mlo_mgr/src/utils_mlo.c

*5113495bSYour Name/*
*5113495bSYour Name * Copyright (c) 2021, The Linux Foundation. All rights reserved.
*5113495bSYour Name * Copyright (c) 2021-2024 Qualcomm Innovation Center, Inc. All rights reserved.
*5113495bSYour Name *
*5113495bSYour Name * Permission to use, copy, modify, and/or distribute this software for any
*5113495bSYour Name * purpose with or without fee is hereby granted, provided that the above
*5113495bSYour Name * copyright notice and this permission notice appear in all copies.
*5113495bSYour Name *
*5113495bSYour Name * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
*5113495bSYour Name * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
*5113495bSYour Name * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
*5113495bSYour Name * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
*5113495bSYour Name * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
*5113495bSYour Name * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
*5113495bSYour Name * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*5113495bSYour Name */
*5113495bSYour Name
*5113495bSYour Name/*
*5113495bSYour Name * DOC: contains MLO manager util api's
*5113495bSYour Name */
*5113495bSYour Name#include <wlan_cmn.h>
*5113495bSYour Name#include <wlan_mlo_mgr_sta.h>
*5113495bSYour Name#include <wlan_cm_public_struct.h>
*5113495bSYour Name#include <wlan_mlo_mgr_main.h>
*5113495bSYour Name#include <wlan_cm_api.h>
*5113495bSYour Name#include "wlan_scan_api.h"
*5113495bSYour Name#include "qdf_types.h"
*5113495bSYour Name#include "utils_mlo.h"
*5113495bSYour Name#include "wlan_mlo_mgr_cmn.h"
*5113495bSYour Name#include "wlan_utility.h"
*5113495bSYour Name
*5113495bSYour Name#ifdef WLAN_FEATURE_11BE_MLO
*5113495bSYour Name
*5113495bSYour Namestatic uint8_t *util_find_eid(uint8_t eid, uint8_t *frame, qdf_size_t len)
*5113495bSYour Name{
*5113495bSYour Name	if (!frame)
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	while (len >= MIN_IE_LEN && len >= frame[TAG_LEN_POS] + MIN_IE_LEN) {
*5113495bSYour Name		if (frame[ID_POS] == eid)
*5113495bSYour Name			return frame;
*5113495bSYour Name
*5113495bSYour Name		len -= frame[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name		frame += frame[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return NULL;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour Nameuint8_t *util_find_extn_eid(uint8_t eid, uint8_t extn_eid,
*5113495bSYour Name			    uint8_t *frame, qdf_size_t len)
*5113495bSYour Name{
*5113495bSYour Name	if (!frame)
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	while (len > MIN_IE_LEN && len >= frame[TAG_LEN_POS] + MIN_IE_LEN) {
*5113495bSYour Name		if ((frame[ID_POS] == eid) &&
*5113495bSYour Name		    (frame[ELEM_ID_EXTN_POS] == extn_eid))
*5113495bSYour Name			return frame;
*5113495bSYour Name
*5113495bSYour Name		len -= frame[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name		frame += frame[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name	}
*5113495bSYour Name	return NULL;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_multi_link_ctrl(uint8_t *mlieseqpayload,
*5113495bSYour Name			   qdf_size_t mlieseqpayloadlen,
*5113495bSYour Name			   uint8_t **link_info,
*5113495bSYour Name			   qdf_size_t *link_info_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presence_bm;
*5113495bSYour Name	uint16_t cinfo_len = 0;
*5113495bSYour Name	uint16_t exp_cinfo_len = 0;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and length(s) of (sub)field(s)
*5113495bSYour Name	 * inferable after parsing the Multi Link element Control field. These
*5113495bSYour Name	 * location(s) and length(s) is/are in reference to the payload section
*5113495bSYour Name	 * of the Multi Link element (after defragmentation, if applicable).
*5113495bSYour Name	 * Here, the payload is the point after the element ID extension of the
*5113495bSYour Name	 * Multi Link element, and includes the payloads of all subsequent
*5113495bSYour Name	 * fragments (if any) but not the headers of those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the location and length of the Link
*5113495bSYour Name	 * Info field in the Multi Link element sequence. Other (sub)field(s)
*5113495bSYour Name	 * can be added later as required.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload) {
*5113495bSYour Name		mlo_err("ML seq payload pointer is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayloadlen) {
*5113495bSYour Name		mlo_err("ML seq payload len is 0");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen < WLAN_ML_CTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu < ML Control size %u",
*5113495bSYour Name			   mlieseqpayloadlen, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(&mlcontrol, mlieseqpayload, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlcontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_CTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	presence_bm = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				   WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen <
*5113495bSYour Name			(parsed_payload_len + WLAN_ML_BV_CINFO_LENGTH_SIZE)) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu insufficient for common info length size %u after parsed payload len %zu.",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   WLAN_ML_BV_CINFO_LENGTH_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	cinfo_len = *(mlieseqpayload + parsed_payload_len);
*5113495bSYour Name
*5113495bSYour Name	if (cinfo_len >
*5113495bSYour Name			(mlieseqpayloadlen - parsed_payload_len)) {
*5113495bSYour Name		mlo_err_rl("ML seq common info len %u larger than ML seq payload len %zu after parsed payload len %zu.",
*5113495bSYour Name			   cinfo_len,
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len += WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen <
*5113495bSYour Name			(parsed_payload_len + QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu insufficient for MAC address size %u after parsed payload len %zu.",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   QDF_MAC_ADDR_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name
*5113495bSYour Name	/* Check if Link ID info is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_LINKIDINFO_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for Link ID info size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_LINKIDINFO_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if BSS parameter change count is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BSSPARAMCHNGCNT_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for BSS parameter change count size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BSSPARAMCHNGCNT_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if Medium Sync Delay Info is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for Medium Sync Delay Info size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if EML cap is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_EMLCAP_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_EMLCAP_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for EML cap size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_EMLCAP_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_EMLCAP_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if MLD cap is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_MLDCAPANDOP_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for MLD cap size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if MLD ID is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_MLDID_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_MLDID_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for MLD ID size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_MLDID_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_MLDID_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if Ext MLD CAP OP is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_BV_CTRL_PBM_EXT_MLDCAPANDOP_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for Ext MLD CAP OP size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	exp_cinfo_len = parsed_payload_len - WLAN_ML_CTRL_SIZE;
*5113495bSYour Name	if (cinfo_len >= exp_cinfo_len) {
*5113495bSYour Name		/* If common info length received is greater,
*5113495bSYour Name		 *  skip through the additional bytes
*5113495bSYour Name		 */
*5113495bSYour Name		parsed_payload_len += (cinfo_len - exp_cinfo_len);
*5113495bSYour Name		mlo_debug("ML seq common info len %u, parsed payload length %zu, expected common info len %u",
*5113495bSYour Name			  cinfo_len, parsed_payload_len, exp_cinfo_len);
*5113495bSYour Name	} else {
*5113495bSYour Name		/* If cinfo_len < exp_cinfo_len return error */
*5113495bSYour Name		mlo_err_rl("ML seq common info len %u doesn't match with expected common info len %u",
*5113495bSYour Name			   cinfo_len, exp_cinfo_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info_len) {
*5113495bSYour Name		*link_info_len = mlieseqpayloadlen - parsed_payload_len;
*5113495bSYour Name		mlo_debug("link_info_len:%zu, parsed_payload_len:%zu",
*5113495bSYour Name			  *link_info_len, parsed_payload_len);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen == parsed_payload_len) {
*5113495bSYour Name		if (link_info)
*5113495bSYour Name			*link_info = NULL;
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info)
*5113495bSYour Name		*link_info = mlieseqpayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_prv_multi_link_ctrl(uint8_t *mlieseqpayload,
*5113495bSYour Name			       qdf_size_t mlieseqpayloadlen,
*5113495bSYour Name			       uint8_t **link_info,
*5113495bSYour Name			       qdf_size_t *link_info_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presence_bm;
*5113495bSYour Name	uint16_t cinfo_len = 0;
*5113495bSYour Name	uint16_t exp_cinfo_len = 0;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and length(s) of (sub)field(s)
*5113495bSYour Name	 * inferable after parsing the Multi Link element Control field. These
*5113495bSYour Name	 * location(s) and length(s) is/are in reference to the payload section
*5113495bSYour Name	 * of the Multi Link element (after defragmentation, if applicable).
*5113495bSYour Name	 * Here, the payload is the point after the element ID extension of the
*5113495bSYour Name	 * Multi Link element, and includes the payloads of all subsequent
*5113495bSYour Name	 * fragments (if any) but not the headers of those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the location and length of the Link
*5113495bSYour Name	 * Info field in the Multi Link element sequence. Other (sub)field(s)
*5113495bSYour Name	 * can be added later as required.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload) {
*5113495bSYour Name		mlo_err("ML seq payload pointer is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayloadlen) {
*5113495bSYour Name		mlo_err("ML seq payload len is 0");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen < WLAN_ML_CTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu < ML Control size %u",
*5113495bSYour Name			   mlieseqpayloadlen, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(&mlcontrol, mlieseqpayload, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlcontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_CTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	presence_bm = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				   WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen <
*5113495bSYour Name			(parsed_payload_len + WLAN_ML_PRV_CINFO_LENGTH_SIZE)) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu insufficient for common info length size %u after parsed payload len %zu.",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   WLAN_ML_PRV_CINFO_LENGTH_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	cinfo_len = *(mlieseqpayload + parsed_payload_len);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_PRV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	/* Check if MLD ID is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_PRV_CTRL_PBM_MLDID_P) {
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_PRV_CINFO_MLDID_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for MLD ID size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   WLAN_ML_PRV_CINFO_MLDID_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_PRV_CINFO_MLDID_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	exp_cinfo_len = parsed_payload_len - WLAN_ML_CTRL_SIZE;
*5113495bSYour Name	if (cinfo_len != exp_cinfo_len) {
*5113495bSYour Name		mlo_err_rl("ML seq common info len %u doesn't match with expected common info len %u",
*5113495bSYour Name			   cinfo_len, exp_cinfo_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info_len) {
*5113495bSYour Name		*link_info_len = mlieseqpayloadlen - parsed_payload_len;
*5113495bSYour Name		mlo_debug("link_info_len:%zu, parsed_payload_len:%zu",
*5113495bSYour Name			  *link_info_len, parsed_payload_len);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen == parsed_payload_len) {
*5113495bSYour Name		mlo_debug("No Link Info field present");
*5113495bSYour Name		if (link_info)
*5113495bSYour Name			*link_info = NULL;
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info)
*5113495bSYour Name		*link_info = mlieseqpayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_bvmlie_perstaprofile_stactrl(uint8_t *subelempayload,
*5113495bSYour Name					qdf_size_t subelempayloadlen,
*5113495bSYour Name					uint8_t *linkid,
*5113495bSYour Name					uint16_t *beaconinterval,
*5113495bSYour Name					bool *is_beaconinterval_valid,
*5113495bSYour Name					uint64_t *tsfoffset,
*5113495bSYour Name					bool *is_tsfoffset_valid,
*5113495bSYour Name					bool *is_complete_profile,
*5113495bSYour Name					bool *is_macaddr_valid,
*5113495bSYour Name					struct qdf_mac_addr *macaddr,
*5113495bSYour Name					bool is_staprof_reqd,
*5113495bSYour Name					uint8_t **staprof,
*5113495bSYour Name					qdf_size_t *staprof_len,
*5113495bSYour Name					struct mlo_nstr_info *nstr_info,
*5113495bSYour Name					bool *is_nstrlp_present)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len = 0;
*5113495bSYour Name	uint16_t stacontrol;
*5113495bSYour Name	uint8_t completeprofile;
*5113495bSYour Name	uint8_t nstrlppresent;
*5113495bSYour Name	enum wlan_ml_bv_linfo_perstaprof_stactrl_nstrbmsz nstrbmsz;
*5113495bSYour Name	qdf_size_t nstrlpoffset = 0;
*5113495bSYour Name	uint8_t link_id;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and where required, the length(s)
*5113495bSYour Name	 * of (sub)field(s) inferable after parsing the STA Control field in the
*5113495bSYour Name	 * per-STA profile subelement. These location(s) and length(s) is/are in
*5113495bSYour Name	 * reference to the payload section of the per-STA profile subelement
*5113495bSYour Name	 * (after defragmentation, if applicable).  Here, the payload is the
*5113495bSYour Name	 * point after the subelement length in the subelement, and includes the
*5113495bSYour Name	 * payloads of all subsequent fragments (if any) but not the headers of
*5113495bSYour Name	 * those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the link ID, MAC address, and STA
*5113495bSYour Name	 * profile. More (sub)fields can be added when required.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayload) {
*5113495bSYour Name		mlo_err("Pointer to subelement payload is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayloadlen) {
*5113495bSYour Name		mlo_err("Length of subelement payload is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen < WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu octets is smaller than STA control field of per-STA profile subelement %u octets",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(&stacontrol,
*5113495bSYour Name		     subelempayload,
*5113495bSYour Name		     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name	stacontrol = le16toh(stacontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	link_id = QDF_GET_BITS(stacontrol,
*5113495bSYour Name			       WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_LINKID_IDX,
*5113495bSYour Name			       WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_LINKID_BITS);
*5113495bSYour Name	if (linkid)
*5113495bSYour Name		*linkid = link_id;
*5113495bSYour Name
*5113495bSYour Name	/* Check if this a complete profile */
*5113495bSYour Name	completeprofile = QDF_GET_BITS(stacontrol,
*5113495bSYour Name				       WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_IDX,
*5113495bSYour Name				       WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (completeprofile && is_complete_profile)
*5113495bSYour Name		*is_complete_profile = true;
*5113495bSYour Name
*5113495bSYour Name	/* Check STA Info Length */
*5113495bSYour Name	if (subelempayloadlen <
*5113495bSYour Name		parsed_payload_len + WLAN_ML_BV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE) {
*5113495bSYour Name		mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain STA Info Length of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   WLAN_ML_BV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len += WLAN_ML_BV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (is_macaddr_valid)
*5113495bSYour Name		*is_macaddr_valid = false;
*5113495bSYour Name
*5113495bSYour Name	/* Check STA MAC address present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_MACADDRP_IDX,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_MACADDRP_BITS)) {
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len + QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain MAC address of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   QDF_MAC_ADDR_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (macaddr) {
*5113495bSYour Name			qdf_mem_copy(macaddr->bytes,
*5113495bSYour Name				     subelempayload + parsed_payload_len,
*5113495bSYour Name				     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name
*5113495bSYour Name			mlo_nofl_debug("Copied MAC address: " QDF_MAC_ADDR_FMT,
*5113495bSYour Name				       QDF_MAC_ADDR_REF(macaddr->bytes));
*5113495bSYour Name
*5113495bSYour Name			if (is_macaddr_valid)
*5113495bSYour Name				*is_macaddr_valid = true;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check Beacon Interval present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_BCNINTP_IDX,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_BCNINTP_BITS)) {
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_BEACONINTERVAL_LEN)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain Beacon Interval of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   WLAN_BEACONINTERVAL_LEN,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (beaconinterval) {
*5113495bSYour Name			qdf_mem_copy(beaconinterval,
*5113495bSYour Name				     subelempayload + parsed_payload_len,
*5113495bSYour Name				     WLAN_BEACONINTERVAL_LEN);
*5113495bSYour Name			*beaconinterval = qdf_le16_to_cpu(*beaconinterval);
*5113495bSYour Name
*5113495bSYour Name			if (is_beaconinterval_valid)
*5113495bSYour Name				*is_beaconinterval_valid = true;
*5113495bSYour Name		}
*5113495bSYour Name		parsed_payload_len += WLAN_BEACONINTERVAL_LEN;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check TSF Offset present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_TSFOFFSETP_IDX,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_TSFOFFSETP_BITS)) {
*5113495bSYour Name		if (!completeprofile) {
*5113495bSYour Name			mlo_err_rl("TSF offset is expected only for complete profiles");
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_TSF_OFFSET_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain TSF Offset of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   WLAN_ML_TSF_OFFSET_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (tsfoffset) {
*5113495bSYour Name			qdf_mem_copy(tsfoffset,
*5113495bSYour Name				     subelempayload + parsed_payload_len,
*5113495bSYour Name				     WLAN_TIMESTAMP_LEN);
*5113495bSYour Name			*tsfoffset = qdf_le64_to_cpu(*tsfoffset);
*5113495bSYour Name
*5113495bSYour Name			if (is_tsfoffset_valid)
*5113495bSYour Name				*is_tsfoffset_valid = true;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_TSF_OFFSET_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check DTIM Info present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_DTIMINFOP_IDX,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_DTIMINFOP_BITS)) {
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 sizeof(struct wlan_ml_bv_linfo_perstaprof_stainfo_dtiminfo))) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain DTIM Info of size %zu octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   sizeof(struct wlan_ml_bv_linfo_perstaprof_stainfo_dtiminfo),
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len +=
*5113495bSYour Name			sizeof(struct wlan_ml_bv_linfo_perstaprof_stainfo_dtiminfo);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check NTSR Link pair present bit */
*5113495bSYour Name	nstrlppresent =
*5113495bSYour Name		QDF_GET_BITS(stacontrol,
*5113495bSYour Name			     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRLINKPRP_IDX,
*5113495bSYour Name			     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRLINKPRP_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (completeprofile && nstrlppresent) {
*5113495bSYour Name		nstrlpoffset = parsed_payload_len;
*5113495bSYour Name		/* Check NTSR Bitmap Size bit */
*5113495bSYour Name		nstrbmsz =
*5113495bSYour Name			QDF_GET_BITS(stacontrol,
*5113495bSYour Name				     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_IDX,
*5113495bSYour Name				     WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_BITS);
*5113495bSYour Name
*5113495bSYour Name		if (nstrbmsz == WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_1_OCTET) {
*5113495bSYour Name			if (subelempayloadlen <
*5113495bSYour Name					(parsed_payload_len + 1)) {
*5113495bSYour Name				mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain NTSR Bitmap of size 1 octet after parsed payload length of %zu octets.",
*5113495bSYour Name					   subelempayloadlen,
*5113495bSYour Name					   parsed_payload_len);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			parsed_payload_len += 1;
*5113495bSYour Name		} else if (nstrbmsz == WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_2_OCTETS) {
*5113495bSYour Name			if (subelempayloadlen <
*5113495bSYour Name					(parsed_payload_len + 2)) {
*5113495bSYour Name				mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain NTSR Bitmap  of size 2 octets after parsed payload length of %zu octets.",
*5113495bSYour Name					   subelempayloadlen,
*5113495bSYour Name					   parsed_payload_len);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			parsed_payload_len += 2;
*5113495bSYour Name		} else {
*5113495bSYour Name			/* Though an invalid value cannot occur if only 1 bit is
*5113495bSYour Name			 * used, we check for it in a generic manner in case the
*5113495bSYour Name			 * number of bits is increased in the future.
*5113495bSYour Name			 */
*5113495bSYour Name			mlo_err_rl("Invalid NSTR Bitmap size %u", nstrbmsz);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name		if (nstr_info) {
*5113495bSYour Name			nstr_info->nstr_lp_present = nstrlppresent;
*5113495bSYour Name			nstr_info->nstr_bmp_size = nstrbmsz;
*5113495bSYour Name			*is_nstrlp_present = true;
*5113495bSYour Name			nstr_info->link_id = link_id;
*5113495bSYour Name
*5113495bSYour Name			if (nstrbmsz == WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_1_OCTET) {
*5113495bSYour Name				nstr_info->nstr_lp_bitmap =
*5113495bSYour Name					*(uint8_t *)(subelempayload + nstrlpoffset);
*5113495bSYour Name			} else if (nstrbmsz == WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_NSTRBMSZ_2_OCTETS) {
*5113495bSYour Name				nstr_info->nstr_lp_bitmap =
*5113495bSYour Name					qdf_le16_to_cpu(*(uint16_t *)(subelempayload + nstrlpoffset));
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check BSS Parameters Change Count Present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_BSSPARAMCHNGCNTP_IDX,
*5113495bSYour Name			 WLAN_ML_BV_LINFO_PERSTAPROF_STACTRL_BSSPARAMCHNGCNTP_BITS)) {
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_BSSPARAMCHNGCNT_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain BSS Parameters Change Count of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   WLAN_ML_BSSPARAMCHNGCNT_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Note: Some implementation versions of hostapd/wpa_supplicant may
*5113495bSYour Name	 * provide a per-STA profile without STA profile. Let the caller
*5113495bSYour Name	 * indicate whether a STA profile is required to be found. This may be
*5113495bSYour Name	 * revisited as upstreaming progresses.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!is_staprof_reqd)
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen == parsed_payload_len) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu == parsed payload length %zu. Unable to get STA profile.",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (staprof_len)
*5113495bSYour Name		*staprof_len = subelempayloadlen - parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	if (staprof)
*5113495bSYour Name		*staprof = subelempayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_prvmlie_perstaprofile_stactrl(uint8_t *subelempayload,
*5113495bSYour Name					 qdf_size_t subelempayloadlen,
*5113495bSYour Name					 uint8_t *linkid,
*5113495bSYour Name					 bool is_staprof_reqd,
*5113495bSYour Name					 uint8_t **staprof,
*5113495bSYour Name					 qdf_size_t *staprof_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len = 0;
*5113495bSYour Name	uint16_t stacontrol;
*5113495bSYour Name	uint8_t completeprofile;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and where required, the length(s)
*5113495bSYour Name	 * of (sub)field(s) inferable after parsing the STA Control field in the
*5113495bSYour Name	 * per-STA profile subelement. These location(s) and length(s) is/are in
*5113495bSYour Name	 * reference to the payload section of the per-STA profile subelement
*5113495bSYour Name	 * (after defragmentation, if applicable).  Here, the payload is the
*5113495bSYour Name	 * point after the subelement length in the subelement, and includes the
*5113495bSYour Name	 * payloads of all subsequent fragments (if any) but not the headers of
*5113495bSYour Name	 * those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the link ID, MAC address, and STA
*5113495bSYour Name	 * profile. More (sub)fields can be added when required.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayload) {
*5113495bSYour Name		mlo_err("Pointer to subelement payload is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayloadlen) {
*5113495bSYour Name		mlo_err("Length of subelement payload is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen < WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu octets is smaller than STA control field of per-STA profile subelement %u octets",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(&stacontrol,
*5113495bSYour Name		     subelempayload,
*5113495bSYour Name		     WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name	stacontrol = qdf_le16_to_cpu(stacontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (linkid) {
*5113495bSYour Name		*linkid = QDF_GET_BITS(stacontrol,
*5113495bSYour Name				       WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_LINKID_IDX,
*5113495bSYour Name				       WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_LINKID_BITS);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check if this a complete profile */
*5113495bSYour Name	completeprofile = QDF_GET_BITS(stacontrol,
*5113495bSYour Name				       WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_IDX,
*5113495bSYour Name				       WLAN_ML_PRV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* Note: Some implementation versions of hostapd/wpa_supplicant may
*5113495bSYour Name	 * provide a per-STA profile without STA profile. Let the caller
*5113495bSYour Name	 * indicate whether a STA profile is required to be found. This may be
*5113495bSYour Name	 * revisited as upstreaming progresses.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!is_staprof_reqd)
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen == parsed_payload_len) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu == parsed payload length %zu. Unable to get STA profile.",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (staprof_len)
*5113495bSYour Name		*staprof_len = subelempayloadlen - parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	if (staprof)
*5113495bSYour Name		*staprof = subelempayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour Nameuint8_t *util_get_successorfrag(uint8_t *currie, uint8_t *frame, qdf_size_t len)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t *nextie;
*5113495bSYour Name
*5113495bSYour Name	if (!currie || !frame || !len)
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	if ((currie + MIN_IE_LEN) > (frame + len))
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	/* Check whether there is sufficient space in the frame for the current
*5113495bSYour Name	 * IE, plus at least another MIN_IE_LEN bytes for the IE header of a
*5113495bSYour Name	 * fragment (if present) that would come just after the current IE.
