LXR linux/net/mac80211/status.c

   1/*
   2 * Copyright 2002-2005, Instant802 Networks, Inc.
   3 * Copyright 2005-2006, Devicescape Software, Inc.
   4 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   5 * Copyright 2008-2010  Johannes Berg <johannes@sipsolutions.net>
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License version 2 as
   9 * published by the Free Software Foundation.
  10 */
  11
  12#include <linux/export.h>
  13#include <linux/etherdevice.h>
  14#include <net/mac80211.h>
  15#include <asm/unaligned.h>
  16#include "ieee80211_i.h"
  17#include "rate.h"
  18#include "mesh.h"
  19#include "led.h"
  20#include "wme.h"
  21
  22
  23void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
  24                                 struct sk_buff *skb)
  25{
  26        struct ieee80211_local *local = hw_to_local(hw);
  27        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
  28        int tmp;
  29
  30        skb->pkt_type = IEEE80211_TX_STATUS_MSG;
  31        skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
  32                       &local->skb_queue : &local->skb_queue_unreliable, skb);
  33        tmp = skb_queue_len(&local->skb_queue) +
  34                skb_queue_len(&local->skb_queue_unreliable);
  35        while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
  36               (skb = skb_dequeue(&local->skb_queue_unreliable))) {
  37                ieee80211_free_txskb(hw, skb);
  38                tmp--;
  39                I802_DEBUG_INC(local->tx_status_drop);
  40        }
  41        tasklet_schedule(&local->tasklet);
  42}
  43EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
  44
  45static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
  46                                            struct sta_info *sta,
  47                                            struct sk_buff *skb)
  48{
  49        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
  50        struct ieee80211_hdr *hdr = (void *)skb->data;
  51        int ac;
  52
  53        /*
  54         * This skb 'survived' a round-trip through the driver, and
  55         * hopefully the driver didn't mangle it too badly. However,
  56         * we can definitely not rely on the control information
  57         * being correct. Clear it so we don't get junk there, and
  58         * indicate that it needs new processing, but must not be
  59         * modified/encrypted again.
  60         */
  61        memset(&info->control, 0, sizeof(info->control));
  62
  63        info->control.jiffies = jiffies;
  64        info->control.vif = &sta->sdata->vif;
  65        info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING |
  66                       IEEE80211_TX_INTFL_RETRANSMISSION;
  67        info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
  68
  69        sta->tx_filtered_count++;
  70
  71        /*
  72         * Clear more-data bit on filtered frames, it might be set
  73         * but later frames might time out so it might have to be
  74         * clear again ... It's all rather unlikely (this frame
  75         * should time out first, right?) but let's not confuse
  76         * peers unnecessarily.
  77         */
  78        if (hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_MOREDATA))
  79                hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_MOREDATA);
  80
  81        if (ieee80211_is_data_qos(hdr->frame_control)) {
  82                u8 *p = ieee80211_get_qos_ctl(hdr);
  83                int tid = *p & IEEE80211_QOS_CTL_TID_MASK;
  84
  85                /*
  86                 * Clear EOSP if set, this could happen e.g.
  87                 * if an absence period (us being a P2P GO)
  88                 * shortens the SP.
  89                 */
  90                if (*p & IEEE80211_QOS_CTL_EOSP)
  91                        *p &= ~IEEE80211_QOS_CTL_EOSP;
  92                ac = ieee802_1d_to_ac[tid & 7];
  93        } else {
  94                ac = IEEE80211_AC_BE;
  95        }
  96
  97        /*
  98         * Clear the TX filter mask for this STA when sending the next
  99         * packet. If the STA went to power save mode, this will happen
 100         * when it wakes up for the next time.
 101         */
 102        set_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT);
 103
 104        /*
 105         * This code races in the following way:
 106         *
 107         *  (1) STA sends frame indicating it will go to sleep and does so
 108         *  (2) hardware/firmware adds STA to filter list, passes frame up
 109         *  (3) hardware/firmware processes TX fifo and suppresses a frame
 110         *  (4) we get TX status before having processed the frame and
 111         *      knowing that the STA has gone to sleep.
 112         *
 113         * This is actually quite unlikely even when both those events are
 114         * processed from interrupts coming in quickly after one another or
 115         * even at the same time because we queue both TX status events and
 116         * RX frames to be processed by a tasklet and process them in the
 117         * same order that they were received or TX status last. Hence, there
 118         * is no race as long as the frame RX is processed before the next TX
 119         * status, which drivers can ensure, see below.
