GNU Linux-libre 4.19.281-gnu1
[releases.git] / drivers / net / wireless / broadcom / brcm80211 / brcmfmac / cfg80211.c
1 /*
2  * Copyright (c) 2010 Broadcom Corporation
3  *
4  * Permission to use, copy, modify, and/or distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
9  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
10  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
11  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
12  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
13  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
14  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15  */
16
17 /* Toplevel file. Relies on dhd_linux.c to send commands to the dongle. */
18
19 #include <linux/kernel.h>
20 #include <linux/etherdevice.h>
21 #include <linux/module.h>
22 #include <linux/vmalloc.h>
23 #include <net/cfg80211.h>
24 #include <net/netlink.h>
25
26 #include <brcmu_utils.h>
27 #include <defs.h>
28 #include <brcmu_wifi.h>
29 #include "core.h"
30 #include "debug.h"
31 #include "tracepoint.h"
32 #include "fwil_types.h"
33 #include "p2p.h"
34 #include "btcoex.h"
35 #include "pno.h"
36 #include "cfg80211.h"
37 #include "feature.h"
38 #include "fwil.h"
39 #include "proto.h"
40 #include "vendor.h"
41 #include "bus.h"
42 #include "common.h"
43
44 #define BRCMF_SCAN_IE_LEN_MAX           2048
45
46 #define WPA_OUI                         "\x00\x50\xF2"  /* WPA OUI */
47 #define WPA_OUI_TYPE                    1
48 #define RSN_OUI                         "\x00\x0F\xAC"  /* RSN OUI */
49 #define WME_OUI_TYPE                    2
50 #define WPS_OUI_TYPE                    4
51
52 #define VS_IE_FIXED_HDR_LEN             6
53 #define WPA_IE_VERSION_LEN              2
54 #define WPA_IE_MIN_OUI_LEN              4
55 #define WPA_IE_SUITE_COUNT_LEN          2
56
57 #define WPA_CIPHER_NONE                 0       /* None */
58 #define WPA_CIPHER_WEP_40               1       /* WEP (40-bit) */
59 #define WPA_CIPHER_TKIP                 2       /* TKIP: default for WPA */
60 #define WPA_CIPHER_AES_CCM              4       /* AES (CCM) */
61 #define WPA_CIPHER_WEP_104              5       /* WEP (104-bit) */
62
63 #define RSN_AKM_NONE                    0       /* None (IBSS) */
64 #define RSN_AKM_UNSPECIFIED             1       /* Over 802.1x */
65 #define RSN_AKM_PSK                     2       /* Pre-shared Key */
66 #define RSN_AKM_SHA256_1X               5       /* SHA256, 802.1X */
67 #define RSN_AKM_SHA256_PSK              6       /* SHA256, Pre-shared Key */
68 #define RSN_CAP_LEN                     2       /* Length of RSN capabilities */
69 #define RSN_CAP_PTK_REPLAY_CNTR_MASK    (BIT(2) | BIT(3))
70 #define RSN_CAP_MFPR_MASK               BIT(6)
71 #define RSN_CAP_MFPC_MASK               BIT(7)
72 #define RSN_PMKID_COUNT_LEN             2
73
74 #define VNDR_IE_CMD_LEN                 4       /* length of the set command
75                                                  * string :"add", "del" (+ NUL)
76                                                  */
77 #define VNDR_IE_COUNT_OFFSET            4
78 #define VNDR_IE_PKTFLAG_OFFSET          8
79 #define VNDR_IE_VSIE_OFFSET             12
80 #define VNDR_IE_HDR_SIZE                12
81 #define VNDR_IE_PARSE_LIMIT             5
82
83 #define DOT11_MGMT_HDR_LEN              24      /* d11 management header len */
84 #define DOT11_BCN_PRB_FIXED_LEN         12      /* beacon/probe fixed length */
85
86 #define BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS    320
87 #define BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS   400
88 #define BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS       20
89
90 #define BRCMF_SCAN_CHANNEL_TIME         40
91 #define BRCMF_SCAN_UNASSOC_TIME         40
92 #define BRCMF_SCAN_PASSIVE_TIME         120
93
94 #define BRCMF_ND_INFO_TIMEOUT           msecs_to_jiffies(2000)
95
96 #define BRCMF_ASSOC_PARAMS_FIXED_SIZE \
97         (sizeof(struct brcmf_assoc_params_le) - sizeof(u16))
98
99 static bool check_vif_up(struct brcmf_cfg80211_vif *vif)
100 {
101         if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state)) {
102                 brcmf_dbg(INFO, "device is not ready : status (%lu)\n",
103                           vif->sme_state);
104                 return false;
105         }
106         return true;
107 }
108
109 #define RATE_TO_BASE100KBPS(rate)   (((rate) * 10) / 2)
110 #define RATETAB_ENT(_rateid, _flags) \
111         {                                                               \
112                 .bitrate        = RATE_TO_BASE100KBPS(_rateid),     \
113                 .hw_value       = (_rateid),                            \
114                 .flags          = (_flags),                             \
115         }
116
117 static struct ieee80211_rate __wl_rates[] = {
118         RATETAB_ENT(BRCM_RATE_1M, 0),
119         RATETAB_ENT(BRCM_RATE_2M, IEEE80211_RATE_SHORT_PREAMBLE),
120         RATETAB_ENT(BRCM_RATE_5M5, IEEE80211_RATE_SHORT_PREAMBLE),
121         RATETAB_ENT(BRCM_RATE_11M, IEEE80211_RATE_SHORT_PREAMBLE),
122         RATETAB_ENT(BRCM_RATE_6M, 0),
123         RATETAB_ENT(BRCM_RATE_9M, 0),
124         RATETAB_ENT(BRCM_RATE_12M, 0),
125         RATETAB_ENT(BRCM_RATE_18M, 0),
126         RATETAB_ENT(BRCM_RATE_24M, 0),
127         RATETAB_ENT(BRCM_RATE_36M, 0),
128         RATETAB_ENT(BRCM_RATE_48M, 0),
129         RATETAB_ENT(BRCM_RATE_54M, 0),
130 };
131
132 #define wl_g_rates              (__wl_rates + 0)
133 #define wl_g_rates_size         ARRAY_SIZE(__wl_rates)
134 #define wl_a_rates              (__wl_rates + 4)
135 #define wl_a_rates_size         (wl_g_rates_size - 4)
136
137 #define CHAN2G(_channel, _freq) {                               \
138         .band                   = NL80211_BAND_2GHZ,            \
139         .center_freq            = (_freq),                      \
140         .hw_value               = (_channel),                   \
141         .max_antenna_gain       = 0,                            \
142         .max_power              = 30,                           \
143 }
144
145 #define CHAN5G(_channel) {                                      \
146         .band                   = NL80211_BAND_5GHZ,            \
147         .center_freq            = 5000 + (5 * (_channel)),      \
148         .hw_value               = (_channel),                   \
149         .max_antenna_gain       = 0,                            \
150         .max_power              = 30,                           \
151 }
152
153 static struct ieee80211_channel __wl_2ghz_channels[] = {
154         CHAN2G(1, 2412), CHAN2G(2, 2417), CHAN2G(3, 2422), CHAN2G(4, 2427),
155         CHAN2G(5, 2432), CHAN2G(6, 2437), CHAN2G(7, 2442), CHAN2G(8, 2447),
156         CHAN2G(9, 2452), CHAN2G(10, 2457), CHAN2G(11, 2462), CHAN2G(12, 2467),
157         CHAN2G(13, 2472), CHAN2G(14, 2484)
158 };
159
160 static struct ieee80211_channel __wl_5ghz_channels[] = {
161         CHAN5G(34), CHAN5G(36), CHAN5G(38), CHAN5G(40), CHAN5G(42),
162         CHAN5G(44), CHAN5G(46), CHAN5G(48), CHAN5G(52), CHAN5G(56),
163         CHAN5G(60), CHAN5G(64), CHAN5G(100), CHAN5G(104), CHAN5G(108),
164         CHAN5G(112), CHAN5G(116), CHAN5G(120), CHAN5G(124), CHAN5G(128),
165         CHAN5G(132), CHAN5G(136), CHAN5G(140), CHAN5G(144), CHAN5G(149),
166         CHAN5G(153), CHAN5G(157), CHAN5G(161), CHAN5G(165)
167 };
168
169 /* Band templates duplicated per wiphy. The channel info
170  * above is added to the band during setup.
171  */
172 static const struct ieee80211_supported_band __wl_band_2ghz = {
173         .band = NL80211_BAND_2GHZ,
174         .bitrates = wl_g_rates,
175         .n_bitrates = wl_g_rates_size,
176 };
177
178 static const struct ieee80211_supported_band __wl_band_5ghz = {
179         .band = NL80211_BAND_5GHZ,
180         .bitrates = wl_a_rates,
181         .n_bitrates = wl_a_rates_size,
182 };
183
184 /* This is to override regulatory domains defined in cfg80211 module (reg.c)
185  * By default world regulatory domain defined in reg.c puts the flags
186  * NL80211_RRF_NO_IR for 5GHz channels (for * 36..48 and 149..165).
187  * With respect to these flags, wpa_supplicant doesn't * start p2p
188  * operations on 5GHz channels. All the changes in world regulatory
189  * domain are to be done here.
190  */
191 static const struct ieee80211_regdomain brcmf_regdom = {
192         .n_reg_rules = 4,
193         .alpha2 =  "99",
194         .reg_rules = {
195                 /* IEEE 802.11b/g, channels 1..11 */
196                 REG_RULE(2412-10, 2472+10, 40, 6, 20, 0),
197                 /* If any */
198                 /* IEEE 802.11 channel 14 - Only JP enables
199                  * this and for 802.11b only
200                  */
201                 REG_RULE(2484-10, 2484+10, 20, 6, 20, 0),
202                 /* IEEE 802.11a, channel 36..64 */
203                 REG_RULE(5150-10, 5350+10, 80, 6, 20, 0),
204                 /* IEEE 802.11a, channel 100..165 */
205                 REG_RULE(5470-10, 5850+10, 80, 6, 20, 0), }
206 };
207
208 /* Note: brcmf_cipher_suites is an array of int defining which cipher suites
209  * are supported. A pointer to this array and the number of entries is passed
210  * on to upper layers. AES_CMAC defines whether or not the driver supports MFP.
211  * So the cipher suite AES_CMAC has to be the last one in the array, and when
212  * device does not support MFP then the number of suites will be decreased by 1
213  */
214 static const u32 brcmf_cipher_suites[] = {
215         WLAN_CIPHER_SUITE_WEP40,
216         WLAN_CIPHER_SUITE_WEP104,
217         WLAN_CIPHER_SUITE_TKIP,
218         WLAN_CIPHER_SUITE_CCMP,
219         /* Keep as last entry: */
220         WLAN_CIPHER_SUITE_AES_CMAC
221 };
222
223 /* Vendor specific ie. id = 221, oui and type defines exact ie */
224 struct brcmf_vs_tlv {
225         u8 id;
226         u8 len;
227         u8 oui[3];
228         u8 oui_type;
229 };
230
231 struct parsed_vndr_ie_info {
232         u8 *ie_ptr;
233         u32 ie_len;     /* total length including id & length field */
234         struct brcmf_vs_tlv vndrie;
235 };
236
237 struct parsed_vndr_ies {
238         u32 count;
239         struct parsed_vndr_ie_info ie_info[VNDR_IE_PARSE_LIMIT];
240 };
241
242 static u8 nl80211_band_to_fwil(enum nl80211_band band)
243 {
244         switch (band) {
245         case NL80211_BAND_2GHZ:
246                 return WLC_BAND_2G;
247         case NL80211_BAND_5GHZ:
248                 return WLC_BAND_5G;
249         default:
250                 WARN_ON(1);
251                 break;
252         }
253         return 0;
254 }
255
256 static u16 chandef_to_chanspec(struct brcmu_d11inf *d11inf,
257                                struct cfg80211_chan_def *ch)
258 {
259         struct brcmu_chan ch_inf;
260         s32 primary_offset;
261
262         brcmf_dbg(TRACE, "chandef: control %d center %d width %d\n",
263                   ch->chan->center_freq, ch->center_freq1, ch->width);
264         ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq1);
265         primary_offset = ch->chan->center_freq - ch->center_freq1;
266         switch (ch->width) {
267         case NL80211_CHAN_WIDTH_20:
268         case NL80211_CHAN_WIDTH_20_NOHT:
269                 ch_inf.bw = BRCMU_CHAN_BW_20;
270                 WARN_ON(primary_offset != 0);
271                 break;
272         case NL80211_CHAN_WIDTH_40:
273                 ch_inf.bw = BRCMU_CHAN_BW_40;
274                 if (primary_offset > 0)
275                         ch_inf.sb = BRCMU_CHAN_SB_U;
276                 else
277                         ch_inf.sb = BRCMU_CHAN_SB_L;
278                 break;
279         case NL80211_CHAN_WIDTH_80:
280                 ch_inf.bw = BRCMU_CHAN_BW_80;
281                 if (primary_offset == -30)
282                         ch_inf.sb = BRCMU_CHAN_SB_LL;
283                 else if (primary_offset == -10)
284                         ch_inf.sb = BRCMU_CHAN_SB_LU;
285                 else if (primary_offset == 10)
286                         ch_inf.sb = BRCMU_CHAN_SB_UL;
287                 else
288                         ch_inf.sb = BRCMU_CHAN_SB_UU;
289                 break;
290         case NL80211_CHAN_WIDTH_80P80:
291         case NL80211_CHAN_WIDTH_160:
292         case NL80211_CHAN_WIDTH_5:
293         case NL80211_CHAN_WIDTH_10:
294         default:
295                 WARN_ON_ONCE(1);
296         }
297         switch (ch->chan->band) {
298         case NL80211_BAND_2GHZ:
299                 ch_inf.band = BRCMU_CHAN_BAND_2G;
300                 break;
301         case NL80211_BAND_5GHZ:
302                 ch_inf.band = BRCMU_CHAN_BAND_5G;
303                 break;
304         case NL80211_BAND_60GHZ:
305         default:
306                 WARN_ON_ONCE(1);
307         }
308         d11inf->encchspec(&ch_inf);
309
310         return ch_inf.chspec;
311 }
312
313 u16 channel_to_chanspec(struct brcmu_d11inf *d11inf,
314                         struct ieee80211_channel *ch)
315 {
316         struct brcmu_chan ch_inf;
317
318         ch_inf.chnum = ieee80211_frequency_to_channel(ch->center_freq);
319         ch_inf.bw = BRCMU_CHAN_BW_20;
320         d11inf->encchspec(&ch_inf);
321
322         return ch_inf.chspec;
323 }
324
325 /* Traverse a string of 1-byte tag/1-byte length/variable-length value
326  * triples, returning a pointer to the substring whose first element
327  * matches tag
328  */
329 static const struct brcmf_tlv *
330 brcmf_parse_tlvs(const void *buf, int buflen, uint key)
331 {
332         const struct brcmf_tlv *elt = buf;
333         int totlen = buflen;
334
335         /* find tagged parameter */
336         while (totlen >= TLV_HDR_LEN) {
337                 int len = elt->len;
338
339                 /* validate remaining totlen */
340                 if ((elt->id == key) && (totlen >= (len + TLV_HDR_LEN)))
341                         return elt;
342
343                 elt = (struct brcmf_tlv *)((u8 *)elt + (len + TLV_HDR_LEN));
344                 totlen -= (len + TLV_HDR_LEN);
345         }
346
347         return NULL;
348 }
349
350 /* Is any of the tlvs the expected entry? If
351  * not update the tlvs buffer pointer/length.
352  */
353 static bool
354 brcmf_tlv_has_ie(const u8 *ie, const u8 **tlvs, u32 *tlvs_len,
355                  const u8 *oui, u32 oui_len, u8 type)
356 {
357         /* If the contents match the OUI and the type */
358         if (ie[TLV_LEN_OFF] >= oui_len + 1 &&
359             !memcmp(&ie[TLV_BODY_OFF], oui, oui_len) &&
360             type == ie[TLV_BODY_OFF + oui_len]) {
361                 return true;
362         }
363
364         if (tlvs == NULL)
365                 return false;
366         /* point to the next ie */
367         ie += ie[TLV_LEN_OFF] + TLV_HDR_LEN;
368         /* calculate the length of the rest of the buffer */
369         *tlvs_len -= (int)(ie - *tlvs);
370         /* update the pointer to the start of the buffer */
371         *tlvs = ie;
372
373         return false;
374 }
375
376 static struct brcmf_vs_tlv *
377 brcmf_find_wpaie(const u8 *parse, u32 len)
378 {
379         const struct brcmf_tlv *ie;
380
381         while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
382                 if (brcmf_tlv_has_ie((const u8 *)ie, &parse, &len,
383                                      WPA_OUI, TLV_OUI_LEN, WPA_OUI_TYPE))
384                         return (struct brcmf_vs_tlv *)ie;
385         }
386         return NULL;
387 }
388
389 static struct brcmf_vs_tlv *
390 brcmf_find_wpsie(const u8 *parse, u32 len)
391 {
392         const struct brcmf_tlv *ie;
393
394         while ((ie = brcmf_parse_tlvs(parse, len, WLAN_EID_VENDOR_SPECIFIC))) {
395                 if (brcmf_tlv_has_ie((u8 *)ie, &parse, &len,
396                                      WPA_OUI, TLV_OUI_LEN, WPS_OUI_TYPE))
397                         return (struct brcmf_vs_tlv *)ie;
398         }
399         return NULL;
400 }
401
402 static int brcmf_vif_change_validate(struct brcmf_cfg80211_info *cfg,
403                                      struct brcmf_cfg80211_vif *vif,
404                                      enum nl80211_iftype new_type)
405 {
406         struct brcmf_cfg80211_vif *pos;
407         bool check_combos = false;
408         int ret = 0;
409         struct iface_combination_params params = {
410                 .num_different_channels = 1,
411         };
412
413         list_for_each_entry(pos, &cfg->vif_list, list)
414                 if (pos == vif) {
415                         params.iftype_num[new_type]++;
416                 } else {
417                         /* concurrent interfaces so need check combinations */
418                         check_combos = true;
419                         params.iftype_num[pos->wdev.iftype]++;
420                 }
421
422         if (check_combos)
423                 ret = cfg80211_check_combinations(cfg->wiphy, &params);
424
425         return ret;
426 }
427
428 static int brcmf_vif_add_validate(struct brcmf_cfg80211_info *cfg,
429                                   enum nl80211_iftype new_type)
430 {
431         struct brcmf_cfg80211_vif *pos;
432         struct iface_combination_params params = {
433                 .num_different_channels = 1,
434         };
435
436         list_for_each_entry(pos, &cfg->vif_list, list)
437                 params.iftype_num[pos->wdev.iftype]++;
438
439         params.iftype_num[new_type]++;
440         return cfg80211_check_combinations(cfg->wiphy, &params);
441 }
442
443 static void convert_key_from_CPU(struct brcmf_wsec_key *key,
444                                  struct brcmf_wsec_key_le *key_le)
445 {
446         key_le->index = cpu_to_le32(key->index);
447         key_le->len = cpu_to_le32(key->len);
448         key_le->algo = cpu_to_le32(key->algo);
449         key_le->flags = cpu_to_le32(key->flags);
450         key_le->rxiv.hi = cpu_to_le32(key->rxiv.hi);
451         key_le->rxiv.lo = cpu_to_le16(key->rxiv.lo);
452         key_le->iv_initialized = cpu_to_le32(key->iv_initialized);
453         memcpy(key_le->data, key->data, sizeof(key->data));
454         memcpy(key_le->ea, key->ea, sizeof(key->ea));
455 }
456
457 static int
458 send_key_to_dongle(struct brcmf_if *ifp, struct brcmf_wsec_key *key)
459 {
460         int err;
461         struct brcmf_wsec_key_le key_le;
462
463         convert_key_from_CPU(key, &key_le);
464
465         brcmf_netdev_wait_pend8021x(ifp);
466
467         err = brcmf_fil_bsscfg_data_set(ifp, "wsec_key", &key_le,
468                                         sizeof(key_le));
469
470         if (err)
471                 brcmf_err("wsec_key error (%d)\n", err);
472         return err;
473 }
474
475 static void
476 brcmf_cfg80211_update_proto_addr_mode(struct wireless_dev *wdev)
477 {
478         struct brcmf_cfg80211_vif *vif;
479         struct brcmf_if *ifp;
480
481         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
482         ifp = vif->ifp;
483
484         if ((wdev->iftype == NL80211_IFTYPE_ADHOC) ||
485             (wdev->iftype == NL80211_IFTYPE_AP) ||
486             (wdev->iftype == NL80211_IFTYPE_P2P_GO))
487                 brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
488                                                 ADDR_DIRECT);
489         else
490                 brcmf_proto_configure_addr_mode(ifp->drvr, ifp->ifidx,
491                                                 ADDR_INDIRECT);
492 }
493
494 static int brcmf_get_first_free_bsscfgidx(struct brcmf_pub *drvr)
495 {
496         int bsscfgidx;
497
498         for (bsscfgidx = 0; bsscfgidx < BRCMF_MAX_IFS; bsscfgidx++) {
499                 /* bsscfgidx 1 is reserved for legacy P2P */
500                 if (bsscfgidx == 1)
501                         continue;
502                 if (!drvr->iflist[bsscfgidx])
503                         return bsscfgidx;
504         }
505
506         return -ENOMEM;
507 }
508
509 static int brcmf_cfg80211_request_ap_if(struct brcmf_if *ifp)
510 {
511         struct brcmf_mbss_ssid_le mbss_ssid_le;
512         int bsscfgidx;
513         int err;
514
515         memset(&mbss_ssid_le, 0, sizeof(mbss_ssid_le));
516         bsscfgidx = brcmf_get_first_free_bsscfgidx(ifp->drvr);
517         if (bsscfgidx < 0)
518                 return bsscfgidx;
519
520         mbss_ssid_le.bsscfgidx = cpu_to_le32(bsscfgidx);
521         mbss_ssid_le.SSID_len = cpu_to_le32(5);
522         sprintf(mbss_ssid_le.SSID, "ssid%d" , bsscfgidx);
523
524         err = brcmf_fil_bsscfg_data_set(ifp, "bsscfg:ssid", &mbss_ssid_le,
525                                         sizeof(mbss_ssid_le));
526         if (err < 0)
527                 brcmf_err("setting ssid failed %d\n", err);
528
529         return err;
530 }
531
532 /**
533  * brcmf_ap_add_vif() - create a new AP virtual interface for multiple BSS
534  *
535  * @wiphy: wiphy device of new interface.
536  * @name: name of the new interface.
537  * @params: contains mac address for AP device.
538  */
539 static
540 struct wireless_dev *brcmf_ap_add_vif(struct wiphy *wiphy, const char *name,
541                                       struct vif_params *params)
542 {
543         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
544         struct brcmf_if *ifp = netdev_priv(cfg_to_ndev(cfg));
545         struct brcmf_cfg80211_vif *vif;
546         int err;
547
548         if (brcmf_cfg80211_vif_event_armed(cfg))
549                 return ERR_PTR(-EBUSY);
550
551         brcmf_dbg(INFO, "Adding vif \"%s\"\n", name);
552
553         vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_AP);
554         if (IS_ERR(vif))
555                 return (struct wireless_dev *)vif;
556
557         brcmf_cfg80211_arm_vif_event(cfg, vif);
558
559         err = brcmf_cfg80211_request_ap_if(ifp);
560         if (err) {
561                 brcmf_cfg80211_arm_vif_event(cfg, NULL);
562                 goto fail;
563         }
564
565         /* wait for firmware event */
566         err = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_ADD,
567                                             BRCMF_VIF_EVENT_TIMEOUT);
568         brcmf_cfg80211_arm_vif_event(cfg, NULL);
569         if (!err) {
570                 brcmf_err("timeout occurred\n");
571                 err = -EIO;
572                 goto fail;
573         }
574
575         /* interface created in firmware */
576         ifp = vif->ifp;
577         if (!ifp) {
578                 brcmf_err("no if pointer provided\n");
579                 err = -ENOENT;
580                 goto fail;
581         }
582
583         strncpy(ifp->ndev->name, name, sizeof(ifp->ndev->name) - 1);
584         err = brcmf_net_attach(ifp, true);
585         if (err) {
586                 brcmf_err("Registering netdevice failed\n");
587                 free_netdev(ifp->ndev);
588                 goto fail;
589         }
590
591         return &ifp->vif->wdev;
592
593 fail:
594         brcmf_free_vif(vif);
595         return ERR_PTR(err);
596 }
597
598 static bool brcmf_is_apmode(struct brcmf_cfg80211_vif *vif)
599 {
600         enum nl80211_iftype iftype;
601
602         iftype = vif->wdev.iftype;
603         return iftype == NL80211_IFTYPE_AP || iftype == NL80211_IFTYPE_P2P_GO;
604 }
605
606 static bool brcmf_is_ibssmode(struct brcmf_cfg80211_vif *vif)
607 {
608         return vif->wdev.iftype == NL80211_IFTYPE_ADHOC;
609 }
610
611 static struct wireless_dev *brcmf_cfg80211_add_iface(struct wiphy *wiphy,
612                                                      const char *name,
613                                                      unsigned char name_assign_type,
614                                                      enum nl80211_iftype type,
615                                                      struct vif_params *params)
616 {
617         struct wireless_dev *wdev;
618         int err;
619
620         brcmf_dbg(TRACE, "enter: %s type %d\n", name, type);
621         err = brcmf_vif_add_validate(wiphy_to_cfg(wiphy), type);
622         if (err) {
623                 brcmf_err("iface validation failed: err=%d\n", err);
624                 return ERR_PTR(err);
625         }
626         switch (type) {
627         case NL80211_IFTYPE_ADHOC:
628         case NL80211_IFTYPE_STATION:
629         case NL80211_IFTYPE_AP_VLAN:
630         case NL80211_IFTYPE_WDS:
631         case NL80211_IFTYPE_MONITOR:
632         case NL80211_IFTYPE_MESH_POINT:
633                 return ERR_PTR(-EOPNOTSUPP);
634         case NL80211_IFTYPE_AP:
635                 wdev = brcmf_ap_add_vif(wiphy, name, params);
636                 break;
637         case NL80211_IFTYPE_P2P_CLIENT:
638         case NL80211_IFTYPE_P2P_GO:
639         case NL80211_IFTYPE_P2P_DEVICE:
640                 wdev = brcmf_p2p_add_vif(wiphy, name, name_assign_type, type, params);
641                 break;
642         case NL80211_IFTYPE_UNSPECIFIED:
643         default:
644                 return ERR_PTR(-EINVAL);
645         }
646
647         if (IS_ERR(wdev))
648                 brcmf_err("add iface %s type %d failed: err=%d\n",
649                           name, type, (int)PTR_ERR(wdev));
650         else
651                 brcmf_cfg80211_update_proto_addr_mode(wdev);
652
653         return wdev;
654 }
655
656 static void brcmf_scan_config_mpc(struct brcmf_if *ifp, int mpc)
657 {
658         if (brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_NEED_MPC))
659                 brcmf_set_mpc(ifp, mpc);
660 }
661
662 void brcmf_set_mpc(struct brcmf_if *ifp, int mpc)
663 {
664         s32 err = 0;
665
666         if (check_vif_up(ifp->vif)) {
667                 err = brcmf_fil_iovar_int_set(ifp, "mpc", mpc);
668                 if (err) {
669                         brcmf_err("fail to set mpc\n");
670                         return;
671                 }
672                 brcmf_dbg(INFO, "MPC : %d\n", mpc);
673         }
674 }
675
676 s32 brcmf_notify_escan_complete(struct brcmf_cfg80211_info *cfg,
677                                 struct brcmf_if *ifp, bool aborted,
678                                 bool fw_abort)
679 {
680         struct brcmf_scan_params_le params_le;
681         struct cfg80211_scan_request *scan_request;
682         u64 reqid;
683         u32 bucket;
684         s32 err = 0;
685
686         brcmf_dbg(SCAN, "Enter\n");
687
688         /* clear scan request, because the FW abort can cause a second call */
689         /* to this functon and might cause a double cfg80211_scan_done      */
690         scan_request = cfg->scan_request;
691         cfg->scan_request = NULL;
692
693         if (timer_pending(&cfg->escan_timeout))
694                 del_timer_sync(&cfg->escan_timeout);
695
696         if (fw_abort) {
697                 /* Do a scan abort to stop the driver's scan engine */
698                 brcmf_dbg(SCAN, "ABORT scan in firmware\n");
699                 memset(&params_le, 0, sizeof(params_le));
700                 eth_broadcast_addr(params_le.bssid);
701                 params_le.bss_type = DOT11_BSSTYPE_ANY;
702                 params_le.scan_type = 0;
703                 params_le.channel_num = cpu_to_le32(1);
704                 params_le.nprobes = cpu_to_le32(1);
705                 params_le.active_time = cpu_to_le32(-1);
706                 params_le.passive_time = cpu_to_le32(-1);
707                 params_le.home_time = cpu_to_le32(-1);
708                 /* Scan is aborted by setting channel_list[0] to -1 */
709                 params_le.channel_list[0] = cpu_to_le16(-1);
710                 /* E-Scan (or anyother type) can be aborted by SCAN */
711                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCAN,
712                                              &params_le, sizeof(params_le));
713                 if (err)
714                         brcmf_err("Scan abort failed\n");
715         }
716
717         brcmf_scan_config_mpc(ifp, 1);
718
719         /*
720          * e-scan can be initiated internally
721          * which takes precedence.
722          */
723         if (cfg->int_escan_map) {
724                 brcmf_dbg(SCAN, "scheduled scan completed (%x)\n",
725                           cfg->int_escan_map);
726                 while (cfg->int_escan_map) {
727                         bucket = __ffs(cfg->int_escan_map);
728                         cfg->int_escan_map &= ~BIT(bucket);
729                         reqid = brcmf_pno_find_reqid_by_bucket(cfg->pno,
730                                                                bucket);
731                         if (!aborted) {
732                                 brcmf_dbg(SCAN, "report results: reqid=%llu\n",
733                                           reqid);
734                                 cfg80211_sched_scan_results(cfg_to_wiphy(cfg),
735                                                             reqid);
736                         }
737                 }
738         } else if (scan_request) {
739                 struct cfg80211_scan_info info = {
740                         .aborted = aborted,
741                 };
742
743                 brcmf_dbg(SCAN, "ESCAN Completed scan: %s\n",
744                           aborted ? "Aborted" : "Done");
745                 cfg80211_scan_done(scan_request, &info);
746         }
747         if (!test_and_clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
748                 brcmf_dbg(SCAN, "Scan complete, probably P2P scan\n");
749
750         return err;
751 }
752
753 static int brcmf_cfg80211_del_ap_iface(struct wiphy *wiphy,
754                                        struct wireless_dev *wdev)
755 {
756         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
757         struct net_device *ndev = wdev->netdev;
758         struct brcmf_if *ifp = netdev_priv(ndev);
759         int ret;
760         int err;
761
762         brcmf_cfg80211_arm_vif_event(cfg, ifp->vif);
763
764         err = brcmf_fil_bsscfg_data_set(ifp, "interface_remove", NULL, 0);
765         if (err) {
766                 brcmf_err("interface_remove failed %d\n", err);
767                 goto err_unarm;
768         }
769
770         /* wait for firmware event */
771         ret = brcmf_cfg80211_wait_vif_event(cfg, BRCMF_E_IF_DEL,
772                                             BRCMF_VIF_EVENT_TIMEOUT);
773         if (!ret) {
774                 brcmf_err("timeout occurred\n");
775                 err = -EIO;
776                 goto err_unarm;
777         }
778
779         brcmf_remove_interface(ifp, true);
780
781 err_unarm:
782         brcmf_cfg80211_arm_vif_event(cfg, NULL);
783         return err;
784 }
785
786 static
787 int brcmf_cfg80211_del_iface(struct wiphy *wiphy, struct wireless_dev *wdev)
788 {
789         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
790         struct net_device *ndev = wdev->netdev;
791
792         if (ndev && ndev == cfg_to_ndev(cfg))
793                 return -ENOTSUPP;
794
795         /* vif event pending in firmware */
796         if (brcmf_cfg80211_vif_event_armed(cfg))
797                 return -EBUSY;
798
799         if (ndev) {
800                 if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status) &&
801                     cfg->escan_info.ifp == netdev_priv(ndev))
802                         brcmf_notify_escan_complete(cfg, netdev_priv(ndev),
803                                                     true, true);
804
805                 brcmf_fil_iovar_int_set(netdev_priv(ndev), "mpc", 1);
806         }
807
808         switch (wdev->iftype) {
809         case NL80211_IFTYPE_ADHOC:
810         case NL80211_IFTYPE_STATION:
811         case NL80211_IFTYPE_AP_VLAN:
812         case NL80211_IFTYPE_WDS:
813         case NL80211_IFTYPE_MONITOR:
814         case NL80211_IFTYPE_MESH_POINT:
815                 return -EOPNOTSUPP;
816         case NL80211_IFTYPE_AP:
817                 return brcmf_cfg80211_del_ap_iface(wiphy, wdev);
818         case NL80211_IFTYPE_P2P_CLIENT:
819         case NL80211_IFTYPE_P2P_GO:
820         case NL80211_IFTYPE_P2P_DEVICE:
821                 return brcmf_p2p_del_vif(wiphy, wdev);
822         case NL80211_IFTYPE_UNSPECIFIED:
823         default:
824                 return -EINVAL;
825         }
826         return -EOPNOTSUPP;
827 }
828
829 static s32
830 brcmf_cfg80211_change_iface(struct wiphy *wiphy, struct net_device *ndev,
831                          enum nl80211_iftype type,
832                          struct vif_params *params)
833 {
834         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
835         struct brcmf_if *ifp = netdev_priv(ndev);
836         struct brcmf_cfg80211_vif *vif = ifp->vif;
837         s32 infra = 0;
838         s32 ap = 0;
839         s32 err = 0;
840
841         brcmf_dbg(TRACE, "Enter, bsscfgidx=%d, type=%d\n", ifp->bsscfgidx,
842                   type);
843
844         /* WAR: There are a number of p2p interface related problems which
845          * need to be handled initially (before doing the validate).
846          * wpa_supplicant tends to do iface changes on p2p device/client/go
847          * which are not always possible/allowed. However we need to return
848          * OK otherwise the wpa_supplicant wont start. The situation differs
849          * on configuration and setup (p2pon=1 module param). The first check
850          * is to see if the request is a change to station for p2p iface.
851          */
852         if ((type == NL80211_IFTYPE_STATION) &&
853             ((vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) ||
854              (vif->wdev.iftype == NL80211_IFTYPE_P2P_GO) ||
855              (vif->wdev.iftype == NL80211_IFTYPE_P2P_DEVICE))) {
856                 brcmf_dbg(TRACE, "Ignoring cmd for p2p if\n");
857                 /* Now depending on whether module param p2pon=1 was used the
858                  * response needs to be either 0 or EOPNOTSUPP. The reason is
859                  * that if p2pon=1 is used, but a newer supplicant is used then
860                  * we should return an error, as this combination wont work.
861                  * In other situations 0 is returned and supplicant will start
862                  * normally. It will give a trace in cfg80211, but it is the
863                  * only way to get it working. Unfortunately this will result
864                  * in situation where we wont support new supplicant in
865                  * combination with module param p2pon=1, but that is the way
866                  * it is. If the user tries this then unloading of driver might
867                  * fail/lock.
868                  */
869                 if (cfg->p2p.p2pdev_dynamically)
870                         return -EOPNOTSUPP;
871                 else
872                         return 0;
873         }
874         err = brcmf_vif_change_validate(wiphy_to_cfg(wiphy), vif, type);
875         if (err) {
876                 brcmf_err("iface validation failed: err=%d\n", err);
877                 return err;
878         }
879         switch (type) {
880         case NL80211_IFTYPE_MONITOR:
881         case NL80211_IFTYPE_WDS:
882                 brcmf_err("type (%d) : currently we do not support this type\n",
883                           type);
884                 return -EOPNOTSUPP;
885         case NL80211_IFTYPE_ADHOC:
886                 infra = 0;
887                 break;
888         case NL80211_IFTYPE_STATION:
889                 infra = 1;
890                 break;
891         case NL80211_IFTYPE_AP:
892         case NL80211_IFTYPE_P2P_GO:
893                 ap = 1;
894                 break;
895         default:
896                 err = -EINVAL;
897                 goto done;
898         }
899
900         if (ap) {
901                 if (type == NL80211_IFTYPE_P2P_GO) {
902                         brcmf_dbg(INFO, "IF Type = P2P GO\n");
903                         err = brcmf_p2p_ifchange(cfg, BRCMF_FIL_P2P_IF_GO);
904                 }
905                 if (!err) {
906                         brcmf_dbg(INFO, "IF Type = AP\n");
907                 }
908         } else {
909                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, infra);
910                 if (err) {
911                         brcmf_err("WLC_SET_INFRA error (%d)\n", err);
912                         err = -EAGAIN;
913                         goto done;
914                 }
915                 brcmf_dbg(INFO, "IF Type = %s\n", brcmf_is_ibssmode(vif) ?
