summaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 00:04:47 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2012-03-21 00:04:47 -0400
commit3b59bf081622b6446db77ad06c93fe23677bc533 (patch)
tree3f4bb5a27c90cc86994a1f6d3c53fbf9208003cb /net/mac80211
parente45836fafe157df137a837093037f741ad8f4c90 (diff)
parentbbdb32cb5b73597386913d052165423b9d736145 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next
Pull networking merge from David Miller: "1) Move ixgbe driver over to purely page based buffering on receive. From Alexander Duyck. 2) Add receive packet steering support to e1000e, from Bruce Allan. 3) Convert TCP MD5 support over to RCU, from Eric Dumazet. 4) Reduce cpu usage in handling out-of-order TCP packets on modern systems, also from Eric Dumazet. 5) Support the IP{,V6}_UNICAST_IF socket options, making the wine folks happy, from Erich Hoover. 6) Support VLAN trunking from guests in hyperv driver, from Haiyang Zhang. 7) Support byte-queue-limtis in r8169, from Igor Maravic. 8) Outline code intended for IP_RECVTOS in IP_PKTOPTIONS existed but was never properly implemented, Jiri Benc fixed that. 9) 64-bit statistics support in r8169 and 8139too, from Junchang Wang. 10) Support kernel side dump filtering by ctmark in netfilter ctnetlink, from Pablo Neira Ayuso. 11) Support byte-queue-limits in gianfar driver, from Paul Gortmaker. 12) Add new peek socket options to assist with socket migration, from Pavel Emelyanov. 13) Add sch_plug packet scheduler whose queue is controlled by userland daemons using explicit freeze and release commands. From Shriram Rajagopalan. 14) Fix FCOE checksum offload handling on transmit, from Yi Zou." * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1846 commits) Fix pppol2tp getsockname() Remove printk from rds_sendmsg ipv6: fix incorrent ipv6 ipsec packet fragment cpsw: Hook up default ndo_change_mtu. net: qmi_wwan: fix build error due to cdc-wdm dependecy netdev: driver: ethernet: Add TI CPSW driver netdev: driver: ethernet: add cpsw address lookup engine support phy: add am79c874 PHY support mlx4_core: fix race on comm channel bonding: send igmp report for its master fs_enet: Add MPC5125 FEC support and PHY interface selection net: bpf_jit: fix BPF_S_LDX_B_MSH compilation net: update the usage of CHECKSUM_UNNECESSARY fcoe: use CHECKSUM_UNNECESSARY instead of CHECKSUM_PARTIAL on tx net: do not do gso for CHECKSUM_UNNECESSARY in netif_needs_gso ixgbe: Fix issues with SR-IOV loopback when flow control is disabled net/hyperv: Fix the code handling tx busy ixgbe: fix namespace issues when FCoE/DCB is not enabled rtlwifi: Remove unused ETH_ADDR_LEN defines igbvf: Use ETH_ALEN ... Fix up fairly trivial conflicts in drivers/isdn/gigaset/interface.c and drivers/net/usb/{Kconfig,qmi_wwan.c} as per David.
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Makefile4
-rw-r--r--net/mac80211/cfg.c241
-rw-r--r--net/mac80211/chan.c55
-rw-r--r--net/mac80211/debugfs.c87
-rw-r--r--net/mac80211/debugfs_netdev.c115
-rw-r--r--net/mac80211/debugfs_sta.c5
-rw-r--r--net/mac80211/driver-ops.h68
-rw-r--r--net/mac80211/driver-trace.h77
-rw-r--r--net/mac80211/ibss.c109
-rw-r--r--net/mac80211/ieee80211_i.h173
-rw-r--r--net/mac80211/iface.c24
-rw-r--r--net/mac80211/key.c39
-rw-r--r--net/mac80211/main.c27
-rw-r--r--net/mac80211/mesh.c2
-rw-r--r--net/mac80211/mesh.h5
-rw-r--r--net/mac80211/mesh_hwmp.c57
-rw-r--r--net/mac80211/mesh_pathtbl.c40
-rw-r--r--net/mac80211/mesh_plink.c23
-rw-r--r--net/mac80211/mlme.c1712
-rw-r--r--net/mac80211/pm.c11
-rw-r--r--net/mac80211/rate.c151
-rw-r--r--net/mac80211/rate.h4
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c16
-rw-r--r--net/mac80211/rx.c123
-rw-r--r--net/mac80211/scan.c74
-rw-r--r--net/mac80211/sta_info.c341
-rw-r--r--net/mac80211/sta_info.h61
-rw-r--r--net/mac80211/status.c10
-rw-r--r--net/mac80211/tx.c47
-rw-r--r--net/mac80211/util.c80
-rw-r--r--net/mac80211/wep.c21
-rw-r--r--net/mac80211/wep.h1
-rw-r--r--net/mac80211/work.c814
-rw-r--r--net/mac80211/wpa.c22
34 files changed, 2373 insertions, 2266 deletions
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index d540c3b160f3..1be7a454aa77 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -9,7 +9,7 @@ mac80211-y := \
9 scan.o offchannel.o \ 9 scan.o offchannel.o \
10 ht.o agg-tx.o agg-rx.o \ 10 ht.o agg-tx.o agg-rx.o \
11 ibss.o \ 11 ibss.o \
12 mlme.o work.o \ 12 work.o \
13 iface.o \ 13 iface.o \
14 rate.o \ 14 rate.o \
15 michael.o \ 15 michael.o \
@@ -25,7 +25,7 @@ mac80211-y := \
25 wme.o \ 25 wme.o \
26 event.o \ 26 event.o \
27 chan.o \ 27 chan.o \
28 driver-trace.o 28 driver-trace.o mlme.o
29 29
30mac80211-$(CONFIG_MAC80211_LEDS) += led.o 30mac80211-$(CONFIG_MAC80211_LEDS) += led.o
31mac80211-$(CONFIG_MAC80211_DEBUGFS) += \ 31mac80211-$(CONFIG_MAC80211_DEBUGFS) += \
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 296620d6ca0c..677d65929780 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -336,6 +336,20 @@ static void rate_idx_to_bitrate(struct rate_info *rate, struct sta_info *sta, in
336 rate->mcs = idx; 336 rate->mcs = idx;
337} 337}
338 338
339void sta_set_rate_info_tx(struct sta_info *sta,
340 const struct ieee80211_tx_rate *rate,
341 struct rate_info *rinfo)
342{
343 rinfo->flags = 0;
344 if (rate->flags & IEEE80211_TX_RC_MCS)
345 rinfo->flags |= RATE_INFO_FLAGS_MCS;
346 if (rate->flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
347 rinfo->flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
348 if (rate->flags & IEEE80211_TX_RC_SHORT_GI)
349 rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
350 rate_idx_to_bitrate(rinfo, sta, rate->idx);
351}
352
339static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo) 353static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
340{ 354{
341 struct ieee80211_sub_if_data *sdata = sta->sdata; 355 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -378,14 +392,7 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
378 sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal); 392 sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
379 } 393 }
380 394
381 sinfo->txrate.flags = 0; 395 sta_set_rate_info_tx(sta, &sta->last_tx_rate, &sinfo->txrate);
382 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_MCS)
383 sinfo->txrate.flags |= RATE_INFO_FLAGS_MCS;
384 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
385 sinfo->txrate.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
386 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_SHORT_GI)
387 sinfo->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
388 rate_idx_to_bitrate(&sinfo->txrate, sta, sta->last_tx_rate.idx);
389 396
390 sinfo->rxrate.flags = 0; 397 sinfo->rxrate.flags = 0;
391 if (sta->last_rx_rate_flag & RX_FLAG_HT) 398 if (sta->last_rx_rate_flag & RX_FLAG_HT)
@@ -489,27 +496,13 @@ static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
489 return ret; 496 return ret;
490} 497}
491 498
492static void ieee80211_config_ap_ssid(struct ieee80211_sub_if_data *sdata,
493 struct beacon_parameters *params)
494{
495 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
496
497 bss_conf->ssid_len = params->ssid_len;
498
499 if (params->ssid_len)
500 memcpy(bss_conf->ssid, params->ssid, params->ssid_len);
501
502 bss_conf->hidden_ssid =
503 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
504}
505
506static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata, 499static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
507 u8 *resp, size_t resp_len) 500 const u8 *resp, size_t resp_len)
508{ 501{
509 struct sk_buff *new, *old; 502 struct sk_buff *new, *old;
510 503
511 if (!resp || !resp_len) 504 if (!resp || !resp_len)
512 return -EINVAL; 505 return 1;
513 506
514 old = rtnl_dereference(sdata->u.ap.probe_resp); 507 old = rtnl_dereference(sdata->u.ap.probe_resp);
515 508
@@ -520,50 +513,28 @@ static int ieee80211_set_probe_resp(struct ieee80211_sub_if_data *sdata,
520 memcpy(skb_put(new, resp_len), resp, resp_len); 513 memcpy(skb_put(new, resp_len), resp, resp_len);
521 514
522 rcu_assign_pointer(sdata->u.ap.probe_resp, new); 515 rcu_assign_pointer(sdata->u.ap.probe_resp, new);
523 synchronize_rcu(); 516 if (old) {
524 517 /* TODO: use call_rcu() */
525 if (old) 518 synchronize_rcu();
526 dev_kfree_skb(old); 519 dev_kfree_skb(old);
520 }
527 521
528 return 0; 522 return 0;
529} 523}
530 524
531/* 525static int ieee80211_assign_beacon(struct ieee80211_sub_if_data *sdata,
532 * This handles both adding a beacon and setting new beacon info 526 struct cfg80211_beacon_data *params)
533 */
534static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
535 struct beacon_parameters *params)
536{ 527{
537 struct beacon_data *new, *old; 528 struct beacon_data *new, *old;
538 int new_head_len, new_tail_len; 529 int new_head_len, new_tail_len;
539 int size; 530 int size, err;
540 int err = -EINVAL; 531 u32 changed = BSS_CHANGED_BEACON;
541 u32 changed = 0;
542 532
543 old = rtnl_dereference(sdata->u.ap.beacon); 533 old = rtnl_dereference(sdata->u.ap.beacon);
544 534
545 /* head must not be zero-length */
546 if (params->head && !params->head_len)
547 return -EINVAL;
548
549 /*
550 * This is a kludge. beacon interval should really be part
551 * of the beacon information.
552 */
553 if (params->interval &&
554 (sdata->vif.bss_conf.beacon_int != params->interval)) {
555 sdata->vif.bss_conf.beacon_int = params->interval;
556 ieee80211_bss_info_change_notify(sdata,
557 BSS_CHANGED_BEACON_INT);
558 }
559
560 /* Need to have a beacon head if we don't have one yet */ 535 /* Need to have a beacon head if we don't have one yet */
561 if (!params->head && !old) 536 if (!params->head && !old)
562 return err; 537 return -EINVAL;
563
564 /* sorry, no way to start beaconing without dtim period */
565 if (!params->dtim_period && !old)
566 return err;
567 538
568 /* new or old head? */ 539 /* new or old head? */
569 if (params->head) 540 if (params->head)
@@ -586,12 +557,6 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
586 557
587 /* start filling the new info now */ 558 /* start filling the new info now */
588 559
589 /* new or old dtim period? */
590 if (params->dtim_period)
591 new->dtim_period = params->dtim_period;
592 else
593 new->dtim_period = old->dtim_period;
594
595 /* 560 /*
596 * pointers go into the block we allocated, 561 * pointers go into the block we allocated,
597 * memory is | beacon_data | head | tail | 562 * memory is | beacon_data | head | tail |
@@ -614,46 +579,37 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
614 if (old) 579 if (old)
615 memcpy(new->tail, old->tail, new_tail_len); 580 memcpy(new->tail, old->tail, new_tail_len);
616 581
617 sdata->vif.bss_conf.dtim_period = new->dtim_period;
618
619 rcu_assign_pointer(sdata->u.ap.beacon, new);
620
621 synchronize_rcu();
622
623 kfree(old);
624
625 err = ieee80211_set_probe_resp(sdata, params->probe_resp, 582 err = ieee80211_set_probe_resp(sdata, params->probe_resp,
626 params->probe_resp_len); 583 params->probe_resp_len);
627 if (!err) 584 if (err < 0)
585 return err;
586 if (err == 0)
628 changed |= BSS_CHANGED_AP_PROBE_RESP; 587 changed |= BSS_CHANGED_AP_PROBE_RESP;
629 588
630 ieee80211_config_ap_ssid(sdata, params); 589 rcu_assign_pointer(sdata->u.ap.beacon, new);
631 changed |= BSS_CHANGED_BEACON_ENABLED |
632 BSS_CHANGED_BEACON |
633 BSS_CHANGED_SSID;
634 590
635 ieee80211_bss_info_change_notify(sdata, changed); 591 if (old)
636 return 0; 592 kfree_rcu(old, rcu_head);
593
594 return changed;
637} 595}
638 596
639static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev, 597static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
640 struct beacon_parameters *params) 598 struct cfg80211_ap_settings *params)
641{ 599{
642 struct ieee80211_sub_if_data *sdata; 600 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
643 struct beacon_data *old; 601 struct beacon_data *old;
644 struct ieee80211_sub_if_data *vlan; 602 struct ieee80211_sub_if_data *vlan;
645 int ret; 603 u32 changed = BSS_CHANGED_BEACON_INT |
646 604 BSS_CHANGED_BEACON_ENABLED |
647 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 605 BSS_CHANGED_BEACON |
606 BSS_CHANGED_SSID;
607 int err;
648 608
649 old = rtnl_dereference(sdata->u.ap.beacon); 609 old = rtnl_dereference(sdata->u.ap.beacon);
650 if (old) 610 if (old)
651 return -EALREADY; 611 return -EALREADY;
652 612
653 ret = ieee80211_config_beacon(sdata, params);
654 if (ret)
655 return ret;
656
657 /* 613 /*
658 * Apply control port protocol, this allows us to 614 * Apply control port protocol, this allows us to
659 * not encrypt dynamic WEP control frames. 615 * not encrypt dynamic WEP control frames.
@@ -667,14 +623,32 @@ static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
667 params->crypto.control_port_no_encrypt; 623 params->crypto.control_port_no_encrypt;
668 } 624 }
669 625
626 sdata->vif.bss_conf.beacon_int = params->beacon_interval;
627 sdata->vif.bss_conf.dtim_period = params->dtim_period;
628
629 sdata->vif.bss_conf.ssid_len = params->ssid_len;
630 if (params->ssid_len)
631 memcpy(sdata->vif.bss_conf.ssid, params->ssid,
632 params->ssid_len);
633 sdata->vif.bss_conf.hidden_ssid =
634 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
635
636 err = ieee80211_assign_beacon(sdata, &params->beacon);
637 if (err < 0)
638 return err;
639 changed |= err;
640
641 ieee80211_bss_info_change_notify(sdata, changed);
642
670 return 0; 643 return 0;
671} 644}
672 645
673static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev, 646static int ieee80211_change_beacon(struct wiphy *wiphy, struct net_device *dev,
674 struct beacon_parameters *params) 647 struct cfg80211_beacon_data *params)
675{ 648{
676 struct ieee80211_sub_if_data *sdata; 649 struct ieee80211_sub_if_data *sdata;
677 struct beacon_data *old; 650 struct beacon_data *old;
651 int err;
678 652
679 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 653 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
680 654
@@ -682,10 +656,14 @@ static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
682 if (!old) 656 if (!old)
683 return -ENOENT; 657 return -ENOENT;
684 658
685 return ieee80211_config_beacon(sdata, params); 659 err = ieee80211_assign_beacon(sdata, params);
660 if (err < 0)
661 return err;
662 ieee80211_bss_info_change_notify(sdata, err);
663 return 0;
686} 664}
687 665
688static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev) 666static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
689{ 667{
690 struct ieee80211_sub_if_data *sdata; 668 struct ieee80211_sub_if_data *sdata;
691 struct beacon_data *old; 669 struct beacon_data *old;
@@ -697,10 +675,11 @@ static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
697 return -ENOENT; 675 return -ENOENT;
698 676
699 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL); 677 RCU_INIT_POINTER(sdata->u.ap.beacon, NULL);
700 synchronize_rcu(); 678
701 kfree(old); 679 kfree_rcu(old, rcu_head);
702 680
703 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 681 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
682
704 return 0; 683 return 0;
705} 684}
706 685
@@ -776,12 +755,10 @@ static int sta_apply_parameters(struct ieee80211_local *local,
776 755
777 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED) && 756 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED) &&
778 !test_sta_flag(sta, WLAN_STA_AUTH)) { 757 !test_sta_flag(sta, WLAN_STA_AUTH)) {
779 ret = sta_info_move_state_checked(sta, 758 ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
780 IEEE80211_STA_AUTH);
781 if (ret) 759 if (ret)
782 return ret; 760 return ret;
783 ret = sta_info_move_state_checked(sta, 761 ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
784 IEEE80211_STA_ASSOC);
785 if (ret) 762 if (ret)
786 return ret; 763 return ret;
787 } 764 }
@@ -789,11 +766,9 @@ static int sta_apply_parameters(struct ieee80211_local *local,
789 766
790 if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) { 767 if (mask & BIT(NL80211_STA_FLAG_AUTHORIZED)) {
791 if (set & BIT(NL80211_STA_FLAG_AUTHORIZED)) 768 if (set & BIT(NL80211_STA_FLAG_AUTHORIZED))
792 ret = sta_info_move_state_checked(sta, 769 ret = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
793 IEEE80211_STA_AUTHORIZED);
794 else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) 770 else if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
795 ret = sta_info_move_state_checked(sta, 771 ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
796 IEEE80211_STA_ASSOC);
797 if (ret) 772 if (ret)
798 return ret; 773 return ret;
799 } 774 }
@@ -805,12 +780,10 @@ static int sta_apply_parameters(struct ieee80211_local *local,
805 780
806 if (!(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) && 781 if (!(set & BIT(NL80211_STA_FLAG_AUTHENTICATED)) &&
807 test_sta_flag(sta, WLAN_STA_AUTH)) { 782 test_sta_flag(sta, WLAN_STA_AUTH)) {
808 ret = sta_info_move_state_checked(sta, 783 ret = sta_info_move_state(sta, IEEE80211_STA_AUTH);
809 IEEE80211_STA_AUTH);
810 if (ret) 784 if (ret)
811 return ret; 785 return ret;
812 ret = sta_info_move_state_checked(sta, 786 ret = sta_info_move_state(sta, IEEE80211_STA_NONE);
813 IEEE80211_STA_NONE);
814 if (ret) 787 if (ret)
815 return ret; 788 return ret;
816 } 789 }
@@ -944,8 +917,8 @@ static int ieee80211_add_station(struct wiphy *wiphy, struct net_device *dev,
944 if (!sta) 917 if (!sta)
945 return -ENOMEM; 918 return -ENOMEM;
946 919
947 sta_info_move_state(sta, IEEE80211_STA_AUTH); 920 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
948 sta_info_move_state(sta, IEEE80211_STA_ASSOC); 921 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
949 922
950 err = sta_apply_parameters(local, sta, params); 923 err = sta_apply_parameters(local, sta, params);
951 if (err) { 924 if (err) {
@@ -1001,6 +974,7 @@ static int ieee80211_change_station(struct wiphy *wiphy,
1001 struct ieee80211_local *local = wiphy_priv(wiphy); 974 struct ieee80211_local *local = wiphy_priv(wiphy);
1002 struct sta_info *sta; 975 struct sta_info *sta;
1003 struct ieee80211_sub_if_data *vlansdata; 976 struct ieee80211_sub_if_data *vlansdata;
977 int err;
1004 978
1005 mutex_lock(&local->sta_mtx); 979 mutex_lock(&local->sta_mtx);
1006 980
@@ -1040,7 +1014,11 @@ static int ieee80211_change_station(struct wiphy *wiphy,
1040 ieee80211_send_layer2_update(sta); 1014 ieee80211_send_layer2_update(sta);
1041 } 1015 }
1042 1016
1043 sta_apply_parameters(local, sta, params); 1017 err = sta_apply_parameters(local, sta, params);
1018 if (err) {
1019 mutex_unlock(&local->sta_mtx);
1020 return err;
1021 }
1044 1022
1045 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) && params->supported_rates) 1023 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER) && params->supported_rates)
1046 rate_control_rate_init(sta); 1024 rate_control_rate_init(sta);
@@ -1341,6 +1319,16 @@ static int ieee80211_update_mesh_config(struct wiphy *wiphy,
1341 conf->dot11MeshHWMPRannInterval = 1319 conf->dot11MeshHWMPRannInterval =
1342 nconf->dot11MeshHWMPRannInterval; 1320 nconf->dot11MeshHWMPRannInterval;
1343 } 1321 }
1322 if (_chg_mesh_attr(NL80211_MESHCONF_FORWARDING, mask))
1323 conf->dot11MeshForwarding = nconf->dot11MeshForwarding;
1324 if (_chg_mesh_attr(NL80211_MESHCONF_RSSI_THRESHOLD, mask)) {
1325 /* our RSSI threshold implementation is supported only for
1326 * devices that report signal in dBm.
1327 */
1328 if (!(sdata->local->hw.flags & IEEE80211_HW_SIGNAL_DBM))
1329 return -ENOTSUPP;
1330 conf->rssi_threshold = nconf->rssi_threshold;
1331 }
1344 return 0; 1332 return 0;
1345} 1333}
1346 1334
@@ -1622,19 +1610,15 @@ static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
1622} 1610}
1623 1611
1624static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev, 1612static int ieee80211_deauth(struct wiphy *wiphy, struct net_device *dev,
1625 struct cfg80211_deauth_request *req, 1613 struct cfg80211_deauth_request *req)
1626 void *cookie)
1627{ 1614{
1628 return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), 1615 return ieee80211_mgd_deauth(IEEE80211_DEV_TO_SUB_IF(dev), req);
1629 req, cookie);
1630} 1616}
1631 1617
1632static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev, 1618static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
1633 struct cfg80211_disassoc_request *req, 1619 struct cfg80211_disassoc_request *req)
1634 void *cookie)
1635{ 1620{
1636 return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), 1621 return ieee80211_mgd_disassoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
1637 req, cookie);
1638} 1622}
1639 1623
1640static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev, 1624static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
@@ -1868,7 +1852,6 @@ static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
1868 s32 rssi_thold, u32 rssi_hyst) 1852 s32 rssi_thold, u32 rssi_hyst)
1869{ 1853{
1870 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1854 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1871 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1872 struct ieee80211_vif *vif = &sdata->vif; 1855 struct ieee80211_vif *vif = &sdata->vif;
1873 struct ieee80211_bss_conf *bss_conf = &vif->bss_conf; 1856 struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
1874 1857
@@ -1879,14 +1862,9 @@ static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
1879 bss_conf->cqm_rssi_thold = rssi_thold; 1862 bss_conf->cqm_rssi_thold = rssi_thold;
1880 bss_conf->cqm_rssi_hyst = rssi_hyst; 1863 bss_conf->cqm_rssi_hyst = rssi_hyst;
1881 1864
1882 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) {
1883 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1884 return -EOPNOTSUPP;
1885 return 0;
1886 }
1887
1888 /* tell the driver upon association, unless already associated */ 1865 /* tell the driver upon association, unless already associated */
1889 if (sdata->u.mgd.associated) 1866 if (sdata->u.mgd.associated &&
1867 sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)
1890 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM); 1868 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM);
1891 1869
1892 return 0; 1870 return 0;
@@ -1907,8 +1885,11 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1907 return ret; 1885 return ret;
1908 } 1886 }
1909 1887
1910 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1888 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
1911 sdata->rc_rateidx_mask[i] = mask->control[i].legacy; 1889 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
1890 memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs,
1891 sizeof(mask->control[i].mcs));
1892 }
1912 1893
1913 return 0; 1894 return 0;
1914} 1895}
@@ -2030,7 +2011,7 @@ ieee80211_offchan_tx_done(struct ieee80211_work *wk, struct sk_buff *skb)
2030 if (wk->offchan_tx.wait && !wk->offchan_tx.status) 2011 if (wk->offchan_tx.wait && !wk->offchan_tx.status)
2031 cfg80211_mgmt_tx_status(wk->sdata->dev, 2012 cfg80211_mgmt_tx_status(wk->sdata->dev,
2032 (unsigned long) wk->offchan_tx.frame, 2013 (unsigned long) wk->offchan_tx.frame,
2033 wk->ie, wk->ie_len, false, GFP_KERNEL); 2014 wk->data, wk->data_len, false, GFP_KERNEL);
2034 2015
2035 return WORK_DONE_DESTROY; 2016 return WORK_DONE_DESTROY;
2036} 2017}
@@ -2181,8 +2162,8 @@ static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
2181 wk->done = ieee80211_offchan_tx_done; 2162 wk->done = ieee80211_offchan_tx_done;
2182 wk->offchan_tx.frame = skb; 2163 wk->offchan_tx.frame = skb;
2183 wk->offchan_tx.wait = wait; 2164 wk->offchan_tx.wait = wait;
2184 wk->ie_len = len; 2165 wk->data_len = len;
2185 memcpy(wk->ie, buf, len); 2166 memcpy(wk->data, buf, len);
2186 2167
2187 ieee80211_add_work(wk); 2168 ieee80211_add_work(wk);
2188 return 0; 2169 return 0;
@@ -2701,9 +2682,9 @@ struct cfg80211_ops mac80211_config_ops = {
2701 .get_key = ieee80211_get_key, 2682 .get_key = ieee80211_get_key,
2702 .set_default_key = ieee80211_config_default_key, 2683 .set_default_key = ieee80211_config_default_key,
2703 .set_default_mgmt_key = ieee80211_config_default_mgmt_key, 2684 .set_default_mgmt_key = ieee80211_config_default_mgmt_key,
2704 .add_beacon = ieee80211_add_beacon, 2685 .start_ap = ieee80211_start_ap,
2705 .set_beacon = ieee80211_set_beacon, 2686 .change_beacon = ieee80211_change_beacon,
2706 .del_beacon = ieee80211_del_beacon, 2687 .stop_ap = ieee80211_stop_ap,
2707 .add_station = ieee80211_add_station, 2688 .add_station = ieee80211_add_station,
2708 .del_station = ieee80211_del_station, 2689 .del_station = ieee80211_del_station,
2709 .change_station = ieee80211_change_station, 2690 .change_station = ieee80211_change_station,
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 889c3e93e0f4..e00ce8c3e28e 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -3,6 +3,7 @@
3 */ 3 */
4 4
5#include <linux/nl80211.h> 5#include <linux/nl80211.h>
6#include <net/cfg80211.h>
6#include "ieee80211_i.h" 7#include "ieee80211_i.h"
7 8
8static enum ieee80211_chan_mode 9static enum ieee80211_chan_mode
@@ -20,23 +21,29 @@ __ieee80211_get_channel_mode(struct ieee80211_local *local,
20 if (!ieee80211_sdata_running(sdata)) 21 if (!ieee80211_sdata_running(sdata))
21 continue; 22 continue;
22 23
23 if (sdata->vif.type == NL80211_IFTYPE_MONITOR) 24 switch (sdata->vif.type) {
25 case NL80211_IFTYPE_MONITOR:
24 continue; 26 continue;
25 27 case NL80211_IFTYPE_STATION:
26 if (sdata->vif.type == NL80211_IFTYPE_STATION && 28 if (!sdata->u.mgd.associated)
27 !sdata->u.mgd.associated) 29 continue;
28 continue; 30 break;
29 31 case NL80211_IFTYPE_ADHOC:
30 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
31 if (!sdata->u.ibss.ssid_len) 32 if (!sdata->u.ibss.ssid_len)
32 continue; 33 continue;
33 if (!sdata->u.ibss.fixed_channel) 34 if (!sdata->u.ibss.fixed_channel)
34 return CHAN_MODE_HOPPING; 35 return CHAN_MODE_HOPPING;
35 } 36 break;
36 37 case NL80211_IFTYPE_AP_VLAN:
37 if (sdata->vif.type == NL80211_IFTYPE_AP && 38 /* will also have _AP interface */
38 !sdata->u.ap.beacon)
39 continue; 39 continue;
40 case NL80211_IFTYPE_AP:
41 if (!sdata->u.ap.beacon)
42 continue;
43 break;
44 default:
45 break;
46 }
40 47
41 return CHAN_MODE_FIXED; 48 return CHAN_MODE_FIXED;
42 } 49 }
@@ -128,3 +135,29 @@ bool ieee80211_set_channel_type(struct ieee80211_local *local,
128 135
129 return result; 136 return result;
130} 137}
138
139/*
140 * ieee80211_get_tx_channel_type returns the channel type we should
141 * use for packet transmission, given the channel capability and
142 * whatever regulatory flags we have been given.
143 */
144enum nl80211_channel_type ieee80211_get_tx_channel_type(
145 struct ieee80211_local *local,
146 enum nl80211_channel_type channel_type)
147{
148 switch (channel_type) {
149 case NL80211_CHAN_HT40PLUS:
150 if (local->hw.conf.channel->flags &
151 IEEE80211_CHAN_NO_HT40PLUS)
152 return NL80211_CHAN_HT20;
153 break;
154 case NL80211_CHAN_HT40MINUS:
155 if (local->hw.conf.channel->flags &
156 IEEE80211_CHAN_NO_HT40MINUS)
157 return NL80211_CHAN_HT20;
158 break;
159 default:
160 break;
161 }
162 return channel_type;
163}
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 90baea53e7c5..cc5b7a6e7e0b 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -97,85 +97,6 @@ static const struct file_operations reset_ops = {
97 .llseek = noop_llseek, 97 .llseek = noop_llseek,
98}; 98};
99 99
100static ssize_t uapsd_queues_read(struct file *file, char __user *user_buf,
101 size_t count, loff_t *ppos)
102{
103 struct ieee80211_local *local = file->private_data;
104 return mac80211_format_buffer(user_buf, count, ppos, "0x%x\n",
105 local->uapsd_queues);
106}
107
108static ssize_t uapsd_queues_write(struct file *file,
109 const char __user *user_buf,
110 size_t count, loff_t *ppos)
111{
112 struct ieee80211_local *local = file->private_data;
113 u8 val;
114 int ret;
115
116 ret = kstrtou8_from_user(user_buf, count, 0, &val);
117 if (ret)
118 return ret;
119
120 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
121 return -ERANGE;
122
123 local->uapsd_queues = val;
124
125 return count;
126}
127
128static const struct file_operations uapsd_queues_ops = {
129 .read = uapsd_queues_read,
130 .write = uapsd_queues_write,
131 .open = mac80211_open_file_generic,
132 .llseek = default_llseek,
133};
134
135static ssize_t uapsd_max_sp_len_read(struct file *file, char __user *user_buf,
136 size_t count, loff_t *ppos)
137{
138 struct ieee80211_local *local = file->private_data;
139
140 return mac80211_format_buffer(user_buf, count, ppos, "0x%x\n",
141 local->uapsd_max_sp_len);
142}
143
144static ssize_t uapsd_max_sp_len_write(struct file *file,
145 const char __user *user_buf,
146 size_t count, loff_t *ppos)
147{
148 struct ieee80211_local *local = file->private_data;
149 unsigned long val;
150 char buf[10];
151 size_t len;
152 int ret;
153
154 len = min(count, sizeof(buf) - 1);
155 if (copy_from_user(buf, user_buf, len))
156 return -EFAULT;
157 buf[len] = '\0';
158
159 ret = kstrtoul(buf, 0, &val);
160
161 if (ret)
162 return -EINVAL;
163
164 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
165 return -ERANGE;
166
167 local->uapsd_max_sp_len = val;
168
169 return count;
170}
171
172static const struct file_operations uapsd_max_sp_len_ops = {
173 .read = uapsd_max_sp_len_read,
174 .write = uapsd_max_sp_len_write,
175 .open = mac80211_open_file_generic,
176 .llseek = default_llseek,
177};
178
179static ssize_t channel_type_read(struct file *file, char __user *user_buf, 100static ssize_t channel_type_read(struct file *file, char __user *user_buf,
180 size_t count, loff_t *ppos) 101 size_t count, loff_t *ppos)
181{ 102{
@@ -247,8 +168,6 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
247 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n"); 168 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
248 if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE) 169 if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)
249 sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n"); 170 sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
250 if (local->hw.flags & IEEE80211_HW_BEACON_FILTER)
251 sf += snprintf(buf + sf, mxln - sf, "BEACON_FILTER\n");
252 if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS) 171 if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)
253 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n"); 172 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
254 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS) 173 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
@@ -259,14 +178,14 @@ static ssize_t hwflags_read(struct file *file, char __user *user_buf,
259 sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n"); 178 sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n");
260 if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 179 if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
261 sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n"); 180 sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
262 if (local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)
263 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_CQM_RSSI\n");
264 if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK) 181 if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)
265 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n"); 182 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
266 if (local->hw.flags & IEEE80211_HW_AP_LINK_PS) 183 if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
267 sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n"); 184 sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
268 if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW) 185 if (local->hw.flags & IEEE80211_HW_TX_AMPDU_SETUP_IN_HW)
269 sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n"); 186 sf += snprintf(buf + sf, mxln - sf, "TX_AMPDU_SETUP_IN_HW\n");
187 if (local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)
188 sf += snprintf(buf + sf, mxln - sf, "SCAN_WHILE_IDLE\n");
270 189
271 rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf)); 190 rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
272 kfree(buf); 191 kfree(buf);
@@ -364,8 +283,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
364 DEBUGFS_ADD(wep_iv); 283 DEBUGFS_ADD(wep_iv);
365 DEBUGFS_ADD(queues); 284 DEBUGFS_ADD(queues);
366 DEBUGFS_ADD_MODE(reset, 0200); 285 DEBUGFS_ADD_MODE(reset, 0200);
367 DEBUGFS_ADD(uapsd_queues);
368 DEBUGFS_ADD(uapsd_max_sp_len);
369 DEBUGFS_ADD(channel_type); 286 DEBUGFS_ADD(channel_type);
370 DEBUGFS_ADD(hwflags); 287 DEBUGFS_ADD(hwflags);
371 DEBUGFS_ADD(user_power); 288 DEBUGFS_ADD(user_power);
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 176c08ffb13c..a32eeda04aa3 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -49,16 +49,15 @@ static ssize_t ieee80211_if_write(
49 size_t count, loff_t *ppos, 49 size_t count, loff_t *ppos,
50 ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int)) 50 ssize_t (*write)(struct ieee80211_sub_if_data *, const char *, int))
51{ 51{
52 u8 *buf; 52 char buf[64];
53 ssize_t ret; 53 ssize_t ret;
54 54
55 buf = kmalloc(count, GFP_KERNEL); 55 if (count >= sizeof(buf))
56 if (!buf) 56 return -E2BIG;
57 return -ENOMEM;
58 57
59 ret = -EFAULT;
60 if (copy_from_user(buf, userbuf, count)) 58 if (copy_from_user(buf, userbuf, count))
61 goto freebuf; 59 return -EFAULT;
60 buf[count] = '\0';
62 61
63 ret = -ENODEV; 62 ret = -ENODEV;
64 rtnl_lock(); 63 rtnl_lock();
@@ -66,8 +65,6 @@ static ssize_t ieee80211_if_write(
66 ret = (*write)(sdata, buf, count); 65 ret = (*write)(sdata, buf, count);
67 rtnl_unlock(); 66 rtnl_unlock();
68 67
69freebuf:
70 kfree(buf);
71 return ret; 68 return ret;
72} 69}
73 70
@@ -87,6 +84,21 @@ static ssize_t ieee80211_if_fmt_##name( \
87#define IEEE80211_IF_FMT_SIZE(name, field) \ 84#define IEEE80211_IF_FMT_SIZE(name, field) \
88 IEEE80211_IF_FMT(name, field, "%zd\n") 85 IEEE80211_IF_FMT(name, field, "%zd\n")
89 86
87#define IEEE80211_IF_FMT_HEXARRAY(name, field) \
88static ssize_t ieee80211_if_fmt_##name( \
89 const struct ieee80211_sub_if_data *sdata, \
90 char *buf, int buflen) \
91{ \
92 char *p = buf; \
93 int i; \
94 for (i = 0; i < sizeof(sdata->field); i++) { \
95 p += scnprintf(p, buflen + buf - p, "%.2x ", \
96 sdata->field[i]); \
97 } \
98 p += scnprintf(p, buflen + buf - p, "\n"); \
99 return p - buf; \
100}
101
90#define IEEE80211_IF_FMT_ATOMIC(name, field) \ 102#define IEEE80211_IF_FMT_ATOMIC(name, field) \
91static ssize_t ieee80211_if_fmt_##name( \ 103static ssize_t ieee80211_if_fmt_##name( \
92 const struct ieee80211_sub_if_data *sdata, \ 104 const struct ieee80211_sub_if_data *sdata, \
@@ -148,6 +160,11 @@ IEEE80211_IF_FILE(rc_rateidx_mask_2ghz, rc_rateidx_mask[IEEE80211_BAND_2GHZ],
148 HEX); 160 HEX);
149IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ], 161IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ],
150 HEX); 162 HEX);
163IEEE80211_IF_FILE(rc_rateidx_mcs_mask_2ghz,
164 rc_rateidx_mcs_mask[IEEE80211_BAND_2GHZ], HEXARRAY);
165IEEE80211_IF_FILE(rc_rateidx_mcs_mask_5ghz,
166 rc_rateidx_mcs_mask[IEEE80211_BAND_5GHZ], HEXARRAY);
167
151IEEE80211_IF_FILE(flags, flags, HEX); 168IEEE80211_IF_FILE(flags, flags, HEX);
152IEEE80211_IF_FILE(state, state, LHEX); 169IEEE80211_IF_FILE(state, state, LHEX);
153IEEE80211_IF_FILE(channel_type, vif.bss_conf.channel_type, DEC); 170IEEE80211_IF_FILE(channel_type, vif.bss_conf.channel_type, DEC);
@@ -320,6 +337,62 @@ static ssize_t ieee80211_if_parse_tkip_mic_test(
320 337
321__IEEE80211_IF_FILE_W(tkip_mic_test); 338__IEEE80211_IF_FILE_W(tkip_mic_test);
322 339
340static ssize_t ieee80211_if_fmt_uapsd_queues(
341 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
342{
343 const struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
344
345 return snprintf(buf, buflen, "0x%x\n", ifmgd->uapsd_queues);
346}
347
348static ssize_t ieee80211_if_parse_uapsd_queues(
349 struct ieee80211_sub_if_data *sdata, const char *buf, int buflen)
350{
351 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
352 u8 val;
353 int ret;
354
355 ret = kstrtou8(buf, 0, &val);
356 if (ret)
357 return ret;
358
359 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
360 return -ERANGE;
361
362 ifmgd->uapsd_queues = val;
363
364 return buflen;
365}
366__IEEE80211_IF_FILE_W(uapsd_queues);
367
368static ssize_t ieee80211_if_fmt_uapsd_max_sp_len(
369 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
370{
371 const struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
372
373 return snprintf(buf, buflen, "0x%x\n", ifmgd->uapsd_max_sp_len);
374}
375
376static ssize_t ieee80211_if_parse_uapsd_max_sp_len(
377 struct ieee80211_sub_if_data *sdata, const char *buf, int buflen)
378{
379 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
380 unsigned long val;
381 int ret;
382
383 ret = kstrtoul(buf, 0, &val);
384 if (ret)
385 return -EINVAL;
386
387 if (val & ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
388 return -ERANGE;
389
390 ifmgd->uapsd_max_sp_len = val;
391
392 return buflen;
393}
394__IEEE80211_IF_FILE_W(uapsd_max_sp_len);
395
323/* AP attributes */ 396/* AP attributes */
324IEEE80211_IF_FILE(num_sta_authorized, u.ap.num_sta_authorized, ATOMIC); 397IEEE80211_IF_FILE(num_sta_authorized, u.ap.num_sta_authorized, ATOMIC);
325IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC); 398IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
@@ -422,6 +495,8 @@ IEEE80211_IF_FILE(dot11MeshGateAnnouncementProtocol,
422 u.mesh.mshcfg.dot11MeshGateAnnouncementProtocol, DEC); 495 u.mesh.mshcfg.dot11MeshGateAnnouncementProtocol, DEC);
423IEEE80211_IF_FILE(dot11MeshHWMPRannInterval, 496IEEE80211_IF_FILE(dot11MeshHWMPRannInterval,
424 u.mesh.mshcfg.dot11MeshHWMPRannInterval, DEC); 497 u.mesh.mshcfg.dot11MeshHWMPRannInterval, DEC);
498IEEE80211_IF_FILE(dot11MeshForwarding, u.mesh.mshcfg.dot11MeshForwarding, DEC);
499IEEE80211_IF_FILE(rssi_threshold, u.mesh.mshcfg.rssi_threshold, DEC);
425#endif 500#endif
426 501
427 502
@@ -441,6 +516,8 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
441 DEBUGFS_ADD(channel_type); 516 DEBUGFS_ADD(channel_type);
442 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 517 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
443 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 518 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
519 DEBUGFS_ADD(rc_rateidx_mcs_mask_2ghz);
520 DEBUGFS_ADD(rc_rateidx_mcs_mask_5ghz);
444 521
445 DEBUGFS_ADD(bssid); 522 DEBUGFS_ADD(bssid);
446 DEBUGFS_ADD(aid); 523 DEBUGFS_ADD(aid);
@@ -448,6 +525,8 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
448 DEBUGFS_ADD(ave_beacon); 525 DEBUGFS_ADD(ave_beacon);
449 DEBUGFS_ADD_MODE(smps, 0600); 526 DEBUGFS_ADD_MODE(smps, 0600);
450 DEBUGFS_ADD_MODE(tkip_mic_test, 0200); 527 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
528 DEBUGFS_ADD_MODE(uapsd_queues, 0600);
529 DEBUGFS_ADD_MODE(uapsd_max_sp_len, 0600);
451} 530}
452 531
453static void add_ap_files(struct ieee80211_sub_if_data *sdata) 532static void add_ap_files(struct ieee80211_sub_if_data *sdata)
@@ -458,6 +537,8 @@ static void add_ap_files(struct ieee80211_sub_if_data *sdata)
458 DEBUGFS_ADD(channel_type); 537 DEBUGFS_ADD(channel_type);
459 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 538 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
460 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 539 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
540 DEBUGFS_ADD(rc_rateidx_mcs_mask_2ghz);
541 DEBUGFS_ADD(rc_rateidx_mcs_mask_5ghz);
461 542
462 DEBUGFS_ADD(num_sta_authorized); 543 DEBUGFS_ADD(num_sta_authorized);
463 DEBUGFS_ADD(num_sta_ps); 544 DEBUGFS_ADD(num_sta_ps);
@@ -468,6 +549,12 @@ static void add_ap_files(struct ieee80211_sub_if_data *sdata)
468 549
469static void add_ibss_files(struct ieee80211_sub_if_data *sdata) 550static void add_ibss_files(struct ieee80211_sub_if_data *sdata)
470{ 551{
552 DEBUGFS_ADD(channel_type);
553 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
554 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
555 DEBUGFS_ADD(rc_rateidx_mcs_mask_2ghz);
556 DEBUGFS_ADD(rc_rateidx_mcs_mask_5ghz);
557
471 DEBUGFS_ADD_MODE(tsf, 0600); 558 DEBUGFS_ADD_MODE(tsf, 0600);
472} 559}
473 560
@@ -479,6 +566,8 @@ static void add_wds_files(struct ieee80211_sub_if_data *sdata)
479 DEBUGFS_ADD(channel_type); 566 DEBUGFS_ADD(channel_type);
480 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 567 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
481 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 568 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
569 DEBUGFS_ADD(rc_rateidx_mcs_mask_2ghz);
570 DEBUGFS_ADD(rc_rateidx_mcs_mask_5ghz);
482 571
483 DEBUGFS_ADD(peer); 572 DEBUGFS_ADD(peer);
484} 573}
@@ -491,6 +580,8 @@ static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
491 DEBUGFS_ADD(channel_type); 580 DEBUGFS_ADD(channel_type);
492 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 581 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
493 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 582 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
583 DEBUGFS_ADD(rc_rateidx_mcs_mask_2ghz);
584 DEBUGFS_ADD(rc_rateidx_mcs_mask_5ghz);
494} 585}
495 586
496static void add_monitor_files(struct ieee80211_sub_if_data *sdata) 587static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
@@ -502,11 +593,15 @@ static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
502 593
503#ifdef CONFIG_MAC80211_MESH 594#ifdef CONFIG_MAC80211_MESH
504 595
596static void add_mesh_files(struct ieee80211_sub_if_data *sdata)
597{
598 DEBUGFS_ADD_MODE(tsf, 0600);
599}
600
505static void add_mesh_stats(struct ieee80211_sub_if_data *sdata) 601static void add_mesh_stats(struct ieee80211_sub_if_data *sdata)
506{ 602{
507 struct dentry *dir = debugfs_create_dir("mesh_stats", 603 struct dentry *dir = debugfs_create_dir("mesh_stats",
508 sdata->debugfs.dir); 604 sdata->debugfs.dir);
509
510#define MESHSTATS_ADD(name)\ 605#define MESHSTATS_ADD(name)\
511 debugfs_create_file(#name, 0400, dir, sdata, &name##_ops); 606 debugfs_create_file(#name, 0400, dir, sdata, &name##_ops);
512 607
@@ -546,6 +641,7 @@ static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
546 MESHPARAMS_ADD(dot11MeshHWMPRootMode); 641 MESHPARAMS_ADD(dot11MeshHWMPRootMode);
547 MESHPARAMS_ADD(dot11MeshHWMPRannInterval); 642 MESHPARAMS_ADD(dot11MeshHWMPRannInterval);
548 MESHPARAMS_ADD(dot11MeshGateAnnouncementProtocol); 643 MESHPARAMS_ADD(dot11MeshGateAnnouncementProtocol);
644 MESHPARAMS_ADD(rssi_threshold);