 120         *
 121         * Note that this can only happen if the hardware or firmware can
 122         * actually add STAs to the filter list, if this is done by the
 123         * driver in response to set_tim() (which will only reduce the race
 124         * this whole filtering tries to solve, not completely solve it)
 125         * this situation cannot happen.
 126         *
 127         * To completely solve this race drivers need to make sure that they
 128         *  (a) don't mix the irq-safe/not irq-safe TX status/RX processing
 129         *      functions and
 130         *  (b) always process RX events before TX status events if ordering
 131         *      can be unknown, for example with different interrupt status
 132         *      bits.
 133         *  (c) if PS mode transitions are manual (i.e. the flag
 134         *      %IEEE80211_HW_AP_LINK_PS is set), always process PS state
 135         *      changes before calling TX status events if ordering can be
 136         *      unknown.
 137         */
 138        if (test_sta_flag(sta, WLAN_STA_PS_STA) &&
 139            skb_queue_len(&sta->tx_filtered[ac]) < STA_MAX_TX_BUFFER) {
 140                skb_queue_tail(&sta->tx_filtered[ac], skb);
 141                sta_info_recalc_tim(sta);
 142
 143                if (!timer_pending(&local->sta_cleanup))
 144                        mod_timer(&local->sta_cleanup,
 145                                  round_jiffies(jiffies +
 146                                                STA_INFO_CLEANUP_INTERVAL));
 147                return;
 148        }
 149
 150        if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
 151            !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
 152                /* Software retry the packet once */
 153                info->flags |= IEEE80211_TX_INTFL_RETRIED;
 154                ieee80211_add_pending_skb(local, skb);
 155                return;
 156        }
 157
 158        ps_dbg_ratelimited(sta->sdata,
 159                           "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
 160                           skb_queue_len(&sta->tx_filtered[ac]),
 161                           !!test_sta_flag(sta, WLAN_STA_PS_STA), jiffies);
 162        ieee80211_free_txskb(&local->hw, skb);
 163}
 164
 165static void ieee80211_check_pending_bar(struct sta_info *sta, u8 *addr, u8 tid)
 166{
 167        struct tid_ampdu_tx *tid_tx;
 168
 169        tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
 170        if (!tid_tx || !tid_tx->bar_pending)
 171                return;
 172
 173        tid_tx->bar_pending = false;
 174        ieee80211_send_bar(&sta->sdata->vif, addr, tid, tid_tx->failed_bar_ssn);
 175}
 176
 177static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
 178{
 179        struct ieee80211_mgmt *mgmt = (void *) skb->data;
 180        struct ieee80211_local *local = sta->local;
 181        struct ieee80211_sub_if_data *sdata = sta->sdata;
 182
 183        if (ieee80211_is_data_qos(mgmt->frame_control)) {
 184                struct ieee80211_hdr *hdr = (void *) skb->data;
 185                u8 *qc = ieee80211_get_qos_ctl(hdr);
 186                u16 tid = qc[0] & 0xf;
 187
 188                ieee80211_check_pending_bar(sta, hdr->addr1, tid);
 189        }
 190
 191        if (ieee80211_is_action(mgmt->frame_control) &&
 192            sdata->vif.type == NL80211_IFTYPE_STATION &&
 193            mgmt->u.action.category == WLAN_CATEGORY_HT &&
 194            mgmt->u.action.u.ht_smps.action == WLAN_HT_ACTION_SMPS) {
 195                /*
 196                 * This update looks racy, but isn't -- if we come
 197                 * here we've definitely got a station that we're
 198                 * talking to, and on a managed interface that can
 199                 * only be the AP. And the only other place updating
 200                 * this variable is before we're associated.
