sta_info.c revision 42624d4913a00219a8fdbb4bafd634d1d843be85
1/* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10#include <linux/module.h> 11#include <linux/init.h> 12#include <linux/netdevice.h> 13#include <linux/types.h> 14#include <linux/slab.h> 15#include <linux/skbuff.h> 16#include <linux/if_arp.h> 17#include <linux/timer.h> 18#include <linux/rtnetlink.h> 19 20#include <net/mac80211.h> 21#include "ieee80211_i.h" 22#include "driver-ops.h" 23#include "rate.h" 24#include "sta_info.h" 25#include "debugfs_sta.h" 26#include "mesh.h" 27#include "wme.h" 28 29/** 30 * DOC: STA information lifetime rules 31 * 32 * STA info structures (&struct sta_info) are managed in a hash table 33 * for faster lookup and a list for iteration. They are managed using 34 * RCU, i.e. access to the list and hash table is protected by RCU. 35 * 36 * Upon allocating a STA info structure with sta_info_alloc(), the caller 37 * owns that structure. It must then insert it into the hash table using 38 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter 39 * case (which acquires an rcu read section but must not be called from 40 * within one) will the pointer still be valid after the call. Note that 41 * the caller may not do much with the STA info before inserting it, in 42 * particular, it may not start any mesh peer link management or add 43 * encryption keys. 44 * 45 * When the insertion fails (sta_info_insert()) returns non-zero), the 46 * structure will have been freed by sta_info_insert()! 47 * 48 * Station entries are added by mac80211 when you establish a link with a 49 * peer. This means different things for the different type of interfaces 50 * we support. For a regular station this mean we add the AP sta when we 51 * receive an association response from the AP. For IBSS this occurs when 52 * get to know about a peer on the same IBSS. For WDS we add the sta for 53 * the peer immediately upon device open. When using AP mode we add stations 54 * for each respective station upon request from userspace through nl80211. 55 * 56 * In order to remove a STA info structure, various sta_info_destroy_*() 57 * calls are available. 58 * 59 * There is no concept of ownership on a STA entry, each structure is 60 * owned by the global hash table/list until it is removed. All users of 61 * the structure need to be RCU protected so that the structure won't be 62 * freed before they are done using it. 63 */ 64 65/* Caller must hold local->sta_lock */ 66static int sta_info_hash_del(struct ieee80211_local *local, 67 struct sta_info *sta) 68{ 69 struct sta_info *s; 70 71 s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)], 72 lockdep_is_held(&local->sta_lock)); 73 if (!s) 74 return -ENOENT; 75 if (s == sta) { 76 RCU_INIT_POINTER(local->sta_hash[STA_HASH(sta->sta.addr)], 77 s->hnext); 78 return 0; 79 } 80 81 while (rcu_access_pointer(s->hnext) && 82 rcu_access_pointer(s->hnext) != sta) 83 s = rcu_dereference_protected(s->hnext, 84 lockdep_is_held(&local->sta_lock)); 85 if (rcu_access_pointer(s->hnext)) { 86 RCU_INIT_POINTER(s->hnext, sta->hnext); 87 return 0; 88 } 89 90 return -ENOENT; 91} 92 93/* protected by RCU */ 94struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata, 95 const u8 *addr) 96{ 97 struct ieee80211_local *local = sdata->local; 98 struct sta_info *sta; 99 100 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)], 101 lockdep_is_held(&local->sta_lock) || 102 lockdep_is_held(&local->sta_mtx)); 103 while (sta) { 104 if (sta->sdata == sdata && !sta->dummy && 105 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 106 break; 107 sta = rcu_dereference_check(sta->hnext, 108 lockdep_is_held(&local->sta_lock) || 109 lockdep_is_held(&local->sta_mtx)); 110 } 111 return sta; 112} 113 114/* get a station info entry even if it is a dummy station*/ 115struct sta_info *sta_info_get_rx(struct ieee80211_sub_if_data *sdata, 116 const u8 *addr) 117{ 118 struct ieee80211_local *local = sdata->local; 119 struct sta_info *sta; 120 121 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)], 122 lockdep_is_held(&local->sta_lock) || 123 lockdep_is_held(&local->sta_mtx)); 124 while (sta) { 125 if (sta->sdata == sdata && 126 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 127 break; 128 sta = rcu_dereference_check(sta->hnext, 129 lockdep_is_held(&local->sta_lock) || 130 lockdep_is_held(&local->sta_mtx)); 131 } 132 return sta; 133} 134 135/* 136 * Get sta info either from the specified interface 137 * or from one of its vlans 138 */ 139struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata, 140 const u8 *addr) 141{ 142 struct ieee80211_local *local = sdata->local; 143 struct sta_info *sta; 144 145 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)], 146 lockdep_is_held(&local->sta_lock) || 147 lockdep_is_held(&local->sta_mtx)); 148 while (sta) { 149 if ((sta->sdata == sdata || 150 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) && 151 !sta->dummy && 152 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 153 break; 154 sta = rcu_dereference_check(sta->hnext, 155 lockdep_is_held(&local->sta_lock) || 156 lockdep_is_held(&local->sta_mtx)); 157 } 158 return sta; 159} 160 161/* 162 * Get sta info either from the specified interface 163 * or from one of its vlans (including dummy stations) 164 */ 165struct sta_info *sta_info_get_bss_rx(struct ieee80211_sub_if_data *sdata, 166 const u8 *addr) 167{ 168 struct ieee80211_local *local = sdata->local; 169 struct sta_info *sta; 170 171 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)], 