net/mac80211/offchannel.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Off-channel operation helpers
0004  *
0005  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
0006  * Copyright 2004, Instant802 Networks, Inc.
0007  * Copyright 2005, Devicescape Software, Inc.
0008  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
0009  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
0010  * Copyright 2009   Johannes Berg <johannes@sipsolutions.net>
0011  * Copyright (C) 2019, 2022 Intel Corporation
0012  */
0013 #include <linux/export.h>
0014 #include <net/mac80211.h>
0015 #include "ieee80211_i.h"
0016 #include "driver-ops.h"
0017
0018 /*
0019  * Tell our hardware to disable PS.
0020  * Optionally inform AP that we will go to sleep so that it will buffer
0021  * the frames while we are doing off-channel work.  This is optional
0022  * because we *may* be doing work on-operating channel, and want our
0023  * hardware unconditionally awake, but still let the AP send us normal frames.
0024  */
0025 static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
0026 {
0027     struct ieee80211_local *local = sdata->local;
0028     struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
0029     bool offchannel_ps_enabled = false;
0030
0031     /* FIXME: what to do when local->pspolling is true? */
0032
0033     del_timer_sync(&local->dynamic_ps_timer);
0034     del_timer_sync(&ifmgd->bcn_mon_timer);
0035     del_timer_sync(&ifmgd->conn_mon_timer);
0036
0037     cancel_work_sync(&local->dynamic_ps_enable_work);
0038
0039     if (local->hw.conf.flags & IEEE80211_CONF_PS) {
0040         offchannel_ps_enabled = true;
0041         local->hw.conf.flags &= ~IEEE80211_CONF_PS;
0042         ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
0043     }
0044
0045     if (!offchannel_ps_enabled ||
0046         !ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
0047         /*
0048          * If power save was enabled, no need to send a nullfunc
0049          * frame because AP knows that we are sleeping. But if the
0050          * hardware is creating the nullfunc frame for power save
0051          * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
0052          * enabled) and power save was enabled, the firmware just
0053          * sent a null frame with power save disabled. So we need
0054          * to send a new nullfunc frame to inform the AP that we
0055          * are again sleeping.
0056          */
0057         ieee80211_send_nullfunc(local, sdata, true);
0058 }
0059
0060 /* inform AP that we are awake again */
0061 static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
0062 {
0063     struct ieee80211_local *local = sdata->local;
0064
0065     if (!local->ps_sdata)
0066         ieee80211_send_nullfunc(local, sdata, false);
0067     else if (local->hw.conf.dynamic_ps_timeout > 0) {
0068         /*
0069          * the dynamic_ps_timer had been running before leaving the
0070          * operating channel, restart the timer now and send a nullfunc
0071          * frame to inform the AP that we are awake so that AP sends
0072          * the buffered packets (if any).
0073          */
0074         ieee80211_send_nullfunc(local, sdata, false);
0075         mod_timer(&local->dynamic_ps_timer, jiffies +
0076               msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
0077     }
0078
0079     ieee80211_sta_reset_beacon_monitor(sdata);
0080     ieee80211_sta_reset_conn_monitor(sdata);
0081 }
0082
0083 void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local)
0084 {
0085     struct ieee80211_sub_if_data *sdata;
0086
0087     if (WARN_ON(local->use_chanctx))
0088         return;
0089
0090     /*
0091      * notify the AP about us leaving the channel and stop all
0092      * STA interfaces.
0093      */
0094
0095     /*
0096      * Stop queues and transmit all frames queued by the driver
0097      * before sending nullfunc to enable powersave at the AP.
