sta_info.c 49.1 KB
Newer Older
1
2
3
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
4
 * Copyright 2013-2014  Intel Mobile Communications GmbH
5
6
7
8
9
10
11
12
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/init.h>
13
#include <linux/etherdevice.h>
14
15
16
17
18
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
19
#include <linux/timer.h>
20
#include <linux/rtnetlink.h>
21
22
23

#include <net/mac80211.h>
#include "ieee80211_i.h"
24
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
25
#include "rate.h"
26
#include "sta_info.h"
27
#include "debugfs_sta.h"
28
#include "mesh.h"
29
#include "wme.h"
30

31
32
33
34
35
36
37
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
38
39
40
41
42
43
44
45
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
46
47
48
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
49
 *
50
 * Station entries are added by mac80211 when you establish a link with a
51
52
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
Lucas De Marchi's avatar
Lucas De Marchi committed
53
 * receive an association response from the AP. For IBSS this occurs when
54
 * get to know about a peer on the same IBSS. For WDS we add the sta for
Lucas De Marchi's avatar
Lucas De Marchi committed
55
 * the peer immediately upon device open. When using AP mode we add stations
56
 * for each respective station upon request from userspace through nl80211.
57
 *
58
59
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
60
 *
61
62
63
64
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
65
 */
66

67
/* Caller must hold local->sta_mtx */
68
69
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
70
71
72
{
	struct sta_info *s;

73
	s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
74
				      lockdep_is_held(&local->sta_mtx));
75
	if (!s)
76
77
		return -ENOENT;
	if (s == sta) {
78
		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
79
				   s->hnext);
80
		return 0;
81
82
	}

83
84
85
	while (rcu_access_pointer(s->hnext) &&
	       rcu_access_pointer(s->hnext) != sta)
		s = rcu_dereference_protected(s->hnext,
86
					lockdep_is_held(&local->sta_mtx));
87
	if (rcu_access_pointer(s->hnext)) {
88
		rcu_assign_pointer(s->hnext, sta->hnext);
89
90
		return 0;
	}
91

92
	return -ENOENT;
93
94
}

95
static void __cleanup_single_sta(struct sta_info *sta)
96
97
98
99
100
{
	int ac, i;
	struct tid_ampdu_tx *tid_tx;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
101
	struct ps_data *ps;
102

103
	if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
104
105
	    test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
	    test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
106
107
108
		if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
		    sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			ps = &sdata->bss->ps;
109
110
		else if (ieee80211_vif_is_mesh(&sdata->vif))
			ps = &sdata->u.mesh.ps;
111
112
		else
			return;
113
114

		clear_sta_flag(sta, WLAN_STA_PS_STA);
115
		clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
116
		clear_sta_flag(sta, WLAN_STA_PS_DELIVER);
117

118
		atomic_dec(&ps->num_sta_ps);
119
120
121
122
123
		sta_info_recalc_tim(sta);
	}

	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
		local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
124
125
		ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
		ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
126
127
	}

128
129
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_sta_cleanup(sta);
130

131
	cancel_work_sync(&sta->drv_deliver_wk);
132
133
134
135
136
137
138

	/*
	 * Destroy aggregation state here. It would be nice to wait for the
	 * driver to finish aggregation stop and then clean up, but for now
	 * drivers have to handle aggregation stop being requested, followed
	 * directly by station destruction.
	 */
139
	for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
140
		kfree(sta->ampdu_mlme.tid_start_tx[i]);
141
142
143
		tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
		if (!tid_tx)
			continue;
144
		ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
145
146
		kfree(tid_tx);
	}
147
}
148

149
150
151
152
153
154
static void cleanup_single_sta(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;

	__cleanup_single_sta(sta);
155
156
157
	sta_info_free(local, sta);
}

158
/* protected by RCU */
159
160
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
161
{
162
	struct ieee80211_local *local = sdata->local;
163
164
	struct sta_info *sta;

165
166
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_mtx));
167
	while (sta) {
168
		if (sta->sdata == sdata &&
169
		    ether_addr_equal(sta->sta.addr, addr))
170
			break;
171
172
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_mtx));
173
	}
174
175
176
	return sta;
}

