aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorJohn W. Linville <linville@tuxdriver.com>2013-04-24 10:54:20 -0400
committerJohn W. Linville <linville@tuxdriver.com>2013-04-24 10:54:20 -0400
commit6ed0e321a0aef14a894e26658108bf7e895c36a6 (patch)
treef49428d68ebcb1beb757296ea1559079210babbe /net
parent3dec2246c2ff11beb24ca1950f074b2bcbc85953 (diff)
parentb006ed545cbadf1ebd4683719554742d20dbcede (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next into for-davem
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_conn.c38
-rw-r--r--net/bluetooth/hci_core.c239
-rw-r--r--net/bluetooth/hci_event.c184
-rw-r--r--net/bluetooth/hci_sysfs.c17
-rw-r--r--net/bluetooth/hidp/core.c992
-rw-r--r--net/bluetooth/hidp/hidp.h67
-rw-r--r--net/bluetooth/hidp/sock.c22
-rw-r--r--net/bluetooth/l2cap_core.c127
-rw-r--r--net/bluetooth/l2cap_sock.c6
-rw-r--r--net/bluetooth/mgmt.c17
-rw-r--r--net/bluetooth/sco.c49
-rw-r--r--net/bluetooth/smp.c2
-rw-r--r--net/mac80211/cfg.c57
-rw-r--r--net/mac80211/chan.c54
-rw-r--r--net/mac80211/debugfs_netdev.c11
-rw-r--r--net/mac80211/debugfs_sta.c2
-rw-r--r--net/mac80211/ibss.c146
-rw-r--r--net/mac80211/ieee80211_i.h49
-rw-r--r--net/mac80211/iface.c121
-rw-r--r--net/mac80211/main.c82
-rw-r--r--net/mac80211/mesh.c6
-rw-r--r--net/mac80211/mesh.h3
-rw-r--r--net/mac80211/mesh_hwmp.c28
-rw-r--r--net/mac80211/mesh_pathtbl.c56
-rw-r--r--net/mac80211/mesh_plink.c6
-rw-r--r--net/mac80211/mlme.c442
-rw-r--r--net/mac80211/offchannel.c6
-rw-r--r--net/mac80211/pm.c11
-rw-r--r--net/mac80211/rate.c324
-rw-r--r--net/mac80211/rc80211_minstrel.c206
-rw-r--r--net/mac80211/rc80211_minstrel.h7
-rw-r--r--net/mac80211/rc80211_minstrel_debugfs.c4
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c172
-rw-r--r--net/mac80211/rc80211_minstrel_ht.h2
-rw-r--r--net/mac80211/rx.c24
-rw-r--r--net/mac80211/scan.c13
-rw-r--r--net/mac80211/trace.h51
-rw-r--r--net/mac80211/tx.c153
-rw-r--r--net/mac80211/util.c103
-rw-r--r--net/nfc/core.c43
-rw-r--r--net/nfc/llcp/commands.c30
-rw-r--r--net/nfc/llcp/llcp.c127
-rw-r--r--net/nfc/llcp/llcp.h5
-rw-r--r--net/nfc/llcp/sock.c43
-rw-r--r--net/rfkill/core.c4
-rw-r--r--net/rfkill/rfkill-gpio.c7
-rw-r--r--net/wireless/core.h3
-rw-r--r--net/wireless/mlme.c5
-rw-r--r--net/wireless/nl80211.c285
-rw-r--r--net/wireless/rdev-ops.h24
-rw-r--r--net/wireless/reg.c2
-rw-r--r--net/wireless/trace.h35
-rw-r--r--net/wireless/util.c28
53 files changed, 2895 insertions, 1645 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b9f90169940b..6c7f36379722 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -117,6 +117,16 @@ static void hci_acl_create_connection_cancel(struct hci_conn *conn)
117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118} 118}
119 119
120static void hci_reject_sco(struct hci_conn *conn)
121{
122 struct hci_cp_reject_sync_conn_req cp;
123
124 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
125 bacpy(&cp.bdaddr, &conn->dst);
126
127 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
128}
129
120void hci_disconnect(struct hci_conn *conn, __u8 reason) 130void hci_disconnect(struct hci_conn *conn, __u8 reason)
121{ 131{
122 struct hci_cp_disconnect cp; 132 struct hci_cp_disconnect cp;
@@ -276,6 +286,8 @@ static void hci_conn_timeout(struct work_struct *work)
276 hci_acl_create_connection_cancel(conn); 286 hci_acl_create_connection_cancel(conn);
277 else if (conn->type == LE_LINK) 287 else if (conn->type == LE_LINK)
278 hci_le_create_connection_cancel(conn); 288 hci_le_create_connection_cancel(conn);
289 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
290 hci_reject_sco(conn);
279 } 291 }
280 break; 292 break;
281 case BT_CONFIG: 293 case BT_CONFIG:
@@ -398,8 +410,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
398 if (hdev->notify) 410 if (hdev->notify)
399 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 411 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
400 412
401 atomic_set(&conn->devref, 0);
402
403 hci_conn_init_sysfs(conn); 413 hci_conn_init_sysfs(conn);
404 414
405 return conn; 415 return conn;
@@ -433,7 +443,7 @@ int hci_conn_del(struct hci_conn *conn)
433 struct hci_conn *acl = conn->link; 443 struct hci_conn *acl = conn->link;
434 if (acl) { 444 if (acl) {
435 acl->link = NULL; 445 acl->link = NULL;
436 hci_conn_put(acl); 446 hci_conn_drop(acl);
437 } 447 }
438 } 448 }
439 449
@@ -448,12 +458,11 @@ int hci_conn_del(struct hci_conn *conn)
448 458
449 skb_queue_purge(&conn->data_q); 459 skb_queue_purge(&conn->data_q);
450 460
451 hci_conn_put_device(conn); 461 hci_conn_del_sysfs(conn);
452 462
453 hci_dev_put(hdev); 463 hci_dev_put(hdev);
454 464
455 if (conn->handle == 0) 465 hci_conn_put(conn);
456 kfree(conn);
457 466
458 return 0; 467 return 0;
459} 468}
@@ -565,7 +574,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
565 if (!sco) { 574 if (!sco) {
566 sco = hci_conn_add(hdev, type, dst); 575 sco = hci_conn_add(hdev, type, dst);
567 if (!sco) { 576 if (!sco) {
568 hci_conn_put(acl); 577 hci_conn_drop(acl);
569 return ERR_PTR(-ENOMEM); 578 return ERR_PTR(-ENOMEM);
570 } 579 }
571 } 580 }
@@ -835,19 +844,6 @@ void hci_conn_check_pending(struct hci_dev *hdev)
835 hci_dev_unlock(hdev); 844 hci_dev_unlock(hdev);
836} 845}
837 846
838void hci_conn_hold_device(struct hci_conn *conn)
839{
840 atomic_inc(&conn->devref);
841}
842EXPORT_SYMBOL(hci_conn_hold_device);
843
844void hci_conn_put_device(struct hci_conn *conn)
845{
846 if (atomic_dec_and_test(&conn->devref))
847 hci_conn_del_sysfs(conn);
848}
849EXPORT_SYMBOL(hci_conn_put_device);
850
851int hci_get_conn_list(void __user *arg) 847int hci_get_conn_list(void __user *arg)
852{ 848{
853 struct hci_conn *c; 849 struct hci_conn *c;
@@ -980,7 +976,7 @@ void hci_chan_del(struct hci_chan *chan)
980 976
981 synchronize_rcu(); 977 synchronize_rcu();
982 978
983 hci_conn_put(conn); 979 hci_conn_drop(conn);
984 980
985 skb_queue_purge(&chan->data_q); 981 skb_queue_purge(&chan->data_q);
986 kfree(chan); 982 kfree(chan);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index cfcad5423f1c..ce82265f5619 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -79,6 +79,121 @@ static void hci_req_cancel(struct hci_dev *hdev, int err)
79 } 79 }
80} 80}
81 81
82struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 event)
83{
84 struct hci_ev_cmd_complete *ev;
85 struct hci_event_hdr *hdr;
86 struct sk_buff *skb;
87
88 hci_dev_lock(hdev);
89
90 skb = hdev->recv_evt;
91 hdev->recv_evt = NULL;
92
93 hci_dev_unlock(hdev);
94
95 if (!skb)
96 return ERR_PTR(-ENODATA);
97
98 if (skb->len < sizeof(*hdr)) {
99 BT_ERR("Too short HCI event");
100 goto failed;
101 }
102
103 hdr = (void *) skb->data;
104 skb_pull(skb, HCI_EVENT_HDR_SIZE);
105
106 if (event) {
107 if (hdr->evt != event)
108 goto failed;
109 return skb;
110 }
111
112 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
113 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
114 goto failed;
115 }
116
117 if (skb->len < sizeof(*ev)) {
118 BT_ERR("Too short cmd_complete event");
119 goto failed;
120 }
121
122 ev = (void *) skb->data;
123 skb_pull(skb, sizeof(*ev));
124
125 if (opcode == __le16_to_cpu(ev->opcode))
126 return skb;
127
128 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
129 __le16_to_cpu(ev->opcode));
130
131failed:
132 kfree_skb(skb);
133 return ERR_PTR(-ENODATA);
134}
135
136struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
137 void *param, u8 event, u32 timeout)
138{
139 DECLARE_WAITQUEUE(wait, current);
140 struct hci_request req;
141 int err = 0;
142
143 BT_DBG("%s", hdev->name);
144
145 hci_req_init(&req, hdev);
146
147 hci_req_add_ev(&req, opcode, plen, param, event);
148
149 hdev->req_status = HCI_REQ_PEND;
150
151 err = hci_req_run(&req, hci_req_sync_complete);
152 if (err < 0)
153 return ERR_PTR(err);
154
155 add_wait_queue(&hdev->req_wait_q, &wait);
156 set_current_state(TASK_INTERRUPTIBLE);
157
158 schedule_timeout(timeout);
159
160 remove_wait_queue(&hdev->req_wait_q, &wait);
161
162 if (signal_pending(current))
163 return ERR_PTR(-EINTR);
164
165 switch (hdev->req_status) {
166 case HCI_REQ_DONE:
167 err = -bt_to_errno(hdev->req_result);
168 break;
169
170 case HCI_REQ_CANCELED:
171 err = -hdev->req_result;
172 break;
173
174 default:
175 err = -ETIMEDOUT;
176 break;
177 }
178
179 hdev->req_status = hdev->req_result = 0;
180
181 BT_DBG("%s end: err %d", hdev->name, err);
182
183 if (err < 0)
184 return ERR_PTR(err);
185
186 return hci_get_cmd_complete(hdev, opcode, event);
187}
188EXPORT_SYMBOL(__hci_cmd_sync_ev);
189
190struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
191 void *param, u32 timeout)
192{
193 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
194}
195EXPORT_SYMBOL(__hci_cmd_sync);
196
82/* Execute request and wait for completion. */ 197/* Execute request and wait for completion. */
83static int __hci_req_sync(struct hci_dev *hdev, 198static int __hci_req_sync(struct hci_dev *hdev,
84 void (*func)(struct hci_request *req, 199 void (*func)(struct hci_request *req,
@@ -201,29 +316,9 @@ static void amp_init(struct hci_request *req)
201static void hci_init1_req(struct hci_request *req, unsigned long opt) 316static void hci_init1_req(struct hci_request *req, unsigned long opt)
202{ 317{
203 struct hci_dev *hdev = req->hdev; 318 struct hci_dev *hdev = req->hdev;
204 struct hci_request init_req;
205 struct sk_buff *skb;
206 319
207 BT_DBG("%s %ld", hdev->name, opt); 320 BT_DBG("%s %ld", hdev->name, opt);
208 321
209 /* Driver initialization */
210
211 hci_req_init(&init_req, hdev);
212
213 /* Special commands */
214 while ((skb = skb_dequeue(&hdev->driver_init))) {
215 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
216 skb->dev = (void *) hdev;
217
218 if (skb_queue_empty(&init_req.cmd_q))
219 bt_cb(skb)->req.start = true;
220
221 skb_queue_tail(&init_req.cmd_q, skb);
222 }
223 skb_queue_purge(&hdev->driver_init);
224
225 hci_req_run(&init_req, NULL);
226
227 /* Reset */ 322 /* Reset */
228 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) 323 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
229 hci_reset_req(req, 0); 324 hci_reset_req(req, 0);
@@ -494,6 +589,7 @@ static void hci_set_le_support(struct hci_request *req)
494static void hci_init3_req(struct hci_request *req, unsigned long opt) 589static void hci_init3_req(struct hci_request *req, unsigned long opt)
495{ 590{
496 struct hci_dev *hdev = req->hdev; 591 struct hci_dev *hdev = req->hdev;
592 u8 p;
497 593
498 if (hdev->commands[5] & 0x10) 594 if (hdev->commands[5] & 0x10)
499 hci_setup_link_policy(req); 595 hci_setup_link_policy(req);
@@ -502,6 +598,15 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
502 hci_set_le_support(req); 598 hci_set_le_support(req);
503 hci_update_ad(req); 599 hci_update_ad(req);
504 } 600 }
601
602 /* Read features beyond page 1 if available */
603 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
604 struct hci_cp_read_local_ext_features cp;
605
606 cp.page = p;
607 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
608 sizeof(cp), &cp);
609 }
505} 610}
506 611
507static int __hci_init(struct hci_dev *hdev) 612static int __hci_init(struct hci_dev *hdev)
@@ -818,6 +923,12 @@ static void hci_inq_req(struct hci_request *req, unsigned long opt)
818 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 923 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
819} 924}
820 925
926static int wait_inquiry(void *word)
927{
928 schedule();
929 return signal_pending(current);
930}
931
821int hci_inquiry(void __user *arg) 932int hci_inquiry(void __user *arg)
822{ 933{
823 __u8 __user *ptr = arg; 934 __u8 __user *ptr = arg;
@@ -849,6 +960,13 @@ int hci_inquiry(void __user *arg)
849 timeo); 960 timeo);
850 if (err < 0) 961 if (err < 0)
851 goto done; 962 goto done;
963
964 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
965 * cleared). If it is interrupted by a signal, return -EINTR.
966 */
967 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
968 TASK_INTERRUPTIBLE))
969 return -EINTR;
852 } 970 }
853 971
854 /* for unlimited number of responses we will use buffer with 972 /* for unlimited number of responses we will use buffer with
@@ -999,26 +1117,33 @@ int hci_dev_open(__u16 dev)
999 goto done; 1117 goto done;
1000 } 1118 }
1001 1119
1002 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1003 set_bit(HCI_RAW, &hdev->flags);
1004
1005 /* Treat all non BR/EDR controllers as raw devices if
1006 enable_hs is not set */
1007 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1008 set_bit(HCI_RAW, &hdev->flags);
1009
1010 if (hdev->open(hdev)) { 1120 if (hdev->open(hdev)) {
1011 ret = -EIO; 1121 ret = -EIO;
1012 goto done; 1122 goto done;
1013 } 1123 }
1014 1124
1015 if (!test_bit(HCI_RAW, &hdev->flags)) { 1125 atomic_set(&hdev->cmd_cnt, 1);
1016 atomic_set(&hdev->cmd_cnt, 1); 1126 set_bit(HCI_INIT, &hdev->flags);
1017 set_bit(HCI_INIT, &hdev->flags); 1127
1018 ret = __hci_init(hdev); 1128 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags))
1019 clear_bit(HCI_INIT, &hdev->flags); 1129 ret = hdev->setup(hdev);
1130
1131 if (!ret) {
1132 /* Treat all non BR/EDR controllers as raw devices if
1133 * enable_hs is not set.
1134 */
1135 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1136 set_bit(HCI_RAW, &hdev->flags);
1137
1138 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1139 set_bit(HCI_RAW, &hdev->flags);
1140
1141 if (!test_bit(HCI_RAW, &hdev->flags))
1142 ret = __hci_init(hdev);
1020 } 1143 }
1021 1144
1145 clear_bit(HCI_INIT, &hdev->flags);
1146
1022 if (!ret) { 1147 if (!ret) {
1023 hci_dev_hold(hdev); 1148 hci_dev_hold(hdev);
1024 set_bit(HCI_UP, &hdev->flags); 1149 set_bit(HCI_UP, &hdev->flags);
@@ -1123,6 +1248,9 @@ static int hci_dev_do_close(struct hci_dev *hdev)
1123 hdev->sent_cmd = NULL; 1248 hdev->sent_cmd = NULL;
1124 } 1249 }
1125 1250
1251 kfree_skb(hdev->recv_evt);
1252 hdev->recv_evt = NULL;
1253
1126 /* After this point our queues are empty 1254 /* After this point our queues are empty
1127 * and no tasks are scheduled. */ 1255 * and no tasks are scheduled. */
1128 hdev->close(hdev); 1256 hdev->close(hdev);
@@ -1861,8 +1989,8 @@ static void le_scan_enable_req(struct hci_request *req, unsigned long opt)
1861 struct hci_cp_le_set_scan_enable cp; 1989 struct hci_cp_le_set_scan_enable cp;
1862 1990
1863 memset(&cp, 0, sizeof(cp)); 1991 memset(&cp, 0, sizeof(cp));
1864 cp.enable = 1; 1992 cp.enable = LE_SCAN_ENABLE;
1865 cp.filter_dup = 1; 1993 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1866 1994
1867 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1995 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1868} 1996}
@@ -1896,7 +2024,7 @@ static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1896 return err; 2024 return err;
1897 2025
1898 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, 2026 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
1899 msecs_to_jiffies(timeout)); 2027 timeout);
1900 2028
1901 return 0; 2029 return 0;
1902} 2030}
@@ -2006,7 +2134,6 @@ struct hci_dev *hci_alloc_dev(void)
2006 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); 2134 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2007 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2135 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2008 2136
2009 skb_queue_head_init(&hdev->driver_init);
2010 skb_queue_head_init(&hdev->rx_q); 2137 skb_queue_head_init(&hdev->rx_q);
2011 skb_queue_head_init(&hdev->cmd_q); 2138 skb_queue_head_init(&hdev->cmd_q);
2012 skb_queue_head_init(&hdev->raw_q); 2139 skb_queue_head_init(&hdev->raw_q);
@@ -2025,8 +2152,6 @@ EXPORT_SYMBOL(hci_alloc_dev);
2025/* Free HCI device */ 2152/* Free HCI device */
2026void hci_free_dev(struct hci_dev *hdev) 2153void hci_free_dev(struct hci_dev *hdev)
2027{ 2154{
2028 skb_queue_purge(&hdev->driver_init);
2029
2030 /* will free via device release */ 2155 /* will free via device release */
2031 put_device(&hdev->dev); 2156 put_device(&hdev->dev);
2032} 2157}
@@ -2527,7 +2652,8 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2527} 2652}
2528 2653
2529/* Queue a command to an asynchronous HCI request */ 2654/* Queue a command to an asynchronous HCI request */
2530void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) 2655void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, void *param,
2656 u8 event)
2531{ 2657{
2532 struct hci_dev *hdev = req->hdev; 2658 struct hci_dev *hdev = req->hdev;
2533 struct sk_buff *skb; 2659 struct sk_buff *skb;
@@ -2551,9 +2677,16 @@ void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2551 if (skb_queue_empty(&req->cmd_q)) 2677 if (skb_queue_empty(&req->cmd_q))
2552 bt_cb(skb)->req.start = true; 2678 bt_cb(skb)->req.start = true;
2553 2679
2680 bt_cb(skb)->req.event = event;
2681
2554 skb_queue_tail(&req->cmd_q, skb); 2682 skb_queue_tail(&req->cmd_q, skb);
2555} 2683}
2556 2684
2685void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2686{
2687 hci_req_add_ev(req, opcode, plen, param, 0);
2688}
2689
2557/* Get data from the previously sent command */ 2690/* Get data from the previously sent command */
2558void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 2691void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2559{ 2692{
@@ -3309,32 +3442,6 @@ call_complete:
3309 req_complete(hdev, status); 3442 req_complete(hdev, status);
3310} 3443}
3311 3444
3312void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status)
3313{
3314 hci_req_complete_t req_complete = NULL;
3315
3316 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
3317
3318 if (status) {
3319 hci_req_cmd_complete(hdev, opcode, status);
3320 return;
3321 }
3322
3323 /* No need to handle success status if there are more commands */
3324 if (!hci_req_is_complete(hdev))
3325 return;
3326
3327 if (hdev->sent_cmd)
3328 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3329
3330 /* If the request doesn't have a complete callback or there
3331 * are other commands/requests in the hdev queue we consider
3332 * this request as completed.
3333 */
3334 if (!req_complete || !skb_queue_empty(&hdev->cmd_q))
3335 hci_req_cmd_complete(hdev, opcode, status);
3336}
3337
3338static void hci_rx_work(struct work_struct *work) 3445static void hci_rx_work(struct work_struct *work)
3339{ 3446{
3340 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); 3447 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 138580745c2c..b93cd2eb5d58 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -48,13 +48,13 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
48 } 48 }
49 49
50 clear_bit(HCI_INQUIRY, &hdev->flags); 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 53
52 hci_dev_lock(hdev); 54 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev); 56 hci_dev_unlock(hdev);
55 57
56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
57
58 hci_conn_check_pending(hdev); 58 hci_conn_check_pending(hdev);
59} 59}
60 60
@@ -433,9 +433,9 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433 433
434 if (!status) { 434 if (!status) {
435 if (sent->mode) 435 if (sent->mode)
436 hdev->host_features[0] |= LMP_HOST_SSP; 436 hdev->features[1][0] |= LMP_HOST_SSP;
437 else 437 else
438 hdev->host_features[0] &= ~LMP_HOST_SSP; 438 hdev->features[1][0] &= ~LMP_HOST_SSP;
439 } 439 }
440 440
441 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
@@ -493,18 +493,18 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
493 /* Adjust default settings according to features 493 /* Adjust default settings according to features
494 * supported by device. */ 494 * supported by device. */
495 495
496 if (hdev->features[0] & LMP_3SLOT) 496 if (hdev->features[0][0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498 498
499 if (hdev->features[0] & LMP_5SLOT) 499 if (hdev->features[0][0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501 501
502 if (hdev->features[1] & LMP_HV2) { 502 if (hdev->features[0][1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2); 503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2); 504 hdev->esco_type |= (ESCO_HV2);
505 } 505 }
506 506
507 if (hdev->features[1] & LMP_HV3) { 507 if (hdev->features[0][1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3); 508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3); 509 hdev->esco_type |= (ESCO_HV3);
510 } 510 }
@@ -512,26 +512,26 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
512 if (lmp_esco_capable(hdev)) 512 if (lmp_esco_capable(hdev))
513 hdev->esco_type |= (ESCO_EV3); 513 hdev->esco_type |= (ESCO_EV3);
514 514
515 if (hdev->features[4] & LMP_EV4) 515 if (hdev->features[0][4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4); 516 hdev->esco_type |= (ESCO_EV4);
517 517
518 if (hdev->features[4] & LMP_EV5) 518 if (hdev->features[0][4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5); 519 hdev->esco_type |= (ESCO_EV5);
520 520
521 if (hdev->features[5] & LMP_EDR_ESCO_2M) 521 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3); 522 hdev->esco_type |= (ESCO_2EV3);
523 523
524 if (hdev->features[5] & LMP_EDR_ESCO_3M) 524 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3); 525 hdev->esco_type |= (ESCO_3EV3);
526 526
527 if (hdev->features[5] & LMP_EDR_3S_ESCO) 527 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529 529
530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531 hdev->features[0], hdev->features[1], 531 hdev->features[0][0], hdev->features[0][1],
532 hdev->features[2], hdev->features[3], 532 hdev->features[0][2], hdev->features[0][3],
533 hdev->features[4], hdev->features[5], 533 hdev->features[0][4], hdev->features[0][5],
534 hdev->features[6], hdev->features[7]); 534 hdev->features[0][6], hdev->features[0][7]);
535} 535}
536 536
537static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 537static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
@@ -544,14 +544,10 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
544 if (rp->status) 544 if (rp->status)
545 return; 545 return;
546 546
547 switch (rp->page) { 547 hdev->max_page = rp->max_page;
548 case 0: 548
549 memcpy(hdev->features, rp->features, 8); 549 if (rp->page < HCI_MAX_PAGES)
550 break; 550 memcpy(hdev->features[rp->page], rp->features, 8);
551 case 1:
552 memcpy(hdev->host_features, rp->features, 8);
553 break;
554 }
555} 551}
556 552
557static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, 553static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
@@ -968,7 +964,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
968 return; 964 return;
969 965
970 switch (cp->enable) { 966 switch (cp->enable) {
971 case LE_SCANNING_ENABLED: 967 case LE_SCAN_ENABLE:
972 if (status) { 968 if (status) {
973 hci_dev_lock(hdev); 969 hci_dev_lock(hdev);
974 mgmt_start_discovery_failed(hdev, status); 970 mgmt_start_discovery_failed(hdev, status);
@@ -983,7 +979,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
983 hci_dev_unlock(hdev); 979 hci_dev_unlock(hdev);
984 break; 980 break;
985 981
986 case LE_SCANNING_DISABLED: 982 case LE_SCAN_DISABLE:
987 if (status) { 983 if (status) {
988 hci_dev_lock(hdev); 984 hci_dev_lock(hdev);
989 mgmt_stop_discovery_failed(hdev, status); 985 mgmt_stop_discovery_failed(hdev, status);
@@ -1046,14 +1042,14 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1046 1042
1047 if (!status) { 1043 if (!status) {
1048 if (sent->le) 1044 if (sent->le)
1049 hdev->host_features[0] |= LMP_HOST_LE; 1045 hdev->features[1][0] |= LMP_HOST_LE;
1050 else 1046 else
1051 hdev->host_features[0] &= ~LMP_HOST_LE; 1047 hdev->features[1][0] &= ~LMP_HOST_LE;
1052 1048
1053 if (sent->simul) 1049 if (sent->simul)
1054 hdev->host_features[0] |= LMP_HOST_LE_BREDR; 1050 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1055 else 1051 else
1056 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR; 1052 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1057 } 1053 }
1058 1054
1059 if (test_bit(HCI_MGMT, &hdev->dev_flags) && 1055 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
@@ -1190,7 +1186,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1190 if (conn) { 1186 if (conn) {
1191 if (conn->state == BT_CONFIG) { 1187 if (conn->state == BT_CONFIG) {
1192 hci_proto_connect_cfm(conn, status); 1188 hci_proto_connect_cfm(conn, status);
1193 hci_conn_put(conn); 1189 hci_conn_drop(conn);
1194 } 1190 }
1195 } 1191 }
1196 1192
@@ -1217,7 +1213,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1217 if (conn) { 1213 if (conn) {
1218 if (conn->state == BT_CONFIG) { 1214 if (conn->state == BT_CONFIG) {
1219 hci_proto_connect_cfm(conn, status); 1215 hci_proto_connect_cfm(conn, status);
1220 hci_conn_put(conn); 1216 hci_conn_drop(conn);
1221 } 1217 }
1222 } 1218 }
1223 1219
@@ -1379,7 +1375,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1379 if (conn) { 1375 if (conn) {
1380 if (conn->state == BT_CONFIG) { 1376 if (conn->state == BT_CONFIG) {
1381 hci_proto_connect_cfm(conn, status); 1377 hci_proto_connect_cfm(conn, status);
1382 hci_conn_put(conn); 1378 hci_conn_drop(conn);
1383 } 1379 }
1384 } 1380 }
1385 1381
@@ -1406,7 +1402,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1406 if (conn) { 1402 if (conn) {
1407 if (conn->state == BT_CONFIG) { 1403 if (conn->state == BT_CONFIG) {
1408 hci_proto_connect_cfm(conn, status); 1404 hci_proto_connect_cfm(conn, status);
1409 hci_conn_put(conn); 1405 hci_conn_drop(conn);
1410 } 1406 }
1411 } 1407 }
1412 1408
@@ -1600,13 +1596,14 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1600 1596
1601 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1597 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1602 1598
1603 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1604
1605 hci_conn_check_pending(hdev); 1599 hci_conn_check_pending(hdev);
1606 1600
1607 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1601 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1608 return; 1602 return;
1609 1603
1604 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1605 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
1610 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1611 return; 1608 return;
1612 1609
@@ -1705,7 +1702,6 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1705 } else 1702 } else
1706 conn->state = BT_CONNECTED; 1703 conn->state = BT_CONNECTED;
1707 1704
1708 hci_conn_hold_device(conn);
1709 hci_conn_add_sysfs(conn); 1705 hci_conn_add_sysfs(conn);
1710 1706
1711 if (test_bit(HCI_AUTH, &hdev->flags)) 1707 if (test_bit(HCI_AUTH, &hdev->flags))
@@ -1752,42 +1748,6 @@ unlock:
1752 hci_conn_check_pending(hdev); 1748 hci_conn_check_pending(hdev);
1753} 1749}
1754 1750
1755void hci_conn_accept(struct hci_conn *conn, int mask)
1756{
1757 struct hci_dev *hdev = conn->hdev;
1758
1759 BT_DBG("conn %p", conn);
1760
1761 conn->state = BT_CONFIG;
1762
1763 if (!lmp_esco_capable(hdev)) {
1764 struct hci_cp_accept_conn_req cp;
1765
1766 bacpy(&cp.bdaddr, &conn->dst);
1767
1768 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1769 cp.role = 0x00; /* Become master */
1770 else
1771 cp.role = 0x01; /* Remain slave */
1772
1773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1774 } else /* lmp_esco_capable(hdev)) */ {
1775 struct hci_cp_accept_sync_conn_req cp;
1776
1777 bacpy(&cp.bdaddr, &conn->dst);
1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1779
1780 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1781 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1782 cp.max_latency = __constant_cpu_to_le16(0xffff);
1783 cp.content_format = cpu_to_le16(hdev->voice_setting);
1784 cp.retrans_effort = 0xff;
1785
1786 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1787 sizeof(cp), &cp);
1788 }
1789}
1790
1791static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1751static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1792{ 1752{
1793 struct hci_ev_conn_request *ev = (void *) skb->data; 1753 struct hci_ev_conn_request *ev = (void *) skb->data;
@@ -1859,7 +1819,6 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1859 } else { 1819 } else {
1860 conn->state = BT_CONNECT2; 1820 conn->state = BT_CONNECT2;
1861 hci_proto_connect_cfm(conn, 0); 1821 hci_proto_connect_cfm(conn, 0);
1862 hci_conn_put(conn);
1863 } 1822 }
1864 } else { 1823 } else {
1865 /* Connection rejected */ 1824 /* Connection rejected */
@@ -1966,14 +1925,14 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1966 } else { 1925 } else {
1967 conn->state = BT_CONNECTED; 1926 conn->state = BT_CONNECTED;
1968 hci_proto_connect_cfm(conn, ev->status); 1927 hci_proto_connect_cfm(conn, ev->status);
1969 hci_conn_put(conn); 1928 hci_conn_drop(conn);
1970 } 1929 }
1971 } else { 1930 } else {
1972 hci_auth_cfm(conn, ev->status); 1931 hci_auth_cfm(conn, ev->status);
1973 1932
1974 hci_conn_hold(conn); 1933 hci_conn_hold(conn);
1975 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1934 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1976 hci_conn_put(conn); 1935 hci_conn_drop(conn);
1977 } 1936 }
1978 1937
1979 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 1938 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
@@ -2057,7 +2016,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 2016
2058 if (ev->status && conn->state == BT_CONNECTED) { 2017 if (ev->status && conn->state == BT_CONNECTED) {
2059 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 2018 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2060 hci_conn_put(conn); 2019 hci_conn_drop(conn);
2061 goto unlock; 2020 goto unlock;
2062 } 2021 }
2063 2022
@@ -2066,7 +2025,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2066 conn->state = BT_CONNECTED; 2025 conn->state = BT_CONNECTED;
2067 2026
2068 hci_proto_connect_cfm(conn, ev->status); 2027 hci_proto_connect_cfm(conn, ev->status);
2069 hci_conn_put(conn); 2028 hci_conn_drop(conn);
2070 } else 2029 } else
2071 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 2030 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2072 } 2031 }
@@ -2113,7 +2072,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2113 goto unlock; 2072 goto unlock;
2114 2073
2115 if (!ev->status) 2074 if (!ev->status)
2116 memcpy(conn->features, ev->features, 8); 2075 memcpy(conn->features[0], ev->features, 8);
2117 2076
2118 if (conn->state != BT_CONFIG) 2077 if (conn->state != BT_CONFIG)
2119 goto unlock; 2078 goto unlock;
@@ -2141,7 +2100,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2141 if (!hci_outgoing_auth_needed(hdev, conn)) { 2100 if (!hci_outgoing_auth_needed(hdev, conn)) {
2142 conn->state = BT_CONNECTED; 2101 conn->state = BT_CONNECTED;
2143 hci_proto_connect_cfm(conn, ev->status); 2102 hci_proto_connect_cfm(conn, ev->status);
2144 hci_conn_put(conn); 2103 hci_conn_drop(conn);
2145 } 2104 }
2146 2105
2147unlock: 2106unlock:
@@ -2462,7 +2421,9 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462 if (opcode != HCI_OP_NOP) 2421 if (opcode != HCI_OP_NOP)
2463 del_timer(&hdev->cmd_timer); 2422 del_timer(&hdev->cmd_timer);
2464 2423
2465 hci_req_cmd_status(hdev, opcode, ev->status); 2424 if (ev->status ||
2425 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2426 hci_req_cmd_complete(hdev, opcode, ev->status);
2466 2427
2467 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2428 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2468 atomic_set(&hdev->cmd_cnt, 1); 2429 atomic_set(&hdev->cmd_cnt, 1);
@@ -2679,7 +2640,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2679 if (conn->state == BT_CONNECTED) { 2640 if (conn->state == BT_CONNECTED) {
2680 hci_conn_hold(conn); 2641 hci_conn_hold(conn);
2681 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2642 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2682 hci_conn_put(conn); 2643 hci_conn_drop(conn);
2683 } 2644 }
2684 2645
2685 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 2646 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
@@ -2782,7 +2743,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2743 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2783 conn->key_type = ev->key_type; 2744 conn->key_type = ev->key_type;
2784 2745
2785 hci_conn_put(conn); 2746 hci_conn_drop(conn);
2786 } 2747 }
2787 2748
2788 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) 2749 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
@@ -2923,6 +2884,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2923 if (!conn) 2884 if (!conn)
2924 goto unlock; 2885 goto unlock;
2925 2886
2887 if (ev->page < HCI_MAX_PAGES)
2888 memcpy(conn->features[ev->page], ev->features, 8);
2889
2926 if (!ev->status && ev->page == 0x01) { 2890 if (!ev->status && ev->page == 0x01) {
2927 struct inquiry_entry *ie; 2891 struct inquiry_entry *ie;
2928 2892
@@ -2930,8 +2894,19 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2930 if (ie) 2894 if (ie)
2931 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 2895 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2932 2896
2933 if (ev->features[0] & LMP_HOST_SSP) 2897 if (ev->features[0] & LMP_HOST_SSP) {
2934 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 2898 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2899 } else {
2900 /* It is mandatory by the Bluetooth specification that
2901 * Extended Inquiry Results are only used when Secure
2902 * Simple Pairing is enabled, but some devices violate
2903 * this.
2904 *
2905 * To make these devices work, the internal SSP
2906 * enabled flag needs to be cleared if the remote host
2907 * features do not indicate SSP support */
2908 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2909 }
2935 } 2910 }
2936 2911
2937 if (conn->state != BT_CONFIG) 2912 if (conn->state != BT_CONFIG)
@@ -2951,7 +2926,7 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2951 if (!hci_outgoing_auth_needed(hdev, conn)) { 2926 if (!hci_outgoing_auth_needed(hdev, conn)) {
2952 conn->state = BT_CONNECTED; 2927 conn->state = BT_CONNECTED;
2953 hci_proto_connect_cfm(conn, ev->status); 2928 hci_proto_connect_cfm(conn, ev->status);
2954 hci_conn_put(conn); 2929 hci_conn_drop(conn);
2955 } 2930 }
2956 2931
2957unlock: 2932unlock:
@@ -2985,7 +2960,6 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2985 conn->handle = __le16_to_cpu(ev->handle); 2960 conn->handle = __le16_to_cpu(ev->handle);
2986 conn->state = BT_CONNECTED; 2961 conn->state = BT_CONNECTED;
2987 2962
2988 hci_conn_hold_device(conn);
2989 hci_conn_add_sysfs(conn); 2963 hci_conn_add_sysfs(conn);
2990 break; 2964 break;
2991 2965
@@ -3084,7 +3058,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3084 3058
3085 if (ev->status && conn->state == BT_CONNECTED) { 3059 if (ev->status && conn->state == BT_CONNECTED) {
3086 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 3060 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3087 hci_conn_put(conn); 3061 hci_conn_drop(conn);
3088 goto unlock; 3062 goto unlock;
3089 } 3063 }
3090 3064
@@ -3093,13 +3067,13 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3093 conn->state = BT_CONNECTED; 3067 conn->state = BT_CONNECTED;
3094 3068
3095 hci_proto_connect_cfm(conn, ev->status); 3069 hci_proto_connect_cfm(conn, ev->status);
3096 hci_conn_put(conn); 3070 hci_conn_drop(conn);
3097 } else { 3071 } else {
3098 hci_auth_cfm(conn, ev->status); 3072 hci_auth_cfm(conn, ev->status);
3099 3073
3100 hci_conn_hold(conn); 3074 hci_conn_hold(conn);
3101 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 3075 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3102 hci_conn_put(conn); 3076 hci_conn_drop(conn);
3103 } 3077 }
3104 3078
3105unlock: 3079unlock:
@@ -3360,7 +3334,7 @@ static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3360 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 3334 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3361 ev->status); 3335 ev->status);
3362 3336
3363 hci_conn_put(conn); 3337 hci_conn_drop(conn);
3364 3338
3365unlock: 3339unlock:
3366 hci_dev_unlock(hdev); 3340 hci_dev_unlock(hdev);
@@ -3371,11 +3345,16 @@ static void hci_remote_host_features_evt(struct hci_dev *hdev,
3371{ 3345{
3372 struct hci_ev_remote_host_features *ev = (void *) skb->data; 3346 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3373 struct inquiry_entry *ie; 3347 struct inquiry_entry *ie;
3348 struct hci_conn *conn;
3374 3349
3375 BT_DBG("%s", hdev->name); 3350 BT_DBG("%s", hdev->name);
3376 3351
3377 hci_dev_lock(hdev); 3352 hci_dev_lock(hdev);
3378 3353
3354 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3355 if (conn)
3356 memcpy(conn->features[1], ev->features, 8);
3357
3379 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3358 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3380 if (ie) 3359 if (ie)
3381 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3360 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
@@ -3448,9 +3427,8 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3448 3427
3449 hci_conn_hold(hcon); 3428 hci_conn_hold(hcon);
3450 hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3429 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3451 hci_conn_put(hcon); 3430 hci_conn_drop(hcon);
3452 3431
3453 hci_conn_hold_device(hcon);
3454 hci_conn_add_sysfs(hcon); 3432 hci_conn_add_sysfs(hcon);
3455 3433
3456 amp_physical_cfm(bredr_hcon, hcon); 3434 amp_physical_cfm(bredr_hcon, hcon);
@@ -3584,7 +3562,6 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3584 conn->handle = __le16_to_cpu(ev->handle); 3562 conn->handle = __le16_to_cpu(ev->handle);
3585 conn->state = BT_CONNECTED; 3563 conn->state = BT_CONNECTED;
3586 3564
3587 hci_conn_hold_device(conn);
3588 hci_conn_add_sysfs(conn); 3565 hci_conn_add_sysfs(conn);
3589 3566
3590 hci_proto_connect_cfm(conn, ev->status); 3567 hci_proto_connect_cfm(conn, ev->status);
@@ -3698,8 +3675,27 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3698 struct hci_event_hdr *hdr = (void *) skb->data; 3675 struct hci_event_hdr *hdr = (void *) skb->data;
3699 __u8 event = hdr->evt; 3676 __u8 event = hdr->evt;
3700 3677
3678 hci_dev_lock(hdev);
3679
3680 /* Received events are (currently) only needed when a request is
3681 * ongoing so avoid unnecessary memory allocation.