0098      */
0099     ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
0100                     IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
0101                     false);
0102     ieee80211_flush_queues(local, NULL, false);
0103
0104     mutex_lock(&local->iflist_mtx);
0105     list_for_each_entry(sdata, &local->interfaces, list) {
0106         if (!ieee80211_sdata_running(sdata))
0107             continue;
0108
0109         if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE ||
0110             sdata->vif.type == NL80211_IFTYPE_NAN)
0111             continue;
0112
0113         if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
0114             set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
0115
0116         /* Check to see if we should disable beaconing. */
0117         if (sdata->vif.bss_conf.enable_beacon) {
0118             set_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
0119                 &sdata->state);
0120             sdata->vif.bss_conf.enable_beacon = false;
0121             ieee80211_link_info_change_notify(
0122                 sdata, &sdata->deflink,
0123                 BSS_CHANGED_BEACON_ENABLED);
0124         }
0125
0126         if (sdata->vif.type == NL80211_IFTYPE_STATION &&
0127             sdata->u.mgd.associated)
0128             ieee80211_offchannel_ps_enable(sdata);
0129     }
0130     mutex_unlock(&local->iflist_mtx);
0131 }
0132
0133 void ieee80211_offchannel_return(struct ieee80211_local *local)
0134 {
0135     struct ieee80211_sub_if_data *sdata;
0136
0137     if (WARN_ON(local->use_chanctx))
0138         return;
0139
0140     mutex_lock(&local->iflist_mtx);
0141     list_for_each_entry(sdata, &local->interfaces, list) {
0142         if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
0143             continue;
0144
0145         if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
0146             clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
0147
0148         if (!ieee80211_sdata_running(sdata))
0149             continue;
0150
0151         /* Tell AP we're back */
0152         if (sdata->vif.type == NL80211_IFTYPE_STATION &&
0153             sdata->u.mgd.associated)
0154             ieee80211_offchannel_ps_disable(sdata);
0155
0156         if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
0157                        &sdata->state)) {
0158             sdata->vif.bss_conf.enable_beacon = true;
0159             ieee80211_link_info_change_notify(
0160                 sdata, &sdata->deflink,
0161                 BSS_CHANGED_BEACON_ENABLED);
0162         }
0163     }
0164     mutex_unlock(&local->iflist_mtx);
0165
0166     ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
0167                     IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
0168                     false);
0169 }
0170
0171 static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
0172 {
0173     /* was never transmitted */
0174     if (roc->frame) {
0175         cfg80211_mgmt_tx_status(&roc->sdata->wdev, roc->mgmt_tx_cookie,
0176                     roc->frame->data, roc->frame->len,
0177                     false, GFP_KERNEL);
0178         ieee80211_free_txskb(&roc->sdata->local->hw, roc->frame);
0179     }
0180
0181     if (!roc->mgmt_tx_cookie)
0182         cfg80211_remain_on_channel_expired(&roc->sdata->wdev,
0183                            roc->cookie, roc->chan,
0184                            GFP_KERNEL);
0185     else
0186         cfg80211_tx_mgmt_expired(&roc->sdata->wdev,
0187                      roc->mgmt_tx_cookie,
0188                      roc->chan, GFP_KERNEL);
0189
0190     list_del(&roc->list);
0191     kfree(roc);
0192 }
0193
0194 static unsigned long ieee80211_end_finished_rocs(struct ieee80211_local *local,
0195                          unsigned long now)
0196 {
0197     struct ieee80211_roc_work *roc, *tmp;
0198     long remaining_dur_min = LONG_MAX;
0199
0200     lockdep_assert_held(&local->mtx);
0201
0202     list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
0203         long remaining;
0204
0205         if (!roc->started)
0206             break;
0207
0208         remaining = roc->start_time +
0209                 msecs_to_jiffies(roc->duration) -
0210                 now;
0211
0212         /* In case of HW ROC, it is possible that the HW finished the
0213          * ROC session before the actual requested time. In such a case
0214          * end the ROC session (disregarding the remaining time).
