net/mac80211/iface.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Interface handling
0004  *
0005  * Copyright 2002-2005, Instant802 Networks, Inc.
0006  * Copyright 2005-2006, Devicescape Software, Inc.
0007  * Copyright (c) 2006 Jiri Benc <jbenc@suse.cz>
0008  * Copyright 2008, Johannes Berg <johannes@sipsolutions.net>
0009  * Copyright 2013-2014  Intel Mobile Communications GmbH
0010  * Copyright (c) 2016        Intel Deutschland GmbH
0011  * Copyright (C) 2018-2022 Intel Corporation
0012  */
0013 #include <linux/slab.h>
0014 #include <linux/kernel.h>
0015 #include <linux/if_arp.h>
0016 #include <linux/netdevice.h>
0017 #include <linux/rtnetlink.h>
0018 #include <linux/kcov.h>
0019 #include <net/mac80211.h>
0020 #include <net/ieee80211_radiotap.h>
0021 #include "ieee80211_i.h"
0022 #include "sta_info.h"
0023 #include "debugfs_netdev.h"
0024 #include "mesh.h"
0025 #include "led.h"
0026 #include "driver-ops.h"
0027 #include "wme.h"
0028 #include "rate.h"
0029
0030 /**
0031  * DOC: Interface list locking
0032  *
0033  * The interface list in each struct ieee80211_local is protected
0034  * three-fold:
0035  *
0036  * (1) modifications may only be done under the RTNL
0037  * (2) modifications and readers are protected against each other by
0038  *     the iflist_mtx.
0039  * (3) modifications are done in an RCU manner so atomic readers
0040  *     can traverse the list in RCU-safe blocks.
0041  *
0042  * As a consequence, reads (traversals) of the list can be protected
0043  * by either the RTNL, the iflist_mtx or RCU.
0044  */
0045
0046 static void ieee80211_iface_work(struct work_struct *work);
0047
0048 bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata)
0049 {
0050     struct ieee80211_chanctx_conf *chanctx_conf;
0051     int power;
0052
0053     rcu_read_lock();
0054     chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
0055     if (!chanctx_conf) {
0056         rcu_read_unlock();
0057         return false;
0058     }
0059
0060     power = ieee80211_chandef_max_power(&chanctx_conf->def);
0061     rcu_read_unlock();
0062
0063     if (sdata->deflink.user_power_level != IEEE80211_UNSET_POWER_LEVEL)
0064         power = min(power, sdata->deflink.user_power_level);
0065
0066     if (sdata->deflink.ap_power_level != IEEE80211_UNSET_POWER_LEVEL)
0067         power = min(power, sdata->deflink.ap_power_level);
0068
0069     if (power != sdata->vif.bss_conf.txpower) {
0070         sdata->vif.bss_conf.txpower = power;
0071         ieee80211_hw_config(sdata->local, 0);
0072         return true;
0073     }
0074
0075     return false;
0076 }
0077
0078 void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata,
0079                   bool update_bss)
0080 {
0081     if (__ieee80211_recalc_txpower(sdata) ||
0082         (update_bss && ieee80211_sdata_running(sdata)))
0083         ieee80211_link_info_change_notify(sdata, &sdata->deflink,
0084                           BSS_CHANGED_TXPOWER);
0085 }
0086
0087 static u32 __ieee80211_idle_off(struct ieee80211_local *local)
0088 {
0089     if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
0090         return 0;
0091
0092     local->hw.conf.flags &= ~IEEE80211_CONF_IDLE;
0093     return IEEE80211_CONF_CHANGE_IDLE;
0094 }
0095
0096 static u32 __ieee80211_idle_on(struct ieee80211_local *local)
0097 {
0098     if (local->hw.conf.flags & IEEE80211_CONF_IDLE)
0099         return 0;
0100
0101     ieee80211_flush_queues(local, NULL, false);
0102
0103     local->hw.conf.flags |= IEEE80211_CONF_IDLE;
0104     return IEEE80211_CONF_CHANGE_IDLE;
0105 }
0106
0107 static u32 __ieee80211_recalc_idle(struct ieee80211_local *local,
0108                    bool force_active)
0109 {
0110     bool working, scanning, active;
0111     unsigned int led_trig_start = 0, led_trig_stop = 0;
0112
0113     lockdep_assert_held(&local->mtx);
0114
0115     active = force_active ||
0116          !list_empty(&local->chanctx_list) ||
0117          local->monitors;
0118
0119     working = !local->ops->remain_on_channel &&
0120           !list_empty(&local->roc_list);
0121
0122     scanning = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
0123            test_bit(SCAN_ONCHANNEL_SCANNING, &local->scanning);
0124
0125     if (working || scanning)
0126         led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_WORK;
0127     else
0128         led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_WORK;
0129
0130     if (active)
0131         led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
0132     else
0133         led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
0134
0135     ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
0136
0137     if (working || scanning || active)
0138         return __ieee80211_idle_off(local);
0139     return __ieee80211_idle_on(local);
0140 }
0141
0142 u32 ieee80211_idle_off(struct ieee80211_local *local)
0143 {
0144     return __ieee80211_recalc_idle(local, true);
0145 }
0146
0147 void ieee80211_recalc_idle(struct ieee80211_local *local)
0148 {
0149     u32 change = __ieee80211_recalc_idle(local, false);
0150     if (change)
0151         ieee80211_hw_config(local, change);
0152 }
0153
0154 static int ieee80211_verify_mac(struct ieee80211_sub_if_data *sdata, u8 *addr,
0155                 bool check_dup)
0156 {
0157     struct ieee80211_local *local = sdata->local;
0158     struct ieee80211_sub_if_data *iter;
0159     u64 new, mask, tmp;
0160     u8 *m;
0161     int ret = 0;
0162
0163     if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
0164         return 0;
0165
0166     m = addr;
0167     new =   ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
0168         ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
0169         ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
0170
0171     m = local->hw.wiphy->addr_mask;
0172     mask =  ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
0173         ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
0174         ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
0175
0176     if (!check_dup)
0177         return ret;
0178
0179     mutex_lock(&local->iflist_mtx);
0180     list_for_each_entry(iter, &local->interfaces, list) {
0181         if (iter == sdata)
0182             continue;
0183
0184         if (iter->vif.type == NL80211_IFTYPE_MONITOR &&
0185             !(iter->u.mntr.flags & MONITOR_FLAG_ACTIVE))
0186             continue;
0187
0188         m = iter->vif.addr;
0189         tmp =   ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
0190             ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
0191             ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
0192
0193         if ((new & ~mask) != (tmp & ~mask)) {
0194             ret = -EINVAL;
0195             break;
0196         }
0197     }
0198     mutex_unlock(&local->iflist_mtx);
0199
0200     return ret;
0201 }
0202
0203 static int ieee80211_change_mac(struct net_device *dev, void *addr)
0204 {
0205     struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
0206     struct sockaddr *sa = addr;
0207     bool check_dup = true;
0208     int ret;
0209
0210     if (ieee80211_sdata_running(sdata))
0211         return -EBUSY;
0212
0213     if (sdata->vif.type == NL80211_IFTYPE_MONITOR &&
0214         !(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))
0215         check_dup = false;
0216
0217     ret = ieee80211_verify_mac(sdata, sa->sa_data, check_dup);
0218     if (ret)
0219         return ret;
0220
0221     ret = eth_mac_addr(dev, sa);
0222
0223     if (ret == 0) {
0224         memcpy(sdata->vif.addr, sa->sa_data, ETH_ALEN);
0225         ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
0226     }
0227
0228     return ret;
0229 }
0230
0231 static inline int identical_mac_addr_allowed(int type1, int type2)
0232 {
0233     return type1 == NL80211_IFTYPE_MONITOR ||
0234         type2 == NL80211_IFTYPE_MONITOR ||
0235         type1 == NL80211_IFTYPE_P2P_DEVICE ||
0236         type2 == NL80211_IFTYPE_P2P_DEVICE ||
0237         (type1 == NL80211_IFTYPE_AP && type2 == NL80211_IFTYPE_AP_VLAN) ||
0238         (type1 == NL80211_IFTYPE_AP_VLAN &&
0239             (type2 == NL80211_IFTYPE_AP ||
0240              type2 == NL80211_IFTYPE_AP_VLAN));
0241 }
0242
0243 static int ieee80211_check_concurrent_iface(struct ieee80211_sub_if_data *sdata,
0244                         enum nl80211_iftype iftype)
0245 {
0246     struct ieee80211_local *local = sdata->local;
0247     struct ieee80211_sub_if_data *nsdata;
0248     int ret;
0249
0250     ASSERT_RTNL();
0251
0252     /* we hold the RTNL here so can safely walk the list */
0253     list_for_each_entry(nsdata, &local->interfaces, list) {
0254         if (nsdata != sdata && ieee80211_sdata_running(nsdata)) {
0255             /*
0256              * Only OCB and monitor mode may coexist
0257              */
0258             if ((sdata->vif.type == NL80211_IFTYPE_OCB &&
0259                  nsdata->vif.type != NL80211_IFTYPE_MONITOR) ||
0260                 (sdata->vif.type != NL80211_IFTYPE_MONITOR &&
0261                  nsdata->vif.type == NL80211_IFTYPE_OCB))
0262                 return -EBUSY;
0263
0264             /*
0265              * Allow only a single IBSS interface to be up at any
0266              * time. This is restricted because beacon distribution
0267              * cannot work properly if both are in the same IBSS.
0268              *
0269              * To remove this restriction we'd have to disallow them
0270              * from setting the same SSID on different IBSS interfaces
0271              * belonging to the same hardware. Then, however, we're
0272              * faced with having to adopt two different TSF timers...
0273              */
0274             if (iftype == NL80211_IFTYPE_ADHOC &&
0275                 nsdata->vif.type == NL80211_IFTYPE_ADHOC)
0276                 return -EBUSY;
0277             /*
0278              * will not add another interface while any channel
0279              * switch is active.
0280              */
0281             if (nsdata->vif.bss_conf.csa_active)
0282                 return -EBUSY;
0283
0284             /*
0285              * The remaining checks are only performed for interfaces
0286              * with the same MAC address.