 201                 */
 202                switch (mgmt->u.action.u.ht_smps.smps_control) {
 203                case WLAN_HT_SMPS_CONTROL_DYNAMIC:
 204                        sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_DYNAMIC;
 205                        break;
 206                case WLAN_HT_SMPS_CONTROL_STATIC:
 207                        sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_STATIC;
 208                        break;
 209                case WLAN_HT_SMPS_CONTROL_DISABLED:
 210                default: /* shouldn't happen since we don't send that */
 211                        sta->sdata->u.mgd.ap_smps = IEEE80211_SMPS_OFF;
 212                        break;
 213                }
 214
 215                ieee80211_queue_work(&local->hw, &local->recalc_smps);
 216        }
 217}
 218
 219static void ieee80211_set_bar_pending(struct sta_info *sta, u8 tid, u16 ssn)
 220{
 221        struct tid_ampdu_tx *tid_tx;
 222
 223        tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
 224        if (!tid_tx)
 225                return;
 226
 227        tid_tx->failed_bar_ssn = ssn;
 228        tid_tx->bar_pending = true;
 229}
 230
 231static int ieee80211_tx_radiotap_len(struct ieee80211_tx_info *info)
 232{
 233        int len = sizeof(struct ieee80211_radiotap_header);
 234
 235        /* IEEE80211_RADIOTAP_RATE rate */
 236        if (info->status.rates[0].idx >= 0 &&
 237            !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS))
 238                len += 2;
 239
 240        /* IEEE80211_RADIOTAP_TX_FLAGS */
 241        len += 2;
 242
 243        /* IEEE80211_RADIOTAP_DATA_RETRIES */
 244        len += 1;
 245
 246        /* IEEE80211_TX_RC_MCS */
 247        if (info->status.rates[0].idx >= 0 &&
 248            info->status.rates[0].flags & IEEE80211_TX_RC_MCS)
 249                len += 3;
 250
 251        return len;
 252}
 253
 254static void ieee80211_add_tx_radiotap_header(struct ieee80211_supported_band
 255                                             *sband, struct sk_buff *skb,
 256                                             int retry_count, int rtap_len)
 257{
 258        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 259        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
 260        struct ieee80211_radiotap_header *rthdr;
 261        unsigned char *pos;
 262        u16 txflags;
 263
 264        rthdr = (struct ieee80211_radiotap_header *) skb_push(skb, rtap_len);
 265
 266        memset(rthdr, 0, rtap_len);
 267        rthdr->it_len = cpu_to_le16(rtap_len);
 268        rthdr->it_present =
 269                cpu_to_le32((1 << IEEE80211_RADIOTAP_TX_FLAGS) |
 270                            (1 << IEEE80211_RADIOTAP_DATA_RETRIES));
 271        pos = (unsigned char *)(rthdr + 1);
 272
 273        /*
 274         * XXX: Once radiotap gets the bitmap reset thing the vendor
 275         *      extensions proposal contains, we can actually report
 276         *      the whole set of tries we did.
 277         */
 278
 279        /* IEEE80211_RADIOTAP_RATE */
 280        if (info->status.rates[0].idx >= 0 &&
 281            !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS)) {
 282                rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
 283                *pos = sband->bitrates[info->status.rates[0].idx].bitrate / 5;
 284                /* padding for tx flags */
 285                pos += 2;
 286        }
 287
 288        /* IEEE80211_RADIOTAP_TX_FLAGS */
 289        txflags = 0;
 290        if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
 291            !is_multicast_ether_addr(hdr->addr1))
 292                txflags |= IEEE80211_RADIOTAP_F_TX_FAIL;
 293
 294        if ((info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) ||
 295            (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT))
 296                txflags |= IEEE80211_RADIOTAP_F_TX_CTS;
 297        else if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
 298                txflags |= IEEE80211_RADIOTAP_F_TX_RTS;
 299
 300        put_unaligned_le16(txflags, pos);
 301        pos += 2;
 302
 303        /* IEEE80211_RADIOTAP_DATA_RETRIES */
 304        /* for now report the total retry_count */
 305        *pos = retry_count;
 306        pos++;
 307
 308        /* IEEE80211_TX_RC_MCS */
 309        if (info->status.rates[0].idx >= 0 &&
 310            info->status.rates[0].flags & IEEE80211_TX_RC_MCS) {
 311                rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS);
 312                pos[0] = IEEE80211_RADIOTAP_MCS_HAVE_MCS |
 313                         IEEE80211_RADIOTAP_MCS_HAVE_GI |
 314                         IEEE80211_RADIOTAP_MCS_HAVE_BW;
 315                if (info->status.rates[0].flags & IEEE80211_TX_RC_SHORT_GI)
 316                        pos[1] |= IEEE80211_RADIOTAP_MCS_SGI;
 317                if (info->status.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
 318                        pos[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
 319                if (info->status.rates[0].flags & IEEE80211_TX_RC_GREEN_FIELD)
 320                        pos[1] |= IEEE80211_RADIOTAP_MCS_FMT_GF;
 321                pos[2] = info->status.rates[0].idx;
 322                pos += 3;
 323        }
 324
 325}
 326
 327/*
 328 * Use a static threshold for now, best value to be determined
 329 * by testing ...
