LXR linux/net/mac80211/sta

   1/*
   2 * Copyright 2002-2005, Instant802 Networks, Inc.
   3 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License version 2 as
   7 * published by the Free Software Foundation.
   8 */
   9
  10#include <linux/module.h>
  11#include <linux/init.h>
  12#include <linux/etherdevice.h>
  13#include <linux/netdevice.h>
  14#include <linux/types.h>
  15#include <linux/slab.h>
  16#include <linux/skbuff.h>
  17#include <linux/if_arp.h>
  18#include <linux/timer.h>
  19#include <linux/rtnetlink.h>
  20
  21#include <net/mac80211.h>
  22#include "ieee80211_i.h"
  23#include "driver-ops.h"
  24#include "rate.h"
  25#include "sta_info.h"
  26#include "debugfs_sta.h"
  27#include "mesh.h"
  28#include "wme.h"
  29
  30/**
  31 * DOC: STA information lifetime rules
  32 *
  33 * STA info structures (&struct sta_info) are managed in a hash table
  34 * for faster lookup and a list for iteration. They are managed using
  35 * RCU, i.e. access to the list and hash table is protected by RCU.
  36 *
  37 * Upon allocating a STA info structure with sta_info_alloc(), the caller
  38 * owns that structure. It must then insert it into the hash table using
  39 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
  40 * case (which acquires an rcu read section but must not be called from
  41 * within one) will the pointer still be valid after the call. Note that
  42 * the caller may not do much with the STA info before inserting it, in
  43 * particular, it may not start any mesh peer link management or add
  44 * encryption keys.
  45 *
  46 * When the insertion fails (sta_info_insert()) returns non-zero), the
  47 * structure will have been freed by sta_info_insert()!
  48 *
  49 * Station entries are added by mac80211 when you establish a link with a
  50 * peer. This means different things for the different type of interfaces
  51 * we support. For a regular station this mean we add the AP sta when we
  52 * receive an association response from the AP. For IBSS this occurs when
  53 * get to know about a peer on the same IBSS. For WDS we add the sta for
  54 * the peer immediately upon device open. When using AP mode we add stations
  55 * for each respective station upon request from userspace through nl80211.
  56 *
  57 * In order to remove a STA info structure, various sta_info_destroy_*()
  58 * calls are available.
  59 *
  60 * There is no concept of ownership on a STA entry, each structure is
  61 * owned by the global hash table/list until it is removed. All users of
  62 * the structure need to be RCU protected so that the structure won't be
  63 * freed before they are done using it.
  64 */
  65
  66/* Caller must hold local->sta_mtx */
  67static int sta_info_hash_del(struct ieee80211_local *local,
  68                             struct sta_info *sta)
  69{
  70        struct sta_info *s;
  71
  72        s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
  73                                      lockdep_is_held(&local->sta_mtx));
  74        if (!s)
  75                return -ENOENT;
  76        if (s == sta) {
  77                rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
  78                                   s->hnext);
  79                return 0;
  80        }
  81
  82        while (rcu_access_pointer(s->hnext) &&
  83               rcu_access_pointer(s->hnext) != sta)
  84                s = rcu_dereference_protected(s->hnext,
  85                                        lockdep_is_held(&local->sta_mtx));
  86        if (rcu_access_pointer(s->hnext)) {
  87                rcu_assign_pointer(s->hnext, sta->hnext);
  88                return 0;
  89        }
  90
  91        return -ENOENT;
  92}
  93
  94static void cleanup_single_sta(struct sta_info *sta)
  95{
  96        int ac, i;
  97        struct tid_ampdu_tx *tid_tx;
  98        struct ieee80211_sub_if_data *sdata = sta->sdata;
  99        struct ieee80211_local *local = sdata->local;
 100
 101        /*
 102         * At this point, when being called as call_rcu callback,
 103         * neither mac80211 nor the driver can reference this
 104         * sta struct any more except by still existing timers
 105         * associated with this station that we clean up below.
 106         */
 107
 108        if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
 109                BUG_ON(!sdata->bss);
 110
 111                clear_sta_flag(sta, WLAN_STA_PS_STA);
 112
 113                atomic_dec(&sdata->bss->num_sta_ps);
 114                sta_info_recalc_tim(sta);
 115        }
 116
 117        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 118                local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
 119                ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
 120                ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
 121        }
 122
 123#ifdef CONFIG_MAC80211_MESH
 124        if (ieee80211_vif_is_mesh(&sdata->vif)) {
 125                mesh_accept_plinks_update(sdata);
 126                mesh_plink_deactivate(sta);
 127                del_timer_sync(&sta->plink_timer);
 128        }
 129#endif
 130
 131        cancel_work_sync(&sta->drv_unblock_wk);
 132
 133        /*
 134         * Destroy aggregation state here. It would be nice to wait for the
 135         * driver to finish aggregation stop and then clean up, but for now
 136         * drivers have to handle aggregation stop being requested, followed
 137         * directly by station destruction.