*5113495bSYour Name	 */
*5113495bSYour Name	if ((currie + MIN_IE_LEN + currie[TAG_LEN_POS] + MIN_IE_LEN) >
*5113495bSYour Name			(frame + len))
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	nextie = currie + currie[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name	/* Check whether there is sufficient space in the frame for the next IE
*5113495bSYour Name	 */
*5113495bSYour Name	if ((nextie + MIN_IE_LEN + nextie[TAG_LEN_POS]) > (frame + len))
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	if (nextie[ID_POS] != WLAN_ELEMID_FRAGMENT)
*5113495bSYour Name		return NULL;
*5113495bSYour Name
*5113495bSYour Name	return nextie;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour NameQDF_STATUS util_parse_partner_info_from_linkinfo(uint8_t *linkinfo,
*5113495bSYour Name						 qdf_size_t linkinfo_len,
*5113495bSYour Name						 struct mlo_partner_info *partner_info)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t linkid;
*5113495bSYour Name	struct qdf_mac_addr macaddr;
*5113495bSYour Name	struct mlo_nstr_info nstr_info = {0};
*5113495bSYour Name	bool is_macaddr_valid;
*5113495bSYour Name	uint8_t *linkinfo_currpos;
*5113495bSYour Name	qdf_size_t linkinfo_remlen;
*5113495bSYour Name	bool is_subelemfragseq;
*5113495bSYour Name	uint8_t subelemid;
*5113495bSYour Name	qdf_size_t subelemseqtotallen;
*5113495bSYour Name	qdf_size_t subelemseqpayloadlen;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name	bool is_nstrlp_present = false;
*5113495bSYour Name
*5113495bSYour Name	/* This helper function parses partner info from the per-STA profiles
*5113495bSYour Name	 * present (if any) in the Link Info field in the payload of a Multi
*5113495bSYour Name	 * Link element (after defragmentation if required). The caller should
*5113495bSYour Name	 * pass a copy of the payload so that inline defragmentation of
*5113495bSYour Name	 * subelements can be carried out if required. The subelement
*5113495bSYour Name	 * defragmentation (if applicable) in this Control Path helper is
*5113495bSYour Name	 * required for maintainability, accuracy and eliminating current and
*5113495bSYour Name	 * future per-field-access multi-level fragment boundary checks and
*5113495bSYour Name	 * adjustments, given the complex format of Multi Link elements. It is
*5113495bSYour Name	 * also most likely to be required mainly at the client side.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_err("linkinfo is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo_len) {
*5113495bSYour Name		mlo_err("linkinfo_len is zero");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!partner_info) {
*5113495bSYour Name		mlo_err("ML partner info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	partner_info->num_partner_links = 0;
*5113495bSYour Name	linkinfo_currpos = linkinfo;
*5113495bSYour Name	linkinfo_remlen = linkinfo_len;
*5113495bSYour Name
*5113495bSYour Name	while (linkinfo_remlen) {
*5113495bSYour Name		if (linkinfo_remlen <  sizeof(struct subelem_header)) {
*5113495bSYour Name			mlo_err_rl("Remaining length in link info %zu octets is smaller than subelement header length %zu octets",
*5113495bSYour Name				   linkinfo_remlen,
*5113495bSYour Name				   sizeof(struct subelem_header));
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		subelemid = linkinfo_currpos[ID_POS];
*5113495bSYour Name		is_subelemfragseq = false;
*5113495bSYour Name		subelemseqtotallen = 0;
*5113495bSYour Name		subelemseqpayloadlen = 0;
*5113495bSYour Name
*5113495bSYour Name		ret = wlan_get_subelem_fragseq_info(WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name						    linkinfo_currpos,
*5113495bSYour Name						    linkinfo_remlen,
*5113495bSYour Name						    &is_subelemfragseq,
*5113495bSYour Name						    &subelemseqtotallen,
*5113495bSYour Name						    &subelemseqpayloadlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			return ret;
*5113495bSYour Name
*5113495bSYour Name		if (is_subelemfragseq) {
*5113495bSYour Name			if (!subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Subelement fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Subelement fragment sequence found with payload len %zu",
*5113495bSYour Name				  subelemseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name			ret = wlan_defrag_subelem_fragseq(true,
*5113495bSYour Name							  WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name							  linkinfo_currpos,
*5113495bSYour Name							  linkinfo_remlen,
*5113495bSYour Name							  NULL,
*5113495bSYour Name							  0,
*5113495bSYour Name							  &defragpayload_len);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (defragpayload_len != subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Length of defragmented payload %zu octets is not equal to length of subelement fragment sequence payload %zu octets",
*5113495bSYour Name					   defragpayload_len,
*5113495bSYour Name					   subelemseqpayloadlen);
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			/* Adjust linkinfo_remlen to reflect removal of all
*5113495bSYour Name			 * subelement headers except the header of the lead
*5113495bSYour Name			 * subelement.
*5113495bSYour Name			 */
*5113495bSYour Name			linkinfo_remlen -= (subelemseqtotallen -
*5113495bSYour Name					    subelemseqpayloadlen -
*5113495bSYour Name					    sizeof(struct subelem_header));
*5113495bSYour Name		} else {
*5113495bSYour Name			if (linkinfo_remlen <
*5113495bSYour Name				(sizeof(struct subelem_header) +
*5113495bSYour Name				 linkinfo_currpos[TAG_LEN_POS])) {
*5113495bSYour Name				mlo_err_rl("Remaining length in link info %zu octets is smaller than total size of current subelement %zu octets",
*5113495bSYour Name					   linkinfo_remlen,
*5113495bSYour Name					   sizeof(struct subelem_header) +
*5113495bSYour Name					   linkinfo_currpos[TAG_LEN_POS]);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			subelemseqpayloadlen = linkinfo_currpos[TAG_LEN_POS];
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelemid == WLAN_ML_LINFO_SUBELEMID_PERSTAPROFILE) {
*5113495bSYour Name			is_macaddr_valid = false;
*5113495bSYour Name
*5113495bSYour Name			ret = util_parse_bvmlie_perstaprofile_stactrl(linkinfo_currpos +
*5113495bSYour Name								      sizeof(struct subelem_header),
*5113495bSYour Name								      subelemseqpayloadlen,
*5113495bSYour Name								      &linkid,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      &is_macaddr_valid,
*5113495bSYour Name								      &macaddr,
*5113495bSYour Name								      false,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      &nstr_info,
*5113495bSYour Name								      &is_nstrlp_present);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name				return ret;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			if (is_nstrlp_present) {
*5113495bSYour Name				if (partner_info->num_nstr_info_links >=
*5113495bSYour Name					QDF_ARRAY_SIZE(partner_info->nstr_info)) {
*5113495bSYour Name					mlo_err_rl("Insufficient size %zu of array for nstr link info",
*5113495bSYour Name						   QDF_ARRAY_SIZE(partner_info->nstr_info));
*5113495bSYour Name					return QDF_STATUS_E_NOMEM;
*5113495bSYour Name				}
*5113495bSYour Name				qdf_mem_copy(&partner_info->nstr_info[partner_info->num_nstr_info_links],
*5113495bSYour Name					     &nstr_info, sizeof(nstr_info));
*5113495bSYour Name				partner_info->num_nstr_info_links++;
*5113495bSYour Name				is_nstrlp_present = false;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			if (is_macaddr_valid) {
*5113495bSYour Name				if (partner_info->num_partner_links >=
*5113495bSYour Name					QDF_ARRAY_SIZE(partner_info->partner_link_info)) {
*5113495bSYour Name					mlo_err_rl("Insufficient size %zu of array for partner link info",
*5113495bSYour Name						   QDF_ARRAY_SIZE(partner_info->partner_link_info));
*5113495bSYour Name					return QDF_STATUS_E_NOMEM;
*5113495bSYour Name				}
*5113495bSYour Name
*5113495bSYour Name				partner_info->partner_link_info[partner_info->num_partner_links].link_id =
*5113495bSYour Name					linkid;
*5113495bSYour Name				qdf_mem_copy(&partner_info->partner_link_info[partner_info->num_partner_links].link_addr,
*5113495bSYour Name					     &macaddr,
*5113495bSYour Name					     sizeof(partner_info->partner_link_info[partner_info->num_partner_links].link_addr));
*5113495bSYour Name
*5113495bSYour Name				partner_info->num_partner_links++;
*5113495bSYour Name			} else {
*5113495bSYour Name				mlo_warn_rl("MAC address not found in STA Info field of per-STA profile with link ID %u",
*5113495bSYour Name					    linkid);
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		linkinfo_remlen -= (sizeof(struct subelem_header) +
*5113495bSYour Name				    subelemseqpayloadlen);
*5113495bSYour Name		linkinfo_currpos += (sizeof(struct subelem_header) +
*5113495bSYour Name				     subelemseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Number of ML partner links found=%u",
*5113495bSYour Name		  partner_info->num_partner_links);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_probereq_info_from_linkinfo(uint8_t *linkinfo,
*5113495bSYour Name				       qdf_size_t linkinfo_len,
*5113495bSYour Name				       struct mlo_probereq_info *probereq_info)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t linkid;
*5113495bSYour Name	uint8_t *linkinfo_currpos;
*5113495bSYour Name	qdf_size_t linkinfo_remlen;
*5113495bSYour Name	bool is_subelemfragseq;
*5113495bSYour Name	uint8_t subelemid;
*5113495bSYour Name	qdf_size_t subelemseqtotallen;
*5113495bSYour Name	qdf_size_t subelemseqpayloadlen;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	/* This helper function parses probe request info from the per-STA prof
*5113495bSYour Name	 * present (if any) in the Link Info field in the payload of a Multi
*5113495bSYour Name	 * Link element (after defragmentation if required). The caller should
*5113495bSYour Name	 * pass a copy of the payload so that inline defragmentation of
*5113495bSYour Name	 * subelements can be carried out if required. The subelement
*5113495bSYour Name	 * defragmentation (if applicable) in this Control Path helper is
*5113495bSYour Name	 * required for maintainability, accuracy and eliminating current and
*5113495bSYour Name	 * future per-field-access multi-level fragment boundary checks and
*5113495bSYour Name	 * adjustments, given the complex format of Multi Link elements. It is
*5113495bSYour Name	 * also most likely to be required mainly at the client side.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_err("linkinfo is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo_len) {
*5113495bSYour Name		mlo_err("linkinfo_len is zero");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!probereq_info) {
*5113495bSYour Name		mlo_err("ML probe req info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	probereq_info->num_links = 0;
*5113495bSYour Name	linkinfo_currpos = linkinfo;
*5113495bSYour Name	linkinfo_remlen = linkinfo_len;
*5113495bSYour Name
*5113495bSYour Name	while (linkinfo_remlen) {
*5113495bSYour Name		if (linkinfo_remlen <  sizeof(struct subelem_header)) {
*5113495bSYour Name			mlo_err_rl("Remaining length in link info %zu octets is smaller than subelement header length %zu octets",
*5113495bSYour Name				   linkinfo_remlen,
*5113495bSYour Name				   sizeof(struct subelem_header));
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		subelemid = linkinfo_currpos[ID_POS];
*5113495bSYour Name		is_subelemfragseq = false;
*5113495bSYour Name		subelemseqtotallen = 0;
*5113495bSYour Name		subelemseqpayloadlen = 0;
*5113495bSYour Name
*5113495bSYour Name		ret = wlan_get_subelem_fragseq_info(WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name						    linkinfo_currpos,
*5113495bSYour Name						    linkinfo_remlen,
*5113495bSYour Name						    &is_subelemfragseq,
*5113495bSYour Name						    &subelemseqtotallen,
*5113495bSYour Name						    &subelemseqpayloadlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			return ret;
*5113495bSYour Name
*5113495bSYour Name		if (is_subelemfragseq) {
*5113495bSYour Name			if (!subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Subelement fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Subelement fragment sequence found with payload len %zu",
*5113495bSYour Name				  subelemseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name			ret = wlan_defrag_subelem_fragseq(true,
*5113495bSYour Name							  WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name							  linkinfo_currpos,
*5113495bSYour Name							  linkinfo_remlen,
*5113495bSYour Name							  NULL,
*5113495bSYour Name							  0,
*5113495bSYour Name							  &defragpayload_len);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (defragpayload_len != subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Length of defragmented payload %zu octets is not equal to length of subelement fragment sequence payload %zu octets",
*5113495bSYour Name					   defragpayload_len,
*5113495bSYour Name					   subelemseqpayloadlen);
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			/* Adjust linkinfo_remlen to reflect removal of all
*5113495bSYour Name			 * subelement headers except the header of the lead
*5113495bSYour Name			 * subelement.
*5113495bSYour Name			 */
*5113495bSYour Name			linkinfo_remlen -= (subelemseqtotallen -
*5113495bSYour Name					    subelemseqpayloadlen -
*5113495bSYour Name					    sizeof(struct subelem_header));
*5113495bSYour Name		} else {
*5113495bSYour Name			if (linkinfo_remlen <
*5113495bSYour Name				(sizeof(struct subelem_header) +
*5113495bSYour Name				 linkinfo_currpos[TAG_LEN_POS])) {
*5113495bSYour Name				mlo_err_rl("Remaining length in link info %zu octets is smaller than total size of current subelement %zu octets",
*5113495bSYour Name					   linkinfo_remlen,
*5113495bSYour Name					   sizeof(struct subelem_header) +
*5113495bSYour Name					   linkinfo_currpos[TAG_LEN_POS]);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			subelemseqpayloadlen = linkinfo_currpos[TAG_LEN_POS];
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelemid == WLAN_ML_LINFO_SUBELEMID_PERSTAPROFILE) {
*5113495bSYour Name			ret = util_parse_prvmlie_perstaprofile_stactrl(linkinfo_currpos +
*5113495bSYour Name								      sizeof(struct subelem_header),
*5113495bSYour Name								      subelemseqpayloadlen,
*5113495bSYour Name								      &linkid,
*5113495bSYour Name								      false,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (probereq_info->num_links >=
*5113495bSYour Name				QDF_ARRAY_SIZE(probereq_info->link_id)) {
*5113495bSYour Name				mlo_err_rl("Insufficient size %zu of array for probe req link id",
*5113495bSYour Name					   QDF_ARRAY_SIZE(probereq_info->link_id));
*5113495bSYour Name				return QDF_STATUS_E_NOMEM;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			probereq_info->link_id[probereq_info->num_links] = linkid;
*5113495bSYour Name
*5113495bSYour Name			probereq_info->num_links++;
*5113495bSYour Name			mlo_debug("LINK ID requested is = %u", linkid);
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		linkinfo_remlen -= (sizeof(struct subelem_header) +
*5113495bSYour Name				    subelemseqpayloadlen);
*5113495bSYour Name		linkinfo_currpos += (sizeof(struct subelem_header) +
*5113495bSYour Name				     subelemseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Number of ML probe request links found=%u",
*5113495bSYour Name		  probereq_info->num_links);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour NameQDF_STATUS util_get_noninheritlists(uint8_t *buff, qdf_size_t buff_len,
*5113495bSYour Name				    uint8_t **ninherit_elemlist,
*5113495bSYour Name				    qdf_size_t *ninherit_elemlist_len,
*5113495bSYour Name				    uint8_t **ninherit_elemextlist,
*5113495bSYour Name				    qdf_size_t *ninherit_elemextlist_len)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t *ninherit_ie;
*5113495bSYour Name	qdf_size_t unparsed_len;
*5113495bSYour Name
*5113495bSYour Name	/* Note: This functionality provided by this helper may be combined with
*5113495bSYour Name	 * other, older non-inheritance parsing helper functionality and exposed
*5113495bSYour Name	 * as a common API as part of future efforts once the older
*5113495bSYour Name	 * functionality can be made generic.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!buff) {
*5113495bSYour Name		mlo_err("Pointer to buffer for IEs is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!buff_len) {
*5113495bSYour Name		mlo_err("IE buffer length is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!ninherit_elemlist) {
*5113495bSYour Name		mlo_err("Pointer to Non-Inheritance element ID list array is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!ninherit_elemlist_len) {
*5113495bSYour Name		mlo_err("Pointer to Non-Inheritance element ID list array length is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!ninherit_elemextlist) {
*5113495bSYour Name		mlo_err("Pointer to Non-Inheritance element ID extension list array is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!ninherit_elemextlist_len) {
*5113495bSYour Name		mlo_err("Pointer to Non-Inheritance element ID extension list array length is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	ninherit_ie = NULL;
*5113495bSYour Name	*ninherit_elemlist_len = 0;
*5113495bSYour Name	*ninherit_elemlist = NULL;
*5113495bSYour Name	*ninherit_elemextlist_len = 0;
*5113495bSYour Name	*ninherit_elemextlist = NULL;
*5113495bSYour Name
*5113495bSYour Name	ninherit_ie =
*5113495bSYour Name		(uint8_t *)util_find_extn_eid(WLAN_ELEMID_EXTN_ELEM,
*5113495bSYour Name					      WLAN_EXTN_ELEMID_NONINHERITANCE,
*5113495bSYour Name					      buff,
*5113495bSYour Name					      buff_len);
*5113495bSYour Name
*5113495bSYour Name	if (ninherit_ie) {
*5113495bSYour Name		if ((ninherit_ie + TAG_LEN_POS) > (buff + buff_len - 1)) {
*5113495bSYour Name			mlo_err_rl("Position of length field of Non-Inheritance element would exceed IE buffer boundary");
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if ((ninherit_ie + ninherit_ie[TAG_LEN_POS] + MIN_IE_LEN) >
*5113495bSYour Name				(buff + buff_len)) {
*5113495bSYour Name			mlo_err_rl("Non-Inheritance element with total length %u would exceed IE buffer boundary",
*5113495bSYour Name				   ninherit_ie[TAG_LEN_POS] + MIN_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if ((ninherit_ie[TAG_LEN_POS] + MIN_IE_LEN) <
*5113495bSYour Name				MIN_NONINHERITANCEELEM_LEN) {
*5113495bSYour Name			mlo_err_rl("Non-Inheritance element size %u is smaller than the minimum required %u",
*5113495bSYour Name				   ninherit_ie[TAG_LEN_POS] + MIN_IE_LEN,
*5113495bSYour Name				   MIN_NONINHERITANCEELEM_LEN);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Track the number of unparsed octets, excluding the IE header.
*5113495bSYour Name		 */
*5113495bSYour Name		unparsed_len = ninherit_ie[TAG_LEN_POS];
*5113495bSYour Name
*5113495bSYour Name		/* Mark the element ID extension as parsed */
*5113495bSYour Name		unparsed_len--;
*5113495bSYour Name
*5113495bSYour Name		*ninherit_elemlist_len = ninherit_ie[ELEM_ID_LIST_LEN_POS];
*5113495bSYour Name		unparsed_len--;
*5113495bSYour Name
*5113495bSYour Name		/* While checking if the Non-Inheritance element ID list length
*5113495bSYour Name		 * exceeds the remaining unparsed IE space, we factor in one
*5113495bSYour Name		 * octet for the element extension ID list length and subtract
*5113495bSYour Name		 * this from the unparsed IE space.
*5113495bSYour Name		 */
*5113495bSYour Name		if (*ninherit_elemlist_len > (unparsed_len - 1)) {
*5113495bSYour Name			mlo_err_rl("Non-Inheritance element ID list length %zu exceeds remaining unparsed IE space, minus an octet for element extension ID list length %zu",
*5113495bSYour Name				   *ninherit_elemlist_len, unparsed_len - 1);
*5113495bSYour Name
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (*ninherit_elemlist_len != 0) {
*5113495bSYour Name			*ninherit_elemlist = ninherit_ie + ELEM_ID_LIST_POS;
*5113495bSYour Name			unparsed_len -= *ninherit_elemlist_len;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		*ninherit_elemextlist_len =
*5113495bSYour Name			ninherit_ie[ELEM_ID_LIST_LEN_POS + *ninherit_elemlist_len + 1];
*5113495bSYour Name		unparsed_len--;
*5113495bSYour Name
*5113495bSYour Name		if (*ninherit_elemextlist_len > unparsed_len) {
*5113495bSYour Name			mlo_err_rl("Non-Inheritance element ID extension list length %zu exceeds remaining unparsed IE space %zu",
*5113495bSYour Name				   *ninherit_elemextlist_len, unparsed_len);
*5113495bSYour Name
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (*ninherit_elemextlist_len != 0) {
*5113495bSYour Name			*ninherit_elemextlist = ninherit_ie +
*5113495bSYour Name				ELEM_ID_LIST_LEN_POS + (*ninherit_elemlist_len)
*5113495bSYour Name				+ 2;
*5113495bSYour Name			unparsed_len -= *ninherit_elemextlist_len;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (unparsed_len > 0) {
*5113495bSYour Name			mlo_err_rl("Unparsed length is %zu, expected 0",
*5113495bSYour Name				   unparsed_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* If Non-Inheritance element is not found, we still return success,
*5113495bSYour Name	 * with the list lengths kept at zero.
*5113495bSYour Name	 */
*5113495bSYour Name	mlo_debug("Non-Inheritance element ID list array length=%zu",
*5113495bSYour Name		  *ninherit_elemlist_len);
*5113495bSYour Name	mlo_debug("Non-Inheritance element ID extension list array length=%zu",
*5113495bSYour Name		  *ninherit_elemextlist_len);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour NameQDF_STATUS util_eval_ie_in_noninheritlist(uint8_t *ie, qdf_size_t total_ie_len,
*5113495bSYour Name					  uint8_t *ninherit_elemlist,
*5113495bSYour Name					  qdf_size_t ninherit_elemlist_len,
*5113495bSYour Name					  uint8_t *ninherit_elemextlist,
*5113495bSYour Name					  qdf_size_t ninherit_elemextlist_len,
*5113495bSYour Name					  bool *is_in_noninheritlist)
*5113495bSYour Name{
*5113495bSYour Name	int i;
*5113495bSYour Name
*5113495bSYour Name	/* Evaluate whether the given IE is in the given Non-Inheritance element
*5113495bSYour Name	 * ID list or Non-Inheritance element ID extension list, and update the
*5113495bSYour Name	 * result into is_in_noninheritlist. If any list is empty, then the IE
*5113495bSYour Name	 * is considered to not be present in that list. Both lists can be
*5113495bSYour Name	 * empty.
*5113495bSYour Name	 *
*5113495bSYour Name	 * If QDF_STATUS_SUCCESS is returned, it means that the evaluation is
*5113495bSYour Name	 * successful, and that is_in_noninheritlist contains a valid value
*5113495bSYour Name	 * (which could be true or false). If a QDF_STATUS error value is
*5113495bSYour Name	 * returned, the value in is_in_noninheritlist is invalid and the caller
*5113495bSYour Name	 * should ignore it.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	/* Note: The functionality provided by this helper may be combined with
*5113495bSYour Name	 * other, older non-inheritance parsing helper functionality and exposed
*5113495bSYour Name	 * as a common API as part of future efforts once the older
*5113495bSYour Name	 * functionality can be made generic.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	/* Except for is_in_noninheritlist and ie, other pointer arguments are
*5113495bSYour Name	 * permitted to be NULL if they are inapplicable. If they are
*5113495bSYour Name	 * applicable, they will be checked to ensure they are not NULL.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	if (!is_in_noninheritlist) {
*5113495bSYour Name		mlo_err("NULL pointer to flag that indicates if element is in a Non-Inheritance list");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* If ninherit_elemlist_len and ninherit_elemextlist_len are both zero
*5113495bSYour Name	 * as checked soon in this function, we won't be accessing the IE.
*5113495bSYour Name	 * However, we still check right-away if the pointer to the IE is
*5113495bSYour Name	 * non-NULL and whether the total IE length is sane enough to access the
*5113495bSYour Name	 * element ID and if applicable, the element ID extension, since it
*5113495bSYour Name	 * doesn't make sense to set the flag in is_in_noninheritlist for a NULL
*5113495bSYour Name	 * IE pointer or an IE whose total length is not sane enough to
*5113495bSYour Name	 * distinguish the identity of the IE.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!ie) {
*5113495bSYour Name		mlo_err("NULL pointer to IE");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (total_ie_len < (ID_POS + 1)) {
*5113495bSYour Name		mlo_err("Total IE length %zu is smaller than minimum required to access element ID %u",
*5113495bSYour Name			total_ie_len, ID_POS + 1);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name	    (total_ie_len < (IDEXT_POS + 1))) {
*5113495bSYour Name		mlo_err("Total IE length %zu is smaller than minimum required to access element ID extension %u",
*5113495bSYour Name			total_ie_len, IDEXT_POS + 1);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	*is_in_noninheritlist = false;
*5113495bSYour Name
*5113495bSYour Name	/* If both the Non-Inheritance element list and Non-Inheritance element
*5113495bSYour Name	 * ID extension list are empty, then return success since we can
*5113495bSYour Name	 * conclude immediately that the given element does not occur in any
*5113495bSYour Name	 * Non-Inheritance list. The is_in_noninheritlist remains set to false
*5113495bSYour Name	 * as required.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!ninherit_elemlist_len && !ninherit_elemextlist_len)
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name	if (ie[ID_POS] != WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name		if (!ninherit_elemlist_len)
*5113495bSYour Name			return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name		if (!ninherit_elemlist) {
*5113495bSYour Name			mlo_err("NULL pointer to Non-Inheritance element ID list though length of element ID list is %zu",
*5113495bSYour Name				ninherit_elemlist_len);
*5113495bSYour Name			return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		for (i = 0; i < ninherit_elemlist_len; i++) {
*5113495bSYour Name			if (ie[ID_POS] == ninherit_elemlist[i]) {
*5113495bSYour Name				*is_in_noninheritlist = true;
*5113495bSYour Name				return QDF_STATUS_SUCCESS;
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		if (!ninherit_elemextlist_len)
*5113495bSYour Name			return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name		if (!ninherit_elemextlist) {
*5113495bSYour Name			mlo_err("NULL pointer to Non-Inheritance element ID extension list though length of element ID extension list is %zu",
*5113495bSYour Name				ninherit_elemextlist_len);
*5113495bSYour Name			return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		for (i = 0; i < ninherit_elemextlist_len; i++) {
*5113495bSYour Name			if (ie[IDEXT_POS] == ninherit_elemextlist[i]) {
*5113495bSYour Name				*is_in_noninheritlist = true;
*5113495bSYour Name				return QDF_STATUS_SUCCESS;
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Name#if defined (SAP_MULTI_LINK_EMULATION)
*5113495bSYour Namestatic inline
*5113495bSYour NameQDF_STATUS util_validate_reportingsta_ie(const uint8_t *reportingsta_ie,
*5113495bSYour Name					 const uint8_t *frame_iesection,
*5113495bSYour Name					 const qdf_size_t frame_iesection_len)
*5113495bSYour Name{
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name#else
*5113495bSYour Namestatic inline
*5113495bSYour NameQDF_STATUS util_validate_reportingsta_ie(const uint8_t *reportingsta_ie,
*5113495bSYour Name					 const uint8_t *frame_iesection,
*5113495bSYour Name					 const qdf_size_t frame_iesection_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t reportingsta_ie_size;
*5113495bSYour Name
*5113495bSYour Name	if (!reportingsta_ie) {
*5113495bSYour Name		mlo_err("Pointer to reporting STA IE is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!frame_iesection) {
*5113495bSYour Name		mlo_err("Pointer to start of IE section in reporting frame is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!frame_iesection_len) {
*5113495bSYour Name		mlo_err("Length of IE section in reporting frame is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie + ID_POS) > (frame_iesection +
*5113495bSYour Name			frame_iesection_len - 1)) {
*5113495bSYour Name		mlo_err_rl("Position of element ID field of element for reporting STA would exceed frame IE section boundary");
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie + TAG_LEN_POS) > (frame_iesection +
*5113495bSYour Name			frame_iesection_len - 1)) {
*5113495bSYour Name		mlo_err_rl("Position of length field of element with element ID %u for reporting STA would exceed frame IE section boundary",
*5113495bSYour Name			   reportingsta_ie[ID_POS]);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name	    ((reportingsta_ie + IDEXT_POS) > (frame_iesection +
*5113495bSYour Name				frame_iesection_len - 1))) {
*5113495bSYour Name		mlo_err_rl("Position of element ID extension field of element would exceed frame IE section boundary");
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	reportingsta_ie_size = reportingsta_ie[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name	    (reportingsta_ie_size < (IDEXT_POS + 1))) {
*5113495bSYour Name		mlo_err_rl("Total length %zu of element for reporting STA is smaller than minimum required to access element ID extension %u",
*5113495bSYour Name			   reportingsta_ie_size, IDEXT_POS + 1);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie[ID_POS] == WLAN_ELEMID_VENDOR) &&
*5113495bSYour Name	    (reportingsta_ie_size < (PAYLOAD_START_POS + OUI_LEN))) {
*5113495bSYour Name		mlo_err_rl("Total length %zu of element for reporting STA is smaller than minimum required to access vendor EID %u",
*5113495bSYour Name			   reportingsta_ie_size, PAYLOAD_START_POS + OUI_LEN);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((reportingsta_ie + reportingsta_ie_size) >
*5113495bSYour Name			(frame_iesection + frame_iesection_len)) {
*5113495bSYour Name		if (reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name			mlo_err_rl("Total size %zu octets of element with element ID %u element ID extension %u for reporting STA would exceed frame IE section boundary",
*5113495bSYour Name				   reportingsta_ie_size,
*5113495bSYour Name				   reportingsta_ie[ID_POS],
*5113495bSYour Name				   reportingsta_ie[IDEXT_POS]);
*5113495bSYour Name		} else {
*5113495bSYour Name			mlo_err_rl("Total size %zu octets of element with element ID %u for reporting STA would exceed frame IE section boundary",
*5113495bSYour Name				   reportingsta_ie_size,
*5113495bSYour Name				   reportingsta_ie[ID_POS]);
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name#endif
*5113495bSYour Name
*5113495bSYour Namestatic inline
*5113495bSYour NameQDF_STATUS util_validate_sta_prof_ie(const uint8_t *sta_prof_ie,
*5113495bSYour Name				     const uint8_t *sta_prof_iesection,
*5113495bSYour Name				     const qdf_size_t sta_prof_iesection_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t sta_prof_ie_size;
*5113495bSYour Name
*5113495bSYour Name	if (!sta_prof_ie) {
*5113495bSYour Name		mlo_err("Pointer to STA profile IE is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!sta_prof_iesection) {
*5113495bSYour Name		mlo_err("Pointer to start of IE section in STA profile is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!sta_prof_iesection_len) {
*5113495bSYour Name		mlo_err("Length of IE section in STA profile is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((sta_prof_ie + ID_POS) > (sta_prof_iesection +
*5113495bSYour Name			sta_prof_iesection_len - 1)) {
*5113495bSYour Name		mlo_err_rl("Position of element ID field of STA profile element would exceed STA profile IE section boundary");
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((sta_prof_ie + TAG_LEN_POS) > (sta_prof_iesection +
*5113495bSYour Name			sta_prof_iesection_len - 1)) {
*5113495bSYour Name		mlo_err_rl("Position of length field of element with element ID %u in STA profile would exceed STA profile IE section boundary",
*5113495bSYour Name			   sta_prof_ie[ID_POS]);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((sta_prof_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name	    ((sta_prof_ie + IDEXT_POS) > (sta_prof_iesection +
*5113495bSYour Name				sta_prof_iesection_len - 1))) {
*5113495bSYour Name		mlo_err_rl("Position of element ID extension field of element would exceed STA profile IE section boundary");
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	sta_prof_ie_size = sta_prof_ie[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name	if ((sta_prof_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name	    (sta_prof_ie_size < (IDEXT_POS + 1))) {
*5113495bSYour Name		mlo_err_rl("Total length %zu of STA profile element is smaller than minimum required to access element ID extension %u",
*5113495bSYour Name			   sta_prof_ie_size, IDEXT_POS + 1);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((sta_prof_ie + sta_prof_ie_size) >
*5113495bSYour Name			(sta_prof_iesection + sta_prof_iesection_len)) {
*5113495bSYour Name		if (sta_prof_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name			mlo_err_rl("Total size %zu octets of element with element ID %u element ID extension %u in STA profile would exceed STA profile IE section boundary",
*5113495bSYour Name				   sta_prof_ie_size,
*5113495bSYour Name				   sta_prof_ie[ID_POS],
*5113495bSYour Name				   sta_prof_ie[IDEXT_POS]);
*5113495bSYour Name		} else {
*5113495bSYour Name			mlo_err_rl("Total size %zu octets of element with element ID %u in STA profile would exceed STA profile IE section boundary",
*5113495bSYour Name				   sta_prof_ie_size,
*5113495bSYour Name				   sta_prof_ie[ID_POS]);
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Name#ifdef CONN_MGR_ADV_FEATURE
*5113495bSYour Name/**
*5113495bSYour Name * util_add_mlie_for_prb_rsp_gen - Add the basic variant Multi-Link element
*5113495bSYour Name * when generating link specific probe response.