549#undef MESHPARAMS_ADD 645#undef MESHPARAMS_ADD
550} 646}
551#endif 647#endif
@@ -558,6 +654,7 @@ static void add_files(struct ieee80211_sub_if_data *sdata)
558 switch (sdata->vif.type) { 654 switch (sdata->vif.type) {
559 case NL80211_IFTYPE_MESH_POINT: 655 case NL80211_IFTYPE_MESH_POINT:
560#ifdef CONFIG_MAC80211_MESH 656#ifdef CONFIG_MAC80211_MESH
657 add_mesh_files(sdata);
561 add_mesh_stats(sdata); 658 add_mesh_stats(sdata);
562 add_mesh_config(sdata); 659 add_mesh_config(sdata);
563#endif 660#endif
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index d86217d56bd7..6d45804d09bc 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -63,14 +63,15 @@ static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
63 test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : "" 63 test_sta_flag(sta, WLAN_STA_##flg) ? #flg "\n" : ""
64 64
65 int res = scnprintf(buf, sizeof(buf), 65 int res = scnprintf(buf, sizeof(buf),
66 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", 66 "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s",
67 TEST(AUTH), TEST(ASSOC), TEST(PS_STA), 67 TEST(AUTH), TEST(ASSOC), TEST(PS_STA),
68 TEST(PS_DRIVER), TEST(AUTHORIZED), 68 TEST(PS_DRIVER), TEST(AUTHORIZED),
69 TEST(SHORT_PREAMBLE), 69 TEST(SHORT_PREAMBLE),
70 TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT), 70 TEST(WME), TEST(WDS), TEST(CLEAR_PS_FILT),
71 TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL), 71 TEST(MFP), TEST(BLOCK_BA), TEST(PSPOLL),
72 TEST(UAPSD), TEST(SP), TEST(TDLS_PEER), 72 TEST(UAPSD), TEST(SP), TEST(TDLS_PEER),
73 TEST(TDLS_PEER_AUTH), TEST(RATE_CONTROL)); 73 TEST(TDLS_PEER_AUTH), TEST(4ADDR_EVENT),
74 TEST(INSERTED), TEST(RATE_CONTROL));
74#undef TEST 75#undef TEST
75 return simple_read_from_buffer(userbuf, count, ppos, buf, res); 76 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
76} 77}
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index e8960ae39861..af4691fed645 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -168,41 +168,6 @@ static inline void drv_bss_info_changed(struct ieee80211_local *local,
168 trace_drv_return_void(local); 168 trace_drv_return_void(local);
169} 169}
170 170
171static inline int drv_tx_sync(struct ieee80211_local *local,
172 struct ieee80211_sub_if_data *sdata,
173 const u8 *bssid,
174 enum ieee80211_tx_sync_type type)
175{
176 int ret = 0;
177
178 might_sleep();
179
180 check_sdata_in_driver(sdata);
181
182 trace_drv_tx_sync(local, sdata, bssid, type);
183 if (local->ops->tx_sync)
184 ret = local->ops->tx_sync(&local->hw, &sdata->vif,
185 bssid, type);
186 trace_drv_return_int(local, ret);
187 return ret;
188}
189
190static inline void drv_finish_tx_sync(struct ieee80211_local *local,
191 struct ieee80211_sub_if_data *sdata,
192 const u8 *bssid,
193 enum ieee80211_tx_sync_type type)
194{
195 might_sleep();
196
197 check_sdata_in_driver(sdata);
198
199 trace_drv_finish_tx_sync(local, sdata, bssid, type);
200 if (local->ops->finish_tx_sync)
201 local->ops->finish_tx_sync(&local->hw, &sdata->vif,
202 bssid, type);
203 trace_drv_return_void(local);
204}
205
206static inline u64 drv_prepare_multicast(struct ieee80211_local *local, 171static inline u64 drv_prepare_multicast(struct ieee80211_local *local,
207 struct netdev_hw_addr_list *mc_list) 172 struct netdev_hw_addr_list *mc_list)
208{ 173{
@@ -253,6 +218,7 @@ static inline int drv_set_key(struct ieee80211_local *local,
253 218
254 might_sleep(); 219 might_sleep();
255 220
221 sdata = get_bss_sdata(sdata);
256 check_sdata_in_driver(sdata); 222 check_sdata_in_driver(sdata);
257 223
258 trace_drv_set_key(local, cmd, sdata, sta, key); 224 trace_drv_set_key(local, cmd, sdata, sta, key);
@@ -272,6 +238,7 @@ static inline void drv_update_tkip_key(struct ieee80211_local *local,
272 if (sta) 238 if (sta)
273 ista = &sta->sta; 239 ista = &sta->sta;
274 240
241 sdata = get_bss_sdata(sdata);
275 check_sdata_in_driver(sdata); 242 check_sdata_in_driver(sdata);
276 243
277 trace_drv_update_tkip_key(local, sdata, conf, ista, iv32); 244 trace_drv_update_tkip_key(local, sdata, conf, ista, iv32);
@@ -476,6 +443,37 @@ static inline void drv_sta_remove(struct ieee80211_local *local,
476 trace_drv_return_void(local); 443 trace_drv_return_void(local);
477} 444}
478 445
446static inline __must_check
447int drv_sta_state(struct ieee80211_local *local,
448 struct ieee80211_sub_if_data *sdata,
449 struct sta_info *sta,
450 enum ieee80211_sta_state old_state,
451 enum ieee80211_sta_state new_state)
452{
453 int ret = 0;
454
455 might_sleep();
456
457 sdata = get_bss_sdata(sdata);
458 check_sdata_in_driver(sdata);
459
460 trace_drv_sta_state(local, sdata, &sta->sta, old_state, new_state);
461 if (local->ops->sta_state) {
462 ret = local->ops->sta_state(&local->hw, &sdata->vif, &sta->sta,
463 old_state, new_state);
464 } else if (old_state == IEEE80211_STA_AUTH &&
465 new_state == IEEE80211_STA_ASSOC) {
466 ret = drv_sta_add(local, sdata, &sta->sta);
467 if (ret == 0)
468 sta->uploaded = true;
469 } else if (old_state == IEEE80211_STA_ASSOC &&
470 new_state == IEEE80211_STA_AUTH) {
471 drv_sta_remove(local, sdata, &sta->sta);
472 }
473 trace_drv_return_int(local, ret);
474 return ret;
475}
476
479static inline int drv_conf_tx(struct ieee80211_local *local, 477static inline int drv_conf_tx(struct ieee80211_local *local,
480 struct ieee80211_sub_if_data *sdata, u16 queue, 478 struct ieee80211_sub_if_data *sdata, u16 queue,
481 const struct ieee80211_tx_queue_params *params) 479 const struct ieee80211_tx_queue_params *params)
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 6e9df8fd8fb8..21d6f5290a1c 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -296,7 +296,7 @@ TRACE_EVENT(drv_bss_info_changed,
296 __entry->dtimper = info->dtim_period; 296 __entry->dtimper = info->dtim_period;
297 __entry->bcnint = info->beacon_int; 297 __entry->bcnint = info->beacon_int;
298 __entry->assoc_cap = info->assoc_capability; 298 __entry->assoc_cap = info->assoc_capability;
299 __entry->timestamp = info->timestamp; 299 __entry->timestamp = info->last_tsf;
300 __entry->basic_rates = info->basic_rates; 300 __entry->basic_rates = info->basic_rates;
301 __entry->enable_beacon = info->enable_beacon; 301 __entry->enable_beacon = info->enable_beacon;
302 __entry->ht_operation_mode = info->ht_operation_mode; 302 __entry->ht_operation_mode = info->ht_operation_mode;
@@ -308,49 +308,6 @@ TRACE_EVENT(drv_bss_info_changed,
308 ) 308 )
309); 309);
310 310
311DECLARE_EVENT_CLASS(tx_sync_evt,
312 TP_PROTO(struct ieee80211_local *local,
313 struct ieee80211_sub_if_data *sdata,
314 const u8 *bssid,
315 enum ieee80211_tx_sync_type type),
316 TP_ARGS(local, sdata, bssid, type),
317
318 TP_STRUCT__entry(
319 LOCAL_ENTRY
320 VIF_ENTRY
321 __array(char, bssid, ETH_ALEN)
322 __field(u32, sync_type)
323 ),
324
325 TP_fast_assign(
326 LOCAL_ASSIGN;
327 VIF_ASSIGN;
328 memcpy(__entry->bssid, bssid, ETH_ALEN);
329 __entry->sync_type = type;
330 ),
331
332 TP_printk(
333 LOCAL_PR_FMT VIF_PR_FMT " bssid:%pM type:%d",
334 LOCAL_PR_ARG, VIF_PR_ARG, __entry->bssid, __entry->sync_type
335 )
336);
337
338DEFINE_EVENT(tx_sync_evt, drv_tx_sync,
339 TP_PROTO(struct ieee80211_local *local,
340 struct ieee80211_sub_if_data *sdata,
341 const u8 *bssid,
342 enum ieee80211_tx_sync_type type),
343 TP_ARGS(local, sdata, bssid, type)
344);
345
346DEFINE_EVENT(tx_sync_evt, drv_finish_tx_sync,
347 TP_PROTO(struct ieee80211_local *local,
348 struct ieee80211_sub_if_data *sdata,
349 const u8 *bssid,
350 enum ieee80211_tx_sync_type type),
351 TP_ARGS(local, sdata, bssid, type)
352);
353
354TRACE_EVENT(drv_prepare_multicast, 311TRACE_EVENT(drv_prepare_multicast,
355 TP_PROTO(struct ieee80211_local *local, int mc_count), 312 TP_PROTO(struct ieee80211_local *local, int mc_count),
356 313
@@ -635,6 +592,38 @@ TRACE_EVENT(drv_sta_notify,
635 ) 592 )
636); 593);
637 594
595TRACE_EVENT(drv_sta_state,
596 TP_PROTO(struct ieee80211_local *local,
597 struct ieee80211_sub_if_data *sdata,
598 struct ieee80211_sta *sta,
599 enum ieee80211_sta_state old_state,
600 enum ieee80211_sta_state new_state),
601
602 TP_ARGS(local, sdata, sta, old_state, new_state),
603
604 TP_STRUCT__entry(
605 LOCAL_ENTRY
606 VIF_ENTRY
607 STA_ENTRY
608 __field(u32, old_state)
609 __field(u32, new_state)
610 ),
611
612 TP_fast_assign(
613 LOCAL_ASSIGN;
614 VIF_ASSIGN;
615 STA_ASSIGN;
616 __entry->old_state = old_state;
617 __entry->new_state = new_state;
618 ),
619
620 TP_printk(
621 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " state: %d->%d",
622 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG,
623 __entry->old_state, __entry->new_state
624 )
625);
626
638TRACE_EVENT(drv_sta_add, 627TRACE_EVENT(drv_sta_add,
639 TP_PROTO(struct ieee80211_local *local, 628 TP_PROTO(struct ieee80211_local *local,
640 struct ieee80211_sub_if_data *sdata, 629 struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index a4643969a13b..33fd8d9f714e 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -20,7 +20,6 @@
20#include <linux/etherdevice.h> 20#include <linux/etherdevice.h>
21#include <linux/rtnetlink.h> 21#include <linux/rtnetlink.h>
22#include <net/mac80211.h> 22#include <net/mac80211.h>
23#include <asm/unaligned.h>
24 23
25#include "ieee80211_i.h" 24#include "ieee80211_i.h"
26#include "driver-ops.h" 25#include "driver-ops.h"
@@ -36,31 +35,6 @@
36#define IEEE80211_IBSS_MAX_STA_ENTRIES 128 35#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
37 36
38 37
39static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
40 struct ieee80211_mgmt *mgmt,
41 size_t len)
42{
43 u16 auth_alg, auth_transaction;
44
45 lockdep_assert_held(&sdata->u.ibss.mtx);
46
47 if (len < 24 + 6)
48 return;
49
50 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
51 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
52
53 /*
54 * IEEE 802.11 standard does not require authentication in IBSS
55 * networks and most implementations do not seem to use it.
56 * However, try to reply to authentication attempts if someone
57 * has actually implemented this.
58 */
59 if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)
60 ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,
61 sdata->u.ibss.bssid, NULL, 0, 0);
62}
63
64static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata, 38static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
65 const u8 *bssid, const int beacon_int, 39 const u8 *bssid, const int beacon_int,
66 struct ieee80211_channel *chan, 40 struct ieee80211_channel *chan,
@@ -92,7 +66,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
92 skb_reset_tail_pointer(skb); 66 skb_reset_tail_pointer(skb);
93 skb_reserve(skb, sdata->local->hw.extra_tx_headroom); 67 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
94 68
95 if (memcmp(ifibss->bssid, bssid, ETH_ALEN)) 69 if (compare_ether_addr(ifibss->bssid, bssid))
96 sta_info_flush(sdata->local, sdata); 70 sta_info_flush(sdata->local, sdata);
97 71
98 /* if merging, indicate to driver that we leave the old IBSS */ 72 /* if merging, indicate to driver that we leave the old IBSS */
@@ -276,7 +250,8 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
276 cbss->tsf); 250 cbss->tsf);
277} 251}
278 252
279static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta) 253static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta,
254 bool auth)
280 __acquires(RCU) 255 __acquires(RCU)
281{ 256{
282 struct ieee80211_sub_if_data *sdata = sta->sdata; 257 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -290,22 +265,34 @@ static struct sta_info *ieee80211_ibss_finish_sta(struct sta_info *sta)
290 addr, sdata->name); 265 addr, sdata->name);
291#endif 266#endif
292 267
293 sta_info_move_state(sta, IEEE80211_STA_AUTH); 268 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
294 sta_info_move_state(sta, IEEE80211_STA_ASSOC); 269 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
295 sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 270 /* authorize the station only if the network is not RSN protected. If
271 * not wait for the userspace to authorize it */
272 if (!sta->sdata->u.ibss.control_port)
273 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
296 274
297 rate_control_rate_init(sta); 275 rate_control_rate_init(sta);
298 276
299 /* If it fails, maybe we raced another insertion? */ 277 /* If it fails, maybe we raced another insertion? */
300 if (sta_info_insert_rcu(sta)) 278 if (sta_info_insert_rcu(sta))
301 return sta_info_get(sdata, addr); 279 return sta_info_get(sdata, addr);
280 if (auth) {
281#ifdef CONFIG_MAC80211_IBSS_DEBUG
282 printk(KERN_DEBUG "TX Auth SA=%pM DA=%pM BSSID=%pM"
283 "(auth_transaction=1)\n", sdata->vif.addr,
284 sdata->u.ibss.bssid, addr);
285#endif
286 ieee80211_send_auth(sdata, 1, WLAN_AUTH_OPEN, NULL, 0,
287 addr, sdata->u.ibss.bssid, NULL, 0, 0);
288 }
302 return sta; 289 return sta;
303} 290}
304 291
305static struct sta_info * 292static struct sta_info *
306ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata, 293ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
307 const u8 *bssid, const u8 *addr, 294 const u8 *bssid, const u8 *addr,
308 u32 supp_rates) 295 u32 supp_rates, bool auth)
309 __acquires(RCU) 296 __acquires(RCU)
310{ 297{
311 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 298 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
@@ -347,7 +334,42 @@ ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
347 sta->sta.supp_rates[band] = supp_rates | 334 sta->sta.supp_rates[band] = supp_rates |
348 ieee80211_mandatory_rates(local, band); 335 ieee80211_mandatory_rates(local, band);
349 336
350 return ieee80211_ibss_finish_sta(sta); 337 return ieee80211_ibss_finish_sta(sta, auth);
338}
339
340static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
341 struct ieee80211_mgmt *mgmt,
342 size_t len)
343{
344 u16 auth_alg, auth_transaction;
345
346 lockdep_assert_held(&sdata->u.ibss.mtx);
347
348 if (len < 24 + 6)
349 return;
350
351 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
352 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
353
354 if (auth_alg != WLAN_AUTH_OPEN || auth_transaction != 1)
355 return;
356#ifdef CONFIG_MAC80211_IBSS_DEBUG
357 printk(KERN_DEBUG "%s: RX Auth SA=%pM DA=%pM BSSID=%pM."
358 "(auth_transaction=%d)\n",
359 sdata->name, mgmt->sa, mgmt->da, mgmt->bssid, auth_transaction);
360#endif
361 sta_info_destroy_addr(sdata, mgmt->sa);
362 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, 0, false);
363 rcu_read_unlock();
364
365 /*
366 * IEEE 802.11 standard does not require authentication in IBSS
367 * networks and most implementations do not seem to use it.
368 * However, try to reply to authentication attempts if someone
369 * has actually implemented this.
370 */
371 ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,
372 mgmt->sa, sdata->u.ibss.bssid, NULL, 0, 0);
351} 373}
352 374
353static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 375static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
@@ -381,7 +403,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
381 return; 403 return;
382 404
383 if (sdata->vif.type == NL80211_IFTYPE_ADHOC && 405 if (sdata->vif.type == NL80211_IFTYPE_ADHOC &&
384 memcmp(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) { 406 compare_ether_addr(mgmt->bssid, sdata->u.ibss.bssid) == 0) {
385 407
386 rcu_read_lock(); 408 rcu_read_lock();
387 sta = sta_info_get(sdata, mgmt->sa); 409 sta = sta_info_get(sdata, mgmt->sa);
@@ -412,7 +434,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
412 } else { 434 } else {
413 rcu_read_unlock(); 435 rcu_read_unlock();
414 sta = ieee80211_ibss_add_sta(sdata, mgmt->bssid, 436 sta = ieee80211_ibss_add_sta(sdata, mgmt->bssid,
415 mgmt->sa, supp_rates); 437 mgmt->sa, supp_rates, true);
416 } 438 }
417 } 439 }
418 440
@@ -486,7 +508,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
486 goto put_bss; 508 goto put_bss;
487 509
488 /* same BSSID */ 510 /* same BSSID */
489 if (memcmp(cbss->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) 511 if (compare_ether_addr(cbss->bssid, sdata->u.ibss.bssid) == 0)
490 goto put_bss; 512 goto put_bss;
491 513
492 if (rx_status->flag & RX_FLAG_MACTIME_MPDU) { 514 if (rx_status->flag & RX_FLAG_MACTIME_MPDU) {
@@ -540,7 +562,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
540 ieee80211_sta_join_ibss(sdata, bss); 562 ieee80211_sta_join_ibss(sdata, bss);
541 supp_rates = ieee80211_sta_get_rates(local, elems, band); 563 supp_rates = ieee80211_sta_get_rates(local, elems, band);
542 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, 564 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa,
543 supp_rates); 565 supp_rates, true);
544 rcu_read_unlock(); 566 rcu_read_unlock();
545 } 567 }
546 568
@@ -643,8 +665,7 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
643 "IBSS networks with same SSID (merge)\n", sdata->name); 665 "IBSS networks with same SSID (merge)\n", sdata->name);
644 666
645 ieee80211_request_internal_scan(sdata, 667 ieee80211_request_internal_scan(sdata,
646 ifibss->ssid, ifibss->ssid_len, 668 ifibss->ssid, ifibss->ssid_len, NULL);
647 ifibss->fixed_channel ? ifibss->channel : NULL);
648} 669}
649 670
650static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 671static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
@@ -810,8 +831,8 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
810 if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da)) 831 if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da))
811 return; 832 return;
812 833
813 if (memcmp(mgmt->bssid, ifibss->bssid, ETH_ALEN) != 0 && 834 if (compare_ether_addr(mgmt->bssid, ifibss->bssid) != 0 &&
814 memcmp(mgmt->bssid, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0) 835 !is_broadcast_ether_addr(mgmt->bssid))
815 return; 836 return;
816 837
817 end = ((u8 *) mgmt) + len; 838 end = ((u8 *) mgmt) + len;
@@ -855,9 +876,6 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
855 size_t baselen; 876 size_t baselen;
856 struct ieee802_11_elems elems; 877 struct ieee802_11_elems elems;
857 878
858 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
859 return; /* ignore ProbeResp to foreign address */
860
861 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 879 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
862 if (baselen > len) 880 if (baselen > len)
863 return; 881 return;
@@ -945,7 +963,7 @@ void ieee80211_ibss_work(struct ieee80211_sub_if_data *sdata)
945 list_del(&sta->list); 963 list_del(&sta->list);
946 spin_unlock_bh(&ifibss->incomplete_lock); 964 spin_unlock_bh(&ifibss->incomplete_lock);
947 965
948 ieee80211_ibss_finish_sta(sta); 966 ieee80211_ibss_finish_sta(sta, true);
949 rcu_read_unlock(); 967 rcu_read_unlock();
950 spin_lock_bh(&ifibss->incomplete_lock); 968 spin_lock_bh(&ifibss->incomplete_lock);
951 } 969 }
@@ -1059,6 +1077,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1059 sdata->u.ibss.fixed_bssid = false; 1077 sdata->u.ibss.fixed_bssid = false;
1060 1078
1061 sdata->u.ibss.privacy = params->privacy; 1079 sdata->u.ibss.privacy = params->privacy;
1080 sdata->u.ibss.control_port = params->control_port;
1062 sdata->u.ibss.basic_rates = params->basic_rates; 1081 sdata->u.ibss.basic_rates = params->basic_rates;
1063 memcpy(sdata->vif.bss_conf.mcast_rate, params->mcast_rate, 1082 memcpy(sdata->vif.bss_conf.mcast_rate, params->mcast_rate,
1064 sizeof(params->mcast_rate)); 1083 sizeof(params->mcast_rate));
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 2f0642d9e154..d9798a307f20 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -105,6 +105,44 @@ struct ieee80211_bss {
105 */ 105 */
106 bool has_erp_value; 106 bool has_erp_value;
107 u8 erp_value; 107 u8 erp_value;
108
109 /* Keep track of the corruption of the last beacon/probe response. */
110 u8 corrupt_data;
111
112 /* Keep track of what bits of information we have valid info for. */
113 u8 valid_data;
114};
115
116/**
117 * enum ieee80211_corrupt_data_flags - BSS data corruption flags
118 * @IEEE80211_BSS_CORRUPT_BEACON: last beacon frame received was corrupted
119 * @IEEE80211_BSS_CORRUPT_PROBE_RESP: last probe response received was corrupted
120 *
121 * These are bss flags that are attached to a bss in the
122 * @corrupt_data field of &struct ieee80211_bss.
123 */
124enum ieee80211_bss_corrupt_data_flags {
125 IEEE80211_BSS_CORRUPT_BEACON = BIT(0),
126 IEEE80211_BSS_CORRUPT_PROBE_RESP = BIT(1)
127};
128
129/**
130 * enum ieee80211_valid_data_flags - BSS valid data flags
131 * @IEEE80211_BSS_VALID_DTIM: DTIM data was gathered from non-corrupt IE
132 * @IEEE80211_BSS_VALID_WMM: WMM/UAPSD data was gathered from non-corrupt IE
133 * @IEEE80211_BSS_VALID_RATES: Supported rates were gathered from non-corrupt IE
134 * @IEEE80211_BSS_VALID_ERP: ERP flag was gathered from non-corrupt IE
135 *
136 * These are bss flags that are attached to a bss in the
137 * @valid_data field of &struct ieee80211_bss. They show which parts
138 * of the data structure were recieved as a result of an un-corrupted
139 * beacon/probe response.
140 */
141enum ieee80211_bss_valid_data_flags {
142 IEEE80211_BSS_VALID_DTIM = BIT(0),
143 IEEE80211_BSS_VALID_WMM = BIT(1),
144 IEEE80211_BSS_VALID_RATES = BIT(2),
145 IEEE80211_BSS_VALID_ERP = BIT(3)
108}; 146};
109 147
110static inline u8 *bss_mesh_cfg(struct ieee80211_bss *bss) 148static inline u8 *bss_mesh_cfg(struct ieee80211_bss *bss)
@@ -228,7 +266,7 @@ struct ieee80211_rx_data {
228struct beacon_data { 266struct beacon_data {
229 u8 *head, *tail; 267 u8 *head, *tail;
230 int head_len, tail_len; 268 int head_len, tail_len;
231 int dtim_period; 269 struct rcu_head rcu_head;
232}; 270};
233 271
234struct ieee80211_if_ap { 272struct ieee80211_if_ap {
@@ -280,10 +318,6 @@ struct mesh_preq_queue {
280 318
281enum ieee80211_work_type { 319enum ieee80211_work_type {
282 IEEE80211_WORK_ABORT, 320 IEEE80211_WORK_ABORT,
283 IEEE80211_WORK_DIRECT_PROBE,
284 IEEE80211_WORK_AUTH,
285 IEEE80211_WORK_ASSOC_BEACON_WAIT,
286 IEEE80211_WORK_ASSOC,
287 IEEE80211_WORK_REMAIN_ON_CHANNEL, 321 IEEE80211_WORK_REMAIN_ON_CHANNEL,
288 IEEE80211_WORK_OFFCHANNEL_TX, 322 IEEE80211_WORK_OFFCHANNEL_TX,
289}; 323};
@@ -316,36 +350,10 @@ struct ieee80211_work {
316 unsigned long timeout; 350 unsigned long timeout;
317 enum ieee80211_work_type type; 351 enum ieee80211_work_type type;
318 352
319 u8 filter_ta[ETH_ALEN];
320
321 bool started; 353 bool started;
322 354
323 union { 355 union {
324 struct { 356 struct {
325 int tries;
326 u16 algorithm, transaction;
327 u8 ssid[IEEE80211_MAX_SSID_LEN];
328 u8 ssid_len;
329 u8 key[WLAN_KEY_LEN_WEP104];
330 u8 key_len, key_idx;
331 bool privacy;
332 bool synced;
333 } probe_auth;
334 struct {
335 struct cfg80211_bss *bss;
336 const u8 *supp_rates;
337 const u8 *ht_information_ie;
338 enum ieee80211_smps_mode smps;
339 int tries;
340 u16 capability;
341 u8 prev_bssid[ETH_ALEN];
342 u8 ssid[IEEE80211_MAX_SSID_LEN];
343 u8 ssid_len;
344 u8 supp_rates_len;
345 bool wmm_used, use_11n, uapsd_used;
346 bool synced;
347 } assoc;
348 struct {
349 u32 duration; 357 u32 duration;
350 } remain; 358 } remain;
351 struct { 359 struct {
@@ -355,9 +363,8 @@ struct ieee80211_work {
355 } offchan_tx; 363 } offchan_tx;
356 }; 364 };
357 365
358 int ie_len; 366 size_t data_len;
359 /* must be last */ 367 u8 data[];
360 u8 ie[0];
361}; 368};
362 369
363/* flags used in struct ieee80211_if_managed.flags */ 370/* flags used in struct ieee80211_if_managed.flags */
@@ -373,6 +380,42 @@ enum ieee80211_sta_flags {
373 IEEE80211_STA_RESET_SIGNAL_AVE = BIT(9), 380 IEEE80211_STA_RESET_SIGNAL_AVE = BIT(9),
374}; 381};
375 382
383struct ieee80211_mgd_auth_data {
384 struct cfg80211_bss *bss;
385 unsigned long timeout;
386 int tries;
387 u16 algorithm, expected_transaction;
388
389 u8 key[WLAN_KEY_LEN_WEP104];
390 u8 key_len, key_idx;
391 bool done;
392
393 size_t ie_len;
394 u8 ie[];
395};
396
397struct ieee80211_mgd_assoc_data {
398 struct cfg80211_bss *bss;
399 const u8 *supp_rates;
400 const u8 *ht_information_ie;
401
402 unsigned long timeout;
403 int tries;
404
405 u16 capability;
406 u8 prev_bssid[ETH_ALEN];
407 u8 ssid[IEEE80211_MAX_SSID_LEN];
408 u8 ssid_len;
409 u8 supp_rates_len;
410 bool wmm, uapsd;
411 bool have_beacon;
412 bool sent_assoc;
413 bool synced;
414
415 size_t ie_len;
416 u8 ie[];
417};
418
376struct ieee80211_if_managed { 419struct ieee80211_if_managed {
377 struct timer_list timer; 420 struct timer_list timer;
378 struct timer_list conn_mon_timer; 421 struct timer_list conn_mon_timer;
@@ -389,6 +432,8 @@ struct ieee80211_if_managed {
389 432
390 struct mutex mtx; 433 struct mutex mtx;
391 struct cfg80211_bss *associated; 434 struct cfg80211_bss *associated;
435 struct ieee80211_mgd_auth_data *auth_data;
436 struct ieee80211_mgd_assoc_data *assoc_data;
392 437
393 u8 bssid[ETH_ALEN]; 438 u8 bssid[ETH_ALEN];
394 439
@@ -414,6 +459,20 @@ struct ieee80211_if_managed {
414 IEEE80211_MFP_REQUIRED 459 IEEE80211_MFP_REQUIRED
415 } mfp; /* management frame protection */ 460 } mfp; /* management frame protection */
416 461
462 /*
463 * Bitmask of enabled u-apsd queues,
464 * IEEE80211_WMM_IE_STA_QOSINFO_AC_BE & co. Needs a new association
465 * to take effect.
466 */
467 unsigned int uapsd_queues;
468
469 /*
470 * Maximum number of buffered frames AP can deliver during a
471 * service period, IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL or similar.
472 * Needs a new association to take effect.
473 */
474 unsigned int uapsd_max_sp_len;
475
417 int wmm_last_param_set; 476 int wmm_last_param_set;
418 477
419 u8 use_4addr; 478 u8 use_4addr;
@@ -470,7 +529,9 @@ struct ieee80211_if_ibss {
470 bool fixed_channel; 529 bool fixed_channel;
471 bool privacy; 530 bool privacy;
472 531
473 u8 bssid[ETH_ALEN]; 532 bool control_port;
533
534 u8 bssid[ETH_ALEN] __aligned(2);
474 u8 ssid[IEEE80211_MAX_SSID_LEN]; 535 u8 ssid[IEEE80211_MAX_SSID_LEN];
475 u8 ssid_len, ie_len; 536 u8 ssid_len, ie_len;
476 u8 *ie; 537 u8 *ie;
@@ -646,6 +707,7 @@ struct ieee80211_sub_if_data {
646 707
647 /* bitmap of allowed (non-MCS) rate indexes for rate control */ 708 /* bitmap of allowed (non-MCS) rate indexes for rate control */
648 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS]; 709 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS];
710 u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN];
649 711
650 union { 712 union {
651 struct ieee80211_if_ap ap; 713 struct ieee80211_if_ap ap;
@@ -769,7 +831,6 @@ struct ieee80211_local {
769 struct list_head work_list; 831 struct list_head work_list;
770 struct timer_list work_timer; 832 struct timer_list work_timer;
771 struct work_struct work_work; 833 struct work_struct work_work;
772 struct sk_buff_head work_skb_queue;
773 834
774 /* 835 /*
775 * private workqueue to mac80211. mac80211 makes this accessible 836 * private workqueue to mac80211. mac80211 makes this accessible
@@ -970,20 +1031,6 @@ struct ieee80211_local {
970 */ 1031 */
971 unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */ 1032 unsigned int wmm_acm; /* bit field of ACM bits (BIT(802.1D tag)) */
972 1033
973 /*
974 * Bitmask of enabled u-apsd queues,
975 * IEEE80211_WMM_IE_STA_QOSINFO_AC_BE & co. Needs a new association
976 * to take effect.
977 */
978 unsigned int uapsd_queues;
979
980 /*
981 * Maximum number of buffered frames AP can deliver during a
982 * service period, IEEE80211_WMM_IE_STA_QOSINFO_SP_ALL or similar.
983 * Needs a new association to take effect.
984 */
985 unsigned int uapsd_max_sp_len;
986
987 bool pspolling; 1034 bool pspolling;
988 bool offchannel_ps_enabled; 1035 bool offchannel_ps_enabled;
989 /* 1036 /*
@@ -1110,6 +1157,9 @@ struct ieee802_11_elems {
1110 u8 quiet_elem_len; 1157 u8 quiet_elem_len;
1111 u8 num_of_quiet_elem; /* can be more the one */ 1158 u8 num_of_quiet_elem; /* can be more the one */
1112 u8 timeout_int_len; 1159 u8 timeout_int_len;
1160
1161 /* whether a parse error occurred while retrieving these elements */
1162 bool parse_error;
1113}; 1163};
1114 1164
1115static inline struct ieee80211_local *hw_to_local( 1165static inline struct ieee80211_local *hw_to_local(
@@ -1118,12 +1168,6 @@ static inline struct ieee80211_local *hw_to_local(
1118 return container_of(hw, struct ieee80211_local, hw); 1168 return container_of(hw, struct ieee80211_local, hw);
1119} 1169}
1120 1170
1121static inline struct ieee80211_hw *local_to_hw(
1122 struct ieee80211_local *local)
1123{
1124 return &local->hw;
1125}
1126
1127 1171
1128static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr) 1172static inline int ieee80211_bssid_match(const u8 *raddr, const u8 *addr)
1129{ 1173{
@@ -1146,11 +1190,9 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
1146int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 1190int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
1147 struct cfg80211_assoc_request *req); 1191 struct cfg80211_assoc_request *req);
1148int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 1192int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
1149 struct cfg80211_deauth_request *req, 1193 struct cfg80211_deauth_request *req);
1150 void *cookie);
1151int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 1194int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
1152 struct cfg80211_disassoc_request *req, 1195 struct cfg80211_disassoc_request *req);
1153 void *cookie);
1154void ieee80211_send_pspoll(struct ieee80211_local *local, 1196void ieee80211_send_pspoll(struct ieee80211_local *local,
1155 struct ieee80211_sub_if_data *sdata); 1197 struct ieee80211_sub_if_data *sdata);
1156void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency); 1198void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency);
@@ -1168,6 +1210,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1168 struct sk_buff *skb); 1210 struct sk_buff *skb);
1169void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata); 1211void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata);
1170void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata); 1212void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata);
1213void ieee80211_mgd_teardown(struct ieee80211_sub_if_data *sdata);
1171 1214
1172/* IBSS code */ 1215/* IBSS code */
1173void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local); 1216void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local);
@@ -1345,7 +1388,8 @@ int ieee80211_frame_duration(struct ieee80211_local *local, size_t len,
1345void mac80211_ev_michael_mic_failure(struct ieee80211_sub_if_data *sdata, int keyidx, 1388void mac80211_ev_michael_mic_failure(struct ieee80211_sub_if_data *sdata, int keyidx,
1346 struct ieee80211_hdr *hdr, const u8 *tsc, 1389 struct ieee80211_hdr *hdr, const u8 *tsc,
1347 gfp_t gfp); 1390 gfp_t gfp);
1348void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata); 1391void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
1392 bool bss_notify);
1349void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb); 1393void ieee80211_xmit(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1350 1394
1351void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata, 1395void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
@@ -1396,7 +1440,7 @@ void ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
1396void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata, 1440void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1397 u16 transaction, u16 auth_alg, 1441 u16 transaction, u16 auth_alg,
1398 u8 *extra, size_t extra_len, const u8 *bssid, 1442 u8 *extra, size_t extra_len, const u8 *bssid,
1399 const u8 *key, u8 key_len, u8 key_idx); 1443 const u8 *da, const u8 *key, u8 key_len, u8 key_idx);
1400int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 1444int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1401 const u8 *ie, size_t ie_len, 1445 const u8 *ie, size_t ie_len,
1402 enum ieee80211_band band, u32 rate_mask, 1446 enum ieee80211_band band, u32 rate_mask,
@@ -1436,8 +1480,6 @@ void ieee80211_work_init(struct ieee80211_local *local);
1436void ieee80211_add_work(struct ieee80211_work *wk); 1480void ieee80211_add_work(struct ieee80211_work *wk);
1437void free_work(struct ieee80211_work *wk); 1481void free_work(struct ieee80211_work *wk);
1438void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata); 1482void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata);
1439ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1440 struct sk_buff *skb);
1441int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata, 1483int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1442 struct ieee80211_channel *chan, 1484 struct ieee80211_channel *chan,
1443 enum nl80211_channel_type channel_type, 1485 enum nl80211_channel_type channel_type,
@@ -1460,6 +1502,9 @@ bool ieee80211_set_channel_type(struct ieee80211_local *local,
1460 enum nl80211_channel_type chantype); 1502 enum nl80211_channel_type chantype);
1461enum nl80211_channel_type 1503enum nl80211_channel_type
1462ieee80211_ht_info_to_channel_type(struct ieee80211_ht_info *ht_info); 1504ieee80211_ht_info_to_channel_type(struct ieee80211_ht_info *ht_info);
1505enum nl80211_channel_type ieee80211_get_tx_channel_type(
1506 struct ieee80211_local *local,
1507 enum nl80211_channel_type channel_type);
1463 1508
1464#ifdef CONFIG_MAC80211_NOINLINE 1509#ifdef CONFIG_MAC80211_NOINLINE
1465#define debug_noinline noinline 1510#define debug_noinline noinline
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 8e2137bd87e2..401c01f0731e 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -304,7 +304,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
304 * need to initialise the hardware if the hardware 304 * need to initialise the hardware if the hardware
305 * doesn't start up with sane defaults 305 * doesn't start up with sane defaults
306 */ 306 */
307 ieee80211_set_wmm_default(sdata); 307 ieee80211_set_wmm_default(sdata, true);
308 } 308 }
309 309
310 set_bit(SDATA_STATE_RUNNING, &sdata->state); 310 set_bit(SDATA_STATE_RUNNING, &sdata->state);
@@ -318,9 +318,9 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up)
318 goto err_del_interface; 318 goto err_del_interface;
319 } 319 }
320 320
321 sta_info_move_state(sta, IEEE80211_STA_AUTH); 321 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
322 sta_info_move_state(sta, IEEE80211_STA_ASSOC); 322 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
323 sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 323 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
324 324
325 res = sta_info_insert(sta); 325 res = sta_info_insert(sta);
326 if (res) { 326 if (res) {
@@ -644,6 +644,8 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
644 644
645 if (ieee80211_vif_is_mesh(&sdata->vif)) 645 if (ieee80211_vif_is_mesh(&sdata->vif))
646 mesh_rmc_free(sdata); 646 mesh_rmc_free(sdata);
647 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
648 ieee80211_mgd_teardown(sdata);
647 649
648 flushed = sta_info_flush(local, sdata); 650 flushed = sta_info_flush(local, sdata);
649 WARN_ON(flushed); 651 WARN_ON(flushed);
@@ -1181,6 +1183,13 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1181 sband = local->hw.wiphy->bands[i]; 1183 sband = local->hw.wiphy->bands[i];
1182 sdata->rc_rateidx_mask[i] = 1184 sdata->rc_rateidx_mask[i] =
1183 sband ? (1 << sband->n_bitrates) - 1 : 0; 1185 sband ? (1 << sband->n_bitrates) - 1 : 0;
1186 if (sband)
1187 memcpy(sdata->rc_rateidx_mcs_mask[i],
1188 sband->ht_cap.mcs.rx_mask,
1189 sizeof(sdata->rc_rateidx_mcs_mask[i]));
1190 else
1191 memset(sdata->rc_rateidx_mcs_mask[i], 0,
1192 sizeof(sdata->rc_rateidx_mcs_mask[i]));
1184 } 1193 }
1185 1194
1186 /* setup type-dependent data */ 1195 /* setup type-dependent data */
@@ -1303,7 +1312,9 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
1303 1312
1304 /* do not count disabled managed interfaces */ 1313 /* do not count disabled managed interfaces */
1305 if (sdata->vif.type == NL80211_IFTYPE_STATION && 1314 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1306 !sdata->u.mgd.associated) { 1315 !sdata->u.mgd.associated &&
1316 !sdata->u.mgd.auth_data &&
1317 !sdata->u.mgd.assoc_data) {
1307 sdata->vif.bss_conf.idle = true; 1318 sdata->vif.bss_conf.idle = true;
1308 continue; 1319 continue;
1309 } 1320 }
@@ -1323,7 +1334,8 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
1323 wk->sdata->vif.bss_conf.idle = false; 1334 wk->sdata->vif.bss_conf.idle = false;
1324 } 1335 }
1325 1336
1326 if (local->scan_sdata) { 1337 if (local->scan_sdata &&
1338 !(local->hw.flags & IEEE80211_HW_SCAN_WHILE_IDLE)) {
1327 scanning = true; 1339 scanning = true;
1328 local->scan_sdata->vif.bss_conf.idle = false; 1340 local->scan_sdata->vif.bss_conf.idle = false;
1329 } 1341 }
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 87a89741432d..5bb600d93d77 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -17,6 +17,7 @@
17#include <linux/slab.h> 17#include <linux/slab.h>
18#include <linux/export.h> 18#include <linux/export.h>
19#include <net/mac80211.h> 19#include <net/mac80211.h>
20#include <asm/unaligned.h>
20#include "ieee80211_i.h" 21#include "ieee80211_i.h"
21#include "driver-ops.h" 22#include "driver-ops.h"
22#include "debugfs_key.h" 23#include "debugfs_key.h"
@@ -54,14 +55,6 @@ static void assert_key_lock(struct ieee80211_local *local)
54 lockdep_assert_held(&local->key_mtx); 55 lockdep_assert_held(&local->key_mtx);
55} 56}
56 57
57static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
58{
59 if (key->sta)
60 return &key->sta->sta;
61
62 return NULL;
63}
64
65static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata) 58static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
66{ 59{
67 /* 60 /*
@@ -95,7 +88,7 @@ static void increment_tailroom_need_count(struct ieee80211_sub_if_data *sdata)
95static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 88static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
96{ 89{
97 struct ieee80211_sub_if_data *sdata; 90 struct ieee80211_sub_if_data *sdata;
98 struct ieee80211_sta *sta; 91 struct sta_info *sta;
99 int ret; 92 int ret;
100 93
101 might_sleep(); 94 might_sleep();
@@ -105,7 +98,7 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
105 98
106 assert_key_lock(key->local); 99 assert_key_lock(key->local);
107 100
108 sta = get_sta_for_key(key); 101 sta = key->sta;
109 102
110 /* 103 /*
111 * If this is a per-STA GTK, check if it 104 * If this is a per-STA GTK, check if it
@@ -115,6 +108,9 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
115 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)) 108 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
116 goto out_unsupported; 109 goto out_unsupported;
117 110
111 if (sta && !sta->uploaded)
112 goto out_unsupported;
113
118 sdata = key->sdata; 114 sdata = key->sdata;
119 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) { 115 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
120 /* 116 /*
@@ -123,12 +119,10 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
123 */ 119 */
124 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE)) 120 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
125 goto out_unsupported; 121 goto out_unsupported;
126 sdata = container_of(sdata->bss,
127 struct ieee80211_sub_if_data,
128 u.ap);
129 } 122 }
130 123
131 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 124 ret = drv_set_key(key->local, SET_KEY, sdata,
125 sta ? &sta->sta : NULL, &key->conf);
132 126
133 if (!ret) { 127 if (!ret) {
134 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 128 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
@@ -147,7 +141,8 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
147 if (ret != -ENOSPC && ret != -EOPNOTSUPP) 141 if (ret != -ENOSPC && ret != -EOPNOTSUPP)
148 wiphy_err(key->local->hw.wiphy, 142 wiphy_err(key->local->hw.wiphy,
149 "failed to set key (%d, %pM) to hardware (%d)\n", 143 "failed to set key (%d, %pM) to hardware (%d)\n",
150 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 144 key->conf.keyidx,
145 sta ? sta->sta.addr : bcast_addr, ret);
151 146
152 out_unsupported: 147 out_unsupported:
153 switch (key->conf.cipher) { 148 switch (key->conf.cipher) {
@@ -166,7 +161,7 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
166static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 161static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
167{ 162{
168 struct ieee80211_sub_if_data *sdata; 163 struct ieee80211_sub_if_data *sdata;
169 struct ieee80211_sta *sta; 164 struct sta_info *sta;
170 int ret; 165 int ret;
171 166
172 might_sleep(); 167 might_sleep();
@@ -179,7 +174,7 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
179 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) 174 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
180 return; 175 return;
181 176
182 sta = get_sta_for_key(key); 177 sta = key->sta;
183 sdata = key->sdata; 178 sdata = key->sdata;
184 179
185 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) || 180 if (!((key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC) ||
@@ -187,18 +182,14 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
187 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE))) 182 (key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE)))
188 increment_tailroom_need_count(sdata); 183 increment_tailroom_need_count(sdata);
189 184
190 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
191 sdata = container_of(sdata->bss,
192 struct ieee80211_sub_if_data,
193 u.ap);
194
195 ret = drv_set_key(key->local, DISABLE_KEY, sdata, 185 ret = drv_set_key(key->local, DISABLE_KEY, sdata,
196 sta, &key->conf); 186 sta ? &sta->sta : NULL, &key->conf);
197 187
198 if (ret) 188 if (ret)
199 wiphy_err(key->local->hw.wiphy, 189 wiphy_err(key->local->hw.wiphy,
200 "failed to remove key (%d, %pM) from hardware (%d)\n", 190 "failed to remove key (%d, %pM) from hardware (%d)\n",
201 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 191 key->conf.keyidx,
192 sta ? sta->sta.addr : bcast_addr, ret);
202 193
203 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 194 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
204} 195}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index b142bd4c2390..b581a24fa15c 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -155,7 +155,8 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
155 power = chan->max_power; 155 power = chan->max_power;
156 else 156 else
157 power = local->power_constr_level ? 157 power = local->power_constr_level ?
