sta_info.c 25.3 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
17
#include <linux/timer.h>
18
#include <linux/rtnetlink.h>
19 20 21

#include <net/mac80211.h>
#include "ieee80211_i.h"
22
#include "driver-ops.h"
J
Johannes Berg 已提交
23
#include "rate.h"
24
#include "sta_info.h"
J
Jiri Benc 已提交
25
#include "debugfs_sta.h"
26
#include "mesh.h"
27

28 29 30 31 32 33 34
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
35 36 37 38 39 40 41 42
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
43 44 45
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
46
 *
47
 * Station entries are added by mac80211 when you establish a link with a
48 49 50
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
 * receive an assocation response from the AP. For IBSS this occurs when
51 52 53
 * get to know about a peer on the same IBSS. For WDS we add the sta for
 * the peer imediately upon device open. When using AP mode we add stations
 * for each respective station upon request from userspace through nl80211.
54
 *
55 56
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
57
 *
58 59 60 61
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
62
 */
63 64

/* Caller must hold local->sta_lock */
65 66
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
67 68 69
{
	struct sta_info *s;

70
	s = local->sta_hash[STA_HASH(sta->sta.addr)];
71
	if (!s)
72 73
		return -ENOENT;
	if (s == sta) {
74
		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
75
				   s->hnext);
76
		return 0;
77 78
	}

79
	while (s->hnext && s->hnext != sta)
80
		s = s->hnext;
81
	if (s->hnext) {
82
		rcu_assign_pointer(s->hnext, sta->hnext);
83 84
		return 0;
	}
85

86
	return -ENOENT;
87 88
}

89
/* protected by RCU */
90 91
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
92
{
93
	struct ieee80211_local *local = sdata->local;
94 95
	struct sta_info *sta;

96 97 98 99
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    rcu_read_lock_held() ||
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
100
	while (sta) {
101 102
		if (sta->sdata == sdata &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
103
			break;
104 105 106 107
		sta = rcu_dereference_check(sta->hnext,
					    rcu_read_lock_held() ||
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
108
	}
109 110 111
	return sta;
}

112 113 114 115 116 117 118 119 120 121
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

122 123 124 125
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    rcu_read_lock_held() ||
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
126 127
	while (sta) {
		if ((sta->sdata == sdata ||
128
		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
129 130
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
131 132 133 134
		sta = rcu_dereference_check(sta->hnext,
					    rcu_read_lock_held() ||
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
135 136 137 138
	}
	return sta;
}

139 140
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
141
{
142
	struct ieee80211_local *local = sdata->local;
143 144 145
	struct sta_info *sta;
	int i = 0;

146
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
147
		if (sdata != sta->sdata)
148
			continue;
149 150 151 152
		if (i < idx) {
			++i;
			continue;
		}
153
		return sta;
154 155 156 157
	}

	return NULL;
}
158

159 160 161
/**
 * __sta_info_free - internal STA free helper
 *
R
Randy Dunlap 已提交
162
 * @local: pointer to the global information
163 164 165 166 167 168 169 170
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
 * that may happen before sta_info_insert().
 */
static void __sta_info_free(struct ieee80211_local *local,
			    struct sta_info *sta)
{
171 172 173 174
	if (sta->rate_ctrl) {
		rate_control_free_sta(sta);
		rate_control_put(sta->rate_ctrl);
	}
175 176

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
177
	wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
178 179 180 181 182
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

	kfree(sta);
}

183 184 185
/* Caller must hold local->sta_lock */
static void sta_info_hash_add(struct ieee80211_local *local,
			      struct sta_info *sta)
186
{
187 188
	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
189 190
}

191 192 193 194 195 196 197 198 199 200 201
static void sta_unblock(struct work_struct *wk)
{
	struct sta_info *sta;

	sta = container_of(wk, struct sta_info, drv_unblock_wk);

	if (sta->dead)
		return;

	if (!test_sta_flags(sta, WLAN_STA_PS_STA))
		ieee80211_sta_ps_deliver_wakeup(sta);
202 203
	else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) {
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
204
		ieee80211_sta_ps_deliver_poll_response(sta);
205 206
	} else
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
207 208
}

