sta_info.c 25.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
17
#include <linux/timer.h>
18
#include <linux/rtnetlink.h>
19 20 21

#include <net/mac80211.h>
#include "ieee80211_i.h"
22
#include "driver-ops.h"
J
Johannes Berg 已提交
23
#include "rate.h"
24
#include "sta_info.h"
J
Jiri Benc 已提交
25
#include "debugfs_sta.h"
26
#include "mesh.h"
27

28 29 30 31 32 33 34
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
35 36 37 38 39 40 41 42
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
43 44 45
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
46
 *
47
 * Station entries are added by mac80211 when you establish a link with a
48 49
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
L
Lucas De Marchi 已提交
50
 * receive an association response from the AP. For IBSS this occurs when
51
 * get to know about a peer on the same IBSS. For WDS we add the sta for
L
Lucas De Marchi 已提交
52
 * the peer immediately upon device open. When using AP mode we add stations
53
 * for each respective station upon request from userspace through nl80211.
54
 *
55 56
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
57
 *
58 59 60 61
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
62
 */
63 64

/* Caller must hold local->sta_lock */
65 66
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
67 68 69
{
	struct sta_info *s;

J
Johannes Berg 已提交
70 71
	s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
				      lockdep_is_held(&local->sta_lock));
72
	if (!s)
73 74
		return -ENOENT;
	if (s == sta) {
75
		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
76
				   s->hnext);
77
		return 0;
78 79
	}

J
Johannes Berg 已提交
80 81 82 83 84
	while (rcu_access_pointer(s->hnext) &&
	       rcu_access_pointer(s->hnext) != sta)
		s = rcu_dereference_protected(s->hnext,
					lockdep_is_held(&local->sta_lock));
	if (rcu_access_pointer(s->hnext)) {
85
		rcu_assign_pointer(s->hnext, sta->hnext);
86 87
		return 0;
	}
88

89
	return -ENOENT;
90 91
}

92
/* protected by RCU */
93 94
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
95
{
96
	struct ieee80211_local *local = sdata->local;
97 98
	struct sta_info *sta;

99 100 101
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
102
	while (sta) {
103 104
		if (sta->sdata == sdata &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
105
			break;
106 107 108
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
109
	}
110 111 112
	return sta;
}

113 114 115 116 117 118 119 120 121 122
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

123 124 125
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
126 127
	while (sta) {
		if ((sta->sdata == sdata ||
128
		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
129 130
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
131 132 133
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
134 135 136 137
	}
	return sta;
}

138 139
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
140
{
141
	struct ieee80211_local *local = sdata->local;
142 143 144
	struct sta_info *sta;
	int i = 0;

145
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
146
		if (sdata != sta->sdata)
147
			continue;
148 149 150 151
		if (i < idx) {
			++i;
			continue;
		}
152
		return sta;
153 154 155 156
	}

	return NULL;
}
157

158 159 160
/**
 * __sta_info_free - internal STA free helper
 *
R
Randy Dunlap 已提交
161
 * @local: pointer to the global information
162 163 164 165 166 167 168 169
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
 * that may happen before sta_info_insert().
 */
static void __sta_info_free(struct ieee80211_local *local,
			    struct sta_info *sta)
{
170 171 172 173
	if (sta->rate_ctrl) {
		rate_control_free_sta(sta);
		rate_control_put(sta->rate_ctrl);
	}
174 175

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
176
	wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
177 178 179 180 181
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

	kfree(sta);
}

182 183 184
/* Caller must hold local->sta_lock */
static void sta_info_hash_add(struct ieee80211_local *local,
			      struct sta_info *sta)
185
{
186 187
	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
188 189
}

190 191 192 193 194 195 196 197 198 199 200
static void sta_unblock(struct work_struct *wk)
{
	struct sta_info *sta;

	sta = container_of(wk, struct sta_info, drv_unblock_wk);

	if (sta->dead)
		return;

	if (!test_sta_flags(sta, WLAN_STA_PS_STA))
		ieee80211_sta_ps_deliver_wakeup(sta);
201 202
	else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) {
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
203
		ieee80211_sta_ps_deliver_poll_response(sta);
204 205
	} else
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
206 207
}

