aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/sta_info.c
diff options
context:
space:
mode:
authorJohannes Berg <johannes@sipsolutions.net>2010-02-03 07:59:58 -0500
committerJohn W. Linville <linville@tuxdriver.com>2010-02-08 16:50:53 -0500
commit34e895075e21be3e21e71d6317440d1ee7969ad0 (patch)
tree217fe70e32e54ef0134f477510472f3992655d79 /net/mac80211/sta_info.c
parent070bb5477fb4029131aad4941d7aaf0093db0c38 (diff)
mac80211: allow station add/remove to sleep
Many drivers would like to sleep during station addition and removal, and currently have a high complexity there from not being able to. This introduces two new callbacks sta_add() and sta_remove() that drivers can implement instead of using sta_notify() and that can sleep, and the new sta_add() callback is also allowed to fail. The reason we didn't do this previously is that the IBSS code wants to insert stations from the RX path, which is a tasklet, so cannot sleep. This patch will keep the station allocation in that path, but moves adding the station to the driver out of line. Since the addition can now fail, we can have IBSS peer structs the driver rejected -- in that case we still talk to the station but never tell the driver about it in the control.sta pointer. If there will ever be a driver that has a low limit on the number of stations and that cannot talk to any stations that are not known to it, we need to do come up with a new strategy of handling larger IBSSs, maybe quicker expiry or rejecting peers. Signed-off-by: Johannes Berg <johannes@sipsolutions.net> Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/sta_info.c')
-rw-r--r--net/mac80211/sta_info.c731
1 files changed, 363 insertions, 368 deletions
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f735826f055c..211c475f73c6 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -32,49 +32,33 @@
32 * for faster lookup and a list for iteration. They are managed using 32 * for faster lookup and a list for iteration. They are managed using
33 * RCU, i.e. access to the list and hash table is protected by RCU. 33 * RCU, i.e. access to the list and hash table is protected by RCU.
34 * 34 *
35 * Upon allocating a STA info structure with sta_info_alloc(), the caller owns 35 * Upon allocating a STA info structure with sta_info_alloc(), the caller
36 * that structure. It must then either destroy it using sta_info_destroy() 36 * owns that structure. It must then insert it into the hash table using
37 * (which is pretty useless) or insert it into the hash table using 37 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
38 * sta_info_insert() which demotes the reference from ownership to a regular 38 * case (which acquires an rcu read section but must not be called from
39 * RCU-protected reference; if the function is called without protection by an 39 * within one) will the pointer still be valid after the call. Note that
40 * RCU critical section the reference is instantly invalidated. Note that the 40 * the caller may not do much with the STA info before inserting it, in
41 * caller may not do much with the STA info before inserting it, in particular, 41 * particular, it may not start any mesh peer link management or add
42 * it may not start any mesh peer link management or add encryption keys. 42 * encryption keys.
43 * 43 *
44 * When the insertion fails (sta_info_insert()) returns non-zero), the 44 * When the insertion fails (sta_info_insert()) returns non-zero), the
45 * structure will have been freed by sta_info_insert()! 45 * structure will have been freed by sta_info_insert()!
46 * 46 *
47 * sta entries are added by mac80211 when you establish a link with a 47 * Station entries are added by mac80211 when you establish a link with a
48 * peer. This means different things for the different type of interfaces 48 * peer. This means different things for the different type of interfaces
49 * we support. For a regular station this mean we add the AP sta when we 49 * we support. For a regular station this mean we add the AP sta when we
50 * receive an assocation response from the AP. For IBSS this occurs when 50 * receive an assocation response from the AP. For IBSS this occurs when
51 * we receive a probe response or a beacon from target IBSS network. For 51 * get to know about a peer on the same IBSS. For WDS we add the sta for
52 * WDS we add the sta for the peer imediately upon device open. When using 52 * the peer imediately upon device open. When using AP mode we add stations
53 * AP mode we add stations for each respective station upon request from 53 * for each respective station upon request from userspace through nl80211.
54 * userspace through nl80211.
55 * 54 *
56 * Because there are debugfs entries for each station, and adding those 55 * In order to remove a STA info structure, various sta_info_destroy_*()
57 * must be able to sleep, it is also possible to "pin" a station entry, 56 * calls are available.
58 * that means it can be removed from the hash table but not be freed.
59 * See the comment in __sta_info_unlink() for more information, this is
60 * an internal capability only.