158 (chan->max_power - local->power_constr_level) : 158 min(chan->max_power,
159 (chan->max_reg_power - local->power_constr_level)) :
159 chan->max_power; 160 chan->max_power;
160 161
161 if (local->user_power_level >= 0) 162 if (local->user_power_level >= 0)
@@ -198,15 +199,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
198 return; 199 return;
199 200
200 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 201 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
201 /* 202 sdata->vif.bss_conf.bssid = sdata->u.mgd.bssid;
202 * While not associated, claim a BSSID of all-zeroes
203 * so that drivers don't do any weird things with the
204 * BSSID at that time.
205 */
206 if (sdata->vif.bss_conf.assoc)
207 sdata->vif.bss_conf.bssid = sdata->u.mgd.bssid;
208 else
209 sdata->vif.bss_conf.bssid = zero;
210 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) 203 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
211 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid; 204 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
212 else if (sdata->vif.type == NL80211_IFTYPE_AP) 205 else if (sdata->vif.type == NL80211_IFTYPE_AP)
@@ -293,11 +286,11 @@ static void ieee80211_tasklet_handler(unsigned long data)
293 /* Clear skb->pkt_type in order to not confuse kernel 286 /* Clear skb->pkt_type in order to not confuse kernel
294 * netstack. */ 287 * netstack. */
295 skb->pkt_type = 0; 288 skb->pkt_type = 0;
296 ieee80211_rx(local_to_hw(local), skb); 289 ieee80211_rx(&local->hw, skb);
297 break; 290 break;
298 case IEEE80211_TX_STATUS_MSG: 291 case IEEE80211_TX_STATUS_MSG:
299 skb->pkt_type = 0; 292 skb->pkt_type = 0;
300 ieee80211_tx_status(local_to_hw(local), skb); 293 ieee80211_tx_status(&local->hw, skb);
301 break; 294 break;
302 case IEEE80211_EOSP_MSG: 295 case IEEE80211_EOSP_MSG:
303 eosp_data = (void *)skb->cb; 296 eosp_data = (void *)skb->cb;
@@ -534,6 +527,9 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
534 int priv_size, i; 527 int priv_size, i;
535 struct wiphy *wiphy; 528 struct wiphy *wiphy;
536 529
530 if (WARN_ON(ops->sta_state && (ops->sta_add || ops->sta_remove)))
531 return NULL;
532
537 /* Ensure 32-byte alignment of our private data and hw private data. 533 /* Ensure 32-byte alignment of our private data and hw private data.
538 * We use the wiphy priv data for both our ieee80211_local and for 534 * We use the wiphy priv data for both our ieee80211_local and for
539 * the driver's private data 535 * the driver's private data
@@ -599,8 +595,6 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
599 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long; 595 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
600 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short; 596 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
601 local->user_power_level = -1; 597 local->user_power_level = -1;
602 local->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
603 local->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
604 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask; 598 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask;
605 599
606 INIT_LIST_HEAD(&local->interfaces); 600 INIT_LIST_HEAD(&local->interfaces);
@@ -672,7 +666,7 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
672 666
673 ieee80211_hw_roc_setup(local); 667 ieee80211_hw_roc_setup(local);
674 668
675 return local_to_hw(local); 669 return &local->hw;
676} 670}
677EXPORT_SYMBOL(ieee80211_alloc_hw); 671EXPORT_SYMBOL(ieee80211_alloc_hw);
678 672
@@ -701,6 +695,9 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
701 ) 695 )
702 return -EINVAL; 696 return -EINVAL;
703 697
698 if ((hw->flags & IEEE80211_HW_SCAN_WHILE_IDLE) && !local->ops->hw_scan)
699 return -EINVAL;
700
704 if (hw->max_report_rates == 0) 701 if (hw->max_report_rates == 0)
705 hw->max_report_rates = hw->max_rates; 702 hw->max_report_rates = hw->max_rates;
706 703
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index c707c8bf6d2c..e5fbb7cf3562 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -204,7 +204,7 @@ int mesh_rmc_check(u8 *sa, struct ieee80211s_hdr *mesh_hdr,
204 kmem_cache_free(rm_cache, p); 204 kmem_cache_free(rm_cache, p);
205 --entries; 205 --entries;
206 } else if ((seqnum == p->seqnum) && 206 } else if ((seqnum == p->seqnum) &&
207 (memcmp(sa, p->sa, ETH_ALEN) == 0)) 207 (compare_ether_addr(sa, p->sa) == 0))
208 return -1; 208 return -1;
209 } 209 }
210 210
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index bd14bd26a2b6..8d53b71378e3 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -13,7 +13,6 @@
13 13
14#include <linux/types.h> 14#include <linux/types.h>
15#include <linux/jhash.h> 15#include <linux/jhash.h>
16#include <asm/unaligned.h>
17#include "ieee80211_i.h" 16#include "ieee80211_i.h"
18 17
19 18
@@ -86,6 +85,8 @@ enum mesh_deferred_task_flags {
86 * @state_lock: mesh path state lock used to protect changes to the 85 * @state_lock: mesh path state lock used to protect changes to the
87 * mpath itself. No need to take this lock when adding or removing 86 * mpath itself. No need to take this lock when adding or removing
88 * an mpath to a hash bucket on a path table. 87 * an mpath to a hash bucket on a path table.
88 * @rann_snd_addr: the RANN sender address
89 * @is_root: the destination station of this path is a root node
89 * @is_gate: the destination station of this path is a mesh gate 90 * @is_gate: the destination station of this path is a mesh gate
90 * 91 *
91 * 92 *
@@ -110,6 +111,8 @@ struct mesh_path {
110 u8 discovery_retries; 111 u8 discovery_retries;
111 enum mesh_path_flags flags; 112 enum mesh_path_flags flags;
112 spinlock_t state_lock; 113 spinlock_t state_lock;
114 u8 rann_snd_addr[ETH_ALEN];
115 bool is_root;
113 bool is_gate; 116 bool is_gate;
114}; 117};
115 118
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 54df1b2bafd2..1c6f3d02aebf 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -8,6 +8,8 @@
8 */ 8 */
9 9
10#include <linux/slab.h> 10#include <linux/slab.h>
11#include <linux/etherdevice.h>
12#include <asm/unaligned.h>
11#include "wme.h" 13#include "wme.h"
12#include "mesh.h" 14#include "mesh.h"
13 15
@@ -322,6 +324,7 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
322 struct sta_info *sta) 324 struct sta_info *sta)
323{ 325{
324 struct ieee80211_supported_band *sband; 326 struct ieee80211_supported_band *sband;
327 struct rate_info rinfo;
325 /* This should be adjusted for each device */ 328 /* This should be adjusted for each device */
326 int device_constant = 1 << ARITH_SHIFT; 329 int device_constant = 1 << ARITH_SHIFT;
327 int test_frame_len = TEST_FRAME_LEN << ARITH_SHIFT; 330 int test_frame_len = TEST_FRAME_LEN << ARITH_SHIFT;
@@ -335,7 +338,9 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
335 if (sta->fail_avg >= 100) 338 if (sta->fail_avg >= 100)
336 return MAX_METRIC; 339 return MAX_METRIC;
337 340
338 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_MCS) 341 sta_set_rate_info_tx(sta, &sta->last_tx_rate, &rinfo);
342 rate = cfg80211_calculate_bitrate(&rinfo);
343 if (WARN_ON(!rate))
339 return MAX_METRIC; 344 return MAX_METRIC;
340 345
341 err = (sta->fail_avg << ARITH_SHIFT) / 100; 346 err = (sta->fail_avg << ARITH_SHIFT) / 100;
@@ -343,7 +348,6 @@ static u32 airtime_link_metric_get(struct ieee80211_local *local,
343 /* bitrate is in units of 100 Kbps, while we need rate in units of 348 /* bitrate is in units of 100 Kbps, while we need rate in units of
344 * 1Mbps. This will be corrected on tx_time computation. 349 * 1Mbps. This will be corrected on tx_time computation.
345 */ 350 */
346 rate = sband->bitrates[sta->last_tx_rate.idx].bitrate;
347 tx_time = (device_constant + 10 * test_frame_len / rate); 351 tx_time = (device_constant + 10 * test_frame_len / rate);
348 estimated_retx = ((1 << (2 * ARITH_SHIFT)) / (s_unit - err)); 352 estimated_retx = ((1 << (2 * ARITH_SHIFT)) / (s_unit - err));
349 result = (tx_time * estimated_retx) >> (2 * ARITH_SHIFT) ; 353 result = (tx_time * estimated_retx) >> (2 * ARITH_SHIFT) ;
@@ -418,7 +422,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
418 new_metric = MAX_METRIC; 422 new_metric = MAX_METRIC;
419 exp_time = TU_TO_EXP_TIME(orig_lifetime); 423 exp_time = TU_TO_EXP_TIME(orig_lifetime);
420 424
421 if (memcmp(orig_addr, sdata->vif.addr, ETH_ALEN) == 0) { 425 if (compare_ether_addr(orig_addr, sdata->vif.addr) == 0) {
422 /* This MP is the originator, we are not interested in this 426 /* This MP is the originator, we are not interested in this
423 * frame, except for updating transmitter's path info. 427 * frame, except for updating transmitter's path info.
424 */ 428 */
@@ -468,7 +472,7 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
468 472
469 /* Update and check transmitter routing info */ 473 /* Update and check transmitter routing info */
470 ta = mgmt->sa; 474 ta = mgmt->sa;
471 if (memcmp(orig_addr, ta, ETH_ALEN) == 0) 475 if (compare_ether_addr(orig_addr, ta) == 0)
472 fresh_info = false; 476 fresh_info = false;
473 else { 477 else {
474 fresh_info = true; 478 fresh_info = true;
@@ -512,8 +516,9 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
512 u8 *preq_elem, u32 metric) 516 u8 *preq_elem, u32 metric)
513{ 517{
514 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 518 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
515 struct mesh_path *mpath; 519 struct mesh_path *mpath = NULL;
516 u8 *target_addr, *orig_addr; 520 u8 *target_addr, *orig_addr;
521 const u8 *da;
517 u8 target_flags, ttl; 522 u8 target_flags, ttl;
518 u32 orig_sn, target_sn, lifetime; 523 u32 orig_sn, target_sn, lifetime;
519 bool reply = false; 524 bool reply = false;
@@ -528,7 +533,7 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
528 533
529 mhwmp_dbg("received PREQ from %pM", orig_addr); 534 mhwmp_dbg("received PREQ from %pM", orig_addr);
530 535
531 if (memcmp(target_addr, sdata->vif.addr, ETH_ALEN) == 0) { 536 if (compare_ether_addr(target_addr, sdata->vif.addr) == 0) {
532 mhwmp_dbg("PREQ is for us"); 537 mhwmp_dbg("PREQ is for us");
533 forward = false; 538 forward = false;
534 reply = true; 539 reply = true;
@@ -575,7 +580,7 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
575 ifmsh->mshstats.dropped_frames_ttl++; 580 ifmsh->mshstats.dropped_frames_ttl++;
576 } 581 }
577 582
578 if (forward) { 583 if (forward && ifmsh->mshcfg.dot11MeshForwarding) {
579 u32 preq_id; 584 u32 preq_id;
580 u8 hopcount, flags; 585 u8 hopcount, flags;
581 586
@@ -590,9 +595,11 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
590 flags = PREQ_IE_FLAGS(preq_elem); 595 flags = PREQ_IE_FLAGS(preq_elem);
591 preq_id = PREQ_IE_PREQ_ID(preq_elem); 596 preq_id = PREQ_IE_PREQ_ID(preq_elem);
592 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1; 597 hopcount = PREQ_IE_HOPCOUNT(preq_elem) + 1;
598 da = (mpath && mpath->is_root) ?
599 mpath->rann_snd_addr : broadcast_addr;
593 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr, 600 mesh_path_sel_frame_tx(MPATH_PREQ, flags, orig_addr,
594 cpu_to_le32(orig_sn), target_flags, target_addr, 601 cpu_to_le32(orig_sn), target_flags, target_addr,
595 cpu_to_le32(target_sn), broadcast_addr, 602 cpu_to_le32(target_sn), da,
596 hopcount, ttl, cpu_to_le32(lifetime), 603 hopcount, ttl, cpu_to_le32(lifetime),
597 cpu_to_le32(metric), cpu_to_le32(preq_id), 604 cpu_to_le32(metric), cpu_to_le32(preq_id),
598 sdata); 605 sdata);
@@ -614,6 +621,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
614 struct ieee80211_mgmt *mgmt, 621 struct ieee80211_mgmt *mgmt,
615 u8 *prep_elem, u32 metric) 622 u8 *prep_elem, u32 metric)
616{ 623{
624 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
617 struct mesh_path *mpath; 625 struct mesh_path *mpath;
618 u8 *target_addr, *orig_addr; 626 u8 *target_addr, *orig_addr;
619 u8 ttl, hopcount, flags; 627 u8 ttl, hopcount, flags;
@@ -623,10 +631,13 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
623 mhwmp_dbg("received PREP from %pM", PREP_IE_ORIG_ADDR(prep_elem)); 631 mhwmp_dbg("received PREP from %pM", PREP_IE_ORIG_ADDR(prep_elem));
624 632
625 orig_addr = PREP_IE_ORIG_ADDR(prep_elem); 633 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
626 if (memcmp(orig_addr, sdata->vif.addr, ETH_ALEN) == 0) 634 if (compare_ether_addr(orig_addr, sdata->vif.addr) == 0)
627 /* destination, no forwarding required */ 635 /* destination, no forwarding required */
628 return; 636 return;
629 637
638 if (!ifmsh->mshcfg.dot11MeshForwarding)
639 return;
640
630 ttl = PREP_IE_TTL(prep_elem); 641 ttl = PREP_IE_TTL(prep_elem);
631 if (ttl <= 1) { 642 if (ttl <= 1) {
632 sdata->u.mesh.mshstats.dropped_frames_ttl++; 643 sdata->u.mesh.mshstats.dropped_frames_ttl++;
@@ -693,21 +704,26 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
693 rcu_read_lock(); 704 rcu_read_lock();
694 mpath = mesh_path_lookup(target_addr, sdata); 705 mpath = mesh_path_lookup(target_addr, sdata);
695 if (mpath) { 706 if (mpath) {
707 struct sta_info *sta;
708
696 spin_lock_bh(&mpath->state_lock); 709 spin_lock_bh(&mpath->state_lock);
710 sta = next_hop_deref_protected(mpath);
697 if (mpath->flags & MESH_PATH_ACTIVE && 711 if (mpath->flags & MESH_PATH_ACTIVE &&
698 memcmp(ta, next_hop_deref_protected(mpath)->sta.addr, 712 compare_ether_addr(ta, sta->sta.addr) == 0 &&
699 ETH_ALEN) == 0 &&
700 (!(mpath->flags & MESH_PATH_SN_VALID) || 713 (!(mpath->flags & MESH_PATH_SN_VALID) ||
701 SN_GT(target_sn, mpath->sn))) { 714 SN_GT(target_sn, mpath->sn))) {
702 mpath->flags &= ~MESH_PATH_ACTIVE; 715 mpath->flags &= ~MESH_PATH_ACTIVE;
703 mpath->sn = target_sn; 716 mpath->sn = target_sn;
704 spin_unlock_bh(&mpath->state_lock); 717 spin_unlock_bh(&mpath->state_lock);
718 if (!ifmsh->mshcfg.dot11MeshForwarding)
719 goto endperr;
705 mesh_path_error_tx(ttl, target_addr, cpu_to_le32(target_sn), 720 mesh_path_error_tx(ttl, target_addr, cpu_to_le32(target_sn),
706 cpu_to_le16(target_rcode), 721 cpu_to_le16(target_rcode),
707 broadcast_addr, sdata); 722 broadcast_addr, sdata);
708 } else 723 } else
709 spin_unlock_bh(&mpath->state_lock); 724 spin_unlock_bh(&mpath->state_lock);
710 } 725 }
726endperr:
711 rcu_read_unlock(); 727 rcu_read_unlock();
712} 728}
713 729
@@ -738,11 +754,11 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
738 metric = rann->rann_metric; 754 metric = rann->rann_metric;
739 755
740 /* Ignore our own RANNs */ 756 /* Ignore our own RANNs */
741 if (memcmp(orig_addr, sdata->vif.addr, ETH_ALEN) == 0) 757 if (compare_ether_addr(orig_addr, sdata->vif.addr) == 0)
742 return; 758 return;
743 759
744 mhwmp_dbg("received RANN from %pM (is_gate=%d)", orig_addr, 760 mhwmp_dbg("received RANN from %pM via neighbour %pM (is_gate=%d)",
745 root_is_gate); 761 orig_addr, mgmt->sa, root_is_gate);
746 762
747 rcu_read_lock(); 763 rcu_read_lock();
748 mpath = mesh_path_lookup(orig_addr, sdata); 764 mpath = mesh_path_lookup(orig_addr, sdata);
@@ -764,7 +780,7 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
764 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH); 780 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
765 } 781 }
766 782
767 if (mpath->sn < orig_sn) { 783 if (mpath->sn < orig_sn && ifmsh->mshcfg.dot11MeshForwarding) {
768 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr, 784 mesh_path_sel_frame_tx(MPATH_RANN, flags, orig_addr,
769 cpu_to_le32(orig_sn), 785 cpu_to_le32(orig_sn),
770 0, NULL, 0, broadcast_addr, 786 0, NULL, 0, broadcast_addr,
@@ -773,6 +789,11 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
773 0, sdata); 789 0, sdata);
774 mpath->sn = orig_sn; 790 mpath->sn = orig_sn;
775 } 791 }
792
793 /* Using individually addressed PREQ for root node */
794 memcpy(mpath->rann_snd_addr, mgmt->sa, ETH_ALEN);
795 mpath->is_root = true;
796
776 if (root_is_gate) 797 if (root_is_gate)
777 mesh_path_add_gate(mpath); 798 mesh_path_add_gate(mpath);
778 799
@@ -908,6 +929,7 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
908 struct mesh_preq_queue *preq_node; 929 struct mesh_preq_queue *preq_node;
909 struct mesh_path *mpath; 930 struct mesh_path *mpath;
910 u8 ttl, target_flags; 931 u8 ttl, target_flags;
932 const u8 *da;
911 u32 lifetime; 933 u32 lifetime;
912 934
913 spin_lock_bh(&ifmsh->mesh_preq_queue_lock); 935 spin_lock_bh(&ifmsh->mesh_preq_queue_lock);
@@ -970,9 +992,10 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
970 target_flags = MP_F_RF; 992 target_flags = MP_F_RF;
971 993
972 spin_unlock_bh(&mpath->state_lock); 994 spin_unlock_bh(&mpath->state_lock);
995 da = (mpath->is_root) ? mpath->rann_snd_addr : broadcast_addr;
973 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr, 996 mesh_path_sel_frame_tx(MPATH_PREQ, 0, sdata->vif.addr,
974 cpu_to_le32(ifmsh->sn), target_flags, mpath->dst, 997 cpu_to_le32(ifmsh->sn), target_flags, mpath->dst,
975 cpu_to_le32(mpath->sn), broadcast_addr, 0, 998 cpu_to_le32(mpath->sn), da, 0,
976 ttl, cpu_to_le32(lifetime), 0, 999 ttl, cpu_to_le32(lifetime), 0,
977 cpu_to_le32(ifmsh->preq_id++), sdata); 1000 cpu_to_le32(ifmsh->preq_id++), sdata);
978 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout); 1001 mod_timer(&mpath->timer, jiffies + mpath->discovery_timeout);
@@ -1063,7 +1086,7 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
1063 if (time_after(jiffies, 1086 if (time_after(jiffies,
1064 mpath->exp_time - 1087 mpath->exp_time -
1065 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) && 1088 msecs_to_jiffies(sdata->u.mesh.mshcfg.path_refresh_time)) &&
1066 !memcmp(sdata->vif.addr, hdr->addr4, ETH_ALEN) && 1089 !compare_ether_addr(sdata->vif.addr, hdr->addr4) &&
1067 !(mpath->flags & MESH_PATH_RESOLVING) && 1090 !(mpath->flags & MESH_PATH_RESOLVING) &&
1068 !(mpath->flags & MESH_PATH_FIXED)) 1091 !(mpath->flags & MESH_PATH_FIXED))
1069 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH); 1092 mesh_queue_preq(mpath, PREQ_Q_F_START | PREQ_Q_F_REFRESH);
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 30420bc1f699..49aaefd99635 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -336,7 +336,7 @@ static void mesh_path_move_to_queue(struct mesh_path *gate_mpath,
336} 336}
337 337
338 338
339static struct mesh_path *path_lookup(struct mesh_table *tbl, u8 *dst, 339static struct mesh_path *mpath_lookup(struct mesh_table *tbl, u8 *dst,
340 struct ieee80211_sub_if_data *sdata) 340 struct ieee80211_sub_if_data *sdata)
341{ 341{
342 struct mesh_path *mpath; 342 struct mesh_path *mpath;
@@ -348,7 +348,7 @@ static struct mesh_path *path_lookup(struct mesh_table *tbl, u8 *dst,
348 hlist_for_each_entry_rcu(node, n, bucket, list) { 348 hlist_for_each_entry_rcu(node, n, bucket, list) {
349 mpath = node->mpath; 349 mpath = node->mpath;
350 if (mpath->sdata == sdata && 350 if (mpath->sdata == sdata &&
351 memcmp(dst, mpath->dst, ETH_ALEN) == 0) { 351 compare_ether_addr(dst, mpath->dst) == 0) {
352 if (MPATH_EXPIRED(mpath)) { 352 if (MPATH_EXPIRED(mpath)) {
353 spin_lock_bh(&mpath->state_lock); 353 spin_lock_bh(&mpath->state_lock);
354 mpath->flags &= ~MESH_PATH_ACTIVE; 354 mpath->flags &= ~MESH_PATH_ACTIVE;
@@ -371,12 +371,12 @@ static struct mesh_path *path_lookup(struct mesh_table *tbl, u8 *dst,
371 */ 371 */
372struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata) 372struct mesh_path *mesh_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
373{ 373{
374 return path_lookup(rcu_dereference(mesh_paths), dst, sdata); 374 return mpath_lookup(rcu_dereference(mesh_paths), dst, sdata);
375} 375}
376 376
377struct mesh_path *mpp_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata) 377struct mesh_path *mpp_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
378{ 378{
379 return path_lookup(rcu_dereference(mpp_paths), dst, sdata); 379 return mpath_lookup(rcu_dereference(mpp_paths), dst, sdata);
380} 380}
381 381
382 382
@@ -517,7 +517,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
517 int err = 0; 517 int err = 0;
518 u32 hash_idx; 518 u32 hash_idx;
519 519
520 if (memcmp(dst, sdata->vif.addr, ETH_ALEN) == 0) 520 if (compare_ether_addr(dst, sdata->vif.addr) == 0)
521 /* never add ourselves as neighbours */ 521 /* never add ourselves as neighbours */
522 return -ENOTSUPP; 522 return -ENOTSUPP;
523 523
@@ -553,12 +553,13 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
553 hash_idx = mesh_table_hash(dst, sdata, tbl); 553 hash_idx = mesh_table_hash(dst, sdata, tbl);
554 bucket = &tbl->hash_buckets[hash_idx]; 554 bucket = &tbl->hash_buckets[hash_idx];
555 555
556 spin_lock_bh(&tbl->hashwlock[hash_idx]); 556 spin_lock(&tbl->hashwlock[hash_idx]);
557 557
558 err = -EEXIST; 558 err = -EEXIST;
559 hlist_for_each_entry(node, n, bucket, list) { 559 hlist_for_each_entry(node, n, bucket, list) {
560 mpath = node->mpath; 560 mpath = node->mpath;
561 if (mpath->sdata == sdata && memcmp(dst, mpath->dst, ETH_ALEN) == 0) 561 if (mpath->sdata == sdata &&
562 compare_ether_addr(dst, mpath->dst) == 0)
562 goto err_exists; 563 goto err_exists;
563 } 564 }
564 565
@@ -569,7 +570,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
569 570
570 mesh_paths_generation++; 571 mesh_paths_generation++;
571 572
572 spin_unlock_bh(&tbl->hashwlock[hash_idx]); 573 spin_unlock(&tbl->hashwlock[hash_idx]);
573 read_unlock_bh(&pathtbl_resize_lock); 574 read_unlock_bh(&pathtbl_resize_lock);
574 if (grow) { 575 if (grow) {
575 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags); 576 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags);
@@ -578,7 +579,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
578 return 0; 579 return 0;
579 580
580err_exists: 581err_exists:
581 spin_unlock_bh(&tbl->hashwlock[hash_idx]); 582 spin_unlock(&tbl->hashwlock[hash_idx]);
582 read_unlock_bh(&pathtbl_resize_lock); 583 read_unlock_bh(&pathtbl_resize_lock);
583 kfree(new_node); 584 kfree(new_node);
584err_node_alloc: 585err_node_alloc:
@@ -649,7 +650,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
649 int err = 0; 650 int err = 0;
650 u32 hash_idx; 651 u32 hash_idx;
651 652
652 if (memcmp(dst, sdata->vif.addr, ETH_ALEN) == 0) 653 if (compare_ether_addr(dst, sdata->vif.addr) == 0)
653 /* never add ourselves as neighbours */ 654 /* never add ourselves as neighbours */
654 return -ENOTSUPP; 655 return -ENOTSUPP;
655 656
@@ -681,12 +682,13 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
681 hash_idx = mesh_table_hash(dst, sdata, tbl); 682 hash_idx = mesh_table_hash(dst, sdata, tbl);
682 bucket = &tbl->hash_buckets[hash_idx]; 683 bucket = &tbl->hash_buckets[hash_idx];
683 684
684 spin_lock_bh(&tbl->hashwlock[hash_idx]); 685 spin_lock(&tbl->hashwlock[hash_idx]);
685 686
686 err = -EEXIST; 687 err = -EEXIST;
687 hlist_for_each_entry(node, n, bucket, list) { 688 hlist_for_each_entry(node, n, bucket, list) {
688 mpath = node->mpath; 689 mpath = node->mpath;
689 if (mpath->sdata == sdata && memcmp(dst, mpath->dst, ETH_ALEN) == 0) 690 if (mpath->sdata == sdata &&
691 compare_ether_addr(dst, mpath->dst) == 0)
690 goto err_exists; 692 goto err_exists;
691 } 693 }
692 694
@@ -695,7 +697,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
695 tbl->mean_chain_len * (tbl->hash_mask + 1)) 697 tbl->mean_chain_len * (tbl->hash_mask + 1))
696 grow = 1; 698 grow = 1;
697 699
698 spin_unlock_bh(&tbl->hashwlock[hash_idx]); 700 spin_unlock(&tbl->hashwlock[hash_idx]);
699 read_unlock_bh(&pathtbl_resize_lock); 701 read_unlock_bh(&pathtbl_resize_lock);
700 if (grow) { 702 if (grow) {
701 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags); 703 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags);
@@ -704,7 +706,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
704 return 0; 706 return 0;
705 707
706err_exists: 708err_exists:
707 spin_unlock_bh(&tbl->hashwlock[hash_idx]); 709 spin_unlock(&tbl->hashwlock[hash_idx]);
708 read_unlock_bh(&pathtbl_resize_lock); 710 read_unlock_bh(&pathtbl_resize_lock);
709 kfree(new_node); 711 kfree(new_node);
710err_node_alloc: 712err_node_alloc:
@@ -803,9 +805,9 @@ void mesh_path_flush_by_nexthop(struct sta_info *sta)
803 for_each_mesh_entry(tbl, p, node, i) { 805 for_each_mesh_entry(tbl, p, node, i) {
804 mpath = node->mpath; 806 mpath = node->mpath;
805 if (rcu_dereference(mpath->next_hop) == sta) { 807 if (rcu_dereference(mpath->next_hop) == sta) {
806 spin_lock_bh(&tbl->hashwlock[i]); 808 spin_lock(&tbl->hashwlock[i]);
807 __mesh_path_del(tbl, node); 809 __mesh_path_del(tbl, node);
808 spin_unlock_bh(&tbl->hashwlock[i]); 810 spin_unlock(&tbl->hashwlock[i]);
809 } 811 }
810 } 812 }
811 read_unlock_bh(&pathtbl_resize_lock); 813 read_unlock_bh(&pathtbl_resize_lock);
@@ -876,11 +878,11 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
876 hash_idx = mesh_table_hash(addr, sdata, tbl); 878 hash_idx = mesh_table_hash(addr, sdata, tbl);
877 bucket = &tbl->hash_buckets[hash_idx]; 879 bucket = &tbl->hash_buckets[hash_idx];
878 880
879 spin_lock_bh(&tbl->hashwlock[hash_idx]); 881 spin_lock(&tbl->hashwlock[hash_idx]);
880 hlist_for_each_entry(node, n, bucket, list) { 882 hlist_for_each_entry(node, n, bucket, list) {
881 mpath = node->mpath; 883 mpath = node->mpath;
882 if (mpath->sdata == sdata && 884 if (mpath->sdata == sdata &&
883 memcmp(addr, mpath->dst, ETH_ALEN) == 0) { 885 compare_ether_addr(addr, mpath->dst) == 0) {
884 __mesh_path_del(tbl, node); 886 __mesh_path_del(tbl, node);
885 goto enddel; 887 goto enddel;
886 } 888 }
@@ -889,7 +891,7 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
889 err = -ENXIO; 891 err = -ENXIO;
890enddel: 892enddel:
891 mesh_paths_generation++; 893 mesh_paths_generation++;
892 spin_unlock_bh(&tbl->hashwlock[hash_idx]); 894 spin_unlock(&tbl->hashwlock[hash_idx]);
893 read_unlock_bh(&pathtbl_resize_lock); 895 read_unlock_bh(&pathtbl_resize_lock);
894 return err; 896 return err;
895} 897}
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index a17251730b9e..4e53c4cbca9e 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -31,6 +31,12 @@
31#define dot11MeshHoldingTimeout(s) (s->u.mesh.mshcfg.dot11MeshHoldingTimeout) 31#define dot11MeshHoldingTimeout(s) (s->u.mesh.mshcfg.dot11MeshHoldingTimeout)
32#define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks) 32#define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks)
33 33
34/* We only need a valid sta if user configured a minimum rssi_threshold. */
35#define rssi_threshold_check(sta, sdata) \
36 (sdata->u.mesh.mshcfg.rssi_threshold == 0 ||\
37 (sta && (s8) -ewma_read(&sta->avg_signal) > \
38 sdata->u.mesh.mshcfg.rssi_threshold))
39
34enum plink_event { 40enum plink_event {
35 PLINK_UNDEFINED, 41 PLINK_UNDEFINED,
36 OPN_ACPT, 42 OPN_ACPT,
@@ -96,9 +102,9 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
96 if (!sta) 102 if (!sta)
97 return NULL; 103 return NULL;
98 104
99 sta_info_move_state(sta, IEEE80211_STA_AUTH); 105 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
100 sta_info_move_state(sta, IEEE80211_STA_ASSOC); 106 sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
101 sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED); 107 sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
102 108
103 set_sta_flag(sta, WLAN_STA_WME); 109 set_sta_flag(sta, WLAN_STA_WME);
104 110
@@ -301,7 +307,8 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates,
301 if (mesh_peer_accepts_plinks(elems) && 307 if (mesh_peer_accepts_plinks(elems) &&
302 sta->plink_state == NL80211_PLINK_LISTEN && 308 sta->plink_state == NL80211_PLINK_LISTEN &&
303 sdata->u.mesh.accepting_plinks && 309 sdata->u.mesh.accepting_plinks &&
304 sdata->u.mesh.mshcfg.auto_open_plinks) 310 sdata->u.mesh.mshcfg.auto_open_plinks &&
311 rssi_threshold_check(sta, sdata))
305 mesh_plink_open(sta); 312 mesh_plink_open(sta);
306 313
307 rcu_read_unlock(); 314 rcu_read_unlock();
@@ -531,6 +538,14 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
531 return; 538 return;
532 } 539 }
533 540
541 if (ftype == WLAN_SP_MESH_PEERING_OPEN &&
542 !rssi_threshold_check(sta, sdata)) {
543 mpl_dbg("Mesh plink: %pM does not meet rssi threshold\n",
544 mgmt->sa);
545 rcu_read_unlock();
546 return;
547 }
548
534 if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) { 549 if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) {
535 mpl_dbg("Mesh plink: Action frame from non-authed peer\n"); 550 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
536 rcu_read_unlock(); 551 rcu_read_unlock();
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 295be92f7c77..576fb25456dd 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -30,6 +30,12 @@
30#include "rate.h" 30#include "rate.h"
31#include "led.h" 31#include "led.h"
32 32
33#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
34#define IEEE80211_AUTH_MAX_TRIES 3
35#define IEEE80211_AUTH_WAIT_ASSOC (HZ * 5)
36#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
37#define IEEE80211_ASSOC_MAX_TRIES 3
38
33static int max_nullfunc_tries = 2; 39static int max_nullfunc_tries = 2;
34module_param(max_nullfunc_tries, int, 0644); 40module_param(max_nullfunc_tries, int, 0644);
35MODULE_PARM_DESC(max_nullfunc_tries, 41MODULE_PARM_DESC(max_nullfunc_tries,
@@ -82,6 +88,8 @@ MODULE_PARM_DESC(probe_wait_ms,
82#define TMR_RUNNING_TIMER 0 88#define TMR_RUNNING_TIMER 0
83#define TMR_RUNNING_CHANSW 1 89#define TMR_RUNNING_CHANSW 1
84 90
91#define DEAUTH_DISASSOC_LEN (24 /* hdr */ + 2 /* reason */)
92
85/* 93/*
86 * All cfg80211 functions have to be called outside a locked 94 * All cfg80211 functions have to be called outside a locked
87 * section so that they can acquire a lock themselves... This 95 * section so that they can acquire a lock themselves... This
@@ -97,6 +105,15 @@ enum rx_mgmt_action {
97 105
98 /* caller must call cfg80211_send_disassoc() */ 106 /* caller must call cfg80211_send_disassoc() */
99 RX_MGMT_CFG80211_DISASSOC, 107 RX_MGMT_CFG80211_DISASSOC,
108
109 /* caller must call cfg80211_send_rx_auth() */
110 RX_MGMT_CFG80211_RX_AUTH,
111
112 /* caller must call cfg80211_send_rx_assoc() */
113 RX_MGMT_CFG80211_RX_ASSOC,
114
115 /* caller must call cfg80211_send_assoc_timeout() */
116 RX_MGMT_CFG80211_ASSOC_TIMEOUT,
100}; 117};
101 118
102/* utils */ 119/* utils */
@@ -115,8 +132,7 @@ static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
115 * has happened -- the work that runs from this timer will 132 * has happened -- the work that runs from this timer will
116 * do that. 133 * do that.
117 */ 134 */
118static void run_again(struct ieee80211_if_managed *ifmgd, 135static void run_again(struct ieee80211_if_managed *ifmgd, unsigned long timeout)
119 unsigned long timeout)
120{ 136{
121 ASSERT_MGD_MTX(ifmgd); 137 ASSERT_MGD_MTX(ifmgd);
122 138
@@ -127,7 +143,7 @@ static void run_again(struct ieee80211_if_managed *ifmgd,
127 143
128void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata) 144void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
129{ 145{
130 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER) 146 if (sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)
131 return; 147 return;
132 148
133 mod_timer(&sdata->u.mgd.bcn_mon_timer, 149 mod_timer(&sdata->u.mgd.bcn_mon_timer,
@@ -173,40 +189,35 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
173 u16 ht_opmode; 189 u16 ht_opmode;
174 bool enable_ht = true; 190 bool enable_ht = true;
175 enum nl80211_channel_type prev_chantype; 191 enum nl80211_channel_type prev_chantype;
176 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 192 enum nl80211_channel_type rx_channel_type = NL80211_CHAN_NO_HT;
193 enum nl80211_channel_type tx_channel_type;
177 194
178 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 195 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
179
180 prev_chantype = sdata->vif.bss_conf.channel_type; 196 prev_chantype = sdata->vif.bss_conf.channel_type;
181 197
182 /* HT is not supported */
183 if (!sband->ht_cap.ht_supported)
184 enable_ht = false;
185 198
186 if (enable_ht) { 199 hti_cfreq = ieee80211_channel_to_frequency(hti->control_chan,
187 hti_cfreq = ieee80211_channel_to_frequency(hti->control_chan, 200 sband->band);
188 sband->band); 201 /* check that channel matches the right operating channel */
189 /* check that channel matches the right operating channel */ 202 if (local->hw.conf.channel->center_freq != hti_cfreq) {
190 if (local->hw.conf.channel->center_freq != hti_cfreq) { 203 /* Some APs mess this up, evidently.
191 /* Some APs mess this up, evidently. 204 * Netgear WNDR3700 sometimes reports 4 higher than
192 * Netgear WNDR3700 sometimes reports 4 higher than 205 * the actual channel, for instance.
