1 /*
2  * Copyright (c) 2017-2021 The Linux Foundation. All rights reserved.
3  * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
4  *
5  * Permission to use, copy, modify, and/or distribute this software for
6  * any purpose with or without fee is hereby granted, provided that the
7  * above copyright notice and this permission notice appear in all
8  * copies.
9  *
10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
11  * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12  * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
13  * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
14  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
15  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
16  * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17  * PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 /*
21  * DOC: Defines scan utility functions
22  */
23 
24 #include <wlan_cmn.h>
25 #include <wlan_scan_ucfg_api.h>
26 #include <wlan_scan_utils_api.h>
27 #include <../../core/src/wlan_scan_cache_db.h>
28 #include <../../core/src/wlan_scan_main.h>
29 #include <wlan_reg_services_api.h>
30 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD)
31 #include <wlan_mlme_api.h>
32 #endif
33 #ifdef WLAN_FEATURE_11BE_MLO
34 #include <wlan_utility.h>
35 #include "wlan_mlo_mgr_public_structs.h"
36 #include <utils_mlo.h>
37 #endif
38 #include "wlan_psoc_mlme_api.h"
39 #include "reg_services_public_struct.h"
40 #ifdef WLAN_FEATURE_ACTION_OUI
41 #include <wlan_action_oui_main.h>
42 #include <wlan_action_oui_public_struct.h>
43 #endif
44 #include <wlan_crypto_global_api.h>
45 
46 #define MAX_IE_LEN 1024
47 #define SHORT_SSID_LEN 4
48 #define NEIGHBOR_AP_LEN 1
49 #define BSS_PARAMS_LEN 1
50 
51 const char*
util_scan_get_ev_type_name(enum scan_event_type type)52 util_scan_get_ev_type_name(enum scan_event_type type)
53 {
54 	static const char * const event_name[] = {
55 		[SCAN_EVENT_TYPE_STARTED] = "STARTED",
56 		[SCAN_EVENT_TYPE_COMPLETED] = "COMPLETED",
57 		[SCAN_EVENT_TYPE_BSS_CHANNEL] = "HOME_CHANNEL",
58 		[SCAN_EVENT_TYPE_FOREIGN_CHANNEL] = "FOREIGN_CHANNEL",
59 		[SCAN_EVENT_TYPE_DEQUEUED] = "DEQUEUED",
60 		[SCAN_EVENT_TYPE_PREEMPTED] = "PREEMPTED",
61 		[SCAN_EVENT_TYPE_START_FAILED] = "START_FAILED",
62 		[SCAN_EVENT_TYPE_RESTARTED] = "RESTARTED",
63 		[SCAN_EVENT_TYPE_FOREIGN_CHANNEL_EXIT] = "FOREIGN_CHANNEL_EXIT",
64 		[SCAN_EVENT_TYPE_SUSPENDED] = "SUSPENDED",
65 		[SCAN_EVENT_TYPE_RESUMED] = "RESUMED",
66 		[SCAN_EVENT_TYPE_NLO_COMPLETE] = "NLO_COMPLETE",
67 		[SCAN_EVENT_TYPE_NLO_MATCH] = "NLO_MATCH",
68 		[SCAN_EVENT_TYPE_INVALID] = "INVALID",
69 		[SCAN_EVENT_TYPE_GPIO_TIMEOUT] = "GPIO_TIMEOUT",
70 		[SCAN_EVENT_TYPE_RADIO_MEASUREMENT_START] =
71 			"RADIO_MEASUREMENT_START",
72 		[SCAN_EVENT_TYPE_RADIO_MEASUREMENT_END] =
73 			"RADIO_MEASUREMENT_END",
74 		[SCAN_EVENT_TYPE_BSSID_MATCH] = "BSSID_MATCH",
75 		[SCAN_EVENT_TYPE_FOREIGN_CHANNEL_GET_NF] =
76 			"FOREIGN_CHANNEL_GET_NF",
77 	};
78 
79 	if (type >= SCAN_EVENT_TYPE_MAX)
80 		return "UNKNOWN";
81 
82 	return event_name[type];
83 }
84 
85 
86 const char*
util_scan_get_ev_reason_name(enum scan_completion_reason reason)87 util_scan_get_ev_reason_name(enum scan_completion_reason reason)
88 {
89 	static const char * const reason_name[] = {
90 		[SCAN_REASON_NONE] = "NONE",
91 		[SCAN_REASON_COMPLETED] = "COMPLETED",
92 		[SCAN_REASON_CANCELLED] = "CANCELLED",
93 		[SCAN_REASON_PREEMPTED] = "PREEMPTED",
94 		[SCAN_REASON_TIMEDOUT] = "TIMEDOUT",
95 		[SCAN_REASON_INTERNAL_FAILURE] = "INTERNAL_FAILURE",
96 		[SCAN_REASON_SUSPENDED] = "SUSPENDED",
97 		[SCAN_REASON_RUN_FAILED] = "RUN_FAILED",
98 		[SCAN_REASON_TERMINATION_FUNCTION] = "TERMINATION_FUNCTION",
99 		[SCAN_REASON_MAX_OFFCHAN_RETRIES] = "MAX_OFFCHAN_RETRIES",
100 		[SCAN_REASON_DFS_VIOLATION] = "DFS_NOL_VIOLATION",
101 	};
102 
103 	if (reason >= SCAN_REASON_MAX)
104 		return "UNKNOWN";
105 
106 	return reason_name[reason];
107 }
108 
109 qdf_time_t
util_get_last_scan_time(struct wlan_objmgr_vdev * vdev)110 util_get_last_scan_time(struct wlan_objmgr_vdev *vdev)
111 {
112 	uint8_t pdev_id;
113 	struct wlan_scan_obj *scan_obj;
114 
115 	if (!vdev) {
116 		scm_warn("null vdev");
117 		QDF_ASSERT(0);
118 		return 0;
119 	}
120 	pdev_id = wlan_scan_vdev_get_pdev_id(vdev);
121 	scan_obj = wlan_vdev_get_scan_obj(vdev);
122 
123 	if (scan_obj)
124 		return scan_obj->pdev_info[pdev_id].last_scan_time;
125 	else
126 		return 0;
127 }
128 
129 #ifdef WLAN_FEATURE_11BE_MLO
util_scan_entry_t2lm_len(struct scan_cache_entry * scan_entry)130 uint32_t util_scan_entry_t2lm_len(struct scan_cache_entry *scan_entry)
131 {
132 	int i = 0;
133 	uint32_t len = 0;
134 
135 	if (!scan_entry || !scan_entry->ie_list.t2lm[0])
136 		return 0;
137 
138 	for (i = 0; i < WLAN_MAX_T2LM_IE; i++) {
139 		if (scan_entry->ie_list.t2lm[i])
140 			len += scan_entry->ie_list.t2lm[i][TAG_LEN_POS] +
141 				sizeof(struct ie_header);
142 	}
143 
144 	return len;
145 }
146 #endif
147 
util_is_rsnxe_h2e_capable(const uint8_t * rsnxe)148 bool util_is_rsnxe_h2e_capable(const uint8_t *rsnxe)
149 {
150 	const uint8_t *rsnxe_caps;
151 	uint8_t cap_len;
152 
153 	if (!rsnxe)
154 		return false;
155 
156 	rsnxe_caps = wlan_crypto_parse_rsnxe_ie(rsnxe, &cap_len);
157 	if (!rsnxe_caps)
158 		return false;
159 
160 	return *rsnxe_caps & WLAN_CRYPTO_RSNX_CAP_SAE_H2E;
161 }
162 
util_scan_entry_sae_h2e_capable(struct scan_cache_entry * scan_entry)163 bool util_scan_entry_sae_h2e_capable(struct scan_cache_entry *scan_entry)
164 {
165 	const uint8_t *rsnxe;
166 
167 	/* If RSN caps are not there, then return false */
168 	if (!util_scan_entry_rsn(scan_entry))
169 		return false;
170 
171 	/* If not SAE AKM no need to check H2E capability */
172 	if (!WLAN_CRYPTO_IS_AKM_SAE(scan_entry->neg_sec_info.key_mgmt))
173 		return false;
174 
175 	rsnxe = util_scan_entry_rsnxe(scan_entry);
176 	return util_is_rsnxe_h2e_capable(rsnxe);
177 }
178 
util_scan_scm_freq_to_band(uint16_t freq)179 enum wlan_band util_scan_scm_freq_to_band(uint16_t freq)
180 {
181 	if (WLAN_REG_IS_24GHZ_CH_FREQ(freq))
182 		return WLAN_BAND_2_4_GHZ;
183 
184 	return WLAN_BAND_5_GHZ;
185 }
186 
util_is_scan_entry_match(struct scan_cache_entry * entry1,struct scan_cache_entry * entry2)187 bool util_is_scan_entry_match(
188 	struct scan_cache_entry *entry1,
189 	struct scan_cache_entry *entry2)
190 {
191 
192 	if (entry1->cap_info.wlan_caps.ess !=
193 	   entry2->cap_info.wlan_caps.ess)
194 		return false;
195 
196 	if (entry1->cap_info.wlan_caps.ess &&
197 	   !qdf_mem_cmp(entry1->bssid.bytes,
198 	   entry2->bssid.bytes, QDF_MAC_ADDR_SIZE)) {
199 		/* Check for BSS */
200 		if (util_is_ssid_match(&entry1->ssid, &entry2->ssid) ||
201 		    util_scan_is_null_ssid(&entry1->ssid) ||
202 		    util_scan_is_null_ssid(&entry2->ssid))
203 			return true;
204 	} else if (entry1->cap_info.wlan_caps.ibss &&
205 	   (entry1->channel.chan_freq ==
206 	   entry2->channel.chan_freq)) {
207 		/*
208 		 * Same channel cannot have same SSID for
209 		 * different IBSS, so no need to check BSSID
210 		 */
211 		if (util_is_ssid_match(
212 		   &entry1->ssid, &entry2->ssid))
213 			return true;
214 	} else if (!entry1->cap_info.wlan_caps.ibss &&
215 	   !entry1->cap_info.wlan_caps.ess &&
216 	   !qdf_mem_cmp(entry1->bssid.bytes,
217 	   entry2->bssid.bytes, QDF_MAC_ADDR_SIZE)) {
218 		/* In case of P2P devices, ess and ibss will be set to zero */
219 		return true;
220 	}
221 
222 	return false;
223 }
224 
util_is_pureg_rate(uint8_t * rates,uint8_t nrates)225 static bool util_is_pureg_rate(uint8_t *rates, uint8_t nrates)
226 {
227 	static const uint8_t g_rates[] = {12, 18, 24, 36, 48, 72, 96, 108};
228 	bool pureg = false;
229 	uint8_t i, j;
230 
231 	for (i = 0; i < nrates; i++) {
232 		for (j = 0; j < QDF_ARRAY_SIZE(g_rates); j++) {
233 			if (WLAN_RV(rates[i]) == g_rates[j]) {
234 				pureg = true;
235 				break;
236 			}
237 		}
238 		if (pureg)
239 			break;
240 	}
241 
242 	return pureg;
243 }
244 
245 #ifdef WLAN_FEATURE_11BE
246 static enum wlan_phymode
util_scan_get_phymode_11be(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,enum wlan_phymode phymode,uint8_t band_mask)247 util_scan_get_phymode_11be(struct wlan_objmgr_pdev *pdev,
248 			   struct scan_cache_entry *scan_params,
249 			   enum wlan_phymode phymode,
250 			   uint8_t band_mask)
251 {
252 	struct wlan_ie_ehtops *eht_ops;
253 	uint8_t width;
254 
255 	eht_ops = (struct wlan_ie_ehtops *)util_scan_entry_ehtop(scan_params);
256 	if (!util_scan_entry_ehtcap(scan_params) || !eht_ops)
257 		return phymode;
258 
259 	if (QDF_GET_BITS(eht_ops->ehtop_param,
260 			 EHTOP_INFO_PRESENT_IDX, EHTOP_INFO_PRESENT_BITS)) {
261 		width = QDF_GET_BITS(eht_ops->control,
262 				     EHTOP_INFO_CHAN_WIDTH_IDX,
263 				     EHTOP_INFO_CHAN_WIDTH_BITS);
264 		switch (width) {
265 		case WLAN_EHT_CHWIDTH_20:
266 			phymode = WLAN_PHYMODE_11BEA_EHT20;
267 			break;
268 		case WLAN_EHT_CHWIDTH_40:
269 			phymode = WLAN_PHYMODE_11BEA_EHT40;
270 			break;
271 		case WLAN_EHT_CHWIDTH_80:
272 			phymode = WLAN_PHYMODE_11BEA_EHT80;
273 			break;
274 		case WLAN_EHT_CHWIDTH_160:
275 			phymode = WLAN_PHYMODE_11BEA_EHT160;
276 			break;
277 		case WLAN_EHT_CHWIDTH_320:
278 			phymode = WLAN_PHYMODE_11BEA_EHT320;
279 			break;
280 		default:
281 			scm_debug("Invalid eht_ops width: %d", width);
282 			phymode = WLAN_PHYMODE_11BEA_EHT20;
283 			break;
284 		}
285 	} else {
286 		switch (phymode) {
287 		case WLAN_PHYMODE_11AXA_HE20:
288 			phymode = WLAN_PHYMODE_11BEA_EHT20;
289 			break;
290 		case WLAN_PHYMODE_11AXG_HE20:
291 			phymode = WLAN_PHYMODE_11BEG_EHT20;
292 			break;
293 		case WLAN_PHYMODE_11AXA_HE40:
294 			phymode = WLAN_PHYMODE_11BEA_EHT40;
295 			break;
296 		case WLAN_PHYMODE_11AXG_HE40:
297 			phymode = WLAN_PHYMODE_11BEG_EHT40;
298 			break;
299 		case WLAN_PHYMODE_11AXA_HE80:
300 			phymode = WLAN_PHYMODE_11BEA_EHT80;
301 			break;
302 		case WLAN_PHYMODE_11AXA_HE160:
303 			phymode = WLAN_PHYMODE_11BEA_EHT160;
304 			break;
305 		default:
306 			break;
307 		}
308 	}
309 
310 	if (QDF_GET_BITS(eht_ops->ehtop_param,
311 			 EHTOP_INFO_PRESENT_IDX, EHTOP_INFO_PRESENT_BITS)) {
312 		scan_params->channel.cfreq0 =
313 			wlan_reg_chan_band_to_freq(pdev,
314 						   eht_ops->ccfs0,
315 						   band_mask);
316 		scan_params->channel.cfreq1 =
317 			wlan_reg_chan_band_to_freq(pdev,
318 						   eht_ops->ccfs1,
319 						   band_mask);
320 	}
321 
322 	if (QDF_GET_BITS(eht_ops->ehtop_param,
323 			 EHTOP_PARAM_DISABLED_SC_BITMAP_PRESENT_IDX,
324 			 EHTOP_PARAM_DISABLED_SC_BITMAP_PRESENT_BITS)) {
325 		scan_params->channel.puncture_bitmap =
326 			QDF_GET_BITS(eht_ops->disabled_sub_chan_bitmap[0],
327 				     0, 8);
328 		scan_params->channel.puncture_bitmap |=
329 			QDF_GET_BITS(eht_ops->disabled_sub_chan_bitmap[1],
330 				     0, 8) << 8;
331 	} else {
332 		scan_params->channel.puncture_bitmap = 0;
333 	}
334 
335 	return phymode;
336 }
337 #else
338 static enum wlan_phymode
util_scan_get_phymode_11be(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,enum wlan_phymode phymode,uint8_t band_mask)339 util_scan_get_phymode_11be(struct wlan_objmgr_pdev *pdev,
340 			   struct scan_cache_entry *scan_params,
341 			   enum wlan_phymode phymode,
342 			   uint8_t band_mask)
343 {
344 	return phymode;
345 }
346 #endif
347 
348 #ifdef CONFIG_BAND_6GHZ
util_scan_get_he_6g_params(uint8_t * he_ops)349 static struct he_oper_6g_param *util_scan_get_he_6g_params(uint8_t *he_ops)
350 {
351 	uint8_t len;
352 	uint32_t he_oper_params;
353 
354 	if (!he_ops)
355 		return NULL;
356 
357 	len = he_ops[1];
358 	he_ops += sizeof(struct ie_header);
359 
360 	if (len < WLAN_HEOP_FIXED_PARAM_LENGTH)
361 		return NULL;
362 
363 	/* element id extension */
364 	he_ops++;
365 	len--;
366 
367 	he_oper_params = LE_READ_4(he_ops);
368 	if (!(he_oper_params & WLAN_HEOP_6GHZ_INFO_PRESENT_MASK))
369 		return NULL;
370 
371 	/* fixed params - element id extension */
372 	he_ops += WLAN_HEOP_FIXED_PARAM_LENGTH - 1;
373 	len -= WLAN_HEOP_FIXED_PARAM_LENGTH - 1;
374 
375 	if (!len)
376 		return NULL;
377 
378 	/* vht oper params */
379 	if (he_oper_params & WLAN_HEOP_VHTOP_PRESENT_MASK) {
380 		if (len < WLAN_HEOP_VHTOP_LENGTH)
381 			return NULL;
382 		he_ops += WLAN_HEOP_VHTOP_LENGTH;
383 		len -= WLAN_HEOP_VHTOP_LENGTH;
384 	}
385 
386 	if (!len)
387 		return NULL;
388 
389 	if (he_oper_params & WLAN_HEOP_CO_LOCATED_BSS_MASK) {
390 		he_ops += WLAN_HEOP_CO_LOCATED_BSS_LENGTH;
391 		len -= WLAN_HEOP_CO_LOCATED_BSS_LENGTH;
392 	}
393 
394 	if (len < sizeof(struct he_oper_6g_param))
395 		return NULL;
396 
397 	return (struct he_oper_6g_param *)he_ops;
398 }
399 
400 #ifdef WLAN_FEATURE_11BE
401 /*
402  * util_scan_is_out_of_band_leak_eht() - Check if eht beacon out of BSS BW
403  * @pdev: pointer to pdev.
404  * @scan_params: scan entry generated by beacon/probe rsp
405  * @band_mask: band mask of frequency beacon/probe rsp received
406  * @current_freq: frequency beacon/probe rsp received
407  *
408  * 1. If BSS BW <= 80MHz
409  * If Absolute value of (Current Channel Channel Center Frequency Segment 0) <=
410  * BSS BW/2 then eht beacon in BSS operating BW
411  * else eht beacon out of BSS operating BW
412  *
413  * 2. If BSS BW > 80MHz
414  * If Absolute value of (Current Channel Channel Center Frequency Segment 1) <=
415  * BSS BW/2 then eht beacon in BSS operating BW
416  * else eht beacon out of BSS operating BW
417  *
418  * Return: bool, whether eht beacon out of BSS operating BW
419  */
420 static bool
util_scan_is_out_of_band_leak_eht(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,uint8_t band_mask,qdf_freq_t current_freq)421 util_scan_is_out_of_band_leak_eht(struct wlan_objmgr_pdev *pdev,
422 				  struct scan_cache_entry *scan_params,
423 				  uint8_t band_mask,
424 				  qdf_freq_t current_freq)
425 {
426 	struct wlan_ie_ehtops *eht_ops;
427 	uint8_t ch_width;
428 	uint32_t bw;
429 	uint32_t freq_diff;
430 	qdf_freq_t freq_seg0;
431 	qdf_freq_t freq_seg1;
432 
433 	eht_ops = (struct wlan_ie_ehtops *)util_scan_entry_ehtop(scan_params);
434 	if (!util_scan_entry_ehtcap(scan_params) || !eht_ops)
435 		return false;
436 
437 	if (!QDF_GET_BITS(eht_ops->ehtop_param,
438 			  EHTOP_INFO_PRESENT_IDX, EHTOP_INFO_PRESENT_BITS))
439 		return false;
440 
441 	ch_width = QDF_GET_BITS(eht_ops->control,
442 				EHTOP_INFO_CHAN_WIDTH_IDX,
443 				EHTOP_INFO_CHAN_WIDTH_BITS);
444 	freq_seg0 = wlan_reg_chan_band_to_freq(pdev, eht_ops->ccfs0,
445 					       band_mask);
446 	freq_seg1 = wlan_reg_chan_band_to_freq(pdev, eht_ops->ccfs1,
447 					       band_mask);
448 	if (ch_width == WLAN_EHT_CHWIDTH_320)
449 		bw = BW_320_MHZ;
450 	else if (ch_width == WLAN_EHT_CHWIDTH_160)
451 		bw = BW_160_MHZ;
452 	else if (ch_width == WLAN_EHT_CHWIDTH_80)
453 		bw = BW_80_MHZ;
454 	else  if (ch_width == WLAN_EHT_CHWIDTH_40)
455 		bw = BW_40_MHZ;
456 	else  if (ch_width == WLAN_EHT_CHWIDTH_20)
457 		bw = BW_20_MHZ;
458 	else
459 		bw = BW_20_MHZ;
460 
461 	if (bw <= BW_80_MHZ)
462 		freq_diff = abs(freq_seg0 - current_freq);
463 	else
464 		freq_diff = abs(freq_seg1 - current_freq);
465 	if (freq_diff <= bw / 2)
466 		return false;
467 
468 	scm_debug("Leaked freq:%u ch width:%u freq0:%u freq1:%u",
469 		  current_freq, bw, freq_seg0, freq_seg1);
470 	return true;
471 }
472 #else
473 static bool
util_scan_is_out_of_band_leak_eht(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,uint8_t band_mask,qdf_freq_t current_freq)474 util_scan_is_out_of_band_leak_eht(struct wlan_objmgr_pdev *pdev,
475 				  struct scan_cache_entry *scan_params,
476 				  uint8_t band_mask,
477 				  qdf_freq_t current_freq)
478 {
479 	return false;
480 }
481 #endif
482 
483 /*
484  * util_scan_is_out_of_band_leak_he() - Check if HE beacon out of BSS BW
485  * @pdev: pointer to pdev.
486  * @he_6g_params: HE 6 GHz params
487  * @band_mask: band mask of frequency beacon/probe rsp received
488  * @current_freq: frequency beacon/probe rsp received
489  *
490  * 1. If BSS BW <= 80MHz
491  * If Absolute value of (Current Channel Channel Center Frequency Segment 0) <=
492  * BSS BW/2 then HE beacon in BSS operating BW
493  *
494  * 2. If BSS BW is 160MHz
495  * If Absolute value of (Current Channel Channel Center Frequency Segment 1) <=
496  * BSS BW/2 then HE beacon in BSS operating BW
497  *
498  * 3. If BSS BW is 80+80MHz
499  * If absolute value of (Current Channel - Channel Center Frequency Segment 0)
500  * <= 40 or absolute value of (Current Channel - Channel Center Frequency
501  *  Segment 1) <= 40, then HE beacon in BSS operating BW
502  *
503  * Return: bool, whether HE beacon out of BSS operating BW
504  */
505 static bool
util_scan_is_out_of_band_leak_he(struct wlan_objmgr_pdev * pdev,struct he_oper_6g_param * he_6g_params,uint8_t band_mask,qdf_freq_t current_freq)506 util_scan_is_out_of_band_leak_he(struct wlan_objmgr_pdev *pdev,
507 				 struct he_oper_6g_param *he_6g_params,
508 				 uint8_t band_mask,
509 				 qdf_freq_t current_freq)
510 {
511 	uint8_t ch_width;
512 	uint32_t bw;
513 	uint32_t freq_diff;
514 	qdf_freq_t freq_seg0;
515 	qdf_freq_t freq_seg1;
516 
517 	ch_width = he_6g_params->width;
518 	freq_seg0 = wlan_reg_chan_band_to_freq(pdev,
519 					       he_6g_params->chan_freq_seg0,
520 					       band_mask);
521 	freq_seg1 = wlan_reg_chan_band_to_freq(pdev,
522 					       he_6g_params->chan_freq_seg1,
523 					       band_mask);
524 	if (ch_width == WLAN_HE_6GHZ_CHWIDTH_160_80_80)
525 		bw = BW_160_MHZ;
526 	else if (ch_width == WLAN_HE_6GHZ_CHWIDTH_80)
527 		bw = BW_80_MHZ;
528 	else  if (ch_width == WLAN_HE_6GHZ_CHWIDTH_40)
529 		bw = BW_40_MHZ;
530 	else  if (ch_width == WLAN_HE_6GHZ_CHWIDTH_20)
531 		bw = BW_20_MHZ;
532 	else
533 		bw = BW_20_MHZ;
534 
535 	if (bw <= BW_80_MHZ) {
536 		freq_diff = abs(freq_seg0 - current_freq);
537 		if (freq_diff <= bw / 2)
538 			return false;
539 	} else if (WLAN_IS_HE160(he_6g_params)) {
540 		freq_diff = abs(freq_seg1 - current_freq);
541 		if (freq_diff <= bw / 2)
542 			return false;
543 	} else if (WLAN_IS_HE80_80(he_6g_params)) {
544 		freq_diff = abs(freq_seg0 - current_freq);
545 		if (freq_diff <= BW_40_MHZ)
546 			return false;
547 		freq_diff = abs(freq_seg1 - current_freq);
548 		if (freq_diff <= BW_40_MHZ)
549 			return false;
550 	}
551 
552 	scm_debug("Leaked freq:%u ch width:%u freq0:%u freq1:%u",
553 		  current_freq, bw, freq_seg0, freq_seg1);
554 
555 	return true;
556 }
557 
558 /*
559  * util_scan_get_chan_from_he_6g_params() - Get chan info from 6 GHz param
560  * @pdev: pointer to pdev.