61 * 57 *
62 * In order to remove a STA info structure, the caller needs to first 58 * There is no concept of ownership on a STA entry, each structure is
63 * unlink it (sta_info_unlink()) from the list and hash tables and 59 * owned by the global hash table/list until it is removed. All users of
64 * then destroy it; sta_info_destroy() will wait for an RCU grace period 60 * the structure need to be RCU protected so that the structure won't be
65 * to elapse before actually freeing it. Due to the pinning and the 61 * freed before they are done using it.
66 * possibility of multiple callers trying to remove the same STA info at
67 * the same time, sta_info_unlink() can clear the STA info pointer it is
68 * passed to indicate that the STA info is owned by somebody else now.
69 *
70 * If sta_info_unlink() did not clear the pointer then the caller owns
71 * the STA info structure now and is responsible of destroying it with
72 * a call to sta_info_destroy().
73 *
74 * In all other cases, there is no concept of ownership on a STA entry,
75 * each structure is owned by the global hash table/list until it is
76 * removed. All users of the structure need to be RCU protected so that
77 * the structure won't be freed before they are done using it.
78 */ 62 */
79 63
80/* Caller must hold local->sta_lock */ 64/* Caller must hold local->sta_lock */
@@ -185,101 +169,6 @@ static void __sta_info_free(struct ieee80211_local *local,
185 kfree(sta); 169 kfree(sta);
186} 170}
187 171
188void sta_info_destroy(struct sta_info *sta)
189{
190 struct ieee80211_local *local;
191 struct sk_buff *skb;
192 int i;
193
194 might_sleep();
195
196 if (!sta)
197 return;
198
199 local = sta->local;
200
201 cancel_work_sync(&sta->drv_unblock_wk);
202
203 rate_control_remove_sta_debugfs(sta);
204 ieee80211_sta_debugfs_remove(sta);
205
206#ifdef CONFIG_MAC80211_MESH
207 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
208 mesh_plink_deactivate(sta);
209#endif
210
211 /*
212 * We have only unlinked the key, and actually destroying it
213 * may mean it is removed from hardware which requires that
214 * the key->sta pointer is still valid, so flush the key todo
215 * list here.
216 *
217 * ieee80211_key_todo() will synchronize_rcu() so after this
218 * nothing can reference this sta struct any more.
219 */
220 ieee80211_key_todo();
221
222#ifdef CONFIG_MAC80211_MESH
223 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
224 del_timer_sync(&sta->plink_timer);
225#endif
226
227 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
228 local->total_ps_buffered--;
229 dev_kfree_skb_any(skb);
230 }
231
232 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
233 dev_kfree_skb_any(skb);
234
235 for (i = 0; i < STA_TID_NUM; i++) {
236 struct tid_ampdu_rx *tid_rx;
237 struct tid_ampdu_tx *tid_tx;
238
239 spin_lock_bh(&sta->lock);
240 tid_rx = sta->ampdu_mlme.tid_rx[i];
241 /* Make sure timer won't free the tid_rx struct, see below */
242 if (tid_rx)
243 tid_rx->shutdown = true;
244
245 spin_unlock_bh(&sta->lock);
246
247 /*
248 * Outside spinlock - shutdown is true now so that the timer
249 * won't free tid_rx, we have to do that now. Can't let the
250 * timer do it because we have to sync the timer outside the
251 * lock that it takes itself.
252 */
253 if (tid_rx) {
254 del_timer_sync(&tid_rx->session_timer);
255 kfree(tid_rx);
256 }
257
258 /*
259 * No need to do such complications for TX agg sessions, the
260 * path leading to freeing the tid_tx struct goes via a call
261 * from the driver, and thus needs to look up the sta struct
262 * again, which cannot be found when we get here. Hence, we
263 * just need to delete the timer and free the aggregation
264 * info; we won't be telling the peer about it then but that
265 * doesn't matter if we're not talking to it again anyway.
266 */
267 tid_tx = sta->ampdu_mlme.tid_tx[i];
268 if (tid_tx) {
269 del_timer_sync(&tid_tx->addba_resp_timer);
270 /*
271 * STA removed while aggregation session being
272 * started? Bit odd, but purge frames anyway.