916                           "Adhoc" : "Infra");
917         }
918         ndev->ieee80211_ptr->iftype = type;
919
920         brcmf_cfg80211_update_proto_addr_mode(&vif->wdev);
921
922 done:
923         brcmf_dbg(TRACE, "Exit\n");
924
925         return err;
926 }
927
928 static void brcmf_escan_prep(struct brcmf_cfg80211_info *cfg,
929                              struct brcmf_scan_params_le *params_le,
930                              struct cfg80211_scan_request *request)
931 {
932         u32 n_ssids;
933         u32 n_channels;
934         s32 i;
935         s32 offset;
936         u16 chanspec;
937         char *ptr;
938         struct brcmf_ssid_le ssid_le;
939
940         eth_broadcast_addr(params_le->bssid);
941         params_le->bss_type = DOT11_BSSTYPE_ANY;
942         params_le->scan_type = BRCMF_SCANTYPE_ACTIVE;
943         params_le->channel_num = 0;
944         params_le->nprobes = cpu_to_le32(-1);
945         params_le->active_time = cpu_to_le32(-1);
946         params_le->passive_time = cpu_to_le32(-1);
947         params_le->home_time = cpu_to_le32(-1);
948         memset(&params_le->ssid_le, 0, sizeof(params_le->ssid_le));
949
950         n_ssids = request->n_ssids;
951         n_channels = request->n_channels;
952
953         /* Copy channel array if applicable */
954         brcmf_dbg(SCAN, "### List of channelspecs to scan ### %d\n",
955                   n_channels);
956         if (n_channels > 0) {
957                 for (i = 0; i < n_channels; i++) {
958                         chanspec = channel_to_chanspec(&cfg->d11inf,
959                                                        request->channels[i]);
960                         brcmf_dbg(SCAN, "Chan : %d, Channel spec: %x\n",
961                                   request->channels[i]->hw_value, chanspec);
962                         params_le->channel_list[i] = cpu_to_le16(chanspec);
963                 }
964         } else {
965                 brcmf_dbg(SCAN, "Scanning all channels\n");
966         }
967         /* Copy ssid array if applicable */
968         brcmf_dbg(SCAN, "### List of SSIDs to scan ### %d\n", n_ssids);
969         if (n_ssids > 0) {
970                 offset = offsetof(struct brcmf_scan_params_le, channel_list) +
971                                 n_channels * sizeof(u16);
972                 offset = roundup(offset, sizeof(u32));
973                 ptr = (char *)params_le + offset;
974                 for (i = 0; i < n_ssids; i++) {
975                         memset(&ssid_le, 0, sizeof(ssid_le));
976                         ssid_le.SSID_len =
977                                         cpu_to_le32(request->ssids[i].ssid_len);
978                         memcpy(ssid_le.SSID, request->ssids[i].ssid,
979                                request->ssids[i].ssid_len);
980                         if (!ssid_le.SSID_len)
981                                 brcmf_dbg(SCAN, "%d: Broadcast scan\n", i);
982                         else
983                                 brcmf_dbg(SCAN, "%d: scan for  %.32s size=%d\n",
984                                           i, ssid_le.SSID, ssid_le.SSID_len);
985                         memcpy(ptr, &ssid_le, sizeof(ssid_le));
986                         ptr += sizeof(ssid_le);
987                 }
988         } else {
989                 brcmf_dbg(SCAN, "Performing passive scan\n");
990                 params_le->scan_type = BRCMF_SCANTYPE_PASSIVE;
991         }
992         /* Adding mask to channel numbers */
993         params_le->channel_num =
994                 cpu_to_le32((n_ssids << BRCMF_SCAN_PARAMS_NSSID_SHIFT) |
995                         (n_channels & BRCMF_SCAN_PARAMS_COUNT_MASK));
996 }
997
998 static s32
999 brcmf_run_escan(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp,
1000                 struct cfg80211_scan_request *request)
1001 {
1002         s32 params_size = BRCMF_SCAN_PARAMS_FIXED_SIZE +
1003                           offsetof(struct brcmf_escan_params_le, params_le);
1004         struct brcmf_escan_params_le *params;
1005         s32 err = 0;
1006
1007         brcmf_dbg(SCAN, "E-SCAN START\n");
1008
1009         if (request != NULL) {
1010                 /* Allocate space for populating ssids in struct */
1011                 params_size += sizeof(u32) * ((request->n_channels + 1) / 2);
1012
1013                 /* Allocate space for populating ssids in struct */
1014                 params_size += sizeof(struct brcmf_ssid_le) * request->n_ssids;
1015         }
1016
1017         params = kzalloc(params_size, GFP_KERNEL);
1018         if (!params) {
1019                 err = -ENOMEM;
1020                 goto exit;
1021         }
1022         BUG_ON(params_size + sizeof("escan") >= BRCMF_DCMD_MEDLEN);
1023         brcmf_escan_prep(cfg, &params->params_le, request);
1024         params->version = cpu_to_le32(BRCMF_ESCAN_REQ_VERSION);
1025         params->action = cpu_to_le16(WL_ESCAN_ACTION_START);
1026         params->sync_id = cpu_to_le16(0x1234);
1027
1028         err = brcmf_fil_iovar_data_set(ifp, "escan", params, params_size);
1029         if (err) {
1030                 if (err == -EBUSY)
1031                         brcmf_dbg(INFO, "system busy : escan canceled\n");
1032                 else
1033                         brcmf_err("error (%d)\n", err);
1034         }
1035
1036         kfree(params);
1037 exit:
1038         return err;
1039 }
1040
1041 static s32
1042 brcmf_do_escan(struct brcmf_if *ifp, struct cfg80211_scan_request *request)
1043 {
1044         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
1045         s32 err;
1046         struct brcmf_scan_results *results;
1047         struct escan_info *escan = &cfg->escan_info;
1048
1049         brcmf_dbg(SCAN, "Enter\n");
1050         escan->ifp = ifp;
1051         escan->wiphy = cfg->wiphy;
1052         escan->escan_state = WL_ESCAN_STATE_SCANNING;
1053
1054         brcmf_scan_config_mpc(ifp, 0);
1055         results = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
1056         results->version = 0;
1057         results->count = 0;
1058         results->buflen = WL_ESCAN_RESULTS_FIXED_SIZE;
1059
1060         err = escan->run(cfg, ifp, request);
1061         if (err)
1062                 brcmf_scan_config_mpc(ifp, 1);
1063         return err;
1064 }
1065
1066 static s32
1067 brcmf_cfg80211_scan(struct wiphy *wiphy, struct cfg80211_scan_request *request)
1068 {
1069         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1070         struct brcmf_cfg80211_vif *vif;
1071         s32 err = 0;
1072
1073         brcmf_dbg(TRACE, "Enter\n");
1074         vif = container_of(request->wdev, struct brcmf_cfg80211_vif, wdev);
1075         if (!check_vif_up(vif))
1076                 return -EIO;
1077
1078         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
1079                 brcmf_err("Scanning already: status (%lu)\n", cfg->scan_status);
1080                 return -EAGAIN;
1081         }
1082         if (test_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status)) {
1083                 brcmf_err("Scanning being aborted: status (%lu)\n",
1084                           cfg->scan_status);
1085                 return -EAGAIN;
1086         }
1087         if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
1088                 brcmf_err("Scanning suppressed: status (%lu)\n",
1089                           cfg->scan_status);
1090                 return -EAGAIN;
1091         }
1092         if (test_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state)) {
1093                 brcmf_err("Connecting: status (%lu)\n", vif->sme_state);
1094                 return -EAGAIN;
1095         }
1096
1097         /* If scan req comes for p2p0, send it over primary I/F */
1098         if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
1099                 vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif;
1100
1101         brcmf_dbg(SCAN, "START ESCAN\n");
1102
1103         cfg->scan_request = request;
1104         set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1105
1106         cfg->escan_info.run = brcmf_run_escan;
1107         err = brcmf_p2p_scan_prep(wiphy, request, vif);
1108         if (err)
1109                 goto scan_out;
1110
1111         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBREQ_FLAG,
1112                                     request->ie, request->ie_len);
1113         if (err)
1114                 goto scan_out;
1115
1116         err = brcmf_do_escan(vif->ifp, request);
1117         if (err)
1118                 goto scan_out;
1119
1120         /* Arm scan timeout timer */
1121         mod_timer(&cfg->escan_timeout,
1122                   jiffies + msecs_to_jiffies(BRCMF_ESCAN_TIMER_INTERVAL_MS));
1123
1124         return 0;
1125
1126 scan_out:
1127         brcmf_err("scan error (%d)\n", err);
1128         clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
1129         cfg->scan_request = NULL;
1130         return err;
1131 }
1132
1133 static s32 brcmf_set_rts(struct net_device *ndev, u32 rts_threshold)
1134 {
1135         s32 err = 0;
1136
1137         err = brcmf_fil_iovar_int_set(netdev_priv(ndev), "rtsthresh",
1138                                       rts_threshold);
1139         if (err)
1140                 brcmf_err("Error (%d)\n", err);
1141
1142         return err;
1143 }
1144
1145 static s32 brcmf_set_frag(struct net_device *ndev, u32 frag_threshold)
1146 {
1147         s32 err = 0;
1148
1149         err = brcmf_fil_iovar_int_set(netdev_priv(ndev), "fragthresh",
1150                                       frag_threshold);
1151         if (err)
1152                 brcmf_err("Error (%d)\n", err);
1153
1154         return err;
1155 }
1156
1157 static s32 brcmf_set_retry(struct net_device *ndev, u32 retry, bool l)
1158 {
1159         s32 err = 0;
1160         u32 cmd = (l ? BRCMF_C_SET_LRL : BRCMF_C_SET_SRL);
1161
1162         err = brcmf_fil_cmd_int_set(netdev_priv(ndev), cmd, retry);
1163         if (err) {
1164                 brcmf_err("cmd (%d) , error (%d)\n", cmd, err);
1165                 return err;
1166         }
1167         return err;
1168 }
1169
1170 static s32 brcmf_cfg80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1171 {
1172         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1173         struct net_device *ndev = cfg_to_ndev(cfg);
1174         struct brcmf_if *ifp = netdev_priv(ndev);
1175         s32 err = 0;
1176
1177         brcmf_dbg(TRACE, "Enter\n");
1178         if (!check_vif_up(ifp->vif))
1179                 return -EIO;
1180
1181         if (changed & WIPHY_PARAM_RTS_THRESHOLD &&
1182             (cfg->conf->rts_threshold != wiphy->rts_threshold)) {
1183                 cfg->conf->rts_threshold = wiphy->rts_threshold;
1184                 err = brcmf_set_rts(ndev, cfg->conf->rts_threshold);
1185                 if (!err)
1186                         goto done;
1187         }
1188         if (changed & WIPHY_PARAM_FRAG_THRESHOLD &&
1189             (cfg->conf->frag_threshold != wiphy->frag_threshold)) {
1190                 cfg->conf->frag_threshold = wiphy->frag_threshold;
1191                 err = brcmf_set_frag(ndev, cfg->conf->frag_threshold);
1192                 if (!err)
1193                         goto done;
1194         }
1195         if (changed & WIPHY_PARAM_RETRY_LONG
1196             && (cfg->conf->retry_long != wiphy->retry_long)) {
1197                 cfg->conf->retry_long = wiphy->retry_long;
1198                 err = brcmf_set_retry(ndev, cfg->conf->retry_long, true);
1199                 if (!err)
1200                         goto done;
1201         }
1202         if (changed & WIPHY_PARAM_RETRY_SHORT
1203             && (cfg->conf->retry_short != wiphy->retry_short)) {
1204                 cfg->conf->retry_short = wiphy->retry_short;
1205                 err = brcmf_set_retry(ndev, cfg->conf->retry_short, false);
1206                 if (!err)
1207                         goto done;
1208         }
1209
1210 done:
1211         brcmf_dbg(TRACE, "Exit\n");
1212         return err;
1213 }
1214
1215 static void brcmf_init_prof(struct brcmf_cfg80211_profile *prof)
1216 {
1217         memset(prof, 0, sizeof(*prof));
1218 }
1219
1220 static u16 brcmf_map_fw_linkdown_reason(const struct brcmf_event_msg *e)
1221 {
1222         u16 reason;
1223
1224         switch (e->event_code) {
1225         case BRCMF_E_DEAUTH:
1226         case BRCMF_E_DEAUTH_IND:
1227         case BRCMF_E_DISASSOC_IND:
1228                 reason = e->reason;
1229                 break;
1230         case BRCMF_E_LINK:
1231         default:
1232                 reason = 0;
1233                 break;
1234         }
1235         return reason;
1236 }
1237
1238 static int brcmf_set_pmk(struct brcmf_if *ifp, const u8 *pmk_data, u16 pmk_len)
1239 {
1240         struct brcmf_wsec_pmk_le pmk;
1241         int i, err;
1242
1243         /* convert to firmware key format */
1244         pmk.key_len = cpu_to_le16(pmk_len << 1);
1245         pmk.flags = cpu_to_le16(BRCMF_WSEC_PASSPHRASE);
1246         for (i = 0; i < pmk_len; i++)
1247                 snprintf(&pmk.key[2 * i], 3, "%02x", pmk_data[i]);
1248
1249         /* store psk in firmware */
1250         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_WSEC_PMK,
1251                                      &pmk, sizeof(pmk));
1252         if (err < 0)
1253                 brcmf_err("failed to change PSK in firmware (len=%u)\n",
1254                           pmk_len);
1255
1256         return err;
1257 }
1258
1259 static void brcmf_link_down(struct brcmf_cfg80211_vif *vif, u16 reason)
1260 {
1261         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(vif->wdev.wiphy);
1262         s32 err = 0;
1263
1264         brcmf_dbg(TRACE, "Enter\n");
1265
1266         if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTED, &vif->sme_state)) {
1267                 brcmf_dbg(INFO, "Call WLC_DISASSOC to stop excess roaming\n");
1268                 err = brcmf_fil_cmd_data_set(vif->ifp,
1269                                              BRCMF_C_DISASSOC, NULL, 0);
1270                 if (err) {
1271                         brcmf_err("WLC_DISASSOC failed (%d)\n", err);
1272                 }
1273                 if ((vif->wdev.iftype == NL80211_IFTYPE_STATION) ||
1274                     (vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT))
1275                         cfg80211_disconnected(vif->wdev.netdev, reason, NULL, 0,
1276                                               true, GFP_KERNEL);
1277         }
1278         clear_bit(BRCMF_VIF_STATUS_CONNECTING, &vif->sme_state);
1279         clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
1280         brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
1281         if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
1282                 brcmf_set_pmk(vif->ifp, NULL, 0);
1283                 vif->profile.use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1284         }
1285         brcmf_dbg(TRACE, "Exit\n");
1286 }
1287
1288 static s32
1289 brcmf_cfg80211_join_ibss(struct wiphy *wiphy, struct net_device *ndev,
1290                       struct cfg80211_ibss_params *params)
1291 {
1292         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1293         struct brcmf_if *ifp = netdev_priv(ndev);
1294         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1295         struct brcmf_join_params join_params;
1296         size_t join_params_size = 0;
1297         s32 err = 0;
1298         s32 wsec = 0;
1299         s32 bcnprd;
1300         u16 chanspec;
1301         u32 ssid_len;
1302
1303         brcmf_dbg(TRACE, "Enter\n");
1304         if (!check_vif_up(ifp->vif))
1305                 return -EIO;
1306
1307         if (params->ssid)
1308                 brcmf_dbg(CONN, "SSID: %s\n", params->ssid);
1309         else {
1310                 brcmf_dbg(CONN, "SSID: NULL, Not supported\n");
1311                 return -EOPNOTSUPP;
1312         }
1313
1314         set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1315
1316         if (params->bssid)
1317                 brcmf_dbg(CONN, "BSSID: %pM\n", params->bssid);
1318         else
1319                 brcmf_dbg(CONN, "No BSSID specified\n");
1320
1321         if (params->chandef.chan)
1322                 brcmf_dbg(CONN, "channel: %d\n",
1323                           params->chandef.chan->center_freq);
1324         else
1325                 brcmf_dbg(CONN, "no channel specified\n");
1326
1327         if (params->channel_fixed)
1328                 brcmf_dbg(CONN, "fixed channel required\n");
1329         else
1330                 brcmf_dbg(CONN, "no fixed channel required\n");
1331
1332         if (params->ie && params->ie_len)
1333                 brcmf_dbg(CONN, "ie len: %d\n", params->ie_len);
1334         else
1335                 brcmf_dbg(CONN, "no ie specified\n");
1336
1337         if (params->beacon_interval)
1338                 brcmf_dbg(CONN, "beacon interval: %d\n",
1339                           params->beacon_interval);
1340         else
1341                 brcmf_dbg(CONN, "no beacon interval specified\n");
1342
1343         if (params->basic_rates)
1344                 brcmf_dbg(CONN, "basic rates: %08X\n", params->basic_rates);
1345         else
1346                 brcmf_dbg(CONN, "no basic rates specified\n");
1347
1348         if (params->privacy)
1349                 brcmf_dbg(CONN, "privacy required\n");
1350         else
1351                 brcmf_dbg(CONN, "no privacy required\n");
1352
1353         /* Configure Privacy for starter */
1354         if (params->privacy)
1355                 wsec |= WEP_ENABLED;
1356
1357         err = brcmf_fil_iovar_int_set(ifp, "wsec", wsec);
1358         if (err) {
1359                 brcmf_err("wsec failed (%d)\n", err);
1360                 goto done;
1361         }
1362
1363         /* Configure Beacon Interval for starter */
1364         if (params->beacon_interval)
1365                 bcnprd = params->beacon_interval;
1366         else
1367                 bcnprd = 100;
1368
1369         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD, bcnprd);
1370         if (err) {
1371                 brcmf_err("WLC_SET_BCNPRD failed (%d)\n", err);
1372                 goto done;
1373         }
1374
1375         /* Configure required join parameter */
1376         memset(&join_params, 0, sizeof(struct brcmf_join_params));
1377
1378         /* SSID */
1379         ssid_len = min_t(u32, params->ssid_len, IEEE80211_MAX_SSID_LEN);
1380         memcpy(join_params.ssid_le.SSID, params->ssid, ssid_len);
1381         join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
1382         join_params_size = sizeof(join_params.ssid_le);
1383
1384         /* BSSID */
1385         if (params->bssid) {
1386                 memcpy(join_params.params_le.bssid, params->bssid, ETH_ALEN);
1387                 join_params_size += BRCMF_ASSOC_PARAMS_FIXED_SIZE;
1388                 memcpy(profile->bssid, params->bssid, ETH_ALEN);
1389         } else {
1390                 eth_broadcast_addr(join_params.params_le.bssid);
1391                 eth_zero_addr(profile->bssid);
1392         }
1393
1394         /* Channel */
1395         if (params->chandef.chan) {
1396                 u32 target_channel;
1397
1398                 cfg->channel =
1399                         ieee80211_frequency_to_channel(
1400                                 params->chandef.chan->center_freq);
1401                 if (params->channel_fixed) {
1402                         /* adding chanspec */
1403                         chanspec = chandef_to_chanspec(&cfg->d11inf,
1404                                                        &params->chandef);
1405                         join_params.params_le.chanspec_list[0] =
1406                                 cpu_to_le16(chanspec);
1407                         join_params.params_le.chanspec_num = cpu_to_le32(1);
1408                         join_params_size += sizeof(join_params.params_le);
1409                 }
1410
1411                 /* set channel for starter */
1412                 target_channel = cfg->channel;
1413                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_CHANNEL,
1414                                             target_channel);
1415                 if (err) {
1416                         brcmf_err("WLC_SET_CHANNEL failed (%d)\n", err);
1417                         goto done;
1418                 }
1419         } else
1420                 cfg->channel = 0;
1421
1422         cfg->ibss_starter = false;
1423
1424
1425         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
1426                                      &join_params, join_params_size);
1427         if (err) {
1428                 brcmf_err("WLC_SET_SSID failed (%d)\n", err);
1429                 goto done;
1430         }
1431
1432 done:
1433         if (err)
1434                 clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1435         brcmf_dbg(TRACE, "Exit\n");
1436         return err;
1437 }
1438
1439 static s32
1440 brcmf_cfg80211_leave_ibss(struct wiphy *wiphy, struct net_device *ndev)
1441 {
1442         struct brcmf_if *ifp = netdev_priv(ndev);
1443
1444         brcmf_dbg(TRACE, "Enter\n");
1445         if (!check_vif_up(ifp->vif)) {
1446                 /* When driver is being unloaded, it can end up here. If an
1447                  * error is returned then later on a debug trace in the wireless
1448                  * core module will be printed. To avoid this 0 is returned.
1449                  */
1450                 return 0;
1451         }
1452
1453         brcmf_link_down(ifp->vif, WLAN_REASON_DEAUTH_LEAVING);
1454         brcmf_net_setcarrier(ifp, false);
1455
1456         brcmf_dbg(TRACE, "Exit\n");
1457
1458         return 0;
1459 }
1460
1461 static s32 brcmf_set_wpa_version(struct net_device *ndev,
1462                                  struct cfg80211_connect_params *sme)
1463 {
1464         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1465         struct brcmf_cfg80211_security *sec;
1466         s32 val = 0;
1467         s32 err = 0;
1468
1469         if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_1)
1470                 val = WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED;
1471         else if (sme->crypto.wpa_versions & NL80211_WPA_VERSION_2)
1472                 val = WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED;
1473         else
1474                 val = WPA_AUTH_DISABLED;
1475         brcmf_dbg(CONN, "setting wpa_auth to 0x%0x\n", val);
1476         err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
1477         if (err) {
1478                 brcmf_err("set wpa_auth failed (%d)\n", err);
1479                 return err;
1480         }
1481         sec = &profile->sec;
1482         sec->wpa_versions = sme->crypto.wpa_versions;
1483         return err;
1484 }
1485
1486 static s32 brcmf_set_auth_type(struct net_device *ndev,
1487                                struct cfg80211_connect_params *sme)
1488 {
1489         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1490         struct brcmf_cfg80211_security *sec;
1491         s32 val = 0;
1492         s32 err = 0;
1493
1494         switch (sme->auth_type) {
1495         case NL80211_AUTHTYPE_OPEN_SYSTEM:
1496                 val = 0;
1497                 brcmf_dbg(CONN, "open system\n");
1498                 break;
1499         case NL80211_AUTHTYPE_SHARED_KEY:
1500                 val = 1;
1501                 brcmf_dbg(CONN, "shared key\n");
1502                 break;
1503         default:
1504                 val = 2;
1505                 brcmf_dbg(CONN, "automatic, auth type (%d)\n", sme->auth_type);
1506                 break;
1507         }
1508
1509         err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "auth", val);
1510         if (err) {
1511                 brcmf_err("set auth failed (%d)\n", err);
1512                 return err;
1513         }
1514         sec = &profile->sec;
1515         sec->auth_type = sme->auth_type;
1516         return err;
1517 }
1518
1519 static s32
1520 brcmf_set_wsec_mode(struct net_device *ndev,
1521                     struct cfg80211_connect_params *sme)
1522 {
1523         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1524         struct brcmf_cfg80211_security *sec;
1525         s32 pval = 0;
1526         s32 gval = 0;
1527         s32 wsec;
1528         s32 err = 0;
1529
1530         if (sme->crypto.n_ciphers_pairwise) {
1531                 switch (sme->crypto.ciphers_pairwise[0]) {
1532                 case WLAN_CIPHER_SUITE_WEP40:
1533                 case WLAN_CIPHER_SUITE_WEP104:
1534                         pval = WEP_ENABLED;
1535                         break;
1536                 case WLAN_CIPHER_SUITE_TKIP:
1537                         pval = TKIP_ENABLED;
1538                         break;
1539                 case WLAN_CIPHER_SUITE_CCMP:
1540                         pval = AES_ENABLED;
1541                         break;
1542                 case WLAN_CIPHER_SUITE_AES_CMAC:
1543                         pval = AES_ENABLED;
1544                         break;
1545                 default:
1546                         brcmf_err("invalid cipher pairwise (%d)\n",
1547                                   sme->crypto.ciphers_pairwise[0]);
1548                         return -EINVAL;
1549                 }
1550         }
1551         if (sme->crypto.cipher_group) {
1552                 switch (sme->crypto.cipher_group) {
1553                 case WLAN_CIPHER_SUITE_WEP40:
1554                 case WLAN_CIPHER_SUITE_WEP104:
1555                         gval = WEP_ENABLED;
1556                         break;
1557                 case WLAN_CIPHER_SUITE_TKIP:
1558                         gval = TKIP_ENABLED;
1559                         break;
1560                 case WLAN_CIPHER_SUITE_CCMP:
1561                         gval = AES_ENABLED;
1562                         break;
1563                 case WLAN_CIPHER_SUITE_AES_CMAC:
1564                         gval = AES_ENABLED;
1565                         break;
1566                 default:
1567                         brcmf_err("invalid cipher group (%d)\n",
1568                                   sme->crypto.cipher_group);
1569                         return -EINVAL;
1570                 }
1571         }
1572
1573         brcmf_dbg(CONN, "pval (%d) gval (%d)\n", pval, gval);
1574         /* In case of privacy, but no security and WPS then simulate */
1575         /* setting AES. WPS-2.0 allows no security                   */
1576         if (brcmf_find_wpsie(sme->ie, sme->ie_len) && !pval && !gval &&
1577             sme->privacy)
1578                 pval = AES_ENABLED;
1579
1580         wsec = pval | gval;
1581         err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wsec", wsec);
1582         if (err) {
1583                 brcmf_err("error (%d)\n", err);
1584                 return err;
1585         }
1586
1587         sec = &profile->sec;
1588         sec->cipher_pairwise = sme->crypto.ciphers_pairwise[0];
1589         sec->cipher_group = sme->crypto.cipher_group;
1590
1591         return err;
1592 }
1593
1594 static s32
1595 brcmf_set_key_mgmt(struct net_device *ndev, struct cfg80211_connect_params *sme)
1596 {
1597         struct brcmf_if *ifp = netdev_priv(ndev);
1598         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1599         s32 val;
1600         s32 err;
1601         const struct brcmf_tlv *rsn_ie;
1602         const u8 *ie;
1603         u32 ie_len;
1604         u32 offset;
1605         u16 rsn_cap;
1606         u32 mfp;
1607         u16 count;
1608
1609         profile->use_fwsup = BRCMF_PROFILE_FWSUP_NONE;
1610
1611         if (!sme->crypto.n_akm_suites)
1612                 return 0;
1613
1614         err = brcmf_fil_bsscfg_int_get(netdev_priv(ndev), "wpa_auth", &val);
1615         if (err) {
1616                 brcmf_err("could not get wpa_auth (%d)\n", err);
1617                 return err;
1618         }
1619         if (val & (WPA_AUTH_PSK | WPA_AUTH_UNSPECIFIED)) {
1620                 switch (sme->crypto.akm_suites[0]) {
1621                 case WLAN_AKM_SUITE_8021X:
1622                         val = WPA_AUTH_UNSPECIFIED;
1623                         if (sme->want_1x)
1624                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1625                         break;
1626                 case WLAN_AKM_SUITE_PSK:
1627                         val = WPA_AUTH_PSK;
1628                         break;
1629                 default:
1630                         brcmf_err("invalid cipher group (%d)\n",
1631                                   sme->crypto.cipher_group);
1632                         return -EINVAL;
1633                 }
1634         } else if (val & (WPA2_AUTH_PSK | WPA2_AUTH_UNSPECIFIED)) {
1635                 switch (sme->crypto.akm_suites[0]) {
1636                 case WLAN_AKM_SUITE_8021X:
1637                         val = WPA2_AUTH_UNSPECIFIED;
1638                         if (sme->want_1x)
1639                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1640                         break;
1641                 case WLAN_AKM_SUITE_8021X_SHA256:
1642                         val = WPA2_AUTH_1X_SHA256;
1643                         if (sme->want_1x)
1644                                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_1X;
1645                         break;
1646                 case WLAN_AKM_SUITE_PSK_SHA256:
1647                         val = WPA2_AUTH_PSK_SHA256;
1648                         break;
1649                 case WLAN_AKM_SUITE_PSK:
1650                         val = WPA2_AUTH_PSK;
1651                         break;
1652                 default:
1653                         brcmf_err("invalid cipher group (%d)\n",
1654                                   sme->crypto.cipher_group);
1655                         return -EINVAL;
1656                 }
1657         }
1658
1659         if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_1X)
1660                 brcmf_dbg(INFO, "using 1X offload\n");
1661
1662         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
1663                 goto skip_mfp_config;
1664         /* The MFP mode (1 or 2) needs to be determined, parse IEs. The
1665          * IE will not be verified, just a quick search for MFP config
1666          */
1667         rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie, sme->ie_len,
1668                                   WLAN_EID_RSN);
1669         if (!rsn_ie)
1670                 goto skip_mfp_config;
1671         ie = (const u8 *)rsn_ie;
1672         ie_len = rsn_ie->len + TLV_HDR_LEN;
1673         /* Skip unicast suite */
1674         offset = TLV_HDR_LEN + WPA_IE_VERSION_LEN + WPA_IE_MIN_OUI_LEN;
1675         if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1676                 goto skip_mfp_config;
1677         /* Skip multicast suite */
1678         count = ie[offset] + (ie[offset + 1] << 8);
1679         offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1680         if (offset + WPA_IE_SUITE_COUNT_LEN >= ie_len)
1681                 goto skip_mfp_config;
1682         /* Skip auth key management suite(s) */
1683         count = ie[offset] + (ie[offset + 1] << 8);
1684         offset += WPA_IE_SUITE_COUNT_LEN + (count * WPA_IE_MIN_OUI_LEN);
1685         if (offset + WPA_IE_SUITE_COUNT_LEN > ie_len)
1686                 goto skip_mfp_config;
1687         /* Ready to read capabilities */
1688         mfp = BRCMF_MFP_NONE;
1689         rsn_cap = ie[offset] + (ie[offset + 1] << 8);
1690         if (rsn_cap & RSN_CAP_MFPR_MASK)
1691                 mfp = BRCMF_MFP_REQUIRED;
1692         else if (rsn_cap & RSN_CAP_MFPC_MASK)
1693                 mfp = BRCMF_MFP_CAPABLE;
1694         brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "mfp", mfp);
1695
1696 skip_mfp_config:
1697         brcmf_dbg(CONN, "setting wpa_auth to %d\n", val);
1698         err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "wpa_auth", val);
1699         if (err) {
1700                 brcmf_err("could not set wpa_auth (%d)\n", err);
1701                 return err;
1702         }
1703
1704         return err;
1705 }
1706
1707 static s32
1708 brcmf_set_sharedkey(struct net_device *ndev,
1709                     struct cfg80211_connect_params *sme)
1710 {
1711         struct brcmf_cfg80211_profile *profile = ndev_to_prof(ndev);
1712         struct brcmf_cfg80211_security *sec;
1713         struct brcmf_wsec_key key;
1714         s32 val;
1715         s32 err = 0;
1716
1717         brcmf_dbg(CONN, "key len (%d)\n", sme->key_len);
1718
1719         if (sme->key_len == 0)
1720                 return 0;
1721
1722         sec = &profile->sec;
1723         brcmf_dbg(CONN, "wpa_versions 0x%x cipher_pairwise 0x%x\n",
1724                   sec->wpa_versions, sec->cipher_pairwise);
1725
1726         if (sec->wpa_versions & (NL80211_WPA_VERSION_1 | NL80211_WPA_VERSION_2))
1727                 return 0;
1728
1729         if (!(sec->cipher_pairwise &
1730             (WLAN_CIPHER_SUITE_WEP40 | WLAN_CIPHER_SUITE_WEP104)))
1731                 return 0;
1732
1733         memset(&key, 0, sizeof(key));
1734         key.len = (u32) sme->key_len;
1735         key.index = (u32) sme->key_idx;
1736         if (key.len > sizeof(key.data)) {
1737                 brcmf_err("Too long key length (%u)\n", key.len);
1738                 return -EINVAL;
1739         }
1740         memcpy(key.data, sme->key, key.len);
1741         key.flags = BRCMF_PRIMARY_KEY;
1742         switch (sec->cipher_pairwise) {
1743         case WLAN_CIPHER_SUITE_WEP40:
1744                 key.algo = CRYPTO_ALGO_WEP1;
1745                 break;
1746         case WLAN_CIPHER_SUITE_WEP104:
1747                 key.algo = CRYPTO_ALGO_WEP128;
1748                 break;
1749         default:
1750                 brcmf_err("Invalid algorithm (%d)\n",
1751                           sme->crypto.ciphers_pairwise[0]);
1752                 return -EINVAL;
1753         }
1754         /* Set the new key/index */
1755         brcmf_dbg(CONN, "key length (%d) key index (%d) algo (%d)\n",
1756                   key.len, key.index, key.algo);
1757         brcmf_dbg(CONN, "key \"%s\"\n", key.data);
1758         err = send_key_to_dongle(netdev_priv(ndev), &key);
1759         if (err)
1760                 return err;
1761
1762         if (sec->auth_type == NL80211_AUTHTYPE_SHARED_KEY) {
1763                 brcmf_dbg(CONN, "set auth_type to shared key\n");
1764                 val = WL_AUTH_SHARED_KEY;       /* shared key */
1765                 err = brcmf_fil_bsscfg_int_set(netdev_priv(ndev), "auth", val);
1766                 if (err)
1767                         brcmf_err("set auth failed (%d)\n", err);
1768         }
1769         return err;
1770 }
1771
1772 static
1773 enum nl80211_auth_type brcmf_war_auth_type(struct brcmf_if *ifp,
1774                                            enum nl80211_auth_type type)
1775 {
1776         if (type == NL80211_AUTHTYPE_AUTOMATIC &&
1777             brcmf_feat_is_quirk_enabled(ifp, BRCMF_FEAT_QUIRK_AUTO_AUTH)) {
1778                 brcmf_dbg(CONN, "WAR: use OPEN instead of AUTO\n");
1779                 type = NL80211_AUTHTYPE_OPEN_SYSTEM;
1780         }
1781         return type;
1782 }
1783
1784 static void brcmf_set_join_pref(struct brcmf_if *ifp,
1785                                 struct cfg80211_bss_selection *bss_select)
1786 {
1787         struct brcmf_join_pref_params join_pref_params[2];
1788         enum nl80211_band band;
1789         int err, i = 0;
1790
1791         join_pref_params[i].len = 2;
1792         join_pref_params[i].rssi_gain = 0;
1793
1794         if (bss_select->behaviour != NL80211_BSS_SELECT_ATTR_BAND_PREF)
1795                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_ASSOC_PREFER, WLC_BAND_AUTO);
1796
1797         switch (bss_select->behaviour) {
1798         case __NL80211_BSS_SELECT_ATTR_INVALID:
1799                 brcmf_c_set_joinpref_default(ifp);
1800                 return;
1801         case NL80211_BSS_SELECT_ATTR_BAND_PREF:
1802                 join_pref_params[i].type = BRCMF_JOIN_PREF_BAND;
1803                 band = bss_select->param.band_pref;
1804                 join_pref_params[i].band = nl80211_band_to_fwil(band);
1805                 i++;
1806                 break;
1807         case NL80211_BSS_SELECT_ATTR_RSSI_ADJUST:
1808                 join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI_DELTA;
1809                 band = bss_select->param.adjust.band;
1810                 join_pref_params[i].band = nl80211_band_to_fwil(band);
1811                 join_pref_params[i].rssi_gain = bss_select->param.adjust.delta;
1812                 i++;
1813                 break;
1814         case NL80211_BSS_SELECT_ATTR_RSSI:
1815         default:
1816                 break;
1817         }
1818         join_pref_params[i].type = BRCMF_JOIN_PREF_RSSI;
1819         join_pref_params[i].len = 2;
1820         join_pref_params[i].rssi_gain = 0;
1821         join_pref_params[i].band = 0;
1822         err = brcmf_fil_iovar_data_set(ifp, "join_pref", join_pref_params,
1823                                        sizeof(join_pref_params));
1824         if (err)
1825                 brcmf_err("Set join_pref error (%d)\n", err);
1826 }
1827
1828 static s32
1829 brcmf_cfg80211_connect(struct wiphy *wiphy, struct net_device *ndev,
1830                        struct cfg80211_connect_params *sme)
1831 {
1832         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
1833         struct brcmf_if *ifp = netdev_priv(ndev);
1834         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
1835         struct ieee80211_channel *chan = sme->channel;
1836         struct brcmf_join_params join_params;
1837         size_t join_params_size;
1838         const struct brcmf_tlv *rsn_ie;
1839         const struct brcmf_vs_tlv *wpa_ie;
1840         const void *ie;
1841         u32 ie_len;
1842         struct brcmf_ext_join_params_le *ext_join_params;
1843         u16 chanspec;
1844         s32 err = 0;
1845         u32 ssid_len;
1846
1847         brcmf_dbg(TRACE, "Enter\n");
1848         if (!check_vif_up(ifp->vif))
1849                 return -EIO;
1850
1851         if (!sme->ssid) {
1852                 brcmf_err("Invalid ssid\n");
1853                 return -EOPNOTSUPP;
1854         }
1855
1856         if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif) {
1857                 /* A normal (non P2P) connection request setup. */
1858                 ie = NULL;
1859                 ie_len = 0;
1860                 /* find the WPA_IE */
1861                 wpa_ie = brcmf_find_wpaie((u8 *)sme->ie, sme->ie_len);
1862                 if (wpa_ie) {
1863                         ie = wpa_ie;
1864                         ie_len = wpa_ie->len + TLV_HDR_LEN;
1865                 } else {
1866                         /* find the RSN_IE */
1867                         rsn_ie = brcmf_parse_tlvs((const u8 *)sme->ie,
1868                                                   sme->ie_len,
1869                                                   WLAN_EID_RSN);
1870                         if (rsn_ie) {
1871                                 ie = rsn_ie;
1872                                 ie_len = rsn_ie->len + TLV_HDR_LEN;
1873                         }
1874                 }
1875                 brcmf_fil_iovar_data_set(ifp, "wpaie", ie, ie_len);
1876         }
1877
1878         err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
1879                                     sme->ie, sme->ie_len);
1880         if (err)
1881                 brcmf_err("Set Assoc REQ IE Failed\n");
1882         else
1883                 brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
1884
1885         set_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
1886
1887         if (chan) {
1888                 cfg->channel =
1889                         ieee80211_frequency_to_channel(chan->center_freq);
1890                 chanspec = channel_to_chanspec(&cfg->d11inf, chan);
1891                 brcmf_dbg(CONN, "channel=%d, center_req=%d, chanspec=0x%04x\n",
1892                           cfg->channel, chan->center_freq, chanspec);
1893         } else {
1894                 cfg->channel = 0;
1895                 chanspec = 0;
1896         }
1897
1898         brcmf_dbg(INFO, "ie (%p), ie_len (%zd)\n", sme->ie, sme->ie_len);
1899
1900         err = brcmf_set_wpa_version(ndev, sme);
1901         if (err) {
1902                 brcmf_err("wl_set_wpa_version failed (%d)\n", err);
1903                 goto done;
1904         }
1905
1906         sme->auth_type = brcmf_war_auth_type(ifp, sme->auth_type);
1907         err = brcmf_set_auth_type(ndev, sme);
1908         if (err) {
1909                 brcmf_err("wl_set_auth_type failed (%d)\n", err);
1910                 goto done;
1911         }
1912
1913         err = brcmf_set_wsec_mode(ndev, sme);
1914         if (err) {
1915                 brcmf_err("wl_set_set_cipher failed (%d)\n", err);
1916                 goto done;
1917         }
1918
1919         err = brcmf_set_key_mgmt(ndev, sme);
1920         if (err) {
1921                 brcmf_err("wl_set_key_mgmt failed (%d)\n", err);
1922                 goto done;
1923         }
1924
1925         err = brcmf_set_sharedkey(ndev, sme);
1926         if (err) {
1927                 brcmf_err("brcmf_set_sharedkey failed (%d)\n", err);
1928                 goto done;
1929         }
1930
1931         if (sme->crypto.psk) {
1932                 if (WARN_ON(profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE)) {
1933                         err = -EINVAL;
1934                         goto done;
1935                 }
1936                 brcmf_dbg(INFO, "using PSK offload\n");
1937                 profile->use_fwsup = BRCMF_PROFILE_FWSUP_PSK;
1938         }
1939
1940         if (profile->use_fwsup != BRCMF_PROFILE_FWSUP_NONE) {
1941                 /* enable firmware supplicant for this interface */
1942                 err = brcmf_fil_iovar_int_set(ifp, "sup_wpa", 1);
1943                 if (err < 0) {
1944                         brcmf_err("failed to enable fw supplicant\n");
1945                         goto done;
1946                 }
1947         }
1948
1949         if (profile->use_fwsup == BRCMF_PROFILE_FWSUP_PSK) {
1950                 err = brcmf_set_pmk(ifp, sme->crypto.psk,
1951                                     BRCMF_WSEC_MAX_PSK_LEN);
1952                 if (err)
1953                         goto done;
1954         }
1955
1956         /* Join with specific BSSID and cached SSID
1957          * If SSID is zero join based on BSSID only
1958          */
1959         join_params_size = offsetof(struct brcmf_ext_join_params_le, assoc_le) +
1960                 offsetof(struct brcmf_assoc_params_le, chanspec_list);
1961         if (cfg->channel)
1962                 join_params_size += sizeof(u16);
1963         ext_join_params = kzalloc(join_params_size, GFP_KERNEL);
1964         if (ext_join_params == NULL) {
1965                 err = -ENOMEM;
1966                 goto done;
1967         }
1968         ssid_len = min_t(u32, sme->ssid_len, IEEE80211_MAX_SSID_LEN);
1969         ext_join_params->ssid_le.SSID_len = cpu_to_le32(ssid_len);
1970         memcpy(&ext_join_params->ssid_le.SSID, sme->ssid, ssid_len);
1971         if (ssid_len < IEEE80211_MAX_SSID_LEN)
1972                 brcmf_dbg(CONN, "SSID \"%s\", len (%d)\n",
1973                           ext_join_params->ssid_le.SSID, ssid_len);
1974
1975         /* Set up join scan parameters */
1976         ext_join_params->scan_le.scan_type = -1;
1977         ext_join_params->scan_le.home_time = cpu_to_le32(-1);
1978
1979         if (sme->bssid)
1980                 memcpy(&ext_join_params->assoc_le.bssid, sme->bssid, ETH_ALEN);
1981         else
1982                 eth_broadcast_addr(ext_join_params->assoc_le.bssid);
1983
1984         if (cfg->channel) {
1985                 ext_join_params->assoc_le.chanspec_num = cpu_to_le32(1);
1986
1987                 ext_join_params->assoc_le.chanspec_list[0] =
1988                         cpu_to_le16(chanspec);
1989                 /* Increase dwell time to receive probe response or detect
1990                  * beacon from target AP at a noisy air only during connect
1991                  * command.