209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
		return 0;

	sta->rate_ctrl = rate_control_get(local->rate_ctrl);
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
						     &sta->sta, gfp);
	if (!sta->rate_ctrl_priv) {
		rate_control_put(sta->rate_ctrl);
		return -ENOMEM;
	}

	return 0;
}

J
Johannes Berg 已提交
226 227
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
				u8 *addr, gfp_t gfp)
228
{
229
	struct ieee80211_local *local = sdata->local;
230
	struct sta_info *sta;
231
	int i;
232

233
	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
234
	if (!sta)
J
Johannes Berg 已提交
235
		return NULL;
236

237
	spin_lock_init(&sta->lock);
238
	spin_lock_init(&sta->flaglock);
239
	INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
J
Johannes Berg 已提交
240
	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
241
	mutex_init(&sta->ampdu_mlme.mtx);
242

243
	memcpy(sta->sta.addr, addr, ETH_ALEN);
244 245
	sta->local = local;
	sta->sdata = sdata;
246

247 248
	ewma_init(&sta->avg_signal, 1024, 8);

249
	if (sta_prepare_rate_control(local, sta, gfp)) {
250
		kfree(sta);
J
Johannes Berg 已提交
251
		return NULL;
252 253
	}

254
	for (i = 0; i < STA_TID_NUM; i++) {
255 256 257 258 259
		/*
		 * timer_to_tid must be initialized with identity mapping
		 * to enable session_timer's data differentiation. See
		 * sta_rx_agg_session_timer_expired for usage.
		 */
260 261
		sta->timer_to_tid[i] = i;
	}
262 263
	skb_queue_head_init(&sta->ps_tx_buf);
	skb_queue_head_init(&sta->tx_filtered);
J
Johannes Berg 已提交
264

265
	for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
266
		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
267

J
Johannes Berg 已提交
268
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
269
	wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr);
J
Johannes Berg 已提交
270 271
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

272
#ifdef CONFIG_MAC80211_MESH
273
	sta->plink_state = PLINK_LISTEN;
274 275 276
	init_timer(&sta->plink_timer);
#endif

J
Johannes Berg 已提交
277 278 279
	return sta;
}

280
static int sta_info_finish_insert(struct sta_info *sta, bool async)
J
Johannes Berg 已提交
281 282 283
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
284
	struct station_info sinfo;
J
Johannes Berg 已提交
285
	unsigned long flags;
286
	int err = 0;
J
Johannes Berg 已提交
287

288
	lockdep_assert_held(&local->sta_mtx);
289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305

	/* notify driver */
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		sdata = container_of(sdata->bss,
				     struct ieee80211_sub_if_data,
				     u.ap);
	err = drv_sta_add(local, sdata, &sta->sta);
	if (err) {
		if (!async)
			return err;
		printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
				  " - keeping it anyway.\n",
		       sdata->name, sta->sta.addr, err);
	} else {
		sta->uploaded = true;
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
		if (async)
J
Joe Perches 已提交
306 307 308
			wiphy_debug(local->hw.wiphy,
				    "Finished adding IBSS STA %pM\n",
				    sta->sta.addr);
309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373
#endif
	}

	sdata = sta->sdata;

	if (!async) {
		local->num_sta++;
		local->sta_generation++;
		smp_mb();

		/* make the station visible */
		spin_lock_irqsave(&local->sta_lock, flags);
		sta_info_hash_add(local, sta);
		spin_unlock_irqrestore(&local->sta_lock, flags);
	}

	list_add(&sta->list, &local->sta_list);

	ieee80211_sta_debugfs_add(sta);
	rate_control_add_sta_debugfs(sta);

	sinfo.filled = 0;
	sinfo.generation = local->sta_generation;
	cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);


	return 0;
}

static void sta_info_finish_pending(struct ieee80211_local *local)
{
	struct sta_info *sta;
	unsigned long flags;

	spin_lock_irqsave(&local->sta_lock, flags);
	while (!list_empty(&local->sta_pending_list)) {
		sta = list_first_entry(&local->sta_pending_list,
				       struct sta_info, list);
		list_del(&sta->list);
		spin_unlock_irqrestore(&local->sta_lock, flags);

		sta_info_finish_insert(sta, true);

		spin_lock_irqsave(&local->sta_lock, flags);
	}
	spin_unlock_irqrestore(&local->sta_lock, flags);
}

static void sta_info_finish_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, sta_finish_work);

	mutex_lock(&local->sta_mtx);
	sta_info_finish_pending(local);
	mutex_unlock(&local->sta_mtx);
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	unsigned long flags;
	int err = 0;