0287              */
0288             if (!ether_addr_equal(sdata->vif.addr,
0289                           nsdata->vif.addr))
0290                 continue;
0291
0292             /*
0293              * check whether it may have the same address
0294              */
0295             if (!identical_mac_addr_allowed(iftype,
0296                             nsdata->vif.type))
0297                 return -ENOTUNIQ;
0298
0299             /*
0300              * can only add VLANs to enabled APs
0301              */
0302             if (iftype == NL80211_IFTYPE_AP_VLAN &&
0303                 nsdata->vif.type == NL80211_IFTYPE_AP)
0304                 sdata->bss = &nsdata->u.ap;
0305         }
0306     }
0307
0308     mutex_lock(&local->chanctx_mtx);
0309     ret = ieee80211_check_combinations(sdata, NULL, 0, 0);
0310     mutex_unlock(&local->chanctx_mtx);
0311     return ret;
0312 }
0313
0314 static int ieee80211_check_queues(struct ieee80211_sub_if_data *sdata,
0315                   enum nl80211_iftype iftype)
0316 {
0317     int n_queues = sdata->local->hw.queues;
0318     int i;
0319
0320     if (iftype == NL80211_IFTYPE_NAN)
0321         return 0;
0322
0323     if (iftype != NL80211_IFTYPE_P2P_DEVICE) {
0324         for (i = 0; i < IEEE80211_NUM_ACS; i++) {
0325             if (WARN_ON_ONCE(sdata->vif.hw_queue[i] ==
0326                      IEEE80211_INVAL_HW_QUEUE))
0327                 return -EINVAL;
0328             if (WARN_ON_ONCE(sdata->vif.hw_queue[i] >=
0329                      n_queues))
0330                 return -EINVAL;
0331         }
0332     }
0333
0334     if ((iftype != NL80211_IFTYPE_AP &&
0335          iftype != NL80211_IFTYPE_P2P_GO &&
0336          iftype != NL80211_IFTYPE_MESH_POINT) ||
0337         !ieee80211_hw_check(&sdata->local->hw, QUEUE_CONTROL)) {
0338         sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
0339         return 0;
0340     }
0341
0342     if (WARN_ON_ONCE(sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE))
0343         return -EINVAL;
0344
0345     if (WARN_ON_ONCE(sdata->vif.cab_queue >= n_queues))
0346         return -EINVAL;
0347
0348     return 0;
0349 }
0350
0351 static int ieee80211_open(struct net_device *dev)
0352 {
0353     struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
0354     int err;
0355
0356     /* fail early if user set an invalid address */
0357     if (!is_valid_ether_addr(dev->dev_addr))
0358         return -EADDRNOTAVAIL;
0359
0360     err = ieee80211_check_concurrent_iface(sdata, sdata->vif.type);
0361     if (err)
0362         return err;
0363
0364     wiphy_lock(sdata->local->hw.wiphy);
0365     err = ieee80211_do_open(&sdata->wdev, true);
0366     wiphy_unlock(sdata->local->hw.wiphy);
0367
0368     return err;
0369 }
0370
0371 static void ieee80211_link_setup(struct ieee80211_link_data *link)
0372 {
0373     if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
0374         ieee80211_mgd_setup_link(link);
0375 }
0376
0377 static void ieee80211_link_init(struct ieee80211_sub_if_data *sdata,
0378                 int link_id,
0379                 struct ieee80211_link_data *link,
0380                 struct ieee80211_bss_conf *link_conf)
0381 {
0382     bool deflink = link_id < 0;
0383
0384     if (link_id < 0)
0385         link_id = 0;
0386
0387     rcu_assign_pointer(sdata->vif.link_conf[link_id], link_conf);
0388     rcu_assign_pointer(sdata->link[link_id], link);
0389
0390     link->sdata = sdata;
0391     link->link_id = link_id;
0392     link->conf = link_conf;
0393     link_conf->link_id = link_id;
0394
0395     INIT_WORK(&link->csa_finalize_work,
0396           ieee80211_csa_finalize_work);
0397     INIT_WORK(&link->color_change_finalize_work,
0398           ieee80211_color_change_finalize_work);
0399     INIT_LIST_HEAD(&link->assigned_chanctx_list);
0400     INIT_LIST_HEAD(&link->reserved_chanctx_list);
0401     INIT_DELAYED_WORK(&link->dfs_cac_timer_work,
0402               ieee80211_dfs_cac_timer_work);
0403
0404     if (!deflink) {
0405         switch (sdata->vif.type) {
0406         case NL80211_IFTYPE_AP:
0407             ether_addr_copy(link_conf->addr,
0408                     sdata->wdev.links[link_id].addr);
0409             WARN_ON(!(sdata->wdev.valid_links & BIT(link_id)));
0410             break;
0411         case NL80211_IFTYPE_STATION:
0412             break;
0413         default:
0414             WARN_ON(1);
0415         }
0416     }
0417 }
0418
0419 static void ieee80211_link_stop(struct ieee80211_link_data *link)
0420 {
0421     if (link->sdata->vif.type == NL80211_IFTYPE_STATION)
0422         ieee80211_mgd_stop_link(link);
0423
0424     ieee80211_link_release_channel(link);
0425 }
0426
0427 struct link_container {
0428     struct ieee80211_link_data data;
0429     struct ieee80211_bss_conf conf;
0430 };
0431
0432 static void ieee80211_free_links(struct ieee80211_sub_if_data *sdata,
0433                  struct link_container **links)
0434 {
0435     unsigned int link_id;
0436
0437     synchronize_rcu();
0438
0439     for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
0440         if (!links[link_id])
0441             continue;
0442         ieee80211_link_stop(&links[link_id]->data);
0443         kfree(links[link_id]);
0444     }
0445 }
0446
0447 static int ieee80211_check_dup_link_addrs(struct ieee80211_sub_if_data *sdata)
0448 {
0449     unsigned int i, j;
0450
0451     for (i = 0; i < IEEE80211_MLD_MAX_NUM_LINKS; i++) {
0452         struct ieee80211_link_data *link1;
0453
0454         link1 = sdata_dereference(sdata->link[i], sdata);
0455         if (!link1)
0456             continue;
0457         for (j = i + 1; j < IEEE80211_MLD_MAX_NUM_LINKS; j++) {
0458             struct ieee80211_link_data *link2;
0459
0460             link2 = sdata_dereference(sdata->link[j], sdata);
0461             if (!link2)
0462                 continue;
0463
0464             if (ether_addr_equal(link1->conf->addr,
0465                          link2->conf->addr))
0466                 return -EALREADY;
0467         }
0468     }
0469
0470     return 0;
0471 }
0472
0473 static int ieee80211_vif_update_links(struct ieee80211_sub_if_data *sdata,
0474                       struct link_container **to_free,
0475                       u16 new_links)
0476 {
0477     u16 old_links = sdata->vif.valid_links;
0478     unsigned long add = new_links & ~old_links;
0479     unsigned long rem = old_links & ~new_links;
0480     unsigned int link_id;
0481     int ret;
0482     struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS] = {}, *link;
0483     struct ieee80211_bss_conf *old[IEEE80211_MLD_MAX_NUM_LINKS];
0484     struct ieee80211_link_data *old_data[IEEE80211_MLD_MAX_NUM_LINKS];
0485     bool use_deflink = old_links == 0; /* set for error case */
0486
0487     sdata_assert_lock(sdata);
0488
0489     memset(to_free, 0, sizeof(links));
0490
0491     if (old_links == new_links)
0492         return 0;
0493
0494     /* if there were no old links, need to clear the pointers to deflink */
0495     if (!old_links)
0496         rem |= BIT(0);
0497
0498     /* allocate new link structures first */
0499     for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
0500         link = kzalloc(sizeof(*link), GFP_KERNEL);
0501         if (!link) {
0502             ret = -ENOMEM;
0503             goto free;
0504         }
0505         links[link_id] = link;
0506     }
0507
0508     /* keep track of the old pointers for the driver */
0509     BUILD_BUG_ON(sizeof(old) != sizeof(sdata->vif.link_conf));
0510     memcpy(old, sdata->vif.link_conf, sizeof(old));
0511     /* and for us in error cases */
0512     BUILD_BUG_ON(sizeof(old_data) != sizeof(sdata->link));
0513     memcpy(old_data, sdata->link, sizeof(old_data));
0514
0515     /* grab old links to free later */
0516     for_each_set_bit(link_id, &rem, IEEE80211_MLD_MAX_NUM_LINKS) {
0517         if (rcu_access_pointer(sdata->link[link_id]) != &sdata->deflink) {
0518             /*
0519              * we must have allocated the data through this path so
0520              * we know we can free both at the same time
0521              */
0522             to_free[link_id] = container_of(rcu_access_pointer(sdata->link[link_id]),
0523                             typeof(*links[link_id]),
0524                             data);
0525         }
0526
0527         RCU_INIT_POINTER(sdata->link[link_id], NULL);
0528         RCU_INIT_POINTER(sdata->vif.link_conf[link_id], NULL);
0529     }
0530
0531     /* link them into data structures */
0532     for_each_set_bit(link_id, &add, IEEE80211_MLD_MAX_NUM_LINKS) {
0533         WARN_ON(!use_deflink &&
0534             rcu_access_pointer(sdata->link[link_id]) == &sdata->deflink);
0535
0536         link = links[link_id];
0537         ieee80211_link_init(sdata, link_id, &link->data, &link->conf);
0538         ieee80211_link_setup(&link->data);
0539     }
0540
0541     if (new_links == 0)
0542         ieee80211_link_init(sdata, -1, &sdata->deflink,
0543                     &sdata->vif.bss_conf);
0544
0545     sdata->vif.valid_links = new_links;
0546
0547     ret = ieee80211_check_dup_link_addrs(sdata);
0548     if (!ret) {
0549         /* tell the driver */
0550         ret = drv_change_vif_links(sdata->local, sdata,
0551                        old_links, new_links,
0552                        old);
0553     }
0554
0555     if (ret) {
0556         /* restore config */
0557         memcpy(sdata->link, old_data, sizeof(old_data));
0558         memcpy(sdata->vif.link_conf, old, sizeof(old));
0559         sdata->vif.valid_links = old_links;
0560         /* and free (only) the newly allocated links */
0561         memset(to_free, 0, sizeof(links));
0562         goto free;
0563     }
0564
0565     /* use deflink/bss_conf again if and only if there are no more links */
0566     use_deflink = new_links == 0;
0567
0568     goto deinit;
0569 free:
0570     /* if we failed during allocation, only free all */
0571     for (link_id = 0; link_id < IEEE80211_MLD_MAX_NUM_LINKS; link_id++) {
0572         kfree(links[link_id]);
0573         links[link_id] = NULL;
0574     }
0575 deinit:
0576     if (use_deflink)
0577         ieee80211_link_init(sdata, -1, &sdata->deflink,
0578                     &sdata->vif.bss_conf);
0579     return ret;
0580 }
0581
0582 int ieee80211_vif_set_links(struct ieee80211_sub_if_data *sdata,
0583                 u16 new_links)
0584 {
0585     struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS];
0586     int ret;
0587
0588     ret = ieee80211_vif_update_links(sdata, links, new_links);
0589     ieee80211_free_links(sdata, links);
0590
0591     return ret;
0592 }
0593
0594 static void ieee80211_vif_clear_links(struct ieee80211_sub_if_data *sdata)
0595 {
0596     struct link_container *links[IEEE80211_MLD_MAX_NUM_LINKS];
0597
0598     /*
0599      * The locking here is different because when we free links
0600      * in the station case we need to be able to cancel_work_sync()
0601      * something that also takes the lock.
0602      */
0603
0604     sdata_lock(sdata);
0605     ieee80211_vif_update_links(sdata, links, 0);
0606     sdata_unlock(sdata);
0607
0608     ieee80211_free_links(sdata, links);
0609 }
0610
0611 static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, bool going_down)
0612 {
0613     struct ieee80211_local *local = sdata->local;
0614     unsigned long flags;
0615     struct sk_buff *skb, *tmp;
0616     u32 hw_reconf_flags = 0;
0617     int i, flushed;
0618     struct ps_data *ps;
0619     struct cfg80211_chan_def chandef;
0620     bool cancel_scan;
0621     struct cfg80211_nan_func *func;
0622
0623     clear_bit(SDATA_STATE_RUNNING, &sdata->state);
0624     synchronize_rcu(); /* flush _ieee80211_wake_txqs() */
0625
0626     cancel_scan = rcu_access_pointer(local->scan_sdata) == sdata;
0627     if (cancel_scan)
0628         ieee80211_scan_cancel(local);
0629
0630     /*
0631      * Stop TX on this interface first.
0632      */
0633     if (sdata->dev)
0634         netif_tx_stop_all_queues(sdata->dev);
0635
0636     ieee80211_roc_purge(local, sdata);
0637
0638     switch (sdata->vif.type) {
0639     case NL80211_IFTYPE_STATION:
0640         ieee80211_mgd_stop(sdata);
0641         break;
0642     case NL80211_IFTYPE_ADHOC:
0643         ieee80211_ibss_stop(sdata);
0644         break;
0645     case NL80211_IFTYPE_MONITOR:
0646         if (sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES)
0647             break;
0648         list_del_rcu(&sdata->u.mntr.list);
0649         break;
0650     default:
0651         break;
0652     }
0653
0654     /*
0655      * Remove all stations associated with this interface.
0656      *
0657      * This must be done before calling ops->remove_interface()
0658      * because otherwise we can later invoke ops->sta_notify()
0659      * whenever the STAs are removed, and that invalidates driver
0660      * assumptions about always getting a vif pointer that is valid
0661      * (because if we remove a STA after ops->remove_interface()
0662      * the driver will have removed the vif info already!)
0663      *
0664      * For AP_VLANs stations may exist since there's nothing else that
0665      * would have removed them, but in other modes there shouldn't
0666      * be any stations.
