sta_info.c 25.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
17
#include <linux/timer.h>
18
#include <linux/rtnetlink.h>
19 20 21

#include <net/mac80211.h>
#include "ieee80211_i.h"
22
#include "driver-ops.h"
J
Johannes Berg 已提交
23
#include "rate.h"
24
#include "sta_info.h"
J
Jiri Benc 已提交
25
#include "debugfs_sta.h"
26
#include "mesh.h"
27

28 29 30 31 32 33 34
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
35 36 37 38 39 40 41 42
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
43 44 45
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
46
 *
47
 * Station entries are added by mac80211 when you establish a link with a
48 49 50
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
 * receive an assocation response from the AP. For IBSS this occurs when
51 52 53
 * get to know about a peer on the same IBSS. For WDS we add the sta for
 * the peer imediately upon device open. When using AP mode we add stations
 * for each respective station upon request from userspace through nl80211.
54
 *
55 56
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
57
 *
58 59 60 61
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
62
 */
63 64

/* Caller must hold local->sta_lock */
65 66
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
67 68 69
{
	struct sta_info *s;

70
	s = local->sta_hash[STA_HASH(sta->sta.addr)];
71
	if (!s)
72 73
		return -ENOENT;
	if (s == sta) {
74
		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
75
				   s->hnext);
76
		return 0;
77 78
	}

79
	while (s->hnext && s->hnext != sta)
80
		s = s->hnext;
81
	if (s->hnext) {
82
		rcu_assign_pointer(s->hnext, sta->hnext);
83 84
		return 0;
	}
85

86
	return -ENOENT;
87 88
}

89
/* protected by RCU */
90 91
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
92
{
93
	struct ieee80211_local *local = sdata->local;
94 95
	struct sta_info *sta;

96
	sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]);
97
	while (sta) {
98 99
		if (sta->sdata == sdata &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
100
			break;
101
		sta = rcu_dereference(sta->hnext);
102
	}
103 104 105
	return sta;
}

106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

	sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]);
	while (sta) {
		if ((sta->sdata == sdata ||
		     sta->sdata->bss == sdata->bss) &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
		sta = rcu_dereference(sta->hnext);
	}
	return sta;
}

127 128
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
129
{
130
	struct ieee80211_local *local = sdata->local;
131 132 133
	struct sta_info *sta;
	int i = 0;

134
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
135
		if (sdata != sta->sdata)
136
			continue;
137 138 139 140
		if (i < idx) {
			++i;
			continue;
		}
141
		return sta;
142 143 144 145
	}

	return NULL;
}
146

147 148 149
/**
 * __sta_info_free - internal STA free helper
 *
R
Randy Dunlap 已提交
150
 * @local: pointer to the global information
151 152 153 154 155 156 157 158
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
 * that may happen before sta_info_insert().
 */
static void __sta_info_free(struct ieee80211_local *local,
			    struct sta_info *sta)
{
159 160 161 162
	if (sta->rate_ctrl) {
		rate_control_free_sta(sta);
		rate_control_put(sta->rate_ctrl);
	}
163 164

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
165 166
	printk(KERN_DEBUG "%s: Destroyed STA %pM\n",
	       wiphy_name(local->hw.wiphy), sta->sta.addr);
167 168 169 170 171
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

	kfree(sta);
}

172 173 174
/* Caller must hold local->sta_lock */
static void sta_info_hash_add(struct ieee80211_local *local,
			      struct sta_info *sta)
175
{
176 177
	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
178 179
}

180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
static void sta_unblock(struct work_struct *wk)
{
	struct sta_info *sta;

	sta = container_of(wk, struct sta_info, drv_unblock_wk);

	if (sta->dead)
		return;

	if (!test_sta_flags(sta, WLAN_STA_PS_STA))
		ieee80211_sta_ps_deliver_wakeup(sta);
	else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL))
		ieee80211_sta_ps_deliver_poll_response(sta);
}

195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
		return 0;

	sta->rate_ctrl = rate_control_get(local->rate_ctrl);
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
						     &sta->sta, gfp);
	if (!sta->rate_ctrl_priv) {
		rate_control_put(sta->rate_ctrl);
		return -ENOMEM;
	}

	return 0;
}

J
Johannes Berg 已提交
212 213
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
				u8 *addr, gfp_t gfp)
214
{
215
	struct ieee80211_local *local = sdata->local;
216
	struct sta_info *sta;
217
	int i;
218

