aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2013-04-24 16:27:02 -0400
committerDavid S. Miller <davem@davemloft.net>2013-04-24 16:27:02 -0400
commit8bfadc32b7ef56ac6245b7ae0a06f5ece193004b (patch)
tree571c0c29cee15aa59088cf9a66f798b20005c1f5 /net
parent1bf9310a1336c26873dc3eb5fa188d4263897929 (diff)
parent6ed0e321a0aef14a894e26658108bf7e895c36a6 (diff)
Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next
John W. Linville says: ==================== Here is one last(?) big wireless bits pull request before the merge window... Regarding the mac80211 bits, Johannes says: "Here's another big pull request for the -next stream. This one has a ton of driver updates, which hopefully addresses all drivers, but maybe you have more new drivers than I have in my tree? Not entirely sure, let me know if this is the case and then I can merge wireless-next. I'm including a large number of small changes, see the shortlog. The two bigger things are making VHT compatible with not using channel contexts (from Karl) and the stop-while-suspended fixes I developed together with Stanislaw." ...and... "This time I have a relatively large number of fixes and small improvements, the most important one being Bob's RCU fix. The two big things are Felix's work on rate scaling tables (with a big thanks to Karl too) and my own work on CSA handling to finally properly handle HT (and some VHT.)" As for the iwlwifi bits, Johannes says: "The biggest work here is Bluetooth coexistence and power saving. Other than that, I have a few small fixes that weren't really needed for 3.9 and a new PCI ID." About the NFC bits, Samuel says: "With this one we have: - A major pn533 update. The pn533 framing support has been changed in order to easily support all pn533 derivatives. For example we now support the ACR122 USB dongle. - An NFC MEI physical layer code factorization through the mei_phy NFC API. Both the microread and the pn544 drivers now use it. - LLCP aggregation support. This allows NFC p2p devices to send aggregated frames containing all sort of LLCP frames except SYMM and aggregation frames. - More LLCP socket options for getting the remote device link parameters. - Fixes for the LLCP socket option code added with the first pull request for 3.10. - Some support for LLCP corner cases like 0 length SDUs and general DISC (tagged with a 0,0 dsap ssap couple) handling. - RFKILL support for NFC." For the b43 bits, RafaƂ says: "Let me remind the changes for b43: > Changes include: > 1) Minor improvements for HT-PHY code (BCM4331) > 2) Code cleaning for HT-PHY and N-PHY" Concerning the bluetooth bits, Gustavo says: "A set of changes intended for 3.10. The biggest changes here are from David Herrmann, he rewrote most of the HIDP layer making it more reliable. Marcel added a driver setup stage for device that need special handling on their early initialization. Other than that we have the usual clean ups, bugfixes and small improvements." Along with all that, there is the usual collection of random/various updates to ath9k, mwifiex, brcmfmac, brcmsmac, rt2x00, and wil6210. I also included a pull of the wireless tree to resolve a merge conflict. Please let me know if there are problems! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_conn.c38
-rw-r--r--net/bluetooth/hci_core.c239
-rw-r--r--net/bluetooth/hci_event.c184
-rw-r--r--net/bluetooth/hci_sysfs.c17
-rw-r--r--net/bluetooth/hidp/core.c992
-rw-r--r--net/bluetooth/hidp/hidp.h67
-rw-r--r--net/bluetooth/hidp/sock.c22
-rw-r--r--net/bluetooth/l2cap_core.c127
-rw-r--r--net/bluetooth/l2cap_sock.c6
-rw-r--r--net/bluetooth/mgmt.c17
-rw-r--r--net/bluetooth/sco.c49
-rw-r--r--net/bluetooth/smp.c2
-rw-r--r--net/mac80211/cfg.c57
-rw-r--r--net/mac80211/chan.c54
-rw-r--r--net/mac80211/debugfs_netdev.c11
-rw-r--r--net/mac80211/debugfs_sta.c2
-rw-r--r--net/mac80211/ibss.c146
-rw-r--r--net/mac80211/ieee80211_i.h49
-rw-r--r--net/mac80211/iface.c121
-rw-r--r--net/mac80211/main.c82
-rw-r--r--net/mac80211/mesh.c6
-rw-r--r--net/mac80211/mesh.h3
-rw-r--r--net/mac80211/mesh_hwmp.c28
-rw-r--r--net/mac80211/mesh_pathtbl.c56
-rw-r--r--net/mac80211/mesh_plink.c6
-rw-r--r--net/mac80211/mlme.c442
-rw-r--r--net/mac80211/offchannel.c6
-rw-r--r--net/mac80211/pm.c11
-rw-r--r--net/mac80211/rate.c324
-rw-r--r--net/mac80211/rc80211_minstrel.c206
-rw-r--r--net/mac80211/rc80211_minstrel.h7
-rw-r--r--net/mac80211/rc80211_minstrel_debugfs.c4
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c172
-rw-r--r--net/mac80211/rc80211_minstrel_ht.h2
-rw-r--r--net/mac80211/rx.c24
-rw-r--r--net/mac80211/scan.c13
-rw-r--r--net/mac80211/trace.h51
-rw-r--r--net/mac80211/tx.c153
-rw-r--r--net/mac80211/util.c103
-rw-r--r--net/nfc/core.c43
-rw-r--r--net/nfc/llcp/commands.c30
-rw-r--r--net/nfc/llcp/llcp.c127
-rw-r--r--net/nfc/llcp/llcp.h5
-rw-r--r--net/nfc/llcp/sock.c43
-rw-r--r--net/rfkill/core.c4
-rw-r--r--net/rfkill/rfkill-gpio.c7
-rw-r--r--net/wireless/core.h3
-rw-r--r--net/wireless/mlme.c5
-rw-r--r--net/wireless/nl80211.c285
-rw-r--r--net/wireless/rdev-ops.h24
-rw-r--r--net/wireless/reg.c2
-rw-r--r--net/wireless/trace.h35
-rw-r--r--net/wireless/util.c28
53 files changed, 2895 insertions, 1645 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index b9f90169940b..6c7f36379722 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -117,6 +117,16 @@ static void hci_acl_create_connection_cancel(struct hci_conn *conn)
117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp); 117 hci_send_cmd(conn->hdev, HCI_OP_CREATE_CONN_CANCEL, sizeof(cp), &cp);
118} 118}
119 119
120static void hci_reject_sco(struct hci_conn *conn)
121{
122 struct hci_cp_reject_sync_conn_req cp;
123
124 cp.reason = HCI_ERROR_REMOTE_USER_TERM;
125 bacpy(&cp.bdaddr, &conn->dst);
126
127 hci_send_cmd(conn->hdev, HCI_OP_REJECT_SYNC_CONN_REQ, sizeof(cp), &cp);
128}
129
120void hci_disconnect(struct hci_conn *conn, __u8 reason) 130void hci_disconnect(struct hci_conn *conn, __u8 reason)
121{ 131{
122 struct hci_cp_disconnect cp; 132 struct hci_cp_disconnect cp;
@@ -276,6 +286,8 @@ static void hci_conn_timeout(struct work_struct *work)
276 hci_acl_create_connection_cancel(conn); 286 hci_acl_create_connection_cancel(conn);
277 else if (conn->type == LE_LINK) 287 else if (conn->type == LE_LINK)
278 hci_le_create_connection_cancel(conn); 288 hci_le_create_connection_cancel(conn);
289 } else if (conn->type == SCO_LINK || conn->type == ESCO_LINK) {
290 hci_reject_sco(conn);
279 } 291 }
280 break; 292 break;
281 case BT_CONFIG: 293 case BT_CONFIG:
@@ -398,8 +410,6 @@ struct hci_conn *hci_conn_add(struct hci_dev *hdev, int type, bdaddr_t *dst)
398 if (hdev->notify) 410 if (hdev->notify)
399 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD); 411 hdev->notify(hdev, HCI_NOTIFY_CONN_ADD);
400 412
401 atomic_set(&conn->devref, 0);
402
403 hci_conn_init_sysfs(conn); 413 hci_conn_init_sysfs(conn);
404 414
405 return conn; 415 return conn;
@@ -433,7 +443,7 @@ int hci_conn_del(struct hci_conn *conn)
433 struct hci_conn *acl = conn->link; 443 struct hci_conn *acl = conn->link;
434 if (acl) { 444 if (acl) {
435 acl->link = NULL; 445 acl->link = NULL;
436 hci_conn_put(acl); 446 hci_conn_drop(acl);
437 } 447 }
438 } 448 }
439 449
@@ -448,12 +458,11 @@ int hci_conn_del(struct hci_conn *conn)
448 458
449 skb_queue_purge(&conn->data_q); 459 skb_queue_purge(&conn->data_q);
450 460
451 hci_conn_put_device(conn); 461 hci_conn_del_sysfs(conn);
452 462
453 hci_dev_put(hdev); 463 hci_dev_put(hdev);
454 464
455 if (conn->handle == 0) 465 hci_conn_put(conn);
456 kfree(conn);
457 466
458 return 0; 467 return 0;
459} 468}
@@ -565,7 +574,7 @@ static struct hci_conn *hci_connect_sco(struct hci_dev *hdev, int type,
565 if (!sco) { 574 if (!sco) {
566 sco = hci_conn_add(hdev, type, dst); 575 sco = hci_conn_add(hdev, type, dst);
567 if (!sco) { 576 if (!sco) {
568 hci_conn_put(acl); 577 hci_conn_drop(acl);
569 return ERR_PTR(-ENOMEM); 578 return ERR_PTR(-ENOMEM);
570 } 579 }
571 } 580 }
@@ -835,19 +844,6 @@ void hci_conn_check_pending(struct hci_dev *hdev)
835 hci_dev_unlock(hdev); 844 hci_dev_unlock(hdev);
836} 845}
837 846
838void hci_conn_hold_device(struct hci_conn *conn)
839{
840 atomic_inc(&conn->devref);
841}
842EXPORT_SYMBOL(hci_conn_hold_device);
843
844void hci_conn_put_device(struct hci_conn *conn)
845{
846 if (atomic_dec_and_test(&conn->devref))
847 hci_conn_del_sysfs(conn);
848}
849EXPORT_SYMBOL(hci_conn_put_device);
850
851int hci_get_conn_list(void __user *arg) 847int hci_get_conn_list(void __user *arg)
852{ 848{
853 struct hci_conn *c; 849 struct hci_conn *c;
@@ -980,7 +976,7 @@ void hci_chan_del(struct hci_chan *chan)
980 976
981 synchronize_rcu(); 977 synchronize_rcu();
982 978
983 hci_conn_put(conn); 979 hci_conn_drop(conn);
984 980
985 skb_queue_purge(&chan->data_q); 981 skb_queue_purge(&chan->data_q);
986 kfree(chan); 982 kfree(chan);
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index cfcad5423f1c..ce82265f5619 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -79,6 +79,121 @@ static void hci_req_cancel(struct hci_dev *hdev, int err)
79 } 79 }
80} 80}
81 81
82struct sk_buff *hci_get_cmd_complete(struct hci_dev *hdev, u16 opcode, u8 event)
83{
84 struct hci_ev_cmd_complete *ev;
85 struct hci_event_hdr *hdr;
86 struct sk_buff *skb;
87
88 hci_dev_lock(hdev);
89
90 skb = hdev->recv_evt;
91 hdev->recv_evt = NULL;
92
93 hci_dev_unlock(hdev);
94
95 if (!skb)
96 return ERR_PTR(-ENODATA);
97
98 if (skb->len < sizeof(*hdr)) {
99 BT_ERR("Too short HCI event");
100 goto failed;
101 }
102
103 hdr = (void *) skb->data;
104 skb_pull(skb, HCI_EVENT_HDR_SIZE);
105
106 if (event) {
107 if (hdr->evt != event)
108 goto failed;
109 return skb;
110 }
111
112 if (hdr->evt != HCI_EV_CMD_COMPLETE) {
113 BT_DBG("Last event is not cmd complete (0x%2.2x)", hdr->evt);
114 goto failed;
115 }
116
117 if (skb->len < sizeof(*ev)) {
118 BT_ERR("Too short cmd_complete event");
119 goto failed;
120 }
121
122 ev = (void *) skb->data;
123 skb_pull(skb, sizeof(*ev));
124
125 if (opcode == __le16_to_cpu(ev->opcode))
126 return skb;
127
128 BT_DBG("opcode doesn't match (0x%2.2x != 0x%2.2x)", opcode,
129 __le16_to_cpu(ev->opcode));
130
131failed:
132 kfree_skb(skb);
133 return ERR_PTR(-ENODATA);
134}
135
136struct sk_buff *__hci_cmd_sync_ev(struct hci_dev *hdev, u16 opcode, u32 plen,
137 void *param, u8 event, u32 timeout)
138{
139 DECLARE_WAITQUEUE(wait, current);
140 struct hci_request req;
141 int err = 0;
142
143 BT_DBG("%s", hdev->name);
144
145 hci_req_init(&req, hdev);
146
147 hci_req_add_ev(&req, opcode, plen, param, event);
148
149 hdev->req_status = HCI_REQ_PEND;
150
151 err = hci_req_run(&req, hci_req_sync_complete);
152 if (err < 0)
153 return ERR_PTR(err);
154
155 add_wait_queue(&hdev->req_wait_q, &wait);
156 set_current_state(TASK_INTERRUPTIBLE);
157
158 schedule_timeout(timeout);
159
160 remove_wait_queue(&hdev->req_wait_q, &wait);
161
162 if (signal_pending(current))
163 return ERR_PTR(-EINTR);
164
165 switch (hdev->req_status) {
166 case HCI_REQ_DONE:
167 err = -bt_to_errno(hdev->req_result);
168 break;
169
170 case HCI_REQ_CANCELED:
171 err = -hdev->req_result;
172 break;
173
174 default:
175 err = -ETIMEDOUT;
176 break;
177 }
178
179 hdev->req_status = hdev->req_result = 0;
180
181 BT_DBG("%s end: err %d", hdev->name, err);
182
183 if (err < 0)
184 return ERR_PTR(err);
185
186 return hci_get_cmd_complete(hdev, opcode, event);
187}
188EXPORT_SYMBOL(__hci_cmd_sync_ev);
189
190struct sk_buff *__hci_cmd_sync(struct hci_dev *hdev, u16 opcode, u32 plen,
191 void *param, u32 timeout)
192{
193 return __hci_cmd_sync_ev(hdev, opcode, plen, param, 0, timeout);
194}
195EXPORT_SYMBOL(__hci_cmd_sync);
196
82/* Execute request and wait for completion. */ 197/* Execute request and wait for completion. */
83static int __hci_req_sync(struct hci_dev *hdev, 198static int __hci_req_sync(struct hci_dev *hdev,
84 void (*func)(struct hci_request *req, 199 void (*func)(struct hci_request *req,
@@ -201,29 +316,9 @@ static void amp_init(struct hci_request *req)
201static void hci_init1_req(struct hci_request *req, unsigned long opt) 316static void hci_init1_req(struct hci_request *req, unsigned long opt)
202{ 317{
203 struct hci_dev *hdev = req->hdev; 318 struct hci_dev *hdev = req->hdev;
204 struct hci_request init_req;
205 struct sk_buff *skb;
206 319
207 BT_DBG("%s %ld", hdev->name, opt); 320 BT_DBG("%s %ld", hdev->name, opt);
208 321
209 /* Driver initialization */
210
211 hci_req_init(&init_req, hdev);
212
213 /* Special commands */
214 while ((skb = skb_dequeue(&hdev->driver_init))) {
215 bt_cb(skb)->pkt_type = HCI_COMMAND_PKT;
216 skb->dev = (void *) hdev;
217
218 if (skb_queue_empty(&init_req.cmd_q))
219 bt_cb(skb)->req.start = true;
220
221 skb_queue_tail(&init_req.cmd_q, skb);
222 }
223 skb_queue_purge(&hdev->driver_init);
224
225 hci_req_run(&init_req, NULL);
226
227 /* Reset */ 322 /* Reset */
228 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks)) 323 if (!test_bit(HCI_QUIRK_RESET_ON_CLOSE, &hdev->quirks))
229 hci_reset_req(req, 0); 324 hci_reset_req(req, 0);
@@ -494,6 +589,7 @@ static void hci_set_le_support(struct hci_request *req)
494static void hci_init3_req(struct hci_request *req, unsigned long opt) 589static void hci_init3_req(struct hci_request *req, unsigned long opt)
495{ 590{
496 struct hci_dev *hdev = req->hdev; 591 struct hci_dev *hdev = req->hdev;
592 u8 p;
497 593
498 if (hdev->commands[5] & 0x10) 594 if (hdev->commands[5] & 0x10)
499 hci_setup_link_policy(req); 595 hci_setup_link_policy(req);
@@ -502,6 +598,15 @@ static void hci_init3_req(struct hci_request *req, unsigned long opt)
502 hci_set_le_support(req); 598 hci_set_le_support(req);
503 hci_update_ad(req); 599 hci_update_ad(req);
504 } 600 }
601
602 /* Read features beyond page 1 if available */
603 for (p = 2; p < HCI_MAX_PAGES && p <= hdev->max_page; p++) {
604 struct hci_cp_read_local_ext_features cp;
605
606 cp.page = p;
607 hci_req_add(req, HCI_OP_READ_LOCAL_EXT_FEATURES,
608 sizeof(cp), &cp);
609 }
505} 610}
506 611
507static int __hci_init(struct hci_dev *hdev) 612static int __hci_init(struct hci_dev *hdev)
@@ -818,6 +923,12 @@ static void hci_inq_req(struct hci_request *req, unsigned long opt)
818 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp); 923 hci_req_add(req, HCI_OP_INQUIRY, sizeof(cp), &cp);
819} 924}
820 925
926static int wait_inquiry(void *word)
927{
928 schedule();
929 return signal_pending(current);
930}
931
821int hci_inquiry(void __user *arg) 932int hci_inquiry(void __user *arg)
822{ 933{
823 __u8 __user *ptr = arg; 934 __u8 __user *ptr = arg;
@@ -849,6 +960,13 @@ int hci_inquiry(void __user *arg)
849 timeo); 960 timeo);
850 if (err < 0) 961 if (err < 0)
851 goto done; 962 goto done;
963
964 /* Wait until Inquiry procedure finishes (HCI_INQUIRY flag is
965 * cleared). If it is interrupted by a signal, return -EINTR.
966 */
967 if (wait_on_bit(&hdev->flags, HCI_INQUIRY, wait_inquiry,
968 TASK_INTERRUPTIBLE))
969 return -EINTR;
852 } 970 }
853 971
854 /* for unlimited number of responses we will use buffer with 972 /* for unlimited number of responses we will use buffer with
@@ -999,26 +1117,33 @@ int hci_dev_open(__u16 dev)
999 goto done; 1117 goto done;
1000 } 1118 }
1001 1119
1002 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1003 set_bit(HCI_RAW, &hdev->flags);
1004
1005 /* Treat all non BR/EDR controllers as raw devices if
1006 enable_hs is not set */
1007 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1008 set_bit(HCI_RAW, &hdev->flags);
1009
1010 if (hdev->open(hdev)) { 1120 if (hdev->open(hdev)) {
1011 ret = -EIO; 1121 ret = -EIO;
1012 goto done; 1122 goto done;
1013 } 1123 }
1014 1124
1015 if (!test_bit(HCI_RAW, &hdev->flags)) { 1125 atomic_set(&hdev->cmd_cnt, 1);
1016 atomic_set(&hdev->cmd_cnt, 1); 1126 set_bit(HCI_INIT, &hdev->flags);
1017 set_bit(HCI_INIT, &hdev->flags); 1127
1018 ret = __hci_init(hdev); 1128 if (hdev->setup && test_bit(HCI_SETUP, &hdev->dev_flags))
1019 clear_bit(HCI_INIT, &hdev->flags); 1129 ret = hdev->setup(hdev);
1130
1131 if (!ret) {
1132 /* Treat all non BR/EDR controllers as raw devices if
1133 * enable_hs is not set.
1134 */
1135 if (hdev->dev_type != HCI_BREDR && !enable_hs)
1136 set_bit(HCI_RAW, &hdev->flags);
1137
1138 if (test_bit(HCI_QUIRK_RAW_DEVICE, &hdev->quirks))
1139 set_bit(HCI_RAW, &hdev->flags);
1140
1141 if (!test_bit(HCI_RAW, &hdev->flags))
1142 ret = __hci_init(hdev);
1020 } 1143 }
1021 1144
1145 clear_bit(HCI_INIT, &hdev->flags);
1146
1022 if (!ret) { 1147 if (!ret) {
1023 hci_dev_hold(hdev); 1148 hci_dev_hold(hdev);
1024 set_bit(HCI_UP, &hdev->flags); 1149 set_bit(HCI_UP, &hdev->flags);
@@ -1123,6 +1248,9 @@ static int hci_dev_do_close(struct hci_dev *hdev)
1123 hdev->sent_cmd = NULL; 1248 hdev->sent_cmd = NULL;
1124 } 1249 }
1125 1250
1251 kfree_skb(hdev->recv_evt);
1252 hdev->recv_evt = NULL;
1253
1126 /* After this point our queues are empty 1254 /* After this point our queues are empty
1127 * and no tasks are scheduled. */ 1255 * and no tasks are scheduled. */
1128 hdev->close(hdev); 1256 hdev->close(hdev);
@@ -1861,8 +1989,8 @@ static void le_scan_enable_req(struct hci_request *req, unsigned long opt)
1861 struct hci_cp_le_set_scan_enable cp; 1989 struct hci_cp_le_set_scan_enable cp;
1862 1990
1863 memset(&cp, 0, sizeof(cp)); 1991 memset(&cp, 0, sizeof(cp));
1864 cp.enable = 1; 1992 cp.enable = LE_SCAN_ENABLE;
1865 cp.filter_dup = 1; 1993 cp.filter_dup = LE_SCAN_FILTER_DUP_ENABLE;
1866 1994
1867 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp); 1995 hci_req_add(req, HCI_OP_LE_SET_SCAN_ENABLE, sizeof(cp), &cp);
1868} 1996}
@@ -1896,7 +2024,7 @@ static int hci_do_le_scan(struct hci_dev *hdev, u8 type, u16 interval,
1896 return err; 2024 return err;
1897 2025
1898 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable, 2026 queue_delayed_work(hdev->workqueue, &hdev->le_scan_disable,
1899 msecs_to_jiffies(timeout)); 2027 timeout);
1900 2028
1901 return 0; 2029 return 0;
1902} 2030}
@@ -2006,7 +2134,6 @@ struct hci_dev *hci_alloc_dev(void)
2006 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off); 2134 INIT_DELAYED_WORK(&hdev->discov_off, hci_discov_off);
2007 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work); 2135 INIT_DELAYED_WORK(&hdev->le_scan_disable, le_scan_disable_work);
2008 2136
2009 skb_queue_head_init(&hdev->driver_init);
2010 skb_queue_head_init(&hdev->rx_q); 2137 skb_queue_head_init(&hdev->rx_q);
2011 skb_queue_head_init(&hdev->cmd_q); 2138 skb_queue_head_init(&hdev->cmd_q);
2012 skb_queue_head_init(&hdev->raw_q); 2139 skb_queue_head_init(&hdev->raw_q);
@@ -2025,8 +2152,6 @@ EXPORT_SYMBOL(hci_alloc_dev);
2025/* Free HCI device */ 2152/* Free HCI device */
2026void hci_free_dev(struct hci_dev *hdev) 2153void hci_free_dev(struct hci_dev *hdev)
2027{ 2154{
2028 skb_queue_purge(&hdev->driver_init);
2029
2030 /* will free via device release */ 2155 /* will free via device release */
2031 put_device(&hdev->dev); 2156 put_device(&hdev->dev);
2032} 2157}
@@ -2527,7 +2652,8 @@ int hci_send_cmd(struct hci_dev *hdev, __u16 opcode, __u32 plen, void *param)
2527} 2652}
2528 2653
2529/* Queue a command to an asynchronous HCI request */ 2654/* Queue a command to an asynchronous HCI request */
2530void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param) 2655void hci_req_add_ev(struct hci_request *req, u16 opcode, u32 plen, void *param,
2656 u8 event)
2531{ 2657{
2532 struct hci_dev *hdev = req->hdev; 2658 struct hci_dev *hdev = req->hdev;
2533 struct sk_buff *skb; 2659 struct sk_buff *skb;
@@ -2551,9 +2677,16 @@ void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2551 if (skb_queue_empty(&req->cmd_q)) 2677 if (skb_queue_empty(&req->cmd_q))
2552 bt_cb(skb)->req.start = true; 2678 bt_cb(skb)->req.start = true;
2553 2679
2680 bt_cb(skb)->req.event = event;
2681
2554 skb_queue_tail(&req->cmd_q, skb); 2682 skb_queue_tail(&req->cmd_q, skb);
2555} 2683}
2556 2684
2685void hci_req_add(struct hci_request *req, u16 opcode, u32 plen, void *param)
2686{
2687 hci_req_add_ev(req, opcode, plen, param, 0);
2688}
2689
2557/* Get data from the previously sent command */ 2690/* Get data from the previously sent command */
2558void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode) 2691void *hci_sent_cmd_data(struct hci_dev *hdev, __u16 opcode)
2559{ 2692{
@@ -3309,32 +3442,6 @@ call_complete:
3309 req_complete(hdev, status); 3442 req_complete(hdev, status);
3310} 3443}
3311 3444
3312void hci_req_cmd_status(struct hci_dev *hdev, u16 opcode, u8 status)
3313{
3314 hci_req_complete_t req_complete = NULL;
3315
3316 BT_DBG("opcode 0x%04x status 0x%02x", opcode, status);
3317
3318 if (status) {
3319 hci_req_cmd_complete(hdev, opcode, status);
3320 return;
3321 }
3322
3323 /* No need to handle success status if there are more commands */
3324 if (!hci_req_is_complete(hdev))
3325 return;
3326
3327 if (hdev->sent_cmd)
3328 req_complete = bt_cb(hdev->sent_cmd)->req.complete;
3329
3330 /* If the request doesn't have a complete callback or there
3331 * are other commands/requests in the hdev queue we consider
3332 * this request as completed.
3333 */
3334 if (!req_complete || !skb_queue_empty(&hdev->cmd_q))
3335 hci_req_cmd_complete(hdev, opcode, status);
3336}
3337
3338static void hci_rx_work(struct work_struct *work) 3445static void hci_rx_work(struct work_struct *work)
3339{ 3446{
3340 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work); 3447 struct hci_dev *hdev = container_of(work, struct hci_dev, rx_work);
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 138580745c2c..b93cd2eb5d58 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -48,13 +48,13 @@ static void hci_cc_inquiry_cancel(struct hci_dev *hdev, struct sk_buff *skb)
48 } 48 }
49 49
50 clear_bit(HCI_INQUIRY, &hdev->flags); 50 clear_bit(HCI_INQUIRY, &hdev->flags);
51 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
52 wake_up_bit(&hdev->flags, HCI_INQUIRY);
51 53
52 hci_dev_lock(hdev); 54 hci_dev_lock(hdev);
53 hci_discovery_set_state(hdev, DISCOVERY_STOPPED); 55 hci_discovery_set_state(hdev, DISCOVERY_STOPPED);
54 hci_dev_unlock(hdev); 56 hci_dev_unlock(hdev);
55 57
56 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
57
58 hci_conn_check_pending(hdev); 58 hci_conn_check_pending(hdev);
59} 59}
60 60
@@ -433,9 +433,9 @@ static void hci_cc_write_ssp_mode(struct hci_dev *hdev, struct sk_buff *skb)
433 433
434 if (!status) { 434 if (!status) {
435 if (sent->mode) 435 if (sent->mode)
436 hdev->host_features[0] |= LMP_HOST_SSP; 436 hdev->features[1][0] |= LMP_HOST_SSP;
437 else 437 else
438 hdev->host_features[0] &= ~LMP_HOST_SSP; 438 hdev->features[1][0] &= ~LMP_HOST_SSP;
439 } 439 }
440 440
441 if (test_bit(HCI_MGMT, &hdev->dev_flags)) 441 if (test_bit(HCI_MGMT, &hdev->dev_flags))
@@ -493,18 +493,18 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
493 /* Adjust default settings according to features 493 /* Adjust default settings according to features
494 * supported by device. */ 494 * supported by device. */
495 495
496 if (hdev->features[0] & LMP_3SLOT) 496 if (hdev->features[0][0] & LMP_3SLOT)
497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3); 497 hdev->pkt_type |= (HCI_DM3 | HCI_DH3);
498 498
499 if (hdev->features[0] & LMP_5SLOT) 499 if (hdev->features[0][0] & LMP_5SLOT)
500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5); 500 hdev->pkt_type |= (HCI_DM5 | HCI_DH5);
501 501
502 if (hdev->features[1] & LMP_HV2) { 502 if (hdev->features[0][1] & LMP_HV2) {
503 hdev->pkt_type |= (HCI_HV2); 503 hdev->pkt_type |= (HCI_HV2);
504 hdev->esco_type |= (ESCO_HV2); 504 hdev->esco_type |= (ESCO_HV2);
505 } 505 }
506 506
507 if (hdev->features[1] & LMP_HV3) { 507 if (hdev->features[0][1] & LMP_HV3) {
508 hdev->pkt_type |= (HCI_HV3); 508 hdev->pkt_type |= (HCI_HV3);
509 hdev->esco_type |= (ESCO_HV3); 509 hdev->esco_type |= (ESCO_HV3);
510 } 510 }
@@ -512,26 +512,26 @@ static void hci_cc_read_local_features(struct hci_dev *hdev,
512 if (lmp_esco_capable(hdev)) 512 if (lmp_esco_capable(hdev))
513 hdev->esco_type |= (ESCO_EV3); 513 hdev->esco_type |= (ESCO_EV3);
514 514
515 if (hdev->features[4] & LMP_EV4) 515 if (hdev->features[0][4] & LMP_EV4)
516 hdev->esco_type |= (ESCO_EV4); 516 hdev->esco_type |= (ESCO_EV4);
517 517
518 if (hdev->features[4] & LMP_EV5) 518 if (hdev->features[0][4] & LMP_EV5)
519 hdev->esco_type |= (ESCO_EV5); 519 hdev->esco_type |= (ESCO_EV5);
520 520
521 if (hdev->features[5] & LMP_EDR_ESCO_2M) 521 if (hdev->features[0][5] & LMP_EDR_ESCO_2M)
522 hdev->esco_type |= (ESCO_2EV3); 522 hdev->esco_type |= (ESCO_2EV3);
523 523
524 if (hdev->features[5] & LMP_EDR_ESCO_3M) 524 if (hdev->features[0][5] & LMP_EDR_ESCO_3M)
525 hdev->esco_type |= (ESCO_3EV3); 525 hdev->esco_type |= (ESCO_3EV3);
526 526
527 if (hdev->features[5] & LMP_EDR_3S_ESCO) 527 if (hdev->features[0][5] & LMP_EDR_3S_ESCO)
528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5); 528 hdev->esco_type |= (ESCO_2EV5 | ESCO_3EV5);
529 529
530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name, 530 BT_DBG("%s features 0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", hdev->name,
531 hdev->features[0], hdev->features[1], 531 hdev->features[0][0], hdev->features[0][1],
532 hdev->features[2], hdev->features[3], 532 hdev->features[0][2], hdev->features[0][3],
533 hdev->features[4], hdev->features[5], 533 hdev->features[0][4], hdev->features[0][5],
534 hdev->features[6], hdev->features[7]); 534 hdev->features[0][6], hdev->features[0][7]);
535} 535}
536 536
537static void hci_cc_read_local_ext_features(struct hci_dev *hdev, 537static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
@@ -544,14 +544,10 @@ static void hci_cc_read_local_ext_features(struct hci_dev *hdev,
544 if (rp->status) 544 if (rp->status)
545 return; 545 return;
546 546
547 switch (rp->page) { 547 hdev->max_page = rp->max_page;
548 case 0: 548
549 memcpy(hdev->features, rp->features, 8); 549 if (rp->page < HCI_MAX_PAGES)
550 break; 550 memcpy(hdev->features[rp->page], rp->features, 8);
551 case 1:
552 memcpy(hdev->host_features, rp->features, 8);
553 break;
554 }
555} 551}
556 552
557static void hci_cc_read_flow_control_mode(struct hci_dev *hdev, 553static void hci_cc_read_flow_control_mode(struct hci_dev *hdev,
@@ -968,7 +964,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
968 return; 964 return;
969 965
970 switch (cp->enable) { 966 switch (cp->enable) {
971 case LE_SCANNING_ENABLED: 967 case LE_SCAN_ENABLE:
972 if (status) { 968 if (status) {
973 hci_dev_lock(hdev); 969 hci_dev_lock(hdev);
974 mgmt_start_discovery_failed(hdev, status); 970 mgmt_start_discovery_failed(hdev, status);
@@ -983,7 +979,7 @@ static void hci_cc_le_set_scan_enable(struct hci_dev *hdev,
983 hci_dev_unlock(hdev); 979 hci_dev_unlock(hdev);
984 break; 980 break;
985 981
986 case LE_SCANNING_DISABLED: 982 case LE_SCAN_DISABLE:
987 if (status) { 983 if (status) {
988 hci_dev_lock(hdev); 984 hci_dev_lock(hdev);
989 mgmt_stop_discovery_failed(hdev, status); 985 mgmt_stop_discovery_failed(hdev, status);
@@ -1046,14 +1042,14 @@ static void hci_cc_write_le_host_supported(struct hci_dev *hdev,
1046 1042
1047 if (!status) { 1043 if (!status) {
1048 if (sent->le) 1044 if (sent->le)
1049 hdev->host_features[0] |= LMP_HOST_LE; 1045 hdev->features[1][0] |= LMP_HOST_LE;
1050 else 1046 else
1051 hdev->host_features[0] &= ~LMP_HOST_LE; 1047 hdev->features[1][0] &= ~LMP_HOST_LE;
1052 1048
1053 if (sent->simul) 1049 if (sent->simul)
1054 hdev->host_features[0] |= LMP_HOST_LE_BREDR; 1050 hdev->features[1][0] |= LMP_HOST_LE_BREDR;
1055 else 1051 else
1056 hdev->host_features[0] &= ~LMP_HOST_LE_BREDR; 1052 hdev->features[1][0] &= ~LMP_HOST_LE_BREDR;
1057 } 1053 }
1058 1054
1059 if (test_bit(HCI_MGMT, &hdev->dev_flags) && 1055 if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
@@ -1190,7 +1186,7 @@ static void hci_cs_auth_requested(struct hci_dev *hdev, __u8 status)
1190 if (conn) { 1186 if (conn) {
1191 if (conn->state == BT_CONFIG) { 1187 if (conn->state == BT_CONFIG) {
1192 hci_proto_connect_cfm(conn, status); 1188 hci_proto_connect_cfm(conn, status);
1193 hci_conn_put(conn); 1189 hci_conn_drop(conn);
1194 } 1190 }
1195 } 1191 }
1196 1192
@@ -1217,7 +1213,7 @@ static void hci_cs_set_conn_encrypt(struct hci_dev *hdev, __u8 status)
1217 if (conn) { 1213 if (conn) {
1218 if (conn->state == BT_CONFIG) { 1214 if (conn->state == BT_CONFIG) {
1219 hci_proto_connect_cfm(conn, status); 1215 hci_proto_connect_cfm(conn, status);
1220 hci_conn_put(conn); 1216 hci_conn_drop(conn);
1221 } 1217 }
1222 } 1218 }
1223 1219
@@ -1379,7 +1375,7 @@ static void hci_cs_read_remote_features(struct hci_dev *hdev, __u8 status)
1379 if (conn) { 1375 if (conn) {
1380 if (conn->state == BT_CONFIG) { 1376 if (conn->state == BT_CONFIG) {
1381 hci_proto_connect_cfm(conn, status); 1377 hci_proto_connect_cfm(conn, status);
1382 hci_conn_put(conn); 1378 hci_conn_drop(conn);
1383 } 1379 }
1384 } 1380 }
1385 1381
@@ -1406,7 +1402,7 @@ static void hci_cs_read_remote_ext_features(struct hci_dev *hdev, __u8 status)
1406 if (conn) { 1402 if (conn) {
1407 if (conn->state == BT_CONFIG) { 1403 if (conn->state == BT_CONFIG) {
1408 hci_proto_connect_cfm(conn, status); 1404 hci_proto_connect_cfm(conn, status);
1409 hci_conn_put(conn); 1405 hci_conn_drop(conn);
1410 } 1406 }
1411 } 1407 }
1412 1408
@@ -1600,13 +1596,14 @@ static void hci_inquiry_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1600 1596
1601 BT_DBG("%s status 0x%2.2x", hdev->name, status); 1597 BT_DBG("%s status 0x%2.2x", hdev->name, status);
1602 1598
1603 hci_req_cmd_complete(hdev, HCI_OP_INQUIRY, status);
1604
1605 hci_conn_check_pending(hdev); 1599 hci_conn_check_pending(hdev);
1606 1600
1607 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags)) 1601 if (!test_and_clear_bit(HCI_INQUIRY, &hdev->flags))
1608 return; 1602 return;
1609 1603
1604 smp_mb__after_clear_bit(); /* wake_up_bit advises about this barrier */
1605 wake_up_bit(&hdev->flags, HCI_INQUIRY);
1606
1610 if (!test_bit(HCI_MGMT, &hdev->dev_flags)) 1607 if (!test_bit(HCI_MGMT, &hdev->dev_flags))
1611 return; 1608 return;
1612 1609
@@ -1705,7 +1702,6 @@ static void hci_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1705 } else 1702 } else
1706 conn->state = BT_CONNECTED; 1703 conn->state = BT_CONNECTED;
1707 1704
1708 hci_conn_hold_device(conn);
1709 hci_conn_add_sysfs(conn); 1705 hci_conn_add_sysfs(conn);
1710 1706
1711 if (test_bit(HCI_AUTH, &hdev->flags)) 1707 if (test_bit(HCI_AUTH, &hdev->flags))
@@ -1752,42 +1748,6 @@ unlock:
1752 hci_conn_check_pending(hdev); 1748 hci_conn_check_pending(hdev);
1753} 1749}
1754 1750
1755void hci_conn_accept(struct hci_conn *conn, int mask)
1756{
1757 struct hci_dev *hdev = conn->hdev;
1758
1759 BT_DBG("conn %p", conn);
1760
1761 conn->state = BT_CONFIG;
1762
1763 if (!lmp_esco_capable(hdev)) {
1764 struct hci_cp_accept_conn_req cp;
1765
1766 bacpy(&cp.bdaddr, &conn->dst);
1767
1768 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
1769 cp.role = 0x00; /* Become master */
1770 else
1771 cp.role = 0x01; /* Remain slave */
1772
1773 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
1774 } else /* lmp_esco_capable(hdev)) */ {
1775 struct hci_cp_accept_sync_conn_req cp;
1776
1777 bacpy(&cp.bdaddr, &conn->dst);
1778 cp.pkt_type = cpu_to_le16(conn->pkt_type);
1779
1780 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1781 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
1782 cp.max_latency = __constant_cpu_to_le16(0xffff);
1783 cp.content_format = cpu_to_le16(hdev->voice_setting);
1784 cp.retrans_effort = 0xff;
1785
1786 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
1787 sizeof(cp), &cp);
1788 }
1789}
1790
1791static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb) 1751static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1792{ 1752{
1793 struct hci_ev_conn_request *ev = (void *) skb->data; 1753 struct hci_ev_conn_request *ev = (void *) skb->data;
@@ -1859,7 +1819,6 @@ static void hci_conn_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
1859 } else { 1819 } else {
1860 conn->state = BT_CONNECT2; 1820 conn->state = BT_CONNECT2;
1861 hci_proto_connect_cfm(conn, 0); 1821 hci_proto_connect_cfm(conn, 0);
1862 hci_conn_put(conn);
1863 } 1822 }
1864 } else { 1823 } else {
1865 /* Connection rejected */ 1824 /* Connection rejected */
@@ -1966,14 +1925,14 @@ static void hci_auth_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
1966 } else { 1925 } else {
1967 conn->state = BT_CONNECTED; 1926 conn->state = BT_CONNECTED;
1968 hci_proto_connect_cfm(conn, ev->status); 1927 hci_proto_connect_cfm(conn, ev->status);
1969 hci_conn_put(conn); 1928 hci_conn_drop(conn);
1970 } 1929 }
1971 } else { 1930 } else {
1972 hci_auth_cfm(conn, ev->status); 1931 hci_auth_cfm(conn, ev->status);
1973 1932
1974 hci_conn_hold(conn); 1933 hci_conn_hold(conn);
1975 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 1934 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
1976 hci_conn_put(conn); 1935 hci_conn_drop(conn);
1977 } 1936 }
1978 1937
1979 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) { 1938 if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) {
@@ -2057,7 +2016,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2057 2016
2058 if (ev->status && conn->state == BT_CONNECTED) { 2017 if (ev->status && conn->state == BT_CONNECTED) {
2059 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 2018 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
2060 hci_conn_put(conn); 2019 hci_conn_drop(conn);
2061 goto unlock; 2020 goto unlock;
2062 } 2021 }
2063 2022
@@ -2066,7 +2025,7 @@ static void hci_encrypt_change_evt(struct hci_dev *hdev, struct sk_buff *skb)
2066 conn->state = BT_CONNECTED; 2025 conn->state = BT_CONNECTED;
2067 2026
2068 hci_proto_connect_cfm(conn, ev->status); 2027 hci_proto_connect_cfm(conn, ev->status);
2069 hci_conn_put(conn); 2028 hci_conn_drop(conn);
2070 } else 2029 } else
2071 hci_encrypt_cfm(conn, ev->status, ev->encrypt); 2030 hci_encrypt_cfm(conn, ev->status, ev->encrypt);
2072 } 2031 }
@@ -2113,7 +2072,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2113 goto unlock; 2072 goto unlock;
2114 2073
2115 if (!ev->status) 2074 if (!ev->status)
2116 memcpy(conn->features, ev->features, 8); 2075 memcpy(conn->features[0], ev->features, 8);
2117 2076
2118 if (conn->state != BT_CONFIG) 2077 if (conn->state != BT_CONFIG)
2119 goto unlock; 2078 goto unlock;
@@ -2141,7 +2100,7 @@ static void hci_remote_features_evt(struct hci_dev *hdev,
2141 if (!hci_outgoing_auth_needed(hdev, conn)) { 2100 if (!hci_outgoing_auth_needed(hdev, conn)) {
2142 conn->state = BT_CONNECTED; 2101 conn->state = BT_CONNECTED;
2143 hci_proto_connect_cfm(conn, ev->status); 2102 hci_proto_connect_cfm(conn, ev->status);
2144 hci_conn_put(conn); 2103 hci_conn_drop(conn);
2145 } 2104 }
2146 2105
2147unlock: 2106unlock:
@@ -2462,7 +2421,9 @@ static void hci_cmd_status_evt(struct hci_dev *hdev, struct sk_buff *skb)
2462 if (opcode != HCI_OP_NOP) 2421 if (opcode != HCI_OP_NOP)
2463 del_timer(&hdev->cmd_timer); 2422 del_timer(&hdev->cmd_timer);
2464 2423
2465 hci_req_cmd_status(hdev, opcode, ev->status); 2424 if (ev->status ||
2425 (hdev->sent_cmd && !bt_cb(hdev->sent_cmd)->req.event))
2426 hci_req_cmd_complete(hdev, opcode, ev->status);
2466 2427
2467 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { 2428 if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) {
2468 atomic_set(&hdev->cmd_cnt, 1); 2429 atomic_set(&hdev->cmd_cnt, 1);
@@ -2679,7 +2640,7 @@ static void hci_pin_code_request_evt(struct hci_dev *hdev, struct sk_buff *skb)
2679 if (conn->state == BT_CONNECTED) { 2640 if (conn->state == BT_CONNECTED) {
2680 hci_conn_hold(conn); 2641 hci_conn_hold(conn);
2681 conn->disc_timeout = HCI_PAIRING_TIMEOUT; 2642 conn->disc_timeout = HCI_PAIRING_TIMEOUT;
2682 hci_conn_put(conn); 2643 hci_conn_drop(conn);
2683 } 2644 }
2684 2645
2685 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags)) 2646 if (!test_bit(HCI_PAIRABLE, &hdev->dev_flags))
@@ -2782,7 +2743,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb)
2782 if (ev->key_type != HCI_LK_CHANGED_COMBINATION) 2743 if (ev->key_type != HCI_LK_CHANGED_COMBINATION)
2783 conn->key_type = ev->key_type; 2744 conn->key_type = ev->key_type;
2784 2745
2785 hci_conn_put(conn); 2746 hci_conn_drop(conn);
2786 } 2747 }
2787 2748
2788 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags)) 2749 if (test_bit(HCI_LINK_KEYS, &hdev->dev_flags))
@@ -2923,6 +2884,9 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2923 if (!conn) 2884 if (!conn)
2924 goto unlock; 2885 goto unlock;
2925 2886
2887 if (ev->page < HCI_MAX_PAGES)
2888 memcpy(conn->features[ev->page], ev->features, 8);
2889
2926 if (!ev->status && ev->page == 0x01) { 2890 if (!ev->status && ev->page == 0x01) {
2927 struct inquiry_entry *ie; 2891 struct inquiry_entry *ie;
2928 2892
@@ -2930,8 +2894,19 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2930 if (ie) 2894 if (ie)
2931 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 2895 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
2932 2896
2933 if (ev->features[0] & LMP_HOST_SSP) 2897 if (ev->features[0] & LMP_HOST_SSP) {
2934 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags); 2898 set_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2899 } else {
2900 /* It is mandatory by the Bluetooth specification that
2901 * Extended Inquiry Results are only used when Secure
2902 * Simple Pairing is enabled, but some devices violate
2903 * this.