*5113495bSYour Name * @reportingsta_ie: Pointer to the reportingsta ie
*5113495bSYour Name * @reportingsta_ie_len: Length for reporting sta ie
*5113495bSYour Name * @plink_frame_currpos: Pointer to Link frame current pos
*5113495bSYour Name * @plink_frame_currlen: Current length of link frame.
*5113495bSYour Name * @link_frame_maxsize: Maximum size of the frame to be generated
*5113495bSYour Name * @linkid: Link Id value
*5113495bSYour Name *
*5113495bSYour Name * Add the basic variant Multi-Link element when
*5113495bSYour Name * generating link specific probe response.
*5113495bSYour Name *
*5113495bSYour Name * Return: QDF_STATUS_SUCCESS in the case of success, QDF_STATUS value giving
*5113495bSYour Name * the reason for error in the case of failure
*5113495bSYour Name */
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_add_mlie_for_prb_rsp_gen(const uint8_t *reportingsta_ie,
*5113495bSYour Name			      qdf_size_t reportingsta_ie_len,
*5113495bSYour Name			      uint8_t **plink_frame_currpos,
*5113495bSYour Name			      qdf_size_t *plink_frame_currlen,
*5113495bSYour Name			      qdf_size_t link_frame_maxsize,
*5113495bSYour Name			      uint8_t linkid)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t mlie_len = 0;
*5113495bSYour Name	uint8_t common_info_len = 0;
*5113495bSYour Name	struct wlan_ie_multilink ml_ie_ff;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebm;
*5113495bSYour Name	uint8_t *mlie_frame = NULL;
*5113495bSYour Name	uint8_t link_id_offset = sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name				QDF_MAC_ADDR_SIZE +
*5113495bSYour Name				WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name	uint8_t *link_frame_currpos = *plink_frame_currpos;
*5113495bSYour Name	qdf_size_t link_frame_currlen = *plink_frame_currlen;
*5113495bSYour Name	QDF_STATUS status = QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name	status = util_get_mlie_common_info_len((uint8_t *)reportingsta_ie,
*5113495bSYour Name					       reportingsta_ie_len,
*5113495bSYour Name					       &common_info_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(status) ||
*5113495bSYour Name	    common_info_len > reportingsta_ie_len ||
*5113495bSYour Name	    (reportingsta_ie_len - common_info_len <
*5113495bSYour Name	     sizeof(struct wlan_ie_multilink))) {
*5113495bSYour Name		mlo_err("Failed to parse common info, mlie len %d common info len %d",
*5113495bSYour Name			reportingsta_ie_len, common_info_len);
*5113495bSYour Name		return status;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* common info len + bvmlie fixed fields */
*5113495bSYour Name	mlie_len = common_info_len + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name
*5113495bSYour Name	mlo_debug_rl("mlie_len %d, common_info_len %d, link_id_offset %d",
*5113495bSYour Name		     mlie_len,
*5113495bSYour Name		     common_info_len,
*5113495bSYour Name		     link_id_offset);
*5113495bSYour Name
*5113495bSYour Name	/*
*5113495bSYour Name	 * Validate the buffer available before copying ML IE.
*5113495bSYour Name	 * Incase if mlie_len is modified at later place, move this validation
*5113495bSYour Name	 * there to make sure no buffer overflow happens.
*5113495bSYour Name	 */
*5113495bSYour Name	if ((link_frame_maxsize - link_frame_currlen) < mlie_len) {
*5113495bSYour Name		mlo_err("Insufficient space in link specific frame for ML IE. Required: %u octets, available: %zu octets",
*5113495bSYour Name			mlie_len, (link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlie_frame = qdf_mem_malloc(mlie_len);
*5113495bSYour Name	if (!mlie_frame)
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name
*5113495bSYour Name	/* Copy ml ie fixed fields */
*5113495bSYour Name	qdf_mem_copy(&ml_ie_ff,
*5113495bSYour Name		     reportingsta_ie,
*5113495bSYour Name		     sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	ml_ie_ff.elem_len = mlie_len - sizeof(struct ie_header);
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(ml_ie_ff.mlcontrol);
*5113495bSYour Name	presencebm = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				  WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name	qdf_set_bit(WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P,
*5113495bSYour Name		    (unsigned long *)&presencebm);
*5113495bSYour Name
*5113495bSYour Name	QDF_SET_BITS(ml_ie_ff.mlcontrol,
*5113495bSYour Name		     WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name		     WLAN_ML_CTRL_PBM_BITS,
*5113495bSYour Name		     presencebm);
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(mlie_frame,
*5113495bSYour Name		     &ml_ie_ff,
*5113495bSYour Name		     sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(mlie_frame + sizeof(struct wlan_ie_multilink),
*5113495bSYour Name		     reportingsta_ie + sizeof(struct wlan_ie_multilink),
*5113495bSYour Name		     mlie_len - sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	if (linkid == 0xFF || mlie_len <= link_id_offset) {
*5113495bSYour Name		qdf_mem_free(mlie_frame);
*5113495bSYour Name		mlo_err("Failed to process link id, link_id %d", linkid);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name	mlie_frame[link_id_offset] = (mlie_frame[link_id_offset] & ~0x0f) |
*5113495bSYour Name				   (linkid & 0x0f);
*5113495bSYour Name	qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name		     mlie_frame,
*5113495bSYour Name		     mlie_len);
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Add mlie for link id %d", linkid);
*5113495bSYour Name	QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG,
*5113495bSYour Name			   mlie_frame, mlie_len);
*5113495bSYour Name
*5113495bSYour Name	link_frame_currpos += mlie_len;
*5113495bSYour Name	link_frame_currlen += mlie_len;
*5113495bSYour Name	*plink_frame_currpos = link_frame_currpos;
*5113495bSYour Name	*plink_frame_currlen = link_frame_currlen;
*5113495bSYour Name	qdf_mem_free(mlie_frame);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name#else
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_add_mlie_for_prb_rsp_gen(const uint8_t *reportingsta_ie,
*5113495bSYour Name			      qdf_size_t reportingsta_ie_len,
*5113495bSYour Name			      uint8_t **plink_frame_currpos,
*5113495bSYour Name			      qdf_size_t *plink_frame_currlen,
*5113495bSYour Name			      qdf_size_t link_frame_maxsize,
*5113495bSYour Name			      uint8_t linkid)
*5113495bSYour Name{
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name#endif
*5113495bSYour Name
*5113495bSYour Name/**
*5113495bSYour Name * util_find_bvmlie_persta_prof_for_linkid() - get per sta profile per link id
*5113495bSYour Name * @req_link_id: link id
*5113495bSYour Name * @linkinfo: the pointer of link info
*5113495bSYour Name * @linkinfo_len: the length of link info
*5113495bSYour Name * @persta_prof_frame: the pointer to store the address of sta profile
*5113495bSYour Name * @persta_prof_len: the sta profile length
*5113495bSYour Name *
*5113495bSYour Name * This helper function parses partner info from the per-STA profiles
*5113495bSYour Name * present (if any) in the Link Info field in the payload of a Multi
*5113495bSYour Name * Link element (after defragmentation if required). The caller should
*5113495bSYour Name * pass a copy of the payload so that inline defragmentation of
*5113495bSYour Name * subelements can be carried out if required. The subelement
*5113495bSYour Name * defragmentation (if applicable) in this Control Path helper is
*5113495bSYour Name * required for maintainability, accuracy and eliminating current and
*5113495bSYour Name * future per-field-access multi-level fragment boundary checks and
*5113495bSYour Name * adjustments, given the complex format of Multi Link elements. It is
*5113495bSYour Name * also most likely to be required mainly at the client side.
*5113495bSYour Name *
*5113495bSYour Name * Return: QDF_STATUS
*5113495bSYour Name */
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_find_bvmlie_persta_prof_for_linkid(uint8_t req_link_id,
*5113495bSYour Name					uint8_t *linkinfo,
*5113495bSYour Name					qdf_size_t linkinfo_len,
*5113495bSYour Name					uint8_t **persta_prof_frame,
*5113495bSYour Name					qdf_size_t *persta_prof_len)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t linkid;
*5113495bSYour Name	struct qdf_mac_addr macaddr;
*5113495bSYour Name	bool is_macaddr_valid;
*5113495bSYour Name	uint8_t *linkinfo_currpos;
*5113495bSYour Name	qdf_size_t linkinfo_remlen;
*5113495bSYour Name	bool is_subelemfragseq;
*5113495bSYour Name	uint8_t subelemid;
*5113495bSYour Name	qdf_size_t subelemseqtotallen;
*5113495bSYour Name	qdf_size_t subelemseqpayloadlen;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_err("linkinfo is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo_len) {
*5113495bSYour Name		mlo_err("linkinfo_len is zero");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!persta_prof_frame) {
*5113495bSYour Name		mlo_err("Pointer to per-STA prof frame is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!persta_prof_len) {
*5113495bSYour Name		mlo_err("Length to per-STA prof frame is 0");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	linkinfo_currpos = linkinfo;
*5113495bSYour Name	linkinfo_remlen = linkinfo_len;
*5113495bSYour Name
*5113495bSYour Name	while (linkinfo_remlen) {
*5113495bSYour Name		if (linkinfo_remlen <  sizeof(struct subelem_header)) {
*5113495bSYour Name			mlo_err_rl("Remaining length in link info %zu octets is smaller than subelement header length %zu octets",
*5113495bSYour Name				   linkinfo_remlen,
*5113495bSYour Name				   sizeof(struct subelem_header));
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		subelemid = linkinfo_currpos[ID_POS];
*5113495bSYour Name		is_subelemfragseq = false;
*5113495bSYour Name		subelemseqtotallen = 0;
*5113495bSYour Name		subelemseqpayloadlen = 0;
*5113495bSYour Name
*5113495bSYour Name		ret = wlan_get_subelem_fragseq_info(WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name						    linkinfo_currpos,
*5113495bSYour Name						    linkinfo_remlen,
*5113495bSYour Name						    &is_subelemfragseq,
*5113495bSYour Name						    &subelemseqtotallen,
*5113495bSYour Name						    &subelemseqpayloadlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			return ret;
*5113495bSYour Name
*5113495bSYour Name		if (is_subelemfragseq) {
*5113495bSYour Name			if (!subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Subelement fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Subelement fragment sequence found with payload len %zu",
*5113495bSYour Name				  subelemseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name			ret = wlan_defrag_subelem_fragseq(true,
*5113495bSYour Name							  WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name							  linkinfo_currpos,
*5113495bSYour Name							  linkinfo_remlen,
*5113495bSYour Name							  NULL,
*5113495bSYour Name							  0,
*5113495bSYour Name							  &defragpayload_len);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (defragpayload_len != subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Length of defragmented payload %zu octets is not equal to length of subelement fragment sequence payload %zu octets",
*5113495bSYour Name					   defragpayload_len,
*5113495bSYour Name					   subelemseqpayloadlen);
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			/* Adjust linkinfo_remlen to reflect removal of all
*5113495bSYour Name			 * subelement headers except the header of the lead
*5113495bSYour Name			 * subelement.
*5113495bSYour Name			 */
*5113495bSYour Name			linkinfo_remlen -= (subelemseqtotallen -
*5113495bSYour Name					    subelemseqpayloadlen -
*5113495bSYour Name					    sizeof(struct subelem_header));
*5113495bSYour Name		} else {
*5113495bSYour Name			if (linkinfo_remlen <
*5113495bSYour Name				(sizeof(struct subelem_header) +
*5113495bSYour Name				 linkinfo_currpos[TAG_LEN_POS])) {
*5113495bSYour Name				mlo_err_rl("Remaining length in link info %zu octets is smaller than total size of current subelement %zu octets",
*5113495bSYour Name					   linkinfo_remlen,
*5113495bSYour Name					   sizeof(struct subelem_header) +
*5113495bSYour Name					   linkinfo_currpos[TAG_LEN_POS]);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			subelemseqpayloadlen = linkinfo_currpos[TAG_LEN_POS];
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelemid == WLAN_ML_LINFO_SUBELEMID_PERSTAPROFILE) {
*5113495bSYour Name			is_macaddr_valid = false;
*5113495bSYour Name
*5113495bSYour Name			ret = util_parse_bvmlie_perstaprofile_stactrl(linkinfo_currpos +
*5113495bSYour Name								      sizeof(struct subelem_header),
*5113495bSYour Name								      subelemseqpayloadlen,
*5113495bSYour Name								      &linkid,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      &is_macaddr_valid,
*5113495bSYour Name								      &macaddr,
*5113495bSYour Name								      false,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL,
*5113495bSYour Name								      NULL);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (req_link_id == linkid) {
*5113495bSYour Name				mlo_debug("Found requested per-STA prof for linkid %u, len %zu",
*5113495bSYour Name					  linkid, subelemseqpayloadlen);
*5113495bSYour Name				*persta_prof_frame = linkinfo_currpos;
*5113495bSYour Name				*persta_prof_len = subelemseqpayloadlen;
*5113495bSYour Name				return QDF_STATUS_SUCCESS;
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		linkinfo_remlen -= (sizeof(struct subelem_header) +
*5113495bSYour Name				    subelemseqpayloadlen);
*5113495bSYour Name		linkinfo_currpos += (sizeof(struct subelem_header) +
*5113495bSYour Name				     subelemseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_E_PROTO;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic
*5113495bSYour NameQDF_STATUS util_gen_link_reqrsp_cmn(uint8_t *frame, qdf_size_t frame_len,
*5113495bSYour Name				    uint8_t subtype,
*5113495bSYour Name				    uint8_t req_link_id,
*5113495bSYour Name				    struct qdf_mac_addr link_addr,
*5113495bSYour Name				    uint8_t *link_frame,
*5113495bSYour Name				    qdf_size_t link_frame_maxsize,
*5113495bSYour Name				    qdf_size_t *link_frame_len)
*5113495bSYour Name{
*5113495bSYour Name	/* Please see documentation for util_gen_link_assoc_req() and
*5113495bSYour Name	 * util_gen_link_assoc_resp() for information on the inputs to and
*5113495bSYour Name	 * output from this helper, since those APIs are essentially wrappers
*5113495bSYour Name	 * over this helper.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to Multi-Link element/Multi-Link element fragment sequence */
*5113495bSYour Name	uint8_t *mlieseq;
*5113495bSYour Name	/* Total length of Multi-Link element sequence (including fragments if
*5113495bSYour Name	 * any)
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t mlieseqlen;
*5113495bSYour Name	/* Variant (i.e. type) of the Multi-Link element */
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name
*5113495bSYour Name	/* Length of the payload of the Multi-Link element (inclusive of
*5113495bSYour Name	 * fragment payloads if any) without IE headers and element ID extension
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t mlieseqpayloadlen;
*5113495bSYour Name	/* Pointer to copy of the payload of the Multi-Link element (inclusive
*5113495bSYour Name	 * of fragment payloads if any) without IE headers and element ID
*5113495bSYour Name	 * extension
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *mlieseqpayload_copy;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to start of Link Info within the copy of the payload of the
*5113495bSYour Name	 * Multi-Link element
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *link_info;
*5113495bSYour Name	/* Length of the Link Info */
*5113495bSYour Name	qdf_size_t link_info_len;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to the IE section that occurs after the fixed fields in the
*5113495bSYour Name	 * original frame for the reporting STA.
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *frame_iesection;
*5113495bSYour Name	/* Offset to the start of the IE section in the original frame for the
*5113495bSYour Name	 * reporting STA.
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t frame_iesection_offset;
*5113495bSYour Name	/* Total length of the IE section in the original frame for the
*5113495bSYour Name	 * reporting STA.
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t frame_iesection_len;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to the IEEE802.11 frame header in the link specific frame
*5113495bSYour Name	 * being generated for the reported STA.
*5113495bSYour Name	 */
*5113495bSYour Name	struct wlan_frame_hdr *link_frame_hdr;
*5113495bSYour Name	/* Current position in the link specific frame being generated for the
*5113495bSYour Name	 * reported STA.
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *link_frame_currpos;
*5113495bSYour Name	/* Current length of the link specific frame being generated for the
*5113495bSYour Name	 * reported STA.
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t link_frame_currlen;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to IE for reporting STA */
*5113495bSYour Name	const uint8_t *reportingsta_ie;
*5113495bSYour Name	/* Total size of IE for reporting STA, inclusive of the element header
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t reportingsta_ie_size;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to current position in STA profile */
*5113495bSYour Name	uint8_t *sta_prof_currpos;
*5113495bSYour Name	/* Remaining length of STA profile */
*5113495bSYour Name	qdf_size_t sta_prof_remlen;
*5113495bSYour Name	/* Pointer to start of IE section in STA profile that occurs after fixed
*5113495bSYour Name	 * fields.
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *sta_prof_iesection;
*5113495bSYour Name	/* Total length of IE section in STA profile */
*5113495bSYour Name	qdf_size_t sta_prof_iesection_len;
*5113495bSYour Name	/* Pointer to current position being processed in IE section in STA
*5113495bSYour Name	 * profile.
*5113495bSYour Name	 */
*5113495bSYour Name	uint8_t *sta_prof_iesection_currpos;
*5113495bSYour Name	/* Remaining length of IE section in STA profile */
*5113495bSYour Name	qdf_size_t sta_prof_iesection_remlen;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to IE in STA profile, that occurs within IE section */
*5113495bSYour Name	uint8_t *sta_prof_ie;
*5113495bSYour Name	/* Total size of IE in STA profile, inclusive of the element header */
*5113495bSYour Name	qdf_size_t sta_prof_ie_size;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to element ID list in Non-Inheritance IE */
*5113495bSYour Name	uint8_t *ninherit_elemlist;
*5113495bSYour Name	/* Length of element ID list in Non-Inheritance IE */
*5113495bSYour Name	qdf_size_t ninherit_elemlist_len;
*5113495bSYour Name	/* Pointer to element ID extension list in Non-Inheritance IE */
*5113495bSYour Name	uint8_t *ninherit_elemextlist;
*5113495bSYour Name	/* Length of element ID extension list in Non-Inheritance IE */
*5113495bSYour Name	qdf_size_t ninherit_elemextlist_len;
*5113495bSYour Name	/* Whether a given IE is in a non-inheritance list */
*5113495bSYour Name	bool is_in_noninheritlist;
*5113495bSYour Name
*5113495bSYour Name	/* Whether MAC address of reported STA is valid */
*5113495bSYour Name	bool is_reportedmacaddr_valid;
*5113495bSYour Name	/* MAC address of reported STA */
*5113495bSYour Name	struct qdf_mac_addr reportedmacaddr;
*5113495bSYour Name
*5113495bSYour Name	/* Pointer to per-STA profile */
*5113495bSYour Name	uint8_t *persta_prof;
*5113495bSYour Name	/* Length of the containing buffer which starts with the per-STA profile
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t persta_prof_bufflen;
*5113495bSYour Name
*5113495bSYour Name	/* Other variables for temporary purposes */
*5113495bSYour Name
*5113495bSYour Name	/* Variable into which API for determining fragment information will
*5113495bSYour Name	 * indicate whether the element is the start of a fragment sequence or
*5113495bSYour Name	 * not.
*5113495bSYour Name	 */
*5113495bSYour Name	bool is_elemfragseq;
*5113495bSYour Name	/*  De-fragmented payload length returned by API for element
*5113495bSYour Name	 *  defragmentation.
*5113495bSYour Name	 */
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	/* Pointer to Beacon interval in STA info field */
*5113495bSYour Name	uint16_t beaconinterval;
*5113495bSYour Name	/* Whether Beacon interval value valid */
*5113495bSYour Name	bool is_beaconinterval_valid;
*5113495bSYour Name	/* TSF timer of the reporting AP */
*5113495bSYour Name	uint64_t tsf;
*5113495bSYour Name	/* TSF offset of the reproted AP */
*5113495bSYour Name	uint64_t tsfoffset;
*5113495bSYour Name	/* TSF offset value valid */
*5113495bSYour Name	bool is_tsfoffset_valid;
*5113495bSYour Name	/* If Complete Profile or not*/
*5113495bSYour Name	bool is_completeprofile;
*5113495bSYour Name	qdf_size_t tmplen;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name	uint8_t linkid = 0xFF;
*5113495bSYour Name
*5113495bSYour Name	if (!frame) {
*5113495bSYour Name		mlo_err("Pointer to original frame is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!frame_len) {
*5113495bSYour Name		mlo_err("Length of original frame is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if ((subtype != WLAN_FC0_STYPE_ASSOC_REQ) &&
*5113495bSYour Name	    (subtype != WLAN_FC0_STYPE_REASSOC_REQ) &&
*5113495bSYour Name	    (subtype != WLAN_FC0_STYPE_ASSOC_RESP) &&
*5113495bSYour Name	    (subtype != WLAN_FC0_STYPE_REASSOC_RESP) &&
*5113495bSYour Name	    (subtype != WLAN_FC0_STYPE_PROBE_RESP)) {
*5113495bSYour Name		mlo_err("802.11 frame subtype %u is invalid", subtype);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!link_frame) {
*5113495bSYour Name		mlo_err("Pointer to secondary link specific frame is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!link_frame_maxsize) {
*5113495bSYour Name		mlo_err("Maximum size of secondary link specific frame is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!link_frame_len) {
*5113495bSYour Name		mlo_err("Pointer to populated length of secondary link specific frame is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	frame_iesection_offset = 0;
*5113495bSYour Name
*5113495bSYour Name	if (subtype == WLAN_FC0_STYPE_ASSOC_REQ) {
*5113495bSYour Name		frame_iesection_offset = WLAN_ASSOC_REQ_IES_OFFSET;
*5113495bSYour Name	} else if (subtype == WLAN_FC0_STYPE_REASSOC_REQ) {
*5113495bSYour Name		frame_iesection_offset = WLAN_REASSOC_REQ_IES_OFFSET;
*5113495bSYour Name	} else if (subtype == WLAN_FC0_STYPE_PROBE_RESP) {
*5113495bSYour Name		frame_iesection_offset = WLAN_PROBE_RESP_IES_OFFSET;
*5113495bSYour Name		if (frame_len < WLAN_TIMESTAMP_LEN) {
*5113495bSYour Name			mlo_err("Frame length %zu is smaller than required timestamp length",
*5113495bSYour Name				frame_len);
*5113495bSYour Name			return QDF_STATUS_E_INVAL;
*5113495bSYour Name		}
*5113495bSYour Name		qdf_mem_copy(&tsf, frame, WLAN_TIMESTAMP_LEN);
*5113495bSYour Name		tsf = qdf_le64_to_cpu(tsf);
*5113495bSYour Name	} else {
*5113495bSYour Name		/* This is a (re)association response */
*5113495bSYour Name		frame_iesection_offset = WLAN_ASSOC_RSP_IES_OFFSET;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (frame_len < frame_iesection_offset) {
*5113495bSYour Name		/* The caller is supposed to have confirmed that this is a valid
*5113495bSYour Name		 * frame containing a Multi-Link element. Hence we treat this as
*5113495bSYour Name		 * a case of invalid argument being passed to us.
