409	if (ie && ie_len) {
1410	if (WARN_ONCE(skb_tailroom(skb) < ie_len - custom_ie_offset,
1411	"not enough space for preq custom IEs\n"))
1412	return -ENOBUFS;
1413	ie_desc->common_ies = skb_tail_pointer(skb);
1414	skb_put_data(skb, data: ie + custom_ie_offset,
1415	len: ie_len - custom_ie_offset);
1416	ie_desc->common_ie_len = skb_tail_pointer(skb) -
1417	ie_desc->common_ies;
1418	}
1419
1420	return 0;
1421	};
1422
1423	int ieee80211_build_preq_ies(struct ieee80211_sub_if_data *sdata, u8 *buffer,
1424	size_t buffer_len,
1425	struct ieee80211_scan_ies *ie_desc,
1426	const u8 *ie, size_t ie_len,
1427	u8 bands_used, u32 *rate_masks,
1428	struct cfg80211_chan_def *chandef,
1429	u32 flags)
1430	{
1431	struct sk_buff *skb = alloc_skb(size: buffer_len, GFP_KERNEL);
1432	uintptr_t offs;
1433	int ret, i;
1434	u8 *start;
1435
1436	if (!skb)
1437	return -ENOMEM;
1438
1439	start = skb_tail_pointer(skb);
1440	memset(start, 0, skb_tailroom(skb));
1441	ret = ieee80211_put_preq_ies(skb, sdata, ie_desc, ie, ie_len,
1442	bands_used, rate_masks, chandef,
1443	flags);
1444	if (ret < 0) {
1445	goto out;
1446	}
1447
1448	if (skb->len > buffer_len) {
1449	ret = -ENOBUFS;
1450	goto out;
1451	}
1452
1453	memcpy(buffer, start, skb->len);
1454
1455	/* adjust ie_desc for copy */
1456	for (i = 0; i < NUM_NL80211_BANDS; i++) {
1457	offs = ie_desc->ies[i] - start;
1458	ie_desc->ies[i] = buffer + offs;
1459	}
1460	offs = ie_desc->common_ies - start;
1461	ie_desc->common_ies = buffer + offs;
1462
1463	ret = skb->len;
1464	out:
1465	consume_skb(skb);
1466	return ret;
1467	}
1468
1469	struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1470	const u8 *src, const u8 *dst,
1471	u32 ratemask,
1472	struct ieee80211_channel *chan,
1473	const u8 *ssid, size_t ssid_len,
1474	const u8 *ie, size_t ie_len,
1475	u32 flags)
1476	{
1477	struct ieee80211_local *local = sdata->local;
1478	struct cfg80211_chan_def chandef;
1479	struct sk_buff *skb;
1480	struct ieee80211_mgmt *mgmt;
1481	u32 rate_masks[NUM_NL80211_BANDS] = {};
1482	struct ieee80211_scan_ies dummy_ie_desc;
1483
1484	/*
1485	* Do not send DS Channel parameter for directed probe requests
1486	* in order to maximize the chance that we get a response. Some
1487	* badly-behaved APs don't respond when this parameter is included.
1488	*/
1489	chandef.width = sdata->vif.bss_conf.chanreq.oper.width;
1490	if (flags & IEEE80211_PROBE_FLAG_DIRECTED)
1491	chandef.chan = NULL;
1492	else
1493	chandef.chan = chan;
1494
1495	skb = ieee80211_probereq_get(hw: &local->hw, src_addr: src, ssid, ssid_len,
1496	tailroom: local->scan_ies_len + ie_len);
1497	if (!skb)
1498	return NULL;
1499
1500	rate_masks[chan->band] = ratemask;
1501	ieee80211_put_preq_ies(skb, sdata, ie_desc: &dummy_ie_desc,
1502	ie, ie_len, BIT(chan->band),
1503	rate_masks, chandef: &chandef, flags);
1504
1505	if (dst) {
1506	mgmt = (struct ieee80211_mgmt *) skb->data;
1507	memcpy(mgmt->da, dst, ETH_ALEN);
1508	memcpy(mgmt->bssid, dst, ETH_ALEN);
1509	}
1510
1511	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1512
1513	return skb;
1514	}
1515
1516	u32 ieee80211_sta_get_rates(struct ieee80211_sub_if_data *sdata,
1517	struct ieee802_11_elems *elems,
1518	enum nl80211_band band, u32 *basic_rates)
1519	{
1520	struct ieee80211_supported_band *sband;
1521	size_t num_rates;
1522	u32 supp_rates, rate_flags;
1523	int i, j;
1524
1525	sband = sdata->local->hw.wiphy->bands[band];
1526	if (WARN_ON(!sband))
1527	return 1;
1528
1529	rate_flags =
1530	ieee80211_chandef_rate_flags(chandef: &sdata->vif.bss_conf.chanreq.oper);
1531
1532	num_rates = sband->n_bitrates;
1533	supp_rates = 0;
1534	for (i = 0; i < elems->supp_rates_len +
1535	elems->ext_supp_rates_len; i++) {
1536	u8 rate = 0;
1537	int own_rate;
1538	bool is_basic;
1539	if (i < elems->supp_rates_len)
1540	rate = elems->supp_rates[i];
1541	else if (elems->ext_supp_rates)
1542	rate = elems->ext_supp_rates
1543	[i - elems->supp_rates_len];
1544	own_rate = 5 * (rate & 0x7f);
1545	is_basic = !!(rate & 0x80);
1546
1547	if (is_basic && (rate & 0x7f) == BSS_MEMBERSHIP_SELECTOR_HT_PHY)
1548	continue;
1549
1550	for (j = 0; j < num_rates; j++) {
1551	int brate;
1552	if ((rate_flags & sband->bitrates[j].flags)
1553	!= rate_flags)
1554	continue;
1555
1556	brate = sband->bitrates[j].bitrate;
1557
1558	if (brate == own_rate) {
1559	supp_rates |= BIT(j);
1560	if (basic_rates && is_basic)
1561	*basic_rates |= BIT(j);
1562	}
1563	}
1564	}
1565	return supp_rates;
1566	}
1567
1568	void ieee80211_stop_device(struct ieee80211_local *local)
1569	{
1570	ieee80211_led_radio(local, enabled: false);
1571	ieee80211_mod_tpt_led_trig(local, types_on: 0, types_off: IEEE80211_TPT_LEDTRIG_FL_RADIO);
1572
1573	wiphy_work_cancel(wiphy: local->hw.wiphy, work: &local->reconfig_filter);
1574
1575	flush_workqueue(local->workqueue);
1576	wiphy_work_flush(wiphy: local->hw.wiphy, NULL);
1577	drv_stop(local);
1578	}
1579
1580	static void ieee80211_flush_completed_scan(struct ieee80211_local *local,
1581	bool aborted)
1582	{
1583	/* It's possible that we don't handle the scan completion in
1584	* time during suspend, so if it's still marked as completed
1585	* here, queue the work and flush it to clean things up.
1586	* Instead of calling the worker function directly here, we
1587	* really queue it to avoid potential races with other flows
1588	* scheduling the same work.
1589	*/
1590	if (test_bit(SCAN_COMPLETED, &local->scanning)) {
1591	/* If coming from reconfiguration failure, abort the scan so
1592	* we don't attempt to continue a partial HW scan - which is
1593	* possible otherwise if (e.g.) the 2.4 GHz portion was the
1594	* completed scan, and a 5 GHz portion is still pending.
1595	*/
1596	if (aborted)
1597	set_bit(nr: SCAN_ABORTED, addr: &local->scanning);
1598	wiphy_delayed_work_queue(wiphy: local->hw.wiphy, dwork: &local->scan_work, delay: 0);
1599	wiphy_delayed_work_flush(wiphy: local->hw.wiphy, dwork: &local->scan_work);
1600	}
1601	}
1602
1603	static void ieee80211_handle_reconfig_failure(struct ieee80211_local *local)
1604	{
1605	struct ieee80211_sub_if_data *sdata;
1606	struct ieee80211_chanctx *ctx;
1607
1608	lockdep_assert_wiphy(local->hw.wiphy);
1609
1610	/*
1611	* We get here if during resume the device can't be restarted properly.
1612	* We might also get here if this happens during HW reset, which is a
1613	* slightly different situation and we need to drop all connections in
1614	* the latter case.
1615	*
1616	* Ask cfg80211 to turn off all interfaces, this will result in more
1617	* warnings but at least we'll then get into a clean stopped state.
1618	*/
1619
1620	local->resuming = false;
1621	local->suspended = false;
1622	local->in_reconfig = false;
1623	local->reconfig_failure = true;
1624
1625	ieee80211_flush_completed_scan(local, aborted: true);
1626
1627	/* scheduled scan clearly can't be running any more, but tell
1628	* cfg80211 and clear local state
1629	*/
1630	ieee80211_sched_scan_end(local);
1631
1632	list_for_each_entry(sdata, &local->interfaces, list)
1633	sdata->flags &= ~IEEE80211_SDATA_IN_DRIVER;
1634
1635	/* Mark channel contexts as not being in the driver any more to avoid
1636	* removing them from the driver during the shutdown process...
1637	*/
1638	list_for_each_entry(ctx, &local->chanctx_list, list)
1639	ctx->driver_present = false;
1640	}
1641
1642	static void ieee80211_assign_chanctx(struct ieee80211_local *local,
1643	struct ieee80211_sub_if_data *sdata,
1644	struct ieee80211_link_data *link)
1645	{
1646	struct ieee80211_chanctx_conf *conf;
1647	struct ieee80211_chanctx *ctx;
1648
1649	lockdep_assert_wiphy(local->hw.wiphy);
1650
1651	conf = rcu_dereference_protected(link->conf->chanctx_conf,
1652	lockdep_is_held(&local->hw.wiphy->mtx));
1653	if (conf) {
1654	ctx = container_of(conf, struct ieee80211_chanctx, conf);
1655	drv_assign_vif_chanctx(local, sdata, link_conf: link->conf, ctx);
1656	}
1657	}
1658
1659	static void ieee80211_reconfig_stations(struct ieee80211_sub_if_data *sdata)
1660	{
1661	struct ieee80211_local *local = sdata->local;
1662	struct sta_info *sta;
1663
1664	lockdep_assert_wiphy(local->hw.wiphy);
1665
1666	/* add STAs back */
1667	list_for_each_entry(sta, &local->sta_list, list) {
1668	enum ieee80211_sta_state state;
1669
1670	if (!sta->uploaded || sta->sdata != sdata)
1671	continue;
1672
1673	for (state = IEEE80211_STA_NOTEXIST;
1674	state < sta->sta_state; state++)
1675	WARN_ON(drv_sta_state(local, sta->sdata, sta, state,
1676	state + 1));
1677	}
1678	}
1679
1680	static int ieee80211_reconfig_nan(struct ieee80211_sub_if_data *sdata)
1681	{
1682	struct cfg80211_nan_func *func, **funcs;
1683	int res, id, i = 0;
1684
1685	res = drv_start_nan(local: sdata->local, sdata,
1686	conf: &sdata->u.nan.conf);
1687	if (WARN_ON(res))
1688	return res;
1689
1690	funcs = kcalloc(n: sdata->local->hw.max_nan_de_entries + 1,
1691	size: sizeof(*funcs),
1692	GFP_KERNEL);
1693	if (!funcs)
1694	return -ENOMEM;
1695
1696	/* Add all the functions:
1697	* This is a little bit ugly. We need to call a potentially sleeping
1698	* callback for each NAN function, so we can't hold the spinlock.
1699	*/
1700	spin_lock_bh(lock: &sdata->u.nan.func_lock);
1701
1702	idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, id)
1703	funcs[i++] = func;
1704
1705	spin_unlock_bh(lock: &sdata->u.nan.func_lock);
1706
1707	for (i = 0; funcs[i]; i++) {
1708	res = drv_add_nan_func(local: sdata->local, sdata, nan_func: funcs[i]);
1709	if (WARN_ON(res))
1710	ieee80211_nan_func_terminated(vif: &sdata->vif,
1711	inst_id: funcs[i]->instance_id,
1712	reason: NL80211_NAN_FUNC_TERM_REASON_ERROR,
1713	GFP_KERNEL);
1714	}
1715
1716	kfree(objp: funcs);
1717
1718	return 0;
1719	}
1720
1721	static void ieee80211_reconfig_ap_links(struct ieee80211_local *local,
1722	struct ieee80211_sub_if_data *sdata,
1723	u64 changed)
1724	{
1725	int link_id;
1726
1727	for (link_id = 0; link_id < ARRAY_SIZE(sdata->link); link_id++) {
1728	struct ieee80211_link_data *link;
1729
1730	if (!(sdata->vif.active_links & BIT(link_id)))
1731	continue;
1732
1733	link = sdata_dereference(sdata->link[link_id], sdata);
1734	if (!link)
1735	continue;
1736
1737	if (rcu_access_pointer(link->u.ap.beacon))
1738	drv_start_ap(local, sdata, link_conf: link->conf);
1739
1740	if (!link->conf->enable_beacon)
1741	continue;
1742
1743	changed |= BSS_CHANGED_BEACON |
1744	BSS_CHANGED_BEACON_ENABLED;
1745
1746	ieee80211_link_info_change_notify(sdata, link, changed);
1747	}
1748	}
1749
1750	int ieee80211_reconfig(struct ieee80211_local *local)
1751	{
1752	struct ieee80211_hw *hw = &local->hw;
1753	struct ieee80211_sub_if_data *sdata;
1754	struct ieee80211_chanctx *ctx;
1755	struct sta_info *sta;
1756	int res, i;
1757	bool reconfig_due_to_wowlan = false;
1758	struct ieee80211_sub_if_data *sched_scan_sdata;
1759	struct cfg80211_sched_scan_request *sched_scan_req;
1760	bool sched_scan_stopped = false;
1761	bool suspended = local->suspended;
1762	bool in_reconfig = false;
1763
1764	lockdep_assert_wiphy(local->hw.wiphy);
1765
1766	/* nothing to do if HW shouldn't run */
1767	if (!local->open_count)
1768	goto wake_up;
1769
1770	#ifdef CONFIG_PM
1771	if (suspended)
1772	local->resuming = true;
1773
1774	if (local->wowlan) {
1775	/*
1776	* In the wowlan case, both mac80211 and the device
1777	* are functional when the resume op is called, so
1778	* clear local->suspended so the device could operate
1779	* normally (e.g. pass rx frames).
1780	*/
1781	local->suspended = false;
1782	res = drv_resume(local);
1783	local->wowlan = false;
1784	if (res < 0) {
1785	local->resuming = false;
1786	return res;
1787	}
1788	if (res == 0)
1789	goto wake_up;
1790	WARN_ON(res > 1);
1791	/*
1792	* res is 1, which means the driver requested
1793	* to go through a regular reset on wakeup.
1794	* restore local->suspended in this case.
1795	*/
1796	reconfig_due_to_wowlan = true;
1797	local->suspended = true;
1798	}
1799	#endif
1800
1801	/*
1802	* In case of hw_restart during suspend (without wowlan),
1803	* cancel restart work, as we are reconfiguring the device
1804	* anyway.