177
178
179
180
181
182
183
184
185
186
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
	struct sta_info *sta;

187
188
	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
				    lockdep_is_held(&local->sta_mtx));
189
190
	while (sta) {
		if ((sta->sdata == sdata ||
191
		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
192
		    ether_addr_equal(sta->sta.addr, addr))
193
			break;
194
195
		sta = rcu_dereference_check(sta->hnext,
					    lockdep_is_held(&local->sta_mtx));
196
197
198
199
	}
	return sta;
}

200
201
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
202
{
203
	struct ieee80211_local *local = sdata->local;
204
205
206
	struct sta_info *sta;
	int i = 0;

207
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
208
		if (sdata != sta->sdata)
209
			continue;
210
211
212
213
		if (i < idx) {
			++i;
			continue;
		}
214
		return sta;
215
216
217
218
	}

	return NULL;
}
219

220
/**
221
 * sta_info_free - free STA
222
 *
223
 * @local: pointer to the global information
224
225
226
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
227
228
229
 * that may happen before sta_info_insert(). It may only be
 * called when sta_info_insert() has not been attempted (and
 * if that fails, the station is freed anyway.)
230
 */
231
void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
232
{
233
234
	int i;

235
	if (sta->rate_ctrl)
236
		rate_control_free_sta(sta);
237

238
239
240
241
242
243
	if (sta->tx_lat) {
		for (i = 0; i < IEEE80211_NUM_TIDS; i++)
			kfree(sta->tx_lat[i].bins);
		kfree(sta->tx_lat);
	}

Johannes Berg's avatar
Johannes Berg committed
244
	sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
245

246
	kfree(rcu_dereference_raw(sta->sta.rates));
247
248
249
	kfree(sta);
}

250
/* Caller must hold local->sta_mtx */
251
252
static void sta_info_hash_add(struct ieee80211_local *local,
			      struct sta_info *sta)
253
{
254
	lockdep_assert_held(&local->sta_mtx);
255
	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
256
	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
257
258
}

259
static void sta_deliver_ps_frames(struct work_struct *wk)
260
261
262
{
	struct sta_info *sta;

263
	sta = container_of(wk, struct sta_info, drv_deliver_wk);
264
265
266
267

	if (sta->dead)
		return;

268
269
	local_bh_disable();
	if (!test_sta_flag(sta, WLAN_STA_PS_STA))
270
		ieee80211_sta_ps_deliver_wakeup(sta);
271
	else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL))
272
		ieee80211_sta_ps_deliver_poll_response(sta);
273
	else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD))
Johannes Berg's avatar
Johannes Berg committed
274
		ieee80211_sta_ps_deliver_uapsd(sta);
275
	local_bh_enable();
276
277
}

278
279
280
281
282
283
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
		return 0;

284
	sta->rate_ctrl = local->rate_ctrl;
285
286
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
						     &sta->sta, gfp);
287
	if (!sta->rate_ctrl_priv)
288
289
290
291
292
		return -ENOMEM;

	return 0;
}

Johannes Berg's avatar
Johannes Berg committed
293
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
294
				const u8 *addr, gfp_t gfp)
295
{
296
	struct ieee80211_local *local = sdata->local;
297
	struct sta_info *sta;
298
	struct timespec uptime;
299
	struct ieee80211_tx_latency_bin_ranges *tx_latency;
300
	int i;
301

302
	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
303
	if (!sta)
Johannes Berg's avatar
Johannes Berg committed
304
		return NULL;
305

306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
	rcu_read_lock();
	tx_latency = rcu_dereference(local->tx_latency);
	/* init stations Tx latency statistics && TID bins */
	if (tx_latency) {
		sta->tx_lat = kzalloc(IEEE80211_NUM_TIDS *
				      sizeof(struct ieee80211_tx_latency_stat),
				      GFP_ATOMIC);
		if (!sta->tx_lat) {
			rcu_read_unlock();
			goto free;
		}

		if (tx_latency->n_ranges) {
			for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
				/* size of bins is size of the ranges +1 */
				sta->tx_lat[i].bin_count =
					tx_latency->n_ranges + 1;
				sta->tx_lat[i].bins =
					kcalloc(sta->tx_lat[i].bin_count,
						sizeof(u32), GFP_ATOMIC);
				if (!sta->tx_lat[i].bins) {
					rcu_read_unlock();
					goto free;
				}
			}
		}
	}
	rcu_read_unlock();