3682 */
3683 if (hdev->req_status == HCI_REQ_PEND) {
3684 kfree_skb(hdev->recv_evt);
3685 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3686 }
3687
3688 hci_dev_unlock(hdev);
3689
3701 skb_pull(skb, HCI_EVENT_HDR_SIZE); 3690 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3702 3691
3692 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3693 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3694 u16 opcode = __le16_to_cpu(hdr->opcode);
3695
3696 hci_req_cmd_complete(hdev, opcode, 0);
3697 }
3698
3703 switch (event) { 3699 switch (event) {
3704 case HCI_EV_INQUIRY_COMPLETE: 3700 case HCI_EV_INQUIRY_COMPLETE:
3705 hci_inquiry_complete_evt(hdev, skb); 3701 hci_inquiry_complete_evt(hdev, skb);
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index ff38561385de..7ad6ecf36f20 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -48,10 +48,10 @@ static ssize_t show_link_features(struct device *dev,
48 struct hci_conn *conn = to_hci_conn(dev); 48 struct hci_conn *conn = to_hci_conn(dev);
49 49
50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
51 conn->features[0], conn->features[1], 51 conn->features[0][0], conn->features[0][1],
52 conn->features[2], conn->features[3], 52 conn->features[0][2], conn->features[0][3],
53 conn->features[4], conn->features[5], 53 conn->features[0][4], conn->features[0][5],
54 conn->features[6], conn->features[7]); 54 conn->features[0][6], conn->features[0][7]);
55} 55}
56 56
57#define LINK_ATTR(_name, _mode, _show, _store) \ 57#define LINK_ATTR(_name, _mode, _show, _store) \
@@ -146,7 +146,6 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
146 } 146 }
147 147
148 device_del(&conn->dev); 148 device_del(&conn->dev);
149 put_device(&conn->dev);
150 149
151 hci_dev_put(hdev); 150 hci_dev_put(hdev);
152} 151}
@@ -234,10 +233,10 @@ static ssize_t show_features(struct device *dev,
234 struct hci_dev *hdev = to_hci_dev(dev); 233 struct hci_dev *hdev = to_hci_dev(dev);
235 234
236 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 235 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
237 hdev->features[0], hdev->features[1], 236 hdev->features[0][0], hdev->features[0][1],
238 hdev->features[2], hdev->features[3], 237 hdev->features[0][2], hdev->features[0][3],
239 hdev->features[4], hdev->features[5], 238 hdev->features[0][4], hdev->features[0][5],
240 hdev->features[6], hdev->features[7]); 239 hdev->features[0][6], hdev->features[0][7]);
241} 240}
242 241
243static ssize_t show_manufacturer(struct device *dev, 242static ssize_t show_manufacturer(struct device *dev,
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 2342327f3335..940f5acb6694 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -1,6 +1,7 @@
1/* 1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ). 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
4 5
5 This program is free software; you can redistribute it and/or modify 6 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as 7 it under the terms of the GNU General Public License version 2 as
@@ -20,6 +21,7 @@
20 SOFTWARE IS DISCLAIMED. 21 SOFTWARE IS DISCLAIMED.
21*/ 22*/
22 23
24#include <linux/kref.h>
23#include <linux/module.h> 25#include <linux/module.h>
24#include <linux/file.h> 26#include <linux/file.h>
25#include <linux/kthread.h> 27#include <linux/kthread.h>
@@ -59,39 +61,20 @@ static unsigned char hidp_keycode[256] = {
59 61
60static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61 63
62static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 64static int hidp_session_probe(struct l2cap_conn *conn,
63{ 65 struct l2cap_user *user);
64 struct hidp_session *session; 66static void hidp_session_remove(struct l2cap_conn *conn,
65 67 struct l2cap_user *user);
66 BT_DBG(""); 68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
67 70
68 list_for_each_entry(session, &hidp_session_list, list) { 71static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
69 if (!bacmp(bdaddr, &session->bdaddr))
70 return session;
71 }
72
73 return NULL;
74}
75
76static void __hidp_link_session(struct hidp_session *session)
77{
78 list_add(&session->list, &hidp_session_list);
79}
80
81static void __hidp_unlink_session(struct hidp_session *session)
82{
83 hci_conn_put_device(session->conn);
84
85 list_del(&session->list);
86}
87
88static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89{ 72{
90 memset(ci, 0, sizeof(*ci)); 73 memset(ci, 0, sizeof(*ci));
91 bacpy(&ci->bdaddr, &session->bdaddr); 74 bacpy(&ci->bdaddr, &session->bdaddr);
92 75
93 ci->flags = session->flags; 76 ci->flags = session->flags;
94 ci->state = session->state; 77 ci->state = BT_CONNECTED;
95 78
96 ci->vendor = 0x0000; 79 ci->vendor = 0x0000;
97 ci->product = 0x0000; 80 ci->product = 0x0000;
@@ -115,58 +98,80 @@ static void __hidp_copy_session(struct hidp_session *session, struct hidp_connin
115 } 98 }
116} 99}
117 100
118static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 101/* assemble skb, queue message on @transmit and wake up the session thread */
119 unsigned int type, unsigned int code, int value) 102static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
120{ 105{
121 unsigned char newleds;
122 struct sk_buff *skb; 106 struct sk_buff *skb;
107 struct sock *sk = sock->sk;
123 108
124 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 109 BT_DBG("session %p data %p size %d", session, data, size);
125
126 if (type != EV_LED)
127 return -1;
128
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
134
135 if (session->leds == newleds)
136 return 0;
137 110
138 session->leds = newleds; 111 if (atomic_read(&session->terminate))
112 return -EIO;
139 113
140 skb = alloc_skb(3, GFP_ATOMIC); 114 skb = alloc_skb(size + 1, GFP_ATOMIC);
141 if (!skb) { 115 if (!skb) {
142 BT_ERR("Can't allocate memory for new frame"); 116 BT_ERR("Can't allocate memory for new frame");
143 return -ENOMEM; 117 return -ENOMEM;
144 } 118 }
145 119
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 120 *skb_put(skb, 1) = hdr;
147 *skb_put(skb, 1) = 0x01; 121 if (data && size > 0)
148 *skb_put(skb, 1) = newleds; 122 memcpy(skb_put(skb, size), data, size);
149
150 skb_queue_tail(&session->intr_transmit, skb);
151 123
152 hidp_schedule(session); 124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
153 126
154 return 0; 127 return 0;
155} 128}
156 129
157static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 130static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
132 int size)
158{ 133{
159 struct hid_device *hid = input_get_drvdata(dev); 134 return hidp_send_message(session, session->ctrl_sock,
160 struct hidp_session *session = hid->driver_data; 135 &session->ctrl_transmit, hdr, data, size);
136}
161 137
162 return hidp_queue_event(session, dev, type, code, value); 138static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
140 int size)
141{
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
163} 144}
164 145
165static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 146static int hidp_input_event(struct input_dev *dev, unsigned int type,
147 unsigned int code, int value)
166{ 148{
167 struct hidp_session *session = input_get_drvdata(dev); 149 struct hidp_session *session = input_get_drvdata(dev);
150 unsigned char newleds;
151 unsigned char hdr, data[2];
152
153 BT_DBG("session %p type %d code %d value %d",
154 session, type, code, value);
155
156 if (type != EV_LED)
157 return -1;
158
159 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
160 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
161 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
162 (!!test_bit(LED_CAPSL, dev->led) << 1) |
163 (!!test_bit(LED_NUML, dev->led));
168 164
169 return hidp_queue_event(session, dev, type, code, value); 165 if (session->leds == newleds)
166 return 0;
167
168 session->leds = newleds;
169
170 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 data[0] = 0x01;
172 data[1] = newleds;
173
174 return hidp_send_intr_message(session, hdr, data, 2);
170} 175}
171 176
172static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 177static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
@@ -224,71 +229,9 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
224 input_sync(dev); 229 input_sync(dev);
225} 230}
226 231
227static int __hidp_send_ctrl_message(struct hidp_session *session,
228 unsigned char hdr, unsigned char *data,
229 int size)
230{
231 struct sk_buff *skb;
232
233 BT_DBG("session %p data %p size %d", session, data, size);
234
235 if (atomic_read(&session->terminate))
236 return -EIO;
237
238 skb = alloc_skb(size + 1, GFP_ATOMIC);
239 if (!skb) {
240 BT_ERR("Can't allocate memory for new frame");
241 return -ENOMEM;
242 }
243
244 *skb_put(skb, 1) = hdr;
245 if (data && size > 0)
246 memcpy(skb_put(skb, size), data, size);
247
248 skb_queue_tail(&session->ctrl_transmit, skb);
249
250 return 0;
251}
252
253static int hidp_send_ctrl_message(struct hidp_session *session,
254 unsigned char hdr, unsigned char *data, int size)
255{
256 int err;
257
258 err = __hidp_send_ctrl_message(session, hdr, data, size);
259
260 hidp_schedule(session);
261
262 return err;
263}
264
265static int hidp_queue_report(struct hidp_session *session,
266 unsigned char *data, int size)
267{
268 struct sk_buff *skb;
269
270 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271
272 skb = alloc_skb(size + 1, GFP_ATOMIC);
273 if (!skb) {
274 BT_ERR("Can't allocate memory for new frame");
275 return -ENOMEM;
276 }
277
278 *skb_put(skb, 1) = 0xa2;
279 if (size > 0)
280 memcpy(skb_put(skb, size), data, size);
281
282 skb_queue_tail(&session->intr_transmit, skb);
283
284 hidp_schedule(session);
285
286 return 0;
287}
288
289static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 232static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290{ 233{
291 unsigned char buf[32]; 234 unsigned char buf[32], hdr;
292 int rsize; 235 int rsize;
293 236
294 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 237 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
@@ -296,8 +239,9 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep
296 return -EIO; 239 return -EIO;
297 240
298 hid_output_report(report, buf); 241 hid_output_report(report, buf);
242 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
299 243
300 return hidp_queue_report(session, buf, rsize); 244 return hidp_send_intr_message(session, hdr, buf, rsize);
301} 245}
302 246
303static int hidp_get_raw_report(struct hid_device *hid, 247static int hidp_get_raw_report(struct hid_device *hid,
@@ -336,17 +280,19 @@ static int hidp_get_raw_report(struct hid_device *hid,
336 session->waiting_report_number = numbered_reports ? report_number : -1; 280 session->waiting_report_number = numbered_reports ? report_number : -1;
337 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 281 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
338 data[0] = report_number; 282 data[0] = report_number;
339 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1); 283 ret = hidp_send_ctrl_message(session, report_type, data, 1);
340 if (ret) 284 if (ret)
341 goto err; 285 goto err;
342 286
343 /* Wait for the return of the report. The returned report 287 /* Wait for the return of the report. The returned report
344 gets put in session->report_return. */ 288 gets put in session->report_return. */
345 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 289 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
290 !atomic_read(&session->terminate)) {
346 int res; 291 int res;
347 292
348 res = wait_event_interruptible_timeout(session->report_queue, 293 res = wait_event_interruptible_timeout(session->report_queue,
349 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 294 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
295 || atomic_read(&session->terminate),
350 5*HZ); 296 5*HZ);
351 if (res == 0) { 297 if (res == 0) {
352 /* timeout */ 298 /* timeout */
@@ -389,14 +335,11 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s
389 struct hidp_session *session = hid->driver_data; 335 struct hidp_session *session = hid->driver_data;
390 int ret; 336 int ret;
391 337
392 switch (report_type) { 338 if (report_type == HID_OUTPUT_REPORT) {
393 case HID_FEATURE_REPORT: 339 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
394 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 340 return hidp_send_intr_message(session, report_type,
395 break; 341 data, count);
396 case HID_OUTPUT_REPORT: 342 } else if (report_type != HID_FEATURE_REPORT) {
397 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
398 break;
399 default:
400 return -EINVAL; 343 return -EINVAL;
401 } 344 }
402 345
@@ -405,17 +348,19 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s
405 348
406 /* Set up our wait, and send the report request to the device. */ 349 /* Set up our wait, and send the report request to the device. */
407 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 350 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
408 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 351 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
409 count); 352 ret = hidp_send_ctrl_message(session, report_type, data, count);
410 if (ret) 353 if (ret)
411 goto err; 354 goto err;
412 355
413 /* Wait for the ACK from the device. */ 356 /* Wait for the ACK from the device. */
414 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 357 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
358 !atomic_read(&session->terminate)) {
415 int res; 359 int res;
416 360
417 res = wait_event_interruptible_timeout(session->report_queue, 361 res = wait_event_interruptible_timeout(session->report_queue,
418 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 362 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
363 || atomic_read(&session->terminate),
419 10*HZ); 364 10*HZ);
420 if (res == 0) { 365 if (res == 0) {
421 /* timeout */ 366 /* timeout */
@@ -446,8 +391,7 @@ static void hidp_idle_timeout(unsigned long arg)
446{ 391{
447 struct hidp_session *session = (struct hidp_session *) arg; 392 struct hidp_session *session = (struct hidp_session *) arg;
448 393
449 atomic_inc(&session->terminate); 394 hidp_session_terminate(session);
450 wake_up_process(session->task);
451} 395}
452 396
453static void hidp_set_timer(struct hidp_session *session) 397static void hidp_set_timer(struct hidp_session *session)
@@ -490,12 +434,12 @@ static void hidp_process_handshake(struct hidp_session *session,
490 case HIDP_HSHK_ERR_FATAL: 434 case HIDP_HSHK_ERR_FATAL:
491 /* Device requests a reboot, as this is the only way this error 435 /* Device requests a reboot, as this is the only way this error
492 * can be recovered. */ 436 * can be recovered. */
493 __hidp_send_ctrl_message(session, 437 hidp_send_ctrl_message(session,
494 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 438 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
495 break; 439 break;
496 440
497 default: 441 default:
498 __hidp_send_ctrl_message(session, 442 hidp_send_ctrl_message(session,
499 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 443 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
500 break; 444 break;
501 } 445 }
@@ -515,8 +459,7 @@ static void hidp_process_hid_control(struct hidp_session *session,
515 skb_queue_purge(&session->ctrl_transmit); 459 skb_queue_purge(&session->ctrl_transmit);
516 skb_queue_purge(&session->intr_transmit); 460 skb_queue_purge(&session->intr_transmit);
517 461
518 atomic_inc(&session->terminate); 462 hidp_session_terminate(session);
519 wake_up_process(current);
520 } 463 }
521} 464}
522 465
@@ -544,7 +487,7 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
544 break; 487 break;
545 488
546 default: 489 default:
547 __hidp_send_ctrl_message(session, 490 hidp_send_ctrl_message(session,
548 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 491 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
549 } 492 }
550 493
@@ -591,7 +534,7 @@ static void hidp_recv_ctrl_frame(struct hidp_session *session,
591 break; 534 break;
592 535
593 default: 536 default:
594 __hidp_send_ctrl_message(session, 537 hidp_send_ctrl_message(session,
595 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 538 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
596 break; 539 break;
597 } 540 }
@@ -642,32 +585,24 @@ static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
642 return kernel_sendmsg(sock, &msg, &iv, 1, len); 585 return kernel_sendmsg(sock, &msg, &iv, 1, len);
643} 586}
644 587
645static void hidp_process_intr_transmit(struct hidp_session *session) 588/* dequeue message from @transmit and send via @sock */
589static void hidp_process_transmit(struct hidp_session *session,
590 struct sk_buff_head *transmit,
591 struct socket *sock)
646{ 592{
647 struct sk_buff *skb; 593 struct sk_buff *skb;
594 int ret;
648 595
649 BT_DBG("session %p", session); 596 BT_DBG("session %p", session);
650 597
651 while ((skb = skb_dequeue(&session->intr_transmit))) { 598 while ((skb = skb_dequeue(transmit))) {
652 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 599 ret = hidp_send_frame(sock, skb->data, skb->len);
653 skb_queue_head(&session->intr_transmit, skb); 600 if (ret == -EAGAIN) {
601 skb_queue_head(transmit, skb);
654 break; 602 break;
655 } 603 } else if (ret < 0) {
656 604 hidp_session_terminate(session);
657 hidp_set_timer(session); 605 kfree_skb(skb);
658 kfree_skb(skb);
659 }
660}
661
662static void hidp_process_ctrl_transmit(struct hidp_session *session)
663{
664 struct sk_buff *skb;
665
666 BT_DBG("session %p", session);
667
668 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
669 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
670 skb_queue_head(&session->ctrl_transmit, skb);
671 break; 606 break;
672 } 607 }
673 608
@@ -676,122 +611,6 @@ static void hidp_process_ctrl_transmit(struct hidp_session *session)
676 } 611 }
677} 612}
678 613
679static int hidp_session(void *arg)
680{
681 struct hidp_session *session = arg;
682 struct sock *ctrl_sk = session->ctrl_sock->sk;
683 struct sock *intr_sk = session->intr_sock->sk;
684 struct sk_buff *skb;
685 wait_queue_t ctrl_wait, intr_wait;
686
687 BT_DBG("session %p", session);
688
689 __module_get(THIS_MODULE);
690 set_user_nice(current, -15);
691
692 init_waitqueue_entry(&ctrl_wait, current);
693 init_waitqueue_entry(&intr_wait, current);
694 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
695 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
696 session->waiting_for_startup = 0;
697 wake_up_interruptible(&session->startup_queue);
698 set_current_state(TASK_INTERRUPTIBLE);
699 while (!atomic_read(&session->terminate)) {
700 if (ctrl_sk->sk_state != BT_CONNECTED ||
701 intr_sk->sk_state != BT_CONNECTED)
702 break;
703
704 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
705 skb_orphan(skb);
706 if (!skb_linearize(skb))
707 hidp_recv_intr_frame(session, skb);
708 else
709 kfree_skb(skb);
710 }
711
712 hidp_process_intr_transmit(session);
713
714 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
715 skb_orphan(skb);
716 if (!skb_linearize(skb))
717 hidp_recv_ctrl_frame(session, skb);
718 else
719 kfree_skb(skb);
720 }
721
722 hidp_process_ctrl_transmit(session);
723
724 schedule();
725 set_current_state(TASK_INTERRUPTIBLE);
726 }
727 set_current_state(TASK_RUNNING);
728 atomic_inc(&session->terminate);
729 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
730 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
731
732 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
733 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
734 wake_up_interruptible(&session->report_queue);
735
736 down_write(&hidp_session_sem);
737
738 hidp_del_timer(session);
739
740 if (session->input) {
741 input_unregister_device(session->input);
742 session->input = NULL;
743 }
744
745 if (session->hid) {
746 hid_destroy_device(session->hid);
747 session->hid = NULL;
748 }
749
750 /* Wakeup user-space polling for socket errors */
751 session->intr_sock->sk->sk_err = EUNATCH;
752 session->ctrl_sock->sk->sk_err = EUNATCH;
753
754 hidp_schedule(session);
755
756 fput(session->intr_sock->file);
757
758 wait_event_timeout(*(sk_sleep(ctrl_sk)),
759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
760
761 fput(session->ctrl_sock->file);
762
763 __hidp_unlink_session(session);
764
765 up_write(&hidp_session_sem);
766
767 kfree(session->rd_data);
768 kfree(session);
769 module_put_and_exit(0);
770 return 0;
771}
772
773static struct hci_conn *hidp_get_connection(struct hidp_session *session)
774{
775 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
776 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
777 struct hci_conn *conn;
778 struct hci_dev *hdev;
779
780 hdev = hci_get_route(dst, src);
781 if (!hdev)
782 return NULL;
783
784 hci_dev_lock(hdev);
785 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
786 if (conn)
787 hci_conn_hold_device(conn);
788 hci_dev_unlock(hdev);
789
790 hci_dev_put(hdev);
791
792 return conn;
793}
794
795static int hidp_setup_input(struct hidp_session *session, 614static int hidp_setup_input(struct hidp_session *session,
796 struct hidp_connadd_req *req) 615 struct hidp_connadd_req *req)
797{ 616{
@@ -839,7 +658,7 @@ static int hidp_setup_input(struct hidp_session *session,
839 input->relbit[0] |= BIT_MASK(REL_WHEEL); 658 input->relbit[0] |= BIT_MASK(REL_WHEEL);
840 } 659 }
841 660
842 input->dev.parent = &session->conn->dev; 661 input->dev.parent = &session->conn->hcon->dev;
843 662
844 input->event = hidp_input_event; 663 input->event = hidp_input_event;
845 664
@@ -898,7 +717,6 @@ static struct hid_ll_driver hidp_hid_driver = {
898 .stop = hidp_stop, 717 .stop = hidp_stop,
899 .open = hidp_open, 718 .open = hidp_open,
900 .close = hidp_close, 719 .close = hidp_close,
901 .hidinput_input_event = hidp_hidinput_event,
902}; 720};
903 721
904/* This function sets up the hid device. It does not add it 722/* This function sets up the hid device. It does not add it
@@ -943,7 +761,7 @@ static int hidp_setup_hid(struct hidp_session *session,
943 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 761 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
944 &bt_sk(session->ctrl_sock->sk)->dst); 762 &bt_sk(session->ctrl_sock->sk)->dst);
945 763
946 hid->dev.parent = &session->conn->dev; 764 hid->dev.parent = &session->conn->hcon->dev;
947 hid->ll_driver = &hidp_hid_driver; 765 hid->ll_driver = &hidp_hid_driver;
948 766
949 hid->hid_get_raw_report = hidp_get_raw_report; 767 hid->hid_get_raw_report = hidp_get_raw_report;
@@ -965,80 +783,217 @@ fault:
965 return err; 783 return err;
966} 784}
967 785
968int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 786/* initialize session devices */
787static int hidp_session_dev_init(struct hidp_session *session,
788 struct hidp_connadd_req *req)
969{ 789{
970 struct hidp_session *session, *s; 790 int ret;
971 int vendor, product;
972 int err;
973 791
974 BT_DBG(""); 792 if (req->rd_size > 0) {
793 ret = hidp_setup_hid(session, req);
794 if (ret && ret != -ENODEV)
795 return ret;
796 }
975 797
976 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 798 if (!session->hid) {
977 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 799 ret = hidp_setup_input(session, req);
978 return -ENOTUNIQ; 800 if (ret < 0)
801 return ret;
802 }
979 803
980 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 804 return 0;
805}
981 806
982 down_write(&hidp_session_sem); 807/* destroy session devices */
808static void hidp_session_dev_destroy(struct hidp_session *session)
809{
810 if (session->hid)
811 put_device(&session->hid->dev);
812 else if (session->input)
813 input_put_device(session->input);
983 814
984 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 815 kfree(session->rd_data);
985 if (s && s->state == BT_CONNECTED) { 816 session->rd_data = NULL;
986 up_write(&hidp_session_sem); 817}
987 return -EEXIST;
988 }
989 818
990 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 819/* add HID/input devices to their underlying bus systems */
991 if (!session) { 820static int hidp_session_dev_add(struct hidp_session *session)
992 up_write(&hidp_session_sem); 821{
993 return -ENOMEM; 822 int ret;
994 }
995 823
996 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 824 /* Both HID and input systems drop a ref-count when unregistering the
825 * device but they don't take a ref-count when registering them. Work
826 * around this by explicitly taking a refcount during registration
827 * which is dropped automatically by unregistering the devices. */
997 828
998 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 829 if (session->hid) {
999 l2cap_pi(ctrl_sock->sk)->chan->imtu); 830 ret = hid_add_device(session->hid);
1000 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 831 if (ret)
1001 l2cap_pi(intr_sock->sk)->chan->imtu); 832 return ret;
833 get_device(&session->hid->dev);
834 } else if (session->input) {
835 ret = input_register_device(session->input);
836 if (ret)
837 return ret;
838 input_get_device(session->input);
839 }
1002 840
1003 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 841 return 0;
842}
1004 843
1005 session->ctrl_sock = ctrl_sock; 844/* remove HID/input devices from their bus systems */
1006 session->intr_sock = intr_sock; 845static void hidp_session_dev_del(struct hidp_session *session)
1007 session->state = BT_CONNECTED; 846{
847 if (session->hid)
848 hid_destroy_device(session->hid);
849 else if (session->input)
850 input_unregister_device(session->input);
851}
1008 852
1009 session->conn = hidp_get_connection(session); 853/*
1010 if (!session->conn) { 854 * Create new session object
1011 err = -ENOTCONN; 855 * Allocate session object, initialize static fields, copy input data into the
1012 goto failed; 856 * object and take a reference to all sub-objects.
1013 } 857 * This returns 0 on success and puts a pointer to the new session object in
858 * \out. Otherwise, an error code is returned.
859 * The new session object has an initial ref-count of 1.
860 */
861static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
862 struct socket *ctrl_sock,
863 struct socket *intr_sock,
864 struct hidp_connadd_req *req,
865 struct l2cap_conn *conn)
866{
867 struct hidp_session *session;
868 int ret;
869 struct bt_sock *ctrl, *intr;
870
871 ctrl = bt_sk(ctrl_sock->sk);
872 intr = bt_sk(intr_sock->sk);
1014 873
1015 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 874 session = kzalloc(sizeof(*session), GFP_KERNEL);
875 if (!session)
876 return -ENOMEM;
1016 877
878 /* object and runtime management */
879 kref_init(&session->ref);
880 atomic_set(&session->state, HIDP_SESSION_IDLING);
881 init_waitqueue_head(&session->state_queue);
882 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
883
884 /* connection management */
885 bacpy(&session->bdaddr, bdaddr);
886 session->conn = conn;
887 session->user.probe = hidp_session_probe;
888 session->user.remove = hidp_session_remove;
889 session->ctrl_sock = ctrl_sock;
890 session->intr_sock = intr_sock;
1017 skb_queue_head_init(&session->ctrl_transmit); 891 skb_queue_head_init(&session->ctrl_transmit);
1018 skb_queue_head_init(&session->intr_transmit); 892 skb_queue_head_init(&session->intr_transmit);
893 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
894 l2cap_pi(ctrl)->chan->imtu);
895 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
896 l2cap_pi(intr)->chan->imtu);
897 session->idle_to = req->idle_to;
898
899 /* device management */
900 setup_timer(&session->timer, hidp_idle_timeout,
901 (unsigned long)session);
1019 902
903 /* session data */
1020 mutex_init(&session->report_mutex); 904 mutex_init(&session->report_mutex);
1021 init_waitqueue_head(&session->report_queue); 905 init_waitqueue_head(&session->report_queue);
1022 init_waitqueue_head(&session->startup_queue);
1023 session->waiting_for_startup = 1;
1024 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1025 session->idle_to = req->idle_to;
1026 906
1027 __hidp_link_session(session); 907 ret = hidp_session_dev_init(session, req);
908 if (ret)
909 goto err_free;
1028 910
1029 if (req->rd_size > 0) { 911 l2cap_conn_get(session->conn);
1030 err = hidp_setup_hid(session, req); 912 get_file(session->intr_sock->file);
1031 if (err && err != -ENODEV) 913 get_file(session->ctrl_sock->file);
1032 goto purge; 914 *out = session;
1033 } 915 return 0;
1034 916
1035 if (!session->hid) { 917err_free:
1036 err = hidp_setup_input(session, req); 918 kfree(session);
1037 if (err < 0) 919 return ret;
1038 goto purge; 920}
921
922/* increase ref-count of the given session by one */
923static void hidp_session_get(struct hidp_session *session)
924{
925 kref_get(&session->ref);
926}
927
928/* release callback */
929static void session_free(struct kref *ref)
930{
931 struct hidp_session *session = container_of(ref, struct hidp_session,
932 ref);
933
934 hidp_session_dev_destroy(session);
935 skb_queue_purge(&session->ctrl_transmit);
936 skb_queue_purge(&session->intr_transmit);
937 fput(session->intr_sock->file);
938 fput(session->ctrl_sock->file);
939 l2cap_conn_put(session->conn);
940 kfree(session);
941}
942
943/* decrease ref-count of the given session by one */
944static void hidp_session_put(struct hidp_session *session)
945{
946 kref_put(&session->ref, session_free);
947}
948
949/*
950 * Search the list of active sessions for a session with target address
951 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
952 * you do not release this lock, the session objects cannot vanish and you can
953 * safely take a reference to the session yourself.
954 */
955static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
956{
957 struct hidp_session *session;
958
959 list_for_each_entry(session, &hidp_session_list, list) {
960 if (!bacmp(bdaddr, &session->bdaddr))
961 return session;
1039 } 962 }
1040 963
1041 hidp_set_timer(session); 964 return NULL;
965}
966
967/*
968 * Same as __hidp_session_find() but no locks must be held. This also takes a
969 * reference of the returned session (if non-NULL) so you must drop this
970 * reference if you no longer use the object.
971 */
972static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
973{
974 struct hidp_session *session;
975
976 down_read(&hidp_session_sem);
977
978 session = __hidp_session_find(bdaddr);
979 if (session)
980 hidp_session_get(session);
981
982 up_read(&hidp_session_sem);
983
984 return session;
985}
986
987/*
988 * Start session synchronously
989 * This starts a session thread and waits until initialization
990 * is done or returns an error if it couldn't be started.
991 * If this returns 0 the session thread is up and running. You must call
992 * hipd_session_stop_sync() before deleting any runtime resources.
993 */
994static int hidp_session_start_sync(struct hidp_session *session)
995{
996 unsigned int vendor, product;
1042 997
1043 if (session->hid) { 998 if (session->hid) {
1044 vendor = session->hid->vendor; 999 vendor = session->hid->vendor;
@@ -1051,98 +1006,320 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
1051 product = 0x0000; 1006 product = 0x0000;
1052 } 1007 }
1053 1008
1054 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1009 session->task = kthread_run(hidp_session_thread, session,
1055 vendor, product); 1010 "khidpd_%04x%04x", vendor, product);
1056 if (IS_ERR(session->task)) { 1011 if (IS_ERR(session->task))
1057 err = PTR_ERR(session->task); 1012 return PTR_ERR(session->task);
1058 goto unlink;
1059 }
1060 1013
1061 while (session->waiting_for_startup) { 1014 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1062 wait_event_interruptible(session->startup_queue, 1015 wait_event(session->state_queue,
1063 !session->waiting_for_startup); 1016 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1064 }
1065 1017
1066 if (session->hid) 1018 return 0;
1067 err = hid_add_device(session->hid); 1019}
1068 else
1069 err = input_register_device(session->input);
1070 1020
1071 if (err < 0) { 1021/*
1072 atomic_inc(&session->terminate); 1022 * Terminate session thread
1073 wake_up_process(session->task); 1023 * Wake up session thread and notify it to stop. This is asynchronous and
1074 up_write(&hidp_session_sem); 1024 * returns immediately. Call this whenever a runtime error occurs and you want
1075 return err; 1025 * the session to stop.
1076 } 1026 * Note: wake_up_process() performs any necessary memory-barriers for us.
1027 */
1028static void hidp_session_terminate(struct hidp_session *session)
1029{
1030 atomic_inc(&session->terminate);
1031 wake_up_process(session->task);
1032}
1077 1033
1078 if (session->input) { 1034/*
1079 hidp_send_ctrl_message(session, 1035 * Probe HIDP session
1080 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1036 * This is called from the l2cap_conn core when our l2cap_user object is bound
1081 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1037 * to the hci-connection. We get the session via the \user object and can now
1038 * start the session thread, register the HID/input devices and link it into
1039 * the global session list.
1040 * The global session-list owns its own reference to the session object so you
1041 * can drop your own reference after registering the l2cap_user object.
1042 */
1043static int hidp_session_probe(struct l2cap_conn *conn,
1044 struct l2cap_user *user)
1045{
1046 struct hidp_session *session = container_of(user,
1047 struct hidp_session,
1048 user);
1049 struct hidp_session *s;
1050 int ret;
1051
1052 down_write(&hidp_session_sem);
1082 1053
1083 session->leds = 0xff; 1054 /* check that no other session for this device exists */
1084 hidp_input_event(session->input, EV_LED, 0, 0); 1055 s = __hidp_session_find(&session->bdaddr);
1056 if (s) {
1057 ret = -EEXIST;
1058 goto out_unlock;
1085 } 1059 }
1086 1060
1061 ret = hidp_session_start_sync(session);
1062 if (ret)
1063 goto out_unlock;
1064
1065 ret = hidp_session_dev_add(session);
1066 if (ret)
1067 goto out_stop;
1068
1069 hidp_session_get(session);
1070 list_add(&session->list, &hidp_session_list);
1071 ret = 0;
1072 goto out_unlock;
1073
1074out_stop:
1075 hidp_session_terminate(session);
1076out_unlock:
1087 up_write(&hidp_session_sem); 1077 up_write(&hidp_session_sem);
1088 return 0; 1078 return ret;
1079}
1080
1081/*
1082 * Remove HIDP session
1083 * Called from the l2cap_conn core when either we explicitly unregistered
1084 * the l2cap_user object or if the underlying connection is shut down.
1085 * We signal the hidp-session thread to shut down, unregister the HID/input
1086 * devices and unlink the session from the global list.
1087 * This drops the reference to the session that is owned by the global
1088 * session-list.
1089 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1090 * This is, because the session-thread might be waiting for an HCI lock that is
1091 * held while we are called. Therefore, we only unregister the devices and
1092 * notify the session-thread to terminate. The thread itself owns a reference
1093 * to the session object so it can safely shut down.
1094 */
1095static void hidp_session_remove(struct l2cap_conn *conn,
1096 struct l2cap_user *user)
1097{
1098 struct hidp_session *session = container_of(user,
1099 struct hidp_session,
1100 user);
1101
1102 down_write(&hidp_session_sem);
1103
1104 hidp_session_terminate(session);
1105 hidp_session_dev_del(session);
1106 list_del(&session->list);
1107
1108 up_write(&hidp_session_sem);
1109
1110 hidp_session_put(session);
1111}
1112
1113/*
1114 * Session Worker
1115 * This performs the actual main-loop of the HIDP worker. We first check
1116 * whether the underlying connection is still alive, then parse all pending
1117 * messages and finally send all outstanding messages.
1118 */
1119static void hidp_session_run(struct hidp_session *session)
1120{
1121 struct sock *ctrl_sk = session->ctrl_sock->sk;
1122 struct sock *intr_sk = session->intr_sock->sk;
1123 struct sk_buff *skb;
1124
1125 for (;;) {
1126 /*
1127 * This thread can be woken up two ways:
1128 * - You call hidp_session_terminate() which sets the
1129 * session->terminate flag and wakes this thread up.
1130 * - Via modifying the socket state of ctrl/intr_sock. This
1131 * thread is woken up by ->sk_state_changed().
1132 *
1133 * Note: set_current_state() performs any necessary
1134 * memory-barriers for us.
1135 */
1136 set_current_state(TASK_INTERRUPTIBLE);
1137
1138 if (atomic_read(&session->terminate))
1139 break;
1140
1141 if (ctrl_sk->sk_state != BT_CONNECTED ||
1142 intr_sk->sk_state != BT_CONNECTED)
1143 break;
1144
1145 /* parse incoming intr-skbs */
1146 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1147 skb_orphan(skb);
1148 if (!skb_linearize(skb))
1149 hidp_recv_intr_frame(session, skb);
1150 else
1151 kfree_skb(skb);
1152 }
1153
1154 /* send pending intr-skbs */
1155 hidp_process_transmit(session, &session->intr_transmit,
1156 session->intr_sock);
1089 1157
1090unlink: 1158 /* parse incoming ctrl-skbs */
1159 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1160 skb_orphan(skb);
1161 if (!skb_linearize(skb))
1162 hidp_recv_ctrl_frame(session, skb);
1163 else
1164 kfree_skb(skb);
1165 }
1166
1167 /* send pending ctrl-skbs */
1168 hidp_process_transmit(session, &session->ctrl_transmit,
1169 session->ctrl_sock);
1170
1171 schedule();
1172 }
1173
1174 atomic_inc(&session->terminate);
1175 set_current_state(TASK_RUNNING);
1176}
1177
1178/*
1179 * HIDP session thread
1180 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1181 * which allows us to take references to ourself here instead of doing that in
1182 * the caller.
1183 * When we are ready to run we notify the caller and call hidp_session_run().
1184 */
1185static int hidp_session_thread(void *arg)
1186{
1187 struct hidp_session *session = arg;
1188 wait_queue_t ctrl_wait, intr_wait;
1189
1190 BT_DBG("session %p", session);
1191
1192 /* initialize runtime environment */
1193 hidp_session_get(session);
1194 __module_get(THIS_MODULE);
1195 set_user_nice(current, -15);
1196 hidp_set_timer(session);
1197
1198 init_waitqueue_entry(&ctrl_wait, current);
1199 init_waitqueue_entry(&intr_wait, current);
1200 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1201 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1202 /* This memory barrier is paired with wq_has_sleeper(). See
1203 * sock_poll_wait() for more information why this is needed. */
1204 smp_mb();
1205
1206 /* notify synchronous startup that we're ready */
1207 atomic_inc(&session->state);
1208 wake_up(&session->state_queue);
1209
1210 /* run session */
1211 hidp_session_run(session);
1212
1213 /* cleanup runtime environment */
1214 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1215 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1216 wake_up_interruptible(&session->report_queue);
1091 hidp_del_timer(session); 1217 hidp_del_timer(session);
1092 1218
1093 if (session->input) { 1219 /*
1094 input_unregister_device(session->input); 1220 * If we stopped ourself due to any internal signal, we should try to
1095 session->input = NULL; 1221 * unregister our own session here to avoid having it linger until the
1222 * parent l2cap_conn dies or user-space cleans it up.
1223 * This does not deadlock as we don't do any synchronous shutdown.
1224 * Instead, this call has the same semantics as if user-space tried to
1225 * delete the session.
1226 */
1227 l2cap_unregister_user(session->conn, &session->user);
1228 hidp_session_put(session);
1229
1230 module_put_and_exit(0);
1231 return 0;
1232}
1233
1234static int hidp_verify_sockets(struct socket *ctrl_sock,
1235 struct socket *intr_sock)
1236{
1237 struct bt_sock *ctrl, *intr;
1238 struct hidp_session *session;
1239
1240 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1241 return -EINVAL;
1242
1243 ctrl = bt_sk(ctrl_sock->sk);
1244 intr = bt_sk(intr_sock->sk);
1245
1246 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1247 return -ENOTUNIQ;
1248 if (ctrl->sk.sk_state != BT_CONNECTED ||
1249 intr->sk.sk_state != BT_CONNECTED)
1250 return -EBADFD;
1251
1252 /* early session check, we check again during session registration */
1253 session = hidp_session_find(&ctrl->dst);
1254 if (session) {
1255 hidp_session_put(session);
1256 return -EEXIST;
1096 } 1257 }
1097 1258
1098 if (session->hid) { 1259 return 0;
1099 hid_destroy_device(session->hid); 1260}
1100 session->hid = NULL; 1261
1262int hidp_connection_add(struct hidp_connadd_req *req,
1263 struct socket *ctrl_sock,
1264 struct socket *intr_sock)
1265{
1266 struct hidp_session *session;
1267 struct l2cap_conn *conn;
1268 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1269 int ret;
1270
1271 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1272 if (ret)
1273 return ret;
1274
1275 conn = NULL;
1276 l2cap_chan_lock(chan);
1277 if (chan->conn) {
1278 l2cap_conn_get(chan->conn);
1279 conn = chan->conn;
1101 } 1280 }
1281 l2cap_chan_unlock(chan);
1102 1282
1103 kfree(session->rd_data); 1283 if (!conn)
1104 session->rd_data = NULL; 1284 return -EBADFD;
1105 1285
1106purge: 1286 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1107 __hidp_unlink_session(session); 1287 intr_sock, req, conn);
1288 if (ret)
1289 goto out_conn;
1108 1290
1109 skb_queue_purge(&session->ctrl_transmit); 1291 ret = l2cap_register_user(conn, &session->user);
1110 skb_queue_purge(&session->intr_transmit); 1292 if (ret)
1293 goto out_session;
1111 1294
1112failed: 1295 ret = 0;
1113 up_write(&hidp_session_sem);
1114 1296
1115 kfree(session); 1297out_session:
1116 return err; 1298 hidp_session_put(session);
1299out_conn:
1300 l2cap_conn_put(conn);
1301 return ret;
1117} 1302}
1118 1303
1119int hidp_del_connection(struct hidp_conndel_req *req) 1304int hidp_connection_del(struct hidp_conndel_req *req)
1120{ 1305{
1121 struct hidp_session *session; 1306 struct hidp_session *session;
1122 int err = 0;
1123 1307
1124 BT_DBG(""); 1308 session = hidp_session_find(&req->bdaddr);
1309 if (!session)
1310 return -ENOENT;
1125 1311
1126 down_read(&hidp_session_sem); 1312 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1313 hidp_send_ctrl_message(session,
1314 HIDP_TRANS_HID_CONTROL |
1315 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1316 NULL, 0);
1317 else
1318 l2cap_unregister_user(session->conn, &session->user);
1127 1319
1128 session = __hidp_get_session(&req->bdaddr); 1320 hidp_session_put(session);
1129 if (session) {
1130 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1131 hidp_send_ctrl_message(session,
1132 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1133 } else {
1134 /* Flush the transmit queues */
1135 skb_queue_purge(&session->ctrl_transmit);
1136 skb_queue_purge(&session->intr_transmit);
1137
1138 atomic_inc(&session->terminate);
1139 wake_up_process(session->task);
1140 }
1141 } else
1142 err = -ENOENT;
1143 1321
1144 up_read(&hidp_session_sem); 1322 return 0;
1145 return err;
1146} 1323}
1147 1324
1148int hidp_get_connlist(struct hidp_connlist_req *req) 1325int hidp_get_connlist(struct hidp_connlist_req *req)
@@ -1157,7 +1334,7 @@ int hidp_get_connlist(struct hidp_connlist_req *req)
1157 list_for_each_entry(session, &hidp_session_list, list) { 1334 list_for_each_entry(session, &hidp_session_list, list) {
1158 struct hidp_conninfo ci; 1335 struct hidp_conninfo ci;
1159 1336
1160 __hidp_copy_session(session, &ci); 1337 hidp_copy_session(session, &ci);
1161 1338
1162 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1339 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1163 err = -EFAULT; 1340 err = -EFAULT;
@@ -1178,18 +1355,14 @@ int hidp_get_connlist(struct hidp_connlist_req *req)
1178int hidp_get_conninfo(struct hidp_conninfo *ci) 1355int hidp_get_conninfo(struct hidp_conninfo *ci)
1179{ 1356{
1180 struct hidp_session *session; 1357 struct hidp_session *session;
1181 int err = 0;
1182
1183 down_read(&hidp_session_sem);
1184 1358
1185 session = __hidp_get_session(&ci->bdaddr); 1359 session = hidp_session_find(&ci->bdaddr);
1186 if (session) 1360 if (session) {
1187 __hidp_copy_session(session, ci); 1361 hidp_copy_session(session, ci);
1188 else 1362 hidp_session_put(session);
1189 err = -ENOENT; 1363 }
1190 1364
1191 up_read(&hidp_session_sem); 1365 return session ? 0 : -ENOENT;
1192 return err;
1193} 1366}
1194 1367
1195static int __init hidp_init(void) 1368static int __init hidp_init(void)
@@ -1208,6 +1381,7 @@ module_init(hidp_init);
1208module_exit(hidp_exit); 1381module_exit(hidp_exit);
1209 1382
1210MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1383MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1384MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1211MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1385MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1212MODULE_VERSION(VERSION); 1386MODULE_VERSION(VERSION);
1213MODULE_LICENSE("GPL"); 1387MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index af1bcc823f26..6162ce8606ac 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -24,7 +24,9 @@
24#define __HIDP_H 24#define __HIDP_H
25 25
26#include <linux/types.h> 26#include <linux/types.h>
27#include <linux/kref.h>
27#include <net/bluetooth/bluetooth.h> 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/l2cap.h>
28 30
29/* HIDP header masks */ 31/* HIDP header masks */
30#define HIDP_HEADER_TRANS_MASK 0xf0 32#define HIDP_HEADER_TRANS_MASK 0xf0
@@ -119,43 +121,52 @@ struct hidp_connlist_req {
119 struct hidp_conninfo __user *ci; 121 struct hidp_conninfo __user *ci;
120}; 122};
121 123
122int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); 124int hidp_connection_add(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock);
123int hidp_del_connection(struct hidp_conndel_req *req); 125int hidp_connection_del(struct hidp_conndel_req *req);
124int hidp_get_connlist(struct hidp_connlist_req *req); 126int hidp_get_connlist(struct hidp_connlist_req *req);
125int hidp_get_conninfo(struct hidp_conninfo *ci); 127int hidp_get_conninfo(struct hidp_conninfo *ci);
126 128
129enum hidp_session_state {
130 HIDP_SESSION_IDLING,
131 HIDP_SESSION_RUNNING,
132};
133
127/* HIDP session defines */ 134/* HIDP session defines */
128struct hidp_session { 135struct hidp_session {
129 struct list_head list; 136 struct list_head list;
137 struct kref ref;
130 138
131 struct hci_conn *conn; 139 /* runtime management */
140 atomic_t state;
141 wait_queue_head_t state_queue;
142 atomic_t terminate;
143 struct task_struct *task;
144 unsigned long flags;
132 145
146 /* connection management */
147 bdaddr_t bdaddr;
148 struct l2cap_conn *conn;
149 struct l2cap_user user;
133 struct socket *ctrl_sock; 150 struct socket *ctrl_sock;
134 struct socket *intr_sock; 151 struct socket *intr_sock;
135 152 struct sk_buff_head ctrl_transmit;
136 bdaddr_t bdaddr; 153 struct sk_buff_head intr_transmit;
137
138 unsigned long state;
139 unsigned long flags;
140 unsigned long idle_to;
141
142 uint ctrl_mtu; 154 uint ctrl_mtu;
143 uint intr_mtu; 155 uint intr_mtu;
156 unsigned long idle_to;
144 157
145 atomic_t terminate; 158 /* device management */
146 struct task_struct *task;
147
148 unsigned char keys[8];
149 unsigned char leds;
150
151 struct input_dev *input; 159 struct input_dev *input;
152
153 struct hid_device *hid; 160 struct hid_device *hid;
154
155 struct timer_list timer; 161 struct timer_list timer;
156 162
157 struct sk_buff_head ctrl_transmit; 163 /* Report descriptor */
158 struct sk_buff_head intr_transmit; 164 __u8 *rd_data;
165 uint rd_size;
166
167 /* session data */
168 unsigned char keys[8];
169 unsigned char leds;
159 170
160 /* Used in hidp_get_raw_report() */ 171 /* Used in hidp_get_raw_report() */
161 int waiting_report_type; /* HIDP_DATA_RTYPE_* */ 172 int waiting_report_type; /* HIDP_DATA_RTYPE_* */
@@ -166,24 +177,8 @@ struct hidp_session {
166 177
167 /* Used in hidp_output_raw_report() */ 178 /* Used in hidp_output_raw_report() */
168 int output_report_success; /* boolean */ 179 int output_report_success; /* boolean */
169
170 /* Report descriptor */
171 __u8 *rd_data;
172 uint rd_size;
173
174 wait_queue_head_t startup_queue;
175 int waiting_for_startup;
176}; 180};
177 181
178static inline void hidp_schedule(struct hidp_session *session)
179{
180 struct sock *ctrl_sk = session->ctrl_sock->sk;
181 struct sock *intr_sk = session->intr_sock->sk;
182
183 wake_up_interruptible(sk_sleep(ctrl_sk));
184 wake_up_interruptible(sk_sleep(intr_sk));
185}
186
187/* HIDP init defines */ 182/* HIDP init defines */
188extern int __init hidp_init_sockets(void); 183extern int __init hidp_init_sockets(void);
189extern void __exit hidp_cleanup_sockets(void); 184extern void __exit hidp_cleanup_sockets(void);
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 5d0f1ca0a314..2f4cbb0865ca 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -77,21 +77,12 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
77 return err; 77 return err;
78 } 78 }
79 79
80 if (csock->sk->sk_state != BT_CONNECTED || 80 err = hidp_connection_add(&ca, csock, isock);
81 isock->sk->sk_state != BT_CONNECTED) { 81 if (!err && copy_to_user(argp, &ca, sizeof(ca)))
82 sockfd_put(csock); 82 err = -EFAULT;
83 sockfd_put(isock);
84 return -EBADFD;
85 }
86 83
87 err = hidp_add_connection(&ca, csock, isock); 84 sockfd_put(csock);
88 if (!err) { 85 sockfd_put(isock);
89 if (copy_to_user(argp, &ca, sizeof(ca)))
90 err = -EFAULT;
91 } else {
92 sockfd_put(csock);
93 sockfd_put(isock);
94 }
95 86
96 return err; 87 return err;
97 88
@@ -102,7 +93,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
102 if (copy_from_user(&cd, argp, sizeof(cd))) 93 if (copy_from_user(&cd, argp, sizeof(cd)))
103 return -EFAULT; 94 return -EFAULT;
104 95
105 return hidp_del_connection(&cd); 96 return hidp_connection_del(&cd);
106 97
107 case HIDPGETCONNLIST: 98 case HIDPGETCONNLIST:
108 if (copy_from_user(&cl, argp, sizeof(cl))) 99 if (copy_from_user(&cl, argp, sizeof(cl)))
@@ -296,7 +287,6 @@ int __init hidp_init_sockets(void)
296 return 0; 287 return 0;
297 288
298error: 289error:
299 BT_ERR("Can't register HIDP socket");
300 proto_unregister(&hidp_proto); 290 proto_unregister(&hidp_proto);
301 return err; 291 return err;
302} 292}
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 7c7e9321f1ea..eae1d9f90b68 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -571,7 +571,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
571 chan->conn = NULL; 571 chan->conn = NULL;
572 572
573 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) 573 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP)
574 hci_conn_put(conn->hcon); 574 hci_conn_drop(conn->hcon);
575 575
576 if (mgr && mgr->bredr_chan == chan) 576 if (mgr && mgr->bredr_chan == chan)
577 mgr->bredr_chan = NULL; 577 mgr->bredr_chan = NULL;
@@ -1446,6 +1446,89 @@ static void l2cap_info_timeout(struct work_struct *work)
1446 l2cap_conn_start(conn); 1446 l2cap_conn_start(conn);
1447} 1447}
1448 1448
1449/*
1450 * l2cap_user
1451 * External modules can register l2cap_user objects on l2cap_conn. The ->probe
1452 * callback is called during registration. The ->remove callback is called
1453 * during unregistration.