 330 * Should it depend on:
 331 *  - on # of retransmissions
 332 *  - current throughput (higher value for higher tpt)?
 333 */
 334#define STA_LOST_PKT_THRESHOLD  50
 335
 336void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
 337{
 338        struct sk_buff *skb2;
 339        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
 340        struct ieee80211_local *local = hw_to_local(hw);
 341        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 342        __le16 fc;
 343        struct ieee80211_supported_band *sband;
 344        struct ieee80211_sub_if_data *sdata;
 345        struct net_device *prev_dev = NULL;
 346        struct sta_info *sta, *tmp;
 347        int retry_count = -1, i;
 348        int rates_idx = -1;
 349        bool send_to_cooked;
 350        bool acked;
 351        struct ieee80211_bar *bar;
 352        int rtap_len;
 353
 354        for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
 355                if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
 356                    !(info->flags & IEEE80211_TX_STAT_AMPDU)) {
 357                        /* just the first aggr frame carry status info */
 358                        info->status.rates[i].idx = -1;
 359                        info->status.rates[i].count = 0;
 360                        break;
 361                } else if (info->status.rates[i].idx < 0) {
 362                        break;
 363                } else if (i >= hw->max_report_rates) {
 364                        /* the HW cannot have attempted that rate */
 365                        info->status.rates[i].idx = -1;
 366                        info->status.rates[i].count = 0;
 367                        break;
 368                }
 369
 370                retry_count += info->status.rates[i].count;
 371        }
 372        rates_idx = i - 1;
 373
 374        if (retry_count < 0)
 375                retry_count = 0;
 376
 377        rcu_read_lock();
 378
 379        sband = local->hw.wiphy->bands[info->band];
 380        fc = hdr->frame_control;
 381
 382        for_each_sta_info(local, hdr->addr1, sta, tmp) {
 383                /* skip wrong virtual interface */
 384                if (!ether_addr_equal(hdr->addr2, sta->sdata->vif.addr))
 385                        continue;
 386
 387                if (info->flags & IEEE80211_TX_STATUS_EOSP)
 388                        clear_sta_flag(sta, WLAN_STA_SP);
 389
 390                acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
 391                if (!acked && test_sta_flag(sta, WLAN_STA_PS_STA)) {
 392                        /*
 393                         * The STA is in power save mode, so assume
 394                         * that this TX packet failed because of that.
 395                         */
 396                        ieee80211_handle_filtered_frame(local, sta, skb);
 397                        rcu_read_unlock();
 398                        return;
 399                }
 400
 401                if ((local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) &&
 402                    (rates_idx != -1))
 403                        sta->last_tx_rate = info->status.rates[rates_idx];
 404
 405                if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
 406                    (ieee80211_is_data_qos(fc))) {
 407                        u16 tid, ssn;
 408                        u8 *qc;
 409
 410                        qc = ieee80211_get_qos_ctl(hdr);
 411                        tid = qc[0] & 0xf;
 412                        ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
 413                                                & IEEE80211_SCTL_SEQ);
 414                        ieee80211_send_bar(&sta->sdata->vif, hdr->addr1,
 415                                           tid, ssn);
 416                }
 417
 418                if (!acked && ieee80211_is_back_req(fc)) {
 419                        u16 tid, control;
 420
 421                        /*
 422                         * BAR failed, store the last SSN and retry sending
 423                         * the BAR when the next unicast transmission on the
 424                         * same TID succeeds.
