Merge tag 'v5.15.57' into rpi-5.15.y
[platform/kernel/linux-rpi.git] / drivers / net / wireless / broadcom / brcm80211 / brcmfmac / cfg80211.c
1 // SPDX-License-Identifier: ISC
2 /*
3  * Copyright (c) 2010 Broadcom Corporation
4  */
5
6 /* Toplevel file. Relies on dhd_linux.c to send commands to the dongle. */
7
8 #include <linux/kernel.h>
9 #include <linux/etherdevice.h>
10 #include <linux/module.h>
11 #include <linux/vmalloc.h>
12 #include <linux/ctype.h>
13 #include <net/cfg80211.h>
14 #include <net/netlink.h>
15 #include <uapi/linux/if_arp.h>
16
17 #include <brcmu_utils.h>
18 #include <defs.h>
19 #include <brcmu_wifi.h>
20 #include "core.h"
21 #include "debug.h"
22 #include "tracepoint.h"
23 #include "fwil_types.h"
24 #include "p2p.h"
25 #include "btcoex.h"
26 #include "pno.h"
27 #include "fwsignal.h"
28 #include "cfg80211.h"
29 #include "feature.h"
30 #include "fwil.h"
31 #include "proto.h"
32 #include "vendor.h"
33 #include "bus.h"
34 #include "common.h"
35
36 #define BRCMF_SCAN_IE_LEN_MAX           2048
37
38 #define WPA_OUI                         "\x00\x50\xF2"  /* WPA OUI */
39 #define WPA_OUI_TYPE                    1
40 #define RSN_OUI                         "\x00\x0F\xAC"  /* RSN OUI */
41 #define WME_OUI_TYPE                    2
42 #define WPS_OUI_TYPE                    4
43
44 #define VS_IE_FIXED_HDR_LEN             6
45 #define WPA_IE_VERSION_LEN              2
46 #define WPA_IE_MIN_OUI_LEN              4
47 #define WPA_IE_SUITE_COUNT_LEN          2
48
49 #define WPA_CIPHER_NONE                 0       /* None */
50 #define WPA_CIPHER_WEP_40               1       /* WEP (40-bit) */
51 #define WPA_CIPHER_TKIP                 2       /* TKIP: default for WPA */
52 #define WPA_CIPHER_AES_CCM              4       /* AES (CCM) */
53 #define WPA_CIPHER_WEP_104              5       /* WEP (104-bit) */
54
55 #define RSN_AKM_NONE                    0       /* None (IBSS) */
56 #define RSN_AKM_UNSPECIFIED             1       /* Over 802.1x */
57 #define RSN_AKM_PSK                     2       /* Pre-shared Key */
58 #define RSN_AKM_SHA256_1X               5       /* SHA256, 802.1X */
59 #define RSN_AKM_SHA256_PSK              6       /* SHA256, Pre-shared Key */
60 #define RSN_AKM_SAE                     8       /* SAE */
61 #define RSN_CAP_LEN                     2       /* Length of RSN capabilities */
62 #define RSN_CAP_PTK_REPLAY_CNTR_MASK    (BIT(2) | BIT(3))
63 #define RSN_CAP_MFPR_MASK               BIT(6)
64 #define RSN_CAP_MFPC_MASK               BIT(7)
65 #define RSN_PMKID_COUNT_LEN             2
66
67 #define VNDR_IE_CMD_LEN                 4       /* length of the set command
68                                                  * string :"add", "del" (+ NUL)
69                                                  */
70 #define VNDR_IE_COUNT_OFFSET            4
71 #define VNDR_IE_PKTFLAG_OFFSET          8
72 #define VNDR_IE_VSIE_OFFSET             12
73 #define VNDR_IE_HDR_SIZE                12
74 #define VNDR_IE_PARSE_LIMIT             5
75
76 #define DOT11_MGMT_HDR_LEN              24      /* d11 management header len */
77 #define DOT11_BCN_PRB_FIXED_LEN         12      /* beacon/probe fixed length */
78
79 #define BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS    320
80 #define BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS   400
81 #define BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS       20
82
83 #define BRCMF_SCAN_CHANNEL_TIME         40
84 #define BRCMF_SCAN_UNASSOC_TIME         40
85 #define BRCMF_SCAN_PASSIVE_TIME         120
86
87 #define BRCMF_ND_INFO_TIMEOUT           msecs_to_jiffies(2000)
88
89 #define BRCMF_PS_MAX_TIMEOUT_MS         2000
90
91 #define BRCMF_ASSOC_PARAMS_FIXED_SIZE \
92         (sizeof(struct brcmf_assoc_params_le) - sizeof(u16))
93
94 static bool check_vif_up(struct brcmf_cfg80211_vif *vif)
95 {
96         if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state)) {
97                 brcmf_dbg(INFO, "device is not ready : status (%lu)\n",
98                           vif->sme_state);
99                 return false;
100         }
101         return true;
102 }
103
104 #define RATE_TO_BASE100KBPS(rate)   (((rate) * 10) / 2)
105 #define RATETAB_ENT(_rateid, _flags) \
106         {                                                               \
107                 .bitrate        = RATE_TO_BASE100KBPS(_rateid),     \
108                 .hw_value       = (_rateid),                            \
109                 .flags          = (_flags),                             \
110         }
111
112 static struct ieee80211_rate __wl_rates[] = {
113         RATETAB_ENT(BRCM_RATE_1M, 0),
114         RATETAB_ENT(BRCM_RATE_2M, IEEE80211_RATE_SHORT_PREAMBLE),
115         RATETAB_ENT(BRCM_RATE_5M5, IEEE80211_RATE_SHORT_PREAMBLE),
116         RATETAB_ENT(BRCM_RATE_11M, IEEE80211_RATE_SHORT_PREAMBLE),
117         RATETAB_ENT(BRCM_RATE_6M, 0),
118         RATETAB_ENT(BRCM_RATE_9M, 0),
119         RATETAB_ENT(BRCM_RATE_12M, 0),
120         RATETAB_ENT(BRCM_RATE_18M, 0),
121         RATETAB_ENT(BRCM_RATE_24M, 0),
122         RATETAB_ENT(BRCM_RATE_36M, 0),
123         RATETAB_ENT(BRCM_RATE_48M, 0),
124         RATETAB_ENT(BRCM_RATE_54M, 0),
125 };
126
127 #define wl_g_rates              (__wl_rates + 0)
128 #define wl_g_rates_size         ARRAY_SIZE(__wl_rates)
129 #define wl_a_rates              (__wl_rates + 4)
130 #define wl_a_rates_size         (wl_g_rates_size - 4)
131
132 #define CHAN2G(_channel, _freq) {                               \
133         .band                   = NL80211_BAND_2GHZ,            \
134         .center_freq            = (_freq),                      \
135         .hw_value               = (_channel),                   \
136         .max_antenna_gain       = 0,                            \
137         .max_power              = 30,                           \
138 }
139
140 #define CHAN5G(_channel) {                                      \
141         .band                   = NL80211_BAND_5GHZ,            \
142         .center_freq            = 5000 + (5 * (_channel)),      \
143         .hw_value               = (_channel),                   \
144         .max_antenna_gain       = 0,                            \
145         .max_power              = 30,                           \
146 }
147
148 static struct ieee80211_channel __wl_2ghz_channels[] = {
149         CHAN2G(1, 2412), CHAN2G(2, 2417), CHAN2G(3, 2422), CHAN2G(4, 2427),
150         CHAN2G(5, 2432), CHAN2G(6, 2437), CHAN2G(7, 2442), CHAN2G(8, 2447),
151         CHAN2G(9, 2452), CHAN2G(10, 2457), CHAN2G(11, 2462), CHAN2G(12, 2467),
152         CHAN2G(13, 2472), CHAN2G(14, 2484)
153 };
154
155 static struct ieee80211_channel __wl_5ghz_channels[] = {
156         CHAN5G(34), CHAN5G(36), CHAN5G(38), CHAN5G(40), CHAN5G(42),
157         CHAN5G(44), CHAN5G(46), CHAN5G(48), CHAN5G(52), CHAN5G(56),
158         CHAN5G(60), CHAN5G(64), CHAN5G(100), CHAN5G(104), CHAN5G(108),
159         CHAN5G(112), CHAN5G(116), CHAN5G(120), CHAN5G(124), CHAN5G(128),
160         CHAN5G(132), CHAN5G(136), CHAN5G(140), CHAN5G(144), CHAN5G(149),
161         CHAN5G(153), CHAN5G(157), CHAN5G(161), CHAN5G(165)
162 };
163
164 /* Band templates duplicated per wiphy. The channel info
165  * above is added to the band during setup.
166  */
167 static const struct ieee80211_supported_band __wl_band_2ghz = {
168         .band = NL80211_BAND_2GHZ,
169         .bitrates = wl_g_rates,
170         .n_bitrates = wl_g_rates_size,
171 };
172
173 static const struct ieee80211_supported_band __wl_band_5ghz = {
174         .band = NL80211_BAND_5GHZ,
175         .bitrates = wl_a_rates,
176         .n_bitrates = wl_a_rates_size,
177 };
178
179 /* This is to override regulatory domains defined in cfg80211 module (reg.c)
180  * By default world regulatory domain defined in reg.c puts the flags
181  * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
182  * With respect to these flags, wpa_supplicant doesn't * start p2p
183  * operations on 5GHz channels. All the changes in world regulatory
184  * domain are to be done here.
185  */
186 static const struct ieee80211_regdomain brcmf_regdom = {
187         .n_reg_rules = 4,
188         .alpha2 =  "99",
189         .reg_rules = {
190                 /* IEEE 802.11b/g, channels 1..11 */
191                 REG_RULE(2412-10, 2472+10, 40, 6, 20, 0),
192                 /* If any */
193                 /* IEEE 802.11 channel 14 - Only JP enables
194                  * this and for 802.11b only
195                  */
196                 REG_RULE(2484-10, 2484+10, 20, 6, 20, 0),
197                 /* IEEE 802.11a, channel 36..64 */
198                 REG_RULE(5150-10, 5350+10, 160, 6, 20, 0),
199                 /* IEEE 802.11a, channel 100..165 */
200                 REG_RULE(5470-10, 5850+10, 160, 6, 20, 0), }
201 };
202
203 /* Note: brcmf_cipher_suites is an array of int defining which cipher suites
204  * are supported. A pointer to this array and the number of entries is passed
205  * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
206  * So the cipher suite AES_CMAC has to be the last one in the array, and when
207  * device does not support MFP then the number of suites will be decreased by 1
208  */
209 static const u32 brcmf_cipher_suites[] = {
210         WLAN_CIPHER_SUITE_WEP40,
211         WLAN_CIPHER_SUITE_WEP104,
212         WLAN_CIPHER_SUITE_TKIP,
213         WLAN_CIPHER_SUITE_CCMP,
214         /* Keep as last entry: */
215         WLAN_CIPHER_SUITE_AES_CMAC
216 };
217
218 /* Vendor specific ie. id = 221, oui and type defines exact ie */
219 struct brcmf_vs_tlv {
220         u8 id;
221         u8 len;
222         u8 oui[3];
223         u8 oui_type;
224 };
225
226 struct parsed_vndr_ie_info {
227         u8 *ie_ptr;
228         u32 ie_len;     /* total length including id & length field */
229         struct brcmf_vs_tlv vndrie;
230 };
231
232 struct parsed_vndr_ies {
233         u32 count;
234         struct parsed_vndr_ie_info ie_info[VNDR_IE_PARSE_LIMIT];
235 };
236
237 static u8 nl80211_band_to_fwil(enum nl80211_band band)
238 {
239         switch (band) {
240         case NL80211_BAND_2GHZ:
241                 return WLC_BAND_2G;
242         case NL80211_BAND_5GHZ:
243                 return WLC_BAND_5G;
244         default:
245                 WARN_ON(1);
246                 break;
247         }
248         return 0;
249 }
250
251 static u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf,
252                                struct cfg80211_chan_def *ch)
253 {
254         struct brcmu_chan ch_inf;
255         s32 primary_offset;
256
257         brcmf_dbg(TRACE, "chandef: control %d center %d width %d\n",
258                   ch->chan->center_freq, ch->center_freq1, ch->width);
259         ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq1);
260         primary_offset = ch->chan->center_freq - ch->center_freq1;
261         switch (ch->width) {
262         case NL80211_CHAN_WIDTH_20:
263         case NL80211_CHAN_WIDTH_20_NOHT:
264                 ch_inf.bw = BRCMU_CHAN_BW_20;
265                 WARN_ON(primary_offset != 0);
266                 break;
267         case NL80211_CHAN_WIDTH_40:
268                 ch_inf.bw = BRCMU_CHAN_BW_40;
269                 if (primary_offset > 0)
270                         ch_inf.sb = BRCMU_CHAN_SB_U;
271                 else
272                         ch_inf.sb = BRCMU_CHAN_SB_L;
273                 break;
274         case NL80211_CHAN_WIDTH_80:
275                 ch_inf.bw = BRCMU_CHAN_BW_80;
276                 if (primary_offset == -30)
277                         ch_inf.sb = BRCMU_CHAN_SB_LL;
278                 else if (primary_offset == -10)
279                         ch_inf.sb = BRCMU_CHAN_SB_LU;
280                 else if (primary_offset == 10)
281                         ch_inf.sb = BRCMU_CHAN_SB_UL;
282                 else
283                         ch_inf.sb = BRCMU_CHAN_SB_UU;
284                 break;
285         case NL80211_CHAN_WIDTH_160:
286                 ch_inf.bw = BRCMU_CHAN_BW_160;
287                 if (primary_offset == -70)
288                         ch_inf.sb = BRCMU_CHAN_SB_LLL;
289                 else if (primary_offset == -50)
290                         ch_inf.sb = BRCMU_CHAN_SB_LLU;
291                 else if (primary_offset == -30)
292                         ch_inf.sb = BRCMU_CHAN_SB_LUL;
293                 else if (primary_offset == -10)
294                         ch_inf.sb = BRCMU_CHAN_SB_LUU;
295                 else if (primary_offset == 10)
296                         ch_inf.sb = BRCMU_CHAN_SB_ULL;
297                 else if (primary_offset == 30)
298                         ch_inf.sb = BRCMU_CHAN_SB_ULU;
299                 else if (primary_offset == 50)
300                         ch_inf.sb = BRCMU_CHAN_SB_UUL;
301                 else
302                         ch_inf.sb = BRCMU_CHAN_SB_UUU;
303                 break;
304         case NL80211_CHAN_WIDTH_80P80:
305         case NL80211_CHAN_WIDTH_5:
306         case NL80211_CHAN_WIDTH_10:
307         default:
308                 WARN_ON_ONCE(1);
309         }
310         switch (ch->chan->band) {
311         case NL80211_BAND_2GHZ:
312                 ch_inf.band = BRCMU_CHAN_BAND_2G;
313                 break;
314         case NL80211_BAND_5GHZ:
315                 ch_inf.band = BRCMU_CHAN_BAND_5G;
316                 break;
317         case NL80211_BAND_60GHZ:
318         default:
319                 WARN_ON_ONCE(1);
320         }
321         d11inf->encchspec(&ch_inf);
322
323         brcmf_dbg(TRACE, "chanspec: 0x%x\n", ch_inf.chspec);
324         return ch_inf.chspec;
325 }
326
327 u16 channel_to_chanspec(struct brcmu_d11inf *d11inf,
328                         struct ieee80211_channel *ch)
329 {
330         struct brcmu_chan ch_inf;
331
332         ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq);
333         ch_inf.bw = BRCMU_CHAN_BW_20;
334         d11inf->encchspec(&ch_inf);
335
336         return ch_inf.chspec;
337 }
338
339 /* Traverse a string of 1-byte tag/1-byte length/variable-length value
340  * triples, returning a pointer to the substring whose first element
341  * matches tag
342  */
343 static const struct brcmf_tlv *
344 brcmf_parse_tlvs(const void *buf, int buflen, uint key)
345 {
346         const struct brcmf_tlv *elt = buf;
347         int totlen = buflen;
348
349         /* find tagged parameter */
350         while (totlen >= TLV_HDR_LEN) {
351                 int len = elt->len;
352
353                 /* validate remaining totlen */
354                 if ((elt->id == key) && (totlen >= (len + TLV_HDR_LEN)))
355                         return elt;
356
357                 elt = (struct brcmf_tlv *)((u8 *)elt + (len + TLV_HDR_LEN));
358                 totlen -= (len + TLV_HDR_LEN);
359         }
360
361         return NULL;
362 }
363
364 /* Is any of the tlvs the expected entry? If
365  * not update the tlvs buffer pointer/length.
366  */
367 static bool
368 brcmf_tlv_has_ie(const u8 *ie, const u8 **tlvs, u32 *tlvs_len,
369                  const u8 *oui, u32 oui_len, u8 type)
370 {
371         /* If the contents match the OUI and the type */
372         if (ie[TLV_LEN_OFF] >= oui_len + 1 &&
373             !memcmp(&ie[TLV_BODY_OFF], oui, oui_len) &&
374             type == ie[TLV_BODY_OFF + oui_len]) {
375                 return true;
376         }
377
378         if (tlvs == NULL)
379                 return false;
380         /* point to the next ie */
381         ie += ie[TLV_LEN_OFF] + TLV_HDR_LEN;
382         /* calculate the length of the rest of the buffer */
383         *tlvs_len -= (int)(ie - *tlvs);
384         /* update the pointer to the start of the buffer */
385         *tlvs = ie;
386
387         return false;
388 }
389
390 static struct brcmf_vs_tlv *
391 brcmf_find_wpaie(const u8 *parse, u32 len)
392 {
393         const struct brcmf_tlv *ie;
394
395         while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
396                 if (brcmf_tlv_has_ie((const u8 *)ie, &parse, &len,
397                                      WPA_OUI, TLV_OUI_LEN, WPA_OUI_TYPE))
398                         return (struct brcmf_vs_tlv *)ie;
399         }
400         return NULL;
401 }
402
403 static struct brcmf_vs_tlv *
404 brcmf_find_wpsie(const u8 *parse, u32 len)
405 {
406         const struct brcmf_tlv *ie;
407
408         while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
409                 if (brcmf_tlv_has_ie((u8 *)ie, &parse, &len,
410                                      WPA_OUI, TLV_OUI_LEN, WPS_OUI_TYPE))
411                         return (struct brcmf_vs_tlv *)ie;
412         }
413         return NULL;
414 }
415
416 static int brcmf_vif_change_validate(struct brcmf_cfg80211_info *cfg,
417                                      struct brcmf_cfg80211_vif *vif,
418                                      enum nl80211_iftype new_type)
419 {
420         struct brcmf_cfg80211_vif *pos;
421         bool check_combos = false;
422         int ret = 0;
423         struct iface_combination_params params = {
424                 .num_different_channels = 1,
425         };
426
427         list_for_each_entry(pos, &cfg->vif_list, list)
428                 if (pos == vif) {
429                         params.iftype_num[new_type]++;
430                 } else {
431                         /* concurrent interfaces so need check combinations */
432                         check_combos = true;
433                         params.iftype_num[pos->wdev.iftype]++;
434                 }
435
436         if (check_combos)
437                 ret = cfg80211_check_combinations(cfg->wiphy, &params);
438
439         return ret;
440 }
441
442 static int brcmf_vif_add_validate(struct brcmf_cfg80211_info *cfg,
443                                   enum nl80211_iftype new_type)
444 {
445         struct brcmf_cfg80211_vif *pos;
446         struct iface_combination_params params = {
447                 .num_different_channels = 1,
448         };
449
450         list_for_each_entry(pos, &cfg->vif_list, list)
451                 params.iftype_num[pos->wdev.iftype]++;
452
453         params.iftype_num[new_type]++;
454         return cfg80211_check_combinations(cfg->wiphy, &params);
455 }
456
457 static void convert_key_from_CPU(struct brcmf_wsec_key *key,
458                                  struct brcmf_wsec_key_le *key_le)
459 {
460         key_le->index = cpu_to_le32(key->index);
461         key_le->len = cpu_to_le32(key->len);
462         key_le->algo = cpu_to_le32(key->algo);
463         key_le->flags = cpu_to_le32(key->flags);
464         key_le->rxiv.hi = cpu_to_le32(key->rxiv.hi);
465         key_le->rxiv.lo = cpu_to_le16(key->rxiv.lo);
466         key_le->iv_initialized = cpu_to_le32(key->iv_initialized);
467         memcpy(key_le->data, key->data, sizeof(key->data));
468         memcpy(key_le->ea, key->ea, sizeof(key->ea));
469 }
470
471 static int
472 send_key_to_dongle(struct brcmf_if *ifp, struct brcmf_wsec_key *key)
473 {
474         struct brcmf_pub *drvr = ifp->drvr;
475         int err;
476         struct brcmf_wsec_key_le key_le;
477
478         convert_key_from_CPU(key, &key_le);
479
480         brcmf_netdev_wait_pend8021x(ifp);
481
482         err = brcmf_fil_bsscfg_data_set(ifp, "wsec_key", &key_le,
483                                         sizeof(key_le));
484
485         if (err)
486                 bphy_err(drvr, "wsec_key error (%d)\n", err);
487         return err;
488 }
489
490 static void
491 brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev *wdev)
492 {
493         struct brcmf_cfg80211_vif *vif;
494         struct brcmf_if *ifp;
495
496         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
497         ifp = vif->ifp;
498
499         if ((wdev->iftype == NL80211_IFTYPE_ADHOC) ||
500             (wdev->iftype == NL80211_IFTYPE_AP) ||
501             (wdev->iftype == NL80211_IFTYPE_P2P_GO))
502                 brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
503                                                 ADDR_DIRECT);
504         else
505                 brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
506                                                 ADDR_INDIRECT);
507 }
508
509 static int brcmf_get_first_free_bsscfgidx(struct brcmf_pub *drvr)
510 {
511         int bsscfgidx;
512
513         for (bsscfgidx = 0; bsscfgidx < BRCMF_MAX_IFS; bsscfgidx++) {
514                 /* bsscfgidx 1 is reserved for legacy P2P */
515                 if (bsscfgidx == 1)
516                         continue;
517                 if (!drvr->iflist[bsscfgidx])
518                         return bsscfgidx;
519         }
520
521         return -ENOMEM;
522 }
523
524 static int brcmf_cfg80211_request_ap_if(struct brcmf_if *ifp)
525 {
526         struct brcmf_pub *drvr = ifp->drvr;
527         struct brcmf_mbss_ssid_le mbss_ssid_le;
528         int bsscfgidx;
529         int err;
530
531         memset(&mbss_ssid_le, 0, sizeof(mbss_ssid_le));
532         bsscfgidx = brcmf_get_first_free_bsscfgidx(ifp->drvr);
533         if (bsscfgidx < 0)
534                 return bsscfgidx;
535
536         mbss_ssid_le.bsscfgidx = cpu_to_le32(bsscfgidx);
537         mbss_ssid_le.SSID_len = cpu_to_le32(5);
538         sprintf(mbss_ssid_le.SSID, "ssid%d" , bsscfgidx);
539
540         err = brcmf_fil_bsscfg_data_set(ifp, "bsscfg:ssid", &mbss_ssid_le,
541                                         sizeof(mbss_ssid_le));
542         if (err < 0)
543                 bphy_err(drvr, "setting ssid failed %d\n", err);
544
545         return err;
546 }
547
548 /**
549  * brcmf_ap_add_vif() - create a new AP virtual interface for multiple BSS
550  *
551  * @wiphy: wiphy device of new interface.
552  * @name: name of the new interface.
553  * @params: contains mac address for AP device.
554  */
555 static
556 struct wireless_dev *brcmf_ap_add_vif(struct wiphy *wiphy, const char *name,
557                                       struct vif_params *params)
558 {
559         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
560         struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
561         struct brcmf_pub *drvr = cfg->pub;
562         struct brcmf_cfg80211_vif *vif;
563         int err;
564
565         if (brcmf_cfg80211_vif_event_armed(cfg))
566                 return ERR_PTR(-EBUSY);
567
568         brcmf_dbg(INFO, "Adding vif \"%s\"\n", name);
569
570         vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_AP);
571         if (IS_ERR(vif))
572                 return (struct wireless_dev *)vif;
573
574         brcmf_cfg80211_arm_vif_event(cfg, vif);
575
576         err = brcmf_cfg80211_request_ap_if(ifp);
577         if (err) {
578                 brcmf_cfg80211_arm_vif_event(cfg, NULL);
579                 goto fail;
580         }
581
582         /* wait for firmware event */
583         err = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_ADD,
584                                             BRCMF_VIF_EVENT_TIMEOUT);
585         brcmf_cfg80211_arm_vif_event(cfg, NULL);
586         if (!err) {
587                 bphy_err(drvr, "timeout occurred\n");
588                 err = -EIO;
589                 goto fail;
590         }
591
592         /* interface created in firmware */
593         ifp = vif->ifp;
594         if (!ifp) {
595                 bphy_err(drvr, "no if pointer provided\n");
596                 err = -ENOENT;
597                 goto fail;
598         }
599
600         strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1);
601         err = brcmf_net_attach(ifp, true);
602         if (err) {
603                 bphy_err(drvr, "Registering netdevice failed\n");
604                 free_netdev(ifp->ndev);
605                 goto fail;
606         }
607
608         return &ifp->vif->wdev;
609
610 fail:
611         brcmf_free_vif(vif);
612         return ERR_PTR(err);
613 }
614
615 static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif)
616 {
617         enum nl80211_iftype iftype;
618
619         iftype = vif->wdev.iftype;
620         return iftype == NL80211_IFTYPE_AP || iftype == NL80211_IFTYPE_P2P_GO;
621 }
622
623 static bool brcmf_is_ibssmode(struct brcmf_cfg80211_vif *vif)
624 {
625         return vif->wdev.iftype == NL80211_IFTYPE_ADHOC;
626 }
627
628 /**
629  * brcmf_mon_add_vif() - create monitor mode virtual interface
630  *
631  * @wiphy: wiphy device of new interface.
632  * @name: name of the new interface.
633  */
634 static struct wireless_dev *brcmf_mon_add_vif(struct wiphy *wiphy,
635                                               const char *name)
636 {
637         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
638         struct brcmf_cfg80211_vif *vif;
639         struct net_device *ndev;
640         struct brcmf_if *ifp;
641         int err;
642
643         if (cfg->pub->mon_if) {
644                 err = -EEXIST;
645                 goto err_out;
646         }
647
648         vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_MONITOR);
649         if (IS_ERR(vif)) {
650                 err = PTR_ERR(vif);
651                 goto err_out;
652         }
653
654         ndev = alloc_netdev(sizeof(*ifp), name, NET_NAME_UNKNOWN, ether_setup);
655         if (!ndev) {
656                 err = -ENOMEM;
657                 goto err_free_vif;
658         }
659         ndev->type = ARPHRD_IEEE80211_RADIOTAP;
660         ndev->ieee80211_ptr = &vif->wdev;
661         ndev->needs_free_netdev = true;
662         ndev->priv_destructor = brcmf_cfg80211_free_netdev;
663         SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
664
665         ifp = netdev_priv(ndev);
666         ifp->vif = vif;
667         ifp->ndev = ndev;
668         ifp->drvr = cfg->pub;
669
670         vif->ifp = ifp;
671         vif->wdev.netdev = ndev;
672
673         err = brcmf_net_mon_attach(ifp);
674         if (err) {
675                 brcmf_err("Failed to attach %s device\n", ndev->name);
676                 free_netdev(ndev);
677                 goto err_free_vif;
678         }
679
680         cfg->pub->mon_if = ifp;
681
682         return &vif->wdev;
683
684 err_free_vif:
685         brcmf_free_vif(vif);
686 err_out:
687         return ERR_PTR(err);
688 }
689
690 static int brcmf_mon_del_vif(struct wiphy *wiphy, struct wireless_dev *wdev)
691 {
692         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
693         struct net_device *ndev = wdev->netdev;
694
695         ndev->netdev_ops->ndo_stop(ndev);
696
697         brcmf_net_detach(ndev, true);
698
699         cfg->pub->mon_if = NULL;
700
701         return 0;
702 }
703
704 static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy,
705                                                      const char *name,
706                                                      unsigned char name_assign_type,
707                                                      enum nl80211_iftype type,
708                                                      struct vif_params *params)
709 {
710         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
711         struct brcmf_pub *drvr = cfg->pub;
712         struct wireless_dev *wdev;
713         int err;
714
715         brcmf_dbg(TRACE, "enter: %s type %d\n", name, type);
716         err = brcmf_vif_add_validate(wiphy_to_cfg(wiphy), type);
717         if (err) {
718                 bphy_err(drvr, "iface validation failed: err=%d\n", err);
719                 return ERR_PTR(err);
720         }
721         switch (type) {
722         case NL80211_IFTYPE_ADHOC:
723         case NL80211_IFTYPE_STATION:
724         case NL80211_IFTYPE_AP_VLAN:
725         case NL80211_IFTYPE_WDS:
726         case NL80211_IFTYPE_MESH_POINT:
727                 return ERR_PTR(-EOPNOTSUPP);
728         case NL80211_IFTYPE_MONITOR:
729                 return brcmf_mon_add_vif(wiphy, name);
730         case NL80211_IFTYPE_AP:
731                 wdev = brcmf_ap_add_vif(wiphy, name, params);
732                 break;
733         case NL80211_IFTYPE_P2P_CLIENT:
734         case NL80211_IFTYPE_P2P_GO:
735         case NL80211_IFTYPE_P2P_DEVICE:
736                 wdev = brcmf_p2p_add_vif(wiphy, name, name_assign_type, type, params);
737                 break;
738         case NL80211_IFTYPE_UNSPECIFIED:
739         default:
740                 return ERR_PTR(-EINVAL);
741         }
742
743         if (IS_ERR(wdev))
744                 bphy_err(drvr, "add iface %s type %d failed: err=%d\n", name,
745                          type, (int)PTR_ERR(wdev));
746         else
747                 brcmf_cfg80211_update_proto_addr_mode(wdev);
748
749         return wdev;
750 }
751
752 static void brcmf_scan_config_mpc(struct brcmf_if *ifp, int mpc)
753 {
754         if (brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_NEED_MPC))
755                 brcmf_set_mpc(ifp, mpc);
756 }
757
758 void brcmf_set_mpc(struct brcmf_if *ifp, int mpc)
759 {
760         struct brcmf_pub *drvr = ifp->drvr;
761         s32 err = 0;
762
763         if (check_vif_up(ifp->vif)) {
764                 err = brcmf_fil_iovar_int_set(ifp, "mpc", mpc);
765                 if (err) {
766                         bphy_err(drvr, "fail to set mpc\n");
767                         return;
768                 }
769                 brcmf_dbg(INFO, "MPC : %d\n", mpc);
770         }
771 }
772
773 s32 brcmf_notify_escan_complete(struct brcmf_cfg80211_info *cfg,
774                                 struct brcmf_if *ifp, bool aborted,
775                                 bool fw_abort)
776 {
777         struct brcmf_pub *drvr = cfg->pub;
778         struct brcmf_scan_params_le params_le;
779         struct cfg80211_scan_request *scan_request;
780         u64 reqid;
781         u32 bucket;
782         s32 err = 0;
783
784         brcmf_dbg(SCAN, "Enter\n");
785
786         /* clear scan request, because the FW abort can cause a second call */
787         /* to this functon and might cause a double cfg80211_scan_done      */
788         scan_request = cfg->scan_request;
789         cfg->scan_request = NULL;
790
791         if (timer_pending(&cfg->escan_timeout))
792                 del_timer_sync(&cfg->escan_timeout);
793
794         if (fw_abort) {
795                 /* Do a scan abort to stop the driver's scan engine */
796                 brcmf_dbg(SCAN, "ABORT scan in firmware\n");
797                 memset(&params_le, 0, sizeof(params_le));
798                 eth_broadcast_addr(params_le.bssid);
799                 params_le.bss_type = DOT11_BSSTYPE_ANY;
800                 params_le.scan_type = 0;
801                 params_le.channel_num = cpu_to_le32(1);
802                 params_le.nprobes = cpu_to_le32(1);
803                 params_le.active_time = cpu_to_le32(-1);
804                 params_le.passive_time = cpu_to_le32(-1);
805                 params_le.home_time = cpu_to_le32(-1);
806                 /* Scan is aborted by setting channel_list[0] to -1 */
807                 params_le.channel_list[0] = cpu_to_le16(-1);
808                 /* E-Scan (or anyother type) can be aborted by SCAN */
809                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCAN,
810                                              &params_le, sizeof(params_le));
811                 if (err)
812                         bphy_err(drvr, "Scan abort failed\n");
813         }
814
815         brcmf_scan_config_mpc(ifp, 1);
816
817         /*
818          * e-scan can be initiated internally
819          * which takes precedence.
820          */
821         if (cfg->int_escan_map) {
822                 brcmf_dbg(SCAN, "scheduled scan completed (%x)\n",
823                           cfg->int_escan_map);
824                 while (cfg->int_escan_map) {
825                         bucket = __ffs(cfg->int_escan_map);
826                         cfg->int_escan_map &= ~BIT(bucket);
827                         reqid = brcmf_pno_find_reqid_by_bucket(cfg->pno,
828                                                                bucket);
829                         if (!aborted) {
830                                 brcmf_dbg(SCAN, "report results: reqid=%llu\n",
831                                           reqid);
832                                 cfg80211_sched_scan_results(cfg_to_wiphy(cfg),
833                                                             reqid);
834                         }
835                 }
836         } else if (scan_request) {
837                 struct cfg80211_scan_info info = {
838                         .aborted = aborted,
839                 };
840
841                 brcmf_dbg(SCAN, "ESCAN Completed scan: %s\n",
842                           aborted ? "Aborted" : "Done");
843                 cfg80211_scan_done(scan_request, &info);
844         }
845         if (!test_and_clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
846                 brcmf_dbg(SCAN, "Scan complete, probably P2P scan\n");
847
848         return err;
849 }
850
851 static int brcmf_cfg80211_del_ap_iface(struct wiphy *wiphy,
852                                        struct wireless_dev *wdev)
853 {
854         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
855         struct net_device *ndev = wdev->netdev;
856         struct brcmf_if *ifp = netdev_priv(ndev);
857         struct brcmf_pub *drvr = cfg->pub;
858         int ret;
859         int err;
860
861         brcmf_cfg80211_arm_vif_event(cfg, ifp->vif);
862
863         err = brcmf_fil_bsscfg_data_set(ifp, "interface_remove", NULL, 0);
864         if (err) {
865                 bphy_err(drvr, "interface_remove failed %d\n", err);
866                 goto err_unarm;
867         }
868
869         /* wait for firmware event */
870         ret = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_DEL,
871                                             BRCMF_VIF_EVENT_TIMEOUT);
872         if (!ret) {
873                 bphy_err(drvr, "timeout occurred\n");
874                 err = -EIO;
875                 goto err_unarm;
876         }
877
878         brcmf_remove_interface(ifp, true);
879
880 err_unarm:
881         brcmf_cfg80211_arm_vif_event(cfg, NULL);
882         return err;
883 }
884
885 static
886 int brcmf_cfg80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
887 {
888         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
889         struct net_device *ndev = wdev->netdev;
890
891         if (ndev && ndev == cfg_to_ndev(cfg))
892                 return -ENOTSUPP;
893
894         /* vif event pending in firmware */
895         if (brcmf_cfg80211_vif_event_armed(cfg))
896                 return -EBUSY;
897
898         if (ndev) {
899                 if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status) &&
900                     cfg->escan_info.ifp == netdev_priv(ndev))
901                         brcmf_notify_escan_complete(cfg, netdev_priv(ndev),
902                                                     true, true);
903
904                 brcmf_fil_iovar_int_set(netdev_priv(ndev), "mpc", 1);
905         }
906
907         switch (wdev->iftype) {
908         case NL80211_IFTYPE_ADHOC:
909         case NL80211_IFTYPE_STATION:
910         case NL80211_IFTYPE_AP_VLAN:
911         case NL80211_IFTYPE_WDS:
912         case NL80211_IFTYPE_MESH_POINT:
913                 return -EOPNOTSUPP;
914         case NL80211_IFTYPE_MONITOR:
915                 return brcmf_mon_del_vif(wiphy, wdev);
916         case NL80211_IFTYPE_AP:
917                 return brcmf_cfg80211_del_ap_iface(wiphy, wdev);
918         case NL80211_IFTYPE_P2P_CLIENT:
919         case NL80211_IFTYPE_P2P_GO:
920         case NL80211_IFTYPE_P2P_DEVICE:
921                 return brcmf_p2p_del_vif(wiphy, wdev);
922         case NL80211_IFTYPE_UNSPECIFIED:
923         default:
924                 return -EINVAL;
925         }
926         return -EOPNOTSUPP;
927 }
928
929 static s32
930 brcmf_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev,
931                          enum nl80211_iftype type,
932                          struct vif_params *params)
933 {
934         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
935         struct brcmf_if *ifp = netdev_priv(ndev);
936         struct brcmf_cfg80211_vif *vif = ifp->vif;
937         struct brcmf_pub *drvr = cfg->pub;
938         s32 infra = 0;
939         s32 ap = 0;
940         s32 err = 0;
941
942         brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, type=%d\n", ifp->bsscfgidx,
943                   type);
944
945         /* WAR: There are a number of p2p interface related problems which
946          * need to be handled initially (before doing the validate).
947          * wpa_supplicant tends to do iface changes on p2p device/client/go
948          * which are not always possible/allowed. However we need to return
949          * OK otherwise the wpa_supplicant wont start. The situation differs
950          * on configuration and setup (p2pon=1 module param). The first check
951          * is to see if the request is a change to station for p2p iface.
952          */
953         if ((type == NL80211_IFTYPE_STATION) &&
954             ((vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) ||
955              (vif->wdev.iftype == NL80211_IFTYPE_P2P_GO) ||
956              (vif->wdev.iftype == NL80211_IFTYPE_P2P_DEVICE))) {
957                 brcmf_dbg(TRACE, "Ignoring cmd for p2p if\n");
958                 /* Now depending on whether module param p2pon=1 was used the
959                  * response needs to be either 0 or EOPNOTSUPP. The reason is
960                  * that if p2pon=1 is used, but a newer supplicant is used then
961                  * we should return an error, as this combination wont work.
962                  * In other situations 0 is returned and supplicant will start
963                  * normally. It will give a trace in cfg80211, but it is the
964                  * only way to get it working. Unfortunately this will result
965                  * in situation where we wont support new supplicant in
966                  * combination with module param p2pon=1, but that is the way
967                  * it is. If the user tries this then unloading of driver might
968                  * fail/lock.