*5113495bSYour Name		 */
*5113495bSYour Name		mlo_err("Frame length %zu is smaller than the IE section offset %zu for subtype %u",
*5113495bSYour Name			frame_len, frame_iesection_offset, subtype);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	frame_iesection_len = frame_len - frame_iesection_offset;
*5113495bSYour Name
*5113495bSYour Name	if (frame_iesection_len == 0) {
*5113495bSYour Name		/* The caller is supposed to have confirmed that this is a valid
*5113495bSYour Name		 * frame containing a Multi-Link element. Hence we treat this as
*5113495bSYour Name		 * a case of invalid argument being passed to us.
*5113495bSYour Name		 */
*5113495bSYour Name		mlo_err("No space left in frame for IE section");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	frame_iesection = frame + frame_iesection_offset;
*5113495bSYour Name
*5113495bSYour Name	mlieseq = NULL;
*5113495bSYour Name	mlieseqlen = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_find_mlie(frame_iesection, frame_iesection_len, &mlieseq,
*5113495bSYour Name			     &mlieseqlen);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq) {
*5113495bSYour Name		/* The caller is supposed to have confirmed that a Multi-Link
*5113495bSYour Name		 * element is present in the frame. Hence we treat this as a
*5113495bSYour Name		 * case of invalid argument being passed to us.
*5113495bSYour Name		 */
*5113495bSYour Name		mlo_err("Invalid original frame since no Multi-Link element found");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Sanity check the Multi-Link element sequence length */
*5113495bSYour Name	if (!mlieseqlen) {
*5113495bSYour Name		mlo_err("Length of Multi-Link element sequence is zero. Investigate.");
*5113495bSYour Name		return QDF_STATUS_E_FAILURE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink)) {
*5113495bSYour Name		mlo_err_rl("Multi-Link element sequence length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
*5113495bSYour Name			   mlieseqlen, sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	ret = util_get_mlie_variant(mlieseq, mlieseqlen, (int *)&variant);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC) {
*5113495bSYour Name		mlo_err_rl("Unexpected variant %u of Multi-Link element.",
*5113495bSYour Name			   variant);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayloadlen = 0;
*5113495bSYour Name	tmplen = 0;
*5113495bSYour Name	is_elemfragseq = false;
*5113495bSYour Name
*5113495bSYour Name	ret = wlan_get_elem_fragseq_info(mlieseq,
*5113495bSYour Name					 mlieseqlen,
*5113495bSYour Name					 &is_elemfragseq,
*5113495bSYour Name					 &tmplen,
*5113495bSYour Name					 &mlieseqpayloadlen);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		if (tmplen != mlieseqlen) {
*5113495bSYour Name			mlo_err_rl("Mismatch in values of element fragment sequence total length. Val per frag info determination: %zu octets, val per Multi-Link element search: %zu octets",
*5113495bSYour Name				   tmplen, mlieseqlen);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Multi-Link element fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlo_debug("ML IE fragment sequence found with payload len %zu",
*5113495bSYour Name			  mlieseqpayloadlen);
*5113495bSYour Name	} else {
*5113495bSYour Name		if (mlieseqlen > (sizeof(struct ie_header) + WLAN_MAX_IE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Expected presence of valid fragment sequence since Multi-Link element sequence length %zu octets is larger than frag threshold of %zu octets, however no valid fragment sequence found",
*5113495bSYour Name				   mlieseqlen,
*5113495bSYour Name				   sizeof(struct ie_header) + WLAN_MAX_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlieseqpayloadlen = mlieseqlen - (sizeof(struct ie_header) + 1);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayload_copy = qdf_mem_malloc(mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload_copy) {
*5113495bSYour Name		mlo_err_rl("Could not allocate memory for Multi-Link element payload copy");
*5113495bSYour Name		ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		ret = wlan_defrag_elem_fragseq(false,
*5113495bSYour Name					       mlieseq,
*5113495bSYour Name					       mlieseqlen,
*5113495bSYour Name					       mlieseqpayload_copy,
*5113495bSYour Name					       mlieseqpayloadlen,
*5113495bSYour Name					       &defragpayload_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name
*5113495bSYour Name		if (defragpayload_len != mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Length of de-fragmented payload %zu octets is not equal to length of Multi-Link element fragment sequence payload %zu octets",
*5113495bSYour Name				   defragpayload_len, mlieseqpayloadlen);
*5113495bSYour Name			ret = QDF_STATUS_E_FAILURE;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		qdf_mem_copy(mlieseqpayload_copy,
*5113495bSYour Name			     mlieseq + sizeof(struct ie_header) + 1,
*5113495bSYour Name			     mlieseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	link_info = NULL;
*5113495bSYour Name	link_info_len = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_multi_link_ctrl(mlieseqpayload_copy,
*5113495bSYour Name					 mlieseqpayloadlen,
*5113495bSYour Name					 &link_info,
*5113495bSYour Name					 &link_info_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name
*5113495bSYour Name	/* As per the standard, the sender must include Link Info for
*5113495bSYour Name	 * association request/response. Throw an error if we are unable to
*5113495bSYour Name	 * obtain this.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!link_info) {
*5113495bSYour Name		mlo_err_rl("Unable to successfully obtain Link Info");
*5113495bSYour Name		ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Note: We may have a future change to skip subelements which are not
*5113495bSYour Name	 * Per-STA Profile, handle more than two links in MLO, handle cases
*5113495bSYour Name	 * where we unexpectedly find more Per-STA Profiles than expected, etc.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	persta_prof = NULL;
*5113495bSYour Name	persta_prof_bufflen = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_find_bvmlie_persta_prof_for_linkid(req_link_id,
*5113495bSYour Name						      link_info,
*5113495bSYour Name						      link_info_len,
*5113495bSYour Name						      &persta_prof,
*5113495bSYour Name						      &persta_prof_bufflen);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		mlo_err_rl("Per STA profile not found for link id %d",
*5113495bSYour Name			   req_link_id);
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	sta_prof_remlen = 0;
*5113495bSYour Name	sta_prof_currpos = NULL;
*5113495bSYour Name	is_reportedmacaddr_valid = false;
*5113495bSYour Name	is_beaconinterval_valid = false;
*5113495bSYour Name	is_completeprofile = false;
*5113495bSYour Name	is_tsfoffset_valid = false;
*5113495bSYour Name
*5113495bSYour Name	/* Parse per-STA profile */
*5113495bSYour Name	ret = util_parse_bvmlie_perstaprofile_stactrl(persta_prof +
*5113495bSYour Name						      sizeof(struct subelem_header),
*5113495bSYour Name						      persta_prof_bufflen,
*5113495bSYour Name						      &linkid,
*5113495bSYour Name						      &beaconinterval,
*5113495bSYour Name						      &is_beaconinterval_valid,
*5113495bSYour Name						      &tsfoffset,
*5113495bSYour Name						      &is_tsfoffset_valid,
*5113495bSYour Name						      &is_completeprofile,
*5113495bSYour Name						      &is_reportedmacaddr_valid,
*5113495bSYour Name						      &reportedmacaddr,
*5113495bSYour Name						      true,
*5113495bSYour Name						      &sta_prof_currpos,
*5113495bSYour Name						      &sta_prof_remlen,
*5113495bSYour Name						      NULL,
*5113495bSYour Name						      NULL);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name
*5113495bSYour Name	if (subtype == WLAN_FC0_STYPE_PROBE_RESP && !is_completeprofile) {
*5113495bSYour Name		mlo_err("Complete profile information is not present in per-STA profile of probe response frame");
*5113495bSYour Name		ret = QDF_STATUS_E_NOSUPPORT;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* We double check for a NULL STA Profile, though the helper function
*5113495bSYour Name	 * above would have taken care of this. We need to get a non-NULL STA
*5113495bSYour Name	 * profile, because we need to get at least the expected fixed fields,
*5113495bSYour Name	 * even if there is an (improbable) total inheritance.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!sta_prof_currpos) {
*5113495bSYour Name		mlo_err_rl("STA profile is NULL");
*5113495bSYour Name		ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* As per the standard, the sender sets the MAC address in the per-STA
*5113495bSYour Name	 * profile in association request/response. Without this, we cannot
*5113495bSYour Name	 * generate the link specific frame.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!is_reportedmacaddr_valid) {
*5113495bSYour Name		mlo_err_rl("Unable to get MAC address from per-STA profile");
*5113495bSYour Name		ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	link_frame_currpos = link_frame;
*5113495bSYour Name	*link_frame_len = 0;
*5113495bSYour Name	link_frame_currlen = 0;
*5113495bSYour Name
*5113495bSYour Name	if (link_frame_maxsize < WLAN_MAC_HDR_LEN_3A) {
*5113495bSYour Name		mlo_err("Insufficient space in link specific frame for 802.11 header. Required: %u octets, available: %zu octets",
*5113495bSYour Name			WLAN_MAC_HDR_LEN_3A, link_frame_maxsize);
*5113495bSYour Name
*5113495bSYour Name		ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	link_frame_currpos += WLAN_MAC_HDR_LEN_3A;
*5113495bSYour Name	link_frame_currlen += WLAN_MAC_HDR_LEN_3A;
*5113495bSYour Name
*5113495bSYour Name	if ((subtype == WLAN_FC0_STYPE_ASSOC_REQ) ||
*5113495bSYour Name	    (subtype == WLAN_FC0_STYPE_REASSOC_REQ)) {
*5113495bSYour Name		mlo_debug("Populating fixed fields for (re)assoc req in link specific frame");
*5113495bSYour Name
*5113495bSYour Name		if (sta_prof_remlen < WLAN_CAPABILITYINFO_LEN) {
*5113495bSYour Name			mlo_err_rl("Remaining length of STA profile %zu octets is less than length of Capability Info %u",
*5113495bSYour Name				   sta_prof_remlen,
*5113495bSYour Name				   WLAN_CAPABILITYINFO_LEN);
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Capability information is specific to the link. Copy this
*5113495bSYour Name		 * from the STA profile.
*5113495bSYour Name		 */
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				WLAN_CAPABILITYINFO_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Capability Info field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_CAPABILITYINFO_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos, sta_prof_currpos,
*5113495bSYour Name			     WLAN_CAPABILITYINFO_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name
*5113495bSYour Name		sta_prof_currpos += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name		sta_prof_remlen -= WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name
*5113495bSYour Name		/* Listen Interval is common between all links. Copy this from
*5113495bSYour Name		 * the reporting section of the frame.
*5113495bSYour Name		 */
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				WLAN_LISTENINTERVAL_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Listen Interval field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_LISTENINTERVAL_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name			     frame + WLAN_CAPABILITYINFO_LEN,
*5113495bSYour Name			     WLAN_LISTENINTERVAL_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_LISTENINTERVAL_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_LISTENINTERVAL_LEN;
*5113495bSYour Name
*5113495bSYour Name		if (subtype == WLAN_FC0_STYPE_REASSOC_REQ) {
*5113495bSYour Name			/* Current AP address is common between all links. Copy
*5113495bSYour Name			 * this from the reporting section of the frame.
*5113495bSYour Name			 */
*5113495bSYour Name			if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				QDF_MAC_ADDR_SIZE) {
*5113495bSYour Name				mlo_err("Insufficient space in link specific frame for current AP address. Required: %u octets, available: %zu octets",
*5113495bSYour Name					QDF_MAC_ADDR_SIZE,
*5113495bSYour Name					(link_frame_maxsize -
*5113495bSYour Name						link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name				ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name				goto mem_free;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name				     frame + WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name						WLAN_LISTENINTERVAL_LEN,
*5113495bSYour Name				     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name			link_frame_currpos += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name			link_frame_currlen += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name			mlo_debug("Reassoc req: Added Current AP address field (%u octets) to link specific frame",
*5113495bSYour Name				  QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		}
*5113495bSYour Name	} else if (subtype == WLAN_FC0_STYPE_ASSOC_RESP ||
*5113495bSYour Name		   subtype == WLAN_FC0_STYPE_REASSOC_RESP) {
*5113495bSYour Name		/* This is a (re)association response */
*5113495bSYour Name		mlo_debug("Populating fixed fields for (re)assoc resp in link specific frame");
*5113495bSYour Name
*5113495bSYour Name		if (sta_prof_remlen <
*5113495bSYour Name			(WLAN_CAPABILITYINFO_LEN + WLAN_STATUSCODE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Remaining length of STA profile %zu octets is less than length of Capability Info + length of Status Code %u",
*5113495bSYour Name				   sta_prof_remlen,
*5113495bSYour Name				   WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name					WLAN_STATUSCODE_LEN);
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Capability information and Status Code are specific to the
*5113495bSYour Name		 * link. Copy these from the STA profile.
*5113495bSYour Name		 */
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name			(WLAN_CAPABILITYINFO_LEN + WLAN_STATUSCODE_LEN)) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Capability Info and Status Code fields. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_CAPABILITYINFO_LEN + WLAN_STATUSCODE_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos, sta_prof_currpos,
*5113495bSYour Name			     (WLAN_CAPABILITYINFO_LEN + WLAN_STATUSCODE_LEN));
*5113495bSYour Name		link_frame_currpos += (WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name						WLAN_STATUSCODE_LEN);
*5113495bSYour Name		link_frame_currlen += (WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name				WLAN_STATUSCODE_LEN);
*5113495bSYour Name		mlo_debug("Added Capability Info and Status Code fields (%u octets) to link specific frame",
*5113495bSYour Name			  WLAN_CAPABILITYINFO_LEN + WLAN_STATUSCODE_LEN);
*5113495bSYour Name
*5113495bSYour Name		sta_prof_currpos += (WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name				WLAN_STATUSCODE_LEN);
*5113495bSYour Name		sta_prof_remlen -= (WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name				WLAN_STATUSCODE_LEN);
*5113495bSYour Name
*5113495bSYour Name		/* AID is common between all links. Copy this from the original
*5113495bSYour Name		 * frame.
*5113495bSYour Name		 */
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) < WLAN_AID_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for AID field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_AID_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name			     frame + WLAN_CAPABILITYINFO_LEN +
*5113495bSYour Name					WLAN_STATUSCODE_LEN,
*5113495bSYour Name			     WLAN_AID_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_AID_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_AID_LEN;
*5113495bSYour Name		mlo_debug("Added AID field (%u octets) to link specific frame",
*5113495bSYour Name			  WLAN_AID_LEN);
*5113495bSYour Name	} else if (subtype == WLAN_FC0_STYPE_PROBE_RESP) {
*5113495bSYour Name		/* This is a probe response */
*5113495bSYour Name		mlo_debug("Populating fixed fields for probe response in link specific frame");
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				WLAN_TIMESTAMP_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Timestamp Info field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_TIMESTAMP_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Per spec 11be_D2.1.1, the TSF Offset subfield of the STA Info
*5113495bSYour Name		 * field indicates the offset (Toffset)between the TSF timer of
*5113495bSYour Name		 * the reported AP (TA) and the TSF timer of the reporting
*5113495bSYour Name		 * AP (TB) and is encoded as a 2s complement signed integer
*5113495bSYour Name		 * with units of 2 µs. Toffset is calculated as
*5113495bSYour Name		 * Toffset= Floor((TA – TB)/2).
*5113495bSYour Name		 */
*5113495bSYour Name		if (is_tsfoffset_valid)
*5113495bSYour Name			tsf += tsfoffset * 2;
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos, &tsf, WLAN_TIMESTAMP_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_TIMESTAMP_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_TIMESTAMP_LEN;
*5113495bSYour Name
*5113495bSYour Name		if (!is_beaconinterval_valid) {
*5113495bSYour Name			mlo_err_rl("Beacon interval information not present in STA info field of per-STA profile");
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Beacon Interval information copy this from
*5113495bSYour Name		 * the STA info field.
*5113495bSYour Name		 */
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				WLAN_BEACONINTERVAL_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Beacon Interval Info field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_BEACONINTERVAL_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos, &beaconinterval,
*5113495bSYour Name			     WLAN_BEACONINTERVAL_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_BEACONINTERVAL_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_BEACONINTERVAL_LEN;
*5113495bSYour Name
*5113495bSYour Name		if (sta_prof_remlen < WLAN_CAPABILITYINFO_LEN) {
*5113495bSYour Name			mlo_err_rl("Remaining length of STA profile %zu octets is less than length of Capability Info %u",
*5113495bSYour Name				   sta_prof_remlen,
*5113495bSYour Name				   WLAN_CAPABILITYINFO_LEN);
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Capability information is specific to the link. Copy this
*5113495bSYour Name		 * from the STA profile.
*5113495bSYour Name		 */
*5113495bSYour Name
*5113495bSYour Name		if ((link_frame_maxsize - link_frame_currlen) <
*5113495bSYour Name				WLAN_CAPABILITYINFO_LEN) {
*5113495bSYour Name			mlo_err("Insufficient space in link specific frame for Capability Info field. Required: %u octets, available: %zu octets",
*5113495bSYour Name				WLAN_CAPABILITYINFO_LEN,
*5113495bSYour Name				(link_frame_maxsize - link_frame_currlen));
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_currpos, sta_prof_currpos,
*5113495bSYour Name			     WLAN_CAPABILITYINFO_LEN);
*5113495bSYour Name		link_frame_currpos += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name		link_frame_currlen += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name
*5113495bSYour Name		sta_prof_currpos += WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name		sta_prof_remlen -= WLAN_CAPABILITYINFO_LEN;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	sta_prof_iesection = sta_prof_currpos;
*5113495bSYour Name	sta_prof_iesection_len = sta_prof_remlen;
*5113495bSYour Name
*5113495bSYour Name	/* Populate non-inheritance lists if applicable */
*5113495bSYour Name	ninherit_elemlist_len = 0;
*5113495bSYour Name	ninherit_elemlist = NULL;
*5113495bSYour Name	ninherit_elemextlist_len = 0;
*5113495bSYour Name	ninherit_elemextlist = NULL;
*5113495bSYour Name
*5113495bSYour Name	ret = util_get_noninheritlists(sta_prof_iesection,
*5113495bSYour Name				       sta_prof_iesection_len,
*5113495bSYour Name				       &ninherit_elemlist,
*5113495bSYour Name				       &ninherit_elemlist_len,
*5113495bSYour Name				       &ninherit_elemextlist,
*5113495bSYour Name				       &ninherit_elemextlist_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name
*5113495bSYour Name	/* Go through IEs of the reporting STA, and those in STA profile, merge
*5113495bSYour Name	 * them into link_frame (except for elements in the Non-Inheritance
*5113495bSYour Name	 * list).
*5113495bSYour Name	 *
*5113495bSYour Name	 * Note: Currently, only 2-link MLO is supported here. We may have a
*5113495bSYour Name	 * future change to expand to more links.
*5113495bSYour Name	 */
*5113495bSYour Name	reportingsta_ie = util_find_eid(WLAN_ELEMID_SSID, frame_iesection,
*5113495bSYour Name					frame_iesection_len);
*5113495bSYour Name
*5113495bSYour Name	if ((subtype == WLAN_FC0_STYPE_ASSOC_REQ) ||
*5113495bSYour Name	    (subtype == WLAN_FC0_STYPE_REASSOC_REQ) ||
*5113495bSYour Name	    (subtype == WLAN_FC0_STYPE_PROBE_RESP)) {
*5113495bSYour Name		/* Sanity check that the SSID element is present for the
*5113495bSYour Name		 * reporting STA. There is no stipulation in the standard for
*5113495bSYour Name		 * the STA profile in this regard, so we do not check the STA
*5113495bSYour Name		 * profile for the SSID element.
*5113495bSYour Name		 */
*5113495bSYour Name		if (!reportingsta_ie) {
*5113495bSYour Name			mlo_err_rl("SSID element not found in reporting STA of the frame.");
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		/* This is a (re)association response. Sanity check that the
*5113495bSYour Name		 * SSID element is present neither for the reporting STA nor in
*5113495bSYour Name		 * the STA profile.
*5113495bSYour Name		 */
*5113495bSYour Name		if (reportingsta_ie) {
*5113495bSYour Name			mlo_err_rl("SSID element found for reporting STA for (re)association response. It should not be present.");
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		sta_prof_ie = util_find_eid(WLAN_ELEMID_SSID,
*5113495bSYour Name					    sta_prof_iesection,
*5113495bSYour Name					    sta_prof_iesection_len);
*5113495bSYour Name
*5113495bSYour Name		if (sta_prof_ie) {
*5113495bSYour Name			mlo_err_rl("SSID element found in STA profile for (re)association response. It should not be present.");
*5113495bSYour Name			ret = QDF_STATUS_E_PROTO;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	reportingsta_ie = reportingsta_ie ? reportingsta_ie : frame_iesection;
*5113495bSYour Name
*5113495bSYour Name	ret = util_validate_reportingsta_ie(reportingsta_ie, frame_iesection,
*5113495bSYour Name					    frame_iesection_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		goto mem_free;
*5113495bSYour Name
*5113495bSYour Name	reportingsta_ie_size = reportingsta_ie[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name	while (((reportingsta_ie + reportingsta_ie_size) - frame_iesection)
*5113495bSYour Name			<= frame_iesection_len) {
*5113495bSYour Name		/* Skip Multi-Link element */
*5113495bSYour Name		if ((reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) &&
*5113495bSYour Name		    (reportingsta_ie[IDEXT_POS] ==
*5113495bSYour Name				WLAN_EXTN_ELEMID_MULTI_LINK)) {
*5113495bSYour Name			if (((reportingsta_ie + reportingsta_ie_size) -
*5113495bSYour Name					frame_iesection) == frame_iesection_len)
*5113495bSYour Name				break;
*5113495bSYour Name
*5113495bSYour Name			/* Add BV ML IE for link specific probe response */
*5113495bSYour Name			if (subtype == WLAN_FC0_STYPE_PROBE_RESP) {
*5113495bSYour Name				ret = util_add_mlie_for_prb_rsp_gen(
*5113495bSYour Name					reportingsta_ie,
*5113495bSYour Name					reportingsta_ie[TAG_LEN_POS],
*5113495bSYour Name					&link_frame_currpos,
*5113495bSYour Name					&link_frame_currlen,
*5113495bSYour Name					link_frame_maxsize,
*5113495bSYour Name					linkid);
*5113495bSYour Name				if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name					goto mem_free;
*5113495bSYour Name			}
*5113495bSYour Name			reportingsta_ie += reportingsta_ie_size;
*5113495bSYour Name
*5113495bSYour Name			ret = util_validate_reportingsta_ie(reportingsta_ie,
*5113495bSYour Name							    frame_iesection,
*5113495bSYour Name							    frame_iesection_len);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				goto mem_free;
*5113495bSYour Name
*5113495bSYour Name			reportingsta_ie_size = reportingsta_ie[TAG_LEN_POS] +
*5113495bSYour Name				MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name			continue;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		sta_prof_ie = NULL;
*5113495bSYour Name		sta_prof_ie_size = 0;
*5113495bSYour Name
*5113495bSYour Name		if (sta_prof_iesection_len) {
*5113495bSYour Name			if (reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name				sta_prof_ie = (uint8_t *)util_find_extn_eid(reportingsta_ie[ID_POS],
*5113495bSYour Name									    reportingsta_ie[IDEXT_POS],
*5113495bSYour Name									    sta_prof_iesection,
*5113495bSYour Name									    sta_prof_iesection_len);
*5113495bSYour Name			} else {
*5113495bSYour Name				sta_prof_ie = (uint8_t *)util_find_eid(reportingsta_ie[ID_POS],
*5113495bSYour Name								       sta_prof_iesection,
*5113495bSYour Name								       sta_prof_iesection_len);
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!sta_prof_ie) {
*5113495bSYour Name			/* IE is present for reporting STA, but not in STA
*5113495bSYour Name			 * profile.