374 375 376 377 378
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
379
	if (unlikely(!ieee80211_sdata_running(sdata))) {
380
		err = -ENETDOWN;
381
		rcu_read_lock();
382 383
		goto out_free;
	}
384

385
	if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
J
Johannes Berg 已提交
386
		    is_multicast_ether_addr(sta->sta.addr))) {
387
		err = -EINVAL;
388
		rcu_read_lock();
389 390
		goto out_free;
	}
391

392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417
	/*
	 * In ad-hoc mode, we sometimes need to insert stations
	 * from tasklet context from the RX path. To avoid races,
	 * always do so in that case -- see the comment below.
	 */
	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
		spin_lock_irqsave(&local->sta_lock, flags);
		/* check if STA exists already */
		if (sta_info_get_bss(sdata, sta->sta.addr)) {
			spin_unlock_irqrestore(&local->sta_lock, flags);
			rcu_read_lock();
			err = -EEXIST;
			goto out_free;
		}

		local->num_sta++;
		local->sta_generation++;
		smp_mb();
		sta_info_hash_add(local, sta);

		list_add_tail(&sta->list, &local->sta_pending_list);

		rcu_read_lock();
		spin_unlock_irqrestore(&local->sta_lock, flags);

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
418 419
		wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n",
			    sta->sta.addr);
420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

		ieee80211_queue_work(&local->hw, &local->sta_finish_work);

		return 0;
	}

	/*
	 * On first glance, this will look racy, because the code
	 * below this point, which inserts a station with sleeping,
	 * unlocks the sta_lock between checking existence in the
	 * hash table and inserting into it.
	 *
	 * However, it is not racy against itself because it keeps
	 * the mutex locked. It still seems to race against the
	 * above code that atomically inserts the station... That,
	 * however, is not true because the above code can only
	 * be invoked for IBSS interfaces, and the below code will
	 * not be -- and the two do not race against each other as
	 * the hash table also keys off the interface.
	 */

	might_sleep();

	mutex_lock(&local->sta_mtx);

446
	spin_lock_irqsave(&local->sta_lock, flags);
447
	/* check if STA exists already */
448
	if (sta_info_get_bss(sdata, sta->sta.addr)) {
449
		spin_unlock_irqrestore(&local->sta_lock, flags);
450
		mutex_unlock(&local->sta_mtx);
451
		rcu_read_lock();
452 453
		err = -EEXIST;
		goto out_free;
454
	}
455

456
	spin_unlock_irqrestore(&local->sta_lock, flags);
457

458 459 460 461 462
	err = sta_info_finish_insert(sta, false);
	if (err) {
		mutex_unlock(&local->sta_mtx);
		rcu_read_lock();
		goto out_free;
463
	}
464

465
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
466
	wiphy_debug(local->hw.wiphy, "Inserted STA %pM\n", sta->sta.addr);
467 468
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

469 470 471
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
J
Jiri Benc 已提交
472

J
Johannes Berg 已提交
473 474 475 476
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

	return 0;
477 478 479 480
 out_free:
	BUG_ON(!err);
	__sta_info_free(local, sta);
	return err;
481 482
}

483 484 485 486 487 488 489 490 491
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512
static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
	bss->tim[aid / 8] |= (1 << (aid % 8));
}

static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
	bss->tim[aid / 8] &= ~(1 << (aid % 8));
}

static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss,
				   struct sta_info *sta)
{
513 514
	BUG_ON(!bss);