 138         */
 139        for (i = 0; i < STA_TID_NUM; i++) {
 140                tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
 141                if (!tid_tx)
 142                        continue;
 143                ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
 144                kfree(tid_tx);
 145        }
 146
 147        sta_info_free(local, sta);
 148}
 149
 150void ieee80211_cleanup_sdata_stas(struct ieee80211_sub_if_data *sdata)
 151{
 152        struct sta_info *sta;
 153
 154        spin_lock_bh(&sdata->cleanup_stations_lock);
 155        while (!list_empty(&sdata->cleanup_stations)) {
 156                sta = list_first_entry(&sdata->cleanup_stations,
 157                                       struct sta_info, list);
 158                list_del(&sta->list);
 159                spin_unlock_bh(&sdata->cleanup_stations_lock);
 160
 161                cleanup_single_sta(sta);
 162
 163                spin_lock_bh(&sdata->cleanup_stations_lock);
 164        }
 165
 166        spin_unlock_bh(&sdata->cleanup_stations_lock);
 167}
 168
 169static void free_sta_rcu(struct rcu_head *h)
 170{
 171        struct sta_info *sta = container_of(h, struct sta_info, rcu_head);
 172        struct ieee80211_sub_if_data *sdata = sta->sdata;
 173
 174        spin_lock(&sdata->cleanup_stations_lock);
 175        list_add_tail(&sta->list, &sdata->cleanup_stations);
 176        spin_unlock(&sdata->cleanup_stations_lock);
 177
 178        ieee80211_queue_work(&sdata->local->hw, &sdata->cleanup_stations_wk);
 179}
 180
 181/* protected by RCU */
 182struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
 183                              const u8 *addr)
 184{
 185        struct ieee80211_local *local = sdata->local;
 186        struct sta_info *sta;
 187
 188        sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
 189                                    lockdep_is_held(&local->sta_mtx));
 190        while (sta) {
 191                if (sta->sdata == sdata &&
 192                    ether_addr_equal(sta->sta.addr, addr))
 193                        break;
 194                sta = rcu_dereference_check(sta->hnext,
 195                                            lockdep_is_held(&local->sta_mtx));
 196        }
 197        return sta;
 198}
 199
 200/*
 201 * Get sta info either from the specified interface
 202 * or from one of its vlans
 203 */
 204struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
 205                                  const u8 *addr)
 206{
 207        struct ieee80211_local *local = sdata->local;
 208        struct sta_info *sta;
 209
 210        sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
 211                                    lockdep_is_held(&local->sta_mtx));
 212        while (sta) {
 213                if ((sta->sdata == sdata ||
 214                     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
 215                    ether_addr_equal(sta->sta.addr, addr))
 216                        break;
 217                sta = rcu_dereference_check(sta->hnext,
 218                                            lockdep_is_held(&local->sta_mtx));
 219        }
 220        return sta;
 221}
 222
 223struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
 224                                     int idx)
 225{
 226        struct ieee80211_local *local = sdata->local;
 227        struct sta_info *sta;
 228        int i = 0;
 229
 230        list_for_each_entry_rcu(sta, &local->sta_list, list) {
 231                if (sdata != sta->sdata)
 232                        continue;
 233                if (i < idx) {
 234                        ++i;
 235                        continue;
 236                }
 237                return sta;
 238        }
 239
 240        return NULL;
 241}
 242
 243/**
 244 * sta_info_free - free STA
 245 *
 246 * @local: pointer to the global information
 247 * @sta: STA info to free
 248 *
 249 * This function must undo everything done by sta_info_alloc()
 250 * that may happen before sta_info_insert(). It may only be
 251 * called when sta_info_insert() has not been attempted (and
 252 * if that fails, the station is freed anyway.)
 253 */
 254void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
 255{
 256        if (sta->rate_ctrl)
 257                rate_control_free_sta(sta);
 258
 259        sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
 260
 261        kfree(sta);
 262}
 263
 264/* Caller must hold local->sta_mtx */
 265static void sta_info_hash_add(struct ieee80211_local *local,
 266                              struct sta_info *sta)
 267{
 268        lockdep_assert_held(&local->sta_mtx);
 269        sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
 270        rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
 271}
 272
 273static void sta_unblock(struct work_struct *wk)
 274{
 275        struct sta_info *sta;
 276
 277        sta = container_of(wk, struct sta_info, drv_unblock_wk);
 278
 279        if (sta->dead)
 280                return;
 281
 282        if (!test_sta_flag(sta, WLAN_STA_PS_STA)) {
 283                local_bh_disable();
 284                ieee80211_sta_ps_deliver_wakeup(sta);
 285                local_bh_enable();
 286        } else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL)) {
 287                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 288
 289                local_bh_disable();
 290                ieee80211_sta_ps_deliver_poll_response(sta);
 291                local_bh_enable();
 292        } else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD)) {
 293                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 294
 295                local_bh_disable();
 296                ieee80211_sta_ps_deliver_uapsd(sta);
 297                local_bh_enable();
 298        } else
 299                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 300}
 301
 302static int sta_prepare_rate_control(struct ieee80211_local *local,
 303                                    struct sta_info *sta, gfp_t gfp)
 304{
 305        if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
 306                return 0;
 307
 308        sta->rate_ctrl = local->rate_ctrl;
 309        sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
 310                                                     &sta->sta, gfp);
 311        if (!sta->rate_ctrl_priv)
 312                return -ENOMEM;
 313
 314        return 0;
 315}
 316
 317struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
 318                                const u8 *addr, gfp_t gfp)
 319{
 320        struct ieee80211_local *local = sdata->local;
 321        struct sta_info *sta;
 322        struct timespec uptime;
 323        int i;
 324
 325        sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
 326        if (!sta)
 327                return NULL;
 328
 329        spin_lock_init(&sta->lock);
 330        INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
 331        INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
 332        mutex_init(&sta->ampdu_mlme.mtx);
 333
 334        memcpy(sta->sta.addr, addr, ETH_ALEN);
 335        sta->local = local;
 336        sta->sdata = sdata;
 337        sta->last_rx = jiffies;
 338
 339        sta->sta_state = IEEE80211_STA_NONE;
 340
 341        do_posix_clock_monotonic_gettime(&uptime);
 342        sta->last_connected = uptime.tv_sec;
 343        ewma_init(&sta->avg_signal, 1024, 8);
 344
 345        if (sta_prepare_rate_control(local, sta, gfp)) {
 346                kfree(sta);
 347                return NULL;
 348        }
 349
 350        for (i = 0; i < STA_TID_NUM; i++) {
 351                /*
 352                 * timer_to_tid must be initialized with identity mapping
 353                 * to enable session_timer's data differentiation. See
 354                 * sta_rx_agg_session_timer_expired for usage.