172 lockdep_is_held(&local->sta_lock) || 173 lockdep_is_held(&local->sta_mtx)); 174 while (sta) { 175 if ((sta->sdata == sdata || 176 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) && 177 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 178 break; 179 sta = rcu_dereference_check(sta->hnext, 180 lockdep_is_held(&local->sta_lock) || 181 lockdep_is_held(&local->sta_mtx)); 182 } 183 return sta; 184} 185 186struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata, 187 int idx) 188{ 189 struct ieee80211_local *local = sdata->local; 190 struct sta_info *sta; 191 int i = 0; 192 193 list_for_each_entry_rcu(sta, &local->sta_list, list) { 194 if (sdata != sta->sdata) 195 continue; 196 if (i < idx) { 197 ++i; 198 continue; 199 } 200 return sta; 201 } 202 203 return NULL; 204} 205 206/** 207 * __sta_info_free - internal STA free helper 208 * 209 * @local: pointer to the global information 210 * @sta: STA info to free 211 * 212 * This function must undo everything done by sta_info_alloc() 213 * that may happen before sta_info_insert(). 214 */ 215static void __sta_info_free(struct ieee80211_local *local, 216 struct sta_info *sta) 217{ 218 if (sta->rate_ctrl) { 219 rate_control_free_sta(sta); 220 rate_control_put(sta->rate_ctrl); 221 } 222 223#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 224 wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr); 225#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 226 227 kfree(sta); 228} 229 230/* Caller must hold local->sta_lock */ 231static void sta_info_hash_add(struct ieee80211_local *local, 232 struct sta_info *sta) 233{ 234 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)]; 235 RCU_INIT_POINTER(local->sta_hash[STA_HASH(sta->sta.addr)], sta); 236} 237 238static void sta_unblock(struct work_struct *wk) 239{ 240 struct sta_info *sta; 241 242 sta = container_of(wk, struct sta_info, drv_unblock_wk); 243 244 if (sta->dead) 245 return; 246 247 if (!test_sta_flag(sta, WLAN_STA_PS_STA)) 248 ieee80211_sta_ps_deliver_wakeup(sta); 249 else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL)) { 250 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 251 252 local_bh_disable(); 253 ieee80211_sta_ps_deliver_poll_response(sta); 254 local_bh_enable(); 255 } else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD)) { 256 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 257 258 local_bh_disable(); 259 ieee80211_sta_ps_deliver_uapsd(sta); 260 local_bh_enable(); 261 } else 262 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 263} 264 265static int sta_prepare_rate_control(struct ieee80211_local *local, 266 struct sta_info *sta, gfp_t gfp) 267{ 268 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) 269 return 0; 270 271 sta->rate_ctrl = rate_control_get(local->rate_ctrl); 272 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, 273 &sta->sta, gfp); 274 if (!sta->rate_ctrl_priv) { 275 rate_control_put(sta->rate_ctrl); 276 return -ENOMEM; 277 } 278 279 return 0; 280} 281 282struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, 283 u8 *addr, gfp_t gfp) 284{ 285 struct ieee80211_local *local = sdata->local; 286 struct sta_info *sta; 287 struct timespec uptime; 288 int i; 289 290 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp); 291 if (!sta) 292 return NULL; 293 294 spin_lock_init(&sta->lock); 295 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 296 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work); 297 mutex_init(&sta->ampdu_mlme.mtx); 298 299 memcpy(sta->sta.addr, addr, ETH_ALEN); 300 sta->local = local; 301 sta->sdata = sdata; 302 sta->last_rx = jiffies; 303 304 do_posix_clock_monotonic_gettime(&uptime); 305 sta->last_connected = uptime.tv_sec; 306 ewma_init(&sta->avg_signal, 1024, 8); 307 308 if (sta_prepare_rate_control(local, sta, gfp)) { 309 kfree(sta); 310 return NULL; 311 } 312 313 for (i = 0; i < STA_TID_NUM; i++) { 314 /* 315 * timer_to_tid must be initialized with identity mapping 316 * to enable session_timer's data differentiation. See 317 * sta_rx_agg_session_timer_expired for usage. 318 */ 319 sta->timer_to_tid[i] = i; 320 } 321 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 322 skb_queue_head_init(&sta->ps_tx_buf[i]); 323 skb_queue_head_init(&sta->tx_filtered[i]); 324 } 325 326 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 327 sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX); 328 329#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 330 wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr); 331#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 332 333#ifdef CONFIG_MAC80211_MESH 334 sta->plink_state = NL80211_PLINK_LISTEN; 335 init_timer(&sta->plink_timer); 336#endif 337 338 return sta; 339} 340 341static int sta_info_finish_insert(struct sta_info *sta, 342 bool async, bool dummy_reinsert) 343{ 344 struct ieee80211_local *local = sta->local; 345 struct ieee80211_sub_if_data *sdata = sta->sdata; 346 struct station_info sinfo; 347 unsigned long flags; 348 int err = 0; 349 350 lockdep_assert_held(&local->sta_mtx); 351 352 if (!sta->dummy || dummy_reinsert) { 353 /* notify driver */ 354 err = drv_sta_add(local, sdata, &sta->sta); 355 if (err) { 356 if (!async) 357 return err; 358 printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to " 359 "driver (%d) - keeping it anyway.