208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
		return 0;

	sta->rate_ctrl = rate_control_get(local->rate_ctrl);
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
						     &sta->sta, gfp);
	if (!sta->rate_ctrl_priv) {
		rate_control_put(sta->rate_ctrl);
		return -ENOMEM;
	}

	return 0;
}

J
Johannes Berg 已提交
225 226
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
				u8 *addr, gfp_t gfp)
227
{
228
	struct ieee80211_local *local = sdata->local;
229
	struct sta_info *sta;
230
	struct timespec uptime;
231
	int i;
232

233
	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
234
	if (!sta)
J
Johannes Berg 已提交
235
		return NULL;
236

237
	spin_lock_init(&sta->lock);
238
	spin_lock_init(&sta->flaglock);
239
	INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
J
Johannes Berg 已提交
240
	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
241
	mutex_init(&sta->ampdu_mlme.mtx);
242

243
	memcpy(sta->sta.addr, addr, ETH_ALEN);
244 245
	sta->local = local;
	sta->sdata = sdata;
246
	sta->last_rx = jiffies;
247

248 249
	do_posix_clock_monotonic_gettime(&uptime);
	sta->last_connected = uptime.tv_sec;
250 251
	ewma_init(&sta->avg_signal, 1024, 8);

252
	if (sta_prepare_rate_control(local, sta, gfp)) {
253
		kfree(sta);
J
Johannes Berg 已提交
254
		return NULL;
255 256
	}

257
	for (i = 0; i < STA_TID_NUM; i++) {
258 259 260 261 262
		/*
		 * timer_to_tid must be initialized with identity mapping
		 * to enable session_timer's data differentiation. See
		 * sta_rx_agg_session_timer_expired for usage.
		 */
263 264
		sta->timer_to_tid[i] = i;
	}
265 266
	skb_queue_head_init(&sta->ps_tx_buf);
	skb_queue_head_init(&sta->tx_filtered);
J
Johannes Berg 已提交
267

268
	for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
269
		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
270

J
Johannes Berg 已提交
271
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
272
	wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr);
J
Johannes Berg 已提交
273 274
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

275
#ifdef CONFIG_MAC80211_MESH
276
	sta->plink_state = NL80211_PLINK_LISTEN;
277 278 279
	init_timer(&sta->plink_timer);
#endif

J
Johannes Berg 已提交
280 281 282
	return sta;
}

283
static int sta_info_finish_insert(struct sta_info *sta, bool async)
J
Johannes Berg 已提交
284 285 286
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
287
	struct station_info sinfo;
J
Johannes Berg 已提交
288
	unsigned long flags;
289
	int err = 0;
J
Johannes Berg 已提交
290

291
	lockdep_assert_held(&local->sta_mtx);
292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308

	/* notify driver */
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		sdata = container_of(sdata->bss,
				     struct ieee80211_sub_if_data,
				     u.ap);
	err = drv_sta_add(local, sdata, &sta->sta);
	if (err) {
		if (!async)
			return err;
		printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
				  " - keeping it anyway.\n",
		       sdata->name, sta->sta.addr, err);
	} else {
		sta->uploaded = true;
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
		if (async)
J
Joe Perches 已提交
309 310 311
			wiphy_debug(local->hw.wiphy,
				    "Finished adding IBSS STA %pM\n",
				    sta->sta.addr);
312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376
#endif
	}

	sdata = sta->sdata;

	if (!async) {
		local->num_sta++;
		local->sta_generation++;
		smp_mb();

		/* make the station visible */
		spin_lock_irqsave(&local->sta_lock, flags);
		sta_info_hash_add(local, sta);
		spin_unlock_irqrestore(&local->sta_lock, flags);
	}

	list_add(&sta->list, &local->sta_list);

	ieee80211_sta_debugfs_add(sta);
	rate_control_add_sta_debugfs(sta);

	sinfo.filled = 0;
	sinfo.generation = local->sta_generation;
	cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);


	return 0;
}

static void sta_info_finish_pending(struct ieee80211_local *local)
{
	struct sta_info *sta;
	unsigned long flags;

	spin_lock_irqsave(&local->sta_lock, flags);
	while (!list_empty(&local->sta_pending_list)) {
		sta = list_first_entry(&local->sta_pending_list,
				       struct sta_info, list);
		list_del(&sta->list);
		spin_unlock_irqrestore(&local->sta_lock, flags);

		sta_info_finish_insert(sta, true);

		spin_lock_irqsave(&local->sta_lock, flags);
	}
	spin_unlock_irqrestore(&local->sta_lock, flags);
}

static void sta_info_finish_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, sta_finish_work);

	mutex_lock(&local->sta_mtx);
	sta_info_finish_pending(local);
	mutex_unlock(&local->sta_mtx);
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	unsigned long flags;
	int err = 0;