335
	spin_lock_init(&sta->lock);
336
	spin_lock_init(&sta->ps_lock);
337
	INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
Johannes Berg's avatar
Johannes Berg committed
338
	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
339
	mutex_init(&sta->ampdu_mlme.mtx);
340
341
342
343
#ifdef CONFIG_MAC80211_MESH
	if (ieee80211_vif_is_mesh(&sdata->vif) &&
	    !sdata->u.mesh.user_mpm)
		init_timer(&sta->plink_timer);
344
	sta->nonpeer_pm = NL80211_MESH_POWER_ACTIVE;
345
#endif
346

347
	memcpy(sta->sta.addr, addr, ETH_ALEN);
348
349
	sta->local = local;
	sta->sdata = sdata;
350
	sta->last_rx = jiffies;
351

352
353
	sta->sta_state = IEEE80211_STA_NONE;

354
355
356
	/* Mark TID as unreserved */
	sta->reserved_tid = IEEE80211_TID_UNRESERVED;

Thomas Gleixner's avatar
Thomas Gleixner committed
357
	ktime_get_ts(&uptime);
358
	sta->last_connected = uptime.tv_sec;
359
	ewma_init(&sta->avg_signal, 1024, 8);
360
361
	for (i = 0; i < ARRAY_SIZE(sta->chain_signal_avg); i++)
		ewma_init(&sta->chain_signal_avg[i], 1024, 8);
362

363
364
	if (sta_prepare_rate_control(local, sta, gfp))
		goto free;
365

366
	for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
367
368
369
370
371
		/*
		 * timer_to_tid must be initialized with identity mapping
		 * to enable session_timer's data differentiation. See
		 * sta_rx_agg_session_timer_expired for usage.
		 */
372
373
		sta->timer_to_tid[i] = i;
	}
374
375
376
377
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
		skb_queue_head_init(&sta->ps_tx_buf[i]);
		skb_queue_head_init(&sta->tx_filtered[i]);
	}
Johannes Berg's avatar
Johannes Berg committed
378

379
	for (i = 0; i < IEEE80211_NUM_TIDS; i++)
380
		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
381

382
	sta->sta.smps_mode = IEEE80211_SMPS_OFF;
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
	if (sdata->vif.type == NL80211_IFTYPE_AP ||
	    sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
		struct ieee80211_supported_band *sband =
			local->hw.wiphy->bands[ieee80211_get_sdata_band(sdata)];
		u8 smps = (sband->ht_cap.cap & IEEE80211_HT_CAP_SM_PS) >>
				IEEE80211_HT_CAP_SM_PS_SHIFT;
		/*
		 * Assume that hostapd advertises our caps in the beacon and
		 * this is the known_smps_mode for a station that just assciated
		 */
		switch (smps) {
		case WLAN_HT_SMPS_CONTROL_DISABLED:
			sta->known_smps_mode = IEEE80211_SMPS_OFF;
			break;
		case WLAN_HT_SMPS_CONTROL_STATIC:
			sta->known_smps_mode = IEEE80211_SMPS_STATIC;
			break;
		case WLAN_HT_SMPS_CONTROL_DYNAMIC:
			sta->known_smps_mode = IEEE80211_SMPS_DYNAMIC;
			break;
		default:
			WARN_ON(1);
		}
	}
407

Johannes Berg's avatar
Johannes Berg committed
408
	sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
Johannes Berg's avatar
Johannes Berg committed
409
	return sta;
410
411
412
413
414
415
416
417
418

free:
	if (sta->tx_lat) {
		for (i = 0; i < IEEE80211_NUM_TIDS; i++)
			kfree(sta->tx_lat[i].bins);
		kfree(sta->tx_lat);
	}
	kfree(sta);
	return NULL;
Johannes Berg's avatar
Johannes Berg committed
419
420
}