219
	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
220
	if (!sta)
J
Johannes Berg 已提交
221
		return NULL;
222

223
	spin_lock_init(&sta->lock);
224
	spin_lock_init(&sta->flaglock);
225
	INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
226

227
	memcpy(sta->sta.addr, addr, ETH_ALEN);
228 229
	sta->local = local;
	sta->sdata = sdata;
230

231
	if (sta_prepare_rate_control(local, sta, gfp)) {
232
		kfree(sta);
J
Johannes Berg 已提交
233
		return NULL;
234 235
	}

236 237 238 239 240
	for (i = 0; i < STA_TID_NUM; i++) {
		/* timer_to_tid must be initialized with identity mapping to
		 * enable session_timer's data differentiation. refer to
		 * sta_rx_agg_session_timer_expired for useage */
		sta->timer_to_tid[i] = i;
241 242 243 244 245 246 247
		/* rx */
		sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE;
		sta->ampdu_mlme.tid_rx[i] = NULL;
		/* tx */
		sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE;
		sta->ampdu_mlme.tid_tx[i] = NULL;
		sta->ampdu_mlme.addba_req_num[i] = 0;
248
	}
249 250
	skb_queue_head_init(&sta->ps_tx_buf);
	skb_queue_head_init(&sta->tx_filtered);
J
Johannes Berg 已提交
251

252 253 254
	for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
		sta->last_seq_ctrl[i] = cpu_to_le16(USHORT_MAX);

J
Johannes Berg 已提交
255
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
256 257
	printk(KERN_DEBUG "%s: Allocated STA %pM\n",
	       wiphy_name(local->hw.wiphy), sta->sta.addr);
J
Johannes Berg 已提交
258 259
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

260
#ifdef CONFIG_MAC80211_MESH
261
	sta->plink_state = PLINK_LISTEN;
262 263 264
	init_timer(&sta->plink_timer);
#endif

J
Johannes Berg 已提交
265 266 267
	return sta;
}

268
static int sta_info_finish_insert(struct sta_info *sta, bool async)
J
Johannes Berg 已提交
269 270 271
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
272
	struct station_info sinfo;
J
Johannes Berg 已提交
273
	unsigned long flags;
274
	int err = 0;
J
Johannes Berg 已提交
275

276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360
	WARN_ON(!mutex_is_locked(&local->sta_mtx));

	/* notify driver */
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		sdata = container_of(sdata->bss,
				     struct ieee80211_sub_if_data,
				     u.ap);
	err = drv_sta_add(local, sdata, &sta->sta);
	if (err) {
		if (!async)
			return err;
		printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
				  " - keeping it anyway.\n",
		       sdata->name, sta->sta.addr, err);
	} else {
		sta->uploaded = true;
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
		if (async)
			printk(KERN_DEBUG "%s: Finished adding IBSS STA %pM\n",
			       wiphy_name(local->hw.wiphy), sta->sta.addr);
#endif
	}

	sdata = sta->sdata;

	if (!async) {
		local->num_sta++;
		local->sta_generation++;
		smp_mb();

		/* make the station visible */
		spin_lock_irqsave(&local->sta_lock, flags);
		sta_info_hash_add(local, sta);
		spin_unlock_irqrestore(&local->sta_lock, flags);
	}

	list_add(&sta->list, &local->sta_list);

	ieee80211_sta_debugfs_add(sta);
	rate_control_add_sta_debugfs(sta);

	sinfo.filled = 0;
	sinfo.generation = local->sta_generation;
	cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);


	return 0;
}

static void sta_info_finish_pending(struct ieee80211_local *local)
{
	struct sta_info *sta;
	unsigned long flags;

	spin_lock_irqsave(&local->sta_lock, flags);
	while (!list_empty(&local->sta_pending_list)) {
		sta = list_first_entry(&local->sta_pending_list,
				       struct sta_info, list);
		list_del(&sta->list);
		spin_unlock_irqrestore(&local->sta_lock, flags);

		sta_info_finish_insert(sta, true);

		spin_lock_irqsave(&local->sta_lock, flags);
	}
	spin_unlock_irqrestore(&local->sta_lock, flags);
}

static void sta_info_finish_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, sta_finish_work);

	mutex_lock(&local->sta_mtx);
	sta_info_finish_pending(local);
	mutex_unlock(&local->sta_mtx);
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	unsigned long flags;
	int err = 0;

