aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorMichal Marek <mmarek@suse.cz>2010-10-12 09:09:06 -0400
committerMichal Marek <mmarek@suse.cz>2010-10-12 09:09:06 -0400
commit239060b93bb30a4ad55f1ecaa512464a035cc5ba (patch)
tree77f79810e57d4fc24356eca0cd6db463e8994128 /net/mac80211
parent1408b15b98635a13bad2e2a50b3c2ae2ccdf625b (diff)
parente9203c988234aa512bd45ca32b52e21c7bbfc414 (diff)
Merge branch 'kbuild/rc-fixes' into kbuild/kconfig
We need to revert the temporary hack in 71ebc01, hence the merge.
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig8
-rw-r--r--net/mac80211/Makefile4
-rw-r--r--net/mac80211/agg-rx.c123
-rw-r--r--net/mac80211/agg-tx.c554
-rw-r--r--net/mac80211/cfg.c124
-rw-r--r--net/mac80211/debugfs.c154
-rw-r--r--net/mac80211/debugfs_key.c2
-rw-r--r--net/mac80211/debugfs_sta.c65
-rw-r--r--net/mac80211/driver-ops.h102
-rw-r--r--net/mac80211/driver-trace.h210
-rw-r--r--net/mac80211/ht.c52
-rw-r--r--net/mac80211/ibss.c171
-rw-r--r--net/mac80211/ieee80211_i.h81
-rw-r--r--net/mac80211/iface.c190
-rw-r--r--net/mac80211/key.c295
-rw-r--r--net/mac80211/key.h33
-rw-r--r--net/mac80211/main.c126
-rw-r--r--net/mac80211/mesh.c73
-rw-r--r--net/mac80211/mesh.h2
-rw-r--r--net/mac80211/mesh_hwmp.c4
-rw-r--r--net/mac80211/mesh_pathtbl.c4
-rw-r--r--net/mac80211/mesh_plink.c42
-rw-r--r--net/mac80211/mlme.c284
-rw-r--r--net/mac80211/pm.c18
-rw-r--r--net/mac80211/rate.c2
-rw-r--r--net/mac80211/rate.h13
-rw-r--r--net/mac80211/rc80211_minstrel.c1
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c827
-rw-r--r--net/mac80211/rc80211_minstrel_ht.h130
-rw-r--r--net/mac80211/rc80211_minstrel_ht_debugfs.c118
-rw-r--r--net/mac80211/rx.c195
-rw-r--r--net/mac80211/scan.c20
-rw-r--r--net/mac80211/sta_info.c24
-rw-r--r--net/mac80211/sta_info.h113
-rw-r--r--net/mac80211/status.c6
-rw-r--r--net/mac80211/tkip.c8
-rw-r--r--net/mac80211/tkip.h2
-rw-r--r--net/mac80211/tx.c112
-rw-r--r--net/mac80211/util.c42
-rw-r--r--net/mac80211/wep.c29
-rw-r--r--net/mac80211/wep.h2
-rw-r--r--net/mac80211/work.c45
-rw-r--r--net/mac80211/wpa.c13
43 files changed, 2885 insertions, 1538 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index 8a91f6c0bb18..4d6f8653ec88 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -33,6 +33,13 @@ config MAC80211_RC_MINSTREL
33 ---help--- 33 ---help---
34 This option enables the 'minstrel' TX rate control algorithm 34 This option enables the 'minstrel' TX rate control algorithm
35 35
36config MAC80211_RC_MINSTREL_HT
37 bool "Minstrel 802.11n support" if EMBEDDED
38 depends on MAC80211_RC_MINSTREL
39 default y
40 ---help---
41 This option enables the 'minstrel_ht' TX rate control algorithm
42
36choice 43choice
37 prompt "Default rate control algorithm" 44 prompt "Default rate control algorithm"
38 depends on MAC80211_HAS_RC 45 depends on MAC80211_HAS_RC
@@ -62,6 +69,7 @@ endchoice
62 69
63config MAC80211_RC_DEFAULT 70config MAC80211_RC_DEFAULT
64 string 71 string
72 default "minstrel_ht" if MAC80211_RC_DEFAULT_MINSTREL && MAC80211_RC_MINSTREL_HT
65 default "minstrel" if MAC80211_RC_DEFAULT_MINSTREL 73 default "minstrel" if MAC80211_RC_DEFAULT_MINSTREL
66 default "pid" if MAC80211_RC_DEFAULT_PID 74 default "pid" if MAC80211_RC_DEFAULT_PID
67 default "" 75 default ""
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 84b48ba8a77e..fdb54e61d637 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -51,7 +51,11 @@ rc80211_pid-$(CONFIG_MAC80211_DEBUGFS) += rc80211_pid_debugfs.o
51rc80211_minstrel-y := rc80211_minstrel.o 51rc80211_minstrel-y := rc80211_minstrel.o
52rc80211_minstrel-$(CONFIG_MAC80211_DEBUGFS) += rc80211_minstrel_debugfs.o 52rc80211_minstrel-$(CONFIG_MAC80211_DEBUGFS) += rc80211_minstrel_debugfs.o
53 53
54rc80211_minstrel_ht-y := rc80211_minstrel_ht.o
55rc80211_minstrel_ht-$(CONFIG_MAC80211_DEBUGFS) += rc80211_minstrel_ht_debugfs.o
56
54mac80211-$(CONFIG_MAC80211_RC_PID) += $(rc80211_pid-y) 57mac80211-$(CONFIG_MAC80211_RC_PID) += $(rc80211_pid-y)
55mac80211-$(CONFIG_MAC80211_RC_MINSTREL) += $(rc80211_minstrel-y) 58mac80211-$(CONFIG_MAC80211_RC_MINSTREL) += $(rc80211_minstrel-y)
59mac80211-$(CONFIG_MAC80211_RC_MINSTREL_HT) += $(rc80211_minstrel_ht-y)
56 60
57ccflags-y += -D__CHECK_ENDIAN__ 61ccflags-y += -D__CHECK_ENDIAN__
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 6bb9a9a94960..965b272499fd 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -6,39 +6,70 @@
6 * Copyright 2005-2006, Devicescape Software, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2007-2008, Intel Corporation 9 * Copyright 2007-2010, Intel Corporation
10 * 10 *
11 * This program is free software; you can redistribute it and/or modify 11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as 12 * it under the terms of the GNU General Public License version 2 as
13 * published by the Free Software Foundation. 13 * published by the Free Software Foundation.
