1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2010 Broadcom Corporation
4  */
5 
6 /* Toplevel file. Relies on dhd_linux.c to send commands to the dongle. */
7 
8 #include <linux/kernel.h>
9 #include <linux/etherdevice.h>
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <net/cfg80211.h>
13 #include <net/netlink.h>
14 #include <uapi/linux/if_arp.h>
15 
16 #include <brcmu_utils.h>
17 #include <defs.h>
18 #include <brcmu_wifi.h>
19 #include <brcm_hw_ids.h>
20 #include "core.h"
21 #include "debug.h"
22 #include "tracepoint.h"
23 #include "fwil_types.h"
24 #include "p2p.h"
25 #include "btcoex.h"
26 #include "pno.h"
27 #include "fwsignal.h"
28 #include "cfg80211.h"
29 #include "feature.h"
30 #include "fwil.h"
31 #include "proto.h"
32 #include "vendor.h"
33 #include "bus.h"
34 #include "common.h"
35 
36 #define BRCMF_SCAN_IE_LEN_MAX		2048
37 
38 #define WPA_OUI				"\x00\x50\xF2"	/* WPA OUI */
39 #define WPA_OUI_TYPE			1
40 #define RSN_OUI				"\x00\x0F\xAC"	/* RSN OUI */
41 #define	WME_OUI_TYPE			2
42 #define WPS_OUI_TYPE			4
43 
44 #define VS_IE_FIXED_HDR_LEN		6
45 #define WPA_IE_VERSION_LEN		2
46 #define WPA_IE_MIN_OUI_LEN		4
47 #define WPA_IE_SUITE_COUNT_LEN		2
48 
49 #define WPA_CIPHER_NONE			0	/* None */
50 #define WPA_CIPHER_WEP_40		1	/* WEP (40-bit) */
51 #define WPA_CIPHER_TKIP			2	/* TKIP: default for WPA */
52 #define WPA_CIPHER_AES_CCM		4	/* AES (CCM) */
53 #define WPA_CIPHER_WEP_104		5	/* WEP (104-bit) */
54 
55 #define RSN_AKM_NONE			0	/* None (IBSS) */
56 #define RSN_AKM_UNSPECIFIED		1	/* Over 802.1x */
57 #define RSN_AKM_PSK			2	/* Pre-shared Key */
58 #define RSN_AKM_SHA256_1X		5	/* SHA256, 802.1X */
59 #define RSN_AKM_SHA256_PSK		6	/* SHA256, Pre-shared Key */
60 #define RSN_AKM_SAE			8	/* SAE */
61 #define RSN_CAP_LEN			2	/* Length of RSN capabilities */
62 #define RSN_CAP_PTK_REPLAY_CNTR_MASK	(BIT(2) | BIT(3))
63 #define RSN_CAP_MFPR_MASK		BIT(6)
64 #define RSN_CAP_MFPC_MASK		BIT(7)
65 #define RSN_PMKID_COUNT_LEN		2
66 
67 #define VNDR_IE_CMD_LEN			4	/* length of the set command
68 						 * string :"add", "del" (+ NUL)
69 						 */
70 #define VNDR_IE_COUNT_OFFSET		4
71 #define VNDR_IE_PKTFLAG_OFFSET		8
72 #define VNDR_IE_VSIE_OFFSET		12
73 #define VNDR_IE_HDR_SIZE		12
74 #define VNDR_IE_PARSE_LIMIT		5
75 
76 #define	DOT11_MGMT_HDR_LEN		24	/* d11 management header len */
77 #define	DOT11_BCN_PRB_FIXED_LEN		12	/* beacon/probe fixed length */
78 
79 #define BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS	320
80 #define BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS	400
81 #define BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS	20
82 
83 #define BRCMF_SCAN_CHANNEL_TIME		40
84 #define BRCMF_SCAN_UNASSOC_TIME		40
85 #define BRCMF_SCAN_PASSIVE_TIME		120
86 
87 #define BRCMF_ND_INFO_TIMEOUT		msecs_to_jiffies(2000)
88 
89 #define BRCMF_PS_MAX_TIMEOUT_MS		2000
90 
91 #define BRCMF_ASSOC_PARAMS_FIXED_SIZE \
92 	(sizeof(struct brcmf_assoc_params_le) - sizeof(u16))
93 
check_vif_up(struct brcmf_cfg80211_vif * vif)94 static bool check_vif_up(struct brcmf_cfg80211_vif *vif)
95 {
96 	if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state)) {
97 		brcmf_dbg(INFO, "device is not ready : status (%lu)\n",
98 			  vif->sme_state);
99 		return false;
100 	}
101 	return true;
102 }
103 
104 #define RATE_TO_BASE100KBPS(rate)   (((rate) * 10) / 2)
105 #define RATETAB_ENT(_rateid, _flags) \
106 	{                                                               \
107 		.bitrate        = RATE_TO_BASE100KBPS(_rateid),     \
108 		.hw_value       = (_rateid),                            \
109 		.flags          = (_flags),                             \
110 	}
111 
112 static struct ieee80211_rate __wl_rates[] = {
113 	RATETAB_ENT(BRCM_RATE_1M, 0),
114 	RATETAB_ENT(BRCM_RATE_2M, IEEE80211_RATE_SHORT_PREAMBLE),
115 	RATETAB_ENT(BRCM_RATE_5M5, IEEE80211_RATE_SHORT_PREAMBLE),
116 	RATETAB_ENT(BRCM_RATE_11M, IEEE80211_RATE_SHORT_PREAMBLE),
117 	RATETAB_ENT(BRCM_RATE_6M, 0),
118 	RATETAB_ENT(BRCM_RATE_9M, 0),
119 	RATETAB_ENT(BRCM_RATE_12M, 0),
120 	RATETAB_ENT(BRCM_RATE_18M, 0),
121 	RATETAB_ENT(BRCM_RATE_24M, 0),
122 	RATETAB_ENT(BRCM_RATE_36M, 0),
123 	RATETAB_ENT(BRCM_RATE_48M, 0),
124 	RATETAB_ENT(BRCM_RATE_54M, 0),
125 };
126 
127 #define wl_g_rates		(__wl_rates + 0)
128 #define wl_g_rates_size		ARRAY_SIZE(__wl_rates)
129 #define wl_a_rates		(__wl_rates + 4)
130 #define wl_a_rates_size		(wl_g_rates_size - 4)
131 
132 #define CHAN2G(_channel, _freq) {				\
133 	.band			= NL80211_BAND_2GHZ,		\
134 	.center_freq		= (_freq),			\
135 	.hw_value		= (_channel),			\
136 	.max_antenna_gain	= 0,				\
137 	.max_power		= 30,				\
138 }
139 
140 #define CHAN5G(_channel) {					\
141 	.band			= NL80211_BAND_5GHZ,		\
142 	.center_freq		= 5000 + (5 * (_channel)),	\
143 	.hw_value		= (_channel),			\
144 	.max_antenna_gain	= 0,				\
145 	.max_power		= 30,				\
146 }
147 
148 static struct ieee80211_channel __wl_2ghz_channels[] = {
149 	CHAN2G(1, 2412), CHAN2G(2, 2417), CHAN2G(3, 2422), CHAN2G(4, 2427),
150 	CHAN2G(5, 2432), CHAN2G(6, 2437), CHAN2G(7, 2442), CHAN2G(8, 2447),
151 	CHAN2G(9, 2452), CHAN2G(10, 2457), CHAN2G(11, 2462), CHAN2G(12, 2467),
152 	CHAN2G(13, 2472), CHAN2G(14, 2484)
153 };
154 
155 static struct ieee80211_channel __wl_5ghz_channels[] = {
156 	CHAN5G(34), CHAN5G(36), CHAN5G(38), CHAN5G(40), CHAN5G(42),
157 	CHAN5G(44), CHAN5G(46), CHAN5G(48), CHAN5G(52), CHAN5G(56),
158 	CHAN5G(60), CHAN5G(64), CHAN5G(100), CHAN5G(104), CHAN5G(108),
159 	CHAN5G(112), CHAN5G(116), CHAN5G(120), CHAN5G(124), CHAN5G(128),
160 	CHAN5G(132), CHAN5G(136), CHAN5G(140), CHAN5G(144), CHAN5G(149),
161 	CHAN5G(153), CHAN5G(157), CHAN5G(161), CHAN5G(165)
162 };
163 
164 /* Band templates duplicated per wiphy. The channel info
165  * above is added to the band during setup.
166  */
167 static const struct ieee80211_supported_band __wl_band_2ghz = {
168 	.band = NL80211_BAND_2GHZ,
169 	.bitrates = wl_g_rates,
170 	.n_bitrates = wl_g_rates_size,
171 };
172 
173 static const struct ieee80211_supported_band __wl_band_5ghz = {
174 	.band = NL80211_BAND_5GHZ,
175 	.bitrates = wl_a_rates,
176 	.n_bitrates = wl_a_rates_size,
177 };
178 
179 /* This is to override regulatory domains defined in cfg80211 module (reg.c)
180  * By default world regulatory domain defined in reg.c puts the flags
181  * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
182  * With respect to these flags, wpa_supplicant doesn't * start p2p
183  * operations on 5GHz channels. All the changes in world regulatory
184  * domain are to be done here.
185  */
186 static const struct ieee80211_regdomain brcmf_regdom = {
187 	.n_reg_rules = 4,
188 	.alpha2 =  "99",
189 	.reg_rules = {
190 		/* IEEE 802.11b/g, channels 1..11 */
191 		REG_RULE(2412-10, 2472+10, 40, 6, 20, 0),
192 		/* If any */
193 		/* IEEE 802.11 channel 14 - Only JP enables
194 		 * this and for 802.11b only
195 		 */
196 		REG_RULE(2484-10, 2484+10, 20, 6, 20, 0),
197 		/* IEEE 802.11a, channel 36..64 */
198 		REG_RULE(5150-10, 5350+10, 160, 6, 20, 0),
199 		/* IEEE 802.11a, channel 100..165 */
200 		REG_RULE(5470-10, 5850+10, 160, 6, 20, 0), }
201 };
202 
203 /* Note: brcmf_cipher_suites is an array of int defining which cipher suites
204  * are supported. A pointer to this array and the number of entries is passed
205  * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
206  * So the cipher suite AES_CMAC has to be the last one in the array, and when
207  * device does not support MFP then the number of suites will be decreased by 1
208  */
209 static const u32 brcmf_cipher_suites[] = {
210 	WLAN_CIPHER_SUITE_WEP40,
211 	WLAN_CIPHER_SUITE_WEP104,
212 	WLAN_CIPHER_SUITE_TKIP,
213 	WLAN_CIPHER_SUITE_CCMP,
214 	/* Keep as last entry: */
215 	WLAN_CIPHER_SUITE_AES_CMAC
216 };
217 
218 /* Vendor specific ie. id = 221, oui and type defines exact ie */
219 struct brcmf_vs_tlv {
220 	u8 id;
221 	u8 len;
222 	u8 oui[3];
223 	u8 oui_type;
224 };
225 
226 struct parsed_vndr_ie_info {
227 	u8 *ie_ptr;
228 	u32 ie_len;	/* total length including id & length field */
229 	struct brcmf_vs_tlv vndrie;
230 };
231 
232 struct parsed_vndr_ies {
233 	u32 count;
234 	struct parsed_vndr_ie_info ie_info[VNDR_IE_PARSE_LIMIT];
235 };
236 
nl80211_band_to_fwil(enum nl80211_band band)237 static u8 nl80211_band_to_fwil(enum nl80211_band band)
238 {
239 	switch (band) {
240 	case NL80211_BAND_2GHZ:
241 		return WLC_BAND_2G;
242 	case NL80211_BAND_5GHZ:
243 		return WLC_BAND_5G;
244 	default:
245 		WARN_ON(1);
246 		break;
247 	}
248 	return 0;
249 }
250 
chandef_to_chanspec(struct brcmu_d11inf * d11inf,struct cfg80211_chan_def * ch)251 static u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf,
252 			       struct cfg80211_chan_def *ch)
253 {
254 	struct brcmu_chan ch_inf;
255 	s32 primary_offset;
256 
257 	brcmf_dbg(TRACE, "chandef: control %d center %d width %d\n",
258 		  ch->chan->center_freq, ch->center_freq1, ch->width);
259 	ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq1);
260 	primary_offset = ch->chan->center_freq - ch->center_freq1;
261 	switch (ch->width) {
262 	case NL80211_CHAN_WIDTH_20:
263 	case NL80211_CHAN_WIDTH_20_NOHT:
264 		ch_inf.bw = BRCMU_CHAN_BW_20;
265 		WARN_ON(primary_offset != 0);
266 		break;
267 	case NL80211_CHAN_WIDTH_40:
268 		ch_inf.bw = BRCMU_CHAN_BW_40;
269 		if (primary_offset > 0)
270 			ch_inf.sb = BRCMU_CHAN_SB_U;
271 		else
272 			ch_inf.sb = BRCMU_CHAN_SB_L;
273 		break;
274 	case NL80211_CHAN_WIDTH_80:
275 		ch_inf.bw = BRCMU_CHAN_BW_80;
276 		if (primary_offset == -30)
277 			ch_inf.sb = BRCMU_CHAN_SB_LL;
278 		else if (primary_offset == -10)
279 			ch_inf.sb = BRCMU_CHAN_SB_LU;
280 		else if (primary_offset == 10)
281 			ch_inf.sb = BRCMU_CHAN_SB_UL;
282 		else
283 			ch_inf.sb = BRCMU_CHAN_SB_UU;
284 		break;
285 	case NL80211_CHAN_WIDTH_160:
286 		ch_inf.bw = BRCMU_CHAN_BW_160;
287 		if (primary_offset == -70)
288 			ch_inf.sb = BRCMU_CHAN_SB_LLL;
289 		else if (primary_offset == -50)
290 			ch_inf.sb = BRCMU_CHAN_SB_LLU;
291 		else if (primary_offset == -30)
292 			ch_inf.sb = BRCMU_CHAN_SB_LUL;
293 		else if (primary_offset == -10)
294 			ch_inf.sb = BRCMU_CHAN_SB_LUU;
295 		else if (primary_offset == 10)
296 			ch_inf.sb = BRCMU_CHAN_SB_ULL;
297 		else if (primary_offset == 30)
298 			ch_inf.sb = BRCMU_CHAN_SB_ULU;
299 		else if (primary_offset == 50)
300 			ch_inf.sb = BRCMU_CHAN_SB_UUL;
301 		else
302 			ch_inf.sb = BRCMU_CHAN_SB_UUU;
303 		break;
304 	case NL80211_CHAN_WIDTH_80P80:
305 	case NL80211_CHAN_WIDTH_5:
306 	case NL80211_CHAN_WIDTH_10:
307 	default:
308 		WARN_ON_ONCE(1);
309 	}
310 	switch (ch->chan->band) {
311 	case NL80211_BAND_2GHZ:
312 		ch_inf.band = BRCMU_CHAN_BAND_2G;
313 		break;
314 	case NL80211_BAND_5GHZ:
315 		ch_inf.band = BRCMU_CHAN_BAND_5G;
316 		break;
317 	case NL80211_BAND_60GHZ:
318 	default:
319 		WARN_ON_ONCE(1);
320 	}
321 	d11inf->encchspec(&ch_inf);
322 
323 	brcmf_dbg(TRACE, "chanspec: 0x%x\n", ch_inf.chspec);
324 	return ch_inf.chspec;
325 }
326 
channel_to_chanspec(struct brcmu_d11inf * d11inf,struct ieee80211_channel * ch)327 u16 channel_to_chanspec(struct brcmu_d11inf *d11inf,
328 			struct ieee80211_channel *ch)
329 {
330 	struct brcmu_chan ch_inf;
331 
332 	ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq);
333 	ch_inf.bw = BRCMU_CHAN_BW_20;
334 	d11inf->encchspec(&ch_inf);
335 
336 	return ch_inf.chspec;
337 }
338 
339 /* Traverse a string of 1-byte tag/1-byte length/variable-length value
340  * triples, returning a pointer to the substring whose first element
341  * matches tag
342  */
343 static const struct brcmf_tlv *
brcmf_parse_tlvs(const void * buf,int buflen,uint key)344 brcmf_parse_tlvs(const void *buf, int buflen, uint key)
345 {
346 	const struct brcmf_tlv *elt = buf;
347 	int totlen = buflen;
348 
349 	/* find tagged parameter */
350 	while (totlen >= TLV_HDR_LEN) {
351 		int len = elt->len;
352 
353 		/* validate remaining totlen */
354 		if ((elt->id == key) && (totlen >= (len + TLV_HDR_LEN)))
355 			return elt;
356 
357 		elt = (struct brcmf_tlv *)((u8 *)elt + (len + TLV_HDR_LEN));
358 		totlen -= (len + TLV_HDR_LEN);
359 	}
360 
361 	return NULL;
362 }
363 
364 /* Is any of the tlvs the expected entry? If
365  * not update the tlvs buffer pointer/length.
366  */
367 static bool
brcmf_tlv_has_ie(const u8 * ie,const u8 ** tlvs,u32 * tlvs_len,const u8 * oui,u32 oui_len,u8 type)368 brcmf_tlv_has_ie(const u8 *ie, const u8 **tlvs, u32 *tlvs_len,
369 		 const u8 *oui, u32 oui_len, u8 type)
370 {
371 	/* If the contents match the OUI and the type */
372 	if (ie[TLV_LEN_OFF] >= oui_len + 1 &&
373 	    !memcmp(&ie[TLV_BODY_OFF], oui, oui_len) &&
374 	    type == ie[TLV_BODY_OFF + oui_len]) {
375 		return true;
376 	}
377 
378 	if (tlvs == NULL)
379 		return false;
380 	/* point to the next ie */
381 	ie += ie[TLV_LEN_OFF] + TLV_HDR_LEN;
382 	/* calculate the length of the rest of the buffer */
383 	*tlvs_len -= (int)(ie - *tlvs);
384 	/* update the pointer to the start of the buffer */
385 	*tlvs = ie;
386 
387 	return false;
388 }
389 
390 static struct brcmf_vs_tlv *
brcmf_find_wpaie(const u8 * parse,u32 len)391 brcmf_find_wpaie(const u8 *parse, u32 len)
392 {
393 	const struct brcmf_tlv *ie;
394 
395 	while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
396 		if (brcmf_tlv_has_ie((const u8 *)ie, &parse, &len,
397 				     WPA_OUI, TLV_OUI_LEN, WPA_OUI_TYPE))
398 			return (struct brcmf_vs_tlv *)ie;
399 	}
400 	return NULL;
401 }
402 
403 static struct brcmf_vs_tlv *
brcmf_find_wpsie(const u8 * parse,u32 len)404 brcmf_find_wpsie(const u8 *parse, u32 len)
405 {
406 	const struct brcmf_tlv *ie;
407 
408 	while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
409 		if (brcmf_tlv_has_ie((u8 *)ie, &parse, &len,
410 				     WPA_OUI, TLV_OUI_LEN, WPS_OUI_TYPE))
411 			return (struct brcmf_vs_tlv *)ie;
412 	}
413 	return NULL;
414 }
415 
brcmf_vif_change_validate(struct brcmf_cfg80211_info * cfg,struct brcmf_cfg80211_vif * vif,enum nl80211_iftype new_type)416 static int brcmf_vif_change_validate(struct brcmf_cfg80211_info *cfg,
417 				     struct brcmf_cfg80211_vif *vif,
418 				     enum nl80211_iftype new_type)
419 {
420 	struct brcmf_cfg80211_vif *pos;
421 	bool check_combos = false;
422 	int ret = 0;
423 	struct iface_combination_params params = {
424 		.num_different_channels = 1,
425 	};
426 
427 	list_for_each_entry(pos, &cfg->vif_list, list)
428 		if (pos == vif) {
429 			params.iftype_num[new_type]++;
430 		} else {
431 			/* concurrent interfaces so need check combinations */
432 			check_combos = true;
433 			params.iftype_num[pos->wdev.iftype]++;
434 		}
435 
436 	if (check_combos)
437 		ret = cfg80211_check_combinations(cfg->wiphy, &params);
438 
439 	return ret;
440 }
441 
brcmf_vif_add_validate(struct brcmf_cfg80211_info * cfg,enum nl80211_iftype new_type)442 static int brcmf_vif_add_validate(struct brcmf_cfg80211_info *cfg,
443 				  enum nl80211_iftype new_type)
444 {
445 	struct brcmf_cfg80211_vif *pos;
446 	struct iface_combination_params params = {
447 		.num_different_channels = 1,
448 	};
449 
450 	list_for_each_entry(pos, &cfg->vif_list, list)
451 		params.iftype_num[pos->wdev.iftype]++;
452 
453 	params.iftype_num[new_type]++;
454 	return cfg80211_check_combinations(cfg->wiphy, &params);
455 }
456 
convert_key_from_CPU(struct brcmf_wsec_key * key,struct brcmf_wsec_key_le * key_le)457 static void convert_key_from_CPU(struct brcmf_wsec_key *key,
458 				 struct brcmf_wsec_key_le *key_le)
459 {
460 	key_le->index = cpu_to_le32(key->index);
461 	key_le->len = cpu_to_le32(key->len);
462 	key_le->algo = cpu_to_le32(key->algo);
463 	key_le->flags = cpu_to_le32(key->flags);
464 	key_le->rxiv.hi = cpu_to_le32(key->rxiv.hi);
465 	key_le->rxiv.lo = cpu_to_le16(key->rxiv.lo);
466 	key_le->iv_initialized = cpu_to_le32(key->iv_initialized);
467 	memcpy(key_le->data, key->data, sizeof(key->data));
468 	memcpy(key_le->ea, key->ea, sizeof(key->ea));
469 }
470 
471 static int
send_key_to_dongle(struct brcmf_if * ifp,struct brcmf_wsec_key * key)472 send_key_to_dongle(struct brcmf_if *ifp, struct brcmf_wsec_key *key)
473 {
474 	struct brcmf_pub *drvr = ifp->drvr;
475 	int err;
476 	struct brcmf_wsec_key_le key_le;
477 
478 	convert_key_from_CPU(key, &key_le);
479 
480 	brcmf_netdev_wait_pend8021x(ifp);
481 
482 	err = brcmf_fil_bsscfg_data_set(ifp, "wsec_key", &key_le,
483 					sizeof(key_le));
484 
485 	if (err)
486 		bphy_err(drvr, "wsec_key error (%d)\n", err);
487 	return err;
488 }
489 
490 static void
brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev * wdev)491 brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev *wdev)
492 {
493 	struct brcmf_cfg80211_vif *vif;
494 	struct brcmf_if *ifp;
495 
496 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
497 	ifp = vif->ifp;
498 
499 	if ((wdev->iftype == NL80211_IFTYPE_ADHOC) ||
500 	    (wdev->iftype == NL80211_IFTYPE_AP) ||
501 	    (wdev->iftype == NL80211_IFTYPE_P2P_GO))
502 		brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
503 						ADDR_DIRECT);
504 	else
505 		brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
506 						ADDR_INDIRECT);
507 }
508 
brcmf_get_first_free_bsscfgidx(struct brcmf_pub * drvr)509 static int brcmf_get_first_free_bsscfgidx(struct brcmf_pub *drvr)
510 {
511 	int bsscfgidx;
512 
513 	for (bsscfgidx = 0; bsscfgidx < BRCMF_MAX_IFS; bsscfgidx++) {
514 		/* bsscfgidx 1 is reserved for legacy P2P */
515 		if (bsscfgidx == 1)
516 			continue;
517 		if (!drvr->iflist[bsscfgidx])
518 			return bsscfgidx;
519 	}
520 
521 	return -ENOMEM;
522 }
523 
brcmf_cfg80211_request_ap_if(struct brcmf_if * ifp)524 static int brcmf_cfg80211_request_ap_if(struct brcmf_if *ifp)
525 {
526 	struct brcmf_pub *drvr = ifp->drvr;
527 	struct brcmf_mbss_ssid_le mbss_ssid_le;
528 	int bsscfgidx;
529 	int err;
530 
531 	memset(&mbss_ssid_le, 0, sizeof(mbss_ssid_le));
532 	bsscfgidx = brcmf_get_first_free_bsscfgidx(ifp->drvr);
533 	if (bsscfgidx < 0)
534 		return bsscfgidx;
535 
536 	mbss_ssid_le.bsscfgidx = cpu_to_le32(bsscfgidx);
537 	mbss_ssid_le.SSID_len = cpu_to_le32(5);
538 	sprintf(mbss_ssid_le.SSID, "ssid%d" , bsscfgidx);
539 
540 	err = brcmf_fil_bsscfg_data_set(ifp, "bsscfg:ssid", &mbss_ssid_le,
541 					sizeof(mbss_ssid_le));
542 	if (err < 0)
543 		bphy_err(drvr, "setting ssid failed %d\n", err);
544 
545 	return err;
546 }
547 
548 /**
549  * brcmf_ap_add_vif() - create a new AP virtual interface for multiple BSS
550  *
551  * @wiphy: wiphy device of new interface.
552  * @name: name of the new interface.
553  * @params: contains mac address for AP device.
554  */
555 static
brcmf_ap_add_vif(struct wiphy * wiphy,const char * name,struct vif_params * params)556 struct wireless_dev *brcmf_ap_add_vif(struct wiphy *wiphy, const char *name,
557 				      struct vif_params *params)
558 {
559 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
560 	struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
561 	struct brcmf_pub *drvr = cfg->pub;
562 	struct brcmf_cfg80211_vif *vif;
563 	int err;
564 
565 	if (brcmf_cfg80211_vif_event_armed(cfg))
566 		return ERR_PTR(-EBUSY);
567 
568 	brcmf_dbg(INFO, "Adding vif \"%s\"\n", name);
569 
570 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_AP);
571 	if (IS_ERR(vif))
572 		return (struct wireless_dev *)vif;
573 
574 	brcmf_cfg80211_arm_vif_event(cfg, vif);
575 
576 	err = brcmf_cfg80211_request_ap_if(ifp);
577 	if (err) {
578 		brcmf_cfg80211_arm_vif_event(cfg, NULL);
579 		goto fail;
580 	}
581 
582 	/* wait for firmware event */
583 	err = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_ADD,
584 					    BRCMF_VIF_EVENT_TIMEOUT);
585 	brcmf_cfg80211_arm_vif_event(cfg, NULL);
586 	if (!err) {
587 		bphy_err(drvr, "timeout occurred\n");
588 		err = -EIO;
589 		goto fail;
590 	}
591 
592 	/* interface created in firmware */
593 	ifp = vif->ifp;
594 	if (!ifp) {
595 		bphy_err(drvr, "no if pointer provided\n");
596 		err = -ENOENT;
597 		goto fail;
598 	}
599 
600 	strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1);
601 	err = brcmf_net_attach(ifp, true);
602 	if (err) {
603 		bphy_err(drvr, "Registering netdevice failed\n");
604 		free_netdev(ifp->ndev);
605 		goto fail;
606 	}
607 
608 	return &ifp->vif->wdev;
609 
610 fail:
611 	brcmf_free_vif(vif);
612 	return ERR_PTR(err);
613 }
614 
brcmf_is_apmode(struct brcmf_cfg80211_vif * vif)615 static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif)
616 {
617 	enum nl80211_iftype iftype;
618 
619 	iftype = vif->wdev.iftype;
620 	return iftype == NL80211_IFTYPE_AP || iftype == NL80211_IFTYPE_P2P_GO;
621 }
622 
brcmf_is_ibssmode(struct brcmf_cfg80211_vif * vif)623 static bool brcmf_is_ibssmode(struct brcmf_cfg80211_vif *vif)
624 {
625 	return vif->wdev.iftype == NL80211_IFTYPE_ADHOC;
626 }
627 
628 /**
629  * brcmf_mon_add_vif() - create monitor mode virtual interface
630  *
631  * @wiphy: wiphy device of new interface.
632  * @name: name of the new interface.
633  */
brcmf_mon_add_vif(struct wiphy * wiphy,const char * name)634 static struct wireless_dev *brcmf_mon_add_vif(struct wiphy *wiphy,
635 					      const char *name)
636 {
637 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
638 	struct brcmf_cfg80211_vif *vif;
639 	struct net_device *ndev;
640 	struct brcmf_if *ifp;
641 	int err;
642 
643 	if (cfg->pub->mon_if) {
644 		err = -EEXIST;
645 		goto err_out;
646 	}
647 
648 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_MONITOR);
649 	if (IS_ERR(vif)) {
650 		err = PTR_ERR(vif);
651 		goto err_out;
652 	}
653 
654 	ndev = alloc_netdev(sizeof(*ifp), name, NET_NAME_UNKNOWN, ether_setup);
655 	if (!ndev) {
656 		err = -ENOMEM;
657 		goto err_free_vif;
658 	}
659 	ndev->type = ARPHRD_IEEE80211_RADIOTAP;
660 	ndev->ieee80211_ptr = &vif->wdev;
661 	ndev->needs_free_netdev = true;
662 	ndev->priv_destructor = brcmf_cfg80211_free_netdev;
663 	SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
664 
665 	ifp = netdev_priv(ndev);
666 	ifp->vif = vif;
667 	ifp->ndev = ndev;
668 	ifp->drvr = cfg->pub;
669 
670 	vif->ifp = ifp;
671 	vif->wdev.netdev = ndev;
672 
673 	err = brcmf_net_mon_attach(ifp);
674 	if (err) {
675 		brcmf_err("Failed to attach %s device\n", ndev->name);
676 		free_netdev(ndev);
677 		goto err_free_vif;
678 	}
679 
680 	cfg->pub->mon_if = ifp;
681 
682 	return &vif->wdev;
683 
684 err_free_vif:
685 	brcmf_free_vif(vif);
686 err_out:
687 	return ERR_PTR(err);
688 }
689 
brcmf_mon_del_vif(struct wiphy * wiphy,struct wireless_dev * wdev)690 static int brcmf_mon_del_vif(struct wiphy *wiphy, struct wireless_dev *wdev)
691 {
692 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
693 	struct net_device *ndev = wdev->netdev;
694 
695 	ndev->netdev_ops->ndo_stop(ndev);
696 
697 	brcmf_net_detach(ndev, true);
698 
699 	cfg->pub->mon_if = NULL;
700 
701 	return 0;
702 }
703 
brcmf_cfg80211_add_iface(struct wiphy * wiphy,const char * name,unsigned char name_assign_type,enum nl80211_iftype type,struct vif_params * params)704 static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy,
705 						     const char *name,
706 						     unsigned char name_assign_type,
707 						     enum nl80211_iftype type,
708 						     struct vif_params *params)
709 {
710 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
711 	struct brcmf_pub *drvr = cfg->pub;
712 	struct wireless_dev *wdev;
713 	int err;
714 
715 	brcmf_dbg(TRACE, "enter: %s type %d\n", name, type);
716 	err = brcmf_vif_add_validate(wiphy_to_cfg(wiphy), type);
717 	if (err) {
718 		bphy_err(drvr, "iface validation failed: err=%d\n", err);
719 		return ERR_PTR(err);
720 	}
721 	switch (type) {
722 	case NL80211_IFTYPE_ADHOC:
723 	case NL80211_IFTYPE_STATION:
724 	case NL80211_IFTYPE_AP_VLAN:
725 	case NL80211_IFTYPE_WDS:
726 	case NL80211_IFTYPE_MESH_POINT:
727 		return ERR_PTR(-EOPNOTSUPP);
728 	case NL80211_IFTYPE_MONITOR:
729 		return brcmf_mon_add_vif(wiphy, name);
730 	case NL80211_IFTYPE_AP:
731 		wdev = brcmf_ap_add_vif(wiphy, name, params);
732 		break;
733 	case NL80211_IFTYPE_P2P_CLIENT:
734 	case NL80211_IFTYPE_P2P_GO:
735 	case NL80211_IFTYPE_P2P_DEVICE:
736 		wdev = brcmf_p2p_add_vif(wiphy, name, name_assign_type, type, params);
737 		break;
738 	case NL80211_IFTYPE_UNSPECIFIED:
739 	default:
740 		return ERR_PTR(-EINVAL);
741 	}
742 
743 	if (IS_ERR(wdev))
744 		bphy_err(drvr, "add iface %s type %d failed: err=%d\n", name,
745 			 type, (int)PTR_ERR(wdev));
746 	else
747 		brcmf_cfg80211_update_proto_addr_mode(wdev);
748 
749 	return wdev;
750 }
751 
brcmf_scan_config_mpc(struct brcmf_if * ifp,int mpc)752 static void brcmf_scan_config_mpc(struct brcmf_if *ifp, int mpc)
753 {
754 	if (brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_NEED_MPC))
755 		brcmf_set_mpc(ifp, mpc);
756 }
757 
brcmf_set_mpc(struct brcmf_if * ifp,int mpc)758 void brcmf_set_mpc(struct brcmf_if *ifp, int mpc)
759 {
760 	struct brcmf_pub *drvr = ifp->drvr;
761 	s32 err = 0;
762 
763 	if (check_vif_up(ifp->vif)) {
764 		err = brcmf_fil_iovar_int_set(ifp, "mpc", mpc);
765 		if (err) {
766 			bphy_err(drvr, "fail to set mpc\n");
767 			return;
768 		}
769 		brcmf_dbg(INFO, "MPC : %d\n", mpc);
770 	}
771 }
772 
brcmf_notify_escan_complete(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp,bool aborted,bool fw_abort)773 s32 brcmf_notify_escan_complete(struct brcmf_cfg80211_info *cfg,
774 				struct brcmf_if *ifp, bool aborted,
775 				bool fw_abort)
776 {
777 	struct brcmf_pub *drvr = cfg->pub;
778 	struct brcmf_scan_params_le params_le;
779 	struct cfg80211_scan_request *scan_request;
780 	u64 reqid;
781 	u32 bucket;
782 	s32 err = 0;
783 
784 	brcmf_dbg(SCAN, "Enter\n");
785 
786 	/* clear scan request, because the FW abort can cause a second call */
787 	/* to this functon and might cause a double cfg80211_scan_done      */
788 	scan_request = cfg->scan_request;
789 	cfg->scan_request = NULL;
790 
791 	if (timer_pending(&cfg->escan_timeout))
792 		del_timer_sync(&cfg->escan_timeout);
793 
794 	if (fw_abort) {
795 		/* Do a scan abort to stop the driver's scan engine */
796 		brcmf_dbg(SCAN, "ABORT scan in firmware\n");
797 		memset(&params_le, 0, sizeof(params_le));
798 		eth_broadcast_addr(params_le.bssid);
799 		params_le.bss_type = DOT11_BSSTYPE_ANY;
800 		params_le.scan_type = 0;
801 		params_le.channel_num = cpu_to_le32(1);
802 		params_le.nprobes = cpu_to_le32(1);
803 		params_le.active_time = cpu_to_le32(-1);
804 		params_le.passive_time = cpu_to_le32(-1);
805 		params_le.home_time = cpu_to_le32(-1);
806 		/* Scan is aborted by setting channel_list[0] to -1 */
807 		params_le.channel_list[0] = cpu_to_le16(-1);
808 		/* E-Scan (or anyother type) can be aborted by SCAN */
809 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCAN,
810 					     &params_le, sizeof(params_le));
811 		if (err)
812 			bphy_err(drvr, "Scan abort failed\n");
813 	}
814 
815 	brcmf_scan_config_mpc(ifp, 1);
816 
817 	/*
818 	 * e-scan can be initiated internally
819 	 * which takes precedence.
820 	 */
821 	if (cfg->int_escan_map) {
822 		brcmf_dbg(SCAN, "scheduled scan completed (%x)\n",
823 			  cfg->int_escan_map);
824 		while (cfg->int_escan_map) {
825 			bucket = __ffs(cfg->int_escan_map);
826 			cfg->int_escan_map &= ~BIT(bucket);
827 			reqid = brcmf_pno_find_reqid_by_bucket(cfg->pno,
828 							       bucket);
829 			if (!aborted) {
830 				brcmf_dbg(SCAN, "report results: reqid=%llu\n",
831 					  reqid);
832 				cfg80211_sched_scan_results(cfg_to_wiphy(cfg),
833 							    reqid);
834 			}
835 		}
836 	} else if (scan_request) {
837 		struct cfg80211_scan_info info = {
838 			.aborted = aborted,
839 		};
840 
841 		brcmf_dbg(SCAN, "ESCAN Completed scan: %s\n",
842 			  aborted ? "Aborted" : "Done");
843 		cfg80211_scan_done(scan_request, &info);
844 	}
845 	if (!test_and_clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
846 		brcmf_dbg(SCAN, "Scan complete, probably P2P scan\n");
847 
848 	return err;
849 }
850 
brcmf_cfg80211_del_ap_iface(struct wiphy * wiphy,struct wireless_dev * wdev)851 static int brcmf_cfg80211_del_ap_iface(struct wiphy *wiphy,
852 				       struct wireless_dev *wdev)
853 {
854 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
855 	struct net_device *ndev = wdev->netdev;
856 	struct brcmf_if *ifp = netdev_priv(ndev);
857 	struct brcmf_pub *drvr = cfg->pub;
858 	int ret;
859 	int err;
860 
861 	brcmf_cfg80211_arm_vif_event(cfg, ifp->vif);
862 
863 	err = brcmf_fil_bsscfg_data_set(ifp, "interface_remove", NULL, 0);
864 	if (err) {
865 		bphy_err(drvr, "interface_remove failed %d\n", err);
866 		goto err_unarm;
867 	}
868 
869 	/* wait for firmware event */
870 	ret = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_DEL,
871 					    BRCMF_VIF_EVENT_TIMEOUT);
872 	if (!ret) {
873 		bphy_err(drvr, "timeout occurred\n");
874 		err = -EIO;
875 		goto err_unarm;
876 	}
877 
878 	brcmf_remove_interface(ifp, true);
879 
880 err_unarm:
881 	brcmf_cfg80211_arm_vif_event(cfg, NULL);
882 	return err;
883 }
884 
885 static
brcmf_cfg80211_del_iface(struct wiphy * wiphy,struct wireless_dev * wdev)886 int brcmf_cfg80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
887 {
888 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
889 	struct net_device *ndev = wdev->netdev;
890 
891 	if (ndev && ndev == cfg_to_ndev(cfg))
892 		return -ENOTSUPP;
893 
894 	/* vif event pending in firmware */
895 	if (brcmf_cfg80211_vif_event_armed(cfg))
896 		return -EBUSY;
897 
898 	if (ndev) {
899 		if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status) &&
900 		    cfg->escan_info.ifp == netdev_priv(ndev))
901 			brcmf_notify_escan_complete(cfg, netdev_priv(ndev),
902 						    true, true);
903 
904 		brcmf_fil_iovar_int_set(netdev_priv(ndev), "mpc", 1);
905 	}
906 
907 	switch (wdev->iftype) {
908 	case NL80211_IFTYPE_ADHOC:
909 	case NL80211_IFTYPE_STATION:
910 	case NL80211_IFTYPE_AP_VLAN:
911 	case NL80211_IFTYPE_WDS:
912 	case NL80211_IFTYPE_MESH_POINT:
913 		return -EOPNOTSUPP;
914 	case NL80211_IFTYPE_MONITOR:
915 		return brcmf_mon_del_vif(wiphy, wdev);
916 	case NL80211_IFTYPE_AP:
917 		return brcmf_cfg80211_del_ap_iface(wiphy, wdev);
918 	case NL80211_IFTYPE_P2P_CLIENT:
919 	case NL80211_IFTYPE_P2P_GO:
920 	case NL80211_IFTYPE_P2P_DEVICE:
921 		return brcmf_p2p_del_vif(wiphy, wdev);
922 	case NL80211_IFTYPE_UNSPECIFIED:
923 	default:
924 		return -EINVAL;
925 	}
926 	return -EOPNOTSUPP;
927 }
928 
929 static s32
brcmf_cfg80211_change_iface(struct wiphy * wiphy,struct net_device * ndev,enum nl80211_iftype type,struct vif_params * params)930 brcmf_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev,
931 			 enum nl80211_iftype type,
932 			 struct vif_params *params)
933 {
934 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
935 	struct brcmf_if *ifp = netdev_priv(ndev);
936 	struct brcmf_cfg80211_vif *vif = ifp->vif;
937 	struct brcmf_pub *drvr = cfg->pub;
938 	s32 infra = 0;
939 	s32 ap = 0;
940 	s32 err = 0;
941 
942 	brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, type=%d\n", ifp->bsscfgidx,
943 		  type);
944 
945 	/* WAR: There are a number of p2p interface related problems which
946 	 * need to be handled initially (before doing the validate).
947 	 * wpa_supplicant tends to do iface changes on p2p device/client/go
948 	 * which are not always possible/allowed. However we need to return
949 	 * OK otherwise the wpa_supplicant wont start. The situation differs
950 	 * on configuration and setup (p2pon=1 module param). The first check
951 	 * is to see if the request is a change to station for p2p iface.
952 	 */
953 	if ((type == NL80211_IFTYPE_STATION) &&
954 	    ((vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) ||
955 	     (vif->wdev.iftype == NL80211_IFTYPE_P2P_GO) ||
956 	     (vif->wdev.iftype == NL80211_IFTYPE_P2P_DEVICE))) {
957 		brcmf_dbg(TRACE, "Ignoring cmd for p2p if\n");
958 		/* Now depending on whether module param p2pon=1 was used the
959 		 * response needs to be either 0 or EOPNOTSUPP. The reason is
960 		 * that if p2pon=1 is used, but a newer supplicant is used then
961 		 * we should return an error, as this combination wont work.