377 378 379 380 381
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
382
	if (unlikely(!ieee80211_sdata_running(sdata))) {
383
		err = -ENETDOWN;
384
		rcu_read_lock();
385 386
		goto out_free;
	}
387

388
	if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
J
Johannes Berg 已提交
389
		    is_multicast_ether_addr(sta->sta.addr))) {
390
		err = -EINVAL;
391
		rcu_read_lock();
392 393
		goto out_free;
	}
394

395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420
	/*
	 * In ad-hoc mode, we sometimes need to insert stations
	 * from tasklet context from the RX path. To avoid races,
	 * always do so in that case -- see the comment below.
	 */
	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
		spin_lock_irqsave(&local->sta_lock, flags);
		/* check if STA exists already */
		if (sta_info_get_bss(sdata, sta->sta.addr)) {
			spin_unlock_irqrestore(&local->sta_lock, flags);
			rcu_read_lock();
			err = -EEXIST;
			goto out_free;
		}

		local->num_sta++;
		local->sta_generation++;
		smp_mb();
		sta_info_hash_add(local, sta);

		list_add_tail(&sta->list, &local->sta_pending_list);

		rcu_read_lock();
		spin_unlock_irqrestore(&local->sta_lock, flags);

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
421 422
		wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n",
			    sta->sta.addr);
423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

		ieee80211_queue_work(&local->hw, &local->sta_finish_work);

		return 0;
	}

	/*
	 * On first glance, this will look racy, because the code
	 * below this point, which inserts a station with sleeping,
	 * unlocks the sta_lock between checking existence in the
	 * hash table and inserting into it.
	 *
	 * However, it is not racy against itself because it keeps
	 * the mutex locked. It still seems to race against the
	 * above code that atomically inserts the station... That,
	 * however, is not true because the above code can only
	 * be invoked for IBSS interfaces, and the below code will
	 * not be -- and the two do not race against each other as
	 * the hash table also keys off the interface.
	 */

	might_sleep();

	mutex_lock(&local->sta_mtx);

449
	spin_lock_irqsave(&local->sta_lock, flags);
450
	/* check if STA exists already */
451
	if (sta_info_get_bss(sdata, sta->sta.addr)) {
452
		spin_unlock_irqrestore(&local->sta_lock, flags);
453
		mutex_unlock(&local->sta_mtx);
454
		rcu_read_lock();
455 456
		err = -EEXIST;
		goto out_free;
457
	}
458

459
	spin_unlock_irqrestore(&local->sta_lock, flags);
460

461 462 463 464 465
	err = sta_info_finish_insert(sta, false);
	if (err) {
		mutex_unlock(&local->sta_mtx);
		rcu_read_lock();
		goto out_free;
466
	}
467

468
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
469
	wiphy_debug(local->hw.wiphy, "Inserted STA %pM\n", sta->sta.addr);
470 471
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

472 473 474
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
J
Jiri Benc 已提交
475

J
Johannes Berg 已提交
476 477 478 479
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

	return 0;
480 481 482 483
 out_free:
	BUG_ON(!err);
	__sta_info_free(local, sta);
	return err;
484 485
}

486 487 488 489 490 491 492 493 494
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515
static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
	bss->tim[aid / 8] |= (1 << (aid % 8));
}

static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
	bss->tim[aid / 8] &= ~(1 << (aid % 8));
}

static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss,
				   struct sta_info *sta)
{
516 517
	BUG_ON(!bss);

518
	__bss_tim_set(bss, sta->sta.aid);
519

520 521
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
522
		drv_set_tim(sta->local, &sta->sta, true);
523 524
		sta->local->tim_in_locked_section = false;
	}
525 526 527 528
}

void sta_info_set_tim_bit(struct sta_info *sta)
{
529
	unsigned long flags;
530

531 532
	BUG_ON(!sta->sdata->bss);