*5113495bSYour Name			 */
*5113495bSYour Name
*5113495bSYour Name			is_in_noninheritlist = false;
*5113495bSYour Name
*5113495bSYour Name			ret = util_eval_ie_in_noninheritlist((uint8_t *)reportingsta_ie,
*5113495bSYour Name							     reportingsta_ie_size,
*5113495bSYour Name							     ninherit_elemlist,
*5113495bSYour Name							     ninherit_elemlist_len,
*5113495bSYour Name							     ninherit_elemextlist,
*5113495bSYour Name							     ninherit_elemextlist_len,
*5113495bSYour Name							     &is_in_noninheritlist);
*5113495bSYour Name
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				goto mem_free;
*5113495bSYour Name
*5113495bSYour Name			if (!is_in_noninheritlist) {
*5113495bSYour Name				if ((link_frame_currpos +
*5113495bSYour Name						reportingsta_ie_size) <=
*5113495bSYour Name					(link_frame + link_frame_maxsize)) {
*5113495bSYour Name					qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name						     reportingsta_ie,
*5113495bSYour Name						     reportingsta_ie_size);
*5113495bSYour Name
*5113495bSYour Name					link_frame_currpos +=
*5113495bSYour Name						reportingsta_ie_size;
*5113495bSYour Name					link_frame_currlen +=
*5113495bSYour Name						reportingsta_ie_size;
*5113495bSYour Name
*5113495bSYour Name					if (reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name						mlo_etrace_debug("IE with element ID : %u extension element ID : %u (%zu octets) present for reporting STA but not in STA profile. Copied IE from reporting frame to link specific frame",
*5113495bSYour Name							      reportingsta_ie[ID_POS],
*5113495bSYour Name							      reportingsta_ie[IDEXT_POS],
*5113495bSYour Name							      reportingsta_ie_size);
*5113495bSYour Name					} else {
*5113495bSYour Name						mlo_etrace_debug("IE with element ID : %u (%zu octets) present for reporting STA but not in STA profile. Copied IE from reporting frame to link specific frame",
*5113495bSYour Name							      reportingsta_ie[ID_POS],
*5113495bSYour Name							      reportingsta_ie_size);
*5113495bSYour Name					}
*5113495bSYour Name				} else {
*5113495bSYour Name					if (reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name						mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u extension element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name							       reportingsta_ie[ID_POS],
*5113495bSYour Name							       reportingsta_ie[IDEXT_POS],
*5113495bSYour Name							       reportingsta_ie_size,
*5113495bSYour Name							       link_frame_maxsize -
*5113495bSYour Name							       link_frame_currlen);
*5113495bSYour Name					} else {
*5113495bSYour Name						mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name							       reportingsta_ie[ID_POS],
*5113495bSYour Name							       reportingsta_ie_size,
*5113495bSYour Name							       link_frame_maxsize -
*5113495bSYour Name							       link_frame_currlen);
*5113495bSYour Name					}
*5113495bSYour Name
*5113495bSYour Name					ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name					goto mem_free;
*5113495bSYour Name				}
*5113495bSYour Name			} else {
*5113495bSYour Name				if (reportingsta_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name					mlo_etrace_debug("IE with element ID : %u extension element ID : %u (%zu octets) present for reporting STA but not in STA profile. However it is in Non-Inheritance list, hence ignoring.",
*5113495bSYour Name						      reportingsta_ie[ID_POS],
*5113495bSYour Name						      reportingsta_ie[IDEXT_POS],
*5113495bSYour Name						      reportingsta_ie_size);
*5113495bSYour Name				} else {
*5113495bSYour Name					mlo_etrace_debug("IE with element ID : %u (%zu octets) present for reporting STA but not in STA profile. However it is in Non-Inheritance list, hence ignoring.",
*5113495bSYour Name						      reportingsta_ie[ID_POS],
*5113495bSYour Name						      reportingsta_ie_size);
*5113495bSYour Name				}
*5113495bSYour Name			}
*5113495bSYour Name		} else {
*5113495bSYour Name			/* IE is present for reporting STA and also in STA
*5113495bSYour Name			 * profile, copy from STA profile and flag the IE in STA
*5113495bSYour Name			 * profile as copied (by setting EID field to 0). The
*5113495bSYour Name			 * SSID element (with EID 0) is processed first to
*5113495bSYour Name			 * enable this. For vendor IE, compare OUI + type +
*5113495bSYour Name			 * subType to determine if they are the same IE.
*5113495bSYour Name			 */
*5113495bSYour Name			/* Note: This may be revisited in a future change, to
*5113495bSYour Name			 * adhere to provisions in the standard for multiple
*5113495bSYour Name			 * occurrences of a given element ID/extension element
*5113495bSYour Name			 * ID.
*5113495bSYour Name			 */
*5113495bSYour Name
*5113495bSYour Name			ret = util_validate_sta_prof_ie(sta_prof_ie,
*5113495bSYour Name							sta_prof_iesection,
*5113495bSYour Name							sta_prof_iesection_len);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				goto mem_free;
*5113495bSYour Name
*5113495bSYour Name			sta_prof_ie_size = sta_prof_ie[TAG_LEN_POS] +
*5113495bSYour Name				MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name			sta_prof_iesection_remlen =
*5113495bSYour Name				sta_prof_iesection_len -
*5113495bSYour Name					(sta_prof_ie - sta_prof_iesection);
*5113495bSYour Name
*5113495bSYour Name			if ((reportingsta_ie[ID_POS] == WLAN_ELEMID_VENDOR) &&
*5113495bSYour Name			    (sta_prof_iesection_remlen >= MIN_VENDOR_TAG_LEN)) {
*5113495bSYour Name				/* If Vendor IE also presents in STA profile,
*5113495bSYour Name				 * then ignore the Vendor IE which is for
*5113495bSYour Name				 * reporting STA. It only needs to copy Vendor
*5113495bSYour Name				 * IE from STA profile to link specific frame.
*5113495bSYour Name				 * The copy happens when going through the
*5113495bSYour Name				 * remaining IEs.
*5113495bSYour Name				 */
*5113495bSYour Name				;
*5113495bSYour Name			} else {
*5113495bSYour Name				/* Copy IE from STA profile into link specific
*5113495bSYour Name				 * frame.
*5113495bSYour Name				 */
*5113495bSYour Name				if ((link_frame_currpos + sta_prof_ie_size) <=
*5113495bSYour Name					(link_frame + link_frame_maxsize)) {
*5113495bSYour Name					qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name						     sta_prof_ie,
*5113495bSYour Name						     sta_prof_ie_size);
*5113495bSYour Name
*5113495bSYour Name					link_frame_currpos += sta_prof_ie_size;
*5113495bSYour Name					link_frame_currlen +=
*5113495bSYour Name						sta_prof_ie_size;
*5113495bSYour Name
*5113495bSYour Name					if (reportingsta_ie[ID_POS] ==
*5113495bSYour Name							WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name						mlo_etrace_debug("IE with element ID : %u extension element ID : %u (%zu octets) for reporting STA also present in STA profile. Copied IE from STA profile to link specific frame",
*5113495bSYour Name							      sta_prof_ie[ID_POS],
*5113495bSYour Name							      sta_prof_ie[IDEXT_POS],
*5113495bSYour Name							      sta_prof_ie_size);
*5113495bSYour Name					} else {
*5113495bSYour Name						mlo_etrace_debug("IE with element ID : %u (%zu octets) for reporting STA also present in STA profile. Copied IE from STA profile to link specific frame",
*5113495bSYour Name								 sta_prof_ie[ID_POS],
*5113495bSYour Name								 sta_prof_ie_size);
*5113495bSYour Name					}
*5113495bSYour Name
*5113495bSYour Name					sta_prof_ie[0] = 0;
*5113495bSYour Name				} else {
*5113495bSYour Name					if (sta_prof_ie[ID_POS] ==
*5113495bSYour Name							WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name						mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u extension element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name								  sta_prof_ie[ID_POS],
*5113495bSYour Name								  sta_prof_ie[IDEXT_POS],
*5113495bSYour Name								  sta_prof_ie_size,
*5113495bSYour Name								  link_frame_maxsize -
*5113495bSYour Name								  link_frame_currlen);
*5113495bSYour Name					} else {
*5113495bSYour Name						mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name								  sta_prof_ie[ID_POS],
*5113495bSYour Name								  sta_prof_ie_size,
*5113495bSYour Name								  link_frame_maxsize -
*5113495bSYour Name								  link_frame_currlen);
*5113495bSYour Name					}
*5113495bSYour Name
*5113495bSYour Name					ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name					goto mem_free;
*5113495bSYour Name				}
*5113495bSYour Name			}
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (((reportingsta_ie + reportingsta_ie_size) -
*5113495bSYour Name					frame_iesection) == frame_iesection_len)
*5113495bSYour Name			break;
*5113495bSYour Name
*5113495bSYour Name		reportingsta_ie += reportingsta_ie_size;
*5113495bSYour Name
*5113495bSYour Name		ret = util_validate_reportingsta_ie(reportingsta_ie,
*5113495bSYour Name						    frame_iesection,
*5113495bSYour Name						    frame_iesection_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name
*5113495bSYour Name		reportingsta_ie_size = reportingsta_ie[TAG_LEN_POS] +
*5113495bSYour Name			MIN_IE_LEN;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Go through the remaining unprocessed IEs in STA profile and copy them
*5113495bSYour Name	 * to the link specific frame. The processed ones are marked with 0 in
*5113495bSYour Name	 * the first octet. The first octet corresponds to the element ID. In
*5113495bSYour Name	 * the case of (re)association request, the element with actual ID
*5113495bSYour Name	 * WLAN_ELEMID_SSID(0) has already been copied to the link specific
*5113495bSYour Name	 * frame. In the case of (re)association response, it has been verified
*5113495bSYour Name	 * that the element with actual ID WLAN_ELEMID_SSID(0) is present
*5113495bSYour Name	 * neither for the reporting STA nor in the STA profile.
*5113495bSYour Name	 */
*5113495bSYour Name	sta_prof_iesection_currpos = sta_prof_iesection;
*5113495bSYour Name	sta_prof_iesection_remlen = sta_prof_iesection_len;
*5113495bSYour Name
*5113495bSYour Name	while (sta_prof_iesection_remlen > 0) {
*5113495bSYour Name		sta_prof_ie = sta_prof_iesection_currpos;
*5113495bSYour Name		ret = util_validate_sta_prof_ie(sta_prof_ie,
*5113495bSYour Name						sta_prof_iesection_currpos,
*5113495bSYour Name						sta_prof_iesection_remlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name
*5113495bSYour Name		sta_prof_ie_size = sta_prof_ie[TAG_LEN_POS] + MIN_IE_LEN;
*5113495bSYour Name
*5113495bSYour Name		if (!sta_prof_ie[0]) {
*5113495bSYour Name			/* Skip this, since it has already been processed */
*5113495bSYour Name			sta_prof_iesection_currpos += sta_prof_ie_size;
*5113495bSYour Name			sta_prof_iesection_remlen -= sta_prof_ie_size;
*5113495bSYour Name			continue;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		/* Copy IE from STA profile into link specific frame. */
*5113495bSYour Name		if ((link_frame_currpos + sta_prof_ie_size) <=
*5113495bSYour Name			(link_frame + link_frame_maxsize)) {
*5113495bSYour Name			qdf_mem_copy(link_frame_currpos,
*5113495bSYour Name				     sta_prof_ie,
*5113495bSYour Name				     sta_prof_ie_size);
*5113495bSYour Name
*5113495bSYour Name			link_frame_currpos += sta_prof_ie_size;
*5113495bSYour Name			link_frame_currlen +=
*5113495bSYour Name				sta_prof_ie_size;
*5113495bSYour Name
*5113495bSYour Name			if (reportingsta_ie[ID_POS] ==
*5113495bSYour Name					WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name				mlo_etrace_debug("IE with element ID : %u extension element ID : %u (%zu octets) is present only in STA profile. Copied IE from STA profile to link specific frame",
*5113495bSYour Name						 sta_prof_ie[ID_POS],
*5113495bSYour Name						 sta_prof_ie[IDEXT_POS],
*5113495bSYour Name						 sta_prof_ie_size);
*5113495bSYour Name			} else {
*5113495bSYour Name				mlo_etrace_debug("IE with element ID : %u (%zu octets) is present only in STA profile. Copied IE from STA profile to link specific frame",
*5113495bSYour Name						 sta_prof_ie[ID_POS],
*5113495bSYour Name						 sta_prof_ie_size);
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			sta_prof_ie[0] = 0;
*5113495bSYour Name		} else {
*5113495bSYour Name			if (sta_prof_ie[ID_POS] == WLAN_ELEMID_EXTN_ELEM) {
*5113495bSYour Name				mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u extension element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name						  sta_prof_ie[ID_POS],
*5113495bSYour Name						  sta_prof_ie[IDEXT_POS],
*5113495bSYour Name						  sta_prof_ie_size,
*5113495bSYour Name						  link_frame_maxsize -
*5113495bSYour Name						  link_frame_currlen);
*5113495bSYour Name			} else {
*5113495bSYour Name				mlo_etrace_err_rl("Insufficient space in link specific frame for IE with element ID : %u. Required: %zu octets, available: %zu octets",
*5113495bSYour Name						  sta_prof_ie[ID_POS],
*5113495bSYour Name						  sta_prof_ie_size,
*5113495bSYour Name						  link_frame_maxsize -
*5113495bSYour Name						  link_frame_currlen);
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			ret = QDF_STATUS_E_NOMEM;
*5113495bSYour Name			goto mem_free;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		sta_prof_iesection_currpos += sta_prof_ie_size;
*5113495bSYour Name		sta_prof_iesection_remlen -= sta_prof_ie_size;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Copy the link MAC addr */
*5113495bSYour Name	link_frame_hdr = (struct wlan_frame_hdr *)link_frame;
*5113495bSYour Name
*5113495bSYour Name	if ((subtype == WLAN_FC0_STYPE_ASSOC_REQ) ||
*5113495bSYour Name	    (subtype == WLAN_FC0_STYPE_REASSOC_REQ)) {
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr3, &link_addr,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr2, reportedmacaddr.bytes,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr1, &link_addr,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name
*5113495bSYour Name		link_frame_hdr->i_fc[0] = MLO_LINKSPECIFIC_ASSOC_REQ_FC0;
*5113495bSYour Name		link_frame_hdr->i_fc[1] = MLO_LINKSPECIFIC_ASSOC_REQ_FC1;
*5113495bSYour Name	} else if (subtype == WLAN_FC0_STYPE_PROBE_RESP) {
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr3, reportedmacaddr.bytes,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr2, reportedmacaddr.bytes,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr1, &link_addr,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name
*5113495bSYour Name		link_frame_hdr->i_fc[0] = MLO_LINKSPECIFIC_PROBE_RESP_FC0;
*5113495bSYour Name		link_frame_hdr->i_fc[1] = MLO_LINKSPECIFIC_PROBE_RESP_FC1;
*5113495bSYour Name	} else {
*5113495bSYour Name		/* This is a (re)association response */
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr3, reportedmacaddr.bytes,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr2, reportedmacaddr.bytes,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		qdf_mem_copy(link_frame_hdr->i_addr1, &link_addr,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name
*5113495bSYour Name		link_frame_hdr->i_fc[0] = MLO_LINKSPECIFIC_ASSOC_RESP_FC0;
*5113495bSYour Name		link_frame_hdr->i_fc[1] = MLO_LINKSPECIFIC_ASSOC_RESP_FC1;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("subtype:%u addr3:" QDF_MAC_ADDR_FMT " addr2:"
*5113495bSYour Name		  QDF_MAC_ADDR_FMT " addr1:" QDF_MAC_ADDR_FMT,
*5113495bSYour Name		  subtype,
*5113495bSYour Name		  QDF_MAC_ADDR_REF(link_frame_hdr->i_addr3),
*5113495bSYour Name		  QDF_MAC_ADDR_REF(link_frame_hdr->i_addr2),
*5113495bSYour Name		  QDF_MAC_ADDR_REF(link_frame_hdr->i_addr1));
*5113495bSYour Name
*5113495bSYour Name	/* Seq num not used so not populated */
*5113495bSYour Name
*5113495bSYour Name	*link_frame_len = link_frame_currlen;
*5113495bSYour Name	ret = QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Namemem_free:
*5113495bSYour Name	qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name	return ret;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_gen_link_assoc_req(uint8_t *frame, qdf_size_t frame_len, bool isreassoc,
*5113495bSYour Name			uint8_t link_id,
*5113495bSYour Name			struct qdf_mac_addr link_addr,
*5113495bSYour Name			uint8_t *link_frame,
*5113495bSYour Name			qdf_size_t link_frame_maxsize,
*5113495bSYour Name			qdf_size_t *link_frame_len)
*5113495bSYour Name{
*5113495bSYour Name	return util_gen_link_reqrsp_cmn(frame, frame_len,
*5113495bSYour Name			(isreassoc ? WLAN_FC0_STYPE_REASSOC_REQ :
*5113495bSYour Name				WLAN_FC0_STYPE_ASSOC_REQ),
*5113495bSYour Name			link_id, link_addr, link_frame,
*5113495bSYour Name			link_frame_maxsize, link_frame_len);
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_gen_link_assoc_rsp(uint8_t *frame, qdf_size_t frame_len, bool isreassoc,
*5113495bSYour Name			uint8_t link_id,
*5113495bSYour Name			struct qdf_mac_addr link_addr,
*5113495bSYour Name			uint8_t *link_frame,
*5113495bSYour Name			qdf_size_t link_frame_maxsize,
*5113495bSYour Name			qdf_size_t *link_frame_len)
*5113495bSYour Name{
*5113495bSYour Name	return util_gen_link_reqrsp_cmn(frame, frame_len,
*5113495bSYour Name			(isreassoc ?  WLAN_FC0_STYPE_REASSOC_RESP :
*5113495bSYour Name				WLAN_FC0_STYPE_ASSOC_RESP),
*5113495bSYour Name			link_id, link_addr, link_frame,
*5113495bSYour Name			link_frame_maxsize, link_frame_len);
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_gen_link_probe_rsp(uint8_t *frame, qdf_size_t frame_len,
*5113495bSYour Name			uint8_t link_id,
*5113495bSYour Name			struct qdf_mac_addr link_addr,
*5113495bSYour Name			uint8_t *link_frame,
*5113495bSYour Name			qdf_size_t link_frame_maxsize,
*5113495bSYour Name			qdf_size_t *link_frame_len)
*5113495bSYour Name{
*5113495bSYour Name	return util_gen_link_reqrsp_cmn(frame, frame_len,
*5113495bSYour Name			 WLAN_FC0_STYPE_PROBE_RESP, link_id,
*5113495bSYour Name			link_addr, link_frame, link_frame_maxsize,
*5113495bSYour Name			link_frame_len);
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_find_mlie(uint8_t *buf, qdf_size_t buflen, uint8_t **mlieseq,
*5113495bSYour Name	       qdf_size_t *mlieseqlen)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t *bufboundary;
*5113495bSYour Name	uint8_t *ieseq;
*5113495bSYour Name	qdf_size_t ieseqlen;
*5113495bSYour Name	uint8_t *currie;
*5113495bSYour Name	uint8_t *successorfrag;
*5113495bSYour Name
*5113495bSYour Name	if (!buf || !buflen || !mlieseq || !mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*mlieseq = NULL;
*5113495bSYour Name	*mlieseqlen = 0;
*5113495bSYour Name
*5113495bSYour Name	/* Find Multi-Link element. In case a fragment sequence is present,
*5113495bSYour Name	 * this element will be the leading fragment.
*5113495bSYour Name	 */
*5113495bSYour Name	ieseq = util_find_extn_eid(WLAN_ELEMID_EXTN_ELEM,
*5113495bSYour Name				   WLAN_EXTN_ELEMID_MULTI_LINK, buf,
*5113495bSYour Name				   buflen);
*5113495bSYour Name
*5113495bSYour Name	/* Even if the element is not found, we have successfully examined the
*5113495bSYour Name	 * buffer. The caller will be provided a NULL value for the starting of
*5113495bSYour Name	 * the Multi-Link element. Hence, we return success.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!ieseq)
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name	bufboundary = buf + buflen;
*5113495bSYour Name
*5113495bSYour Name	if ((ieseq + MIN_IE_LEN) > bufboundary)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	ieseqlen = MIN_IE_LEN + ieseq[TAG_LEN_POS];
*5113495bSYour Name
*5113495bSYour Name	if (ieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	if ((ieseq + ieseqlen) > bufboundary)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	/* In the next sequence of checks, if there is no space in the buffer
*5113495bSYour Name	 * for another element after the Multi-Link element/element fragment
*5113495bSYour Name	 * sequence, it could indicate an issue since non-MLO EHT elements
*5113495bSYour Name	 * would be expected to follow the Multi-Link element/element fragment
*5113495bSYour Name	 * sequence. However, this is outside of the purview of this function,
*5113495bSYour Name	 * hence we ignore it.
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	currie = ieseq;
*5113495bSYour Name	successorfrag = util_get_successorfrag(currie, buf, buflen);
*5113495bSYour Name
*5113495bSYour Name	/* Fragmentation definitions as of IEEE802.11be D1.0 and
*5113495bSYour Name	 * IEEE802.11REVme D0.2 are applied. Only the case where Multi-Link
*5113495bSYour Name	 * element is present in a buffer from the core frame is considered.
*5113495bSYour Name	 * Future changes to fragmentation, cases where the Multi-Link element
*5113495bSYour Name	 * is present in a subelement, etc. to be reflected here if applicable
*5113495bSYour Name	 * as and when the rules evolve.
*5113495bSYour Name	 */
*5113495bSYour Name	while (successorfrag) {
*5113495bSYour Name		/* We should not be seeing a successor fragment if the length
*5113495bSYour Name		 * of the current IE is lesser than the max.
*5113495bSYour Name		 */
*5113495bSYour Name		if (currie[TAG_LEN_POS] != WLAN_MAX_IE_LEN)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		if (successorfrag[TAG_LEN_POS] == 0)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		ieseqlen +=  (MIN_IE_LEN + successorfrag[TAG_LEN_POS]);
*5113495bSYour Name
*5113495bSYour Name		currie = successorfrag;
*5113495bSYour Name		successorfrag = util_get_successorfrag(currie, buf, buflen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	*mlieseq = ieseq;
*5113495bSYour Name	*mlieseqlen = ieseqlen;
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic inline QDF_STATUS
*5113495bSYour Nameutil_validate_bv_mlie_min_seq_len(qdf_size_t mlieseqlen)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_len = sizeof(struct wlan_ie_multilink);
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < parsed_len + WLAN_ML_BV_CINFO_LENGTH_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload of len %zu doesn't accommodate the mandatory BV ML IE Common info len field",
*5113495bSYour Name			   mlieseqlen);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name	parsed_len += WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < parsed_len + QDF_MAC_ADDR_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload of len %zu doesn't accommodate the mandatory MLD addr",
*5113495bSYour Name			   mlieseqlen);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_find_mlie_by_variant(uint8_t *buf, qdf_size_t buflen, uint8_t **mlieseq,
*5113495bSYour Name			  qdf_size_t *mlieseqlen, int variant)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t *ieseq;
*5113495bSYour Name	qdf_size_t ieseqlen;
*5113495bSYour Name	QDF_STATUS status;
*5113495bSYour Name	int ml_variant;
*5113495bSYour Name	qdf_size_t buf_parsed_len;
*5113495bSYour Name
*5113495bSYour Name	if (!buf || !buflen || !mlieseq || !mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	if (variant >= WLAN_ML_VARIANT_INVALIDSTART)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	ieseq = NULL;
*5113495bSYour Name	ieseqlen = 0;
*5113495bSYour Name	*mlieseq = NULL;
*5113495bSYour Name	*mlieseqlen = 0;
*5113495bSYour Name	buf_parsed_len = 0;
*5113495bSYour Name
*5113495bSYour Name	while (buflen > buf_parsed_len) {
*5113495bSYour Name		status = util_find_mlie(buf + buf_parsed_len,
*5113495bSYour Name					buflen - buf_parsed_len,
*5113495bSYour Name					&ieseq, &ieseqlen);
*5113495bSYour Name
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(status))
*5113495bSYour Name			return status;
*5113495bSYour Name
*5113495bSYour Name		/* Even if the element is not found, we have successfully
*5113495bSYour Name		 * examined the buffer. The caller will be provided a NULL value
*5113495bSYour Name		 * for the starting of the Multi-Link element. Hence, we return
*5113495bSYour Name		 * success.
*5113495bSYour Name		 */
*5113495bSYour Name		if (!ieseq)
*5113495bSYour Name			return QDF_STATUS_SUCCESS;
*5113495bSYour Name
*5113495bSYour Name		status = util_get_mlie_variant(ieseq, ieseqlen,
*5113495bSYour Name					       &ml_variant);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(status)) {
*5113495bSYour Name			mlo_err("Unable to get Multi-link element variant");
*5113495bSYour Name			return status;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (ml_variant == variant) {
*5113495bSYour Name			*mlieseq = ieseq;
*5113495bSYour Name			*mlieseqlen = ieseqlen;
*5113495bSYour Name			return QDF_STATUS_SUCCESS;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		buf_parsed_len = ieseq + ieseqlen - buf;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_E_INVAL;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_mlie_common_info_len(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name			      uint8_t *commoninfo_len)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !commoninfo_len)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	/* Common Info starts at mlieseq + sizeof(struct wlan_ie_multilink).
*5113495bSYour Name	 * Check if there is sufficient space in the buffer for the Common Info
*5113495bSYour Name	 * Length and MLD MAC address.
*5113495bSYour Name	 */
*5113495bSYour Name	if ((sizeof(struct wlan_ie_multilink) + WLAN_ML_BV_CINFO_LENGTH_SIZE +
*5113495bSYour Name	    QDF_MAC_ADDR_SIZE) > mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	*commoninfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_bssparamchangecnt(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name				  bool *bssparamchangecntfound,
*5113495bSYour Name				  uint8_t *bssparamchangecnt)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name	uint8_t *commoninfo;
*5113495bSYour Name	uint8_t commoninfolen;
*5113495bSYour Name	qdf_size_t mldcap_offset;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !bssparamchangecntfound ||
*5113495bSYour Name	    !bssparamchangecnt)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*bssparamchangecntfound = false;
*5113495bSYour Name	*bssparamchangecnt = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_NOSUPPORT;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(util_validate_bv_mlie_min_seq_len(mlieseqlen)))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	commoninfo = mlieseq + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name	commoninfolen = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	mldcap_offset = WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	mldcap_offset += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P) {
*5113495bSYour Name		mldcap_offset += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P) {
*5113495bSYour Name		if (commoninfolen < (mldcap_offset +
*5113495bSYour Name				     WLAN_ML_BSSPARAMCHNGCNT_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset +
*5113495bSYour Name				WLAN_ML_BSSPARAMCHNGCNT_SIZE) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		*bssparamchangecntfound = true;
*5113495bSYour Name		*bssparamchangecnt = *(commoninfo + mldcap_offset);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_mlie_variant(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name		      int *variant)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant var;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !variant)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = le16toh(mlie_fixed->mlcontrol);
*5113495bSYour Name	var = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			   WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (var >= WLAN_ML_VARIANT_INVALIDSTART)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	*variant = var;
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_eml_cap(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name			bool *eml_cap_found,
*5113495bSYour Name			uint16_t *eml_cap)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint8_t eml_cap_offset;
*5113495bSYour Name	uint8_t commoninfo_len;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !eml_cap_found || !eml_cap)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*eml_cap = 0;
*5113495bSYour Name	*eml_cap_found = false;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* eml_cap_offset stores the offset of EML Capabilities within
*5113495bSYour Name	 * Common Info
*5113495bSYour Name	 */
*5113495bSYour Name	eml_cap_offset = WLAN_ML_BV_CINFO_LENGTH_SIZE + QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P)
*5113495bSYour Name		eml_cap_offset += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P)
*5113495bSYour Name		eml_cap_offset += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P)
*5113495bSYour Name		eml_cap_offset += WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_EMLCAP_P) {
*5113495bSYour Name		/* Common Info starts at
*5113495bSYour Name		 * mlieseq + sizeof(struct wlan_ie_multilink).