962 		 * In other situations 0 is returned and supplicant will start
963 		 * normally. It will give a trace in cfg80211, but it is the
964 		 * only way to get it working. Unfortunately this will result
965 		 * in situation where we wont support new supplicant in
966 		 * combination with module param p2pon=1, but that is the way
967 		 * it is. If the user tries this then unloading of driver might
968 		 * fail/lock.
969 		 */
970 		if (cfg->p2p.p2pdev_dynamically)
971 			return -EOPNOTSUPP;
972 		else
973 			return 0;
974 	}
975 	err = brcmf_vif_change_validate(wiphy_to_cfg(wiphy), vif, type);
976 	if (err) {
977 		bphy_err(drvr, "iface validation failed: err=%d\n", err);
978 		return err;
979 	}
980 	switch (type) {
981 	case NL80211_IFTYPE_MONITOR:
982 	case NL80211_IFTYPE_WDS:
983 		bphy_err(drvr, "type (%d) : currently we do not support this type\n",
984 			 type);
985 		return -EOPNOTSUPP;
986 	case NL80211_IFTYPE_ADHOC:
987 		infra = 0;
988 		break;
989 	case NL80211_IFTYPE_STATION:
990 		infra = 1;
991 		break;
992 	case NL80211_IFTYPE_AP:
993 	case NL80211_IFTYPE_P2P_GO:
994 		ap = 1;
995 		break;
996 	default:
997 		err = -EINVAL;
998 		goto done;
999 	}
1000 
1001 	if (ap) {
1002 		if (type == NL80211_IFTYPE_P2P_GO) {
1003 			brcmf_dbg(INFO, "IF Type = P2P GO\n");
1004 			err = brcmf_p2p_ifchange(cfg, BRCMF_FIL_P2P_IF_GO);
1005 		}
1006 		if (!err) {
1007 			brcmf_dbg(INFO, "IF Type = AP\n");
1008 		}
1009 	} else {
1010 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, infra);
1011 		if (err) {
1012 			bphy_err(drvr, "WLC_SET_INFRA error (%d)\n", err);
1013 			err = -EAGAIN;
1014 			goto done;
1015 		}
1016 		brcmf_dbg(INFO, "IF Type = %s\n", brcmf_is_ibssmode(vif) ?
1017 			  "Adhoc" : "Infra");
1018 	}
1019 	ndev->ieee80211_ptr->iftype = type;
1020 
1021 	brcmf_cfg80211_update_proto_addr_mode(&vif->wdev);
1022 
1023 done:
1024 	brcmf_dbg(TRACE, "Exit\n");
1025 
1026 	return err;
1027 }
1028 
brcmf_escan_prep(struct brcmf_cfg80211_info * cfg,struct brcmf_scan_params_le * params_le,struct cfg80211_scan_request * request)1029 static void brcmf_escan_prep(struct brcmf_cfg80211_info *cfg,
1030 			     struct brcmf_scan_params_le *params_le,
1031 			     struct cfg80211_scan_request *request)
1032 {
1033 	u32 n_ssids;
1034 	u32 n_channels;
1035 	s32 i;
1036 	s32 offset;
1037 	u16 chanspec;
1038 	char *ptr;
1039 	struct brcmf_ssid_le ssid_le;
1040 
1041 	eth_broadcast_addr(params_le->bssid);
1042 	params_le->bss_type = DOT11_BSSTYPE_ANY;
1043 	params_le->scan_type = BRCMF_SCANTYPE_ACTIVE;
1044 	params_le->channel_num = 0;
1045 	params_le->nprobes = cpu_to_le32(-1);
1046 	params_le->active_time = cpu_to_le32(-1);
1047 	params_le->passive_time = cpu_to_le32(-1);
1048 	params_le->home_time = cpu_to_le32(-1);
1049 	memset(&params_le->ssid_le, 0, sizeof(params_le->ssid_le));
1050 
1051 	n_ssids = request->n_ssids;
1052 	n_channels = request->n_channels;
1053 
1054 	/* Copy channel array if applicable */
1055 	brcmf_dbg(SCAN, "### List of channelspecs to scan ### %d\n",
1056 		  n_channels);
1057 	if (n_channels > 0) {
1058 		for (i = 0; i < n_channels; i++) {
1059 			chanspec = channel_to_chanspec(&cfg->d11inf,
1060 						       request->channels[i]);
1061 			brcmf_dbg(SCAN, "Chan : %d, Channel spec: %x\n",
1062 				  request->channels[i]->hw_value, chanspec);
1063 			params_le->channel_list[i] = cpu_to_le16(chanspec);
1064 		}
1065 	} else {
1066 		brcmf_dbg(SCAN, "Scanning all channels\n");
1067 	}
1068 	/* Copy ssid array if applicable */
1069 	brcmf_dbg(SCAN, "### List of SSIDs to scan ### %d\n", n_ssids);
1070 	if (n_ssids > 0) {
1071 		offset = offsetof(struct brcmf_scan_params_le, channel_list) +
1072 				n_channels * sizeof(u16);
1073 		offset = roundup(offset, sizeof(u32));
1074 		ptr = (char *)params_le + offset;
1075 		for (i = 0; i < n_ssids; i++) {
1076 			memset(&ssid_le, 0, sizeof(ssid_le));
1077 			ssid_le.SSID_len =
1078 					cpu_to_le32(request->ssids[i].ssid_len);
1079 			memcpy(ssid_le.SSID, request->ssids[i].ssid,
1080 			       request->ssids[i].ssid_len);
1081 			if (!ssid_le.SSID_len)
1082 				brcmf_dbg(SCAN, "%d: Broadcast scan\n", i);
1083 			else
1084 				brcmf_dbg(SCAN, "%d: scan for  %.32s size=%d\n",
1085 					  i, ssid_le.SSID, ssid_le.SSID_len);
1086 			memcpy(ptr, &ssid_le, sizeof(ssid_le));
1087 			ptr += sizeof(ssid_le);
1088 		}
1089 	} else {
1090 		brcmf_dbg(SCAN, "Performing passive scan\n");
1091 		params_le->scan_type = BRCMF_SCANTYPE_PASSIVE;
1092 	}
1093 	/* Adding mask to channel numbers */
1094 	params_le->channel_num =
1095 		cpu_to_le32((n_ssids << BRCMF_SCAN_PARAMS_NSSID_SHIFT) |
1096 			(n_channels & BRCMF_SCAN_PARAMS_COUNT_MASK));
1097 }
1098 
1099 static s32
brcmf_run_escan(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp,struct cfg80211_scan_request * request)1100 brcmf_run_escan(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp,
1101 		struct cfg80211_scan_request *request)
1102 {
1103 	struct brcmf_pub *drvr = cfg->pub;
1104 	s32 params_size = BRCMF_SCAN_PARAMS_FIXED_SIZE +
1105 			  offsetof(struct brcmf_escan_params_le, params_le);
1106 	struct brcmf_escan_params_le *params;
1107 	s32 err = 0;
1108 
1109 	brcmf_dbg(SCAN, "E-SCAN START\n");
1110 
1111 	if (request != NULL) {
1112 		/* Allocate space for populating ssids in struct */
1113 		params_size += sizeof(u32) * ((request->n_channels + 1) / 2);
1114 
1115 		/* Allocate space for populating ssids in struct */
1116 		params_size += sizeof(struct brcmf_ssid_le) * request->n_ssids;
1117 	}
1118 
1119 	params = kzalloc(params_size, GFP_KERNEL);
1120 	if (!params) {
1121 		err = -ENOMEM;
1122 		goto exit;
1123 	}
1124 	BUG_ON(params_size + sizeof("escan") >= BRCMF_DCMD_MEDLEN);
1125 	brcmf_escan_prep(cfg, &params->params_le, request);
1126 	params->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION);
1127 	params->action = cpu_to_le16(WL_ESCAN_ACTION_START);
1128 	params->sync_id = cpu_to_le16(0x1234);
1129 
1130 	err = brcmf_fil_iovar_data_set(ifp, "escan", params, params_size);
1131 	if (err) {
1132 		if (err == -EBUSY)
1133 			brcmf_dbg(INFO, "system busy : escan canceled\n");
1134 		else
1135 			bphy_err(drvr, "error (%d)\n", err);
1136 	}
1137 
1138 	kfree(params);
1139 exit:
1140 	return err;
1141 }
1142 
1143 static s32
brcmf_do_escan(struct brcmf_if * ifp,struct cfg80211_scan_request * request)1144 brcmf_do_escan(struct brcmf_if *ifp, struct cfg80211_scan_request *request)
1145 {
1146 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
1147 	s32 err;
1148 	struct brcmf_scan_results *results;
1149 	struct escan_info *escan = &cfg->escan_info;
1150 
1151 	brcmf_dbg(SCAN, "Enter\n");
1152 	escan->ifp = ifp;
1153 	escan->wiphy = cfg->wiphy;
1154 	escan->escan_state = WL_ESCAN_STATE_SCANNING;
1155 
1156 	brcmf_scan_config_mpc(ifp, 0);
1157 	results = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
1158 	results->version = 0;
1159 	results->count = 0;
1160 	results->buflen = WL_ESCAN_RESULTS_FIXED_SIZE;
1161 
1162 	err = escan->run(cfg, ifp, request);
1163 	if (err)
1164 		brcmf_scan_config_mpc(ifp, 1);
1165 	return err;
1166 }
1167 
1168 static s32
brcmf_cfg80211_scan(struct wiphy * wiphy,struct cfg80211_scan_request * request)1169 brcmf_cfg80211_scan(struct wiphy *wiphy, struct cfg80211_scan_request *request)
1170 {
1171 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1172 	struct brcmf_pub *drvr = cfg->pub;
1173 	struct brcmf_cfg80211_vif *vif;
1174 	s32 err = 0;
1175 
1176 	brcmf_dbg(TRACE, "Enter\n");
1177 	vif = container_of(request->wdev, struct brcmf_cfg80211_vif, wdev);
1178 	if (!check_vif_up(vif))
1179 		return -EIO;
1180 
1181 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
1182 		bphy_err(drvr, "Scanning already: status (%lu)\n",
1183 			 cfg->scan_status);
1184 		return -EAGAIN;
1185 	}
1186 	if (test_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status)) {
1187 		bphy_err(drvr, "Scanning being aborted: status (%lu)\n",
1188 			 cfg->scan_status);
1189 		return -EAGAIN;
1190 	}
1191 	if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
1192 		bphy_err(drvr, "Scanning suppressed: status (%lu)\n",
1193 			 cfg->scan_status);
1194 		return -EAGAIN;
1195 	}
1196 	if (test_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state)) {
1197 		bphy_err(drvr, "Connecting: status (%lu)\n", vif->sme_state);
1198 		return -EAGAIN;
1199 	}
1200 
1201 	/* If scan req comes for p2p0, send it over primary I/F */
1202 	if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
1203 		vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif;
1204 
1205 	brcmf_dbg(SCAN, "START ESCAN\n");
1206 
1207 	cfg->scan_request = request;
1208 	set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1209 
1210 	cfg->escan_info.run = brcmf_run_escan;
1211 	err = brcmf_p2p_scan_prep(wiphy, request, vif);
1212 	if (err)
1213 		goto scan_out;
1214 
1215 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBREQ_FLAG,
1216 				    request->ie, request->ie_len);
1217 	if (err)
1218 		goto scan_out;
1219 
1220 	err = brcmf_do_escan(vif->ifp, request);
1221 	if (err)
1222 		goto scan_out;
1223 
1224 	/* Arm scan timeout timer */
1225 	mod_timer(&cfg->escan_timeout,
1226 		  jiffies + msecs_to_jiffies(BRCMF_ESCAN_TIMER_INTERVAL_MS));
1227 
1228 	return 0;
1229 
1230 scan_out:
1231 	bphy_err(drvr, "scan error (%d)\n", err);
1232 	clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1233 	cfg->scan_request = NULL;
1234 	return err;
1235 }
1236 
brcmf_set_rts(struct net_device * ndev,u32 rts_threshold)1237 static s32 brcmf_set_rts(struct net_device *ndev, u32 rts_threshold)
1238 {
1239 	struct brcmf_if *ifp = netdev_priv(ndev);
1240 	struct brcmf_pub *drvr = ifp->drvr;
1241 	s32 err = 0;
1242 
1243 	err = brcmf_fil_iovar_int_set(ifp, "rtsthresh", rts_threshold);
1244 	if (err)
1245 		bphy_err(drvr, "Error (%d)\n", err);
1246 
1247 	return err;
1248 }
1249 
brcmf_set_frag(struct net_device * ndev,u32 frag_threshold)1250 static s32 brcmf_set_frag(struct net_device *ndev, u32 frag_threshold)
1251 {
1252 	struct brcmf_if *ifp = netdev_priv(ndev);
1253 	struct brcmf_pub *drvr = ifp->drvr;
1254 	s32 err = 0;
1255 
1256 	err = brcmf_fil_iovar_int_set(ifp, "fragthresh",
1257 				      frag_threshold);
1258 	if (err)
1259 		bphy_err(drvr, "Error (%d)\n", err);
1260 
1261 	return err;
1262 }
1263 
brcmf_set_retry(struct net_device * ndev,u32 retry,bool l)1264 static s32 brcmf_set_retry(struct net_device *ndev, u32 retry, bool l)
1265 {
1266 	struct brcmf_if *ifp = netdev_priv(ndev);
1267 	struct brcmf_pub *drvr = ifp->drvr;
1268 	s32 err = 0;
1269 	u32 cmd = (l ? BRCMF_C_SET_LRL : BRCMF_C_SET_SRL);
1270 
1271 	err = brcmf_fil_cmd_int_set(ifp, cmd, retry);
1272 	if (err) {
1273 		bphy_err(drvr, "cmd (%d) , error (%d)\n", cmd, err);
1274 		return err;
1275 	}
1276 	return err;
1277 }
1278 
brcmf_cfg80211_set_wiphy_params(struct wiphy * wiphy,u32 changed)1279 static s32 brcmf_cfg80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1280 {
1281 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1282 	struct net_device *ndev = cfg_to_ndev(cfg);
1283 	struct brcmf_if *ifp = netdev_priv(ndev);
1284 	s32 err = 0;
1285 
1286 	brcmf_dbg(TRACE, "Enter\n");
1287 	if (!check_vif_up(ifp->vif))
1288 		return -EIO;
1289 
1290 	if (changed & WIPHY_PARAM_RTS_THRESHOLD &&
1291 	    (cfg->conf->rts_threshold != wiphy->rts_threshold)) {
1292 		cfg->conf->rts_threshold = wiphy->rts_threshold;
1293 		err = brcmf_set_rts(ndev, cfg->conf->rts_threshold);
1294 		if (!err)
1295 			goto done;
1296 	}
1297 	if (changed & WIPHY_PARAM_FRAG_THRESHOLD &&
1298 	    (cfg->conf->frag_threshold != wiphy->frag_threshold)) {
1299 		cfg->conf->frag_threshold = wiphy->frag_threshold;
1300 		err = brcmf_set_frag(ndev, cfg->conf->frag_threshold);
1301 		if (!err)
1302 			goto done;
1303 	}
1304 	if (changed & WIPHY_PARAM_RETRY_LONG
1305 	    && (cfg->conf->retry_long != wiphy->retry_long)) {
1306 		cfg->conf->retry_long = wiphy->retry_long;
1307 		err = brcmf_set_retry(ndev, cfg->conf->retry_long, true);
1308 		if (!err)
1309 			goto done;
1310 	}
1311 	if (changed & WIPHY_PARAM_RETRY_SHORT
1312 	    && (cfg->conf->retry_short != wiphy->retry_short)) {
1313 		cfg->conf->retry_short = wiphy->retry_short;
1314 		err = brcmf_set_retry(ndev, cfg->conf->retry_short, false);
1315 		if (!err)
1316 			goto done;
1317 	}
1318 
1319 done:
1320 	brcmf_dbg(TRACE, "Exit\n");
1321 	return err;
1322 }
1323 
brcmf_init_prof(struct brcmf_cfg80211_profile * prof)1324 static void brcmf_init_prof(struct brcmf_cfg80211_profile *prof)
1325 {
1326 	memset(prof, 0, sizeof(*prof));
1327 }
1328 
brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg * e)1329 static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
1330 {
1331 	u16 reason;
1332 
1333 	switch (e->event_code) {
1334 	case BRCMF_E_DEAUTH:
1335 	case BRCMF_E_DEAUTH_IND:
1336 	case BRCMF_E_DISASSOC_IND:
1337 		reason = e->reason;
1338 		break;
1339 	case BRCMF_E_LINK:
1340 	default:
1341 		reason = 0;
1342 		break;
1343 	}
1344 	return reason;
1345 }
1346 
brcmf_set_pmk(struct brcmf_if * ifp,const u8 * pmk_data,u16 pmk_len)1347 static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
1348 {
1349 	struct brcmf_pub *drvr = ifp->drvr;
1350 	struct brcmf_wsec_pmk_le pmk;
1351 	int i, err;
1352 
1353 	/* convert to firmware key format */
1354 	pmk.key_len = cpu_to_le16(pmk_len << 1);
1355 	pmk.flags = cpu_to_le16(BRCMF_WSEC_PASSPHRASE);
1356 	for (i = 0; i < pmk_len; i++)
1357 		snprintf(&pmk.key[2 * i], 3, "%02x", pmk_data[i]);
1358 
1359 	/* store psk in firmware */
1360 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
1361 				     &pmk, sizeof(pmk));
1362 	if (err < 0)
1363 		bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
1364 			 pmk_len);
1365 
1366 	return err;
1367 }
1368 
brcmf_set_sae_password(struct brcmf_if * ifp,const u8 * pwd_data,u16 pwd_len)1369 static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
1370 				  u16 pwd_len)
1371 {
1372 	struct brcmf_pub *drvr = ifp->drvr;
1373 	struct brcmf_wsec_sae_pwd_le sae_pwd;
1374 	int err;
1375 
1376 	if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
1377 		bphy_err(drvr, "sae_password must be less than %d\n",
1378 			 BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
1379 		return -EINVAL;
1380 	}
1381 
1382 	sae_pwd.key_len = cpu_to_le16(pwd_len);
1383 	memcpy(sae_pwd.key, pwd_data, pwd_len);
1384 
1385 	err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
1386 				       sizeof(sae_pwd));
1387 	if (err < 0)
1388 		bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
1389 			 pwd_len);
1390 
1391 	return err;
1392 }
1393 
brcmf_link_down(struct brcmf_cfg80211_vif * vif,u16 reason,bool locally_generated)1394 static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
1395 			    bool locally_generated)
1396 {
1397 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(vif->wdev.wiphy);
1398 	struct brcmf_pub *drvr = cfg->pub;
1399 	bool bus_up = drvr->bus_if->state == BRCMF_BUS_UP;
1400 	s32 err = 0;
1401 
1402 	brcmf_dbg(TRACE, "Enter\n");
1403 
1404 	if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTED, &vif->sme_state)) {
1405 		if (bus_up) {
1406 			brcmf_dbg(INFO, "Call WLC_DISASSOC to stop excess roaming\n");
1407 			err = brcmf_fil_cmd_data_set(vif->ifp,
1408 						     BRCMF_C_DISASSOC, NULL, 0);
1409 			if (err)
1410 				bphy_err(drvr, "WLC_DISASSOC failed (%d)\n",
1411 					 err);
1412 		}
1413 
1414 		if ((vif->wdev.iftype == NL80211_IFTYPE_STATION) ||
1415 		    (vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT))
1416 			cfg80211_disconnected(vif->wdev.netdev, reason, NULL, 0,
1417 					      locally_generated, GFP_KERNEL);
1418 	}
1419 	clear_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state);
1420 	clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
1421 	brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
1422 	if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
1423 		if (bus_up)
1424 			brcmf_set_pmk(vif->ifp, NULL, 0);
1425 		vif->profile.use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1426 	}
1427 	brcmf_dbg(TRACE, "Exit\n");
1428 }
1429 
1430 static s32
brcmf_cfg80211_join_ibss(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_ibss_params * params)1431 brcmf_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *ndev,
1432 		      struct cfg80211_ibss_params *params)
1433 {
1434 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1435 	struct brcmf_if *ifp = netdev_priv(ndev);
1436 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1437 	struct brcmf_pub *drvr = cfg->pub;
1438 	struct brcmf_join_params join_params;
1439 	size_t join_params_size = 0;
1440 	s32 err = 0;
1441 	s32 wsec = 0;
1442 	s32 bcnprd;
1443 	u16 chanspec;
1444 	u32 ssid_len;
1445 
1446 	brcmf_dbg(TRACE, "Enter\n");
1447 	if (!check_vif_up(ifp->vif))
1448 		return -EIO;
1449 
1450 	if (params->ssid)
1451 		brcmf_dbg(CONN, "SSID: %s\n", params->ssid);
1452 	else {
1453 		brcmf_dbg(CONN, "SSID: NULL, Not supported\n");
1454 		return -EOPNOTSUPP;
1455 	}
1456 
1457 	set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1458 
1459 	if (params->bssid)
1460 		brcmf_dbg(CONN, "BSSID: %pM\n", params->bssid);
1461 	else
1462 		brcmf_dbg(CONN, "No BSSID specified\n");
1463 
1464 	if (params->chandef.chan)
1465 		brcmf_dbg(CONN, "channel: %d\n",
1466 			  params->chandef.chan->center_freq);
1467 	else
1468 		brcmf_dbg(CONN, "no channel specified\n");
1469 
1470 	if (params->channel_fixed)
1471 		brcmf_dbg(CONN, "fixed channel required\n");
1472 	else
1473 		brcmf_dbg(CONN, "no fixed channel required\n");
1474 
1475 	if (params->ie && params->ie_len)
1476 		brcmf_dbg(CONN, "ie len: %d\n", params->ie_len);
1477 	else
1478 		brcmf_dbg(CONN, "no ie specified\n");
1479 
1480 	if (params->beacon_interval)
1481 		brcmf_dbg(CONN, "beacon interval: %d\n",
1482 			  params->beacon_interval);
1483 	else
1484 		brcmf_dbg(CONN, "no beacon interval specified\n");
1485 
1486 	if (params->basic_rates)
1487 		brcmf_dbg(CONN, "basic rates: %08X\n", params->basic_rates);
1488 	else
1489 		brcmf_dbg(CONN, "no basic rates specified\n");
1490 
1491 	if (params->privacy)
1492 		brcmf_dbg(CONN, "privacy required\n");
1493 	else
1494 		brcmf_dbg(CONN, "no privacy required\n");
1495 
1496 	/* Configure Privacy for starter */
1497 	if (params->privacy)
1498 		wsec |= WEP_ENABLED;
1499 
1500 	err = brcmf_fil_iovar_int_set(ifp, "wsec", wsec);
1501 	if (err) {
1502 		bphy_err(drvr, "wsec failed (%d)\n", err);
1503 		goto done;
1504 	}
1505 
1506 	/* Configure Beacon Interval for starter */
1507 	if (params->beacon_interval)
1508 		bcnprd = params->beacon_interval;
1509 	else
1510 		bcnprd = 100;
1511 
1512 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD, bcnprd);
1513 	if (err) {
1514 		bphy_err(drvr, "WLC_SET_BCNPRD failed (%d)\n", err);
1515 		goto done;
1516 	}
1517 
1518 	/* Configure required join parameter */
1519 	memset(&join_params, 0, sizeof(struct brcmf_join_params));
1520 
1521 	/* SSID */
1522 	ssid_len = min_t(u32, params->ssid_len, IEEE80211_MAX_SSID_LEN);
1523 	memcpy(join_params.ssid_le.SSID, params->ssid, ssid_len);
1524 	join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
1525 	join_params_size = sizeof(join_params.ssid_le);
1526 
1527 	/* BSSID */
1528 	if (params->bssid) {
1529 		memcpy(join_params.params_le.bssid, params->bssid, ETH_ALEN);
1530 		join_params_size += BRCMF_ASSOC_PARAMS_FIXED_SIZE;
1531 		memcpy(profile->bssid, params->bssid, ETH_ALEN);
1532 	} else {
1533 		eth_broadcast_addr(join_params.params_le.bssid);
1534 		eth_zero_addr(profile->bssid);
1535 	}
1536 
1537 	/* Channel */
1538 	if (params->chandef.chan) {
1539 		u32 target_channel;
1540 
1541 		cfg->channel =
1542 			ieee80211_frequency_to_channel(
1543 				params->chandef.chan->center_freq);
1544 		if (params->channel_fixed) {
1545 			/* adding chanspec */
1546 			chanspec = chandef_to_chanspec(&cfg->d11inf,
1547 						       &params->chandef);
1548 			join_params.params_le.chanspec_list[0] =
1549 				cpu_to_le16(chanspec);
1550 			join_params.params_le.chanspec_num = cpu_to_le32(1);
1551 			join_params_size += sizeof(join_params.params_le);
1552 		}
1553 
1554 		/* set channel for starter */
1555 		target_channel = cfg->channel;
1556 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_CHANNEL,
1557 					    target_channel);
1558 		if (err) {
1559 			bphy_err(drvr, "WLC_SET_CHANNEL failed (%d)\n", err);
1560 			goto done;
1561 		}
1562 	} else
1563 		cfg->channel = 0;
1564 
1565 	cfg->ibss_starter = false;
1566 
1567 
1568 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
1569 				     &join_params, join_params_size);
1570 	if (err) {
1571 		bphy_err(drvr, "WLC_SET_SSID failed (%d)\n", err);
1572 		goto done;
1573 	}
1574 
1575 done:
1576 	if (err)
1577 		clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1578 	brcmf_dbg(TRACE, "Exit\n");
1579 	return err;
1580 }
1581 
1582 static s32
brcmf_cfg80211_leave_ibss(struct wiphy * wiphy,struct net_device * ndev)1583 brcmf_cfg80211_leave_ibss(struct wiphy *wiphy, struct net_device *ndev)
1584 {
1585 	struct brcmf_if *ifp = netdev_priv(ndev);
1586 
1587 	brcmf_dbg(TRACE, "Enter\n");
1588 	if (!check_vif_up(ifp->vif)) {
1589 		/* When driver is being unloaded, it can end up here. If an
1590 		 * error is returned then later on a debug trace in the wireless
1591 		 * core module will be printed. To avoid this 0 is returned.
1592 		 */
1593 		return 0;
1594 	}
1595 
1596 	brcmf_link_down(ifp->vif, WLAN_REASON_DEAUTH_LEAVING, true);
1597 	brcmf_net_setcarrier(ifp, false);
1598 
1599 	brcmf_dbg(TRACE, "Exit\n");
1600 
1601 	return 0;
1602 }
1603 
brcmf_set_wpa_version(struct net_device * ndev,struct cfg80211_connect_params * sme)1604 static s32 brcmf_set_wpa_version(struct net_device *ndev,
1605 				 struct cfg80211_connect_params *sme)
1606 {
1607 	struct brcmf_if *ifp = netdev_priv(ndev);
1608 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1609 	struct brcmf_pub *drvr = ifp->drvr;
1610 	struct brcmf_cfg80211_security *sec;
1611 	s32 val = 0;
1612 	s32 err = 0;
1613 
1614 	if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_1)
1615 		val = WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED;
1616 	else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_2)
1617 		val = WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED;
1618 	else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_3)
1619 		val = WPA3_AUTH_SAE_PSK;
1620 	else
1621 		val = WPA_AUTH_DISABLED;
1622 	brcmf_dbg(CONN, "setting wpa_auth to 0x%0x\n", val);
1623 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", val);
1624 	if (err) {
1625 		bphy_err(drvr, "set wpa_auth failed (%d)\n", err);
1626 		return err;
1627 	}
1628 	sec = &profile->sec;
1629 	sec->wpa_versions = sme->crypto.wpa_versions;
1630 	return err;
1631 }
1632 
brcmf_set_auth_type(struct net_device * ndev,struct cfg80211_connect_params * sme)1633 static s32 brcmf_set_auth_type(struct net_device *ndev,
1634 			       struct cfg80211_connect_params *sme)
1635 {
1636 	struct brcmf_if *ifp = netdev_priv(ndev);
1637 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1638 	struct brcmf_pub *drvr = ifp->drvr;
1639 	struct brcmf_cfg80211_security *sec;
1640 	s32 val = 0;
1641 	s32 err = 0;
1642 
1643 	switch (sme->auth_type) {
1644 	case NL80211_AUTHTYPE_OPEN_SYSTEM:
1645 		val = 0;
1646 		brcmf_dbg(CONN, "open system\n");
1647 		break;
1648 	case NL80211_AUTHTYPE_SHARED_KEY:
1649 		val = 1;
1650 		brcmf_dbg(CONN, "shared key\n");
1651 		break;
1652 	case NL80211_AUTHTYPE_SAE:
1653 		val = 3;
1654 		brcmf_dbg(CONN, "SAE authentication\n");
1655 		break;
1656 	default:
1657 		val = 2;
1658 		brcmf_dbg(CONN, "automatic, auth type (%d)\n", sme->auth_type);
1659 		break;
1660 	}
1661 
1662 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1663 	if (err) {
1664 		bphy_err(drvr, "set auth failed (%d)\n", err);
1665 		return err;
1666 	}
1667 	sec = &profile->sec;
1668 	sec->auth_type = sme->auth_type;
1669 	return err;
1670 }
1671 
1672 static s32
brcmf_set_wsec_mode(struct net_device * ndev,struct cfg80211_connect_params * sme)1673 brcmf_set_wsec_mode(struct net_device *ndev,
1674 		    struct cfg80211_connect_params *sme)
1675 {
1676 	struct brcmf_if *ifp = netdev_priv(ndev);
1677 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1678 	struct brcmf_pub *drvr = ifp->drvr;
1679 	struct brcmf_cfg80211_security *sec;
1680 	s32 pval = 0;
1681 	s32 gval = 0;
1682 	s32 wsec;
1683 	s32 err = 0;
1684 
1685 	if (sme->crypto.n_ciphers_pairwise) {
1686 		switch (sme->crypto.ciphers_pairwise[0]) {
1687 		case WLAN_CIPHER_SUITE_WEP40:
1688 		case WLAN_CIPHER_SUITE_WEP104:
1689 			pval = WEP_ENABLED;
1690 			break;
1691 		case WLAN_CIPHER_SUITE_TKIP:
1692 			pval = TKIP_ENABLED;
1693 			break;
1694 		case WLAN_CIPHER_SUITE_CCMP:
1695 			pval = AES_ENABLED;
1696 			break;
1697 		case WLAN_CIPHER_SUITE_AES_CMAC:
1698 			pval = AES_ENABLED;
1699 			break;
1700 		default:
1701 			bphy_err(drvr, "invalid cipher pairwise (%d)\n",
1702 				 sme->crypto.ciphers_pairwise[0]);
1703 			return -EINVAL;
1704 		}
1705 	}
1706 	if (sme->crypto.cipher_group) {
1707 		switch (sme->crypto.cipher_group) {
1708 		case WLAN_CIPHER_SUITE_WEP40:
1709 		case WLAN_CIPHER_SUITE_WEP104:
1710 			gval = WEP_ENABLED;
1711 			break;
1712 		case WLAN_CIPHER_SUITE_TKIP:
1713 			gval = TKIP_ENABLED;
1714 			break;
1715 		case WLAN_CIPHER_SUITE_CCMP:
1716 			gval = AES_ENABLED;
1717 			break;
1718 		case WLAN_CIPHER_SUITE_AES_CMAC:
1719 			gval = AES_ENABLED;
1720 			break;
1721 		default:
1722 			bphy_err(drvr, "invalid cipher group (%d)\n",
1723 				 sme->crypto.cipher_group);
1724 			return -EINVAL;
1725 		}
1726 	}
1727 
1728 	brcmf_dbg(CONN, "pval (%d) gval (%d)\n", pval, gval);
1729 	/* In case of privacy, but no security and WPS then simulate */
1730 	/* setting AES. WPS-2.0 allows no security                   */
1731 	if (brcmf_find_wpsie(sme->ie, sme->ie_len) && !pval && !gval &&
1732 	    sme->privacy)
1733 		pval = AES_ENABLED;
1734 
1735 	wsec = pval | gval;
1736 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
1737 	if (err) {
1738 		bphy_err(drvr, "error (%d)\n", err);
1739 		return err;
1740 	}
1741 
1742 	sec = &profile->sec;
1743 	sec->cipher_pairwise = sme->crypto.ciphers_pairwise[0];
1744 	sec->cipher_group = sme->crypto.cipher_group;
1745 
1746 	return err;
1747 }
1748 
1749 static s32
brcmf_set_key_mgmt(struct net_device * ndev,struct cfg80211_connect_params * sme)1750 brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
1751 {
1752 	struct brcmf_if *ifp = netdev_priv(ndev);
1753 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1754 	struct brcmf_pub *drvr = ifp->drvr;
1755 	s32 val;
1756 	s32 err;
1757 	const struct brcmf_tlv *rsn_ie;
1758 	const u8 *ie;
1759 	u32 ie_len;
1760 	u32 offset;
1761 	u16 rsn_cap;
1762 	u32 mfp;
1763 	u16 count;
1764 
1765 	profile->use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1766 	profile->is_ft = false;
1767 
1768 	if (!sme->crypto.n_akm_suites)
1769 		return 0;
1770 
1771 	err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
1772 	if (err) {
1773 		bphy_err(drvr, "could not get wpa_auth (%d)\n", err);
1774 		return err;
1775 	}
1776 	if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
1777 		switch (sme->crypto.akm_suites[0]) {
1778 		case WLAN_AKM_SUITE_8021X:
1779 			val = WPA_AUTH_UNSPECIFIED;
1780 			if (sme->want_1x)
1781 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1782 			break;
1783 		case WLAN_AKM_SUITE_PSK:
1784 			val = WPA_AUTH_PSK;
1785 			break;
1786 		default:
1787 			bphy_err(drvr, "invalid akm suite (%d)\n",
1788 				 sme->crypto.akm_suites[0]);
1789 			return -EINVAL;
1790 		}
1791 	} else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
1792 		switch (sme->crypto.akm_suites[0]) {
1793 		case WLAN_AKM_SUITE_8021X:
1794 			val = WPA2_AUTH_UNSPECIFIED;
1795 			if (sme->want_1x)
1796 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1797 			break;
1798 		case WLAN_AKM_SUITE_8021X_SHA256:
1799 			val = WPA2_AUTH_1X_SHA256;
1800 			if (sme->want_1x)
1801 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1802 			break;
1803 		case WLAN_AKM_SUITE_PSK_SHA256:
1804 			val = WPA2_AUTH_PSK_SHA256;
1805 			break;
1806 		case WLAN_AKM_SUITE_PSK:
1807 			val = WPA2_AUTH_PSK;
1808 			break;
1809 		case WLAN_AKM_SUITE_FT_8021X:
1810 			val = WPA2_AUTH_UNSPECIFIED | WPA2_AUTH_FT;
1811 			profile->is_ft = true;
1812 			if (sme->want_1x)
1813 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1814 			break;
1815 		case WLAN_AKM_SUITE_FT_PSK:
1816 			val = WPA2_AUTH_PSK | WPA2_AUTH_FT;
1817 			profile->is_ft = true;
1818 			break;
1819 		default:
1820 			bphy_err(drvr, "invalid akm suite (%d)\n",
1821 				 sme->crypto.akm_suites[0]);
1822 			return -EINVAL;
1823 		}
1824 	} else if (val & WPA3_AUTH_SAE_PSK) {
1825 		switch (sme->crypto.akm_suites[0]) {
1826 		case WLAN_AKM_SUITE_SAE:
1827 			val = WPA3_AUTH_SAE_PSK;
1828 			if (sme->crypto.sae_pwd) {
1829 				brcmf_dbg(INFO, "using SAE offload\n");
1830 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1831 			}
1832 			break;
1833 		case WLAN_AKM_SUITE_FT_OVER_SAE:
1834 			val = WPA3_AUTH_SAE_PSK | WPA2_AUTH_FT;
1835 			profile->is_ft = true;
1836 			if (sme->crypto.sae_pwd) {
1837 				brcmf_dbg(INFO, "using SAE offload\n");
1838 				profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1839 			}
1840 			break;
1841 		default:
1842 			bphy_err(drvr, "invalid akm suite (%d)\n",
1843 				 sme->crypto.akm_suites[0]);
1844 			return -EINVAL;
1845 		}
1846 	}
1847 
1848 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X)
1849 		brcmf_dbg(INFO, "using 1X offload\n");
1850 
1851 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
1852 		goto skip_mfp_config;
1853 	/* The MFP mode (1 or 2) needs to be determined, parse IEs. The
1854 	 * IE will not be verified, just a quick search for MFP config
1855 	 */
1856 	rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
1857 				  WLAN_EID_RSN);
1858 	if (!rsn_ie)
1859 		goto skip_mfp_config;
1860 	ie = (const u8 *)rsn_ie;
1861 	ie_len = rsn_ie->len + TLV_HDR_LEN;
1862 	/* Skip unicast suite */
1863 	offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
1864 	if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1865 		goto skip_mfp_config;
1866 	/* Skip multicast suite */
1867 	count = ie[offset] + (ie[offset + 1] << 8);
1868 	offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1869 	if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1870 		goto skip_mfp_config;
1871 	/* Skip auth key management suite(s) */
1872 	count = ie[offset] + (ie[offset + 1] << 8);
1873 	offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1874 	if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
1875 		goto skip_mfp_config;
1876 	/* Ready to read capabilities */
1877 	mfp = BRCMF_MFP_NONE;
1878 	rsn_cap = ie[offset] + (ie[offset + 1] << 8);
1879 	if (rsn_cap & RSN_CAP_MFPR_MASK)
1880 		mfp = BRCMF_MFP_REQUIRED;
1881 	else if (rsn_cap & RSN_CAP_MFPC_MASK)
1882 		mfp = BRCMF_MFP_CAPABLE;
1883 	brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
1884 
1885 skip_mfp_config:
1886 	brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
1887 	err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
1888 	if (err) {
1889 		bphy_err(drvr, "could not set wpa_auth (%d)\n", err);
1890 		return err;
1891 	}
1892 
1893 	return err;
1894 }
1895 
1896 static s32
brcmf_set_sharedkey(struct net_device * ndev,struct cfg80211_connect_params * sme)1897 brcmf_set_sharedkey(struct net_device *ndev,
1898 		    struct cfg80211_connect_params *sme)
1899 {
1900 	struct brcmf_if *ifp = netdev_priv(ndev);
1901 	struct brcmf_pub *drvr = ifp->drvr;
1902 	struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1903 	struct brcmf_cfg80211_security *sec;
1904 	struct brcmf_wsec_key key;
1905 	s32 val;
1906 	s32 err = 0;
1907 
1908 	brcmf_dbg(CONN, "key len (%d)\n", sme->key_len);
1909 
1910 	if (sme->key_len == 0)
1911 		return 0;
1912 
1913 	sec = &profile->sec;
1914 	brcmf_dbg(CONN, "wpa_versions 0x%x cipher_pairwise 0x%x\n",
1915 		  sec->wpa_versions, sec->cipher_pairwise);
1916 
1917 	if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2 |
1918 				 NL80211_WPA_VERSION_3))
1919 		return 0;
1920 
1921 	if (!(sec->cipher_pairwise &
1922 	    (WLAN_CIPHER_SUITE_WEP40 | WLAN_CIPHER_SUITE_WEP104)))
1923 		return 0;
1924 
1925 	memset(&key, 0, sizeof(key));
1926 	key.len = (u32) sme->key_len;
1927 	key.index = (u32) sme->key_idx;
1928 	if (key.len > sizeof(key.data)) {
1929 		bphy_err(drvr, "Too long key length (%u)\n", key.len);
1930 		return -EINVAL;
1931 	}
1932 	memcpy(key.data, sme->key, key.len);
1933 	key.flags = BRCMF_PRIMARY_KEY;
1934 	switch (sec->cipher_pairwise) {
1935 	case WLAN_CIPHER_SUITE_WEP40:
1936 		key.algo = CRYPTO_ALGO_WEP1;
1937 		break;
1938 	case WLAN_CIPHER_SUITE_WEP104:
1939 		key.algo = CRYPTO_ALGO_WEP128;
1940 		break;
1941 	default:
1942 		bphy_err(drvr, "Invalid algorithm (%d)\n",
1943 			 sme->crypto.ciphers_pairwise[0]);
1944 		return -EINVAL;
1945 	}
1946 	/* Set the new key/index */
1947 	brcmf_dbg(CONN, "key length (%d) key index (%d) algo (%d)\n",
1948 		  key.len, key.index, key.algo);
1949 	brcmf_dbg(CONN, "key \"%s\"\n", key.data);
1950 	err = send_key_to_dongle(ifp, &key);
1951 	if (err)
1952 		return err;
1953 
1954 	if (sec->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
1955 		brcmf_dbg(CONN, "set auth_type to shared key\n");
1956 		val = WL_AUTH_SHARED_KEY;	/* shared key */
1957 		err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1958 		if (err)
1959 			bphy_err(drvr, "set auth failed (%d)\n", err);
1960 	}
1961 	return err;
1962 }
1963 
1964 static
brcmf_war_auth_type(struct brcmf_if * ifp,enum nl80211_auth_type type)1965 enum nl80211_auth_type brcmf_war_auth_type(struct brcmf_if *ifp,
1966 					   enum nl80211_auth_type type)
1967 {
1968 	if (type == NL80211_AUTHTYPE_AUTOMATIC &&
1969 	    brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_AUTO_AUTH)) {
1970 		brcmf_dbg(CONN, "WAR: use OPEN instead of AUTO\n");
1971 		type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1972 	}
1973 	return type;
1974 }
1975 
brcmf_set_join_pref(struct brcmf_if * ifp,struct cfg80211_bss_selection * bss_select)1976 static void brcmf_set_join_pref(struct brcmf_if *ifp,
1977 				struct cfg80211_bss_selection *bss_select)
1978 {
1979 	struct brcmf_pub *drvr = ifp->drvr;
1980 	struct brcmf_join_pref_params join_pref_params[2];
1981 	enum nl80211_band band;
1982 	int err, i = 0;
1983 
1984 	join_pref_params[i].len = 2;
1985 	join_pref_params[i].rssi_gain = 0;
1986 
1987 	if (bss_select->behaviour != NL80211_BSS_SELECT_ATTR_BAND_PREF)
1988 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_ASSOC_PREFER, WLC_BAND_AUTO);
1989 
1990 	switch (bss_select->behaviour) {
1991 	case __NL80211_BSS_SELECT_ATTR_INVALID:
1992 		brcmf_c_set_joinpref_default(ifp);
1993 		return;
1994 	case NL80211_BSS_SELECT_ATTR_BAND_PREF:
1995 		join_pref_params[i].type = BRCMF_JOIN_PREF_BAND;
1996 		band = bss_select->param.band_pref;
1997 		join_pref_params[i].band = nl80211_band_to_fwil(band);
1998 		i++;
1999 		break;
2000 	case NL80211_BSS_SELECT_ATTR_RSSI_ADJUST:
2001 		join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI_DELTA;
2002 		band = bss_select->param.adjust.band;
2003 		join_pref_params[i].band = nl80211_band_to_fwil(band);
2004 		join_pref_params[i].rssi_gain = bss_select->param.adjust.delta;
2005 		i++;
2006 		break;
2007 	case NL80211_BSS_SELECT_ATTR_RSSI:
2008 	default:
2009 		break;
2010 	}
2011 	join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI;
2012 	join_pref_params[i].len = 2;
2013 	join_pref_params[i].rssi_gain = 0;
2014 	join_pref_params[i].band = 0;
2015 	err = brcmf_fil_iovar_data_set(ifp, "join_pref", join_pref_params,
2016 				       sizeof(join_pref_params));
2017 	if (err)
2018 		bphy_err(drvr, "Set join_pref error (%d)\n", err);
2019 }
2020 
2021 static s32
brcmf_cfg80211_connect(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_connect_params * sme)2022 brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
2023 		       struct cfg80211_connect_params *sme)
2024 {
2025 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2026 	struct brcmf_if *ifp = netdev_priv(ndev);
2027 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2028 	struct ieee80211_channel *chan = sme->channel;
2029 	struct brcmf_pub *drvr = ifp->drvr;
2030 	struct brcmf_join_params join_params;
2031 	size_t join_params_size;
2032 	const struct brcmf_tlv *rsn_ie;
2033 	const struct brcmf_vs_tlv *wpa_ie;
2034 	const void *ie;
2035 	u32 ie_len;
2036 	struct brcmf_ext_join_params_le *ext_join_params;
2037 	u16 chanspec;
2038 	s32 err = 0;
2039 	u32 ssid_len;
2040 
2041 	brcmf_dbg(TRACE, "Enter\n");
2042 	if (!check_vif_up(ifp->vif))
2043 		return -EIO;
2044 
2045 	if (!sme->ssid) {
2046 		bphy_err(drvr, "Invalid ssid\n");
2047 		return -EOPNOTSUPP;
2048 	}
2049 
2050 	if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif) {
2051 		/* A normal (non P2P) connection request setup. */
2052 		ie = NULL;
2053 		ie_len = 0;
2054 		/* find the WPA_IE */
2055 		wpa_ie = brcmf_find_wpaie((u8 *)sme->ie, sme->ie_len);
2056 		if (wpa_ie) {
2057 			ie = wpa_ie;
2058 			ie_len = wpa_ie->len + TLV_HDR_LEN;
2059 		} else {
2060 			/* find the RSN_IE */
2061 			rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie,
2062 						  sme->ie_len,
2063 						  WLAN_EID_RSN);
2064 			if (rsn_ie) {
2065 				ie = rsn_ie;
2066 				ie_len = rsn_ie->len + TLV_HDR_LEN;
2067 			}
2068 		}
2069 		brcmf_fil_iovar_data_set(ifp, "wpaie", ie, ie_len);
2070 	}
2071 
2072 	err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
2073 				    sme->ie, sme->ie_len);
2074 	if (err)
2075 		bphy_err(drvr, "Set Assoc REQ IE Failed\n");
2076 	else
2077 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
2078 
2079 	set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2080 
2081 	if (chan) {
2082 		cfg->channel =
2083 			ieee80211_frequency_to_channel(chan->center_freq);
2084 		chanspec = channel_to_chanspec(&cfg->d11inf, chan);
2085 		brcmf_dbg(CONN, "channel=%d, center_req=%d, chanspec=0x%04x\n",
2086 			  cfg->channel, chan->center_freq, chanspec);
2087 	} else {
2088 		cfg->channel = 0;
2089 		chanspec = 0;
2090 	}
2091 
2092 	brcmf_dbg(INFO, "ie (%p), ie_len (%zd)\n", sme->ie, sme->ie_len);
2093 
2094 	err = brcmf_set_wpa_version(ndev, sme);
2095 	if (err) {
2096 		bphy_err(drvr, "wl_set_wpa_version failed (%d)\n", err);
2097 		goto done;
2098 	}
2099 
2100 	sme->auth_type = brcmf_war_auth_type(ifp, sme->auth_type);
2101 	err = brcmf_set_auth_type(ndev, sme);
2102 	if (err) {
2103 		bphy_err(drvr, "wl_set_auth_type failed (%d)\n", err);
2104 		goto done;
2105 	}
2106 
2107 	err = brcmf_set_wsec_mode(ndev, sme);
2108 	if (err) {
2109 		bphy_err(drvr, "wl_set_set_cipher failed (%d)\n", err);
2110 		goto done;
2111 	}
2112 
2113 	err = brcmf_set_key_mgmt(ndev, sme);
2114 	if (err) {
2115 		bphy_err(drvr, "wl_set_key_mgmt failed (%d)\n", err);
2116 		goto done;
2117 	}
2118 
2119 	err = brcmf_set_sharedkey(ndev, sme);
2120 	if (err) {
2121 		bphy_err(drvr, "brcmf_set_sharedkey failed (%d)\n", err);
2122 		goto done;
2123 	}
2124 
2125 	if (sme->crypto.psk &&
2126 	    profile->use_fwsup != BRCMF_PROFILE_FWSUP_SAE) {
2127 		if (WARN_ON(profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE)) {
2128 			err = -EINVAL;
2129 			goto done;
2130 		}
2131 		brcmf_dbg(INFO, "using PSK offload\n");
2132 		profile->use_fwsup = BRCMF_PROFILE_FWSUP_PSK;
2133 	}
2134 
2135 	if (profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
2136 		/* enable firmware supplicant for this interface */
2137 		err = brcmf_fil_iovar_int_set(ifp, "sup_wpa", 1);
2138 		if (err < 0) {
2139 			bphy_err(drvr, "failed to enable fw supplicant\n");
2140 			goto done;
2141 		}
2142 	}
2143 
2144 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK)
2145 		err = brcmf_set_pmk(ifp, sme->crypto.psk,
2146 				    BRCMF_WSEC_MAX_PSK_LEN);
2147 	else if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_SAE) {
2148 		/* clean up user-space RSNE */
2149 		err = brcmf_fil_iovar_data_set(ifp, "wpaie", NULL, 0);
2150 		if (err) {
2151 			bphy_err(drvr, "failed to clean up user-space RSNE\n");
2152 			goto done;
2153 		}
2154 		err = brcmf_set_sae_password(ifp, sme->crypto.sae_pwd,
2155 					     sme->crypto.sae_pwd_len);
2156 		if (!err && sme->crypto.psk)
2157 			err = brcmf_set_pmk(ifp, sme->crypto.psk,
2158 					    BRCMF_WSEC_MAX_PSK_LEN);
2159 	}
2160 	if (err)
2161 		goto done;
2162 
2163 	/* Join with specific BSSID and cached SSID
2164 	 * If SSID is zero join based on BSSID only
2165 	 */
2166 	join_params_size = offsetof(struct brcmf_ext_join_params_le, assoc_le) +
2167 		offsetof(struct brcmf_assoc_params_le, chanspec_list);
2168 	if (cfg->channel)
2169 		join_params_size += sizeof(u16);
2170 	ext_join_params = kzalloc(sizeof(*ext_join_params), GFP_KERNEL);
2171 	if (ext_join_params == NULL) {
2172 		err = -ENOMEM;
2173 		goto done;
2174 	}
2175 	ssid_len = min_t(u32, sme->ssid_len, IEEE80211_MAX_SSID_LEN);
2176 	ext_join_params->ssid_le.SSID_len = cpu_to_le32(ssid_len);
2177 	memcpy(&ext_join_params->ssid_le.SSID, sme->ssid, ssid_len);
2178 	if (ssid_len < IEEE80211_MAX_SSID_LEN)
2179 		brcmf_dbg(CONN, "SSID \"%s\", len (%d)\n",
2180 			  ext_join_params->ssid_le.SSID, ssid_len);
2181 
2182 	/* Set up join scan parameters */
2183 	ext_join_params->scan_le.scan_type = -1;
2184 	ext_join_params->scan_le.home_time = cpu_to_le32(-1);
2185 
2186 	if (sme->bssid)
2187 		memcpy(&ext_join_params->assoc_le.bssid, sme->bssid, ETH_ALEN);
2188 	else
2189 		eth_broadcast_addr(ext_join_params->assoc_le.bssid);
2190 
2191 	if (cfg->channel) {
2192 		ext_join_params->assoc_le.chanspec_num = cpu_to_le32(1);
2193 
2194 		ext_join_params->assoc_le.chanspec_list[0] =
2195 			cpu_to_le16(chanspec);
2196 		/* Increase dwell time to receive probe response or detect
2197 		 * beacon from target AP at a noisy air only during connect
2198 		 * command.