1454 * An l2cap_user object can either be explicitly unregistered or when the
1455 * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon,
1456 * l2cap->hchan, .. are valid as long as the remove callback hasn't been called.
1457 * External modules must own a reference to the l2cap_conn object if they intend
1458 * to call l2cap_unregister_user(). The l2cap_conn object might get destroyed at
1459 * any time if they don't.
1460 */
1461
1462int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user)
1463{
1464 struct hci_dev *hdev = conn->hcon->hdev;
1465 int ret;
1466
1467 /* We need to check whether l2cap_conn is registered. If it is not, we
1468 * must not register the l2cap_user. l2cap_conn_del() is unregisters
1469 * l2cap_conn objects, but doesn't provide its own locking. Instead, it
1470 * relies on the parent hci_conn object to be locked. This itself relies
1471 * on the hci_dev object to be locked. So we must lock the hci device
1472 * here, too. */
1473
1474 hci_dev_lock(hdev);
1475
1476 if (user->list.next || user->list.prev) {
1477 ret = -EINVAL;
1478 goto out_unlock;
1479 }
1480
1481 /* conn->hchan is NULL after l2cap_conn_del() was called */
1482 if (!conn->hchan) {
1483 ret = -ENODEV;
1484 goto out_unlock;
1485 }
1486
1487 ret = user->probe(conn, user);
1488 if (ret)
1489 goto out_unlock;
1490
1491 list_add(&user->list, &conn->users);
1492 ret = 0;
1493
1494out_unlock:
1495 hci_dev_unlock(hdev);
1496 return ret;
1497}
1498EXPORT_SYMBOL(l2cap_register_user);
1499
1500void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user)
1501{
1502 struct hci_dev *hdev = conn->hcon->hdev;
1503
1504 hci_dev_lock(hdev);
1505
1506 if (!user->list.next || !user->list.prev)
1507 goto out_unlock;
1508
1509 list_del(&user->list);
1510 user->list.next = NULL;
1511 user->list.prev = NULL;
1512 user->remove(conn, user);
1513
1514out_unlock:
1515 hci_dev_unlock(hdev);
1516}
1517EXPORT_SYMBOL(l2cap_unregister_user);
1518
1519static void l2cap_unregister_all_users(struct l2cap_conn *conn)
1520{
1521 struct l2cap_user *user;
1522
1523 while (!list_empty(&conn->users)) {
1524 user = list_first_entry(&conn->users, struct l2cap_user, list);
1525 list_del(&user->list);
1526 user->list.next = NULL;
1527 user->list.prev = NULL;
1528 user->remove(conn, user);
1529 }
1530}
1531
1449static void l2cap_conn_del(struct hci_conn *hcon, int err) 1532static void l2cap_conn_del(struct hci_conn *hcon, int err)
1450{ 1533{
1451 struct l2cap_conn *conn = hcon->l2cap_data; 1534 struct l2cap_conn *conn = hcon->l2cap_data;
@@ -1458,6 +1541,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1458 1541
1459 kfree_skb(conn->rx_skb); 1542 kfree_skb(conn->rx_skb);
1460 1543
1544 l2cap_unregister_all_users(conn);
1545
1461 mutex_lock(&conn->chan_lock); 1546 mutex_lock(&conn->chan_lock);
1462 1547
1463 /* Kill channels */ 1548 /* Kill channels */
@@ -1486,7 +1571,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1486 } 1571 }
1487 1572
1488 hcon->l2cap_data = NULL; 1573 hcon->l2cap_data = NULL;
1489 kfree(conn); 1574 conn->hchan = NULL;
1575 l2cap_conn_put(conn);
1490} 1576}
1491 1577
1492static void security_timeout(struct work_struct *work) 1578static void security_timeout(struct work_struct *work)
@@ -1502,12 +1588,12 @@ static void security_timeout(struct work_struct *work)
1502 } 1588 }
1503} 1589}
1504 1590
1505static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) 1591static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
1506{ 1592{
1507 struct l2cap_conn *conn = hcon->l2cap_data; 1593 struct l2cap_conn *conn = hcon->l2cap_data;
1508 struct hci_chan *hchan; 1594 struct hci_chan *hchan;
1509 1595
1510 if (conn || status) 1596 if (conn)
1511 return conn; 1597 return conn;
1512 1598
1513 hchan = hci_chan_create(hcon); 1599 hchan = hci_chan_create(hcon);
@@ -1520,8 +1606,10 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1520 return NULL; 1606 return NULL;
1521 } 1607 }
1522 1608
1609 kref_init(&conn->ref);
1523 hcon->l2cap_data = conn; 1610 hcon->l2cap_data = conn;
1524 conn->hcon = hcon; 1611 conn->hcon = hcon;
1612 hci_conn_get(conn->hcon);
1525 conn->hchan = hchan; 1613 conn->hchan = hchan;
1526 1614
1527 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); 1615 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
@@ -1547,6 +1635,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1547 mutex_init(&conn->chan_lock); 1635 mutex_init(&conn->chan_lock);
1548 1636
1549 INIT_LIST_HEAD(&conn->chan_l); 1637 INIT_LIST_HEAD(&conn->chan_l);
1638 INIT_LIST_HEAD(&conn->users);
1550 1639
1551 if (hcon->type == LE_LINK) 1640 if (hcon->type == LE_LINK)
1552 INIT_DELAYED_WORK(&conn->security_timer, security_timeout); 1641 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
@@ -1558,6 +1647,26 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1558 return conn; 1647 return conn;
1559} 1648}
1560 1649
1650static void l2cap_conn_free(struct kref *ref)
1651{
1652 struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref);
1653
1654 hci_conn_put(conn->hcon);
1655 kfree(conn);
1656}
1657
1658void l2cap_conn_get(struct l2cap_conn *conn)
1659{
1660 kref_get(&conn->ref);
1661}
1662EXPORT_SYMBOL(l2cap_conn_get);
1663
1664void l2cap_conn_put(struct l2cap_conn *conn)
1665{
1666 kref_put(&conn->ref, l2cap_conn_free);
1667}
1668EXPORT_SYMBOL(l2cap_conn_put);
1669
1561/* ---- Socket interface ---- */ 1670/* ---- Socket interface ---- */
1562 1671
1563/* Find socket with psm and source / destination bdaddr. 1672/* Find socket with psm and source / destination bdaddr.
@@ -1695,9 +1804,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1695 goto done; 1804 goto done;
1696 } 1805 }
1697 1806
1698 conn = l2cap_conn_add(hcon, 0); 1807 conn = l2cap_conn_add(hcon);
1699 if (!conn) { 1808 if (!conn) {
1700 hci_conn_put(hcon); 1809 hci_conn_drop(hcon);
1701 err = -ENOMEM; 1810 err = -ENOMEM;
1702 goto done; 1811 goto done;
1703 } 1812 }
@@ -1707,7 +1816,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1707 1816
1708 if (!list_empty(&conn->chan_l)) { 1817 if (!list_empty(&conn->chan_l)) {
1709 err = -EBUSY; 1818 err = -EBUSY;
1710 hci_conn_put(hcon); 1819 hci_conn_drop(hcon);
1711 } 1820 }
1712 1821
1713 if (err) 1822 if (err)
@@ -6313,7 +6422,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
6313 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 6422 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
6314 6423
6315 if (!status) { 6424 if (!status) {
6316 conn = l2cap_conn_add(hcon, status); 6425 conn = l2cap_conn_add(hcon);
6317 if (conn) 6426 if (conn)
6318 l2cap_conn_ready(conn); 6427 l2cap_conn_ready(conn);
6319 } else { 6428 } else {
@@ -6482,7 +6591,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
6482 goto drop; 6591 goto drop;
6483 6592
6484 if (!conn) 6593 if (!conn)
6485 conn = l2cap_conn_add(hcon, 0); 6594 conn = l2cap_conn_add(hcon);
6486 6595
6487 if (!conn) 6596 if (!conn)
6488 goto drop; 6597 goto drop;
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 7f9704993b74..141e7b058b7e 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -43,6 +43,12 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio); 44 int proto, gfp_t prio);
45 45
46bool l2cap_is_socket(struct socket *sock)
47{
48 return sock && sock->ops == &l2cap_sock_ops;
49}
50EXPORT_SYMBOL(l2cap_is_socket);
51
46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 52static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
47{ 53{
48 struct sock *sk = sock->sk; 54 struct sock *sk = sock->sk;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 03e7e732215f..4c830c62ef74 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -106,11 +106,10 @@ static const u16 mgmt_events[] = {
106 * These LE scan and inquiry parameters were chosen according to LE General 106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification. 107 * Discovery Procedure specification.
108 */ 108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12 109#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12 110#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 111#define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240)
113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 112#define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120)
114 113
115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 114#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 115#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
@@ -2131,7 +2130,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
2131 conn->security_cfm_cb = NULL; 2130 conn->security_cfm_cb = NULL;
2132 conn->disconn_cfm_cb = NULL; 2131 conn->disconn_cfm_cb = NULL;
2133 2132
2134 hci_conn_put(conn); 2133 hci_conn_drop(conn);
2135 2134
2136 mgmt_pending_remove(cmd); 2135 mgmt_pending_remove(cmd);
2137} 2136}
@@ -2222,7 +2221,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2222 } 2221 }
2223 2222
2224 if (conn->connect_cfm_cb) { 2223 if (conn->connect_cfm_cb) {
2225 hci_conn_put(conn); 2224 hci_conn_drop(conn);
2226 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2225 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2227 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2226 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2228 goto unlock; 2227 goto unlock;
@@ -2231,7 +2230,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2231 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2230 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2232 if (!cmd) { 2231 if (!cmd) {
2233 err = -ENOMEM; 2232 err = -ENOMEM;
2234 hci_conn_put(conn); 2233 hci_conn_drop(conn);
2235 goto unlock; 2234 goto unlock;
2236 } 2235 }
2237 2236
@@ -2703,7 +2702,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2703 goto failed; 2702 goto failed;
2704 } 2703 }
2705 2704
2706 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2705 err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT,
2707 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2706 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2708 break; 2707 break;
2709 2708
@@ -2715,8 +2714,8 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2715 goto failed; 2714 goto failed;
2716 } 2715 }
2717 2716
2718 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN, 2717 err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT,
2719 LE_SCAN_TIMEOUT_BREDR_LE); 2718 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2720 break; 2719 break;
2721 2720
2722 default: 2721 default:
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 2c8055350510..373d81e6e8f0 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -83,7 +83,7 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
83 if (conn) 83 if (conn)
84 return conn; 84 return conn;
85 85
86 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); 86 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
87 if (!conn) 87 if (!conn)
88 return NULL; 88 return NULL;
89 89
@@ -185,7 +185,7 @@ static int sco_connect(struct sock *sk)
185 185
186 conn = sco_conn_add(hcon); 186 conn = sco_conn_add(hcon);
187 if (!conn) { 187 if (!conn) {
188 hci_conn_put(hcon); 188 hci_conn_drop(hcon);
189 err = -ENOMEM; 189 err = -ENOMEM;
190 goto done; 190 goto done;
191 } 191 }
@@ -353,7 +353,7 @@ static void __sco_sock_close(struct sock *sk)
353 if (sco_pi(sk)->conn->hcon) { 353 if (sco_pi(sk)->conn->hcon) {
354 sk->sk_state = BT_DISCONN; 354 sk->sk_state = BT_DISCONN;
355 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 355 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
356 hci_conn_put(sco_pi(sk)->conn->hcon); 356 hci_conn_drop(sco_pi(sk)->conn->hcon);
357 sco_pi(sk)->conn->hcon = NULL; 357 sco_pi(sk)->conn->hcon = NULL;
358 } else 358 } else
359 sco_chan_del(sk, ECONNRESET); 359 sco_chan_del(sk, ECONNRESET);
@@ -481,8 +481,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
481{ 481{
482 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 482 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
483 struct sock *sk = sock->sk; 483 struct sock *sk = sock->sk;
484 int err = 0; 484 int err;
485
486 485
487 BT_DBG("sk %p", sk); 486 BT_DBG("sk %p", sk);
488 487
@@ -653,6 +652,42 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
653 return err; 652 return err;
654} 653}
655 654
655static void sco_conn_defer_accept(struct hci_conn *conn, int mask)
656{
657 struct hci_dev *hdev = conn->hdev;
658
659 BT_DBG("conn %p", conn);
660
661 conn->state = BT_CONFIG;
662
663 if (!lmp_esco_capable(hdev)) {
664 struct hci_cp_accept_conn_req cp;
665
666 bacpy(&cp.bdaddr, &conn->dst);
667
668 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
669 cp.role = 0x00; /* Become master */
670 else
671 cp.role = 0x01; /* Remain slave */
672
673 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
674 } else {
675 struct hci_cp_accept_sync_conn_req cp;
676
677 bacpy(&cp.bdaddr, &conn->dst);
678 cp.pkt_type = cpu_to_le16(conn->pkt_type);
679
680 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
681 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
682 cp.max_latency = __constant_cpu_to_le16(0xffff);
683 cp.content_format = cpu_to_le16(hdev->voice_setting);
684 cp.retrans_effort = 0xff;
685
686 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
687 sizeof(cp), &cp);
688 }
689}
690
656static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 691static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
657 struct msghdr *msg, size_t len, int flags) 692 struct msghdr *msg, size_t len, int flags)
658{ 693{
@@ -663,7 +698,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
663 698
664 if (sk->sk_state == BT_CONNECT2 && 699 if (sk->sk_state == BT_CONNECT2 &&
665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 700 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
666 hci_conn_accept(pi->conn->hcon, 0); 701 sco_conn_defer_accept(pi->conn->hcon, 0);
667 sk->sk_state = BT_CONFIG; 702 sk->sk_state = BT_CONFIG;
668 msg->msg_namelen = 0; 703 msg->msg_namelen = 0;
669 704
@@ -883,7 +918,7 @@ static void sco_chan_del(struct sock *sk, int err)
883 sco_conn_unlock(conn); 918 sco_conn_unlock(conn);
884 919
885 if (conn->hcon) 920 if (conn->hcon)
886 hci_conn_put(conn->hcon); 921 hci_conn_drop(conn->hcon);
887 } 922 }
888 923
889 sk->sk_state = BT_CLOSED; 924 sk->sk_state = BT_CLOSED;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 5abefb12891d..b2296d3857a0 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -522,7 +522,7 @@ void smp_chan_destroy(struct l2cap_conn *conn)
522 kfree(smp); 522 kfree(smp);
523 conn->smp_chan = NULL; 523 conn->smp_chan = NULL;
524 conn->hcon->smp_conn = NULL; 524 conn->hcon->smp_conn = NULL;
525 hci_conn_put(conn->hcon); 525 hci_conn_drop(conn->hcon);
526} 526}
527 527
528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index c50c19402588..1a89c80e6407 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -805,8 +805,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
805 IEEE80211_CHANCTX_EXCLUSIVE); 805 IEEE80211_CHANCTX_EXCLUSIVE);
806 } 806 }
807 } else if (local->open_count == local->monitors) { 807 } else if (local->open_count == local->monitors) {
808 local->_oper_channel = chandef->chan; 808 local->_oper_chandef = *chandef;
809 local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
810 ieee80211_hw_config(local, 0); 809 ieee80211_hw_config(local, 0);
811 } 810 }
812 811
@@ -965,8 +964,13 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
965 sdata->vif.bss_conf.hidden_ssid = 964 sdata->vif.bss_conf.hidden_ssid =
966 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE); 965 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
967 966
968 sdata->vif.bss_conf.p2p_ctwindow = params->p2p_ctwindow; 967 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
969 sdata->vif.bss_conf.p2p_oppps = params->p2p_opp_ps; 968 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
969 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow =
970 params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
971 if (params->p2p_opp_ps)
972 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
973 IEEE80211_P2P_OPPPS_ENABLE_BIT;
970 974
971 err = ieee80211_assign_beacon(sdata, &params->beacon); 975 err = ieee80211_assign_beacon(sdata, &params->beacon);
972 if (err < 0) 976 if (err < 0)
@@ -1039,6 +1043,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1039 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 1043 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1040 sta_info_flush_defer(vlan); 1044 sta_info_flush_defer(vlan);
1041 sta_info_flush_defer(sdata); 1045 sta_info_flush_defer(sdata);
1046 synchronize_net();
1042 rcu_barrier(); 1047 rcu_barrier();
1043 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { 1048 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1044 sta_info_flush_cleanup(vlan); 1049 sta_info_flush_cleanup(vlan);
@@ -1048,6 +1053,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1048 ieee80211_free_keys(sdata); 1053 ieee80211_free_keys(sdata);
1049 1054
1050 sdata->vif.bss_conf.enable_beacon = false; 1055 sdata->vif.bss_conf.enable_beacon = false;
1056 sdata->vif.bss_conf.ssid_len = 0;
1051 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); 1057 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1052 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 1058 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
1053 1059
@@ -1536,7 +1542,6 @@ static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1536 struct ieee80211_sub_if_data *sdata; 1542 struct ieee80211_sub_if_data *sdata;
1537 struct mesh_path *mpath; 1543 struct mesh_path *mpath;
1538 struct sta_info *sta; 1544 struct sta_info *sta;
1539 int err;
1540 1545
1541 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1546 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1542 1547
@@ -1547,17 +1552,12 @@ static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1547 return -ENOENT; 1552 return -ENOENT;
1548 } 1553 }
1549 1554
1550 err = mesh_path_add(sdata, dst); 1555 mpath = mesh_path_add(sdata, dst);
1551 if (err) { 1556 if (IS_ERR(mpath)) {
1552 rcu_read_unlock(); 1557 rcu_read_unlock();
1553 return err; 1558 return PTR_ERR(mpath);
1554 } 1559 }
1555 1560
1556 mpath = mesh_path_lookup(sdata, dst);
1557 if (!mpath) {
1558 rcu_read_unlock();
1559 return -ENXIO;
1560 }
1561 mesh_path_fix_nexthop(mpath, sta); 1561 mesh_path_fix_nexthop(mpath, sta);
1562 1562
1563 rcu_read_unlock(); 1563 rcu_read_unlock();
@@ -1961,12 +1961,20 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1961 } 1961 }
1962 1962
1963 if (params->p2p_ctwindow >= 0) { 1963 if (params->p2p_ctwindow >= 0) {
1964 sdata->vif.bss_conf.p2p_ctwindow = params->p2p_ctwindow; 1964 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
1965 ~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1966 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
1967 params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1965 changed |= BSS_CHANGED_P2P_PS; 1968 changed |= BSS_CHANGED_P2P_PS;
1966 } 1969 }
1967 1970
1968 if (params->p2p_opp_ps >= 0) { 1971 if (params->p2p_opp_ps > 0) {
1969 sdata->vif.bss_conf.p2p_oppps = params->p2p_opp_ps; 1972 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
1973 IEEE80211_P2P_OPPPS_ENABLE_BIT;
1974 changed |= BSS_CHANGED_P2P_PS;
1975 } else if (params->p2p_opp_ps == 0) {
1976 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
1977 ~IEEE80211_P2P_OPPPS_ENABLE_BIT;
1970 changed |= BSS_CHANGED_P2P_PS; 1978 changed |= BSS_CHANGED_P2P_PS;
1971 } 1979 }
1972 1980
@@ -2410,9 +2418,22 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
2410 } 2418 }
2411 2419
2412 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 2420 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
2421 struct ieee80211_supported_band *sband = wiphy->bands[i];
2422 int j;
2423
2413 sdata->rc_rateidx_mask[i] = mask->control[i].legacy; 2424 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
2414 memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs, 2425 memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs,
2415 sizeof(mask->control[i].mcs)); 2426 sizeof(mask->control[i].mcs));
2427
2428 sdata->rc_has_mcs_mask[i] = false;
2429 if (!sband)
2430 continue;
2431
2432 for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++)
2433 if (~sdata->rc_rateidx_mcs_mask[i][j]) {
2434 sdata->rc_has_mcs_mask[i] = true;
2435 break;
2436 }
2416 } 2437 }
2417 2438
2418 return 0; 2439 return 0;
@@ -3362,9 +3383,7 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
3362 if (local->use_chanctx) 3383 if (local->use_chanctx)
3363 *chandef = local->monitor_chandef; 3384 *chandef = local->monitor_chandef;
3364 else 3385 else
3365 cfg80211_chandef_create(chandef, 3386 *chandef = local->_oper_chandef;
3366 local->_oper_channel,
3367 local->_oper_channel_type);
3368 ret = 0; 3387 ret = 0;
3369 } 3388 }
3370 rcu_read_unlock(); 3389 rcu_read_unlock();
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 931be419ab5a..03e8d2e3270e 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -22,7 +22,7 @@ static void ieee80211_change_chanctx(struct ieee80211_local *local,
22 drv_change_chanctx(local, ctx, IEEE80211_CHANCTX_CHANGE_WIDTH); 22 drv_change_chanctx(local, ctx, IEEE80211_CHANCTX_CHANGE_WIDTH);
23 23
24 if (!local->use_chanctx) { 24 if (!local->use_chanctx) {
25 local->_oper_channel_type = cfg80211_get_chandef_type(chandef); 25 local->_oper_chandef = *chandef;
26 ieee80211_hw_config(local, 0); 26 ieee80211_hw_config(local, 0);
27 } 27 }
28} 28}
@@ -57,6 +57,22 @@ ieee80211_find_chanctx(struct ieee80211_local *local,
57 return NULL; 57 return NULL;
58} 58}
59 59
60static bool ieee80211_is_radar_required(struct ieee80211_local *local)
61{
62 struct ieee80211_sub_if_data *sdata;
63
64 rcu_read_lock();
65 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
66 if (sdata->radar_required) {
67 rcu_read_unlock();
68 return true;
69 }
70 }
71 rcu_read_unlock();
72
73 return false;
74}
75
60static struct ieee80211_chanctx * 76static struct ieee80211_chanctx *
61ieee80211_new_chanctx(struct ieee80211_local *local, 77ieee80211_new_chanctx(struct ieee80211_local *local,
62 const struct cfg80211_chan_def *chandef, 78 const struct cfg80211_chan_def *chandef,
@@ -76,6 +92,9 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
76 ctx->conf.rx_chains_static = 1; 92 ctx->conf.rx_chains_static = 1;
77 ctx->conf.rx_chains_dynamic = 1; 93 ctx->conf.rx_chains_dynamic = 1;
78 ctx->mode = mode; 94 ctx->mode = mode;
95 ctx->conf.radar_enabled = ieee80211_is_radar_required(local);
96 if (!local->use_chanctx)
97 local->hw.conf.radar_enabled = ctx->conf.radar_enabled;
79 98
80 /* acquire mutex to prevent idle from changing */ 99 /* acquire mutex to prevent idle from changing */
81 mutex_lock(&local->mtx); 100 mutex_lock(&local->mtx);
@@ -85,9 +104,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
85 ieee80211_hw_config(local, changed); 104 ieee80211_hw_config(local, changed);
86 105
87 if (!local->use_chanctx) { 106 if (!local->use_chanctx) {
88 local->_oper_channel_type = 107 local->_oper_chandef = *chandef;
89 cfg80211_get_chandef_type(chandef);
90 local->_oper_channel = chandef->chan;
91 ieee80211_hw_config(local, 0); 108 ieee80211_hw_config(local, 0);
92 } else { 109 } else {
93 err = drv_add_chanctx(local, ctx); 110 err = drv_add_chanctx(local, ctx);
@@ -112,12 +129,24 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
112static void ieee80211_free_chanctx(struct ieee80211_local *local, 129static void ieee80211_free_chanctx(struct ieee80211_local *local,
113 struct ieee80211_chanctx *ctx) 130 struct ieee80211_chanctx *ctx)
114{ 131{
132 bool check_single_channel = false;
115 lockdep_assert_held(&local->chanctx_mtx); 133 lockdep_assert_held(&local->chanctx_mtx);
116 134
117 WARN_ON_ONCE(ctx->refcount != 0); 135 WARN_ON_ONCE(ctx->refcount != 0);
118 136
119 if (!local->use_chanctx) { 137 if (!local->use_chanctx) {
120 local->_oper_channel_type = NL80211_CHAN_NO_HT; 138 struct cfg80211_chan_def *chandef = &local->_oper_chandef;
139 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
140 chandef->center_freq1 = chandef->chan->center_freq;
141 chandef->center_freq2 = 0;
142
143 /* NOTE: Disabling radar is only valid here for
144 * single channel context. To be sure, check it ...
145 */
146 if (local->hw.conf.radar_enabled)
147 check_single_channel = true;
148 local->hw.conf.radar_enabled = false;
149
121 ieee80211_hw_config(local, 0); 150 ieee80211_hw_config(local, 0);
122 } else { 151 } else {
123 drv_remove_chanctx(local, ctx); 152 drv_remove_chanctx(local, ctx);
@@ -126,6 +155,9 @@ static void ieee80211_free_chanctx(struct ieee80211_local *local,
126 list_del_rcu(&ctx->list); 155 list_del_rcu(&ctx->list);
127 kfree_rcu(ctx, rcu_head); 156 kfree_rcu(ctx, rcu_head);
128 157
158 /* throw a warning if this wasn't the only channel context. */
159 WARN_ON(check_single_channel && !list_empty(&local->chanctx_list));
160
129 mutex_lock(&local->mtx); 161 mutex_lock(&local->mtx);
130 ieee80211_recalc_idle(local); 162 ieee80211_recalc_idle(local);
131 mutex_unlock(&local->mtx); 163 mutex_unlock(&local->mtx);
@@ -237,19 +269,11 @@ static void __ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata)
237void ieee80211_recalc_radar_chanctx(struct ieee80211_local *local, 269void ieee80211_recalc_radar_chanctx(struct ieee80211_local *local,
238 struct ieee80211_chanctx *chanctx) 270 struct ieee80211_chanctx *chanctx)
239{ 271{
240 struct ieee80211_sub_if_data *sdata; 272 bool radar_enabled;
241 bool radar_enabled = false;
242 273
243 lockdep_assert_held(&local->chanctx_mtx); 274 lockdep_assert_held(&local->chanctx_mtx);
244 275
245 rcu_read_lock(); 276 radar_enabled = ieee80211_is_radar_required(local);
246 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
247 if (sdata->radar_required) {
248 radar_enabled = true;
249 break;
250 }
251 }
252 rcu_read_unlock();
253 277
254 if (radar_enabled == chanctx->conf.radar_enabled) 278 if (radar_enabled == chanctx->conf.radar_enabled)
255 return; 279 return;
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index ddb426867904..14abcf44f974 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -124,6 +124,15 @@ static ssize_t ieee80211_if_fmt_##name( \
124 return scnprintf(buf, buflen, "%d\n", sdata->field / 16); \ 124 return scnprintf(buf, buflen, "%d\n", sdata->field / 16); \
125} 125}
126 126
127#define IEEE80211_IF_FMT_JIFFIES_TO_MS(name, field) \
128static ssize_t ieee80211_if_fmt_##name( \
129 const struct ieee80211_sub_if_data *sdata, \
130 char *buf, int buflen) \
131{ \
132 return scnprintf(buf, buflen, "%d\n", \
133 jiffies_to_msecs(sdata->field)); \
134}
135
127#define __IEEE80211_IF_FILE(name, _write) \ 136#define __IEEE80211_IF_FILE(name, _write) \
128static ssize_t ieee80211_if_read_##name(struct file *file, \ 137static ssize_t ieee80211_if_read_##name(struct file *file, \
129 char __user *userbuf, \ 138 char __user *userbuf, \
@@ -197,6 +206,7 @@ IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC);
197IEEE80211_IF_FILE(aid, u.mgd.aid, DEC); 206IEEE80211_IF_FILE(aid, u.mgd.aid, DEC);
198IEEE80211_IF_FILE(last_beacon, u.mgd.last_beacon_signal, DEC); 207IEEE80211_IF_FILE(last_beacon, u.mgd.last_beacon_signal, DEC);
199IEEE80211_IF_FILE(ave_beacon, u.mgd.ave_beacon_signal, DEC_DIV_16); 208IEEE80211_IF_FILE(ave_beacon, u.mgd.ave_beacon_signal, DEC_DIV_16);
209IEEE80211_IF_FILE(beacon_timeout, u.mgd.beacon_timeout, JIFFIES_TO_MS);
200 210
201static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata, 211static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
202 enum ieee80211_smps_mode smps_mode) 212 enum ieee80211_smps_mode smps_mode)
@@ -542,6 +552,7 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
542 DEBUGFS_ADD(aid); 552 DEBUGFS_ADD(aid);
543 DEBUGFS_ADD(last_beacon); 553 DEBUGFS_ADD(last_beacon);
544 DEBUGFS_ADD(ave_beacon); 554 DEBUGFS_ADD(ave_beacon);
555 DEBUGFS_ADD(beacon_timeout);
545 DEBUGFS_ADD_MODE(smps, 0600); 556 DEBUGFS_ADD_MODE(smps, 0600);
546 DEBUGFS_ADD_MODE(tkip_mic_test, 0200); 557 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
547 DEBUGFS_ADD_MODE(uapsd_queues, 0600); 558 DEBUGFS_ADD_MODE(uapsd_queues, 0600);
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 4f841fe559df..44e201d60a13 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -54,6 +54,7 @@ STA_FILE(aid, sta.aid, D);
54STA_FILE(dev, sdata->name, S); 54STA_FILE(dev, sdata->name, S);
55STA_FILE(last_signal, last_signal, D); 55STA_FILE(last_signal, last_signal, D);
56STA_FILE(last_ack_signal, last_ack_signal, D); 56STA_FILE(last_ack_signal, last_ack_signal, D);
57STA_FILE(beacon_loss_count, beacon_loss_count, D);
57 58
58static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 59static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
59 size_t count, loff_t *ppos) 60 size_t count, loff_t *ppos)
@@ -434,6 +435,7 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
434 DEBUGFS_ADD(agg_status); 435 DEBUGFS_ADD(agg_status);
435 DEBUGFS_ADD(dev); 436 DEBUGFS_ADD(dev);
436 DEBUGFS_ADD(last_signal); 437 DEBUGFS_ADD(last_signal);
438 DEBUGFS_ADD(beacon_loss_count);
437 DEBUGFS_ADD(ht_capa); 439 DEBUGFS_ADD(ht_capa);
438 DEBUGFS_ADD(vht_capa); 440 DEBUGFS_ADD(vht_capa);
439 DEBUGFS_ADD(last_ack_signal); 441 DEBUGFS_ADD(last_ack_signal);
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 539d4a11b47b..170f9a7fa319 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -44,7 +44,6 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
44 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 44 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
45 struct ieee80211_local *local = sdata->local; 45 struct ieee80211_local *local = sdata->local;
46 int rates, i; 46 int rates, i;
47 struct sk_buff *skb;
48 struct ieee80211_mgmt *mgmt; 47 struct ieee80211_mgmt *mgmt;
49 u8 *pos; 48 u8 *pos;
50 struct ieee80211_supported_band *sband; 49 struct ieee80211_supported_band *sband;
@@ -52,20 +51,14 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
52 u32 bss_change; 51 u32 bss_change;
53 u8 supp_rates[IEEE80211_MAX_SUPP_RATES]; 52 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
54 struct cfg80211_chan_def chandef; 53 struct cfg80211_chan_def chandef;
54 struct beacon_data *presp;
55 int frame_len;
55 56
56 lockdep_assert_held(&ifibss->mtx); 57 lockdep_assert_held(&ifibss->mtx);
57 58
58 /* Reset own TSF to allow time synchronization work. */ 59 /* Reset own TSF to allow time synchronization work. */
59 drv_reset_tsf(local, sdata); 60 drv_reset_tsf(local, sdata);
60 61
61 skb = ifibss->skb;
62 RCU_INIT_POINTER(ifibss->presp, NULL);
63 synchronize_rcu();
64 skb->data = skb->head;
65 skb->len = 0;
66 skb_reset_tail_pointer(skb);
67 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
68
69 if (!ether_addr_equal(ifibss->bssid, bssid)) 62 if (!ether_addr_equal(ifibss->bssid, bssid))
70 sta_info_flush(sdata); 63 sta_info_flush(sdata);
71 64
@@ -73,10 +66,19 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
73 if (sdata->vif.bss_conf.ibss_joined) { 66 if (sdata->vif.bss_conf.ibss_joined) {
74 sdata->vif.bss_conf.ibss_joined = false; 67 sdata->vif.bss_conf.ibss_joined = false;
75 sdata->vif.bss_conf.ibss_creator = false; 68 sdata->vif.bss_conf.ibss_creator = false;
69 sdata->vif.bss_conf.enable_beacon = false;
76 netif_carrier_off(sdata->dev); 70 netif_carrier_off(sdata->dev);
77 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_IBSS); 71 ieee80211_bss_info_change_notify(sdata,
72 BSS_CHANGED_IBSS |
73 BSS_CHANGED_BEACON_ENABLED);
78 } 74 }
79 75
76 presp = rcu_dereference_protected(ifibss->presp,
77 lockdep_is_held(&ifibss->mtx));
78 rcu_assign_pointer(ifibss->presp, NULL);
79 if (presp)
80 kfree_rcu(presp, rcu_head);
81
80 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0; 82 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0;
81 83
82 cfg80211_chandef_create(&chandef, chan, ifibss->channel_type); 84 cfg80211_chandef_create(&chandef, chan, ifibss->channel_type);
@@ -98,19 +100,24 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
98 100
99 sband = local->hw.wiphy->bands[chan->band]; 101 sband = local->hw.wiphy->bands[chan->band];
100 102
101 /* build supported rates array */
102 pos = supp_rates;
103 for (i = 0; i < sband->n_bitrates; i++) {
104 int rate = sband->bitrates[i].bitrate;
105 u8 basic = 0;
106 if (basic_rates & BIT(i))
107 basic = 0x80;
108 *pos++ = basic | (u8) (rate / 5);
109 }
110
111 /* Build IBSS probe response */ 103 /* Build IBSS probe response */
112 mgmt = (void *) skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 104 frame_len = sizeof(struct ieee80211_hdr_3addr) +
113 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 105 12 /* struct ieee80211_mgmt.u.beacon */ +
106 2 + IEEE80211_MAX_SSID_LEN /* max SSID */ +
107 2 + 8 /* max Supported Rates */ +
108 3 /* max DS params */ +
109 4 /* IBSS params */ +
110 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
111 2 + sizeof(struct ieee80211_ht_cap) +
112 2 + sizeof(struct ieee80211_ht_operation) +
113 ifibss->ie_len;
114 presp = kzalloc(sizeof(*presp) + frame_len, GFP_KERNEL);
115 if (!presp)
116 return;
117
118 presp->head = (void *)(presp + 1);
119
120 mgmt = (void *) presp->head;
114 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 121 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
115 IEEE80211_STYPE_PROBE_RESP); 122 IEEE80211_STYPE_PROBE_RESP);
116 eth_broadcast_addr(mgmt->da); 123 eth_broadcast_addr(mgmt->da);
@@ -120,27 +127,30 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
120 mgmt->u.beacon.timestamp = cpu_to_le64(tsf); 127 mgmt->u.beacon.timestamp = cpu_to_le64(tsf);
121 mgmt->u.beacon.capab_info = cpu_to_le16(capability); 128 mgmt->u.beacon.capab_info = cpu_to_le16(capability);
122 129
123 pos = skb_put(skb, 2 + ifibss->ssid_len); 130 pos = (u8 *)mgmt + offsetof(struct ieee80211_mgmt, u.beacon.variable);
131
124 *pos++ = WLAN_EID_SSID; 132 *pos++ = WLAN_EID_SSID;
125 *pos++ = ifibss->ssid_len; 133 *pos++ = ifibss->ssid_len;
126 memcpy(pos, ifibss->ssid, ifibss->ssid_len); 134 memcpy(pos, ifibss->ssid, ifibss->ssid_len);
135 pos += ifibss->ssid_len;
127 136
128 rates = sband->n_bitrates; 137 rates = min_t(int, 8, sband->n_bitrates);
129 if (rates > 8)
130 rates = 8;
131 pos = skb_put(skb, 2 + rates);
132 *pos++ = WLAN_EID_SUPP_RATES; 138 *pos++ = WLAN_EID_SUPP_RATES;
133 *pos++ = rates; 139 *pos++ = rates;
134 memcpy(pos, supp_rates, rates); 140 for (i = 0; i < rates; i++) {
141 int rate = sband->bitrates[i].bitrate;
142 u8 basic = 0;
143 if (basic_rates & BIT(i))
144 basic = 0x80;
145 *pos++ = basic | (u8) (rate / 5);
146 }
135 147
136 if (sband->band == IEEE80211_BAND_2GHZ) { 148 if (sband->band == IEEE80211_BAND_2GHZ) {
137 pos = skb_put(skb, 2 + 1);
138 *pos++ = WLAN_EID_DS_PARAMS; 149 *pos++ = WLAN_EID_DS_PARAMS;
139 *pos++ = 1; 150 *pos++ = 1;
140 *pos++ = ieee80211_frequency_to_channel(chan->center_freq); 151 *pos++ = ieee80211_frequency_to_channel(chan->center_freq);
141 } 152 }
142 153
143 pos = skb_put(skb, 2 + 2);
144 *pos++ = WLAN_EID_IBSS_PARAMS; 154 *pos++ = WLAN_EID_IBSS_PARAMS;
145 *pos++ = 2; 155 *pos++ = 2;
146 /* FIX: set ATIM window based on scan results */ 156 /* FIX: set ATIM window based on scan results */
@@ -148,23 +158,25 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
148 *pos++ = 0; 158 *pos++ = 0;
149 159
150 if (sband->n_bitrates > 8) { 160 if (sband->n_bitrates > 8) {
151 rates = sband->n_bitrates - 8;
152 pos = skb_put(skb, 2 + rates);
153 *pos++ = WLAN_EID_EXT_SUPP_RATES; 161 *pos++ = WLAN_EID_EXT_SUPP_RATES;
154 *pos++ = rates; 162 *pos++ = sband->n_bitrates - 8;
155 memcpy(pos, &supp_rates[8], rates); 163 for (i = 8; i < sband->n_bitrates; i++) {
164 int rate = sband->bitrates[i].bitrate;
165 u8 basic = 0;
166 if (basic_rates & BIT(i))
167 basic = 0x80;
168 *pos++ = basic | (u8) (rate / 5);
169 }
156 } 170 }
157 171
158 if (ifibss->ie_len) 172 if (ifibss->ie_len) {
159 memcpy(skb_put(skb, ifibss->ie_len), 173 memcpy(pos, ifibss->ie, ifibss->ie_len);
160 ifibss->ie, ifibss->ie_len); 174 pos += ifibss->ie_len;
175 }
161 176
162 /* add HT capability and information IEs */ 177 /* add HT capability and information IEs */
163 if (chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 178 if (chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
164 sband->ht_cap.ht_supported) { 179 sband->ht_cap.ht_supported) {
165 pos = skb_put(skb, 4 +
166 sizeof(struct ieee80211_ht_cap) +
167 sizeof(struct ieee80211_ht_operation));
168 pos = ieee80211_ie_build_ht_cap(pos, &sband->ht_cap, 180 pos = ieee80211_ie_build_ht_cap(pos, &sband->ht_cap,
169 sband->ht_cap.cap); 181 sband->ht_cap.cap);
170 /* 182 /*
@@ -177,7 +189,6 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
177 } 189 }
178 190
179 if (local->hw.queues >= IEEE80211_NUM_ACS) { 191 if (local->hw.queues >= IEEE80211_NUM_ACS) {
180 pos = skb_put(skb, 9);
181 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 192 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
182 *pos++ = 7; /* len */ 193 *pos++ = 7; /* len */
183 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 194 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
@@ -189,11 +200,17 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
189 *pos++ = 0; /* U-APSD no in use */ 200 *pos++ = 0; /* U-APSD no in use */
190 } 201 }
191 202
192 rcu_assign_pointer(ifibss->presp, skb); 203 presp->head_len = pos - presp->head;
204 if (WARN_ON(presp->head_len > frame_len))
205 return;
206
207 rcu_assign_pointer(ifibss->presp, presp);
193 208
194 sdata->vif.bss_conf.enable_beacon = true; 209 sdata->vif.bss_conf.enable_beacon = true;
195 sdata->vif.bss_conf.beacon_int = beacon_int; 210 sdata->vif.bss_conf.beacon_int = beacon_int;
196 sdata->vif.bss_conf.basic_rates = basic_rates; 211 sdata->vif.bss_conf.basic_rates = basic_rates;
212 sdata->vif.bss_conf.ssid_len = ifibss->ssid_len;
213 memcpy(sdata->vif.bss_conf.ssid, ifibss->ssid, ifibss->ssid_len);
197 bss_change = BSS_CHANGED_BEACON_INT; 214 bss_change = BSS_CHANGED_BEACON_INT;
198 bss_change |= ieee80211_reset_erp_info(sdata); 215 bss_change |= ieee80211_reset_erp_info(sdata);
199 bss_change |= BSS_CHANGED_BSSID; 216 bss_change |= BSS_CHANGED_BSSID;
@@ -202,6 +219,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
202 bss_change |= BSS_CHANGED_BASIC_RATES; 219 bss_change |= BSS_CHANGED_BASIC_RATES;
203 bss_change |= BSS_CHANGED_HT; 220 bss_change |= BSS_CHANGED_HT;
204 bss_change |= BSS_CHANGED_IBSS; 221 bss_change |= BSS_CHANGED_IBSS;
222 bss_change |= BSS_CHANGED_SSID;
205 223
206 /* 224 /*
207 * In 5 GHz/802.11a, we can always use short slot time. 225 * In 5 GHz/802.11a, we can always use short slot time.