14 */ 14 */
15 15
16/**
17 * DOC: RX A-MPDU aggregation
18 *
19 * Aggregation on the RX side requires only implementing the
20 * @ampdu_action callback that is invoked to start/stop any
21 * block-ack sessions for RX aggregation.
22 *
23 * When RX aggregation is started by the peer, the driver is
24 * notified via @ampdu_action function, with the
25 * %IEEE80211_AMPDU_RX_START action, and may reject the request
26 * in which case a negative response is sent to the peer, if it
27 * accepts it a positive response is sent.
28 *
29 * While the session is active, the device/driver are required
30 * to de-aggregate frames and pass them up one by one to mac80211,
31 * which will handle the reorder buffer.
32 *
33 * When the aggregation session is stopped again by the peer or
34 * ourselves, the driver's @ampdu_action function will be called
35 * with the action %IEEE80211_AMPDU_RX_STOP. In this case, the
36 * call must not fail.
37 */
38
16#include <linux/ieee80211.h> 39#include <linux/ieee80211.h>
17#include <linux/slab.h> 40#include <linux/slab.h>
18#include <net/mac80211.h> 41#include <net/mac80211.h>
19#include "ieee80211_i.h" 42#include "ieee80211_i.h"
20#include "driver-ops.h" 43#include "driver-ops.h"
21 44
22static void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 45static void ieee80211_free_tid_rx(struct rcu_head *h)
23 u16 initiator, u16 reason,
24 bool from_timer)
25{ 46{
26 struct ieee80211_local *local = sta->local; 47 struct tid_ampdu_rx *tid_rx =
27 struct tid_ampdu_rx *tid_rx; 48 container_of(h, struct tid_ampdu_rx, rcu_head);
28 int i; 49 int i;
29 50
30 spin_lock_bh(&sta->lock); 51 for (i = 0; i < tid_rx->buf_size; i++)
52 dev_kfree_skb(tid_rx->reorder_buf[i]);
53 kfree(tid_rx->reorder_buf);
54 kfree(tid_rx->reorder_time);
55 kfree(tid_rx);
56}
31 57
32 /* check if TID is in operational state */ 58void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
33 if (!sta->ampdu_mlme.tid_active_rx[tid]) { 59 u16 initiator, u16 reason)
34 spin_unlock_bh(&sta->lock); 60{
35 return; 61 struct ieee80211_local *local = sta->local;
36 } 62 struct tid_ampdu_rx *tid_rx;
37 63
38 sta->ampdu_mlme.tid_active_rx[tid] = false; 64 lockdep_assert_held(&sta->ampdu_mlme.mtx);
39 65
40 tid_rx = sta->ampdu_mlme.tid_rx[tid]; 66 tid_rx = sta->ampdu_mlme.tid_rx[tid];
41 67
68 if (!tid_rx)
69 return;
70
71 rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], NULL);
72
42#ifdef CONFIG_MAC80211_HT_DEBUG 73#ifdef CONFIG_MAC80211_HT_DEBUG
43 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n", 74 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n",
44 sta->sta.addr, tid); 75 sta->sta.addr, tid);
@@ -54,32 +85,17 @@ static void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
54 ieee80211_send_delba(sta->sdata, sta->sta.addr, 85 ieee80211_send_delba(sta->sdata, sta->sta.addr,
55 tid, 0, reason); 86 tid, 0, reason);
56 87
57 /* free the reordering buffer */ 88 del_timer_sync(&tid_rx->session_timer);
58 for (i = 0; i < tid_rx->buf_size; i++) {
59 if (tid_rx->reorder_buf[i]) {
60 /* release the reordered frames */
61 dev_kfree_skb(tid_rx->reorder_buf[i]);
62 tid_rx->stored_mpdu_num--;
63 tid_rx->reorder_buf[i] = NULL;
64 }
65 }
66
67 /* free resources */
68 kfree(tid_rx->reorder_buf);
69 kfree(tid_rx->reorder_time);
70 sta->ampdu_mlme.tid_rx[tid] = NULL;
71
72 spin_unlock_bh(&sta->lock);
73 89
74 if (!from_timer) 90 call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
75 del_timer_sync(&tid_rx->session_timer);
76 kfree(tid_rx);
77} 91}
78 92
79void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 93void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
80 u16 initiator, u16 reason) 94 u16 initiator, u16 reason)
81{ 95{
82 ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, false); 96 mutex_lock(&sta->ampdu_mlme.mtx);
97 ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason);
98 mutex_unlock(&sta->ampdu_mlme.mtx);
83} 99}
84 100
85/* 101/*
@@ -100,8 +116,8 @@ static void sta_rx_agg_session_timer_expired(unsigned long data)
100#ifdef CONFIG_MAC80211_HT_DEBUG 116#ifdef CONFIG_MAC80211_HT_DEBUG
101 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid); 117 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
102#endif 118#endif
103 ___ieee80211_stop_rx_ba_session(sta, *ptid, WLAN_BACK_RECIPIENT, 119 set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired);
104 WLAN_REASON_QSTA_TIMEOUT, true); 120 ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
105} 121}
106 122
107static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid, 123static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
@@ -212,9 +228,9 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
212 228
213 229
214 /* examine state machine */ 230 /* examine state machine */
215 spin_lock_bh(&sta->lock); 231 mutex_lock(&sta->ampdu_mlme.mtx);
216 232
217 if (sta->ampdu_mlme.tid_active_rx[tid]) { 233 if (sta->ampdu_mlme.tid_rx[tid]) {
218#ifdef CONFIG_MAC80211_HT_DEBUG 234#ifdef CONFIG_MAC80211_HT_DEBUG
219 if (net_ratelimit()) 235 if (net_ratelimit())
220 printk(KERN_DEBUG "unexpected AddBA Req from " 236 printk(KERN_DEBUG "unexpected AddBA Req from "
@@ -225,9 +241,8 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
225 } 241 }
226 242
227 /* prepare A-MPDU MLME for Rx aggregation */ 243 /* prepare A-MPDU MLME for Rx aggregation */
228 sta->ampdu_mlme.tid_rx[tid] = 244 tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC);
229 kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC); 245 if (!tid_agg_rx) {