1805	* Note that restart_work is scheduled on a frozen workqueue,
1806	* so we can't deadlock in this case.
1807	*/
1808	if (suspended && local->in_reconfig && !reconfig_due_to_wowlan)
1809	cancel_work_sync(work: &local->restart_work);
1810
1811	local->started = false;
1812
1813	/*
1814	* Upon resume hardware can sometimes be goofy due to
1815	* various platform / driver / bus issues, so restarting
1816	* the device may at times not work immediately. Propagate
1817	* the error.
1818	*/
1819	res = drv_start(local);
1820	if (res) {
1821	if (suspended)
1822	WARN(1, "Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n");
1823	else
1824	WARN(1, "Hardware became unavailable during restart.\n");
1825	ieee80211_handle_reconfig_failure(local);
1826	return res;
1827	}
1828
1829	/* setup fragmentation threshold */
1830	drv_set_frag_threshold(local, value: hw->wiphy->frag_threshold);
1831
1832	/* setup RTS threshold */
1833	drv_set_rts_threshold(local, value: hw->wiphy->rts_threshold);
1834
1835	/* reset coverage class */
1836	drv_set_coverage_class(local, value: hw->wiphy->coverage_class);
1837
1838	ieee80211_led_radio(local, enabled: true);
1839	ieee80211_mod_tpt_led_trig(local,
1840	types_on: IEEE80211_TPT_LEDTRIG_FL_RADIO, types_off: 0);
1841
1842	/* add interfaces */
1843	sdata = wiphy_dereference(local->hw.wiphy, local->monitor_sdata);
1844	if (sdata) {
1845	/* in HW restart it exists already */
1846	WARN_ON(local->resuming);
1847	res = drv_add_interface(local, sdata);
1848	if (WARN_ON(res)) {
1849	RCU_INIT_POINTER(local->monitor_sdata, NULL);
1850	synchronize_net();
1851	kfree(objp: sdata);
1852	}
1853	}
1854
1855	list_for_each_entry(sdata, &local->interfaces, list) {
1856	if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1857	sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1858	ieee80211_sdata_running(sdata)) {
1859	res = drv_add_interface(local, sdata);
1860	if (WARN_ON(res))
1861	break;
1862	}
1863	}
1864
1865	/* If adding any of the interfaces failed above, roll back and
1866	* report failure.
1867	*/
1868	if (res) {
1869	list_for_each_entry_continue_reverse(sdata, &local->interfaces,
1870	list)
1871	if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
1872	sdata->vif.type != NL80211_IFTYPE_MONITOR &&
1873	ieee80211_sdata_running(sdata))
1874	drv_remove_interface(local, sdata);
1875	ieee80211_handle_reconfig_failure(local);
1876	return res;
1877	}
1878
1879	/* add channel contexts */
1880	list_for_each_entry(ctx, &local->chanctx_list, list)
1881	if (ctx->replace_state != IEEE80211_CHANCTX_REPLACES_OTHER)
1882	WARN_ON(drv_add_chanctx(local, ctx));
1883
1884	sdata = wiphy_dereference(local->hw.wiphy, local->monitor_sdata);
1885	if (sdata && ieee80211_sdata_running(sdata))
1886	ieee80211_assign_chanctx(local, sdata, link: &sdata->deflink);
1887
1888	/* reconfigure hardware */
1889	ieee80211_hw_config(local, changed: IEEE80211_CONF_CHANGE_LISTEN_INTERVAL |
1890	IEEE80211_CONF_CHANGE_MONITOR |
1891	IEEE80211_CONF_CHANGE_PS |
1892	IEEE80211_CONF_CHANGE_RETRY_LIMITS |
1893	IEEE80211_CONF_CHANGE_IDLE);
1894
1895	ieee80211_configure_filter(local);
1896
1897	/* Finally also reconfigure all the BSS information */
1898	list_for_each_entry(sdata, &local->interfaces, list) {
1899	/* common change flags for all interface types - link only */
1900	u64 changed = BSS_CHANGED_ERP_CTS_PROT |
1901	BSS_CHANGED_ERP_PREAMBLE |
1902	BSS_CHANGED_ERP_SLOT |
1903	BSS_CHANGED_HT |
1904	BSS_CHANGED_BASIC_RATES |
1905	BSS_CHANGED_BEACON_INT |
1906	BSS_CHANGED_BSSID |
1907	BSS_CHANGED_CQM |
1908	BSS_CHANGED_QOS |
1909	BSS_CHANGED_TXPOWER |
1910	BSS_CHANGED_MCAST_RATE;
1911	struct ieee80211_link_data *link = NULL;
1912	unsigned int link_id;
1913	u32 active_links = 0;
1914
1915	if (!ieee80211_sdata_running(sdata))
1916	continue;
1917
1918	if (ieee80211_vif_is_mld(vif: &sdata->vif)) {
1919	struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS] = {
1920	[0] = &sdata->vif.bss_conf,
1921	};
1922
1923	if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1924	/* start with a single active link */
1925	active_links = sdata->vif.active_links;
1926	link_id = ffs(active_links) - 1;
1927	sdata->vif.active_links = BIT(link_id);
1928	}
1929
1930	drv_change_vif_links(local, sdata, old_links: 0,
1931	new_links: sdata->vif.active_links,
1932	old);
1933	}
1934
1935	for (link_id = 0;
1936	link_id < ARRAY_SIZE(sdata->vif.link_conf);
1937	link_id++) {
1938	if (!ieee80211_vif_link_active(vif: &sdata->vif, link_id))
1939	continue;
1940
1941	link = sdata_dereference(sdata->link[link_id], sdata);
1942	if (!link)
1943	continue;
1944
1945	ieee80211_assign_chanctx(local, sdata, link);
1946	}
1947
1948	switch (sdata->vif.type) {
1949	case NL80211_IFTYPE_AP_VLAN:
1950	case NL80211_IFTYPE_MONITOR:
1951	break;
1952	case NL80211_IFTYPE_ADHOC:
1953	if (sdata->vif.cfg.ibss_joined)
1954	WARN_ON(drv_join_ibss(local, sdata));
1955	fallthrough;
1956	default:
1957	ieee80211_reconfig_stations(sdata);
1958	fallthrough;
1959	case NL80211_IFTYPE_AP: /* AP stations are handled later */
1960	for (i = 0; i < IEEE80211_NUM_ACS; i++)
1961	drv_conf_tx(local, link: &sdata->deflink, ac: i,
1962	params: &sdata->deflink.tx_conf[i]);
1963	break;
1964	}
1965
1966	if (sdata->vif.bss_conf.mu_mimo_owner)
1967	changed |= BSS_CHANGED_MU_GROUPS;
1968
1969	if (!ieee80211_vif_is_mld(vif: &sdata->vif))
1970	changed |= BSS_CHANGED_IDLE;
1971
1972	switch (sdata->vif.type) {
1973	case NL80211_IFTYPE_STATION:
1974	if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
1975	changed |= BSS_CHANGED_ASSOC |
1976	BSS_CHANGED_ARP_FILTER |
1977	BSS_CHANGED_PS;
1978
1979	/* Re-send beacon info report to the driver */
1980	if (sdata->deflink.u.mgd.have_beacon)
1981	changed |= BSS_CHANGED_BEACON_INFO;
1982
1983	if (sdata->vif.bss_conf.max_idle_period ||
1984	sdata->vif.bss_conf.protected_keep_alive)
1985	changed |= BSS_CHANGED_KEEP_ALIVE;
1986
1987	ieee80211_bss_info_change_notify(sdata,
1988	changed);
1989	} else if (!WARN_ON(!link)) {
1990	ieee80211_link_info_change_notify(sdata, link,
1991	changed);
1992	changed = BSS_CHANGED_ASSOC |
1993	BSS_CHANGED_IDLE |
1994	BSS_CHANGED_PS |
1995	BSS_CHANGED_ARP_FILTER;
1996	ieee80211_vif_cfg_change_notify(sdata, changed);
1997	}
1998	break;
1999	case NL80211_IFTYPE_OCB:
2000	changed |= BSS_CHANGED_OCB;
2001	ieee80211_bss_info_change_notify(sdata, changed);
2002	break;
2003	case NL80211_IFTYPE_ADHOC:
2004	changed |= BSS_CHANGED_IBSS;
2005	fallthrough;
2006	case NL80211_IFTYPE_AP:
2007	changed |= BSS_CHANGED_P2P_PS;
2008
2009	if (ieee80211_vif_is_mld(vif: &sdata->vif))
2010	ieee80211_vif_cfg_change_notify(sdata,
2011	changed: BSS_CHANGED_SSID);
2012	else
2013	changed |= BSS_CHANGED_SSID;
2014
2015	if (sdata->vif.bss_conf.ftm_responder == 1 &&
2016	wiphy_ext_feature_isset(wiphy: sdata->local->hw.wiphy,
2017	ftidx: NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER))
2018	changed |= BSS_CHANGED_FTM_RESPONDER;
2019
2020	if (sdata->vif.type == NL80211_IFTYPE_AP) {
2021	changed |= BSS_CHANGED_AP_PROBE_RESP;
2022
2023	if (ieee80211_vif_is_mld(vif: &sdata->vif)) {
2024	ieee80211_reconfig_ap_links(local,
2025	sdata,
2026	changed);
2027	break;
2028	}
2029
2030	if (rcu_access_pointer(sdata->deflink.u.ap.beacon))
2031	drv_start_ap(local, sdata,
2032	link_conf: sdata->deflink.conf);
2033	}
2034	fallthrough;
2035	case NL80211_IFTYPE_MESH_POINT:
2036	if (sdata->vif.bss_conf.enable_beacon) {
2037	changed |= BSS_CHANGED_BEACON |
2038	BSS_CHANGED_BEACON_ENABLED;
2039	ieee80211_bss_info_change_notify(sdata, changed);
2040	}
2041	break;
2042	case NL80211_IFTYPE_NAN:
2043	res = ieee80211_reconfig_nan(sdata);
2044	if (res < 0) {
2045	ieee80211_handle_reconfig_failure(local);
2046	return res;
2047	}
2048	break;
2049	case NL80211_IFTYPE_AP_VLAN:
2050	case NL80211_IFTYPE_MONITOR:
2051	case NL80211_IFTYPE_P2P_DEVICE:
2052	/* nothing to do */
2053	break;
2054	case NL80211_IFTYPE_UNSPECIFIED:
2055	case NUM_NL80211_IFTYPES:
2056	case NL80211_IFTYPE_P2P_CLIENT:
2057	case NL80211_IFTYPE_P2P_GO:
2058	case NL80211_IFTYPE_WDS:
2059	WARN_ON(1);
2060	break;
2061	}
2062
2063	if (active_links)
2064	ieee80211_set_active_links(vif: &sdata->vif, active_links);
2065	}
2066
2067	ieee80211_recalc_ps(local);
2068
2069	/*
2070	* The sta might be in psm against the ap (e.g. because
2071	* this was the state before a hw restart), so we
2072	* explicitly send a null packet in order to make sure
2073	* it'll sync against the ap (and get out of psm).
2074	*/
2075	if (!(local->hw.conf.flags & IEEE80211_CONF_PS)) {
2076	list_for_each_entry(sdata, &local->interfaces, list) {
2077	if (sdata->vif.type != NL80211_IFTYPE_STATION)
2078	continue;
2079	if (!sdata->u.mgd.associated)
2080	continue;
2081
2082	ieee80211_send_nullfunc(local, sdata, powersave: false);
2083	}
2084	}
2085
2086	/* APs are now beaconing, add back stations */
2087	list_for_each_entry(sdata, &local->interfaces, list) {
2088	if (!ieee80211_sdata_running(sdata))
2089	continue;
2090
2091	switch (sdata->vif.type) {
2092	case NL80211_IFTYPE_AP_VLAN:
2093	case NL80211_IFTYPE_AP:
2094	ieee80211_reconfig_stations(sdata);
2095	break;
2096	default:
2097	break;
2098	}
2099	}
2100
2101	/* add back keys */
2102	list_for_each_entry(sdata, &local->interfaces, list)
2103	ieee80211_reenable_keys(sdata);
2104
2105	/* Reconfigure sched scan if it was interrupted by FW restart */
2106	sched_scan_sdata = rcu_dereference_protected(local->sched_scan_sdata,
2107	lockdep_is_held(&local->hw.wiphy->mtx));
2108	sched_scan_req = rcu_dereference_protected(local->sched_scan_req,
2109	lockdep_is_held(&local->hw.wiphy->mtx));
2110	if (sched_scan_sdata && sched_scan_req)
2111	/*
2112	* Sched scan stopped, but we don't want to report it. Instead,
2113	* we're trying to reschedule. However, if more than one scan
2114	* plan was set, we cannot reschedule since we don't know which
2115	* scan plan was currently running (and some scan plans may have
2116	* already finished).
2117	*/
2118	if (sched_scan_req->n_scan_plans > 1 ||
2119	__ieee80211_request_sched_scan_start(sdata: sched_scan_sdata,
2120	req: sched_scan_req)) {
2121	RCU_INIT_POINTER(local->sched_scan_sdata, NULL);
2122	RCU_INIT_POINTER(local->sched_scan_req, NULL);
2123	sched_scan_stopped = true;
2124	}
2125
2126	if (sched_scan_stopped)
2127	cfg80211_sched_scan_stopped_locked(wiphy: local->hw.wiphy, reqid: 0);
2128
2129	wake_up:
2130
2131	if (local->monitors == local->open_count && local->monitors > 0)
2132	ieee80211_add_virtual_monitor(local);
2133
2134	/*
2135	* Clear the WLAN_STA_BLOCK_BA flag so new aggregation
2136	* sessions can be established after a resume.
2137	*
2138	* Also tear down aggregation sessions since reconfiguring
2139	* them in a hardware restart scenario is not easily done
2140	* right now, and the hardware will have lost information
2141	* about the sessions, but we and the AP still think they
2142	* are active. This is really a workaround though.
2143	*/
2144	if (ieee80211_hw_check(hw, AMPDU_AGGREGATION)) {
2145	list_for_each_entry(sta, &local->sta_list, list) {
2146	if (!local->resuming)
2147	ieee80211_sta_tear_down_BA_sessions(
2148	sta, reason: AGG_STOP_LOCAL_REQUEST);
2149	clear_sta_flag(sta, flag: WLAN_STA_BLOCK_BA);
2150	}
2151	}
2152
2153	/*
2154	* If this is for hw restart things are still running.
2155	* We may want to change that later, however.