1992                  */
1993                 ext_join_params->scan_le.active_time =
1994                         cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS);
1995                 ext_join_params->scan_le.passive_time =
1996                         cpu_to_le32(BRCMF_SCAN_JOIN_PASSIVE_DWELL_TIME_MS);
1997                 /* To sync with presence period of VSDB GO send probe request
1998                  * more frequently. Probe request will be stopped when it gets
1999                  * probe response from target AP/GO.
2000                  */
2001                 ext_join_params->scan_le.nprobes =
2002                         cpu_to_le32(BRCMF_SCAN_JOIN_ACTIVE_DWELL_TIME_MS /
2003                                     BRCMF_SCAN_JOIN_PROBE_INTERVAL_MS);
2004         } else {
2005                 ext_join_params->scan_le.active_time = cpu_to_le32(-1);
2006                 ext_join_params->scan_le.passive_time = cpu_to_le32(-1);
2007                 ext_join_params->scan_le.nprobes = cpu_to_le32(-1);
2008         }
2009
2010         brcmf_set_join_pref(ifp, &sme->bss_select);
2011
2012         err  = brcmf_fil_bsscfg_data_set(ifp, "join", ext_join_params,
2013                                          join_params_size);
2014         kfree(ext_join_params);
2015         if (!err)
2016                 /* This is it. join command worked, we are done */
2017                 goto done;
2018
2019         /* join command failed, fallback to set ssid */
2020         memset(&join_params, 0, sizeof(join_params));
2021         join_params_size = sizeof(join_params.ssid_le);
2022
2023         memcpy(&join_params.ssid_le.SSID, sme->ssid, ssid_len);
2024         join_params.ssid_le.SSID_len = cpu_to_le32(ssid_len);
2025
2026         if (sme->bssid)
2027                 memcpy(join_params.params_le.bssid, sme->bssid, ETH_ALEN);
2028         else
2029                 eth_broadcast_addr(join_params.params_le.bssid);
2030
2031         if (cfg->channel) {
2032                 join_params.params_le.chanspec_list[0] = cpu_to_le16(chanspec);
2033                 join_params.params_le.chanspec_num = cpu_to_le32(1);
2034                 join_params_size += sizeof(join_params.params_le);
2035         }
2036         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
2037                                      &join_params, join_params_size);
2038         if (err)
2039                 brcmf_err("BRCMF_C_SET_SSID failed (%d)\n", err);
2040
2041 done:
2042         if (err)
2043                 clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2044         brcmf_dbg(TRACE, "Exit\n");
2045         return err;
2046 }
2047
2048 static s32
2049 brcmf_cfg80211_disconnect(struct wiphy *wiphy, struct net_device *ndev,
2050                        u16 reason_code)
2051 {
2052         struct brcmf_if *ifp = netdev_priv(ndev);
2053         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2054         struct brcmf_scb_val_le scbval;
2055         s32 err = 0;
2056
2057         brcmf_dbg(TRACE, "Enter. Reason code = %d\n", reason_code);
2058         if (!check_vif_up(ifp->vif))
2059                 return -EIO;
2060
2061         clear_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
2062         clear_bit(BRCMF_VIF_STATUS_CONNECTING, &ifp->vif->sme_state);
2063         cfg80211_disconnected(ndev, reason_code, NULL, 0, true, GFP_KERNEL);
2064
2065         memcpy(&scbval.ea, &profile->bssid, ETH_ALEN);
2066         scbval.val = cpu_to_le32(reason_code);
2067         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_DISASSOC,
2068                                      &scbval, sizeof(scbval));
2069         if (err)
2070                 brcmf_err("error (%d)\n", err);
2071
2072         brcmf_dbg(TRACE, "Exit\n");
2073         return err;
2074 }
2075
2076 static s32
2077 brcmf_cfg80211_set_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2078                             enum nl80211_tx_power_setting type, s32 mbm)
2079 {
2080         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2081         struct net_device *ndev = cfg_to_ndev(cfg);
2082         struct brcmf_if *ifp = netdev_priv(ndev);
2083         s32 err;
2084         s32 disable;
2085         u32 qdbm = 127;
2086
2087         brcmf_dbg(TRACE, "Enter %d %d\n", type, mbm);
2088         if (!check_vif_up(ifp->vif))
2089                 return -EIO;
2090
2091         switch (type) {
2092         case NL80211_TX_POWER_AUTOMATIC:
2093                 break;
2094         case NL80211_TX_POWER_LIMITED:
2095         case NL80211_TX_POWER_FIXED:
2096                 if (mbm < 0) {
2097                         brcmf_err("TX_POWER_FIXED - dbm is negative\n");
2098                         err = -EINVAL;
2099                         goto done;
2100                 }
2101                 qdbm =  MBM_TO_DBM(4 * mbm);
2102                 if (qdbm > 127)
2103                         qdbm = 127;
2104                 qdbm |= WL_TXPWR_OVERRIDE;
2105                 break;
2106         default:
2107                 brcmf_err("Unsupported type %d\n", type);
2108                 err = -EINVAL;
2109                 goto done;
2110         }
2111         /* Make sure radio is off or on as far as software is concerned */
2112         disable = WL_RADIO_SW_DISABLE << 16;
2113         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_RADIO, disable);
2114         if (err)
2115                 brcmf_err("WLC_SET_RADIO error (%d)\n", err);
2116
2117         err = brcmf_fil_iovar_int_set(ifp, "qtxpower", qdbm);
2118         if (err)
2119                 brcmf_err("qtxpower error (%d)\n", err);
2120
2121 done:
2122         brcmf_dbg(TRACE, "Exit %d (qdbm)\n", qdbm & ~WL_TXPWR_OVERRIDE);
2123         return err;
2124 }
2125
2126 static s32
2127 brcmf_cfg80211_get_tx_power(struct wiphy *wiphy, struct wireless_dev *wdev,
2128                             s32 *dbm)
2129 {
2130         struct brcmf_cfg80211_vif *vif = wdev_to_vif(wdev);
2131         s32 qdbm = 0;
2132         s32 err;
2133
2134         brcmf_dbg(TRACE, "Enter\n");
2135         if (!check_vif_up(vif))
2136                 return -EIO;
2137
2138         err = brcmf_fil_iovar_int_get(vif->ifp, "qtxpower", &qdbm);
2139         if (err) {
2140                 brcmf_err("error (%d)\n", err);
2141                 goto done;
2142         }
2143         *dbm = (qdbm & ~WL_TXPWR_OVERRIDE) / 4;
2144
2145 done:
2146         brcmf_dbg(TRACE, "Exit (0x%x %d)\n", qdbm, *dbm);
2147         return err;
2148 }
2149
2150 static s32
2151 brcmf_cfg80211_config_default_key(struct wiphy *wiphy, struct net_device *ndev,
2152                                   u8 key_idx, bool unicast, bool multicast)
2153 {
2154         struct brcmf_if *ifp = netdev_priv(ndev);
2155         u32 index;
2156         u32 wsec;
2157         s32 err = 0;
2158
2159         brcmf_dbg(TRACE, "Enter\n");
2160         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2161         if (!check_vif_up(ifp->vif))
2162                 return -EIO;
2163
2164         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2165         if (err) {
2166                 brcmf_err("WLC_GET_WSEC error (%d)\n", err);
2167                 goto done;
2168         }
2169
2170         if (wsec & WEP_ENABLED) {
2171                 /* Just select a new current key */
2172                 index = key_idx;
2173                 err = brcmf_fil_cmd_int_set(ifp,
2174                                             BRCMF_C_SET_KEY_PRIMARY, index);
2175                 if (err)
2176                         brcmf_err("error (%d)\n", err);
2177         }
2178 done:
2179         brcmf_dbg(TRACE, "Exit\n");
2180         return err;
2181 }
2182
2183 static s32
2184 brcmf_cfg80211_del_key(struct wiphy *wiphy, struct net_device *ndev,
2185                        u8 key_idx, bool pairwise, const u8 *mac_addr)
2186 {
2187         struct brcmf_if *ifp = netdev_priv(ndev);
2188         struct brcmf_wsec_key *key;
2189         s32 err;
2190
2191         brcmf_dbg(TRACE, "Enter\n");
2192         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2193
2194         if (!check_vif_up(ifp->vif))
2195                 return -EIO;
2196
2197         if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2198                 /* we ignore this key index in this case */
2199                 return -EINVAL;
2200         }
2201
2202         key = &ifp->vif->profile.key[key_idx];
2203
2204         if (key->algo == CRYPTO_ALGO_OFF) {
2205                 brcmf_dbg(CONN, "Ignore clearing of (never configured) key\n");
2206                 return -EINVAL;
2207         }
2208
2209         memset(key, 0, sizeof(*key));
2210         key->index = (u32)key_idx;
2211         key->flags = BRCMF_PRIMARY_KEY;
2212
2213         /* Clear the key/index */
2214         err = send_key_to_dongle(ifp, key);
2215
2216         brcmf_dbg(TRACE, "Exit\n");
2217         return err;
2218 }
2219
2220 static s32
2221 brcmf_cfg80211_add_key(struct wiphy *wiphy, struct net_device *ndev,
2222                        u8 key_idx, bool pairwise, const u8 *mac_addr,
2223                        struct key_params *params)
2224 {
2225         struct brcmf_if *ifp = netdev_priv(ndev);
2226         struct brcmf_wsec_key *key;
2227         s32 val;
2228         s32 wsec;
2229         s32 err;
2230         u8 keybuf[8];
2231         bool ext_key;
2232
2233         brcmf_dbg(TRACE, "Enter\n");
2234         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2235         if (!check_vif_up(ifp->vif))
2236                 return -EIO;
2237
2238         if (key_idx >= BRCMF_MAX_DEFAULT_KEYS) {
2239                 /* we ignore this key index in this case */
2240                 brcmf_err("invalid key index (%d)\n", key_idx);
2241                 return -EINVAL;
2242         }
2243
2244         if (params->key_len == 0)
2245                 return brcmf_cfg80211_del_key(wiphy, ndev, key_idx, pairwise,
2246                                               mac_addr);
2247
2248         if (params->key_len > sizeof(key->data)) {
2249                 brcmf_err("Too long key length (%u)\n", params->key_len);
2250                 return -EINVAL;
2251         }
2252
2253         ext_key = false;
2254         if (mac_addr && (params->cipher != WLAN_CIPHER_SUITE_WEP40) &&
2255             (params->cipher != WLAN_CIPHER_SUITE_WEP104)) {
2256                 brcmf_dbg(TRACE, "Ext key, mac %pM", mac_addr);
2257                 ext_key = true;
2258         }
2259
2260         key = &ifp->vif->profile.key[key_idx];
2261         memset(key, 0, sizeof(*key));
2262         if ((ext_key) && (!is_multicast_ether_addr(mac_addr)))
2263                 memcpy((char *)&key->ea, (void *)mac_addr, ETH_ALEN);
2264         key->len = params->key_len;
2265         key->index = key_idx;
2266         memcpy(key->data, params->key, key->len);
2267         if (!ext_key)
2268                 key->flags = BRCMF_PRIMARY_KEY;
2269
2270         switch (params->cipher) {
2271         case WLAN_CIPHER_SUITE_WEP40:
2272                 key->algo = CRYPTO_ALGO_WEP1;
2273                 val = WEP_ENABLED;
2274                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2275                 break;
2276         case WLAN_CIPHER_SUITE_WEP104:
2277                 key->algo = CRYPTO_ALGO_WEP128;
2278                 val = WEP_ENABLED;
2279                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2280                 break;
2281         case WLAN_CIPHER_SUITE_TKIP:
2282                 if (!brcmf_is_apmode(ifp->vif)) {
2283                         brcmf_dbg(CONN, "Swapping RX/TX MIC key\n");
2284                         memcpy(keybuf, &key->data[24], sizeof(keybuf));
2285                         memcpy(&key->data[24], &key->data[16], sizeof(keybuf));
2286                         memcpy(&key->data[16], keybuf, sizeof(keybuf));
2287                 }
2288                 key->algo = CRYPTO_ALGO_TKIP;
2289                 val = TKIP_ENABLED;
2290                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2291                 break;
2292         case WLAN_CIPHER_SUITE_AES_CMAC:
2293                 key->algo = CRYPTO_ALGO_AES_CCM;
2294                 val = AES_ENABLED;
2295                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2296                 break;
2297         case WLAN_CIPHER_SUITE_CCMP:
2298                 key->algo = CRYPTO_ALGO_AES_CCM;
2299                 val = AES_ENABLED;
2300                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_CCMP\n");
2301                 break;
2302         default:
2303                 brcmf_err("Invalid cipher (0x%x)\n", params->cipher);
2304                 err = -EINVAL;
2305                 goto done;
2306         }
2307
2308         err = send_key_to_dongle(ifp, key);
2309         if (ext_key || err)
2310                 goto done;
2311
2312         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2313         if (err) {
2314                 brcmf_err("get wsec error (%d)\n", err);
2315                 goto done;
2316         }
2317         wsec |= val;
2318         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2319         if (err) {
2320                 brcmf_err("set wsec error (%d)\n", err);
2321                 goto done;
2322         }
2323
2324 done:
2325         brcmf_dbg(TRACE, "Exit\n");
2326         return err;
2327 }
2328
2329 static s32
2330 brcmf_cfg80211_get_key(struct wiphy *wiphy, struct net_device *ndev, u8 key_idx,
2331                        bool pairwise, const u8 *mac_addr, void *cookie,
2332                        void (*callback)(void *cookie,
2333                                         struct key_params *params))
2334 {
2335         struct key_params params;
2336         struct brcmf_if *ifp = netdev_priv(ndev);
2337         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
2338         struct brcmf_cfg80211_security *sec;
2339         s32 wsec;
2340         s32 err = 0;
2341
2342         brcmf_dbg(TRACE, "Enter\n");
2343         brcmf_dbg(CONN, "key index (%d)\n", key_idx);
2344         if (!check_vif_up(ifp->vif))
2345                 return -EIO;
2346
2347         memset(&params, 0, sizeof(params));
2348
2349         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2350         if (err) {
2351                 brcmf_err("WLC_GET_WSEC error (%d)\n", err);
2352                 /* Ignore this error, may happen during DISASSOC */
2353                 err = -EAGAIN;
2354                 goto done;
2355         }
2356         if (wsec & WEP_ENABLED) {
2357                 sec = &profile->sec;
2358                 if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP40) {
2359                         params.cipher = WLAN_CIPHER_SUITE_WEP40;
2360                         brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP40\n");
2361                 } else if (sec->cipher_pairwise & WLAN_CIPHER_SUITE_WEP104) {
2362                         params.cipher = WLAN_CIPHER_SUITE_WEP104;
2363                         brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_WEP104\n");
2364                 }
2365         } else if (wsec & TKIP_ENABLED) {
2366                 params.cipher = WLAN_CIPHER_SUITE_TKIP;
2367                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_TKIP\n");
2368         } else if (wsec & AES_ENABLED) {
2369                 params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
2370                 brcmf_dbg(CONN, "WLAN_CIPHER_SUITE_AES_CMAC\n");
2371         } else  {
2372                 brcmf_err("Invalid algo (0x%x)\n", wsec);
2373                 err = -EINVAL;
2374                 goto done;
2375         }
2376         callback(cookie, &params);
2377
2378 done:
2379         brcmf_dbg(TRACE, "Exit\n");
2380         return err;
2381 }
2382
2383 static s32
2384 brcmf_cfg80211_config_default_mgmt_key(struct wiphy *wiphy,
2385                                        struct net_device *ndev, u8 key_idx)
2386 {
2387         struct brcmf_if *ifp = netdev_priv(ndev);
2388
2389         brcmf_dbg(TRACE, "Enter key_idx %d\n", key_idx);
2390
2391         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
2392                 return 0;
2393
2394         brcmf_dbg(INFO, "Not supported\n");
2395
2396         return -EOPNOTSUPP;
2397 }
2398
2399 static void
2400 brcmf_cfg80211_reconfigure_wep(struct brcmf_if *ifp)
2401 {
2402         s32 err;
2403         u8 key_idx;
2404         struct brcmf_wsec_key *key;
2405         s32 wsec;
2406
2407         for (key_idx = 0; key_idx < BRCMF_MAX_DEFAULT_KEYS; key_idx++) {
2408                 key = &ifp->vif->profile.key[key_idx];
2409                 if ((key->algo == CRYPTO_ALGO_WEP1) ||
2410                     (key->algo == CRYPTO_ALGO_WEP128))
2411                         break;
2412         }
2413         if (key_idx == BRCMF_MAX_DEFAULT_KEYS)
2414                 return;
2415
2416         err = send_key_to_dongle(ifp, key);
2417         if (err) {
2418                 brcmf_err("Setting WEP key failed (%d)\n", err);
2419                 return;
2420         }
2421         err = brcmf_fil_bsscfg_int_get(ifp, "wsec", &wsec);
2422         if (err) {
2423                 brcmf_err("get wsec error (%d)\n", err);
2424                 return;
2425         }
2426         wsec |= WEP_ENABLED;
2427         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
2428         if (err)
2429                 brcmf_err("set wsec error (%d)\n", err);
2430 }
2431
2432 static void brcmf_convert_sta_flags(u32 fw_sta_flags, struct station_info *si)
2433 {
2434         struct nl80211_sta_flag_update *sfu;
2435
2436         brcmf_dbg(TRACE, "flags %08x\n", fw_sta_flags);
2437         si->filled |= BIT_ULL(NL80211_STA_INFO_STA_FLAGS);
2438         sfu = &si->sta_flags;
2439         sfu->mask = BIT(NL80211_STA_FLAG_WME) |
2440                     BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2441                     BIT(NL80211_STA_FLAG_ASSOCIATED) |
2442                     BIT(NL80211_STA_FLAG_AUTHORIZED);
2443         if (fw_sta_flags & BRCMF_STA_WME)
2444                 sfu->set |= BIT(NL80211_STA_FLAG_WME);
2445         if (fw_sta_flags & BRCMF_STA_AUTHE)
2446                 sfu->set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
2447         if (fw_sta_flags & BRCMF_STA_ASSOC)
2448                 sfu->set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2449         if (fw_sta_flags & BRCMF_STA_AUTHO)
2450                 sfu->set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
2451 }
2452
2453 static void brcmf_fill_bss_param(struct brcmf_if *ifp, struct station_info *si)
2454 {
2455         struct {
2456                 __le32 len;
2457                 struct brcmf_bss_info_le bss_le;
2458         } *buf;
2459         u16 capability;
2460         int err;
2461
2462         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
2463         if (!buf)
2464                 return;
2465
2466         buf->len = cpu_to_le32(WL_BSS_INFO_MAX);
2467         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO, buf,
2468                                      WL_BSS_INFO_MAX);
2469         if (err) {
2470                 brcmf_err("Failed to get bss info (%d)\n", err);
2471                 goto out_kfree;
2472         }
2473         si->filled |= BIT_ULL(NL80211_STA_INFO_BSS_PARAM);
2474         si->bss_param.beacon_interval = le16_to_cpu(buf->bss_le.beacon_period);
2475         si->bss_param.dtim_period = buf->bss_le.dtim_period;
2476         capability = le16_to_cpu(buf->bss_le.capability);
2477         if (capability & IEEE80211_HT_STBC_PARAM_DUAL_CTS_PROT)
2478                 si->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
2479         if (capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
2480                 si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
2481         if (capability & WLAN_CAPABILITY_SHORT_SLOT_TIME)
2482                 si->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
2483
2484 out_kfree:
2485         kfree(buf);
2486 }
2487
2488 static s32
2489 brcmf_cfg80211_get_station_ibss(struct brcmf_if *ifp,
2490                                 struct station_info *sinfo)
2491 {
2492         struct brcmf_scb_val_le scbval;
2493         struct brcmf_pktcnt_le pktcnt;
2494         s32 err;
2495         u32 rate;
2496         u32 rssi;
2497
2498         /* Get the current tx rate */
2499         err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_RATE, &rate);
2500         if (err < 0) {
2501                 brcmf_err("BRCMF_C_GET_RATE error (%d)\n", err);
2502                 return err;
2503         }
2504         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2505         sinfo->txrate.legacy = rate * 5;
2506
2507         memset(&scbval, 0, sizeof(scbval));
2508         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI, &scbval,
2509                                      sizeof(scbval));
2510         if (err) {
2511                 brcmf_err("BRCMF_C_GET_RSSI error (%d)\n", err);
2512                 return err;
2513         }
2514         rssi = le32_to_cpu(scbval.val);
2515         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2516         sinfo->signal = rssi;
2517
2518         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_GET_PKTCNTS, &pktcnt,
2519                                      sizeof(pktcnt));
2520         if (err) {
2521                 brcmf_err("BRCMF_C_GET_GET_PKTCNTS error (%d)\n", err);
2522                 return err;
2523         }
2524         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS) |
2525                          BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC) |
2526                          BIT_ULL(NL80211_STA_INFO_TX_PACKETS) |
2527                          BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2528         sinfo->rx_packets = le32_to_cpu(pktcnt.rx_good_pkt);
2529         sinfo->rx_dropped_misc = le32_to_cpu(pktcnt.rx_bad_pkt);
2530         sinfo->tx_packets = le32_to_cpu(pktcnt.tx_good_pkt);
2531         sinfo->tx_failed  = le32_to_cpu(pktcnt.tx_bad_pkt);
2532
2533         return 0;
2534 }
2535
2536 static s32
2537 brcmf_cfg80211_get_station(struct wiphy *wiphy, struct net_device *ndev,
2538                            const u8 *mac, struct station_info *sinfo)
2539 {
2540         struct brcmf_if *ifp = netdev_priv(ndev);
2541         struct brcmf_scb_val_le scb_val;
2542         s32 err = 0;
2543         struct brcmf_sta_info_le sta_info_le;
2544         u32 sta_flags;
2545         u32 is_tdls_peer;
2546         s32 total_rssi_avg = 0;
2547         s32 total_rssi = 0;
2548         s32 count_rssi = 0;
2549         int rssi;
2550         u32 i;
2551
2552         brcmf_dbg(TRACE, "Enter, MAC %pM\n", mac);
2553         if (!check_vif_up(ifp->vif))
2554                 return -EIO;
2555
2556         if (brcmf_is_ibssmode(ifp->vif))
2557                 return brcmf_cfg80211_get_station_ibss(ifp, sinfo);
2558
2559         memset(&sta_info_le, 0, sizeof(sta_info_le));
2560         memcpy(&sta_info_le, mac, ETH_ALEN);
2561         err = brcmf_fil_iovar_data_get(ifp, "tdls_sta_info",
2562                                        &sta_info_le,
2563                                        sizeof(sta_info_le));
2564         is_tdls_peer = !err;
2565         if (err) {
2566                 err = brcmf_fil_iovar_data_get(ifp, "sta_info",
2567                                                &sta_info_le,
2568                                                sizeof(sta_info_le));
2569                 if (err < 0) {
2570                         brcmf_err("GET STA INFO failed, %d\n", err);
2571                         goto done;
2572                 }
2573         }
2574         brcmf_dbg(TRACE, "version %d\n", le16_to_cpu(sta_info_le.ver));
2575         sinfo->filled = BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME);
2576         sinfo->inactive_time = le32_to_cpu(sta_info_le.idle) * 1000;
2577         sta_flags = le32_to_cpu(sta_info_le.flags);
2578         brcmf_convert_sta_flags(sta_flags, sinfo);
2579         sinfo->sta_flags.mask |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2580         if (is_tdls_peer)
2581                 sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2582         else
2583                 sinfo->sta_flags.set &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
2584         if (sta_flags & BRCMF_STA_ASSOC) {
2585                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CONNECTED_TIME);
2586                 sinfo->connected_time = le32_to_cpu(sta_info_le.in);
2587                 brcmf_fill_bss_param(ifp, sinfo);
2588         }
2589         if (sta_flags & BRCMF_STA_SCBSTATS) {
2590                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2591                 sinfo->tx_failed = le32_to_cpu(sta_info_le.tx_failures);
2592                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
2593                 sinfo->tx_packets = le32_to_cpu(sta_info_le.tx_pkts);
2594                 sinfo->tx_packets += le32_to_cpu(sta_info_le.tx_mcast_pkts);
2595                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
2596                 sinfo->rx_packets = le32_to_cpu(sta_info_le.rx_ucast_pkts);
2597                 sinfo->rx_packets += le32_to_cpu(sta_info_le.rx_mcast_pkts);
2598                 if (sinfo->tx_packets) {
2599                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2600                         sinfo->txrate.legacy =
2601                                 le32_to_cpu(sta_info_le.tx_rate) / 100;
2602                 }
2603                 if (sinfo->rx_packets) {
2604                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
2605                         sinfo->rxrate.legacy =
2606                                 le32_to_cpu(sta_info_le.rx_rate) / 100;
2607                 }
2608                 if (le16_to_cpu(sta_info_le.ver) >= 4) {
2609                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES);
2610                         sinfo->tx_bytes = le64_to_cpu(sta_info_le.tx_tot_bytes);
2611                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES);
2612                         sinfo->rx_bytes = le64_to_cpu(sta_info_le.rx_tot_bytes);
2613                 }
2614                 for (i = 0; i < BRCMF_ANT_MAX; i++) {
2615                         if (sta_info_le.rssi[i] == 0 ||
2616                             sta_info_le.rx_lastpkt_rssi[i] == 0)
2617                                 continue;
2618                         sinfo->chains |= BIT(count_rssi);
2619                         sinfo->chain_signal[count_rssi] =
2620                                 sta_info_le.rx_lastpkt_rssi[i];
2621                         sinfo->chain_signal_avg[count_rssi] =
2622                                 sta_info_le.rssi[i];
2623                         total_rssi += sta_info_le.rx_lastpkt_rssi[i];
2624                         total_rssi_avg += sta_info_le.rssi[i];
2625                         count_rssi++;
2626                 }
2627                 if (count_rssi) {
2628                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2629                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
2630                         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
2631                         sinfo->filled |=
2632                                 BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
2633                         sinfo->signal = total_rssi / count_rssi;
2634                         sinfo->signal_avg = total_rssi_avg / count_rssi;
2635                 } else if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
2636                         &ifp->vif->sme_state)) {
2637                         memset(&scb_val, 0, sizeof(scb_val));
2638                         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_RSSI,
2639                                                      &scb_val, sizeof(scb_val));
2640                         if (err) {
2641                                 brcmf_err("Could not get rssi (%d)\n", err);
2642                                 goto done;
2643                         } else {
2644                                 rssi = le32_to_cpu(scb_val.val);
2645                                 sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2646                                 sinfo->signal = rssi;
2647                                 brcmf_dbg(CONN, "RSSI %d dBm\n", rssi);
2648                         }
2649                 }
2650         }
2651 done:
2652         brcmf_dbg(TRACE, "Exit\n");
2653         return err;
2654 }
2655
2656 static int
2657 brcmf_cfg80211_dump_station(struct wiphy *wiphy, struct net_device *ndev,
2658                             int idx, u8 *mac, struct station_info *sinfo)
2659 {
2660         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2661         struct brcmf_if *ifp = netdev_priv(ndev);
2662         s32 err;
2663
2664         brcmf_dbg(TRACE, "Enter, idx %d\n", idx);
2665
2666         if (idx == 0) {
2667                 cfg->assoclist.count = cpu_to_le32(BRCMF_MAX_ASSOCLIST);
2668                 err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_ASSOCLIST,
2669                                              &cfg->assoclist,
2670                                              sizeof(cfg->assoclist));
2671                 if (err) {
2672                         brcmf_err("BRCMF_C_GET_ASSOCLIST unsupported, err=%d\n",
2673                                   err);
2674                         cfg->assoclist.count = 0;
2675                         return -EOPNOTSUPP;
2676                 }
2677         }
2678         if (idx < le32_to_cpu(cfg->assoclist.count)) {
2679                 memcpy(mac, cfg->assoclist.mac[idx], ETH_ALEN);
2680                 return brcmf_cfg80211_get_station(wiphy, ndev, mac, sinfo);
2681         }
2682         return -ENOENT;
2683 }
2684
2685 static s32
2686 brcmf_cfg80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *ndev,
2687                            bool enabled, s32 timeout)
2688 {
2689         s32 pm;
2690         s32 err = 0;
2691         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
2692         struct brcmf_if *ifp = netdev_priv(ndev);
2693
2694         brcmf_dbg(TRACE, "Enter\n");
2695
2696         /*
2697          * Powersave enable/disable request is coming from the
2698          * cfg80211 even before the interface is up. In that
2699          * scenario, driver will be storing the power save
2700          * preference in cfg struct to apply this to
2701          * FW later while initializing the dongle
2702          */
2703         cfg->pwr_save = enabled;
2704         if (!check_vif_up(ifp->vif)) {
2705
2706                 brcmf_dbg(INFO, "Device is not ready, storing the value in cfg_info struct\n");
2707                 goto done;
2708         }
2709
2710         pm = enabled ? PM_FAST : PM_OFF;
2711         /* Do not enable the power save after assoc if it is a p2p interface */
2712         if (ifp->vif->wdev.iftype == NL80211_IFTYPE_P2P_CLIENT) {
2713                 brcmf_dbg(INFO, "Do not enable power save for P2P clients\n");
2714                 pm = PM_OFF;
2715         }
2716         brcmf_dbg(INFO, "power save %s\n", (pm ? "enabled" : "disabled"));
2717
2718         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, pm);
2719         if (err) {
2720                 if (err == -ENODEV)
2721                         brcmf_err("net_device is not ready yet\n");
2722                 else
2723                         brcmf_err("error (%d)\n", err);
2724         }
2725 done:
2726         brcmf_dbg(TRACE, "Exit\n");
2727         return err;
2728 }
2729
2730 static s32 brcmf_inform_single_bss(struct brcmf_cfg80211_info *cfg,
2731                                    struct brcmf_bss_info_le *bi)
2732 {
2733         struct wiphy *wiphy = cfg_to_wiphy(cfg);
2734         struct cfg80211_bss *bss;
2735         enum nl80211_band band;
2736         struct brcmu_chan ch;
2737         u16 channel;
2738         u32 freq;
2739         u16 notify_capability;
2740         u16 notify_interval;
2741         u8 *notify_ie;
2742         size_t notify_ielen;
2743         struct cfg80211_inform_bss bss_data = {};
2744
2745         if (le32_to_cpu(bi->length) > WL_BSS_INFO_MAX) {
2746                 brcmf_err("Bss info is larger than buffer. Discarding\n");
2747                 return 0;
2748         }
2749
2750         if (!bi->ctl_ch) {
2751                 ch.chspec = le16_to_cpu(bi->chanspec);
2752                 cfg->d11inf.decchspec(&ch);
2753                 bi->ctl_ch = ch.control_ch_num;
2754         }
2755         channel = bi->ctl_ch;
2756
2757         if (channel <= CH_MAX_2G_CHANNEL)
2758                 band = NL80211_BAND_2GHZ;
2759         else
2760                 band = NL80211_BAND_5GHZ;
2761
2762         freq = ieee80211_channel_to_frequency(channel, band);
2763         bss_data.chan = ieee80211_get_channel(wiphy, freq);
2764         bss_data.scan_width = NL80211_BSS_CHAN_WIDTH_20;
2765         bss_data.boottime_ns = ktime_to_ns(ktime_get_boottime());
2766
2767         notify_capability = le16_to_cpu(bi->capability);
2768         notify_interval = le16_to_cpu(bi->beacon_period);
2769         notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
2770         notify_ielen = le32_to_cpu(bi->ie_length);
2771         bss_data.signal = (s16)le16_to_cpu(bi->RSSI) * 100;
2772
2773         brcmf_dbg(CONN, "bssid: %pM\n", bi->BSSID);
2774         brcmf_dbg(CONN, "Channel: %d(%d)\n", channel, freq);
2775         brcmf_dbg(CONN, "Capability: %X\n", notify_capability);
2776         brcmf_dbg(CONN, "Beacon interval: %d\n", notify_interval);
2777         brcmf_dbg(CONN, "Signal: %d\n", bss_data.signal);
2778
2779         bss = cfg80211_inform_bss_data(wiphy, &bss_data,
2780                                        CFG80211_BSS_FTYPE_UNKNOWN,
2781                                        (const u8 *)bi->BSSID,
2782                                        0, notify_capability,
2783                                        notify_interval, notify_ie,
2784                                        notify_ielen, GFP_KERNEL);
2785
2786         if (!bss)
2787                 return -ENOMEM;
2788
2789         cfg80211_put_bss(wiphy, bss);
2790
2791         return 0;
2792 }
2793
2794 static struct brcmf_bss_info_le *
2795 next_bss_le(struct brcmf_scan_results *list, struct brcmf_bss_info_le *bss)
2796 {
2797         if (bss == NULL)
2798                 return list->bss_info_le;
2799         return (struct brcmf_bss_info_le *)((unsigned long)bss +
2800                                             le32_to_cpu(bss->length));
2801 }
2802
2803 static s32 brcmf_inform_bss(struct brcmf_cfg80211_info *cfg)
2804 {
2805         struct brcmf_scan_results *bss_list;
2806         struct brcmf_bss_info_le *bi = NULL;    /* must be initialized */
2807         s32 err = 0;
2808         int i;
2809
2810         bss_list = (struct brcmf_scan_results *)cfg->escan_info.escan_buf;
2811         if (bss_list->count != 0 &&
2812             bss_list->version != BRCMF_BSS_INFO_VERSION) {
2813                 brcmf_err("Version %d != WL_BSS_INFO_VERSION\n",
2814                           bss_list->version);
2815                 return -EOPNOTSUPP;
2816         }
2817         brcmf_dbg(SCAN, "scanned AP count (%d)\n", bss_list->count);
2818         for (i = 0; i < bss_list->count; i++) {
2819                 bi = next_bss_le(bss_list, bi);
2820                 err = brcmf_inform_single_bss(cfg, bi);
2821                 if (err)
2822                         break;
2823         }
2824         return err;
2825 }
2826
2827 static s32 brcmf_inform_ibss(struct brcmf_cfg80211_info *cfg,
2828                              struct net_device *ndev, const u8 *bssid)
2829 {
2830         struct wiphy *wiphy = cfg_to_wiphy(cfg);
2831         struct ieee80211_channel *notify_channel;
2832         struct brcmf_bss_info_le *bi = NULL;
2833         struct ieee80211_supported_band *band;
2834         struct cfg80211_bss *bss;
2835         struct brcmu_chan ch;
2836         u8 *buf = NULL;
2837         s32 err = 0;
2838         u32 freq;
2839         u16 notify_capability;
2840         u16 notify_interval;
2841         u8 *notify_ie;
2842         size_t notify_ielen;
2843         s32 notify_signal;
2844
2845         brcmf_dbg(TRACE, "Enter\n");
2846
2847         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
2848         if (buf == NULL) {
2849                 err = -ENOMEM;
2850                 goto CleanUp;
2851         }
2852
2853         *(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
2854
2855         err = brcmf_fil_cmd_data_get(netdev_priv(ndev), BRCMF_C_GET_BSS_INFO,
2856                                      buf, WL_BSS_INFO_MAX);
2857         if (err) {
2858                 brcmf_err("WLC_GET_BSS_INFO failed: %d\n", err);
2859                 goto CleanUp;
2860         }
2861
2862         bi = (struct brcmf_bss_info_le *)(buf + 4);
2863
2864         ch.chspec = le16_to_cpu(bi->chanspec);
2865         cfg->d11inf.decchspec(&ch);
2866
2867         if (ch.band == BRCMU_CHAN_BAND_2G)
2868                 band = wiphy->bands[NL80211_BAND_2GHZ];
2869         else
2870                 band = wiphy->bands[NL80211_BAND_5GHZ];
2871
2872         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
2873         cfg->channel = freq;
2874         notify_channel = ieee80211_get_channel(wiphy, freq);
2875
2876         notify_capability = le16_to_cpu(bi->capability);
2877         notify_interval = le16_to_cpu(bi->beacon_period);
2878         notify_ie = (u8 *)bi + le16_to_cpu(bi->ie_offset);
2879         notify_ielen = le32_to_cpu(bi->ie_length);
2880         notify_signal = (s16)le16_to_cpu(bi->RSSI) * 100;
2881
2882         brcmf_dbg(CONN, "channel: %d(%d)\n", ch.control_ch_num, freq);
2883         brcmf_dbg(CONN, "capability: %X\n", notify_capability);
2884         brcmf_dbg(CONN, "beacon interval: %d\n", notify_interval);
2885         brcmf_dbg(CONN, "signal: %d\n", notify_signal);
2886
2887         bss = cfg80211_inform_bss(wiphy, notify_channel,
2888                                   CFG80211_BSS_FTYPE_UNKNOWN, bssid, 0,
2889                                   notify_capability, notify_interval,
2890                                   notify_ie, notify_ielen, notify_signal,
2891                                   GFP_KERNEL);
2892
2893         if (!bss) {
2894                 err = -ENOMEM;
2895                 goto CleanUp;
2896         }
2897
2898         cfg80211_put_bss(wiphy, bss);
2899
2900 CleanUp:
2901
2902         kfree(buf);
2903
2904         brcmf_dbg(TRACE, "Exit\n");
2905
2906         return err;
2907 }
2908
2909 static s32 brcmf_update_bss_info(struct brcmf_cfg80211_info *cfg,
2910                                  struct brcmf_if *ifp)
2911 {
2912         struct brcmf_bss_info_le *bi;
2913         const struct brcmf_tlv *tim;
2914         u16 beacon_interval;
2915         u8 dtim_period;
2916         size_t ie_len;
2917         u8 *ie;
2918         s32 err = 0;
2919
2920         brcmf_dbg(TRACE, "Enter\n");
2921         if (brcmf_is_ibssmode(ifp->vif))
2922                 return err;
2923
2924         *(__le32 *)cfg->extra_buf = cpu_to_le32(WL_EXTRA_BUF_MAX);
2925         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
2926                                      cfg->extra_buf, WL_EXTRA_BUF_MAX);
2927         if (err) {
2928                 brcmf_err("Could not get bss info %d\n", err);
2929                 goto update_bss_info_out;
2930         }
2931
2932         bi = (struct brcmf_bss_info_le *)(cfg->extra_buf + 4);
2933         err = brcmf_inform_single_bss(cfg, bi);
2934         if (err)
2935                 goto update_bss_info_out;
2936
2937         ie = ((u8 *)bi) + le16_to_cpu(bi->ie_offset);
2938         ie_len = le32_to_cpu(bi->ie_length);
2939         beacon_interval = le16_to_cpu(bi->beacon_period);
2940
2941         tim = brcmf_parse_tlvs(ie, ie_len, WLAN_EID_TIM);
2942         if (tim)
2943                 dtim_period = tim->data[1];
2944         else {
2945                 /*
2946                 * active scan was done so we could not get dtim
2947                 * information out of probe response.