2904 *
2905 * To make these devices work, the internal SSP
2906 * enabled flag needs to be cleared if the remote host
2907 * features do not indicate SSP support */
2908 clear_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
2909 }
2935 } 2910 }
2936 2911
2937 if (conn->state != BT_CONFIG) 2912 if (conn->state != BT_CONFIG)
@@ -2951,7 +2926,7 @@ static void hci_remote_ext_features_evt(struct hci_dev *hdev,
2951 if (!hci_outgoing_auth_needed(hdev, conn)) { 2926 if (!hci_outgoing_auth_needed(hdev, conn)) {
2952 conn->state = BT_CONNECTED; 2927 conn->state = BT_CONNECTED;
2953 hci_proto_connect_cfm(conn, ev->status); 2928 hci_proto_connect_cfm(conn, ev->status);
2954 hci_conn_put(conn); 2929 hci_conn_drop(conn);
2955 } 2930 }
2956 2931
2957unlock: 2932unlock:
@@ -2985,7 +2960,6 @@ static void hci_sync_conn_complete_evt(struct hci_dev *hdev,
2985 conn->handle = __le16_to_cpu(ev->handle); 2960 conn->handle = __le16_to_cpu(ev->handle);
2986 conn->state = BT_CONNECTED; 2961 conn->state = BT_CONNECTED;
2987 2962
2988 hci_conn_hold_device(conn);
2989 hci_conn_add_sysfs(conn); 2963 hci_conn_add_sysfs(conn);
2990 break; 2964 break;
2991 2965
@@ -3084,7 +3058,7 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3084 3058
3085 if (ev->status && conn->state == BT_CONNECTED) { 3059 if (ev->status && conn->state == BT_CONNECTED) {
3086 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); 3060 hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE);
3087 hci_conn_put(conn); 3061 hci_conn_drop(conn);
3088 goto unlock; 3062 goto unlock;
3089 } 3063 }
3090 3064
@@ -3093,13 +3067,13 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3093 conn->state = BT_CONNECTED; 3067 conn->state = BT_CONNECTED;
3094 3068
3095 hci_proto_connect_cfm(conn, ev->status); 3069 hci_proto_connect_cfm(conn, ev->status);
3096 hci_conn_put(conn); 3070 hci_conn_drop(conn);
3097 } else { 3071 } else {
3098 hci_auth_cfm(conn, ev->status); 3072 hci_auth_cfm(conn, ev->status);
3099 3073
3100 hci_conn_hold(conn); 3074 hci_conn_hold(conn);
3101 conn->disc_timeout = HCI_DISCONN_TIMEOUT; 3075 conn->disc_timeout = HCI_DISCONN_TIMEOUT;
3102 hci_conn_put(conn); 3076 hci_conn_drop(conn);
3103 } 3077 }
3104 3078
3105unlock: 3079unlock:
@@ -3360,7 +3334,7 @@ static void hci_simple_pair_complete_evt(struct hci_dev *hdev,
3360 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type, 3334 mgmt_auth_failed(hdev, &conn->dst, conn->type, conn->dst_type,
3361 ev->status); 3335 ev->status);
3362 3336
3363 hci_conn_put(conn); 3337 hci_conn_drop(conn);
3364 3338
3365unlock: 3339unlock:
3366 hci_dev_unlock(hdev); 3340 hci_dev_unlock(hdev);
@@ -3371,11 +3345,16 @@ static void hci_remote_host_features_evt(struct hci_dev *hdev,
3371{ 3345{
3372 struct hci_ev_remote_host_features *ev = (void *) skb->data; 3346 struct hci_ev_remote_host_features *ev = (void *) skb->data;
3373 struct inquiry_entry *ie; 3347 struct inquiry_entry *ie;
3348 struct hci_conn *conn;
3374 3349
3375 BT_DBG("%s", hdev->name); 3350 BT_DBG("%s", hdev->name);
3376 3351
3377 hci_dev_lock(hdev); 3352 hci_dev_lock(hdev);
3378 3353
3354 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, &ev->bdaddr);
3355 if (conn)
3356 memcpy(conn->features[1], ev->features, 8);
3357
3379 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr); 3358 ie = hci_inquiry_cache_lookup(hdev, &ev->bdaddr);
3380 if (ie) 3359 if (ie)
3381 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP); 3360 ie->data.ssp_mode = (ev->features[0] & LMP_HOST_SSP);
@@ -3448,9 +3427,8 @@ static void hci_phy_link_complete_evt(struct hci_dev *hdev,
3448 3427
3449 hci_conn_hold(hcon); 3428 hci_conn_hold(hcon);
3450 hcon->disc_timeout = HCI_DISCONN_TIMEOUT; 3429 hcon->disc_timeout = HCI_DISCONN_TIMEOUT;
3451 hci_conn_put(hcon); 3430 hci_conn_drop(hcon);
3452 3431
3453 hci_conn_hold_device(hcon);
3454 hci_conn_add_sysfs(hcon); 3432 hci_conn_add_sysfs(hcon);
3455 3433
3456 amp_physical_cfm(bredr_hcon, hcon); 3434 amp_physical_cfm(bredr_hcon, hcon);
@@ -3584,7 +3562,6 @@ static void hci_le_conn_complete_evt(struct hci_dev *hdev, struct sk_buff *skb)
3584 conn->handle = __le16_to_cpu(ev->handle); 3562 conn->handle = __le16_to_cpu(ev->handle);
3585 conn->state = BT_CONNECTED; 3563 conn->state = BT_CONNECTED;
3586 3564
3587 hci_conn_hold_device(conn);
3588 hci_conn_add_sysfs(conn); 3565 hci_conn_add_sysfs(conn);
3589 3566
3590 hci_proto_connect_cfm(conn, ev->status); 3567 hci_proto_connect_cfm(conn, ev->status);
@@ -3698,8 +3675,27 @@ void hci_event_packet(struct hci_dev *hdev, struct sk_buff *skb)
3698 struct hci_event_hdr *hdr = (void *) skb->data; 3675 struct hci_event_hdr *hdr = (void *) skb->data;
3699 __u8 event = hdr->evt; 3676 __u8 event = hdr->evt;
3700 3677
3678 hci_dev_lock(hdev);
3679
3680 /* Received events are (currently) only needed when a request is
3681 * ongoing so avoid unnecessary memory allocation.
3682 */
3683 if (hdev->req_status == HCI_REQ_PEND) {
3684 kfree_skb(hdev->recv_evt);
3685 hdev->recv_evt = skb_clone(skb, GFP_KERNEL);
3686 }
3687
3688 hci_dev_unlock(hdev);
3689
3701 skb_pull(skb, HCI_EVENT_HDR_SIZE); 3690 skb_pull(skb, HCI_EVENT_HDR_SIZE);
3702 3691
3692 if (hdev->sent_cmd && bt_cb(hdev->sent_cmd)->req.event == event) {
3693 struct hci_command_hdr *hdr = (void *) hdev->sent_cmd->data;
3694 u16 opcode = __le16_to_cpu(hdr->opcode);
3695
3696 hci_req_cmd_complete(hdev, opcode, 0);
3697 }
3698
3703 switch (event) { 3699 switch (event) {
3704 case HCI_EV_INQUIRY_COMPLETE: 3700 case HCI_EV_INQUIRY_COMPLETE:
3705 hci_inquiry_complete_evt(hdev, skb); 3701 hci_inquiry_complete_evt(hdev, skb);
diff --git a/net/bluetooth/hci_sysfs.c b/net/bluetooth/hci_sysfs.c
index ff38561385de..7ad6ecf36f20 100644
--- a/net/bluetooth/hci_sysfs.c
+++ b/net/bluetooth/hci_sysfs.c
@@ -48,10 +48,10 @@ static ssize_t show_link_features(struct device *dev,
48 struct hci_conn *conn = to_hci_conn(dev); 48 struct hci_conn *conn = to_hci_conn(dev);
49 49
50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 50 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
51 conn->features[0], conn->features[1], 51 conn->features[0][0], conn->features[0][1],
52 conn->features[2], conn->features[3], 52 conn->features[0][2], conn->features[0][3],
53 conn->features[4], conn->features[5], 53 conn->features[0][4], conn->features[0][5],
54 conn->features[6], conn->features[7]); 54 conn->features[0][6], conn->features[0][7]);
55} 55}
56 56
57#define LINK_ATTR(_name, _mode, _show, _store) \ 57#define LINK_ATTR(_name, _mode, _show, _store) \
@@ -146,7 +146,6 @@ void hci_conn_del_sysfs(struct hci_conn *conn)
146 } 146 }
147 147
148 device_del(&conn->dev); 148 device_del(&conn->dev);
149 put_device(&conn->dev);
150 149
151 hci_dev_put(hdev); 150 hci_dev_put(hdev);
152} 151}
@@ -234,10 +233,10 @@ static ssize_t show_features(struct device *dev,
234 struct hci_dev *hdev = to_hci_dev(dev); 233 struct hci_dev *hdev = to_hci_dev(dev);
235 234
236 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n", 235 return sprintf(buf, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
237 hdev->features[0], hdev->features[1], 236 hdev->features[0][0], hdev->features[0][1],
238 hdev->features[2], hdev->features[3], 237 hdev->features[0][2], hdev->features[0][3],
239 hdev->features[4], hdev->features[5], 238 hdev->features[0][4], hdev->features[0][5],
240 hdev->features[6], hdev->features[7]); 239 hdev->features[0][6], hdev->features[0][7]);
241} 240}
242 241
243static ssize_t show_manufacturer(struct device *dev, 242static ssize_t show_manufacturer(struct device *dev,
diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c
index 2342327f3335..940f5acb6694 100644
--- a/net/bluetooth/hidp/core.c
+++ b/net/bluetooth/hidp/core.c
@@ -1,6 +1,7 @@
1/* 1/*
2 HIDP implementation for Linux Bluetooth stack (BlueZ). 2 HIDP implementation for Linux Bluetooth stack (BlueZ).
3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org> 3 Copyright (C) 2003-2004 Marcel Holtmann <marcel@holtmann.org>
4 Copyright (C) 2013 David Herrmann <dh.herrmann@gmail.com>
4 5
5 This program is free software; you can redistribute it and/or modify 6 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License version 2 as 7 it under the terms of the GNU General Public License version 2 as
@@ -20,6 +21,7 @@
20 SOFTWARE IS DISCLAIMED. 21 SOFTWARE IS DISCLAIMED.
21*/ 22*/
22 23
24#include <linux/kref.h>
23#include <linux/module.h> 25#include <linux/module.h>
24#include <linux/file.h> 26#include <linux/file.h>
25#include <linux/kthread.h> 27#include <linux/kthread.h>
@@ -59,39 +61,20 @@ static unsigned char hidp_keycode[256] = {
59 61
60static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }; 62static unsigned char hidp_mkeyspat[] = { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 };
61 63
62static struct hidp_session *__hidp_get_session(bdaddr_t *bdaddr) 64static int hidp_session_probe(struct l2cap_conn *conn,
63{ 65 struct l2cap_user *user);
64 struct hidp_session *session; 66static void hidp_session_remove(struct l2cap_conn *conn,
65 67 struct l2cap_user *user);
66 BT_DBG(""); 68static int hidp_session_thread(void *arg);
69static void hidp_session_terminate(struct hidp_session *s);
67 70
68 list_for_each_entry(session, &hidp_session_list, list) { 71static void hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
69 if (!bacmp(bdaddr, &session->bdaddr))
70 return session;
71 }
72
73 return NULL;
74}
75
76static void __hidp_link_session(struct hidp_session *session)
77{
78 list_add(&session->list, &hidp_session_list);
79}
80
81static void __hidp_unlink_session(struct hidp_session *session)
82{
83 hci_conn_put_device(session->conn);
84
85 list_del(&session->list);
86}
87
88static void __hidp_copy_session(struct hidp_session *session, struct hidp_conninfo *ci)
89{ 72{
90 memset(ci, 0, sizeof(*ci)); 73 memset(ci, 0, sizeof(*ci));
91 bacpy(&ci->bdaddr, &session->bdaddr); 74 bacpy(&ci->bdaddr, &session->bdaddr);
92 75
93 ci->flags = session->flags; 76 ci->flags = session->flags;
94 ci->state = session->state; 77 ci->state = BT_CONNECTED;
95 78
96 ci->vendor = 0x0000; 79 ci->vendor = 0x0000;
97 ci->product = 0x0000; 80 ci->product = 0x0000;
@@ -115,58 +98,80 @@ static void __hidp_copy_session(struct hidp_session *session, struct hidp_connin
115 } 98 }
116} 99}
117 100
118static int hidp_queue_event(struct hidp_session *session, struct input_dev *dev, 101/* assemble skb, queue message on @transmit and wake up the session thread */
119 unsigned int type, unsigned int code, int value) 102static int hidp_send_message(struct hidp_session *session, struct socket *sock,
103 struct sk_buff_head *transmit, unsigned char hdr,
104 const unsigned char *data, int size)
120{ 105{
121 unsigned char newleds;
122 struct sk_buff *skb; 106 struct sk_buff *skb;
107 struct sock *sk = sock->sk;
123 108
124 BT_DBG("session %p type %d code %d value %d", session, type, code, value); 109 BT_DBG("session %p data %p size %d", session, data, size);
125
126 if (type != EV_LED)
127 return -1;
128
129 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
130 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
131 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
132 (!!test_bit(LED_CAPSL, dev->led) << 1) |
133 (!!test_bit(LED_NUML, dev->led));
134
135 if (session->leds == newleds)
136 return 0;
137 110
138 session->leds = newleds; 111 if (atomic_read(&session->terminate))
112 return -EIO;
139 113
140 skb = alloc_skb(3, GFP_ATOMIC); 114 skb = alloc_skb(size + 1, GFP_ATOMIC);
141 if (!skb) { 115 if (!skb) {
142 BT_ERR("Can't allocate memory for new frame"); 116 BT_ERR("Can't allocate memory for new frame");
143 return -ENOMEM; 117 return -ENOMEM;
144 } 118 }
145 119
146 *skb_put(skb, 1) = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT; 120 *skb_put(skb, 1) = hdr;
147 *skb_put(skb, 1) = 0x01; 121 if (data && size > 0)
148 *skb_put(skb, 1) = newleds; 122 memcpy(skb_put(skb, size), data, size);
149
150 skb_queue_tail(&session->intr_transmit, skb);
151 123
152 hidp_schedule(session); 124 skb_queue_tail(transmit, skb);
125 wake_up_interruptible(sk_sleep(sk));
153 126
154 return 0; 127 return 0;
155} 128}
156 129
157static int hidp_hidinput_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 130static int hidp_send_ctrl_message(struct hidp_session *session,
131 unsigned char hdr, const unsigned char *data,
132 int size)
158{ 133{
159 struct hid_device *hid = input_get_drvdata(dev); 134 return hidp_send_message(session, session->ctrl_sock,
160 struct hidp_session *session = hid->driver_data; 135 &session->ctrl_transmit, hdr, data, size);
136}
161 137
162 return hidp_queue_event(session, dev, type, code, value); 138static int hidp_send_intr_message(struct hidp_session *session,
139 unsigned char hdr, const unsigned char *data,
140 int size)
141{
142 return hidp_send_message(session, session->intr_sock,
143 &session->intr_transmit, hdr, data, size);
163} 144}
164 145
165static int hidp_input_event(struct input_dev *dev, unsigned int type, unsigned int code, int value) 146static int hidp_input_event(struct input_dev *dev, unsigned int type,
147 unsigned int code, int value)
166{ 148{
167 struct hidp_session *session = input_get_drvdata(dev); 149 struct hidp_session *session = input_get_drvdata(dev);
150 unsigned char newleds;
151 unsigned char hdr, data[2];
152
153 BT_DBG("session %p type %d code %d value %d",
154 session, type, code, value);
155
156 if (type != EV_LED)
157 return -1;
158
159 newleds = (!!test_bit(LED_KANA, dev->led) << 3) |
160 (!!test_bit(LED_COMPOSE, dev->led) << 3) |
161 (!!test_bit(LED_SCROLLL, dev->led) << 2) |
162 (!!test_bit(LED_CAPSL, dev->led) << 1) |
163 (!!test_bit(LED_NUML, dev->led));
168 164
169 return hidp_queue_event(session, dev, type, code, value); 165 if (session->leds == newleds)
166 return 0;
167
168 session->leds = newleds;
169
170 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
171 data[0] = 0x01;
172 data[1] = newleds;
173
174 return hidp_send_intr_message(session, hdr, data, 2);
170} 175}
171 176
172static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb) 177static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
@@ -224,71 +229,9 @@ static void hidp_input_report(struct hidp_session *session, struct sk_buff *skb)
224 input_sync(dev); 229 input_sync(dev);
225} 230}
226 231
227static int __hidp_send_ctrl_message(struct hidp_session *session,
228 unsigned char hdr, unsigned char *data,
229 int size)
230{
231 struct sk_buff *skb;
232
233 BT_DBG("session %p data %p size %d", session, data, size);
234
235 if (atomic_read(&session->terminate))
236 return -EIO;
237
238 skb = alloc_skb(size + 1, GFP_ATOMIC);
239 if (!skb) {
240 BT_ERR("Can't allocate memory for new frame");
241 return -ENOMEM;
242 }
243
244 *skb_put(skb, 1) = hdr;
245 if (data && size > 0)
246 memcpy(skb_put(skb, size), data, size);
247
248 skb_queue_tail(&session->ctrl_transmit, skb);
249
250 return 0;
251}
252
253static int hidp_send_ctrl_message(struct hidp_session *session,
254 unsigned char hdr, unsigned char *data, int size)
255{
256 int err;
257
258 err = __hidp_send_ctrl_message(session, hdr, data, size);
259
260 hidp_schedule(session);
261
262 return err;
263}
264
265static int hidp_queue_report(struct hidp_session *session,
266 unsigned char *data, int size)
267{
268 struct sk_buff *skb;
269
270 BT_DBG("session %p hid %p data %p size %d", session, session->hid, data, size);
271
272 skb = alloc_skb(size + 1, GFP_ATOMIC);
273 if (!skb) {
274 BT_ERR("Can't allocate memory for new frame");
275 return -ENOMEM;
276 }
277
278 *skb_put(skb, 1) = 0xa2;
279 if (size > 0)
280 memcpy(skb_put(skb, size), data, size);
281
282 skb_queue_tail(&session->intr_transmit, skb);
283
284 hidp_schedule(session);
285
286 return 0;
287}
288
289static int hidp_send_report(struct hidp_session *session, struct hid_report *report) 232static int hidp_send_report(struct hidp_session *session, struct hid_report *report)
290{ 233{
291 unsigned char buf[32]; 234 unsigned char buf[32], hdr;
292 int rsize; 235 int rsize;
293 236
294 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0); 237 rsize = ((report->size - 1) >> 3) + 1 + (report->id > 0);
@@ -296,8 +239,9 @@ static int hidp_send_report(struct hidp_session *session, struct hid_report *rep
296 return -EIO; 239 return -EIO;
297 240
298 hid_output_report(report, buf); 241 hid_output_report(report, buf);
242 hdr = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
299 243
300 return hidp_queue_report(session, buf, rsize); 244 return hidp_send_intr_message(session, hdr, buf, rsize);
301} 245}
302 246
303static int hidp_get_raw_report(struct hid_device *hid, 247static int hidp_get_raw_report(struct hid_device *hid,
@@ -336,17 +280,19 @@ static int hidp_get_raw_report(struct hid_device *hid,
336 session->waiting_report_number = numbered_reports ? report_number : -1; 280 session->waiting_report_number = numbered_reports ? report_number : -1;
337 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags); 281 set_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
338 data[0] = report_number; 282 data[0] = report_number;
339 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 1); 283 ret = hidp_send_ctrl_message(session, report_type, data, 1);
340 if (ret) 284 if (ret)
341 goto err; 285 goto err;
342 286
343 /* Wait for the return of the report. The returned report 287 /* Wait for the return of the report. The returned report
344 gets put in session->report_return. */ 288 gets put in session->report_return. */
345 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)) { 289 while (test_bit(HIDP_WAITING_FOR_RETURN, &session->flags) &&
290 !atomic_read(&session->terminate)) {
346 int res; 291 int res;
347 292
348 res = wait_event_interruptible_timeout(session->report_queue, 293 res = wait_event_interruptible_timeout(session->report_queue,
349 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags), 294 !test_bit(HIDP_WAITING_FOR_RETURN, &session->flags)
295 || atomic_read(&session->terminate),
350 5*HZ); 296 5*HZ);
351 if (res == 0) { 297 if (res == 0) {
352 /* timeout */ 298 /* timeout */
@@ -389,14 +335,11 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s
389 struct hidp_session *session = hid->driver_data; 335 struct hidp_session *session = hid->driver_data;
390 int ret; 336 int ret;
391 337
392 switch (report_type) { 338 if (report_type == HID_OUTPUT_REPORT) {
393 case HID_FEATURE_REPORT: 339 report_type = HIDP_TRANS_DATA | HIDP_DATA_RTYPE_OUPUT;
394 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE; 340 return hidp_send_intr_message(session, report_type,
395 break; 341 data, count);
396 case HID_OUTPUT_REPORT: 342 } else if (report_type != HID_FEATURE_REPORT) {
397 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_OUPUT;
398 break;
399 default:
400 return -EINVAL; 343 return -EINVAL;
401 } 344 }
402 345
@@ -405,17 +348,19 @@ static int hidp_output_raw_report(struct hid_device *hid, unsigned char *data, s
405 348
406 /* Set up our wait, and send the report request to the device. */ 349 /* Set up our wait, and send the report request to the device. */
407 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags); 350 set_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
408 ret = hidp_send_ctrl_message(hid->driver_data, report_type, data, 351 report_type = HIDP_TRANS_SET_REPORT | HIDP_DATA_RTYPE_FEATURE;
409 count); 352 ret = hidp_send_ctrl_message(session, report_type, data, count);
410 if (ret) 353 if (ret)
411 goto err; 354 goto err;
412 355
413 /* Wait for the ACK from the device. */ 356 /* Wait for the ACK from the device. */
414 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)) { 357 while (test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags) &&
358 !atomic_read(&session->terminate)) {
415 int res; 359 int res;
416 360
417 res = wait_event_interruptible_timeout(session->report_queue, 361 res = wait_event_interruptible_timeout(session->report_queue,
418 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags), 362 !test_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags)
363 || atomic_read(&session->terminate),
419 10*HZ); 364 10*HZ);
420 if (res == 0) { 365 if (res == 0) {
421 /* timeout */ 366 /* timeout */
@@ -446,8 +391,7 @@ static void hidp_idle_timeout(unsigned long arg)
446{ 391{
447 struct hidp_session *session = (struct hidp_session *) arg; 392 struct hidp_session *session = (struct hidp_session *) arg;
448 393
449 atomic_inc(&session->terminate); 394 hidp_session_terminate(session);
450 wake_up_process(session->task);
451} 395}
452 396
453static void hidp_set_timer(struct hidp_session *session) 397static void hidp_set_timer(struct hidp_session *session)
@@ -490,12 +434,12 @@ static void hidp_process_handshake(struct hidp_session *session,
490 case HIDP_HSHK_ERR_FATAL: 434 case HIDP_HSHK_ERR_FATAL:
491 /* Device requests a reboot, as this is the only way this error 435 /* Device requests a reboot, as this is the only way this error
492 * can be recovered. */ 436 * can be recovered. */
493 __hidp_send_ctrl_message(session, 437 hidp_send_ctrl_message(session,
494 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0); 438 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_SOFT_RESET, NULL, 0);
495 break; 439 break;
496 440
497 default: 441 default:
498 __hidp_send_ctrl_message(session, 442 hidp_send_ctrl_message(session,
499 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 443 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
500 break; 444 break;
501 } 445 }
@@ -515,8 +459,7 @@ static void hidp_process_hid_control(struct hidp_session *session,
515 skb_queue_purge(&session->ctrl_transmit); 459 skb_queue_purge(&session->ctrl_transmit);
516 skb_queue_purge(&session->intr_transmit); 460 skb_queue_purge(&session->intr_transmit);
517 461
518 atomic_inc(&session->terminate); 462 hidp_session_terminate(session);
519 wake_up_process(current);
520 } 463 }
521} 464}
522 465
@@ -544,7 +487,7 @@ static int hidp_process_data(struct hidp_session *session, struct sk_buff *skb,
544 break; 487 break;
545 488
546 default: 489 default:
547 __hidp_send_ctrl_message(session, 490 hidp_send_ctrl_message(session,
548 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0); 491 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_INVALID_PARAMETER, NULL, 0);
549 } 492 }
550 493
@@ -591,7 +534,7 @@ static void hidp_recv_ctrl_frame(struct hidp_session *session,
591 break; 534 break;
592 535
593 default: 536 default:
594 __hidp_send_ctrl_message(session, 537 hidp_send_ctrl_message(session,
595 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0); 538 HIDP_TRANS_HANDSHAKE | HIDP_HSHK_ERR_UNSUPPORTED_REQUEST, NULL, 0);
596 break; 539 break;
597 } 540 }
@@ -642,32 +585,24 @@ static int hidp_send_frame(struct socket *sock, unsigned char *data, int len)
642 return kernel_sendmsg(sock, &msg, &iv, 1, len); 585 return kernel_sendmsg(sock, &msg, &iv, 1, len);
643} 586}
644 587
645static void hidp_process_intr_transmit(struct hidp_session *session) 588/* dequeue message from @transmit and send via @sock */
589static void hidp_process_transmit(struct hidp_session *session,
590 struct sk_buff_head *transmit,
591 struct socket *sock)
646{ 592{
647 struct sk_buff *skb; 593 struct sk_buff *skb;
594 int ret;
648 595
649 BT_DBG("session %p", session); 596 BT_DBG("session %p", session);
650 597
651 while ((skb = skb_dequeue(&session->intr_transmit))) { 598 while ((skb = skb_dequeue(transmit))) {
652 if (hidp_send_frame(session->intr_sock, skb->data, skb->len) < 0) { 599 ret = hidp_send_frame(sock, skb->data, skb->len);
653 skb_queue_head(&session->intr_transmit, skb); 600 if (ret == -EAGAIN) {
601 skb_queue_head(transmit, skb);
654 break; 602 break;
655 } 603 } else if (ret < 0) {
656 604 hidp_session_terminate(session);
657 hidp_set_timer(session); 605 kfree_skb(skb);
658 kfree_skb(skb);
659 }
660}
661
662static void hidp_process_ctrl_transmit(struct hidp_session *session)
663{
664 struct sk_buff *skb;
665
666 BT_DBG("session %p", session);
667
668 while ((skb = skb_dequeue(&session->ctrl_transmit))) {
669 if (hidp_send_frame(session->ctrl_sock, skb->data, skb->len) < 0) {
670 skb_queue_head(&session->ctrl_transmit, skb);
671 break; 606 break;
672 } 607 }
673 608
@@ -676,122 +611,6 @@ static void hidp_process_ctrl_transmit(struct hidp_session *session)
676 } 611 }
677} 612}
678 613
679static int hidp_session(void *arg)
680{
681 struct hidp_session *session = arg;
682 struct sock *ctrl_sk = session->ctrl_sock->sk;
683 struct sock *intr_sk = session->intr_sock->sk;
684 struct sk_buff *skb;
685 wait_queue_t ctrl_wait, intr_wait;
686
687 BT_DBG("session %p", session);
688
689 __module_get(THIS_MODULE);
690 set_user_nice(current, -15);
691
692 init_waitqueue_entry(&ctrl_wait, current);
693 init_waitqueue_entry(&intr_wait, current);
694 add_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
695 add_wait_queue(sk_sleep(intr_sk), &intr_wait);
696 session->waiting_for_startup = 0;
697 wake_up_interruptible(&session->startup_queue);
698 set_current_state(TASK_INTERRUPTIBLE);
699 while (!atomic_read(&session->terminate)) {
700 if (ctrl_sk->sk_state != BT_CONNECTED ||
701 intr_sk->sk_state != BT_CONNECTED)
702 break;
703
704 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
705 skb_orphan(skb);
706 if (!skb_linearize(skb))
707 hidp_recv_intr_frame(session, skb);
708 else
709 kfree_skb(skb);
710 }
711
712 hidp_process_intr_transmit(session);
713
714 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
715 skb_orphan(skb);
716 if (!skb_linearize(skb))
717 hidp_recv_ctrl_frame(session, skb);
718 else
719 kfree_skb(skb);
720 }
721
722 hidp_process_ctrl_transmit(session);
723
724 schedule();
725 set_current_state(TASK_INTERRUPTIBLE);
726 }
727 set_current_state(TASK_RUNNING);
728 atomic_inc(&session->terminate);
729 remove_wait_queue(sk_sleep(intr_sk), &intr_wait);
730 remove_wait_queue(sk_sleep(ctrl_sk), &ctrl_wait);
731
732 clear_bit(HIDP_WAITING_FOR_SEND_ACK, &session->flags);
733 clear_bit(HIDP_WAITING_FOR_RETURN, &session->flags);
734 wake_up_interruptible(&session->report_queue);
735
736 down_write(&hidp_session_sem);
737
738 hidp_del_timer(session);
739
740 if (session->input) {
741 input_unregister_device(session->input);
742 session->input = NULL;
743 }
744
745 if (session->hid) {
746 hid_destroy_device(session->hid);
747 session->hid = NULL;
748 }
749
750 /* Wakeup user-space polling for socket errors */
751 session->intr_sock->sk->sk_err = EUNATCH;
752 session->ctrl_sock->sk->sk_err = EUNATCH;
753
754 hidp_schedule(session);
755
756 fput(session->intr_sock->file);
757
758 wait_event_timeout(*(sk_sleep(ctrl_sk)),
759 (ctrl_sk->sk_state == BT_CLOSED), msecs_to_jiffies(500));
760
761 fput(session->ctrl_sock->file);
762
763 __hidp_unlink_session(session);
764
765 up_write(&hidp_session_sem);
766
767 kfree(session->rd_data);
768 kfree(session);
769 module_put_and_exit(0);
770 return 0;
771}
772
773static struct hci_conn *hidp_get_connection(struct hidp_session *session)
774{
775 bdaddr_t *src = &bt_sk(session->ctrl_sock->sk)->src;
776 bdaddr_t *dst = &bt_sk(session->ctrl_sock->sk)->dst;
777 struct hci_conn *conn;
778 struct hci_dev *hdev;
779
780 hdev = hci_get_route(dst, src);
781 if (!hdev)
782 return NULL;
783
784 hci_dev_lock(hdev);
785 conn = hci_conn_hash_lookup_ba(hdev, ACL_LINK, dst);
786 if (conn)
787 hci_conn_hold_device(conn);
788 hci_dev_unlock(hdev);
789
790 hci_dev_put(hdev);
791
792 return conn;
793}
794
795static int hidp_setup_input(struct hidp_session *session, 614static int hidp_setup_input(struct hidp_session *session,
796 struct hidp_connadd_req *req) 615 struct hidp_connadd_req *req)
797{ 616{
@@ -839,7 +658,7 @@ static int hidp_setup_input(struct hidp_session *session,
839 input->relbit[0] |= BIT_MASK(REL_WHEEL); 658 input->relbit[0] |= BIT_MASK(REL_WHEEL);
840 } 659 }
841 660
842 input->dev.parent = &session->conn->dev; 661 input->dev.parent = &session->conn->hcon->dev;
843 662
844 input->event = hidp_input_event; 663 input->event = hidp_input_event;
845 664
@@ -898,7 +717,6 @@ static struct hid_ll_driver hidp_hid_driver = {
898 .stop = hidp_stop, 717 .stop = hidp_stop,
899 .open = hidp_open, 718 .open = hidp_open,
900 .close = hidp_close, 719 .close = hidp_close,
901 .hidinput_input_event = hidp_hidinput_event,
902}; 720};
903 721
904/* This function sets up the hid device. It does not add it 722/* This function sets up the hid device. It does not add it
@@ -943,7 +761,7 @@ static int hidp_setup_hid(struct hidp_session *session,
943 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR", 761 snprintf(hid->uniq, sizeof(hid->uniq), "%pMR",
944 &bt_sk(session->ctrl_sock->sk)->dst); 762 &bt_sk(session->ctrl_sock->sk)->dst);
945 763
946 hid->dev.parent = &session->conn->dev; 764 hid->dev.parent = &session->conn->hcon->dev;
947 hid->ll_driver = &hidp_hid_driver; 765 hid->ll_driver = &hidp_hid_driver;
948 766
949 hid->hid_get_raw_report = hidp_get_raw_report; 767 hid->hid_get_raw_report = hidp_get_raw_report;
@@ -965,80 +783,217 @@ fault:
965 return err; 783 return err;
966} 784}
967 785
968int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock) 786/* initialize session devices */
787static int hidp_session_dev_init(struct hidp_session *session,
788 struct hidp_connadd_req *req)
969{ 789{
970 struct hidp_session *session, *s; 790 int ret;
971 int vendor, product;
972 int err;
973 791
974 BT_DBG(""); 792 if (req->rd_size > 0) {
793 ret = hidp_setup_hid(session, req);
794 if (ret && ret != -ENODEV)
795 return ret;
796 }
975 797
976 if (bacmp(&bt_sk(ctrl_sock->sk)->src, &bt_sk(intr_sock->sk)->src) || 798 if (!session->hid) {
977 bacmp(&bt_sk(ctrl_sock->sk)->dst, &bt_sk(intr_sock->sk)->dst)) 799 ret = hidp_setup_input(session, req);
978 return -ENOTUNIQ; 800 if (ret < 0)
801 return ret;
802 }
979 803
980 BT_DBG("rd_data %p rd_size %d", req->rd_data, req->rd_size); 804 return 0;
805}
981 806
982 down_write(&hidp_session_sem); 807/* destroy session devices */
808static void hidp_session_dev_destroy(struct hidp_session *session)
809{
810 if (session->hid)
811 put_device(&session->hid->dev);
812 else if (session->input)
813 input_put_device(session->input);
983 814
984 s = __hidp_get_session(&bt_sk(ctrl_sock->sk)->dst); 815 kfree(session->rd_data);
985 if (s && s->state == BT_CONNECTED) { 816 session->rd_data = NULL;
986 up_write(&hidp_session_sem); 817}
987 return -EEXIST;
988 }
989 818
990 session = kzalloc(sizeof(struct hidp_session), GFP_KERNEL); 819/* add HID/input devices to their underlying bus systems */
991 if (!session) { 820static int hidp_session_dev_add(struct hidp_session *session)
992 up_write(&hidp_session_sem); 821{
993 return -ENOMEM; 822 int ret;
994 }
995 823
996 bacpy(&session->bdaddr, &bt_sk(ctrl_sock->sk)->dst); 824 /* Both HID and input systems drop a ref-count when unregistering the
825 * device but they don't take a ref-count when registering them. Work
826 * around this by explicitly taking a refcount during registration
827 * which is dropped automatically by unregistering the devices. */
997 828
998 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl_sock->sk)->chan->omtu, 829 if (session->hid) {
999 l2cap_pi(ctrl_sock->sk)->chan->imtu); 830 ret = hid_add_device(session->hid);
1000 session->intr_mtu = min_t(uint, l2cap_pi(intr_sock->sk)->chan->omtu, 831 if (ret)
1001 l2cap_pi(intr_sock->sk)->chan->imtu); 832 return ret;
833 get_device(&session->hid->dev);
834 } else if (session->input) {
835 ret = input_register_device(session->input);
836 if (ret)
837 return ret;
838 input_get_device(session->input);
839 }
1002 840
1003 BT_DBG("ctrl mtu %d intr mtu %d", session->ctrl_mtu, session->intr_mtu); 841 return 0;
842}
1004 843
1005 session->ctrl_sock = ctrl_sock; 844/* remove HID/input devices from their bus systems */
1006 session->intr_sock = intr_sock; 845static void hidp_session_dev_del(struct hidp_session *session)
1007 session->state = BT_CONNECTED; 846{
847 if (session->hid)
848 hid_destroy_device(session->hid);
849 else if (session->input)
850 input_unregister_device(session->input);
851}
1008 852
1009 session->conn = hidp_get_connection(session); 853/*
1010 if (!session->conn) { 854 * Create new session object
1011 err = -ENOTCONN; 855 * Allocate session object, initialize static fields, copy input data into the
1012 goto failed; 856 * object and take a reference to all sub-objects.
1013 } 857 * This returns 0 on success and puts a pointer to the new session object in
858 * \out. Otherwise, an error code is returned.
859 * The new session object has an initial ref-count of 1.
860 */
861static int hidp_session_new(struct hidp_session **out, const bdaddr_t *bdaddr,
862 struct socket *ctrl_sock,
863 struct socket *intr_sock,
864 struct hidp_connadd_req *req,
865 struct l2cap_conn *conn)
866{
867 struct hidp_session *session;
868 int ret;
869 struct bt_sock *ctrl, *intr;
870
871 ctrl = bt_sk(ctrl_sock->sk);
872 intr = bt_sk(intr_sock->sk);
1014 873
1015 setup_timer(&session->timer, hidp_idle_timeout, (unsigned long)session); 874 session = kzalloc(sizeof(*session), GFP_KERNEL);
875 if (!session)
876 return -ENOMEM;
1016 877
878 /* object and runtime management */
879 kref_init(&session->ref);
880 atomic_set(&session->state, HIDP_SESSION_IDLING);
881 init_waitqueue_head(&session->state_queue);
882 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
883
884 /* connection management */
885 bacpy(&session->bdaddr, bdaddr);
886 session->conn = conn;
887 session->user.probe = hidp_session_probe;
888 session->user.remove = hidp_session_remove;
889 session->ctrl_sock = ctrl_sock;
890 session->intr_sock = intr_sock;
1017 skb_queue_head_init(&session->ctrl_transmit); 891 skb_queue_head_init(&session->ctrl_transmit);
1018 skb_queue_head_init(&session->intr_transmit); 892 skb_queue_head_init(&session->intr_transmit);
893 session->ctrl_mtu = min_t(uint, l2cap_pi(ctrl)->chan->omtu,
894 l2cap_pi(ctrl)->chan->imtu);
895 session->intr_mtu = min_t(uint, l2cap_pi(intr)->chan->omtu,
896 l2cap_pi(intr)->chan->imtu);
897 session->idle_to = req->idle_to;
898
899 /* device management */
900 setup_timer(&session->timer, hidp_idle_timeout,
901 (unsigned long)session);
1019 902
903 /* session data */
1020 mutex_init(&session->report_mutex); 904 mutex_init(&session->report_mutex);
1021 init_waitqueue_head(&session->report_queue); 905 init_waitqueue_head(&session->report_queue);
1022 init_waitqueue_head(&session->startup_queue);
1023 session->waiting_for_startup = 1;
1024 session->flags = req->flags & (1 << HIDP_BLUETOOTH_VENDOR_ID);
1025 session->idle_to = req->idle_to;
1026 906
1027 __hidp_link_session(session); 907 ret = hidp_session_dev_init(session, req);
908 if (ret)
909 goto err_free;
1028 910
1029 if (req->rd_size > 0) { 911 l2cap_conn_get(session->conn);
1030 err = hidp_setup_hid(session, req); 912 get_file(session->intr_sock->file);
1031 if (err && err != -ENODEV) 913 get_file(session->ctrl_sock->file);
1032 goto purge; 914 *out = session;
1033 } 915 return 0;
1034 916
1035 if (!session->hid) { 917err_free:
1036 err = hidp_setup_input(session, req); 918 kfree(session);
1037 if (err < 0) 919 return ret;
1038 goto purge; 920}
921
922/* increase ref-count of the given session by one */
923static void hidp_session_get(struct hidp_session *session)
924{
925 kref_get(&session->ref);
926}
927
928/* release callback */
929static void session_free(struct kref *ref)
930{
931 struct hidp_session *session = container_of(ref, struct hidp_session,
932 ref);
933
934 hidp_session_dev_destroy(session);
935 skb_queue_purge(&session->ctrl_transmit);
936 skb_queue_purge(&session->intr_transmit);
937 fput(session->intr_sock->file);
938 fput(session->ctrl_sock->file);
939 l2cap_conn_put(session->conn);
940 kfree(session);
941}
942
943/* decrease ref-count of the given session by one */
944static void hidp_session_put(struct hidp_session *session)
945{
946 kref_put(&session->ref, session_free);
947}
948
949/*
950 * Search the list of active sessions for a session with target address
951 * \bdaddr. You must hold at least a read-lock on \hidp_session_sem. As long as
952 * you do not release this lock, the session objects cannot vanish and you can
953 * safely take a reference to the session yourself.
954 */
955static struct hidp_session *__hidp_session_find(const bdaddr_t *bdaddr)
956{
957 struct hidp_session *session;
958
959 list_for_each_entry(session, &hidp_session_list, list) {
960 if (!bacmp(bdaddr, &session->bdaddr))
961 return session;
1039 } 962 }
1040 963
1041 hidp_set_timer(session); 964 return NULL;
965}
966
967/*
968 * Same as __hidp_session_find() but no locks must be held. This also takes a
969 * reference of the returned session (if non-NULL) so you must drop this
970 * reference if you no longer use the object.
971 */
972static struct hidp_session *hidp_session_find(const bdaddr_t *bdaddr)
973{
974 struct hidp_session *session;
975
976 down_read(&hidp_session_sem);
977
978 session = __hidp_session_find(bdaddr);
979 if (session)
980 hidp_session_get(session);
981
982 up_read(&hidp_session_sem);
983
984 return session;
985}
986
987/*
988 * Start session synchronously
989 * This starts a session thread and waits until initialization
990 * is done or returns an error if it couldn't be started.
991 * If this returns 0 the session thread is up and running. You must call
992 * hipd_session_stop_sync() before deleting any runtime resources.
993 */
994static int hidp_session_start_sync(struct hidp_session *session)
995{
996 unsigned int vendor, product;
1042 997
1043 if (session->hid) { 998 if (session->hid) {
1044 vendor = session->hid->vendor; 999 vendor = session->hid->vendor;
@@ -1051,98 +1006,320 @@ int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock,
1051 product = 0x0000; 1006 product = 0x0000;
1052 } 1007 }
1053 1008
1054 session->task = kthread_run(hidp_session, session, "khidpd_%04x%04x", 1009 session->task = kthread_run(hidp_session_thread, session,
1055 vendor, product); 1010 "khidpd_%04x%04x", vendor, product);
1056 if (IS_ERR(session->task)) { 1011 if (IS_ERR(session->task))
1057 err = PTR_ERR(session->task); 1012 return PTR_ERR(session->task);
1058 goto unlink;
1059 }
1060 1013
1061 while (session->waiting_for_startup) { 1014 while (atomic_read(&session->state) <= HIDP_SESSION_IDLING)
1062 wait_event_interruptible(session->startup_queue, 1015 wait_event(session->state_queue,
1063 !session->waiting_for_startup); 1016 atomic_read(&session->state) > HIDP_SESSION_IDLING);
1064 }
1065 1017
1066 if (session->hid) 1018 return 0;
1067 err = hid_add_device(session->hid); 1019}
1068 else
1069 err = input_register_device(session->input);
1070 1020
1071 if (err < 0) { 1021/*
1072 atomic_inc(&session->terminate); 1022 * Terminate session thread
1073 wake_up_process(session->task); 1023 * Wake up session thread and notify it to stop. This is asynchronous and
1074 up_write(&hidp_session_sem); 1024 * returns immediately. Call this whenever a runtime error occurs and you want
1075 return err; 1025 * the session to stop.
1076 } 1026 * Note: wake_up_process() performs any necessary memory-barriers for us.
1027 */
1028static void hidp_session_terminate(struct hidp_session *session)
1029{
1030 atomic_inc(&session->terminate);
1031 wake_up_process(session->task);
1032}
1077 1033
1078 if (session->input) { 1034/*
1079 hidp_send_ctrl_message(session, 1035 * Probe HIDP session
1080 HIDP_TRANS_SET_PROTOCOL | HIDP_PROTO_BOOT, NULL, 0); 1036 * This is called from the l2cap_conn core when our l2cap_user object is bound
1081 session->flags |= (1 << HIDP_BOOT_PROTOCOL_MODE); 1037 * to the hci-connection. We get the session via the \user object and can now
1038 * start the session thread, register the HID/input devices and link it into
1039 * the global session list.
1040 * The global session-list owns its own reference to the session object so you
1041 * can drop your own reference after registering the l2cap_user object.
1042 */
1043static int hidp_session_probe(struct l2cap_conn *conn,
1044 struct l2cap_user *user)
1045{
1046 struct hidp_session *session = container_of(user,
1047 struct hidp_session,
1048 user);
1049 struct hidp_session *s;
1050 int ret;
1051
1052 down_write(&hidp_session_sem);
1082 1053
1083 session->leds = 0xff; 1054 /* check that no other session for this device exists */
1084 hidp_input_event(session->input, EV_LED, 0, 0); 1055 s = __hidp_session_find(&session->bdaddr);
1056 if (s) {
1057 ret = -EEXIST;
1058 goto out_unlock;
1085 } 1059 }
1086 1060
1061 ret = hidp_session_start_sync(session);
1062 if (ret)
1063 goto out_unlock;
1064
1065 ret = hidp_session_dev_add(session);
1066 if (ret)
1067 goto out_stop;
1068
1069 hidp_session_get(session);
1070 list_add(&session->list, &hidp_session_list);
1071 ret = 0;
1072 goto out_unlock;
1073
1074out_stop:
1075 hidp_session_terminate(session);
1076out_unlock:
1087 up_write(&hidp_session_sem); 1077 up_write(&hidp_session_sem);
1088 return 0; 1078 return ret;
1079}
1080
1081/*
1082 * Remove HIDP session
1083 * Called from the l2cap_conn core when either we explicitly unregistered
1084 * the l2cap_user object or if the underlying connection is shut down.
1085 * We signal the hidp-session thread to shut down, unregister the HID/input
1086 * devices and unlink the session from the global list.
1087 * This drops the reference to the session that is owned by the global
1088 * session-list.
1089 * Note: We _must_ not synchronosly wait for the session-thread to shut down.
1090 * This is, because the session-thread might be waiting for an HCI lock that is
1091 * held while we are called. Therefore, we only unregister the devices and
1092 * notify the session-thread to terminate. The thread itself owns a reference
1093 * to the session object so it can safely shut down.
1094 */
1095static void hidp_session_remove(struct l2cap_conn *conn,
1096 struct l2cap_user *user)
1097{
1098 struct hidp_session *session = container_of(user,
1099 struct hidp_session,
1100 user);
1101
1102 down_write(&hidp_session_sem);
1103
1104 hidp_session_terminate(session);
1105 hidp_session_dev_del(session);
1106 list_del(&session->list);
1107
1108 up_write(&hidp_session_sem);
1109
1110 hidp_session_put(session);
1111}
1112
1113/*
1114 * Session Worker
1115 * This performs the actual main-loop of the HIDP worker. We first check
1116 * whether the underlying connection is still alive, then parse all pending
1117 * messages and finally send all outstanding messages.
1118 */
1119static void hidp_session_run(struct hidp_session *session)
1120{
1121 struct sock *ctrl_sk = session->ctrl_sock->sk;
1122 struct sock *intr_sk = session->intr_sock->sk;
1123 struct sk_buff *skb;
1124
1125 for (;;) {
1126 /*
1127 * This thread can be woken up two ways:
1128 * - You call hidp_session_terminate() which sets the
1129 * session->terminate flag and wakes this thread up.
1130 * - Via modifying the socket state of ctrl/intr_sock. This
1131 * thread is woken up by ->sk_state_changed().
1132 *
1133 * Note: set_current_state() performs any necessary
1134 * memory-barriers for us.
1135 */
1136 set_current_state(TASK_INTERRUPTIBLE);
1137
1138 if (atomic_read(&session->terminate))
1139 break;
1140
1141 if (ctrl_sk->sk_state != BT_CONNECTED ||
1142 intr_sk->sk_state != BT_CONNECTED)
1143 break;
1144
1145 /* parse incoming intr-skbs */
1146 while ((skb = skb_dequeue(&intr_sk->sk_receive_queue))) {
1147 skb_orphan(skb);
1148 if (!skb_linearize(skb))
1149 hidp_recv_intr_frame(session, skb);
1150 else
1151 kfree_skb(skb);
1152 }
1153
1154 /* send pending intr-skbs */
1155 hidp_process_transmit(session, &session->intr_transmit,
1156 session->intr_sock);
1089 1157
1090unlink: 1158 /* parse incoming ctrl-skbs */
1159 while ((skb = skb_dequeue(&ctrl_sk->sk_receive_queue))) {
1160 skb_orphan(skb);
1161 if (!skb_linearize(skb))
1162 hidp_recv_ctrl_frame(session, skb);
1163 else
1164 kfree_skb(skb);
1165 }
1166
1167 /* send pending ctrl-skbs */
1168 hidp_process_transmit(session, &session->ctrl_transmit,
1169 session->ctrl_sock);
1170
1171 schedule();
1172 }
1173
1174 atomic_inc(&session->terminate);
1175 set_current_state(TASK_RUNNING);
1176}
1177
1178/*
1179 * HIDP session thread
1180 * This thread runs the I/O for a single HIDP session. Startup is synchronous
1181 * which allows us to take references to ourself here instead of doing that in
1182 * the caller.
1183 * When we are ready to run we notify the caller and call hidp_session_run().
1184 */
1185static int hidp_session_thread(void *arg)
1186{
1187 struct hidp_session *session = arg;
1188 wait_queue_t ctrl_wait, intr_wait;
1189
1190 BT_DBG("session %p", session);
1191
1192 /* initialize runtime environment */
1193 hidp_session_get(session);
1194 __module_get(THIS_MODULE);
1195 set_user_nice(current, -15);
1196 hidp_set_timer(session);
1197
1198 init_waitqueue_entry(&ctrl_wait, current);
1199 init_waitqueue_entry(&intr_wait, current);
1200 add_wait_queue(sk_sleep(session->ctrl_sock->sk), &ctrl_wait);
1201 add_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1202 /* This memory barrier is paired with wq_has_sleeper(). See
1203 * sock_poll_wait() for more information why this is needed. */
1204 smp_mb();
1205
1206 /* notify synchronous startup that we're ready */
1207 atomic_inc(&session->state);
1208 wake_up(&session->state_queue);
1209
1210 /* run session */
1211 hidp_session_run(session);
1212
1213 /* cleanup runtime environment */
1214 remove_wait_queue(sk_sleep(session->intr_sock->sk), &intr_wait);
1215 remove_wait_queue(sk_sleep(session->intr_sock->sk), &ctrl_wait);
1216 wake_up_interruptible(&session->report_queue);
1091 hidp_del_timer(session); 1217 hidp_del_timer(session);
1092 1218
1093 if (session->input) { 1219 /*
1094 input_unregister_device(session->input); 1220 * If we stopped ourself due to any internal signal, we should try to
1095 session->input = NULL; 1221 * unregister our own session here to avoid having it linger until the
1222 * parent l2cap_conn dies or user-space cleans it up.