561  * @scan_params: scan entry generated by beacon/probe rsp
562  * @chan_freq: output parameter, primary freq from 6 GHz he params
563  * @is_6g_dup_bcon: output parameter, bool, if false, invalid 6g duplicated
564 	beacon out of BSS operating BW or not duplicated beacon, can drop if
565 	channel mismatch
566  * @band_mask: band mask of frequency beacon/probe rsp received
567  * @current_freq: frequency beacon/probe rsp received
568  *
569  * Return: QDF_STATUS
570  */
571 static QDF_STATUS
util_scan_get_chan_from_he_6g_params(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,qdf_freq_t * chan_freq,bool * is_6g_dup_bcon,uint8_t band_mask,qdf_freq_t current_freq)572 util_scan_get_chan_from_he_6g_params(struct wlan_objmgr_pdev *pdev,
573 				     struct scan_cache_entry *scan_params,
574 				     qdf_freq_t *chan_freq,
575 				     bool *is_6g_dup_bcon, uint8_t band_mask,
576 				     qdf_freq_t current_freq)
577 {
578 	struct he_oper_6g_param *he_6g_params;
579 	uint8_t *he_ops;
580 	struct wlan_scan_obj *scan_obj;
581 	struct wlan_objmgr_psoc *psoc;
582 	bool is_out_of_band_leak = true;
583 
584 	psoc = wlan_pdev_get_psoc(pdev);
585 	if (!psoc) {
586 		scm_err("psoc is NULL");
587 		return QDF_STATUS_E_INVAL;
588 	}
589 
590 	scan_obj = wlan_psoc_get_scan_obj(psoc);
591 	if (!scan_obj) {
592 		scm_err("scan_obj is NULL");
593 		return QDF_STATUS_E_INVAL;
594 	}
595 
596 	*is_6g_dup_bcon = false;
597 
598 	he_ops = util_scan_entry_heop(scan_params);
599 	if (!util_scan_entry_hecap(scan_params) || !he_ops)
600 		return QDF_STATUS_SUCCESS;
601 
602 	he_6g_params = util_scan_get_he_6g_params(he_ops);
603 	if (!he_6g_params)
604 		return QDF_STATUS_SUCCESS;
605 
606 	*chan_freq = wlan_reg_chan_band_to_freq(pdev,
607 						he_6g_params->primary_channel,
608 						band_mask);
609 	if (scan_obj->drop_bcn_on_invalid_freq &&
610 	    !wlan_reg_is_freq_enabled(pdev, *chan_freq, REG_BEST_PWR_MODE)) {
611 		scm_debug_rl(QDF_MAC_ADDR_FMT": Drop as invalid channel %d freq %d in HE 6Ghz params",
612 			     QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
613 			     he_6g_params->primary_channel, *chan_freq);
614 		return QDF_STATUS_E_INVAL;
615 	}
616 
617 	if (!he_6g_params->duplicate_beacon) {
618 		*is_6g_dup_bcon = false;
619 		return QDF_STATUS_SUCCESS;
620 	}
621 	is_out_of_band_leak =
622 		util_scan_is_out_of_band_leak_eht(pdev, scan_params, band_mask,
623 						  current_freq);
624 	if (is_out_of_band_leak) {
625 		*is_6g_dup_bcon = false;
626 		return QDF_STATUS_SUCCESS;
627 	}
628 	is_out_of_band_leak =
629 		util_scan_is_out_of_band_leak_he(pdev, he_6g_params, band_mask,
630 						 current_freq);
631 	if (is_out_of_band_leak) {
632 		*is_6g_dup_bcon = false;
633 		return QDF_STATUS_SUCCESS;
634 	}
635 
636 	*is_6g_dup_bcon = true;
637 
638 	return QDF_STATUS_SUCCESS;
639 }
640 
641 static enum wlan_phymode
util_scan_get_phymode_6g(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params)642 util_scan_get_phymode_6g(struct wlan_objmgr_pdev *pdev,
643 			 struct scan_cache_entry *scan_params)
644 {
645 	struct he_oper_6g_param *he_6g_params;
646 	enum wlan_phymode phymode = WLAN_PHYMODE_11AXA_HE20;
647 	uint8_t *he_ops;
648 	uint8_t band_mask = BIT(REG_BAND_6G);
649 
650 	he_ops = util_scan_entry_heop(scan_params);
651 	if (!util_scan_entry_hecap(scan_params) || !he_ops)
652 		return phymode;
653 
654 	he_6g_params = util_scan_get_he_6g_params(he_ops);
655 	if (!he_6g_params)
656 		return phymode;
657 
658 	switch (he_6g_params->width) {
659 	case WLAN_HE_6GHZ_CHWIDTH_20:
660 		phymode = WLAN_PHYMODE_11AXA_HE20;
661 		break;
662 	case WLAN_HE_6GHZ_CHWIDTH_40:
663 		phymode = WLAN_PHYMODE_11AXA_HE40;
664 		break;
665 	case WLAN_HE_6GHZ_CHWIDTH_80:
666 		phymode = WLAN_PHYMODE_11AXA_HE80;
667 		break;
668 	case WLAN_HE_6GHZ_CHWIDTH_160_80_80:
669 		if (WLAN_IS_HE80_80(he_6g_params))
670 			phymode = WLAN_PHYMODE_11AXA_HE80_80;
671 		else if (WLAN_IS_HE160(he_6g_params))
672 			phymode = WLAN_PHYMODE_11AXA_HE160;
673 		else
674 			phymode = WLAN_PHYMODE_11AXA_HE80;
675 		break;
676 	default:
677 		scm_err("Invalid he_6g_params width: %d", he_6g_params->width);
678 		phymode = WLAN_PHYMODE_11AXA_HE20;
679 		break;
680 	}
681 
682 	if (he_6g_params->chan_freq_seg0)
683 		scan_params->channel.cfreq0 =
684 			wlan_reg_chan_band_to_freq(pdev,
685 					he_6g_params->chan_freq_seg0,
686 					band_mask);
687 	if (he_6g_params->chan_freq_seg1)
688 		scan_params->channel.cfreq1 =
689 			wlan_reg_chan_band_to_freq(pdev,
690 					he_6g_params->chan_freq_seg1,
691 					band_mask);
692 
693 	phymode = util_scan_get_phymode_11be(pdev, scan_params,
694 					     phymode, band_mask);
695 
696 	return phymode;
697 }
698 
699 uint8_t
util_scan_get_6g_oper_channel(uint8_t * he_op_ie)700 util_scan_get_6g_oper_channel(uint8_t *he_op_ie)
701 {
702 	struct he_oper_6g_param *he_6g_params;
703 
704 	he_6g_params = util_scan_get_he_6g_params(he_op_ie);
705 	if (!he_6g_params)
706 		return 0;
707 
708 	return he_6g_params->primary_channel;
709 }
710 
711 #else
712 static QDF_STATUS
util_scan_get_chan_from_he_6g_params(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,qdf_freq_t * chan_freq,bool * is_6g_dup_bcon,uint8_t band_mask,qdf_freq_t current_freq)713 util_scan_get_chan_from_he_6g_params(struct wlan_objmgr_pdev *pdev,
714 				     struct scan_cache_entry *scan_params,
715 				     qdf_freq_t *chan_freq,
716 				     bool *is_6g_dup_bcon,
717 				     uint8_t band_mask,
718 				     qdf_freq_t current_freq)
719 {
720 	return QDF_STATUS_SUCCESS;
721 }
722 static inline enum wlan_phymode
util_scan_get_phymode_6g(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params)723 util_scan_get_phymode_6g(struct wlan_objmgr_pdev *pdev,
724 			 struct scan_cache_entry *scan_params)
725 {
726 	return WLAN_PHYMODE_AUTO;
727 }
728 #endif
729 
730 static inline
util_scan_ccfs0_from_htinfo(struct wlan_ie_htinfo_cmn * htinfo,uint32_t primary_chan_freq)731 uint32_t util_scan_ccfs0_from_htinfo(struct wlan_ie_htinfo_cmn *htinfo,
732 				     uint32_t primary_chan_freq)
733 {
734 	if (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_ABOVE)
735 		return primary_chan_freq + WLAN_CHAN_SPACING_20MHZ / 2;
736 	else if (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_BELOW)
737 		return primary_chan_freq - WLAN_CHAN_SPACING_20MHZ / 2;
738 
739 	return 0;
740 }
741 
742 static enum wlan_phymode
util_scan_get_phymode_5g(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params)743 util_scan_get_phymode_5g(struct wlan_objmgr_pdev *pdev,
744 			 struct scan_cache_entry *scan_params)
745 {
746 	enum wlan_phymode phymode = WLAN_PHYMODE_AUTO;
747 	uint16_t ht_cap = 0;
748 	struct htcap_cmn_ie *htcap;
749 	struct wlan_ie_htinfo_cmn *htinfo;
750 	struct wlan_ie_vhtop *vhtop;
751 	uint8_t band_mask = BIT(REG_BAND_5G);
752 
753 	htcap = (struct htcap_cmn_ie *)
754 		util_scan_entry_htcap(scan_params);
755 	htinfo = (struct wlan_ie_htinfo_cmn *)
756 		util_scan_entry_htinfo(scan_params);
757 	vhtop = (struct wlan_ie_vhtop *)
758 		util_scan_entry_vhtop(scan_params);
759 
760 	if (!(htcap && htinfo))
761 		return WLAN_PHYMODE_11A;
762 
763 	if (htcap)
764 		ht_cap = le16toh(htcap->hc_cap);
765 
766 	if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) &&
767 	    (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_ABOVE ||
768 	     htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_BELOW))
769 		phymode = WLAN_PHYMODE_11NA_HT40;
770 	else
771 		phymode = WLAN_PHYMODE_11NA_HT20;
772 
773 	scan_params->channel.cfreq0 =
774 		util_scan_ccfs0_from_htinfo(htinfo,
775 					    scan_params->channel.chan_freq);
776 
777 	if (util_scan_entry_vhtcap(scan_params) && vhtop) {
778 		switch (vhtop->vht_op_chwidth) {
779 		case WLAN_VHTOP_CHWIDTH_2040:
780 			if (phymode == WLAN_PHYMODE_11NA_HT40)
781 				phymode = WLAN_PHYMODE_11AC_VHT40;
782 			else
783 				phymode = WLAN_PHYMODE_11AC_VHT20;
784 			break;
785 		case WLAN_VHTOP_CHWIDTH_80:
786 			if (WLAN_IS_REVSIG_VHT80_80(vhtop))
787 				phymode = WLAN_PHYMODE_11AC_VHT80_80;
788 			else if (WLAN_IS_REVSIG_VHT160(vhtop))
789 				phymode = WLAN_PHYMODE_11AC_VHT160;
790 			else
791 				phymode = WLAN_PHYMODE_11AC_VHT80;
792 			break;
793 		case WLAN_VHTOP_CHWIDTH_160:
794 			phymode = WLAN_PHYMODE_11AC_VHT160;
795 			break;
796 		case WLAN_VHTOP_CHWIDTH_80_80:
797 			phymode = WLAN_PHYMODE_11AC_VHT80_80;
798 			break;
799 		default:
800 			scm_debug("bad channel: %d",
801 				  vhtop->vht_op_chwidth);
802 			phymode = WLAN_PHYMODE_11AC_VHT20;
803 			break;
804 		}
805 		if (vhtop->vht_op_ch_freq_seg1)
806 			scan_params->channel.cfreq0 =
807 				wlan_reg_chan_band_to_freq(pdev,
808 						vhtop->vht_op_ch_freq_seg1,
809 						band_mask);
810 		if (vhtop->vht_op_ch_freq_seg2)
811 			scan_params->channel.cfreq1 =
812 				wlan_reg_chan_band_to_freq(pdev,
813 						vhtop->vht_op_ch_freq_seg2,
814 						band_mask);
815 	}
816 
817 	if (!util_scan_entry_hecap(scan_params))
818 		return phymode;
819 
820 	/* for 5Ghz Check for HE, only if VHT cap and HE cap are present */
821 	if (!IS_WLAN_PHYMODE_VHT(phymode))
822 		return phymode;
823 
824 	switch (phymode) {
825 	case WLAN_PHYMODE_11AC_VHT20:
826 		phymode = WLAN_PHYMODE_11AXA_HE20;
827 		break;
828 	case WLAN_PHYMODE_11AC_VHT40:
829 		phymode = WLAN_PHYMODE_11AXA_HE40;
830 		break;
831 	case WLAN_PHYMODE_11AC_VHT80:
832 		phymode = WLAN_PHYMODE_11AXA_HE80;
833 		break;
834 	case WLAN_PHYMODE_11AC_VHT160:
835 		phymode = WLAN_PHYMODE_11AXA_HE160;
836 		break;
837 	case WLAN_PHYMODE_11AC_VHT80_80:
838 		phymode = WLAN_PHYMODE_11AXA_HE80_80;
839 		break;
840 	default:
841 		phymode = WLAN_PHYMODE_11AXA_HE20;
842 		break;
843 	}
844 
845 	phymode = util_scan_get_phymode_11be(pdev, scan_params,
846 					     phymode, band_mask);
847 
848 	return phymode;
849 }
850 
851 #ifdef WLAN_FEATURE_11BE
852 static enum wlan_phymode
util_scan_get_phymode_2g_11be(struct scan_cache_entry * scan_params,enum wlan_phymode phymode)853 util_scan_get_phymode_2g_11be(struct scan_cache_entry *scan_params,
854 			      enum wlan_phymode  phymode)
855 {
856 	if (!util_scan_entry_ehtcap(scan_params))
857 		return phymode;
858 
859 	if (phymode == WLAN_PHYMODE_11AXG_HE40PLUS)
860 		phymode = WLAN_PHYMODE_11BEG_EHT40PLUS;
861 	else if (phymode == WLAN_PHYMODE_11AXG_HE40MINUS)
862 		phymode = WLAN_PHYMODE_11BEG_EHT40MINUS;
863 	else
864 		phymode = WLAN_PHYMODE_11BEG_EHT20;
865 
866 	return phymode;
867 }
868 #else
869 static enum wlan_phymode
util_scan_get_phymode_2g_11be(struct scan_cache_entry * scan_params,enum wlan_phymode phymode)870 util_scan_get_phymode_2g_11be(struct scan_cache_entry *scan_params,
871 			      enum wlan_phymode  phymode)
872 {
873 	return phymode;
874 }
875 #endif
876 
877 static enum wlan_phymode
util_scan_get_phymode_2g(struct scan_cache_entry * scan_params)878 util_scan_get_phymode_2g(struct scan_cache_entry *scan_params)
879 {
880 	enum wlan_phymode phymode = WLAN_PHYMODE_AUTO;
881 	uint16_t ht_cap = 0;
882 	struct htcap_cmn_ie *htcap;
883 	struct wlan_ie_htinfo_cmn *htinfo;
884 	struct wlan_ie_vhtop *vhtop;
885 
886 	htcap = (struct htcap_cmn_ie *)
887 		util_scan_entry_htcap(scan_params);
888 	htinfo = (struct wlan_ie_htinfo_cmn *)
889 		util_scan_entry_htinfo(scan_params);
890 	vhtop = (struct wlan_ie_vhtop *)
891 		util_scan_entry_vhtop(scan_params);
892 
893 	if (htcap)
894 		ht_cap = le16toh(htcap->hc_cap);
895 
896 	if (htcap && htinfo) {
897 		if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) &&
898 		   (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_ABOVE))
899 			phymode = WLAN_PHYMODE_11NG_HT40PLUS;
900 		else if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) &&
901 		   (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_BELOW))
902 			phymode = WLAN_PHYMODE_11NG_HT40MINUS;
903 		else
904 			phymode = WLAN_PHYMODE_11NG_HT20;
905 	} else if (util_scan_entry_xrates(scan_params)) {
906 		/* only 11G stations will have more than 8 rates */
907 		phymode = WLAN_PHYMODE_11G;
908 	} else {
909 		/* Some mischievous g-only APs do not set extended rates */
910 		if (util_scan_entry_rates(scan_params)) {
911 			if (util_is_pureg_rate(&scan_params->ie_list.rates[2],
912 			   scan_params->ie_list.rates[1]))
913 				phymode = WLAN_PHYMODE_11G;
914 			else
915 				phymode = WLAN_PHYMODE_11B;
916 		} else {
917 			phymode = WLAN_PHYMODE_11B;
918 		}
919 	}
920 
921 	/* Check for VHT only if HT cap is present */
922 	if (!IS_WLAN_PHYMODE_HT(phymode))
923 		return phymode;
924 
925 	scan_params->channel.cfreq0 =
926 		util_scan_ccfs0_from_htinfo(htinfo,
927 					    scan_params->channel.chan_freq);
928 
929 	if (util_scan_entry_vhtcap(scan_params) && vhtop) {
930 		switch (vhtop->vht_op_chwidth) {
931 		case WLAN_VHTOP_CHWIDTH_2040:
932 			if (phymode == WLAN_PHYMODE_11NG_HT40PLUS)
933 				phymode = WLAN_PHYMODE_11AC_VHT40PLUS_2G;
934 			else if (phymode == WLAN_PHYMODE_11NG_HT40MINUS)
935 				phymode = WLAN_PHYMODE_11AC_VHT40MINUS_2G;
936 			else
937 				phymode = WLAN_PHYMODE_11AC_VHT20_2G;
938 
939 			break;
940 		default:
941 			scm_info("bad vht_op_chwidth: %d",
942 				 vhtop->vht_op_chwidth);
943 			phymode = WLAN_PHYMODE_11AC_VHT20_2G;
944 			break;
945 		}
946 	}
947 
948 	if (!util_scan_entry_hecap(scan_params))
949 		return phymode;
950 
951 	if (phymode == WLAN_PHYMODE_11AC_VHT40PLUS_2G ||
952 	    phymode == WLAN_PHYMODE_11NG_HT40PLUS)
953 		phymode = WLAN_PHYMODE_11AXG_HE40PLUS;
954 	else if (phymode == WLAN_PHYMODE_11AC_VHT40MINUS_2G ||
955 		 phymode == WLAN_PHYMODE_11NG_HT40MINUS)
956 		phymode = WLAN_PHYMODE_11AXG_HE40MINUS;
957 	else
958 		phymode = WLAN_PHYMODE_11AXG_HE20;
959 
960 	phymode = util_scan_get_phymode_2g_11be(scan_params, phymode);
961 
962 	return phymode;
963 }
964 
965 static enum wlan_phymode
util_scan_get_phymode(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params)966 util_scan_get_phymode(struct wlan_objmgr_pdev *pdev,
967 		      struct scan_cache_entry *scan_params)
968 {
969 	if (WLAN_REG_IS_24GHZ_CH_FREQ(scan_params->channel.chan_freq))
970 		return util_scan_get_phymode_2g(scan_params);
971 	else if (WLAN_REG_IS_6GHZ_CHAN_FREQ(scan_params->channel.chan_freq))
972 		return util_scan_get_phymode_6g(pdev, scan_params);
973 	else
974 		return util_scan_get_phymode_5g(pdev, scan_params);
975 }
976 
977 static QDF_STATUS
util_scan_parse_chan_switch_wrapper_ie(struct scan_cache_entry * scan_params,struct ie_header * sub_ie,qdf_size_t sub_ie_len)978 util_scan_parse_chan_switch_wrapper_ie(struct scan_cache_entry *scan_params,
979 	struct ie_header *sub_ie, qdf_size_t sub_ie_len)
980 {
981 	/* Walk through to check nothing is malformed */
982 	while (sub_ie_len >= sizeof(struct ie_header)) {
983 		/* At least one more header is present */
984 		sub_ie_len -= sizeof(struct ie_header);
985 
986 		if (sub_ie->ie_len == 0) {
987 			sub_ie += 1;
988 			continue;
989 		}
990 		if (sub_ie_len < sub_ie->ie_len) {
991 			scm_debug_rl(QDF_MAC_ADDR_FMT": Incomplete corrupted IE:%x",
992 				     QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
993 				     WLAN_ELEMID_CHAN_SWITCH_WRAP);
994 			return QDF_STATUS_E_INVAL;
995 		}
996 		switch (sub_ie->ie_id) {
997 		case WLAN_ELEMID_COUNTRY:
998 			if (sub_ie->ie_len < WLAN_COUNTRY_IE_MIN_LEN)
999 				return QDF_STATUS_E_INVAL;
1000 			scan_params->ie_list.country = (uint8_t *)sub_ie;
1001 			break;
1002 		case WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH:
1003 			if (sub_ie->ie_len < WLAN_WIDE_BW_CHAN_SWITCH_IE_LEN)
1004 				return QDF_STATUS_E_INVAL;
1005 			scan_params->ie_list.widebw = (uint8_t *)sub_ie;
1006 			break;
1007 		case WLAN_ELEMID_VHT_TX_PWR_ENVLP:
1008 			if (sub_ie->ie_len > WLAN_TPE_IE_MAX_LEN)
1009 				return QDF_STATUS_E_INVAL;
1010 			scan_params->ie_list.txpwrenvlp = (uint8_t *)sub_ie;
1011 			break;
1012 #ifdef WLAN_FEATURE_11BE
1013 		case WLAN_EXTN_ELEMID_BW_IND:
1014 			if (sub_ie->ie_len > WLAN_BW_IND_IE_MAX_LEN)
1015 				return QDF_STATUS_E_INVAL;
1016 			scan_params->ie_list.bw_ind = (uint8_t *)sub_ie;
1017 			break;
1018 #endif
1019 		}
1020 		/* Consume sub info element */
1021 		sub_ie_len -= sub_ie->ie_len;
1022 		/* go to next Sub IE */
1023 		sub_ie = (struct ie_header *)
1024 			(((uint8_t *) sub_ie) +
1025 			sizeof(struct ie_header) + sub_ie->ie_len);
1026 	}
1027 
1028 	return QDF_STATUS_SUCCESS;
1029 }
1030 
1031 bool
util_scan_is_hidden_ssid(struct ie_ssid * ssid)1032 util_scan_is_hidden_ssid(struct ie_ssid *ssid)
1033 {
1034 	uint8_t i;
1035 
1036 	/*
1037 	 * We flag this as Hidden SSID if the Length is 0
1038 	 * of the SSID only contains 0's
1039 	 */
1040 	if (!ssid || !ssid->ssid_len)
1041 		return true;
1042 
1043 	for (i = 0; i < ssid->ssid_len; i++)
1044 		if (ssid->ssid[i] != 0)
1045 			return false;
1046 
1047 	/* All 0's */
1048 	return true;
1049 }
1050 
1051 #ifdef WLAN_FEATURE_11BE_MLO
util_scan_update_rnr_mld(struct rnr_bss_info * rnr,uint8_t * data,uint8_t tbtt_info_length)1052 static void util_scan_update_rnr_mld(struct rnr_bss_info *rnr, uint8_t *data,
1053 				     uint8_t tbtt_info_length)
1054 {
1055 	bool mld_info_present = false;
1056 
1057 	switch (tbtt_info_length) {
1058 	case TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM_20MHZ_PSD_MLD_PARAM:
1059 		qdf_mem_copy(&rnr->mld_info, &data[13],
1060 			     sizeof(struct rnr_mld_info));
1061 		mld_info_present = true;
1062 		break;
1063 	};
1064 
1065 	rnr->mld_info_valid = mld_info_present;
1066 }
1067 #else
1068 static inline void
util_scan_update_rnr_mld(struct rnr_bss_info * rnr,uint8_t * data,uint8_t tbtt_info_length)1069 util_scan_update_rnr_mld(struct rnr_bss_info *rnr, uint8_t *data,
1070 			 uint8_t tbtt_info_length)
1071 {
1072 }
1073 #endif
1074 
1075 static QDF_STATUS
util_scan_update_rnr(struct rnr_bss_info * rnr,struct neighbor_ap_info_field * ap_info,uint8_t * data)1076 util_scan_update_rnr(struct rnr_bss_info *rnr,
1077 		     struct neighbor_ap_info_field *ap_info,
1078 		     uint8_t *data)
1079 {
1080 	uint8_t tbtt_info_length;
1081 
1082 	tbtt_info_length = ap_info->tbtt_header.tbtt_info_length;
1083 
1084 	/*
1085 	 * Max TBTT sub-element length in RNR IE is 255 bytes and AP can send
1086 	 * data above defined length and the bytes in excess to this length
1087 	 * shall be treated as reserved.