193 * the actual channel, for instance. 206 */
194 */ 207 printk(KERN_DEBUG
195 printk(KERN_DEBUG 208 "%s: Wrong control channel in association"
196 "%s: Wrong control channel in association" 209 " response: configured center-freq: %d"
197 " response: configured center-freq: %d" 210 " hti-cfreq: %d hti->control_chan: %d"
198 " hti-cfreq: %d hti->control_chan: %d" 211 " band: %d. Disabling HT.\n",
199 " band: %d. Disabling HT.\n", 212 sdata->name,
200 sdata->name, 213 local->hw.conf.channel->center_freq,
201 local->hw.conf.channel->center_freq, 214 hti_cfreq, hti->control_chan,
202 hti_cfreq, hti->control_chan, 215 sband->band);
203 sband->band); 216 enable_ht = false;
204 enable_ht = false;
205 }
206 } 217 }
207 218
208 if (enable_ht) { 219 if (enable_ht) {
209 channel_type = NL80211_CHAN_HT20; 220 rx_channel_type = NL80211_CHAN_HT20;
210 221
211 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) && 222 if (!(ap_ht_cap_flags & IEEE80211_HT_CAP_40MHZ_INTOLERANT) &&
212 !ieee80111_cfg_override_disables_ht40(sdata) && 223 !ieee80111_cfg_override_disables_ht40(sdata) &&
@@ -214,29 +225,28 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
214 (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) { 225 (hti->ht_param & IEEE80211_HT_PARAM_CHAN_WIDTH_ANY)) {
215 switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 226 switch(hti->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
216 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 227 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
217 if (!(local->hw.conf.channel->flags & 228 rx_channel_type = NL80211_CHAN_HT40PLUS;
218 IEEE80211_CHAN_NO_HT40PLUS))
219 channel_type = NL80211_CHAN_HT40PLUS;
220 break; 229 break;
221 case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 230 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
222 if (!(local->hw.conf.channel->flags & 231 rx_channel_type = NL80211_CHAN_HT40MINUS;
223 IEEE80211_CHAN_NO_HT40MINUS))
224 channel_type = NL80211_CHAN_HT40MINUS;
225 break; 232 break;
226 } 233 }
227 } 234 }
228 } 235 }
229 236
237 tx_channel_type = ieee80211_get_tx_channel_type(local, rx_channel_type);
238
230 if (local->tmp_channel) 239 if (local->tmp_channel)
231 local->tmp_channel_type = channel_type; 240 local->tmp_channel_type = rx_channel_type;
232 241
233 if (!ieee80211_set_channel_type(local, sdata, channel_type)) { 242 if (!ieee80211_set_channel_type(local, sdata, rx_channel_type)) {
234 /* can only fail due to HT40+/- mismatch */ 243 /* can only fail due to HT40+/- mismatch */
235 channel_type = NL80211_CHAN_HT20; 244 rx_channel_type = NL80211_CHAN_HT20;
236 WARN_ON(!ieee80211_set_channel_type(local, sdata, channel_type)); 245 WARN_ON(!ieee80211_set_channel_type(local, sdata,
246 rx_channel_type));
237 } 247 }
238 248
239 if (beacon_htcap_ie && (prev_chantype != channel_type)) { 249 if (beacon_htcap_ie && (prev_chantype != rx_channel_type)) {
240 /* 250 /*
241 * Whenever the AP announces the HT mode change that can be 251 * Whenever the AP announces the HT mode change that can be
242 * 40MHz intolerant or etc., it would be safer to stop tx 252 * 40MHz intolerant or etc., it would be safer to stop tx
@@ -254,13 +264,13 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
254 /* channel_type change automatically detected */ 264 /* channel_type change automatically detected */
255 ieee80211_hw_config(local, 0); 265 ieee80211_hw_config(local, 0);
256 266
257 if (prev_chantype != channel_type) { 267 if (prev_chantype != tx_channel_type) {
258 rcu_read_lock(); 268 rcu_read_lock();
259 sta = sta_info_get(sdata, bssid); 269 sta = sta_info_get(sdata, bssid);
260 if (sta) 270 if (sta)
261 rate_control_rate_update(local, sband, sta, 271 rate_control_rate_update(local, sband, sta,
262 IEEE80211_RC_HT_CHANGED, 272 IEEE80211_RC_HT_CHANGED,
263 channel_type); 273 tx_channel_type);
264 rcu_read_unlock(); 274 rcu_read_unlock();
265 275
266 if (beacon_htcap_ie) 276 if (beacon_htcap_ie)
@@ -273,7 +283,7 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
273 /* if bss configuration changed store the new one */ 283 /* if bss configuration changed store the new one */
274 if (sdata->ht_opmode_valid != enable_ht || 284 if (sdata->ht_opmode_valid != enable_ht ||
275 sdata->vif.bss_conf.ht_operation_mode != ht_opmode || 285 sdata->vif.bss_conf.ht_operation_mode != ht_opmode ||
276 prev_chantype != channel_type) { 286 prev_chantype != rx_channel_type) {
277 changed |= BSS_CHANGED_HT; 287 changed |= BSS_CHANGED_HT;
278 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 288 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
279 sdata->ht_opmode_valid = enable_ht; 289 sdata->ht_opmode_valid = enable_ht;
@@ -284,48 +294,351 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
284 294
285/* frame sending functions */ 295/* frame sending functions */
286 296
287static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 297static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
288 const u8 *bssid, u16 stype, u16 reason, 298 struct ieee80211_supported_band *sband,
289 void *cookie, bool send_frame) 299 u32 *rates)
300{
301 int i, j, count;
302 *rates = 0;
303 count = 0;
304 for (i = 0; i < supp_rates_len; i++) {
305 int rate = (supp_rates[i] & 0x7F) * 5;
306
307 for (j = 0; j < sband->n_bitrates; j++)
308 if (sband->bitrates[j].bitrate == rate) {
309 *rates |= BIT(j);
310 count++;
311 break;
312 }
313 }
314
315 return count;
316}
317
318static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
319 struct sk_buff *skb, const u8 *ht_info_ie,
320 struct ieee80211_supported_band *sband,
321 struct ieee80211_channel *channel,
322 enum ieee80211_smps_mode smps)
323{
324 struct ieee80211_ht_info *ht_info;
325 u8 *pos;
326 u32 flags = channel->flags;
327 u16 cap;
328 struct ieee80211_sta_ht_cap ht_cap;
329
330 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
331
332 if (!ht_info_ie)
333 return;
334
335 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
336 return;
337
338 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
339 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
340
341 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
342
343 /* determine capability flags */
344 cap = ht_cap.cap;
345
346 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
347 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
348 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
349 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
350 cap &= ~IEEE80211_HT_CAP_SGI_40;
351 }
352 break;
353 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
354 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
355 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
356 cap &= ~IEEE80211_HT_CAP_SGI_40;
357 }
358 break;
359 }
360
361 /* set SM PS mode properly */
362 cap &= ~IEEE80211_HT_CAP_SM_PS;
363 switch (smps) {
364 case IEEE80211_SMPS_AUTOMATIC:
365 case IEEE80211_SMPS_NUM_MODES:
366 WARN_ON(1);
367 case IEEE80211_SMPS_OFF:
368 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
369 IEEE80211_HT_CAP_SM_PS_SHIFT;
370 break;
371 case IEEE80211_SMPS_STATIC:
372 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
373 IEEE80211_HT_CAP_SM_PS_SHIFT;
374 break;
375 case IEEE80211_SMPS_DYNAMIC:
376 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
377 IEEE80211_HT_CAP_SM_PS_SHIFT;
378 break;
379 }
380
381 /* reserve and fill IE */
382 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
383 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
384}
385
386static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata)
290{ 387{
291 struct ieee80211_local *local = sdata->local; 388 struct ieee80211_local *local = sdata->local;
292 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 389 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
390 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
293 struct sk_buff *skb; 391 struct sk_buff *skb;
294 struct ieee80211_mgmt *mgmt; 392 struct ieee80211_mgmt *mgmt;
393 u8 *pos, qos_info;
394 size_t offset = 0, noffset;
395 int i, count, rates_len, supp_rates_len;
396 u16 capab;
397 struct ieee80211_supported_band *sband;
398 u32 rates = 0;
399
400 lockdep_assert_held(&ifmgd->mtx);
401
402 sband = local->hw.wiphy->bands[local->oper_channel->band];
295 403
296 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*mgmt)); 404 if (assoc_data->supp_rates_len) {
405 /*
406 * Get all rates supported by the device and the AP as
407 * some APs don't like getting a superset of their rates
408 * in the association request (e.g. D-Link DAP 1353 in
409 * b-only mode)...
410 */
411 rates_len = ieee80211_compatible_rates(assoc_data->supp_rates,
412 assoc_data->supp_rates_len,
413 sband, &rates);
414 } else {
415 /*
416 * In case AP not provide any supported rates information
417 * before association, we send information element(s) with
418 * all rates that we support.
419 */
420 rates = ~0;
421 rates_len = sband->n_bitrates;
422 }
423
424 skb = alloc_skb(local->hw.extra_tx_headroom +
425 sizeof(*mgmt) + /* bit too much but doesn't matter */
426 2 + assoc_data->ssid_len + /* SSID */
427 4 + rates_len + /* (extended) rates */
428 4 + /* power capability */
429 2 + 2 * sband->n_channels + /* supported channels */
430 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
431 assoc_data->ie_len + /* extra IEs */
432 9, /* WMM */
433 GFP_KERNEL);
297 if (!skb) 434 if (!skb)
298 return; 435 return;
299 436
300 skb_reserve(skb, local->hw.extra_tx_headroom); 437 skb_reserve(skb, local->hw.extra_tx_headroom);
301 438
439 capab = WLAN_CAPABILITY_ESS;
440
441 if (sband->band == IEEE80211_BAND_2GHZ) {
442 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
443 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
444 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
445 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
446 }
447
448 if (assoc_data->capability & WLAN_CAPABILITY_PRIVACY)
449 capab |= WLAN_CAPABILITY_PRIVACY;
450
451 if ((assoc_data->capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
452 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
453 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
454
302 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 455 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
303 memset(mgmt, 0, 24); 456 memset(mgmt, 0, 24);
457 memcpy(mgmt->da, assoc_data->bss->bssid, ETH_ALEN);
458 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
459 memcpy(mgmt->bssid, assoc_data->bss->bssid, ETH_ALEN);
460
461 if (!is_zero_ether_addr(assoc_data->prev_bssid)) {
462 skb_put(skb, 10);
463 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
464 IEEE80211_STYPE_REASSOC_REQ);
465 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
466 mgmt->u.reassoc_req.listen_interval =
467 cpu_to_le16(local->hw.conf.listen_interval);
468 memcpy(mgmt->u.reassoc_req.current_ap, assoc_data->prev_bssid,
469 ETH_ALEN);
470 } else {
471 skb_put(skb, 4);
472 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
473 IEEE80211_STYPE_ASSOC_REQ);
474 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
475 mgmt->u.assoc_req.listen_interval =
476 cpu_to_le16(local->hw.conf.listen_interval);
477 }
478
479 /* SSID */
480 pos = skb_put(skb, 2 + assoc_data->ssid_len);
481 *pos++ = WLAN_EID_SSID;
482 *pos++ = assoc_data->ssid_len;
483 memcpy(pos, assoc_data->ssid, assoc_data->ssid_len);
484
485 /* add all rates which were marked to be used above */
486 supp_rates_len = rates_len;
487 if (supp_rates_len > 8)
488 supp_rates_len = 8;
489
490 pos = skb_put(skb, supp_rates_len + 2);
491 *pos++ = WLAN_EID_SUPP_RATES;
492 *pos++ = supp_rates_len;
493
494 count = 0;
495 for (i = 0; i < sband->n_bitrates; i++) {
496 if (BIT(i) & rates) {
497 int rate = sband->bitrates[i].bitrate;
498 *pos++ = (u8) (rate / 5);
499 if (++count == 8)
500 break;
501 }
502 }
503
504 if (rates_len > count) {
505 pos = skb_put(skb, rates_len - count + 2);
506 *pos++ = WLAN_EID_EXT_SUPP_RATES;
507 *pos++ = rates_len - count;
508
509 for (i++; i < sband->n_bitrates; i++) {
510 if (BIT(i) & rates) {
511 int rate = sband->bitrates[i].bitrate;
512 *pos++ = (u8) (rate / 5);
513 }
514 }
515 }
516
517 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
518 /* 1. power capabilities */
519 pos = skb_put(skb, 4);
520 *pos++ = WLAN_EID_PWR_CAPABILITY;
521 *pos++ = 2;
522 *pos++ = 0; /* min tx power */
523 *pos++ = local->oper_channel->max_power; /* max tx power */
524
525 /* 2. supported channels */
526 /* TODO: get this in reg domain format */
527 pos = skb_put(skb, 2 * sband->n_channels + 2);
528 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
529 *pos++ = 2 * sband->n_channels;
530 for (i = 0; i < sband->n_channels; i++) {
531 *pos++ = ieee80211_frequency_to_channel(
532 sband->channels[i].center_freq);
533 *pos++ = 1; /* one channel in the subband*/
534 }
535 }
536
537 /* if present, add any custom IEs that go before HT */
538 if (assoc_data->ie_len && assoc_data->ie) {
539 static const u8 before_ht[] = {
540 WLAN_EID_SSID,
541 WLAN_EID_SUPP_RATES,
542 WLAN_EID_EXT_SUPP_RATES,
543 WLAN_EID_PWR_CAPABILITY,
544 WLAN_EID_SUPPORTED_CHANNELS,
545 WLAN_EID_RSN,
546 WLAN_EID_QOS_CAPA,
547 WLAN_EID_RRM_ENABLED_CAPABILITIES,
548 WLAN_EID_MOBILITY_DOMAIN,
549 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
550 };
551 noffset = ieee80211_ie_split(assoc_data->ie, assoc_data->ie_len,
552 before_ht, ARRAY_SIZE(before_ht),
553 offset);
554 pos = skb_put(skb, noffset - offset);
555 memcpy(pos, assoc_data->ie + offset, noffset - offset);
556 offset = noffset;
557 }
558
559 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
560 ieee80211_add_ht_ie(sdata, skb, assoc_data->ht_information_ie,
561 sband, local->oper_channel, ifmgd->ap_smps);
562
563 /* if present, add any custom non-vendor IEs that go after HT */
564 if (assoc_data->ie_len && assoc_data->ie) {
565 noffset = ieee80211_ie_split_vendor(assoc_data->ie,
566 assoc_data->ie_len,
567 offset);
568 pos = skb_put(skb, noffset - offset);
569 memcpy(pos, assoc_data->ie + offset, noffset - offset);
570 offset = noffset;
571 }
572
573 if (assoc_data->wmm) {
574 if (assoc_data->uapsd) {
575 qos_info = ifmgd->uapsd_queues;
576 qos_info |= (ifmgd->uapsd_max_sp_len <<
577 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
578 } else {
579 qos_info = 0;
580 }
581
582 pos = skb_put(skb, 9);
583 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
584 *pos++ = 7; /* len */
585 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
586 *pos++ = 0x50;
587 *pos++ = 0xf2;
588 *pos++ = 2; /* WME */
589 *pos++ = 0; /* WME info */
590 *pos++ = 1; /* WME ver */
591 *pos++ = qos_info;
592 }
593
594 /* add any remaining custom (i.e. vendor specific here) IEs */
595 if (assoc_data->ie_len && assoc_data->ie) {
596 noffset = assoc_data->ie_len;
597 pos = skb_put(skb, noffset - offset);
598 memcpy(pos, assoc_data->ie + offset, noffset - offset);
599 }
600
601 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
602 ieee80211_tx_skb(sdata, skb);
603}
604
605static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
606 const u8 *bssid, u16 stype,
607 u16 reason, bool send_frame,
608 u8 *frame_buf)
609{
610 struct ieee80211_local *local = sdata->local;
611 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
612 struct sk_buff *skb;
613 struct ieee80211_mgmt *mgmt = (void *)frame_buf;
614
615 /* build frame */
616 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
617 mgmt->duration = 0; /* initialize only */
618 mgmt->seq_ctrl = 0; /* initialize only */
304 memcpy(mgmt->da, bssid, ETH_ALEN); 619 memcpy(mgmt->da, bssid, ETH_ALEN);
305 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 620 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
306 memcpy(mgmt->bssid, bssid, ETH_ALEN); 621 memcpy(mgmt->bssid, bssid, ETH_ALEN);
307 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | stype);
308 skb_put(skb, 2);
309 /* u.deauth.reason_code == u.disassoc.reason_code */ 622 /* u.deauth.reason_code == u.disassoc.reason_code */
310 mgmt->u.deauth.reason_code = cpu_to_le16(reason); 623 mgmt->u.deauth.reason_code = cpu_to_le16(reason);
311 624
312 if (stype == IEEE80211_STYPE_DEAUTH) 625 if (send_frame) {
313 if (cookie) 626 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
314 __cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 627 DEAUTH_DISASSOC_LEN);
315 else 628 if (!skb)
316 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 629 return;
317 else
318 if (cookie)
319 __cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
320 else
321 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
322 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
323 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
324 630
325 if (send_frame) 631 skb_reserve(skb, local->hw.extra_tx_headroom);
632
633 /* copy in frame */
634 memcpy(skb_put(skb, DEAUTH_DISASSOC_LEN),
635 mgmt, DEAUTH_DISASSOC_LEN);
636
637 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
638 IEEE80211_SKB_CB(skb)->flags |=
639 IEEE80211_TX_INTFL_DONT_ENCRYPT;
326 ieee80211_tx_skb(sdata, skb); 640 ieee80211_tx_skb(sdata, skb);
327 else 641 }
328 kfree_skb(skb);
329} 642}
330 643
331void ieee80211_send_pspoll(struct ieee80211_local *local, 644void ieee80211_send_pspoll(struct ieee80211_local *local,
@@ -547,7 +860,7 @@ static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
547 if (pwr_constr_elem_len != 1) 860 if (pwr_constr_elem_len != 1)
548 return; 861 return;
549 862
550 if ((*pwr_constr_elem <= conf->channel->max_power) && 863 if ((*pwr_constr_elem <= conf->channel->max_reg_power) &&
551 (*pwr_constr_elem != sdata->local->power_constr_level)) { 864 (*pwr_constr_elem != sdata->local->power_constr_level)) {
552 sdata->local->power_constr_level = *pwr_constr_elem; 865 sdata->local->power_constr_level = *pwr_constr_elem;
553 ieee80211_hw_config(sdata->local, 0); 866 ieee80211_hw_config(sdata->local, 0);
@@ -879,7 +1192,7 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
879 return; 1192 return;
880 1193
881 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 1194 if (ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
882 uapsd_queues = local->uapsd_queues; 1195 uapsd_queues = ifmgd->uapsd_queues;
883 1196
884 count = wmm_param[6] & 0x0f; 1197 count = wmm_param[6] & 0x0f;
885 if (count == ifmgd->wmm_last_param_set) 1198 if (count == ifmgd->wmm_last_param_set)
@@ -953,7 +1266,6 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
953 1266
954 /* enable WMM or activate new settings */ 1267 /* enable WMM or activate new settings */
955 sdata->vif.bss_conf.qos = true; 1268 sdata->vif.bss_conf.qos = true;
956 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
957} 1269}
958 1270
959static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 1271static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
@@ -1006,7 +1318,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1006 bss_info_changed |= BSS_CHANGED_ASSOC; 1318 bss_info_changed |= BSS_CHANGED_ASSOC;
1007 /* set timing information */ 1319 /* set timing information */
1008 bss_conf->beacon_int = cbss->beacon_interval; 1320 bss_conf->beacon_int = cbss->beacon_interval;
1009 bss_conf->timestamp = cbss->tsf; 1321 bss_conf->last_tsf = cbss->tsf;
1010 1322
1011 bss_info_changed |= BSS_CHANGED_BEACON_INT; 1323 bss_info_changed |= BSS_CHANGED_BEACON_INT;
1012 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 1324 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
@@ -1032,18 +1344,9 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1032 bss_conf->dtim_period = 0; 1344 bss_conf->dtim_period = 0;
1033 1345
1034 bss_conf->assoc = 1; 1346 bss_conf->assoc = 1;
1035 /*
1036 * For now just always ask the driver to update the basic rateset
1037 * when we have associated, we aren't checking whether it actually
1038 * changed or not.
1039 */
1040 bss_info_changed |= BSS_CHANGED_BASIC_RATES;
1041
1042 /* And the BSSID changed - we're associated now */
1043 bss_info_changed |= BSS_CHANGED_BSSID;
1044 1347
1045 /* Tell the driver to monitor connection quality (if supported) */ 1348 /* Tell the driver to monitor connection quality (if supported) */
1046 if ((local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI) && 1349 if (sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI &&
1047 bss_conf->cqm_rssi_thold) 1350 bss_conf->cqm_rssi_thold)
1048 bss_info_changed |= BSS_CHANGED_CQM; 1351 bss_info_changed |= BSS_CHANGED_CQM;
1049 1352
@@ -1065,16 +1368,20 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1065} 1368}
1066 1369
1067static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1370static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1068 bool remove_sta, bool tx) 1371 u16 stype, u16 reason, bool tx,
1372 u8 *frame_buf)
1069{ 1373{
1070 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1374 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1071 struct ieee80211_local *local = sdata->local; 1375 struct ieee80211_local *local = sdata->local;
1072 struct sta_info *sta; 1376 struct sta_info *sta;
1073 u32 changed = 0, config_changed = 0; 1377 u32 changed = 0;
1074 u8 bssid[ETH_ALEN]; 1378 u8 bssid[ETH_ALEN];
1075 1379
1076 ASSERT_MGD_MTX(ifmgd); 1380 ASSERT_MGD_MTX(ifmgd);
1077 1381
1382 if (WARN_ON_ONCE(tx && !frame_buf))
1383 return;
1384
1078 if (WARN_ON(!ifmgd->associated)) 1385 if (WARN_ON(!ifmgd->associated))
1079 return; 1386 return;
1080 1387
@@ -1108,17 +1415,25 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1108 } 1415 }
1109 mutex_unlock(&local->sta_mtx); 1416 mutex_unlock(&local->sta_mtx);
1110 1417
1418 /* deauthenticate/disassociate now */
1419 if (tx || frame_buf)
1420 ieee80211_send_deauth_disassoc(sdata, bssid, stype, reason,
1421 tx, frame_buf);
1422
1423 /* flush out frame */
1424 if (tx)
1425 drv_flush(local, false);
1426
1427 /* remove AP and TDLS peers */
1428 sta_info_flush(local, sdata);
1429
1430 /* finally reset all BSS / config parameters */
1111 changed |= ieee80211_reset_erp_info(sdata); 1431 changed |= ieee80211_reset_erp_info(sdata);
1112 1432
1113 ieee80211_led_assoc(local, 0); 1433 ieee80211_led_assoc(local, 0);
1114 changed |= BSS_CHANGED_ASSOC; 1434 changed |= BSS_CHANGED_ASSOC;
1115 sdata->vif.bss_conf.assoc = false; 1435 sdata->vif.bss_conf.assoc = false;
1116 1436
1117 ieee80211_set_wmm_default(sdata);
1118
1119 /* channel(_type) changes are handled by ieee80211_hw_config */
1120 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT));
1121
1122 /* on the next assoc, re-program HT parameters */ 1437 /* on the next assoc, re-program HT parameters */
1123 sdata->ht_opmode_valid = false; 1438 sdata->ht_opmode_valid = false;
1124 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1439 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
@@ -1131,25 +1446,29 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1131 1446
1132 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 1447 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
1133 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1448 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
1134 config_changed |= IEEE80211_CONF_CHANGE_PS; 1449 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1135 } 1450 }
1136 local->ps_sdata = NULL; 1451 local->ps_sdata = NULL;
1137 1452
1138 ieee80211_hw_config(local, config_changed);
1139
1140 /* Disable ARP filtering */ 1453 /* Disable ARP filtering */
1141 if (sdata->vif.bss_conf.arp_filter_enabled) { 1454 if (sdata->vif.bss_conf.arp_filter_enabled) {
1142 sdata->vif.bss_conf.arp_filter_enabled = false; 1455 sdata->vif.bss_conf.arp_filter_enabled = false;
1143 changed |= BSS_CHANGED_ARP_FILTER; 1456 changed |= BSS_CHANGED_ARP_FILTER;
1144 } 1457 }
1145 1458
1459 sdata->vif.bss_conf.qos = false;
1460 changed |= BSS_CHANGED_QOS;
1461
1146 /* The BSSID (not really interesting) and HT changed */ 1462 /* The BSSID (not really interesting) and HT changed */
1147 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 1463 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
1148 ieee80211_bss_info_change_notify(sdata, changed); 1464 ieee80211_bss_info_change_notify(sdata, changed);
1149 1465
1150 /* remove AP and TDLS peers */ 1466 /* channel(_type) changes are handled by ieee80211_hw_config */
1151 if (remove_sta) 1467 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT));
1152 sta_info_flush(local, sdata); 1468 ieee80211_hw_config(local, 0);
1469
1470 /* disassociated - set to defaults now */
1471 ieee80211_set_wmm_default(sdata, false);
1153 1472
1154 del_timer_sync(&sdata->u.mgd.conn_mon_timer); 1473 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1155 del_timer_sync(&sdata->u.mgd.bcn_mon_timer); 1474 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
@@ -1347,6 +1666,7 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1347 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1666 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1348 struct ieee80211_local *local = sdata->local; 1667 struct ieee80211_local *local = sdata->local;
1349 u8 bssid[ETH_ALEN]; 1668 u8 bssid[ETH_ALEN];
1669 u8 frame_buf[DEAUTH_DISASSOC_LEN];
1350 1670
1351 mutex_lock(&ifmgd->mtx); 1671 mutex_lock(&ifmgd->mtx);
1352 if (!ifmgd->associated) { 1672 if (!ifmgd->associated) {
@@ -1359,17 +1679,16 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1359 printk(KERN_DEBUG "%s: Connection to AP %pM lost.\n", 1679 printk(KERN_DEBUG "%s: Connection to AP %pM lost.\n",
1360 sdata->name, bssid); 1680 sdata->name, bssid);
1361 1681
1362 ieee80211_set_disassoc(sdata, true, true); 1682 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
1683 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1684 false, frame_buf);
1363 mutex_unlock(&ifmgd->mtx); 1685 mutex_unlock(&ifmgd->mtx);
1364 1686
1365 /* 1687 /*
1366 * must be outside lock due to cfg80211, 1688 * must be outside lock due to cfg80211,
1367 * but that's not a problem. 1689 * but that's not a problem.
1368 */ 1690 */
1369 ieee80211_send_deauth_disassoc(sdata, bssid, 1691 cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN);
1370 IEEE80211_STYPE_DEAUTH,
1371 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1372 NULL, true);
1373 1692
1374 mutex_lock(&local->mtx); 1693 mutex_lock(&local->mtx);
1375 ieee80211_recalc_idle(local); 1694 ieee80211_recalc_idle(local);
@@ -1423,6 +1742,126 @@ void ieee80211_connection_loss(struct ieee80211_vif *vif)
1423EXPORT_SYMBOL(ieee80211_connection_loss); 1742EXPORT_SYMBOL(ieee80211_connection_loss);
1424 1743
1425 1744
1745static void ieee80211_destroy_auth_data(struct ieee80211_sub_if_data *sdata,
1746 bool assoc)
1747{
1748 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
1749
1750 lockdep_assert_held(&sdata->u.mgd.mtx);
1751
1752 if (!assoc) {
1753 sta_info_destroy_addr(sdata, auth_data->bss->bssid);
1754
1755 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
1756 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
1757 }
1758
1759 cfg80211_put_bss(auth_data->bss);
1760 kfree(auth_data);
1761 sdata->u.mgd.auth_data = NULL;
1762}
1763
1764static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
1765 struct ieee80211_mgmt *mgmt, size_t len)
1766{
1767 struct ieee80211_mgd_auth_data *auth_data = sdata->u.mgd.auth_data;
1768 u8 *pos;
1769 struct ieee802_11_elems elems;
1770
1771 pos = mgmt->u.auth.variable;
1772 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
1773 if (!elems.challenge)
1774 return;
1775 auth_data->expected_transaction = 4;
1776 ieee80211_send_auth(sdata, 3, auth_data->algorithm,
1777 elems.challenge - 2, elems.challenge_len + 2,
1778 auth_data->bss->bssid, auth_data->bss->bssid,
1779 auth_data->key, auth_data->key_len,
1780 auth_data->key_idx);
1781}
1782
1783static enum rx_mgmt_action __must_check
1784ieee80211_rx_mgmt_auth(struct ieee80211_sub_if_data *sdata,
1785 struct ieee80211_mgmt *mgmt, size_t len)
1786{
1787 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1788 u8 bssid[ETH_ALEN];
1789 u16 auth_alg, auth_transaction, status_code;
1790 struct sta_info *sta;
1791
1792 lockdep_assert_held(&ifmgd->mtx);
1793
1794 if (len < 24 + 6)
1795 return RX_MGMT_NONE;
1796
1797 if (!ifmgd->auth_data || ifmgd->auth_data->done)
1798 return RX_MGMT_NONE;
1799
1800 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
1801
1802 if (compare_ether_addr(bssid, mgmt->bssid))
1803 return RX_MGMT_NONE;
1804
1805 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
1806 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
1807 status_code = le16_to_cpu(mgmt->u.auth.status_code);
1808
1809 if (auth_alg != ifmgd->auth_data->algorithm ||
1810 auth_transaction != ifmgd->auth_data->expected_transaction)
1811 return RX_MGMT_NONE;
1812
1813 if (status_code != WLAN_STATUS_SUCCESS) {
1814 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
1815 sdata->name, mgmt->sa, status_code);
1816 goto out;
1817 }
1818
1819 switch (ifmgd->auth_data->algorithm) {
1820 case WLAN_AUTH_OPEN:
1821 case WLAN_AUTH_LEAP:
1822 case WLAN_AUTH_FT:
1823 break;
1824 case WLAN_AUTH_SHARED_KEY:
1825 if (ifmgd->auth_data->expected_transaction != 4) {
1826 ieee80211_auth_challenge(sdata, mgmt, len);
1827 /* need another frame */
1828 return RX_MGMT_NONE;
1829 }
1830 break;
1831 default:
1832 WARN_ONCE(1, "invalid auth alg %d",
1833 ifmgd->auth_data->algorithm);
1834 return RX_MGMT_NONE;
1835 }
1836
1837 printk(KERN_DEBUG "%s: authenticated\n", sdata->name);
1838 out:
1839 ifmgd->auth_data->done = true;
1840 ifmgd->auth_data->timeout = jiffies + IEEE80211_AUTH_WAIT_ASSOC;
1841 run_again(ifmgd, ifmgd->auth_data->timeout);
1842
1843 /* move station state to auth */
1844 mutex_lock(&sdata->local->sta_mtx);
1845 sta = sta_info_get(sdata, bssid);
1846 if (!sta) {
1847 WARN_ONCE(1, "%s: STA %pM not found", sdata->name, bssid);
1848 goto out_err;
1849 }
1850 if (sta_info_move_state(sta, IEEE80211_STA_AUTH)) {
1851 printk(KERN_DEBUG "%s: failed moving %pM to auth\n",
1852 sdata->name, bssid);
1853 goto out_err;
1854 }
1855 mutex_unlock(&sdata->local->sta_mtx);
1856
1857 return RX_MGMT_CFG80211_RX_AUTH;
1858 out_err:
1859 mutex_unlock(&sdata->local->sta_mtx);
1860 /* ignore frame -- wait for timeout */
1861 return RX_MGMT_NONE;
1862}
1863
1864
1426static enum rx_mgmt_action __must_check 1865static enum rx_mgmt_action __must_check
1427ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1866ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1428 struct ieee80211_mgmt *mgmt, size_t len) 1867 struct ieee80211_mgmt *mgmt, size_t len)
@@ -1431,10 +1870,14 @@ ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1431 const u8 *bssid = NULL; 1870 const u8 *bssid = NULL;
1432 u16 reason_code; 1871 u16 reason_code;
1433 1872
1873 lockdep_assert_held(&ifmgd->mtx);
1874
1434 if (len < 24 + 2) 1875 if (len < 24 + 2)
1435 return RX_MGMT_NONE; 1876 return RX_MGMT_NONE;
1436 1877
1437 ASSERT_MGD_MTX(ifmgd); 1878 if (!ifmgd->associated ||
1879 compare_ether_addr(mgmt->bssid, ifmgd->associated->bssid))
1880 return RX_MGMT_NONE;
1438 1881
1439 bssid = ifmgd->associated->bssid; 1882 bssid = ifmgd->associated->bssid;
1440 1883
@@ -1443,7 +1886,8 @@ ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1443 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 1886 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
1444 sdata->name, bssid, reason_code); 1887 sdata->name, bssid, reason_code);
1445 1888
1446 ieee80211_set_disassoc(sdata, true, false); 1889 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
1890
1447 mutex_lock(&sdata->local->mtx); 1891 mutex_lock(&sdata->local->mtx);
1448 ieee80211_recalc_idle(sdata->local); 1892 ieee80211_recalc_idle(sdata->local);
1449 mutex_unlock(&sdata->local->mtx); 1893 mutex_unlock(&sdata->local->mtx);
@@ -1459,15 +1903,13 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1459 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1903 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1460 u16 reason_code; 1904 u16 reason_code;
1461 1905
1462 if (len < 24 + 2) 1906 lockdep_assert_held(&ifmgd->mtx);
1463 return RX_MGMT_NONE;
1464
1465 ASSERT_MGD_MTX(ifmgd);
1466 1907
1467 if (WARN_ON(!ifmgd->associated)) 1908 if (len < 24 + 2)
1468 return RX_MGMT_NONE; 1909 return RX_MGMT_NONE;
1469 1910
1470 if (WARN_ON(memcmp(ifmgd->associated->bssid, mgmt->sa, ETH_ALEN))) 1911 if (!ifmgd->associated ||
1912 compare_ether_addr(mgmt->bssid, ifmgd->associated->bssid))
1471 return RX_MGMT_NONE; 1913 return RX_MGMT_NONE;
1472 1914
1473 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code); 1915 reason_code = le16_to_cpu(mgmt->u.disassoc.reason_code);
@@ -1475,10 +1917,12 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1475 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1917 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1476 sdata->name, mgmt->sa, reason_code); 1918 sdata->name, mgmt->sa, reason_code);
1477 1919
1478 ieee80211_set_disassoc(sdata, true, false); 1920 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
1921
1479 mutex_lock(&sdata->local->mtx); 1922 mutex_lock(&sdata->local->mtx);
1480 ieee80211_recalc_idle(sdata->local); 1923 ieee80211_recalc_idle(sdata->local);
1481 mutex_unlock(&sdata->local->mtx); 1924 mutex_unlock(&sdata->local->mtx);
1925
1482 return RX_MGMT_CFG80211_DISASSOC; 1926 return RX_MGMT_CFG80211_DISASSOC;
1483} 1927}
1484 1928
@@ -1524,25 +1968,39 @@ static void ieee80211_get_rates(struct ieee80211_supported_band *sband,
1524 } 1968 }
1525} 1969}
1526 1970
1527static bool ieee80211_assoc_success(struct ieee80211_work *wk, 1971static void ieee80211_destroy_assoc_data(struct ieee80211_sub_if_data *sdata,
1972 bool assoc)
1973{
1974 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
1975
1976 lockdep_assert_held(&sdata->u.mgd.mtx);
1977
1978 if (!assoc) {
1979 sta_info_destroy_addr(sdata, assoc_data->bss->bssid);
1980
1981 memset(sdata->u.mgd.bssid, 0, ETH_ALEN);
1982 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID);
1983 }
1984
1985 kfree(assoc_data);
1986 sdata->u.mgd.assoc_data = NULL;
1987}
1988
1989static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
1990 struct cfg80211_bss *cbss,
1528 struct ieee80211_mgmt *mgmt, size_t len) 1991 struct ieee80211_mgmt *mgmt, size_t len)
1529{ 1992{
1530 struct ieee80211_sub_if_data *sdata = wk->sdata;
1531 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1993 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1532 struct ieee80211_local *local = sdata->local; 1994 struct ieee80211_local *local = sdata->local;
1533 struct ieee80211_supported_band *sband; 1995 struct ieee80211_supported_band *sband;
1534 struct sta_info *sta; 1996 struct sta_info *sta;
1535 struct cfg80211_bss *cbss = wk->assoc.bss;
1536 u8 *pos; 1997 u8 *pos;
1537 u32 rates, basic_rates;
1538 u16 capab_info, aid; 1998 u16 capab_info, aid;
1539 struct ieee802_11_elems elems; 1999 struct ieee802_11_elems elems;
1540 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 2000 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1541 u32 changed = 0; 2001 u32 changed = 0;
1542 int err; 2002 int err;
1543 bool have_higher_than_11mbit = false;
1544 u16 ap_ht_cap_flags; 2003 u16 ap_ht_cap_flags;
1545 int min_rate = INT_MAX, min_rate_index = -1;
1546 2004
1547 /* AssocResp and ReassocResp have identical structure */ 2005 /* AssocResp and ReassocResp have identical structure */
1548 2006
@@ -1581,49 +2039,13 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1581 * station info was already allocated and inserted before 2039 * station info was already allocated and inserted before
1582 * the association and should be available to us 2040 * the association and should be available to us
1583 */ 2041 */
1584 sta = sta_info_get_rx(sdata, cbss->bssid); 2042 sta = sta_info_get(sdata, cbss->bssid);
1585 if (WARN_ON(!sta)) { 2043 if (WARN_ON(!sta)) {
1586 mutex_unlock(&sdata->local->sta_mtx); 2044 mutex_unlock(&sdata->local->sta_mtx);
1587 return false; 2045 return false;
1588 } 2046 }
1589 2047
1590 sta_info_move_state(sta, IEEE80211_STA_AUTH); 2048 sband = local->hw.wiphy->bands[local->oper_channel->band];
1591 sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1592 if (!(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
1593 sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1594
1595 rates = 0;
1596 basic_rates = 0;
1597 sband = local->hw.wiphy->bands[wk->chan->band];
1598
1599 ieee80211_get_rates(sband, elems.supp_rates, elems.supp_rates_len,
1600 &rates, &basic_rates, &have_higher_than_11mbit,
1601 &min_rate, &min_rate_index);
1602
1603 ieee80211_get_rates(sband, elems.ext_supp_rates,
1604 elems.ext_supp_rates_len, &rates, &basic_rates,
1605 &have_higher_than_11mbit,
1606 &min_rate, &min_rate_index);
1607
1608 /*
1609 * some buggy APs don't advertise basic_rates. use the lowest
1610 * supported rate instead.
1611 */
1612 if (unlikely(!basic_rates) && min_rate_index >= 0) {
1613 printk(KERN_DEBUG "%s: No basic rates in AssocResp. "
1614 "Using min supported rate instead.\n", sdata->name);
1615 basic_rates = BIT(min_rate_index);
1616 }
1617
1618 sta->sta.supp_rates[wk->chan->band] = rates;
1619 sdata->vif.bss_conf.basic_rates = basic_rates;
1620
1621 /* cf. IEEE 802.11 9.2.12 */
1622 if (wk->chan->band == IEEE80211_BAND_2GHZ &&
1623 have_higher_than_11mbit)
1624 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
1625 else
1626 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
1627 2049
1628 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2050 if (elems.ht_cap_elem && !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1629 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 2051 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
@@ -1639,15 +2061,22 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1639 if (elems.wmm_param) 2061 if (elems.wmm_param)
1640 set_sta_flag(sta, WLAN_STA_WME); 2062 set_sta_flag(sta, WLAN_STA_WME);
1641 2063
1642 /* sta_info_reinsert will also unlock the mutex lock */ 2064 err = sta_info_move_state(sta, IEEE80211_STA_AUTH);
1643 err = sta_info_reinsert(sta); 2065 if (!err)
1644 sta = NULL; 2066 err = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
2067 if (!err && !(ifmgd->flags & IEEE80211_STA_CONTROL_PORT))
2068 err = sta_info_move_state(sta, IEEE80211_STA_AUTHORIZED);
1645 if (err) { 2069 if (err) {
1646 printk(KERN_DEBUG "%s: failed to insert STA entry for" 2070 printk(KERN_DEBUG
1647 " the AP (error %d)\n", sdata->name, err); 2071 "%s: failed to move station %pM to desired state\n",
2072 sdata->name, sta->sta.addr);
2073 WARN_ON(__sta_info_destroy(sta));
2074 mutex_unlock(&sdata->local->sta_mtx);
1648 return false; 2075 return false;
1649 } 2076 }
1650 2077
2078 mutex_unlock(&sdata->local->sta_mtx);
2079
1651 /* 2080 /*
1652 * Always handle WMM once after association regardless 2081 * Always handle WMM once after association regardless
1653 * of the first value the AP uses. Setting -1 here has 2082 * of the first value the AP uses. Setting -1 here has
@@ -1660,12 +2089,10 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1660 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 2089 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
1661 elems.wmm_param_len); 2090 elems.wmm_param_len);
1662 else 2091 else
1663 ieee80211_set_wmm_default(sdata); 2092 ieee80211_set_wmm_default(sdata, false);
1664 2093 changed |= BSS_CHANGED_QOS;
1665 local->oper_channel = wk->chan;
1666 2094
1667 if (elems.ht_info_elem && elems.wmm_param && 2095 if (elems.ht_info_elem && elems.wmm_param &&
1668 (sdata->local->hw.queues >= 4) &&
1669 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N)) 2096 !(ifmgd->flags & IEEE80211_STA_DISABLE_11N))
1670 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem, 2097 changed |= ieee80211_enable_ht(sdata, elems.ht_info_elem,
1671 cbss->bssid, ap_ht_cap_flags, 2098 cbss->bssid, ap_ht_cap_flags,
@@ -1694,7 +2121,88 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1694 return true; 2121 return true;
1695} 2122}
1696 2123
2124static enum rx_mgmt_action __must_check
2125ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2126 struct ieee80211_mgmt *mgmt, size_t len,
2127 struct cfg80211_bss **bss)
2128{
2129 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2130 struct ieee80211_mgd_assoc_data *assoc_data = ifmgd->assoc_data;
2131 u16 capab_info, status_code, aid;
2132 struct ieee802_11_elems elems;
2133 u8 *pos;
2134 bool reassoc;
2135
2136 lockdep_assert_held(&ifmgd->mtx);
1697 2137
2138 if (!assoc_data)
2139 return RX_MGMT_NONE;
2140 if (compare_ether_addr(assoc_data->bss->bssid, mgmt->bssid))
2141 return RX_MGMT_NONE;
2142
2143 /*
2144 * AssocResp and ReassocResp have identical structure, so process both
2145 * of them in this function.
2146 */
2147
2148 if (len < 24 + 6)
2149 return RX_MGMT_NONE;
2150
2151 reassoc = ieee80211_is_reassoc_req(mgmt->frame_control);
2152 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
2153 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2154 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
2155
2156 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
2157 "status=%d aid=%d)\n",
2158 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
2159 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2160
2161 pos = mgmt->u.assoc_resp.variable;
2162 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
2163
2164 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2165 elems.timeout_int && elems.timeout_int_len == 5 &&
2166 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2167 u32 tu, ms;
2168 tu = get_unaligned_le32(elems.timeout_int + 1);
2169 ms = tu * 1024 / 1000;
2170 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
2171 "comeback duration %u TU (%u ms)\n",
2172 sdata->name, mgmt->sa, tu, ms);
2173 assoc_data->timeout = jiffies + msecs_to_jiffies(ms);
2174 if (ms > IEEE80211_ASSOC_TIMEOUT)
2175 run_again(ifmgd, assoc_data->timeout);
2176 return RX_MGMT_NONE;
2177 }
2178
2179 *bss = assoc_data->bss;
2180
2181 if (status_code != WLAN_STATUS_SUCCESS) {
2182 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
2183 sdata->name, mgmt->sa, status_code);
2184 ieee80211_destroy_assoc_data(sdata, false);
2185 } else {
2186 printk(KERN_DEBUG "%s: associated\n", sdata->name);
2187
2188 if (!ieee80211_assoc_success(sdata, *bss, mgmt, len)) {
2189 /* oops -- internal error -- send timeout for now */
2190 ieee80211_destroy_assoc_data(sdata, true);
2191 sta_info_destroy_addr(sdata, mgmt->bssid);
2192 cfg80211_put_bss(*bss);
2193 return RX_MGMT_CFG80211_ASSOC_TIMEOUT;
2194 }
2195
2196 /*
2197 * destroy assoc_data afterwards, as otherwise an idle
2198 * recalc after assoc_data is NULL but before associated
2199 * is set can cause the interface to go idle
2200 */
2201 ieee80211_destroy_assoc_data(sdata, true);
2202 }
2203
2204 return RX_MGMT_CFG80211_RX_ASSOC;
2205}
1698static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata, 2206static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1699 struct ieee80211_mgmt *mgmt, 2207 struct ieee80211_mgmt *mgmt,
1700 size_t len, 2208 size_t len,
@@ -1708,7 +2216,9 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1708 struct ieee80211_channel *channel; 2216 struct ieee80211_channel *channel;
1709 bool need_ps = false; 2217 bool need_ps = false;
1710 2218
1711 if (sdata->u.mgd.associated) { 2219 if (sdata->u.mgd.associated &&
2220 compare_ether_addr(mgmt->bssid, sdata->u.mgd.associated->bssid)
2221 == 0) {
1712 bss = (void *)sdata->u.mgd.associated->priv; 2222 bss = (void *)sdata->u.mgd.associated->priv;
1713 /* not previously set so we may need to recalc */ 2223 /* not previously set so we may need to recalc */
1714 need_ps = !bss->dtim_period; 2224 need_ps = !bss->dtim_period;
@@ -1763,7 +2273,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1763 2273
1764 ASSERT_MGD_MTX(ifmgd); 2274 ASSERT_MGD_MTX(ifmgd);
1765 2275
1766 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN)) 2276 if (compare_ether_addr(mgmt->da, sdata->vif.addr))
1767 return; /* ignore ProbeResp to foreign address */ 2277 return; /* ignore ProbeResp to foreign address */
1768 2278
1769 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 2279 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
@@ -1776,8 +2286,18 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1776 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 2286 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1777 2287
1778 if (ifmgd->associated && 2288 if (ifmgd->associated &&
1779 memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0) 2289 compare_ether_addr(mgmt->bssid, ifmgd->associated->bssid) == 0)
1780 ieee80211_reset_ap_probe(sdata); 2290 ieee80211_reset_ap_probe(sdata);
2291
2292 if (ifmgd->auth_data && !ifmgd->auth_data->bss->proberesp_ies &&
2293 compare_ether_addr(mgmt->bssid, ifmgd->auth_data->bss->bssid)
2294 == 0) {
2295 /* got probe response, continue with auth */
2296 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
2297 ifmgd->auth_data->tries = 0;
2298 ifmgd->auth_data->timeout = jiffies;
2299 run_again(ifmgd, ifmgd->auth_data->timeout);
2300 }
1781} 2301}
1782 2302
1783/* 2303/*
@@ -1817,7 +2337,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1817 u32 ncrc; 2337 u32 ncrc;
1818 u8 *bssid; 2338 u8 *bssid;
1819 2339
1820 ASSERT_MGD_MTX(ifmgd); 2340 lockdep_assert_held(&ifmgd->mtx);
1821 2341
1822 /* Process beacon from the current BSS */ 2342 /* Process beacon from the current BSS */
1823 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt; 2343 baselen = (u8 *) mgmt->u.beacon.variable - (u8 *) mgmt;
@@ -1827,21 +2347,26 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1827 if (rx_status->freq != local->hw.conf.channel->center_freq) 2347 if (rx_status->freq != local->hw.conf.channel->center_freq)
1828 return; 2348 return;
1829 2349
1830 /* 2350 if (ifmgd->assoc_data && !ifmgd->assoc_data->have_beacon &&
1831 * We might have received a number of frames, among them a 2351 compare_ether_addr(mgmt->bssid, ifmgd->assoc_data->bss->bssid)
1832 * disassoc frame and a beacon... 2352 == 0) {
1833 */ 2353 ieee802_11_parse_elems(mgmt->u.beacon.variable,
1834 if (!ifmgd->associated) 2354 len - baselen, &elems);
1835 return;
1836 2355
1837 bssid = ifmgd->associated->bssid; 2356 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
2357 false);
2358 ifmgd->assoc_data->have_beacon = true;
2359 ifmgd->assoc_data->sent_assoc = false;
2360 /* continue assoc process */
2361 ifmgd->assoc_data->timeout = jiffies;
2362 run_again(ifmgd, ifmgd->assoc_data->timeout);
2363 return;
2364 }
1838 2365
1839 /* 2366 if (!ifmgd->associated ||
1840 * And in theory even frames from a different AP we were just 2367 compare_ether_addr(mgmt->bssid, ifmgd->associated->bssid))
1841 * associated to a split-second ago!