@@ -227,7 +245,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
227 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL)); 245 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
228 246
229 bss = cfg80211_inform_bss_frame(local->hw.wiphy, chan, 247 bss = cfg80211_inform_bss_frame(local->hw.wiphy, chan,
230 mgmt, skb->len, 0, GFP_KERNEL); 248 mgmt, presp->head_len, 0, GFP_KERNEL);
231 cfg80211_put_bss(local->hw.wiphy, bss); 249 cfg80211_put_bss(local->hw.wiphy, bss);
232 netif_carrier_on(sdata->dev); 250 netif_carrier_on(sdata->dev);
233 cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL); 251 cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL);
@@ -448,7 +466,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
448 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 466 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band];
449 bool rates_updated = false; 467 bool rates_updated = false;
450 468
451 if (elems->ds_params && elems->ds_params_len == 1) 469 if (elems->ds_params)
452 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 470 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
453 band); 471 band);
454 else 472 else
@@ -822,8 +840,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
822 struct ieee80211_local *local = sdata->local; 840 struct ieee80211_local *local = sdata->local;
823 int tx_last_beacon, len = req->len; 841 int tx_last_beacon, len = req->len;
824 struct sk_buff *skb; 842 struct sk_buff *skb;
825 struct ieee80211_mgmt *resp; 843 struct beacon_data *presp;
826 struct sk_buff *presp;
827 u8 *pos, *end; 844 u8 *pos, *end;
828 845
829 lockdep_assert_held(&ifibss->mtx); 846 lockdep_assert_held(&ifibss->mtx);
@@ -864,13 +881,15 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
864 } 881 }
865 882
866 /* Reply with ProbeResp */ 883 /* Reply with ProbeResp */
867 skb = skb_copy(presp, GFP_KERNEL); 884 skb = dev_alloc_skb(local->tx_headroom + presp->head_len);
868 if (!skb) 885 if (!skb)
869 return; 886 return;
870 887
871 resp = (struct ieee80211_mgmt *) skb->data; 888 skb_reserve(skb, local->tx_headroom);
872 memcpy(resp->da, mgmt->sa, ETH_ALEN); 889 memcpy(skb_put(skb, presp->head_len), presp->head, presp->head_len);
873 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", resp->da); 890
891 memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN);
892 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa);
874 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 893 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
875 ieee80211_tx_skb(sdata, skb); 894 ieee80211_tx_skb(sdata, skb);
876} 895}
@@ -895,7 +914,7 @@ void ieee80211_rx_mgmt_probe_beacon(struct ieee80211_sub_if_data *sdata,
895 return; 914 return;
896 915
897 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 916 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
898 &elems); 917 false, &elems);
899 918
900 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 919 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
901} 920}
@@ -1020,23 +1039,8 @@ void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local)
1020int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, 1039int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1021 struct cfg80211_ibss_params *params) 1040 struct cfg80211_ibss_params *params)
1022{ 1041{
1023 struct sk_buff *skb;
1024 u32 changed = 0; 1042 u32 changed = 0;
1025 1043
1026 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom +
1027 sizeof(struct ieee80211_hdr_3addr) +
1028 12 /* struct ieee80211_mgmt.u.beacon */ +
1029 2 + IEEE80211_MAX_SSID_LEN /* max SSID */ +
1030 2 + 8 /* max Supported Rates */ +
1031 3 /* max DS params */ +
1032 4 /* IBSS params */ +
1033 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
1034 2 + sizeof(struct ieee80211_ht_cap) +
1035 2 + sizeof(struct ieee80211_ht_operation) +
1036 params->ie_len);
1037 if (!skb)
1038 return -ENOMEM;
1039
1040 mutex_lock(&sdata->u.ibss.mtx); 1044 mutex_lock(&sdata->u.ibss.mtx);
1041 1045
1042 if (params->bssid) { 1046 if (params->bssid) {
@@ -1065,7 +1069,6 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1065 sdata->u.ibss.ie_len = params->ie_len; 1069 sdata->u.ibss.ie_len = params->ie_len;
1066 } 1070 }
1067 1071
1068 sdata->u.ibss.skb = skb;
1069 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 1072 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
1070 sdata->u.ibss.ibss_join_req = jiffies; 1073 sdata->u.ibss.ibss_join_req = jiffies;
1071 1074
@@ -1101,13 +1104,13 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1101 1104
1102int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata) 1105int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
1103{ 1106{
1104 struct sk_buff *skb;
1105 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 1107 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
1106 struct ieee80211_local *local = sdata->local; 1108 struct ieee80211_local *local = sdata->local;
1107 struct cfg80211_bss *cbss; 1109 struct cfg80211_bss *cbss;
1108 u16 capability; 1110 u16 capability;
1109 int active_ibss; 1111 int active_ibss;
1110 struct sta_info *sta; 1112 struct sta_info *sta;
1113 struct beacon_data *presp;
1111 1114
1112 mutex_lock(&sdata->u.ibss.mtx); 1115 mutex_lock(&sdata->u.ibss.mtx);
1113 1116
@@ -1153,17 +1156,18 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
1153 1156
1154 /* remove beacon */ 1157 /* remove beacon */
1155 kfree(sdata->u.ibss.ie); 1158 kfree(sdata->u.ibss.ie);
1156 skb = rcu_dereference_protected(sdata->u.ibss.presp, 1159 presp = rcu_dereference_protected(ifibss->presp,
1157 lockdep_is_held(&sdata->u.ibss.mtx)); 1160 lockdep_is_held(&sdata->u.ibss.mtx));
1158 RCU_INIT_POINTER(sdata->u.ibss.presp, NULL); 1161 RCU_INIT_POINTER(sdata->u.ibss.presp, NULL);
1159 sdata->vif.bss_conf.ibss_joined = false; 1162 sdata->vif.bss_conf.ibss_joined = false;
1160 sdata->vif.bss_conf.ibss_creator = false; 1163 sdata->vif.bss_conf.ibss_creator = false;
1161 sdata->vif.bss_conf.enable_beacon = false; 1164 sdata->vif.bss_conf.enable_beacon = false;
1165 sdata->vif.bss_conf.ssid_len = 0;
1162 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); 1166 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1163 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | 1167 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
1164 BSS_CHANGED_IBSS); 1168 BSS_CHANGED_IBSS);
1165 synchronize_rcu(); 1169 synchronize_rcu();
1166 kfree_skb(skb); 1170 kfree(presp);
1167 1171
1168 skb_queue_purge(&sdata->skb_queue); 1172 skb_queue_purge(&sdata->skb_queue);
1169 1173
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 0b09716d22ad..158e6eb188d3 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -156,6 +156,7 @@ struct ieee80211_tx_data {
156 struct ieee80211_sub_if_data *sdata; 156 struct ieee80211_sub_if_data *sdata;
157 struct sta_info *sta; 157 struct sta_info *sta;
158 struct ieee80211_key *key; 158 struct ieee80211_key *key;
159 struct ieee80211_tx_rate rate;
159 160
160 unsigned int flags; 161 unsigned int flags;
161}; 162};
@@ -443,7 +444,7 @@ struct ieee80211_if_managed {
443 444
444 u8 use_4addr; 445 u8 use_4addr;
445 446
446 u8 p2p_noa_index; 447 s16 p2p_noa_index;
447 448
448 /* Signal strength from the last Beacon frame in the current BSS. */ 449 /* Signal strength from the last Beacon frame in the current BSS. */
449 int last_beacon_signal; 450 int last_beacon_signal;
@@ -509,8 +510,7 @@ struct ieee80211_if_ibss {
509 510
510 unsigned long ibss_join_req; 511 unsigned long ibss_join_req;
511 /* probe response/beacon for IBSS */ 512 /* probe response/beacon for IBSS */
512 struct sk_buff __rcu *presp; 513 struct beacon_data __rcu *presp;
513 struct sk_buff *skb;
514 514
515 spinlock_t incomplete_lock; 515 spinlock_t incomplete_lock;
516 struct list_head incomplete_stations; 516 struct list_head incomplete_stations;
@@ -741,6 +741,8 @@ struct ieee80211_sub_if_data {
741 741
742 /* bitmap of allowed (non-MCS) rate indexes for rate control */ 742 /* bitmap of allowed (non-MCS) rate indexes for rate control */
743 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS]; 743 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS];
744
745 bool rc_has_mcs_mask[IEEE80211_NUM_BANDS];
744 u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN]; 746 u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN];
745 747
746 union { 748 union {
@@ -1021,10 +1023,9 @@ struct ieee80211_local {
1021 enum mac80211_scan_state next_scan_state; 1023 enum mac80211_scan_state next_scan_state;
1022 struct delayed_work scan_work; 1024 struct delayed_work scan_work;
1023 struct ieee80211_sub_if_data __rcu *scan_sdata; 1025 struct ieee80211_sub_if_data __rcu *scan_sdata;
1024 struct ieee80211_channel *csa_channel; 1026 struct cfg80211_chan_def csa_chandef;
1025 /* For backward compatibility only -- do not use */ 1027 /* For backward compatibility only -- do not use */
1026 struct ieee80211_channel *_oper_channel; 1028 struct cfg80211_chan_def _oper_chandef;
1027 enum nl80211_channel_type _oper_channel_type;
1028 1029
1029 /* Temporary remain-on-channel for off-channel operations */ 1030 /* Temporary remain-on-channel for off-channel operations */
1030 struct ieee80211_channel *tmp_channel; 1031 struct ieee80211_channel *tmp_channel;
@@ -1160,11 +1161,8 @@ struct ieee802_11_elems {
1160 /* pointers to IEs */ 1161 /* pointers to IEs */
1161 const u8 *ssid; 1162 const u8 *ssid;
1162 const u8 *supp_rates; 1163 const u8 *supp_rates;
1163 const u8 *fh_params;
1164 const u8 *ds_params; 1164 const u8 *ds_params;
1165 const u8 *cf_params;
1166 const struct ieee80211_tim_ie *tim; 1165 const struct ieee80211_tim_ie *tim;
1167 const u8 *ibss_params;
1168 const u8 *challenge; 1166 const u8 *challenge;
1169 const u8 *rsn; 1167 const u8 *rsn;
1170 const u8 *erp_info; 1168 const u8 *erp_info;
@@ -1184,23 +1182,20 @@ struct ieee802_11_elems {
1184 const u8 *perr; 1182 const u8 *perr;
1185 const struct ieee80211_rann_ie *rann; 1183 const struct ieee80211_rann_ie *rann;
1186 const struct ieee80211_channel_sw_ie *ch_switch_ie; 1184 const struct ieee80211_channel_sw_ie *ch_switch_ie;
1185 const struct ieee80211_ext_chansw_ie *ext_chansw_ie;
1186 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1187 const u8 *country_elem; 1187 const u8 *country_elem;
1188 const u8 *pwr_constr_elem; 1188 const u8 *pwr_constr_elem;
1189 const u8 *quiet_elem; /* first quite element */ 1189 const struct ieee80211_timeout_interval_ie *timeout_int;
1190 const u8 *timeout_int;
1191 const u8 *opmode_notif; 1190 const u8 *opmode_notif;
1191 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1192 1192
1193 /* length of them, respectively */ 1193 /* length of them, respectively */
1194 u8 ssid_len; 1194 u8 ssid_len;
1195 u8 supp_rates_len; 1195 u8 supp_rates_len;
1196 u8 fh_params_len;
1197 u8 ds_params_len;
1198 u8 cf_params_len;
1199 u8 tim_len; 1196 u8 tim_len;
1200 u8 ibss_params_len;
1201 u8 challenge_len; 1197 u8 challenge_len;
1202 u8 rsn_len; 1198 u8 rsn_len;
1203 u8 erp_info_len;
1204 u8 ext_supp_rates_len; 1199 u8 ext_supp_rates_len;
1205 u8 wmm_info_len; 1200 u8 wmm_info_len;
1206 u8 wmm_param_len; 1201 u8 wmm_param_len;
@@ -1210,9 +1205,6 @@ struct ieee802_11_elems {
1210 u8 prep_len; 1205 u8 prep_len;
1211 u8 perr_len; 1206 u8 perr_len;
1212 u8 country_elem_len; 1207 u8 country_elem_len;
1213 u8 quiet_elem_len;
1214 u8 num_of_quiet_elem; /* can be more the one */
1215 u8 timeout_int_len;
1216 1208
1217 /* whether a parse error occurred while retrieving these elements */ 1209 /* whether a parse error occurred while retrieving these elements */
1218 bool parse_error; 1210 bool parse_error;
@@ -1267,10 +1259,6 @@ void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata);
1267int ieee80211_max_network_latency(struct notifier_block *nb, 1259int ieee80211_max_network_latency(struct notifier_block *nb,
1268 unsigned long data, void *dummy); 1260 unsigned long data, void *dummy);
1269int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata); 1261int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata);
1270void
1271ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1272 const struct ieee80211_channel_sw_ie *sw_elem,
1273 struct ieee80211_bss *bss, u64 timestamp);
1274void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata); 1262void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
1275void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1263void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1276 struct sk_buff *skb); 1264 struct sk_buff *skb);
@@ -1330,7 +1318,8 @@ void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local);
1330void ieee80211_offchannel_return(struct ieee80211_local *local); 1318void ieee80211_offchannel_return(struct ieee80211_local *local);
1331void ieee80211_roc_setup(struct ieee80211_local *local); 1319void ieee80211_roc_setup(struct ieee80211_local *local);
1332void ieee80211_start_next_roc(struct ieee80211_local *local); 1320void ieee80211_start_next_roc(struct ieee80211_local *local);
1333void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); 1321void ieee80211_roc_purge(struct ieee80211_local *local,
1322 struct ieee80211_sub_if_data *sdata);
1334void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); 1323void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
1335void ieee80211_sw_roc_work(struct work_struct *work); 1324void ieee80211_sw_roc_work(struct work_struct *work);
1336void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); 1325void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
@@ -1351,6 +1340,8 @@ void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1351 const int offset); 1340 const int offset);
1352int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up); 1341int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up);
1353void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata); 1342void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata);
1343int ieee80211_add_virtual_monitor(struct ieee80211_local *local);
1344void ieee80211_del_virtual_monitor(struct ieee80211_local *local);
1354 1345
1355bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); 1346bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
1356void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); 1347void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
@@ -1505,11 +1496,15 @@ static inline void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata,
1505 ieee80211_tx_skb_tid(sdata, skb, 7); 1496 ieee80211_tx_skb_tid(sdata, skb, 7);
1506} 1497}
1507 1498
1508void ieee802_11_parse_elems(u8 *start, size_t len, 1499u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action,
1509 struct ieee802_11_elems *elems);
1510u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
1511 struct ieee802_11_elems *elems, 1500 struct ieee802_11_elems *elems,
1512 u64 filter, u32 crc); 1501 u64 filter, u32 crc);
1502static inline void ieee802_11_parse_elems(u8 *start, size_t len, bool action,
1503 struct ieee802_11_elems *elems)
1504{
1505 ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0);
1506}
1507
1513u32 ieee80211_mandatory_rates(struct ieee80211_local *local, 1508u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
1514 enum ieee80211_band band); 1509 enum ieee80211_band band);
1515 1510
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index e8a260f53c16..60f1ce5e5e52 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Interface handling (except master interface) 2 * Interface handling
3 * 3 *
4 * Copyright 2002-2005, Instant802 Networks, Inc. 4 * Copyright 2002-2005, Instant802 Networks, Inc.
5 * Copyright 2005-2006, Devicescape Software, Inc. 5 * Copyright 2005-2006, Devicescape Software, Inc.
@@ -357,7 +357,7 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
357 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE; 357 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
358} 358}
359 359
360static int ieee80211_add_virtual_monitor(struct ieee80211_local *local) 360int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
361{ 361{
362 struct ieee80211_sub_if_data *sdata; 362 struct ieee80211_sub_if_data *sdata;
363 int ret; 363 int ret;
@@ -410,7 +410,7 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
410 return 0; 410 return 0;
411} 411}
412 412
413static void ieee80211_del_virtual_monitor(struct ieee80211_local *local) 413void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
414{ 414{
415 struct ieee80211_sub_if_data *sdata; 415 struct ieee80211_sub_if_data *sdata;
416 416
@@ -595,7 +595,8 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
595 case NL80211_IFTYPE_P2P_DEVICE: 595 case NL80211_IFTYPE_P2P_DEVICE:
596 break; 596 break;
597 default: 597 default:
598 netif_carrier_on(dev); 598 /* not reached */
599 WARN_ON(1);
599 } 600 }
600 601
601 /* 602 /*
@@ -652,8 +653,28 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
652 653
653 ieee80211_recalc_ps(local, -1); 654 ieee80211_recalc_ps(local, -1);
654 655
655 if (dev) 656 if (dev) {
656 netif_tx_start_all_queues(dev); 657 unsigned long flags;
658 int n_acs = IEEE80211_NUM_ACS;
659 int ac;
660
661 if (local->hw.queues < IEEE80211_NUM_ACS)
662 n_acs = 1;
663
664 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
665 if (sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE ||
666 (local->queue_stop_reasons[sdata->vif.cab_queue] == 0 &&
667 skb_queue_empty(&local->pending[sdata->vif.cab_queue]))) {
668 for (ac = 0; ac < n_acs; ac++) {
669 int ac_queue = sdata->vif.hw_queue[ac];
670
671 if (local->queue_stop_reasons[ac_queue] == 0 &&
672 skb_queue_empty(&local->pending[ac_queue]))
673 netif_start_subqueue(dev, ac);
674 }
675 }
676 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
677 }
657 678
658 return 0; 679 return 0;
659 err_del_interface: 680 err_del_interface:
@@ -707,7 +728,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
707 if (sdata->dev) 728 if (sdata->dev)
708 netif_tx_stop_all_queues(sdata->dev); 729 netif_tx_stop_all_queues(sdata->dev);
709 730
710 ieee80211_roc_purge(sdata); 731 ieee80211_roc_purge(local, sdata);
711 732
712 if (sdata->vif.type == NL80211_IFTYPE_STATION) 733 if (sdata->vif.type == NL80211_IFTYPE_STATION)
713 ieee80211_mgd_stop(sdata); 734 ieee80211_mgd_stop(sdata);
@@ -732,12 +753,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
732 WARN_ON_ONCE((sdata->vif.type != NL80211_IFTYPE_WDS && flushed > 0) || 753 WARN_ON_ONCE((sdata->vif.type != NL80211_IFTYPE_WDS && flushed > 0) ||
733 (sdata->vif.type == NL80211_IFTYPE_WDS && flushed != 1)); 754 (sdata->vif.type == NL80211_IFTYPE_WDS && flushed != 1));
734 755
735 /* 756 /* don't count this interface for promisc/allmulti while it is down */
736 * Don't count this interface for promisc/allmulti while it
737 * is down. dev_mc_unsync() will invoke set_multicast_list
738 * on the master interface which will sync these down to the
739 * hardware as filter flags.
740 */
741 if (sdata->flags & IEEE80211_SDATA_ALLMULTI) 757 if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
742 atomic_dec(&local->iff_allmultis); 758 atomic_dec(&local->iff_allmultis);
743 759
@@ -758,8 +774,6 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
758 sdata->dev->addr_len); 774 sdata->dev->addr_len);
759 spin_unlock_bh(&local->filter_lock); 775 spin_unlock_bh(&local->filter_lock);
760 netif_addr_unlock_bh(sdata->dev); 776 netif_addr_unlock_bh(sdata->dev);
761
762 ieee80211_configure_filter(local);
763 } 777 }
764 778
765 del_timer_sync(&local->dynamic_ps_timer); 779 del_timer_sync(&local->dynamic_ps_timer);
@@ -770,6 +784,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
770 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); 784 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
771 785
772 if (sdata->wdev.cac_started) { 786 if (sdata->wdev.cac_started) {
787 WARN_ON(local->suspended);
773 mutex_lock(&local->iflist_mtx); 788 mutex_lock(&local->iflist_mtx);
774 ieee80211_vif_release_channel(sdata); 789 ieee80211_vif_release_channel(sdata);
775 mutex_unlock(&local->iflist_mtx); 790 mutex_unlock(&local->iflist_mtx);
@@ -820,14 +835,9 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
820 if (local->monitors == 0) { 835 if (local->monitors == 0) {
821 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR; 836 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
822 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR; 837 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
823 ieee80211_del_virtual_monitor(local);
824 } 838 }
825 839
826 ieee80211_adjust_monitor_flags(sdata, -1); 840 ieee80211_adjust_monitor_flags(sdata, -1);
827 ieee80211_configure_filter(local);
828 mutex_lock(&local->mtx);
829 ieee80211_recalc_idle(local);
830 mutex_unlock(&local->mtx);
831 break; 841 break;
832 case NL80211_IFTYPE_P2P_DEVICE: 842 case NL80211_IFTYPE_P2P_DEVICE:
833 /* relies on synchronize_rcu() below */ 843 /* relies on synchronize_rcu() below */
@@ -840,11 +850,12 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
840 * 850 *
841 * sta_info_flush_cleanup() requires rcu_barrier() 851 * sta_info_flush_cleanup() requires rcu_barrier()
842 * first to wait for the station call_rcu() calls 852 * first to wait for the station call_rcu() calls
843 * to complete, here we need at least sychronize_rcu() 853 * to complete, and we also need synchronize_rcu()
844 * it to wait for the RX path in case it is using the 854 * to wait for the RX path in case it is using the
845 * interface and enqueuing frames at this very time on 855 * interface and enqueuing frames at this very time on
846 * another CPU. 856 * another CPU.
847 */ 857 */
858 synchronize_rcu();
848 rcu_barrier(); 859 rcu_barrier();
849 sta_info_flush_cleanup(sdata); 860 sta_info_flush_cleanup(sdata);
850 861
@@ -857,27 +868,10 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
857 /* fall through */ 868 /* fall through */
858 case NL80211_IFTYPE_AP: 869 case NL80211_IFTYPE_AP:
859 skb_queue_purge(&sdata->skb_queue); 870 skb_queue_purge(&sdata->skb_queue);
860
861 if (going_down)
862 drv_remove_interface(local, sdata);
863 } 871 }
864 872
865 sdata->bss = NULL; 873 sdata->bss = NULL;
866 874
867 ieee80211_recalc_ps(local, -1);
868
869 if (local->open_count == 0) {
870 ieee80211_clear_tx_pending(local);
871 ieee80211_stop_device(local);
872
873 /* no reconfiguring after stop! */
874 hw_reconf_flags = 0;
875 }
876
877 /* do after stop to avoid reconfiguring when we stop anyway */
878 if (hw_reconf_flags)
879 ieee80211_hw_config(local, hw_reconf_flags);
880
881 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 875 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
882 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) { 876 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
883 skb_queue_walk_safe(&local->pending[i], skb, tmp) { 877 skb_queue_walk_safe(&local->pending[i], skb, tmp) {
@@ -890,7 +884,54 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
890 } 884 }
891 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 885 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
892 886
893 if (local->monitors == local->open_count && local->monitors > 0) 887 if (local->open_count == 0)
888 ieee80211_clear_tx_pending(local);
889
890 /*
891 * If the interface goes down while suspended, presumably because
892 * the device was unplugged and that happens before our resume,
893 * then the driver is already unconfigured and the remainder of
894 * this function isn't needed.
895 * XXX: what about WoWLAN? If the device has software state, e.g.
896 * memory allocated, it might expect teardown commands from
897 * mac80211 here?
898 */
899 if (local->suspended) {
900 WARN_ON(local->wowlan);
901 WARN_ON(rtnl_dereference(local->monitor_sdata));
902 return;
903 }
904
905 switch (sdata->vif.type) {
906 case NL80211_IFTYPE_AP_VLAN:
907 break;
908 case NL80211_IFTYPE_MONITOR:
909 if (local->monitors == 0)
910 ieee80211_del_virtual_monitor(local);
911
912 mutex_lock(&local->mtx);
913 ieee80211_recalc_idle(local);
914 mutex_unlock(&local->mtx);
915 break;
916 default:
917 if (going_down)
918 drv_remove_interface(local, sdata);
919 }
920
921 ieee80211_recalc_ps(local, -1);
922
923 if (local->open_count == 0) {
924 ieee80211_stop_device(local);
925
926 /* no reconfiguring after stop! */
927 return;
928 }
929
930 /* do after stop to avoid reconfiguring when we stop anyway */
931 ieee80211_configure_filter(local);
932 ieee80211_hw_config(local, hw_reconf_flags);
933
934 if (local->monitors == local->open_count)
894 ieee80211_add_virtual_monitor(local); 935 ieee80211_add_virtual_monitor(local);
895} 936}
896 937
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c6f81ecc36a1..8a7bfc47d577 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -95,42 +95,47 @@ static void ieee80211_reconfig_filter(struct work_struct *work)
95static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local) 95static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local)
96{ 96{
97 struct ieee80211_sub_if_data *sdata; 97 struct ieee80211_sub_if_data *sdata;
98 struct ieee80211_channel *chan; 98 struct cfg80211_chan_def chandef = {};
99 u32 changed = 0; 99 u32 changed = 0;
100 int power; 100 int power;
101 enum nl80211_channel_type channel_type;
102 u32 offchannel_flag; 101 u32 offchannel_flag;
103 102
104 offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL; 103 offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
104
105 if (local->scan_channel) { 105 if (local->scan_channel) {
106 chan = local->scan_channel; 106 chandef.chan = local->scan_channel;
107 /* If scanning on oper channel, use whatever channel-type 107 /* If scanning on oper channel, use whatever channel-type
108 * is currently in use. 108 * is currently in use.
109 */ 109 */
110 if (chan == local->_oper_channel) 110 if (chandef.chan == local->_oper_chandef.chan) {
111 channel_type = local->_oper_channel_type; 111 chandef = local->_oper_chandef;
112 else 112 } else {
113 channel_type = NL80211_CHAN_NO_HT; 113 chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
114 chandef.center_freq1 = chandef.chan->center_freq;
115 }
114 } else if (local->tmp_channel) { 116 } else if (local->tmp_channel) {
115 chan = local->tmp_channel; 117 chandef.chan = local->tmp_channel;
116 channel_type = NL80211_CHAN_NO_HT; 118 chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
117 } else { 119 chandef.center_freq1 = chandef.chan->center_freq;
118 chan = local->_oper_channel; 120 } else
119 channel_type = local->_oper_channel_type; 121 chandef = local->_oper_chandef;
120 } 122
121 123 WARN(!cfg80211_chandef_valid(&chandef),
122 if (chan != local->_oper_channel || 124 "control:%d MHz width:%d center: %d/%d MHz",
123 channel_type != local->_oper_channel_type) 125 chandef.chan->center_freq, chandef.width,
126 chandef.center_freq1, chandef.center_freq2);
127
128 if (!cfg80211_chandef_identical(&chandef, &local->_oper_chandef))
124 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL; 129 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
125 else 130 else
126 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL; 131 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL;
127 132
128 offchannel_flag ^= local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL; 133 offchannel_flag ^= local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
129 134
130 if (offchannel_flag || chan != local->hw.conf.channel || 135 if (offchannel_flag ||
131 channel_type != local->hw.conf.channel_type) { 136 !cfg80211_chandef_identical(&local->hw.conf.chandef,
132 local->hw.conf.channel = chan; 137 &local->_oper_chandef)) {
133 local->hw.conf.channel_type = channel_type; 138 local->hw.conf.chandef = chandef;
134 changed |= IEEE80211_CONF_CHANGE_CHANNEL; 139 changed |= IEEE80211_CONF_CHANGE_CHANNEL;
135 } 140 }
136 141
@@ -146,7 +151,7 @@ static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local)
146 changed |= IEEE80211_CONF_CHANGE_SMPS; 151 changed |= IEEE80211_CONF_CHANGE_SMPS;
147 } 152 }
148 153
149 power = chan->max_power; 154 power = chandef.chan->max_power;
150 155
151 rcu_read_lock(); 156 rcu_read_lock();
152 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 157 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
@@ -587,6 +592,8 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
587 IEEE80211_RADIOTAP_MCS_HAVE_BW; 592 IEEE80211_RADIOTAP_MCS_HAVE_BW;
588 local->hw.radiotap_vht_details = IEEE80211_RADIOTAP_VHT_KNOWN_GI | 593 local->hw.radiotap_vht_details = IEEE80211_RADIOTAP_VHT_KNOWN_GI |
589 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH; 594 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH;
595 local->hw.uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
596 local->hw.uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
590 local->user_power_level = IEEE80211_UNSET_POWER_LEVEL; 597 local->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
591 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask; 598 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask;
592 wiphy->vht_capa_mod_mask = &mac80211_vht_capa_mod_mask; 599 wiphy->vht_capa_mod_mask = &mac80211_vht_capa_mod_mask;
@@ -661,6 +668,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
661 int channels, max_bitrates; 668 int channels, max_bitrates;
662 bool supp_ht, supp_vht; 669 bool supp_ht, supp_vht;
663 netdev_features_t feature_whitelist; 670 netdev_features_t feature_whitelist;
671 struct cfg80211_chan_def dflt_chandef = {};
664 static const u32 cipher_suites[] = { 672 static const u32 cipher_suites[] = {
665 /* keep WEP first, it may be removed below */ 673 /* keep WEP first, it may be removed below */
666 WLAN_CIPHER_SUITE_WEP40, 674 WLAN_CIPHER_SUITE_WEP40,
@@ -738,15 +746,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
738 sband = local->hw.wiphy->bands[band]; 746 sband = local->hw.wiphy->bands[band];
739 if (!sband) 747 if (!sband)
740 continue; 748 continue;
741 if (!local->use_chanctx && !local->_oper_channel) { 749
750 if (!dflt_chandef.chan) {
751 cfg80211_chandef_create(&dflt_chandef,
752 &sband->channels[0],
753 NL80211_CHAN_NO_HT);
742 /* init channel we're on */ 754 /* init channel we're on */
743 local->hw.conf.channel = 755 if (!local->use_chanctx && !local->_oper_chandef.chan) {
744 local->_oper_channel = &sband->channels[0]; 756 local->hw.conf.chandef = dflt_chandef;
745 local->hw.conf.channel_type = NL80211_CHAN_NO_HT; 757 local->_oper_chandef = dflt_chandef;
758 }
759 local->monitor_chandef = dflt_chandef;
746 } 760 }
747 cfg80211_chandef_create(&local->monitor_chandef, 761
748 &sband->channels[0],
749 NL80211_CHAN_NO_HT);
750 channels += sband->n_channels; 762 channels += sband->n_channels;
751 763
752 if (max_bitrates < sband->n_bitrates) 764 if (max_bitrates < sband->n_bitrates)
@@ -829,22 +841,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
829 if (supp_ht) 841 if (supp_ht)
830 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap); 842 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap);
831 843
832 if (supp_vht) { 844 if (supp_vht)
833 local->scan_ies_len += 845 local->scan_ies_len +=
834 2 + sizeof(struct ieee80211_vht_cap); 846 2 + sizeof(struct ieee80211_vht_cap);
835 847
836 /*
837 * (for now at least), drivers wanting to use VHT must
838 * support channel contexts, as they contain all the
839 * necessary VHT information and the global hw config
840 * doesn't (yet)
841 */
842 if (WARN_ON(!local->use_chanctx)) {
843 result = -EINVAL;
844 goto fail_wiphy_register;
845 }
846 }
847
848 if (!local->ops->hw_scan) { 848 if (!local->ops->hw_scan) {
849 /* For hw_scan, driver needs to set these up. */ 849 /* For hw_scan, driver needs to set these up. */
850 local->hw.wiphy->max_scan_ssids = 4; 850 local->hw.wiphy->max_scan_ssids = 4;
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 123a300cef57..6952760881c8 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -838,7 +838,7 @@ ieee80211_mesh_rx_probe_req(struct ieee80211_sub_if_data *sdata,
838 if (baselen > len) 838 if (baselen > len)
839 return; 839 return;
840 840
841 ieee802_11_parse_elems(pos, len - baselen, &elems); 841 ieee802_11_parse_elems(pos, len - baselen, false, &elems);
842 842
843 /* 802.11-2012 10.1.4.3.2 */ 843 /* 802.11-2012 10.1.4.3.2 */
844 if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) && 844 if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
@@ -899,7 +899,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
899 return; 899 return;
900 900
901 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 901 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
902 &elems); 902 false, &elems);
903 903
904 /* ignore non-mesh or secure / unsecure mismatch */ 904 /* ignore non-mesh or secure / unsecure mismatch */
905 if ((!elems.mesh_id || !elems.mesh_config) || 905 if ((!elems.mesh_id || !elems.mesh_config) ||
@@ -907,7 +907,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
907 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)) 907 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
908 return; 908 return;
909 909
910 if (elems.ds_params && elems.ds_params_len == 1) 910 if (elems.ds_params)
911 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band); 911 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
912 else 912 else
913 freq = rx_status->freq; 913 freq = rx_status->freq;
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 6ffabbe99c46..da158774eebb 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -275,7 +275,8 @@ void mesh_path_fix_nexthop(struct mesh_path *mpath, struct sta_info *next_hop);
275void mesh_path_expire(struct ieee80211_sub_if_data *sdata); 275void mesh_path_expire(struct ieee80211_sub_if_data *sdata);
276void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata, 276void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
277 struct ieee80211_mgmt *mgmt, size_t len); 277 struct ieee80211_mgmt *mgmt, size_t len);
278int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst); 278struct mesh_path *
279mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst);
279 280
280int mesh_path_add_gate(struct mesh_path *mpath); 281int mesh_path_add_gate(struct mesh_path *mpath);
281int mesh_path_send_to_gates(struct mesh_path *mpath); 282int mesh_path_send_to_gates(struct mesh_path *mpath);
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index bdb8d3b14587..486819cd02cd 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -144,7 +144,7 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
144 *pos++ = WLAN_EID_PREQ; 144 *pos++ = WLAN_EID_PREQ;
145 break; 145 break;
146 case MPATH_PREP: 146 case MPATH_PREP:
147 mhwmp_dbg(sdata, "sending PREP to %pM\n", target); 147 mhwmp_dbg(sdata, "sending PREP to %pM\n", orig_addr);
148 ie_len = 31; 148 ie_len = 31;
149 pos = skb_put(skb, 2 + ie_len); 149 pos = skb_put(skb, 2 + ie_len);
150 *pos++ = WLAN_EID_PREP; 150 *pos++ = WLAN_EID_PREP;
@@ -445,9 +445,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
445 } 445 }
446 } 446 }
447 } else { 447 } else {
448 mesh_path_add(sdata, orig_addr); 448 mpath = mesh_path_add(sdata, orig_addr);
449 mpath = mesh_path_lookup(sdata, orig_addr); 449 if (IS_ERR(mpath)) {
450 if (!mpath) {
451 rcu_read_unlock(); 450 rcu_read_unlock();
452 return 0; 451 return 0;
453 } 452 }
@@ -486,9 +485,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
486 (last_hop_metric > mpath->metric))) 485 (last_hop_metric > mpath->metric)))
487 fresh_info = false; 486 fresh_info = false;
488 } else { 487 } else {
489 mesh_path_add(sdata, ta); 488 mpath = mesh_path_add(sdata, ta);
490 mpath = mesh_path_lookup(sdata, ta); 489 if (IS_ERR(mpath)) {
491 if (!mpath) {
492 rcu_read_unlock(); 490 rcu_read_unlock();
493 return 0; 491 return 0;
494 } 492 }
@@ -661,7 +659,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
661 u32 target_sn, orig_sn, lifetime; 659 u32 target_sn, orig_sn, lifetime;
662 660
663 mhwmp_dbg(sdata, "received PREP from %pM\n", 661 mhwmp_dbg(sdata, "received PREP from %pM\n",
664 PREP_IE_ORIG_ADDR(prep_elem)); 662 PREP_IE_TARGET_ADDR(prep_elem));
665 663
666 orig_addr = PREP_IE_ORIG_ADDR(prep_elem); 664 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
667 if (ether_addr_equal(orig_addr, sdata->vif.addr)) 665 if (ether_addr_equal(orig_addr, sdata->vif.addr))
@@ -804,9 +802,8 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
804 802
805 mpath = mesh_path_lookup(sdata, orig_addr); 803 mpath = mesh_path_lookup(sdata, orig_addr);
806 if (!mpath) { 804 if (!mpath) {
807 mesh_path_add(sdata, orig_addr); 805 mpath = mesh_path_add(sdata, orig_addr);
808 mpath = mesh_path_lookup(sdata, orig_addr); 806 if (IS_ERR(mpath)) {
809 if (!mpath) {
810 rcu_read_unlock(); 807 rcu_read_unlock();
811 sdata->u.mesh.mshstats.dropped_frames_no_route++; 808 sdata->u.mesh.mshstats.dropped_frames_no_route++;
812 return; 809 return;
@@ -883,7 +880,7 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
883 880
884 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt; 881 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
885 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, 882 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
886 len - baselen, &elems); 883 len - baselen, false, &elems);
887 884
888 if (elems.preq) { 885 if (elems.preq) {
889 if (elems.preq_len != 37) 886 if (elems.preq_len != 37)
@@ -1098,11 +1095,10 @@ int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata,
1098 /* no nexthop found, start resolving */ 1095 /* no nexthop found, start resolving */
1099 mpath = mesh_path_lookup(sdata, target_addr); 1096 mpath = mesh_path_lookup(sdata, target_addr);
1100 if (!mpath) { 1097 if (!mpath) {
1101 mesh_path_add(sdata, target_addr); 1098 mpath = mesh_path_add(sdata, target_addr);
1102 mpath = mesh_path_lookup(sdata, target_addr); 1099 if (IS_ERR(mpath)) {
1103 if (!mpath) {
1104 mesh_path_discard_frame(sdata, skb); 1100 mesh_path_discard_frame(sdata, skb);
1105 err = -ENOSPC; 1101 err = PTR_ERR(mpath);
1106 goto endlookup; 1102 goto endlookup;
1107 } 1103 }
1108 } 1104 }
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index dc7c8df40c2c..89aacfd2756d 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -493,7 +493,8 @@ int mesh_gate_num(struct ieee80211_sub_if_data *sdata)
493 * 493 *
494 * State: the initial state of the new path is set to 0 494 * State: the initial state of the new path is set to 0
495 */ 495 */
496int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst) 496struct mesh_path *mesh_path_add(struct ieee80211_sub_if_data *sdata,
497 const u8 *dst)
497{ 498{
498 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 499 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
499 struct ieee80211_local *local = sdata->local; 500 struct ieee80211_local *local = sdata->local;
@@ -502,18 +503,33 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
502 struct mpath_node *node, *new_node; 503 struct mpath_node *node, *new_node;
503 struct hlist_head *bucket; 504 struct hlist_head *bucket;
504 int grow = 0; 505 int grow = 0;
505 int err = 0; 506 int err;
506 u32 hash_idx; 507 u32 hash_idx;
507 508
508 if (ether_addr_equal(dst, sdata->vif.addr)) 509 if (ether_addr_equal(dst, sdata->vif.addr))
509 /* never add ourselves as neighbours */ 510 /* never add ourselves as neighbours */
510 return -ENOTSUPP; 511 return ERR_PTR(-ENOTSUPP);
511 512
512 if (is_multicast_ether_addr(dst)) 513 if (is_multicast_ether_addr(dst))
513 return -ENOTSUPP; 514 return ERR_PTR(-ENOTSUPP);
514 515
515 if (atomic_add_unless(&sdata->u.mesh.mpaths, 1, MESH_MAX_MPATHS) == 0) 516 if (atomic_add_unless(&sdata->u.mesh.mpaths, 1, MESH_MAX_MPATHS) == 0)
516 return -ENOSPC; 517 return ERR_PTR(-ENOSPC);
518
519 read_lock_bh(&pathtbl_resize_lock);
520 tbl = resize_dereference_mesh_paths();
521
522 hash_idx = mesh_table_hash(dst, sdata, tbl);
523 bucket = &tbl->hash_buckets[hash_idx];
524
525 spin_lock(&tbl->hashwlock[hash_idx]);
526
527 hlist_for_each_entry(node, bucket, list) {
528 mpath = node->mpath;
529 if (mpath->sdata == sdata &&
530 ether_addr_equal(dst, mpath->dst))
531 goto found;
532 }
517 533
518 err = -ENOMEM; 534 err = -ENOMEM;
519 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_ATOMIC); 535 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_ATOMIC);
@@ -524,7 +540,6 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
524 if (!new_node) 540 if (!new_node)
525 goto err_node_alloc; 541 goto err_node_alloc;
526 542
527 read_lock_bh(&pathtbl_resize_lock);
528 memcpy(new_mpath->dst, dst, ETH_ALEN); 543 memcpy(new_mpath->dst, dst, ETH_ALEN);
529 eth_broadcast_addr(new_mpath->rann_snd_addr); 544 eth_broadcast_addr(new_mpath->rann_snd_addr);
530 new_mpath->is_root = false; 545 new_mpath->is_root = false;
@@ -538,21 +553,6 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
538 spin_lock_init(&new_mpath->state_lock); 553 spin_lock_init(&new_mpath->state_lock);
539 init_timer(&new_mpath->timer); 554 init_timer(&new_mpath->timer);
540 555
541 tbl = resize_dereference_mesh_paths();
542
543 hash_idx = mesh_table_hash(dst, sdata, tbl);
544 bucket = &tbl->hash_buckets[hash_idx];
545
546 spin_lock(&tbl->hashwlock[hash_idx]);
547
548 err = -EEXIST;
549 hlist_for_each_entry(node, bucket, list) {
550 mpath = node->mpath;
551 if (mpath->sdata == sdata &&
552 ether_addr_equal(dst, mpath->dst))
553 goto err_exists;
554 }
555
556 hlist_add_head_rcu(&new_node->list, bucket); 556 hlist_add_head_rcu(&new_node->list, bucket);
557 if (atomic_inc_return(&tbl->entries) >= 557 if (atomic_inc_return(&tbl->entries) >=
558 tbl->mean_chain_len * (tbl->hash_mask + 1)) 558 tbl->mean_chain_len * (tbl->hash_mask + 1))
@@ -560,23 +560,23 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
560 560
561 mesh_paths_generation++; 561 mesh_paths_generation++;
562 562
563 spin_unlock(&tbl->hashwlock[hash_idx]);
564 read_unlock_bh(&pathtbl_resize_lock);
565 if (grow) { 563 if (grow) {
566 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags); 564 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags);
567 ieee80211_queue_work(&local->hw, &sdata->work); 565 ieee80211_queue_work(&local->hw, &sdata->work);
568 } 566 }
569 return 0; 567 mpath = new_mpath;
570 568found:
571err_exists:
572 spin_unlock(&tbl->hashwlock[hash_idx]); 569 spin_unlock(&tbl->hashwlock[hash_idx]);
573 read_unlock_bh(&pathtbl_resize_lock); 570 read_unlock_bh(&pathtbl_resize_lock);
574 kfree(new_node); 571 return mpath;
572
575err_node_alloc: 573err_node_alloc:
576 kfree(new_mpath); 574 kfree(new_mpath);
577err_path_alloc: 575err_path_alloc:
578 atomic_dec(&sdata->u.mesh.mpaths); 576 atomic_dec(&sdata->u.mesh.mpaths);
579 return err; 577 spin_unlock(&tbl->hashwlock[hash_idx]);
578 read_unlock_bh(&pathtbl_resize_lock);
579 return ERR_PTR(err);
580} 580}
581 581
582static void mesh_table_free_rcu(struct rcu_head *rcu) 582static void mesh_table_free_rcu(struct rcu_head *rcu)
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 937e06fe8f2a..09bebed99416 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -544,8 +544,8 @@ static void mesh_plink_timer(unsigned long data)
544 return; 544 return;
545 } 545 }
546 mpl_dbg(sta->sdata, 546 mpl_dbg(sta->sdata,
547 "Mesh plink timer for %pM fired on state %d\n", 547 "Mesh plink timer for %pM fired on state %s\n",
548 sta->sta.addr, sta->plink_state); 548 sta->sta.addr, mplstates[sta->plink_state]);
549 reason = 0; 549 reason = 0;
550 llid = sta->llid; 550 llid = sta->llid;
551 plid = sta->plid; 551 plid = sta->plid;
@@ -687,7 +687,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata,
687 baseaddr += 4; 687 baseaddr += 4;
688 baselen += 4; 688 baselen += 4;
689 } 689 }
690 ieee802_11_parse_elems(baseaddr, len - baselen, &elems); 690 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems);
691 691
692 if (!elems.peering) { 692 if (!elems.peering) {
693 mpl_dbg(sdata, 693 mpl_dbg(sdata,
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index dec42ab1fa91..29620bfc7a69 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -56,7 +56,10 @@ MODULE_PARM_DESC(max_probe_tries,
56 * probe on beacon miss before declaring the connection lost 56 * probe on beacon miss before declaring the connection lost
57 * default to what we want. 57 * default to what we want.