\n", 360 sdata->name, sta->sta.addr, err); 361 } else { 362 sta->uploaded = true; 363#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 364 if (async) 365 wiphy_debug(local->hw.wiphy, 366 "Finished adding IBSS STA %pM\n", 367 sta->sta.addr); 368#endif 369 } 370 371 sdata = sta->sdata; 372 } 373 374 if (!dummy_reinsert) { 375 if (!async) { 376 local->num_sta++; 377 local->sta_generation++; 378 smp_mb(); 379 380 /* make the station visible */ 381 spin_lock_irqsave(&local->sta_lock, flags); 382 sta_info_hash_add(local, sta); 383 spin_unlock_irqrestore(&local->sta_lock, flags); 384 } 385 386 list_add(&sta->list, &local->sta_list); 387 } else { 388 sta->dummy = false; 389 } 390 391 if (!sta->dummy) { 392 ieee80211_sta_debugfs_add(sta); 393 rate_control_add_sta_debugfs(sta); 394 395 memset(&sinfo, 0, sizeof(sinfo)); 396 sinfo.filled = 0; 397 sinfo.generation = local->sta_generation; 398 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL); 399 } 400 401 return 0; 402} 403 404static void sta_info_finish_pending(struct ieee80211_local *local) 405{ 406 struct sta_info *sta; 407 unsigned long flags; 408 409 spin_lock_irqsave(&local->sta_lock, flags); 410 while (!list_empty(&local->sta_pending_list)) { 411 sta = list_first_entry(&local->sta_pending_list, 412 struct sta_info, list); 413 list_del(&sta->list); 414 spin_unlock_irqrestore(&local->sta_lock, flags); 415 416 sta_info_finish_insert(sta, true, false); 417 418 spin_lock_irqsave(&local->sta_lock, flags); 419 } 420 spin_unlock_irqrestore(&local->sta_lock, flags); 421} 422 423static void sta_info_finish_work(struct work_struct *work) 424{ 425 struct ieee80211_local *local = 426 container_of(work, struct ieee80211_local, sta_finish_work); 427 428 mutex_lock(&local->sta_mtx); 429 sta_info_finish_pending(local); 430 mutex_unlock(&local->sta_mtx); 431} 432 433static int sta_info_insert_check(struct sta_info *sta) 434{ 435 struct ieee80211_sub_if_data *sdata = sta->sdata; 436 437 /* 438 * Can't be a WARN_ON because it can be triggered through a race: 439 * something inserts a STA (on one CPU) without holding the RTNL 440 * and another CPU turns off the net device. 441 */ 442 if (unlikely(!ieee80211_sdata_running(sdata))) 443 return -ENETDOWN; 444 445 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 || 446 is_multicast_ether_addr(sta->sta.addr))) 447 return -EINVAL; 448 449 return 0; 450} 451 452static int sta_info_insert_ibss(struct sta_info *sta) __acquires(RCU) 453{ 454 struct ieee80211_local *local = sta->local; 455 struct ieee80211_sub_if_data *sdata = sta->sdata; 456 unsigned long flags; 457 458 spin_lock_irqsave(&local->sta_lock, flags); 459 /* check if STA exists already */ 460 if (sta_info_get_bss_rx(sdata, sta->sta.addr)) { 461 spin_unlock_irqrestore(&local->sta_lock, flags); 462 rcu_read_lock(); 463 return -EEXIST; 464 } 465 466 local->num_sta++; 467 local->sta_generation++; 468 smp_mb(); 469 sta_info_hash_add(local, sta); 470 471 list_add_tail(&sta->list, &local->sta_pending_list); 472 473 rcu_read_lock(); 474 spin_unlock_irqrestore(&local->sta_lock, flags); 475 476#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 477 wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n", 478 sta->sta.addr); 479#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 480 481 ieee80211_queue_work(&local->hw, &local->sta_finish_work); 482 483 return 0; 484} 485 486/* 487 * should be called with sta_mtx locked 488 * this function replaces the mutex lock 489 * with a RCU lock 490 */ 491static int sta_info_insert_non_ibss(struct sta_info *sta) __acquires(RCU) 492{ 493 struct ieee80211_local *local = sta->local; 494 struct ieee80211_sub_if_data *sdata = sta->sdata; 495 unsigned long flags; 496 struct sta_info *exist_sta; 497 bool dummy_reinsert = false; 498 int err = 0; 499 500 lockdep_assert_held(&local->sta_mtx); 501 502 /* 503 * On first glance, this will look racy, because the code 504 * in this function, which inserts a station with sleeping, 505 * unlocks the sta_lock between checking existence in the 506 * hash table and inserting into it. 507 * 508 * However, it is not racy against itself because it keeps 509 * the mutex locked. 510 */ 511 512 spin_lock_irqsave(&local->sta_lock, flags); 513 /* 514 * check if STA exists already. 515 * only accept a scenario of a second call to sta_info_insert_non_ibss 516 * with a dummy station entry that was inserted earlier 517 * in that case - assume that the dummy station flag should 518 * be removed. 519 */ 520 exist_sta = sta_info_get_bss_rx(sdata, sta->sta.addr); 521 if (exist_sta) { 522 if (exist_sta == sta && sta->dummy) { 523 dummy_reinsert = true; 524 } else { 525 spin_unlock_irqrestore(&local->sta_lock, flags); 526 mutex_unlock(&local->sta_mtx); 527 rcu_read_lock(); 528 return -EEXIST; 529 } 530 } 531 532 spin_unlock_irqrestore(&local->sta_lock, flags); 533 534 err = sta_info_finish_insert(sta, false, dummy_reinsert); 535 if (err) { 536 mutex_unlock(&local->sta_mtx); 537 rcu_read_lock(); 538 return err; 539 } 540 541#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 542 wiphy_debug(local->hw.wiphy, "Inserted %sSTA %pM\n", 543 sta->dummy ? "dummy " : "", sta->sta.addr); 544#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 545 546 /* move reference to rcu-protected */ 547 rcu_read_lock(); 548 mutex_unlock(&local->sta_mtx); 549 550 if (ieee80211_vif_is_mesh(&sdata->vif)) 551 mesh_accept_plinks_update(sdata); 552 553 return 0; 554} 555 556int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU) 557{ 558 struct ieee80211_local *local = sta->local; 559 struct ieee80211_sub_if_data *sdata = sta->sdata; 560 int err = 0; 561 562 err = sta_info_insert_check(sta); 563 if (err) { 564 rcu_read_lock(); 565 goto out_free; 566 } 567 568 /* 569 * In ad-hoc mode, we sometimes need to insert stations 570 * from tasklet context from the RX path. To avoid races, 571 * always do so in that case -- see the comment below. 