sta_info.c 30.0 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
17
#include <linux/timer.h>
18
#include <linux/rtnetlink.h>
19 20 21

#include <net/mac80211.h>
#include "ieee80211_i.h"
22
#include "driver-ops.h"
J
Johannes Berg 已提交
23
#include "rate.h"
24
#include "sta_info.h"
J
Jiri Benc 已提交
25
#include "debugfs_sta.h"
26
#include "mesh.h"
27

28 29 30 31 32 33 34
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
35 36 37 38 39 40 41 42
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
43 44 45
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
46
 *
47
 * Station entries are added by mac80211 when you establish a link with a
48 49
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
L
Lucas De Marchi 已提交
50
 * receive an association response from the AP. For IBSS this occurs when
51
 * get to know about a peer on the same IBSS. For WDS we add the sta for
L
Lucas De Marchi 已提交
52
 * the peer immediately upon device open. When using AP mode we add stations
53
 * for each respective station upon request from userspace through nl80211.
54
 *
55 56
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
57
 *
58 59 60 61
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
62
 */
63 64

/* Caller must hold local->sta_lock */
65 66
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
67 68 69
{
	struct sta_info *s;

J
Johannes Berg 已提交
70 71
	s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
				      lockdep_is_held(&local->sta_lock));
72
	if (!s)
73 74
		return -ENOENT;
	if (s == sta) {
75
		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
76
				   s->hnext);
77
		return 0;
78 79
	}

J
Johannes Berg 已提交
80 81 82 83 84
	while (rcu_access_pointer(s->hnext) &&
	       rcu_access_pointer(s->hnext) != sta)
		s = rcu_dereference_protected(s->hnext,
					lockdep_is_held(&local->sta_lock));
	if (rcu_access_pointer(s->hnext)) {
85
		rcu_assign_pointer(s->hnext, sta->hnext);
86 87
		return 0;
	}
88

89
	return -ENOENT;
90 91
}

92
/* protected by RCU */
93 94
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
95
{
96
	struct ieee80211_local *local = sdata->local;
97 98
	struct sta_info *sta;

99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
	while (sta) {
		if (sta->sdata == sdata && !sta->dummy &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
	}
	return sta;
}

/* get a station info entry even if it is a dummy station*/
struct sta_info *sta_info_get_rx(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

120 121 122
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
123
	while (sta) {
124 125
		if (sta->sdata == sdata &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
126
			break;
127 128 129
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
130
	}
131 132 133
	return sta;
}

134 135 136 137 138 139 140 141 142 143
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
	while (sta) {
		if ((sta->sdata == sdata ||
		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
		    !sta->dummy &&
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
	}
	return sta;
}

/*
 * Get sta info either from the specified interface
 * or from one of its vlans (including dummy stations)
 */
struct sta_info *sta_info_get_bss_rx(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

170 171 172
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_lock) ||
				    lockdep_is_held(&local->sta_mtx));
173 174
	while (sta) {
		if ((sta->sdata == sdata ||
175
		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
176 177
		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
			break;
178 179 180
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_lock) ||
					    lockdep_is_held(&local->sta_mtx));
181 182 183 184
	}
	return sta;
}

185 186
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
187
{
188
	struct ieee80211_local *local = sdata->local;
189 190 191
	struct sta_info *sta;
	int i = 0;

192
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
193
		if (sdata != sta->sdata)
194
			continue;
195 196 197 198
		if (i < idx) {
			++i;
			continue;
		}
199
		return sta;
200 201 202 203
	}

	return NULL;
}
204

205 206 207
/**
 * __sta_info_free - internal STA free helper
 *
R
Randy Dunlap 已提交
208
 * @local: pointer to the global information
209 210 211 212 213 214 215 216
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
 * that may happen before sta_info_insert().
 */
static void __sta_info_free(struct ieee80211_local *local,
			    struct sta_info *sta)
{
217 218 219 220
	if (sta->rate_ctrl) {
		rate_control_free_sta(sta);
		rate_control_put(sta->rate_ctrl);
	}
221 222