533 534 535
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_set_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
536 537 538 539 540
}

static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss,
				     struct sta_info *sta)
{
541 542
	BUG_ON(!bss);

543
	__bss_tim_clear(bss, sta->sta.aid);
544

545 546
	if (sta->local->ops->set_tim) {
		sta->local->tim_in_locked_section = true;
547
		drv_set_tim(sta->local, &sta->sta, false);
548 549
		sta->local->tim_in_locked_section = false;
	}
550 551 552 553
}

void sta_info_clear_tim_bit(struct sta_info *sta)
{
554
	unsigned long flags;
555

556 557
	BUG_ON(!sta->sdata->bss);

558 559 560
	spin_lock_irqsave(&sta->local->sta_lock, flags);
	__sta_info_clear_tim_bit(sta->sdata->bss, sta);
	spin_unlock_irqrestore(&sta->local->sta_lock, flags);
561 562
}

563 564
static int sta_info_buffer_expired(struct sta_info *sta,
				   struct sk_buff *skb)
565
{
566
	struct ieee80211_tx_info *info;
567 568 569 570 571
	int timeout;

	if (!skb)
		return 0;

572
	info = IEEE80211_SKB_CB(skb);
573 574

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
575 576 577
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
578 579
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
580
	return time_after(jiffies, info->control.jiffies + timeout);
581 582 583
}


584
static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
585 586 587 588 589 590
					     struct sta_info *sta)
{
	unsigned long flags;
	struct sk_buff *skb;

	if (skb_queue_empty(&sta->ps_tx_buf))
591
		return false;
592 593 594 595

	for (;;) {
		spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
		skb = skb_peek(&sta->ps_tx_buf);
596
		if (sta_info_buffer_expired(sta, skb))
597
			skb = __skb_dequeue(&sta->ps_tx_buf);
598
		else
599 600 601
			skb = NULL;
		spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);

602
		if (!skb)
603
			break;
604 605

		local->total_ps_buffered--;
606
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
607 608
		printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
609
#endif
610 611
		dev_kfree_skb(skb);

612 613
		if (skb_queue_empty(&sta->ps_tx_buf) &&
		    !test_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF))
614
			sta_info_clear_tim_bit(sta);
615
	}
616 617

	return true;
618 619
}

620
static int __must_check __sta_info_destroy(struct sta_info *sta)
621
{
622 623 624 625
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
	struct sk_buff *skb;
	unsigned long flags;
626
	int ret, i;
627

628
	might_sleep();
629

630 631
	if (!sta)
		return -ENOENT;
632

633 634
	local = sta->local;
	sdata = sta->sdata;
635

636 637 638 639 640 641 642
	/*
	 * Before removing the station from the driver and
	 * rate control, it might still start new aggregation
	 * sessions -- block that to make sure the tear-down
	 * will be sufficient.
	 */
	set_sta_flags(sta, WLAN_STA_BLOCK_BA);
643
	ieee80211_sta_tear_down_BA_sessions(sta, true);
644

645 646 647 648 649 650 651 652 653
	spin_lock_irqsave(&local->sta_lock, flags);
	ret = sta_info_hash_del(local, sta);
	/* this might still be the pending list ... which is fine */
	if (!ret)
		list_del(&sta->list);
	spin_unlock_irqrestore(&local->sta_lock, flags);
	if (ret)
		return ret;

654
	mutex_lock(&local->key_mtx);
655
	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
J
Johannes Berg 已提交
656
		__ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
657
	if (sta->ptk)
J
Johannes Berg 已提交
658
		__ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
659
	mutex_unlock(&local->key_mtx);
660 661 662 663 664 665 666 667

	sta->dead = true;

	if (test_and_clear_sta_flags(sta,
				WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
		BUG_ON(!sdata->bss);

		atomic_dec(&sdata->bss->num_sta_ps);
668
		sta_info_clear_tim_bit(sta);
669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685
	}

	local->num_sta--;
	local->sta_generation++;