361 362 363 364 365
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
366
	if (unlikely(!ieee80211_sdata_running(sdata))) {
367
		err = -ENETDOWN;
368
		rcu_read_lock();
369 370
		goto out_free;
	}
371

372
	if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
J
Johannes Berg 已提交
373
		    is_multicast_ether_addr(sta->sta.addr))) {
374
		err = -EINVAL;
375
		rcu_read_lock();
376 377
		goto out_free;
	}
378

379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432
	/*
	 * In ad-hoc mode, we sometimes need to insert stations
	 * from tasklet context from the RX path. To avoid races,
	 * always do so in that case -- see the comment below.
	 */
	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
		spin_lock_irqsave(&local->sta_lock, flags);
		/* check if STA exists already */
		if (sta_info_get_bss(sdata, sta->sta.addr)) {
			spin_unlock_irqrestore(&local->sta_lock, flags);
			rcu_read_lock();
			err = -EEXIST;
			goto out_free;
		}

		local->num_sta++;
		local->sta_generation++;
		smp_mb();
		sta_info_hash_add(local, sta);

		list_add_tail(&sta->list, &local->sta_pending_list);

		rcu_read_lock();
		spin_unlock_irqrestore(&local->sta_lock, flags);

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
		printk(KERN_DEBUG "%s: Added IBSS STA %pM\n",
		       wiphy_name(local->hw.wiphy), sta->sta.addr);
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

		ieee80211_queue_work(&local->hw, &local->sta_finish_work);

		return 0;
	}

	/*
	 * On first glance, this will look racy, because the code
	 * below this point, which inserts a station with sleeping,
	 * unlocks the sta_lock between checking existence in the
	 * hash table and inserting into it.
	 *
	 * However, it is not racy against itself because it keeps
	 * the mutex locked. It still seems to race against the
	 * above code that atomically inserts the station... That,
	 * however, is not true because the above code can only
	 * be invoked for IBSS interfaces, and the below code will
	 * not be -- and the two do not race against each other as
	 * the hash table also keys off the interface.
	 */

	might_sleep();

	mutex_lock(&local->sta_mtx);

433
	spin_lock_irqsave(&local->sta_lock, flags);
434
	/* check if STA exists already */
435
	if (sta_info_get_bss(sdata, sta->sta.addr)) {
436
		spin_unlock_irqrestore(&local->sta_lock, flags);
437
		rcu_read_lock();
438 439
		err = -EEXIST;
		goto out_free;
440
	}
441

442
	spin_unlock_irqrestore(&local->sta_lock, flags);
443

444 445 446 447 448
	err = sta_info_finish_insert(sta, false);
	if (err) {
		mutex_unlock(&local->sta_mtx);
		rcu_read_lock();
		goto out_free;
449
	}
450

451
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
452 453
	printk(KERN_DEBUG "%s: Inserted STA %pM\n",
	       wiphy_name(local->hw.wiphy), sta->sta.addr);
454 455
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

456 457 458
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
J
Jiri Benc 已提交
459

J
Johannes Berg 已提交
460 461 462 463
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

	return 0;
464 465 466 467
 out_free:
	BUG_ON(!err);
	__sta_info_free(local, sta);
	return err;
468 469
}

470 471 472 473 474 475 476 477 478
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499
static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
	bss->tim[aid / 8] |= (1 << (aid % 8));
}

static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
	bss->tim[aid / 8] &= ~(1 << (aid % 8));
}

static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss,
				   struct sta_info *sta)
{
500 501
	BUG_ON(!bss);

502
	__bss_tim_set(bss, sta->sta.aid);
503

504 505
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
506
		drv_set_tim(sta->local, &sta->sta, true);
507 508
		sta->local->tim_in_locked_section = false;
	}
509 510 511 512
}

void sta_info_set_tim_bit(struct sta_info *sta)
{
513
	unsigned long flags;
514

515 516
	BUG_ON(!sta->sdata->bss);