515
	__bss_tim_set(bss, sta->sta.aid);
516

517 518
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
519
		drv_set_tim(sta->local, &sta->sta, true);
520 521
		sta->local->tim_in_locked_section = false;
	}
522 523 524 525
}

void sta_info_set_tim_bit(struct sta_info *sta)
{
526
	unsigned long flags;
527

528 529
	BUG_ON(!sta->sdata->bss);

530 531 532
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_set_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
533 534 535 536 537
}

static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss,
				     struct sta_info *sta)
{
538 539
	BUG_ON(!bss);

540
	__bss_tim_clear(bss, sta->sta.aid);
541

542 543
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
544
		drv_set_tim(sta->local, &sta->sta, false);
545 546
		sta->local->tim_in_locked_section = false;
	}
547 548 549 550
}

void sta_info_clear_tim_bit(struct sta_info *sta)
{
551
	unsigned long flags;
552

553 554
	BUG_ON(!sta->sdata->bss);

555 556 557
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_clear_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
558 559
}

560 561
static int sta_info_buffer_expired(struct sta_info *sta,
				   struct sk_buff *skb)
562
{
563
	struct ieee80211_tx_info *info;
564 565 566 567 568
	int timeout;

	if (!skb)
		return 0;

569
	info = IEEE80211_SKB_CB(skb);
570 571

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
572 573 574
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
575 576
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
577
	return time_after(jiffies, info->control.jiffies + timeout);
578 579 580
}


581
static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
582 583 584 585
					     struct sta_info *sta)
{
	unsigned long flags;
	struct sk_buff *skb;
586
	struct ieee80211_sub_if_data *sdata;
587 588

	if (skb_queue_empty(&sta->ps_tx_buf))
589
		return false;
590 591 592 593

	for (;;) {
		spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
		skb = skb_peek(&sta->ps_tx_buf);
594
		if (sta_info_buffer_expired(sta, skb))
595
			skb = __skb_dequeue(&sta->ps_tx_buf);
596
		else
597 598 599
			skb = NULL;
		spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);

600
		if (!skb)
601
			break;
602

603
		sdata = sta->sdata;
604
		local->total_ps_buffered--;
605
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
606 607
		printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
608
#endif
609 610
		dev_kfree_skb(skb);

611 612
		if (skb_queue_empty(&sta->ps_tx_buf))
			sta_info_clear_tim_bit(sta);
613
	}
614 615

	return true;
616 617
}

618
static int __must_check __sta_info_destroy(struct sta_info *sta)
619
{
620 621 622 623
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
	struct sk_buff *skb;
	unsigned long flags;
624
	int ret, i;
625

626
	might_sleep();
627

628 629
	if (!sta)
		return -ENOENT;
630

631 632
	local = sta->local;
	sdata = sta->sdata;
633

634 635 636 637 638 639 640
	/*
	 * Before removing the station from the driver and
	 * rate control, it might still start new aggregation
	 * sessions -- block that to make sure the tear-down
	 * will be sufficient.
	 */
	set_sta_flags(sta, WLAN_STA_BLOCK_BA);
641
	ieee80211_sta_tear_down_BA_sessions(sta, true);
642

643 644 645 646 647 648 649 650 651
	spin_lock_irqsave(&local->sta_lock, flags);
	ret = sta_info_hash_del(local, sta);
	/* this might still be the pending list ... which is fine */
	if (!ret)
		list_del(&sta->list);
	spin_unlock_irqrestore(&local->sta_lock, flags);
	if (ret)
		return ret;

652 653 654 655
	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
		ieee80211_key_free(local, sta->gtk[i]);
	if (sta->ptk)
		ieee80211_key_free(local, sta->ptk);
656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681

	sta->dead = true;

	if (test_and_clear_sta_flags(sta,
				WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
		BUG_ON(!sdata->bss);

		atomic_dec(&sdata->bss->num_sta_ps);
		__sta_info_clear_tim_bit(sdata->bss, sta);
	}

	local->num_sta--;
	local->sta_generation++;