2156	*/
2157	if (local->open_count && (!suspended || reconfig_due_to_wowlan))
2158	drv_reconfig_complete(local, reconfig_type: IEEE80211_RECONFIG_TYPE_RESTART);
2159
2160	if (local->in_reconfig) {
2161	in_reconfig = local->in_reconfig;
2162	local->in_reconfig = false;
2163	barrier();
2164
2165	/* Restart deferred ROCs */
2166	ieee80211_start_next_roc(local);
2167
2168	/* Requeue all works */
2169	list_for_each_entry(sdata, &local->interfaces, list)
2170	wiphy_work_queue(wiphy: local->hw.wiphy, work: &sdata->work);
2171	}
2172
2173	ieee80211_wake_queues_by_reason(hw, queues: IEEE80211_MAX_QUEUE_MAP,
2174	reason: IEEE80211_QUEUE_STOP_REASON_SUSPEND,
2175	refcounted: false);
2176
2177	if (in_reconfig) {
2178	list_for_each_entry(sdata, &local->interfaces, list) {
2179	if (!ieee80211_sdata_running(sdata))
2180	continue;
2181	if (sdata->vif.type == NL80211_IFTYPE_STATION)
2182	ieee80211_sta_restart(sdata);
2183	}
2184	}
2185
2186	if (!suspended)
2187	return 0;
2188
2189	#ifdef CONFIG_PM
2190	/* first set suspended false, then resuming */
2191	local->suspended = false;
2192	mb();
2193	local->resuming = false;
2194
2195	ieee80211_flush_completed_scan(local, aborted: false);
2196
2197	if (local->open_count && !reconfig_due_to_wowlan)
2198	drv_reconfig_complete(local, reconfig_type: IEEE80211_RECONFIG_TYPE_SUSPEND);
2199
2200	list_for_each_entry(sdata, &local->interfaces, list) {
2201	if (!ieee80211_sdata_running(sdata))
2202	continue;
2203	if (sdata->vif.type == NL80211_IFTYPE_STATION)
2204	ieee80211_sta_restart(sdata);
2205	}
2206
2207	mod_timer(timer: &local->sta_cleanup, expires: jiffies + 1);
2208	#else
2209	WARN_ON(1);
2210	#endif
2211
2212	return 0;
2213	}
2214
2215	static void ieee80211_reconfig_disconnect(struct ieee80211_vif *vif, u8 flag)
2216	{
2217	struct ieee80211_sub_if_data *sdata;
2218	struct ieee80211_local *local;
2219	struct ieee80211_key *key;
2220
2221	if (WARN_ON(!vif))
2222	return;
2223
2224	sdata = vif_to_sdata(p: vif);
2225	local = sdata->local;
2226
2227	lockdep_assert_wiphy(local->hw.wiphy);
2228
2229	if (WARN_ON(flag & IEEE80211_SDATA_DISCONNECT_RESUME &&
2230	!local->resuming))
2231	return;
2232
2233	if (WARN_ON(flag & IEEE80211_SDATA_DISCONNECT_HW_RESTART &&
2234	!local->in_reconfig))
2235	return;
2236
2237	if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
2238	return;
2239
2240	sdata->flags |= flag;
2241
2242	list_for_each_entry(key, &sdata->key_list, list)
2243	key->flags |= KEY_FLAG_TAINTED;
2244	}
2245
2246	void ieee80211_hw_restart_disconnect(struct ieee80211_vif *vif)
2247	{
2248	ieee80211_reconfig_disconnect(vif, flag: IEEE80211_SDATA_DISCONNECT_HW_RESTART);
2249	}
2250	EXPORT_SYMBOL_GPL(ieee80211_hw_restart_disconnect);
2251
2252	void ieee80211_resume_disconnect(struct ieee80211_vif *vif)
2253	{
2254	ieee80211_reconfig_disconnect(vif, flag: IEEE80211_SDATA_DISCONNECT_RESUME);
2255	}
2256	EXPORT_SYMBOL_GPL(ieee80211_resume_disconnect);
2257
2258	void ieee80211_recalc_smps(struct ieee80211_sub_if_data *sdata,
2259	struct ieee80211_link_data *link)
2260	{
2261	struct ieee80211_local *local = sdata->local;
2262	struct ieee80211_chanctx_conf *chanctx_conf;
2263	struct ieee80211_chanctx *chanctx;
2264
2265	lockdep_assert_wiphy(local->hw.wiphy);
2266
2267	chanctx_conf = rcu_dereference_protected(link->conf->chanctx_conf,
2268	lockdep_is_held(&local->hw.wiphy->mtx));
2269
2270	/*
2271	* This function can be called from a work, thus it may be possible
2272	* that the chanctx_conf is removed (due to a disconnection, for
2273	* example).
2274	* So nothing should be done in such case.
2275	*/
2276	if (!chanctx_conf)
2277	return;
2278
2279	chanctx = container_of(chanctx_conf, struct ieee80211_chanctx, conf);
2280	ieee80211_recalc_smps_chanctx(local, chanctx);
2281	}
2282
2283	void ieee80211_recalc_min_chandef(struct ieee80211_sub_if_data *sdata,
2284	int link_id)
2285	{
2286	struct ieee80211_local *local = sdata->local;
2287	struct ieee80211_chanctx_conf *chanctx_conf;
2288	struct ieee80211_chanctx *chanctx;
2289	int i;
2290
2291	lockdep_assert_wiphy(local->hw.wiphy);
2292
2293	for (i = 0; i < ARRAY_SIZE(sdata->vif.link_conf); i++) {
2294	struct ieee80211_bss_conf *bss_conf;
2295
2296	if (link_id >= 0 && link_id != i)
2297	continue;
2298
2299	rcu_read_lock();
2300	bss_conf = rcu_dereference(sdata->vif.link_conf[i]);
2301	if (!bss_conf) {
2302	rcu_read_unlock();
2303	continue;
2304	}
2305
2306	chanctx_conf = rcu_dereference_protected(bss_conf->chanctx_conf,
2307	lockdep_is_held(&local->hw.wiphy->mtx));
2308	/*
2309	* Since we hold the wiphy mutex (checked above)
2310	* we can take the chanctx_conf pointer out of the
2311	* RCU critical section, it cannot go away without
2312	* the mutex. Just the way we reached it could - in
2313	* theory - go away, but we don't really care and
2314	* it really shouldn't happen anyway.
2315	*/
2316	rcu_read_unlock();
2317
2318	if (!chanctx_conf)
2319	return;
2320
2321	chanctx = container_of(chanctx_conf, struct ieee80211_chanctx,
2322	conf);
2323	ieee80211_recalc_chanctx_min_def(local, ctx: chanctx, NULL);
2324	}
2325	}
2326
2327	size_t ieee80211_ie_split_vendor(const u8 *ies, size_t ielen, size_t offset)
2328	{
2329	size_t pos = offset;
2330
2331	while (pos < ielen && ies[pos] != WLAN_EID_VENDOR_SPECIFIC)
2332	pos += 2 + ies[pos + 1];
2333
2334	return pos;
2335	}
2336
2337	u8 *ieee80211_ie_build_ht_cap(u8 *pos, struct ieee80211_sta_ht_cap *ht_cap,
2338	u16 cap)
2339	{
2340	__le16 tmp;
2341
2342	*pos++ = WLAN_EID_HT_CAPABILITY;
2343	*pos++ = sizeof(struct ieee80211_ht_cap);
2344	memset(pos, 0, sizeof(struct ieee80211_ht_cap));
2345
2346	/* capability flags */
2347	tmp = cpu_to_le16(cap);
2348	memcpy(pos, &tmp, sizeof(u16));
2349	pos += sizeof(u16);
2350
2351	/* AMPDU parameters */
2352	*pos++ = ht_cap->ampdu_factor |
2353	(ht_cap->ampdu_density <<
2354	IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
2355
2356	/* MCS set */
2357	memcpy(pos, &ht_cap->mcs, sizeof(ht_cap->mcs));
2358	pos += sizeof(ht_cap->mcs);
2359
2360	/* extended capabilities */
2361	pos += sizeof(__le16);
2362
2363	/* BF capabilities */
2364	pos += sizeof(__le32);
2365
2366	/* antenna selection */
2367	pos += sizeof(u8);
2368
2369	return pos;
2370	}
2371
2372	u8 *ieee80211_ie_build_vht_cap(u8 *pos, struct ieee80211_sta_vht_cap *vht_cap,
2373	u32 cap)
2374	{
2375	__le32 tmp;
2376
2377	*pos++ = WLAN_EID_VHT_CAPABILITY;
2378	*pos++ = sizeof(struct ieee80211_vht_cap);
2379	memset(pos, 0, sizeof(struct ieee80211_vht_cap));
2380
2381	/* capability flags */
2382	tmp = cpu_to_le32(cap);
2383	memcpy(pos, &tmp, sizeof(u32));
2384	pos += sizeof(u32);
2385
2386	/* VHT MCS set */
2387	memcpy(pos, &vht_cap->vht_mcs, sizeof(vht_cap->vht_mcs));
2388	pos += sizeof(vht_cap->vht_mcs);
2389
2390	return pos;
2391	}
2392
2393	/* this may return more than ieee80211_put_he_6ghz_cap() will need */
2394	u8 ieee80211_ie_len_he_cap(struct ieee80211_sub_if_data *sdata)
2395	{
2396	const struct ieee80211_sta_he_cap *he_cap;
2397	struct ieee80211_supported_band *sband;
2398	u8 n;
2399
2400	sband = ieee80211_get_sband(sdata);
2401	if (!sband)
2402	return 0;
2403
2404	he_cap = ieee80211_get_he_iftype_cap_vif(sband, vif: &sdata->vif);
2405	if (!he_cap)
2406	return 0;
2407
2408	n = ieee80211_he_mcs_nss_size(he_cap: &he_cap->he_cap_elem);
2409	return 2 + 1 +
2410	sizeof(he_cap->he_cap_elem) + n +
2411	ieee80211_he_ppe_size(ppe_thres_hdr: he_cap->ppe_thres[0],
2412	phy_cap_info: he_cap->he_cap_elem.phy_cap_info);
2413	}
2414
2415	static void
2416	ieee80211_get_adjusted_he_cap(const struct ieee80211_conn_settings *conn,
2417	const struct ieee80211_sta_he_cap *he_cap,
2418	struct ieee80211_he_cap_elem *elem)
2419	{
2420	u8 ru_limit, max_ru;
2421
2422	*elem = he_cap->he_cap_elem;
2423
2424	switch (conn->bw_limit) {
2425	case IEEE80211_CONN_BW_LIMIT_20:
2426	ru_limit = IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_242;
2427	break;
2428	case IEEE80211_CONN_BW_LIMIT_40:
2429	ru_limit = IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_484;
2430	break;
2431	case IEEE80211_CONN_BW_LIMIT_80:
2432	ru_limit = IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_996;
2433	break;
2434	default:
2435	ru_limit = IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_2x996;
2436	break;
2437	}
2438
2439	max_ru = elem->phy_cap_info[8] & IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_MASK;
2440	max_ru = min(max_ru, ru_limit);
2441	elem->phy_cap_info[8] &= ~IEEE80211_HE_PHY_CAP8_DCM_MAX_RU_MASK;
2442	elem->phy_cap_info[8] |= max_ru;
2443
2444	if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_40) {
2445	elem->phy_cap_info[0] &=
2446	~(IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G |
2447	IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_40MHZ_IN_2G);
2448	elem->phy_cap_info[9] &=
2449	~IEEE80211_HE_PHY_CAP9_LONGER_THAN_16_SIGB_OFDM_SYM;
2450	}
2451
2452	if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_160) {
2453	elem->phy_cap_info[0] &=
2454	~(IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_160MHZ_IN_5G |
2455	IEEE80211_HE_PHY_CAP0_CHANNEL_WIDTH_SET_80PLUS80_MHZ_IN_5G);
2456	elem->phy_cap_info[5] &=
2457	~IEEE80211_HE_PHY_CAP5_BEAMFORMEE_NUM_SND_DIM_ABOVE_80MHZ_MASK;
2458	elem->phy_cap_info[7] &=
2459	~(IEEE80211_HE_PHY_CAP7_STBC_TX_ABOVE_80MHZ |
2460	IEEE80211_HE_PHY_CAP7_STBC_RX_ABOVE_80MHZ);
2461	}
2462	}
2463
2464	int ieee80211_put_he_cap(struct sk_buff *skb,
2465	struct ieee80211_sub_if_data *sdata,
2466	const struct ieee80211_supported_band *sband,
2467	const struct ieee80211_conn_settings *conn)
2468	{
2469	const struct ieee80211_sta_he_cap *he_cap;
2470	struct ieee80211_he_cap_elem elem;
2471	u8 *len;
2472	u8 n;
2473	u8 ie_len;
2474
2475	if (!conn)
2476	conn = &ieee80211_conn_settings_unlimited;
2477
2478	he_cap = ieee80211_get_he_iftype_cap_vif(sband, vif: &sdata->vif);
2479	if (!he_cap)
2480	return 0;
2481
2482	/* modify on stack first to calculate 'n' and 'ie_len' correctly */
2483	ieee80211_get_adjusted_he_cap(conn, he_cap, elem: &elem);
2484
2485	n = ieee80211_he_mcs_nss_size(he_cap: &elem);
2486	ie_len = 2 + 1 +
2487	sizeof(he_cap->he_cap_elem) + n +
2488	ieee80211_he_ppe_size(ppe_thres_hdr: he_cap->ppe_thres[0],
2489	phy_cap_info: he_cap->he_cap_elem.phy_cap_info);
2490
2491	if (skb_tailroom(skb) < ie_len)
2492	return -ENOBUFS;
2493
2494	skb_put_u8(skb, val: WLAN_EID_EXTENSION);
2495	len = skb_put(skb, len: 1); /* We'll set the size later below */
2496	skb_put_u8(skb, val: WLAN_EID_EXT_HE_CAPABILITY);
2497
2498	/* Fixed data */
2499	skb_put_data(skb, data: &elem, len: sizeof(elem));
2500
2501	skb_put_data(skb, data: &he_cap->he_mcs_nss_supp, len: n);
2502
2503	/* Check if PPE Threshold should be present */
2504	if ((he_cap->he_cap_elem.phy_cap_info[6] &
2505	IEEE80211_HE_PHY_CAP6_PPE_THRESHOLD_PRESENT) == 0)
2506	goto end;
2507
2508	/*
2509	* Calculate how many PPET16/PPET8 pairs are to come. Algorithm:
2510	* (NSS_M1 + 1) x (num of 1 bits in RU_INDEX_BITMASK)
2511	*/
2512	n = hweight8(he_cap->ppe_thres[0] &
2513	IEEE80211_PPE_THRES_RU_INDEX_BITMASK_MASK);
2514	n *= (1 + ((he_cap->ppe_thres[0] & IEEE80211_PPE_THRES_NSS_MASK) >>
2515	IEEE80211_PPE_THRES_NSS_POS));
2516
2517	/*
2518	* Each pair is 6 bits, and we need to add the 7 "header" bits to the
2519	* total size.