969                  */
970                 if (cfg->p2p.p2pdev_dynamically)
971                         return -EOPNOTSUPP;
972                 else
973                         return 0;
974         }
975         err = brcmf_vif_change_validate(wiphy_to_cfg(wiphy), vif, type);
976         if (err) {
977                 bphy_err(drvr, "iface validation failed: err=%d\n", err);
978                 return err;
979         }
980         switch (type) {
981         case NL80211_IFTYPE_MONITOR:
982         case NL80211_IFTYPE_WDS:
983                 bphy_err(drvr, "type (%d) : currently we do not support this type\n",
984                          type);
985                 return -EOPNOTSUPP;
986         case NL80211_IFTYPE_ADHOC:
987                 infra = 0;
988                 break;
989         case NL80211_IFTYPE_STATION:
990                 infra = 1;
991                 break;
992         case NL80211_IFTYPE_AP:
993         case NL80211_IFTYPE_P2P_GO:
994                 ap = 1;
995                 break;
996         default:
997                 err = -EINVAL;
998                 goto done;
999         }
1000
1001         if (ap) {
1002                 if (type == NL80211_IFTYPE_P2P_GO) {
1003                         brcmf_dbg(INFO, "IF Type = P2P GO\n");
1004                         err = brcmf_p2p_ifchange(cfg, BRCMF_FIL_P2P_IF_GO);
1005                 }
1006                 if (!err) {
1007                         brcmf_dbg(INFO, "IF Type = AP\n");
1008                 }
1009         } else {
1010                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, infra);
1011                 if (err) {
1012                         bphy_err(drvr, "WLC_SET_INFRA error (%d)\n", err);
1013                         err = -EAGAIN;
1014                         goto done;
1015                 }
1016                 brcmf_dbg(INFO, "IF Type = %s\n", brcmf_is_ibssmode(vif) ?
1017                           "Adhoc" : "Infra");
1018         }
1019         ndev->ieee80211_ptr->iftype = type;
1020
1021         brcmf_cfg80211_update_proto_addr_mode(&vif->wdev);
1022
1023 done:
1024         brcmf_dbg(TRACE, "Exit\n");
1025
1026         return err;
1027 }
1028
1029 static void brcmf_escan_prep(struct brcmf_cfg80211_info *cfg,
1030                              struct brcmf_scan_params_le *params_le,
1031                              struct cfg80211_scan_request *request)
1032 {
1033         u32 n_ssids;
1034         u32 n_channels;
1035         s32 i;
1036         s32 offset;
1037         u16 chanspec;
1038         char *ptr;
1039         struct brcmf_ssid_le ssid_le;
1040
1041         eth_broadcast_addr(params_le->bssid);
1042         params_le->bss_type = DOT11_BSSTYPE_ANY;
1043         params_le->scan_type = BRCMF_SCANTYPE_ACTIVE;
1044         params_le->channel_num = 0;
1045         params_le->nprobes = cpu_to_le32(-1);
1046         params_le->active_time = cpu_to_le32(-1);
1047         params_le->passive_time = cpu_to_le32(-1);
1048         params_le->home_time = cpu_to_le32(-1);
1049         memset(&params_le->ssid_le, 0, sizeof(params_le->ssid_le));
1050
1051         n_ssids = request->n_ssids;
1052         n_channels = request->n_channels;
1053
1054         /* Copy channel array if applicable */
1055         brcmf_dbg(SCAN, "### List of channelspecs to scan ### %d\n",
1056                   n_channels);
1057         if (n_channels > 0) {
1058                 for (i = 0; i < n_channels; i++) {
1059                         chanspec = channel_to_chanspec(&cfg->d11inf,
1060                                                        request->channels[i]);
1061                         brcmf_dbg(SCAN, "Chan : %d, Channel spec: %x\n",
1062                                   request->channels[i]->hw_value, chanspec);
1063                         params_le->channel_list[i] = cpu_to_le16(chanspec);
1064                 }
1065         } else {
1066                 brcmf_dbg(SCAN, "Scanning all channels\n");
1067         }
1068         /* Copy ssid array if applicable */
1069         brcmf_dbg(SCAN, "### List of SSIDs to scan ### %d\n", n_ssids);
1070         if (n_ssids > 0) {
1071                 offset = offsetof(struct brcmf_scan_params_le, channel_list) +
1072                                 n_channels * sizeof(u16);
1073                 offset = roundup(offset, sizeof(u32));
1074                 ptr = (char *)params_le + offset;
1075                 for (i = 0; i < n_ssids; i++) {
1076                         memset(&ssid_le, 0, sizeof(ssid_le));
1077                         ssid_le.SSID_len =
1078                                         cpu_to_le32(request->ssids[i].ssid_len);
1079                         memcpy(ssid_le.SSID, request->ssids[i].ssid,
1080                                request->ssids[i].ssid_len);
1081                         if (!ssid_le.SSID_len)
1082                                 brcmf_dbg(SCAN, "%d: Broadcast scan\n", i);
1083                         else
1084                                 brcmf_dbg(SCAN, "%d: scan for  %.32s size=%d\n",
1085                                           i, ssid_le.SSID, ssid_le.SSID_len);
1086                         memcpy(ptr, &ssid_le, sizeof(ssid_le));
1087                         ptr += sizeof(ssid_le);
1088                 }
1089         } else {
1090                 brcmf_dbg(SCAN, "Performing passive scan\n");
1091                 params_le->scan_type = BRCMF_SCANTYPE_PASSIVE;
1092         }
1093         /* Adding mask to channel numbers */
1094         params_le->channel_num =
1095                 cpu_to_le32((n_ssids << BRCMF_SCAN_PARAMS_NSSID_SHIFT) |
1096                         (n_channels & BRCMF_SCAN_PARAMS_COUNT_MASK));
1097 }
1098
1099 static s32
1100 brcmf_run_escan(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp,
1101                 struct cfg80211_scan_request *request)
1102 {
1103         struct brcmf_pub *drvr = cfg->pub;
1104         s32 params_size = BRCMF_SCAN_PARAMS_FIXED_SIZE +
1105                           offsetof(struct brcmf_escan_params_le, params_le);
1106         struct brcmf_escan_params_le *params;
1107         s32 err = 0;
1108
1109         brcmf_dbg(SCAN, "E-SCAN START\n");
1110
1111         if (request != NULL) {
1112                 /* Allocate space for populating ssids in struct */
1113                 params_size += sizeof(u32) * ((request->n_channels + 1) / 2);
1114
1115                 /* Allocate space for populating ssids in struct */
1116                 params_size += sizeof(struct brcmf_ssid_le) * request->n_ssids;
1117         }
1118
1119         params = kzalloc(params_size, GFP_KERNEL);
1120         if (!params) {
1121                 err = -ENOMEM;
1122                 goto exit;
1123         }
1124         BUG_ON(params_size + sizeof("escan") >= BRCMF_DCMD_MEDLEN);
1125         brcmf_escan_prep(cfg, &params->params_le, request);
1126         params->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION);
1127         params->action = cpu_to_le16(WL_ESCAN_ACTION_START);
1128         params->sync_id = cpu_to_le16(0x1234);
1129
1130         err = brcmf_fil_iovar_data_set(ifp, "escan", params, params_size);
1131         if (err) {
1132                 if (err == -EBUSY)
1133                         brcmf_dbg(INFO, "system busy : escan canceled\n");
1134                 else
1135                         bphy_err(drvr, "error (%d)\n", err);
1136         }
1137
1138         kfree(params);
1139 exit:
1140         return err;
1141 }
1142
1143 static s32
1144 brcmf_do_escan(struct brcmf_if *ifp, struct cfg80211_scan_request *request)
1145 {
1146         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
1147         s32 err;
1148         struct brcmf_scan_results *results;
1149         struct escan_info *escan = &cfg->escan_info;
1150
1151         brcmf_dbg(SCAN, "Enter\n");
1152         escan->ifp = ifp;
1153         escan->wiphy = cfg->wiphy;
1154         escan->escan_state = WL_ESCAN_STATE_SCANNING;
1155
1156         brcmf_scan_config_mpc(ifp, 0);
1157         results = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
1158         results->version = 0;
1159         results->count = 0;
1160         results->buflen = WL_ESCAN_RESULTS_FIXED_SIZE;
1161
1162         err = escan->run(cfg, ifp, request);
1163         if (err)
1164                 brcmf_scan_config_mpc(ifp, 1);
1165         return err;
1166 }
1167
1168 static s32
1169 brcmf_cfg80211_scan(struct wiphy *wiphy, struct cfg80211_scan_request *request)
1170 {
1171         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1172         struct brcmf_pub *drvr = cfg->pub;
1173         struct brcmf_cfg80211_vif *vif;
1174         s32 err = 0;
1175
1176         brcmf_dbg(TRACE, "Enter\n");
1177         vif = container_of(request->wdev, struct brcmf_cfg80211_vif, wdev);
1178         if (!check_vif_up(vif))
1179                 return -EIO;
1180
1181         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
1182                 bphy_err(drvr, "Scanning already: status (%lu)\n",
1183                          cfg->scan_status);
1184                 return -EAGAIN;
1185         }
1186         if (test_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status)) {
1187                 bphy_err(drvr, "Scanning being aborted: status (%lu)\n",
1188                          cfg->scan_status);
1189                 return -EAGAIN;
1190         }
1191         if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
1192                 bphy_err(drvr, "Scanning suppressed: status (%lu)\n",
1193                          cfg->scan_status);
1194                 return -EAGAIN;
1195         }
1196         if (test_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state)) {
1197                 bphy_err(drvr, "Connecting: status (%lu)\n", vif->sme_state);
1198                 return -EAGAIN;
1199         }
1200
1201         /* If scan req comes for p2p0, send it over primary I/F */
1202         if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
1203                 vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif;
1204
1205         brcmf_dbg(SCAN, "START ESCAN\n");
1206
1207         cfg->scan_request = request;
1208         set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1209
1210         cfg->escan_info.run = brcmf_run_escan;
1211         err = brcmf_p2p_scan_prep(wiphy, request, vif);
1212         if (err)
1213                 goto scan_out;
1214
1215         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBREQ_FLAG,
1216                                     request->ie, request->ie_len);
1217         if (err)
1218                 goto scan_out;
1219
1220         err = brcmf_do_escan(vif->ifp, request);
1221         if (err)
1222                 goto scan_out;
1223
1224         /* Arm scan timeout timer */
1225         mod_timer(&cfg->escan_timeout,
1226                   jiffies + msecs_to_jiffies(BRCMF_ESCAN_TIMER_INTERVAL_MS));
1227
1228         return 0;
1229
1230 scan_out:
1231         bphy_err(drvr, "scan error (%d)\n", err);
1232         clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1233         cfg->scan_request = NULL;
1234         return err;
1235 }
1236
1237 static s32 brcmf_set_rts(struct net_device *ndev, u32 rts_threshold)
1238 {
1239         struct brcmf_if *ifp = netdev_priv(ndev);
1240         struct brcmf_pub *drvr = ifp->drvr;
1241         s32 err = 0;
1242
1243         err = brcmf_fil_iovar_int_set(ifp, "rtsthresh", rts_threshold);
1244         if (err)
1245                 bphy_err(drvr, "Error (%d)\n", err);
1246
1247         return err;
1248 }
1249
1250 static s32 brcmf_set_frag(struct net_device *ndev, u32 frag_threshold)
1251 {
1252         struct brcmf_if *ifp = netdev_priv(ndev);
1253         struct brcmf_pub *drvr = ifp->drvr;
1254         s32 err = 0;
1255
1256         err = brcmf_fil_iovar_int_set(ifp, "fragthresh",
1257                                       frag_threshold);
1258         if (err)
1259                 bphy_err(drvr, "Error (%d)\n", err);
1260
1261         return err;
1262 }
1263
1264 static s32 brcmf_set_retry(struct net_device *ndev, u32 retry, bool l)
1265 {
1266         struct brcmf_if *ifp = netdev_priv(ndev);
1267         struct brcmf_pub *drvr = ifp->drvr;
1268         s32 err = 0;
1269         u32 cmd = (l ? BRCMF_C_SET_LRL : BRCMF_C_SET_SRL);
1270
1271         err = brcmf_fil_cmd_int_set(ifp, cmd, retry);
1272         if (err) {
1273                 bphy_err(drvr, "cmd (%d) , error (%d)\n", cmd, err);
1274                 return err;
1275         }
1276         return err;
1277 }
1278
1279 static s32 brcmf_cfg80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1280 {
1281         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1282         struct net_device *ndev = cfg_to_ndev(cfg);
1283         struct brcmf_if *ifp = netdev_priv(ndev);
1284         s32 err = 0;
1285
1286         brcmf_dbg(TRACE, "Enter\n");
1287         if (!check_vif_up(ifp->vif))
1288                 return -EIO;
1289
1290         if (changed & WIPHY_PARAM_RTS_THRESHOLD &&
1291             (cfg->conf->rts_threshold != wiphy->rts_threshold)) {
1292                 cfg->conf->rts_threshold = wiphy->rts_threshold;
1293                 err = brcmf_set_rts(ndev, cfg->conf->rts_threshold);
1294                 if (!err)
1295                         goto done;
1296         }
1297         if (changed & WIPHY_PARAM_FRAG_THRESHOLD &&
1298             (cfg->conf->frag_threshold != wiphy->frag_threshold)) {
1299                 cfg->conf->frag_threshold = wiphy->frag_threshold;
1300                 err = brcmf_set_frag(ndev, cfg->conf->frag_threshold);
1301                 if (!err)
1302                         goto done;
1303         }
1304         if (changed & WIPHY_PARAM_RETRY_LONG
1305             && (cfg->conf->retry_long != wiphy->retry_long)) {
1306                 cfg->conf->retry_long = wiphy->retry_long;
1307                 err = brcmf_set_retry(ndev, cfg->conf->retry_long, true);
1308                 if (!err)
1309                         goto done;
1310         }
1311         if (changed & WIPHY_PARAM_RETRY_SHORT
1312             && (cfg->conf->retry_short != wiphy->retry_short)) {
1313                 cfg->conf->retry_short = wiphy->retry_short;
1314                 err = brcmf_set_retry(ndev, cfg->conf->retry_short, false);
1315                 if (!err)
1316                         goto done;
1317         }
1318
1319 done:
1320         brcmf_dbg(TRACE, "Exit\n");
1321         return err;
1322 }
1323
1324 static void brcmf_init_prof(struct brcmf_cfg80211_profile *prof)
1325 {
1326         memset(prof, 0, sizeof(*prof));
1327 }
1328
1329 static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
1330 {
1331         u16 reason;
1332
1333         switch (e->event_code) {
1334         case BRCMF_E_DEAUTH:
1335         case BRCMF_E_DEAUTH_IND:
1336         case BRCMF_E_DISASSOC_IND:
1337                 reason = e->reason;
1338                 break;
1339         case BRCMF_E_LINK:
1340         default:
1341                 reason = 0;
1342                 break;
1343         }
1344         return reason;
1345 }
1346
1347 static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
1348 {
1349         struct brcmf_pub *drvr = ifp->drvr;
1350         struct brcmf_wsec_pmk_le pmk;
1351         int i, err;
1352
1353         /* convert to firmware key format */
1354         pmk.key_len = cpu_to_le16(pmk_len << 1);
1355         pmk.flags = cpu_to_le16(BRCMF_WSEC_PASSPHRASE);
1356         for (i = 0; i < pmk_len; i++)
1357                 snprintf(&pmk.key[2 * i], 3, "%02x", pmk_data[i]);
1358
1359         /* store psk in firmware */
1360         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
1361                                      &pmk, sizeof(pmk));
1362         if (err < 0)
1363                 bphy_err(drvr, "failed to change PSK in firmware (len=%u)\n",
1364                          pmk_len);
1365
1366         return err;
1367 }
1368
1369 static int brcmf_set_sae_password(struct brcmf_if *ifp, const u8 *pwd_data,
1370                                   u16 pwd_len)
1371 {
1372         struct brcmf_pub *drvr = ifp->drvr;
1373         struct brcmf_wsec_sae_pwd_le sae_pwd;
1374         int err;
1375
1376         if (pwd_len > BRCMF_WSEC_MAX_SAE_PASSWORD_LEN) {
1377                 bphy_err(drvr, "sae_password must be less than %d\n",
1378                          BRCMF_WSEC_MAX_SAE_PASSWORD_LEN);
1379                 return -EINVAL;
1380         }
1381
1382         sae_pwd.key_len = cpu_to_le16(pwd_len);
1383         memcpy(sae_pwd.key, pwd_data, pwd_len);
1384
1385         err = brcmf_fil_iovar_data_set(ifp, "sae_password", &sae_pwd,
1386                                        sizeof(sae_pwd));
1387         if (err < 0)
1388                 bphy_err(drvr, "failed to set SAE password in firmware (len=%u)\n",
1389                          pwd_len);
1390
1391         return err;
1392 }
1393
1394 static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason,
1395                             bool locally_generated)
1396 {
1397         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(vif->wdev.wiphy);
1398         struct brcmf_pub *drvr = cfg->pub;
1399         bool bus_up = drvr->bus_if->state == BRCMF_BUS_UP;
1400         s32 err = 0;
1401
1402         brcmf_dbg(TRACE, "Enter\n");
1403
1404         if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTED, &vif->sme_state)) {
1405                 if (bus_up) {
1406                         brcmf_dbg(INFO, "Call WLC_DISASSOC to stop excess roaming\n");
1407                         err = brcmf_fil_cmd_data_set(vif->ifp,
1408                                                      BRCMF_C_DISASSOC, NULL, 0);
1409                         if (err)
1410                                 bphy_err(drvr, "WLC_DISASSOC failed (%d)\n",
1411                                          err);
1412                 }
1413
1414                 if ((vif->wdev.iftype == NL80211_IFTYPE_STATION) ||
1415                     (vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT))
1416                         cfg80211_disconnected(vif->wdev.netdev, reason, NULL, 0,
1417                                               locally_generated, GFP_KERNEL);
1418         }
1419         clear_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state);
1420         clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
1421         brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
1422         if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
1423                 if (bus_up)
1424                         brcmf_set_pmk(vif->ifp, NULL, 0);
1425                 vif->profile.use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1426         }
1427         brcmf_dbg(TRACE, "Exit\n");
1428 }
1429
1430 static s32
1431 brcmf_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *ndev,
1432                       struct cfg80211_ibss_params *params)
1433 {
1434         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1435         struct brcmf_if *ifp = netdev_priv(ndev);
1436         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1437         struct brcmf_pub *drvr = cfg->pub;
1438         struct brcmf_join_params join_params;
1439         size_t join_params_size = 0;
1440         s32 err = 0;
1441         s32 wsec = 0;
1442         s32 bcnprd;
1443         u16 chanspec;
1444         u32 ssid_len;
1445
1446         brcmf_dbg(TRACE, "Enter\n");
1447         if (!check_vif_up(ifp->vif))
1448                 return -EIO;
1449
1450         if (params->ssid)
1451                 brcmf_dbg(CONN, "SSID: %s\n", params->ssid);
1452         else {
1453                 brcmf_dbg(CONN, "SSID: NULL, Not supported\n");
1454                 return -EOPNOTSUPP;
1455         }
1456
1457         set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1458
1459         if (params->bssid)
1460                 brcmf_dbg(CONN, "BSSID: %pM\n", params->bssid);
1461         else
1462                 brcmf_dbg(CONN, "No BSSID specified\n");
1463
1464         if (params->chandef.chan)
1465                 brcmf_dbg(CONN, "channel: %d\n",
1466                           params->chandef.chan->center_freq);
1467         else
1468                 brcmf_dbg(CONN, "no channel specified\n");
1469
1470         if (params->channel_fixed)
1471                 brcmf_dbg(CONN, "fixed channel required\n");
1472         else
1473                 brcmf_dbg(CONN, "no fixed channel required\n");
1474
1475         if (params->ie && params->ie_len)
1476                 brcmf_dbg(CONN, "ie len: %d\n", params->ie_len);
1477         else
1478                 brcmf_dbg(CONN, "no ie specified\n");
1479
1480         if (params->beacon_interval)
1481                 brcmf_dbg(CONN, "beacon interval: %d\n",
1482                           params->beacon_interval);
1483         else
1484                 brcmf_dbg(CONN, "no beacon interval specified\n");
1485
1486         if (params->basic_rates)
1487                 brcmf_dbg(CONN, "basic rates: %08X\n", params->basic_rates);
1488         else
1489                 brcmf_dbg(CONN, "no basic rates specified\n");
1490
1491         if (params->privacy)
1492                 brcmf_dbg(CONN, "privacy required\n");
1493         else
1494                 brcmf_dbg(CONN, "no privacy required\n");
1495
1496         /* Configure Privacy for starter */
1497         if (params->privacy)
1498                 wsec |= WEP_ENABLED;
1499
1500         err = brcmf_fil_iovar_int_set(ifp, "wsec", wsec);
1501         if (err) {
1502                 bphy_err(drvr, "wsec failed (%d)\n", err);
1503                 goto done;
1504         }
1505
1506         /* Configure Beacon Interval for starter */
1507         if (params->beacon_interval)
1508                 bcnprd = params->beacon_interval;
1509         else
1510                 bcnprd = 100;
1511
1512         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD, bcnprd);
1513         if (err) {
1514                 bphy_err(drvr, "WLC_SET_BCNPRD failed (%d)\n", err);
1515                 goto done;
1516         }
1517
1518         /* Configure required join parameter */
1519         memset(&join_params, 0, sizeof(struct brcmf_join_params));
1520
1521         /* SSID */
1522         ssid_len = min_t(u32, params->ssid_len, IEEE80211_MAX_SSID_LEN);
1523         memcpy(join_params.ssid_le.SSID, params->ssid, ssid_len);
1524         join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
1525         join_params_size = sizeof(join_params.ssid_le);
1526
1527         /* BSSID */
1528         if (params->bssid) {
1529                 memcpy(join_params.params_le.bssid, params->bssid, ETH_ALEN);
1530                 join_params_size += BRCMF_ASSOC_PARAMS_FIXED_SIZE;
1531                 memcpy(profile->bssid, params->bssid, ETH_ALEN);
1532         } else {
1533                 eth_broadcast_addr(join_params.params_le.bssid);
1534                 eth_zero_addr(profile->bssid);
1535         }
1536
1537         /* Channel */
1538         if (params->chandef.chan) {
1539                 u32 target_channel;
1540
1541                 cfg->channel =
1542                         ieee80211_frequency_to_channel(
1543                                 params->chandef.chan->center_freq);
1544                 if (params->channel_fixed) {
1545                         /* adding chanspec */
1546                         chanspec = chandef_to_chanspec(&cfg->d11inf,
1547                                                        &params->chandef);
1548                         join_params.params_le.chanspec_list[0] =
1549                                 cpu_to_le16(chanspec);
1550                         join_params.params_le.chanspec_num = cpu_to_le32(1);
1551                         join_params_size += sizeof(join_params.params_le);
1552                 }
1553
1554                 /* set channel for starter */
1555                 target_channel = cfg->channel;
1556                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_CHANNEL,
1557                                             target_channel);
1558                 if (err) {
1559                         bphy_err(drvr, "WLC_SET_CHANNEL failed (%d)\n", err);
1560                         goto done;
1561                 }
1562         } else
1563                 cfg->channel = 0;
1564
1565         cfg->ibss_starter = false;
1566
1567
1568         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
1569                                      &join_params, join_params_size);
1570         if (err) {
1571                 bphy_err(drvr, "WLC_SET_SSID failed (%d)\n", err);
1572                 goto done;
1573         }
1574
1575 done:
1576         if (err)
1577                 clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1578         brcmf_dbg(TRACE, "Exit\n");
1579         return err;
1580 }
1581
1582 static s32
1583 brcmf_cfg80211_leave_ibss(struct wiphy *wiphy, struct net_device *ndev)
1584 {
1585         struct brcmf_if *ifp = netdev_priv(ndev);
1586
1587         brcmf_dbg(TRACE, "Enter\n");
1588         if (!check_vif_up(ifp->vif)) {
1589                 /* When driver is being unloaded, it can end up here. If an
1590                  * error is returned then later on a debug trace in the wireless
1591                  * core module will be printed. To avoid this 0 is returned.
1592                  */
1593                 return 0;
1594         }
1595
1596         brcmf_link_down(ifp->vif, WLAN_REASON_DEAUTH_LEAVING, true);
1597         brcmf_net_setcarrier(ifp, false);
1598
1599         brcmf_dbg(TRACE, "Exit\n");
1600
1601         return 0;
1602 }
1603
1604 static s32 brcmf_set_wpa_version(struct net_device *ndev,
1605                                  struct cfg80211_connect_params *sme)
1606 {
1607         struct brcmf_if *ifp = netdev_priv(ndev);
1608         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1609         struct brcmf_pub *drvr = ifp->drvr;
1610         struct brcmf_cfg80211_security *sec;
1611         s32 val = 0;
1612         s32 err = 0;
1613
1614         if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_1)
1615                 val = WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED;
1616         else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_2)
1617                 val = WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED;
1618         else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_3)
1619                 val = WPA3_AUTH_SAE_PSK;
1620         else
1621                 val = WPA_AUTH_DISABLED;
1622         brcmf_dbg(CONN, "setting wpa_auth to 0x%0x\n", val);
1623         err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", val);
1624         if (err) {
1625                 bphy_err(drvr, "set wpa_auth failed (%d)\n", err);
1626                 return err;
1627         }
1628         sec = &profile->sec;
1629         sec->wpa_versions = sme->crypto.wpa_versions;
1630         return err;
1631 }
1632
1633 static s32 brcmf_set_auth_type(struct net_device *ndev,
1634                                struct cfg80211_connect_params *sme)
1635 {
1636         struct brcmf_if *ifp = netdev_priv(ndev);
1637         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1638         struct brcmf_pub *drvr = ifp->drvr;
1639         struct brcmf_cfg80211_security *sec;
1640         s32 val = 0;
1641         s32 err = 0;
1642
1643         switch (sme->auth_type) {
1644         case NL80211_AUTHTYPE_OPEN_SYSTEM:
1645                 val = 0;
1646                 brcmf_dbg(CONN, "open system\n");
1647                 break;
1648         case NL80211_AUTHTYPE_SHARED_KEY:
1649                 val = 1;
1650                 brcmf_dbg(CONN, "shared key\n");
1651                 break;
1652         case NL80211_AUTHTYPE_SAE:
1653                 val = 3;
1654                 brcmf_dbg(CONN, "SAE authentication\n");
1655                 break;
1656         default:
1657                 val = 2;
1658                 brcmf_dbg(CONN, "automatic, auth type (%d)\n", sme->auth_type);
1659                 break;
1660         }
1661
1662         err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1663         if (err) {
1664                 bphy_err(drvr, "set auth failed (%d)\n", err);
1665                 return err;
1666         }
1667         sec = &profile->sec;
1668         sec->auth_type = sme->auth_type;
1669         return err;
1670 }
1671
1672 static s32
1673 brcmf_set_wsec_mode(struct net_device *ndev,
1674                     struct cfg80211_connect_params *sme)
1675 {
1676         struct brcmf_if *ifp = netdev_priv(ndev);
1677         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1678         struct brcmf_pub *drvr = ifp->drvr;
1679         struct brcmf_cfg80211_security *sec;
1680         s32 pval = 0;
1681         s32 gval = 0;
1682         s32 wsec;
1683         s32 err = 0;
1684
1685         if (sme->crypto.n_ciphers_pairwise) {
1686                 switch (sme->crypto.ciphers_pairwise[0]) {
1687                 case WLAN_CIPHER_SUITE_WEP40:
1688                 case WLAN_CIPHER_SUITE_WEP104:
1689                         pval = WEP_ENABLED;
1690                         break;
1691                 case WLAN_CIPHER_SUITE_TKIP:
1692                         pval = TKIP_ENABLED;
1693                         break;
1694                 case WLAN_CIPHER_SUITE_CCMP:
1695                         pval = AES_ENABLED;
1696                         break;
1697                 case WLAN_CIPHER_SUITE_AES_CMAC:
1698                         pval = AES_ENABLED;
1699                         break;
1700                 default:
1701                         bphy_err(drvr, "invalid cipher pairwise (%d)\n",
1702                                  sme->crypto.ciphers_pairwise[0]);
1703                         return -EINVAL;
1704                 }
1705         }
1706         if (sme->crypto.cipher_group) {
1707                 switch (sme->crypto.cipher_group) {
1708                 case WLAN_CIPHER_SUITE_WEP40:
1709                 case WLAN_CIPHER_SUITE_WEP104:
1710                         gval = WEP_ENABLED;
1711                         break;
1712                 case WLAN_CIPHER_SUITE_TKIP:
1713                         gval = TKIP_ENABLED;
1714                         break;
1715                 case WLAN_CIPHER_SUITE_CCMP:
1716                         gval = AES_ENABLED;
1717                         break;
1718                 case WLAN_CIPHER_SUITE_AES_CMAC:
1719                         gval = AES_ENABLED;
1720                         break;
1721                 default:
1722                         bphy_err(drvr, "invalid cipher group (%d)\n",
1723                                  sme->crypto.cipher_group);
1724                         return -EINVAL;
1725                 }
1726         }
1727
1728         brcmf_dbg(CONN, "pval (%d) gval (%d)\n", pval, gval);
1729         /* In case of privacy, but no security and WPS then simulate */
1730         /* setting AES. WPS-2.0 allows no security                   */
1731         if (brcmf_find_wpsie(sme->ie, sme->ie_len) && !pval && !gval &&
1732             sme->privacy)
1733                 pval = AES_ENABLED;
1734
1735         wsec = pval | gval;
1736         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
1737         if (err) {
1738                 bphy_err(drvr, "error (%d)\n", err);
1739                 return err;
1740         }
1741
1742         sec = &profile->sec;
1743         sec->cipher_pairwise = sme->crypto.ciphers_pairwise[0];
1744         sec->cipher_group = sme->crypto.cipher_group;
1745
1746         return err;
1747 }
1748
1749 static s32
1750 brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
1751 {
1752         struct brcmf_if *ifp = netdev_priv(ndev);
1753         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1754         struct brcmf_pub *drvr = ifp->drvr;
1755         s32 val;
1756         s32 err;
1757         const struct brcmf_tlv *rsn_ie;
1758         const u8 *ie;
1759         u32 ie_len;
1760         u32 offset;
1761         u16 rsn_cap;
1762         u32 mfp;
1763         u16 count;
1764
1765         profile->use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1766         profile->is_ft = false;
1767
1768         if (!sme->crypto.n_akm_suites)
1769                 return 0;
1770
1771         err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
1772         if (err) {
1773                 bphy_err(drvr, "could not get wpa_auth (%d)\n", err);
1774                 return err;
1775         }
1776         if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
1777                 switch (sme->crypto.akm_suites[0]) {
1778                 case WLAN_AKM_SUITE_8021X:
1779                         val = WPA_AUTH_UNSPECIFIED;
1780                         if (sme->want_1x)
1781                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1782                         break;
1783                 case WLAN_AKM_SUITE_PSK:
1784                         val = WPA_AUTH_PSK;
1785                         break;
1786                 default:
1787                         bphy_err(drvr, "invalid cipher group (%d)\n",
1788                                  sme->crypto.cipher_group);
1789                         return -EINVAL;
1790                 }
1791         } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
1792                 switch (sme->crypto.akm_suites[0]) {
1793                 case WLAN_AKM_SUITE_8021X:
1794                         val = WPA2_AUTH_UNSPECIFIED;
1795                         if (sme->want_1x)
1796                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1797                         break;
1798                 case WLAN_AKM_SUITE_8021X_SHA256:
1799                         val = WPA2_AUTH_1X_SHA256;
1800                         if (sme->want_1x)
1801                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1802                         break;
1803                 case WLAN_AKM_SUITE_PSK_SHA256:
1804                         val = WPA2_AUTH_PSK_SHA256;
1805                         break;
1806                 case WLAN_AKM_SUITE_PSK:
1807                         val = WPA2_AUTH_PSK;
1808                         break;
1809                 case WLAN_AKM_SUITE_FT_8021X:
1810                         val = WPA2_AUTH_UNSPECIFIED | WPA2_AUTH_FT;
1811                         profile->is_ft = true;
1812                         if (sme->want_1x)
1813                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1814                         break;
1815                 case WLAN_AKM_SUITE_FT_PSK:
1816                         val = WPA2_AUTH_PSK | WPA2_AUTH_FT;
1817                         profile->is_ft = true;
1818                         break;
1819                 default:
1820                         bphy_err(drvr, "invalid cipher group (%d)\n",
1821                                  sme->crypto.cipher_group);
1822                         return -EINVAL;
1823                 }
1824         } else if (val & WPA3_AUTH_SAE_PSK) {
1825                 switch (sme->crypto.akm_suites[0]) {
1826                 case WLAN_AKM_SUITE_SAE:
1827                         val = WPA3_AUTH_SAE_PSK;
1828                         if (sme->crypto.sae_pwd) {
1829                                 brcmf_dbg(INFO, "using SAE offload\n");
1830                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1831                         }
1832                         break;
1833                 case WLAN_AKM_SUITE_FT_OVER_SAE:
1834                         val = WPA3_AUTH_SAE_PSK | WPA2_AUTH_FT;
1835                         profile->is_ft = true;
1836                         if (sme->crypto.sae_pwd) {
1837                                 brcmf_dbg(INFO, "using SAE offload\n");
1838                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_SAE;
1839                         }
1840                         break;
1841                 default:
1842                         bphy_err(drvr, "invalid cipher group (%d)\n",
1843                                  sme->crypto.cipher_group);
1844                         return -EINVAL;
1845                 }
1846         }
1847
1848         if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X)
1849                 brcmf_dbg(INFO, "using 1X offload\n");
1850
1851         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
1852                 goto skip_mfp_config;
1853         /* The MFP mode (1 or 2) needs to be determined, parse IEs. The
1854          * IE will not be verified, just a quick search for MFP config
1855          */
1856         rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
1857                                   WLAN_EID_RSN);
1858         if (!rsn_ie)
1859                 goto skip_mfp_config;
1860         ie = (const u8 *)rsn_ie;
1861         ie_len = rsn_ie->len + TLV_HDR_LEN;
1862         /* Skip unicast suite */
1863         offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
1864         if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1865                 goto skip_mfp_config;
1866         /* Skip multicast suite */
1867         count = ie[offset] + (ie[offset + 1] << 8);
1868         offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1869         if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1870                 goto skip_mfp_config;
1871         /* Skip auth key management suite(s) */
1872         count = ie[offset] + (ie[offset + 1] << 8);
1873         offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1874         if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
1875                 goto skip_mfp_config;
1876         /* Ready to read capabilities */
1877         mfp = BRCMF_MFP_NONE;
1878         rsn_cap = ie[offset] + (ie[offset + 1] << 8);
1879         if (rsn_cap & RSN_CAP_MFPR_MASK)
1880                 mfp = BRCMF_MFP_REQUIRED;
1881         else if (rsn_cap & RSN_CAP_MFPC_MASK)
1882                 mfp = BRCMF_MFP_CAPABLE;
1883         brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
1884
1885 skip_mfp_config:
1886         brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
1887         err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
1888         if (err) {
1889                 bphy_err(drvr, "could not set wpa_auth (%d)\n", err);
1890                 return err;
1891         }
1892
1893         return err;
1894 }
1895
1896 static s32
1897 brcmf_set_sharedkey(struct net_device *ndev,
1898                     struct cfg80211_connect_params *sme)
1899 {
1900         struct brcmf_if *ifp = netdev_priv(ndev);
1901         struct brcmf_pub *drvr = ifp->drvr;
1902         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1903         struct brcmf_cfg80211_security *sec;
1904         struct brcmf_wsec_key key;
1905         s32 val;
1906         s32 err = 0;
1907
1908         brcmf_dbg(CONN, "key len (%d)\n", sme->key_len);
1909
1910         if (sme->key_len == 0)
1911                 return 0;
1912
1913         sec = &profile->sec;
1914         brcmf_dbg(CONN, "wpa_versions 0x%x cipher_pairwise 0x%x\n",
1915                   sec->wpa_versions, sec->cipher_pairwise);
1916
1917         if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2 |
1918                                  NL80211_WPA_VERSION_3))
1919                 return 0;
1920
1921         if (!(sec->cipher_pairwise &
1922             (WLAN_CIPHER_SUITE_WEP40 | WLAN_CIPHER_SUITE_WEP104)))
1923                 return 0;
1924
1925         memset(&key, 0, sizeof(key));
1926         key.len = (u32) sme->key_len;
1927         key.index = (u32) sme->key_idx;
1928         if (key.len > sizeof(key.data)) {
1929                 bphy_err(drvr, "Too long key length (%u)\n", key.len);
1930                 return -EINVAL;
1931         }
1932         memcpy(key.data, sme->key, key.len);
1933         key.flags = BRCMF_PRIMARY_KEY;
1934         switch (sec->cipher_pairwise) {
1935         case WLAN_CIPHER_SUITE_WEP40:
1936                 key.algo = CRYPTO_ALGO_WEP1;
1937                 break;
1938         case WLAN_CIPHER_SUITE_WEP104:
1939                 key.algo = CRYPTO_ALGO_WEP128;
1940                 break;
1941         default:
1942                 bphy_err(drvr, "Invalid algorithm (%d)\n",
1943                          sme->crypto.ciphers_pairwise[0]);
1944                 return -EINVAL;
1945         }
1946         /* Set the new key/index */
1947         brcmf_dbg(CONN, "key length (%d) key index (%d) algo (%d)\n",
1948                   key.len, key.index, key.algo);
1949         brcmf_dbg(CONN, "key \"%s\"\n", key.data);
1950         err = send_key_to_dongle(ifp, &key);
1951         if (err)
1952                 return err;
1953
1954         if (sec->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
1955                 brcmf_dbg(CONN, "set auth_type to shared key\n");
1956                 val = WL_AUTH_SHARED_KEY;       /* shared key */
1957                 err = brcmf_fil_bsscfg_int_set(ifp, "auth", val);
1958                 if (err)
1959                         bphy_err(drvr, "set auth failed (%d)\n", err);
1960         }
1961         return err;
1962 }
1963
1964 static
1965 enum nl80211_auth_type brcmf_war_auth_type(struct brcmf_if *ifp,
1966                                            enum nl80211_auth_type type)
1967 {
1968         if (type == NL80211_AUTHTYPE_AUTOMATIC &&
1969             brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_AUTO_AUTH)) {
1970                 brcmf_dbg(CONN, "WAR: use OPEN instead of AUTO\n");
1971                 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1972         }
1973         return type;
1974 }
1975
1976 static void brcmf_set_join_pref(struct brcmf_if *ifp,
1977                                 struct cfg80211_bss_selection *bss_select)
1978 {
1979         struct brcmf_pub *drvr = ifp->drvr;
1980         struct brcmf_join_pref_params join_pref_params[2];
1981         enum nl80211_band band;
1982         int err, i = 0;
1983
1984         join_pref_params[i].len = 2;
1985         join_pref_params[i].rssi_gain = 0;
1986
1987         if (bss_select->behaviour != NL80211_BSS_SELECT_ATTR_BAND_PREF)
1988                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_ASSOC_PREFER, WLC_BAND_AUTO);
1989
1990         switch (bss_select->behaviour) {
1991         case __NL80211_BSS_SELECT_ATTR_INVALID:
1992                 brcmf_c_set_joinpref_default(ifp);
1993                 return;
1994         case NL80211_BSS_SELECT_ATTR_BAND_PREF:
1995                 join_pref_params[i].type = BRCMF_JOIN_PREF_BAND;
1996                 band = bss_select->param.band_pref;
1997                 join_pref_params[i].band = nl80211_band_to_fwil(band);
1998                 i++;
1999                 break;
2000         case NL80211_BSS_SELECT_ATTR_RSSI_ADJUST:
2001                 join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI_DELTA;
2002                 band = bss_select->param.adjust.band;
2003                 join_pref_params[i].band = nl80211_band_to_fwil(band);
2004                 join_pref_params[i].rssi_gain = bss_select->param.adjust.delta;
2005                 i++;
2006                 break;
2007         case NL80211_BSS_SELECT_ATTR_RSSI:
2008         default:
2009                 break;
2010         }
2011         join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI;
2012         join_pref_params[i].len = 2;
2013         join_pref_params[i].rssi_gain = 0;
2014         join_pref_params[i].band = 0;
2015         err = brcmf_fil_iovar_data_set(ifp, "join_pref", join_pref_params,
2016                                        sizeof(join_pref_params));
2017         if (err)
2018                 bphy_err(drvr, "Set join_pref error (%d)\n", err);
2019 }
2020
2021 static s32
2022 brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
2023                        struct cfg80211_connect_params *sme)
2024 {
2025         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2026         struct brcmf_if *ifp = netdev_priv(ndev);
2027         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2028         struct ieee80211_channel *chan = sme->channel;
2029         struct brcmf_pub *drvr = ifp->drvr;
2030         struct brcmf_join_params join_params;
2031         size_t join_params_size;
2032         const struct brcmf_tlv *rsn_ie;
2033         const struct brcmf_vs_tlv *wpa_ie;
2034         const void *ie;
2035         u32 ie_len;
2036         struct brcmf_ext_join_params_le *ext_join_params;
2037         u16 chanspec;
2038         s32 err = 0;
2039         u32 ssid_len;
2040
2041         brcmf_dbg(TRACE, "Enter\n");
2042         if (!check_vif_up(ifp->vif))
2043                 return -EIO;
2044
2045         if (!sme->ssid) {
2046                 bphy_err(drvr, "Invalid ssid\n");
2047                 return -EOPNOTSUPP;
2048         }
2049
2050         if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif) {
2051                 /* A normal (non P2P) connection request setup. */
2052                 ie = NULL;
2053                 ie_len = 0;
2054                 /* find the WPA_IE */
2055                 wpa_ie = brcmf_find_wpaie((u8 *)sme->ie, sme->ie_len);
2056                 if (wpa_ie) {
2057                         ie = wpa_ie;
2058                         ie_len = wpa_ie->len + TLV_HDR_LEN;
2059                 } else {
2060                         /* find the RSN_IE */
2061                         rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie,
2062                                                   sme->ie_len,
2063                                                   WLAN_EID_RSN);
2064                         if (rsn_ie) {
2065                                 ie = rsn_ie;
2066                                 ie_len = rsn_ie->len + TLV_HDR_LEN;
2067                         }
2068                 }
2069                 brcmf_fil_iovar_data_set(ifp, "wpaie", ie, ie_len);
2070         }
2071
2072         err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
2073                                     sme->ie, sme->ie_len);
2074         if (err)
2075                 bphy_err(drvr, "Set Assoc REQ IE Failed\n");
2076         else
2077                 brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
2078
2079         set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2080
2081         if (chan) {
2082                 cfg->channel =
2083                         ieee80211_frequency_to_channel(chan->center_freq);
2084                 chanspec = channel_to_chanspec(&cfg->d11inf, chan);
2085                 brcmf_dbg(CONN, "channel=%d, center_req=%d, chanspec=0x%04x\n",
2086                           cfg->channel, chan->center_freq, chanspec);
2087         } else {
2088                 cfg->channel = 0;
2089                 chanspec = 0;
2090         }
2091
2092         brcmf_dbg(INFO, "ie (%p), ie_len (%zd)\n", sme->ie, sme->ie_len);
2093
2094         err = brcmf_set_wpa_version(ndev, sme);
2095         if (err) {
2096                 bphy_err(drvr, "wl_set_wpa_version failed (%d)\n", err);
2097                 goto done;
2098         }
2099
2100         sme->auth_type = brcmf_war_auth_type(ifp, sme->auth_type);
2101         err = brcmf_set_auth_type(ndev, sme);
2102         if (err) {
2103                 bphy_err(drvr, "wl_set_auth_type failed (%d)\n", err);
2104                 goto done;
2105         }
2106
2107         err = brcmf_set_wsec_mode(ndev, sme);
2108         if (err) {
2109                 bphy_err(drvr, "wl_set_set_cipher failed (%d)\n", err);
2110                 goto done;
2111         }
2112
2113         err = brcmf_set_key_mgmt(ndev, sme);
2114         if (err) {
2115                 bphy_err(drvr, "wl_set_key_mgmt failed (%d)\n", err);
2116                 goto done;
2117         }
2118
2119         err = brcmf_set_sharedkey(ndev, sme);
2120         if (err) {
2121                 bphy_err(drvr, "brcmf_set_sharedkey failed (%d)\n", err);
2122                 goto done;
2123         }
2124
2125         if (sme->crypto.psk &&
2126             profile->use_fwsup != BRCMF_PROFILE_FWSUP_SAE) {
2127                 if (WARN_ON(profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE)) {
2128                         err = -EINVAL;
2129                         goto done;
2130                 }
2131                 brcmf_dbg(INFO, "using PSK offload\n");
2132                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_PSK;
2133         }
2134
2135         if (profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
2136                 /* enable firmware supplicant for this interface */
2137                 err = brcmf_fil_iovar_int_set(ifp, "sup_wpa", 1);
2138                 if (err < 0) {
2139                         bphy_err(drvr, "failed to enable fw supplicant\n");
2140                         goto done;
2141                 }
2142         }
2143
2144         if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK)
2145                 err = brcmf_set_pmk(ifp, sme->crypto.psk,
2146                                     BRCMF_WSEC_MAX_PSK_LEN);
2147         else if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_SAE) {
2148                 /* clean up user-space RSNE */
2149                 err = brcmf_fil_iovar_data_set(ifp, "wpaie", NULL, 0);
2150                 if (err) {
2151                         bphy_err(drvr, "failed to clean up user-space RSNE\n");
2152                         goto done;
2153                 }
2154                 err = brcmf_set_sae_password(ifp, sme->crypto.sae_pwd,
2155                                              sme->crypto.sae_pwd_len);
2156                 if (!err && sme->crypto.psk)
2157                         err = brcmf_set_pmk(ifp, sme->crypto.psk,
2158                                             BRCMF_WSEC_MAX_PSK_LEN);
2159         }
2160         if (err)
2161                 goto done;
2162
2163         /* Join with specific BSSID and cached SSID
2164          * If SSID is zero join based on BSSID only
2165          */
2166         join_params_size = offsetof(struct brcmf_ext_join_params_le, assoc_le) +
2167                 offsetof(struct brcmf_assoc_params_le, chanspec_list);
2168         if (cfg->channel)
2169                 join_params_size += sizeof(u16);
2170         ext_join_params = kzalloc(join_params_size, GFP_KERNEL);
2171         if (ext_join_params == NULL) {
2172                 err = -ENOMEM;
2173                 goto done;
2174         }
2175         ssid_len = min_t(u32, sme->ssid_len, IEEE80211_MAX_SSID_LEN);
2176         ext_join_params->ssid_le.SSID_len = cpu_to_le32(ssid_len);
2177         memcpy(&ext_join_params->ssid_le.SSID, sme->ssid, ssid_len);
2178         if (ssid_len < IEEE80211_MAX_SSID_LEN)
2179                 brcmf_dbg(CONN, "SSID \"%s\", len (%d)\n",
2180                           ext_join_params->ssid_le.SSID, ssid_len);
2181
2182         /* Set up join scan parameters */
2183         ext_join_params->scan_le.scan_type = -1;
2184         ext_join_params->scan_le.home_time = cpu_to_le32(-1);
2185
2186         if (sme->bssid)
2187                 memcpy(&ext_join_params->assoc_le.bssid, sme->bssid, ETH_ALEN);
2188         else
2189                 eth_broadcast_addr(ext_join_params->assoc_le.bssid);
2190
2191         if (cfg->channel) {
2192                 ext_join_params->assoc_le.chanspec_num = cpu_to_le32(1);
2193
2194                 ext_join_params->assoc_le.chanspec_list[0] =
2195                         cpu_to_le16(chanspec);
2196                 /* Increase dwell time to receive probe response or detect
2197                  * beacon from target AP at a noisy air only during connect
2198                  * command.