517 518 519
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_set_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
520 521 522 523 524
}

static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss,
				     struct sta_info *sta)
{
525 526
	BUG_ON(!bss);

527
	__bss_tim_clear(bss, sta->sta.aid);
528

529 530
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
531
		drv_set_tim(sta->local, &sta->sta, false);
532 533
		sta->local->tim_in_locked_section = false;
	}
534 535 536 537
}

void sta_info_clear_tim_bit(struct sta_info *sta)
{
538
	unsigned long flags;
539

540 541
	BUG_ON(!sta->sdata->bss);

542 543 544
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_clear_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
545 546
}

547 548
static int sta_info_buffer_expired(struct sta_info *sta,
				   struct sk_buff *skb)
549
{
550
	struct ieee80211_tx_info *info;
551 552 553 554 555
	int timeout;

	if (!skb)
		return 0;

556
	info = IEEE80211_SKB_CB(skb);
557 558

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
559 560 561
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
562 563
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
564
	return time_after(jiffies, info->control.jiffies + timeout);
565 566 567 568 569 570 571 572
}


static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
					     struct sta_info *sta)
{
	unsigned long flags;
	struct sk_buff *skb;
573
	struct ieee80211_sub_if_data *sdata;
574 575 576 577 578 579 580

	if (skb_queue_empty(&sta->ps_tx_buf))
		return;

	for (;;) {
		spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
		skb = skb_peek(&sta->ps_tx_buf);
581
		if (sta_info_buffer_expired(sta, skb))
582
			skb = __skb_dequeue(&sta->ps_tx_buf);
583
		else
584 585 586
			skb = NULL;
		spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);

587
		if (!skb)
588
			break;
589

590
		sdata = sta->sdata;
591
		local->total_ps_buffered--;
592
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
593 594
		printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
595
#endif
596 597
		dev_kfree_skb(skb);

598 599
		if (skb_queue_empty(&sta->ps_tx_buf))
			sta_info_clear_tim_bit(sta);
600 601 602
	}
}

603
static int __must_check __sta_info_destroy(struct sta_info *sta)
604
{
605 606 607 608 609
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
	struct sk_buff *skb;
	unsigned long flags;
	int ret, i;
610

611
	might_sleep();
612

613 614
	if (!sta)
		return -ENOENT;
615

616 617
	local = sta->local;
	sdata = sta->sdata;
618

619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665
	spin_lock_irqsave(&local->sta_lock, flags);
	ret = sta_info_hash_del(local, sta);
	/* this might still be the pending list ... which is fine */
	if (!ret)
		list_del(&sta->list);
	spin_unlock_irqrestore(&local->sta_lock, flags);
	if (ret)
		return ret;

	if (sta->key) {
		ieee80211_key_free(sta->key);
		/*
		 * We have only unlinked the key, and actually destroying it
		 * may mean it is removed from hardware which requires that
		 * the key->sta pointer is still valid, so flush the key todo
		 * list here.
		 */
		ieee80211_key_todo();

		WARN_ON(sta->key);
	}

	sta->dead = true;

	if (test_and_clear_sta_flags(sta,
				WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
		BUG_ON(!sdata->bss);

		atomic_dec(&sdata->bss->num_sta_ps);
		__sta_info_clear_tim_bit(sdata->bss, sta);
	}

	local->num_sta--;
	local->sta_generation++;

	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		rcu_assign_pointer(sdata->u.vlan.sta, NULL);

	if (sta->uploaded) {
		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			sdata = container_of(sdata->bss,
					     struct ieee80211_sub_if_data,
					     u.ap);
		drv_sta_remove(local, sdata, &sta->sta);
		sdata = sta->sdata;
	}

666 667 668 669 670 671 672 673
	/*
	 * At this point, after we wait for an RCU grace period,
	 * neither mac80211 nor the driver can reference this
	 * sta struct any more except by still existing timers
	 * associated with this station that we clean up below.
	 */
	synchronize_rcu();

674
#ifdef CONFIG_MAC80211_MESH
675
	if (ieee80211_vif_is_mesh(&sdata->vif))
676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749
		mesh_accept_plinks_update(sdata);
#endif