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
223
	wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
224 225 226 227 228
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

	kfree(sta);
}

229 230 231
/* Caller must hold local->sta_lock */
static void sta_info_hash_add(struct ieee80211_local *local,
			      struct sta_info *sta)
232
{
233 234
	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
235 236
}

237 238 239 240 241 242 243 244 245 246 247
static void sta_unblock(struct work_struct *wk)
{
	struct sta_info *sta;

	sta = container_of(wk, struct sta_info, drv_unblock_wk);

	if (sta->dead)
		return;

	if (!test_sta_flags(sta, WLAN_STA_PS_STA))
		ieee80211_sta_ps_deliver_wakeup(sta);
248 249
	else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) {
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
250
		ieee80211_sta_ps_deliver_poll_response(sta);
251 252
	} else
		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
253 254
}

255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
		return 0;

	sta->rate_ctrl = rate_control_get(local->rate_ctrl);
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
						     &sta->sta, gfp);
	if (!sta->rate_ctrl_priv) {
		rate_control_put(sta->rate_ctrl);
		return -ENOMEM;
	}

	return 0;
}

J
Johannes Berg 已提交
272 273
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
				u8 *addr, gfp_t gfp)
274
{
275
	struct ieee80211_local *local = sdata->local;
276
	struct sta_info *sta;
277
	struct timespec uptime;
278
	int i;
279

280
	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
281
	if (!sta)
J
Johannes Berg 已提交
282
		return NULL;
283

284
	spin_lock_init(&sta->lock);
285
	spin_lock_init(&sta->flaglock);
286
	INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
J
Johannes Berg 已提交
287
	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
288
	mutex_init(&sta->ampdu_mlme.mtx);
289

290
	memcpy(sta->sta.addr, addr, ETH_ALEN);
291 292
	sta->local = local;
	sta->sdata = sdata;
293
	sta->last_rx = jiffies;
294

295 296
	do_posix_clock_monotonic_gettime(&uptime);
	sta->last_connected = uptime.tv_sec;
297 298
	ewma_init(&sta->avg_signal, 1024, 8);

299
	if (sta_prepare_rate_control(local, sta, gfp)) {
300
		kfree(sta);
J
Johannes Berg 已提交
301
		return NULL;
302 303
	}

304
	for (i = 0; i < STA_TID_NUM; i++) {
305 306 307 308 309
		/*
		 * timer_to_tid must be initialized with identity mapping
		 * to enable session_timer's data differentiation. See
		 * sta_rx_agg_session_timer_expired for usage.
		 */
310 311
		sta->timer_to_tid[i] = i;
	}
312 313
	skb_queue_head_init(&sta->ps_tx_buf);
	skb_queue_head_init(&sta->tx_filtered);
J
Johannes Berg 已提交
314

315
	for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
316
		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
317

J
Johannes Berg 已提交
318
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
319
	wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr);
J
Johannes Berg 已提交
320 321
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

322
#ifdef CONFIG_MAC80211_MESH
323
	sta->plink_state = NL80211_PLINK_LISTEN;
324 325 326
	init_timer(&sta->plink_timer);
#endif

J
Johannes Berg 已提交
327 328 329
	return sta;
}

330 331
static int sta_info_finish_insert(struct sta_info *sta,
				bool async, bool dummy_reinsert)
J
Johannes Berg 已提交
332 333 334
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
335
	struct station_info sinfo;
J
Johannes Berg 已提交
336
	unsigned long flags;
337
	int err = 0;
J
Johannes Berg 已提交
338