2199                  */
2200                 ext_join_params->scan_le.active_time =
2201                         cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS);
2202                 ext_join_params->scan_le.passive_time =
2203                         cpu_to_le32(BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS);
2204                 /* To sync with presence period of VSDB GO send probe request
2205                  * more frequently. Probe request will be stopped when it gets
2206                  * probe response from target AP/GO.
2207                  */
2208                 ext_join_params->scan_le.nprobes =
2209                         cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS /
2210                                     BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS);
2211         } else {
2212                 ext_join_params->scan_le.active_time = cpu_to_le32(-1);
2213                 ext_join_params->scan_le.passive_time = cpu_to_le32(-1);
2214                 ext_join_params->scan_le.nprobes = cpu_to_le32(-1);
2215         }
2216
2217         brcmf_set_join_pref(ifp, &sme->bss_select);
2218
2219         err  = brcmf_fil_bsscfg_data_set(ifp, "join", ext_join_params,
2220                                          join_params_size);
2221         kfree(ext_join_params);
2222         if (!err)
2223                 /* This is it. join command worked, we are done */
2224                 goto done;
2225
2226         /* join command failed, fallback to set ssid */
2227         memset(&join_params, 0, sizeof(join_params));
2228         join_params_size = sizeof(join_params.ssid_le);
2229
2230         memcpy(&join_params.ssid_le.SSID, sme->ssid, ssid_len);
2231         join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
2232
2233         if (sme->bssid)
2234                 memcpy(join_params.params_le.bssid, sme->bssid, ETH_ALEN);
2235         else
2236                 eth_broadcast_addr(join_params.params_le.bssid);
2237
2238         if (cfg->channel) {
2239                 join_params.params_le.chanspec_list[0] = cpu_to_le16(chanspec);
2240                 join_params.params_le.chanspec_num = cpu_to_le32(1);
2241                 join_params_size += sizeof(join_params.params_le);
2242         }
2243         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
2244                                      &join_params, join_params_size);
2245         if (err)
2246                 bphy_err(drvr, "BRCMF_C_SET_SSID failed (%d)\n", err);
2247
2248 done:
2249         if (err)
2250                 clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2251         brcmf_dbg(TRACE, "Exit\n");
2252         return err;
2253 }
2254
2255 static s32
2256 brcmf_cfg80211_disconnect(struct wiphy *wiphy, struct net_device *ndev,
2257                        u16 reason_code)
2258 {
2259         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2260         struct brcmf_if *ifp = netdev_priv(ndev);
2261         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2262         struct brcmf_pub *drvr = cfg->pub;
2263         struct brcmf_scb_val_le scbval;
2264         s32 err = 0;
2265
2266         brcmf_dbg(TRACE, "Enter. Reason code = %d\n", reason_code);
2267         if (!check_vif_up(ifp->vif))
2268                 return -EIO;
2269
2270         clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
2271         clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2272         cfg80211_disconnected(ndev, reason_code, NULL, 0, true, GFP_KERNEL);
2273
2274         memcpy(&scbval.ea, &profile->bssid, ETH_ALEN);
2275         scbval.val = cpu_to_le32(reason_code);
2276         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_DISASSOC,
2277                                      &scbval, sizeof(scbval));
2278         if (err)
2279                 bphy_err(drvr, "error (%d)\n", err);
2280
2281         brcmf_dbg(TRACE, "Exit\n");
2282         return err;
2283 }
2284
2285 static s32
2286 brcmf_cfg80211_set_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2287                             enum nl80211_tx_power_setting type, s32 mbm)
2288 {
2289         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2290         struct net_device *ndev = cfg_to_ndev(cfg);
2291         struct brcmf_if *ifp = netdev_priv(ndev);
2292         struct brcmf_pub *drvr = cfg->pub;
2293         s32 err;
2294         s32 disable;
2295         u32 qdbm = 127;
2296
2297         brcmf_dbg(TRACE, "Enter %d %d\n", type, mbm);
2298         if (!check_vif_up(ifp->vif))
2299                 return -EIO;
2300
2301         switch (type) {
2302         case NL80211_TX_POWER_AUTOMATIC:
2303                 break;
2304         case NL80211_TX_POWER_LIMITED:
2305         case NL80211_TX_POWER_FIXED:
2306                 if (mbm < 0) {
2307                         bphy_err(drvr, "TX_POWER_FIXED - dbm is negative\n");
2308                         err = -EINVAL;
2309                         goto done;
2310                 }
2311                 qdbm =  MBM_TO_DBM(4 * mbm);
2312                 if (qdbm > 127)
2313                         qdbm = 127;
2314                 qdbm |= WL_TXPWR_OVERRIDE;
2315                 break;
2316         default:
2317                 bphy_err(drvr, "Unsupported type %d\n", type);
2318                 err = -EINVAL;
2319                 goto done;
2320         }
2321         /* Make sure radio is off or on as far as software is concerned */
2322         disable = WL_RADIO_SW_DISABLE << 16;
2323         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_RADIO, disable);
2324         if (err)
2325                 bphy_err(drvr, "WLC_SET_RADIO error (%d)\n", err);
2326
2327         err = brcmf_fil_iovar_int_set(ifp, "qtxpower", qdbm);
2328         if (err)
2329                 bphy_err(drvr, "qtxpower error (%d)\n", err);
2330
2331 done:
2332         brcmf_dbg(TRACE, "Exit %d (qdbm)\n", qdbm & ~WL_TXPWR_OVERRIDE);
2333         return err;
2334 }
2335
2336 static s32
2337 brcmf_cfg80211_get_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2338                             s32 *dbm)
2339 {
2340         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2341         struct brcmf_cfg80211_vif *vif = wdev_to_vif(wdev);
2342         struct brcmf_pub *drvr = cfg->pub;
2343         s32 qdbm = 0;
2344         s32 err;
2345
2346         brcmf_dbg(TRACE, "Enter\n");
2347         if (!check_vif_up(vif))
2348                 return -EIO;
2349
2350         err = brcmf_fil_iovar_int_get(vif->ifp, "qtxpower", &qdbm);
2351         if (err) {
2352                 bphy_err(drvr, "error (%d)\n", err);
2353                 goto done;
2354         }
2355         *dbm = (qdbm & ~WL_TXPWR_OVERRIDE) / 4;
2356
2357 done:
2358         brcmf_dbg(TRACE, "Exit (0x%x %d)\n", qdbm, *dbm);
2359         return err;
2360 }
2361
2362 static s32
2363 brcmf_cfg80211_config_default_key(struct wiphy *wiphy, struct net_device *ndev,
2364                                   u8 key_idx, bool unicast, bool multicast)
2365 {
2366         struct brcmf_if *ifp = netdev_priv(ndev);
2367         struct brcmf_pub *drvr = ifp->drvr;
2368         u32 index;
2369         u32 wsec;
2370         s32 err = 0;
2371
2372         brcmf_dbg(TRACE, "Enter\n");
2373         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2374         if (!check_vif_up(ifp->vif))
2375                 return -EIO;
2376
2377         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2378         if (err) {
2379                 bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2380                 goto done;
2381         }
2382
2383         if (wsec & WEP_ENABLED) {
2384                 /* Just select a new current key */
2385                 index = key_idx;
2386                 err = brcmf_fil_cmd_int_set(ifp,
2387                                             BRCMF_C_SET_KEY_PRIMARY, index);
2388                 if (err)
2389                         bphy_err(drvr, "error (%d)\n", err);
2390         }
2391 done:
2392         brcmf_dbg(TRACE, "Exit\n");
2393         return err;
2394 }
2395
2396 static s32
2397 brcmf_cfg80211_del_key(struct wiphy *wiphy, struct net_device *ndev,
2398                        u8 key_idx, bool pairwise, const u8 *mac_addr)
2399 {
2400         struct brcmf_if *ifp = netdev_priv(ndev);
2401         struct brcmf_wsec_key *key;
2402         s32 err;
2403
2404         brcmf_dbg(TRACE, "Enter\n");
2405         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2406
2407         if (!check_vif_up(ifp->vif))
2408                 return -EIO;
2409
2410         if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2411                 /* we ignore this key index in this case */
2412                 return -EINVAL;
2413         }
2414
2415         key = &ifp->vif->profile.key[key_idx];
2416
2417         if (key->algo == CRYPTO_ALGO_OFF) {
2418                 brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
2419                 return -EINVAL;
2420         }
2421
2422         memset(key, 0, sizeof(*key));
2423         key->index = (u32)key_idx;
2424         key->flags = BRCMF_PRIMARY_KEY;
2425
2426         /* Clear the key/index */
2427         err = send_key_to_dongle(ifp, key);
2428
2429         brcmf_dbg(TRACE, "Exit\n");
2430         return err;
2431 }
2432
2433 static s32
2434 brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
2435                        u8 key_idx, bool pairwise, const u8 *mac_addr,
2436                        struct key_params *params)
2437 {
2438         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2439         struct brcmf_if *ifp = netdev_priv(ndev);
2440         struct brcmf_pub *drvr = cfg->pub;
2441         struct brcmf_wsec_key *key;
2442         s32 val;
2443         s32 wsec;
2444         s32 err;
2445         u8 keybuf[8];
2446         bool ext_key;
2447
2448         brcmf_dbg(TRACE, "Enter\n");
2449         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2450         if (!check_vif_up(ifp->vif))
2451                 return -EIO;
2452
2453         if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2454                 /* we ignore this key index in this case */
2455                 bphy_err(drvr, "invalid key index (%d)\n", key_idx);
2456                 return -EINVAL;
2457         }
2458
2459         if (params->key_len == 0)
2460                 return brcmf_cfg80211_del_key(wiphy, ndev, key_idx, pairwise,
2461                                               mac_addr);
2462
2463         if (params->key_len > sizeof(key->data)) {
2464                 bphy_err(drvr, "Too long key length (%u)\n", params->key_len);
2465                 return -EINVAL;
2466         }
2467
2468         ext_key = false;
2469         if (mac_addr && (params->cipher != WLAN_CIPHER_SUITE_WEP40) &&
2470             (params->cipher != WLAN_CIPHER_SUITE_WEP104)) {
2471                 brcmf_dbg(TRACE, "Ext key, mac %pM", mac_addr);
2472                 ext_key = true;
2473         }
2474
2475         key = &ifp->vif->profile.key[key_idx];
2476         memset(key, 0, sizeof(*key));
2477         if ((ext_key) && (!is_multicast_ether_addr(mac_addr)))
2478                 memcpy((char *)&key->ea, (void *)mac_addr, ETH_ALEN);
2479         key->len = params->key_len;
2480         key->index = key_idx;
2481         memcpy(key->data, params->key, key->len);
2482         if (!ext_key)
2483                 key->flags = BRCMF_PRIMARY_KEY;
2484
2485         if (params->seq && params->seq_len == 6) {
2486                 /* rx iv */
2487                 u8 *ivptr;
2488
2489                 ivptr = (u8 *)params->seq;
2490                 key->rxiv.hi = (ivptr[5] << 24) | (ivptr[4] << 16) |
2491                         (ivptr[3] << 8) | ivptr[2];
2492                 key->rxiv.lo = (ivptr[1] << 8) | ivptr[0];
2493                 key->iv_initialized = true;
2494         }
2495
2496         switch (params->cipher) {
2497         case WLAN_CIPHER_SUITE_WEP40:
2498                 key->algo = CRYPTO_ALGO_WEP1;
2499                 val = WEP_ENABLED;
2500                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2501                 break;
2502         case WLAN_CIPHER_SUITE_WEP104:
2503                 key->algo = CRYPTO_ALGO_WEP128;
2504                 val = WEP_ENABLED;
2505                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2506                 break;
2507         case WLAN_CIPHER_SUITE_TKIP:
2508                 if (!brcmf_is_apmode(ifp->vif)) {
2509                         brcmf_dbg(CONN, "Swapping RX/TX MIC key\n");
2510                         memcpy(keybuf, &key->data[24], sizeof(keybuf));
2511                         memcpy(&key->data[24], &key->data[16], sizeof(keybuf));
2512                         memcpy(&key->data[16], keybuf, sizeof(keybuf));
2513                 }
2514                 key->algo = CRYPTO_ALGO_TKIP;
2515                 val = TKIP_ENABLED;
2516                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2517                 break;
2518         case WLAN_CIPHER_SUITE_AES_CMAC:
2519                 key->algo = CRYPTO_ALGO_AES_CCM;
2520                 val = AES_ENABLED;
2521                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2522                 break;
2523         case WLAN_CIPHER_SUITE_CCMP:
2524                 key->algo = CRYPTO_ALGO_AES_CCM;
2525                 val = AES_ENABLED;
2526                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_CCMP\n");
2527                 break;
2528         default:
2529                 bphy_err(drvr, "Invalid cipher (0x%x)\n", params->cipher);
2530                 err = -EINVAL;
2531                 goto done;
2532         }
2533
2534         err = send_key_to_dongle(ifp, key);
2535         if (ext_key || err)
2536                 goto done;
2537
2538         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2539         if (err) {
2540                 bphy_err(drvr, "get wsec error (%d)\n", err);
2541                 goto done;
2542         }
2543         wsec |= val;
2544         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2545         if (err) {
2546                 bphy_err(drvr, "set wsec error (%d)\n", err);
2547                 goto done;
2548         }
2549
2550 done:
2551         brcmf_dbg(TRACE, "Exit\n");
2552         return err;
2553 }
2554
2555 static s32
2556 brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
2557                        bool pairwise, const u8 *mac_addr, void *cookie,
2558                        void (*callback)(void *cookie,
2559                                         struct key_params *params))
2560 {
2561         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2562         struct key_params params;
2563         struct brcmf_if *ifp = netdev_priv(ndev);
2564         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2565         struct brcmf_pub *drvr = cfg->pub;
2566         struct brcmf_cfg80211_security *sec;
2567         s32 wsec;
2568         s32 err = 0;
2569
2570         brcmf_dbg(TRACE, "Enter\n");
2571         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2572         if (!check_vif_up(ifp->vif))
2573                 return -EIO;
2574
2575         memset(&params, 0, sizeof(params));
2576
2577         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2578         if (err) {
2579                 bphy_err(drvr, "WLC_GET_WSEC error (%d)\n", err);
2580                 /* Ignore this error, may happen during DISASSOC */
2581                 err = -EAGAIN;
2582                 goto done;
2583         }
2584         if (wsec & WEP_ENABLED) {
2585                 sec = &profile->sec;
2586                 if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP40) {
2587                         params.cipher = WLAN_CIPHER_SUITE_WEP40;
2588                         brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2589                 } else if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP104) {
2590                         params.cipher = WLAN_CIPHER_SUITE_WEP104;
2591                         brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2592                 }
2593         } else if (wsec & TKIP_ENABLED) {
2594                 params.cipher = WLAN_CIPHER_SUITE_TKIP;
2595                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2596         } else if (wsec & AES_ENABLED) {
2597                 params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
2598                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2599         } else  {
2600                 bphy_err(drvr, "Invalid algo (0x%x)\n", wsec);
2601                 err = -EINVAL;
2602                 goto done;
2603         }
2604         callback(cookie, &params);
2605
2606 done:
2607         brcmf_dbg(TRACE, "Exit\n");
2608         return err;
2609 }
2610
2611 static s32
2612 brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
2613                                        struct net_device *ndev, u8 key_idx)
2614 {
2615         struct brcmf_if *ifp = netdev_priv(ndev);
2616
2617         brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
2618
2619         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
2620                 return 0;
2621
2622         brcmf_dbg(INFO, "Not supported\n");
2623
2624         return -EOPNOTSUPP;
2625 }
2626
2627 static void
2628 brcmf_cfg80211_reconfigure_wep(struct brcmf_if *ifp)
2629 {
2630         struct brcmf_pub *drvr = ifp->drvr;
2631         s32 err;
2632         u8 key_idx;
2633         struct brcmf_wsec_key *key;
2634         s32 wsec;
2635
2636         for (key_idx = 0; key_idx < BRCMF_MAX_DEFAULT_KEYS; key_idx++) {
2637                 key = &ifp->vif->profile.key[key_idx];
2638                 if ((key->algo == CRYPTO_ALGO_WEP1) ||
2639                     (key->algo == CRYPTO_ALGO_WEP128))
2640                         break;
2641         }
2642         if (key_idx == BRCMF_MAX_DEFAULT_KEYS)
2643                 return;
2644
2645         err = send_key_to_dongle(ifp, key);
2646         if (err) {
2647                 bphy_err(drvr, "Setting WEP key failed (%d)\n", err);
2648                 return;
2649         }
2650         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2651         if (err) {
2652                 bphy_err(drvr, "get wsec error (%d)\n", err);
2653                 return;
2654         }
2655         wsec |= WEP_ENABLED;
2656         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2657         if (err)
2658                 bphy_err(drvr, "set wsec error (%d)\n", err);
2659 }
2660
2661 static void brcmf_convert_sta_flags(u32 fw_sta_flags, struct station_info *si)
2662 {
2663         struct nl80211_sta_flag_update *sfu;
2664
2665         brcmf_dbg(TRACE, "flags %08x\n", fw_sta_flags);
2666         si->filled |= BIT_ULL(NL80211_STA_INFO_STA_FLAGS);
2667         sfu = &si->sta_flags;
2668         sfu->mask = BIT(NL80211_STA_FLAG_WME) |
2669                     BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2670                     BIT(NL80211_STA_FLAG_ASSOCIATED) |
2671                     BIT(NL80211_STA_FLAG_AUTHORIZED);
2672         if (fw_sta_flags & BRCMF_STA_WME)
2673                 sfu->set |= BIT(NL80211_STA_FLAG_WME);
2674         if (fw_sta_flags & BRCMF_STA_AUTHE)
2675                 sfu->set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
2676         if (fw_sta_flags & BRCMF_STA_ASSOC)
2677                 sfu->set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2678         if (fw_sta_flags & BRCMF_STA_AUTHO)
2679                 sfu->set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
2680 }
2681
2682 static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si)
2683 {
2684         struct brcmf_pub *drvr = ifp->drvr;
2685         struct {
2686                 __le32 len;
2687                 struct brcmf_bss_info_le bss_le;
2688         } *buf;
2689         u16 capability;
2690         int err;
2691
2692         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
2693         if (!buf)
2694                 return;
2695
2696         buf->len = cpu_to_le32(WL_BSS_INFO_MAX);
2697         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO, buf,
2698                                      WL_BSS_INFO_MAX);
2699         if (err) {
2700                 bphy_err(drvr, "Failed to get bss info (%d)\n", err);
2701                 goto out_kfree;
2702         }
2703         si->filled |= BIT_ULL(NL80211_STA_INFO_BSS_PARAM);
2704         si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period);
2705         si->bss_param.dtim_period = buf->bss_le.dtim_period;
2706         capability = le16_to_cpu(buf->bss_le.capability);
2707         if (capability & IEEE80211_HT_STBC_PARAM_DUAL_CTS_PROT)
2708                 si->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
2709         if (capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2710                 si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
2711         if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2712                 si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
2713
2714 out_kfree:
2715         kfree(buf);
2716 }
2717
2718 static s32
2719 brcmf_cfg80211_get_station_ibss(struct brcmf_if *ifp,
2720                                 struct station_info *sinfo)
2721 {
2722         struct brcmf_pub *drvr = ifp->drvr;
2723         struct brcmf_scb_val_le scbval;
2724         struct brcmf_pktcnt_le pktcnt;
2725         s32 err;
2726         u32 rate;
2727         u32 rssi;
2728
2729         /* Get the current tx rate */
2730         err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_RATE, &rate);
2731         if (err < 0) {
2732                 bphy_err(drvr, "BRCMF_C_GET_RATE error (%d)\n", err);
2733                 return err;
2734         }
2735         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2736         sinfo->txrate.legacy = rate * 5;
2737
2738         memset(&scbval, 0, sizeof(scbval));
2739         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI, &scbval,
2740                                      sizeof(scbval));
2741         if (err) {
2742                 bphy_err(drvr, "BRCMF_C_GET_RSSI error (%d)\n", err);
2743                 return err;
2744         }
2745         rssi = le32_to_cpu(scbval.val);
2746         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2747         sinfo->signal = rssi;
2748
2749         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_GET_PKTCNTS, &pktcnt,
2750                                      sizeof(pktcnt));
2751         if (err) {
2752                 bphy_err(drvr, "BRCMF_C_GET_GET_PKTCNTS error (%d)\n", err);
2753                 return err;
2754         }
2755         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS) |
2756                          BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC) |
2757                          BIT_ULL(NL80211_STA_INFO_TX_PACKETS) |
2758                          BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2759         sinfo->rx_packets = le32_to_cpu(pktcnt.rx_good_pkt);
2760         sinfo->rx_dropped_misc = le32_to_cpu(pktcnt.rx_bad_pkt);
2761         sinfo->tx_packets = le32_to_cpu(pktcnt.tx_good_pkt);
2762         sinfo->tx_failed  = le32_to_cpu(pktcnt.tx_bad_pkt);
2763
2764         return 0;
2765 }
2766
2767 static s32
2768 brcmf_cfg80211_get_station(struct wiphy *wiphy, struct net_device *ndev,
2769                            const u8 *mac, struct station_info *sinfo)
2770 {
2771         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2772         struct brcmf_if *ifp = netdev_priv(ndev);
2773         struct brcmf_pub *drvr = cfg->pub;
2774         struct brcmf_scb_val_le scb_val;
2775         s32 err = 0;
2776         struct brcmf_sta_info_le sta_info_le;
2777         u32 sta_flags;
2778         u32 is_tdls_peer;
2779         s32 total_rssi_avg = 0;
2780         s32 total_rssi = 0;
2781         s32 count_rssi = 0;
2782         int rssi;
2783         u32 i;
2784
2785         brcmf_dbg(TRACE, "Enter, MAC %pM\n", mac);
2786         if (!check_vif_up(ifp->vif))
2787                 return -EIO;
2788
2789         if (brcmf_is_ibssmode(ifp->vif))
2790                 return brcmf_cfg80211_get_station_ibss(ifp, sinfo);
2791
2792         memset(&sta_info_le, 0, sizeof(sta_info_le));
2793         memcpy(&sta_info_le, mac, ETH_ALEN);
2794         err = brcmf_fil_iovar_data_get(ifp, "tdls_sta_info",
2795                                        &sta_info_le,
2796                                        sizeof(sta_info_le));
2797         is_tdls_peer = !err;
2798         if (err) {
2799                 err = brcmf_fil_iovar_data_get(ifp, "sta_info",
2800                                                &sta_info_le,
2801                                                sizeof(sta_info_le));
2802                 if (err < 0) {
2803                         bphy_err(drvr, "GET STA INFO failed, %d\n", err);
2804                         goto done;
2805                 }
2806         }
2807         brcmf_dbg(TRACE, "version %d\n", le16_to_cpu(sta_info_le.ver));
2808         sinfo->filled = BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME);
2809         sinfo->inactive_time = le32_to_cpu(sta_info_le.idle) * 1000;
2810         sta_flags = le32_to_cpu(sta_info_le.flags);
2811         brcmf_convert_sta_flags(sta_flags, sinfo);
2812         sinfo->sta_flags.mask |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2813         if (is_tdls_peer)
2814                 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2815         else
2816                 sinfo->sta_flags.set &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2817         if (sta_flags & BRCMF_STA_ASSOC) {
2818                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CONNECTED_TIME);
2819                 sinfo->connected_time = le32_to_cpu(sta_info_le.in);
2820                 brcmf_fill_bss_param(ifp, sinfo);
2821         }
2822         if (sta_flags & BRCMF_STA_SCBSTATS) {
2823                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2824                 sinfo->tx_failed = le32_to_cpu(sta_info_le.tx_failures);
2825                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
2826                 sinfo->tx_packets = le32_to_cpu(sta_info_le.tx_pkts);
2827                 sinfo->tx_packets += le32_to_cpu(sta_info_le.tx_mcast_pkts);
2828                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
2829                 sinfo->rx_packets = le32_to_cpu(sta_info_le.rx_ucast_pkts);
2830                 sinfo->rx_packets += le32_to_cpu(sta_info_le.rx_mcast_pkts);
2831                 if (sinfo->tx_packets) {
2832                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2833                         sinfo->txrate.legacy =
2834                                 le32_to_cpu(sta_info_le.tx_rate) / 100;
2835                 }
2836                 if (sinfo->rx_packets) {
2837                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
2838                         sinfo->rxrate.legacy =
2839                                 le32_to_cpu(sta_info_le.rx_rate) / 100;
2840                 }
2841                 if (le16_to_cpu(sta_info_le.ver) >= 4) {
2842                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
2843                         sinfo->tx_bytes = le64_to_cpu(sta_info_le.tx_tot_bytes);
2844                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
2845                         sinfo->rx_bytes = le64_to_cpu(sta_info_le.rx_tot_bytes);
2846                 }
2847                 for (i = 0; i < BRCMF_ANT_MAX; i++) {
2848                         if (sta_info_le.rssi[i] == 0 ||
2849                             sta_info_le.rx_lastpkt_rssi[i] == 0)
2850                                 continue;
2851                         sinfo->chains |= BIT(count_rssi);
2852                         sinfo->chain_signal[count_rssi] =
2853                                 sta_info_le.rx_lastpkt_rssi[i];
2854                         sinfo->chain_signal_avg[count_rssi] =
2855                                 sta_info_le.rssi[i];
2856                         total_rssi += sta_info_le.rx_lastpkt_rssi[i];
2857                         total_rssi_avg += sta_info_le.rssi[i];
2858                         count_rssi++;
2859                 }
2860                 if (count_rssi) {
2861                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2862                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
2863                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
2864                         sinfo->filled |=
2865                                 BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
2866                         sinfo->signal = total_rssi / count_rssi;
2867                         sinfo->signal_avg = total_rssi_avg / count_rssi;
2868                 } else if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
2869                         &ifp->vif->sme_state)) {
2870                         memset(&scb_val, 0, sizeof(scb_val));
2871                         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI,
2872                                                      &scb_val, sizeof(scb_val));
2873                         if (err) {
2874                                 bphy_err(drvr, "Could not get rssi (%d)\n",
2875                                          err);
2876                                 goto done;
2877                         } else {
2878                                 rssi = le32_to_cpu(scb_val.val);
2879                                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2880                                 sinfo->signal = rssi;
2881                                 brcmf_dbg(CONN, "RSSI %d dBm\n", rssi);
2882                         }
2883                 }
2884         }
2885 done:
2886         brcmf_dbg(TRACE, "Exit\n");
2887         return err;
2888 }
2889
2890 static int
2891 brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
2892                             int idx, u8 *mac, struct station_info *sinfo)
2893 {
2894         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2895         struct brcmf_if *ifp = netdev_priv(ndev);
2896         struct brcmf_pub *drvr = cfg->pub;
2897         s32 err;
2898
2899         brcmf_dbg(TRACE, "Enter, idx %d\n", idx);
2900
2901         if (idx == 0) {
2902                 cfg->assoclist.count = cpu_to_le32(BRCMF_MAX_ASSOCLIST);
2903                 err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_ASSOCLIST,
2904                                              &cfg->assoclist,
2905                                              sizeof(cfg->assoclist));
2906                 if (err) {
2907                         /* GET_ASSOCLIST unsupported by firmware of older chips */
2908                         if (err == -EBADE)
2909                                 bphy_info_once(drvr, "BRCMF_C_GET_ASSOCLIST unsupported\n");
2910                         else
2911                                 bphy_err(drvr, "BRCMF_C_GET_ASSOCLIST failed, err=%d\n",
2912                                          err);
2913
2914                         cfg->assoclist.count = 0;
2915                         return -EOPNOTSUPP;
2916                 }
2917         }
2918         if (idx < le32_to_cpu(cfg->assoclist.count)) {
2919                 memcpy(mac, cfg->assoclist.mac[idx], ETH_ALEN);
2920                 return brcmf_cfg80211_get_station(wiphy, ndev, mac, sinfo);
2921         }
2922         return -ENOENT;
2923 }
2924
2925 static s32
2926 brcmf_cfg80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *ndev,
2927                            bool enabled, s32 timeout)
2928 {
2929         s32 pm;
2930         s32 err = 0;
2931         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2932         struct brcmf_if *ifp = netdev_priv(ndev);
2933         struct brcmf_pub *drvr = cfg->pub;
2934
2935         brcmf_dbg(TRACE, "Enter\n");
2936
2937         /*
2938          * Powersave enable/disable request is coming from the
2939          * cfg80211 even before the interface is up. In that
2940          * scenario, driver will be storing the power save
2941          * preference in cfg struct to apply this to
2942          * FW later while initializing the dongle
2943          */
2944         cfg->pwr_save = enabled;
2945         if (!check_vif_up(ifp->vif)) {
2946
2947                 brcmf_dbg(INFO, "Device is not ready, storing the value in cfg_info struct\n");
2948                 goto done;
2949         }
2950
2951         pm = enabled ? PM_FAST : PM_OFF;
2952         /* Do not enable the power save after assoc if it is a p2p interface */
2953         if (ifp->vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) {
2954                 brcmf_dbg(INFO, "Do not enable power save for P2P clients\n");
2955                 pm = PM_OFF;
2956         }
2957         brcmf_info("power save %s\n", (pm ? "enabled" : "disabled"));
2958
2959         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, pm);
2960         if (err) {
2961                 if (err == -ENODEV)
2962                         bphy_err(drvr, "net_device is not ready yet\n");
2963                 else
2964                         bphy_err(drvr, "error (%d)\n", err);
2965         }
2966
2967         timeout = 2000; /* 2000ms - the maximum */
2968         err = brcmf_fil_iovar_int_set(ifp, "pm2_sleep_ret",
2969                                 min_t(u32, timeout, BRCMF_PS_MAX_TIMEOUT_MS));
2970         if (err)
2971                 bphy_err(drvr, "Unable to set pm timeout, (%d)\n", err);
2972
2973 done:
2974         brcmf_dbg(TRACE, "Exit\n");
2975         return err;
2976 }
2977
2978 static s32 brcmf_inform_single_bss(struct brcmf_cfg80211_info *cfg,
2979                                    struct brcmf_bss_info_le *bi)
2980 {
2981         struct wiphy *wiphy = cfg_to_wiphy(cfg);
2982         struct brcmf_pub *drvr = cfg->pub;
2983         struct cfg80211_bss *bss;
2984         enum nl80211_band band;
2985         struct brcmu_chan ch;
2986         u16 channel;
2987         u32 freq;
2988         u16 notify_capability;
2989         u16 notify_interval;
2990         u8 *notify_ie;
2991         size_t notify_ielen;
2992         struct cfg80211_inform_bss bss_data = {};
2993
2994         if (le32_to_cpu(bi->length) > WL_BSS_INFO_MAX) {
2995                 bphy_err(drvr, "Bss info is larger than buffer. Discarding\n");
2996                 return -EINVAL;
2997         }
2998
2999         if (!bi->ctl_ch) {
3000                 ch.chspec = le16_to_cpu(bi->chanspec);
3001                 cfg->d11inf.decchspec(&ch);
3002                 bi->ctl_ch = ch.control_ch_num;
3003         }
3004         channel = bi->ctl_ch;
3005
3006         if (channel <= CH_MAX_2G_CHANNEL)
3007                 band = NL80211_BAND_2GHZ;
3008         else
3009                 band = NL80211_BAND_5GHZ;
3010
3011         freq = ieee80211_channel_to_frequency(channel, band);
3012         bss_data.chan = ieee80211_get_channel(wiphy, freq);
3013         bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
3014         bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
3015
3016         notify_capability = le16_to_cpu(bi->capability);
3017         notify_interval = le16_to_cpu(bi->beacon_period);
3018         notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3019         notify_ielen = le32_to_cpu(bi->ie_length);
3020         bss_data.signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3021
3022         brcmf_dbg(CONN, "bssid: %pM\n", bi->BSSID);
3023         brcmf_dbg(CONN, "Channel: %d(%d)\n", channel, freq);
3024         brcmf_dbg(CONN, "Capability: %X\n", notify_capability);
3025         brcmf_dbg(CONN, "Beacon interval: %d\n", notify_interval);
3026         brcmf_dbg(CONN, "Signal: %d\n", bss_data.signal);
3027
3028         bss = cfg80211_inform_bss_data(wiphy, &bss_data,
3029                                        CFG80211_BSS_FTYPE_UNKNOWN,
3030                                        (const u8 *)bi->BSSID,
3031                                        0, notify_capability,
3032                                        notify_interval, notify_ie,
3033                                        notify_ielen, GFP_KERNEL);
3034
3035         if (!bss)
3036                 return -ENOMEM;
3037
3038         cfg80211_put_bss(wiphy, bss);
3039
3040         return 0;
3041 }
3042
3043 static struct brcmf_bss_info_le *
3044 next_bss_le(struct brcmf_scan_results *list, struct brcmf_bss_info_le *bss)
3045 {
3046         if (bss == NULL)
3047                 return list->bss_info_le;
3048         return (struct brcmf_bss_info_le *)((unsigned long)bss +
3049                                             le32_to_cpu(bss->length));
3050 }
3051
3052 static s32 brcmf_inform_bss(struct brcmf_cfg80211_info *cfg)
3053 {
3054         struct brcmf_pub *drvr = cfg->pub;
3055         struct brcmf_scan_results *bss_list;
3056         struct brcmf_bss_info_le *bi = NULL;    /* must be initialized */
3057         s32 err = 0;
3058         int i;
3059
3060         bss_list = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
3061         if (bss_list->count != 0 &&
3062             bss_list->version != BRCMF_BSS_INFO_VERSION) {
3063                 bphy_err(drvr, "Version %d != WL_BSS_INFO_VERSION\n",
3064                          bss_list->version);
3065                 return -EOPNOTSUPP;
3066         }
3067         brcmf_dbg(SCAN, "scanned AP count (%d)\n", bss_list->count);
3068         for (i = 0; i < bss_list->count; i++) {
3069                 bi = next_bss_le(bss_list, bi);
3070                 err = brcmf_inform_single_bss(cfg, bi);
3071                 if (err)
3072                         break;
3073         }
3074         return err;
3075 }
3076
3077 static s32 brcmf_inform_ibss(struct brcmf_cfg80211_info *cfg,
3078                              struct net_device *ndev, const u8 *bssid)
3079 {
3080         struct wiphy *wiphy = cfg_to_wiphy(cfg);
3081         struct brcmf_pub *drvr = cfg->pub;
3082         struct ieee80211_channel *notify_channel;
3083         struct brcmf_bss_info_le *bi = NULL;
3084         struct ieee80211_supported_band *band;
3085         struct cfg80211_bss *bss;
3086         struct brcmu_chan ch;
3087         u8 *buf = NULL;
3088         s32 err = 0;
3089         u32 freq;
3090         u16 notify_capability;
3091         u16 notify_interval;
3092         u8 *notify_ie;
3093         size_t notify_ielen;
3094         s32 notify_signal;
3095
3096         brcmf_dbg(TRACE, "Enter\n");
3097
3098         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
3099         if (buf == NULL) {
3100                 err = -ENOMEM;
3101                 goto CleanUp;
3102         }
3103
3104         *(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
3105
3106         err = brcmf_fil_cmd_data_get(netdev_priv(ndev), BRCMF_C_GET_BSS_INFO,
3107                                      buf, WL_BSS_INFO_MAX);
3108         if (err) {
3109                 bphy_err(drvr, "WLC_GET_BSS_INFO failed: %d\n", err);
3110                 goto CleanUp;
3111         }
3112
3113         bi = (struct brcmf_bss_info_le *)(buf + 4);
3114
3115         ch.chspec = le16_to_cpu(bi->chanspec);
3116         cfg->d11inf.decchspec(&ch);
3117
3118         if (ch.band == BRCMU_CHAN_BAND_2G)
3119                 band = wiphy->bands[NL80211_BAND_2GHZ];
3120         else
3121                 band = wiphy->bands[NL80211_BAND_5GHZ];
3122
3123         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
3124         cfg->channel = freq;
3125         notify_channel = ieee80211_get_channel(wiphy, freq);
3126
3127         notify_capability = le16_to_cpu(bi->capability);
3128         notify_interval = le16_to_cpu(bi->beacon_period);
3129         notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
3130         notify_ielen = le32_to_cpu(bi->ie_length);
3131         notify_signal = (s16)le16_to_cpu(bi->RSSI) * 100;
3132
3133         brcmf_dbg(CONN, "channel: %d(%d)\n", ch.control_ch_num, freq);
3134         brcmf_dbg(CONN, "capability: %X\n", notify_capability);
3135         brcmf_dbg(CONN, "beacon interval: %d\n", notify_interval);
3136         brcmf_dbg(CONN, "signal: %d\n", notify_signal);
3137
3138         bss = cfg80211_inform_bss(wiphy, notify_channel,
3139                                   CFG80211_BSS_FTYPE_UNKNOWN, bssid, 0,
3140                                   notify_capability, notify_interval,
3141                                   notify_ie, notify_ielen, notify_signal,
3142                                   GFP_KERNEL);
3143
3144         if (!bss) {
3145                 err = -ENOMEM;
3146                 goto CleanUp;
3147         }
3148
3149         cfg80211_put_bss(wiphy, bss);
3150
3151 CleanUp:
3152
3153         kfree(buf);
3154
3155         brcmf_dbg(TRACE, "Exit\n");
3156
3157         return err;
3158 }
3159
3160 static s32 brcmf_update_bss_info(struct brcmf_cfg80211_info *cfg,
3161                                  struct brcmf_if *ifp)
3162 {
3163         struct brcmf_pub *drvr = cfg->pub;
3164         struct brcmf_bss_info_le *bi;
3165         const struct brcmf_tlv *tim;
3166         size_t ie_len;
3167         u8 *ie;
3168         s32 err = 0;
3169
3170         brcmf_dbg(TRACE, "Enter\n");
3171         if (brcmf_is_ibssmode(ifp->vif))
3172                 return err;
3173
3174         *(__le32 *)cfg->extra_buf = cpu_to_le32(WL_EXTRA_BUF_MAX);
3175         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
3176                                      cfg->extra_buf, WL_EXTRA_BUF_MAX);
3177         if (err) {
3178                 bphy_err(drvr, "Could not get bss info %d\n", err);
3179                 goto update_bss_info_out;
3180         }
3181
3182         bi = (struct brcmf_bss_info_le *)(cfg->extra_buf + 4);
3183         err = brcmf_inform_single_bss(cfg, bi);
3184         if (err)
3185                 goto update_bss_info_out;
3186
3187         ie = ((u8 *)bi) + le16_to_cpu(bi->ie_offset);
3188         ie_len = le32_to_cpu(bi->ie_length);
3189
3190         tim = brcmf_parse_tlvs(ie, ie_len, WLAN_EID_TIM);
3191         if (!tim) {
3192                 /*
3193                 * active scan was done so we could not get dtim
3194                 * information out of probe response.