1223 * This does not deadlock as we don't do any synchronous shutdown.
1224 * Instead, this call has the same semantics as if user-space tried to
1225 * delete the session.
1226 */
1227 l2cap_unregister_user(session->conn, &session->user);
1228 hidp_session_put(session);
1229
1230 module_put_and_exit(0);
1231 return 0;
1232}
1233
1234static int hidp_verify_sockets(struct socket *ctrl_sock,
1235 struct socket *intr_sock)
1236{
1237 struct bt_sock *ctrl, *intr;
1238 struct hidp_session *session;
1239
1240 if (!l2cap_is_socket(ctrl_sock) || !l2cap_is_socket(intr_sock))
1241 return -EINVAL;
1242
1243 ctrl = bt_sk(ctrl_sock->sk);
1244 intr = bt_sk(intr_sock->sk);
1245
1246 if (bacmp(&ctrl->src, &intr->src) || bacmp(&ctrl->dst, &intr->dst))
1247 return -ENOTUNIQ;
1248 if (ctrl->sk.sk_state != BT_CONNECTED ||
1249 intr->sk.sk_state != BT_CONNECTED)
1250 return -EBADFD;
1251
1252 /* early session check, we check again during session registration */
1253 session = hidp_session_find(&ctrl->dst);
1254 if (session) {
1255 hidp_session_put(session);
1256 return -EEXIST;
1096 } 1257 }
1097 1258
1098 if (session->hid) { 1259 return 0;
1099 hid_destroy_device(session->hid); 1260}
1100 session->hid = NULL; 1261
1262int hidp_connection_add(struct hidp_connadd_req *req,
1263 struct socket *ctrl_sock,
1264 struct socket *intr_sock)
1265{
1266 struct hidp_session *session;
1267 struct l2cap_conn *conn;
1268 struct l2cap_chan *chan = l2cap_pi(ctrl_sock->sk)->chan;
1269 int ret;
1270
1271 ret = hidp_verify_sockets(ctrl_sock, intr_sock);
1272 if (ret)
1273 return ret;
1274
1275 conn = NULL;
1276 l2cap_chan_lock(chan);
1277 if (chan->conn) {
1278 l2cap_conn_get(chan->conn);
1279 conn = chan->conn;
1101 } 1280 }
1281 l2cap_chan_unlock(chan);
1102 1282
1103 kfree(session->rd_data); 1283 if (!conn)
1104 session->rd_data = NULL; 1284 return -EBADFD;
1105 1285
1106purge: 1286 ret = hidp_session_new(&session, &bt_sk(ctrl_sock->sk)->dst, ctrl_sock,
1107 __hidp_unlink_session(session); 1287 intr_sock, req, conn);
1288 if (ret)
1289 goto out_conn;
1108 1290
1109 skb_queue_purge(&session->ctrl_transmit); 1291 ret = l2cap_register_user(conn, &session->user);
1110 skb_queue_purge(&session->intr_transmit); 1292 if (ret)
1293 goto out_session;
1111 1294
1112failed: 1295 ret = 0;
1113 up_write(&hidp_session_sem);
1114 1296
1115 kfree(session); 1297out_session:
1116 return err; 1298 hidp_session_put(session);
1299out_conn:
1300 l2cap_conn_put(conn);
1301 return ret;
1117} 1302}
1118 1303
1119int hidp_del_connection(struct hidp_conndel_req *req) 1304int hidp_connection_del(struct hidp_conndel_req *req)
1120{ 1305{
1121 struct hidp_session *session; 1306 struct hidp_session *session;
1122 int err = 0;
1123 1307
1124 BT_DBG(""); 1308 session = hidp_session_find(&req->bdaddr);
1309 if (!session)
1310 return -ENOENT;
1125 1311
1126 down_read(&hidp_session_sem); 1312 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG))
1313 hidp_send_ctrl_message(session,
1314 HIDP_TRANS_HID_CONTROL |
1315 HIDP_CTRL_VIRTUAL_CABLE_UNPLUG,
1316 NULL, 0);
1317 else
1318 l2cap_unregister_user(session->conn, &session->user);
1127 1319
1128 session = __hidp_get_session(&req->bdaddr); 1320 hidp_session_put(session);
1129 if (session) {
1130 if (req->flags & (1 << HIDP_VIRTUAL_CABLE_UNPLUG)) {
1131 hidp_send_ctrl_message(session,
1132 HIDP_TRANS_HID_CONTROL | HIDP_CTRL_VIRTUAL_CABLE_UNPLUG, NULL, 0);
1133 } else {
1134 /* Flush the transmit queues */
1135 skb_queue_purge(&session->ctrl_transmit);
1136 skb_queue_purge(&session->intr_transmit);
1137
1138 atomic_inc(&session->terminate);
1139 wake_up_process(session->task);
1140 }
1141 } else
1142 err = -ENOENT;
1143 1321
1144 up_read(&hidp_session_sem); 1322 return 0;
1145 return err;
1146} 1323}
1147 1324
1148int hidp_get_connlist(struct hidp_connlist_req *req) 1325int hidp_get_connlist(struct hidp_connlist_req *req)
@@ -1157,7 +1334,7 @@ int hidp_get_connlist(struct hidp_connlist_req *req)
1157 list_for_each_entry(session, &hidp_session_list, list) { 1334 list_for_each_entry(session, &hidp_session_list, list) {
1158 struct hidp_conninfo ci; 1335 struct hidp_conninfo ci;
1159 1336
1160 __hidp_copy_session(session, &ci); 1337 hidp_copy_session(session, &ci);
1161 1338
1162 if (copy_to_user(req->ci, &ci, sizeof(ci))) { 1339 if (copy_to_user(req->ci, &ci, sizeof(ci))) {
1163 err = -EFAULT; 1340 err = -EFAULT;
@@ -1178,18 +1355,14 @@ int hidp_get_connlist(struct hidp_connlist_req *req)
1178int hidp_get_conninfo(struct hidp_conninfo *ci) 1355int hidp_get_conninfo(struct hidp_conninfo *ci)
1179{ 1356{
1180 struct hidp_session *session; 1357 struct hidp_session *session;
1181 int err = 0;
1182
1183 down_read(&hidp_session_sem);
1184 1358
1185 session = __hidp_get_session(&ci->bdaddr); 1359 session = hidp_session_find(&ci->bdaddr);
1186 if (session) 1360 if (session) {
1187 __hidp_copy_session(session, ci); 1361 hidp_copy_session(session, ci);
1188 else 1362 hidp_session_put(session);
1189 err = -ENOENT; 1363 }
1190 1364
1191 up_read(&hidp_session_sem); 1365 return session ? 0 : -ENOENT;
1192 return err;
1193} 1366}
1194 1367
1195static int __init hidp_init(void) 1368static int __init hidp_init(void)
@@ -1208,6 +1381,7 @@ module_init(hidp_init);
1208module_exit(hidp_exit); 1381module_exit(hidp_exit);
1209 1382
1210MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>"); 1383MODULE_AUTHOR("Marcel Holtmann <marcel@holtmann.org>");
1384MODULE_AUTHOR("David Herrmann <dh.herrmann@gmail.com>");
1211MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION); 1385MODULE_DESCRIPTION("Bluetooth HIDP ver " VERSION);
1212MODULE_VERSION(VERSION); 1386MODULE_VERSION(VERSION);
1213MODULE_LICENSE("GPL"); 1387MODULE_LICENSE("GPL");
diff --git a/net/bluetooth/hidp/hidp.h b/net/bluetooth/hidp/hidp.h
index af1bcc823f26..6162ce8606ac 100644
--- a/net/bluetooth/hidp/hidp.h
+++ b/net/bluetooth/hidp/hidp.h
@@ -24,7 +24,9 @@
24#define __HIDP_H 24#define __HIDP_H
25 25
26#include <linux/types.h> 26#include <linux/types.h>
27#include <linux/kref.h>
27#include <net/bluetooth/bluetooth.h> 28#include <net/bluetooth/bluetooth.h>
29#include <net/bluetooth/l2cap.h>
28 30
29/* HIDP header masks */ 31/* HIDP header masks */
30#define HIDP_HEADER_TRANS_MASK 0xf0 32#define HIDP_HEADER_TRANS_MASK 0xf0
@@ -119,43 +121,52 @@ struct hidp_connlist_req {
119 struct hidp_conninfo __user *ci; 121 struct hidp_conninfo __user *ci;
120}; 122};
121 123
122int hidp_add_connection(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock); 124int hidp_connection_add(struct hidp_connadd_req *req, struct socket *ctrl_sock, struct socket *intr_sock);
123int hidp_del_connection(struct hidp_conndel_req *req); 125int hidp_connection_del(struct hidp_conndel_req *req);
124int hidp_get_connlist(struct hidp_connlist_req *req); 126int hidp_get_connlist(struct hidp_connlist_req *req);
125int hidp_get_conninfo(struct hidp_conninfo *ci); 127int hidp_get_conninfo(struct hidp_conninfo *ci);
126 128
129enum hidp_session_state {
130 HIDP_SESSION_IDLING,
131 HIDP_SESSION_RUNNING,
132};
133
127/* HIDP session defines */ 134/* HIDP session defines */
128struct hidp_session { 135struct hidp_session {
129 struct list_head list; 136 struct list_head list;
137 struct kref ref;
130 138
131 struct hci_conn *conn; 139 /* runtime management */
140 atomic_t state;
141 wait_queue_head_t state_queue;
142 atomic_t terminate;
143 struct task_struct *task;
144 unsigned long flags;
132 145
146 /* connection management */
147 bdaddr_t bdaddr;
148 struct l2cap_conn *conn;
149 struct l2cap_user user;
133 struct socket *ctrl_sock; 150 struct socket *ctrl_sock;
134 struct socket *intr_sock; 151 struct socket *intr_sock;
135 152 struct sk_buff_head ctrl_transmit;
136 bdaddr_t bdaddr; 153 struct sk_buff_head intr_transmit;
137
138 unsigned long state;
139 unsigned long flags;
140 unsigned long idle_to;
141
142 uint ctrl_mtu; 154 uint ctrl_mtu;
143 uint intr_mtu; 155 uint intr_mtu;
156 unsigned long idle_to;
144 157
145 atomic_t terminate; 158 /* device management */
146 struct task_struct *task;
147
148 unsigned char keys[8];
149 unsigned char leds;
150
151 struct input_dev *input; 159 struct input_dev *input;
152
153 struct hid_device *hid; 160 struct hid_device *hid;
154
155 struct timer_list timer; 161 struct timer_list timer;
156 162
157 struct sk_buff_head ctrl_transmit; 163 /* Report descriptor */
158 struct sk_buff_head intr_transmit; 164 __u8 *rd_data;
165 uint rd_size;
166
167 /* session data */
168 unsigned char keys[8];
169 unsigned char leds;
159 170
160 /* Used in hidp_get_raw_report() */ 171 /* Used in hidp_get_raw_report() */
161 int waiting_report_type; /* HIDP_DATA_RTYPE_* */ 172 int waiting_report_type; /* HIDP_DATA_RTYPE_* */
@@ -166,24 +177,8 @@ struct hidp_session {
166 177
167 /* Used in hidp_output_raw_report() */ 178 /* Used in hidp_output_raw_report() */
168 int output_report_success; /* boolean */ 179 int output_report_success; /* boolean */
169
170 /* Report descriptor */
171 __u8 *rd_data;
172 uint rd_size;
173
174 wait_queue_head_t startup_queue;
175 int waiting_for_startup;
176}; 180};
177 181
178static inline void hidp_schedule(struct hidp_session *session)
179{
180 struct sock *ctrl_sk = session->ctrl_sock->sk;
181 struct sock *intr_sk = session->intr_sock->sk;
182
183 wake_up_interruptible(sk_sleep(ctrl_sk));
184 wake_up_interruptible(sk_sleep(intr_sk));
185}
186
187/* HIDP init defines */ 182/* HIDP init defines */
188extern int __init hidp_init_sockets(void); 183extern int __init hidp_init_sockets(void);
189extern void __exit hidp_cleanup_sockets(void); 184extern void __exit hidp_cleanup_sockets(void);
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 5d0f1ca0a314..2f4cbb0865ca 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -77,21 +77,12 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
77 return err; 77 return err;
78 } 78 }
79 79
80 if (csock->sk->sk_state != BT_CONNECTED || 80 err = hidp_connection_add(&ca, csock, isock);
81 isock->sk->sk_state != BT_CONNECTED) { 81 if (!err && copy_to_user(argp, &ca, sizeof(ca)))
82 sockfd_put(csock); 82 err = -EFAULT;
83 sockfd_put(isock);
84 return -EBADFD;
85 }
86 83
87 err = hidp_add_connection(&ca, csock, isock); 84 sockfd_put(csock);
88 if (!err) { 85 sockfd_put(isock);
89 if (copy_to_user(argp, &ca, sizeof(ca)))
90 err = -EFAULT;
91 } else {
92 sockfd_put(csock);
93 sockfd_put(isock);
94 }
95 86
96 return err; 87 return err;
97 88
@@ -102,7 +93,7 @@ static int hidp_sock_ioctl(struct socket *sock, unsigned int cmd, unsigned long
102 if (copy_from_user(&cd, argp, sizeof(cd))) 93 if (copy_from_user(&cd, argp, sizeof(cd)))
103 return -EFAULT; 94 return -EFAULT;
104 95
105 return hidp_del_connection(&cd); 96 return hidp_connection_del(&cd);
106 97
107 case HIDPGETCONNLIST: 98 case HIDPGETCONNLIST:
108 if (copy_from_user(&cl, argp, sizeof(cl))) 99 if (copy_from_user(&cl, argp, sizeof(cl)))
@@ -296,7 +287,6 @@ int __init hidp_init_sockets(void)
296 return 0; 287 return 0;
297 288
298error: 289error:
299 BT_ERR("Can't register HIDP socket");
300 proto_unregister(&hidp_proto); 290 proto_unregister(&hidp_proto);
301 return err; 291 return err;
302} 292}
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
index 7c7e9321f1ea..eae1d9f90b68 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -571,7 +571,7 @@ void l2cap_chan_del(struct l2cap_chan *chan, int err)
571 chan->conn = NULL; 571 chan->conn = NULL;
572 572
573 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP) 573 if (chan->chan_type != L2CAP_CHAN_CONN_FIX_A2MP)
574 hci_conn_put(conn->hcon); 574 hci_conn_drop(conn->hcon);
575 575
576 if (mgr && mgr->bredr_chan == chan) 576 if (mgr && mgr->bredr_chan == chan)
577 mgr->bredr_chan = NULL; 577 mgr->bredr_chan = NULL;
@@ -1446,6 +1446,89 @@ static void l2cap_info_timeout(struct work_struct *work)
1446 l2cap_conn_start(conn); 1446 l2cap_conn_start(conn);
1447} 1447}
1448 1448
1449/*
1450 * l2cap_user
1451 * External modules can register l2cap_user objects on l2cap_conn. The ->probe
1452 * callback is called during registration. The ->remove callback is called
1453 * during unregistration.
1454 * An l2cap_user object can either be explicitly unregistered or when the
1455 * underlying l2cap_conn object is deleted. This guarantees that l2cap->hcon,
1456 * l2cap->hchan, .. are valid as long as the remove callback hasn't been called.
1457 * External modules must own a reference to the l2cap_conn object if they intend
1458 * to call l2cap_unregister_user(). The l2cap_conn object might get destroyed at
1459 * any time if they don't.
1460 */
1461
1462int l2cap_register_user(struct l2cap_conn *conn, struct l2cap_user *user)
1463{
1464 struct hci_dev *hdev = conn->hcon->hdev;
1465 int ret;
1466
1467 /* We need to check whether l2cap_conn is registered. If it is not, we
1468 * must not register the l2cap_user. l2cap_conn_del() is unregisters
1469 * l2cap_conn objects, but doesn't provide its own locking. Instead, it
1470 * relies on the parent hci_conn object to be locked. This itself relies
1471 * on the hci_dev object to be locked. So we must lock the hci device
1472 * here, too. */
1473
1474 hci_dev_lock(hdev);
1475
1476 if (user->list.next || user->list.prev) {
1477 ret = -EINVAL;
1478 goto out_unlock;
1479 }
1480
1481 /* conn->hchan is NULL after l2cap_conn_del() was called */
1482 if (!conn->hchan) {
1483 ret = -ENODEV;
1484 goto out_unlock;
1485 }
1486
1487 ret = user->probe(conn, user);
1488 if (ret)
1489 goto out_unlock;
1490
1491 list_add(&user->list, &conn->users);
1492 ret = 0;
1493
1494out_unlock:
1495 hci_dev_unlock(hdev);
1496 return ret;
1497}
1498EXPORT_SYMBOL(l2cap_register_user);
1499
1500void l2cap_unregister_user(struct l2cap_conn *conn, struct l2cap_user *user)
1501{
1502 struct hci_dev *hdev = conn->hcon->hdev;
1503
1504 hci_dev_lock(hdev);
1505
1506 if (!user->list.next || !user->list.prev)
1507 goto out_unlock;
1508
1509 list_del(&user->list);
1510 user->list.next = NULL;
1511 user->list.prev = NULL;
1512 user->remove(conn, user);
1513
1514out_unlock:
1515 hci_dev_unlock(hdev);
1516}
1517EXPORT_SYMBOL(l2cap_unregister_user);
1518
1519static void l2cap_unregister_all_users(struct l2cap_conn *conn)
1520{
1521 struct l2cap_user *user;
1522
1523 while (!list_empty(&conn->users)) {
1524 user = list_first_entry(&conn->users, struct l2cap_user, list);
1525 list_del(&user->list);
1526 user->list.next = NULL;
1527 user->list.prev = NULL;
1528 user->remove(conn, user);
1529 }
1530}
1531
1449static void l2cap_conn_del(struct hci_conn *hcon, int err) 1532static void l2cap_conn_del(struct hci_conn *hcon, int err)
1450{ 1533{
1451 struct l2cap_conn *conn = hcon->l2cap_data; 1534 struct l2cap_conn *conn = hcon->l2cap_data;
@@ -1458,6 +1541,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1458 1541
1459 kfree_skb(conn->rx_skb); 1542 kfree_skb(conn->rx_skb);
1460 1543
1544 l2cap_unregister_all_users(conn);
1545
1461 mutex_lock(&conn->chan_lock); 1546 mutex_lock(&conn->chan_lock);
1462 1547
1463 /* Kill channels */ 1548 /* Kill channels */
@@ -1486,7 +1571,8 @@ static void l2cap_conn_del(struct hci_conn *hcon, int err)
1486 } 1571 }
1487 1572
1488 hcon->l2cap_data = NULL; 1573 hcon->l2cap_data = NULL;
1489 kfree(conn); 1574 conn->hchan = NULL;
1575 l2cap_conn_put(conn);
1490} 1576}
1491 1577
1492static void security_timeout(struct work_struct *work) 1578static void security_timeout(struct work_struct *work)
@@ -1502,12 +1588,12 @@ static void security_timeout(struct work_struct *work)
1502 } 1588 }
1503} 1589}
1504 1590
1505static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status) 1591static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon)
1506{ 1592{
1507 struct l2cap_conn *conn = hcon->l2cap_data; 1593 struct l2cap_conn *conn = hcon->l2cap_data;
1508 struct hci_chan *hchan; 1594 struct hci_chan *hchan;
1509 1595
1510 if (conn || status) 1596 if (conn)
1511 return conn; 1597 return conn;
1512 1598
1513 hchan = hci_chan_create(hcon); 1599 hchan = hci_chan_create(hcon);
@@ -1520,8 +1606,10 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1520 return NULL; 1606 return NULL;
1521 } 1607 }
1522 1608
1609 kref_init(&conn->ref);
1523 hcon->l2cap_data = conn; 1610 hcon->l2cap_data = conn;
1524 conn->hcon = hcon; 1611 conn->hcon = hcon;
1612 hci_conn_get(conn->hcon);
1525 conn->hchan = hchan; 1613 conn->hchan = hchan;
1526 1614
1527 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan); 1615 BT_DBG("hcon %p conn %p hchan %p", hcon, conn, hchan);
@@ -1547,6 +1635,7 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1547 mutex_init(&conn->chan_lock); 1635 mutex_init(&conn->chan_lock);
1548 1636
1549 INIT_LIST_HEAD(&conn->chan_l); 1637 INIT_LIST_HEAD(&conn->chan_l);
1638 INIT_LIST_HEAD(&conn->users);
1550 1639
1551 if (hcon->type == LE_LINK) 1640 if (hcon->type == LE_LINK)
1552 INIT_DELAYED_WORK(&conn->security_timer, security_timeout); 1641 INIT_DELAYED_WORK(&conn->security_timer, security_timeout);
@@ -1558,6 +1647,26 @@ static struct l2cap_conn *l2cap_conn_add(struct hci_conn *hcon, u8 status)
1558 return conn; 1647 return conn;
1559} 1648}
1560 1649
1650static void l2cap_conn_free(struct kref *ref)
1651{
1652 struct l2cap_conn *conn = container_of(ref, struct l2cap_conn, ref);
1653
1654 hci_conn_put(conn->hcon);
1655 kfree(conn);
1656}
1657
1658void l2cap_conn_get(struct l2cap_conn *conn)
1659{
1660 kref_get(&conn->ref);
1661}
1662EXPORT_SYMBOL(l2cap_conn_get);
1663
1664void l2cap_conn_put(struct l2cap_conn *conn)
1665{
1666 kref_put(&conn->ref, l2cap_conn_free);
1667}
1668EXPORT_SYMBOL(l2cap_conn_put);
1669
1561/* ---- Socket interface ---- */ 1670/* ---- Socket interface ---- */
1562 1671
1563/* Find socket with psm and source / destination bdaddr. 1672/* Find socket with psm and source / destination bdaddr.
@@ -1695,9 +1804,9 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1695 goto done; 1804 goto done;
1696 } 1805 }
1697 1806
1698 conn = l2cap_conn_add(hcon, 0); 1807 conn = l2cap_conn_add(hcon);
1699 if (!conn) { 1808 if (!conn) {
1700 hci_conn_put(hcon); 1809 hci_conn_drop(hcon);
1701 err = -ENOMEM; 1810 err = -ENOMEM;
1702 goto done; 1811 goto done;
1703 } 1812 }
@@ -1707,7 +1816,7 @@ int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
1707 1816
1708 if (!list_empty(&conn->chan_l)) { 1817 if (!list_empty(&conn->chan_l)) {
1709 err = -EBUSY; 1818 err = -EBUSY;
1710 hci_conn_put(hcon); 1819 hci_conn_drop(hcon);
1711 } 1820 }
1712 1821
1713 if (err) 1822 if (err)
@@ -6313,7 +6422,7 @@ void l2cap_connect_cfm(struct hci_conn *hcon, u8 status)
6313 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status); 6422 BT_DBG("hcon %p bdaddr %pMR status %d", hcon, &hcon->dst, status);
6314 6423
6315 if (!status) { 6424 if (!status) {
6316 conn = l2cap_conn_add(hcon, status); 6425 conn = l2cap_conn_add(hcon);
6317 if (conn) 6426 if (conn)
6318 l2cap_conn_ready(conn); 6427 l2cap_conn_ready(conn);
6319 } else { 6428 } else {
@@ -6482,7 +6591,7 @@ int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb, u16 flags)
6482 goto drop; 6591 goto drop;
6483 6592
6484 if (!conn) 6593 if (!conn)
6485 conn = l2cap_conn_add(hcon, 0); 6594 conn = l2cap_conn_add(hcon);
6486 6595
6487 if (!conn) 6596 if (!conn)
6488 goto drop; 6597 goto drop;
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 7f9704993b74..141e7b058b7e 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
@@ -43,6 +43,12 @@ static void l2cap_sock_init(struct sock *sk, struct sock *parent);
43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, 43static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock,
44 int proto, gfp_t prio); 44 int proto, gfp_t prio);
45 45
46bool l2cap_is_socket(struct socket *sock)
47{
48 return sock && sock->ops == &l2cap_sock_ops;
49}
50EXPORT_SYMBOL(l2cap_is_socket);
51
46static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen) 52static int l2cap_sock_bind(struct socket *sock, struct sockaddr *addr, int alen)
47{ 53{
48 struct sock *sk = sock->sk; 54 struct sock *sk = sock->sk;
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index 03e7e732215f..4c830c62ef74 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c
@@ -106,11 +106,10 @@ static const u16 mgmt_events[] = {
106 * These LE scan and inquiry parameters were chosen according to LE General 106 * These LE scan and inquiry parameters were chosen according to LE General
107 * Discovery Procedure specification. 107 * Discovery Procedure specification.
108 */ 108 */
109#define LE_SCAN_TYPE 0x01
110#define LE_SCAN_WIN 0x12 109#define LE_SCAN_WIN 0x12
111#define LE_SCAN_INT 0x12 110#define LE_SCAN_INT 0x12
112#define LE_SCAN_TIMEOUT_LE_ONLY 10240 /* TGAP(gen_disc_scan_min) */ 111#define LE_SCAN_TIMEOUT_LE_ONLY msecs_to_jiffies(10240)
113#define LE_SCAN_TIMEOUT_BREDR_LE 5120 /* TGAP(100)/2 */ 112#define LE_SCAN_TIMEOUT_BREDR_LE msecs_to_jiffies(5120)
114 113
115#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */ 114#define INQUIRY_LEN_BREDR 0x08 /* TGAP(100) */
116#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */ 115#define INQUIRY_LEN_BREDR_LE 0x04 /* TGAP(100)/2 */
@@ -2131,7 +2130,7 @@ static void pairing_complete(struct pending_cmd *cmd, u8 status)
2131 conn->security_cfm_cb = NULL; 2130 conn->security_cfm_cb = NULL;
2132 conn->disconn_cfm_cb = NULL; 2131 conn->disconn_cfm_cb = NULL;
2133 2132
2134 hci_conn_put(conn); 2133 hci_conn_drop(conn);
2135 2134
2136 mgmt_pending_remove(cmd); 2135 mgmt_pending_remove(cmd);
2137} 2136}
@@ -2222,7 +2221,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2222 } 2221 }
2223 2222
2224 if (conn->connect_cfm_cb) { 2223 if (conn->connect_cfm_cb) {
2225 hci_conn_put(conn); 2224 hci_conn_drop(conn);
2226 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE, 2225 err = cmd_complete(sk, hdev->id, MGMT_OP_PAIR_DEVICE,
2227 MGMT_STATUS_BUSY, &rp, sizeof(rp)); 2226 MGMT_STATUS_BUSY, &rp, sizeof(rp));
2228 goto unlock; 2227 goto unlock;
@@ -2231,7 +2230,7 @@ static int pair_device(struct sock *sk, struct hci_dev *hdev, void *data,
2231 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len); 2230 cmd = mgmt_pending_add(sk, MGMT_OP_PAIR_DEVICE, hdev, data, len);
2232 if (!cmd) { 2231 if (!cmd) {
2233 err = -ENOMEM; 2232 err = -ENOMEM;
2234 hci_conn_put(conn); 2233 hci_conn_drop(conn);
2235 goto unlock; 2234 goto unlock;
2236 } 2235 }
2237 2236
@@ -2703,7 +2702,7 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2703 goto failed; 2702 goto failed;
2704 } 2703 }
2705 2704
2706 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, 2705 err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT,
2707 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY); 2706 LE_SCAN_WIN, LE_SCAN_TIMEOUT_LE_ONLY);
2708 break; 2707 break;
2709 2708
@@ -2715,8 +2714,8 @@ static int start_discovery(struct sock *sk, struct hci_dev *hdev,
2715 goto failed; 2714 goto failed;
2716 } 2715 }
2717 2716
2718 err = hci_le_scan(hdev, LE_SCAN_TYPE, LE_SCAN_INT, LE_SCAN_WIN, 2717 err = hci_le_scan(hdev, LE_SCAN_ACTIVE, LE_SCAN_INT,
2719 LE_SCAN_TIMEOUT_BREDR_LE); 2718 LE_SCAN_WIN, LE_SCAN_TIMEOUT_BREDR_LE);
2720 break; 2719 break;
2721 2720
2722 default: 2721 default:
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 2c8055350510..373d81e6e8f0 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -83,7 +83,7 @@ static struct sco_conn *sco_conn_add(struct hci_conn *hcon)
83 if (conn) 83 if (conn)
84 return conn; 84 return conn;
85 85
86 conn = kzalloc(sizeof(struct sco_conn), GFP_ATOMIC); 86 conn = kzalloc(sizeof(struct sco_conn), GFP_KERNEL);
87 if (!conn) 87 if (!conn)
88 return NULL; 88 return NULL;
89 89
@@ -185,7 +185,7 @@ static int sco_connect(struct sock *sk)
185 185
186 conn = sco_conn_add(hcon); 186 conn = sco_conn_add(hcon);
187 if (!conn) { 187 if (!conn) {
188 hci_conn_put(hcon); 188 hci_conn_drop(hcon);
189 err = -ENOMEM; 189 err = -ENOMEM;
190 goto done; 190 goto done;
191 } 191 }
@@ -353,7 +353,7 @@ static void __sco_sock_close(struct sock *sk)
353 if (sco_pi(sk)->conn->hcon) { 353 if (sco_pi(sk)->conn->hcon) {
354 sk->sk_state = BT_DISCONN; 354 sk->sk_state = BT_DISCONN;
355 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT); 355 sco_sock_set_timer(sk, SCO_DISCONN_TIMEOUT);
356 hci_conn_put(sco_pi(sk)->conn->hcon); 356 hci_conn_drop(sco_pi(sk)->conn->hcon);
357 sco_pi(sk)->conn->hcon = NULL; 357 sco_pi(sk)->conn->hcon = NULL;
358 } else 358 } else
359 sco_chan_del(sk, ECONNRESET); 359 sco_chan_del(sk, ECONNRESET);
@@ -481,8 +481,7 @@ static int sco_sock_connect(struct socket *sock, struct sockaddr *addr, int alen
481{ 481{
482 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr; 482 struct sockaddr_sco *sa = (struct sockaddr_sco *) addr;
483 struct sock *sk = sock->sk; 483 struct sock *sk = sock->sk;
484 int err = 0; 484 int err;
485
486 485
487 BT_DBG("sk %p", sk); 486 BT_DBG("sk %p", sk);
488 487
@@ -653,6 +652,42 @@ static int sco_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
653 return err; 652 return err;
654} 653}
655 654
655static void sco_conn_defer_accept(struct hci_conn *conn, int mask)
656{
657 struct hci_dev *hdev = conn->hdev;
658
659 BT_DBG("conn %p", conn);
660
661 conn->state = BT_CONFIG;
662
663 if (!lmp_esco_capable(hdev)) {
664 struct hci_cp_accept_conn_req cp;
665
666 bacpy(&cp.bdaddr, &conn->dst);
667
668 if (lmp_rswitch_capable(hdev) && (mask & HCI_LM_MASTER))
669 cp.role = 0x00; /* Become master */
670 else
671 cp.role = 0x01; /* Remain slave */
672
673 hci_send_cmd(hdev, HCI_OP_ACCEPT_CONN_REQ, sizeof(cp), &cp);
674 } else {
675 struct hci_cp_accept_sync_conn_req cp;
676
677 bacpy(&cp.bdaddr, &conn->dst);
678 cp.pkt_type = cpu_to_le16(conn->pkt_type);
679
680 cp.tx_bandwidth = __constant_cpu_to_le32(0x00001f40);
681 cp.rx_bandwidth = __constant_cpu_to_le32(0x00001f40);
682 cp.max_latency = __constant_cpu_to_le16(0xffff);
683 cp.content_format = cpu_to_le16(hdev->voice_setting);
684 cp.retrans_effort = 0xff;
685
686 hci_send_cmd(hdev, HCI_OP_ACCEPT_SYNC_CONN_REQ,
687 sizeof(cp), &cp);
688 }
689}
690
656static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, 691static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
657 struct msghdr *msg, size_t len, int flags) 692 struct msghdr *msg, size_t len, int flags)
658{ 693{
@@ -663,7 +698,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
663 698
664 if (sk->sk_state == BT_CONNECT2 && 699 if (sk->sk_state == BT_CONNECT2 &&
665 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 700 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
666 hci_conn_accept(pi->conn->hcon, 0); 701 sco_conn_defer_accept(pi->conn->hcon, 0);
667 sk->sk_state = BT_CONFIG; 702 sk->sk_state = BT_CONFIG;
668 msg->msg_namelen = 0; 703 msg->msg_namelen = 0;
669 704
@@ -883,7 +918,7 @@ static void sco_chan_del(struct sock *sk, int err)
883 sco_conn_unlock(conn); 918 sco_conn_unlock(conn);
884 919
885 if (conn->hcon) 920 if (conn->hcon)
886 hci_conn_put(conn->hcon); 921 hci_conn_drop(conn->hcon);
887 } 922 }
888 923
889 sk->sk_state = BT_CLOSED; 924 sk->sk_state = BT_CLOSED;
diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c
index 5abefb12891d..b2296d3857a0 100644
--- a/net/bluetooth/smp.c
+++ b/net/bluetooth/smp.c
@@ -522,7 +522,7 @@ void smp_chan_destroy(struct l2cap_conn *conn)
522 kfree(smp); 522 kfree(smp);
523 conn->smp_chan = NULL; 523 conn->smp_chan = NULL;
524 conn->hcon->smp_conn = NULL; 524 conn->hcon->smp_conn = NULL;
525 hci_conn_put(conn->hcon); 525 hci_conn_drop(conn->hcon);
526} 526}
527 527
528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey) 528int smp_user_confirm_reply(struct hci_conn *hcon, u16 mgmt_op, __le32 passkey)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index c50c19402588..1a89c80e6407 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -805,8 +805,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
805 IEEE80211_CHANCTX_EXCLUSIVE); 805 IEEE80211_CHANCTX_EXCLUSIVE);
806 } 806 }
807 } else if (local->open_count == local->monitors) { 807 } else if (local->open_count == local->monitors) {
808 local->_oper_channel = chandef->chan; 808 local->_oper_chandef = *chandef;
809 local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
810 ieee80211_hw_config(local, 0); 809 ieee80211_hw_config(local, 0);
811 } 810 }
812 811
@@ -965,8 +964,13 @@ static int ieee80211_start_ap(struct wiphy *wiphy, struct net_device *dev,
965 sdata->vif.bss_conf.hidden_ssid = 964 sdata->vif.bss_conf.hidden_ssid =
966 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE); 965 (params->hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE);
967 966
968 sdata->vif.bss_conf.p2p_ctwindow = params->p2p_ctwindow; 967 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
969 sdata->vif.bss_conf.p2p_oppps = params->p2p_opp_ps; 968 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
969 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow =
970 params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
971 if (params->p2p_opp_ps)
972 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
973 IEEE80211_P2P_OPPPS_ENABLE_BIT;
970 974
971 err = ieee80211_assign_beacon(sdata, &params->beacon); 975 err = ieee80211_assign_beacon(sdata, &params->beacon);
972 if (err < 0) 976 if (err < 0)
@@ -1039,6 +1043,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1039 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) 1043 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list)
1040 sta_info_flush_defer(vlan); 1044 sta_info_flush_defer(vlan);
1041 sta_info_flush_defer(sdata); 1045 sta_info_flush_defer(sdata);
1046 synchronize_net();
1042 rcu_barrier(); 1047 rcu_barrier();
1043 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) { 1048 list_for_each_entry(vlan, &sdata->u.ap.vlans, u.vlan.list) {
1044 sta_info_flush_cleanup(vlan); 1049 sta_info_flush_cleanup(vlan);
@@ -1048,6 +1053,7 @@ static int ieee80211_stop_ap(struct wiphy *wiphy, struct net_device *dev)
1048 ieee80211_free_keys(sdata); 1053 ieee80211_free_keys(sdata);
1049 1054
1050 sdata->vif.bss_conf.enable_beacon = false; 1055 sdata->vif.bss_conf.enable_beacon = false;
1056 sdata->vif.bss_conf.ssid_len = 0;
1051 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); 1057 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1052 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 1058 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
1053 1059
@@ -1536,7 +1542,6 @@ static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1536 struct ieee80211_sub_if_data *sdata; 1542 struct ieee80211_sub_if_data *sdata;
1537 struct mesh_path *mpath; 1543 struct mesh_path *mpath;
1538 struct sta_info *sta; 1544 struct sta_info *sta;
1539 int err;
1540 1545
1541 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1546 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1542 1547
@@ -1547,17 +1552,12 @@ static int ieee80211_add_mpath(struct wiphy *wiphy, struct net_device *dev,
1547 return -ENOENT; 1552 return -ENOENT;
1548 } 1553 }
1549 1554
1550 err = mesh_path_add(sdata, dst); 1555 mpath = mesh_path_add(sdata, dst);
1551 if (err) { 1556 if (IS_ERR(mpath)) {
1552 rcu_read_unlock(); 1557 rcu_read_unlock();
1553 return err; 1558 return PTR_ERR(mpath);
1554 } 1559 }
1555 1560
1556 mpath = mesh_path_lookup(sdata, dst);
1557 if (!mpath) {
1558 rcu_read_unlock();
1559 return -ENXIO;
1560 }
1561 mesh_path_fix_nexthop(mpath, sta); 1561 mesh_path_fix_nexthop(mpath, sta);
1562 1562
1563 rcu_read_unlock(); 1563 rcu_read_unlock();
@@ -1961,12 +1961,20 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1961 } 1961 }
1962 1962
1963 if (params->p2p_ctwindow >= 0) { 1963 if (params->p2p_ctwindow >= 0) {
1964 sdata->vif.bss_conf.p2p_ctwindow = params->p2p_ctwindow; 1964 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
1965 ~IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1966 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
1967 params->p2p_ctwindow & IEEE80211_P2P_OPPPS_CTWINDOW_MASK;
1965 changed |= BSS_CHANGED_P2P_PS; 1968 changed |= BSS_CHANGED_P2P_PS;
1966 } 1969 }
1967 1970
1968 if (params->p2p_opp_ps >= 0) { 1971 if (params->p2p_opp_ps > 0) {
1969 sdata->vif.bss_conf.p2p_oppps = params->p2p_opp_ps; 1972 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow |=
1973 IEEE80211_P2P_OPPPS_ENABLE_BIT;
1974 changed |= BSS_CHANGED_P2P_PS;
1975 } else if (params->p2p_opp_ps == 0) {
1976 sdata->vif.bss_conf.p2p_noa_attr.oppps_ctwindow &=
1977 ~IEEE80211_P2P_OPPPS_ENABLE_BIT;
1970 changed |= BSS_CHANGED_P2P_PS; 1978 changed |= BSS_CHANGED_P2P_PS;
1971 } 1979 }
1972 1980
@@ -2410,9 +2418,22 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
2410 } 2418 }
2411 2419
2412 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 2420 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
2421 struct ieee80211_supported_band *sband = wiphy->bands[i];
2422 int j;
2423
2413 sdata->rc_rateidx_mask[i] = mask->control[i].legacy; 2424 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
2414 memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs, 2425 memcpy(sdata->rc_rateidx_mcs_mask[i], mask->control[i].mcs,
2415 sizeof(mask->control[i].mcs)); 2426 sizeof(mask->control[i].mcs));
2427
2428 sdata->rc_has_mcs_mask[i] = false;
2429 if (!sband)
2430 continue;
2431
2432 for (j = 0; j < IEEE80211_HT_MCS_MASK_LEN; j++)
2433 if (~sdata->rc_rateidx_mcs_mask[i][j]) {
2434 sdata->rc_has_mcs_mask[i] = true;
2435 break;
2436 }
2416 } 2437 }
2417 2438
2418 return 0; 2439 return 0;
@@ -3362,9 +3383,7 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
3362 if (local->use_chanctx) 3383 if (local->use_chanctx)
3363 *chandef = local->monitor_chandef; 3384 *chandef = local->monitor_chandef;
3364 else 3385 else
3365 cfg80211_chandef_create(chandef, 3386 *chandef = local->_oper_chandef;
3366 local->_oper_channel,
3367 local->_oper_channel_type);
3368 ret = 0; 3387 ret = 0;
3369 } 3388 }
3370 rcu_read_unlock(); 3389 rcu_read_unlock();
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 931be419ab5a..03e8d2e3270e 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -22,7 +22,7 @@ static void ieee80211_change_chanctx(struct ieee80211_local *local,
22 drv_change_chanctx(local, ctx, IEEE80211_CHANCTX_CHANGE_WIDTH); 22 drv_change_chanctx(local, ctx, IEEE80211_CHANCTX_CHANGE_WIDTH);
23 23
24 if (!local->use_chanctx) { 24 if (!local->use_chanctx) {
25 local->_oper_channel_type = cfg80211_get_chandef_type(chandef); 25 local->_oper_chandef = *chandef;
26 ieee80211_hw_config(local, 0); 26 ieee80211_hw_config(local, 0);
27 } 27 }
28} 28}
@@ -57,6 +57,22 @@ ieee80211_find_chanctx(struct ieee80211_local *local,
57 return NULL; 57 return NULL;
58} 58}
59 59
60static bool ieee80211_is_radar_required(struct ieee80211_local *local)
61{
62 struct ieee80211_sub_if_data *sdata;
63
64 rcu_read_lock();
65 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
66 if (sdata->radar_required) {
67 rcu_read_unlock();
68 return true;
69 }
70 }
71 rcu_read_unlock();
72
73 return false;
74}
75
60static struct ieee80211_chanctx * 76static struct ieee80211_chanctx *
61ieee80211_new_chanctx(struct ieee80211_local *local, 77ieee80211_new_chanctx(struct ieee80211_local *local,
62 const struct cfg80211_chan_def *chandef, 78 const struct cfg80211_chan_def *chandef,
@@ -76,6 +92,9 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
76 ctx->conf.rx_chains_static = 1; 92 ctx->conf.rx_chains_static = 1;
77 ctx->conf.rx_chains_dynamic = 1; 93 ctx->conf.rx_chains_dynamic = 1;
78 ctx->mode = mode; 94 ctx->mode = mode;
95 ctx->conf.radar_enabled = ieee80211_is_radar_required(local);
96 if (!local->use_chanctx)
97 local->hw.conf.radar_enabled = ctx->conf.radar_enabled;
79 98
80 /* acquire mutex to prevent idle from changing */ 99 /* acquire mutex to prevent idle from changing */
81 mutex_lock(&local->mtx); 100 mutex_lock(&local->mtx);
@@ -85,9 +104,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
85 ieee80211_hw_config(local, changed); 104 ieee80211_hw_config(local, changed);
86 105
87 if (!local->use_chanctx) { 106 if (!local->use_chanctx) {
88 local->_oper_channel_type = 107 local->_oper_chandef = *chandef;
89 cfg80211_get_chandef_type(chandef);
90 local->_oper_channel = chandef->chan;
91 ieee80211_hw_config(local, 0); 108 ieee80211_hw_config(local, 0);
92 } else { 109 } else {
93 err = drv_add_chanctx(local, ctx); 110 err = drv_add_chanctx(local, ctx);
@@ -112,12 +129,24 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
112static void ieee80211_free_chanctx(struct ieee80211_local *local, 129static void ieee80211_free_chanctx(struct ieee80211_local *local,
113 struct ieee80211_chanctx *ctx) 130 struct ieee80211_chanctx *ctx)
114{ 131{
132 bool check_single_channel = false;
115 lockdep_assert_held(&local->chanctx_mtx); 133 lockdep_assert_held(&local->chanctx_mtx);
116 134
117 WARN_ON_ONCE(ctx->refcount != 0); 135 WARN_ON_ONCE(ctx->refcount != 0);
118 136
119 if (!local->use_chanctx) { 137 if (!local->use_chanctx) {
120 local->_oper_channel_type = NL80211_CHAN_NO_HT; 138 struct cfg80211_chan_def *chandef = &local->_oper_chandef;
139 chandef->width = NL80211_CHAN_WIDTH_20_NOHT;
140 chandef->center_freq1 = chandef->chan->center_freq;
141 chandef->center_freq2 = 0;
142
143 /* NOTE: Disabling radar is only valid here for
144 * single channel context. To be sure, check it ...