2520	*/
2521	n = (n * IEEE80211_PPE_THRES_INFO_PPET_SIZE * 2) + 7;
2522	n = DIV_ROUND_UP(n, 8);
2523
2524	/* Copy PPE Thresholds */
2525	skb_put_data(skb, data: &he_cap->ppe_thres, len: n);
2526
2527	end:
2528	*len = skb_tail_pointer(skb) - len - 1;
2529	return 0;
2530	}
2531
2532	int ieee80211_put_he_6ghz_cap(struct sk_buff *skb,
2533	struct ieee80211_sub_if_data *sdata,
2534	enum ieee80211_smps_mode smps_mode)
2535	{
2536	struct ieee80211_supported_band *sband;
2537	const struct ieee80211_sband_iftype_data *iftd;
2538	enum nl80211_iftype iftype = ieee80211_vif_type_p2p(vif: &sdata->vif);
2539	__le16 cap;
2540
2541	if (!cfg80211_any_usable_channels(wiphy: sdata->local->hw.wiphy,
2542	BIT(NL80211_BAND_6GHZ),
2543	prohibited_flags: IEEE80211_CHAN_NO_HE))
2544	return 0;
2545
2546	sband = sdata->local->hw.wiphy->bands[NL80211_BAND_6GHZ];
2547
2548	iftd = ieee80211_get_sband_iftype_data(sband, iftype);
2549	if (!iftd)
2550	return 0;
2551
2552	/* Check for device HE 6 GHz capability before adding element */
2553	if (!iftd->he_6ghz_capa.capa)
2554	return 0;
2555
2556	cap = iftd->he_6ghz_capa.capa;
2557	cap &= cpu_to_le16(~IEEE80211_HE_6GHZ_CAP_SM_PS);
2558
2559	switch (smps_mode) {
2560	case IEEE80211_SMPS_AUTOMATIC:
2561	case IEEE80211_SMPS_NUM_MODES:
2562	WARN_ON(1);
2563	fallthrough;
2564	case IEEE80211_SMPS_OFF:
2565	cap |= le16_encode_bits(WLAN_HT_CAP_SM_PS_DISABLED,
2566	IEEE80211_HE_6GHZ_CAP_SM_PS);
2567	break;
2568	case IEEE80211_SMPS_STATIC:
2569	cap |= le16_encode_bits(WLAN_HT_CAP_SM_PS_STATIC,
2570	IEEE80211_HE_6GHZ_CAP_SM_PS);
2571	break;
2572	case IEEE80211_SMPS_DYNAMIC:
2573	cap |= le16_encode_bits(WLAN_HT_CAP_SM_PS_DYNAMIC,
2574	IEEE80211_HE_6GHZ_CAP_SM_PS);
2575	break;
2576	}
2577
2578	if (skb_tailroom(skb) < 2 + 1 + sizeof(cap))
2579	return -ENOBUFS;
2580
2581	skb_put_u8(skb, val: WLAN_EID_EXTENSION);
2582	skb_put_u8(skb, val: 1 + sizeof(cap));
2583	skb_put_u8(skb, val: WLAN_EID_EXT_HE_6GHZ_CAPA);
2584	skb_put_data(skb, data: &cap, len: sizeof(cap));
2585	return 0;
2586	}
2587
2588	u8 *ieee80211_ie_build_ht_oper(u8 *pos, struct ieee80211_sta_ht_cap *ht_cap,
2589	const struct cfg80211_chan_def *chandef,
2590	u16 prot_mode, bool rifs_mode)
2591	{
2592	struct ieee80211_ht_operation *ht_oper;
2593	/* Build HT Information */
2594	*pos++ = WLAN_EID_HT_OPERATION;
2595	*pos++ = sizeof(struct ieee80211_ht_operation);
2596	ht_oper = (struct ieee80211_ht_operation *)pos;
2597	ht_oper->primary_chan = ieee80211_frequency_to_channel(
2598	freq: chandef->chan->center_freq);
2599	switch (chandef->width) {
2600	case NL80211_CHAN_WIDTH_160:
2601	case NL80211_CHAN_WIDTH_80P80:
2602	case NL80211_CHAN_WIDTH_80:
2603	case NL80211_CHAN_WIDTH_40:
2604	if (chandef->center_freq1 > chandef->chan->center_freq)
2605	ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
2606	else
2607	ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
2608	break;
2609	case NL80211_CHAN_WIDTH_320:
2610	/* HT information element should not be included on 6GHz */
2611	WARN_ON(1);
2612	return pos;
2613	default:
2614	ht_oper->ht_param = IEEE80211_HT_PARAM_CHA_SEC_NONE;
2615	break;
2616	}
2617	if (ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40 &&
2618	chandef->width != NL80211_CHAN_WIDTH_20_NOHT &&
2619	chandef->width != NL80211_CHAN_WIDTH_20)
2620	ht_oper->ht_param |= IEEE80211_HT_PARAM_CHAN_WIDTH_ANY;
2621
2622	if (rifs_mode)
2623	ht_oper->ht_param |= IEEE80211_HT_PARAM_RIFS_MODE;
2624
2625	ht_oper->operation_mode = cpu_to_le16(prot_mode);
2626	ht_oper->stbc_param = 0x0000;
2627
2628	/* It seems that Basic MCS set and Supported MCS set
2629	are identical for the first 10 bytes */
2630	memset(&ht_oper->basic_set, 0, 16);
2631	memcpy(&ht_oper->basic_set, &ht_cap->mcs, 10);
2632
2633	return pos + sizeof(struct ieee80211_ht_operation);
2634	}
2635
2636	void ieee80211_ie_build_wide_bw_cs(u8 *pos,
2637	const struct cfg80211_chan_def *chandef)
2638	{
2639	*pos++ = WLAN_EID_WIDE_BW_CHANNEL_SWITCH; /* EID */
2640	*pos++ = 3; /* IE length */
2641	/* New channel width */
2642	switch (chandef->width) {
2643	case NL80211_CHAN_WIDTH_80:
2644	*pos++ = IEEE80211_VHT_CHANWIDTH_80MHZ;
2645	break;
2646	case NL80211_CHAN_WIDTH_160:
2647	*pos++ = IEEE80211_VHT_CHANWIDTH_160MHZ;
2648	break;
2649	case NL80211_CHAN_WIDTH_80P80:
2650	*pos++ = IEEE80211_VHT_CHANWIDTH_80P80MHZ;
2651	break;
2652	case NL80211_CHAN_WIDTH_320:
2653	/* The behavior is not defined for 320 MHz channels */
2654	WARN_ON(1);
2655	fallthrough;
2656	default:
2657	*pos++ = IEEE80211_VHT_CHANWIDTH_USE_HT;
2658	}
2659
2660	/* new center frequency segment 0 */
2661	*pos++ = ieee80211_frequency_to_channel(freq: chandef->center_freq1);
2662	/* new center frequency segment 1 */
2663	if (chandef->center_freq2)
2664	*pos++ = ieee80211_frequency_to_channel(freq: chandef->center_freq2);
2665	else
2666	*pos++ = 0;
2667	}
2668
2669	u8 *ieee80211_ie_build_vht_oper(u8 *pos, struct ieee80211_sta_vht_cap *vht_cap,
2670	const struct cfg80211_chan_def *chandef)
2671	{
2672	struct ieee80211_vht_operation *vht_oper;
2673
2674	*pos++ = WLAN_EID_VHT_OPERATION;
2675	*pos++ = sizeof(struct ieee80211_vht_operation);
2676	vht_oper = (struct ieee80211_vht_operation *)pos;
2677	vht_oper->center_freq_seg0_idx = ieee80211_frequency_to_channel(
2678	freq: chandef->center_freq1);
2679	if (chandef->center_freq2)
2680	vht_oper->center_freq_seg1_idx =
2681	ieee80211_frequency_to_channel(freq: chandef->center_freq2);
2682	else
2683	vht_oper->center_freq_seg1_idx = 0x00;
2684
2685	switch (chandef->width) {
2686	case NL80211_CHAN_WIDTH_160:
2687	/*
2688	* Convert 160 MHz channel width to new style as interop
2689	* workaround.
2690	*/
2691	vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
2692	vht_oper->center_freq_seg1_idx = vht_oper->center_freq_seg0_idx;
2693	if (chandef->chan->center_freq < chandef->center_freq1)
2694	vht_oper->center_freq_seg0_idx -= 8;
2695	else
2696	vht_oper->center_freq_seg0_idx += 8;
2697	break;
2698	case NL80211_CHAN_WIDTH_80P80:
2699	/*
2700	* Convert 80+80 MHz channel width to new style as interop
2701	* workaround.
2702	*/
2703	vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
2704	break;
2705	case NL80211_CHAN_WIDTH_80:
2706	vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ;
2707	break;
2708	case NL80211_CHAN_WIDTH_320:
2709	/* VHT information element should not be included on 6GHz */
2710	WARN_ON(1);
2711	return pos;
2712	default:
2713	vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_USE_HT;
2714	break;
2715	}
2716
2717	/* don't require special VHT peer rates */
2718	vht_oper->basic_mcs_set = cpu_to_le16(0xffff);
2719
2720	return pos + sizeof(struct ieee80211_vht_operation);
2721	}
2722
2723	u8 *ieee80211_ie_build_he_oper(u8 *pos, struct cfg80211_chan_def *chandef)
2724	{
2725	struct ieee80211_he_operation *he_oper;
2726	struct ieee80211_he_6ghz_oper *he_6ghz_op;
2727	u32 he_oper_params;
2728	u8 ie_len = 1 + sizeof(struct ieee80211_he_operation);
2729
2730	if (chandef->chan->band == NL80211_BAND_6GHZ)
2731	ie_len += sizeof(struct ieee80211_he_6ghz_oper);
2732
2733	*pos++ = WLAN_EID_EXTENSION;
2734	*pos++ = ie_len;
2735	*pos++ = WLAN_EID_EXT_HE_OPERATION;
2736
2737	he_oper_params = 0;
2738	he_oper_params |= u32_encode_bits(v: 1023, /* disabled */
2739	IEEE80211_HE_OPERATION_RTS_THRESHOLD_MASK);
2740	he_oper_params |= u32_encode_bits(v: 1,
2741	IEEE80211_HE_OPERATION_ER_SU_DISABLE);
2742	he_oper_params |= u32_encode_bits(v: 1,
2743	IEEE80211_HE_OPERATION_BSS_COLOR_DISABLED);
2744	if (chandef->chan->band == NL80211_BAND_6GHZ)
2745	he_oper_params |= u32_encode_bits(v: 1,
2746	IEEE80211_HE_OPERATION_6GHZ_OP_INFO);
2747
2748	he_oper = (struct ieee80211_he_operation *)pos;
2749	he_oper->he_oper_params = cpu_to_le32(he_oper_params);
2750
2751	/* don't require special HE peer rates */
2752	he_oper->he_mcs_nss_set = cpu_to_le16(0xffff);
2753	pos += sizeof(struct ieee80211_he_operation);
2754
2755	if (chandef->chan->band != NL80211_BAND_6GHZ)
2756	goto out;
2757
2758	/* TODO add VHT operational */
2759	he_6ghz_op = (struct ieee80211_he_6ghz_oper *)pos;
2760	he_6ghz_op->minrate = 6; /* 6 Mbps */
2761	he_6ghz_op->primary =
2762	ieee80211_frequency_to_channel(freq: chandef->chan->center_freq);
2763	he_6ghz_op->ccfs0 =
2764	ieee80211_frequency_to_channel(freq: chandef->center_freq1);
2765	if (chandef->center_freq2)
2766	he_6ghz_op->ccfs1 =
2767	ieee80211_frequency_to_channel(freq: chandef->center_freq2);
2768	else
2769	he_6ghz_op->ccfs1 = 0;
2770
2771	switch (chandef->width) {
2772	case NL80211_CHAN_WIDTH_320:
2773	/*
2774	* TODO: mesh operation is not defined over 6GHz 320 MHz
2775	* channels.
2776	*/
2777	WARN_ON(1);
2778	break;
2779	case NL80211_CHAN_WIDTH_160:
2780	/* Convert 160 MHz channel width to new style as interop
2781	* workaround.