1088 	 *
1089 	 * Limit the TBTT sub-element read operation to current supported
1090 	 * length i.e TBTT_NEIGHBOR_AP_PARAM_MAX
1091 	 */
1092 	if (tbtt_info_length > TBTT_NEIGHBOR_AP_PARAM_MAX)
1093 		tbtt_info_length = TBTT_NEIGHBOR_AP_PARAM_MAX;
1094 
1095 	switch (tbtt_info_length) {
1096 	case TBTT_NEIGHBOR_AP_OFFSET_ONLY:
1097 		/* Dont store it skip*/
1098 		break;
1099 
1100 	case TBTT_NEIGHBOR_AP_BSS_PARAM:
1101 		/* Dont store it skip*/
1102 		break;
1103 
1104 	case TBTT_NEIGHBOR_AP_S_SSID_BSS_PARAM:
1105 		rnr->bss_params = data[5];
1106 		fallthrough;
1107 	case TBTT_NEIGHBOR_AP_SHORTSSID:
1108 		rnr->channel_number = ap_info->channel_number;
1109 		rnr->operating_class = ap_info->operting_class;
1110 		qdf_mem_copy(&rnr->short_ssid, &data[1], SHORT_SSID_LEN);
1111 		break;
1112 
1113 	case TBTT_NEIGHBOR_AP_BSSID_BSS_PARAM_20MHZ_PSD:
1114 		rnr->psd_20mhz = data[8];
1115 		fallthrough;
1116 	case TBTT_NEIGHBOR_AP_BSSID_BSS_PARAM:
1117 		rnr->bss_params = data[7];
1118 		fallthrough;
1119 	case TBTT_NEIGHBOR_AP_BSSID:
1120 		rnr->channel_number = ap_info->channel_number;
1121 		rnr->operating_class = ap_info->operting_class;
1122 		qdf_mem_copy(&rnr->bssid, &data[1], QDF_MAC_ADDR_SIZE);
1123 		break;
1124 
1125 	case TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM_20MHZ_PSD_MLD_PARAM:
1126 		util_scan_update_rnr_mld(rnr, data, tbtt_info_length);
1127 		fallthrough;
1128 	case TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM_20MHZ_PSD:
1129 		rnr->psd_20mhz = data[12];
1130 		fallthrough;
1131 	case TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM:
1132 		rnr->bss_params = data[11];
1133 		fallthrough;
1134 	case TBTT_NEIGHBOR_AP_BSSSID_S_SSID:
1135 		rnr->channel_number = ap_info->channel_number;
1136 		rnr->operating_class = ap_info->operting_class;
1137 		qdf_mem_copy(&rnr->bssid, &data[1], QDF_MAC_ADDR_SIZE);
1138 		qdf_mem_copy(&rnr->short_ssid, &data[7], SHORT_SSID_LEN);
1139 		break;
1140 
1141 	default:
1142 		scm_debug("Wrong fieldtype");
1143 	}
1144 
1145 	return QDF_STATUS_SUCCESS;
1146 }
1147 
1148 static QDF_STATUS
util_scan_parse_rnr_ie(struct scan_cache_entry * scan_entry,struct ie_header * ie)1149 util_scan_parse_rnr_ie(struct scan_cache_entry *scan_entry,
1150 		       struct ie_header *ie)
1151 {
1152 	uint32_t rnr_ie_len;
1153 	uint16_t tbtt_count, tbtt_length, i, fieldtype, idx;
1154 	uint8_t *data;
1155 	struct neighbor_ap_info_field *neighbor_ap_info;
1156 
1157 	rnr_ie_len = ie->ie_len;
1158 	data = (uint8_t *)ie + sizeof(struct ie_header);
1159 	idx = scan_entry->rnr.count;
1160 
1161 	while ((data + sizeof(struct neighbor_ap_info_field)) <=
1162 					((uint8_t *)ie + rnr_ie_len + 2)) {
1163 		neighbor_ap_info = (struct neighbor_ap_info_field *)data;
1164 		tbtt_count = neighbor_ap_info->tbtt_header.tbtt_info_count;
1165 		tbtt_length = neighbor_ap_info->tbtt_header.tbtt_info_length;
1166 		fieldtype = neighbor_ap_info->tbtt_header.tbbt_info_fieldtype;
1167 		scm_debug("chan %d, opclass %d tbtt_cnt %d, tbtt_len %d, fieldtype %d",
1168 			  neighbor_ap_info->channel_number,
1169 			  neighbor_ap_info->operting_class,
1170 			  tbtt_count, tbtt_length, fieldtype);
1171 		data += sizeof(struct neighbor_ap_info_field);
1172 
1173 		if (tbtt_count > TBTT_INFO_COUNT)
1174 			break;
1175 
1176 		for (i = 0; i < (tbtt_count + 1) &&
1177 		     (data + tbtt_length) <=
1178 				((uint8_t *)ie + rnr_ie_len + 2); i++) {
1179 			if ((i < MAX_RNR_BSS) && (idx < MAX_RNR_BSS))
1180 				util_scan_update_rnr(
1181 					&scan_entry->rnr.bss_info[idx++],
1182 					neighbor_ap_info,
1183 					data);
1184 			data += tbtt_length;
1185 		}
1186 	}
1187 
1188 	scan_entry->rnr.count = idx;
1189 
1190 	return QDF_STATUS_SUCCESS;
1191 }
1192 
1193 #ifdef WLAN_FEATURE_11BE_MLO
1194 static void
util_scan_parse_t2lm_ie(struct scan_cache_entry * scan_params,struct extn_ie_header * extn_ie)1195 util_scan_parse_t2lm_ie(struct scan_cache_entry *scan_params,
1196 			struct extn_ie_header *extn_ie)
1197 {
1198 	uint8_t t2lm_idx = 0;
1199 
1200 	if (extn_ie->ie_extn_id == WLAN_EXTN_ELEMID_T2LM)
1201 		for (t2lm_idx = 0; t2lm_idx < WLAN_MAX_T2LM_IE; t2lm_idx++) {
1202 			if (!scan_params->ie_list.t2lm[t2lm_idx]) {
1203 				scan_params->ie_list.t2lm[t2lm_idx] =
1204 					(uint8_t *)extn_ie;
1205 				return;
1206 		}
1207 	}
1208 }
1209 #endif
1210 
1211 #ifdef WLAN_FEATURE_11BE
1212 #ifdef WLAN_FEATURE_11BE_MLO
util_scan_parse_ml_ie(struct scan_cache_entry * scan_params,struct extn_ie_header * extn_ie)1213 static void util_scan_parse_ml_ie(struct scan_cache_entry *scan_params,
1214 				  struct extn_ie_header *extn_ie)
1215 {
1216 	uint8_t *ml_ie;
1217 	uint32_t ml_ie_len;
1218 	enum wlan_ml_variant ml_variant;
1219 	QDF_STATUS ret;
1220 
1221 	if (extn_ie->ie_extn_id != WLAN_EXTN_ELEMID_MULTI_LINK)
1222 		return;
1223 
1224 	ml_ie = (uint8_t *)extn_ie;
1225 	ml_ie_len = ml_ie[TAG_LEN_POS];
1226 
1227 	/* Adding the size of IE header to ML IE length */
1228 	ml_ie_len += sizeof(struct ie_header);
1229 	ret = util_get_mlie_variant(ml_ie, ml_ie_len, (int *)&ml_variant);
1230 	if (ret) {
1231 		scm_err("Unable to get ml variant");
1232 		return;
1233 	}
1234 
1235 	switch (ml_variant) {
1236 	case WLAN_ML_VARIANT_BASIC:
1237 		scan_params->ie_list.multi_link_bv = (uint8_t *)extn_ie;
1238 		break;
1239 	case WLAN_ML_VARIANT_RECONFIG:
1240 		scan_params->ie_list.multi_link_rv = (uint8_t *)extn_ie;
1241 		break;
1242 	default:
1243 		break;
1244 	}
1245 }
1246 #else
util_scan_parse_ml_ie(struct scan_cache_entry * scan_params,struct extn_ie_header * extn_ie)1247 static void util_scan_parse_ml_ie(struct scan_cache_entry *scan_params,
1248 				  struct extn_ie_header *extn_ie)
1249 {
1250 }
1251 #endif
util_scan_parse_eht_ie(struct scan_cache_entry * scan_params,struct extn_ie_header * extn_ie)1252 static void util_scan_parse_eht_ie(struct scan_cache_entry *scan_params,
1253 				   struct extn_ie_header *extn_ie)
1254 {
1255 	switch (extn_ie->ie_extn_id) {
1256 	case WLAN_EXTN_ELEMID_EHTCAP:
1257 		scan_params->ie_list.ehtcap = (uint8_t *)extn_ie;
1258 		break;
1259 	case WLAN_EXTN_ELEMID_EHTOP:
1260 		scan_params->ie_list.ehtop  = (uint8_t *)extn_ie;
1261 		break;
1262 	default:
1263 		break;
1264 	}
1265 
1266 	util_scan_parse_ml_ie(scan_params, extn_ie);
1267 	util_scan_parse_t2lm_ie(scan_params, extn_ie);
1268 }
1269 #else
util_scan_parse_eht_ie(struct scan_cache_entry * scan_params,struct extn_ie_header * extn_ie)1270 static void util_scan_parse_eht_ie(struct scan_cache_entry *scan_params,
1271 				   struct extn_ie_header *extn_ie)
1272 {
1273 }
1274 #endif
1275 
1276 static QDF_STATUS
util_scan_parse_extn_ie(struct scan_cache_entry * scan_params,struct ie_header * ie)1277 util_scan_parse_extn_ie(struct scan_cache_entry *scan_params,
1278 			struct ie_header *ie)
1279 {
1280 	struct extn_ie_header *extn_ie = (struct extn_ie_header *) ie;
1281 
1282 	switch (extn_ie->ie_extn_id) {
1283 	case WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME:
1284 		if (extn_ie->ie_len != WLAN_MAX_CHAN_SWITCH_TIME_IE_LEN)
1285 			return QDF_STATUS_E_INVAL;
1286 		scan_params->ie_list.mcst  = (uint8_t *)ie;
1287 		break;
1288 	case WLAN_EXTN_ELEMID_SRP:
1289 		if (extn_ie->ie_len > WLAN_MAX_SRP_IE_LEN)
1290 			return QDF_STATUS_E_INVAL;
1291 		scan_params->ie_list.srp   = (uint8_t *)ie;
1292 		break;
1293 	case WLAN_EXTN_ELEMID_HECAP:
1294 		if ((extn_ie->ie_len < WLAN_MIN_HECAP_IE_LEN) ||
1295 		    (extn_ie->ie_len > WLAN_MAX_HECAP_IE_LEN))
1296 			return QDF_STATUS_E_INVAL;
1297 		scan_params->ie_list.hecap = (uint8_t *)ie;
1298 		break;
1299 	case WLAN_EXTN_ELEMID_HEOP:
1300 		if (extn_ie->ie_len > WLAN_MAX_HEOP_IE_LEN)
1301 			return QDF_STATUS_E_INVAL;
1302 		scan_params->ie_list.heop  = (uint8_t *)ie;
1303 		break;
1304 	case WLAN_EXTN_ELEMID_ESP:
1305 		scan_params->ie_list.esp = (uint8_t *)ie;
1306 		break;
1307 	case WLAN_EXTN_ELEMID_MUEDCA:
1308 		if (extn_ie->ie_len > WLAN_MAX_MUEDCA_IE_LEN)
1309 			return QDF_STATUS_E_INVAL;
1310 		scan_params->ie_list.muedca = (uint8_t *)ie;
1311 		break;
1312 	case WLAN_EXTN_ELEMID_HE_6G_CAP:
1313 		if (extn_ie->ie_len > WLAN_MAX_HE_6G_CAP_IE_LEN)
1314 			return QDF_STATUS_E_INVAL;
1315 		scan_params->ie_list.hecap_6g = (uint8_t *)ie;
1316 		break;
1317 	default:
1318 		break;
1319 	}
1320 	util_scan_parse_eht_ie(scan_params, extn_ie);
1321 
1322 	return QDF_STATUS_SUCCESS;
1323 }
1324 
1325 static QDF_STATUS
util_scan_parse_vendor_ie(struct scan_cache_entry * scan_params,struct ie_header * ie)1326 util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params,
1327 	struct ie_header *ie)
1328 {
1329 	if (!scan_params->ie_list.vendor)
1330 		scan_params->ie_list.vendor = (uint8_t *)ie;
1331 
1332 	if (is_wpa_oui((uint8_t *)ie)) {
1333 		scan_params->ie_list.wpa = (uint8_t *)ie;
1334 	} else if (is_wps_oui((uint8_t *)ie)) {
1335 		scan_params->ie_list.wps = (uint8_t *)ie;
1336 		/* WCN IE should be a subset of WPS IE */
1337 		if (is_wcn_oui((uint8_t *)ie))
1338 			scan_params->ie_list.wcn = (uint8_t *)ie;
1339 	} else if (is_wme_param((uint8_t *)ie)) {
1340 		if (ie->ie_len > WLAN_VENDOR_WME_IE_LEN)
1341 			return QDF_STATUS_E_INVAL;
1342 
1343 		scan_params->ie_list.wmeparam = (uint8_t *)ie;
1344 	} else if (is_wme_info((uint8_t *)ie)) {
1345 		scan_params->ie_list.wmeinfo = (uint8_t *)ie;
1346 	} else if (is_atheros_oui((uint8_t *)ie)) {
1347 		if (ie->ie_len > WLAN_VENDOR_ATHCAPS_IE_LEN)
1348 			return QDF_STATUS_E_INVAL;
1349 
1350 		scan_params->ie_list.athcaps = (uint8_t *)ie;
1351 	} else if (is_atheros_extcap_oui((uint8_t *)ie)) {
1352 		if (ie->ie_len > WLAN_VENDOR_ATH_EXTCAP_IE_LEN)
1353 			return QDF_STATUS_E_INVAL;
1354 
1355 		scan_params->ie_list.athextcaps = (uint8_t *)ie;
1356 	} else if (is_sfa_oui((uint8_t *)ie)) {
1357 		if (ie->ie_len > WLAN_VENDOR_SFA_IE_LEN)
1358 			return QDF_STATUS_E_INVAL;
1359 
1360 		scan_params->ie_list.sfa = (uint8_t *)ie;
1361 	} else if (is_p2p_oui((uint8_t *)ie)) {
1362 		scan_params->ie_list.p2p = (uint8_t *)ie;
1363 	} else if (is_qca_son_oui((uint8_t *)ie,
1364 				  QCA_OUI_WHC_AP_INFO_SUBTYPE)) {
1365 
1366 		scan_params->ie_list.sonadv = (uint8_t *)ie;
1367 	} else if (is_ht_cap((uint8_t *)ie)) {
1368 		/* we only care if there isn't already an HT IE (ANA) */
1369 		if (!scan_params->ie_list.htcap) {
1370 			if (ie->ie_len != (WLAN_VENDOR_HT_IE_OFFSET_LEN +
1371 					   sizeof(struct htcap_cmn_ie)))
1372 				return QDF_STATUS_E_INVAL;
1373 			scan_params->ie_list.htcap =
1374 			 (uint8_t *)&(((struct wlan_vendor_ie_htcap *)ie)->ie);
1375 		}
1376 	} else if (is_ht_info((uint8_t *)ie)) {
1377 		/* we only care if there isn't already an HT IE (ANA) */
1378 		if (!scan_params->ie_list.htinfo) {
1379 			if (ie->ie_len != WLAN_VENDOR_HT_IE_OFFSET_LEN +
1380 					  sizeof(struct wlan_ie_htinfo_cmn))
1381 				return QDF_STATUS_E_INVAL;
1382 			scan_params->ie_list.htinfo =
1383 			  (uint8_t *)&(((struct wlan_vendor_ie_htinfo *)
1384 			  ie)->hi_ie);
1385 		}
1386 	} else if (is_interop_vht((uint8_t *)ie) &&
1387 	    !(scan_params->ie_list.vhtcap)) {
1388 		uint8_t *vendor_ie = (uint8_t *)(ie);
1389 
1390 		if (ie->ie_len < ((WLAN_VENDOR_VHTCAP_IE_OFFSET +
1391 				 sizeof(struct wlan_ie_vhtcaps)) -
1392 				 sizeof(struct ie_header)))
1393 			return QDF_STATUS_E_INVAL;
1394 		vendor_ie = ((uint8_t *)(ie)) + WLAN_VENDOR_VHTCAP_IE_OFFSET;
1395 		if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtcaps)) -
1396 				      sizeof(struct ie_header))
1397 			return QDF_STATUS_E_INVAL;
1398 		/* location where Interop Vht Cap IE and VHT OP IE Present */
1399 		scan_params->ie_list.vhtcap = (((uint8_t *)(ie)) +
1400 						WLAN_VENDOR_VHTCAP_IE_OFFSET);
1401 		if (ie->ie_len > ((WLAN_VENDOR_VHTCAP_IE_OFFSET +
1402 				 sizeof(struct wlan_ie_vhtcaps)) -
1403 				 sizeof(struct ie_header))) {
1404 			if (ie->ie_len < ((WLAN_VENDOR_VHTOP_IE_OFFSET +
1405 					  sizeof(struct wlan_ie_vhtop)) -
1406 					  sizeof(struct ie_header)))
1407 				return QDF_STATUS_E_INVAL;
1408 			vendor_ie = ((uint8_t *)(ie)) +
1409 				    WLAN_VENDOR_VHTOP_IE_OFFSET;
1410 			if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtop) -
1411 					     sizeof(struct ie_header)))
1412 				return QDF_STATUS_E_INVAL;
1413 			scan_params->ie_list.vhtop = (((uint8_t *)(ie)) +
1414 						   WLAN_VENDOR_VHTOP_IE_OFFSET);
1415 		}
1416 	} else if (is_bwnss_oui((uint8_t *)ie)) {
1417 		/*
1418 		 * Bandwidth-NSS map has sub-type & version.
1419 		 * hence copy data just after version byte
1420 		 */
1421 		if (ie->ie_len > WLAN_BWNSS_MAP_OFFSET)
1422 			scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8);
1423 	} else if (is_mbo_oce_oui((uint8_t *)ie)) {
1424 		scan_params->ie_list.mbo_oce = (uint8_t *)ie;
1425 	} else if (is_extender_oui((uint8_t *)ie)) {
1426 		scan_params->ie_list.extender = (uint8_t *)ie;
1427 	} else if (is_adaptive_11r_oui((uint8_t *)ie)) {
1428 		if ((ie->ie_len < OUI_LENGTH) ||
1429 		    (ie->ie_len > MAX_ADAPTIVE_11R_IE_LEN))
1430 			return QDF_STATUS_E_INVAL;
1431 
1432 		scan_params->ie_list.adaptive_11r = (uint8_t *)ie +
1433 						sizeof(struct ie_header);
1434 	} else if (is_sae_single_pmk_oui((uint8_t *)ie)) {
1435 		if ((ie->ie_len < OUI_LENGTH) ||
1436 		    (ie->ie_len > MAX_SAE_SINGLE_PMK_IE_LEN)) {
1437 			scm_debug("Invalid sae single pmk OUI");
1438 			return QDF_STATUS_E_INVAL;
1439 		}
1440 		scan_params->ie_list.single_pmk = (uint8_t *)ie +
1441 						sizeof(struct ie_header);
1442 	} else if (is_qcn_oui((uint8_t *)ie)) {
1443 		scan_params->ie_list.qcn = (uint8_t *)ie;
1444 	}
1445 
1446 	return QDF_STATUS_SUCCESS;
1447 }
1448 
1449 static QDF_STATUS
util_scan_populate_bcn_ie_list(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_params,qdf_freq_t * chan_freq,uint8_t band_mask)1450 util_scan_populate_bcn_ie_list(struct wlan_objmgr_pdev *pdev,
1451 			       struct scan_cache_entry *scan_params,
1452 			       qdf_freq_t *chan_freq, uint8_t band_mask)
1453 {
1454 	struct ie_header *ie, *sub_ie;
1455 	uint32_t ie_len, sub_ie_len;
1456 	QDF_STATUS status;
1457 	uint8_t chan_idx;
1458 	struct wlan_scan_obj *scan_obj;
1459 	struct wlan_objmgr_psoc *psoc;
1460 	uint8_t tpe_idx = 0;
1461 
1462 	psoc = wlan_pdev_get_psoc(pdev);
1463 	if (!psoc) {
1464 		scm_err("psoc is NULL");
1465 		return QDF_STATUS_E_INVAL;
1466 	}
1467 
1468 	scan_obj = wlan_psoc_get_scan_obj(psoc);
1469 	if (!scan_obj) {
1470 		scm_err("scan_obj is NULL");
1471 		return QDF_STATUS_E_INVAL;
1472 	}
1473 
1474 	ie_len = util_scan_entry_ie_len(scan_params);
1475 	ie = (struct ie_header *)
1476 		  util_scan_entry_ie_data(scan_params);
1477 
1478 	while (ie_len >= sizeof(struct ie_header)) {
1479 		ie_len -= sizeof(struct ie_header);
1480 
1481 		if (!ie->ie_len) {
1482 			ie += 1;
1483 			continue;
1484 		}
1485 
1486 		if (ie_len < ie->ie_len) {
1487 			if (scan_obj->allow_bss_with_incomplete_ie) {
1488 				scm_debug(QDF_MAC_ADDR_FMT": Scan allowed with incomplete corrupted IE:%x, ie_len: %d, ie->ie_len: %d, stop processing further",
1489 					  QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
1490 					  ie->ie_id, ie_len, ie->ie_len);
1491 				break;
1492 			}
1493 			scm_debug(QDF_MAC_ADDR_FMT": Scan not allowed with incomplete corrupted IE:%x, ie_len: %d, ie->ie_len: %d, stop processing further",
1494 				  QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
1495 				  ie->ie_id, ie_len, ie->ie_len);
1496 			return QDF_STATUS_E_INVAL;
1497 		}
1498 
1499 		switch (ie->ie_id) {
1500 		case WLAN_ELEMID_SSID:
1501 			if (ie->ie_len > (sizeof(struct ie_ssid) -
1502 					  sizeof(struct ie_header)))
1503 				goto err;
1504 			scan_params->ie_list.ssid = (uint8_t *)ie;
1505 			break;
1506 		case WLAN_ELEMID_RATES:
1507 			if (ie->ie_len > WLAN_SUPPORTED_RATES_IE_MAX_LEN)
1508 				goto err;
1509 			scan_params->ie_list.rates = (uint8_t *)ie;
1510 			break;
1511 		case WLAN_ELEMID_DSPARMS:
1512 			if (ie->ie_len != WLAN_DS_PARAM_IE_MAX_LEN)
1513 				return QDF_STATUS_E_INVAL;
1514 			scan_params->ie_list.ds_param = (uint8_t *)ie;
1515 			chan_idx = ((struct ds_ie *)ie)->cur_chan;
1516 			*chan_freq = wlan_reg_chan_band_to_freq(pdev, chan_idx,
1517 								band_mask);
1518 			/* Drop if invalid freq */
1519 			if (scan_obj->drop_bcn_on_invalid_freq &&
1520 			    !wlan_reg_is_freq_enabled(pdev,
1521 						      *chan_freq,
1522 						      REG_CURRENT_PWR_MODE)) {
1523 				scm_debug(QDF_MAC_ADDR_FMT": Drop as invalid chan %d in DS IE, freq %d, band_mask %d",
1524 					  QDF_MAC_ADDR_REF(
1525 						  scan_params->bssid.bytes),
1526 					  chan_idx, *chan_freq, band_mask);
1527 				return QDF_STATUS_E_INVAL;
1528 			}
1529 			break;
1530 		case WLAN_ELEMID_TIM:
1531 			if (ie->ie_len < WLAN_TIM_IE_MIN_LENGTH)
1532 				goto err;
1533 			scan_params->ie_list.tim = (uint8_t *)ie;
1534 			scan_params->dtim_period =
1535 				((struct wlan_tim_ie *)ie)->tim_period;
1536 			break;
1537 		case WLAN_ELEMID_COUNTRY:
1538 			if (ie->ie_len < WLAN_COUNTRY_IE_MIN_LEN)
1539 				goto err;
1540 			scan_params->ie_list.country = (uint8_t *)ie;
1541 			break;
1542 		case WLAN_ELEMID_QBSS_LOAD:
1543 			if (ie->ie_len != sizeof(struct qbss_load_ie) -
1544 					  sizeof(struct ie_header)) {
1545 				/*
1546 				 * Expected QBSS IE length is 5Bytes; For some
1547 				 * old cisco AP, QBSS IE length is 4Bytes, which
1548 				 * doesn't match with latest spec, So ignore
1549 				 * QBSS IE in such case.
