Enable MAC address randomization for proximity detection requests to
maintain privacy throughout the entire PD session workflow. When
enabled, use the same randomized MAC address for discovery,
authentication, and ranging measurements, ensuring consistent identity
protection across all phases.

Add a capability flag for devices to advertise PD MAC randomization
support and validate that randomization is only requested when the
device supports it. This ensures consistent MAC address usage across
all phases of proximity detection while preventing invalid
configurations where randomization is requested but not supported by
hardware.

Signed-off-by: Peddolla Harshavardhan Reddy <peddolla.reddy@oss.qualcomm.com>
---
 include/net/cfg80211.h       |  7 ++++++-
 include/uapi/linux/nl80211.h |  6 ++++++
 net/wireless/nl80211.c       |  8 ++++++++
 net/wireless/pmsr.c          | 10 ++++++++++
 4 files changed, 30 insertions(+), 1 deletion(-)

diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 8dc2ccafb88b..6f7abb118a27 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -5794,6 +5794,10 @@ cfg80211_get_iftype_ext_capa(struct wiphy *wiphy, enum nl80211_iftype type);
  *	multi-peer request this will indicate if the device can act
  *	simultaneously as initiator and a responder. Only valid if @pd_support
  *	is set.
+ * @pd_randomize_mac_addr_conn: flag attribute in capability indicating that MAC
+ *	address randomization is supported in connected state for PD request.
+ *	if capable the MAC address used for discovery, authentication will be
+ *	used for ranging too. only valid if @pd_support is set
  * @pd_max_peer_ista_role: Maximum number of peers allowed for a device
  *	operating in the ISTA role under proximity detection. Only valid if
  *	@pd_support is set. Sum of both @pd_max_peer_ista_role and
@@ -5861,7 +5865,8 @@ struct cfg80211_pmsr_capabilities {
 	u8 report_ap_tsf:1,
 	   randomize_mac_addr:1,
 	   pd_support:1,
-	   pd_concurrent_ista_rsta_support:1;
+	   pd_concurrent_ista_rsta_support:1,
+	   pd_randomize_mac_addr_conn:1;
 	u32 pd_max_peer_ista_role;
 	u32 pd_max_peer_rsta_role;
 
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h
index cafa73280758..9c647c184e7f 100644
--- a/include/uapi/linux/nl80211.h
+++ b/include/uapi/linux/nl80211.h
@@ -7855,6 +7855,11 @@ enum nl80211_peer_measurement_peer_attrs {
  *	%NL80211_PMSR_ATTR_PD_MAX_PEER_ISTA_ROLE and
  *	%NL80211_PMSR_ATTR_PD_MAX_PEER_RSTA_ROLE is considered to enforce the
  *	max peers supported in case the request is of peer-to-peer PD type
+ * @NL80211_PMSR_ATTR_PD_RANDOMIZE_MAC_ADDR_CONNECTED: flag attribute in
+ *	capability indicating that MAC address randomization is supported for
+ *	PD request in connected state. if capable the MAC address used for
+ *	discovery, authentication will be used for ranging too. only valid if
+ *	%NL80211_PMSR_ATTR_PD_SUPPORT is set
  *
  * @NUM_NL80211_PMSR_ATTR: internal
  * @NL80211_PMSR_ATTR_MAX: highest attribute number
@@ -7871,6 +7876,7 @@ enum nl80211_peer_measurement_attrs {
 	NL80211_PMSR_ATTR_PD_CONCURRENT_ISTA_RSTA_SUPPORT,
 	NL80211_PMSR_ATTR_PD_MAX_PEER_ISTA_ROLE,
 	NL80211_PMSR_ATTR_PD_MAX_PEER_RSTA_ROLE,
+	NL80211_PMSR_ATTR_PD_RANDOMIZE_MAC_ADDR_CONNECTED,
 
 	/* keep last */
 	NUM_NL80211_PMSR_ATTR,
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 02e7c9f9b12f..281a15226edb 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -424,6 +424,9 @@ nl80211_pmsr_attr_policy[NL80211_PMSR_ATTR_MAX + 1] = {
 	},
 	[NL80211_PMSR_ATTR_PD_MAX_PEER_ISTA_ROLE] = { .type = NLA_REJECT },
 	[NL80211_PMSR_ATTR_PD_MAX_PEER_RSTA_ROLE] = { .type = NLA_REJECT },
+	[NL80211_PMSR_ATTR_PD_RANDOMIZE_MAC_ADDR_CONNECTED] = {
+		.type = NLA_REJECT
+	},
 };
 
 static const struct nla_policy
@@ -2481,6 +2484,11 @@ static int nl80211_send_pmsr_capa(struct cfg80211_registered_device *rdev,
 		    nla_put_u32(msg, NL80211_PMSR_ATTR_PD_MAX_PEER_RSTA_ROLE,
 				cap->pd_max_peer_rsta_role))
 			return -ENOBUFS;
+
+		if (cap->pd_randomize_mac_addr_conn &&
+		    nla_put_flag(msg,
+				 NL80211_PMSR_ATTR_PD_RANDOMIZE_MAC_ADDR_CONNECTED))
+			return -ENOBUFS;
 	}
 	caps = nla_nest_start_noflag(msg, NL80211_PMSR_ATTR_TYPE_CAPA);
 	if (!caps)
diff --git a/net/wireless/pmsr.c b/net/wireless/pmsr.c
index 2897876e45b2..b5e8af89c57e 100644
--- a/net/wireless/pmsr.c
+++ b/net/wireless/pmsr.c
@@ -383,6 +383,7 @@ int nl80211_pmsr_start(struct sk_buff *skb, struct genl_info *info)
 	const struct cfg80211_pmsr_capabilities *capa;
 	struct cfg80211_pmsr_request *req;
 	struct nlattr *peers, *peer;
+	bool use_random_mac = false;
 
 	capa = rdev->wiphy.pmsr_capa;
 
@@ -429,6 +430,7 @@ int nl80211_pmsr_start(struct sk_buff *skb, struct genl_info *info)
 					       req->mac_addr_mask);
 		if (err)
 			goto out_err;
+		use_random_mac = true;
 	} else {
 		memcpy(req->mac_addr, wdev_address(wdev), ETH_ALEN);
 		eth_broadcast_addr(req->mac_addr_mask);
@@ -460,6 +462,14 @@ int nl80211_pmsr_start(struct sk_buff *skb, struct genl_info *info)
 					err = -EINVAL;
 					goto out_err;
 				}
+
+				if (use_random_mac &&
+				    !capa->pd_randomize_mac_addr_conn) {
+					NL_SET_ERR_MSG(info->extack,
+						       "PD mac randomization not supported");
+					err = -EINVAL;
+					goto out_err;
+				}
 			}
 		}
 	}
-- 
2.34.1