0667      */
0668     flushed = sta_info_flush(sdata);
0669     WARN_ON_ONCE(sdata->vif.type != NL80211_IFTYPE_AP_VLAN && flushed > 0);
0670
0671     /* don't count this interface for allmulti while it is down */
0672     if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
0673         atomic_dec(&local->iff_allmultis);
0674
0675     if (sdata->vif.type == NL80211_IFTYPE_AP) {
0676         local->fif_pspoll--;
0677         local->fif_probe_req--;
0678     } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
0679         local->fif_probe_req--;
0680     }
0681
0682     if (sdata->dev) {
0683         netif_addr_lock_bh(sdata->dev);
0684         spin_lock_bh(&local->filter_lock);
0685         __hw_addr_unsync(&local->mc_list, &sdata->dev->mc,
0686                  sdata->dev->addr_len);
0687         spin_unlock_bh(&local->filter_lock);
0688         netif_addr_unlock_bh(sdata->dev);
0689     }
0690
0691     del_timer_sync(&local->dynamic_ps_timer);
0692     cancel_work_sync(&local->dynamic_ps_enable_work);
0693
0694     cancel_work_sync(&sdata->recalc_smps);
0695
0696     sdata_lock(sdata);
0697     WARN(sdata->vif.valid_links,
0698          "destroying interface with valid links 0x%04x\n",
0699          sdata->vif.valid_links);
0700
0701     mutex_lock(&local->mtx);
0702     sdata->vif.bss_conf.csa_active = false;
0703     if (sdata->vif.type == NL80211_IFTYPE_STATION)
0704         sdata->deflink.u.mgd.csa_waiting_bcn = false;
0705     if (sdata->deflink.csa_block_tx) {
0706         ieee80211_wake_vif_queues(local, sdata,
0707                       IEEE80211_QUEUE_STOP_REASON_CSA);
0708         sdata->deflink.csa_block_tx = false;
0709     }
0710     mutex_unlock(&local->mtx);
0711     sdata_unlock(sdata);
0712
0713     cancel_work_sync(&sdata->deflink.csa_finalize_work);
0714     cancel_work_sync(&sdata->deflink.color_change_finalize_work);
0715
0716     cancel_delayed_work_sync(&sdata->deflink.dfs_cac_timer_work);
0717
0718     if (sdata->wdev.cac_started) {
0719         chandef = sdata->vif.bss_conf.chandef;
0720         WARN_ON(local->suspended);
0721         mutex_lock(&local->mtx);
0722         ieee80211_link_release_channel(&sdata->deflink);
0723         mutex_unlock(&local->mtx);
0724         cfg80211_cac_event(sdata->dev, &chandef,
0725                    NL80211_RADAR_CAC_ABORTED,
0726                    GFP_KERNEL);
0727     }
0728
0729     if (sdata->vif.type == NL80211_IFTYPE_AP) {
0730         WARN_ON(!list_empty(&sdata->u.ap.vlans));
0731     } else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
0732         /* remove all packets in parent bc_buf pointing to this dev */
0733         ps = &sdata->bss->ps;
0734
0735         spin_lock_irqsave(&ps->bc_buf.lock, flags);
0736         skb_queue_walk_safe(&ps->bc_buf, skb, tmp) {
0737             if (skb->dev == sdata->dev) {
0738                 __skb_unlink(skb, &ps->bc_buf);
0739                 local->total_ps_buffered--;
0740                 ieee80211_free_txskb(&local->hw, skb);
0741             }
0742         }
0743         spin_unlock_irqrestore(&ps->bc_buf.lock, flags);
0744     }
0745
0746     if (going_down)
0747         local->open_count--;
0748
0749     switch (sdata->vif.type) {
0750     case NL80211_IFTYPE_AP_VLAN:
0751         mutex_lock(&local->mtx);
0752         list_del(&sdata->u.vlan.list);
0753         mutex_unlock(&local->mtx);
0754         RCU_INIT_POINTER(sdata->vif.bss_conf.chanctx_conf, NULL);
0755         /* see comment in the default case below */
0756         ieee80211_free_keys(sdata, true);
0757         /* no need to tell driver */
0758         break;
0759     case NL80211_IFTYPE_MONITOR:
0760         if (sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES) {
0761             local->cooked_mntrs--;
0762             break;
0763         }
0764
0765         local->monitors--;
0766         if (local->monitors == 0) {
0767             local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
0768             hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
0769         }
0770
0771         ieee80211_adjust_monitor_flags(sdata, -1);
0772         break;
0773     case NL80211_IFTYPE_NAN:
0774         /* clean all the functions */
0775         spin_lock_bh(&sdata->u.nan.func_lock);
0776
0777         idr_for_each_entry(&sdata->u.nan.function_inst_ids, func, i) {
0778             idr_remove(&sdata->u.nan.function_inst_ids, i);
0779             cfg80211_free_nan_func(func);
0780         }
0781         idr_destroy(&sdata->u.nan.function_inst_ids);
0782
0783         spin_unlock_bh(&sdata->u.nan.func_lock);
0784         break;
0785     case NL80211_IFTYPE_P2P_DEVICE:
0786         /* relies on synchronize_rcu() below */
0787         RCU_INIT_POINTER(local->p2p_sdata, NULL);
0788         fallthrough;
0789     default:
0790         cancel_work_sync(&sdata->work);
0791         /*
0792          * When we get here, the interface is marked down.
0793          * Free the remaining keys, if there are any
0794          * (which can happen in AP mode if userspace sets
0795          * keys before the interface is operating)
0796          *
0797          * Force the key freeing to always synchronize_net()
0798          * to wait for the RX path in case it is using this
0799          * interface enqueuing frames at this very time on
0800          * another CPU.
0801          */
0802         ieee80211_free_keys(sdata, true);
0803         skb_queue_purge(&sdata->skb_queue);
0804         skb_queue_purge(&sdata->status_queue);
0805     }
0806
0807     spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
0808     for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
0809         skb_queue_walk_safe(&local->pending[i], skb, tmp) {
0810             struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0811             if (info->control.vif == &sdata->vif) {
0812                 __skb_unlink(skb, &local->pending[i]);
0813                 ieee80211_free_txskb(&local->hw, skb);
0814             }
0815         }
0816     }
0817     spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
0818
0819     if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
0820         ieee80211_txq_remove_vlan(local, sdata);
0821
0822     sdata->bss = NULL;
0823
0824     if (local->open_count == 0)
0825         ieee80211_clear_tx_pending(local);
0826
0827     sdata->vif.bss_conf.beacon_int = 0;
0828
0829     /*
0830      * If the interface goes down while suspended, presumably because
0831      * the device was unplugged and that happens before our resume,
0832      * then the driver is already unconfigured and the remainder of
0833      * this function isn't needed.
0834      * XXX: what about WoWLAN? If the device has software state, e.g.
0835      *  memory allocated, it might expect teardown commands from
0836      *  mac80211 here?
0837      */
0838     if (local->suspended) {
0839         WARN_ON(local->wowlan);
0840         WARN_ON(rcu_access_pointer(local->monitor_sdata));
0841         return;
0842     }
0843
0844     switch (sdata->vif.type) {
0845     case NL80211_IFTYPE_AP_VLAN:
0846         break;
0847     case NL80211_IFTYPE_MONITOR:
0848         if (local->monitors == 0)
0849             ieee80211_del_virtual_monitor(local);
0850
0851         mutex_lock(&local->mtx);
0852         ieee80211_recalc_idle(local);
0853         mutex_unlock(&local->mtx);
0854
0855         if (!(sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE))
0856             break;
0857
0858         fallthrough;
0859     default:
0860         if (going_down)
0861             drv_remove_interface(local, sdata);
0862     }
0863
0864     ieee80211_recalc_ps(local);
0865
0866     if (cancel_scan)
0867         flush_delayed_work(&local->scan_work);
0868
0869     if (local->open_count == 0) {
0870         ieee80211_stop_device(local);
0871
0872         /* no reconfiguring after stop! */
0873         return;
0874     }
0875
0876     /* do after stop to avoid reconfiguring when we stop anyway */
0877     ieee80211_configure_filter(local);
0878     ieee80211_hw_config(local, hw_reconf_flags);
0879
0880     if (local->monitors == local->open_count)
0881         ieee80211_add_virtual_monitor(local);
0882 }
0883
0884 static void ieee80211_stop_mbssid(struct ieee80211_sub_if_data *sdata)
0885 {
0886     struct ieee80211_sub_if_data *tx_sdata, *non_tx_sdata, *tmp_sdata;
0887     struct ieee80211_vif *tx_vif = sdata->vif.mbssid_tx_vif;
0888
0889     if (!tx_vif)
0890         return;
0891
0892     tx_sdata = vif_to_sdata(tx_vif);
0893     sdata->vif.mbssid_tx_vif = NULL;
0894
0895     list_for_each_entry_safe(non_tx_sdata, tmp_sdata,
0896                  &tx_sdata->local->interfaces, list) {
0897         if (non_tx_sdata != sdata && non_tx_sdata != tx_sdata &&
0898             non_tx_sdata->vif.mbssid_tx_vif == tx_vif &&
0899             ieee80211_sdata_running(non_tx_sdata)) {
0900             non_tx_sdata->vif.mbssid_tx_vif = NULL;
0901             dev_close(non_tx_sdata->wdev.netdev);
0902         }
0903     }
0904
0905     if (sdata != tx_sdata && ieee80211_sdata_running(tx_sdata)) {
0906         tx_sdata->vif.mbssid_tx_vif = NULL;
0907         dev_close(tx_sdata->wdev.netdev);
0908     }
0909 }
0910
0911 static int ieee80211_stop(struct net_device *dev)
0912 {
0913     struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
0914
0915     /* close dependent VLAN and MBSSID interfaces before locking wiphy */
0916     if (sdata->vif.type == NL80211_IFTYPE_AP) {
0917         struct ieee80211_sub_if_data *vlan, *tmpsdata;
0918
0919         list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
0920                      u.vlan.list)
0921             dev_close(vlan->dev);
0922
0923         ieee80211_stop_mbssid(sdata);
0924     }
0925
0926     wiphy_lock(sdata->local->hw.wiphy);
0927     ieee80211_do_stop(sdata, true);
0928     wiphy_unlock(sdata->local->hw.wiphy);
0929
0930     return 0;
0931 }
0932
0933 static void ieee80211_set_multicast_list(struct net_device *dev)
0934 {
0935     struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
0936     struct ieee80211_local *local = sdata->local;
0937     int allmulti, sdata_allmulti;
0938
0939     allmulti = !!(dev->flags & IFF_ALLMULTI);
0940     sdata_allmulti = !!(sdata->flags & IEEE80211_SDATA_ALLMULTI);
0941
0942     if (allmulti != sdata_allmulti) {
0943         if (dev->flags & IFF_ALLMULTI)
0944             atomic_inc(&local->iff_allmultis);
0945         else
0946             atomic_dec(&local->iff_allmultis);
0947         sdata->flags ^= IEEE80211_SDATA_ALLMULTI;
0948     }
0949
0950     spin_lock_bh(&local->filter_lock);
0951     __hw_addr_sync(&local->mc_list, &dev->mc, dev->addr_len);
0952     spin_unlock_bh(&local->filter_lock);
0953     ieee80211_queue_work(&local->hw, &local->reconfig_filter);
0954 }
0955
0956 /*
0957  * Called when the netdev is removed or, by the code below, before
0958  * the interface type changes.