*5113495bSYour Name		 * Check if there is sufficient space in the buffer for
*5113495bSYour Name		 * the Common Info Length.
*5113495bSYour Name		 */
*5113495bSYour Name		if (mlieseqlen < (sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name				  WLAN_ML_BV_CINFO_LENGTH_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the EML capabilities.
*5113495bSYour Name		 */
*5113495bSYour Name		commoninfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		if (commoninfo_len < (eml_cap_offset +
*5113495bSYour Name				      WLAN_ML_BV_CINFO_EMLCAP_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		/* Common Info starts at mlieseq + sizeof(struct
*5113495bSYour Name		 * wlan_ie_multilink). Check if there is sufficient space in
*5113495bSYour Name		 * Common Info for the EML capability.
*5113495bSYour Name		 */
*5113495bSYour Name		if (mlieseqlen < (sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name				  eml_cap_offset +
*5113495bSYour Name				  WLAN_ML_BV_CINFO_EMLCAP_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*eml_cap_found = true;
*5113495bSYour Name		*eml_cap = qdf_le16_to_cpu(*(uint16_t *)(mlieseq +
*5113495bSYour Name							 sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name							 eml_cap_offset));
*5113495bSYour Name	}
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_msd_cap(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name			bool *msd_cap_found,
*5113495bSYour Name			uint16_t *msd_cap)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint8_t msd_cap_offset;
*5113495bSYour Name	uint8_t commoninfo_len;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !msd_cap_found || !msd_cap)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*msd_cap = 0;
*5113495bSYour Name	*msd_cap_found = false;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* msd_cap_offset stores the offset of MSD capabilities within
*5113495bSYour Name	 * Common Info
*5113495bSYour Name	 */
*5113495bSYour Name	msd_cap_offset = WLAN_ML_BV_CINFO_LENGTH_SIZE + QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P)
*5113495bSYour Name		msd_cap_offset += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P)
*5113495bSYour Name		msd_cap_offset += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P) {
*5113495bSYour Name		/* Common Info starts at
*5113495bSYour Name		 * mlieseq + sizeof(struct wlan_ie_multilink).
*5113495bSYour Name		 * Check if there is sufficient space in the buffer for
*5113495bSYour Name		 * the Common Info Length.
*5113495bSYour Name		 */
*5113495bSYour Name		if (mlieseqlen < (sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name				  WLAN_ML_BV_CINFO_LENGTH_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the MSD capabilities.
*5113495bSYour Name		 */
*5113495bSYour Name		commoninfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		if (commoninfo_len < (msd_cap_offset +
*5113495bSYour Name				      WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		/* Common Info starts at mlieseq + sizeof(struct
*5113495bSYour Name		 * wlan_ie_multilink). Check if there is sufficient space in
*5113495bSYour Name		 * Common Info for the MSD capability.
*5113495bSYour Name		 */
*5113495bSYour Name		if (mlieseqlen < (sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name				  msd_cap_offset +
*5113495bSYour Name				  WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*msd_cap_found = true;
*5113495bSYour Name		*msd_cap = qdf_le16_to_cpu(*(uint16_t *)(mlieseq +
*5113495bSYour Name							 sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name							 msd_cap_offset));
*5113495bSYour Name	} else {
*5113495bSYour Name		mlo_debug("MSD caps not found in assoc rsp");
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_mldmacaddr(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name			   struct qdf_mac_addr *mldmacaddr)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint8_t commoninfo_len;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !mldmacaddr)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_zero(mldmacaddr, sizeof(*mldmacaddr));
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	/* Common Info starts at mlieseq + sizeof(struct wlan_ie_multilink).
*5113495bSYour Name	 * Check if there is sufficient space in the buffer for the Common Info
*5113495bSYour Name	 * Length and MLD MAC address.
*5113495bSYour Name	 */
*5113495bSYour Name	if ((sizeof(struct wlan_ie_multilink) + WLAN_ML_BV_CINFO_LENGTH_SIZE +
*5113495bSYour Name	    QDF_MAC_ADDR_SIZE) > mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	/* Check if the value indicated in the Common Info Length subfield is
*5113495bSYour Name	 * sufficient to access the MLD MAC address.
*5113495bSYour Name	 */
*5113495bSYour Name	commoninfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name	if (commoninfo_len < (WLAN_ML_BV_CINFO_LENGTH_SIZE + QDF_MAC_ADDR_SIZE))
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(mldmacaddr->bytes,
*5113495bSYour Name		     mlieseq + sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name		     WLAN_ML_BV_CINFO_LENGTH_SIZE,
*5113495bSYour Name		     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_primary_linkid(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name			       bool *linkidfound, uint8_t *linkid)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name	uint8_t *commoninfo;
*5113495bSYour Name	qdf_size_t commoninfolen;
*5113495bSYour Name	uint8_t *linkidinfo;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !linkidfound || !linkid)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*linkidfound = false;
*5113495bSYour Name	*linkid = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = le16toh(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	commoninfo = mlieseq + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name	commoninfolen = 0;
*5113495bSYour Name	commoninfolen += WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name	if ((sizeof(struct wlan_ie_multilink) + commoninfolen) >
*5113495bSYour Name			mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	commoninfolen += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	if ((sizeof(struct wlan_ie_multilink) + commoninfolen) >
*5113495bSYour Name			mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P) {
*5113495bSYour Name		linkidinfo = commoninfo + commoninfolen;
*5113495bSYour Name		commoninfolen += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + commoninfolen) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*linkidfound = true;
*5113495bSYour Name		*linkid = QDF_GET_BITS(linkidinfo[0],
*5113495bSYour Name				       WLAN_ML_BV_CINFO_LINKIDINFO_LINKID_IDX,
*5113495bSYour Name				       WLAN_ML_BV_CINFO_LINKIDINFO_LINKID_BITS);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_mldcap(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name		       bool *mldcapfound, uint16_t *mldcap)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name	uint8_t *commoninfo;
*5113495bSYour Name	uint8_t commoninfo_len;
*5113495bSYour Name	qdf_size_t mldcap_offset;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !mldcapfound || !mldcap)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*mldcapfound = false;
*5113495bSYour Name	*mldcap = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_NOSUPPORT;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(util_validate_bv_mlie_min_seq_len(mlieseqlen)))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	commoninfo = mlieseq + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name	commoninfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name	/* mldcap_offset stores the offset of MLD Capabilities within
*5113495bSYour Name	 * Common Info
*5113495bSYour Name	 */
*5113495bSYour Name	mldcap_offset = WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name	mldcap_offset += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P) {
*5113495bSYour Name		mldcap_offset += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P) {
*5113495bSYour Name		mldcap_offset += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P) {
*5113495bSYour Name		mldcap_offset += WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_EMLCAP_P) {
*5113495bSYour Name		mldcap_offset += WLAN_ML_BV_CINFO_EMLCAP_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_BV_CTRL_PBM_MLDCAPANDOP_P) {
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the MLD capabilities.
*5113495bSYour Name		 */
*5113495bSYour Name		if (commoninfo_len < (mldcap_offset +
*5113495bSYour Name				      WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + mldcap_offset +
*5113495bSYour Name					WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE) >
*5113495bSYour Name				mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*mldcap = qdf_le16_to_cpu(*((uint16_t *)(commoninfo + mldcap_offset)));
*5113495bSYour Name		*mldcapfound = true;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_ext_mld_cap_op_info(uint8_t *mlie_seq,
*5113495bSYour Name				    qdf_size_t mlie_seqlen,
*5113495bSYour Name				    bool *ext_mld_cap_found,
*5113495bSYour Name				    uint16_t *ext_mld_cap)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t presence_bitmap;
*5113495bSYour Name	uint8_t *commoninfo;
*5113495bSYour Name	uint8_t commoninfo_len;
*5113495bSYour Name	qdf_size_t extmldcap_offset;
*5113495bSYour Name
*5113495bSYour Name	if (!mlie_seq || !mlie_seqlen || !ext_mld_cap_found || !ext_mld_cap)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*ext_mld_cap_found = false;
*5113495bSYour Name	*ext_mld_cap = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_seqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlie_seq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC)
*5113495bSYour Name		return QDF_STATUS_E_NOSUPPORT;
*5113495bSYour Name
*5113495bSYour Name	presence_bitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				       WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	commoninfo = mlie_seq + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name	commoninfo_len = *(mlie_seq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name	/* extmldcap_offset stores the offset of Ext MLD Capabilities and
*5113495bSYour Name	 * operations within the Common Info
*5113495bSYour Name	 */
*5113495bSYour Name
*5113495bSYour Name	extmldcap_offset = WLAN_ML_BV_CINFO_LENGTH_SIZE;
*5113495bSYour Name	extmldcap_offset += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_LINKIDINFO_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BV_CINFO_LINKIDINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_BSSPARAMCHANGECNT_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BSSPARAMCHNGCNT_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_MEDIUMSYNCDELAYINFO_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BV_CINFO_MEDMSYNCDELAYINFO_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_EMLCAP_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BV_CINFO_EMLCAP_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_MLDCAPANDOP_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BV_CINFO_MLDCAPANDOP_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_MLDID_P) {
*5113495bSYour Name		extmldcap_offset += WLAN_ML_BV_CINFO_MLDID_SIZE;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (presence_bitmap & WLAN_ML_BV_CTRL_PBM_EXT_MLDCAPANDOP_P) {
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the Ext MLD capabilities.
*5113495bSYour Name		 */
*5113495bSYour Name		if (commoninfo_len < (extmldcap_offset +
*5113495bSYour Name					WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + extmldcap_offset +
*5113495bSYour Name					WLAN_ML_BV_CINFO_EXT_MLDCAPANDOP_SIZE) >
*5113495bSYour Name				mlie_seqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*ext_mld_cap = qdf_le16_to_cpu(*((uint16_t *)(commoninfo +
*5113495bSYour Name						extmldcap_offset)));
*5113495bSYour Name
*5113495bSYour Name		*ext_mld_cap_found = true;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_bvmlie_persta_partner_info(uint8_t *mlieseq,
*5113495bSYour Name				    qdf_size_t mlieseqlen,
*5113495bSYour Name				    struct mlo_partner_info *partner_info)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint8_t *linkinfo;
*5113495bSYour Name	qdf_size_t linkinfo_len;
*5113495bSYour Name	struct mlo_partner_info pinfo = {0};
*5113495bSYour Name	qdf_size_t mlieseqpayloadlen;
*5113495bSYour Name	uint8_t *mlieseqpayload_copy;
*5113495bSYour Name	bool is_elemfragseq;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name
*5113495bSYour Name	qdf_size_t tmplen;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq) {
*5113495bSYour Name		mlo_err("Pointer to Multi-Link element sequence is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqlen) {
*5113495bSYour Name		mlo_err("Length of Multi-Link element sequence is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!partner_info) {
*5113495bSYour Name		mlo_err("partner_info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	partner_info->num_partner_links = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink)) {
*5113495bSYour Name		mlo_err_rl("Multi-Link element sequence length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
*5113495bSYour Name			   mlieseqlen, sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)) {
*5113495bSYour Name		mlo_err("The element is not a Multi-Link element");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = le16toh(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_BASIC) {
*5113495bSYour Name		mlo_err("The variant value %u does not correspond to Basic Variant value %u",
*5113495bSYour Name			variant, WLAN_ML_VARIANT_BASIC);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayloadlen = 0;
*5113495bSYour Name	tmplen = 0;
*5113495bSYour Name	is_elemfragseq = false;
*5113495bSYour Name
*5113495bSYour Name	ret = wlan_get_elem_fragseq_info(mlieseq,
*5113495bSYour Name					 mlieseqlen,
*5113495bSYour Name					 &is_elemfragseq,
*5113495bSYour Name					 &tmplen,
*5113495bSYour Name					 &mlieseqpayloadlen);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		if (tmplen != mlieseqlen) {
*5113495bSYour Name			mlo_err_rl("Mismatch in values of element fragment sequence total length. Val per frag info determination: %zu octets, val passed as arg: %zu octets",
*5113495bSYour Name				   tmplen, mlieseqlen);
*5113495bSYour Name			return QDF_STATUS_E_INVAL;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Multi-Link element fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlo_debug("Multi-Link element fragment sequence found with payload len %zu",
*5113495bSYour Name			  mlieseqpayloadlen);
*5113495bSYour Name	} else {
*5113495bSYour Name		if (mlieseqlen > (sizeof(struct ie_header) + WLAN_MAX_IE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Expected presence of valid fragment sequence since Multi-Link element sequence length %zu octets is larger than frag threshold of %zu octets, however no valid fragment sequence found",
*5113495bSYour Name				   mlieseqlen,
*5113495bSYour Name				   sizeof(struct ie_header) + WLAN_MAX_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlieseqpayloadlen = mlieseqlen - (sizeof(struct ie_header) + 1);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayload_copy = qdf_mem_malloc(mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload_copy) {
*5113495bSYour Name		mlo_err_rl("Could not allocate memory for Multi-Link element payload copy");
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		ret = wlan_defrag_elem_fragseq(false,
*5113495bSYour Name					       mlieseq,
*5113495bSYour Name					       mlieseqlen,
*5113495bSYour Name					       mlieseqpayload_copy,
*5113495bSYour Name					       mlieseqpayloadlen,
*5113495bSYour Name					       &defragpayload_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return ret;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (defragpayload_len != mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Length of de-fragmented payload %zu octets is not equal to length of Multi-Link element fragment sequence payload %zu octets",
*5113495bSYour Name				   defragpayload_len, mlieseqpayloadlen);
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		qdf_mem_copy(mlieseqpayload_copy,
*5113495bSYour Name			     mlieseq + sizeof(struct ie_header) + 1,
*5113495bSYour Name			     mlieseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	linkinfo = NULL;
*5113495bSYour Name	linkinfo_len = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_multi_link_ctrl(mlieseqpayload_copy,
*5113495bSYour Name					 mlieseqpayloadlen,
*5113495bSYour Name					 &linkinfo,
*5113495bSYour Name					 &linkinfo_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/*
*5113495bSYour Name	 * If Probe Request variant Multi-Link element in the Multi-Link probe
*5113495bSYour Name	 * request does not include any per-STA profile, then all APs affiliated
*5113495bSYour Name	 * with the same AP MLD as the AP identified in the Addr 1 or Addr 3
*5113495bSYour Name	 * field or AP MLD ID of the Multi-Link probe request are requested
*5113495bSYour Name	 * APs return success here
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_partner_info_from_linkinfo(linkinfo,
*5113495bSYour Name						    linkinfo_len,
*5113495bSYour Name						    &pinfo);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(partner_info, &pinfo, sizeof(*partner_info));
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_prvmlie_persta_link_id(uint8_t *mlieseq,
*5113495bSYour Name				qdf_size_t mlieseqlen,
*5113495bSYour Name				struct mlo_probereq_info *probereq_info)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint8_t *linkinfo;
*5113495bSYour Name	qdf_size_t linkinfo_len;
*5113495bSYour Name	qdf_size_t mlieseqpayloadlen;
*5113495bSYour Name	uint8_t *mlieseqpayload_copy;
*5113495bSYour Name	bool is_elemfragseq;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name
*5113495bSYour Name	qdf_size_t tmplen;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq) {
*5113495bSYour Name		mlo_err("Pointer to Multi-Link element sequence is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqlen) {
*5113495bSYour Name		mlo_err("Length of Multi-Link element sequence is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!probereq_info) {
*5113495bSYour Name		mlo_err("probe request_info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	probereq_info->num_links = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink)) {
*5113495bSYour Name		mlo_err_rl("Multi-Link element sequence length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
*5113495bSYour Name			   mlieseqlen, sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if ((mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM) ||
*5113495bSYour Name	    (mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)) {
*5113495bSYour Name		mlo_err("The element is not a Multi-Link element");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_PROBEREQ) {
*5113495bSYour Name		mlo_err("The variant value %u does not correspond to Probe Request Variant value %u",
*5113495bSYour Name			variant, WLAN_ML_VARIANT_PROBEREQ);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayloadlen = 0;
*5113495bSYour Name	tmplen = 0;
*5113495bSYour Name	is_elemfragseq = false;
*5113495bSYour Name
*5113495bSYour Name	ret = wlan_get_elem_fragseq_info(mlieseq,
*5113495bSYour Name					 mlieseqlen,
*5113495bSYour Name					 &is_elemfragseq,
*5113495bSYour Name					 &tmplen,
*5113495bSYour Name					 &mlieseqpayloadlen);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		if (tmplen != mlieseqlen) {
*5113495bSYour Name			mlo_err_rl("Mismatch in values of element fragment sequence total length. Val per frag info determination: %zu octets, val passed as arg: %zu octets",
*5113495bSYour Name				   tmplen, mlieseqlen);
*5113495bSYour Name			return QDF_STATUS_E_INVAL;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Multi-Link element fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlo_debug("Multi-Link element fragment sequence found with payload len %zu",
*5113495bSYour Name			  mlieseqpayloadlen);
*5113495bSYour Name	} else {
*5113495bSYour Name		if (mlieseqlen > (sizeof(struct ie_header) + WLAN_MAX_IE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Expected presence of valid fragment sequence since Multi-Link element sequence length %zu octets is larger than frag threshold of %zu octets, however no valid fragment sequence found",
*5113495bSYour Name				   mlieseqlen,
*5113495bSYour Name				   sizeof(struct ie_header) + WLAN_MAX_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlieseqpayloadlen = mlieseqlen - (sizeof(struct ie_header) + 1);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayload_copy = qdf_mem_malloc(mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload_copy) {
*5113495bSYour Name		mlo_err_rl("Could not allocate memory for Multi-Link element payload copy");
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (is_elemfragseq) {
*5113495bSYour Name		ret = wlan_defrag_elem_fragseq(false,
*5113495bSYour Name					       mlieseq,
*5113495bSYour Name					       mlieseqlen,
*5113495bSYour Name					       mlieseqpayload_copy,
*5113495bSYour Name					       mlieseqpayloadlen,
*5113495bSYour Name					       &defragpayload_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return ret;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (defragpayload_len != mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Length of de-fragmented payload %zu octets is not equal to length of Multi-Link element fragment sequence payload %zu octets",
*5113495bSYour Name				   defragpayload_len, mlieseqpayloadlen);
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		qdf_mem_copy(mlieseqpayload_copy,
*5113495bSYour Name			     mlieseq + sizeof(struct ie_header) + 1,
*5113495bSYour Name			     mlieseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	linkinfo = NULL;
*5113495bSYour Name	linkinfo_len = 0;
*5113495bSYour Name	ret = util_parse_prv_multi_link_ctrl(mlieseqpayload_copy,
*5113495bSYour Name					     mlieseqpayloadlen,
*5113495bSYour Name					     &linkinfo,
*5113495bSYour Name					     &linkinfo_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* In case Link Info is absent, the number of links will remain
*5113495bSYour Name	 * zero.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_debug("No link info present");
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_probereq_info_from_linkinfo(linkinfo,
*5113495bSYour Name						     linkinfo_len,
*5113495bSYour Name						     probereq_info);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_prvmlie_mldid(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name		       bool *mldidfound, uint8_t *mldid)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name	uint8_t *commoninfo;
*5113495bSYour Name	qdf_size_t commoninfolen;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !mldidfound || !mldid)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*mldidfound = false;
*5113495bSYour Name	*mldid = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_PROBEREQ)
*5113495bSYour Name		return QDF_STATUS_E_NOSUPPORT;
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	commoninfo = mlieseq + sizeof(struct wlan_ie_multilink);
*5113495bSYour Name	commoninfolen = WLAN_ML_PRV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (presencebitmap & WLAN_ML_PRV_CTRL_PBM_MLDID_P) {
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) + commoninfolen +
*5113495bSYour Name		     WLAN_ML_PRV_CINFO_MLDID_SIZE) >
*5113495bSYour Name		    mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		*mldid = *((uint8_t *)(commoninfo + commoninfolen));
*5113495bSYour Name		commoninfolen += WLAN_ML_PRV_CINFO_MLDID_SIZE;
*5113495bSYour Name
*5113495bSYour Name		*mldidfound = true;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS util_get_rvmlie_mldmacaddr(uint8_t *mlieseq, qdf_size_t mlieseqlen,
*5113495bSYour Name				      struct qdf_mac_addr *mldmacaddr,
*5113495bSYour Name				      bool *is_mldmacaddr_found)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presencebitmap;
*5113495bSYour Name	qdf_size_t rv_cinfo_len;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq || !mlieseqlen || !mldmacaddr || !is_mldmacaddr_found)
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name
*5113495bSYour Name	*is_mldmacaddr_found = false;
*5113495bSYour Name	qdf_mem_zero(mldmacaddr, sizeof(*mldmacaddr));
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink))
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_RECONFIG)
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name
*5113495bSYour Name	/* ML Reconfig Common Info Length field present */
*5113495bSYour Name	if ((sizeof(struct wlan_ie_multilink) + WLAN_ML_RV_CINFO_LENGTH_SIZE) >
*5113495bSYour Name	    mlieseqlen)
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name	rv_cinfo_len = *(mlieseq + sizeof(struct wlan_ie_multilink));
*5113495bSYour Name
*5113495bSYour Name	presencebitmap = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				      WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* Check if MLD mac address is present */
*5113495bSYour Name	if (presencebitmap & WLAN_ML_RV_CTRL_PBM_MLDMACADDR_P) {
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the MLD MAC address.
*5113495bSYour Name		 */
*5113495bSYour Name		if (rv_cinfo_len < (WLAN_ML_RV_CINFO_LENGTH_SIZE +
*5113495bSYour Name				    QDF_MAC_ADDR_SIZE))
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		if ((sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name		     WLAN_ML_RV_CINFO_LENGTH_SIZE + QDF_MAC_ADDR_SIZE) >
*5113495bSYour Name			mlieseqlen)
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name
*5113495bSYour Name		qdf_mem_copy(mldmacaddr->bytes,
*5113495bSYour Name			     mlieseq + sizeof(struct wlan_ie_multilink) +
*5113495bSYour Name			     WLAN_ML_RV_CINFO_LENGTH_SIZE,
*5113495bSYour Name			     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name		*is_mldmacaddr_found = true;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_rv_multi_link_ctrl(uint8_t *mlieseqpayload,
*5113495bSYour Name			      qdf_size_t mlieseqpayloadlen,
*5113495bSYour Name			      uint8_t **link_info,
*5113495bSYour Name			      qdf_size_t *link_info_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len, rv_cinfo_len;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	uint16_t presence_bm;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and length(s) of (sub)field(s)
*5113495bSYour Name	 * inferable after parsing the Multi Link element Control field. These
*5113495bSYour Name	 * location(s) and length(s) is/are in reference to the payload section
*5113495bSYour Name	 * of the Multi Link element (after defragmentation, if applicable).
*5113495bSYour Name	 * Here, the payload is the point after the element ID extension of the
*5113495bSYour Name	 * Multi Link element, and includes the payloads of all subsequent
*5113495bSYour Name	 * fragments (if any) but not the headers of those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the location and length of the Link
*5113495bSYour Name	 * Info field in the Multi Link element sequence. Other (sub)field(s)
*5113495bSYour Name	 * can be added later as required.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!mlieseqpayload) {
*5113495bSYour Name		mlo_err("ML seq payload pointer is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayloadlen) {
*5113495bSYour Name		mlo_err("ML seq payload len is 0");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen < WLAN_ML_CTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu < ML Control size %u",
*5113495bSYour Name			   mlieseqpayloadlen, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(&mlcontrol, mlieseqpayload, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlcontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_CTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen <
*5113495bSYour Name			(parsed_payload_len + WLAN_ML_RV_CINFO_LENGTH_SIZE)) {
*5113495bSYour Name		mlo_err_rl("ML rv seq payload len %zu insufficient for common info length size %u after parsed payload len %zu.",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   WLAN_ML_RV_CINFO_LENGTH_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	rv_cinfo_len = *(mlieseqpayload + parsed_payload_len);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_RV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	presence_bm = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_PBM_IDX,
*5113495bSYour Name				   WLAN_ML_CTRL_PBM_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* Check if MLD MAC address is present */
*5113495bSYour Name	if (presence_bm & WLAN_ML_RV_CTRL_PBM_MLDMACADDR_P) {
*5113495bSYour Name		/* Check if the value indicated in the Common Info Length
*5113495bSYour Name		 * subfield is sufficient to access the MLD MAC address.
*5113495bSYour Name		 * Note: In D3.0, MLD MAC address will not be present
*5113495bSYour Name		 * in ML Reconfig IE. But for code completeness, we
*5113495bSYour Name		 * should have below code to sanity check.
*5113495bSYour Name		 */
*5113495bSYour Name		if (rv_cinfo_len < (WLAN_ML_RV_CINFO_LENGTH_SIZE +
*5113495bSYour Name				    QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML rv Common Info Length %zu insufficient to access MLD MAC addr size %u.",
*5113495bSYour Name				   rv_cinfo_len,
*5113495bSYour Name				   QDF_MAC_ADDR_SIZE);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (mlieseqpayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name			mlo_err_rl("ML seq payload len %zu insufficient for MLD MAC size %u after parsed payload len %zu.",
*5113495bSYour Name				   mlieseqpayloadlen,
*5113495bSYour Name				   QDF_MAC_ADDR_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* At present, we only handle MAC address field in common info field.