273 */
274 skb_queue_purge(&tid_tx->pending);
275 kfree(tid_tx);
276 }
277 }
278
279 __sta_info_free(local, sta);
280}
281
282
283/* Caller must hold local->sta_lock */ 172/* Caller must hold local->sta_lock */
284static void sta_info_hash_add(struct ieee80211_local *local, 173static void sta_info_hash_add(struct ieee80211_local *local,
285 struct sta_info *sta) 174 struct sta_info *sta)
@@ -376,7 +265,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
376 return sta; 265 return sta;
377} 266}
378 267
379int sta_info_insert(struct sta_info *sta) 268static int sta_info_finish_insert(struct sta_info *sta, bool async)
380{ 269{
381 struct ieee80211_local *local = sta->local; 270 struct ieee80211_local *local = sta->local;
382 struct ieee80211_sub_if_data *sdata = sta->sdata; 271 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -384,6 +273,91 @@ int sta_info_insert(struct sta_info *sta)
384 unsigned long flags; 273 unsigned long flags;
385 int err = 0; 274 int err = 0;
386 275
276 WARN_ON(!mutex_is_locked(&local->sta_mtx));
277
278 /* notify driver */
279 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
280 sdata = container_of(sdata->bss,
281 struct ieee80211_sub_if_data,
282 u.ap);
283 err = drv_sta_add(local, sdata, &sta->sta);
284 if (err) {
285 if (!async)
286 return err;
287 printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
288 " - keeping it anyway.\n",
289 sdata->name, sta->sta.addr, err);
290 } else {
291 sta->uploaded = true;
292#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
293 if (async)
294 printk(KERN_DEBUG "%s: Finished adding IBSS STA %pM\n",
295 wiphy_name(local->hw.wiphy), sta->sta.addr);
296#endif
297 }
298
299 sdata = sta->sdata;
300
301 if (!async) {
302 local->num_sta++;
303 local->sta_generation++;
304 smp_mb();
305
306 /* make the station visible */
307 spin_lock_irqsave(&local->sta_lock, flags);
308 sta_info_hash_add(local, sta);
309 spin_unlock_irqrestore(&local->sta_lock, flags);
310 }
311
312 list_add(&sta->list, &local->sta_list);
313
314 ieee80211_sta_debugfs_add(sta);
315 rate_control_add_sta_debugfs(sta);
316
317 sinfo.filled = 0;
318 sinfo.generation = local->sta_generation;
319 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
320
321
322 return 0;
323}
324
325static void sta_info_finish_pending(struct ieee80211_local *local)
326{
327 struct sta_info *sta;
328 unsigned long flags;
329
330 spin_lock_irqsave(&local->sta_lock, flags);
331 while (!list_empty(&local->sta_pending_list)) {
332 sta = list_first_entry(&local->sta_pending_list,
333 struct sta_info, list);
334 list_del(&sta->list);
335 spin_unlock_irqrestore(&local->sta_lock, flags);
336
337 sta_info_finish_insert(sta, true);
338
339 spin_lock_irqsave(&local->sta_lock, flags);
340 }
341 spin_unlock_irqrestore(&local->sta_lock, flags);
342}
343
344static void sta_info_finish_work(struct work_struct *work)
345{
346 struct ieee80211_local *local =
347 container_of(work, struct ieee80211_local, sta_finish_work);
348
349 mutex_lock(&local->sta_mtx);
350 sta_info_finish_pending(local);
351 mutex_unlock(&local->sta_mtx);
352}
353
354int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
355{
356 struct ieee80211_local *local = sta->local;
357 struct ieee80211_sub_if_data *sdata = sta->sdata;
358 unsigned long flags;
359 int err = 0;
360
387 /* 361 /*
388 * Can't be a WARN_ON because it can be triggered through a race: 362 * Can't be a WARN_ON because it can be triggered through a race:
389 * something inserts a STA (on one CPU) without holding the RTNL 363 * something inserts a STA (on one CPU) without holding the RTNL
@@ -391,36 +365,87 @@ int sta_info_insert(struct sta_info *sta)
391 */ 365 */
392 if (unlikely(!ieee80211_sdata_running(sdata))) { 366 if (unlikely(!ieee80211_sdata_running(sdata))) {
393 err = -ENETDOWN; 367 err = -ENETDOWN;
368 rcu_read_lock();
394 goto out_free; 369 goto out_free;
395 } 370 }
396 371
397 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 || 372 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
398 is_multicast_ether_addr(sta->sta.addr))) { 373 is_multicast_ether_addr(sta->sta.addr))) {
399 err = -EINVAL; 374 err = -EINVAL;
375 rcu_read_lock();
400 goto out_free; 376 goto out_free;
401 } 377 }
402 378
379 /*
380 * In ad-hoc mode, we sometimes need to insert stations
381 * from tasklet context from the RX path. To avoid races,
382 * always do so in that case -- see the comment below.