0959  */
0960 static void ieee80211_teardown_sdata(struct ieee80211_sub_if_data *sdata)
0961 {
0962     /* free extra data */
0963     ieee80211_free_keys(sdata, false);
0964
0965     ieee80211_debugfs_remove_netdev(sdata);
0966
0967     ieee80211_destroy_frag_cache(&sdata->frags);
0968
0969     if (ieee80211_vif_is_mesh(&sdata->vif))
0970         ieee80211_mesh_teardown_sdata(sdata);
0971
0972     ieee80211_vif_clear_links(sdata);
0973     ieee80211_link_stop(&sdata->deflink);
0974 }
0975
0976 static void ieee80211_uninit(struct net_device *dev)
0977 {
0978     ieee80211_teardown_sdata(IEEE80211_DEV_TO_SUB_IF(dev));
0979 }
0980
0981 static u16 ieee80211_netdev_select_queue(struct net_device *dev,
0982                      struct sk_buff *skb,
0983                      struct net_device *sb_dev)
0984 {
0985     return ieee80211_select_queue(IEEE80211_DEV_TO_SUB_IF(dev), skb);
0986 }
0987
0988 static void
0989 ieee80211_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *stats)
0990 {
0991     dev_fetch_sw_netstats(stats, dev->tstats);
0992 }
0993
0994 static const struct net_device_ops ieee80211_dataif_ops = {
0995     .ndo_open       = ieee80211_open,
0996     .ndo_stop       = ieee80211_stop,
0997     .ndo_uninit     = ieee80211_uninit,
0998     .ndo_start_xmit     = ieee80211_subif_start_xmit,
0999     .ndo_set_rx_mode    = ieee80211_set_multicast_list,
1000     .ndo_set_mac_address    = ieee80211_change_mac,
1001     .ndo_select_queue   = ieee80211_netdev_select_queue,
1002     .ndo_get_stats64    = ieee80211_get_stats64,
1003 };
1004
1005 static u16 ieee80211_monitor_select_queue(struct net_device *dev,
1006                       struct sk_buff *skb,
1007                       struct net_device *sb_dev)
1008 {
1009     struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1010     struct ieee80211_local *local = sdata->local;
1011     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1012     struct ieee80211_hdr *hdr;
1013     int len_rthdr;
1014
1015     if (local->hw.queues < IEEE80211_NUM_ACS)
1016         return 0;
1017
1018     /* reset flags and info before parsing radiotap header */
1019     memset(info, 0, sizeof(*info));
1020
1021     if (!ieee80211_parse_tx_radiotap(skb, dev))
1022         return 0; /* doesn't matter, frame will be dropped */
1023
1024     len_rthdr = ieee80211_get_radiotap_len(skb->data);
1025     hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
1026     if (skb->len < len_rthdr + 2 ||
1027         skb->len < len_rthdr + ieee80211_hdrlen(hdr->frame_control))
1028         return 0; /* doesn't matter, frame will be dropped */
1029
1030     return ieee80211_select_queue_80211(sdata, skb, hdr);
1031 }
1032
1033 static const struct net_device_ops ieee80211_monitorif_ops = {
1034     .ndo_open       = ieee80211_open,
1035     .ndo_stop       = ieee80211_stop,
1036     .ndo_uninit     = ieee80211_uninit,
1037     .ndo_start_xmit     = ieee80211_monitor_start_xmit,
1038     .ndo_set_rx_mode    = ieee80211_set_multicast_list,
1039     .ndo_set_mac_address    = ieee80211_change_mac,
1040     .ndo_select_queue   = ieee80211_monitor_select_queue,
1041     .ndo_get_stats64    = ieee80211_get_stats64,
1042 };
1043
1044 static int ieee80211_netdev_fill_forward_path(struct net_device_path_ctx *ctx,
1045                           struct net_device_path *path)
1046 {
1047     struct ieee80211_sub_if_data *sdata;
1048     struct ieee80211_local *local;
1049     struct sta_info *sta;
1050     int ret = -ENOENT;
1051
1052     sdata = IEEE80211_DEV_TO_SUB_IF(ctx->dev);
1053     local = sdata->local;
1054
1055     if (!local->ops->net_fill_forward_path)
1056         return -EOPNOTSUPP;
1057
1058     rcu_read_lock();
1059     switch (sdata->vif.type) {
1060     case NL80211_IFTYPE_AP_VLAN:
1061         sta = rcu_dereference(sdata->u.vlan.sta);
1062         if (sta)
1063             break;
1064         if (sdata->wdev.use_4addr)
1065             goto out;
1066         if (is_multicast_ether_addr(ctx->daddr))
1067             goto out;
1068         sta = sta_info_get_bss(sdata, ctx->daddr);
1069         break;
1070     case NL80211_IFTYPE_AP:
1071         if (is_multicast_ether_addr(ctx->daddr))
1072             goto out;
1073         sta = sta_info_get(sdata, ctx->daddr);
1074         break;
1075     case NL80211_IFTYPE_STATION:
1076         if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
1077             sta = sta_info_get(sdata, ctx->daddr);
1078             if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
1079                 if (!test_sta_flag(sta, WLAN_STA_TDLS_PEER_AUTH))
1080                     goto out;
1081
1082                 break;
1083             }
1084         }
1085
1086         sta = sta_info_get(sdata, sdata->deflink.u.mgd.bssid);
1087         break;
1088     default:
1089         goto out;
1090     }
1091
1092     if (!sta)
1093         goto out;
1094
1095     ret = drv_net_fill_forward_path(local, sdata, &sta->sta, ctx, path);
1096 out:
1097     rcu_read_unlock();
1098
1099     return ret;
1100 }
1101
1102 static const struct net_device_ops ieee80211_dataif_8023_ops = {
1103     .ndo_open       = ieee80211_open,
1104     .ndo_stop       = ieee80211_stop,
1105     .ndo_uninit     = ieee80211_uninit,
1106     .ndo_start_xmit     = ieee80211_subif_start_xmit_8023,
1107     .ndo_set_rx_mode    = ieee80211_set_multicast_list,
1108     .ndo_set_mac_address    = ieee80211_change_mac,
1109     .ndo_select_queue   = ieee80211_netdev_select_queue,
1110     .ndo_get_stats64    = ieee80211_get_stats64,
1111     .ndo_fill_forward_path  = ieee80211_netdev_fill_forward_path,
1112 };
1113
1114 static bool ieee80211_iftype_supports_hdr_offload(enum nl80211_iftype iftype)
1115 {
1116     switch (iftype) {
1117     /* P2P GO and client are mapped to AP/STATION types */
1118     case NL80211_IFTYPE_AP:
1119     case NL80211_IFTYPE_STATION:
1120         return true;
1121     default:
1122         return false;
1123     }
1124 }
1125
1126 static bool ieee80211_set_sdata_offload_flags(struct ieee80211_sub_if_data *sdata)
1127 {
1128     struct ieee80211_local *local = sdata->local;
1129     u32 flags;
1130
1131     flags = sdata->vif.offload_flags;
1132
1133     if (ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) &&
1134         ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1135         flags |= IEEE80211_OFFLOAD_ENCAP_ENABLED;
1136
1137         if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG) &&
1138             local->hw.wiphy->frag_threshold != (u32)-1)
1139             flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1140
1141         if (local->monitors)
1142             flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1143     } else {
1144         flags &= ~IEEE80211_OFFLOAD_ENCAP_ENABLED;
1145     }
1146
1147     if (ieee80211_hw_check(&local->hw, SUPPORTS_RX_DECAP_OFFLOAD) &&
1148         ieee80211_iftype_supports_hdr_offload(sdata->vif.type)) {
1149         flags |= IEEE80211_OFFLOAD_DECAP_ENABLED;
1150
1151         if (local->monitors &&
1152             !ieee80211_hw_check(&local->hw, SUPPORTS_CONC_MON_RX_DECAP))
1153             flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1154     } else {
1155         flags &= ~IEEE80211_OFFLOAD_DECAP_ENABLED;
1156     }
1157
1158     if (sdata->vif.offload_flags == flags)
1159         return false;
1160
1161     sdata->vif.offload_flags = flags;
1162     ieee80211_check_fast_rx_iface(sdata);
1163     return true;
1164 }
1165
1166 static void ieee80211_set_vif_encap_ops(struct ieee80211_sub_if_data *sdata)
1167 {
1168     struct ieee80211_local *local = sdata->local;
1169     struct ieee80211_sub_if_data *bss = sdata;
1170     bool enabled;
1171
1172     if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1173         if (!sdata->bss)
1174             return;
1175
1176         bss = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1177     }
1178
1179     if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD) ||
1180         !ieee80211_iftype_supports_hdr_offload(bss->vif.type))
1181         return;
1182
1183     enabled = bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED;
1184     if (sdata->wdev.use_4addr &&
1185         !(bss->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_4ADDR))
1186         enabled = false;
1187
1188     sdata->dev->netdev_ops = enabled ? &ieee80211_dataif_8023_ops :
1189                        &ieee80211_dataif_ops;
1190 }
1191
1192 static void ieee80211_recalc_sdata_offload(struct ieee80211_sub_if_data *sdata)
1193 {
1194     struct ieee80211_local *local = sdata->local;
1195     struct ieee80211_sub_if_data *vsdata;
1196
1197     if (ieee80211_set_sdata_offload_flags(sdata)) {
1198         drv_update_vif_offload(local, sdata);
1199         ieee80211_set_vif_encap_ops(sdata);
1200     }
1201
1202     list_for_each_entry(vsdata, &local->interfaces, list) {
1203         if (vsdata->vif.type != NL80211_IFTYPE_AP_VLAN ||
1204             vsdata->bss != &sdata->u.ap)
1205             continue;
1206
1207         ieee80211_set_vif_encap_ops(vsdata);
1208     }
1209 }
1210
1211 void ieee80211_recalc_offload(struct ieee80211_local *local)
1212 {
1213     struct ieee80211_sub_if_data *sdata;
1214
1215     if (!ieee80211_hw_check(&local->hw, SUPPORTS_TX_ENCAP_OFFLOAD))
1216         return;
1217
1218     mutex_lock(&local->iflist_mtx);
1219
1220     list_for_each_entry(sdata, &local->interfaces, list) {
1221         if (!ieee80211_sdata_running(sdata))
1222             continue;
1223
1224         ieee80211_recalc_sdata_offload(sdata);
1225     }
1226
1227     mutex_unlock(&local->iflist_mtx);
1228 }
1229
1230 void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1231                     const int offset)
1232 {
1233     struct ieee80211_local *local = sdata->local;
1234     u32 flags = sdata->u.mntr.flags;
1235
1236 #define ADJUST(_f, _s)  do {                    \
1237     if (flags & MONITOR_FLAG_##_f)              \
1238         local->fif_##_s += offset;          \
1239     } while (0)
1240
1241     ADJUST(FCSFAIL, fcsfail);
1242     ADJUST(PLCPFAIL, plcpfail);
1243     ADJUST(CONTROL, control);
1244     ADJUST(CONTROL, pspoll);
1245     ADJUST(OTHER_BSS, other_bss);
1246
1247 #undef ADJUST
1248 }
1249
1250 static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
1251 {
1252     struct ieee80211_local *local = sdata->local;
1253     int i;
1254
1255     for (i = 0; i < IEEE80211_NUM_ACS; i++) {
1256         if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1257             sdata->vif.hw_queue[i] = IEEE80211_INVAL_HW_QUEUE;
1258         else if (local->hw.queues >= IEEE80211_NUM_ACS)
1259             sdata->vif.hw_queue[i] = i;
1260         else
1261             sdata->vif.hw_queue[i] = 0;
1262     }
1263     sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
1264 }
1265
1266 static void ieee80211_sdata_init(struct ieee80211_local *local,
1267                  struct ieee80211_sub_if_data *sdata)
1268 {
1269     sdata->local = local;
1270
1271     /*
1272      * Initialize the default link, so we can use link_id 0 for non-MLD,
1273      * and that continues to work for non-MLD-aware drivers that use just
1274      * vif.bss_conf instead of vif.link_conf.
1275      *
1276      * Note that we never change this, so if link ID 0 isn't used in an
1277      * MLD connection, we get a separate allocation for it.