1550 				 */
1551 				break;
1552 			}
1553 			scan_params->ie_list.qbssload = (uint8_t *)ie;
1554 			break;
1555 		case WLAN_ELEMID_CHANSWITCHANN:
1556 			if (ie->ie_len != WLAN_CSA_IE_MAX_LEN)
1557 				goto err;
1558 			scan_params->ie_list.csa = (uint8_t *)ie;
1559 			break;
1560 		case WLAN_ELEMID_IBSSDFS:
1561 			if (ie->ie_len < WLAN_IBSSDFS_IE_MIN_LEN)
1562 				goto err;
1563 			scan_params->ie_list.ibssdfs = (uint8_t *)ie;
1564 			break;
1565 		case WLAN_ELEMID_QUIET:
1566 			if (ie->ie_len != WLAN_QUIET_IE_MAX_LEN)
1567 				goto err;
1568 			scan_params->ie_list.quiet = (uint8_t *)ie;
1569 			break;
1570 		case WLAN_ELEMID_ERP:
1571 			if (ie->ie_len != (sizeof(struct erp_ie) -
1572 					    sizeof(struct ie_header)))
1573 				goto err;
1574 			scan_params->erp = ((struct erp_ie *)ie)->value;
1575 			break;
1576 		case WLAN_ELEMID_HTCAP_ANA:
1577 			if (ie->ie_len == sizeof(struct htcap_cmn_ie)) {
1578 				scan_params->ie_list.htcap =
1579 				(uint8_t *)&(((struct htcap_ie *)ie)->ie);
1580 			}
1581 			break;
1582 		case WLAN_ELEMID_RSN:
1583 			/*
1584 			 * For security cert TC, RSNIE length can be 1 but if
1585 			 * beacon is dropped, old entry will remain in scan
1586 			 * cache and cause cert TC failure as connection with
1587 			 * old entry with valid RSN IE will pass.
1588 			 * So instead of dropping the frame, do not store the
1589 			 * RSN pointer so that old entry is overwritten.
1590 			 */
1591 			if (ie->ie_len >= WLAN_RSN_IE_MIN_LEN)
1592 				scan_params->ie_list.rsn = (uint8_t *)ie;
1593 			break;
1594 		case WLAN_ELEMID_XRATES:
1595 			if (ie->ie_len > WLAN_EXT_SUPPORTED_RATES_IE_MAX_LEN)
1596 				goto err;
1597 			scan_params->ie_list.xrates = (uint8_t *)ie;
1598 			break;
1599 		case WLAN_ELEMID_EXTCHANSWITCHANN:
1600 			if (ie->ie_len != WLAN_XCSA_IE_MAX_LEN)
1601 				goto err;
1602 			scan_params->ie_list.xcsa = (uint8_t *)ie;
1603 			break;
1604 		case WLAN_ELEMID_SECCHANOFFSET:
1605 			if (ie->ie_len != WLAN_SECCHANOFF_IE_MAX_LEN)
1606 				goto err;
1607 			scan_params->ie_list.secchanoff = (uint8_t *)ie;
1608 			break;
1609 		case WLAN_ELEMID_HTINFO_ANA:
1610 			if (ie->ie_len != sizeof(struct wlan_ie_htinfo_cmn))
1611 				goto err;
1612 			scan_params->ie_list.htinfo =
1613 			  (uint8_t *)&(((struct wlan_ie_htinfo *) ie)->hi_ie);
1614 			chan_idx = ((struct wlan_ie_htinfo_cmn *)
1615 				 (scan_params->ie_list.htinfo))->hi_ctrlchannel;
1616 			*chan_freq = wlan_reg_chan_band_to_freq(pdev, chan_idx,
1617 								band_mask);
1618 			/* Drop if invalid freq */
1619 			if (scan_obj->drop_bcn_on_invalid_freq &&
1620 			    !wlan_reg_is_freq_enabled(pdev,
1621 						      *chan_freq,
1622 						      REG_CURRENT_PWR_MODE)) {
1623 				scm_debug_rl(QDF_MAC_ADDR_FMT": Drop as invalid channel %d freq %d in HT_INFO IE",
1624 					     QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
1625 					     chan_idx, *chan_freq);
1626 				return QDF_STATUS_E_INVAL;
1627 			}
1628 			break;
1629 		case WLAN_ELEMID_WAPI:
1630 			if (ie->ie_len < WLAN_WAPI_IE_MIN_LEN)
1631 				goto err;
1632 			scan_params->ie_list.wapi = (uint8_t *)ie;
1633 			break;
1634 		case WLAN_ELEMID_XCAPS:
1635 			if (ie->ie_len > WLAN_EXTCAP_IE_MAX_LEN)
1636 				goto err;
1637 			scan_params->ie_list.extcaps = (uint8_t *)ie;
1638 			break;
1639 		case WLAN_ELEMID_VHTCAP:
1640 			if (ie->ie_len != (sizeof(struct wlan_ie_vhtcaps) -
1641 					   sizeof(struct ie_header)))
1642 				goto err;
1643 			scan_params->ie_list.vhtcap = (uint8_t *)ie;
1644 			break;
1645 		case WLAN_ELEMID_VHTOP:
1646 			if (ie->ie_len != (sizeof(struct wlan_ie_vhtop) -
1647 					   sizeof(struct ie_header)))
1648 				goto err;
1649 			scan_params->ie_list.vhtop = (uint8_t *)ie;
1650 			break;
1651 		case WLAN_ELEMID_OP_MODE_NOTIFY:
1652 			if (ie->ie_len != WLAN_OPMODE_IE_MAX_LEN)
1653 				goto err;
1654 			scan_params->ie_list.opmode = (uint8_t *)ie;
1655 			break;
1656 		case WLAN_ELEMID_MOBILITY_DOMAIN:
1657 			if (ie->ie_len != WLAN_MOBILITY_DOMAIN_IE_MAX_LEN)
1658 				goto err;
1659 			scan_params->ie_list.mdie = (uint8_t *)ie;
1660 			break;
1661 		case WLAN_ELEMID_VENDOR:
1662 			status = util_scan_parse_vendor_ie(scan_params,
1663 							   ie);
1664 			if (QDF_IS_STATUS_ERROR(status))
1665 				goto err_status;
1666 			break;
1667 		case WLAN_ELEMID_VHT_TX_PWR_ENVLP:
1668 			if (ie->ie_len < WLAN_TPE_IE_MIN_LEN)
1669 				goto err;
1670 			if (tpe_idx >= WLAN_MAX_NUM_TPE_IE)
1671 				goto err;
1672 			scan_params->ie_list.tpe[tpe_idx++] = (uint8_t *)ie;
1673 			break;
1674 		case WLAN_ELEMID_CHAN_SWITCH_WRAP:
1675 			scan_params->ie_list.cswrp = (uint8_t *)ie;
1676 			/* Go to next sub IE */
1677 			sub_ie = (struct ie_header *)
1678 			(((uint8_t *)ie) + sizeof(struct ie_header));
1679 			sub_ie_len = ie->ie_len;
1680 			status =
1681 				util_scan_parse_chan_switch_wrapper_ie(
1682 					scan_params, sub_ie, sub_ie_len);
1683 			if (QDF_IS_STATUS_ERROR(status)) {
1684 				goto err_status;
1685 			}
1686 			break;
1687 		case WLAN_ELEMID_FILS_INDICATION:
1688 			if (ie->ie_len < WLAN_FILS_INDICATION_IE_MIN_LEN)
1689 				goto err;
1690 			scan_params->ie_list.fils_indication = (uint8_t *)ie;
1691 			break;
1692 		case WLAN_ELEMID_RSNXE:
1693 			if (!ie->ie_len)
1694 				goto err;
1695 			scan_params->ie_list.rsnxe = (uint8_t *)ie;
1696 			break;
1697 		case WLAN_ELEMID_EXTN_ELEM:
1698 			status = util_scan_parse_extn_ie(scan_params, ie);
1699 			if (QDF_IS_STATUS_ERROR(status))
1700 				goto err_status;
1701 			break;
1702 		case WLAN_ELEMID_REDUCED_NEIGHBOR_REPORT:
1703 			if (ie->ie_len < WLAN_RNR_IE_MIN_LEN)
1704 				goto err;
1705 			scan_params->ie_list.rnrie = (uint8_t *)ie;
1706 			status = util_scan_parse_rnr_ie(scan_params, ie);
1707 			if (QDF_IS_STATUS_ERROR(status))
1708 				goto err_status;
1709 			break;
1710 		default:
1711 			break;
1712 		}
1713 
1714 		/* Consume info element */
1715 		ie_len -= ie->ie_len;
1716 		/* Go to next IE */
1717 		ie = (struct ie_header *)
1718 			(((uint8_t *) ie) +
1719 			sizeof(struct ie_header) +
1720 			ie->ie_len);
1721 	}
1722 
1723 	return QDF_STATUS_SUCCESS;
1724 
1725 err:
1726 	status = QDF_STATUS_E_INVAL;
1727 err_status:
1728 	scm_debug(QDF_MAC_ADDR_FMT ": failed to parse IE - id: %d, len: %d",
1729 		  QDF_MAC_ADDR_REF(scan_params->bssid.bytes),
1730 		  ie->ie_id, ie->ie_len);
1731 
1732 	return status;
1733 }
1734 
1735 /**
1736  * util_scan_update_esp_data: update ESP params from beacon/probe response
1737  * @esp_information: pointer to wlan_esp_information
1738  * @scan_entry: new received entry
1739  *
1740  * The Estimated Service Parameters element is
1741  * used by a AP to provide information to another STA which
1742  * can then use the information as input to an algorithm to
1743  * generate an estimate of throughput between the two STAs.
1744  * The ESP Information List field contains from 1 to 4 ESP
1745  * Information fields(each field 24 bits), each corresponding
1746  * to an access category for which estimated service parameters
1747  * information is provided.
1748  *
1749  * Return: None
1750  */
util_scan_update_esp_data(struct wlan_esp_ie * esp_information,struct scan_cache_entry * scan_entry)1751 static void util_scan_update_esp_data(struct wlan_esp_ie *esp_information,
1752 		struct scan_cache_entry *scan_entry)
1753 {
1754 
1755 	uint8_t *data;
1756 	int i = 0;
1757 	uint64_t total_elements;
1758 	struct wlan_esp_info *esp_info;
1759 	struct wlan_esp_ie *esp_ie;
1760 
1761 	esp_ie = (struct wlan_esp_ie *)
1762 		util_scan_entry_esp_info(scan_entry);
1763 
1764 	// Ignore ESP_ID_EXTN element
1765 	total_elements  = esp_ie->esp_len - 1;
1766 	data = (uint8_t *)esp_ie + 3;
1767 	do_div(total_elements, ESP_INFORMATION_LIST_LENGTH);
1768 
1769 	if (total_elements > MAX_ESP_INFORMATION_FIELD) {
1770 		scm_err("No of Air time fractions are greater than supported");
1771 		return;
1772 	}
1773 
1774 	for (i = 0; i < total_elements &&
1775 	     data < ((uint8_t *)esp_ie + esp_ie->esp_len); i++) {
1776 		esp_info = (struct wlan_esp_info *)data;
1777 		if (esp_info->access_category == ESP_AC_BK) {
1778 			qdf_mem_copy(&esp_information->esp_info_AC_BK,
1779 					data, 3);
1780 			data = data + ESP_INFORMATION_LIST_LENGTH;
1781 			continue;
1782 		}
1783 		if (esp_info->access_category == ESP_AC_BE) {
1784 			qdf_mem_copy(&esp_information->esp_info_AC_BE,
1785 					data, 3);
1786 			data = data + ESP_INFORMATION_LIST_LENGTH;
1787 			continue;
1788 		}
1789 		if (esp_info->access_category == ESP_AC_VI) {
1790 			qdf_mem_copy(&esp_information->esp_info_AC_VI,
1791 					data, 3);
1792 			data = data + ESP_INFORMATION_LIST_LENGTH;
1793 			continue;
1794 		}
1795 		if (esp_info->access_category == ESP_AC_VO) {
1796 			qdf_mem_copy(&esp_information->esp_info_AC_VO,
1797 					data, 3);
1798 			data = data + ESP_INFORMATION_LIST_LENGTH;
1799 			break;
1800 		}
1801 	}
1802 }
1803 
1804 /**
1805  * util_scan_scm_update_bss_with_esp_data: calculate estimated air time
1806  * fraction
1807  * @scan_entry: new received entry
1808  *
1809  * This function process all Access category ESP params and provide
1810  * best effort air time fraction.
1811  * If best effort is not available, it will choose VI, VO and BK in sequence
1812  *
1813  */
util_scan_scm_update_bss_with_esp_data(struct scan_cache_entry * scan_entry)1814 static void util_scan_scm_update_bss_with_esp_data(
1815 		struct scan_cache_entry *scan_entry)
1816 {
1817 	uint8_t air_time_fraction = 0;
1818 	struct wlan_esp_ie esp_information;
1819 
1820 	if (!scan_entry->ie_list.esp)
1821 		return;
1822 
1823 	util_scan_update_esp_data(&esp_information, scan_entry);
1824 
1825 	/*
1826 	 * If the ESP metric is transmitting multiple airtime fractions, then
1827 	 * follow the sequence AC_BE, AC_VI, AC_VO, AC_BK and pick whichever is
1828 	 * the first one available
1829 	 */
1830 	if (esp_information.esp_info_AC_BE.access_category
1831 			== ESP_AC_BE)
1832 		air_time_fraction =
1833 			esp_information.esp_info_AC_BE.
1834 			estimated_air_fraction;
1835 	else if (esp_information.esp_info_AC_VI.access_category
1836 			== ESP_AC_VI)
1837 		air_time_fraction =
1838 			esp_information.esp_info_AC_VI.
1839 			estimated_air_fraction;
1840 	else if (esp_information.esp_info_AC_VO.access_category
1841 			== ESP_AC_VO)
1842 		air_time_fraction =
1843 			esp_information.esp_info_AC_VO.
1844 			estimated_air_fraction;
1845 	else if (esp_information.esp_info_AC_BK.access_category
1846 			== ESP_AC_BK)
1847 		air_time_fraction =
1848 			esp_information.esp_info_AC_BK.
1849 				estimated_air_fraction;
1850 	scan_entry->air_time_fraction = air_time_fraction;
1851 }
1852 
1853 /**
1854  * util_scan_scm_calc_nss_supported_by_ap() - finds out nss from AP
1855  * @scan_params: new received entry
1856  *
1857  * Return: number of nss advertised by AP
1858  */
util_scan_scm_calc_nss_supported_by_ap(struct scan_cache_entry * scan_params)1859 static int util_scan_scm_calc_nss_supported_by_ap(
1860 		struct scan_cache_entry *scan_params)
1861 {
1862 	struct htcap_cmn_ie *htcap;
1863 	struct wlan_ie_vhtcaps *vhtcaps;
1864 	uint8_t *he_cap;
1865 	uint8_t *end_ptr = NULL;
1866 	uint16_t rx_mcs_map = 0;
1867 	uint8_t *mcs_map_offset;
1868 
1869 	htcap = (struct htcap_cmn_ie *)
1870 		util_scan_entry_htcap(scan_params);
1871 	vhtcaps = (struct wlan_ie_vhtcaps *)
1872 		util_scan_entry_vhtcap(scan_params);
1873 	he_cap = util_scan_entry_hecap(scan_params);
1874 
1875 	if (he_cap) {
1876 		/* Using rx mcs map related to 80MHz or lower as in some
1877 		 * cases higher mcs may support lesser NSS than that
1878 		 * of lowe mcs. Thus giving max NSS capability.
1879 		 */
1880 		end_ptr = he_cap + he_cap[1] + sizeof(struct ie_header);
1881 		mcs_map_offset = (he_cap + sizeof(struct extn_ie_header) +
1882 				  WLAN_HE_MACCAP_LEN + WLAN_HE_PHYCAP_LEN);
1883 		if ((mcs_map_offset + WLAN_HE_MCS_MAP_LEN) <= end_ptr) {
1884 			rx_mcs_map = *(uint16_t *)mcs_map_offset;
1885 		} else {
1886 			rx_mcs_map = WLAN_INVALID_RX_MCS_MAP;
1887 			scm_debug("mcs_map_offset exceeds he cap len");
1888 		}
1889 	} else if (vhtcaps) {
1890 		rx_mcs_map = vhtcaps->rx_mcs_map;
1891 	}
1892 
1893 	if (he_cap || vhtcaps) {
1894 		if ((rx_mcs_map & 0xC000) != 0xC000)
1895 			return 8;
1896 
1897 		if ((rx_mcs_map & 0x3000) != 0x3000)
1898 			return 7;
1899 
1900 		if ((rx_mcs_map & 0x0C00) != 0x0C00)
1901 			return 6;
1902 
1903 		if ((rx_mcs_map & 0x0300) != 0x0300)
1904 			return 5;
1905 
1906 		if ((rx_mcs_map & 0x00C0) != 0x00C0)
1907 			return 4;
1908 
1909 		if ((rx_mcs_map & 0x0030) != 0x0030)
1910 			return 3;
1911 
1912 		if ((rx_mcs_map & 0x000C) != 0x000C)
1913 			return 2;
1914 	} else if (htcap) {
1915 		if (htcap->mcsset[3])
1916 			return 4;
1917 
1918 		if (htcap->mcsset[2])
1919 			return 3;
1920 
1921 		if (htcap->mcsset[1])
1922 			return 2;
1923 
1924 	}
1925 	return 1;
1926 }
1927 
1928 #ifdef WLAN_DFS_CHAN_HIDDEN_SSID
1929 QDF_STATUS
util_scan_add_hidden_ssid(struct wlan_objmgr_pdev * pdev,qdf_nbuf_t bcnbuf)1930 util_scan_add_hidden_ssid(struct wlan_objmgr_pdev *pdev, qdf_nbuf_t bcnbuf)
1931 {
1932 	struct wlan_frame_hdr *hdr;
1933 	struct wlan_bcn_frame *bcn;
1934 	struct wlan_scan_obj *scan_obj;
1935 	struct wlan_ssid *conf_ssid;
1936 	struct  ie_header *ie;
1937 	uint32_t frame_len = qdf_nbuf_len(bcnbuf);
1938 	uint16_t bcn_ie_offset, ssid_ie_start_offset, ssid_ie_end_offset;
1939 	uint16_t tmplen, ie_length;
1940 	uint8_t *pbeacon, *tmp;
1941 	bool     set_ssid_flag = false;
1942 	struct ie_ssid ssid = {0};
1943 	uint8_t pdev_id;
1944 
1945 	if (!pdev) {
1946 		scm_warn("pdev: 0x%pK is NULL", pdev);
1947 		return QDF_STATUS_E_NULL_VALUE;
1948 	}
1949 	pdev_id = wlan_objmgr_pdev_get_pdev_id(pdev);
1950 	scan_obj = wlan_pdev_get_scan_obj(pdev);
1951 	if (!scan_obj) {
1952 		scm_warn("null scan_obj");
1953 		return QDF_STATUS_E_NULL_VALUE;
1954 	}
1955 
1956 	conf_ssid = &scan_obj->pdev_info[pdev_id].conf_ssid;
1957 
1958 	hdr = (struct wlan_frame_hdr *)qdf_nbuf_data(bcnbuf);
1959 
1960 	/* received bssid does not match configured bssid */
1961 	if (qdf_mem_cmp(hdr->i_addr3, scan_obj->pdev_info[pdev_id].conf_bssid,
1962 			QDF_MAC_ADDR_SIZE) ||
1963 			conf_ssid->length == 0) {
1964 		return QDF_STATUS_SUCCESS;
1965 	}
1966 
1967 	bcn = (struct wlan_bcn_frame *)(qdf_nbuf_data(bcnbuf) + sizeof(*hdr));
1968 	pbeacon = (uint8_t *)bcn;
1969 
1970 	ie = (struct ie_header *)(pbeacon +
1971 				  offsetof(struct wlan_bcn_frame, ie));
1972 
1973 	bcn_ie_offset = offsetof(struct wlan_bcn_frame, ie);
1974 	ie_length = (uint16_t)(frame_len - sizeof(*hdr) -
1975 			       bcn_ie_offset);
1976 
1977 	while (ie_length >=  sizeof(struct ie_header)) {
1978 		ie_length -= sizeof(struct ie_header);
1979 
1980 		bcn_ie_offset += sizeof(struct ie_header);
1981 
1982 		if (ie_length < ie->ie_len) {
1983 			scm_debug("Incomplete corrupted IE:%x", ie->ie_id);
1984 			return QDF_STATUS_E_INVAL;
1985 		}
1986 		if (ie->ie_id == WLAN_ELEMID_SSID) {
1987 			if (ie->ie_len > (sizeof(struct ie_ssid) -
1988 						 sizeof(struct ie_header))) {
1989 				return QDF_STATUS_E_INVAL;
1990 			}
1991 			ssid.ssid_id = ie->ie_id;
1992 			ssid.ssid_len = ie->ie_len;
1993 
1994 			if (ssid.ssid_len)
1995 				qdf_mem_copy(ssid.ssid,
1996 					     ie + sizeof(struct ie_header),
1997 					     ssid.ssid_len);
1998 
1999 			if (util_scan_is_hidden_ssid(&ssid)) {
2000 				set_ssid_flag  = true;
2001 				ssid_ie_start_offset = bcn_ie_offset -
2002 					sizeof(struct ie_header);
2003 				ssid_ie_end_offset = bcn_ie_offset +
2004 					ie->ie_len;
2005 			}
2006 		}
2007 		if (ie->ie_len == 0) {
2008 			ie += 1;    /* next IE */
2009 			continue;
2010 		}
2011 		if (ie->ie_id == WLAN_ELEMID_VENDOR &&
2012 		    is_wps_oui((uint8_t *)ie)) {
2013 			set_ssid_flag = false;
2014 			break;
2015 		}
2016 		/* Consume info element */
2017 		ie_length -=  ie->ie_len;
2018 		/* Go to next IE */
2019 		ie = (struct ie_header *)(((uint8_t *)ie) +
2020 				sizeof(struct ie_header) +
2021 				ie->ie_len);
2022 	}
2023 
2024 	if (set_ssid_flag) {
2025 		/* Hidden SSID if the Length is 0 */
2026 		if (!ssid.ssid_len) {
2027 			/* increase the taillength by length of ssid */
2028 			if (qdf_nbuf_put_tail(bcnbuf,
2029 					      conf_ssid->length) == NULL) {
2030 				scm_debug("No enough tailroom");
2031 				return  QDF_STATUS_E_NOMEM;
2032 			}
2033 			/*
2034 			 * "qdf_nbuf_put_tail" might change the data pointer of
2035 			 * the skb. Therefore use the new data area.
2036 			 */
2037 			pbeacon = (qdf_nbuf_data(bcnbuf) + sizeof(*hdr));
2038 			/* length of the buffer to be copied */
2039 			tmplen = frame_len -
2040 				sizeof(*hdr) - ssid_ie_end_offset;
2041 			/*
2042 			 * tmp memory to copy the beacon info
2043 			 * after ssid ie.