421
static int sta_info_insert_check(struct sta_info *sta)
422
423
424
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;

425
426
427
428
429
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
430
431
	if (unlikely(!ieee80211_sdata_running(sdata)))
		return -ENETDOWN;
432

433
	if (WARN_ON(ether_addr_equal(sta->sta.addr, sdata->vif.addr) ||
434
435
436
437
438
439
		    is_multicast_ether_addr(sta->sta.addr)))
		return -EINVAL;

	return 0;
}

440
441
442
443
444
445
446
447
448
449
450
451
452
453
static int sta_info_insert_drv_state(struct ieee80211_local *local,
				     struct ieee80211_sub_if_data *sdata,
				     struct sta_info *sta)
{
	enum ieee80211_sta_state state;
	int err = 0;

	for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
		err = drv_sta_state(local, sdata, sta, state, state + 1);
		if (err)
			break;
	}

	if (!err) {
454
455
456
457
458
459
		/*
		 * Drivers using legacy sta_add/sta_remove callbacks only
		 * get uploaded set to true after sta_add is called.
		 */
		if (!local->ops->sta_add)
			sta->uploaded = true;
460
461
462
463
		return 0;
	}

	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
Johannes Berg's avatar
Johannes Berg committed
464
465
466
		sdata_info(sdata,
			   "failed to move IBSS STA %pM to state %d (%d) - keeping it anyway\n",
			   sta->sta.addr, state + 1, err);
467
468
469
470
471
472
473
474
475
476
		err = 0;
	}

	/* unwind on error */
	for (; state > IEEE80211_STA_NOTEXIST; state--)
		WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));

	return err;
}

477
478
479
480
481
/*
 * should be called with sta_mtx locked
 * this function replaces the mutex lock
 * with a RCU lock
 */
482
static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
483
484
485
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
486
	struct station_info sinfo;
487
488
489
	int err = 0;

	lockdep_assert_held(&local->sta_mtx);
490

491
492
493
494
	/* check if STA exists already */
	if (sta_info_get_bss(sdata, sta->sta.addr)) {
		err = -EEXIST;
		goto out_err;
495
	}
496

497
498
499
	local->num_sta++;
	local->sta_generation++;
	smp_mb();
500

501
502
503
	/* simplify things and don't accept BA sessions yet */
	set_sta_flag(sta, WLAN_STA_BLOCK_BA);

504
505
	/* make the station visible */
	sta_info_hash_add(local, sta);
506

507
	list_add_tail_rcu(&sta->list, &local->sta_list);
508

509
510
511
512
513
	/* notify driver */
	err = sta_info_insert_drv_state(local, sdata, sta);
	if (err)
		goto out_remove;

514
	set_sta_flag(sta, WLAN_STA_INSERTED);
515
516
	/* accept BA sessions now */
	clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
517

518
	ieee80211_recalc_min_chandef(sdata);
519
520
	ieee80211_sta_debugfs_add(sta);
	rate_control_add_sta_debugfs(sta);
521

522
523
524
525
	memset(&sinfo, 0, sizeof(sinfo));
	sinfo.filled = 0;
	sinfo.generation = local->sta_generation;
	cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
526

Johannes Berg's avatar
Johannes Berg committed
527
	sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr);
528

529
530
531
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
532

Johannes Berg's avatar
Johannes Berg committed
533
534
535
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

536
	return 0;
537
538
539
540
541
542
 out_remove:
	sta_info_hash_del(local, sta);
	list_del_rcu(&sta->list);
	local->num_sta--;
	synchronize_net();
	__cleanup_single_sta(sta);
543
544
545
546
 out_err:
	mutex_unlock(&local->sta_mtx);
	rcu_read_lock();
	return err;
547
548
549
550
551
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
552
	int err;
553

554
555
	might_sleep();

556
557
558
559
560
561
562
563
	err = sta_info_insert_check(sta);
	if (err) {
		rcu_read_lock();
		goto out_free;
	}

	mutex_lock(&local->sta_mtx);