1278      */
1279     ieee80211_link_init(sdata, -1, &sdata->deflink, &sdata->vif.bss_conf);
1280 }
1281
1282 int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
1283 {
1284     struct ieee80211_sub_if_data *sdata;
1285     int ret;
1286
1287     if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
1288         return 0;
1289
1290     ASSERT_RTNL();
1291     lockdep_assert_wiphy(local->hw.wiphy);
1292
1293     if (local->monitor_sdata)
1294         return 0;
1295
1296     sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
1297     if (!sdata)
1298         return -ENOMEM;
1299
1300     /* set up data */
1301     sdata->vif.type = NL80211_IFTYPE_MONITOR;
1302     snprintf(sdata->name, IFNAMSIZ, "%s-monitor",
1303          wiphy_name(local->hw.wiphy));
1304     sdata->wdev.iftype = NL80211_IFTYPE_MONITOR;
1305
1306     ieee80211_sdata_init(local, sdata);
1307
1308     ieee80211_set_default_queues(sdata);
1309
1310     ret = drv_add_interface(local, sdata);
1311     if (WARN_ON(ret)) {
1312         /* ok .. stupid driver, it asked for this! */
1313         kfree(sdata);
1314         return ret;
1315     }
1316
1317     set_bit(SDATA_STATE_RUNNING, &sdata->state);
1318
1319     ret = ieee80211_check_queues(sdata, NL80211_IFTYPE_MONITOR);
1320     if (ret) {
1321         kfree(sdata);
1322         return ret;
1323     }
1324
1325     mutex_lock(&local->iflist_mtx);
1326     rcu_assign_pointer(local->monitor_sdata, sdata);
1327     mutex_unlock(&local->iflist_mtx);
1328
1329     mutex_lock(&local->mtx);
1330     ret = ieee80211_link_use_channel(&sdata->deflink, &local->monitor_chandef,
1331                      IEEE80211_CHANCTX_EXCLUSIVE);
1332     mutex_unlock(&local->mtx);
1333     if (ret) {
1334         mutex_lock(&local->iflist_mtx);
1335         RCU_INIT_POINTER(local->monitor_sdata, NULL);
1336         mutex_unlock(&local->iflist_mtx);
1337         synchronize_net();
1338         drv_remove_interface(local, sdata);
1339         kfree(sdata);
1340         return ret;
1341     }
1342
1343     skb_queue_head_init(&sdata->skb_queue);
1344     skb_queue_head_init(&sdata->status_queue);
1345     INIT_WORK(&sdata->work, ieee80211_iface_work);
1346
1347     return 0;
1348 }
1349
1350 void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
1351 {
1352     struct ieee80211_sub_if_data *sdata;
1353
1354     if (!ieee80211_hw_check(&local->hw, WANT_MONITOR_VIF))
1355         return;
1356
1357     ASSERT_RTNL();
1358     lockdep_assert_wiphy(local->hw.wiphy);
1359
1360     mutex_lock(&local->iflist_mtx);
1361
1362     sdata = rcu_dereference_protected(local->monitor_sdata,
1363                       lockdep_is_held(&local->iflist_mtx));
1364     if (!sdata) {
1365         mutex_unlock(&local->iflist_mtx);
1366         return;
1367     }
1368
1369     RCU_INIT_POINTER(local->monitor_sdata, NULL);
1370     mutex_unlock(&local->iflist_mtx);
1371
1372     synchronize_net();
1373
1374     mutex_lock(&local->mtx);
1375     ieee80211_link_release_channel(&sdata->deflink);
1376     mutex_unlock(&local->mtx);
1377
1378     drv_remove_interface(local, sdata);
1379
1380     kfree(sdata);
1381 }
1382
1383 /*
1384  * NOTE: Be very careful when changing this function, it must NOT return
1385  * an error on interface type changes that have been pre-checked, so most
1386  * checks should be in ieee80211_check_concurrent_iface.
1387  */
1388 int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
1389 {
1390     struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
1391     struct net_device *dev = wdev->netdev;
1392     struct ieee80211_local *local = sdata->local;
1393     u32 changed = 0;
1394     int res;
1395     u32 hw_reconf_flags = 0;
1396
1397     switch (sdata->vif.type) {
1398     case NL80211_IFTYPE_AP_VLAN: {
1399         struct ieee80211_sub_if_data *master;
1400
1401         if (!sdata->bss)
1402             return -ENOLINK;
1403
1404         mutex_lock(&local->mtx);
1405         list_add(&sdata->u.vlan.list, &sdata->bss->vlans);
1406         mutex_unlock(&local->mtx);
1407
1408         master = container_of(sdata->bss,
1409                       struct ieee80211_sub_if_data, u.ap);
1410         sdata->control_port_protocol =
1411             master->control_port_protocol;
1412         sdata->control_port_no_encrypt =
1413             master->control_port_no_encrypt;
1414         sdata->control_port_over_nl80211 =
1415             master->control_port_over_nl80211;
1416         sdata->control_port_no_preauth =
1417             master->control_port_no_preauth;
1418         sdata->vif.cab_queue = master->vif.cab_queue;
1419         memcpy(sdata->vif.hw_queue, master->vif.hw_queue,
1420                sizeof(sdata->vif.hw_queue));
1421         sdata->vif.bss_conf.chandef = master->vif.bss_conf.chandef;
1422
1423         mutex_lock(&local->key_mtx);
1424         sdata->crypto_tx_tailroom_needed_cnt +=
1425             master->crypto_tx_tailroom_needed_cnt;
1426         mutex_unlock(&local->key_mtx);
1427
1428         break;
1429         }
1430     case NL80211_IFTYPE_AP:
1431         sdata->bss = &sdata->u.ap;
1432         break;
1433     case NL80211_IFTYPE_MESH_POINT:
1434     case NL80211_IFTYPE_STATION:
1435     case NL80211_IFTYPE_MONITOR:
1436     case NL80211_IFTYPE_ADHOC:
1437     case NL80211_IFTYPE_P2P_DEVICE:
1438     case NL80211_IFTYPE_OCB:
1439     case NL80211_IFTYPE_NAN:
1440         /* no special treatment */
1441         break;
1442     case NL80211_IFTYPE_UNSPECIFIED:
1443     case NUM_NL80211_IFTYPES:
1444     case NL80211_IFTYPE_P2P_CLIENT:
1445     case NL80211_IFTYPE_P2P_GO:
1446     case NL80211_IFTYPE_WDS:
1447         /* cannot happen */
1448         WARN_ON(1);
1449         break;
1450     }
1451
1452     if (local->open_count == 0) {
1453         res = drv_start(local);
1454         if (res)
1455             goto err_del_bss;
1456         /* we're brought up, everything changes */
1457         hw_reconf_flags = ~0;
1458         ieee80211_led_radio(local, true);
1459         ieee80211_mod_tpt_led_trig(local,
1460                        IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
1461     }
1462
1463     /*
1464      * Copy the hopefully now-present MAC address to
1465      * this interface, if it has the special null one.
1466      */
1467     if (dev && is_zero_ether_addr(dev->dev_addr)) {
1468         eth_hw_addr_set(dev, local->hw.wiphy->perm_addr);
1469         memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
1470
1471         if (!is_valid_ether_addr(dev->dev_addr)) {
1472             res = -EADDRNOTAVAIL;
1473             goto err_stop;
1474         }
1475     }
1476
1477     switch (sdata->vif.type) {
1478     case NL80211_IFTYPE_AP_VLAN:
1479         /* no need to tell driver, but set carrier and chanctx */
1480         if (sdata->bss->active) {
1481             ieee80211_link_vlan_copy_chanctx(&sdata->deflink);
1482             netif_carrier_on(dev);
1483             ieee80211_set_vif_encap_ops(sdata);
1484         } else {
1485             netif_carrier_off(dev);
1486         }
1487         break;
1488     case NL80211_IFTYPE_MONITOR:
1489         if (sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES) {
1490             local->cooked_mntrs++;
1491             break;
1492         }
1493
1494         if (sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
1495             res = drv_add_interface(local, sdata);
1496             if (res)
1497                 goto err_stop;
1498         } else if (local->monitors == 0 && local->open_count == 0) {
1499             res = ieee80211_add_virtual_monitor(local);
1500             if (res)
1501                 goto err_stop;
1502         }
1503
1504         /* must be before the call to ieee80211_configure_filter */
1505         local->monitors++;
1506         if (local->monitors == 1) {
1507             local->hw.conf.flags |= IEEE80211_CONF_MONITOR;
1508             hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
1509         }
1510
1511         ieee80211_adjust_monitor_flags(sdata, 1);
1512         ieee80211_configure_filter(local);
1513         ieee80211_recalc_offload(local);
1514         mutex_lock(&local->mtx);
1515         ieee80211_recalc_idle(local);
1516         mutex_unlock(&local->mtx);
1517
1518         netif_carrier_on(dev);
1519         break;
1520     default:
1521         if (coming_up) {
1522             ieee80211_del_virtual_monitor(local);
1523             ieee80211_set_sdata_offload_flags(sdata);
1524
1525             res = drv_add_interface(local, sdata);
1526             if (res)
1527                 goto err_stop;
1528
1529             ieee80211_set_vif_encap_ops(sdata);
1530             res = ieee80211_check_queues(sdata,
1531                 ieee80211_vif_type_p2p(&sdata->vif));
1532             if (res)
1533                 goto err_del_interface;
1534         }
1535
1536         if (sdata->vif.type == NL80211_IFTYPE_AP) {
1537             local->fif_pspoll++;
1538             local->fif_probe_req++;
1539
1540             ieee80211_configure_filter(local);
1541         } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
1542             local->fif_probe_req++;
1543         }
1544
1545         if (sdata->vif.probe_req_reg)
1546             drv_config_iface_filter(local, sdata,
1547                         FIF_PROBE_REQ,
1548                         FIF_PROBE_REQ);
1549
1550         if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE &&
1551             sdata->vif.type != NL80211_IFTYPE_NAN)
1552             changed |= ieee80211_reset_erp_info(sdata);
1553         ieee80211_link_info_change_notify(sdata, &sdata->deflink,
1554                           changed);
1555
1556         switch (sdata->vif.type) {
1557         case NL80211_IFTYPE_STATION:
1558         case NL80211_IFTYPE_ADHOC:
1559         case NL80211_IFTYPE_AP:
1560         case NL80211_IFTYPE_MESH_POINT:
1561         case NL80211_IFTYPE_OCB:
1562             netif_carrier_off(dev);
1563             break;
1564         case NL80211_IFTYPE_P2P_DEVICE:
1565         case NL80211_IFTYPE_NAN:
1566             break;
1567         default:
1568             /* not reached */
1569             WARN_ON(1);
1570         }
1571
1572         /*
1573          * Set default queue parameters so drivers don't
1574          * need to initialise the hardware if the hardware
1575          * doesn't start up with sane defaults.
1576          * Enable QoS for anything but station interfaces.
1577          */
1578         ieee80211_set_wmm_default(&sdata->deflink, true,
1579             sdata->vif.type != NL80211_IFTYPE_STATION);
1580     }
1581
1582     set_bit(SDATA_STATE_RUNNING, &sdata->state);
1583
1584     switch (sdata->vif.type) {
1585     case NL80211_IFTYPE_P2P_DEVICE:
1586         rcu_assign_pointer(local->p2p_sdata, sdata);
1587         break;
1588     case NL80211_IFTYPE_MONITOR:
1589         if (sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES)
1590             break;
1591         list_add_tail_rcu(&sdata->u.mntr.list, &local->mon_list);
1592         break;
1593     default:
1594         break;
1595     }
1596
1597     /*
1598      * set_multicast_list will be invoked by the networking core
1599      * which will check whether any increments here were done in
1600      * error and sync them down to the hardware as filter flags.