2044 			 */
2045 			tmp = qdf_mem_malloc(tmplen * sizeof(u_int8_t));
2046 			if (!tmp)
2047 				return  QDF_STATUS_E_NOMEM;
2048 
2049 			/* Copy beacon data after ssid ie to tmp */
2050 			qdf_nbuf_copy_bits(bcnbuf, (sizeof(*hdr) +
2051 					   ssid_ie_end_offset), tmplen, tmp);
2052 			/* Add ssid length */
2053 			*(pbeacon + (ssid_ie_start_offset + 1))
2054 				= conf_ssid->length;
2055 			/* Insert the  SSID string */
2056 			qdf_mem_copy((pbeacon + ssid_ie_end_offset),
2057 				     conf_ssid->ssid, conf_ssid->length);
2058 			/* Copy rest of the beacon data */
2059 			qdf_mem_copy((pbeacon + ssid_ie_end_offset +
2060 				      conf_ssid->length), tmp, tmplen);
2061 			qdf_mem_free(tmp);
2062 
2063 			/* Hidden ssid with all 0's */
2064 		} else if (ssid.ssid_len == conf_ssid->length) {
2065 			/* Insert the  SSID string */
2066 			qdf_mem_copy((pbeacon + ssid_ie_start_offset +
2067 				      sizeof(struct ie_header)),
2068 				      conf_ssid->ssid, conf_ssid->length);
2069 		} else {
2070 			scm_debug("mismatch in hidden ssid length");
2071 			return QDF_STATUS_E_INVAL;
2072 		}
2073 	}
2074 	return QDF_STATUS_SUCCESS;
2075 }
2076 #endif /* WLAN_DFS_CHAN_HIDDEN_SSID */
2077 
2078 #ifdef WLAN_ADAPTIVE_11R
2079 /**
2080  * scm_fill_adaptive_11r_cap() - Check if the AP supports adaptive 11r
2081  * @scan_entry: Pointer to the scan entry
2082  *
2083  * Return: true if adaptive 11r is advertised else false
2084  */
scm_fill_adaptive_11r_cap(struct scan_cache_entry * scan_entry)2085 static void scm_fill_adaptive_11r_cap(struct scan_cache_entry *scan_entry)
2086 {
2087 	uint8_t *ie;
2088 	uint8_t data;
2089 	bool adaptive_11r;
2090 
2091 	ie = util_scan_entry_adaptive_11r(scan_entry);
2092 	if (!ie)
2093 		return;
2094 
2095 	data = *(ie + OUI_LENGTH);
2096 	adaptive_11r = (data & 0x1) ? true : false;
2097 
2098 	scan_entry->adaptive_11r_ap = adaptive_11r;
2099 }
2100 #else
scm_fill_adaptive_11r_cap(struct scan_cache_entry * scan_entry)2101 static void scm_fill_adaptive_11r_cap(struct scan_cache_entry *scan_entry)
2102 {
2103 	scan_entry->adaptive_11r_ap = false;
2104 }
2105 #endif
2106 
util_scan_set_security(struct scan_cache_entry * scan_params)2107 static void util_scan_set_security(struct scan_cache_entry *scan_params)
2108 {
2109 	if (util_scan_entry_wpa(scan_params))
2110 		scan_params->security_type |= SCAN_SECURITY_TYPE_WPA;
2111 
2112 	if (util_scan_entry_rsn(scan_params))
2113 		scan_params->security_type |= SCAN_SECURITY_TYPE_RSN;
2114 	if (util_scan_entry_wapi(scan_params))
2115 		scan_params->security_type |= SCAN_SECURITY_TYPE_WAPI;
2116 
2117 	if (!scan_params->security_type &&
2118 	    scan_params->cap_info.wlan_caps.privacy)
2119 		scan_params->security_type |= SCAN_SECURITY_TYPE_WEP;
2120 }
2121 
2122 #ifdef WLAN_FEATURE_11BE_MLO
2123 /*
2124  * Multi link IE field offsets
2125  *  ------------------------------------------------------------------------
2126  * | EID(1) | Len (1) | EID_EXT (1) | ML_CONTROL (2) | CMN_INFO (var) | ... |
2127  *  ------------------------------------------------------------------------
2128  */
2129 #define ML_CONTROL_OFFSET 3
2130 #define ML_CMN_INFO_OFFSET ML_CONTROL_OFFSET + 2
2131 
2132 #define CMN_INFO_LINK_ID_PRESENT_BIT      BIT(4)
2133 #define LINK_INFO_MAC_ADDR_PRESENT_BIT    BIT(5)
2134 
2135 /* This function is implemented as per IEEE802.11be D1.0, there is no difference
2136  * in presence bitmap for beacon, probe response and probe request frames.
2137  * This code is to be revisited for future drafts if the presence bitmap values
2138  * changes for the beacon, probe response and probe request frames.
2139  */
util_get_link_info_offset(uint8_t * ml_ie,bool * is_ml_ie_valid)2140 static uint8_t util_get_link_info_offset(uint8_t *ml_ie, bool *is_ml_ie_valid)
2141 {
2142 	qdf_size_t ml_ie_len = 0;
2143 	qdf_size_t parsed_ie_len = 0;
2144 	struct wlan_ie_multilink *mlie_fixed;
2145 	uint16_t mlcontrol;
2146 	uint16_t presencebm;
2147 	qdf_size_t actual_len;
2148 
2149 	if (!ml_ie) {
2150 		scm_err("ml_ie is null");
2151 		return 0;
2152 	}
2153 
2154 	if (!is_ml_ie_valid) {
2155 		scm_err_rl("is_ml_ie_valid is null");
2156 		return 0;
2157 	}
2158 
2159 	ml_ie_len = ml_ie[TAG_LEN_POS];
2160 	if (!ml_ie_len) {
2161 		scm_err("ml_ie_len is zero");
2162 		return 0;
2163 	}
2164 
2165 	if (ml_ie_len < sizeof(struct wlan_ie_multilink)) {
2166 		scm_err_rl("Length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
2167 			   ml_ie_len, sizeof(struct wlan_ie_multilink));
2168 		return 0;
2169 	}
2170 
2171 	mlie_fixed = (struct wlan_ie_multilink *)ml_ie;
2172 	mlcontrol = le16toh(mlie_fixed->mlcontrol);
2173 	presencebm = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
2174 				  WLAN_ML_CTRL_PBM_BITS);
2175 
2176 	parsed_ie_len += sizeof(*mlie_fixed);
2177 
2178 	parsed_ie_len += WLAN_ML_BV_CINFO_LENGTH_SIZE;
2179 	parsed_ie_len += QDF_MAC_ADDR_SIZE;
2180 
2181 	/* Check if Link ID info is present */
2182 	if (presencebm & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P)
2183 		parsed_ie_len += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
2184 
2185 	/* Check if BSS parameter change count is present */
2186 	if (presencebm & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P)
2187 		parsed_ie_len += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
2188 
2189 	/* Check if Medium Sync Delay Info is present */
2190 	if (presencebm & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P)
2191 		parsed_ie_len += WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE;
2192 
2193 	/* Check if EML cap is present */
2194 	if (presencebm & WLAN_ML_BV_CTRL_PBM_EMLCAP_P)
2195 		parsed_ie_len += WLAN_ML_BV_CINFO_EMLCAP_SIZE;
2196 
2197 	/* Check if MLD cap and op is present */
2198 	if (presencebm & WLAN_ML_BV_CTRL_PBM_MLDCAPANDOP_P)
2199 		parsed_ie_len += WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE;
2200 
2201 	/* Check if MLD ID is present */
2202 	if (presencebm & WLAN_ML_BV_CTRL_PBM_MLDID_P)
2203 		parsed_ie_len += WLAN_ML_BV_CINFO_MLDID_SIZE;
2204 
2205 	/* Check if Extended MLD Cap and Op is present */
2206 	if (presencebm & WLAN_ML_BV_CTRL_PBM_EXT_MLDCAPANDOP_P)
2207 		parsed_ie_len += WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE;
2208 
2209 	/* Offset calculation starts from the beginning of the ML IE (including
2210 	 * EID) hence, adding the size of IE header to ML IE length.
2211 	 */
2212 	actual_len = ml_ie_len + sizeof(struct ie_header);
2213 	if (parsed_ie_len <= actual_len) {
2214 		*is_ml_ie_valid = true;
2215 	} else {
2216 		*is_ml_ie_valid = false;
2217 		scm_err("Invalid ML IE, expect min len: %zu, actual len: %zu",
2218 			parsed_ie_len, actual_len);
2219 	}
2220 	if (parsed_ie_len < actual_len)
2221 		return parsed_ie_len;
2222 
2223 	return 0;
2224 }
2225 
2226 static void
util_get_ml_bv_partner_link_info(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_entry)2227 util_get_ml_bv_partner_link_info(struct wlan_objmgr_pdev *pdev,
2228 				 struct scan_cache_entry *scan_entry)
2229 {
2230 	uint8_t *ml_ie = scan_entry->ie_list.multi_link_bv;
2231 	uint8_t *end_ptr = NULL;
2232 	bool is_ml_ie_valid;
2233 	uint8_t offset = util_get_link_info_offset(ml_ie, &is_ml_ie_valid);
2234 	uint16_t sta_ctrl;
2235 	uint8_t *stactrl_offset = NULL, *ielist_offset;
2236 	uint8_t perstaprof_len = 0, perstaprof_stainfo_len = 0, ielist_len = 0;
2237 	struct partner_link_info *link_info = NULL;
2238 	uint8_t eid = 0;
2239 	uint8_t link_idx = 0;
2240 	uint8_t rnr_idx = 0;
2241 	struct rnr_bss_info *rnr = NULL;
2242 	qdf_size_t ml_ie_len = ml_ie[TAG_LEN_POS] + sizeof(struct ie_header);
2243 
2244 	/* Update partner info  from RNR IE */
2245 	while ((rnr_idx < MAX_RNR_BSS) && (rnr_idx < scan_entry->rnr.count)) {
2246 		if (link_idx >= (MLD_MAX_LINKS - 1))
2247 			break;
2248 		rnr = &scan_entry->rnr.bss_info[rnr_idx];
2249 		if (rnr->mld_info_valid && !rnr->mld_info.mld_id) {
2250 			link_info = &scan_entry->ml_info.link_info[link_idx];
2251 			qdf_mem_copy(&link_info->link_addr,
2252 				     &rnr->bssid, QDF_MAC_ADDR_SIZE);
2253 
2254 			link_info->link_id = rnr->mld_info.link_id;
2255 			link_info->freq =
2256 				wlan_reg_chan_opclass_to_freq(rnr->channel_number,
2257 							      rnr->operating_class,
2258 							      true);
2259 
2260 			if (!link_info->freq)
2261 				scm_debug_rl("freq 0 rnr channel %u op_class %u " QDF_MAC_ADDR_FMT,
2262 					     rnr->channel_number,
2263 					     rnr->operating_class,
2264 					     QDF_MAC_ADDR_REF(rnr->bssid.bytes));
2265 			link_info->op_class = rnr->operating_class;
2266 			link_idx++;
2267 		}
2268 		rnr_idx++;
2269 	}
2270 
2271 	scan_entry->ml_info.num_links = link_idx;
2272 	if (!offset ||
2273 	    (offset + sizeof(struct wlan_ml_bv_linfo_perstaprof) >= ml_ie_len)) {
2274 		scm_debug_rl("incorrect offset value %d", offset);
2275 		return;
2276 	}
2277 
2278 	/* TODO: loop through all the STA info fields */
2279 
2280 	/*
2281 	 * Per-STA Profile subelement format of the Basic Multi-Link element
2282 	 *
2283 	 * |---------------|--------|-------------|----------|-------------|
2284 	 * | Subelement ID | Length | STA control | STA info | STA profile |
2285 	 * |---------------|--------|-------------|----------|-------------|
2286 	 * Octets:  1         1           2         variable     variable
2287 	 */
2288 
2289 	/* Sub element ID 0 represents Per-STA Profile */
2290 	if (ml_ie[offset] == 0) {
2291 		perstaprof_len = ml_ie[offset + 1];
2292 		stactrl_offset = &ml_ie[offset + 2];
2293 		end_ptr = &ml_ie[offset] + perstaprof_len + 2;
2294 
2295 		if (!(end_ptr <= (ml_ie + ml_ie_len))) {
2296 			if (ml_ie[TAG_LEN_POS] >= 255)
2297 				scm_debug_rl("Possible fragmentation in ml_ie for tag_len %d. Ignore the processing",
2298 					     ml_ie[TAG_LEN_POS]);
2299 			else
2300 				scm_debug_rl("perstaprof exceeds ML IE boundary for tag_len %d. Ignore the processing",
2301 					     ml_ie[TAG_LEN_POS]);
2302 			return;
2303 		}
2304 
2305 		/* Skip sub element ID and length fields */
2306 		offset += 2;
2307 
2308 		sta_ctrl = *(uint16_t *)(ml_ie + offset);
2309 
2310 		/* Skip STA control field */
2311 		offset += 2;
2312 
2313 		/*
2314 		 * offset points to the beginning of the STA Info field which
2315 		 * indicates the number of octets in the STA Info field,
2316 		 * including one octet for the STA Info Length subfield.
2317 		 */
2318 		perstaprof_stainfo_len = ml_ie[offset];
2319 
2320 		/* Skip STA Info Length field */
2321 		offset += perstaprof_stainfo_len;
2322 		if (offset >= ml_ie_len) {
2323 			scm_err_rl("incorrect offset value %d", offset);
2324 			return;
2325 		}
2326 
2327 		/*
2328 		 * To point to the ie_list offset move past the STA Info
2329 		 * field.
2330 		 */
2331 		ielist_offset = &ml_ie[offset];
2332 
2333 		/*
2334 		 * Ensure that the STA Control Field + STA Info Field
2335 		 * is smaller than the per-STA profile when incrementing
2336 		 * the pointer to avoid underflow during subtraction.
2337 		 */
2338 		if ((perstaprof_stainfo_len +
2339 		     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE) <
2340 							perstaprof_len) {
2341 			if (!(ielist_offset <= end_ptr))
2342 				ielist_len = 0;
2343 			else
2344 				ielist_len = perstaprof_len -
2345 					(WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE +
2346 					 perstaprof_stainfo_len);
2347 		} else {
2348 			scm_debug_rl("No STA profile IE list found for perstaprof_stainfo_len %d perstaprof_len %d",
2349 				     perstaprof_stainfo_len, perstaprof_len);
2350 			ielist_len = 0;
2351 		}
2352 
2353 		link_info = NULL;
2354 		for (link_idx = 0; link_idx < scan_entry->ml_info.num_links;
2355 		     link_idx++) {
2356 			if (scan_entry->ml_info.link_info[link_idx].link_id ==
2357 							(sta_ctrl & 0xF)) {
2358 				link_info = &scan_entry->ml_info.link_info[link_idx];
2359 			}
2360                 }
2361 
2362 		/* Get the pointers to CSA, ECSA, Max Channel Switch Time IE. */
2363 		if (link_info) {
2364 			link_info->csa_ie = wlan_get_ie_ptr_from_eid
2365 				(WLAN_ELEMID_CHANSWITCHANN, ielist_offset,
2366 				 ielist_len);
2367 
2368 			link_info->ecsa_ie = wlan_get_ie_ptr_from_eid
2369 				(WLAN_ELEMID_EXTCHANSWITCHANN, ielist_offset,
2370 				 ielist_len);
2371 
2372 			eid = WLAN_EXTN_ELEMID_MAX_CHAN_SWITCH_TIME;
2373 			link_info->max_cst_ie = wlan_get_ext_ie_ptr_from_ext_id
2374 					(&eid, 1, ielist_offset, ielist_len);
2375 		}
2376 	}
2377 }
2378 
util_scan_update_ml_info(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_entry)2379 static void util_scan_update_ml_info(struct wlan_objmgr_pdev *pdev,
2380 				     struct scan_cache_entry *scan_entry)
2381 {
2382 	uint8_t *ml_ie = scan_entry->ie_list.multi_link_bv;
2383 	uint16_t multi_link_ctrl;
2384 	uint8_t offset;
2385 	uint8_t mlie_min_len;
2386 	bool is_ml_ie_valid = true;
2387 	uint8_t *end_ptr = NULL;
2388 
2389 	if (!scan_entry->ie_list.ehtcap && scan_entry->ie_list.multi_link_bv) {
2390 		scan_entry->ie_list.multi_link_bv = NULL;
2391 		return;
2392 	}
2393 	if (!scan_entry->ie_list.multi_link_bv)
2394 		return;
2395 
2396 	mlie_min_len = util_get_link_info_offset(ml_ie, &is_ml_ie_valid);
2397 	if (!is_ml_ie_valid) {
2398 		scan_entry->ie_list.multi_link_bv = NULL;
2399 		return;
2400 	}
2401 
2402 	end_ptr = ml_ie + ml_ie[TAG_LEN_POS] + sizeof(struct ie_header);
2403 
2404 	multi_link_ctrl = *(uint16_t *)(ml_ie + ML_CONTROL_OFFSET);
2405 
2406 	/* TODO: update ml_info based on ML IE */
2407 
2408 	offset = ML_CMN_INFO_OFFSET;
2409 
2410 	/* Increment the offset to account for the Common Info Length */
2411 	offset += WLAN_ML_BV_CINFO_LENGTH_SIZE;
2412 
2413 	if ((ml_ie + offset + QDF_MAC_ADDR_SIZE) <= end_ptr) {
2414 		qdf_mem_copy(&scan_entry->ml_info.mld_mac_addr,
2415 			     ml_ie + offset, QDF_MAC_ADDR_SIZE);
2416 		offset += QDF_MAC_ADDR_SIZE;
2417 	}
2418 
2419 	/* TODO: Decode it from ML IE */
2420 	scan_entry->ml_info.num_links = 0;
2421 
2422 	/**
2423 	 * Copy Link ID & MAC address of the scan cache entry as first entry
2424 	 * in the partner info list
2425 	 */
2426 	if (multi_link_ctrl & CMN_INFO_LINK_ID_PRESENT_BIT) {
2427 		if (&ml_ie[offset] < end_ptr)
2428 			scan_entry->ml_info.self_link_id = ml_ie[offset] & 0x0F;
2429 	}
2430 
2431 	util_get_ml_bv_partner_link_info(pdev, scan_entry);
2432 }
2433 #else
util_scan_update_ml_info(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_entry)2434 static void util_scan_update_ml_info(struct wlan_objmgr_pdev *pdev,
2435 				     struct scan_cache_entry *scan_entry)
2436 {
2437 }
2438 #endif
2439 
2440 static QDF_STATUS
util_scan_gen_scan_entry(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,struct scan_mbssid_info * mbssid_info,qdf_list_t * scan_list)2441 util_scan_gen_scan_entry(struct wlan_objmgr_pdev *pdev,
2442 			 uint8_t *frame, qdf_size_t frame_len,
2443 			 uint32_t frm_subtype,
2444 			 struct mgmt_rx_event_params *rx_param,
2445 			 struct scan_mbssid_info *mbssid_info,
2446 			 qdf_list_t *scan_list)
2447 {
2448 	struct wlan_frame_hdr *hdr;
2449 	struct wlan_bcn_frame *bcn;
2450 	QDF_STATUS status = QDF_STATUS_SUCCESS;
2451 	struct ie_ssid *ssid;
2452 	struct scan_cache_entry *scan_entry;
2453 	struct qbss_load_ie *qbss_load;
2454 	struct scan_cache_node *scan_node;
2455 	uint8_t i;
2456 	qdf_freq_t chan_freq = 0;
2457 	bool is_6g_dup_bcon = false;
2458 	uint8_t band_mask;
2459 	qdf_freq_t recv_freq = 0;
2460 
2461 	scan_entry = qdf_mem_malloc_atomic(sizeof(*scan_entry));
2462 	if (!scan_entry) {
2463 		scm_err("failed to allocate memory for scan_entry");
2464 		return QDF_STATUS_E_NOMEM;
2465 	}
2466 
2467 	scan_entry->raw_frame.ptr =
2468 			qdf_mem_malloc_atomic(frame_len);
2469 	if (!scan_entry->raw_frame.ptr) {
2470 		scm_err("failed to allocate memory for frame");
2471 		qdf_mem_free(scan_entry);
2472 		return QDF_STATUS_E_NOMEM;
2473 	}
2474 
2475 	bcn = (struct wlan_bcn_frame *)
2476 			   (frame + sizeof(*hdr));
2477 	hdr = (struct wlan_frame_hdr *)frame;
2478 
2479 	/* update timestamp in nanoseconds needed by kernel layers */
2480 	scan_entry->boottime_ns = qdf_get_bootbased_boottime_ns();
2481 
2482 	scan_entry->frm_subtype = frm_subtype;
2483 	qdf_mem_copy(scan_entry->bssid.bytes,
2484 		hdr->i_addr3, QDF_MAC_ADDR_SIZE);
2485 	/* Scr addr */
2486 	qdf_mem_copy(scan_entry->mac_addr.bytes,
2487 		hdr->i_addr2, QDF_MAC_ADDR_SIZE);
2488 	scan_entry->seq_num =
2489 		(le16toh(*(uint16_t *)hdr->i_seq) >> WLAN_SEQ_SEQ_SHIFT);
2490 
2491 	scan_entry->snr = rx_param->snr;
2492 	scan_entry->avg_snr = WLAN_SNR_IN(scan_entry->snr);
2493 	scan_entry->rssi_raw = rx_param->rssi;
2494 	scan_entry->avg_rssi = WLAN_RSSI_IN(scan_entry->rssi_raw);
2495 	scan_entry->tsf_delta = rx_param->tsf_delta;
2496 	scan_entry->pdev_id = wlan_objmgr_pdev_get_pdev_id(pdev);
2497 
2498 	recv_freq = rx_param->chan_freq;
2499 	/* Copy per chain rssi to scan entry */
2500 	qdf_mem_copy(scan_entry->per_chain_rssi, rx_param->rssi_ctl,
2501 		     WLAN_MGMT_TXRX_HOST_MAX_ANTENNA);
2502 	band_mask = BIT(wlan_reg_freq_to_band(recv_freq));
2503 
2504 	if (!wlan_psoc_nif_fw_ext_cap_get(wlan_pdev_get_psoc(pdev),
2505 					  WLAN_SOC_CEXT_HW_DB2DBM)) {
2506 		for (i = 0; i < WLAN_MGMT_TXRX_HOST_MAX_ANTENNA; i++) {
2507 			if (scan_entry->per_chain_rssi[i] !=
2508 			    WLAN_INVALID_PER_CHAIN_SNR)
2509 				scan_entry->per_chain_rssi[i] +=
2510 						WLAN_NOISE_FLOOR_DBM_DEFAULT;
2511 			else
2512 				scan_entry->per_chain_rssi[i] =
2513 						WLAN_INVALID_PER_CHAIN_RSSI;
2514 		}
2515 	}
2516 
2517 	/* store jiffies */
2518 	scan_entry->rrm_parent_tsf = (uint32_t)qdf_system_ticks();
2519 
2520 	scan_entry->bcn_int = le16toh(bcn->beacon_interval);
2521 
2522 	/*
2523 	 * In case if the beacon doesn't have
2524 	 * valid beacon interval falback to def
2525 	 */
2526 	if (!scan_entry->bcn_int)
2527 		scan_entry->bcn_int = 100;
2528 	scan_entry->cap_info.value = le16toh(bcn->capability.value);
2529 	qdf_mem_copy(scan_entry->tsf_info.data,
2530 		bcn->timestamp, 8);
2531 	scan_entry->erp = ERP_NON_ERP_PRESENT;
2532 
2533 	scan_entry->scan_entry_time =
2534 		qdf_mc_timer_get_system_time();
2535 
2536 	scan_entry->raw_frame.len = frame_len;
2537 	qdf_mem_copy(scan_entry->raw_frame.ptr,
2538 		frame, frame_len);
2539 	status = util_scan_populate_bcn_ie_list(pdev, scan_entry, &chan_freq,
2540 						band_mask);
2541 	if (QDF_IS_STATUS_ERROR(status)) {
2542 		qdf_mem_free(scan_entry->raw_frame.ptr);
2543 		qdf_mem_free(scan_entry);
2544 		return QDF_STATUS_E_FAILURE;
2545 	}
2546 
2547 	ssid = (struct ie_ssid *)
2548 		scan_entry->ie_list.ssid;
2549 
2550 	if (ssid && (ssid->ssid_len > WLAN_SSID_MAX_LEN)) {
2551 		qdf_mem_free(scan_entry->raw_frame.ptr);
2552 		qdf_mem_free(scan_entry);
2553 		return QDF_STATUS_E_FAILURE;
2554 	}
2555 
2556 	if (scan_entry->ie_list.p2p)
2557 		scan_entry->is_p2p = true;
2558 
2559 	if (!chan_freq && util_scan_entry_hecap(scan_entry)) {
2560 		status = util_scan_get_chan_from_he_6g_params(pdev, scan_entry,
2561 							      &chan_freq,
2562 							      &is_6g_dup_bcon,
2563 							      band_mask,
2564 							      recv_freq);
2565 		if (QDF_IS_STATUS_ERROR(status)) {
2566 			qdf_mem_free(scan_entry->raw_frame.ptr);
2567 			qdf_mem_free(scan_entry);
2568 			return QDF_STATUS_E_FAILURE;
2569 		}
2570 	}
2571 
2572 	if (chan_freq)
2573 		scan_entry->channel.chan_freq = chan_freq;
2574 
2575 	/* If no channel info is present in beacon use meta channel */
2576 	if (!scan_entry->channel.chan_freq) {
2577 		scan_entry->channel.chan_freq = recv_freq;
2578 	} else if (recv_freq !=
2579 	   scan_entry->channel.chan_freq) {
2580 		if (!wlan_reg_is_49ghz_freq(scan_entry->channel.chan_freq) &&
2581 		    !is_6g_dup_bcon)
2582 			scan_entry->channel_mismatch = true;
2583 	}
2584 
2585 	if (util_scan_is_hidden_ssid(ssid)) {
2586 		scan_entry->ie_list.ssid = NULL;
2587 		scan_entry->is_hidden_ssid = true;
2588 	} else {
2589 		qdf_mem_copy(scan_entry->ssid.ssid,
2590 				ssid->ssid, ssid->ssid_len);
2591 		scan_entry->ssid.length = ssid->ssid_len;
2592 		scan_entry->hidden_ssid_timestamp =
2593 			scan_entry->scan_entry_time;
2594 	}
2595 	qdf_mem_copy(&scan_entry->mbssid_info, mbssid_info,
2596 		     sizeof(scan_entry->mbssid_info));
2597 
2598 	scan_entry->phy_mode = util_scan_get_phymode(pdev, scan_entry);
2599 
2600 	scan_entry->nss = util_scan_scm_calc_nss_supported_by_ap(scan_entry);
2601 	scm_fill_adaptive_11r_cap(scan_entry);
2602 	util_scan_set_security(scan_entry);
2603 
2604 	util_scan_scm_update_bss_with_esp_data(scan_entry);
2605 	qbss_load = (struct qbss_load_ie *)
2606 			util_scan_entry_qbssload(scan_entry);
2607 	if (qbss_load)
2608 		scan_entry->qbss_chan_load = qbss_load->qbss_chan_load;
2609 
2610 	scan_node = qdf_mem_malloc_atomic(sizeof(*scan_node));
2611 	if (!scan_node) {
2612 		qdf_mem_free(scan_entry->raw_frame.ptr);
2613 		qdf_mem_free(scan_entry);
2614 		scm_err("failed to allocate memory for scan_node");
2615 		return QDF_STATUS_E_FAILURE;
2616 	}
2617 
2618 	util_scan_update_ml_info(pdev, scan_entry);
2619 
2620 	scan_node->entry = scan_entry;
2621 	qdf_list_insert_front(scan_list, &scan_node->node);
2622 
2623 	return status;
2624 }
2625 
2626 #ifdef WLAN_FEATURE_MBSSID
2627 /*
2628  * util_is_noninh_ie() - find the noninhertance information element
2629  * in the received frame's IE list, so that we can stop inheriting that IE
2630  * in the caller function.