2948                 * so we speficially query dtim information to dongle.
2949                 */
2950                 u32 var;
2951                 err = brcmf_fil_iovar_int_get(ifp, "dtim_assoc", &var);
2952                 if (err) {
2953                         brcmf_err("wl dtim_assoc failed (%d)\n", err);
2954                         goto update_bss_info_out;
2955                 }
2956                 dtim_period = (u8)var;
2957         }
2958
2959 update_bss_info_out:
2960         brcmf_dbg(TRACE, "Exit");
2961         return err;
2962 }
2963
2964 void brcmf_abort_scanning(struct brcmf_cfg80211_info *cfg)
2965 {
2966         struct escan_info *escan = &cfg->escan_info;
2967
2968         set_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
2969         if (cfg->int_escan_map || cfg->scan_request) {
2970                 escan->escan_state = WL_ESCAN_STATE_IDLE;
2971                 brcmf_notify_escan_complete(cfg, escan->ifp, true, true);
2972         }
2973         clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
2974         clear_bit(BRCMF_SCAN_STATUS_ABORT, &cfg->scan_status);
2975 }
2976
2977 static void brcmf_cfg80211_escan_timeout_worker(struct work_struct *work)
2978 {
2979         struct brcmf_cfg80211_info *cfg =
2980                         container_of(work, struct brcmf_cfg80211_info,
2981                                      escan_timeout_work);
2982
2983         brcmf_inform_bss(cfg);
2984         brcmf_notify_escan_complete(cfg, cfg->escan_info.ifp, true, true);
2985 }
2986
2987 static void brcmf_escan_timeout(struct timer_list *t)
2988 {
2989         struct brcmf_cfg80211_info *cfg =
2990                         from_timer(cfg, t, escan_timeout);
2991
2992         if (cfg->int_escan_map || cfg->scan_request) {
2993                 brcmf_err("timer expired\n");
2994                 schedule_work(&cfg->escan_timeout_work);
2995         }
2996 }
2997
2998 static s32
2999 brcmf_compare_update_same_bss(struct brcmf_cfg80211_info *cfg,
3000                               struct brcmf_bss_info_le *bss,
3001                               struct brcmf_bss_info_le *bss_info_le)
3002 {
3003         struct brcmu_chan ch_bss, ch_bss_info_le;
3004
3005         ch_bss.chspec = le16_to_cpu(bss->chanspec);
3006         cfg->d11inf.decchspec(&ch_bss);
3007         ch_bss_info_le.chspec = le16_to_cpu(bss_info_le->chanspec);
3008         cfg->d11inf.decchspec(&ch_bss_info_le);
3009
3010         if (!memcmp(&bss_info_le->BSSID, &bss->BSSID, ETH_ALEN) &&
3011                 ch_bss.band == ch_bss_info_le.band &&
3012                 bss_info_le->SSID_len == bss->SSID_len &&
3013                 !memcmp(bss_info_le->SSID, bss->SSID, bss_info_le->SSID_len)) {
3014                 if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) ==
3015                         (bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL)) {
3016                         s16 bss_rssi = le16_to_cpu(bss->RSSI);
3017                         s16 bss_info_rssi = le16_to_cpu(bss_info_le->RSSI);
3018
3019                         /* preserve max RSSI if the measurements are
3020                         * both on-channel or both off-channel
3021                         */
3022                         if (bss_info_rssi > bss_rssi)
3023                                 bss->RSSI = bss_info_le->RSSI;
3024                 } else if ((bss->flags & BRCMF_BSS_RSSI_ON_CHANNEL) &&
3025                         (bss_info_le->flags & BRCMF_BSS_RSSI_ON_CHANNEL) == 0) {
3026                         /* preserve the on-channel rssi measurement
3027                         * if the new measurement is off channel
3028                         */
3029                         bss->RSSI = bss_info_le->RSSI;
3030                         bss->flags |= BRCMF_BSS_RSSI_ON_CHANNEL;
3031                 }
3032                 return 1;
3033         }
3034         return 0;
3035 }
3036
3037 static s32
3038 brcmf_cfg80211_escan_handler(struct brcmf_if *ifp,
3039                              const struct brcmf_event_msg *e, void *data)
3040 {
3041         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3042         s32 status;
3043         struct brcmf_escan_result_le *escan_result_le;
3044         u32 escan_buflen;
3045         struct brcmf_bss_info_le *bss_info_le;
3046         struct brcmf_bss_info_le *bss = NULL;
3047         u32 bi_length;
3048         struct brcmf_scan_results *list;
3049         u32 i;
3050         bool aborted;
3051
3052         status = e->status;
3053
3054         if (status == BRCMF_E_STATUS_ABORT)
3055                 goto exit;
3056
3057         if (!test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3058                 brcmf_err("scan not ready, bsscfgidx=%d\n", ifp->bsscfgidx);
3059                 return -EPERM;
3060         }
3061
3062         if (status == BRCMF_E_STATUS_PARTIAL) {
3063                 brcmf_dbg(SCAN, "ESCAN Partial result\n");
3064                 if (e->datalen < sizeof(*escan_result_le)) {
3065                         brcmf_err("invalid event data length\n");
3066                         goto exit;
3067                 }
3068                 escan_result_le = (struct brcmf_escan_result_le *) data;
3069                 if (!escan_result_le) {
3070                         brcmf_err("Invalid escan result (NULL pointer)\n");
3071                         goto exit;
3072                 }
3073                 escan_buflen = le32_to_cpu(escan_result_le->buflen);
3074                 if (escan_buflen > BRCMF_ESCAN_BUF_SIZE ||
3075                     escan_buflen > e->datalen ||
3076                     escan_buflen < sizeof(*escan_result_le)) {
3077                         brcmf_err("Invalid escan buffer length: %d\n",
3078                                   escan_buflen);
3079                         goto exit;
3080                 }
3081                 if (le16_to_cpu(escan_result_le->bss_count) != 1) {
3082                         brcmf_err("Invalid bss_count %d: ignoring\n",
3083                                   escan_result_le->bss_count);
3084                         goto exit;
3085                 }
3086                 bss_info_le = &escan_result_le->bss_info_le;
3087
3088                 if (brcmf_p2p_scan_finding_common_channel(cfg, bss_info_le))
3089                         goto exit;
3090
3091                 if (!cfg->int_escan_map && !cfg->scan_request) {
3092                         brcmf_dbg(SCAN, "result without cfg80211 request\n");
3093                         goto exit;
3094                 }
3095
3096                 bi_length = le32_to_cpu(bss_info_le->length);
3097                 if (bi_length != escan_buflen - WL_ESCAN_RESULTS_FIXED_SIZE) {
3098                         brcmf_err("Ignoring invalid bss_info length: %d\n",
3099                                   bi_length);
3100                         goto exit;
3101                 }
3102
3103                 if (!(cfg_to_wiphy(cfg)->interface_modes &
3104                                         BIT(NL80211_IFTYPE_ADHOC))) {
3105                         if (le16_to_cpu(bss_info_le->capability) &
3106                                                 WLAN_CAPABILITY_IBSS) {
3107                                 brcmf_err("Ignoring IBSS result\n");
3108                                 goto exit;
3109                         }
3110                 }
3111
3112                 list = (struct brcmf_scan_results *)
3113                                 cfg->escan_info.escan_buf;
3114                 if (bi_length > BRCMF_ESCAN_BUF_SIZE - list->buflen) {
3115                         brcmf_err("Buffer is too small: ignoring\n");
3116                         goto exit;
3117                 }
3118
3119                 for (i = 0; i < list->count; i++) {
3120                         bss = bss ? (struct brcmf_bss_info_le *)
3121                                 ((unsigned char *)bss +
3122                                 le32_to_cpu(bss->length)) : list->bss_info_le;
3123                         if (brcmf_compare_update_same_bss(cfg, bss,
3124                                                           bss_info_le))
3125                                 goto exit;
3126                 }
3127                 memcpy(&cfg->escan_info.escan_buf[list->buflen], bss_info_le,
3128                        bi_length);
3129                 list->version = le32_to_cpu(bss_info_le->version);
3130                 list->buflen += bi_length;
3131                 list->count++;
3132         } else {
3133                 cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3134                 if (brcmf_p2p_scan_finding_common_channel(cfg, NULL))
3135                         goto exit;
3136                 if (cfg->int_escan_map || cfg->scan_request) {
3137                         brcmf_inform_bss(cfg);
3138                         aborted = status != BRCMF_E_STATUS_SUCCESS;
3139                         brcmf_notify_escan_complete(cfg, ifp, aborted, false);
3140                 } else
3141                         brcmf_dbg(SCAN, "Ignored scan complete result 0x%x\n",
3142                                   status);
3143         }
3144 exit:
3145         return 0;
3146 }
3147
3148 static void brcmf_init_escan(struct brcmf_cfg80211_info *cfg)
3149 {
3150         brcmf_fweh_register(cfg->pub, BRCMF_E_ESCAN_RESULT,
3151                             brcmf_cfg80211_escan_handler);
3152         cfg->escan_info.escan_state = WL_ESCAN_STATE_IDLE;
3153         /* Init scan_timeout timer */
3154         timer_setup(&cfg->escan_timeout, brcmf_escan_timeout, 0);
3155         INIT_WORK(&cfg->escan_timeout_work,
3156                   brcmf_cfg80211_escan_timeout_worker);
3157 }
3158
3159 static struct cfg80211_scan_request *
3160 brcmf_alloc_internal_escan_request(struct wiphy *wiphy, u32 n_netinfo) {
3161         struct cfg80211_scan_request *req;
3162         size_t req_size;
3163
3164         req_size = sizeof(*req) +
3165                    n_netinfo * sizeof(req->channels[0]) +
3166                    n_netinfo * sizeof(*req->ssids);
3167
3168         req = kzalloc(req_size, GFP_KERNEL);
3169         if (req) {
3170                 req->wiphy = wiphy;
3171                 req->ssids = (void *)(&req->channels[0]) +
3172                              n_netinfo * sizeof(req->channels[0]);
3173         }
3174         return req;
3175 }
3176
3177 static int brcmf_internal_escan_add_info(struct cfg80211_scan_request *req,
3178                                          u8 *ssid, u8 ssid_len, u8 channel)
3179 {
3180         struct ieee80211_channel *chan;
3181         enum nl80211_band band;
3182         int freq, i;
3183
3184         if (channel <= CH_MAX_2G_CHANNEL)
3185                 band = NL80211_BAND_2GHZ;
3186         else
3187                 band = NL80211_BAND_5GHZ;
3188
3189         freq = ieee80211_channel_to_frequency(channel, band);
3190         if (!freq)
3191                 return -EINVAL;
3192
3193         chan = ieee80211_get_channel(req->wiphy, freq);
3194         if (!chan)
3195                 return -EINVAL;
3196
3197         for (i = 0; i < req->n_channels; i++) {
3198                 if (req->channels[i] == chan)
3199                         break;
3200         }
3201         if (i == req->n_channels)
3202                 req->channels[req->n_channels++] = chan;
3203
3204         for (i = 0; i < req->n_ssids; i++) {
3205                 if (req->ssids[i].ssid_len == ssid_len &&
3206                     !memcmp(req->ssids[i].ssid, ssid, ssid_len))
3207                         break;
3208         }
3209         if (i == req->n_ssids) {
3210                 memcpy(req->ssids[req->n_ssids].ssid, ssid, ssid_len);
3211                 req->ssids[req->n_ssids++].ssid_len = ssid_len;
3212         }
3213         return 0;
3214 }
3215
3216 static int brcmf_start_internal_escan(struct brcmf_if *ifp, u32 fwmap,
3217                                       struct cfg80211_scan_request *request)
3218 {
3219         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3220         int err;
3221
3222         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status)) {
3223                 if (cfg->int_escan_map)
3224                         brcmf_dbg(SCAN, "aborting internal scan: map=%u\n",
3225                                   cfg->int_escan_map);
3226                 /* Abort any on-going scan */
3227                 brcmf_abort_scanning(cfg);
3228         }
3229
3230         brcmf_dbg(SCAN, "start internal scan: map=%u\n", fwmap);
3231         set_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3232         cfg->escan_info.run = brcmf_run_escan;
3233         err = brcmf_do_escan(ifp, request);
3234         if (err) {
3235                 clear_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status);
3236                 return err;
3237         }
3238         cfg->int_escan_map = fwmap;
3239         return 0;
3240 }
3241
3242 static struct brcmf_pno_net_info_le *
3243 brcmf_get_netinfo_array(struct brcmf_pno_scanresults_le *pfn_v1)
3244 {
3245         struct brcmf_pno_scanresults_v2_le *pfn_v2;
3246         struct brcmf_pno_net_info_le *netinfo;
3247
3248         switch (pfn_v1->version) {
3249         default:
3250                 WARN_ON(1);
3251                 /* fall-thru */
3252         case cpu_to_le32(1):
3253                 netinfo = (struct brcmf_pno_net_info_le *)(pfn_v1 + 1);
3254                 break;
3255         case cpu_to_le32(2):
3256                 pfn_v2 = (struct brcmf_pno_scanresults_v2_le *)pfn_v1;
3257                 netinfo = (struct brcmf_pno_net_info_le *)(pfn_v2 + 1);
3258                 break;
3259         }
3260
3261         return netinfo;
3262 }
3263
3264 /* PFN result doesn't have all the info which are required by the supplicant
3265  * (For e.g IEs) Do a target Escan so that sched scan results are reported
3266  * via wl_inform_single_bss in the required format. Escan does require the
3267  * scan request in the form of cfg80211_scan_request. For timebeing, create
3268  * cfg80211_scan_request one out of the received PNO event.
3269  */
3270 static s32
3271 brcmf_notify_sched_scan_results(struct brcmf_if *ifp,
3272                                 const struct brcmf_event_msg *e, void *data)
3273 {
3274         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3275         struct brcmf_pno_net_info_le *netinfo, *netinfo_start;
3276         struct cfg80211_scan_request *request = NULL;
3277         struct wiphy *wiphy = cfg_to_wiphy(cfg);
3278         int i, err = 0;
3279         struct brcmf_pno_scanresults_le *pfn_result;
3280         u32 bucket_map;
3281         u32 result_count;
3282         u32 status;
3283         u32 datalen;
3284
3285         brcmf_dbg(SCAN, "Enter\n");
3286
3287         if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3288                 brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3289                 return 0;
3290         }
3291
3292         if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3293                 brcmf_dbg(SCAN, "PFN NET LOST event. Do Nothing\n");
3294                 return 0;
3295         }
3296
3297         pfn_result = (struct brcmf_pno_scanresults_le *)data;
3298         result_count = le32_to_cpu(pfn_result->count);
3299         status = le32_to_cpu(pfn_result->status);
3300
3301         /* PFN event is limited to fit 512 bytes so we may get
3302          * multiple NET_FOUND events. For now place a warning here.
3303          */
3304         WARN_ON(status != BRCMF_PNO_SCAN_COMPLETE);
3305         brcmf_dbg(SCAN, "PFN NET FOUND event. count: %d\n", result_count);
3306         if (!result_count) {
3307                 brcmf_err("FALSE PNO Event. (pfn_count == 0)\n");
3308                 goto out_err;
3309         }
3310
3311         netinfo_start = brcmf_get_netinfo_array(pfn_result);
3312         datalen = e->datalen - ((void *)netinfo_start - (void *)pfn_result);
3313         if (datalen < result_count * sizeof(*netinfo)) {
3314                 brcmf_err("insufficient event data\n");
3315                 goto out_err;
3316         }
3317
3318         request = brcmf_alloc_internal_escan_request(wiphy,
3319                                                      result_count);
3320         if (!request) {
3321                 err = -ENOMEM;
3322                 goto out_err;
3323         }
3324
3325         bucket_map = 0;
3326         for (i = 0; i < result_count; i++) {
3327                 netinfo = &netinfo_start[i];
3328
3329                 if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3330                         netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3331                 brcmf_dbg(SCAN, "SSID:%.32s Channel:%d\n",
3332                           netinfo->SSID, netinfo->channel);
3333                 bucket_map |= brcmf_pno_get_bucket_map(cfg->pno, netinfo);
3334                 err = brcmf_internal_escan_add_info(request,
3335                                                     netinfo->SSID,
3336                                                     netinfo->SSID_len,
3337                                                     netinfo->channel);
3338                 if (err)
3339                         goto out_err;
3340         }
3341
3342         if (!bucket_map)
3343                 goto free_req;
3344
3345         err = brcmf_start_internal_escan(ifp, bucket_map, request);
3346         if (!err)
3347                 goto free_req;
3348
3349 out_err:
3350         cfg80211_sched_scan_stopped(wiphy, 0);
3351 free_req:
3352         kfree(request);
3353         return err;
3354 }
3355
3356 static int
3357 brcmf_cfg80211_sched_scan_start(struct wiphy *wiphy,
3358                                 struct net_device *ndev,
3359                                 struct cfg80211_sched_scan_request *req)
3360 {
3361         struct brcmf_if *ifp = netdev_priv(ndev);
3362         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3363
3364         brcmf_dbg(SCAN, "Enter: n_match_sets=%d n_ssids=%d\n",
3365                   req->n_match_sets, req->n_ssids);
3366
3367         if (test_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status)) {
3368                 brcmf_err("Scanning suppressed: status=%lu\n",
3369                           cfg->scan_status);
3370                 return -EAGAIN;
3371         }
3372
3373         if (req->n_match_sets <= 0) {
3374                 brcmf_dbg(SCAN, "invalid number of matchsets specified: %d\n",
3375                           req->n_match_sets);
3376                 return -EINVAL;
3377         }
3378
3379         return brcmf_pno_start_sched_scan(ifp, req);
3380 }
3381
3382 static int brcmf_cfg80211_sched_scan_stop(struct wiphy *wiphy,
3383                                           struct net_device *ndev, u64 reqid)
3384 {
3385         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3386         struct brcmf_if *ifp = netdev_priv(ndev);
3387
3388         brcmf_dbg(SCAN, "enter\n");
3389         brcmf_pno_stop_sched_scan(ifp, reqid);
3390         if (cfg->int_escan_map)
3391                 brcmf_notify_escan_complete(cfg, ifp, true, true);
3392         return 0;
3393 }
3394
3395 static __always_inline void brcmf_delay(u32 ms)
3396 {
3397         if (ms < 1000 / HZ) {
3398                 cond_resched();
3399                 mdelay(ms);
3400         } else {
3401                 msleep(ms);
3402         }
3403 }
3404
3405 static s32 brcmf_config_wowl_pattern(struct brcmf_if *ifp, u8 cmd[4],
3406                                      u8 *pattern, u32 patternsize, u8 *mask,
3407                                      u32 packet_offset)
3408 {
3409         struct brcmf_fil_wowl_pattern_le *filter;
3410         u32 masksize;
3411         u32 patternoffset;
3412         u8 *buf;
3413         u32 bufsize;
3414         s32 ret;
3415
3416         masksize = (patternsize + 7) / 8;
3417         patternoffset = sizeof(*filter) - sizeof(filter->cmd) + masksize;
3418
3419         bufsize = sizeof(*filter) + patternsize + masksize;
3420         buf = kzalloc(bufsize, GFP_KERNEL);
3421         if (!buf)
3422                 return -ENOMEM;
3423         filter = (struct brcmf_fil_wowl_pattern_le *)buf;
3424
3425         memcpy(filter->cmd, cmd, 4);
3426         filter->masksize = cpu_to_le32(masksize);
3427         filter->offset = cpu_to_le32(packet_offset);
3428         filter->patternoffset = cpu_to_le32(patternoffset);
3429         filter->patternsize = cpu_to_le32(patternsize);
3430         filter->type = cpu_to_le32(BRCMF_WOWL_PATTERN_TYPE_BITMAP);
3431
3432         if ((mask) && (masksize))
3433                 memcpy(buf + sizeof(*filter), mask, masksize);
3434         if ((pattern) && (patternsize))
3435                 memcpy(buf + sizeof(*filter) + masksize, pattern, patternsize);
3436
3437         ret = brcmf_fil_iovar_data_set(ifp, "wowl_pattern", buf, bufsize);
3438
3439         kfree(buf);
3440         return ret;
3441 }
3442
3443 static s32
3444 brcmf_wowl_nd_results(struct brcmf_if *ifp, const struct brcmf_event_msg *e,
3445                       void *data)
3446 {
3447         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
3448         struct brcmf_pno_scanresults_le *pfn_result;
3449         struct brcmf_pno_net_info_le *netinfo;
3450
3451         brcmf_dbg(SCAN, "Enter\n");
3452
3453         if (e->datalen < (sizeof(*pfn_result) + sizeof(*netinfo))) {
3454                 brcmf_dbg(SCAN, "Event data to small. Ignore\n");
3455                 return 0;
3456         }
3457
3458         pfn_result = (struct brcmf_pno_scanresults_le *)data;
3459
3460         if (e->event_code == BRCMF_E_PFN_NET_LOST) {
3461                 brcmf_dbg(SCAN, "PFN NET LOST event. Ignore\n");
3462                 return 0;
3463         }
3464
3465         if (le32_to_cpu(pfn_result->count) < 1) {
3466                 brcmf_err("Invalid result count, expected 1 (%d)\n",
3467                           le32_to_cpu(pfn_result->count));
3468                 return -EINVAL;
3469         }
3470
3471         netinfo = brcmf_get_netinfo_array(pfn_result);
3472         if (netinfo->SSID_len > IEEE80211_MAX_SSID_LEN)
3473                 netinfo->SSID_len = IEEE80211_MAX_SSID_LEN;
3474         memcpy(cfg->wowl.nd->ssid.ssid, netinfo->SSID, netinfo->SSID_len);
3475         cfg->wowl.nd->ssid.ssid_len = netinfo->SSID_len;
3476         cfg->wowl.nd->n_channels = 1;
3477         cfg->wowl.nd->channels[0] =
3478                 ieee80211_channel_to_frequency(netinfo->channel,
3479                         netinfo->channel <= CH_MAX_2G_CHANNEL ?
3480                                         NL80211_BAND_2GHZ : NL80211_BAND_5GHZ);
3481         cfg->wowl.nd_info->n_matches = 1;
3482         cfg->wowl.nd_info->matches[0] = cfg->wowl.nd;
3483
3484         /* Inform (the resume task) that the net detect information was recvd */
3485         cfg->wowl.nd_data_completed = true;
3486         wake_up(&cfg->wowl.nd_data_wait);
3487
3488         return 0;
3489 }
3490
3491 #ifdef CONFIG_PM
3492
3493 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3494 {
3495         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3496         struct brcmf_wowl_wakeind_le wake_ind_le;
3497         struct cfg80211_wowlan_wakeup wakeup_data;
3498         struct cfg80211_wowlan_wakeup *wakeup;
3499         u32 wakeind;
3500         s32 err;
3501         int timeout;
3502
3503         err = brcmf_fil_iovar_data_get(ifp, "wowl_wakeind", &wake_ind_le,
3504                                        sizeof(wake_ind_le));
3505         if (err) {
3506                 brcmf_err("Get wowl_wakeind failed, err = %d\n", err);
3507                 return;
3508         }
3509
3510         wakeind = le32_to_cpu(wake_ind_le.ucode_wakeind);
3511         if (wakeind & (BRCMF_WOWL_MAGIC | BRCMF_WOWL_DIS | BRCMF_WOWL_BCN |
3512                        BRCMF_WOWL_RETR | BRCMF_WOWL_NET |
3513                        BRCMF_WOWL_PFN_FOUND)) {
3514                 wakeup = &wakeup_data;
3515                 memset(&wakeup_data, 0, sizeof(wakeup_data));
3516                 wakeup_data.pattern_idx = -1;
3517
3518                 if (wakeind & BRCMF_WOWL_MAGIC) {
3519                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_MAGIC\n");
3520                         wakeup_data.magic_pkt = true;
3521                 }
3522                 if (wakeind & BRCMF_WOWL_DIS) {
3523                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_DIS\n");
3524                         wakeup_data.disconnect = true;
3525                 }
3526                 if (wakeind & BRCMF_WOWL_BCN) {
3527                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_BCN\n");
3528                         wakeup_data.disconnect = true;
3529                 }
3530                 if (wakeind & BRCMF_WOWL_RETR) {
3531                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_RETR\n");
3532                         wakeup_data.disconnect = true;
3533                 }
3534                 if (wakeind & BRCMF_WOWL_NET) {
3535                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_NET\n");
3536                         /* For now always map to pattern 0, no API to get
3537                          * correct information available at the moment.
3538                          */
3539                         wakeup_data.pattern_idx = 0;
3540                 }
3541                 if (wakeind & BRCMF_WOWL_PFN_FOUND) {
3542                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_PFN_FOUND\n");
3543                         timeout = wait_event_timeout(cfg->wowl.nd_data_wait,
3544                                 cfg->wowl.nd_data_completed,
3545                                 BRCMF_ND_INFO_TIMEOUT);
3546                         if (!timeout)
3547                                 brcmf_err("No result for wowl net detect\n");
3548                         else
3549                                 wakeup_data.net_detect = cfg->wowl.nd_info;
3550                 }
3551                 if (wakeind & BRCMF_WOWL_GTK_FAILURE) {
3552                         brcmf_dbg(INFO, "WOWL Wake indicator: BRCMF_WOWL_GTK_FAILURE\n");
3553                         wakeup_data.gtk_rekey_failure = true;
3554                 }
3555         } else {
3556                 wakeup = NULL;
3557         }
3558         cfg80211_report_wowlan_wakeup(&ifp->vif->wdev, wakeup, GFP_KERNEL);
3559 }
3560
3561 #else
3562
3563 static void brcmf_report_wowl_wakeind(struct wiphy *wiphy, struct brcmf_if *ifp)
3564 {
3565 }
3566
3567 #endif /* CONFIG_PM */
3568
3569 static s32 brcmf_cfg80211_resume(struct wiphy *wiphy)
3570 {
3571         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3572         struct net_device *ndev = cfg_to_ndev(cfg);
3573         struct brcmf_if *ifp = netdev_priv(ndev);
3574
3575         brcmf_dbg(TRACE, "Enter\n");
3576
3577         if (cfg->wowl.active) {
3578                 brcmf_report_wowl_wakeind(wiphy, ifp);
3579                 brcmf_fil_iovar_int_set(ifp, "wowl_clear", 0);
3580                 brcmf_config_wowl_pattern(ifp, "clr", NULL, 0, NULL, 0);
3581                 if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3582                         brcmf_configure_arp_nd_offload(ifp, true);
3583                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM,
3584                                       cfg->wowl.pre_pmmode);
3585                 cfg->wowl.active = false;
3586                 if (cfg->wowl.nd_enabled) {
3587                         brcmf_cfg80211_sched_scan_stop(cfg->wiphy, ifp->ndev, 0);
3588                         brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3589                         brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3590                                             brcmf_notify_sched_scan_results);
3591                         cfg->wowl.nd_enabled = false;
3592                 }
3593         }
3594         return 0;
3595 }
3596
3597 static void brcmf_configure_wowl(struct brcmf_cfg80211_info *cfg,
3598                                  struct brcmf_if *ifp,
3599                                  struct cfg80211_wowlan *wowl)
3600 {
3601         u32 wowl_config;
3602         struct brcmf_wowl_wakeind_le wowl_wakeind;
3603         u32 i;
3604
3605         brcmf_dbg(TRACE, "Suspend, wowl config.\n");
3606
3607         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ARP_ND))
3608                 brcmf_configure_arp_nd_offload(ifp, false);
3609         brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_PM, &cfg->wowl.pre_pmmode);
3610         brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, PM_MAX);
3611
3612         wowl_config = 0;
3613         if (wowl->disconnect)
3614                 wowl_config = BRCMF_WOWL_DIS | BRCMF_WOWL_BCN | BRCMF_WOWL_RETR;
3615         if (wowl->magic_pkt)
3616                 wowl_config |= BRCMF_WOWL_MAGIC;
3617         if ((wowl->patterns) && (wowl->n_patterns)) {
3618                 wowl_config |= BRCMF_WOWL_NET;
3619                 for (i = 0; i < wowl->n_patterns; i++) {
3620                         brcmf_config_wowl_pattern(ifp, "add",
3621                                 (u8 *)wowl->patterns[i].pattern,
3622                                 wowl->patterns[i].pattern_len,
3623                                 (u8 *)wowl->patterns[i].mask,
3624                                 wowl->patterns[i].pkt_offset);
3625                 }
3626         }
3627         if (wowl->nd_config) {
3628                 brcmf_cfg80211_sched_scan_start(cfg->wiphy, ifp->ndev,
3629                                                 wowl->nd_config);
3630                 wowl_config |= BRCMF_WOWL_PFN_FOUND;
3631
3632                 cfg->wowl.nd_data_completed = false;
3633                 cfg->wowl.nd_enabled = true;
3634                 /* Now reroute the event for PFN to the wowl function. */
3635                 brcmf_fweh_unregister(cfg->pub, BRCMF_E_PFN_NET_FOUND);
3636                 brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
3637                                     brcmf_wowl_nd_results);
3638         }
3639         if (wowl->gtk_rekey_failure)
3640                 wowl_config |= BRCMF_WOWL_GTK_FAILURE;
3641         if (!test_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state))
3642                 wowl_config |= BRCMF_WOWL_UNASSOC;
3643
3644         memcpy(&wowl_wakeind, "clear", 6);
3645         brcmf_fil_iovar_data_set(ifp, "wowl_wakeind", &wowl_wakeind,
3646                                  sizeof(wowl_wakeind));
3647         brcmf_fil_iovar_int_set(ifp, "wowl", wowl_config);
3648         brcmf_fil_iovar_int_set(ifp, "wowl_activate", 1);
3649         brcmf_bus_wowl_config(cfg->pub->bus_if, true);
3650         cfg->wowl.active = true;
3651 }
3652
3653 static s32 brcmf_cfg80211_suspend(struct wiphy *wiphy,
3654                                   struct cfg80211_wowlan *wowl)
3655 {
3656         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3657         struct net_device *ndev = cfg_to_ndev(cfg);
3658         struct brcmf_if *ifp = netdev_priv(ndev);
3659         struct brcmf_cfg80211_vif *vif;
3660
3661         brcmf_dbg(TRACE, "Enter\n");
3662
3663         /* if the primary net_device is not READY there is nothing
3664          * we can do but pray resume goes smoothly.