145 */
146 if (local->hw.conf.radar_enabled)
147 check_single_channel = true;
148 local->hw.conf.radar_enabled = false;
149
121 ieee80211_hw_config(local, 0); 150 ieee80211_hw_config(local, 0);
122 } else { 151 } else {
123 drv_remove_chanctx(local, ctx); 152 drv_remove_chanctx(local, ctx);
@@ -126,6 +155,9 @@ static void ieee80211_free_chanctx(struct ieee80211_local *local,
126 list_del_rcu(&ctx->list); 155 list_del_rcu(&ctx->list);
127 kfree_rcu(ctx, rcu_head); 156 kfree_rcu(ctx, rcu_head);
128 157
158 /* throw a warning if this wasn't the only channel context. */
159 WARN_ON(check_single_channel && !list_empty(&local->chanctx_list));
160
129 mutex_lock(&local->mtx); 161 mutex_lock(&local->mtx);
130 ieee80211_recalc_idle(local); 162 ieee80211_recalc_idle(local);
131 mutex_unlock(&local->mtx); 163 mutex_unlock(&local->mtx);
@@ -237,19 +269,11 @@ static void __ieee80211_vif_release_channel(struct ieee80211_sub_if_data *sdata)
237void ieee80211_recalc_radar_chanctx(struct ieee80211_local *local, 269void ieee80211_recalc_radar_chanctx(struct ieee80211_local *local,
238 struct ieee80211_chanctx *chanctx) 270 struct ieee80211_chanctx *chanctx)
239{ 271{
240 struct ieee80211_sub_if_data *sdata; 272 bool radar_enabled;
241 bool radar_enabled = false;
242 273
243 lockdep_assert_held(&local->chanctx_mtx); 274 lockdep_assert_held(&local->chanctx_mtx);
244 275
245 rcu_read_lock(); 276 radar_enabled = ieee80211_is_radar_required(local);
246 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
247 if (sdata->radar_required) {
248 radar_enabled = true;
249 break;
250 }
251 }
252 rcu_read_unlock();
253 277
254 if (radar_enabled == chanctx->conf.radar_enabled) 278 if (radar_enabled == chanctx->conf.radar_enabled)
255 return; 279 return;
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index ddb426867904..14abcf44f974 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -124,6 +124,15 @@ static ssize_t ieee80211_if_fmt_##name( \
124 return scnprintf(buf, buflen, "%d\n", sdata->field / 16); \ 124 return scnprintf(buf, buflen, "%d\n", sdata->field / 16); \
125} 125}
126 126
127#define IEEE80211_IF_FMT_JIFFIES_TO_MS(name, field) \
128static ssize_t ieee80211_if_fmt_##name( \
129 const struct ieee80211_sub_if_data *sdata, \
130 char *buf, int buflen) \
131{ \
132 return scnprintf(buf, buflen, "%d\n", \
133 jiffies_to_msecs(sdata->field)); \
134}
135
127#define __IEEE80211_IF_FILE(name, _write) \ 136#define __IEEE80211_IF_FILE(name, _write) \
128static ssize_t ieee80211_if_read_##name(struct file *file, \ 137static ssize_t ieee80211_if_read_##name(struct file *file, \
129 char __user *userbuf, \ 138 char __user *userbuf, \
@@ -197,6 +206,7 @@ IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC);
197IEEE80211_IF_FILE(aid, u.mgd.aid, DEC); 206IEEE80211_IF_FILE(aid, u.mgd.aid, DEC);
198IEEE80211_IF_FILE(last_beacon, u.mgd.last_beacon_signal, DEC); 207IEEE80211_IF_FILE(last_beacon, u.mgd.last_beacon_signal, DEC);
199IEEE80211_IF_FILE(ave_beacon, u.mgd.ave_beacon_signal, DEC_DIV_16); 208IEEE80211_IF_FILE(ave_beacon, u.mgd.ave_beacon_signal, DEC_DIV_16);
209IEEE80211_IF_FILE(beacon_timeout, u.mgd.beacon_timeout, JIFFIES_TO_MS);
200 210
201static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata, 211static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
202 enum ieee80211_smps_mode smps_mode) 212 enum ieee80211_smps_mode smps_mode)
@@ -542,6 +552,7 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
542 DEBUGFS_ADD(aid); 552 DEBUGFS_ADD(aid);
543 DEBUGFS_ADD(last_beacon); 553 DEBUGFS_ADD(last_beacon);
544 DEBUGFS_ADD(ave_beacon); 554 DEBUGFS_ADD(ave_beacon);
555 DEBUGFS_ADD(beacon_timeout);
545 DEBUGFS_ADD_MODE(smps, 0600); 556 DEBUGFS_ADD_MODE(smps, 0600);
546 DEBUGFS_ADD_MODE(tkip_mic_test, 0200); 557 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
547 DEBUGFS_ADD_MODE(uapsd_queues, 0600); 558 DEBUGFS_ADD_MODE(uapsd_queues, 0600);
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 4f841fe559df..44e201d60a13 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -54,6 +54,7 @@ STA_FILE(aid, sta.aid, D);
54STA_FILE(dev, sdata->name, S); 54STA_FILE(dev, sdata->name, S);
55STA_FILE(last_signal, last_signal, D); 55STA_FILE(last_signal, last_signal, D);
56STA_FILE(last_ack_signal, last_ack_signal, D); 56STA_FILE(last_ack_signal, last_ack_signal, D);
57STA_FILE(beacon_loss_count, beacon_loss_count, D);
57 58
58static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 59static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
59 size_t count, loff_t *ppos) 60 size_t count, loff_t *ppos)
@@ -434,6 +435,7 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
434 DEBUGFS_ADD(agg_status); 435 DEBUGFS_ADD(agg_status);
435 DEBUGFS_ADD(dev); 436 DEBUGFS_ADD(dev);
436 DEBUGFS_ADD(last_signal); 437 DEBUGFS_ADD(last_signal);
438 DEBUGFS_ADD(beacon_loss_count);
437 DEBUGFS_ADD(ht_capa); 439 DEBUGFS_ADD(ht_capa);
438 DEBUGFS_ADD(vht_capa); 440 DEBUGFS_ADD(vht_capa);
439 DEBUGFS_ADD(last_ack_signal); 441 DEBUGFS_ADD(last_ack_signal);
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index 539d4a11b47b..170f9a7fa319 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -44,7 +44,6 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
44 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 44 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
45 struct ieee80211_local *local = sdata->local; 45 struct ieee80211_local *local = sdata->local;
46 int rates, i; 46 int rates, i;
47 struct sk_buff *skb;
48 struct ieee80211_mgmt *mgmt; 47 struct ieee80211_mgmt *mgmt;
49 u8 *pos; 48 u8 *pos;
50 struct ieee80211_supported_band *sband; 49 struct ieee80211_supported_band *sband;
@@ -52,20 +51,14 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
52 u32 bss_change; 51 u32 bss_change;
53 u8 supp_rates[IEEE80211_MAX_SUPP_RATES]; 52 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
54 struct cfg80211_chan_def chandef; 53 struct cfg80211_chan_def chandef;
54 struct beacon_data *presp;
55 int frame_len;
55 56
56 lockdep_assert_held(&ifibss->mtx); 57 lockdep_assert_held(&ifibss->mtx);
57 58
58 /* Reset own TSF to allow time synchronization work. */ 59 /* Reset own TSF to allow time synchronization work. */
59 drv_reset_tsf(local, sdata); 60 drv_reset_tsf(local, sdata);
60 61
61 skb = ifibss->skb;
62 RCU_INIT_POINTER(ifibss->presp, NULL);
63 synchronize_rcu();
64 skb->data = skb->head;
65 skb->len = 0;
66 skb_reset_tail_pointer(skb);
67 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
68
69 if (!ether_addr_equal(ifibss->bssid, bssid)) 62 if (!ether_addr_equal(ifibss->bssid, bssid))
70 sta_info_flush(sdata); 63 sta_info_flush(sdata);
71 64
@@ -73,10 +66,19 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
73 if (sdata->vif.bss_conf.ibss_joined) { 66 if (sdata->vif.bss_conf.ibss_joined) {
74 sdata->vif.bss_conf.ibss_joined = false; 67 sdata->vif.bss_conf.ibss_joined = false;
75 sdata->vif.bss_conf.ibss_creator = false; 68 sdata->vif.bss_conf.ibss_creator = false;
69 sdata->vif.bss_conf.enable_beacon = false;
76 netif_carrier_off(sdata->dev); 70 netif_carrier_off(sdata->dev);
77 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_IBSS); 71 ieee80211_bss_info_change_notify(sdata,
72 BSS_CHANGED_IBSS |
73 BSS_CHANGED_BEACON_ENABLED);
78 } 74 }
79 75
76 presp = rcu_dereference_protected(ifibss->presp,
77 lockdep_is_held(&ifibss->mtx));
78 rcu_assign_pointer(ifibss->presp, NULL);
79 if (presp)
80 kfree_rcu(presp, rcu_head);
81
80 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0; 82 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0;
81 83
82 cfg80211_chandef_create(&chandef, chan, ifibss->channel_type); 84 cfg80211_chandef_create(&chandef, chan, ifibss->channel_type);
@@ -98,19 +100,24 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
98 100
99 sband = local->hw.wiphy->bands[chan->band]; 101 sband = local->hw.wiphy->bands[chan->band];
100 102
101 /* build supported rates array */
102 pos = supp_rates;
103 for (i = 0; i < sband->n_bitrates; i++) {
104 int rate = sband->bitrates[i].bitrate;
105 u8 basic = 0;
106 if (basic_rates & BIT(i))
107 basic = 0x80;
108 *pos++ = basic | (u8) (rate / 5);
109 }
110
111 /* Build IBSS probe response */ 103 /* Build IBSS probe response */
112 mgmt = (void *) skb_put(skb, 24 + sizeof(mgmt->u.beacon)); 104 frame_len = sizeof(struct ieee80211_hdr_3addr) +
113 memset(mgmt, 0, 24 + sizeof(mgmt->u.beacon)); 105 12 /* struct ieee80211_mgmt.u.beacon */ +
106 2 + IEEE80211_MAX_SSID_LEN /* max SSID */ +
107 2 + 8 /* max Supported Rates */ +
108 3 /* max DS params */ +
109 4 /* IBSS params */ +
110 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
111 2 + sizeof(struct ieee80211_ht_cap) +
112 2 + sizeof(struct ieee80211_ht_operation) +
113 ifibss->ie_len;
114 presp = kzalloc(sizeof(*presp) + frame_len, GFP_KERNEL);
115 if (!presp)
116 return;
117
118 presp->head = (void *)(presp + 1);
119
120 mgmt = (void *) presp->head;
114 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 121 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
115 IEEE80211_STYPE_PROBE_RESP); 122 IEEE80211_STYPE_PROBE_RESP);
116 eth_broadcast_addr(mgmt->da); 123 eth_broadcast_addr(mgmt->da);
@@ -120,27 +127,30 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
120 mgmt->u.beacon.timestamp = cpu_to_le64(tsf); 127 mgmt->u.beacon.timestamp = cpu_to_le64(tsf);
121 mgmt->u.beacon.capab_info = cpu_to_le16(capability); 128 mgmt->u.beacon.capab_info = cpu_to_le16(capability);
122 129
123 pos = skb_put(skb, 2 + ifibss->ssid_len); 130 pos = (u8 *)mgmt + offsetof(struct ieee80211_mgmt, u.beacon.variable);
131
124 *pos++ = WLAN_EID_SSID; 132 *pos++ = WLAN_EID_SSID;
125 *pos++ = ifibss->ssid_len; 133 *pos++ = ifibss->ssid_len;
126 memcpy(pos, ifibss->ssid, ifibss->ssid_len); 134 memcpy(pos, ifibss->ssid, ifibss->ssid_len);
135 pos += ifibss->ssid_len;
127 136
128 rates = sband->n_bitrates; 137 rates = min_t(int, 8, sband->n_bitrates);
129 if (rates > 8)
130 rates = 8;
131 pos = skb_put(skb, 2 + rates);
132 *pos++ = WLAN_EID_SUPP_RATES; 138 *pos++ = WLAN_EID_SUPP_RATES;
133 *pos++ = rates; 139 *pos++ = rates;
134 memcpy(pos, supp_rates, rates); 140 for (i = 0; i < rates; i++) {
141 int rate = sband->bitrates[i].bitrate;
142 u8 basic = 0;
143 if (basic_rates & BIT(i))
144 basic = 0x80;
145 *pos++ = basic | (u8) (rate / 5);
146 }
135 147
136 if (sband->band == IEEE80211_BAND_2GHZ) { 148 if (sband->band == IEEE80211_BAND_2GHZ) {
137 pos = skb_put(skb, 2 + 1);
138 *pos++ = WLAN_EID_DS_PARAMS; 149 *pos++ = WLAN_EID_DS_PARAMS;
139 *pos++ = 1; 150 *pos++ = 1;
140 *pos++ = ieee80211_frequency_to_channel(chan->center_freq); 151 *pos++ = ieee80211_frequency_to_channel(chan->center_freq);
141 } 152 }
142 153
143 pos = skb_put(skb, 2 + 2);
144 *pos++ = WLAN_EID_IBSS_PARAMS; 154 *pos++ = WLAN_EID_IBSS_PARAMS;
145 *pos++ = 2; 155 *pos++ = 2;
146 /* FIX: set ATIM window based on scan results */ 156 /* FIX: set ATIM window based on scan results */
@@ -148,23 +158,25 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
148 *pos++ = 0; 158 *pos++ = 0;
149 159
150 if (sband->n_bitrates > 8) { 160 if (sband->n_bitrates > 8) {
151 rates = sband->n_bitrates - 8;
152 pos = skb_put(skb, 2 + rates);
153 *pos++ = WLAN_EID_EXT_SUPP_RATES; 161 *pos++ = WLAN_EID_EXT_SUPP_RATES;
154 *pos++ = rates; 162 *pos++ = sband->n_bitrates - 8;
155 memcpy(pos, &supp_rates[8], rates); 163 for (i = 8; i < sband->n_bitrates; i++) {
164 int rate = sband->bitrates[i].bitrate;
165 u8 basic = 0;
166 if (basic_rates & BIT(i))
167 basic = 0x80;
168 *pos++ = basic | (u8) (rate / 5);
169 }
156 } 170 }
157 171
158 if (ifibss->ie_len) 172 if (ifibss->ie_len) {
159 memcpy(skb_put(skb, ifibss->ie_len), 173 memcpy(pos, ifibss->ie, ifibss->ie_len);
160 ifibss->ie, ifibss->ie_len); 174 pos += ifibss->ie_len;
175 }
161 176
162 /* add HT capability and information IEs */ 177 /* add HT capability and information IEs */
163 if (chandef.width != NL80211_CHAN_WIDTH_20_NOHT && 178 if (chandef.width != NL80211_CHAN_WIDTH_20_NOHT &&
164 sband->ht_cap.ht_supported) { 179 sband->ht_cap.ht_supported) {
165 pos = skb_put(skb, 4 +
166 sizeof(struct ieee80211_ht_cap) +
167 sizeof(struct ieee80211_ht_operation));
168 pos = ieee80211_ie_build_ht_cap(pos, &sband->ht_cap, 180 pos = ieee80211_ie_build_ht_cap(pos, &sband->ht_cap,
169 sband->ht_cap.cap); 181 sband->ht_cap.cap);
170 /* 182 /*
@@ -177,7 +189,6 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
177 } 189 }
178 190
179 if (local->hw.queues >= IEEE80211_NUM_ACS) { 191 if (local->hw.queues >= IEEE80211_NUM_ACS) {
180 pos = skb_put(skb, 9);
181 *pos++ = WLAN_EID_VENDOR_SPECIFIC; 192 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
182 *pos++ = 7; /* len */ 193 *pos++ = 7; /* len */
183 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */ 194 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
@@ -189,11 +200,17 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
189 *pos++ = 0; /* U-APSD no in use */ 200 *pos++ = 0; /* U-APSD no in use */
190 } 201 }
191 202
192 rcu_assign_pointer(ifibss->presp, skb); 203 presp->head_len = pos - presp->head;
204 if (WARN_ON(presp->head_len > frame_len))
205 return;
206
207 rcu_assign_pointer(ifibss->presp, presp);
193 208
194 sdata->vif.bss_conf.enable_beacon = true; 209 sdata->vif.bss_conf.enable_beacon = true;
195 sdata->vif.bss_conf.beacon_int = beacon_int; 210 sdata->vif.bss_conf.beacon_int = beacon_int;
196 sdata->vif.bss_conf.basic_rates = basic_rates; 211 sdata->vif.bss_conf.basic_rates = basic_rates;
212 sdata->vif.bss_conf.ssid_len = ifibss->ssid_len;
213 memcpy(sdata->vif.bss_conf.ssid, ifibss->ssid, ifibss->ssid_len);
197 bss_change = BSS_CHANGED_BEACON_INT; 214 bss_change = BSS_CHANGED_BEACON_INT;
198 bss_change |= ieee80211_reset_erp_info(sdata); 215 bss_change |= ieee80211_reset_erp_info(sdata);
199 bss_change |= BSS_CHANGED_BSSID; 216 bss_change |= BSS_CHANGED_BSSID;
@@ -202,6 +219,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
202 bss_change |= BSS_CHANGED_BASIC_RATES; 219 bss_change |= BSS_CHANGED_BASIC_RATES;
203 bss_change |= BSS_CHANGED_HT; 220 bss_change |= BSS_CHANGED_HT;
204 bss_change |= BSS_CHANGED_IBSS; 221 bss_change |= BSS_CHANGED_IBSS;
222 bss_change |= BSS_CHANGED_SSID;
205 223
206 /* 224 /*
207 * In 5 GHz/802.11a, we can always use short slot time. 225 * In 5 GHz/802.11a, we can always use short slot time.
@@ -227,7 +245,7 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
227 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL)); 245 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
228 246
229 bss = cfg80211_inform_bss_frame(local->hw.wiphy, chan, 247 bss = cfg80211_inform_bss_frame(local->hw.wiphy, chan,
230 mgmt, skb->len, 0, GFP_KERNEL); 248 mgmt, presp->head_len, 0, GFP_KERNEL);
231 cfg80211_put_bss(local->hw.wiphy, bss); 249 cfg80211_put_bss(local->hw.wiphy, bss);
232 netif_carrier_on(sdata->dev); 250 netif_carrier_on(sdata->dev);
233 cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL); 251 cfg80211_ibss_joined(sdata->dev, ifibss->bssid, GFP_KERNEL);
@@ -448,7 +466,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
448 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band]; 466 struct ieee80211_supported_band *sband = local->hw.wiphy->bands[band];
449 bool rates_updated = false; 467 bool rates_updated = false;
450 468
451 if (elems->ds_params && elems->ds_params_len == 1) 469 if (elems->ds_params)
452 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 470 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
453 band); 471 band);
454 else 472 else
@@ -822,8 +840,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
822 struct ieee80211_local *local = sdata->local; 840 struct ieee80211_local *local = sdata->local;
823 int tx_last_beacon, len = req->len; 841 int tx_last_beacon, len = req->len;
824 struct sk_buff *skb; 842 struct sk_buff *skb;
825 struct ieee80211_mgmt *resp; 843 struct beacon_data *presp;
826 struct sk_buff *presp;
827 u8 *pos, *end; 844 u8 *pos, *end;
828 845
829 lockdep_assert_held(&ifibss->mtx); 846 lockdep_assert_held(&ifibss->mtx);
@@ -864,13 +881,15 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
864 } 881 }
865 882
866 /* Reply with ProbeResp */ 883 /* Reply with ProbeResp */
867 skb = skb_copy(presp, GFP_KERNEL); 884 skb = dev_alloc_skb(local->tx_headroom + presp->head_len);
868 if (!skb) 885 if (!skb)
869 return; 886 return;
870 887
871 resp = (struct ieee80211_mgmt *) skb->data; 888 skb_reserve(skb, local->tx_headroom);
872 memcpy(resp->da, mgmt->sa, ETH_ALEN); 889 memcpy(skb_put(skb, presp->head_len), presp->head, presp->head_len);
873 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", resp->da); 890
891 memcpy(((struct ieee80211_mgmt *) skb->data)->da, mgmt->sa, ETH_ALEN);
892 ibss_dbg(sdata, "Sending ProbeResp to %pM\n", mgmt->sa);
874 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 893 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
875 ieee80211_tx_skb(sdata, skb); 894 ieee80211_tx_skb(sdata, skb);
876} 895}
@@ -895,7 +914,7 @@ void ieee80211_rx_mgmt_probe_beacon(struct ieee80211_sub_if_data *sdata,
895 return; 914 return;
896 915
897 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 916 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
898 &elems); 917 false, &elems);
899 918
900 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 919 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
901} 920}
@@ -1020,23 +1039,8 @@ void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local)
1020int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, 1039int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1021 struct cfg80211_ibss_params *params) 1040 struct cfg80211_ibss_params *params)
1022{ 1041{
1023 struct sk_buff *skb;
1024 u32 changed = 0; 1042 u32 changed = 0;
1025 1043
1026 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom +
1027 sizeof(struct ieee80211_hdr_3addr) +
1028 12 /* struct ieee80211_mgmt.u.beacon */ +
1029 2 + IEEE80211_MAX_SSID_LEN /* max SSID */ +
1030 2 + 8 /* max Supported Rates */ +
1031 3 /* max DS params */ +
1032 4 /* IBSS params */ +
1033 2 + (IEEE80211_MAX_SUPP_RATES - 8) +
1034 2 + sizeof(struct ieee80211_ht_cap) +
1035 2 + sizeof(struct ieee80211_ht_operation) +
1036 params->ie_len);
1037 if (!skb)
1038 return -ENOMEM;
1039
1040 mutex_lock(&sdata->u.ibss.mtx); 1044 mutex_lock(&sdata->u.ibss.mtx);
1041 1045
1042 if (params->bssid) { 1046 if (params->bssid) {
@@ -1065,7 +1069,6 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1065 sdata->u.ibss.ie_len = params->ie_len; 1069 sdata->u.ibss.ie_len = params->ie_len;
1066 } 1070 }
1067 1071
1068 sdata->u.ibss.skb = skb;
1069 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 1072 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
1070 sdata->u.ibss.ibss_join_req = jiffies; 1073 sdata->u.ibss.ibss_join_req = jiffies;
1071 1074
@@ -1101,13 +1104,13 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1101 1104
1102int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata) 1105int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
1103{ 1106{
1104 struct sk_buff *skb;
1105 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 1107 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
1106 struct ieee80211_local *local = sdata->local; 1108 struct ieee80211_local *local = sdata->local;
1107 struct cfg80211_bss *cbss; 1109 struct cfg80211_bss *cbss;
1108 u16 capability; 1110 u16 capability;
1109 int active_ibss; 1111 int active_ibss;
1110 struct sta_info *sta; 1112 struct sta_info *sta;
1113 struct beacon_data *presp;
1111 1114
1112 mutex_lock(&sdata->u.ibss.mtx); 1115 mutex_lock(&sdata->u.ibss.mtx);
1113 1116
@@ -1153,17 +1156,18 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
1153 1156
1154 /* remove beacon */ 1157 /* remove beacon */
1155 kfree(sdata->u.ibss.ie); 1158 kfree(sdata->u.ibss.ie);
1156 skb = rcu_dereference_protected(sdata->u.ibss.presp, 1159 presp = rcu_dereference_protected(ifibss->presp,
1157 lockdep_is_held(&sdata->u.ibss.mtx)); 1160 lockdep_is_held(&sdata->u.ibss.mtx));
1158 RCU_INIT_POINTER(sdata->u.ibss.presp, NULL); 1161 RCU_INIT_POINTER(sdata->u.ibss.presp, NULL);
1159 sdata->vif.bss_conf.ibss_joined = false; 1162 sdata->vif.bss_conf.ibss_joined = false;
1160 sdata->vif.bss_conf.ibss_creator = false; 1163 sdata->vif.bss_conf.ibss_creator = false;
1161 sdata->vif.bss_conf.enable_beacon = false; 1164 sdata->vif.bss_conf.enable_beacon = false;
1165 sdata->vif.bss_conf.ssid_len = 0;
1162 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state); 1166 clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, &sdata->state);
1163 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | 1167 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
1164 BSS_CHANGED_IBSS); 1168 BSS_CHANGED_IBSS);
1165 synchronize_rcu(); 1169 synchronize_rcu();
1166 kfree_skb(skb); 1170 kfree(presp);
1167 1171
1168 skb_queue_purge(&sdata->skb_queue); 1172 skb_queue_purge(&sdata->skb_queue);
1169 1173
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 0b09716d22ad..158e6eb188d3 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -156,6 +156,7 @@ struct ieee80211_tx_data {
156 struct ieee80211_sub_if_data *sdata; 156 struct ieee80211_sub_if_data *sdata;
157 struct sta_info *sta; 157 struct sta_info *sta;
158 struct ieee80211_key *key; 158 struct ieee80211_key *key;
159 struct ieee80211_tx_rate rate;
159 160
160 unsigned int flags; 161 unsigned int flags;
161}; 162};
@@ -443,7 +444,7 @@ struct ieee80211_if_managed {
443 444
444 u8 use_4addr; 445 u8 use_4addr;
445 446
446 u8 p2p_noa_index; 447 s16 p2p_noa_index;
447 448
448 /* Signal strength from the last Beacon frame in the current BSS. */ 449 /* Signal strength from the last Beacon frame in the current BSS. */
449 int last_beacon_signal; 450 int last_beacon_signal;
@@ -509,8 +510,7 @@ struct ieee80211_if_ibss {
509 510
510 unsigned long ibss_join_req; 511 unsigned long ibss_join_req;
511 /* probe response/beacon for IBSS */ 512 /* probe response/beacon for IBSS */
512 struct sk_buff __rcu *presp; 513 struct beacon_data __rcu *presp;
513 struct sk_buff *skb;
514 514
515 spinlock_t incomplete_lock; 515 spinlock_t incomplete_lock;
516 struct list_head incomplete_stations; 516 struct list_head incomplete_stations;
@@ -741,6 +741,8 @@ struct ieee80211_sub_if_data {
741 741
742 /* bitmap of allowed (non-MCS) rate indexes for rate control */ 742 /* bitmap of allowed (non-MCS) rate indexes for rate control */
743 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS]; 743 u32 rc_rateidx_mask[IEEE80211_NUM_BANDS];
744
745 bool rc_has_mcs_mask[IEEE80211_NUM_BANDS];
744 u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN]; 746 u8 rc_rateidx_mcs_mask[IEEE80211_NUM_BANDS][IEEE80211_HT_MCS_MASK_LEN];
745 747
746 union { 748 union {
@@ -1021,10 +1023,9 @@ struct ieee80211_local {
1021 enum mac80211_scan_state next_scan_state; 1023 enum mac80211_scan_state next_scan_state;
1022 struct delayed_work scan_work; 1024 struct delayed_work scan_work;
1023 struct ieee80211_sub_if_data __rcu *scan_sdata; 1025 struct ieee80211_sub_if_data __rcu *scan_sdata;
1024 struct ieee80211_channel *csa_channel; 1026 struct cfg80211_chan_def csa_chandef;
1025 /* For backward compatibility only -- do not use */ 1027 /* For backward compatibility only -- do not use */
1026 struct ieee80211_channel *_oper_channel; 1028 struct cfg80211_chan_def _oper_chandef;
1027 enum nl80211_channel_type _oper_channel_type;
1028 1029
1029 /* Temporary remain-on-channel for off-channel operations */ 1030 /* Temporary remain-on-channel for off-channel operations */
1030 struct ieee80211_channel *tmp_channel; 1031 struct ieee80211_channel *tmp_channel;
@@ -1160,11 +1161,8 @@ struct ieee802_11_elems {
1160 /* pointers to IEs */ 1161 /* pointers to IEs */
1161 const u8 *ssid; 1162 const u8 *ssid;
1162 const u8 *supp_rates; 1163 const u8 *supp_rates;
1163 const u8 *fh_params;
1164 const u8 *ds_params; 1164 const u8 *ds_params;
1165 const u8 *cf_params;
1166 const struct ieee80211_tim_ie *tim; 1165 const struct ieee80211_tim_ie *tim;
1167 const u8 *ibss_params;
1168 const u8 *challenge; 1166 const u8 *challenge;
1169 const u8 *rsn; 1167 const u8 *rsn;
1170 const u8 *erp_info; 1168 const u8 *erp_info;
@@ -1184,23 +1182,20 @@ struct ieee802_11_elems {
1184 const u8 *perr; 1182 const u8 *perr;
1185 const struct ieee80211_rann_ie *rann; 1183 const struct ieee80211_rann_ie *rann;
1186 const struct ieee80211_channel_sw_ie *ch_switch_ie; 1184 const struct ieee80211_channel_sw_ie *ch_switch_ie;
1185 const struct ieee80211_ext_chansw_ie *ext_chansw_ie;
1186 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1187 const u8 *country_elem; 1187 const u8 *country_elem;
1188 const u8 *pwr_constr_elem; 1188 const u8 *pwr_constr_elem;
1189 const u8 *quiet_elem; /* first quite element */ 1189 const struct ieee80211_timeout_interval_ie *timeout_int;
1190 const u8 *timeout_int;
1191 const u8 *opmode_notif; 1190 const u8 *opmode_notif;
1191 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1192 1192
1193 /* length of them, respectively */ 1193 /* length of them, respectively */
1194 u8 ssid_len; 1194 u8 ssid_len;
1195 u8 supp_rates_len; 1195 u8 supp_rates_len;
1196 u8 fh_params_len;
1197 u8 ds_params_len;
1198 u8 cf_params_len;
1199 u8 tim_len; 1196 u8 tim_len;
1200 u8 ibss_params_len;
1201 u8 challenge_len; 1197 u8 challenge_len;
1202 u8 rsn_len; 1198 u8 rsn_len;
1203 u8 erp_info_len;
1204 u8 ext_supp_rates_len; 1199 u8 ext_supp_rates_len;
1205 u8 wmm_info_len; 1200 u8 wmm_info_len;
1206 u8 wmm_param_len; 1201 u8 wmm_param_len;
@@ -1210,9 +1205,6 @@ struct ieee802_11_elems {
1210 u8 prep_len; 1205 u8 prep_len;
1211 u8 perr_len; 1206 u8 perr_len;
1212 u8 country_elem_len; 1207 u8 country_elem_len;
1213 u8 quiet_elem_len;
1214 u8 num_of_quiet_elem; /* can be more the one */
1215 u8 timeout_int_len;
1216 1208
1217 /* whether a parse error occurred while retrieving these elements */ 1209 /* whether a parse error occurred while retrieving these elements */
1218 bool parse_error; 1210 bool parse_error;
@@ -1267,10 +1259,6 @@ void ieee80211_recalc_ps_vif(struct ieee80211_sub_if_data *sdata);
1267int ieee80211_max_network_latency(struct notifier_block *nb, 1259int ieee80211_max_network_latency(struct notifier_block *nb,
1268 unsigned long data, void *dummy); 1260 unsigned long data, void *dummy);
1269int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata); 1261int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata);
1270void
1271ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1272 const struct ieee80211_channel_sw_ie *sw_elem,
1273 struct ieee80211_bss *bss, u64 timestamp);
1274void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata); 1262void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
1275void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1263void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1276 struct sk_buff *skb); 1264 struct sk_buff *skb);
@@ -1330,7 +1318,8 @@ void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local);
1330void ieee80211_offchannel_return(struct ieee80211_local *local); 1318void ieee80211_offchannel_return(struct ieee80211_local *local);
1331void ieee80211_roc_setup(struct ieee80211_local *local); 1319void ieee80211_roc_setup(struct ieee80211_local *local);
1332void ieee80211_start_next_roc(struct ieee80211_local *local); 1320void ieee80211_start_next_roc(struct ieee80211_local *local);
1333void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); 1321void ieee80211_roc_purge(struct ieee80211_local *local,
1322 struct ieee80211_sub_if_data *sdata);
1334void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free); 1323void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
1335void ieee80211_sw_roc_work(struct work_struct *work); 1324void ieee80211_sw_roc_work(struct work_struct *work);
1336void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc); 1325void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
@@ -1351,6 +1340,8 @@ void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1351 const int offset); 1340 const int offset);
1352int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up); 1341int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up);
1353void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata); 1342void ieee80211_sdata_stop(struct ieee80211_sub_if_data *sdata);
1343int ieee80211_add_virtual_monitor(struct ieee80211_local *local);
1344void ieee80211_del_virtual_monitor(struct ieee80211_local *local);
1354 1345
1355bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); 1346bool __ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
1356void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata); 1347void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata);
@@ -1505,11 +1496,15 @@ static inline void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata,
1505 ieee80211_tx_skb_tid(sdata, skb, 7); 1496 ieee80211_tx_skb_tid(sdata, skb, 7);
1506} 1497}
1507 1498
1508void ieee802_11_parse_elems(u8 *start, size_t len, 1499u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action,
1509 struct ieee802_11_elems *elems);
1510u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
1511 struct ieee802_11_elems *elems, 1500 struct ieee802_11_elems *elems,
1512 u64 filter, u32 crc); 1501 u64 filter, u32 crc);
1502static inline void ieee802_11_parse_elems(u8 *start, size_t len, bool action,
1503 struct ieee802_11_elems *elems)
1504{
1505 ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0);
1506}
1507
1513u32 ieee80211_mandatory_rates(struct ieee80211_local *local, 1508u32 ieee80211_mandatory_rates(struct ieee80211_local *local,
1514 enum ieee80211_band band); 1509 enum ieee80211_band band);
1515 1510
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index e8a260f53c16..60f1ce5e5e52 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Interface handling (except master interface) 2 * Interface handling
3 * 3 *
4 * Copyright 2002-2005, Instant802 Networks, Inc. 4 * Copyright 2002-2005, Instant802 Networks, Inc.
5 * Copyright 2005-2006, Devicescape Software, Inc. 5 * Copyright 2005-2006, Devicescape Software, Inc.
@@ -357,7 +357,7 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
357 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE; 357 sdata->vif.cab_queue = IEEE80211_INVAL_HW_QUEUE;
358} 358}
359 359
360static int ieee80211_add_virtual_monitor(struct ieee80211_local *local) 360int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
361{ 361{
362 struct ieee80211_sub_if_data *sdata; 362 struct ieee80211_sub_if_data *sdata;
363 int ret; 363 int ret;
@@ -410,7 +410,7 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
410 return 0; 410 return 0;
411} 411}
412 412
413static void ieee80211_del_virtual_monitor(struct ieee80211_local *local) 413void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
414{ 414{
415 struct ieee80211_sub_if_data *sdata; 415 struct ieee80211_sub_if_data *sdata;
416 416
@@ -595,7 +595,8 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
595 case NL80211_IFTYPE_P2P_DEVICE: 595 case NL80211_IFTYPE_P2P_DEVICE:
596 break; 596 break;
597 default: 597 default:
598 netif_carrier_on(dev); 598 /* not reached */
599 WARN_ON(1);
599 } 600 }
600 601
601 /* 602 /*
@@ -652,8 +653,28 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
652 653
653 ieee80211_recalc_ps(local, -1); 654 ieee80211_recalc_ps(local, -1);
654 655
655 if (dev) 656 if (dev) {
656 netif_tx_start_all_queues(dev); 657 unsigned long flags;
658 int n_acs = IEEE80211_NUM_ACS;
659 int ac;
660
661 if (local->hw.queues < IEEE80211_NUM_ACS)
662 n_acs = 1;
663
664 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
665 if (sdata->vif.cab_queue == IEEE80211_INVAL_HW_QUEUE ||
666 (local->queue_stop_reasons[sdata->vif.cab_queue] == 0 &&
667 skb_queue_empty(&local->pending[sdata->vif.cab_queue]))) {
668 for (ac = 0; ac < n_acs; ac++) {
669 int ac_queue = sdata->vif.hw_queue[ac];
670
671 if (local->queue_stop_reasons[ac_queue] == 0 &&
672 skb_queue_empty(&local->pending[ac_queue]))
673 netif_start_subqueue(dev, ac);
674 }
675 }
676 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
677 }
657 678
658 return 0; 679 return 0;
659 err_del_interface: 680 err_del_interface:
@@ -707,7 +728,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
707 if (sdata->dev) 728 if (sdata->dev)
708 netif_tx_stop_all_queues(sdata->dev); 729 netif_tx_stop_all_queues(sdata->dev);
709 730
710 ieee80211_roc_purge(sdata); 731 ieee80211_roc_purge(local, sdata);
711 732
712 if (sdata->vif.type == NL80211_IFTYPE_STATION) 733 if (sdata->vif.type == NL80211_IFTYPE_STATION)
713 ieee80211_mgd_stop(sdata); 734 ieee80211_mgd_stop(sdata);
@@ -732,12 +753,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
732 WARN_ON_ONCE((sdata->vif.type != NL80211_IFTYPE_WDS && flushed > 0) || 753 WARN_ON_ONCE((sdata->vif.type != NL80211_IFTYPE_WDS && flushed > 0) ||
733 (sdata->vif.type == NL80211_IFTYPE_WDS && flushed != 1)); 754 (sdata->vif.type == NL80211_IFTYPE_WDS && flushed != 1));
734 755
735 /* 756 /* don't count this interface for promisc/allmulti while it is down */
736 * Don't count this interface for promisc/allmulti while it
737 * is down. dev_mc_unsync() will invoke set_multicast_list
738 * on the master interface which will sync these down to the
739 * hardware as filter flags.
740 */
741 if (sdata->flags & IEEE80211_SDATA_ALLMULTI) 757 if (sdata->flags & IEEE80211_SDATA_ALLMULTI)
742 atomic_dec(&local->iff_allmultis); 758 atomic_dec(&local->iff_allmultis);
743 759
@@ -758,8 +774,6 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
758 sdata->dev->addr_len); 774 sdata->dev->addr_len);
759 spin_unlock_bh(&local->filter_lock); 775 spin_unlock_bh(&local->filter_lock);
760 netif_addr_unlock_bh(sdata->dev); 776 netif_addr_unlock_bh(sdata->dev);
761
762 ieee80211_configure_filter(local);
763 } 777 }
764 778
765 del_timer_sync(&local->dynamic_ps_timer); 779 del_timer_sync(&local->dynamic_ps_timer);
@@ -770,6 +784,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
770 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work); 784 cancel_delayed_work_sync(&sdata->dfs_cac_timer_work);
771 785
772 if (sdata->wdev.cac_started) { 786 if (sdata->wdev.cac_started) {
787 WARN_ON(local->suspended);
773 mutex_lock(&local->iflist_mtx); 788 mutex_lock(&local->iflist_mtx);
774 ieee80211_vif_release_channel(sdata); 789 ieee80211_vif_release_channel(sdata);
775 mutex_unlock(&local->iflist_mtx); 790 mutex_unlock(&local->iflist_mtx);
@@ -820,14 +835,9 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
820 if (local->monitors == 0) { 835 if (local->monitors == 0) {
821 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR; 836 local->hw.conf.flags &= ~IEEE80211_CONF_MONITOR;
822 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR; 837 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
823 ieee80211_del_virtual_monitor(local);
824 } 838 }
825 839
826 ieee80211_adjust_monitor_flags(sdata, -1); 840 ieee80211_adjust_monitor_flags(sdata, -1);
827 ieee80211_configure_filter(local);
828 mutex_lock(&local->mtx);
829 ieee80211_recalc_idle(local);
830 mutex_unlock(&local->mtx);
831 break; 841 break;
832 case NL80211_IFTYPE_P2P_DEVICE: 842 case NL80211_IFTYPE_P2P_DEVICE:
833 /* relies on synchronize_rcu() below */ 843 /* relies on synchronize_rcu() below */
@@ -840,11 +850,12 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
840 * 850 *
841 * sta_info_flush_cleanup() requires rcu_barrier() 851 * sta_info_flush_cleanup() requires rcu_barrier()
842 * first to wait for the station call_rcu() calls 852 * first to wait for the station call_rcu() calls
843 * to complete, here we need at least sychronize_rcu() 853 * to complete, and we also need synchronize_rcu()
844 * it to wait for the RX path in case it is using the 854 * to wait for the RX path in case it is using the
845 * interface and enqueuing frames at this very time on 855 * interface and enqueuing frames at this very time on
846 * another CPU. 856 * another CPU.
847 */ 857 */
858 synchronize_rcu();
848 rcu_barrier(); 859 rcu_barrier();
849 sta_info_flush_cleanup(sdata); 860 sta_info_flush_cleanup(sdata);
850 861
@@ -857,27 +868,10 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
857 /* fall through */ 868 /* fall through */
858 case NL80211_IFTYPE_AP: 869 case NL80211_IFTYPE_AP:
859 skb_queue_purge(&sdata->skb_queue); 870 skb_queue_purge(&sdata->skb_queue);
860
861 if (going_down)
862 drv_remove_interface(local, sdata);
863 } 871 }
864 872
865 sdata->bss = NULL; 873 sdata->bss = NULL;
866 874
867 ieee80211_recalc_ps(local, -1);
868
869 if (local->open_count == 0) {
870 ieee80211_clear_tx_pending(local);
871 ieee80211_stop_device(local);
872
873 /* no reconfiguring after stop! */
874 hw_reconf_flags = 0;
875 }
876
877 /* do after stop to avoid reconfiguring when we stop anyway */
878 if (hw_reconf_flags)
879 ieee80211_hw_config(local, hw_reconf_flags);
880
881 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 875 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
882 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) { 876 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
883 skb_queue_walk_safe(&local->pending[i], skb, tmp) { 877 skb_queue_walk_safe(&local->pending[i], skb, tmp) {
@@ -890,7 +884,54 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
890 } 884 }
891 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 885 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
892 886
893 if (local->monitors == local->open_count && local->monitors > 0) 887 if (local->open_count == 0)
888 ieee80211_clear_tx_pending(local);
889
890 /*
891 * If the interface goes down while suspended, presumably because
892 * the device was unplugged and that happens before our resume,
893 * then the driver is already unconfigured and the remainder of
894 * this function isn't needed.
895 * XXX: what about WoWLAN? If the device has software state, e.g.
896 * memory allocated, it might expect teardown commands from
897 * mac80211 here?
898 */
899 if (local->suspended) {
900 WARN_ON(local->wowlan);
901 WARN_ON(rtnl_dereference(local->monitor_sdata));
902 return;
903 }
904
905 switch (sdata->vif.type) {
906 case NL80211_IFTYPE_AP_VLAN:
907 break;
908 case NL80211_IFTYPE_MONITOR:
909 if (local->monitors == 0)
910 ieee80211_del_virtual_monitor(local);
911
912 mutex_lock(&local->mtx);
913 ieee80211_recalc_idle(local);
914 mutex_unlock(&local->mtx);
915 break;
916 default:
917 if (going_down)
918 drv_remove_interface(local, sdata);
919 }
920
921 ieee80211_recalc_ps(local, -1);
922
923 if (local->open_count == 0) {
924 ieee80211_stop_device(local);
925
926 /* no reconfiguring after stop! */
927 return;
928 }
929
930 /* do after stop to avoid reconfiguring when we stop anyway */
931 ieee80211_configure_filter(local);
932 ieee80211_hw_config(local, hw_reconf_flags);
933
934 if (local->monitors == local->open_count)
894 ieee80211_add_virtual_monitor(local); 935 ieee80211_add_virtual_monitor(local);
895} 936}
896 937
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index c6f81ecc36a1..8a7bfc47d577 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -95,42 +95,47 @@ static void ieee80211_reconfig_filter(struct work_struct *work)
95static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local) 95static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local)
96{ 96{
97 struct ieee80211_sub_if_data *sdata; 97 struct ieee80211_sub_if_data *sdata;
98 struct ieee80211_channel *chan; 98 struct cfg80211_chan_def chandef = {};
99 u32 changed = 0; 99 u32 changed = 0;
100 int power; 100 int power;
101 enum nl80211_channel_type channel_type;
102 u32 offchannel_flag; 101 u32 offchannel_flag;
103 102
104 offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL; 103 offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
104
105 if (local->scan_channel) { 105 if (local->scan_channel) {
106 chan = local->scan_channel; 106 chandef.chan = local->scan_channel;
107 /* If scanning on oper channel, use whatever channel-type 107 /* If scanning on oper channel, use whatever channel-type
108 * is currently in use. 108 * is currently in use.