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
	printk(KERN_DEBUG "%s: Removed STA %pM\n",
	       wiphy_name(local->hw.wiphy), sta->sta.addr);
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
	cancel_work_sync(&sta->drv_unblock_wk);

	rate_control_remove_sta_debugfs(sta);
	ieee80211_sta_debugfs_remove(sta);

#ifdef CONFIG_MAC80211_MESH
	if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		mesh_plink_deactivate(sta);
		del_timer_sync(&sta->plink_timer);
	}
#endif

	while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
		local->total_ps_buffered--;
		dev_kfree_skb_any(skb);
	}

	while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
		dev_kfree_skb_any(skb);

	for (i = 0; i <  STA_TID_NUM; i++) {
		struct tid_ampdu_rx *tid_rx;
		struct tid_ampdu_tx *tid_tx;

		spin_lock_bh(&sta->lock);
		tid_rx = sta->ampdu_mlme.tid_rx[i];
		/* Make sure timer won't free the tid_rx struct, see below */
		if (tid_rx)
			tid_rx->shutdown = true;

		spin_unlock_bh(&sta->lock);

		/*
		 * Outside spinlock - shutdown is true now so that the timer
		 * won't free tid_rx, we have to do that now. Can't let the
		 * timer do it because we have to sync the timer outside the
		 * lock that it takes itself.
		 */
		if (tid_rx) {
			del_timer_sync(&tid_rx->session_timer);
			kfree(tid_rx);
		}

		/*
		 * No need to do such complications for TX agg sessions, the
		 * path leading to freeing the tid_tx struct goes via a call
		 * from the driver, and thus needs to look up the sta struct
		 * again, which cannot be found when we get here. Hence, we
		 * just need to delete the timer and free the aggregation
		 * info; we won't be telling the peer about it then but that
		 * doesn't matter if we're not talking to it again anyway.
		 */
		tid_tx = sta->ampdu_mlme.tid_tx[i];
		if (tid_tx) {
			del_timer_sync(&tid_tx->addba_resp_timer);
			/*
			 * STA removed while aggregation session being
			 * started? Bit odd, but purge frames anyway.
			 */
			skb_queue_purge(&tid_tx->pending);
			kfree(tid_tx);
		}
	}

	__sta_info_free(local, sta);

	return 0;
J
Jiri Slaby 已提交
750 751
}

752
int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
J
Jiri Slaby 已提交
753
{
754 755
	struct sta_info *sta;
	int ret;
J
Jiri Slaby 已提交
756

757 758 759 760
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
J
Jiri Slaby 已提交
761 762 763 764

	return ret;
}

765 766
int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
J
Jiri Benc 已提交
767
{
768 769
	struct sta_info *sta;
	int ret;
J
Jiri Benc 已提交
770

771 772 773 774
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get_bss(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
775

776 777
	return ret;
}
J
Jiri Benc 已提交
778

779 780 781 782 783 784 785 786 787
static void sta_info_cleanup(unsigned long data)
{
	struct ieee80211_local *local = (struct ieee80211_local *) data;
	struct sta_info *sta;

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list)
		sta_info_cleanup_expire_buffered(local, sta);
	rcu_read_unlock();
J
Jiri Benc 已提交
788

789 790
	if (local->quiescing)
		return;
791

792 793 794
	local->sta_cleanup.expires =
		round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
	add_timer(&local->sta_cleanup);
J
Jiri Benc 已提交
795 796
}

797 798
void sta_info_init(struct ieee80211_local *local)
{
799
	spin_lock_init(&local->sta_lock);
800
	mutex_init(&local->sta_mtx);
801
	INIT_LIST_HEAD(&local->sta_list);
802 803
	INIT_LIST_HEAD(&local->sta_pending_list);
	INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
804

805 806
	setup_timer(&local->sta_cleanup, sta_info_cleanup,
		    (unsigned long)local);
807 808
	local->sta_cleanup.expires =
		round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
809 810 811 812 813 814 815 816 817 818 819
}

int sta_info_start(struct ieee80211_local *local)
{
	add_timer(&local->sta_cleanup);
	return 0;
}

void sta_info_stop(struct ieee80211_local *local)
{
	del_timer(&local->sta_cleanup);
820
	sta_info_flush(local, NULL);
821 822 823 824
}