2199 		 */
2200 		ext_join_params->scan_le.active_time =
2201 			cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS);
2202 		ext_join_params->scan_le.passive_time =
2203 			cpu_to_le32(BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS);
2204 		/* To sync with presence period of VSDB GO send probe request
2205 		 * more frequently. Probe request will be stopped when it gets
2206 		 * probe response from target AP/GO.
2207 		 */
2208 		ext_join_params->scan_le.nprobes =
2209 			cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS /
2210 				    BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS);
2211 	} else {
2212 		ext_join_params->scan_le.active_time = cpu_to_le32(-1);
2213 		ext_join_params->scan_le.passive_time = cpu_to_le32(-1);
2214 		ext_join_params->scan_le.nprobes = cpu_to_le32(-1);
2215 	}
2216 
2217 	brcmf_set_join_pref(ifp, &sme->bss_select);
2218 
2219 	err  = brcmf_fil_bsscfg_data_set(ifp, "join", ext_join_params,
2220 					 join_params_size);
2221 	kfree(ext_join_params);
2222 	if (!err)
2223 		/* This is it. join command worked, we are done */
2224 		goto done;
2225 
2226 	/* join command failed, fallback to set ssid */
2227 	memset(&join_params, 0, sizeof(join_params));
2228 	join_params_size = sizeof(join_params.ssid_le);
2229 
2230 	memcpy(&join_params.ssid_le.SSID, sme->ssid, ssid_len);
2231 	join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
2232 
2233 	if (sme->bssid)
2234 		memcpy(join_params.params_le.bssid, sme->bssid, ETH_ALEN);
2235 	else
2236 		eth_broadcast_addr(join_params.params_le.bssid);
2237 
2238 	if (cfg->channel) {
2239 		join_params.params_le.chanspec_list[0] = cpu_to_le16(chanspec);
2240 		join_params.params_le.chanspec_num = cpu_to_le32(1);
2241 		join_params_size += sizeof(join_params.params_le);
2242 	}
2243 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
2244 				     &join_params, join_params_size);
2245 	if (err)
2246 		bphy_err(drvr, "BRCMF_C_SET_SSID failed (%d)\n", err);
2247 
2248 done:
2249 	if (err)
2250 		clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2251 	brcmf_dbg(TRACE, "Exit\n");
2252 	return err;
2253 }
2254 
2255 static s32
brcmf_cfg80211_disconnect(struct wiphy * wiphy,struct net_device * ndev,u16 reason_code)2256 brcmf_cfg80211_disconnect(struct wiphy *wiphy, struct net_device *ndev,
2257 		       u16 reason_code)
2258 {
2259 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2260 	struct brcmf_if *ifp = netdev_priv(ndev);
2261 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2262 	struct brcmf_pub *drvr = cfg->pub;
2263 	struct brcmf_scb_val_le scbval;
2264 	s32 err = 0;
2265 
2266 	brcmf_dbg(TRACE, "Enter. Reason code = %d\n", reason_code);
2267 	if (!check_vif_up(ifp->vif))
2268 		return -EIO;
2269 
2270 	clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
2271 	clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2272 	cfg80211_disconnected(ndev, reason_code, NULL, 0, true, GFP_KERNEL);
2273 
2274 	memcpy(&scbval.ea, &profile->bssid, ETH_ALEN);
2275 	scbval.val = cpu_to_le32(reason_code);
2276 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_DISASSOC,
2277 				     &scbval, sizeof(scbval));
2278 	if (err)
2279 		bphy_err(drvr, "error (%d)\n", err);
2280 
2281 	brcmf_dbg(TRACE, "Exit\n");
2282 	return err;
2283 }
2284 
2285 static s32
brcmf_cfg80211_set_tx_power(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_tx_power_setting type,s32 mbm)2286 brcmf_cfg80211_set_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2287 			    enum nl80211_tx_power_setting type, s32 mbm)
2288 {
2289 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2290 	struct net_device *ndev = cfg_to_ndev(cfg);
2291 	struct brcmf_if *ifp = netdev_priv(ndev);
2292 	struct brcmf_pub *drvr = cfg->pub;
2293 	s32 err;
2294 	s32 disable;
2295 	u32 qdbm = 127;
2296 
2297 	brcmf_dbg(TRACE, "Enter %d %d\n", type, mbm);
2298 	if (!check_vif_up(ifp->vif))
2299 		return -EIO;
2300 
2301 	switch (type) {
2302 	case NL80211_TX_POWER_AUTOMATIC:
2303 		break;
2304 	case NL80211_TX_POWER_LIMITED:
2305 	case NL80211_TX_POWER_FIXED:
2306 		if (mbm < 0) {
2307 			bphy_err(drvr, "TX_POWER_FIXED - dbm is negative\n");
2308 			err = -EINVAL;
2309 			goto done;
2310 		}
2311 		qdbm =  MBM_TO_DBM(4 * mbm);
2312 		if (qdbm > 127)
2313 			qdbm = 127;
2314 		qdbm |= WL_TXPWR_OVERRIDE;
2315 		break;
2316 	default:
2317 		bphy_err(drvr, "Unsupported type %d\n", type);
2318 		err = -EINVAL;
2319 		goto done;
2320 	}
2321 	/* Make sure radio is off or on as far as software is concerned */
2322 	disable = WL_RADIO_SW_DISABLE << 16;
2323 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_RADIO, disable);
2324 	if (err)
2325 		bphy_err(drvr, "WLC_SET_RADIO error (%d)\n", err);
2326 
2327 	err = brcmf_fil_iovar_int_set(ifp, "qtxpower", qdbm);
2328 	if (err)
2329 		bphy_err(drvr, "qtxpower error (%d)\n", err);
2330 
2331 done:
2332 	brcmf_dbg(TRACE, "Exit %d (qdbm)\n", qdbm & ~WL_TXPWR_OVERRIDE);
2333 	return err;
2334 }
2335 
2336 static s32
brcmf_cfg80211_get_tx_power(struct wiphy * wiphy,struct wireless_dev * wdev,s32 * dbm)2337 brcmf_cfg80211_get_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2338 			    s32 *dbm)
2339 {
2340 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2341 	struct brcmf_cfg80211_vif *vif = wdev_to_vif(wdev);
2342 	struct brcmf_pub *drvr = cfg->pub;
2343 	s32 qdbm = 0;
2344 	s32 err;
2345 
2346 	brcmf_dbg(TRACE, "Enter\n");
2347 	if (!check_vif_up(vif))
2348 		return -EIO;
2349 
2350 	err = brcmf_fil_iovar_int_get(vif->ifp, "qtxpower", &qdbm);
2351 	if (err) {
2352 		bphy_err(drvr, "error (%d)\n", err);
2353 		goto done;
2354 	}
2355 	*dbm = (qdbm & ~WL_TXPWR_OVERRIDE) / 4;
2356 
2357 done:
2358 	brcmf_dbg(TRACE, "Exit (0x%x %d)\n", qdbm, *dbm);
2359 	return err;
2360 }
2361 
2362 static s32
brcmf_cfg80211_config_default_key(struct wiphy * wiphy,struct net_device * ndev,int link_id,u8 key_idx,bool unicast,bool multicast)2363 brcmf_cfg80211_config_default_key(struct wiphy *wiphy, struct net_device *ndev,
2364 				  int link_id, u8 key_idx, bool unicast,
2365 				  bool multicast)
2366 {
2367 	struct brcmf_if *ifp = netdev_priv(ndev);
2368 	struct brcmf_pub *drvr = ifp->drvr;
2369 	u32 index;
2370 	u32 wsec;
2371 	s32 err = 0;
2372 
2373 	brcmf_dbg(TRACE, "Enter\n");
2374 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2375 	if (!check_vif_up(ifp->vif))
2376 		return -EIO;
2377 
2378 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2379 	if (err) {
2380 		bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2381 		goto done;
2382 	}
2383 
2384 	if (wsec & WEP_ENABLED) {
2385 		/* Just select a new current key */
2386 		index = key_idx;
2387 		err = brcmf_fil_cmd_int_set(ifp,
2388 					    BRCMF_C_SET_KEY_PRIMARY, index);
2389 		if (err)
2390 			bphy_err(drvr, "error (%d)\n", err);
2391 	}
2392 done:
2393 	brcmf_dbg(TRACE, "Exit\n");
2394 	return err;
2395 }
2396 
2397 static s32
brcmf_cfg80211_del_key(struct wiphy * wiphy,struct net_device * ndev,int link_id,u8 key_idx,bool pairwise,const u8 * mac_addr)2398 brcmf_cfg80211_del_key(struct wiphy *wiphy, struct net_device *ndev,
2399 		       int link_id, u8 key_idx, bool pairwise,
2400 		       const u8 *mac_addr)
2401 {
2402 	struct brcmf_if *ifp = netdev_priv(ndev);
2403 	struct brcmf_wsec_key *key;
2404 	s32 err;
2405 
2406 	brcmf_dbg(TRACE, "Enter\n");
2407 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2408 
2409 	if (!check_vif_up(ifp->vif))
2410 		return -EIO;
2411 
2412 	if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2413 		/* we ignore this key index in this case */
2414 		return -EINVAL;
2415 	}
2416 
2417 	key = &ifp->vif->profile.key[key_idx];
2418 
2419 	if (key->algo == CRYPTO_ALGO_OFF) {
2420 		brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
2421 		return -EINVAL;
2422 	}
2423 
2424 	memset(key, 0, sizeof(*key));
2425 	key->index = (u32)key_idx;
2426 	key->flags = BRCMF_PRIMARY_KEY;
2427 
2428 	/* Clear the key/index */
2429 	err = send_key_to_dongle(ifp, key);
2430 
2431 	brcmf_dbg(TRACE, "Exit\n");
2432 	return err;
2433 }
2434 
2435 static s32
brcmf_cfg80211_add_key(struct wiphy * wiphy,struct net_device * ndev,int link_id,u8 key_idx,bool pairwise,const u8 * mac_addr,struct key_params * params)2436 brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
2437 		       int link_id, u8 key_idx, bool pairwise,
2438 		       const u8 *mac_addr, struct key_params *params)
2439 {
2440 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2441 	struct brcmf_if *ifp = netdev_priv(ndev);
2442 	struct brcmf_pub *drvr = cfg->pub;
2443 	struct brcmf_wsec_key *key;
2444 	s32 val;
2445 	s32 wsec;
2446 	s32 err;
2447 	u8 keybuf[8];
2448 	bool ext_key;
2449 
2450 	brcmf_dbg(TRACE, "Enter\n");
2451 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2452 	if (!check_vif_up(ifp->vif))
2453 		return -EIO;
2454 
2455 	if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2456 		/* we ignore this key index in this case */
2457 		bphy_err(drvr, "invalid key index (%d)\n", key_idx);
2458 		return -EINVAL;
2459 	}
2460 
2461 	if (params->key_len == 0)
2462 		return brcmf_cfg80211_del_key(wiphy, ndev, -1, key_idx,
2463 					      pairwise, mac_addr);
2464 
2465 	if (params->key_len > sizeof(key->data)) {
2466 		bphy_err(drvr, "Too long key length (%u)\n", params->key_len);
2467 		return -EINVAL;
2468 	}
2469 
2470 	ext_key = false;
2471 	if (mac_addr && (params->cipher != WLAN_CIPHER_SUITE_WEP40) &&
2472 	    (params->cipher != WLAN_CIPHER_SUITE_WEP104)) {
2473 		brcmf_dbg(TRACE, "Ext key, mac %pM", mac_addr);
2474 		ext_key = true;
2475 	}
2476 
2477 	key = &ifp->vif->profile.key[key_idx];
2478 	memset(key, 0, sizeof(*key));
2479 	if ((ext_key) && (!is_multicast_ether_addr(mac_addr)))
2480 		memcpy((char *)&key->ea, (void *)mac_addr, ETH_ALEN);
2481 	key->len = params->key_len;
2482 	key->index = key_idx;
2483 	memcpy(key->data, params->key, key->len);
2484 	if (!ext_key)
2485 		key->flags = BRCMF_PRIMARY_KEY;
2486 
2487 	if (params->seq && params->seq_len == 6) {
2488 		/* rx iv */
2489 		u8 *ivptr;
2490 
2491 		ivptr = (u8 *)params->seq;
2492 		key->rxiv.hi = (ivptr[5] << 24) | (ivptr[4] << 16) |
2493 			(ivptr[3] << 8) | ivptr[2];
2494 		key->rxiv.lo = (ivptr[1] << 8) | ivptr[0];
2495 		key->iv_initialized = true;
2496 	}
2497 
2498 	switch (params->cipher) {
2499 	case WLAN_CIPHER_SUITE_WEP40:
2500 		key->algo = CRYPTO_ALGO_WEP1;
2501 		val = WEP_ENABLED;
2502 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2503 		break;
2504 	case WLAN_CIPHER_SUITE_WEP104:
2505 		key->algo = CRYPTO_ALGO_WEP128;
2506 		val = WEP_ENABLED;
2507 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2508 		break;
2509 	case WLAN_CIPHER_SUITE_TKIP:
2510 		if (!brcmf_is_apmode(ifp->vif)) {
2511 			brcmf_dbg(CONN, "Swapping RX/TX MIC key\n");
2512 			memcpy(keybuf, &key->data[24], sizeof(keybuf));
2513 			memcpy(&key->data[24], &key->data[16], sizeof(keybuf));
2514 			memcpy(&key->data[16], keybuf, sizeof(keybuf));
2515 		}
2516 		key->algo = CRYPTO_ALGO_TKIP;
2517 		val = TKIP_ENABLED;
2518 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2519 		break;
2520 	case WLAN_CIPHER_SUITE_AES_CMAC:
2521 		key->algo = CRYPTO_ALGO_AES_CCM;
2522 		val = AES_ENABLED;
2523 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2524 		break;
2525 	case WLAN_CIPHER_SUITE_CCMP:
2526 		key->algo = CRYPTO_ALGO_AES_CCM;
2527 		val = AES_ENABLED;
2528 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_CCMP\n");
2529 		break;
2530 	default:
2531 		bphy_err(drvr, "Invalid cipher (0x%x)\n", params->cipher);
2532 		err = -EINVAL;
2533 		goto done;
2534 	}
2535 
2536 	err = send_key_to_dongle(ifp, key);
2537 	if (ext_key || err)
2538 		goto done;
2539 
2540 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2541 	if (err) {
2542 		bphy_err(drvr, "get wsec error (%d)\n", err);
2543 		goto done;
2544 	}
2545 	wsec |= val;
2546 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2547 	if (err) {
2548 		bphy_err(drvr, "set wsec error (%d)\n", err);
2549 		goto done;
2550 	}
2551 
2552 done:
2553 	brcmf_dbg(TRACE, "Exit\n");
2554 	return err;
2555 }
2556 
2557 static s32
brcmf_cfg80211_get_key(struct wiphy * wiphy,struct net_device * ndev,int link_id,u8 key_idx,bool pairwise,const u8 * mac_addr,void * cookie,void (* callback)(void * cookie,struct key_params * params))2558 brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev,
2559 		       int link_id, u8 key_idx, bool pairwise,
2560 		       const u8 *mac_addr, void *cookie,
2561 		       void (*callback)(void *cookie,
2562 					struct key_params *params))
2563 {
2564 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2565 	struct key_params params;
2566 	struct brcmf_if *ifp = netdev_priv(ndev);
2567 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2568 	struct brcmf_pub *drvr = cfg->pub;
2569 	struct brcmf_cfg80211_security *sec;
2570 	s32 wsec;
2571 	s32 err = 0;
2572 
2573 	brcmf_dbg(TRACE, "Enter\n");
2574 	brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2575 	if (!check_vif_up(ifp->vif))
2576 		return -EIO;
2577 
2578 	memset(&params, 0, sizeof(params));
2579 
2580 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2581 	if (err) {
2582 		bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2583 		/* Ignore this error, may happen during DISASSOC */
2584 		err = -EAGAIN;
2585 		goto done;
2586 	}
2587 	if (wsec & WEP_ENABLED) {
2588 		sec = &profile->sec;
2589 		if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP40) {
2590 			params.cipher = WLAN_CIPHER_SUITE_WEP40;
2591 			brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2592 		} else if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP104) {
2593 			params.cipher = WLAN_CIPHER_SUITE_WEP104;
2594 			brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2595 		}
2596 	} else if (wsec & TKIP_ENABLED) {
2597 		params.cipher = WLAN_CIPHER_SUITE_TKIP;
2598 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2599 	} else if (wsec & AES_ENABLED) {
2600 		params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
2601 		brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2602 	} else  {
2603 		bphy_err(drvr, "Invalid algo (0x%x)\n", wsec);
2604 		err = -EINVAL;
2605 		goto done;
2606 	}
2607 	callback(cookie, &params);
2608 
2609 done:
2610 	brcmf_dbg(TRACE, "Exit\n");
2611 	return err;
2612 }
2613 
2614 static s32
brcmf_cfg80211_config_default_mgmt_key(struct wiphy * wiphy,struct net_device * ndev,int link_id,u8 key_idx)2615 brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
2616 				       struct net_device *ndev, int link_id,
2617 				       u8 key_idx)
2618 {
2619 	struct brcmf_if *ifp = netdev_priv(ndev);
2620 
2621 	brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
2622 
2623 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
2624 		return 0;
2625 
2626 	brcmf_dbg(INFO, "Not supported\n");
2627 
2628 	return -EOPNOTSUPP;
2629 }
2630 
2631 static void
brcmf_cfg80211_reconfigure_wep(struct brcmf_if * ifp)2632 brcmf_cfg80211_reconfigure_wep(struct brcmf_if *ifp)
2633 {
2634 	struct brcmf_pub *drvr = ifp->drvr;
2635 	s32 err;
2636 	u8 key_idx;
2637 	struct brcmf_wsec_key *key;
2638 	s32 wsec;
2639 
2640 	for (key_idx = 0; key_idx < BRCMF_MAX_DEFAULT_KEYS; key_idx++) {
2641 		key = &ifp->vif->profile.key[key_idx];
2642 		if ((key->algo == CRYPTO_ALGO_WEP1) ||
2643 		    (key->algo == CRYPTO_ALGO_WEP128))
2644 			break;
2645 	}
2646 	if (key_idx == BRCMF_MAX_DEFAULT_KEYS)
2647 		return;
2648 
2649 	err = send_key_to_dongle(ifp, key);
2650 	if (err) {
2651 		bphy_err(drvr, "Setting WEP key failed (%d)\n", err);
2652 		return;
2653 	}
2654 	err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2655 	if (err) {
2656 		bphy_err(drvr, "get wsec error (%d)\n", err);
2657 		return;
2658 	}
2659 	wsec |= WEP_ENABLED;
2660 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2661 	if (err)
2662 		bphy_err(drvr, "set wsec error (%d)\n", err);
2663 }
2664 
brcmf_convert_sta_flags(u32 fw_sta_flags,struct station_info * si)2665 static void brcmf_convert_sta_flags(u32 fw_sta_flags, struct station_info *si)
2666 {
2667 	struct nl80211_sta_flag_update *sfu;
2668 
2669 	brcmf_dbg(TRACE, "flags %08x\n", fw_sta_flags);
2670 	si->filled |= BIT_ULL(NL80211_STA_INFO_STA_FLAGS);
2671 	sfu = &si->sta_flags;
2672 	sfu->mask = BIT(NL80211_STA_FLAG_WME) |
2673 		    BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2674 		    BIT(NL80211_STA_FLAG_ASSOCIATED) |
2675 		    BIT(NL80211_STA_FLAG_AUTHORIZED);
2676 	if (fw_sta_flags & BRCMF_STA_WME)
2677 		sfu->set |= BIT(NL80211_STA_FLAG_WME);
2678 	if (fw_sta_flags & BRCMF_STA_AUTHE)
2679 		sfu->set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
2680 	if (fw_sta_flags & BRCMF_STA_ASSOC)
2681 		sfu->set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2682 	if (fw_sta_flags & BRCMF_STA_AUTHO)
2683 		sfu->set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
2684 }
2685 
brcmf_fill_bss_param(struct brcmf_if * ifp,struct station_info * si)2686 static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si)
2687 {
2688 	struct brcmf_pub *drvr = ifp->drvr;
2689 	struct {
2690 		__le32 len;
2691 		struct brcmf_bss_info_le bss_le;
2692 	} *buf;
2693 	u16 capability;
2694 	int err;
2695 
2696 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
2697 	if (!buf)
2698 		return;
2699 
2700 	buf->len = cpu_to_le32(WL_BSS_INFO_MAX);
2701 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO, buf,
2702 				     WL_BSS_INFO_MAX);
2703 	if (err) {
2704 		bphy_err(drvr, "Failed to get bss info (%d)\n", err);
2705 		goto out_kfree;
2706 	}
2707 	si->filled |= BIT_ULL(NL80211_STA_INFO_BSS_PARAM);
2708 	si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period);
2709 	si->bss_param.dtim_period = buf->bss_le.dtim_period;
2710 	capability = le16_to_cpu(buf->bss_le.capability);
2711 	if (capability & IEEE80211_HT_STBC_PARAM_DUAL_CTS_PROT)
2712 		si->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
2713 	if (capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2714 		si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
2715 	if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2716 		si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
2717 
2718 out_kfree:
2719 	kfree(buf);
2720 }
2721 
2722 static s32
brcmf_cfg80211_get_station_ibss(struct brcmf_if * ifp,struct station_info * sinfo)2723 brcmf_cfg80211_get_station_ibss(struct brcmf_if *ifp,
2724 				struct station_info *sinfo)
2725 {
2726 	struct brcmf_pub *drvr = ifp->drvr;
2727 	struct brcmf_scb_val_le scbval;
2728 	struct brcmf_pktcnt_le pktcnt;
2729 	s32 err;
2730 	u32 rate;
2731 	u32 rssi;
2732 
2733 	/* Get the current tx rate */
2734 	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_RATE, &rate);
2735 	if (err < 0) {
2736 		bphy_err(drvr, "BRCMF_C_GET_RATE error (%d)\n", err);
2737 		return err;
2738 	}
2739 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2740 	sinfo->txrate.legacy = rate * 5;
2741 
2742 	memset(&scbval, 0, sizeof(scbval));
2743 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI, &scbval,
2744 				     sizeof(scbval));
2745 	if (err) {
2746 		bphy_err(drvr, "BRCMF_C_GET_RSSI error (%d)\n", err);
2747 		return err;
2748 	}
2749 	rssi = le32_to_cpu(scbval.val);
2750 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2751 	sinfo->signal = rssi;
2752 
2753 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_GET_PKTCNTS, &pktcnt,
2754 				     sizeof(pktcnt));
2755 	if (err) {
2756 		bphy_err(drvr, "BRCMF_C_GET_GET_PKTCNTS error (%d)\n", err);
2757 		return err;
2758 	}
2759 	sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS) |
2760 			 BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC) |
2761 			 BIT_ULL(NL80211_STA_INFO_TX_PACKETS) |
2762 			 BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2763 	sinfo->rx_packets = le32_to_cpu(pktcnt.rx_good_pkt);
2764 	sinfo->rx_dropped_misc = le32_to_cpu(pktcnt.rx_bad_pkt);
2765 	sinfo->tx_packets = le32_to_cpu(pktcnt.tx_good_pkt);
2766 	sinfo->tx_failed  = le32_to_cpu(pktcnt.tx_bad_pkt);
2767 
2768 	return 0;
2769 }
2770 
2771 static s32
brcmf_cfg80211_get_station(struct wiphy * wiphy,struct net_device * ndev,const u8 * mac,struct station_info * sinfo)2772 brcmf_cfg80211_get_station(struct wiphy *wiphy, struct net_device *ndev,
2773 			   const u8 *mac, struct station_info *sinfo)
2774 {
2775 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2776 	struct brcmf_if *ifp = netdev_priv(ndev);
2777 	struct brcmf_pub *drvr = cfg->pub;
2778 	struct brcmf_scb_val_le scb_val;
2779 	s32 err = 0;
2780 	struct brcmf_sta_info_le sta_info_le;
2781 	u32 sta_flags;
2782 	u32 is_tdls_peer;
2783 	s32 total_rssi_avg = 0;
2784 	s32 total_rssi = 0;
2785 	s32 count_rssi = 0;
2786 	int rssi;
2787 	u32 i;
2788 
2789 	brcmf_dbg(TRACE, "Enter, MAC %pM\n", mac);
2790 	if (!check_vif_up(ifp->vif))
2791 		return -EIO;
2792 
2793 	if (brcmf_is_ibssmode(ifp->vif))
2794 		return brcmf_cfg80211_get_station_ibss(ifp, sinfo);
2795 
2796 	memset(&sta_info_le, 0, sizeof(sta_info_le));
2797 	memcpy(&sta_info_le, mac, ETH_ALEN);
2798 	err = brcmf_fil_iovar_data_get(ifp, "tdls_sta_info",
2799 				       &sta_info_le,
2800 				       sizeof(sta_info_le));
2801 	is_tdls_peer = !err;
2802 	if (err) {
2803 		err = brcmf_fil_iovar_data_get(ifp, "sta_info",
2804 					       &sta_info_le,
2805 					       sizeof(sta_info_le));
2806 		if (err < 0) {
2807 			bphy_err(drvr, "GET STA INFO failed, %d\n", err);
2808 			goto done;
2809 		}
2810 	}
2811 	brcmf_dbg(TRACE, "version %d\n", le16_to_cpu(sta_info_le.ver));
2812 	sinfo->filled = BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME);
2813 	sinfo->inactive_time = le32_to_cpu(sta_info_le.idle) * 1000;
2814 	sta_flags = le32_to_cpu(sta_info_le.flags);
2815 	brcmf_convert_sta_flags(sta_flags, sinfo);
2816 	sinfo->sta_flags.mask |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2817 	if (is_tdls_peer)
2818 		sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2819 	else
2820 		sinfo->sta_flags.set &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2821 	if (sta_flags & BRCMF_STA_ASSOC) {
2822 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CONNECTED_TIME);
2823 		sinfo->connected_time = le32_to_cpu(sta_info_le.in);
2824 		brcmf_fill_bss_param(ifp, sinfo);
2825 	}
2826 	if (sta_flags & BRCMF_STA_SCBSTATS) {
2827 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2828 		sinfo->tx_failed = le32_to_cpu(sta_info_le.tx_failures);
2829 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
2830 		sinfo->tx_packets = le32_to_cpu(sta_info_le.tx_pkts);
2831 		sinfo->tx_packets += le32_to_cpu(sta_info_le.tx_mcast_pkts);
2832 		sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
2833 		sinfo->rx_packets = le32_to_cpu(sta_info_le.rx_ucast_pkts);
2834 		sinfo->rx_packets += le32_to_cpu(sta_info_le.rx_mcast_pkts);
2835 		if (sinfo->tx_packets) {
2836 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2837 			sinfo->txrate.legacy =
2838 				le32_to_cpu(sta_info_le.tx_rate) / 100;
2839 		}
2840 		if (sinfo->rx_packets) {
2841 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
2842 			sinfo->rxrate.legacy =
2843 				le32_to_cpu(sta_info_le.rx_rate) / 100;
2844 		}
2845 		if (le16_to_cpu(sta_info_le.ver) >= 4) {
2846 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
2847 			sinfo->tx_bytes = le64_to_cpu(sta_info_le.tx_tot_bytes);
2848 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
2849 			sinfo->rx_bytes = le64_to_cpu(sta_info_le.rx_tot_bytes);
2850 		}
2851 		for (i = 0; i < BRCMF_ANT_MAX; i++) {
2852 			if (sta_info_le.rssi[i] == 0 ||
2853 			    sta_info_le.rx_lastpkt_rssi[i] == 0)
2854 				continue;
2855 			sinfo->chains |= BIT(count_rssi);
2856 			sinfo->chain_signal[count_rssi] =
2857 				sta_info_le.rx_lastpkt_rssi[i];
2858 			sinfo->chain_signal_avg[count_rssi] =
2859 				sta_info_le.rssi[i];
2860 			total_rssi += sta_info_le.rx_lastpkt_rssi[i];
2861 			total_rssi_avg += sta_info_le.rssi[i];
2862 			count_rssi++;
2863 		}
2864 		if (count_rssi) {
2865 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2866 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
2867 			sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
2868 			sinfo->filled |=
2869 				BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
2870 			sinfo->signal = total_rssi / count_rssi;
2871 			sinfo->signal_avg = total_rssi_avg / count_rssi;
2872 		} else if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
2873 			&ifp->vif->sme_state)) {
2874 			memset(&scb_val, 0, sizeof(scb_val));
2875 			err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI,
2876 						     &scb_val, sizeof(scb_val));
2877 			if (err) {
2878 				bphy_err(drvr, "Could not get rssi (%d)\n",
2879 					 err);
2880 				goto done;
2881 			} else {
2882 				rssi = le32_to_cpu(scb_val.val);
2883 				sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2884 				sinfo->signal = rssi;
2885 				brcmf_dbg(CONN, "RSSI %d dBm\n", rssi);
2886 			}
2887 		}
2888 	}
2889 done:
2890 	brcmf_dbg(TRACE, "Exit\n");
2891 	return err;
2892 }
2893 
2894 static int
brcmf_cfg80211_dump_station(struct wiphy * wiphy,struct net_device * ndev,int idx,u8 * mac,struct station_info * sinfo)2895 brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
2896 			    int idx, u8 *mac, struct station_info *sinfo)
2897 {
2898 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2899 	struct brcmf_if *ifp = netdev_priv(ndev);
2900 	struct brcmf_pub *drvr = cfg->pub;
2901 	s32 err;
2902 
2903 	brcmf_dbg(TRACE, "Enter, idx %d\n", idx);
2904 
2905 	if (idx == 0) {
2906 		cfg->assoclist.count = cpu_to_le32(BRCMF_MAX_ASSOCLIST);
2907 		err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_ASSOCLIST,
2908 					     &cfg->assoclist,
2909 					     sizeof(cfg->assoclist));
2910 		if (err) {
2911 			/* GET_ASSOCLIST unsupported by firmware of older chips */
2912 			if (err == -EBADE)
2913 				bphy_info_once(drvr, "BRCMF_C_GET_ASSOCLIST unsupported\n");
2914 			else
2915 				bphy_err(drvr, "BRCMF_C_GET_ASSOCLIST failed, err=%d\n",
2916 					 err);
2917 
2918 			cfg->assoclist.count = 0;
2919 			return -EOPNOTSUPP;
2920 		}
2921 	}
2922 	if (idx < le32_to_cpu(cfg->assoclist.count)) {
2923 		memcpy(mac, cfg->assoclist.mac[idx], ETH_ALEN);
2924 		return brcmf_cfg80211_get_station(wiphy, ndev, mac, sinfo);
2925 	}
2926 	return -ENOENT;
2927 }
2928 
2929 static s32
brcmf_cfg80211_set_power_mgmt(struct wiphy * wiphy,struct net_device * ndev,bool enabled,s32 timeout)2930 brcmf_cfg80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *ndev,
2931 			   bool enabled, s32 timeout)
2932 {
2933 	s32 pm;
2934 	s32 err = 0;
2935 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2936 	struct brcmf_if *ifp = netdev_priv(ndev);
2937 	struct brcmf_pub *drvr = cfg->pub;
2938 
2939 	brcmf_dbg(TRACE, "Enter\n");
2940 
2941 	/*
2942 	 * Powersave enable/disable request is coming from the
2943 	 * cfg80211 even before the interface is up. In that
2944 	 * scenario, driver will be storing the power save
2945 	 * preference in cfg struct to apply this to
2946 	 * FW later while initializing the dongle
2947 	 */
2948 	cfg->pwr_save = enabled;
2949 	if (!check_vif_up(ifp->vif)) {
2950 
2951 		brcmf_dbg(INFO, "Device is not ready, storing the value in cfg_info struct\n");
2952 		goto done;
2953 	}
2954 
2955 	pm = enabled ? PM_FAST : PM_OFF;
2956 	/* Do not enable the power save after assoc if it is a p2p interface */
2957 	if (ifp->vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) {
2958 		brcmf_dbg(INFO, "Do not enable power save for P2P clients\n");
2959 		pm = PM_OFF;
2960 	}
2961 	brcmf_dbg(INFO, "power save %s\n", (pm ? "enabled" : "disabled"));
2962 
2963 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, pm);
2964 	if (err) {
2965 		if (err == -ENODEV)
2966 			bphy_err(drvr, "net_device is not ready yet\n");
2967 		else
2968 			bphy_err(drvr, "error (%d)\n", err);
2969 	}
2970 
2971 	err = brcmf_fil_iovar_int_set(ifp, "pm2_sleep_ret",
2972 				min_t(u32, timeout, BRCMF_PS_MAX_TIMEOUT_MS));
2973 	if (err)
2974 		bphy_err(drvr, "Unable to set pm timeout, (%d)\n", err);
2975 
2976 done:
2977 	brcmf_dbg(TRACE, "Exit\n");
2978 	return err;
2979 }
2980 
brcmf_inform_single_bss(struct brcmf_cfg80211_info * cfg,struct brcmf_bss_info_le * bi)2981 static s32 brcmf_inform_single_bss(struct brcmf_cfg80211_info *cfg,
2982 				   struct brcmf_bss_info_le *bi)
2983 {
2984 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
2985 	struct brcmf_pub *drvr = cfg->pub;
2986 	struct cfg80211_bss *bss;
2987 	enum nl80211_band band;
2988 	struct brcmu_chan ch;
2989 	u16 channel;
2990 	u32 freq;
2991 	u16 notify_capability;
2992 	u16 notify_interval;
2993 	u8 *notify_ie;
2994 	size_t notify_ielen;
2995 	struct cfg80211_inform_bss bss_data = {};
2996 
2997 	if (le32_to_cpu(bi->length) > WL_BSS_INFO_MAX) {
2998 		bphy_err(drvr, "Bss info is larger than buffer. Discarding\n");
2999 		return -EINVAL;
3000 	}
3001 
3002 	if (!bi->ctl_ch) {
3003 		ch.chspec = le16_to_cpu(bi->chanspec);
3004 		cfg->d11inf.decchspec(&ch);
3005 		bi->ctl_ch = ch.control_ch_num;
3006 	}
3007 	channel = bi->ctl_ch;
3008 
3009 	if (channel <= CH_MAX_2G_CHANNEL)
3010 		band = NL80211_BAND_2GHZ;
3011 	else
3012 		band = NL80211_BAND_5GHZ;
3013 
3014 	freq = ieee80211_channel_to_frequency(channel, band);
3015 	bss_data.chan = ieee80211_get_channel(wiphy, freq);
3016 	bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
3017 	bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
3018 
3019 	notify_capability = le16_to_cpu(bi->capability);
3020 	notify_interval = le16_to_cpu(bi->beacon_period);
3021 	notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3022 	notify_ielen = le32_to_cpu(bi->ie_length);
3023 	bss_data.signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3024 
3025 	brcmf_dbg(CONN, "bssid: %pM\n", bi->BSSID);
3026 	brcmf_dbg(CONN, "Channel: %d(%d)\n", channel, freq);
3027 	brcmf_dbg(CONN, "Capability: %X\n", notify_capability);
3028 	brcmf_dbg(CONN, "Beacon interval: %d\n", notify_interval);
3029 	brcmf_dbg(CONN, "Signal: %d\n", bss_data.signal);
3030 
3031 	bss = cfg80211_inform_bss_data(wiphy, &bss_data,
3032 				       CFG80211_BSS_FTYPE_UNKNOWN,
3033 				       (const u8 *)bi->BSSID,
3034 				       0, notify_capability,
3035 				       notify_interval, notify_ie,
3036 				       notify_ielen, GFP_KERNEL);
3037 
3038 	if (!bss)
3039 		return -ENOMEM;
3040 
3041 	cfg80211_put_bss(wiphy, bss);
3042 
3043 	return 0;
3044 }
3045 
3046 static struct brcmf_bss_info_le *
next_bss_le(struct brcmf_scan_results * list,struct brcmf_bss_info_le * bss)3047 next_bss_le(struct brcmf_scan_results *list, struct brcmf_bss_info_le *bss)
3048 {
3049 	if (bss == NULL)
3050 		return list->bss_info_le;
3051 	return (struct brcmf_bss_info_le *)((unsigned long)bss +
3052 					    le32_to_cpu(bss->length));
3053 }
3054 