3665          */
3666         if (!check_vif_up(ifp->vif))
3667                 goto exit;
3668
3669         /* Stop scheduled scan */
3670         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO))
3671                 brcmf_cfg80211_sched_scan_stop(wiphy, ndev, 0);
3672
3673         /* end any scanning */
3674         if (test_bit(BRCMF_SCAN_STATUS_BUSY, &cfg->scan_status))
3675                 brcmf_abort_scanning(cfg);
3676
3677         if (wowl == NULL) {
3678                 brcmf_bus_wowl_config(cfg->pub->bus_if, false);
3679                 list_for_each_entry(vif, &cfg->vif_list, list) {
3680                         if (!test_bit(BRCMF_VIF_STATUS_READY, &vif->sme_state))
3681                                 continue;
3682                         /* While going to suspend if associated with AP
3683                          * disassociate from AP to save power while system is
3684                          * in suspended state
3685                          */
3686                         brcmf_link_down(vif, WLAN_REASON_UNSPECIFIED);
3687                         /* Make sure WPA_Supplicant receives all the event
3688                          * generated due to DISASSOC call to the fw to keep
3689                          * the state fw and WPA_Supplicant state consistent
3690                          */
3691                         brcmf_delay(500);
3692                 }
3693                 /* Configure MPC */
3694                 brcmf_set_mpc(ifp, 1);
3695
3696         } else {
3697                 /* Configure WOWL paramaters */
3698                 brcmf_configure_wowl(cfg, ifp, wowl);
3699         }
3700
3701 exit:
3702         brcmf_dbg(TRACE, "Exit\n");
3703         /* clear any scanning activity */
3704         cfg->scan_status = 0;
3705         return 0;
3706 }
3707
3708 static __used s32
3709 brcmf_update_pmklist(struct brcmf_cfg80211_info *cfg, struct brcmf_if *ifp)
3710 {
3711         struct brcmf_pmk_list_le *pmk_list;
3712         int i;
3713         u32 npmk;
3714         s32 err;
3715
3716         pmk_list = &cfg->pmk_list;
3717         npmk = le32_to_cpu(pmk_list->npmk);
3718
3719         brcmf_dbg(CONN, "No of elements %d\n", npmk);
3720         for (i = 0; i < npmk; i++)
3721                 brcmf_dbg(CONN, "PMK[%d]: %pM\n", i, &pmk_list->pmk[i].bssid);
3722
3723         err = brcmf_fil_iovar_data_set(ifp, "pmkid_info", pmk_list,
3724                                        sizeof(*pmk_list));
3725
3726         return err;
3727 }
3728
3729 static s32
3730 brcmf_cfg80211_set_pmksa(struct wiphy *wiphy, struct net_device *ndev,
3731                          struct cfg80211_pmksa *pmksa)
3732 {
3733         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3734         struct brcmf_if *ifp = netdev_priv(ndev);
3735         struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
3736         s32 err;
3737         u32 npmk, i;
3738
3739         brcmf_dbg(TRACE, "Enter\n");
3740         if (!check_vif_up(ifp->vif))
3741                 return -EIO;
3742
3743         npmk = le32_to_cpu(cfg->pmk_list.npmk);
3744         for (i = 0; i < npmk; i++)
3745                 if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
3746                         break;
3747         if (i < BRCMF_MAXPMKID) {
3748                 memcpy(pmk[i].bssid, pmksa->bssid, ETH_ALEN);
3749                 memcpy(pmk[i].pmkid, pmksa->pmkid, WLAN_PMKID_LEN);
3750                 if (i == npmk) {
3751                         npmk++;
3752                         cfg->pmk_list.npmk = cpu_to_le32(npmk);
3753                 }
3754         } else {
3755                 brcmf_err("Too many PMKSA entries cached %d\n", npmk);
3756                 return -EINVAL;
3757         }
3758
3759         brcmf_dbg(CONN, "set_pmksa - PMK bssid: %pM =\n", pmk[npmk].bssid);
3760         for (i = 0; i < WLAN_PMKID_LEN; i += 4)
3761                 brcmf_dbg(CONN, "%02x %02x %02x %02x\n", pmk[npmk].pmkid[i],
3762                           pmk[npmk].pmkid[i + 1], pmk[npmk].pmkid[i + 2],
3763                           pmk[npmk].pmkid[i + 3]);
3764
3765         err = brcmf_update_pmklist(cfg, ifp);
3766
3767         brcmf_dbg(TRACE, "Exit\n");
3768         return err;
3769 }
3770
3771 static s32
3772 brcmf_cfg80211_del_pmksa(struct wiphy *wiphy, struct net_device *ndev,
3773                          struct cfg80211_pmksa *pmksa)
3774 {
3775         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3776         struct brcmf_if *ifp = netdev_priv(ndev);
3777         struct brcmf_pmksa *pmk = &cfg->pmk_list.pmk[0];
3778         s32 err;
3779         u32 npmk, i;
3780
3781         brcmf_dbg(TRACE, "Enter\n");
3782         if (!check_vif_up(ifp->vif))
3783                 return -EIO;
3784
3785         brcmf_dbg(CONN, "del_pmksa - PMK bssid = %pM\n", pmksa->bssid);
3786
3787         npmk = le32_to_cpu(cfg->pmk_list.npmk);
3788         for (i = 0; i < npmk; i++)
3789                 if (!memcmp(pmksa->bssid, pmk[i].bssid, ETH_ALEN))
3790                         break;
3791
3792         if ((npmk > 0) && (i < npmk)) {
3793                 for (; i < (npmk - 1); i++) {
3794                         memcpy(&pmk[i].bssid, &pmk[i + 1].bssid, ETH_ALEN);
3795                         memcpy(&pmk[i].pmkid, &pmk[i + 1].pmkid,
3796                                WLAN_PMKID_LEN);
3797                 }
3798                 memset(&pmk[i], 0, sizeof(*pmk));
3799                 cfg->pmk_list.npmk = cpu_to_le32(npmk - 1);
3800         } else {
3801                 brcmf_err("Cache entry not found\n");
3802                 return -EINVAL;
3803         }
3804
3805         err = brcmf_update_pmklist(cfg, ifp);
3806
3807         brcmf_dbg(TRACE, "Exit\n");
3808         return err;
3809
3810 }
3811
3812 static s32
3813 brcmf_cfg80211_flush_pmksa(struct wiphy *wiphy, struct net_device *ndev)
3814 {
3815         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
3816         struct brcmf_if *ifp = netdev_priv(ndev);
3817         s32 err;
3818
3819         brcmf_dbg(TRACE, "Enter\n");
3820         if (!check_vif_up(ifp->vif))
3821                 return -EIO;
3822
3823         memset(&cfg->pmk_list, 0, sizeof(cfg->pmk_list));
3824         err = brcmf_update_pmklist(cfg, ifp);
3825
3826         brcmf_dbg(TRACE, "Exit\n");
3827         return err;
3828
3829 }
3830
3831 static s32 brcmf_configure_opensecurity(struct brcmf_if *ifp)
3832 {
3833         s32 err;
3834         s32 wpa_val;
3835
3836         /* set auth */
3837         err = brcmf_fil_bsscfg_int_set(ifp, "auth", 0);
3838         if (err < 0) {
3839                 brcmf_err("auth error %d\n", err);
3840                 return err;
3841         }
3842         /* set wsec */
3843         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", 0);
3844         if (err < 0) {
3845                 brcmf_err("wsec error %d\n", err);
3846                 return err;
3847         }
3848         /* set upper-layer auth */
3849         if (brcmf_is_ibssmode(ifp->vif))
3850                 wpa_val = WPA_AUTH_NONE;
3851         else
3852                 wpa_val = WPA_AUTH_DISABLED;
3853         err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_val);
3854         if (err < 0) {
3855                 brcmf_err("wpa_auth error %d\n", err);
3856                 return err;
3857         }
3858
3859         return 0;
3860 }
3861
3862 static bool brcmf_valid_wpa_oui(u8 *oui, bool is_rsn_ie)
3863 {
3864         if (is_rsn_ie)
3865                 return (memcmp(oui, RSN_OUI, TLV_OUI_LEN) == 0);
3866
3867         return (memcmp(oui, WPA_OUI, TLV_OUI_LEN) == 0);
3868 }
3869
3870 static s32
3871 brcmf_configure_wpaie(struct brcmf_if *ifp,
3872                       const struct brcmf_vs_tlv *wpa_ie,
3873                       bool is_rsn_ie)
3874 {
3875         u32 auth = 0; /* d11 open authentication */
3876         u16 count;
3877         s32 err = 0;
3878         s32 len;
3879         u32 i;
3880         u32 wsec;
3881         u32 pval = 0;
3882         u32 gval = 0;
3883         u32 wpa_auth = 0;
3884         u32 offset;
3885         u8 *data;
3886         u16 rsn_cap;
3887         u32 wme_bss_disable;
3888         u32 mfp;
3889
3890         brcmf_dbg(TRACE, "Enter\n");
3891         if (wpa_ie == NULL)
3892                 goto exit;
3893
3894         len = wpa_ie->len + TLV_HDR_LEN;
3895         data = (u8 *)wpa_ie;
3896         offset = TLV_HDR_LEN;
3897         if (!is_rsn_ie)
3898                 offset += VS_IE_FIXED_HDR_LEN;
3899         else
3900                 offset += WPA_IE_VERSION_LEN;
3901
3902         /* check for multicast cipher suite */
3903         if (offset + WPA_IE_MIN_OUI_LEN > len) {
3904                 err = -EINVAL;
3905                 brcmf_err("no multicast cipher suite\n");
3906                 goto exit;
3907         }
3908
3909         if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
3910                 err = -EINVAL;
3911                 brcmf_err("ivalid OUI\n");
3912                 goto exit;
3913         }
3914         offset += TLV_OUI_LEN;
3915
3916         /* pick up multicast cipher */
3917         switch (data[offset]) {
3918         case WPA_CIPHER_NONE:
3919                 gval = 0;
3920                 break;
3921         case WPA_CIPHER_WEP_40:
3922         case WPA_CIPHER_WEP_104:
3923                 gval = WEP_ENABLED;
3924                 break;
3925         case WPA_CIPHER_TKIP:
3926                 gval = TKIP_ENABLED;
3927                 break;
3928         case WPA_CIPHER_AES_CCM:
3929                 gval = AES_ENABLED;
3930                 break;
3931         default:
3932                 err = -EINVAL;
3933                 brcmf_err("Invalid multi cast cipher info\n");
3934                 goto exit;
3935         }
3936
3937         offset++;
3938         /* walk thru unicast cipher list and pick up what we recognize */
3939         count = data[offset] + (data[offset + 1] << 8);
3940         offset += WPA_IE_SUITE_COUNT_LEN;
3941         /* Check for unicast suite(s) */
3942         if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
3943                 err = -EINVAL;
3944                 brcmf_err("no unicast cipher suite\n");
3945                 goto exit;
3946         }
3947         for (i = 0; i < count; i++) {
3948                 if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
3949                         err = -EINVAL;
3950                         brcmf_err("ivalid OUI\n");
3951                         goto exit;
3952                 }
3953                 offset += TLV_OUI_LEN;
3954                 switch (data[offset]) {
3955                 case WPA_CIPHER_NONE:
3956                         break;
3957                 case WPA_CIPHER_WEP_40:
3958                 case WPA_CIPHER_WEP_104:
3959                         pval |= WEP_ENABLED;
3960                         break;
3961                 case WPA_CIPHER_TKIP:
3962                         pval |= TKIP_ENABLED;
3963                         break;
3964                 case WPA_CIPHER_AES_CCM:
3965                         pval |= AES_ENABLED;
3966                         break;
3967                 default:
3968                         brcmf_err("Invalid unicast security info\n");
3969                 }
3970                 offset++;
3971         }
3972         /* walk thru auth management suite list and pick up what we recognize */
3973         count = data[offset] + (data[offset + 1] << 8);
3974         offset += WPA_IE_SUITE_COUNT_LEN;
3975         /* Check for auth key management suite(s) */
3976         if (offset + (WPA_IE_MIN_OUI_LEN * count) > len) {
3977                 err = -EINVAL;
3978                 brcmf_err("no auth key mgmt suite\n");
3979                 goto exit;
3980         }
3981         for (i = 0; i < count; i++) {
3982                 if (!brcmf_valid_wpa_oui(&data[offset], is_rsn_ie)) {
3983                         err = -EINVAL;
3984                         brcmf_err("ivalid OUI\n");
3985                         goto exit;
3986                 }
3987                 offset += TLV_OUI_LEN;
3988                 switch (data[offset]) {
3989                 case RSN_AKM_NONE:
3990                         brcmf_dbg(TRACE, "RSN_AKM_NONE\n");
3991                         wpa_auth |= WPA_AUTH_NONE;
3992                         break;
3993                 case RSN_AKM_UNSPECIFIED:
3994                         brcmf_dbg(TRACE, "RSN_AKM_UNSPECIFIED\n");
3995                         is_rsn_ie ? (wpa_auth |= WPA2_AUTH_UNSPECIFIED) :
3996                                     (wpa_auth |= WPA_AUTH_UNSPECIFIED);
3997                         break;
3998                 case RSN_AKM_PSK:
3999                         brcmf_dbg(TRACE, "RSN_AKM_PSK\n");
4000                         is_rsn_ie ? (wpa_auth |= WPA2_AUTH_PSK) :
4001                                     (wpa_auth |= WPA_AUTH_PSK);
4002                         break;
4003                 case RSN_AKM_SHA256_PSK:
4004                         brcmf_dbg(TRACE, "RSN_AKM_MFP_PSK\n");
4005                         wpa_auth |= WPA2_AUTH_PSK_SHA256;
4006                         break;
4007                 case RSN_AKM_SHA256_1X:
4008                         brcmf_dbg(TRACE, "RSN_AKM_MFP_1X\n");
4009                         wpa_auth |= WPA2_AUTH_1X_SHA256;
4010                         break;
4011                 default:
4012                         brcmf_err("Invalid key mgmt info\n");
4013                 }
4014                 offset++;
4015         }
4016
4017         mfp = BRCMF_MFP_NONE;
4018         if (is_rsn_ie) {
4019                 wme_bss_disable = 1;
4020                 if ((offset + RSN_CAP_LEN) <= len) {
4021                         rsn_cap = data[offset] + (data[offset + 1] << 8);
4022                         if (rsn_cap & RSN_CAP_PTK_REPLAY_CNTR_MASK)
4023                                 wme_bss_disable = 0;
4024                         if (rsn_cap & RSN_CAP_MFPR_MASK) {
4025                                 brcmf_dbg(TRACE, "MFP Required\n");
4026                                 mfp = BRCMF_MFP_REQUIRED;
4027                                 /* Firmware only supports mfp required in
4028                                  * combination with WPA2_AUTH_PSK_SHA256 or
4029                                  * WPA2_AUTH_1X_SHA256.
4030                                  */
4031                                 if (!(wpa_auth & (WPA2_AUTH_PSK_SHA256 |
4032                                                   WPA2_AUTH_1X_SHA256))) {
4033                                         err = -EINVAL;
4034                                         goto exit;
4035                                 }
4036                                 /* Firmware has requirement that WPA2_AUTH_PSK/
4037                                  * WPA2_AUTH_UNSPECIFIED be set, if SHA256 OUI
4038                                  * is to be included in the rsn ie.
4039                                  */
4040                                 if (wpa_auth & WPA2_AUTH_PSK_SHA256)
4041                                         wpa_auth |= WPA2_AUTH_PSK;
4042                                 else if (wpa_auth & WPA2_AUTH_1X_SHA256)
4043                                         wpa_auth |= WPA2_AUTH_UNSPECIFIED;
4044                         } else if (rsn_cap & RSN_CAP_MFPC_MASK) {
4045                                 brcmf_dbg(TRACE, "MFP Capable\n");
4046                                 mfp = BRCMF_MFP_CAPABLE;
4047                         }
4048                 }
4049                 offset += RSN_CAP_LEN;
4050                 /* set wme_bss_disable to sync RSN Capabilities */
4051                 err = brcmf_fil_bsscfg_int_set(ifp, "wme_bss_disable",
4052                                                wme_bss_disable);
4053                 if (err < 0) {
4054                         brcmf_err("wme_bss_disable error %d\n", err);
4055                         goto exit;
4056                 }
4057
4058                 /* Skip PMKID cnt as it is know to be 0 for AP. */
4059                 offset += RSN_PMKID_COUNT_LEN;
4060
4061                 /* See if there is BIP wpa suite left for MFP */
4062                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP) &&
4063                     ((offset + WPA_IE_MIN_OUI_LEN) <= len)) {
4064                         err = brcmf_fil_bsscfg_data_set(ifp, "bip",
4065                                                         &data[offset],
4066                                                         WPA_IE_MIN_OUI_LEN);
4067                         if (err < 0) {
4068                                 brcmf_err("bip error %d\n", err);
4069                                 goto exit;
4070                         }
4071                 }
4072         }
4073         /* FOR WPS , set SES_OW_ENABLED */
4074         wsec = (pval | gval | SES_OW_ENABLED);
4075
4076         /* set auth */
4077         err = brcmf_fil_bsscfg_int_set(ifp, "auth", auth);
4078         if (err < 0) {
4079                 brcmf_err("auth error %d\n", err);
4080                 goto exit;
4081         }
4082         /* set wsec */
4083         err = brcmf_fil_bsscfg_int_set(ifp, "wsec", wsec);
4084         if (err < 0) {
4085                 brcmf_err("wsec error %d\n", err);
4086                 goto exit;
4087         }
4088         /* Configure MFP, this needs to go after wsec otherwise the wsec command
4089          * will overwrite the values set by MFP
4090          */
4091         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP)) {
4092                 err = brcmf_fil_bsscfg_int_set(ifp, "mfp", mfp);
4093                 if (err < 0) {
4094                         brcmf_err("mfp error %d\n", err);
4095                         goto exit;
4096                 }
4097         }
4098         /* set upper-layer auth */
4099         err = brcmf_fil_bsscfg_int_set(ifp, "wpa_auth", wpa_auth);
4100         if (err < 0) {
4101                 brcmf_err("wpa_auth error %d\n", err);
4102                 goto exit;
4103         }
4104
4105 exit:
4106         return err;
4107 }
4108
4109 static s32
4110 brcmf_parse_vndr_ies(const u8 *vndr_ie_buf, u32 vndr_ie_len,
4111                      struct parsed_vndr_ies *vndr_ies)
4112 {
4113         struct brcmf_vs_tlv *vndrie;
4114         struct brcmf_tlv *ie;
4115         struct parsed_vndr_ie_info *parsed_info;
4116         s32 remaining_len;
4117
4118         remaining_len = (s32)vndr_ie_len;
4119         memset(vndr_ies, 0, sizeof(*vndr_ies));
4120
4121         ie = (struct brcmf_tlv *)vndr_ie_buf;
4122         while (ie) {
4123                 if (ie->id != WLAN_EID_VENDOR_SPECIFIC)
4124                         goto next;
4125                 vndrie = (struct brcmf_vs_tlv *)ie;
4126                 /* len should be bigger than OUI length + one */
4127                 if (vndrie->len < (VS_IE_FIXED_HDR_LEN - TLV_HDR_LEN + 1)) {
4128                         brcmf_err("invalid vndr ie. length is too small %d\n",
4129                                   vndrie->len);
4130                         goto next;
4131                 }
4132                 /* if wpa or wme ie, do not add ie */
4133                 if (!memcmp(vndrie->oui, (u8 *)WPA_OUI, TLV_OUI_LEN) &&
4134                     ((vndrie->oui_type == WPA_OUI_TYPE) ||
4135                     (vndrie->oui_type == WME_OUI_TYPE))) {
4136                         brcmf_dbg(TRACE, "Found WPA/WME oui. Do not add it\n");
4137                         goto next;
4138                 }
4139
4140                 parsed_info = &vndr_ies->ie_info[vndr_ies->count];
4141
4142                 /* save vndr ie information */
4143                 parsed_info->ie_ptr = (char *)vndrie;
4144                 parsed_info->ie_len = vndrie->len + TLV_HDR_LEN;
4145                 memcpy(&parsed_info->vndrie, vndrie, sizeof(*vndrie));
4146
4147                 vndr_ies->count++;
4148
4149                 brcmf_dbg(TRACE, "** OUI %02x %02x %02x, type 0x%02x\n",
4150                           parsed_info->vndrie.oui[0],
4151                           parsed_info->vndrie.oui[1],
4152                           parsed_info->vndrie.oui[2],
4153                           parsed_info->vndrie.oui_type);
4154
4155                 if (vndr_ies->count >= VNDR_IE_PARSE_LIMIT)
4156                         break;
4157 next:
4158                 remaining_len -= (ie->len + TLV_HDR_LEN);
4159                 if (remaining_len <= TLV_HDR_LEN)
4160                         ie = NULL;
4161                 else
4162                         ie = (struct brcmf_tlv *)(((u8 *)ie) + ie->len +
4163                                 TLV_HDR_LEN);
4164         }
4165         return 0;
4166 }
4167
4168 static u32
4169 brcmf_vndr_ie(u8 *iebuf, s32 pktflag, u8 *ie_ptr, u32 ie_len, s8 *add_del_cmd)
4170 {
4171
4172         strncpy(iebuf, add_del_cmd, VNDR_IE_CMD_LEN - 1);
4173         iebuf[VNDR_IE_CMD_LEN - 1] = '\0';
4174
4175         put_unaligned_le32(1, &iebuf[VNDR_IE_COUNT_OFFSET]);
4176
4177         put_unaligned_le32(pktflag, &iebuf[VNDR_IE_PKTFLAG_OFFSET]);
4178
4179         memcpy(&iebuf[VNDR_IE_VSIE_OFFSET], ie_ptr, ie_len);
4180
4181         return ie_len + VNDR_IE_HDR_SIZE;
4182 }
4183
4184 s32 brcmf_vif_set_mgmt_ie(struct brcmf_cfg80211_vif *vif, s32 pktflag,
4185                           const u8 *vndr_ie_buf, u32 vndr_ie_len)
4186 {
4187         struct brcmf_if *ifp;
4188         struct vif_saved_ie *saved_ie;
4189         s32 err = 0;
4190         u8  *iovar_ie_buf;
4191         u8  *curr_ie_buf;
4192         u8  *mgmt_ie_buf = NULL;
4193         int mgmt_ie_buf_len;
4194         u32 *mgmt_ie_len;
4195         u32 del_add_ie_buf_len = 0;
4196         u32 total_ie_buf_len = 0;
4197         u32 parsed_ie_buf_len = 0;
4198         struct parsed_vndr_ies old_vndr_ies;
4199         struct parsed_vndr_ies new_vndr_ies;
4200         struct parsed_vndr_ie_info *vndrie_info;
4201         s32 i;
4202         u8 *ptr;
4203         int remained_buf_len;
4204
4205         if (!vif)
4206                 return -ENODEV;
4207         ifp = vif->ifp;
4208         saved_ie = &vif->saved_ie;
4209
4210         brcmf_dbg(TRACE, "bsscfgidx %d, pktflag : 0x%02X\n", ifp->bsscfgidx,
4211                   pktflag);
4212         iovar_ie_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
4213         if (!iovar_ie_buf)
4214                 return -ENOMEM;
4215         curr_ie_buf = iovar_ie_buf;
4216         switch (pktflag) {
4217         case BRCMF_VNDR_IE_PRBREQ_FLAG:
4218                 mgmt_ie_buf = saved_ie->probe_req_ie;
4219                 mgmt_ie_len = &saved_ie->probe_req_ie_len;
4220                 mgmt_ie_buf_len = sizeof(saved_ie->probe_req_ie);
4221                 break;
4222         case BRCMF_VNDR_IE_PRBRSP_FLAG:
4223                 mgmt_ie_buf = saved_ie->probe_res_ie;
4224                 mgmt_ie_len = &saved_ie->probe_res_ie_len;
4225                 mgmt_ie_buf_len = sizeof(saved_ie->probe_res_ie);
4226                 break;
4227         case BRCMF_VNDR_IE_BEACON_FLAG:
4228                 mgmt_ie_buf = saved_ie->beacon_ie;
4229                 mgmt_ie_len = &saved_ie->beacon_ie_len;
4230                 mgmt_ie_buf_len = sizeof(saved_ie->beacon_ie);
4231                 break;
4232         case BRCMF_VNDR_IE_ASSOCREQ_FLAG:
4233                 mgmt_ie_buf = saved_ie->assoc_req_ie;
4234                 mgmt_ie_len = &saved_ie->assoc_req_ie_len;
4235                 mgmt_ie_buf_len = sizeof(saved_ie->assoc_req_ie);
4236                 break;
4237         default:
4238                 err = -EPERM;
4239                 brcmf_err("not suitable type\n");
4240                 goto exit;
4241         }
4242
4243         if (vndr_ie_len > mgmt_ie_buf_len) {
4244                 err = -ENOMEM;
4245                 brcmf_err("extra IE size too big\n");
4246                 goto exit;
4247         }
4248
4249         /* parse and save new vndr_ie in curr_ie_buff before comparing it */
4250         if (vndr_ie_buf && vndr_ie_len && curr_ie_buf) {
4251                 ptr = curr_ie_buf;
4252                 brcmf_parse_vndr_ies(vndr_ie_buf, vndr_ie_len, &new_vndr_ies);
4253                 for (i = 0; i < new_vndr_ies.count; i++) {
4254                         vndrie_info = &new_vndr_ies.ie_info[i];
4255                         memcpy(ptr + parsed_ie_buf_len, vndrie_info->ie_ptr,
4256                                vndrie_info->ie_len);
4257                         parsed_ie_buf_len += vndrie_info->ie_len;
4258                 }
4259         }
4260
4261         if (mgmt_ie_buf && *mgmt_ie_len) {
4262                 if (parsed_ie_buf_len && (parsed_ie_buf_len == *mgmt_ie_len) &&
4263                     (memcmp(mgmt_ie_buf, curr_ie_buf,
4264                             parsed_ie_buf_len) == 0)) {
4265                         brcmf_dbg(TRACE, "Previous mgmt IE equals to current IE\n");
4266                         goto exit;
4267                 }
4268
4269                 /* parse old vndr_ie */
4270                 brcmf_parse_vndr_ies(mgmt_ie_buf, *mgmt_ie_len, &old_vndr_ies);
4271
4272                 /* make a command to delete old ie */
4273                 for (i = 0; i < old_vndr_ies.count; i++) {
4274                         vndrie_info = &old_vndr_ies.ie_info[i];
4275
4276                         brcmf_dbg(TRACE, "DEL ID : %d, Len: %d , OUI:%02x:%02x:%02x\n",
4277                                   vndrie_info->vndrie.id,
4278                                   vndrie_info->vndrie.len,
4279                                   vndrie_info->vndrie.oui[0],
4280                                   vndrie_info->vndrie.oui[1],
4281                                   vndrie_info->vndrie.oui[2]);
4282
4283                         del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4284                                                            vndrie_info->ie_ptr,
4285                                                            vndrie_info->ie_len,
4286                                                            "del");
4287                         curr_ie_buf += del_add_ie_buf_len;
4288                         total_ie_buf_len += del_add_ie_buf_len;
4289                 }
4290         }
4291
4292         *mgmt_ie_len = 0;
4293         /* Add if there is any extra IE */
4294         if (mgmt_ie_buf && parsed_ie_buf_len) {
4295                 ptr = mgmt_ie_buf;
4296
4297                 remained_buf_len = mgmt_ie_buf_len;
4298
4299                 /* make a command to add new ie */
4300                 for (i = 0; i < new_vndr_ies.count; i++) {
4301                         vndrie_info = &new_vndr_ies.ie_info[i];
4302
4303                         /* verify remained buf size before copy data */
4304                         if (remained_buf_len < (vndrie_info->vndrie.len +
4305                                                         VNDR_IE_VSIE_OFFSET)) {
4306                                 brcmf_err("no space in mgmt_ie_buf: len left %d",
4307                                           remained_buf_len);
4308                                 break;
4309                         }
4310                         remained_buf_len -= (vndrie_info->ie_len +
4311                                              VNDR_IE_VSIE_OFFSET);
4312
4313                         brcmf_dbg(TRACE, "ADDED ID : %d, Len: %d, OUI:%02x:%02x:%02x\n",
4314                                   vndrie_info->vndrie.id,
4315                                   vndrie_info->vndrie.len,
4316                                   vndrie_info->vndrie.oui[0],
4317                                   vndrie_info->vndrie.oui[1],
4318                                   vndrie_info->vndrie.oui[2]);
4319
4320                         del_add_ie_buf_len = brcmf_vndr_ie(curr_ie_buf, pktflag,
4321                                                            vndrie_info->ie_ptr,
4322                                                            vndrie_info->ie_len,
4323                                                            "add");
4324
4325                         /* save the parsed IE in wl struct */
4326                         memcpy(ptr + (*mgmt_ie_len), vndrie_info->ie_ptr,
4327                                vndrie_info->ie_len);
4328                         *mgmt_ie_len += vndrie_info->ie_len;
4329
4330                         curr_ie_buf += del_add_ie_buf_len;
4331                         total_ie_buf_len += del_add_ie_buf_len;
4332                 }
4333         }
4334         if (total_ie_buf_len) {
4335                 err  = brcmf_fil_bsscfg_data_set(ifp, "vndr_ie", iovar_ie_buf,
4336                                                  total_ie_buf_len);
4337                 if (err)
4338                         brcmf_err("vndr ie set error : %d\n", err);
4339         }
4340
4341 exit:
4342         kfree(iovar_ie_buf);
4343         return err;
4344 }
4345
4346 s32 brcmf_vif_clear_mgmt_ies(struct brcmf_cfg80211_vif *vif)
4347 {
4348         s32 pktflags[] = {
4349                 BRCMF_VNDR_IE_PRBREQ_FLAG,
4350                 BRCMF_VNDR_IE_PRBRSP_FLAG,
4351                 BRCMF_VNDR_IE_BEACON_FLAG
4352         };
4353         int i;
4354
4355         for (i = 0; i < ARRAY_SIZE(pktflags); i++)
4356                 brcmf_vif_set_mgmt_ie(vif, pktflags[i], NULL, 0);
4357
4358         memset(&vif->saved_ie, 0, sizeof(vif->saved_ie));
4359         return 0;
4360 }
4361
4362 static s32
4363 brcmf_config_ap_mgmt_ie(struct brcmf_cfg80211_vif *vif,
4364                         struct cfg80211_beacon_data *beacon)
4365 {
4366         s32 err;
4367
4368         /* Set Beacon IEs to FW */
4369         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_BEACON_FLAG,
4370                                     beacon->tail, beacon->tail_len);
4371         if (err) {
4372                 brcmf_err("Set Beacon IE Failed\n");
4373                 return err;
4374         }
4375         brcmf_dbg(TRACE, "Applied Vndr IEs for Beacon\n");
4376
4377         /* Set Probe Response IEs to FW */
4378         err = brcmf_vif_set_mgmt_ie(vif, BRCMF_VNDR_IE_PRBRSP_FLAG,
4379                                     beacon->proberesp_ies,
4380                                     beacon->proberesp_ies_len);
4381         if (err)
4382                 brcmf_err("Set Probe Resp IE Failed\n");
4383         else
4384                 brcmf_dbg(TRACE, "Applied Vndr IEs for Probe Resp\n");
4385
4386         return err;
4387 }
4388
4389 static s32
4390 brcmf_cfg80211_start_ap(struct wiphy *wiphy, struct net_device *ndev,
4391                         struct cfg80211_ap_settings *settings)
4392 {
4393         s32 ie_offset;
4394         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4395         struct brcmf_if *ifp = netdev_priv(ndev);
4396         const struct brcmf_tlv *ssid_ie;
4397         const struct brcmf_tlv *country_ie;
4398         struct brcmf_ssid_le ssid_le;
4399         s32 err = -EPERM;
4400         const struct brcmf_tlv *rsn_ie;
4401         const struct brcmf_vs_tlv *wpa_ie;
4402         struct brcmf_join_params join_params;
4403         enum nl80211_iftype dev_role;
4404         struct brcmf_fil_bss_enable_le bss_enable;
4405         u16 chanspec = chandef_to_chanspec(&cfg->d11inf, &settings->chandef);
4406         bool mbss;
4407         int is_11d;
4408         bool supports_11d;
4409
4410         brcmf_dbg(TRACE, "ctrlchn=%d, center=%d, bw=%d, beacon_interval=%d, dtim_period=%d,\n",
4411                   settings->chandef.chan->hw_value,
4412                   settings->chandef.center_freq1, settings->chandef.width,
4413                   settings->beacon_interval, settings->dtim_period);
4414         brcmf_dbg(TRACE, "ssid=%s(%zu), auth_type=%d, inactivity_timeout=%d\n",
4415                   settings->ssid, settings->ssid_len, settings->auth_type,
4416                   settings->inactivity_timeout);
4417         dev_role = ifp->vif->wdev.iftype;
4418         mbss = ifp->vif->mbss;
4419
4420         /* store current 11d setting */
4421         if (brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_REGULATORY,
4422                                   &ifp->vif->is_11d)) {
4423                 is_11d = supports_11d = false;
4424         } else {
4425                 country_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4426                                               settings->beacon.tail_len,
4427                                               WLAN_EID_COUNTRY);
4428                 is_11d = country_ie ? 1 : 0;
4429                 supports_11d = true;
4430         }
4431
4432         memset(&ssid_le, 0, sizeof(ssid_le));
4433         if (settings->ssid == NULL || settings->ssid_len == 0) {
4434                 ie_offset = DOT11_MGMT_HDR_LEN + DOT11_BCN_PRB_FIXED_LEN;
4435                 ssid_ie = brcmf_parse_tlvs(
4436                                 (u8 *)&settings->beacon.head[ie_offset],
4437                                 settings->beacon.head_len - ie_offset,
4438                                 WLAN_EID_SSID);
4439                 if (!ssid_ie || ssid_ie->len > IEEE80211_MAX_SSID_LEN)
4440                         return -EINVAL;
4441
4442                 memcpy(ssid_le.SSID, ssid_ie->data, ssid_ie->len);
4443                 ssid_le.SSID_len = cpu_to_le32(ssid_ie->len);
4444                 brcmf_dbg(TRACE, "SSID is (%s) in Head\n", ssid_le.SSID);
4445         } else {
4446                 memcpy(ssid_le.SSID, settings->ssid, settings->ssid_len);
4447                 ssid_le.SSID_len = cpu_to_le32((u32)settings->ssid_len);
4448         }
4449
4450         if (!mbss) {
4451                 brcmf_set_mpc(ifp, 0);
4452                 brcmf_configure_arp_nd_offload(ifp, false);
4453         }
4454
4455         /* find the RSN_IE */
4456         rsn_ie = brcmf_parse_tlvs((u8 *)settings->beacon.tail,
4457                                   settings->beacon.tail_len, WLAN_EID_RSN);
4458
4459         /* find the WPA_IE */
4460         wpa_ie = brcmf_find_wpaie((u8 *)settings->beacon.tail,
4461                                   settings->beacon.tail_len);
4462
4463         if ((wpa_ie != NULL || rsn_ie != NULL)) {
4464                 brcmf_dbg(TRACE, "WPA(2) IE is found\n");
4465                 if (wpa_ie != NULL) {
4466                         /* WPA IE */
4467                         err = brcmf_configure_wpaie(ifp, wpa_ie, false);
4468                         if (err < 0)
4469                                 goto exit;
4470                 } else {
4471                         struct brcmf_vs_tlv *tmp_ie;
4472
4473                         tmp_ie = (struct brcmf_vs_tlv *)rsn_ie;
4474
4475                         /* RSN IE */
4476                         err = brcmf_configure_wpaie(ifp, tmp_ie, true);
4477                         if (err < 0)
4478                                 goto exit;
4479                 }
4480         } else {
4481                 brcmf_dbg(TRACE, "No WPA(2) IEs found\n");
4482                 brcmf_configure_opensecurity(ifp);
4483         }
4484
4485         /* Parameters shared by all radio interfaces */
4486         if (!mbss) {
4487                 if ((supports_11d) && (is_11d != ifp->vif->is_11d)) {
4488                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4489                                                     is_11d);
4490                         if (err < 0) {
4491                                 brcmf_err("Regulatory Set Error, %d\n", err);
4492                                 goto exit;
4493                         }
4494                 }
4495                 if (settings->beacon_interval) {
4496                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_BCNPRD,
4497                                                     settings->beacon_interval);
4498                         if (err < 0) {
4499                                 brcmf_err("Beacon Interval Set Error, %d\n",
4500                                           err);
4501                                 goto exit;
4502                         }
4503                 }
4504                 if (settings->dtim_period) {
4505                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_DTIMPRD,
4506                                                     settings->dtim_period);
4507                         if (err < 0) {
4508                                 brcmf_err("DTIM Interval Set Error, %d\n", err);
4509                                 goto exit;
4510                         }
4511                 }
4512
4513                 if ((dev_role == NL80211_IFTYPE_AP) &&
4514                     ((ifp->ifidx == 0) ||
4515                      !brcmf_feat_is_enabled(ifp, BRCMF_FEAT_RSDB))) {
4516                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4517                         if (err < 0) {
4518                                 brcmf_err("BRCMF_C_DOWN error %d\n", err);
4519                                 goto exit;
4520                         }
4521                         brcmf_fil_iovar_int_set(ifp, "apsta", 0);
4522                 }
4523
4524                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_INFRA, 1);
4525                 if (err < 0) {
4526                         brcmf_err("SET INFRA error %d\n", err);
4527                         goto exit;
4528                 }
4529         } else if (WARN_ON(supports_11d && (is_11d != ifp->vif->is_11d))) {
4530                 /* Multiple-BSS should use same 11d configuration */
4531                 err = -EINVAL;
4532                 goto exit;
4533         }
4534
4535         /* Interface specific setup */
4536         if (dev_role == NL80211_IFTYPE_AP) {
4537                 if ((brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS)) && (!mbss))
4538                         brcmf_fil_iovar_int_set(ifp, "mbss", 1);
4539
4540                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 1);
4541                 if (err < 0) {
4542                         brcmf_err("setting AP mode failed %d\n", err);
4543                         goto exit;
4544                 }
4545                 if (!mbss) {
4546                         /* Firmware 10.x requires setting channel after enabling
4547                          * AP and before bringing interface up.