58 */ 58 */
59#define IEEE80211_BEACON_LOSS_COUNT 7 59static int beacon_loss_count = 7;
60module_param(beacon_loss_count, int, 0644);
61MODULE_PARM_DESC(beacon_loss_count,
62 "Number of beacon intervals before we decide beacon was lost.");
60 63
61/* 64/*
62 * Time the connection can be idle before we probe 65 * Time the connection can be idle before we probe
@@ -286,6 +289,8 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
286 } else { 289 } else {
287 /* 40 MHz (and 80 MHz) must be supported for VHT */ 290 /* 40 MHz (and 80 MHz) must be supported for VHT */
288 ret = IEEE80211_STA_DISABLE_VHT; 291 ret = IEEE80211_STA_DISABLE_VHT;
292 /* also mark 40 MHz disabled */
293 ret |= IEEE80211_STA_DISABLE_40MHZ;
289 goto out; 294 goto out;
290 } 295 }
291 296
@@ -300,12 +305,6 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
300 channel->band); 305 channel->band);
301 vht_chandef.center_freq2 = 0; 306 vht_chandef.center_freq2 = 0;
302 307
303 if (vht_oper->center_freq_seg2_idx)
304 vht_chandef.center_freq2 =
305 ieee80211_channel_to_frequency(
306 vht_oper->center_freq_seg2_idx,
307 channel->band);
308
309 switch (vht_oper->chan_width) { 308 switch (vht_oper->chan_width) {
310 case IEEE80211_VHT_CHANWIDTH_USE_HT: 309 case IEEE80211_VHT_CHANWIDTH_USE_HT:
311 vht_chandef.width = chandef->width; 310 vht_chandef.width = chandef->width;
@@ -318,6 +317,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
318 break; 317 break;
319 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 318 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
320 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 319 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
320 vht_chandef.center_freq2 =
321 ieee80211_channel_to_frequency(
322 vht_oper->center_freq_seg2_idx,
323 channel->band);
321 break; 324 break;
322 default: 325 default:
323 if (verbose) 326 if (verbose)
@@ -601,7 +604,6 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
601 u8 *pos; 604 u8 *pos;
602 u32 cap; 605 u32 cap;
603 struct ieee80211_sta_vht_cap vht_cap; 606 struct ieee80211_sta_vht_cap vht_cap;
604 int i;
605 607
606 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 608 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
607 609
@@ -629,37 +631,6 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
629 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 631 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
630 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 632 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
631 633
632 if (!(ap_vht_cap->vht_cap_info &
633 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC)))
634 cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 |
635 IEEE80211_VHT_CAP_RXSTBC_3 |
636 IEEE80211_VHT_CAP_RXSTBC_4);
637
638 for (i = 0; i < 8; i++) {
639 int shift = i * 2;
640 u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift;
641 u16 ap_mcs, our_mcs;
642
643 ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) &
644 mask) >> shift;
645 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) &
646 mask) >> shift;
647
648 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED)
649 continue;
650
651 switch (ap_mcs) {
652 default:
653 if (our_mcs <= ap_mcs)
654 break;
655 /* fall through */
656 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
657 vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask);
658 vht_cap.vht_mcs.rx_mcs_map |=
659 cpu_to_le16(ap_mcs << shift);
660 }
661 }
662
663 /* reserve and fill IE */ 634 /* reserve and fill IE */
664 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 635 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
665 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 636 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
@@ -985,6 +956,7 @@ static void ieee80211_chswitch_work(struct work_struct *work)
985{ 956{
986 struct ieee80211_sub_if_data *sdata = 957 struct ieee80211_sub_if_data *sdata =
987 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 958 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
959 struct ieee80211_local *local = sdata->local;
988 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 960 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
989 961
990 if (!ieee80211_sdata_running(sdata)) 962 if (!ieee80211_sdata_running(sdata))
@@ -994,21 +966,21 @@ static void ieee80211_chswitch_work(struct work_struct *work)
994 if (!ifmgd->associated) 966 if (!ifmgd->associated)
995 goto out; 967 goto out;
996 968
997 sdata->local->_oper_channel = sdata->local->csa_channel; 969 local->_oper_chandef = local->csa_chandef;
998 if (!sdata->local->ops->channel_switch) { 970
971 if (!local->ops->channel_switch) {
999 /* call "hw_config" only if doing sw channel switch */ 972 /* call "hw_config" only if doing sw channel switch */
1000 ieee80211_hw_config(sdata->local, 973 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1001 IEEE80211_CONF_CHANGE_CHANNEL);
1002 } else { 974 } else {
1003 /* update the device channel directly */ 975 /* update the device channel directly */
1004 sdata->local->hw.conf.channel = sdata->local->_oper_channel; 976 local->hw.conf.chandef = local->_oper_chandef;
1005 } 977 }
1006 978
1007 /* XXX: shouldn't really modify cfg80211-owned data! */ 979 /* XXX: shouldn't really modify cfg80211-owned data! */
1008 ifmgd->associated->channel = sdata->local->_oper_channel; 980 ifmgd->associated->channel = local->_oper_chandef.chan;
1009 981
1010 /* XXX: wait for a beacon first? */ 982 /* XXX: wait for a beacon first? */
1011 ieee80211_wake_queues_by_reason(&sdata->local->hw, 983 ieee80211_wake_queues_by_reason(&local->hw,
1012 IEEE80211_MAX_QUEUE_MAP, 984 IEEE80211_MAX_QUEUE_MAP,
1013 IEEE80211_QUEUE_STOP_REASON_CSA); 985 IEEE80211_QUEUE_STOP_REASON_CSA);
1014 out: 986 out:
@@ -1041,56 +1013,193 @@ static void ieee80211_chswitch_timer(unsigned long data)
1041 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1013 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1042} 1014}
1043 1015
1044void 1016static void
1045ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1017ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1046 const struct ieee80211_channel_sw_ie *sw_elem, 1018 u64 timestamp, struct ieee802_11_elems *elems)
1047 struct ieee80211_bss *bss, u64 timestamp)
1048{ 1019{
1049 struct cfg80211_bss *cbss = 1020 struct ieee80211_local *local = sdata->local;
1050 container_of((void *)bss, struct cfg80211_bss, priv);
1051 struct ieee80211_channel *new_ch;
1052 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1053 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 1022 struct cfg80211_bss *cbss = ifmgd->associated;
1054 cbss->channel->band); 1023 struct ieee80211_bss *bss;
1055 struct ieee80211_chanctx *chanctx; 1024 struct ieee80211_chanctx *chanctx;
1025 enum ieee80211_band new_band;
1026 int new_freq;
1027 u8 new_chan_no;
1028 u8 count;
1029 u8 mode;
1030 struct ieee80211_channel *new_chan;
1031 struct cfg80211_chan_def new_chandef = {};
1032 struct cfg80211_chan_def new_vht_chandef = {};
1033 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1034 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1035 int secondary_channel_offset = -1;
1056 1036
1057 ASSERT_MGD_MTX(ifmgd); 1037 ASSERT_MGD_MTX(ifmgd);
1058 1038
1059 if (!ifmgd->associated) 1039 if (!cbss)
1060 return; 1040 return;
1061 1041
1062 if (sdata->local->scanning) 1042 if (local->scanning)
1063 return; 1043 return;
1064 1044
1065 /* Disregard subsequent beacons if we are already running a timer 1045 /* disregard subsequent announcements if we are already processing */
1066 processing a CSA */
1067
1068 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1046 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1069 return; 1047 return;
1070 1048
1071 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1049 sec_chan_offs = elems->sec_chan_offs;
1072 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { 1050 wide_bw_chansw_ie = elems->wide_bw_chansw_ie;
1051
1052 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
1053 IEEE80211_STA_DISABLE_40MHZ)) {
1054 sec_chan_offs = NULL;
1055 wide_bw_chansw_ie = NULL;
1056 }
1057
1058 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
1059 wide_bw_chansw_ie = NULL;
1060
1061 if (elems->ext_chansw_ie) {
1062 if (!ieee80211_operating_class_to_band(
1063 elems->ext_chansw_ie->new_operating_class,
1064 &new_band)) {
1065 sdata_info(sdata,
1066 "cannot understand ECSA IE operating class %d, disconnecting\n",
1067 elems->ext_chansw_ie->new_operating_class);
1068 ieee80211_queue_work(&local->hw,
1069 &ifmgd->csa_connection_drop_work);
1070 }
1071 new_chan_no = elems->ext_chansw_ie->new_ch_num;
1072 count = elems->ext_chansw_ie->count;
1073 mode = elems->ext_chansw_ie->mode;
1074 } else if (elems->ch_switch_ie) {
1075 new_band = cbss->channel->band;
1076 new_chan_no = elems->ch_switch_ie->new_ch_num;
1077 count = elems->ch_switch_ie->count;
1078 mode = elems->ch_switch_ie->mode;
1079 } else {
1080 /* nothing here we understand */
1081 return;
1082 }
1083
1084 bss = (void *)cbss->priv;
1085
1086 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band);
1087 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
1088 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) {
1073 sdata_info(sdata, 1089 sdata_info(sdata,
1074 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1090 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1075 ifmgd->associated->bssid, new_freq); 1091 ifmgd->associated->bssid, new_freq);
1076 ieee80211_queue_work(&sdata->local->hw, 1092 ieee80211_queue_work(&local->hw,
1093 &ifmgd->csa_connection_drop_work);
1094 return;
1095 }
1096
1097 if (sec_chan_offs) {
1098 secondary_channel_offset = sec_chan_offs->sec_chan_offs;
1099 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
1100 /* if HT is enabled and the IE not present, it's still HT */
1101 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1102 }
1103
1104 switch (secondary_channel_offset) {
1105 default:
1106 /* secondary_channel_offset was present but is invalid */
1107 case IEEE80211_HT_PARAM_CHA_SEC_NONE:
1108 cfg80211_chandef_create(&new_chandef, new_chan,
1109 NL80211_CHAN_HT20);
1110 break;
1111 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1112 cfg80211_chandef_create(&new_chandef, new_chan,
1113 NL80211_CHAN_HT40PLUS);
1114 break;
1115 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1116 cfg80211_chandef_create(&new_chandef, new_chan,
1117 NL80211_CHAN_HT40MINUS);
1118 break;
1119 case -1:
1120 cfg80211_chandef_create(&new_chandef, new_chan,
1121 NL80211_CHAN_NO_HT);
1122 break;
1123 }
1124
1125 if (wide_bw_chansw_ie) {
1126 new_vht_chandef.chan = new_chan;
1127 new_vht_chandef.center_freq1 =
1128 ieee80211_channel_to_frequency(
1129 wide_bw_chansw_ie->new_center_freq_seg0,
1130 new_band);
1131
1132 switch (wide_bw_chansw_ie->new_channel_width) {
1133 default:
1134 /* hmmm, ignore VHT and use HT if present */
1135 case IEEE80211_VHT_CHANWIDTH_USE_HT:
1136 new_vht_chandef.chan = NULL;
1137 break;
1138 case IEEE80211_VHT_CHANWIDTH_80MHZ:
1139 new_vht_chandef.width = NL80211_CHAN_WIDTH_80;
1140 break;
1141 case IEEE80211_VHT_CHANWIDTH_160MHZ:
1142 new_vht_chandef.width = NL80211_CHAN_WIDTH_160;
1143 break;
1144 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
1145 /* field is otherwise reserved */
1146 new_vht_chandef.center_freq2 =
1147 ieee80211_channel_to_frequency(
1148 wide_bw_chansw_ie->new_center_freq_seg1,
1149 new_band);
1150 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
1151 break;
1152 }
1153 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
1154 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80)
1155 chandef_downgrade(&new_vht_chandef);
1156 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
1157 new_vht_chandef.width == NL80211_CHAN_WIDTH_160)
1158 chandef_downgrade(&new_vht_chandef);
1159 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
1160 new_vht_chandef.width > NL80211_CHAN_WIDTH_20)
1161 chandef_downgrade(&new_vht_chandef);
1162 }
1163
1164 /* if VHT data is there validate & use it */
1165 if (new_vht_chandef.chan) {
1166 if (!cfg80211_chandef_compatible(&new_vht_chandef,
1167 &new_chandef)) {
1168 sdata_info(sdata,
1169 "AP %pM CSA has inconsistent channel data, disconnecting\n",
1170 ifmgd->associated->bssid);
1171 ieee80211_queue_work(&local->hw,
1172 &ifmgd->csa_connection_drop_work);
1173 return;
1174 }
1175 new_chandef = new_vht_chandef;
1176 }
1177
1178 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef,
1179 IEEE80211_CHAN_DISABLED)) {
1180 sdata_info(sdata,
1181 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1182 ifmgd->associated->bssid, new_freq,
1183 new_chandef.width, new_chandef.center_freq1,
1184 new_chandef.center_freq2);
1185 ieee80211_queue_work(&local->hw,
1077 &ifmgd->csa_connection_drop_work); 1186 &ifmgd->csa_connection_drop_work);
1078 return; 1187 return;
1079 } 1188 }
1080 1189
1081 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1190 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1082 1191
1083 if (sdata->local->use_chanctx) { 1192 if (local->use_chanctx) {
1084 sdata_info(sdata, 1193 sdata_info(sdata,
1085 "not handling channel switch with channel contexts\n"); 1194 "not handling channel switch with channel contexts\n");
1086 ieee80211_queue_work(&sdata->local->hw, 1195 ieee80211_queue_work(&local->hw,
1087 &ifmgd->csa_connection_drop_work); 1196 &ifmgd->csa_connection_drop_work);
1088 return; 1197 return;
1089 } 1198 }
1090 1199
1091 mutex_lock(&sdata->local->chanctx_mtx); 1200 mutex_lock(&local->chanctx_mtx);
1092 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1201 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1093 mutex_unlock(&sdata->local->chanctx_mtx); 1202 mutex_unlock(&local->chanctx_mtx);
1094 return; 1203 return;
1095 } 1204 }
1096 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1205 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
@@ -1098,40 +1207,39 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1098 if (chanctx->refcount > 1) { 1207 if (chanctx->refcount > 1) {
1099 sdata_info(sdata, 1208 sdata_info(sdata,
1100 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1209 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1101 ieee80211_queue_work(&sdata->local->hw, 1210 ieee80211_queue_work(&local->hw,
1102 &ifmgd->csa_connection_drop_work); 1211 &ifmgd->csa_connection_drop_work);
1103 mutex_unlock(&sdata->local->chanctx_mtx); 1212 mutex_unlock(&local->chanctx_mtx);
1104 return; 1213 return;
1105 } 1214 }
1106 mutex_unlock(&sdata->local->chanctx_mtx); 1215 mutex_unlock(&local->chanctx_mtx);
1107 1216
1108 sdata->local->csa_channel = new_ch; 1217 local->csa_chandef = new_chandef;
1109 1218
1110 if (sw_elem->mode) 1219 if (mode)
1111 ieee80211_stop_queues_by_reason(&sdata->local->hw, 1220 ieee80211_stop_queues_by_reason(&local->hw,
1112 IEEE80211_MAX_QUEUE_MAP, 1221 IEEE80211_MAX_QUEUE_MAP,
1113 IEEE80211_QUEUE_STOP_REASON_CSA); 1222 IEEE80211_QUEUE_STOP_REASON_CSA);
1114 1223
1115 if (sdata->local->ops->channel_switch) { 1224 if (local->ops->channel_switch) {
1116 /* use driver's channel switch callback */ 1225 /* use driver's channel switch callback */
1117 struct ieee80211_channel_switch ch_switch = { 1226 struct ieee80211_channel_switch ch_switch = {
1118 .timestamp = timestamp, 1227 .timestamp = timestamp,
1119 .block_tx = sw_elem->mode, 1228 .block_tx = mode,
1120 .channel = new_ch, 1229 .chandef = new_chandef,
1121 .count = sw_elem->count, 1230 .count = count,
1122 }; 1231 };
1123 1232
1124 drv_channel_switch(sdata->local, &ch_switch); 1233 drv_channel_switch(local, &ch_switch);
1125 return; 1234 return;
1126 } 1235 }
1127 1236
1128 /* channel switch handled in software */ 1237 /* channel switch handled in software */
1129 if (sw_elem->count <= 1) 1238 if (count <= 1)
1130 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1239 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1131 else 1240 else
1132 mod_timer(&ifmgd->chswitch_timer, 1241 mod_timer(&ifmgd->chswitch_timer,
1133 TU_TO_EXP_TIME(sw_elem->count * 1242 TU_TO_EXP_TIME(count * cbss->beacon_interval));
1134 cbss->beacon_interval));
1135} 1243}
1136 1244
1137static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1245static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
@@ -1430,13 +1538,11 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1430 1538
1431 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1539 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1432 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1540 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1433 netif_tx_stop_all_queues(sdata->dev); 1541 if (drv_tx_frames_pending(local)) {
1434
1435 if (drv_tx_frames_pending(local))
1436 mod_timer(&local->dynamic_ps_timer, jiffies + 1542 mod_timer(&local->dynamic_ps_timer, jiffies +
1437 msecs_to_jiffies( 1543 msecs_to_jiffies(
1438 local->hw.conf.dynamic_ps_timeout)); 1544 local->hw.conf.dynamic_ps_timeout));
1439 else { 1545 } else {
1440 ieee80211_send_nullfunc(local, sdata, 1); 1546 ieee80211_send_nullfunc(local, sdata, 1);
1441 /* Flush to get the tx status of nullfunc frame */ 1547 /* Flush to get the tx status of nullfunc frame */
1442 ieee80211_flush_queues(local, sdata); 1548 ieee80211_flush_queues(local, sdata);
@@ -1450,9 +1556,6 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1450 local->hw.conf.flags |= IEEE80211_CONF_PS; 1556 local->hw.conf.flags |= IEEE80211_CONF_PS;
1451 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1557 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1452 } 1558 }
1453
1454 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1455 netif_tx_wake_all_queues(sdata->dev);
1456} 1559}
1457 1560
1458void ieee80211_dynamic_ps_timer(unsigned long data) 1561void ieee80211_dynamic_ps_timer(unsigned long data)
@@ -1558,6 +1661,7 @@ static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1558 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1661 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1559 params.cw_min = ecw2cw(pos[1] & 0x0f); 1662 params.cw_min = ecw2cw(pos[1] & 0x0f);
1560 params.txop = get_unaligned_le16(pos + 2); 1663 params.txop = get_unaligned_le16(pos + 2);
1664 params.acm = acm;
1561 params.uapsd = uapsd; 1665 params.uapsd = uapsd;
1562 1666
1563 mlme_dbg(sdata, 1667 mlme_dbg(sdata,
@@ -1645,7 +1749,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1645 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1749 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1646 1750
1647 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1751 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1648 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1752 beacon_loss_count * bss_conf->beacon_int));
1649 1753
1650 sdata->u.mgd.associated = cbss; 1754 sdata->u.mgd.associated = cbss;
1651 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1755 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
@@ -1658,18 +1762,17 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1658 rcu_read_lock(); 1762 rcu_read_lock();
1659 ies = rcu_dereference(cbss->ies); 1763 ies = rcu_dereference(cbss->ies);
1660 if (ies) { 1764 if (ies) {
1661 u8 noa[2];
1662 int ret; 1765 int ret;
1663 1766
1664 ret = cfg80211_get_p2p_attr( 1767 ret = cfg80211_get_p2p_attr(
1665 ies->data, ies->len, 1768 ies->data, ies->len,
1666 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1769 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1667 noa, sizeof(noa)); 1770 (u8 *) &bss_conf->p2p_noa_attr,
1771 sizeof(bss_conf->p2p_noa_attr));
1668 if (ret >= 2) { 1772 if (ret >= 2) {
1669 bss_conf->p2p_oppps = noa[1] & 0x80; 1773 sdata->u.mgd.p2p_noa_index =
1670 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 1774 bss_conf->p2p_noa_attr.index;
1671 bss_info_changed |= BSS_CHANGED_P2P_PS; 1775 bss_info_changed |= BSS_CHANGED_P2P_PS;
1672 sdata->u.mgd.p2p_noa_index = noa[0];
1673 } 1776 }
1674 } 1777 }
1675 rcu_read_unlock(); 1778 rcu_read_unlock();
@@ -1713,7 +1816,6 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1713 ieee80211_recalc_smps(sdata); 1816 ieee80211_recalc_smps(sdata);
1714 ieee80211_recalc_ps_vif(sdata); 1817 ieee80211_recalc_ps_vif(sdata);
1715 1818
1716 netif_tx_start_all_queues(sdata->dev);
1717 netif_carrier_on(sdata->dev); 1819 netif_carrier_on(sdata->dev);
1718} 1820}
1719 1821
@@ -1736,22 +1838,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1736 ieee80211_stop_poll(sdata); 1838 ieee80211_stop_poll(sdata);
1737 1839
1738 ifmgd->associated = NULL; 1840 ifmgd->associated = NULL;
1739
1740 /*
1741 * we need to commit the associated = NULL change because the
1742 * scan code uses that to determine whether this iface should
1743 * go to/wake up from powersave or not -- and could otherwise
1744 * wake the queues erroneously.
1745 */
1746 smp_mb();
1747
1748 /*
1749 * Thus, we can only afterwards stop the queues -- to account
1750 * for the case where another CPU is finishing a scan at this
1751 * time -- we don't want the scan code to enable queues.
1752 */
1753
1754 netif_tx_stop_all_queues(sdata->dev);
1755 netif_carrier_off(sdata->dev); 1841 netif_carrier_off(sdata->dev);
1756 1842
1757 /* 1843 /*
@@ -1794,8 +1880,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1794 changed |= BSS_CHANGED_ASSOC; 1880 changed |= BSS_CHANGED_ASSOC;
1795 sdata->vif.bss_conf.assoc = false; 1881 sdata->vif.bss_conf.assoc = false;
1796 1882
1797 sdata->vif.bss_conf.p2p_ctwindow = 0; 1883 ifmgd->p2p_noa_index = -1;
1798 sdata->vif.bss_conf.p2p_oppps = false; 1884 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1885 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1799 1886
1800 /* on the next assoc, re-program HT/VHT parameters */ 1887 /* on the next assoc, re-program HT/VHT parameters */
1801 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1888 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
@@ -1975,12 +2062,15 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1975 goto out; 2062 goto out;
1976 } 2063 }
1977 2064
1978 if (beacon) 2065 if (beacon) {
1979 mlme_dbg_ratelimited(sdata, 2066 mlme_dbg_ratelimited(sdata,
1980 "detected beacon loss from AP - probing\n"); 2067 "detected beacon loss from AP (missed %d beacons) - probing\n",
2068 beacon_loss_count);
1981 2069
1982 ieee80211_cqm_rssi_notify(&sdata->vif, 2070 ieee80211_cqm_rssi_notify(&sdata->vif,
1983 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 2071 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
2072 GFP_KERNEL);
2073 }
1984 2074
1985 /* 2075 /*
1986 * The driver/our work has already reported this event or the 2076 * The driver/our work has already reported this event or the
@@ -2126,7 +2216,6 @@ void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2126 2216
2127 trace_api_beacon_loss(sdata); 2217 trace_api_beacon_loss(sdata);
2128 2218
2129 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
2130 sdata->u.mgd.connection_loss = false; 2219 sdata->u.mgd.connection_loss = false;
2131 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2220 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2132} 2221}
@@ -2176,7 +2265,7 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2176 u32 tx_flags = 0; 2265 u32 tx_flags = 0;
2177 2266
2178 pos = mgmt->u.auth.variable; 2267 pos = mgmt->u.auth.variable;
2179 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2268 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2180 if (!elems.challenge) 2269 if (!elems.challenge)
2181 return; 2270 return;
2182 auth_data->expected_transaction = 4; 2271 auth_data->expected_transaction = 4;
@@ -2441,7 +2530,7 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2441 } 2530 }
2442 2531
2443 pos = mgmt->u.assoc_resp.variable; 2532 pos = mgmt->u.assoc_resp.variable;
2444 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2533 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2445 2534
2446 if (!elems.supp_rates) { 2535 if (!elems.supp_rates) {
2447 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2536 sdata_info(sdata, "no SuppRates element in AssocResp\n");
@@ -2610,13 +2699,13 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2610 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2699 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2611 2700
2612 pos = mgmt->u.assoc_resp.variable; 2701 pos = mgmt->u.assoc_resp.variable;
2613 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2702 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2614 2703
2615 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2704 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2616 elems.timeout_int && elems.timeout_int_len == 5 && 2705 elems.timeout_int &&
2617 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2706 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2618 u32 tu, ms; 2707 u32 tu, ms;
2619 tu = get_unaligned_le32(elems.timeout_int + 1); 2708 tu = le32_to_cpu(elems.timeout_int->value);
2620 ms = tu * 1024 / 1000; 2709 ms = tu * 1024 / 1000;
2621 sdata_info(sdata, 2710 sdata_info(sdata,
2622 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2711 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
@@ -2665,6 +2754,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2665 struct ieee80211_channel *channel; 2754 struct ieee80211_channel *channel;
2666 bool need_ps = false; 2755 bool need_ps = false;
2667 2756
2757 lockdep_assert_held(&sdata->u.mgd.mtx);
2758
2668 if ((sdata->u.mgd.associated && 2759 if ((sdata->u.mgd.associated &&
2669 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2760 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2670 (sdata->u.mgd.assoc_data && 2761 (sdata->u.mgd.assoc_data &&
@@ -2679,7 +2770,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2679 } 2770 }
2680 } 2771 }
2681 2772
2682 if (elems->ds_params && elems->ds_params_len == 1) 2773 if (elems->ds_params)
2683 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2774 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2684 rx_status->band); 2775 rx_status->band);
2685 else 2776 else
@@ -2695,7 +2786,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2695 if (bss) 2786 if (bss)
2696 ieee80211_rx_bss_put(local, bss); 2787 ieee80211_rx_bss_put(local, bss);
2697 2788
2698 if (!sdata->u.mgd.associated) 2789 if (!sdata->u.mgd.associated ||
2790 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid))
2699 return; 2791 return;
2700 2792
2701 if (need_ps) { 2793 if (need_ps) {
@@ -2704,10 +2796,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2704 mutex_unlock(&local->iflist_mtx); 2796 mutex_unlock(&local->iflist_mtx);
2705 } 2797 }
2706 2798
2707 if (elems->ch_switch_ie && 2799 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, elems);
2708 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) 2800
2709 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2710 bss, rx_status->mactime);
2711} 2801}
2712 2802
2713 2803
@@ -2732,7 +2822,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2732 return; 2822 return;
2733 2823
2734 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2824 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2735 &elems); 2825 false, &elems);
2736 2826
2737 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2827 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2738 2828
@@ -2815,7 +2905,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2815 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2905 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2816 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2906 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2817 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2907 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2818 len - baselen, &elems); 2908 len - baselen, false, &elems);
2819 2909
2820 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2910 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2821 ifmgd->assoc_data->have_beacon = true; 2911 ifmgd->assoc_data->have_beacon = true;
@@ -2925,7 +3015,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2925 3015
2926 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3016 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2927 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3017 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2928 len - baselen, &elems, 3018 len - baselen, false, &elems,
2929 care_about_ies, ncrc); 3019 care_about_ies, ncrc);
2930 3020
2931 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3021 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
@@ -2957,22 +3047,30 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2957 } 3047 }
2958 3048
2959 if (sdata->vif.p2p) { 3049 if (sdata->vif.p2p) {
2960 u8 noa[2]; 3050 struct ieee80211_p2p_noa_attr noa = {};
2961 int ret; 3051 int ret;
2962 3052
2963 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3053 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2964 len - baselen, 3054 len - baselen,
2965 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3055 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2966 noa, sizeof(noa)); 3056 (u8 *) &noa, sizeof(noa));
2967 if (ret >= 2 && sdata->u.mgd.p2p_noa_index != noa[0]) { 3057 if (ret >= 2) {
2968 bss_conf->p2p_oppps = noa[1] & 0x80; 3058 if (sdata->u.mgd.p2p_noa_index != noa.index) {
2969 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 3059 /* valid noa_attr and index changed */
3060 sdata->u.mgd.p2p_noa_index = noa.index;
3061 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3062 changed |= BSS_CHANGED_P2P_PS;
3063 /*
3064 * make sure we update all information, the CRC
3065 * mechanism doesn't look at P2P attributes.
3066 */
3067 ifmgd->beacon_crc_valid = false;
3068 }
3069 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3070 /* noa_attr not found and we had valid noa_attr before */
3071 sdata->u.mgd.p2p_noa_index = -1;
3072 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
2970 changed |= BSS_CHANGED_P2P_PS; 3073 changed |= BSS_CHANGED_P2P_PS;
2971 sdata->u.mgd.p2p_noa_index = noa[0];
2972 /*
2973 * make sure we update all information, the CRC
2974 * mechanism doesn't look at P2P attributes.
2975 */
2976 ifmgd->beacon_crc_valid = false; 3074 ifmgd->beacon_crc_valid = false;
2977 } 3075 }
2978 } 3076 }
@@ -3014,7 +3112,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3014 changed |= BSS_CHANGED_DTIM_PERIOD; 3112 changed |= BSS_CHANGED_DTIM_PERIOD;
3015 } 3113 }
3016 3114
3017 if (elems.erp_info && elems.erp_info_len >= 1) { 3115 if (elems.erp_info) {
3018 erp_valid = true; 3116 erp_valid = true;
3019 erp_value = elems.erp_info[0]; 3117 erp_value = elems.erp_info[0];
3020 } else { 3118 } else {
@@ -3064,6 +3162,8 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3064 enum rx_mgmt_action rma = RX_MGMT_NONE; 3162 enum rx_mgmt_action rma = RX_MGMT_NONE;
3065 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3163 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3066 u16 fc; 3164 u16 fc;
3165 struct ieee802_11_elems elems;
3166 int ies_len;
3067 3167
3068 rx_status = (struct ieee80211_rx_status *) skb->cb; 3168 rx_status = (struct ieee80211_rx_status *) skb->cb;
3069 mgmt = (struct ieee80211_mgmt *) skb->data; 3169 mgmt = (struct ieee80211_mgmt *) skb->data;
@@ -3093,14 +3193,48 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3093 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3193 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
3094 break; 3194 break;
3095 case IEEE80211_STYPE_ACTION: 3195 case IEEE80211_STYPE_ACTION:
3096 switch (mgmt->u.action.category) { 3196 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3097 case WLAN_CATEGORY_SPECTRUM_MGMT: 3197 ies_len = skb->len -
3198 offsetof(struct ieee80211_mgmt,
3199 u.action.u.chan_switch.variable);
3200
3201 if (ies_len < 0)
3202 break;
3203
3204 ieee802_11_parse_elems(
3205 mgmt->u.action.u.chan_switch.variable,
3206 ies_len, true, &elems);
3207
3208 if (elems.parse_error)
3209 break;
3210
3098 ieee80211_sta_process_chanswitch(sdata, 3211 ieee80211_sta_process_chanswitch(sdata,
3099 &mgmt->u.action.u.chan_switch.sw_elem, 3212 rx_status->mactime,
3100 (void *)ifmgd->associated->priv, 3213 &elems);
3101 rx_status->mactime); 3214 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3102 break; 3215 ies_len = skb->len -
3216 offsetof(struct ieee80211_mgmt,
3217 u.action.u.ext_chan_switch.variable);
3218
3219 if (ies_len < 0)
3220 break;
3221
3222 ieee802_11_parse_elems(
3223 mgmt->u.action.u.ext_chan_switch.variable,
3224 ies_len, true, &elems);
3225
3226 if (elems.parse_error)
3227 break;
3228
3229 /* for the handling code pretend this was also an IE */
3230 elems.ext_chansw_ie =
3231 &mgmt->u.action.u.ext_chan_switch.data;
3232
3233 ieee80211_sta_process_chanswitch(sdata,
3234 rx_status->mactime,
3235 &elems);
3103 } 3236 }
3237 break;
3104 } 3238 }
3105 mutex_unlock(&ifmgd->mtx); 3239 mutex_unlock(&ifmgd->mtx);
3106 3240
@@ -3513,8 +3647,9 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3513 3647
3514 ifmgd->flags = 0; 3648 ifmgd->flags = 0;
3515 ifmgd->powersave = sdata->wdev.ps; 3649 ifmgd->powersave = sdata->wdev.ps;
3516 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 3650 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3517 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 3651 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3652 ifmgd->p2p_noa_index = -1;
3518 3653
3519 mutex_init(&ifmgd->mtx); 3654 mutex_init(&ifmgd->mtx);
3520 3655
@@ -4079,7 +4214,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4079 rcu_read_unlock(); 4214 rcu_read_unlock();
4080 4215
4081 if (bss->wmm_used && bss->uapsd_supported && 4216 if (bss->wmm_used && bss->uapsd_supported &&
4082 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4217 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4218 sdata->wmm_acm != 0xff) {
4083 assoc_data->uapsd = true; 4219 assoc_data->uapsd = true;
4084 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4220 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4085 } else { 4221 } else {
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index cce795871ab1..acd1f71adc03 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -445,15 +445,15 @@ void ieee80211_roc_setup(struct ieee80211_local *local)
445 INIT_LIST_HEAD(&local->roc_list); 445 INIT_LIST_HEAD(&local->roc_list);
446} 446}
447 447
448void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) 448void ieee80211_roc_purge(struct ieee80211_local *local,
449 struct ieee80211_sub_if_data *sdata)
449{ 450{
450 struct ieee80211_local *local = sdata->local;
451 struct ieee80211_roc_work *roc, *tmp; 451 struct ieee80211_roc_work *roc, *tmp;
452 LIST_HEAD(tmp_list); 452 LIST_HEAD(tmp_list);
453 453
454 mutex_lock(&local->mtx); 454 mutex_lock(&local->mtx);
455 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 455 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
456 if (roc->sdata != sdata) 456 if (sdata && roc->sdata != sdata)
457 continue; 457 continue;
458 458
459 if (roc->started && local->ops->remain_on_channel) { 459 if (roc->started && local->ops->remain_on_channel) {
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 3d16f4e61743..7fc5d0d8149a 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -19,6 +19,10 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
19 19
20 ieee80211_dfs_cac_cancel(local); 20 ieee80211_dfs_cac_cancel(local);
21 21
22 ieee80211_roc_purge(local, NULL);
23
24 ieee80211_del_virtual_monitor(local);
25
22 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 26 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
23 mutex_lock(&local->sta_mtx); 27 mutex_lock(&local->sta_mtx);
24 list_for_each_entry(sta, &local->sta_list, list) { 28 list_for_each_entry(sta, &local->sta_list, list) {
@@ -33,8 +37,9 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
33 IEEE80211_MAX_QUEUE_MAP, 37 IEEE80211_MAX_QUEUE_MAP,
34 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 38 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
35 39
36 /* flush out all packets */ 40 /* flush out all packets and station cleanup call_rcu()s */
37 synchronize_net(); 41 synchronize_net();
42 rcu_barrier();
38 43
39 ieee80211_flush_queues(local, NULL); 44 ieee80211_flush_queues(local, NULL);
40 45
@@ -101,10 +106,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
101 drv_remove_interface(local, sdata); 106 drv_remove_interface(local, sdata);
102 } 107 }
103 108
104 sdata = rtnl_dereference(local->monitor_sdata);
105 if (sdata)
106 drv_remove_interface(local, sdata);
107
108 /* 109 /*
109 * We disconnected on all interfaces before suspend, all channel 110 * We disconnected on all interfaces before suspend, all channel
110 * contexts should be released. 111 * contexts should be released.