brcmf_inform_bss(struct brcmf_cfg80211_info * cfg)3055 static s32 brcmf_inform_bss(struct brcmf_cfg80211_info *cfg)
3056 {
3057 	struct brcmf_pub *drvr = cfg->pub;
3058 	struct brcmf_scan_results *bss_list;
3059 	struct brcmf_bss_info_le *bi = NULL;	/* must be initialized */
3060 	s32 err = 0;
3061 	int i;
3062 
3063 	bss_list = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
3064 	if (bss_list->count != 0 &&
3065 	    bss_list->version != BRCMF_BSS_INFO_VERSION) {
3066 		bphy_err(drvr, "Version %d != WL_BSS_INFO_VERSION\n",
3067 			 bss_list->version);
3068 		return -EOPNOTSUPP;
3069 	}
3070 	brcmf_dbg(SCAN, "scanned AP count (%d)\n", bss_list->count);
3071 	for (i = 0; i < bss_list->count; i++) {
3072 		bi = next_bss_le(bss_list, bi);
3073 		err = brcmf_inform_single_bss(cfg, bi);
3074 		if (err)
3075 			break;
3076 	}
3077 	return err;
3078 }
3079 
brcmf_inform_ibss(struct brcmf_cfg80211_info * cfg,struct net_device * ndev,const u8 * bssid)3080 static s32 brcmf_inform_ibss(struct brcmf_cfg80211_info *cfg,
3081 			     struct net_device *ndev, const u8 *bssid)
3082 {
3083 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
3084 	struct brcmf_pub *drvr = cfg->pub;
3085 	struct ieee80211_channel *notify_channel;
3086 	struct brcmf_bss_info_le *bi = NULL;
3087 	struct ieee80211_supported_band *band;
3088 	struct cfg80211_bss *bss;
3089 	struct brcmu_chan ch;
3090 	u8 *buf = NULL;
3091 	s32 err = 0;
3092 	u32 freq;
3093 	u16 notify_capability;
3094 	u16 notify_interval;
3095 	u8 *notify_ie;
3096 	size_t notify_ielen;
3097 	s32 notify_signal;
3098 
3099 	brcmf_dbg(TRACE, "Enter\n");
3100 
3101 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
3102 	if (buf == NULL) {
3103 		err = -ENOMEM;
3104 		goto CleanUp;
3105 	}
3106 
3107 	*(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
3108 
3109 	err = brcmf_fil_cmd_data_get(netdev_priv(ndev), BRCMF_C_GET_BSS_INFO,
3110 				     buf, WL_BSS_INFO_MAX);
3111 	if (err) {
3112 		bphy_err(drvr, "WLC_GET_BSS_INFO failed: %d\n", err);
3113 		goto CleanUp;
3114 	}
3115 
3116 	bi = (struct brcmf_bss_info_le *)(buf + 4);
3117 
3118 	ch.chspec = le16_to_cpu(bi->chanspec);
3119 	cfg->d11inf.decchspec(&ch);
3120 
3121 	if (ch.band == BRCMU_CHAN_BAND_2G)
3122 		band = wiphy->bands[NL80211_BAND_2GHZ];
3123 	else
3124 		band = wiphy->bands[NL80211_BAND_5GHZ];
3125 
3126 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
3127 	cfg->channel = freq;
3128 	notify_channel = ieee80211_get_channel(wiphy, freq);
3129 
3130 	notify_capability = le16_to_cpu(bi->capability);
3131 	notify_interval = le16_to_cpu(bi->beacon_period);
3132 	notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3133 	notify_ielen = le32_to_cpu(bi->ie_length);
3134 	notify_signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3135 
3136 	brcmf_dbg(CONN, "channel: %d(%d)\n", ch.control_ch_num, freq);
3137 	brcmf_dbg(CONN, "capability: %X\n", notify_capability);
3138 	brcmf_dbg(CONN, "beacon interval: %d\n", notify_interval);
3139 	brcmf_dbg(CONN, "signal: %d\n", notify_signal);
3140 
3141 	bss = cfg80211_inform_bss(wiphy, notify_channel,
3142 				  CFG80211_BSS_FTYPE_UNKNOWN, bssid, 0,
3143 				  notify_capability, notify_interval,
3144 				  notify_ie, notify_ielen, notify_signal,
3145 				  GFP_KERNEL);
3146 
3147 	if (!bss) {
3148 		err = -ENOMEM;
3149 		goto CleanUp;
3150 	}
3151 
3152 	cfg80211_put_bss(wiphy, bss);
3153 
3154 CleanUp:
3155 
3156 	kfree(buf);
3157 
3158 	brcmf_dbg(TRACE, "Exit\n");
3159 
3160 	return err;
3161 }
3162 
brcmf_update_bss_info(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp)3163 static s32 brcmf_update_bss_info(struct brcmf_cfg80211_info *cfg,
3164 				 struct brcmf_if *ifp)
3165 {
3166 	struct brcmf_pub *drvr = cfg->pub;
3167 	struct brcmf_bss_info_le *bi = NULL;
3168 	s32 err = 0;
3169 
3170 	brcmf_dbg(TRACE, "Enter\n");
3171 	if (brcmf_is_ibssmode(ifp->vif))
3172 		return err;
3173 
3174 	*(__le32 *)cfg->extra_buf = cpu_to_le32(WL_EXTRA_BUF_MAX);
3175 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
3176 				     cfg->extra_buf, WL_EXTRA_BUF_MAX);
3177 	if (err) {
3178 		bphy_err(drvr, "Could not get bss info %d\n", err);
3179 		goto update_bss_info_out;
3180 	}
3181 	bi = (struct brcmf_bss_info_le *)(cfg->extra_buf + 4);
3182 	err = brcmf_inform_single_bss(cfg, bi);
3183 
3184 update_bss_info_out:
3185 	brcmf_dbg(TRACE, "Exit");
3186 	return err;
3187 }
3188 
brcmf_abort_scanning(struct brcmf_cfg80211_info * cfg)3189 void brcmf_abort_scanning(struct brcmf_cfg80211_info *cfg)
3190 {
3191 	struct escan_info *escan = &cfg->escan_info;
3192 
3193 	set_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3194 	if (cfg->int_escan_map || cfg->scan_request) {
3195 		escan->escan_state = WL_ESCAN_STATE_IDLE;
3196 		brcmf_notify_escan_complete(cfg, escan->ifp, true, true);
3197 	}
3198 	clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3199 	clear_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3200 }
3201 
brcmf_cfg80211_escan_timeout_worker(struct work_struct * work)3202 static void brcmf_cfg80211_escan_timeout_worker(struct work_struct *work)
3203 {
3204 	struct brcmf_cfg80211_info *cfg =
3205 			container_of(work, struct brcmf_cfg80211_info,
3206 				     escan_timeout_work);
3207 
3208 	brcmf_inform_bss(cfg);
3209 	brcmf_notify_escan_complete(cfg, cfg->escan_info.ifp, true, true);
3210 }
3211 
brcmf_escan_timeout(struct timer_list * t)3212 static void brcmf_escan_timeout(struct timer_list *t)
3213 {
3214 	struct brcmf_cfg80211_info *cfg =
3215 			from_timer(cfg, t, escan_timeout);
3216 	struct brcmf_pub *drvr = cfg->pub;
3217 
3218 	if (cfg->int_escan_map || cfg->scan_request) {
3219 		bphy_err(drvr, "timer expired\n");
3220 		schedule_work(&cfg->escan_timeout_work);
3221 	}
3222 }
3223 
3224 static s32
brcmf_compare_update_same_bss(struct brcmf_cfg80211_info * cfg,struct brcmf_bss_info_le * bss,struct brcmf_bss_info_le * bss_info_le)3225 brcmf_compare_update_same_bss(struct brcmf_cfg80211_info *cfg,
3226 			      struct brcmf_bss_info_le *bss,
3227 			      struct brcmf_bss_info_le *bss_info_le)
3228 {
3229 	struct brcmu_chan ch_bss, ch_bss_info_le;
3230 
3231 	ch_bss.chspec = le16_to_cpu(bss->chanspec);
3232 	cfg->d11inf.decchspec(&ch_bss);
3233 	ch_bss_info_le.chspec = le16_to_cpu(bss_info_le->chanspec);
3234 	cfg->d11inf.decchspec(&ch_bss_info_le);
3235 
3236 	if (!memcmp(&bss_info_le->BSSID, &bss->BSSID, ETH_ALEN) &&
3237 		ch_bss.band == ch_bss_info_le.band &&
3238 		bss_info_le->SSID_len == bss->SSID_len &&
3239 		!memcmp(bss_info_le->SSID, bss->SSID, bss_info_le->SSID_len)) {
3240 		if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) ==
3241 			(bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL)) {
3242 			s16 bss_rssi = le16_to_cpu(bss->RSSI);
3243 			s16 bss_info_rssi = le16_to_cpu(bss_info_le->RSSI);
3244 
3245 			/* preserve max RSSI if the measurements are
3246 			* both on-channel or both off-channel
3247 			*/
3248 			if (bss_info_rssi > bss_rssi)
3249 				bss->RSSI = bss_info_le->RSSI;
3250 		} else if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) &&
3251 			(bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL) == 0) {
3252 			/* preserve the on-channel rssi measurement
3253 			* if the new measurement is off channel
3254 			*/
3255 			bss->RSSI = bss_info_le->RSSI;
3256 			bss->flags |= BRCMF_BSS_RSSI_ON_CHANNEL;
3257 		}
3258 		return 1;
3259 	}
3260 	return 0;
3261 }
3262 
3263 static s32
brcmf_cfg80211_escan_handler(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)3264 brcmf_cfg80211_escan_handler(struct brcmf_if *ifp,
3265 			     const struct brcmf_event_msg *e, void *data)
3266 {
3267 	struct brcmf_pub *drvr = ifp->drvr;
3268 	struct brcmf_cfg80211_info *cfg = drvr->config;
3269 	s32 status;
3270 	struct brcmf_escan_result_le *escan_result_le;
3271 	u32 escan_buflen;
3272 	struct brcmf_bss_info_le *bss_info_le;
3273 	struct brcmf_bss_info_le *bss = NULL;
3274 	u32 bi_length;
3275 	struct brcmf_scan_results *list;
3276 	u32 i;
3277 	bool aborted;
3278 
3279 	status = e->status;
3280 
3281 	if (status == BRCMF_E_STATUS_ABORT)
3282 		goto exit;
3283 
3284 	if (!test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3285 		bphy_err(drvr, "scan not ready, bsscfgidx=%d\n",
3286 			 ifp->bsscfgidx);
3287 		return -EPERM;
3288 	}
3289 
3290 	if (status == BRCMF_E_STATUS_PARTIAL) {
3291 		brcmf_dbg(SCAN, "ESCAN Partial result\n");
3292 		if (e->datalen < sizeof(*escan_result_le)) {
3293 			bphy_err(drvr, "invalid event data length\n");
3294 			goto exit;
3295 		}
3296 		escan_result_le = (struct brcmf_escan_result_le *) data;
3297 		if (!escan_result_le) {
3298 			bphy_err(drvr, "Invalid escan result (NULL pointer)\n");
3299 			goto exit;
3300 		}
3301 		escan_buflen = le32_to_cpu(escan_result_le->buflen);
3302 		if (escan_buflen > BRCMF_ESCAN_BUF_SIZE ||
3303 		    escan_buflen > e->datalen ||
3304 		    escan_buflen < sizeof(*escan_result_le)) {
3305 			bphy_err(drvr, "Invalid escan buffer length: %d\n",
3306 				 escan_buflen);
3307 			goto exit;
3308 		}
3309 		if (le16_to_cpu(escan_result_le->bss_count) != 1) {
3310 			bphy_err(drvr, "Invalid bss_count %d: ignoring\n",
3311 				 escan_result_le->bss_count);
3312 			goto exit;
3313 		}
3314 		bss_info_le = &escan_result_le->bss_info_le;
3315 
3316 		if (brcmf_p2p_scan_finding_common_channel(cfg, bss_info_le))
3317 			goto exit;
3318 
3319 		if (!cfg->int_escan_map && !cfg->scan_request) {
3320 			brcmf_dbg(SCAN, "result without cfg80211 request\n");
3321 			goto exit;
3322 		}
3323 
3324 		bi_length = le32_to_cpu(bss_info_le->length);
3325 		if (bi_length != escan_buflen -	WL_ESCAN_RESULTS_FIXED_SIZE) {
3326 			bphy_err(drvr, "Ignoring invalid bss_info length: %d\n",
3327 				 bi_length);
3328 			goto exit;
3329 		}
3330 
3331 		if (!(cfg_to_wiphy(cfg)->interface_modes &
3332 					BIT(NL80211_IFTYPE_ADHOC))) {
3333 			if (le16_to_cpu(bss_info_le->capability) &
3334 						WLAN_CAPABILITY_IBSS) {
3335 				bphy_err(drvr, "Ignoring IBSS result\n");
3336 				goto exit;
3337 			}
3338 		}
3339 
3340 		list = (struct brcmf_scan_results *)
3341 				cfg->escan_info.escan_buf;
3342 		if (bi_length > BRCMF_ESCAN_BUF_SIZE - list->buflen) {
3343 			bphy_err(drvr, "Buffer is too small: ignoring\n");
3344 			goto exit;
3345 		}
3346 
3347 		for (i = 0; i < list->count; i++) {
3348 			bss = bss ? (struct brcmf_bss_info_le *)
3349 				((unsigned char *)bss +
3350 				le32_to_cpu(bss->length)) : list->bss_info_le;
3351 			if (brcmf_compare_update_same_bss(cfg, bss,
3352 							  bss_info_le))
3353 				goto exit;
3354 		}
3355 		memcpy(&cfg->escan_info.escan_buf[list->buflen], bss_info_le,
3356 		       bi_length);
3357 		list->version = le32_to_cpu(bss_info_le->version);
3358 		list->buflen += bi_length;
3359 		list->count++;
3360 	} else {
3361 		cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3362 		if (brcmf_p2p_scan_finding_common_channel(cfg, NULL))
3363 			goto exit;
3364 		if (cfg->int_escan_map || cfg->scan_request) {
3365 			brcmf_inform_bss(cfg);
3366 			aborted = status != BRCMF_E_STATUS_SUCCESS;
3367 			brcmf_notify_escan_complete(cfg, ifp, aborted, false);
3368 		} else
3369 			brcmf_dbg(SCAN, "Ignored scan complete result 0x%x\n",
3370 				  status);
3371 	}
3372 exit:
3373 	return 0;
3374 }
3375 
brcmf_init_escan(struct brcmf_cfg80211_info * cfg)3376 static void brcmf_init_escan(struct brcmf_cfg80211_info *cfg)
3377 {
3378 	brcmf_fweh_register(cfg->pub, BRCMF_E_ESCAN_RESULT,
3379 			    brcmf_cfg80211_escan_handler);
3380 	cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3381 	/* Init scan_timeout timer */
3382 	timer_setup(&cfg->escan_timeout, brcmf_escan_timeout, 0);
3383 	INIT_WORK(&cfg->escan_timeout_work,
3384 		  brcmf_cfg80211_escan_timeout_worker);
3385 }
3386 
3387 static struct cfg80211_scan_request *
brcmf_alloc_internal_escan_request(struct wiphy * wiphy,u32 n_netinfo)3388 brcmf_alloc_internal_escan_request(struct wiphy *wiphy, u32 n_netinfo) {
3389 	struct cfg80211_scan_request *req;
3390 	size_t req_size;
3391 
3392 	req_size = sizeof(*req) +
3393 		   n_netinfo * sizeof(req->channels[0]) +
3394 		   n_netinfo * sizeof(*req->ssids);
3395 
3396 	req = kzalloc(req_size, GFP_KERNEL);
3397 	if (req) {
3398 		req->wiphy = wiphy;
3399 		req->ssids = (void *)(&req->channels[0]) +
3400 			     n_netinfo * sizeof(req->channels[0]);
3401 	}
3402 	return req;
3403 }
3404 
brcmf_internal_escan_add_info(struct cfg80211_scan_request * req,u8 * ssid,u8 ssid_len,u8 channel)3405 static int brcmf_internal_escan_add_info(struct cfg80211_scan_request *req,
3406 					 u8 *ssid, u8 ssid_len, u8 channel)
3407 {
3408 	struct ieee80211_channel *chan;
3409 	enum nl80211_band band;
3410 	int freq, i;
3411 
3412 	if (channel <= CH_MAX_2G_CHANNEL)
3413 		band = NL80211_BAND_2GHZ;
3414 	else
3415 		band = NL80211_BAND_5GHZ;
3416 
3417 	freq = ieee80211_channel_to_frequency(channel, band);
3418 	if (!freq)
3419 		return -EINVAL;
3420 
3421 	chan = ieee80211_get_channel(req->wiphy, freq);
3422 	if (!chan)
3423 		return -EINVAL;
3424 
3425 	for (i = 0; i < req->n_channels; i++) {
3426 		if (req->channels[i] == chan)
3427 			break;
3428 	}
3429 	if (i == req->n_channels)
3430 		req->channels[req->n_channels++] = chan;
3431 
3432 	for (i = 0; i < req->n_ssids; i++) {
3433 		if (req->ssids[i].ssid_len == ssid_len &&
3434 		    !memcmp(req->ssids[i].ssid, ssid, ssid_len))
3435 			break;
3436 	}
3437 	if (i == req->n_ssids) {
3438 		memcpy(req->ssids[req->n_ssids].ssid, ssid, ssid_len);
3439 		req->ssids[req->n_ssids++].ssid_len = ssid_len;
3440 	}
3441 	return 0;
3442 }
3443 
brcmf_start_internal_escan(struct brcmf_if * ifp,u32 fwmap,struct cfg80211_scan_request * request)3444 static int brcmf_start_internal_escan(struct brcmf_if *ifp, u32 fwmap,
3445 				      struct cfg80211_scan_request *request)
3446 {
3447 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3448 	int err;
3449 
3450 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3451 		if (cfg->int_escan_map)
3452 			brcmf_dbg(SCAN, "aborting internal scan: map=%u\n",
3453 				  cfg->int_escan_map);
3454 		/* Abort any on-going scan */
3455 		brcmf_abort_scanning(cfg);
3456 	}
3457 
3458 	brcmf_dbg(SCAN, "start internal scan: map=%u\n", fwmap);
3459 	set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3460 	cfg->escan_info.run = brcmf_run_escan;
3461 	err = brcmf_do_escan(ifp, request);
3462 	if (err) {
3463 		clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3464 		return err;
3465 	}
3466 	cfg->int_escan_map = fwmap;
3467 	return 0;
3468 }
3469 
3470 static struct brcmf_pno_net_info_le *
brcmf_get_netinfo_array(struct brcmf_pno_scanresults_le * pfn_v1)3471 brcmf_get_netinfo_array(struct brcmf_pno_scanresults_le *pfn_v1)
3472 {
3473 	struct brcmf_pno_scanresults_v2_le *pfn_v2;
3474 	struct brcmf_pno_net_info_le *netinfo;
3475 
3476 	switch (pfn_v1->version) {
3477 	default:
3478 		WARN_ON(1);
3479 		fallthrough;
3480 	case cpu_to_le32(1):
3481 		netinfo = (struct brcmf_pno_net_info_le *)(pfn_v1 + 1);
3482 		break;
3483 	case cpu_to_le32(2):
3484 		pfn_v2 = (struct brcmf_pno_scanresults_v2_le *)pfn_v1;
3485 		netinfo = (struct brcmf_pno_net_info_le *)(pfn_v2 + 1);
3486 		break;
3487 	}
3488 
3489 	return netinfo;
3490 }
3491 
3492 /* PFN result doesn't have all the info which are required by the supplicant
3493  * (For e.g IEs) Do a target Escan so that sched scan results are reported
3494  * via wl_inform_single_bss in the required format. Escan does require the
3495  * scan request in the form of cfg80211_scan_request. For timebeing, create
3496  * cfg80211_scan_request one out of the received PNO event.
3497  */
3498 static s32
brcmf_notify_sched_scan_results(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)3499 brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
3500 				const struct brcmf_event_msg *e, void *data)
3501 {
3502 	struct brcmf_pub *drvr = ifp->drvr;
3503 	struct brcmf_cfg80211_info *cfg = drvr->config;
3504 	struct brcmf_pno_net_info_le *netinfo, *netinfo_start;
3505 	struct cfg80211_scan_request *request = NULL;
3506 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
3507 	int i, err = 0;
3508 	struct brcmf_pno_scanresults_le *pfn_result;
3509 	u32 bucket_map;
3510 	u32 result_count;
3511 	u32 status;
3512 	u32 datalen;
3513 
3514 	brcmf_dbg(SCAN, "Enter\n");
3515 
3516 	if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3517 		brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3518 		return 0;
3519 	}
3520 
3521 	if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3522 		brcmf_dbg(SCAN, "PFN NET LOST event. Do Nothing\n");
3523 		return 0;
3524 	}
3525 
3526 	pfn_result = (struct brcmf_pno_scanresults_le *)data;
3527 	result_count = le32_to_cpu(pfn_result->count);
3528 	status = le32_to_cpu(pfn_result->status);
3529 
3530 	/* PFN event is limited to fit 512 bytes so we may get
3531 	 * multiple NET_FOUND events. For now place a warning here.
3532 	 */
3533 	WARN_ON(status != BRCMF_PNO_SCAN_COMPLETE);
3534 	brcmf_dbg(SCAN, "PFN NET FOUND event. count: %d\n", result_count);
3535 	if (!result_count) {
3536 		bphy_err(drvr, "FALSE PNO Event. (pfn_count == 0)\n");
3537 		goto out_err;
3538 	}
3539 
3540 	netinfo_start = brcmf_get_netinfo_array(pfn_result);
3541 	datalen = e->datalen - ((void *)netinfo_start - (void *)pfn_result);
3542 	if (datalen < result_count * sizeof(*netinfo)) {
3543 		bphy_err(drvr, "insufficient event data\n");
3544 		goto out_err;
3545 	}
3546 
3547 	request = brcmf_alloc_internal_escan_request(wiphy,
3548 						     result_count);
3549 	if (!request) {
3550 		err = -ENOMEM;
3551 		goto out_err;
3552 	}
3553 
3554 	bucket_map = 0;
3555 	for (i = 0; i < result_count; i++) {
3556 		netinfo = &netinfo_start[i];
3557 
3558 		if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3559 			netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3560 		brcmf_dbg(SCAN, "SSID:%.32s Channel:%d\n",
3561 			  netinfo->SSID, netinfo->channel);
3562 		bucket_map |= brcmf_pno_get_bucket_map(cfg->pno, netinfo);
3563 		err = brcmf_internal_escan_add_info(request,
3564 						    netinfo->SSID,
3565 						    netinfo->SSID_len,
3566 						    netinfo->channel);
3567 		if (err)
3568 			goto out_err;
3569 	}
3570 
3571 	if (!bucket_map)
3572 		goto free_req;
3573 
3574 	err = brcmf_start_internal_escan(ifp, bucket_map, request);
3575 	if (!err)
3576 		goto free_req;
3577 
3578 out_err:
3579 	cfg80211_sched_scan_stopped(wiphy, 0);
3580 free_req:
3581 	kfree(request);
3582 	return err;
3583 }
3584 
3585 static int
brcmf_cfg80211_sched_scan_start(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_sched_scan_request * req)3586 brcmf_cfg80211_sched_scan_start(struct wiphy *wiphy,
3587 				struct net_device *ndev,
3588 				struct cfg80211_sched_scan_request *req)
3589 {
3590 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3591 	struct brcmf_if *ifp = netdev_priv(ndev);
3592 	struct brcmf_pub *drvr = cfg->pub;
3593 
3594 	brcmf_dbg(SCAN, "Enter: n_match_sets=%d n_ssids=%d\n",
3595 		  req->n_match_sets, req->n_ssids);
3596 
3597 	if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
3598 		bphy_err(drvr, "Scanning suppressed: status=%lu\n",
3599 			 cfg->scan_status);
3600 		return -EAGAIN;
3601 	}
3602 
3603 	if (req->n_match_sets <= 0) {
3604 		brcmf_dbg(SCAN, "invalid number of matchsets specified: %d\n",
3605 			  req->n_match_sets);
3606 		return -EINVAL;
3607 	}
3608 
3609 	return brcmf_pno_start_sched_scan(ifp, req);
3610 }
3611 
brcmf_cfg80211_sched_scan_stop(struct wiphy * wiphy,struct net_device * ndev,u64 reqid)3612 static int brcmf_cfg80211_sched_scan_stop(struct wiphy *wiphy,
3613 					  struct net_device *ndev, u64 reqid)
3614 {
3615 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3616 	struct brcmf_if *ifp = netdev_priv(ndev);
3617 
3618 	brcmf_dbg(SCAN, "enter\n");
3619 	brcmf_pno_stop_sched_scan(ifp, reqid);
3620 	if (cfg->int_escan_map)
3621 		brcmf_notify_escan_complete(cfg, ifp, true, true);
3622 	return 0;
3623 }
3624 
brcmf_delay(u32 ms)3625 static __always_inline void brcmf_delay(u32 ms)
3626 {
3627 	if (ms < 1000 / HZ) {
3628 		cond_resched();
3629 		mdelay(ms);
3630 	} else {
3631 		msleep(ms);
3632 	}
3633 }
3634 
brcmf_config_wowl_pattern(struct brcmf_if * ifp,u8 cmd[4],u8 * pattern,u32 patternsize,u8 * mask,u32 packet_offset)3635 static s32 brcmf_config_wowl_pattern(struct brcmf_if *ifp, u8 cmd[4],
3636 				     u8 *pattern, u32 patternsize, u8 *mask,
3637 				     u32 packet_offset)
3638 {
3639 	struct brcmf_fil_wowl_pattern_le *filter;
3640 	u32 masksize;
3641 	u32 patternoffset;
3642 	u8 *buf;
3643 	u32 bufsize;
3644 	s32 ret;
3645 
3646 	masksize = (patternsize + 7) / 8;
3647 	patternoffset = sizeof(*filter) - sizeof(filter->cmd) + masksize;
3648 
3649 	bufsize = sizeof(*filter) + patternsize + masksize;
3650 	buf = kzalloc(bufsize, GFP_KERNEL);
3651 	if (!buf)
3652 		return -ENOMEM;
3653 	filter = (struct brcmf_fil_wowl_pattern_le *)buf;
3654 
3655 	memcpy(filter->cmd, cmd, 4);
3656 	filter->masksize = cpu_to_le32(masksize);
3657 	filter->offset = cpu_to_le32(packet_offset);
3658 	filter->patternoffset = cpu_to_le32(patternoffset);
3659 	filter->patternsize = cpu_to_le32(patternsize);
3660 	filter->type = cpu_to_le32(BRCMF_WOWL_PATTERN_TYPE_BITMAP);
3661 
3662 	if ((mask) && (masksize))
3663 		memcpy(buf + sizeof(*filter), mask, masksize);
3664 	if ((pattern) && (patternsize))
3665 		memcpy(buf + sizeof(*filter) + masksize, pattern, patternsize);
3666 
3667 	ret = brcmf_fil_iovar_data_set(ifp, "wowl_pattern", buf, bufsize);
3668 
3669 	kfree(buf);
3670 	return ret;
3671 }
3672 
3673 static s32
brcmf_wowl_nd_results(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)3674 brcmf_wowl_nd_results(struct brcmf_if *ifp, const struct brcmf_event_msg *e,
3675 		      void *data)
3676 {
3677 	struct brcmf_pub *drvr = ifp->drvr;
3678 	struct brcmf_cfg80211_info *cfg = drvr->config;
3679 	struct brcmf_pno_scanresults_le *pfn_result;
3680 	struct brcmf_pno_net_info_le *netinfo;
3681 
3682 	brcmf_dbg(SCAN, "Enter\n");
3683 
3684 	if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3685 		brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3686 		return 0;
3687 	}
3688 
3689 	pfn_result = (struct brcmf_pno_scanresults_le *)data;
3690 
3691 	if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3692 		brcmf_dbg(SCAN, "PFN NET LOST event. Ignore\n");
3693 		return 0;
3694 	}
3695 
3696 	if (le32_to_cpu(pfn_result->count) < 1) {
3697 		bphy_err(drvr, "Invalid result count, expected 1 (%d)\n",
3698 			 le32_to_cpu(pfn_result->count));
3699 		return -EINVAL;
3700 	}
3701 
3702 	netinfo = brcmf_get_netinfo_array(pfn_result);
3703 	if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3704 		netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3705 	memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len);
3706 	cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len;
3707 	cfg->wowl.nd->n_channels = 1;
3708 	cfg->wowl.nd->channels[0] =
3709 		ieee80211_channel_to_frequency(netinfo->channel,
3710 			netinfo->channel <= CH_MAX_2G_CHANNEL ?
3711 					NL80211_BAND_2GHZ : NL80211_BAND_5GHZ);
3712 	cfg->wowl.nd_info->n_matches = 1;
3713 	cfg->wowl.nd_info->matches[0] = cfg->wowl.nd;
3714 
3715 	/* Inform (the resume task) that the net detect information was recvd */
3716 	cfg->wowl.nd_data_completed = true;
3717 	wake_up(&cfg->wowl.nd_data_wait);
3718 
3719 	return 0;
3720 }
3721 
3722 #ifdef CONFIG_PM
3723 
brcmf_report_wowl_wakeind(struct wiphy * wiphy,struct brcmf_if * ifp)3724 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3725 {
3726 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3727 	struct brcmf_pub *drvr = cfg->pub;
3728 	struct brcmf_wowl_wakeind_le wake_ind_le;
3729 	struct cfg80211_wowlan_wakeup wakeup_data;
3730 	struct cfg80211_wowlan_wakeup *wakeup;
3731 	u32 wakeind;
3732 	s32 err;
3733 	int timeout;
3734 
3735 	err = brcmf_fil_iovar_data_get(ifp, "wowl_wakeind", &wake_ind_le,
3736 				       sizeof(wake_ind_le));
3737 	if (err) {
3738 		bphy_err(drvr, "Get wowl_wakeind failed, err = %d\n", err);
3739 		return;
3740 	}
3741 
3742 	wakeind = le32_to_cpu(wake_ind_le.ucode_wakeind);
3743 	if (wakeind & (BRCMF_WOWL_MAGIC | BRCMF_WOWL_DIS | BRCMF_WOWL_BCN |
3744 		       BRCMF_WOWL_RETR | BRCMF_WOWL_NET |
3745 		       BRCMF_WOWL_PFN_FOUND)) {
3746 		wakeup = &wakeup_data;
3747 		memset(&wakeup_data, 0, sizeof(wakeup_data));
3748 		wakeup_data.pattern_idx = -1;
3749 
3750 		if (wakeind & BRCMF_WOWL_MAGIC) {
3751 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_MAGIC\n");
3752 			wakeup_data.magic_pkt = true;
3753 		}
3754 		if (wakeind & BRCMF_WOWL_DIS) {
3755 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_DIS\n");
3756 			wakeup_data.disconnect = true;
3757 		}
3758 		if (wakeind & BRCMF_WOWL_BCN) {
3759 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_BCN\n");
3760 			wakeup_data.disconnect = true;
3761 		}
3762 		if (wakeind & BRCMF_WOWL_RETR) {
3763 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_RETR\n");
3764 			wakeup_data.disconnect = true;
3765 		}
3766 		if (wakeind & BRCMF_WOWL_NET) {
3767 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_NET\n");
3768 			/* For now always map to pattern 0, no API to get
3769 			 * correct information available at the moment.
3770 			 */
3771 			wakeup_data.pattern_idx = 0;
3772 		}
3773 		if (wakeind & BRCMF_WOWL_PFN_FOUND) {
3774 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_PFN_FOUND\n");
3775 			timeout = wait_event_timeout(cfg->wowl.nd_data_wait,
3776 				cfg->wowl.nd_data_completed,
3777 				BRCMF_ND_INFO_TIMEOUT);
3778 			if (!timeout)
3779 				bphy_err(drvr, "No result for wowl net detect\n");
3780 			else
3781 				wakeup_data.net_detect = cfg->wowl.nd_info;
3782 		}
3783 		if (wakeind & BRCMF_WOWL_GTK_FAILURE) {
3784 			brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_GTK_FAILURE\n");
3785 			wakeup_data.gtk_rekey_failure = true;
3786 		}
3787 	} else {
3788 		wakeup = NULL;
3789 	}
3790 	cfg80211_report_wowlan_wakeup(&ifp->vif->wdev, wakeup, GFP_KERNEL);
3791 }
3792 
3793 #else
3794 
brcmf_report_wowl_wakeind(struct wiphy * wiphy,struct brcmf_if * ifp)3795 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3796 {
3797 }
3798 
3799 #endif /* CONFIG_PM */
3800 
brcmf_cfg80211_resume(struct wiphy * wiphy)3801 static s32 brcmf_cfg80211_resume(struct wiphy *wiphy)
3802 {
3803 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3804 	struct net_device *ndev = cfg_to_ndev(cfg);
3805 	struct brcmf_if *ifp = netdev_priv(ndev);
3806 
3807 	brcmf_dbg(TRACE, "Enter\n");
3808 
3809 	if (cfg->wowl.active) {
3810 		brcmf_report_wowl_wakeind(wiphy, ifp);
3811 		brcmf_fil_iovar_int_set(ifp, "wowl_clear", 0);
3812 		brcmf_config_wowl_pattern(ifp, "clr", NULL, 0, NULL, 0);
3813 		if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3814 			brcmf_configure_arp_nd_offload(ifp, true);
3815 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM,
3816 				      cfg->wowl.pre_pmmode);
3817 		cfg->wowl.active = false;
3818 		if (cfg->wowl.nd_enabled) {
3819 			brcmf_cfg80211_sched_scan_stop(cfg->wiphy, ifp->ndev, 0);
3820 			brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3821 			brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3822 					    brcmf_notify_sched_scan_results);
3823 			cfg->wowl.nd_enabled = false;
3824 		}
3825 	}
3826 	return 0;
3827 }
3828 
brcmf_configure_wowl(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp,struct cfg80211_wowlan * wowl)3829 static void brcmf_configure_wowl(struct brcmf_cfg80211_info *cfg,
3830 				 struct brcmf_if *ifp,
3831 				 struct cfg80211_wowlan *wowl)
3832 {
3833 	u32 wowl_config;
3834 	struct brcmf_wowl_wakeind_le wowl_wakeind;
3835 	u32 i;
3836 
3837 	brcmf_dbg(TRACE, "Suspend, wowl config.\n");
3838 
3839 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3840 		brcmf_configure_arp_nd_offload(ifp, false);
3841 	brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_PM, &cfg->wowl.pre_pmmode);
3842 	brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, PM_MAX);
3843 
3844 	wowl_config = 0;
3845 	if (wowl->disconnect)
3846 		wowl_config = BRCMF_WOWL_DIS | BRCMF_WOWL_BCN | BRCMF_WOWL_RETR;
3847 	if (wowl->magic_pkt)
3848 		wowl_config |= BRCMF_WOWL_MAGIC;
3849 	if ((wowl->patterns) && (wowl->n_patterns)) {
3850 		wowl_config |= BRCMF_WOWL_NET;
3851 		for (i = 0; i < wowl->n_patterns; i++) {
3852 			brcmf_config_wowl_pattern(ifp, "add",
3853 				(u8 *)wowl->patterns[i].pattern,
3854 				wowl->patterns[i].pattern_len,
3855 				(u8 *)wowl->patterns[i].mask,
3856 				wowl->patterns[i].pkt_offset);
3857 		}
3858 	}
3859 	if (wowl->nd_config) {
3860 		brcmf_cfg80211_sched_scan_start(cfg->wiphy, ifp->ndev,
3861 						wowl->nd_config);
3862 		wowl_config |= BRCMF_WOWL_PFN_FOUND;
3863 
3864 		cfg->wowl.nd_data_completed = false;
3865 		cfg->wowl.nd_enabled = true;
3866 		/* Now reroute the event for PFN to the wowl function. */
3867 		brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3868 		brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3869 				    brcmf_wowl_nd_results);
3870 	}
3871 	if (wowl->gtk_rekey_failure)
3872 		wowl_config |= BRCMF_WOWL_GTK_FAILURE;
3873 	if (!test_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state))
3874 		wowl_config |= BRCMF_WOWL_UNASSOC;
3875 
3876 	memcpy(&wowl_wakeind, "clear", 6);
3877 	brcmf_fil_iovar_data_set(ifp, "wowl_wakeind", &wowl_wakeind,
3878 				 sizeof(wowl_wakeind));
3879 	brcmf_fil_iovar_int_set(ifp, "wowl", wowl_config);
3880 	brcmf_fil_iovar_int_set(ifp, "wowl_activate", 1);
3881 	brcmf_bus_wowl_config(cfg->pub->bus_if, true);
3882 	cfg->wowl.active = true;
3883 }
3884 
brcmf_keepalive_start(struct brcmf_if * ifp,unsigned int interval)3885 static int brcmf_keepalive_start(struct brcmf_if *ifp, unsigned int interval)
3886 {
3887 	struct brcmf_mkeep_alive_pkt_le kalive = {0};
3888 	int ret = 0;
3889 
3890 	/* Configure Null function/data keepalive */
3891 	kalive.version = cpu_to_le16(1);
3892 	kalive.period_msec = cpu_to_le32(interval * MSEC_PER_SEC);
3893 	kalive.len_bytes = cpu_to_le16(0);
3894 	kalive.keep_alive_id = 0;
3895 
3896 	ret = brcmf_fil_iovar_data_set(ifp, "mkeep_alive", &kalive, sizeof(kalive));
3897 	if (ret)
3898 		brcmf_err("keep-alive packet config failed, ret=%d\n", ret);
3899 
3900 	return ret;
3901 }
3902 
brcmf_cfg80211_suspend(struct wiphy * wiphy,struct cfg80211_wowlan * wowl)3903 static s32 brcmf_cfg80211_suspend(struct wiphy *wiphy,
3904 				  struct cfg80211_wowlan *wowl)
3905 {
3906 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3907 	struct net_device *ndev = cfg_to_ndev(cfg);
3908 	struct brcmf_if *ifp = netdev_priv(ndev);
3909 	struct brcmf_cfg80211_vif *vif;
3910 
3911 	brcmf_dbg(TRACE, "Enter\n");
3912 
3913 	/* if the primary net_device is not READY there is nothing
3914 	 * we can do but pray resume goes smoothly.