3195                 * so we speficially query dtim information to dongle.
3196                 */
3197                 u32 var;
3198                 err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
3199                 if (err) {
3200                         bphy_err(drvr, "wl dtim_assoc failed (%d)\n", err);
3201                         goto update_bss_info_out;
3202                 }
3203         }
3204
3205 update_bss_info_out:
3206         brcmf_dbg(TRACE, "Exit");
3207         return err;
3208 }
3209
3210 void brcmf_abort_scanning(struct brcmf_cfg80211_info *cfg)
3211 {
3212         struct escan_info *escan = &cfg->escan_info;
3213
3214         set_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3215         if (cfg->int_escan_map || cfg->scan_request) {
3216                 escan->escan_state = WL_ESCAN_STATE_IDLE;
3217                 brcmf_notify_escan_complete(cfg, escan->ifp, true, true);
3218         }
3219         clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3220         clear_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
3221 }
3222
3223 static void brcmf_cfg80211_escan_timeout_worker(struct work_struct *work)
3224 {
3225         struct brcmf_cfg80211_info *cfg =
3226                         container_of(work, struct brcmf_cfg80211_info,
3227                                      escan_timeout_work);
3228
3229         brcmf_inform_bss(cfg);
3230         brcmf_notify_escan_complete(cfg, cfg->escan_info.ifp, true, true);
3231 }
3232
3233 static void brcmf_escan_timeout(struct timer_list *t)
3234 {
3235         struct brcmf_cfg80211_info *cfg =
3236                         from_timer(cfg, t, escan_timeout);
3237         struct brcmf_pub *drvr = cfg->pub;
3238
3239         if (cfg->int_escan_map || cfg->scan_request) {
3240                 bphy_err(drvr, "timer expired\n");
3241                 schedule_work(&cfg->escan_timeout_work);
3242         }
3243 }
3244
3245 static s32
3246 brcmf_compare_update_same_bss(struct brcmf_cfg80211_info *cfg,
3247                               struct brcmf_bss_info_le *bss,
3248                               struct brcmf_bss_info_le *bss_info_le)
3249 {
3250         struct brcmu_chan ch_bss, ch_bss_info_le;
3251
3252         ch_bss.chspec = le16_to_cpu(bss->chanspec);
3253         cfg->d11inf.decchspec(&ch_bss);
3254         ch_bss_info_le.chspec = le16_to_cpu(bss_info_le->chanspec);
3255         cfg->d11inf.decchspec(&ch_bss_info_le);
3256
3257         if (!memcmp(&bss_info_le->BSSID, &bss->BSSID, ETH_ALEN) &&
3258                 ch_bss.band == ch_bss_info_le.band &&
3259                 bss_info_le->SSID_len == bss->SSID_len &&
3260                 !memcmp(bss_info_le->SSID, bss->SSID, bss_info_le->SSID_len)) {
3261                 if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) ==
3262                         (bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL)) {
3263                         s16 bss_rssi = le16_to_cpu(bss->RSSI);
3264                         s16 bss_info_rssi = le16_to_cpu(bss_info_le->RSSI);
3265
3266                         /* preserve max RSSI if the measurements are
3267                         * both on-channel or both off-channel
3268                         */
3269                         if (bss_info_rssi > bss_rssi)
3270                                 bss->RSSI = bss_info_le->RSSI;
3271                 } else if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) &&
3272                         (bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL) == 0) {
3273                         /* preserve the on-channel rssi measurement
3274                         * if the new measurement is off channel
3275                         */
3276                         bss->RSSI = bss_info_le->RSSI;
3277                         bss->flags |= BRCMF_BSS_RSSI_ON_CHANNEL;
3278                 }
3279                 return 1;
3280         }
3281         return 0;
3282 }
3283
3284 static s32
3285 brcmf_cfg80211_escan_handler(struct brcmf_if *ifp,
3286                              const struct brcmf_event_msg *e, void *data)
3287 {
3288         struct brcmf_pub *drvr = ifp->drvr;
3289         struct brcmf_cfg80211_info *cfg = drvr->config;
3290         s32 status;
3291         struct brcmf_escan_result_le *escan_result_le;
3292         u32 escan_buflen;
3293         struct brcmf_bss_info_le *bss_info_le;
3294         struct brcmf_bss_info_le *bss = NULL;
3295         u32 bi_length;
3296         struct brcmf_scan_results *list;
3297         u32 i;
3298         bool aborted;
3299
3300         status = e->status;
3301
3302         if (status == BRCMF_E_STATUS_ABORT)
3303                 goto exit;
3304
3305         if (!test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3306                 bphy_err(drvr, "scan not ready, bsscfgidx=%d\n",
3307                          ifp->bsscfgidx);
3308                 return -EPERM;
3309         }
3310
3311         if (status == BRCMF_E_STATUS_PARTIAL) {
3312                 brcmf_dbg(SCAN, "ESCAN Partial result\n");
3313                 if (e->datalen < sizeof(*escan_result_le)) {
3314                         bphy_err(drvr, "invalid event data length\n");
3315                         goto exit;
3316                 }
3317                 escan_result_le = (struct brcmf_escan_result_le *) data;
3318                 if (!escan_result_le) {
3319                         bphy_err(drvr, "Invalid escan result (NULL pointer)\n");
3320                         goto exit;
3321                 }
3322                 escan_buflen = le32_to_cpu(escan_result_le->buflen);
3323                 if (escan_buflen > BRCMF_ESCAN_BUF_SIZE ||
3324                     escan_buflen > e->datalen ||
3325                     escan_buflen < sizeof(*escan_result_le)) {
3326                         bphy_err(drvr, "Invalid escan buffer length: %d\n",
3327                                  escan_buflen);
3328                         goto exit;
3329                 }
3330                 if (le16_to_cpu(escan_result_le->bss_count) != 1) {
3331                         bphy_err(drvr, "Invalid bss_count %d: ignoring\n",
3332                                  escan_result_le->bss_count);
3333                         goto exit;
3334                 }
3335                 bss_info_le = &escan_result_le->bss_info_le;
3336
3337                 if (brcmf_p2p_scan_finding_common_channel(cfg, bss_info_le))
3338                         goto exit;
3339
3340                 if (!cfg->int_escan_map && !cfg->scan_request) {
3341                         brcmf_dbg(SCAN, "result without cfg80211 request\n");
3342                         goto exit;
3343                 }
3344
3345                 bi_length = le32_to_cpu(bss_info_le->length);
3346                 if (bi_length != escan_buflen - WL_ESCAN_RESULTS_FIXED_SIZE) {
3347                         bphy_err(drvr, "Ignoring invalid bss_info length: %d\n",
3348                                  bi_length);
3349                         goto exit;
3350                 }
3351
3352                 if (!(cfg_to_wiphy(cfg)->interface_modes &
3353                                         BIT(NL80211_IFTYPE_ADHOC))) {
3354                         if (le16_to_cpu(bss_info_le->capability) &
3355                                                 WLAN_CAPABILITY_IBSS) {
3356                                 bphy_err(drvr, "Ignoring IBSS result\n");
3357                                 goto exit;
3358                         }
3359                 }
3360
3361                 list = (struct brcmf_scan_results *)
3362                                 cfg->escan_info.escan_buf;
3363                 if (bi_length > BRCMF_ESCAN_BUF_SIZE - list->buflen) {
3364                         bphy_err(drvr, "Buffer is too small: ignoring\n");
3365                         goto exit;
3366                 }
3367
3368                 for (i = 0; i < list->count; i++) {
3369                         bss = bss ? (struct brcmf_bss_info_le *)
3370                                 ((unsigned char *)bss +
3371                                 le32_to_cpu(bss->length)) : list->bss_info_le;
3372                         if (brcmf_compare_update_same_bss(cfg, bss,
3373                                                           bss_info_le))
3374                                 goto exit;
3375                 }
3376                 memcpy(&cfg->escan_info.escan_buf[list->buflen], bss_info_le,
3377                        bi_length);
3378                 list->version = le32_to_cpu(bss_info_le->version);
3379                 list->buflen += bi_length;
3380                 list->count++;
3381         } else {
3382                 cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3383                 if (brcmf_p2p_scan_finding_common_channel(cfg, NULL))
3384                         goto exit;
3385                 if (cfg->int_escan_map || cfg->scan_request) {
3386                         brcmf_inform_bss(cfg);
3387                         aborted = status != BRCMF_E_STATUS_SUCCESS;
3388                         brcmf_notify_escan_complete(cfg, ifp, aborted, false);
3389                 } else
3390                         brcmf_dbg(SCAN, "Ignored scan complete result 0x%x\n",
3391                                   status);
3392         }
3393 exit:
3394         return 0;
3395 }
3396
3397 static void brcmf_init_escan(struct brcmf_cfg80211_info *cfg)
3398 {
3399         brcmf_fweh_register(cfg->pub, BRCMF_E_ESCAN_RESULT,
3400                             brcmf_cfg80211_escan_handler);
3401         cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3402         /* Init scan_timeout timer */
3403         timer_setup(&cfg->escan_timeout, brcmf_escan_timeout, 0);
3404         INIT_WORK(&cfg->escan_timeout_work,
3405                   brcmf_cfg80211_escan_timeout_worker);
3406 }
3407
3408 static struct cfg80211_scan_request *
3409 brcmf_alloc_internal_escan_request(struct wiphy *wiphy, u32 n_netinfo) {
3410         struct cfg80211_scan_request *req;
3411         size_t req_size;
3412
3413         req_size = sizeof(*req) +
3414                    n_netinfo * sizeof(req->channels[0]) +
3415                    n_netinfo * sizeof(*req->ssids);
3416
3417         req = kzalloc(req_size, GFP_KERNEL);
3418         if (req) {
3419                 req->wiphy = wiphy;
3420                 req->ssids = (void *)(&req->channels[0]) +
3421                              n_netinfo * sizeof(req->channels[0]);
3422         }
3423         return req;
3424 }
3425
3426 static int brcmf_internal_escan_add_info(struct cfg80211_scan_request *req,
3427                                          u8 *ssid, u8 ssid_len, u8 channel)
3428 {
3429         struct ieee80211_channel *chan;
3430         enum nl80211_band band;
3431         int freq, i;
3432
3433         if (channel <= CH_MAX_2G_CHANNEL)
3434                 band = NL80211_BAND_2GHZ;
3435         else
3436                 band = NL80211_BAND_5GHZ;
3437
3438         freq = ieee80211_channel_to_frequency(channel, band);
3439         if (!freq)
3440                 return -EINVAL;
3441
3442         chan = ieee80211_get_channel(req->wiphy, freq);
3443         if (!chan)
3444                 return -EINVAL;
3445
3446         for (i = 0; i < req->n_channels; i++) {
3447                 if (req->channels[i] == chan)
3448                         break;
3449         }
3450         if (i == req->n_channels)
3451                 req->channels[req->n_channels++] = chan;
3452
3453         for (i = 0; i < req->n_ssids; i++) {
3454                 if (req->ssids[i].ssid_len == ssid_len &&
3455                     !memcmp(req->ssids[i].ssid, ssid, ssid_len))
3456                         break;
3457         }
3458         if (i == req->n_ssids) {
3459                 memcpy(req->ssids[req->n_ssids].ssid, ssid, ssid_len);
3460                 req->ssids[req->n_ssids++].ssid_len = ssid_len;
3461         }
3462         return 0;
3463 }
3464
3465 static int brcmf_start_internal_escan(struct brcmf_if *ifp, u32 fwmap,
3466                                       struct cfg80211_scan_request *request)
3467 {
3468         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3469         int err;
3470
3471         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3472                 if (cfg->int_escan_map)
3473                         brcmf_dbg(SCAN, "aborting internal scan: map=%u\n",
3474                                   cfg->int_escan_map);
3475                 /* Abort any on-going scan */
3476                 brcmf_abort_scanning(cfg);
3477         }
3478
3479         brcmf_dbg(SCAN, "start internal scan: map=%u\n", fwmap);
3480         set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3481         cfg->escan_info.run = brcmf_run_escan;
3482         err = brcmf_do_escan(ifp, request);
3483         if (err) {
3484                 clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3485                 return err;
3486         }
3487         cfg->int_escan_map = fwmap;
3488         return 0;
3489 }
3490
3491 static struct brcmf_pno_net_info_le *
3492 brcmf_get_netinfo_array(struct brcmf_pno_scanresults_le *pfn_v1)
3493 {
3494         struct brcmf_pno_scanresults_v2_le *pfn_v2;
3495         struct brcmf_pno_net_info_le *netinfo;
3496
3497         switch (pfn_v1->version) {
3498         default:
3499                 WARN_ON(1);
3500                 fallthrough;
3501         case cpu_to_le32(1):
3502                 netinfo = (struct brcmf_pno_net_info_le *)(pfn_v1 + 1);
3503                 break;
3504         case cpu_to_le32(2):
3505                 pfn_v2 = (struct brcmf_pno_scanresults_v2_le *)pfn_v1;
3506                 netinfo = (struct brcmf_pno_net_info_le *)(pfn_v2 + 1);
3507                 break;
3508         }
3509
3510         return netinfo;
3511 }
3512
3513 /* PFN result doesn't have all the info which are required by the supplicant
3514  * (For e.g IEs) Do a target Escan so that sched scan results are reported
3515  * via wl_inform_single_bss in the required format. Escan does require the
3516  * scan request in the form of cfg80211_scan_request. For timebeing, create
3517  * cfg80211_scan_request one out of the received PNO event.
3518  */
3519 static s32
3520 brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
3521                                 const struct brcmf_event_msg *e, void *data)
3522 {
3523         struct brcmf_pub *drvr = ifp->drvr;
3524         struct brcmf_cfg80211_info *cfg = drvr->config;
3525         struct brcmf_pno_net_info_le *netinfo, *netinfo_start;
3526         struct cfg80211_scan_request *request = NULL;
3527         struct wiphy *wiphy = cfg_to_wiphy(cfg);
3528         int i, err = 0;
3529         struct brcmf_pno_scanresults_le *pfn_result;
3530         u32 bucket_map;
3531         u32 result_count;
3532         u32 status;
3533         u32 datalen;
3534
3535         brcmf_dbg(SCAN, "Enter\n");
3536
3537         if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3538                 brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3539                 return 0;
3540         }
3541
3542         if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3543                 brcmf_dbg(SCAN, "PFN NET LOST event. Do Nothing\n");
3544                 return 0;
3545         }
3546
3547         pfn_result = (struct brcmf_pno_scanresults_le *)data;
3548         result_count = le32_to_cpu(pfn_result->count);
3549         status = le32_to_cpu(pfn_result->status);
3550
3551         /* PFN event is limited to fit 512 bytes so we may get
3552          * multiple NET_FOUND events. For now place a warning here.
3553          */
3554         WARN_ON(status != BRCMF_PNO_SCAN_COMPLETE);
3555         brcmf_dbg(SCAN, "PFN NET FOUND event. count: %d\n", result_count);
3556         if (!result_count) {
3557                 bphy_err(drvr, "FALSE PNO Event. (pfn_count == 0)\n");
3558                 goto out_err;
3559         }
3560
3561         netinfo_start = brcmf_get_netinfo_array(pfn_result);
3562         datalen = e->datalen - ((void *)netinfo_start - (void *)pfn_result);
3563         if (datalen < result_count * sizeof(*netinfo)) {
3564                 bphy_err(drvr, "insufficient event data\n");
3565                 goto out_err;
3566         }
3567
3568         request = brcmf_alloc_internal_escan_request(wiphy,
3569                                                      result_count);
3570         if (!request) {
3571                 err = -ENOMEM;
3572                 goto out_err;
3573         }
3574
3575         bucket_map = 0;
3576         for (i = 0; i < result_count; i++) {
3577                 netinfo = &netinfo_start[i];
3578
3579                 if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3580                         netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3581                 brcmf_dbg(SCAN, "SSID:%.32s Channel:%d\n",
3582                           netinfo->SSID, netinfo->channel);
3583                 bucket_map |= brcmf_pno_get_bucket_map(cfg->pno, netinfo);
3584                 err = brcmf_internal_escan_add_info(request,
3585                                                     netinfo->SSID,
3586                                                     netinfo->SSID_len,
3587                                                     netinfo->channel);
3588                 if (err)
3589                         goto out_err;
3590         }
3591
3592         if (!bucket_map)
3593                 goto free_req;
3594
3595         err = brcmf_start_internal_escan(ifp, bucket_map, request);
3596         if (!err)
3597                 goto free_req;
3598
3599 out_err:
3600         cfg80211_sched_scan_stopped(wiphy, 0);
3601 free_req:
3602         kfree(request);
3603         return err;
3604 }
3605
3606 static int
3607 brcmf_cfg80211_sched_scan_start(struct wiphy *wiphy,
3608                                 struct net_device *ndev,
3609                                 struct cfg80211_sched_scan_request *req)
3610 {
3611         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3612         struct brcmf_if *ifp = netdev_priv(ndev);
3613         struct brcmf_pub *drvr = cfg->pub;
3614
3615         brcmf_dbg(SCAN, "Enter: n_match_sets=%d n_ssids=%d\n",
3616                   req->n_match_sets, req->n_ssids);
3617
3618         if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
3619                 bphy_err(drvr, "Scanning suppressed: status=%lu\n",
3620                          cfg->scan_status);
3621                 return -EAGAIN;
3622         }
3623
3624         if (req->n_match_sets <= 0) {
3625                 brcmf_dbg(SCAN, "invalid number of matchsets specified: %d\n",
3626                           req->n_match_sets);
3627                 return -EINVAL;
3628         }
3629
3630         return brcmf_pno_start_sched_scan(ifp, req);
3631 }
3632
3633 static int brcmf_cfg80211_sched_scan_stop(struct wiphy *wiphy,
3634                                           struct net_device *ndev, u64 reqid)
3635 {
3636         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3637         struct brcmf_if *ifp = netdev_priv(ndev);
3638
3639         brcmf_dbg(SCAN, "enter\n");
3640         brcmf_pno_stop_sched_scan(ifp, reqid);
3641         if (cfg->int_escan_map)
3642                 brcmf_notify_escan_complete(cfg, ifp, true, true);
3643         return 0;
3644 }
3645
3646 static __always_inline void brcmf_delay(u32 ms)
3647 {
3648         if (ms < 1000 / HZ) {
3649                 cond_resched();
3650                 mdelay(ms);
3651         } else {
3652                 msleep(ms);
3653         }
3654 }
3655
3656 static s32 brcmf_config_wowl_pattern(struct brcmf_if *ifp, u8 cmd[4],
3657                                      u8 *pattern, u32 patternsize, u8 *mask,
3658                                      u32 packet_offset)
3659 {
3660         struct brcmf_fil_wowl_pattern_le *filter;
3661         u32 masksize;
3662         u32 patternoffset;
3663         u8 *buf;
3664         u32 bufsize;
3665         s32 ret;
3666
3667         masksize = (patternsize + 7) / 8;
3668         patternoffset = sizeof(*filter) - sizeof(filter->cmd) + masksize;
3669
3670         bufsize = sizeof(*filter) + patternsize + masksize;
3671         buf = kzalloc(bufsize, GFP_KERNEL);
3672         if (!buf)
3673                 return -ENOMEM;
3674         filter = (struct brcmf_fil_wowl_pattern_le *)buf;
3675
3676         memcpy(filter->cmd, cmd, 4);
3677         filter->masksize = cpu_to_le32(masksize);
3678         filter->offset = cpu_to_le32(packet_offset);
3679         filter->patternoffset = cpu_to_le32(patternoffset);
3680         filter->patternsize = cpu_to_le32(patternsize);
3681         filter->type = cpu_to_le32(BRCMF_WOWL_PATTERN_TYPE_BITMAP);
3682
3683         if ((mask) && (masksize))
3684                 memcpy(buf + sizeof(*filter), mask, masksize);
3685         if ((pattern) && (patternsize))
3686                 memcpy(buf + sizeof(*filter) + masksize, pattern, patternsize);
3687
3688         ret = brcmf_fil_iovar_data_set(ifp, "wowl_pattern", buf, bufsize);
3689
3690         kfree(buf);
3691         return ret;
3692 }
3693
3694 static s32
3695 brcmf_wowl_nd_results(struct brcmf_if *ifp, const struct brcmf_event_msg *e,
3696                       void *data)
3697 {
3698         struct brcmf_pub *drvr = ifp->drvr;
3699         struct brcmf_cfg80211_info *cfg = drvr->config;
3700         struct brcmf_pno_scanresults_le *pfn_result;
3701         struct brcmf_pno_net_info_le *netinfo;
3702
3703         brcmf_dbg(SCAN, "Enter\n");
3704
3705         if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3706                 brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3707                 return 0;
3708         }
3709
3710         pfn_result = (struct brcmf_pno_scanresults_le *)data;
3711
3712         if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3713                 brcmf_dbg(SCAN, "PFN NET LOST event. Ignore\n");
3714                 return 0;
3715         }
3716
3717         if (le32_to_cpu(pfn_result->count) < 1) {
3718                 bphy_err(drvr, "Invalid result count, expected 1 (%d)\n",
3719                          le32_to_cpu(pfn_result->count));
3720                 return -EINVAL;
3721         }
3722
3723         netinfo = brcmf_get_netinfo_array(pfn_result);
3724         if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3725                 netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3726         memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len);
3727         cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len;
3728         cfg->wowl.nd->n_channels = 1;
3729         cfg->wowl.nd->channels[0] =
3730                 ieee80211_channel_to_frequency(netinfo->channel,
3731                         netinfo->channel <= CH_MAX_2G_CHANNEL ?
3732                                         NL80211_BAND_2GHZ : NL80211_BAND_5GHZ);
3733         cfg->wowl.nd_info->n_matches = 1;
3734         cfg->wowl.nd_info->matches[0] = cfg->wowl.nd;
3735
3736         /* Inform (the resume task) that the net detect information was recvd */
3737         cfg->wowl.nd_data_completed = true;
3738         wake_up(&cfg->wowl.nd_data_wait);
3739
3740         return 0;
3741 }
3742
3743 #ifdef CONFIG_PM
3744
3745 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3746 {
3747         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3748         struct brcmf_pub *drvr = cfg->pub;
3749         struct brcmf_wowl_wakeind_le wake_ind_le;
3750         struct cfg80211_wowlan_wakeup wakeup_data;
3751         struct cfg80211_wowlan_wakeup *wakeup;
3752         u32 wakeind;
3753         s32 err;
3754         int timeout;
3755
3756         err = brcmf_fil_iovar_data_get(ifp, "wowl_wakeind", &wake_ind_le,
3757                                        sizeof(wake_ind_le));
3758         if (err) {
3759                 bphy_err(drvr, "Get wowl_wakeind failed, err = %d\n", err);
3760                 return;
3761         }
3762
3763         wakeind = le32_to_cpu(wake_ind_le.ucode_wakeind);
3764         if (wakeind & (BRCMF_WOWL_MAGIC | BRCMF_WOWL_DIS | BRCMF_WOWL_BCN |
3765                        BRCMF_WOWL_RETR | BRCMF_WOWL_NET |
3766                        BRCMF_WOWL_PFN_FOUND)) {
3767                 wakeup = &wakeup_data;
3768                 memset(&wakeup_data, 0, sizeof(wakeup_data));
3769                 wakeup_data.pattern_idx = -1;
3770
3771                 if (wakeind & BRCMF_WOWL_MAGIC) {
3772                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_MAGIC\n");
3773                         wakeup_data.magic_pkt = true;
3774                 }
3775                 if (wakeind & BRCMF_WOWL_DIS) {
3776                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_DIS\n");
3777                         wakeup_data.disconnect = true;
3778                 }
3779                 if (wakeind & BRCMF_WOWL_BCN) {
3780                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_BCN\n");
3781                         wakeup_data.disconnect = true;
3782                 }
3783                 if (wakeind & BRCMF_WOWL_RETR) {
3784                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_RETR\n");
3785                         wakeup_data.disconnect = true;
3786                 }
3787                 if (wakeind & BRCMF_WOWL_NET) {
3788                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_NET\n");
3789                         /* For now always map to pattern 0, no API to get
3790                          * correct information available at the moment.
3791                          */
3792                         wakeup_data.pattern_idx = 0;
3793                 }
3794                 if (wakeind & BRCMF_WOWL_PFN_FOUND) {
3795                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_PFN_FOUND\n");
3796                         timeout = wait_event_timeout(cfg->wowl.nd_data_wait,
3797                                 cfg->wowl.nd_data_completed,
3798                                 BRCMF_ND_INFO_TIMEOUT);
3799                         if (!timeout)
3800                                 bphy_err(drvr, "No result for wowl net detect\n");
3801                         else
3802                                 wakeup_data.net_detect = cfg->wowl.nd_info;
3803                 }
3804                 if (wakeind & BRCMF_WOWL_GTK_FAILURE) {
3805                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_GTK_FAILURE\n");
3806                         wakeup_data.gtk_rekey_failure = true;
3807                 }
3808         } else {
3809                 wakeup = NULL;
3810         }
3811         cfg80211_report_wowlan_wakeup(&ifp->vif->wdev, wakeup, GFP_KERNEL);
3812 }
3813
3814 #else
3815
3816 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3817 {
3818 }
3819
3820 #endif /* CONFIG_PM */
3821
3822 static s32 brcmf_cfg80211_resume(struct wiphy *wiphy)
3823 {
3824         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3825         struct net_device *ndev = cfg_to_ndev(cfg);
3826         struct brcmf_if *ifp = netdev_priv(ndev);
3827
3828         brcmf_dbg(TRACE, "Enter\n");
3829
3830         if (cfg->wowl.active) {
3831                 brcmf_report_wowl_wakeind(wiphy, ifp);
3832                 brcmf_fil_iovar_int_set(ifp, "wowl_clear", 0);
3833                 brcmf_config_wowl_pattern(ifp, "clr", NULL, 0, NULL, 0);
3834                 if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3835                         brcmf_configure_arp_nd_offload(ifp, true);
3836                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM,
3837                                       cfg->wowl.pre_pmmode);
3838                 cfg->wowl.active = false;
3839                 if (cfg->wowl.nd_enabled) {
3840                         brcmf_cfg80211_sched_scan_stop(cfg->wiphy, ifp->ndev, 0);
3841                         brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3842                         brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3843                                             brcmf_notify_sched_scan_results);
3844                         cfg->wowl.nd_enabled = false;
3845                 }
3846         }
3847         return 0;
3848 }
3849
3850 static void brcmf_configure_wowl(struct brcmf_cfg80211_info *cfg,
3851                                  struct brcmf_if *ifp,
3852                                  struct cfg80211_wowlan *wowl)
3853 {
3854         u32 wowl_config;
3855         struct brcmf_wowl_wakeind_le wowl_wakeind;
3856         u32 i;
3857
3858         brcmf_dbg(TRACE, "Suspend, wowl config.\n");
3859
3860         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3861                 brcmf_configure_arp_nd_offload(ifp, false);
3862         brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_PM, &cfg->wowl.pre_pmmode);
3863         brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, PM_MAX);
3864
3865         wowl_config = 0;
3866         if (wowl->disconnect)
3867                 wowl_config = BRCMF_WOWL_DIS | BRCMF_WOWL_BCN | BRCMF_WOWL_RETR;
3868         if (wowl->magic_pkt)
3869                 wowl_config |= BRCMF_WOWL_MAGIC;
3870         if ((wowl->patterns) && (wowl->n_patterns)) {
3871                 wowl_config |= BRCMF_WOWL_NET;
3872                 for (i = 0; i < wowl->n_patterns; i++) {
3873                         brcmf_config_wowl_pattern(ifp, "add",
3874                                 (u8 *)wowl->patterns[i].pattern,
3875                                 wowl->patterns[i].pattern_len,
3876                                 (u8 *)wowl->patterns[i].mask,
3877                                 wowl->patterns[i].pkt_offset);
3878                 }
3879         }
3880         if (wowl->nd_config) {
3881                 brcmf_cfg80211_sched_scan_start(cfg->wiphy, ifp->ndev,
3882                                                 wowl->nd_config);
3883                 wowl_config |= BRCMF_WOWL_PFN_FOUND;
3884
3885                 cfg->wowl.nd_data_completed = false;
3886                 cfg->wowl.nd_enabled = true;
3887                 /* Now reroute the event for PFN to the wowl function. */
3888                 brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3889                 brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3890                                     brcmf_wowl_nd_results);
3891         }
3892         if (wowl->gtk_rekey_failure)
3893                 wowl_config |= BRCMF_WOWL_GTK_FAILURE;
3894         if (!test_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state))
3895                 wowl_config |= BRCMF_WOWL_UNASSOC;
3896
3897         memcpy(&wowl_wakeind, "clear", 6);
3898         brcmf_fil_iovar_data_set(ifp, "wowl_wakeind", &wowl_wakeind,
3899                                  sizeof(wowl_wakeind));
3900         brcmf_fil_iovar_int_set(ifp, "wowl", wowl_config);
3901         brcmf_fil_iovar_int_set(ifp, "wowl_activate", 1);
3902         brcmf_bus_wowl_config(cfg->pub->bus_if, true);
3903         cfg->wowl.active = true;
3904 }
3905
3906 static s32 brcmf_cfg80211_suspend(struct wiphy *wiphy,
3907                                   struct cfg80211_wowlan *wowl)
3908 {
3909         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3910         struct net_device *ndev = cfg_to_ndev(cfg);
3911         struct brcmf_if *ifp = netdev_priv(ndev);
3912         struct brcmf_cfg80211_vif *vif;
3913
3914         brcmf_dbg(TRACE, "Enter\n");
3915
3916         /* if the primary net_device is not READY there is nothing
3917          * we can do but pray resume goes smoothly.