564
	err = sta_info_insert_finish(sta);
565
566
567
	if (err)
		goto out_free;

Johannes Berg's avatar
Johannes Berg committed
568
	return 0;
569
 out_free:
570
	sta_info_free(local, sta);
571
	return err;
572
573
}

574
575
576
577
578
579
580
581
582
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

583
static inline void __bss_tim_set(u8 *tim, u16 id)
584
585
586
587
588
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
589
	tim[id / 8] |= (1 << (id % 8));
590
591
}

592
static inline void __bss_tim_clear(u8 *tim, u16 id)
593
594
595
596
597
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
598
	tim[id / 8] &= ~(1 << (id % 8));
599
600
}

601
602
603
604
605
606
607
608
609
static inline bool __bss_tim_get(u8 *tim, u16 id)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the test_bit() format.
	 */
	return tim[id / 8] & (1 << (id % 8));
}

610
static unsigned long ieee80211_tids_for_ac(int ac)
611
{
612
613
614
615
616
617
618
619
620
621
622
623
624
	/* If we ever support TIDs > 7, this obviously needs to be adjusted */
	switch (ac) {
	case IEEE80211_AC_VO:
		return BIT(6) | BIT(7);
	case IEEE80211_AC_VI:
		return BIT(4) | BIT(5);
	case IEEE80211_AC_BE:
		return BIT(0) | BIT(3);
	case IEEE80211_AC_BK:
		return BIT(1) | BIT(2);
	default:
		WARN_ON(1);
		return 0;
625
	}
626
627
}

628
void sta_info_recalc_tim(struct sta_info *sta)
629
{
630
	struct ieee80211_local *local = sta->local;
631
	struct ps_data *ps;
632
633
634
	bool indicate_tim = false;
	u8 ignore_for_tim = sta->sta.uapsd_queues;
	int ac;
635
636
637
638
639
640
	u16 id;

	if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
	    sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
		if (WARN_ON_ONCE(!sta->sdata->bss))
			return;
641

642
643
		ps = &sta->sdata->bss->ps;
		id = sta->sta.aid;
644
645
646
#ifdef CONFIG_MAC80211_MESH
	} else if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		ps = &sta->sdata->u.mesh.ps;
647
		/* TIM map only for 1 <= PLID <= IEEE80211_MAX_AID */
648
		id = sta->plid % (IEEE80211_MAX_AID + 1);
649
#endif
650
	} else {
651
		return;
652
	}
653

654
655
656
	/* No need to do anything if the driver does all */
	if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
		return;
657

658
659
	if (sta->dead)
		goto done;
660

661
662
663
664
665
666
667
668
669
670
671
	/*
	 * If all ACs are delivery-enabled then we should build
	 * the TIM bit for all ACs anyway; if only some are then
	 * we ignore those and build the TIM bit using only the
	 * non-enabled ones.
	 */
	if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
		ignore_for_tim = 0;

	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
		unsigned long tids;
672

673
674
675
676
677
678
679
		if (ignore_for_tim & BIT(ac))
			continue;

		indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
				!skb_queue_empty(&sta->ps_tx_buf[ac]);
		if (indicate_tim)
			break;
680

681
682
683
684
		tids = ieee80211_tids_for_ac(ac);

		indicate_tim |=
			sta->driver_buffered_tids & tids;
685
	}
686

687
 done:
688
	spin_lock_bh(&local->tim_lock);
689

690
691
692
	if (indicate_tim == __bss_tim_get(ps->tim, id))
		goto out_unlock;

693
	if (indicate_tim)
694
		__bss_tim_set(ps->tim, id);
695
	else
696
		__bss_tim_clear(ps->tim, id);
697

698
699
	if (local->ops->set_tim) {
		local->tim_in_locked_section = true;
700
		drv_set_tim(local, &sta->sta, indicate_tim);
701
702
		local->tim_in_locked_section = false;
	}
703

704
out_unlock:
705
	spin_unlock_bh(&local->tim_lock);
706
707
}

708
static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
709
{
710
	struct ieee80211_tx_info *info;
711
712
713
	int timeout;

	if (!skb)
714
		return false;
715

716
	info = IEEE80211_SKB_CB(skb);
717
718

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
719
720
721
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
722
723
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
724
	return time_after(jiffies, info->control.jiffies + timeout);
725
726
727
}