230 if (!sta->ampdu_mlme.tid_rx[tid]) {
231#ifdef CONFIG_MAC80211_HT_DEBUG 246#ifdef CONFIG_MAC80211_HT_DEBUG
232 if (net_ratelimit()) 247 if (net_ratelimit())
233 printk(KERN_ERR "allocate rx mlme to tid %d failed\n", 248 printk(KERN_ERR "allocate rx mlme to tid %d failed\n",
@@ -235,14 +250,11 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
235#endif 250#endif
236 goto end; 251 goto end;
237 } 252 }
238 /* rx timer */
239 sta->ampdu_mlme.tid_rx[tid]->session_timer.function =
240 sta_rx_agg_session_timer_expired;
241 sta->ampdu_mlme.tid_rx[tid]->session_timer.data =
242 (unsigned long)&sta->timer_to_tid[tid];
243 init_timer(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
244 253
245 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid]; 254 /* rx timer */
255 tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
256 tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
257 init_timer(&tid_agg_rx->session_timer);
246 258
247 /* prepare reordering buffer */ 259 /* prepare reordering buffer */
248 tid_agg_rx->reorder_buf = 260 tid_agg_rx->reorder_buf =
@@ -257,8 +269,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
257#endif 269#endif
258 kfree(tid_agg_rx->reorder_buf); 270 kfree(tid_agg_rx->reorder_buf);
259 kfree(tid_agg_rx->reorder_time); 271 kfree(tid_agg_rx->reorder_time);
260 kfree(sta->ampdu_mlme.tid_rx[tid]); 272 kfree(tid_agg_rx);
261 sta->ampdu_mlme.tid_rx[tid] = NULL;
262 goto end; 273 goto end;
263 } 274 }
264 275
@@ -270,13 +281,12 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
270 281
271 if (ret) { 282 if (ret) {
272 kfree(tid_agg_rx->reorder_buf); 283 kfree(tid_agg_rx->reorder_buf);
284 kfree(tid_agg_rx->reorder_time);
273 kfree(tid_agg_rx); 285 kfree(tid_agg_rx);
274 sta->ampdu_mlme.tid_rx[tid] = NULL;
275 goto end; 286 goto end;
276 } 287 }
277 288
278 /* change state and send addba resp */ 289 /* update data */
279 sta->ampdu_mlme.tid_active_rx[tid] = true;
280 tid_agg_rx->dialog_token = dialog_token; 290 tid_agg_rx->dialog_token = dialog_token;
281 tid_agg_rx->ssn = start_seq_num; 291 tid_agg_rx->ssn = start_seq_num;
282 tid_agg_rx->head_seq_num = start_seq_num; 292 tid_agg_rx->head_seq_num = start_seq_num;
@@ -284,8 +294,15 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
284 tid_agg_rx->timeout = timeout; 294 tid_agg_rx->timeout = timeout;
285 tid_agg_rx->stored_mpdu_num = 0; 295 tid_agg_rx->stored_mpdu_num = 0;
286 status = WLAN_STATUS_SUCCESS; 296 status = WLAN_STATUS_SUCCESS;
297
298 /* activate it for RX */
299 rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
300
301 if (timeout)
302 mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));
303
287end: 304end:
288 spin_unlock_bh(&sta->lock); 305 mutex_unlock(&sta->ampdu_mlme.mtx);
289 306
290end_no_lock: 307end_no_lock:
291 ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid, 308 ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 98258b7341e3..c893f236acea 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -6,7 +6,7 @@
6 * Copyright 2005-2006, Devicescape Software, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2007-2009, Intel Corporation 9 * Copyright 2007-2010, Intel Corporation
10 * 10 *
11 * This program is free software; you can redistribute it and/or modify 11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as 12 * it under the terms of the GNU General Public License version 2 as
@@ -21,28 +21,39 @@
21#include "wme.h" 21#include "wme.h"
22 22
23/** 23/**
24 * DOC: TX aggregation 24 * DOC: TX A-MPDU aggregation
25 * 25 *
26 * Aggregation on the TX side requires setting the hardware flag 26 * Aggregation on the TX side requires setting the hardware flag
27 * %IEEE80211_HW_AMPDU_AGGREGATION as well as, if present, the @ampdu_queues 27 * %IEEE80211_HW_AMPDU_AGGREGATION. The driver will then be handed
28 * hardware parameter to the number of hardware AMPDU queues. If there are no 28 * packets with a flag indicating A-MPDU aggregation. The driver
29 * hardware queues then the driver will (currently) have to do all frame 29 * or device is responsible for actually aggregating the frames,
30 * buffering. 30 * as well as deciding how many and which to aggregate.
31 * 31 *
32 * When TX aggregation is started by some subsystem (usually the rate control 32 * When TX aggregation is started by some subsystem (usually the rate
33 * algorithm would be appropriate) by calling the 33 * control algorithm would be appropriate) by calling the
34 * ieee80211_start_tx_ba_session() function, the driver will be notified via 34 * ieee80211_start_tx_ba_session() function, the driver will be
35 * its @ampdu_action function, with the %IEEE80211_AMPDU_TX_START action. 35 * notified via its @ampdu_action function, with the
36 * %IEEE80211_AMPDU_TX_START action.
36 * 37 *
37 * In response to that, the driver is later required to call the 38 * In response to that, the driver is later required to call the
38 * ieee80211_start_tx_ba_cb() (or ieee80211_start_tx_ba_cb_irqsafe()) 39 * ieee80211_start_tx_ba_cb_irqsafe() function, which will really
39 * function, which will start the aggregation session. 40 * start the aggregation session after the peer has also responded.
41 * If the peer responds negatively, the session will be stopped
42 * again right away. Note that it is possible for the aggregation
43 * session to be stopped before the driver has indicated that it
44 * is done setting it up, in which case it must not indicate the
45 * setup completion.
