agg-tx.c 20.2 KB
Newer Older
J
Johannes Berg 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 * HT handling
 *
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 * Copyright 2007-2009, Intel Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/ieee80211.h>
17
#include <linux/slab.h>
J
Johannes Berg 已提交
18 19
#include <net/mac80211.h>
#include "ieee80211_i.h"
20
#include "driver-ops.h"
J
Johannes Berg 已提交
21 22
#include "wme.h"

23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
/**
 * DOC: TX aggregation
 *
 * Aggregation on the TX side requires setting the hardware flag
 * %IEEE80211_HW_AMPDU_AGGREGATION as well as, if present, the @ampdu_queues
 * hardware parameter to the number of hardware AMPDU queues. If there are no
 * hardware queues then the driver will (currently) have to do all frame
 * buffering.
 *
 * When TX aggregation is started by some subsystem (usually the rate control
 * algorithm would be appropriate) by calling the
 * ieee80211_start_tx_ba_session() function, the driver will be notified via
 * its @ampdu_action function, with the %IEEE80211_AMPDU_TX_START action.
 *
 * In response to that, the driver is later required to call the
 * ieee80211_start_tx_ba_cb() (or ieee80211_start_tx_ba_cb_irqsafe())
 * function, which will start the aggregation session.
 *
 * Similarly, when the aggregation session is stopped by
 * ieee80211_stop_tx_ba_session(), the driver's @ampdu_action function will
 * be called with the action %IEEE80211_AMPDU_TX_STOP. In this case, the
 * call must not fail, and the driver must later call ieee80211_stop_tx_ba_cb()
 * (or ieee80211_stop_tx_ba_cb_irqsafe()).
 */

J
Johannes Berg 已提交
48 49 50 51 52 53 54 55 56 57 58 59 60 61
static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
					 const u8 *da, u16 tid,
					 u8 dialog_token, u16 start_seq_num,
					 u16 agg_size, u16 timeout)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);

	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer "
62
				"for addba request frame\n", sdata->name);
J
Johannes Berg 已提交
63 64 65 66 67 68
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
69
	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
70 71
	if (sdata->vif.type == NL80211_IFTYPE_AP ||
	    sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
72
		memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
73 74
	else if (sdata->vif.type == NL80211_IFTYPE_STATION)
		memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
J
Johannes Berg 已提交
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94

	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));

	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;

	mgmt->u.action.u.addba_req.dialog_token = dialog_token;
	capab = (u16)(1 << 1);		/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(agg_size << 6);	/* bit 15:6 max size of aggergation */

	mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);

	mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_req.start_seq_num =
					cpu_to_le16(start_seq_num << 4);

95
	ieee80211_tx_skb(sdata, skb);
J
Johannes Berg 已提交
96 97 98 99 100 101 102 103 104 105 106 107
}

void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_bar *bar;
	u16 bar_control = 0;

	skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
	if (!skb) {
		printk(KERN_ERR "%s: failed to allocate buffer for "
108
			"bar frame\n", sdata->name);
J
Johannes Berg 已提交
109 110 111 112 113 114 115 116
		return;
	}
	skb_reserve(skb, local->hw.extra_tx_headroom);
	bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar));
	memset(bar, 0, sizeof(*bar));
	bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
					 IEEE80211_STYPE_BACK_REQ);
	memcpy(bar->ra, ra, ETH_ALEN);
117
	memcpy(bar->ta, sdata->vif.addr, ETH_ALEN);
J
Johannes Berg 已提交
118 119 120 121 122 123
	bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
	bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
	bar_control |= (u16)(tid << 12);
	bar->control = cpu_to_le16(bar_control);
	bar->start_seq_num = cpu_to_le16(ssn);

124 125
	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
	ieee80211_tx_skb(sdata, skb);
J
Johannes Berg 已提交
126 127
}