1842 */
1843 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0)
1844 return; 2368 return;
2369 bssid = ifmgd->associated->bssid;
1845 2370
1846 /* Track average RSSI from the Beacon frames of the current AP */ 2371 /* Track average RSSI from the Beacon frames of the current AP */
1847 ifmgd->last_beacon_signal = rx_status->signal; 2372 ifmgd->last_beacon_signal = rx_status->signal;
@@ -1882,7 +2407,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1882 2407
1883 if (bss_conf->cqm_rssi_thold && 2408 if (bss_conf->cqm_rssi_thold &&
1884 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT && 2409 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
1885 !(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) { 2410 !(sdata->vif.driver_flags & IEEE80211_VIF_SUPPORTS_CQM_RSSI)) {
1886 int sig = ifmgd->ave_beacon_signal / 16; 2411 int sig = ifmgd->ave_beacon_signal / 16;
1887 int last_event = ifmgd->last_cqm_event_signal; 2412 int last_event = ifmgd->last_cqm_event_signal;
1888 int thold = bss_conf->cqm_rssi_thold; 2413 int thold = bss_conf->cqm_rssi_thold;
@@ -2025,6 +2550,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
2025 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2550 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2026 struct ieee80211_rx_status *rx_status; 2551 struct ieee80211_rx_status *rx_status;
2027 struct ieee80211_mgmt *mgmt; 2552 struct ieee80211_mgmt *mgmt;
2553 struct cfg80211_bss *bss = NULL;
2028 enum rx_mgmt_action rma = RX_MGMT_NONE; 2554 enum rx_mgmt_action rma = RX_MGMT_NONE;
2029 u16 fc; 2555 u16 fc;
2030 2556
@@ -2034,92 +2560,59 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
2034 2560
2035 mutex_lock(&ifmgd->mtx); 2561 mutex_lock(&ifmgd->mtx);
2036 2562
2037 if (ifmgd->associated && 2563 switch (fc & IEEE80211_FCTL_STYPE) {
2038 memcmp(ifmgd->associated->bssid, mgmt->bssid, ETH_ALEN) == 0) { 2564 case IEEE80211_STYPE_BEACON:
2039 switch (fc & IEEE80211_FCTL_STYPE) { 2565 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, rx_status);
2040 case IEEE80211_STYPE_BEACON: 2566 break;
2041 ieee80211_rx_mgmt_beacon(sdata, mgmt, skb->len, 2567 case IEEE80211_STYPE_PROBE_RESP:
2042 rx_status); 2568 ieee80211_rx_mgmt_probe_resp(sdata, skb);
2043 break; 2569 break;
2044 case IEEE80211_STYPE_PROBE_RESP: 2570 case IEEE80211_STYPE_AUTH:
2045 ieee80211_rx_mgmt_probe_resp(sdata, skb); 2571 rma = ieee80211_rx_mgmt_auth(sdata, mgmt, skb->len);
2046 break; 2572 break;
2047 case IEEE80211_STYPE_DEAUTH: 2573 case IEEE80211_STYPE_DEAUTH:
2048 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len); 2574 rma = ieee80211_rx_mgmt_deauth(sdata, mgmt, skb->len);
2049 break; 2575 break;
2050 case IEEE80211_STYPE_DISASSOC: 2576 case IEEE80211_STYPE_DISASSOC:
2051 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 2577 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
2052 break; 2578 break;
2053 case IEEE80211_STYPE_ACTION: 2579 case IEEE80211_STYPE_ASSOC_RESP:
2054 switch (mgmt->u.action.category) { 2580 case IEEE80211_STYPE_REASSOC_RESP:
2055 case WLAN_CATEGORY_SPECTRUM_MGMT: 2581 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
2056 ieee80211_sta_process_chanswitch(sdata, 2582 break;
2057 &mgmt->u.action.u.chan_switch.sw_elem, 2583 case IEEE80211_STYPE_ACTION:
2058 (void *)ifmgd->associated->priv, 2584 switch (mgmt->u.action.category) {
2059 rx_status->mactime); 2585 case WLAN_CATEGORY_SPECTRUM_MGMT:
2060 break; 2586 ieee80211_sta_process_chanswitch(sdata,
2061 } 2587 &mgmt->u.action.u.chan_switch.sw_elem,
2062 } 2588 (void *)ifmgd->associated->priv,
2063 mutex_unlock(&ifmgd->mtx); 2589 rx_status->mactime);
2064
2065 switch (rma) {
2066 case RX_MGMT_NONE:
2067 /* no action */
2068 break;
2069 case RX_MGMT_CFG80211_DEAUTH:
2070 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2071 break;
2072 case RX_MGMT_CFG80211_DISASSOC:
2073 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
2074 break; 2590 break;
2075 default:
2076 WARN(1, "unexpected: %d", rma);
2077 } 2591 }
2078 return;
2079 } 2592 }
2080
2081 mutex_unlock(&ifmgd->mtx); 2593 mutex_unlock(&ifmgd->mtx);
2082 2594
2083 if (skb->len >= 24 + 2 /* mgmt + deauth reason */ && 2595 switch (rma) {
2084 (fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_DEAUTH) { 2596 case RX_MGMT_NONE:
2085 struct ieee80211_local *local = sdata->local; 2597 /* no action */
2086 struct ieee80211_work *wk; 2598 break;
2087 2599 case RX_MGMT_CFG80211_DEAUTH:
2088 mutex_lock(&local->mtx);
2089 list_for_each_entry(wk, &local->work_list, list) {
2090 if (wk->sdata != sdata)
2091 continue;
2092
2093 if (wk->type != IEEE80211_WORK_ASSOC &&
2094 wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
2095 continue;
2096
2097 if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
2098 continue;
2099 if (memcmp(mgmt->sa, wk->filter_ta, ETH_ALEN))
2100 continue;
2101
2102 /*
2103 * Printing the message only here means we can't
2104 * spuriously print it, but it also means that it
2105 * won't be printed when the frame comes in before
2106 * we even tried to associate or in similar cases.
2107 *
2108 * Ultimately, I suspect cfg80211 should print the
2109 * messages instead.
2110 */
2111 printk(KERN_DEBUG
2112 "%s: deauthenticated from %pM (Reason: %u)\n",
2113 sdata->name, mgmt->bssid,
2114 le16_to_cpu(mgmt->u.deauth.reason_code));
2115
2116 list_del_rcu(&wk->list);
2117 free_work(wk);
2118 break;
2119 }
2120 mutex_unlock(&local->mtx);
2121
2122 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 2600 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
2601 break;
2602 case RX_MGMT_CFG80211_DISASSOC:
2603 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
2604 break;
2605 case RX_MGMT_CFG80211_RX_AUTH:
2606 cfg80211_send_rx_auth(sdata->dev, (u8 *)mgmt, skb->len);
2607 break;
2608 case RX_MGMT_CFG80211_RX_ASSOC:
2609 cfg80211_send_rx_assoc(sdata->dev, bss, (u8 *)mgmt, skb->len);
2610 break;
2611 case RX_MGMT_CFG80211_ASSOC_TIMEOUT:
2612 cfg80211_send_assoc_timeout(sdata->dev, mgmt->bssid);
2613 break;
2614 default:
2615 WARN(1, "unexpected: %d", rma);
2123 } 2616 }
2124} 2617}
2125 2618
@@ -2143,19 +2636,20 @@ static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
2143{ 2636{
2144 struct ieee80211_local *local = sdata->local; 2637 struct ieee80211_local *local = sdata->local;
2145 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2638 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2639 u8 frame_buf[DEAUTH_DISASSOC_LEN];
2146 2640
2147 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 2641 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
2148 IEEE80211_STA_BEACON_POLL); 2642 IEEE80211_STA_BEACON_POLL);
2149 2643
2150 ieee80211_set_disassoc(sdata, true, true); 2644 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, reason,
2645 false, frame_buf);
2151 mutex_unlock(&ifmgd->mtx); 2646 mutex_unlock(&ifmgd->mtx);
2647
2152 /* 2648 /*
2153 * must be outside lock due to cfg80211, 2649 * must be outside lock due to cfg80211,
2154 * but that's not a problem. 2650 * but that's not a problem.
2155 */ 2651 */
2156 ieee80211_send_deauth_disassoc(sdata, bssid, 2652 cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN);
2157 IEEE80211_STYPE_DEAUTH, reason,
2158 NULL, true);
2159 2653
2160 mutex_lock(&local->mtx); 2654 mutex_lock(&local->mtx);
2161 ieee80211_recalc_idle(local); 2655 ieee80211_recalc_idle(local);
@@ -2164,14 +2658,144 @@ static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
2164 mutex_lock(&ifmgd->mtx); 2658 mutex_lock(&ifmgd->mtx);
2165} 2659}
2166 2660
2661static int ieee80211_probe_auth(struct ieee80211_sub_if_data *sdata)
2662{
2663 struct ieee80211_local *local = sdata->local;
2664 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2665 struct ieee80211_mgd_auth_data *auth_data = ifmgd->auth_data;
2666
2667 lockdep_assert_held(&ifmgd->mtx);
2668
2669 if (WARN_ON_ONCE(!auth_data))
2670 return -EINVAL;
2671
2672 auth_data->tries++;
2673
2674 if (auth_data->tries > IEEE80211_AUTH_MAX_TRIES) {
2675 printk(KERN_DEBUG "%s: authentication with %pM timed out\n",
2676 sdata->name, auth_data->bss->bssid);
2677
2678 /*
2679 * Most likely AP is not in the range so remove the
2680 * bss struct for that AP.
2681 */
2682 cfg80211_unlink_bss(local->hw.wiphy, auth_data->bss);
2683
2684 return -ETIMEDOUT;
2685 }
2686
2687 if (auth_data->bss->proberesp_ies) {
2688 printk(KERN_DEBUG "%s: send auth to %pM (try %d/%d)\n",
2689 sdata->name, auth_data->bss->bssid, auth_data->tries,
2690 IEEE80211_AUTH_MAX_TRIES);
2691
2692 auth_data->expected_transaction = 2;
2693 ieee80211_send_auth(sdata, 1, auth_data->algorithm,
2694 auth_data->ie, auth_data->ie_len,
2695 auth_data->bss->bssid,
2696 auth_data->bss->bssid, NULL, 0, 0);
2697 } else {
2698 const u8 *ssidie;
2699
2700 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
2701 sdata->name, auth_data->bss->bssid, auth_data->tries,
2702 IEEE80211_AUTH_MAX_TRIES);
2703
2704 ssidie = ieee80211_bss_get_ie(auth_data->bss, WLAN_EID_SSID);
2705 if (!ssidie)
2706 return -EINVAL;
2707 /*
2708 * Direct probe is sent to broadcast address as some APs
2709 * will not answer to direct packet in unassociated state.
2710 */
2711 ieee80211_send_probe_req(sdata, NULL, ssidie + 2, ssidie[1],
2712 NULL, 0, (u32) -1, true, false);
2713 }
2714
2715 auth_data->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
2716 run_again(ifmgd, auth_data->timeout);
2717
2718 return 0;
2719}
2720
2721static int ieee80211_do_assoc(struct ieee80211_sub_if_data *sdata)
2722{
2723 struct ieee80211_mgd_assoc_data *assoc_data = sdata->u.mgd.assoc_data;
2724 struct ieee80211_local *local = sdata->local;
2725
2726 lockdep_assert_held(&sdata->u.mgd.mtx);
2727
2728 assoc_data->tries++;
2729 if (assoc_data->tries > IEEE80211_ASSOC_MAX_TRIES) {
2730 printk(KERN_DEBUG "%s: association with %pM timed out\n",
2731 sdata->name, assoc_data->bss->bssid);
2732
2733 /*
2734 * Most likely AP is not in the range so remove the
2735 * bss struct for that AP.
2736 */
2737 cfg80211_unlink_bss(local->hw.wiphy, assoc_data->bss);
2738
2739 return -ETIMEDOUT;
2740 }
2741
2742 printk(KERN_DEBUG "%s: associate with %pM (try %d/%d)\n",
2743 sdata->name, assoc_data->bss->bssid, assoc_data->tries,
2744 IEEE80211_ASSOC_MAX_TRIES);
2745 ieee80211_send_assoc(sdata);
2746
2747 assoc_data->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
2748 run_again(&sdata->u.mgd, assoc_data->timeout);
2749
2750 return 0;
2751}
2752
2167void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 2753void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
2168{ 2754{
2169 struct ieee80211_local *local = sdata->local; 2755 struct ieee80211_local *local = sdata->local;
2170 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2756 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2171 2757
2172 /* then process the rest of the work */
2173 mutex_lock(&ifmgd->mtx); 2758 mutex_lock(&ifmgd->mtx);
2174 2759
2760 if (ifmgd->auth_data &&
2761 time_after(jiffies, ifmgd->auth_data->timeout)) {
2762 if (ifmgd->auth_data->done) {
2763 /*
2764 * ok ... we waited for assoc but userspace didn't,
2765 * so let's just kill the auth data
2766 */
2767 ieee80211_destroy_auth_data(sdata, false);
2768 } else if (ieee80211_probe_auth(sdata)) {
2769 u8 bssid[ETH_ALEN];
2770
2771 memcpy(bssid, ifmgd->auth_data->bss->bssid, ETH_ALEN);
2772
2773 ieee80211_destroy_auth_data(sdata, false);
2774
2775 mutex_unlock(&ifmgd->mtx);
2776 cfg80211_send_auth_timeout(sdata->dev, bssid);
2777 mutex_lock(&ifmgd->mtx);
2778 }
2779 } else if (ifmgd->auth_data)
2780 run_again(ifmgd, ifmgd->auth_data->timeout);
2781
2782 if (ifmgd->assoc_data &&
2783 time_after(jiffies, ifmgd->assoc_data->timeout)) {
2784 if (!ifmgd->assoc_data->have_beacon ||
2785 ieee80211_do_assoc(sdata)) {
2786 u8 bssid[ETH_ALEN];
2787
2788 memcpy(bssid, ifmgd->assoc_data->bss->bssid, ETH_ALEN);
2789
2790 ieee80211_destroy_assoc_data(sdata, false);
2791
2792 mutex_unlock(&ifmgd->mtx);
2793 cfg80211_send_assoc_timeout(sdata->dev, bssid);
2794 mutex_lock(&ifmgd->mtx);
2795 }
2796 } else if (ifmgd->assoc_data)
2797 run_again(ifmgd, ifmgd->assoc_data->timeout);
2798
2175 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 2799 if (ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
2176 IEEE80211_STA_CONNECTION_POLL) && 2800 IEEE80211_STA_CONNECTION_POLL) &&
2177 ifmgd->associated) { 2801 ifmgd->associated) {
@@ -2247,6 +2871,10 @@ void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
2247 } 2871 }
2248 2872
2249 mutex_unlock(&ifmgd->mtx); 2873 mutex_unlock(&ifmgd->mtx);
2874
2875 mutex_lock(&local->mtx);
2876 ieee80211_recalc_idle(local);
2877 mutex_unlock(&local->mtx);
2250} 2878}
2251 2879
2252static void ieee80211_sta_bcn_mon_timer(unsigned long data) 2880static void ieee80211_sta_bcn_mon_timer(unsigned long data)
@@ -2286,13 +2914,17 @@ static void ieee80211_sta_monitor_work(struct work_struct *work)
2286 2914
2287static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata) 2915static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
2288{ 2916{
2917 u32 flags;
2918
2289 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 2919 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
2290 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL | 2920 sdata->u.mgd.flags &= ~(IEEE80211_STA_BEACON_POLL |
2291 IEEE80211_STA_CONNECTION_POLL); 2921 IEEE80211_STA_CONNECTION_POLL);
2292 2922
2293 /* let's probe the connection once */ 2923 /* let's probe the connection once */
2294 ieee80211_queue_work(&sdata->local->hw, 2924 flags = sdata->local->hw.flags;
2295 &sdata->u.mgd.monitor_work); 2925 if (!(flags & IEEE80211_HW_CONNECTION_MONITOR))
2926 ieee80211_queue_work(&sdata->local->hw,
2927 &sdata->u.mgd.monitor_work);
2296 /* and do all the other regular work too */ 2928 /* and do all the other regular work too */
2297 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 2929 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
2298 } 2930 }
@@ -2356,7 +2988,6 @@ void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
2356 add_timer(&ifmgd->chswitch_timer); 2988 add_timer(&ifmgd->chswitch_timer);
2357 ieee80211_sta_reset_beacon_monitor(sdata); 2989 ieee80211_sta_reset_beacon_monitor(sdata);
2358 ieee80211_restart_sta_timer(sdata); 2990 ieee80211_restart_sta_timer(sdata);
2359 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.monitor_work);
2360} 2991}
2361#endif 2992#endif
2362 2993
@@ -2382,6 +3013,8 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
2382 3013
2383 ifmgd->flags = 0; 3014 ifmgd->flags = 0;
2384 ifmgd->powersave = sdata->wdev.ps; 3015 ifmgd->powersave = sdata->wdev.ps;
3016 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
3017 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
2385 3018
2386 mutex_init(&ifmgd->mtx); 3019 mutex_init(&ifmgd->mtx);
2387 3020
@@ -2418,54 +3051,119 @@ int ieee80211_max_network_latency(struct notifier_block *nb,
2418 return 0; 3051 return 0;
2419} 3052}
2420 3053
2421/* config hooks */ 3054static int ieee80211_prep_connection(struct ieee80211_sub_if_data *sdata,
2422static enum work_done_result 3055 struct cfg80211_bss *cbss, bool assoc)
2423ieee80211_probe_auth_done(struct ieee80211_work *wk,
2424 struct sk_buff *skb)
2425{ 3056{
2426 struct ieee80211_local *local = wk->sdata->local; 3057 struct ieee80211_local *local = sdata->local;
3058 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3059 struct ieee80211_bss *bss = (void *)cbss->priv;
3060 struct sta_info *sta;
3061 bool have_sta = false;
3062 int err;
2427 3063
2428 if (!skb) { 3064 if (WARN_ON(!ifmgd->auth_data && !ifmgd->assoc_data))
2429 cfg80211_send_auth_timeout(wk->sdata->dev, wk->filter_ta); 3065 return -EINVAL;
2430 goto destroy; 3066
3067 if (assoc) {
3068 rcu_read_lock();
3069 have_sta = sta_info_get(sdata, cbss->bssid);
3070 rcu_read_unlock();
2431 } 3071 }
2432 3072
2433 if (wk->type == IEEE80211_WORK_AUTH) { 3073 if (!have_sta) {
2434 cfg80211_send_rx_auth(wk->sdata->dev, skb->data, skb->len); 3074 sta = sta_info_alloc(sdata, cbss->bssid, GFP_KERNEL);
2435 goto destroy; 3075 if (!sta)
3076 return -ENOMEM;
2436 } 3077 }
2437 3078
2438 mutex_lock(&wk->sdata->u.mgd.mtx); 3079 mutex_lock(&local->mtx);
2439 ieee80211_rx_mgmt_probe_resp(wk->sdata, skb); 3080 ieee80211_recalc_idle(sdata->local);
2440 mutex_unlock(&wk->sdata->u.mgd.mtx); 3081 mutex_unlock(&local->mtx);
3082
3083 /* switch to the right channel */
3084 local->oper_channel = cbss->channel;
3085 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
3086
3087 if (!have_sta) {
3088 struct ieee80211_supported_band *sband;
3089 u32 rates = 0, basic_rates = 0;
3090 bool have_higher_than_11mbit;
3091 int min_rate = INT_MAX, min_rate_index = -1;
3092
3093 sband = sdata->local->hw.wiphy->bands[cbss->channel->band];
3094
3095 ieee80211_get_rates(sband, bss->supp_rates,
3096 bss->supp_rates_len,
3097 &rates, &basic_rates,
3098 &have_higher_than_11mbit,
3099 &min_rate, &min_rate_index);
3100
3101 /*
3102 * This used to be a workaround for basic rates missing
3103 * in the association response frame. Now that we no
3104 * longer use the basic rates from there, it probably
3105 * doesn't happen any more, but keep the workaround so
3106 * in case some *other* APs are buggy in different ways
3107 * we can connect -- with a warning.
3108 */
3109 if (!basic_rates && min_rate_index >= 0) {
3110 printk(KERN_DEBUG
3111 "%s: No basic rates, using min rate instead.\n",
3112 sdata->name);
3113 basic_rates = BIT(min_rate_index);
3114 }
3115
3116 sta->sta.supp_rates[cbss->channel->band] = rates;
3117 sdata->vif.bss_conf.basic_rates = basic_rates;
3118
3119 /* cf. IEEE 802.11 9.2.12 */
3120 if (local->oper_channel->band == IEEE80211_BAND_2GHZ &&
3121 have_higher_than_11mbit)
3122 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
3123 else
3124 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
2441 3125
2442 wk->type = IEEE80211_WORK_AUTH; 3126 memcpy(ifmgd->bssid, cbss->bssid, ETH_ALEN);
2443 wk->probe_auth.tries = 0;
2444 return WORK_DONE_REQUEUE;
2445 destroy:
2446 if (wk->probe_auth.synced)
2447 drv_finish_tx_sync(local, wk->sdata, wk->filter_ta,
2448 IEEE80211_TX_SYNC_AUTH);
2449 3127
2450 return WORK_DONE_DESTROY; 3128 /* tell driver about BSSID and basic rates */
3129 ieee80211_bss_info_change_notify(sdata,
3130 BSS_CHANGED_BSSID | BSS_CHANGED_BASIC_RATES);
3131
3132 if (assoc)
3133 sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
3134
3135 err = sta_info_insert(sta);
3136 sta = NULL;
3137 if (err) {
3138 printk(KERN_DEBUG
3139 "%s: failed to insert STA entry for the AP (error %d)\n",
3140 sdata->name, err);
3141 return err;
3142 }
3143 } else
3144 WARN_ON_ONCE(compare_ether_addr(ifmgd->bssid, cbss->bssid));
3145
3146 return 0;
2451} 3147}
2452 3148
3149/* config hooks */
2453int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 3150int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2454 struct cfg80211_auth_request *req) 3151 struct cfg80211_auth_request *req)
2455{ 3152{
2456 const u8 *ssid; 3153 struct ieee80211_local *local = sdata->local;
2457 struct ieee80211_work *wk; 3154 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3155 struct ieee80211_mgd_auth_data *auth_data;
2458 u16 auth_alg; 3156 u16 auth_alg;
3157 int err;
2459 3158
2460 if (req->local_state_change) 3159 /* prepare auth data structure */
2461 return 0; /* no need to update mac80211 state */
2462 3160
2463 switch (req->auth_type) { 3161 switch (req->auth_type) {
2464 case NL80211_AUTHTYPE_OPEN_SYSTEM: 3162 case NL80211_AUTHTYPE_OPEN_SYSTEM:
2465 auth_alg = WLAN_AUTH_OPEN; 3163 auth_alg = WLAN_AUTH_OPEN;
2466 break; 3164 break;
2467 case NL80211_AUTHTYPE_SHARED_KEY: 3165 case NL80211_AUTHTYPE_SHARED_KEY:
2468 if (IS_ERR(sdata->local->wep_tx_tfm)) 3166 if (IS_ERR(local->wep_tx_tfm))
2469 return -EOPNOTSUPP; 3167 return -EOPNOTSUPP;
2470 auth_alg = WLAN_AUTH_SHARED_KEY; 3168 auth_alg = WLAN_AUTH_SHARED_KEY;
2471 break; 3169 break;
@@ -2479,201 +3177,154 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2479 return -EOPNOTSUPP; 3177 return -EOPNOTSUPP;
2480 } 3178 }
2481 3179
2482 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 3180 auth_data = kzalloc(sizeof(*auth_data) + req->ie_len, GFP_KERNEL);
2483 if (!wk) 3181 if (!auth_data)
2484 return -ENOMEM; 3182 return -ENOMEM;
2485 3183
2486 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN); 3184 auth_data->bss = req->bss;
2487 3185
2488 if (req->ie && req->ie_len) { 3186 if (req->ie && req->ie_len) {
2489 memcpy(wk->ie, req->ie, req->ie_len); 3187 memcpy(auth_data->ie, req->ie, req->ie_len);
2490 wk->ie_len = req->ie_len; 3188 auth_data->ie_len = req->ie_len;
2491 } 3189 }
2492 3190
2493 if (req->key && req->key_len) { 3191 if (req->key && req->key_len) {
2494 wk->probe_auth.key_len = req->key_len; 3192 auth_data->key_len = req->key_len;
2495 wk->probe_auth.key_idx = req->key_idx; 3193 auth_data->key_idx = req->key_idx;
2496 memcpy(wk->probe_auth.key, req->key, req->key_len); 3194 memcpy(auth_data->key, req->key, req->key_len);
2497 } 3195 }
2498 3196
2499 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3197 auth_data->algorithm = auth_alg;
2500 memcpy(wk->probe_auth.ssid, ssid + 2, ssid[1]);
2501 wk->probe_auth.ssid_len = ssid[1];
2502 3198
2503 wk->probe_auth.algorithm = auth_alg; 3199 /* try to authenticate/probe */
2504 wk->probe_auth.privacy = req->bss->capability & WLAN_CAPABILITY_PRIVACY;
2505 3200
2506 /* if we already have a probe, don't probe again */ 3201 mutex_lock(&ifmgd->mtx);
2507 if (req->bss->proberesp_ies)
2508 wk->type = IEEE80211_WORK_AUTH;
2509 else
2510 wk->type = IEEE80211_WORK_DIRECT_PROBE;
2511 wk->chan = req->bss->channel;
2512 wk->chan_type = NL80211_CHAN_NO_HT;
2513 wk->sdata = sdata;
2514 wk->done = ieee80211_probe_auth_done;
2515
2516 ieee80211_add_work(wk);
2517 return 0;
2518}
2519
2520/* create and insert a dummy station entry */
2521static int ieee80211_pre_assoc(struct ieee80211_sub_if_data *sdata,
2522 u8 *bssid) {
2523 struct sta_info *sta;
2524 int err;
2525
2526 sta = sta_info_alloc(sdata, bssid, GFP_KERNEL);
2527 if (!sta)
2528 return -ENOMEM;
2529
2530 sta->dummy = true;
2531
2532 err = sta_info_insert(sta);
2533 sta = NULL;
2534 if (err) {
2535 printk(KERN_DEBUG "%s: failed to insert Dummy STA entry for"
2536 " the AP (error %d)\n", sdata->name, err);
2537 return err;
2538 }
2539
2540 return 0;
2541}
2542
2543static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
2544 struct sk_buff *skb)
2545{
2546 struct ieee80211_local *local = wk->sdata->local;
2547 struct ieee80211_mgmt *mgmt;
2548 struct ieee80211_rx_status *rx_status;
2549 struct ieee802_11_elems elems;
2550 struct cfg80211_bss *cbss = wk->assoc.bss;
2551 u16 status;
2552 3202
2553 if (!skb) { 3203 if ((ifmgd->auth_data && !ifmgd->auth_data->done) ||
2554 sta_info_destroy_addr(wk->sdata, cbss->bssid); 3204 ifmgd->assoc_data) {
2555 cfg80211_send_assoc_timeout(wk->sdata->dev, wk->filter_ta); 3205 err = -EBUSY;
2556 goto destroy; 3206 goto err_free;
2557 } 3207 }
2558 3208
2559 if (wk->type == IEEE80211_WORK_ASSOC_BEACON_WAIT) { 3209 if (ifmgd->auth_data)
2560 mutex_lock(&wk->sdata->u.mgd.mtx); 3210 ieee80211_destroy_auth_data(sdata, false);
2561 rx_status = (void *) skb->cb;
2562 ieee802_11_parse_elems(skb->data + 24 + 12, skb->len - 24 - 12, &elems);
2563 ieee80211_rx_bss_info(wk->sdata, (void *)skb->data, skb->len, rx_status,
2564 &elems, true);
2565 mutex_unlock(&wk->sdata->u.mgd.mtx);
2566 3211
2567 wk->type = IEEE80211_WORK_ASSOC; 3212 /* prep auth_data so we don't go into idle on disassoc */
2568 /* not really done yet */ 3213 ifmgd->auth_data = auth_data;
2569 return WORK_DONE_REQUEUE;
2570 }
2571 3214
2572 mgmt = (void *)skb->data; 3215 if (ifmgd->associated)
2573 status = le16_to_cpu(mgmt->u.assoc_resp.status_code); 3216 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
2574 3217
2575 if (status == WLAN_STATUS_SUCCESS) { 3218 printk(KERN_DEBUG "%s: authenticate with %pM\n",
2576 if (wk->assoc.synced) 3219 sdata->name, req->bss->bssid);
2577 drv_finish_tx_sync(local, wk->sdata, wk->filter_ta,
2578 IEEE80211_TX_SYNC_ASSOC);
2579 3220
2580 mutex_lock(&wk->sdata->u.mgd.mtx); 3221 err = ieee80211_prep_connection(sdata, req->bss, false);
2581 if (!ieee80211_assoc_success(wk, mgmt, skb->len)) { 3222 if (err)
2582 mutex_unlock(&wk->sdata->u.mgd.mtx); 3223 goto err_clear;
2583 /* oops -- internal error -- send timeout for now */
2584 sta_info_destroy_addr(wk->sdata, cbss->bssid);
2585 cfg80211_send_assoc_timeout(wk->sdata->dev,
2586 wk->filter_ta);
2587 return WORK_DONE_DESTROY;
2588 }
2589 3224
2590 mutex_unlock(&wk->sdata->u.mgd.mtx); 3225 err = ieee80211_probe_auth(sdata);
2591 } else { 3226 if (err) {
2592 /* assoc failed - destroy the dummy station entry */ 3227 sta_info_destroy_addr(sdata, req->bss->bssid);
2593 sta_info_destroy_addr(wk->sdata, cbss->bssid); 3228 goto err_clear;
2594 } 3229 }
2595 3230
2596 cfg80211_send_rx_assoc(wk->sdata->dev, skb->data, skb->len); 3231 /* hold our own reference */
2597 destroy: 3232 cfg80211_ref_bss(auth_data->bss);
2598 if (wk->assoc.synced) 3233 err = 0;
2599 drv_finish_tx_sync(local, wk->sdata, wk->filter_ta, 3234 goto out_unlock;
2600 IEEE80211_TX_SYNC_ASSOC); 3235
3236 err_clear:
3237 ifmgd->auth_data = NULL;
3238 err_free:
3239 kfree(auth_data);
3240 out_unlock:
3241 mutex_unlock(&ifmgd->mtx);
2601 3242
2602 return WORK_DONE_DESTROY; 3243 return err;
2603} 3244}
2604 3245
2605int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata, 3246int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2606 struct cfg80211_assoc_request *req) 3247 struct cfg80211_assoc_request *req)
2607{ 3248{
3249 struct ieee80211_local *local = sdata->local;
2608 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3250 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2609 struct ieee80211_bss *bss = (void *)req->bss->priv; 3251 struct ieee80211_bss *bss = (void *)req->bss->priv;
2610 struct ieee80211_work *wk; 3252 struct ieee80211_mgd_assoc_data *assoc_data;
2611 const u8 *ssid; 3253 struct ieee80211_supported_band *sband;
3254 const u8 *ssidie;
2612 int i, err; 3255 int i, err;
2613 3256
3257 ssidie = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);
3258 if (!ssidie)
3259 return -EINVAL;
3260
3261 assoc_data = kzalloc(sizeof(*assoc_data) + req->ie_len, GFP_KERNEL);
3262 if (!assoc_data)
3263 return -ENOMEM;
3264
2614 mutex_lock(&ifmgd->mtx); 3265 mutex_lock(&ifmgd->mtx);
2615 if (ifmgd->associated) {
2616 if (!req->prev_bssid ||
2617 memcmp(req->prev_bssid, ifmgd->associated->bssid,
2618 ETH_ALEN)) {
2619 /*
2620 * We are already associated and the request was not a
2621 * reassociation request from the current BSS, so
2622 * reject it.
2623 */
2624 mutex_unlock(&ifmgd->mtx);
2625 return -EALREADY;
2626 }
2627 3266
2628 /* Trying to reassociate - clear previous association state */ 3267 if (ifmgd->associated)
2629 ieee80211_set_disassoc(sdata, true, false); 3268 ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
3269
3270 if (ifmgd->auth_data && !ifmgd->auth_data->done) {
3271 err = -EBUSY;
3272 goto err_free;
2630 } 3273 }
2631 mutex_unlock(&ifmgd->mtx);
2632 3274
2633 wk = kzalloc(sizeof(*wk) + req->ie_len, GFP_KERNEL); 3275 if (ifmgd->assoc_data) {
2634 if (!wk) 3276 err = -EBUSY;
2635 return -ENOMEM; 3277 goto err_free;
3278 }
2636 3279
2637 /* 3280 if (ifmgd->auth_data) {
2638 * create a dummy station info entry in order 3281 bool match;
2639 * to start accepting incoming EAPOL packets from the station 3282
2640 */ 3283 /* keep sta info, bssid if matching */
2641 err = ieee80211_pre_assoc(sdata, req->bss->bssid); 3284 match = compare_ether_addr(ifmgd->bssid, req->bss->bssid) == 0;
2642 if (err) { 3285 ieee80211_destroy_auth_data(sdata, match);
2643 kfree(wk);
2644 return err;
2645 } 3286 }
2646 3287
3288 /* prepare assoc data */
3289
2647 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 3290 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N;
2648 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 3291 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
2649 3292
2650 ifmgd->beacon_crc_valid = false; 3293 ifmgd->beacon_crc_valid = false;
2651 3294
3295 /*
3296 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode.
3297 * We still associate in non-HT mode (11a/b/g) if any one of these
3298 * ciphers is configured as pairwise.
3299 * We can set this to true for non-11n hardware, that'll be checked
3300 * separately along with the peer capabilities.
3301 */
2652 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 3302 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++)
2653 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 3303 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
2654 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 3304 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
2655 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104) 3305 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP104)
2656 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3306 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
2657 3307
2658
2659 if (req->flags & ASSOC_REQ_DISABLE_HT) 3308 if (req->flags & ASSOC_REQ_DISABLE_HT)
2660 ifmgd->flags |= IEEE80211_STA_DISABLE_11N; 3309 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
2661 3310
3311 /* Also disable HT if we don't support it or the AP doesn't use WMM */
3312 sband = local->hw.wiphy->bands[req->bss->channel->band];
3313 if (!sband->ht_cap.ht_supported ||
3314 local->hw.queues < 4 || !bss->wmm_used)
3315 ifmgd->flags |= IEEE80211_STA_DISABLE_11N;
3316
2662 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa)); 3317 memcpy(&ifmgd->ht_capa, &req->ht_capa, sizeof(ifmgd->ht_capa));
2663 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask, 3318 memcpy(&ifmgd->ht_capa_mask, &req->ht_capa_mask,
2664 sizeof(ifmgd->ht_capa_mask)); 3319 sizeof(ifmgd->ht_capa_mask));
2665 3320
2666 if (req->ie && req->ie_len) { 3321 if (req->ie && req->ie_len) {
2667 memcpy(wk->ie, req->ie, req->ie_len); 3322 memcpy(assoc_data->ie, req->ie, req->ie_len);
2668 wk->ie_len = req->ie_len; 3323 assoc_data->ie_len = req->ie_len;
2669 } else 3324 }
2670 wk->ie_len = 0;
2671
2672 wk->assoc.bss = req->bss;
2673 3325
2674 memcpy(wk->filter_ta, req->bss->bssid, ETH_ALEN); 3326 assoc_data->bss = req->bss;
2675 3327
2676 /* new association always uses requested smps mode */
2677 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) { 3328 if (ifmgd->req_smps == IEEE80211_SMPS_AUTOMATIC) {
2678 if (ifmgd->powersave) 3329 if (ifmgd->powersave)
2679 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC; 3330 ifmgd->ap_smps = IEEE80211_SMPS_DYNAMIC;
@@ -2682,47 +3333,27 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2682 } else 3333 } else
2683 ifmgd->ap_smps = ifmgd->req_smps; 3334 ifmgd->ap_smps = ifmgd->req_smps;
2684 3335
2685 wk->assoc.smps = ifmgd->ap_smps; 3336 assoc_data->capability = req->bss->capability;
2686 /* 3337 assoc_data->wmm = bss->wmm_used && (local->hw.queues >= 4);
2687 * IEEE802.11n does not allow TKIP/WEP as pairwise ciphers in HT mode. 3338 assoc_data->supp_rates = bss->supp_rates;
2688 * We still associate in non-HT mode (11a/b/g) if any one of these 3339 assoc_data->supp_rates_len = bss->supp_rates_len;
2689 * ciphers is configured as pairwise. 3340 assoc_data->ht_information_ie =
2690 * We can set this to true for non-11n hardware, that'll be checked
2691 * separately along with the peer capabilities.
2692 */
2693 wk->assoc.use_11n = !(ifmgd->flags & IEEE80211_STA_DISABLE_11N);
2694 wk->assoc.capability = req->bss->capability;
2695 wk->assoc.wmm_used = bss->wmm_used;
2696 wk->assoc.supp_rates = bss->supp_rates;
2697 wk->assoc.supp_rates_len = bss->supp_rates_len;
2698 wk->assoc.ht_information_ie =
2699 ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_INFORMATION); 3341 ieee80211_bss_get_ie(req->bss, WLAN_EID_HT_INFORMATION);
2700 3342
2701 if (bss->wmm_used && bss->uapsd_supported && 3343 if (bss->wmm_used && bss->uapsd_supported &&
2702 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 3344 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) {
2703 wk->assoc.uapsd_used = true; 3345 assoc_data->uapsd = true;
2704 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 3346 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
2705 } else { 3347 } else {
2706 wk->assoc.uapsd_used = false; 3348 assoc_data->uapsd = false;
2707 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED; 3349 ifmgd->flags &= ~IEEE80211_STA_UAPSD_ENABLED;
2708 } 3350 }
2709 3351
2710 ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID); 3352 memcpy(assoc_data->ssid, ssidie + 2, ssidie[1]);
2711 memcpy(wk->assoc.ssid, ssid + 2, ssid[1]); 3353 assoc_data->ssid_len = ssidie[1];
2712 wk->assoc.ssid_len = ssid[1];
2713 3354
2714 if (req->prev_bssid) 3355 if (req->prev_bssid)
2715 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN); 3356 memcpy(assoc_data->prev_bssid, req->prev_bssid, ETH_ALEN);
2716
2717 wk->chan = req->bss->channel;
2718 wk->chan_type = NL80211_CHAN_NO_HT;
2719 wk->sdata = sdata;
2720 wk->done = ieee80211_assoc_done;
2721 if (!bss->dtim_period &&
2722 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
2723 wk->type = IEEE80211_WORK_ASSOC_BEACON_WAIT;
2724 else
2725 wk->type = IEEE80211_WORK_ASSOC;
2726 3357
2727 if (req->use_mfp) { 3358 if (req->use_mfp) {
2728 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 3359 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
@@ -2740,91 +3371,87 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2740 sdata->control_port_protocol = req->crypto.control_port_ethertype; 3371 sdata->control_port_protocol = req->crypto.control_port_ethertype;
2741 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt; 3372 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
2742 3373
2743 ieee80211_add_work(wk); 3374 /* kick off associate process */
2744 return 0; 3375
3376 ifmgd->assoc_data = assoc_data;
3377
3378 err = ieee80211_prep_connection(sdata, req->bss, true);
3379 if (err)
3380 goto err_clear;
3381
3382 if (!bss->dtim_period &&
3383 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) {
3384 /*
3385 * Wait up to one beacon interval ...
3386 * should this be more if we miss one?