383 */
384 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
385 spin_lock_irqsave(&local->sta_lock, flags);
386 /* check if STA exists already */
387 if (sta_info_get_bss(sdata, sta->sta.addr)) {
388 spin_unlock_irqrestore(&local->sta_lock, flags);
389 rcu_read_lock();
390 err = -EEXIST;
391 goto out_free;
392 }
393
394 local->num_sta++;
395 local->sta_generation++;
396 smp_mb();
397 sta_info_hash_add(local, sta);
398
399 list_add_tail(&sta->list, &local->sta_pending_list);
400
401 rcu_read_lock();
402 spin_unlock_irqrestore(&local->sta_lock, flags);
403
404#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
405 printk(KERN_DEBUG "%s: Added IBSS STA %pM\n",
406 wiphy_name(local->hw.wiphy), sta->sta.addr);
407#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
408
409 ieee80211_queue_work(&local->hw, &local->sta_finish_work);
410
411 return 0;
412 }
413
414 /*
415 * On first glance, this will look racy, because the code
416 * below this point, which inserts a station with sleeping,
417 * unlocks the sta_lock between checking existence in the
418 * hash table and inserting into it.
419 *
420 * However, it is not racy against itself because it keeps
421 * the mutex locked. It still seems to race against the
422 * above code that atomically inserts the station... That,
423 * however, is not true because the above code can only
424 * be invoked for IBSS interfaces, and the below code will
425 * not be -- and the two do not race against each other as
426 * the hash table also keys off the interface.
427 */
428
429 might_sleep();
430
431 mutex_lock(&local->sta_mtx);
432
403 spin_lock_irqsave(&local->sta_lock, flags); 433 spin_lock_irqsave(&local->sta_lock, flags);
404 /* check if STA exists already */ 434 /* check if STA exists already */
405 if (sta_info_get(sdata, sta->sta.addr)) { 435 if (sta_info_get_bss(sdata, sta->sta.addr)) {
406 spin_unlock_irqrestore(&local->sta_lock, flags); 436 spin_unlock_irqrestore(&local->sta_lock, flags);
437 rcu_read_lock();
407 err = -EEXIST; 438 err = -EEXIST;
408 goto out_free; 439 goto out_free;
409 } 440 }
410 list_add(&sta->list, &local->sta_list);
411 local->sta_generation++;
412 local->num_sta++;
413 sta_info_hash_add(local, sta);
414 441
415 /* notify driver */ 442 spin_unlock_irqrestore(&local->sta_lock, flags);
416 if (local->ops->sta_notify) {
417 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
418 sdata = container_of(sdata->bss,
419 struct ieee80211_sub_if_data,
420 u.ap);
421 443
422 drv_sta_notify(local, sdata, STA_NOTIFY_ADD, &sta->sta); 444 err = sta_info_finish_insert(sta, false);
423 sdata = sta->sdata; 445 if (err) {
446 mutex_unlock(&local->sta_mtx);
447 rcu_read_lock();
448 goto out_free;
424 } 449 }
425 450
426#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 451#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -428,22 +453,9 @@ int sta_info_insert(struct sta_info *sta)
428 wiphy_name(local->hw.wiphy), sta->sta.addr); 453 wiphy_name(local->hw.wiphy), sta->sta.addr);
429#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 454#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
430 455
431 spin_unlock_irqrestore(&local->sta_lock, flags); 456 /* move reference to rcu-protected */
432 457 rcu_read_lock();
433 sinfo.filled = 0; 458 mutex_unlock(&local->sta_mtx);
434 sinfo.generation = local->sta_generation;
435 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_ATOMIC);
436
437#ifdef CONFIG_MAC80211_DEBUGFS
438 /*
439 * Debugfs entry adding might sleep, so schedule process
440 * context task for adding entry for STAs that do not yet
441 * have one.
442 * NOTE: due to auto-freeing semantics this may only be done
443 * if the insertion is successful!