3918          */
3919         if (!check_vif_up(ifp->vif))
3920                 goto exit;
3921
3922         /* Stop scheduled scan */
3923         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO))
3924                 brcmf_cfg80211_sched_scan_stop(wiphy, ndev, 0);
3925
3926         /* end any scanning */
3927         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
3928                 brcmf_abort_scanning(cfg);
3929
3930         if (wowl == NULL) {
3931                 brcmf_bus_wowl_config(cfg->pub->bus_if, false);
3932                 list_for_each_entry(vif, &cfg->vif_list, list) {
3933                         if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state))
3934                                 continue;
3935                         /* While going to suspend if associated with AP
3936                          * disassociate from AP to save power while system is
3937                          * in suspended state
3938                          */
3939                         brcmf_link_down(vif, WLAN_REASON_UNSPECIFIED, true);
3940                         /* Make sure WPA_Supplicant receives all the event
3941                          * generated due to DISASSOC call to the fw to keep
3942                          * the state fw and WPA_Supplicant state consistent
3943                          */
3944                         brcmf_delay(500);
3945                 }
3946                 /* Configure MPC */
3947                 brcmf_set_mpc(ifp, 1);
3948
3949         } else {
3950                 /* Configure WOWL paramaters */
3951                 brcmf_configure_wowl(cfg, ifp, wowl);
3952         }
3953
3954 exit:
3955         brcmf_dbg(TRACE, "Exit\n");
3956         /* clear any scanning activity */
3957         cfg->scan_status = 0;
3958         return 0;
3959 }
3960
3961 static __used s32
3962 brcmf_update_pmklist(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp)
3963 {
3964         struct brcmf_pmk_list_le *pmk_list;
3965         int i;
3966         u32 npmk;
3967         s32 err;
3968
3969         pmk_list = &cfg->pmk_list;
3970         npmk = le32_to_cpu(pmk_list->npmk);
3971
3972         brcmf_dbg(CONN, "No of elements %d\n", npmk);
3973         for (i = 0; i < npmk; i++)
3974                 brcmf_dbg(CONN, "PMK[%d]: %pM\n", i, &pmk_list->pmk[i].bssid);
3975
3976         err = brcmf_fil_iovar_data_set(ifp, "pmkid_info", pmk_list,
3977                                        sizeof(*pmk_list));
3978
3979         return err;
3980 }
3981
3982 static s32
3983 brcmf_cfg80211_set_pmksa(struct wiphy *wiphy, struct net_device *ndev,
3984                          struct cfg80211_pmksa *pmksa)
3985 {
3986         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3987         struct brcmf_if *ifp = netdev_priv(ndev);
3988         struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
3989         struct brcmf_pub *drvr = cfg->pub;
3990         s32 err;
3991         u32 npmk, i;
3992
3993         brcmf_dbg(TRACE, "Enter\n");
3994         if (!check_vif_up(ifp->vif))
3995                 return -EIO;
3996
3997         npmk = le32_to_cpu(cfg->pmk_list.npmk);
3998         for (i = 0; i < npmk; i++)
3999                 if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
4000                         break;
4001         if (i < BRCMF_MAXPMKID) {
4002                 memcpy(pmk[i].bssid, pmksa->bssid, ETH_ALEN);
4003                 memcpy(pmk[i].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
4004                 if (i == npmk) {
4005                         npmk++;
4006                         cfg->pmk_list.npmk = cpu_to_le32(npmk);
4007                 }
4008         } else {
4009                 bphy_err(drvr, "Too many PMKSA entries cached %d\n", npmk);
4010                 return -EINVAL;
4011         }
4012
4013         brcmf_dbg(CONN, "set_pmksa - PMK bssid: %pM =\n", pmk[npmk].bssid);
4014         brcmf_dbg(CONN, "%*ph\n", WLAN_PMKID_LEN, pmk[npmk].pmkid);
4015
4016         err = brcmf_update_pmklist(cfg, ifp);
4017
4018         brcmf_dbg(TRACE, "Exit\n");
4019         return err;
4020 }
4021
4022 static s32
4023 brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
4024                          struct cfg80211_pmksa *pmksa)
4025 {
4026         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4027         struct brcmf_if *ifp = netdev_priv(ndev);
4028         struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
4029         struct brcmf_pub *drvr = cfg->pub;
4030         s32 err;
4031         u32 npmk, i;
4032
4033         brcmf_dbg(TRACE, "Enter\n");
4034         if (!check_vif_up(ifp->vif))
4035                 return -EIO;
4036
4037         brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid);
4038
4039         npmk = le32_to_cpu(cfg->pmk_list.npmk);
4040         for (i = 0; i < npmk; i++)
4041                 if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
4042                         break;
4043
4044         if ((npmk > 0) && (i < npmk)) {
4045                 for (; i < (npmk - 1); i++) {
4046                         memcpy(&pmk[i].bssid, &pmk[i + 1].bssid, ETH_ALEN);
4047                         memcpy(&pmk[i].pmkid, &pmk[i + 1].pmkid,
4048                                WLAN_PMKID_LEN);
4049                 }
4050                 memset(&pmk[i], 0, sizeof(*pmk));
4051                 cfg->pmk_list.npmk = cpu_to_le32(npmk - 1);
4052         } else {
4053                 bphy_err(drvr, "Cache entry not found\n");
4054                 return -EINVAL;
4055         }
4056
4057         err = brcmf_update_pmklist(cfg, ifp);
4058
4059         brcmf_dbg(TRACE, "Exit\n");
4060         return err;
4061
4062 }
4063
4064 static s32
4065 brcmf_cfg80211_flush_pmksa(struct wiphy *wiphy, struct net_device *ndev)
4066 {
4067         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4068         struct brcmf_if *ifp = netdev_priv(ndev);
4069         s32 err;
4070
4071         brcmf_dbg(TRACE, "Enter\n");
4072         if (!check_vif_up(ifp->vif))
4073                 return -EIO;
4074
4075         memset(&cfg->pmk_list, 0, sizeof(cfg->pmk_list));
4076         err = brcmf_update_pmklist(cfg, ifp);
4077
4078         brcmf_dbg(TRACE, "Exit\n");
4079         return err;
4080
4081 }
4082
4083 static s32 brcmf_configure_opensecurity(struct brcmf_if *ifp)
4084 {
4085         struct brcmf_pub *drvr = ifp->drvr;
4086         s32 err;
4087         s32 wpa_val;
4088
4089         /* set auth */
4090         err = brcmf_fil_bsscfg_int_set(ifp, "auth", 0);
4091         if (err < 0) {
4092                 bphy_err(drvr, "auth error %d\n", err);
4093                 return err;
4094         }
4095         /* set wsec */
4096         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", 0);
4097         if (err < 0) {
4098                 bphy_err(drvr, "wsec error %d\n", err);
4099                 return err;
4100         }
4101         /* set upper-layer auth */
4102         if (brcmf_is_ibssmode(ifp->vif))
4103                 wpa_val = WPA_AUTH_NONE;
4104         else
4105                 wpa_val = WPA_AUTH_DISABLED;
4106         err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_val);
4107         if (err < 0) {
4108                 bphy_err(drvr, "wpa_auth error %d\n", err);
4109                 return err;
4110         }
4111
4112         return 0;
4113 }
4114
4115 static bool brcmf_valid_wpa_oui(u8 *oui, bool is_rsn_ie)
4116 {
4117         if (is_rsn_ie)
4118                 return (memcmp(oui, RSN_OUI, TLV_OUI_LEN) == 0);
4119
4120         return (memcmp(oui, WPA_OUI, TLV_OUI_LEN) == 0);
4121 }
4122
4123 static s32
4124 brcmf_configure_wpaie(struct brcmf_if *ifp,
4125                       const struct brcmf_vs_tlv *wpa_ie,
4126                       bool is_rsn_ie)
4127 {
4128         struct brcmf_pub *drvr = ifp->drvr;
4129         u32 auth = 0; /* d11 open authentication */
4130         u16 count;
4131         s32 err = 0;
4132         s32 len;
4133         u32 i;
4134         u32 wsec;
4135         u32 pval = 0;
4136         u32 gval = 0;
4137         u32 wpa_auth = 0;
4138         u32 offset;
4139         u8 *data;
4140         u16 rsn_cap;
4141         u32 wme_bss_disable;
4142         u32 mfp;
4143
4144         brcmf_dbg(TRACE, "Enter\n");
4145         if (wpa_ie == NULL)
4146                 goto exit;
4147
4148         len = wpa_ie->len + TLV_HDR_LEN;
4149         data = (u8 *)wpa_ie;
4150         offset = TLV_HDR_LEN;
4151         if (!is_rsn_ie)
4152                 offset += VS_IE_FIXED_HDR_LEN;
4153         else
4154                 offset += WPA_IE_VERSION_LEN;
4155
4156         /* check for multicast cipher suite */
4157         if (offset + WPA_IE_MIN_OUI_LEN > len) {
4158                 err = -EINVAL;
4159                 bphy_err(drvr, "no multicast cipher suite\n");
4160                 goto exit;
4161         }
4162
4163         if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4164                 err = -EINVAL;
4165                 bphy_err(drvr, "ivalid OUI\n");
4166                 goto exit;
4167         }
4168         offset += TLV_OUI_LEN;
4169
4170         /* pick up multicast cipher */
4171         switch (data[offset]) {
4172         case WPA_CIPHER_NONE:
4173                 gval = 0;
4174                 break;
4175         case WPA_CIPHER_WEP_40:
4176         case WPA_CIPHER_WEP_104:
4177                 gval = WEP_ENABLED;
4178                 break;
4179         case WPA_CIPHER_TKIP:
4180                 gval = TKIP_ENABLED;
4181                 break;
4182         case WPA_CIPHER_AES_CCM:
4183                 gval = AES_ENABLED;
4184                 break;
4185         default:
4186                 err = -EINVAL;
4187                 bphy_err(drvr, "Invalid multi cast cipher info\n");
4188                 goto exit;
4189         }
4190
4191         offset++;
4192         /* walk thru unicast cipher list and pick up what we recognize */
4193         count = data[offset] + (data[offset + 1] << 8);
4194         offset += WPA_IE_SUITE_COUNT_LEN;
4195         /* Check for unicast suite(s) */
4196         if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4197                 err = -EINVAL;
4198                 bphy_err(drvr, "no unicast cipher suite\n");
4199                 goto exit;
4200         }
4201         for (i = 0; i < count; i++) {
4202                 if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4203                         err = -EINVAL;
4204                         bphy_err(drvr, "ivalid OUI\n");
4205                         goto exit;
4206                 }
4207                 offset += TLV_OUI_LEN;
4208                 switch (data[offset]) {
4209                 case WPA_CIPHER_NONE:
4210                         break;
4211                 case WPA_CIPHER_WEP_40:
4212                 case WPA_CIPHER_WEP_104:
4213                         pval |= WEP_ENABLED;
4214                         break;
4215                 case WPA_CIPHER_TKIP:
4216                         pval |= TKIP_ENABLED;
4217                         break;
4218                 case WPA_CIPHER_AES_CCM:
4219                         pval |= AES_ENABLED;
4220                         break;
4221                 default:
4222                         bphy_err(drvr, "Invalid unicast security info\n");
4223                 }
4224                 offset++;
4225         }
4226         /* walk thru auth management suite list and pick up what we recognize */
4227         count = data[offset] + (data[offset + 1] << 8);
4228         offset += WPA_IE_SUITE_COUNT_LEN;
4229         /* Check for auth key management suite(s) */
4230         if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
4231                 err = -EINVAL;
4232                 bphy_err(drvr, "no auth key mgmt suite\n");
4233                 goto exit;
4234         }
4235         for (i = 0; i < count; i++) {
4236                 if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
4237                         err = -EINVAL;
4238                         bphy_err(drvr, "ivalid OUI\n");
4239                         goto exit;
4240                 }
4241                 offset += TLV_OUI_LEN;
4242                 switch (data[offset]) {
4243                 case RSN_AKM_NONE:
4244                         brcmf_dbg(TRACE, "RSN_AKM_NONE\n");
4245                         wpa_auth |= WPA_AUTH_NONE;
4246                         break;
4247                 case RSN_AKM_UNSPECIFIED:
4248                         brcmf_dbg(TRACE, "RSN_AKM_UNSPECIFIED\n");
4249                         is_rsn_ie ? (wpa_auth |= WPA2_AUTH_UNSPECIFIED) :
4250                                     (wpa_auth |= WPA_AUTH_UNSPECIFIED);
4251                         break;
4252                 case RSN_AKM_PSK:
4253                         brcmf_dbg(TRACE, "RSN_AKM_PSK\n");
4254                         is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
4255                                     (wpa_auth |= WPA_AUTH_PSK);
4256                         break;
4257                 case RSN_AKM_SHA256_PSK:
4258                         brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
4259                         wpa_auth |= WPA2_AUTH_PSK_SHA256;
4260                         break;
4261                 case RSN_AKM_SHA256_1X:
4262                         brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
4263                         wpa_auth |= WPA2_AUTH_1X_SHA256;
4264                         break;
4265                 case RSN_AKM_SAE:
4266                         brcmf_dbg(TRACE, "RSN_AKM_SAE\n");
4267                         wpa_auth |= WPA3_AUTH_SAE_PSK;
4268                         break;
4269                 default:
4270                         bphy_err(drvr, "Invalid key mgmt info\n");
4271                 }
4272                 offset++;
4273         }
4274
4275         mfp = BRCMF_MFP_NONE;
4276         if (is_rsn_ie) {
4277                 wme_bss_disable = 1;
4278                 if ((offset + RSN_CAP_LEN) <= len) {
4279                         rsn_cap = data[offset] + (data[offset + 1] << 8);
4280                         if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
4281                                 wme_bss_disable = 0;
4282                         if (rsn_cap & RSN_CAP_MFPR_MASK) {
4283                                 brcmf_dbg(TRACE, "MFP Required\n");
4284                                 mfp = BRCMF_MFP_REQUIRED;
4285                                 /* Firmware only supports mfp required in
4286                                  * combination with WPA2_AUTH_PSK_SHA256,
4287                                  * WPA2_AUTH_1X_SHA256, or WPA3_AUTH_SAE_PSK.
4288                                  */
4289                                 if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
4290                                                   WPA2_AUTH_1X_SHA256 |
4291                                                   WPA3_AUTH_SAE_PSK))) {
4292                                         err = -EINVAL;
4293                                         goto exit;
4294                                 }
4295                                 /* Firmware has requirement that WPA2_AUTH_PSK/
4296                                  * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
4297                                  * is to be included in the rsn ie.
4298                                  */
4299                                 if (wpa_auth & WPA2_AUTH_PSK_SHA256)
4300                                         wpa_auth |= WPA2_AUTH_PSK;
4301                                 else if (wpa_auth & WPA2_AUTH_1X_SHA256)
4302                                         wpa_auth |= WPA2_AUTH_UNSPECIFIED;
4303                         } else if (rsn_cap & RSN_CAP_MFPC_MASK) {
4304                                 brcmf_dbg(TRACE, "MFP Capable\n");
4305                                 mfp = BRCMF_MFP_CAPABLE;
4306                         }
4307                 }
4308                 offset += RSN_CAP_LEN;
4309                 /* set wme_bss_disable to sync RSN Capabilities */
4310                 err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
4311                                                wme_bss_disable);
4312                 if (err < 0) {
4313                         bphy_err(drvr, "wme_bss_disable error %d\n", err);
4314                         goto exit;
4315                 }
4316
4317                 /* Skip PMKID cnt as it is know to be 0 for AP. */
4318                 offset += RSN_PMKID_COUNT_LEN;
4319
4320                 /* See if there is BIP wpa suite left for MFP */
4321                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
4322                     ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
4323                         err = brcmf_fil_bsscfg_data_set(ifp, "bip",
4324                                                         &data[offset],
4325                                                         WPA_IE_MIN_OUI_LEN);
4326                         if (err < 0) {
4327                                 bphy_err(drvr, "bip error %d\n", err);
4328                                 goto exit;
4329                         }
4330                 }
4331         }
4332         /* FOR WPS , set SES_OW_ENABLED */
4333         wsec = (pval | gval | SES_OW_ENABLED);
4334
4335         /* set auth */
4336         err = brcmf_fil_bsscfg_int_set(ifp, "auth", auth);
4337         if (err < 0) {
4338                 bphy_err(drvr, "auth error %d\n", err);
4339                 goto exit;
4340         }
4341         /* set wsec */
4342         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
4343         if (err < 0) {
4344                 bphy_err(drvr, "wsec error %d\n", err);
4345                 goto exit;
4346         }
4347         /* Configure MFP, this needs to go after wsec otherwise the wsec command
4348          * will overwrite the values set by MFP
4349          */
4350         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
4351                 err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
4352                 if (err < 0) {
4353                         bphy_err(drvr, "mfp error %d\n", err);
4354                         goto exit;
4355                 }
4356         }
4357         /* set upper-layer auth */
4358         err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
4359         if (err < 0) {
4360                 bphy_err(drvr, "wpa_auth error %d\n", err);
4361                 goto exit;
4362         }
4363
4364 exit:
4365         return err;
4366 }
4367
4368 static s32
4369 brcmf_parse_vndr_ies(const u8 *vndr_ie_buf, u32 vndr_ie_len,
4370                      struct parsed_vndr_ies *vndr_ies)
4371 {
4372         struct brcmf_vs_tlv *vndrie;
4373         struct brcmf_tlv *ie;
4374         struct parsed_vndr_ie_info *parsed_info;
4375         s32 remaining_len;
4376
4377         remaining_len = (s32)vndr_ie_len;
4378         memset(vndr_ies, 0, sizeof(*vndr_ies));
4379
4380         ie = (struct brcmf_tlv *)vndr_ie_buf;
4381         while (ie) {
4382                 if (ie->id != WLAN_EID_VENDOR_SPECIFIC)
4383                         goto next;
4384                 vndrie = (struct brcmf_vs_tlv *)ie;
4385                 /* len should be bigger than OUI length + one */
4386                 if (vndrie->len < (VS_IE_FIXED_HDR_LEN - TLV_HDR_LEN + 1)) {
4387                         brcmf_err("invalid vndr ie. length is too small %d\n",
4388                                   vndrie->len);
4389                         goto next;
4390                 }
4391                 /* if wpa or wme ie, do not add ie */
4392                 if (!memcmp(vndrie->oui, (u8 *)WPA_OUI, TLV_OUI_LEN) &&
4393                     ((vndrie->oui_type == WPA_OUI_TYPE) ||
4394                     (vndrie->oui_type == WME_OUI_TYPE))) {
4395                         brcmf_dbg(TRACE, "Found WPA/WME oui. Do not add it\n");
4396                         goto next;
4397                 }
4398
4399                 parsed_info = &vndr_ies->ie_info[vndr_ies->count];
4400
4401                 /* save vndr ie information */
4402                 parsed_info->ie_ptr = (char *)vndrie;
4403                 parsed_info->ie_len = vndrie->len + TLV_HDR_LEN;
4404                 memcpy(&parsed_info->vndrie, vndrie, sizeof(*vndrie));
4405
4406                 vndr_ies->count++;
4407
4408                 brcmf_dbg(TRACE, "** OUI %3ph, type 0x%02x\n",
4409                           parsed_info->vndrie.oui,
4410                           parsed_info->vndrie.oui_type);
4411
4412                 if (vndr_ies->count >= VNDR_IE_PARSE_LIMIT)
4413                         break;
4414 next:
4415                 remaining_len -= (ie->len + TLV_HDR_LEN);
4416                 if (remaining_len <= TLV_HDR_LEN)
4417                         ie = NULL;
4418                 else
4419                         ie = (struct brcmf_tlv *)(((u8 *)ie) + ie->len +
4420                                 TLV_HDR_LEN);
4421         }
4422         return 0;
4423 }
4424
4425 static u32
4426 brcmf_vndr_ie(u8 *iebuf, s32 pktflag, u8 *ie_ptr, u32 ie_len, s8 *add_del_cmd)
4427 {
4428         strscpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN);
4429
4430         put_unaligned_le32(1, &iebuf[VNDR_IE_COUNT_OFFSET]);
4431
4432         put_unaligned_le32(pktflag, &iebuf[VNDR_IE_PKTFLAG_OFFSET]);
4433
4434         memcpy(&iebuf[VNDR_IE_VSIE_OFFSET], ie_ptr, ie_len);
4435
4436         return ie_len + VNDR_IE_HDR_SIZE;
4437 }
4438
4439 s32 brcmf_vif_set_mgmt_ie(struct brcmf_cfg80211_vif *vif, s32 pktflag,
4440                           const u8 *vndr_ie_buf, u32 vndr_ie_len)
4441 {
4442         struct brcmf_pub *drvr;
4443         struct brcmf_if *ifp;
4444         struct vif_saved_ie *saved_ie;
4445         s32 err = 0;
4446         u8  *iovar_ie_buf;
4447         u8  *curr_ie_buf;
4448         u8  *mgmt_ie_buf = NULL;
4449         int mgmt_ie_buf_len;
4450         u32 *mgmt_ie_len;
4451         u32 del_add_ie_buf_len = 0;
4452         u32 total_ie_buf_len = 0;
4453         u32 parsed_ie_buf_len = 0;
4454         struct parsed_vndr_ies old_vndr_ies;
4455         struct parsed_vndr_ies new_vndr_ies;
4456         struct parsed_vndr_ie_info *vndrie_info;
4457         s32 i;
4458         u8 *ptr;
4459         int remained_buf_len;
4460
4461         if (!vif)
4462                 return -ENODEV;
4463         ifp = vif->ifp;
4464         drvr = ifp->drvr;
4465         saved_ie = &vif->saved_ie;
4466
4467         brcmf_dbg(TRACE, "bsscfgidx %d, pktflag : 0x%02X\n", ifp->bsscfgidx,
4468                   pktflag);
4469         iovar_ie_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
4470         if (!iovar_ie_buf)
4471                 return -ENOMEM;
4472         curr_ie_buf = iovar_ie_buf;
4473         switch (pktflag) {
4474         case BRCMF_VNDR_IE_PRBREQ_FLAG:
4475                 mgmt_ie_buf = saved_ie->probe_req_ie;
4476                 mgmt_ie_len = &saved_ie->probe_req_ie_len;
4477                 mgmt_ie_buf_len = sizeof(saved_ie->probe_req_ie);
4478                 break;
4479         case BRCMF_VNDR_IE_PRBRSP_FLAG:
4480                 mgmt_ie_buf = saved_ie->probe_res_ie;
4481                 mgmt_ie_len = &saved_ie->probe_res_ie_len;
4482                 mgmt_ie_buf_len = sizeof(saved_ie->probe_res_ie);
4483                 break;
4484         case BRCMF_VNDR_IE_BEACON_FLAG:
4485                 mgmt_ie_buf = saved_ie->beacon_ie;
4486                 mgmt_ie_len = &saved_ie->beacon_ie_len;
4487                 mgmt_ie_buf_len = sizeof(saved_ie->beacon_ie);
4488                 break;
4489         case BRCMF_VNDR_IE_ASSOCREQ_FLAG:
4490                 mgmt_ie_buf = saved_ie->assoc_req_ie;
4491                 mgmt_ie_len = &saved_ie->assoc_req_ie_len;
4492                 mgmt_ie_buf_len = sizeof(saved_ie->assoc_req_ie);
4493                 break;
4494         case BRCMF_VNDR_IE_ASSOCRSP_FLAG:
4495                 mgmt_ie_buf = saved_ie->assoc_res_ie;
4496                 mgmt_ie_len = &saved_ie->assoc_res_ie_len;
4497                 mgmt_ie_buf_len = sizeof(saved_ie->assoc_res_ie);
4498                 break;
4499         default:
4500                 err = -EPERM;
4501                 bphy_err(drvr, "not suitable type\n");
4502                 goto exit;
4503         }
4504
4505         if (vndr_ie_len > mgmt_ie_buf_len) {
4506                 err = -ENOMEM;
4507                 bphy_err(drvr, "extra IE size too big\n");
4508                 goto exit;
4509         }
4510
4511         /* parse and save new vndr_ie in curr_ie_buff before comparing it */
4512         if (vndr_ie_buf && vndr_ie_len && curr_ie_buf) {
4513                 ptr = curr_ie_buf;
4514                 brcmf_parse_vndr_ies(vndr_ie_buf, vndr_ie_len, &new_vndr_ies);
4515                 for (i = 0; i < new_vndr_ies.count; i++) {
4516                         vndrie_info = &new_vndr_ies.ie_info[i];
4517                         memcpy(ptr + parsed_ie_buf_len, vndrie_info->ie_ptr,
4518                                vndrie_info->ie_len);
4519                         parsed_ie_buf_len += vndrie_info->ie_len;
4520                 }
4521         }
4522
4523         if (mgmt_ie_buf && *mgmt_ie_len) {
4524                 if (parsed_ie_buf_len && (parsed_ie_buf_len == *mgmt_ie_len) &&
4525                     (memcmp(mgmt_ie_buf, curr_ie_buf,
4526                             parsed_ie_buf_len) == 0)) {
4527                         brcmf_dbg(TRACE, "Previous mgmt IE equals to current IE\n");
4528                         goto exit;
4529                 }
4530
4531                 /* parse old vndr_ie */
4532                 brcmf_parse_vndr_ies(mgmt_ie_buf, *mgmt_ie_len, &old_vndr_ies);
4533
4534                 /* make a command to delete old ie */
4535                 for (i = 0; i < old_vndr_ies.count; i++) {
4536                         vndrie_info = &old_vndr_ies.ie_info[i];
4537
4538                         brcmf_dbg(TRACE, "DEL ID : %d, Len: %d , OUI:%3ph\n",
4539                                   vndrie_info->vndrie.id,
4540                                   vndrie_info->vndrie.len,
4541                                   vndrie_info->vndrie.oui);
4542
4543                         del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4544                                                            vndrie_info->ie_ptr,
4545                                                            vndrie_info->ie_len,
4546                                                            "del");
4547                         curr_ie_buf += del_add_ie_buf_len;
4548                         total_ie_buf_len += del_add_ie_buf_len;
4549                 }
4550         }
4551
4552         *mgmt_ie_len = 0;
4553         /* Add if there is any extra IE */
4554         if (mgmt_ie_buf && parsed_ie_buf_len) {
4555                 ptr = mgmt_ie_buf;
4556
4557                 remained_buf_len = mgmt_ie_buf_len;
4558
4559                 /* make a command to add new ie */
4560                 for (i = 0; i < new_vndr_ies.count; i++) {
4561                         vndrie_info = &new_vndr_ies.ie_info[i];
4562
4563                         /* verify remained buf size before copy data */
4564                         if (remained_buf_len < (vndrie_info->vndrie.len +
4565                                                         VNDR_IE_VSIE_OFFSET)) {
4566                                 bphy_err(drvr, "no space in mgmt_ie_buf: len left %d",
4567                                          remained_buf_len);
4568                                 break;
4569                         }
4570                         remained_buf_len -= (vndrie_info->ie_len +
4571                                              VNDR_IE_VSIE_OFFSET);
4572
4573                         brcmf_dbg(TRACE, "ADDED ID : %d, Len: %d, OUI:%3ph\n",
4574                                   vndrie_info->vndrie.id,
4575                                   vndrie_info->vndrie.len,
4576                                   vndrie_info->vndrie.oui);
4577
4578                         del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4579                                                            vndrie_info->ie_ptr,
4580                                                            vndrie_info->ie_len,
4581                                                            "add");
4582
4583                         /* save the parsed IE in wl struct */
4584                         memcpy(ptr + (*mgmt_ie_len), vndrie_info->ie_ptr,
4585                                vndrie_info->ie_len);
4586                         *mgmt_ie_len += vndrie_info->ie_len;
4587
4588                         curr_ie_buf += del_add_ie_buf_len;
4589                         total_ie_buf_len += del_add_ie_buf_len;
4590                 }
4591         }
4592         if (total_ie_buf_len) {
4593                 err  = brcmf_fil_bsscfg_data_set(ifp, "vndr_ie", iovar_ie_buf,
4594                                                  total_ie_buf_len);
4595                 if (err)
4596                         bphy_err(drvr, "vndr ie set error : %d\n", err);
4597         }
4598
4599 exit:
4600         kfree(iovar_ie_buf);
4601         return err;
4602 }
4603
4604 s32 brcmf_vif_clear_mgmt_ies(struct brcmf_cfg80211_vif *vif)
4605 {
4606         s32 pktflags[] = {
4607                 BRCMF_VNDR_IE_PRBREQ_FLAG,
4608                 BRCMF_VNDR_IE_PRBRSP_FLAG,
4609                 BRCMF_VNDR_IE_BEACON_FLAG
4610         };
4611         int i;
4612
4613         for (i = 0; i < ARRAY_SIZE(pktflags); i++)
4614                 brcmf_vif_set_mgmt_ie(vif, pktflags[i], NULL, 0);
4615
4616         memset(&vif->saved_ie, 0, sizeof(vif->saved_ie));
4617         return 0;
4618 }
4619
4620 static s32
4621 brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif *vif,
4622                         struct cfg80211_beacon_data *beacon)
4623 {
4624         struct brcmf_pub *drvr = vif->ifp->drvr;
4625         s32 err;
4626
4627         /* Set Beacon IEs to FW */
4628         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_BEACON_FLAG,
4629                                     beacon->tail, beacon->tail_len);
4630         if (err) {
4631                 bphy_err(drvr, "Set Beacon IE Failed\n");
4632                 return err;
4633         }
4634         brcmf_dbg(TRACE, "Applied Vndr IEs for Beacon\n");
4635
4636         /* Set Probe Response IEs to FW */
4637         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBRSP_FLAG,
4638                                     beacon->proberesp_ies,
4639                                     beacon->proberesp_ies_len);
4640         if (err)
4641                 bphy_err(drvr, "Set Probe Resp IE Failed\n");
4642         else
4643                 brcmf_dbg(TRACE, "Applied Vndr IEs for Probe Resp\n");
4644
4645         /* Set Assoc Response IEs to FW */
4646         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_ASSOCRSP_FLAG,
4647                                     beacon->assocresp_ies,
4648                                     beacon->assocresp_ies_len);
4649         if (err)
4650                 brcmf_err("Set Assoc Resp IE Failed\n");
4651         else
4652                 brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc Resp\n");
4653
4654         return err;
4655 }
4656
4657 static s32
4658 brcmf_parse_configure_security(struct brcmf_if *ifp,
4659                                struct cfg80211_ap_settings *settings,
4660                                enum nl80211_iftype dev_role)
4661 {
4662         const struct brcmf_tlv *rsn_ie;
4663         const struct brcmf_vs_tlv *wpa_ie;
4664         s32 err = 0;
4665
4666         /* find the RSN_IE */
4667         rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4668                                   settings->beacon.tail_len, WLAN_EID_RSN);
4669
4670         /* find the WPA_IE */
4671         wpa_ie = brcmf_find_wpaie((u8 *)settings->beacon.tail,
4672                                   settings->beacon.tail_len);
4673
4674         if (wpa_ie || rsn_ie) {
4675                 brcmf_dbg(TRACE, "WPA(2) IE is found\n");
4676                 if (wpa_ie) {
4677                         /* WPA IE */
4678                         err = brcmf_configure_wpaie(ifp, wpa_ie, false);
4679                         if (err < 0)
4680                                 return err;
4681                 } else {
4682                         struct brcmf_vs_tlv *tmp_ie;
4683
4684                         tmp_ie = (struct brcmf_vs_tlv *)rsn_ie;
4685
4686                         /* RSN IE */
4687                         err = brcmf_configure_wpaie(ifp, tmp_ie, true);
4688                         if (err < 0)
4689                                 return err;
4690                 }
4691         } else {
4692                 brcmf_dbg(TRACE, "No WPA(2) IEs found\n");
4693                 brcmf_configure_opensecurity(ifp);
4694         }
4695
4696         return err;
4697 }
4698
4699 static s32
4700 brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
4701                         struct cfg80211_ap_settings *settings)
4702 {
4703         s32 ie_offset;
4704         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4705         struct brcmf_if *ifp = netdev_priv(ndev);
4706         struct brcmf_pub *drvr = cfg->pub;
4707         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4708         struct cfg80211_crypto_settings *crypto = &settings->crypto;
4709         const struct brcmf_tlv *ssid_ie;
4710         const struct brcmf_tlv *country_ie;
4711         struct brcmf_ssid_le ssid_le;
4712         s32 err = -EPERM;
4713         struct brcmf_join_params join_params;
4714         enum nl80211_iftype dev_role;
4715         struct brcmf_fil_bss_enable_le bss_enable;
4716         u16 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef);
4717         bool mbss;
4718         int is_11d;
4719         bool supports_11d;
4720
4721         brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n",
4722                   settings->chandef.chan->hw_value,
4723                   settings->chandef.center_freq1, settings->chandef.width,
4724                   settings->beacon_interval, settings->dtim_period);
4725         brcmf_dbg(TRACE, "ssid=%s(%zu), auth_type=%d, inactivity_timeout=%d\n",
4726                   settings->ssid, settings->ssid_len, settings->auth_type,
4727                   settings->inactivity_timeout);
4728         dev_role = ifp->vif->wdev.iftype;
4729         mbss = ifp->vif->mbss;
4730
4731         /* store current 11d setting */
4732         if (brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_REGULATORY,
4733                                   &ifp->vif->is_11d)) {
4734                 is_11d = supports_11d = false;
4735         } else {
4736                 country_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4737                                               settings->beacon.tail_len,
4738                                               WLAN_EID_COUNTRY);
4739                 is_11d = country_ie ? 1 : 0;
4740                 supports_11d = true;
4741         }
4742
4743         memset(&ssid_le, 0, sizeof(ssid_le));
4744         if (settings->ssid == NULL || settings->ssid_len == 0) {
4745                 ie_offset = DOT11_MGMT_HDR_LEN + DOT11_BCN_PRB_FIXED_LEN;
4746                 ssid_ie = brcmf_parse_tlvs(
4747                                 (u8 *)&settings->beacon.head[ie_offset],
4748                                 settings->beacon.head_len - ie_offset,
4749                                 WLAN_EID_SSID);
4750                 if (!ssid_ie || ssid_ie->len > IEEE80211_MAX_SSID_LEN)
4751                         return -EINVAL;
4752
4753                 memcpy(ssid_le.SSID, ssid_ie->data, ssid_ie->len);
4754                 ssid_le.SSID_len = cpu_to_le32(ssid_ie->len);
4755                 brcmf_dbg(TRACE, "SSID is (%s) in Head\n", ssid_le.SSID);
4756         } else {
4757                 memcpy(ssid_le.SSID, settings->ssid, settings->ssid_len);
4758                 ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len);
4759         }
4760
4761         if (!mbss) {
4762                 brcmf_set_mpc(ifp, 0);
4763                 brcmf_configure_arp_nd_offload(ifp, false);
4764         }
4765
4766         /* Parameters shared by all radio interfaces */
4767         if (!mbss) {
4768                 if ((supports_11d) && (is_11d != ifp->vif->is_11d)) {
4769                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4770                                                     is_11d);
4771                         if (err < 0) {
4772                                 bphy_err(drvr, "Regulatory Set Error, %d\n",
4773                                          err);
4774                                 goto exit;
4775                         }
4776                 }
4777                 if (settings->beacon_interval) {
4778                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
4779                                                     settings->beacon_interval);
4780                         if (err < 0) {
4781                                 bphy_err(drvr, "Beacon Interval Set Error, %d\n",
4782                                          err);
4783                                 goto exit;
4784                         }
4785                 }
4786                 if (settings->dtim_period) {
4787                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
4788                                                     settings->dtim_period);
4789                         if (err < 0) {
4790                                 bphy_err(drvr, "DTIM Interval Set Error, %d\n",
4791                                          err);
4792                                 goto exit;
4793                         }
4794                 }
4795
4796                 if ((dev_role == NL80211_IFTYPE_AP) &&
4797                     ((ifp->ifidx == 0) ||
4798                      (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB) &&
4799                       !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN)))) {
4800                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4801                         if (err < 0) {
4802                                 bphy_err(drvr, "BRCMF_C_DOWN error %d\n",
4803                                          err);
4804                                 goto exit;
4805                         }
4806                         brcmf_fil_iovar_int_set(ifp, "apsta", 0);
4807                 }
4808
4809                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
4810                 if (err < 0) {
4811                         bphy_err(drvr, "SET INFRA error %d\n", err);
4812                         goto exit;
4813                 }
4814         } else if (WARN_ON(supports_11d && (is_11d != ifp->vif->is_11d))) {
4815                 /* Multiple-BSS should use same 11d configuration */
4816                 err = -EINVAL;
4817                 goto exit;
4818         }
4819
4820         /* Interface specific setup */
4821         if (dev_role == NL80211_IFTYPE_AP) {
4822                 if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss))
4823                         brcmf_fil_iovar_int_set(ifp, "mbss", 1);
4824
4825                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
4826                 if (err < 0) {
4827                         bphy_err(drvr, "setting AP mode failed %d\n",
4828                                  err);
4829                         goto exit;
4830                 }
4831                 if (!mbss) {
4832                         /* Firmware 10.x requires setting channel after enabling
4833                          * AP and before bringing interface up.