0215          */
0216         if (roc->abort || roc->hw_begun || remaining <= 0)
0217             ieee80211_roc_notify_destroy(roc);
0218         else
0219             remaining_dur_min = min(remaining_dur_min, remaining);
0220     }
0221
0222     return remaining_dur_min;
0223 }
0224
0225 static bool ieee80211_recalc_sw_work(struct ieee80211_local *local,
0226                      unsigned long now)
0227 {
0228     long dur = ieee80211_end_finished_rocs(local, now);
0229
0230     if (dur == LONG_MAX)
0231         return false;
0232
0233     mod_delayed_work(local->workqueue, &local->roc_work, dur);
0234     return true;
0235 }
0236
0237 static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
0238                      unsigned long start_time)
0239 {
0240     if (WARN_ON(roc->notified))
0241         return;
0242
0243     roc->start_time = start_time;
0244     roc->started = true;
0245
0246     if (roc->mgmt_tx_cookie) {
0247         if (!WARN_ON(!roc->frame)) {
0248             ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7,
0249                           roc->chan->band);
0250             roc->frame = NULL;
0251         }
0252     } else {
0253         cfg80211_ready_on_channel(&roc->sdata->wdev, roc->cookie,
0254                       roc->chan, roc->req_duration,
0255                       GFP_KERNEL);
0256     }
0257
0258     roc->notified = true;
0259 }
0260
0261 static void ieee80211_hw_roc_start(struct work_struct *work)
0262 {
0263     struct ieee80211_local *local =
0264         container_of(work, struct ieee80211_local, hw_roc_start);
0265     struct ieee80211_roc_work *roc;
0266
0267     mutex_lock(&local->mtx);
0268
0269     list_for_each_entry(roc, &local->roc_list, list) {
0270         if (!roc->started)
0271             break;
0272
0273         roc->hw_begun = true;
0274         ieee80211_handle_roc_started(roc, local->hw_roc_start_time);
0275     }
0276
0277     mutex_unlock(&local->mtx);
0278 }
0279
0280 void ieee80211_ready_on_channel(struct ieee80211_hw *hw)
0281 {
0282     struct ieee80211_local *local = hw_to_local(hw);
0283
0284     local->hw_roc_start_time = jiffies;
0285
0286     trace_api_ready_on_channel(local);
0287
0288     ieee80211_queue_work(hw, &local->hw_roc_start);
0289 }
0290 EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel);
0291
0292 static void _ieee80211_start_next_roc(struct ieee80211_local *local)
0293 {
0294     struct ieee80211_roc_work *roc, *tmp;
0295     enum ieee80211_roc_type type;
0296     u32 min_dur, max_dur;
0297
0298     lockdep_assert_held(&local->mtx);
0299
0300     if (WARN_ON(list_empty(&local->roc_list)))
0301         return;
0302
0303     roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
0304                    list);
0305
0306     if (WARN_ON(roc->started))
0307         return;
0308
0309     min_dur = roc->duration;
0310     max_dur = roc->duration;
0311     type = roc->type;
0312
0313     list_for_each_entry(tmp, &local->roc_list, list) {
0314         if (tmp == roc)
0315             continue;
0316         if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
0317             break;
0318         max_dur = max(tmp->duration, max_dur);
0319         min_dur = min(tmp->duration, min_dur);
0320         type = max(tmp->type, type);
0321     }
0322
0323     if (local->ops->remain_on_channel) {
0324         int ret = drv_remain_on_channel(local, roc->sdata, roc->chan,
0325                         max_dur, type);
0326
0327         if (ret) {
0328             wiphy_warn(local->hw.wiphy,
0329                    "failed to start next HW ROC (%d)\n", ret);
0330             /*
0331              * queue the work struct again to avoid recursion
0332              * when multiple failures occur
0333              */
0334             list_for_each_entry(tmp, &local->roc_list, list) {
0335                 if (tmp->sdata != roc->sdata ||
0336                     tmp->chan != roc->chan)
0337                     break;
0338                 tmp->started = true;
0339                 tmp->abort = true;
0340             }
0341             ieee80211_queue_work(&local->hw, &local->hw_roc_done);
0342             return;
0343         }
0344
0345         /* we'll notify about the start once the HW calls back */
0346         list_for_each_entry(tmp, &local->roc_list, list) {
0347             if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
0348                 break;
0349             tmp->started = true;
0350         }
0351     } else {
0352         /* If actually operating on the desired channel (with at least
0353          * 20 MHz channel width) don't stop all the operations but still
0354          * treat it as though the ROC operation started properly, so
0355          * other ROC operations won't interfere with this one.