109 */ 109 */
110 if (chan == local->_oper_channel) 110 if (chandef.chan == local->_oper_chandef.chan) {
111 channel_type = local->_oper_channel_type; 111 chandef = local->_oper_chandef;
112 else 112 } else {
113 channel_type = NL80211_CHAN_NO_HT; 113 chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
114 chandef.center_freq1 = chandef.chan->center_freq;
115 }
114 } else if (local->tmp_channel) { 116 } else if (local->tmp_channel) {
115 chan = local->tmp_channel; 117 chandef.chan = local->tmp_channel;
116 channel_type = NL80211_CHAN_NO_HT; 118 chandef.width = NL80211_CHAN_WIDTH_20_NOHT;
117 } else { 119 chandef.center_freq1 = chandef.chan->center_freq;
118 chan = local->_oper_channel; 120 } else
119 channel_type = local->_oper_channel_type; 121 chandef = local->_oper_chandef;
120 } 122
121 123 WARN(!cfg80211_chandef_valid(&chandef),
122 if (chan != local->_oper_channel || 124 "control:%d MHz width:%d center: %d/%d MHz",
123 channel_type != local->_oper_channel_type) 125 chandef.chan->center_freq, chandef.width,
126 chandef.center_freq1, chandef.center_freq2);
127
128 if (!cfg80211_chandef_identical(&chandef, &local->_oper_chandef))
124 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL; 129 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
125 else 130 else
126 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL; 131 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL;
127 132
128 offchannel_flag ^= local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL; 133 offchannel_flag ^= local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
129 134
130 if (offchannel_flag || chan != local->hw.conf.channel || 135 if (offchannel_flag ||
131 channel_type != local->hw.conf.channel_type) { 136 !cfg80211_chandef_identical(&local->hw.conf.chandef,
132 local->hw.conf.channel = chan; 137 &local->_oper_chandef)) {
133 local->hw.conf.channel_type = channel_type; 138 local->hw.conf.chandef = chandef;
134 changed |= IEEE80211_CONF_CHANGE_CHANNEL; 139 changed |= IEEE80211_CONF_CHANGE_CHANNEL;
135 } 140 }
136 141
@@ -146,7 +151,7 @@ static u32 ieee80211_hw_conf_chan(struct ieee80211_local *local)
146 changed |= IEEE80211_CONF_CHANGE_SMPS; 151 changed |= IEEE80211_CONF_CHANGE_SMPS;
147 } 152 }
148 153
149 power = chan->max_power; 154 power = chandef.chan->max_power;
150 155
151 rcu_read_lock(); 156 rcu_read_lock();
152 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 157 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
@@ -587,6 +592,8 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
587 IEEE80211_RADIOTAP_MCS_HAVE_BW; 592 IEEE80211_RADIOTAP_MCS_HAVE_BW;
588 local->hw.radiotap_vht_details = IEEE80211_RADIOTAP_VHT_KNOWN_GI | 593 local->hw.radiotap_vht_details = IEEE80211_RADIOTAP_VHT_KNOWN_GI |
589 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH; 594 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH;
595 local->hw.uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES;
596 local->hw.uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
590 local->user_power_level = IEEE80211_UNSET_POWER_LEVEL; 597 local->user_power_level = IEEE80211_UNSET_POWER_LEVEL;
591 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask; 598 wiphy->ht_capa_mod_mask = &mac80211_ht_capa_mod_mask;
592 wiphy->vht_capa_mod_mask = &mac80211_vht_capa_mod_mask; 599 wiphy->vht_capa_mod_mask = &mac80211_vht_capa_mod_mask;
@@ -661,6 +668,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
661 int channels, max_bitrates; 668 int channels, max_bitrates;
662 bool supp_ht, supp_vht; 669 bool supp_ht, supp_vht;
663 netdev_features_t feature_whitelist; 670 netdev_features_t feature_whitelist;
671 struct cfg80211_chan_def dflt_chandef = {};
664 static const u32 cipher_suites[] = { 672 static const u32 cipher_suites[] = {
665 /* keep WEP first, it may be removed below */ 673 /* keep WEP first, it may be removed below */
666 WLAN_CIPHER_SUITE_WEP40, 674 WLAN_CIPHER_SUITE_WEP40,
@@ -738,15 +746,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
738 sband = local->hw.wiphy->bands[band]; 746 sband = local->hw.wiphy->bands[band];
739 if (!sband) 747 if (!sband)
740 continue; 748 continue;
741 if (!local->use_chanctx && !local->_oper_channel) { 749
750 if (!dflt_chandef.chan) {
751 cfg80211_chandef_create(&dflt_chandef,
752 &sband->channels[0],
753 NL80211_CHAN_NO_HT);
742 /* init channel we're on */ 754 /* init channel we're on */
743 local->hw.conf.channel = 755 if (!local->use_chanctx && !local->_oper_chandef.chan) {
744 local->_oper_channel = &sband->channels[0]; 756 local->hw.conf.chandef = dflt_chandef;
745 local->hw.conf.channel_type = NL80211_CHAN_NO_HT; 757 local->_oper_chandef = dflt_chandef;
758 }
759 local->monitor_chandef = dflt_chandef;
746 } 760 }
747 cfg80211_chandef_create(&local->monitor_chandef, 761
748 &sband->channels[0],
749 NL80211_CHAN_NO_HT);
750 channels += sband->n_channels; 762 channels += sband->n_channels;
751 763
752 if (max_bitrates < sband->n_bitrates) 764 if (max_bitrates < sband->n_bitrates)
@@ -829,22 +841,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
829 if (supp_ht) 841 if (supp_ht)
830 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap); 842 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap);
831 843
832 if (supp_vht) { 844 if (supp_vht)
833 local->scan_ies_len += 845 local->scan_ies_len +=
834 2 + sizeof(struct ieee80211_vht_cap); 846 2 + sizeof(struct ieee80211_vht_cap);
835 847
836 /*
837 * (for now at least), drivers wanting to use VHT must
838 * support channel contexts, as they contain all the
839 * necessary VHT information and the global hw config
840 * doesn't (yet)
841 */
842 if (WARN_ON(!local->use_chanctx)) {
843 result = -EINVAL;
844 goto fail_wiphy_register;
845 }
846 }
847
848 if (!local->ops->hw_scan) { 848 if (!local->ops->hw_scan) {
849 /* For hw_scan, driver needs to set these up. */ 849 /* For hw_scan, driver needs to set these up. */
850 local->hw.wiphy->max_scan_ssids = 4; 850 local->hw.wiphy->max_scan_ssids = 4;
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 123a300cef57..6952760881c8 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -838,7 +838,7 @@ ieee80211_mesh_rx_probe_req(struct ieee80211_sub_if_data *sdata,
838 if (baselen > len) 838 if (baselen > len)
839 return; 839 return;
840 840
841 ieee802_11_parse_elems(pos, len - baselen, &elems); 841 ieee802_11_parse_elems(pos, len - baselen, false, &elems);
842 842
843 /* 802.11-2012 10.1.4.3.2 */ 843 /* 802.11-2012 10.1.4.3.2 */
844 if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) && 844 if ((!ether_addr_equal(mgmt->da, sdata->vif.addr) &&
@@ -899,7 +899,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
899 return; 899 return;
900 900
901 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 901 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
902 &elems); 902 false, &elems);
903 903
904 /* ignore non-mesh or secure / unsecure mismatch */ 904 /* ignore non-mesh or secure / unsecure mismatch */
905 if ((!elems.mesh_id || !elems.mesh_config) || 905 if ((!elems.mesh_id || !elems.mesh_config) ||
@@ -907,7 +907,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
907 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE)) 907 (!elems.rsn && sdata->u.mesh.security != IEEE80211_MESH_SEC_NONE))
908 return; 908 return;
909 909
910 if (elems.ds_params && elems.ds_params_len == 1) 910 if (elems.ds_params)
911 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band); 911 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
912 else 912 else
913 freq = rx_status->freq; 913 freq = rx_status->freq;
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 6ffabbe99c46..da158774eebb 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -275,7 +275,8 @@ void mesh_path_fix_nexthop(struct mesh_path *mpath, struct sta_info *next_hop);
275void mesh_path_expire(struct ieee80211_sub_if_data *sdata); 275void mesh_path_expire(struct ieee80211_sub_if_data *sdata);
276void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata, 276void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
277 struct ieee80211_mgmt *mgmt, size_t len); 277 struct ieee80211_mgmt *mgmt, size_t len);
278int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst); 278struct mesh_path *
279mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst);
279 280
280int mesh_path_add_gate(struct mesh_path *mpath); 281int mesh_path_add_gate(struct mesh_path *mpath);
281int mesh_path_send_to_gates(struct mesh_path *mpath); 282int mesh_path_send_to_gates(struct mesh_path *mpath);
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index bdb8d3b14587..486819cd02cd 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -144,7 +144,7 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
144 *pos++ = WLAN_EID_PREQ; 144 *pos++ = WLAN_EID_PREQ;
145 break; 145 break;
146 case MPATH_PREP: 146 case MPATH_PREP:
147 mhwmp_dbg(sdata, "sending PREP to %pM\n", target); 147 mhwmp_dbg(sdata, "sending PREP to %pM\n", orig_addr);
148 ie_len = 31; 148 ie_len = 31;
149 pos = skb_put(skb, 2 + ie_len); 149 pos = skb_put(skb, 2 + ie_len);
150 *pos++ = WLAN_EID_PREP; 150 *pos++ = WLAN_EID_PREP;
@@ -445,9 +445,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
445 } 445 }
446 } 446 }
447 } else { 447 } else {
448 mesh_path_add(sdata, orig_addr); 448 mpath = mesh_path_add(sdata, orig_addr);
449 mpath = mesh_path_lookup(sdata, orig_addr); 449 if (IS_ERR(mpath)) {
450 if (!mpath) {
451 rcu_read_unlock(); 450 rcu_read_unlock();
452 return 0; 451 return 0;
453 } 452 }
@@ -486,9 +485,8 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
486 (last_hop_metric > mpath->metric))) 485 (last_hop_metric > mpath->metric)))
487 fresh_info = false; 486 fresh_info = false;
488 } else { 487 } else {
489 mesh_path_add(sdata, ta); 488 mpath = mesh_path_add(sdata, ta);
490 mpath = mesh_path_lookup(sdata, ta); 489 if (IS_ERR(mpath)) {
491 if (!mpath) {
492 rcu_read_unlock(); 490 rcu_read_unlock();
493 return 0; 491 return 0;
494 } 492 }
@@ -661,7 +659,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
661 u32 target_sn, orig_sn, lifetime; 659 u32 target_sn, orig_sn, lifetime;
662 660
663 mhwmp_dbg(sdata, "received PREP from %pM\n", 661 mhwmp_dbg(sdata, "received PREP from %pM\n",
664 PREP_IE_ORIG_ADDR(prep_elem)); 662 PREP_IE_TARGET_ADDR(prep_elem));
665 663
666 orig_addr = PREP_IE_ORIG_ADDR(prep_elem); 664 orig_addr = PREP_IE_ORIG_ADDR(prep_elem);
667 if (ether_addr_equal(orig_addr, sdata->vif.addr)) 665 if (ether_addr_equal(orig_addr, sdata->vif.addr))
@@ -804,9 +802,8 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
804 802
805 mpath = mesh_path_lookup(sdata, orig_addr); 803 mpath = mesh_path_lookup(sdata, orig_addr);
806 if (!mpath) { 804 if (!mpath) {
807 mesh_path_add(sdata, orig_addr); 805 mpath = mesh_path_add(sdata, orig_addr);
808 mpath = mesh_path_lookup(sdata, orig_addr); 806 if (IS_ERR(mpath)) {
809 if (!mpath) {
810 rcu_read_unlock(); 807 rcu_read_unlock();
811 sdata->u.mesh.mshstats.dropped_frames_no_route++; 808 sdata->u.mesh.mshstats.dropped_frames_no_route++;
812 return; 809 return;
@@ -883,7 +880,7 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
883 880
884 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt; 881 baselen = (u8 *) mgmt->u.action.u.mesh_action.variable - (u8 *) mgmt;
885 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable, 882 ieee802_11_parse_elems(mgmt->u.action.u.mesh_action.variable,
886 len - baselen, &elems); 883 len - baselen, false, &elems);
887 884
888 if (elems.preq) { 885 if (elems.preq) {
889 if (elems.preq_len != 37) 886 if (elems.preq_len != 37)
@@ -1098,11 +1095,10 @@ int mesh_nexthop_resolve(struct ieee80211_sub_if_data *sdata,
1098 /* no nexthop found, start resolving */ 1095 /* no nexthop found, start resolving */
1099 mpath = mesh_path_lookup(sdata, target_addr); 1096 mpath = mesh_path_lookup(sdata, target_addr);
1100 if (!mpath) { 1097 if (!mpath) {
1101 mesh_path_add(sdata, target_addr); 1098 mpath = mesh_path_add(sdata, target_addr);
1102 mpath = mesh_path_lookup(sdata, target_addr); 1099 if (IS_ERR(mpath)) {
1103 if (!mpath) {
1104 mesh_path_discard_frame(sdata, skb); 1100 mesh_path_discard_frame(sdata, skb);
1105 err = -ENOSPC; 1101 err = PTR_ERR(mpath);
1106 goto endlookup; 1102 goto endlookup;
1107 } 1103 }
1108 } 1104 }
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index dc7c8df40c2c..89aacfd2756d 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -493,7 +493,8 @@ int mesh_gate_num(struct ieee80211_sub_if_data *sdata)
493 * 493 *
494 * State: the initial state of the new path is set to 0 494 * State: the initial state of the new path is set to 0
495 */ 495 */
496int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst) 496struct mesh_path *mesh_path_add(struct ieee80211_sub_if_data *sdata,
497 const u8 *dst)
497{ 498{
498 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 499 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
499 struct ieee80211_local *local = sdata->local; 500 struct ieee80211_local *local = sdata->local;
@@ -502,18 +503,33 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
502 struct mpath_node *node, *new_node; 503 struct mpath_node *node, *new_node;
503 struct hlist_head *bucket; 504 struct hlist_head *bucket;
504 int grow = 0; 505 int grow = 0;
505 int err = 0; 506 int err;
506 u32 hash_idx; 507 u32 hash_idx;
507 508
508 if (ether_addr_equal(dst, sdata->vif.addr)) 509 if (ether_addr_equal(dst, sdata->vif.addr))
509 /* never add ourselves as neighbours */ 510 /* never add ourselves as neighbours */
510 return -ENOTSUPP; 511 return ERR_PTR(-ENOTSUPP);
511 512
512 if (is_multicast_ether_addr(dst)) 513 if (is_multicast_ether_addr(dst))
513 return -ENOTSUPP; 514 return ERR_PTR(-ENOTSUPP);
514 515
515 if (atomic_add_unless(&sdata->u.mesh.mpaths, 1, MESH_MAX_MPATHS) == 0) 516 if (atomic_add_unless(&sdata->u.mesh.mpaths, 1, MESH_MAX_MPATHS) == 0)
516 return -ENOSPC; 517 return ERR_PTR(-ENOSPC);
518
519 read_lock_bh(&pathtbl_resize_lock);
520 tbl = resize_dereference_mesh_paths();
521
522 hash_idx = mesh_table_hash(dst, sdata, tbl);
523 bucket = &tbl->hash_buckets[hash_idx];
524
525 spin_lock(&tbl->hashwlock[hash_idx]);
526
527 hlist_for_each_entry(node, bucket, list) {
528 mpath = node->mpath;
529 if (mpath->sdata == sdata &&
530 ether_addr_equal(dst, mpath->dst))
531 goto found;
532 }
517 533
518 err = -ENOMEM; 534 err = -ENOMEM;
519 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_ATOMIC); 535 new_mpath = kzalloc(sizeof(struct mesh_path), GFP_ATOMIC);
@@ -524,7 +540,6 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
524 if (!new_node) 540 if (!new_node)
525 goto err_node_alloc; 541 goto err_node_alloc;
526 542
527 read_lock_bh(&pathtbl_resize_lock);
528 memcpy(new_mpath->dst, dst, ETH_ALEN); 543 memcpy(new_mpath->dst, dst, ETH_ALEN);
529 eth_broadcast_addr(new_mpath->rann_snd_addr); 544 eth_broadcast_addr(new_mpath->rann_snd_addr);
530 new_mpath->is_root = false; 545 new_mpath->is_root = false;
@@ -538,21 +553,6 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
538 spin_lock_init(&new_mpath->state_lock); 553 spin_lock_init(&new_mpath->state_lock);
539 init_timer(&new_mpath->timer); 554 init_timer(&new_mpath->timer);
540 555
541 tbl = resize_dereference_mesh_paths();
542
543 hash_idx = mesh_table_hash(dst, sdata, tbl);
544 bucket = &tbl->hash_buckets[hash_idx];
545
546 spin_lock(&tbl->hashwlock[hash_idx]);
547
548 err = -EEXIST;
549 hlist_for_each_entry(node, bucket, list) {
550 mpath = node->mpath;
551 if (mpath->sdata == sdata &&
552 ether_addr_equal(dst, mpath->dst))
553 goto err_exists;
554 }
555
556 hlist_add_head_rcu(&new_node->list, bucket); 556 hlist_add_head_rcu(&new_node->list, bucket);
557 if (atomic_inc_return(&tbl->entries) >= 557 if (atomic_inc_return(&tbl->entries) >=
558 tbl->mean_chain_len * (tbl->hash_mask + 1)) 558 tbl->mean_chain_len * (tbl->hash_mask + 1))
@@ -560,23 +560,23 @@ int mesh_path_add(struct ieee80211_sub_if_data *sdata, const u8 *dst)
560 560
561 mesh_paths_generation++; 561 mesh_paths_generation++;
562 562
563 spin_unlock(&tbl->hashwlock[hash_idx]);
564 read_unlock_bh(&pathtbl_resize_lock);
565 if (grow) { 563 if (grow) {
566 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags); 564 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags);
567 ieee80211_queue_work(&local->hw, &sdata->work); 565 ieee80211_queue_work(&local->hw, &sdata->work);
568 } 566 }
569 return 0; 567 mpath = new_mpath;
570 568found:
571err_exists:
572 spin_unlock(&tbl->hashwlock[hash_idx]); 569 spin_unlock(&tbl->hashwlock[hash_idx]);
573 read_unlock_bh(&pathtbl_resize_lock); 570 read_unlock_bh(&pathtbl_resize_lock);
574 kfree(new_node); 571 return mpath;
572
575err_node_alloc: 573err_node_alloc:
576 kfree(new_mpath); 574 kfree(new_mpath);
577err_path_alloc: 575err_path_alloc:
578 atomic_dec(&sdata->u.mesh.mpaths); 576 atomic_dec(&sdata->u.mesh.mpaths);
579 return err; 577 spin_unlock(&tbl->hashwlock[hash_idx]);
578 read_unlock_bh(&pathtbl_resize_lock);
579 return ERR_PTR(err);
580} 580}
581 581
582static void mesh_table_free_rcu(struct rcu_head *rcu) 582static void mesh_table_free_rcu(struct rcu_head *rcu)
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 937e06fe8f2a..09bebed99416 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -544,8 +544,8 @@ static void mesh_plink_timer(unsigned long data)
544 return; 544 return;
545 } 545 }
546 mpl_dbg(sta->sdata, 546 mpl_dbg(sta->sdata,
547 "Mesh plink timer for %pM fired on state %d\n", 547 "Mesh plink timer for %pM fired on state %s\n",
548 sta->sta.addr, sta->plink_state); 548 sta->sta.addr, mplstates[sta->plink_state]);
549 reason = 0; 549 reason = 0;
550 llid = sta->llid; 550 llid = sta->llid;
551 plid = sta->plid; 551 plid = sta->plid;
@@ -687,7 +687,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata,
687 baseaddr += 4; 687 baseaddr += 4;
688 baselen += 4; 688 baselen += 4;
689 } 689 }
690 ieee802_11_parse_elems(baseaddr, len - baselen, &elems); 690 ieee802_11_parse_elems(baseaddr, len - baselen, true, &elems);
691 691
692 if (!elems.peering) { 692 if (!elems.peering) {
693 mpl_dbg(sdata, 693 mpl_dbg(sdata,
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index dec42ab1fa91..29620bfc7a69 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -56,7 +56,10 @@ MODULE_PARM_DESC(max_probe_tries,
56 * probe on beacon miss before declaring the connection lost 56 * probe on beacon miss before declaring the connection lost
57 * default to what we want. 57 * default to what we want.
58 */ 58 */
59#define IEEE80211_BEACON_LOSS_COUNT 7 59static int beacon_loss_count = 7;
60module_param(beacon_loss_count, int, 0644);
61MODULE_PARM_DESC(beacon_loss_count,
62 "Number of beacon intervals before we decide beacon was lost.");
60 63
61/* 64/*
62 * Time the connection can be idle before we probe 65 * Time the connection can be idle before we probe
@@ -286,6 +289,8 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
286 } else { 289 } else {
287 /* 40 MHz (and 80 MHz) must be supported for VHT */ 290 /* 40 MHz (and 80 MHz) must be supported for VHT */
288 ret = IEEE80211_STA_DISABLE_VHT; 291 ret = IEEE80211_STA_DISABLE_VHT;
292 /* also mark 40 MHz disabled */
293 ret |= IEEE80211_STA_DISABLE_40MHZ;
289 goto out; 294 goto out;
290 } 295 }
291 296
@@ -300,12 +305,6 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
300 channel->band); 305 channel->band);
301 vht_chandef.center_freq2 = 0; 306 vht_chandef.center_freq2 = 0;
302 307
303 if (vht_oper->center_freq_seg2_idx)
304 vht_chandef.center_freq2 =
305 ieee80211_channel_to_frequency(
306 vht_oper->center_freq_seg2_idx,
307 channel->band);
308
309 switch (vht_oper->chan_width) { 308 switch (vht_oper->chan_width) {
310 case IEEE80211_VHT_CHANWIDTH_USE_HT: 309 case IEEE80211_VHT_CHANWIDTH_USE_HT:
311 vht_chandef.width = chandef->width; 310 vht_chandef.width = chandef->width;
@@ -318,6 +317,10 @@ ieee80211_determine_chantype(struct ieee80211_sub_if_data *sdata,
318 break; 317 break;
319 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 318 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
320 vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 319 vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
320 vht_chandef.center_freq2 =
321 ieee80211_channel_to_frequency(
322 vht_oper->center_freq_seg2_idx,
323 channel->band);
321 break; 324 break;
322 default: 325 default:
323 if (verbose) 326 if (verbose)
@@ -601,7 +604,6 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
601 u8 *pos; 604 u8 *pos;
602 u32 cap; 605 u32 cap;
603 struct ieee80211_sta_vht_cap vht_cap; 606 struct ieee80211_sta_vht_cap vht_cap;
604 int i;
605 607
606 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap)); 608 BUILD_BUG_ON(sizeof(vht_cap) != sizeof(sband->vht_cap));
607 609
@@ -629,37 +631,6 @@ static void ieee80211_add_vht_ie(struct ieee80211_sub_if_data *sdata,
629 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE))) 631 cpu_to_le32(IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE)))
630 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE; 632 cap &= ~IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE;
631 633
632 if (!(ap_vht_cap->vht_cap_info &
633 cpu_to_le32(IEEE80211_VHT_CAP_TXSTBC)))
634 cap &= ~(IEEE80211_VHT_CAP_RXSTBC_1 |
635 IEEE80211_VHT_CAP_RXSTBC_3 |
636 IEEE80211_VHT_CAP_RXSTBC_4);
637
638 for (i = 0; i < 8; i++) {
639 int shift = i * 2;
640 u16 mask = IEEE80211_VHT_MCS_NOT_SUPPORTED << shift;
641 u16 ap_mcs, our_mcs;
642
643 ap_mcs = (le16_to_cpu(ap_vht_cap->supp_mcs.tx_mcs_map) &
644 mask) >> shift;
645 our_mcs = (le16_to_cpu(vht_cap.vht_mcs.rx_mcs_map) &
646 mask) >> shift;
647
648 if (our_mcs == IEEE80211_VHT_MCS_NOT_SUPPORTED)
649 continue;
650
651 switch (ap_mcs) {
652 default:
653 if (our_mcs <= ap_mcs)
654 break;
655 /* fall through */
656 case IEEE80211_VHT_MCS_NOT_SUPPORTED:
657 vht_cap.vht_mcs.rx_mcs_map &= cpu_to_le16(~mask);
658 vht_cap.vht_mcs.rx_mcs_map |=
659 cpu_to_le16(ap_mcs << shift);
660 }
661 }
662
663 /* reserve and fill IE */ 634 /* reserve and fill IE */
664 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2); 635 pos = skb_put(skb, sizeof(struct ieee80211_vht_cap) + 2);
665 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap); 636 ieee80211_ie_build_vht_cap(pos, &vht_cap, cap);
@@ -985,6 +956,7 @@ static void ieee80211_chswitch_work(struct work_struct *work)
985{ 956{
986 struct ieee80211_sub_if_data *sdata = 957 struct ieee80211_sub_if_data *sdata =
987 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work); 958 container_of(work, struct ieee80211_sub_if_data, u.mgd.chswitch_work);
959 struct ieee80211_local *local = sdata->local;
988 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 960 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
989 961
990 if (!ieee80211_sdata_running(sdata)) 962 if (!ieee80211_sdata_running(sdata))
@@ -994,21 +966,21 @@ static void ieee80211_chswitch_work(struct work_struct *work)
994 if (!ifmgd->associated) 966 if (!ifmgd->associated)
995 goto out; 967 goto out;
996 968
997 sdata->local->_oper_channel = sdata->local->csa_channel; 969 local->_oper_chandef = local->csa_chandef;
998 if (!sdata->local->ops->channel_switch) { 970
971 if (!local->ops->channel_switch) {
999 /* call "hw_config" only if doing sw channel switch */ 972 /* call "hw_config" only if doing sw channel switch */
1000 ieee80211_hw_config(sdata->local, 973 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1001 IEEE80211_CONF_CHANGE_CHANNEL);
1002 } else { 974 } else {
1003 /* update the device channel directly */ 975 /* update the device channel directly */
1004 sdata->local->hw.conf.channel = sdata->local->_oper_channel; 976 local->hw.conf.chandef = local->_oper_chandef;
1005 } 977 }
1006 978
1007 /* XXX: shouldn't really modify cfg80211-owned data! */ 979 /* XXX: shouldn't really modify cfg80211-owned data! */
1008 ifmgd->associated->channel = sdata->local->_oper_channel; 980 ifmgd->associated->channel = local->_oper_chandef.chan;
1009 981
1010 /* XXX: wait for a beacon first? */ 982 /* XXX: wait for a beacon first? */
1011 ieee80211_wake_queues_by_reason(&sdata->local->hw, 983 ieee80211_wake_queues_by_reason(&local->hw,
1012 IEEE80211_MAX_QUEUE_MAP, 984 IEEE80211_MAX_QUEUE_MAP,
1013 IEEE80211_QUEUE_STOP_REASON_CSA); 985 IEEE80211_QUEUE_STOP_REASON_CSA);
1014 out: 986 out:
@@ -1041,56 +1013,193 @@ static void ieee80211_chswitch_timer(unsigned long data)
1041 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work); 1013 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.chswitch_work);
1042} 1014}
1043 1015
1044void 1016static void
1045ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 1017ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1046 const struct ieee80211_channel_sw_ie *sw_elem, 1018 u64 timestamp, struct ieee802_11_elems *elems)
1047 struct ieee80211_bss *bss, u64 timestamp)
1048{ 1019{
1049 struct cfg80211_bss *cbss = 1020 struct ieee80211_local *local = sdata->local;
1050 container_of((void *)bss, struct cfg80211_bss, priv);
1051 struct ieee80211_channel *new_ch;
1052 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1021 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1053 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num, 1022 struct cfg80211_bss *cbss = ifmgd->associated;
1054 cbss->channel->band); 1023 struct ieee80211_bss *bss;
1055 struct ieee80211_chanctx *chanctx; 1024 struct ieee80211_chanctx *chanctx;
1025 enum ieee80211_band new_band;
1026 int new_freq;
1027 u8 new_chan_no;
1028 u8 count;
1029 u8 mode;
1030 struct ieee80211_channel *new_chan;
1031 struct cfg80211_chan_def new_chandef = {};
1032 struct cfg80211_chan_def new_vht_chandef = {};
1033 const struct ieee80211_sec_chan_offs_ie *sec_chan_offs;
1034 const struct ieee80211_wide_bw_chansw_ie *wide_bw_chansw_ie;
1035 int secondary_channel_offset = -1;
1056 1036
1057 ASSERT_MGD_MTX(ifmgd); 1037 ASSERT_MGD_MTX(ifmgd);
1058 1038
1059 if (!ifmgd->associated) 1039 if (!cbss)
1060 return; 1040 return;
1061 1041
1062 if (sdata->local->scanning) 1042 if (local->scanning)
1063 return; 1043 return;
1064 1044
1065 /* Disregard subsequent beacons if we are already running a timer 1045 /* disregard subsequent announcements if we are already processing */
1066 processing a CSA */
1067
1068 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED) 1046 if (ifmgd->flags & IEEE80211_STA_CSA_RECEIVED)
1069 return; 1047 return;
1070 1048
1071 new_ch = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq); 1049 sec_chan_offs = elems->sec_chan_offs;
1072 if (!new_ch || new_ch->flags & IEEE80211_CHAN_DISABLED) { 1050 wide_bw_chansw_ie = elems->wide_bw_chansw_ie;
1051
1052 if (ifmgd->flags & (IEEE80211_STA_DISABLE_HT |
1053 IEEE80211_STA_DISABLE_40MHZ)) {
1054 sec_chan_offs = NULL;
1055 wide_bw_chansw_ie = NULL;
1056 }
1057
1058 if (ifmgd->flags & IEEE80211_STA_DISABLE_VHT)
1059 wide_bw_chansw_ie = NULL;
1060
1061 if (elems->ext_chansw_ie) {
1062 if (!ieee80211_operating_class_to_band(
1063 elems->ext_chansw_ie->new_operating_class,
1064 &new_band)) {
1065 sdata_info(sdata,
1066 "cannot understand ECSA IE operating class %d, disconnecting\n",
1067 elems->ext_chansw_ie->new_operating_class);
1068 ieee80211_queue_work(&local->hw,
1069 &ifmgd->csa_connection_drop_work);
1070 }
1071 new_chan_no = elems->ext_chansw_ie->new_ch_num;
1072 count = elems->ext_chansw_ie->count;
1073 mode = elems->ext_chansw_ie->mode;
1074 } else if (elems->ch_switch_ie) {
1075 new_band = cbss->channel->band;
1076 new_chan_no = elems->ch_switch_ie->new_ch_num;
1077 count = elems->ch_switch_ie->count;
1078 mode = elems->ch_switch_ie->mode;
1079 } else {
1080 /* nothing here we understand */
1081 return;
1082 }
1083
1084 bss = (void *)cbss->priv;
1085
1086 new_freq = ieee80211_channel_to_frequency(new_chan_no, new_band);
1087 new_chan = ieee80211_get_channel(sdata->local->hw.wiphy, new_freq);
1088 if (!new_chan || new_chan->flags & IEEE80211_CHAN_DISABLED) {
1073 sdata_info(sdata, 1089 sdata_info(sdata,
1074 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n", 1090 "AP %pM switches to unsupported channel (%d MHz), disconnecting\n",
1075 ifmgd->associated->bssid, new_freq); 1091 ifmgd->associated->bssid, new_freq);
1076 ieee80211_queue_work(&sdata->local->hw, 1092 ieee80211_queue_work(&local->hw,
1093 &ifmgd->csa_connection_drop_work);
1094 return;
1095 }
1096
1097 if (sec_chan_offs) {
1098 secondary_channel_offset = sec_chan_offs->sec_chan_offs;
1099 } else if (!(ifmgd->flags & IEEE80211_STA_DISABLE_HT)) {
1100 /* if HT is enabled and the IE not present, it's still HT */
1101 secondary_channel_offset = IEEE80211_HT_PARAM_CHA_SEC_NONE;
1102 }
1103
1104 switch (secondary_channel_offset) {
1105 default:
1106 /* secondary_channel_offset was present but is invalid */
1107 case IEEE80211_HT_PARAM_CHA_SEC_NONE:
1108 cfg80211_chandef_create(&new_chandef, new_chan,
1109 NL80211_CHAN_HT20);
1110 break;
1111 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
1112 cfg80211_chandef_create(&new_chandef, new_chan,
1113 NL80211_CHAN_HT40PLUS);
1114 break;
1115 case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
1116 cfg80211_chandef_create(&new_chandef, new_chan,
1117 NL80211_CHAN_HT40MINUS);
1118 break;
1119 case -1:
1120 cfg80211_chandef_create(&new_chandef, new_chan,
1121 NL80211_CHAN_NO_HT);
1122 break;
1123 }
1124
1125 if (wide_bw_chansw_ie) {
1126 new_vht_chandef.chan = new_chan;
1127 new_vht_chandef.center_freq1 =
1128 ieee80211_channel_to_frequency(
1129 wide_bw_chansw_ie->new_center_freq_seg0,
1130 new_band);
1131
1132 switch (wide_bw_chansw_ie->new_channel_width) {
1133 default:
1134 /* hmmm, ignore VHT and use HT if present */
1135 case IEEE80211_VHT_CHANWIDTH_USE_HT:
1136 new_vht_chandef.chan = NULL;
1137 break;
1138 case IEEE80211_VHT_CHANWIDTH_80MHZ:
1139 new_vht_chandef.width = NL80211_CHAN_WIDTH_80;
1140 break;
1141 case IEEE80211_VHT_CHANWIDTH_160MHZ:
1142 new_vht_chandef.width = NL80211_CHAN_WIDTH_160;
1143 break;
1144 case IEEE80211_VHT_CHANWIDTH_80P80MHZ:
1145 /* field is otherwise reserved */
1146 new_vht_chandef.center_freq2 =
1147 ieee80211_channel_to_frequency(
1148 wide_bw_chansw_ie->new_center_freq_seg1,
1149 new_band);
1150 new_vht_chandef.width = NL80211_CHAN_WIDTH_80P80;
1151 break;
1152 }
1153 if (ifmgd->flags & IEEE80211_STA_DISABLE_80P80MHZ &&
1154 new_vht_chandef.width == NL80211_CHAN_WIDTH_80P80)
1155 chandef_downgrade(&new_vht_chandef);
1156 if (ifmgd->flags & IEEE80211_STA_DISABLE_160MHZ &&
1157 new_vht_chandef.width == NL80211_CHAN_WIDTH_160)
1158 chandef_downgrade(&new_vht_chandef);
1159 if (ifmgd->flags & IEEE80211_STA_DISABLE_40MHZ &&
1160 new_vht_chandef.width > NL80211_CHAN_WIDTH_20)
1161 chandef_downgrade(&new_vht_chandef);
1162 }
1163
1164 /* if VHT data is there validate & use it */
1165 if (new_vht_chandef.chan) {
1166 if (!cfg80211_chandef_compatible(&new_vht_chandef,
1167 &new_chandef)) {
1168 sdata_info(sdata,
1169 "AP %pM CSA has inconsistent channel data, disconnecting\n",
1170 ifmgd->associated->bssid);
1171 ieee80211_queue_work(&local->hw,
1172 &ifmgd->csa_connection_drop_work);
1173 return;
1174 }
1175 new_chandef = new_vht_chandef;
1176 }
1177
1178 if (!cfg80211_chandef_usable(local->hw.wiphy, &new_chandef,
1179 IEEE80211_CHAN_DISABLED)) {
1180 sdata_info(sdata,
1181 "AP %pM switches to unsupported channel (%d MHz, width:%d, CF1/2: %d/%d MHz), disconnecting\n",
1182 ifmgd->associated->bssid, new_freq,
1183 new_chandef.width, new_chandef.center_freq1,
1184 new_chandef.center_freq2);
1185 ieee80211_queue_work(&local->hw,
1077 &ifmgd->csa_connection_drop_work); 1186 &ifmgd->csa_connection_drop_work);
1078 return; 1187 return;
1079 } 1188 }
1080 1189
1081 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 1190 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
1082 1191
1083 if (sdata->local->use_chanctx) { 1192 if (local->use_chanctx) {
1084 sdata_info(sdata, 1193 sdata_info(sdata,
1085 "not handling channel switch with channel contexts\n"); 1194 "not handling channel switch with channel contexts\n");
1086 ieee80211_queue_work(&sdata->local->hw, 1195 ieee80211_queue_work(&local->hw,
1087 &ifmgd->csa_connection_drop_work); 1196 &ifmgd->csa_connection_drop_work);
1088 return; 1197 return;
1089 } 1198 }
1090 1199
1091 mutex_lock(&sdata->local->chanctx_mtx); 1200 mutex_lock(&local->chanctx_mtx);
1092 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) { 1201 if (WARN_ON(!rcu_access_pointer(sdata->vif.chanctx_conf))) {
1093 mutex_unlock(&sdata->local->chanctx_mtx); 1202 mutex_unlock(&local->chanctx_mtx);
1094 return; 1203 return;
1095 } 1204 }
1096 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf), 1205 chanctx = container_of(rcu_access_pointer(sdata->vif.chanctx_conf),
@@ -1098,40 +1207,39 @@ ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1098 if (chanctx->refcount > 1) { 1207 if (chanctx->refcount > 1) {
1099 sdata_info(sdata, 1208 sdata_info(sdata,
1100 "channel switch with multiple interfaces on the same channel, disconnecting\n"); 1209 "channel switch with multiple interfaces on the same channel, disconnecting\n");
1101 ieee80211_queue_work(&sdata->local->hw, 1210 ieee80211_queue_work(&local->hw,
1102 &ifmgd->csa_connection_drop_work); 1211 &ifmgd->csa_connection_drop_work);
1103 mutex_unlock(&sdata->local->chanctx_mtx); 1212 mutex_unlock(&local->chanctx_mtx);
1104 return; 1213 return;
1105 } 1214 }
1106 mutex_unlock(&sdata->local->chanctx_mtx); 1215 mutex_unlock(&local->chanctx_mtx);
1107 1216
1108 sdata->local->csa_channel = new_ch; 1217 local->csa_chandef = new_chandef;
1109 1218
1110 if (sw_elem->mode) 1219 if (mode)
1111 ieee80211_stop_queues_by_reason(&sdata->local->hw, 1220 ieee80211_stop_queues_by_reason(&local->hw,
1112 IEEE80211_MAX_QUEUE_MAP, 1221 IEEE80211_MAX_QUEUE_MAP,
1113 IEEE80211_QUEUE_STOP_REASON_CSA); 1222 IEEE80211_QUEUE_STOP_REASON_CSA);
1114 1223
1115 if (sdata->local->ops->channel_switch) { 1224 if (local->ops->channel_switch) {
1116 /* use driver's channel switch callback */ 1225 /* use driver's channel switch callback */
1117 struct ieee80211_channel_switch ch_switch = { 1226 struct ieee80211_channel_switch ch_switch = {
1118 .timestamp = timestamp, 1227 .timestamp = timestamp,
1119 .block_tx = sw_elem->mode, 1228 .block_tx = mode,
1120 .channel = new_ch, 1229 .chandef = new_chandef,
1121 .count = sw_elem->count, 1230 .count = count,
1122 }; 1231 };
1123 1232
1124 drv_channel_switch(sdata->local, &ch_switch); 1233 drv_channel_switch(local, &ch_switch);
1125 return; 1234 return;
1126 } 1235 }
1127 1236
1128 /* channel switch handled in software */ 1237 /* channel switch handled in software */
1129 if (sw_elem->count <= 1) 1238 if (count <= 1)
1130 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 1239 ieee80211_queue_work(&local->hw, &ifmgd->chswitch_work);
1131 else 1240 else
1132 mod_timer(&ifmgd->chswitch_timer, 1241 mod_timer(&ifmgd->chswitch_timer,
1133 TU_TO_EXP_TIME(sw_elem->count * 1242 TU_TO_EXP_TIME(count * cbss->beacon_interval));
1134 cbss->beacon_interval));
1135} 1243}
1136 1244
1137static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata, 1245static u32 ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
@@ -1430,13 +1538,11 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1430 1538
1431 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 1539 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
1432 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) { 1540 !(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED)) {
1433 netif_tx_stop_all_queues(sdata->dev); 1541 if (drv_tx_frames_pending(local)) {
1434
1435 if (drv_tx_frames_pending(local))
1436 mod_timer(&local->dynamic_ps_timer, jiffies + 1542 mod_timer(&local->dynamic_ps_timer, jiffies +
1437 msecs_to_jiffies( 1543 msecs_to_jiffies(
1438 local->hw.conf.dynamic_ps_timeout)); 1544 local->hw.conf.dynamic_ps_timeout));
1439 else { 1545 } else {
1440 ieee80211_send_nullfunc(local, sdata, 1); 1546 ieee80211_send_nullfunc(local, sdata, 1);
1441 /* Flush to get the tx status of nullfunc frame */ 1547 /* Flush to get the tx status of nullfunc frame */
1442 ieee80211_flush_queues(local, sdata); 1548 ieee80211_flush_queues(local, sdata);
@@ -1450,9 +1556,6 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
1450 local->hw.conf.flags |= IEEE80211_CONF_PS; 1556 local->hw.conf.flags |= IEEE80211_CONF_PS;
1451 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 1557 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
1452 } 1558 }
1453
1454 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
1455 netif_tx_wake_all_queues(sdata->dev);
1456} 1559}
1457 1560
1458void ieee80211_dynamic_ps_timer(unsigned long data) 1561void ieee80211_dynamic_ps_timer(unsigned long data)
@@ -1558,6 +1661,7 @@ static bool ieee80211_sta_wmm_params(struct ieee80211_local *local,
1558 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4); 1661 params.cw_max = ecw2cw((pos[1] & 0xf0) >> 4);
1559 params.cw_min = ecw2cw(pos[1] & 0x0f); 1662 params.cw_min = ecw2cw(pos[1] & 0x0f);
1560 params.txop = get_unaligned_le16(pos + 2); 1663 params.txop = get_unaligned_le16(pos + 2);
1664 params.acm = acm;
1561 params.uapsd = uapsd; 1665 params.uapsd = uapsd;
1562 1666
1563 mlme_dbg(sdata, 1667 mlme_dbg(sdata,
@@ -1645,7 +1749,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1645 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value); 1749 bss_conf->assoc_capability, bss->has_erp_value, bss->erp_value);
1646 1750
1647 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec( 1751 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
1648 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int)); 1752 beacon_loss_count * bss_conf->beacon_int));
1649 1753
1650 sdata->u.mgd.associated = cbss; 1754 sdata->u.mgd.associated = cbss;
1651 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 1755 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
@@ -1658,18 +1762,17 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1658 rcu_read_lock(); 1762 rcu_read_lock();
1659 ies = rcu_dereference(cbss->ies); 1763 ies = rcu_dereference(cbss->ies);
1660 if (ies) { 1764 if (ies) {
1661 u8 noa[2];
1662 int ret; 1765 int ret;
1663 1766
1664 ret = cfg80211_get_p2p_attr( 1767 ret = cfg80211_get_p2p_attr(
1665 ies->data, ies->len, 1768 ies->data, ies->len,
1666 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 1769 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
1667 noa, sizeof(noa)); 1770 (u8 *) &bss_conf->p2p_noa_attr,
1771 sizeof(bss_conf->p2p_noa_attr));
1668 if (ret >= 2) { 1772 if (ret >= 2) {
1669 bss_conf->p2p_oppps = noa[1] & 0x80; 1773 sdata->u.mgd.p2p_noa_index =
1670 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 1774 bss_conf->p2p_noa_attr.index;
1671 bss_info_changed |= BSS_CHANGED_P2P_PS; 1775 bss_info_changed |= BSS_CHANGED_P2P_PS;
1672 sdata->u.mgd.p2p_noa_index = noa[0];
1673 } 1776 }
1674 } 1777 }
1675 rcu_read_unlock(); 1778 rcu_read_unlock();
@@ -1713,7 +1816,6 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
1713 ieee80211_recalc_smps(sdata); 1816 ieee80211_recalc_smps(sdata);
1714 ieee80211_recalc_ps_vif(sdata); 1817 ieee80211_recalc_ps_vif(sdata);
1715 1818
1716 netif_tx_start_all_queues(sdata->dev);
1717 netif_carrier_on(sdata->dev); 1819 netif_carrier_on(sdata->dev);
1718} 1820}
1719 1821
@@ -1736,22 +1838,6 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1736 ieee80211_stop_poll(sdata); 1838 ieee80211_stop_poll(sdata);
1737 1839
1738 ifmgd->associated = NULL; 1840 ifmgd->associated = NULL;
1739
1740 /*
1741 * we need to commit the associated = NULL change because the
1742 * scan code uses that to determine whether this iface should
1743 * go to/wake up from powersave or not -- and could otherwise
1744 * wake the queues erroneously.
1745 */
1746 smp_mb();
1747
1748 /*
1749 * Thus, we can only afterwards stop the queues -- to account
1750 * for the case where another CPU is finishing a scan at this
1751 * time -- we don't want the scan code to enable queues.
1752 */
1753
1754 netif_tx_stop_all_queues(sdata->dev);
1755 netif_carrier_off(sdata->dev); 1841 netif_carrier_off(sdata->dev);
1756 1842
1757 /* 1843 /*
@@ -1794,8 +1880,9 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
1794 changed |= BSS_CHANGED_ASSOC; 1880 changed |= BSS_CHANGED_ASSOC;
1795 sdata->vif.bss_conf.assoc = false; 1881 sdata->vif.bss_conf.assoc = false;
1796 1882
1797 sdata->vif.bss_conf.p2p_ctwindow = 0; 1883 ifmgd->p2p_noa_index = -1;
1798 sdata->vif.bss_conf.p2p_oppps = false; 1884 memset(&sdata->vif.bss_conf.p2p_noa_attr, 0,
1885 sizeof(sdata->vif.bss_conf.p2p_noa_attr));
1799 1886
1800 /* on the next assoc, re-program HT/VHT parameters */ 1887 /* on the next assoc, re-program HT/VHT parameters */
1801 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa)); 1888 memset(&ifmgd->ht_capa, 0, sizeof(ifmgd->ht_capa));
@@ -1975,12 +2062,15 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1975 goto out; 2062 goto out;
1976 } 2063 }
1977 2064
1978 if (beacon) 2065 if (beacon) {
1979 mlme_dbg_ratelimited(sdata, 2066 mlme_dbg_ratelimited(sdata,
1980 "detected beacon loss from AP - probing\n"); 2067 "detected beacon loss from AP (missed %d beacons) - probing\n",
2068 beacon_loss_count);
1981 2069
1982 ieee80211_cqm_rssi_notify(&sdata->vif, 2070 ieee80211_cqm_rssi_notify(&sdata->vif,
1983 NL80211_CQM_RSSI_BEACON_LOSS_EVENT, GFP_KERNEL); 2071 NL80211_CQM_RSSI_BEACON_LOSS_EVENT,
2072 GFP_KERNEL);
2073 }
1984 2074
1985 /* 2075 /*
1986 * The driver/our work has already reported this event or the 2076 * The driver/our work has already reported this event or the
@@ -2126,7 +2216,6 @@ void ieee80211_beacon_loss(struct ieee80211_vif *vif)
2126 2216
2127 trace_api_beacon_loss(sdata); 2217 trace_api_beacon_loss(sdata);
2128 2218
2129 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
2130 sdata->u.mgd.connection_loss = false; 2219 sdata->u.mgd.connection_loss = false;
2131 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work); 2220 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
2132} 2221}
@@ -2176,7 +2265,7 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata,
2176 u32 tx_flags = 0; 2265 u32 tx_flags = 0;
2177 2266
2178 pos = mgmt->u.auth.variable; 2267 pos = mgmt->u.auth.variable;
2179 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2268 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2180 if (!elems.challenge) 2269 if (!elems.challenge)
2181 return; 2270 return;
2182 auth_data->expected_transaction = 4; 2271 auth_data->expected_transaction = 4;
@@ -2441,7 +2530,7 @@ static bool ieee80211_assoc_success(struct ieee80211_sub_if_data *sdata,
2441 } 2530 }
2442 2531
2443 pos = mgmt->u.assoc_resp.variable; 2532 pos = mgmt->u.assoc_resp.variable;
2444 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2533 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2445 2534
2446 if (!elems.supp_rates) { 2535 if (!elems.supp_rates) {
2447 sdata_info(sdata, "no SuppRates element in AssocResp\n"); 2536 sdata_info(sdata, "no SuppRates element in AssocResp\n");
@@ -2610,13 +2699,13 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_sub_if_data *sdata,
2610 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14)))); 2699 capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
2611 2700
2612 pos = mgmt->u.assoc_resp.variable; 2701 pos = mgmt->u.assoc_resp.variable;
2613 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems); 2702 ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), false, &elems);
2614 2703
2615 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY && 2704 if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
2616 elems.timeout_int && elems.timeout_int_len == 5 && 2705 elems.timeout_int &&
2617 elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) { 2706 elems.timeout_int->type == WLAN_TIMEOUT_ASSOC_COMEBACK) {
2618 u32 tu, ms; 2707 u32 tu, ms;
2619 tu = get_unaligned_le32(elems.timeout_int + 1); 2708 tu = le32_to_cpu(elems.timeout_int->value);
2620 ms = tu * 1024 / 1000; 2709 ms = tu * 1024 / 1000;
2621 sdata_info(sdata, 2710 sdata_info(sdata,
2622 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n", 2711 "%pM rejected association temporarily; comeback duration %u TU (%u ms)\n",
@@ -2665,6 +2754,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2665 struct ieee80211_channel *channel; 2754 struct ieee80211_channel *channel;
2666 bool need_ps = false; 2755 bool need_ps = false;
2667 2756
2757 lockdep_assert_held(&sdata->u.mgd.mtx);
2758
2668 if ((sdata->u.mgd.associated && 2759 if ((sdata->u.mgd.associated &&
2669 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) || 2760 ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid)) ||
2670 (sdata->u.mgd.assoc_data && 2761 (sdata->u.mgd.assoc_data &&
@@ -2679,7 +2770,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2679 } 2770 }
2680 } 2771 }
2681 2772
2682 if (elems->ds_params && elems->ds_params_len == 1) 2773 if (elems->ds_params)
2683 freq = ieee80211_channel_to_frequency(elems->ds_params[0], 2774 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
2684 rx_status->band); 2775 rx_status->band);
2685 else 2776 else
@@ -2695,7 +2786,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2695 if (bss) 2786 if (bss)
2696 ieee80211_rx_bss_put(local, bss); 2787 ieee80211_rx_bss_put(local, bss);
2697 2788
2698 if (!sdata->u.mgd.associated) 2789 if (!sdata->u.mgd.associated ||
2790 !ether_addr_equal(mgmt->bssid, sdata->u.mgd.associated->bssid))
2699 return; 2791 return;
2700 2792
2701 if (need_ps) { 2793 if (need_ps) {
@@ -2704,10 +2796,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
2704 mutex_unlock(&local->iflist_mtx); 2796 mutex_unlock(&local->iflist_mtx);
2705 } 2797 }
2706 2798
2707 if (elems->ch_switch_ie && 2799 ieee80211_sta_process_chanswitch(sdata, rx_status->mactime, elems);
2708 memcmp(mgmt->bssid, sdata->u.mgd.associated->bssid, ETH_ALEN) == 0) 2800
2709 ieee80211_sta_process_chanswitch(sdata, elems->ch_switch_ie,
2710 bss, rx_status->mactime);
2711} 2801}
2712 2802
2713 2803
@@ -2732,7 +2822,7 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
2732 return; 2822 return;
2733 2823
2734 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 2824 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
2735 &elems); 2825 false, &elems);
2736 2826
2737 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2827 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2738 2828
@@ -2815,7 +2905,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2815 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon && 2905 if (ifmgd->assoc_data && ifmgd->assoc_data->need_beacon &&
2816 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) { 2906 ether_addr_equal(mgmt->bssid, ifmgd->assoc_data->bss->bssid)) {
2817 ieee802_11_parse_elems(mgmt->u.beacon.variable, 2907 ieee802_11_parse_elems(mgmt->u.beacon.variable,
2818 len - baselen, &elems); 2908 len - baselen, false, &elems);
2819 2909
2820 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems); 2910 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems);
2821 ifmgd->assoc_data->have_beacon = true; 2911 ifmgd->assoc_data->have_beacon = true;
@@ -2925,7 +3015,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2925 3015
2926 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 3016 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
2927 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 3017 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
2928 len - baselen, &elems, 3018 len - baselen, false, &elems,
2929 care_about_ies, ncrc); 3019 care_about_ies, ncrc);
2930 3020
2931 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) { 3021 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) {
@@ -2957,22 +3047,30 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
2957 } 3047 }
2958 3048
2959 if (sdata->vif.p2p) { 3049 if (sdata->vif.p2p) {
2960 u8 noa[2]; 3050 struct ieee80211_p2p_noa_attr noa = {};
2961 int ret; 3051 int ret;
2962 3052
2963 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable, 3053 ret = cfg80211_get_p2p_attr(mgmt->u.beacon.variable,
2964 len - baselen, 3054 len - baselen,
2965 IEEE80211_P2P_ATTR_ABSENCE_NOTICE, 3055 IEEE80211_P2P_ATTR_ABSENCE_NOTICE,
2966 noa, sizeof(noa)); 3056 (u8 *) &noa, sizeof(noa));
2967 if (ret >= 2 && sdata->u.mgd.p2p_noa_index != noa[0]) { 3057 if (ret >= 2) {
2968 bss_conf->p2p_oppps = noa[1] & 0x80; 3058 if (sdata->u.mgd.p2p_noa_index != noa.index) {
2969 bss_conf->p2p_ctwindow = noa[1] & 0x7f; 3059 /* valid noa_attr and index changed */
3060 sdata->u.mgd.p2p_noa_index = noa.index;
3061 memcpy(&bss_conf->p2p_noa_attr, &noa, sizeof(noa));
3062 changed |= BSS_CHANGED_P2P_PS;
3063 /*
3064 * make sure we update all information, the CRC
3065 * mechanism doesn't look at P2P attributes.
3066 */
3067 ifmgd->beacon_crc_valid = false;
3068 }
3069 } else if (sdata->u.mgd.p2p_noa_index != -1) {
3070 /* noa_attr not found and we had valid noa_attr before */
3071 sdata->u.mgd.p2p_noa_index = -1;
3072 memset(&bss_conf->p2p_noa_attr, 0, sizeof(bss_conf->p2p_noa_attr));
2970 changed |= BSS_CHANGED_P2P_PS; 3073 changed |= BSS_CHANGED_P2P_PS;
2971 sdata->u.mgd.p2p_noa_index = noa[0];
2972 /*
2973 * make sure we update all information, the CRC
2974 * mechanism doesn't look at P2P attributes.