 355                 */
 356                sta->timer_to_tid[i] = i;
 357        }
 358        for (i = 0; i < IEEE80211_NUM_ACS; i++) {
 359                skb_queue_head_init(&sta->ps_tx_buf[i]);
 360                skb_queue_head_init(&sta->tx_filtered[i]);
 361        }
 362
 363        for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
 364                sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
 365
 366        sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
 367
 368#ifdef CONFIG_MAC80211_MESH
 369        sta->plink_state = NL80211_PLINK_LISTEN;
 370        init_timer(&sta->plink_timer);
 371#endif
 372
 373        return sta;
 374}
 375
 376static int sta_info_insert_check(struct sta_info *sta)
 377{
 378        struct ieee80211_sub_if_data *sdata = sta->sdata;
 379
 380        /*
 381         * Can't be a WARN_ON because it can be triggered through a race:
 382         * something inserts a STA (on one CPU) without holding the RTNL
 383         * and another CPU turns off the net device.
 384         */
 385        if (unlikely(!ieee80211_sdata_running(sdata)))
 386                return -ENETDOWN;
 387
 388        if (WARN_ON(ether_addr_equal(sta->sta.addr, sdata->vif.addr) ||
 389                    is_multicast_ether_addr(sta->sta.addr)))
 390                return -EINVAL;
 391
 392        return 0;
 393}
 394
 395static int sta_info_insert_drv_state(struct ieee80211_local *local,
 396                                     struct ieee80211_sub_if_data *sdata,
 397                                     struct sta_info *sta)
 398{
 399        enum ieee80211_sta_state state;
 400        int err = 0;
 401
 402        for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
 403                err = drv_sta_state(local, sdata, sta, state, state + 1);
 404                if (err)
 405                        break;
 406        }
 407
 408        if (!err) {
 409                /*
 410                 * Drivers using legacy sta_add/sta_remove callbacks only
 411                 * get uploaded set to true after sta_add is called.
 412                 */
 413                if (!local->ops->sta_add)
 414                        sta->uploaded = true;
 415                return 0;
 416        }
 417
 418        if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
 419                sdata_info(sdata,
 420                           "failed to move IBSS STA %pM to state %d (%d) - keeping it anyway\n",
 421                           sta->sta.addr, state + 1, err);
 422                err = 0;
 423        }
 424
 425        /* unwind on error */
 426        for (; state > IEEE80211_STA_NOTEXIST; state--)
 427                WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));
 428
 429        return err;
 430}
 431
 432/*
 433 * should be called with sta_mtx locked
 434 * this function replaces the mutex lock
 435 * with a RCU lock
 436 */
 437static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
 438{
 439        struct ieee80211_local *local = sta->local;
 440        struct ieee80211_sub_if_data *sdata = sta->sdata;
 441        struct station_info sinfo;
 442        int err = 0;
 443
 444        lockdep_assert_held(&local->sta_mtx);
 445
 446        /* check if STA exists already */
 447        if (sta_info_get_bss(sdata, sta->sta.addr)) {
 448                err = -EEXIST;
 449                goto out_err;
 450        }
 451
 452        /* notify driver */
 453        err = sta_info_insert_drv_state(local, sdata, sta);
 454        if (err)
 455                goto out_err;
 456
 457        local->num_sta++;
 458        local->sta_generation++;
 459        smp_mb();
 460
 461        /* make the station visible */
 462        sta_info_hash_add(local, sta);
 463
 464        list_add_rcu(&sta->list, &local->sta_list);
 465
 466        set_sta_flag(sta, WLAN_STA_INSERTED);
 467
 468        ieee80211_sta_debugfs_add(sta);
 469        rate_control_add_sta_debugfs(sta);
 470
 471        memset(&sinfo, 0, sizeof(sinfo));
 472        sinfo.filled = 0;
 473        sinfo.generation = local->sta_generation;
 474        cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
 475
 476        sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr);
 477
 478        /* move reference to rcu-protected */
 479        rcu_read_lock();
 480        mutex_unlock(&local->sta_mtx);
 481
 482        if (ieee80211_vif_is_mesh(&sdata->vif))
 483                mesh_accept_plinks_update(sdata);
 484
 485        return 0;
 486 out_err:
 487        mutex_unlock(&local->sta_mtx);
 488        rcu_read_lock();
 489        return err;
 490}
 491
 492int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
 493{
 494        struct ieee80211_local *local = sta->local;
 495        int err = 0;
 496
 497        might_sleep();
 498
 499        err = sta_info_insert_check(sta);
 500        if (err) {
 501                rcu_read_lock();
 502                goto out_free;
 503        }
 504
 505        mutex_lock(&local->sta_mtx);
 506
 507        err = sta_info_insert_finish(sta);
 508        if (err)
 509                goto out_free;
 510
 511        return 0;
 512 out_free:
 513        BUG_ON(!err);
 514        sta_info_free(local, sta);
 515        return err;
 516}
 517
 518int sta_info_insert(struct sta_info *sta)
 519{
 520        int err = sta_info_insert_rcu(sta);
 521
 522        rcu_read_unlock();
 523
 524        return err;
 525}
 526
 527static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
 528{
 529        /*
 530         * This format has been mandated by the IEEE specifications,
 531         * so this line may not be changed to use the __set_bit() format.
 532         */
 533        bss->tim[aid / 8] |= (1 << (aid % 8));
 534}
 535
 536static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
 537{
 538        /*
 539         * This format has been mandated by the IEEE specifications,
 540         * so this line may not be changed to use the __clear_bit() format.
 541         */
 542        bss->tim[aid / 8] &= ~(1 << (aid % 8));
 543}
 544
 545static unsigned long ieee80211_tids_for_ac(int ac)
 546{
 547        /* If we ever support TIDs > 7, this obviously needs to be adjusted */
 548        switch (ac) {
 549        case IEEE80211_AC_VO:
 550                return BIT(6) | BIT(7);
 551        case IEEE80211_AC_VI:
 552                return BIT(4) | BIT(5);
 553        case IEEE80211_AC_BE:
 554                return BIT(0) | BIT(3);
 555        case IEEE80211_AC_BK:
 556                return BIT(1) | BIT(2);
 557        default:
 558                WARN_ON(1);
 559                return 0;
 560        }
 561}
 562
 563void sta_info_recalc_tim(struct sta_info *sta)
 564{
 565        struct ieee80211_local *local = sta->local;
 566        struct ieee80211_if_ap *bss = sta->sdata->bss;
 567        unsigned long flags;
 568        bool indicate_tim = false;
 569        u8 ignore_for_tim = sta->sta.uapsd_queues;
 570        int ac;
 571
 572        if (WARN_ON_ONCE(!sta->sdata->bss))
 573                return;
 574
 575        /* No need to do anything if the driver does all */
 576        if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
 577                return;
 578
 579        if (sta->dead)
 580                goto done;
 581
 582        /*
 583         * If all ACs are delivery-enabled then we should build
 584         * the TIM bit for all ACs anyway; if only some are then
 585         * we ignore those and build the TIM bit using only the
 586         * non-enabled ones.