3915 	 */
3916 	if (!check_vif_up(ifp->vif))
3917 		goto exit;
3918 
3919 	/* Stop scheduled scan */
3920 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO))
3921 		brcmf_cfg80211_sched_scan_stop(wiphy, ndev, 0);
3922 
3923 	/* end any scanning */
3924 	if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
3925 		brcmf_abort_scanning(cfg);
3926 
3927 	if (wowl == NULL) {
3928 		brcmf_bus_wowl_config(cfg->pub->bus_if, false);
3929 		list_for_each_entry(vif, &cfg->vif_list, list) {
3930 			if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state))
3931 				continue;
3932 			/* While going to suspend if associated with AP
3933 			 * disassociate from AP to save power while system is
3934 			 * in suspended state
3935 			 */
3936 			brcmf_link_down(vif, WLAN_REASON_UNSPECIFIED, true);
3937 			/* Make sure WPA_Supplicant receives all the event
3938 			 * generated due to DISASSOC call to the fw to keep
3939 			 * the state fw and WPA_Supplicant state consistent
3940 			 */
3941 			brcmf_delay(500);
3942 		}
3943 		/* Configure MPC */
3944 		brcmf_set_mpc(ifp, 1);
3945 
3946 	} else {
3947 		/* Configure WOWL paramaters */
3948 		brcmf_configure_wowl(cfg, ifp, wowl);
3949 
3950 		/* Prevent disassociation due to inactivity with keep-alive */
3951 		brcmf_keepalive_start(ifp, 30);
3952 	}
3953 
3954 exit:
3955 	brcmf_dbg(TRACE, "Exit\n");
3956 	/* clear any scanning activity */
3957 	cfg->scan_status = 0;
3958 	return 0;
3959 }
3960 
3961 static __used s32
brcmf_update_pmklist(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp)3962 brcmf_update_pmklist(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp)
3963 {
3964 	struct brcmf_pmk_list_le *pmk_list;
3965 	int i;
3966 	u32 npmk;
3967 
3968 	pmk_list = &cfg->pmk_list;
3969 	npmk = le32_to_cpu(pmk_list->npmk);
3970 
3971 	brcmf_dbg(CONN, "No of elements %d\n", npmk);
3972 	for (i = 0; i < npmk; i++)
3973 		brcmf_dbg(CONN, "PMK[%d]: %pM\n", i, &pmk_list->pmk[i].bssid);
3974 
3975 	return brcmf_fil_iovar_data_set(ifp, "pmkid_info", pmk_list,
3976 			sizeof(*pmk_list));
3977 }
3978 
3979 static s32
brcmf_cfg80211_set_pmksa(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_pmksa * pmksa)3980 brcmf_cfg80211_set_pmksa(struct wiphy *wiphy, struct net_device *ndev,
3981 			 struct cfg80211_pmksa *pmksa)
3982 {
3983 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3984 	struct brcmf_if *ifp = netdev_priv(ndev);
3985 	struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
3986 	struct brcmf_pub *drvr = cfg->pub;
3987 	s32 err;
3988 	u32 npmk, i;
3989 
3990 	brcmf_dbg(TRACE, "Enter\n");
3991 	if (!check_vif_up(ifp->vif))
3992 		return -EIO;
3993 
3994 	npmk = le32_to_cpu(cfg->pmk_list.npmk);
3995 	for (i = 0; i < npmk; i++)
3996 		if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
3997 			break;
3998 	if (i < BRCMF_MAXPMKID) {
3999 		memcpy(pmk[i].bssid, pmksa->bssid, ETH_ALEN);
4000 		memcpy(pmk[i].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
4001 		if (i == npmk) {
4002 			npmk++;
4003 			cfg->pmk_list.npmk = cpu_to_le32(npmk);
4004 		}
4005 	} else {
4006 		bphy_err(drvr, "Too many PMKSA entries cached %d\n", npmk);
4007 		return -EINVAL;
4008 	}
4009 
4010 	brcmf_dbg(CONN, "set_pmksa - PMK bssid: %pM =\n", pmk[npmk].bssid);
4011 	brcmf_dbg(CONN, "%*ph\n", WLAN_PMKID_LEN, pmk[npmk].pmkid);
4012 
4013 	err = brcmf_update_pmklist(cfg, ifp);
4014 
4015 	brcmf_dbg(TRACE, "Exit\n");
4016 	return err;
4017 }
4018 
4019 static s32
brcmf_cfg80211_del_pmksa(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_pmksa * pmksa)4020 brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
4021 			 struct cfg80211_pmksa *pmksa)
4022 {
4023 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4024 	struct brcmf_if *ifp = netdev_priv(ndev);
4025 	struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
4026 	struct brcmf_pub *drvr = cfg->pub;
4027 	s32 err;
4028 	u32 npmk, i;
4029 
4030 	brcmf_dbg(TRACE, "Enter\n");
4031 	if (!check_vif_up(ifp->vif))
4032 		return -EIO;
4033 
4034 	brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid);
4035 
4036 	npmk = le32_to_cpu(cfg->pmk_list.npmk);
4037 	for (i = 0; i < npmk; i++)
4038 		if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
4039 			break;
4040 
4041 	if ((npmk > 0) && (i < npmk)) {
4042 		for (; i < (npmk - 1); i++) {
4043 			memcpy(&pmk[i].bssid, &pmk[i + 1].bssid, ETH_ALEN);
4044 			memcpy(&pmk[i].pmkid, &pmk[i + 1].pmkid,
4045 			       WLAN_PMKID_LEN);
4046 		}
4047 		memset(&pmk[i], 0, sizeof(*pmk));
4048 		cfg->pmk_list.npmk = cpu_to_le32(npmk - 1);
4049 	} else {
4050 		bphy_err(drvr, "Cache entry not found\n");
4051 		return -EINVAL;
4052 	}
4053 
4054 	err = brcmf_update_pmklist(cfg, ifp);
4055 
4056 	brcmf_dbg(TRACE, "Exit\n");
4057 	return err;
4058 
4059 }
4060 
4061 static s32
brcmf_cfg80211_flush_pmksa(struct wiphy * wiphy,struct net_device * ndev)4062 brcmf_cfg80211_flush_pmksa(struct wiphy *wiphy, struct net_device *ndev)
4063 {
4064 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4065 	struct brcmf_if *ifp = netdev_priv(ndev);
4066 	s32 err;
4067 
4068 	brcmf_dbg(TRACE, "Enter\n");
4069 	if (!check_vif_up(ifp->vif))
4070 		return -EIO;
4071 
4072 	memset(&cfg->pmk_list, 0, sizeof(cfg->pmk_list));
4073 	err = brcmf_update_pmklist(cfg, ifp);
4074 
4075 	brcmf_dbg(TRACE, "Exit\n");
4076 	return err;
4077 
4078 }
4079 
brcmf_configure_opensecurity(struct brcmf_if * ifp)4080 static s32 brcmf_configure_opensecurity(struct brcmf_if *ifp)
4081 {
4082 	struct brcmf_pub *drvr = ifp->drvr;
4083 	s32 err;
4084 	s32 wpa_val;
4085 
4086 	/* set auth */
4087 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", 0);
4088 	if (err < 0) {
4089 		bphy_err(drvr, "auth error %d\n", err);
4090 		return err;
4091 	}
4092 	/* set wsec */
4093 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", 0);
4094 	if (err < 0) {
4095 		bphy_err(drvr, "wsec error %d\n", err);
4096 		return err;
4097 	}
4098 	/* set upper-layer auth */
4099 	if (brcmf_is_ibssmode(ifp->vif))
4100 		wpa_val = WPA_AUTH_NONE;
4101 	else
4102 		wpa_val = WPA_AUTH_DISABLED;
4103 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_val);
4104 	if (err < 0) {
4105 		bphy_err(drvr, "wpa_auth error %d\n", err);
4106 		return err;
4107 	}
4108 
4109 	return 0;
4110 }
4111 
brcmf_valid_wpa_oui(u8 * oui,bool is_rsn_ie)4112 static bool brcmf_valid_wpa_oui(u8 *oui, bool is_rsn_ie)
4113 {
4114 	if (is_rsn_ie)
4115 		return (memcmp(oui, RSN_OUI, TLV_OUI_LEN) == 0);
4116 
4117 	return (memcmp(oui, WPA_OUI, TLV_OUI_LEN) == 0);
4118 }
4119 
4120 static s32
brcmf_configure_wpaie(struct brcmf_if * ifp,const struct brcmf_vs_tlv * wpa_ie,bool is_rsn_ie)4121 brcmf_configure_wpaie(struct brcmf_if *ifp,
4122 		      const struct brcmf_vs_tlv *wpa_ie,
4123 		      bool is_rsn_ie)
4124 {
4125 	struct brcmf_pub *drvr = ifp->drvr;
4126 	u32 auth = 0; /* d11 open authentication */
4127 	u16 count;
4128 	s32 err = 0;
4129 	s32 len;
4130 	u32 i;
4131 	u32 wsec;
4132 	u32 pval = 0;
4133 	u32 gval = 0;
4134 	u32 wpa_auth = 0;
4135 	u32 offset;
4136 	u8 *data;
4137 	u16 rsn_cap;
4138 	u32 wme_bss_disable;
4139 	u32 mfp;
4140 
4141 	brcmf_dbg(TRACE, "Enter\n");
4142 	if (wpa_ie == NULL)
4143 		goto exit;
4144 
4145 	len = wpa_ie->len + TLV_HDR_LEN;
4146 	data = (u8 *)wpa_ie;
4147 	offset = TLV_HDR_LEN;
4148 	if (!is_rsn_ie)
4149 		offset += VS_IE_FIXED_HDR_LEN;
4150 	else
4151 		offset += WPA_IE_VERSION_LEN;
4152 
4153 	/* check for multicast cipher suite */
4154 	if (offset + WPA_IE_MIN_OUI_LEN > len) {
4155 		err = -EINVAL;
4156 		bphy_err(drvr, "no multicast cipher suite\n");
4157 		goto exit;
4158 	}
4159 
4160 	if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4161 		err = -EINVAL;
4162 		bphy_err(drvr, "ivalid OUI\n");
4163 		goto exit;
4164 	}
4165 	offset += TLV_OUI_LEN;
4166 
4167 	/* pick up multicast cipher */
4168 	switch (data[offset]) {
4169 	case WPA_CIPHER_NONE:
4170 		gval = 0;
4171 		break;
4172 	case WPA_CIPHER_WEP_40:
4173 	case WPA_CIPHER_WEP_104:
4174 		gval = WEP_ENABLED;
4175 		break;
4176 	case WPA_CIPHER_TKIP:
4177 		gval = TKIP_ENABLED;
4178 		break;
4179 	case WPA_CIPHER_AES_CCM:
4180 		gval = AES_ENABLED;
4181 		break;
4182 	default:
4183 		err = -EINVAL;
4184 		bphy_err(drvr, "Invalid multi cast cipher info\n");
4185 		goto exit;
4186 	}
4187 
4188 	offset++;
4189 	/* walk thru unicast cipher list and pick up what we recognize */
4190 	count = data[offset] + (data[offset + 1] << 8);
4191 	offset += WPA_IE_SUITE_COUNT_LEN;
4192 	/* Check for unicast suite(s) */
4193 	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4194 		err = -EINVAL;
4195 		bphy_err(drvr, "no unicast cipher suite\n");
4196 		goto exit;
4197 	}
4198 	for (i = 0; i < count; i++) {
4199 		if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4200 			err = -EINVAL;
4201 			bphy_err(drvr, "ivalid OUI\n");
4202 			goto exit;
4203 		}
4204 		offset += TLV_OUI_LEN;
4205 		switch (data[offset]) {
4206 		case WPA_CIPHER_NONE:
4207 			break;
4208 		case WPA_CIPHER_WEP_40:
4209 		case WPA_CIPHER_WEP_104:
4210 			pval |= WEP_ENABLED;
4211 			break;
4212 		case WPA_CIPHER_TKIP:
4213 			pval |= TKIP_ENABLED;
4214 			break;
4215 		case WPA_CIPHER_AES_CCM:
4216 			pval |= AES_ENABLED;
4217 			break;
4218 		default:
4219 			bphy_err(drvr, "Invalid unicast security info\n");
4220 		}
4221 		offset++;
4222 	}
4223 	/* walk thru auth management suite list and pick up what we recognize */
4224 	count = data[offset] + (data[offset + 1] << 8);
4225 	offset += WPA_IE_SUITE_COUNT_LEN;
4226 	/* Check for auth key management suite(s) */
4227 	if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4228 		err = -EINVAL;
4229 		bphy_err(drvr, "no auth key mgmt suite\n");
4230 		goto exit;
4231 	}
4232 	for (i = 0; i < count; i++) {
4233 		if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4234 			err = -EINVAL;
4235 			bphy_err(drvr, "ivalid OUI\n");
4236 			goto exit;
4237 		}
4238 		offset += TLV_OUI_LEN;
4239 		switch (data[offset]) {
4240 		case RSN_AKM_NONE:
4241 			brcmf_dbg(TRACE, "RSN_AKM_NONE\n");
4242 			wpa_auth |= WPA_AUTH_NONE;
4243 			break;
4244 		case RSN_AKM_UNSPECIFIED:
4245 			brcmf_dbg(TRACE, "RSN_AKM_UNSPECIFIED\n");
4246 			is_rsn_ie ? (wpa_auth |= WPA2_AUTH_UNSPECIFIED) :
4247 				    (wpa_auth |= WPA_AUTH_UNSPECIFIED);
4248 			break;
4249 		case RSN_AKM_PSK:
4250 			brcmf_dbg(TRACE, "RSN_AKM_PSK\n");
4251 			is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
4252 				    (wpa_auth |= WPA_AUTH_PSK);
4253 			break;
4254 		case RSN_AKM_SHA256_PSK:
4255 			brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
4256 			wpa_auth |= WPA2_AUTH_PSK_SHA256;
4257 			break;
4258 		case RSN_AKM_SHA256_1X:
4259 			brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
4260 			wpa_auth |= WPA2_AUTH_1X_SHA256;
4261 			break;
4262 		case RSN_AKM_SAE:
4263 			brcmf_dbg(TRACE, "RSN_AKM_SAE\n");
4264 			wpa_auth |= WPA3_AUTH_SAE_PSK;
4265 			break;
4266 		default:
4267 			bphy_err(drvr, "Invalid key mgmt info\n");
4268 		}
4269 		offset++;
4270 	}
4271 
4272 	mfp = BRCMF_MFP_NONE;
4273 	if (is_rsn_ie) {
4274 		wme_bss_disable = 1;
4275 		if ((offset + RSN_CAP_LEN) <= len) {
4276 			rsn_cap = data[offset] + (data[offset + 1] << 8);
4277 			if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
4278 				wme_bss_disable = 0;
4279 			if (rsn_cap & RSN_CAP_MFPR_MASK) {
4280 				brcmf_dbg(TRACE, "MFP Required\n");
4281 				mfp = BRCMF_MFP_REQUIRED;
4282 				/* Firmware only supports mfp required in
4283 				 * combination with WPA2_AUTH_PSK_SHA256,
4284 				 * WPA2_AUTH_1X_SHA256, or WPA3_AUTH_SAE_PSK.
4285 				 */
4286 				if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
4287 						  WPA2_AUTH_1X_SHA256 |
4288 						  WPA3_AUTH_SAE_PSK))) {
4289 					err = -EINVAL;
4290 					goto exit;
4291 				}
4292 				/* Firmware has requirement that WPA2_AUTH_PSK/
4293 				 * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
4294 				 * is to be included in the rsn ie.
4295 				 */
4296 				if (wpa_auth & WPA2_AUTH_PSK_SHA256)
4297 					wpa_auth |= WPA2_AUTH_PSK;
4298 				else if (wpa_auth & WPA2_AUTH_1X_SHA256)
4299 					wpa_auth |= WPA2_AUTH_UNSPECIFIED;
4300 			} else if (rsn_cap & RSN_CAP_MFPC_MASK) {
4301 				brcmf_dbg(TRACE, "MFP Capable\n");
4302 				mfp = BRCMF_MFP_CAPABLE;
4303 			}
4304 		}
4305 		offset += RSN_CAP_LEN;
4306 		/* set wme_bss_disable to sync RSN Capabilities */
4307 		err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
4308 					       wme_bss_disable);
4309 		if (err < 0) {
4310 			bphy_err(drvr, "wme_bss_disable error %d\n", err);
4311 			goto exit;
4312 		}
4313 
4314 		/* Skip PMKID cnt as it is know to be 0 for AP. */
4315 		offset += RSN_PMKID_COUNT_LEN;
4316 
4317 		/* See if there is BIP wpa suite left for MFP */
4318 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
4319 		    ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
4320 			err = brcmf_fil_bsscfg_data_set(ifp, "bip",
4321 							&data[offset],
4322 							WPA_IE_MIN_OUI_LEN);
4323 			if (err < 0) {
4324 				bphy_err(drvr, "bip error %d\n", err);
4325 				goto exit;
4326 			}
4327 		}
4328 	}
4329 	/* FOR WPS , set SES_OW_ENABLED */
4330 	wsec = (pval | gval | SES_OW_ENABLED);
4331 
4332 	/* set auth */
4333 	err = brcmf_fil_bsscfg_int_set(ifp, "auth", auth);
4334 	if (err < 0) {
4335 		bphy_err(drvr, "auth error %d\n", err);
4336 		goto exit;
4337 	}
4338 	/* set wsec */
4339 	err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
4340 	if (err < 0) {
4341 		bphy_err(drvr, "wsec error %d\n", err);
4342 		goto exit;
4343 	}
4344 	/* Configure MFP, this needs to go after wsec otherwise the wsec command
4345 	 * will overwrite the values set by MFP
4346 	 */
4347 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
4348 		err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
4349 		if (err < 0) {
4350 			bphy_err(drvr, "mfp error %d\n", err);
4351 			goto exit;
4352 		}
4353 	}
4354 	/* set upper-layer auth */
4355 	err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
4356 	if (err < 0) {
4357 		bphy_err(drvr, "wpa_auth error %d\n", err);
4358 		goto exit;
4359 	}
4360 
4361 exit:
4362 	return err;
4363 }
4364 
4365 static s32
brcmf_parse_vndr_ies(const u8 * vndr_ie_buf,u32 vndr_ie_len,struct parsed_vndr_ies * vndr_ies)4366 brcmf_parse_vndr_ies(const u8 *vndr_ie_buf, u32 vndr_ie_len,
4367 		     struct parsed_vndr_ies *vndr_ies)
4368 {
4369 	struct brcmf_vs_tlv *vndrie;
4370 	struct brcmf_tlv *ie;
4371 	struct parsed_vndr_ie_info *parsed_info;
4372 	s32 remaining_len;
4373 
4374 	remaining_len = (s32)vndr_ie_len;
4375 	memset(vndr_ies, 0, sizeof(*vndr_ies));
4376 
4377 	ie = (struct brcmf_tlv *)vndr_ie_buf;
4378 	while (ie) {
4379 		if (ie->id != WLAN_EID_VENDOR_SPECIFIC)
4380 			goto next;
4381 		vndrie = (struct brcmf_vs_tlv *)ie;
4382 		/* len should be bigger than OUI length + one */
4383 		if (vndrie->len < (VS_IE_FIXED_HDR_LEN - TLV_HDR_LEN + 1)) {
4384 			brcmf_err("invalid vndr ie. length is too small %d\n",
4385 				  vndrie->len);
4386 			goto next;
4387 		}
4388 		/* if wpa or wme ie, do not add ie */
4389 		if (!memcmp(vndrie->oui, (u8 *)WPA_OUI, TLV_OUI_LEN) &&
4390 		    ((vndrie->oui_type == WPA_OUI_TYPE) ||
4391 		    (vndrie->oui_type == WME_OUI_TYPE))) {
4392 			brcmf_dbg(TRACE, "Found WPA/WME oui. Do not add it\n");
4393 			goto next;
4394 		}
4395 
4396 		parsed_info = &vndr_ies->ie_info[vndr_ies->count];
4397 
4398 		/* save vndr ie information */
4399 		parsed_info->ie_ptr = (char *)vndrie;
4400 		parsed_info->ie_len = vndrie->len + TLV_HDR_LEN;
4401 		memcpy(&parsed_info->vndrie, vndrie, sizeof(*vndrie));
4402 
4403 		vndr_ies->count++;
4404 
4405 		brcmf_dbg(TRACE, "** OUI %3ph, type 0x%02x\n",
4406 			  parsed_info->vndrie.oui,
4407 			  parsed_info->vndrie.oui_type);
4408 
4409 		if (vndr_ies->count >= VNDR_IE_PARSE_LIMIT)
4410 			break;
4411 next:
4412 		remaining_len -= (ie->len + TLV_HDR_LEN);
4413 		if (remaining_len <= TLV_HDR_LEN)
4414 			ie = NULL;
4415 		else
4416 			ie = (struct brcmf_tlv *)(((u8 *)ie) + ie->len +
4417 				TLV_HDR_LEN);
4418 	}
4419 	return 0;
4420 }
4421 
4422 static u32
brcmf_vndr_ie(u8 * iebuf,s32 pktflag,u8 * ie_ptr,u32 ie_len,s8 * add_del_cmd)4423 brcmf_vndr_ie(u8 *iebuf, s32 pktflag, u8 *ie_ptr, u32 ie_len, s8 *add_del_cmd)
4424 {
4425 	strscpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN);
4426 
4427 	put_unaligned_le32(1, &iebuf[VNDR_IE_COUNT_OFFSET]);
4428 
4429 	put_unaligned_le32(pktflag, &iebuf[VNDR_IE_PKTFLAG_OFFSET]);
4430 
4431 	memcpy(&iebuf[VNDR_IE_VSIE_OFFSET], ie_ptr, ie_len);
4432 
4433 	return ie_len + VNDR_IE_HDR_SIZE;
4434 }
4435 
brcmf_vif_set_mgmt_ie(struct brcmf_cfg80211_vif * vif,s32 pktflag,const u8 * vndr_ie_buf,u32 vndr_ie_len)4436 s32 brcmf_vif_set_mgmt_ie(struct brcmf_cfg80211_vif *vif, s32 pktflag,
4437 			  const u8 *vndr_ie_buf, u32 vndr_ie_len)
4438 {
4439 	struct brcmf_pub *drvr;
4440 	struct brcmf_if *ifp;
4441 	struct vif_saved_ie *saved_ie;
4442 	s32 err = 0;
4443 	u8  *iovar_ie_buf;
4444 	u8  *curr_ie_buf;
4445 	u8  *mgmt_ie_buf = NULL;
4446 	int mgmt_ie_buf_len;
4447 	u32 *mgmt_ie_len;
4448 	u32 del_add_ie_buf_len = 0;
4449 	u32 total_ie_buf_len = 0;
4450 	u32 parsed_ie_buf_len = 0;
4451 	struct parsed_vndr_ies old_vndr_ies;
4452 	struct parsed_vndr_ies new_vndr_ies;
4453 	struct parsed_vndr_ie_info *vndrie_info;
4454 	s32 i;
4455 	u8 *ptr;
4456 	int remained_buf_len;
4457 
4458 	if (!vif)
4459 		return -ENODEV;
4460 	ifp = vif->ifp;
4461 	drvr = ifp->drvr;
4462 	saved_ie = &vif->saved_ie;
4463 
4464 	brcmf_dbg(TRACE, "bsscfgidx %d, pktflag : 0x%02X\n", ifp->bsscfgidx,
4465 		  pktflag);
4466 	iovar_ie_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
4467 	if (!iovar_ie_buf)
4468 		return -ENOMEM;
4469 	curr_ie_buf = iovar_ie_buf;
4470 	switch (pktflag) {
4471 	case BRCMF_VNDR_IE_PRBREQ_FLAG:
4472 		mgmt_ie_buf = saved_ie->probe_req_ie;
4473 		mgmt_ie_len = &saved_ie->probe_req_ie_len;
4474 		mgmt_ie_buf_len = sizeof(saved_ie->probe_req_ie);
4475 		break;
4476 	case BRCMF_VNDR_IE_PRBRSP_FLAG:
4477 		mgmt_ie_buf = saved_ie->probe_res_ie;
4478 		mgmt_ie_len = &saved_ie->probe_res_ie_len;
4479 		mgmt_ie_buf_len = sizeof(saved_ie->probe_res_ie);
4480 		break;
4481 	case BRCMF_VNDR_IE_BEACON_FLAG:
4482 		mgmt_ie_buf = saved_ie->beacon_ie;
4483 		mgmt_ie_len = &saved_ie->beacon_ie_len;
4484 		mgmt_ie_buf_len = sizeof(saved_ie->beacon_ie);
4485 		break;
4486 	case BRCMF_VNDR_IE_ASSOCREQ_FLAG:
4487 		mgmt_ie_buf = saved_ie->assoc_req_ie;
4488 		mgmt_ie_len = &saved_ie->assoc_req_ie_len;
4489 		mgmt_ie_buf_len = sizeof(saved_ie->assoc_req_ie);
4490 		break;
4491 	case BRCMF_VNDR_IE_ASSOCRSP_FLAG:
4492 		mgmt_ie_buf = saved_ie->assoc_res_ie;
4493 		mgmt_ie_len = &saved_ie->assoc_res_ie_len;
4494 		mgmt_ie_buf_len = sizeof(saved_ie->assoc_res_ie);
4495 		break;
4496 	default:
4497 		err = -EPERM;
4498 		bphy_err(drvr, "not suitable type\n");
4499 		goto exit;
4500 	}
4501 
4502 	if (vndr_ie_len > mgmt_ie_buf_len) {
4503 		err = -ENOMEM;
4504 		bphy_err(drvr, "extra IE size too big\n");
4505 		goto exit;
4506 	}
4507 
4508 	/* parse and save new vndr_ie in curr_ie_buff before comparing it */
4509 	if (vndr_ie_buf && vndr_ie_len && curr_ie_buf) {
4510 		ptr = curr_ie_buf;
4511 		brcmf_parse_vndr_ies(vndr_ie_buf, vndr_ie_len, &new_vndr_ies);
4512 		for (i = 0; i < new_vndr_ies.count; i++) {
4513 			vndrie_info = &new_vndr_ies.ie_info[i];
4514 			memcpy(ptr + parsed_ie_buf_len, vndrie_info->ie_ptr,
4515 			       vndrie_info->ie_len);
4516 			parsed_ie_buf_len += vndrie_info->ie_len;
4517 		}
4518 	}
4519 
4520 	if (mgmt_ie_buf && *mgmt_ie_len) {
4521 		if (parsed_ie_buf_len && (parsed_ie_buf_len == *mgmt_ie_len) &&
4522 		    (memcmp(mgmt_ie_buf, curr_ie_buf,
4523 			    parsed_ie_buf_len) == 0)) {
4524 			brcmf_dbg(TRACE, "Previous mgmt IE equals to current IE\n");
4525 			goto exit;
4526 		}
4527 
4528 		/* parse old vndr_ie */
4529 		brcmf_parse_vndr_ies(mgmt_ie_buf, *mgmt_ie_len, &old_vndr_ies);
4530 
4531 		/* make a command to delete old ie */
4532 		for (i = 0; i < old_vndr_ies.count; i++) {
4533 			vndrie_info = &old_vndr_ies.ie_info[i];
4534 
4535 			brcmf_dbg(TRACE, "DEL ID : %d, Len: %d , OUI:%3ph\n",
4536 				  vndrie_info->vndrie.id,
4537 				  vndrie_info->vndrie.len,
4538 				  vndrie_info->vndrie.oui);
4539 
4540 			del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4541 							   vndrie_info->ie_ptr,
4542 							   vndrie_info->ie_len,
4543 							   "del");
4544 			curr_ie_buf += del_add_ie_buf_len;
4545 			total_ie_buf_len += del_add_ie_buf_len;
4546 		}
4547 	}
4548 
4549 	*mgmt_ie_len = 0;
4550 	/* Add if there is any extra IE */
4551 	if (mgmt_ie_buf && parsed_ie_buf_len) {
4552 		ptr = mgmt_ie_buf;
4553 
4554 		remained_buf_len = mgmt_ie_buf_len;
4555 
4556 		/* make a command to add new ie */
4557 		for (i = 0; i < new_vndr_ies.count; i++) {
4558 			vndrie_info = &new_vndr_ies.ie_info[i];
4559 
4560 			/* verify remained buf size before copy data */
4561 			if (remained_buf_len < (vndrie_info->vndrie.len +
4562 							VNDR_IE_VSIE_OFFSET)) {
4563 				bphy_err(drvr, "no space in mgmt_ie_buf: len left %d",
4564 					 remained_buf_len);
4565 				break;
4566 			}
4567 			remained_buf_len -= (vndrie_info->ie_len +
4568 					     VNDR_IE_VSIE_OFFSET);
4569 
4570 			brcmf_dbg(TRACE, "ADDED ID : %d, Len: %d, OUI:%3ph\n",
4571 				  vndrie_info->vndrie.id,
4572 				  vndrie_info->vndrie.len,
4573 				  vndrie_info->vndrie.oui);
4574 
4575 			del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4576 							   vndrie_info->ie_ptr,
4577 							   vndrie_info->ie_len,
4578 							   "add");
4579 
4580 			/* save the parsed IE in wl struct */
4581 			memcpy(ptr + (*mgmt_ie_len), vndrie_info->ie_ptr,
4582 			       vndrie_info->ie_len);
4583 			*mgmt_ie_len += vndrie_info->ie_len;
4584 
4585 			curr_ie_buf += del_add_ie_buf_len;
4586 			total_ie_buf_len += del_add_ie_buf_len;
4587 		}
4588 	}
4589 	if (total_ie_buf_len) {
4590 		err  = brcmf_fil_bsscfg_data_set(ifp, "vndr_ie", iovar_ie_buf,
4591 						 total_ie_buf_len);
4592 		if (err)
4593 			bphy_err(drvr, "vndr ie set error : %d\n", err);
4594 	}
4595 
4596 exit:
4597 	kfree(iovar_ie_buf);
4598 	return err;
4599 }
4600 
brcmf_vif_clear_mgmt_ies(struct brcmf_cfg80211_vif * vif)4601 s32 brcmf_vif_clear_mgmt_ies(struct brcmf_cfg80211_vif *vif)
4602 {
4603 	static const s32 pktflags[] = {
4604 		BRCMF_VNDR_IE_PRBREQ_FLAG,
4605 		BRCMF_VNDR_IE_PRBRSP_FLAG,
4606 		BRCMF_VNDR_IE_BEACON_FLAG
4607 	};
4608 	int i;
4609 
4610 	for (i = 0; i < ARRAY_SIZE(pktflags); i++)
4611 		brcmf_vif_set_mgmt_ie(vif, pktflags[i], NULL, 0);
4612 
4613 	memset(&vif->saved_ie, 0, sizeof(vif->saved_ie));
4614 	return 0;
4615 }
4616 
4617 static s32
brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif * vif,struct cfg80211_beacon_data * beacon)4618 brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif *vif,
4619 			struct cfg80211_beacon_data *beacon)
4620 {
4621 	struct brcmf_pub *drvr = vif->ifp->drvr;
4622 	s32 err;
4623 
4624 	/* Set Beacon IEs to FW */
4625 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_BEACON_FLAG,
4626 				    beacon->tail, beacon->tail_len);
4627 	if (err) {
4628 		bphy_err(drvr, "Set Beacon IE Failed\n");
4629 		return err;
4630 	}
4631 	brcmf_dbg(TRACE, "Applied Vndr IEs for Beacon\n");
4632 
4633 	/* Set Probe Response IEs to FW */
4634 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBRSP_FLAG,
4635 				    beacon->proberesp_ies,
4636 				    beacon->proberesp_ies_len);
4637 	if (err)
4638 		bphy_err(drvr, "Set Probe Resp IE Failed\n");
4639 	else
4640 		brcmf_dbg(TRACE, "Applied Vndr IEs for Probe Resp\n");
4641 
4642 	/* Set Assoc Response IEs to FW */
4643 	err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_ASSOCRSP_FLAG,
4644 				    beacon->assocresp_ies,
4645 				    beacon->assocresp_ies_len);
4646 	if (err)
4647 		brcmf_err("Set Assoc Resp IE Failed\n");
4648 	else
4649 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc Resp\n");
4650 
4651 	return err;
4652 }
4653 
4654 static s32
brcmf_parse_configure_security(struct brcmf_if * ifp,struct cfg80211_ap_settings * settings,enum nl80211_iftype dev_role)4655 brcmf_parse_configure_security(struct brcmf_if *ifp,
4656 			       struct cfg80211_ap_settings *settings,
4657 			       enum nl80211_iftype dev_role)
4658 {
4659 	const struct brcmf_tlv *rsn_ie;
4660 	const struct brcmf_vs_tlv *wpa_ie;
4661 	s32 err = 0;
4662 
4663 	/* find the RSN_IE */
4664 	rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4665 				  settings->beacon.tail_len, WLAN_EID_RSN);
4666 
4667 	/* find the WPA_IE */
4668 	wpa_ie = brcmf_find_wpaie((u8 *)settings->beacon.tail,
4669 				  settings->beacon.tail_len);
4670 
4671 	if (wpa_ie || rsn_ie) {
4672 		brcmf_dbg(TRACE, "WPA(2) IE is found\n");
4673 		if (wpa_ie) {
4674 			/* WPA IE */
4675 			err = brcmf_configure_wpaie(ifp, wpa_ie, false);
4676 			if (err < 0)
4677 				return err;
4678 		} else {
4679 			struct brcmf_vs_tlv *tmp_ie;
4680 
4681 			tmp_ie = (struct brcmf_vs_tlv *)rsn_ie;
4682 
4683 			/* RSN IE */
4684 			err = brcmf_configure_wpaie(ifp, tmp_ie, true);
4685 			if (err < 0)
4686 				return err;
4687 		}
4688 	} else {
4689 		brcmf_dbg(TRACE, "No WPA(2) IEs found\n");
4690 		brcmf_configure_opensecurity(ifp);
4691 	}
4692 
4693 	return err;
4694 }
4695 
4696 static s32
brcmf_cfg80211_start_ap(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_ap_settings * settings)4697 brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
4698 			struct cfg80211_ap_settings *settings)
4699 {
4700 	s32 ie_offset;
4701 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4702 	struct brcmf_if *ifp = netdev_priv(ndev);
4703 	struct brcmf_pub *drvr = cfg->pub;
4704 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4705 	struct cfg80211_crypto_settings *crypto = &settings->crypto;
4706 	const struct brcmf_tlv *ssid_ie;
4707 	const struct brcmf_tlv *country_ie;
4708 	struct brcmf_ssid_le ssid_le;
4709 	s32 err = -EPERM;
4710 	struct brcmf_join_params join_params;
4711 	enum nl80211_iftype dev_role;
4712 	struct brcmf_fil_bss_enable_le bss_enable;
4713 	u16 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef);
4714 	bool mbss;
4715 	int is_11d;
4716 	bool supports_11d;
4717 
4718 	brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n",
4719 		  settings->chandef.chan->hw_value,
4720 		  settings->chandef.center_freq1, settings->chandef.width,
4721 		  settings->beacon_interval, settings->dtim_period);
4722 	brcmf_dbg(TRACE, "ssid=%s(%zu), auth_type=%d, inactivity_timeout=%d\n",
4723 		  settings->ssid, settings->ssid_len, settings->auth_type,
4724 		  settings->inactivity_timeout);
4725 	dev_role = ifp->vif->wdev.iftype;
4726 	mbss = ifp->vif->mbss;
4727 
4728 	/* store current 11d setting */
4729 	if (brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_REGULATORY,
4730 				  &ifp->vif->is_11d)) {
4731 		is_11d = supports_11d = false;
4732 	} else {
4733 		country_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4734 					      settings->beacon.tail_len,
4735 					      WLAN_EID_COUNTRY);
4736 		is_11d = country_ie ? 1 : 0;
4737 		supports_11d = true;
4738 	}
4739 
4740 	memset(&ssid_le, 0, sizeof(ssid_le));
4741 	if (settings->ssid == NULL || settings->ssid_len == 0) {
4742 		ie_offset = DOT11_MGMT_HDR_LEN + DOT11_BCN_PRB_FIXED_LEN;
4743 		ssid_ie = brcmf_parse_tlvs(
4744 				(u8 *)&settings->beacon.head[ie_offset],
4745 				settings->beacon.head_len - ie_offset,
4746 				WLAN_EID_SSID);
4747 		if (!ssid_ie || ssid_ie->len > IEEE80211_MAX_SSID_LEN)
4748 			return -EINVAL;
4749 
4750 		memcpy(ssid_le.SSID, ssid_ie->data, ssid_ie->len);
4751 		ssid_le.SSID_len = cpu_to_le32(ssid_ie->len);
4752 		brcmf_dbg(TRACE, "SSID is (%s) in Head\n", ssid_le.SSID);
4753 	} else {
4754 		memcpy(ssid_le.SSID, settings->ssid, settings->ssid_len);
4755 		ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len);
4756 	}
4757 
4758 	if (!mbss) {
4759 		brcmf_set_mpc(ifp, 0);
4760 		brcmf_configure_arp_nd_offload(ifp, false);
4761 	}
4762 
4763 	/* Parameters shared by all radio interfaces */
4764 	if (!mbss) {
4765 		if ((supports_11d) && (is_11d != ifp->vif->is_11d)) {
4766 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4767 						    is_11d);
4768 			if (err < 0) {
4769 				bphy_err(drvr, "Regulatory Set Error, %d\n",
4770 					 err);
4771 				goto exit;
4772 			}
4773 		}
4774 		if (settings->beacon_interval) {
4775 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
4776 						    settings->beacon_interval);
4777 			if (err < 0) {
4778 				bphy_err(drvr, "Beacon Interval Set Error, %d\n",
4779 					 err);
4780 				goto exit;
4781 			}
4782 		}
4783 		if (settings->dtim_period) {
4784 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
4785 						    settings->dtim_period);
4786 			if (err < 0) {
4787 				bphy_err(drvr, "DTIM Interval Set Error, %d\n",
4788 					 err);
4789 				goto exit;
4790 			}
4791 		}
4792 
4793 		if ((dev_role == NL80211_IFTYPE_AP) &&
4794 		    ((ifp->ifidx == 0) ||
4795 		     (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB) &&
4796 		      !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN)))) {
4797 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4798 			if (err < 0) {
4799 				bphy_err(drvr, "BRCMF_C_DOWN error %d\n",
4800 					 err);
4801 				goto exit;
4802 			}
4803 			brcmf_fil_iovar_int_set(ifp, "apsta", 0);
4804 		}
4805 
4806 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
4807 		if (err < 0) {
4808 			bphy_err(drvr, "SET INFRA error %d\n", err);
4809 			goto exit;
4810 		}
4811 	} else if (WARN_ON(supports_11d && (is_11d != ifp->vif->is_11d))) {
4812 		/* Multiple-BSS should use same 11d configuration */
4813 		err = -EINVAL;
4814 		goto exit;
4815 	}
4816 
4817 	/* Interface specific setup */
4818 	if (dev_role == NL80211_IFTYPE_AP) {
4819 		if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss))
4820 			brcmf_fil_iovar_int_set(ifp, "mbss", 1);
4821 
4822 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
4823 		if (err < 0) {
4824 			bphy_err(drvr, "setting AP mode failed %d\n",
4825 				 err);
4826 			goto exit;
4827 		}
4828 		if (!mbss) {
4829 			/* Firmware 10.x requires setting channel after enabling
4830 			 * AP and before bringing interface up.
4831 			 */
4832 			err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4833 			if (err < 0) {
4834 				bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4835 					 chanspec, err);
4836 				goto exit;
4837 			}
4838 		}
4839 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4840 		if (err < 0) {
4841 			bphy_err(drvr, "BRCMF_C_UP error (%d)\n", err);
4842 			goto exit;
4843 		}
4844 
4845 		if (crypto->psk) {
4846 			brcmf_dbg(INFO, "using PSK offload\n");
4847 			profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_PSK);
4848 			err = brcmf_set_pmk(ifp, crypto->psk,
4849 					    BRCMF_WSEC_MAX_PSK_LEN);
4850 			if (err < 0)
4851 				goto exit;
4852 		}
4853 		if (crypto->sae_pwd) {
4854 			brcmf_dbg(INFO, "using SAE offload\n");
4855 			profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE);
4856 			err = brcmf_set_sae_password(ifp, crypto->sae_pwd,
4857 						     crypto->sae_pwd_len);
4858 			if (err < 0)
4859 				goto exit;
4860 		}
4861 		if (profile->use_fwauth == 0)
4862 			profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4863 
4864 		err = brcmf_parse_configure_security(ifp, settings,
4865 						     NL80211_IFTYPE_AP);
4866 		if (err < 0) {
4867 			bphy_err(drvr, "brcmf_parse_configure_security error\n");
4868 			goto exit;
4869 		}
4870 
4871 		/* On DOWN the firmware removes the WEP keys, reconfigure
4872 		 * them if they were set.