2782	*/
2783	he_6ghz_op->control =
2784	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_160MHZ;
2785	he_6ghz_op->ccfs1 = he_6ghz_op->ccfs0;
2786	if (chandef->chan->center_freq < chandef->center_freq1)
2787	he_6ghz_op->ccfs0 -= 8;
2788	else
2789	he_6ghz_op->ccfs0 += 8;
2790	fallthrough;
2791	case NL80211_CHAN_WIDTH_80P80:
2792	he_6ghz_op->control =
2793	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_160MHZ;
2794	break;
2795	case NL80211_CHAN_WIDTH_80:
2796	he_6ghz_op->control =
2797	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_80MHZ;
2798	break;
2799	case NL80211_CHAN_WIDTH_40:
2800	he_6ghz_op->control =
2801	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_40MHZ;
2802	break;
2803	default:
2804	he_6ghz_op->control =
2805	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_20MHZ;
2806	break;
2807	}
2808
2809	pos += sizeof(struct ieee80211_he_6ghz_oper);
2810
2811	out:
2812	return pos;
2813	}
2814
2815	u8 *ieee80211_ie_build_eht_oper(u8 *pos, struct cfg80211_chan_def *chandef,
2816	const struct ieee80211_sta_eht_cap *eht_cap)
2817
2818	{
2819	const struct ieee80211_eht_mcs_nss_supp_20mhz_only *eht_mcs_nss =
2820	&eht_cap->eht_mcs_nss_supp.only_20mhz;
2821	struct ieee80211_eht_operation *eht_oper;
2822	struct ieee80211_eht_operation_info *eht_oper_info;
2823	u8 eht_oper_len = offsetof(struct ieee80211_eht_operation, optional);
2824	u8 eht_oper_info_len =
2825	offsetof(struct ieee80211_eht_operation_info, optional);
2826	u8 chan_width = 0;
2827
2828	*pos++ = WLAN_EID_EXTENSION;
2829	*pos++ = 1 + eht_oper_len + eht_oper_info_len;
2830	*pos++ = WLAN_EID_EXT_EHT_OPERATION;
2831
2832	eht_oper = (struct ieee80211_eht_operation *)pos;
2833
2834	memcpy(&eht_oper->basic_mcs_nss, eht_mcs_nss, sizeof(*eht_mcs_nss));
2835	eht_oper->params |= IEEE80211_EHT_OPER_INFO_PRESENT;
2836	pos += eht_oper_len;
2837
2838	eht_oper_info =
2839	(struct ieee80211_eht_operation_info *)eht_oper->optional;
2840
2841	eht_oper_info->ccfs0 =
2842	ieee80211_frequency_to_channel(freq: chandef->center_freq1);
2843	if (chandef->center_freq2)
2844	eht_oper_info->ccfs1 =
2845	ieee80211_frequency_to_channel(freq: chandef->center_freq2);
2846	else
2847	eht_oper_info->ccfs1 = 0;
2848
2849	switch (chandef->width) {
2850	case NL80211_CHAN_WIDTH_320:
2851	chan_width = IEEE80211_EHT_OPER_CHAN_WIDTH_320MHZ;
2852	eht_oper_info->ccfs1 = eht_oper_info->ccfs0;
2853	if (chandef->chan->center_freq < chandef->center_freq1)
2854	eht_oper_info->ccfs0 -= 16;
2855	else
2856	eht_oper_info->ccfs0 += 16;
2857	break;
2858	case NL80211_CHAN_WIDTH_160:
2859	eht_oper_info->ccfs1 = eht_oper_info->ccfs0;
2860	if (chandef->chan->center_freq < chandef->center_freq1)
2861	eht_oper_info->ccfs0 -= 8;
2862	else
2863	eht_oper_info->ccfs0 += 8;
2864	fallthrough;
2865	case NL80211_CHAN_WIDTH_80P80:
2866	chan_width = IEEE80211_EHT_OPER_CHAN_WIDTH_160MHZ;
2867	break;
2868	case NL80211_CHAN_WIDTH_80:
2869	chan_width = IEEE80211_EHT_OPER_CHAN_WIDTH_80MHZ;
2870	break;
2871	case NL80211_CHAN_WIDTH_40:
2872	chan_width = IEEE80211_EHT_OPER_CHAN_WIDTH_40MHZ;
2873	break;
2874	default:
2875	chan_width = IEEE80211_EHT_OPER_CHAN_WIDTH_20MHZ;
2876	break;
2877	}
2878	eht_oper_info->control = chan_width;
2879	pos += eht_oper_info_len;
2880
2881	/* TODO: eht_oper_info->optional */
2882
2883	return pos;
2884	}
2885
2886	bool ieee80211_chandef_ht_oper(const struct ieee80211_ht_operation *ht_oper,
2887	struct cfg80211_chan_def *chandef)
2888	{
2889	enum nl80211_channel_type channel_type;
2890
2891	if (!ht_oper)
2892	return false;
2893
2894	switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
2895	case IEEE80211_HT_PARAM_CHA_SEC_NONE:
2896	channel_type = NL80211_CHAN_HT20;
2897	break;
2898	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
2899	channel_type = NL80211_CHAN_HT40PLUS;
2900	break;
2901	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
2902	channel_type = NL80211_CHAN_HT40MINUS;
2903	break;
2904	default:
2905	return false;
2906	}
2907
2908	cfg80211_chandef_create(chandef, channel: chandef->chan, chantype: channel_type);
2909	return true;
2910	}
2911
2912	bool ieee80211_chandef_vht_oper(struct ieee80211_hw *hw, u32 vht_cap_info,
2913	const struct ieee80211_vht_operation *oper,
2914	const struct ieee80211_ht_operation *htop,
2915	struct cfg80211_chan_def *chandef)
2916	{
2917	struct cfg80211_chan_def new = *chandef;
2918	int cf0, cf1;
2919	int ccfs0, ccfs1, ccfs2;
2920	int ccf0, ccf1;
2921	u32 vht_cap;
2922	bool support_80_80 = false;
2923	bool support_160 = false;
2924	u8 ext_nss_bw_supp = u32_get_bits(v: vht_cap_info,
2925	IEEE80211_VHT_CAP_EXT_NSS_BW_MASK);
2926	u8 supp_chwidth = u32_get_bits(v: vht_cap_info,
2927	IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK);
2928
2929	if (!oper || !htop)
2930	return false;
2931
2932	vht_cap = hw->wiphy->bands[chandef->chan->band]->vht_cap.cap;
2933	support_160 = (vht_cap & (IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK |
2934	IEEE80211_VHT_CAP_EXT_NSS_BW_MASK));
2935	support_80_80 = ((vht_cap &
2936	IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ) ||
2937	(vht_cap & IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ &&
2938	vht_cap & IEEE80211_VHT_CAP_EXT_NSS_BW_MASK) ||
2939	((vht_cap & IEEE80211_VHT_CAP_EXT_NSS_BW_MASK) >>
2940	IEEE80211_VHT_CAP_EXT_NSS_BW_SHIFT > 1));
2941	ccfs0 = oper->center_freq_seg0_idx;
2942	ccfs1 = oper->center_freq_seg1_idx;
2943	ccfs2 = (le16_to_cpu(htop->operation_mode) &
2944	IEEE80211_HT_OP_MODE_CCFS2_MASK)
2945	>> IEEE80211_HT_OP_MODE_CCFS2_SHIFT;
2946
2947	ccf0 = ccfs0;
2948
2949	/* if not supported, parse as though we didn't understand it */
2950	if (!ieee80211_hw_check(hw, SUPPORTS_VHT_EXT_NSS_BW))
2951	ext_nss_bw_supp = 0;
2952
2953	/*
2954	* Cf. IEEE 802.11 Table 9-250
2955	*
2956	* We really just consider that because it's inefficient to connect
2957	* at a higher bandwidth than we'll actually be able to use.
2958	*/
2959	switch ((supp_chwidth << 4) | ext_nss_bw_supp) {
2960	default:
2961	case 0x00:
2962	ccf1 = 0;
2963	support_160 = false;
2964	support_80_80 = false;
2965	break;
2966	case 0x01:
2967	support_80_80 = false;
2968	fallthrough;
2969	case 0x02:
2970	case 0x03:
2971	ccf1 = ccfs2;
2972	break;
2973	case 0x10:
2974	ccf1 = ccfs1;
2975	break;
2976	case 0x11:
2977	case 0x12:
2978	if (!ccfs1)
2979	ccf1 = ccfs2;
2980	else
2981	ccf1 = ccfs1;
2982	break;
2983	case 0x13:
2984	case 0x20:
2985	case 0x23:
2986	ccf1 = ccfs1;
2987	break;
2988	}
2989
2990	cf0 = ieee80211_channel_to_frequency(chan: ccf0, band: chandef->chan->band);
2991	cf1 = ieee80211_channel_to_frequency(chan: ccf1, band: chandef->chan->band);
2992
2993	switch (oper->chan_width) {
2994	case IEEE80211_VHT_CHANWIDTH_USE_HT:
2995	/* just use HT information directly */
2996	break;
2997	case IEEE80211_VHT_CHANWIDTH_80MHZ:
2998	new.width = NL80211_CHAN_WIDTH_80;
2999	new.center_freq1 = cf0;
3000	/* If needed, adjust based on the newer interop workaround. */
3001	if (ccf1) {
3002	unsigned int diff;
3003
3004	diff = abs(ccf1 - ccf0);
3005	if ((diff == 8) && support_160) {
3006	new.width = NL80211_CHAN_WIDTH_160;
3007	new.center_freq1 = cf1;
3008	} else if ((diff > 8) && support_80_80) {
3009	new.width = NL80211_CHAN_WIDTH_80P80;
3010	new.center_freq2 = cf1;
3011	}
3012	}
3013	break;
3014	case IEEE80211_VHT_CHANWIDTH_160MHZ:
3015	/* deprecated encoding */
3016	new.width = NL80211_CHAN_WIDTH_160;
3017	new.center_freq1 = cf0;
3018	break;
3019	case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
3020	/* deprecated encoding */
3021	new.width = NL80211_CHAN_WIDTH_80P80;
3022	new.center_freq1 = cf0;
3023	new.center_freq2 = cf1;
3024	break;
3025	default:
3026	return false;
3027	}
3028
3029	if (!cfg80211_chandef_valid(chandef: &new))
3030	return false;
3031
3032	*chandef = new;
3033	return true;
3034	}
3035
3036	void ieee80211_chandef_eht_oper(const struct ieee80211_eht_operation_info *info,
3037	struct cfg80211_chan_def *chandef)
3038	{
3039	chandef->center_freq1 =
3040	ieee80211_channel_to_frequency(chan: info->ccfs0,
3041	band: chandef->chan->band);
3042
3043	switch (u8_get_bits(v: info->control,
3044	IEEE80211_EHT_OPER_CHAN_WIDTH)) {
3045	case IEEE80211_EHT_OPER_CHAN_WIDTH_20MHZ:
3046	chandef->width = NL80211_CHAN_WIDTH_20;
3047	break;
3048	case IEEE80211_EHT_OPER_CHAN_WIDTH_40MHZ:
3049	chandef->width = NL80211_CHAN_WIDTH_40;
3050	break;
3051	case IEEE80211_EHT_OPER_CHAN_WIDTH_80MHZ:
3052	chandef->width = NL80211_CHAN_WIDTH_80;
3053	break;
3054	case IEEE80211_EHT_OPER_CHAN_WIDTH_160MHZ:
3055	chandef->width = NL80211_CHAN_WIDTH_160;
3056	chandef->center_freq1 =
3057	ieee80211_channel_to_frequency(chan: info->ccfs1,
3058	band: chandef->chan->band);
3059	break;
3060	case IEEE80211_EHT_OPER_CHAN_WIDTH_320MHZ:
3061	chandef->width = NL80211_CHAN_WIDTH_320;
3062	chandef->center_freq1 =
3063	ieee80211_channel_to_frequency(chan: info->ccfs1,
3064	band: chandef->chan->band);
3065	break;
3066	}
3067	}
3068
3069	bool ieee80211_chandef_he_6ghz_oper(struct ieee80211_local *local,
3070	const struct ieee80211_he_operation *he_oper,
3071	const struct ieee80211_eht_operation *eht_oper,
3072	struct cfg80211_chan_def *chandef)
3073	{
3074	struct cfg80211_chan_def he_chandef = *chandef;
3075	const struct ieee80211_he_6ghz_oper *he_6ghz_oper;
3076	u32 freq;
3077
3078	if (chandef->chan->band != NL80211_BAND_6GHZ)
3079	return true;
3080
3081	if (!he_oper)
3082	return false;
3083
3084	he_6ghz_oper = ieee80211_he_6ghz_oper(he_oper);
3085	if (!he_6ghz_oper)
3086	return false;
3087
3088	/*
3089	* The EHT operation IE does not contain the primary channel so the
3090	* primary channel frequency should be taken from the 6 GHz operation
3091	* information.
3092	*/
3093	freq = ieee80211_channel_to_frequency(chan: he_6ghz_oper->primary,
3094	band: NL80211_BAND_6GHZ);
3095	he_chandef.chan = ieee80211_get_channel(wiphy: local->hw.wiphy, freq);
3096
3097	if (!he_chandef.chan)
3098	return false;
3099
3100	if (!eht_oper ||
3101	!(eht_oper->params & IEEE80211_EHT_OPER_INFO_PRESENT)) {
3102	switch (u8_get_bits(v: he_6ghz_oper->control,
3103	IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH)) {
3104	case IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_20MHZ:
3105	he_chandef.width = NL80211_CHAN_WIDTH_20;
3106	break;
3107	case IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_40MHZ:
3108	he_chandef.width = NL80211_CHAN_WIDTH_40;
3109	break;
3110	case IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_80MHZ:
3111	he_chandef.width = NL80211_CHAN_WIDTH_80;
3112	break;
3113	case IEEE80211_HE_6GHZ_OPER_CTRL_CHANWIDTH_160MHZ:
3114	he_chandef.width = NL80211_CHAN_WIDTH_80;
3115	if (!he_6ghz_oper->ccfs1)
3116	break;
3117	if (abs(he_6ghz_oper->ccfs1 - he_6ghz_oper->ccfs0) == 8)
3118	he_chandef.width = NL80211_CHAN_WIDTH_160;
3119	else
3120	he_chandef.width = NL80211_CHAN_WIDTH_80P80;
3121	break;
3122	}
3123
3124	if (he_chandef.width == NL80211_CHAN_WIDTH_160) {
3125	he_chandef.center_freq1 =
3126	ieee80211_channel_to_frequency(chan: he_6ghz_oper->ccfs1,
3127	band: NL80211_BAND_6GHZ);
3128	} else {
3129	he_chandef.center_freq1 =
3130	ieee80211_channel_to_frequency(chan: he_6ghz_oper->ccfs0,
3131	band: NL80211_BAND_6GHZ);
3132	he_chandef.center_freq2 =
3133	ieee80211_channel_to_frequency(chan: he_6ghz_oper->ccfs1,
3134	band: NL80211_BAND_6GHZ);
3135	}
3136	} else {
3137	ieee80211_chandef_eht_oper(info: (const void *)eht_oper->optional,
3138	chandef: &he_chandef);
3139	}
3140
3141	if (!cfg80211_chandef_valid(chandef: &he_chandef))
3142	return false;
3143
3144	*chandef = he_chandef;
3145
3146	return true;
3147	}
3148
3149	bool ieee80211_chandef_s1g_oper(const struct ieee80211_s1g_oper_ie *oper,
3150	struct cfg80211_chan_def *chandef)
3151	{
3152	u32 oper_freq;
3153
3154	if (!oper)
3155	return false;
3156
3157	switch (FIELD_GET(S1G_OPER_CH_WIDTH_OPER, oper->ch_width)) {
3158	case IEEE80211_S1G_CHANWIDTH_1MHZ:
3159	chandef->width = NL80211_CHAN_WIDTH_1;
3160	break;
3161	case IEEE80211_S1G_CHANWIDTH_2MHZ:
3162	chandef->width = NL80211_CHAN_WIDTH_2;
3163	break;
3164	case IEEE80211_S1G_CHANWIDTH_4MHZ:
3165	chandef->width = NL80211_CHAN_WIDTH_4;
3166	break;
3167	case IEEE80211_S1G_CHANWIDTH_8MHZ:
3168	chandef->width = NL80211_CHAN_WIDTH_8;
3169	break;
3170	case IEEE80211_S1G_CHANWIDTH_16MHZ:
3171	chandef->width = NL80211_CHAN_WIDTH_16;
3172	break;
3173	default:
3174	return false;
3175	}
3176
3177	oper_freq = ieee80211_channel_to_freq_khz(chan: oper->oper_ch,
3178	band: NL80211_BAND_S1GHZ);
3179	chandef->center_freq1 = KHZ_TO_MHZ(oper_freq);
3180	chandef->freq1_offset = oper_freq % 1000;
3181
3182	return true;
3183	}
3184
3185	int ieee80211_put_srates_elem(struct sk_buff *skb,
3186	const struct ieee80211_supported_band *sband,
3187	u32 basic_rates, u32 rate_flags, u32 masked_rates,
3188	u8 element_id)
3189	{
3190	u8 i, rates, skip;
3191
3192	rates = 0;
3193	for (i = 0; i < sband->n_bitrates; i++) {
3194	if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
3195	continue;
3196	if (masked_rates & BIT(i))
3197	continue;
3198	rates++;
3199	}
3200
3201	if (element_id == WLAN_EID_SUPP_RATES) {
3202	rates = min_t(u8, rates, 8);
3203	skip = 0;
3204	} else {
3205	skip = 8;
3206	if (rates <= skip)
3207	return 0;
3208	rates -= skip;
3209	}
3210
3211	if (skb_tailroom(skb) < rates + 2)
3212	return -ENOBUFS;
3213
3214	skb_put_u8(skb, val: element_id);
3215	skb_put_u8(skb, val: rates);
3216
3217	for (i = 0; i < sband->n_bitrates && rates; i++) {
3218	int rate;
3219	u8 basic;
3220
3221	if ((rate_flags & sband->bitrates[i].flags) != rate_flags)
3222	continue;
3223	if (masked_rates & BIT(i))
3224	continue;
3225
3226	if (skip > 0) {
3227	skip--;
3228	continue;
3229	}
3230
3231	basic = basic_rates & BIT(i) ? 0x80 : 0;
3232
3233	rate = DIV_ROUND_UP(sband->bitrates[i].bitrate, 5);
3234	skb_put_u8(skb, val: basic | (u8)rate);
3235	rates--;
3236	}
3237
3238	WARN(rates > 0, "rates confused: rates:%d, element:%d\n",
3239	rates, element_id);
3240
3241	return 0;
3242	}
3243
3244	int ieee80211_ave_rssi(struct ieee80211_vif *vif)
3245	{
3246	struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
3247
3248	if (WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_STATION))
3249	return 0;
3250
3251	return -ewma_beacon_signal_read(e: &sdata->deflink.u.mgd.ave_beacon_signal);
3252	}
3253	EXPORT_SYMBOL_GPL(ieee80211_ave_rssi);
3254
3255	u8 ieee80211_mcs_to_chains(const struct ieee80211_mcs_info *mcs)
3256	{
3257	if (!mcs)
3258	return 1;
3259
3260	/* TODO: consider rx_highest */
3261
3262	if (mcs->rx_mask[3])
3263	return 4;
3264	if (mcs->rx_mask[2])
3265	return 3;
3266	if (mcs->rx_mask[1])
3267	return 2;
3268	return 1;
3269	}
3270
3271	/**
3272	* ieee80211_calculate_rx_timestamp - calculate timestamp in frame
3273	* @local: mac80211 hw info struct
3274	* @status: RX status
3275	* @mpdu_len: total MPDU length (including FCS)
3276	* @mpdu_offset: offset into MPDU to calculate timestamp at
3277	*
3278	* This function calculates the RX timestamp at the given MPDU offset, taking
3279	* into account what the RX timestamp was. An offset of 0 will just normalize
3280	* the timestamp to TSF at beginning of MPDU reception.