 587         */
 588        if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
 589                ignore_for_tim = 0;
 590
 591        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 592                unsigned long tids;
 593
 594                if (ignore_for_tim & BIT(ac))
 595                        continue;
 596
 597                indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
 598                                !skb_queue_empty(&sta->ps_tx_buf[ac]);
 599                if (indicate_tim)
 600                        break;
 601
 602                tids = ieee80211_tids_for_ac(ac);
 603
 604                indicate_tim |=
 605                        sta->driver_buffered_tids & tids;
 606        }
 607
 608 done:
 609        spin_lock_irqsave(&local->tim_lock, flags);
 610
 611        if (indicate_tim)
 612                __bss_tim_set(bss, sta->sta.aid);
 613        else
 614                __bss_tim_clear(bss, sta->sta.aid);
 615
 616        if (local->ops->set_tim) {
 617                local->tim_in_locked_section = true;
 618                drv_set_tim(local, &sta->sta, indicate_tim);
 619                local->tim_in_locked_section = false;
 620        }
 621
 622        spin_unlock_irqrestore(&local->tim_lock, flags);
 623}
 624
 625static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
 626{
 627        struct ieee80211_tx_info *info;
 628        int timeout;
 629
 630        if (!skb)
 631                return false;
 632
 633        info = IEEE80211_SKB_CB(skb);
 634
 635        /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
 636        timeout = (sta->listen_interval *
 637                   sta->sdata->vif.bss_conf.beacon_int *
 638                   32 / 15625) * HZ;
 639        if (timeout < STA_TX_BUFFER_EXPIRE)
 640                timeout = STA_TX_BUFFER_EXPIRE;
 641        return time_after(jiffies, info->control.jiffies + timeout);
 642}
 643
 644
 645static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
 646                                                struct sta_info *sta, int ac)
 647{
 648        unsigned long flags;
 649        struct sk_buff *skb;
 650
 651        /*
 652         * First check for frames that should expire on the filtered
 653         * queue. Frames here were rejected by the driver and are on
 654         * a separate queue to avoid reordering with normal PS-buffered
 655         * frames. They also aren't accounted for right now in the
 656         * total_ps_buffered counter.
 657         */
 658        for (;;) {
 659                spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
 660                skb = skb_peek(&sta->tx_filtered[ac]);
 661                if (sta_info_buffer_expired(sta, skb))
 662                        skb = __skb_dequeue(&sta->tx_filtered[ac]);
 663                else
 664                        skb = NULL;
 665                spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
 666
 667                /*
 668                 * Frames are queued in order, so if this one
 669                 * hasn't expired yet we can stop testing. If
 670                 * we actually reached the end of the queue we
 671                 * also need to stop, of course.
 672                 */
 673                if (!skb)
 674                        break;
 675                ieee80211_free_txskb(&local->hw, skb);
 676        }
 677
 678        /*
 679         * Now also check the normal PS-buffered queue, this will
 680         * only find something if the filtered queue was emptied
 681         * since the filtered frames are all before the normal PS
 682         * buffered frames.
 683         */
 684        for (;;) {
 685                spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
 686                skb = skb_peek(&sta->ps_tx_buf[ac]);
 687                if (sta_info_buffer_expired(sta, skb))
 688                        skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
 689                else
 690                        skb = NULL;
 691                spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
 692
 693                /*
 694                 * frames are queued in order, so if this one
 695                 * hasn't expired yet (or we reached the end of
 696                 * the queue) we can stop testing
 697                 */
 698                if (!skb)
 699                        break;
 700
 701                local->total_ps_buffered--;
 702                ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
 703                       sta->sta.addr);
 704                ieee80211_free_txskb(&local->hw, skb);
 705        }
 706
 707        /*
 708         * Finally, recalculate the TIM bit for this station -- it might
 709         * now be clear because the station was too slow to retrieve its
 710         * frames.
 711         */
 712        sta_info_recalc_tim(sta);
 713
 714        /*
 715         * Return whether there are any frames still buffered, this is
 716         * used to check whether the cleanup timer still needs to run,
 717         * if there are no frames we don't need to rearm the timer.
 718         */
 719        return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
 720                 skb_queue_empty(&sta->tx_filtered[ac]));
 721}
 722
 723static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
 724                                             struct sta_info *sta)
 725{
 726        bool have_buffered = false;
 727        int ac;
 728
 729        /* This is only necessary for stations on BSS interfaces */
 730        if (!sta->sdata->bss)
 731                return false;
 732
 733        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
 734                have_buffered |=
 735                        sta_info_cleanup_expire_buffered_ac(local, sta, ac);
 736
 737        return have_buffered;
 738}
 739
 740int __must_check __sta_info_destroy(struct sta_info *sta)
 741{
 742        struct ieee80211_local *local;
 743        struct ieee80211_sub_if_data *sdata;
 744        int ret, i;
 745
 746        might_sleep();
 747
 748        if (!sta)
 749                return -ENOENT;
 750
 751        local = sta->local;
 752        sdata = sta->sdata;
 753
 754        lockdep_assert_held(&local->sta_mtx);
 755
 756        /*
 757         * Before removing the station from the driver and
 758         * rate control, it might still start new aggregation
 759         * sessions -- block that to make sure the tear-down
 760         * will be sufficient.