2631  *
2632  * @elem_id: Element ID in the received frame's IE, which is being processed.
2633  * @non_inh_list: pointer to the non inherited list of element IDs or
2634  *                list of extension element IDs.
2635  * @len: Length of non inheritance IE list
2636  *
2637  * Return: False if the element ID is not found or else return true
2638  */
util_is_noninh_ie(uint8_t elem_id,uint8_t * non_inh_list,int8_t len)2639 static bool util_is_noninh_ie(uint8_t elem_id,
2640 			      uint8_t *non_inh_list,
2641 			      int8_t len)
2642 {
2643 	int count;
2644 
2645 	for (count = 0; count < len; count++) {
2646 		if (elem_id == non_inh_list[count])
2647 			return true;
2648 	}
2649 
2650 	return false;
2651 }
2652 
2653 /*
2654  * util_scan_find_noninheritance_ie() - find noninheritance information element
2655  * This block of code is to identify if there is any non-inheritance element
2656  * present as part of the nontransmitted BSSID profile.
2657  * @elem_id: element id
2658  * @ies: pointer consisting of IEs
2659  * @len: IE length
2660  *
2661  * Return: NULL if the element ID is not found or if IE pointer is NULL else
2662  * pointer to the first byte of the requested element
2663  */
2664 static uint8_t
util_scan_find_noninheritance_ie(uint8_t elem_id,uint8_t * ies,int32_t len)2665 *util_scan_find_noninheritance_ie(uint8_t elem_id, uint8_t *ies,
2666 				  int32_t len)
2667 {
2668 	if (!ies)
2669 		return NULL;
2670 
2671 	while ((len >= MIN_IE_LEN + 1) && len >= ies[TAG_LEN_POS] + MIN_IE_LEN)
2672 	{
2673 		if ((ies[ID_POS] == elem_id) &&
2674 		    (ies[ELEM_ID_EXTN_POS] ==
2675 		     WLAN_EXTN_ELEMID_NONINHERITANCE)) {
2676 			return ies;
2677 		}
2678 		len -= ies[TAG_LEN_POS] + MIN_IE_LEN;
2679 		ies += ies[TAG_LEN_POS] + MIN_IE_LEN;
2680 	}
2681 
2682 	return NULL;
2683 }
2684 #endif
2685 
2686 /*
2687  * util_scan_find_ie() - find information element
2688  * @eid: element id
2689  * @ies: pointer consisting of IEs
2690  * @len: IE length
2691  *
2692  * Return: NULL if the element ID is not found or if IE pointer is NULL else
2693  * pointer to the first byte of the requested element
2694  */
util_scan_find_ie(uint8_t eid,uint8_t * ies,int32_t len)2695 static uint8_t *util_scan_find_ie(uint8_t eid, uint8_t *ies,
2696 				  int32_t len)
2697 {
2698 	if (!ies)
2699 		return NULL;
2700 
2701 	while (len >= 2 && len >= ies[1] + 2) {
2702 		if (ies[0] == eid)
2703 			return ies;
2704 		len -= ies[1] + 2;
2705 		ies += ies[1] + 2;
2706 	}
2707 
2708 	return NULL;
2709 }
2710 
2711 #ifdef WLAN_FEATURE_MBSSID
util_gen_new_bssid(uint8_t * bssid,uint8_t max_bssid,uint8_t mbssid_index,uint8_t * new_bssid_addr)2712 static void util_gen_new_bssid(uint8_t *bssid, uint8_t max_bssid,
2713 			       uint8_t mbssid_index,
2714 			       uint8_t *new_bssid_addr)
2715 {
2716 	uint8_t lsb_n;
2717 	int i;
2718 
2719 	for (i = 0; i < QDF_MAC_ADDR_SIZE; i++)
2720 		new_bssid_addr[i] = bssid[i];
2721 
2722 	lsb_n = new_bssid_addr[5] & ((1 << max_bssid) - 1);
2723 
2724 	new_bssid_addr[5] &= ~((1 << max_bssid) - 1);
2725 	new_bssid_addr[5] |= (lsb_n + mbssid_index) % (1 << max_bssid);
2726 }
2727 
2728 /*
2729  * util_parse_noninheritance_list() - This block of code will be executed only
2730  * if there is a valid non inheritance IE present in the nontx profile.
2731  * Host need not inherit those list of element IDs and list of element ID
2732  * extensions from the transmitted BSSID profile.
2733  * Since non-inheritance element is an element ID extension, it should
2734  * be part of extension element. So first we need to find if there are
2735  * any extension element present in the nontransmitted BSSID profile.
2736  * @extn_elem: If valid, it points to the element ID field of
2737  * extension element tag in the nontransmitted BSSID profile.
2738  * It may or may not have non inheritance tag present.
2739  *      _____________________________________________
2740  *     |         |       |       |List of|List of    |
2741  *     | Element |Length |Element|Element|Element ID |
2742  *     |  ID     |       |ID extn| IDs   |Extension  |
2743  *     |_________|_______|_______|_______|___________|
2744  * List of Element IDs:
2745  *      __________________
2746  *     |         |        |
2747  *     |  Length |Element |
2748  *     |         |ID List |
2749  *     |_________|________|
2750  * List of Element ID Extensions:
2751  *      __________________________
2752  *     |         |                |
2753  *     |  Length |Element ID      |
2754  *     |         |extension List  |
2755  *     |_________|________________|
2756  * @elem_list: Element ID list
2757  * @extn_elem_list: Element ID exiension list
2758  * @non_inheritance_ie: Non inheritance IE information
2759  */
2760 
util_parse_noninheritance_list(uint8_t * extn_elem,uint8_t ** elem_list,uint8_t ** extn_elem_list,struct non_inheritance_ie * ninh)2761 static void util_parse_noninheritance_list(uint8_t *extn_elem,
2762 					   uint8_t **elem_list,
2763 					   uint8_t **extn_elem_list,
2764 					   struct non_inheritance_ie *ninh)
2765 {
2766 	int8_t extn_rem_len = 0;
2767 
2768 	if (extn_elem[ELEM_ID_LIST_LEN_POS] < extn_elem[TAG_LEN_POS]) {
2769 		/*
2770 		 * extn_rem_len represents the number of bytes after
2771 		 * the length subfield of list of Element IDs.
2772 		 * So here, extn_rem_len should be equal to
2773 		 * Element ID list + Length subfield of Element ID
2774 		 * extension list + Element ID extension list.
2775 		 *
2776 		 * Here we have taken two pointers pointing to the
2777 		 * element ID list and element ID extension list
2778 		 * which we will use to detect the same elements
2779 		 * in the transmitted BSSID profile and choose not
2780 		 * to inherit those elements while constructing the
2781 		 * frame for nontransmitted BSSID profile.
2782 		 */
2783 		extn_rem_len = extn_elem[TAG_LEN_POS] - MIN_IE_LEN;
2784 		ninh->non_inherit = true;
2785 
2786 		if (extn_rem_len && extn_elem[ELEM_ID_LIST_LEN_POS]) {
2787 			if (extn_rem_len >= extn_elem[ELEM_ID_LIST_LEN_POS]) {
2788 				ninh->list_len =
2789 					extn_elem[ELEM_ID_LIST_LEN_POS];
2790 				*elem_list = extn_elem + ELEM_ID_LIST_POS;
2791 				extn_rem_len -= ninh->list_len;
2792 			} else {
2793 				/*
2794 				 * Corrupt frame. length subfield of
2795 				 * element ID list is greater than
2796 				 * what it should be. Go ahead with
2797 				 * frame generation but do not honour
2798 				 * the non inheritance part. Also, mark
2799 				 * the element ID in subcopy as 0, so
2800 				 * that this element info will not
2801 				 * be copied.
2802 				 */
2803 				ninh->non_inherit = false;
2804 				extn_elem[0] = 0;
2805 			}
2806 		}
2807 
2808 		extn_rem_len--;
2809 		if (extn_rem_len > 0) {
2810 			if (!ninh->list_len) {
2811 				ninh->extn_len =
2812 					extn_elem[ELEM_ID_LIST_LEN_POS + 1];
2813 			} else {
2814 				ninh->extn_len =
2815 					extn_elem[ELEM_ID_LIST_POS +
2816 					ninh->list_len];
2817 			}
2818 
2819 			if (extn_rem_len != ninh->extn_len) {
2820 				/*
2821 				 * Corrupt frame. length subfield of
2822 				 * element ID extn list is not
2823 				 * what it should be. Go ahead with
2824 				 * frame generation but do not honour
2825 				 * the non inheritance part. Also, mark
2826 				 * the element ID in subcopy as 0, so
2827 				 * that this element info will not
2828 				 * be copied.
2829 				 */
2830 				ninh->non_inherit = false;
2831 				extn_elem[0] = 0;
2832 			}
2833 
2834 			if (ninh->extn_len) {
2835 				*extn_elem_list =
2836 					(extn_elem + ninh->list_len +
2837 					 ELEM_ID_LIST_POS + 1);
2838 			}
2839 		}
2840 	}
2841 }
2842 
2843 #ifdef WLAN_FEATURE_11BE_MLO
2844 /**
2845  * util_handle_rnr_ie_for_mbssid() - parse and modify RNR IE for MBSSID feature
2846  * @rnr: The pointer to RNR IE
2847  * @bssid_index: BSSID index from MBSSID index IE
2848  * @pos: The buffer pointer to save the transformed RNR IE, caller is expected
2849  *       to supply a buffer that is at least as big as @rnr
2850  *
2851  * Per the description about Neighbor AP Information field about MLD
2852  * parameters subfield in section 9.4.2.170.2 of Draft P802.11be_D1.4.
2853  * If the reported AP is affiliated with the same MLD of the reporting AP,
2854  * the TBTT information is skipped; If the reported AP is affiliated with
2855  * the same MLD of the nontransmitted BSSID, the TBTT information is
2856  * copied and the MLD ID is changed to 0.
2857  *
2858  * Return: Length of the element written to @pos
2859  */
util_handle_rnr_ie_for_mbssid(const uint8_t * rnr,uint8_t bssid_index,uint8_t * pos)2860 static int util_handle_rnr_ie_for_mbssid(const uint8_t *rnr,
2861 					 uint8_t bssid_index, uint8_t *pos)
2862 {
2863 	size_t rnr_len;
2864 	const uint8_t *data, *rnr_end;
2865 	uint8_t *rnr_new;
2866 	struct neighbor_ap_info_field *neighbor_ap_info;
2867 	struct rnr_mld_info *mld_param;
2868 	uint8_t tbtt_type, tbtt_len, tbtt_count;
2869 	uint8_t mld_pos, mld_id;
2870 	int32_t i, copy_len;
2871 	/* The count of TBTT info field whose MLD ID equals to 0 in a neighbor
2872 	 * AP information field.
2873 	 */
2874 	uint32_t tbtt_info_field_count;
2875 	/* The total bytes of TBTT info fields whose MLD ID equals to 0 in
2876 	 * current RNR IE.
2877 	 */
2878 	uint32_t tbtt_info_field_len = 0;
2879 	uint8_t nbr_ap_info_len = sizeof(struct neighbor_ap_info_field);
2880 
2881 	rnr_len = rnr[TAG_LEN_POS];
2882 	rnr_end = rnr + rnr_len + MIN_IE_LEN;
2883 	rnr_new = pos;
2884 	qdf_mem_copy(pos, rnr, MIN_IE_LEN);
2885 	pos += MIN_IE_LEN;
2886 
2887 	data = rnr + PAYLOAD_START_POS;
2888 	while (data + sizeof(struct neighbor_ap_info_field) <= rnr_end) {
2889 		neighbor_ap_info = (struct neighbor_ap_info_field *)data;
2890 		tbtt_count = neighbor_ap_info->tbtt_header.tbtt_info_count;
2891 		tbtt_len = neighbor_ap_info->tbtt_header.tbtt_info_length;
2892 		tbtt_type = neighbor_ap_info->tbtt_header.tbbt_info_fieldtype;
2893 		scm_debug("channel number %d, op class %d, bssid_index %d",
2894 			  neighbor_ap_info->channel_number,
2895 			  neighbor_ap_info->operting_class, bssid_index);
2896 		scm_debug("tbtt_count %d, tbtt_length %d, tbtt_type %d",
2897 			  tbtt_count, tbtt_len, tbtt_type);
2898 
2899 		copy_len = tbtt_len * (tbtt_count + 1) +
2900 			   nbr_ap_info_len;
2901 		if (data + copy_len > rnr_end)
2902 			return 0;
2903 
2904 		if (tbtt_len >=
2905 		    TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM_20MHZ_PSD_MLD_PARAM)
2906 			mld_pos =
2907 			     TBTT_NEIGHBOR_AP_BSSID_S_SSID_BSS_PARAM_20MHZ_PSD;
2908 		else
2909 			mld_pos = 0;
2910 
2911 		/* If MLD params do not exist, copy this neighbor AP
2912 		 * information field.
2913 		 * Per Draft P802.11be_D1.4, tbtt_type value 1, 2 and 3
2914 		 * are reserved,
2915 		 */
2916 		if (mld_pos == 0 || tbtt_type != 0) {
2917 			scm_debug("no MLD params, tbtt_type %d", tbtt_type);
2918 			qdf_mem_copy(pos, data, copy_len);
2919 			pos += copy_len;
2920 			data += copy_len;
2921 			continue;
2922 		}
2923 
2924 		qdf_mem_copy(pos, data, nbr_ap_info_len);
2925 		neighbor_ap_info = (struct neighbor_ap_info_field *)pos;
2926 		pos += nbr_ap_info_len;
2927 		data += nbr_ap_info_len;
2928 
2929 		tbtt_info_field_count = 0;
2930 		for (i = 0; i < tbtt_count + 1; i++) {
2931 			mld_param = (struct rnr_mld_info *)&data[mld_pos];
2932 			mld_id = mld_param->mld_id;
2933 
2934 			/* Refer to Draft P802.11be_D1.4
2935 			 * 9.4.2.170.2 Neighbor AP Information field about
2936 			 * MLD parameters subfield
2937 			 */
2938 			if (mld_id == 0) {
2939 				/* Skip this TBTT information since this
2940 				 * reported AP is affiliated with the same MLD
2941 				 * of the reporting AP who sending the frame
2942 				 * carrying this element.
2943 				 */
2944 				tbtt_info_field_len += tbtt_len;
2945 				data += tbtt_len;
2946 				tbtt_info_field_count++;
2947 			} else if (mld_id == bssid_index) {
2948 				/* Copy this TBTT information and change MLD
2949 				 * to 0 as this reported AP is affiliated with
2950 				 * the same MLD of the nontransmitted BSSID.
2951 				 */
2952 				qdf_mem_copy(pos, data, tbtt_len);
2953 				mld_param =
2954 					(struct rnr_mld_info *)&pos[mld_pos];
2955 				scm_debug("change MLD ID from %d to 0",
2956 					  mld_param->mld_id);
2957 				mld_param->mld_id = 0;
2958 				data += tbtt_len;
2959 				pos += tbtt_len;
2960 			} else {
2961 				qdf_mem_copy(pos, data, tbtt_len);
2962 				data += tbtt_len;
2963 				pos += tbtt_len;
2964 			}
2965 		}
2966 
2967 		scm_debug("skip %d neighbor info", tbtt_info_field_count);
2968 		if (tbtt_info_field_count == (tbtt_count + 1)) {
2969 			/* If all the TBTT information are skipped, then also
2970 			 * revert the neighbor AP info which has been copied.
2971 			 */
2972 			pos -= nbr_ap_info_len;
2973 			tbtt_info_field_len += nbr_ap_info_len;
2974 		} else {
2975 			neighbor_ap_info->tbtt_header.tbtt_info_count -=
2976 							tbtt_info_field_count;
2977 		}
2978 	}
2979 
2980 	rnr_new[TAG_LEN_POS] = rnr_len - tbtt_info_field_len;
2981 	if (rnr_new[TAG_LEN_POS] > 0)
2982 		rnr_len = rnr_new[TAG_LEN_POS] + MIN_IE_LEN;
2983 	else
2984 		rnr_len = 0;
2985 
2986 	return rnr_len;
2987 }
2988 #else
util_handle_rnr_ie_for_mbssid(const uint8_t * rnr,uint8_t bssid_index,uint8_t * pos)2989 static int util_handle_rnr_ie_for_mbssid(const uint8_t *rnr,
2990 					 uint8_t bssid_index, uint8_t *pos)
2991 {
2992 	return 0;
2993 }
2994 #endif
2995 
2996 #ifdef WLAN_FEATURE_ACTION_OUI
util_copy_reporting_ap_vendor_ies(struct wlan_objmgr_psoc * psoc,const uint8_t * ie,uint32_t ie_len,uint8_t * buf_ie)2997 static uint8_t *util_copy_reporting_ap_vendor_ies(struct wlan_objmgr_psoc *psoc,
2998 						  const uint8_t *ie,
2999 						  uint32_t ie_len,
3000 						  uint8_t *buf_ie)
3001 {
3002 	struct action_oui_search_attr attr = {0};
3003 	enum action_oui_id oui_id = ACTION_OUI_RESTRICT_MAX_MLO_LINKS;
3004 
3005 	attr.ie_data = (uint8_t *)ie;
3006 	attr.ie_length = ie_len;
3007 
3008 	if (wlan_action_oui_search(psoc, &attr, oui_id)) {
3009 		qdf_mem_copy(buf_ie, ie, ie_len);
3010 		buf_ie += ie_len;
3011 	}
3012 
3013 	return buf_ie;
3014 }
3015 #else
3016 static inline uint8_t *
util_copy_reporting_ap_vendor_ies(struct wlan_objmgr_psoc * psoc,const uint8_t * ie,uint32_t ie_len,uint8_t * buf_ie)3017 util_copy_reporting_ap_vendor_ies(struct wlan_objmgr_psoc *psoc,
3018 				  const uint8_t *ie, uint32_t ie_len,
3019 				  uint8_t *buf_ie)
3020 {
3021 	return buf_ie;
3022 }
3023 #endif
3024 
util_gen_new_ie(struct wlan_objmgr_pdev * pdev,uint8_t * ie,uint32_t ielen,uint8_t * subelement,size_t subie_len,uint8_t * new_ie,uint8_t bssid_index)3025 static uint32_t util_gen_new_ie(struct wlan_objmgr_pdev *pdev,
3026 				uint8_t *ie, uint32_t ielen,
3027 				uint8_t *subelement,
3028 				size_t subie_len, uint8_t *new_ie,
3029 				uint8_t bssid_index)
3030 {
3031 	struct wlan_objmgr_psoc *psoc;
3032 	uint8_t *pos, *tmp;
3033 	const uint8_t *tmp_old, *tmp_new;
3034 	uint8_t *sub_copy, *extn_elem = NULL;
3035 	struct non_inheritance_ie ninh = {0};
3036 	uint8_t *elem_list = NULL, *extn_elem_list = NULL;
3037 	size_t tmp_rem_len;
3038 
3039 	psoc = wlan_pdev_get_psoc(pdev);
3040 	if (!psoc) {
3041 		scm_err("NULL PSOC");
3042 		return 0;
3043 	}
3044 
3045 	/* copy subelement as we need to change its content to
3046 	 * mark an ie after it is processed.