572 */ 573 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) { 574 err = sta_info_insert_ibss(sta); 575 if (err) 576 goto out_free; 577 578 return 0; 579 } 580 581 /* 582 * It might seem that the function called below is in race against 583 * the function call above that atomically inserts the station... That, 584 * however, is not true because the above code can only 585 * be invoked for IBSS interfaces, and the below code will 586 * not be -- and the two do not race against each other as 587 * the hash table also keys off the interface. 588 */ 589 590 might_sleep(); 591 592 mutex_lock(&local->sta_mtx); 593 594 err = sta_info_insert_non_ibss(sta); 595 if (err) 596 goto out_free; 597 598 return 0; 599 out_free: 600 BUG_ON(!err); 601 __sta_info_free(local, sta); 602 return err; 603} 604 605int sta_info_insert(struct sta_info *sta) 606{ 607 int err = sta_info_insert_rcu(sta); 608 609 rcu_read_unlock(); 610 611 return err; 612} 613 614/* Caller must hold sta->local->sta_mtx */ 615int sta_info_reinsert(struct sta_info *sta) 616{ 617 struct ieee80211_local *local = sta->local; 618 int err = 0; 619 620 err = sta_info_insert_check(sta); 621 if (err) { 622 mutex_unlock(&local->sta_mtx); 623 return err; 624 } 625 626 might_sleep(); 627 628 err = sta_info_insert_non_ibss(sta); 629 rcu_read_unlock(); 630 return err; 631} 632 633static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 634{ 635 /* 636 * This format has been mandated by the IEEE specifications, 637 * so this line may not be changed to use the __set_bit() format. 638 */ 639 bss->tim[aid / 8] |= (1 << (aid % 8)); 640} 641 642static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid) 643{ 644 /* 645 * This format has been mandated by the IEEE specifications, 646 * so this line may not be changed to use the __clear_bit() format. 647 */ 648 bss->tim[aid / 8] &= ~(1 << (aid % 8)); 649} 650 651static unsigned long ieee80211_tids_for_ac(int ac) 652{ 653 /* If we ever support TIDs > 7, this obviously needs to be adjusted */ 654 switch (ac) { 655 case IEEE80211_AC_VO: 656 return BIT(6) | BIT(7); 657 case IEEE80211_AC_VI: 658 return BIT(4) | BIT(5); 659 case IEEE80211_AC_BE: 660 return BIT(0) | BIT(3); 661 case IEEE80211_AC_BK: 662 return BIT(1) | BIT(2); 663 default: 664 WARN_ON(1); 665 return 0; 666 } 667} 668 669void sta_info_recalc_tim(struct sta_info *sta) 670{ 671 struct ieee80211_local *local = sta->local; 672 struct ieee80211_if_ap *bss = sta->sdata->bss; 673 unsigned long flags; 674 bool indicate_tim = false; 675 u8 ignore_for_tim = sta->sta.uapsd_queues; 676 int ac; 677 678 if (WARN_ON_ONCE(!sta->sdata->bss)) 679 return; 680 681 /* No need to do anything if the driver does all */ 682 if (local->hw.flags & IEEE80211_HW_AP_LINK_PS) 683 return; 684 685 if (sta->dead) 686 goto done; 687 688 /* 689 * If all ACs are delivery-enabled then we should build 690 * the TIM bit for all ACs anyway; if only some are then 691 * we ignore those and build the TIM bit using only the 692 * non-enabled ones. 693 */ 694 if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1) 695 ignore_for_tim = 0; 696 697 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 698 unsigned long tids; 699 700 if (ignore_for_tim & BIT(ac)) 701 continue; 702 703 indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) || 704 !skb_queue_empty(&sta->ps_tx_buf[ac]); 705 if (indicate_tim) 706 break; 707 708 tids = ieee80211_tids_for_ac(ac); 709 710 indicate_tim |= 711 sta->driver_buffered_tids & tids; 712 } 713 714 done: 715 spin_lock_irqsave(&local->sta_lock, flags); 716 717 if (indicate_tim) 718 __bss_tim_set(bss, sta->sta.aid); 719 else 720 __bss_tim_clear(bss, sta->sta.aid); 721 722 if (local->ops->set_tim) { 723 local->tim_in_locked_section = true; 724 drv_set_tim(local, &sta->sta, indicate_tim); 725 local->tim_in_locked_section = false; 726 } 727 728 spin_unlock_irqrestore(&local->sta_lock, flags); 729} 730 731static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb) 732{ 733 struct ieee80211_tx_info *info; 734 int timeout; 735 736 if (!skb) 737 return false; 738 739 info = IEEE80211_SKB_CB(skb); 740 741 /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */ 742 timeout = (sta->listen_interval * 743 sta->sdata->vif.bss_conf.beacon_int * 744 32 / 15625) * HZ; 745 if (timeout < STA_TX_BUFFER_EXPIRE) 746 timeout = STA_TX_BUFFER_EXPIRE; 747 return time_after(jiffies, info->control.jiffies + timeout); 748} 749 750 751static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local, 752 struct sta_info *sta, int ac) 753{ 754 unsigned long flags; 755 struct sk_buff *skb; 756 757 /* 758 * First check for frames that should expire on the filtered 759 * queue. Frames here were rejected by the driver and are on 760 * a separate queue to avoid reordering with normal PS-buffered 761 * frames. They also aren't accounted for right now in the 762 * total_ps_buffered counter. 763 */ 764 for (;;) { 765 spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags); 766 skb = skb_peek(&sta->tx_filtered[ac]); 767 if (sta_info_buffer_expired(sta, skb)) 768 skb = __skb_dequeue(&sta->tx_filtered[ac]); 769 else 770 skb = NULL; 771 spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags); 772 773 /* 774 * Frames are queued in order, so if this one 775 * hasn't expired yet we can stop testing. If 776 * we actually reached the end of the queue we 777 * also need to stop, of course. 