 761         */
 762        set_sta_flag(sta, WLAN_STA_BLOCK_BA);
 763        ieee80211_sta_tear_down_BA_sessions(sta, false);
 764
 765        ret = sta_info_hash_del(local, sta);
 766        if (ret)
 767                return ret;
 768
 769        list_del_rcu(&sta->list);
 770
 771        mutex_lock(&local->key_mtx);
 772        for (i = 0; i < NUM_DEFAULT_KEYS; i++)
 773                __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
 774        if (sta->ptk)
 775                __ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
 776        mutex_unlock(&local->key_mtx);
 777
 778        sta->dead = true;
 779
 780        local->num_sta--;
 781        local->sta_generation++;
 782
 783        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 784                RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
 785
 786        while (sta->sta_state > IEEE80211_STA_NONE) {
 787                ret = sta_info_move_state(sta, sta->sta_state - 1);
 788                if (ret) {
 789                        WARN_ON_ONCE(1);
 790                        break;
 791                }
 792        }
 793
 794        if (sta->uploaded) {
 795                ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
 796                                    IEEE80211_STA_NOTEXIST);
 797                WARN_ON_ONCE(ret != 0);
 798        }
 799
 800        sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr);
 801
 802        cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);
 803
 804        rate_control_remove_sta_debugfs(sta);
 805        ieee80211_sta_debugfs_remove(sta);
 806
 807        call_rcu(&sta->rcu_head, free_sta_rcu);
 808
 809        return 0;
 810}
 811
 812int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
 813{
 814        struct sta_info *sta;
 815        int ret;
 816
 817        mutex_lock(&sdata->local->sta_mtx);
 818        sta = sta_info_get(sdata, addr);
 819        ret = __sta_info_destroy(sta);
 820        mutex_unlock(&sdata->local->sta_mtx);
 821
 822        return ret;
 823}
 824
 825int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
 826                              const u8 *addr)
 827{
 828        struct sta_info *sta;
 829        int ret;
 830
 831        mutex_lock(&sdata->local->sta_mtx);
 832        sta = sta_info_get_bss(sdata, addr);
 833        ret = __sta_info_destroy(sta);
 834        mutex_unlock(&sdata->local->sta_mtx);
 835
 836        return ret;
 837}
 838
 839static void sta_info_cleanup(unsigned long data)
 840{
 841        struct ieee80211_local *local = (struct ieee80211_local *) data;
 842        struct sta_info *sta;
 843        bool timer_needed = false;
 844
 845        rcu_read_lock();
 846        list_for_each_entry_rcu(sta, &local->sta_list, list)
 847                if (sta_info_cleanup_expire_buffered(local, sta))
 848                        timer_needed = true;
 849        rcu_read_unlock();
 850
 851        if (local->quiescing)
 852                return;
 853
 854        if (!timer_needed)
 855                return;
 856
 857        mod_timer(&local->sta_cleanup,
 858                  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
 859}
 860
 861void sta_info_init(struct ieee80211_local *local)
 862{
 863        spin_lock_init(&local->tim_lock);
 864        mutex_init(&local->sta_mtx);
 865        INIT_LIST_HEAD(&local->sta_list);
 866
 867        setup_timer(&local->sta_cleanup, sta_info_cleanup,
 868                    (unsigned long)local);
 869}
 870
 871void sta_info_stop(struct ieee80211_local *local)
 872{
 873        del_timer_sync(&local->sta_cleanup);
 874        sta_info_flush(local, NULL);
 875}
 876
 877/**
 878 * sta_info_flush - flush matching STA entries from the STA table
 879 *
 880 * Returns the number of removed STA entries.
 881 *
 882 * @local: local interface data
 883 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
 884 */
 885int sta_info_flush(struct ieee80211_local *local,
 886                   struct ieee80211_sub_if_data *sdata)
 887{
 888        struct sta_info *sta, *tmp;
 889        int ret = 0;
 890
 891        might_sleep();
 892
 893        mutex_lock(&local->sta_mtx);
 894        list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
 895                if (!sdata || sdata == sta->sdata) {
 896                        WARN_ON(__sta_info_destroy(sta));
 897                        ret++;
 898                }
 899        }
 900        mutex_unlock(&local->sta_mtx);
 901
 902        rcu_barrier();
 903
 904        if (sdata) {
 905                ieee80211_cleanup_sdata_stas(sdata);
 906                cancel_work_sync(&sdata->cleanup_stations_wk);
 907        } else {
 908                mutex_lock(&local->iflist_mtx);
 909                list_for_each_entry(sdata, &local->interfaces, list) {
 910                        ieee80211_cleanup_sdata_stas(sdata);
 911                        cancel_work_sync(&sdata->cleanup_stations_wk);
 912                }
 913                mutex_unlock(&local->iflist_mtx);
 914        }
 915
 916        return ret;
 917}
 918
 919void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
 920                          unsigned long exp_time)
 921{
 922        struct ieee80211_local *local = sdata->local;
 923        struct sta_info *sta, *tmp;
 924
 925        mutex_lock(&local->sta_mtx);
 926
 927        list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
 928                if (sdata != sta->sdata)
 929                        continue;
 930
 931                if (time_after(jiffies, sta->last_rx + exp_time)) {
 932                        ibss_dbg(sdata, "expiring inactive STA %pM\n",
 933                                 sta->sta.addr);
 934                        WARN_ON(__sta_info_destroy(sta));
 935                }
 936        }
 937
 938        mutex_unlock(&local->sta_mtx);
 939}
 940
 941struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
 942                                               const u8 *addr,
 943                                               const u8 *localaddr)
 944{
 945        struct sta_info *sta, *nxt;
 946
 947        /*
 948         * Just return a random station if localaddr is NULL
 949         * ... first in list.