1601      */
1602     if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
1603         atomic_inc(&local->iff_allmultis);
1604
1605     if (coming_up)
1606         local->open_count++;
1607
1608     if (hw_reconf_flags)
1609         ieee80211_hw_config(local, hw_reconf_flags);
1610
1611     ieee80211_recalc_ps(local);
1612
1613     if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
1614         sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
1615         local->ops->wake_tx_queue) {
1616         /* XXX: for AP_VLAN, actually track AP queues */
1617         if (dev)
1618             netif_tx_start_all_queues(dev);
1619     } else if (dev) {
1620         unsigned long flags;
1621         int n_acs = IEEE80211_NUM_ACS;
1622         int ac;
1623
1624         if (local->hw.queues < IEEE80211_NUM_ACS)
1625             n_acs = 1;
1626
1627         spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1628         if (sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE ||
1629             (local->queue_stop_reasons[sdata->vif.cab_queue] == 0 &&
1630              skb_queue_empty(&local->pending[sdata->vif.cab_queue]))) {
1631             for (ac = 0; ac < n_acs; ac++) {
1632                 int ac_queue = sdata->vif.hw_queue[ac];
1633
1634                 if (local->queue_stop_reasons[ac_queue] == 0 &&
1635                     skb_queue_empty(&local->pending[ac_queue]))
1636                     netif_start_subqueue(dev, ac);
1637             }
1638         }
1639         spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1640     }
1641
1642     return 0;
1643  err_del_interface:
1644     drv_remove_interface(local, sdata);
1645  err_stop:
1646     if (!local->open_count)
1647         drv_stop(local);
1648  err_del_bss:
1649     sdata->bss = NULL;
1650     if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1651         mutex_lock(&local->mtx);
1652         list_del(&sdata->u.vlan.list);
1653         mutex_unlock(&local->mtx);
1654     }
1655     /* might already be clear but that doesn't matter */
1656     clear_bit(SDATA_STATE_RUNNING, &sdata->state);
1657     return res;
1658 }
1659
1660 static void ieee80211_if_free(struct net_device *dev)
1661 {
1662     free_percpu(dev->tstats);
1663 }
1664
1665 static void ieee80211_if_setup(struct net_device *dev)
1666 {
1667     ether_setup(dev);
1668     dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1669     dev->netdev_ops = &ieee80211_dataif_ops;
1670     dev->needs_free_netdev = true;
1671     dev->priv_destructor = ieee80211_if_free;
1672 }
1673
1674 static void ieee80211_if_setup_no_queue(struct net_device *dev)
1675 {
1676     ieee80211_if_setup(dev);
1677     dev->priv_flags |= IFF_NO_QUEUE;
1678 }
1679
1680 static void ieee80211_iface_process_skb(struct ieee80211_local *local,
1681                     struct ieee80211_sub_if_data *sdata,
1682                     struct sk_buff *skb)
1683 {
1684     struct ieee80211_mgmt *mgmt = (void *)skb->data;
1685
1686     if (ieee80211_is_action(mgmt->frame_control) &&
1687         mgmt->u.action.category == WLAN_CATEGORY_BACK) {
1688         struct sta_info *sta;
1689         int len = skb->len;
1690
1691         mutex_lock(&local->sta_mtx);
1692         sta = sta_info_get_bss(sdata, mgmt->sa);
1693         if (sta) {
1694             switch (mgmt->u.action.u.addba_req.action_code) {
1695             case WLAN_ACTION_ADDBA_REQ:
1696                 ieee80211_process_addba_request(local, sta,
1697                                 mgmt, len);
1698                 break;
1699             case WLAN_ACTION_ADDBA_RESP:
1700                 ieee80211_process_addba_resp(local, sta,
1701                                  mgmt, len);
1702                 break;
1703             case WLAN_ACTION_DELBA:
1704                 ieee80211_process_delba(sdata, sta,
1705                             mgmt, len);
1706                 break;
1707             default:
1708                 WARN_ON(1);
1709                 break;
1710             }
1711         }
1712         mutex_unlock(&local->sta_mtx);
1713     } else if (ieee80211_is_action(mgmt->frame_control) &&
1714            mgmt->u.action.category == WLAN_CATEGORY_VHT) {
1715         switch (mgmt->u.action.u.vht_group_notif.action_code) {
1716         case WLAN_VHT_ACTION_OPMODE_NOTIF: {
1717             struct ieee80211_rx_status *status;
1718             enum nl80211_band band;
1719             struct sta_info *sta;
1720             u8 opmode;
1721
1722             status = IEEE80211_SKB_RXCB(skb);
1723             band = status->band;
1724             opmode = mgmt->u.action.u.vht_opmode_notif.operating_mode;
1725
1726             mutex_lock(&local->sta_mtx);
1727             sta = sta_info_get_bss(sdata, mgmt->sa);
1728
1729             if (sta)
1730                 ieee80211_vht_handle_opmode(sdata,
1731                                 &sta->deflink,
1732                                 opmode, band);
1733
1734             mutex_unlock(&local->sta_mtx);
1735             break;
1736         }
1737         case WLAN_VHT_ACTION_GROUPID_MGMT:
1738             ieee80211_process_mu_groups(sdata, &sdata->deflink,
1739                             mgmt);
1740             break;
1741         default:
1742             WARN_ON(1);
1743             break;
1744         }
1745     } else if (ieee80211_is_action(mgmt->frame_control) &&
1746            mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1747         switch (mgmt->u.action.u.s1g.action_code) {
1748         case WLAN_S1G_TWT_TEARDOWN:
1749         case WLAN_S1G_TWT_SETUP:
1750             ieee80211_s1g_rx_twt_action(sdata, skb);
1751             break;
1752         default:
1753             break;
1754         }
1755     } else if (ieee80211_is_ext(mgmt->frame_control)) {
1756         if (sdata->vif.type == NL80211_IFTYPE_STATION)
1757             ieee80211_sta_rx_queued_ext(sdata, skb);
1758         else
1759             WARN_ON(1);
1760     } else if (ieee80211_is_data_qos(mgmt->frame_control)) {
1761         struct ieee80211_hdr *hdr = (void *)mgmt;
1762         struct sta_info *sta;
1763
1764         /*
1765          * So the frame isn't mgmt, but frame_control
1766          * is at the right place anyway, of course, so
1767          * the if statement is correct.
1768          *
1769          * Warn if we have other data frame types here,
1770          * they must not get here.
1771          */
1772         WARN_ON(hdr->frame_control &
1773                 cpu_to_le16(IEEE80211_STYPE_NULLFUNC));
1774         WARN_ON(!(hdr->seq_ctrl &
1775                 cpu_to_le16(IEEE80211_SCTL_FRAG)));
1776         /*
1777          * This was a fragment of a frame, received while
1778          * a block-ack session was active. That cannot be
1779          * right, so terminate the session.
1780          */
1781         mutex_lock(&local->sta_mtx);
1782         sta = sta_info_get_bss(sdata, mgmt->sa);
1783         if (sta) {
1784             u16 tid = ieee80211_get_tid(hdr);
1785
1786             __ieee80211_stop_rx_ba_session(
1787                 sta, tid, WLAN_BACK_RECIPIENT,
1788                 WLAN_REASON_QSTA_REQUIRE_SETUP,
1789                 true);
1790         }
1791         mutex_unlock(&local->sta_mtx);
1792     } else switch (sdata->vif.type) {
1793     case NL80211_IFTYPE_STATION:
1794         ieee80211_sta_rx_queued_mgmt(sdata, skb);
1795         break;
1796     case NL80211_IFTYPE_ADHOC:
1797         ieee80211_ibss_rx_queued_mgmt(sdata, skb);
1798         break;
1799     case NL80211_IFTYPE_MESH_POINT:
1800         if (!ieee80211_vif_is_mesh(&sdata->vif))
1801             break;
1802         ieee80211_mesh_rx_queued_mgmt(sdata, skb);
1803         break;
1804     default:
1805         WARN(1, "frame for unexpected interface type");
1806         break;
1807     }
1808 }
1809
1810 static void ieee80211_iface_process_status(struct ieee80211_sub_if_data *sdata,
1811                        struct sk_buff *skb)
1812 {
1813     struct ieee80211_mgmt *mgmt = (void *)skb->data;
1814
1815     if (ieee80211_is_action(mgmt->frame_control) &&
1816         mgmt->u.action.category == WLAN_CATEGORY_S1G) {
1817         switch (mgmt->u.action.u.s1g.action_code) {
1818         case WLAN_S1G_TWT_TEARDOWN:
1819         case WLAN_S1G_TWT_SETUP:
1820             ieee80211_s1g_status_twt_action(sdata, skb);
1821             break;
1822         default:
1823             break;
1824         }
1825     }
1826 }
1827
1828 static void ieee80211_iface_work(struct work_struct *work)
1829 {
1830     struct ieee80211_sub_if_data *sdata =
1831         container_of(work, struct ieee80211_sub_if_data, work);
1832     struct ieee80211_local *local = sdata->local;
1833     struct sk_buff *skb;
1834
1835     if (!ieee80211_sdata_running(sdata))
1836         return;
1837
1838     if (test_bit(SCAN_SW_SCANNING, &local->scanning))
1839         return;
1840
1841     if (!ieee80211_can_run_worker(local))
1842         return;
1843
1844     /* first process frames */
1845     while ((skb = skb_dequeue(&sdata->skb_queue))) {
1846         kcov_remote_start_common(skb_get_kcov_handle(skb));
1847
1848         if (skb->protocol == cpu_to_be16(ETH_P_TDLS))
1849             ieee80211_process_tdls_channel_switch(sdata, skb);
1850         else
1851             ieee80211_iface_process_skb(local, sdata, skb);
1852
1853         kfree_skb(skb);
1854         kcov_remote_stop();
1855     }
1856
1857     /* process status queue */
1858     while ((skb = skb_dequeue(&sdata->status_queue))) {
1859         kcov_remote_start_common(skb_get_kcov_handle(skb));
1860
1861         ieee80211_iface_process_status(sdata, skb);
1862         kfree_skb(skb);
1863
1864         kcov_remote_stop();
1865     }
1866
1867     /* then other type-dependent work */
1868     switch (sdata->vif.type) {
1869     case NL80211_IFTYPE_STATION:
1870         ieee80211_sta_work(sdata);
1871         break;
1872     case NL80211_IFTYPE_ADHOC:
1873         ieee80211_ibss_work(sdata);
1874         break;
1875     case NL80211_IFTYPE_MESH_POINT:
1876         if (!ieee80211_vif_is_mesh(&sdata->vif))
1877             break;
1878         ieee80211_mesh_work(sdata);
1879         break;
1880     case NL80211_IFTYPE_OCB:
1881         ieee80211_ocb_work(sdata);
1882         break;
1883     default:
1884         break;
1885     }
1886 }
1887
1888 static void ieee80211_recalc_smps_work(struct work_struct *work)
1889 {
1890     struct ieee80211_sub_if_data *sdata =
1891         container_of(work, struct ieee80211_sub_if_data, recalc_smps);
1892
1893     ieee80211_recalc_smps(sdata, &sdata->deflink);
1894 }
1895
1896 /*
1897  * Helper function to initialise an interface to a specific type.