*5113495bSYour Name	 * To be compatible with future spec updating, if new items are added
*5113495bSYour Name	 * to common info, below log will highlight the spec change.
*5113495bSYour Name	 */
*5113495bSYour Name	if (rv_cinfo_len != (parsed_payload_len - WLAN_ML_CTRL_SIZE))
*5113495bSYour Name		mlo_debug_rl("ML rv seq common info len %zu doesn't match with expected common info len %zu",
*5113495bSYour Name			     rv_cinfo_len,
*5113495bSYour Name			     parsed_payload_len - WLAN_ML_CTRL_SIZE);
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen < (WLAN_ML_CTRL_SIZE + rv_cinfo_len)) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu insufficient for rv link info after parsed mutli-link control %u and indicated Common Info length %zu",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   WLAN_ML_CTRL_SIZE,
*5113495bSYour Name			   rv_cinfo_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name	/* Update parsed_payload_len to reflect the actual bytes in common info
*5113495bSYour Name	 * field to be compatible with future spec updating.
*5113495bSYour Name	 */
*5113495bSYour Name	parsed_payload_len = WLAN_ML_CTRL_SIZE + rv_cinfo_len;
*5113495bSYour Name
*5113495bSYour Name	if (link_info_len) {
*5113495bSYour Name		*link_info_len = mlieseqpayloadlen - parsed_payload_len;
*5113495bSYour Name		mlo_debug("link_info_len:%zu, parsed_payload_len:%zu, rv_cinfo_len %zu ",
*5113495bSYour Name			  *link_info_len, parsed_payload_len, rv_cinfo_len);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen == parsed_payload_len) {
*5113495bSYour Name		mlo_debug("No Link Info field present");
*5113495bSYour Name		if (link_info)
*5113495bSYour Name			*link_info = NULL;
*5113495bSYour Name
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info)
*5113495bSYour Name		*link_info = mlieseqpayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_rvmlie_perstaprofile_stactrl(uint8_t *subelempayload,
*5113495bSYour Name					qdf_size_t subelempayloadlen,
*5113495bSYour Name					uint8_t *linkid,
*5113495bSYour Name					bool *is_macaddr_valid,
*5113495bSYour Name					struct qdf_mac_addr *macaddr,
*5113495bSYour Name					bool *is_ap_removal_timer_valid,
*5113495bSYour Name					uint16_t *ap_removal_timer)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len = 0, sta_info_len;
*5113495bSYour Name	qdf_size_t parsed_sta_info_len;
*5113495bSYour Name	uint16_t stacontrol;
*5113495bSYour Name	uint8_t completeprofile;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and where required, the length(s)
*5113495bSYour Name	 * of (sub)field(s) inferable after parsing the STA Control field in the
*5113495bSYour Name	 * per-STA profile subelement. These location(s) and length(s) is/are in
*5113495bSYour Name	 * reference to the payload section of the per-STA profile subelement
*5113495bSYour Name	 * (after defragmentation, if applicable).  Here, the payload is the
*5113495bSYour Name	 * point after the subelement length in the subelement, and includes the
*5113495bSYour Name	 * payloads of all subsequent fragments (if any) but not the headers of
*5113495bSYour Name	 * those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the link ID, MAC address, AP removal
*5113495bSYour Name	 * timer and STA profile. More (sub)fields can be added when required.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!subelempayload) {
*5113495bSYour Name		mlo_err("Pointer to subelement payload is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayloadlen) {
*5113495bSYour Name		mlo_err("Length of subelement payload is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen < WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu octets is smaller than STA control field of per-STA profile subelement %u octets",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name	qdf_mem_copy(&stacontrol,
*5113495bSYour Name		     subelempayload,
*5113495bSYour Name		     WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name
*5113495bSYour Name	stacontrol = qdf_le16_to_cpu(stacontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (linkid)
*5113495bSYour Name		*linkid = QDF_GET_BITS(stacontrol,
*5113495bSYour Name				WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_LINKID_IDX,
*5113495bSYour Name				WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_LINKID_BITS);
*5113495bSYour Name
*5113495bSYour Name	/* Check if this a complete profile */
*5113495bSYour Name	completeprofile = QDF_GET_BITS(stacontrol,
*5113495bSYour Name				WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_IDX,
*5113495bSYour Name				WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_CMPLTPROF_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (is_macaddr_valid)
*5113495bSYour Name		*is_macaddr_valid = false;
*5113495bSYour Name	if (subelempayloadlen < parsed_payload_len +
*5113495bSYour Name		WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE) {
*5113495bSYour Name		mlo_err_rl("Length of subelement payload %zu octets not sufficient for sta info length of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name			   subelempayloadlen, WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	sta_info_len = *(subelempayload + parsed_payload_len);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE;
*5113495bSYour Name	parsed_sta_info_len = WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	/* Check STA MAC address present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_STAMACADDRP_IDX,
*5113495bSYour Name			 WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_STAMACADDRP_BITS)) {
*5113495bSYour Name		if (sta_info_len < (parsed_sta_info_len + QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of sta info len %zu octets not sufficient to contain MAC address of size %u octets after parsed sta info length of %zu octets.",
*5113495bSYour Name				   sta_info_len, QDF_MAC_ADDR_SIZE,
*5113495bSYour Name				   parsed_sta_info_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len + QDF_MAC_ADDR_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain MAC address of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen, QDF_MAC_ADDR_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (macaddr) {
*5113495bSYour Name			qdf_mem_copy(macaddr->bytes,
*5113495bSYour Name				     subelempayload + parsed_payload_len,
*5113495bSYour Name				     QDF_MAC_ADDR_SIZE);
*5113495bSYour Name			mlo_nofl_debug("Copied MAC address: " QDF_MAC_ADDR_FMT,
*5113495bSYour Name				       QDF_MAC_ADDR_REF(macaddr->bytes));
*5113495bSYour Name
*5113495bSYour Name			if (is_macaddr_valid)
*5113495bSYour Name				*is_macaddr_valid = true;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name		parsed_sta_info_len += QDF_MAC_ADDR_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* Check AP Removal timer present bit */
*5113495bSYour Name	if (QDF_GET_BITS(stacontrol,
*5113495bSYour Name			 WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_APREMOVALTIMERP_IDX,
*5113495bSYour Name			 WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_APREMOVALTIMERP_BITS)) {
*5113495bSYour Name		if (sta_info_len <
*5113495bSYour Name				(parsed_sta_info_len +
*5113495bSYour Name				 WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of sta info len %zu octets not sufficient to contain AP removal timer of size %u octets after parsed sta info length of %zu octets.",
*5113495bSYour Name				   sta_info_len, WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE,
*5113495bSYour Name				   parsed_sta_info_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name				(parsed_payload_len +
*5113495bSYour Name				 WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE)) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain AP removal timer of size %u octets after parsed payload length of %zu octets.",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (ap_removal_timer) {
*5113495bSYour Name			qdf_mem_copy(ap_removal_timer,
*5113495bSYour Name				     subelempayload + parsed_payload_len,
*5113495bSYour Name				     WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE);
*5113495bSYour Name
*5113495bSYour Name			if (is_ap_removal_timer_valid)
*5113495bSYour Name				*is_ap_removal_timer_valid = true;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		parsed_payload_len +=
*5113495bSYour Name			WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE;
*5113495bSYour Name		parsed_sta_info_len += WLAN_ML_RV_LINFO_PERSTAPROF_STAINFO_APREMOVALTIMER_SIZE;
*5113495bSYour Name	}
*5113495bSYour Name	/* At present, we only handle link MAC address field and ap removal
*5113495bSYour Name	 * timer tbtt field parsing. To be compatible with future spec
*5113495bSYour Name	 * updating, if new items are added to sta info, below log will
*5113495bSYour Name	 * highlight the spec change.
*5113495bSYour Name	 */
*5113495bSYour Name	if (sta_info_len != (parsed_payload_len -
*5113495bSYour Name			     WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE))
*5113495bSYour Name		mlo_debug_rl("Length of sta info len %zu octets not match parsed payload length of %zu octets.",
*5113495bSYour Name			     sta_info_len,
*5113495bSYour Name			     parsed_payload_len -
*5113495bSYour Name			     WLAN_ML_RV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_rv_info_from_linkinfo(uint8_t *linkinfo,
*5113495bSYour Name				 qdf_size_t linkinfo_len,
*5113495bSYour Name				 struct ml_rv_info *reconfig_info)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t linkid;
*5113495bSYour Name	uint8_t *linkinfo_currpos;
*5113495bSYour Name	qdf_size_t linkinfo_remlen;
*5113495bSYour Name	bool is_subelemfragseq;
*5113495bSYour Name	uint8_t subelemid;
*5113495bSYour Name	qdf_size_t subelemseqtotallen;
*5113495bSYour Name	qdf_size_t subelemseqpayloadlen;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name	struct qdf_mac_addr mac_addr;
*5113495bSYour Name	bool is_macaddr_valid;
*5113495bSYour Name	bool is_ap_removal_timer_valid;
*5113495bSYour Name	uint16_t ap_removal_timer;
*5113495bSYour Name
*5113495bSYour Name	/* This helper function parses probe request info from the per-STA prof
*5113495bSYour Name	 * present (if any) in the Link Info field in the payload of a Multi
*5113495bSYour Name	 * Link element (after defragmentation if required). The caller should
*5113495bSYour Name	 * pass a copy of the payload so that inline defragmentation of
*5113495bSYour Name	 * subelements can be carried out if required. The subelement
*5113495bSYour Name	 * defragmentation (if applicable) in this Control Path helper is
*5113495bSYour Name	 * required for maintainability, accuracy and eliminating current and
*5113495bSYour Name	 * future per-field-access multi-level fragment boundary checks and
*5113495bSYour Name	 * adjustments, given the complex format of Multi Link elements. It is
*5113495bSYour Name	 * also most likely to be required mainly at the client side.
*5113495bSYour Name	 * Fragmentation is currently unlikely to be required for subelements
*5113495bSYour Name	 * in Reconfiguration variant Multi-Link elements, but it should be
*5113495bSYour Name	 * handled in order to be future ready.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_err("linkinfo is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo_len) {
*5113495bSYour Name		mlo_err("linkinfo_len is zero");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!reconfig_info) {
*5113495bSYour Name		mlo_err("ML reconfig info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	reconfig_info->num_links = 0;
*5113495bSYour Name	linkinfo_currpos = linkinfo;
*5113495bSYour Name	linkinfo_remlen = linkinfo_len;
*5113495bSYour Name
*5113495bSYour Name	while (linkinfo_remlen) {
*5113495bSYour Name		if (linkinfo_remlen <  sizeof(struct subelem_header)) {
*5113495bSYour Name			mlo_err_rl("Remaining length in link info %zu octets is smaller than subelement header length %zu octets",
*5113495bSYour Name				   linkinfo_remlen,
*5113495bSYour Name				   sizeof(struct subelem_header));
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		subelemid = linkinfo_currpos[ID_POS];
*5113495bSYour Name		is_subelemfragseq = false;
*5113495bSYour Name		subelemseqtotallen = 0;
*5113495bSYour Name		subelemseqpayloadlen = 0;
*5113495bSYour Name
*5113495bSYour Name		ret = wlan_get_subelem_fragseq_info(WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name						    linkinfo_currpos,
*5113495bSYour Name						    linkinfo_remlen,
*5113495bSYour Name						    &is_subelemfragseq,
*5113495bSYour Name						    &subelemseqtotallen,
*5113495bSYour Name						    &subelemseqpayloadlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			return ret;
*5113495bSYour Name
*5113495bSYour Name		if (qdf_unlikely(is_subelemfragseq)) {
*5113495bSYour Name			if (!subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Subelement fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Subelement fragment sequence found with payload len %zu",
*5113495bSYour Name				  subelemseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name			ret = wlan_defrag_subelem_fragseq(true,
*5113495bSYour Name							  WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name							  linkinfo_currpos,
*5113495bSYour Name							  linkinfo_remlen,
*5113495bSYour Name							  NULL,
*5113495bSYour Name							  0,
*5113495bSYour Name							  &defragpayload_len);
*5113495bSYour Name
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (defragpayload_len != subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Length of defragmented payload %zu octets is not equal to length of subelement fragment sequence payload %zu octets",
*5113495bSYour Name					   defragpayload_len,
*5113495bSYour Name					   subelemseqpayloadlen);
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			/* Adjust linkinfo_remlen to reflect removal of all
*5113495bSYour Name			 * subelement headers except the header of the lead
*5113495bSYour Name			 * subelement.
*5113495bSYour Name			 */
*5113495bSYour Name			linkinfo_remlen -= (subelemseqtotallen -
*5113495bSYour Name					    subelemseqpayloadlen -
*5113495bSYour Name					    sizeof(struct subelem_header));
*5113495bSYour Name		} else {
*5113495bSYour Name			if (linkinfo_remlen <
*5113495bSYour Name				(sizeof(struct subelem_header) +
*5113495bSYour Name				linkinfo_currpos[TAG_LEN_POS])) {
*5113495bSYour Name				mlo_err_rl("Remaining length in link info %zu octets is smaller than total size of current subelement %zu octets",
*5113495bSYour Name					   linkinfo_remlen,
*5113495bSYour Name					   sizeof(struct subelem_header) +
*5113495bSYour Name					   linkinfo_currpos[TAG_LEN_POS]);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			subelemseqpayloadlen = linkinfo_currpos[TAG_LEN_POS];
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelemid == WLAN_ML_LINFO_SUBELEMID_PERSTAPROFILE) {
*5113495bSYour Name			struct ml_rv_partner_link_info *link_info;
*5113495bSYour Name			is_macaddr_valid = false;
*5113495bSYour Name			is_ap_removal_timer_valid = false;
*5113495bSYour Name			ret = util_parse_rvmlie_perstaprofile_stactrl(linkinfo_currpos +
*5113495bSYour Name								      sizeof(struct subelem_header),
*5113495bSYour Name								      subelemseqpayloadlen,
*5113495bSYour Name								      &linkid,
*5113495bSYour Name								      &is_macaddr_valid,
*5113495bSYour Name								      &mac_addr,
*5113495bSYour Name								      &is_ap_removal_timer_valid,
*5113495bSYour Name								      &ap_removal_timer);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name			if (reconfig_info->num_links >=
*5113495bSYour Name						WLAN_UMAC_MLO_MAX_VDEVS) {
*5113495bSYour Name				mlo_err("num_link %d invalid",
*5113495bSYour Name					reconfig_info->num_links);
*5113495bSYour Name				return QDF_STATUS_E_INVAL;
*5113495bSYour Name			}
*5113495bSYour Name			link_info =
*5113495bSYour Name			&reconfig_info->link_info[reconfig_info->num_links];
*5113495bSYour Name			link_info->link_id = linkid;
*5113495bSYour Name			link_info->is_ap_removal_timer_p = is_ap_removal_timer_valid;
*5113495bSYour Name			if (is_macaddr_valid)
*5113495bSYour Name				qdf_copy_macaddr(&link_info->link_mac_addr,
*5113495bSYour Name						 &mac_addr);
*5113495bSYour Name
*5113495bSYour Name			if (is_ap_removal_timer_valid)
*5113495bSYour Name				link_info->ap_removal_timer = ap_removal_timer;
*5113495bSYour Name			else
*5113495bSYour Name				mlo_warn_rl("AP removal timer not found in STA Info field of per-STA profile with link ID %u",
*5113495bSYour Name					    linkid);
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Per-STA Profile Link ID: %u AP removal timer present: %d AP removal timer: %u",
*5113495bSYour Name				  link_info->link_id,
*5113495bSYour Name				  link_info->is_ap_removal_timer_p,
*5113495bSYour Name				  link_info->ap_removal_timer);
*5113495bSYour Name
*5113495bSYour Name			reconfig_info->num_links++;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		linkinfo_remlen -= (sizeof(struct subelem_header) +
*5113495bSYour Name				    subelemseqpayloadlen);
*5113495bSYour Name		linkinfo_currpos += (sizeof(struct subelem_header) +
*5113495bSYour Name				     subelemseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Number of ML probe request links found=%u",
*5113495bSYour Name		  reconfig_info->num_links);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS util_get_rvmlie_persta_link_info(uint8_t *mlieseq,
*5113495bSYour Name					    qdf_size_t mlieseqlen,
*5113495bSYour Name					    struct ml_rv_info *reconfig_info)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint8_t *linkinfo;
*5113495bSYour Name	qdf_size_t linkinfo_len;
*5113495bSYour Name	struct ml_rv_info rinfo = {0};
*5113495bSYour Name	qdf_size_t mlieseqpayloadlen;
*5113495bSYour Name	uint8_t *mlieseqpayload_copy;
*5113495bSYour Name	bool is_elemfragseq;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	qdf_size_t tmplen;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq) {
*5113495bSYour Name		mlo_err("Pointer to Multi-Link element sequence is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqlen) {
*5113495bSYour Name		mlo_err("Length of Multi-Link element sequence is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!reconfig_info) {
*5113495bSYour Name		mlo_err("reconfig_info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	reconfig_info->num_links = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink)) {
*5113495bSYour Name		mlo_err_rl("Multi-Link element sequence length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
*5113495bSYour Name			   mlieseqlen, sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK) {
*5113495bSYour Name		mlo_err("The element is not a Multi-Link element");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_RECONFIG) {
*5113495bSYour Name		mlo_err("The variant value %u does not correspond to Reconfig Variant value %u",
*5113495bSYour Name			variant, WLAN_ML_VARIANT_RECONFIG);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayloadlen = 0;
*5113495bSYour Name	tmplen = 0;
*5113495bSYour Name	is_elemfragseq = false;
*5113495bSYour Name
*5113495bSYour Name	ret = wlan_get_elem_fragseq_info(mlieseq,
*5113495bSYour Name					 mlieseqlen,
*5113495bSYour Name					 &is_elemfragseq,
*5113495bSYour Name					 &tmplen,
*5113495bSYour Name					 &mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (qdf_unlikely(is_elemfragseq)) {
*5113495bSYour Name		if (tmplen != mlieseqlen) {
*5113495bSYour Name			mlo_err_rl("Mismatch in values of element fragment sequence total length. Val per frag info determination: %zu octets, val passed as arg: %zu octets",
*5113495bSYour Name				   tmplen, mlieseqlen);
*5113495bSYour Name			return QDF_STATUS_E_INVAL;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Multi-Link element fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlo_debug("Multi-Link element fragment sequence found with payload len %zu",
*5113495bSYour Name			  mlieseqpayloadlen);
*5113495bSYour Name	} else {
*5113495bSYour Name		if (mlieseqlen > (sizeof(struct ie_header) + WLAN_MAX_IE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Expected presence of valid fragment sequence since Multi-Link element sequence length %zu octets is larger than frag threshold of %zu octets, however no valid fragment sequence found",
*5113495bSYour Name				   mlieseqlen,
*5113495bSYour Name				   sizeof(struct ie_header) + WLAN_MAX_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlieseqpayloadlen = mlieseqlen - (sizeof(struct ie_header) + 1);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayload_copy = qdf_mem_malloc(mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload_copy) {
*5113495bSYour Name		mlo_err_rl("Could not allocate memory for Multi-Link element payload copy");
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (qdf_unlikely(is_elemfragseq)) {
*5113495bSYour Name		ret = wlan_defrag_elem_fragseq(false,
*5113495bSYour Name					       mlieseq,
*5113495bSYour Name					       mlieseqlen,
*5113495bSYour Name					       mlieseqpayload_copy,
*5113495bSYour Name					       mlieseqpayloadlen,
*5113495bSYour Name					       &defragpayload_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return ret;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (defragpayload_len != mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Length of de-fragmented payload %zu octets is not equal to length of Multi-Link element fragment sequence payload %zu octets",
*5113495bSYour Name				   defragpayload_len, mlieseqpayloadlen);
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		qdf_mem_copy(mlieseqpayload_copy,
*5113495bSYour Name			     mlieseq + sizeof(struct ie_header) + 1,
*5113495bSYour Name			     mlieseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	linkinfo = NULL;
*5113495bSYour Name	linkinfo_len = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_rv_multi_link_ctrl(mlieseqpayload_copy,
*5113495bSYour Name					    mlieseqpayloadlen,
*5113495bSYour Name					    &linkinfo,
*5113495bSYour Name					    &linkinfo_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* In case Link Info is absent, the number of links will remain
*5113495bSYour Name	 * zero.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_rv_info_from_linkinfo(linkinfo, linkinfo_len, &rinfo);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(reconfig_info, &rinfo, sizeof(*reconfig_info));
*5113495bSYour Name	qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_pa_multi_link_ctrl(uint8_t *mlieseqpayload,
*5113495bSYour Name			      qdf_size_t mlieseqpayloadlen,
*5113495bSYour Name			      uint8_t **link_info,
*5113495bSYour Name			      qdf_size_t *link_info_len)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and length(s) of (sub)field(s)
*5113495bSYour Name	 * inferable after parsing the Multi Link element Control field. These
*5113495bSYour Name	 * location(s) and length(s) is/are in reference to the payload section
*5113495bSYour Name	 * of the Multi Link element (after defragmentation, if applicable).
*5113495bSYour Name	 * Here, the payload is the point after the element ID extension of the
*5113495bSYour Name	 * Multi Link element, and includes the payloads of all subsequent
*5113495bSYour Name	 * fragments (if any) but not the headers of those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the location and length of the Link
*5113495bSYour Name	 * Info field in the Multi Link element sequence. Other (sub)field(s)
*5113495bSYour Name	 * can be added later as required.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!mlieseqpayload) {
*5113495bSYour Name		mlo_err("ML seq payload pointer is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayloadlen) {
*5113495bSYour Name		mlo_err("ML seq payload len is 0");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen < WLAN_ML_CTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu < ML Control size %u",
*5113495bSYour Name			   mlieseqpayloadlen, WLAN_ML_CTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len += WLAN_ML_CTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen <
*5113495bSYour Name		(parsed_payload_len +
*5113495bSYour Name		WLAN_ML_PAV_CINFO_LENGTH_MAX)) {
*5113495bSYour Name		mlo_err_rl("ML seq payload len %zu insufficient for MLD cmn size %u after parsed payload len %zu.",
*5113495bSYour Name			   mlieseqpayloadlen,
*5113495bSYour Name			   WLAN_ML_PAV_CINFO_LENGTH_MAX,
*5113495bSYour Name			   parsed_payload_len);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len += QDF_MAC_ADDR_SIZE + WLAN_ML_PAV_CINFO_LENGTH_SIZE;
*5113495bSYour Name
*5113495bSYour Name	if (link_info_len) {
*5113495bSYour Name		*link_info_len = mlieseqpayloadlen - parsed_payload_len;
*5113495bSYour Name		mlo_debug("link_info_len:%zu, parsed_payload_len:%zu",
*5113495bSYour Name			  *link_info_len, parsed_payload_len);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqpayloadlen == parsed_payload_len) {
*5113495bSYour Name		mlo_debug("No Link Info field present");
*5113495bSYour Name		if (link_info)
*5113495bSYour Name			*link_info = NULL;
*5113495bSYour Name
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (link_info)
*5113495bSYour Name		*link_info = mlieseqpayload + parsed_payload_len;
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_pamlie_perstaprofile_stactrl(uint8_t *subelempayload,
*5113495bSYour Name					qdf_size_t subelempayloadlen,
*5113495bSYour Name					struct ml_pa_partner_link_info *pa_link_info)
*5113495bSYour Name{
*5113495bSYour Name	qdf_size_t parsed_payload_len = 0;
*5113495bSYour Name	uint16_t stacontrol;
*5113495bSYour Name	struct ie_header *ie;
*5113495bSYour Name	struct extn_ie_header *extn_ie;
*5113495bSYour Name
*5113495bSYour Name	/* This helper returns the location(s) and where required, the length(s)
*5113495bSYour Name	 * of (sub)field(s) inferable after parsing the STA Control field in the
*5113495bSYour Name	 * per-STA profile subelement. These location(s) and length(s) is/are in
*5113495bSYour Name	 * reference to the payload section of the per-STA profile subelement
*5113495bSYour Name	 * (after defragmentation, if applicable).  Here, the payload is the
*5113495bSYour Name	 * point after the subelement length in the subelement, and includes the
*5113495bSYour Name	 * payloads of all subsequent fragments (if any) but not the headers of
*5113495bSYour Name	 * those fragments.