3281	*
3282	* Returns: the calculated timestamp
3283	*/
3284	u64 ieee80211_calculate_rx_timestamp(struct ieee80211_local *local,
3285	struct ieee80211_rx_status *status,
3286	unsigned int mpdu_len,
3287	unsigned int mpdu_offset)
3288	{
3289	u64 ts = status->mactime;
3290	bool mactime_plcp_start;
3291	struct rate_info ri;
3292	u16 rate;
3293	u8 n_ltf;
3294
3295	if (WARN_ON(!ieee80211_have_rx_timestamp(status)))
3296	return 0;
3297
3298	mactime_plcp_start = (status->flag & RX_FLAG_MACTIME) ==
3299	RX_FLAG_MACTIME_PLCP_START;
3300
3301	memset(&ri, 0, sizeof(ri));
3302
3303	ri.bw = status->bw;
3304
3305	/* Fill cfg80211 rate info */
3306	switch (status->encoding) {
3307	case RX_ENC_EHT:
3308	ri.flags |= RATE_INFO_FLAGS_EHT_MCS;
3309	ri.mcs = status->rate_idx;
3310	ri.nss = status->nss;
3311	ri.eht_ru_alloc = status->eht.ru;
3312	if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
3313	ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
3314	/* TODO/FIXME: is this right? handle other PPDUs */
3315	if (mactime_plcp_start) {
3316	mpdu_offset += 2;
3317	ts += 36;
3318	}
3319	break;
3320	case RX_ENC_HE:
3321	ri.flags |= RATE_INFO_FLAGS_HE_MCS;
3322	ri.mcs = status->rate_idx;
3323	ri.nss = status->nss;
3324	ri.he_ru_alloc = status->he_ru;
3325	if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
3326	ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
3327
3328	/*
3329	* See P802.11ax_D6.0, section 27.3.4 for
3330	* VHT PPDU format.
3331	*/
3332	if (mactime_plcp_start) {
3333	mpdu_offset += 2;
3334	ts += 36;
3335
3336	/*
3337	* TODO:
3338	* For HE MU PPDU, add the HE-SIG-B.
3339	* For HE ER PPDU, add 8us for the HE-SIG-A.
3340	* For HE TB PPDU, add 4us for the HE-STF.
3341	* Add the HE-LTF durations - variable.
3342	*/
3343	}
3344
3345	break;
3346	case RX_ENC_HT:
3347	ri.mcs = status->rate_idx;
3348	ri.flags |= RATE_INFO_FLAGS_MCS;
3349	if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
3350	ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
3351
3352	/*
3353	* See P802.11REVmd_D3.0, section 19.3.2 for
3354	* HT PPDU format.
3355	*/
3356	if (mactime_plcp_start) {
3357	mpdu_offset += 2;
3358	if (status->enc_flags & RX_ENC_FLAG_HT_GF)
3359	ts += 24;
3360	else
3361	ts += 32;
3362
3363	/*
3364	* Add Data HT-LTFs per streams
3365	* TODO: add Extension HT-LTFs, 4us per LTF
3366	*/
3367	n_ltf = ((ri.mcs >> 3) & 3) + 1;
3368	n_ltf = n_ltf == 3 ? 4 : n_ltf;
3369	ts += n_ltf * 4;
3370	}
3371
3372	break;
3373	case RX_ENC_VHT:
3374	ri.flags |= RATE_INFO_FLAGS_VHT_MCS;
3375	ri.mcs = status->rate_idx;
3376	ri.nss = status->nss;
3377	if (status->enc_flags & RX_ENC_FLAG_SHORT_GI)
3378	ri.flags |= RATE_INFO_FLAGS_SHORT_GI;
3379
3380	/*
3381	* See P802.11REVmd_D3.0, section 21.3.2 for
3382	* VHT PPDU format.
3383	*/
3384	if (mactime_plcp_start) {
3385	mpdu_offset += 2;
3386	ts += 36;
3387
3388	/*
3389	* Add VHT-LTFs per streams
3390	*/
3391	n_ltf = (ri.nss != 1) && (ri.nss % 2) ?
3392	ri.nss + 1 : ri.nss;
3393	ts += 4 * n_ltf;
3394	}
3395
3396	break;
3397	default:
3398	WARN_ON(1);
3399	fallthrough;
3400	case RX_ENC_LEGACY: {
3401	struct ieee80211_supported_band *sband;
3402
3403	sband = local->hw.wiphy->bands[status->band];
3404	ri.legacy = sband->bitrates[status->rate_idx].bitrate;
3405
3406	if (mactime_plcp_start) {
3407	if (status->band == NL80211_BAND_5GHZ) {
3408	ts += 20;
3409	mpdu_offset += 2;
3410	} else if (status->enc_flags & RX_ENC_FLAG_SHORTPRE) {
3411	ts += 96;
3412	} else {
3413	ts += 192;
3414	}
3415	}
3416	break;
3417	}
3418	}
3419
3420	rate = cfg80211_calculate_bitrate(rate: &ri);
3421	if (WARN_ONCE(!rate,
3422	"Invalid bitrate: flags=0x%llx, idx=%d, vht_nss=%d\n",
3423	(unsigned long long)status->flag, status->rate_idx,
3424	status->nss))
3425	return 0;
3426
3427	/* rewind from end of MPDU */
3428	if ((status->flag & RX_FLAG_MACTIME) == RX_FLAG_MACTIME_END)
3429	ts -= mpdu_len * 8 * 10 / rate;
3430
3431	ts += mpdu_offset * 8 * 10 / rate;
3432
3433	return ts;
3434	}
3435
3436	void ieee80211_dfs_cac_cancel(struct ieee80211_local *local)
3437	{
3438	struct ieee80211_sub_if_data *sdata;
3439	struct cfg80211_chan_def chandef;
3440
3441	lockdep_assert_wiphy(local->hw.wiphy);
3442
3443	list_for_each_entry(sdata, &local->interfaces, list) {
3444	/* it might be waiting for the local->mtx, but then
3445	* by the time it gets it, sdata->wdev.cac_started
3446	* will no longer be true
3447	*/
3448	wiphy_delayed_work_cancel(wiphy: local->hw.wiphy,
3449	dwork: &sdata->deflink.dfs_cac_timer_work);
3450
3451	if (sdata->wdev.cac_started) {
3452	chandef = sdata->vif.bss_conf.chanreq.oper;
3453	ieee80211_link_release_channel(link: &sdata->deflink);
3454	cfg80211_cac_event(netdev: sdata->dev,
3455	chandef: &chandef,
3456	event: NL80211_RADAR_CAC_ABORTED,
3457	GFP_KERNEL);
3458	}
3459	}
3460	}
3461
3462	void ieee80211_dfs_radar_detected_work(struct wiphy *wiphy,
3463	struct wiphy_work *work)
3464	{
3465	struct ieee80211_local *local =
3466	container_of(work, struct ieee80211_local, radar_detected_work);
3467	struct cfg80211_chan_def chandef = local->hw.conf.chandef;
3468	struct ieee80211_chanctx *ctx;
3469	int num_chanctx = 0;
3470
3471	lockdep_assert_wiphy(local->hw.wiphy);
3472
3473	list_for_each_entry(ctx, &local->chanctx_list, list) {
3474	if (ctx->replace_state == IEEE80211_CHANCTX_REPLACES_OTHER)
3475	continue;
3476
3477	num_chanctx++;
3478	chandef = ctx->conf.def;
3479	}
3480
3481	ieee80211_dfs_cac_cancel(local);
3482
3483	if (num_chanctx > 1)
3484	/* XXX: multi-channel is not supported yet */
3485	WARN_ON(1);
3486	else
3487	cfg80211_radar_event(wiphy: local->hw.wiphy, chandef: &chandef, GFP_KERNEL);
3488	}
3489
3490	void ieee80211_radar_detected(struct ieee80211_hw *hw)
3491	{
3492	struct ieee80211_local *local = hw_to_local(hw);
3493
3494	trace_api_radar_detected(local);
3495
3496	wiphy_work_queue(wiphy: hw->wiphy, work: &local->radar_detected_work);
3497	}
3498	EXPORT_SYMBOL(ieee80211_radar_detected);
3499
3500	void ieee80211_chandef_downgrade(struct cfg80211_chan_def *c,
3501	struct ieee80211_conn_settings *conn)
3502	{
3503	enum nl80211_chan_width new_primary_width;
3504	struct ieee80211_conn_settings _ignored = {};
3505
3506	/* allow passing NULL if caller doesn't care */
3507	if (!conn)
3508	conn = &_ignored;
3509
3510	again:
3511	/* no-HT indicates nothing to do */
3512	new_primary_width = NL80211_CHAN_WIDTH_20_NOHT;
3513
3514	switch (c->width) {
3515	default:
3516	case NL80211_CHAN_WIDTH_20_NOHT:
3517	WARN_ON_ONCE(1);
3518	fallthrough;
3519	case NL80211_CHAN_WIDTH_20:
3520	c->width = NL80211_CHAN_WIDTH_20_NOHT;
3521	conn->mode = IEEE80211_CONN_MODE_LEGACY;
3522	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
3523	c->punctured = 0;
3524	break;
3525	case NL80211_CHAN_WIDTH_40:
3526	c->width = NL80211_CHAN_WIDTH_20;
3527	c->center_freq1 = c->chan->center_freq;
3528	if (conn->mode == IEEE80211_CONN_MODE_VHT)
3529	conn->mode = IEEE80211_CONN_MODE_HT;
3530	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
3531	c->punctured = 0;
3532	break;
3533	case NL80211_CHAN_WIDTH_80:
3534	new_primary_width = NL80211_CHAN_WIDTH_40;
3535	if (conn->mode == IEEE80211_CONN_MODE_VHT)
3536	conn->mode = IEEE80211_CONN_MODE_HT;
3537	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_40;
3538	break;
3539	case NL80211_CHAN_WIDTH_80P80:
3540	c->center_freq2 = 0;
3541	c->width = NL80211_CHAN_WIDTH_80;
3542	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
3543	break;
3544	case NL80211_CHAN_WIDTH_160:
3545	new_primary_width = NL80211_CHAN_WIDTH_80;
3546	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_80;
3547	break;
3548	case NL80211_CHAN_WIDTH_320:
3549	new_primary_width = NL80211_CHAN_WIDTH_160;
3550	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_160;
3551	break;
3552	case NL80211_CHAN_WIDTH_1:
3553	case NL80211_CHAN_WIDTH_2:
3554	case NL80211_CHAN_WIDTH_4:
3555	case NL80211_CHAN_WIDTH_8:
3556	case NL80211_CHAN_WIDTH_16:
3557	WARN_ON_ONCE(1);
3558	/* keep c->width */
3559	conn->mode = IEEE80211_CONN_MODE_S1G;
3560	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
3561	break;
3562	case NL80211_CHAN_WIDTH_5:
3563	case NL80211_CHAN_WIDTH_10:
3564	WARN_ON_ONCE(1);
3565	/* keep c->width */
3566	conn->mode = IEEE80211_CONN_MODE_LEGACY;
3567	conn->bw_limit = IEEE80211_CONN_BW_LIMIT_20;
3568	break;
3569	}
3570
3571	if (new_primary_width != NL80211_CHAN_WIDTH_20_NOHT) {
3572	c->center_freq1 = cfg80211_chandef_primary(chandef: c, primary_chan_width: new_primary_width,
3573	punctured: &c->punctured);
3574	c->width = new_primary_width;
3575	}
3576
3577	/*
3578	* With an 80 MHz channel, we might have the puncturing in the primary
3579	* 40 Mhz channel, but that's not valid when downgraded to 40 MHz width.
3580	* In that case, downgrade again.
3581	*/
3582	if (!cfg80211_chandef_valid(chandef: c) && c->punctured)
3583	goto again;
3584
3585	WARN_ON_ONCE(!cfg80211_chandef_valid(c));
3586	}
3587
3588	/*
3589	* Returns true if smps_mode_new is strictly more restrictive than
3590	* smps_mode_old.