	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		rcu_assign_pointer(sdata->u.vlan.sta, NULL);

	if (sta->uploaded) {
		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			sdata = container_of(sdata->bss,
					     struct ieee80211_sub_if_data,
					     u.ap);
		drv_sta_remove(local, sdata, &sta->sta);
		sdata = sta->sdata;
	}

686 687 688 689 690 691 692 693
	/*
	 * At this point, after we wait for an RCU grace period,
	 * neither mac80211 nor the driver can reference this
	 * sta struct any more except by still existing timers
	 * associated with this station that we clean up below.
	 */
	synchronize_rcu();

694
#ifdef CONFIG_MAC80211_MESH
695
	if (ieee80211_vif_is_mesh(&sdata->vif))
696 697 698 699
		mesh_accept_plinks_update(sdata);
#endif

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
700
	wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr);
701 702 703
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
	cancel_work_sync(&sta->drv_unblock_wk);

704 705
	cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);

706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726
	rate_control_remove_sta_debugfs(sta);
	ieee80211_sta_debugfs_remove(sta);

#ifdef CONFIG_MAC80211_MESH
	if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		mesh_plink_deactivate(sta);
		del_timer_sync(&sta->plink_timer);
	}
#endif

	while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
		local->total_ps_buffered--;
		dev_kfree_skb_any(skb);
	}

	while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
		dev_kfree_skb_any(skb);

	__sta_info_free(local, sta);

	return 0;
J
Jiri Slaby 已提交
727 728
}

729
int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
J
Jiri Slaby 已提交
730
{
731 732
	struct sta_info *sta;
	int ret;
J
Jiri Slaby 已提交
733

734 735 736 737
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
J
Jiri Slaby 已提交
738 739 740 741

	return ret;
}

742 743
int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
J
Jiri Benc 已提交
744
{
745 746
	struct sta_info *sta;
	int ret;
J
Jiri Benc 已提交
747

748 749 750 751
	mutex_lock(&sdata->local->sta_mtx);
	sta = sta_info_get_bss(sdata, addr);
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
752

753 754
	return ret;
}
J
Jiri Benc 已提交
755

756 757 758 759
static void sta_info_cleanup(unsigned long data)
{
	struct ieee80211_local *local = (struct ieee80211_local *) data;
	struct sta_info *sta;
760
	bool timer_needed = false;
761 762 763

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list)
764 765
		if (sta_info_cleanup_expire_buffered(local, sta))
			timer_needed = true;
766
	rcu_read_unlock();
J
Jiri Benc 已提交
767

768 769
	if (local->quiescing)
		return;
770

771 772 773
	if (!timer_needed)
		return;

774 775
	mod_timer(&local->sta_cleanup,
		  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
J
Jiri Benc 已提交
776 777
}

778 779
void sta_info_init(struct ieee80211_local *local)
{
780
	spin_lock_init(&local->sta_lock);
781
	mutex_init(&local->sta_mtx);
782
	INIT_LIST_HEAD(&local->sta_list);
783 784
	INIT_LIST_HEAD(&local->sta_pending_list);
	INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
785

786 787
	setup_timer(&local->sta_cleanup, sta_info_cleanup,
		    (unsigned long)local);
788 789 790 791 792
}

void sta_info_stop(struct ieee80211_local *local)
{
	del_timer(&local->sta_cleanup);
793
	sta_info_flush(local, NULL);
794 795 796 797
}

/**
 * sta_info_flush - flush matching STA entries from the STA table
798 799 800
 *
 * Returns the number of removed STA entries.
 *
801
 * @local: local interface data
802
 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
803
 */
804
int sta_info_flush(struct ieee80211_local *local,
805
		   struct ieee80211_sub_if_data *sdata)
806 807
{
	struct sta_info *sta, *tmp;
808
	int ret = 0;
809

810
	might_sleep();
811

812 813 814 815
	mutex_lock(&local->sta_mtx);

	sta_info_finish_pending(local);

816
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
817 818
		if (!sdata || sdata == sta->sdata)
			WARN_ON(__sta_info_destroy(sta));
819
	}
820
	mutex_unlock(&local->sta_mtx);
821 822

	return ret;
823
}
J
Johannes Berg 已提交
824

825 826 827 828 829 830
void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
			  unsigned long exp_time)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta, *tmp;