0356          */
0357         roc->on_channel = roc->chan == local->_oper_chandef.chan &&
0358                   local->_oper_chandef.width != NL80211_CHAN_WIDTH_5 &&
0359                   local->_oper_chandef.width != NL80211_CHAN_WIDTH_10;
0360
0361         /* start this ROC */
0362         ieee80211_recalc_idle(local);
0363
0364         if (!roc->on_channel) {
0365             ieee80211_offchannel_stop_vifs(local);
0366
0367             local->tmp_channel = roc->chan;
0368             ieee80211_hw_config(local, 0);
0369         }
0370
0371         ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
0372                          msecs_to_jiffies(min_dur));
0373
0374         /* tell userspace or send frame(s) */
0375         list_for_each_entry(tmp, &local->roc_list, list) {
0376             if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
0377                 break;
0378
0379             tmp->on_channel = roc->on_channel;
0380             ieee80211_handle_roc_started(tmp, jiffies);
0381         }
0382     }
0383 }
0384
0385 void ieee80211_start_next_roc(struct ieee80211_local *local)
0386 {
0387     struct ieee80211_roc_work *roc;
0388
0389     lockdep_assert_held(&local->mtx);
0390
0391     if (list_empty(&local->roc_list)) {
0392         ieee80211_run_deferred_scan(local);
0393         return;
0394     }
0395
0396     /* defer roc if driver is not started (i.e. during reconfig) */
0397     if (local->in_reconfig)
0398         return;
0399
0400     roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
0401                    list);
0402
0403     if (WARN_ON_ONCE(roc->started))
0404         return;
0405
0406     if (local->ops->remain_on_channel) {
0407         _ieee80211_start_next_roc(local);
0408     } else {
0409         /* delay it a bit */
0410         ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
0411                          round_jiffies_relative(HZ/2));
0412     }
0413 }
0414
0415 static void __ieee80211_roc_work(struct ieee80211_local *local)
0416 {
0417     struct ieee80211_roc_work *roc;
0418     bool on_channel;
0419
0420     lockdep_assert_held(&local->mtx);
0421
0422     if (WARN_ON(local->ops->remain_on_channel))
0423         return;
0424
0425     roc = list_first_entry_or_null(&local->roc_list,
0426                        struct ieee80211_roc_work, list);
0427     if (!roc)
0428         return;
0429
0430     if (!roc->started) {
0431         WARN_ON(local->use_chanctx);
0432         _ieee80211_start_next_roc(local);
0433     } else {
0434         on_channel = roc->on_channel;
0435         if (ieee80211_recalc_sw_work(local, jiffies))
0436             return;
0437
0438         /* careful - roc pointer became invalid during recalc */
0439
0440         if (!on_channel) {
0441             ieee80211_flush_queues(local, NULL, false);
0442
0443             local->tmp_channel = NULL;
0444             ieee80211_hw_config(local, 0);
0445
0446             ieee80211_offchannel_return(local);
0447         }
0448
0449         ieee80211_recalc_idle(local);
0450         ieee80211_start_next_roc(local);
0451     }
0452 }
0453
0454 static void ieee80211_roc_work(struct work_struct *work)
0455 {
0456     struct ieee80211_local *local =
0457         container_of(work, struct ieee80211_local, roc_work.work);
0458
0459     mutex_lock(&local->mtx);
0460     __ieee80211_roc_work(local);
0461     mutex_unlock(&local->mtx);
0462 }
0463
0464 static void ieee80211_hw_roc_done(struct work_struct *work)
0465 {
0466     struct ieee80211_local *local =
0467         container_of(work, struct ieee80211_local, hw_roc_done);
0468
0469     mutex_lock(&local->mtx);
0470
0471     ieee80211_end_finished_rocs(local, jiffies);
0472
0473     /* if there's another roc, start it now */
0474     ieee80211_start_next_roc(local);
0475
0476     mutex_unlock(&local->mtx);
0477 }
0478
0479 void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw)
0480 {
0481     struct ieee80211_local *local = hw_to_local(hw);
0482
0483     trace_api_remain_on_channel_expired(local);
0484
0485     ieee80211_queue_work(hw, &local->hw_roc_done);
0486 }
0487 EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired);
0488
0489 static bool
0490 ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local,
0491                   struct ieee80211_roc_work *new_roc,
0492                   struct ieee80211_roc_work *cur_roc)
0493 {
0494     unsigned long now = jiffies;
0495     unsigned long remaining;
0496
0497     if (WARN_ON(!cur_roc->started))
0498         return false;
0499
0500     /* if it was scheduled in the hardware, but not started yet,
0501      * we can only combine if the older one had a longer duration
0502      */
0503     if (!cur_roc->hw_begun && new_roc->duration > cur_roc->duration)
0504         return false;
0505
0506     remaining = cur_roc->start_time +
0507             msecs_to_jiffies(cur_roc->duration) -
0508             now;
0509
0510     /* if it doesn't fit entirely, schedule a new one */
0511     if (new_roc->duration > jiffies_to_msecs(remaining))
0512         return false;
0513
0514     /* add just after the current one so we combine their finish later */
0515     list_add(&new_roc->list, &cur_roc->list);
0516
0517     /* if the existing one has already begun then let this one also
0518      * begin, otherwise they'll both be marked properly by the work
0519      * struct that runs once the driver notifies us of the beginning
0520      */
0521     if (cur_roc->hw_begun) {
0522         new_roc->hw_begun = true;
0523         ieee80211_handle_roc_started(new_roc, now);
0524     }
0525
0526     return true;
0527 }
0528
0529 static int ieee80211_start_roc_work(struct ieee80211_local *local,
0530                     struct ieee80211_sub_if_data *sdata,
0531                     struct ieee80211_channel *channel,
0532                     unsigned int duration, u64 *cookie,
0533                     struct sk_buff *txskb,
0534                     enum ieee80211_roc_type type)
0535 {
0536     struct ieee80211_roc_work *roc, *tmp;
0537     bool queued = false, combine_started = true;
0538     int ret;
0539
0540     lockdep_assert_held(&local->mtx);
0541
0542     if (channel->freq_offset)
0543         /* this may work, but is untested */
0544         return -EOPNOTSUPP;
0545
0546     if (local->use_chanctx && !local->ops->remain_on_channel)
0547         return -EOPNOTSUPP;
0548
0549     roc = kzalloc(sizeof(*roc), GFP_KERNEL);
0550     if (!roc)
0551         return -ENOMEM;
0552
0553     /*
0554      * If the duration is zero, then the driver
0555      * wouldn't actually do anything. Set it to
0556      * 10 for now.