	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		rcu_assign_pointer(sdata->u.vlan.sta, NULL);

	if (sta->uploaded) {
		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			sdata = container_of(sdata->bss,
					     struct ieee80211_sub_if_data,
					     u.ap);
		drv_sta_remove(local, sdata, &sta->sta);
		sdata = sta->sdata;
	}

682 683 684 685 686 687 688 689
	/*
	 * At this point, after we wait for an RCU grace period,
	 * neither mac80211 nor the driver can reference this
	 * sta struct any more except by still existing timers
	 * associated with this station that we clean up below.
	 */
	synchronize_rcu();

690
#ifdef CONFIG_MAC80211_MESH
691
	if (ieee80211_vif_is_mesh(&sdata->vif))
692 693 694 695
		mesh_accept_plinks_update(sdata);
#endif

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
696
	wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr);
697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
	cancel_work_sync(&sta->drv_unblock_wk);

	rate_control_remove_sta_debugfs(sta);
	ieee80211_sta_debugfs_remove(sta);

#ifdef CONFIG_MAC80211_MESH
	if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		mesh_plink_deactivate(sta);
		del_timer_sync(&sta->plink_timer);
	}
#endif

	while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
		local->total_ps_buffered--;
		dev_kfree_skb_any(skb);
	}

	while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
		dev_kfree_skb_any(skb);

	__sta_info_free(local, sta);

	return 0;
J
Jiri Slaby 已提交
721 722
}

723
int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
J
Jiri Slaby 已提交
724
{
725 726
	struct sta_info *sta;
	int ret;
J
Jiri Slaby 已提交
727

728 729 730 731
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
J
Jiri Slaby 已提交
732 733 734 735

	return ret;
}

736 737
int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
J
Jiri Benc 已提交
738
{
739 740
	struct sta_info *sta;
	int ret;
J
Jiri Benc 已提交
741

742 743 744 745
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get_bss(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
746

747 748
	return ret;
}
J
Jiri Benc 已提交
749

750 751 752 753
static void sta_info_cleanup(unsigned long data)
{
	struct ieee80211_local *local = (struct ieee80211_local *) data;
	struct sta_info *sta;
754
	bool timer_needed = false;
755 756 757

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list)
758 759
		if (sta_info_cleanup_expire_buffered(local, sta))
			timer_needed = true;
760
	rcu_read_unlock();
J
Jiri Benc 已提交
761

762 763
	if (local->quiescing)
		return;
764

765 766 767
	if (!timer_needed)
		return;

768 769 770
	local->sta_cleanup.expires =
		round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
	add_timer(&local->sta_cleanup);
J
Jiri Benc 已提交
771 772
}

773 774
void sta_info_init(struct ieee80211_local *local)
{
775
	spin_lock_init(&local->sta_lock);
776
	mutex_init(&local->sta_mtx);
777
	INIT_LIST_HEAD(&local->sta_list);
778 779
	INIT_LIST_HEAD(&local->sta_pending_list);
	INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
780

781 782
	setup_timer(&local->sta_cleanup, sta_info_cleanup,
		    (unsigned long)local);
783 784
	local->sta_cleanup.expires =
		round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
785 786 787 788 789 790 791 792 793 794 795
}

int sta_info_start(struct ieee80211_local *local)
{
	add_timer(&local->sta_cleanup);
	return 0;
}

void sta_info_stop(struct ieee80211_local *local)
{
	del_timer(&local->sta_cleanup);
796
	sta_info_flush(local, NULL);
797 798 799 800
}

/**
 * sta_info_flush - flush matching STA entries from the STA table
801 802 803
 *
 * Returns the number of removed STA entries.
 *
804
 * @local: local interface data
805
 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
806
 */
807
int sta_info_flush(struct ieee80211_local *local,
808
		   struct ieee80211_sub_if_data *sdata)
809 810
{
	struct sta_info *sta, *tmp;
811
	int ret = 0;
812

813
	might_sleep();
814

815 816 817 818
	mutex_lock(&local->sta_mtx);

	sta_info_finish_pending(local);

819
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
820 821
		if (!sdata || sdata == sta->sdata)
			WARN_ON(__sta_info_destroy(sta));
822
	}
823
	mutex_unlock(&local->sta_mtx);
824 825

	return ret;
826
}
J
Johannes Berg 已提交
827

828 829 830 831 832 833
void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
			  unsigned long exp_time)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta, *tmp;