4873 		 */
4874 		brcmf_cfg80211_reconfigure_wep(ifp);
4875 
4876 		memset(&join_params, 0, sizeof(join_params));
4877 		/* join parameters starts with ssid */
4878 		memcpy(&join_params.ssid_le, &ssid_le, sizeof(ssid_le));
4879 		/* create softap */
4880 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4881 					     &join_params, sizeof(join_params));
4882 		if (err < 0) {
4883 			bphy_err(drvr, "SET SSID error (%d)\n", err);
4884 			goto exit;
4885 		}
4886 
4887 		err = brcmf_fil_iovar_int_set(ifp, "closednet",
4888 					      settings->hidden_ssid);
4889 		if (err) {
4890 			bphy_err(drvr, "%s closednet error (%d)\n",
4891 				 settings->hidden_ssid ?
4892 				 "enabled" : "disabled",
4893 				 err);
4894 			goto exit;
4895 		}
4896 
4897 		brcmf_dbg(TRACE, "AP mode configuration complete\n");
4898 	} else if (dev_role == NL80211_IFTYPE_P2P_GO) {
4899 		err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4900 		if (err < 0) {
4901 			bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4902 				 chanspec, err);
4903 			goto exit;
4904 		}
4905 
4906 		err = brcmf_parse_configure_security(ifp, settings,
4907 						     NL80211_IFTYPE_P2P_GO);
4908 		if (err < 0) {
4909 			brcmf_err("brcmf_parse_configure_security error\n");
4910 			goto exit;
4911 		}
4912 
4913 		err = brcmf_fil_bsscfg_data_set(ifp, "ssid", &ssid_le,
4914 						sizeof(ssid_le));
4915 		if (err < 0) {
4916 			bphy_err(drvr, "setting ssid failed %d\n", err);
4917 			goto exit;
4918 		}
4919 		bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
4920 		bss_enable.enable = cpu_to_le32(1);
4921 		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
4922 					       sizeof(bss_enable));
4923 		if (err < 0) {
4924 			bphy_err(drvr, "bss_enable config failed %d\n", err);
4925 			goto exit;
4926 		}
4927 
4928 		brcmf_dbg(TRACE, "GO mode configuration complete\n");
4929 	} else {
4930 		WARN_ON(1);
4931 	}
4932 
4933 	brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon);
4934 	set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
4935 	brcmf_net_setcarrier(ifp, true);
4936 
4937 exit:
4938 	if ((err) && (!mbss)) {
4939 		brcmf_set_mpc(ifp, 1);
4940 		brcmf_configure_arp_nd_offload(ifp, true);
4941 	}
4942 	return err;
4943 }
4944 
brcmf_cfg80211_stop_ap(struct wiphy * wiphy,struct net_device * ndev,unsigned int link_id)4945 static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev,
4946 				  unsigned int link_id)
4947 {
4948 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4949 	struct brcmf_if *ifp = netdev_priv(ndev);
4950 	struct brcmf_pub *drvr = cfg->pub;
4951 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4952 	s32 err;
4953 	struct brcmf_fil_bss_enable_le bss_enable;
4954 	struct brcmf_join_params join_params;
4955 
4956 	brcmf_dbg(TRACE, "Enter\n");
4957 
4958 	if (ifp->vif->wdev.iftype == NL80211_IFTYPE_AP) {
4959 		/* Due to most likely deauths outstanding we sleep */
4960 		/* first to make sure they get processed by fw. */
4961 		msleep(400);
4962 
4963 		if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) {
4964 			if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK))
4965 				brcmf_set_pmk(ifp, NULL, 0);
4966 			if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE))
4967 				brcmf_set_sae_password(ifp, NULL, 0);
4968 			profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4969 		}
4970 
4971 		if (ifp->vif->mbss) {
4972 			err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4973 			return err;
4974 		}
4975 
4976 		/* First BSS doesn't get a full reset */
4977 		if (ifp->bsscfgidx == 0)
4978 			brcmf_fil_iovar_int_set(ifp, "closednet", 0);
4979 
4980 		memset(&join_params, 0, sizeof(join_params));
4981 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4982 					     &join_params, sizeof(join_params));
4983 		if (err < 0)
4984 			bphy_err(drvr, "SET SSID error (%d)\n", err);
4985 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4986 		if (err < 0)
4987 			bphy_err(drvr, "BRCMF_C_DOWN error %d\n", err);
4988 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0);
4989 		if (err < 0)
4990 			bphy_err(drvr, "setting AP mode failed %d\n", err);
4991 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
4992 			brcmf_fil_iovar_int_set(ifp, "mbss", 0);
4993 		brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4994 				      ifp->vif->is_11d);
4995 		/* Bring device back up so it can be used again */
4996 		err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4997 		if (err < 0)
4998 			bphy_err(drvr, "BRCMF_C_UP error %d\n", err);
4999 
5000 		brcmf_vif_clear_mgmt_ies(ifp->vif);
5001 	} else {
5002 		bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
5003 		bss_enable.enable = cpu_to_le32(0);
5004 		err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
5005 					       sizeof(bss_enable));
5006 		if (err < 0)
5007 			bphy_err(drvr, "bss_enable config failed %d\n", err);
5008 	}
5009 	brcmf_set_mpc(ifp, 1);
5010 	brcmf_configure_arp_nd_offload(ifp, true);
5011 	clear_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
5012 	brcmf_net_setcarrier(ifp, false);
5013 
5014 	return err;
5015 }
5016 
5017 static s32
brcmf_cfg80211_change_beacon(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_beacon_data * info)5018 brcmf_cfg80211_change_beacon(struct wiphy *wiphy, struct net_device *ndev,
5019 			     struct cfg80211_beacon_data *info)
5020 {
5021 	struct brcmf_if *ifp = netdev_priv(ndev);
5022 
5023 	brcmf_dbg(TRACE, "Enter\n");
5024 
5025 	return brcmf_config_ap_mgmt_ie(ifp->vif, info);
5026 }
5027 
5028 static int
brcmf_cfg80211_del_station(struct wiphy * wiphy,struct net_device * ndev,struct station_del_parameters * params)5029 brcmf_cfg80211_del_station(struct wiphy *wiphy, struct net_device *ndev,
5030 			   struct station_del_parameters *params)
5031 {
5032 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5033 	struct brcmf_pub *drvr = cfg->pub;
5034 	struct brcmf_scb_val_le scbval;
5035 	struct brcmf_if *ifp = netdev_priv(ndev);
5036 	s32 err;
5037 
5038 	if (!params->mac)
5039 		return -EFAULT;
5040 
5041 	brcmf_dbg(TRACE, "Enter %pM\n", params->mac);
5042 
5043 	if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
5044 		ifp = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif->ifp;
5045 	if (!check_vif_up(ifp->vif))
5046 		return -EIO;
5047 
5048 	memcpy(&scbval.ea, params->mac, ETH_ALEN);
5049 	scbval.val = cpu_to_le32(params->reason_code);
5050 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCB_DEAUTHENTICATE_FOR_REASON,
5051 				     &scbval, sizeof(scbval));
5052 	if (err)
5053 		bphy_err(drvr, "SCB_DEAUTHENTICATE_FOR_REASON failed %d\n",
5054 			 err);
5055 
5056 	brcmf_dbg(TRACE, "Exit\n");
5057 	return err;
5058 }
5059 
5060 static int
brcmf_cfg80211_change_station(struct wiphy * wiphy,struct net_device * ndev,const u8 * mac,struct station_parameters * params)5061 brcmf_cfg80211_change_station(struct wiphy *wiphy, struct net_device *ndev,
5062 			      const u8 *mac, struct station_parameters *params)
5063 {
5064 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5065 	struct brcmf_pub *drvr = cfg->pub;
5066 	struct brcmf_if *ifp = netdev_priv(ndev);
5067 	s32 err;
5068 
5069 	brcmf_dbg(TRACE, "Enter, MAC %pM, mask 0x%04x set 0x%04x\n", mac,
5070 		  params->sta_flags_mask, params->sta_flags_set);
5071 
5072 	/* Ignore all 00 MAC */
5073 	if (is_zero_ether_addr(mac))
5074 		return 0;
5075 
5076 	if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5077 		return 0;
5078 
5079 	if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED))
5080 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_AUTHORIZE,
5081 					     (void *)mac, ETH_ALEN);
5082 	else
5083 		err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_DEAUTHORIZE,
5084 					     (void *)mac, ETH_ALEN);
5085 	if (err < 0)
5086 		bphy_err(drvr, "Setting SCB (de-)authorize failed, %d\n", err);
5087 
5088 	return err;
5089 }
5090 
5091 static void
brcmf_cfg80211_update_mgmt_frame_registrations(struct wiphy * wiphy,struct wireless_dev * wdev,struct mgmt_frame_regs * upd)5092 brcmf_cfg80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
5093 					       struct wireless_dev *wdev,
5094 					       struct mgmt_frame_regs *upd)
5095 {
5096 	struct brcmf_cfg80211_vif *vif;
5097 
5098 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5099 
5100 	vif->mgmt_rx_reg = upd->interface_stypes;
5101 }
5102 
5103 
5104 static int
brcmf_cfg80211_mgmt_tx(struct wiphy * wiphy,struct wireless_dev * wdev,struct cfg80211_mgmt_tx_params * params,u64 * cookie)5105 brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
5106 		       struct cfg80211_mgmt_tx_params *params, u64 *cookie)
5107 {
5108 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5109 	struct ieee80211_channel *chan = params->chan;
5110 	struct brcmf_pub *drvr = cfg->pub;
5111 	const u8 *buf = params->buf;
5112 	size_t len = params->len;
5113 	const struct ieee80211_mgmt *mgmt;
5114 	struct brcmf_cfg80211_vif *vif;
5115 	s32 err = 0;
5116 	s32 ie_offset;
5117 	s32 ie_len;
5118 	struct brcmf_fil_action_frame_le *action_frame;
5119 	struct brcmf_fil_af_params_le *af_params;
5120 	bool ack;
5121 	s32 chan_nr;
5122 	u32 freq;
5123 
5124 	brcmf_dbg(TRACE, "Enter\n");
5125 
5126 	*cookie = 0;
5127 
5128 	mgmt = (const struct ieee80211_mgmt *)buf;
5129 
5130 	if (!ieee80211_is_mgmt(mgmt->frame_control)) {
5131 		bphy_err(drvr, "Driver only allows MGMT packet type\n");
5132 		return -EPERM;
5133 	}
5134 
5135 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5136 
5137 	if (ieee80211_is_probe_resp(mgmt->frame_control)) {
5138 		/* Right now the only reason to get a probe response */
5139 		/* is for p2p listen response or for p2p GO from     */
5140 		/* wpa_supplicant. Unfortunately the probe is send   */
5141 		/* on primary ndev, while dongle wants it on the p2p */
5142 		/* vif. Since this is only reason for a probe        */
5143 		/* response to be sent, the vif is taken from cfg.   */
5144 		/* If ever desired to send proberesp for non p2p     */
5145 		/* response then data should be checked for          */
5146 		/* "DIRECT-". Note in future supplicant will take    */
5147 		/* dedicated p2p wdev to do this and then this 'hack'*/
5148 		/* is not needed anymore.                            */
5149 		ie_offset =  DOT11_MGMT_HDR_LEN +
5150 			     DOT11_BCN_PRB_FIXED_LEN;
5151 		ie_len = len - ie_offset;
5152 		if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif)
5153 			vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5154 		err = brcmf_vif_set_mgmt_ie(vif,
5155 					    BRCMF_VNDR_IE_PRBRSP_FLAG,
5156 					    &buf[ie_offset],
5157 					    ie_len);
5158 		cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true,
5159 					GFP_KERNEL);
5160 	} else if (ieee80211_is_action(mgmt->frame_control)) {
5161 		if (len > BRCMF_FIL_ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN) {
5162 			bphy_err(drvr, "invalid action frame length\n");
5163 			err = -EINVAL;
5164 			goto exit;
5165 		}
5166 		af_params = kzalloc(sizeof(*af_params), GFP_KERNEL);
5167 		if (af_params == NULL) {
5168 			bphy_err(drvr, "unable to allocate frame\n");
5169 			err = -ENOMEM;
5170 			goto exit;
5171 		}
5172 		action_frame = &af_params->action_frame;
5173 		/* Add the packet Id */
5174 		action_frame->packet_id = cpu_to_le32(*cookie);
5175 		/* Add BSSID */
5176 		memcpy(&action_frame->da[0], &mgmt->da[0], ETH_ALEN);
5177 		memcpy(&af_params->bssid[0], &mgmt->bssid[0], ETH_ALEN);
5178 		/* Add the length exepted for 802.11 header  */
5179 		action_frame->len = cpu_to_le16(len - DOT11_MGMT_HDR_LEN);
5180 		/* Add the channel. Use the one specified as parameter if any or
5181 		 * the current one (got from the firmware) otherwise
5182 		 */
5183 		if (chan)
5184 			freq = chan->center_freq;
5185 		else
5186 			brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
5187 					      &freq);
5188 		chan_nr = ieee80211_frequency_to_channel(freq);
5189 		af_params->channel = cpu_to_le32(chan_nr);
5190 		af_params->dwell_time = cpu_to_le32(params->wait);
5191 		memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN],
5192 		       le16_to_cpu(action_frame->len));
5193 
5194 		brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, freq=%d\n",
5195 			  *cookie, le16_to_cpu(action_frame->len), freq);
5196 
5197 		ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg),
5198 						  af_params);
5199 
5200 		cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
5201 					GFP_KERNEL);
5202 		kfree(af_params);
5203 	} else {
5204 		brcmf_dbg(TRACE, "Unhandled, fc=%04x!!\n", mgmt->frame_control);
5205 		brcmf_dbg_hex_dump(true, buf, len, "payload, len=%zu\n", len);
5206 	}
5207 
5208 exit:
5209 	return err;
5210 }
5211 
brcmf_cfg80211_set_cqm_rssi_range_config(struct wiphy * wiphy,struct net_device * ndev,s32 rssi_low,s32 rssi_high)5212 static int brcmf_cfg80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
5213 						    struct net_device *ndev,
5214 						    s32 rssi_low, s32 rssi_high)
5215 {
5216 	struct brcmf_cfg80211_vif *vif;
5217 	struct brcmf_if *ifp;
5218 	int err = 0;
5219 
5220 	brcmf_dbg(TRACE, "low=%d high=%d", rssi_low, rssi_high);
5221 
5222 	ifp = netdev_priv(ndev);
5223 	vif = ifp->vif;
5224 
5225 	if (rssi_low != vif->cqm_rssi_low || rssi_high != vif->cqm_rssi_high) {
5226 		/* The firmware will send an event when the RSSI is less than or
5227 		 * equal to a configured level and the previous RSSI event was
5228 		 * less than or equal to a different level. Set a third level
5229 		 * so that we also detect the transition from rssi <= rssi_high
5230 		 * to rssi > rssi_high.
5231 		 */
5232 		struct brcmf_rssi_event_le config = {
5233 			.rate_limit_msec = cpu_to_le32(0),
5234 			.rssi_level_num = 3,
5235 			.rssi_levels = {
5236 				clamp_val(rssi_low, S8_MIN, S8_MAX - 2),
5237 				clamp_val(rssi_high, S8_MIN + 1, S8_MAX - 1),
5238 				S8_MAX,
5239 			},
5240 		};
5241 
5242 		err = brcmf_fil_iovar_data_set(ifp, "rssi_event", &config,
5243 					       sizeof(config));
5244 		if (err) {
5245 			err = -EINVAL;
5246 		} else {
5247 			vif->cqm_rssi_low = rssi_low;
5248 			vif->cqm_rssi_high = rssi_high;
5249 		}
5250 	}
5251 
5252 	return err;
5253 }
5254 
5255 static int
brcmf_cfg80211_cancel_remain_on_channel(struct wiphy * wiphy,struct wireless_dev * wdev,u64 cookie)5256 brcmf_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy,
5257 					struct wireless_dev *wdev,
5258 					u64 cookie)
5259 {
5260 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5261 	struct brcmf_pub *drvr = cfg->pub;
5262 	struct brcmf_cfg80211_vif *vif;
5263 	int err = 0;
5264 
5265 	brcmf_dbg(TRACE, "Enter p2p listen cancel\n");
5266 
5267 	vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5268 	if (vif == NULL) {
5269 		bphy_err(drvr, "No p2p device available for probe response\n");
5270 		err = -ENODEV;
5271 		goto exit;
5272 	}
5273 	brcmf_p2p_cancel_remain_on_channel(vif->ifp);
5274 exit:
5275 	return err;
5276 }
5277 
brcmf_cfg80211_get_channel(struct wiphy * wiphy,struct wireless_dev * wdev,unsigned int link_id,struct cfg80211_chan_def * chandef)5278 static int brcmf_cfg80211_get_channel(struct wiphy *wiphy,
5279 				      struct wireless_dev *wdev,
5280 				      unsigned int link_id,
5281 				      struct cfg80211_chan_def *chandef)
5282 {
5283 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5284 	struct net_device *ndev = wdev->netdev;
5285 	struct brcmf_pub *drvr = cfg->pub;
5286 	struct brcmu_chan ch;
5287 	enum nl80211_band band = 0;
5288 	enum nl80211_chan_width width = 0;
5289 	u32 chanspec;
5290 	int freq, err;
5291 
5292 	if (!ndev || drvr->bus_if->state != BRCMF_BUS_UP)
5293 		return -ENODEV;
5294 
5295 	err = brcmf_fil_iovar_int_get(netdev_priv(ndev), "chanspec", &chanspec);
5296 	if (err) {
5297 		bphy_err(drvr, "chanspec failed (%d)\n", err);
5298 		return err;
5299 	}
5300 
5301 	ch.chspec = chanspec;
5302 	cfg->d11inf.decchspec(&ch);
5303 
5304 	switch (ch.band) {
5305 	case BRCMU_CHAN_BAND_2G:
5306 		band = NL80211_BAND_2GHZ;
5307 		break;
5308 	case BRCMU_CHAN_BAND_5G:
5309 		band = NL80211_BAND_5GHZ;
5310 		break;
5311 	}
5312 
5313 	switch (ch.bw) {
5314 	case BRCMU_CHAN_BW_80:
5315 		width = NL80211_CHAN_WIDTH_80;
5316 		break;
5317 	case BRCMU_CHAN_BW_40:
5318 		width = NL80211_CHAN_WIDTH_40;
5319 		break;
5320 	case BRCMU_CHAN_BW_20:
5321 		width = NL80211_CHAN_WIDTH_20;
5322 		break;
5323 	case BRCMU_CHAN_BW_80P80:
5324 		width = NL80211_CHAN_WIDTH_80P80;
5325 		break;
5326 	case BRCMU_CHAN_BW_160:
5327 		width = NL80211_CHAN_WIDTH_160;
5328 		break;
5329 	}
5330 
5331 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band);
5332 	chandef->chan = ieee80211_get_channel(wiphy, freq);
5333 	chandef->width = width;
5334 	chandef->center_freq1 = ieee80211_channel_to_frequency(ch.chnum, band);
5335 	chandef->center_freq2 = 0;
5336 
5337 	return 0;
5338 }
5339 
brcmf_cfg80211_crit_proto_start(struct wiphy * wiphy,struct wireless_dev * wdev,enum nl80211_crit_proto_id proto,u16 duration)5340 static int brcmf_cfg80211_crit_proto_start(struct wiphy *wiphy,
5341 					   struct wireless_dev *wdev,
5342 					   enum nl80211_crit_proto_id proto,
5343 					   u16 duration)
5344 {
5345 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5346 	struct brcmf_cfg80211_vif *vif;
5347 
5348 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5349 
5350 	/* only DHCP support for now */
5351 	if (proto != NL80211_CRIT_PROTO_DHCP)
5352 		return -EINVAL;
5353 
5354 	/* suppress and abort scanning */
5355 	set_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5356 	brcmf_abort_scanning(cfg);
5357 
5358 	return brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_DISABLED, duration);
5359 }
5360 
brcmf_cfg80211_crit_proto_stop(struct wiphy * wiphy,struct wireless_dev * wdev)5361 static void brcmf_cfg80211_crit_proto_stop(struct wiphy *wiphy,
5362 					   struct wireless_dev *wdev)
5363 {
5364 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5365 	struct brcmf_cfg80211_vif *vif;
5366 
5367 	vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5368 
5369 	brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
5370 	clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5371 }
5372 
5373 static s32
brcmf_notify_tdls_peer_event(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)5374 brcmf_notify_tdls_peer_event(struct brcmf_if *ifp,
5375 			     const struct brcmf_event_msg *e, void *data)
5376 {
5377 	switch (e->reason) {
5378 	case BRCMF_E_REASON_TDLS_PEER_DISCOVERED:
5379 		brcmf_dbg(TRACE, "TDLS Peer Discovered\n");
5380 		break;
5381 	case BRCMF_E_REASON_TDLS_PEER_CONNECTED:
5382 		brcmf_dbg(TRACE, "TDLS Peer Connected\n");
5383 		brcmf_proto_add_tdls_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5384 		break;
5385 	case BRCMF_E_REASON_TDLS_PEER_DISCONNECTED:
5386 		brcmf_dbg(TRACE, "TDLS Peer Disconnected\n");
5387 		brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5388 		break;
5389 	}
5390 
5391 	return 0;
5392 }
5393 
brcmf_convert_nl80211_tdls_oper(enum nl80211_tdls_operation oper)5394 static int brcmf_convert_nl80211_tdls_oper(enum nl80211_tdls_operation oper)
5395 {
5396 	int ret;
5397 
5398 	switch (oper) {
5399 	case NL80211_TDLS_DISCOVERY_REQ:
5400 		ret = BRCMF_TDLS_MANUAL_EP_DISCOVERY;
5401 		break;
5402 	case NL80211_TDLS_SETUP:
5403 		ret = BRCMF_TDLS_MANUAL_EP_CREATE;
5404 		break;
5405 	case NL80211_TDLS_TEARDOWN:
5406 		ret = BRCMF_TDLS_MANUAL_EP_DELETE;
5407 		break;
5408 	default:
5409 		brcmf_err("unsupported operation: %d\n", oper);
5410 		ret = -EOPNOTSUPP;
5411 	}
5412 	return ret;
5413 }
5414 
brcmf_cfg80211_tdls_oper(struct wiphy * wiphy,struct net_device * ndev,const u8 * peer,enum nl80211_tdls_operation oper)5415 static int brcmf_cfg80211_tdls_oper(struct wiphy *wiphy,
5416 				    struct net_device *ndev, const u8 *peer,
5417 				    enum nl80211_tdls_operation oper)
5418 {
5419 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5420 	struct brcmf_pub *drvr = cfg->pub;
5421 	struct brcmf_if *ifp;
5422 	struct brcmf_tdls_iovar_le info;
5423 	int ret = 0;
5424 
5425 	ret = brcmf_convert_nl80211_tdls_oper(oper);
5426 	if (ret < 0)
5427 		return ret;
5428 
5429 	ifp = netdev_priv(ndev);
5430 	memset(&info, 0, sizeof(info));
5431 	info.mode = (u8)ret;
5432 	if (peer)
5433 		memcpy(info.ea, peer, ETH_ALEN);
5434 
5435 	ret = brcmf_fil_iovar_data_set(ifp, "tdls_endpoint",
5436 				       &info, sizeof(info));
5437 	if (ret < 0)
5438 		bphy_err(drvr, "tdls_endpoint iovar failed: ret=%d\n", ret);
5439 
5440 	return ret;
5441 }
5442 
5443 static int
brcmf_cfg80211_update_conn_params(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_connect_params * sme,u32 changed)5444 brcmf_cfg80211_update_conn_params(struct wiphy *wiphy,
5445 				  struct net_device *ndev,
5446 				  struct cfg80211_connect_params *sme,
5447 				  u32 changed)
5448 {
5449 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5450 	struct brcmf_pub *drvr = cfg->pub;
5451 	struct brcmf_if *ifp;
5452 	int err;
5453 
5454 	if (!(changed & UPDATE_ASSOC_IES))
5455 		return 0;
5456 
5457 	ifp = netdev_priv(ndev);
5458 	err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
5459 				    sme->ie, sme->ie_len);
5460 	if (err)
5461 		bphy_err(drvr, "Set Assoc REQ IE Failed\n");
5462 	else
5463 		brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
5464 
5465 	return err;
5466 }
5467 
5468 #ifdef CONFIG_PM
5469 static int
brcmf_cfg80211_set_rekey_data(struct wiphy * wiphy,struct net_device * ndev,struct cfg80211_gtk_rekey_data * gtk)5470 brcmf_cfg80211_set_rekey_data(struct wiphy *wiphy, struct net_device *ndev,
5471 			      struct cfg80211_gtk_rekey_data *gtk)
5472 {
5473 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5474 	struct brcmf_pub *drvr = cfg->pub;
5475 	struct brcmf_if *ifp = netdev_priv(ndev);
5476 	struct brcmf_gtk_keyinfo_le gtk_le;
5477 	int ret;
5478 
5479 	brcmf_dbg(TRACE, "Enter, bssidx=%d\n", ifp->bsscfgidx);
5480 
5481 	memcpy(gtk_le.kck, gtk->kck, sizeof(gtk_le.kck));
5482 	memcpy(gtk_le.kek, gtk->kek, sizeof(gtk_le.kek));
5483 	memcpy(gtk_le.replay_counter, gtk->replay_ctr,
5484 	       sizeof(gtk_le.replay_counter));
5485 
5486 	ret = brcmf_fil_iovar_data_set(ifp, "gtk_key_info", &gtk_le,
5487 				       sizeof(gtk_le));
5488 	if (ret < 0)
5489 		bphy_err(drvr, "gtk_key_info iovar failed: ret=%d\n", ret);
5490 
5491 	return ret;
5492 }
5493 #endif
5494 
brcmf_cfg80211_set_pmk(struct wiphy * wiphy,struct net_device * dev,const struct cfg80211_pmk_conf * conf)5495 static int brcmf_cfg80211_set_pmk(struct wiphy *wiphy, struct net_device *dev,
5496 				  const struct cfg80211_pmk_conf *conf)
5497 {
5498 	struct brcmf_if *ifp;
5499 
5500 	brcmf_dbg(TRACE, "enter\n");
5501 
5502 	/* expect using firmware supplicant for 1X */
5503 	ifp = netdev_priv(dev);
5504 	if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5505 		return -EINVAL;
5506 
5507 	if (conf->pmk_len > BRCMF_WSEC_MAX_PSK_LEN)
5508 		return -ERANGE;
5509 
5510 	return brcmf_set_pmk(ifp, conf->pmk, conf->pmk_len);
5511 }
5512 
brcmf_cfg80211_del_pmk(struct wiphy * wiphy,struct net_device * dev,const u8 * aa)5513 static int brcmf_cfg80211_del_pmk(struct wiphy *wiphy, struct net_device *dev,
5514 				  const u8 *aa)
5515 {
5516 	struct brcmf_if *ifp;
5517 
5518 	brcmf_dbg(TRACE, "enter\n");
5519 	ifp = netdev_priv(dev);
5520 	if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5521 		return -EINVAL;
5522 
5523 	return brcmf_set_pmk(ifp, NULL, 0);
5524 }
5525 
5526 static struct cfg80211_ops brcmf_cfg80211_ops = {
5527 	.add_virtual_intf = brcmf_cfg80211_add_iface,
5528 	.del_virtual_intf = brcmf_cfg80211_del_iface,
5529 	.change_virtual_intf = brcmf_cfg80211_change_iface,
5530 	.scan = brcmf_cfg80211_scan,
5531 	.set_wiphy_params = brcmf_cfg80211_set_wiphy_params,
5532 	.join_ibss = brcmf_cfg80211_join_ibss,
5533 	.leave_ibss = brcmf_cfg80211_leave_ibss,
5534 	.get_station = brcmf_cfg80211_get_station,
5535 	.dump_station = brcmf_cfg80211_dump_station,
5536 	.set_tx_power = brcmf_cfg80211_set_tx_power,
5537 	.get_tx_power = brcmf_cfg80211_get_tx_power,
5538 	.add_key = brcmf_cfg80211_add_key,
5539 	.del_key = brcmf_cfg80211_del_key,
5540 	.get_key = brcmf_cfg80211_get_key,
5541 	.set_default_key = brcmf_cfg80211_config_default_key,
5542 	.set_default_mgmt_key = brcmf_cfg80211_config_default_mgmt_key,
5543 	.set_power_mgmt = brcmf_cfg80211_set_power_mgmt,
5544 	.connect = brcmf_cfg80211_connect,
5545 	.disconnect = brcmf_cfg80211_disconnect,
5546 	.suspend = brcmf_cfg80211_suspend,
5547 	.resume = brcmf_cfg80211_resume,
5548 	.set_pmksa = brcmf_cfg80211_set_pmksa,
5549 	.del_pmksa = brcmf_cfg80211_del_pmksa,
5550 	.flush_pmksa = brcmf_cfg80211_flush_pmksa,
5551 	.start_ap = brcmf_cfg80211_start_ap,
5552 	.stop_ap = brcmf_cfg80211_stop_ap,
5553 	.change_beacon = brcmf_cfg80211_change_beacon,
5554 	.del_station = brcmf_cfg80211_del_station,
5555 	.change_station = brcmf_cfg80211_change_station,
5556 	.sched_scan_start = brcmf_cfg80211_sched_scan_start,
5557 	.sched_scan_stop = brcmf_cfg80211_sched_scan_stop,
5558 	.update_mgmt_frame_registrations =
5559 		brcmf_cfg80211_update_mgmt_frame_registrations,
5560 	.mgmt_tx = brcmf_cfg80211_mgmt_tx,
5561 	.set_cqm_rssi_range_config = brcmf_cfg80211_set_cqm_rssi_range_config,
5562 	.remain_on_channel = brcmf_p2p_remain_on_channel,
5563 	.cancel_remain_on_channel = brcmf_cfg80211_cancel_remain_on_channel,
5564 	.get_channel = brcmf_cfg80211_get_channel,
5565 	.start_p2p_device = brcmf_p2p_start_device,
5566 	.stop_p2p_device = brcmf_p2p_stop_device,
5567 	.crit_proto_start = brcmf_cfg80211_crit_proto_start,
5568 	.crit_proto_stop = brcmf_cfg80211_crit_proto_stop,
5569 	.tdls_oper = brcmf_cfg80211_tdls_oper,
5570 	.update_connect_params = brcmf_cfg80211_update_conn_params,
5571 	.set_pmk = brcmf_cfg80211_set_pmk,
5572 	.del_pmk = brcmf_cfg80211_del_pmk,
5573 };
5574 
brcmf_cfg80211_get_ops(struct brcmf_mp_device * settings)5575 struct cfg80211_ops *brcmf_cfg80211_get_ops(struct brcmf_mp_device *settings)
5576 {
5577 	struct cfg80211_ops *ops;
5578 
5579 	ops = kmemdup(&brcmf_cfg80211_ops, sizeof(brcmf_cfg80211_ops),
5580 		       GFP_KERNEL);
5581 
5582 	if (ops && settings->roamoff)
5583 		ops->update_connect_params = NULL;
5584 
5585 	return ops;
5586 }
5587 
brcmf_alloc_vif(struct brcmf_cfg80211_info * cfg,enum nl80211_iftype type)5588 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
5589 					   enum nl80211_iftype type)
5590 {
5591 	struct brcmf_cfg80211_vif *vif_walk;
5592 	struct brcmf_cfg80211_vif *vif;
5593 	bool mbss;
5594 	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
5595 
5596 	brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n",
5597 		  sizeof(*vif));
5598 	vif = kzalloc(sizeof(*vif), GFP_KERNEL);
5599 	if (!vif)
5600 		return ERR_PTR(-ENOMEM);
5601 
5602 	vif->wdev.wiphy = cfg->wiphy;
5603 	vif->wdev.iftype = type;
5604 
5605 	brcmf_init_prof(&vif->profile);
5606 
5607 	if (type == NL80211_IFTYPE_AP &&
5608 	    brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) {
5609 		mbss = false;
5610 		list_for_each_entry(vif_walk, &cfg->vif_list, list) {
5611 			if (vif_walk->wdev.iftype == NL80211_IFTYPE_AP) {
5612 				mbss = true;
5613 				break;
5614 			}
5615 		}
5616 		vif->mbss = mbss;
5617 	}
5618 
5619 	list_add_tail(&vif->list, &cfg->vif_list);
5620 	return vif;
5621 }
5622 
brcmf_free_vif(struct brcmf_cfg80211_vif * vif)5623 void brcmf_free_vif(struct brcmf_cfg80211_vif *vif)
5624 {
5625 	list_del(&vif->list);
5626 	kfree(vif);
5627 }
5628 
brcmf_cfg80211_free_netdev(struct net_device * ndev)5629 void brcmf_cfg80211_free_netdev(struct net_device *ndev)
5630 {
5631 	struct brcmf_cfg80211_vif *vif;
5632 	struct brcmf_if *ifp;
5633 
5634 	ifp = netdev_priv(ndev);
5635 	vif = ifp->vif;
5636 
5637 	if (vif)
5638 		brcmf_free_vif(vif);
5639 }
5640 
brcmf_is_linkup(struct brcmf_cfg80211_vif * vif,const struct brcmf_event_msg * e)5641 static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
5642 			    const struct brcmf_event_msg *e)
5643 {
5644 	u32 event = e->event_code;
5645 	u32 status = e->status;
5646 
5647 	if ((vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_PSK ||
5648 	     vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_SAE) &&
5649 	    event == BRCMF_E_PSK_SUP &&
5650 	    status == BRCMF_E_STATUS_FWSUP_COMPLETED)
5651 		set_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5652 	if (event == BRCMF_E_SET_SSID && status == BRCMF_E_STATUS_SUCCESS) {
5653 		brcmf_dbg(CONN, "Processing set ssid\n");
5654 		memcpy(vif->profile.bssid, e->addr, ETH_ALEN);
5655 		if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK &&
5656 		    vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_SAE)
5657 			return true;
5658 
5659 		set_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5660 	}
5661 
5662 	if (test_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state) &&
5663 	    test_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state)) {
5664 		clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5665 		clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5666 		return true;
5667 	}
5668 	return false;
5669 }
5670 
brcmf_is_linkdown(struct brcmf_cfg80211_vif * vif,const struct brcmf_event_msg * e)5671 static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
5672 			    const struct brcmf_event_msg *e)
5673 {
5674 	u32 event = e->event_code;
5675 	u16 flags = e->flags;
5676 
5677 	if ((event == BRCMF_E_DEAUTH) || (event == BRCMF_E_DEAUTH_IND) ||
5678 	    (event == BRCMF_E_DISASSOC_IND) ||
5679 	    ((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
5680 		brcmf_dbg(CONN, "Processing link down\n");
5681 		clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5682 		clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5683 		return true;
5684 	}
5685 	return false;
5686 }
5687 
brcmf_is_nonetwork(struct brcmf_cfg80211_info * cfg,const struct brcmf_event_msg * e)5688 static bool brcmf_is_nonetwork(struct brcmf_cfg80211_info *cfg,
5689 			       const struct brcmf_event_msg *e)
5690 {
5691 	u32 event = e->event_code;
5692 	u32 status = e->status;
5693 
5694 	if (event == BRCMF_E_LINK && status == BRCMF_E_STATUS_NO_NETWORKS) {
5695 		brcmf_dbg(CONN, "Processing Link %s & no network found\n",
5696 			  e->flags & BRCMF_EVENT_MSG_LINK ? "up" : "down");
5697 		return true;
5698 	}
5699 
5700 	if (event == BRCMF_E_SET_SSID && status != BRCMF_E_STATUS_SUCCESS) {
5701 		brcmf_dbg(CONN, "Processing connecting & no network found\n");
5702 		return true;
5703 	}
5704 
5705 	if (event == BRCMF_E_PSK_SUP &&
5706 	    status != BRCMF_E_STATUS_FWSUP_COMPLETED) {
5707 		brcmf_dbg(CONN, "Processing failed supplicant state: %u\n",
5708 			  status);
5709 		return true;
5710 	}
5711 
5712 	return false;
5713 }
5714 
brcmf_clear_assoc_ies(struct brcmf_cfg80211_info * cfg)5715 static void brcmf_clear_assoc_ies(struct brcmf_cfg80211_info *cfg)
5716 {
5717 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5718 
5719 	kfree(conn_info->req_ie);
5720 	conn_info->req_ie = NULL;
5721 	conn_info->req_ie_len = 0;
5722 	kfree(conn_info->resp_ie);
5723 	conn_info->resp_ie = NULL;
5724 	conn_info->resp_ie_len = 0;
5725 }
5726 
brcmf_map_prio_to_prec(void * config,u8 prio)5727 u8 brcmf_map_prio_to_prec(void *config, u8 prio)
5728 {
5729 	struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5730 
5731 	if (!cfg)
5732 		return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ?
5733 		       (prio ^ 2) : prio;
5734 
5735 	/* For those AC(s) with ACM flag set to 1, convert its 4-level priority
5736 	 * to an 8-level precedence which is the same as BE's
5737 	 */
5738 	if (prio > PRIO_8021D_EE &&
5739 	    cfg->ac_priority[prio] == cfg->ac_priority[PRIO_8021D_BE])
5740 		return cfg->ac_priority[prio] * 2;
5741 
5742 	/* Conversion of 4-level priority to 8-level precedence */
5743 	if (prio == PRIO_8021D_BE || prio == PRIO_8021D_BK ||
5744 	    prio == PRIO_8021D_CL || prio == PRIO_8021D_VO)
5745 		return cfg->ac_priority[prio] * 2;
5746 	else
5747 		return cfg->ac_priority[prio] * 2 + 1;
5748 }
5749 
brcmf_map_prio_to_aci(void * config,u8 prio)5750 u8 brcmf_map_prio_to_aci(void *config, u8 prio)
5751 {
5752 	/* Prio here refers to the 802.1d priority in range of 0 to 7.
5753 	 * ACI here refers to the WLAN AC Index in range of 0 to 3.
5754 	 * This function will return ACI corresponding to input prio.
5755 	 */
5756 	struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5757 
5758 	if (cfg)
5759 		return cfg->ac_priority[prio];
5760 
5761 	return prio;
5762 }
5763 
brcmf_init_wmm_prio(u8 * priority)5764 static void brcmf_init_wmm_prio(u8 *priority)
5765 {
5766 	/* Initialize AC priority array to default
5767 	 * 802.1d priority as per following table:
5768 	 * 802.1d prio 0,3 maps to BE
5769 	 * 802.1d prio 1,2 maps to BK
5770 	 * 802.1d prio 4,5 maps to VI
5771 	 * 802.1d prio 6,7 maps to VO
5772 	 */
5773 	priority[0] = BRCMF_FWS_FIFO_AC_BE;
5774 	priority[3] = BRCMF_FWS_FIFO_AC_BE;
5775 	priority[1] = BRCMF_FWS_FIFO_AC_BK;
5776 	priority[2] = BRCMF_FWS_FIFO_AC_BK;
5777 	priority[4] = BRCMF_FWS_FIFO_AC_VI;
5778 	priority[5] = BRCMF_FWS_FIFO_AC_VI;
5779 	priority[6] = BRCMF_FWS_FIFO_AC_VO;
5780 	priority[7] = BRCMF_FWS_FIFO_AC_VO;
5781 }
5782 
brcmf_wifi_prioritize_acparams(const struct brcmf_cfg80211_edcf_acparam * acp,u8 * priority)5783 static void brcmf_wifi_prioritize_acparams(const
5784 	struct brcmf_cfg80211_edcf_acparam *acp, u8 *priority)
5785 {
5786 	u8 aci;
5787 	u8 aifsn;
5788 	u8 ecwmin;
5789 	u8 ecwmax;
5790 	u8 acm;
5791 	u8 ranking_basis[EDCF_AC_COUNT];
5792 	u8 aci_prio[EDCF_AC_COUNT]; /* AC_BE, AC_BK, AC_VI, AC_VO */
5793 	u8 index;
5794 
5795 	for (aci = 0; aci < EDCF_AC_COUNT; aci++, acp++) {
5796 		aifsn  = acp->ACI & EDCF_AIFSN_MASK;
5797 		acm = (acp->ACI & EDCF_ACM_MASK) ? 1 : 0;
5798 		ecwmin = acp->ECW & EDCF_ECWMIN_MASK;
5799 		ecwmax = (acp->ECW & EDCF_ECWMAX_MASK) >> EDCF_ECWMAX_SHIFT;
5800 		brcmf_dbg(CONN, "ACI %d aifsn %d acm %d ecwmin %d ecwmax %d\n",
5801 			  aci, aifsn, acm, ecwmin, ecwmax);
5802 		/* Default AC_VO will be the lowest ranking value */
5803 		ranking_basis[aci] = aifsn + ecwmin + ecwmax;
5804 		/* Initialise priority starting at 0 (AC_BE) */
5805 		aci_prio[aci] = 0;
5806 
5807 		/* If ACM is set, STA can't use this AC as per 802.11.