0557      *
0558      * TODO: cancel the off-channel operation
0559      *       when we get the SKB's TX status and
0560      *       the wait time was zero before.
0561      */
0562     if (!duration)
0563         duration = 10;
0564
0565     roc->chan = channel;
0566     roc->duration = duration;
0567     roc->req_duration = duration;
0568     roc->frame = txskb;
0569     roc->type = type;
0570     roc->sdata = sdata;
0571
0572     /*
0573      * cookie is either the roc cookie (for normal roc)
0574      * or the SKB (for mgmt TX)
0575      */
0576     if (!txskb) {
0577         roc->cookie = ieee80211_mgmt_tx_cookie(local);
0578         *cookie = roc->cookie;
0579     } else {
0580         roc->mgmt_tx_cookie = *cookie;
0581     }
0582
0583     /* if there's no need to queue, handle it immediately */
0584     if (list_empty(&local->roc_list) &&
0585         !local->scanning && !ieee80211_is_radar_required(local)) {
0586         /* if not HW assist, just queue & schedule work */
0587         if (!local->ops->remain_on_channel) {
0588             list_add_tail(&roc->list, &local->roc_list);
0589             ieee80211_queue_delayed_work(&local->hw,
0590                              &local->roc_work, 0);
0591         } else {
0592             /* otherwise actually kick it off here
0593              * (for error handling)
0594              */
0595             ret = drv_remain_on_channel(local, sdata, channel,
0596                             duration, type);
0597             if (ret) {
0598                 kfree(roc);
0599                 return ret;
0600             }
0601             roc->started = true;
0602             list_add_tail(&roc->list, &local->roc_list);
0603         }
0604
0605         return 0;
0606     }
0607
0608     /* otherwise handle queueing */
0609
0610     list_for_each_entry(tmp, &local->roc_list, list) {
0611         if (tmp->chan != channel || tmp->sdata != sdata)
0612             continue;
0613
0614         /*
0615          * Extend this ROC if possible: If it hasn't started, add
0616          * just after the new one to combine.
0617          */
0618         if (!tmp->started) {
0619             list_add(&roc->list, &tmp->list);
0620             queued = true;
0621             break;
0622         }
0623
0624         if (!combine_started)
0625             continue;
0626
0627         if (!local->ops->remain_on_channel) {
0628             /* If there's no hardware remain-on-channel, and
0629              * doing so won't push us over the maximum r-o-c
0630              * we allow, then we can just add the new one to
0631              * the list and mark it as having started now.
0632              * If it would push over the limit, don't try to
0633              * combine with other started ones (that haven't
0634              * been running as long) but potentially sort it
0635              * with others that had the same fate.
0636              */
0637             unsigned long now = jiffies;
0638             u32 elapsed = jiffies_to_msecs(now - tmp->start_time);
0639             struct wiphy *wiphy = local->hw.wiphy;
0640             u32 max_roc = wiphy->max_remain_on_channel_duration;
0641
0642             if (elapsed + roc->duration > max_roc) {
0643                 combine_started = false;
0644                 continue;
0645             }
0646
0647             list_add(&roc->list, &tmp->list);
0648             queued = true;
0649             roc->on_channel = tmp->on_channel;
0650             ieee80211_handle_roc_started(roc, now);
0651             ieee80211_recalc_sw_work(local, now);
0652             break;
0653         }
0654
0655         queued = ieee80211_coalesce_hw_started_roc(local, roc, tmp);
0656         if (queued)
0657             break;
0658         /* if it wasn't queued, perhaps it can be combined with
0659          * another that also couldn't get combined previously,
0660          * but no need to check for already started ones, since
0661          * that can't work.