1898  */
1899 static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
1900                   enum nl80211_iftype type)
1901 {
1902     static const u8 bssid_wildcard[ETH_ALEN] = {0xff, 0xff, 0xff,
1903                             0xff, 0xff, 0xff};
1904
1905     /* clear type-dependent unions */
1906     memset(&sdata->u, 0, sizeof(sdata->u));
1907     memset(&sdata->deflink.u, 0, sizeof(sdata->deflink.u));
1908
1909     /* and set some type-dependent values */
1910     sdata->vif.type = type;
1911     sdata->vif.p2p = false;
1912     sdata->wdev.iftype = type;
1913
1914     sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
1915     sdata->control_port_no_encrypt = false;
1916     sdata->control_port_over_nl80211 = false;
1917     sdata->control_port_no_preauth = false;
1918     sdata->vif.cfg.idle = true;
1919     sdata->vif.bss_conf.txpower = INT_MIN; /* unset */
1920
1921     sdata->noack_map = 0;
1922
1923     /* only monitor/p2p-device differ */
1924     if (sdata->dev) {
1925         sdata->dev->netdev_ops = &ieee80211_dataif_ops;
1926         sdata->dev->type = ARPHRD_ETHER;
1927     }
1928
1929     skb_queue_head_init(&sdata->skb_queue);
1930     skb_queue_head_init(&sdata->status_queue);
1931     INIT_WORK(&sdata->work, ieee80211_iface_work);
1932     INIT_WORK(&sdata->recalc_smps, ieee80211_recalc_smps_work);
1933
1934     switch (type) {
1935     case NL80211_IFTYPE_P2P_GO:
1936         type = NL80211_IFTYPE_AP;
1937         sdata->vif.type = type;
1938         sdata->vif.p2p = true;
1939         fallthrough;
1940     case NL80211_IFTYPE_AP:
1941         skb_queue_head_init(&sdata->u.ap.ps.bc_buf);
1942         INIT_LIST_HEAD(&sdata->u.ap.vlans);
1943         sdata->vif.bss_conf.bssid = sdata->vif.addr;
1944         break;
1945     case NL80211_IFTYPE_P2P_CLIENT:
1946         type = NL80211_IFTYPE_STATION;
1947         sdata->vif.type = type;
1948         sdata->vif.p2p = true;
1949         fallthrough;
1950     case NL80211_IFTYPE_STATION:
1951         sdata->vif.bss_conf.bssid = sdata->deflink.u.mgd.bssid;
1952         ieee80211_sta_setup_sdata(sdata);
1953         break;
1954     case NL80211_IFTYPE_OCB:
1955         sdata->vif.bss_conf.bssid = bssid_wildcard;
1956         ieee80211_ocb_setup_sdata(sdata);
1957         break;
1958     case NL80211_IFTYPE_ADHOC:
1959         sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
1960         ieee80211_ibss_setup_sdata(sdata);
1961         break;
1962     case NL80211_IFTYPE_MESH_POINT:
1963         if (ieee80211_vif_is_mesh(&sdata->vif))
1964             ieee80211_mesh_init_sdata(sdata);
1965         break;
1966     case NL80211_IFTYPE_MONITOR:
1967         sdata->dev->type = ARPHRD_IEEE80211_RADIOTAP;
1968         sdata->dev->netdev_ops = &ieee80211_monitorif_ops;
1969         sdata->u.mntr.flags = MONITOR_FLAG_CONTROL |
1970                       MONITOR_FLAG_OTHER_BSS;
1971         break;
1972     case NL80211_IFTYPE_NAN:
1973         idr_init(&sdata->u.nan.function_inst_ids);
1974         spin_lock_init(&sdata->u.nan.func_lock);
1975         sdata->vif.bss_conf.bssid = sdata->vif.addr;
1976         break;
1977     case NL80211_IFTYPE_AP_VLAN:
1978     case NL80211_IFTYPE_P2P_DEVICE:
1979         sdata->vif.bss_conf.bssid = sdata->vif.addr;
1980         break;
1981     case NL80211_IFTYPE_UNSPECIFIED:
1982     case NL80211_IFTYPE_WDS:
1983     case NUM_NL80211_IFTYPES:
1984         WARN_ON(1);
1985         break;
1986     }
1987
1988     /* need to do this after the switch so vif.type is correct */
1989     ieee80211_link_setup(&sdata->deflink);
1990
1991     ieee80211_debugfs_add_netdev(sdata);
1992 }
1993
1994 static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
1995                        enum nl80211_iftype type)
1996 {
1997     struct ieee80211_local *local = sdata->local;
1998     int ret, err;
1999     enum nl80211_iftype internal_type = type;
2000     bool p2p = false;
2001
2002     ASSERT_RTNL();
2003
2004     if (!local->ops->change_interface)
2005         return -EBUSY;
2006
2007     /* for now, don't support changing while links exist */
2008     if (sdata->vif.valid_links)
2009         return -EBUSY;
2010
2011     switch (sdata->vif.type) {
2012     case NL80211_IFTYPE_AP:
2013         if (!list_empty(&sdata->u.ap.vlans))
2014             return -EBUSY;
2015         break;
2016     case NL80211_IFTYPE_STATION:
2017     case NL80211_IFTYPE_ADHOC:
2018     case NL80211_IFTYPE_OCB:
2019         /*
2020          * Could maybe also all others here?
2021          * Just not sure how that interacts
2022          * with the RX/config path e.g. for
2023          * mesh.
2024          */
2025         break;
2026     default:
2027         return -EBUSY;
2028     }
2029
2030     switch (type) {
2031     case NL80211_IFTYPE_AP:
2032     case NL80211_IFTYPE_STATION:
2033     case NL80211_IFTYPE_ADHOC:
2034     case NL80211_IFTYPE_OCB:
2035         /*
2036          * Could probably support everything
2037          * but here.
2038          */
2039         break;
2040     case NL80211_IFTYPE_P2P_CLIENT:
2041         p2p = true;
2042         internal_type = NL80211_IFTYPE_STATION;
2043         break;
2044     case NL80211_IFTYPE_P2P_GO:
2045         p2p = true;
2046         internal_type = NL80211_IFTYPE_AP;
2047         break;
2048     default:
2049         return -EBUSY;
2050     }
2051
2052     ret = ieee80211_check_concurrent_iface(sdata, internal_type);
2053     if (ret)
2054         return ret;
2055
2056     ieee80211_stop_vif_queues(local, sdata,
2057                   IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
2058     synchronize_net();
2059
2060     ieee80211_do_stop(sdata, false);
2061
2062     ieee80211_teardown_sdata(sdata);
2063
2064     ieee80211_set_sdata_offload_flags(sdata);
2065     ret = drv_change_interface(local, sdata, internal_type, p2p);
2066     if (ret)
2067         type = ieee80211_vif_type_p2p(&sdata->vif);
2068
2069     /*
2070      * Ignore return value here, there's not much we can do since
2071      * the driver changed the interface type internally already.
2072      * The warnings will hopefully make driver authors fix it :-)
2073      */
2074     ieee80211_check_queues(sdata, type);
2075
2076     ieee80211_setup_sdata(sdata, type);
2077     ieee80211_set_vif_encap_ops(sdata);
2078
2079     err = ieee80211_do_open(&sdata->wdev, false);
2080     WARN(err, "type change: do_open returned %d", err);
2081
2082     ieee80211_wake_vif_queues(local, sdata,
2083                   IEEE80211_QUEUE_STOP_REASON_IFTYPE_CHANGE);
2084     return ret;
2085 }
2086
2087 int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
2088                  enum nl80211_iftype type)
2089 {
2090     int ret;
2091
2092     ASSERT_RTNL();
2093
2094     if (type == ieee80211_vif_type_p2p(&sdata->vif))
2095         return 0;
2096
2097     if (ieee80211_sdata_running(sdata)) {
2098         ret = ieee80211_runtime_change_iftype(sdata, type);
2099         if (ret)
2100             return ret;
2101     } else {
2102         /* Purge and reset type-dependent state. */
2103         ieee80211_teardown_sdata(sdata);
2104         ieee80211_setup_sdata(sdata, type);
2105     }
2106
2107     /* reset some values that shouldn't be kept across type changes */
2108     if (type == NL80211_IFTYPE_STATION)
2109         sdata->u.mgd.use_4addr = false;
2110
2111     return 0;
2112 }
2113
2114 static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
2115                        u8 *perm_addr, enum nl80211_iftype type)
2116 {
2117     struct ieee80211_sub_if_data *sdata;
2118     u64 mask, start, addr, val, inc;
2119     u8 *m;
2120     u8 tmp_addr[ETH_ALEN];
2121     int i;
2122
2123     /* default ... something at least */
2124     memcpy(perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
2125
2126     if (is_zero_ether_addr(local->hw.wiphy->addr_mask) &&
2127         local->hw.wiphy->n_addresses <= 1)
2128         return;
2129
2130     mutex_lock(&local->iflist_mtx);
2131
2132     switch (type) {
2133     case NL80211_IFTYPE_MONITOR:
2134         /* doesn't matter */
2135         break;
2136     case NL80211_IFTYPE_AP_VLAN:
2137         /* match up with an AP interface */
2138         list_for_each_entry(sdata, &local->interfaces, list) {
2139             if (sdata->vif.type != NL80211_IFTYPE_AP)
2140                 continue;
2141             memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2142             break;
2143         }
2144         /* keep default if no AP interface present */
2145         break;
2146     case NL80211_IFTYPE_P2P_CLIENT:
2147     case NL80211_IFTYPE_P2P_GO:
2148         if (ieee80211_hw_check(&local->hw, P2P_DEV_ADDR_FOR_INTF)) {
2149             list_for_each_entry(sdata, &local->interfaces, list) {
2150                 if (sdata->vif.type != NL80211_IFTYPE_P2P_DEVICE)
2151                     continue;
2152                 if (!ieee80211_sdata_running(sdata))
2153                     continue;
2154                 memcpy(perm_addr, sdata->vif.addr, ETH_ALEN);
2155                 goto out_unlock;
2156             }
2157         }
2158         fallthrough;
2159     default:
2160         /* assign a new address if possible -- try n_addresses first */
2161         for (i = 0; i < local->hw.wiphy->n_addresses; i++) {
2162             bool used = false;
2163
2164             list_for_each_entry(sdata, &local->interfaces, list) {
2165                 if (ether_addr_equal(local->hw.wiphy->addresses[i].addr,
2166                              sdata->vif.addr)) {
2167                     used = true;
2168                     break;
2169                 }
2170             }
2171
2172             if (!used) {
2173                 memcpy(perm_addr,
2174                        local->hw.wiphy->addresses[i].addr,
2175                        ETH_ALEN);
2176                 break;
2177             }
2178         }
2179
2180         /* try mask if available */
2181         if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
2182             break;
2183
2184         m = local->hw.wiphy->addr_mask;
2185         mask =  ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2186             ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2187             ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2188
2189         if (__ffs64(mask) + hweight64(mask) != fls64(mask)) {
2190             /* not a contiguous mask ... not handled now! */
2191             pr_info("not contiguous\n");
2192             break;
2193         }
2194
2195         /*
2196          * Pick address of existing interface in case user changed
2197          * MAC address manually, default to perm_addr.