339
	lockdep_assert_held(&local->sta_mtx);
340

341 342 343 344 345 346 347 348 349 350 351 352 353 354 355
	if (!sta->dummy || dummy_reinsert) {
		/* notify driver */
		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			sdata = container_of(sdata->bss,
					     struct ieee80211_sub_if_data,
					     u.ap);
		err = drv_sta_add(local, sdata, &sta->sta);
		if (err) {
			if (!async)
				return err;
			printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to "
					  "driver (%d) - keeping it anyway.\n",
			       sdata->name, sta->sta.addr, err);
		} else {
			sta->uploaded = true;
356
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
357 358 359 360
			if (async)
				wiphy_debug(local->hw.wiphy,
					    "Finished adding IBSS STA %pM\n",
					    sta->sta.addr);
361
#endif
362 363 364
		}

		sdata = sta->sdata;
365 366
	}

367 368 369 370 371
	if (!dummy_reinsert) {
		if (!async) {
			local->num_sta++;
			local->sta_generation++;
			smp_mb();
372

373 374 375 376 377
			/* make the station visible */
			spin_lock_irqsave(&local->sta_lock, flags);
			sta_info_hash_add(local, sta);
			spin_unlock_irqrestore(&local->sta_lock, flags);
		}
378

379 380 381
		list_add(&sta->list, &local->sta_list);
	} else {
		sta->dummy = false;
382 383
	}

384 385 386
	if (!sta->dummy) {
		ieee80211_sta_debugfs_add(sta);
		rate_control_add_sta_debugfs(sta);
387

388 389 390 391 392
		memset(&sinfo, 0, sizeof(sinfo));
		sinfo.filled = 0;
		sinfo.generation = local->sta_generation;
		cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
	}
393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408

	return 0;
}

static void sta_info_finish_pending(struct ieee80211_local *local)
{
	struct sta_info *sta;
	unsigned long flags;

	spin_lock_irqsave(&local->sta_lock, flags);
	while (!list_empty(&local->sta_pending_list)) {
		sta = list_first_entry(&local->sta_pending_list,
				       struct sta_info, list);
		list_del(&sta->list);
		spin_unlock_irqrestore(&local->sta_lock, flags);

409
		sta_info_finish_insert(sta, true, false);
410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425

		spin_lock_irqsave(&local->sta_lock, flags);
	}
	spin_unlock_irqrestore(&local->sta_lock, flags);
}

static void sta_info_finish_work(struct work_struct *work)
{
	struct ieee80211_local *local =
		container_of(work, struct ieee80211_local, sta_finish_work);

	mutex_lock(&local->sta_mtx);
	sta_info_finish_pending(local);
	mutex_unlock(&local->sta_mtx);
}

426
static int sta_info_insert_check(struct sta_info *sta)
427 428 429
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;

430 431 432 433 434
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
435 436
	if (unlikely(!ieee80211_sdata_running(sdata)))
		return -ENETDOWN;
437

438
	if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
439 440 441 442 443 444 445 446 447 448 449 450 451 452
		    is_multicast_ether_addr(sta->sta.addr)))
		return -EINVAL;

	return 0;
}

static int sta_info_insert_ibss(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	unsigned long flags;

	spin_lock_irqsave(&local->sta_lock, flags);
	/* check if STA exists already */
453
	if (sta_info_get_bss_rx(sdata, sta->sta.addr)) {
454
		spin_unlock_irqrestore(&local->sta_lock, flags);
455
		rcu_read_lock();
456
		return -EEXIST;
457
	}
458

459 460 461 462
	local->num_sta++;
	local->sta_generation++;
	smp_mb();
	sta_info_hash_add(local, sta);
463

464
	list_add_tail(&sta->list, &local->sta_pending_list);
465

466 467
	rcu_read_lock();
	spin_unlock_irqrestore(&local->sta_lock, flags);
468 469

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
470 471
	wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n",
			sta->sta.addr);
472 473
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