444 */
445 schedule_work(&local->sta_debugfs_add);
446#endif
447 459
448 if (ieee80211_vif_is_mesh(&sdata->vif)) 460 if (ieee80211_vif_is_mesh(&sdata->vif))
449 mesh_accept_plinks_update(sdata); 461 mesh_accept_plinks_update(sdata);
@@ -455,6 +467,15 @@ int sta_info_insert(struct sta_info *sta)
455 return err; 467 return err;
456} 468}
457 469
470int sta_info_insert(struct sta_info *sta)
471{
472 int err = sta_info_insert_rcu(sta);
473
474 rcu_read_unlock();
475
476 return err;
477}
478
458static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 479static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
459{ 480{
460 /* 481 /*
@@ -523,108 +544,6 @@ void sta_info_clear_tim_bit(struct sta_info *sta)
523 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 544 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
524} 545}
525 546
526static void __sta_info_unlink(struct sta_info **sta)
527{
528 struct ieee80211_local *local = (*sta)->local;
529 struct ieee80211_sub_if_data *sdata = (*sta)->sdata;
530 /*
531 * pull caller's reference if we're already gone.
532 */
533 if (sta_info_hash_del(local, *sta)) {
534 *sta = NULL;
535 return;
536 }
537
538 if ((*sta)->key) {
539 ieee80211_key_free((*sta)->key);
540 WARN_ON((*sta)->key);
541 }
542
543 list_del(&(*sta)->list);
544 (*sta)->dead = true;
545
546 if (test_and_clear_sta_flags(*sta,
547 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
548 BUG_ON(!sdata->bss);
549
550 atomic_dec(&sdata->bss->num_sta_ps);
551 __sta_info_clear_tim_bit(sdata->bss, *sta);
552 }
553
554 local->num_sta--;
555 local->sta_generation++;
556
557 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
558 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
559
560 if (local->ops->sta_notify) {
561 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
562 sdata = container_of(sdata->bss,
563 struct ieee80211_sub_if_data,
564 u.ap);
565
566 drv_sta_notify(local, sdata, STA_NOTIFY_REMOVE,
567 &(*sta)->sta);
568 sdata = (*sta)->sdata;
569 }
570
571 if (ieee80211_vif_is_mesh(&sdata->vif)) {
572 mesh_accept_plinks_update(sdata);
573#ifdef CONFIG_MAC80211_MESH
574 del_timer(&(*sta)->plink_timer);
575#endif
576 }
577
578#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
579 printk(KERN_DEBUG "%s: Removed STA %pM\n",
580 wiphy_name(local->hw.wiphy), (*sta)->sta.addr);
581#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
582
583 /*
584 * Finally, pull caller's reference if the STA is pinned by the
585 * task that is adding the debugfs entries. In that case, we
586 * leave the STA "to be freed".
587 *
588 * The rules are not trivial, but not too complex either:
589 * (1) pin_status is only modified under the sta_lock
590 * (2) STAs may only be pinned under the RTNL so that
591 * sta_info_flush() is guaranteed to actually destroy
592 * all STAs that are active for a given interface, this
593 * is required for correctness because otherwise we
594 * could notify a driver that an interface is going
595 * away and only after that (!) notify it about a STA
596 * on that interface going away.
597 * (3) sta_info_debugfs_add_work() will set the status
598 * to PINNED when it found an item that needs a new
599 * debugfs directory created. In that case, that item
600 * must not be freed although all *RCU* users are done
601 * with it. Hence, we tell the caller of _unlink()
602 * that the item is already gone (as can happen when
603 * two tasks try to unlink/destroy at the same time)
604 * (4) We set the pin_status to DESTROY here when we
605 * find such an item.
606 * (5) sta_info_debugfs_add_work() will reset the pin_status
607 * from PINNED to NORMAL when it is done with the item,
608 * but will check for DESTROY before resetting it in
609 * which case it will free the item.