728
729
static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
						struct sta_info *sta, int ac)
730
731
732
733
{
	unsigned long flags;
	struct sk_buff *skb;

734
735
736
737
738
739
740
741
	/*
	 * First check for frames that should expire on the filtered
	 * queue. Frames here were rejected by the driver and are on
	 * a separate queue to avoid reordering with normal PS-buffered
	 * frames. They also aren't accounted for right now in the
	 * total_ps_buffered counter.
	 */
	for (;;) {
742
743
		spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
		skb = skb_peek(&sta->tx_filtered[ac]);
744
		if (sta_info_buffer_expired(sta, skb))
745
			skb = __skb_dequeue(&sta->tx_filtered[ac]);
746
747
		else
			skb = NULL;
748
		spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
749
750
751
752
753
754
755
756
757

		/*
		 * Frames are queued in order, so if this one
		 * hasn't expired yet we can stop testing. If
		 * we actually reached the end of the queue we
		 * also need to stop, of course.
		 */
		if (!skb)
			break;
758
		ieee80211_free_txskb(&local->hw, skb);
759
760
761
762
763
764
765
766
	}

	/*
	 * Now also check the normal PS-buffered queue, this will
	 * only find something if the filtered queue was emptied
	 * since the filtered frames are all before the normal PS
	 * buffered frames.
	 */
767
	for (;;) {
768
769
		spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
		skb = skb_peek(&sta->ps_tx_buf[ac]);
770
		if (sta_info_buffer_expired(sta, skb))
771
			skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
772
		else
773
			skb = NULL;
774
		spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
775

776
777
778
779
780
		/*
		 * frames are queued in order, so if this one
		 * hasn't expired yet (or we reached the end of
		 * the queue) we can stop testing
		 */
781
		if (!skb)
782
			break;
783
784

		local->total_ps_buffered--;
Johannes Berg's avatar
Johannes Berg committed
785
786
		ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
787
		ieee80211_free_txskb(&local->hw, skb);
788
	}
789

790
791
792
793
794
795
796
797
798
799
800
801
	/*
	 * Finally, recalculate the TIM bit for this station -- it might
	 * now be clear because the station was too slow to retrieve its
	 * frames.
	 */
	sta_info_recalc_tim(sta);

	/*
	 * Return whether there are any frames still buffered, this is
	 * used to check whether the cleanup timer still needs to run,
	 * if there are no frames we don't need to rearm the timer.
	 */
802
803
804
805
806
807
808
809
810
811
	return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
		 skb_queue_empty(&sta->tx_filtered[ac]));
}

static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
					     struct sta_info *sta)
{
	bool have_buffered = false;
	int ac;

812
813
814
	/* This is only necessary for stations on BSS/MBSS interfaces */
	if (!sta->sdata->bss &&
	    !ieee80211_vif_is_mesh(&sta->sdata->vif))
815
816
817
818
819
820
821
		return false;

	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
		have_buffered |=
			sta_info_cleanup_expire_buffered_ac(local, sta, ac);

	return have_buffered;
822
823
}

824
static int __must_check __sta_info_destroy_part1(struct sta_info *sta)
825
{
826
827
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
828
	int ret;
829

830
	might_sleep();
831

832
833
	if (!sta)
		return -ENOENT;
834

835
836
	local = sta->local;
	sdata = sta->sdata;
837

838
839
	lockdep_assert_held(&local->sta_mtx);

840
841
842
843
844
845
	/*
	 * Before removing the station from the driver and
	 * rate control, it might still start new aggregation
	 * sessions -- block that to make sure the tear-down
	 * will be sufficient.
	 */
846
	set_sta_flag(sta, WLAN_STA_BLOCK_BA);
847
	ieee80211_sta_tear_down_BA_sessions(sta, AGG_STOP_DESTROY_STA);
848

849
	ret = sta_info_hash_del(local, sta);
850
	if (WARN_ON(ret))
851
852
		return ret;