0662          */
0663         combine_started = false;
0664     }
0665
0666     if (!queued)
0667         list_add_tail(&roc->list, &local->roc_list);
0668
0669     return 0;
0670 }
0671
0672 int ieee80211_remain_on_channel(struct wiphy *wiphy, struct wireless_dev *wdev,
0673                 struct ieee80211_channel *chan,
0674                 unsigned int duration, u64 *cookie)
0675 {
0676     struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
0677     struct ieee80211_local *local = sdata->local;
0678     int ret;
0679
0680     mutex_lock(&local->mtx);
0681     ret = ieee80211_start_roc_work(local, sdata, chan,
0682                        duration, cookie, NULL,
0683                        IEEE80211_ROC_TYPE_NORMAL);
0684     mutex_unlock(&local->mtx);
0685
0686     return ret;
0687 }
0688
0689 static int ieee80211_cancel_roc(struct ieee80211_local *local,
0690                 u64 cookie, bool mgmt_tx)
0691 {
0692     struct ieee80211_roc_work *roc, *tmp, *found = NULL;
0693     int ret;
0694
0695     if (!cookie)
0696         return -ENOENT;
0697
0698     flush_work(&local->hw_roc_start);
0699
0700     mutex_lock(&local->mtx);
0701     list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
0702         if (!mgmt_tx && roc->cookie != cookie)
0703             continue;
0704         else if (mgmt_tx && roc->mgmt_tx_cookie != cookie)
0705             continue;
0706
0707         found = roc;
0708         break;
0709     }
0710
0711     if (!found) {
0712         mutex_unlock(&local->mtx);
0713         return -ENOENT;
0714     }
0715
0716     if (!found->started) {
0717         ieee80211_roc_notify_destroy(found);
0718         goto out_unlock;
0719     }
0720
0721     if (local->ops->remain_on_channel) {
0722         ret = drv_cancel_remain_on_channel(local, roc->sdata);
0723         if (WARN_ON_ONCE(ret)) {
0724             mutex_unlock(&local->mtx);
0725             return ret;
0726         }
0727
0728         /* TODO:
0729          * if multiple items were combined here then we really shouldn't
0730          * cancel them all - we should wait for as much time as needed
0731          * for the longest remaining one, and only then cancel ...
0732          */
0733         list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
0734             if (!roc->started)
0735                 break;
0736             if (roc == found)
0737                 found = NULL;
0738             ieee80211_roc_notify_destroy(roc);
0739         }
0740
0741         /* that really must not happen - it was started */
0742         WARN_ON(found);
0743
0744         ieee80211_start_next_roc(local);
0745     } else {
0746         /* go through work struct to return to the operating channel */
0747         found->abort = true;
0748         mod_delayed_work(local->workqueue, &local->roc_work, 0);
0749     }
0750
0751  out_unlock:
0752     mutex_unlock(&local->mtx);
0753
0754     return 0;
0755 }
0756
0757 int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
0758                        struct wireless_dev *wdev, u64 cookie)
0759 {
0760     struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
0761     struct ieee80211_local *local = sdata->local;
0762
0763     return ieee80211_cancel_roc(local, cookie, false);
0764 }
0765
0766 int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
0767               struct cfg80211_mgmt_tx_params *params, u64 *cookie)
0768 {
0769     struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
0770     struct ieee80211_local *local = sdata->local;
0771     struct sk_buff *skb;
0772     struct sta_info *sta = NULL;
0773     const struct ieee80211_mgmt *mgmt = (void *)params->buf;
0774     bool need_offchan = false;
0775     bool mlo_sta = false;
0776     int link_id = -1;
0777     u32 flags;
0778     int ret;
0779     u8 *data;
0780
0781     if (params->dont_wait_for_ack)
0782         flags = IEEE80211_TX_CTL_NO_ACK;
0783     else
0784         flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
0785             IEEE80211_TX_CTL_REQ_TX_STATUS;
0786
0787     if (params->no_cck)
0788         flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
0789
0790     switch (sdata->vif.type) {
0791     case NL80211_IFTYPE_ADHOC:
0792         if (!sdata->vif.cfg.ibss_joined)