128 129 130 131 132 133 134 135 136 137 138
static void kfree_tid_tx(struct rcu_head *rcu_head)
{
	struct tid_ampdu_tx *tid_tx =
	    container_of(rcu_head, struct tid_ampdu_tx, rcu_head);

	kfree(tid_tx);
}

static int ___ieee80211_stop_tx_ba_session(
		struct sta_info *sta, u16 tid,
		enum ieee80211_back_parties initiator)
139
{
140
	struct ieee80211_local *local = sta->local;
141
	struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid];
142
	int ret;
143 144 145 146 147

	lockdep_assert_held(&sta->lock);

	if (WARN_ON(!tid_tx))
		return -ENOENT;
148

149 150 151 152 153
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n",
	       sta->sta.addr, tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

154
	set_bit(HT_AGG_STATE_STOPPING, &tid_tx->state);
155

156 157 158 159 160 161
	/*
	 * After this packets are no longer handed right through
	 * to the driver but are put onto tid_tx->pending instead,
	 * with locking to ensure proper access.
	 */
	clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
162

163
	tid_tx->stop_initiator = initiator;
164

J
Johannes Berg 已提交
165
	ret = drv_ampdu_action(local, sta->sdata,
166
			       IEEE80211_AMPDU_TX_STOP,
167
			       &sta->sta, tid, NULL);
168 169 170

	/* HW shall not deny going back to legacy */
	if (WARN_ON(ret)) {
171 172 173 174
		/*
		 * We may have pending packets get stuck in this case...
		 * Not bothering with a workaround for now.
		 */
175 176 177 178 179
	}

	return ret;
}

J
Johannes Berg 已提交
180 181 182 183 184 185 186 187 188 189 190 191
/*
 * After sending add Block Ack request we activated a timer until
 * add Block Ack response will arrive from the recipient.
 * If this timer expires sta_addba_resp_timer_expired will be executed.
 */
static void sta_addba_resp_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and both sta_info and TID are needed, so init
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
	 * array gives the sta through container_of */
	u16 tid = *(u8 *)data;
192
	struct sta_info *sta = container_of((void *)data,
J
Johannes Berg 已提交
193
		struct sta_info, timer_to_tid[tid]);
194
	struct tid_ampdu_tx *tid_tx;
195

J
Johannes Berg 已提交
196 197
	/* check if the TID waits for addBA response */
	spin_lock_bh(&sta->lock);
198 199 200
	tid_tx = sta->ampdu_mlme.tid_tx[tid];
	if (!tid_tx ||
	    test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) {
J
Johannes Berg 已提交
201 202 203
		spin_unlock_bh(&sta->lock);
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "timer expired on tid %d but we are not "
J
Johannes Berg 已提交
204
				"(or no longer) expecting addBA response there\n",
205
			tid);
J
Johannes Berg 已提交
206
#endif
207
		return;
J
Johannes Berg 已提交
208 209 210 211 212 213
	}

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
#endif

214
	___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR);
J
Johannes Berg 已提交
215 216 217
	spin_unlock_bh(&sta->lock);
}

218 219 220 221 222
static inline int ieee80211_ac_from_tid(int tid)
{
	return ieee802_1d_to_ac[tid & 7];
}

223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257
/*
 * When multiple aggregation sessions on multiple stations
 * are being created/destroyed simultaneously, we need to
 * refcount the global queue stop caused by that in order
 * to not get into a situation where one of the aggregation
 * setup or teardown re-enables queues before the other is
 * ready to handle that.
 *
 * These two functions take care of this issue by keeping
 * a global "agg_queue_stop" refcount.
 */
static void __acquires(agg_queue)
ieee80211_stop_queue_agg(struct ieee80211_local *local, int tid)
{
	int queue = ieee80211_ac_from_tid(tid);

	if (atomic_inc_return(&local->agg_queue_stop[queue]) == 1)
		ieee80211_stop_queue_by_reason(
			&local->hw, queue,
			IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
	__acquire(agg_queue);
}

static void __releases(agg_queue)
ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid)
{
	int queue = ieee80211_ac_from_tid(tid);

	if (atomic_dec_return(&local->agg_queue_stop[queue]) == 0)
		ieee80211_wake_queue_by_reason(
			&local->hw, queue,
			IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
	__release(agg_queue);
}