40 * 46 *
41 * Similarly, when the aggregation session is stopped by 47 * Also note that, since we also need to wait for a response from
42 * ieee80211_stop_tx_ba_session(), the driver's @ampdu_action function will 48 * the peer, the driver is notified of the completion of the
43 * be called with the action %IEEE80211_AMPDU_TX_STOP. In this case, the 49 * handshake by the %IEEE80211_AMPDU_TX_OPERATIONAL action to the
44 * call must not fail, and the driver must later call ieee80211_stop_tx_ba_cb() 50 * @ampdu_action callback.
45 * (or ieee80211_stop_tx_ba_cb_irqsafe()). 51 *
52 * Similarly, when the aggregation session is stopped by the peer
53 * or something calling ieee80211_stop_tx_ba_session(), the driver's
54 * @ampdu_action function will be called with the action
55 * %IEEE80211_AMPDU_TX_STOP. In this case, the call must not fail,
56 * and the driver must later call ieee80211_stop_tx_ba_cb_irqsafe().
46 */ 57 */
47 58
48static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, 59static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
@@ -125,25 +136,53 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
125 ieee80211_tx_skb(sdata, skb); 136 ieee80211_tx_skb(sdata, skb);
126} 137}
127 138
139static void kfree_tid_tx(struct rcu_head *rcu_head)
140{
141 struct tid_ampdu_tx *tid_tx =
142 container_of(rcu_head, struct tid_ampdu_tx, rcu_head);
143
144 kfree(tid_tx);
145}
146
128int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 147int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
129 enum ieee80211_back_parties initiator) 148 enum ieee80211_back_parties initiator)
130{ 149{
131 struct ieee80211_local *local = sta->local; 150 struct ieee80211_local *local = sta->local;
151 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid];
132 int ret; 152 int ret;
133 u8 *state; 153
154 lockdep_assert_held(&sta->ampdu_mlme.mtx);
155
156 if (!tid_tx)
157 return -ENOENT;
158
159 spin_lock_bh(&sta->lock);
160
161 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
162 /* not even started yet! */
163 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL);
164 spin_unlock_bh(&sta->lock);
165 call_rcu(&tid_tx->rcu_head, kfree_tid_tx);
166 return 0;
167 }
168
169 spin_unlock_bh(&sta->lock);
134 170
135#ifdef CONFIG_MAC80211_HT_DEBUG 171#ifdef CONFIG_MAC80211_HT_DEBUG
136 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n", 172 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n",
137 sta->sta.addr, tid); 173 sta->sta.addr, tid);
138#endif /* CONFIG_MAC80211_HT_DEBUG */ 174#endif /* CONFIG_MAC80211_HT_DEBUG */
139 175
140 state = &sta->ampdu_mlme.tid_state_tx[tid]; 176 set_bit(HT_AGG_STATE_STOPPING, &tid_tx->state);
141 177
142 if (*state == HT_AGG_STATE_OPERATIONAL) 178 /*
143 sta->ampdu_mlme.addba_req_num[tid] = 0; 179 * After this packets are no longer handed right through
180 * to the driver but are put onto tid_tx->pending instead,
181 * with locking to ensure proper access.
182 */
183 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
144 184
145 *state = HT_AGG_STATE_REQ_STOP_BA_MSK | 185 tid_tx->stop_initiator = initiator;
146 (initiator << HT_AGG_STATE_INITIATOR_SHIFT);
147 186
148 ret = drv_ampdu_action(local, sta->sdata, 187 ret = drv_ampdu_action(local, sta->sdata,
149 IEEE80211_AMPDU_TX_STOP, 188 IEEE80211_AMPDU_TX_STOP,
@@ -174,16 +213,14 @@ static void sta_addba_resp_timer_expired(unsigned long data)
174 u16 tid = *(u8 *)data; 213 u16 tid = *(u8 *)data;
175 struct sta_info *sta = container_of((void *)data, 214 struct sta_info *sta = container_of((void *)data,
176 struct sta_info, timer_to_tid[tid]); 215 struct sta_info, timer_to_tid[tid]);
177 u8 *state; 216 struct tid_ampdu_tx *tid_tx;
178
179 state = &sta->ampdu_mlme.tid_state_tx[tid];
180 217
181 /* check if the TID waits for addBA response */ 218 /* check if the TID waits for addBA response */
182 spin_lock_bh(&sta->lock); 219 rcu_read_lock();
183 if ((*state & (HT_ADDBA_REQUESTED_MSK | HT_ADDBA_RECEIVED_MSK | 220 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
184 HT_AGG_STATE_REQ_STOP_BA_MSK)) != 221 if (!tid_tx ||
185 HT_ADDBA_REQUESTED_MSK) { 222 test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) {
186 spin_unlock_bh(&sta->lock); 223 rcu_read_unlock();
187#ifdef CONFIG_MAC80211_HT_DEBUG 224#ifdef CONFIG_MAC80211_HT_DEBUG
188 printk(KERN_DEBUG "timer expired on tid %d but we are not " 225 printk(KERN_DEBUG "timer expired on tid %d but we are not "
189 "(or no longer) expecting addBA response there\n", 226 "(or no longer) expecting addBA response there\n",
@@ -196,8 +233,8 @@ static void sta_addba_resp_timer_expired(unsigned long data)
196 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 233 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid);
197#endif 234#endif
198 235
199 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 236 ieee80211_stop_tx_ba_session(&sta->sta, tid);
200 spin_unlock_bh(&sta->lock); 237 rcu_read_unlock();
201} 238}
202 239
203static inline int ieee80211_ac_from_tid(int tid) 240static inline int ieee80211_ac_from_tid(int tid)
@@ -205,14 +242,112 @@ static inline int ieee80211_ac_from_tid(int tid)
205 return ieee802_1d_to_ac[tid & 7]; 242 return ieee802_1d_to_ac[tid & 7];
206} 243}
207 244
245/*
246 * When multiple aggregation sessions on multiple stations
247 * are being created/destroyed simultaneously, we need to
248 * refcount the global queue stop caused by that in order
249 * to not get into a situation where one of the aggregation
250 * setup or teardown re-enables queues before the other is
251 * ready to handle that.