*5113495bSYour Name	 *
*5113495bSYour Name	 * Currently, the helper returns the priority access link information
*5113495bSYour Name	 * for all parner links.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!subelempayload) {
*5113495bSYour Name		mlo_err("Pointer to subelement payload is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!subelempayloadlen) {
*5113495bSYour Name		mlo_err("Length of subelement payload is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (subelempayloadlen < WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_SIZE) {
*5113495bSYour Name		mlo_err_rl("Subelement payload length %zu octets is smaller than STA control field of per-STA profile subelement %u octets",
*5113495bSYour Name			   subelempayloadlen,
*5113495bSYour Name			   WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name		return QDF_STATUS_E_PROTO;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	parsed_payload_len = 0;
*5113495bSYour Name	qdf_mem_copy(&stacontrol,
*5113495bSYour Name		     subelempayload,
*5113495bSYour Name		     WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_SIZE);
*5113495bSYour Name
*5113495bSYour Name	stacontrol = qdf_le16_to_cpu(stacontrol);
*5113495bSYour Name	parsed_payload_len += WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	subelempayload += WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_SIZE;
*5113495bSYour Name
*5113495bSYour Name	pa_link_info->link_id =
*5113495bSYour Name		QDF_GET_BITS(stacontrol,
*5113495bSYour Name			     WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_LINKID_IDX,
*5113495bSYour Name			     WLAN_ML_PAV_LINFO_PERSTAPROF_STACTRL_LINKID_BITS);
*5113495bSYour Name
*5113495bSYour Name	pa_link_info->edca_ie_present = false;
*5113495bSYour Name	pa_link_info->ven_wme_ie_present = false;
*5113495bSYour Name	pa_link_info->muedca_ie_present = false;
*5113495bSYour Name
*5113495bSYour Name	do {
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name			(parsed_payload_len +
*5113495bSYour Name			sizeof(struct ie_header))) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain min ie length %zu after parsed payload length of %zu octets",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   sizeof(struct ie_header),
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		ie = (struct ie_header *)subelempayload;
*5113495bSYour Name
*5113495bSYour Name		if (subelempayloadlen <
*5113495bSYour Name			(parsed_payload_len +
*5113495bSYour Name			(sizeof(struct ie_header) + ie->ie_len))) {
*5113495bSYour Name			mlo_err_rl("Length of subelement payload %zu octets not sufficient to contain ie length %zu after parsed payload length of %zu octets",
*5113495bSYour Name				   subelempayloadlen,
*5113495bSYour Name				   sizeof(struct ie_header) + ie->ie_len,
*5113495bSYour Name				   parsed_payload_len);
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		switch (ie->ie_id) {
*5113495bSYour Name		case WLAN_ELEMID_EDCAPARMS:
*5113495bSYour Name			if (pa_link_info->ven_wme_ie_present) {
*5113495bSYour Name				/* WME parameters already present
*5113495bSYour Name				 * use that one instead of EDCA */
*5113495bSYour Name				break;
*5113495bSYour Name			}
*5113495bSYour Name			if (ie->ie_len == (sizeof(struct edca_ie) -
*5113495bSYour Name			    sizeof(struct ie_header))) {
*5113495bSYour Name				pa_link_info->edca_ie_present = true;
*5113495bSYour Name				qdf_mem_copy(&pa_link_info->edca,
*5113495bSYour Name					     subelempayload,
*5113495bSYour Name					     sizeof(struct edca_ie));
*5113495bSYour Name			} else {
*5113495bSYour Name				epcs_debug("Invalid edca length %d in PAV IE",
*5113495bSYour Name					   ie->ie_len);
*5113495bSYour Name			}
*5113495bSYour Name			break;
*5113495bSYour Name		case WLAN_ELEMID_VENDOR:
*5113495bSYour Name			if (is_wme_param((uint8_t *)ie) &&
*5113495bSYour Name			    (ie->ie_len == WLAN_VENDOR_WME_IE_LEN)) {
*5113495bSYour Name				pa_link_info->ven_wme_ie_present = true;
*5113495bSYour Name				qdf_mem_copy(&pa_link_info->ven_wme_ie_bytes,
*5113495bSYour Name					     subelempayload,
*5113495bSYour Name					     sizeof(WLAN_VENDOR_WME_IE_LEN +
*5113495bSYour Name						    sizeof(struct ie_header)));
*5113495bSYour Name				pa_link_info->edca_ie_present = false;
*5113495bSYour Name			} else {
*5113495bSYour Name				epcs_debug("Unrelated Venfor IE reecived ie_id %d ie_len %d",
*5113495bSYour Name					   ie->ie_id,
*5113495bSYour Name					   ie->ie_len);
*5113495bSYour Name			}
*5113495bSYour Name			break;
*5113495bSYour Name		case WLAN_ELEMID_EXTN_ELEM:
*5113495bSYour Name			extn_ie = (struct extn_ie_header *)ie;
*5113495bSYour Name			switch (extn_ie->ie_extn_id) {
*5113495bSYour Name			case WLAN_EXTN_ELEMID_MUEDCA:
*5113495bSYour Name				if (extn_ie->ie_len == WLAN_MAX_MUEDCA_IE_LEN) {
*5113495bSYour Name					pa_link_info->muedca_ie_present = true;
*5113495bSYour Name					qdf_mem_copy(&pa_link_info->muedca,
*5113495bSYour Name						     subelempayload,
*5113495bSYour Name						     sizeof(struct muedca_ie));
*5113495bSYour Name				} else {
*5113495bSYour Name					epcs_debug("Invalid muedca length %d in PAV IE",
*5113495bSYour Name						   ie->ie_len);
*5113495bSYour Name				}
*5113495bSYour Name				break;
*5113495bSYour Name			default:
*5113495bSYour Name				epcs_debug("Unrelated Extn IE reecived ie_id %d ie_len %d extid %d IN PAV IE",
*5113495bSYour Name					   ie->ie_id,
*5113495bSYour Name					   ie->ie_len,
*5113495bSYour Name					   extn_ie->ie_extn_id);
*5113495bSYour Name				break;
*5113495bSYour Name			}
*5113495bSYour Name			break;
*5113495bSYour Name		default:
*5113495bSYour Name			epcs_debug("Unrelated IE reecived ie_id %d ie_len %d in PAV IE",
*5113495bSYour Name				   ie->ie_id,
*5113495bSYour Name				   ie->ie_len);
*5113495bSYour Name			break;
*5113495bSYour Name		}
*5113495bSYour Name		subelempayload += ie->ie_len + sizeof(struct ie_header);
*5113495bSYour Name		parsed_payload_len += ie->ie_len + sizeof(struct ie_header);
*5113495bSYour Name	} while (parsed_payload_len < subelempayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (parsed_payload_len != subelempayloadlen)
*5113495bSYour Name		epcs_debug("Error in processing per sta profile of PA ML IE %zu %zu",
*5113495bSYour Name			   parsed_payload_len,
*5113495bSYour Name			   subelempayloadlen);
*5113495bSYour Name
*5113495bSYour Name	epcs_debug("Link id %d presence of edca %d muedca %d wme %d",
*5113495bSYour Name		   pa_link_info->link_id,
*5113495bSYour Name		   pa_link_info->edca_ie_present,
*5113495bSYour Name		   pa_link_info->muedca_ie_present,
*5113495bSYour Name		   pa_link_info->ven_wme_ie_present);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Namestatic QDF_STATUS
*5113495bSYour Nameutil_parse_pa_info_from_linkinfo(uint8_t *linkinfo,
*5113495bSYour Name				 qdf_size_t linkinfo_len,
*5113495bSYour Name				 struct ml_pa_info *pa_info)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t *linkinfo_currpos;
*5113495bSYour Name	qdf_size_t linkinfo_remlen;
*5113495bSYour Name	bool is_subelemfragseq;
*5113495bSYour Name	uint8_t subelemid;
*5113495bSYour Name	qdf_size_t subelemseqtotallen;
*5113495bSYour Name	qdf_size_t subelemseqpayloadlen;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	/* This helper function parses priority access info from the per-STA
*5113495bSYour Name	 * prof present (if any) in the Link Info field in the payload of a
*5113495bSYour Name	 * Multi Link element (after defragmentation if required). The caller
*5113495bSYour Name	 * should pass a copy of the payload so that inline defragmentation of
*5113495bSYour Name	 * subelements can be carried out if required. The subelement
*5113495bSYour Name	 * defragmentation (if applicable) in this Control Path helper is
*5113495bSYour Name	 * required for maintainability, accuracy and eliminating current and
*5113495bSYour Name	 * future per-field-access multi-level fragment boundary checks and
*5113495bSYour Name	 * adjustments, given the complex format of Multi Link elements. It is
*5113495bSYour Name	 * also most likely to be required mainly at the client side.
*5113495bSYour Name	 * Fragmentation is currently unlikely to be required for subelements
*5113495bSYour Name	 * in Reconfiguration variant Multi-Link elements, but it should be
*5113495bSYour Name	 * handled in order to be future ready.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		mlo_err("linkinfo is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!linkinfo_len) {
*5113495bSYour Name		mlo_err("linkinfo_len is zero");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!pa_info) {
*5113495bSYour Name		mlo_err("ML pa info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	pa_info->num_links = 0;
*5113495bSYour Name	linkinfo_currpos = linkinfo;
*5113495bSYour Name	linkinfo_remlen = linkinfo_len;
*5113495bSYour Name
*5113495bSYour Name	while (linkinfo_remlen) {
*5113495bSYour Name		if (linkinfo_remlen <  sizeof(struct subelem_header)) {
*5113495bSYour Name			mlo_err_rl("Remaining length in link info %zu octets is smaller than subelement header length %zu octets",
*5113495bSYour Name				   linkinfo_remlen,
*5113495bSYour Name				   sizeof(struct subelem_header));
*5113495bSYour Name			return QDF_STATUS_E_PROTO;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		subelemid = linkinfo_currpos[ID_POS];
*5113495bSYour Name		is_subelemfragseq = false;
*5113495bSYour Name		subelemseqtotallen = 0;
*5113495bSYour Name		subelemseqpayloadlen = 0;
*5113495bSYour Name
*5113495bSYour Name		ret = wlan_get_subelem_fragseq_info(WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name						    linkinfo_currpos,
*5113495bSYour Name						    linkinfo_remlen,
*5113495bSYour Name						    &is_subelemfragseq,
*5113495bSYour Name						    &subelemseqtotallen,
*5113495bSYour Name						    &subelemseqpayloadlen);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name			return ret;
*5113495bSYour Name
*5113495bSYour Name		if (qdf_unlikely(is_subelemfragseq)) {
*5113495bSYour Name			if (!subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Subelement fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			mlo_debug("Subelement fragment sequence found with payload len %zu",
*5113495bSYour Name				  subelemseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name			ret = wlan_defrag_subelem_fragseq(true,
*5113495bSYour Name							  WLAN_ML_LINFO_SUBELEMID_FRAGMENT,
*5113495bSYour Name							  linkinfo_currpos,
*5113495bSYour Name							  linkinfo_remlen,
*5113495bSYour Name							  NULL,
*5113495bSYour Name							  0,
*5113495bSYour Name							  &defragpayload_len);
*5113495bSYour Name
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name
*5113495bSYour Name			if (defragpayload_len != subelemseqpayloadlen) {
*5113495bSYour Name				mlo_err_rl("Length of defragmented payload %zu octets is not equal to length of subelement fragment sequence payload %zu octets",
*5113495bSYour Name					   defragpayload_len,
*5113495bSYour Name					   subelemseqpayloadlen);
*5113495bSYour Name				return QDF_STATUS_E_FAILURE;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			/* Adjust linkinfo_remlen to reflect removal of all
*5113495bSYour Name			 * subelement headers except the header of the lead
*5113495bSYour Name			 * subelement.
*5113495bSYour Name			 */
*5113495bSYour Name			linkinfo_remlen -= (subelemseqtotallen -
*5113495bSYour Name					    subelemseqpayloadlen -
*5113495bSYour Name					    sizeof(struct subelem_header));
*5113495bSYour Name		} else {
*5113495bSYour Name			if (linkinfo_remlen <
*5113495bSYour Name				(sizeof(struct subelem_header) +
*5113495bSYour Name				linkinfo_currpos[TAG_LEN_POS])) {
*5113495bSYour Name				mlo_err_rl("Remaining length in link info %zu octets is smaller than total size of current subelement %zu octets",
*5113495bSYour Name					   linkinfo_remlen,
*5113495bSYour Name					   sizeof(struct subelem_header) +
*5113495bSYour Name					   linkinfo_currpos[TAG_LEN_POS]);
*5113495bSYour Name				return QDF_STATUS_E_PROTO;
*5113495bSYour Name			}
*5113495bSYour Name
*5113495bSYour Name			subelemseqpayloadlen = linkinfo_currpos[TAG_LEN_POS];
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (subelemid == WLAN_ML_LINFO_SUBELEMID_PERSTAPROFILE) {
*5113495bSYour Name			struct ml_pa_partner_link_info *link_info =
*5113495bSYour Name					&pa_info->link_info[pa_info->num_links];
*5113495bSYour Name			ret = util_parse_pamlie_perstaprofile_stactrl(linkinfo_currpos +
*5113495bSYour Name								      sizeof(struct subelem_header),
*5113495bSYour Name								      subelemseqpayloadlen,
*5113495bSYour Name								      link_info);
*5113495bSYour Name			if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name				return ret;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		pa_info->num_links++;
*5113495bSYour Name
*5113495bSYour Name		linkinfo_remlen -= (sizeof(struct subelem_header) +
*5113495bSYour Name				    subelemseqpayloadlen);
*5113495bSYour Name		linkinfo_currpos += (sizeof(struct subelem_header) +
*5113495bSYour Name				     subelemseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Number of ML probe request links found=%u",
*5113495bSYour Name		  pa_info->num_links);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS
*5113495bSYour Nameutil_get_pav_mlie_link_info(uint8_t *mlieseq,
*5113495bSYour Name			    qdf_size_t mlieseqlen,
*5113495bSYour Name			    struct ml_pa_info *pa_info)
*5113495bSYour Name{
*5113495bSYour Name	struct wlan_ie_multilink *mlie_fixed;
*5113495bSYour Name	uint16_t mlcontrol;
*5113495bSYour Name	enum wlan_ml_variant variant;
*5113495bSYour Name	uint8_t *linkinfo;
*5113495bSYour Name	qdf_size_t linkinfo_len;
*5113495bSYour Name	struct ml_pa_info painfo = {0};
*5113495bSYour Name	qdf_size_t mlieseqpayloadlen;
*5113495bSYour Name	uint8_t *mlieseqpayload_copy;
*5113495bSYour Name	bool is_elemfragseq;
*5113495bSYour Name	qdf_size_t defragpayload_len;
*5113495bSYour Name	qdf_size_t tmplen;
*5113495bSYour Name	QDF_STATUS ret;
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseq) {
*5113495bSYour Name		mlo_err("Pointer to Multi-Link element sequence is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqlen) {
*5113495bSYour Name		mlo_err("Length of Multi-Link element sequence is zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!pa_info) {
*5113495bSYour Name		mlo_err("pa_info is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	pa_info->num_links = 0;
*5113495bSYour Name
*5113495bSYour Name	if (mlieseqlen < sizeof(struct wlan_ie_multilink)) {
*5113495bSYour Name		mlo_err_rl("Multi-Link element sequence length %zu octets is smaller than required for the fixed portion of Multi-Link element (%zu octets)",
*5113495bSYour Name			   mlieseqlen, sizeof(struct wlan_ie_multilink));
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlie_fixed = (struct wlan_ie_multilink *)mlieseq;
*5113495bSYour Name	if (mlie_fixed->elem_id != WLAN_ELEMID_EXTN_ELEM ||
*5113495bSYour Name	    mlie_fixed->elem_id_ext != WLAN_EXTN_ELEMID_MULTI_LINK) {
*5113495bSYour Name		mlo_err("The element is not a Multi-Link element");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlcontrol = qdf_le16_to_cpu(mlie_fixed->mlcontrol);
*5113495bSYour Name
*5113495bSYour Name	variant = QDF_GET_BITS(mlcontrol, WLAN_ML_CTRL_TYPE_IDX,
*5113495bSYour Name			       WLAN_ML_CTRL_TYPE_BITS);
*5113495bSYour Name
*5113495bSYour Name	if (variant != WLAN_ML_VARIANT_PRIORITYACCESS) {
*5113495bSYour Name		mlo_err("The variant value %u does not correspond to priority access Variant value %u",
*5113495bSYour Name			variant, WLAN_ML_VARIANT_PRIORITYACCESS);
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayloadlen = 0;
*5113495bSYour Name	tmplen = 0;
*5113495bSYour Name	is_elemfragseq = false;
*5113495bSYour Name
*5113495bSYour Name	ret = wlan_get_elem_fragseq_info(mlieseq,
*5113495bSYour Name					 mlieseqlen,
*5113495bSYour Name					 &is_elemfragseq,
*5113495bSYour Name					 &tmplen,
*5113495bSYour Name					 &mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret))
*5113495bSYour Name		return ret;
*5113495bSYour Name
*5113495bSYour Name	if (qdf_unlikely(is_elemfragseq)) {
*5113495bSYour Name		if (tmplen != mlieseqlen) {
*5113495bSYour Name			mlo_err_rl("Mismatch in values of element fragment sequence total length. Val per frag info determination: %zu octets, val passed as arg: %zu octets",
*5113495bSYour Name				   tmplen, mlieseqlen);
*5113495bSYour Name			return QDF_STATUS_E_INVAL;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (!mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Multi-Link element fragment sequence payload is reported as 0, investigate");
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlo_debug("Multi-Link element fragment sequence found with payload len %zu",
*5113495bSYour Name			  mlieseqpayloadlen);
*5113495bSYour Name	} else {
*5113495bSYour Name		if (mlieseqlen > (sizeof(struct ie_header) + WLAN_MAX_IE_LEN)) {
*5113495bSYour Name			mlo_err_rl("Expected presence of valid fragment sequence since Multi-Link element sequence length %zu octets is larger than frag threshold of %zu octets, however no valid fragment sequence found",
*5113495bSYour Name				   mlieseqlen,
*5113495bSYour Name				   sizeof(struct ie_header) + WLAN_MAX_IE_LEN);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		mlieseqpayloadlen = mlieseqlen - (sizeof(struct ie_header) + 1);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlieseqpayload_copy = qdf_mem_malloc(mlieseqpayloadlen);
*5113495bSYour Name
*5113495bSYour Name	if (!mlieseqpayload_copy) {
*5113495bSYour Name		mlo_err_rl("Could not allocate memory for Multi-Link element payload copy");
*5113495bSYour Name		return QDF_STATUS_E_NOMEM;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (qdf_unlikely(is_elemfragseq)) {
*5113495bSYour Name		ret = wlan_defrag_elem_fragseq(false,
*5113495bSYour Name					       mlieseq,
*5113495bSYour Name					       mlieseqlen,
*5113495bSYour Name					       mlieseqpayload_copy,
*5113495bSYour Name					       mlieseqpayloadlen,
*5113495bSYour Name					       &defragpayload_len);
*5113495bSYour Name		if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return ret;
*5113495bSYour Name		}
*5113495bSYour Name
*5113495bSYour Name		if (defragpayload_len != mlieseqpayloadlen) {
*5113495bSYour Name			mlo_err_rl("Length of de-fragmented payload %zu octets is not equal to length of Multi-Link element fragment sequence payload %zu octets",
*5113495bSYour Name				   defragpayload_len, mlieseqpayloadlen);
*5113495bSYour Name			qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name			return QDF_STATUS_E_FAILURE;
*5113495bSYour Name		}
*5113495bSYour Name	} else {
*5113495bSYour Name		qdf_mem_copy(mlieseqpayload_copy,
*5113495bSYour Name			     mlieseq + sizeof(struct ie_header) + 1,
*5113495bSYour Name			     mlieseqpayloadlen);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	linkinfo = NULL;
*5113495bSYour Name	linkinfo_len = 0;
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_pa_multi_link_ctrl(mlieseqpayload_copy,
*5113495bSYour Name					    mlieseqpayloadlen,
*5113495bSYour Name					    &linkinfo,
*5113495bSYour Name					    &linkinfo_len);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	/* In case Link Info is absent, the number of links will remain
*5113495bSYour Name	 * zero.
*5113495bSYour Name	 */
*5113495bSYour Name	if (!linkinfo) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return QDF_STATUS_SUCCESS;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	mlo_debug("Dumping hex of link info after parsing Multi-Link element control");
*5113495bSYour Name	QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_MLO, QDF_TRACE_LEVEL_ERROR,
*5113495bSYour Name			   linkinfo, linkinfo_len);
*5113495bSYour Name
*5113495bSYour Name	ret = util_parse_pa_info_from_linkinfo(linkinfo, linkinfo_len, &painfo);
*5113495bSYour Name	if (QDF_IS_STATUS_ERROR(ret)) {
*5113495bSYour Name		qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name		return ret;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	qdf_mem_copy(pa_info, &painfo, sizeof(painfo));
*5113495bSYour Name	qdf_mem_free(mlieseqpayload_copy);
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour Name#endif
*5113495bSYour Name
*5113495bSYour Name#ifdef WLAN_FEATURE_11BE
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS util_add_bw_ind(struct wlan_ie_bw_ind *bw_ind, uint8_t ccfs0,
*5113495bSYour Name			   uint8_t ccfs1, enum phy_ch_width ch_width,
*5113495bSYour Name			   uint16_t puncture_bitmap, int *bw_ind_len)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t bw_ind_width;
*5113495bSYour Name
*5113495bSYour Name	if (!bw_ind) {
*5113495bSYour Name		mlo_err("Pointer to bandwidth indiaction element is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (!bw_ind_len) {
*5113495bSYour Name		mlo_err("Length of bandwidth indaication element is Zero");
*5113495bSYour Name		return QDF_STATUS_E_INVAL;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	switch (ch_width) {
*5113495bSYour Name	case CH_WIDTH_20MHZ:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_20;
*5113495bSYour Name		break;
*5113495bSYour Name	case CH_WIDTH_40MHZ:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_40;
*5113495bSYour Name		break;
*5113495bSYour Name	case CH_WIDTH_80MHZ:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_80;
*5113495bSYour Name		break;
*5113495bSYour Name	case CH_WIDTH_160MHZ:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_160;
*5113495bSYour Name		break;
*5113495bSYour Name	case CH_WIDTH_320MHZ:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_320;
*5113495bSYour Name		break;
*5113495bSYour Name	default:
*5113495bSYour Name		bw_ind_width = IEEE80211_11BEOP_CHWIDTH_20;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	bw_ind->elem_id = WLAN_ELEMID_EXTN_ELEM;
*5113495bSYour Name	*bw_ind_len = WLAN_BW_IND_IE_MAX_LEN;
*5113495bSYour Name	bw_ind->elem_len = WLAN_BW_IND_IE_MAX_LEN - WLAN_IE_HDR_LEN;
*5113495bSYour Name	bw_ind->elem_id_extn = WLAN_EXTN_ELEMID_BW_IND;
*5113495bSYour Name	bw_ind->ccfs0 = ccfs0;
*5113495bSYour Name	bw_ind->ccfs1 = ccfs1;
*5113495bSYour Name	QDF_SET_BITS(bw_ind->control, BW_IND_CHAN_WIDTH_IDX,
*5113495bSYour Name		     BW_IND_CHAN_WIDTH_BITS, bw_ind_width);
*5113495bSYour Name
*5113495bSYour Name	if (puncture_bitmap) {
*5113495bSYour Name		bw_ind->disabled_sub_chan_bitmap[0] =
*5113495bSYour Name			QDF_GET_BITS(puncture_bitmap, 0, 8);
*5113495bSYour Name		bw_ind->disabled_sub_chan_bitmap[1] =
*5113495bSYour Name			QDF_GET_BITS(puncture_bitmap, 8, 8);
*5113495bSYour Name		QDF_SET_BITS(bw_ind->bw_ind_param,
*5113495bSYour Name			     BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_IDX,
*5113495bSYour Name			     BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_BITS, 1);
*5113495bSYour Name	} else {
*5113495bSYour Name		QDF_SET_BITS(bw_ind->bw_ind_param,
*5113495bSYour Name			     BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_IDX,
*5113495bSYour Name			     BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_BITS, 0);
*5113495bSYour Name		bw_ind->elem_len -=
*5113495bSYour Name			QDF_ARRAY_SIZE(bw_ind->disabled_sub_chan_bitmap);
*5113495bSYour Name		*bw_ind_len -=
*5113495bSYour Name			QDF_ARRAY_SIZE(bw_ind->disabled_sub_chan_bitmap);
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name
*5113495bSYour NameQDF_STATUS util_parse_bw_ind(struct wlan_ie_bw_ind *bw_ind, uint8_t *ccfs0,
*5113495bSYour Name			     uint8_t *ccfs1, enum phy_ch_width *ch_width,
*5113495bSYour Name			     uint16_t *puncture_bitmap)
*5113495bSYour Name{
*5113495bSYour Name	uint8_t bw_ind_width;
*5113495bSYour Name
*5113495bSYour Name	if (!bw_ind) {
*5113495bSYour Name		mlo_err("Pointer to bandwidth indiaction element is NULL");
*5113495bSYour Name		return QDF_STATUS_E_NULL_VALUE;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	*ccfs0 = bw_ind->ccfs0;
*5113495bSYour Name	*ccfs1 = bw_ind->ccfs1;
*5113495bSYour Name	bw_ind_width = QDF_GET_BITS(bw_ind->control, BW_IND_CHAN_WIDTH_IDX,
*5113495bSYour Name				    BW_IND_CHAN_WIDTH_BITS);
*5113495bSYour Name
*5113495bSYour Name	switch (bw_ind_width) {
*5113495bSYour Name	case IEEE80211_11BEOP_CHWIDTH_20:
*5113495bSYour Name		*ch_width = CH_WIDTH_20MHZ;
*5113495bSYour Name		break;
*5113495bSYour Name	case IEEE80211_11BEOP_CHWIDTH_40:
*5113495bSYour Name		*ch_width = CH_WIDTH_40MHZ;
*5113495bSYour Name		break;
*5113495bSYour Name	case IEEE80211_11BEOP_CHWIDTH_80:
*5113495bSYour Name		*ch_width = CH_WIDTH_80MHZ;
*5113495bSYour Name		break;
*5113495bSYour Name	case IEEE80211_11BEOP_CHWIDTH_160:
*5113495bSYour Name		*ch_width = CH_WIDTH_160MHZ;
*5113495bSYour Name		break;
*5113495bSYour Name	case IEEE80211_11BEOP_CHWIDTH_320:
*5113495bSYour Name		*ch_width = CH_WIDTH_320MHZ;
*5113495bSYour Name		break;
*5113495bSYour Name	default:
*5113495bSYour Name		*ch_width = CH_WIDTH_20MHZ;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	if (QDF_GET_BITS(bw_ind->bw_ind_param,
*5113495bSYour Name			 BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_IDX,
*5113495bSYour Name			 BW_IND_PARAM_DISABLED_SC_BITMAP_PRESENT_BITS)) {
*5113495bSYour Name		QDF_SET_BITS(*puncture_bitmap, 0, 8,
*5113495bSYour Name			     bw_ind->disabled_sub_chan_bitmap[0]);
*5113495bSYour Name		QDF_SET_BITS(*puncture_bitmap, 8, 8,
*5113495bSYour Name			     bw_ind->disabled_sub_chan_bitmap[1]);
*5113495bSYour Name	} else {
*5113495bSYour Name		*puncture_bitmap = 0;
*5113495bSYour Name	}
*5113495bSYour Name
*5113495bSYour Name	return QDF_STATUS_SUCCESS;
*5113495bSYour Name}
*5113495bSYour Name#endif