610 */
611 if ((*sta)->pin_status == STA_INFO_PIN_STAT_PINNED) {
612 (*sta)->pin_status = STA_INFO_PIN_STAT_DESTROY;
613 *sta = NULL;
614 return;
615 }
616}
617
618void sta_info_unlink(struct sta_info **sta)
619{
620 struct ieee80211_local *local = (*sta)->local;
621 unsigned long flags;
622
623 spin_lock_irqsave(&local->sta_lock, flags);
624 __sta_info_unlink(sta);
625 spin_unlock_irqrestore(&local->sta_lock, flags);
626}
627
628static int sta_info_buffer_expired(struct sta_info *sta, 547static int sta_info_buffer_expired(struct sta_info *sta,
629 struct sk_buff *skb) 548 struct sk_buff *skb)
630{ 549{
@@ -681,109 +600,209 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
681 } 600 }
682} 601}
683 602
684 603static int __must_check __sta_info_destroy(struct sta_info *sta)
685static void sta_info_cleanup(unsigned long data)
686{ 604{
687 struct ieee80211_local *local = (struct ieee80211_local *) data; 605 struct ieee80211_local *local;
688 struct sta_info *sta; 606 struct ieee80211_sub_if_data *sdata;
607 struct sk_buff *skb;
608 unsigned long flags;
609 int ret, i;
689 610
690 rcu_read_lock(); 611 might_sleep();
691 list_for_each_entry_rcu(sta, &local->sta_list, list)
692 sta_info_cleanup_expire_buffered(local, sta);
693 rcu_read_unlock();
694 612
695 if (local->quiescing) 613 if (!sta)
696 return; 614 return -ENOENT;
697 615
698 local->sta_cleanup.expires = 616 local = sta->local;
699 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 617 sdata = sta->sdata;
700 add_timer(&local->sta_cleanup);
701}
702 618
703#ifdef CONFIG_MAC80211_DEBUGFS 619 spin_lock_irqsave(&local->sta_lock, flags);
704/* 620 ret = sta_info_hash_del(local, sta);
705 * See comment in __sta_info_unlink, 621 /* this might still be the pending list ... which is fine */
706 * caller must hold local->sta_lock. 622 if (!ret)
707 */ 623 list_del(&sta->list);
708static void __sta_info_pin(struct sta_info *sta) 624 spin_unlock_irqrestore(&local->sta_lock, flags);
709{ 625 if (ret)
710 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); 626 return ret;
711 sta->pin_status = STA_INFO_PIN_STAT_PINNED; 627
628 if (sta->key) {
629 ieee80211_key_free(sta->key);
630 /*
631 * We have only unlinked the key, and actually destroying it
632 * may mean it is removed from hardware which requires that
633 * the key->sta pointer is still valid, so flush the key todo
634 * list here.
635 *
636 * ieee80211_key_todo() will synchronize_rcu() so after this
637 * nothing can reference this sta struct any more.
638 */
639 ieee80211_key_todo();
640
641 WARN_ON(sta->key);
642 }
643
644 sta->dead = true;
645
646 if (test_and_clear_sta_flags(sta,
647 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
648 BUG_ON(!sdata->bss);
649
650 atomic_dec(&sdata->bss->num_sta_ps);
651 __sta_info_clear_tim_bit(sdata->bss, sta);
652 }
653
654 local->num_sta--;
655 local->sta_generation++;
656
657 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
658 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
659
660 if (sta->uploaded) {
661 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
662 sdata = container_of(sdata->bss,
663 struct ieee80211_sub_if_data,
664 u.ap);
665 drv_sta_remove(local, sdata, &sta->sta);
666 sdata = sta->sdata;
667 }
668
669#ifdef CONFIG_MAC80211_MESH
670 if (ieee80211_vif_is_mesh(&sdata->vif)) {
671 mesh_accept_plinks_update(sdata);
672 del_timer(&sta->plink_timer);
673 }
674#endif
675
676#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
677 printk(KERN_DEBUG "%s: Removed STA %pM\n",
678 wiphy_name(local->hw.wiphy), sta->sta.addr);
679#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
680 cancel_work_sync(&sta->drv_unblock_wk);
681
682 rate_control_remove_sta_debugfs(sta);
683 ieee80211_sta_debugfs_remove(sta);
684
685#ifdef CONFIG_MAC80211_MESH
686 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
687 mesh_plink_deactivate(sta);
688 del_timer_sync(&sta->plink_timer);
689 }
690#endif
691
692 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
693 local->total_ps_buffered--;
694 dev_kfree_skb_any(skb);
695 }
696
697 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
698 dev_kfree_skb_any(skb);
699
700 for (i = 0; i < STA_TID_NUM; i++) {
701 struct tid_ampdu_rx *tid_rx;
702 struct tid_ampdu_tx *tid_tx;
703
704 spin_lock_bh(&sta->lock);
705 tid_rx = sta->ampdu_mlme.tid_rx[i];
706 /* Make sure timer won't free the tid_rx struct, see below */
707 if (tid_rx)
708 tid_rx->shutdown = true;
709
710 spin_unlock_bh(&sta->lock);
711
712 /*
713 * Outside spinlock - shutdown is true now so that the timer
714 * won't free tid_rx, we have to do that now. Can't let the
715 * timer do it because we have to sync the timer outside the
716 * lock that it takes itself.