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index dd88381c53b7..0d51877efdb7 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -252,6 +252,25 @@ rate_lowest_non_cck_index(struct ieee80211_supported_band *sband,
252 return 0; 252 return 0;
253} 253}
254 254
255static void __rate_control_send_low(struct ieee80211_hw *hw,
256 struct ieee80211_supported_band *sband,
257 struct ieee80211_sta *sta,
258 struct ieee80211_tx_info *info)
259{
260 if ((sband->band != IEEE80211_BAND_2GHZ) ||
261 !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE))
262 info->control.rates[0].idx = rate_lowest_index(sband, sta);
263 else
264 info->control.rates[0].idx =
265 rate_lowest_non_cck_index(sband, sta);
266
267 info->control.rates[0].count =
268 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
269 1 : hw->max_rate_tries;
270
271 info->control.skip_table = 1;
272}
273
255 274
256bool rate_control_send_low(struct ieee80211_sta *sta, 275bool rate_control_send_low(struct ieee80211_sta *sta,
257 void *priv_sta, 276 void *priv_sta,
@@ -262,16 +281,8 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
262 int mcast_rate; 281 int mcast_rate;
263 282
264 if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { 283 if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) {
265 if ((sband->band != IEEE80211_BAND_2GHZ) || 284 __rate_control_send_low(txrc->hw, sband, sta, info);
266 !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)) 285
267 info->control.rates[0].idx =
268 rate_lowest_index(txrc->sband, sta);
269 else
270 info->control.rates[0].idx =
271 rate_lowest_non_cck_index(txrc->sband, sta);
272 info->control.rates[0].count =
273 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
274 1 : txrc->hw->max_rate_tries;
275 if (!sta && txrc->bss) { 286 if (!sta && txrc->bss) {
276 mcast_rate = txrc->bss_conf->mcast_rate[sband->band]; 287 mcast_rate = txrc->bss_conf->mcast_rate[sband->band];
277 if (mcast_rate > 0) { 288 if (mcast_rate > 0) {
@@ -355,7 +366,8 @@ static bool rate_idx_match_mcs_mask(struct ieee80211_tx_rate *rate,
355 366
356 367
357static void rate_idx_match_mask(struct ieee80211_tx_rate *rate, 368static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
358 struct ieee80211_tx_rate_control *txrc, 369 struct ieee80211_supported_band *sband,
370 enum nl80211_chan_width chan_width,
359 u32 mask, 371 u32 mask,
360 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN]) 372 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
361{ 373{
@@ -375,27 +387,17 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
375 IEEE80211_TX_RC_USE_SHORT_PREAMBLE); 387 IEEE80211_TX_RC_USE_SHORT_PREAMBLE);
376 alt_rate.count = rate->count; 388 alt_rate.count = rate->count;
377 if (rate_idx_match_legacy_mask(&alt_rate, 389 if (rate_idx_match_legacy_mask(&alt_rate,
378 txrc->sband->n_bitrates, 390 sband->n_bitrates, mask)) {
379 mask)) {
380 *rate = alt_rate; 391 *rate = alt_rate;
381 return; 392 return;
382 } 393 }
383 } else { 394 } else {
384 struct sk_buff *skb = txrc->skb;
385 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
386 __le16 fc;
387
388 /* handle legacy rates */ 395 /* handle legacy rates */
389 if (rate_idx_match_legacy_mask(rate, txrc->sband->n_bitrates, 396 if (rate_idx_match_legacy_mask(rate, sband->n_bitrates, mask))
390 mask))
391 return; 397 return;
392 398
393 /* if HT BSS, and we handle a data frame, also try HT rates */ 399 /* if HT BSS, and we handle a data frame, also try HT rates */
394 if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_20_NOHT) 400 if (chan_width == NL80211_CHAN_WIDTH_20_NOHT)
395 return;
396
397 fc = hdr->frame_control;
398 if (!ieee80211_is_data(fc))
399 return; 401 return;
400 402
401 alt_rate.idx = 0; 403 alt_rate.idx = 0;
@@ -408,7 +410,7 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
408 410
409 alt_rate.flags |= IEEE80211_TX_RC_MCS; 411 alt_rate.flags |= IEEE80211_TX_RC_MCS;
410 412
411 if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_40) 413 if (chan_width == NL80211_CHAN_WIDTH_40)
412 alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; 414 alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
413 415
414 if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) { 416 if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) {
@@ -426,6 +428,228 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
426 */ 428 */
427} 429}
428 430
431static void rate_fixup_ratelist(struct ieee80211_vif *vif,
432 struct ieee80211_supported_band *sband,
433 struct ieee80211_tx_info *info,
434 struct ieee80211_tx_rate *rates,
435 int max_rates)
436{
437 struct ieee80211_rate *rate;
438 bool inval = false;
439 int i;
440
441 /*
442 * Set up the RTS/CTS rate as the fastest basic rate
443 * that is not faster than the data rate unless there
444 * is no basic rate slower than the data rate, in which
445 * case we pick the slowest basic rate
446 *
447 * XXX: Should this check all retry rates?
448 */
449 if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) {
450 u32 basic_rates = vif->bss_conf.basic_rates;
451 s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0;
452
453 rate = &sband->bitrates[rates[0].idx];
454
455 for (i = 0; i < sband->n_bitrates; i++) {
456 /* must be a basic rate */
457 if (!(basic_rates & BIT(i)))
458 continue;
459 /* must not be faster than the data rate */
460 if (sband->bitrates[i].bitrate > rate->bitrate)
461 continue;
462 /* maximum */
463 if (sband->bitrates[baserate].bitrate <
464 sband->bitrates[i].bitrate)
465 baserate = i;
466 }
467
468 info->control.rts_cts_rate_idx = baserate;
469 }
470
471 for (i = 0; i < max_rates; i++) {
472 /*
473 * make sure there's no valid rate following
474 * an invalid one, just in case drivers don't
475 * take the API seriously to stop at -1.
476 */
477 if (inval) {
478 rates[i].idx = -1;
479 continue;
480 }
481 if (rates[i].idx < 0) {
482 inval = true;
483 continue;
484 }
485
486 /*
487 * For now assume MCS is already set up correctly, this
488 * needs to be fixed.
489 */
490 if (rates[i].flags & IEEE80211_TX_RC_MCS) {
491 WARN_ON(rates[i].idx > 76);
492
493 if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) &&
494 info->control.use_cts_prot)
495 rates[i].flags |=
496 IEEE80211_TX_RC_USE_CTS_PROTECT;
497 continue;
498 }
499
500 if (rates[i].flags & IEEE80211_TX_RC_VHT_MCS) {
501 WARN_ON(ieee80211_rate_get_vht_mcs(&rates[i]) > 9);
502 continue;
503 }
504
505 /* set up RTS protection if desired */
506 if (info->control.use_rts) {
507 rates[i].flags |= IEEE80211_TX_RC_USE_RTS_CTS;
508 info->control.use_cts_prot = false;
509 }
510
511 /* RC is busted */
512 if (WARN_ON_ONCE(rates[i].idx >= sband->n_bitrates)) {
513 rates[i].idx = -1;
514 continue;
515 }
516
517 rate = &sband->bitrates[rates[i].idx];
518
519 /* set up short preamble */
520 if (info->control.short_preamble &&
521 rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
522 rates[i].flags |= IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
523
524 /* set up G protection */
525 if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) &&
526 info->control.use_cts_prot &&
527 rate->flags & IEEE80211_RATE_ERP_G)
528 rates[i].flags |= IEEE80211_TX_RC_USE_CTS_PROTECT;
529 }
530}
531
532
533static void rate_control_fill_sta_table(struct ieee80211_sta *sta,
534 struct ieee80211_tx_info *info,
535 struct ieee80211_tx_rate *rates,
536 int max_rates)
537{
538 struct ieee80211_sta_rates *ratetbl = NULL;
539 int i;
540
541 if (sta && !info->control.skip_table)
542 ratetbl = rcu_dereference(sta->rates);
543
544 /* Fill remaining rate slots with data from the sta rate table. */
545 max_rates = min_t(int, max_rates, IEEE80211_TX_RATE_TABLE_SIZE);
546 for (i = 0; i < max_rates; i++) {
547 if (i < ARRAY_SIZE(info->control.rates) &&
548 info->control.rates[i].idx >= 0 &&
549 info->control.rates[i].count) {
550 if (rates != info->control.rates)
551 rates[i] = info->control.rates[i];
552 } else if (ratetbl) {
553 rates[i].idx = ratetbl->rate[i].idx;
554 rates[i].flags = ratetbl->rate[i].flags;
555 if (info->control.use_rts)
556 rates[i].count = ratetbl->rate[i].count_rts;
557 else if (info->control.use_cts_prot)
558 rates[i].count = ratetbl->rate[i].count_cts;
559 else
560 rates[i].count = ratetbl->rate[i].count;
561 } else {
562 rates[i].idx = -1;
563 rates[i].count = 0;
564 }
565
566 if (rates[i].idx < 0 || !rates[i].count)
567 break;
568 }
569}
570
571static void rate_control_apply_mask(struct ieee80211_sub_if_data *sdata,
572 struct ieee80211_sta *sta,
573 struct ieee80211_supported_band *sband,
574 struct ieee80211_tx_info *info,
575 struct ieee80211_tx_rate *rates,
576 int max_rates)
577{
578 enum nl80211_chan_width chan_width;
579 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN];
580 bool has_mcs_mask;
581 u32 mask;
582 int i;
583
584 /*
585 * Try to enforce the rateidx mask the user wanted. skip this if the
586 * default mask (allow all rates) is used to save some processing for
587 * the common case.
588 */
589 mask = sdata->rc_rateidx_mask[info->band];
590 has_mcs_mask = sdata->rc_has_mcs_mask[info->band];
591 if (mask == (1 << sband->n_bitrates) - 1 && !has_mcs_mask)
592 return;
593
594 if (has_mcs_mask)
595 memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band],
596 sizeof(mcs_mask));
597 else
598 memset(mcs_mask, 0xff, sizeof(mcs_mask));
599
600 if (sta) {
601 /* Filter out rates that the STA does not support */
602 mask &= sta->supp_rates[info->band];
603 for (i = 0; i < sizeof(mcs_mask); i++)
604 mcs_mask[i] &= sta->ht_cap.mcs.rx_mask[i];
605 }
606
607 /*
608 * Make sure the rate index selected for each TX rate is
609 * included in the configured mask and change the rate indexes
610 * if needed.
611 */
612 chan_width = sdata->vif.bss_conf.chandef.width;
613 for (i = 0; i < max_rates; i++) {
614 /* Skip invalid rates */
615 if (rates[i].idx < 0)
616 break;
617
618 rate_idx_match_mask(&rates[i], sband, mask, chan_width,
619 mcs_mask);
620 }
621}
622
623void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
624 struct ieee80211_sta *sta,
625 struct sk_buff *skb,
626 struct ieee80211_tx_rate *dest,
627 int max_rates)
628{
629 struct ieee80211_sub_if_data *sdata;
630 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
631 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
632 struct ieee80211_supported_band *sband;
633
634 rate_control_fill_sta_table(sta, info, dest, max_rates);
635
636 if (!vif)
637 return;
638
639 sdata = vif_to_sdata(vif);
640 sband = sdata->local->hw.wiphy->bands[info->band];
641
642 if (ieee80211_is_data(hdr->frame_control))
643 rate_control_apply_mask(sdata, sta, sband, info, dest, max_rates);
644
645 if (dest[0].idx < 0)
646 __rate_control_send_low(&sdata->local->hw, sband, sta, info);
647
648 if (sta)
649 rate_fixup_ratelist(vif, sband, info, dest, max_rates);
650}
651EXPORT_SYMBOL(ieee80211_get_tx_rates);
652
429void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, 653void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
430 struct sta_info *sta, 654 struct sta_info *sta,
431 struct ieee80211_tx_rate_control *txrc) 655 struct ieee80211_tx_rate_control *txrc)
@@ -435,8 +659,6 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
435 struct ieee80211_sta *ista = NULL; 659 struct ieee80211_sta *ista = NULL;
436 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 660 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
437 int i; 661 int i;
438 u32 mask;
439 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN];
440 662
441 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) { 663 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) {
442 ista = &sta->sta; 664 ista = &sta->sta;
@@ -454,37 +676,27 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
454 676
455 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); 677 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc);
456 678
457 /* 679 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_RC_TABLE)
458 * Try to enforce the rateidx mask the user wanted. skip this if the 680 return;
459 * default mask (allow all rates) is used to save some processing for 681
460 * the common case. 682 ieee80211_get_tx_rates(&sdata->vif, ista, txrc->skb,
461 */ 683 info->control.rates,
462 mask = sdata->rc_rateidx_mask[info->band]; 684 ARRAY_SIZE(info->control.rates));
463 memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band], 685}
464 sizeof(mcs_mask));
465 if (mask != (1 << txrc->sband->n_bitrates) - 1) {
466 if (sta) {
467 /* Filter out rates that the STA does not support */
468 mask &= sta->sta.supp_rates[info->band];
469 for (i = 0; i < sizeof(mcs_mask); i++)
470 mcs_mask[i] &= sta->sta.ht_cap.mcs.rx_mask[i];
471 }
472 /*
473 * Make sure the rate index selected for each TX rate is
474 * included in the configured mask and change the rate indexes
475 * if needed.
476 */
477 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
478 /* Skip invalid rates */
479 if (info->control.rates[i].idx < 0)
480 break;
481 rate_idx_match_mask(&info->control.rates[i], txrc,
482 mask, mcs_mask);
483 }
484 }
485 686
486 BUG_ON(info->control.rates[0].idx < 0); 687int rate_control_set_rates(struct ieee80211_hw *hw,
688 struct ieee80211_sta *pubsta,
689 struct ieee80211_sta_rates *rates)
690{
691 struct ieee80211_sta_rates *old = rcu_dereference(pubsta->rates);
692
693 rcu_assign_pointer(pubsta->rates, rates);
694 if (old)
695 kfree_rcu(old, rcu_head);
696
697 return 0;
487} 698}
699EXPORT_SYMBOL(rate_control_set_rates);
488 700
489int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 701int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
490 const char *name) 702 const char *name)
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 1c36c9b4fa4a..ac7ef5414bde 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -84,6 +84,50 @@ minstrel_sort_best_tp_rates(struct minstrel_sta_info *mi, int i, u8 *tp_list)
84} 84}
85 85
86static void 86static void
87minstrel_set_rate(struct minstrel_sta_info *mi, struct ieee80211_sta_rates *ratetbl,
88 int offset, int idx)
89{
90 struct minstrel_rate *r = &mi->r[idx];
91
92 ratetbl->rate[offset].idx = r->rix;
93 ratetbl->rate[offset].count = r->adjusted_retry_count;
94 ratetbl->rate[offset].count_cts = r->retry_count_cts;
95 ratetbl->rate[offset].count_rts = r->retry_count_rtscts;
96}
97
98static void
99minstrel_update_rates(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
100{
101 struct ieee80211_sta_rates *ratetbl;
102 int i = 0;
103
104 ratetbl = kzalloc(sizeof(*ratetbl), GFP_ATOMIC);
105 if (!ratetbl)
106 return;
107
108 /* Start with max_tp_rate */
109 minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[0]);
110
111 if (mp->hw->max_rates >= 3) {
112 /* At least 3 tx rates supported, use max_tp_rate2 next */
113 minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[1]);
114 }
115
116 if (mp->hw->max_rates >= 2) {
117 /* At least 2 tx rates supported, use max_prob_rate next */
118 minstrel_set_rate(mi, ratetbl, i++, mi->max_prob_rate);
119 }
120
121 /* Use lowest rate last */
122 ratetbl->rate[i].idx = mi->lowest_rix;
123 ratetbl->rate[i].count = mp->max_retry;
124 ratetbl->rate[i].count_cts = mp->max_retry;
125 ratetbl->rate[i].count_rts = mp->max_retry;
126
127 rate_control_set_rates(mp->hw, mi->sta, ratetbl);
128}
129
130static void
87minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi) 131minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
88{ 132{
89 u8 tmp_tp_rate[MAX_THR_RATES]; 133 u8 tmp_tp_rate[MAX_THR_RATES];
@@ -161,6 +205,8 @@ minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
161 205
162 /* Reset update timer */ 206 /* Reset update timer */
163 mi->stats_update = jiffies; 207 mi->stats_update = jiffies;
208
209 minstrel_update_rates(mp, mi);
164} 210}
165 211
166static void 212static void
@@ -209,9 +255,9 @@ minstrel_get_retry_count(struct minstrel_rate *mr,
209{ 255{
210 unsigned int retry = mr->adjusted_retry_count; 256 unsigned int retry = mr->adjusted_retry_count;
211 257
212 if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) 258 if (info->control.use_rts)
213 retry = max(2U, min(mr->retry_count_rtscts, retry)); 259 retry = max(2U, min(mr->retry_count_rtscts, retry));
214 else if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) 260 else if (info->control.use_cts_prot)
215 retry = max(2U, min(mr->retry_count_cts, retry)); 261 retry = max(2U, min(mr->retry_count_cts, retry));
216 return retry; 262 return retry;
217} 263}
@@ -240,13 +286,12 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
240 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 286 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
241 struct minstrel_sta_info *mi = priv_sta; 287 struct minstrel_sta_info *mi = priv_sta;
242 struct minstrel_priv *mp = priv; 288 struct minstrel_priv *mp = priv;
243 struct ieee80211_tx_rate *ar = info->control.rates; 289 struct ieee80211_tx_rate *rate = &info->control.rates[0];
244 unsigned int ndx, sample_ndx = 0; 290 struct minstrel_rate *msr, *mr;
291 unsigned int ndx;
245 bool mrr_capable; 292 bool mrr_capable;
246 bool indirect_rate_sampling = false; 293 bool prev_sample = mi->prev_sample;
247 bool rate_sampling = false; 294 int delta;
248 int i, delta;
249 int mrr_ndx[3];
250 int sampling_ratio; 295 int sampling_ratio;
251 296
252 /* management/no-ack frames do not use rate control */ 297 /* management/no-ack frames do not use rate control */
@@ -262,107 +307,75 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
262 else 307 else
263 sampling_ratio = mp->lookaround_rate; 308 sampling_ratio = mp->lookaround_rate;
264 309
265 /* init rateindex [ndx] with max throughput rate */
266 ndx = mi->max_tp_rate[0];
267
268 /* increase sum packet counter */ 310 /* increase sum packet counter */
269 mi->packet_count++; 311 mi->packet_count++;
270 312
271 delta = (mi->packet_count * sampling_ratio / 100) - 313 delta = (mi->packet_count * sampling_ratio / 100) -
272 (mi->sample_count + mi->sample_deferred / 2); 314 (mi->sample_count + mi->sample_deferred / 2);
273 315
274 /* delta > 0: sampling required */ 316 /* delta < 0: no sampling required */
275 if ((delta > 0) && (mrr_capable || !mi->prev_sample)) { 317 mi->prev_sample = false;
276 struct minstrel_rate *msr; 318 if (delta < 0 || (!mrr_capable && prev_sample))
277 if (mi->packet_count >= 10000) { 319 return;
278 mi->sample_deferred = 0;
279 mi->sample_count = 0;
280 mi->packet_count = 0;
281 } else if (delta > mi->n_rates * 2) {
282 /* With multi-rate retry, not every planned sample
283 * attempt actually gets used, due to the way the retry
284 * chain is set up - [max_tp,sample,prob,lowest] for
285 * sample_rate < max_tp.
286 *
287 * If there's too much sampling backlog and the link
288 * starts getting worse, minstrel would start bursting
289 * out lots of sampling frames, which would result
290 * in a large throughput loss. */
291 mi->sample_count += (delta - mi->n_rates * 2);
292 }
293 320
294 /* get next random rate sample */ 321 if (mi->packet_count >= 10000) {
295 sample_ndx = minstrel_get_next_sample(mi); 322 mi->sample_deferred = 0;
296 msr = &mi->r[sample_ndx]; 323 mi->sample_count = 0;
297 rate_sampling = true; 324 mi->packet_count = 0;
298 325 } else if (delta > mi->n_rates * 2) {
299 /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage) 326 /* With multi-rate retry, not every planned sample
300 * rate sampling method should be used. 327 * attempt actually gets used, due to the way the retry
301 * Respect such rates that are not sampled for 20 interations. 328 * chain is set up - [max_tp,sample,prob,lowest] for
302 */ 329 * sample_rate < max_tp.
303 if (mrr_capable && 330 *
304 msr->perfect_tx_time > mi->r[ndx].perfect_tx_time && 331 * If there's too much sampling backlog and the link
305 msr->sample_skipped < 20) 332 * starts getting worse, minstrel would start bursting
306 indirect_rate_sampling = true; 333 * out lots of sampling frames, which would result
307 334 * in a large throughput loss. */
308 if (!indirect_rate_sampling) { 335 mi->sample_count += (delta - mi->n_rates * 2);
309 if (msr->sample_limit != 0) { 336 }
310 ndx = sample_ndx; 337
311 mi->sample_count++; 338 /* get next random rate sample */
312 if (msr->sample_limit > 0) 339 ndx = minstrel_get_next_sample(mi);
313 msr->sample_limit--; 340 msr = &mi->r[ndx];
314 } else 341 mr = &mi->r[mi->max_tp_rate[0]];
315 rate_sampling = false; 342
316 } else { 343 /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage)
317 /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark 344 * rate sampling method should be used.
318 * packets that have the sampling rate deferred to the 345 * Respect such rates that are not sampled for 20 interations.
319 * second MRR stage. Increase the sample counter only 346 */
320 * if the deferred sample rate was actually used. 347 if (mrr_capable &&
321 * Use the sample_deferred counter to make sure that 348 msr->perfect_tx_time > mr->perfect_tx_time &&
322 * the sampling is not done in large bursts */ 349 msr->sample_skipped < 20) {
323 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; 350 /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark
324 mi->sample_deferred++; 351 * packets that have the sampling rate deferred to the
325 } 352 * second MRR stage. Increase the sample counter only
353 * if the deferred sample rate was actually used.
354 * Use the sample_deferred counter to make sure that
355 * the sampling is not done in large bursts */
356 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
357 rate++;
358 mi->sample_deferred++;
359 } else {
360 if (!msr->sample_limit != 0)
361 return;
362
363 mi->sample_count++;
364 if (msr->sample_limit > 0)
365 msr->sample_limit--;
326 } 366 }
327 mi->prev_sample = rate_sampling;
328 367
329 /* If we're not using MRR and the sampling rate already 368 /* If we're not using MRR and the sampling rate already
330 * has a probability of >95%, we shouldn't be attempting 369 * has a probability of >95%, we shouldn't be attempting
331 * to use it, as this only wastes precious airtime */ 370 * to use it, as this only wastes precious airtime */
332 if (!mrr_capable && rate_sampling && 371 if (!mrr_capable &&
333 (mi->r[ndx].probability > MINSTREL_FRAC(95, 100))) 372 (mi->r[ndx].probability > MINSTREL_FRAC(95, 100)))
334 ndx = mi->max_tp_rate[0];
335
336 /* mrr setup for 1st stage */
337 ar[0].idx = mi->r[ndx].rix;
338 ar[0].count = minstrel_get_retry_count(&mi->r[ndx], info);
339
340 /* non mrr setup for 2nd stage */
341 if (!mrr_capable) {
342 if (!rate_sampling)
343 ar[0].count = mp->max_retry;
344 ar[1].idx = mi->lowest_rix;
345 ar[1].count = mp->max_retry;
346 return; 373 return;
347 }
348 374
349 /* mrr setup for 2nd stage */ 375 mi->prev_sample = true;
350 if (rate_sampling) {
351 if (indirect_rate_sampling)
352 mrr_ndx[0] = sample_ndx;
353 else
354 mrr_ndx[0] = mi->max_tp_rate[0];
355 } else {
356 mrr_ndx[0] = mi->max_tp_rate[1];
357 }
358 376
359 /* mrr setup for 3rd & 4th stage */ 377 rate->idx = mi->r[ndx].rix;
360 mrr_ndx[1] = mi->max_prob_rate; 378 rate->count = minstrel_get_retry_count(&mi->r[ndx], info);
361 mrr_ndx[2] = 0;
362 for (i = 1; i < 4; i++) {
363 ar[i].idx = mi->r[mrr_ndx[i - 1]].rix;
364 ar[i].count = mi->r[mrr_ndx[i - 1]].adjusted_retry_count;
365 }
366} 379}
367 380
368 381
@@ -412,12 +425,16 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
412 unsigned int i, n = 0; 425 unsigned int i, n = 0;
413 unsigned int t_slot = 9; /* FIXME: get real slot time */ 426 unsigned int t_slot = 9; /* FIXME: get real slot time */
414 427
428 mi->sta = sta;
415 mi->lowest_rix = rate_lowest_index(sband, sta); 429 mi->lowest_rix = rate_lowest_index(sband, sta);
416 ctl_rate = &sband->bitrates[mi->lowest_rix]; 430 ctl_rate = &sband->bitrates[mi->lowest_rix];
417 mi->sp_ack_dur = ieee80211_frame_duration(sband->band, 10, 431 mi->sp_ack_dur = ieee80211_frame_duration(sband->band, 10,
418 ctl_rate->bitrate, 432 ctl_rate->bitrate,
419 !!(ctl_rate->flags & IEEE80211_RATE_ERP_G), 1); 433 !!(ctl_rate->flags & IEEE80211_RATE_ERP_G), 1);
420 434
435 memset(mi->max_tp_rate, 0, sizeof(mi->max_tp_rate));
436 mi->max_prob_rate = 0;
437
421 for (i = 0; i < sband->n_bitrates; i++) { 438 for (i = 0; i < sband->n_bitrates; i++) {
422 struct minstrel_rate *mr = &mi->r[n]; 439 struct minstrel_rate *mr = &mi->r[n];
423 unsigned int tx_time = 0, tx_time_cts = 0, tx_time_rtscts = 0; 440 unsigned int tx_time = 0, tx_time_cts = 0, tx_time_rtscts = 0;
@@ -460,6 +477,8 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
460 } while ((tx_time < mp->segment_size) && 477 } while ((tx_time < mp->segment_size) &&
461 (++mr->retry_count < mp->max_retry)); 478 (++mr->retry_count < mp->max_retry));
462 mr->adjusted_retry_count = mr->retry_count; 479 mr->adjusted_retry_count = mr->retry_count;
480 if (!(sband->bitrates[i].flags & IEEE80211_RATE_ERP_G))
481 mr->retry_count_cts = mr->retry_count;
463 } 482 }
464 483
465 for (i = n; i < sband->n_bitrates; i++) { 484 for (i = n; i < sband->n_bitrates; i++) {
@@ -471,6 +490,7 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
471 mi->stats_update = jiffies; 490 mi->stats_update = jiffies;
472 491
473 init_sample_table(mi); 492 init_sample_table(mi);
493 minstrel_update_rates(mp, mi);
474} 494}
475 495
476static void * 496static void *
diff --git a/net/mac80211/rc80211_minstrel.h b/net/mac80211/rc80211_minstrel.h
index 85ebf42cb46d..f4301f4b2e41 100644
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -9,7 +9,8 @@
9#ifndef __RC_MINSTREL_H 9#ifndef __RC_MINSTREL_H
10#define __RC_MINSTREL_H 10#define __RC_MINSTREL_H
11 11
12#define EWMA_LEVEL 75 /* ewma weighting factor [%] */ 12#define EWMA_LEVEL 96 /* ewma weighting factor [/EWMA_DIV] */
13#define EWMA_DIV 128
13#define SAMPLE_COLUMNS 10 /* number of columns in sample table */ 14#define SAMPLE_COLUMNS 10 /* number of columns in sample table */
14 15
15 16
@@ -27,7 +28,7 @@
27static inline int 28static inline int
28minstrel_ewma(int old, int new, int weight) 29minstrel_ewma(int old, int new, int weight)
29{ 30{
30 return (new * (100 - weight) + old * weight) / 100; 31 return (new * (EWMA_DIV - weight) + old * weight) / EWMA_DIV;
31} 32}
32 33
33 34
@@ -62,6 +63,8 @@ struct minstrel_rate {
62}; 63};
63 64
64struct minstrel_sta_info { 65struct minstrel_sta_info {
66 struct ieee80211_sta *sta;
67
65 unsigned long stats_update; 68 unsigned long stats_update;
66 unsigned int sp_ack_dur; 69 unsigned int sp_ack_dur;
67 unsigned int rate_avg; 70 unsigned int rate_avg;
diff --git a/net/mac80211/rc80211_minstrel_debugfs.c b/net/mac80211/rc80211_minstrel_debugfs.c
index d1048348d399..fd0b9ca1570e 100644
--- a/net/mac80211/rc80211_minstrel_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_debugfs.c
@@ -68,7 +68,7 @@ minstrel_stats_open(struct inode *inode, struct file *file)
68 68
69 file->private_data = ms; 69 file->private_data = ms;
70 p = ms->buf; 70 p = ms->buf;
71 p += sprintf(p, "rate throughput ewma prob this prob " 71 p += sprintf(p, "rate throughput ewma prob this prob "
72 "this succ/attempt success attempts\n"); 72 "this succ/attempt success attempts\n");
73 for (i = 0; i < mi->n_rates; i++) { 73 for (i = 0; i < mi->n_rates; i++) {
74 struct minstrel_rate *mr = &mi->r[i]; 74 struct minstrel_rate *mr = &mi->r[i];
@@ -86,7 +86,7 @@ minstrel_stats_open(struct inode *inode, struct file *file)
86 eprob = MINSTREL_TRUNC(mr->probability * 1000); 86 eprob = MINSTREL_TRUNC(mr->probability * 1000);
87 87
88 p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u " 88 p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u "
89 "%3u(%3u) %8llu %8llu\n", 89 " %3u(%3u) %8llu %8llu\n",
90 tp / 10, tp % 10, 90 tp / 10, tp % 10,
91 eprob / 10, eprob % 10, 91 eprob / 10, eprob % 10,
92 prob / 10, prob % 10, 92 prob / 10, prob % 10,
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index d2b264d1311d..5b2d3012b983 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -126,6 +126,9 @@ const struct mcs_group minstrel_mcs_groups[] = {
126 126
127static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES]; 127static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES];
128 128
129static void
130minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi);
131
129/* 132/*
130 * Look up an MCS group index based on mac80211 rate information 133 * Look up an MCS group index based on mac80211 rate information
131 */ 134 */
@@ -244,6 +247,7 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
244 struct minstrel_rate_stats *mr; 247 struct minstrel_rate_stats *mr;
245 int cur_prob, cur_prob_tp, cur_tp, cur_tp2; 248 int cur_prob, cur_prob_tp, cur_tp, cur_tp2;
246 int group, i, index; 249 int group, i, index;
250 bool mi_rates_valid = false;
247 251
248 if (mi->ampdu_packets > 0) { 252 if (mi->ampdu_packets > 0) {
249 mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len, 253 mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len,
@@ -254,11 +258,10 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
254 258
255 mi->sample_slow = 0; 259 mi->sample_slow = 0;
256 mi->sample_count = 0; 260 mi->sample_count = 0;
257 mi->max_tp_rate = 0;
258 mi->max_tp_rate2 = 0;
259 mi->max_prob_rate = 0;
260 261
261 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) { 262 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) {
263 bool mg_rates_valid = false;
264
262 cur_prob = 0; 265 cur_prob = 0;
263 cur_prob_tp = 0; 266 cur_prob_tp = 0;
264 cur_tp = 0; 267 cur_tp = 0;
@@ -268,15 +271,24 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
268 if (!mg->supported) 271 if (!mg->supported)
269 continue; 272 continue;
270 273
271 mg->max_tp_rate = 0;
272 mg->max_tp_rate2 = 0;
273 mg->max_prob_rate = 0;
274 mi->sample_count++; 274 mi->sample_count++;
275 275
276 for (i = 0; i < MCS_GROUP_RATES; i++) { 276 for (i = 0; i < MCS_GROUP_RATES; i++) {
277 if (!(mg->supported & BIT(i))) 277 if (!(mg->supported & BIT(i)))
278 continue; 278 continue;
279 279
280 /* initialize rates selections starting indexes */
281 if (!mg_rates_valid) {
282 mg->max_tp_rate = mg->max_tp_rate2 =
283 mg->max_prob_rate = i;
284 if (!mi_rates_valid) {
285 mi->max_tp_rate = mi->max_tp_rate2 =
286 mi->max_prob_rate = i;
287 mi_rates_valid = true;
288 }
289 mg_rates_valid = true;
290 }
291
280 mr = &mg->rates[i]; 292 mr = &mg->rates[i];
281 mr->retry_updated = false; 293 mr->retry_updated = false;
282 index = MCS_GROUP_RATES * group + i; 294 index = MCS_GROUP_RATES * group + i;
@@ -456,7 +468,7 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
456 struct ieee80211_tx_rate *ar = info->status.rates; 468 struct ieee80211_tx_rate *ar = info->status.rates;
457 struct minstrel_rate_stats *rate, *rate2; 469 struct minstrel_rate_stats *rate, *rate2;
458 struct minstrel_priv *mp = priv; 470 struct minstrel_priv *mp = priv;
459 bool last; 471 bool last, update = false;
460 int i; 472 int i;
461 473
462 if (!msp->is_ht) 474 if (!msp->is_ht)
@@ -505,21 +517,29 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
505 rate = minstrel_get_ratestats(mi, mi->max_tp_rate); 517 rate = minstrel_get_ratestats(mi, mi->max_tp_rate);
506 if (rate->attempts > 30 && 518 if (rate->attempts > 30 &&
507 MINSTREL_FRAC(rate->success, rate->attempts) < 519 MINSTREL_FRAC(rate->success, rate->attempts) <
508 MINSTREL_FRAC(20, 100)) 520 MINSTREL_FRAC(20, 100)) {
509 minstrel_downgrade_rate(mi, &mi->max_tp_rate, true); 521 minstrel_downgrade_rate(mi, &mi->max_tp_rate, true);
522 update = true;
523 }
510 524
511 rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2); 525 rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2);
512 if (rate2->attempts > 30 && 526 if (rate2->attempts > 30 &&
513 MINSTREL_FRAC(rate2->success, rate2->attempts) < 527 MINSTREL_FRAC(rate2->success, rate2->attempts) <
514 MINSTREL_FRAC(20, 100)) 528 MINSTREL_FRAC(20, 100)) {
515 minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false); 529 minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false);
530 update = true;
531 }
516 532
517 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) { 533 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) {
534 update = true;
518 minstrel_ht_update_stats(mp, mi); 535 minstrel_ht_update_stats(mp, mi);
519 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) && 536 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
520 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP) 537 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP)
521 minstrel_aggr_check(sta, skb); 538 minstrel_aggr_check(sta, skb);
522 } 539 }
540
541 if (update)
542 minstrel_ht_update_rates(mp, mi);
523} 543}
524 544
525static void 545static void
@@ -583,36 +603,71 @@ minstrel_calc_retransmit(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
583 603
584static void 604static void
585minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi, 605minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
586 struct ieee80211_tx_rate *rate, int index, 606 struct ieee80211_sta_rates *ratetbl, int offset, int index)
587 bool sample, bool rtscts)
588{ 607{
589 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES]; 608 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
590 struct minstrel_rate_stats *mr; 609 struct minstrel_rate_stats *mr;
610 u8 idx;
611 u16 flags;
591 612
592 mr = minstrel_get_ratestats(mi, index); 613 mr = minstrel_get_ratestats(mi, index);
593 if (!mr->retry_updated) 614 if (!mr->retry_updated)
594 minstrel_calc_retransmit(mp, mi, index); 615 minstrel_calc_retransmit(mp, mi, index);
595 616
596 if (sample) 617 if (mr->probability < MINSTREL_FRAC(20, 100) || !mr->retry_count) {
597 rate->count = 1; 618 ratetbl->rate[offset].count = 2;
598 else if (mr->probability < MINSTREL_FRAC(20, 100)) 619 ratetbl->rate[offset].count_rts = 2;
599 rate->count = 2; 620 ratetbl->rate[offset].count_cts = 2;
600 else if (rtscts) 621 } else {
601 rate->count = mr->retry_count_rtscts; 622 ratetbl->rate[offset].count = mr->retry_count;
602 else 623 ratetbl->rate[offset].count_cts = mr->retry_count;
603 rate->count = mr->retry_count; 624 ratetbl->rate[offset].count_rts = mr->retry_count_rtscts;
604 625 }
605 rate->flags = 0;
606 if (rtscts)
607 rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS;
608 626
609 if (index / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) { 627 if (index / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) {
610 rate->idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)]; 628 idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)];
629 flags = 0;
630 } else {
631 idx = index % MCS_GROUP_RATES +
632 (group->streams - 1) * MCS_GROUP_RATES;
633 flags = IEEE80211_TX_RC_MCS | group->flags;
634 }
635
636 if (offset > 0) {
637 ratetbl->rate[offset].count = ratetbl->rate[offset].count_rts;
638 flags |= IEEE80211_TX_RC_USE_RTS_CTS;
639 }
640
641 ratetbl->rate[offset].idx = idx;
642 ratetbl->rate[offset].flags = flags;
643}
644
645static void
646minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
647{
648 struct ieee80211_sta_rates *rates;
649 int i = 0;
650
651 rates = kzalloc(sizeof(*rates), GFP_ATOMIC);
652 if (!rates)
611 return; 653 return;
654
655 /* Start with max_tp_rate */
656 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate);
657
658 if (mp->hw->max_rates >= 3) {
659 /* At least 3 tx rates supported, use max_tp_rate2 next */
660 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate2);
661 }
662
663 if (mp->hw->max_rates >= 2) {
664 /*
665 * At least 2 tx rates supported, use max_prob_rate next */
666 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_prob_rate);
612 } 667 }
613 668
614 rate->flags |= IEEE80211_TX_RC_MCS | group->flags; 669 rates->rate[i].idx = -1;
615 rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES; 670 rate_control_set_rates(mp->hw, mi->sta, rates);
616} 671}
617 672
618static inline int 673static inline int
@@ -702,13 +757,13 @@ static void
702minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta, 757minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
703 struct ieee80211_tx_rate_control *txrc) 758 struct ieee80211_tx_rate_control *txrc)
704{ 759{
760 const struct mcs_group *sample_group;
705 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 761 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
706 struct ieee80211_tx_rate *ar = info->status.rates; 762 struct ieee80211_tx_rate *rate = &info->status.rates[0];
707 struct minstrel_ht_sta_priv *msp = priv_sta; 763 struct minstrel_ht_sta_priv *msp = priv_sta;
708 struct minstrel_ht_sta *mi = &msp->ht; 764 struct minstrel_ht_sta *mi = &msp->ht;
709 struct minstrel_priv *mp = priv; 765 struct minstrel_priv *mp = priv;
710 int sample_idx; 766 int sample_idx;
711 bool sample = false;
712 767
713 if (rate_control_send_low(sta, priv_sta, txrc)) 768 if (rate_control_send_low(sta, priv_sta, txrc))
714 return; 769 return;
@@ -736,51 +791,6 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
736 } 791 }
737#endif 792#endif
738 793
739 if (sample_idx >= 0) {
740 sample = true;
741 minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx,
742 true, false);
743 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
744 } else {
745 minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate,
746 false, false);
747 }
748
749 if (mp->hw->max_rates >= 3) {
750 /*
751 * At least 3 tx rates supported, use
752 * sample_rate -> max_tp_rate -> max_prob_rate for sampling and
753 * max_tp_rate -> max_tp_rate2 -> max_prob_rate by default.
754 */
755 if (sample_idx >= 0)
756 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate,
757 false, false);
758 else
759 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2,
760 false, true);
761
762 minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate,
763 false, !sample);
764
765 ar[3].count = 0;
766 ar[3].idx = -1;
767 } else if (mp->hw->max_rates == 2) {
768 /*
769 * Only 2 tx rates supported, use
770 * sample_rate -> max_prob_rate for sampling and
771 * max_tp_rate -> max_prob_rate by default.