474
	ieee80211_queue_work(&local->hw, &local->sta_finish_work);
475

476 477 478 479 480 481 482 483 484 485 486 487 488
	return 0;
}

/*
 * should be called with sta_mtx locked
 * this function replaces the mutex lock
 * with a RCU lock
 */
static int sta_info_insert_non_ibss(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	unsigned long flags;
489 490
	struct sta_info *exist_sta;
	bool dummy_reinsert = false;
491 492 493
	int err = 0;

	lockdep_assert_held(&local->sta_mtx);
494 495 496

	/*
	 * On first glance, this will look racy, because the code
497
	 * in this function, which inserts a station with sleeping,
498 499 500 501
	 * unlocks the sta_lock between checking existence in the
	 * hash table and inserting into it.
	 *
	 * However, it is not racy against itself because it keeps
502
	 * the mutex locked.
503 504
	 */

505
	spin_lock_irqsave(&local->sta_lock, flags);
506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522
	/*
	 * check if STA exists already.
	 * only accept a scenario of a second call to sta_info_insert_non_ibss
	 * with a dummy station entry that was inserted earlier
	 * in that case - assume that the dummy station flag should
	 * be removed.
	 */
	exist_sta = sta_info_get_bss_rx(sdata, sta->sta.addr);
	if (exist_sta) {
		if (exist_sta == sta && sta->dummy) {
			dummy_reinsert = true;
		} else {
			spin_unlock_irqrestore(&local->sta_lock, flags);
			mutex_unlock(&local->sta_mtx);
			rcu_read_lock();
			return -EEXIST;
		}
523
	}
524

525
	spin_unlock_irqrestore(&local->sta_lock, flags);
526

527
	err = sta_info_finish_insert(sta, false, dummy_reinsert);
528 529 530
	if (err) {
		mutex_unlock(&local->sta_mtx);
		rcu_read_lock();
531
		return err;
532
	}
533

534
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
535 536
	wiphy_debug(local->hw.wiphy, "Inserted %sSTA %pM\n",
			sta->dummy ? "dummy " : "", sta->sta.addr);
537 538
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

539 540 541
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
J
Jiri Benc 已提交
542

J
Johannes Berg 已提交
543 544 545
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590
	return 0;
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	int err = 0;

	err = sta_info_insert_check(sta);
	if (err) {
		rcu_read_lock();
		goto out_free;
	}

	/*
	 * In ad-hoc mode, we sometimes need to insert stations
	 * from tasklet context from the RX path. To avoid races,
	 * always do so in that case -- see the comment below.
	 */
	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
		err = sta_info_insert_ibss(sta);
		if (err)
			goto out_free;

		return 0;
	}

	/*
	 * It might seem that the function called below is in race against
	 * the function call above that atomically inserts the station... That,
	 * however, is not true because the above code can only
	 * be invoked for IBSS interfaces, and the below code will
	 * not be -- and the two do not race against each other as
	 * the hash table also keys off the interface.
	 */

	might_sleep();

	mutex_lock(&local->sta_mtx);

	err = sta_info_insert_non_ibss(sta);
	if (err)
		goto out_free;

J
Johannes Berg 已提交
591
	return 0;
592 593 594 595
 out_free:
	BUG_ON(!err);
	__sta_info_free(local, sta);
	return err;
596 597
}

598 599 600 601 602 603 604 605 606
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625
/* Caller must hold sta->local->sta_mtx */
int sta_info_reinsert(struct sta_info *sta)
{
	struct ieee80211_local *local = sta->local;
	int err = 0;

	err = sta_info_insert_check(sta);
	if (err) {
		mutex_unlock(&local->sta_mtx);
		return err;
	}

	might_sleep();

	err = sta_info_insert_non_ibss(sta);
	rcu_read_unlock();
	return err;
}

626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643
static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
	bss->tim[aid / 8] |= (1 << (aid % 8));
}

static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
	bss->tim[aid / 8] &= ~(1 << (aid % 8));
}