4548                          */
4549                         err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4550                         if (err < 0) {
4551                                 brcmf_err("Set Channel failed: chspec=%d, %d\n",
4552                                           chanspec, err);
4553                                 goto exit;
4554                         }
4555                 }
4556                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4557                 if (err < 0) {
4558                         brcmf_err("BRCMF_C_UP error (%d)\n", err);
4559                         goto exit;
4560                 }
4561                 /* On DOWN the firmware removes the WEP keys, reconfigure
4562                  * them if they were set.
4563                  */
4564                 brcmf_cfg80211_reconfigure_wep(ifp);
4565
4566                 memset(&join_params, 0, sizeof(join_params));
4567                 /* join parameters starts with ssid */
4568                 memcpy(&join_params.ssid_le, &ssid_le, sizeof(ssid_le));
4569                 /* create softap */
4570                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4571                                              &join_params, sizeof(join_params));
4572                 if (err < 0) {
4573                         brcmf_err("SET SSID error (%d)\n", err);
4574                         goto exit;
4575                 }
4576
4577                 if (settings->hidden_ssid) {
4578                         err = brcmf_fil_iovar_int_set(ifp, "closednet", 1);
4579                         if (err) {
4580                                 brcmf_err("closednet error (%d)\n", err);
4581                                 goto exit;
4582                         }
4583                 }
4584
4585                 brcmf_dbg(TRACE, "AP mode configuration complete\n");
4586         } else if (dev_role == NL80211_IFTYPE_P2P_GO) {
4587                 err = brcmf_fil_iovar_int_set(ifp, "chanspec", chanspec);
4588                 if (err < 0) {
4589                         brcmf_err("Set Channel failed: chspec=%d, %d\n",
4590                                   chanspec, err);
4591                         goto exit;
4592                 }
4593                 err = brcmf_fil_bsscfg_data_set(ifp, "ssid", &ssid_le,
4594                                                 sizeof(ssid_le));
4595                 if (err < 0) {
4596                         brcmf_err("setting ssid failed %d\n", err);
4597                         goto exit;
4598                 }
4599                 bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
4600                 bss_enable.enable = cpu_to_le32(1);
4601                 err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
4602                                                sizeof(bss_enable));
4603                 if (err < 0) {
4604                         brcmf_err("bss_enable config failed %d\n", err);
4605                         goto exit;
4606                 }
4607
4608                 brcmf_dbg(TRACE, "GO mode configuration complete\n");
4609         } else {
4610                 WARN_ON(1);
4611         }
4612
4613         brcmf_config_ap_mgmt_ie(ifp->vif, &settings->beacon);
4614         set_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
4615         brcmf_net_setcarrier(ifp, true);
4616
4617 exit:
4618         if ((err) && (!mbss)) {
4619                 brcmf_set_mpc(ifp, 1);
4620                 brcmf_configure_arp_nd_offload(ifp, true);
4621         }
4622         return err;
4623 }
4624
4625 static int brcmf_cfg80211_stop_ap(struct wiphy *wiphy, struct net_device *ndev)
4626 {
4627         struct brcmf_if *ifp = netdev_priv(ndev);
4628         s32 err;
4629         struct brcmf_fil_bss_enable_le bss_enable;
4630         struct brcmf_join_params join_params;
4631
4632         brcmf_dbg(TRACE, "Enter\n");
4633
4634         if (ifp->vif->wdev.iftype == NL80211_IFTYPE_AP) {
4635                 /* Due to most likely deauths outstanding we sleep */
4636                 /* first to make sure they get processed by fw. */
4637                 msleep(400);
4638
4639                 if (ifp->vif->mbss) {
4640                         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4641                         return err;
4642                 }
4643
4644                 /* First BSS doesn't get a full reset */
4645                 if (ifp->bsscfgidx == 0)
4646                         brcmf_fil_iovar_int_set(ifp, "closednet", 0);
4647
4648                 memset(&join_params, 0, sizeof(join_params));
4649                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SSID,
4650                                              &join_params, sizeof(join_params));
4651                 if (err < 0)
4652                         brcmf_err("SET SSID error (%d)\n", err);
4653                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_DOWN, 1);
4654                 if (err < 0)
4655                         brcmf_err("BRCMF_C_DOWN error %d\n", err);
4656                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_AP, 0);
4657                 if (err < 0)
4658                         brcmf_err("setting AP mode failed %d\n", err);
4659                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS))
4660                         brcmf_fil_iovar_int_set(ifp, "mbss", 0);
4661                 brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_REGULATORY,
4662                                       ifp->vif->is_11d);
4663                 /* Bring device back up so it can be used again */
4664                 err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 1);
4665                 if (err < 0)
4666                         brcmf_err("BRCMF_C_UP error %d\n", err);
4667
4668                 brcmf_vif_clear_mgmt_ies(ifp->vif);
4669         } else {
4670                 bss_enable.bsscfgidx = cpu_to_le32(ifp->bsscfgidx);
4671                 bss_enable.enable = cpu_to_le32(0);
4672                 err = brcmf_fil_iovar_data_set(ifp, "bss", &bss_enable,
4673                                                sizeof(bss_enable));
4674                 if (err < 0)
4675                         brcmf_err("bss_enable config failed %d\n", err);
4676         }
4677         brcmf_set_mpc(ifp, 1);
4678         brcmf_configure_arp_nd_offload(ifp, true);
4679         clear_bit(BRCMF_VIF_STATUS_AP_CREATED, &ifp->vif->sme_state);
4680         brcmf_net_setcarrier(ifp, false);
4681
4682         return err;
4683 }
4684
4685 static s32
4686 brcmf_cfg80211_change_beacon(struct wiphy *wiphy, struct net_device *ndev,
4687                              struct cfg80211_beacon_data *info)
4688 {
4689         struct brcmf_if *ifp = netdev_priv(ndev);
4690         s32 err;
4691
4692         brcmf_dbg(TRACE, "Enter\n");
4693
4694         err = brcmf_config_ap_mgmt_ie(ifp->vif, info);
4695
4696         return err;
4697 }
4698
4699 static int
4700 brcmf_cfg80211_del_station(struct wiphy *wiphy, struct net_device *ndev,
4701                            struct station_del_parameters *params)
4702 {
4703         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4704         struct brcmf_scb_val_le scbval;
4705         struct brcmf_if *ifp = netdev_priv(ndev);
4706         s32 err;
4707
4708         if (!params->mac)
4709                 return -EFAULT;
4710
4711         brcmf_dbg(TRACE, "Enter %pM\n", params->mac);
4712
4713         if (ifp->vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif)
4714                 ifp = cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif->ifp;
4715         if (!check_vif_up(ifp->vif))
4716                 return -EIO;
4717
4718         memcpy(&scbval.ea, params->mac, ETH_ALEN);
4719         scbval.val = cpu_to_le32(params->reason_code);
4720         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SCB_DEAUTHENTICATE_FOR_REASON,
4721                                      &scbval, sizeof(scbval));
4722         if (err)
4723                 brcmf_err("SCB_DEAUTHENTICATE_FOR_REASON failed %d\n", err);
4724
4725         brcmf_dbg(TRACE, "Exit\n");
4726         return err;
4727 }
4728
4729 static int
4730 brcmf_cfg80211_change_station(struct wiphy *wiphy, struct net_device *ndev,
4731                               const u8 *mac, struct station_parameters *params)
4732 {
4733         struct brcmf_if *ifp = netdev_priv(ndev);
4734         s32 err;
4735
4736         brcmf_dbg(TRACE, "Enter, MAC %pM, mask 0x%04x set 0x%04x\n", mac,
4737                   params->sta_flags_mask, params->sta_flags_set);
4738
4739         /* Ignore all 00 MAC */
4740         if (is_zero_ether_addr(mac))
4741                 return 0;
4742
4743         if (!(params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED)))
4744                 return 0;
4745
4746         if (params->sta_flags_set & BIT(NL80211_STA_FLAG_AUTHORIZED))
4747                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_AUTHORIZE,
4748                                              (void *)mac, ETH_ALEN);
4749         else
4750                 err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_SCB_DEAUTHORIZE,
4751                                              (void *)mac, ETH_ALEN);
4752         if (err < 0)
4753                 brcmf_err("Setting SCB (de-)authorize failed, %d\n", err);
4754
4755         return err;
4756 }
4757
4758 static void
4759 brcmf_cfg80211_mgmt_frame_register(struct wiphy *wiphy,
4760                                    struct wireless_dev *wdev,
4761                                    u16 frame_type, bool reg)
4762 {
4763         struct brcmf_cfg80211_vif *vif;
4764         u16 mgmt_type;
4765
4766         brcmf_dbg(TRACE, "Enter, frame_type %04x, reg=%d\n", frame_type, reg);
4767
4768         mgmt_type = (frame_type & IEEE80211_FCTL_STYPE) >> 4;
4769         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
4770         if (reg)
4771                 vif->mgmt_rx_reg |= BIT(mgmt_type);
4772         else
4773                 vif->mgmt_rx_reg &= ~BIT(mgmt_type);
4774 }
4775
4776
4777 static int
4778 brcmf_cfg80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
4779                        struct cfg80211_mgmt_tx_params *params, u64 *cookie)
4780 {
4781         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4782         struct ieee80211_channel *chan = params->chan;
4783         const u8 *buf = params->buf;
4784         size_t len = params->len;
4785         const struct ieee80211_mgmt *mgmt;
4786         struct brcmf_cfg80211_vif *vif;
4787         s32 err = 0;
4788         s32 ie_offset;
4789         s32 ie_len;
4790         struct brcmf_fil_action_frame_le *action_frame;
4791         struct brcmf_fil_af_params_le *af_params;
4792         bool ack;
4793         s32 chan_nr;
4794         u32 freq;
4795
4796         brcmf_dbg(TRACE, "Enter\n");
4797
4798         *cookie = 0;
4799
4800         mgmt = (const struct ieee80211_mgmt *)buf;
4801
4802         if (!ieee80211_is_mgmt(mgmt->frame_control)) {
4803                 brcmf_err("Driver only allows MGMT packet type\n");
4804                 return -EPERM;
4805         }
4806
4807         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
4808
4809         if (ieee80211_is_probe_resp(mgmt->frame_control)) {
4810                 /* Right now the only reason to get a probe response */
4811                 /* is for p2p listen response or for p2p GO from     */
4812                 /* wpa_supplicant. Unfortunately the probe is send   */
4813                 /* on primary ndev, while dongle wants it on the p2p */
4814                 /* vif. Since this is only reason for a probe        */
4815                 /* response to be sent, the vif is taken from cfg.   */
4816                 /* If ever desired to send proberesp for non p2p     */
4817                 /* response then data should be checked for          */
4818                 /* "DIRECT-". Note in future supplicant will take    */
4819                 /* dedicated p2p wdev to do this and then this 'hack'*/
4820                 /* is not needed anymore.                            */
4821                 ie_offset =  DOT11_MGMT_HDR_LEN +
4822                              DOT11_BCN_PRB_FIXED_LEN;
4823                 ie_len = len - ie_offset;
4824                 if (vif == cfg->p2p.bss_idx[P2PAPI_BSSCFG_PRIMARY].vif)
4825                         vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
4826                 err = brcmf_vif_set_mgmt_ie(vif,
4827                                             BRCMF_VNDR_IE_PRBRSP_FLAG,
4828                                             &buf[ie_offset],
4829                                             ie_len);
4830                 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, true,
4831                                         GFP_KERNEL);
4832         } else if (ieee80211_is_action(mgmt->frame_control)) {
4833                 if (len > BRCMF_FIL_ACTION_FRAME_SIZE + DOT11_MGMT_HDR_LEN) {
4834                         brcmf_err("invalid action frame length\n");
4835                         err = -EINVAL;
4836                         goto exit;
4837                 }
4838                 af_params = kzalloc(sizeof(*af_params), GFP_KERNEL);
4839                 if (af_params == NULL) {
4840                         brcmf_err("unable to allocate frame\n");
4841                         err = -ENOMEM;
4842                         goto exit;
4843                 }
4844                 action_frame = &af_params->action_frame;
4845                 /* Add the packet Id */
4846                 action_frame->packet_id = cpu_to_le32(*cookie);
4847                 /* Add BSSID */
4848                 memcpy(&action_frame->da[0], &mgmt->da[0], ETH_ALEN);
4849                 memcpy(&af_params->bssid[0], &mgmt->bssid[0], ETH_ALEN);
4850                 /* Add the length exepted for 802.11 header  */
4851                 action_frame->len = cpu_to_le16(len - DOT11_MGMT_HDR_LEN);
4852                 /* Add the channel. Use the one specified as parameter if any or
4853                  * the current one (got from the firmware) otherwise
4854                  */
4855                 if (chan)
4856                         freq = chan->center_freq;
4857                 else
4858                         brcmf_fil_cmd_int_get(vif->ifp, BRCMF_C_GET_CHANNEL,
4859                                               &freq);
4860                 chan_nr = ieee80211_frequency_to_channel(freq);
4861                 af_params->channel = cpu_to_le32(chan_nr);
4862
4863                 memcpy(action_frame->data, &buf[DOT11_MGMT_HDR_LEN],
4864                        le16_to_cpu(action_frame->len));
4865
4866                 brcmf_dbg(TRACE, "Action frame, cookie=%lld, len=%d, freq=%d\n",
4867                           *cookie, le16_to_cpu(action_frame->len), freq);
4868
4869                 ack = brcmf_p2p_send_action_frame(cfg, cfg_to_ndev(cfg),
4870                                                   af_params);
4871
4872                 cfg80211_mgmt_tx_status(wdev, *cookie, buf, len, ack,
4873                                         GFP_KERNEL);
4874                 kfree(af_params);
4875         } else {
4876                 brcmf_dbg(TRACE, "Unhandled, fc=%04x!!\n", mgmt->frame_control);
4877                 brcmf_dbg_hex_dump(true, buf, len, "payload, len=%zu\n", len);
4878         }
4879
4880 exit:
4881         return err;
4882 }
4883
4884
4885 static int
4886 brcmf_cfg80211_cancel_remain_on_channel(struct wiphy *wiphy,
4887                                         struct wireless_dev *wdev,
4888                                         u64 cookie)
4889 {
4890         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4891         struct brcmf_cfg80211_vif *vif;
4892         int err = 0;
4893
4894         brcmf_dbg(TRACE, "Enter p2p listen cancel\n");
4895
4896         vif = cfg->p2p.bss_idx[P2PAPI_BSSCFG_DEVICE].vif;
4897         if (vif == NULL) {
4898                 brcmf_err("No p2p device available for probe response\n");
4899                 err = -ENODEV;
4900                 goto exit;
4901         }
4902         brcmf_p2p_cancel_remain_on_channel(vif->ifp);
4903 exit:
4904         return err;
4905 }
4906
4907 static int brcmf_cfg80211_get_channel(struct wiphy *wiphy,
4908                                       struct wireless_dev *wdev,
4909                                       struct cfg80211_chan_def *chandef)
4910 {
4911         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4912         struct net_device *ndev = wdev->netdev;
4913         struct brcmf_if *ifp;
4914         struct brcmu_chan ch;
4915         enum nl80211_band band = 0;
4916         enum nl80211_chan_width width = 0;
4917         u32 chanspec;
4918         int freq, err;
4919
4920         if (!ndev)
4921                 return -ENODEV;
4922         ifp = netdev_priv(ndev);
4923
4924         err = brcmf_fil_iovar_int_get(ifp, "chanspec", &chanspec);
4925         if (err) {
4926                 brcmf_err("chanspec failed (%d)\n", err);
4927                 return err;
4928         }
4929
4930         ch.chspec = chanspec;
4931         cfg->d11inf.decchspec(&ch);
4932
4933         switch (ch.band) {
4934         case BRCMU_CHAN_BAND_2G:
4935                 band = NL80211_BAND_2GHZ;
4936                 break;
4937         case BRCMU_CHAN_BAND_5G:
4938                 band = NL80211_BAND_5GHZ;
4939                 break;
4940         }
4941
4942         switch (ch.bw) {
4943         case BRCMU_CHAN_BW_80:
4944                 width = NL80211_CHAN_WIDTH_80;
4945                 break;
4946         case BRCMU_CHAN_BW_40:
4947                 width = NL80211_CHAN_WIDTH_40;
4948                 break;
4949         case BRCMU_CHAN_BW_20:
4950                 width = NL80211_CHAN_WIDTH_20;
4951                 break;
4952         case BRCMU_CHAN_BW_80P80:
4953                 width = NL80211_CHAN_WIDTH_80P80;
4954                 break;
4955         case BRCMU_CHAN_BW_160:
4956                 width = NL80211_CHAN_WIDTH_160;
4957                 break;
4958         }
4959
4960         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band);
4961         chandef->chan = ieee80211_get_channel(wiphy, freq);
4962         chandef->width = width;
4963         chandef->center_freq1 = ieee80211_channel_to_frequency(ch.chnum, band);
4964         chandef->center_freq2 = 0;
4965
4966         return 0;
4967 }
4968
4969 static int brcmf_cfg80211_crit_proto_start(struct wiphy *wiphy,
4970                                            struct wireless_dev *wdev,
4971                                            enum nl80211_crit_proto_id proto,
4972                                            u16 duration)
4973 {
4974         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4975         struct brcmf_cfg80211_vif *vif;
4976
4977         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
4978
4979         /* only DHCP support for now */
4980         if (proto != NL80211_CRIT_PROTO_DHCP)
4981                 return -EINVAL;
4982
4983         /* suppress and abort scanning */
4984         set_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
4985         brcmf_abort_scanning(cfg);
4986
4987         return brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_DISABLED, duration);
4988 }
4989
4990 static void brcmf_cfg80211_crit_proto_stop(struct wiphy *wiphy,
4991                                            struct wireless_dev *wdev)
4992 {
4993         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
4994         struct brcmf_cfg80211_vif *vif;
4995
4996         vif = container_of(wdev, struct brcmf_cfg80211_vif, wdev);
4997
4998         brcmf_btcoex_set_mode(vif, BRCMF_BTCOEX_ENABLED, 0);
4999         clear_bit(BRCMF_SCAN_STATUS_SUPPRESS, &cfg->scan_status);
5000 }
5001
5002 static s32
5003 brcmf_notify_tdls_peer_event(struct brcmf_if *ifp,
5004                              const struct brcmf_event_msg *e, void *data)
5005 {
5006         switch (e->reason) {
5007         case BRCMF_E_REASON_TDLS_PEER_DISCOVERED:
5008                 brcmf_dbg(TRACE, "TDLS Peer Discovered\n");
5009                 break;
5010         case BRCMF_E_REASON_TDLS_PEER_CONNECTED:
5011                 brcmf_dbg(TRACE, "TDLS Peer Connected\n");
5012                 brcmf_proto_add_tdls_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5013                 break;
5014         case BRCMF_E_REASON_TDLS_PEER_DISCONNECTED:
5015                 brcmf_dbg(TRACE, "TDLS Peer Disconnected\n");
5016                 brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5017                 break;
5018         }
5019
5020         return 0;
5021 }
5022
5023 static int brcmf_convert_nl80211_tdls_oper(enum nl80211_tdls_operation oper)
5024 {
5025         int ret;
5026
5027         switch (oper) {
5028         case NL80211_TDLS_DISCOVERY_REQ:
5029                 ret = BRCMF_TDLS_MANUAL_EP_DISCOVERY;
5030                 break;
5031         case NL80211_TDLS_SETUP:
5032                 ret = BRCMF_TDLS_MANUAL_EP_CREATE;
5033                 break;
5034         case NL80211_TDLS_TEARDOWN:
5035                 ret = BRCMF_TDLS_MANUAL_EP_DELETE;
5036                 break;
5037         default:
5038                 brcmf_err("unsupported operation: %d\n", oper);
5039                 ret = -EOPNOTSUPP;
5040         }
5041         return ret;
5042 }
5043
5044 static int brcmf_cfg80211_tdls_oper(struct wiphy *wiphy,
5045                                     struct net_device *ndev, const u8 *peer,
5046                                     enum nl80211_tdls_operation oper)
5047 {
5048         struct brcmf_if *ifp;
5049         struct brcmf_tdls_iovar_le info;
5050         int ret = 0;
5051
5052         ret = brcmf_convert_nl80211_tdls_oper(oper);
5053         if (ret < 0)
5054                 return ret;
5055
5056         ifp = netdev_priv(ndev);
5057         memset(&info, 0, sizeof(info));
5058         info.mode = (u8)ret;
5059         if (peer)
5060                 memcpy(info.ea, peer, ETH_ALEN);
5061
5062         ret = brcmf_fil_iovar_data_set(ifp, "tdls_endpoint",
5063                                        &info, sizeof(info));
5064         if (ret < 0)
5065                 brcmf_err("tdls_endpoint iovar failed: ret=%d\n", ret);
5066
5067         return ret;
5068 }
5069
5070 static int
5071 brcmf_cfg80211_update_conn_params(struct wiphy *wiphy,
5072                                   struct net_device *ndev,
5073                                   struct cfg80211_connect_params *sme,
5074                                   u32 changed)
5075 {
5076         struct brcmf_if *ifp;
5077         int err;
5078
5079         if (!(changed & UPDATE_ASSOC_IES))
5080                 return 0;
5081
5082         ifp = netdev_priv(ndev);
5083         err = brcmf_vif_set_mgmt_ie(ifp->vif, BRCMF_VNDR_IE_ASSOCREQ_FLAG,
5084                                     sme->ie, sme->ie_len);
5085         if (err)
5086                 brcmf_err("Set Assoc REQ IE Failed\n");
5087         else
5088                 brcmf_dbg(TRACE, "Applied Vndr IEs for Assoc request\n");
5089
5090         return err;
5091 }
5092
5093 #ifdef CONFIG_PM
5094 static int
5095 brcmf_cfg80211_set_rekey_data(struct wiphy *wiphy, struct net_device *ndev,
5096                               struct cfg80211_gtk_rekey_data *gtk)
5097 {
5098         struct brcmf_if *ifp = netdev_priv(ndev);
5099         struct brcmf_gtk_keyinfo_le gtk_le;
5100         int ret;
5101
5102         brcmf_dbg(TRACE, "Enter, bssidx=%d\n", ifp->bsscfgidx);
5103
5104         memcpy(gtk_le.kck, gtk->kck, sizeof(gtk_le.kck));
5105         memcpy(gtk_le.kek, gtk->kek, sizeof(gtk_le.kek));
5106         memcpy(gtk_le.replay_counter, gtk->replay_ctr,
5107                sizeof(gtk_le.replay_counter));
5108
5109         ret = brcmf_fil_iovar_data_set(ifp, "gtk_key_info", &gtk_le,
5110                                        sizeof(gtk_le));
5111         if (ret < 0)
5112                 brcmf_err("gtk_key_info iovar failed: ret=%d\n", ret);
5113
5114         return ret;
5115 }
5116 #endif
5117
5118 static int brcmf_cfg80211_set_pmk(struct wiphy *wiphy, struct net_device *dev,
5119                                   const struct cfg80211_pmk_conf *conf)
5120 {
5121         struct brcmf_if *ifp;
5122
5123         brcmf_dbg(TRACE, "enter\n");
5124
5125         /* expect using firmware supplicant for 1X */
5126         ifp = netdev_priv(dev);
5127         if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5128                 return -EINVAL;
5129
5130         if (conf->pmk_len > BRCMF_WSEC_MAX_PSK_LEN)
5131                 return -ERANGE;
5132
5133         return brcmf_set_pmk(ifp, conf->pmk, conf->pmk_len);
5134 }
5135
5136 static int brcmf_cfg80211_del_pmk(struct wiphy *wiphy, struct net_device *dev,
5137                                   const u8 *aa)
5138 {
5139         struct brcmf_if *ifp;
5140
5141         brcmf_dbg(TRACE, "enter\n");
5142         ifp = netdev_priv(dev);
5143         if (WARN_ON(ifp->vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_1X))
5144                 return -EINVAL;
5145
5146         return brcmf_set_pmk(ifp, NULL, 0);
5147 }
5148
5149 static struct cfg80211_ops brcmf_cfg80211_ops = {
5150         .add_virtual_intf = brcmf_cfg80211_add_iface,
5151         .del_virtual_intf = brcmf_cfg80211_del_iface,
5152         .change_virtual_intf = brcmf_cfg80211_change_iface,
5153         .scan = brcmf_cfg80211_scan,
5154         .set_wiphy_params = brcmf_cfg80211_set_wiphy_params,
5155         .join_ibss = brcmf_cfg80211_join_ibss,
5156         .leave_ibss = brcmf_cfg80211_leave_ibss,
5157         .get_station = brcmf_cfg80211_get_station,
5158         .dump_station = brcmf_cfg80211_dump_station,
5159         .set_tx_power = brcmf_cfg80211_set_tx_power,
5160         .get_tx_power = brcmf_cfg80211_get_tx_power,
5161         .add_key = brcmf_cfg80211_add_key,
5162         .del_key = brcmf_cfg80211_del_key,
5163         .get_key = brcmf_cfg80211_get_key,
5164         .set_default_key = brcmf_cfg80211_config_default_key,
5165         .set_default_mgmt_key = brcmf_cfg80211_config_default_mgmt_key,
5166         .set_power_mgmt = brcmf_cfg80211_set_power_mgmt,
5167         .connect = brcmf_cfg80211_connect,
5168         .disconnect = brcmf_cfg80211_disconnect,
5169         .suspend = brcmf_cfg80211_suspend,
5170         .resume = brcmf_cfg80211_resume,
5171         .set_pmksa = brcmf_cfg80211_set_pmksa,
5172         .del_pmksa = brcmf_cfg80211_del_pmksa,
5173         .flush_pmksa = brcmf_cfg80211_flush_pmksa,
5174         .start_ap = brcmf_cfg80211_start_ap,
5175         .stop_ap = brcmf_cfg80211_stop_ap,
5176         .change_beacon = brcmf_cfg80211_change_beacon,
5177         .del_station = brcmf_cfg80211_del_station,
5178         .change_station = brcmf_cfg80211_change_station,
5179         .sched_scan_start = brcmf_cfg80211_sched_scan_start,
5180         .sched_scan_stop = brcmf_cfg80211_sched_scan_stop,
5181         .mgmt_frame_register = brcmf_cfg80211_mgmt_frame_register,
5182         .mgmt_tx = brcmf_cfg80211_mgmt_tx,
5183         .remain_on_channel = brcmf_p2p_remain_on_channel,
5184         .cancel_remain_on_channel = brcmf_cfg80211_cancel_remain_on_channel,
5185         .get_channel = brcmf_cfg80211_get_channel,
5186         .start_p2p_device = brcmf_p2p_start_device,
5187         .stop_p2p_device = brcmf_p2p_stop_device,
5188         .crit_proto_start = brcmf_cfg80211_crit_proto_start,
5189         .crit_proto_stop = brcmf_cfg80211_crit_proto_stop,
5190         .tdls_oper = brcmf_cfg80211_tdls_oper,
5191         .update_connect_params = brcmf_cfg80211_update_conn_params,
5192         .set_pmk = brcmf_cfg80211_set_pmk,
5193         .del_pmk = brcmf_cfg80211_del_pmk,
5194 };
5195
5196 struct cfg80211_ops *brcmf_cfg80211_get_ops(struct brcmf_mp_device *settings)
5197 {
5198         struct cfg80211_ops *ops;
5199
5200         ops = kmemdup(&brcmf_cfg80211_ops, sizeof(brcmf_cfg80211_ops),
5201                        GFP_KERNEL);
5202
5203         if (ops && settings->roamoff)
5204                 ops->update_connect_params = NULL;
5205
5206         return ops;
5207 }
5208
5209 struct brcmf_cfg80211_vif *brcmf_alloc_vif(struct brcmf_cfg80211_info *cfg,
5210                                            enum nl80211_iftype type)
5211 {
5212         struct brcmf_cfg80211_vif *vif_walk;
5213         struct brcmf_cfg80211_vif *vif;
5214         bool mbss;
5215
5216         brcmf_dbg(TRACE, "allocating virtual interface (size=%zu)\n",
5217                   sizeof(*vif));
5218         vif = kzalloc(sizeof(*vif), GFP_KERNEL);
5219         if (!vif)
5220                 return ERR_PTR(-ENOMEM);
5221
5222         vif->wdev.wiphy = cfg->wiphy;
5223         vif->wdev.iftype = type;
5224
5225         brcmf_init_prof(&vif->profile);
5226
5227         if (type == NL80211_IFTYPE_AP) {
5228                 mbss = false;
5229                 list_for_each_entry(vif_walk, &cfg->vif_list, list) {
5230                         if (vif_walk->wdev.iftype == NL80211_IFTYPE_AP) {
5231                                 mbss = true;
5232                                 break;
5233                         }
5234                 }
5235                 vif->mbss = mbss;
5236         }
5237
5238         list_add_tail(&vif->list, &cfg->vif_list);
5239         return vif;
5240 }
5241
5242 void brcmf_free_vif(struct brcmf_cfg80211_vif *vif)
5243 {
5244         list_del(&vif->list);
5245         kfree(vif);
5246 }
5247
5248 void brcmf_cfg80211_free_netdev(struct net_device *ndev)
5249 {
5250         struct brcmf_cfg80211_vif *vif;
5251         struct brcmf_if *ifp;
5252
5253         ifp = netdev_priv(ndev);
5254         vif = ifp->vif;
5255
5256         if (vif)
5257                 brcmf_free_vif(vif);
5258 }
5259
5260 static bool brcmf_is_linkup(struct brcmf_cfg80211_vif *vif,
5261                             const struct brcmf_event_msg *e)
5262 {
5263         u32 event = e->event_code;
5264         u32 status = e->status;
5265
5266         if (vif->profile.use_fwsup == BRCMF_PROFILE_FWSUP_PSK &&
5267             event == BRCMF_E_PSK_SUP &&
5268             status == BRCMF_E_STATUS_FWSUP_COMPLETED)
5269                 set_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5270         if (event == BRCMF_E_SET_SSID && status == BRCMF_E_STATUS_SUCCESS) {
5271                 brcmf_dbg(CONN, "Processing set ssid\n");
5272                 memcpy(vif->profile.bssid, e->addr, ETH_ALEN);
5273                 if (vif->profile.use_fwsup != BRCMF_PROFILE_FWSUP_PSK)
5274                         return true;
5275
5276                 set_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5277         }
5278
5279         if (test_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state) &&
5280             test_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state)) {
5281                 clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5282                 clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5283                 return true;
5284         }
5285         return false;
5286 }
5287
5288 static bool brcmf_is_linkdown(struct brcmf_cfg80211_vif *vif,
5289                             const struct brcmf_event_msg *e)
5290 {
5291         u32 event = e->event_code;
5292         u16 flags = e->flags;
5293
5294         if ((event == BRCMF_E_DEAUTH) || (event == BRCMF_E_DEAUTH_IND) ||
5295             (event == BRCMF_E_DISASSOC_IND) ||
5296             ((event == BRCMF_E_LINK) && (!(flags & BRCMF_EVENT_MSG_LINK)))) {
5297                 brcmf_dbg(CONN, "Processing link down\n");
5298                 clear_bit(BRCMF_VIF_STATUS_EAP_SUCCESS, &vif->sme_state);
5299                 clear_bit(BRCMF_VIF_STATUS_ASSOC_SUCCESS, &vif->sme_state);
5300                 return true;
5301         }
5302         return false;
5303 }
5304
5305 static bool brcmf_is_nonetwork(struct brcmf_cfg80211_info *cfg,
5306                                const struct brcmf_event_msg *e)
5307 {
5308         u32 event = e->event_code;
5309         u32 status = e->status;
5310
5311         if (event == BRCMF_E_LINK && status == BRCMF_E_STATUS_NO_NETWORKS) {
5312                 brcmf_dbg(CONN, "Processing Link %s & no network found\n",
5313                           e->flags & BRCMF_EVENT_MSG_LINK ? "up" : "down");
5314                 return true;
5315         }
5316
5317         if (event == BRCMF_E_SET_SSID && status != BRCMF_E_STATUS_SUCCESS) {
5318                 brcmf_dbg(CONN, "Processing connecting & no network found\n");
5319                 return true;
5320         }
5321
5322         if (event == BRCMF_E_PSK_SUP &&
5323             status != BRCMF_E_STATUS_FWSUP_COMPLETED) {
5324                 brcmf_dbg(CONN, "Processing failed supplicant state: %u\n",
5325                           status);
5326                 return true;
5327         }
5328
5329         return false;
5330 }
5331
5332 static void brcmf_clear_assoc_ies(struct brcmf_cfg80211_info *cfg)
5333 {
5334         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5335
5336         kfree(conn_info->req_ie);
5337         conn_info->req_ie = NULL;
5338         conn_info->req_ie_len = 0;
5339         kfree(conn_info->resp_ie);
5340         conn_info->resp_ie = NULL;
5341         conn_info->resp_ie_len = 0;
5342 }
5343
5344 static s32 brcmf_get_assoc_ies(struct brcmf_cfg80211_info *cfg,
5345                                struct brcmf_if *ifp)
5346 {
5347         struct brcmf_cfg80211_assoc_ielen_le *assoc_info;
5348         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5349         u32 req_len;
5350         u32 resp_len;
5351         s32 err = 0;
5352
5353         brcmf_clear_assoc_ies(cfg);
5354
5355         err = brcmf_fil_iovar_data_get(ifp, "assoc_info",
5356                                        cfg->extra_buf, WL_ASSOC_INFO_MAX);
5357         if (err) {
5358                 brcmf_err("could not get assoc info (%d)\n", err);
5359                 return err;
5360         }
5361         assoc_info =
5362                 (struct brcmf_cfg80211_assoc_ielen_le *)cfg->extra_buf;
5363         req_len = le32_to_cpu(assoc_info->req_len);
5364         resp_len = le32_to_cpu(assoc_info->resp_len);
5365         if (req_len) {
5366                 err = brcmf_fil_iovar_data_get(ifp, "assoc_req_ies",
5367                                                cfg->extra_buf,
5368                                                WL_ASSOC_INFO_MAX);
5369                 if (err) {
5370                         brcmf_err("could not get assoc req (%d)\n", err);
5371                         return err;
5372                 }
5373                 conn_info->req_ie_len = req_len;
5374                 conn_info->req_ie =
5375                     kmemdup(cfg->extra_buf, conn_info->req_ie_len,
5376                             GFP_KERNEL);
5377                 if (!conn_info->req_ie)
5378                         conn_info->req_ie_len = 0;
5379         } else {
5380                 conn_info->req_ie_len = 0;
5381                 conn_info->req_ie = NULL;
5382         }
5383         if (resp_len) {
5384                 err = brcmf_fil_iovar_data_get(ifp, "assoc_resp_ies",
5385                                                cfg->extra_buf,
5386                                                WL_ASSOC_INFO_MAX);
5387                 if (err) {
5388                         brcmf_err("could not get assoc resp (%d)\n", err);
5389                         return err;
5390                 }
5391                 conn_info->resp_ie_len = resp_len;
5392                 conn_info->resp_ie =
5393                     kmemdup(cfg->extra_buf, conn_info->resp_ie_len,
5394                             GFP_KERNEL);
5395                 if (!conn_info->resp_ie)
5396                         conn_info->resp_ie_len = 0;
5397         } else {
5398                 conn_info->resp_ie_len = 0;
5399                 conn_info->resp_ie = NULL;
5400         }
5401         brcmf_dbg(CONN, "req len (%d) resp len (%d)\n",
5402                   conn_info->req_ie_len, conn_info->resp_ie_len);
5403
5404         return err;
5405 }
5406
5407 static s32
5408 brcmf_bss_roaming_done(struct brcmf_cfg80211_info *cfg,
5409                        struct net_device *ndev,
5410                        const struct brcmf_event_msg *e)
5411 {
5412         struct brcmf_if *ifp = netdev_priv(ndev);
5413         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5414         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5415         struct wiphy *wiphy = cfg_to_wiphy(cfg);
5416         struct ieee80211_channel *notify_channel = NULL;
5417         struct ieee80211_supported_band *band;
5418         struct brcmf_bss_info_le *bi;
5419         struct brcmu_chan ch;
5420         struct cfg80211_roam_info roam_info = {};
5421         u32 freq;
5422         s32 err = 0;
5423         u8 *buf;
5424
5425         brcmf_dbg(TRACE, "Enter\n");
5426
5427         brcmf_get_assoc_ies(cfg, ifp);
5428         memcpy(profile->bssid, e->addr, ETH_ALEN);
5429         brcmf_update_bss_info(cfg, ifp);
5430
5431         buf = kzalloc(WL_BSS_INFO_MAX, GFP_KERNEL);
5432         if (buf == NULL) {
5433                 err = -ENOMEM;
5434                 goto done;
5435         }
5436
5437         /* data sent to dongle has to be little endian */
5438         *(__le32 *)buf = cpu_to_le32(WL_BSS_INFO_MAX);
5439         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BSS_INFO,
5440                                      buf, WL_BSS_INFO_MAX);
5441
5442         if (err)
5443                 goto done;
5444
5445         bi = (struct brcmf_bss_info_le *)(buf + 4);
5446         ch.chspec = le16_to_cpu(bi->chanspec);
5447         cfg->d11inf.decchspec(&ch);
5448
5449         if (ch.band == BRCMU_CHAN_BAND_2G)
5450                 band = wiphy->bands[NL80211_BAND_2GHZ];
5451         else
5452                 band = wiphy->bands[NL80211_BAND_5GHZ];
5453
5454         freq = ieee80211_channel_to_frequency(ch.control_ch_num, band->band);
5455         notify_channel = ieee80211_get_channel(wiphy, freq);
5456
5457 done:
5458         kfree(buf);
5459
5460         roam_info.channel = notify_channel;
5461         roam_info.bssid = profile->bssid;
5462         roam_info.req_ie = conn_info->req_ie;
5463         roam_info.req_ie_len = conn_info->req_ie_len;
5464         roam_info.resp_ie = conn_info->resp_ie;