3387 */
3388 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
3389 sdata->name, ifmgd->bssid);
3390 assoc_data->timeout = jiffies +
3391 TU_TO_EXP_TIME(req->bss->beacon_interval);
3392 } else {
3393 assoc_data->have_beacon = true;
3394 assoc_data->sent_assoc = false;
3395 assoc_data->timeout = jiffies;
3396 }
3397 run_again(ifmgd, assoc_data->timeout);
3398
3399 if (bss->corrupt_data) {
3400 char *corrupt_type = "data";
3401 if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_BEACON) {
3402 if (bss->corrupt_data &
3403 IEEE80211_BSS_CORRUPT_PROBE_RESP)
3404 corrupt_type = "beacon and probe response";
3405 else
3406 corrupt_type = "beacon";
3407 } else if (bss->corrupt_data & IEEE80211_BSS_CORRUPT_PROBE_RESP)
3408 corrupt_type = "probe response";
3409 printk(KERN_DEBUG "%s: associating with AP with corrupt %s\n",
3410 sdata->name, corrupt_type);
3411 }
3412
3413 err = 0;
3414 goto out;
3415 err_clear:
3416 ifmgd->assoc_data = NULL;
3417 err_free:
3418 kfree(assoc_data);
3419 out:
3420 mutex_unlock(&ifmgd->mtx);
3421
3422 return err;
2745} 3423}
2746 3424
2747int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata, 3425int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2748 struct cfg80211_deauth_request *req, 3426 struct cfg80211_deauth_request *req)
2749 void *cookie)
2750{ 3427{
2751 struct ieee80211_local *local = sdata->local;
2752 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3428 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2753 u8 bssid[ETH_ALEN]; 3429 u8 frame_buf[DEAUTH_DISASSOC_LEN];
2754 bool assoc_bss = false;
2755 3430
2756 mutex_lock(&ifmgd->mtx); 3431 mutex_lock(&ifmgd->mtx);
2757 3432
2758 memcpy(bssid, req->bss->bssid, ETH_ALEN); 3433 if (ifmgd->auth_data) {
2759 if (ifmgd->associated == req->bss) { 3434 ieee80211_destroy_auth_data(sdata, false);
2760 ieee80211_set_disassoc(sdata, false, true);
2761 mutex_unlock(&ifmgd->mtx);
2762 assoc_bss = true;
2763 } else {
2764 bool not_auth_yet = false;
2765 struct ieee80211_work *tmp, *wk = NULL;
2766
2767 mutex_unlock(&ifmgd->mtx); 3435 mutex_unlock(&ifmgd->mtx);
2768 3436 return 0;
2769 mutex_lock(&local->mtx);
2770 list_for_each_entry(tmp, &local->work_list, list) {
2771 if (tmp->sdata != sdata)
2772 continue;
2773
2774 if (tmp->type != IEEE80211_WORK_DIRECT_PROBE &&
2775 tmp->type != IEEE80211_WORK_AUTH &&
2776 tmp->type != IEEE80211_WORK_ASSOC &&
2777 tmp->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
2778 continue;
2779
2780 if (memcmp(req->bss->bssid, tmp->filter_ta, ETH_ALEN))
2781 continue;
2782
2783 not_auth_yet = tmp->type == IEEE80211_WORK_DIRECT_PROBE;
2784 list_del_rcu(&tmp->list);
2785 synchronize_rcu();
2786 wk = tmp;
2787 break;
2788 }
2789 mutex_unlock(&local->mtx);
2790
2791 if (wk && wk->type == IEEE80211_WORK_ASSOC) {
2792 /* clean up dummy sta & TX sync */
2793 sta_info_destroy_addr(wk->sdata, wk->filter_ta);
2794 if (wk->assoc.synced)
2795 drv_finish_tx_sync(local, wk->sdata,
2796 wk->filter_ta,
2797 IEEE80211_TX_SYNC_ASSOC);
2798 } else if (wk && wk->type == IEEE80211_WORK_AUTH) {
2799 if (wk->probe_auth.synced)
2800 drv_finish_tx_sync(local, wk->sdata,
2801 wk->filter_ta,
2802 IEEE80211_TX_SYNC_AUTH);
2803 }
2804 kfree(wk);
2805
2806 /*
2807 * If somebody requests authentication and we haven't
2808 * sent out an auth frame yet there's no need to send
2809 * out a deauth frame either. If the state was PROBE,
2810 * then this is the case. If it's AUTH we have sent a
2811 * frame, and if it's IDLE we have completed the auth
2812 * process already.
2813 */
2814 if (not_auth_yet) {
2815 __cfg80211_auth_canceled(sdata->dev, bssid);
2816 return 0;
2817 }
2818 } 3437 }
2819 3438
2820 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 3439 printk(KERN_DEBUG
2821 sdata->name, bssid, req->reason_code); 3440 "%s: deauthenticating from %pM by local choice (reason=%d)\n",
3441 sdata->name, req->bssid, req->reason_code);
3442
3443 if (ifmgd->associated &&
3444 compare_ether_addr(ifmgd->associated->bssid, req->bssid) == 0)
3445 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
3446 req->reason_code, true, frame_buf);
3447 else
3448 ieee80211_send_deauth_disassoc(sdata, req->bssid,
3449 IEEE80211_STYPE_DEAUTH,
3450 req->reason_code, true,
3451 frame_buf);
3452 mutex_unlock(&ifmgd->mtx);
2822 3453
2823 ieee80211_send_deauth_disassoc(sdata, bssid, IEEE80211_STYPE_DEAUTH, 3454 __cfg80211_send_deauth(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN);
2824 req->reason_code, cookie,
2825 !req->local_state_change);
2826 if (assoc_bss)
2827 sta_info_flush(sdata->local, sdata);
2828 3455
2829 mutex_lock(&sdata->local->mtx); 3456 mutex_lock(&sdata->local->mtx);
2830 ieee80211_recalc_idle(sdata->local); 3457 ieee80211_recalc_idle(sdata->local);
@@ -2834,11 +3461,11 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2834} 3461}
2835 3462
2836int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 3463int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2837 struct cfg80211_disassoc_request *req, 3464 struct cfg80211_disassoc_request *req)
2838 void *cookie)
2839{ 3465{
2840 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 3466 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2841 u8 bssid[ETH_ALEN]; 3467 u8 bssid[ETH_ALEN];
3468 u8 frame_buf[DEAUTH_DISASSOC_LEN];
2842 3469
2843 mutex_lock(&ifmgd->mtx); 3470 mutex_lock(&ifmgd->mtx);
2844 3471
@@ -2857,14 +3484,12 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2857 sdata->name, req->bss->bssid, req->reason_code); 3484 sdata->name, req->bss->bssid, req->reason_code);
2858 3485
2859 memcpy(bssid, req->bss->bssid, ETH_ALEN); 3486 memcpy(bssid, req->bss->bssid, ETH_ALEN);
2860 ieee80211_set_disassoc(sdata, false, true); 3487 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DISASSOC,
2861 3488 req->reason_code, !req->local_state_change,
3489 frame_buf);
2862 mutex_unlock(&ifmgd->mtx); 3490 mutex_unlock(&ifmgd->mtx);
2863 3491
2864 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 3492 __cfg80211_send_disassoc(sdata->dev, frame_buf, DEAUTH_DISASSOC_LEN);
2865 IEEE80211_STYPE_DISASSOC, req->reason_code,
2866 cookie, !req->local_state_change);
2867 sta_info_flush(sdata->local, sdata);
2868 3493
2869 mutex_lock(&sdata->local->mtx); 3494 mutex_lock(&sdata->local->mtx);
2870 ieee80211_recalc_idle(sdata->local); 3495 ieee80211_recalc_idle(sdata->local);
@@ -2873,6 +3498,19 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2873 return 0; 3498 return 0;
2874} 3499}
2875 3500
3501void ieee80211_mgd_teardown(struct ieee80211_sub_if_data *sdata)
3502{
3503 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
3504
3505 mutex_lock(&ifmgd->mtx);
3506 if (ifmgd->assoc_data)
3507 ieee80211_destroy_assoc_data(sdata, false);
3508 if (ifmgd->auth_data)
3509 ieee80211_destroy_auth_data(sdata, false);
3510 del_timer_sync(&ifmgd->timer);
3511 mutex_unlock(&ifmgd->mtx);
3512}
3513
2876void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 3514void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
2877 enum nl80211_cqm_rssi_threshold_event rssi_event, 3515 enum nl80211_cqm_rssi_threshold_event rssi_event,
2878 gfp_t gfp) 3516 gfp_t gfp)
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 596efaf50e09..ef8eba1d736d 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -98,13 +98,12 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
98 mutex_lock(&local->sta_mtx); 98 mutex_lock(&local->sta_mtx);
99 list_for_each_entry(sta, &local->sta_list, list) { 99 list_for_each_entry(sta, &local->sta_list, list) {
100 if (sta->uploaded) { 100 if (sta->uploaded) {
101 sdata = sta->sdata; 101 enum ieee80211_sta_state state;
102 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
103 sdata = container_of(sdata->bss,
104 struct ieee80211_sub_if_data,
105 u.ap);
106 102
107 drv_sta_remove(local, sdata, &sta->sta); 103 state = sta->sta_state;
104 for (; state > IEEE80211_STA_NOTEXIST; state--)
105 WARN_ON(drv_sta_state(local, sta->sdata, sta,
106 state, state - 1));
108 } 107 }
109 108
110 mesh_plink_quiesce(sta); 109 mesh_plink_quiesce(sta);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index f9b8e819ca63..b4f7600a3e36 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -159,7 +159,6 @@ static struct rate_control_ref *rate_control_alloc(const char *name,
159 ref = kmalloc(sizeof(struct rate_control_ref), GFP_KERNEL); 159 ref = kmalloc(sizeof(struct rate_control_ref), GFP_KERNEL);
160 if (!ref) 160 if (!ref)
161 goto fail_ref; 161 goto fail_ref;
162 kref_init(&ref->kref);
163 ref->local = local; 162 ref->local = local;
164 ref->ops = ieee80211_rate_control_ops_get(name); 163 ref->ops = ieee80211_rate_control_ops_get(name);
165 if (!ref->ops) 164 if (!ref->ops)
@@ -184,11 +183,8 @@ fail_ref:
184 return NULL; 183 return NULL;
185} 184}
186 185
187static void rate_control_release(struct kref *kref) 186static void rate_control_free(struct rate_control_ref *ctrl_ref)
188{ 187{
189 struct rate_control_ref *ctrl_ref;
190
191 ctrl_ref = container_of(kref, struct rate_control_ref, kref);
192 ctrl_ref->ops->free(ctrl_ref->priv); 188 ctrl_ref->ops->free(ctrl_ref->priv);
193 189
194#ifdef CONFIG_MAC80211_DEBUGFS 190#ifdef CONFIG_MAC80211_DEBUGFS
@@ -293,8 +289,8 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
293} 289}
294EXPORT_SYMBOL(rate_control_send_low); 290EXPORT_SYMBOL(rate_control_send_low);
295 291
296static void rate_idx_match_mask(struct ieee80211_tx_rate *rate, 292static bool rate_idx_match_legacy_mask(struct ieee80211_tx_rate *rate,
297 int n_bitrates, u32 mask) 293 int n_bitrates, u32 mask)
298{ 294{
299 int j; 295 int j;
300 296
@@ -303,7 +299,7 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
303 if (mask & (1 << j)) { 299 if (mask & (1 << j)) {
304 /* Okay, found a suitable rate. Use it. */ 300 /* Okay, found a suitable rate. Use it. */
305 rate->idx = j; 301 rate->idx = j;
306 return; 302 return true;
307 } 303 }
308 } 304 }
309 305
@@ -312,6 +308,112 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
312 if (mask & (1 << j)) { 308 if (mask & (1 << j)) {
313 /* Okay, found a suitable rate. Use it. */ 309 /* Okay, found a suitable rate. Use it. */
314 rate->idx = j; 310 rate->idx = j;
311 return true;
312 }
313 }
314 return false;
315}
316
317static bool rate_idx_match_mcs_mask(struct ieee80211_tx_rate *rate,
318 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
319{
320 int i, j;
321 int ridx, rbit;
322
323 ridx = rate->idx / 8;
324 rbit = rate->idx % 8;
325
326 /* sanity check */
327 if (ridx < 0 || ridx >= IEEE80211_HT_MCS_MASK_LEN)
328 return false;
329
330 /* See whether the selected rate or anything below it is allowed. */
331 for (i = ridx; i >= 0; i--) {
332 for (j = rbit; j >= 0; j--)
333 if (mcs_mask[i] & BIT(j)) {
334 rate->idx = i * 8 + j;
335 return true;
336 }
337 rbit = 7;
338 }
339
340 /* Try to find a higher rate that would be allowed */
341 ridx = (rate->idx + 1) / 8;
342 rbit = (rate->idx + 1) % 8;
343
344 for (i = ridx; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
345 for (j = rbit; j < 8; j++)
346 if (mcs_mask[i] & BIT(j)) {
347 rate->idx = i * 8 + j;
348 return true;
349 }
350 rbit = 0;
351 }
352 return false;
353}
354
355
356
357static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
358 struct ieee80211_tx_rate_control *txrc,
359 u32 mask,
360 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
361{
362 struct ieee80211_tx_rate alt_rate;
363
364 /* handle HT rates */
365 if (rate->flags & IEEE80211_TX_RC_MCS) {
366 if (rate_idx_match_mcs_mask(rate, mcs_mask))
367 return;
368
369 /* also try the legacy rates. */
370 alt_rate.idx = 0;
371 /* keep protection flags */
372 alt_rate.flags = rate->flags &
373 (IEEE80211_TX_RC_USE_RTS_CTS |
374 IEEE80211_TX_RC_USE_CTS_PROTECT |
375 IEEE80211_TX_RC_USE_SHORT_PREAMBLE);
376 alt_rate.count = rate->count;
377 if (rate_idx_match_legacy_mask(&alt_rate,
378 txrc->sband->n_bitrates,
379 mask)) {
380 *rate = alt_rate;
381 return;
382 }
383 } else {
384 struct sk_buff *skb = txrc->skb;
385 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
386 __le16 fc;
387
388 /* handle legacy rates */
389 if (rate_idx_match_legacy_mask(rate, txrc->sband->n_bitrates,
390 mask))
391 return;
392
393 /* if HT BSS, and we handle a data frame, also try HT rates */
394 if (txrc->bss_conf->channel_type == NL80211_CHAN_NO_HT)
395 return;
396
397 fc = hdr->frame_control;
398 if (!ieee80211_is_data(fc))
399 return;
400
401 alt_rate.idx = 0;
402 /* keep protection flags */
403 alt_rate.flags = rate->flags &
404 (IEEE80211_TX_RC_USE_RTS_CTS |
405 IEEE80211_TX_RC_USE_CTS_PROTECT |
406 IEEE80211_TX_RC_USE_SHORT_PREAMBLE);
407 alt_rate.count = rate->count;
408
409 alt_rate.flags |= IEEE80211_TX_RC_MCS;
410
411 if ((txrc->bss_conf->channel_type == NL80211_CHAN_HT40MINUS) ||
412 (txrc->bss_conf->channel_type == NL80211_CHAN_HT40PLUS))
413 alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
414
415 if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) {
416 *rate = alt_rate;
315 return; 417 return;
316 } 418 }
317 } 419 }
@@ -335,6 +437,7 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
335 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 437 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
336 int i; 438 int i;
337 u32 mask; 439 u32 mask;
440 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN];
338 441
339 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) { 442 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) {
340 ista = &sta->sta; 443 ista = &sta->sta;
@@ -358,10 +461,14 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
358 * the common case. 461 * the common case.
359 */ 462 */
360 mask = sdata->rc_rateidx_mask[info->band]; 463 mask = sdata->rc_rateidx_mask[info->band];
464 memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band],
465 sizeof(mcs_mask));
361 if (mask != (1 << txrc->sband->n_bitrates) - 1) { 466 if (mask != (1 << txrc->sband->n_bitrates) - 1) {
362 if (sta) { 467 if (sta) {
363 /* Filter out rates that the STA does not support */ 468 /* Filter out rates that the STA does not support */
364 mask &= sta->sta.supp_rates[info->band]; 469 mask &= sta->sta.supp_rates[info->band];
470 for (i = 0; i < sizeof(mcs_mask); i++)
471 mcs_mask[i] &= sta->sta.ht_cap.mcs.rx_mask[i];
365 } 472 }
366 /* 473 /*
367 * Make sure the rate index selected for each TX rate is 474 * Make sure the rate index selected for each TX rate is
@@ -372,32 +479,18 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
372 /* Skip invalid rates */ 479 /* Skip invalid rates */
373 if (info->control.rates[i].idx < 0) 480 if (info->control.rates[i].idx < 0)
374 break; 481 break;
375 /* Rate masking supports only legacy rates for now */ 482 rate_idx_match_mask(&info->control.rates[i], txrc,
376 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) 483 mask, mcs_mask);
377 continue;
378 rate_idx_match_mask(&info->control.rates[i],
379 txrc->sband->n_bitrates, mask);
380 } 484 }
381 } 485 }
382 486
383 BUG_ON(info->control.rates[0].idx < 0); 487 BUG_ON(info->control.rates[0].idx < 0);
384} 488}
385 489
386struct rate_control_ref *rate_control_get(struct rate_control_ref *ref)
387{
388 kref_get(&ref->kref);
389 return ref;
390}
391
392void rate_control_put(struct rate_control_ref *ref)
393{
394 kref_put(&ref->kref, rate_control_release);
395}
396
397int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 490int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
398 const char *name) 491 const char *name)
399{ 492{
400 struct rate_control_ref *ref, *old; 493 struct rate_control_ref *ref;
401 494
402 ASSERT_RTNL(); 495 ASSERT_RTNL();
403 496
@@ -417,12 +510,8 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
417 return -ENOENT; 510 return -ENOENT;
418 } 511 }
419 512
420 old = local->rate_ctrl; 513 WARN_ON(local->rate_ctrl);
421 local->rate_ctrl = ref; 514 local->rate_ctrl = ref;
422 if (old) {
423 rate_control_put(old);
424 sta_info_flush(local, NULL);
425 }
426 515
427 wiphy_debug(local->hw.wiphy, "Selected rate control algorithm '%s'\n", 516 wiphy_debug(local->hw.wiphy, "Selected rate control algorithm '%s'\n",
428 ref->ops->name); 517 ref->ops->name);
@@ -440,6 +529,6 @@ void rate_control_deinitialize(struct ieee80211_local *local)
440 return; 529 return;
441 530
442 local->rate_ctrl = NULL; 531 local->rate_ctrl = NULL;
443 rate_control_put(ref); 532 rate_control_free(ref);
444} 533}
445 534
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 80cfc006dd74..fbb1efdc4d04 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -14,7 +14,6 @@
14#include <linux/netdevice.h> 14#include <linux/netdevice.h>
15#include <linux/skbuff.h> 15#include <linux/skbuff.h>
16#include <linux/types.h> 16#include <linux/types.h>
17#include <linux/kref.h>
18#include <net/mac80211.h> 17#include <net/mac80211.h>
19#include "ieee80211_i.h" 18#include "ieee80211_i.h"
20#include "sta_info.h" 19#include "sta_info.h"
@@ -23,14 +22,11 @@ struct rate_control_ref {
23 struct ieee80211_local *local; 22 struct ieee80211_local *local;
24 struct rate_control_ops *ops; 23 struct rate_control_ops *ops;
25 void *priv; 24 void *priv;
26 struct kref kref;
27}; 25};
28 26
29void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, 27void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
30 struct sta_info *sta, 28 struct sta_info *sta,
31 struct ieee80211_tx_rate_control *txrc); 29 struct ieee80211_tx_rate_control *txrc);
32struct rate_control_ref *rate_control_get(struct rate_control_ref *ref);
33void rate_control_put(struct rate_control_ref *ref);
34 30
35static inline void rate_control_tx_status(struct ieee80211_local *local, 31static inline void rate_control_tx_status(struct ieee80211_local *local,
36 struct ieee80211_supported_band *sband, 32 struct ieee80211_supported_band *sband,
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index ff5f7b84e825..16e0b277b9a8 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -568,6 +568,13 @@ minstrel_get_sample_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
568 minstrel_next_sample_idx(mi); 568 minstrel_next_sample_idx(mi);
569 569
570 /* 570 /*
571 * Sampling might add some overhead (RTS, no aggregation)
572 * to the frame. Hence, don't use sampling for the currently
573 * used max TP rate.
574 */
575 if (sample_idx == mi->max_tp_rate)
576 return -1;
577 /*
571 * When not using MRR, do not sample if the probability is already 578 * When not using MRR, do not sample if the probability is already
572 * higher than 95% to avoid wasting airtime 579 * higher than 95% to avoid wasting airtime
573 */ 580 */
@@ -692,6 +699,7 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
692 int ack_dur; 699 int ack_dur;
693 int stbc; 700 int stbc;
694 int i; 701 int i;
702 unsigned int smps;
695 703
696 /* fall back to the old minstrel for legacy stations */ 704 /* fall back to the old minstrel for legacy stations */
697 if (!sta->ht_cap.ht_supported) 705 if (!sta->ht_cap.ht_supported)
@@ -731,6 +739,9 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
731 oper_chan_type != NL80211_CHAN_HT40PLUS) 739 oper_chan_type != NL80211_CHAN_HT40PLUS)
732 sta_cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40; 740 sta_cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
733 741
742 smps = (sta_cap & IEEE80211_HT_CAP_SM_PS) >>
743 IEEE80211_HT_CAP_SM_PS_SHIFT;
744
734 for (i = 0; i < ARRAY_SIZE(mi->groups); i++) { 745 for (i = 0; i < ARRAY_SIZE(mi->groups); i++) {
735 u16 req = 0; 746 u16 req = 0;
736 747
@@ -748,6 +759,11 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
748 if ((sta_cap & req) != req) 759 if ((sta_cap & req) != req)
749 continue; 760 continue;
750 761
762 /* Mark MCS > 7 as unsupported if STA is in static SMPS mode */
763 if (smps == WLAN_HT_CAP_SM_PS_STATIC &&
764 minstrel_mcs_groups[i].streams > 1)
765 continue;
766
751 mi->groups[i].supported = 767 mi->groups[i].supported =
752 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1]; 768 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1];
753 769
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 5a5e504a8ffb..bcfe8c77c839 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -19,6 +19,7 @@
19#include <linux/export.h> 19#include <linux/export.h>
20#include <net/mac80211.h> 20#include <net/mac80211.h>
21#include <net/ieee80211_radiotap.h> 21#include <net/ieee80211_radiotap.h>
22#include <asm/unaligned.h>
22 23
23#include "ieee80211_i.h" 24#include "ieee80211_i.h"
24#include "driver-ops.h" 25#include "driver-ops.h"
@@ -176,7 +177,8 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
176 pos += 2; 177 pos += 2;
177 178
178 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */ 179 /* IEEE80211_RADIOTAP_DBM_ANTSIGNAL */
179 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) { 180 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM &&
181 !(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
180 *pos = status->signal; 182 *pos = status->signal;
181 rthdr->it_present |= 183 rthdr->it_present |=
182 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL); 184 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTSIGNAL);
@@ -226,7 +228,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
226{ 228{
227 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(origskb); 229 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(origskb);
228 struct ieee80211_sub_if_data *sdata; 230 struct ieee80211_sub_if_data *sdata;
229 int needed_headroom = 0; 231 int needed_headroom;
230 struct sk_buff *skb, *skb2; 232 struct sk_buff *skb, *skb2;
231 struct net_device *prev_dev = NULL; 233 struct net_device *prev_dev = NULL;
232 int present_fcs_len = 0; 234 int present_fcs_len = 0;
@@ -488,12 +490,12 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
488 if (ieee80211_has_tods(hdr->frame_control) || 490 if (ieee80211_has_tods(hdr->frame_control) ||
489 !ieee80211_has_fromds(hdr->frame_control)) 491 !ieee80211_has_fromds(hdr->frame_control))
490 return RX_DROP_MONITOR; 492 return RX_DROP_MONITOR;
491 if (memcmp(hdr->addr3, dev_addr, ETH_ALEN) == 0) 493 if (compare_ether_addr(hdr->addr3, dev_addr) == 0)
492 return RX_DROP_MONITOR; 494 return RX_DROP_MONITOR;
493 } else { 495 } else {
494 if (!ieee80211_has_a4(hdr->frame_control)) 496 if (!ieee80211_has_a4(hdr->frame_control))
495 return RX_DROP_MONITOR; 497 return RX_DROP_MONITOR;
496 if (memcmp(hdr->addr4, dev_addr, ETH_ALEN) == 0) 498 if (compare_ether_addr(hdr->addr4, dev_addr) == 0)
497 return RX_DROP_MONITOR; 499 return RX_DROP_MONITOR;
498 } 500 }
499 } 501 }
@@ -859,7 +861,12 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
859 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC && 861 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
860 rx->sdata->vif.type != NL80211_IFTYPE_WDS && 862 rx->sdata->vif.type != NL80211_IFTYPE_WDS &&
861 (!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_ASSOC)))) { 863 (!rx->sta || !test_sta_flag(rx->sta, WLAN_STA_ASSOC)))) {
862 if (rx->sta && rx->sta->dummy && 864 /*
865 * accept port control frames from the AP even when it's not
866 * yet marked ASSOC to prevent a race where we don't set the
867 * assoc bit quickly enough before it sends the first frame
868 */
869 if (rx->sta && rx->sdata->vif.type == NL80211_IFTYPE_STATION &&
863 ieee80211_is_data_present(hdr->frame_control)) { 870 ieee80211_is_data_present(hdr->frame_control)) {
864 u16 ethertype; 871 u16 ethertype;
865 u8 *payload; 872 u8 *payload;
@@ -1056,20 +1063,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1056 return RX_DROP_MONITOR; 1063 return RX_DROP_MONITOR;
1057 } 1064 }
1058 1065
1059 if (skb_linearize(rx->skb))
1060 return RX_DROP_UNUSABLE;
1061 /* the hdr variable is invalid now! */
1062
1063 switch (rx->key->conf.cipher) { 1066 switch (rx->key->conf.cipher) {
1064 case WLAN_CIPHER_SUITE_WEP40: 1067 case WLAN_CIPHER_SUITE_WEP40:
1065 case WLAN_CIPHER_SUITE_WEP104: 1068 case WLAN_CIPHER_SUITE_WEP104:
1066 /* Check for weak IVs if possible */
1067 if (rx->sta && ieee80211_is_data(fc) &&
1068 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
1069 !(status->flag & RX_FLAG_DECRYPTED)) &&
1070 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
1071 rx->sta->wep_weak_iv_count++;
1072
1073 result = ieee80211_crypto_wep_decrypt(rx); 1069 result = ieee80211_crypto_wep_decrypt(rx);
1074 break; 1070 break;
1075 case WLAN_CIPHER_SUITE_TKIP: 1071 case WLAN_CIPHER_SUITE_TKIP:
@@ -1089,6 +1085,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
1089 return RX_DROP_UNUSABLE; 1085 return RX_DROP_UNUSABLE;
1090 } 1086 }
1091 1087
1088 /* the hdr variable is invalid after the decrypt handlers */
1089
1092 /* either the frame has been decrypted or will be dropped */ 1090 /* either the frame has been decrypted or will be dropped */
1093 status->flag |= RX_FLAG_DECRYPTED; 1091 status->flag |= RX_FLAG_DECRYPTED;
1094 1092
@@ -1145,19 +1143,15 @@ static void ap_sta_ps_start(struct sta_info *sta)
1145 1143
1146static void ap_sta_ps_end(struct sta_info *sta) 1144static void ap_sta_ps_end(struct sta_info *sta)
1147{ 1145{
1148 struct ieee80211_sub_if_data *sdata = sta->sdata;
1149
1150 atomic_dec(&sdata->bss->num_sta_ps);
1151
1152#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1146#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1153 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", 1147 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
1154 sdata->name, sta->sta.addr, sta->sta.aid); 1148 sta->sdata->name, sta->sta.addr, sta->sta.aid);
1155#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1149#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1156 1150
1157 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) { 1151 if (test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
1158#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1152#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1159 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n", 1153 printk(KERN_DEBUG "%s: STA %pM aid %d driver-ps-blocked\n",
1160 sdata->name, sta->sta.addr, sta->sta.aid); 1154 sta->sdata->name, sta->sta.addr, sta->sta.aid);
1161#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 1155#endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1162 return; 1156 return;
1163 } 1157 }
@@ -1307,8 +1301,10 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1307 1301
1308 sta->rx_fragments++; 1302 sta->rx_fragments++;
1309 sta->rx_bytes += rx->skb->len; 1303 sta->rx_bytes += rx->skb->len;
1310 sta->last_signal = status->signal; 1304 if (!(status->flag & RX_FLAG_NO_SIGNAL_VAL)) {
1311 ewma_add(&sta->avg_signal, -status->signal); 1305 sta->last_signal = status->signal;
1306 ewma_add(&sta->avg_signal, -status->signal);
1307 }
1312 1308
1313 /* 1309 /*
1314 * Change STA power saving mode only at the end of a frame 1310 * Change STA power saving mode only at the end of a frame
@@ -1955,6 +1951,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1955 return RX_DROP_MONITOR; 1951 return RX_DROP_MONITOR;
1956 } 1952 }
1957 1953
1954 if (!ifmsh->mshcfg.dot11MeshForwarding)
1955 goto out;
1956
1958 fwd_skb = skb_copy(skb, GFP_ATOMIC); 1957 fwd_skb = skb_copy(skb, GFP_ATOMIC);
1959 if (!fwd_skb) { 1958 if (!fwd_skb) {
1960 if (net_ratelimit()) 1959 if (net_ratelimit())
@@ -2180,12 +2179,14 @@ ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
2180 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && 2179 if (rx->sdata->vif.type == NL80211_IFTYPE_AP &&
2181 ieee80211_is_beacon(mgmt->frame_control) && 2180 ieee80211_is_beacon(mgmt->frame_control) &&
2182 !(rx->flags & IEEE80211_RX_BEACON_REPORTED)) { 2181 !(rx->flags & IEEE80211_RX_BEACON_REPORTED)) {
2183 struct ieee80211_rx_status *status; 2182 int sig = 0;
2183
2184 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
2185 sig = status->signal;
2184 2186
2185 status = IEEE80211_SKB_RXCB(rx->skb);
2186 cfg80211_report_obss_beacon(rx->local->hw.wiphy, 2187 cfg80211_report_obss_beacon(rx->local->hw.wiphy,
2187 rx->skb->data, rx->skb->len, 2188 rx->skb->data, rx->skb->len,
2188 status->freq, GFP_ATOMIC); 2189 status->freq, sig, GFP_ATOMIC);
2189 rx->flags |= IEEE80211_RX_BEACON_REPORTED; 2190 rx->flags |= IEEE80211_RX_BEACON_REPORTED;
2190 } 2191 }
2191 2192
@@ -2268,9 +2269,11 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2268 2269
2269 sband = rx->local->hw.wiphy->bands[status->band]; 2270 sband = rx->local->hw.wiphy->bands[status->band];
2270 2271
2271 rate_control_rate_update(local, sband, rx->sta, 2272 rate_control_rate_update(
2272 IEEE80211_RC_SMPS_CHANGED, 2273 local, sband, rx->sta,
2273 local->_oper_channel_type); 2274 IEEE80211_RC_SMPS_CHANGED,
2275 ieee80211_get_tx_channel_type(
2276 local, local->_oper_channel_type));
2274 goto handled; 2277 goto handled;
2275 } 2278 }
2276 default: 2279 default:
@@ -2337,7 +2340,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2337 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2340 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2338 break; 2341 break;
2339 2342
2340 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN)) 2343 if (compare_ether_addr(mgmt->bssid, sdata->u.mgd.bssid))
2341 break; 2344 break;
2342 2345
2343 goto queue; 2346 goto queue;
@@ -2409,6 +2412,7 @@ static ieee80211_rx_result debug_noinline
2409ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx) 2412ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2410{ 2413{
2411 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); 2414 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2415 int sig = 0;
2412 2416
2413 /* skip known-bad action frames and return them in the next handler */ 2417 /* skip known-bad action frames and return them in the next handler */
2414 if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) 2418 if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM)
@@ -2421,7 +2425,10 @@ ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2421 * it transmitted were processed or returned. 2425 * it transmitted were processed or returned.
2422 */ 2426 */
2423 2427
2424 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq, 2428 if (rx->local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
2429 sig = status->signal;
2430
2431 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq, sig,
2425 rx->skb->data, rx->skb->len, 2432 rx->skb->data, rx->skb->len,
2426 GFP_ATOMIC)) { 2433 GFP_ATOMIC)) {
2427 if (rx->sta) 2434 if (rx->sta)
@@ -2486,14 +2493,9 @@ static ieee80211_rx_result debug_noinline
2486ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx) 2493ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2487{ 2494{
2488 struct ieee80211_sub_if_data *sdata = rx->sdata; 2495 struct ieee80211_sub_if_data *sdata = rx->sdata;
2489 ieee80211_rx_result rxs;
2490 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data; 2496 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data;
2491 __le16 stype; 2497 __le16 stype;
2492 2498
2493 rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb);
2494 if (rxs != RX_CONTINUE)
2495 return rxs;
2496
2497 stype = mgmt->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE); 2499 stype = mgmt->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE);
2498 2500
2499 if (!ieee80211_vif_is_mesh(&sdata->vif) && 2501 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
@@ -2502,10 +2504,13 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2502 return RX_DROP_MONITOR; 2504 return RX_DROP_MONITOR;
2503 2505
2504 switch (stype) { 2506 switch (stype) {
2507 case cpu_to_le16(IEEE80211_STYPE_AUTH):
2505 case cpu_to_le16(IEEE80211_STYPE_BEACON): 2508 case cpu_to_le16(IEEE80211_STYPE_BEACON):
2506 case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP): 2509 case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
2507 /* process for all: mesh, mlme, ibss */ 2510 /* process for all: mesh, mlme, ibss */
2508 break; 2511 break;
2512 case cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP):
2513 case cpu_to_le16(IEEE80211_STYPE_REASSOC_RESP):
2509 case cpu_to_le16(IEEE80211_STYPE_DEAUTH): 2514 case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
2510 case cpu_to_le16(IEEE80211_STYPE_DISASSOC): 2515 case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
2511 if (is_multicast_ether_addr(mgmt->da) && 2516 if (is_multicast_ether_addr(mgmt->da) &&
@@ -2517,7 +2522,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2517 return RX_DROP_MONITOR; 2522 return RX_DROP_MONITOR;
2518 break; 2523 break;
2519 case cpu_to_le16(IEEE80211_STYPE_PROBE_REQ): 2524 case cpu_to_le16(IEEE80211_STYPE_PROBE_REQ):
2520 case cpu_to_le16(IEEE80211_STYPE_AUTH):
2521 /* process only for ibss */ 2525 /* process only for ibss */
2522 if (sdata->vif.type != NL80211_IFTYPE_ADHOC) 2526 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
2523 return RX_DROP_MONITOR; 2527 return RX_DROP_MONITOR;
@@ -2542,16 +2546,10 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2542{ 2546{
2543 struct ieee80211_sub_if_data *sdata; 2547 struct ieee80211_sub_if_data *sdata;
2544 struct ieee80211_local *local = rx->local; 2548 struct ieee80211_local *local = rx->local;
2545 struct ieee80211_rtap_hdr {
2546 struct ieee80211_radiotap_header hdr;
2547 u8 flags;
2548 u8 rate_or_pad;
2549 __le16 chan_freq;
2550 __le16 chan_flags;
2551 } __packed *rthdr;
2552 struct sk_buff *skb = rx->skb, *skb2; 2549 struct sk_buff *skb = rx->skb, *skb2;
2553 struct net_device *prev_dev = NULL; 2550 struct net_device *prev_dev = NULL;
2554 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2551 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2552 int needed_headroom;
2555 2553
2556 /* 2554 /*
2557 * If cooked monitor has been processed already, then 2555 * If cooked monitor has been processed already, then
@@ -2565,30 +2563,15 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2565 if (!local->cooked_mntrs) 2563 if (!local->cooked_mntrs)
2566 goto out_free_skb; 2564 goto out_free_skb;
2567 2565
2568 if (skb_headroom(skb) < sizeof(*rthdr) && 2566 /* room for the radiotap header based on driver features */
2569 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) 2567 needed_headroom = ieee80211_rx_radiotap_len(local, status);
2570 goto out_free_skb;
2571
2572 rthdr = (void *)skb_push(skb, sizeof(*rthdr));
2573 memset(rthdr, 0, sizeof(*rthdr));
2574 rthdr->hdr.it_len = cpu_to_le16(sizeof(*rthdr));
2575 rthdr->hdr.it_present =
2576 cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
2577 (1 << IEEE80211_RADIOTAP_CHANNEL));
2578 2568
2579 if (rate) { 2569 if (skb_headroom(skb) < needed_headroom &&
2580 rthdr->rate_or_pad = rate->bitrate / 5; 2570 pskb_expand_head(skb, needed_headroom, 0, GFP_ATOMIC))
2581 rthdr->hdr.it_present |= 2571 goto out_free_skb;
2582 cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE);
2583 }
2584 rthdr->chan_freq = cpu_to_le16(status->freq);
2585 2572
2586 if (status->band == IEEE80211_BAND_5GHZ) 2573 /* prepend radiotap information */
2587 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_OFDM | 2574 ieee80211_add_rx_radiotap_header(local, skb, rate, needed_headroom);
2588 IEEE80211_CHAN_5GHZ);
2589 else
2590 rthdr->chan_flags = cpu_to_le16(IEEE80211_CHAN_DYN |
2591 IEEE80211_CHAN_2GHZ);
2592 2575
2593 skb_set_mac_header(skb, 0); 2576 skb_set_mac_header(skb, 0);
2594 skb->ip_summed = CHECKSUM_UNNECESSARY; 2577 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -2956,7 +2939,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2956 if (ieee80211_is_data(fc)) { 2939 if (ieee80211_is_data(fc)) {
2957 prev_sta = NULL; 2940 prev_sta = NULL;
2958 2941
2959 for_each_sta_info_rx(local, hdr->addr2, sta, tmp) { 2942 for_each_sta_info(local, hdr->addr2, sta, tmp) {
2960 if (!prev_sta) { 2943 if (!prev_sta) {
2961 prev_sta = sta; 2944 prev_sta = sta;
2962 continue; 2945 continue;
@@ -3000,7 +2983,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
3000 continue; 2983 continue;
3001 } 2984 }
3002 2985
3003 rx.sta = sta_info_get_bss_rx(prev, hdr->addr2); 2986 rx.sta = sta_info_get_bss(prev, hdr->addr2);
3004 rx.sdata = prev; 2987 rx.sdata = prev;
3005 ieee80211_prepare_and_rx_handle(&rx, skb, false); 2988 ieee80211_prepare_and_rx_handle(&rx, skb, false);
3006 2989
@@ -3008,7 +2991,7 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
3008 } 2991 }
3009 2992
3010 if (prev) { 2993 if (prev) {
3011 rx.sta = sta_info_get_bss_rx(prev, hdr->addr2); 2994 rx.sta = sta_info_get_bss(prev, hdr->addr2);
3012 rx.sdata = prev; 2995 rx.sdata = prev;
3013 2996
3014 if (ieee80211_prepare_and_rx_handle(&rx, skb, true)) 2997 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 9270771702fe..33cd16901378 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -13,6 +13,7 @@
13 */ 13 */
14 14
15#include <linux/if_arp.h> 15#include <linux/if_arp.h>
16#include <linux/etherdevice.h>
16#include <linux/rtnetlink.h> 17#include <linux/rtnetlink.h>
17#include <linux/pm_qos.h> 18#include <linux/pm_qos.h>
18#include <net/sch_generic.h> 19#include <net/sch_generic.h>
@@ -103,16 +104,35 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
103 cbss->free_priv = ieee80211_rx_bss_free; 104 cbss->free_priv = ieee80211_rx_bss_free;
104 bss = (void *)cbss->priv; 105 bss = (void *)cbss->priv;
105 106
107 if (elems->parse_error) {
108 if (beacon)
109 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_BEACON;
110 else
111 bss->corrupt_data |= IEEE80211_BSS_CORRUPT_PROBE_RESP;
112 } else {
113 if (beacon)
114 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_BEACON;
115 else
116 bss->corrupt_data &= ~IEEE80211_BSS_CORRUPT_PROBE_RESP;
117 }
118
106 /* save the ERP value so that it is available at association time */ 119 /* save the ERP value so that it is available at association time */
107 if (elems->erp_info && elems->erp_info_len >= 1) { 120 if (elems->erp_info && elems->erp_info_len >= 1 &&
121 (!elems->parse_error ||
122 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
108 bss->erp_value = elems->erp_info[0]; 123 bss->erp_value = elems->erp_info[0];
109 bss->has_erp_value = true; 124 bss->has_erp_value = true;
125 if (!elems->parse_error)
126 bss->valid_data |= IEEE80211_BSS_VALID_ERP;
110 } 127 }
111 128
112 if (elems->tim) { 129 if (elems->tim && (!elems->parse_error ||
130 !(bss->valid_data & IEEE80211_BSS_VALID_DTIM))) {
113 struct ieee80211_tim_ie *tim_ie = 131 struct ieee80211_tim_ie *tim_ie =
114 (struct ieee80211_tim_ie *)elems->tim; 132 (struct ieee80211_tim_ie *)elems->tim;
115 bss->dtim_period = tim_ie->dtim_period; 133 bss->dtim_period = tim_ie->dtim_period;
134 if (!elems->parse_error)
135 bss->valid_data |= IEEE80211_BSS_VALID_DTIM;
116 } 136 }
117 137
118 /* If the beacon had no TIM IE, or it was invalid, use 1 */ 138 /* If the beacon had no TIM IE, or it was invalid, use 1 */
@@ -120,26 +140,38 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
120 bss->dtim_period = 1; 140 bss->dtim_period = 1;
121 141
122 /* replace old supported rates if we get new values */ 142 /* replace old supported rates if we get new values */
123 srlen = 0; 143 if (!elems->parse_error ||
124 if (elems->supp_rates) { 144 !(bss->valid_data & IEEE80211_BSS_VALID_RATES)) {
125 clen = IEEE80211_MAX_SUPP_RATES; 145 srlen = 0;
126 if (clen > elems->supp_rates_len) 146 if (elems->supp_rates) {
127 clen = elems->supp_rates_len; 147 clen = IEEE80211_MAX_SUPP_RATES;
128 memcpy(bss->supp_rates, elems->supp_rates, clen); 148 if (clen > elems->supp_rates_len)
129 srlen += clen; 149 clen = elems->supp_rates_len;
130 } 150 memcpy(bss->supp_rates, elems->supp_rates, clen);
131 if (elems->ext_supp_rates) { 151 srlen += clen;
132 clen = IEEE80211_MAX_SUPP_RATES - srlen; 152 }
133 if (clen > elems->ext_supp_rates_len) 153 if (elems->ext_supp_rates) {
134 clen = elems->ext_supp_rates_len; 154 clen = IEEE80211_MAX_SUPP_RATES - srlen;
135 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, clen); 155 if (clen > elems->ext_supp_rates_len)
136 srlen += clen; 156 clen = elems->ext_supp_rates_len;
157 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates,
158 clen);
159 srlen += clen;
160 }
161 if (srlen) {
162 bss->supp_rates_len = srlen;
163 if (!elems->parse_error)
164 bss->valid_data |= IEEE80211_BSS_VALID_RATES;
165 }
137 } 166 }
138 if (srlen)
139 bss->supp_rates_len = srlen;
140 167
141 bss->wmm_used = elems->wmm_param || elems->wmm_info; 168 if (!elems->parse_error ||
142 bss->uapsd_supported = is_uapsd_supported(elems); 169 !(bss->valid_data & IEEE80211_BSS_VALID_WMM)) {
170 bss->wmm_used = elems->wmm_param || elems->wmm_info;
171 bss->uapsd_supported = is_uapsd_supported(elems);
172 if (!elems->parse_error)
173 bss->valid_data |= IEEE80211_BSS_VALID_WMM;
174 }
143 175
144 if (!beacon) 176 if (!beacon)
145 bss->last_probe_resp = jiffies; 177 bss->last_probe_resp = jiffies;
@@ -176,7 +208,7 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
176 presp = ieee80211_is_probe_resp(fc); 208 presp = ieee80211_is_probe_resp(fc);
177 if (presp) { 209 if (presp) {
178 /* ignore ProbeResp to foreign address */ 210 /* ignore ProbeResp to foreign address */
179 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN)) 211 if (compare_ether_addr(mgmt->da, sdata->vif.addr))
180 return RX_DROP_MONITOR; 212 return RX_DROP_MONITOR;
181 213
182 presp = true; 214 presp = true;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index ff11f6bf8266..38137cb5f6f0 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -9,6 +9,7 @@
9 9
10#include <linux/module.h> 10#include <linux/module.h>
11#include <linux/init.h> 11#include <linux/init.h>
12#include <linux/etherdevice.h>
12#include <linux/netdevice.h> 13#include <linux/netdevice.h>
13#include <linux/types.h> 14#include <linux/types.h>
14#include <linux/slab.h> 15#include <linux/slab.h>
@@ -100,27 +101,8 @@ struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
100 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)], 101 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
101 lockdep_is_held(&local->sta_mtx)); 102 lockdep_is_held(&local->sta_mtx));
102 while (sta) { 103 while (sta) {
103 if (sta->sdata == sdata && !sta->dummy &&
104 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
105 break;
106 sta = rcu_dereference_check(sta->hnext,
107 lockdep_is_held(&local->sta_mtx));
108 }
109 return sta;
110}
111
112/* get a station info entry even if it is a dummy station*/
113struct sta_info *sta_info_get_rx(struct ieee80211_sub_if_data *sdata,
114 const u8 *addr)
115{
116 struct ieee80211_local *local = sdata->local;
117 struct sta_info *sta;
118
119 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
120 lockdep_is_held(&local->sta_mtx));
121 while (sta) {
122 if (sta->sdata == sdata && 104 if (sta->sdata == sdata &&
123 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 105 compare_ether_addr(sta->sta.addr, addr) == 0)
124 break; 106 break;
125 sta = rcu_dereference_check(sta->hnext, 107 sta = rcu_dereference_check(sta->hnext,
126 lockdep_is_held(&local->sta_mtx)); 108 lockdep_is_held(&local->sta_mtx));
@@ -143,31 +125,7 @@ struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
143 while (sta) { 125 while (sta) {
144 if ((sta->sdata == sdata || 126 if ((sta->sdata == sdata ||
145 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) && 127 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
146 !sta->dummy && 128 compare_ether_addr(sta->sta.addr, addr) == 0)
147 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
148 break;
149 sta = rcu_dereference_check(sta->hnext,
150 lockdep_is_held(&local->sta_mtx));
151 }
152 return sta;
153}
154
155/*
156 * Get sta info either from the specified interface
157 * or from one of its vlans (including dummy stations)
158 */
159struct sta_info *sta_info_get_bss_rx(struct ieee80211_sub_if_data *sdata,
160 const u8 *addr)
161{
162 struct ieee80211_local *local = sdata->local;
163 struct sta_info *sta;
164
165 sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
166 lockdep_is_held(&local->sta_mtx));
167 while (sta) {
168 if ((sta->sdata == sdata ||
169 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
170 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
171 break; 129 break;
172 sta = rcu_dereference_check(sta->hnext, 130 sta = rcu_dereference_check(sta->hnext,
173 lockdep_is_held(&local->sta_mtx)); 131 lockdep_is_held(&local->sta_mtx));
@@ -208,10 +166,8 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
208 */ 166 */
209void sta_info_free(struct ieee80211_local *local, struct sta_info *sta) 167void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
210{ 168{
211 if (sta->rate_ctrl) { 169 if (sta->rate_ctrl)
212 rate_control_free_sta(sta); 170 rate_control_free_sta(sta);
213 rate_control_put(sta->rate_ctrl);
214 }
215 171
216#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 172#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
217 wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr); 173 wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
@@ -264,13 +220,11 @@ static int sta_prepare_rate_control(struct ieee80211_local *local,
264 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) 220 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
265 return 0; 221 return 0;
266 222
267 sta->rate_ctrl = rate_control_get(local->rate_ctrl); 223 sta->rate_ctrl = local->rate_ctrl;
268 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, 224 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
269 &sta->sta, gfp); 225 &sta->sta, gfp);
270 if (!sta->rate_ctrl_priv) { 226 if (!sta->rate_ctrl_priv)
271 rate_control_put(sta->rate_ctrl);
272 return -ENOMEM; 227 return -ENOMEM;
273 }
274 228
275 return 0; 229 return 0;
276} 230}
@@ -297,6 +251,8 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
297 sta->sdata = sdata; 251 sta->sdata = sdata;
298 sta->last_rx = jiffies; 252 sta->last_rx = jiffies;
299 253
254 sta->sta_state = IEEE80211_STA_NONE;
255
300 do_posix_clock_monotonic_gettime(&uptime); 256 do_posix_clock_monotonic_gettime(&uptime);
301 sta->last_connected = uptime.tv_sec; 257 sta->last_connected = uptime.tv_sec;
302 ewma_init(&sta->avg_signal, 1024, 8); 258 ewma_init(&sta->avg_signal, 1024, 8);
@@ -353,6 +309,43 @@ static int sta_info_insert_check(struct sta_info *sta)
353 return 0; 309 return 0;
354} 310}
355 311
312static int sta_info_insert_drv_state(struct ieee80211_local *local,
313 struct ieee80211_sub_if_data *sdata,
314 struct sta_info *sta)
315{
316 enum ieee80211_sta_state state;
317 int err = 0;
318
319 for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
320 err = drv_sta_state(local, sdata, sta, state, state + 1);
321 if (err)
322 break;
323 }
324
325 if (!err) {
326 /*
327 * Drivers using legacy sta_add/sta_remove callbacks only
328 * get uploaded set to true after sta_add is called.