J
Johannes Berg 已提交
644
void sta_info_recalc_tim(struct sta_info *sta)
645
{
J
Johannes Berg 已提交
646 647
	struct ieee80211_local *local = sta->local;
	struct ieee80211_if_ap *bss = sta->sdata->bss;
648
	unsigned long flags;
J
Johannes Berg 已提交
649
	bool have_data = false;
650

J
Johannes Berg 已提交
651 652
	if (WARN_ON_ONCE(!sta->sdata->bss))
		return;
653

J
Johannes Berg 已提交
654 655 656
	/* No need to do anything if the driver does all */
	if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
		return;
657

J
Johannes Berg 已提交
658 659
	if (sta->dead)
		goto done;
660

J
Johannes Berg 已提交
661 662 663
	have_data = test_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF) ||
		    !skb_queue_empty(&sta->tx_filtered) ||
		    !skb_queue_empty(&sta->ps_tx_buf);
664

J
Johannes Berg 已提交
665 666
 done:
	spin_lock_irqsave(&local->sta_lock, flags);
667

J
Johannes Berg 已提交
668 669 670 671
	if (have_data)
		__bss_tim_set(bss, sta->sta.aid);
	else
		__bss_tim_clear(bss, sta->sta.aid);
672

J
Johannes Berg 已提交
673 674 675 676 677
	if (local->ops->set_tim) {
		local->tim_in_locked_section = true;
		drv_set_tim(local, &sta->sta, have_data);
		local->tim_in_locked_section = false;
	}
678

J
Johannes Berg 已提交
679
	spin_unlock_irqrestore(&local->sta_lock, flags);
680 681
}

682
static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
683
{
684
	struct ieee80211_tx_info *info;
685 686 687
	int timeout;

	if (!skb)
688
		return false;
689

690
	info = IEEE80211_SKB_CB(skb);
691 692

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
693 694 695
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
696 697
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
698
	return time_after(jiffies, info->control.jiffies + timeout);
699 700 701
}


702
static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
703 704 705 706 707
					     struct sta_info *sta)
{
	unsigned long flags;
	struct sk_buff *skb;

J
Johannes Berg 已提交
708 709 710 711
	/* This is only necessary for stations on BSS interfaces */
	if (!sta->sdata->bss)
		return false;

712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744
	/*
	 * First check for frames that should expire on the filtered
	 * queue. Frames here were rejected by the driver and are on
	 * a separate queue to avoid reordering with normal PS-buffered
	 * frames. They also aren't accounted for right now in the
	 * total_ps_buffered counter.
	 */
	for (;;) {
		spin_lock_irqsave(&sta->tx_filtered.lock, flags);
		skb = skb_peek(&sta->tx_filtered);
		if (sta_info_buffer_expired(sta, skb))
			skb = __skb_dequeue(&sta->tx_filtered);
		else
			skb = NULL;
		spin_unlock_irqrestore(&sta->tx_filtered.lock, flags);

		/*
		 * Frames are queued in order, so if this one
		 * hasn't expired yet we can stop testing. If
		 * we actually reached the end of the queue we
		 * also need to stop, of course.
		 */
		if (!skb)
			break;
		dev_kfree_skb(skb);
	}

	/*
	 * Now also check the normal PS-buffered queue, this will
	 * only find something if the filtered queue was emptied
	 * since the filtered frames are all before the normal PS
	 * buffered frames.
	 */
745 746 747
	for (;;) {
		spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
		skb = skb_peek(&sta->ps_tx_buf);
748
		if (sta_info_buffer_expired(sta, skb))
749
			skb = __skb_dequeue(&sta->ps_tx_buf);
750
		else
751 752 753
			skb = NULL;
		spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags);

754 755 756 757 758
		/*
		 * frames are queued in order, so if this one
		 * hasn't expired yet (or we reached the end of
		 * the queue) we can stop testing
		 */
759
		if (!skb)
760
			break;
761 762

		local->total_ps_buffered--;
763
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
764 765
		printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
766
#endif
767
		dev_kfree_skb(skb);
768
	}
769