252 *
253 * These two functions take care of this issue by keeping
254 * a global "agg_queue_stop" refcount.
255 */
256static void __acquires(agg_queue)
257ieee80211_stop_queue_agg(struct ieee80211_local *local, int tid)
258{
259 int queue = ieee80211_ac_from_tid(tid);
260
261 if (atomic_inc_return(&local->agg_queue_stop[queue]) == 1)
262 ieee80211_stop_queue_by_reason(
263 &local->hw, queue,
264 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
265 __acquire(agg_queue);
266}
267
268static void __releases(agg_queue)
269ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid)
270{
271 int queue = ieee80211_ac_from_tid(tid);
272
273 if (atomic_dec_return(&local->agg_queue_stop[queue]) == 0)
274 ieee80211_wake_queue_by_reason(
275 &local->hw, queue,
276 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
277 __release(agg_queue);
278}
279
280void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
281{
282 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid];
283 struct ieee80211_local *local = sta->local;
284 struct ieee80211_sub_if_data *sdata = sta->sdata;
285 u16 start_seq_num;
286 int ret;
287
288 lockdep_assert_held(&sta->ampdu_mlme.mtx);
289
290 /*
291 * While we're asking the driver about the aggregation,
292 * stop the AC queue so that we don't have to worry
293 * about frames that came in while we were doing that,
294 * which would require us to put them to the AC pending
295 * afterwards which just makes the code more complex.
296 */
297 ieee80211_stop_queue_agg(local, tid);
298
299 clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
300
301 /*
302 * make sure no packets are being processed to get
303 * valid starting sequence number
304 */
305 synchronize_net();
306
307 start_seq_num = sta->tid_seq[tid] >> 4;
308
309 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START,
310 &sta->sta, tid, &start_seq_num);
311 if (ret) {
312#ifdef CONFIG_MAC80211_HT_DEBUG
313 printk(KERN_DEBUG "BA request denied - HW unavailable for"
314 " tid %d\n", tid);
315#endif
316 spin_lock_bh(&sta->lock);
317 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL);
318 spin_unlock_bh(&sta->lock);
319
320 ieee80211_wake_queue_agg(local, tid);
321 call_rcu(&tid_tx->rcu_head, kfree_tid_tx);
322 return;
323 }
324
325 /* we can take packets again now */
326 ieee80211_wake_queue_agg(local, tid);
327
328 /* activate the timer for the recipient's addBA response */
329 mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL);
330#ifdef CONFIG_MAC80211_HT_DEBUG
331 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
332#endif
333
334 spin_lock_bh(&sta->lock);
335 sta->ampdu_mlme.addba_req_num[tid]++;
336 spin_unlock_bh(&sta->lock);
337
338 /* send AddBA request */
339 ieee80211_send_addba_request(sdata, sta->sta.addr, tid,
340 tid_tx->dialog_token, start_seq_num,
341 0x40, 5000);
342}
343
208int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 344int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
209{ 345{
210 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 346 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
211 struct ieee80211_sub_if_data *sdata = sta->sdata; 347 struct ieee80211_sub_if_data *sdata = sta->sdata;
212 struct ieee80211_local *local = sdata->local; 348 struct ieee80211_local *local = sdata->local;
213 u8 *state; 349 struct tid_ampdu_tx *tid_tx;
214 int ret = 0; 350 int ret = 0;
215 u16 start_seq_num;
216 351
217 trace_api_start_tx_ba_session(pubsta, tid); 352 trace_api_start_tx_ba_session(pubsta, tid);
218 353
@@ -239,24 +374,15 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
239 sdata->vif.type != NL80211_IFTYPE_AP) 374 sdata->vif.type != NL80211_IFTYPE_AP)
240 return -EINVAL; 375 return -EINVAL;
241 376
242 if (test_sta_flags(sta, WLAN_STA_DISASSOC)) {
243#ifdef CONFIG_MAC80211_HT_DEBUG
244 printk(KERN_DEBUG "Disassociation is in progress. "
245 "Denying BA session request\n");
246#endif
247 return -EINVAL;
248 }
249
250 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 377 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) {
251#ifdef CONFIG_MAC80211_HT_DEBUG 378#ifdef CONFIG_MAC80211_HT_DEBUG
252 printk(KERN_DEBUG "Suspend in progress. " 379 printk(KERN_DEBUG "BA sessions blocked. "
253 "Denying BA session request\n"); 380 "Denying BA session request\n");
254#endif 381#endif
255 return -EINVAL; 382 return -EINVAL;
256 } 383 }
257 384
258 spin_lock_bh(&sta->lock); 385 spin_lock_bh(&sta->lock);
259 spin_lock(&local->ampdu_lock);
260 386
261 /* we have tried too many times, receiver does not want A-MPDU */ 387 /* we have tried too many times, receiver does not want A-MPDU */
262 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 388 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
@@ -264,9 +390,9 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
264 goto err_unlock_sta; 390 goto err_unlock_sta;
265 } 391 }
266 392
267 state = &sta->ampdu_mlme.tid_state_tx[tid]; 393 tid_tx = sta->ampdu_mlme.tid_tx[tid];
268 /* check if the TID is not in aggregation flow already */ 394 /* check if the TID is not in aggregation flow already */
269 if (*state != HT_AGG_STATE_IDLE) { 395 if (tid_tx) {
270#ifdef CONFIG_MAC80211_HT_DEBUG 396#ifdef CONFIG_MAC80211_HT_DEBUG
271 printk(KERN_DEBUG "BA request denied - session is not " 397 printk(KERN_DEBUG "BA request denied - session is not "
272 "idle on tid %u\n", tid); 398 "idle on tid %u\n", tid);
@@ -275,96 +401,37 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
275 goto err_unlock_sta; 401 goto err_unlock_sta;
276 } 402 }
277 403
278 /*
279 * While we're asking the driver about the aggregation,
280 * stop the AC queue so that we don't have to worry
281 * about frames that came in while we were doing that,
282 * which would require us to put them to the AC pending
283 * afterwards which just makes the code more complex.