3591	*/
3592	bool ieee80211_smps_is_restrictive(enum ieee80211_smps_mode smps_mode_old,
3593	enum ieee80211_smps_mode smps_mode_new)
3594	{
3595	if (WARN_ON_ONCE(smps_mode_old == IEEE80211_SMPS_AUTOMATIC ||
3596	smps_mode_new == IEEE80211_SMPS_AUTOMATIC))
3597	return false;
3598
3599	switch (smps_mode_old) {
3600	case IEEE80211_SMPS_STATIC:
3601	return false;
3602	case IEEE80211_SMPS_DYNAMIC:
3603	return smps_mode_new == IEEE80211_SMPS_STATIC;
3604	case IEEE80211_SMPS_OFF:
3605	return smps_mode_new != IEEE80211_SMPS_OFF;
3606	default:
3607	WARN_ON(1);
3608	}
3609
3610	return false;
3611	}
3612
3613	int ieee80211_send_action_csa(struct ieee80211_sub_if_data *sdata,
3614	struct cfg80211_csa_settings *csa_settings)
3615	{
3616	struct sk_buff *skb;
3617	struct ieee80211_mgmt *mgmt;
3618	struct ieee80211_local *local = sdata->local;
3619	int freq;
3620	int hdr_len = offsetofend(struct ieee80211_mgmt,
3621	u.action.u.chan_switch);
3622	u8 *pos;
3623
3624	if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
3625	sdata->vif.type != NL80211_IFTYPE_MESH_POINT)
3626	return -EOPNOTSUPP;
3627
3628	skb = dev_alloc_skb(length: local->tx_headroom + hdr_len +
3629	5 + /* channel switch announcement element */
3630	3 + /* secondary channel offset element */
3631	5 + /* wide bandwidth channel switch announcement */
3632	8); /* mesh channel switch parameters element */
3633	if (!skb)
3634	return -ENOMEM;
3635
3636	skb_reserve(skb, len: local->tx_headroom);
3637	mgmt = skb_put_zero(skb, len: hdr_len);
3638	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
3639	IEEE80211_STYPE_ACTION);
3640
3641	eth_broadcast_addr(addr: mgmt->da);
3642	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
3643	if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
3644	memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
3645	} else {
3646	struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
3647	memcpy(mgmt->bssid, ifibss->bssid, ETH_ALEN);
3648	}
3649	mgmt->u.action.category = WLAN_CATEGORY_SPECTRUM_MGMT;
3650	mgmt->u.action.u.chan_switch.action_code = WLAN_ACTION_SPCT_CHL_SWITCH;
3651	pos = skb_put(skb, len: 5);
3652	*pos++ = WLAN_EID_CHANNEL_SWITCH; /* EID */
3653	*pos++ = 3; /* IE length */
3654	*pos++ = csa_settings->block_tx ? 1 : 0; /* CSA mode */
3655	freq = csa_settings->chandef.chan->center_freq;
3656	*pos++ = ieee80211_frequency_to_channel(freq); /* channel */
3657	*pos++ = csa_settings->count; /* count */
3658
3659	if (csa_settings->chandef.width == NL80211_CHAN_WIDTH_40) {
3660	enum nl80211_channel_type ch_type;
3661
3662	skb_put(skb, len: 3);
3663	*pos++ = WLAN_EID_SECONDARY_CHANNEL_OFFSET; /* EID */
3664	*pos++ = 1; /* IE length */
3665	ch_type = cfg80211_get_chandef_type(chandef: &csa_settings->chandef);
3666	if (ch_type == NL80211_CHAN_HT40PLUS)
3667	*pos++ = IEEE80211_HT_PARAM_CHA_SEC_ABOVE;
3668	else
3669	*pos++ = IEEE80211_HT_PARAM_CHA_SEC_BELOW;
3670	}
3671
3672	if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
3673	struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
3674
3675	skb_put(skb, len: 8);
3676	*pos++ = WLAN_EID_CHAN_SWITCH_PARAM; /* EID */
3677	*pos++ = 6; /* IE length */
3678	*pos++ = sdata->u.mesh.mshcfg.dot11MeshTTL; /* Mesh TTL */
3679	*pos = 0x00; /* Mesh Flag: Tx Restrict, Initiator, Reason */
3680	*pos |= WLAN_EID_CHAN_SWITCH_PARAM_INITIATOR;
3681	*pos++ |= csa_settings->block_tx ?
3682	WLAN_EID_CHAN_SWITCH_PARAM_TX_RESTRICT : 0x00;
3683	put_unaligned_le16(val: WLAN_REASON_MESH_CHAN, p: pos); /* Reason Cd */
3684	pos += 2;
3685	put_unaligned_le16(val: ifmsh->pre_value, p: pos);/* Precedence Value */
3686	pos += 2;
3687	}
3688
3689	if (csa_settings->chandef.width == NL80211_CHAN_WIDTH_80 ||
3690	csa_settings->chandef.width == NL80211_CHAN_WIDTH_80P80 ||
3691	csa_settings->chandef.width == NL80211_CHAN_WIDTH_160) {
3692	skb_put(skb, len: 5);
3693	ieee80211_ie_build_wide_bw_cs(pos, chandef: &csa_settings->chandef);
3694	}
3695
3696	ieee80211_tx_skb(sdata, skb);
3697	return 0;
3698	}
3699
3700	static bool
3701	ieee80211_extend_noa_desc(struct ieee80211_noa_data *data, u32 tsf, int i)
3702	{
3703	s32 end = data->desc[i].start + data->desc[i].duration - (tsf + 1);
3704	int skip;
3705
3706	if (end > 0)
3707	return false;
3708
3709	/* One shot NOA */
3710	if (data->count[i] == 1)
3711	return false;
3712
3713	if (data->desc[i].interval == 0)
3714	return false;
3715
3716	/* End time is in the past, check for repetitions */
3717	skip = DIV_ROUND_UP(-end, data->desc[i].interval);
3718	if (data->count[i] < 255) {
3719	if (data->count[i] <= skip) {
3720	data->count[i] = 0;
3721	return false;
3722	}
3723
3724	data->count[i] -= skip;
3725	}
3726
3727	data->desc[i].start += skip * data->desc[i].interval;
3728
3729	return true;
3730	}
3731
3732	static bool
3733	ieee80211_extend_absent_time(struct ieee80211_noa_data *data, u32 tsf,
3734	s32 *offset)
3735	{
3736	bool ret = false;
3737	int i;
3738
3739	for (i = 0; i < IEEE80211_P2P_NOA_DESC_MAX; i++) {
3740	s32 cur;
3741
3742	if (!data->count[i])
3743	continue;
3744
3745	if (ieee80211_extend_noa_desc(data, tsf: tsf + *offset, i))
3746	ret = true;
3747
3748	cur = data->desc[i].start - tsf;
3749	if (cur > *offset)
3750	continue;
3751
3752	cur = data->desc[i].start + data->desc[i].duration - tsf;
3753	if (cur > *offset)
3754	*offset = cur;
3755	}
3756
3757	return ret;
3758	}
3759
3760	static u32
3761	ieee80211_get_noa_absent_time(struct ieee80211_noa_data *data, u32 tsf)
3762	{
3763	s32 offset = 0;
3764	int tries = 0;
3765	/*
3766	* arbitrary limit, used to avoid infinite loops when combined NoA
3767	* descriptors cover the full time period.
3768	*/
3769	int max_tries = 5;
3770
3771	ieee80211_extend_absent_time(data, tsf, offset: &offset);
3772	do {
3773	if (!ieee80211_extend_absent_time(data, tsf, offset: &offset))
3774	break;
3775
3776	tries++;
3777	} while (tries < max_tries);
3778
3779	return offset;
3780	}
3781
3782	void ieee80211_update_p2p_noa(struct ieee80211_noa_data *data, u32 tsf)
3783	{
3784	u32 next_offset = BIT(31) - 1;
3785	int i;
3786
3787	data->absent = 0;
3788	data->has_next_tsf = false;
3789	for (i = 0; i < IEEE80211_P2P_NOA_DESC_MAX; i++) {
3790	s32 start;
3791
3792	if (!data->count[i])
3793	continue;
3794
3795	ieee80211_extend_noa_desc(data, tsf, i);
3796	start = data->desc[i].start - tsf;
3797	if (start <= 0)
3798	data->absent |= BIT(i);
3799
3800	if (next_offset > start)
3801	next_offset = start;
3802
3803	data->has_next_tsf = true;
3804	}
3805
3806	if (data->absent)
3807	next_offset = ieee80211_get_noa_absent_time(data, tsf);
3808
3809	data->next_tsf = tsf + next_offset;
3810	}
3811	EXPORT_SYMBOL(ieee80211_update_p2p_noa);
3812
3813	int ieee80211_parse_p2p_noa(const struct ieee80211_p2p_noa_attr *attr,
3814	struct ieee80211_noa_data *data, u32 tsf)
3815	{
3816	int ret = 0;
3817	int i;
3818
3819	memset(data, 0, sizeof(*data));
3820
3821	for (i = 0; i < IEEE80211_P2P_NOA_DESC_MAX; i++) {
3822	const struct ieee80211_p2p_noa_desc *desc = &attr->desc[i];
3823
3824	if (!desc->count || !desc->duration)
3825	continue;
3826
3827	data->count[i] = desc->count;
3828	data->desc[i].start = le32_to_cpu(desc->start_time);
3829	data->desc[i].duration = le32_to_cpu(desc->duration);
3830	data->desc[i].interval = le32_to_cpu(desc->interval);
3831
3832	if (data->count[i] > 1 &&
3833	data->desc[i].interval < data->desc[i].duration)
3834	continue;
3835
3836	ieee80211_extend_noa_desc(data, tsf, i);
3837	ret++;
3838	}
3839
3840	if (ret)
3841	ieee80211_update_p2p_noa(data, tsf);
3842
3843	return ret;
3844	}
3845	EXPORT_SYMBOL(ieee80211_parse_p2p_noa);
3846
3847	void ieee80211_recalc_dtim(struct ieee80211_local *local,
3848	struct ieee80211_sub_if_data *sdata)
3849	{
3850	u64 tsf = drv_get_tsf(local, sdata);
3851	u64 dtim_count = 0;
3852	u16 beacon_int = sdata->vif.bss_conf.beacon_int * 1024;
3853	u8 dtim_period = sdata->vif.bss_conf.dtim_period;
3854	struct ps_data *ps;
3855	u8 bcns_from_dtim;
3856
3857	if (tsf == -1ULL || !beacon_int || !dtim_period)
3858	return;
3859
3860	if (sdata->vif.type == NL80211_IFTYPE_AP ||
3861	sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
3862	if (!sdata->bss)
3863	return;
3864
3865	ps = &sdata->bss->ps;
3866	} else if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
3867	ps = &sdata->u.mesh.ps;
3868	} else {
3869	return;
3870	}
3871
3872	/*
3873	* actually finds last dtim_count, mac80211 will update in
3874	* __beacon_add_tim().
3875	* dtim_count = dtim_period - (tsf / bcn_int) % dtim_period
3876	*/
3877	do_div(tsf, beacon_int);
3878	bcns_from_dtim = do_div(tsf, dtim_period);
3879	/* just had a DTIM */
3880	if (!bcns_from_dtim)
3881	dtim_count = 0;
3882	else
3883	dtim_count = dtim_period - bcns_from_dtim;
3884
3885	ps->dtim_count = dtim_count;
3886	}
3887
3888	static u8 ieee80211_chanctx_radar_detect(struct ieee80211_local *local,
3889	struct ieee80211_chanctx *ctx)
3890	{
3891	struct ieee80211_link_data *link;
3892	u8 radar_detect = 0;
3893
3894	lockdep_assert_wiphy(local->hw.wiphy);
3895
3896	if (WARN_ON(ctx->replace_state == IEEE80211_CHANCTX_WILL_BE_REPLACED))
3897	return 0;
3898
3899	list_for_each_entry(link, &ctx->reserved_links, reserved_chanctx_list)
3900	if (link->reserved_radar_required)
3901	radar_detect |= BIT(link->reserved.oper.width);
3902
3903	/*
3904	* An in-place reservation context should not have any assigned vifs
3905	* until it replaces the other context.