717 */
718 if (tid_rx) {
719 del_timer_sync(&tid_rx->session_timer);
720 kfree(tid_rx);
721 }
722
723 /*
724 * No need to do such complications for TX agg sessions, the
725 * path leading to freeing the tid_tx struct goes via a call
726 * from the driver, and thus needs to look up the sta struct
727 * again, which cannot be found when we get here. Hence, we
728 * just need to delete the timer and free the aggregation
729 * info; we won't be telling the peer about it then but that
730 * doesn't matter if we're not talking to it again anyway.
731 */
732 tid_tx = sta->ampdu_mlme.tid_tx[i];
733 if (tid_tx) {
734 del_timer_sync(&tid_tx->addba_resp_timer);
735 /*
736 * STA removed while aggregation session being
737 * started? Bit odd, but purge frames anyway.
738 */
739 skb_queue_purge(&tid_tx->pending);
740 kfree(tid_tx);
741 }
742 }
743
744 __sta_info_free(local, sta);
745
746 return 0;
712} 747}
713 748
714/* 749int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
715 * See comment in __sta_info_unlink, returns sta if it
716 * needs to be destroyed.
717 */
718static struct sta_info *__sta_info_unpin(struct sta_info *sta)
719{ 750{
720 struct sta_info *ret = NULL; 751 struct sta_info *sta;
721 unsigned long flags; 752 int ret;
722 753
723 spin_lock_irqsave(&sta->local->sta_lock, flags); 754 mutex_lock(&sdata->local->sta_mtx);
724 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && 755 sta = sta_info_get(sdata, addr);
725 sta->pin_status != STA_INFO_PIN_STAT_PINNED); 756 ret = __sta_info_destroy(sta);
726 if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) 757 mutex_unlock(&sdata->local->sta_mtx);
727 ret = sta;
728 sta->pin_status = STA_INFO_PIN_STAT_NORMAL;
729 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
730 758
731 return ret; 759 return ret;
732} 760}
733 761
734static void sta_info_debugfs_add_work(struct work_struct *work) 762int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
763 const u8 *addr)
735{ 764{
736 struct ieee80211_local *local = 765 struct sta_info *sta;
737 container_of(work, struct ieee80211_local, sta_debugfs_add); 766 int ret;
738 struct sta_info *sta, *tmp;
739 unsigned long flags;
740 767
741 /* We need to keep the RTNL across the whole pinned status. */ 768 mutex_lock(&sdata->local->sta_mtx);
742 rtnl_lock(); 769 sta = sta_info_get_bss(sdata, addr);
743 while (1) { 770 ret = __sta_info_destroy(sta);
744 sta = NULL; 771 mutex_unlock(&sdata->local->sta_mtx);
745 772
746 spin_lock_irqsave(&local->sta_lock, flags); 773 return ret;
747 list_for_each_entry(tmp, &local->sta_list, list) { 774}
748 /*
749 * debugfs.add_has_run will be set by
750 * ieee80211_sta_debugfs_add regardless
751 * of what else it does.