778 */ 779 if (!skb) 780 break; 781 dev_kfree_skb(skb); 782 } 783 784 /* 785 * Now also check the normal PS-buffered queue, this will 786 * only find something if the filtered queue was emptied 787 * since the filtered frames are all before the normal PS 788 * buffered frames. 789 */ 790 for (;;) { 791 spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags); 792 skb = skb_peek(&sta->ps_tx_buf[ac]); 793 if (sta_info_buffer_expired(sta, skb)) 794 skb = __skb_dequeue(&sta->ps_tx_buf[ac]); 795 else 796 skb = NULL; 797 spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags); 798 799 /* 800 * frames are queued in order, so if this one 801 * hasn't expired yet (or we reached the end of 802 * the queue) we can stop testing 803 */ 804 if (!skb) 805 break; 806 807 local->total_ps_buffered--; 808#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 809 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n", 810 sta->sta.addr); 811#endif 812 dev_kfree_skb(skb); 813 } 814 815 /* 816 * Finally, recalculate the TIM bit for this station -- it might 817 * now be clear because the station was too slow to retrieve its 818 * frames. 819 */ 820 sta_info_recalc_tim(sta); 821 822 /* 823 * Return whether there are any frames still buffered, this is 824 * used to check whether the cleanup timer still needs to run, 825 * if there are no frames we don't need to rearm the timer. 826 */ 827 return !(skb_queue_empty(&sta->ps_tx_buf[ac]) && 828 skb_queue_empty(&sta->tx_filtered[ac])); 829} 830 831static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local, 832 struct sta_info *sta) 833{ 834 bool have_buffered = false; 835 int ac; 836 837 /* This is only necessary for stations on BSS interfaces */ 838 if (!sta->sdata->bss) 839 return false; 840 841 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) 842 have_buffered |= 843 sta_info_cleanup_expire_buffered_ac(local, sta, ac); 844 845 return have_buffered; 846} 847 848static int __must_check __sta_info_destroy(struct sta_info *sta) 849{ 850 struct ieee80211_local *local; 851 struct ieee80211_sub_if_data *sdata; 852 unsigned long flags; 853 int ret, i, ac; 854 struct tid_ampdu_tx *tid_tx; 855 856 might_sleep(); 857 858 if (!sta) 859 return -ENOENT; 860 861 local = sta->local; 862 sdata = sta->sdata; 863 864 /* 865 * Before removing the station from the driver and 866 * rate control, it might still start new aggregation 867 * sessions -- block that to make sure the tear-down 868 * will be sufficient. 869 */ 870 set_sta_flag(sta, WLAN_STA_BLOCK_BA); 871 ieee80211_sta_tear_down_BA_sessions(sta, true); 872 873 spin_lock_irqsave(&local->sta_lock, flags); 874 ret = sta_info_hash_del(local, sta); 875 /* this might still be the pending list ... which is fine */ 876 if (!ret) 877 list_del(&sta->list); 878 spin_unlock_irqrestore(&local->sta_lock, flags); 879 if (ret) 880 return ret; 881 882 mutex_lock(&local->key_mtx); 883 for (i = 0; i < NUM_DEFAULT_KEYS; i++) 884 __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i])); 885 if (sta->ptk) 886 __ieee80211_key_free(key_mtx_dereference(local, sta->ptk)); 887 mutex_unlock(&local->key_mtx); 888 889 sta->dead = true; 890 891 if (test_sta_flag(sta, WLAN_STA_PS_STA) || 892 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { 893 BUG_ON(!sdata->bss); 894 895 clear_sta_flag(sta, WLAN_STA_PS_STA); 896 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 897 898 atomic_dec(&sdata->bss->num_sta_ps); 899 sta_info_recalc_tim(sta); 900 } 901 902 local->num_sta--; 903 local->sta_generation++; 904 905 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 906 RCU_INIT_POINTER(sdata->u.vlan.sta, NULL); 907 908 if (sta->uploaded) { 909 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 910 sdata = container_of(sdata->bss, 911 struct ieee80211_sub_if_data, 912 u.ap); 913 drv_sta_remove(local, sdata, &sta->sta); 914 sdata = sta->sdata; 915 } 916 917 /* 918 * At this point, after we wait for an RCU grace period, 919 * neither mac80211 nor the driver can reference this 920 * sta struct any more except by still existing timers 921 * associated with this station that we clean up below. 922 */ 923 synchronize_rcu(); 924 925 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 926 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]); 927 __skb_queue_purge(&sta->ps_tx_buf[ac]); 928 __skb_queue_purge(&sta->tx_filtered[ac]); 929 } 930 931#ifdef CONFIG_MAC80211_MESH 932 if (ieee80211_vif_is_mesh(&sdata->vif)) 933 mesh_accept_plinks_update(sdata); 934#endif 935 936#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 937 wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr); 938#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 939 cancel_work_sync(&sta->drv_unblock_wk); 940 941 cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL); 942 943 rate_control_remove_sta_debugfs(sta); 944 ieee80211_sta_debugfs_remove(sta); 945 946#ifdef CONFIG_MAC80211_MESH 947 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) { 948 mesh_plink_deactivate(sta); 949 del_timer_sync(&sta->plink_timer); 950 } 951#endif 952 953 /* There could be some memory leaks because of ampdu tx pending queue 954 * not being freed before destroying the station info. 955 * 956 * Make sure that such queues are purged before freeing the station 957 * info. 958 * TODO: We have to somehow postpone the full destruction 959 * until the aggregation stop completes. Refer 960 * http://thread.gmane.org/gmane.linux.kernel.wireless.general/81936 961 */ 962 for (i = 0; i < STA_TID_NUM; i++) { 963 if (!sta->ampdu_mlme.tid_tx[i]) 964 continue; 965 tid_tx = sta->ampdu_mlme.tid_tx[i]; 966 if (skb_queue_len(&tid_tx->pending)) { 967#ifdef CONFIG_MAC80211_HT_DEBUG 968 wiphy_debug(local->hw.wiphy, "TX A-MPDU purging %d " 969 "packets for tid=%d\n", 970 skb_queue_len(&tid_tx->pending), i); 971#endif /* CONFIG_MAC80211_HT_DEBUG */ 972 __skb_queue_purge(&tid_tx->pending); 973 } 974 kfree_rcu(tid_tx, rcu_head); 975 } 976 977 __sta_info_free(local, sta); 978 979 return 0; 980} 981 982int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr) 983{ 984 struct sta_info *sta; 985 int ret; 986 987 mutex_lock(&sdata->local->sta_mtx); 988 sta = sta_info_get_rx(sdata, addr); 989 ret = __sta_info_destroy(sta); 990 mutex_unlock(&sdata->local->sta_mtx); 991 992 return ret; 993} 994 995int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata, 996 const u8 *addr) 997{ 998 struct sta_info *sta; 999 int ret; 1000 1001 mutex_lock(&sdata->local->sta_mtx); 1002 sta = sta_info_get_bss_rx(sdata, addr); 1003 ret = __sta_info_destroy(sta); 1004 mutex_unlock(&sdata->local->sta_mtx); 1005 1006 return ret; 1007} 1008 1009static void sta_info_cleanup(unsigned long data) 1010{ 1011 struct ieee80211_local *local = (struct ieee80211_local *) data; 1012 struct sta_info *sta; 1013 bool timer_needed = false; 1014 1015 rcu_read_lock(); 1016 list_for_each_entry_rcu(sta, &local->sta_list, list) 1017 if (sta_info_cleanup_expire_buffered(local, sta)) 1018 timer_needed = true; 1019 rcu_read_unlock(); 1020 1021 if (local->quiescing) 1022 return; 1023 1024 if (!timer_needed) 1025 return; 1026 1027 mod_timer(&local->sta_cleanup, 1028 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL)); 1029} 1030 1031void sta_info_init(struct ieee80211_local *local) 1032{ 1033 spin_lock_init(&local->sta_lock); 1034 mutex_init(&local->sta_mtx); 1035 INIT_LIST_HEAD(&local->sta_list); 1036 INIT_LIST_HEAD(&local->sta_pending_list); 1037 INIT_WORK(&local->sta_finish_work, sta_info_finish_work); 1038 1039 setup_timer(&local->sta_cleanup, sta_info_cleanup, 1040 (unsigned long)local); 1041} 1042 1043void sta_info_stop(struct ieee80211_local *local) 1044{ 1045 del_timer(&local->sta_cleanup); 1046 sta_info_flush(local, NULL); 1047} 1048 1049/** 1050 * sta_info_flush - flush matching STA entries from the STA table 1051 * 1052 * Returns the number of removed STA entries. 1053 * 1054 * @local: local interface data 1055 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs 1056 */ 1057int sta_info_flush(struct ieee80211_local *local, 1058 struct ieee80211_sub_if_data *sdata) 1059{ 1060 struct sta_info *sta, *tmp; 1061 int ret = 0; 1062 1063 might_sleep(); 1064 1065 mutex_lock(&local->sta_mtx); 1066 1067 sta_info_finish_pending(local); 1068 1069 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 1070 if (!sdata || sdata == sta->sdata) 1071 WARN_ON(__sta_info_destroy(sta)); 1072 } 1073 mutex_unlock(&local->sta_mtx); 1074 1075 return ret; 1076} 1077 1078void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, 1079 unsigned long exp_time) 1080{ 1081 struct ieee80211_local *local = sdata->local; 1082 struct sta_info *sta, *tmp; 1083 1084 mutex_lock(&local->sta_mtx); 1085 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 1086 if (time_after(jiffies, sta->last_rx + exp_time)) { 1087#ifdef CONFIG_MAC80211_IBSS_DEBUG 1088 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n", 1089 sdata->name, sta->sta.addr); 1090#endif 1091 WARN_ON(__sta_info_destroy(sta)); 1092 } 1093 mutex_unlock(&local->sta_mtx); 1094} 1095 1096struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw, 1097 const u8 *addr, 1098 const u8 *localaddr) 1099{ 1100 struct sta_info *sta, *nxt; 1101 1102 /* 1103 * Just return a random station if localaddr is NULL 1104 * ... first in list. 1105 */ 1106 for_each_sta_info(hw_to_local(hw), addr, sta, nxt) { 1107 if (localaddr && 1108 compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0) 1109 continue; 1110 if (!sta->uploaded) 1111 return NULL; 1112 return &sta->sta; 1113 } 1114 1115 return NULL; 1116} 1117EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr); 1118 1119struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif, 1120 const u8 *addr) 1121{ 1122 struct sta_info *sta; 1123 1124 if (!vif) 1125 return NULL; 1126 1127 sta = sta_info_get_bss(vif_to_sdata(vif), addr); 1128 if (!sta) 1129 return NULL; 1130 1131 if (!sta->uploaded) 1132 return NULL; 1133 1134 return &sta->sta; 1135} 1136EXPORT_SYMBOL(ieee80211_find_sta); 1137 1138static void clear_sta_ps_flags(void *_sta) 1139{ 1140 struct sta_info *sta = _sta; 1141 1142 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 1143 clear_sta_flag(sta, WLAN_STA_PS_STA); 1144} 1145 1146/* powersave support code */ 1147void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) 1148{ 1149 struct ieee80211_sub_if_data *sdata = sta->sdata; 1150 struct ieee80211_local *local = sdata->local; 1151 struct sk_buff_head pending; 1152 int filtered = 0, buffered = 0, ac; 1153 1154 clear_sta_flag(sta, WLAN_STA_SP); 1155 1156 BUILD_BUG_ON(BITS_TO_LONGS(STA_TID_NUM) > 1); 1157 sta->driver_buffered_tids = 0; 1158 1159 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS)) 1160 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta); 1161 1162 skb_queue_head_init(&pending); 1163 1164 /* Send all buffered frames to the station */ 1165 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1166 int count = skb_queue_len(&pending), tmp; 1167 1168 skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending); 1169 tmp = skb_queue_len(&pending); 1170 filtered += tmp - count; 1171 count = tmp; 1172 1173 skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending); 1174 tmp = skb_queue_len(&pending); 1175 buffered += tmp - count; 1176 } 1177 1178 ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta); 1179 1180 local->total_ps_buffered -= buffered; 1181 1182 sta_info_recalc_tim(sta); 1183 1184#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1185 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 1186 "since STA not sleeping anymore\n", sdata->name, 1187 sta->sta.addr, sta->sta.aid, filtered, buffered); 1188#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1189} 1190 1191static void ieee80211_send_null_response(struct ieee80211_sub_if_data *sdata, 1192 struct sta_info *sta, int tid, 1193 enum ieee80211_frame_release_type reason) 1194{ 1195 struct ieee80211_local *local = sdata->local; 1196 struct ieee80211_qos_hdr *nullfunc; 1197 struct sk_buff *skb; 1198 int size = sizeof(*nullfunc); 1199 __le16 fc; 1200 bool qos = test_sta_flag(sta, WLAN_STA_WME); 1201 struct ieee80211_tx_info *info; 1202 1203 if (qos) { 1204 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | 1205 IEEE80211_STYPE_QOS_NULLFUNC | 1206 IEEE80211_FCTL_FROMDS); 1207 } else { 1208 size -= 2; 1209 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | 1210 IEEE80211_STYPE_NULLFUNC | 1211 IEEE80211_FCTL_FROMDS); 1212 } 1213 1214 skb = dev_alloc_skb(local->hw.extra_tx_headroom + size); 1215 if (!skb) 1216 return; 1217 1218 skb_reserve(skb, local->hw.extra_tx_headroom); 1219 1220 nullfunc = (void *) skb_put(skb, size); 1221 nullfunc->frame_control = fc; 1222 nullfunc->duration_id = 0; 1223 memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN); 1224 memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN); 1225 memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN); 1226 1227 skb->priority = tid; 1228 skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]); 1229 if (qos) { 1230 nullfunc->qos_ctrl = cpu_to_le16(tid); 1231 1232 if (reason == IEEE80211_FRAME_RELEASE_UAPSD) 1233 nullfunc->qos_ctrl |= 1234 cpu_to_le16(IEEE80211_QOS_CTL_EOSP); 1235 } 1236 1237 info = IEEE80211_SKB_CB(skb); 1238 1239 /* 1240 * Tell TX path to send this frame even though the 1241 * STA may still remain is PS mode after this frame 1242 * exchange. Also set EOSP to indicate this packet 1243 * ends the poll/service period. 1244 */ 1245 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE | 1246 IEEE80211_TX_STATUS_EOSP | 1247 IEEE80211_TX_CTL_REQ_TX_STATUS; 1248 1249 drv_allow_buffered_frames(local, sta, BIT(tid), 1, reason, false); 1250 1251 ieee80211_xmit(sdata, skb); 1252} 1253 1254static void 1255ieee80211_sta_ps_deliver_response(struct sta_info *sta, 1256 int n_frames, u8 ignored_acs, 1257 enum ieee80211_frame_release_type reason) 1258{ 1259 struct ieee80211_sub_if_data *sdata = sta->sdata; 1260 struct ieee80211_local *local = sdata->local; 1261 bool found = false; 1262 bool more_data = false; 1263 int ac; 1264 unsigned long driver_release_tids = 0; 1265 struct sk_buff_head frames; 1266 1267 /* Service or PS-Poll period starts */ 1268 set_sta_flag(sta, WLAN_STA_SP); 1269 1270 __skb_queue_head_init(&frames); 1271 1272 /* 1273 * Get response frame(s) and more data bit for it. 1274 */ 1275 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 1276 unsigned long tids; 1277 1278 if (ignored_acs & BIT(ac)) 1279 continue; 1280 1281 tids = ieee80211_tids_for_ac(ac); 1282 1283 if (!found) { 1284 driver_release_tids = sta->driver_buffered_tids & tids; 1285 if (driver_release_tids) { 1286 found = true; 1287 } else { 1288 struct sk_buff *skb; 1289 1290 while (n_frames > 0) { 1291 skb = skb_dequeue(&sta->tx_filtered[ac]); 1292 if (!skb) { 1293 skb = skb_dequeue( 1294 &sta->ps_tx_buf[ac]); 1295 if (skb) 1296 local->total_ps_buffered--; 1297 } 1298 if (!skb) 1299 break; 1300 n_frames--; 1301 found = true; 1302 __skb_queue_tail(&frames, skb); 1303 } 1304 } 1305 1306 /* 1307 * If the driver has data on more than one TID then 1308 * certainly there's more data if we release just a 1309 * single frame now (from a single TID). 1310 */ 1311 if (reason == IEEE80211_FRAME_RELEASE_PSPOLL && 1312 hweight16(driver_release_tids) > 1) { 1313 more_data = true; 1314 driver_release_tids = 1315 BIT(ffs(driver_release_tids) - 1); 1316 break; 1317 } 1318 } 1319 1320 if (!skb_queue_empty(&sta->tx_filtered[ac]) || 1321 !skb_queue_empty(&sta->ps_tx_buf[ac])) { 1322 more_data = true; 1323 break; 1324 } 1325 } 1326 1327 if (!found) { 1328 int tid; 1329 1330 /* 1331 * For PS-Poll, this can only happen due to a race condition 1332 * when we set the TIM bit and the station notices it, but 1333 * before it can poll for the frame we expire it. 1334 * 1335 * For uAPSD, this is said in the standard (11.2.1.5 h): 1336 * At each unscheduled SP for a non-AP STA, the AP shall 1337 * attempt to transmit at least one MSDU or MMPDU, but no 1338 * more than the value specified in the Max SP Length field 1339 * in the QoS Capability element from delivery-enabled ACs, 1340 * that are destined for the non-AP STA. 1341 * 1342 * Since we have no other MSDU/MMPDU, transmit a QoS null frame. 