772 */
773 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_prob_rate,
774 false, !sample);
775
776 ar[2].count = 0;
777 ar[2].idx = -1;
778 } else {
779 /* Not using MRR, only use the first rate */
780 ar[1].count = 0;
781 ar[1].idx = -1;
782 }
783
784 mi->total_packets++; 794 mi->total_packets++;
785 795
786 /* wraparound */ 796 /* wraparound */
@@ -788,6 +798,16 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
788 mi->total_packets = 0; 798 mi->total_packets = 0;
789 mi->sample_packets = 0; 799 mi->sample_packets = 0;
790 } 800 }
801
802 if (sample_idx < 0)
803 return;
804
805 sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES];
806 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
807 rate->idx = sample_idx % MCS_GROUP_RATES +
808 (sample_group->streams - 1) * MCS_GROUP_RATES;
809 rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags;
810 rate->count = 1;
791} 811}
792 812
793static void 813static void
@@ -837,6 +857,8 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
837 857
838 msp->is_ht = true; 858 msp->is_ht = true;
839 memset(mi, 0, sizeof(*mi)); 859 memset(mi, 0, sizeof(*mi));
860
861 mi->sta = sta;
840 mi->stats_update = jiffies; 862 mi->stats_update = jiffies;
841 863
842 ack_dur = ieee80211_frame_duration(sband->band, 10, 60, 1, 1); 864 ack_dur = ieee80211_frame_duration(sband->band, 10, 60, 1, 1);
@@ -898,6 +920,10 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
898 if (!n_supported) 920 if (!n_supported)
899 goto use_legacy; 921 goto use_legacy;
900 922
923 /* create an initial rate table with the lowest supported rates */
924 minstrel_ht_update_stats(mp, mi);
925 minstrel_ht_update_rates(mp, mi);
926
901 return; 927 return;
902 928
903use_legacy: 929use_legacy:
diff --git a/net/mac80211/rc80211_minstrel_ht.h b/net/mac80211/rc80211_minstrel_ht.h
index 9b16e9de9923..d655586773ac 100644
--- a/net/mac80211/rc80211_minstrel_ht.h
+++ b/net/mac80211/rc80211_minstrel_ht.h
@@ -65,6 +65,8 @@ struct minstrel_mcs_group_data {
65}; 65};
66 66
67struct minstrel_ht_sta { 67struct minstrel_ht_sta {
68 struct ieee80211_sta *sta;
69
68 /* ampdu length (average, per sampling interval) */ 70 /* ampdu length (average, per sampling interval) */
69 unsigned int ampdu_len; 71 unsigned int ampdu_len;
70 unsigned int ampdu_packets; 72 unsigned int ampdu_packets;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 2528b5a4d6d4..c8447af76ead 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2085,6 +2085,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2085 } 2085 }
2086 2086
2087 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 2087 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
2088 fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY);
2088 info = IEEE80211_SKB_CB(fwd_skb); 2089 info = IEEE80211_SKB_CB(fwd_skb);
2089 memset(info, 0, sizeof(*info)); 2090 memset(info, 0, sizeof(*info));
2090 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 2091 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
@@ -2423,6 +2424,22 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2423 } 2424 }
2424 2425
2425 break; 2426 break;
2427 case WLAN_CATEGORY_PUBLIC:
2428 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2429 goto invalid;
2430 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2431 break;
2432 if (!rx->sta)
2433 break;
2434 if (!ether_addr_equal(mgmt->bssid, sdata->u.mgd.bssid))
2435 break;
2436 if (mgmt->u.action.u.ext_chan_switch.action_code !=
2437 WLAN_PUB_ACTION_EXT_CHANSW_ANN)
2438 break;
2439 if (len < offsetof(struct ieee80211_mgmt,
2440 u.action.u.ext_chan_switch.variable))
2441 goto invalid;
2442 goto queue;
2426 case WLAN_CATEGORY_VHT: 2443 case WLAN_CATEGORY_VHT:
2427 if (sdata->vif.type != NL80211_IFTYPE_STATION && 2444 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2428 sdata->vif.type != NL80211_IFTYPE_MESH_POINT && 2445 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
@@ -2506,10 +2523,6 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2506 ieee80211_process_measurement_req(sdata, mgmt, len); 2523 ieee80211_process_measurement_req(sdata, mgmt, len);
2507 goto handled; 2524 goto handled;
2508 case WLAN_ACTION_SPCT_CHL_SWITCH: 2525 case WLAN_ACTION_SPCT_CHL_SWITCH:
2509 if (len < (IEEE80211_MIN_ACTION_SIZE +
2510 sizeof(mgmt->u.action.u.chan_switch)))
2511 break;
2512
2513 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2526 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2514 break; 2527 break;
2515 2528
@@ -3042,7 +3055,8 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
3042 !ieee80211_is_probe_resp(hdr->frame_control) && 3055 !ieee80211_is_probe_resp(hdr->frame_control) &&
3043 !ieee80211_is_beacon(hdr->frame_control)) 3056 !ieee80211_is_beacon(hdr->frame_control))
3044 return 0; 3057 return 0;
3045 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1)) 3058 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1) &&
3059 !multicast)
3046 status->rx_flags &= ~IEEE80211_RX_RA_MATCH; 3060 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3047 break; 3061 break;
3048 default: 3062 default:
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index cb34cbbaa20c..99b103921a4b 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -98,9 +98,8 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
98 } 98 }
99 99
100 /* save the ERP value so that it is available at association time */ 100 /* save the ERP value so that it is available at association time */
101 if (elems->erp_info && elems->erp_info_len >= 1 && 101 if (elems->erp_info && (!elems->parse_error ||
102 (!elems->parse_error || 102 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
103 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
104 bss->erp_value = elems->erp_info[0]; 103 bss->erp_value = elems->erp_info[0];
105 bss->has_erp_value = true; 104 bss->has_erp_value = true;
106 if (!elems->parse_error) 105 if (!elems->parse_error)
@@ -182,7 +181,7 @@ void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
182 if (baselen > skb->len) 181 if (baselen > skb->len)
183 return; 182 return;
184 183
185 ieee802_11_parse_elems(elements, skb->len - baselen, &elems); 184 ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems);
186 185
187 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 186 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
188 187
@@ -384,7 +383,7 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
384{ 383{
385 int i; 384 int i;
386 struct ieee80211_sub_if_data *sdata; 385 struct ieee80211_sub_if_data *sdata;
387 enum ieee80211_band band = local->hw.conf.channel->band; 386 enum ieee80211_band band = local->hw.conf.chandef.chan->band;
388 u32 tx_flags; 387 u32 tx_flags;
389 388
390 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 389 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
@@ -401,7 +400,7 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
401 local->scan_req->ssids[i].ssid_len, 400 local->scan_req->ssids[i].ssid_len,
402 local->scan_req->ie, local->scan_req->ie_len, 401 local->scan_req->ie, local->scan_req->ie_len,
403 local->scan_req->rates[band], false, 402 local->scan_req->rates[band], false,
404 tx_flags, local->hw.conf.channel, true); 403 tx_flags, local->hw.conf.chandef.chan, true);
405 404
406 /* 405 /*
407 * After sending probe requests, wait for probe responses 406 * After sending probe requests, wait for probe responses
@@ -467,7 +466,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
467 if (local->ops->hw_scan) { 466 if (local->ops->hw_scan) {
468 __set_bit(SCAN_HW_SCANNING, &local->scanning); 467 __set_bit(SCAN_HW_SCANNING, &local->scanning);
469 } else if ((req->n_channels == 1) && 468 } else if ((req->n_channels == 1) &&
470 (req->channels[0] == local->_oper_channel)) { 469 (req->channels[0] == local->_oper_chandef.chan)) {
471 /* 470 /*
472 * If we are scanning only on the operating channel 471 * If we are scanning only on the operating channel
473 * then we do not need to stop normal activities 472 * then we do not need to stop normal activities
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index c5899797a8d4..c215fafd7a2f 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -28,27 +28,27 @@
28#define VIF_PR_FMT " vif:%s(%d%s)" 28#define VIF_PR_FMT " vif:%s(%d%s)"
29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : "" 29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : ""
30 30
31#define CHANDEF_ENTRY __field(u32, control_freq) \ 31#define CHANDEF_ENTRY __field(u32, control_freq) \
32 __field(u32, chan_width) \ 32 __field(u32, chan_width) \
33 __field(u32, center_freq1) \ 33 __field(u32, center_freq1) \
34 __field(u32, center_freq2) 34 __field(u32, center_freq2)
35#define CHANDEF_ASSIGN(c) \ 35#define CHANDEF_ASSIGN(c) \
36 __entry->control_freq = (c)->chan->center_freq; \ 36 __entry->control_freq = (c)->chan ? (c)->chan->center_freq : 0; \
37 __entry->chan_width = (c)->width; \ 37 __entry->chan_width = (c)->width; \
38 __entry->center_freq1 = (c)->center_freq1; \ 38 __entry->center_freq1 = (c)->center_freq1; \
39 __entry->center_freq2 = (c)->center_freq2; 39 __entry->center_freq2 = (c)->center_freq2;
40#define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz" 40#define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz"
41#define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \ 41#define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \
42 __entry->center_freq1, __entry->center_freq2 42 __entry->center_freq1, __entry->center_freq2
43 43
44#define CHANCTX_ENTRY CHANDEF_ENTRY \ 44#define CHANCTX_ENTRY CHANDEF_ENTRY \
45 __field(u8, rx_chains_static) \ 45 __field(u8, rx_chains_static) \
46 __field(u8, rx_chains_dynamic) 46 __field(u8, rx_chains_dynamic)
47#define CHANCTX_ASSIGN CHANDEF_ASSIGN(&ctx->conf.def) \ 47#define CHANCTX_ASSIGN CHANDEF_ASSIGN(&ctx->conf.def) \
48 __entry->rx_chains_static = ctx->conf.rx_chains_static; \ 48 __entry->rx_chains_static = ctx->conf.rx_chains_static; \
49 __entry->rx_chains_dynamic = ctx->conf.rx_chains_dynamic 49 __entry->rx_chains_dynamic = ctx->conf.rx_chains_dynamic
50#define CHANCTX_PR_FMT CHANDEF_PR_FMT " chains:%d/%d" 50#define CHANCTX_PR_FMT CHANDEF_PR_FMT " chains:%d/%d"
51#define CHANCTX_PR_ARG CHANDEF_PR_ARG, \ 51#define CHANCTX_PR_ARG CHANDEF_PR_ARG, \
52 __entry->rx_chains_static, __entry->rx_chains_dynamic 52 __entry->rx_chains_static, __entry->rx_chains_dynamic
53 53
54 54
@@ -286,8 +286,7 @@ TRACE_EVENT(drv_config,
286 __field(u16, listen_interval) 286 __field(u16, listen_interval)
287 __field(u8, long_frame_max_tx_count) 287 __field(u8, long_frame_max_tx_count)
288 __field(u8, short_frame_max_tx_count) 288 __field(u8, short_frame_max_tx_count)
289 __field(int, center_freq) 289 CHANDEF_ENTRY
290 __field(int, channel_type)
291 __field(int, smps) 290 __field(int, smps)
292 ), 291 ),
293 292
@@ -303,15 +302,13 @@ TRACE_EVENT(drv_config,
303 local->hw.conf.long_frame_max_tx_count; 302 local->hw.conf.long_frame_max_tx_count;
304 __entry->short_frame_max_tx_count = 303 __entry->short_frame_max_tx_count =
305 local->hw.conf.short_frame_max_tx_count; 304 local->hw.conf.short_frame_max_tx_count;
306 __entry->center_freq = local->hw.conf.channel ? 305 CHANDEF_ASSIGN(&local->hw.conf.chandef)
307 local->hw.conf.channel->center_freq : 0;
308 __entry->channel_type = local->hw.conf.channel_type;
309 __entry->smps = local->hw.conf.smps_mode; 306 __entry->smps = local->hw.conf.smps_mode;
310 ), 307 ),
311 308
312 TP_printk( 309 TP_printk(
313 LOCAL_PR_FMT " ch:%#x freq:%d", 310 LOCAL_PR_FMT " ch:%#x" CHANDEF_PR_FMT,
314 LOCAL_PR_ARG, __entry->changed, __entry->center_freq 311 LOCAL_PR_ARG, __entry->changed, CHANDEF_PR_ARG
315 ) 312 )
316); 313);
317 314
@@ -359,8 +356,7 @@ TRACE_EVENT(drv_bss_info_changed,
359 __dynamic_array(u8, ssid, info->ssid_len); 356 __dynamic_array(u8, ssid, info->ssid_len);
360 __field(bool, hidden_ssid); 357 __field(bool, hidden_ssid);
361 __field(int, txpower) 358 __field(int, txpower)
362 __field(u8, p2p_ctwindow) 359 __field(u8, p2p_oppps_ctwindow)
363 __field(bool, p2p_oppps)
364 ), 360 ),
365 361
366 TP_fast_assign( 362 TP_fast_assign(
@@ -400,8 +396,7 @@ TRACE_EVENT(drv_bss_info_changed,
400 memcpy(__get_dynamic_array(ssid), info->ssid, info->ssid_len); 396 memcpy(__get_dynamic_array(ssid), info->ssid, info->ssid_len);
401 __entry->hidden_ssid = info->hidden_ssid; 397 __entry->hidden_ssid = info->hidden_ssid;
402 __entry->txpower = info->txpower; 398 __entry->txpower = info->txpower;
403 __entry->p2p_ctwindow = info->p2p_ctwindow; 399 __entry->p2p_oppps_ctwindow = info->p2p_noa_attr.oppps_ctwindow;
404 __entry->p2p_oppps = info->p2p_oppps;
405 ), 400 ),
406 401
407 TP_printk( 402 TP_printk(
@@ -995,23 +990,23 @@ TRACE_EVENT(drv_channel_switch,
995 990
996 TP_STRUCT__entry( 991 TP_STRUCT__entry(
997 LOCAL_ENTRY 992 LOCAL_ENTRY
993 CHANDEF_ENTRY
998 __field(u64, timestamp) 994 __field(u64, timestamp)
999 __field(bool, block_tx) 995 __field(bool, block_tx)
1000 __field(u16, freq)
1001 __field(u8, count) 996 __field(u8, count)
1002 ), 997 ),
1003 998
1004 TP_fast_assign( 999 TP_fast_assign(
1005 LOCAL_ASSIGN; 1000 LOCAL_ASSIGN;
1001 CHANDEF_ASSIGN(&ch_switch->chandef)
1006 __entry->timestamp = ch_switch->timestamp; 1002 __entry->timestamp = ch_switch->timestamp;
1007 __entry->block_tx = ch_switch->block_tx; 1003 __entry->block_tx = ch_switch->block_tx;
1008 __entry->freq = ch_switch->channel->center_freq;
1009 __entry->count = ch_switch->count; 1004 __entry->count = ch_switch->count;
1010 ), 1005 ),
1011 1006
1012 TP_printk( 1007 TP_printk(
1013 LOCAL_PR_FMT " new freq:%u count:%d", 1008 LOCAL_PR_FMT " new " CHANDEF_PR_FMT " count:%d",
1014 LOCAL_PR_ARG, __entry->freq, __entry->count 1009 LOCAL_PR_ARG, CHANDEF_PR_ARG, __entry->count
1015 ) 1010 )
1016); 1011);
1017 1012
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 9e67cc97b87b..9972e07a2f96 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -48,15 +48,15 @@ static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
48 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 48 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
49 49
50 /* assume HW handles this */ 50 /* assume HW handles this */
51 if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS) 51 if (tx->rate.flags & IEEE80211_TX_RC_MCS)
52 return 0; 52 return 0;
53 53
54 /* uh huh? */ 54 /* uh huh? */
55 if (WARN_ON_ONCE(info->control.rates[0].idx < 0)) 55 if (WARN_ON_ONCE(tx->rate.idx < 0))
56 return 0; 56 return 0;
57 57
58 sband = local->hw.wiphy->bands[info->band]; 58 sband = local->hw.wiphy->bands[info->band];
59 txrate = &sband->bitrates[info->control.rates[0].idx]; 59 txrate = &sband->bitrates[tx->rate.idx];
60 60
61 erp = txrate->flags & IEEE80211_RATE_ERP_G; 61 erp = txrate->flags & IEEE80211_RATE_ERP_G;
62 62
@@ -617,11 +617,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
617 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 617 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
618 struct ieee80211_hdr *hdr = (void *)tx->skb->data; 618 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
619 struct ieee80211_supported_band *sband; 619 struct ieee80211_supported_band *sband;
620 struct ieee80211_rate *rate;
621 int i;
622 u32 len; 620 u32 len;
623 bool inval = false, rts = false, short_preamble = false;
624 struct ieee80211_tx_rate_control txrc; 621 struct ieee80211_tx_rate_control txrc;
622 struct ieee80211_sta_rates *ratetbl = NULL;
625 bool assoc = false; 623 bool assoc = false;
626 624
627 memset(&txrc, 0, sizeof(txrc)); 625 memset(&txrc, 0, sizeof(txrc));
@@ -642,18 +640,23 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
642 txrc.max_rate_idx = -1; 640 txrc.max_rate_idx = -1;
643 else 641 else
644 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 642 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
645 memcpy(txrc.rate_idx_mcs_mask, 643
646 tx->sdata->rc_rateidx_mcs_mask[info->band], 644 if (tx->sdata->rc_has_mcs_mask[info->band])
647 sizeof(txrc.rate_idx_mcs_mask)); 645 txrc.rate_idx_mcs_mask =
646 tx->sdata->rc_rateidx_mcs_mask[info->band];
647
648 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || 648 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
649 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 649 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
650 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC); 650 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
651 651
652 /* set up RTS protection if desired */ 652 /* set up RTS protection if desired */
653 if (len > tx->local->hw.wiphy->rts_threshold) { 653 if (len > tx->local->hw.wiphy->rts_threshold) {
654 txrc.rts = rts = true; 654 txrc.rts = true;
655 } 655 }
656 656
657 info->control.use_rts = txrc.rts;
658 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
659
657 /* 660 /*
658 * Use short preamble if the BSS can handle it, but not for 661 * Use short preamble if the BSS can handle it, but not for
659 * management frames unless we know the receiver can handle 662 * management frames unless we know the receiver can handle
@@ -663,7 +666,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
663 if (tx->sdata->vif.bss_conf.use_short_preamble && 666 if (tx->sdata->vif.bss_conf.use_short_preamble &&
664 (ieee80211_is_data(hdr->frame_control) || 667 (ieee80211_is_data(hdr->frame_control) ||
665 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE)))) 668 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
666 txrc.short_preamble = short_preamble = true; 669 txrc.short_preamble = true;
670
671 info->control.short_preamble = txrc.short_preamble;
667 672
668 if (tx->sta) 673 if (tx->sta)
669 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC); 674 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
@@ -687,16 +692,38 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
687 */ 692 */
688 rate_control_get_rate(tx->sdata, tx->sta, &txrc); 693 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
689 694
690 if (unlikely(info->control.rates[0].idx < 0)) 695 if (tx->sta && !info->control.skip_table)
691 return TX_DROP; 696 ratetbl = rcu_dereference(tx->sta->sta.rates);
697
698 if (unlikely(info->control.rates[0].idx < 0)) {
699 if (ratetbl) {
700 struct ieee80211_tx_rate rate = {
701 .idx = ratetbl->rate[0].idx,
702 .flags = ratetbl->rate[0].flags,
703 .count = ratetbl->rate[0].count
704 };
705
706 if (ratetbl->rate[0].idx < 0)
707 return TX_DROP;
708
709 tx->rate = rate;
710 } else {
711 return TX_DROP;
712 }
713 } else {
714 tx->rate = info->control.rates[0];
715 }
692 716
693 if (txrc.reported_rate.idx < 0) { 717 if (txrc.reported_rate.idx < 0) {
694 txrc.reported_rate = info->control.rates[0]; 718 txrc.reported_rate = tx->rate;
695 if (tx->sta && ieee80211_is_data(hdr->frame_control)) 719 if (tx->sta && ieee80211_is_data(hdr->frame_control))
696 tx->sta->last_tx_rate = txrc.reported_rate; 720 tx->sta->last_tx_rate = txrc.reported_rate;
697 } else if (tx->sta) 721 } else if (tx->sta)
698 tx->sta->last_tx_rate = txrc.reported_rate; 722 tx->sta->last_tx_rate = txrc.reported_rate;
699 723
724 if (ratetbl)
725 return TX_CONTINUE;
726
700 if (unlikely(!info->control.rates[0].count)) 727 if (unlikely(!info->control.rates[0].count))
701 info->control.rates[0].count = 1; 728 info->control.rates[0].count = 1;
702 729
@@ -704,91 +731,6 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
704 (info->flags & IEEE80211_TX_CTL_NO_ACK))) 731 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
705 info->control.rates[0].count = 1; 732 info->control.rates[0].count = 1;
706 733
707 if (is_multicast_ether_addr(hdr->addr1)) {
708 /*
709 * XXX: verify the rate is in the basic rateset
710 */
711 return TX_CONTINUE;
712 }
713
714 /*
715 * set up the RTS/CTS rate as the fastest basic rate
716 * that is not faster than the data rate
717 *
718 * XXX: Should this check all retry rates?
719 */
720 if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
721 s8 baserate = 0;
722
723 rate = &sband->bitrates[info->control.rates[0].idx];
724
725 for (i = 0; i < sband->n_bitrates; i++) {
726 /* must be a basic rate */
727 if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
728 continue;
729 /* must not be faster than the data rate */
730 if (sband->bitrates[i].bitrate > rate->bitrate)
731 continue;
732 /* maximum */
733 if (sband->bitrates[baserate].bitrate <
734 sband->bitrates[i].bitrate)
735 baserate = i;
736 }
737
738 info->control.rts_cts_rate_idx = baserate;
739 }
740
741 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
742 /*
743 * make sure there's no valid rate following
744 * an invalid one, just in case drivers don't
745 * take the API seriously to stop at -1.
746 */
747 if (inval) {
748 info->control.rates[i].idx = -1;
749 continue;
750 }
751 if (info->control.rates[i].idx < 0) {
752 inval = true;
753 continue;
754 }
755
756 /*
757 * For now assume MCS is already set up correctly, this
758 * needs to be fixed.
759 */
760 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
761 WARN_ON(info->control.rates[i].idx > 76);
762 continue;
763 }
764
765 /* set up RTS protection if desired */
766 if (rts)
767 info->control.rates[i].flags |=
768 IEEE80211_TX_RC_USE_RTS_CTS;
769
770 /* RC is busted */
771 if (WARN_ON_ONCE(info->control.rates[i].idx >=
772 sband->n_bitrates)) {
773 info->control.rates[i].idx = -1;
774 continue;
775 }
776
777 rate = &sband->bitrates[info->control.rates[i].idx];
778
779 /* set up short preamble */
780 if (short_preamble &&
781 rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
782 info->control.rates[i].flags |=
783 IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
784
785 /* set up G protection */
786 if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
787 rate->flags & IEEE80211_RATE_ERP_G)
788 info->control.rates[i].flags |=
789 IEEE80211_TX_RC_USE_CTS_PROTECT;
790 }
791
792 return TX_CONTINUE; 734 return TX_CONTINUE;
793} 735}
794 736
@@ -1709,7 +1651,7 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1709 if (chanctx_conf) 1651 if (chanctx_conf)
1710 chan = chanctx_conf->def.chan; 1652 chan = chanctx_conf->def.chan;
1711 else if (!local->use_chanctx) 1653 else if (!local->use_chanctx)
1712 chan = local->_oper_channel; 1654 chan = local->_oper_chandef.chan;
1713 else 1655 else
1714 goto fail_rcu; 1656 goto fail_rcu;
1715 1657
@@ -1843,7 +1785,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1843 * This is the exception! WDS style interfaces are prohibited 1785 * This is the exception! WDS style interfaces are prohibited
1844 * when channel contexts are in used so this must be valid 1786 * when channel contexts are in used so this must be valid
1845 */ 1787 */
1846 band = local->hw.conf.channel->band; 1788 band = local->hw.conf.chandef.chan->band;
1847 break; 1789 break;
1848#ifdef CONFIG_MAC80211_MESH 1790#ifdef CONFIG_MAC80211_MESH
1849 case NL80211_IFTYPE_MESH_POINT: 1791 case NL80211_IFTYPE_MESH_POINT:
@@ -2442,14 +2384,17 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2442 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) { 2384 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
2443 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 2385 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
2444 struct ieee80211_hdr *hdr; 2386 struct ieee80211_hdr *hdr;
2445 struct sk_buff *presp = rcu_dereference(ifibss->presp); 2387 struct beacon_data *presp = rcu_dereference(ifibss->presp);
2446 2388
2447 if (!presp) 2389 if (!presp)
2448 goto out; 2390 goto out;
2449 2391
2450 skb = skb_copy(presp, GFP_ATOMIC); 2392 skb = dev_alloc_skb(local->tx_headroom + presp->head_len);
2451 if (!skb) 2393 if (!skb)
2452 goto out; 2394 goto out;
2395 skb_reserve(skb, local->tx_headroom);
2396 memcpy(skb_put(skb, presp->head_len), presp->head,
2397 presp->head_len);
2453 2398
2454 hdr = (struct ieee80211_hdr *) skb->data; 2399 hdr = (struct ieee80211_hdr *) skb->data;
2455 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 2400 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
@@ -2499,8 +2444,6 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2499 txrc.max_rate_idx = -1; 2444 txrc.max_rate_idx = -1;
2500 else 2445 else
2501 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 2446 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2502 memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band],
2503 sizeof(txrc.rate_idx_mcs_mask));
2504 txrc.bss = true; 2447 txrc.bss = true;
2505 rate_control_get_rate(sdata, NULL, &txrc); 2448 rate_control_get_rate(sdata, NULL, &txrc);
2506 2449
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index a7368870c8ee..3f87fa468b1f 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -485,7 +485,8 @@ int ieee80211_queue_stopped(struct ieee80211_hw *hw, int queue)
485 return true; 485 return true;
486 486
487 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 487 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
488 ret = !!local->queue_stop_reasons[queue]; 488 ret = test_bit(IEEE80211_QUEUE_STOP_REASON_DRIVER,
489 &local->queue_stop_reasons[queue]);
489 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 490 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
490 return ret; 491 return ret;
491} 492}
@@ -660,7 +661,7 @@ void ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
660} 661}
661EXPORT_SYMBOL(ieee80211_queue_delayed_work); 662EXPORT_SYMBOL(ieee80211_queue_delayed_work);
662 663
663u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, 664u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action,
664 struct ieee802_11_elems *elems, 665 struct ieee802_11_elems *elems,
665 u64 filter, u32 crc) 666 u64 filter, u32 crc)
666{ 667{
@@ -668,6 +669,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
668 u8 *pos = start; 669 u8 *pos = start;
669 bool calc_crc = filter != 0; 670 bool calc_crc = filter != 0;
670 DECLARE_BITMAP(seen_elems, 256); 671 DECLARE_BITMAP(seen_elems, 256);
672 const u8 *ie;
671 673
672 bitmap_zero(seen_elems, 256); 674 bitmap_zero(seen_elems, 256);
673 memset(elems, 0, sizeof(*elems)); 675 memset(elems, 0, sizeof(*elems));
@@ -715,6 +717,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
715 case WLAN_EID_COUNTRY: 717 case WLAN_EID_COUNTRY:
716 case WLAN_EID_PWR_CONSTRAINT: 718 case WLAN_EID_PWR_CONSTRAINT:
717 case WLAN_EID_TIMEOUT_INTERVAL: 719 case WLAN_EID_TIMEOUT_INTERVAL:
720 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
721 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
722 /*
723 * not listing WLAN_EID_CHANNEL_SWITCH_WRAPPER -- it seems possible
724 * that if the content gets bigger it might be needed more than once
725 */
718 if (test_bit(id, seen_elems)) { 726 if (test_bit(id, seen_elems)) {
719 elems->parse_error = true; 727 elems->parse_error = true;
720 left -= elen; 728 left -= elen;
@@ -738,17 +746,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
738 elems->supp_rates = pos; 746 elems->supp_rates = pos;
739 elems->supp_rates_len = elen; 747 elems->supp_rates_len = elen;
740 break; 748 break;
741 case WLAN_EID_FH_PARAMS:
742 elems->fh_params = pos;
743 elems->fh_params_len = elen;
744 break;
745 case WLAN_EID_DS_PARAMS: 749 case WLAN_EID_DS_PARAMS:
746 elems->ds_params = pos; 750 if (elen >= 1)
747 elems->ds_params_len = elen; 751 elems->ds_params = pos;
748 break; 752 else
749 case WLAN_EID_CF_PARAMS: 753 elem_parse_failed = true;
750 elems->cf_params = pos;
751 elems->cf_params_len = elen;
752 break; 754 break;
753 case WLAN_EID_TIM: 755 case WLAN_EID_TIM:
754 if (elen >= sizeof(struct ieee80211_tim_ie)) { 756 if (elen >= sizeof(struct ieee80211_tim_ie)) {
@@ -757,10 +759,6 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
757 } else 759 } else
758 elem_parse_failed = true; 760 elem_parse_failed = true;
759 break; 761 break;
760 case WLAN_EID_IBSS_PARAMS:
761 elems->ibss_params = pos;
762 elems->ibss_params_len = elen;
763 break;
764 case WLAN_EID_CHALLENGE: 762 case WLAN_EID_CHALLENGE:
765 elems->challenge = pos; 763 elems->challenge = pos;
766 elems->challenge_len = elen; 764 elems->challenge_len = elen;
@@ -790,8 +788,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
790 elems->rsn_len = elen; 788 elems->rsn_len = elen;
791 break; 789 break;
792 case WLAN_EID_ERP_INFO: 790 case WLAN_EID_ERP_INFO:
793 elems->erp_info = pos; 791 if (elen >= 1)
794 elems->erp_info_len = elen; 792 elems->erp_info = pos;
793 else
794 elem_parse_failed = true;
795 break; 795 break;
796 case WLAN_EID_EXT_SUPP_RATES: 796 case WLAN_EID_EXT_SUPP_RATES:
797 elems->ext_supp_rates = pos; 797 elems->ext_supp_rates = pos;
@@ -870,12 +870,47 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
870 } 870 }
871 elems->ch_switch_ie = (void *)pos; 871 elems->ch_switch_ie = (void *)pos;
872 break; 872 break;
873 case WLAN_EID_QUIET: 873 case WLAN_EID_EXT_CHANSWITCH_ANN:
874 if (!elems->quiet_elem) { 874 if (elen != sizeof(struct ieee80211_ext_chansw_ie)) {
875 elems->quiet_elem = pos; 875 elem_parse_failed = true;
876 elems->quiet_elem_len = elen; 876 break;
877 }
878 elems->ext_chansw_ie = (void *)pos;
879 break;
880 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
881 if (elen != sizeof(struct ieee80211_sec_chan_offs_ie)) {
882 elem_parse_failed = true;
883 break;
884 }
885 elems->sec_chan_offs = (void *)pos;
886 break;
887 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
888 if (!action ||
889 elen != sizeof(*elems->wide_bw_chansw_ie)) {
890 elem_parse_failed = true;
891 break;
892 }
893 elems->wide_bw_chansw_ie = (void *)pos;
894 break;
895 case WLAN_EID_CHANNEL_SWITCH_WRAPPER:
896 if (action) {
897 elem_parse_failed = true;
898 break;
899 }
900 /*
901 * This is a bit tricky, but as we only care about
902 * the wide bandwidth channel switch element, so
903 * just parse it out manually.
904 */
905 ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH,
906 pos, elen);
907 if (ie) {
908 if (ie[1] == sizeof(*elems->wide_bw_chansw_ie))
909 elems->wide_bw_chansw_ie =
910 (void *)(ie + 2);
911 else
912 elem_parse_failed = true;
877 } 913 }
878 elems->num_of_quiet_elem++;
879 break; 914 break;
880 case WLAN_EID_COUNTRY: 915 case WLAN_EID_COUNTRY:
881 elems->country_elem = pos; 916 elems->country_elem = pos;
@@ -889,8 +924,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
889 elems->pwr_constr_elem = pos; 924 elems->pwr_constr_elem = pos;
890 break; 925 break;
891 case WLAN_EID_TIMEOUT_INTERVAL: 926 case WLAN_EID_TIMEOUT_INTERVAL:
892 elems->timeout_int = pos; 927 if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
893 elems->timeout_int_len = elen; 928 elems->timeout_int = (void *)pos;
929 else
930 elem_parse_failed = true;
894 break; 931 break;
895 default: 932 default:
896 break; 933 break;
@@ -911,12 +948,6 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
911 return crc; 948 return crc;
912} 949}
913 950
914void ieee802_11_parse_elems(u8 *start, size_t len,
915 struct ieee802_11_elems *elems)
916{
917 ieee802_11_parse_elems_crc(start, len, elems, 0, 0);
918}
919
920void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata, 951void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
921 bool bss_notify) 952 bool bss_notify)
922{ 953{
@@ -1474,6 +1505,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1474 /* add interfaces */ 1505 /* add interfaces */
1475 sdata = rtnl_dereference(local->monitor_sdata); 1506 sdata = rtnl_dereference(local->monitor_sdata);
1476 if (sdata) { 1507 if (sdata) {
1508 /* in HW restart it exists already */
1509 WARN_ON(local->resuming);
1477 res = drv_add_interface(local, sdata); 1510 res = drv_add_interface(local, sdata);
1478 if (WARN_ON(res)) { 1511 if (WARN_ON(res)) {
1479 rcu_assign_pointer(local->monitor_sdata, NULL); 1512 rcu_assign_pointer(local->monitor_sdata, NULL);
@@ -1663,6 +1696,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1663 local->in_reconfig = false; 1696 local->in_reconfig = false;
1664 barrier(); 1697 barrier();
1665 1698
1699 if (local->monitors == local->open_count && local->monitors > 0)
1700 ieee80211_add_virtual_monitor(local);
1701
1666 /* 1702 /*
1667 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation 1703 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation
1668 * sessions can be established after a resume. 1704 * sessions can be established after a resume.
@@ -2056,7 +2092,7 @@ int ieee80211_ave_rssi(struct ieee80211_vif *vif)
2056 /* non-managed type inferfaces */ 2092 /* non-managed type inferfaces */
2057 return 0; 2093 return 0;
2058 } 2094 }
2059 return ifmgd->ave_beacon_signal; 2095 return ifmgd->ave_beacon_signal / 16;
2060} 2096}
2061EXPORT_SYMBOL_GPL(ieee80211_ave_rssi); 2097EXPORT_SYMBOL_GPL(ieee80211_ave_rssi);
2062 2098
@@ -2171,8 +2207,7 @@ void ieee80211_dfs_radar_detected_work(struct work_struct *work)
2171 /* currently not handled */ 2207 /* currently not handled */
2172 WARN_ON(1); 2208 WARN_ON(1);
2173 else { 2209 else {
2174 cfg80211_chandef_create(&chandef, local->hw.conf.channel, 2210 chandef = local->hw.conf.chandef;
2175 local->hw.conf.channel_type);
2176 cfg80211_radar_event(local->hw.wiphy, &chandef, GFP_KERNEL); 2211 cfg80211_radar_event(local->hw.wiphy, &chandef, GFP_KERNEL);
2177 } 2212 }
2178} 2213}
diff --git a/net/nfc/core.c b/net/nfc/core.c
index 6ceee8e181ca..40d2527693da 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -27,6 +27,7 @@
27#include <linux/kernel.h> 27#include <linux/kernel.h>
28#include <linux/module.h> 28#include <linux/module.h>
29#include <linux/slab.h> 29#include <linux/slab.h>
30#include <linux/rfkill.h>
30#include <linux/nfc.h> 31#include <linux/nfc.h>
31 32
32#include <net/genetlink.h> 33#include <net/genetlink.h>
@@ -58,6 +59,11 @@ int nfc_dev_up(struct nfc_dev *dev)
58 59
59 device_lock(&dev->dev); 60 device_lock(&dev->dev);
60 61
62 if (dev->rfkill && rfkill_blocked(dev->rfkill)) {
63 rc = -ERFKILL;
64 goto error;
65 }
66
61 if (!device_is_registered(&dev->dev)) { 67 if (!device_is_registered(&dev->dev)) {
62 rc = -ENODEV; 68 rc = -ENODEV;
63 goto error; 69 goto error;
@@ -117,6 +123,24 @@ error:
117 return rc; 123 return rc;
118} 124}
119 125
126static int nfc_rfkill_set_block(void *data, bool blocked)
127{
128 struct nfc_dev *dev = data;
129
130 pr_debug("%s blocked %d", dev_name(&dev->dev), blocked);
131
132 if (!blocked)
133 return 0;
134
135 nfc_dev_down(dev);
136
137 return 0;
138}
139
140static const struct rfkill_ops nfc_rfkill_ops = {
141 .set_block = nfc_rfkill_set_block,
142};
143
120/** 144/**
121 * nfc_start_poll - start polling for nfc targets 145 * nfc_start_poll - start polling for nfc targets
122 * 146 *
@@ -143,6 +167,11 @@ int nfc_start_poll(struct nfc_dev *dev, u32 im_protocols, u32 tm_protocols)
143 goto error; 167 goto error;
144 } 168 }
145 169
170 if (!dev->dev_up) {
171 rc = -ENODEV;
172 goto error;
173 }
174
146 if (dev->polling) { 175 if (dev->polling) {
147 rc = -EBUSY; 176 rc = -EBUSY;
148 goto error; 177 goto error;
@@ -835,6 +864,15 @@ int nfc_register_device(struct nfc_dev *dev)
835 pr_debug("The userspace won't be notified that the device %s was added\n", 864 pr_debug("The userspace won't be notified that the device %s was added\n",
836 dev_name(&dev->dev)); 865 dev_name(&dev->dev));
837 866
867 dev->rfkill = rfkill_alloc(dev_name(&dev->dev), &dev->dev,
868 RFKILL_TYPE_NFC, &nfc_rfkill_ops, dev);
869 if (dev->rfkill) {
870 if (rfkill_register(dev->rfkill) < 0) {
871 rfkill_destroy(dev->rfkill);
872 dev->rfkill = NULL;
873 }
874 }
875
838 return 0; 876 return 0;
839} 877}
840EXPORT_SYMBOL(nfc_register_device); 878EXPORT_SYMBOL(nfc_register_device);
@@ -852,6 +890,11 @@ void nfc_unregister_device(struct nfc_dev *dev)
852 890
853 id = dev->idx; 891 id = dev->idx;
854 892
893 if (dev->rfkill) {
894 rfkill_unregister(dev->rfkill);
895 rfkill_destroy(dev->rfkill);
896 }
897
855 if (dev->ops->check_presence) { 898 if (dev->ops->check_presence) {
856 device_lock(&dev->dev); 899 device_lock(&dev->dev);
857 dev->shutting_down = true; 900 dev->shutting_down = true;
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c
index b75a9b3f9e89..094f7e27e910 100644
--- a/net/nfc/llcp/commands.c
+++ b/net/nfc/llcp/commands.c
@@ -420,7 +420,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
420 } 420 }
421 421
422 /* If the socket parameters are not set, use the local ones */ 422 /* If the socket parameters are not set, use the local ones */
423 miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; 423 miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ?
424 local->miux : sock->miux;
424 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; 425 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw;
425 426
426 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, 427 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
@@ -475,7 +476,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
475 return -ENODEV; 476 return -ENODEV;
476 477
477 /* If the socket parameters are not set, use the local ones */ 478 /* If the socket parameters are not set, use the local ones */
478 miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; 479 miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ?
480 local->miux : sock->miux;
479 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; 481 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw;
480 482
481 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, 483 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
@@ -656,6 +658,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
656 struct nfc_llcp_local *local; 658 struct nfc_llcp_local *local;
657 size_t frag_len = 0, remaining_len; 659 size_t frag_len = 0, remaining_len;
658 u8 *msg_data, *msg_ptr; 660 u8 *msg_data, *msg_ptr;
661 u16 remote_miu;
659 662
660 pr_debug("Send I frame len %zd\n", len); 663 pr_debug("Send I frame len %zd\n", len);
661 664
@@ -692,9 +695,11 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
692 remaining_len = len; 695 remaining_len = len;
693 msg_ptr = msg_data; 696 msg_ptr = msg_data;
694 697
695 while (remaining_len > 0) { 698 do {
699 remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
700 local->remote_miu : sock->remote_miu;
696 701
697 frag_len = min_t(size_t, sock->remote_miu, remaining_len); 702 frag_len = min_t(size_t, remote_miu, remaining_len);
698 703
699 pr_debug("Fragment %zd bytes remaining %zd", 704 pr_debug("Fragment %zd bytes remaining %zd",
700 frag_len, remaining_len); 705 frag_len, remaining_len);
@@ -706,7 +711,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
706 711
707 skb_put(pdu, LLCP_SEQUENCE_SIZE); 712 skb_put(pdu, LLCP_SEQUENCE_SIZE);
708 713
709 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); 714 if (likely(frag_len > 0))
715 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
710 716
711 skb_queue_tail(&sock->tx_queue, pdu); 717 skb_queue_tail(&sock->tx_queue, pdu);
712 718
@@ -718,7 +724,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
718 724
719 remaining_len -= frag_len; 725 remaining_len -= frag_len;
720 msg_ptr += frag_len; 726 msg_ptr += frag_len;
721 } 727 } while (remaining_len > 0);
722 728
723 kfree(msg_data); 729 kfree(msg_data);
724 730
@@ -732,6 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
732 struct nfc_llcp_local *local; 738 struct nfc_llcp_local *local;
733 size_t frag_len = 0, remaining_len; 739 size_t frag_len = 0, remaining_len;
734 u8 *msg_ptr, *msg_data; 740 u8 *msg_ptr, *msg_data;
741 u16 remote_miu;
735 int err; 742 int err;
736 743
737 pr_debug("Send UI frame len %zd\n", len); 744 pr_debug("Send UI frame len %zd\n", len);
@@ -752,9 +759,11 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
752 remaining_len = len; 759 remaining_len = len;
753 msg_ptr = msg_data; 760 msg_ptr = msg_data;
754 761
755 while (remaining_len > 0) { 762 do {
763 remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
764 local->remote_miu : sock->remote_miu;
756 765
757 frag_len = min_t(size_t, sock->remote_miu, remaining_len); 766 frag_len = min_t(size_t, remote_miu, remaining_len);
758 767
759 pr_debug("Fragment %zd bytes remaining %zd", 768 pr_debug("Fragment %zd bytes remaining %zd",
760 frag_len, remaining_len); 769 frag_len, remaining_len);
@@ -768,14 +777,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
768 777
769 pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); 778 pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
770 779
771 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); 780 if (likely(frag_len > 0))
781 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
772 782
773 /* No need to check for the peer RW for UI frames */ 783 /* No need to check for the peer RW for UI frames */
774 skb_queue_tail(&local->tx_queue, pdu); 784 skb_queue_tail(&local->tx_queue, pdu);
775 785
776 remaining_len -= frag_len; 786 remaining_len -= frag_len;
777 msg_ptr += frag_len; 787 msg_ptr += frag_len;
778 } 788 } while (remaining_len > 0);
779 789
780 kfree(msg_data); 790 kfree(msg_data);
781 791
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index 7de0368aff0c..9e483c8e52f8 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -31,6 +31,8 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
31 31
32static struct list_head llcp_devices; 32static struct list_head llcp_devices;
33 33
34static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb);
35
34void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) 36void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk)
35{ 37{
36 write_lock(&l->lock); 38 write_lock(&l->lock);
@@ -45,6 +47,12 @@ void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
45 write_unlock(&l->lock); 47 write_unlock(&l->lock);
46} 48}
47 49
50void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock)
51{
52 sock->remote_rw = LLCP_DEFAULT_RW;
53 sock->remote_miu = LLCP_MAX_MIU + 1;
54}
55
48static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) 56static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
49{ 57{
50 struct nfc_llcp_local *local = sock->local; 58 struct nfc_llcp_local *local = sock->local;
@@ -68,7 +76,7 @@ static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
68 } 76 }
69} 77}
70 78
71static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, 79static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device,
72 int err) 80 int err)
73{ 81{
74 struct sock *sk; 82 struct sock *sk;
@@ -108,21 +116,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
108 116
109 bh_unlock_sock(accept_sk); 117 bh_unlock_sock(accept_sk);
110 } 118 }
111
112 if (listen == true) {
113 bh_unlock_sock(sk);
114 continue;
115 }
116 }
117
118 /*
119 * If we have a connection less socket bound, we keep it alive
120 * if the device is still present.