2975 */
2976 ifmgd->beacon_crc_valid = false; 3074 ifmgd->beacon_crc_valid = false;
2977 } 3075 }
2978 } 3076 }
@@ -3014,7 +3112,7 @@ ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
3014 changed |= BSS_CHANGED_DTIM_PERIOD; 3112 changed |= BSS_CHANGED_DTIM_PERIOD;
3015 } 3113 }
3016 3114
3017 if (elems.erp_info && elems.erp_info_len >= 1) { 3115 if (elems.erp_info) {
3018 erp_valid = true; 3116 erp_valid = true;
3019 erp_value = elems.erp_info[0]; 3117 erp_value = elems.erp_info[0];
3020 } else { 3118 } else {
@@ -3064,6 +3162,8 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3064 enum rx_mgmt_action rma = RX_MGMT_NONE; 3162 enum rx_mgmt_action rma = RX_MGMT_NONE;
3065 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN]; 3163 u8 deauth_buf[IEEE80211_DEAUTH_FRAME_LEN];
3066 u16 fc; 3164 u16 fc;
3165 struct ieee802_11_elems elems;
3166 int ies_len;
3067 3167
3068 rx_status = (struct ieee80211_rx_status *) skb->cb; 3168 rx_status = (struct ieee80211_rx_status *) skb->cb;
3069 mgmt = (struct ieee80211_mgmt *) skb->data; 3169 mgmt = (struct ieee80211_mgmt *) skb->data;
@@ -3093,14 +3193,48 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
3093 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss); 3193 rma = ieee80211_rx_mgmt_assoc_resp(sdata, mgmt, skb->len, &bss);
3094 break; 3194 break;
3095 case IEEE80211_STYPE_ACTION: 3195 case IEEE80211_STYPE_ACTION:
3096 switch (mgmt->u.action.category) { 3196 if (mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) {
3097 case WLAN_CATEGORY_SPECTRUM_MGMT: 3197 ies_len = skb->len -
3198 offsetof(struct ieee80211_mgmt,
3199 u.action.u.chan_switch.variable);
3200
3201 if (ies_len < 0)
3202 break;
3203
3204 ieee802_11_parse_elems(
3205 mgmt->u.action.u.chan_switch.variable,
3206 ies_len, true, &elems);
3207
3208 if (elems.parse_error)
3209 break;
3210
3098 ieee80211_sta_process_chanswitch(sdata, 3211 ieee80211_sta_process_chanswitch(sdata,
3099 &mgmt->u.action.u.chan_switch.sw_elem, 3212 rx_status->mactime,
3100 (void *)ifmgd->associated->priv, 3213 &elems);
3101 rx_status->mactime); 3214 } else if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) {
3102 break; 3215 ies_len = skb->len -
3216 offsetof(struct ieee80211_mgmt,
3217 u.action.u.ext_chan_switch.variable);
3218
3219 if (ies_len < 0)
3220 break;
3221
3222 ieee802_11_parse_elems(
3223 mgmt->u.action.u.ext_chan_switch.variable,
3224 ies_len, true, &elems);
3225
3226 if (elems.parse_error)
3227 break;
3228
3229 /* for the handling code pretend this was also an IE */
3230 elems.ext_chansw_ie =
3231 &mgmt->u.action.u.ext_chan_switch.data;
3232
3233 ieee80211_sta_process_chanswitch(sdata,
3234 rx_status->mactime,
3235 &elems);
3103 } 3236 }
3237 break;
3104 } 3238 }
3105 mutex_unlock(&ifmgd->mtx); 3239 mutex_unlock(&ifmgd->mtx);
3106 3240
@@ -3513,8 +3647,9 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
3513 3647
3514 ifmgd->flags = 0; 3648 ifmgd->flags = 0;
3515 ifmgd->powersave = sdata->wdev.ps; 3649 ifmgd->powersave = sdata->wdev.ps;
3516 ifmgd->uapsd_queues = IEEE80211_DEFAULT_UAPSD_QUEUES; 3650 ifmgd->uapsd_queues = sdata->local->hw.uapsd_queues;
3517 ifmgd->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 3651 ifmgd->uapsd_max_sp_len = sdata->local->hw.uapsd_max_sp_len;
3652 ifmgd->p2p_noa_index = -1;
3518 3653
3519 mutex_init(&ifmgd->mtx); 3654 mutex_init(&ifmgd->mtx);
3520 3655
@@ -4079,7 +4214,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4079 rcu_read_unlock(); 4214 rcu_read_unlock();
4080 4215
4081 if (bss->wmm_used && bss->uapsd_supported && 4216 if (bss->wmm_used && bss->uapsd_supported &&
4082 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)) { 4217 (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD) &&
4218 sdata->wmm_acm != 0xff) {
4083 assoc_data->uapsd = true; 4219 assoc_data->uapsd = true;
4084 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED; 4220 ifmgd->flags |= IEEE80211_STA_UAPSD_ENABLED;
4085 } else { 4221 } else {
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index cce795871ab1..acd1f71adc03 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -445,15 +445,15 @@ void ieee80211_roc_setup(struct ieee80211_local *local)
445 INIT_LIST_HEAD(&local->roc_list); 445 INIT_LIST_HEAD(&local->roc_list);
446} 446}
447 447
448void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata) 448void ieee80211_roc_purge(struct ieee80211_local *local,
449 struct ieee80211_sub_if_data *sdata)
449{ 450{
450 struct ieee80211_local *local = sdata->local;
451 struct ieee80211_roc_work *roc, *tmp; 451 struct ieee80211_roc_work *roc, *tmp;
452 LIST_HEAD(tmp_list); 452 LIST_HEAD(tmp_list);
453 453
454 mutex_lock(&local->mtx); 454 mutex_lock(&local->mtx);
455 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 455 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
456 if (roc->sdata != sdata) 456 if (sdata && roc->sdata != sdata)
457 continue; 457 continue;
458 458
459 if (roc->started && local->ops->remain_on_channel) { 459 if (roc->started && local->ops->remain_on_channel) {
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 3d16f4e61743..7fc5d0d8149a 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -19,6 +19,10 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
19 19
20 ieee80211_dfs_cac_cancel(local); 20 ieee80211_dfs_cac_cancel(local);
21 21
22 ieee80211_roc_purge(local, NULL);
23
24 ieee80211_del_virtual_monitor(local);
25
22 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 26 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
23 mutex_lock(&local->sta_mtx); 27 mutex_lock(&local->sta_mtx);
24 list_for_each_entry(sta, &local->sta_list, list) { 28 list_for_each_entry(sta, &local->sta_list, list) {
@@ -33,8 +37,9 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
33 IEEE80211_MAX_QUEUE_MAP, 37 IEEE80211_MAX_QUEUE_MAP,
34 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 38 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
35 39
36 /* flush out all packets */ 40 /* flush out all packets and station cleanup call_rcu()s */
37 synchronize_net(); 41 synchronize_net();
42 rcu_barrier();
38 43
39 ieee80211_flush_queues(local, NULL); 44 ieee80211_flush_queues(local, NULL);
40 45
@@ -101,10 +106,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
101 drv_remove_interface(local, sdata); 106 drv_remove_interface(local, sdata);
102 } 107 }
103 108
104 sdata = rtnl_dereference(local->monitor_sdata);
105 if (sdata)
106 drv_remove_interface(local, sdata);
107
108 /* 109 /*
109 * We disconnected on all interfaces before suspend, all channel 110 * We disconnected on all interfaces before suspend, all channel
110 * contexts should be released. 111 * contexts should be released.
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index dd88381c53b7..0d51877efdb7 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -252,6 +252,25 @@ rate_lowest_non_cck_index(struct ieee80211_supported_band *sband,
252 return 0; 252 return 0;
253} 253}
254 254
255static void __rate_control_send_low(struct ieee80211_hw *hw,
256 struct ieee80211_supported_band *sband,
257 struct ieee80211_sta *sta,
258 struct ieee80211_tx_info *info)
259{
260 if ((sband->band != IEEE80211_BAND_2GHZ) ||
261 !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE))
262 info->control.rates[0].idx = rate_lowest_index(sband, sta);
263 else
264 info->control.rates[0].idx =
265 rate_lowest_non_cck_index(sband, sta);
266
267 info->control.rates[0].count =
268 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
269 1 : hw->max_rate_tries;
270
271 info->control.skip_table = 1;
272}
273
255 274
256bool rate_control_send_low(struct ieee80211_sta *sta, 275bool rate_control_send_low(struct ieee80211_sta *sta,
257 void *priv_sta, 276 void *priv_sta,
@@ -262,16 +281,8 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
262 int mcast_rate; 281 int mcast_rate;
263 282
264 if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) { 283 if (!sta || !priv_sta || rc_no_data_or_no_ack_use_min(txrc)) {
265 if ((sband->band != IEEE80211_BAND_2GHZ) || 284 __rate_control_send_low(txrc->hw, sband, sta, info);
266 !(info->flags & IEEE80211_TX_CTL_NO_CCK_RATE)) 285
267 info->control.rates[0].idx =
268 rate_lowest_index(txrc->sband, sta);
269 else
270 info->control.rates[0].idx =
271 rate_lowest_non_cck_index(txrc->sband, sta);
272 info->control.rates[0].count =
273 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
274 1 : txrc->hw->max_rate_tries;
275 if (!sta && txrc->bss) { 286 if (!sta && txrc->bss) {
276 mcast_rate = txrc->bss_conf->mcast_rate[sband->band]; 287 mcast_rate = txrc->bss_conf->mcast_rate[sband->band];
277 if (mcast_rate > 0) { 288 if (mcast_rate > 0) {
@@ -355,7 +366,8 @@ static bool rate_idx_match_mcs_mask(struct ieee80211_tx_rate *rate,
355 366
356 367
357static void rate_idx_match_mask(struct ieee80211_tx_rate *rate, 368static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
358 struct ieee80211_tx_rate_control *txrc, 369 struct ieee80211_supported_band *sband,
370 enum nl80211_chan_width chan_width,
359 u32 mask, 371 u32 mask,
360 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN]) 372 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN])
361{ 373{
@@ -375,27 +387,17 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
375 IEEE80211_TX_RC_USE_SHORT_PREAMBLE); 387 IEEE80211_TX_RC_USE_SHORT_PREAMBLE);
376 alt_rate.count = rate->count; 388 alt_rate.count = rate->count;
377 if (rate_idx_match_legacy_mask(&alt_rate, 389 if (rate_idx_match_legacy_mask(&alt_rate,
378 txrc->sband->n_bitrates, 390 sband->n_bitrates, mask)) {
379 mask)) {
380 *rate = alt_rate; 391 *rate = alt_rate;
381 return; 392 return;
382 } 393 }
383 } else { 394 } else {
384 struct sk_buff *skb = txrc->skb;
385 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
386 __le16 fc;
387
388 /* handle legacy rates */ 395 /* handle legacy rates */
389 if (rate_idx_match_legacy_mask(rate, txrc->sband->n_bitrates, 396 if (rate_idx_match_legacy_mask(rate, sband->n_bitrates, mask))
390 mask))
391 return; 397 return;
392 398
393 /* if HT BSS, and we handle a data frame, also try HT rates */ 399 /* if HT BSS, and we handle a data frame, also try HT rates */
394 if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_20_NOHT) 400 if (chan_width == NL80211_CHAN_WIDTH_20_NOHT)
395 return;
396
397 fc = hdr->frame_control;
398 if (!ieee80211_is_data(fc))
399 return; 401 return;
400 402
401 alt_rate.idx = 0; 403 alt_rate.idx = 0;
@@ -408,7 +410,7 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
408 410
409 alt_rate.flags |= IEEE80211_TX_RC_MCS; 411 alt_rate.flags |= IEEE80211_TX_RC_MCS;
410 412
411 if (txrc->bss_conf->chandef.width == NL80211_CHAN_WIDTH_40) 413 if (chan_width == NL80211_CHAN_WIDTH_40)
412 alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; 414 alt_rate.flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
413 415
414 if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) { 416 if (rate_idx_match_mcs_mask(&alt_rate, mcs_mask)) {
@@ -426,6 +428,228 @@ static void rate_idx_match_mask(struct ieee80211_tx_rate *rate,
426 */ 428 */
427} 429}
428 430
431static void rate_fixup_ratelist(struct ieee80211_vif *vif,
432 struct ieee80211_supported_band *sband,
433 struct ieee80211_tx_info *info,
434 struct ieee80211_tx_rate *rates,
435 int max_rates)
436{
437 struct ieee80211_rate *rate;
438 bool inval = false;
439 int i;
440
441 /*
442 * Set up the RTS/CTS rate as the fastest basic rate
443 * that is not faster than the data rate unless there
444 * is no basic rate slower than the data rate, in which
445 * case we pick the slowest basic rate
446 *
447 * XXX: Should this check all retry rates?
448 */
449 if (!(rates[0].flags & IEEE80211_TX_RC_MCS)) {
450 u32 basic_rates = vif->bss_conf.basic_rates;
451 s8 baserate = basic_rates ? ffs(basic_rates - 1) : 0;
452
453 rate = &sband->bitrates[rates[0].idx];
454
455 for (i = 0; i < sband->n_bitrates; i++) {
456 /* must be a basic rate */
457 if (!(basic_rates & BIT(i)))
458 continue;
459 /* must not be faster than the data rate */
460 if (sband->bitrates[i].bitrate > rate->bitrate)
461 continue;
462 /* maximum */
463 if (sband->bitrates[baserate].bitrate <
464 sband->bitrates[i].bitrate)
465 baserate = i;
466 }
467
468 info->control.rts_cts_rate_idx = baserate;
469 }
470
471 for (i = 0; i < max_rates; i++) {
472 /*
473 * make sure there's no valid rate following
474 * an invalid one, just in case drivers don't
475 * take the API seriously to stop at -1.
476 */
477 if (inval) {
478 rates[i].idx = -1;
479 continue;
480 }
481 if (rates[i].idx < 0) {
482 inval = true;
483 continue;
484 }
485
486 /*
487 * For now assume MCS is already set up correctly, this
488 * needs to be fixed.
489 */
490 if (rates[i].flags & IEEE80211_TX_RC_MCS) {
491 WARN_ON(rates[i].idx > 76);
492
493 if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) &&
494 info->control.use_cts_prot)
495 rates[i].flags |=
496 IEEE80211_TX_RC_USE_CTS_PROTECT;
497 continue;
498 }
499
500 if (rates[i].flags & IEEE80211_TX_RC_VHT_MCS) {
501 WARN_ON(ieee80211_rate_get_vht_mcs(&rates[i]) > 9);
502 continue;
503 }
504
505 /* set up RTS protection if desired */
506 if (info->control.use_rts) {
507 rates[i].flags |= IEEE80211_TX_RC_USE_RTS_CTS;
508 info->control.use_cts_prot = false;
509 }
510
511 /* RC is busted */
512 if (WARN_ON_ONCE(rates[i].idx >= sband->n_bitrates)) {
513 rates[i].idx = -1;
514 continue;
515 }
516
517 rate = &sband->bitrates[rates[i].idx];
518
519 /* set up short preamble */
520 if (info->control.short_preamble &&
521 rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
522 rates[i].flags |= IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
523
524 /* set up G protection */
525 if (!(rates[i].flags & IEEE80211_TX_RC_USE_RTS_CTS) &&
526 info->control.use_cts_prot &&
527 rate->flags & IEEE80211_RATE_ERP_G)
528 rates[i].flags |= IEEE80211_TX_RC_USE_CTS_PROTECT;
529 }
530}
531
532
533static void rate_control_fill_sta_table(struct ieee80211_sta *sta,
534 struct ieee80211_tx_info *info,
535 struct ieee80211_tx_rate *rates,
536 int max_rates)
537{
538 struct ieee80211_sta_rates *ratetbl = NULL;
539 int i;
540
541 if (sta && !info->control.skip_table)
542 ratetbl = rcu_dereference(sta->rates);
543
544 /* Fill remaining rate slots with data from the sta rate table. */
545 max_rates = min_t(int, max_rates, IEEE80211_TX_RATE_TABLE_SIZE);
546 for (i = 0; i < max_rates; i++) {
547 if (i < ARRAY_SIZE(info->control.rates) &&
548 info->control.rates[i].idx >= 0 &&
549 info->control.rates[i].count) {
550 if (rates != info->control.rates)
551 rates[i] = info->control.rates[i];
552 } else if (ratetbl) {
553 rates[i].idx = ratetbl->rate[i].idx;
554 rates[i].flags = ratetbl->rate[i].flags;
555 if (info->control.use_rts)
556 rates[i].count = ratetbl->rate[i].count_rts;
557 else if (info->control.use_cts_prot)
558 rates[i].count = ratetbl->rate[i].count_cts;
559 else
560 rates[i].count = ratetbl->rate[i].count;
561 } else {
562 rates[i].idx = -1;
563 rates[i].count = 0;
564 }
565
566 if (rates[i].idx < 0 || !rates[i].count)
567 break;
568 }
569}
570
571static void rate_control_apply_mask(struct ieee80211_sub_if_data *sdata,
572 struct ieee80211_sta *sta,
573 struct ieee80211_supported_band *sband,
574 struct ieee80211_tx_info *info,
575 struct ieee80211_tx_rate *rates,
576 int max_rates)
577{
578 enum nl80211_chan_width chan_width;
579 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN];
580 bool has_mcs_mask;
581 u32 mask;
582 int i;
583
584 /*
585 * Try to enforce the rateidx mask the user wanted. skip this if the
586 * default mask (allow all rates) is used to save some processing for
587 * the common case.
588 */
589 mask = sdata->rc_rateidx_mask[info->band];
590 has_mcs_mask = sdata->rc_has_mcs_mask[info->band];
591 if (mask == (1 << sband->n_bitrates) - 1 && !has_mcs_mask)
592 return;
593
594 if (has_mcs_mask)
595 memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band],
596 sizeof(mcs_mask));
597 else
598 memset(mcs_mask, 0xff, sizeof(mcs_mask));
599
600 if (sta) {
601 /* Filter out rates that the STA does not support */
602 mask &= sta->supp_rates[info->band];
603 for (i = 0; i < sizeof(mcs_mask); i++)
604 mcs_mask[i] &= sta->ht_cap.mcs.rx_mask[i];
605 }
606
607 /*
608 * Make sure the rate index selected for each TX rate is
609 * included in the configured mask and change the rate indexes
610 * if needed.
611 */
612 chan_width = sdata->vif.bss_conf.chandef.width;
613 for (i = 0; i < max_rates; i++) {
614 /* Skip invalid rates */
615 if (rates[i].idx < 0)
616 break;
617
618 rate_idx_match_mask(&rates[i], sband, mask, chan_width,
619 mcs_mask);
620 }
621}
622
623void ieee80211_get_tx_rates(struct ieee80211_vif *vif,
624 struct ieee80211_sta *sta,
625 struct sk_buff *skb,
626 struct ieee80211_tx_rate *dest,
627 int max_rates)
628{
629 struct ieee80211_sub_if_data *sdata;
630 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
631 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
632 struct ieee80211_supported_band *sband;
633
634 rate_control_fill_sta_table(sta, info, dest, max_rates);
635
636 if (!vif)
637 return;
638
639 sdata = vif_to_sdata(vif);
640 sband = sdata->local->hw.wiphy->bands[info->band];
641
642 if (ieee80211_is_data(hdr->frame_control))
643 rate_control_apply_mask(sdata, sta, sband, info, dest, max_rates);
644
645 if (dest[0].idx < 0)
646 __rate_control_send_low(&sdata->local->hw, sband, sta, info);
647
648 if (sta)
649 rate_fixup_ratelist(vif, sband, info, dest, max_rates);
650}
651EXPORT_SYMBOL(ieee80211_get_tx_rates);
652
429void rate_control_get_rate(struct ieee80211_sub_if_data *sdata, 653void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
430 struct sta_info *sta, 654 struct sta_info *sta,
431 struct ieee80211_tx_rate_control *txrc) 655 struct ieee80211_tx_rate_control *txrc)
@@ -435,8 +659,6 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
435 struct ieee80211_sta *ista = NULL; 659 struct ieee80211_sta *ista = NULL;
436 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 660 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
437 int i; 661 int i;
438 u32 mask;
439 u8 mcs_mask[IEEE80211_HT_MCS_MASK_LEN];
440 662
441 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) { 663 if (sta && test_sta_flag(sta, WLAN_STA_RATE_CONTROL)) {
442 ista = &sta->sta; 664 ista = &sta->sta;
@@ -454,37 +676,27 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
454 676
455 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc); 677 ref->ops->get_rate(ref->priv, ista, priv_sta, txrc);
456 678
457 /* 679 if (sdata->local->hw.flags & IEEE80211_HW_SUPPORTS_RC_TABLE)
458 * Try to enforce the rateidx mask the user wanted. skip this if the 680 return;
459 * default mask (allow all rates) is used to save some processing for 681
460 * the common case. 682 ieee80211_get_tx_rates(&sdata->vif, ista, txrc->skb,
461 */ 683 info->control.rates,
462 mask = sdata->rc_rateidx_mask[info->band]; 684 ARRAY_SIZE(info->control.rates));
463 memcpy(mcs_mask, sdata->rc_rateidx_mcs_mask[info->band], 685}
464 sizeof(mcs_mask));
465 if (mask != (1 << txrc->sband->n_bitrates) - 1) {
466 if (sta) {
467 /* Filter out rates that the STA does not support */
468 mask &= sta->sta.supp_rates[info->band];
469 for (i = 0; i < sizeof(mcs_mask); i++)
470 mcs_mask[i] &= sta->sta.ht_cap.mcs.rx_mask[i];
471 }
472 /*
473 * Make sure the rate index selected for each TX rate is
474 * included in the configured mask and change the rate indexes
475 * if needed.
476 */
477 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
478 /* Skip invalid rates */
479 if (info->control.rates[i].idx < 0)
480 break;
481 rate_idx_match_mask(&info->control.rates[i], txrc,
482 mask, mcs_mask);
483 }
484 }
485 686
486 BUG_ON(info->control.rates[0].idx < 0); 687int rate_control_set_rates(struct ieee80211_hw *hw,
688 struct ieee80211_sta *pubsta,
689 struct ieee80211_sta_rates *rates)
690{
691 struct ieee80211_sta_rates *old = rcu_dereference(pubsta->rates);
692
693 rcu_assign_pointer(pubsta->rates, rates);
694 if (old)
695 kfree_rcu(old, rcu_head);
696
697 return 0;
487} 698}
699EXPORT_SYMBOL(rate_control_set_rates);
488 700
489int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, 701int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
490 const char *name) 702 const char *name)
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 1c36c9b4fa4a..ac7ef5414bde 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -84,6 +84,50 @@ minstrel_sort_best_tp_rates(struct minstrel_sta_info *mi, int i, u8 *tp_list)
84} 84}
85 85
86static void 86static void
87minstrel_set_rate(struct minstrel_sta_info *mi, struct ieee80211_sta_rates *ratetbl,
88 int offset, int idx)
89{
90 struct minstrel_rate *r = &mi->r[idx];
91
92 ratetbl->rate[offset].idx = r->rix;
93 ratetbl->rate[offset].count = r->adjusted_retry_count;
94 ratetbl->rate[offset].count_cts = r->retry_count_cts;
95 ratetbl->rate[offset].count_rts = r->retry_count_rtscts;
96}
97
98static void
99minstrel_update_rates(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
100{
101 struct ieee80211_sta_rates *ratetbl;
102 int i = 0;
103
104 ratetbl = kzalloc(sizeof(*ratetbl), GFP_ATOMIC);
105 if (!ratetbl)
106 return;
107
108 /* Start with max_tp_rate */
109 minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[0]);
110
111 if (mp->hw->max_rates >= 3) {
112 /* At least 3 tx rates supported, use max_tp_rate2 next */
113 minstrel_set_rate(mi, ratetbl, i++, mi->max_tp_rate[1]);
114 }
115
116 if (mp->hw->max_rates >= 2) {
117 /* At least 2 tx rates supported, use max_prob_rate next */
118 minstrel_set_rate(mi, ratetbl, i++, mi->max_prob_rate);
119 }
120
121 /* Use lowest rate last */
122 ratetbl->rate[i].idx = mi->lowest_rix;
123 ratetbl->rate[i].count = mp->max_retry;
124 ratetbl->rate[i].count_cts = mp->max_retry;
125 ratetbl->rate[i].count_rts = mp->max_retry;
126
127 rate_control_set_rates(mp->hw, mi->sta, ratetbl);
128}
129
130static void
87minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi) 131minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
88{ 132{
89 u8 tmp_tp_rate[MAX_THR_RATES]; 133 u8 tmp_tp_rate[MAX_THR_RATES];
@@ -161,6 +205,8 @@ minstrel_update_stats(struct minstrel_priv *mp, struct minstrel_sta_info *mi)
161 205
162 /* Reset update timer */ 206 /* Reset update timer */
163 mi->stats_update = jiffies; 207 mi->stats_update = jiffies;
208
209 minstrel_update_rates(mp, mi);
164} 210}
165 211
166static void 212static void
@@ -209,9 +255,9 @@ minstrel_get_retry_count(struct minstrel_rate *mr,
209{ 255{
210 unsigned int retry = mr->adjusted_retry_count; 256 unsigned int retry = mr->adjusted_retry_count;
211 257
212 if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS) 258 if (info->control.use_rts)
213 retry = max(2U, min(mr->retry_count_rtscts, retry)); 259 retry = max(2U, min(mr->retry_count_rtscts, retry));
214 else if (info->control.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT) 260 else if (info->control.use_cts_prot)
215 retry = max(2U, min(mr->retry_count_cts, retry)); 261 retry = max(2U, min(mr->retry_count_cts, retry));
216 return retry; 262 return retry;
217} 263}
@@ -240,13 +286,12 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
240 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 286 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
241 struct minstrel_sta_info *mi = priv_sta; 287 struct minstrel_sta_info *mi = priv_sta;
242 struct minstrel_priv *mp = priv; 288 struct minstrel_priv *mp = priv;
243 struct ieee80211_tx_rate *ar = info->control.rates; 289 struct ieee80211_tx_rate *rate = &info->control.rates[0];
244 unsigned int ndx, sample_ndx = 0; 290 struct minstrel_rate *msr, *mr;
291 unsigned int ndx;
245 bool mrr_capable; 292 bool mrr_capable;
246 bool indirect_rate_sampling = false; 293 bool prev_sample = mi->prev_sample;
247 bool rate_sampling = false; 294 int delta;
248 int i, delta;
249 int mrr_ndx[3];
250 int sampling_ratio; 295 int sampling_ratio;
251 296
252 /* management/no-ack frames do not use rate control */ 297 /* management/no-ack frames do not use rate control */
@@ -262,107 +307,75 @@ minstrel_get_rate(void *priv, struct ieee80211_sta *sta,
262 else 307 else
263 sampling_ratio = mp->lookaround_rate; 308 sampling_ratio = mp->lookaround_rate;
264 309
265 /* init rateindex [ndx] with max throughput rate */
266 ndx = mi->max_tp_rate[0];
267
268 /* increase sum packet counter */ 310 /* increase sum packet counter */
269 mi->packet_count++; 311 mi->packet_count++;
270 312
271 delta = (mi->packet_count * sampling_ratio / 100) - 313 delta = (mi->packet_count * sampling_ratio / 100) -
272 (mi->sample_count + mi->sample_deferred / 2); 314 (mi->sample_count + mi->sample_deferred / 2);
273 315
274 /* delta > 0: sampling required */ 316 /* delta < 0: no sampling required */
275 if ((delta > 0) && (mrr_capable || !mi->prev_sample)) { 317 mi->prev_sample = false;
276 struct minstrel_rate *msr; 318 if (delta < 0 || (!mrr_capable && prev_sample))
277 if (mi->packet_count >= 10000) { 319 return;
278 mi->sample_deferred = 0;
279 mi->sample_count = 0;
280 mi->packet_count = 0;
281 } else if (delta > mi->n_rates * 2) {
282 /* With multi-rate retry, not every planned sample
283 * attempt actually gets used, due to the way the retry
284 * chain is set up - [max_tp,sample,prob,lowest] for
285 * sample_rate < max_tp.
286 *
287 * If there's too much sampling backlog and the link
288 * starts getting worse, minstrel would start bursting
289 * out lots of sampling frames, which would result
290 * in a large throughput loss. */
291 mi->sample_count += (delta - mi->n_rates * 2);
292 }
293 320
294 /* get next random rate sample */ 321 if (mi->packet_count >= 10000) {
295 sample_ndx = minstrel_get_next_sample(mi); 322 mi->sample_deferred = 0;
296 msr = &mi->r[sample_ndx]; 323 mi->sample_count = 0;
297 rate_sampling = true; 324 mi->packet_count = 0;
298 325 } else if (delta > mi->n_rates * 2) {
299 /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage) 326 /* With multi-rate retry, not every planned sample
300 * rate sampling method should be used. 327 * attempt actually gets used, due to the way the retry
301 * Respect such rates that are not sampled for 20 interations. 328 * chain is set up - [max_tp,sample,prob,lowest] for
302 */ 329 * sample_rate < max_tp.
303 if (mrr_capable && 330 *
304 msr->perfect_tx_time > mi->r[ndx].perfect_tx_time && 331 * If there's too much sampling backlog and the link
305 msr->sample_skipped < 20) 332 * starts getting worse, minstrel would start bursting
306 indirect_rate_sampling = true; 333 * out lots of sampling frames, which would result
307 334 * in a large throughput loss. */
308 if (!indirect_rate_sampling) { 335 mi->sample_count += (delta - mi->n_rates * 2);
309 if (msr->sample_limit != 0) { 336 }
310 ndx = sample_ndx; 337
311 mi->sample_count++; 338 /* get next random rate sample */
312 if (msr->sample_limit > 0) 339 ndx = minstrel_get_next_sample(mi);
313 msr->sample_limit--; 340 msr = &mi->r[ndx];
314 } else 341 mr = &mi->r[mi->max_tp_rate[0]];
315 rate_sampling = false; 342
316 } else { 343 /* Decide if direct ( 1st mrr stage) or indirect (2nd mrr stage)
317 /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark 344 * rate sampling method should be used.
318 * packets that have the sampling rate deferred to the 345 * Respect such rates that are not sampled for 20 interations.
319 * second MRR stage. Increase the sample counter only 346 */
320 * if the deferred sample rate was actually used. 347 if (mrr_capable &&
321 * Use the sample_deferred counter to make sure that 348 msr->perfect_tx_time > mr->perfect_tx_time &&
322 * the sampling is not done in large bursts */ 349 msr->sample_skipped < 20) {
323 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; 350 /* Only use IEEE80211_TX_CTL_RATE_CTRL_PROBE to mark
324 mi->sample_deferred++; 351 * packets that have the sampling rate deferred to the
325 } 352 * second MRR stage. Increase the sample counter only
353 * if the deferred sample rate was actually used.
354 * Use the sample_deferred counter to make sure that
355 * the sampling is not done in large bursts */
356 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
357 rate++;
358 mi->sample_deferred++;
359 } else {
360 if (!msr->sample_limit != 0)
361 return;
362
363 mi->sample_count++;
364 if (msr->sample_limit > 0)
365 msr->sample_limit--;
326 } 366 }
327 mi->prev_sample = rate_sampling;
328 367
329 /* If we're not using MRR and the sampling rate already 368 /* If we're not using MRR and the sampling rate already
330 * has a probability of >95%, we shouldn't be attempting 369 * has a probability of >95%, we shouldn't be attempting
331 * to use it, as this only wastes precious airtime */ 370 * to use it, as this only wastes precious airtime */
332 if (!mrr_capable && rate_sampling && 371 if (!mrr_capable &&
333 (mi->r[ndx].probability > MINSTREL_FRAC(95, 100))) 372 (mi->r[ndx].probability > MINSTREL_FRAC(95, 100)))
334 ndx = mi->max_tp_rate[0];
335
336 /* mrr setup for 1st stage */
337 ar[0].idx = mi->r[ndx].rix;
338 ar[0].count = minstrel_get_retry_count(&mi->r[ndx], info);
339
340 /* non mrr setup for 2nd stage */
341 if (!mrr_capable) {
342 if (!rate_sampling)
343 ar[0].count = mp->max_retry;
344 ar[1].idx = mi->lowest_rix;
345 ar[1].count = mp->max_retry;
346 return; 373 return;
347 }
348 374
349 /* mrr setup for 2nd stage */ 375 mi->prev_sample = true;
350 if (rate_sampling) {
351 if (indirect_rate_sampling)
352 mrr_ndx[0] = sample_ndx;
353 else
354 mrr_ndx[0] = mi->max_tp_rate[0];
355 } else {
356 mrr_ndx[0] = mi->max_tp_rate[1];
357 }
358 376
359 /* mrr setup for 3rd & 4th stage */ 377 rate->idx = mi->r[ndx].rix;
360 mrr_ndx[1] = mi->max_prob_rate; 378 rate->count = minstrel_get_retry_count(&mi->r[ndx], info);
361 mrr_ndx[2] = 0;
362 for (i = 1; i < 4; i++) {
363 ar[i].idx = mi->r[mrr_ndx[i - 1]].rix;
364 ar[i].count = mi->r[mrr_ndx[i - 1]].adjusted_retry_count;
365 }
366} 379}
367 380
368 381
@@ -412,12 +425,16 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
412 unsigned int i, n = 0; 425 unsigned int i, n = 0;
413 unsigned int t_slot = 9; /* FIXME: get real slot time */ 426 unsigned int t_slot = 9; /* FIXME: get real slot time */
414 427
428 mi->sta = sta;
415 mi->lowest_rix = rate_lowest_index(sband, sta); 429 mi->lowest_rix = rate_lowest_index(sband, sta);
416 ctl_rate = &sband->bitrates[mi->lowest_rix]; 430 ctl_rate = &sband->bitrates[mi->lowest_rix];
417 mi->sp_ack_dur = ieee80211_frame_duration(sband->band, 10, 431 mi->sp_ack_dur = ieee80211_frame_duration(sband->band, 10,
418 ctl_rate->bitrate, 432 ctl_rate->bitrate,
419 !!(ctl_rate->flags & IEEE80211_RATE_ERP_G), 1); 433 !!(ctl_rate->flags & IEEE80211_RATE_ERP_G), 1);
420 434
435 memset(mi->max_tp_rate, 0, sizeof(mi->max_tp_rate));
436 mi->max_prob_rate = 0;
437
421 for (i = 0; i < sband->n_bitrates; i++) { 438 for (i = 0; i < sband->n_bitrates; i++) {
422 struct minstrel_rate *mr = &mi->r[n]; 439 struct minstrel_rate *mr = &mi->r[n];
423 unsigned int tx_time = 0, tx_time_cts = 0, tx_time_rtscts = 0; 440 unsigned int tx_time = 0, tx_time_cts = 0, tx_time_rtscts = 0;
@@ -460,6 +477,8 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
460 } while ((tx_time < mp->segment_size) && 477 } while ((tx_time < mp->segment_size) &&
461 (++mr->retry_count < mp->max_retry)); 478 (++mr->retry_count < mp->max_retry));
462 mr->adjusted_retry_count = mr->retry_count; 479 mr->adjusted_retry_count = mr->retry_count;
480 if (!(sband->bitrates[i].flags & IEEE80211_RATE_ERP_G))
481 mr->retry_count_cts = mr->retry_count;
463 } 482 }
464 483
465 for (i = n; i < sband->n_bitrates; i++) { 484 for (i = n; i < sband->n_bitrates; i++) {
@@ -471,6 +490,7 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
471 mi->stats_update = jiffies; 490 mi->stats_update = jiffies;
472 491
473 init_sample_table(mi); 492 init_sample_table(mi);
493 minstrel_update_rates(mp, mi);
474} 494}
475 495
476static void * 496static void *
diff --git a/net/mac80211/rc80211_minstrel.h b/net/mac80211/rc80211_minstrel.h
index 85ebf42cb46d..f4301f4b2e41 100644
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -9,7 +9,8 @@
9#ifndef __RC_MINSTREL_H 9#ifndef __RC_MINSTREL_H
10#define __RC_MINSTREL_H 10#define __RC_MINSTREL_H
11 11
12#define EWMA_LEVEL 75 /* ewma weighting factor [%] */ 12#define EWMA_LEVEL 96 /* ewma weighting factor [/EWMA_DIV] */
13#define EWMA_DIV 128
13#define SAMPLE_COLUMNS 10 /* number of columns in sample table */ 14#define SAMPLE_COLUMNS 10 /* number of columns in sample table */
14 15
15 16
@@ -27,7 +28,7 @@
27static inline int 28static inline int
28minstrel_ewma(int old, int new, int weight) 29minstrel_ewma(int old, int new, int weight)
29{ 30{
30 return (new * (100 - weight) + old * weight) / 100; 31 return (new * (EWMA_DIV - weight) + old * weight) / EWMA_DIV;
31} 32}
32 33
33 34
@@ -62,6 +63,8 @@ struct minstrel_rate {
62}; 63};
63 64
64struct minstrel_sta_info { 65struct minstrel_sta_info {
66 struct ieee80211_sta *sta;
67
65 unsigned long stats_update; 68 unsigned long stats_update;
66 unsigned int sp_ack_dur; 69 unsigned int sp_ack_dur;
67 unsigned int rate_avg; 70 unsigned int rate_avg;
diff --git a/net/mac80211/rc80211_minstrel_debugfs.c b/net/mac80211/rc80211_minstrel_debugfs.c
index d1048348d399..fd0b9ca1570e 100644
--- a/net/mac80211/rc80211_minstrel_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_debugfs.c
@@ -68,7 +68,7 @@ minstrel_stats_open(struct inode *inode, struct file *file)
68 68
69 file->private_data = ms; 69 file->private_data = ms;
70 p = ms->buf; 70 p = ms->buf;
71 p += sprintf(p, "rate throughput ewma prob this prob " 71 p += sprintf(p, "rate throughput ewma prob this prob "
72 "this succ/attempt success attempts\n"); 72 "this succ/attempt success attempts\n");
73 for (i = 0; i < mi->n_rates; i++) { 73 for (i = 0; i < mi->n_rates; i++) {
74 struct minstrel_rate *mr = &mi->r[i]; 74 struct minstrel_rate *mr = &mi->r[i];
@@ -86,7 +86,7 @@ minstrel_stats_open(struct inode *inode, struct file *file)
86 eprob = MINSTREL_TRUNC(mr->probability * 1000); 86 eprob = MINSTREL_TRUNC(mr->probability * 1000);
87 87
88 p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u " 88 p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u "
89 "%3u(%3u) %8llu %8llu\n", 89 " %3u(%3u) %8llu %8llu\n",
90 tp / 10, tp % 10, 90 tp / 10, tp % 10,
91 eprob / 10, eprob % 10, 91 eprob / 10, eprob % 10,
92 prob / 10, prob % 10, 92 prob / 10, prob % 10,
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index d2b264d1311d..5b2d3012b983 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -126,6 +126,9 @@ const struct mcs_group minstrel_mcs_groups[] = {
126 126
127static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES]; 127static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES];
128 128
129static void
130minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi);
131
129/* 132/*
130 * Look up an MCS group index based on mac80211 rate information 133 * Look up an MCS group index based on mac80211 rate information
131 */ 134 */
@@ -244,6 +247,7 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
244 struct minstrel_rate_stats *mr; 247 struct minstrel_rate_stats *mr;
245 int cur_prob, cur_prob_tp, cur_tp, cur_tp2; 248 int cur_prob, cur_prob_tp, cur_tp, cur_tp2;
246 int group, i, index; 249 int group, i, index;
250 bool mi_rates_valid = false;
247 251
248 if (mi->ampdu_packets > 0) { 252 if (mi->ampdu_packets > 0) {
249 mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len, 253 mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len,
@@ -254,11 +258,10 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
254 258
255 mi->sample_slow = 0; 259 mi->sample_slow = 0;
256 mi->sample_count = 0; 260 mi->sample_count = 0;
257 mi->max_tp_rate = 0;
258 mi->max_tp_rate2 = 0;
259 mi->max_prob_rate = 0;
260 261
261 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) { 262 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) {
263 bool mg_rates_valid = false;
264
262 cur_prob = 0; 265 cur_prob = 0;
263 cur_prob_tp = 0; 266 cur_prob_tp = 0;
264 cur_tp = 0; 267 cur_tp = 0;
@@ -268,15 +271,24 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
268 if (!mg->supported) 271 if (!mg->supported)
269 continue; 272 continue;
270 273
271 mg->max_tp_rate = 0;
272 mg->max_tp_rate2 = 0;
273 mg->max_prob_rate = 0;
274 mi->sample_count++; 274 mi->sample_count++;
275 275
276 for (i = 0; i < MCS_GROUP_RATES; i++) { 276 for (i = 0; i < MCS_GROUP_RATES; i++) {
277 if (!(mg->supported & BIT(i))) 277 if (!(mg->supported & BIT(i)))
278 continue; 278 continue;
279 279
280 /* initialize rates selections starting indexes */
281 if (!mg_rates_valid) {
282 mg->max_tp_rate = mg->max_tp_rate2 =
283 mg->max_prob_rate = i;
284 if (!mi_rates_valid) {
285 mi->max_tp_rate = mi->max_tp_rate2 =
286 mi->max_prob_rate = i;
287 mi_rates_valid = true;
288 }
289 mg_rates_valid = true;
290 }
291
280 mr = &mg->rates[i]; 292 mr = &mg->rates[i];
281 mr->retry_updated = false; 293 mr->retry_updated = false;
282 index = MCS_GROUP_RATES * group + i; 294 index = MCS_GROUP_RATES * group + i;
@@ -456,7 +468,7 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
456 struct ieee80211_tx_rate *ar = info->status.rates; 468 struct ieee80211_tx_rate *ar = info->status.rates;
457 struct minstrel_rate_stats *rate, *rate2; 469 struct minstrel_rate_stats *rate, *rate2;
458 struct minstrel_priv *mp = priv; 470 struct minstrel_priv *mp = priv;
459 bool last; 471 bool last, update = false;
460 int i; 472 int i;
461 473
462 if (!msp->is_ht) 474 if (!msp->is_ht)
@@ -505,21 +517,29 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
505 rate = minstrel_get_ratestats(mi, mi->max_tp_rate); 517 rate = minstrel_get_ratestats(mi, mi->max_tp_rate);
506 if (rate->attempts > 30 && 518 if (rate->attempts > 30 &&
507 MINSTREL_FRAC(rate->success, rate->attempts) < 519 MINSTREL_FRAC(rate->success, rate->attempts) <
508 MINSTREL_FRAC(20, 100)) 520 MINSTREL_FRAC(20, 100)) {
509 minstrel_downgrade_rate(mi, &mi->max_tp_rate, true); 521 minstrel_downgrade_rate(mi, &mi->max_tp_rate, true);
522 update = true;
523 }
510 524
511 rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2); 525 rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2);
512 if (rate2->attempts > 30 && 526 if (rate2->attempts > 30 &&
513 MINSTREL_FRAC(rate2->success, rate2->attempts) < 527 MINSTREL_FRAC(rate2->success, rate2->attempts) <
514 MINSTREL_FRAC(20, 100)) 528 MINSTREL_FRAC(20, 100)) {
515 minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false); 529 minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false);
530 update = true;
531 }
516 532
517 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) { 533 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) {
534 update = true;
518 minstrel_ht_update_stats(mp, mi); 535 minstrel_ht_update_stats(mp, mi);
519 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) && 536 if (!(info->flags & IEEE80211_TX_CTL_AMPDU) &&
520 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP) 537 mi->max_prob_rate / MCS_GROUP_RATES != MINSTREL_CCK_GROUP)
521 minstrel_aggr_check(sta, skb); 538 minstrel_aggr_check(sta, skb);
522 } 539 }
540
541 if (update)
542 minstrel_ht_update_rates(mp, mi);
523} 543}
524 544
525static void 545static void
@@ -583,36 +603,71 @@ minstrel_calc_retransmit(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
583 603
584static void 604static void
585minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi, 605minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
586 struct ieee80211_tx_rate *rate, int index, 606 struct ieee80211_sta_rates *ratetbl, int offset, int index)
587 bool sample, bool rtscts)
588{ 607{
589 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES]; 608 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
590 struct minstrel_rate_stats *mr; 609 struct minstrel_rate_stats *mr;
610 u8 idx;
611 u16 flags;
591 612
592 mr = minstrel_get_ratestats(mi, index); 613 mr = minstrel_get_ratestats(mi, index);
593 if (!mr->retry_updated) 614 if (!mr->retry_updated)
594 minstrel_calc_retransmit(mp, mi, index); 615 minstrel_calc_retransmit(mp, mi, index);
595 616
596 if (sample) 617 if (mr->probability < MINSTREL_FRAC(20, 100) || !mr->retry_count) {
597 rate->count = 1; 618 ratetbl->rate[offset].count = 2;
598 else if (mr->probability < MINSTREL_FRAC(20, 100)) 619 ratetbl->rate[offset].count_rts = 2;
599 rate->count = 2; 620 ratetbl->rate[offset].count_cts = 2;
600 else if (rtscts) 621 } else {
601 rate->count = mr->retry_count_rtscts; 622 ratetbl->rate[offset].count = mr->retry_count;
602 else 623 ratetbl->rate[offset].count_cts = mr->retry_count;
603 rate->count = mr->retry_count; 624 ratetbl->rate[offset].count_rts = mr->retry_count_rtscts;
604 625 }
605 rate->flags = 0;
606 if (rtscts)
607 rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS;
608 626
609 if (index / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) { 627 if (index / MCS_GROUP_RATES == MINSTREL_CCK_GROUP) {
610 rate->idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)]; 628 idx = mp->cck_rates[index % ARRAY_SIZE(mp->cck_rates)];
629 flags = 0;
630 } else {
631 idx = index % MCS_GROUP_RATES +
632 (group->streams - 1) * MCS_GROUP_RATES;
633 flags = IEEE80211_TX_RC_MCS | group->flags;
634 }
635
636 if (offset > 0) {
637 ratetbl->rate[offset].count = ratetbl->rate[offset].count_rts;
638 flags |= IEEE80211_TX_RC_USE_RTS_CTS;
639 }
640
641 ratetbl->rate[offset].idx = idx;
642 ratetbl->rate[offset].flags = flags;
643}
644
645static void
646minstrel_ht_update_rates(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
647{
648 struct ieee80211_sta_rates *rates;
649 int i = 0;
650
651 rates = kzalloc(sizeof(*rates), GFP_ATOMIC);
652 if (!rates)
611 return; 653 return;
654
655 /* Start with max_tp_rate */
656 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate);
657
658 if (mp->hw->max_rates >= 3) {
659 /* At least 3 tx rates supported, use max_tp_rate2 next */
660 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_tp_rate2);
661 }
662
663 if (mp->hw->max_rates >= 2) {
664 /*
665 * At least 2 tx rates supported, use max_prob_rate next */
666 minstrel_ht_set_rate(mp, mi, rates, i++, mi->max_prob_rate);
612 } 667 }
613 668
614 rate->flags |= IEEE80211_TX_RC_MCS | group->flags; 669 rates->rate[i].idx = -1;
615 rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES; 670 rate_control_set_rates(mp->hw, mi->sta, rates);
616} 671}
617 672
618static inline int 673static inline int
@@ -702,13 +757,13 @@ static void
702minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta, 757minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
703 struct ieee80211_tx_rate_control *txrc) 758 struct ieee80211_tx_rate_control *txrc)
704{ 759{
760 const struct mcs_group *sample_group;
705 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 761 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
706 struct ieee80211_tx_rate *ar = info->status.rates; 762 struct ieee80211_tx_rate *rate = &info->status.rates[0];
707 struct minstrel_ht_sta_priv *msp = priv_sta; 763 struct minstrel_ht_sta_priv *msp = priv_sta;
708 struct minstrel_ht_sta *mi = &msp->ht; 764 struct minstrel_ht_sta *mi = &msp->ht;
709 struct minstrel_priv *mp = priv; 765 struct minstrel_priv *mp = priv;
710 int sample_idx; 766 int sample_idx;
711 bool sample = false;
712 767
713 if (rate_control_send_low(sta, priv_sta, txrc)) 768 if (rate_control_send_low(sta, priv_sta, txrc))
714 return; 769 return;
@@ -736,51 +791,6 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
736 } 791 }
737#endif 792#endif
738 793
739 if (sample_idx >= 0) {
740 sample = true;
741 minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx,
742 true, false);
743 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
744 } else {
745 minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate,
746 false, false);
747 }
748
749 if (mp->hw->max_rates >= 3) {
750 /*
751 * At least 3 tx rates supported, use
752 * sample_rate -> max_tp_rate -> max_prob_rate for sampling and
753 * max_tp_rate -> max_tp_rate2 -> max_prob_rate by default.
754 */
755 if (sample_idx >= 0)
756 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate,
757 false, false);
758 else
759 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2,
760 false, true);
761
762 minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate,
763 false, !sample);
764
765 ar[3].count = 0;
766 ar[3].idx = -1;
767 } else if (mp->hw->max_rates == 2) {
768 /*
769 * Only 2 tx rates supported, use
770 * sample_rate -> max_prob_rate for sampling and
771 * max_tp_rate -> max_prob_rate by default.