 425                         */
 426                        bar = (struct ieee80211_bar *) skb->data;
 427                        control = le16_to_cpu(bar->control);
 428                        if (!(control & IEEE80211_BAR_CTRL_MULTI_TID)) {
 429                                u16 ssn = le16_to_cpu(bar->start_seq_num);
 430
 431                                tid = (control &
 432                                       IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
 433                                      IEEE80211_BAR_CTRL_TID_INFO_SHIFT;
 434
 435                                ieee80211_set_bar_pending(sta, tid, ssn);
 436                        }
 437                }
 438
 439                if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
 440                        ieee80211_handle_filtered_frame(local, sta, skb);
 441                        rcu_read_unlock();
 442                        return;
 443                } else {
 444                        if (!acked)
 445                                sta->tx_retry_failed++;
 446                        sta->tx_retry_count += retry_count;
 447                }
 448
 449                rate_control_tx_status(local, sband, sta, skb);
 450                if (ieee80211_vif_is_mesh(&sta->sdata->vif))
 451                        ieee80211s_update_metric(local, sta, skb);
 452
 453                if (!(info->flags & IEEE80211_TX_CTL_INJECTED) && acked)
 454                        ieee80211_frame_acked(sta, skb);
 455
 456                if ((sta->sdata->vif.type == NL80211_IFTYPE_STATION) &&
 457                    (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
 458                        ieee80211_sta_tx_notify(sta->sdata, (void *) skb->data, acked);
 459
 460                if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
 461                        if (info->flags & IEEE80211_TX_STAT_ACK) {
 462                                if (sta->lost_packets)
 463                                        sta->lost_packets = 0;
 464                        } else if (++sta->lost_packets >= STA_LOST_PKT_THRESHOLD) {
 465                                cfg80211_cqm_pktloss_notify(sta->sdata->dev,
 466                                                            sta->sta.addr,
 467                                                            sta->lost_packets,
 468                                                            GFP_ATOMIC);
 469                                sta->lost_packets = 0;
 470                        }
 471                }
 472        }
 473
 474        rcu_read_unlock();
 475
 476        ieee80211_led_tx(local, 0);
 477
 478        /* SNMP counters
 479         * Fragments are passed to low-level drivers as separate skbs, so these
 480         * are actually fragments, not frames. Update frame counters only for
 481         * the first fragment of the frame. */
 482        if (info->flags & IEEE80211_TX_STAT_ACK) {
 483                if (ieee80211_is_first_frag(hdr->seq_ctrl)) {
 484                        local->dot11TransmittedFrameCount++;
 485                        if (is_multicast_ether_addr(hdr->addr1))
 486                                local->dot11MulticastTransmittedFrameCount++;
 487                        if (retry_count > 0)
 488                                local->dot11RetryCount++;
 489                        if (retry_count > 1)
 490                                local->dot11MultipleRetryCount++;
 491                }
 492
 493                /* This counter shall be incremented for an acknowledged MPDU
 494                 * with an individual address in the address 1 field or an MPDU
 495                 * with a multicast address in the address 1 field of type Data
 496                 * or Management. */
 497                if (!is_multicast_ether_addr(hdr->addr1) ||
 498                    ieee80211_is_data(fc) ||
 499                    ieee80211_is_mgmt(fc))
 500                        local->dot11TransmittedFragmentCount++;
 501        } else {
 502                if (ieee80211_is_first_frag(hdr->seq_ctrl))
 503                        local->dot11FailedCount++;
 504        }
 505
 506        if (ieee80211_is_nullfunc(fc) && ieee80211_has_pm(fc) &&
 507            (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
 508            !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
 509            local->ps_sdata && !(local->scanning)) {
 510                if (info->flags & IEEE80211_TX_STAT_ACK) {
 511                        local->ps_sdata->u.mgd.flags |=
 512                                        IEEE80211_STA_NULLFUNC_ACKED;
 513                } else
 514                        mod_timer(&local->dynamic_ps_timer, jiffies +
 515                                        msecs_to_jiffies(10));
 516        }
 517
 518        if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) {
 519                u64 cookie = (unsigned long)skb;
 520                acked = info->flags & IEEE80211_TX_STAT_ACK;
 521
 522                /*
 523                 * TODO: When we have non-netdev frame TX,
 524                 * we cannot use skb->dev->ieee80211_ptr
 525                 */
 526
 527                if (ieee80211_is_nullfunc(hdr->frame_control) ||
 528                    ieee80211_is_qos_nullfunc(hdr->frame_control))
 529                        cfg80211_probe_status(skb->dev, hdr->addr1,
 530                                              cookie, acked, GFP_ATOMIC);
 531                else
 532                        cfg80211_mgmt_tx_status(
 533                                skb->dev->ieee80211_ptr, cookie, skb->data,
 534                                skb->len, acked, GFP_ATOMIC);
 535        }
 536
 537        if (unlikely(info->ack_frame_id)) {
 538                struct sk_buff *ack_skb;
 539                unsigned long flags;
 540
 541                spin_lock_irqsave(&local->ack_status_lock, flags);
 542                ack_skb = idr_find(&local->ack_status_frames,
 543                                   info->ack_frame_id);
 544                if (ack_skb)
 545                        idr_remove(&local->ack_status_frames,
 546                                   info->ack_frame_id);
 547                spin_unlock_irqrestore(&local->ack_status_lock, flags);
 548
 549                /* consumes ack_skb */
 550                if (ack_skb)
 551                        skb_complete_wifi_ack(ack_skb,
 552                                info->flags & IEEE80211_TX_STAT_ACK);
 553        }
 554
 555        /* this was a transmitted frame, but now we want to reuse it */
 556        skb_orphan(skb);
 557
 558        /* Need to make a copy before skb->cb gets cleared */
 559        send_to_cooked = !!(info->flags & IEEE80211_TX_CTL_INJECTED) ||
 560                         !(ieee80211_is_data(fc));
 561
 562        /*
 563         * This is a bit racy but we can avoid a lot of work
 564         * with this test...