258
int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
J
Johannes Berg 已提交
259
{
260 261 262
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
263
	struct tid_ampdu_tx *tid_tx;
264
	int ret = 0;
265
	u16 start_seq_num;
J
Johannes Berg 已提交
266

J
Johannes Berg 已提交
267 268
	trace_api_start_tx_ba_session(pubsta, tid);

269 270 271
	if (WARN_ON(!local->ops->ampdu_action))
		return -EINVAL;

272 273
	if ((tid >= STA_TID_NUM) ||
	    !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION))
J
Johannes Berg 已提交
274 275 276 277
		return -EINVAL;

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n",
278
	       pubsta->addr, tid);
J
Johannes Berg 已提交
279 280
#endif /* CONFIG_MAC80211_HT_DEBUG */

281 282 283 284 285 286
	/*
	 * The aggregation code is not prepared to handle
	 * anything but STA/AP due to the BSSID handling.
	 * IBSS could work in the code but isn't supported
	 * by drivers or the standard.
	 */
287 288 289 290
	if (sdata->vif.type != NL80211_IFTYPE_STATION &&
	    sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
	    sdata->vif.type != NL80211_IFTYPE_AP)
		return -EINVAL;
291

292
	if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) {
293
#ifdef CONFIG_MAC80211_HT_DEBUG
294
		printk(KERN_DEBUG "BA sessions blocked. "
295 296
		       "Denying BA session request\n");
#endif
297
		return -EINVAL;
298 299
	}

J
Johannes Berg 已提交
300 301 302 303 304 305 306 307
	spin_lock_bh(&sta->lock);

	/* we have tried too many times, receiver does not want A-MPDU */
	if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
		ret = -EBUSY;
		goto err_unlock_sta;
	}

308
	tid_tx = sta->ampdu_mlme.tid_tx[tid];
J
Johannes Berg 已提交
309
	/* check if the TID is not in aggregation flow already */
310
	if (tid_tx) {
J
Johannes Berg 已提交
311 312 313 314 315 316 317 318
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "BA request denied - session is not "
				 "idle on tid %u\n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		ret = -EAGAIN;
		goto err_unlock_sta;
	}

319 320 321 322 323 324 325
	/*
	 * While we're asking the driver about the aggregation,
	 * stop the AC queue so that we don't have to worry
	 * about frames that came in while we were doing that,
	 * which would require us to put them to the AC pending
	 * afterwards which just makes the code more complex.
	 */
326
	ieee80211_stop_queue_agg(local, tid);
327

J
Johannes Berg 已提交
328
	/* prepare A-MPDU MLME for Tx aggregation */
329 330
	tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
	if (!tid_tx) {
J
Johannes Berg 已提交
331 332 333 334 335 336
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
			printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
					tid);
#endif
		ret = -ENOMEM;
337
		goto err_wake_queue;
J
Johannes Berg 已提交
338
	}
339

340
	skb_queue_head_init(&tid_tx->pending);
341

J
Johannes Berg 已提交
342
	/* Tx timer */
343 344 345
	tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired;
	tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	init_timer(&tid_tx->addba_resp_timer);
J
Johannes Berg 已提交
346

347
	start_seq_num = sta->tid_seq[tid] >> 4;
J
Johannes Berg 已提交
348

J
Johannes Berg 已提交
349
	ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START,
350
			       pubsta, tid, &start_seq_num);
J
Johannes Berg 已提交
351 352 353 354 355
	if (ret) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "BA request denied - HW unavailable for"
					" tid %d\n", tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */
356
		goto err_free;
J
Johannes Berg 已提交
357 358
	}

359 360
	rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx);

361
	/* Driver vetoed or OKed, but we can take packets again now */
362
	ieee80211_wake_queue_agg(local, tid);
J
Johannes Berg 已提交
363

364 365 366 367 368 369 370
	/* activate the timer for the recipient's addBA response */
	tid_tx->addba_resp_timer.expires = jiffies + ADDBA_RESP_INTERVAL;
	add_timer(&tid_tx->addba_resp_timer);
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
#endif