5465         roam_info.resp_ie_len = conn_info->resp_ie_len;
5466
5467         cfg80211_roamed(ndev, &roam_info, GFP_KERNEL);
5468         brcmf_dbg(CONN, "Report roaming result\n");
5469
5470         set_bit(BRCMF_VIF_STATUS_CONNECTED, &ifp->vif->sme_state);
5471         brcmf_dbg(TRACE, "Exit\n");
5472         return err;
5473 }
5474
5475 static s32
5476 brcmf_bss_connect_done(struct brcmf_cfg80211_info *cfg,
5477                        struct net_device *ndev, const struct brcmf_event_msg *e,
5478                        bool completed)
5479 {
5480         struct brcmf_if *ifp = netdev_priv(ndev);
5481         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5482         struct brcmf_cfg80211_connect_info *conn_info = cfg_to_conn(cfg);
5483         struct cfg80211_connect_resp_params conn_params;
5484
5485         brcmf_dbg(TRACE, "Enter\n");
5486
5487         if (test_and_clear_bit(BRCMF_VIF_STATUS_CONNECTING,
5488                                &ifp->vif->sme_state)) {
5489                 memset(&conn_params, 0, sizeof(conn_params));
5490                 if (completed) {
5491                         brcmf_get_assoc_ies(cfg, ifp);
5492                         brcmf_update_bss_info(cfg, ifp);
5493                         set_bit(BRCMF_VIF_STATUS_CONNECTED,
5494                                 &ifp->vif->sme_state);
5495                         conn_params.status = WLAN_STATUS_SUCCESS;
5496                 } else {
5497                         conn_params.status = WLAN_STATUS_AUTH_TIMEOUT;
5498                 }
5499                 conn_params.bssid = profile->bssid;
5500                 conn_params.req_ie = conn_info->req_ie;
5501                 conn_params.req_ie_len = conn_info->req_ie_len;
5502                 conn_params.resp_ie = conn_info->resp_ie;
5503                 conn_params.resp_ie_len = conn_info->resp_ie_len;
5504                 cfg80211_connect_done(ndev, &conn_params, GFP_KERNEL);
5505                 brcmf_dbg(CONN, "Report connect result - connection %s\n",
5506                           completed ? "succeeded" : "failed");
5507         }
5508         brcmf_dbg(TRACE, "Exit\n");
5509         return 0;
5510 }
5511
5512 static s32
5513 brcmf_notify_connect_status_ap(struct brcmf_cfg80211_info *cfg,
5514                                struct net_device *ndev,
5515                                const struct brcmf_event_msg *e, void *data)
5516 {
5517         static int generation;
5518         u32 event = e->event_code;
5519         u32 reason = e->reason;
5520         struct station_info *sinfo;
5521
5522         brcmf_dbg(CONN, "event %s (%u), reason %d\n",
5523                   brcmf_fweh_event_name(event), event, reason);
5524         if (event == BRCMF_E_LINK && reason == BRCMF_E_REASON_LINK_BSSCFG_DIS &&
5525             ndev != cfg_to_ndev(cfg)) {
5526                 brcmf_dbg(CONN, "AP mode link down\n");
5527                 complete(&cfg->vif_disabled);
5528                 return 0;
5529         }
5530
5531         if (((event == BRCMF_E_ASSOC_IND) || (event == BRCMF_E_REASSOC_IND)) &&
5532             (reason == BRCMF_E_STATUS_SUCCESS)) {
5533                 if (!data) {
5534                         brcmf_err("No IEs present in ASSOC/REASSOC_IND");
5535                         return -EINVAL;
5536                 }
5537
5538                 sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
5539                 if (!sinfo)
5540                         return -ENOMEM;
5541
5542                 sinfo->assoc_req_ies = data;
5543                 sinfo->assoc_req_ies_len = e->datalen;
5544                 generation++;
5545                 sinfo->generation = generation;
5546                 cfg80211_new_sta(ndev, e->addr, sinfo, GFP_KERNEL);
5547
5548                 kfree(sinfo);
5549         } else if ((event == BRCMF_E_DISASSOC_IND) ||
5550                    (event == BRCMF_E_DEAUTH_IND) ||
5551                    (event == BRCMF_E_DEAUTH)) {
5552                 cfg80211_del_sta(ndev, e->addr, GFP_KERNEL);
5553         }
5554         return 0;
5555 }
5556
5557 static s32
5558 brcmf_notify_connect_status(struct brcmf_if *ifp,
5559                             const struct brcmf_event_msg *e, void *data)
5560 {
5561         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
5562         struct net_device *ndev = ifp->ndev;
5563         struct brcmf_cfg80211_profile *profile = &ifp->vif->profile;
5564         struct ieee80211_channel *chan;
5565         s32 err = 0;
5566
5567         if ((e->event_code == BRCMF_E_DEAUTH) ||
5568             (e->event_code == BRCMF_E_DEAUTH_IND) ||
5569             (e->event_code == BRCMF_E_DISASSOC_IND) ||
5570             ((e->event_code == BRCMF_E_LINK) && (!e->flags))) {
5571                 brcmf_proto_delete_peer(ifp->drvr, ifp->ifidx, (u8 *)e->addr);
5572         }
5573
5574         if (brcmf_is_apmode(ifp->vif)) {
5575                 err = brcmf_notify_connect_status_ap(cfg, ndev, e, data);
5576         } else if (brcmf_is_linkup(ifp->vif, e)) {
5577                 brcmf_dbg(CONN, "Linkup\n");
5578                 if (brcmf_is_ibssmode(ifp->vif)) {
5579                         brcmf_inform_ibss(cfg, ndev, e->addr);
5580                         chan = ieee80211_get_channel(cfg->wiphy, cfg->channel);
5581                         memcpy(profile->bssid, e->addr, ETH_ALEN);
5582                         cfg80211_ibss_joined(ndev, e->addr, chan, GFP_KERNEL);
5583                         clear_bit(BRCMF_VIF_STATUS_CONNECTING,
5584                                   &ifp->vif->sme_state);
5585                         set_bit(BRCMF_VIF_STATUS_CONNECTED,
5586                                 &ifp->vif->sme_state);
5587                 } else
5588                         brcmf_bss_connect_done(cfg, ndev, e, true);
5589                 brcmf_net_setcarrier(ifp, true);
5590         } else if (brcmf_is_linkdown(ifp->vif, e)) {
5591                 brcmf_dbg(CONN, "Linkdown\n");
5592                 if (!brcmf_is_ibssmode(ifp->vif)) {
5593                         brcmf_bss_connect_done(cfg, ndev, e, false);
5594                         brcmf_link_down(ifp->vif,
5595                                         brcmf_map_fw_linkdown_reason(e));
5596                         brcmf_init_prof(ndev_to_prof(ndev));
5597                         if (ndev != cfg_to_ndev(cfg))
5598                                 complete(&cfg->vif_disabled);
5599                         brcmf_net_setcarrier(ifp, false);
5600                 }
5601         } else if (brcmf_is_nonetwork(cfg, e)) {
5602                 if (brcmf_is_ibssmode(ifp->vif))
5603                         clear_bit(BRCMF_VIF_STATUS_CONNECTING,
5604                                   &ifp->vif->sme_state);
5605                 else
5606                         brcmf_bss_connect_done(cfg, ndev, e, false);
5607         }
5608
5609         return err;
5610 }
5611
5612 static s32
5613 brcmf_notify_roaming_status(struct brcmf_if *ifp,
5614                             const struct brcmf_event_msg *e, void *data)
5615 {
5616         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
5617         u32 event = e->event_code;
5618         u32 status = e->status;
5619
5620         if (event == BRCMF_E_ROAM && status == BRCMF_E_STATUS_SUCCESS) {
5621                 if (test_bit(BRCMF_VIF_STATUS_CONNECTED,
5622                              &ifp->vif->sme_state)) {
5623                         brcmf_bss_roaming_done(cfg, ifp->ndev, e);
5624                 } else {
5625                         brcmf_bss_connect_done(cfg, ifp->ndev, e, true);
5626                         brcmf_net_setcarrier(ifp, true);
5627                 }
5628         }
5629
5630         return 0;
5631 }
5632
5633 static s32
5634 brcmf_notify_mic_status(struct brcmf_if *ifp,
5635                         const struct brcmf_event_msg *e, void *data)
5636 {
5637         u16 flags = e->flags;
5638         enum nl80211_key_type key_type;
5639
5640         if (flags & BRCMF_EVENT_MSG_GROUP)
5641                 key_type = NL80211_KEYTYPE_GROUP;
5642         else
5643                 key_type = NL80211_KEYTYPE_PAIRWISE;
5644
5645         cfg80211_michael_mic_failure(ifp->ndev, (u8 *)&e->addr, key_type, -1,
5646                                      NULL, GFP_KERNEL);
5647
5648         return 0;
5649 }
5650
5651 static s32 brcmf_notify_vif_event(struct brcmf_if *ifp,
5652                                   const struct brcmf_event_msg *e, void *data)
5653 {
5654         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
5655         struct brcmf_if_event *ifevent = (struct brcmf_if_event *)data;
5656         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
5657         struct brcmf_cfg80211_vif *vif;
5658
5659         brcmf_dbg(TRACE, "Enter: action %u flags %u ifidx %u bsscfgidx %u\n",
5660                   ifevent->action, ifevent->flags, ifevent->ifidx,
5661                   ifevent->bsscfgidx);
5662
5663         spin_lock(&event->vif_event_lock);
5664         event->action = ifevent->action;
5665         vif = event->vif;
5666
5667         switch (ifevent->action) {
5668         case BRCMF_E_IF_ADD:
5669                 /* waiting process may have timed out */
5670                 if (!cfg->vif_event.vif) {
5671                         spin_unlock(&event->vif_event_lock);
5672                         return -EBADF;
5673                 }
5674
5675                 ifp->vif = vif;
5676                 vif->ifp = ifp;
5677                 if (ifp->ndev) {
5678                         vif->wdev.netdev = ifp->ndev;
5679                         ifp->ndev->ieee80211_ptr = &vif->wdev;
5680                         SET_NETDEV_DEV(ifp->ndev, wiphy_dev(cfg->wiphy));
5681                 }
5682                 spin_unlock(&event->vif_event_lock);
5683                 wake_up(&event->vif_wq);
5684                 return 0;
5685
5686         case BRCMF_E_IF_DEL:
5687                 spin_unlock(&event->vif_event_lock);
5688                 /* event may not be upon user request */
5689                 if (brcmf_cfg80211_vif_event_armed(cfg))
5690                         wake_up(&event->vif_wq);
5691                 return 0;
5692
5693         case BRCMF_E_IF_CHANGE:
5694                 spin_unlock(&event->vif_event_lock);
5695                 wake_up(&event->vif_wq);
5696                 return 0;
5697
5698         default:
5699                 spin_unlock(&event->vif_event_lock);
5700                 break;
5701         }
5702         return -EINVAL;
5703 }
5704
5705 static void brcmf_init_conf(struct brcmf_cfg80211_conf *conf)
5706 {
5707         conf->frag_threshold = (u32)-1;
5708         conf->rts_threshold = (u32)-1;
5709         conf->retry_short = (u32)-1;
5710         conf->retry_long = (u32)-1;
5711 }
5712
5713 static void brcmf_register_event_handlers(struct brcmf_cfg80211_info *cfg)
5714 {
5715         brcmf_fweh_register(cfg->pub, BRCMF_E_LINK,
5716                             brcmf_notify_connect_status);
5717         brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH_IND,
5718                             brcmf_notify_connect_status);
5719         brcmf_fweh_register(cfg->pub, BRCMF_E_DEAUTH,
5720                             brcmf_notify_connect_status);
5721         brcmf_fweh_register(cfg->pub, BRCMF_E_DISASSOC_IND,
5722                             brcmf_notify_connect_status);
5723         brcmf_fweh_register(cfg->pub, BRCMF_E_ASSOC_IND,
5724                             brcmf_notify_connect_status);
5725         brcmf_fweh_register(cfg->pub, BRCMF_E_REASSOC_IND,
5726                             brcmf_notify_connect_status);
5727         brcmf_fweh_register(cfg->pub, BRCMF_E_ROAM,
5728                             brcmf_notify_roaming_status);
5729         brcmf_fweh_register(cfg->pub, BRCMF_E_MIC_ERROR,
5730                             brcmf_notify_mic_status);
5731         brcmf_fweh_register(cfg->pub, BRCMF_E_SET_SSID,
5732                             brcmf_notify_connect_status);
5733         brcmf_fweh_register(cfg->pub, BRCMF_E_PFN_NET_FOUND,
5734                             brcmf_notify_sched_scan_results);
5735         brcmf_fweh_register(cfg->pub, BRCMF_E_IF,
5736                             brcmf_notify_vif_event);
5737         brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_PROBEREQ_MSG,
5738                             brcmf_p2p_notify_rx_mgmt_p2p_probereq);
5739         brcmf_fweh_register(cfg->pub, BRCMF_E_P2P_DISC_LISTEN_COMPLETE,
5740                             brcmf_p2p_notify_listen_complete);
5741         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_RX,
5742                             brcmf_p2p_notify_action_frame_rx);
5743         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_COMPLETE,
5744                             brcmf_p2p_notify_action_tx_complete);
5745         brcmf_fweh_register(cfg->pub, BRCMF_E_ACTION_FRAME_OFF_CHAN_COMPLETE,
5746                             brcmf_p2p_notify_action_tx_complete);
5747         brcmf_fweh_register(cfg->pub, BRCMF_E_PSK_SUP,
5748                             brcmf_notify_connect_status);
5749 }
5750
5751 static void brcmf_deinit_priv_mem(struct brcmf_cfg80211_info *cfg)
5752 {
5753         kfree(cfg->conf);
5754         cfg->conf = NULL;
5755         kfree(cfg->extra_buf);
5756         cfg->extra_buf = NULL;
5757         kfree(cfg->wowl.nd);
5758         cfg->wowl.nd = NULL;
5759         kfree(cfg->wowl.nd_info);
5760         cfg->wowl.nd_info = NULL;
5761         kfree(cfg->escan_info.escan_buf);
5762         cfg->escan_info.escan_buf = NULL;
5763 }
5764
5765 static s32 brcmf_init_priv_mem(struct brcmf_cfg80211_info *cfg)
5766 {
5767         cfg->conf = kzalloc(sizeof(*cfg->conf), GFP_KERNEL);
5768         if (!cfg->conf)
5769                 goto init_priv_mem_out;
5770         cfg->extra_buf = kzalloc(WL_EXTRA_BUF_MAX, GFP_KERNEL);
5771         if (!cfg->extra_buf)
5772                 goto init_priv_mem_out;
5773         cfg->wowl.nd = kzalloc(sizeof(*cfg->wowl.nd) + sizeof(u32), GFP_KERNEL);
5774         if (!cfg->wowl.nd)
5775                 goto init_priv_mem_out;
5776         cfg->wowl.nd_info = kzalloc(sizeof(*cfg->wowl.nd_info) +
5777                                     sizeof(struct cfg80211_wowlan_nd_match *),
5778                                     GFP_KERNEL);
5779         if (!cfg->wowl.nd_info)
5780                 goto init_priv_mem_out;
5781         cfg->escan_info.escan_buf = kzalloc(BRCMF_ESCAN_BUF_SIZE, GFP_KERNEL);
5782         if (!cfg->escan_info.escan_buf)
5783                 goto init_priv_mem_out;
5784
5785         return 0;
5786
5787 init_priv_mem_out:
5788         brcmf_deinit_priv_mem(cfg);
5789
5790         return -ENOMEM;
5791 }
5792
5793 static s32 wl_init_priv(struct brcmf_cfg80211_info *cfg)
5794 {
5795         s32 err = 0;
5796
5797         cfg->scan_request = NULL;
5798         cfg->pwr_save = true;
5799         cfg->dongle_up = false;         /* dongle is not up yet */
5800         err = brcmf_init_priv_mem(cfg);
5801         if (err)
5802                 return err;
5803         brcmf_register_event_handlers(cfg);
5804         mutex_init(&cfg->usr_sync);
5805         brcmf_init_escan(cfg);
5806         brcmf_init_conf(cfg->conf);
5807         init_completion(&cfg->vif_disabled);
5808         return err;
5809 }
5810
5811 static void wl_deinit_priv(struct brcmf_cfg80211_info *cfg)
5812 {
5813         cfg->dongle_up = false; /* dongle down */
5814         brcmf_abort_scanning(cfg);
5815         brcmf_deinit_priv_mem(cfg);
5816 }
5817
5818 static void init_vif_event(struct brcmf_cfg80211_vif_event *event)
5819 {
5820         init_waitqueue_head(&event->vif_wq);
5821         spin_lock_init(&event->vif_event_lock);
5822 }
5823
5824 static s32 brcmf_dongle_roam(struct brcmf_if *ifp)
5825 {
5826         s32 err;
5827         u32 bcn_timeout;
5828         __le32 roamtrigger[2];
5829         __le32 roam_delta[2];
5830
5831         /* Configure beacon timeout value based upon roaming setting */
5832         if (ifp->drvr->settings->roamoff)
5833                 bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_OFF;
5834         else
5835                 bcn_timeout = BRCMF_DEFAULT_BCN_TIMEOUT_ROAM_ON;
5836         err = brcmf_fil_iovar_int_set(ifp, "bcn_timeout", bcn_timeout);
5837         if (err) {
5838                 brcmf_err("bcn_timeout error (%d)\n", err);
5839                 goto roam_setup_done;
5840         }
5841
5842         /* Enable/Disable built-in roaming to allow supplicant to take care of
5843          * roaming.
5844          */
5845         brcmf_dbg(INFO, "Internal Roaming = %s\n",
5846                   ifp->drvr->settings->roamoff ? "Off" : "On");
5847         err = brcmf_fil_iovar_int_set(ifp, "roam_off",
5848                                       ifp->drvr->settings->roamoff);
5849         if (err) {
5850                 brcmf_err("roam_off error (%d)\n", err);
5851                 goto roam_setup_done;
5852         }
5853
5854         roamtrigger[0] = cpu_to_le32(WL_ROAM_TRIGGER_LEVEL);
5855         roamtrigger[1] = cpu_to_le32(BRCM_BAND_ALL);
5856         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_TRIGGER,
5857                                      (void *)roamtrigger, sizeof(roamtrigger));
5858         if (err) {
5859                 brcmf_err("WLC_SET_ROAM_TRIGGER error (%d)\n", err);
5860                 goto roam_setup_done;
5861         }
5862
5863         roam_delta[0] = cpu_to_le32(WL_ROAM_DELTA);
5864         roam_delta[1] = cpu_to_le32(BRCM_BAND_ALL);
5865         err = brcmf_fil_cmd_data_set(ifp, BRCMF_C_SET_ROAM_DELTA,
5866                                      (void *)roam_delta, sizeof(roam_delta));
5867         if (err) {
5868                 brcmf_err("WLC_SET_ROAM_DELTA error (%d)\n", err);
5869                 goto roam_setup_done;
5870         }
5871
5872 roam_setup_done:
5873         return err;
5874 }
5875
5876 static s32
5877 brcmf_dongle_scantime(struct brcmf_if *ifp)
5878 {
5879         s32 err = 0;
5880
5881         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_CHANNEL_TIME,
5882                                     BRCMF_SCAN_CHANNEL_TIME);
5883         if (err) {
5884                 brcmf_err("Scan assoc time error (%d)\n", err);
5885                 goto dongle_scantime_out;
5886         }
5887         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_UNASSOC_TIME,
5888                                     BRCMF_SCAN_UNASSOC_TIME);
5889         if (err) {
5890                 brcmf_err("Scan unassoc time error (%d)\n", err);
5891                 goto dongle_scantime_out;
5892         }
5893
5894         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_SCAN_PASSIVE_TIME,
5895                                     BRCMF_SCAN_PASSIVE_TIME);
5896         if (err) {
5897                 brcmf_err("Scan passive time error (%d)\n", err);
5898                 goto dongle_scantime_out;
5899         }
5900
5901 dongle_scantime_out:
5902         return err;
5903 }
5904
5905 static void brcmf_update_bw40_channel_flag(struct ieee80211_channel *channel,
5906                                            struct brcmu_chan *ch)
5907 {
5908         u32 ht40_flag;
5909
5910         ht40_flag = channel->flags & IEEE80211_CHAN_NO_HT40;
5911         if (ch->sb == BRCMU_CHAN_SB_U) {
5912                 if (ht40_flag == IEEE80211_CHAN_NO_HT40)
5913                         channel->flags &= ~IEEE80211_CHAN_NO_HT40;
5914                 channel->flags |= IEEE80211_CHAN_NO_HT40PLUS;
5915         } else {
5916                 /* It should be one of
5917                  * IEEE80211_CHAN_NO_HT40 or
5918                  * IEEE80211_CHAN_NO_HT40PLUS
5919                  */
5920                 channel->flags &= ~IEEE80211_CHAN_NO_HT40;
5921                 if (ht40_flag == IEEE80211_CHAN_NO_HT40)
5922                         channel->flags |= IEEE80211_CHAN_NO_HT40MINUS;
5923         }
5924 }
5925
5926 static int brcmf_construct_chaninfo(struct brcmf_cfg80211_info *cfg,
5927                                     u32 bw_cap[])
5928 {
5929         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
5930         struct ieee80211_supported_band *band;
5931         struct ieee80211_channel *channel;
5932         struct wiphy *wiphy;
5933         struct brcmf_chanspec_list *list;
5934         struct brcmu_chan ch;
5935         int err;
5936         u8 *pbuf;
5937         u32 i, j;
5938         u32 total;
5939         u32 chaninfo;
5940
5941         pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
5942
5943         if (pbuf == NULL)
5944                 return -ENOMEM;
5945
5946         list = (struct brcmf_chanspec_list *)pbuf;
5947
5948         err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
5949                                        BRCMF_DCMD_MEDLEN);
5950         if (err) {
5951                 brcmf_err("get chanspecs error (%d)\n", err);
5952                 goto fail_pbuf;
5953         }
5954
5955         wiphy = cfg_to_wiphy(cfg);
5956         band = wiphy->bands[NL80211_BAND_2GHZ];
5957         if (band)
5958                 for (i = 0; i < band->n_channels; i++)
5959                         band->channels[i].flags = IEEE80211_CHAN_DISABLED;
5960         band = wiphy->bands[NL80211_BAND_5GHZ];
5961         if (band)
5962                 for (i = 0; i < band->n_channels; i++)
5963                         band->channels[i].flags = IEEE80211_CHAN_DISABLED;
5964
5965         total = le32_to_cpu(list->count);
5966         for (i = 0; i < total; i++) {
5967                 ch.chspec = (u16)le32_to_cpu(list->element[i]);
5968                 cfg->d11inf.decchspec(&ch);
5969
5970                 if (ch.band == BRCMU_CHAN_BAND_2G) {
5971                         band = wiphy->bands[NL80211_BAND_2GHZ];
5972                 } else if (ch.band == BRCMU_CHAN_BAND_5G) {
5973                         band = wiphy->bands[NL80211_BAND_5GHZ];
5974                 } else {
5975                         brcmf_err("Invalid channel Spec. 0x%x.\n", ch.chspec);
5976                         continue;
5977                 }
5978                 if (!band)
5979                         continue;
5980                 if (!(bw_cap[band->band] & WLC_BW_40MHZ_BIT) &&
5981                     ch.bw == BRCMU_CHAN_BW_40)
5982                         continue;
5983                 if (!(bw_cap[band->band] & WLC_BW_80MHZ_BIT) &&
5984                     ch.bw == BRCMU_CHAN_BW_80)
5985                         continue;
5986
5987                 channel = NULL;
5988                 for (j = 0; j < band->n_channels; j++) {
5989                         if (band->channels[j].hw_value == ch.control_ch_num) {
5990                                 channel = &band->channels[j];
5991                                 break;
5992                         }
5993                 }
5994                 if (!channel) {
5995                         /* It seems firmware supports some channel we never
5996                          * considered. Something new in IEEE standard?
5997                          */
5998                         brcmf_err("Ignoring unexpected firmware channel %d\n",
5999                                   ch.control_ch_num);
6000                         continue;
6001                 }
6002
6003                 if (channel->orig_flags & IEEE80211_CHAN_DISABLED)
6004                         continue;
6005
6006                 /* assuming the chanspecs order is HT20,
6007                  * HT40 upper, HT40 lower, and VHT80.
6008                  */
6009                 if (ch.bw == BRCMU_CHAN_BW_80) {
6010                         channel->flags &= ~IEEE80211_CHAN_NO_80MHZ;
6011                 } else if (ch.bw == BRCMU_CHAN_BW_40) {
6012                         brcmf_update_bw40_channel_flag(channel, &ch);
6013                 } else {
6014                         /* enable the channel and disable other bandwidths
6015                          * for now as mentioned order assure they are enabled
6016                          * for subsequent chanspecs.
6017                          */
6018                         channel->flags = IEEE80211_CHAN_NO_HT40 |
6019                                          IEEE80211_CHAN_NO_80MHZ |
6020                                          IEEE80211_CHAN_NO_160MHZ;
6021                         ch.bw = BRCMU_CHAN_BW_20;
6022                         cfg->d11inf.encchspec(&ch);
6023                         chaninfo = ch.chspec;
6024                         err = brcmf_fil_bsscfg_int_get(ifp, "per_chan_info",
6025                                                        &chaninfo);
6026                         if (!err) {
6027                                 if (chaninfo & WL_CHAN_RADAR)
6028                                         channel->flags |=
6029                                                 (IEEE80211_CHAN_RADAR |
6030                                                  IEEE80211_CHAN_NO_IR);
6031                                 if (chaninfo & WL_CHAN_PASSIVE)
6032                                         channel->flags |=
6033                                                 IEEE80211_CHAN_NO_IR;
6034                         }
6035                 }
6036         }
6037
6038 fail_pbuf:
6039         kfree(pbuf);
6040         return err;
6041 }
6042
6043 static int brcmf_enable_bw40_2g(struct brcmf_cfg80211_info *cfg)
6044 {
6045         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
6046         struct ieee80211_supported_band *band;
6047         struct brcmf_fil_bwcap_le band_bwcap;
6048         struct brcmf_chanspec_list *list;
6049         u8 *pbuf;
6050         u32 val;
6051         int err;
6052         struct brcmu_chan ch;
6053         u32 num_chan;
6054         int i, j;
6055
6056         /* verify support for bw_cap command */
6057         val = WLC_BAND_5G;
6058         err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &val);
6059
6060         if (!err) {
6061                 /* only set 2G bandwidth using bw_cap command */
6062                 band_bwcap.band = cpu_to_le32(WLC_BAND_2G);
6063                 band_bwcap.bw_cap = cpu_to_le32(WLC_BW_CAP_40MHZ);
6064                 err = brcmf_fil_iovar_data_set(ifp, "bw_cap", &band_bwcap,
6065                                                sizeof(band_bwcap));
6066         } else {
6067                 brcmf_dbg(INFO, "fallback to mimo_bw_cap\n");
6068                 val = WLC_N_BW_40ALL;
6069                 err = brcmf_fil_iovar_int_set(ifp, "mimo_bw_cap", val);
6070         }
6071
6072         if (!err) {
6073                 /* update channel info in 2G band */
6074                 pbuf = kzalloc(BRCMF_DCMD_MEDLEN, GFP_KERNEL);
6075
6076                 if (pbuf == NULL)
6077                         return -ENOMEM;
6078
6079                 ch.band = BRCMU_CHAN_BAND_2G;
6080                 ch.bw = BRCMU_CHAN_BW_40;
6081                 ch.sb = BRCMU_CHAN_SB_NONE;
6082                 ch.chnum = 0;
6083                 cfg->d11inf.encchspec(&ch);
6084
6085                 /* pass encoded chanspec in query */
6086                 *(__le16 *)pbuf = cpu_to_le16(ch.chspec);
6087
6088                 err = brcmf_fil_iovar_data_get(ifp, "chanspecs", pbuf,
6089                                                BRCMF_DCMD_MEDLEN);
6090                 if (err) {
6091                         brcmf_err("get chanspecs error (%d)\n", err);
6092                         kfree(pbuf);
6093                         return err;
6094                 }
6095
6096                 band = cfg_to_wiphy(cfg)->bands[NL80211_BAND_2GHZ];
6097                 list = (struct brcmf_chanspec_list *)pbuf;
6098                 num_chan = le32_to_cpu(list->count);
6099                 for (i = 0; i < num_chan; i++) {
6100                         ch.chspec = (u16)le32_to_cpu(list->element[i]);
6101                         cfg->d11inf.decchspec(&ch);
6102                         if (WARN_ON(ch.band != BRCMU_CHAN_BAND_2G))
6103                                 continue;
6104                         if (WARN_ON(ch.bw != BRCMU_CHAN_BW_40))
6105                                 continue;
6106                         for (j = 0; j < band->n_channels; j++) {
6107                                 if (band->channels[j].hw_value == ch.control_ch_num)
6108                                         break;
6109                         }
6110                         if (WARN_ON(j == band->n_channels))
6111                                 continue;
6112
6113                         brcmf_update_bw40_channel_flag(&band->channels[j], &ch);
6114                 }
6115                 kfree(pbuf);
6116         }
6117         return err;
6118 }
6119
6120 static void brcmf_get_bwcap(struct brcmf_if *ifp, u32 bw_cap[])
6121 {
6122         u32 band, mimo_bwcap;
6123         int err;
6124
6125         band = WLC_BAND_2G;
6126         err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6127         if (!err) {
6128                 bw_cap[NL80211_BAND_2GHZ] = band;
6129                 band = WLC_BAND_5G;
6130                 err = brcmf_fil_iovar_int_get(ifp, "bw_cap", &band);
6131                 if (!err) {
6132                         bw_cap[NL80211_BAND_5GHZ] = band;
6133                         return;
6134                 }
6135                 WARN_ON(1);
6136                 return;
6137         }
6138         brcmf_dbg(INFO, "fallback to mimo_bw_cap info\n");
6139         mimo_bwcap = 0;
6140         err = brcmf_fil_iovar_int_get(ifp, "mimo_bw_cap", &mimo_bwcap);
6141         if (err)
6142                 /* assume 20MHz if firmware does not give a clue */
6143                 mimo_bwcap = WLC_N_BW_20ALL;
6144
6145         switch (mimo_bwcap) {
6146         case WLC_N_BW_40ALL:
6147                 bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_40MHZ_BIT;
6148                 /* fall-thru */
6149         case WLC_N_BW_20IN2G_40IN5G:
6150                 bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_40MHZ_BIT;
6151                 /* fall-thru */
6152         case WLC_N_BW_20ALL:
6153                 bw_cap[NL80211_BAND_2GHZ] |= WLC_BW_20MHZ_BIT;
6154                 bw_cap[NL80211_BAND_5GHZ] |= WLC_BW_20MHZ_BIT;
6155                 break;
6156         default:
6157                 brcmf_err("invalid mimo_bw_cap value\n");
6158         }
6159 }
6160
6161 static void brcmf_update_ht_cap(struct ieee80211_supported_band *band,
6162                                 u32 bw_cap[2], u32 nchain)
6163 {
6164         band->ht_cap.ht_supported = true;
6165         if (bw_cap[band->band] & WLC_BW_40MHZ_BIT) {
6166                 band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_40;
6167                 band->ht_cap.cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
6168         }
6169         band->ht_cap.cap |= IEEE80211_HT_CAP_SGI_20;
6170         band->ht_cap.cap |= IEEE80211_HT_CAP_DSSSCCK40;
6171         band->ht_cap.ampdu_factor = IEEE80211_HT_MAX_AMPDU_64K;
6172         band->ht_cap.ampdu_density = IEEE80211_HT_MPDU_DENSITY_16;
6173         memset(band->ht_cap.mcs.rx_mask, 0xff, nchain);
6174         band->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
6175 }
6176
6177 static __le16 brcmf_get_mcs_map(u32 nchain, enum ieee80211_vht_mcs_support supp)
6178 {
6179         u16 mcs_map;
6180         int i;
6181
6182         for (i = 0, mcs_map = 0xFFFF; i < nchain; i++)
6183                 mcs_map = (mcs_map << 2) | supp;
6184
6185         return cpu_to_le16(mcs_map);
6186 }
6187
6188 static void brcmf_update_vht_cap(struct ieee80211_supported_band *band,
6189                                  u32 bw_cap[2], u32 nchain, u32 txstreams,
6190                                  u32 txbf_bfe_cap, u32 txbf_bfr_cap)
6191 {
6192         __le16 mcs_map;
6193
6194         /* not allowed in 2.4G band */
6195         if (band->band == NL80211_BAND_2GHZ)
6196                 return;
6197
6198         band->vht_cap.vht_supported = true;
6199         /* 80MHz is mandatory */
6200         band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_80;
6201         if (bw_cap[band->band] & WLC_BW_160MHZ_BIT) {
6202                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
6203                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SHORT_GI_160;
6204         }
6205         /* all support 256-QAM */
6206         mcs_map = brcmf_get_mcs_map(nchain, IEEE80211_VHT_MCS_SUPPORT_0_9);
6207         band->vht_cap.vht_mcs.rx_mcs_map = mcs_map;
6208         band->vht_cap.vht_mcs.tx_mcs_map = mcs_map;
6209
6210         /* Beamforming support information */
6211         if (txbf_bfe_cap & BRCMF_TXBF_SU_BFE_CAP)
6212                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
6213         if (txbf_bfe_cap & BRCMF_TXBF_MU_BFE_CAP)
6214                 band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE;
6215         if (txbf_bfr_cap & BRCMF_TXBF_SU_BFR_CAP)
6216                 band->vht_cap.cap |= IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE;
6217         if (txbf_bfr_cap & BRCMF_TXBF_MU_BFR_CAP)
6218                 band->vht_cap.cap |= IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE;
6219
6220         if ((txbf_bfe_cap || txbf_bfr_cap) && (txstreams > 1)) {
6221                 band->vht_cap.cap |=
6222                         (2 << IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT);
6223                 band->vht_cap.cap |= ((txstreams - 1) <<
6224                                 IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT);
6225                 band->vht_cap.cap |=
6226                         IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB;
6227         }
6228 }
6229
6230 static int brcmf_setup_wiphybands(struct brcmf_cfg80211_info *cfg)
6231 {
6232         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
6233         struct wiphy *wiphy;
6234         u32 nmode = 0;
6235         u32 vhtmode = 0;
6236         u32 bw_cap[2] = { WLC_BW_20MHZ_BIT, WLC_BW_20MHZ_BIT };
6237         u32 rxchain;
6238         u32 nchain;
6239         int err;
6240         s32 i;
6241         struct ieee80211_supported_band *band;
6242         u32 txstreams = 0;
6243         u32 txbf_bfe_cap = 0;
6244         u32 txbf_bfr_cap = 0;
6245
6246         (void)brcmf_fil_iovar_int_get(ifp, "vhtmode", &vhtmode);
6247         err = brcmf_fil_iovar_int_get(ifp, "nmode", &nmode);
6248         if (err) {
6249                 brcmf_err("nmode error (%d)\n", err);
6250         } else {
6251                 brcmf_get_bwcap(ifp, bw_cap);
6252         }
6253         brcmf_dbg(INFO, "nmode=%d, vhtmode=%d, bw_cap=(%d, %d)\n",
6254                   nmode, vhtmode, bw_cap[NL80211_BAND_2GHZ],
6255                   bw_cap[NL80211_BAND_5GHZ]);
6256
6257         err = brcmf_fil_iovar_int_get(ifp, "rxchain", &rxchain);
6258         if (err) {
6259                 brcmf_err("rxchain error (%d)\n", err);
6260                 nchain = 1;
6261         } else {
6262                 for (nchain = 0; rxchain; nchain++)
6263                         rxchain = rxchain & (rxchain - 1);
6264         }
6265         brcmf_dbg(INFO, "nchain=%d\n", nchain);
6266
6267         err = brcmf_construct_chaninfo(cfg, bw_cap);
6268         if (err) {
6269                 brcmf_err("brcmf_construct_chaninfo failed (%d)\n", err);
6270                 return err;
6271         }
6272
6273         if (vhtmode) {
6274                 (void)brcmf_fil_iovar_int_get(ifp, "txstreams", &txstreams);
6275                 (void)brcmf_fil_iovar_int_get(ifp, "txbf_bfe_cap",
6276                                               &txbf_bfe_cap);
6277                 (void)brcmf_fil_iovar_int_get(ifp, "txbf_bfr_cap",
6278                                               &txbf_bfr_cap);
6279         }
6280
6281         wiphy = cfg_to_wiphy(cfg);
6282         for (i = 0; i < ARRAY_SIZE(wiphy->bands); i++) {
6283                 band = wiphy->bands[i];
6284                 if (band == NULL)
6285                         continue;
6286
6287                 if (nmode)
6288                         brcmf_update_ht_cap(band, bw_cap, nchain);
6289                 if (vhtmode)
6290                         brcmf_update_vht_cap(band, bw_cap, nchain, txstreams,
6291                                              txbf_bfe_cap, txbf_bfr_cap);
6292         }
6293
6294         return 0;
6295 }
6296
6297 static const struct ieee80211_txrx_stypes
6298 brcmf_txrx_stypes[NUM_NL80211_IFTYPES] = {
6299         [NL80211_IFTYPE_STATION] = {
6300                 .tx = 0xffff,
6301                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6302                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6303         },
6304         [NL80211_IFTYPE_P2P_CLIENT] = {
6305                 .tx = 0xffff,
6306                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6307                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6308         },
6309         [NL80211_IFTYPE_P2P_GO] = {
6310                 .tx = 0xffff,
6311                 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6312                       BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6313                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6314                       BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6315                       BIT(IEEE80211_STYPE_AUTH >> 4) |
6316                       BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6317                       BIT(IEEE80211_STYPE_ACTION >> 4)
6318         },
6319         [NL80211_IFTYPE_P2P_DEVICE] = {
6320                 .tx = 0xffff,
6321                 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
6322                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4)
6323         },
6324         [NL80211_IFTYPE_AP] = {
6325                 .tx = 0xffff,
6326                 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
6327                       BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
6328                       BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
6329                       BIT(IEEE80211_STYPE_DISASSOC >> 4) |
6330                       BIT(IEEE80211_STYPE_AUTH >> 4) |
6331                       BIT(IEEE80211_STYPE_DEAUTH >> 4) |
6332                       BIT(IEEE80211_STYPE_ACTION >> 4)
6333         }
6334 };
6335
6336 /**
6337  * brcmf_setup_ifmodes() - determine interface modes and combinations.