 565         */
 566        if (!local->monitors && (!send_to_cooked || !local->cooked_mntrs)) {
 567                dev_kfree_skb(skb);
 568                return;
 569        }
 570
 571        /* send frame to monitor interfaces now */
 572        rtap_len = ieee80211_tx_radiotap_len(info);
 573        if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
 574                pr_err("ieee80211_tx_status: headroom too small\n");
 575                dev_kfree_skb(skb);
 576                return;
 577        }
 578        ieee80211_add_tx_radiotap_header(sband, skb, retry_count, rtap_len);
 579
 580        /* XXX: is this sufficient for BPF? */
 581        skb_set_mac_header(skb, 0);
 582        skb->ip_summed = CHECKSUM_UNNECESSARY;
 583        skb->pkt_type = PACKET_OTHERHOST;
 584        skb->protocol = htons(ETH_P_802_2);
 585        memset(skb->cb, 0, sizeof(skb->cb));
 586
 587        rcu_read_lock();
 588        list_for_each_entry_rcu(sdata, &local->interfaces, list) {
 589                if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
 590                        if (!ieee80211_sdata_running(sdata))
 591                                continue;
 592
 593                        if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) &&
 594                            !send_to_cooked)
 595                                continue;
 596
 597                        if (prev_dev) {
 598                                skb2 = skb_clone(skb, GFP_ATOMIC);
 599                                if (skb2) {
 600                                        skb2->dev = prev_dev;
 601                                        netif_rx(skb2);
 602                                }
 603                        }
 604
 605                        prev_dev = sdata->dev;
 606                }
 607        }
 608        if (prev_dev) {
 609                skb->dev = prev_dev;
 610                netif_rx(skb);
 611                skb = NULL;
 612        }
 613        rcu_read_unlock();
 614        dev_kfree_skb(skb);
 615}
 616EXPORT_SYMBOL(ieee80211_tx_status);
 617
 618void ieee80211_report_low_ack(struct ieee80211_sta *pubsta, u32 num_packets)
 619{
 620        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
 621        cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
 622                                    num_packets, GFP_ATOMIC);
 623}
 624EXPORT_SYMBOL(ieee80211_report_low_ack);
 625
 626void ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb)
 627{
 628        struct ieee80211_local *local = hw_to_local(hw);
 629        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
 630
 631        if (unlikely(info->ack_frame_id)) {
 632                struct sk_buff *ack_skb;
 633                unsigned long flags;
 634
 635                spin_lock_irqsave(&local->ack_status_lock, flags);
 636                ack_skb = idr_find(&local->ack_status_frames,
 637                                   info->ack_frame_id);
 638                if (ack_skb)
 639                        idr_remove(&local->ack_status_frames,
 640                                   info->ack_frame_id);
 641                spin_unlock_irqrestore(&local->ack_status_lock, flags);
 642
 643                /* consumes ack_skb */
 644                if (ack_skb)
 645                        dev_kfree_skb_any(ack_skb);
 646        }
 647
 648        dev_kfree_skb_any(skb);
 649}
 650EXPORT_SYMBOL(ieee80211_free_txskb);
 651
 652void ieee80211_purge_tx_queue(struct ieee80211_hw *hw,
 653                              struct sk_buff_head *skbs)
 654{
 655        struct sk_buff *skb;
 656
 657        while ((skb = __skb_dequeue(skbs)))
 658                ieee80211_free_txskb(hw, skb);
 659}
 660