2198          */
2199         m = local->hw.wiphy->perm_addr;
2200         list_for_each_entry(sdata, &local->interfaces, list) {
2201             if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
2202                 continue;
2203             m = sdata->vif.addr;
2204             break;
2205         }
2206         start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
2207             ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
2208             ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
2209
2210         inc = 1ULL<<__ffs64(mask);
2211         val = (start & mask);
2212         addr = (start & ~mask) | (val & mask);
2213         do {
2214             bool used = false;
2215
2216             tmp_addr[5] = addr >> 0*8;
2217             tmp_addr[4] = addr >> 1*8;
2218             tmp_addr[3] = addr >> 2*8;
2219             tmp_addr[2] = addr >> 3*8;
2220             tmp_addr[1] = addr >> 4*8;
2221             tmp_addr[0] = addr >> 5*8;
2222
2223             val += inc;
2224
2225             list_for_each_entry(sdata, &local->interfaces, list) {
2226                 if (ether_addr_equal(tmp_addr, sdata->vif.addr)) {
2227                     used = true;
2228                     break;
2229                 }
2230             }
2231
2232             if (!used) {
2233                 memcpy(perm_addr, tmp_addr, ETH_ALEN);
2234                 break;
2235             }
2236             addr = (start & ~mask) | (val & mask);
2237         } while (addr != start);
2238
2239         break;
2240     }
2241
2242  out_unlock:
2243     mutex_unlock(&local->iflist_mtx);
2244 }
2245
2246 int ieee80211_if_add(struct ieee80211_local *local, const char *name,
2247              unsigned char name_assign_type,
2248              struct wireless_dev **new_wdev, enum nl80211_iftype type,
2249              struct vif_params *params)
2250 {
2251     struct net_device *ndev = NULL;
2252     struct ieee80211_sub_if_data *sdata = NULL;
2253     struct txq_info *txqi;
2254     void (*if_setup)(struct net_device *dev);
2255     int ret, i;
2256     int txqs = 1;
2257
2258     ASSERT_RTNL();
2259
2260     if (type == NL80211_IFTYPE_P2P_DEVICE || type == NL80211_IFTYPE_NAN) {
2261         struct wireless_dev *wdev;
2262
2263         sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size,
2264                 GFP_KERNEL);
2265         if (!sdata)
2266             return -ENOMEM;
2267         wdev = &sdata->wdev;
2268
2269         sdata->dev = NULL;
2270         strlcpy(sdata->name, name, IFNAMSIZ);
2271         ieee80211_assign_perm_addr(local, wdev->address, type);
2272         memcpy(sdata->vif.addr, wdev->address, ETH_ALEN);
2273         ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2274     } else {
2275         int size = ALIGN(sizeof(*sdata) + local->hw.vif_data_size,
2276                  sizeof(void *));
2277         int txq_size = 0;
2278
2279         if (local->ops->wake_tx_queue &&
2280             type != NL80211_IFTYPE_AP_VLAN &&
2281             (type != NL80211_IFTYPE_MONITOR ||
2282              (params->flags & MONITOR_FLAG_ACTIVE)))
2283             txq_size += sizeof(struct txq_info) +
2284                     local->hw.txq_data_size;
2285
2286         if (local->ops->wake_tx_queue) {
2287             if_setup = ieee80211_if_setup_no_queue;
2288         } else {
2289             if_setup = ieee80211_if_setup;
2290             if (local->hw.queues >= IEEE80211_NUM_ACS)
2291                 txqs = IEEE80211_NUM_ACS;
2292         }
2293
2294         ndev = alloc_netdev_mqs(size + txq_size,
2295                     name, name_assign_type,
2296                     if_setup, txqs, 1);
2297         if (!ndev)
2298             return -ENOMEM;
2299
2300         if (!local->ops->wake_tx_queue && local->hw.wiphy->tx_queue_len)
2301             ndev->tx_queue_len = local->hw.wiphy->tx_queue_len;
2302
2303         dev_net_set(ndev, wiphy_net(local->hw.wiphy));
2304
2305         ndev->tstats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
2306         if (!ndev->tstats) {
2307             free_netdev(ndev);
2308             return -ENOMEM;
2309         }
2310
2311         ndev->needed_headroom = local->tx_headroom +
2312                     4*6 /* four MAC addresses */
2313                     + 2 + 2 + 2 + 2 /* ctl, dur, seq, qos */
2314                     + 6 /* mesh */
2315                     + 8 /* rfc1042/bridge tunnel */
2316                     - ETH_HLEN /* ethernet hard_header_len */
2317                     + IEEE80211_ENCRYPT_HEADROOM;
2318         ndev->needed_tailroom = IEEE80211_ENCRYPT_TAILROOM;
2319
2320         ret = dev_alloc_name(ndev, ndev->name);
2321         if (ret < 0) {
2322             ieee80211_if_free(ndev);
2323             free_netdev(ndev);
2324             return ret;
2325         }
2326
2327         ieee80211_assign_perm_addr(local, ndev->perm_addr, type);
2328         if (is_valid_ether_addr(params->macaddr))
2329             eth_hw_addr_set(ndev, params->macaddr);
2330         else
2331             eth_hw_addr_set(ndev, ndev->perm_addr);
2332         SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
2333
2334         /* don't use IEEE80211_DEV_TO_SUB_IF -- it checks too much */
2335         sdata = netdev_priv(ndev);
2336         ndev->ieee80211_ptr = &sdata->wdev;
2337         memcpy(sdata->vif.addr, ndev->dev_addr, ETH_ALEN);
2338         ether_addr_copy(sdata->vif.bss_conf.addr, sdata->vif.addr);
2339         memcpy(sdata->name, ndev->name, IFNAMSIZ);
2340
2341         if (txq_size) {
2342             txqi = netdev_priv(ndev) + size;
2343             ieee80211_txq_init(sdata, NULL, txqi, 0);
2344         }
2345
2346         sdata->dev = ndev;
2347     }
2348
2349     /* initialise type-independent data */
2350     sdata->wdev.wiphy = local->hw.wiphy;
2351
2352     ieee80211_sdata_init(local, sdata);
2353
2354     ieee80211_init_frag_cache(&sdata->frags);
2355
2356     INIT_LIST_HEAD(&sdata->key_list);
2357
2358     INIT_DELAYED_WORK(&sdata->dec_tailroom_needed_wk,
2359               ieee80211_delayed_tailroom_dec);
2360
2361     for (i = 0; i < NUM_NL80211_BANDS; i++) {
2362         struct ieee80211_supported_band *sband;
2363         sband = local->hw.wiphy->bands[i];
2364         sdata->rc_rateidx_mask[i] =
2365             sband ? (1 << sband->n_bitrates) - 1 : 0;
2366         if (sband) {
2367             __le16 cap;
2368             u16 *vht_rate_mask;
2369
2370             memcpy(sdata->rc_rateidx_mcs_mask[i],
2371                    sband->ht_cap.mcs.rx_mask,
2372                    sizeof(sdata->rc_rateidx_mcs_mask[i]));
2373
2374             cap = sband->vht_cap.vht_mcs.rx_mcs_map;
2375             vht_rate_mask = sdata->rc_rateidx_vht_mcs_mask[i];
2376             ieee80211_get_vht_mask_from_cap(cap, vht_rate_mask);
2377         } else {
2378             memset(sdata->rc_rateidx_mcs_mask[i], 0,
2379                    sizeof(sdata->rc_rateidx_mcs_mask[i]));
2380             memset(sdata->rc_rateidx_vht_mcs_mask[i], 0,
2381                    sizeof(sdata->rc_rateidx_vht_mcs_mask[i]));
2382         }
2383     }
2384
2385     ieee80211_set_default_queues(sdata);
2386
2387     sdata->deflink.ap_power_level = IEEE80211_UNSET_POWER_LEVEL;
2388     sdata->deflink.user_power_level = local->user_power_level;
2389
2390     /* setup type-dependent data */
2391     ieee80211_setup_sdata(sdata, type);
2392
2393     if (ndev) {
2394         ndev->ieee80211_ptr->use_4addr = params->use_4addr;
2395         if (type == NL80211_IFTYPE_STATION)
2396             sdata->u.mgd.use_4addr = params->use_4addr;
2397
2398         ndev->features |= local->hw.netdev_features;
2399         ndev->hw_features |= ndev->features &
2400                     MAC80211_SUPPORTED_FEATURES_TX;
2401
2402         netdev_set_default_ethtool_ops(ndev, &ieee80211_ethtool_ops);
2403
2404         /* MTU range is normally 256 - 2304, where the upper limit is
2405          * the maximum MSDU size. Monitor interfaces send and receive
2406          * MPDU and A-MSDU frames which may be much larger so we do
2407          * not impose an upper limit in that case.
2408          */
2409         ndev->min_mtu = 256;
2410         if (type == NL80211_IFTYPE_MONITOR)
2411             ndev->max_mtu = 0;
2412         else
2413             ndev->max_mtu = local->hw.max_mtu;
2414
2415         ret = cfg80211_register_netdevice(ndev);
2416         if (ret) {
2417             free_netdev(ndev);
2418             return ret;
2419         }
2420     }
2421
2422     mutex_lock(&local->iflist_mtx);
2423     list_add_tail_rcu(&sdata->list, &local->interfaces);
2424     mutex_unlock(&local->iflist_mtx);
2425
2426     if (new_wdev)
2427         *new_wdev = &sdata->wdev;
2428
2429     return 0;
2430 }
2431
2432 void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata)
2433 {
2434     ASSERT_RTNL();
2435
2436     mutex_lock(&sdata->local->iflist_mtx);
2437     list_del_rcu(&sdata->list);
2438     mutex_unlock(&sdata->local->iflist_mtx);
2439
2440     if (sdata->vif.txq)
2441         ieee80211_txq_purge(sdata->local, to_txq_info(sdata->vif.txq));
2442
2443     synchronize_rcu();
2444
2445     cfg80211_unregister_wdev(&sdata->wdev);
2446
2447     if (!sdata->dev) {
2448         ieee80211_teardown_sdata(sdata);
2449         kfree(sdata);
2450     }
2451 }
2452
2453 void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata)
2454 {
2455     if (WARN_ON_ONCE(!test_bit(SDATA_STATE_RUNNING, &sdata->state)))
2456         return;
2457     ieee80211_do_stop(sdata, true);
2458 }
2459
2460 void ieee80211_remove_interfaces(struct ieee80211_local *local)
2461 {
2462     struct ieee80211_sub_if_data *sdata, *tmp;
2463     LIST_HEAD(unreg_list);
2464     LIST_HEAD(wdev_list);
2465
2466     ASSERT_RTNL();
2467
2468     /* Before destroying the interfaces, make sure they're all stopped so
2469      * that the hardware is stopped. Otherwise, the driver might still be
2470      * iterating the interfaces during the shutdown, e.g. from a worker
2471      * or from RX processing or similar, and if it does so (using atomic
2472      * iteration) while we're manipulating the list, the iteration will
2473      * crash.
2474      *
2475      * After this, the hardware should be stopped and the driver should
2476      * have stopped all of its activities, so that we can do RCU-unaware
2477      * manipulations of the interface list below.
2478      */
2479     cfg80211_shutdown_all_interfaces(local->hw.wiphy);
2480
2481     WARN(local->open_count, "%s: open count remains %d\n",
2482          wiphy_name(local->hw.wiphy), local->open_count);
2483
2484     ieee80211_txq_teardown_flows(local);
2485
2486     mutex_lock(&local->iflist_mtx);
2487     list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
2488         list_del(&sdata->list);
2489
2490         if (sdata->dev)
2491             unregister_netdevice_queue(sdata->dev, &unreg_list);
2492         else
2493             list_add(&sdata->list, &wdev_list);
2494     }
2495     mutex_unlock(&local->iflist_mtx);
2496
2497     unregister_netdevice_many(&unreg_list);
2498
2499     wiphy_lock(local->hw.wiphy);
2500     list_for_each_entry_safe(sdata, tmp, &wdev_list, list) {
2501         list_del(&sdata->list);
2502         cfg80211_unregister_wdev(&sdata->wdev);
2503         kfree(sdata);
2504     }
2505     wiphy_unlock(local->hw.wiphy);
2506 }
2507
2508 static int netdev_notify(struct notifier_block *nb,
2509              unsigned long state, void *ptr)
2510 {
2511     struct net_device *dev = netdev_notifier_info_to_dev(ptr);
2512     struct ieee80211_sub_if_data *sdata;
2513
2514     if (state != NETDEV_CHANGENAME)
2515         return NOTIFY_DONE;
2516
2517     if (!dev->ieee80211_ptr || !dev->ieee80211_ptr->wiphy)
2518         return NOTIFY_DONE;
2519
2520     if (dev->ieee80211_ptr->wiphy->privid != mac80211_wiphy_privid)
2521         return NOTIFY_DONE;
2522
2523     sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2524     memcpy(sdata->name, dev->name, IFNAMSIZ);
2525     ieee80211_debugfs_rename_netdev(sdata);
2526
2527     return NOTIFY_OK;
2528 }
2529
2530 static struct notifier_block mac80211_netdev_notifier = {
2531     .notifier_call = netdev_notify,
2532 };
2533
2534 int ieee80211_iface_init(void)
2535 {
2536     return register_netdevice_notifier(&mac80211_netdev_notifier);
2537 }
2538
2539 void ieee80211_iface_exit(void)
2540 {
2541     unregister_netdevice_notifier(&mac80211_netdev_notifier);
2542 }
2543
2544 void ieee80211_vif_inc_num_mcast(struct ieee80211_sub_if_data *sdata)
2545 {
2546     if (sdata->vif.type == NL80211_IFTYPE_AP)
2547         atomic_inc(&sdata->u.ap.num_mcast_sta);
2548     else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2549         atomic_inc(&sdata->u.vlan.num_mcast_sta);
2550 }
2551
2552 void ieee80211_vif_dec_num_mcast(struct ieee80211_sub_if_data *sdata)
2553 {
2554     if (sdata->vif.type == NL80211_IFTYPE_AP)
2555         atomic_dec(&sdata->u.ap.num_mcast_sta);
2556     else if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2557         atomic_dec(&sdata->u.vlan.num_mcast_sta);
2558 }