853
854
855
856
857
858
859
860
861
	/*
	 * for TDLS peers, make sure to return to the base channel before
	 * removal.
	 */
	if (test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
		drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
		clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
	}

862
	list_del_rcu(&sta->list);
863

864
865
	drv_sta_pre_rcu_remove(local, sta->sdata, sta);

866
867
868
869
	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
	    rcu_access_pointer(sdata->u.vlan.sta) == sta)
		RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);

870
871
872
873
874
875
876
	return 0;
}

static void __sta_info_destroy_part2(struct sta_info *sta)
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
877
	struct station_info sinfo = {};
878
879
880
881
882
883
884
885
886
887
	int ret;

	/*
	 * NOTE: This assumes at least synchronize_net() was done
	 *	 after _part1 and before _part2!
	 */

	might_sleep();
	lockdep_assert_held(&local->sta_mtx);

888
	/* now keys can no longer be reached */
889
	ieee80211_free_sta_keys(local, sta);
890
891
892
893
894
895

	sta->dead = true;

	local->num_sta--;
	local->sta_generation++;

896
	while (sta->sta_state > IEEE80211_STA_NONE) {
897
898
		ret = sta_info_move_state(sta, sta->sta_state - 1);
		if (ret) {
899
900
901
902
			WARN_ON_ONCE(1);
			break;
		}
	}
903

904
905
906
907
908
	if (sta->uploaded) {
		ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
				    IEEE80211_STA_NOTEXIST);
		WARN_ON_ONCE(ret != 0);
	}
909

Johannes Berg's avatar
Johannes Berg committed
910
911
	sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr);

912
913
	sta_set_sinfo(sta, &sinfo);
	cfg80211_del_sta_sinfo(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
914

915
916
	rate_control_remove_sta_debugfs(sta);
	ieee80211_sta_debugfs_remove(sta);
917
	ieee80211_recalc_min_chandef(sdata);
918

919
	cleanup_single_sta(sta);
920
921
922
923
924
925
926
927
928
929
930
931
}

int __must_check __sta_info_destroy(struct sta_info *sta)
{
	int err = __sta_info_destroy_part1(sta);

	if (err)
		return err;

	synchronize_net();

	__sta_info_destroy_part2(sta);
932
933

	return 0;
934
935
}

936
int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
937
{
938
939
	struct sta_info *sta;
	int ret;
940

941
	mutex_lock(&sdata->local->sta_mtx);
942
	sta = sta_info_get(sdata, addr);
943
944
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
945
946
947
948

	return ret;
}

949
950
int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
951
{
952
953
	struct sta_info *sta;
	int ret;
954

955
	mutex_lock(&sdata->local->sta_mtx);
956
	sta = sta_info_get_bss(sdata, addr);
957
958
	ret = __sta_info_destroy(sta);
	mutex_unlock(&sdata->local->sta_mtx);
959

960
961
	return ret;
}
962

963
964
965
966
static void sta_info_cleanup(unsigned long data)
{
	struct ieee80211_local *local = (struct ieee80211_local *) data;
	struct sta_info *sta;
967
	bool timer_needed = false;
968
969
970

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list)
971
972
		if (sta_info_cleanup_expire_buffered(local, sta))
			timer_needed = true;
973
	rcu_read_unlock();
974

975
976
	if (local->quiescing)
		return;
977

978
979
980
	if (!timer_needed)
		return;

981
982
	mod_timer(&local->sta_cleanup,
		  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
983
984
}

985
986
void sta_info_init(struct ieee80211_local *local)
{
987
	spin_lock_init(&local->tim_lock);
988
	mutex_init(&local->sta_mtx);
989
990
	INIT_LIST_HEAD(&local->sta_list);

991
992
	setup_timer(&local->sta_cleanup, sta_info_cleanup,
		    (unsigned long)local);
993
994
995
996
}

void sta_info_stop(struct ieee80211_local *local)
{
997
	del_timer_sync(&local->sta_cleanup);
998
999
}

1000

1001
int __sta_info_flush(struct ieee80211_sub_if_data *sdata, bool vlans)
1002
{