0793             need_offchan = true;
0794 #ifdef CONFIG_MAC80211_MESH
0795         fallthrough;
0796     case NL80211_IFTYPE_MESH_POINT:
0797         if (ieee80211_vif_is_mesh(&sdata->vif) &&
0798             !sdata->u.mesh.mesh_id_len)
0799             need_offchan = true;
0800 #endif
0801         fallthrough;
0802     case NL80211_IFTYPE_AP:
0803     case NL80211_IFTYPE_AP_VLAN:
0804     case NL80211_IFTYPE_P2P_GO:
0805         if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
0806             !ieee80211_vif_is_mesh(&sdata->vif) &&
0807             !sdata->bss->active)
0808             need_offchan = true;
0809
0810         rcu_read_lock();
0811         sta = sta_info_get_bss(sdata, mgmt->da);
0812         mlo_sta = sta && sta->sta.mlo;
0813
0814         if (!ieee80211_is_action(mgmt->frame_control) ||
0815             mgmt->u.action.category == WLAN_CATEGORY_PUBLIC ||
0816             mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED ||
0817             mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
0818             rcu_read_unlock();
0819             break;
0820         }
0821
0822         if (!sta) {
0823             rcu_read_unlock();
0824             return -ENOLINK;
0825         }
0826         if (params->link_id >= 0 &&
0827             !(sta->sta.valid_links & BIT(params->link_id))) {
0828             rcu_read_unlock();
0829             return -ENOLINK;
0830         }
0831         link_id = params->link_id;
0832         rcu_read_unlock();
0833         break;
0834     case NL80211_IFTYPE_STATION:
0835     case NL80211_IFTYPE_P2P_CLIENT:
0836         sdata_lock(sdata);
0837         if (!sdata->u.mgd.associated ||
0838             (params->offchan && params->wait &&
0839              local->ops->remain_on_channel &&
0840              memcmp(sdata->vif.cfg.ap_addr, mgmt->bssid, ETH_ALEN)))
0841             need_offchan = true;
0842         sdata_unlock(sdata);
0843         break;
0844     case NL80211_IFTYPE_P2P_DEVICE:
0845         need_offchan = true;
0846         break;
0847     case NL80211_IFTYPE_NAN:
0848     default:
0849         return -EOPNOTSUPP;
0850     }
0851
0852     /* configurations requiring offchan cannot work if no channel has been
0853      * specified
0854      */
0855     if (need_offchan && !params->chan)
0856         return -EINVAL;
0857
0858     mutex_lock(&local->mtx);
0859
0860     /* Check if the operating channel is the requested channel */
0861     if (!params->chan && mlo_sta) {
0862         need_offchan = false;
0863     } else if (!need_offchan) {
0864         struct ieee80211_chanctx_conf *chanctx_conf = NULL;
0865         int i;
0866
0867         rcu_read_lock();
0868         /* Check all the links first */
0869         for (i = 0; i < ARRAY_SIZE(sdata->vif.link_conf); i++) {
0870             struct ieee80211_bss_conf *conf;
0871
0872             conf = rcu_dereference(sdata->vif.link_conf[i]);
0873             if (!conf)
0874                 continue;
0875
0876             chanctx_conf = rcu_dereference(conf->chanctx_conf);
0877             if (!chanctx_conf)
0878                 continue;
0879
0880             if (mlo_sta && params->chan == chanctx_conf->def.chan &&
0881                 ether_addr_equal(sdata->vif.addr, mgmt->sa)) {
0882                 link_id = i;
0883                 break;
0884             }
0885
0886             if (ether_addr_equal(conf->addr, mgmt->sa))
0887                 break;
0888
0889             chanctx_conf = NULL;
0890         }
0891
0892         if (chanctx_conf) {
0893             need_offchan = params->chan &&
0894                        (params->chan !=
0895                     chanctx_conf->def.chan);
0896         } else {
0897             need_offchan = true;
0898         }
0899         rcu_read_unlock();
0900     }
0901
0902     if (need_offchan && !params->offchan) {
0903         ret = -EBUSY;
0904         goto out_unlock;
0905     }
0906
0907     skb = dev_alloc_skb(local->hw.extra_tx_headroom + params->len);
0908     if (!skb) {
0909         ret = -ENOMEM;
0910         goto out_unlock;
0911     }
0912     skb_reserve(skb, local->hw.extra_tx_headroom);
0913
0914     data = skb_put_data(skb, params->buf, params->len);
0915
0916     /* Update CSA counters */