284 */
285 ieee80211_stop_queue_by_reason(
286 &local->hw, ieee80211_ac_from_tid(tid),
287 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
288
289 /* prepare A-MPDU MLME for Tx aggregation */ 404 /* prepare A-MPDU MLME for Tx aggregation */
290 sta->ampdu_mlme.tid_tx[tid] = 405 tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
291 kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 406 if (!tid_tx) {
292 if (!sta->ampdu_mlme.tid_tx[tid]) {
293#ifdef CONFIG_MAC80211_HT_DEBUG 407#ifdef CONFIG_MAC80211_HT_DEBUG
294 if (net_ratelimit()) 408 if (net_ratelimit())
295 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 409 printk(KERN_ERR "allocate tx mlme to tid %d failed\n",
296 tid); 410 tid);
297#endif 411#endif
298 ret = -ENOMEM; 412 ret = -ENOMEM;
299 goto err_wake_queue; 413 goto err_unlock_sta;
300 } 414 }
301 415
302 skb_queue_head_init(&sta->ampdu_mlme.tid_tx[tid]->pending); 416 skb_queue_head_init(&tid_tx->pending);
417 __set_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
303 418
304 /* Tx timer */ 419 /* Tx timer */
305 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function = 420 tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired;
306 sta_addba_resp_timer_expired; 421 tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid];
307 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.data = 422 init_timer(&tid_tx->addba_resp_timer);
308 (unsigned long)&sta->timer_to_tid[tid];
309 init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
310
311 /* Ok, the Addba frame hasn't been sent yet, but if the driver calls the
312 * call back right away, it must see that the flow has begun */
313 *state |= HT_ADDBA_REQUESTED_MSK;
314
315 start_seq_num = sta->tid_seq[tid] >> 4;
316
317 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START,
318 pubsta, tid, &start_seq_num);
319 423
320 if (ret) { 424 /* assign a dialog token */
321#ifdef CONFIG_MAC80211_HT_DEBUG
322 printk(KERN_DEBUG "BA request denied - HW unavailable for"
323 " tid %d\n", tid);
324#endif /* CONFIG_MAC80211_HT_DEBUG */
325 *state = HT_AGG_STATE_IDLE;
326 goto err_free;
327 }
328
329 /* Driver vetoed or OKed, but we can take packets again now */
330 ieee80211_wake_queue_by_reason(
331 &local->hw, ieee80211_ac_from_tid(tid),
332 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
333
334 spin_unlock(&local->ampdu_lock);
335
336 /* prepare tid data */
337 sta->ampdu_mlme.dialog_token_allocator++; 425 sta->ampdu_mlme.dialog_token_allocator++;
338 sta->ampdu_mlme.tid_tx[tid]->dialog_token = 426 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator;
339 sta->ampdu_mlme.dialog_token_allocator;
340 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
341 427
342 spin_unlock_bh(&sta->lock); 428 /* finally, assign it to the array */
429 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx);
343 430
344 /* send AddBA request */ 431 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
345 ieee80211_send_addba_request(sdata, pubsta->addr, tid, 432
346 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 433 /* this flow continues off the work */
347 sta->ampdu_mlme.tid_tx[tid]->ssn,
348 0x40, 5000);
349 sta->ampdu_mlme.addba_req_num[tid]++;
350 /* activate the timer for the recipient's addBA response */
351 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires =
352 jiffies + ADDBA_RESP_INTERVAL;
353 add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
354#ifdef CONFIG_MAC80211_HT_DEBUG
355 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid);
356#endif
357 return 0;
358
359 err_free:
360 kfree(sta->ampdu_mlme.tid_tx[tid]);
361 sta->ampdu_mlme.tid_tx[tid] = NULL;
362 err_wake_queue:
363 ieee80211_wake_queue_by_reason(
364 &local->hw, ieee80211_ac_from_tid(tid),
365 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
366 err_unlock_sta: 434 err_unlock_sta:
367 spin_unlock(&local->ampdu_lock);
368 spin_unlock_bh(&sta->lock); 435 spin_unlock_bh(&sta->lock);
369 return ret; 436 return ret;
370} 437}
@@ -372,69 +439,65 @@ EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
372 439
373/* 440/*
374 * splice packets from the STA's pending to the local pending, 441 * splice packets from the STA's pending to the local pending,
375 * requires a call to ieee80211_agg_splice_finish and holding 442 * requires a call to ieee80211_agg_splice_finish later
376 * local->ampdu_lock across both calls.
377 */ 443 */
378static void ieee80211_agg_splice_packets(struct ieee80211_local *local, 444static void __acquires(agg_queue)
379 struct sta_info *sta, u16 tid) 445ieee80211_agg_splice_packets(struct ieee80211_local *local,
446 struct tid_ampdu_tx *tid_tx, u16 tid)
380{ 447{
448 int queue = ieee80211_ac_from_tid(tid);
381 unsigned long flags; 449 unsigned long flags;
382 u16 queue = ieee80211_ac_from_tid(tid);
383
384 ieee80211_stop_queue_by_reason(
385 &local->hw, queue,
386 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
387 450
388 if (!(sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK)) 451 ieee80211_stop_queue_agg(local, tid);
389 return;
390 452
391 if (WARN(!sta->ampdu_mlme.tid_tx[tid], 453 if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates"
392 "TID %d gone but expected when splicing aggregates from" 454 " from the pending queue\n", tid))
393 "the pending queue\n", tid))
394 return; 455 return;
395 456
396 if (!skb_queue_empty(&sta->ampdu_mlme.tid_tx[tid]->pending)) { 457 if (!skb_queue_empty(&tid_tx->pending)) {
397 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 458 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
398 /* copy over remaining packets */ 459 /* copy over remaining packets */
399 skb_queue_splice_tail_init( 460 skb_queue_splice_tail_init(&tid_tx->pending,
400 &sta->ampdu_mlme.tid_tx[tid]->pending, 461 &local->pending[queue]);
401 &local->pending[queue]);
402 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 462 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
403 } 463 }
404} 464}
405 465
406static void ieee80211_agg_splice_finish(struct ieee80211_local *local, 466static void __releases(agg_queue)
407 struct sta_info *sta, u16 tid) 467ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid)
408{ 468{
409 u16 queue = ieee80211_ac_from_tid(tid); 469 ieee80211_wake_queue_agg(local, tid);
410
411 ieee80211_wake_queue_by_reason(
412 &local->hw, queue,
413 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
414} 470}
415 471
416/* caller must hold sta->lock */
417static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 472static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
418 struct sta_info *sta, u16 tid) 473 struct sta_info *sta, u16 tid)
419{ 474{
475 lockdep_assert_held(&sta->ampdu_mlme.mtx);
476
420#ifdef CONFIG_MAC80211_HT_DEBUG 477#ifdef CONFIG_MAC80211_HT_DEBUG
421 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid); 478 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid);
422#endif 479#endif
423 480
424 spin_lock(&local->ampdu_lock);
425 ieee80211_agg_splice_packets(local, sta, tid);
426 /*
427 * NB: we rely on sta->lock being taken in the TX
428 * processing here when adding to the pending queue,
429 * otherwise we could only change the state of the
430 * session to OPERATIONAL _here_.