6338  *
6339  * @wiphy: wiphy object.
6340  * @ifp: interface object needed for feat module api.
6341  *
6342  * The interface modes and combinations are determined dynamically here
6343  * based on firmware functionality.
6344  *
6345  * no p2p and no mbss:
6346  *
6347  *      #STA <= 1, #AP <= 1, channels = 1, 2 total
6348  *
6349  * no p2p and mbss:
6350  *
6351  *      #STA <= 1, #AP <= 1, channels = 1, 2 total
6352  *      #AP <= 4, matching BI, channels = 1, 4 total
6353  *
6354  * p2p, no mchan, and mbss:
6355  *
6356  *      #STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 1, 3 total
6357  *      #STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6358  *      #AP <= 4, matching BI, channels = 1, 4 total
6359  *
6360  * p2p, mchan, and mbss:
6361  *
6362  *      #STA <= 1, #P2P-DEV <= 1, #{P2P-CL, P2P-GO} <= 1, channels = 2, 3 total
6363  *      #STA <= 1, #P2P-DEV <= 1, #AP <= 1, #P2P-CL <= 1, channels = 1, 4 total
6364  *      #AP <= 4, matching BI, channels = 1, 4 total
6365  */
6366 static int brcmf_setup_ifmodes(struct wiphy *wiphy, struct brcmf_if *ifp)
6367 {
6368         struct ieee80211_iface_combination *combo = NULL;
6369         struct ieee80211_iface_limit *c0_limits = NULL;
6370         struct ieee80211_iface_limit *p2p_limits = NULL;
6371         struct ieee80211_iface_limit *mbss_limits = NULL;
6372         bool mbss, p2p;
6373         int i, c, n_combos;
6374
6375         mbss = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MBSS);
6376         p2p = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_P2P);
6377
6378         n_combos = 1 + !!p2p + !!mbss;
6379         combo = kcalloc(n_combos, sizeof(*combo), GFP_KERNEL);
6380         if (!combo)
6381                 goto err;
6382
6383         wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
6384                                  BIT(NL80211_IFTYPE_ADHOC) |
6385                                  BIT(NL80211_IFTYPE_AP);
6386
6387         c = 0;
6388         i = 0;
6389         c0_limits = kcalloc(p2p ? 3 : 2, sizeof(*c0_limits), GFP_KERNEL);
6390         if (!c0_limits)
6391                 goto err;
6392         c0_limits[i].max = 1;
6393         c0_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
6394         if (p2p) {
6395                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MCHAN))
6396                         combo[c].num_different_channels = 2;
6397                 else
6398                         combo[c].num_different_channels = 1;
6399                 wiphy->interface_modes |= BIT(NL80211_IFTYPE_P2P_CLIENT) |
6400                                           BIT(NL80211_IFTYPE_P2P_GO) |
6401                                           BIT(NL80211_IFTYPE_P2P_DEVICE);
6402                 c0_limits[i].max = 1;
6403                 c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
6404                 c0_limits[i].max = 1;
6405                 c0_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT) |
6406                                        BIT(NL80211_IFTYPE_P2P_GO);
6407         } else {
6408                 combo[c].num_different_channels = 1;
6409                 c0_limits[i].max = 1;
6410                 c0_limits[i++].types = BIT(NL80211_IFTYPE_AP);
6411         }
6412         combo[c].max_interfaces = i;
6413         combo[c].n_limits = i;
6414         combo[c].limits = c0_limits;
6415
6416         if (p2p) {
6417                 c++;
6418                 i = 0;
6419                 p2p_limits = kcalloc(4, sizeof(*p2p_limits), GFP_KERNEL);
6420                 if (!p2p_limits)
6421                         goto err;
6422                 p2p_limits[i].max = 1;
6423                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_STATION);
6424                 p2p_limits[i].max = 1;
6425                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_AP);
6426                 p2p_limits[i].max = 1;
6427                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_CLIENT);
6428                 p2p_limits[i].max = 1;
6429                 p2p_limits[i++].types = BIT(NL80211_IFTYPE_P2P_DEVICE);
6430                 combo[c].num_different_channels = 1;
6431                 combo[c].max_interfaces = i;
6432                 combo[c].n_limits = i;
6433                 combo[c].limits = p2p_limits;
6434         }
6435
6436         if (mbss) {
6437                 c++;
6438                 i = 0;
6439                 mbss_limits = kcalloc(1, sizeof(*mbss_limits), GFP_KERNEL);
6440                 if (!mbss_limits)
6441                         goto err;
6442                 mbss_limits[i].max = 4;
6443                 mbss_limits[i++].types = BIT(NL80211_IFTYPE_AP);
6444                 combo[c].beacon_int_infra_match = true;
6445                 combo[c].num_different_channels = 1;
6446                 combo[c].max_interfaces = 4;
6447                 combo[c].n_limits = i;
6448                 combo[c].limits = mbss_limits;
6449         }
6450
6451         wiphy->n_iface_combinations = n_combos;
6452         wiphy->iface_combinations = combo;
6453         return 0;
6454
6455 err:
6456         kfree(c0_limits);
6457         kfree(p2p_limits);
6458         kfree(mbss_limits);
6459         kfree(combo);
6460         return -ENOMEM;
6461 }
6462
6463 #ifdef CONFIG_PM
6464 static const struct wiphy_wowlan_support brcmf_wowlan_support = {
6465         .flags = WIPHY_WOWLAN_MAGIC_PKT | WIPHY_WOWLAN_DISCONNECT,
6466         .n_patterns = BRCMF_WOWL_MAXPATTERNS,
6467         .pattern_max_len = BRCMF_WOWL_MAXPATTERNSIZE,
6468         .pattern_min_len = 1,
6469         .max_pkt_offset = 1500,
6470 };
6471 #endif
6472
6473 static void brcmf_wiphy_wowl_params(struct wiphy *wiphy, struct brcmf_if *ifp)
6474 {
6475 #ifdef CONFIG_PM
6476         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
6477         struct wiphy_wowlan_support *wowl;
6478
6479         wowl = kmemdup(&brcmf_wowlan_support, sizeof(brcmf_wowlan_support),
6480                        GFP_KERNEL);
6481         if (!wowl) {
6482                 brcmf_err("only support basic wowlan features\n");
6483                 wiphy->wowlan = &brcmf_wowlan_support;
6484                 return;
6485         }
6486
6487         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
6488                 if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_ND)) {
6489                         wowl->flags |= WIPHY_WOWLAN_NET_DETECT;
6490                         wowl->max_nd_match_sets = BRCMF_PNO_MAX_PFN_COUNT;
6491                         init_waitqueue_head(&cfg->wowl.nd_data_wait);
6492                 }
6493         }
6494         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK)) {
6495                 wowl->flags |= WIPHY_WOWLAN_SUPPORTS_GTK_REKEY;
6496                 wowl->flags |= WIPHY_WOWLAN_GTK_REKEY_FAILURE;
6497         }
6498
6499         wiphy->wowlan = wowl;
6500 #endif
6501 }
6502
6503 static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
6504 {
6505         struct brcmf_pub *drvr = ifp->drvr;
6506         const struct ieee80211_iface_combination *combo;
6507         struct ieee80211_supported_band *band;
6508         u16 max_interfaces = 0;
6509         bool gscan;
6510         __le32 bandlist[3];
6511         u32 n_bands;
6512         int err, i;
6513
6514         wiphy->max_scan_ssids = WL_NUM_SCAN_MAX;
6515         wiphy->max_scan_ie_len = BRCMF_SCAN_IE_LEN_MAX;
6516         wiphy->max_num_pmkids = BRCMF_MAXPMKID;
6517
6518         err = brcmf_setup_ifmodes(wiphy, ifp);
6519         if (err)
6520                 return err;
6521
6522         for (i = 0, combo = wiphy->iface_combinations;
6523              i < wiphy->n_iface_combinations; i++, combo++) {
6524                 max_interfaces = max(max_interfaces, combo->max_interfaces);
6525         }
6526
6527         for (i = 0; i < max_interfaces && i < ARRAY_SIZE(drvr->addresses);
6528              i++) {
6529                 u8 *addr = drvr->addresses[i].addr;
6530
6531                 memcpy(addr, drvr->mac, ETH_ALEN);
6532                 if (i) {
6533                         addr[0] |= BIT(1);
6534                         addr[ETH_ALEN - 1] ^= i;
6535                 }
6536         }
6537         wiphy->addresses = drvr->addresses;
6538         wiphy->n_addresses = i;
6539
6540         wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
6541         wiphy->cipher_suites = brcmf_cipher_suites;
6542         wiphy->n_cipher_suites = ARRAY_SIZE(brcmf_cipher_suites);
6543         if (!brcmf_feat_is_enabled(ifp, BRCMF_FEAT_MFP))
6544                 wiphy->n_cipher_suites--;
6545         wiphy->bss_select_support = BIT(NL80211_BSS_SELECT_ATTR_RSSI) |
6546                                     BIT(NL80211_BSS_SELECT_ATTR_BAND_PREF) |
6547                                     BIT(NL80211_BSS_SELECT_ATTR_RSSI_ADJUST);
6548
6549         wiphy->flags |= WIPHY_FLAG_NETNS_OK |
6550                         WIPHY_FLAG_PS_ON_BY_DEFAULT |
6551                         WIPHY_FLAG_HAVE_AP_SME |
6552                         WIPHY_FLAG_OFFCHAN_TX |
6553                         WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL;
6554         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS))
6555                 wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS;
6556         if (!ifp->drvr->settings->roamoff)
6557                 wiphy->flags |= WIPHY_FLAG_SUPPORTS_FW_ROAM;
6558         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_FWSUP)) {
6559                 wiphy_ext_feature_set(wiphy,
6560                                       NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK);
6561                 wiphy_ext_feature_set(wiphy,
6562                                       NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X);
6563         }
6564         wiphy->mgmt_stypes = brcmf_txrx_stypes;
6565         wiphy->max_remain_on_channel_duration = 5000;
6566         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_PNO)) {
6567                 gscan = brcmf_feat_is_enabled(ifp, BRCMF_FEAT_GSCAN);
6568                 brcmf_pno_wiphy_params(wiphy, gscan);
6569         }
6570         /* vendor commands/events support */
6571         wiphy->vendor_commands = brcmf_vendor_cmds;
6572         wiphy->n_vendor_commands = BRCMF_VNDR_CMDS_LAST - 1;
6573
6574         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL))
6575                 brcmf_wiphy_wowl_params(wiphy, ifp);
6576         err = brcmf_fil_cmd_data_get(ifp, BRCMF_C_GET_BANDLIST, &bandlist,
6577                                      sizeof(bandlist));
6578         if (err) {
6579                 brcmf_err("could not obtain band info: err=%d\n", err);
6580                 return err;
6581         }
6582         /* first entry in bandlist is number of bands */
6583         n_bands = le32_to_cpu(bandlist[0]);
6584         for (i = 1; i <= n_bands && i < ARRAY_SIZE(bandlist); i++) {
6585                 if (bandlist[i] == cpu_to_le32(WLC_BAND_2G)) {
6586                         band = kmemdup(&__wl_band_2ghz, sizeof(__wl_band_2ghz),
6587                                        GFP_KERNEL);
6588                         if (!band)
6589                                 return -ENOMEM;
6590
6591                         band->channels = kmemdup(&__wl_2ghz_channels,
6592                                                  sizeof(__wl_2ghz_channels),
6593                                                  GFP_KERNEL);
6594                         if (!band->channels) {
6595                                 kfree(band);
6596                                 return -ENOMEM;
6597                         }
6598
6599                         band->n_channels = ARRAY_SIZE(__wl_2ghz_channels);
6600                         wiphy->bands[NL80211_BAND_2GHZ] = band;
6601                 }
6602                 if (bandlist[i] == cpu_to_le32(WLC_BAND_5G)) {
6603                         band = kmemdup(&__wl_band_5ghz, sizeof(__wl_band_5ghz),
6604                                        GFP_KERNEL);
6605                         if (!band)
6606                                 return -ENOMEM;
6607
6608                         band->channels = kmemdup(&__wl_5ghz_channels,
6609                                                  sizeof(__wl_5ghz_channels),
6610                                                  GFP_KERNEL);
6611                         if (!band->channels) {
6612                                 kfree(band);
6613                                 return -ENOMEM;
6614                         }
6615
6616                         band->n_channels = ARRAY_SIZE(__wl_5ghz_channels);
6617                         wiphy->bands[NL80211_BAND_5GHZ] = band;
6618                 }
6619         }
6620
6621         wiphy_read_of_freq_limits(wiphy);
6622
6623         return 0;
6624 }
6625
6626 static s32 brcmf_config_dongle(struct brcmf_cfg80211_info *cfg)
6627 {
6628         struct net_device *ndev;
6629         struct wireless_dev *wdev;
6630         struct brcmf_if *ifp;
6631         s32 power_mode;
6632         s32 err = 0;
6633
6634         if (cfg->dongle_up)
6635                 return err;
6636
6637         ndev = cfg_to_ndev(cfg);
6638         wdev = ndev->ieee80211_ptr;
6639         ifp = netdev_priv(ndev);
6640
6641         /* make sure RF is ready for work */
6642         brcmf_fil_cmd_int_set(ifp, BRCMF_C_UP, 0);
6643
6644         brcmf_dongle_scantime(ifp);
6645
6646         power_mode = cfg->pwr_save ? PM_FAST : PM_OFF;
6647         err = brcmf_fil_cmd_int_set(ifp, BRCMF_C_SET_PM, power_mode);
6648         if (err)
6649                 goto default_conf_out;
6650         brcmf_dbg(INFO, "power save set to %s\n",
6651                   (power_mode ? "enabled" : "disabled"));
6652
6653         err = brcmf_dongle_roam(ifp);
6654         if (err)
6655                 goto default_conf_out;
6656         err = brcmf_cfg80211_change_iface(wdev->wiphy, ndev, wdev->iftype,
6657                                           NULL);
6658         if (err)
6659                 goto default_conf_out;
6660
6661         brcmf_configure_arp_nd_offload(ifp, true);
6662
6663         cfg->dongle_up = true;
6664 default_conf_out:
6665
6666         return err;
6667
6668 }
6669
6670 static s32 __brcmf_cfg80211_up(struct brcmf_if *ifp)
6671 {
6672         set_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
6673
6674         return brcmf_config_dongle(ifp->drvr->config);
6675 }
6676
6677 static s32 __brcmf_cfg80211_down(struct brcmf_if *ifp)
6678 {
6679         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6680
6681         /*
6682          * While going down, if associated with AP disassociate
6683          * from AP to save power
6684          */
6685         if (check_vif_up(ifp->vif)) {
6686                 brcmf_link_down(ifp->vif, WLAN_REASON_UNSPECIFIED);
6687
6688                 /* Make sure WPA_Supplicant receives all the event
6689                    generated due to DISASSOC call to the fw to keep
6690                    the state fw and WPA_Supplicant state consistent
6691                  */
6692                 brcmf_delay(500);
6693         }
6694
6695         brcmf_abort_scanning(cfg);
6696         clear_bit(BRCMF_VIF_STATUS_READY, &ifp->vif->sme_state);
6697
6698         return 0;
6699 }
6700
6701 s32 brcmf_cfg80211_up(struct net_device *ndev)
6702 {
6703         struct brcmf_if *ifp = netdev_priv(ndev);
6704         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6705         s32 err = 0;
6706
6707         mutex_lock(&cfg->usr_sync);
6708         err = __brcmf_cfg80211_up(ifp);
6709         mutex_unlock(&cfg->usr_sync);
6710
6711         return err;
6712 }
6713
6714 s32 brcmf_cfg80211_down(struct net_device *ndev)
6715 {
6716         struct brcmf_if *ifp = netdev_priv(ndev);
6717         struct brcmf_cfg80211_info *cfg = ifp->drvr->config;
6718         s32 err = 0;
6719
6720         mutex_lock(&cfg->usr_sync);
6721         err = __brcmf_cfg80211_down(ifp);
6722         mutex_unlock(&cfg->usr_sync);
6723
6724         return err;
6725 }
6726
6727 enum nl80211_iftype brcmf_cfg80211_get_iftype(struct brcmf_if *ifp)
6728 {
6729         struct wireless_dev *wdev = &ifp->vif->wdev;
6730
6731         return wdev->iftype;
6732 }
6733
6734 bool brcmf_get_vif_state_any(struct brcmf_cfg80211_info *cfg,
6735                              unsigned long state)
6736 {
6737         struct brcmf_cfg80211_vif *vif;
6738
6739         list_for_each_entry(vif, &cfg->vif_list, list) {
6740                 if (test_bit(state, &vif->sme_state))
6741                         return true;
6742         }
6743         return false;
6744 }
6745
6746 static inline bool vif_event_equals(struct brcmf_cfg80211_vif_event *event,
6747                                     u8 action)
6748 {
6749         u8 evt_action;
6750
6751         spin_lock(&event->vif_event_lock);
6752         evt_action = event->action;
6753         spin_unlock(&event->vif_event_lock);
6754         return evt_action == action;
6755 }
6756
6757 void brcmf_cfg80211_arm_vif_event(struct brcmf_cfg80211_info *cfg,
6758                                   struct brcmf_cfg80211_vif *vif)
6759 {
6760         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6761
6762         spin_lock(&event->vif_event_lock);
6763         event->vif = vif;
6764         event->action = 0;
6765         spin_unlock(&event->vif_event_lock);
6766 }
6767
6768 bool brcmf_cfg80211_vif_event_armed(struct brcmf_cfg80211_info *cfg)
6769 {
6770         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6771         bool armed;
6772
6773         spin_lock(&event->vif_event_lock);
6774         armed = event->vif != NULL;
6775         spin_unlock(&event->vif_event_lock);
6776
6777         return armed;
6778 }
6779
6780 int brcmf_cfg80211_wait_vif_event(struct brcmf_cfg80211_info *cfg,
6781                                   u8 action, ulong timeout)
6782 {
6783         struct brcmf_cfg80211_vif_event *event = &cfg->vif_event;
6784
6785         return wait_event_timeout(event->vif_wq,
6786                                   vif_event_equals(event, action), timeout);
6787 }
6788
6789 static s32 brcmf_translate_country_code(struct brcmf_pub *drvr, char alpha2[2],
6790                                         struct brcmf_fil_country_le *ccreq)
6791 {
6792         struct brcmfmac_pd_cc *country_codes;
6793         struct brcmfmac_pd_cc_entry *cc;
6794         s32 found_index;
6795         int i;
6796
6797         country_codes = drvr->settings->country_codes;
6798         if (!country_codes) {
6799                 brcmf_dbg(TRACE, "No country codes configured for device\n");
6800                 return -EINVAL;
6801         }
6802
6803         if ((alpha2[0] == ccreq->country_abbrev[0]) &&
6804             (alpha2[1] == ccreq->country_abbrev[1])) {
6805                 brcmf_dbg(TRACE, "Country code already set\n");
6806                 return -EAGAIN;
6807         }
6808
6809         found_index = -1;
6810         for (i = 0; i < country_codes->table_size; i++) {
6811                 cc = &country_codes->table[i];
6812                 if ((cc->iso3166[0] == '\0') && (found_index == -1))
6813                         found_index = i;
6814                 if ((cc->iso3166[0] == alpha2[0]) &&
6815                     (cc->iso3166[1] == alpha2[1])) {
6816                         found_index = i;
6817                         break;
6818                 }
6819         }
6820         if (found_index == -1) {
6821                 brcmf_dbg(TRACE, "No country code match found\n");
6822                 return -EINVAL;
6823         }
6824         memset(ccreq, 0, sizeof(*ccreq));
6825         ccreq->rev = cpu_to_le32(country_codes->table[found_index].rev);
6826         memcpy(ccreq->ccode, country_codes->table[found_index].cc,
6827                BRCMF_COUNTRY_BUF_SZ);
6828         ccreq->country_abbrev[0] = alpha2[0];
6829         ccreq->country_abbrev[1] = alpha2[1];
6830         ccreq->country_abbrev[2] = 0;
6831
6832         return 0;
6833 }
6834
6835 static void brcmf_cfg80211_reg_notifier(struct wiphy *wiphy,
6836                                         struct regulatory_request *req)
6837 {
6838         struct brcmf_cfg80211_info *cfg = wiphy_to_cfg(wiphy);
6839         struct brcmf_if *ifp = brcmf_get_ifp(cfg->pub, 0);
6840         struct brcmf_fil_country_le ccreq;
6841         s32 err;
6842         int i;
6843
6844         /* The country code gets set to "00" by default at boot, ignore */
6845         if (req->alpha2[0] == '0' && req->alpha2[1] == '0')
6846                 return;
6847
6848         /* ignore non-ISO3166 country codes */
6849         for (i = 0; i < 2; i++)
6850                 if (req->alpha2[i] < 'A' || req->alpha2[i] > 'Z') {
6851                         brcmf_err("not an ISO3166 code (0x%02x 0x%02x)\n",
6852                                   req->alpha2[0], req->alpha2[1]);
6853                         return;
6854                 }
6855
6856         brcmf_dbg(TRACE, "Enter: initiator=%d, alpha=%c%c\n", req->initiator,
6857                   req->alpha2[0], req->alpha2[1]);
6858
6859         err = brcmf_fil_iovar_data_get(ifp, "country", &ccreq, sizeof(ccreq));
6860         if (err) {
6861                 brcmf_err("Country code iovar returned err = %d\n", err);
6862                 return;
6863         }
6864
6865         err = brcmf_translate_country_code(ifp->drvr, req->alpha2, &ccreq);
6866         if (err)
6867                 return;
6868
6869         err = brcmf_fil_iovar_data_set(ifp, "country", &ccreq, sizeof(ccreq));
6870         if (err) {
6871                 brcmf_err("Firmware rejected country setting\n");
6872                 return;
6873         }
6874         brcmf_setup_wiphybands(cfg);
6875 }
6876
6877 static void brcmf_free_wiphy(struct wiphy *wiphy)
6878 {
6879         int i;
6880
6881         if (!wiphy)
6882                 return;
6883
6884         if (wiphy->iface_combinations) {
6885                 for (i = 0; i < wiphy->n_iface_combinations; i++)
6886                         kfree(wiphy->iface_combinations[i].limits);
6887         }
6888         kfree(wiphy->iface_combinations);
6889         if (wiphy->bands[NL80211_BAND_2GHZ]) {
6890                 kfree(wiphy->bands[NL80211_BAND_2GHZ]->channels);
6891                 kfree(wiphy->bands[NL80211_BAND_2GHZ]);
6892         }
6893         if (wiphy->bands[NL80211_BAND_5GHZ]) {
6894                 kfree(wiphy->bands[NL80211_BAND_5GHZ]->channels);
6895                 kfree(wiphy->bands[NL80211_BAND_5GHZ]);
6896         }
6897 #if IS_ENABLED(CONFIG_PM)
6898         if (wiphy->wowlan != &brcmf_wowlan_support)
6899                 kfree(wiphy->wowlan);
6900 #endif
6901 }
6902
6903 struct brcmf_cfg80211_info *brcmf_cfg80211_attach(struct brcmf_pub *drvr,
6904                                                   struct cfg80211_ops *ops,
6905                                                   bool p2pdev_forced)
6906 {
6907         struct wiphy *wiphy = drvr->wiphy;
6908         struct net_device *ndev = brcmf_get_ifp(drvr, 0)->ndev;
6909         struct brcmf_cfg80211_info *cfg;
6910         struct brcmf_cfg80211_vif *vif;
6911         struct brcmf_if *ifp;
6912         s32 err = 0;
6913         s32 io_type;
6914         u16 *cap = NULL;
6915
6916         if (!ndev) {
6917                 brcmf_err("ndev is invalid\n");
6918                 return NULL;
6919         }
6920
6921         cfg = kzalloc(sizeof(*cfg), GFP_KERNEL);
6922         if (!cfg) {
6923                 brcmf_err("Could not allocate wiphy device\n");
6924                 return NULL;
6925         }
6926
6927         cfg->wiphy = wiphy;
6928         cfg->pub = drvr;
6929         init_vif_event(&cfg->vif_event);
6930         INIT_LIST_HEAD(&cfg->vif_list);
6931
6932         vif = brcmf_alloc_vif(cfg, NL80211_IFTYPE_STATION);
6933         if (IS_ERR(vif))
6934                 goto wiphy_out;
6935
6936         ifp = netdev_priv(ndev);
6937         vif->ifp = ifp;
6938         vif->wdev.netdev = ndev;
6939         ndev->ieee80211_ptr = &vif->wdev;
6940         SET_NETDEV_DEV(ndev, wiphy_dev(cfg->wiphy));
6941
6942         err = wl_init_priv(cfg);
6943         if (err) {
6944                 brcmf_err("Failed to init iwm_priv (%d)\n", err);
6945                 brcmf_free_vif(vif);
6946                 goto wiphy_out;
6947         }
6948         ifp->vif = vif;
6949
6950         /* determine d11 io type before wiphy setup */
6951         err = brcmf_fil_cmd_int_get(ifp, BRCMF_C_GET_VERSION, &io_type);
6952         if (err) {
6953                 brcmf_err("Failed to get D11 version (%d)\n", err);
6954                 goto priv_out;
6955         }
6956         cfg->d11inf.io_type = (u8)io_type;
6957         brcmu_d11_attach(&cfg->d11inf);
6958
6959         /* regulatory notifer below needs access to cfg so
6960          * assign it now.
6961          */
6962         drvr->config = cfg;
6963
6964         err = brcmf_setup_wiphy(wiphy, ifp);
6965         if (err < 0)
6966                 goto priv_out;
6967
6968         brcmf_dbg(INFO, "Registering custom regulatory\n");
6969         wiphy->reg_notifier = brcmf_cfg80211_reg_notifier;
6970         wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;
6971         wiphy_apply_custom_regulatory(wiphy, &brcmf_regdom);
6972
6973         /* firmware defaults to 40MHz disabled in 2G band. We signal
6974          * cfg80211 here that we do and have it decide we can enable
6975          * it. But first check if device does support 2G operation.
6976          */
6977         if (wiphy->bands[NL80211_BAND_2GHZ]) {
6978                 cap = &wiphy->bands[NL80211_BAND_2GHZ]->ht_cap.cap;
6979                 *cap |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
6980         }
6981 #ifdef CONFIG_PM
6982         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_WOWL_GTK))
6983                 ops->set_rekey_data = brcmf_cfg80211_set_rekey_data;
6984 #endif
6985         err = wiphy_register(wiphy);
6986         if (err < 0) {
6987                 brcmf_err("Could not register wiphy device (%d)\n", err);
6988                 goto priv_out;
6989         }
6990
6991         err = brcmf_setup_wiphybands(cfg);
6992         if (err) {
6993                 brcmf_err("Setting wiphy bands failed (%d)\n", err);
6994                 goto wiphy_unreg_out;
6995         }
6996
6997         /* If cfg80211 didn't disable 40MHz HT CAP in wiphy_register(),
6998          * setup 40MHz in 2GHz band and enable OBSS scanning.
6999          */
7000         if (cap && (*cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40)) {
7001                 err = brcmf_enable_bw40_2g(cfg);
7002                 if (!err)
7003                         err = brcmf_fil_iovar_int_set(ifp, "obss_coex",
7004                                                       BRCMF_OBSS_COEX_AUTO);
7005                 else
7006                         *cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
7007         }
7008
7009         err = brcmf_fweh_activate_events(ifp);
7010         if (err) {
7011                 brcmf_err("FWEH activation failed (%d)\n", err);
7012                 goto wiphy_unreg_out;
7013         }
7014
7015         err = brcmf_p2p_attach(cfg, p2pdev_forced);
7016         if (err) {
7017                 brcmf_err("P2P initialisation failed (%d)\n", err);
7018                 goto wiphy_unreg_out;
7019         }
7020         err = brcmf_btcoex_attach(cfg);
7021         if (err) {
7022                 brcmf_err("BT-coex initialisation failed (%d)\n", err);
7023                 brcmf_p2p_detach(&cfg->p2p);
7024                 goto wiphy_unreg_out;
7025         }
7026         err = brcmf_pno_attach(cfg);
7027         if (err) {
7028                 brcmf_err("PNO initialisation failed (%d)\n", err);
7029                 brcmf_btcoex_detach(cfg);
7030                 brcmf_p2p_detach(&cfg->p2p);
7031                 goto wiphy_unreg_out;
7032         }
7033
7034         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_TDLS)) {
7035                 err = brcmf_fil_iovar_int_set(ifp, "tdls_enable", 1);
7036                 if (err) {
7037                         brcmf_dbg(INFO, "TDLS not enabled (%d)\n", err);
7038                         wiphy->flags &= ~WIPHY_FLAG_SUPPORTS_TDLS;
7039                 } else {
7040                         brcmf_fweh_register(cfg->pub, BRCMF_E_TDLS_PEER_EVENT,
7041                                             brcmf_notify_tdls_peer_event);
7042                 }
7043         }
7044
7045         /* (re-) activate FWEH event handling */
7046         err = brcmf_fweh_activate_events(ifp);
7047         if (err) {
7048                 brcmf_err("FWEH activation failed (%d)\n", err);
7049                 goto detach;
7050         }
7051
7052         /* Fill in some of the advertised nl80211 supported features */
7053         if (brcmf_feat_is_enabled(ifp, BRCMF_FEAT_SCAN_RANDOM_MAC)) {
7054                 wiphy->features |= NL80211_FEATURE_SCHED_SCAN_RANDOM_MAC_ADDR;
7055 #ifdef CONFIG_PM
7056                 if (wiphy->wowlan &&
7057                     wiphy->wowlan->flags & WIPHY_WOWLAN_NET_DETECT)
7058                         wiphy->features |= NL80211_FEATURE_ND_RANDOM_MAC_ADDR;
7059 #endif
7060         }
7061
7062         return cfg;
7063
7064 detach:
7065         brcmf_pno_detach(cfg);
7066         brcmf_btcoex_detach(cfg);
7067         brcmf_p2p_detach(&cfg->p2p);
7068 wiphy_unreg_out:
7069         wiphy_unregister(cfg->wiphy);
7070 priv_out:
7071         wl_deinit_priv(cfg);
7072         brcmf_free_vif(vif);
7073         ifp->vif = NULL;
7074 wiphy_out:
7075         brcmf_free_wiphy(wiphy);
7076         kfree(cfg);
7077         return NULL;
7078 }
7079
7080 void brcmf_cfg80211_detach(struct brcmf_cfg80211_info *cfg)
7081 {
7082         if (!cfg)
7083                 return;
7084
7085         brcmf_pno_detach(cfg);
7086         brcmf_btcoex_detach(cfg);
7087         wiphy_unregister(cfg->wiphy);
7088         kfree(cfg->ops);
7089         wl_deinit_priv(cfg);
7090         brcmf_free_wiphy(cfg->wiphy);
7091         kfree(cfg);
7092 }