0917     if (sdata->vif.bss_conf.csa_active &&
0918         (sdata->vif.type == NL80211_IFTYPE_AP ||
0919          sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
0920          sdata->vif.type == NL80211_IFTYPE_ADHOC) &&
0921         params->n_csa_offsets) {
0922         int i;
0923         struct beacon_data *beacon = NULL;
0924
0925         rcu_read_lock();
0926
0927         if (sdata->vif.type == NL80211_IFTYPE_AP)
0928             beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
0929         else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
0930             beacon = rcu_dereference(sdata->u.ibss.presp);
0931         else if (ieee80211_vif_is_mesh(&sdata->vif))
0932             beacon = rcu_dereference(sdata->u.mesh.beacon);
0933
0934         if (beacon)
0935             for (i = 0; i < params->n_csa_offsets; i++)
0936                 data[params->csa_offsets[i]] =
0937                     beacon->cntdwn_current_counter;
0938
0939         rcu_read_unlock();
0940     }
0941
0942     IEEE80211_SKB_CB(skb)->flags = flags;
0943
0944     skb->dev = sdata->dev;
0945
0946     if (!params->dont_wait_for_ack) {
0947         /* make a copy to preserve the frame contents
0948          * in case of encryption.
0949          */
0950         ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_KERNEL);
0951         if (ret) {
0952             kfree_skb(skb);
0953             goto out_unlock;
0954         }
0955     } else {
0956         /* Assign a dummy non-zero cookie, it's not sent to
0957          * userspace in this case but we rely on its value
0958          * internally in the need_offchan case to distinguish
0959          * mgmt-tx from remain-on-channel.
0960          */
0961         *cookie = 0xffffffff;
0962     }
0963
0964     if (!need_offchan) {
0965         ieee80211_tx_skb_tid(sdata, skb, 7, link_id);
0966         ret = 0;
0967         goto out_unlock;
0968     }
0969
0970     IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN |
0971                     IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
0972     if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
0973         IEEE80211_SKB_CB(skb)->hw_queue =
0974             local->hw.offchannel_tx_hw_queue;
0975
0976     /* This will handle all kinds of coalescing and immediate TX */
0977     ret = ieee80211_start_roc_work(local, sdata, params->chan,
0978                        params->wait, cookie, skb,
0979                        IEEE80211_ROC_TYPE_MGMT_TX);
0980     if (ret)
0981         ieee80211_free_txskb(&local->hw, skb);
0982  out_unlock:
0983     mutex_unlock(&local->mtx);
0984     return ret;
0985 }
0986
0987 int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
0988                   struct wireless_dev *wdev, u64 cookie)
0989 {
0990     struct ieee80211_local *local = wiphy_priv(wiphy);
0991
0992     return ieee80211_cancel_roc(local, cookie, true);
0993 }
0994
0995 void ieee80211_roc_setup(struct ieee80211_local *local)
0996 {
0997     INIT_WORK(&local->hw_roc_start, ieee80211_hw_roc_start);
0998     INIT_WORK(&local->hw_roc_done, ieee80211_hw_roc_done);
0999     INIT_DELAYED_WORK(&local->roc_work, ieee80211_roc_work);
1000     INIT_LIST_HEAD(&local->roc_list);
1001 }
1002
1003 void ieee80211_roc_purge(struct ieee80211_local *local,
1004              struct ieee80211_sub_if_data *sdata)
1005 {
1006     struct ieee80211_roc_work *roc, *tmp;
1007     bool work_to_do = false;
1008
1009     mutex_lock(&local->mtx);
1010     list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
1011         if (sdata && roc->sdata != sdata)
1012             continue;
1013
1014         if (roc->started) {
1015             if (local->ops->remain_on_channel) {
1016                 /* can race, so ignore return value */
1017                 drv_cancel_remain_on_channel(local, sdata);
1018                 ieee80211_roc_notify_destroy(roc);
1019             } else {
1020                 roc->abort = true;
1021                 work_to_do = true;
1022             }
1023         } else {
1024             ieee80211_roc_notify_destroy(roc);
1025         }
1026     }
1027     if (work_to_do)
1028         __ieee80211_roc_work(local);
1029     mutex_unlock(&local->mtx);
1030 }