/**
 * sta_info_flush - flush matching STA entries from the STA table
825 826 827
 *
 * Returns the number of removed STA entries.
 *
828
 * @local: local interface data
829
 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
830
 */
831
int sta_info_flush(struct ieee80211_local *local,
832
		   struct ieee80211_sub_if_data *sdata)
833 834
{
	struct sta_info *sta, *tmp;
835
	int ret = 0;
836

837
	might_sleep();
838

839 840 841 842
	mutex_lock(&local->sta_mtx);

	sta_info_finish_pending(local);

843
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
844 845
		if (!sdata || sdata == sta->sdata)
			WARN_ON(__sta_info_destroy(sta));
846
	}
847
	mutex_unlock(&local->sta_mtx);
848 849

	return ret;
850
}
J
Johannes Berg 已提交
851

852 853 854 855 856 857
void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
			  unsigned long exp_time)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta, *tmp;

858
	mutex_lock(&local->sta_mtx);
859 860 861
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
		if (time_after(jiffies, sta->last_rx + exp_time)) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
862
			printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
863
			       sdata->name, sta->sta.addr);
864
#endif
865
			WARN_ON(__sta_info_destroy(sta));
866
		}
867
	mutex_unlock(&local->sta_mtx);
868
}
869

870 871
struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
					       const u8 *addr)
872
{
873
	struct sta_info *sta, *nxt;
874

875 876 877 878
	/* Just return a random station ... first in list ... */
	for_each_sta_info(hw_to_local(hw), addr, sta, nxt)
		return &sta->sta;
	return NULL;
879
}
880 881 882 883 884 885 886 887 888 889 890 891 892 893
EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw);

struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
					 const u8 *addr)
{
	struct ieee80211_sub_if_data *sdata;

	if (!vif)
		return NULL;

	sdata = vif_to_sdata(vif);

	return ieee80211_find_sta_by_hw(&sdata->local->hw, addr);
}
894
EXPORT_SYMBOL(ieee80211_find_sta);
895 896 897 898 899 900 901 902

/* powersave support code */
void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	int sent, buffered;

J
Johannes Berg 已提交
903
	drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
904 905 906 907 908 909 910 911 912 913 914 915

	if (!skb_queue_empty(&sta->ps_tx_buf))
		sta_info_clear_tim_bit(sta);

	/* Send all buffered frames to the station */
	sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
	buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf);
	sent += buffered;
	local->total_ps_buffered -= buffered;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
916
	       "since STA not sleeping anymore\n", sdata->name,
917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974
	       sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
}

void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	int no_pending_pkts;

	skb = skb_dequeue(&sta->tx_filtered);
	if (!skb) {
		skb = skb_dequeue(&sta->ps_tx_buf);
		if (skb)
			local->total_ps_buffered--;
	}
	no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
		skb_queue_empty(&sta->ps_tx_buf);

	if (skb) {
		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) skb->data;

		/*
		 * Tell TX path to send this frame even though the STA may
		 * still remain is PS mode after this frame exchange.
		 */
		info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
		printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
		       sta->sta.addr, sta->sta.aid,
		       skb_queue_len(&sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

		/* Use MoreData flag to indicate whether there are more
		 * buffered frames for this STA */
		if (no_pending_pkts)
			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
		else
			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);

		ieee80211_add_pending_skb(local, skb);

		if (no_pending_pkts)
			sta_info_clear_tim_bit(sta);
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	} else {
		/*
		 * FIXME: This can be the result of a race condition between
		 *	  us expiring a frame and the station polling for it.
		 *	  Should we send it a null-func frame indicating we
		 *	  have nothing buffered for it?
		 */
		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
		       "though there are no buffered frames for it\n",
975
		       sdata->name, sta->sta.addr);
976 977 978 979 980 981 982 983 984 985 986 987 988 989 990
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
	}
}

void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
			       struct ieee80211_sta *pubsta, bool block)
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

	if (block)
		set_sta_flags(sta, WLAN_STA_PS_DRIVER);
	else
		ieee80211_queue_work(hw, &sta->drv_unblock_wk);
}
EXPORT_SYMBOL(ieee80211_sta_block_awake);