752 */
753 if (!tmp->debugfs.add_has_run) {
754 sta = tmp;
755 __sta_info_pin(sta);
756 break;
757 }
758 }
759 spin_unlock_irqrestore(&local->sta_lock, flags);
760 775
761 if (!sta) 776static void sta_info_cleanup(unsigned long data)
762 break; 777{
778 struct ieee80211_local *local = (struct ieee80211_local *) data;
779 struct sta_info *sta;
780
781 rcu_read_lock();
782 list_for_each_entry_rcu(sta, &local->sta_list, list)
783 sta_info_cleanup_expire_buffered(local, sta);
784 rcu_read_unlock();
763 785
764 ieee80211_sta_debugfs_add(sta); 786 if (local->quiescing)
765 rate_control_add_sta_debugfs(sta); 787 return;
766 788
767 sta = __sta_info_unpin(sta); 789 local->sta_cleanup.expires =
768 sta_info_destroy(sta); 790 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
769 } 791 add_timer(&local->sta_cleanup);
770 rtnl_unlock();
771} 792}
772#endif
773 793
774void sta_info_init(struct ieee80211_local *local) 794void sta_info_init(struct ieee80211_local *local)
775{ 795{
776 spin_lock_init(&local->sta_lock); 796 spin_lock_init(&local->sta_lock);
797 mutex_init(&local->sta_mtx);
777 INIT_LIST_HEAD(&local->sta_list); 798 INIT_LIST_HEAD(&local->sta_list);
799 INIT_LIST_HEAD(&local->sta_pending_list);
800 INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
778 801
779 setup_timer(&local->sta_cleanup, sta_info_cleanup, 802 setup_timer(&local->sta_cleanup, sta_info_cleanup,
780 (unsigned long)local); 803 (unsigned long)local);
781 local->sta_cleanup.expires = 804 local->sta_cleanup.expires =
782 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 805 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
783
784#ifdef CONFIG_MAC80211_DEBUGFS
785 INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_work);
786#endif
787} 806}
788 807
789int sta_info_start(struct ieee80211_local *local) 808int sta_info_start(struct ieee80211_local *local)
@@ -795,16 +814,6 @@ int sta_info_start(struct ieee80211_local *local)
795void sta_info_stop(struct ieee80211_local *local) 814void sta_info_stop(struct ieee80211_local *local)
796{ 815{
797 del_timer(&local->sta_cleanup); 816 del_timer(&local->sta_cleanup);
798#ifdef CONFIG_MAC80211_DEBUGFS
799 /*
800 * Make sure the debugfs adding work isn't pending after this
801 * because we're about to be destroyed. It doesn't matter
802 * whether it ran or not since we're going to flush all STAs
803 * anyway.
804 */
805 cancel_work_sync(&local->sta_debugfs_add);
806#endif
807
808 sta_info_flush(local, NULL); 817 sta_info_flush(local, NULL);
809} 818}
810 819
@@ -820,26 +829,19 @@ int sta_info_flush(struct ieee80211_local *local,
820 struct ieee80211_sub_if_data *sdata) 829 struct ieee80211_sub_if_data *sdata)
821{ 830{
822 struct sta_info *sta, *tmp; 831 struct sta_info *sta, *tmp;
823 LIST_HEAD(tmp_list);
824 int ret = 0; 832 int ret = 0;
825 unsigned long flags;
826 833
827 might_sleep(); 834 might_sleep();
828 835
829 spin_lock_irqsave(&local->sta_lock, flags); 836 mutex_lock(&local->sta_mtx);
837
838 sta_info_finish_pending(local);
839
830 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 840 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
831 if (!sdata || sdata == sta->sdata) { 841 if (!sdata || sdata == sta->sdata)
832 __sta_info_unlink(&sta); 842 WARN_ON(__sta_info_destroy(sta));
833 if (sta) {
834 list_add_tail(&sta->list, &tmp_list);
835 ret++;
836 }
837 }
838 } 843 }
839 spin_unlock_irqrestore(&local->sta_lock, flags); 844 mutex_unlock(&local->sta_mtx);
840
841 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
842 sta_info_destroy(sta);
843 845
844 return ret; 846 return ret;
845} 847}
@@ -849,24 +851,17 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
849{ 851{
850 struct ieee80211_local *local = sdata->local; 852 struct ieee80211_local *local = sdata->local;
851 struct sta_info *sta, *tmp; 853 struct sta_info *sta, *tmp;
852 LIST_HEAD(tmp_list);
853 unsigned long flags;
854 854
855 spin_lock_irqsave(&local->sta_lock, flags); 855 mutex_lock(&local->sta_mtx);
856 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 856 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
857 if (time_after(jiffies, sta->last_rx + exp_time)) { 857 if (time_after(jiffies, sta->last_rx + exp_time)) {
858#ifdef CONFIG_MAC80211_IBSS_DEBUG 858#ifdef CONFIG_MAC80211_IBSS_DEBUG
859 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n", 859 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
860 sdata->name, sta->sta.addr); 860 sdata->name, sta->sta.addr);
861#endif 861#endif
862 __sta_info_unlink(&sta); 862 WARN_ON(__sta_info_destroy(sta));
863 if (sta)
864 list_add(&sta->list, &tmp_list);
865 } 863 }
866 spin_unlock_irqrestore(&local->sta_lock, flags); 864 mutex_unlock(&local->sta_mtx);
867
868 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
869 sta_info_destroy(sta);
870} 865}
871 866
872struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw, 867struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-10 19:05:43 -0500