121 */
122 if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM &&
123 listen == true) {
124 bh_unlock_sock(sk);
125 continue;
126 } 119 }
127 120
128 if (err) 121 if (err)
@@ -137,11 +130,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
137 130
138 write_unlock(&local->sockets.lock); 131 write_unlock(&local->sockets.lock);
139 132
140 /* 133 /* If we still have a device, we keep the RAW sockets alive */
141 * If we want to keep the listening sockets alive, 134 if (device == true)
142 * we don't touch the RAW ones.
143 */
144 if (listen == true)
145 return; 135 return;
146 136
147 write_lock(&local->raw_sockets.lock); 137 write_lock(&local->raw_sockets.lock);
@@ -173,9 +163,9 @@ struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
173 return local; 163 return local;
174} 164}
175 165
176static void local_cleanup(struct nfc_llcp_local *local, bool listen) 166static void local_cleanup(struct nfc_llcp_local *local)
177{ 167{
178 nfc_llcp_socket_release(local, listen, ENXIO); 168 nfc_llcp_socket_release(local, false, ENXIO);
179 del_timer_sync(&local->link_timer); 169 del_timer_sync(&local->link_timer);
180 skb_queue_purge(&local->tx_queue); 170 skb_queue_purge(&local->tx_queue);
181 cancel_work_sync(&local->tx_work); 171 cancel_work_sync(&local->tx_work);
@@ -194,7 +184,7 @@ static void local_release(struct kref *ref)
194 local = container_of(ref, struct nfc_llcp_local, ref); 184 local = container_of(ref, struct nfc_llcp_local, ref);
195 185
196 list_del(&local->list); 186 list_del(&local->list);
197 local_cleanup(local, false); 187 local_cleanup(local);
198 kfree(local); 188 kfree(local);
199} 189}
200 190
@@ -1116,6 +1106,12 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
1116 dsap = nfc_llcp_dsap(skb); 1106 dsap = nfc_llcp_dsap(skb);
1117 ssap = nfc_llcp_ssap(skb); 1107 ssap = nfc_llcp_ssap(skb);
1118 1108
1109 if ((dsap == 0) && (ssap == 0)) {
1110 pr_debug("Connection termination");
1111 nfc_dep_link_down(local->dev);
1112 return;
1113 }
1114
1119 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); 1115 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1120 if (llcp_sock == NULL) { 1116 if (llcp_sock == NULL) {
1121 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); 1117 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
@@ -1349,19 +1345,54 @@ exit:
1349 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); 1345 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len);
1350} 1346}
1351 1347
1352static void nfc_llcp_rx_work(struct work_struct *work) 1348static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb)
1353{ 1349{
1354 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 1350 u8 ptype;
1355 rx_work); 1351 u16 pdu_len;
1356 u8 dsap, ssap, ptype; 1352 struct sk_buff *new_skb;
1357 struct sk_buff *skb;
1358 1353
1359 skb = local->rx_pending; 1354 if (skb->len <= LLCP_HEADER_SIZE) {
1360 if (skb == NULL) { 1355 pr_err("Malformed AGF PDU\n");
1361 pr_debug("No pending SKB\n");
1362 return; 1356 return;
1363 } 1357 }
1364 1358
1359 skb_pull(skb, LLCP_HEADER_SIZE);
1360
1361 while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) {
1362 pdu_len = skb->data[0] << 8 | skb->data[1];
1363
1364 skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE);
1365
1366 if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) {
1367 pr_err("Malformed AGF PDU\n");
1368 return;
1369 }
1370
1371 ptype = nfc_llcp_ptype(skb);
1372
1373 if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF)
1374 goto next;
1375
1376 new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL);
1377 if (new_skb == NULL) {
1378 pr_err("Could not allocate PDU\n");
1379 return;
1380 }
1381
1382 memcpy(skb_put(new_skb, pdu_len), skb->data, pdu_len);
1383
1384 nfc_llcp_rx_skb(local, new_skb);
1385
1386 kfree_skb(new_skb);
1387next:
1388 skb_pull(skb, pdu_len);
1389 }
1390}
1391
1392static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb)
1393{
1394 u8 dsap, ssap, ptype;
1395
1365 ptype = nfc_llcp_ptype(skb); 1396 ptype = nfc_llcp_ptype(skb);
1366 dsap = nfc_llcp_dsap(skb); 1397 dsap = nfc_llcp_dsap(skb);
1367 ssap = nfc_llcp_ssap(skb); 1398 ssap = nfc_llcp_ssap(skb);
@@ -1372,10 +1403,6 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1372 print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, 1403 print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET,
1373 16, 1, skb->data, skb->len, true); 1404 16, 1, skb->data, skb->len, true);
1374 1405
1375 __net_timestamp(skb);
1376
1377 nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX);
1378
1379 switch (ptype) { 1406 switch (ptype) {
1380 case LLCP_PDU_SYMM: 1407 case LLCP_PDU_SYMM:
1381 pr_debug("SYMM\n"); 1408 pr_debug("SYMM\n");
@@ -1418,7 +1445,30 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1418 nfc_llcp_recv_hdlc(local, skb); 1445 nfc_llcp_recv_hdlc(local, skb);
1419 break; 1446 break;
1420 1447
1448 case LLCP_PDU_AGF:
1449 pr_debug("AGF frame\n");
1450 nfc_llcp_recv_agf(local, skb);
1451 break;
1421 } 1452 }
1453}
1454
1455static void nfc_llcp_rx_work(struct work_struct *work)
1456{
1457 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
1458 rx_work);
1459 struct sk_buff *skb;
1460
1461 skb = local->rx_pending;
1462 if (skb == NULL) {
1463 pr_debug("No pending SKB\n");
1464 return;
1465 }
1466
1467 __net_timestamp(skb);
1468
1469 nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX);
1470
1471 nfc_llcp_rx_skb(local, skb);
1422 1472
1423 schedule_work(&local->tx_work); 1473 schedule_work(&local->tx_work);
1424 kfree_skb(local->rx_pending); 1474 kfree_skb(local->rx_pending);
@@ -1466,6 +1516,9 @@ void nfc_llcp_mac_is_down(struct nfc_dev *dev)
1466 if (local == NULL) 1516 if (local == NULL)
1467 return; 1517 return;
1468 1518
1519 local->remote_miu = LLCP_DEFAULT_MIU;
1520 local->remote_lto = LLCP_DEFAULT_LTO;
1521
1469 /* Close and purge all existing sockets */ 1522 /* Close and purge all existing sockets */
1470 nfc_llcp_socket_release(local, true, 0); 1523 nfc_llcp_socket_release(local, true, 0);
1471} 1524}
@@ -1553,7 +1606,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev)
1553 return; 1606 return;
1554 } 1607 }
1555 1608
1556 local_cleanup(local, false); 1609 local_cleanup(local);
1557 1610
1558 nfc_llcp_local_put(local); 1611 nfc_llcp_local_put(local);
1559} 1612}
diff --git a/net/nfc/llcp/llcp.h b/net/nfc/llcp/llcp.h
index 7e87a66b02ec..ff8c434f7df8 100644
--- a/net/nfc/llcp/llcp.h
+++ b/net/nfc/llcp/llcp.h
@@ -31,6 +31,7 @@ enum llcp_state {
31#define LLCP_MAX_LTO 0xff 31#define LLCP_MAX_LTO 0xff
32#define LLCP_MAX_RW 15 32#define LLCP_MAX_RW 15
33#define LLCP_MAX_MIUX 0x7ff 33#define LLCP_MAX_MIUX 0x7ff
34#define LLCP_MAX_MIU (LLCP_MAX_MIUX + 128)
34 35
35#define LLCP_WKS_NUM_SAP 16 36#define LLCP_WKS_NUM_SAP 16
36#define LLCP_SDP_NUM_SAP 16 37#define LLCP_SDP_NUM_SAP 16
@@ -124,7 +125,7 @@ struct nfc_llcp_sock {
124 char *service_name; 125 char *service_name;
125 size_t service_name_len; 126 size_t service_name_len;
126 u8 rw; 127 u8 rw;
127 u16 miux; 128 __be16 miux;
128 129
129 130
130 /* Remote link parameters */ 131 /* Remote link parameters */
@@ -162,6 +163,7 @@ struct nfc_llcp_ui_cb {
162 163
163#define LLCP_HEADER_SIZE 2 164#define LLCP_HEADER_SIZE 2
164#define LLCP_SEQUENCE_SIZE 1 165#define LLCP_SEQUENCE_SIZE 1
166#define LLCP_AGF_PDU_HEADER_SIZE 2
165 167
166/* LLCP versions: 1.1 is 1.0 plus SDP */ 168/* LLCP versions: 1.1 is 1.0 plus SDP */
167#define LLCP_VERSION_10 0x10 169#define LLCP_VERSION_10 0x10
@@ -210,6 +212,7 @@ struct nfc_llcp_ui_cb {
210 212
211void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); 213void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s);
212void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); 214void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s);
215void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock);
213struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); 216struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev);
214struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); 217struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local);
215int nfc_llcp_local_put(struct nfc_llcp_local *local); 218int nfc_llcp_local_put(struct nfc_llcp_local *local);
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index c1101e6de170..d6faa47c9bba 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -279,7 +279,7 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname,
279 break; 279 break;
280 } 280 }
281 281
282 llcp_sock->miux = (u16) opt; 282 llcp_sock->miux = cpu_to_be16((u16) opt);
283 283
284 break; 284 break;
285 285
@@ -299,9 +299,12 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname,
299static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, 299static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname,
300 char __user *optval, int __user *optlen) 300 char __user *optval, int __user *optlen)
301{ 301{
302 struct nfc_llcp_local *local;
302 struct sock *sk = sock->sk; 303 struct sock *sk = sock->sk;
303 struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); 304 struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk);
304 int len, err = 0; 305 int len, err = 0;
306 u16 miux, remote_miu;
307 u8 rw;
305 308
306 pr_debug("%p optname %d\n", sk, optname); 309 pr_debug("%p optname %d\n", sk, optname);
307 310
@@ -311,19 +314,48 @@ static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname,
311 if (get_user(len, optlen)) 314 if (get_user(len, optlen))
312 return -EFAULT; 315 return -EFAULT;
313 316
317 local = llcp_sock->local;
318 if (!local)
319 return -ENODEV;
320
314 len = min_t(u32, len, sizeof(u32)); 321 len = min_t(u32, len, sizeof(u32));
315 322
316 lock_sock(sk); 323 lock_sock(sk);
317 324
318 switch (optname) { 325 switch (optname) {
319 case NFC_LLCP_RW: 326 case NFC_LLCP_RW:
320 if (put_user(llcp_sock->rw, (u32 __user *) optval)) 327 rw = llcp_sock->rw > LLCP_MAX_RW ? local->rw : llcp_sock->rw;
328 if (put_user(rw, (u32 __user *) optval))
321 err = -EFAULT; 329 err = -EFAULT;
322 330
323 break; 331 break;
324 332
325 case NFC_LLCP_MIUX: 333 case NFC_LLCP_MIUX:
326 if (put_user(llcp_sock->miux, (u32 __user *) optval)) 334 miux = be16_to_cpu(llcp_sock->miux) > LLCP_MAX_MIUX ?
335 be16_to_cpu(local->miux) : be16_to_cpu(llcp_sock->miux);
336
337 if (put_user(miux, (u32 __user *) optval))
338 err = -EFAULT;
339
340 break;
341
342 case NFC_LLCP_REMOTE_MIU:
343 remote_miu = llcp_sock->remote_miu > LLCP_MAX_MIU ?
344 local->remote_miu : llcp_sock->remote_miu;
345
346 if (put_user(remote_miu, (u32 __user *) optval))
347 err = -EFAULT;
348
349 break;
350
351 case NFC_LLCP_REMOTE_LTO:
352 if (put_user(local->remote_lto / 10, (u32 __user *) optval))
353 err = -EFAULT;
354
355 break;
356
357 case NFC_LLCP_REMOTE_RW:
358 if (put_user(llcp_sock->remote_rw, (u32 __user *) optval))
327 err = -EFAULT; 359 err = -EFAULT;
328 360
329 break; 361 break;
@@ -925,13 +957,12 @@ struct sock *nfc_llcp_sock_alloc(struct socket *sock, int type, gfp_t gfp)
925 llcp_sock->ssap = 0; 957 llcp_sock->ssap = 0;
926 llcp_sock->dsap = LLCP_SAP_SDP; 958 llcp_sock->dsap = LLCP_SAP_SDP;
927 llcp_sock->rw = LLCP_MAX_RW + 1; 959 llcp_sock->rw = LLCP_MAX_RW + 1;
928 llcp_sock->miux = LLCP_MAX_MIUX + 1; 960 llcp_sock->miux = cpu_to_be16(LLCP_MAX_MIUX + 1);
929 llcp_sock->remote_rw = LLCP_DEFAULT_RW;
930 llcp_sock->remote_miu = LLCP_DEFAULT_MIU;
931 llcp_sock->send_n = llcp_sock->send_ack_n = 0; 961 llcp_sock->send_n = llcp_sock->send_ack_n = 0;
932 llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; 962 llcp_sock->recv_n = llcp_sock->recv_ack_n = 0;
933 llcp_sock->remote_ready = 1; 963 llcp_sock->remote_ready = 1;
934 llcp_sock->reserved_ssap = LLCP_SAP_MAX; 964 llcp_sock->reserved_ssap = LLCP_SAP_MAX;
965 nfc_llcp_socket_remote_param_init(llcp_sock);
935 skb_queue_head_init(&llcp_sock->tx_queue); 966 skb_queue_head_init(&llcp_sock->tx_queue);
936 skb_queue_head_init(&llcp_sock->tx_pending_queue); 967 skb_queue_head_init(&llcp_sock->tx_pending_queue);
937 INIT_LIST_HEAD(&llcp_sock->accept_queue); 968 INIT_LIST_HEAD(&llcp_sock->accept_queue);
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 9b9be5279f5d..1cec5e4f3a5e 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -587,7 +587,7 @@ static ssize_t rfkill_name_show(struct device *dev,
587 587
588static const char *rfkill_get_type_str(enum rfkill_type type) 588static const char *rfkill_get_type_str(enum rfkill_type type)
589{ 589{
590 BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_FM + 1); 590 BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_NFC + 1);
591 591
592 switch (type) { 592 switch (type) {
593 case RFKILL_TYPE_WLAN: 593 case RFKILL_TYPE_WLAN:
@@ -604,6 +604,8 @@ static const char *rfkill_get_type_str(enum rfkill_type type)
604 return "gps"; 604 return "gps";
605 case RFKILL_TYPE_FM: 605 case RFKILL_TYPE_FM:
606 return "fm"; 606 return "fm";
607 case RFKILL_TYPE_NFC:
608 return "nfc";
607 default: 609 default:
608 BUG(); 610 BUG();
609 } 611 }
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 78fc0937948d..fb076cd6f808 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -131,6 +131,7 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
131 rfkill->pwr_clk = clk_get(&pdev->dev, pdata->power_clk_name); 131 rfkill->pwr_clk = clk_get(&pdev->dev, pdata->power_clk_name);
132 if (IS_ERR(rfkill->pwr_clk)) { 132 if (IS_ERR(rfkill->pwr_clk)) {
133 pr_warn("%s: can't find pwr_clk.\n", __func__); 133 pr_warn("%s: can't find pwr_clk.\n", __func__);
134 ret = PTR_ERR(rfkill->pwr_clk);
134 goto fail_shutdown_name; 135 goto fail_shutdown_name;
135 } 136 }
136 } 137 }
@@ -152,9 +153,11 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
152 } 153 }
153 154
154 rfkill->rfkill_dev = rfkill_alloc(pdata->name, &pdev->dev, pdata->type, 155 rfkill->rfkill_dev = rfkill_alloc(pdata->name, &pdev->dev, pdata->type,
155 &rfkill_gpio_ops, rfkill); 156 &rfkill_gpio_ops, rfkill);
156 if (!rfkill->rfkill_dev) 157 if (!rfkill->rfkill_dev) {
158 ret = -ENOMEM;
157 goto fail_shutdown; 159 goto fail_shutdown;
160 }
158 161
159 ret = rfkill_register(rfkill->rfkill_dev); 162 ret = rfkill_register(rfkill->rfkill_dev);
160 if (ret < 0) 163 if (ret < 0)
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 124e5e773fbc..fd35dae547c4 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -88,6 +88,9 @@ struct cfg80211_registered_device {
88 88
89 struct delayed_work dfs_update_channels_wk; 89 struct delayed_work dfs_update_channels_wk;
90 90
91 /* netlink port which started critical protocol (0 means not started) */
92 u32 crit_proto_nlportid;
93
91 /* must be last because of the way we do wiphy_priv(), 94 /* must be last because of the way we do wiphy_priv(),
92 * and it should at least be aligned to NETDEV_ALIGN */ 95 * and it should at least be aligned to NETDEV_ALIGN */
93 struct wiphy wiphy __aligned(NETDEV_ALIGN); 96 struct wiphy wiphy __aligned(NETDEV_ALIGN);
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 390198bf4b36..0c7b7dd855f6 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -648,6 +648,11 @@ void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
648 648
649 spin_unlock_bh(&wdev->mgmt_registrations_lock); 649 spin_unlock_bh(&wdev->mgmt_registrations_lock);
650 650
651 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
652 rdev->crit_proto_nlportid = 0;
653 rdev_crit_proto_stop(rdev, wdev);
654 }
655
651 if (nlportid == wdev->ap_unexpected_nlportid) 656 if (nlportid == wdev->ap_unexpected_nlportid)
652 wdev->ap_unexpected_nlportid = 0; 657 wdev->ap_unexpected_nlportid = 0;
653} 658}
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 671b69a3c136..afa283841e8c 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -447,62 +447,69 @@ nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
447 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 447 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
448}; 448};
449 449
450/* ifidx get helper */ 450static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
451static int nl80211_get_ifidx(struct netlink_callback *cb) 451 struct netlink_callback *cb,
452 struct cfg80211_registered_device **rdev,
453 struct wireless_dev **wdev)
452{ 454{
453 int res; 455 int err;
454
455 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
456 nl80211_fam.attrbuf, nl80211_fam.maxattr,
457 nl80211_policy);
458 if (res)
459 return res;
460
461 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
462 return -EINVAL;
463 456
464 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 457 rtnl_lock();
465 if (!res) 458 mutex_lock(&cfg80211_mutex);
466 return -EINVAL;
467 return res;
468}
469 459
470static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 460 if (!cb->args[0]) {
471 struct netlink_callback *cb, 461 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
472 struct cfg80211_registered_device **rdev, 462 nl80211_fam.attrbuf, nl80211_fam.maxattr,
473 struct net_device **dev) 463 nl80211_policy);
474{ 464 if (err)
475 int ifidx = cb->args[0]; 465 goto out_unlock;
476 int err;
477 466
478 if (!ifidx) 467 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
479 ifidx = nl80211_get_ifidx(cb); 468 nl80211_fam.attrbuf);
480 if (ifidx < 0) 469 if (IS_ERR(*wdev)) {
481 return ifidx; 470 err = PTR_ERR(*wdev);
471 goto out_unlock;
472 }
473 *rdev = wiphy_to_dev((*wdev)->wiphy);
474 cb->args[0] = (*rdev)->wiphy_idx;
475 cb->args[1] = (*wdev)->identifier;
476 } else {
477 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
478 struct wireless_dev *tmp;
482 479
483 cb->args[0] = ifidx; 480 if (!wiphy) {
481 err = -ENODEV;
482 goto out_unlock;
483 }
484 *rdev = wiphy_to_dev(wiphy);
485 *wdev = NULL;
484 486
485 rtnl_lock(); 487 mutex_lock(&(*rdev)->devlist_mtx);
488 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
489 if (tmp->identifier == cb->args[1]) {
490 *wdev = tmp;
491 break;
492 }
493 }
494 mutex_unlock(&(*rdev)->devlist_mtx);
486 495
487 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 496 if (!*wdev) {
488 if (!*dev) { 497 err = -ENODEV;
489 err = -ENODEV; 498 goto out_unlock;
490 goto out_rtnl; 499 }
491 } 500 }
492 501
493 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 502 cfg80211_lock_rdev(*rdev);
494 if (IS_ERR(*rdev)) {
495 err = PTR_ERR(*rdev);
496 goto out_rtnl;
497 }
498 503
504 mutex_unlock(&cfg80211_mutex);
499 return 0; 505 return 0;
500 out_rtnl: 506 out_unlock:
507 mutex_unlock(&cfg80211_mutex);
501 rtnl_unlock(); 508 rtnl_unlock();
502 return err; 509 return err;
503} 510}
504 511
505static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 512static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
506{ 513{
507 cfg80211_unlock_rdev(rdev); 514 cfg80211_unlock_rdev(rdev);
508 rtnl_unlock(); 515 rtnl_unlock();
@@ -1417,6 +1424,10 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1417 } 1424 }
1418 CMD(start_p2p_device, START_P2P_DEVICE); 1425 CMD(start_p2p_device, START_P2P_DEVICE);
1419 CMD(set_mcast_rate, SET_MCAST_RATE); 1426 CMD(set_mcast_rate, SET_MCAST_RATE);
1427 if (split) {
1428 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1429 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1430 }
1420 1431
1421#ifdef CONFIG_NL80211_TESTMODE 1432#ifdef CONFIG_NL80211_TESTMODE
1422 CMD(testmode_cmd, TESTMODE); 1433 CMD(testmode_cmd, TESTMODE);
@@ -3525,15 +3536,20 @@ static int nl80211_dump_station(struct sk_buff *skb,
3525{ 3536{
3526 struct station_info sinfo; 3537 struct station_info sinfo;
3527 struct cfg80211_registered_device *dev; 3538 struct cfg80211_registered_device *dev;
3528 struct net_device *netdev; 3539 struct wireless_dev *wdev;
3529 u8 mac_addr[ETH_ALEN]; 3540 u8 mac_addr[ETH_ALEN];
3530 int sta_idx = cb->args[1]; 3541 int sta_idx = cb->args[2];
3531 int err; 3542 int err;
3532 3543
3533 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3544 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3534 if (err) 3545 if (err)
3535 return err; 3546 return err;
3536 3547
3548 if (!wdev->netdev) {
3549 err = -EINVAL;
3550 goto out_err;
3551 }
3552
3537 if (!dev->ops->dump_station) { 3553 if (!dev->ops->dump_station) {
3538 err = -EOPNOTSUPP; 3554 err = -EOPNOTSUPP;
3539 goto out_err; 3555 goto out_err;
@@ -3541,7 +3557,7 @@ static int nl80211_dump_station(struct sk_buff *skb,
3541 3557
3542 while (1) { 3558 while (1) {
3543 memset(&sinfo, 0, sizeof(sinfo)); 3559 memset(&sinfo, 0, sizeof(sinfo));
3544 err = rdev_dump_station(dev, netdev, sta_idx, 3560 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3545 mac_addr, &sinfo); 3561 mac_addr, &sinfo);
3546 if (err == -ENOENT) 3562 if (err == -ENOENT)
3547 break; 3563 break;
@@ -3551,7 +3567,7 @@ static int nl80211_dump_station(struct sk_buff *skb,
3551 if (nl80211_send_station(skb, 3567 if (nl80211_send_station(skb,
3552 NETLINK_CB(cb->skb).portid, 3568 NETLINK_CB(cb->skb).portid,
3553 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3569 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3554 dev, netdev, mac_addr, 3570 dev, wdev->netdev, mac_addr,
3555 &sinfo) < 0) 3571 &sinfo) < 0)
3556 goto out; 3572 goto out;
3557 3573
@@ -3560,10 +3576,10 @@ static int nl80211_dump_station(struct sk_buff *skb,
3560 3576
3561 3577
3562 out: 3578 out:
3563 cb->args[1] = sta_idx; 3579 cb->args[2] = sta_idx;
3564 err = skb->len; 3580 err = skb->len;
3565 out_err: 3581 out_err:
3566 nl80211_finish_netdev_dump(dev); 3582 nl80211_finish_wdev_dump(dev);
3567 3583
3568 return err; 3584 return err;
3569} 3585}
@@ -4167,13 +4183,13 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4167{ 4183{
4168 struct mpath_info pinfo; 4184 struct mpath_info pinfo;
4169 struct cfg80211_registered_device *dev; 4185 struct cfg80211_registered_device *dev;
4170 struct net_device *netdev; 4186 struct wireless_dev *wdev;
4171 u8 dst[ETH_ALEN]; 4187 u8 dst[ETH_ALEN];
4172 u8 next_hop[ETH_ALEN]; 4188 u8 next_hop[ETH_ALEN];
4173 int path_idx = cb->args[1]; 4189 int path_idx = cb->args[2];
4174 int err; 4190 int err;
4175 4191
4176 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4192 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4177 if (err) 4193 if (err)
4178 return err; 4194 return err;
4179 4195
@@ -4182,14 +4198,14 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4182 goto out_err; 4198 goto out_err;
4183 } 4199 }
4184 4200
4185 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 4201 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4186 err = -EOPNOTSUPP; 4202 err = -EOPNOTSUPP;
4187 goto out_err; 4203 goto out_err;
4188 } 4204 }
4189 4205
4190 while (1) { 4206 while (1) {
4191 err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop, 4207 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4192 &pinfo); 4208 next_hop, &pinfo);
4193 if (err == -ENOENT) 4209 if (err == -ENOENT)
4194 break; 4210 break;
4195 if (err) 4211 if (err)
@@ -4197,7 +4213,7 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4197 4213
4198 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 4214 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4199 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4215 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4200 netdev, dst, next_hop, 4216 wdev->netdev, dst, next_hop,
4201 &pinfo) < 0) 4217 &pinfo) < 0)
4202 goto out; 4218 goto out;
4203 4219
@@ -4206,10 +4222,10 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4206 4222
4207 4223
4208 out: 4224 out:
4209 cb->args[1] = path_idx; 4225 cb->args[2] = path_idx;
4210 err = skb->len; 4226 err = skb->len;
4211 out_err: 4227 out_err:
4212 nl80211_finish_netdev_dump(dev); 4228 nl80211_finish_wdev_dump(dev);
4213 return err; 4229 return err;
4214} 4230}
4215 4231
@@ -5565,9 +5581,13 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5565 5581
5566 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 5582 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5567 5583
5568 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 5584 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5585 goto nla_put_failure;
5586 if (wdev->netdev &&
5569 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 5587 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5570 goto nla_put_failure; 5588 goto nla_put_failure;
5589 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5590 goto nla_put_failure;
5571 5591
5572 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 5592 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5573 if (!bss) 5593 if (!bss)
@@ -5647,22 +5667,18 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5647 return -EMSGSIZE; 5667 return -EMSGSIZE;
5648} 5668}
5649 5669
5650static int nl80211_dump_scan(struct sk_buff *skb, 5670static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5651 struct netlink_callback *cb)
5652{ 5671{
5653 struct cfg80211_registered_device *rdev; 5672 struct cfg80211_registered_device *rdev;
5654 struct net_device *dev;
5655 struct cfg80211_internal_bss *scan; 5673 struct cfg80211_internal_bss *scan;
5656 struct wireless_dev *wdev; 5674 struct wireless_dev *wdev;
5657 int start = cb->args[1], idx = 0; 5675 int start = cb->args[2], idx = 0;
5658 int err; 5676 int err;
5659 5677
5660 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 5678 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5661 if (err) 5679 if (err)
5662 return err; 5680 return err;
5663 5681
5664 wdev = dev->ieee80211_ptr;
5665
5666 wdev_lock(wdev); 5682 wdev_lock(wdev);
5667 spin_lock_bh(&rdev->bss_lock); 5683 spin_lock_bh(&rdev->bss_lock);
5668 cfg80211_bss_expire(rdev); 5684 cfg80211_bss_expire(rdev);
@@ -5683,8 +5699,8 @@ static int nl80211_dump_scan(struct sk_buff *skb,
5683 spin_unlock_bh(&rdev->bss_lock); 5699 spin_unlock_bh(&rdev->bss_lock);
5684 wdev_unlock(wdev); 5700 wdev_unlock(wdev);
5685 5701
5686 cb->args[1] = idx; 5702 cb->args[2] = idx;
5687 nl80211_finish_netdev_dump(rdev); 5703 nl80211_finish_wdev_dump(rdev);
5688 5704
5689 return skb->len; 5705 return skb->len;
5690} 5706}
@@ -5753,14 +5769,19 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5753{ 5769{
5754 struct survey_info survey; 5770 struct survey_info survey;
5755 struct cfg80211_registered_device *dev; 5771 struct cfg80211_registered_device *dev;
5756 struct net_device *netdev; 5772 struct wireless_dev *wdev;
5757 int survey_idx = cb->args[1]; 5773 int survey_idx = cb->args[2];
5758 int res; 5774 int res;
5759 5775
5760 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 5776 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
5761 if (res) 5777 if (res)
5762 return res; 5778 return res;
5763 5779
5780 if (!wdev->netdev) {
5781 res = -EINVAL;
5782 goto out_err;
5783 }
5784
5764 if (!dev->ops->dump_survey) { 5785 if (!dev->ops->dump_survey) {
5765 res = -EOPNOTSUPP; 5786 res = -EOPNOTSUPP;
5766 goto out_err; 5787 goto out_err;
@@ -5769,7 +5790,7 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5769 while (1) { 5790 while (1) {
5770 struct ieee80211_channel *chan; 5791 struct ieee80211_channel *chan;
5771 5792
5772 res = rdev_dump_survey(dev, netdev, survey_idx, &survey); 5793 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
5773 if (res == -ENOENT) 5794 if (res == -ENOENT)
5774 break; 5795 break;
5775 if (res) 5796 if (res)
@@ -5791,17 +5812,16 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5791 if (nl80211_send_survey(skb, 5812 if (nl80211_send_survey(skb,
5792 NETLINK_CB(cb->skb).portid, 5813 NETLINK_CB(cb->skb).portid,
5793 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5814 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5794 netdev, 5815 wdev->netdev, &survey) < 0)
5795 &survey) < 0)
5796 goto out; 5816 goto out;
5797 survey_idx++; 5817 survey_idx++;
5798 } 5818 }
5799 5819
5800 out: 5820 out:
5801 cb->args[1] = survey_idx; 5821 cb->args[2] = survey_idx;
5802 res = skb->len; 5822 res = skb->len;
5803 out_err: 5823 out_err:
5804 nl80211_finish_netdev_dump(dev); 5824 nl80211_finish_wdev_dump(dev);
5805 return res; 5825 return res;
5806} 5826}
5807 5827
@@ -8143,9 +8163,11 @@ static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8143 if (!rdev->ops->stop_p2p_device) 8163 if (!rdev->ops->stop_p2p_device)
8144 return -EOPNOTSUPP; 8164 return -EOPNOTSUPP;
8145 8165
8166 mutex_lock(&rdev->devlist_mtx);
8146 mutex_lock(&rdev->sched_scan_mtx); 8167 mutex_lock(&rdev->sched_scan_mtx);
8147 cfg80211_stop_p2p_device(rdev, wdev); 8168 cfg80211_stop_p2p_device(rdev, wdev);
8148 mutex_unlock(&rdev->sched_scan_mtx); 8169 mutex_unlock(&rdev->sched_scan_mtx);
8170 mutex_unlock(&rdev->devlist_mtx);
8149 8171
8150 return 0; 8172 return 0;
8151} 8173}
@@ -8198,6 +8220,64 @@ static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8198 return rdev_update_ft_ies(rdev, dev, &ft_params); 8220 return rdev_update_ft_ies(rdev, dev, &ft_params);
8199} 8221}
8200 8222
8223static int nl80211_crit_protocol_start(struct sk_buff *skb,
8224 struct genl_info *info)
8225{
8226 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8227 struct wireless_dev *wdev = info->user_ptr[1];
8228 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8229 u16 duration;
8230 int ret;
8231
8232 if (!rdev->ops->crit_proto_start)
8233 return -EOPNOTSUPP;
8234
8235 if (WARN_ON(!rdev->ops->crit_proto_stop))
8236 return -EINVAL;
8237
8238 if (rdev->crit_proto_nlportid)
8239 return -EBUSY;
8240
8241 /* determine protocol if provided */
8242 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8243 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8244
8245 if (proto >= NUM_NL80211_CRIT_PROTO)
8246 return -EINVAL;
8247
8248 /* timeout must be provided */
8249 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8250 return -EINVAL;
8251
8252 duration =
8253 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8254
8255 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8256 return -ERANGE;
8257
8258 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8259 if (!ret)
8260 rdev->crit_proto_nlportid = info->snd_portid;
8261
8262 return ret;
8263}
8264
8265static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8266 struct genl_info *info)
8267{
8268 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8269 struct wireless_dev *wdev = info->user_ptr[1];
8270
8271 if (!rdev->ops->crit_proto_stop)
8272 return -EOPNOTSUPP;
8273
8274 if (rdev->crit_proto_nlportid) {
8275 rdev->crit_proto_nlportid = 0;
8276 rdev_crit_proto_stop(rdev, wdev);
8277 }
8278 return 0;
8279}
8280
8201#define NL80211_FLAG_NEED_WIPHY 0x01 8281#define NL80211_FLAG_NEED_WIPHY 0x01
8202#define NL80211_FLAG_NEED_NETDEV 0x02 8282#define NL80211_FLAG_NEED_NETDEV 0x02
8203#define NL80211_FLAG_NEED_RTNL 0x04 8283#define NL80211_FLAG_NEED_RTNL 0x04
@@ -8887,6 +8967,22 @@ static struct genl_ops nl80211_ops[] = {
8887 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8967 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8888 NL80211_FLAG_NEED_RTNL, 8968 NL80211_FLAG_NEED_RTNL,
8889 }, 8969 },
8970 {
8971 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
8972 .doit = nl80211_crit_protocol_start,
8973 .policy = nl80211_policy,
8974 .flags = GENL_ADMIN_PERM,
8975 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8976 NL80211_FLAG_NEED_RTNL,
8977 },
8978 {
8979 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
8980 .doit = nl80211_crit_protocol_stop,
8981 .policy = nl80211_policy,
8982 .flags = GENL_ADMIN_PERM,
8983 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8984 NL80211_FLAG_NEED_RTNL,
8985 }
8890}; 8986};
8891 8987
8892static struct genl_multicast_group nl80211_mlme_mcgrp = { 8988static struct genl_multicast_group nl80211_mlme_mcgrp = {
@@ -10632,6 +10728,45 @@ void cfg80211_ft_event(struct net_device *netdev,
10632} 10728}
10633EXPORT_SYMBOL(cfg80211_ft_event); 10729EXPORT_SYMBOL(cfg80211_ft_event);
10634 10730
10731void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
10732{
10733 struct cfg80211_registered_device *rdev;
10734 struct sk_buff *msg;
10735 void *hdr;
10736 u32 nlportid;
10737
10738 rdev = wiphy_to_dev(wdev->wiphy);
10739 if (!rdev->crit_proto_nlportid)
10740 return;
10741
10742 nlportid = rdev->crit_proto_nlportid;
10743 rdev->crit_proto_nlportid = 0;
10744
10745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10746 if (!msg)
10747 return;
10748
10749 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
10750 if (!hdr)
10751 goto nla_put_failure;
10752
10753 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10754 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10755 goto nla_put_failure;
10756
10757 genlmsg_end(msg, hdr);
10758
10759 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10760 return;
10761
10762 nla_put_failure:
10763 if (hdr)
10764 genlmsg_cancel(msg, hdr);
10765 nlmsg_free(msg);
10766
10767}
10768EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
10769
10635/* initialisation/exit functions */ 10770/* initialisation/exit functions */
10636 10771
10637int nl80211_init(void) 10772int nl80211_init(void)
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
index d77e1c1d3a0e..9f15f0ac824d 100644
--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
@@ -875,7 +875,7 @@ static inline void rdev_stop_p2p_device(struct cfg80211_registered_device *rdev,
875 trace_rdev_stop_p2p_device(&rdev->wiphy, wdev); 875 trace_rdev_stop_p2p_device(&rdev->wiphy, wdev);
876 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev); 876 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);
877 trace_rdev_return_void(&rdev->wiphy); 877 trace_rdev_return_void(&rdev->wiphy);
878} 878}
879 879
880static inline int rdev_set_mac_acl(struct cfg80211_registered_device *rdev, 880static inline int rdev_set_mac_acl(struct cfg80211_registered_device *rdev,
881 struct net_device *dev, 881 struct net_device *dev,
@@ -901,4 +901,26 @@ static inline int rdev_update_ft_ies(struct cfg80211_registered_device *rdev,
901 return ret; 901 return ret;
902} 902}
903 903
904static inline int rdev_crit_proto_start(struct cfg80211_registered_device *rdev,
905 struct wireless_dev *wdev,
906 enum nl80211_crit_proto_id protocol,
907 u16 duration)
908{
909 int ret;
910
911 trace_rdev_crit_proto_start(&rdev->wiphy, wdev, protocol, duration);
912 ret = rdev->ops->crit_proto_start(&rdev->wiphy, wdev,
913 protocol, duration);
914 trace_rdev_return_int(&rdev->wiphy, ret);
915 return ret;
916}
917
918static inline void rdev_crit_proto_stop(struct cfg80211_registered_device *rdev,
919 struct wireless_dev *wdev)
920{
921 trace_rdev_crit_proto_stop(&rdev->wiphy, wdev);
922 rdev->ops->crit_proto_stop(&rdev->wiphy, wdev);
923 trace_rdev_return_void(&rdev->wiphy);
924}
925
904#endif /* __CFG80211_RDEV_OPS */ 926#endif /* __CFG80211_RDEV_OPS */
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index e6df52dc8c69..cc35fbaa4578 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
855 return; 855 return;
856 856
857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); 857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
858 chan->flags = IEEE80211_CHAN_DISABLED; 858 chan->flags |= IEEE80211_CHAN_DISABLED;
859 return; 859 return;
860 } 860 }
861 861
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index 3c2033b8f596..ecd4fcec3c94 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -1806,6 +1806,41 @@ TRACE_EVENT(rdev_update_ft_ies,
1806 WIPHY_PR_ARG, NETDEV_PR_ARG, __entry->md) 1806 WIPHY_PR_ARG, NETDEV_PR_ARG, __entry->md)
1807); 1807);
1808 1808
1809TRACE_EVENT(rdev_crit_proto_start,
1810 TP_PROTO(struct wiphy *wiphy, struct wireless_dev *wdev,
1811 enum nl80211_crit_proto_id protocol, u16 duration),
1812 TP_ARGS(wiphy, wdev, protocol, duration),
1813 TP_STRUCT__entry(
1814 WIPHY_ENTRY
1815 WDEV_ENTRY
1816 __field(u16, proto)
1817 __field(u16, duration)
1818 ),
1819 TP_fast_assign(
1820 WIPHY_ASSIGN;
1821 WDEV_ASSIGN;
1822 __entry->proto = protocol;
1823 __entry->duration = duration;
1824 ),
1825 TP_printk(WIPHY_PR_FMT ", " WDEV_PR_FMT ", proto=%x, duration=%u",
1826 WIPHY_PR_ARG, WDEV_PR_ARG, __entry->proto, __entry->duration)
1827);
1828
1829TRACE_EVENT(rdev_crit_proto_stop,
1830 TP_PROTO(struct wiphy *wiphy, struct wireless_dev *wdev),
1831 TP_ARGS(wiphy, wdev),
1832 TP_STRUCT__entry(
1833 WIPHY_ENTRY
1834 WDEV_ENTRY
1835 ),
1836 TP_fast_assign(
1837 WIPHY_ASSIGN;
1838 WDEV_ASSIGN;
1839 ),
1840 TP_printk(WIPHY_PR_FMT ", " WDEV_PR_FMT,
1841 WIPHY_PR_ARG, WDEV_PR_ARG)
1842);
1843
1809/************************************************************* 1844/*************************************************************
1810 * cfg80211 exported functions traces * 1845 * cfg80211 exported functions traces *
1811 *************************************************************/ 1846 *************************************************************/
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 6cbac99ae03d..f5ad4d94ba88 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1155,6 +1155,26 @@ int cfg80211_get_p2p_attr(const u8 *ies, unsigned int len,
1155} 1155}
1156EXPORT_SYMBOL(cfg80211_get_p2p_attr); 1156EXPORT_SYMBOL(cfg80211_get_p2p_attr);
1157 1157
1158bool ieee80211_operating_class_to_band(u8 operating_class,
1159 enum ieee80211_band *band)
1160{
1161 switch (operating_class) {
1162 case 112:
1163 case 115 ... 127:
1164 *band = IEEE80211_BAND_5GHZ;
1165 return true;
1166 case 81:
1167 case 82:
1168 case 83:
1169 case 84:
1170 *band = IEEE80211_BAND_2GHZ;
1171 return true;
1172 }
1173
1174 return false;
1175}
1176EXPORT_SYMBOL(ieee80211_operating_class_to_band);
1177
1158int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev, 1178int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
1159 u32 beacon_int) 1179 u32 beacon_int)
1160{ 1180{
@@ -1258,12 +1278,12 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
1258 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) { 1278 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) {
1259 if (wdev_iter == wdev) 1279 if (wdev_iter == wdev)
1260 continue; 1280 continue;
1261 if (wdev_iter->netdev) { 1281 if (wdev_iter->iftype == NL80211_IFTYPE_P2P_DEVICE) {
1262 if (!netif_running(wdev_iter->netdev))
1263 continue;
1264 } else if (wdev_iter->iftype == NL80211_IFTYPE_P2P_DEVICE) {
1265 if (!wdev_iter->p2p_started) 1282 if (!wdev_iter->p2p_started)
1266 continue; 1283 continue;
1284 } else if (wdev_iter->netdev) {
1285 if (!netif_running(wdev_iter->netdev))
1286 continue;
1267 } else { 1287 } else {
1268 WARN_ON(1); 1288 WARN_ON(1);
1269 } 1289 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-23 10:10:11 -0400