5808 		 * Change the ranking to BE
5809 		 */
5810 		if (aci != AC_BE && aci != AC_BK && acm == 1)
5811 			ranking_basis[aci] = ranking_basis[AC_BE];
5812 	}
5813 
5814 	/* Ranking method which works for AC priority
5815 	 * swapping when values for cwmin, cwmax and aifsn are varied
5816 	 * Compare each aci_prio against each other aci_prio
5817 	 */
5818 	for (aci = 0; aci < EDCF_AC_COUNT; aci++) {
5819 		for (index = 0; index < EDCF_AC_COUNT; index++) {
5820 			if (index != aci) {
5821 				/* Smaller ranking value has higher priority,
5822 				 * so increment priority for each ACI which has
5823 				 * a higher ranking value
5824 				 */
5825 				if (ranking_basis[aci] < ranking_basis[index])
5826 					aci_prio[aci]++;
5827 			}
5828 		}
5829 	}
5830 
5831 	/* By now, aci_prio[] will be in range of 0 to 3.
5832 	 * Use ACI prio to get the new priority value for
5833 	 * each 802.1d traffic type, in this range.
5834 	 */
5835 	if (!(aci_prio[AC_BE] == aci_prio[AC_BK] &&
5836 	      aci_prio[AC_BK] == aci_prio[AC_VI] &&
5837 	      aci_prio[AC_VI] == aci_prio[AC_VO])) {
5838 		/* 802.1d 0,3 maps to BE */
5839 		priority[0] = aci_prio[AC_BE];
5840 		priority[3] = aci_prio[AC_BE];
5841 
5842 		/* 802.1d 1,2 maps to BK */
5843 		priority[1] = aci_prio[AC_BK];
5844 		priority[2] = aci_prio[AC_BK];
5845 
5846 		/* 802.1d 4,5 maps to VO */
5847 		priority[4] = aci_prio[AC_VI];
5848 		priority[5] = aci_prio[AC_VI];
5849 
5850 		/* 802.1d 6,7 maps to VO */
5851 		priority[6] = aci_prio[AC_VO];
5852 		priority[7] = aci_prio[AC_VO];
5853 	} else {
5854 		/* Initialize to default priority */
5855 		brcmf_init_wmm_prio(priority);
5856 	}
5857 
5858 	brcmf_dbg(CONN, "Adj prio BE 0->%d, BK 1->%d, BK 2->%d, BE 3->%d\n",
5859 		  priority[0], priority[1], priority[2], priority[3]);
5860 
5861 	brcmf_dbg(CONN, "Adj prio VI 4->%d, VI 5->%d, VO 6->%d, VO 7->%d\n",
5862 		  priority[4], priority[5], priority[6], priority[7]);
5863 }
5864 
brcmf_get_assoc_ies(struct brcmf_cfg80211_info * cfg,struct brcmf_if * ifp)5865 static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
5866 			       struct brcmf_if *ifp)
5867 {
5868 	struct brcmf_pub *drvr = cfg->pub;
5869 	struct brcmf_cfg80211_assoc_ielen_le *assoc_info;
5870 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5871 	struct brcmf_cfg80211_edcf_acparam edcf_acparam_info[EDCF_AC_COUNT];
5872 	u32 req_len;
5873 	u32 resp_len;
5874 	s32 err = 0;
5875 
5876 	brcmf_clear_assoc_ies(cfg);
5877 
5878 	err = brcmf_fil_iovar_data_get(ifp, "assoc_info",
5879 				       cfg->extra_buf, WL_ASSOC_INFO_MAX);
5880 	if (err) {
5881 		bphy_err(drvr, "could not get assoc info (%d)\n", err);
5882 		return err;
5883 	}
5884 	assoc_info =
5885 		(struct brcmf_cfg80211_assoc_ielen_le *)cfg->extra_buf;
5886 	req_len = le32_to_cpu(assoc_info->req_len);
5887 	resp_len = le32_to_cpu(assoc_info->resp_len);
5888 	if (req_len) {
5889 		err = brcmf_fil_iovar_data_get(ifp, "assoc_req_ies",
5890 					       cfg->extra_buf,
5891 					       WL_ASSOC_INFO_MAX);
5892 		if (err) {
5893 			bphy_err(drvr, "could not get assoc req (%d)\n", err);
5894 			return err;
5895 		}
5896 		conn_info->req_ie_len = req_len;
5897 		conn_info->req_ie =
5898 		    kmemdup(cfg->extra_buf, conn_info->req_ie_len,
5899 			    GFP_KERNEL);
5900 		if (!conn_info->req_ie)
5901 			conn_info->req_ie_len = 0;
5902 	} else {
5903 		conn_info->req_ie_len = 0;
5904 		conn_info->req_ie = NULL;
5905 	}
5906 	if (resp_len) {
5907 		err = brcmf_fil_iovar_data_get(ifp, "assoc_resp_ies",
5908 					       cfg->extra_buf,
5909 					       WL_ASSOC_INFO_MAX);
5910 		if (err) {
5911 			bphy_err(drvr, "could not get assoc resp (%d)\n", err);
5912 			return err;
5913 		}
5914 		conn_info->resp_ie_len = resp_len;
5915 		conn_info->resp_ie =
5916 		    kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
5917 			    GFP_KERNEL);
5918 		if (!conn_info->resp_ie)
5919 			conn_info->resp_ie_len = 0;
5920 
5921 		err = brcmf_fil_iovar_data_get(ifp, "wme_ac_sta",
5922 					       edcf_acparam_info,
5923 					       sizeof(edcf_acparam_info));
5924 		if (err) {
5925 			brcmf_err("could not get wme_ac_sta (%d)\n", err);
5926 			return err;
5927 		}
5928 
5929 		brcmf_wifi_prioritize_acparams(edcf_acparam_info,
5930 					       cfg->ac_priority);
5931 	} else {
5932 		conn_info->resp_ie_len = 0;
5933 		conn_info->resp_ie = NULL;
5934 	}
5935 	brcmf_dbg(CONN, "req len (%d) resp len (%d)\n",
5936 		  conn_info->req_ie_len, conn_info->resp_ie_len);
5937 
5938 	return err;
5939 }
5940 
5941 static s32
brcmf_bss_roaming_done(struct brcmf_cfg80211_info * cfg,struct net_device * ndev,const struct brcmf_event_msg * e)5942 brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
5943 		       struct net_device *ndev,
5944 		       const struct brcmf_event_msg *e)
5945 {
5946 	struct brcmf_if *ifp = netdev_priv(ndev);
5947 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5948 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5949 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
5950 	struct ieee80211_channel *notify_channel = NULL;
5951 	struct ieee80211_supported_band *band;
5952 	struct brcmf_bss_info_le *bi;
5953 	struct brcmu_chan ch;
5954 	struct cfg80211_roam_info roam_info = {};
5955 	u32 freq;
5956 	s32 err = 0;
5957 	u8 *buf;
5958 
5959 	brcmf_dbg(TRACE, "Enter\n");
5960 
5961 	brcmf_get_assoc_ies(cfg, ifp);
5962 	memcpy(profile->bssid, e->addr, ETH_ALEN);
5963 	brcmf_update_bss_info(cfg, ifp);
5964 
5965 	buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
5966 	if (buf == NULL) {
5967 		err = -ENOMEM;
5968 		goto done;
5969 	}
5970 
5971 	/* data sent to dongle has to be little endian */
5972 	*(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
5973 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
5974 				     buf, WL_BSS_INFO_MAX);
5975 
5976 	if (err)
5977 		goto done;
5978 
5979 	bi = (struct brcmf_bss_info_le *)(buf + 4);
5980 	ch.chspec = le16_to_cpu(bi->chanspec);
5981 	cfg->d11inf.decchspec(&ch);
5982 
5983 	if (ch.band == BRCMU_CHAN_BAND_2G)
5984 		band = wiphy->bands[NL80211_BAND_2GHZ];
5985 	else
5986 		band = wiphy->bands[NL80211_BAND_5GHZ];
5987 
5988 	freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
5989 	notify_channel = ieee80211_get_channel(wiphy, freq);
5990 
5991 done:
5992 	kfree(buf);
5993 
5994 	roam_info.links[0].channel = notify_channel;
5995 	roam_info.links[0].bssid = profile->bssid;
5996 	roam_info.req_ie = conn_info->req_ie;
5997 	roam_info.req_ie_len = conn_info->req_ie_len;
5998 	roam_info.resp_ie = conn_info->resp_ie;
5999 	roam_info.resp_ie_len = conn_info->resp_ie_len;
6000 
6001 	cfg80211_roamed(ndev, &roam_info, GFP_KERNEL);
6002 	brcmf_dbg(CONN, "Report roaming result\n");
6003 
6004 	if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X && profile->is_ft) {
6005 		cfg80211_port_authorized(ndev, profile->bssid, GFP_KERNEL);
6006 		brcmf_dbg(CONN, "Report port authorized\n");
6007 	}
6008 
6009 	set_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
6010 	brcmf_dbg(TRACE, "Exit\n");
6011 	return err;
6012 }
6013 
6014 static s32
brcmf_bss_connect_done(struct brcmf_cfg80211_info * cfg,struct net_device * ndev,const struct brcmf_event_msg * e,bool completed)6015 brcmf_bss_connect_done(struct brcmf_cfg80211_info *cfg,
6016 		       struct net_device *ndev, const struct brcmf_event_msg *e,
6017 		       bool completed)
6018 {
6019 	struct brcmf_if *ifp = netdev_priv(ndev);
6020 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6021 	struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
6022 	struct cfg80211_connect_resp_params conn_params;
6023 
6024 	brcmf_dbg(TRACE, "Enter\n");
6025 
6026 	if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6027 			       &ifp->vif->sme_state)) {
6028 		memset(&conn_params, 0, sizeof(conn_params));
6029 		if (completed) {
6030 			brcmf_get_assoc_ies(cfg, ifp);
6031 			brcmf_update_bss_info(cfg, ifp);
6032 			set_bit(BRCMF_VIF_STATUS_CONNECTED,
6033 				&ifp->vif->sme_state);
6034 			conn_params.status = WLAN_STATUS_SUCCESS;
6035 		} else {
6036 			conn_params.status = WLAN_STATUS_AUTH_TIMEOUT;
6037 		}
6038 		conn_params.links[0].bssid = profile->bssid;
6039 		conn_params.req_ie = conn_info->req_ie;
6040 		conn_params.req_ie_len = conn_info->req_ie_len;
6041 		conn_params.resp_ie = conn_info->resp_ie;
6042 		conn_params.resp_ie_len = conn_info->resp_ie_len;
6043 		cfg80211_connect_done(ndev, &conn_params, GFP_KERNEL);
6044 		brcmf_dbg(CONN, "Report connect result - connection %s\n",
6045 			  completed ? "succeeded" : "failed");
6046 	}
6047 	brcmf_dbg(TRACE, "Exit\n");
6048 	return 0;
6049 }
6050 
6051 static s32
brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info * cfg,struct net_device * ndev,const struct brcmf_event_msg * e,void * data)6052 brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
6053 			       struct net_device *ndev,
6054 			       const struct brcmf_event_msg *e, void *data)
6055 {
6056 	struct brcmf_pub *drvr = cfg->pub;
6057 	static int generation;
6058 	u32 event = e->event_code;
6059 	u32 reason = e->reason;
6060 	struct station_info *sinfo;
6061 
6062 	brcmf_dbg(CONN, "event %s (%u), reason %d\n",
6063 		  brcmf_fweh_event_name(event), event, reason);
6064 	if (event == BRCMF_E_LINK && reason == BRCMF_E_REASON_LINK_BSSCFG_DIS &&
6065 	    ndev != cfg_to_ndev(cfg)) {
6066 		brcmf_dbg(CONN, "AP mode link down\n");
6067 		complete(&cfg->vif_disabled);
6068 		return 0;
6069 	}
6070 
6071 	if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
6072 	    (reason == BRCMF_E_STATUS_SUCCESS)) {
6073 		if (!data) {
6074 			bphy_err(drvr, "No IEs present in ASSOC/REASSOC_IND\n");
6075 			return -EINVAL;
6076 		}
6077 
6078 		sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
6079 		if (!sinfo)
6080 			return -ENOMEM;
6081 
6082 		sinfo->assoc_req_ies = data;
6083 		sinfo->assoc_req_ies_len = e->datalen;
6084 		generation++;
6085 		sinfo->generation = generation;
6086 		cfg80211_new_sta(ndev, e->addr, sinfo, GFP_KERNEL);
6087 
6088 		kfree(sinfo);
6089 	} else if ((event == BRCMF_E_DISASSOC_IND) ||
6090 		   (event == BRCMF_E_DEAUTH_IND) ||
6091 		   (event == BRCMF_E_DEAUTH)) {
6092 		cfg80211_del_sta(ndev, e->addr, GFP_KERNEL);
6093 	}
6094 	return 0;
6095 }
6096 
6097 static s32
brcmf_notify_connect_status(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)6098 brcmf_notify_connect_status(struct brcmf_if *ifp,
6099 			    const struct brcmf_event_msg *e, void *data)
6100 {
6101 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6102 	struct net_device *ndev = ifp->ndev;
6103 	struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6104 	struct ieee80211_channel *chan;
6105 	s32 err = 0;
6106 
6107 	if ((e->event_code == BRCMF_E_DEAUTH) ||
6108 	    (e->event_code == BRCMF_E_DEAUTH_IND) ||
6109 	    (e->event_code == BRCMF_E_DISASSOC_IND) ||
6110 	    ((e->event_code == BRCMF_E_LINK) && (!e->flags))) {
6111 		brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
6112 	}
6113 
6114 	if (brcmf_is_apmode(ifp->vif)) {
6115 		err = brcmf_notify_connect_status_ap(cfg, ndev, e, data);
6116 	} else if (brcmf_is_linkup(ifp->vif, e)) {
6117 		brcmf_dbg(CONN, "Linkup\n");
6118 		if (brcmf_is_ibssmode(ifp->vif)) {
6119 			brcmf_inform_ibss(cfg, ndev, e->addr);
6120 			chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
6121 			memcpy(profile->bssid, e->addr, ETH_ALEN);
6122 			cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
6123 			clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6124 				  &ifp->vif->sme_state);
6125 			set_bit(BRCMF_VIF_STATUS_CONNECTED,
6126 				&ifp->vif->sme_state);
6127 		} else
6128 			brcmf_bss_connect_done(cfg, ndev, e, true);
6129 		brcmf_net_setcarrier(ifp, true);
6130 	} else if (brcmf_is_linkdown(ifp->vif, e)) {
6131 		brcmf_dbg(CONN, "Linkdown\n");
6132 		if (!brcmf_is_ibssmode(ifp->vif) &&
6133 		    test_bit(BRCMF_VIF_STATUS_CONNECTED,
6134 			     &ifp->vif->sme_state)) {
6135 			if (memcmp(profile->bssid, e->addr, ETH_ALEN))
6136 				return err;
6137 
6138 			brcmf_bss_connect_done(cfg, ndev, e, false);
6139 			brcmf_link_down(ifp->vif,
6140 					brcmf_map_fw_linkdown_reason(e),
6141 					e->event_code &
6142 					(BRCMF_E_DEAUTH_IND |
6143 					BRCMF_E_DISASSOC_IND)
6144 					? false : true);
6145 			brcmf_init_prof(ndev_to_prof(ndev));
6146 			if (ndev != cfg_to_ndev(cfg))
6147 				complete(&cfg->vif_disabled);
6148 			brcmf_net_setcarrier(ifp, false);
6149 		}
6150 	} else if (brcmf_is_nonetwork(cfg, e)) {
6151 		if (brcmf_is_ibssmode(ifp->vif))
6152 			clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6153 				  &ifp->vif->sme_state);
6154 		else
6155 			brcmf_bss_connect_done(cfg, ndev, e, false);
6156 	}
6157 
6158 	return err;
6159 }
6160 
6161 static s32
brcmf_notify_roaming_status(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)6162 brcmf_notify_roaming_status(struct brcmf_if *ifp,
6163 			    const struct brcmf_event_msg *e, void *data)
6164 {
6165 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6166 	u32 event = e->event_code;
6167 	u32 status = e->status;
6168 
6169 	if (event == BRCMF_E_ROAM && status == BRCMF_E_STATUS_SUCCESS) {
6170 		if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
6171 			     &ifp->vif->sme_state)) {
6172 			brcmf_bss_roaming_done(cfg, ifp->ndev, e);
6173 		} else {
6174 			brcmf_bss_connect_done(cfg, ifp->ndev, e, true);
6175 			brcmf_net_setcarrier(ifp, true);
6176 		}
6177 	}
6178 
6179 	return 0;
6180 }
6181 
6182 static s32
brcmf_notify_mic_status(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)6183 brcmf_notify_mic_status(struct brcmf_if *ifp,
6184 			const struct brcmf_event_msg *e, void *data)
6185 {
6186 	u16 flags = e->flags;
6187 	enum nl80211_key_type key_type;
6188 
6189 	if (flags & BRCMF_EVENT_MSG_GROUP)
6190 		key_type = NL80211_KEYTYPE_GROUP;
6191 	else
6192 		key_type = NL80211_KEYTYPE_PAIRWISE;
6193 
6194 	cfg80211_michael_mic_failure(ifp->ndev, (u8 *)&e->addr, key_type, -1,
6195 				     NULL, GFP_KERNEL);
6196 
6197 	return 0;
6198 }
6199 
brcmf_notify_rssi(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)6200 static s32 brcmf_notify_rssi(struct brcmf_if *ifp,
6201 			     const struct brcmf_event_msg *e, void *data)
6202 {
6203 	struct brcmf_cfg80211_vif *vif = ifp->vif;
6204 	struct brcmf_rssi_be *info = data;
6205 	s32 rssi, snr, noise;
6206 	s32 low, high, last;
6207 
6208 	if (e->datalen < sizeof(*info)) {
6209 		brcmf_err("insufficient RSSI event data\n");
6210 		return 0;
6211 	}
6212 
6213 	rssi = be32_to_cpu(info->rssi);
6214 	snr = be32_to_cpu(info->snr);
6215 	noise = be32_to_cpu(info->noise);
6216 
6217 	low = vif->cqm_rssi_low;
6218 	high = vif->cqm_rssi_high;
6219 	last = vif->cqm_rssi_last;
6220 
6221 	brcmf_dbg(TRACE, "rssi=%d snr=%d noise=%d low=%d high=%d last=%d\n",
6222 		  rssi, snr, noise, low, high, last);
6223 
6224 	vif->cqm_rssi_last = rssi;
6225 
6226 	if (rssi <= low || rssi == 0) {
6227 		brcmf_dbg(INFO, "LOW rssi=%d\n", rssi);
6228 		cfg80211_cqm_rssi_notify(ifp->ndev,
6229 					 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6230 					 rssi, GFP_KERNEL);
6231 	} else if (rssi > high) {
6232 		brcmf_dbg(INFO, "HIGH rssi=%d\n", rssi);
6233 		cfg80211_cqm_rssi_notify(ifp->ndev,
6234 					 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6235 					 rssi, GFP_KERNEL);
6236 	}
6237 
6238 	return 0;
6239 }
6240 
brcmf_notify_vif_event(struct brcmf_if * ifp,const struct brcmf_event_msg * e,void * data)6241 static s32 brcmf_notify_vif_event(struct brcmf_if *ifp,
6242 				  const struct brcmf_event_msg *e, void *data)
6243 {
6244 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6245 	struct brcmf_if_event *ifevent = (struct brcmf_if_event *)data;
6246 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6247 	struct brcmf_cfg80211_vif *vif;
6248 
6249 	brcmf_dbg(TRACE, "Enter: action %u flags %u ifidx %u bsscfgidx %u\n",
6250 		  ifevent->action, ifevent->flags, ifevent->ifidx,
6251 		  ifevent->bsscfgidx);
6252 
6253 	spin_lock(&event->vif_event_lock);
6254 	event->action = ifevent->action;
6255 	vif = event->vif;
6256 
6257 	switch (ifevent->action) {
6258 	case BRCMF_E_IF_ADD:
6259 		/* waiting process may have timed out */
6260 		if (!cfg->vif_event.vif) {
6261 			spin_unlock(&event->vif_event_lock);
6262 			return -EBADF;
6263 		}
6264 
6265 		ifp->vif = vif;
6266 		vif->ifp = ifp;
6267 		if (ifp->ndev) {
6268 			vif->wdev.netdev = ifp->ndev;
6269 			ifp->ndev->ieee80211_ptr = &vif->wdev;
6270 			SET_NETDEV_DEV(ifp->ndev, wiphy_dev(cfg->wiphy));
6271 		}
6272 		spin_unlock(&event->vif_event_lock);
6273 		wake_up(&event->vif_wq);
6274 		return 0;
6275 
6276 	case BRCMF_E_IF_DEL:
6277 		spin_unlock(&event->vif_event_lock);
6278 		/* event may not be upon user request */
6279 		if (brcmf_cfg80211_vif_event_armed(cfg))
6280 			wake_up(&event->vif_wq);
6281 		return 0;
6282 
6283 	case BRCMF_E_IF_CHANGE:
6284 		spin_unlock(&event->vif_event_lock);
6285 		wake_up(&event->vif_wq);
6286 		return 0;
6287 
6288 	default:
6289 		spin_unlock(&event->vif_event_lock);
6290 		break;
6291 	}
6292 	return -EINVAL;
6293 }
6294 
brcmf_init_conf(struct brcmf_cfg80211_conf * conf)6295 static void brcmf_init_conf(struct brcmf_cfg80211_conf *conf)
6296 {
6297 	conf->frag_threshold = (u32)-1;
6298 	conf->rts_threshold = (u32)-1;
6299 	conf->retry_short = (u32)-1;
6300 	conf->retry_long = (u32)-1;
6301 }
6302 
brcmf_register_event_handlers(struct brcmf_cfg80211_info * cfg)6303 static void brcmf_register_event_handlers(struct brcmf_cfg80211_info *cfg)
6304 {
6305 	brcmf_fweh_register(cfg->pub, BRCMF_E_LINK,
6306 			    brcmf_notify_connect_status);
6307 	brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH_IND,
6308 			    brcmf_notify_connect_status);
6309 	brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH,
6310 			    brcmf_notify_connect_status);
6311 	brcmf_fweh_register(cfg->pub, BRCMF_E_DISASSOC_IND,
6312 			    brcmf_notify_connect_status);
6313 	brcmf_fweh_register(cfg->pub, BRCMF_E_ASSOC_IND,
6314 			    brcmf_notify_connect_status);
6315 	brcmf_fweh_register(cfg->pub, BRCMF_E_REASSOC_IND,
6316 			    brcmf_notify_connect_status);
6317 	brcmf_fweh_register(cfg->pub, BRCMF_E_ROAM,
6318 			    brcmf_notify_roaming_status);
6319 	brcmf_fweh_register(cfg->pub, BRCMF_E_MIC_ERROR,
6320 			    brcmf_notify_mic_status);
6321 	brcmf_fweh_register(cfg->pub, BRCMF_E_SET_SSID,
6322 			    brcmf_notify_connect_status);
6323 	brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
6324 			    brcmf_notify_sched_scan_results);
6325 	brcmf_fweh_register(cfg->pub, BRCMF_E_IF,
6326 			    brcmf_notify_vif_event);
6327 	brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_PROBEREQ_MSG,
6328 			    brcmf_p2p_notify_rx_mgmt_p2p_probereq);
6329 	brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_DISC_LISTEN_COMPLETE,
6330 			    brcmf_p2p_notify_listen_complete);
6331 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_RX,
6332 			    brcmf_p2p_notify_action_frame_rx);
6333 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_COMPLETE,
6334 			    brcmf_p2p_notify_action_tx_complete);
6335 	brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE,
6336 			    brcmf_p2p_notify_action_tx_complete);
6337 	brcmf_fweh_register(cfg->pub, BRCMF_E_PSK_SUP,
6338 			    brcmf_notify_connect_status);
6339 	brcmf_fweh_register(cfg->pub, BRCMF_E_RSSI, brcmf_notify_rssi);
6340 }
6341 
brcmf_deinit_priv_mem(struct brcmf_cfg80211_info * cfg)6342 static void brcmf_deinit_priv_mem(struct brcmf_cfg80211_info *cfg)
6343 {
6344 	kfree(cfg->conf);
6345 	cfg->conf = NULL;
6346 	kfree(cfg->extra_buf);
6347 	cfg->extra_buf = NULL;
6348 	kfree(cfg->wowl.nd);
6349 	cfg->wowl.nd = NULL;
6350 	kfree(cfg->wowl.nd_info);
6351 	cfg->wowl.nd_info = NULL;
6352 	kfree(cfg->escan_info.escan_buf);
6353 	cfg->escan_info.escan_buf = NULL;
6354 }
6355 
brcmf_init_priv_mem(struct brcmf_cfg80211_info * cfg)6356 static s32 brcmf_init_priv_mem(struct brcmf_cfg80211_info *cfg)
6357 {
6358 	cfg->conf = kzalloc(sizeof(*cfg->conf), GFP_KERNEL);
6359 	if (!cfg->conf)
6360 		goto init_priv_mem_out;
6361 	cfg->extra_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
6362 	if (!cfg->extra_buf)
6363 		goto init_priv_mem_out;
6364 	cfg->wowl.nd = kzalloc(sizeof(*cfg->wowl.nd) + sizeof(u32), GFP_KERNEL);
6365 	if (!cfg->wowl.nd)
6366 		goto init_priv_mem_out;
6367 	cfg->wowl.nd_info = kzalloc(sizeof(*cfg->wowl.nd_info) +
6368 				    sizeof(struct cfg80211_wowlan_nd_match *),
6369 				    GFP_KERNEL);
6370 	if (!cfg->wowl.nd_info)
6371 		goto init_priv_mem_out;
6372 	cfg->escan_info.escan_buf = kzalloc(BRCMF_ESCAN_BUF_SIZE, GFP_KERNEL);
6373 	if (!cfg->escan_info.escan_buf)
6374 		goto init_priv_mem_out;
6375 
6376 	return 0;
6377 
6378 init_priv_mem_out:
6379 	brcmf_deinit_priv_mem(cfg);
6380 
6381 	return -ENOMEM;
6382 }
6383 
wl_init_priv(struct brcmf_cfg80211_info * cfg)6384 static s32 wl_init_priv(struct brcmf_cfg80211_info *cfg)
6385 {
6386 	s32 err = 0;
6387 
6388 	cfg->scan_request = NULL;
6389 	cfg->pwr_save = true;
6390 	cfg->dongle_up = false;		/* dongle is not up yet */
6391 	err = brcmf_init_priv_mem(cfg);
6392 	if (err)
6393 		return err;
6394 	brcmf_register_event_handlers(cfg);
6395 	mutex_init(&cfg->usr_sync);
6396 	brcmf_init_escan(cfg);
6397 	brcmf_init_conf(cfg->conf);
6398 	brcmf_init_wmm_prio(cfg->ac_priority);
6399 	init_completion(&cfg->vif_disabled);
6400 	return err;
6401 }
6402 
wl_deinit_priv(struct brcmf_cfg80211_info * cfg)6403 static void wl_deinit_priv(struct brcmf_cfg80211_info *cfg)
6404 {
6405 	cfg->dongle_up = false;	/* dongle down */
6406 	brcmf_abort_scanning(cfg);
6407 	brcmf_deinit_priv_mem(cfg);
6408 	brcmf_clear_assoc_ies(cfg);
6409 }
6410 
init_vif_event(struct brcmf_cfg80211_vif_event * event)6411 static void init_vif_event(struct brcmf_cfg80211_vif_event *event)
6412 {
6413 	init_waitqueue_head(&event->vif_wq);
6414 	spin_lock_init(&event->vif_event_lock);
6415 }
6416 
brcmf_dongle_roam(struct brcmf_if * ifp)6417 static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
6418 {
6419 	struct brcmf_pub *drvr = ifp->drvr;
6420 	s32 err;
6421 	u32 bcn_timeout;
6422 	__le32 roamtrigger[2];
6423 	__le32 roam_delta[2];
6424 
6425 	/* Configure beacon timeout value based upon roaming setting */
6426 	if (ifp->drvr->settings->roamoff)
6427 		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_OFF;
6428 	else
6429 		bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
6430 	err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
6431 	if (err) {
6432 		bphy_err(drvr, "bcn_timeout error (%d)\n", err);
6433 		goto roam_setup_done;
6434 	}
6435 
6436 	/* Enable/Disable built-in roaming to allow supplicant to take care of
6437 	 * roaming.
6438 	 */
6439 	brcmf_dbg(INFO, "Internal Roaming = %s\n",
6440 		  ifp->drvr->settings->roamoff ? "Off" : "On");
6441 	err = brcmf_fil_iovar_int_set(ifp, "roam_off",
6442 				      ifp->drvr->settings->roamoff);
6443 	if (err) {
6444 		bphy_err(drvr, "roam_off error (%d)\n", err);
6445 		goto roam_setup_done;
6446 	}
6447 
6448 	roamtrigger[0] = cpu_to_le32(WL_ROAM_TRIGGER_LEVEL);
6449 	roamtrigger[1] = cpu_to_le32(BRCM_BAND_ALL);
6450 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
6451 				     (void *)roamtrigger, sizeof(roamtrigger));
6452 	if (err)
6453 		bphy_err(drvr, "WLC_SET_ROAM_TRIGGER error (%d)\n", err);
6454 
6455 	roam_delta[0] = cpu_to_le32(WL_ROAM_DELTA);
6456 	roam_delta[1] = cpu_to_le32(BRCM_BAND_ALL);
6457 	err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
6458 				     (void *)roam_delta, sizeof(roam_delta));
6459 	if (err)
6460 		bphy_err(drvr, "WLC_SET_ROAM_DELTA error (%d)\n", err);
6461 
6462 	return 0;
6463 
6464 roam_setup_done:
6465 	return err;
6466 }
6467 
6468 static s32
brcmf_dongle_scantime(struct brcmf_if * ifp)6469 brcmf_dongle_scantime(struct brcmf_if *ifp)
6470 {
6471 	struct brcmf_pub *drvr = ifp->drvr;
6472 	s32 err = 0;
6473 
6474 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_CHANNEL_TIME,
6475 				    BRCMF_SCAN_CHANNEL_TIME);
6476 	if (err) {
6477 		bphy_err(drvr, "Scan assoc time error (%d)\n", err);
6478 		goto dongle_scantime_out;
6479 	}
6480 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_UNASSOC_TIME,
6481 				    BRCMF_SCAN_UNASSOC_TIME);
6482 	if (err) {
6483 		bphy_err(drvr, "Scan unassoc time error (%d)\n", err);
6484 		goto dongle_scantime_out;
6485 	}
6486 
6487 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_PASSIVE_TIME,
6488 				    BRCMF_SCAN_PASSIVE_TIME);
6489 	if (err) {
6490 		bphy_err(drvr, "Scan passive time error (%d)\n", err);
6491 		goto dongle_scantime_out;
6492 	}
6493 
6494 dongle_scantime_out:
6495 	return err;
6496 }
6497 
brcmf_update_bw40_channel_flag(struct ieee80211_channel * channel,struct brcmu_chan * ch)6498 static void brcmf_update_bw40_channel_flag(struct ieee80211_channel *channel,
6499 					   struct brcmu_chan *ch)
6500 {
6501 	u32 ht40_flag;
6502 
6503 	ht40_flag = channel->flags & IEEE80211_CHAN_NO_HT40;
6504 	if (ch->sb == BRCMU_CHAN_SB_U) {
6505 		if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6506 			channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6507 		channel->flags |= IEEE80211_CHAN_NO_HT40PLUS;
6508 	} else {
6509 		/* It should be one of
6510 		 * IEEE80211_CHAN_NO_HT40 or
6511 		 * IEEE80211_CHAN_NO_HT40PLUS
6512 		 */
6513 		channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6514 		if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6515 			channel->flags |= IEEE80211_CHAN_NO_HT40MINUS;
6516 	}
6517 }
6518 
brcmf_construct_chaninfo(struct brcmf_cfg80211_info * cfg,u32 bw_cap[])6519 static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg,
6520 				    u32 bw_cap[])
6521 {
6522 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
6523 	struct brcmf_pub *drvr = cfg->pub;
6524 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6525 	struct ieee80211_supported_band *band;
6526 	struct ieee80211_channel *channel;
6527 	struct brcmf_chanspec_list *list;
6528 	struct brcmu_chan ch;
6529 	int err;
6530 	u8 *pbuf;
6531 	u32 i, j;
6532 	u32 total;
6533 	u32 chaninfo;
6534 
6535 	pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6536 
6537 	if (pbuf == NULL)
6538 		return -ENOMEM;
6539 
6540 	list = (struct brcmf_chanspec_list *)pbuf;
6541 
6542 	err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6543 				       BRCMF_DCMD_MEDLEN);
6544 	if (err) {
6545 		bphy_err(drvr, "get chanspecs error (%d)\n", err);
6546 		goto fail_pbuf;
6547 	}
6548 
6549 	band = wiphy->bands[NL80211_BAND_2GHZ];
6550 	if (band)
6551 		for (i = 0; i < band->n_channels; i++)
6552 			band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6553 	band = wiphy->bands[NL80211_BAND_5GHZ];
6554 	if (band)
6555 		for (i = 0; i < band->n_channels; i++)
6556 			band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6557 
6558 	total = le32_to_cpu(list->count);
6559 	for (i = 0; i < total; i++) {
6560 		ch.chspec = (u16)le32_to_cpu(list->element[i]);
6561 		cfg->d11inf.decchspec(&ch);
6562 
6563 		if (ch.band == BRCMU_CHAN_BAND_2G) {
6564 			band = wiphy->bands[NL80211_BAND_2GHZ];
6565 		} else if (ch.band == BRCMU_CHAN_BAND_5G) {
6566 			band = wiphy->bands[NL80211_BAND_5GHZ];
6567 		} else {
6568 			bphy_err(drvr, "Invalid channel Spec. 0x%x.\n",
6569 				 ch.chspec);
6570 			continue;
6571 		}
6572 		if (!band)
6573 			continue;
6574 		if (!(bw_cap[band->band] & WLC_BW_40MHZ_BIT) &&
6575 		    ch.bw == BRCMU_CHAN_BW_40)
6576 			continue;
6577 		if (!(bw_cap[band->band] & WLC_BW_80MHZ_BIT) &&
6578 		    ch.bw == BRCMU_CHAN_BW_80)
6579 			continue;
6580 
6581 		channel = NULL;
6582 		for (j = 0; j < band->n_channels; j++) {
6583 			if (band->channels[j].hw_value == ch.control_ch_num) {
6584 				channel = &band->channels[j];
6585 				break;
6586 			}
6587 		}
6588 		if (!channel) {
6589 			/* It seems firmware supports some channel we never
6590 			 * considered. Something new in IEEE standard?
6591 			 */
6592 			bphy_err(drvr, "Ignoring unexpected firmware channel %d\n",
6593 				 ch.control_ch_num);
6594 			continue;
6595 		}
6596 
6597 		if (channel->orig_flags & IEEE80211_CHAN_DISABLED)
6598 			continue;
6599 
6600 		/* assuming the chanspecs order is HT20,
6601 		 * HT40 upper, HT40 lower, and VHT80.
6602 		 */
6603 		switch (ch.bw) {
6604 		case BRCMU_CHAN_BW_160:
6605 			channel->flags &= ~IEEE80211_CHAN_NO_160MHZ;
6606 			break;
6607 		case BRCMU_CHAN_BW_80:
6608 			channel->flags &= ~IEEE80211_CHAN_NO_80MHZ;
6609 			break;
6610 		case BRCMU_CHAN_BW_40:
6611 			brcmf_update_bw40_channel_flag(channel, &ch);
6612 			break;
6613 		default:
6614 			wiphy_warn(wiphy, "Firmware reported unsupported bandwidth %d\n",
6615 				   ch.bw);
6616 			fallthrough;
6617 		case BRCMU_CHAN_BW_20:
6618 			/* enable the channel and disable other bandwidths
6619 			 * for now as mentioned order assure they are enabled
6620 			 * for subsequent chanspecs.