3047 	 */
3048 	sub_copy = qdf_mem_malloc(subie_len);
3049 	if (!sub_copy)
3050 		return 0;
3051 	qdf_mem_copy(sub_copy, subelement, subie_len);
3052 
3053 	pos = &new_ie[0];
3054 
3055 	/* new ssid */
3056 	tmp_new = util_scan_find_ie(WLAN_ELEMID_SSID, sub_copy, subie_len);
3057 	if (tmp_new) {
3058 		scm_debug(" SSID " QDF_SSID_FMT,
3059 			  QDF_SSID_REF(tmp_new[1],
3060 				       &tmp_new[PAYLOAD_START_POS]));
3061 		if ((pos + tmp_new[1] + MIN_IE_LEN) <=
3062 		    (new_ie + ielen)) {
3063 			qdf_mem_copy(pos, tmp_new,
3064 				     (tmp_new[1] + MIN_IE_LEN));
3065 			pos += (tmp_new[1] + MIN_IE_LEN);
3066 		}
3067 	}
3068 
3069 	extn_elem = util_scan_find_noninheritance_ie(WLAN_ELEMID_EXTN_ELEM,
3070 						     sub_copy, subie_len);
3071 
3072 	if (extn_elem && extn_elem[TAG_LEN_POS] >= VALID_ELEM_LEAST_LEN) {
3073 		if (((extn_elem + extn_elem[1] + MIN_IE_LEN) - sub_copy)
3074 		    < subie_len)
3075 			util_parse_noninheritance_list(extn_elem, &elem_list,
3076 						       &extn_elem_list, &ninh);
3077 	}
3078 
3079 	/* go through IEs in ie (skip SSID) and subelement,
3080 	 * merge them into new_ie
3081 	 */
3082 	tmp_old = util_scan_find_ie(WLAN_ELEMID_SSID, ie, ielen);
3083 	tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + MIN_IE_LEN : ie;
3084 
3085 	if (((tmp_old + MIN_IE_LEN) - ie) >= ielen) {
3086 		qdf_mem_free(sub_copy);
3087 		return 0;
3088 	}
3089 
3090 	while (((tmp_old + tmp_old[1] + MIN_IE_LEN) - ie) <= ielen) {
3091 		ninh.non_inh_ie_found = 0;
3092 		if (ninh.non_inherit) {
3093 			if (ninh.list_len) {
3094 				ninh.non_inh_ie_found =
3095 					util_is_noninh_ie(tmp_old[0],
3096 							  elem_list,
3097 							  ninh.list_len);
3098 			}
3099 
3100 			if (!ninh.non_inh_ie_found &&
3101 			    ninh.extn_len &&
3102 			    (tmp_old[0] == WLAN_ELEMID_EXTN_ELEM)) {
3103 				ninh.non_inh_ie_found =
3104 					util_is_noninh_ie(tmp_old[2],
3105 							  extn_elem_list,
3106 							  ninh.extn_len);
3107 			}
3108 		}
3109 
3110 		if (ninh.non_inh_ie_found || (tmp_old[0] == 0)) {
3111 			if (((tmp_old + tmp_old[1] + MIN_IE_LEN) - ie) >=
3112 			    (ielen - MIN_IE_LEN))
3113 				break;
3114 			tmp_old += tmp_old[1] + MIN_IE_LEN;
3115 			continue;
3116 		}
3117 
3118 		tmp = (uint8_t *)util_scan_find_ie(tmp_old[0], sub_copy,
3119 						   subie_len);
3120 		if (!tmp) {
3121 			/* ie in old ie but not in subelement */
3122 			if (tmp_old[0] == WLAN_ELEMID_REDUCED_NEIGHBOR_REPORT) {
3123 				/* handle rnr ie for mbssid*/
3124 				pos +=
3125 				    util_handle_rnr_ie_for_mbssid(tmp_old,
3126 								  bssid_index,
3127 								  pos);
3128 			} else if (tmp_old[0] != WLAN_ELEMID_MULTIPLE_BSSID) {
3129 				if ((pos + tmp_old[1] + MIN_IE_LEN) <=
3130 				    (new_ie + ielen)) {
3131 					qdf_mem_copy(pos, tmp_old,
3132 						     (tmp_old[1] +
3133 						      MIN_IE_LEN));
3134 					pos += tmp_old[1] + MIN_IE_LEN;
3135 				}
3136 			}
3137 		} else {
3138 			/* ie in transmitting ie also in subelement,
3139 			 * copy from subelement and flag the ie in subelement
3140 			 * as copied (by setting eid field to 0xff).
3141 			 * To determine if the vendor ies are same:
3142 			 * 1. For Cisco OUI, compare only OUI + type
3143 			 * 2. For other OUI, compare OUI + type + subType
3144 			 */
3145 			tmp_rem_len = subie_len - (tmp - sub_copy);
3146 			if (tmp_old[0] == WLAN_ELEMID_VENDOR &&
3147 			    tmp_rem_len >= MIN_VENDOR_TAG_LEN) {
3148 				/*
3149 				 * In order to identify few Vendor APs the
3150 				 * generated frame should contain the reporting
3151 				 * APs matching VSIE or else the entry generated
3152 				 * will not have this VSIE and logic kept to
3153 				 * take certain action on specific Vendor APs
3154 				 * will fail.
3155 				 */
3156 				pos = util_copy_reporting_ap_vendor_ies(psoc,
3157 									tmp_old,
3158 									tmp_old[1] + MIN_IE_LEN,
3159 									pos);
3160 				/* If Vendor IE also presents in STA profile,
3161 				 * then ignore the Vendor IE which is for
3162 				 * reporting STA. It only needs to copy Vendor
3163 				 * IE from STA profile for reported BSSID.
3164 				 * The copy happens when going through the
3165 				 * remaining IEs.
3166 				 */
3167 			} else if (tmp_old[0] == WLAN_ELEMID_EXTN_ELEM &&
3168 				   tmp_rem_len >= (MIN_IE_LEN + 1)) {
3169 				if (tmp_old[PAYLOAD_START_POS] ==
3170 				    tmp[PAYLOAD_START_POS]) {
3171 					/* same ie, copy from subelement */
3172 					if ((pos + tmp[1] + MIN_IE_LEN) <=
3173 					    (new_ie + ielen)) {
3174 						qdf_mem_copy(pos, tmp,
3175 							     tmp[1] +
3176 							     MIN_IE_LEN);
3177 						pos += tmp[1] + MIN_IE_LEN;
3178 						tmp[0] = 0;
3179 					}
3180 				} else {
3181 					if ((pos + tmp_old[1] + MIN_IE_LEN) <=
3182 					    (new_ie + ielen)) {
3183 						qdf_mem_copy(pos, tmp_old,
3184 							     tmp_old[1] +
3185 							     MIN_IE_LEN);
3186 						pos += tmp_old[1] +
3187 							MIN_IE_LEN;
3188 					}
3189 				}
3190 
3191 			} else {
3192 				/* copy ie from subelement into new ie */
3193 				if ((pos + tmp[1] + MIN_IE_LEN) <=
3194 				    (new_ie + ielen)) {
3195 					qdf_mem_copy(pos, tmp,
3196 						     tmp[1] + MIN_IE_LEN);
3197 					pos += tmp[1] + MIN_IE_LEN;
3198 					tmp[0] = 0;
3199 				}
3200 			}
3201 		}
3202 
3203 		if (((tmp_old + tmp_old[1] + MIN_IE_LEN) - ie) >=
3204 		    (ielen - MIN_IE_LEN))
3205 			break;
3206 
3207 		tmp_old += tmp_old[1] + MIN_IE_LEN;
3208 	}
3209 
3210 	/* go through subelement again to check if there is any ie not
3211 	 * copied to new ie, skip ssid, capability, bssid-index ie
3212 	 */
3213 	tmp_new = sub_copy;
3214 	while ((subie_len > 0) &&
3215 	       (((tmp_new + tmp_new[1] + MIN_IE_LEN) - sub_copy) <=
3216 		subie_len)) {
3217 		if (!(tmp_new[0] == WLAN_ELEMID_NONTX_BSSID_CAP ||
3218 		      tmp_new[0] == WLAN_ELEMID_SSID ||
3219 		      tmp_new[0] == WLAN_ELEMID_MULTI_BSSID_IDX ||
3220 		      ((tmp_new[0] == WLAN_ELEMID_EXTN_ELEM) &&
3221 		       (tmp_new[2] == WLAN_EXTN_ELEMID_NONINHERITANCE)))) {
3222 			if ((pos + tmp_new[1] + MIN_IE_LEN) <=
3223 			    (new_ie + ielen)) {
3224 				qdf_mem_copy(pos, tmp_new,
3225 					     tmp_new[1] + MIN_IE_LEN);
3226 				pos += tmp_new[1] + MIN_IE_LEN;
3227 			}
3228 		}
3229 		if (((tmp_new + tmp_new[1] + MIN_IE_LEN) - sub_copy) >=
3230 		    (subie_len - 1))
3231 			break;
3232 		tmp_new += tmp_new[1] + MIN_IE_LEN;
3233 	}
3234 
3235 	qdf_mem_free(sub_copy);
3236 
3237 	if (pos > new_ie)
3238 		return pos - new_ie;
3239 	else
3240 		return 0;
3241 }
3242 
3243 static enum nontx_profile_reasoncode
util_handle_nontx_prof(uint8_t * mbssid_elem,uint8_t * subelement,uint8_t * next_subelement,struct scan_mbssid_info * mbssid_info,char * bssid,char * new_bssid)3244 util_handle_nontx_prof(uint8_t *mbssid_elem, uint8_t *subelement,
3245 		       uint8_t *next_subelement,
3246 		       struct scan_mbssid_info *mbssid_info,
3247 		       char *bssid, char *new_bssid)
3248 {
3249 	uint8_t *mbssid_index_ie;
3250 	uint32_t prof_len;
3251 
3252 	prof_len = subelement[TAG_LEN_POS];
3253 	/*
3254 	 * If we are executing the split portion of the nontx
3255 	 * profile present in the subsequent MBSSID, then there
3256 	 * is no need of any sanity check for valid BSS profile
3257 	 */
3258 
3259 	if (mbssid_info->split_prof_continue) {
3260 		if ((subelement[ID_POS] != 0) ||
3261 		    (subelement[TAG_LEN_POS] < SPLIT_PROF_DATA_LEAST_LEN)) {
3262 			return INVALID_SPLIT_PROF;
3263 		}
3264 	} else {
3265 		if ((subelement[ID_POS] != 0) ||
3266 		    (subelement[TAG_LEN_POS] < VALID_ELEM_LEAST_LEN)) {
3267 			/* not a valid BSS profile */
3268 			return INVALID_NONTX_PROF;
3269 		}
3270 	}
3271 
3272 	if (mbssid_info->split_profile) {
3273 		if (next_subelement[PAYLOAD_START_POS] !=
3274 		    WLAN_ELEMID_NONTX_BSSID_CAP) {
3275 			mbssid_info->prof_residue = true;
3276 		}
3277 	}
3278 
3279 	if (!mbssid_info->split_prof_continue &&
3280 	    ((subelement[PAYLOAD_START_POS] != WLAN_ELEMID_NONTX_BSSID_CAP) ||
3281 	     (subelement[NONTX_BSSID_CAP_TAG_LEN_POS] != CAP_INFO_LEN))) {
3282 		/* The first element within the Nontransmitted
3283 		 * BSSID Profile is not the Nontransmitted
3284 		 * BSSID Capability element.
3285 		 */
3286 		return INVALID_NONTX_PROF;
3287 	}
3288 
3289 	/* found a Nontransmitted BSSID Profile */
3290 	mbssid_index_ie =
3291 		util_scan_find_ie(WLAN_ELEMID_MULTI_BSSID_IDX,
3292 				  (subelement + PAYLOAD_START_POS), prof_len);
3293 
3294 	if (!mbssid_index_ie) {
3295 		if (!mbssid_info->prof_residue)
3296 			return INVALID_NONTX_PROF;
3297 
3298 		mbssid_info->skip_bssid_copy = true;
3299 	} else if ((mbssid_index_ie[TAG_LEN_POS] < 1) ||
3300 		   (mbssid_index_ie[BSS_INDEX_POS] == 0)) {
3301 		/* No valid Multiple BSSID-Index element */
3302 		return INVALID_NONTX_PROF;
3303 	}
3304 
3305 	if (!mbssid_info->skip_bssid_copy) {
3306 		qdf_mem_copy(mbssid_info->trans_bssid,
3307 			     bssid, QDF_MAC_ADDR_SIZE);
3308 		mbssid_info->profile_num =
3309 			mbssid_index_ie[BSS_INDEX_POS];
3310 		util_gen_new_bssid(bssid,
3311 				   mbssid_elem[MBSSID_INDICATOR_POS],
3312 				   mbssid_index_ie[BSS_INDEX_POS],
3313 				   new_bssid);
3314 		qdf_mem_copy(mbssid_info->non_trans_bssid, new_bssid,
3315 			     QDF_MAC_ADDR_SIZE);
3316 	}
3317 	/* In single MBSS IE, there could be subelement holding
3318 	 * remaining vendor IEs of non tx profile from last MBSS IE
3319 	 * [split profile] and new non tx profile, hence reset
3320 	 * skip_bssid_copy flag after each subelement processing
3321 	 */
3322 	mbssid_info->skip_bssid_copy = false;
3323 	return VALID_NONTX_PROF;
3324 }
3325 
3326 /*
3327  * What's split profile:
3328  *  If any nontransmitted BSSID profile is fragmented across
3329  * multiple MBSSID elements, then it is called split profile.
3330  * For a split profile to exist we need to have at least two
3331  * MBSSID elements as part of the RX beacon or probe response
3332  * Hence, first we need to identify the next MBSSID element
3333  * and check for the 5th bit from the starting of the next
3334  * MBSSID IE and if it does not have Nontransmitted BSSID
3335  * capability element, then it's a split profile case.
3336  */
util_scan_is_split_prof_found(uint8_t * next_elem,uint8_t * ie,uint32_t ielen)3337 static bool util_scan_is_split_prof_found(uint8_t *next_elem,
3338 					  uint8_t *ie, uint32_t ielen)
3339 {
3340 	uint8_t *next_mbssid_elem;
3341 
3342 	if ((next_elem + MIN_IE_LEN + VALID_ELEM_LEAST_LEN) > (ie + ielen))
3343 		return false;
3344 
3345 	if (next_elem[0] == WLAN_ELEMID_MULTIPLE_BSSID) {
3346 		if ((next_elem[TAG_LEN_POS] >= VALID_ELEM_LEAST_LEN) &&
3347 		    (next_elem[SUBELEM_DATA_POS_FROM_MBSSID] !=
3348 		     WLAN_ELEMID_NONTX_BSSID_CAP)) {
3349 			return true;
3350 		}
3351 	} else {
3352 		next_mbssid_elem =
3353 			util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
3354 					  next_elem,
3355 					  ielen - (next_elem - ie));
3356 		if (!next_mbssid_elem)
3357 			return false;
3358 
3359 		if ((next_mbssid_elem[TAG_LEN_POS] >= VALID_ELEM_LEAST_LEN) &&
3360 		    (next_mbssid_elem[SUBELEM_DATA_POS_FROM_MBSSID] !=
3361 		     WLAN_ELEMID_NONTX_BSSID_CAP)) {
3362 			return true;
3363 		}
3364 	}
3365 
3366 	return false;
3367 }
3368 
util_scan_parse_mbssid(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list)3369 static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
3370 					 uint8_t *frame, qdf_size_t frame_len,
3371 					 uint32_t frm_subtype,
3372 					 struct mgmt_rx_event_params *rx_param,
3373 					 qdf_list_t *scan_list)
3374 {
3375 	struct wlan_scan_obj *scan_obj;
3376 	struct wlan_bcn_frame *bcn;
3377 	struct wlan_frame_hdr *hdr;
3378 	struct scan_mbssid_info mbssid_info = {0};
3379 	QDF_STATUS status;
3380 	uint8_t *pos, *subelement, *next_elem;
3381 	uint8_t *mbssid_elem;
3382 	uint32_t subie_len, new_ie_len, ielen;
3383 	uint8_t *next_subelement = NULL;
3384 	uint8_t new_bssid[QDF_MAC_ADDR_SIZE], bssid[QDF_MAC_ADDR_SIZE];
3385 	uint8_t *new_ie, *split_prof_start = NULL, *split_prof_end = NULL;
3386 	uint8_t *ie, *new_frame = NULL;
3387 	int new_frame_len = 0, split_prof_len = 0;
3388 	enum nontx_profile_reasoncode retval;
3389 	uint8_t *nontx_profile = NULL;
3390 
3391 	scan_obj = wlan_pdev_get_scan_obj(pdev);
3392 	if (!scan_obj)
3393 		return QDF_STATUS_E_INVAL;
3394 
3395 	hdr = (struct wlan_frame_hdr *)frame;
3396 	bcn = (struct wlan_bcn_frame *)(frame + sizeof(struct wlan_frame_hdr));
3397 	ie = (uint8_t *)&bcn->ie;
3398 	ielen = (uint16_t)(frame_len -
3399 			   sizeof(struct wlan_frame_hdr) -
3400 			   offsetof(struct wlan_bcn_frame, ie));
3401 	qdf_mem_copy(bssid, hdr->i_addr3, QDF_MAC_ADDR_SIZE);
3402 
3403 	if (!util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID, ie, ielen))
3404 		return QDF_STATUS_E_FAILURE;
3405 
3406 	pos = ie;
3407 
3408 	new_ie = qdf_mem_malloc(ielen);
3409 	if (!new_ie)
3410 		return QDF_STATUS_E_NOMEM;
3411 
3412 	while (pos < (ie + ielen + MIN_IE_LEN)) {
3413 		mbssid_elem =
3414 			util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID, pos,
3415 					  ielen - (pos - ie));
3416 		if (!mbssid_elem)
3417 			break;
3418 
3419 		/*
3420 		 * The max_bssid_indicator field is mandatory, therefore the
3421 		 * length of the MBSSID element should atleast be 1.
3422 		 */
3423 		if (!mbssid_elem[TAG_LEN_POS]) {
3424 			scm_debug_rl("MBSSID IE is of length zero");
3425 			break;
3426 		}
3427 
3428 		mbssid_info.profile_count =
3429 			(1 << mbssid_elem[MBSSID_INDICATOR_POS]);
3430 
3431 		next_elem =
3432 			mbssid_elem + mbssid_elem[TAG_LEN_POS] + MIN_IE_LEN;
3433 
3434 		/* Skip Element ID, Len, MaxBSSID Indicator */
3435 		if (!mbssid_info.split_profile &&
3436 		    (mbssid_elem[TAG_LEN_POS] < VALID_ELEM_LEAST_LEN)) {
3437 			break;
3438 		}
3439 
3440 		/*
3441 		 * Find if the next IE is MBSSID, if not, then scan through
3442 		 * the IE list and find the next MBSSID tag, if present.
3443 		 * Once we find the MBSSID tag, check if this MBSSID tag has
3444 		 * the other fragmented part of the non Tx profile.
3445 		 */
3446 
3447 		mbssid_info.split_profile =
3448 			util_scan_is_split_prof_found(next_elem, ie, ielen);
3449 
3450 		for (subelement = mbssid_elem + SUBELEMENT_START_POS;
3451 		     subelement < (next_elem - 1);
3452 		     subelement += MIN_IE_LEN + subelement[TAG_LEN_POS]) {
3453 			subie_len = subelement[TAG_LEN_POS];
3454 
3455 			/*
3456 			 * if prof_residue is true, that means we are
3457 			 * in the continuation of the fragmented profile part,
3458 			 * present in the next MBSSD IE else this profile
3459 			 * is a non fragmented non tx BSSID profile.
3460 			 */
3461 
3462 			if (mbssid_info.prof_residue)
3463 				mbssid_info.split_prof_continue = true;
3464 			else
3465 				mbssid_info.split_prof_continue = false;
3466 
3467 			if (subie_len > MAX_SUBELEM_LEN) {
3468 				scm_debug_rl("Corrupt frame with subie_len: %d "
3469 					     "split_prof_continue: %d,prof_residue: %d",
3470 					     subie_len,
3471 					     mbssid_info.split_prof_continue,
3472 					     mbssid_info.prof_residue);
3473 				if (mbssid_info.split_prof_continue) {
3474 					qdf_mem_free(split_prof_start);
3475 					split_prof_start = NULL;
3476 				}
3477 
3478 				qdf_mem_free(new_ie);
3479 				return QDF_STATUS_E_INVAL;
3480 			}
3481 
3482 			if ((next_elem - subelement) <
3483 			    (MIN_IE_LEN + subie_len))
3484 				break;
3485 
3486 			next_subelement = subelement + subie_len + MIN_IE_LEN;
3487 			retval = util_handle_nontx_prof(mbssid_elem, subelement,
3488 							next_subelement,
3489 							&mbssid_info,
3490 							bssid, new_bssid);
3491 
3492 			if (retval == INVALID_SPLIT_PROF) {
3493 				scm_debug_rl("Corrupt frame with ID_POS: %d,TAG_LEN_POS: %d",
3494 					     subelement[ID_POS],
3495 					     subelement[TAG_LEN_POS]);
3496 				qdf_mem_free(split_prof_start);
3497 				split_prof_start = NULL;
3498 				qdf_mem_free(new_ie);
3499 				return QDF_STATUS_E_INVAL;
3500 			} else if (retval == INVALID_NONTX_PROF) {
3501 				continue;
3502 			}
3503 
3504 			/*
3505 			 * Merging parts of nontx profile-
3506 			 * Just for understanding, let's make an assumption
3507 			 * that nontx profile is fragmented across MBSSIE1
3508 			 * and MBSSIE2.
3509 			 * mbssid_info.prof_residue being set indicates
3510 			 * that the ongoing nontx profile is part of split
3511 			 * profile, whose other fragmented part is present
3512 			 * in MBSSIE2.
3513 			 * So once prof_residue is set, we need to
3514 			 * identify whether we are accessing the split
3515 			 * profile in MBSSIE1 or MBSSIE2.
3516 			 * If we are in MBSSIE1, then copy the part of split
3517 			 * profile from MBSSIE1 into a new buffer and then
3518 			 * move to the next part of the split profile which
3519 			 * is present in MBSSIE2 and append that part into
3520 			 * the new buffer.
3521 			 * Once the full profile is accumulated, go ahead with
3522 			 * the ie generation and length calculation of the
3523 			 * new frame.
3524 			 */
3525 
3526 			if (mbssid_info.prof_residue) {
3527 				if (!mbssid_info.split_prof_continue) {
3528 					split_prof_start =
3529 						qdf_mem_malloc(ielen);
3530 					if (!split_prof_start) {
3531 						scm_err_rl("Malloc failed");
3532 						qdf_mem_free(new_ie);
3533 						return QDF_STATUS_E_NOMEM;
3534 					}
3535 
3536 					qdf_mem_copy(split_prof_start,
3537 						     subelement,
3538 						     (subie_len +
3539 						      MIN_IE_LEN));
3540 					split_prof_end = (split_prof_start +
3541 							  subie_len +
3542 							  MIN_IE_LEN);
3543 					break;
3544 				}
3545 
3546 				/*
3547 				 * Currently we are accessing other part of the
3548 				 * split profile present in the subsequent
3549 				 * MBSSIE. There is a possibility that one
3550 				 * non tx profile is spread across more than
3551 				 * two MBSSID tag as well. This code will
3552 				 * handle such scenario.
3553 				 */
3554 
3555 				if (split_prof_end) {
3556 					qdf_mem_copy(split_prof_end,
3557 						     (subelement + MIN_IE_LEN),
3558 						     subie_len);
3559 					split_prof_end += subie_len;
3560 				}
3561 
3562 				/*
3563 				 * When to stop the process of accumulating
3564 				 * parts of split profile, is decided by
3565 				 * mbssid_info.prof_residue. prof_residue
3566 				 * could be made false if there is not any
3567 				 * continuation of the split profile.
3568 				 * which could be identified by two factors
3569 				 * 1. By checking if the next MBSSIE's first
3570 				 * non tx profile is not a fragmented one or
3571 				 * 2. there is a probability that first
3572 				 * subelement of MBSSIE2 is end if split
3573 				 * profile and the next subelement of MBSSIE2
3574 				 * is a non split one.
3575 				 */
3576 
3577 				if (!mbssid_info.split_profile ||
3578 				    (next_subelement[PAYLOAD_START_POS] ==
3579 				     WLAN_ELEMID_NONTX_BSSID_CAP)) {
3580 					mbssid_info.prof_residue = false;
3581 				}
3582 
3583 				/*
3584 				 * Until above mentioned conditions are met,
3585 				 * we need to iterate and keep accumulating
3586 				 * the split profile contents.