4834                          */
4835                         err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4836                         if (err < 0) {
4837                                 bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4838                                          chanspec, err);
4839                                 goto exit;
4840                         }
4841                 }
4842                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4843                 if (err < 0) {
4844                         bphy_err(drvr, "BRCMF_C_UP error (%d)\n", err);
4845                         goto exit;
4846                 }
4847
4848                 if (crypto->psk) {
4849                         brcmf_dbg(INFO, "using PSK offload\n");
4850                         profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_PSK);
4851                         err = brcmf_set_pmk(ifp, crypto->psk,
4852                                             BRCMF_WSEC_MAX_PSK_LEN);
4853                         if (err < 0)
4854                                 goto exit;
4855                 }
4856                 if (crypto->sae_pwd) {
4857                         brcmf_dbg(INFO, "using SAE offload\n");
4858                         profile->use_fwauth |= BIT(BRCMF_PROFILE_FWAUTH_SAE);
4859                         err = brcmf_set_sae_password(ifp, crypto->sae_pwd,
4860                                                      crypto->sae_pwd_len);
4861                         if (err < 0)
4862                                 goto exit;
4863                 }
4864                 if (profile->use_fwauth == 0)
4865                         profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4866
4867                 err = brcmf_parse_configure_security(ifp, settings,
4868                                                      NL80211_IFTYPE_AP);
4869                 if (err < 0) {
4870                         bphy_err(drvr, "brcmf_parse_configure_security error\n");
4871                         goto exit;
4872                 }
4873
4874                 /* On DOWN the firmware removes the WEP keys, reconfigure
4875                  * them if they were set.
4876                  */
4877                 brcmf_cfg80211_reconfigure_wep(ifp);
4878
4879                 memset(&join_params, 0, sizeof(join_params));
4880                 /* join parameters starts with ssid */
4881                 memcpy(&join_params.ssid_le, &ssid_le, sizeof(ssid_le));
4882                 /* create softap */
4883                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4884                                              &join_params, sizeof(join_params));
4885                 if (err < 0) {
4886                         bphy_err(drvr, "SET SSID error (%d)\n", err);
4887                         goto exit;
4888                 }
4889
4890                 err = brcmf_fil_iovar_int_set(ifp, "closednet",
4891                                               settings->hidden_ssid);
4892                 if (err) {
4893                         bphy_err(drvr, "%s closednet error (%d)\n",
4894                                  settings->hidden_ssid ?
4895                                  "enabled" : "disabled",
4896                                  err);
4897                         goto exit;
4898                 }
4899
4900                 brcmf_dbg(TRACE, "AP mode configuration complete\n");
4901         } else if (dev_role == NL80211_IFTYPE_P2P_GO) {
4902                 err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4903                 if (err < 0) {
4904                         bphy_err(drvr, "Set Channel failed: chspec=%d, %d\n",
4905                                  chanspec, err);
4906                         goto exit;
4907                 }
4908
4909                 err = brcmf_parse_configure_security(ifp, settings,
4910                                                      NL80211_IFTYPE_P2P_GO);
4911                 if (err < 0) {
4912                         brcmf_err("brcmf_parse_configure_security error\n");
4913                         goto exit;
4914                 }
4915
4916                 err = brcmf_fil_bsscfg_data_set(ifp, "ssid", &ssid_le,
4917                                                 sizeof(ssid_le));
4918                 if (err < 0) {
4919                         bphy_err(drvr, "setting ssid failed %d\n", err);
4920                         goto exit;
4921                 }
4922                 bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
4923                 bss_enable.enable = cpu_to_le32(1);
4924                 err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
4925                                                sizeof(bss_enable));
4926                 if (err < 0) {
4927                         bphy_err(drvr, "bss_enable config failed %d\n", err);
4928                         goto exit;
4929                 }
4930
4931                 brcmf_dbg(TRACE, "GO mode configuration complete\n");
4932         } else {
4933                 WARN_ON(1);
4934         }
4935
4936         brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon);
4937         set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
4938         brcmf_net_setcarrier(ifp, true);
4939
4940 exit:
4941         if ((err) && (!mbss)) {
4942                 brcmf_set_mpc(ifp, 1);
4943                 brcmf_configure_arp_nd_offload(ifp, true);
4944         }
4945         return err;
4946 }
4947
4948 static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev)
4949 {
4950         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4951         struct brcmf_if *ifp = netdev_priv(ndev);
4952         struct brcmf_pub *drvr = cfg->pub;
4953         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
4954         s32 err;
4955         struct brcmf_fil_bss_enable_le bss_enable;
4956         struct brcmf_join_params join_params;
4957
4958         brcmf_dbg(TRACE, "Enter\n");
4959
4960         if (ifp->vif->wdev.iftype == NL80211_IFTYPE_AP) {
4961                 /* Due to most likely deauths outstanding we sleep */
4962                 /* first to make sure they get processed by fw. */
4963                 msleep(400);
4964
4965                 if (profile->use_fwauth != BIT(BRCMF_PROFILE_FWAUTH_NONE)) {
4966                         if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_PSK))
4967                                 brcmf_set_pmk(ifp, NULL, 0);
4968                         if (profile->use_fwauth & BIT(BRCMF_PROFILE_FWAUTH_SAE))
4969                                 brcmf_set_sae_password(ifp, NULL, 0);
4970                         profile->use_fwauth = BIT(BRCMF_PROFILE_FWAUTH_NONE);
4971                 }
4972
4973                 if (ifp->vif->mbss) {
4974                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4975                         return err;
4976                 }
4977
4978                 /* First BSS doesn't get a full reset */
4979                 if (ifp->bsscfgidx == 0)
4980                         brcmf_fil_iovar_int_set(ifp, "closednet", 0);
4981
4982                 memset(&join_params, 0, sizeof(join_params));
4983                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4984                                              &join_params, sizeof(join_params));
4985                 if (err < 0)
4986                         bphy_err(drvr, "SET SSID error (%d)\n", err);
4987                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4988                 if (err < 0)
4989                         bphy_err(drvr, "BRCMF_C_DOWN error %d\n", err);
4990                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0);
4991                 if (err < 0)
4992                         bphy_err(drvr, "setting AP mode failed %d\n", err);
4993                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
4994                         brcmf_fil_iovar_int_set(ifp, "mbss", 0);
4995                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4996                                       ifp->vif->is_11d);
4997                 /* Bring device back up so it can be used again */
4998                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4999                 if (err < 0)
5000                         bphy_err(drvr, "BRCMF_C_UP error %d\n", err);
5001
5002                 brcmf_vif_clear_mgmt_ies(ifp->vif);
5003         } else {
5004                 bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
5005                 bss_enable.enable = cpu_to_le32(0);
5006                 err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
5007                                                sizeof(bss_enable));
5008                 if (err < 0)
5009                         bphy_err(drvr, "bss_enable config failed %d\n", err);
5010         }
5011         brcmf_set_mpc(ifp, 1);
5012         brcmf_configure_arp_nd_offload(ifp, true);
5013         clear_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
5014         brcmf_net_setcarrier(ifp, false);
5015
5016         return err;
5017 }
5018
5019 static s32
5020 brcmf_cfg80211_change_beacon(struct wiphy *wiphy, struct net_device *ndev,
5021                              struct cfg80211_beacon_data *info)
5022 {
5023         struct brcmf_if *ifp = netdev_priv(ndev);
5024         s32 err;
5025
5026         brcmf_dbg(TRACE, "Enter\n");
5027
5028         err = brcmf_config_ap_mgmt_ie(ifp->vif, info);
5029
5030         return err;
5031 }
5032
5033 static int
5034 brcmf_cfg80211_del_station(struct wiphy *wiphy, struct net_device *ndev,
5035                            struct station_del_parameters *params)
5036 {
5037         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5038         struct brcmf_pub *drvr = cfg->pub;
5039         struct brcmf_scb_val_le scbval;
5040         struct brcmf_if *ifp = netdev_priv(ndev);
5041         s32 err;
5042
5043         if (!params->mac)
5044                 return -EFAULT;
5045
5046         brcmf_dbg(TRACE, "Enter %pM\n", params->mac);
5047
5048         if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
5049                 ifp = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif->ifp;
5050         if (!check_vif_up(ifp->vif))
5051                 return -EIO;
5052
5053         memcpy(&scbval.ea, params->mac, ETH_ALEN);
5054         scbval.val = cpu_to_le32(params->reason_code);
5055         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCB_DEAUTHENTICATE_FOR_REASON,
5056                                      &scbval, sizeof(scbval));
5057         if (err)
5058                 bphy_err(drvr, "SCB_DEAUTHENTICATE_FOR_REASON failed %d\n",
5059                          err);
5060
5061         brcmf_dbg(TRACE, "Exit\n");
5062         return err;
5063 }
5064
5065 static int
5066 brcmf_cfg80211_change_station(struct wiphy *wiphy, struct net_device *ndev,
5067                               const u8 *mac, struct station_parameters *params)
5068 {
5069         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5070         struct brcmf_pub *drvr = cfg->pub;
5071         struct brcmf_if *ifp = netdev_priv(ndev);
5072         s32 err;
5073
5074         brcmf_dbg(TRACE, "Enter, MAC %pM, mask 0x%04x set 0x%04x\n", mac,
5075                   params->sta_flags_mask, params->sta_flags_set);
5076
5077         /* Ignore all 00 MAC */
5078         if (is_zero_ether_addr(mac))
5079                 return 0;
5080
5081         if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
5082                 return 0;
5083
5084         if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED))
5085                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_AUTHORIZE,
5086                                              (void *)mac, ETH_ALEN);
5087         else
5088                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_DEAUTHORIZE,
5089                                              (void *)mac, ETH_ALEN);
5090         if (err < 0)
5091                 bphy_err(drvr, "Setting SCB (de-)authorize failed, %d\n", err);
5092
5093         return err;
5094 }
5095
5096 static void
5097 brcmf_cfg80211_update_mgmt_frame_registrations(struct wiphy *wiphy,
5098                                                struct wireless_dev *wdev,
5099                                                struct mgmt_frame_regs *upd)
5100 {
5101         struct brcmf_cfg80211_vif *vif;
5102
5103         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5104
5105         vif->mgmt_rx_reg = upd->interface_stypes;
5106 }
5107
5108
5109 static int
5110 brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
5111                        struct cfg80211_mgmt_tx_params *params, u64 *cookie)
5112 {
5113         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5114         struct ieee80211_channel *chan = params->chan;
5115         struct brcmf_pub *drvr = cfg->pub;
5116         const u8 *buf = params->buf;
5117         size_t len = params->len;
5118         const struct ieee80211_mgmt *mgmt;
5119         struct brcmf_cfg80211_vif *vif;
5120         s32 err = 0;
5121         s32 ie_offset;
5122         s32 ie_len;
5123         struct brcmf_fil_action_frame_le *action_frame;
5124         struct brcmf_fil_af_params_le *af_params;
5125         bool ack;
5126         s32 chan_nr;
5127         u32 freq;
5128
5129         brcmf_dbg(TRACE, "Enter\n");
5130
5131         *cookie = 0;
5132
5133         mgmt = (const struct ieee80211_mgmt *)buf;
5134
5135         if (!ieee80211_is_mgmt(mgmt->frame_control)) {
5136                 bphy_err(drvr, "Driver only allows MGMT packet type\n");
5137                 return -EPERM;
5138         }
5139
5140         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5141
5142         if (ieee80211_is_probe_resp(mgmt->frame_control)) {
5143                 /* Right now the only reason to get a probe response */
5144                 /* is for p2p listen response or for p2p GO from     */
5145                 /* wpa_supplicant. Unfortunately the probe is send   */
5146                 /* on primary ndev, while dongle wants it on the p2p */
5147                 /* vif. Since this is only reason for a probe        */
5148                 /* response to be sent, the vif is taken from cfg.   */
5149                 /* If ever desired to send proberesp for non p2p     */
5150                 /* response then data should be checked for          */
5151                 /* "DIRECT-". Note in future supplicant will take    */
5152                 /* dedicated p2p wdev to do this and then this 'hack'*/
5153                 /* is not needed anymore.                            */
5154                 ie_offset =  DOT11_MGMT_HDR_LEN +
5155                              DOT11_BCN_PRB_FIXED_LEN;
5156                 ie_len = len - ie_offset;
5157                 if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif)
5158                         vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5159                 err = brcmf_vif_set_mgmt_ie(vif,
5160                                             BRCMF_VNDR_IE_PRBRSP_FLAG,
5161                                             &buf[ie_offset],
5162                                             ie_len);
5163                 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true,
5164                                         GFP_KERNEL);
5165         } else if (ieee80211_is_action(mgmt->frame_control)) {
5166                 if (len > BRCMF_FIL_ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN) {
5167                         bphy_err(drvr, "invalid action frame length\n");
5168                         err = -EINVAL;
5169                         goto exit;
5170                 }
5171                 af_params = kzalloc(sizeof(*af_params), GFP_KERNEL);
5172                 if (af_params == NULL) {
5173                         bphy_err(drvr, "unable to allocate frame\n");
5174                         err = -ENOMEM;
5175                         goto exit;
5176                 }
5177                 action_frame = &af_params->action_frame;
5178                 /* Add the packet Id */
5179                 action_frame->packet_id = cpu_to_le32(*cookie);
5180                 /* Add BSSID */
5181                 memcpy(&action_frame->da[0], &mgmt->da[0], ETH_ALEN);
5182                 memcpy(&af_params->bssid[0], &mgmt->bssid[0], ETH_ALEN);
5183                 /* Add the length exepted for 802.11 header  */
5184                 action_frame->len = cpu_to_le16(len - DOT11_MGMT_HDR_LEN);
5185                 /* Add the channel. Use the one specified as parameter if any or
5186                  * the current one (got from the firmware) otherwise
5187                  */
5188                 if (chan)
5189                         freq = chan->center_freq;
5190                 else
5191                         brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
5192                                               &freq);
5193                 chan_nr = ieee80211_frequency_to_channel(freq);
5194                 af_params->channel = cpu_to_le32(chan_nr);
5195                 af_params->dwell_time = cpu_to_le32(params->wait);
5196                 memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN],
5197                        le16_to_cpu(action_frame->len));
5198
5199                 brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, freq=%d\n",
5200                           *cookie, le16_to_cpu(action_frame->len), freq);
5201
5202                 ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg),
5203                                                   af_params);
5204
5205                 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
5206                                         GFP_KERNEL);
5207                 kfree(af_params);
5208         } else {
5209                 brcmf_dbg(TRACE, "Unhandled, fc=%04x!!\n", mgmt->frame_control);
5210                 brcmf_dbg_hex_dump(true, buf, len, "payload, len=%zu\n", len);
5211         }
5212
5213 exit:
5214         return err;
5215 }
5216
5217 static int brcmf_cfg80211_set_cqm_rssi_range_config(struct wiphy *wiphy,
5218                                                     struct net_device *ndev,
5219                                                     s32 rssi_low, s32 rssi_high)
5220 {
5221         struct brcmf_cfg80211_vif *vif;
5222         struct brcmf_if *ifp;
5223         int err = 0;
5224
5225         brcmf_dbg(TRACE, "low=%d high=%d", rssi_low, rssi_high);
5226
5227         ifp = netdev_priv(ndev);
5228         vif = ifp->vif;
5229
5230         if (rssi_low != vif->cqm_rssi_low || rssi_high != vif->cqm_rssi_high) {
5231                 /* The firmware will send an event when the RSSI is less than or
5232                  * equal to a configured level and the previous RSSI event was
5233                  * less than or equal to a different level. Set a third level
5234                  * so that we also detect the transition from rssi <= rssi_high
5235                  * to rssi > rssi_high.
5236                  */
5237                 struct brcmf_rssi_event_le config = {
5238                         .rate_limit_msec = cpu_to_le32(0),
5239                         .rssi_level_num = 3,
5240                         .rssi_levels = {
5241                                 clamp_val(rssi_low, S8_MIN, S8_MAX - 2),
5242                                 clamp_val(rssi_high, S8_MIN + 1, S8_MAX - 1),
5243                                 S8_MAX,
5244                         },
5245                 };
5246
5247                 err = brcmf_fil_iovar_data_set(ifp, "rssi_event", &config,
5248                                                sizeof(config));
5249                 if (err) {
5250                         err = -EINVAL;
5251                 } else {
5252                         vif->cqm_rssi_low = rssi_low;
5253                         vif->cqm_rssi_high = rssi_high;
5254                 }
5255         }
5256
5257         return err;
5258 }
5259
5260 static int
5261 brcmf_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy,
5262                                         struct wireless_dev *wdev,
5263                                         u64 cookie)
5264 {
5265         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5266         struct brcmf_pub *drvr = cfg->pub;
5267         struct brcmf_cfg80211_vif *vif;
5268         int err = 0;
5269
5270         brcmf_dbg(TRACE, "Enter p2p listen cancel\n");
5271
5272         vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
5273         if (vif == NULL) {
5274                 bphy_err(drvr, "No p2p device available for probe response\n");
5275                 err = -ENODEV;
5276                 goto exit;
5277         }
5278         brcmf_p2p_cancel_remain_on_channel(vif->ifp);
5279 exit:
5280         return err;
5281 }
5282
5283 static int brcmf_cfg80211_get_channel(struct wiphy *wiphy,
5284                                       struct wireless_dev *wdev,
5285                                       struct cfg80211_chan_def *chandef)
5286 {
5287         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5288         struct net_device *ndev = wdev->netdev;
5289         struct brcmf_pub *drvr = cfg->pub;
5290         struct brcmu_chan ch;
5291         enum nl80211_band band = 0;
5292         enum nl80211_chan_width width = 0;
5293         u32 chanspec;
5294         int freq, err;
5295
5296         if (!ndev || drvr->bus_if->state != BRCMF_BUS_UP)
5297                 return -ENODEV;
5298
5299         err = brcmf_fil_iovar_int_get(netdev_priv(ndev), "chanspec", &chanspec);
5300         if (err) {
5301                 bphy_err(drvr, "chanspec failed (%d)\n", err);
5302                 return err;
5303         }
5304
5305         ch.chspec = chanspec;
5306         cfg->d11inf.decchspec(&ch);
5307
5308         switch (ch.band) {
5309         case BRCMU_CHAN_BAND_2G:
5310                 band = NL80211_BAND_2GHZ;
5311                 break;
5312         case BRCMU_CHAN_BAND_5G:
5313                 band = NL80211_BAND_5GHZ;
5314                 break;
5315         }
5316
5317         switch (ch.bw) {
5318         case BRCMU_CHAN_BW_80:
5319                 width = NL80211_CHAN_WIDTH_80;
5320                 break;
5321         case BRCMU_CHAN_BW_40:
5322                 width = NL80211_CHAN_WIDTH_40;
5323                 break;
5324         case BRCMU_CHAN_BW_20:
5325                 width = NL80211_CHAN_WIDTH_20;
5326                 break;
5327         case BRCMU_CHAN_BW_80P80:
5328                 width = NL80211_CHAN_WIDTH_80P80;
5329                 break;
5330         case BRCMU_CHAN_BW_160:
5331                 width = NL80211_CHAN_WIDTH_160;
5332                 break;
5333         }
5334
5335         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band);
5336         chandef->chan = ieee80211_get_channel(wiphy, freq);
5337         chandef->width = width;
5338         chandef->center_freq1 = ieee80211_channel_to_frequency(ch.chnum, band);
5339         chandef->center_freq2 = 0;
5340
5341         return 0;
5342 }
5343
5344 static int brcmf_cfg80211_crit_proto_start(struct wiphy *wiphy,
5345                                            struct wireless_dev *wdev,
5346                                            enum nl80211_crit_proto_id proto,
5347                                            u16 duration)
5348 {
5349         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5350         struct brcmf_cfg80211_vif *vif;
5351
5352         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5353
5354         /* only DHCP support for now */
5355         if (proto != NL80211_CRIT_PROTO_DHCP)
5356                 return -EINVAL;
5357
5358         /* suppress and abort scanning */
5359         set_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5360         brcmf_abort_scanning(cfg);
5361
5362         return brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_DISABLED, duration);
5363 }
5364
5365 static void brcmf_cfg80211_crit_proto_stop(struct wiphy *wiphy,
5366                                            struct wireless_dev *wdev)
5367 {
5368         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5369         struct brcmf_cfg80211_vif *vif;
5370
5371         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
5372
5373         brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
5374         clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5375 }
5376
5377 static s32
5378 brcmf_notify_tdls_peer_event(struct brcmf_if *ifp,
5379                              const struct brcmf_event_msg *e, void *data)
5380 {
5381         switch (e->reason) {
5382         case BRCMF_E_REASON_TDLS_PEER_DISCOVERED:
5383                 brcmf_dbg(TRACE, "TDLS Peer Discovered\n");
5384                 break;
5385         case BRCMF_E_REASON_TDLS_PEER_CONNECTED:
5386                 brcmf_dbg(TRACE, "TDLS Peer Connected\n");
5387                 brcmf_proto_add_tdls_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5388                 break;
5389         case BRCMF_E_REASON_TDLS_PEER_DISCONNECTED:
5390                 brcmf_dbg(TRACE, "TDLS Peer Disconnected\n");
5391                 brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5392                 break;
5393         }
5394
5395         return 0;
5396 }
5397
5398 static int brcmf_convert_nl80211_tdls_oper(enum nl80211_tdls_operation oper)
5399 {
5400         int ret;
5401
5402         switch (oper) {
5403         case NL80211_TDLS_DISCOVERY_REQ:
5404                 ret = BRCMF_TDLS_MANUAL_EP_DISCOVERY;
5405                 break;
5406         case NL80211_TDLS_SETUP:
5407                 ret = BRCMF_TDLS_MANUAL_EP_CREATE;
5408                 break;
5409         case NL80211_TDLS_TEARDOWN:
5410                 ret = BRCMF_TDLS_MANUAL_EP_DELETE;
5411                 break;
5412         default:
5413                 brcmf_err("unsupported operation: %d\n", oper);
5414                 ret = -EOPNOTSUPP;
5415         }
5416         return ret;
5417 }
5418
5419 static int brcmf_cfg80211_tdls_oper(struct wiphy *wiphy,
5420                                     struct net_device *ndev, const u8 *peer,
5421                                     enum nl80211_tdls_operation oper)
5422 {
5423         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5424         struct brcmf_pub *drvr = cfg->pub;
5425         struct brcmf_if *ifp;
5426         struct brcmf_tdls_iovar_le info;
5427         int ret = 0;
5428
5429         ret = brcmf_convert_nl80211_tdls_oper(oper);
5430         if (ret < 0)
5431                 return ret;
5432
5433         ifp = netdev_priv(ndev);
5434         memset(&info, 0, sizeof(info));
5435         info.mode = (u8)ret;
5436         if (peer)
5437                 memcpy(info.ea, peer, ETH_ALEN);
5438
5439         ret = brcmf_fil_iovar_data_set(ifp, "tdls_endpoint",
5440                                        &info, sizeof(info));
5441         if (ret < 0)
5442                 bphy_err(drvr, "tdls_endpoint iovar failed: ret=%d\n", ret);
5443
5444         return ret;
5445 }
5446
5447 static int
5448 brcmf_cfg80211_update_conn_params(struct wiphy *wiphy,
5449                                   struct net_device *ndev,
5450                                   struct cfg80211_connect_params *sme,
5451                                   u32 changed)
5452 {
5453         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5454         struct brcmf_pub *drvr = cfg->pub;
5455         struct brcmf_if *ifp;
5456         int err;
5457
5458         if (!(changed & UPDATE_ASSOC_IES))
5459                 return 0;
5460
5461         ifp = netdev_priv(ndev);
5462         err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
5463                                     sme->ie, sme->ie_len);
5464         if (err)
5465                 bphy_err(drvr, "Set Assoc REQ IE Failed\n");
5466         else
5467                 brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
5468
5469         return err;
5470 }
5471
5472 #ifdef CONFIG_PM
5473 static int
5474 brcmf_cfg80211_set_rekey_data(struct wiphy *wiphy, struct net_device *ndev,
5475                               struct cfg80211_gtk_rekey_data *gtk)
5476 {
5477         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
5478         struct brcmf_pub *drvr = cfg->pub;
5479         struct brcmf_if *ifp = netdev_priv(ndev);
5480         struct brcmf_gtk_keyinfo_le gtk_le;
5481         int ret;
5482
5483         brcmf_dbg(TRACE, "Enter, bssidx=%d\n", ifp->bsscfgidx);
5484
5485         memcpy(gtk_le.kck, gtk->kck, sizeof(gtk_le.kck));
5486         memcpy(gtk_le.kek, gtk->kek, sizeof(gtk_le.kek));
5487         memcpy(gtk_le.replay_counter, gtk->replay_ctr,
5488                sizeof(gtk_le.replay_counter));
5489
5490         ret = brcmf_fil_iovar_data_set(ifp, "gtk_key_info", &gtk_le,
5491                                        sizeof(gtk_le));
5492         if (ret < 0)
5493                 bphy_err(drvr, "gtk_key_info iovar failed: ret=%d\n", ret);
5494
5495         return ret;
5496 }
5497 #endif
5498
5499 static int brcmf_cfg80211_set_pmk(struct wiphy *wiphy, struct net_device *dev,
5500                                   const struct cfg80211_pmk_conf *conf)
5501 {
5502         struct brcmf_if *ifp;
5503
5504         brcmf_dbg(TRACE, "enter\n");
5505
5506         /* expect using firmware supplicant for 1X */
5507         ifp = netdev_priv(dev);
5508         if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5509                 return -EINVAL;
5510
5511         if (conf->pmk_len > BRCMF_WSEC_MAX_PSK_LEN)
5512                 return -ERANGE;
5513
5514         return brcmf_set_pmk(ifp, conf->pmk, conf->pmk_len);
5515 }
5516
5517 static int brcmf_cfg80211_del_pmk(struct wiphy *wiphy, struct net_device *dev,
5518                                   const u8 *aa)
5519 {
5520         struct brcmf_if *ifp;
5521
5522         brcmf_dbg(TRACE, "enter\n");
5523         ifp = netdev_priv(dev);
5524         if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5525                 return -EINVAL;
5526
5527         return brcmf_set_pmk(ifp, NULL, 0);
5528 }
5529
5530 static struct cfg80211_ops brcmf_cfg80211_ops = {
5531         .add_virtual_intf = brcmf_cfg80211_add_iface,
5532         .del_virtual_intf = brcmf_cfg80211_del_iface,
5533         .change_virtual_intf = brcmf_cfg80211_change_iface,
5534         .scan = brcmf_cfg80211_scan,
5535         .set_wiphy_params = brcmf_cfg80211_set_wiphy_params,
5536         .join_ibss = brcmf_cfg80211_join_ibss,
5537         .leave_ibss = brcmf_cfg80211_leave_ibss,
5538         .get_station = brcmf_cfg80211_get_station,
5539         .dump_station = brcmf_cfg80211_dump_station,
5540         .set_tx_power = brcmf_cfg80211_set_tx_power,
5541         .get_tx_power = brcmf_cfg80211_get_tx_power,
5542         .add_key = brcmf_cfg80211_add_key,
5543         .del_key = brcmf_cfg80211_del_key,
5544         .get_key = brcmf_cfg80211_get_key,
5545         .set_default_key = brcmf_cfg80211_config_default_key,
5546         .set_default_mgmt_key = brcmf_cfg80211_config_default_mgmt_key,
5547         .set_power_mgmt = brcmf_cfg80211_set_power_mgmt,
5548         .connect = brcmf_cfg80211_connect,
5549         .disconnect = brcmf_cfg80211_disconnect,
5550         .suspend = brcmf_cfg80211_suspend,
5551         .resume = brcmf_cfg80211_resume,
5552         .set_pmksa = brcmf_cfg80211_set_pmksa,
5553         .del_pmksa = brcmf_cfg80211_del_pmksa,
5554         .flush_pmksa = brcmf_cfg80211_flush_pmksa,
5555         .start_ap = brcmf_cfg80211_start_ap,
5556         .stop_ap = brcmf_cfg80211_stop_ap,
5557         .change_beacon = brcmf_cfg80211_change_beacon,
5558         .del_station = brcmf_cfg80211_del_station,
5559         .change_station = brcmf_cfg80211_change_station,
5560         .sched_scan_start = brcmf_cfg80211_sched_scan_start,
5561         .sched_scan_stop = brcmf_cfg80211_sched_scan_stop,
5562         .update_mgmt_frame_registrations =
5563                 brcmf_cfg80211_update_mgmt_frame_registrations,
5564         .mgmt_tx = brcmf_cfg80211_mgmt_tx,
5565         .set_cqm_rssi_range_config = brcmf_cfg80211_set_cqm_rssi_range_config,
5566         .remain_on_channel = brcmf_p2p_remain_on_channel,
5567         .cancel_remain_on_channel = brcmf_cfg80211_cancel_remain_on_channel,
5568         .get_channel = brcmf_cfg80211_get_channel,
5569         .start_p2p_device = brcmf_p2p_start_device,
5570         .stop_p2p_device = brcmf_p2p_stop_device,
5571         .crit_proto_start = brcmf_cfg80211_crit_proto_start,
5572         .crit_proto_stop = brcmf_cfg80211_crit_proto_stop,
5573         .tdls_oper = brcmf_cfg80211_tdls_oper,
5574         .update_connect_params = brcmf_cfg80211_update_conn_params,
5575         .set_pmk = brcmf_cfg80211_set_pmk,
5576         .del_pmk = brcmf_cfg80211_del_pmk,
5577 };
5578
5579 struct cfg80211_ops *brcmf_cfg80211_get_ops(struct brcmf_mp_device *settings)
5580 {
5581         struct cfg80211_ops *ops;
5582
5583         ops = kmemdup(&brcmf_cfg80211_ops, sizeof(brcmf_cfg80211_ops),
5584                        GFP_KERNEL);
5585
5586         if (ops && settings->roamoff)
5587                 ops->update_connect_params = NULL;
5588
5589         return ops;
5590 }
5591
5592 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
5593                                            enum nl80211_iftype type)
5594 {
5595         struct brcmf_cfg80211_vif *vif_walk;
5596         struct brcmf_cfg80211_vif *vif;
5597         bool mbss;
5598         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
5599
5600         brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n",
5601                   sizeof(*vif));
5602         vif = kzalloc(sizeof(*vif), GFP_KERNEL);
5603         if (!vif)
5604                 return ERR_PTR(-ENOMEM);
5605
5606         vif->wdev.wiphy = cfg->wiphy;
5607         vif->wdev.iftype = type;
5608
5609         brcmf_init_prof(&vif->profile);
5610
5611         if (type == NL80211_IFTYPE_AP &&
5612             brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) {
5613                 mbss = false;
5614                 list_for_each_entry(vif_walk, &cfg->vif_list, list) {
5615                         if (vif_walk->wdev.iftype == NL80211_IFTYPE_AP) {
5616                                 mbss = true;
5617                                 break;
5618                         }
5619                 }
5620                 vif->mbss = mbss;
5621         }
5622
5623         list_add_tail(&vif->list, &cfg->vif_list);
5624         return vif;
5625 }
5626
5627 void brcmf_free_vif(struct brcmf_cfg80211_vif *vif)
5628 {
5629         list_del(&vif->list);
5630         kfree(vif);
5631 }
5632
5633 void brcmf_cfg80211_free_netdev(struct net_device *ndev)
5634 {
5635         struct brcmf_cfg80211_vif *vif;
5636         struct brcmf_if *ifp;
5637
5638         ifp = netdev_priv(ndev);
5639         vif = ifp->vif;
5640
5641         if (vif)
5642                 brcmf_free_vif(vif);
5643 }
5644
5645 static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
5646                             const struct brcmf_event_msg *e)
5647 {
5648         u32 event = e->event_code;
5649         u32 status = e->status;
5650
5651         if ((vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_PSK ||
5652              vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_SAE) &&
5653             event == BRCMF_E_PSK_SUP &&
5654             status == BRCMF_E_STATUS_FWSUP_COMPLETED)
5655                 set_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5656         if (event == BRCMF_E_SET_SSID && status == BRCMF_E_STATUS_SUCCESS) {
5657                 brcmf_dbg(CONN, "Processing set ssid\n");
5658                 memcpy(vif->profile.bssid, e->addr, ETH_ALEN);
5659                 if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK &&
5660                     vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_SAE)
5661                         return true;
5662
5663                 set_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5664         }
5665
5666         if (test_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state) &&
5667             test_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state)) {
5668                 clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5669                 clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5670                 return true;
5671         }
5672         return false;
5673 }
5674
5675 static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
5676                             const struct brcmf_event_msg *e)
5677 {
5678         u32 event = e->event_code;
5679         u16 flags = e->flags;
5680
5681         if ((event == BRCMF_E_DEAUTH) || (event == BRCMF_E_DEAUTH_IND) ||
5682             (event == BRCMF_E_DISASSOC_IND) ||
5683             ((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
5684                 brcmf_dbg(CONN, "Processing link down\n");
5685                 clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5686                 clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5687                 return true;
5688         }
5689         return false;
5690 }
5691
5692 static bool brcmf_is_nonetwork(struct brcmf_cfg80211_info *cfg,
5693                                const struct brcmf_event_msg *e)
5694 {
5695         u32 event = e->event_code;
5696         u32 status = e->status;
5697
5698         if (event == BRCMF_E_LINK && status == BRCMF_E_STATUS_NO_NETWORKS) {
5699                 brcmf_dbg(CONN, "Processing Link %s & no network found\n",
5700                           e->flags & BRCMF_EVENT_MSG_LINK ? "up" : "down");
5701                 return true;
5702         }
5703
5704         if (event == BRCMF_E_SET_SSID && status != BRCMF_E_STATUS_SUCCESS) {
5705                 brcmf_dbg(CONN, "Processing connecting & no network found\n");
5706                 return true;
5707         }
5708
5709         if (event == BRCMF_E_PSK_SUP &&
5710             status != BRCMF_E_STATUS_FWSUP_COMPLETED) {
5711                 brcmf_dbg(CONN, "Processing failed supplicant state: %u\n",
5712                           status);
5713                 return true;
5714         }
5715
5716         return false;
5717 }
5718
5719 static void brcmf_clear_assoc_ies(struct brcmf_cfg80211_info *cfg)
5720 {
5721         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5722
5723         kfree(conn_info->req_ie);
5724         conn_info->req_ie = NULL;
5725         conn_info->req_ie_len = 0;
5726         kfree(conn_info->resp_ie);
5727         conn_info->resp_ie = NULL;
5728         conn_info->resp_ie_len = 0;
5729 }
5730
5731 u8 brcmf_map_prio_to_prec(void *config, u8 prio)
5732 {
5733         struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5734
5735         if (!cfg)
5736                 return (prio == PRIO_8021D_NONE || prio == PRIO_8021D_BE) ?
5737                        (prio ^ 2) : prio;
5738
5739         /* For those AC(s) with ACM flag set to 1, convert its 4-level priority
5740          * to an 8-level precedence which is the same as BE's
5741          */
5742         if (prio > PRIO_8021D_EE &&
5743             cfg->ac_priority[prio] == cfg->ac_priority[PRIO_8021D_BE])
5744                 return cfg->ac_priority[prio] * 2;
5745
5746         /* Conversion of 4-level priority to 8-level precedence */
5747         if (prio == PRIO_8021D_BE || prio == PRIO_8021D_BK ||
5748             prio == PRIO_8021D_CL || prio == PRIO_8021D_VO)
5749                 return cfg->ac_priority[prio] * 2;
5750         else
5751                 return cfg->ac_priority[prio] * 2 + 1;
5752 }
5753
5754 u8 brcmf_map_prio_to_aci(void *config, u8 prio)
5755 {
5756         /* Prio here refers to the 802.1d priority in range of 0 to 7.
5757          * ACI here refers to the WLAN AC Index in range of 0 to 3.
5758          * This function will return ACI corresponding to input prio.
5759          */
5760         struct brcmf_cfg80211_info *cfg = (struct brcmf_cfg80211_info *)config;
5761
5762         if (cfg)
5763                 return cfg->ac_priority[prio];
5764
5765         return prio;
5766 }
5767
5768 static void brcmf_init_wmm_prio(u8 *priority)
5769 {
5770         /* Initialize AC priority array to default
5771          * 802.1d priority as per following table:
5772          * 802.1d prio 0,3 maps to BE
5773          * 802.1d prio 1,2 maps to BK
5774          * 802.1d prio 4,5 maps to VI
5775          * 802.1d prio 6,7 maps to VO
5776          */
5777         priority[0] = BRCMF_FWS_FIFO_AC_BE;
5778         priority[3] = BRCMF_FWS_FIFO_AC_BE;
5779         priority[1] = BRCMF_FWS_FIFO_AC_BK;
5780         priority[2] = BRCMF_FWS_FIFO_AC_BK;
5781         priority[4] = BRCMF_FWS_FIFO_AC_VI;
5782         priority[5] = BRCMF_FWS_FIFO_AC_VI;
5783         priority[6] = BRCMF_FWS_FIFO_AC_VO;
5784         priority[7] = BRCMF_FWS_FIFO_AC_VO;
5785 }
5786
5787 static void brcmf_wifi_prioritize_acparams(const
5788         struct brcmf_cfg80211_edcf_acparam *acp, u8 *priority)
5789 {
5790         u8 aci;
5791         u8 aifsn;
5792         u8 ecwmin;
5793         u8 ecwmax;
5794         u8 acm;
5795         u8 ranking_basis[EDCF_AC_COUNT];
5796         u8 aci_prio[EDCF_AC_COUNT]; /* AC_BE, AC_BK, AC_VI, AC_VO */
5797         u8 index;
5798
5799         for (aci = 0; aci < EDCF_AC_COUNT; aci++, acp++) {
5800                 aifsn  = acp->ACI & EDCF_AIFSN_MASK;
5801                 acm = (acp->ACI & EDCF_ACM_MASK) ? 1 : 0;
5802                 ecwmin = acp->ECW & EDCF_ECWMIN_MASK;
5803                 ecwmax = (acp->ECW & EDCF_ECWMAX_MASK) >> EDCF_ECWMAX_SHIFT;
5804                 brcmf_dbg(CONN, "ACI %d aifsn %d acm %d ecwmin %d ecwmax %d\n",
5805                           aci, aifsn, acm, ecwmin, ecwmax);
5806                 /* Default AC_VO will be the lowest ranking value */
5807                 ranking_basis[aci] = aifsn + ecwmin + ecwmax;
5808                 /* Initialise priority starting at 0 (AC_BE) */
5809                 aci_prio[aci] = 0;
5810
5811                 /* If ACM is set, STA can't use this AC as per 802.11.
5812                  * Change the ranking to BE
5813                  */
5814                 if (aci != AC_BE && aci != AC_BK && acm == 1)
5815                         ranking_basis[aci] = ranking_basis[AC_BE];
5816         }
5817
5818         /* Ranking method which works for AC priority
5819          * swapping when values for cwmin, cwmax and aifsn are varied
5820          * Compare each aci_prio against each other aci_prio
5821          */
5822         for (aci = 0; aci < EDCF_AC_COUNT; aci++) {
5823                 for (index = 0; index < EDCF_AC_COUNT; index++) {
5824                         if (index != aci) {
5825                                 /* Smaller ranking value has higher priority,
5826                                  * so increment priority for each ACI which has
5827                                  * a higher ranking value
5828                                  */
5829                                 if (ranking_basis[aci] < ranking_basis[index])
5830                                         aci_prio[aci]++;
5831                         }
5832                 }
5833         }
5834
5835         /* By now, aci_prio[] will be in range of 0 to 3.