770 771 772 773 774 775 776 777 778 779 780 781 782 783
	/*
	 * Finally, recalculate the TIM bit for this station -- it might
	 * now be clear because the station was too slow to retrieve its
	 * frames.
	 */
	sta_info_recalc_tim(sta);

	/*
	 * Return whether there are any frames still buffered, this is
	 * used to check whether the cleanup timer still needs to run,
	 * if there are no frames we don't need to rearm the timer.
	 */
	return !(skb_queue_empty(&sta->ps_tx_buf) &&
		 skb_queue_empty(&sta->tx_filtered));
784 785
}

786
static int __must_check __sta_info_destroy(struct sta_info *sta)
787
{
788 789 790
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
	unsigned long flags;
791
	int ret, i;
792

793
	might_sleep();
794

795 796
	if (!sta)
		return -ENOENT;
797

798 799
	local = sta->local;
	sdata = sta->sdata;
800

801 802 803 804 805 806 807
	/*
	 * Before removing the station from the driver and
	 * rate control, it might still start new aggregation
	 * sessions -- block that to make sure the tear-down
	 * will be sufficient.
	 */
	set_sta_flags(sta, WLAN_STA_BLOCK_BA);
808
	ieee80211_sta_tear_down_BA_sessions(sta, true);
809

810 811 812 813 814 815 816 817 818
	spin_lock_irqsave(&local->sta_lock, flags);
	ret = sta_info_hash_del(local, sta);
	/* this might still be the pending list ... which is fine */
	if (!ret)
		list_del(&sta->list);
	spin_unlock_irqrestore(&local->sta_lock, flags);
	if (ret)
		return ret;

819
	mutex_lock(&local->key_mtx);
820
	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
J
Johannes Berg 已提交
821
		__ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
822
	if (sta->ptk)
J
Johannes Berg 已提交
823
		__ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
824
	mutex_unlock(&local->key_mtx);
825 826 827 828 829 830 831 832

	sta->dead = true;

	if (test_and_clear_sta_flags(sta,
				WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
		BUG_ON(!sdata->bss);

		atomic_dec(&sdata->bss->num_sta_ps);
J
Johannes Berg 已提交
833
		sta_info_recalc_tim(sta);
834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850
	}

	local->num_sta--;
	local->sta_generation++;

	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
		rcu_assign_pointer(sdata->u.vlan.sta, NULL);

	if (sta->uploaded) {
		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			sdata = container_of(sdata->bss,
					     struct ieee80211_sub_if_data,
					     u.ap);
		drv_sta_remove(local, sdata, &sta->sta);
		sdata = sta->sdata;
	}

851 852 853 854 855 856 857 858
	/*
	 * At this point, after we wait for an RCU grace period,
	 * neither mac80211 nor the driver can reference this
	 * sta struct any more except by still existing timers
	 * associated with this station that we clean up below.
	 */
	synchronize_rcu();

J
Johannes Berg 已提交
859 860 861 862
	local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf);
	__skb_queue_purge(&sta->ps_tx_buf);
	__skb_queue_purge(&sta->tx_filtered);

863
#ifdef CONFIG_MAC80211_MESH
864
	if (ieee80211_vif_is_mesh(&sdata->vif))
865 866 867 868
		mesh_accept_plinks_update(sdata);
#endif

#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
J
Joe Perches 已提交
869
	wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr);
870 871 872
#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
	cancel_work_sync(&sta->drv_unblock_wk);

873 874
	cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);

875 876 877 878 879 880 881 882 883 884 885 886 887
	rate_control_remove_sta_debugfs(sta);
	ieee80211_sta_debugfs_remove(sta);

#ifdef CONFIG_MAC80211_MESH
	if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		mesh_plink_deactivate(sta);
		del_timer_sync(&sta->plink_timer);
	}
#endif

	__sta_info_free(local, sta);

	return 0;
J
Jiri Slaby 已提交
888 889
}

890
int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
J
Jiri Slaby 已提交
891
{
892 893
	struct sta_info *sta;
	int ret;
J
Jiri Slaby 已提交
894