371
	/* prepare tid data */
J
Johannes Berg 已提交
372
	sta->ampdu_mlme.dialog_token_allocator++;
373 374 375 376
	tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator;
	tid_tx->ssn = start_seq_num;

	sta->ampdu_mlme.addba_req_num[tid]++;
J
Johannes Berg 已提交
377

378 379 380
	spin_unlock_bh(&sta->lock);

	/* send AddBA request */
381
	ieee80211_send_addba_request(sdata, pubsta->addr, tid,
382
			 tid_tx->dialog_token, tid_tx->ssn,
J
Johannes Berg 已提交
383
			 0x40, 5000);
384
	return 0;
J
Johannes Berg 已提交
385

386
 err_free:
387
	kfree(tid_tx);
388
 err_wake_queue:
389
	ieee80211_wake_queue_agg(local, tid);
390
 err_unlock_sta:
J
Johannes Berg 已提交
391 392 393 394 395
	spin_unlock_bh(&sta->lock);
	return ret;
}
EXPORT_SYMBOL(ieee80211_start_tx_ba_session);

396 397
/*
 * splice packets from the STA's pending to the local pending,
398
 * requires a call to ieee80211_agg_splice_finish later
399
 */
400 401 402
static void __acquires(agg_queue)
ieee80211_agg_splice_packets(struct ieee80211_local *local,
			     struct tid_ampdu_tx *tid_tx, u16 tid)
403
{
404
	int queue = ieee80211_ac_from_tid(tid);
405 406
	unsigned long flags;

407
	ieee80211_stop_queue_agg(local, tid);
408

409 410
	if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates"
			  " from the pending queue\n", tid))
411 412
		return;

413
	if (!skb_queue_empty(&tid_tx->pending)) {
414 415
		spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
		/* copy over remaining packets */
416 417
		skb_queue_splice_tail_init(&tid_tx->pending,
					   &local->pending[queue]);
418 419 420 421
		spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
	}
}

422 423
static void __releases(agg_queue)
ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid)
424
{
425
	ieee80211_wake_queue_agg(local, tid);
426 427 428
}

/* caller must hold sta->lock */
429 430 431
static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
					 struct sta_info *sta, u16 tid)
{
432 433
	lockdep_assert_held(&sta->lock);

434
#ifdef CONFIG_MAC80211_HT_DEBUG
435
	printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid);
436 437
#endif

438
	ieee80211_agg_splice_packets(local, sta->ampdu_mlme.tid_tx[tid], tid);
439
	/*
440 441 442
	 * Now mark as operational. This will be visible
	 * in the TX path, and lets it go lock-free in
	 * the common case.
443
	 */
444 445
	set_bit(HT_AGG_STATE_OPERATIONAL, &sta->ampdu_mlme.tid_tx[tid]->state);
	ieee80211_agg_splice_finish(local, tid);
446

J
Johannes Berg 已提交
447
	drv_ampdu_action(local, sta->sdata,
448
			 IEEE80211_AMPDU_TX_OPERATIONAL,
449
			 &sta->sta, tid, NULL);
450 451
}

452
void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
J
Johannes Berg 已提交
453
{
454 455
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct ieee80211_local *local = sdata->local;
J
Johannes Berg 已提交
456
	struct sta_info *sta;
457
	struct tid_ampdu_tx *tid_tx;
J
Johannes Berg 已提交
458

J
Johannes Berg 已提交
459 460
	trace_api_start_tx_ba_cb(sdata, ra, tid);

J
Johannes Berg 已提交
461 462 463 464 465 466 467 468 469
	if (tid >= STA_TID_NUM) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
				tid, STA_TID_NUM);
#endif
		return;
	}

	rcu_read_lock();
470
	sta = sta_info_get(sdata, ra);
J
Johannes Berg 已提交
471 472 473 474 475 476 477 478 479
	if (!sta) {
		rcu_read_unlock();
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Could not find station: %pM\n", ra);
#endif
		return;
	}

	spin_lock_bh(&sta->lock);
480
	tid_tx = sta->ampdu_mlme.tid_tx[tid];
J
Johannes Berg 已提交
481