329 */
330 if (!local->ops->sta_add)
331 sta->uploaded = true;
332 return 0;
333 }
334
335 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
336 printk(KERN_DEBUG
337 "%s: failed to move IBSS STA %pM to state %d (%d) - keeping it anyway.\n",
338 sdata->name, sta->sta.addr, state + 1, err);
339 err = 0;
340 }
341
342 /* unwind on error */
343 for (; state > IEEE80211_STA_NOTEXIST; state--)
344 WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));
345
346 return err;
347}
348
356/* 349/*
357 * should be called with sta_mtx locked 350 * should be called with sta_mtx locked
358 * this function replaces the mutex lock 351 * this function replaces the mutex lock
@@ -362,70 +355,43 @@ static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
362{ 355{
363 struct ieee80211_local *local = sta->local; 356 struct ieee80211_local *local = sta->local;
364 struct ieee80211_sub_if_data *sdata = sta->sdata; 357 struct ieee80211_sub_if_data *sdata = sta->sdata;
365 struct sta_info *exist_sta; 358 struct station_info sinfo;
366 bool dummy_reinsert = false;
367 int err = 0; 359 int err = 0;
368 360
369 lockdep_assert_held(&local->sta_mtx); 361 lockdep_assert_held(&local->sta_mtx);
370 362
371 /* 363 /* check if STA exists already */
372 * check if STA exists already. 364 if (sta_info_get_bss(sdata, sta->sta.addr)) {
373 * only accept a scenario of a second call to sta_info_insert_finish 365 err = -EEXIST;
374 * with a dummy station entry that was inserted earlier 366 goto out_err;
375 * in that case - assume that the dummy station flag should
376 * be removed.
377 */
378 exist_sta = sta_info_get_bss_rx(sdata, sta->sta.addr);
379 if (exist_sta) {
380 if (exist_sta == sta && sta->dummy) {
381 dummy_reinsert = true;
382 } else {
383 err = -EEXIST;
384 goto out_err;
385 }
386 } 367 }
387 368
388 if (!sta->dummy || dummy_reinsert) { 369 /* notify driver */
389 /* notify driver */ 370 err = sta_info_insert_drv_state(local, sdata, sta);
390 err = drv_sta_add(local, sdata, &sta->sta); 371 if (err)
391 if (err) { 372 goto out_err;
392 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
393 goto out_err;
394 printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to "
395 "driver (%d) - keeping it anyway.\n",
396 sdata->name, sta->sta.addr, err);
397 } else
398 sta->uploaded = true;
399 }
400 373
401 if (!dummy_reinsert) { 374 local->num_sta++;
402 local->num_sta++; 375 local->sta_generation++;
403 local->sta_generation++; 376 smp_mb();
404 smp_mb();
405 377
406 /* make the station visible */ 378 /* make the station visible */
407 sta_info_hash_add(local, sta); 379 sta_info_hash_add(local, sta);
408 380
409 list_add(&sta->list, &local->sta_list); 381 list_add(&sta->list, &local->sta_list);
410 } else {
411 sta->dummy = false;
412 }
413 382
414 if (!sta->dummy) { 383 set_sta_flag(sta, WLAN_STA_INSERTED);
415 struct station_info sinfo;
416 384
417 ieee80211_sta_debugfs_add(sta); 385 ieee80211_sta_debugfs_add(sta);
418 rate_control_add_sta_debugfs(sta); 386 rate_control_add_sta_debugfs(sta);
419 387
420 memset(&sinfo, 0, sizeof(sinfo)); 388 memset(&sinfo, 0, sizeof(sinfo));
421 sinfo.filled = 0; 389 sinfo.filled = 0;
422 sinfo.generation = local->sta_generation; 390 sinfo.generation = local->sta_generation;
423 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL); 391 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
424 }
425 392
426#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 393#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
427 wiphy_debug(local->hw.wiphy, "Inserted %sSTA %pM\n", 394 wiphy_debug(local->hw.wiphy, "Inserted STA %pM\n", sta->sta.addr);
428 sta->dummy ? "dummy " : "", sta->sta.addr);
429#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 395#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
430 396
431 /* move reference to rcu-protected */ 397 /* move reference to rcu-protected */
@@ -477,25 +443,6 @@ int sta_info_insert(struct sta_info *sta)
477 return err; 443 return err;
478} 444}
479 445
480/* Caller must hold sta->local->sta_mtx */
481int sta_info_reinsert(struct sta_info *sta)
482{
483 struct ieee80211_local *local = sta->local;
484 int err = 0;
485
486 err = sta_info_insert_check(sta);
487 if (err) {
488 mutex_unlock(&local->sta_mtx);
489 return err;
490 }
491
492 might_sleep();
493
494 err = sta_info_insert_finish(sta);
495 rcu_read_unlock();
496 return err;
497}
498
499static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 446static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
500{ 447{
501 /* 448 /*
@@ -711,7 +658,7 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
711 return have_buffered; 658 return have_buffered;
712} 659}
713 660
714static int __must_check __sta_info_destroy(struct sta_info *sta) 661int __must_check __sta_info_destroy(struct sta_info *sta)
715{ 662{
716 struct ieee80211_local *local; 663 struct ieee80211_local *local;
717 struct ieee80211_sub_if_data *sdata; 664 struct ieee80211_sub_if_data *sdata;
@@ -726,6 +673,8 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
726 local = sta->local; 673 local = sta->local;
727 sdata = sta->sdata; 674 sdata = sta->sdata;
728 675
676 lockdep_assert_held(&local->sta_mtx);
677
729 /* 678 /*
730 * Before removing the station from the driver and 679 * Before removing the station from the driver and
731 * rate control, it might still start new aggregation 680 * rate control, it might still start new aggregation
@@ -750,33 +699,24 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
750 699
751 sta->dead = true; 700 sta->dead = true;
752 701
753 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
754 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) {
755 BUG_ON(!sdata->bss);
756
757 clear_sta_flag(sta, WLAN_STA_PS_STA);
758 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
759
760 atomic_dec(&sdata->bss->num_sta_ps);
761 sta_info_recalc_tim(sta);
762 }
763
764 local->num_sta--; 702 local->num_sta--;
765 local->sta_generation++; 703 local->sta_generation++;
766 704
767 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 705 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
768 RCU_INIT_POINTER(sdata->u.vlan.sta, NULL); 706 RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
769 707
770 while (sta->sta_state > IEEE80211_STA_NONE) 708 while (sta->sta_state > IEEE80211_STA_NONE) {
771 sta_info_move_state(sta, sta->sta_state - 1); 709 ret = sta_info_move_state(sta, sta->sta_state - 1);
710 if (ret) {
711 WARN_ON_ONCE(1);
712 break;
713 }
714 }
772 715
773 if (sta->uploaded) { 716 if (sta->uploaded) {
774 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 717 ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
775 sdata = container_of(sdata->bss, 718 IEEE80211_STA_NOTEXIST);
776 struct ieee80211_sub_if_data, 719 WARN_ON_ONCE(ret != 0);
777 u.ap);
778 drv_sta_remove(local, sdata, &sta->sta);
779 sdata = sta->sdata;
780 } 720 }
781 721
782 /* 722 /*
@@ -787,6 +727,15 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
787 */ 727 */
788 synchronize_rcu(); 728 synchronize_rcu();
789 729
730 if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
731 BUG_ON(!sdata->bss);
732
733 clear_sta_flag(sta, WLAN_STA_PS_STA);
734
735 atomic_dec(&sdata->bss->num_sta_ps);
736 sta_info_recalc_tim(sta);
737 }
738
790 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) { 739 for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
791 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]); 740 local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
792 __skb_queue_purge(&sta->ps_tx_buf[ac]); 741 __skb_queue_purge(&sta->ps_tx_buf[ac]);
@@ -815,35 +764,20 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
815 } 764 }
816#endif 765#endif
817 766
818 /* There could be some memory leaks because of ampdu tx pending queue 767 /*
819 * not being freed before destroying the station info. 768 * Destroy aggregation state here. It would be nice to wait for the
820 * 769 * driver to finish aggregation stop and then clean up, but for now
821 * Make sure that such queues are purged before freeing the station 770 * drivers have to handle aggregation stop being requested, followed
822 * info. 771 * directly by station destruction.
823 * TODO: We have to somehow postpone the full destruction
824 * until the aggregation stop completes. Refer
825 * http://thread.gmane.org/gmane.linux.kernel.wireless.general/81936
826 */ 772 */
827
828 mutex_lock(&sta->ampdu_mlme.mtx);
829
830 for (i = 0; i < STA_TID_NUM; i++) { 773 for (i = 0; i < STA_TID_NUM; i++) {
831 tid_tx = rcu_dereference_protected_tid_tx(sta, i); 774 tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
832 if (!tid_tx) 775 if (!tid_tx)
833 continue; 776 continue;
834 if (skb_queue_len(&tid_tx->pending)) { 777 __skb_queue_purge(&tid_tx->pending);
835#ifdef CONFIG_MAC80211_HT_DEBUG 778 kfree(tid_tx);
836 wiphy_debug(local->hw.wiphy, "TX A-MPDU purging %d "
837 "packets for tid=%d\n",
838 skb_queue_len(&tid_tx->pending), i);
839#endif /* CONFIG_MAC80211_HT_DEBUG */
840 __skb_queue_purge(&tid_tx->pending);
841 }
842 kfree_rcu(tid_tx, rcu_head);
843 } 779 }
844 780
845 mutex_unlock(&sta->ampdu_mlme.mtx);
846
847 sta_info_free(local, sta); 781 sta_info_free(local, sta);
848 782
849 return 0; 783 return 0;
@@ -855,7 +789,7 @@ int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
855 int ret; 789 int ret;
856 790
857 mutex_lock(&sdata->local->sta_mtx); 791 mutex_lock(&sdata->local->sta_mtx);
858 sta = sta_info_get_rx(sdata, addr); 792 sta = sta_info_get(sdata, addr);
859 ret = __sta_info_destroy(sta); 793 ret = __sta_info_destroy(sta);
860 mutex_unlock(&sdata->local->sta_mtx); 794 mutex_unlock(&sdata->local->sta_mtx);
861 795
@@ -869,7 +803,7 @@ int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
869 int ret; 803 int ret;
870 804
871 mutex_lock(&sdata->local->sta_mtx); 805 mutex_lock(&sdata->local->sta_mtx);
872 sta = sta_info_get_bss_rx(sdata, addr); 806 sta = sta_info_get_bss(sdata, addr);
873 ret = __sta_info_destroy(sta); 807 ret = __sta_info_destroy(sta);
874 mutex_unlock(&sdata->local->sta_mtx); 808 mutex_unlock(&sdata->local->sta_mtx);
875 809
@@ -932,8 +866,10 @@ int sta_info_flush(struct ieee80211_local *local,
932 866
933 mutex_lock(&local->sta_mtx); 867 mutex_lock(&local->sta_mtx);
934 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 868 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
935 if (!sdata || sdata == sta->sdata) 869 if (!sdata || sdata == sta->sdata) {
936 WARN_ON(__sta_info_destroy(sta)); 870 WARN_ON(__sta_info_destroy(sta));
871 ret++;
872 }
937 } 873 }
938 mutex_unlock(&local->sta_mtx); 874 mutex_unlock(&local->sta_mtx);
939 875
@@ -1009,9 +945,11 @@ EXPORT_SYMBOL(ieee80211_find_sta);
1009static void clear_sta_ps_flags(void *_sta) 945static void clear_sta_ps_flags(void *_sta)
1010{ 946{
1011 struct sta_info *sta = _sta; 947 struct sta_info *sta = _sta;
948 struct ieee80211_sub_if_data *sdata = sta->sdata;
1012 949
1013 clear_sta_flag(sta, WLAN_STA_PS_DRIVER); 950 clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1014 clear_sta_flag(sta, WLAN_STA_PS_STA); 951 if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
952 atomic_dec(&sdata->bss->num_sta_ps);
1015} 953}
1016 954
1017/* powersave support code */ 955/* powersave support code */
@@ -1113,7 +1051,7 @@ static void ieee80211_send_null_response(struct ieee80211_sub_if_data *sdata,
1113 * exchange. Also set EOSP to indicate this packet 1051 * exchange. Also set EOSP to indicate this packet
1114 * ends the poll/service period. 1052 * ends the poll/service period.
1115 */ 1053 */
1116 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE | 1054 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
1117 IEEE80211_TX_STATUS_EOSP | 1055 IEEE80211_TX_STATUS_EOSP |
1118 IEEE80211_TX_CTL_REQ_TX_STATUS; 1056 IEEE80211_TX_CTL_REQ_TX_STATUS;
1119 1057
@@ -1240,7 +1178,7 @@ ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1240 * STA may still remain is PS mode after this frame 1178 * STA may still remain is PS mode after this frame
1241 * exchange. 1179 * exchange.
1242 */ 1180 */
1243 info->flags |= IEEE80211_TX_CTL_POLL_RESPONSE; 1181 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
1244 1182
1245 /* 1183 /*
1246 * Use MoreData flag to indicate whether there are 1184 * Use MoreData flag to indicate whether there are
@@ -1410,28 +1348,68 @@ void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
1410} 1348}
1411EXPORT_SYMBOL(ieee80211_sta_set_buffered); 1349EXPORT_SYMBOL(ieee80211_sta_set_buffered);
1412 1350
1413int sta_info_move_state_checked(struct sta_info *sta, 1351int sta_info_move_state(struct sta_info *sta,
1414 enum ieee80211_sta_state new_state) 1352 enum ieee80211_sta_state new_state)
1415{ 1353{
1416 might_sleep(); 1354 might_sleep();
1417 1355
1418 if (sta->sta_state == new_state) 1356 if (sta->sta_state == new_state)
1419 return 0; 1357 return 0;
1420 1358
1359 /* check allowed transitions first */
1360
1361 switch (new_state) {
1362 case IEEE80211_STA_NONE:
1363 if (sta->sta_state != IEEE80211_STA_AUTH)
1364 return -EINVAL;
1365 break;
1366 case IEEE80211_STA_AUTH:
1367 if (sta->sta_state != IEEE80211_STA_NONE &&
1368 sta->sta_state != IEEE80211_STA_ASSOC)
1369 return -EINVAL;
1370 break;
1371 case IEEE80211_STA_ASSOC:
1372 if (sta->sta_state != IEEE80211_STA_AUTH &&
1373 sta->sta_state != IEEE80211_STA_AUTHORIZED)
1374 return -EINVAL;
1375 break;
1376 case IEEE80211_STA_AUTHORIZED:
1377 if (sta->sta_state != IEEE80211_STA_ASSOC)
1378 return -EINVAL;
1379 break;
1380 default:
1381 WARN(1, "invalid state %d", new_state);
1382 return -EINVAL;
1383 }
1384
1385#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1386 printk(KERN_DEBUG "%s: moving STA %pM to state %d\n",
1387 sta->sdata->name, sta->sta.addr, new_state);
1388#endif
1389
1390 /*
1391 * notify the driver before the actual changes so it can
1392 * fail the transition
1393 */
1394 if (test_sta_flag(sta, WLAN_STA_INSERTED)) {
1395 int err = drv_sta_state(sta->local, sta->sdata, sta,
1396 sta->sta_state, new_state);
1397 if (err)
1398 return err;
1399 }
1400
1401 /* reflect the change in all state variables */
1402
1421 switch (new_state) { 1403 switch (new_state) {
1422 case IEEE80211_STA_NONE: 1404 case IEEE80211_STA_NONE:
1423 if (sta->sta_state == IEEE80211_STA_AUTH) 1405 if (sta->sta_state == IEEE80211_STA_AUTH)
1424 clear_bit(WLAN_STA_AUTH, &sta->_flags); 1406 clear_bit(WLAN_STA_AUTH, &sta->_flags);
1425 else
1426 return -EINVAL;
1427 break; 1407 break;
1428 case IEEE80211_STA_AUTH: 1408 case IEEE80211_STA_AUTH:
1429 if (sta->sta_state == IEEE80211_STA_NONE) 1409 if (sta->sta_state == IEEE80211_STA_NONE)
1430 set_bit(WLAN_STA_AUTH, &sta->_flags); 1410 set_bit(WLAN_STA_AUTH, &sta->_flags);
1431 else if (sta->sta_state == IEEE80211_STA_ASSOC) 1411 else if (sta->sta_state == IEEE80211_STA_ASSOC)
1432 clear_bit(WLAN_STA_ASSOC, &sta->_flags); 1412 clear_bit(WLAN_STA_ASSOC, &sta->_flags);
1433 else
1434 return -EINVAL;
1435 break; 1413 break;
1436 case IEEE80211_STA_ASSOC: 1414 case IEEE80211_STA_ASSOC:
1437 if (sta->sta_state == IEEE80211_STA_AUTH) { 1415 if (sta->sta_state == IEEE80211_STA_AUTH) {
@@ -1440,24 +1418,19 @@ int sta_info_move_state_checked(struct sta_info *sta,
1440 if (sta->sdata->vif.type == NL80211_IFTYPE_AP) 1418 if (sta->sdata->vif.type == NL80211_IFTYPE_AP)
1441 atomic_dec(&sta->sdata->u.ap.num_sta_authorized); 1419 atomic_dec(&sta->sdata->u.ap.num_sta_authorized);
1442 clear_bit(WLAN_STA_AUTHORIZED, &sta->_flags); 1420 clear_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1443 } else 1421 }
1444 return -EINVAL;
1445 break; 1422 break;
1446 case IEEE80211_STA_AUTHORIZED: 1423 case IEEE80211_STA_AUTHORIZED:
1447 if (sta->sta_state == IEEE80211_STA_ASSOC) { 1424 if (sta->sta_state == IEEE80211_STA_ASSOC) {
1448 if (sta->sdata->vif.type == NL80211_IFTYPE_AP) 1425 if (sta->sdata->vif.type == NL80211_IFTYPE_AP)
1449 atomic_inc(&sta->sdata->u.ap.num_sta_authorized); 1426 atomic_inc(&sta->sdata->u.ap.num_sta_authorized);
1450 set_bit(WLAN_STA_AUTHORIZED, &sta->_flags); 1427 set_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1451 } else 1428 }
1452 return -EINVAL;
1453 break; 1429 break;
1454 default: 1430 default:
1455 WARN(1, "invalid state %d", new_state); 1431 break;
1456 return -EINVAL;
1457 } 1432 }
1458 1433
1459 printk(KERN_DEBUG "%s: moving STA %pM to state %d\n",
1460 sta->sdata->name, sta->sta.addr, new_state);
1461 sta->sta_state = new_state; 1434 sta->sta_state = new_state;
1462 1435
1463 return 0; 1436 return 0;
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index bfed851d0d36..ab0576827baf 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -14,6 +14,7 @@
14#include <linux/if_ether.h> 14#include <linux/if_ether.h>
15#include <linux/workqueue.h> 15#include <linux/workqueue.h>
16#include <linux/average.h> 16#include <linux/average.h>
17#include <linux/etherdevice.h>
17#include "key.h" 18#include "key.h"
18 19
19/** 20/**
@@ -52,6 +53,7 @@
52 * @WLAN_STA_SP: Station is in a service period, so don't try to 53 * @WLAN_STA_SP: Station is in a service period, so don't try to
53 * reply to other uAPSD trigger frames or PS-Poll. 54 * reply to other uAPSD trigger frames or PS-Poll.
54 * @WLAN_STA_4ADDR_EVENT: 4-addr event was already sent for this frame. 55 * @WLAN_STA_4ADDR_EVENT: 4-addr event was already sent for this frame.
56 * @WLAN_STA_INSERTED: This station is inserted into the hash table.
55 * @WLAN_STA_RATE_CONTROL: rate control was initialized for this station. 57 * @WLAN_STA_RATE_CONTROL: rate control was initialized for this station.
56 */ 58 */
57enum ieee80211_sta_info_flags { 59enum ieee80211_sta_info_flags {
@@ -72,17 +74,10 @@ enum ieee80211_sta_info_flags {
72 WLAN_STA_UAPSD, 74 WLAN_STA_UAPSD,
73 WLAN_STA_SP, 75 WLAN_STA_SP,
74 WLAN_STA_4ADDR_EVENT, 76 WLAN_STA_4ADDR_EVENT,
77 WLAN_STA_INSERTED,
75 WLAN_STA_RATE_CONTROL, 78 WLAN_STA_RATE_CONTROL,
76}; 79};
77 80
78enum ieee80211_sta_state {
79 /* NOTE: These need to be ordered correctly! */
80 IEEE80211_STA_NONE,
81 IEEE80211_STA_AUTH,
82 IEEE80211_STA_ASSOC,
83 IEEE80211_STA_AUTHORIZED,
84};
85
86#define STA_TID_NUM 16 81#define STA_TID_NUM 16
87#define ADDBA_RESP_INTERVAL HZ 82#define ADDBA_RESP_INTERVAL HZ
88#define HT_AGG_MAX_RETRIES 15 83#define HT_AGG_MAX_RETRIES 15
@@ -273,8 +268,6 @@ struct sta_ampdu_mlme {
273 * @dead: set to true when sta is unlinked 268 * @dead: set to true when sta is unlinked
274 * @uploaded: set to true when sta is uploaded to the driver 269 * @uploaded: set to true when sta is uploaded to the driver
275 * @lost_packets: number of consecutive lost packets 270 * @lost_packets: number of consecutive lost packets
276 * @dummy: indicate a dummy station created for receiving
277 * EAP frames before association
278 * @sta: station information we share with the driver 271 * @sta: station information we share with the driver
279 * @sta_state: duplicates information about station state (for debug) 272 * @sta_state: duplicates information about station state (for debug)
280 * @beacon_loss_count: number of times beacon loss has triggered 273 * @beacon_loss_count: number of times beacon loss has triggered
@@ -372,9 +365,6 @@ struct sta_info {
372 unsigned int lost_packets; 365 unsigned int lost_packets;
373 unsigned int beacon_loss_count; 366 unsigned int beacon_loss_count;
374 367
375 /* should be right in front of sta to be in the same cache line */
376 bool dummy;
377
378 /* keep last! */ 368 /* keep last! */
379 struct ieee80211_sta sta; 369 struct ieee80211_sta sta;
380}; 370};
@@ -429,13 +419,17 @@ static inline int test_and_set_sta_flag(struct sta_info *sta,
429 return test_and_set_bit(flag, &sta->_flags); 419 return test_and_set_bit(flag, &sta->_flags);
430} 420}
431 421
432int sta_info_move_state_checked(struct sta_info *sta, 422int sta_info_move_state(struct sta_info *sta,
433 enum ieee80211_sta_state new_state); 423 enum ieee80211_sta_state new_state);
434 424
435static inline void sta_info_move_state(struct sta_info *sta, 425static inline void sta_info_pre_move_state(struct sta_info *sta,
436 enum ieee80211_sta_state new_state) 426 enum ieee80211_sta_state new_state)
437{ 427{
438 int ret = sta_info_move_state_checked(sta, new_state); 428 int ret;
429
430 WARN_ON_ONCE(test_sta_flag(sta, WLAN_STA_INSERTED));
431
432 ret = sta_info_move_state(sta, new_state);
439 WARN_ON_ONCE(ret); 433 WARN_ON_ONCE(ret);
440} 434}
441 435
@@ -472,15 +466,9 @@ rcu_dereference_protected_tid_tx(struct sta_info *sta, int tid)
472struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata, 466struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
473 const u8 *addr); 467 const u8 *addr);
474 468
475struct sta_info *sta_info_get_rx(struct ieee80211_sub_if_data *sdata,
476 const u8 *addr);
477
478struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata, 469struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
479 const u8 *addr); 470 const u8 *addr);
480 471
481struct sta_info *sta_info_get_bss_rx(struct ieee80211_sub_if_data *sdata,
482 const u8 *addr);
483
484static inline 472static inline
485void for_each_sta_info_type_check(struct ieee80211_local *local, 473void for_each_sta_info_type_check(struct ieee80211_local *local,
486 const u8 *addr, 474 const u8 *addr,
@@ -489,23 +477,7 @@ void for_each_sta_info_type_check(struct ieee80211_local *local,
489{ 477{
490} 478}
491 479
492#define for_each_sta_info(local, _addr, _sta, nxt) \ 480#define for_each_sta_info(local, _addr, _sta, nxt) \
493 for ( /* initialise loop */ \
494 _sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\
495 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL; \
496 /* typecheck */ \
497 for_each_sta_info_type_check(local, (_addr), _sta, nxt),\
498 /* continue condition */ \
499 _sta; \
500 /* advance loop */ \
501 _sta = nxt, \
502 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL \
503 ) \
504 /* run code only if address matches and it's not a dummy sta */ \
505 if (memcmp(_sta->sta.addr, (_addr), ETH_ALEN) == 0 && \
506 !_sta->dummy)
507
508#define for_each_sta_info_rx(local, _addr, _sta, nxt) \
509 for ( /* initialise loop */ \ 481 for ( /* initialise loop */ \
510 _sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\ 482 _sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\
511 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL; \ 483 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL; \
@@ -518,7 +490,7 @@ void for_each_sta_info_type_check(struct ieee80211_local *local,
518 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL \ 490 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL \
519 ) \ 491 ) \
520 /* compare address and run code only if it matches */ \ 492 /* compare address and run code only if it matches */ \
521 if (memcmp(_sta->sta.addr, (_addr), ETH_ALEN) == 0) 493 if (compare_ether_addr(_sta->sta.addr, (_addr)) == 0)
522 494
523/* 495/*
524 * Get STA info by index, BROKEN! 496 * Get STA info by index, BROKEN!
@@ -544,8 +516,8 @@ void sta_info_free(struct ieee80211_local *local, struct sta_info *sta);
544 */ 516 */
545int sta_info_insert(struct sta_info *sta); 517int sta_info_insert(struct sta_info *sta);
546int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU); 518int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU);
547int sta_info_reinsert(struct sta_info *sta);
548 519
520int __must_check __sta_info_destroy(struct sta_info *sta);
549int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, 521int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata,
550 const u8 *addr); 522 const u8 *addr);
551int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata, 523int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
@@ -557,6 +529,9 @@ void sta_info_init(struct ieee80211_local *local);
557void sta_info_stop(struct ieee80211_local *local); 529void sta_info_stop(struct ieee80211_local *local);
558int sta_info_flush(struct ieee80211_local *local, 530int sta_info_flush(struct ieee80211_local *local,
559 struct ieee80211_sub_if_data *sdata); 531 struct ieee80211_sub_if_data *sdata);
532void sta_set_rate_info_tx(struct sta_info *sta,
533 const struct ieee80211_tx_rate *rate,
534 struct rate_info *rinfo);
560void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, 535void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
561 unsigned long exp_time); 536 unsigned long exp_time);
562 537
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 30c265c98f73..5f8f89e89d6b 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -10,7 +10,9 @@
10 */ 10 */
11 11
12#include <linux/export.h> 12#include <linux/export.h>
13#include <linux/etherdevice.h>
13#include <net/mac80211.h> 14#include <net/mac80211.h>
15#include <asm/unaligned.h>
14#include "ieee80211_i.h" 16#include "ieee80211_i.h"
15#include "rate.h" 17#include "rate.h"
16#include "mesh.h" 18#include "mesh.h"
@@ -350,7 +352,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
350 bool send_to_cooked; 352 bool send_to_cooked;
351 bool acked; 353 bool acked;
352 struct ieee80211_bar *bar; 354 struct ieee80211_bar *bar;
353 u16 tid;
354 int rtap_len; 355 int rtap_len;
355 356
356 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 357 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
@@ -377,7 +378,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
377 378
378 for_each_sta_info(local, hdr->addr1, sta, tmp) { 379 for_each_sta_info(local, hdr->addr1, sta, tmp) {
379 /* skip wrong virtual interface */ 380 /* skip wrong virtual interface */
380 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN)) 381 if (compare_ether_addr(hdr->addr2, sta->sdata->vif.addr))
381 continue; 382 continue;
382 383
383 if (info->flags & IEEE80211_TX_STATUS_EOSP) 384 if (info->flags & IEEE80211_TX_STATUS_EOSP)
@@ -412,7 +413,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
412 } 413 }
413 414
414 if (!acked && ieee80211_is_back_req(fc)) { 415 if (!acked && ieee80211_is_back_req(fc)) {
415 u16 control; 416 u16 tid, control;
416 417
417 /* 418 /*
418 * BAR failed, store the last SSN and retry sending 419 * BAR failed, store the last SSN and retry sending
@@ -516,7 +517,8 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
516 517
517 if (ieee80211_is_nullfunc(hdr->frame_control) || 518 if (ieee80211_is_nullfunc(hdr->frame_control) ||
518 ieee80211_is_qos_nullfunc(hdr->frame_control)) { 519 ieee80211_is_qos_nullfunc(hdr->frame_control)) {
519 bool acked = info->flags & IEEE80211_TX_STAT_ACK; 520 acked = info->flags & IEEE80211_TX_STAT_ACK;
521
520 cfg80211_probe_status(skb->dev, hdr->addr1, 522 cfg80211_probe_status(skb->dev, hdr->addr1,
521 cookie, acked, GFP_ATOMIC); 523 cookie, acked, GFP_ATOMIC);
522 } else { 524 } else {
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index e05667cd5e76..782a60198df4 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -226,12 +226,12 @@ ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
226 * have correct qos tag for some reason, due the network or the 226 * have correct qos tag for some reason, due the network or the
227 * peer application. 227 * peer application.
228 * 228 *
229 * Note: local->uapsd_queues access is racy here. If the value is 229 * Note: ifmgd->uapsd_queues access is racy here. If the value is
230 * changed via debugfs, user needs to reassociate manually to have 230 * changed via debugfs, user needs to reassociate manually to have
231 * everything in sync. 231 * everything in sync.
232 */ 232 */
233 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) 233 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED)
234 && (local->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) 234 && (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO)
235 && skb_get_queue_mapping(tx->skb) == 0) 235 && skb_get_queue_mapping(tx->skb) == 0)
236 return TX_CONTINUE; 236 return TX_CONTINUE;
237 237
@@ -448,18 +448,23 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
448 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 448 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
449 struct ieee80211_local *local = tx->local; 449 struct ieee80211_local *local = tx->local;
450 450
451 if (unlikely(!sta || 451 if (unlikely(!sta))
452 ieee80211_is_probe_resp(hdr->frame_control) ||
453 ieee80211_is_auth(hdr->frame_control) ||
454 ieee80211_is_assoc_resp(hdr->frame_control) ||
455 ieee80211_is_reassoc_resp(hdr->frame_control)))
456 return TX_CONTINUE; 452 return TX_CONTINUE;
457 453
458 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) || 454 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
459 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) && 455 test_sta_flag(sta, WLAN_STA_PS_DRIVER)) &&
460 !(info->flags & IEEE80211_TX_CTL_POLL_RESPONSE))) { 456 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
461 int ac = skb_get_queue_mapping(tx->skb); 457 int ac = skb_get_queue_mapping(tx->skb);
462 458
459 /* only deauth, disassoc and action are bufferable MMPDUs */
460 if (ieee80211_is_mgmt(hdr->frame_control) &&
461 !ieee80211_is_deauth(hdr->frame_control) &&
462 !ieee80211_is_disassoc(hdr->frame_control) &&
463 !ieee80211_is_action(hdr->frame_control)) {
464 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
465 return TX_CONTINUE;
466 }
467
463#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 468#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
464 printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n", 469 printk(KERN_DEBUG "STA %pM aid %d: PS buffer for AC %d\n",
465 sta->sta.addr, sta->sta.aid, ac); 470 sta->sta.addr, sta->sta.aid, ac);
@@ -625,7 +630,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
625 tx->local->hw.wiphy->frag_threshold); 630 tx->local->hw.wiphy->frag_threshold);
626 631
627 /* set up the tx rate control struct we give the RC algo */ 632 /* set up the tx rate control struct we give the RC algo */
628 txrc.hw = local_to_hw(tx->local); 633 txrc.hw = &tx->local->hw;
629 txrc.sband = sband; 634 txrc.sband = sband;
630 txrc.bss_conf = &tx->sdata->vif.bss_conf; 635 txrc.bss_conf = &tx->sdata->vif.bss_conf;
631 txrc.skb = tx->skb; 636 txrc.skb = tx->skb;
@@ -635,6 +640,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
635 txrc.max_rate_idx = -1; 640 txrc.max_rate_idx = -1;
636 else 641 else
637 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 642 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
643 memcpy(txrc.rate_idx_mcs_mask,
644 tx->sdata->rc_rateidx_mcs_mask[tx->channel->band],
645 sizeof(txrc.rate_idx_mcs_mask));
638 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || 646 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
639 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 647 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
640 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC); 648 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
@@ -1057,6 +1065,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1057{ 1065{
1058 bool queued = false; 1066 bool queued = false;
1059 bool reset_agg_timer = false; 1067 bool reset_agg_timer = false;
1068 struct sk_buff *purge_skb = NULL;
1060 1069
1061 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) { 1070 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1062 info->flags |= IEEE80211_TX_CTL_AMPDU; 1071 info->flags |= IEEE80211_TX_CTL_AMPDU;
@@ -1098,8 +1107,13 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1098 info->control.vif = &tx->sdata->vif; 1107 info->control.vif = &tx->sdata->vif;
1099 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1108 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1100 __skb_queue_tail(&tid_tx->pending, skb); 1109 __skb_queue_tail(&tid_tx->pending, skb);
1110 if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1111 purge_skb = __skb_dequeue(&tid_tx->pending);
1101 } 1112 }
1102 spin_unlock(&tx->sta->lock); 1113 spin_unlock(&tx->sta->lock);
1114
1115 if (purge_skb)
1116 dev_kfree_skb(purge_skb);
1103 } 1117 }
1104 1118
1105 /* reset session timer */ 1119 /* reset session timer */
@@ -2203,7 +2217,8 @@ void ieee80211_tx_pending(unsigned long data)
2203 2217
2204/* functions for drivers to get certain frames */ 2218/* functions for drivers to get certain frames */
2205 2219
2206static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss, 2220static void ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
2221 struct ieee80211_if_ap *bss,
2207 struct sk_buff *skb, 2222 struct sk_buff *skb,
2208 struct beacon_data *beacon) 2223 struct beacon_data *beacon)
2209{ 2224{
@@ -2220,7 +2235,7 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss,
2220 IEEE80211_MAX_AID+1); 2235 IEEE80211_MAX_AID+1);
2221 2236
2222 if (bss->dtim_count == 0) 2237 if (bss->dtim_count == 0)
2223 bss->dtim_count = beacon->dtim_period - 1; 2238 bss->dtim_count = sdata->vif.bss_conf.dtim_period - 1;
2224 else 2239 else
2225 bss->dtim_count--; 2240 bss->dtim_count--;
2226 2241
@@ -2228,7 +2243,7 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss,
2228 *pos++ = WLAN_EID_TIM; 2243 *pos++ = WLAN_EID_TIM;
2229 *pos++ = 4; 2244 *pos++ = 4;
2230 *pos++ = bss->dtim_count; 2245 *pos++ = bss->dtim_count;
2231 *pos++ = beacon->dtim_period; 2246 *pos++ = sdata->vif.bss_conf.dtim_period;
2232 2247
2233 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf)) 2248 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
2234 aid0 = 1; 2249 aid0 = 1;
@@ -2321,12 +2336,14 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2321 * of the tim bitmap in mac80211 and the driver. 2336 * of the tim bitmap in mac80211 and the driver.