6621 			 */
6622 			channel->flags = IEEE80211_CHAN_NO_HT40 |
6623 					 IEEE80211_CHAN_NO_80MHZ |
6624 					 IEEE80211_CHAN_NO_160MHZ;
6625 			ch.bw = BRCMU_CHAN_BW_20;
6626 			cfg->d11inf.encchspec(&ch);
6627 			chaninfo = ch.chspec;
6628 			err = brcmf_fil_bsscfg_int_get(ifp, "per_chan_info",
6629 						       &chaninfo);
6630 			if (!err) {
6631 				if (chaninfo & WL_CHAN_RADAR)
6632 					channel->flags |=
6633 						(IEEE80211_CHAN_RADAR |
6634 						 IEEE80211_CHAN_NO_IR);
6635 				if (chaninfo & WL_CHAN_PASSIVE)
6636 					channel->flags |=
6637 						IEEE80211_CHAN_NO_IR;
6638 			}
6639 		}
6640 	}
6641 
6642 fail_pbuf:
6643 	kfree(pbuf);
6644 	return err;
6645 }
6646 
brcmf_enable_bw40_2g(struct brcmf_cfg80211_info * cfg)6647 static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
6648 {
6649 	struct brcmf_pub *drvr = cfg->pub;
6650 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6651 	struct ieee80211_supported_band *band;
6652 	struct brcmf_fil_bwcap_le band_bwcap;
6653 	struct brcmf_chanspec_list *list;
6654 	u8 *pbuf;
6655 	u32 val;
6656 	int err;
6657 	struct brcmu_chan ch;
6658 	u32 num_chan;
6659 	int i, j;
6660 
6661 	/* verify support for bw_cap command */
6662 	val = WLC_BAND_5G;
6663 	err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &val);
6664 
6665 	if (!err) {
6666 		/* only set 2G bandwidth using bw_cap command */
6667 		band_bwcap.band = cpu_to_le32(WLC_BAND_2G);
6668 		band_bwcap.bw_cap = cpu_to_le32(WLC_BW_CAP_40MHZ);
6669 		err = brcmf_fil_iovar_data_set(ifp, "bw_cap", &band_bwcap,
6670 					       sizeof(band_bwcap));
6671 	} else {
6672 		brcmf_dbg(INFO, "fallback to mimo_bw_cap\n");
6673 		val = WLC_N_BW_40ALL;
6674 		err = brcmf_fil_iovar_int_set(ifp, "mimo_bw_cap", val);
6675 	}
6676 
6677 	if (!err) {
6678 		/* update channel info in 2G band */
6679 		pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6680 
6681 		if (pbuf == NULL)
6682 			return -ENOMEM;
6683 
6684 		ch.band = BRCMU_CHAN_BAND_2G;
6685 		ch.bw = BRCMU_CHAN_BW_40;
6686 		ch.sb = BRCMU_CHAN_SB_NONE;
6687 		ch.chnum = 0;
6688 		cfg->d11inf.encchspec(&ch);
6689 
6690 		/* pass encoded chanspec in query */
6691 		*(__le16 *)pbuf = cpu_to_le16(ch.chspec);
6692 
6693 		err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6694 					       BRCMF_DCMD_MEDLEN);
6695 		if (err) {
6696 			bphy_err(drvr, "get chanspecs error (%d)\n", err);
6697 			kfree(pbuf);
6698 			return err;
6699 		}
6700 
6701 		band = cfg_to_wiphy(cfg)->bands[NL80211_BAND_2GHZ];
6702 		list = (struct brcmf_chanspec_list *)pbuf;
6703 		num_chan = le32_to_cpu(list->count);
6704 		for (i = 0; i < num_chan; i++) {
6705 			ch.chspec = (u16)le32_to_cpu(list->element[i]);
6706 			cfg->d11inf.decchspec(&ch);
6707 			if (WARN_ON(ch.band != BRCMU_CHAN_BAND_2G))
6708 				continue;
6709 			if (WARN_ON(ch.bw != BRCMU_CHAN_BW_40))
6710 				continue;
6711 			for (j = 0; j < band->n_channels; j++) {
6712 				if (band->channels[j].hw_value == ch.control_ch_num)
6713 					break;
6714 			}
6715 			if (WARN_ON(j == band->n_channels))
6716 				continue;
6717 
6718 			brcmf_update_bw40_channel_flag(&band->channels[j], &ch);
6719 		}
6720 		kfree(pbuf);
6721 	}
6722 	return err;
6723 }
6724 
brcmf_get_bwcap(struct brcmf_if * ifp,u32 bw_cap[])6725 static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
6726 {
6727 	struct brcmf_pub *drvr = ifp->drvr;
6728 	u32 band, mimo_bwcap;
6729 	int err;
6730 
6731 	band = WLC_BAND_2G;
6732 	err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6733 	if (!err) {
6734 		bw_cap[NL80211_BAND_2GHZ] = band;
6735 		band = WLC_BAND_5G;
6736 		err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6737 		if (!err) {
6738 			bw_cap[NL80211_BAND_5GHZ] = band;
6739 			return;
6740 		}
6741 		WARN_ON(1);
6742 		return;
6743 	}
6744 	brcmf_dbg(INFO, "fallback to mimo_bw_cap info\n");
6745 	mimo_bwcap = 0;
6746 	err = brcmf_fil_iovar_int_get(ifp, "mimo_bw_cap", &mimo_bwcap);
6747 	if (err)
6748 		/* assume 20MHz if firmware does not give a clue */
6749 		mimo_bwcap = WLC_N_BW_20ALL;
6750 
6751 	switch (mimo_bwcap) {
6752 	case WLC_N_BW_40ALL:
6753 		bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_40MHZ_BIT;
6754 		fallthrough;
6755 	case WLC_N_BW_20IN2G_40IN5G:
6756 		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_40MHZ_BIT;
6757 		fallthrough;
6758 	case WLC_N_BW_20ALL:
6759 		bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_20MHZ_BIT;
6760 		bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
6761 		break;
6762 	default:
6763 		bphy_err(drvr, "invalid mimo_bw_cap value\n");
6764 	}
6765 }
6766 
brcmf_update_ht_cap(struct ieee80211_supported_band * band,u32 bw_cap[2],u32 nchain)6767 static void brcmf_update_ht_cap(struct ieee80211_supported_band *band,
6768 				u32 bw_cap[2], u32 nchain)
6769 {
6770 	band->ht_cap.ht_supported = true;
6771 	if (bw_cap[band->band] & WLC_BW_40MHZ_BIT) {
6772 		band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
6773 		band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
6774 	}
6775 	band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
6776 	band->ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
6777 	band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
6778 	band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_16;
6779 	memset(band->ht_cap.mcs.rx_mask, 0xff, nchain);
6780 	band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
6781 }
6782 
brcmf_get_mcs_map(u32 nchain,enum ieee80211_vht_mcs_support supp)6783 static __le16 brcmf_get_mcs_map(u32 nchain, enum ieee80211_vht_mcs_support supp)
6784 {
6785 	u16 mcs_map;
6786 	int i;
6787 
6788 	for (i = 0, mcs_map = 0xFFFF; i < nchain; i++)
6789 		mcs_map = (mcs_map << 2) | supp;
6790 
6791 	return cpu_to_le16(mcs_map);
6792 }
6793 
brcmf_update_vht_cap(struct ieee80211_supported_band * band,u32 bw_cap[2],u32 nchain,u32 txstreams,u32 txbf_bfe_cap,u32 txbf_bfr_cap)6794 static void brcmf_update_vht_cap(struct ieee80211_supported_band *band,
6795 				 u32 bw_cap[2], u32 nchain, u32 txstreams,
6796 				 u32 txbf_bfe_cap, u32 txbf_bfr_cap)
6797 {
6798 	__le16 mcs_map;
6799 
6800 	/* not allowed in 2.4G band */
6801 	if (band->band == NL80211_BAND_2GHZ)
6802 		return;
6803 
6804 	band->vht_cap.vht_supported = true;
6805 	/* 80MHz is mandatory */
6806 	band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_80;
6807 	if (bw_cap[band->band] & WLC_BW_160MHZ_BIT) {
6808 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
6809 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_160;
6810 	}
6811 	/* all support 256-QAM */
6812 	mcs_map = brcmf_get_mcs_map(nchain, IEEE80211_VHT_MCS_SUPPORT_0_9);
6813 	band->vht_cap.vht_mcs.rx_mcs_map = mcs_map;
6814 	band->vht_cap.vht_mcs.tx_mcs_map = mcs_map;
6815 
6816 	/* Beamforming support information */
6817 	if (txbf_bfe_cap & BRCMF_TXBF_SU_BFE_CAP)
6818 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
6819 	if (txbf_bfe_cap & BRCMF_TXBF_MU_BFE_CAP)
6820 		band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
6821 	if (txbf_bfr_cap & BRCMF_TXBF_SU_BFR_CAP)
6822 		band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE;
6823 	if (txbf_bfr_cap & BRCMF_TXBF_MU_BFR_CAP)
6824 		band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE;
6825 
6826 	if ((txbf_bfe_cap || txbf_bfr_cap) && (txstreams > 1)) {
6827 		band->vht_cap.cap |=
6828 			(2 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT);
6829 		band->vht_cap.cap |= ((txstreams - 1) <<
6830 				IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT);
6831 		band->vht_cap.cap |=
6832 			IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
6833 	}
6834 }
6835 
brcmf_setup_wiphybands(struct brcmf_cfg80211_info * cfg)6836 static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
6837 {
6838 	struct brcmf_pub *drvr = cfg->pub;
6839 	struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6840 	struct wiphy *wiphy = cfg_to_wiphy(cfg);
6841 	u32 nmode = 0;
6842 	u32 vhtmode = 0;
6843 	u32 bw_cap[2] = { WLC_BW_20MHZ_BIT, WLC_BW_20MHZ_BIT };
6844 	u32 rxchain;
6845 	u32 nchain;
6846 	int err;
6847 	s32 i;
6848 	struct ieee80211_supported_band *band;
6849 	u32 txstreams = 0;
6850 	u32 txbf_bfe_cap = 0;
6851 	u32 txbf_bfr_cap = 0;
6852 
6853 	(void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
6854 	err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
6855 	if (err) {
6856 		bphy_err(drvr, "nmode error (%d)\n", err);
6857 	} else {
6858 		brcmf_get_bwcap(ifp, bw_cap);
6859 	}
6860 	brcmf_dbg(INFO, "nmode=%d, vhtmode=%d, bw_cap=(%d, %d)\n",
6861 		  nmode, vhtmode, bw_cap[NL80211_BAND_2GHZ],
6862 		  bw_cap[NL80211_BAND_5GHZ]);
6863 
6864 	err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
6865 	if (err) {
6866 		/* rxchain unsupported by firmware of older chips */
6867 		if (err == -EBADE)
6868 			bphy_info_once(drvr, "rxchain unsupported\n");
6869 		else
6870 			bphy_err(drvr, "rxchain error (%d)\n", err);
6871 
6872 		nchain = 1;
6873 	} else {
6874 		for (nchain = 0; rxchain; nchain++)
6875 			rxchain = rxchain & (rxchain - 1);
6876 	}
6877 	brcmf_dbg(INFO, "nchain=%d\n", nchain);
6878 
6879 	err = brcmf_construct_chaninfo(cfg, bw_cap);
6880 	if (err) {
6881 		bphy_err(drvr, "brcmf_construct_chaninfo failed (%d)\n", err);
6882 		return err;
6883 	}
6884 
6885 	if (vhtmode) {
6886 		(void)brcmf_fil_iovar_int_get(ifp, "txstreams", &txstreams);
6887 		(void)brcmf_fil_iovar_int_get(ifp, "txbf_bfe_cap",
6888 					      &txbf_bfe_cap);
6889 		(void)brcmf_fil_iovar_int_get(ifp, "txbf_bfr_cap",
6890 					      &txbf_bfr_cap);
6891 	}
6892 
6893 	for (i = 0; i < ARRAY_SIZE(wiphy->bands); i++) {
6894 		band = wiphy->bands[i];
6895 		if (band == NULL)
6896 			continue;
6897 
6898 		if (nmode)
6899 			brcmf_update_ht_cap(band, bw_cap, nchain);
6900 		if (vhtmode)
6901 			brcmf_update_vht_cap(band, bw_cap, nchain, txstreams,
6902 					     txbf_bfe_cap, txbf_bfr_cap);
6903 	}
6904 
6905 	return 0;
6906 }
6907 
6908 static const struct ieee80211_txrx_stypes
6909 brcmf_txrx_stypes[NUM_NL80211_IFTYPES] = {
6910 	[NL80211_IFTYPE_STATION] = {
6911 		.tx = 0xffff,
6912 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6913 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6914 	},
6915 	[NL80211_IFTYPE_P2P_CLIENT] = {
6916 		.tx = 0xffff,
6917 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6918 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6919 	},
6920 	[NL80211_IFTYPE_P2P_GO] = {
6921 		.tx = 0xffff,
6922 		.rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6923 		      BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6924 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6925 		      BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6926 		      BIT(IEEE80211_STYPE_AUTH >> 4) |
6927 		      BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6928 		      BIT(IEEE80211_STYPE_ACTION >> 4)
6929 	},
6930 	[NL80211_IFTYPE_P2P_DEVICE] = {
6931 		.tx = 0xffff,
6932 		.rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6933 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6934 	},
6935 	[NL80211_IFTYPE_AP] = {
6936 		.tx = 0xffff,
6937 		.rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6938 		      BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6939 		      BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6940 		      BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6941 		      BIT(IEEE80211_STYPE_AUTH >> 4) |
6942 		      BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6943 		      BIT(IEEE80211_STYPE_ACTION >> 4)
6944 	}
6945 };
6946 
6947 /**
6948  * brcmf_setup_ifmodes() - determine interface modes and combinations.
6949  *
6950  * @wiphy: wiphy object.
6951  * @ifp: interface object needed for feat module api.
6952  *
6953  * The interface modes and combinations are determined dynamically here
6954  * based on firmware functionality.
6955  *
6956  * no p2p and no mbss:
6957  *
6958  *	#STA <= 1, #AP <= 1, channels = 1, 2 total
6959  *
6960  * no p2p and mbss:
6961  *
6962  *	#STA <= 1, #AP <= 1, channels = 1, 2 total
6963  *	#AP <= 4, matching BI, channels = 1, 4 total
6964  *
6965  * no p2p and rsdb:
6966  *	#STA <= 1, #AP <= 2, channels = 2, 4 total
6967  *
6968  * p2p, no mchan, and mbss:
6969  *
6970  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 1, 3 total
6971  *	#STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6972  *	#AP <= 4, matching BI, channels = 1, 4 total
6973  *
6974  * p2p, mchan, and mbss:
6975  *
6976  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 2, 3 total
6977  *	#STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6978  *	#AP <= 4, matching BI, channels = 1, 4 total
6979  *
6980  * p2p, rsdb, and no mbss:
6981  *	#STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 2, AP <= 2,
6982  *	 channels = 2, 4 total
6983  */
brcmf_setup_ifmodes(struct wiphy * wiphy,struct brcmf_if * ifp)6984 static int brcmf_setup_ifmodes(struct wiphy *wiphy, struct brcmf_if *ifp)
6985 {
6986 	struct ieee80211_iface_combination *combo = NULL;
6987 	struct ieee80211_iface_limit *c0_limits = NULL;
6988 	struct ieee80211_iface_limit *p2p_limits = NULL;
6989 	struct ieee80211_iface_limit *mbss_limits = NULL;
6990 	bool mon_flag, mbss, p2p, rsdb, mchan;
6991 	int i, c, n_combos, n_limits;
6992 
6993 	mon_flag = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MONITOR_FLAG);
6994 	mbss = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS);
6995 	p2p = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_P2P);
6996 	rsdb = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB);
6997 	mchan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN);
6998 
6999 	n_combos = 1 + !!(p2p && !rsdb) + !!mbss;
7000 	combo = kcalloc(n_combos, sizeof(*combo), GFP_KERNEL);
7001 	if (!combo)
7002 		goto err;
7003 
7004 	wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
7005 				 BIT(NL80211_IFTYPE_ADHOC) |
7006 				 BIT(NL80211_IFTYPE_AP);
7007 	if (mon_flag)
7008 		wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
7009 	if (p2p)
7010 		wiphy->interface_modes |= BIT(NL80211_IFTYPE_P2P_CLIENT) |
7011 					  BIT(NL80211_IFTYPE_P2P_GO) |
7012 					  BIT(NL80211_IFTYPE_P2P_DEVICE);
7013 
7014 	c = 0;
7015 	i = 0;
7016 	n_limits = 1 + mon_flag + (p2p ? 2 : 0) + (rsdb || !p2p);
7017 	c0_limits = kcalloc(n_limits, sizeof(*c0_limits), GFP_KERNEL);
7018 	if (!c0_limits)
7019 		goto err;
7020 
7021 	combo[c].num_different_channels = 1 + (rsdb || (p2p && mchan));
7022 	c0_limits[i].max = 1;
7023 	c0_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7024 	if (mon_flag) {
7025 		c0_limits[i].max = 1;
7026 		c0_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7027 	}
7028 	if (p2p) {
7029 		c0_limits[i].max = 1;
7030 		c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7031 		c0_limits[i].max = 1 + rsdb;
7032 		c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
7033 				       BIT(NL80211_IFTYPE_P2P_GO);
7034 	}
7035 	if (p2p && rsdb) {
7036 		c0_limits[i].max = 2;
7037 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7038 		combo[c].max_interfaces = 4;
7039 	} else if (p2p) {
7040 		combo[c].max_interfaces = i;
7041 	} else if (rsdb) {
7042 		c0_limits[i].max = 2;
7043 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7044 		combo[c].max_interfaces = 3;
7045 	} else {
7046 		c0_limits[i].max = 1;
7047 		c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7048 		combo[c].max_interfaces = i;
7049 	}
7050 	combo[c].n_limits = i;
7051 	combo[c].limits = c0_limits;
7052 
7053 	if (p2p && !rsdb) {
7054 		c++;
7055 		i = 0;
7056 		p2p_limits = kcalloc(4, sizeof(*p2p_limits), GFP_KERNEL);
7057 		if (!p2p_limits)
7058 			goto err;
7059 		p2p_limits[i].max = 1;
7060 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7061 		p2p_limits[i].max = 1;
7062 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7063 		p2p_limits[i].max = 1;
7064 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT);
7065 		p2p_limits[i].max = 1;
7066 		p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7067 		combo[c].num_different_channels = 1;
7068 		combo[c].max_interfaces = i;
7069 		combo[c].n_limits = i;
7070 		combo[c].limits = p2p_limits;
7071 	}
7072 
7073 	if (mbss) {
7074 		c++;
7075 		i = 0;
7076 		n_limits = 1 + mon_flag;
7077 		mbss_limits = kcalloc(n_limits, sizeof(*mbss_limits),
7078 				      GFP_KERNEL);
7079 		if (!mbss_limits)
7080 			goto err;
7081 		mbss_limits[i].max = 4;
7082 		mbss_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7083 		if (mon_flag) {
7084 			mbss_limits[i].max = 1;
7085 			mbss_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7086 		}
7087 		combo[c].beacon_int_infra_match = true;
7088 		combo[c].num_different_channels = 1;
7089 		combo[c].max_interfaces = 4 + mon_flag;
7090 		combo[c].n_limits = i;
7091 		combo[c].limits = mbss_limits;
7092 	}
7093 
7094 	wiphy->n_iface_combinations = n_combos;
7095 	wiphy->iface_combinations = combo;
7096 	return 0;
7097 
7098 err:
7099 	kfree(c0_limits);
7100 	kfree(p2p_limits);
7101 	kfree(mbss_limits);
7102 	kfree(combo);
7103 	return -ENOMEM;
7104 }
7105 
7106 #ifdef CONFIG_PM
7107 static const struct wiphy_wowlan_support brcmf_wowlan_support = {
7108 	.flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
7109 	.n_patterns = BRCMF_WOWL_MAXPATTERNS,
7110 	.pattern_max_len = BRCMF_WOWL_MAXPATTERNSIZE,
7111 	.pattern_min_len = 1,
7112 	.max_pkt_offset = 1500,
7113 };
7114 #endif
7115 
brcmf_wiphy_wowl_params(struct wiphy * wiphy,struct brcmf_if * ifp)7116 static void brcmf_wiphy_wowl_params(struct wiphy *wiphy, struct brcmf_if *ifp)
7117 {
7118 #ifdef CONFIG_PM
7119 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7120 	struct brcmf_pub *drvr = cfg->pub;
7121 	struct wiphy_wowlan_support *wowl;
7122 
7123 	wowl = kmemdup(&brcmf_wowlan_support, sizeof(brcmf_wowlan_support),
7124 		       GFP_KERNEL);
7125 	if (!wowl) {
7126 		bphy_err(drvr, "only support basic wowlan features\n");
7127 		wiphy->wowlan = &brcmf_wowlan_support;
7128 		return;
7129 	}
7130 
7131 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7132 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ND)) {
7133 			wowl->flags |= WIPHY_WOWLAN_NET_DETECT;
7134 			wowl->max_nd_match_sets = BRCMF_PNO_MAX_PFN_COUNT;
7135 			init_waitqueue_head(&cfg->wowl.nd_data_wait);
7136 		}
7137 	}
7138 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK)) {
7139 		wowl->flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY;
7140 		wowl->flags |= WIPHY_WOWLAN_GTK_REKEY_FAILURE;
7141 	}
7142 
7143 	wiphy->wowlan = wowl;
7144 #endif
7145 }
7146 
brcmf_setup_wiphy(struct wiphy * wiphy,struct brcmf_if * ifp)7147 static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
7148 {
7149 	struct brcmf_pub *drvr = ifp->drvr;
7150 	const struct ieee80211_iface_combination *combo;
7151 	struct ieee80211_supported_band *band;
7152 	u16 max_interfaces = 0;
7153 	bool gscan;
7154 	__le32 bandlist[3];
7155 	u32 n_bands;
7156 	int err, i;
7157 
7158 	wiphy->max_scan_ssids = WL_NUM_SCAN_MAX;
7159 	wiphy->max_scan_ie_len = BRCMF_SCAN_IE_LEN_MAX;
7160 	wiphy->max_num_pmkids = BRCMF_MAXPMKID;
7161 
7162 	err = brcmf_setup_ifmodes(wiphy, ifp);
7163 	if (err)
7164 		return err;
7165 
7166 	for (i = 0, combo = wiphy->iface_combinations;
7167 	     i < wiphy->n_iface_combinations; i++, combo++) {
7168 		max_interfaces = max(max_interfaces, combo->max_interfaces);
7169 	}
7170 
7171 	for (i = 0; i < max_interfaces && i < ARRAY_SIZE(drvr->addresses);
7172 	     i++) {
7173 		u8 *addr = drvr->addresses[i].addr;
7174 
7175 		memcpy(addr, drvr->mac, ETH_ALEN);
7176 		if (i) {
7177 			addr[0] |= BIT(1);
7178 			addr[ETH_ALEN - 1] ^= i;
7179 		}
7180 	}
7181 	wiphy->addresses = drvr->addresses;
7182 	wiphy->n_addresses = i;
7183 
7184 	wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
7185 	wiphy->cipher_suites = brcmf_cipher_suites;
7186 	wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
7187 	if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
7188 		wiphy->n_cipher_suites--;
7189 	wiphy->bss_select_support = BIT(NL80211_BSS_SELECT_ATTR_RSSI) |
7190 				    BIT(NL80211_BSS_SELECT_ATTR_BAND_PREF) |
7191 				    BIT(NL80211_BSS_SELECT_ATTR_RSSI_ADJUST);
7192 
7193 	wiphy->flags |= WIPHY_FLAG_NETNS_OK |
7194 			WIPHY_FLAG_PS_ON_BY_DEFAULT |
7195 			WIPHY_FLAG_HAVE_AP_SME |
7196 			WIPHY_FLAG_OFFCHAN_TX |
7197 			WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
7198 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS))
7199 		wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
7200 	if (!ifp->drvr->settings->roamoff)
7201 		wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM;
7202 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWSUP)) {
7203 		wiphy_ext_feature_set(wiphy,
7204 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK);
7205 		wiphy_ext_feature_set(wiphy,
7206 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X);
7207 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7208 			wiphy_ext_feature_set(wiphy,
7209 					      NL80211_EXT_FEATURE_SAE_OFFLOAD);
7210 	}
7211 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) {
7212 		wiphy_ext_feature_set(wiphy,
7213 				      NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK);
7214 		if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7215 			wiphy_ext_feature_set(wiphy,
7216 					      NL80211_EXT_FEATURE_SAE_OFFLOAD_AP);
7217 	}
7218 	wiphy->mgmt_stypes = brcmf_txrx_stypes;
7219 	wiphy->max_remain_on_channel_duration = 5000;
7220 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7221 		gscan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_GSCAN);
7222 		brcmf_pno_wiphy_params(wiphy, gscan);
7223 	}
7224 	/* vendor commands/events support */
7225 	wiphy->vendor_commands = brcmf_vendor_cmds;
7226 	wiphy->n_vendor_commands = BRCMF_VNDR_CMDS_LAST - 1;
7227 
7228 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL))
7229 		brcmf_wiphy_wowl_params(wiphy, ifp);
7230 	err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
7231 				     sizeof(bandlist));
7232 	if (err) {
7233 		bphy_err(drvr, "could not obtain band info: err=%d\n", err);
7234 		return err;
7235 	}
7236 	/* first entry in bandlist is number of bands */
7237 	n_bands = le32_to_cpu(bandlist[0]);
7238 	for (i = 1; i <= n_bands && i < ARRAY_SIZE(bandlist); i++) {
7239 		if (bandlist[i] == cpu_to_le32(WLC_BAND_2G)) {
7240 			band = kmemdup(&__wl_band_2ghz, sizeof(__wl_band_2ghz),
7241 				       GFP_KERNEL);
7242 			if (!band)
7243 				return -ENOMEM;
7244 
7245 			band->channels = kmemdup(&__wl_2ghz_channels,
7246 						 sizeof(__wl_2ghz_channels),
7247 						 GFP_KERNEL);
7248 			if (!band->channels) {
7249 				kfree(band);
7250 				return -ENOMEM;
7251 			}
7252 
7253 			band->n_channels = ARRAY_SIZE(__wl_2ghz_channels);
7254 			wiphy->bands[NL80211_BAND_2GHZ] = band;
7255 		}
7256 		if (bandlist[i] == cpu_to_le32(WLC_BAND_5G)) {
7257 			band = kmemdup(&__wl_band_5ghz, sizeof(__wl_band_5ghz),
7258 				       GFP_KERNEL);
7259 			if (!band)
7260 				return -ENOMEM;
7261 
7262 			band->channels = kmemdup(&__wl_5ghz_channels,
7263 						 sizeof(__wl_5ghz_channels),
7264 						 GFP_KERNEL);
7265 			if (!band->channels) {
7266 				kfree(band);
7267 				return -ENOMEM;
7268 			}
7269 
7270 			band->n_channels = ARRAY_SIZE(__wl_5ghz_channels);
7271 			wiphy->bands[NL80211_BAND_5GHZ] = band;
7272 		}
7273 	}
7274 
7275 	if (wiphy->bands[NL80211_BAND_5GHZ] &&
7276 	    brcmf_feat_is_enabled(ifp, BRCMF_FEAT_DOT11H))
7277 		wiphy_ext_feature_set(wiphy,
7278 				      NL80211_EXT_FEATURE_DFS_OFFLOAD);
7279 
7280 	wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
7281 
7282 	wiphy_read_of_freq_limits(wiphy);
7283 
7284 	return 0;
7285 }
7286 
brcmf_config_dongle(struct brcmf_cfg80211_info * cfg)7287 static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
7288 {
7289 	struct brcmf_pub *drvr = cfg->pub;
7290 	struct net_device *ndev;
7291 	struct wireless_dev *wdev;
7292 	struct brcmf_if *ifp;
7293 	s32 power_mode;
7294 	s32 err = 0;
7295 
7296 	if (cfg->dongle_up)
7297 		return err;
7298 
7299 	ndev = cfg_to_ndev(cfg);
7300 	wdev = ndev->ieee80211_ptr;
7301 	ifp = netdev_priv(ndev);
7302 
7303 	/* make sure RF is ready for work */
7304 	brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 0);
7305 
7306 	brcmf_dongle_scantime(ifp);
7307 
7308 	power_mode = cfg->pwr_save ? PM_FAST : PM_OFF;
7309 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, power_mode);
7310 	if (err)
7311 		goto default_conf_out;
7312 	brcmf_dbg(INFO, "power save set to %s\n",
7313 		  (power_mode ? "enabled" : "disabled"));
7314 
7315 	err = brcmf_dongle_roam(ifp);
7316 	if (err)
7317 		goto default_conf_out;
7318 	err = brcmf_cfg80211_change_iface(wdev->wiphy, ndev, wdev->iftype,
7319 					  NULL);
7320 	if (err)
7321 		goto default_conf_out;
7322 
7323 	brcmf_configure_arp_nd_offload(ifp, true);
7324 
7325 	err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_FAKEFRAG, 1);
7326 	if (err) {
7327 		bphy_err(drvr, "failed to set frameburst mode\n");
7328 		goto default_conf_out;
7329 	}
7330 
7331 	cfg->dongle_up = true;
7332 default_conf_out:
7333 
7334 	return err;
7335 
7336 }
7337 
__brcmf_cfg80211_up(struct brcmf_if * ifp)7338 static s32 __brcmf_cfg80211_up(struct brcmf_if *ifp)
7339 {
7340 	set_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7341 
7342 	return brcmf_config_dongle(ifp->drvr->config);
7343 }
7344 
__brcmf_cfg80211_down(struct brcmf_if * ifp)7345 static s32 __brcmf_cfg80211_down(struct brcmf_if *ifp)
7346 {
7347 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7348 
7349 	/*
7350 	 * While going down, if associated with AP disassociate
7351 	 * from AP to save power
7352 	 */
7353 	if (check_vif_up(ifp->vif)) {
7354 		brcmf_link_down(ifp->vif, WLAN_REASON_UNSPECIFIED, true);
7355 
7356 		/* Make sure WPA_Supplicant receives all the event
7357 		   generated due to DISASSOC call to the fw to keep
7358 		   the state fw and WPA_Supplicant state consistent
7359 		 */
7360 		brcmf_delay(500);
7361 	}
7362 
7363 	brcmf_abort_scanning(cfg);
7364 	clear_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7365 
7366 	return 0;
7367 }
7368 
brcmf_cfg80211_up(struct net_device * ndev)7369 s32 brcmf_cfg80211_up(struct net_device *ndev)
7370 {
7371 	struct brcmf_if *ifp = netdev_priv(ndev);
7372 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7373 	s32 err = 0;
7374 
7375 	mutex_lock(&cfg->usr_sync);
7376 	err = __brcmf_cfg80211_up(ifp);
7377 	mutex_unlock(&cfg->usr_sync);
7378 
7379 	return err;
7380 }
7381 
brcmf_cfg80211_down(struct net_device * ndev)7382 s32 brcmf_cfg80211_down(struct net_device *ndev)
7383 {
7384 	struct brcmf_if *ifp = netdev_priv(ndev);
7385 	struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7386 	s32 err = 0;
7387 
7388 	mutex_lock(&cfg->usr_sync);
7389 	err = __brcmf_cfg80211_down(ifp);
7390 	mutex_unlock(&cfg->usr_sync);
7391 
7392 	return err;
7393 }
7394 
brcmf_cfg80211_get_iftype(struct brcmf_if * ifp)7395 enum nl80211_iftype brcmf_cfg80211_get_iftype(struct brcmf_if *ifp)
7396 {
7397 	struct wireless_dev *wdev = &ifp->vif->wdev;
7398 
7399 	return wdev->iftype;
7400 }
7401 
brcmf_get_vif_state_any(struct brcmf_cfg80211_info * cfg,unsigned long state)7402 bool brcmf_get_vif_state_any(struct brcmf_cfg80211_info *cfg,
7403 			     unsigned long state)
7404 {
7405 	struct brcmf_cfg80211_vif *vif;
7406 
7407 	list_for_each_entry(vif, &cfg->vif_list, list) {
7408 		if (test_bit(state, &vif->sme_state))
7409 			return true;
7410 	}
7411 	return false;
7412 }
7413 
vif_event_equals(struct brcmf_cfg80211_vif_event * event,u8 action)7414 static inline bool vif_event_equals(struct brcmf_cfg80211_vif_event *event,
7415 				    u8 action)
7416 {
7417 	u8 evt_action;
7418 
7419 	spin_lock(&event->vif_event_lock);
7420 	evt_action = event->action;
7421 	spin_unlock(&event->vif_event_lock);
7422 	return evt_action == action;
7423 }
7424 
brcmf_cfg80211_arm_vif_event(struct brcmf_cfg80211_info * cfg,struct brcmf_cfg80211_vif * vif)7425 void brcmf_cfg80211_arm_vif_event(struct brcmf_cfg80211_info *cfg,
7426 				  struct brcmf_cfg80211_vif *vif)
7427 {
7428 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7429 
7430 	spin_lock(&event->vif_event_lock);
7431 	event->vif = vif;
7432 	event->action = 0;
7433 	spin_unlock(&event->vif_event_lock);
7434 }
7435 
brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info * cfg)7436 bool brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info *cfg)
7437 {
7438 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7439 	bool armed;
7440 
7441 	spin_lock(&event->vif_event_lock);
7442 	armed = event->vif != NULL;
7443 	spin_unlock(&event->vif_event_lock);
7444 
7445 	return armed;
7446 }
7447 
brcmf_cfg80211_wait_vif_event(struct brcmf_cfg80211_info * cfg,u8 action,ulong timeout)7448 int brcmf_cfg80211_wait_vif_event(struct brcmf_cfg80211_info *cfg,
7449 				  u8 action, ulong timeout)
7450 {
7451 	struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7452 
7453 	return wait_event_timeout(event->vif_wq,
7454 				  vif_event_equals(event, action), timeout);
7455 }
7456 
brmcf_use_iso3166_ccode_fallback(struct brcmf_pub * drvr)7457 static bool brmcf_use_iso3166_ccode_fallback(struct brcmf_pub *drvr)
7458 {
7459 	if (drvr->settings->trivial_ccode_map)
7460 		return true;
7461 
7462 	switch (drvr->bus_if->chip) {
7463 	case BRCM_CC_43430_CHIP_ID:
7464 	case BRCM_CC_4345_CHIP_ID:
7465 	case BRCM_CC_43602_CHIP_ID:
7466 		return true;
7467 	default:
7468 		return false;
7469 	}
7470 }
7471 
brcmf_translate_country_code(struct brcmf_pub * drvr,char alpha2[2],struct brcmf_fil_country_le * ccreq)7472 static s32 brcmf_translate_country_code(struct brcmf_pub *drvr, char alpha2[2],
7473 					struct brcmf_fil_country_le *ccreq)
7474 {
7475 	struct brcmfmac_pd_cc *country_codes;
7476 	struct brcmfmac_pd_cc_entry *cc;
7477 	s32 found_index;
7478 	int i;
7479 
7480 	if ((alpha2[0] == ccreq->country_abbrev[0]) &&
7481 	    (alpha2[1] == ccreq->country_abbrev[1])) {
7482 		brcmf_dbg(TRACE, "Country code already set\n");
7483 		return -EAGAIN;
7484 	}
7485 
7486 	country_codes = drvr->settings->country_codes;
7487 	if (!country_codes) {
7488 		if (brmcf_use_iso3166_ccode_fallback(drvr)) {
7489 			brcmf_dbg(TRACE, "No country codes configured for device, using ISO3166 code and 0 rev\n");
7490 			memset(ccreq, 0, sizeof(*ccreq));
7491 			ccreq->country_abbrev[0] = alpha2[0];
7492 			ccreq->country_abbrev[1] = alpha2[1];
7493 			ccreq->ccode[0] = alpha2[0];
7494 			ccreq->ccode[1] = alpha2[1];
7495 			return 0;
7496 		}
7497 
7498 		brcmf_dbg(TRACE, "No country codes configured for device\n");
7499 		return -EINVAL;
7500 	}
7501 
7502 	found_index = -1;
7503 	for (i = 0; i < country_codes->table_size; i++) {
7504 		cc = &country_codes->table[i];
7505 		if ((cc->iso3166[0] == '\0') && (found_index == -1))
7506 			found_index = i;
7507 		if ((cc->iso3166[0] == alpha2[0]) &&
7508 		    (cc->iso3166[1] == alpha2[1])) {
7509 			found_index = i;
7510 			break;
7511 		}
7512 	}
7513 	if (found_index == -1) {
7514 		brcmf_dbg(TRACE, "No country code match found\n");
7515 		return -EINVAL;
7516 	}
7517 	memset(ccreq, 0, sizeof(*ccreq));
7518 	ccreq->rev = cpu_to_le32(country_codes->table[found_index].rev);
7519 	memcpy(ccreq->ccode, country_codes->table[found_index].cc,
7520 	       BRCMF_COUNTRY_BUF_SZ);
7521 	ccreq->country_abbrev[0] = alpha2[0];
7522 	ccreq->country_abbrev[1] = alpha2[1];
7523 	ccreq->country_abbrev[2] = 0;
7524 
7525 	return 0;
7526 }
7527 
brcmf_cfg80211_reg_notifier(struct wiphy * wiphy,struct regulatory_request * req)7528 static void brcmf_cfg80211_reg_notifier(struct wiphy *wiphy,
7529 					struct regulatory_request *req)
7530 {
7531 	struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7532 	struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
7533 	struct brcmf_pub *drvr = cfg->pub;
7534 	struct brcmf_fil_country_le ccreq;
7535 	s32 err;
7536 	int i;
7537 
7538 	/* The country code gets set to "00" by default at boot, ignore */
7539 	if (req->alpha2[0] == '0' && req->alpha2[1] == '0')
7540 		return;
7541 
7542 	/* ignore non-ISO3166 country codes */
7543 	for (i = 0; i < 2; i++)
7544 		if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
7545 			bphy_err(drvr, "not an ISO3166 code (0x%02x 0x%02x)\n",
7546 				 req->alpha2[0], req->alpha2[1]);
7547 			return;
7548 		}
7549 
7550 	brcmf_dbg(TRACE, "Enter: initiator=%d, alpha=%c%c\n", req->initiator,
7551 		  req->alpha2[0], req->alpha2[1]);
7552 
7553 	err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
7554 	if (err) {
7555 		bphy_err(drvr, "Country code iovar returned err = %d\n", err);
7556 		return;
7557 	}
7558 
7559 	err = brcmf_translate_country_code(ifp->drvr, req->alpha2, &ccreq);
7560 	if (err)
7561 		return;
7562 
7563 	err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
7564 	if (err) {
7565 		bphy_err(drvr, "Firmware rejected country setting\n");
7566 		return;
7567 	}
7568 	brcmf_setup_wiphybands(cfg);
7569 }
7570 
brcmf_free_wiphy(struct wiphy * wiphy)7571 static void brcmf_free_wiphy(struct wiphy *wiphy)
7572 {
7573 	int i;
7574 
7575 	if (!wiphy)
7576 		return;
7577 
7578 	if (wiphy->iface_combinations) {
7579 		for (i = 0; i < wiphy->n_iface_combinations; i++)
7580 			kfree(wiphy->iface_combinations[i].limits);
7581 	}
7582 	kfree(wiphy->iface_combinations);
7583 	if (wiphy->bands[NL80211_BAND_2GHZ]) {
7584 		kfree(wiphy->bands[NL80211_BAND_2GHZ]->channels);
7585 		kfree(wiphy->bands[NL80211_BAND_2GHZ]);
7586 	}
7587 	if (wiphy->bands[NL80211_BAND_5GHZ]) {
7588 		kfree(wiphy->bands[NL80211_BAND_5GHZ]->channels);
7589 		kfree(wiphy->bands[NL80211_BAND_5GHZ]);
7590 	}
7591 #if IS_ENABLED(CONFIG_PM)
7592 	if (wiphy->wowlan != &brcmf_wowlan_support)
7593 		kfree(wiphy->wowlan);
7594 #endif
7595 }
7596 
brcmf_cfg80211_attach(struct brcmf_pub * drvr,struct cfg80211_ops * ops,bool p2pdev_forced)7597 struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
7598 						  struct cfg80211_ops *ops,
7599 						  bool p2pdev_forced)
7600 {
7601 	struct wiphy *wiphy = drvr->wiphy;
7602 	struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev;
7603 	struct brcmf_cfg80211_info *cfg;
7604 	struct brcmf_cfg80211_vif *vif;
7605 	struct brcmf_if *ifp;
7606 	s32 err = 0;
7607 	s32 io_type;
7608 	u16 *cap = NULL;
7609 
7610 	if (!ndev) {
7611 		bphy_err(drvr, "ndev is invalid\n");
7612 		return NULL;
7613 	}
7614 
7615 	cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
7616 	if (!cfg) {
7617 		bphy_err(drvr, "Could not allocate wiphy device\n");
7618 		return NULL;
7619 	}
7620 
7621 	cfg->wiphy = wiphy;
7622 	cfg->pub = drvr;
7623 	init_vif_event(&cfg->vif_event);
7624 	INIT_LIST_HEAD(&cfg->vif_list);
7625 
7626 	vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_STATION);
7627 	if (IS_ERR(vif))
7628 		goto wiphy_out;
7629 
7630 	ifp = netdev_priv(ndev);
7631 	vif->ifp = ifp;
7632 	vif->wdev.netdev = ndev;
7633 	ndev->ieee80211_ptr = &vif->wdev;
7634 	SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
7635 
7636 	err = wl_init_priv(cfg);
7637 	if (err) {
7638 		bphy_err(drvr, "Failed to init iwm_priv (%d)\n", err);
7639 		brcmf_free_vif(vif);
7640 		goto wiphy_out;
7641 	}
7642 	ifp->vif = vif;
7643 
7644 	/* determine d11 io type before wiphy setup */
7645 	err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
7646 	if (err) {
7647 		bphy_err(drvr, "Failed to get D11 version (%d)\n", err);
7648 		goto priv_out;
7649 	}
7650 	cfg->d11inf.io_type = (u8)io_type;
7651 	brcmu_d11_attach(&cfg->d11inf);
7652 
7653 	/* regulatory notifer below needs access to cfg so
7654 	 * assign it now.
7655 	 */
7656 	drvr->config = cfg;
7657 
7658 	err = brcmf_setup_wiphy(wiphy, ifp);
7659 	if (err < 0)
7660 		goto priv_out;
7661 
7662 	brcmf_dbg(INFO, "Registering custom regulatory\n");
7663 	wiphy->reg_notifier = brcmf_cfg80211_reg_notifier;
7664 	wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;
7665 	wiphy_apply_custom_regulatory(wiphy, &brcmf_regdom);
7666 
7667 	/* firmware defaults to 40MHz disabled in 2G band. We signal
7668 	 * cfg80211 here that we do and have it decide we can enable
7669 	 * it. But first check if device does support 2G operation.
7670 	 */
7671 	if (wiphy->bands[NL80211_BAND_2GHZ]) {
7672 		cap = &wiphy->bands[NL80211_BAND_2GHZ]->ht_cap.cap;
7673 		*cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7674 	}
7675 #ifdef CONFIG_PM
7676 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK))
7677 		ops->set_rekey_data = brcmf_cfg80211_set_rekey_data;
7678 #endif
7679 	err = wiphy_register(wiphy);
7680 	if (err < 0) {
7681 		bphy_err(drvr, "Could not register wiphy device (%d)\n", err);
7682 		goto priv_out;
7683 	}
7684 
7685 	err = brcmf_setup_wiphybands(cfg);
7686 	if (err) {
7687 		bphy_err(drvr, "Setting wiphy bands failed (%d)\n", err);
7688 		goto wiphy_unreg_out;
7689 	}
7690 
7691 	/* If cfg80211 didn't disable 40MHz HT CAP in wiphy_register(),
7692 	 * setup 40MHz in 2GHz band and enable OBSS scanning.
7693 	 */
7694 	if (cap && (*cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) {
7695 		err = brcmf_enable_bw40_2g(cfg);
7696 		if (!err)
7697 			err = brcmf_fil_iovar_int_set(ifp, "obss_coex",
7698 						      BRCMF_OBSS_COEX_AUTO);
7699 		else
7700 			*cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7701 	}
7702 
7703 	err = brcmf_fweh_activate_events(ifp);
7704 	if (err) {
7705 		bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7706 		goto wiphy_unreg_out;
7707 	}
7708 
7709 	err = brcmf_p2p_attach(cfg, p2pdev_forced);
7710 	if (err) {
7711 		bphy_err(drvr, "P2P initialisation failed (%d)\n", err);
7712 		goto wiphy_unreg_out;
7713 	}
7714 	err = brcmf_btcoex_attach(cfg);
7715 	if (err) {
7716 		bphy_err(drvr, "BT-coex initialisation failed (%d)\n", err);
7717 		brcmf_p2p_detach(&cfg->p2p);
7718 		goto wiphy_unreg_out;
7719 	}
7720 	err = brcmf_pno_attach(cfg);
7721 	if (err) {
7722 		bphy_err(drvr, "PNO initialisation failed (%d)\n", err);
7723 		brcmf_btcoex_detach(cfg);
7724 		brcmf_p2p_detach(&cfg->p2p);
7725 		goto wiphy_unreg_out;
7726 	}
7727 
7728 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS)) {
7729 		err = brcmf_fil_iovar_int_set(ifp, "tdls_enable", 1);
7730 		if (err) {
7731 			brcmf_dbg(INFO, "TDLS not enabled (%d)\n", err);
7732 			wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_TDLS;
7733 		} else {
7734 			brcmf_fweh_register(cfg->pub, BRCMF_E_TDLS_PEER_EVENT,
7735 					    brcmf_notify_tdls_peer_event);
7736 		}
7737 	}
7738 
7739 	/* (re-) activate FWEH event handling */
7740 	err = brcmf_fweh_activate_events(ifp);
7741 	if (err) {
7742 		bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7743 		goto detach;
7744 	}
7745 
7746 	/* Fill in some of the advertised nl80211 supported features */
7747 	if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SCAN_RANDOM_MAC)) {
7748 		wiphy->features |= NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7749 #ifdef CONFIG_PM
7750 		if (wiphy->wowlan &&
7751 		    wiphy->wowlan->flags & WIPHY_WOWLAN_NET_DETECT)
7752 			wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7753 #endif
7754 	}
7755 
7756 	return cfg;
7757 
7758 detach:
7759 	brcmf_pno_detach(cfg);
7760 	brcmf_btcoex_detach(cfg);
7761 	brcmf_p2p_detach(&cfg->p2p);
7762 wiphy_unreg_out:
7763 	wiphy_unregister(cfg->wiphy);
7764 priv_out:
7765 	wl_deinit_priv(cfg);
7766 	brcmf_free_vif(vif);
7767 	ifp->vif = NULL;
7768 wiphy_out:
7769 	brcmf_free_wiphy(wiphy);
7770 	kfree(cfg);
7771 	return NULL;
7772 }
7773 
brcmf_cfg80211_detach(struct brcmf_cfg80211_info * cfg)7774 void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
7775 {
7776 	if (!cfg)
7777 		return;
7778 
7779 	brcmf_pno_detach(cfg);
7780 	brcmf_btcoex_detach(cfg);
7781 	wiphy_unregister(cfg->wiphy);
7782 	wl_deinit_priv(cfg);
7783 	brcmf_free_wiphy(cfg->wiphy);
7784 	kfree(cfg);
7785 }
7786