 950         */
 951        for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
 952                if (localaddr &&
 953                    !ether_addr_equal(sta->sdata->vif.addr, localaddr))
 954                        continue;
 955                if (!sta->uploaded)
 956                        return NULL;
 957                return &sta->sta;
 958        }
 959
 960        return NULL;
 961}
 962EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
 963
 964struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
 965                                         const u8 *addr)
 966{
 967        struct sta_info *sta;
 968
 969        if (!vif)
 970                return NULL;
 971
 972        sta = sta_info_get_bss(vif_to_sdata(vif), addr);
 973        if (!sta)
 974                return NULL;
 975
 976        if (!sta->uploaded)
 977                return NULL;
 978
 979        return &sta->sta;
 980}
 981EXPORT_SYMBOL(ieee80211_find_sta);
 982
 983static void clear_sta_ps_flags(void *_sta)
 984{
 985        struct sta_info *sta = _sta;
 986        struct ieee80211_sub_if_data *sdata = sta->sdata;
 987
 988        clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 989        if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
 990                atomic_dec(&sdata->bss->num_sta_ps);
 991}
 992
 993/* powersave support code */
 994void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
 995{
 996        struct ieee80211_sub_if_data *sdata = sta->sdata;
 997        struct ieee80211_local *local = sdata->local;
 998        struct sk_buff_head pending;
 999        int filtered = 0, buffered = 0, ac;
1000        unsigned long flags;

1001
1002        clear_sta_flag(sta, WLAN_STA_SP);
1003
1004        BUILD_BUG_ON(BITS_TO_LONGS(STA_TID_NUM) > 1);
1005        sta->driver_buffered_tids = 0;
1006
1007        if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1008                drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1009
1010        skb_queue_head_init(&pending);
1011
1012        /* Send all buffered frames to the station */
1013        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1014                int count = skb_queue_len(&pending), tmp;
1015
1016                spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
1017                skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
1018                spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
1019                tmp = skb_queue_len(&pending);
1020                filtered += tmp - count;
1021                count = tmp;
1022
1023                spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
1024                skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
1025                spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
1026                tmp = skb_queue_len(&pending);
1027                buffered += tmp - count;
1028        }
1029
1030        ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta);
1031
1032        local->total_ps_buffered -= buffered;
1033
1034        sta_info_recalc_tim(sta);
1035
1036        ps_dbg(sdata,
1037               "STA %pM aid %d sending %d filtered/%d PS frames since STA not sleeping anymore\n",
1038               sta->sta.addr, sta->sta.aid, filtered, buffered);
1039}
1040
1041static void ieee80211_send_null_response(struct ieee80211_sub_if_data *sdata,
1042                                         struct sta_info *sta, int tid,
1043                                         enum ieee80211_frame_release_type reason)
1044{
1045        struct ieee80211_local *local = sdata->local;
1046        struct ieee80211_qos_hdr *nullfunc;
1047        struct sk_buff *skb;
1048        int size = sizeof(*nullfunc);
1049        __le16 fc;
1050        bool qos = test_sta_flag(sta, WLAN_STA_WME);
1051        struct ieee80211_tx_info *info;
1052
1053        if (qos) {
1054                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1055                                 IEEE80211_STYPE_QOS_NULLFUNC |
1056                                 IEEE80211_FCTL_FROMDS);
1057        } else {
1058                size -= 2;
1059                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1060                                 IEEE80211_STYPE_NULLFUNC |
1061                                 IEEE80211_FCTL_FROMDS);
1062        }
1063
1064        skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
1065        if (!skb)
1066                return;
1067
1068        skb_reserve(skb, local->hw.extra_tx_headroom);
1069
1070        nullfunc = (void *) skb_put(skb, size);
1071        nullfunc->frame_control = fc;
1072        nullfunc->duration_id = 0;
1073        memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
1074        memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1075        memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
1076
1077        skb->priority = tid;
1078        skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]);
1079        if (qos) {
1080                nullfunc->qos_ctrl = cpu_to_le16(tid);
1081
1082                if (reason == IEEE80211_FRAME_RELEASE_UAPSD)
1083                        nullfunc->qos_ctrl |=
1084                                cpu_to_le16(IEEE80211_QOS_CTL_EOSP);
1085        }
1086
1087        info = IEEE80211_SKB_CB(skb);
1088
1089        /*
1090         * Tell TX path to send this frame even though the
1091         * STA may still remain is PS mode after this frame
1092         * exchange. Also set EOSP to indicate this packet
1093         * ends the poll/service period.
1094         */
1095        info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
1096                       IEEE80211_TX_STATUS_EOSP |
1097                       IEEE80211_TX_CTL_REQ_TX_STATUS;
1098
1099        drv_allow_buffered_frames(local, sta, BIT(tid), 1, reason, false);
1100
1101        ieee80211_xmit(sdata, skb);
1102}
1103
1104static void
1105ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1106                                  int n_frames, u8 ignored_acs,
1107                                  enum ieee80211_frame_release_type reason)
1108{
1109        struct ieee80211_sub_if_data *sdata = sta->sdata;
1110        struct ieee80211_local *local = sdata->local;
1111        bool found = false;
1112        bool more_data = false;
1113        int ac;
1114        unsigned long driver_release_tids = 0;
1115        struct sk_buff_head frames;
1116
1117        /* Service or PS-Poll period starts */
1118        set_sta_flag(sta, WLAN_STA_SP);
1119
1120        __skb_queue_head_init(&frames);
1121
1122        /*
1123         * Get response frame(s) and more data bit for it.
1124         */
1125        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1126                unsigned long tids;
1127
1128                if (ignored_acs & BIT(ac))
1129                        continue;
1130
1131                tids = ieee80211_tids_for_ac(ac);
1132
1133                if (!found) {
1134                        driver_release_tids = sta->driver_buffered_tids & tids;
1135                        if (driver_release_tids) {
1136                                found = true;
1137                        } else {
1138                                struct sk_buff *skb;
1139
1140                                while (n_frames > 0) {
1141                                        skb = skb_dequeue(&sta->tx_filtered[ac]);
1142                                        if (!skb) {
1143                                                skb = skb_dequeue(
1144                                                        &sta->ps_tx_buf[ac]);
1145                                                if (skb)
1146                                                        local->total_ps_buffered--;
1147                                        }
1148                                        if (!skb)
1149                                                break;
1150                                        n_frames--;
1151                                        found = true;
1152                                        __skb_queue_tail(&frames, skb);
1153                                }
1154                        }
1155
1156                        /*
1157                         * If the driver has data on more than one TID then
1158                         * certainly there's more data if we release just a
1159                         * single frame now (from a single TID).