482
	if (WARN_ON(!tid_tx)) {
J
Johannes Berg 已提交
483
#ifdef CONFIG_MAC80211_HT_DEBUG
484
		printk(KERN_DEBUG "addBA was not requested!\n");
J
Johannes Berg 已提交
485 486 487 488 489 490
#endif
		spin_unlock_bh(&sta->lock);
		rcu_read_unlock();
		return;
	}

491
	if (WARN_ON(test_and_set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)))
492
		goto out;
J
Johannes Berg 已提交
493

494
	if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state))
495
		ieee80211_agg_tx_operational(local, sta, tid);
496 497

 out:
J
Johannes Berg 已提交
498 499 500 501
	spin_unlock_bh(&sta->lock);
	rcu_read_unlock();
}

502
void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
503 504
				      const u8 *ra, u16 tid)
{
505 506
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct ieee80211_local *local = sdata->local;
507 508 509 510 511 512 513
	struct ieee80211_ra_tid *ra_tid;
	struct sk_buff *skb = dev_alloc_skb(0);

	if (unlikely(!skb)) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
			printk(KERN_WARNING "%s: Not enough memory, "
514
			       "dropping start BA session", sdata->name);
515 516 517 518 519 520 521
#endif
		return;
	}
	ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
	memcpy(&ra_tid->ra, ra, ETH_ALEN);
	ra_tid->tid = tid;

522 523 524
	skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_START;
	skb_queue_tail(&sdata->skb_queue, skb);
	ieee80211_queue_work(&local->hw, &sdata->work);
525 526 527
}
EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);

528 529 530
int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
				   enum ieee80211_back_parties initiator)
{
531
	struct tid_ampdu_tx *tid_tx;
532 533 534
	int ret;

	spin_lock_bh(&sta->lock);
535
	tid_tx = sta->ampdu_mlme.tid_tx[tid];
536

537 538
	/* check if the TID is in aggregation */
	if (!tid_tx || !test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
539 540 541 542 543 544 545 546 547 548
		ret = -ENOENT;
		goto unlock;
	}

	ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator);

 unlock:
	spin_unlock_bh(&sta->lock);
	return ret;
}
J
Johannes Berg 已提交
549

550
int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
J
Johannes Berg 已提交
551
{
552 553 554
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
J
Johannes Berg 已提交
555

556
	trace_api_stop_tx_ba_session(pubsta, tid);
J
Johannes Berg 已提交
557

J
Johannes Berg 已提交
558
	if (!local->ops->ampdu_action)
559 560
		return -EINVAL;

J
Johannes Berg 已提交
561 562 563
	if (tid >= STA_TID_NUM)
		return -EINVAL;

564
	return __ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR);
J
Johannes Berg 已提交
565 566 567
}
EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);

568
void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
J
Johannes Berg 已提交
569
{
570 571
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct ieee80211_local *local = sdata->local;
J
Johannes Berg 已提交
572
	struct sta_info *sta;
573
	struct tid_ampdu_tx *tid_tx;
J
Johannes Berg 已提交
574

J
Johannes Berg 已提交
575 576
	trace_api_stop_tx_ba_cb(sdata, ra, tid);

J
Johannes Berg 已提交
577 578 579 580 581 582 583 584 585 586 587 588 589 590
	if (tid >= STA_TID_NUM) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
				tid, STA_TID_NUM);
#endif
		return;
	}

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n",
	       ra, tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	rcu_read_lock();
591
	sta = sta_info_get(sdata, ra);
J
Johannes Berg 已提交
592 593 594 595 596 597 598 599
	if (!sta) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Could not find station: %pM\n", ra);
#endif
		rcu_read_unlock();
		return;
	}

600 601 602 603
	spin_lock_bh(&sta->lock);
	tid_tx = sta->ampdu_mlme.tid_tx[tid];

	if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
J
Johannes Berg 已提交
604 605 606
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");
#endif
607
		spin_unlock_bh(&sta->lock);
J
Johannes Berg 已提交
608 609 610 611
		rcu_read_unlock();
		return;
	}