1343 */ 1344 1345 /* This will evaluate to 1, 3, 5 or 7. */ 1346 tid = 7 - ((ffs(~ignored_acs) - 1) << 1); 1347 1348 ieee80211_send_null_response(sdata, sta, tid, reason); 1349 return; 1350 } 1351 1352 if (!driver_release_tids) { 1353 struct sk_buff_head pending; 1354 struct sk_buff *skb; 1355 int num = 0; 1356 u16 tids = 0; 1357 1358 skb_queue_head_init(&pending); 1359 1360 while ((skb = __skb_dequeue(&frames))) { 1361 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1362 struct ieee80211_hdr *hdr = (void *) skb->data; 1363 u8 *qoshdr = NULL; 1364 1365 num++; 1366 1367 /* 1368 * Tell TX path to send this frame even though the 1369 * STA may still remain is PS mode after this frame 1370 * exchange. 1371 */ 1372 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE; 1373 1374 /* 1375 * Use MoreData flag to indicate whether there are 1376 * more buffered frames for this STA 1377 */ 1378 if (more_data || !skb_queue_empty(&frames)) 1379 hdr->frame_control |= 1380 cpu_to_le16(IEEE80211_FCTL_MOREDATA); 1381 else 1382 hdr->frame_control &= 1383 cpu_to_le16(~IEEE80211_FCTL_MOREDATA); 1384 1385 if (ieee80211_is_data_qos(hdr->frame_control) || 1386 ieee80211_is_qos_nullfunc(hdr->frame_control)) 1387 qoshdr = ieee80211_get_qos_ctl(hdr); 1388 1389 /* set EOSP for the frame */ 1390 if (reason == IEEE80211_FRAME_RELEASE_UAPSD && 1391 qoshdr && skb_queue_empty(&frames)) 1392 *qoshdr |= IEEE80211_QOS_CTL_EOSP; 1393 1394 info->flags |= IEEE80211_TX_STATUS_EOSP | 1395 IEEE80211_TX_CTL_REQ_TX_STATUS; 1396 1397 if (qoshdr) 1398 tids |= BIT(*qoshdr & IEEE80211_QOS_CTL_TID_MASK); 1399 else 1400 tids |= BIT(0); 1401 1402 __skb_queue_tail(&pending, skb); 1403 } 1404 1405 drv_allow_buffered_frames(local, sta, tids, num, 1406 reason, more_data); 1407 1408 ieee80211_add_pending_skbs(local, &pending); 1409 1410 sta_info_recalc_tim(sta); 1411 } else { 1412 /* 1413 * We need to release a frame that is buffered somewhere in the 1414 * driver ... it'll have to handle that. 1415 * Note that, as per the comment above, it'll also have to see 1416 * if there is more than just one frame on the specific TID that 1417 * we're releasing from, and it needs to set the more-data bit 1418 * accordingly if we tell it that there's no more data. If we do 1419 * tell it there's more data, then of course the more-data bit 1420 * needs to be set anyway. 1421 */ 1422 drv_release_buffered_frames(local, sta, driver_release_tids, 1423 n_frames, reason, more_data); 1424 1425 /* 1426 * Note that we don't recalculate the TIM bit here as it would 1427 * most likely have no effect at all unless the driver told us 1428 * that the TID became empty before returning here from the 1429 * release function. 1430 * Either way, however, when the driver tells us that the TID 1431 * became empty we'll do the TIM recalculation. 1432 */ 1433 } 1434} 1435 1436void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta) 1437{ 1438 u8 ignore_for_response = sta->sta.uapsd_queues; 1439 1440 /* 1441 * If all ACs are delivery-enabled then we should reply 1442 * from any of them, if only some are enabled we reply 1443 * only from the non-enabled ones. 1444 */ 1445 if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1) 1446 ignore_for_response = 0; 1447 1448 ieee80211_sta_ps_deliver_response(sta, 1, ignore_for_response, 1449 IEEE80211_FRAME_RELEASE_PSPOLL); 1450} 1451 1452void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta) 1453{ 1454 int n_frames = sta->sta.max_sp; 1455 u8 delivery_enabled = sta->sta.uapsd_queues; 1456 1457 /* 1458 * If we ever grow support for TSPEC this might happen if 1459 * the TSPEC update from hostapd comes in between a trigger 1460 * frame setting WLAN_STA_UAPSD in the RX path and this 1461 * actually getting called. 1462 */ 1463 if (!delivery_enabled) 1464 return; 1465 1466 switch (sta->sta.max_sp) { 1467 case 1: 1468 n_frames = 2; 1469 break; 1470 case 2: 1471 n_frames = 4; 1472 break; 1473 case 3: 1474 n_frames = 6; 1475 break; 1476 case 0: 1477 /* XXX: what is a good value? */ 1478 n_frames = 8; 1479 break; 1480 } 1481 1482 ieee80211_sta_ps_deliver_response(sta, n_frames, ~delivery_enabled, 1483 IEEE80211_FRAME_RELEASE_UAPSD); 1484} 1485 1486void ieee80211_sta_block_awake(struct ieee80211_hw *hw, 1487 struct ieee80211_sta *pubsta, bool block) 1488{ 1489 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 1490 1491 trace_api_sta_block_awake(sta->local, pubsta, block); 1492 1493 if (block) 1494 set_sta_flag(sta, WLAN_STA_PS_DRIVER); 1495 else if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) 1496 ieee80211_queue_work(hw, &sta->drv_unblock_wk); 1497} 1498EXPORT_SYMBOL(ieee80211_sta_block_awake); 1499 1500void ieee80211_sta_eosp_irqsafe(struct ieee80211_sta *pubsta) 1501{ 1502 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 1503 struct ieee80211_local *local = sta->local; 1504 struct sk_buff *skb; 1505 struct skb_eosp_msg_data *data; 1506 1507 trace_api_eosp(local, pubsta); 1508 1509 skb = alloc_skb(0, GFP_ATOMIC); 1510 if (!skb) { 1511 /* too bad ... but race is better than loss */ 1512 clear_sta_flag(sta, WLAN_STA_SP); 1513 return; 1514 } 1515 1516 data = (void *)skb->cb; 1517 memcpy(data->sta, pubsta->addr, ETH_ALEN); 1518 memcpy(data->iface, sta->sdata->vif.addr, ETH_ALEN); 1519 skb->pkt_type = IEEE80211_EOSP_MSG; 1520 skb_queue_tail(&local->skb_queue, skb); 1521 tasklet_schedule(&local->tasklet); 1522} 1523EXPORT_SYMBOL(ieee80211_sta_eosp_irqsafe); 1524 1525void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta, 1526 u8 tid, bool buffered) 1527{ 1528 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 1529 1530 if (WARN_ON(tid >= STA_TID_NUM)) 1531 return; 1532 1533 if (buffered) 1534 set_bit(tid, &sta->driver_buffered_tids); 1535 else 1536 clear_bit(tid, &sta->driver_buffered_tids); 1537 1538 sta_info_recalc_tim(sta); 1539} 1540EXPORT_SYMBOL(ieee80211_sta_set_buffered); 1541