1160                         */
1161                        if (reason == IEEE80211_FRAME_RELEASE_PSPOLL &&
1162                            hweight16(driver_release_tids) > 1) {
1163                                more_data = true;
1164                                driver_release_tids =
1165                                        BIT(ffs(driver_release_tids) - 1);
1166                                break;
1167                        }
1168                }
1169
1170                if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1171                    !skb_queue_empty(&sta->ps_tx_buf[ac])) {
1172                        more_data = true;
1173                        break;
1174                }
1175        }
1176
1177        if (!found) {
1178                int tid;
1179
1180                /*
1181                 * For PS-Poll, this can only happen due to a race condition
1182                 * when we set the TIM bit and the station notices it, but
1183                 * before it can poll for the frame we expire it.
1184                 *
1185                 * For uAPSD, this is said in the standard (11.2.1.5 h):
1186                 *      At each unscheduled SP for a non-AP STA, the AP shall
1187                 *      attempt to transmit at least one MSDU or MMPDU, but no
1188                 *      more than the value specified in the Max SP Length field
1189                 *      in the QoS Capability element from delivery-enabled ACs,
1190                 *      that are destined for the non-AP STA.
1191                 *
1192                 * Since we have no other MSDU/MMPDU, transmit a QoS null frame.
1193                 */
1194
1195                /* This will evaluate to 1, 3, 5 or 7. */
1196                tid = 7 - ((ffs(~ignored_acs) - 1) << 1);
1197
1198                ieee80211_send_null_response(sdata, sta, tid, reason);
1199                return;
1200        }
1201
1202        if (!driver_release_tids) {
1203                struct sk_buff_head pending;
1204                struct sk_buff *skb;
1205                int num = 0;
1206                u16 tids = 0;
1207
1208                skb_queue_head_init(&pending);
1209
1210                while ((skb = __skb_dequeue(&frames))) {
1211                        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1212                        struct ieee80211_hdr *hdr = (void *) skb->data;
1213                        u8 *qoshdr = NULL;
1214
1215                        num++;
1216
1217                        /*
1218                         * Tell TX path to send this frame even though the
1219                         * STA may still remain is PS mode after this frame
1220                         * exchange.
1221                         */
1222                        info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
1223
1224                        /*
1225                         * Use MoreData flag to indicate whether there are
1226                         * more buffered frames for this STA
1227                         */
1228                        if (more_data || !skb_queue_empty(&frames))
1229                                hdr->frame_control |=
1230                                        cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1231                        else
1232                                hdr->frame_control &=
1233                                        cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1234
1235                        if (ieee80211_is_data_qos(hdr->frame_control) ||
1236                            ieee80211_is_qos_nullfunc(hdr->frame_control))
1237                                qoshdr = ieee80211_get_qos_ctl(hdr);
1238
1239                        /* end service period after last frame */
1240                        if (skb_queue_empty(&frames)) {
1241                                if (reason == IEEE80211_FRAME_RELEASE_UAPSD &&
1242                                    qoshdr)
1243                                        *qoshdr |= IEEE80211_QOS_CTL_EOSP;
1244
1245                                info->flags |= IEEE80211_TX_STATUS_EOSP |
1246                                               IEEE80211_TX_CTL_REQ_TX_STATUS;
1247                        }
1248
1249                        if (qoshdr)
1250                                tids |= BIT(*qoshdr & IEEE80211_QOS_CTL_TID_MASK);
1251                        else
1252                                tids |= BIT(0);
1253
1254                        __skb_queue_tail(&pending, skb);
1255                }
1256
1257                drv_allow_buffered_frames(local, sta, tids, num,
1258                                          reason, more_data);
1259
1260                ieee80211_add_pending_skbs(local, &pending);
1261
1262                sta_info_recalc_tim(sta);
1263        } else {
1264                /*
1265                 * We need to release a frame that is buffered somewhere in the
1266                 * driver ... it'll have to handle that.
1267                 * Note that, as per the comment above, it'll also have to see
1268                 * if there is more than just one frame on the specific TID that
1269                 * we're releasing from, and it needs to set the more-data bit
1270                 * accordingly if we tell it that there's no more data. If we do
1271                 * tell it there's more data, then of course the more-data bit
1272                 * needs to be set anyway.
1273                 */
1274                drv_release_buffered_frames(local, sta, driver_release_tids,
1275                                            n_frames, reason, more_data);
1276
1277                /*
1278                 * Note that we don't recalculate the TIM bit here as it would
1279                 * most likely have no effect at all unless the driver told us
1280                 * that the TID became empty before returning here from the
1281                 * release function.
1282                 * Either way, however, when the driver tells us that the TID
1283                 * became empty we'll do the TIM recalculation.
1284                 */
1285        }
1286}
1287
1288void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
1289{
1290        u8 ignore_for_response = sta->sta.uapsd_queues;
1291
1292        /*
1293         * If all ACs are delivery-enabled then we should reply
1294         * from any of them, if only some are enabled we reply
1295         * only from the non-enabled ones.
1296         */
1297        if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1)
1298                ignore_for_response = 0;
1299
1300        ieee80211_sta_ps_deliver_response(sta, 1, ignore_for_response,
1301                                          IEEE80211_FRAME_RELEASE_PSPOLL);
1302}
1303
1304void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta)
1305{
1306        int n_frames = sta->sta.max_sp;
1307        u8 delivery_enabled = sta->sta.uapsd_queues;
1308
1309        /*
1310         * If we ever grow support for TSPEC this might happen if
1311         * the TSPEC update from hostapd comes in between a trigger
1312         * frame setting WLAN_STA_UAPSD in the RX path and this
1313         * actually getting called.