834
	mutex_lock(&local->sta_mtx);
835 836 837
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
		if (time_after(jiffies, sta->last_rx + exp_time)) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
838
			printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
839
			       sdata->name, sta->sta.addr);
840
#endif
841
			WARN_ON(__sta_info_destroy(sta));
842
		}
843
	mutex_unlock(&local->sta_mtx);
844
}
845

846 847 848
struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
					       const u8 *addr,
					       const u8 *localaddr)
849
{
850
	struct sta_info *sta, *nxt;
851

852 853 854 855
	/*
	 * Just return a random station if localaddr is NULL
	 * ... first in list.
	 */
856
	for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
857 858 859
		if (localaddr &&
		    compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0)
			continue;
860 861
		if (!sta->uploaded)
			return NULL;
862
		return &sta->sta;
863 864
	}

865
	return NULL;
866
}
867
EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
868 869 870 871

struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
					 const u8 *addr)
{
872
	struct sta_info *sta;
873 874 875 876

	if (!vif)
		return NULL;

877 878 879 880 881 882
	sta = sta_info_get_bss(vif_to_sdata(vif), addr);
	if (!sta)
		return NULL;

	if (!sta->uploaded)
		return NULL;
883

884
	return &sta->sta;
885
}
886
EXPORT_SYMBOL(ieee80211_find_sta);
887

888 889 890 891 892 893 894
static void clear_sta_ps_flags(void *_sta)
{
	struct sta_info *sta = _sta;

	clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA);
}

895 896 897 898 899 900 901
/* powersave support code */
void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	int sent, buffered;

J
Johannes Berg 已提交
902
	drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
903 904 905 906 907 908

	if (!skb_queue_empty(&sta->ps_tx_buf))
		sta_info_clear_tim_bit(sta);

	/* Send all buffered frames to the station */
	sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
909 910
	buffered = ieee80211_add_pending_skbs_fn(local, &sta->ps_tx_buf,
						 clear_sta_ps_flags, sta);
911 912 913 914 915
	sent += buffered;
	local->total_ps_buffered -= buffered;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
916
	       "since STA not sleeping anymore\n", sdata->name,
917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974
	       sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
}

void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	int no_pending_pkts;

	skb = skb_dequeue(&sta->tx_filtered);
	if (!skb) {
		skb = skb_dequeue(&sta->ps_tx_buf);
		if (skb)
			local->total_ps_buffered--;
	}
	no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
		skb_queue_empty(&sta->ps_tx_buf);

	if (skb) {
		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) skb->data;

		/*
		 * Tell TX path to send this frame even though the STA may
		 * still remain is PS mode after this frame exchange.
		 */
		info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
		printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
		       sta->sta.addr, sta->sta.aid,
		       skb_queue_len(&sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

		/* Use MoreData flag to indicate whether there are more
		 * buffered frames for this STA */
		if (no_pending_pkts)
			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
		else
			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);

		ieee80211_add_pending_skb(local, skb);

		if (no_pending_pkts)
			sta_info_clear_tim_bit(sta);
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	} else {
		/*
		 * FIXME: This can be the result of a race condition between
		 *	  us expiring a frame and the station polling for it.
		 *	  Should we send it a null-func frame indicating we
		 *	  have nothing buffered for it?
		 */
		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
		       "though there are no buffered frames for it\n",
975
		       sdata->name, sta->sta.addr);
976 977 978 979 980 981 982 983 984
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
	}
}

void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
			       struct ieee80211_sta *pubsta, bool block)
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

J
Johannes Berg 已提交
985 986
	trace_api_sta_block_awake(sta->local, pubsta, block);

987 988
	if (block)
		set_sta_flags(sta, WLAN_STA_PS_DRIVER);
989
	else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER))
990 991 992
		ieee80211_queue_work(hw, &sta->drv_unblock_wk);
}
EXPORT_SYMBOL(ieee80211_sta_block_awake);