831
	mutex_lock(&local->sta_mtx);
832 833 834
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
		if (time_after(jiffies, sta->last_rx + exp_time)) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
835
			printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
836
			       sdata->name, sta->sta.addr);
837
#endif
838
			WARN_ON(__sta_info_destroy(sta));
839
		}
840
	mutex_unlock(&local->sta_mtx);
841
}
842

843 844 845
struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
					       const u8 *addr,
					       const u8 *localaddr)
846
{
847
	struct sta_info *sta, *nxt;
848

849 850 851 852
	/*
	 * Just return a random station if localaddr is NULL
	 * ... first in list.
	 */
853
	for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
854 855 856
		if (localaddr &&
		    compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0)
			continue;
857 858
		if (!sta->uploaded)
			return NULL;
859
		return &sta->sta;
860 861
	}

862
	return NULL;
863
}
864
EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
865 866 867 868

struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
					 const u8 *addr)
{
869
	struct sta_info *sta;
870 871 872 873

	if (!vif)
		return NULL;

874 875 876 877 878 879
	sta = sta_info_get_bss(vif_to_sdata(vif), addr);
	if (!sta)
		return NULL;

	if (!sta->uploaded)
		return NULL;
880

881
	return &sta->sta;
882
}
883
EXPORT_SYMBOL(ieee80211_find_sta);
884

885 886 887 888 889 890 891
static void clear_sta_ps_flags(void *_sta)
{
	struct sta_info *sta = _sta;

	clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA);
}

892 893 894 895 896 897 898
/* powersave support code */
void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	int sent, buffered;

899
	clear_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
900 901
	if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
		drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
902 903 904 905 906 907

	if (!skb_queue_empty(&sta->ps_tx_buf))
		sta_info_clear_tim_bit(sta);

	/* Send all buffered frames to the station */
	sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
908 909
	buffered = ieee80211_add_pending_skbs_fn(local, &sta->ps_tx_buf,
						 clear_sta_ps_flags, sta);
910 911 912 913 914
	sent += buffered;
	local->total_ps_buffered -= buffered;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
915
	       "since STA not sleeping anymore\n", sdata->name,
916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973
	       sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
}

void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	int no_pending_pkts;

	skb = skb_dequeue(&sta->tx_filtered);
	if (!skb) {
		skb = skb_dequeue(&sta->ps_tx_buf);
		if (skb)
			local->total_ps_buffered--;
	}
	no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
		skb_queue_empty(&sta->ps_tx_buf);

	if (skb) {
		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) skb->data;

		/*
		 * Tell TX path to send this frame even though the STA may
		 * still remain is PS mode after this frame exchange.
		 */
		info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
		printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
		       sta->sta.addr, sta->sta.aid,
		       skb_queue_len(&sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

		/* Use MoreData flag to indicate whether there are more
		 * buffered frames for this STA */
		if (no_pending_pkts)
			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
		else
			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);

		ieee80211_add_pending_skb(local, skb);

		if (no_pending_pkts)
			sta_info_clear_tim_bit(sta);
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	} else {
		/*
		 * FIXME: This can be the result of a race condition between
		 *	  us expiring a frame and the station polling for it.
		 *	  Should we send it a null-func frame indicating we
		 *	  have nothing buffered for it?
		 */
		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
		       "though there are no buffered frames for it\n",
974
		       sdata->name, sta->sta.addr);
975 976 977 978 979 980 981 982 983
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
	}
}

void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
			       struct ieee80211_sta *pubsta, bool block)
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

J
Johannes Berg 已提交
984 985
	trace_api_sta_block_awake(sta->local, pubsta, block);

986 987
	if (block)
		set_sta_flags(sta, WLAN_STA_PS_DRIVER);
988
	else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER))
989 990 991
		ieee80211_queue_work(hw, &sta->drv_unblock_wk);
}
EXPORT_SYMBOL(ieee80211_sta_block_awake);
992 993 994 995 996 997 998 999 1000

void ieee80211_sta_set_tim(struct ieee80211_sta *pubsta)
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

	set_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
	sta_info_set_tim_bit(sta);
}
EXPORT_SYMBOL(ieee80211_sta_set_tim);