3906	*/
3907	WARN_ON(ctx->replace_state == IEEE80211_CHANCTX_REPLACES_OTHER &&
3908	!list_empty(&ctx->assigned_links));
3909
3910	list_for_each_entry(link, &ctx->assigned_links, assigned_chanctx_list) {
3911	if (!link->radar_required)
3912	continue;
3913
3914	radar_detect |=
3915	BIT(link->conf->chanreq.oper.width);
3916	}
3917
3918	return radar_detect;
3919	}
3920
3921	int ieee80211_check_combinations(struct ieee80211_sub_if_data *sdata,
3922	const struct cfg80211_chan_def *chandef,
3923	enum ieee80211_chanctx_mode chanmode,
3924	u8 radar_detect)
3925	{
3926	struct ieee80211_local *local = sdata->local;
3927	struct ieee80211_sub_if_data *sdata_iter;
3928	enum nl80211_iftype iftype = sdata->wdev.iftype;
3929	struct ieee80211_chanctx *ctx;
3930	int total = 1;
3931	struct iface_combination_params params = {
3932	.radar_detect = radar_detect,
3933	};
3934
3935	lockdep_assert_wiphy(local->hw.wiphy);
3936
3937	if (WARN_ON(hweight32(radar_detect) > 1))
3938	return -EINVAL;
3939
3940	if (WARN_ON(chandef && chanmode == IEEE80211_CHANCTX_SHARED &&
3941	!chandef->chan))
3942	return -EINVAL;
3943
3944	if (WARN_ON(iftype >= NUM_NL80211_IFTYPES))
3945	return -EINVAL;
3946
3947	if (sdata->vif.type == NL80211_IFTYPE_AP ||
3948	sdata->vif.type == NL80211_IFTYPE_MESH_POINT) {
3949	/*
3950	* always passing this is harmless, since it'll be the
3951	* same value that cfg80211 finds if it finds the same
3952	* interface ... and that's always allowed
3953	*/
3954	params.new_beacon_int = sdata->vif.bss_conf.beacon_int;
3955	}
3956
3957	/* Always allow software iftypes */
3958	if (cfg80211_iftype_allowed(wiphy: local->hw.wiphy, iftype, is_4addr: 0, check_swif: 1)) {
3959	if (radar_detect)
3960	return -EINVAL;
3961	return 0;
3962	}
3963
3964	if (chandef)
3965	params.num_different_channels = 1;
3966
3967	if (iftype != NL80211_IFTYPE_UNSPECIFIED)
3968	params.iftype_num[iftype] = 1;
3969
3970	list_for_each_entry(ctx, &local->chanctx_list, list) {
3971	if (ctx->replace_state == IEEE80211_CHANCTX_WILL_BE_REPLACED)
3972	continue;
3973	params.radar_detect |=
3974	ieee80211_chanctx_radar_detect(local, ctx);
3975	if (ctx->mode == IEEE80211_CHANCTX_EXCLUSIVE) {
3976	params.num_different_channels++;
3977	continue;
3978	}
3979	if (chandef && chanmode == IEEE80211_CHANCTX_SHARED &&
3980	cfg80211_chandef_compatible(chandef1: chandef,
3981	chandef2: &ctx->conf.def))
3982	continue;
3983	params.num_different_channels++;
3984	}
3985
3986	list_for_each_entry_rcu(sdata_iter, &local->interfaces, list) {
3987	struct wireless_dev *wdev_iter;
3988
3989	wdev_iter = &sdata_iter->wdev;
3990
3991	if (sdata_iter == sdata ||
3992	!ieee80211_sdata_running(sdata: sdata_iter) ||
3993	cfg80211_iftype_allowed(wiphy: local->hw.wiphy,
3994	iftype: wdev_iter->iftype, is_4addr: 0, check_swif: 1))
3995	continue;
3996
3997	params.iftype_num[wdev_iter->iftype]++;
3998	total++;
3999	}
4000
4001	if (total == 1 && !params.radar_detect)
4002	return 0;
4003
4004	return cfg80211_check_combinations(wiphy: local->hw.wiphy, params: &params);
4005	}
4006
4007	static void
4008	ieee80211_iter_max_chans(const struct ieee80211_iface_combination *c,
4009	void *data)
4010	{
4011	u32 *max_num_different_channels = data;
4012
4013	*max_num_different_channels = max(*max_num_different_channels,
4014	c->num_different_channels);
4015	}
4016
4017	int ieee80211_max_num_channels(struct ieee80211_local *local)
4018	{
4019	struct ieee80211_sub_if_data *sdata;
4020	struct ieee80211_chanctx *ctx;
4021	u32 max_num_different_channels = 1;
4022	int err;
4023	struct iface_combination_params params = {0};
4024
4025	lockdep_assert_wiphy(local->hw.wiphy);
4026
4027	list_for_each_entry(ctx, &local->chanctx_list, list) {
4028	if (ctx->replace_state == IEEE80211_CHANCTX_WILL_BE_REPLACED)
4029	continue;
4030
4031	params.num_different_channels++;
4032
4033	params.radar_detect |=
4034	ieee80211_chanctx_radar_detect(local, ctx);
4035	}
4036
4037	list_for_each_entry_rcu(sdata, &local->interfaces, list)
4038	params.iftype_num[sdata->wdev.iftype]++;
4039
4040	err = cfg80211_iter_combinations(wiphy: local->hw.wiphy, params: &params,
4041	iter: ieee80211_iter_max_chans,
4042	data: &max_num_different_channels);
4043	if (err < 0)
4044	return err;
4045
4046	return max_num_different_channels;
4047	}
4048
4049	void ieee80211_add_s1g_capab_ie(struct ieee80211_sub_if_data *sdata,
4050	struct ieee80211_sta_s1g_cap *caps,
4051	struct sk_buff *skb)
4052	{
4053	struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
4054	struct ieee80211_s1g_cap s1g_capab;
4055	u8 *pos;
4056	int i;
4057
4058	if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
4059	return;
4060
4061	if (!caps->s1g)
4062	return;
4063
4064	memcpy(s1g_capab.capab_info, caps->cap, sizeof(caps->cap));
4065	memcpy(s1g_capab.supp_mcs_nss, caps->nss_mcs, sizeof(caps->nss_mcs));
4066
4067	/* override the capability info */
4068	for (i = 0; i < sizeof(ifmgd->s1g_capa.capab_info); i++) {
4069	u8 mask = ifmgd->s1g_capa_mask.capab_info[i];
4070
4071	s1g_capab.capab_info[i] &= ~mask;
4072	s1g_capab.capab_info[i] |= ifmgd->s1g_capa.capab_info[i] & mask;
4073	}
4074
4075	/* then MCS and NSS set */
4076	for (i = 0; i < sizeof(ifmgd->s1g_capa.supp_mcs_nss); i++) {
4077	u8 mask = ifmgd->s1g_capa_mask.supp_mcs_nss[i];
4078
4079	s1g_capab.supp_mcs_nss[i] &= ~mask;
4080	s1g_capab.supp_mcs_nss[i] |=
4081	ifmgd->s1g_capa.supp_mcs_nss[i] & mask;
4082	}
4083
4084	pos = skb_put(skb, len: 2 + sizeof(s1g_capab));
4085	*pos++ = WLAN_EID_S1G_CAPABILITIES;
4086	*pos++ = sizeof(s1g_capab);
4087
4088	memcpy(pos, &s1g_capab, sizeof(s1g_capab));
4089	}
4090
4091	void ieee80211_add_aid_request_ie(struct ieee80211_sub_if_data *sdata,
4092	struct sk_buff *skb)
4093	{
4094	u8 *pos = skb_put(skb, len: 3);
4095
4096	*pos++ = WLAN_EID_AID_REQUEST;
4097	*pos++ = 1;
4098	*pos++ = 0;
4099	}
4100
4101	u8 *ieee80211_add_wmm_info_ie(u8 *buf, u8 qosinfo)
4102	{
4103	*buf++ = WLAN_EID_VENDOR_SPECIFIC;
4104	*buf++ = 7; /* len */
4105	*buf++ = 0x00; /* Microsoft OUI 00:50:F2 */
4106	*buf++ = 0x50;
4107	*buf++ = 0xf2;
4108	*buf++ = 2; /* WME */
4109	*buf++ = 0; /* WME info */
4110	*buf++ = 1; /* WME ver */
4111	*buf++ = qosinfo; /* U-APSD no in use */
4112
4113	return buf;
4114	}
4115
4116	void ieee80211_txq_get_depth(struct ieee80211_txq *txq,
4117	unsigned long *frame_cnt,
4118	unsigned long *byte_cnt)
4119	{
4120	struct txq_info *txqi = to_txq_info(txq);
4121	u32 frag_cnt = 0, frag_bytes = 0;
4122	struct sk_buff *skb;
4123
4124	skb_queue_walk(&txqi->frags, skb) {
4125	frag_cnt++;
4126	frag_bytes += skb->len;
4127	}
4128
4129	if (frame_cnt)
4130	*frame_cnt = txqi->tin.backlog_packets + frag_cnt;
4131
4132	if (byte_cnt)
4133	*byte_cnt = txqi->tin.backlog_bytes + frag_bytes;
4134	}
4135	EXPORT_SYMBOL(ieee80211_txq_get_depth);
4136
4137	const u8 ieee80211_ac_to_qos_mask[IEEE80211_NUM_ACS] = {
4138	IEEE80211_WMM_IE_STA_QOSINFO_AC_VO,
4139	IEEE80211_WMM_IE_STA_QOSINFO_AC_VI,
4140	IEEE80211_WMM_IE_STA_QOSINFO_AC_BE,
4141	IEEE80211_WMM_IE_STA_QOSINFO_AC_BK
4142	};
4143
4144	u16 ieee80211_encode_usf(int listen_interval)
4145	{
4146	static const int listen_int_usf[] = { 1, 10, 1000, 10000 };
4147	u16 ui, usf = 0;
4148
4149	/* find greatest USF */
4150	while (usf < IEEE80211_MAX_USF) {
4151	if (listen_interval % listen_int_usf[usf + 1])
4152	break;
4153	usf += 1;
4154	}
4155	ui = listen_interval / listen_int_usf[usf];
4156
4157	/* error if there is a remainder. Should've been checked by user */
4158	WARN_ON_ONCE(ui > IEEE80211_MAX_UI);
4159	listen_interval = FIELD_PREP(LISTEN_INT_USF, usf) |
4160	FIELD_PREP(LISTEN_INT_UI, ui);
4161
4162	return (u16) listen_interval;
4163	}
4164
4165	/* this may return more than ieee80211_put_eht_cap() will need */
4166	u8 ieee80211_ie_len_eht_cap(struct ieee80211_sub_if_data *sdata)
4167	{
4168	const struct ieee80211_sta_he_cap *he_cap;
4169	const struct ieee80211_sta_eht_cap *eht_cap;
4170	struct ieee80211_supported_band *sband;
4171	bool is_ap;
4172	u8 n;
4173
4174	sband = ieee80211_get_sband(sdata);
4175	if (!sband)
4176	return 0;
4177
4178	he_cap = ieee80211_get_he_iftype_cap_vif(sband, vif: &sdata->vif);
4179	eht_cap = ieee80211_get_eht_iftype_cap_vif(sband, vif: &sdata->vif);
4180	if (!he_cap || !eht_cap)
4181	return 0;
4182
4183	is_ap = sdata->vif.type == NL80211_IFTYPE_AP;
4184
4185	n = ieee80211_eht_mcs_nss_size(he_cap: &he_cap->he_cap_elem,
4186	eht_cap: &eht_cap->eht_cap_elem,
4187	from_ap: is_ap);
4188	return 2 + 1 +
4189	sizeof(eht_cap->eht_cap_elem) + n +
4190	ieee80211_eht_ppe_size(ppe_thres_hdr: eht_cap->eht_ppe_thres[0],
4191	phy_cap_info: eht_cap->eht_cap_elem.phy_cap_info);
4192	return 0;
4193	}
4194
4195	int ieee80211_put_eht_cap(struct sk_buff *skb,
4196	struct ieee80211_sub_if_data *sdata,
4197	const struct ieee80211_supported_band *sband,
4198	const struct ieee80211_conn_settings *conn)
4199	{
4200	const struct ieee80211_sta_he_cap *he_cap =
4201	ieee80211_get_he_iftype_cap_vif(sband, vif: &sdata->vif);
4202	const struct ieee80211_sta_eht_cap *eht_cap =
4203	ieee80211_get_eht_iftype_cap_vif(sband, vif: &sdata->vif);
4204	bool for_ap = sdata->vif.type == NL80211_IFTYPE_AP;
4205	struct ieee80211_eht_cap_elem_fixed fixed;
4206	struct ieee80211_he_cap_elem he;
4207	u8 mcs_nss_len, ppet_len;
4208	u8 orig_mcs_nss_len;
4209	u8 ie_len;
4210
4211	if (!conn)
4212	conn = &ieee80211_conn_settings_unlimited;
4213
4214	/* Make sure we have place for the IE */
4215	if (!he_cap || !eht_cap)
4216	return 0;
4217
4218	orig_mcs_nss_len = ieee80211_eht_mcs_nss_size(he_cap: &he_cap->he_cap_elem,
4219	eht_cap: &eht_cap->eht_cap_elem,
4220	from_ap: for_ap);
4221
4222	ieee80211_get_adjusted_he_cap(conn, he_cap, elem: &he);
4223
4224	fixed = eht_cap->eht_cap_elem;
4225
4226	if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_80)
4227	fixed.phy_cap_info[6] &=
4228	~IEEE80211_EHT_PHY_CAP6_MCS15_SUPP_80MHZ;
4229
4230	if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_160) {
4231	fixed.phy_cap_info[1] &=
4232	~IEEE80211_EHT_PHY_CAP1_BEAMFORMEE_SS_160MHZ_MASK;
4233	fixed.phy_cap_info[2] &=
4234	~IEEE80211_EHT_PHY_CAP2_SOUNDING_DIM_160MHZ_MASK;
4235	fixed.phy_cap_info[6] &=
4236	~IEEE80211_EHT_PHY_CAP6_MCS15_SUPP_160MHZ;
4237	}
4238
4239	if (conn->bw_limit < IEEE80211_CONN_BW_LIMIT_320) {
4240	fixed.phy_cap_info[0] &=
4241	~IEEE80211_EHT_PHY_CAP0_320MHZ_IN_6GHZ;
4242	fixed.phy_cap_info[1] &=
4243	~IEEE80211_EHT_PHY_CAP1_BEAMFORMEE_SS_320MHZ_MASK;
4244	fixed.phy_cap_info[2] &=
4245	~IEEE80211_EHT_PHY_CAP2_SOUNDING_DIM_320MHZ_MASK;
4246	fixed.phy_cap_info[6] &=
4247	~IEEE80211_EHT_PHY_CAP6_MCS15_SUPP_320MHZ;
4248	}
4249
4250	if (conn->bw_limit == IEEE80211_CONN_BW_LIMIT_20)
4251	fixed.phy_cap_info[0] &=
4252	~IEEE80211_EHT_PHY_CAP0_242_TONE_RU_GT20MHZ;
4253
4254	mcs_nss_len = ieee80211_eht_mcs_nss_size(he_cap: &he, eht_cap: &fixed, from_ap: for_ap);
4255	ppet_len = ieee80211_eht_ppe_size(ppe_thres_hdr: eht_cap->eht_ppe_thres[0],
4256	phy_cap_info: fixed.phy_cap_info);
4257
4258	ie_len = 2 + 1 + sizeof(eht_cap->eht_cap_elem) + mcs_nss_len + ppet_len;
4259	if (skb_tailroom(skb) < ie_len)
4260	return -ENOBUFS;
4261
4262	skb_put_u8(skb, val: WLAN_EID_EXTENSION);
4263	skb_put_u8(skb, val: ie_len - 2);
4264	skb_put_u8(skb, val: WLAN_EID_EXT_EHT_CAPABILITY);
4265	skb_put_data(skb, data: &fixed, len: sizeof(fixed));
4266
4267	if (mcs_nss_len == 4 && orig_mcs_nss_len != 4) {
4268	/*
4269	* If the (non-AP) STA became 20 MHz only, then convert from
4270	* <=80 to 20-MHz-only format, where MCSes are indicated in
4271	* the groups 0-7, 8-9, 10-11, 12-13 rather than just 0-9,
4272	* 10-11, 12-13. Thus, use 0-9 for 0-7 and 8-9.
4273	*/
4274	skb_put_u8(skb, val: eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_mcs9_max_nss);
4275	skb_put_u8(skb, val: eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_mcs9_max_nss);
4276	skb_put_u8(skb, val: eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_mcs11_max_nss);
4277	skb_put_u8(skb, val: eht_cap->eht_mcs_nss_supp.bw._80.rx_tx_mcs13_max_nss);
4278	} else {
4279	skb_put_data(skb, data: &eht_cap->eht_mcs_nss_supp, len: mcs_nss_len);
4280	}
4281
4282	if (ppet_len)
4283	skb_put_data(skb, data: &eht_cap->eht_ppe_thres, len: ppet_len);
4284
4285	return 0;
4286	}
4287
4288	const char *ieee80211_conn_mode_str(enum ieee80211_conn_mode mode)
4289	{
4290	static const char * const modes[] = {
4291	[IEEE80211_CONN_MODE_S1G] = "S1G",
4292	[IEEE80211_CONN_MODE_LEGACY] = "legacy",
4293	[IEEE80211_CONN_MODE_HT] = "HT",
4294	[IEEE80211_CONN_MODE_VHT] = "VHT",
4295	[IEEE80211_CONN_MODE_HE] = "HE",
4296	[IEEE80211_CONN_MODE_EHT] = "EHT",
4297	};
4298
4299	if (WARN_ON(mode >= ARRAY_SIZE(modes)))
4300	return "<out of range>";
4301
4302	return modes[mode] ?: "<missing string>";
4303	}
4304
4305	enum ieee80211_conn_bw_limit
4306	ieee80211_min_bw_limit_from_chandef(struct cfg80211_chan_def *chandef)
4307	{
4308	switch (chandef->width) {
4309	case NL80211_CHAN_WIDTH_20_NOHT:
4310	case NL80211_CHAN_WIDTH_20:
4311	return IEEE80211_CONN_BW_LIMIT_20;
4312	case NL80211_CHAN_WIDTH_40:
4313	return IEEE80211_CONN_BW_LIMIT_40;
4314	case NL80211_CHAN_WIDTH_80:
4315	return IEEE80211_CONN_BW_LIMIT_80;
4316	case NL80211_CHAN_WIDTH_80P80:
4317	case NL80211_CHAN_WIDTH_160:
4318	return IEEE80211_CONN_BW_LIMIT_160;
4319	case NL80211_CHAN_WIDTH_320:
4320	return IEEE80211_CONN_BW_LIMIT_320;
4321	default:
4322	WARN(1, "unhandled chandef width %d\n", chandef->width);
4323	return IEEE80211_CONN_BW_LIMIT_20;
4324	}
4325	}
4326