612
	if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR)
J
Johannes Berg 已提交
613 614 615
		ieee80211_send_delba(sta->sdata, ra, tid,
			WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);

616 617 618 619 620 621 622 623 624
	/*
	 * When we get here, the TX path will not be lockless any more wrt.
	 * aggregation, since the OPERATIONAL bit has long been cleared.
	 * Thus it will block on getting the lock, if it occurs. So if we
	 * stop the queue now, we will not get any more packets, and any
	 * that might be being processed will wait for us here, thereby
	 * guaranteeing that no packets go to the tid_tx pending queue any
	 * more.
	 */
J
Johannes Berg 已提交
625

626
	ieee80211_agg_splice_packets(local, tid_tx, tid);
627

628 629
	/* future packets must not find the tid_tx struct any more */
	rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL);
630

631
	ieee80211_agg_splice_finish(local, tid);
632

633
	call_rcu(&tid_tx->rcu_head, kfree_tid_tx);
J
Johannes Berg 已提交
634

635
	spin_unlock_bh(&sta->lock);
J
Johannes Berg 已提交
636 637 638
	rcu_read_unlock();
}

639
void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
J
Johannes Berg 已提交
640 641
				     const u8 *ra, u16 tid)
{
642 643
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct ieee80211_local *local = sdata->local;
J
Johannes Berg 已提交
644 645 646 647 648 649 650
	struct ieee80211_ra_tid *ra_tid;
	struct sk_buff *skb = dev_alloc_skb(0);

	if (unlikely(!skb)) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		if (net_ratelimit())
			printk(KERN_WARNING "%s: Not enough memory, "
651
			       "dropping stop BA session", sdata->name);
J
Johannes Berg 已提交
652 653 654 655 656 657 658
#endif
		return;
	}
	ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
	memcpy(&ra_tid->ra, ra, ETH_ALEN);
	ra_tid->tid = tid;

659 660 661
	skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_STOP;
	skb_queue_tail(&sdata->skb_queue, skb);
	ieee80211_queue_work(&local->hw, &sdata->work);
J
Johannes Berg 已提交
662 663 664
}
EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe);

665

J
Johannes Berg 已提交
666 667 668 669 670
void ieee80211_process_addba_resp(struct ieee80211_local *local,
				  struct sta_info *sta,
				  struct ieee80211_mgmt *mgmt,
				  size_t len)
{
671
	struct tid_ampdu_tx *tid_tx;
672
	u16 capab, tid;
J
Johannes Berg 已提交
673 674 675 676 677 678

	capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;

	spin_lock_bh(&sta->lock);

679 680 681
	tid_tx = sta->ampdu_mlme.tid_tx[tid];

	if (!tid_tx)
682
		goto out;
J
Johannes Berg 已提交
683

684
	if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) {
J
Johannes Berg 已提交
685 686
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
687
#endif
688
		goto out;
J
Johannes Berg 已提交
689 690
	}

691
	del_timer(&tid_tx->addba_resp_timer);
692

J
Johannes Berg 已提交
693
#ifdef CONFIG_MAC80211_HT_DEBUG
694
	printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid);
695
#endif
J
Johannes Berg 已提交
696

J
Johannes Berg 已提交
697 698
	if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
			== WLAN_STATUS_SUCCESS) {
699 700 701 702 703
		if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED,
				     &tid_tx->state)) {
			/* ignore duplicate response */
			goto out;
		}
J
Johannes Berg 已提交
704

705
		if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))
706
			ieee80211_agg_tx_operational(local, sta, tid);
J
Johannes Berg 已提交
707

708
		sta->ampdu_mlme.addba_req_num[tid] = 0;
J
Johannes Berg 已提交
709
	} else {
710
		___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR);
J
Johannes Berg 已提交
711
	}
J
Johannes Berg 已提交
712 713

 out:
714
	spin_unlock_bh(&sta->lock);
J
Johannes Berg 已提交
715
}