5836          * Use ACI prio to get the new priority value for
5837          * each 802.1d traffic type, in this range.
5838          */
5839         if (!(aci_prio[AC_BE] == aci_prio[AC_BK] &&
5840               aci_prio[AC_BK] == aci_prio[AC_VI] &&
5841               aci_prio[AC_VI] == aci_prio[AC_VO])) {
5842                 /* 802.1d 0,3 maps to BE */
5843                 priority[0] = aci_prio[AC_BE];
5844                 priority[3] = aci_prio[AC_BE];
5845
5846                 /* 802.1d 1,2 maps to BK */
5847                 priority[1] = aci_prio[AC_BK];
5848                 priority[2] = aci_prio[AC_BK];
5849
5850                 /* 802.1d 4,5 maps to VO */
5851                 priority[4] = aci_prio[AC_VI];
5852                 priority[5] = aci_prio[AC_VI];
5853
5854                 /* 802.1d 6,7 maps to VO */
5855                 priority[6] = aci_prio[AC_VO];
5856                 priority[7] = aci_prio[AC_VO];
5857         } else {
5858                 /* Initialize to default priority */
5859                 brcmf_init_wmm_prio(priority);
5860         }
5861
5862         brcmf_dbg(CONN, "Adj prio BE 0->%d, BK 1->%d, BK 2->%d, BE 3->%d\n",
5863                   priority[0], priority[1], priority[2], priority[3]);
5864
5865         brcmf_dbg(CONN, "Adj prio VI 4->%d, VI 5->%d, VO 6->%d, VO 7->%d\n",
5866                   priority[4], priority[5], priority[6], priority[7]);
5867 }
5868
5869 static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
5870                                struct brcmf_if *ifp)
5871 {
5872         struct brcmf_pub *drvr = cfg->pub;
5873         struct brcmf_cfg80211_assoc_ielen_le *assoc_info;
5874         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5875         struct brcmf_cfg80211_edcf_acparam edcf_acparam_info[EDCF_AC_COUNT];
5876         u32 req_len;
5877         u32 resp_len;
5878         s32 err = 0;
5879
5880         brcmf_clear_assoc_ies(cfg);
5881
5882         err = brcmf_fil_iovar_data_get(ifp, "assoc_info",
5883                                        cfg->extra_buf, WL_ASSOC_INFO_MAX);
5884         if (err) {
5885                 bphy_err(drvr, "could not get assoc info (%d)\n", err);
5886                 return err;
5887         }
5888         assoc_info =
5889                 (struct brcmf_cfg80211_assoc_ielen_le *)cfg->extra_buf;
5890         req_len = le32_to_cpu(assoc_info->req_len);
5891         resp_len = le32_to_cpu(assoc_info->resp_len);
5892         if (req_len) {
5893                 err = brcmf_fil_iovar_data_get(ifp, "assoc_req_ies",
5894                                                cfg->extra_buf,
5895                                                WL_ASSOC_INFO_MAX);
5896                 if (err) {
5897                         bphy_err(drvr, "could not get assoc req (%d)\n", err);
5898                         return err;
5899                 }
5900                 conn_info->req_ie_len = req_len;
5901                 conn_info->req_ie =
5902                     kmemdup(cfg->extra_buf, conn_info->req_ie_len,
5903                             GFP_KERNEL);
5904                 if (!conn_info->req_ie)
5905                         conn_info->req_ie_len = 0;
5906         } else {
5907                 conn_info->req_ie_len = 0;
5908                 conn_info->req_ie = NULL;
5909         }
5910         if (resp_len) {
5911                 err = brcmf_fil_iovar_data_get(ifp, "assoc_resp_ies",
5912                                                cfg->extra_buf,
5913                                                WL_ASSOC_INFO_MAX);
5914                 if (err) {
5915                         bphy_err(drvr, "could not get assoc resp (%d)\n", err);
5916                         return err;
5917                 }
5918                 conn_info->resp_ie_len = resp_len;
5919                 conn_info->resp_ie =
5920                     kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
5921                             GFP_KERNEL);
5922                 if (!conn_info->resp_ie)
5923                         conn_info->resp_ie_len = 0;
5924
5925                 err = brcmf_fil_iovar_data_get(ifp, "wme_ac_sta",
5926                                                edcf_acparam_info,
5927                                                sizeof(edcf_acparam_info));
5928                 if (err) {
5929                         brcmf_err("could not get wme_ac_sta (%d)\n", err);
5930                         return err;
5931                 }
5932
5933                 brcmf_wifi_prioritize_acparams(edcf_acparam_info,
5934                                                cfg->ac_priority);
5935         } else {
5936                 conn_info->resp_ie_len = 0;
5937                 conn_info->resp_ie = NULL;
5938         }
5939         brcmf_dbg(CONN, "req len (%d) resp len (%d)\n",
5940                   conn_info->req_ie_len, conn_info->resp_ie_len);
5941
5942         return err;
5943 }
5944
5945 static s32
5946 brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
5947                        struct net_device *ndev,
5948                        const struct brcmf_event_msg *e)
5949 {
5950         struct brcmf_if *ifp = netdev_priv(ndev);
5951         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5952         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5953         struct wiphy *wiphy = cfg_to_wiphy(cfg);
5954         struct ieee80211_channel *notify_channel = NULL;
5955         struct ieee80211_supported_band *band;
5956         struct brcmf_bss_info_le *bi;
5957         struct brcmu_chan ch;
5958         struct cfg80211_roam_info roam_info = {};
5959         u32 freq;
5960         s32 err = 0;
5961         u8 *buf;
5962
5963         brcmf_dbg(TRACE, "Enter\n");
5964
5965         brcmf_get_assoc_ies(cfg, ifp);
5966         memcpy(profile->bssid, e->addr, ETH_ALEN);
5967         brcmf_update_bss_info(cfg, ifp);
5968
5969         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
5970         if (buf == NULL) {
5971                 err = -ENOMEM;
5972                 goto done;
5973         }
5974
5975         /* data sent to dongle has to be little endian */
5976         *(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
5977         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
5978                                      buf, WL_BSS_INFO_MAX);
5979
5980         if (err)
5981                 goto done;
5982
5983         bi = (struct brcmf_bss_info_le *)(buf + 4);
5984         ch.chspec = le16_to_cpu(bi->chanspec);
5985         cfg->d11inf.decchspec(&ch);
5986
5987         if (ch.band == BRCMU_CHAN_BAND_2G)
5988                 band = wiphy->bands[NL80211_BAND_2GHZ];
5989         else
5990                 band = wiphy->bands[NL80211_BAND_5GHZ];
5991
5992         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
5993         notify_channel = ieee80211_get_channel(wiphy, freq);
5994
5995 done:
5996         kfree(buf);
5997
5998         roam_info.channel = notify_channel;
5999         roam_info.bssid = profile->bssid;
6000         roam_info.req_ie = conn_info->req_ie;
6001         roam_info.req_ie_len = conn_info->req_ie_len;
6002         roam_info.resp_ie = conn_info->resp_ie;
6003         roam_info.resp_ie_len = conn_info->resp_ie_len;
6004
6005         cfg80211_roamed(ndev, &roam_info, GFP_KERNEL);
6006         brcmf_dbg(CONN, "Report roaming result\n");
6007
6008         if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X && profile->is_ft) {
6009                 cfg80211_port_authorized(ndev, profile->bssid, GFP_KERNEL);
6010                 brcmf_dbg(CONN, "Report port authorized\n");
6011         }
6012
6013         set_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
6014         brcmf_dbg(TRACE, "Exit\n");
6015         return err;
6016 }
6017
6018 static s32
6019 brcmf_bss_connect_done(struct brcmf_cfg80211_info *cfg,
6020                        struct net_device *ndev, const struct brcmf_event_msg *e,
6021                        bool completed)
6022 {
6023         struct brcmf_if *ifp = netdev_priv(ndev);
6024         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6025         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
6026         struct cfg80211_connect_resp_params conn_params;
6027
6028         brcmf_dbg(TRACE, "Enter\n");
6029
6030         if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6031                                &ifp->vif->sme_state)) {
6032                 memset(&conn_params, 0, sizeof(conn_params));
6033                 if (completed) {
6034                         brcmf_get_assoc_ies(cfg, ifp);
6035                         brcmf_update_bss_info(cfg, ifp);
6036                         set_bit(BRCMF_VIF_STATUS_CONNECTED,
6037                                 &ifp->vif->sme_state);
6038                         conn_params.status = WLAN_STATUS_SUCCESS;
6039                 } else {
6040                         conn_params.status = WLAN_STATUS_AUTH_TIMEOUT;
6041                 }
6042                 conn_params.bssid = profile->bssid;
6043                 conn_params.req_ie = conn_info->req_ie;
6044                 conn_params.req_ie_len = conn_info->req_ie_len;
6045                 conn_params.resp_ie = conn_info->resp_ie;
6046                 conn_params.resp_ie_len = conn_info->resp_ie_len;
6047                 cfg80211_connect_done(ndev, &conn_params, GFP_KERNEL);
6048                 brcmf_dbg(CONN, "Report connect result - connection %s\n",
6049                           completed ? "succeeded" : "failed");
6050         }
6051         brcmf_dbg(TRACE, "Exit\n");
6052         return 0;
6053 }
6054
6055 static s32
6056 brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
6057                                struct net_device *ndev,
6058                                const struct brcmf_event_msg *e, void *data)
6059 {
6060         struct brcmf_pub *drvr = cfg->pub;
6061         static int generation;
6062         u32 event = e->event_code;
6063         u32 reason = e->reason;
6064         struct station_info *sinfo;
6065
6066         brcmf_dbg(CONN, "event %s (%u), reason %d\n",
6067                   brcmf_fweh_event_name(event), event, reason);
6068         if (event == BRCMF_E_LINK && reason == BRCMF_E_REASON_LINK_BSSCFG_DIS &&
6069             ndev != cfg_to_ndev(cfg)) {
6070                 brcmf_dbg(CONN, "AP mode link down\n");
6071                 complete(&cfg->vif_disabled);
6072                 return 0;
6073         }
6074
6075         if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
6076             (reason == BRCMF_E_STATUS_SUCCESS)) {
6077                 if (!data) {
6078                         bphy_err(drvr, "No IEs present in ASSOC/REASSOC_IND\n");
6079                         return -EINVAL;
6080                 }
6081
6082                 sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
6083                 if (!sinfo)
6084                         return -ENOMEM;
6085
6086                 sinfo->assoc_req_ies = data;
6087                 sinfo->assoc_req_ies_len = e->datalen;
6088                 generation++;
6089                 sinfo->generation = generation;
6090                 cfg80211_new_sta(ndev, e->addr, sinfo, GFP_KERNEL);
6091
6092                 kfree(sinfo);
6093         } else if ((event == BRCMF_E_DISASSOC_IND) ||
6094                    (event == BRCMF_E_DEAUTH_IND) ||
6095                    (event == BRCMF_E_DEAUTH)) {
6096                 cfg80211_del_sta(ndev, e->addr, GFP_KERNEL);
6097         }
6098         return 0;
6099 }
6100
6101 static s32
6102 brcmf_notify_connect_status(struct brcmf_if *ifp,
6103                             const struct brcmf_event_msg *e, void *data)
6104 {
6105         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6106         struct net_device *ndev = ifp->ndev;
6107         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
6108         struct ieee80211_channel *chan;
6109         s32 err = 0;
6110
6111         if ((e->event_code == BRCMF_E_DEAUTH) ||
6112             (e->event_code == BRCMF_E_DEAUTH_IND) ||
6113             (e->event_code == BRCMF_E_DISASSOC_IND) ||
6114             ((e->event_code == BRCMF_E_LINK) && (!e->flags))) {
6115                 brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
6116         }
6117
6118         if (brcmf_is_apmode(ifp->vif)) {
6119                 err = brcmf_notify_connect_status_ap(cfg, ndev, e, data);
6120         } else if (brcmf_is_linkup(ifp->vif, e)) {
6121                 brcmf_dbg(CONN, "Linkup\n");
6122                 if (brcmf_is_ibssmode(ifp->vif)) {
6123                         brcmf_inform_ibss(cfg, ndev, e->addr);
6124                         chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
6125                         memcpy(profile->bssid, e->addr, ETH_ALEN);
6126                         cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
6127                         clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6128                                   &ifp->vif->sme_state);
6129                         set_bit(BRCMF_VIF_STATUS_CONNECTED,
6130                                 &ifp->vif->sme_state);
6131                 } else
6132                         brcmf_bss_connect_done(cfg, ndev, e, true);
6133                 brcmf_net_setcarrier(ifp, true);
6134         } else if (brcmf_is_linkdown(ifp->vif, e)) {
6135                 brcmf_dbg(CONN, "Linkdown\n");
6136                 if (!brcmf_is_ibssmode(ifp->vif) &&
6137                     test_bit(BRCMF_VIF_STATUS_CONNECTED,
6138                              &ifp->vif->sme_state)) {
6139                         if (memcmp(profile->bssid, e->addr, ETH_ALEN))
6140                                 return err;
6141
6142                         brcmf_bss_connect_done(cfg, ndev, e, false);
6143                         brcmf_link_down(ifp->vif,
6144                                         brcmf_map_fw_linkdown_reason(e),
6145                                         e->event_code &
6146                                         (BRCMF_E_DEAUTH_IND |
6147                                         BRCMF_E_DISASSOC_IND)
6148                                         ? false : true);
6149                         brcmf_init_prof(ndev_to_prof(ndev));
6150                         if (ndev != cfg_to_ndev(cfg))
6151                                 complete(&cfg->vif_disabled);
6152                         brcmf_net_setcarrier(ifp, false);
6153                 }
6154         } else if (brcmf_is_nonetwork(cfg, e)) {
6155                 if (brcmf_is_ibssmode(ifp->vif))
6156                         clear_bit(BRCMF_VIF_STATUS_CONNECTING,
6157                                   &ifp->vif->sme_state);
6158                 else
6159                         brcmf_bss_connect_done(cfg, ndev, e, false);
6160         }
6161
6162         return err;
6163 }
6164
6165 static s32
6166 brcmf_notify_roaming_status(struct brcmf_if *ifp,
6167                             const struct brcmf_event_msg *e, void *data)
6168 {
6169         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6170         u32 event = e->event_code;
6171         u32 status = e->status;
6172
6173         if (event == BRCMF_E_ROAM && status == BRCMF_E_STATUS_SUCCESS) {
6174                 if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
6175                              &ifp->vif->sme_state)) {
6176                         brcmf_bss_roaming_done(cfg, ifp->ndev, e);
6177                 } else {
6178                         brcmf_bss_connect_done(cfg, ifp->ndev, e, true);
6179                         brcmf_net_setcarrier(ifp, true);
6180                 }
6181         }
6182
6183         return 0;
6184 }
6185
6186 static s32
6187 brcmf_notify_mic_status(struct brcmf_if *ifp,
6188                         const struct brcmf_event_msg *e, void *data)
6189 {
6190         u16 flags = e->flags;
6191         enum nl80211_key_type key_type;
6192
6193         if (flags & BRCMF_EVENT_MSG_GROUP)
6194                 key_type = NL80211_KEYTYPE_GROUP;
6195         else
6196                 key_type = NL80211_KEYTYPE_PAIRWISE;
6197
6198         cfg80211_michael_mic_failure(ifp->ndev, (u8 *)&e->addr, key_type, -1,
6199                                      NULL, GFP_KERNEL);
6200
6201         return 0;
6202 }
6203
6204 static s32 brcmf_notify_rssi(struct brcmf_if *ifp,
6205                              const struct brcmf_event_msg *e, void *data)
6206 {
6207         struct brcmf_cfg80211_vif *vif = ifp->vif;
6208         struct brcmf_rssi_be *info = data;
6209         s32 rssi, snr, noise;
6210         s32 low, high, last;
6211
6212         if (e->datalen < sizeof(*info)) {
6213                 brcmf_err("insufficient RSSI event data\n");
6214                 return 0;
6215         }
6216
6217         rssi = be32_to_cpu(info->rssi);
6218         snr = be32_to_cpu(info->snr);
6219         noise = be32_to_cpu(info->noise);
6220
6221         low = vif->cqm_rssi_low;
6222         high = vif->cqm_rssi_high;
6223         last = vif->cqm_rssi_last;
6224
6225         brcmf_dbg(TRACE, "rssi=%d snr=%d noise=%d low=%d high=%d last=%d\n",
6226                   rssi, snr, noise, low, high, last);
6227
6228         vif->cqm_rssi_last = rssi;
6229
6230         if (rssi <= low || rssi == 0) {
6231                 brcmf_dbg(INFO, "LOW rssi=%d\n", rssi);
6232                 cfg80211_cqm_rssi_notify(ifp->ndev,
6233                                          NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
6234                                          rssi, GFP_KERNEL);
6235         } else if (rssi > high) {
6236                 brcmf_dbg(INFO, "HIGH rssi=%d\n", rssi);
6237                 cfg80211_cqm_rssi_notify(ifp->ndev,
6238                                          NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
6239                                          rssi, GFP_KERNEL);
6240         }
6241
6242         return 0;
6243 }
6244
6245 static s32 brcmf_notify_vif_event(struct brcmf_if *ifp,
6246                                   const struct brcmf_event_msg *e, void *data)
6247 {
6248         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6249         struct brcmf_if_event *ifevent = (struct brcmf_if_event *)data;
6250         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6251         struct brcmf_cfg80211_vif *vif;
6252
6253         brcmf_dbg(TRACE, "Enter: action %u flags %u ifidx %u bsscfgidx %u\n",
6254                   ifevent->action, ifevent->flags, ifevent->ifidx,
6255                   ifevent->bsscfgidx);
6256
6257         spin_lock(&event->vif_event_lock);
6258         event->action = ifevent->action;
6259         vif = event->vif;
6260
6261         switch (ifevent->action) {
6262         case BRCMF_E_IF_ADD:
6263                 /* waiting process may have timed out */
6264                 if (!cfg->vif_event.vif) {
6265                         spin_unlock(&event->vif_event_lock);
6266                         return -EBADF;
6267                 }
6268
6269                 ifp->vif = vif;
6270                 vif->ifp = ifp;
6271                 if (ifp->ndev) {
6272                         vif->wdev.netdev = ifp->ndev;
6273                         ifp->ndev->ieee80211_ptr = &vif->wdev;
6274                         SET_NETDEV_DEV(ifp->ndev, wiphy_dev(cfg->wiphy));
6275                 }
6276                 spin_unlock(&event->vif_event_lock);
6277                 wake_up(&event->vif_wq);
6278                 return 0;
6279
6280         case BRCMF_E_IF_DEL:
6281                 spin_unlock(&event->vif_event_lock);
6282                 /* event may not be upon user request */
6283                 if (brcmf_cfg80211_vif_event_armed(cfg))
6284                         wake_up(&event->vif_wq);
6285                 return 0;
6286
6287         case BRCMF_E_IF_CHANGE:
6288                 spin_unlock(&event->vif_event_lock);
6289                 wake_up(&event->vif_wq);
6290                 return 0;
6291
6292         default:
6293                 spin_unlock(&event->vif_event_lock);
6294                 break;
6295         }
6296         return -EINVAL;
6297 }
6298
6299 static void brcmf_init_conf(struct brcmf_cfg80211_conf *conf)
6300 {
6301         conf->frag_threshold = (u32)-1;
6302         conf->rts_threshold = (u32)-1;
6303         conf->retry_short = (u32)-1;
6304         conf->retry_long = (u32)-1;
6305 }
6306
6307 static void brcmf_register_event_handlers(struct brcmf_cfg80211_info *cfg)
6308 {
6309         brcmf_fweh_register(cfg->pub, BRCMF_E_LINK,
6310                             brcmf_notify_connect_status);
6311         brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH_IND,
6312                             brcmf_notify_connect_status);
6313         brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH,
6314                             brcmf_notify_connect_status);
6315         brcmf_fweh_register(cfg->pub, BRCMF_E_DISASSOC_IND,
6316                             brcmf_notify_connect_status);
6317         brcmf_fweh_register(cfg->pub, BRCMF_E_ASSOC_IND,
6318                             brcmf_notify_connect_status);
6319         brcmf_fweh_register(cfg->pub, BRCMF_E_REASSOC_IND,
6320                             brcmf_notify_connect_status);
6321         brcmf_fweh_register(cfg->pub, BRCMF_E_ROAM,
6322                             brcmf_notify_roaming_status);
6323         brcmf_fweh_register(cfg->pub, BRCMF_E_MIC_ERROR,
6324                             brcmf_notify_mic_status);
6325         brcmf_fweh_register(cfg->pub, BRCMF_E_SET_SSID,
6326                             brcmf_notify_connect_status);
6327         brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
6328                             brcmf_notify_sched_scan_results);
6329         brcmf_fweh_register(cfg->pub, BRCMF_E_IF,
6330                             brcmf_notify_vif_event);
6331         brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_PROBEREQ_MSG,
6332                             brcmf_p2p_notify_rx_mgmt_p2p_probereq);
6333         brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_DISC_LISTEN_COMPLETE,
6334                             brcmf_p2p_notify_listen_complete);
6335         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_RX,
6336                             brcmf_p2p_notify_action_frame_rx);
6337         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_COMPLETE,
6338                             brcmf_p2p_notify_action_tx_complete);
6339         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE,
6340                             brcmf_p2p_notify_action_tx_complete);
6341         brcmf_fweh_register(cfg->pub, BRCMF_E_PSK_SUP,
6342                             brcmf_notify_connect_status);
6343         brcmf_fweh_register(cfg->pub, BRCMF_E_RSSI, brcmf_notify_rssi);
6344 }
6345
6346 static void brcmf_deinit_priv_mem(struct brcmf_cfg80211_info *cfg)
6347 {
6348         kfree(cfg->conf);
6349         cfg->conf = NULL;
6350         kfree(cfg->extra_buf);
6351         cfg->extra_buf = NULL;
6352         kfree(cfg->wowl.nd);
6353         cfg->wowl.nd = NULL;
6354         kfree(cfg->wowl.nd_info);
6355         cfg->wowl.nd_info = NULL;
6356         kfree(cfg->escan_info.escan_buf);
6357         cfg->escan_info.escan_buf = NULL;
6358 }
6359
6360 static s32 brcmf_init_priv_mem(struct brcmf_cfg80211_info *cfg)
6361 {
6362         cfg->conf = kzalloc(sizeof(*cfg->conf), GFP_KERNEL);
6363         if (!cfg->conf)
6364                 goto init_priv_mem_out;
6365         cfg->extra_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
6366         if (!cfg->extra_buf)
6367                 goto init_priv_mem_out;
6368         cfg->wowl.nd = kzalloc(sizeof(*cfg->wowl.nd) + sizeof(u32), GFP_KERNEL);
6369         if (!cfg->wowl.nd)
6370                 goto init_priv_mem_out;
6371         cfg->wowl.nd_info = kzalloc(sizeof(*cfg->wowl.nd_info) +
6372                                     sizeof(struct cfg80211_wowlan_nd_match *),
6373                                     GFP_KERNEL);
6374         if (!cfg->wowl.nd_info)
6375                 goto init_priv_mem_out;
6376         cfg->escan_info.escan_buf = kzalloc(BRCMF_ESCAN_BUF_SIZE, GFP_KERNEL);
6377         if (!cfg->escan_info.escan_buf)
6378                 goto init_priv_mem_out;
6379
6380         return 0;
6381
6382 init_priv_mem_out:
6383         brcmf_deinit_priv_mem(cfg);
6384
6385         return -ENOMEM;
6386 }
6387
6388 static s32 wl_init_priv(struct brcmf_cfg80211_info *cfg)
6389 {
6390         s32 err = 0;
6391
6392         cfg->scan_request = NULL;
6393         cfg->pwr_save = true;
6394         cfg->dongle_up = false;         /* dongle is not up yet */
6395         err = brcmf_init_priv_mem(cfg);
6396         if (err)
6397                 return err;
6398         brcmf_register_event_handlers(cfg);
6399         mutex_init(&cfg->usr_sync);
6400         brcmf_init_escan(cfg);
6401         brcmf_init_conf(cfg->conf);
6402         brcmf_init_wmm_prio(cfg->ac_priority);
6403         init_completion(&cfg->vif_disabled);
6404         return err;
6405 }
6406
6407 static void wl_deinit_priv(struct brcmf_cfg80211_info *cfg)
6408 {
6409         cfg->dongle_up = false; /* dongle down */
6410         brcmf_abort_scanning(cfg);
6411         brcmf_deinit_priv_mem(cfg);
6412 }
6413
6414 static void init_vif_event(struct brcmf_cfg80211_vif_event *event)
6415 {
6416         init_waitqueue_head(&event->vif_wq);
6417         spin_lock_init(&event->vif_event_lock);
6418 }
6419
6420 static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
6421 {
6422         struct brcmf_pub *drvr = ifp->drvr;
6423         s32 err;
6424         u32 bcn_timeout;
6425         __le32 roamtrigger[2];
6426         __le32 roam_delta[2];
6427
6428         /* Configure beacon timeout value based upon roaming setting */
6429         if (ifp->drvr->settings->roamoff)
6430                 bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_OFF;
6431         else
6432                 bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
6433         err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
6434         if (err) {
6435                 bphy_err(drvr, "bcn_timeout error (%d)\n", err);
6436                 goto roam_setup_done;
6437         }
6438
6439         /* Enable/Disable built-in roaming to allow supplicant to take care of
6440          * roaming.
6441          */
6442         brcmf_dbg(INFO, "Internal Roaming = %s\n",
6443                   ifp->drvr->settings->roamoff ? "Off" : "On");
6444         err = brcmf_fil_iovar_int_set(ifp, "roam_off",
6445                                       ifp->drvr->settings->roamoff);
6446         if (err) {
6447                 bphy_err(drvr, "roam_off error (%d)\n", err);
6448                 goto roam_setup_done;
6449         }
6450
6451         roamtrigger[0] = cpu_to_le32(WL_ROAM_TRIGGER_LEVEL);
6452         roamtrigger[1] = cpu_to_le32(BRCM_BAND_ALL);
6453         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
6454                                      (void *)roamtrigger, sizeof(roamtrigger));
6455         if (err)
6456                 bphy_err(drvr, "WLC_SET_ROAM_TRIGGER error (%d)\n", err);
6457
6458         roam_delta[0] = cpu_to_le32(WL_ROAM_DELTA);
6459         roam_delta[1] = cpu_to_le32(BRCM_BAND_ALL);
6460         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
6461                                      (void *)roam_delta, sizeof(roam_delta));
6462         if (err)
6463                 bphy_err(drvr, "WLC_SET_ROAM_DELTA error (%d)\n", err);
6464
6465         return 0;
6466
6467 roam_setup_done:
6468         return err;
6469 }
6470
6471 static s32
6472 brcmf_dongle_scantime(struct brcmf_if *ifp)
6473 {
6474         struct brcmf_pub *drvr = ifp->drvr;
6475         s32 err = 0;
6476
6477         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_CHANNEL_TIME,
6478                                     BRCMF_SCAN_CHANNEL_TIME);
6479         if (err) {
6480                 bphy_err(drvr, "Scan assoc time error (%d)\n", err);
6481                 goto dongle_scantime_out;
6482         }
6483         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_UNASSOC_TIME,
6484                                     BRCMF_SCAN_UNASSOC_TIME);
6485         if (err) {
6486                 bphy_err(drvr, "Scan unassoc time error (%d)\n", err);
6487                 goto dongle_scantime_out;
6488         }
6489
6490         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_PASSIVE_TIME,
6491                                     BRCMF_SCAN_PASSIVE_TIME);
6492         if (err) {
6493                 bphy_err(drvr, "Scan passive time error (%d)\n", err);
6494                 goto dongle_scantime_out;
6495         }
6496
6497 dongle_scantime_out:
6498         return err;
6499 }
6500
6501 static void brcmf_update_bw40_channel_flag(struct ieee80211_channel *channel,
6502                                            struct brcmu_chan *ch)
6503 {
6504         u32 ht40_flag;
6505
6506         ht40_flag = channel->flags & IEEE80211_CHAN_NO_HT40;
6507         if (ch->sb == BRCMU_CHAN_SB_U) {
6508                 if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6509                         channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6510                 channel->flags |= IEEE80211_CHAN_NO_HT40PLUS;
6511         } else {
6512                 /* It should be one of
6513                  * IEEE80211_CHAN_NO_HT40 or
6514                  * IEEE80211_CHAN_NO_HT40PLUS
6515                  */
6516                 channel->flags &= ~IEEE80211_CHAN_NO_HT40;
6517                 if (ht40_flag == IEEE80211_CHAN_NO_HT40)
6518                         channel->flags |= IEEE80211_CHAN_NO_HT40MINUS;
6519         }
6520 }
6521
6522 static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg,
6523                                     u32 bw_cap[])
6524 {
6525         struct wiphy *wiphy = cfg_to_wiphy(cfg);
6526         struct brcmf_pub *drvr = cfg->pub;
6527         struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6528         struct ieee80211_supported_band *band;
6529         struct ieee80211_channel *channel;
6530         struct brcmf_chanspec_list *list;
6531         struct brcmu_chan ch;
6532         int err;
6533         u8 *pbuf;
6534         u32 i, j;
6535         u32 total;
6536         u32 chaninfo;
6537
6538         pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6539
6540         if (pbuf == NULL)
6541                 return -ENOMEM;
6542
6543         list = (struct brcmf_chanspec_list *)pbuf;
6544
6545         err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6546                                        BRCMF_DCMD_MEDLEN);
6547         if (err) {
6548                 bphy_err(drvr, "get chanspecs error (%d)\n", err);
6549                 goto fail_pbuf;
6550         }
6551
6552         band = wiphy->bands[NL80211_BAND_2GHZ];
6553         if (band)
6554                 for (i = 0; i < band->n_channels; i++)
6555                         band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6556         band = wiphy->bands[NL80211_BAND_5GHZ];
6557         if (band)
6558                 for (i = 0; i < band->n_channels; i++)
6559                         band->channels[i].flags = IEEE80211_CHAN_DISABLED;
6560
6561         total = le32_to_cpu(list->count);
6562         for (i = 0; i < total; i++) {
6563                 ch.chspec = (u16)le32_to_cpu(list->element[i]);
6564                 cfg->d11inf.decchspec(&ch);
6565
6566                 if (ch.band == BRCMU_CHAN_BAND_2G) {
6567                         band = wiphy->bands[NL80211_BAND_2GHZ];
6568                 } else if (ch.band == BRCMU_CHAN_BAND_5G) {
6569                         band = wiphy->bands[NL80211_BAND_5GHZ];
6570                 } else {
6571                         bphy_err(drvr, "Invalid channel Spec. 0x%x.\n",
6572                                  ch.chspec);
6573                         continue;
6574                 }
6575                 if (!band)
6576                         continue;
6577                 if (!(bw_cap[band->band] & WLC_BW_40MHZ_BIT) &&
6578                     ch.bw == BRCMU_CHAN_BW_40)
6579                         continue;
6580                 if (!(bw_cap[band->band] & WLC_BW_80MHZ_BIT) &&
6581                     ch.bw == BRCMU_CHAN_BW_80)
6582                         continue;
6583
6584                 channel = NULL;
6585                 for (j = 0; j < band->n_channels; j++) {
6586                         if (band->channels[j].hw_value == ch.control_ch_num) {
6587                                 channel = &band->channels[j];
6588                                 break;
6589                         }
6590                 }
6591                 if (!channel) {
6592                         /* It seems firmware supports some channel we never
6593                          * considered. Something new in IEEE standard?
6594                          */
6595                         bphy_err(drvr, "Ignoring unexpected firmware channel %d\n",
6596                                  ch.control_ch_num);
6597                         continue;
6598                 }
6599
6600                 if (channel->orig_flags & IEEE80211_CHAN_DISABLED)
6601                         continue;
6602
6603                 /* assuming the chanspecs order is HT20,
6604                  * HT40 upper, HT40 lower, and VHT80.
6605                  */
6606                 switch (ch.bw) {
6607                 case BRCMU_CHAN_BW_160:
6608                         channel->flags &= ~IEEE80211_CHAN_NO_160MHZ;
6609                         break;
6610                 case BRCMU_CHAN_BW_80:
6611                         channel->flags &= ~IEEE80211_CHAN_NO_80MHZ;
6612                         break;
6613                 case BRCMU_CHAN_BW_40:
6614                         brcmf_update_bw40_channel_flag(channel, &ch);
6615                         break;
6616                 default:
6617                         wiphy_warn(wiphy, "Firmware reported unsupported bandwidth %d\n",
6618                                    ch.bw);
6619                         fallthrough;
6620                 case BRCMU_CHAN_BW_20:
6621                         /* enable the channel and disable other bandwidths
6622                          * for now as mentioned order assure they are enabled
6623                          * for subsequent chanspecs.