1314         */
1315        if (!delivery_enabled)
1316                return;
1317
1318        switch (sta->sta.max_sp) {
1319        case 1:
1320                n_frames = 2;
1321                break;
1322        case 2:
1323                n_frames = 4;
1324                break;
1325        case 3:
1326                n_frames = 6;
1327                break;
1328        case 0:
1329                /* XXX: what is a good value? */
1330                n_frames = 8;
1331                break;
1332        }
1333
1334        ieee80211_sta_ps_deliver_response(sta, n_frames, ~delivery_enabled,
1335                                          IEEE80211_FRAME_RELEASE_UAPSD);
1336}
1337
1338void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
1339                               struct ieee80211_sta *pubsta, bool block)
1340{
1341        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1342
1343        trace_api_sta_block_awake(sta->local, pubsta, block);
1344
1345        if (block)
1346                set_sta_flag(sta, WLAN_STA_PS_DRIVER);
1347        else if (test_sta_flag(sta, WLAN_STA_PS_DRIVER))
1348                ieee80211_queue_work(hw, &sta->drv_unblock_wk);
1349}
1350EXPORT_SYMBOL(ieee80211_sta_block_awake);
1351
1352void ieee80211_sta_eosp_irqsafe(struct ieee80211_sta *pubsta)
1353{
1354        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1355        struct ieee80211_local *local = sta->local;
1356        struct sk_buff *skb;
1357        struct skb_eosp_msg_data *data;
1358
1359        trace_api_eosp(local, pubsta);
1360
1361        skb = alloc_skb(0, GFP_ATOMIC);
1362        if (!skb) {
1363                /* too bad ... but race is better than loss */
1364                clear_sta_flag(sta, WLAN_STA_SP);
1365                return;
1366        }
1367
1368        data = (void *)skb->cb;
1369        memcpy(data->sta, pubsta->addr, ETH_ALEN);
1370        memcpy(data->iface, sta->sdata->vif.addr, ETH_ALEN);
1371        skb->pkt_type = IEEE80211_EOSP_MSG;
1372        skb_queue_tail(&local->skb_queue, skb);
1373        tasklet_schedule(&local->tasklet);
1374}
1375EXPORT_SYMBOL(ieee80211_sta_eosp_irqsafe);
1376
1377void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
1378                                u8 tid, bool buffered)
1379{
1380        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1381
1382        if (WARN_ON(tid >= STA_TID_NUM))
1383                return;
1384
1385        if (buffered)
1386                set_bit(tid, &sta->driver_buffered_tids);
1387        else
1388                clear_bit(tid, &sta->driver_buffered_tids);
1389
1390        sta_info_recalc_tim(sta);
1391}
1392EXPORT_SYMBOL(ieee80211_sta_set_buffered);
1393
1394int sta_info_move_state(struct sta_info *sta,
1395                        enum ieee80211_sta_state new_state)
1396{
1397        might_sleep();
1398
1399        if (sta->sta_state == new_state)
1400                return 0;
1401
1402        /* check allowed transitions first */
1403
1404        switch (new_state) {
1405        case IEEE80211_STA_NONE:
1406                if (sta->sta_state != IEEE80211_STA_AUTH)
1407                        return -EINVAL;
1408                break;
1409        case IEEE80211_STA_AUTH:
1410                if (sta->sta_state != IEEE80211_STA_NONE &&
1411                    sta->sta_state != IEEE80211_STA_ASSOC)
1412                        return -EINVAL;
1413                break;
1414        case IEEE80211_STA_ASSOC:
1415                if (sta->sta_state != IEEE80211_STA_AUTH &&
1416                    sta->sta_state != IEEE80211_STA_AUTHORIZED)
1417                        return -EINVAL;
1418                break;
1419        case IEEE80211_STA_AUTHORIZED:
1420                if (sta->sta_state != IEEE80211_STA_ASSOC)
1421                        return -EINVAL;
1422                break;
1423        default:
1424                WARN(1, "invalid state %d", new_state);
1425                return -EINVAL;
1426        }
1427
1428        sta_dbg(sta->sdata, "moving STA %pM to state %d\n",
1429                sta->sta.addr, new_state);
1430
1431        /*
1432         * notify the driver before the actual changes so it can
1433         * fail the transition
1434         */
1435        if (test_sta_flag(sta, WLAN_STA_INSERTED)) {
1436                int err = drv_sta_state(sta->local, sta->sdata, sta,
1437                                        sta->sta_state, new_state);
1438                if (err)
1439                        return err;
1440        }
1441
1442        /* reflect the change in all state variables */
1443
1444        switch (new_state) {
1445        case IEEE80211_STA_NONE:
1446                if (sta->sta_state == IEEE80211_STA_AUTH)
1447                        clear_bit(WLAN_STA_AUTH, &sta->_flags);
1448                break;
1449        case IEEE80211_STA_AUTH:
1450                if (sta->sta_state == IEEE80211_STA_NONE)
1451                        set_bit(WLAN_STA_AUTH, &sta->_flags);
1452                else if (sta->sta_state == IEEE80211_STA_ASSOC)
1453                        clear_bit(WLAN_STA_ASSOC, &sta->_flags);
1454                break;
1455        case IEEE80211_STA_ASSOC:
1456                if (sta->sta_state == IEEE80211_STA_AUTH) {
1457                        set_bit(WLAN_STA_ASSOC, &sta->_flags);
1458                } else if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
1459                        if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
1460                            (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1461                             !sta->sdata->u.vlan.sta))
1462                                atomic_dec(&sta->sdata->bss->num_mcast_sta);
1463                        clear_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1464                }
1465                break;
1466        case IEEE80211_STA_AUTHORIZED:
1467                if (sta->sta_state == IEEE80211_STA_ASSOC) {
1468                        if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
1469                            (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1470                             !sta->sdata->u.vlan.sta))
1471                                atomic_inc(&sta->sdata->bss->num_mcast_sta);
1472                        set_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1473                }
1474                break;
1475        default:
1476                break;
1477        }
1478
1479        sta->sta_state = new_state;
1480
1481        return 0;
1482}
1483