431 */
432 ieee80211_agg_splice_finish(local, sta, tid);
433 spin_unlock(&local->ampdu_lock);
434
435 drv_ampdu_action(local, sta->sdata, 481 drv_ampdu_action(local, sta->sdata,
436 IEEE80211_AMPDU_TX_OPERATIONAL, 482 IEEE80211_AMPDU_TX_OPERATIONAL,
437 &sta->sta, tid, NULL); 483 &sta->sta, tid, NULL);
484
485 /*
486 * synchronize with TX path, while splicing the TX path
487 * should block so it won't put more packets onto pending.
488 */
489 spin_lock_bh(&sta->lock);
490
491 ieee80211_agg_splice_packets(local, sta->ampdu_mlme.tid_tx[tid], tid);
492 /*
493 * Now mark as operational. This will be visible
494 * in the TX path, and lets it go lock-free in
495 * the common case.
496 */
497 set_bit(HT_AGG_STATE_OPERATIONAL, &sta->ampdu_mlme.tid_tx[tid]->state);
498 ieee80211_agg_splice_finish(local, tid);
499
500 spin_unlock_bh(&sta->lock);
438} 501}
439 502
440void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid) 503void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
@@ -442,7 +505,7 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
442 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 505 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
443 struct ieee80211_local *local = sdata->local; 506 struct ieee80211_local *local = sdata->local;
444 struct sta_info *sta; 507 struct sta_info *sta;
445 u8 *state; 508 struct tid_ampdu_tx *tid_tx;
446 509
447 trace_api_start_tx_ba_cb(sdata, ra, tid); 510 trace_api_start_tx_ba_cb(sdata, ra, tid);
448 511
@@ -454,42 +517,36 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
454 return; 517 return;
455 } 518 }
456 519
457 rcu_read_lock(); 520 mutex_lock(&local->sta_mtx);
458 sta = sta_info_get(sdata, ra); 521 sta = sta_info_get(sdata, ra);
459 if (!sta) { 522 if (!sta) {
460 rcu_read_unlock(); 523 mutex_unlock(&local->sta_mtx);
461#ifdef CONFIG_MAC80211_HT_DEBUG 524#ifdef CONFIG_MAC80211_HT_DEBUG
462 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 525 printk(KERN_DEBUG "Could not find station: %pM\n", ra);
463#endif 526#endif
464 return; 527 return;
465 } 528 }
466 529
467 state = &sta->ampdu_mlme.tid_state_tx[tid]; 530 mutex_lock(&sta->ampdu_mlme.mtx);
468 spin_lock_bh(&sta->lock); 531 tid_tx = sta->ampdu_mlme.tid_tx[tid];
469 532
470 if (WARN_ON(!(*state & HT_ADDBA_REQUESTED_MSK))) { 533 if (WARN_ON(!tid_tx)) {
471#ifdef CONFIG_MAC80211_HT_DEBUG 534#ifdef CONFIG_MAC80211_HT_DEBUG
472 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n", 535 printk(KERN_DEBUG "addBA was not requested!\n");
473 *state);
474#endif 536#endif
475 spin_unlock_bh(&sta->lock); 537 goto unlock;
476 rcu_read_unlock();
477 return;
478 } 538 }
479 539
480 if (WARN_ON(*state & HT_ADDBA_DRV_READY_MSK)) 540 if (WARN_ON(test_and_set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)))
481 goto out; 541 goto unlock;
482
483 *state |= HT_ADDBA_DRV_READY_MSK;
484 542
485 if (*state == HT_AGG_STATE_OPERATIONAL) 543 if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state))
486 ieee80211_agg_tx_operational(local, sta, tid); 544 ieee80211_agg_tx_operational(local, sta, tid);
487 545
488 out: 546 unlock:
489 spin_unlock_bh(&sta->lock); 547 mutex_unlock(&sta->ampdu_mlme.mtx);
490 rcu_read_unlock(); 548 mutex_unlock(&local->sta_mtx);
491} 549}
492EXPORT_SYMBOL(ieee80211_start_tx_ba_cb);
493 550
494void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 551void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
495 const u8 *ra, u16 tid) 552 const u8 *ra, u16 tid)
@@ -510,44 +567,36 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
510 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 567 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
511 memcpy(&ra_tid->ra, ra, ETH_ALEN); 568 memcpy(&ra_tid->ra, ra, ETH_ALEN);
512 ra_tid->tid = tid; 569 ra_tid->tid = tid;
513 ra_tid->vif = vif;
514 570
515 skb->pkt_type = IEEE80211_ADDBA_MSG; 571 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_START;
516 skb_queue_tail(&local->skb_queue, skb); 572 skb_queue_tail(&sdata->skb_queue, skb);
517 tasklet_schedule(&local->tasklet); 573 ieee80211_queue_work(&local->hw, &sdata->work);
518} 574}
519EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 575EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);
520 576
521int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 577int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
522 enum ieee80211_back_parties initiator) 578 enum ieee80211_back_parties initiator)
523{ 579{
524 u8 *state;
525 int ret; 580 int ret;
526 581
527 /* check if the TID is in aggregation */ 582 mutex_lock(&sta->ampdu_mlme.mtx);
528 state = &sta->ampdu_mlme.tid_state_tx[tid];
529 spin_lock_bh(&sta->lock);
530
531 if (*state != HT_AGG_STATE_OPERATIONAL) {
532 ret = -ENOENT;
533 goto unlock;
534 }
535 583
536 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 584 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator);
537 585
538 unlock: 586 mutex_unlock(&sta->ampdu_mlme.mtx);
539 spin_unlock_bh(&sta->lock); 587
540 return ret; 588 return ret;
541} 589}
542 590