895
	mutex_lock(&sdata->local->sta_mtx);
896
	sta = sta_info_get_rx(sdata, addr);
897 898
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
J
Jiri Slaby 已提交
899 900 901 902

	return ret;
}

903 904
int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
J
Jiri Benc 已提交
905
{
906 907
	struct sta_info *sta;
	int ret;
J
Jiri Benc 已提交
908

909
	mutex_lock(&sdata->local->sta_mtx);
910
	sta = sta_info_get_bss_rx(sdata, addr);
911 912
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
913

914 915
	return ret;
}
J
Jiri Benc 已提交
916

917 918 919 920
static void sta_info_cleanup(unsigned long data)
{
	struct ieee80211_local *local = (struct ieee80211_local *) data;
	struct sta_info *sta;
921
	bool timer_needed = false;
922 923 924

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list)
925 926
		if (sta_info_cleanup_expire_buffered(local, sta))
			timer_needed = true;
927
	rcu_read_unlock();
J
Jiri Benc 已提交
928

929 930
	if (local->quiescing)
		return;
931

932 933 934
	if (!timer_needed)
		return;

935 936
	mod_timer(&local->sta_cleanup,
		  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
J
Jiri Benc 已提交
937 938
}

939 940
void sta_info_init(struct ieee80211_local *local)
{
941
	spin_lock_init(&local->sta_lock);
942
	mutex_init(&local->sta_mtx);
943
	INIT_LIST_HEAD(&local->sta_list);
944 945
	INIT_LIST_HEAD(&local->sta_pending_list);
	INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
946

947 948
	setup_timer(&local->sta_cleanup, sta_info_cleanup,
		    (unsigned long)local);
949 950 951 952 953
}

void sta_info_stop(struct ieee80211_local *local)
{
	del_timer(&local->sta_cleanup);
954
	sta_info_flush(local, NULL);
955 956 957 958
}

/**
 * sta_info_flush - flush matching STA entries from the STA table
959 960 961
 *
 * Returns the number of removed STA entries.
 *
962
 * @local: local interface data
963
 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
964
 */
965
int sta_info_flush(struct ieee80211_local *local,
966
		   struct ieee80211_sub_if_data *sdata)
967 968
{
	struct sta_info *sta, *tmp;
969
	int ret = 0;
970

971
	might_sleep();
972

973 974 975 976
	mutex_lock(&local->sta_mtx);

	sta_info_finish_pending(local);

977
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
978 979
		if (!sdata || sdata == sta->sdata)
			WARN_ON(__sta_info_destroy(sta));
980
	}
981
	mutex_unlock(&local->sta_mtx);
982 983

	return ret;
984
}
J
Johannes Berg 已提交
985

986 987 988 989 990 991
void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
			  unsigned long exp_time)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta, *tmp;

992
	mutex_lock(&local->sta_mtx);
993 994 995
	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
		if (time_after(jiffies, sta->last_rx + exp_time)) {
#ifdef CONFIG_MAC80211_IBSS_DEBUG
996
			printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
997
			       sdata->name, sta->sta.addr);
998
#endif
999
			WARN_ON(__sta_info_destroy(sta));
1000
		}
1001
	mutex_unlock(&local->sta_mtx);
1002
}
1003

1004 1005 1006
struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
					       const u8 *addr,
					       const u8 *localaddr)
1007
{
1008
	struct sta_info *sta, *nxt;
1009

1010 1011 1012 1013
	/*
	 * Just return a random station if localaddr is NULL
	 * ... first in list.
	 */
1014
	for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
1015 1016 1017
		if (localaddr &&
		    compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0)
			continue;
1018 1019
		if (!sta->uploaded)
			return NULL;
1020
		return &sta->sta;
1021 1022
	}