772 */
773 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_prob_rate,
774 false, !sample);
775
776 ar[2].count = 0;
777 ar[2].idx = -1;
778 } else {
779 /* Not using MRR, only use the first rate */
780 ar[1].count = 0;
781 ar[1].idx = -1;
782 }
783
784 mi->total_packets++; 794 mi->total_packets++;
785 795
786 /* wraparound */ 796 /* wraparound */
@@ -788,6 +798,16 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
788 mi->total_packets = 0; 798 mi->total_packets = 0;
789 mi->sample_packets = 0; 799 mi->sample_packets = 0;
790 } 800 }
801
802 if (sample_idx < 0)
803 return;
804
805 sample_group = &minstrel_mcs_groups[sample_idx / MCS_GROUP_RATES];
806 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
807 rate->idx = sample_idx % MCS_GROUP_RATES +
808 (sample_group->streams - 1) * MCS_GROUP_RATES;
809 rate->flags = IEEE80211_TX_RC_MCS | sample_group->flags;
810 rate->count = 1;
791} 811}
792 812
793static void 813static void
@@ -837,6 +857,8 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
837 857
838 msp->is_ht = true; 858 msp->is_ht = true;
839 memset(mi, 0, sizeof(*mi)); 859 memset(mi, 0, sizeof(*mi));
860
861 mi->sta = sta;
840 mi->stats_update = jiffies; 862 mi->stats_update = jiffies;
841 863
842 ack_dur = ieee80211_frame_duration(sband->band, 10, 60, 1, 1); 864 ack_dur = ieee80211_frame_duration(sband->band, 10, 60, 1, 1);
@@ -898,6 +920,10 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
898 if (!n_supported) 920 if (!n_supported)
899 goto use_legacy; 921 goto use_legacy;
900 922
923 /* create an initial rate table with the lowest supported rates */
924 minstrel_ht_update_stats(mp, mi);
925 minstrel_ht_update_rates(mp, mi);
926
901 return; 927 return;
902 928
903use_legacy: 929use_legacy:
diff --git a/net/mac80211/rc80211_minstrel_ht.h b/net/mac80211/rc80211_minstrel_ht.h
index 9b16e9de9923..d655586773ac 100644
--- a/net/mac80211/rc80211_minstrel_ht.h
+++ b/net/mac80211/rc80211_minstrel_ht.h
@@ -65,6 +65,8 @@ struct minstrel_mcs_group_data {
65}; 65};
66 66
67struct minstrel_ht_sta { 67struct minstrel_ht_sta {
68 struct ieee80211_sta *sta;
69
68 /* ampdu length (average, per sampling interval) */ 70 /* ampdu length (average, per sampling interval) */
69 unsigned int ampdu_len; 71 unsigned int ampdu_len;
70 unsigned int ampdu_packets; 72 unsigned int ampdu_packets;
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 2528b5a4d6d4..c8447af76ead 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2085,6 +2085,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
2085 } 2085 }
2086 2086
2087 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 2087 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
2088 fwd_hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_RETRY);
2088 info = IEEE80211_SKB_CB(fwd_skb); 2089 info = IEEE80211_SKB_CB(fwd_skb);
2089 memset(info, 0, sizeof(*info)); 2090 memset(info, 0, sizeof(*info));
2090 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 2091 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
@@ -2423,6 +2424,22 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2423 } 2424 }
2424 2425
2425 break; 2426 break;
2427 case WLAN_CATEGORY_PUBLIC:
2428 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
2429 goto invalid;
2430 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2431 break;
2432 if (!rx->sta)
2433 break;
2434 if (!ether_addr_equal(mgmt->bssid, sdata->u.mgd.bssid))
2435 break;
2436 if (mgmt->u.action.u.ext_chan_switch.action_code !=
2437 WLAN_PUB_ACTION_EXT_CHANSW_ANN)
2438 break;
2439 if (len < offsetof(struct ieee80211_mgmt,
2440 u.action.u.ext_chan_switch.variable))
2441 goto invalid;
2442 goto queue;
2426 case WLAN_CATEGORY_VHT: 2443 case WLAN_CATEGORY_VHT:
2427 if (sdata->vif.type != NL80211_IFTYPE_STATION && 2444 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
2428 sdata->vif.type != NL80211_IFTYPE_MESH_POINT && 2445 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
@@ -2506,10 +2523,6 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2506 ieee80211_process_measurement_req(sdata, mgmt, len); 2523 ieee80211_process_measurement_req(sdata, mgmt, len);
2507 goto handled; 2524 goto handled;
2508 case WLAN_ACTION_SPCT_CHL_SWITCH: 2525 case WLAN_ACTION_SPCT_CHL_SWITCH:
2509 if (len < (IEEE80211_MIN_ACTION_SIZE +
2510 sizeof(mgmt->u.action.u.chan_switch)))
2511 break;
2512
2513 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2526 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2514 break; 2527 break;
2515 2528
@@ -3042,7 +3055,8 @@ static int prepare_for_handlers(struct ieee80211_rx_data *rx,
3042 !ieee80211_is_probe_resp(hdr->frame_control) && 3055 !ieee80211_is_probe_resp(hdr->frame_control) &&
3043 !ieee80211_is_beacon(hdr->frame_control)) 3056 !ieee80211_is_beacon(hdr->frame_control))
3044 return 0; 3057 return 0;
3045 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1)) 3058 if (!ether_addr_equal(sdata->vif.addr, hdr->addr1) &&
3059 !multicast)
3046 status->rx_flags &= ~IEEE80211_RX_RA_MATCH; 3060 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
3047 break; 3061 break;
3048 default: 3062 default:
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index cb34cbbaa20c..99b103921a4b 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -98,9 +98,8 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
98 } 98 }
99 99
100 /* save the ERP value so that it is available at association time */ 100 /* save the ERP value so that it is available at association time */
101 if (elems->erp_info && elems->erp_info_len >= 1 && 101 if (elems->erp_info && (!elems->parse_error ||
102 (!elems->parse_error || 102 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
103 !(bss->valid_data & IEEE80211_BSS_VALID_ERP))) {
104 bss->erp_value = elems->erp_info[0]; 103 bss->erp_value = elems->erp_info[0];
105 bss->has_erp_value = true; 104 bss->has_erp_value = true;
106 if (!elems->parse_error) 105 if (!elems->parse_error)
@@ -182,7 +181,7 @@ void ieee80211_scan_rx(struct ieee80211_local *local, struct sk_buff *skb)
182 if (baselen > skb->len) 181 if (baselen > skb->len)
183 return; 182 return;
184 183
185 ieee802_11_parse_elems(elements, skb->len - baselen, &elems); 184 ieee802_11_parse_elems(elements, skb->len - baselen, false, &elems);
186 185
187 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq); 186 channel = ieee80211_get_channel(local->hw.wiphy, rx_status->freq);
188 187
@@ -384,7 +383,7 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
384{ 383{
385 int i; 384 int i;
386 struct ieee80211_sub_if_data *sdata; 385 struct ieee80211_sub_if_data *sdata;
387 enum ieee80211_band band = local->hw.conf.channel->band; 386 enum ieee80211_band band = local->hw.conf.chandef.chan->band;
388 u32 tx_flags; 387 u32 tx_flags;
389 388
390 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 389 tx_flags = IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
@@ -401,7 +400,7 @@ static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
401 local->scan_req->ssids[i].ssid_len, 400 local->scan_req->ssids[i].ssid_len,
402 local->scan_req->ie, local->scan_req->ie_len, 401 local->scan_req->ie, local->scan_req->ie_len,
403 local->scan_req->rates[band], false, 402 local->scan_req->rates[band], false,
404 tx_flags, local->hw.conf.channel, true); 403 tx_flags, local->hw.conf.chandef.chan, true);
405 404
406 /* 405 /*
407 * After sending probe requests, wait for probe responses 406 * After sending probe requests, wait for probe responses
@@ -467,7 +466,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
467 if (local->ops->hw_scan) { 466 if (local->ops->hw_scan) {
468 __set_bit(SCAN_HW_SCANNING, &local->scanning); 467 __set_bit(SCAN_HW_SCANNING, &local->scanning);
469 } else if ((req->n_channels == 1) && 468 } else if ((req->n_channels == 1) &&
470 (req->channels[0] == local->_oper_channel)) { 469 (req->channels[0] == local->_oper_chandef.chan)) {
471 /* 470 /*
472 * If we are scanning only on the operating channel 471 * If we are scanning only on the operating channel
473 * then we do not need to stop normal activities 472 * then we do not need to stop normal activities
diff --git a/net/mac80211/trace.h b/net/mac80211/trace.h
index c5899797a8d4..c215fafd7a2f 100644
--- a/net/mac80211/trace.h
+++ b/net/mac80211/trace.h
@@ -28,27 +28,27 @@
28#define VIF_PR_FMT " vif:%s(%d%s)" 28#define VIF_PR_FMT " vif:%s(%d%s)"
29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : "" 29#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : ""
30 30
31#define CHANDEF_ENTRY __field(u32, control_freq) \ 31#define CHANDEF_ENTRY __field(u32, control_freq) \
32 __field(u32, chan_width) \ 32 __field(u32, chan_width) \
33 __field(u32, center_freq1) \ 33 __field(u32, center_freq1) \
34 __field(u32, center_freq2) 34 __field(u32, center_freq2)
35#define CHANDEF_ASSIGN(c) \ 35#define CHANDEF_ASSIGN(c) \
36 __entry->control_freq = (c)->chan->center_freq; \ 36 __entry->control_freq = (c)->chan ? (c)->chan->center_freq : 0; \
37 __entry->chan_width = (c)->width; \ 37 __entry->chan_width = (c)->width; \
38 __entry->center_freq1 = (c)->center_freq1; \ 38 __entry->center_freq1 = (c)->center_freq1; \
39 __entry->center_freq2 = (c)->center_freq2; 39 __entry->center_freq2 = (c)->center_freq2;
40#define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz" 40#define CHANDEF_PR_FMT " control:%d MHz width:%d center: %d/%d MHz"
41#define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \ 41#define CHANDEF_PR_ARG __entry->control_freq, __entry->chan_width, \
42 __entry->center_freq1, __entry->center_freq2 42 __entry->center_freq1, __entry->center_freq2
43 43
44#define CHANCTX_ENTRY CHANDEF_ENTRY \ 44#define CHANCTX_ENTRY CHANDEF_ENTRY \
45 __field(u8, rx_chains_static) \ 45 __field(u8, rx_chains_static) \
46 __field(u8, rx_chains_dynamic) 46 __field(u8, rx_chains_dynamic)
47#define CHANCTX_ASSIGN CHANDEF_ASSIGN(&ctx->conf.def) \ 47#define CHANCTX_ASSIGN CHANDEF_ASSIGN(&ctx->conf.def) \
48 __entry->rx_chains_static = ctx->conf.rx_chains_static; \ 48 __entry->rx_chains_static = ctx->conf.rx_chains_static; \
49 __entry->rx_chains_dynamic = ctx->conf.rx_chains_dynamic 49 __entry->rx_chains_dynamic = ctx->conf.rx_chains_dynamic
50#define CHANCTX_PR_FMT CHANDEF_PR_FMT " chains:%d/%d" 50#define CHANCTX_PR_FMT CHANDEF_PR_FMT " chains:%d/%d"
51#define CHANCTX_PR_ARG CHANDEF_PR_ARG, \ 51#define CHANCTX_PR_ARG CHANDEF_PR_ARG, \
52 __entry->rx_chains_static, __entry->rx_chains_dynamic 52 __entry->rx_chains_static, __entry->rx_chains_dynamic
53 53
54 54
@@ -286,8 +286,7 @@ TRACE_EVENT(drv_config,
286 __field(u16, listen_interval) 286 __field(u16, listen_interval)
287 __field(u8, long_frame_max_tx_count) 287 __field(u8, long_frame_max_tx_count)
288 __field(u8, short_frame_max_tx_count) 288 __field(u8, short_frame_max_tx_count)
289 __field(int, center_freq) 289 CHANDEF_ENTRY
290 __field(int, channel_type)
291 __field(int, smps) 290 __field(int, smps)
292 ), 291 ),
293 292
@@ -303,15 +302,13 @@ TRACE_EVENT(drv_config,
303 local->hw.conf.long_frame_max_tx_count; 302 local->hw.conf.long_frame_max_tx_count;
304 __entry->short_frame_max_tx_count = 303 __entry->short_frame_max_tx_count =
305 local->hw.conf.short_frame_max_tx_count; 304 local->hw.conf.short_frame_max_tx_count;
306 __entry->center_freq = local->hw.conf.channel ? 305 CHANDEF_ASSIGN(&local->hw.conf.chandef)
307 local->hw.conf.channel->center_freq : 0;
308 __entry->channel_type = local->hw.conf.channel_type;
309 __entry->smps = local->hw.conf.smps_mode; 306 __entry->smps = local->hw.conf.smps_mode;
310 ), 307 ),
311 308
312 TP_printk( 309 TP_printk(
313 LOCAL_PR_FMT " ch:%#x freq:%d", 310 LOCAL_PR_FMT " ch:%#x" CHANDEF_PR_FMT,
314 LOCAL_PR_ARG, __entry->changed, __entry->center_freq 311 LOCAL_PR_ARG, __entry->changed, CHANDEF_PR_ARG
315 ) 312 )
316); 313);
317 314
@@ -359,8 +356,7 @@ TRACE_EVENT(drv_bss_info_changed,
359 __dynamic_array(u8, ssid, info->ssid_len); 356 __dynamic_array(u8, ssid, info->ssid_len);
360 __field(bool, hidden_ssid); 357 __field(bool, hidden_ssid);
361 __field(int, txpower) 358 __field(int, txpower)
362 __field(u8, p2p_ctwindow) 359 __field(u8, p2p_oppps_ctwindow)
363 __field(bool, p2p_oppps)
364 ), 360 ),
365 361
366 TP_fast_assign( 362 TP_fast_assign(
@@ -400,8 +396,7 @@ TRACE_EVENT(drv_bss_info_changed,
400 memcpy(__get_dynamic_array(ssid), info->ssid, info->ssid_len); 396 memcpy(__get_dynamic_array(ssid), info->ssid, info->ssid_len);
401 __entry->hidden_ssid = info->hidden_ssid; 397 __entry->hidden_ssid = info->hidden_ssid;
402 __entry->txpower = info->txpower; 398 __entry->txpower = info->txpower;
403 __entry->p2p_ctwindow = info->p2p_ctwindow; 399 __entry->p2p_oppps_ctwindow = info->p2p_noa_attr.oppps_ctwindow;
404 __entry->p2p_oppps = info->p2p_oppps;
405 ), 400 ),
406 401
407 TP_printk( 402 TP_printk(
@@ -995,23 +990,23 @@ TRACE_EVENT(drv_channel_switch,
995 990
996 TP_STRUCT__entry( 991 TP_STRUCT__entry(
997 LOCAL_ENTRY 992 LOCAL_ENTRY
993 CHANDEF_ENTRY
998 __field(u64, timestamp) 994 __field(u64, timestamp)
999 __field(bool, block_tx) 995 __field(bool, block_tx)
1000 __field(u16, freq)
1001 __field(u8, count) 996 __field(u8, count)
1002 ), 997 ),
1003 998
1004 TP_fast_assign( 999 TP_fast_assign(
1005 LOCAL_ASSIGN; 1000 LOCAL_ASSIGN;
1001 CHANDEF_ASSIGN(&ch_switch->chandef)
1006 __entry->timestamp = ch_switch->timestamp; 1002 __entry->timestamp = ch_switch->timestamp;
1007 __entry->block_tx = ch_switch->block_tx; 1003 __entry->block_tx = ch_switch->block_tx;
1008 __entry->freq = ch_switch->channel->center_freq;
1009 __entry->count = ch_switch->count; 1004 __entry->count = ch_switch->count;
1010 ), 1005 ),
1011 1006
1012 TP_printk( 1007 TP_printk(
1013 LOCAL_PR_FMT " new freq:%u count:%d", 1008 LOCAL_PR_FMT " new " CHANDEF_PR_FMT " count:%d",
1014 LOCAL_PR_ARG, __entry->freq, __entry->count 1009 LOCAL_PR_ARG, CHANDEF_PR_ARG, __entry->count
1015 ) 1010 )
1016); 1011);
1017 1012
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 9e67cc97b87b..9972e07a2f96 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -48,15 +48,15 @@ static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
48 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 48 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
49 49
50 /* assume HW handles this */ 50 /* assume HW handles this */
51 if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS) 51 if (tx->rate.flags & IEEE80211_TX_RC_MCS)
52 return 0; 52 return 0;
53 53
54 /* uh huh? */ 54 /* uh huh? */
55 if (WARN_ON_ONCE(info->control.rates[0].idx < 0)) 55 if (WARN_ON_ONCE(tx->rate.idx < 0))
56 return 0; 56 return 0;
57 57
58 sband = local->hw.wiphy->bands[info->band]; 58 sband = local->hw.wiphy->bands[info->band];
59 txrate = &sband->bitrates[info->control.rates[0].idx]; 59 txrate = &sband->bitrates[tx->rate.idx];
60 60
61 erp = txrate->flags & IEEE80211_RATE_ERP_G; 61 erp = txrate->flags & IEEE80211_RATE_ERP_G;
62 62
@@ -617,11 +617,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
617 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 617 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
618 struct ieee80211_hdr *hdr = (void *)tx->skb->data; 618 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
619 struct ieee80211_supported_band *sband; 619 struct ieee80211_supported_band *sband;
620 struct ieee80211_rate *rate;
621 int i;
622 u32 len; 620 u32 len;
623 bool inval = false, rts = false, short_preamble = false;
624 struct ieee80211_tx_rate_control txrc; 621 struct ieee80211_tx_rate_control txrc;
622 struct ieee80211_sta_rates *ratetbl = NULL;
625 bool assoc = false; 623 bool assoc = false;
626 624
627 memset(&txrc, 0, sizeof(txrc)); 625 memset(&txrc, 0, sizeof(txrc));
@@ -642,18 +640,23 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
642 txrc.max_rate_idx = -1; 640 txrc.max_rate_idx = -1;
643 else 641 else
644 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 642 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
645 memcpy(txrc.rate_idx_mcs_mask, 643
646 tx->sdata->rc_rateidx_mcs_mask[info->band], 644 if (tx->sdata->rc_has_mcs_mask[info->band])
647 sizeof(txrc.rate_idx_mcs_mask)); 645 txrc.rate_idx_mcs_mask =
646 tx->sdata->rc_rateidx_mcs_mask[info->band];
647
648 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP || 648 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
649 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 649 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
650 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC); 650 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
651 651
652 /* set up RTS protection if desired */ 652 /* set up RTS protection if desired */
653 if (len > tx->local->hw.wiphy->rts_threshold) { 653 if (len > tx->local->hw.wiphy->rts_threshold) {
654 txrc.rts = rts = true; 654 txrc.rts = true;
655 } 655 }
656 656
657 info->control.use_rts = txrc.rts;
658 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
659
657 /* 660 /*
658 * Use short preamble if the BSS can handle it, but not for 661 * Use short preamble if the BSS can handle it, but not for
659 * management frames unless we know the receiver can handle 662 * management frames unless we know the receiver can handle
@@ -663,7 +666,9 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
663 if (tx->sdata->vif.bss_conf.use_short_preamble && 666 if (tx->sdata->vif.bss_conf.use_short_preamble &&
664 (ieee80211_is_data(hdr->frame_control) || 667 (ieee80211_is_data(hdr->frame_control) ||
665 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE)))) 668 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
666 txrc.short_preamble = short_preamble = true; 669 txrc.short_preamble = true;
670
671 info->control.short_preamble = txrc.short_preamble;
667 672
668 if (tx->sta) 673 if (tx->sta)
669 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC); 674 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
@@ -687,16 +692,38 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
687 */ 692 */
688 rate_control_get_rate(tx->sdata, tx->sta, &txrc); 693 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
689 694
690 if (unlikely(info->control.rates[0].idx < 0)) 695 if (tx->sta && !info->control.skip_table)
691 return TX_DROP; 696 ratetbl = rcu_dereference(tx->sta->sta.rates);
697
698 if (unlikely(info->control.rates[0].idx < 0)) {
699 if (ratetbl) {
700 struct ieee80211_tx_rate rate = {
701 .idx = ratetbl->rate[0].idx,
702 .flags = ratetbl->rate[0].flags,
703 .count = ratetbl->rate[0].count
704 };
705
706 if (ratetbl->rate[0].idx < 0)
707 return TX_DROP;
708
709 tx->rate = rate;
710 } else {
711 return TX_DROP;
712 }
713 } else {
714 tx->rate = info->control.rates[0];
715 }
692 716
693 if (txrc.reported_rate.idx < 0) { 717 if (txrc.reported_rate.idx < 0) {
694 txrc.reported_rate = info->control.rates[0]; 718 txrc.reported_rate = tx->rate;
695 if (tx->sta && ieee80211_is_data(hdr->frame_control)) 719 if (tx->sta && ieee80211_is_data(hdr->frame_control))
696 tx->sta->last_tx_rate = txrc.reported_rate; 720 tx->sta->last_tx_rate = txrc.reported_rate;
697 } else if (tx->sta) 721 } else if (tx->sta)
698 tx->sta->last_tx_rate = txrc.reported_rate; 722 tx->sta->last_tx_rate = txrc.reported_rate;
699 723
724 if (ratetbl)
725 return TX_CONTINUE;
726
700 if (unlikely(!info->control.rates[0].count)) 727 if (unlikely(!info->control.rates[0].count))
701 info->control.rates[0].count = 1; 728 info->control.rates[0].count = 1;
702 729
@@ -704,91 +731,6 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
704 (info->flags & IEEE80211_TX_CTL_NO_ACK))) 731 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
705 info->control.rates[0].count = 1; 732 info->control.rates[0].count = 1;
706 733
707 if (is_multicast_ether_addr(hdr->addr1)) {
708 /*
709 * XXX: verify the rate is in the basic rateset
710 */
711 return TX_CONTINUE;
712 }
713
714 /*
715 * set up the RTS/CTS rate as the fastest basic rate
716 * that is not faster than the data rate
717 *
718 * XXX: Should this check all retry rates?
719 */
720 if (!(info->control.rates[0].flags & IEEE80211_TX_RC_MCS)) {
721 s8 baserate = 0;
722
723 rate = &sband->bitrates[info->control.rates[0].idx];
724
725 for (i = 0; i < sband->n_bitrates; i++) {
726 /* must be a basic rate */
727 if (!(tx->sdata->vif.bss_conf.basic_rates & BIT(i)))
728 continue;
729 /* must not be faster than the data rate */
730 if (sband->bitrates[i].bitrate > rate->bitrate)
731 continue;
732 /* maximum */
733 if (sband->bitrates[baserate].bitrate <
734 sband->bitrates[i].bitrate)
735 baserate = i;
736 }
737
738 info->control.rts_cts_rate_idx = baserate;
739 }
740
741 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
742 /*
743 * make sure there's no valid rate following
744 * an invalid one, just in case drivers don't
745 * take the API seriously to stop at -1.
746 */
747 if (inval) {
748 info->control.rates[i].idx = -1;
749 continue;
750 }
751 if (info->control.rates[i].idx < 0) {
752 inval = true;
753 continue;
754 }
755
756 /*
757 * For now assume MCS is already set up correctly, this
758 * needs to be fixed.
759 */
760 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) {
761 WARN_ON(info->control.rates[i].idx > 76);
762 continue;
763 }
764
765 /* set up RTS protection if desired */
766 if (rts)
767 info->control.rates[i].flags |=
768 IEEE80211_TX_RC_USE_RTS_CTS;
769
770 /* RC is busted */
771 if (WARN_ON_ONCE(info->control.rates[i].idx >=
772 sband->n_bitrates)) {
773 info->control.rates[i].idx = -1;
774 continue;
775 }
776
777 rate = &sband->bitrates[info->control.rates[i].idx];
778
779 /* set up short preamble */
780 if (short_preamble &&
781 rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
782 info->control.rates[i].flags |=
783 IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
784
785 /* set up G protection */
786 if (!rts && tx->sdata->vif.bss_conf.use_cts_prot &&
787 rate->flags & IEEE80211_RATE_ERP_G)
788 info->control.rates[i].flags |=
789 IEEE80211_TX_RC_USE_CTS_PROTECT;
790 }
791
792 return TX_CONTINUE; 734 return TX_CONTINUE;
793} 735}
794 736
@@ -1709,7 +1651,7 @@ netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
1709 if (chanctx_conf) 1651 if (chanctx_conf)
1710 chan = chanctx_conf->def.chan; 1652 chan = chanctx_conf->def.chan;
1711 else if (!local->use_chanctx) 1653 else if (!local->use_chanctx)
1712 chan = local->_oper_channel; 1654 chan = local->_oper_chandef.chan;
1713 else 1655 else
1714 goto fail_rcu; 1656 goto fail_rcu;
1715 1657
@@ -1843,7 +1785,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1843 * This is the exception! WDS style interfaces are prohibited 1785 * This is the exception! WDS style interfaces are prohibited
1844 * when channel contexts are in used so this must be valid 1786 * when channel contexts are in used so this must be valid
1845 */ 1787 */
1846 band = local->hw.conf.channel->band; 1788 band = local->hw.conf.chandef.chan->band;
1847 break; 1789 break;
1848#ifdef CONFIG_MAC80211_MESH 1790#ifdef CONFIG_MAC80211_MESH
1849 case NL80211_IFTYPE_MESH_POINT: 1791 case NL80211_IFTYPE_MESH_POINT:
@@ -2442,14 +2384,17 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2442 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) { 2384 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
2443 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 2385 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
2444 struct ieee80211_hdr *hdr; 2386 struct ieee80211_hdr *hdr;
2445 struct sk_buff *presp = rcu_dereference(ifibss->presp); 2387 struct beacon_data *presp = rcu_dereference(ifibss->presp);
2446 2388
2447 if (!presp) 2389 if (!presp)
2448 goto out; 2390 goto out;
2449 2391
2450 skb = skb_copy(presp, GFP_ATOMIC); 2392 skb = dev_alloc_skb(local->tx_headroom + presp->head_len);
2451 if (!skb) 2393 if (!skb)
2452 goto out; 2394 goto out;
2395 skb_reserve(skb, local->tx_headroom);
2396 memcpy(skb_put(skb, presp->head_len), presp->head,
2397 presp->head_len);
2453 2398
2454 hdr = (struct ieee80211_hdr *) skb->data; 2399 hdr = (struct ieee80211_hdr *) skb->data;
2455 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 2400 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
@@ -2499,8 +2444,6 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2499 txrc.max_rate_idx = -1; 2444 txrc.max_rate_idx = -1;
2500 else 2445 else
2501 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 2446 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2502 memcpy(txrc.rate_idx_mcs_mask, sdata->rc_rateidx_mcs_mask[band],
2503 sizeof(txrc.rate_idx_mcs_mask));
2504 txrc.bss = true; 2447 txrc.bss = true;
2505 rate_control_get_rate(sdata, NULL, &txrc); 2448 rate_control_get_rate(sdata, NULL, &txrc);
2506 2449
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index a7368870c8ee..3f87fa468b1f 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -485,7 +485,8 @@ int ieee80211_queue_stopped(struct ieee80211_hw *hw, int queue)
485 return true; 485 return true;
486 486
487 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 487 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
488 ret = !!local->queue_stop_reasons[queue]; 488 ret = test_bit(IEEE80211_QUEUE_STOP_REASON_DRIVER,
489 &local->queue_stop_reasons[queue]);
489 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 490 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
490 return ret; 491 return ret;
491} 492}
@@ -660,7 +661,7 @@ void ieee80211_queue_delayed_work(struct ieee80211_hw *hw,
660} 661}
661EXPORT_SYMBOL(ieee80211_queue_delayed_work); 662EXPORT_SYMBOL(ieee80211_queue_delayed_work);
662 663
663u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, 664u32 ieee802_11_parse_elems_crc(u8 *start, size_t len, bool action,
664 struct ieee802_11_elems *elems, 665 struct ieee802_11_elems *elems,
665 u64 filter, u32 crc) 666 u64 filter, u32 crc)
666{ 667{
@@ -668,6 +669,7 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
668 u8 *pos = start; 669 u8 *pos = start;
669 bool calc_crc = filter != 0; 670 bool calc_crc = filter != 0;
670 DECLARE_BITMAP(seen_elems, 256); 671 DECLARE_BITMAP(seen_elems, 256);
672 const u8 *ie;
671 673
672 bitmap_zero(seen_elems, 256); 674 bitmap_zero(seen_elems, 256);
673 memset(elems, 0, sizeof(*elems)); 675 memset(elems, 0, sizeof(*elems));
@@ -715,6 +717,12 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
715 case WLAN_EID_COUNTRY: 717 case WLAN_EID_COUNTRY:
716 case WLAN_EID_PWR_CONSTRAINT: 718 case WLAN_EID_PWR_CONSTRAINT:
717 case WLAN_EID_TIMEOUT_INTERVAL: 719 case WLAN_EID_TIMEOUT_INTERVAL:
720 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
721 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
722 /*
723 * not listing WLAN_EID_CHANNEL_SWITCH_WRAPPER -- it seems possible
724 * that if the content gets bigger it might be needed more than once
725 */
718 if (test_bit(id, seen_elems)) { 726 if (test_bit(id, seen_elems)) {
719 elems->parse_error = true; 727 elems->parse_error = true;
720 left -= elen; 728 left -= elen;
@@ -738,17 +746,11 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
738 elems->supp_rates = pos; 746 elems->supp_rates = pos;
739 elems->supp_rates_len = elen; 747 elems->supp_rates_len = elen;
740 break; 748 break;
741 case WLAN_EID_FH_PARAMS:
742 elems->fh_params = pos;
743 elems->fh_params_len = elen;
744 break;
745 case WLAN_EID_DS_PARAMS: 749 case WLAN_EID_DS_PARAMS:
746 elems->ds_params = pos; 750 if (elen >= 1)
747 elems->ds_params_len = elen; 751 elems->ds_params = pos;
748 break; 752 else
749 case WLAN_EID_CF_PARAMS: 753 elem_parse_failed = true;
750 elems->cf_params = pos;
751 elems->cf_params_len = elen;
752 break; 754 break;
753 case WLAN_EID_TIM: 755 case WLAN_EID_TIM:
754 if (elen >= sizeof(struct ieee80211_tim_ie)) { 756 if (elen >= sizeof(struct ieee80211_tim_ie)) {
@@ -757,10 +759,6 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
757 } else 759 } else
758 elem_parse_failed = true; 760 elem_parse_failed = true;
759 break; 761 break;
760 case WLAN_EID_IBSS_PARAMS:
761 elems->ibss_params = pos;
762 elems->ibss_params_len = elen;
763 break;
764 case WLAN_EID_CHALLENGE: 762 case WLAN_EID_CHALLENGE:
765 elems->challenge = pos; 763 elems->challenge = pos;
766 elems->challenge_len = elen; 764 elems->challenge_len = elen;
@@ -790,8 +788,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
790 elems->rsn_len = elen; 788 elems->rsn_len = elen;
791 break; 789 break;
792 case WLAN_EID_ERP_INFO: 790 case WLAN_EID_ERP_INFO:
793 elems->erp_info = pos; 791 if (elen >= 1)
794 elems->erp_info_len = elen; 792 elems->erp_info = pos;
793 else
794 elem_parse_failed = true;
795 break; 795 break;
796 case WLAN_EID_EXT_SUPP_RATES: 796 case WLAN_EID_EXT_SUPP_RATES:
797 elems->ext_supp_rates = pos; 797 elems->ext_supp_rates = pos;
@@ -870,12 +870,47 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
870 } 870 }
871 elems->ch_switch_ie = (void *)pos; 871 elems->ch_switch_ie = (void *)pos;
872 break; 872 break;
873 case WLAN_EID_QUIET: 873 case WLAN_EID_EXT_CHANSWITCH_ANN:
874 if (!elems->quiet_elem) { 874 if (elen != sizeof(struct ieee80211_ext_chansw_ie)) {
875 elems->quiet_elem = pos; 875 elem_parse_failed = true;
876 elems->quiet_elem_len = elen; 876 break;
877 }
878 elems->ext_chansw_ie = (void *)pos;
879 break;
880 case WLAN_EID_SECONDARY_CHANNEL_OFFSET:
881 if (elen != sizeof(struct ieee80211_sec_chan_offs_ie)) {
882 elem_parse_failed = true;
883 break;
884 }
885 elems->sec_chan_offs = (void *)pos;
886 break;
887 case WLAN_EID_WIDE_BW_CHANNEL_SWITCH:
888 if (!action ||
889 elen != sizeof(*elems->wide_bw_chansw_ie)) {
890 elem_parse_failed = true;
891 break;
892 }
893 elems->wide_bw_chansw_ie = (void *)pos;
894 break;
895 case WLAN_EID_CHANNEL_SWITCH_WRAPPER:
896 if (action) {
897 elem_parse_failed = true;
898 break;
899 }
900 /*
901 * This is a bit tricky, but as we only care about
902 * the wide bandwidth channel switch element, so
903 * just parse it out manually.
904 */
905 ie = cfg80211_find_ie(WLAN_EID_WIDE_BW_CHANNEL_SWITCH,
906 pos, elen);
907 if (ie) {
908 if (ie[1] == sizeof(*elems->wide_bw_chansw_ie))
909 elems->wide_bw_chansw_ie =
910 (void *)(ie + 2);
911 else
912 elem_parse_failed = true;
877 } 913 }
878 elems->num_of_quiet_elem++;
879 break; 914 break;
880 case WLAN_EID_COUNTRY: 915 case WLAN_EID_COUNTRY:
881 elems->country_elem = pos; 916 elems->country_elem = pos;
@@ -889,8 +924,10 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
889 elems->pwr_constr_elem = pos; 924 elems->pwr_constr_elem = pos;
890 break; 925 break;
891 case WLAN_EID_TIMEOUT_INTERVAL: 926 case WLAN_EID_TIMEOUT_INTERVAL:
892 elems->timeout_int = pos; 927 if (elen >= sizeof(struct ieee80211_timeout_interval_ie))
893 elems->timeout_int_len = elen; 928 elems->timeout_int = (void *)pos;
929 else
930 elem_parse_failed = true;
894 break; 931 break;
895 default: 932 default:
896 break; 933 break;
@@ -911,12 +948,6 @@ u32 ieee802_11_parse_elems_crc(u8 *start, size_t len,
911 return crc; 948 return crc;
912} 949}
913 950
914void ieee802_11_parse_elems(u8 *start, size_t len,
915 struct ieee802_11_elems *elems)
916{
917 ieee802_11_parse_elems_crc(start, len, elems, 0, 0);
918}
919
920void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata, 951void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata,
921 bool bss_notify) 952 bool bss_notify)
922{ 953{
@@ -1474,6 +1505,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1474 /* add interfaces */ 1505 /* add interfaces */
1475 sdata = rtnl_dereference(local->monitor_sdata); 1506 sdata = rtnl_dereference(local->monitor_sdata);
1476 if (sdata) { 1507 if (sdata) {
1508 /* in HW restart it exists already */
1509 WARN_ON(local->resuming);
1477 res = drv_add_interface(local, sdata); 1510 res = drv_add_interface(local, sdata);
1478 if (WARN_ON(res)) { 1511 if (WARN_ON(res)) {
1479 rcu_assign_pointer(local->monitor_sdata, NULL); 1512 rcu_assign_pointer(local->monitor_sdata, NULL);
@@ -1663,6 +1696,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1663 local->in_reconfig = false; 1696 local->in_reconfig = false;
1664 barrier(); 1697 barrier();
1665 1698
1699 if (local->monitors == local->open_count && local->monitors > 0)
1700 ieee80211_add_virtual_monitor(local);
1701
1666 /* 1702 /*
1667 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation 1703 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation
1668 * sessions can be established after a resume. 1704 * sessions can be established after a resume.
@@ -2056,7 +2092,7 @@ int ieee80211_ave_rssi(struct ieee80211_vif *vif)
2056 /* non-managed type inferfaces */ 2092 /* non-managed type inferfaces */
2057 return 0; 2093 return 0;
2058 } 2094 }
2059 return ifmgd->ave_beacon_signal; 2095 return ifmgd->ave_beacon_signal / 16;
2060} 2096}
2061EXPORT_SYMBOL_GPL(ieee80211_ave_rssi); 2097EXPORT_SYMBOL_GPL(ieee80211_ave_rssi);
2062 2098
@@ -2171,8 +2207,7 @@ void ieee80211_dfs_radar_detected_work(struct work_struct *work)
2171 /* currently not handled */ 2207 /* currently not handled */
2172 WARN_ON(1); 2208 WARN_ON(1);
2173 else { 2209 else {
2174 cfg80211_chandef_create(&chandef, local->hw.conf.channel, 2210 chandef = local->hw.conf.chandef;
2175 local->hw.conf.channel_type);
2176 cfg80211_radar_event(local->hw.wiphy, &chandef, GFP_KERNEL); 2211 cfg80211_radar_event(local->hw.wiphy, &chandef, GFP_KERNEL);
2177 } 2212 }
2178} 2213}
diff --git a/net/nfc/core.c b/net/nfc/core.c
index 6ceee8e181ca..40d2527693da 100644
--- a/net/nfc/core.c
+++ b/net/nfc/core.c
@@ -27,6 +27,7 @@
27#include <linux/kernel.h> 27#include <linux/kernel.h>
28#include <linux/module.h> 28#include <linux/module.h>
29#include <linux/slab.h> 29#include <linux/slab.h>
30#include <linux/rfkill.h>
30#include <linux/nfc.h> 31#include <linux/nfc.h>
31 32
32#include <net/genetlink.h> 33#include <net/genetlink.h>
@@ -58,6 +59,11 @@ int nfc_dev_up(struct nfc_dev *dev)
58 59
59 device_lock(&dev->dev); 60 device_lock(&dev->dev);
60 61
62 if (dev->rfkill && rfkill_blocked(dev->rfkill)) {
63 rc = -ERFKILL;
64 goto error;
65 }
66
61 if (!device_is_registered(&dev->dev)) { 67 if (!device_is_registered(&dev->dev)) {
62 rc = -ENODEV; 68 rc = -ENODEV;
63 goto error; 69 goto error;
@@ -117,6 +123,24 @@ error:
117 return rc; 123 return rc;
118} 124}
119 125
126static int nfc_rfkill_set_block(void *data, bool blocked)
127{
128 struct nfc_dev *dev = data;
129
130 pr_debug("%s blocked %d", dev_name(&dev->dev), blocked);
131
132 if (!blocked)
133 return 0;
134
135 nfc_dev_down(dev);
136
137 return 0;
138}
139
140static const struct rfkill_ops nfc_rfkill_ops = {
141 .set_block = nfc_rfkill_set_block,
142};
143
120/** 144/**
121 * nfc_start_poll - start polling for nfc targets 145 * nfc_start_poll - start polling for nfc targets
122 * 146 *
@@ -143,6 +167,11 @@ int nfc_start_poll(struct nfc_dev *dev, u32 im_protocols, u32 tm_protocols)
143 goto error; 167 goto error;
144 } 168 }
145 169
170 if (!dev->dev_up) {
171 rc = -ENODEV;
172 goto error;
173 }
174
146 if (dev->polling) { 175 if (dev->polling) {
147 rc = -EBUSY; 176 rc = -EBUSY;
148 goto error; 177 goto error;
@@ -835,6 +864,15 @@ int nfc_register_device(struct nfc_dev *dev)
835 pr_debug("The userspace won't be notified that the device %s was added\n", 864 pr_debug("The userspace won't be notified that the device %s was added\n",
836 dev_name(&dev->dev)); 865 dev_name(&dev->dev));
837 866
867 dev->rfkill = rfkill_alloc(dev_name(&dev->dev), &dev->dev,
868 RFKILL_TYPE_NFC, &nfc_rfkill_ops, dev);
869 if (dev->rfkill) {
870 if (rfkill_register(dev->rfkill) < 0) {
871 rfkill_destroy(dev->rfkill);
872 dev->rfkill = NULL;
873 }
874 }
875
838 return 0; 876 return 0;
839} 877}
840EXPORT_SYMBOL(nfc_register_device); 878EXPORT_SYMBOL(nfc_register_device);
@@ -852,6 +890,11 @@ void nfc_unregister_device(struct nfc_dev *dev)
852 890
853 id = dev->idx; 891 id = dev->idx;
854 892
893 if (dev->rfkill) {
894 rfkill_unregister(dev->rfkill);
895 rfkill_destroy(dev->rfkill);
896 }
897
855 if (dev->ops->check_presence) { 898 if (dev->ops->check_presence) {
856 device_lock(&dev->dev); 899 device_lock(&dev->dev);
857 dev->shutting_down = true; 900 dev->shutting_down = true;
diff --git a/net/nfc/llcp/commands.c b/net/nfc/llcp/commands.c
index b75a9b3f9e89..094f7e27e910 100644
--- a/net/nfc/llcp/commands.c
+++ b/net/nfc/llcp/commands.c
@@ -420,7 +420,8 @@ int nfc_llcp_send_connect(struct nfc_llcp_sock *sock)
420 } 420 }
421 421
422 /* If the socket parameters are not set, use the local ones */ 422 /* If the socket parameters are not set, use the local ones */
423 miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; 423 miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ?
424 local->miux : sock->miux;
424 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; 425 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw;
425 426
426 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, 427 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
@@ -475,7 +476,8 @@ int nfc_llcp_send_cc(struct nfc_llcp_sock *sock)
475 return -ENODEV; 476 return -ENODEV;
476 477
477 /* If the socket parameters are not set, use the local ones */ 478 /* If the socket parameters are not set, use the local ones */
478 miux = sock->miux > LLCP_MAX_MIUX ? local->miux : sock->miux; 479 miux = be16_to_cpu(sock->miux) > LLCP_MAX_MIUX ?
480 local->miux : sock->miux;
479 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw; 481 rw = sock->rw > LLCP_MAX_RW ? local->rw : sock->rw;
480 482
481 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0, 483 miux_tlv = nfc_llcp_build_tlv(LLCP_TLV_MIUX, (u8 *)&miux, 0,
@@ -656,6 +658,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
656 struct nfc_llcp_local *local; 658 struct nfc_llcp_local *local;
657 size_t frag_len = 0, remaining_len; 659 size_t frag_len = 0, remaining_len;
658 u8 *msg_data, *msg_ptr; 660 u8 *msg_data, *msg_ptr;
661 u16 remote_miu;
659 662
660 pr_debug("Send I frame len %zd\n", len); 663 pr_debug("Send I frame len %zd\n", len);
661 664
@@ -692,9 +695,11 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
692 remaining_len = len; 695 remaining_len = len;
693 msg_ptr = msg_data; 696 msg_ptr = msg_data;
694 697
695 while (remaining_len > 0) { 698 do {
699 remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
700 local->remote_miu : sock->remote_miu;
696 701
697 frag_len = min_t(size_t, sock->remote_miu, remaining_len); 702 frag_len = min_t(size_t, remote_miu, remaining_len);
698 703
699 pr_debug("Fragment %zd bytes remaining %zd", 704 pr_debug("Fragment %zd bytes remaining %zd",
700 frag_len, remaining_len); 705 frag_len, remaining_len);
@@ -706,7 +711,8 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
706 711
707 skb_put(pdu, LLCP_SEQUENCE_SIZE); 712 skb_put(pdu, LLCP_SEQUENCE_SIZE);
708 713
709 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); 714 if (likely(frag_len > 0))
715 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
710 716
711 skb_queue_tail(&sock->tx_queue, pdu); 717 skb_queue_tail(&sock->tx_queue, pdu);
712 718
@@ -718,7 +724,7 @@ int nfc_llcp_send_i_frame(struct nfc_llcp_sock *sock,
718 724
719 remaining_len -= frag_len; 725 remaining_len -= frag_len;
720 msg_ptr += frag_len; 726 msg_ptr += frag_len;
721 } 727 } while (remaining_len > 0);
722 728
723 kfree(msg_data); 729 kfree(msg_data);
724 730
@@ -732,6 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
732 struct nfc_llcp_local *local; 738 struct nfc_llcp_local *local;
733 size_t frag_len = 0, remaining_len; 739 size_t frag_len = 0, remaining_len;
734 u8 *msg_ptr, *msg_data; 740 u8 *msg_ptr, *msg_data;
741 u16 remote_miu;
735 int err; 742 int err;
736 743
737 pr_debug("Send UI frame len %zd\n", len); 744 pr_debug("Send UI frame len %zd\n", len);
@@ -752,9 +759,11 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
752 remaining_len = len; 759 remaining_len = len;
753 msg_ptr = msg_data; 760 msg_ptr = msg_data;
754 761
755 while (remaining_len > 0) { 762 do {
763 remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
764 local->remote_miu : sock->remote_miu;
756 765
757 frag_len = min_t(size_t, sock->remote_miu, remaining_len); 766 frag_len = min_t(size_t, remote_miu, remaining_len);
758 767
759 pr_debug("Fragment %zd bytes remaining %zd", 768 pr_debug("Fragment %zd bytes remaining %zd",
760 frag_len, remaining_len); 769 frag_len, remaining_len);
@@ -768,14 +777,15 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
768 777
769 pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI); 778 pdu = llcp_add_header(pdu, dsap, ssap, LLCP_PDU_UI);
770 779
771 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len); 780 if (likely(frag_len > 0))
781 memcpy(skb_put(pdu, frag_len), msg_ptr, frag_len);
772 782
773 /* No need to check for the peer RW for UI frames */ 783 /* No need to check for the peer RW for UI frames */
774 skb_queue_tail(&local->tx_queue, pdu); 784 skb_queue_tail(&local->tx_queue, pdu);
775 785
776 remaining_len -= frag_len; 786 remaining_len -= frag_len;
777 msg_ptr += frag_len; 787 msg_ptr += frag_len;
778 } 788 } while (remaining_len > 0);
779 789
780 kfree(msg_data); 790 kfree(msg_data);
781 791
diff --git a/net/nfc/llcp/llcp.c b/net/nfc/llcp/llcp.c
index 7de0368aff0c..9e483c8e52f8 100644
--- a/net/nfc/llcp/llcp.c
+++ b/net/nfc/llcp/llcp.c
@@ -31,6 +31,8 @@ static u8 llcp_magic[3] = {0x46, 0x66, 0x6d};
31 31
32static struct list_head llcp_devices; 32static struct list_head llcp_devices;
33 33
34static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb);
35
34void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) 36void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk)
35{ 37{
36 write_lock(&l->lock); 38 write_lock(&l->lock);
@@ -45,6 +47,12 @@ void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *sk)
45 write_unlock(&l->lock); 47 write_unlock(&l->lock);
46} 48}
47 49
50void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock)
51{
52 sock->remote_rw = LLCP_DEFAULT_RW;
53 sock->remote_miu = LLCP_MAX_MIU + 1;
54}
55
48static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock) 56static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
49{ 57{
50 struct nfc_llcp_local *local = sock->local; 58 struct nfc_llcp_local *local = sock->local;
@@ -68,7 +76,7 @@ static void nfc_llcp_socket_purge(struct nfc_llcp_sock *sock)
68 } 76 }
69} 77}
70 78
71static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen, 79static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device,
72 int err) 80 int err)
73{ 81{
74 struct sock *sk; 82 struct sock *sk;
@@ -108,21 +116,6 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
108 116
109 bh_unlock_sock(accept_sk); 117 bh_unlock_sock(accept_sk);
110 } 118 }
111
112 if (listen == true) {
113 bh_unlock_sock(sk);
114 continue;
115 }
116 }
117
118 /*
119 * If we have a connection less socket bound, we keep it alive
120 * if the device is still present.
121 */
122 if (sk->sk_state == LLCP_BOUND && sk->sk_type == SOCK_DGRAM &&
123 listen == true) {
124 bh_unlock_sock(sk);
125 continue;
126 } 119 }
127 120
128 if (err) 121 if (err)
@@ -137,11 +130,8 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool listen,
137 130
138 write_unlock(&local->sockets.lock); 131 write_unlock(&local->sockets.lock);
139 132
140 /* 133 /* If we still have a device, we keep the RAW sockets alive */
141 * If we want to keep the listening sockets alive, 134 if (device == true)
142 * we don't touch the RAW ones.