3587 				 */
3588 
3589 				if (mbssid_info.prof_residue)
3590 					break;
3591 
3592 				if (split_prof_end) {
3593 					split_prof_len =
3594 						(split_prof_end -
3595 						 split_prof_start - MIN_IE_LEN);
3596 				}
3597 			}
3598 
3599 			if (mbssid_info.split_prof_continue) {
3600 				if (!split_prof_start)
3601 					break;
3602 				nontx_profile = split_prof_start;
3603 				subie_len = split_prof_len;
3604 			} else {
3605 				nontx_profile = subelement;
3606 			}
3607 
3608 			new_ie_len =
3609 				util_gen_new_ie(pdev, ie, ielen,
3610 						(nontx_profile +
3611 						 PAYLOAD_START_POS),
3612 						subie_len, new_ie,
3613 						mbssid_info.profile_num);
3614 
3615 			if (!new_ie_len) {
3616 				if (mbssid_info.split_prof_continue) {
3617 					qdf_mem_free(split_prof_start);
3618 					split_prof_start = NULL;
3619 					split_prof_end = NULL;
3620 					split_prof_len = 0;
3621 				}
3622 				continue;
3623 			}
3624 
3625 			new_frame_len = frame_len - ielen + new_ie_len;
3626 
3627 			if (new_frame_len < 0 || new_frame_len > frame_len) {
3628 				if (mbssid_info.split_prof_continue) {
3629 					qdf_mem_free(split_prof_start);
3630 					split_prof_start = NULL;
3631 				}
3632 				qdf_mem_free(new_ie);
3633 				scm_debug_rl("Invalid frame:Stop MBSSIE parsing, Frame_len: %zu "
3634 					     "ielen:%u,new_ie_len:%u",
3635 					     frame_len, ielen, new_ie_len);
3636 				return QDF_STATUS_E_INVAL;
3637 			}
3638 
3639 			new_frame = qdf_mem_malloc(new_frame_len);
3640 			if (!new_frame) {
3641 				if (mbssid_info.split_prof_continue) {
3642 					qdf_mem_free(split_prof_start);
3643 					split_prof_start = NULL;
3644 				}
3645 				qdf_mem_free(new_ie);
3646 				scm_err_rl("Malloc for new_frame failed");
3647 				scm_err_rl("split_prof_continue: %d",
3648 					   mbssid_info.split_prof_continue);
3649 				return QDF_STATUS_E_NOMEM;
3650 			}
3651 
3652 			/*
3653 			 * Copy the header(24byte), timestamp(8 byte),
3654 			 * beaconinterval(2byte) and capability(2byte)
3655 			 */
3656 			qdf_mem_copy(new_frame, frame, FIXED_LENGTH);
3657 			/* Copy the new ie generated from MBSSID profile*/
3658 			hdr = (struct wlan_frame_hdr *)new_frame;
3659 			qdf_mem_copy(hdr->i_addr2, new_bssid,
3660 				     QDF_MAC_ADDR_SIZE);
3661 			qdf_mem_copy(hdr->i_addr3, new_bssid,
3662 				     QDF_MAC_ADDR_SIZE);
3663 			bcn = (struct wlan_bcn_frame *)
3664 				(new_frame + sizeof(struct wlan_frame_hdr));
3665 			/* update the non-tx capability */
3666 			qdf_mem_copy(&bcn->capability,
3667 				     nontx_profile + CAP_INFO_POS,
3668 				     CAP_INFO_LEN);
3669 
3670 			/* Copy the new ie generated from MBSSID profile*/
3671 			qdf_mem_copy(new_frame +
3672 				     offsetof(struct wlan_bcn_frame, ie) +
3673 				     sizeof(struct wlan_frame_hdr),
3674 				     new_ie, new_ie_len);
3675 			if (scan_obj->cb.inform_mbssid_bcn_prb_rsp)
3676 				scan_obj->cb.inform_mbssid_bcn_prb_rsp(
3677 						       new_frame, new_frame_len,
3678 						       frm_subtype, new_bssid);
3679 
3680 			status = util_scan_gen_scan_entry(pdev, new_frame,
3681 							  new_frame_len,
3682 							  frm_subtype,
3683 							  rx_param,
3684 							  &mbssid_info,
3685 							  scan_list);
3686 			if (QDF_IS_STATUS_ERROR(status)) {
3687 				if (mbssid_info.split_prof_continue) {
3688 					qdf_mem_free(split_prof_start);
3689 					split_prof_start = NULL;
3690 					split_prof_end = NULL;
3691 					split_prof_len = 0;
3692 					qdf_mem_zero(&mbssid_info,
3693 						     sizeof(mbssid_info));
3694 				}
3695 				qdf_mem_free(new_frame);
3696 				scm_debug_rl("failed to generate a scan entry "
3697 					     "split_prof_continue: %d",
3698 					     mbssid_info.split_prof_continue);
3699 				break;
3700 			}
3701 			/* scan entry makes its own copy so free the frame*/
3702 			if (mbssid_info.split_prof_continue) {
3703 				qdf_mem_free(split_prof_start);
3704 				split_prof_start = NULL;
3705 				split_prof_end = NULL;
3706 				split_prof_len = 0;
3707 			}
3708 			qdf_mem_free(new_frame);
3709 		}
3710 
3711 		pos = next_elem;
3712 	}
3713 	qdf_mem_free(new_ie);
3714 
3715 	if (split_prof_start)
3716 		qdf_mem_free(split_prof_start);
3717 
3718 	return QDF_STATUS_SUCCESS;
3719 }
3720 #else
util_scan_parse_mbssid(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list)3721 static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev,
3722 					 uint8_t *frame, qdf_size_t frame_len,
3723 					 uint32_t frm_subtype,
3724 					 struct mgmt_rx_event_params *rx_param,
3725 					 qdf_list_t *scan_list)
3726 {
3727 	return QDF_STATUS_SUCCESS;
3728 }
3729 #endif
3730 
3731 #if defined(WLAN_FEATURE_11BE) && defined(WLAN_FEATURE_11BE_MLO_MBSSID)
3732 /*
3733  * util_scan_gen_txvap_scan_entry() - Strip out the MBSSID tag from the received
3734  * frame and update the modified frame length before generating a scan entry.
3735  * It is redundant to have MBSSID information as part of the TX vap/ profile
3736  * specific scan entry.
3737  *
3738  * @pdev: pdev context
3739  * @frame: Unsoiled frame passed from util_scan_parse_beacon_frame()
3740  * @frame_len: Length of the unsoiled frame
3741  * @ie_list: Points to the start of IE list in parent/ unsoiled frame
3742  * @ielen: Length of the complete IE list from parent/ unsoiled frame
3743  * @frm_subtype: Frame subtype
3744  * @rx_param: host mgmt header params
3745  * @scan_list: Scan entry list of bss candidates after filtering
3746  * @mbssid_info: Data structure to carry MBSSID information
3747  *
3748  * Return: False if the scan entry generation is not successful
3749  */
3750 static QDF_STATUS
util_scan_gen_txvap_scan_entry(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint8_t * ie_list,uint32_t ielen,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list,struct scan_mbssid_info * mbssid_info)3751 util_scan_gen_txvap_scan_entry(struct wlan_objmgr_pdev *pdev,
3752 			       uint8_t *frame, qdf_size_t frame_len,
3753 			       uint8_t *ie_list, uint32_t ielen,
3754 			       uint32_t frm_subtype,
3755 			       struct mgmt_rx_event_params *rx_param,
3756 			       qdf_list_t *scan_list,
3757 			       struct scan_mbssid_info *mbssid_info)
3758 {
3759 	uint8_t *src_ie, *dest_ptr, *container;
3760 	uint16_t new_frame_len, new_ie_len = 0;
3761 	uint8_t *trimmed_frame, fixed_len = 0;
3762 	QDF_STATUS status = QDF_STATUS_SUCCESS;
3763 
3764 	/*
3765 	 * Allocate a buffer to copy only the TX VAP information after
3766 	 * stripping out the MBSSID IE from the parent beacon.
3767 	 * The allocation size should be the size of a frame as at
3768 	 * this point it is unknown what would be the new frame length
3769 	 * after stripping the MBSSID IE.
3770 	 */
3771 	container = qdf_mem_malloc(frame_len);
3772 	if (!container) {
3773 		scm_err_rl("Malloc for container failed");
3774 		return QDF_STATUS_E_NOMEM;
3775 	}
3776 
3777 	dest_ptr = &container[0];
3778 	fixed_len = sizeof(struct wlan_frame_hdr) +
3779 		offsetof(struct wlan_bcn_frame, ie);
3780 
3781 	/*Copy the data till IE list before procesisng the IE one by one*/
3782 	qdf_mem_copy(dest_ptr, frame, fixed_len);
3783 
3784 	dest_ptr += fixed_len;
3785 	src_ie = ie_list;
3786 
3787 	/*
3788 	 * Go through the IE list from the parent beacon and copy one by one.
3789 	 * Skip copying it to the container if it's an MBSSID tag.
3790 	 */
3791 	while (((src_ie + src_ie[TAG_LEN_POS] + MIN_IE_LEN) -
3792 		ie_list) <= ielen) {
3793 		if (src_ie[ID_POS] == WLAN_ELEMID_MULTIPLE_BSSID) {
3794 			src_ie += src_ie[TAG_LEN_POS] + MIN_IE_LEN;
3795 			continue;
3796 		}
3797 
3798 		qdf_mem_copy(dest_ptr, src_ie,
3799 			     (src_ie[TAG_LEN_POS] + MIN_IE_LEN));
3800 
3801 		dest_ptr += src_ie[TAG_LEN_POS] + MIN_IE_LEN;
3802 		if (((src_ie + src_ie[TAG_LEN_POS] +
3803 		      MIN_IE_LEN) - ie_list) >= ielen)
3804 			break;
3805 
3806 		src_ie += src_ie[TAG_LEN_POS] + MIN_IE_LEN;
3807 	}
3808 
3809 	if (dest_ptr > container)
3810 		new_ie_len = dest_ptr - (container + fixed_len);
3811 
3812 	new_frame_len = frame_len - ielen + new_ie_len;
3813 
3814 	/*
3815 	 * At the start of this handler, we have allocated a memory block
3816 	 * of size same as a full beacon frame size, as we are not sure
3817 	 * of what would be the size of the new frame. After stripping out
3818 	 * the MBSSID tag from the parent beacon, there are some unused
3819 	 * memory. Hence do another malloc of the new frame length
3820 	 * (length of the new frame which has only TX VAP information)
3821 	 * and copy the needed data from the container, then free the
3822 	 * memory corresponds to container.
3823 	 * Post copy, use the trimmed frame and the new frame length
3824 	 * to generate scan entry for the TX profile.
3825 	 */
3826 	trimmed_frame = qdf_mem_malloc(new_frame_len);
3827 	if (!trimmed_frame) {
3828 		scm_err_rl("Malloc for trimmed frame failed");
3829 		qdf_mem_free(container);
3830 		return QDF_STATUS_E_NOMEM;
3831 	}
3832 
3833 	qdf_mem_copy(trimmed_frame, container, new_frame_len);
3834 	qdf_mem_free(container);
3835 
3836 	status = util_scan_gen_scan_entry(pdev, trimmed_frame,
3837 					  new_frame_len,
3838 					  frm_subtype,
3839 					  rx_param,
3840 					  mbssid_info,
3841 					  scan_list);
3842 
3843 	if (QDF_IS_STATUS_ERROR(status))
3844 		scm_debug_rl("Failed to create a scan entry");
3845 
3846 	qdf_mem_free(trimmed_frame);
3847 	return status;
3848 }
3849 
3850 /*
3851  * util_scan_parse_eht_beacon() : This API will be executed
3852  * only for 11BE platforms as per current design.
3853  * IF MBSSID IE is present in the beacon then
3854  * scan component will create a new entry for
3855  * each BSSID found in the MBSSID
3856  * util_scan_parse_mbssid() takes care of creating
3857  * scan entries for every non tx profile present in
3858  * the MBSSID tag.
3859  * util_scan_gen_txvap_scan_entry() helps in generating
3860  * scan entry for the tx profile.
3861  */
3862 static QDF_STATUS
util_scan_parse_eht_beacon(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint8_t * ie_list,uint32_t ielen,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list,struct scan_mbssid_info * mbssid_info,uint8_t * mbssid_ie)3863 util_scan_parse_eht_beacon(struct wlan_objmgr_pdev *pdev,
3864 			   uint8_t *frame, qdf_size_t frame_len,
3865 			   uint8_t *ie_list, uint32_t ielen,
3866 			   uint32_t frm_subtype,
3867 			   struct mgmt_rx_event_params *rx_param,
3868 			   qdf_list_t *scan_list,
3869 			   struct scan_mbssid_info *mbssid_info,
3870 			   uint8_t *mbssid_ie)
3871 {
3872 	QDF_STATUS status = QDF_STATUS_SUCCESS;
3873 
3874 	if (mbssid_ie && ie_list) {
3875 		if (ie_list[TAG_LEN_POS] <= 0) {
3876 			scm_debug_rl("Corrupt IE");
3877 			return QDF_STATUS_E_INVAL;
3878 		}
3879 
3880 		status = util_scan_parse_mbssid(pdev, frame, frame_len,
3881 						frm_subtype, rx_param,
3882 						scan_list);
3883 
3884 		if (QDF_IS_STATUS_ERROR(status)) {
3885 			scm_debug_rl("NonTx prof: Failed to create scan entry");
3886 			return status;
3887 		}
3888 
3889 		status = util_scan_gen_txvap_scan_entry(pdev, frame,
3890 							frame_len, ie_list,
3891 							ielen, frm_subtype,
3892 							rx_param, scan_list,
3893 							mbssid_info);
3894 
3895 		if (QDF_IS_STATUS_ERROR(status))
3896 			scm_debug_rl("TX prof: Failed to create scan entry");
3897 
3898 		return status;
3899 	}
3900 
3901 	/*For Non MBSSIE case*/
3902 	status = util_scan_gen_scan_entry(pdev, frame, frame_len,
3903 					  frm_subtype, rx_param,
3904 					  mbssid_info, scan_list);
3905 
3906 	if (QDF_IS_STATUS_ERROR(status))
3907 		scm_debug_rl("Non-MBSSIE frame: Failed to create scan entry");
3908 
3909 	return status;
3910 }
3911 
3912 static bool
util_scan_is_platform_eht_capable(struct wlan_objmgr_pdev * pdev)3913 util_scan_is_platform_eht_capable(struct wlan_objmgr_pdev *pdev)
3914 {
3915 	struct wlan_objmgr_psoc *psoc = NULL;
3916 	struct wlan_lmac_if_tx_ops *tx_ops = NULL;
3917 	struct wlan_lmac_if_scan_tx_ops *scan_ops = NULL;
3918 	uint8_t pdev_id;
3919 
3920 	psoc = wlan_pdev_get_psoc(pdev);
3921 	if (!psoc) {
3922 		scm_debug_rl("psoc is null");
3923 		return false;
3924 	}
3925 	tx_ops = wlan_psoc_get_lmac_if_txops(psoc);
3926 	if (!tx_ops) {
3927 		scm_debug_rl("tx_ops is null");
3928 		return false;
3929 	}
3930 	scan_ops = &tx_ops->scan;
3931 	if (!scan_ops) {
3932 		scm_debug_rl("scan_ops is null");
3933 		return false;
3934 	}
3935 	pdev_id = wlan_objmgr_pdev_get_pdev_id(pdev);
3936 
3937 	if (scan_ops->is_platform_eht_capable)
3938 		return scan_ops->is_platform_eht_capable(psoc, pdev_id);
3939 
3940 	return false;
3941 }
3942 #else
3943 static QDF_STATUS
util_scan_parse_eht_beacon(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint8_t * ie_list,uint32_t ielen,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list,struct scan_mbssid_info * mbssid_info,uint8_t * mbssid_ie)3944 util_scan_parse_eht_beacon(struct wlan_objmgr_pdev *pdev,
3945 			   uint8_t *frame, qdf_size_t frame_len,
3946 			   uint8_t *ie_list, uint32_t ielen,
3947 			   uint32_t frm_subtype,
3948 			   struct mgmt_rx_event_params *rx_param,
3949 			   qdf_list_t *scan_list,
3950 			   struct scan_mbssid_info *mbssid_info,
3951 			   uint8_t *mbssid_ie)
3952 {
3953 	return QDF_STATUS_SUCCESS;
3954 }
3955 
3956 static bool
util_scan_is_platform_eht_capable(struct wlan_objmgr_pdev * pdev)3957 util_scan_is_platform_eht_capable(struct wlan_objmgr_pdev *pdev)
3958 {
3959 	return false;
3960 }
3961 #endif
3962 
3963 static QDF_STATUS
util_scan_parse_beacon_frame(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param,qdf_list_t * scan_list)3964 util_scan_parse_beacon_frame(struct wlan_objmgr_pdev *pdev,
3965 			     uint8_t *frame,
3966 			     qdf_size_t frame_len,
3967 			     uint32_t frm_subtype,
3968 			     struct mgmt_rx_event_params *rx_param,
3969 			     qdf_list_t *scan_list)
3970 {
3971 	struct wlan_bcn_frame *bcn;
3972 	struct wlan_frame_hdr *hdr;
3973 	uint8_t *mbssid_ie = NULL, *extcap_ie;
3974 	uint32_t ie_len = 0;
3975 	QDF_STATUS status = QDF_STATUS_E_FAILURE;
3976 	struct scan_mbssid_info mbssid_info = { 0 };
3977 	uint8_t *ie_list;
3978 	bool eht_support = false;
3979 
3980 	hdr = (struct wlan_frame_hdr *)frame;
3981 	bcn = (struct wlan_bcn_frame *)
3982 		(frame + sizeof(struct wlan_frame_hdr));
3983 	ie_list = (uint8_t *)&bcn->ie;
3984 	ie_len = (uint16_t)(frame_len -
3985 			    sizeof(struct wlan_frame_hdr) -
3986 			    offsetof(struct wlan_bcn_frame, ie));
3987 
3988 	extcap_ie = util_scan_find_ie(WLAN_ELEMID_XCAPS,
3989 				      (uint8_t *)&bcn->ie, ie_len);
3990 	/* Process MBSSID when Multiple BSSID (Bit 22) is set in Ext Caps */
3991 	if (extcap_ie &&
3992 	    extcap_ie[1] >= 3 && extcap_ie[1] <= WLAN_EXTCAP_IE_MAX_LEN &&
3993 	    (extcap_ie[4] & 0x40)) {
3994 		mbssid_ie = util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID,
3995 					      (uint8_t *)&bcn->ie, ie_len);
3996 		if (mbssid_ie) {
3997 			/* some APs announce the MBSSID ie_len as 1 */
3998 			if (mbssid_ie[TAG_LEN_POS] < 1) {
3999 				scm_debug("MBSSID IE length is wrong %d",
4000 					  mbssid_ie[TAG_LEN_POS]);
4001 				return status;
4002 			}
4003 			qdf_mem_copy(&mbssid_info.trans_bssid,
4004 				     hdr->i_addr3, QDF_MAC_ADDR_SIZE);
4005 			mbssid_info.profile_count = 1 << mbssid_ie[2];
4006 		}
4007 	}
4008 
4009 	eht_support = util_scan_is_platform_eht_capable(pdev);
4010 
4011 	if (eht_support) {
4012 		status = util_scan_parse_eht_beacon(pdev, frame, frame_len,
4013 						    ie_list, ie_len,
4014 						    frm_subtype, rx_param,
4015 						    scan_list, &mbssid_info,
4016 						    mbssid_ie);
4017 		return status;
4018 	}
4019 
4020 	status = util_scan_gen_scan_entry(pdev, frame, frame_len,
4021 					  frm_subtype, rx_param,
4022 					  &mbssid_info,
4023 					  scan_list);
4024 
4025 	if (mbssid_ie)
4026 		status = util_scan_parse_mbssid(pdev, frame, frame_len,
4027 						frm_subtype, rx_param,
4028 						scan_list);
4029 
4030 	if (QDF_IS_STATUS_ERROR(status))
4031 		scm_debug_rl("Failed to create scan entry");
4032 
4033 	return status;
4034 }
4035 
4036 qdf_list_t *
util_scan_unpack_beacon_frame(struct wlan_objmgr_pdev * pdev,uint8_t * frame,qdf_size_t frame_len,uint32_t frm_subtype,struct mgmt_rx_event_params * rx_param)4037 util_scan_unpack_beacon_frame(struct wlan_objmgr_pdev *pdev, uint8_t *frame,
4038 			      qdf_size_t frame_len, uint32_t frm_subtype,
4039 			      struct mgmt_rx_event_params *rx_param)
4040 {
4041 	qdf_list_t *scan_list;
4042 	QDF_STATUS status;
4043 
4044 	scan_list = qdf_mem_malloc_atomic(sizeof(*scan_list));
4045 	if (!scan_list) {
4046 		scm_err("failed to allocate scan_list");
4047 		return NULL;
4048 	}
4049 	qdf_list_create(scan_list, MAX_SCAN_CACHE_SIZE);
4050 
4051 	status = util_scan_parse_beacon_frame(pdev, frame, frame_len,
4052 					      frm_subtype, rx_param,
4053 					      scan_list);
4054 	if (QDF_IS_STATUS_ERROR(status)) {
4055 		ucfg_scan_purge_results(scan_list);
4056 		return NULL;
4057 	}
4058 
4059 	return scan_list;
4060 }
4061 
4062 QDF_STATUS
util_scan_entry_update_mlme_info(struct wlan_objmgr_pdev * pdev,struct scan_cache_entry * scan_entry)4063 util_scan_entry_update_mlme_info(struct wlan_objmgr_pdev *pdev,
4064 	struct scan_cache_entry *scan_entry)
4065 {
4066 
4067 	if (!pdev || !scan_entry) {
4068 		scm_err("pdev 0x%pK, scan_entry: 0x%pK", pdev, scan_entry);
4069 		return QDF_STATUS_E_INVAL;
4070 	}
4071 
4072 	return scm_update_scan_mlme_info(pdev, scan_entry);
4073 }
4074 
util_is_scan_completed(struct scan_event * event,bool * success)4075 bool util_is_scan_completed(struct scan_event *event, bool *success)
4076 {
4077 	if ((event->type == SCAN_EVENT_TYPE_COMPLETED) ||
4078 	    (event->type == SCAN_EVENT_TYPE_DEQUEUED) ||
4079 	    (event->type == SCAN_EVENT_TYPE_START_FAILED)) {
4080 		if ((event->type == SCAN_EVENT_TYPE_COMPLETED) &&
4081 		    (event->reason == SCAN_REASON_COMPLETED))
4082 			*success = true;
4083 		else
4084 			*success = false;
4085 
4086 		return true;
4087 	}
4088 
4089 	*success = false;
4090 	return false;
4091 }
4092 
4093 #if defined(WLAN_SAE_SINGLE_PMK) && defined(WLAN_FEATURE_ROAM_OFFLOAD)
4094 bool
util_scan_entry_single_pmk(struct wlan_objmgr_psoc * psoc,struct scan_cache_entry * scan_entry)4095 util_scan_entry_single_pmk(struct wlan_objmgr_psoc *psoc,
4096 			   struct scan_cache_entry *scan_entry)
4097 {
4098 	if (scan_entry->ie_list.single_pmk &&
4099 	    wlan_mlme_is_sae_single_pmk_enabled(psoc))
4100 		return true;
4101 
4102 	return false;
4103 }
4104 #endif
4105 
util_is_bssid_non_tx(struct wlan_objmgr_psoc * psoc,struct qdf_mac_addr * bssid,qdf_freq_t freq)4106 bool util_is_bssid_non_tx(struct wlan_objmgr_psoc *psoc,
4107 			  struct qdf_mac_addr *bssid, qdf_freq_t freq)
4108 {
4109 	int i;
4110 	qdf_list_node_t *cur_node, *next_node;
4111 	struct meta_rnr_channel *channel;
4112 	struct scan_rnr_node *rnr_node;
4113 	struct channel_list_db *rnr_channel_db;
4114 	bool ret = false;
4115 
4116 	if (!psoc)
4117 		return false;
4118 
4119 	rnr_channel_db = scm_get_rnr_channel_db(psoc);
4120 	if (!rnr_channel_db)
4121 		return false;
4122 
4123 	for (i = 0; i < QDF_ARRAY_SIZE(rnr_channel_db->channel); i++) {
4124 		channel = &rnr_channel_db->channel[i];
4125 		if (channel->chan_freq != freq)
4126 			continue;
4127 
4128 		cur_node = NULL;
4129 		qdf_list_peek_front(&channel->rnr_list, &cur_node);
4130 
4131 		while (cur_node) {
4132 			next_node = NULL;
4133 			qdf_list_peek_next(&channel->rnr_list, cur_node,
4134 					   &next_node);
4135 			rnr_node = qdf_container_of(cur_node,
4136 						    struct scan_rnr_node,
4137 						    node);
4138 			if (qdf_is_macaddr_equal(&rnr_node->entry.bssid, bssid) &&
4139 			    (rnr_node->entry.bss_params &
4140 			     TBTT_BSS_PARAM_MBSSID_TX_MASK) ==
4141 			    TBTT_BSS_PARAM_MBSSID_NONTX_MASK) {
4142 				ret = true;
4143 				break;
4144 			}
4145 			cur_node = next_node;
4146 		}
4147 	}
4148 
4149 	return ret;
4150 }
4151