6624                          */
6625                         channel->flags = IEEE80211_CHAN_NO_HT40 |
6626                                          IEEE80211_CHAN_NO_80MHZ |
6627                                          IEEE80211_CHAN_NO_160MHZ;
6628                         ch.bw = BRCMU_CHAN_BW_20;
6629                         cfg->d11inf.encchspec(&ch);
6630                         chaninfo = ch.chspec;
6631                         err = brcmf_fil_bsscfg_int_get(ifp, "per_chan_info",
6632                                                        &chaninfo);
6633                         if (!err) {
6634                                 if (chaninfo & WL_CHAN_RADAR)
6635                                         channel->flags |=
6636                                                 (IEEE80211_CHAN_RADAR |
6637                                                  IEEE80211_CHAN_NO_IR);
6638                                 if (chaninfo & WL_CHAN_PASSIVE)
6639                                         channel->flags |=
6640                                                 IEEE80211_CHAN_NO_IR;
6641                         }
6642                 }
6643         }
6644
6645 fail_pbuf:
6646         kfree(pbuf);
6647         return err;
6648 }
6649
6650 static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
6651 {
6652         struct brcmf_pub *drvr = cfg->pub;
6653         struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6654         struct ieee80211_supported_band *band;
6655         struct brcmf_fil_bwcap_le band_bwcap;
6656         struct brcmf_chanspec_list *list;
6657         u8 *pbuf;
6658         u32 val;
6659         int err;
6660         struct brcmu_chan ch;
6661         u32 num_chan;
6662         int i, j;
6663
6664         /* verify support for bw_cap command */
6665         val = WLC_BAND_5G;
6666         err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &val);
6667
6668         if (!err) {
6669                 /* only set 2G bandwidth using bw_cap command */
6670                 band_bwcap.band = cpu_to_le32(WLC_BAND_2G);
6671                 band_bwcap.bw_cap = cpu_to_le32(WLC_BW_CAP_40MHZ);
6672                 err = brcmf_fil_iovar_data_set(ifp, "bw_cap", &band_bwcap,
6673                                                sizeof(band_bwcap));
6674         } else {
6675                 brcmf_dbg(INFO, "fallback to mimo_bw_cap\n");
6676                 val = WLC_N_BW_40ALL;
6677                 err = brcmf_fil_iovar_int_set(ifp, "mimo_bw_cap", val);
6678         }
6679
6680         if (!err) {
6681                 /* update channel info in 2G band */
6682                 pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6683
6684                 if (pbuf == NULL)
6685                         return -ENOMEM;
6686
6687                 ch.band = BRCMU_CHAN_BAND_2G;
6688                 ch.bw = BRCMU_CHAN_BW_40;
6689                 ch.sb = BRCMU_CHAN_SB_NONE;
6690                 ch.chnum = 0;
6691                 cfg->d11inf.encchspec(&ch);
6692
6693                 /* pass encoded chanspec in query */
6694                 *(__le16 *)pbuf = cpu_to_le16(ch.chspec);
6695
6696                 err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6697                                                BRCMF_DCMD_MEDLEN);
6698                 if (err) {
6699                         bphy_err(drvr, "get chanspecs error (%d)\n", err);
6700                         kfree(pbuf);
6701                         return err;
6702                 }
6703
6704                 band = cfg_to_wiphy(cfg)->bands[NL80211_BAND_2GHZ];
6705                 list = (struct brcmf_chanspec_list *)pbuf;
6706                 num_chan = le32_to_cpu(list->count);
6707                 for (i = 0; i < num_chan; i++) {
6708                         ch.chspec = (u16)le32_to_cpu(list->element[i]);
6709                         cfg->d11inf.decchspec(&ch);
6710                         if (WARN_ON(ch.band != BRCMU_CHAN_BAND_2G))
6711                                 continue;
6712                         if (WARN_ON(ch.bw != BRCMU_CHAN_BW_40))
6713                                 continue;
6714                         for (j = 0; j < band->n_channels; j++) {
6715                                 if (band->channels[j].hw_value == ch.control_ch_num)
6716                                         break;
6717                         }
6718                         if (WARN_ON(j == band->n_channels))
6719                                 continue;
6720
6721                         brcmf_update_bw40_channel_flag(&band->channels[j], &ch);
6722                 }
6723                 kfree(pbuf);
6724         }
6725         return err;
6726 }
6727
6728 static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
6729 {
6730         struct brcmf_pub *drvr = ifp->drvr;
6731         u32 band, mimo_bwcap;
6732         int err;
6733
6734         band = WLC_BAND_2G;
6735         err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6736         if (!err) {
6737                 bw_cap[NL80211_BAND_2GHZ] = band;
6738                 band = WLC_BAND_5G;
6739                 err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6740                 if (!err) {
6741                         bw_cap[NL80211_BAND_5GHZ] = band;
6742                         return;
6743                 }
6744                 WARN_ON(1);
6745                 return;
6746         }
6747         brcmf_dbg(INFO, "fallback to mimo_bw_cap info\n");
6748         mimo_bwcap = 0;
6749         err = brcmf_fil_iovar_int_get(ifp, "mimo_bw_cap", &mimo_bwcap);
6750         if (err)
6751                 /* assume 20MHz if firmware does not give a clue */
6752                 mimo_bwcap = WLC_N_BW_20ALL;
6753
6754         switch (mimo_bwcap) {
6755         case WLC_N_BW_40ALL:
6756                 bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_40MHZ_BIT;
6757                 fallthrough;
6758         case WLC_N_BW_20IN2G_40IN5G:
6759                 bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_40MHZ_BIT;
6760                 fallthrough;
6761         case WLC_N_BW_20ALL:
6762                 bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_20MHZ_BIT;
6763                 bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
6764                 break;
6765         default:
6766                 bphy_err(drvr, "invalid mimo_bw_cap value\n");
6767         }
6768 }
6769
6770 static void brcmf_update_ht_cap(struct ieee80211_supported_band *band,
6771                                 u32 bw_cap[2], u32 nchain)
6772 {
6773         band->ht_cap.ht_supported = true;
6774         if (bw_cap[band->band] & WLC_BW_40MHZ_BIT) {
6775                 band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
6776                 band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
6777         }
6778         band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
6779         band->ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
6780         band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
6781         band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_16;
6782         memset(band->ht_cap.mcs.rx_mask, 0xff, nchain);
6783         band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
6784 }
6785
6786 static __le16 brcmf_get_mcs_map(u32 nchain, enum ieee80211_vht_mcs_support supp)
6787 {
6788         u16 mcs_map;
6789         int i;
6790
6791         for (i = 0, mcs_map = 0xFFFF; i < nchain; i++)
6792                 mcs_map = (mcs_map << 2) | supp;
6793
6794         return cpu_to_le16(mcs_map);
6795 }
6796
6797 static void brcmf_update_vht_cap(struct ieee80211_supported_band *band,
6798                                  u32 bw_cap[2], u32 nchain, u32 txstreams,
6799                                  u32 txbf_bfe_cap, u32 txbf_bfr_cap)
6800 {
6801         __le16 mcs_map;
6802
6803         /* not allowed in 2.4G band */
6804         if (band->band == NL80211_BAND_2GHZ)
6805                 return;
6806
6807         band->vht_cap.vht_supported = true;
6808         /* 80MHz is mandatory */
6809         band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_80;
6810         if (bw_cap[band->band] & WLC_BW_160MHZ_BIT) {
6811                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
6812                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_160;
6813         }
6814         /* all support 256-QAM */
6815         mcs_map = brcmf_get_mcs_map(nchain, IEEE80211_VHT_MCS_SUPPORT_0_9);
6816         band->vht_cap.vht_mcs.rx_mcs_map = mcs_map;
6817         band->vht_cap.vht_mcs.tx_mcs_map = mcs_map;
6818
6819         /* Beamforming support information */
6820         if (txbf_bfe_cap & BRCMF_TXBF_SU_BFE_CAP)
6821                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
6822         if (txbf_bfe_cap & BRCMF_TXBF_MU_BFE_CAP)
6823                 band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
6824         if (txbf_bfr_cap & BRCMF_TXBF_SU_BFR_CAP)
6825                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE;
6826         if (txbf_bfr_cap & BRCMF_TXBF_MU_BFR_CAP)
6827                 band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE;
6828
6829         if ((txbf_bfe_cap || txbf_bfr_cap) && (txstreams > 1)) {
6830                 band->vht_cap.cap |=
6831                         (2 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT);
6832                 band->vht_cap.cap |= ((txstreams - 1) <<
6833                                 IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT);
6834                 band->vht_cap.cap |=
6835                         IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
6836         }
6837 }
6838
6839 static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
6840 {
6841         struct brcmf_pub *drvr = cfg->pub;
6842         struct brcmf_if *ifp = brcmf_get_ifp(drvr, 0);
6843         struct wiphy *wiphy = cfg_to_wiphy(cfg);
6844         u32 nmode = 0;
6845         u32 vhtmode = 0;
6846         u32 bw_cap[2] = { WLC_BW_20MHZ_BIT, WLC_BW_20MHZ_BIT };
6847         u32 rxchain;
6848         u32 nchain;
6849         int err;
6850         s32 i;
6851         struct ieee80211_supported_band *band;
6852         u32 txstreams = 0;
6853         u32 txbf_bfe_cap = 0;
6854         u32 txbf_bfr_cap = 0;
6855
6856         (void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
6857         err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
6858         if (err) {
6859                 bphy_err(drvr, "nmode error (%d)\n", err);
6860         } else {
6861                 brcmf_get_bwcap(ifp, bw_cap);
6862         }
6863         brcmf_dbg(INFO, "nmode=%d, vhtmode=%d, bw_cap=(%d, %d)\n",
6864                   nmode, vhtmode, bw_cap[NL80211_BAND_2GHZ],
6865                   bw_cap[NL80211_BAND_5GHZ]);
6866
6867         err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
6868         if (err) {
6869                 /* rxchain unsupported by firmware of older chips */
6870                 if (err == -EBADE)
6871                         bphy_info_once(drvr, "rxchain unsupported\n");
6872                 else
6873                         bphy_err(drvr, "rxchain error (%d)\n", err);
6874
6875                 nchain = 1;
6876         } else {
6877                 for (nchain = 0; rxchain; nchain++)
6878                         rxchain = rxchain & (rxchain - 1);
6879         }
6880         brcmf_dbg(INFO, "nchain=%d\n", nchain);
6881
6882         err = brcmf_construct_chaninfo(cfg, bw_cap);
6883         if (err) {
6884                 bphy_err(drvr, "brcmf_construct_chaninfo failed (%d)\n", err);
6885                 return err;
6886         }
6887
6888         if (vhtmode) {
6889                 (void)brcmf_fil_iovar_int_get(ifp, "txstreams", &txstreams);
6890                 (void)brcmf_fil_iovar_int_get(ifp, "txbf_bfe_cap",
6891                                               &txbf_bfe_cap);
6892                 (void)brcmf_fil_iovar_int_get(ifp, "txbf_bfr_cap",
6893                                               &txbf_bfr_cap);
6894         }
6895
6896         for (i = 0; i < ARRAY_SIZE(wiphy->bands); i++) {
6897                 band = wiphy->bands[i];
6898                 if (band == NULL)
6899                         continue;
6900
6901                 if (nmode)
6902                         brcmf_update_ht_cap(band, bw_cap, nchain);
6903                 if (vhtmode)
6904                         brcmf_update_vht_cap(band, bw_cap, nchain, txstreams,
6905                                              txbf_bfe_cap, txbf_bfr_cap);
6906         }
6907
6908         return 0;
6909 }
6910
6911 static const struct ieee80211_txrx_stypes
6912 brcmf_txrx_stypes[NUM_NL80211_IFTYPES] = {
6913         [NL80211_IFTYPE_STATION] = {
6914                 .tx = 0xffff,
6915                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6916                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6917         },
6918         [NL80211_IFTYPE_P2P_CLIENT] = {
6919                 .tx = 0xffff,
6920                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6921                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6922         },
6923         [NL80211_IFTYPE_P2P_GO] = {
6924                 .tx = 0xffff,
6925                 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6926                       BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6927                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6928                       BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6929                       BIT(IEEE80211_STYPE_AUTH >> 4) |
6930                       BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6931                       BIT(IEEE80211_STYPE_ACTION >> 4)
6932         },
6933         [NL80211_IFTYPE_P2P_DEVICE] = {
6934                 .tx = 0xffff,
6935                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6936                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6937         },
6938         [NL80211_IFTYPE_AP] = {
6939                 .tx = 0xffff,
6940                 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6941                       BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6942                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6943                       BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6944                       BIT(IEEE80211_STYPE_AUTH >> 4) |
6945                       BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6946                       BIT(IEEE80211_STYPE_ACTION >> 4)
6947         }
6948 };
6949
6950 /**
6951  * brcmf_setup_ifmodes() - determine interface modes and combinations.
6952  *
6953  * @wiphy: wiphy object.
6954  * @ifp: interface object needed for feat module api.
6955  *
6956  * The interface modes and combinations are determined dynamically here
6957  * based on firmware functionality.
6958  *
6959  * no p2p and no mbss:
6960  *
6961  *      #STA <= 1, #AP <= 1, channels = 1, 2 total
6962  *
6963  * no p2p and mbss:
6964  *
6965  *      #STA <= 1, #AP <= 1, channels = 1, 2 total
6966  *      #AP <= 4, matching BI, channels = 1, 4 total
6967  *
6968  * no p2p and rsdb:
6969  *      #STA <= 1, #AP <= 2, channels = 2, 4 total
6970  *
6971  * p2p, no mchan, and mbss:
6972  *
6973  *      #STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 1, 3 total
6974  *      #STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6975  *      #AP <= 4, matching BI, channels = 1, 4 total
6976  *
6977  * p2p, mchan, and mbss:
6978  *
6979  *      #STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 2, 3 total
6980  *      #STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6981  *      #AP <= 4, matching BI, channels = 1, 4 total
6982  *
6983  * p2p, rsdb, and no mbss:
6984  *      #STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 2, AP <= 2,
6985  *       channels = 2, 4 total
6986  */
6987 static int brcmf_setup_ifmodes(struct wiphy *wiphy, struct brcmf_if *ifp)
6988 {
6989         struct ieee80211_iface_combination *combo = NULL;
6990         struct ieee80211_iface_limit *c0_limits = NULL;
6991         struct ieee80211_iface_limit *p2p_limits = NULL;
6992         struct ieee80211_iface_limit *mbss_limits = NULL;
6993         bool mon_flag, mbss, p2p, rsdb, mchan;
6994         int i, c, n_combos, n_limits;
6995
6996         mon_flag = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MONITOR_FLAG);
6997         mbss = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS);
6998         p2p = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_P2P);
6999         rsdb = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB);
7000         mchan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN);
7001
7002         n_combos = 1 + !!(p2p && !rsdb) + !!mbss;
7003         combo = kcalloc(n_combos, sizeof(*combo), GFP_KERNEL);
7004         if (!combo)
7005                 goto err;
7006
7007         wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
7008                                  BIT(NL80211_IFTYPE_ADHOC) |
7009                                  BIT(NL80211_IFTYPE_AP);
7010         if (mon_flag)
7011                 wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
7012         if (p2p)
7013                 wiphy->interface_modes |= BIT(NL80211_IFTYPE_P2P_CLIENT) |
7014                                           BIT(NL80211_IFTYPE_P2P_GO) |
7015                                           BIT(NL80211_IFTYPE_P2P_DEVICE);
7016
7017         c = 0;
7018         i = 0;
7019         n_limits = 1 + mon_flag + (p2p ? 2 : 0) + (rsdb || !p2p);
7020         c0_limits = kcalloc(n_limits, sizeof(*c0_limits), GFP_KERNEL);
7021         if (!c0_limits)
7022                 goto err;
7023
7024         combo[c].num_different_channels = 1 + (rsdb || (p2p && mchan));
7025         c0_limits[i].max = 1;
7026         c0_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7027         if (mon_flag) {
7028                 c0_limits[i].max = 1;
7029                 c0_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7030         }
7031         if (p2p) {
7032                 c0_limits[i].max = 1;
7033                 c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7034                 c0_limits[i].max = 1 + rsdb;
7035                 c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
7036                                        BIT(NL80211_IFTYPE_P2P_GO);
7037         }
7038         if (p2p && rsdb) {
7039                 c0_limits[i].max = 2;
7040                 c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7041                 combo[c].max_interfaces = 4;
7042         } else if (p2p) {
7043                 combo[c].max_interfaces = i;
7044         } else if (rsdb) {
7045                 c0_limits[i].max = 2;
7046                 c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7047                 combo[c].max_interfaces = 3;
7048         } else {
7049                 c0_limits[i].max = 1;
7050                 c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7051                 combo[c].max_interfaces = i;
7052         }
7053         combo[c].n_limits = i;
7054         combo[c].limits = c0_limits;
7055
7056         if (p2p && !rsdb) {
7057                 c++;
7058                 i = 0;
7059                 p2p_limits = kcalloc(4, sizeof(*p2p_limits), GFP_KERNEL);
7060                 if (!p2p_limits)
7061                         goto err;
7062                 p2p_limits[i].max = 1;
7063                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
7064                 p2p_limits[i].max = 1;
7065                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7066                 p2p_limits[i].max = 1;
7067                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT);
7068                 p2p_limits[i].max = 1;
7069                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
7070                 combo[c].num_different_channels = 1;
7071                 combo[c].max_interfaces = i;
7072                 combo[c].n_limits = i;
7073                 combo[c].limits = p2p_limits;
7074         }
7075
7076         if (mbss) {
7077                 c++;
7078                 i = 0;
7079                 n_limits = 1 + mon_flag;
7080                 mbss_limits = kcalloc(n_limits, sizeof(*mbss_limits),
7081                                       GFP_KERNEL);
7082                 if (!mbss_limits)
7083                         goto err;
7084                 mbss_limits[i].max = 4;
7085                 mbss_limits[i++].types = BIT(NL80211_IFTYPE_AP);
7086                 if (mon_flag) {
7087                         mbss_limits[i].max = 1;
7088                         mbss_limits[i++].types = BIT(NL80211_IFTYPE_MONITOR);
7089                 }
7090                 combo[c].beacon_int_infra_match = true;
7091                 combo[c].num_different_channels = 1;
7092                 combo[c].max_interfaces = 4 + mon_flag;
7093                 combo[c].n_limits = i;
7094                 combo[c].limits = mbss_limits;
7095         }
7096
7097         wiphy->n_iface_combinations = n_combos;
7098         wiphy->iface_combinations = combo;
7099         return 0;
7100
7101 err:
7102         kfree(c0_limits);
7103         kfree(p2p_limits);
7104         kfree(mbss_limits);
7105         kfree(combo);
7106         return -ENOMEM;
7107 }
7108
7109 #ifdef CONFIG_PM
7110 static const struct wiphy_wowlan_support brcmf_wowlan_support = {
7111         .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
7112         .n_patterns = BRCMF_WOWL_MAXPATTERNS,
7113         .pattern_max_len = BRCMF_WOWL_MAXPATTERNSIZE,
7114         .pattern_min_len = 1,
7115         .max_pkt_offset = 1500,
7116 };
7117 #endif
7118
7119 static void brcmf_wiphy_wowl_params(struct wiphy *wiphy, struct brcmf_if *ifp)
7120 {
7121 #ifdef CONFIG_PM
7122         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7123         struct brcmf_pub *drvr = cfg->pub;
7124         struct wiphy_wowlan_support *wowl;
7125
7126         wowl = kmemdup(&brcmf_wowlan_support, sizeof(brcmf_wowlan_support),
7127                        GFP_KERNEL);
7128         if (!wowl) {
7129                 bphy_err(drvr, "only support basic wowlan features\n");
7130                 wiphy->wowlan = &brcmf_wowlan_support;
7131                 return;
7132         }
7133
7134         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7135                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ND)) {
7136                         wowl->flags |= WIPHY_WOWLAN_NET_DETECT;
7137                         wowl->max_nd_match_sets = BRCMF_PNO_MAX_PFN_COUNT;
7138                         init_waitqueue_head(&cfg->wowl.nd_data_wait);
7139                 }
7140         }
7141         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK)) {
7142                 wowl->flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY;
7143                 wowl->flags |= WIPHY_WOWLAN_GTK_REKEY_FAILURE;
7144         }
7145
7146         wiphy->wowlan = wowl;
7147 #endif
7148 }
7149
7150 static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
7151 {
7152         struct brcmf_pub *drvr = ifp->drvr;
7153         const struct ieee80211_iface_combination *combo;
7154         struct ieee80211_supported_band *band;
7155         u16 max_interfaces = 0;
7156         bool gscan;
7157         __le32 bandlist[3];
7158         u32 n_bands;
7159         int err, i;
7160
7161         wiphy->max_scan_ssids = WL_NUM_SCAN_MAX;
7162         wiphy->max_scan_ie_len = BRCMF_SCAN_IE_LEN_MAX;
7163         wiphy->max_num_pmkids = BRCMF_MAXPMKID;
7164
7165         err = brcmf_setup_ifmodes(wiphy, ifp);
7166         if (err)
7167                 return err;
7168
7169         for (i = 0, combo = wiphy->iface_combinations;
7170              i < wiphy->n_iface_combinations; i++, combo++) {
7171                 max_interfaces = max(max_interfaces, combo->max_interfaces);
7172         }
7173
7174         for (i = 0; i < max_interfaces && i < ARRAY_SIZE(drvr->addresses);
7175              i++) {
7176                 u8 *addr = drvr->addresses[i].addr;
7177
7178                 memcpy(addr, drvr->mac, ETH_ALEN);
7179                 if (i) {
7180                         addr[0] |= BIT(1);
7181                         addr[ETH_ALEN - 1] ^= i;
7182                 }
7183         }
7184         wiphy->addresses = drvr->addresses;
7185         wiphy->n_addresses = i;
7186
7187         wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
7188         wiphy->cipher_suites = brcmf_cipher_suites;
7189         wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
7190         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
7191                 wiphy->n_cipher_suites--;
7192         wiphy->bss_select_support = BIT(NL80211_BSS_SELECT_ATTR_RSSI) |
7193                                     BIT(NL80211_BSS_SELECT_ATTR_BAND_PREF) |
7194                                     BIT(NL80211_BSS_SELECT_ATTR_RSSI_ADJUST);
7195
7196         wiphy->flags |= WIPHY_FLAG_NETNS_OK |
7197                         WIPHY_FLAG_PS_ON_BY_DEFAULT |
7198                         WIPHY_FLAG_HAVE_AP_SME |
7199                         WIPHY_FLAG_OFFCHAN_TX |
7200                         WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
7201         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS))
7202                 wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
7203         if (!ifp->drvr->settings->roamoff)
7204                 wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM;
7205         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWSUP)) {
7206                 wiphy_ext_feature_set(wiphy,
7207                                       NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK);
7208                 wiphy_ext_feature_set(wiphy,
7209                                       NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X);
7210                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7211                         wiphy_ext_feature_set(wiphy,
7212                                               NL80211_EXT_FEATURE_SAE_OFFLOAD);
7213         }
7214         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWAUTH)) {
7215                 wiphy_ext_feature_set(wiphy,
7216                                       NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK);
7217                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SAE))
7218                         wiphy_ext_feature_set(wiphy,
7219                                               NL80211_EXT_FEATURE_SAE_OFFLOAD_AP);
7220         }
7221         wiphy->mgmt_stypes = brcmf_txrx_stypes;
7222         wiphy->max_remain_on_channel_duration = 5000;
7223         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
7224                 gscan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_GSCAN);
7225                 brcmf_pno_wiphy_params(wiphy, gscan);
7226         }
7227         /* vendor commands/events support */
7228         wiphy->vendor_commands = brcmf_vendor_cmds;
7229         wiphy->n_vendor_commands = BRCMF_VNDR_CMDS_LAST - 1;
7230
7231         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL))
7232                 brcmf_wiphy_wowl_params(wiphy, ifp);
7233         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
7234                                      sizeof(bandlist));
7235         if (err) {
7236                 bphy_err(drvr, "could not obtain band info: err=%d\n", err);
7237                 return err;
7238         }
7239         /* first entry in bandlist is number of bands */
7240         n_bands = le32_to_cpu(bandlist[0]);
7241         for (i = 1; i <= n_bands && i < ARRAY_SIZE(bandlist); i++) {
7242                 if (bandlist[i] == cpu_to_le32(WLC_BAND_2G)) {
7243                         band = kmemdup(&__wl_band_2ghz, sizeof(__wl_band_2ghz),
7244                                        GFP_KERNEL);
7245                         if (!band)
7246                                 return -ENOMEM;
7247
7248                         band->channels = kmemdup(&__wl_2ghz_channels,
7249                                                  sizeof(__wl_2ghz_channels),
7250                                                  GFP_KERNEL);
7251                         if (!band->channels) {
7252                                 kfree(band);
7253                                 return -ENOMEM;
7254                         }
7255
7256                         band->n_channels = ARRAY_SIZE(__wl_2ghz_channels);
7257                         wiphy->bands[NL80211_BAND_2GHZ] = band;
7258                 }
7259                 if (bandlist[i] == cpu_to_le32(WLC_BAND_5G)) {
7260                         band = kmemdup(&__wl_band_5ghz, sizeof(__wl_band_5ghz),
7261                                        GFP_KERNEL);
7262                         if (!band)
7263                                 return -ENOMEM;
7264
7265                         band->channels = kmemdup(&__wl_5ghz_channels,
7266                                                  sizeof(__wl_5ghz_channels),
7267                                                  GFP_KERNEL);
7268                         if (!band->channels) {
7269                                 kfree(band);
7270                                 return -ENOMEM;
7271                         }
7272
7273                         band->n_channels = ARRAY_SIZE(__wl_5ghz_channels);
7274                         wiphy->bands[NL80211_BAND_5GHZ] = band;
7275                 }
7276         }
7277
7278         if (wiphy->bands[NL80211_BAND_5GHZ] &&
7279             brcmf_feat_is_enabled(ifp, BRCMF_FEAT_DOT11H))
7280                 wiphy_ext_feature_set(wiphy,
7281                                       NL80211_EXT_FEATURE_DFS_OFFLOAD);
7282
7283         wiphy_ext_feature_set(wiphy, NL80211_EXT_FEATURE_CQM_RSSI_LIST);
7284
7285         wiphy_read_of_freq_limits(wiphy);
7286
7287         return 0;
7288 }
7289
7290 static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
7291 {
7292         struct brcmf_pub *drvr = cfg->pub;
7293         struct net_device *ndev;
7294         struct wireless_dev *wdev;
7295         struct brcmf_if *ifp;
7296         s32 power_mode;
7297         s32 err = 0;
7298
7299         if (cfg->dongle_up)
7300                 return err;
7301
7302         ndev = cfg_to_ndev(cfg);
7303         wdev = ndev->ieee80211_ptr;
7304         ifp = netdev_priv(ndev);
7305
7306         /* make sure RF is ready for work */
7307         brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 0);
7308
7309         brcmf_dongle_scantime(ifp);
7310
7311         power_mode = cfg->pwr_save ? PM_FAST : PM_OFF;
7312         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, power_mode);
7313         if (err)
7314                 goto default_conf_out;
7315         brcmf_dbg(INFO, "power save set to %s\n",
7316                   (power_mode ? "enabled" : "disabled"));
7317
7318         err = brcmf_dongle_roam(ifp);
7319         if (err)
7320                 goto default_conf_out;
7321         err = brcmf_cfg80211_change_iface(wdev->wiphy, ndev, wdev->iftype,
7322                                           NULL);
7323         if (err)
7324                 goto default_conf_out;
7325
7326         brcmf_configure_arp_nd_offload(ifp, true);
7327
7328         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_FAKEFRAG, 1);
7329         if (err) {
7330                 bphy_err(drvr, "failed to set frameburst mode\n");
7331                 goto default_conf_out;
7332         }
7333
7334         cfg->dongle_up = true;
7335 default_conf_out:
7336
7337         return err;
7338
7339 }
7340
7341 static s32 __brcmf_cfg80211_up(struct brcmf_if *ifp)
7342 {
7343         set_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7344
7345         return brcmf_config_dongle(ifp->drvr->config);
7346 }
7347
7348 static s32 __brcmf_cfg80211_down(struct brcmf_if *ifp)
7349 {
7350         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7351
7352         /*
7353          * While going down, if associated with AP disassociate
7354          * from AP to save power
7355          */
7356         if (check_vif_up(ifp->vif)) {
7357                 brcmf_link_down(ifp->vif, WLAN_REASON_UNSPECIFIED, true);
7358
7359                 /* Make sure WPA_Supplicant receives all the event
7360                    generated due to DISASSOC call to the fw to keep
7361                    the state fw and WPA_Supplicant state consistent
7362                  */
7363                 brcmf_delay(500);
7364         }
7365
7366         brcmf_abort_scanning(cfg);
7367         clear_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
7368
7369         return 0;
7370 }
7371
7372 s32 brcmf_cfg80211_up(struct net_device *ndev)
7373 {
7374         struct brcmf_if *ifp = netdev_priv(ndev);
7375         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7376         s32 err = 0;
7377
7378         mutex_lock(&cfg->usr_sync);
7379         err = __brcmf_cfg80211_up(ifp);
7380         mutex_unlock(&cfg->usr_sync);
7381
7382         return err;
7383 }
7384
7385 s32 brcmf_cfg80211_down(struct net_device *ndev)
7386 {
7387         struct brcmf_if *ifp = netdev_priv(ndev);
7388         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
7389         s32 err = 0;
7390
7391         mutex_lock(&cfg->usr_sync);
7392         err = __brcmf_cfg80211_down(ifp);
7393         mutex_unlock(&cfg->usr_sync);
7394
7395         return err;
7396 }
7397
7398 enum nl80211_iftype brcmf_cfg80211_get_iftype(struct brcmf_if *ifp)
7399 {
7400         struct wireless_dev *wdev = &ifp->vif->wdev;
7401
7402         return wdev->iftype;
7403 }
7404
7405 bool brcmf_get_vif_state_any(struct brcmf_cfg80211_info *cfg,
7406                              unsigned long state)
7407 {
7408         struct brcmf_cfg80211_vif *vif;
7409
7410         list_for_each_entry(vif, &cfg->vif_list, list) {
7411                 if (test_bit(state, &vif->sme_state))
7412                         return true;
7413         }
7414         return false;
7415 }
7416
7417 static inline bool vif_event_equals(struct brcmf_cfg80211_vif_event *event,
7418                                     u8 action)
7419 {
7420         u8 evt_action;
7421
7422         spin_lock(&event->vif_event_lock);
7423         evt_action = event->action;
7424         spin_unlock(&event->vif_event_lock);
7425         return evt_action == action;
7426 }
7427
7428 void brcmf_cfg80211_arm_vif_event(struct brcmf_cfg80211_info *cfg,
7429                                   struct brcmf_cfg80211_vif *vif)
7430 {
7431         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7432
7433         spin_lock(&event->vif_event_lock);
7434         event->vif = vif;
7435         event->action = 0;
7436         spin_unlock(&event->vif_event_lock);
7437 }
7438
7439 bool brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info *cfg)
7440 {
7441         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7442         bool armed;
7443
7444         spin_lock(&event->vif_event_lock);
7445         armed = event->vif != NULL;
7446         spin_unlock(&event->vif_event_lock);
7447
7448         return armed;
7449 }
7450
7451 int brcmf_cfg80211_wait_vif_event(struct brcmf_cfg80211_info *cfg,
7452                                   u8 action, ulong timeout)
7453 {
7454         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
7455
7456         return wait_event_timeout(event->vif_wq,
7457                                   vif_event_equals(event, action), timeout);
7458 }
7459
7460 static s32 brcmf_translate_country_code(struct brcmf_pub *drvr, char alpha2[2],
7461                                         struct brcmf_fil_country_le *ccreq)
7462 {
7463         struct brcmfmac_pd_cc *country_codes;
7464         struct brcmfmac_pd_cc_entry *cc;
7465         s32 found_index;
7466         int i;
7467
7468         if ((alpha2[0] == ccreq->country_abbrev[0]) &&
7469             (alpha2[1] == ccreq->country_abbrev[1])) {
7470                 brcmf_dbg(TRACE, "Country code already set\n");
7471                 return -EAGAIN;
7472         }
7473
7474         country_codes = drvr->settings->country_codes;
7475         if (!country_codes) {
7476                 brcmf_dbg(TRACE, "No country codes configured for device, using ISO3166 code and 0 rev\n");
7477                 memset(ccreq, 0, sizeof(*ccreq));
7478                 ccreq->country_abbrev[0] = alpha2[0];
7479                 ccreq->country_abbrev[1] = alpha2[1];
7480                 ccreq->ccode[0] = alpha2[0];
7481                 ccreq->ccode[1] = alpha2[1];
7482                 return 0;
7483         }
7484
7485         found_index = -1;
7486         for (i = 0; i < country_codes->table_size; i++) {
7487                 cc = &country_codes->table[i];
7488                 if ((cc->iso3166[0] == '\0') && (found_index == -1))
7489                         found_index = i;
7490                 if ((cc->iso3166[0] == alpha2[0]) &&
7491                     (cc->iso3166[1] == alpha2[1])) {
7492                         found_index = i;
7493                         break;
7494                 }
7495         }
7496         if (found_index == -1) {
7497                 brcmf_dbg(TRACE, "No country code match found\n");
7498                 return -EINVAL;
7499         }
7500         memset(ccreq, 0, sizeof(*ccreq));
7501         ccreq->rev = cpu_to_le32(country_codes->table[found_index].rev);
7502         memcpy(ccreq->ccode, country_codes->table[found_index].cc,
7503                BRCMF_COUNTRY_BUF_SZ);
7504         ccreq->country_abbrev[0] = alpha2[0];
7505         ccreq->country_abbrev[1] = alpha2[1];
7506         ccreq->country_abbrev[2] = 0;
7507
7508         return 0;
7509 }
7510
7511 static void brcmf_cfg80211_reg_notifier(struct wiphy *wiphy,
7512                                         struct regulatory_request *req)
7513 {
7514         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
7515         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
7516         struct brcmf_pub *drvr = cfg->pub;
7517         struct brcmf_fil_country_le ccreq;
7518         char *alpha2;
7519         s32 err;
7520         int i;
7521
7522         err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
7523         if (err) {
7524                 bphy_err(drvr, "Country code iovar returned err = %d\n", err);
7525                 return;
7526         }
7527
7528         /* The country code gets set to "00" by default at boot - substitute
7529          * any saved ccode from the nvram file unless there is a valid code
7530          * already set.
7531          */
7532         alpha2 = req->alpha2;
7533         if (alpha2[0] == '0' && alpha2[1] == '0') {
7534                 extern char saved_ccode[2];
7535
7536                 if ((isupper(ccreq.country_abbrev[0]) &&
7537                      isupper(ccreq.country_abbrev[1])) ||
7538                     !saved_ccode[0])
7539                         return;
7540                 alpha2 = saved_ccode;
7541                 pr_debug("brcmfmac: substituting saved ccode %c%c\n",
7542                          alpha2[0], alpha2[1]);
7543         }
7544
7545         /* ignore non-ISO3166 country codes */
7546         for (i = 0; i < 2; i++)
7547                 if (alpha2[i] < 'A' || alpha2[i] > 'Z') {
7548                         bphy_err(drvr, "not an ISO3166 code (0x%02x 0x%02x)\n",
7549                                  alpha2[0], alpha2[1]);
7550                         return;
7551                 }
7552
7553         brcmf_dbg(TRACE, "Enter: initiator=%d, alpha=%c%c\n", req->initiator,
7554                   alpha2[0], alpha2[1]);
7555
7556         err = brcmf_translate_country_code(ifp->drvr, alpha2, &ccreq);
7557         if (err)
7558                 return;
7559
7560         err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
7561         if (err) {
7562                 bphy_err(drvr, "Firmware rejected country setting\n");
7563                 return;
7564         }
7565         brcmf_setup_wiphybands(cfg);
7566 }
7567
7568 static void brcmf_free_wiphy(struct wiphy *wiphy)
7569 {
7570         int i;
7571
7572         if (!wiphy)
7573                 return;
7574
7575         if (wiphy->iface_combinations) {
7576                 for (i = 0; i < wiphy->n_iface_combinations; i++)
7577                         kfree(wiphy->iface_combinations[i].limits);
7578         }
7579         kfree(wiphy->iface_combinations);
7580         if (wiphy->bands[NL80211_BAND_2GHZ]) {
7581                 kfree(wiphy->bands[NL80211_BAND_2GHZ]->channels);
7582                 kfree(wiphy->bands[NL80211_BAND_2GHZ]);
7583         }
7584         if (wiphy->bands[NL80211_BAND_5GHZ]) {
7585                 kfree(wiphy->bands[NL80211_BAND_5GHZ]->channels);
7586                 kfree(wiphy->bands[NL80211_BAND_5GHZ]);
7587         }
7588 #if IS_ENABLED(CONFIG_PM)
7589         if (wiphy->wowlan != &brcmf_wowlan_support)
7590                 kfree(wiphy->wowlan);
7591 #endif
7592 }
7593
7594 struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
7595                                                   struct cfg80211_ops *ops,
7596                                                   bool p2pdev_forced)
7597 {
7598         struct wiphy *wiphy = drvr->wiphy;
7599         struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev;
7600         struct brcmf_cfg80211_info *cfg;
7601         struct brcmf_cfg80211_vif *vif;
7602         struct brcmf_if *ifp;
7603         s32 err = 0;
7604         s32 io_type;
7605         u16 *cap = NULL;
7606
7607         if (!ndev) {
7608                 bphy_err(drvr, "ndev is invalid\n");
7609                 return NULL;
7610         }
7611
7612         cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
7613         if (!cfg) {
7614                 bphy_err(drvr, "Could not allocate wiphy device\n");
7615                 return NULL;
7616         }
7617
7618         cfg->wiphy = wiphy;
7619         cfg->pub = drvr;
7620         init_vif_event(&cfg->vif_event);
7621         INIT_LIST_HEAD(&cfg->vif_list);
7622
7623         vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_STATION);
7624         if (IS_ERR(vif))
7625                 goto wiphy_out;
7626
7627         ifp = netdev_priv(ndev);
7628         vif->ifp = ifp;
7629         vif->wdev.netdev = ndev;
7630         ndev->ieee80211_ptr = &vif->wdev;
7631         SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
7632
7633         err = wl_init_priv(cfg);
7634         if (err) {
7635                 bphy_err(drvr, "Failed to init iwm_priv (%d)\n", err);
7636                 brcmf_free_vif(vif);
7637                 goto wiphy_out;
7638         }
7639         ifp->vif = vif;
7640
7641         /* determine d11 io type before wiphy setup */
7642         err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
7643         if (err) {
7644                 bphy_err(drvr, "Failed to get D11 version (%d)\n", err);
7645                 goto priv_out;
7646         }
7647         cfg->d11inf.io_type = (u8)io_type;
7648         brcmu_d11_attach(&cfg->d11inf);
7649
7650         /* regulatory notifer below needs access to cfg so
7651          * assign it now.
7652          */
7653         drvr->config = cfg;
7654
7655         err = brcmf_setup_wiphy(wiphy, ifp);
7656         if (err < 0)
7657                 goto priv_out;
7658
7659         brcmf_dbg(INFO, "Registering custom regulatory\n");
7660         wiphy->reg_notifier = brcmf_cfg80211_reg_notifier;
7661         wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;
7662         wiphy_apply_custom_regulatory(wiphy, &brcmf_regdom);
7663
7664         /* firmware defaults to 40MHz disabled in 2G band. We signal
7665          * cfg80211 here that we do and have it decide we can enable
7666          * it. But first check if device does support 2G operation.
7667          */
7668         if (wiphy->bands[NL80211_BAND_2GHZ]) {
7669                 cap = &wiphy->bands[NL80211_BAND_2GHZ]->ht_cap.cap;
7670                 *cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7671         }
7672 #ifdef CONFIG_PM
7673         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK))
7674                 ops->set_rekey_data = brcmf_cfg80211_set_rekey_data;
7675 #endif
7676         err = wiphy_register(wiphy);
7677         if (err < 0) {
7678                 bphy_err(drvr, "Could not register wiphy device (%d)\n", err);
7679                 goto priv_out;
7680         }
7681
7682         err = brcmf_setup_wiphybands(cfg);
7683         if (err) {
7684                 bphy_err(drvr, "Setting wiphy bands failed (%d)\n", err);
7685                 goto wiphy_unreg_out;
7686         }
7687
7688         /* If cfg80211 didn't disable 40MHz HT CAP in wiphy_register(),
7689          * setup 40MHz in 2GHz band and enable OBSS scanning.
7690          */
7691         if (cap && (*cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) {
7692                 err = brcmf_enable_bw40_2g(cfg);
7693                 if (!err)
7694                         err = brcmf_fil_iovar_int_set(ifp, "obss_coex",
7695                                                       BRCMF_OBSS_COEX_AUTO);
7696                 else
7697                         *cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7698         }
7699
7700         err = brcmf_fweh_activate_events(ifp);
7701         if (err) {
7702                 bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7703                 goto wiphy_unreg_out;
7704         }
7705
7706         err = brcmf_p2p_attach(cfg, p2pdev_forced);
7707         if (err) {
7708                 bphy_err(drvr, "P2P initialisation failed (%d)\n", err);
7709                 goto wiphy_unreg_out;
7710         }
7711         err = brcmf_btcoex_attach(cfg);
7712         if (err) {
7713                 bphy_err(drvr, "BT-coex initialisation failed (%d)\n", err);
7714                 brcmf_p2p_detach(&cfg->p2p);
7715                 goto wiphy_unreg_out;
7716         }
7717         err = brcmf_pno_attach(cfg);
7718         if (err) {
7719                 bphy_err(drvr, "PNO initialisation failed (%d)\n", err);
7720                 brcmf_btcoex_detach(cfg);
7721                 brcmf_p2p_detach(&cfg->p2p);
7722                 goto wiphy_unreg_out;
7723         }
7724
7725         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS)) {
7726                 err = brcmf_fil_iovar_int_set(ifp, "tdls_enable", 1);
7727                 if (err) {
7728                         brcmf_dbg(INFO, "TDLS not enabled (%d)\n", err);
7729                         wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_TDLS;
7730                 } else {
7731                         brcmf_fweh_register(cfg->pub, BRCMF_E_TDLS_PEER_EVENT,
7732                                             brcmf_notify_tdls_peer_event);
7733                 }
7734         }
7735
7736         /* (re-) activate FWEH event handling */
7737         err = brcmf_fweh_activate_events(ifp);
7738         if (err) {
7739                 bphy_err(drvr, "FWEH activation failed (%d)\n", err);
7740                 goto detach;
7741         }
7742
7743         /* Fill in some of the advertised nl80211 supported features */
7744         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SCAN_RANDOM_MAC)) {
7745                 wiphy->features |= NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7746 #ifdef CONFIG_PM
7747                 if (wiphy->wowlan &&
7748                     wiphy->wowlan->flags & WIPHY_WOWLAN_NET_DETECT)
7749                         wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7750 #endif
7751         }
7752
7753         return cfg;
7754
7755 detach:
7756         brcmf_pno_detach(cfg);
7757         brcmf_btcoex_detach(cfg);
7758         brcmf_p2p_detach(&cfg->p2p);
7759 wiphy_unreg_out:
7760         wiphy_unregister(cfg->wiphy);
7761 priv_out:
7762         wl_deinit_priv(cfg);
7763         brcmf_free_vif(vif);
7764         ifp->vif = NULL;
7765 wiphy_out:
7766         brcmf_free_wiphy(wiphy);
7767         kfree(cfg);
7768         return NULL;
7769 }
7770
7771 void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
7772 {
7773         if (!cfg)
7774                 return;
7775
7776         brcmf_pno_detach(cfg);
7777         brcmf_btcoex_detach(cfg);
7778         wiphy_unregister(cfg->wiphy);
7779         wl_deinit_priv(cfg);
7780         brcmf_free_wiphy(cfg->wiphy);
7781         kfree(cfg);
7782 }