143 */
144 if (listen == true)
145 return; 135 return;
146 136
147 write_lock(&local->raw_sockets.lock); 137 write_lock(&local->raw_sockets.lock);
@@ -173,9 +163,9 @@ struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local)
173 return local; 163 return local;
174} 164}
175 165
176static void local_cleanup(struct nfc_llcp_local *local, bool listen) 166static void local_cleanup(struct nfc_llcp_local *local)
177{ 167{
178 nfc_llcp_socket_release(local, listen, ENXIO); 168 nfc_llcp_socket_release(local, false, ENXIO);
179 del_timer_sync(&local->link_timer); 169 del_timer_sync(&local->link_timer);
180 skb_queue_purge(&local->tx_queue); 170 skb_queue_purge(&local->tx_queue);
181 cancel_work_sync(&local->tx_work); 171 cancel_work_sync(&local->tx_work);
@@ -194,7 +184,7 @@ static void local_release(struct kref *ref)
194 local = container_of(ref, struct nfc_llcp_local, ref); 184 local = container_of(ref, struct nfc_llcp_local, ref);
195 185
196 list_del(&local->list); 186 list_del(&local->list);
197 local_cleanup(local, false); 187 local_cleanup(local);
198 kfree(local); 188 kfree(local);
199} 189}
200 190
@@ -1116,6 +1106,12 @@ static void nfc_llcp_recv_disc(struct nfc_llcp_local *local,
1116 dsap = nfc_llcp_dsap(skb); 1106 dsap = nfc_llcp_dsap(skb);
1117 ssap = nfc_llcp_ssap(skb); 1107 ssap = nfc_llcp_ssap(skb);
1118 1108
1109 if ((dsap == 0) && (ssap == 0)) {
1110 pr_debug("Connection termination");
1111 nfc_dep_link_down(local->dev);
1112 return;
1113 }
1114
1119 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap); 1115 llcp_sock = nfc_llcp_sock_get(local, dsap, ssap);
1120 if (llcp_sock == NULL) { 1116 if (llcp_sock == NULL) {
1121 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN); 1117 nfc_llcp_send_dm(local, dsap, ssap, LLCP_DM_NOCONN);
@@ -1349,19 +1345,54 @@ exit:
1349 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len); 1345 nfc_llcp_send_snl_sdres(local, &llc_sdres_list, sdres_tlvs_len);
1350} 1346}
1351 1347
1352static void nfc_llcp_rx_work(struct work_struct *work) 1348static void nfc_llcp_recv_agf(struct nfc_llcp_local *local, struct sk_buff *skb)
1353{ 1349{
1354 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local, 1350 u8 ptype;
1355 rx_work); 1351 u16 pdu_len;
1356 u8 dsap, ssap, ptype; 1352 struct sk_buff *new_skb;
1357 struct sk_buff *skb;
1358 1353
1359 skb = local->rx_pending; 1354 if (skb->len <= LLCP_HEADER_SIZE) {
1360 if (skb == NULL) { 1355 pr_err("Malformed AGF PDU\n");
1361 pr_debug("No pending SKB\n");
1362 return; 1356 return;
1363 } 1357 }
1364 1358
1359 skb_pull(skb, LLCP_HEADER_SIZE);
1360
1361 while (skb->len > LLCP_AGF_PDU_HEADER_SIZE) {
1362 pdu_len = skb->data[0] << 8 | skb->data[1];
1363
1364 skb_pull(skb, LLCP_AGF_PDU_HEADER_SIZE);
1365
1366 if (pdu_len < LLCP_HEADER_SIZE || pdu_len > skb->len) {
1367 pr_err("Malformed AGF PDU\n");
1368 return;
1369 }
1370
1371 ptype = nfc_llcp_ptype(skb);
1372
1373 if (ptype == LLCP_PDU_SYMM || ptype == LLCP_PDU_AGF)
1374 goto next;
1375
1376 new_skb = nfc_alloc_recv_skb(pdu_len, GFP_KERNEL);
1377 if (new_skb == NULL) {
1378 pr_err("Could not allocate PDU\n");
1379 return;
1380 }
1381
1382 memcpy(skb_put(new_skb, pdu_len), skb->data, pdu_len);
1383
1384 nfc_llcp_rx_skb(local, new_skb);
1385
1386 kfree_skb(new_skb);
1387next:
1388 skb_pull(skb, pdu_len);
1389 }
1390}
1391
1392static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb)
1393{
1394 u8 dsap, ssap, ptype;
1395
1365 ptype = nfc_llcp_ptype(skb); 1396 ptype = nfc_llcp_ptype(skb);
1366 dsap = nfc_llcp_dsap(skb); 1397 dsap = nfc_llcp_dsap(skb);
1367 ssap = nfc_llcp_ssap(skb); 1398 ssap = nfc_llcp_ssap(skb);
@@ -1372,10 +1403,6 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1372 print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET, 1403 print_hex_dump(KERN_DEBUG, "LLCP Rx: ", DUMP_PREFIX_OFFSET,
1373 16, 1, skb->data, skb->len, true); 1404 16, 1, skb->data, skb->len, true);
1374 1405
1375 __net_timestamp(skb);
1376
1377 nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX);
1378
1379 switch (ptype) { 1406 switch (ptype) {
1380 case LLCP_PDU_SYMM: 1407 case LLCP_PDU_SYMM:
1381 pr_debug("SYMM\n"); 1408 pr_debug("SYMM\n");
@@ -1418,7 +1445,30 @@ static void nfc_llcp_rx_work(struct work_struct *work)
1418 nfc_llcp_recv_hdlc(local, skb); 1445 nfc_llcp_recv_hdlc(local, skb);
1419 break; 1446 break;
1420 1447
1448 case LLCP_PDU_AGF:
1449 pr_debug("AGF frame\n");
1450 nfc_llcp_recv_agf(local, skb);
1451 break;
1421 } 1452 }
1453}
1454
1455static void nfc_llcp_rx_work(struct work_struct *work)
1456{
1457 struct nfc_llcp_local *local = container_of(work, struct nfc_llcp_local,
1458 rx_work);
1459 struct sk_buff *skb;
1460
1461 skb = local->rx_pending;
1462 if (skb == NULL) {
1463 pr_debug("No pending SKB\n");
1464 return;
1465 }
1466
1467 __net_timestamp(skb);
1468
1469 nfc_llcp_send_to_raw_sock(local, skb, NFC_LLCP_DIRECTION_RX);
1470
1471 nfc_llcp_rx_skb(local, skb);
1422 1472
1423 schedule_work(&local->tx_work); 1473 schedule_work(&local->tx_work);
1424 kfree_skb(local->rx_pending); 1474 kfree_skb(local->rx_pending);
@@ -1466,6 +1516,9 @@ void nfc_llcp_mac_is_down(struct nfc_dev *dev)
1466 if (local == NULL) 1516 if (local == NULL)
1467 return; 1517 return;
1468 1518
1519 local->remote_miu = LLCP_DEFAULT_MIU;
1520 local->remote_lto = LLCP_DEFAULT_LTO;
1521
1469 /* Close and purge all existing sockets */ 1522 /* Close and purge all existing sockets */
1470 nfc_llcp_socket_release(local, true, 0); 1523 nfc_llcp_socket_release(local, true, 0);
1471} 1524}
@@ -1553,7 +1606,7 @@ void nfc_llcp_unregister_device(struct nfc_dev *dev)
1553 return; 1606 return;
1554 } 1607 }
1555 1608
1556 local_cleanup(local, false); 1609 local_cleanup(local);
1557 1610
1558 nfc_llcp_local_put(local); 1611 nfc_llcp_local_put(local);
1559} 1612}
diff --git a/net/nfc/llcp/llcp.h b/net/nfc/llcp/llcp.h
index 7e87a66b02ec..ff8c434f7df8 100644
--- a/net/nfc/llcp/llcp.h
+++ b/net/nfc/llcp/llcp.h
@@ -31,6 +31,7 @@ enum llcp_state {
31#define LLCP_MAX_LTO 0xff 31#define LLCP_MAX_LTO 0xff
32#define LLCP_MAX_RW 15 32#define LLCP_MAX_RW 15
33#define LLCP_MAX_MIUX 0x7ff 33#define LLCP_MAX_MIUX 0x7ff
34#define LLCP_MAX_MIU (LLCP_MAX_MIUX + 128)
34 35
35#define LLCP_WKS_NUM_SAP 16 36#define LLCP_WKS_NUM_SAP 16
36#define LLCP_SDP_NUM_SAP 16 37#define LLCP_SDP_NUM_SAP 16
@@ -124,7 +125,7 @@ struct nfc_llcp_sock {
124 char *service_name; 125 char *service_name;
125 size_t service_name_len; 126 size_t service_name_len;
126 u8 rw; 127 u8 rw;
127 u16 miux; 128 __be16 miux;
128 129
129 130
130 /* Remote link parameters */ 131 /* Remote link parameters */
@@ -162,6 +163,7 @@ struct nfc_llcp_ui_cb {
162 163
163#define LLCP_HEADER_SIZE 2 164#define LLCP_HEADER_SIZE 2
164#define LLCP_SEQUENCE_SIZE 1 165#define LLCP_SEQUENCE_SIZE 1
166#define LLCP_AGF_PDU_HEADER_SIZE 2
165 167
166/* LLCP versions: 1.1 is 1.0 plus SDP */ 168/* LLCP versions: 1.1 is 1.0 plus SDP */
167#define LLCP_VERSION_10 0x10 169#define LLCP_VERSION_10 0x10
@@ -210,6 +212,7 @@ struct nfc_llcp_ui_cb {
210 212
211void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s); 213void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *s);
212void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s); 214void nfc_llcp_sock_unlink(struct llcp_sock_list *l, struct sock *s);
215void nfc_llcp_socket_remote_param_init(struct nfc_llcp_sock *sock);
213struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev); 216struct nfc_llcp_local *nfc_llcp_find_local(struct nfc_dev *dev);
214struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local); 217struct nfc_llcp_local *nfc_llcp_local_get(struct nfc_llcp_local *local);
215int nfc_llcp_local_put(struct nfc_llcp_local *local); 218int nfc_llcp_local_put(struct nfc_llcp_local *local);
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index c1101e6de170..d6faa47c9bba 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -279,7 +279,7 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname,
279 break; 279 break;
280 } 280 }
281 281
282 llcp_sock->miux = (u16) opt; 282 llcp_sock->miux = cpu_to_be16((u16) opt);
283 283
284 break; 284 break;
285 285
@@ -299,9 +299,12 @@ static int nfc_llcp_setsockopt(struct socket *sock, int level, int optname,
299static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname, 299static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname,
300 char __user *optval, int __user *optlen) 300 char __user *optval, int __user *optlen)
301{ 301{
302 struct nfc_llcp_local *local;
302 struct sock *sk = sock->sk; 303 struct sock *sk = sock->sk;
303 struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk); 304 struct nfc_llcp_sock *llcp_sock = nfc_llcp_sock(sk);
304 int len, err = 0; 305 int len, err = 0;
306 u16 miux, remote_miu;
307 u8 rw;
305 308
306 pr_debug("%p optname %d\n", sk, optname); 309 pr_debug("%p optname %d\n", sk, optname);
307 310
@@ -311,19 +314,48 @@ static int nfc_llcp_getsockopt(struct socket *sock, int level, int optname,
311 if (get_user(len, optlen)) 314 if (get_user(len, optlen))
312 return -EFAULT; 315 return -EFAULT;
313 316
317 local = llcp_sock->local;
318 if (!local)
319 return -ENODEV;
320
314 len = min_t(u32, len, sizeof(u32)); 321 len = min_t(u32, len, sizeof(u32));
315 322
316 lock_sock(sk); 323 lock_sock(sk);
317 324
318 switch (optname) { 325 switch (optname) {
319 case NFC_LLCP_RW: 326 case NFC_LLCP_RW:
320 if (put_user(llcp_sock->rw, (u32 __user *) optval)) 327 rw = llcp_sock->rw > LLCP_MAX_RW ? local->rw : llcp_sock->rw;
328 if (put_user(rw, (u32 __user *) optval))
321 err = -EFAULT; 329 err = -EFAULT;
322 330
323 break; 331 break;
324 332
325 case NFC_LLCP_MIUX: 333 case NFC_LLCP_MIUX:
326 if (put_user(llcp_sock->miux, (u32 __user *) optval)) 334 miux = be16_to_cpu(llcp_sock->miux) > LLCP_MAX_MIUX ?
335 be16_to_cpu(local->miux) : be16_to_cpu(llcp_sock->miux);
336
337 if (put_user(miux, (u32 __user *) optval))
338 err = -EFAULT;
339
340 break;
341
342 case NFC_LLCP_REMOTE_MIU:
343 remote_miu = llcp_sock->remote_miu > LLCP_MAX_MIU ?
344 local->remote_miu : llcp_sock->remote_miu;
345
346 if (put_user(remote_miu, (u32 __user *) optval))
347 err = -EFAULT;
348
349 break;
350
351 case NFC_LLCP_REMOTE_LTO:
352 if (put_user(local->remote_lto / 10, (u32 __user *) optval))
353 err = -EFAULT;
354
355 break;
356
357 case NFC_LLCP_REMOTE_RW:
358 if (put_user(llcp_sock->remote_rw, (u32 __user *) optval))
327 err = -EFAULT; 359 err = -EFAULT;
328 360
329 break; 361 break;
@@ -925,13 +957,12 @@ struct sock *nfc_llcp_sock_alloc(struct socket *sock, int type, gfp_t gfp)
925 llcp_sock->ssap = 0; 957 llcp_sock->ssap = 0;
926 llcp_sock->dsap = LLCP_SAP_SDP; 958 llcp_sock->dsap = LLCP_SAP_SDP;
927 llcp_sock->rw = LLCP_MAX_RW + 1; 959 llcp_sock->rw = LLCP_MAX_RW + 1;
928 llcp_sock->miux = LLCP_MAX_MIUX + 1; 960 llcp_sock->miux = cpu_to_be16(LLCP_MAX_MIUX + 1);
929 llcp_sock->remote_rw = LLCP_DEFAULT_RW;
930 llcp_sock->remote_miu = LLCP_DEFAULT_MIU;
931 llcp_sock->send_n = llcp_sock->send_ack_n = 0; 961 llcp_sock->send_n = llcp_sock->send_ack_n = 0;
932 llcp_sock->recv_n = llcp_sock->recv_ack_n = 0; 962 llcp_sock->recv_n = llcp_sock->recv_ack_n = 0;
933 llcp_sock->remote_ready = 1; 963 llcp_sock->remote_ready = 1;
934 llcp_sock->reserved_ssap = LLCP_SAP_MAX; 964 llcp_sock->reserved_ssap = LLCP_SAP_MAX;
965 nfc_llcp_socket_remote_param_init(llcp_sock);
935 skb_queue_head_init(&llcp_sock->tx_queue); 966 skb_queue_head_init(&llcp_sock->tx_queue);
936 skb_queue_head_init(&llcp_sock->tx_pending_queue); 967 skb_queue_head_init(&llcp_sock->tx_pending_queue);
937 INIT_LIST_HEAD(&llcp_sock->accept_queue); 968 INIT_LIST_HEAD(&llcp_sock->accept_queue);
diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 9b9be5279f5d..1cec5e4f3a5e 100644
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -587,7 +587,7 @@ static ssize_t rfkill_name_show(struct device *dev,
587 587
588static const char *rfkill_get_type_str(enum rfkill_type type) 588static const char *rfkill_get_type_str(enum rfkill_type type)
589{ 589{
590 BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_FM + 1); 590 BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_NFC + 1);
591 591
592 switch (type) { 592 switch (type) {
593 case RFKILL_TYPE_WLAN: 593 case RFKILL_TYPE_WLAN:
@@ -604,6 +604,8 @@ static const char *rfkill_get_type_str(enum rfkill_type type)
604 return "gps"; 604 return "gps";
605 case RFKILL_TYPE_FM: 605 case RFKILL_TYPE_FM:
606 return "fm"; 606 return "fm";
607 case RFKILL_TYPE_NFC:
608 return "nfc";
607 default: 609 default:
608 BUG(); 610 BUG();
609 } 611 }
diff --git a/net/rfkill/rfkill-gpio.c b/net/rfkill/rfkill-gpio.c
index 78fc0937948d..fb076cd6f808 100644
--- a/net/rfkill/rfkill-gpio.c
+++ b/net/rfkill/rfkill-gpio.c
@@ -131,6 +131,7 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
131 rfkill->pwr_clk = clk_get(&pdev->dev, pdata->power_clk_name); 131 rfkill->pwr_clk = clk_get(&pdev->dev, pdata->power_clk_name);
132 if (IS_ERR(rfkill->pwr_clk)) { 132 if (IS_ERR(rfkill->pwr_clk)) {
133 pr_warn("%s: can't find pwr_clk.\n", __func__); 133 pr_warn("%s: can't find pwr_clk.\n", __func__);
134 ret = PTR_ERR(rfkill->pwr_clk);
134 goto fail_shutdown_name; 135 goto fail_shutdown_name;
135 } 136 }
136 } 137 }
@@ -152,9 +153,11 @@ static int rfkill_gpio_probe(struct platform_device *pdev)
152 } 153 }
153 154
154 rfkill->rfkill_dev = rfkill_alloc(pdata->name, &pdev->dev, pdata->type, 155 rfkill->rfkill_dev = rfkill_alloc(pdata->name, &pdev->dev, pdata->type,
155 &rfkill_gpio_ops, rfkill); 156 &rfkill_gpio_ops, rfkill);
156 if (!rfkill->rfkill_dev) 157 if (!rfkill->rfkill_dev) {
158 ret = -ENOMEM;
157 goto fail_shutdown; 159 goto fail_shutdown;
160 }
158 161
159 ret = rfkill_register(rfkill->rfkill_dev); 162 ret = rfkill_register(rfkill->rfkill_dev);
160 if (ret < 0) 163 if (ret < 0)
diff --git a/net/wireless/core.h b/net/wireless/core.h
index 124e5e773fbc..fd35dae547c4 100644
--- a/net/wireless/core.h
+++ b/net/wireless/core.h
@@ -88,6 +88,9 @@ struct cfg80211_registered_device {
88 88
89 struct delayed_work dfs_update_channels_wk; 89 struct delayed_work dfs_update_channels_wk;
90 90
91 /* netlink port which started critical protocol (0 means not started) */
92 u32 crit_proto_nlportid;
93
91 /* must be last because of the way we do wiphy_priv(), 94 /* must be last because of the way we do wiphy_priv(),
92 * and it should at least be aligned to NETDEV_ALIGN */ 95 * and it should at least be aligned to NETDEV_ALIGN */
93 struct wiphy wiphy __aligned(NETDEV_ALIGN); 96 struct wiphy wiphy __aligned(NETDEV_ALIGN);
diff --git a/net/wireless/mlme.c b/net/wireless/mlme.c
index 390198bf4b36..0c7b7dd855f6 100644
--- a/net/wireless/mlme.c
+++ b/net/wireless/mlme.c
@@ -648,6 +648,11 @@ void cfg80211_mlme_unregister_socket(struct wireless_dev *wdev, u32 nlportid)
648 648
649 spin_unlock_bh(&wdev->mgmt_registrations_lock); 649 spin_unlock_bh(&wdev->mgmt_registrations_lock);
650 650
651 if (nlportid && rdev->crit_proto_nlportid == nlportid) {
652 rdev->crit_proto_nlportid = 0;
653 rdev_crit_proto_stop(rdev, wdev);
654 }
655
651 if (nlportid == wdev->ap_unexpected_nlportid) 656 if (nlportid == wdev->ap_unexpected_nlportid)
652 wdev->ap_unexpected_nlportid = 0; 657 wdev->ap_unexpected_nlportid = 0;
653} 658}
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 671b69a3c136..afa283841e8c 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -447,62 +447,69 @@ nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
447 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 }, 447 [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
448}; 448};
449 449
450/* ifidx get helper */ 450static int nl80211_prepare_wdev_dump(struct sk_buff *skb,
451static int nl80211_get_ifidx(struct netlink_callback *cb) 451 struct netlink_callback *cb,
452 struct cfg80211_registered_device **rdev,
453 struct wireless_dev **wdev)
452{ 454{
453 int res; 455 int err;
454
455 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
456 nl80211_fam.attrbuf, nl80211_fam.maxattr,
457 nl80211_policy);
458 if (res)
459 return res;
460
461 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
462 return -EINVAL;
463 456
464 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 457 rtnl_lock();
465 if (!res) 458 mutex_lock(&cfg80211_mutex);
466 return -EINVAL;
467 return res;
468}
469 459
470static int nl80211_prepare_netdev_dump(struct sk_buff *skb, 460 if (!cb->args[0]) {
471 struct netlink_callback *cb, 461 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
472 struct cfg80211_registered_device **rdev, 462 nl80211_fam.attrbuf, nl80211_fam.maxattr,
473 struct net_device **dev) 463 nl80211_policy);
474{ 464 if (err)
475 int ifidx = cb->args[0]; 465 goto out_unlock;
476 int err;
477 466
478 if (!ifidx) 467 *wdev = __cfg80211_wdev_from_attrs(sock_net(skb->sk),
479 ifidx = nl80211_get_ifidx(cb); 468 nl80211_fam.attrbuf);
480 if (ifidx < 0) 469 if (IS_ERR(*wdev)) {
481 return ifidx; 470 err = PTR_ERR(*wdev);
471 goto out_unlock;
472 }
473 *rdev = wiphy_to_dev((*wdev)->wiphy);
474 cb->args[0] = (*rdev)->wiphy_idx;
475 cb->args[1] = (*wdev)->identifier;
476 } else {
477 struct wiphy *wiphy = wiphy_idx_to_wiphy(cb->args[0]);
478 struct wireless_dev *tmp;
482 479
483 cb->args[0] = ifidx; 480 if (!wiphy) {
481 err = -ENODEV;
482 goto out_unlock;
483 }
484 *rdev = wiphy_to_dev(wiphy);
485 *wdev = NULL;
484 486
485 rtnl_lock(); 487 mutex_lock(&(*rdev)->devlist_mtx);
488 list_for_each_entry(tmp, &(*rdev)->wdev_list, list) {
489 if (tmp->identifier == cb->args[1]) {
490 *wdev = tmp;
491 break;
492 }
493 }
494 mutex_unlock(&(*rdev)->devlist_mtx);
486 495
487 *dev = __dev_get_by_index(sock_net(skb->sk), ifidx); 496 if (!*wdev) {
488 if (!*dev) { 497 err = -ENODEV;
489 err = -ENODEV; 498 goto out_unlock;
490 goto out_rtnl; 499 }
491 } 500 }
492 501
493 *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 502 cfg80211_lock_rdev(*rdev);
494 if (IS_ERR(*rdev)) {
495 err = PTR_ERR(*rdev);
496 goto out_rtnl;
497 }
498 503
504 mutex_unlock(&cfg80211_mutex);
499 return 0; 505 return 0;
500 out_rtnl: 506 out_unlock:
507 mutex_unlock(&cfg80211_mutex);
501 rtnl_unlock(); 508 rtnl_unlock();
502 return err; 509 return err;
503} 510}
504 511
505static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev) 512static void nl80211_finish_wdev_dump(struct cfg80211_registered_device *rdev)
506{ 513{
507 cfg80211_unlock_rdev(rdev); 514 cfg80211_unlock_rdev(rdev);
508 rtnl_unlock(); 515 rtnl_unlock();
@@ -1417,6 +1424,10 @@ static int nl80211_send_wiphy(struct cfg80211_registered_device *dev,
1417 } 1424 }
1418 CMD(start_p2p_device, START_P2P_DEVICE); 1425 CMD(start_p2p_device, START_P2P_DEVICE);
1419 CMD(set_mcast_rate, SET_MCAST_RATE); 1426 CMD(set_mcast_rate, SET_MCAST_RATE);
1427 if (split) {
1428 CMD(crit_proto_start, CRIT_PROTOCOL_START);
1429 CMD(crit_proto_stop, CRIT_PROTOCOL_STOP);
1430 }
1420 1431
1421#ifdef CONFIG_NL80211_TESTMODE 1432#ifdef CONFIG_NL80211_TESTMODE
1422 CMD(testmode_cmd, TESTMODE); 1433 CMD(testmode_cmd, TESTMODE);
@@ -3525,15 +3536,20 @@ static int nl80211_dump_station(struct sk_buff *skb,
3525{ 3536{
3526 struct station_info sinfo; 3537 struct station_info sinfo;
3527 struct cfg80211_registered_device *dev; 3538 struct cfg80211_registered_device *dev;
3528 struct net_device *netdev; 3539 struct wireless_dev *wdev;
3529 u8 mac_addr[ETH_ALEN]; 3540 u8 mac_addr[ETH_ALEN];
3530 int sta_idx = cb->args[1]; 3541 int sta_idx = cb->args[2];
3531 int err; 3542 int err;
3532 3543
3533 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 3544 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
3534 if (err) 3545 if (err)
3535 return err; 3546 return err;
3536 3547
3548 if (!wdev->netdev) {
3549 err = -EINVAL;
3550 goto out_err;
3551 }
3552
3537 if (!dev->ops->dump_station) { 3553 if (!dev->ops->dump_station) {
3538 err = -EOPNOTSUPP; 3554 err = -EOPNOTSUPP;
3539 goto out_err; 3555 goto out_err;
@@ -3541,7 +3557,7 @@ static int nl80211_dump_station(struct sk_buff *skb,
3541 3557
3542 while (1) { 3558 while (1) {
3543 memset(&sinfo, 0, sizeof(sinfo)); 3559 memset(&sinfo, 0, sizeof(sinfo));
3544 err = rdev_dump_station(dev, netdev, sta_idx, 3560 err = rdev_dump_station(dev, wdev->netdev, sta_idx,
3545 mac_addr, &sinfo); 3561 mac_addr, &sinfo);
3546 if (err == -ENOENT) 3562 if (err == -ENOENT)
3547 break; 3563 break;
@@ -3551,7 +3567,7 @@ static int nl80211_dump_station(struct sk_buff *skb,
3551 if (nl80211_send_station(skb, 3567 if (nl80211_send_station(skb,
3552 NETLINK_CB(cb->skb).portid, 3568 NETLINK_CB(cb->skb).portid,
3553 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3569 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3554 dev, netdev, mac_addr, 3570 dev, wdev->netdev, mac_addr,
3555 &sinfo) < 0) 3571 &sinfo) < 0)
3556 goto out; 3572 goto out;
3557 3573
@@ -3560,10 +3576,10 @@ static int nl80211_dump_station(struct sk_buff *skb,
3560 3576
3561 3577
3562 out: 3578 out:
3563 cb->args[1] = sta_idx; 3579 cb->args[2] = sta_idx;
3564 err = skb->len; 3580 err = skb->len;
3565 out_err: 3581 out_err:
3566 nl80211_finish_netdev_dump(dev); 3582 nl80211_finish_wdev_dump(dev);
3567 3583
3568 return err; 3584 return err;
3569} 3585}
@@ -4167,13 +4183,13 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4167{ 4183{
4168 struct mpath_info pinfo; 4184 struct mpath_info pinfo;
4169 struct cfg80211_registered_device *dev; 4185 struct cfg80211_registered_device *dev;
4170 struct net_device *netdev; 4186 struct wireless_dev *wdev;
4171 u8 dst[ETH_ALEN]; 4187 u8 dst[ETH_ALEN];
4172 u8 next_hop[ETH_ALEN]; 4188 u8 next_hop[ETH_ALEN];
4173 int path_idx = cb->args[1]; 4189 int path_idx = cb->args[2];
4174 int err; 4190 int err;
4175 4191
4176 err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 4192 err = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
4177 if (err) 4193 if (err)
4178 return err; 4194 return err;
4179 4195
@@ -4182,14 +4198,14 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4182 goto out_err; 4198 goto out_err;
4183 } 4199 }
4184 4200
4185 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 4201 if (wdev->iftype != NL80211_IFTYPE_MESH_POINT) {
4186 err = -EOPNOTSUPP; 4202 err = -EOPNOTSUPP;
4187 goto out_err; 4203 goto out_err;
4188 } 4204 }
4189 4205
4190 while (1) { 4206 while (1) {
4191 err = rdev_dump_mpath(dev, netdev, path_idx, dst, next_hop, 4207 err = rdev_dump_mpath(dev, wdev->netdev, path_idx, dst,
4192 &pinfo); 4208 next_hop, &pinfo);
4193 if (err == -ENOENT) 4209 if (err == -ENOENT)
4194 break; 4210 break;
4195 if (err) 4211 if (err)
@@ -4197,7 +4213,7 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4197 4213
4198 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid, 4214 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
4199 cb->nlh->nlmsg_seq, NLM_F_MULTI, 4215 cb->nlh->nlmsg_seq, NLM_F_MULTI,
4200 netdev, dst, next_hop, 4216 wdev->netdev, dst, next_hop,
4201 &pinfo) < 0) 4217 &pinfo) < 0)
4202 goto out; 4218 goto out;
4203 4219
@@ -4206,10 +4222,10 @@ static int nl80211_dump_mpath(struct sk_buff *skb,
4206 4222
4207 4223
4208 out: 4224 out:
4209 cb->args[1] = path_idx; 4225 cb->args[2] = path_idx;
4210 err = skb->len; 4226 err = skb->len;
4211 out_err: 4227 out_err:
4212 nl80211_finish_netdev_dump(dev); 4228 nl80211_finish_wdev_dump(dev);
4213 return err; 4229 return err;
4214} 4230}
4215 4231
@@ -5565,9 +5581,13 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5565 5581
5566 genl_dump_check_consistent(cb, hdr, &nl80211_fam); 5582 genl_dump_check_consistent(cb, hdr, &nl80211_fam);
5567 5583
5568 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) || 5584 if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation))
5585 goto nla_put_failure;
5586 if (wdev->netdev &&
5569 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex)) 5587 nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
5570 goto nla_put_failure; 5588 goto nla_put_failure;
5589 if (nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
5590 goto nla_put_failure;
5571 5591
5572 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 5592 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
5573 if (!bss) 5593 if (!bss)
@@ -5647,22 +5667,18 @@ static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
5647 return -EMSGSIZE; 5667 return -EMSGSIZE;
5648} 5668}
5649 5669
5650static int nl80211_dump_scan(struct sk_buff *skb, 5670static int nl80211_dump_scan(struct sk_buff *skb, struct netlink_callback *cb)
5651 struct netlink_callback *cb)
5652{ 5671{
5653 struct cfg80211_registered_device *rdev; 5672 struct cfg80211_registered_device *rdev;
5654 struct net_device *dev;
5655 struct cfg80211_internal_bss *scan; 5673 struct cfg80211_internal_bss *scan;
5656 struct wireless_dev *wdev; 5674 struct wireless_dev *wdev;
5657 int start = cb->args[1], idx = 0; 5675 int start = cb->args[2], idx = 0;
5658 int err; 5676 int err;
5659 5677
5660 err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev); 5678 err = nl80211_prepare_wdev_dump(skb, cb, &rdev, &wdev);
5661 if (err) 5679 if (err)
5662 return err; 5680 return err;
5663 5681
5664 wdev = dev->ieee80211_ptr;
5665
5666 wdev_lock(wdev); 5682 wdev_lock(wdev);
5667 spin_lock_bh(&rdev->bss_lock); 5683 spin_lock_bh(&rdev->bss_lock);
5668 cfg80211_bss_expire(rdev); 5684 cfg80211_bss_expire(rdev);
@@ -5683,8 +5699,8 @@ static int nl80211_dump_scan(struct sk_buff *skb,
5683 spin_unlock_bh(&rdev->bss_lock); 5699 spin_unlock_bh(&rdev->bss_lock);
5684 wdev_unlock(wdev); 5700 wdev_unlock(wdev);
5685 5701
5686 cb->args[1] = idx; 5702 cb->args[2] = idx;
5687 nl80211_finish_netdev_dump(rdev); 5703 nl80211_finish_wdev_dump(rdev);
5688 5704
5689 return skb->len; 5705 return skb->len;
5690} 5706}
@@ -5753,14 +5769,19 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5753{ 5769{
5754 struct survey_info survey; 5770 struct survey_info survey;
5755 struct cfg80211_registered_device *dev; 5771 struct cfg80211_registered_device *dev;
5756 struct net_device *netdev; 5772 struct wireless_dev *wdev;
5757 int survey_idx = cb->args[1]; 5773 int survey_idx = cb->args[2];
5758 int res; 5774 int res;
5759 5775
5760 res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev); 5776 res = nl80211_prepare_wdev_dump(skb, cb, &dev, &wdev);
5761 if (res) 5777 if (res)
5762 return res; 5778 return res;
5763 5779
5780 if (!wdev->netdev) {
5781 res = -EINVAL;
5782 goto out_err;
5783 }
5784
5764 if (!dev->ops->dump_survey) { 5785 if (!dev->ops->dump_survey) {
5765 res = -EOPNOTSUPP; 5786 res = -EOPNOTSUPP;
5766 goto out_err; 5787 goto out_err;
@@ -5769,7 +5790,7 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5769 while (1) { 5790 while (1) {
5770 struct ieee80211_channel *chan; 5791 struct ieee80211_channel *chan;
5771 5792
5772 res = rdev_dump_survey(dev, netdev, survey_idx, &survey); 5793 res = rdev_dump_survey(dev, wdev->netdev, survey_idx, &survey);
5773 if (res == -ENOENT) 5794 if (res == -ENOENT)
5774 break; 5795 break;
5775 if (res) 5796 if (res)
@@ -5791,17 +5812,16 @@ static int nl80211_dump_survey(struct sk_buff *skb,
5791 if (nl80211_send_survey(skb, 5812 if (nl80211_send_survey(skb,
5792 NETLINK_CB(cb->skb).portid, 5813 NETLINK_CB(cb->skb).portid,
5793 cb->nlh->nlmsg_seq, NLM_F_MULTI, 5814 cb->nlh->nlmsg_seq, NLM_F_MULTI,
5794 netdev, 5815 wdev->netdev, &survey) < 0)
5795 &survey) < 0)
5796 goto out; 5816 goto out;
5797 survey_idx++; 5817 survey_idx++;
5798 } 5818 }
5799 5819
5800 out: 5820 out:
5801 cb->args[1] = survey_idx; 5821 cb->args[2] = survey_idx;
5802 res = skb->len; 5822 res = skb->len;
5803 out_err: 5823 out_err:
5804 nl80211_finish_netdev_dump(dev); 5824 nl80211_finish_wdev_dump(dev);
5805 return res; 5825 return res;
5806} 5826}
5807 5827
@@ -8143,9 +8163,11 @@ static int nl80211_stop_p2p_device(struct sk_buff *skb, struct genl_info *info)
8143 if (!rdev->ops->stop_p2p_device) 8163 if (!rdev->ops->stop_p2p_device)
8144 return -EOPNOTSUPP; 8164 return -EOPNOTSUPP;
8145 8165
8166 mutex_lock(&rdev->devlist_mtx);
8146 mutex_lock(&rdev->sched_scan_mtx); 8167 mutex_lock(&rdev->sched_scan_mtx);
8147 cfg80211_stop_p2p_device(rdev, wdev); 8168 cfg80211_stop_p2p_device(rdev, wdev);
8148 mutex_unlock(&rdev->sched_scan_mtx); 8169 mutex_unlock(&rdev->sched_scan_mtx);
8170 mutex_unlock(&rdev->devlist_mtx);
8149 8171
8150 return 0; 8172 return 0;
8151} 8173}
@@ -8198,6 +8220,64 @@ static int nl80211_update_ft_ies(struct sk_buff *skb, struct genl_info *info)
8198 return rdev_update_ft_ies(rdev, dev, &ft_params); 8220 return rdev_update_ft_ies(rdev, dev, &ft_params);
8199} 8221}
8200 8222
8223static int nl80211_crit_protocol_start(struct sk_buff *skb,
8224 struct genl_info *info)
8225{
8226 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8227 struct wireless_dev *wdev = info->user_ptr[1];
8228 enum nl80211_crit_proto_id proto = NL80211_CRIT_PROTO_UNSPEC;
8229 u16 duration;
8230 int ret;
8231
8232 if (!rdev->ops->crit_proto_start)
8233 return -EOPNOTSUPP;
8234
8235 if (WARN_ON(!rdev->ops->crit_proto_stop))
8236 return -EINVAL;
8237
8238 if (rdev->crit_proto_nlportid)
8239 return -EBUSY;
8240
8241 /* determine protocol if provided */
8242 if (info->attrs[NL80211_ATTR_CRIT_PROT_ID])
8243 proto = nla_get_u16(info->attrs[NL80211_ATTR_CRIT_PROT_ID]);
8244
8245 if (proto >= NUM_NL80211_CRIT_PROTO)
8246 return -EINVAL;
8247
8248 /* timeout must be provided */
8249 if (!info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION])
8250 return -EINVAL;
8251
8252 duration =
8253 nla_get_u16(info->attrs[NL80211_ATTR_MAX_CRIT_PROT_DURATION]);
8254
8255 if (duration > NL80211_CRIT_PROTO_MAX_DURATION)
8256 return -ERANGE;
8257
8258 ret = rdev_crit_proto_start(rdev, wdev, proto, duration);
8259 if (!ret)
8260 rdev->crit_proto_nlportid = info->snd_portid;
8261
8262 return ret;
8263}
8264
8265static int nl80211_crit_protocol_stop(struct sk_buff *skb,
8266 struct genl_info *info)
8267{
8268 struct cfg80211_registered_device *rdev = info->user_ptr[0];
8269 struct wireless_dev *wdev = info->user_ptr[1];
8270
8271 if (!rdev->ops->crit_proto_stop)
8272 return -EOPNOTSUPP;
8273
8274 if (rdev->crit_proto_nlportid) {
8275 rdev->crit_proto_nlportid = 0;
8276 rdev_crit_proto_stop(rdev, wdev);
8277 }
8278 return 0;
8279}
8280
8201#define NL80211_FLAG_NEED_WIPHY 0x01 8281#define NL80211_FLAG_NEED_WIPHY 0x01
8202#define NL80211_FLAG_NEED_NETDEV 0x02 8282#define NL80211_FLAG_NEED_NETDEV 0x02
8203#define NL80211_FLAG_NEED_RTNL 0x04 8283#define NL80211_FLAG_NEED_RTNL 0x04
@@ -8887,6 +8967,22 @@ static struct genl_ops nl80211_ops[] = {
8887 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP | 8967 .internal_flags = NL80211_FLAG_NEED_NETDEV_UP |
8888 NL80211_FLAG_NEED_RTNL, 8968 NL80211_FLAG_NEED_RTNL,
8889 }, 8969 },
8970 {
8971 .cmd = NL80211_CMD_CRIT_PROTOCOL_START,
8972 .doit = nl80211_crit_protocol_start,
8973 .policy = nl80211_policy,
8974 .flags = GENL_ADMIN_PERM,
8975 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8976 NL80211_FLAG_NEED_RTNL,
8977 },
8978 {
8979 .cmd = NL80211_CMD_CRIT_PROTOCOL_STOP,
8980 .doit = nl80211_crit_protocol_stop,
8981 .policy = nl80211_policy,
8982 .flags = GENL_ADMIN_PERM,
8983 .internal_flags = NL80211_FLAG_NEED_WDEV_UP |
8984 NL80211_FLAG_NEED_RTNL,
8985 }
8890}; 8986};
8891 8987
8892static struct genl_multicast_group nl80211_mlme_mcgrp = { 8988static struct genl_multicast_group nl80211_mlme_mcgrp = {
@@ -10632,6 +10728,45 @@ void cfg80211_ft_event(struct net_device *netdev,
10632} 10728}
10633EXPORT_SYMBOL(cfg80211_ft_event); 10729EXPORT_SYMBOL(cfg80211_ft_event);
10634 10730
10731void cfg80211_crit_proto_stopped(struct wireless_dev *wdev, gfp_t gfp)
10732{
10733 struct cfg80211_registered_device *rdev;
10734 struct sk_buff *msg;
10735 void *hdr;
10736 u32 nlportid;
10737
10738 rdev = wiphy_to_dev(wdev->wiphy);
10739 if (!rdev->crit_proto_nlportid)
10740 return;
10741
10742 nlportid = rdev->crit_proto_nlportid;
10743 rdev->crit_proto_nlportid = 0;
10744
10745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
10746 if (!msg)
10747 return;
10748
10749 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CRIT_PROTOCOL_STOP);
10750 if (!hdr)
10751 goto nla_put_failure;
10752
10753 if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
10754 nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)))
10755 goto nla_put_failure;
10756
10757 genlmsg_end(msg, hdr);
10758
10759 genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlportid);
10760 return;
10761
10762 nla_put_failure:
10763 if (hdr)
10764 genlmsg_cancel(msg, hdr);
10765 nlmsg_free(msg);
10766
10767}
10768EXPORT_SYMBOL(cfg80211_crit_proto_stopped);
10769
10635/* initialisation/exit functions */ 10770/* initialisation/exit functions */
10636 10771
10637int nl80211_init(void) 10772int nl80211_init(void)
diff --git a/net/wireless/rdev-ops.h b/net/wireless/rdev-ops.h
index d77e1c1d3a0e..9f15f0ac824d 100644
--- a/net/wireless/rdev-ops.h
+++ b/net/wireless/rdev-ops.h
@@ -875,7 +875,7 @@ static inline void rdev_stop_p2p_device(struct cfg80211_registered_device *rdev,
875 trace_rdev_stop_p2p_device(&rdev->wiphy, wdev); 875 trace_rdev_stop_p2p_device(&rdev->wiphy, wdev);
876 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev); 876 rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);
877 trace_rdev_return_void(&rdev->wiphy); 877 trace_rdev_return_void(&rdev->wiphy);
878} 878}
879 879
880static inline int rdev_set_mac_acl(struct cfg80211_registered_device *rdev, 880static inline int rdev_set_mac_acl(struct cfg80211_registered_device *rdev,
881 struct net_device *dev, 881 struct net_device *dev,
@@ -901,4 +901,26 @@ static inline int rdev_update_ft_ies(struct cfg80211_registered_device *rdev,
901 return ret; 901 return ret;
902} 902}
903 903
904static inline int rdev_crit_proto_start(struct cfg80211_registered_device *rdev,
905 struct wireless_dev *wdev,
906 enum nl80211_crit_proto_id protocol,
907 u16 duration)
908{
909 int ret;
910
911 trace_rdev_crit_proto_start(&rdev->wiphy, wdev, protocol, duration);
912 ret = rdev->ops->crit_proto_start(&rdev->wiphy, wdev,
913 protocol, duration);
914 trace_rdev_return_int(&rdev->wiphy, ret);
915 return ret;
916}
917
918static inline void rdev_crit_proto_stop(struct cfg80211_registered_device *rdev,
919 struct wireless_dev *wdev)
920{
921 trace_rdev_crit_proto_stop(&rdev->wiphy, wdev);
922 rdev->ops->crit_proto_stop(&rdev->wiphy, wdev);
923 trace_rdev_return_void(&rdev->wiphy);
924}
925
904#endif /* __CFG80211_RDEV_OPS */ 926#endif /* __CFG80211_RDEV_OPS */
diff --git a/net/wireless/reg.c b/net/wireless/reg.c
index e6df52dc8c69..cc35fbaa4578 100644
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -855,7 +855,7 @@ static void handle_channel(struct wiphy *wiphy,
855 return; 855 return;
856 856
857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); 857 REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq);
858 chan->flags = IEEE80211_CHAN_DISABLED; 858 chan->flags |= IEEE80211_CHAN_DISABLED;
859 return; 859 return;
860 } 860 }
861 861
diff --git a/net/wireless/trace.h b/net/wireless/trace.h
index 3c2033b8f596..ecd4fcec3c94 100644
--- a/net/wireless/trace.h
+++ b/net/wireless/trace.h
@@ -1806,6 +1806,41 @@ TRACE_EVENT(rdev_update_ft_ies,
1806 WIPHY_PR_ARG, NETDEV_PR_ARG, __entry->md) 1806 WIPHY_PR_ARG, NETDEV_PR_ARG, __entry->md)
1807); 1807);
1808 1808
1809TRACE_EVENT(rdev_crit_proto_start,
1810 TP_PROTO(struct wiphy *wiphy, struct wireless_dev *wdev,
1811 enum nl80211_crit_proto_id protocol, u16 duration),
1812 TP_ARGS(wiphy, wdev, protocol, duration),
1813 TP_STRUCT__entry(
1814 WIPHY_ENTRY
1815 WDEV_ENTRY
1816 __field(u16, proto)
1817 __field(u16, duration)
1818 ),
1819 TP_fast_assign(
1820 WIPHY_ASSIGN;
1821 WDEV_ASSIGN;
1822 __entry->proto = protocol;
1823 __entry->duration = duration;
1824 ),
1825 TP_printk(WIPHY_PR_FMT ", " WDEV_PR_FMT ", proto=%x, duration=%u",
1826 WIPHY_PR_ARG, WDEV_PR_ARG, __entry->proto, __entry->duration)
1827);
1828
1829TRACE_EVENT(rdev_crit_proto_stop,
1830 TP_PROTO(struct wiphy *wiphy, struct wireless_dev *wdev),
1831 TP_ARGS(wiphy, wdev),
1832 TP_STRUCT__entry(
1833 WIPHY_ENTRY
1834 WDEV_ENTRY
1835 ),
1836 TP_fast_assign(
1837 WIPHY_ASSIGN;
1838 WDEV_ASSIGN;
1839 ),
1840 TP_printk(WIPHY_PR_FMT ", " WDEV_PR_FMT,
1841 WIPHY_PR_ARG, WDEV_PR_ARG)
1842);
1843
1809/************************************************************* 1844/*************************************************************
1810 * cfg80211 exported functions traces * 1845 * cfg80211 exported functions traces *
1811 *************************************************************/ 1846 *************************************************************/
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 6cbac99ae03d..f5ad4d94ba88 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -1155,6 +1155,26 @@ int cfg80211_get_p2p_attr(const u8 *ies, unsigned int len,
1155} 1155}
1156EXPORT_SYMBOL(cfg80211_get_p2p_attr); 1156EXPORT_SYMBOL(cfg80211_get_p2p_attr);
1157 1157
1158bool ieee80211_operating_class_to_band(u8 operating_class,
1159 enum ieee80211_band *band)
1160{
1161 switch (operating_class) {
1162 case 112:
1163 case 115 ... 127:
1164 *band = IEEE80211_BAND_5GHZ;
1165 return true;
1166 case 81:
1167 case 82:
1168 case 83:
1169 case 84:
1170 *band = IEEE80211_BAND_2GHZ;
1171 return true;
1172 }
1173
1174 return false;
1175}
1176EXPORT_SYMBOL(ieee80211_operating_class_to_band);
1177
1158int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev, 1178int cfg80211_validate_beacon_int(struct cfg80211_registered_device *rdev,
1159 u32 beacon_int) 1179 u32 beacon_int)
1160{ 1180{
@@ -1258,12 +1278,12 @@ int cfg80211_can_use_iftype_chan(struct cfg80211_registered_device *rdev,
1258 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) { 1278 list_for_each_entry(wdev_iter, &rdev->wdev_list, list) {
1259 if (wdev_iter == wdev) 1279 if (wdev_iter == wdev)
1260 continue; 1280 continue;
1261 if (wdev_iter->netdev) { 1281 if (wdev_iter->iftype == NL80211_IFTYPE_P2P_DEVICE) {
1262 if (!netif_running(wdev_iter->netdev))
1263 continue;
1264 } else if (wdev_iter->iftype == NL80211_IFTYPE_P2P_DEVICE) {
1265 if (!wdev_iter->p2p_started) 1282 if (!wdev_iter->p2p_started)
1266 continue; 1283 continue;
1284 } else if (wdev_iter->netdev) {
1285 if (!netif_running(wdev_iter->netdev))
1286 continue;
1267 } else { 1287 } else {
1268 WARN_ON(1); 1288 WARN_ON(1);
1269 } 1289 }
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-23 10:09:35 -0400