1023
	return NULL;
1024
}
1025
EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
1026 1027 1028 1029

struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
					 const u8 *addr)
{
1030
	struct sta_info *sta;
1031 1032 1033 1034

	if (!vif)
		return NULL;

1035 1036 1037 1038 1039 1040
	sta = sta_info_get_bss(vif_to_sdata(vif), addr);
	if (!sta)
		return NULL;

	if (!sta->uploaded)
		return NULL;
1041

1042
	return &sta->sta;
1043
}
1044
EXPORT_SYMBOL(ieee80211_find_sta);
1045

1046 1047 1048 1049 1050 1051 1052
static void clear_sta_ps_flags(void *_sta)
{
	struct sta_info *sta = _sta;

	clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA);
}

1053 1054 1055 1056 1057 1058 1059
/* powersave support code */
void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	int sent, buffered;

1060
	clear_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
1061 1062
	if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
		drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1063 1064 1065

	/* Send all buffered frames to the station */
	sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
1066 1067
	buffered = ieee80211_add_pending_skbs_fn(local, &sta->ps_tx_buf,
						 clear_sta_ps_flags, sta);
1068 1069 1070
	sent += buffered;
	local->total_ps_buffered -= buffered;

J
Johannes Berg 已提交
1071 1072
	sta_info_recalc_tim(sta);

1073 1074
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
1075
	       "since STA not sleeping anymore\n", sdata->name,
1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121
	       sta->sta.addr, sta->sta.aid, sent - buffered, buffered);
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
}

void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	int no_pending_pkts;

	skb = skb_dequeue(&sta->tx_filtered);
	if (!skb) {
		skb = skb_dequeue(&sta->ps_tx_buf);
		if (skb)
			local->total_ps_buffered--;
	}
	no_pending_pkts = skb_queue_empty(&sta->tx_filtered) &&
		skb_queue_empty(&sta->ps_tx_buf);

	if (skb) {
		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		struct ieee80211_hdr *hdr =
			(struct ieee80211_hdr *) skb->data;

		/*
		 * Tell TX path to send this frame even though the STA may
		 * still remain is PS mode after this frame exchange.
		 */
		info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;

#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
		printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n",
		       sta->sta.addr, sta->sta.aid,
		       skb_queue_len(&sta->ps_tx_buf));
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */

		/* Use MoreData flag to indicate whether there are more
		 * buffered frames for this STA */
		if (no_pending_pkts)
			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
		else
			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);

		ieee80211_add_pending_skb(local, skb);

J
Johannes Berg 已提交
1122
		sta_info_recalc_tim(sta);
1123 1124 1125 1126 1127 1128 1129 1130 1131 1132
#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
	} else {
		/*
		 * FIXME: This can be the result of a race condition between
		 *	  us expiring a frame and the station polling for it.
		 *	  Should we send it a null-func frame indicating we
		 *	  have nothing buffered for it?
		 */
		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
		       "though there are no buffered frames for it\n",
1133
		       sdata->name, sta->sta.addr);
1134 1135 1136 1137 1138 1139 1140 1141 1142
#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
	}
}

void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
			       struct ieee80211_sta *pubsta, bool block)
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

J
Johannes Berg 已提交
1143 1144
	trace_api_sta_block_awake(sta->local, pubsta, block);

1145 1146
	if (block)
		set_sta_flags(sta, WLAN_STA_PS_DRIVER);
1147
	else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER))
1148 1149 1150
		ieee80211_queue_work(hw, &sta->drv_unblock_wk);
}
EXPORT_SYMBOL(ieee80211_sta_block_awake);
1151

1152 1153
void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
				u8 tid, bool buffered)
1154 1155 1156
{
	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);

1157 1158 1159
	if (!buffered)
		return;

1160
	set_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
J
Johannes Berg 已提交
1161
	sta_info_recalc_tim(sta);
1162
}
1163
EXPORT_SYMBOL(ieee80211_sta_set_buffered);