2322 */ 2337 */
2323 if (local->tim_in_locked_section) { 2338 if (local->tim_in_locked_section) {
2324 ieee80211_beacon_add_tim(ap, skb, beacon); 2339 ieee80211_beacon_add_tim(sdata, ap, skb,
2340 beacon);
2325 } else { 2341 } else {
2326 unsigned long flags; 2342 unsigned long flags;
2327 2343
2328 spin_lock_irqsave(&local->tim_lock, flags); 2344 spin_lock_irqsave(&local->tim_lock, flags);
2329 ieee80211_beacon_add_tim(ap, skb, beacon); 2345 ieee80211_beacon_add_tim(sdata, ap, skb,
2346 beacon);
2330 spin_unlock_irqrestore(&local->tim_lock, flags); 2347 spin_unlock_irqrestore(&local->tim_lock, flags);
2331 } 2348 }
2332 2349
@@ -2431,6 +2448,8 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2431 txrc.max_rate_idx = -1; 2448 txrc.max_rate_idx = -1;
2432 else 2449 else
2433 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 2450 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2451 memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band],
2452 sizeof(txrc.rate_idx_mcs_mask));
2434 txrc.bss = true; 2453 txrc.bss = true;
2435 rate_control_get_rate(sdata, NULL, &txrc); 2454 rate_control_get_rate(sdata, NULL, &txrc);
2436 2455
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 9919892575f4..32f7a3b3d43c 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -572,24 +572,40 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
572 size_t left = len; 572 size_t left = len;
573 u8 *pos = start; 573 u8 *pos = start;
574 bool calc_crc = filter != 0; 574 bool calc_crc = filter != 0;
575 DECLARE_BITMAP(seen_elems, 256);
575 576
577 bitmap_zero(seen_elems, 256);
576 memset(elems, 0, sizeof(*elems)); 578 memset(elems, 0, sizeof(*elems));
577 elems->ie_start = start; 579 elems->ie_start = start;
578 elems->total_len = len; 580 elems->total_len = len;
579 581
580 while (left >= 2) { 582 while (left >= 2) {
581 u8 id, elen; 583 u8 id, elen;
584 bool elem_parse_failed;
582 585
583 id = *pos++; 586 id = *pos++;
584 elen = *pos++; 587 elen = *pos++;
585 left -= 2; 588 left -= 2;
586 589
587 if (elen > left) 590 if (elen > left) {
591 elems->parse_error = true;
588 break; 592 break;
593 }
594
595 if (id != WLAN_EID_VENDOR_SPECIFIC &&
596 id != WLAN_EID_QUIET &&
597 test_bit(id, seen_elems)) {
598 elems->parse_error = true;
599 left -= elen;
600 pos += elen;
601 continue;
602 }
589 603
590 if (calc_crc && id < 64 && (filter & (1ULL << id))) 604 if (calc_crc && id < 64 && (filter & (1ULL << id)))
591 crc = crc32_be(crc, pos - 2, elen + 2); 605 crc = crc32_be(crc, pos - 2, elen + 2);
592 606
607 elem_parse_failed = false;
608
593 switch (id) { 609 switch (id) {
594 case WLAN_EID_SSID: 610 case WLAN_EID_SSID:
595 elems->ssid = pos; 611 elems->ssid = pos;
@@ -615,7 +631,8 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
615 if (elen >= sizeof(struct ieee80211_tim_ie)) { 631 if (elen >= sizeof(struct ieee80211_tim_ie)) {
616 elems->tim = (void *)pos; 632 elems->tim = (void *)pos;
617 elems->tim_len = elen; 633 elems->tim_len = elen;
618 } 634 } else
635 elem_parse_failed = true;
619 break; 636 break;
620 case WLAN_EID_IBSS_PARAMS: 637 case WLAN_EID_IBSS_PARAMS:
621 elems->ibss_params = pos; 638 elems->ibss_params = pos;
@@ -664,10 +681,14 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
664 case WLAN_EID_HT_CAPABILITY: 681 case WLAN_EID_HT_CAPABILITY:
665 if (elen >= sizeof(struct ieee80211_ht_cap)) 682 if (elen >= sizeof(struct ieee80211_ht_cap))
666 elems->ht_cap_elem = (void *)pos; 683 elems->ht_cap_elem = (void *)pos;
684 else
685 elem_parse_failed = true;
667 break; 686 break;
668 case WLAN_EID_HT_INFORMATION: 687 case WLAN_EID_HT_INFORMATION:
669 if (elen >= sizeof(struct ieee80211_ht_info)) 688 if (elen >= sizeof(struct ieee80211_ht_info))
670 elems->ht_info_elem = (void *)pos; 689 elems->ht_info_elem = (void *)pos;
690 else
691 elem_parse_failed = true;
671 break; 692 break;
672 case WLAN_EID_MESH_ID: 693 case WLAN_EID_MESH_ID:
673 elems->mesh_id = pos; 694 elems->mesh_id = pos;
@@ -676,6 +697,8 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
676 case WLAN_EID_MESH_CONFIG: 697 case WLAN_EID_MESH_CONFIG:
677 if (elen >= sizeof(struct ieee80211_meshconf_ie)) 698 if (elen >= sizeof(struct ieee80211_meshconf_ie))
678 elems->mesh_config = (void *)pos; 699 elems->mesh_config = (void *)pos;
700 else
701 elem_parse_failed = true;
679 break; 702 break;
680 case WLAN_EID_PEER_MGMT: 703 case WLAN_EID_PEER_MGMT:
681 elems->peering = pos; 704 elems->peering = pos;
@@ -696,6 +719,8 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
696 case WLAN_EID_RANN: 719 case WLAN_EID_RANN:
697 if (elen >= sizeof(struct ieee80211_rann_ie)) 720 if (elen >= sizeof(struct ieee80211_rann_ie))
698 elems->rann = (void *)pos; 721 elems->rann = (void *)pos;
722 else
723 elem_parse_failed = true;
699 break; 724 break;
700 case WLAN_EID_CHANNEL_SWITCH: 725 case WLAN_EID_CHANNEL_SWITCH:
701 elems->ch_switch_elem = pos; 726 elems->ch_switch_elem = pos;
@@ -724,10 +749,18 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
724 break; 749 break;
725 } 750 }
726 751
752 if (elem_parse_failed)
753 elems->parse_error = true;
754 else
755 set_bit(id, seen_elems);
756
727 left -= elen; 757 left -= elen;
728 pos += elen; 758 pos += elen;
729 } 759 }
730 760
761 if (left != 0)
762 elems->parse_error = true;
763
731 return crc; 764 return crc;
732} 765}
733 766
@@ -737,7 +770,8 @@ void ieee802_11_parse_elems(u8 *start, size_t len,
737 ieee802_11_parse_elems_crc(start, len, elems, 0, 0); 770 ieee802_11_parse_elems_crc(start, len, elems, 0, 0);
738} 771}
739 772
740void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata) 773void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
774 bool bss_notify)
741{ 775{
742 struct ieee80211_local *local = sdata->local; 776 struct ieee80211_local *local = sdata->local;
743 struct ieee80211_tx_queue_params qparam; 777 struct ieee80211_tx_queue_params qparam;
@@ -753,7 +787,7 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
753 use_11b = (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) && 787 use_11b = (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ) &&
754 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE); 788 !(sdata->flags & IEEE80211_SDATA_OPERATING_GMODE);
755 789
756 for (queue = 0; queue < local_to_hw(local)->queues; queue++) { 790 for (queue = 0; queue < local->hw.queues; queue++) {
757 /* Set defaults according to 802.11-2007 Table 7-37 */ 791 /* Set defaults according to 802.11-2007 Table 7-37 */
758 aCWmax = 1023; 792 aCWmax = 1023;
759 if (use_11b) 793 if (use_11b)
@@ -807,7 +841,9 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
807 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) { 841 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) {
808 sdata->vif.bss_conf.qos = 842 sdata->vif.bss_conf.qos =
809 sdata->vif.type != NL80211_IFTYPE_STATION; 843 sdata->vif.type != NL80211_IFTYPE_STATION;
810 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS); 844 if (bss_notify)
845 ieee80211_bss_info_change_notify(sdata,
846 BSS_CHANGED_QOS);
811 } 847 }
812} 848}
813 849
@@ -829,7 +865,7 @@ void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
829 else 865 else
830 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE; 866 sdata->flags &= ~IEEE80211_SDATA_OPERATING_GMODE;
831 867
832 ieee80211_set_wmm_default(sdata); 868 ieee80211_set_wmm_default(sdata, true);
833} 869}
834 870
835u32 ieee80211_mandatory_rates(struct ieee80211_local *local, 871u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
@@ -862,8 +898,8 @@ u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
862 898
863void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata, 899void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
864 u16 transaction, u16 auth_alg, 900 u16 transaction, u16 auth_alg,
865 u8 *extra, size_t extra_len, const u8 *bssid, 901 u8 *extra, size_t extra_len, const u8 *da,
866 const u8 *key, u8 key_len, u8 key_idx) 902 const u8 *bssid, const u8 *key, u8 key_len, u8 key_idx)
867{ 903{
868 struct ieee80211_local *local = sdata->local; 904 struct ieee80211_local *local = sdata->local;
869 struct sk_buff *skb; 905 struct sk_buff *skb;
@@ -881,7 +917,7 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
881 memset(mgmt, 0, 24 + 6); 917 memset(mgmt, 0, 24 + 6);
882 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 918 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
883 IEEE80211_STYPE_AUTH); 919 IEEE80211_STYPE_AUTH);
884 memcpy(mgmt->da, bssid, ETH_ALEN); 920 memcpy(mgmt->da, da, ETH_ALEN);
885 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 921 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
886 memcpy(mgmt->bssid, bssid, ETH_ALEN); 922 memcpy(mgmt->bssid, bssid, ETH_ALEN);
887 mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg); 923 mgmt->u.auth.auth_alg = cpu_to_le16(auth_alg);
@@ -1185,13 +1221,12 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1185 mutex_lock(&local->sta_mtx); 1221 mutex_lock(&local->sta_mtx);
1186 list_for_each_entry(sta, &local->sta_list, list) { 1222 list_for_each_entry(sta, &local->sta_list, list) {
1187 if (sta->uploaded) { 1223 if (sta->uploaded) {
1188 sdata = sta->sdata; 1224 enum ieee80211_sta_state state;
1189 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1190 sdata = container_of(sdata->bss,
1191 struct ieee80211_sub_if_data,
1192 u.ap);
1193 1225
1194 WARN_ON(drv_sta_add(local, sdata, &sta->sta)); 1226 for (state = IEEE80211_STA_NOTEXIST;
1227 state < sta->sta_state - 1; state++)
1228 WARN_ON(drv_sta_state(local, sta->sdata, sta,
1229 state, state + 1));
1195 } 1230 }
1196 } 1231 }
1197 mutex_unlock(&local->sta_mtx); 1232 mutex_unlock(&local->sta_mtx);
@@ -1272,6 +1307,21 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1272 ieee80211_recalc_ps(local, -1); 1307 ieee80211_recalc_ps(local, -1);
1273 1308
1274 /* 1309 /*
1310 * The sta might be in psm against the ap (e.g. because
1311 * this was the state before a hw restart), so we
1312 * explicitly send a null packet in order to make sure
1313 * it'll sync against the ap (and get out of psm).
1314 */
1315 if (!(local->hw.conf.flags & IEEE80211_CONF_PS)) {
1316 list_for_each_entry(sdata, &local->interfaces, list) {
1317 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1318 continue;
1319
1320 ieee80211_send_nullfunc(local, sdata, 0);
1321 }
1322 }
1323
1324 /*
1275 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation 1325 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation
1276 * sessions can be established after a resume. 1326 * sessions can be established after a resume.
1277 * 1327 *
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 68ad351479df..7aa31bbfaa3b 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -263,16 +263,14 @@ static int ieee80211_wep_decrypt(struct ieee80211_local *local,
263} 263}
264 264
265 265
266bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key) 266static bool ieee80211_wep_is_weak_iv(struct sk_buff *skb,
267 struct ieee80211_key *key)
267{ 268{
268 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 269 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
269 unsigned int hdrlen; 270 unsigned int hdrlen;
270 u8 *ivpos; 271 u8 *ivpos;
271 u32 iv; 272 u32 iv;
272 273
273 if (!ieee80211_has_protected(hdr->frame_control))
274 return false;
275
276 hdrlen = ieee80211_hdrlen(hdr->frame_control); 274 hdrlen = ieee80211_hdrlen(hdr->frame_control);
277 ivpos = skb->data + hdrlen; 275 ivpos = skb->data + hdrlen;
278 iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2]; 276 iv = (ivpos[0] << 16) | (ivpos[1] << 8) | ivpos[2];
@@ -286,18 +284,27 @@ ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx)
286 struct sk_buff *skb = rx->skb; 284 struct sk_buff *skb = rx->skb;
287 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 285 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
288 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 286 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
287 __le16 fc = hdr->frame_control;
289 288
290 if (!ieee80211_is_data(hdr->frame_control) && 289 if (!ieee80211_is_data(fc) && !ieee80211_is_auth(fc))
291 !ieee80211_is_auth(hdr->frame_control))
292 return RX_CONTINUE; 290 return RX_CONTINUE;
293 291
294 if (!(status->flag & RX_FLAG_DECRYPTED)) { 292 if (!(status->flag & RX_FLAG_DECRYPTED)) {
293 if (skb_linearize(rx->skb))
294 return RX_DROP_UNUSABLE;
295 if (rx->sta && ieee80211_wep_is_weak_iv(rx->skb, rx->key))
296 rx->sta->wep_weak_iv_count++;
295 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key)) 297 if (ieee80211_wep_decrypt(rx->local, rx->skb, rx->key))
296 return RX_DROP_UNUSABLE; 298 return RX_DROP_UNUSABLE;
297 } else if (!(status->flag & RX_FLAG_IV_STRIPPED)) { 299 } else if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
300 if (!pskb_may_pull(rx->skb, ieee80211_hdrlen(fc) + WEP_IV_LEN))
301 return RX_DROP_UNUSABLE;
302 if (rx->sta && ieee80211_wep_is_weak_iv(rx->skb, rx->key))
303 rx->sta->wep_weak_iv_count++;
298 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key); 304 ieee80211_wep_remove_iv(rx->local, rx->skb, rx->key);
299 /* remove ICV */ 305 /* remove ICV */
300 skb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN); 306 if (pskb_trim(rx->skb, rx->skb->len - WEP_ICV_LEN))
307 return RX_DROP_UNUSABLE;
301 } 308 }
302 309
303 return RX_CONTINUE; 310 return RX_CONTINUE;
diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h
index 01e54840a628..9615749d1f65 100644
--- a/net/mac80211/wep.h
+++ b/net/mac80211/wep.h
@@ -25,7 +25,6 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local,
25 const u8 *key, int keylen, int keyidx); 25 const u8 *key, int keylen, int keyidx);
26int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key, 26int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
27 size_t klen, u8 *data, size_t data_len); 27 size_t klen, u8 *data, size_t data_len);
28bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
29 28
30ieee80211_rx_result 29ieee80211_rx_result
31ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx); 30ieee80211_crypto_wep_decrypt(struct ieee80211_rx_data *rx);
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index c6dd01a05291..c6e230efa049 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -27,16 +27,9 @@
27#include "rate.h" 27#include "rate.h"
28#include "driver-ops.h" 28#include "driver-ops.h"
29 29
30#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
31#define IEEE80211_AUTH_MAX_TRIES 3
32#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
33#define IEEE80211_ASSOC_MAX_TRIES 3
34
35enum work_action { 30enum work_action {
36 WORK_ACT_MISMATCH,
37 WORK_ACT_NONE, 31 WORK_ACT_NONE,
38 WORK_ACT_TIMEOUT, 32 WORK_ACT_TIMEOUT,
39 WORK_ACT_DONE,
40}; 33};
41 34
42 35
@@ -71,464 +64,6 @@ void free_work(struct ieee80211_work *wk)
71 kfree_rcu(wk, rcu_head); 64 kfree_rcu(wk, rcu_head);
72} 65}
73 66
74static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
75 struct ieee80211_supported_band *sband,
76 u32 *rates)
77{
78 int i, j, count;
79 *rates = 0;
80 count = 0;
81 for (i = 0; i < supp_rates_len; i++) {
82 int rate = (supp_rates[i] & 0x7F) * 5;
83
84 for (j = 0; j < sband->n_bitrates; j++)
85 if (sband->bitrates[j].bitrate == rate) {
86 *rates |= BIT(j);
87 count++;
88 break;
89 }
90 }
91
92 return count;
93}
94
95/* frame sending functions */
96
97static void ieee80211_add_ht_ie(struct ieee80211_sub_if_data *sdata,
98 struct sk_buff *skb, const u8 *ht_info_ie,
99 struct ieee80211_supported_band *sband,
100 struct ieee80211_channel *channel,
101 enum ieee80211_smps_mode smps)
102{
103 struct ieee80211_ht_info *ht_info;
104 u8 *pos;
105 u32 flags = channel->flags;
106 u16 cap;
107 struct ieee80211_sta_ht_cap ht_cap;
108
109 BUILD_BUG_ON(sizeof(ht_cap) != sizeof(sband->ht_cap));
110
111 if (!sband->ht_cap.ht_supported)
112 return;
113
114 if (!ht_info_ie)
115 return;
116
117 if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
118 return;
119
120 memcpy(&ht_cap, &sband->ht_cap, sizeof(ht_cap));
121 ieee80211_apply_htcap_overrides(sdata, &ht_cap);
122
123 ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
124
125 /* determine capability flags */
126 cap = ht_cap.cap;
127
128 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
129 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
130 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
132 cap &= ~IEEE80211_HT_CAP_SGI_40;
133 }
134 break;
135 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
136 if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
137 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
138 cap &= ~IEEE80211_HT_CAP_SGI_40;
139 }
140 break;
141 }
142
143 /* set SM PS mode properly */
144 cap &= ~IEEE80211_HT_CAP_SM_PS;
145 switch (smps) {
146 case IEEE80211_SMPS_AUTOMATIC:
147 case IEEE80211_SMPS_NUM_MODES:
148 WARN_ON(1);
149 case IEEE80211_SMPS_OFF:
150 cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
151 IEEE80211_HT_CAP_SM_PS_SHIFT;
152 break;
153 case IEEE80211_SMPS_STATIC:
154 cap |= WLAN_HT_CAP_SM_PS_STATIC <<
155 IEEE80211_HT_CAP_SM_PS_SHIFT;
156 break;
157 case IEEE80211_SMPS_DYNAMIC:
158 cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
159 IEEE80211_HT_CAP_SM_PS_SHIFT;
160 break;
161 }
162
163 /* reserve and fill IE */
164 pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
165 ieee80211_ie_build_ht_cap(pos, &ht_cap, cap);
166}
167
168static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
169 struct ieee80211_work *wk)
170{
171 struct ieee80211_local *local = sdata->local;
172 struct sk_buff *skb;
173 struct ieee80211_mgmt *mgmt;
174 u8 *pos, qos_info;
175 size_t offset = 0, noffset;
176 int i, count, rates_len, supp_rates_len;
177 u16 capab;
178 struct ieee80211_supported_band *sband;
179 u32 rates = 0;
180
181 sband = local->hw.wiphy->bands[wk->chan->band];
182
183 if (wk->assoc.supp_rates_len) {
184 /*
185 * Get all rates supported by the device and the AP as
186 * some APs don't like getting a superset of their rates
187 * in the association request (e.g. D-Link DAP 1353 in
188 * b-only mode)...
189 */
190 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
191 wk->assoc.supp_rates_len,
192 sband, &rates);
193 } else {
194 /*
195 * In case AP not provide any supported rates information
196 * before association, we send information element(s) with
197 * all rates that we support.
198 */
199 rates = ~0;
200 rates_len = sband->n_bitrates;
201 }
202
203 skb = alloc_skb(local->hw.extra_tx_headroom +
204 sizeof(*mgmt) + /* bit too much but doesn't matter */
205 2 + wk->assoc.ssid_len + /* SSID */
206 4 + rates_len + /* (extended) rates */
207 4 + /* power capability */
208 2 + 2 * sband->n_channels + /* supported channels */
209 2 + sizeof(struct ieee80211_ht_cap) + /* HT */
210 wk->ie_len + /* extra IEs */
211 9, /* WMM */
212 GFP_KERNEL);
213 if (!skb)
214 return;
215
216 skb_reserve(skb, local->hw.extra_tx_headroom);
217
218 capab = WLAN_CAPABILITY_ESS;
219
220 if (sband->band == IEEE80211_BAND_2GHZ) {
221 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
222 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
223 if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
224 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
225 }
226
227 if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
228 capab |= WLAN_CAPABILITY_PRIVACY;
229
230 if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
231 (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
232 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
233
234 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
235 memset(mgmt, 0, 24);
236 memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
237 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
238 memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
239
240 if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
241 skb_put(skb, 10);
242 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
243 IEEE80211_STYPE_REASSOC_REQ);
244 mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
245 mgmt->u.reassoc_req.listen_interval =
246 cpu_to_le16(local->hw.conf.listen_interval);
247 memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
248 ETH_ALEN);
249 } else {
250 skb_put(skb, 4);
251 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
252 IEEE80211_STYPE_ASSOC_REQ);
253 mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
254 mgmt->u.assoc_req.listen_interval =
255 cpu_to_le16(local->hw.conf.listen_interval);
256 }
257
258 /* SSID */
259 pos = skb_put(skb, 2 + wk->assoc.ssid_len);
260 *pos++ = WLAN_EID_SSID;
261 *pos++ = wk->assoc.ssid_len;
262 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
263
264 /* add all rates which were marked to be used above */
265 supp_rates_len = rates_len;
266 if (supp_rates_len > 8)
267 supp_rates_len = 8;
268
269 pos = skb_put(skb, supp_rates_len + 2);
270 *pos++ = WLAN_EID_SUPP_RATES;
271 *pos++ = supp_rates_len;
272
273 count = 0;
274 for (i = 0; i < sband->n_bitrates; i++) {
275 if (BIT(i) & rates) {
276 int rate = sband->bitrates[i].bitrate;
277 *pos++ = (u8) (rate / 5);
278 if (++count == 8)
279 break;
280 }
281 }
282
283 if (rates_len > count) {
284 pos = skb_put(skb, rates_len - count + 2);
285 *pos++ = WLAN_EID_EXT_SUPP_RATES;
286 *pos++ = rates_len - count;
287
288 for (i++; i < sband->n_bitrates; i++) {
289 if (BIT(i) & rates) {
290 int rate = sband->bitrates[i].bitrate;
291 *pos++ = (u8) (rate / 5);
292 }
293 }
294 }
295
296 if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
297 /* 1. power capabilities */
298 pos = skb_put(skb, 4);
299 *pos++ = WLAN_EID_PWR_CAPABILITY;
300 *pos++ = 2;
301 *pos++ = 0; /* min tx power */
302 *pos++ = wk->chan->max_power; /* max tx power */
303
304 /* 2. supported channels */
305 /* TODO: get this in reg domain format */
306 pos = skb_put(skb, 2 * sband->n_channels + 2);
307 *pos++ = WLAN_EID_SUPPORTED_CHANNELS;
308 *pos++ = 2 * sband->n_channels;
309 for (i = 0; i < sband->n_channels; i++) {
310 *pos++ = ieee80211_frequency_to_channel(
311 sband->channels[i].center_freq);
312 *pos++ = 1; /* one channel in the subband*/
313 }
314 }
315
316 /* if present, add any custom IEs that go before HT */
317 if (wk->ie_len && wk->ie) {
318 static const u8 before_ht[] = {
319 WLAN_EID_SSID,
320 WLAN_EID_SUPP_RATES,
321 WLAN_EID_EXT_SUPP_RATES,
322 WLAN_EID_PWR_CAPABILITY,
323 WLAN_EID_SUPPORTED_CHANNELS,
324 WLAN_EID_RSN,
325 WLAN_EID_QOS_CAPA,
326 WLAN_EID_RRM_ENABLED_CAPABILITIES,
327 WLAN_EID_MOBILITY_DOMAIN,
328 WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
329 };
330 noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
331 before_ht, ARRAY_SIZE(before_ht),
332 offset);
333 pos = skb_put(skb, noffset - offset);
334 memcpy(pos, wk->ie + offset, noffset - offset);
335 offset = noffset;
336 }
337
338 if (wk->assoc.use_11n && wk->assoc.wmm_used &&
339 local->hw.queues >= 4)
340 ieee80211_add_ht_ie(sdata, skb, wk->assoc.ht_information_ie,
341 sband, wk->chan, wk->assoc.smps);
342
343 /* if present, add any custom non-vendor IEs that go after HT */
344 if (wk->ie_len && wk->ie) {
345 noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
346 offset);
347 pos = skb_put(skb, noffset - offset);
348 memcpy(pos, wk->ie + offset, noffset - offset);
349 offset = noffset;
350 }
351
352 if (wk->assoc.wmm_used && local->hw.queues >= 4) {
353 if (wk->assoc.uapsd_used) {
354 qos_info = local->uapsd_queues;
355 qos_info |= (local->uapsd_max_sp_len <<
356 IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
357 } else {
358 qos_info = 0;
359 }
360
361 pos = skb_put(skb, 9);
362 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
363 *pos++ = 7; /* len */
364 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
365 *pos++ = 0x50;
366 *pos++ = 0xf2;
367 *pos++ = 2; /* WME */
368 *pos++ = 0; /* WME info */
369 *pos++ = 1; /* WME ver */
370 *pos++ = qos_info;
371 }
372
373 /* add any remaining custom (i.e. vendor specific here) IEs */
374 if (wk->ie_len && wk->ie) {
375 noffset = wk->ie_len;
376 pos = skb_put(skb, noffset - offset);
377 memcpy(pos, wk->ie + offset, noffset - offset);
378 }
379
380 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
381 ieee80211_tx_skb(sdata, skb);
382}
383
384static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
385 struct ieee80211_work *wk)
386{
387 struct cfg80211_bss *cbss;
388 u16 capa_val = WLAN_CAPABILITY_ESS;
389
390 if (wk->probe_auth.privacy)
391 capa_val |= WLAN_CAPABILITY_PRIVACY;
392
393 cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
394 wk->probe_auth.ssid, wk->probe_auth.ssid_len,
395 WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
396 capa_val);
397 if (!cbss)
398 return;
399
400 cfg80211_unlink_bss(local->hw.wiphy, cbss);
401 cfg80211_put_bss(cbss);
402}
403
404static enum work_action __must_check
405ieee80211_direct_probe(struct ieee80211_work *wk)
406{
407 struct ieee80211_sub_if_data *sdata = wk->sdata;
408 struct ieee80211_local *local = sdata->local;
409
410 if (!wk->probe_auth.synced) {
411 int ret = drv_tx_sync(local, sdata, wk->filter_ta,
412 IEEE80211_TX_SYNC_AUTH);
413 if (ret)
414 return WORK_ACT_TIMEOUT;
415 }
416 wk->probe_auth.synced = true;
417
418 wk->probe_auth.tries++;
419 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
420 printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
421 sdata->name, wk->filter_ta);
422
423 /*
424 * Most likely AP is not in the range so remove the
425 * bss struct for that AP.
426 */
427 ieee80211_remove_auth_bss(local, wk);
428
429 return WORK_ACT_TIMEOUT;
430 }
431
432 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
433 sdata->name, wk->filter_ta, wk->probe_auth.tries,
434 IEEE80211_AUTH_MAX_TRIES);
435
436 /*
437 * Direct probe is sent to broadcast address as some APs
438 * will not answer to direct packet in unassociated state.
439 */
440 ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
441 wk->probe_auth.ssid_len, NULL, 0,
442 (u32) -1, true, false);
443
444 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
445 run_again(local, wk->timeout);
446
447 return WORK_ACT_NONE;
448}
449
450
451static enum work_action __must_check
452ieee80211_authenticate(struct ieee80211_work *wk)
453{
454 struct ieee80211_sub_if_data *sdata = wk->sdata;
455 struct ieee80211_local *local = sdata->local;
456
457 if (!wk->probe_auth.synced) {
458 int ret = drv_tx_sync(local, sdata, wk->filter_ta,
459 IEEE80211_TX_SYNC_AUTH);
460 if (ret)
461 return WORK_ACT_TIMEOUT;
462 }
463 wk->probe_auth.synced = true;
464
465 wk->probe_auth.tries++;
466 if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
467 printk(KERN_DEBUG "%s: authentication with %pM"
468 " timed out\n", sdata->name, wk->filter_ta);
469
470 /*
471 * Most likely AP is not in the range so remove the
472 * bss struct for that AP.
473 */
474 ieee80211_remove_auth_bss(local, wk);
475
476 return WORK_ACT_TIMEOUT;
477 }
478
479 printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
480 sdata->name, wk->filter_ta, wk->probe_auth.tries);
481
482 ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
483 wk->ie_len, wk->filter_ta, NULL, 0, 0);
484 wk->probe_auth.transaction = 2;
485
486 wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
487 run_again(local, wk->timeout);
488
489 return WORK_ACT_NONE;
490}
491
492static enum work_action __must_check
493ieee80211_associate(struct ieee80211_work *wk)
494{
495 struct ieee80211_sub_if_data *sdata = wk->sdata;
496 struct ieee80211_local *local = sdata->local;
497
498 if (!wk->assoc.synced) {
499 int ret = drv_tx_sync(local, sdata, wk->filter_ta,
500 IEEE80211_TX_SYNC_ASSOC);
501 if (ret)
502 return WORK_ACT_TIMEOUT;
503 }
504 wk->assoc.synced = true;
505
506 wk->assoc.tries++;
507 if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
508 printk(KERN_DEBUG "%s: association with %pM"
509 " timed out\n",
510 sdata->name, wk->filter_ta);
511
512 /*
513 * Most likely AP is not in the range so remove the
514 * bss struct for that AP.
515 */
516 if (wk->assoc.bss)
517 cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
518
519 return WORK_ACT_TIMEOUT;
520 }
521
522 printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
523 sdata->name, wk->filter_ta, wk->assoc.tries);
524 ieee80211_send_assoc(sdata, wk);
525
526 wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
527 run_again(local, wk->timeout);
528
529 return WORK_ACT_NONE;
530}
531
532static enum work_action __must_check 67static enum work_action __must_check
533ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk) 68ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
534{ 69{
@@ -568,300 +103,6 @@ ieee80211_offchannel_tx(struct ieee80211_work *wk)
568 return WORK_ACT_TIMEOUT; 103 return WORK_ACT_TIMEOUT;
569} 104}
570 105
571static enum work_action __must_check
572ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
573{
574 if (wk->started)
575 return WORK_ACT_TIMEOUT;
576
577 /*
578 * Wait up to one beacon interval ...
579 * should this be more if we miss one?
580 */
581 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
582 wk->sdata->name, wk->filter_ta);
583 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
584 return WORK_ACT_NONE;
585}
586
587static void ieee80211_auth_challenge(struct ieee80211_work *wk,
588 struct ieee80211_mgmt *mgmt,
589 size_t len)
590{
591 struct ieee80211_sub_if_data *sdata = wk->sdata;
592 u8 *pos;
593 struct ieee802_11_elems elems;
594
595 pos = mgmt->u.auth.variable;
596 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
597 if (!elems.challenge)
598 return;
599 ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
600 elems.challenge - 2, elems.challenge_len + 2,
601 wk->filter_ta, wk->probe_auth.key,
602 wk->probe_auth.key_len, wk->probe_auth.key_idx);
603 wk->probe_auth.transaction = 4;
604}
605
606static enum work_action __must_check
607ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
608 struct ieee80211_mgmt *mgmt, size_t len)
609{
610 u16 auth_alg, auth_transaction, status_code;
611
612 if (wk->type != IEEE80211_WORK_AUTH)
613 return WORK_ACT_MISMATCH;
614
615 if (len < 24 + 6)
616 return WORK_ACT_NONE;
617
618 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
619 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
620 status_code = le16_to_cpu(mgmt->u.auth.status_code);
621
622 if (auth_alg != wk->probe_auth.algorithm ||
623 auth_transaction != wk->probe_auth.transaction)
624 return WORK_ACT_NONE;
625
626 if (status_code != WLAN_STATUS_SUCCESS) {
627 printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
628 wk->sdata->name, mgmt->sa, status_code);
629 return WORK_ACT_DONE;
630 }
631
632 switch (wk->probe_auth.algorithm) {
633 case WLAN_AUTH_OPEN:
634 case WLAN_AUTH_LEAP:
635 case WLAN_AUTH_FT:
636 break;
637 case WLAN_AUTH_SHARED_KEY:
638 if (wk->probe_auth.transaction != 4) {
639 ieee80211_auth_challenge(wk, mgmt, len);
640 /* need another frame */
641 return WORK_ACT_NONE;
642 }
643 break;
644 default:
645 WARN_ON(1);
646 return WORK_ACT_NONE;
647 }
648
649 printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
650 return WORK_ACT_DONE;
651}
652
653static enum work_action __must_check
654ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
655 struct ieee80211_mgmt *mgmt, size_t len,
656 bool reassoc)
657{
658 struct ieee80211_sub_if_data *sdata = wk->sdata;
659 struct ieee80211_local *local = sdata->local;
660 u16 capab_info, status_code, aid;
661 struct ieee802_11_elems elems;
662 u8 *pos;
663
664 if (wk->type != IEEE80211_WORK_ASSOC)
665 return WORK_ACT_MISMATCH;
666
667 /*
668 * AssocResp and ReassocResp have identical structure, so process both
669 * of them in this function.
670 */
671
672 if (len < 24 + 6)
673 return WORK_ACT_NONE;
674
675 capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
676 status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
677 aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
678
679 printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
680 "status=%d aid=%d)\n",
681 sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
682 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
683
684 pos = mgmt->u.assoc_resp.variable;
685 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
686
687 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
688 elems.timeout_int && elems.timeout_int_len == 5 &&
689 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
690 u32 tu, ms;
691 tu = get_unaligned_le32(elems.timeout_int + 1);
692 ms = tu * 1024 / 1000;
693 printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
694 "comeback duration %u TU (%u ms)\n",
695 sdata->name, mgmt->sa, tu, ms);
696 wk->timeout = jiffies + msecs_to_jiffies(ms);
697 if (ms > IEEE80211_ASSOC_TIMEOUT)
698 run_again(local, wk->timeout);
699 return WORK_ACT_NONE;
700 }
701
702 if (status_code != WLAN_STATUS_SUCCESS)
703 printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
704 sdata->name, mgmt->sa, status_code);
705 else
706 printk(KERN_DEBUG "%s: associated\n", sdata->name);
707
708 return WORK_ACT_DONE;
709}
710
711static enum work_action __must_check
712ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
713 struct ieee80211_mgmt *mgmt, size_t len,
714 struct ieee80211_rx_status *rx_status)
715{
716 struct ieee80211_sub_if_data *sdata = wk->sdata;
717 struct ieee80211_local *local = sdata->local;
718 size_t baselen;
719
720 ASSERT_WORK_MTX(local);
721
722 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
723 return WORK_ACT_MISMATCH;
724
725 if (len < 24 + 12)
726 return WORK_ACT_NONE;
727
728 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
729 if (baselen > len)
730 return WORK_ACT_NONE;
731
732 printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
733 return WORK_ACT_DONE;
734}
735
736static enum work_action __must_check
737ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
738 struct ieee80211_mgmt *mgmt, size_t len)
739{
740 struct ieee80211_sub_if_data *sdata = wk->sdata;
741 struct ieee80211_local *local = sdata->local;
742
743 ASSERT_WORK_MTX(local);
744
745 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
746 return WORK_ACT_MISMATCH;
747
748 if (len < 24 + 12)
749 return WORK_ACT_NONE;
750
751 printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
752 return WORK_ACT_DONE;
753}
754
755static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
756 struct sk_buff *skb)
757{
758 struct ieee80211_rx_status *rx_status;
759 struct ieee80211_mgmt *mgmt;
760 struct ieee80211_work *wk;
761 enum work_action rma = WORK_ACT_NONE;
762 u16 fc;
763
764 rx_status = (struct ieee80211_rx_status *) skb->cb;
765 mgmt = (struct ieee80211_mgmt *) skb->data;
766 fc = le16_to_cpu(mgmt->frame_control);
767
768 mutex_lock(&local->mtx);
769
770 list_for_each_entry(wk, &local->work_list, list) {
771 const u8 *bssid = NULL;
772
773 switch (wk->type) {
774 case IEEE80211_WORK_DIRECT_PROBE:
775 case IEEE80211_WORK_AUTH:
776 case IEEE80211_WORK_ASSOC:
777 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
778 bssid = wk->filter_ta;
779 break;
780 default:
781 continue;
782 }
783
784 /*
785 * Before queuing, we already verified mgmt->sa,
786 * so this is needed just for matching.
787 */
788 if (compare_ether_addr(bssid, mgmt->bssid))
789 continue;
790
791 switch (fc & IEEE80211_FCTL_STYPE) {
792 case IEEE80211_STYPE_BEACON:
793 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
794 break;
795 case IEEE80211_STYPE_PROBE_RESP:
796 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
797 rx_status);
798 break;
799 case IEEE80211_STYPE_AUTH:
800 rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
801 break;
802 case IEEE80211_STYPE_ASSOC_RESP:
803 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
804 skb->len, false);
805 break;
806 case IEEE80211_STYPE_REASSOC_RESP:
807 rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
808 skb->len, true);
809 break;
810 default:
811 WARN_ON(1);
812 rma = WORK_ACT_NONE;
813 }
814
815 /*
816 * We've either received an unexpected frame, or we have
817 * multiple work items and need to match the frame to the
818 * right one.
819 */
820 if (rma == WORK_ACT_MISMATCH)
821 continue;
822
823 /*
824 * We've processed this frame for that work, so it can't
825 * belong to another work struct.
826 * NB: this is also required for correctness for 'rma'!
827 */
828 break;
829 }
830
831 switch (rma) {
832 case WORK_ACT_MISMATCH:
833 /* ignore this unmatched frame */
834 break;
835 case WORK_ACT_NONE:
836 break;
837 case WORK_ACT_DONE:
838 list_del_rcu(&wk->list);
839 break;
840 default:
841 WARN(1, "unexpected: %d", rma);
842 }
843
844 mutex_unlock(&local->mtx);
845
846 if (rma != WORK_ACT_DONE)
847 goto out;
848
849 switch (wk->done(wk, skb)) {
850 case WORK_DONE_DESTROY:
851 free_work(wk);
852 break;
853 case WORK_DONE_REQUEUE:
854 synchronize_rcu();
855 wk->started = false; /* restart */
856 mutex_lock(&local->mtx);
857 list_add_tail(&wk->list, &local->work_list);
858 mutex_unlock(&local->mtx);
859 }
860
861 out:
862 kfree_skb(skb);
863}
864
865static void ieee80211_work_timer(unsigned long data) 106static void ieee80211_work_timer(unsigned long data)
866{ 107{
867 struct ieee80211_local *local = (void *) data; 108 struct ieee80211_local *local = (void *) data;
@@ -876,7 +117,6 @@ static void ieee80211_work_work(struct work_struct *work)
876{ 117{
877 struct ieee80211_local *local = 118 struct ieee80211_local *local =
878 container_of(work, struct ieee80211_local, work_work); 119 container_of(work, struct ieee80211_local, work_work);
879 struct sk_buff *skb;
880 struct ieee80211_work *wk, *tmp; 120 struct ieee80211_work *wk, *tmp;
881 LIST_HEAD(free_work); 121 LIST_HEAD(free_work);
882 enum work_action rma; 122 enum work_action rma;
@@ -892,10 +132,6 @@ static void ieee80211_work_work(struct work_struct *work)
892 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 132 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
893 return; 133 return;
894 134
895 /* first process frames to avoid timing out while a frame is pending */
896 while ((skb = skb_dequeue(&local->work_skb_queue)))
897 ieee80211_work_rx_queued_mgmt(local, skb);
898
899 mutex_lock(&local->mtx); 135 mutex_lock(&local->mtx);
900 136
901 ieee80211_recalc_idle(local); 137 ieee80211_recalc_idle(local);
@@ -946,24 +182,12 @@ static void ieee80211_work_work(struct work_struct *work)
946 case IEEE80211_WORK_ABORT: 182 case IEEE80211_WORK_ABORT:
947 rma = WORK_ACT_TIMEOUT; 183 rma = WORK_ACT_TIMEOUT;
948 break; 184 break;
949 case IEEE80211_WORK_DIRECT_PROBE:
950 rma = ieee80211_direct_probe(wk);
951 break;
952 case IEEE80211_WORK_AUTH:
953 rma = ieee80211_authenticate(wk);
954 break;
955 case IEEE80211_WORK_ASSOC:
956 rma = ieee80211_associate(wk);
957 break;
958 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 185 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
959 rma = ieee80211_remain_on_channel_timeout(wk); 186 rma = ieee80211_remain_on_channel_timeout(wk);
960 break; 187 break;
961 case IEEE80211_WORK_OFFCHANNEL_TX: 188 case IEEE80211_WORK_OFFCHANNEL_TX:
962 rma = ieee80211_offchannel_tx(wk); 189 rma = ieee80211_offchannel_tx(wk);
963 break; 190 break;
964 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
965 rma = ieee80211_assoc_beacon_wait(wk);
966 break;
967 } 191 }
968 192
969 wk->started = started; 193 wk->started = started;
@@ -1051,7 +275,6 @@ void ieee80211_work_init(struct ieee80211_local *local)
1051 setup_timer(&local->work_timer, ieee80211_work_timer, 275 setup_timer(&local->work_timer, ieee80211_work_timer,
1052 (unsigned long)local); 276 (unsigned long)local);
1053 INIT_WORK(&local->work_work, ieee80211_work_work); 277 INIT_WORK(&local->work_work, ieee80211_work_work);
1054 skb_queue_head_init(&local->work_skb_queue);
1055} 278}
1056 279
1057void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata) 280void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
@@ -1085,43 +308,6 @@ void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1085 mutex_unlock(&local->mtx); 308 mutex_unlock(&local->mtx);
1086} 309}
1087 310
1088ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1089 struct sk_buff *skb)
1090{
1091 struct ieee80211_local *local = sdata->local;
1092 struct ieee80211_mgmt *mgmt;
1093 struct ieee80211_work *wk;
1094 u16 fc;
1095
1096 if (skb->len < 24)
1097 return RX_DROP_MONITOR;
1098
1099 mgmt = (struct ieee80211_mgmt *) skb->data;
1100 fc = le16_to_cpu(mgmt->frame_control);
1101
1102 list_for_each_entry_rcu(wk, &local->work_list, list) {
1103 if (sdata != wk->sdata)
1104 continue;
1105 if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1106 continue;
1107 if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1108 continue;
1109
1110 switch (fc & IEEE80211_FCTL_STYPE) {
1111 case IEEE80211_STYPE_AUTH:
1112 case IEEE80211_STYPE_PROBE_RESP:
1113 case IEEE80211_STYPE_ASSOC_RESP:
1114 case IEEE80211_STYPE_REASSOC_RESP:
1115 case IEEE80211_STYPE_BEACON:
1116 skb_queue_tail(&local->work_skb_queue, skb);
1117 ieee80211_queue_work(&local->hw, &local->work_work);
1118 return RX_QUEUED;
1119 }
1120 }
1121
1122 return RX_CONTINUE;
1123}
1124
1125static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk, 311static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1126 struct sk_buff *skb) 312 struct sk_buff *skb)
1127{ 313{
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index b758350919ff..0ae23c60968c 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -138,6 +138,10 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
138 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 138 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
139 return RX_DROP_UNUSABLE; 139 return RX_DROP_UNUSABLE;
140 140
141 if (skb_linearize(rx->skb))
142 return RX_DROP_UNUSABLE;
143 hdr = (void *)skb->data;
144
141 data = skb->data + hdrlen; 145 data = skb->data + hdrlen;
142 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 146 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
143 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY]; 147 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
@@ -253,6 +257,11 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
253 if (!rx->sta || skb->len - hdrlen < 12) 257 if (!rx->sta || skb->len - hdrlen < 12)
254 return RX_DROP_UNUSABLE; 258 return RX_DROP_UNUSABLE;
255 259
260 /* it may be possible to optimize this a bit more */
261 if (skb_linearize(rx->skb))
262 return RX_DROP_UNUSABLE;
263 hdr = (void *)skb->data;
264
256 /* 265 /*
257 * Let TKIP code verify IV, but skip decryption. 266 * Let TKIP code verify IV, but skip decryption.
258 * In the case where hardware checks the IV as well, 267 * In the case where hardware checks the IV as well,
@@ -484,6 +493,14 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
484 if (!rx->sta || data_len < 0) 493 if (!rx->sta || data_len < 0)
485 return RX_DROP_UNUSABLE; 494 return RX_DROP_UNUSABLE;
486 495
496 if (status->flag & RX_FLAG_DECRYPTED) {
497 if (!pskb_may_pull(rx->skb, hdrlen + CCMP_HDR_LEN))
498 return RX_DROP_UNUSABLE;
499 } else {
500 if (skb_linearize(rx->skb))
501 return RX_DROP_UNUSABLE;
502 }
503
487 ccmp_hdr2pn(pn, skb->data + hdrlen); 504 ccmp_hdr2pn(pn, skb->data + hdrlen);
488 505
489 queue = rx->security_idx; 506 queue = rx->security_idx;
@@ -509,7 +526,8 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
509 memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN); 526 memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
510 527
511 /* Remove CCMP header and MIC */ 528 /* Remove CCMP header and MIC */
512 skb_trim(skb, skb->len - CCMP_MIC_LEN); 529 if (pskb_trim(skb, skb->len - CCMP_MIC_LEN))
530 return RX_DROP_UNUSABLE;
513 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen); 531 memmove(skb->data + CCMP_HDR_LEN, skb->data, hdrlen);
514 skb_pull(skb, CCMP_HDR_LEN); 532 skb_pull(skb, CCMP_HDR_LEN);
515 533
@@ -609,6 +627,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
609 if (!ieee80211_is_mgmt(hdr->frame_control)) 627 if (!ieee80211_is_mgmt(hdr->frame_control))
610 return RX_CONTINUE; 628 return RX_CONTINUE;
611 629
630 /* management frames are already linear */
631
612 if (skb->len < 24 + sizeof(*mmie)) 632 if (skb->len < 24 + sizeof(*mmie))
613 return RX_DROP_UNUSABLE; 633 return RX_DROP_UNUSABLE;
614 634
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-24 14:43:45 -0500