543int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, 591int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
544 enum ieee80211_back_parties initiator)
545{ 592{
546 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 593 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
547 struct ieee80211_sub_if_data *sdata = sta->sdata; 594 struct ieee80211_sub_if_data *sdata = sta->sdata;
548 struct ieee80211_local *local = sdata->local; 595 struct ieee80211_local *local = sdata->local;
596 struct tid_ampdu_tx *tid_tx;
597 int ret = 0;
549 598
550 trace_api_stop_tx_ba_session(pubsta, tid, initiator); 599 trace_api_stop_tx_ba_session(pubsta, tid);
551 600
552 if (!local->ops->ampdu_action) 601 if (!local->ops->ampdu_action)
553 return -EINVAL; 602 return -EINVAL;
@@ -555,7 +604,26 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
555 if (tid >= STA_TID_NUM) 604 if (tid >= STA_TID_NUM)
556 return -EINVAL; 605 return -EINVAL;
557 606
558 return __ieee80211_stop_tx_ba_session(sta, tid, initiator); 607 spin_lock_bh(&sta->lock);
608 tid_tx = sta->ampdu_mlme.tid_tx[tid];
609
610 if (!tid_tx) {
611 ret = -ENOENT;
612 goto unlock;
613 }
614
615 if (test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
616 /* already in progress stopping it */
617 ret = 0;
618 goto unlock;
619 }
620
621 set_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state);
622 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
623
624 unlock:
625 spin_unlock_bh(&sta->lock);
626 return ret;
559} 627}
560EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 628EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
561 629
@@ -564,7 +632,7 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
564 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 632 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
565 struct ieee80211_local *local = sdata->local; 633 struct ieee80211_local *local = sdata->local;
566 struct sta_info *sta; 634 struct sta_info *sta;
567 u8 *state; 635 struct tid_ampdu_tx *tid_tx;
568 636
569 trace_api_stop_tx_ba_cb(sdata, ra, tid); 637 trace_api_stop_tx_ba_cb(sdata, ra, tid);
570 638
@@ -581,51 +649,56 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
581 ra, tid); 649 ra, tid);
582#endif /* CONFIG_MAC80211_HT_DEBUG */ 650#endif /* CONFIG_MAC80211_HT_DEBUG */
583 651
584 rcu_read_lock(); 652 mutex_lock(&local->sta_mtx);
653
585 sta = sta_info_get(sdata, ra); 654 sta = sta_info_get(sdata, ra);
586 if (!sta) { 655 if (!sta) {
587#ifdef CONFIG_MAC80211_HT_DEBUG 656#ifdef CONFIG_MAC80211_HT_DEBUG
588 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 657 printk(KERN_DEBUG "Could not find station: %pM\n", ra);
589#endif 658#endif
590 rcu_read_unlock(); 659 goto unlock;
591 return;
592 } 660 }
593 state = &sta->ampdu_mlme.tid_state_tx[tid];
594 661
595 /* NOTE: no need to use sta->lock in this state check, as 662 mutex_lock(&sta->ampdu_mlme.mtx);
596 * ieee80211_stop_tx_ba_session will let only one stop call to 663 spin_lock_bh(&sta->lock);
597 * pass through per sta/tid 664 tid_tx = sta->ampdu_mlme.tid_tx[tid];
598 */ 665
599 if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) { 666 if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
600#ifdef CONFIG_MAC80211_HT_DEBUG 667#ifdef CONFIG_MAC80211_HT_DEBUG
601 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 668 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n");
602#endif 669#endif
603 rcu_read_unlock(); 670 goto unlock_sta;
604 return;
605 } 671 }
606 672
607 if (*state & HT_AGG_STATE_INITIATOR_MSK) 673 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR)
608 ieee80211_send_delba(sta->sdata, ra, tid, 674 ieee80211_send_delba(sta->sdata, ra, tid,
609 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 675 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);
610 676
611 spin_lock_bh(&sta->lock); 677 /*
612 spin_lock(&local->ampdu_lock); 678 * When we get here, the TX path will not be lockless any more wrt.
679 * aggregation, since the OPERATIONAL bit has long been cleared.
680 * Thus it will block on getting the lock, if it occurs. So if we
681 * stop the queue now, we will not get any more packets, and any
682 * that might be being processed will wait for us here, thereby
683 * guaranteeing that no packets go to the tid_tx pending queue any
684 * more.
685 */
613 686
614 ieee80211_agg_splice_packets(local, sta, tid); 687 ieee80211_agg_splice_packets(local, tid_tx, tid);
615 688
616 *state = HT_AGG_STATE_IDLE; 689 /* future packets must not find the tid_tx struct any more */
617 /* from now on packets are no longer put onto sta->pending */ 690 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL);
618 kfree(sta->ampdu_mlme.tid_tx[tid]);
619 sta->ampdu_mlme.tid_tx[tid] = NULL;
620 691
621 ieee80211_agg_splice_finish(local, sta, tid); 692 ieee80211_agg_splice_finish(local, tid);
622 693
623 spin_unlock(&local->ampdu_lock); 694 call_rcu(&tid_tx->rcu_head, kfree_tid_tx);
624 spin_unlock_bh(&sta->lock);
625 695
626 rcu_read_unlock(); 696 unlock_sta:
697 spin_unlock_bh(&sta->lock);
698 mutex_unlock(&sta->ampdu_mlme.mtx);
699 unlock:
700 mutex_unlock(&local->sta_mtx);
627} 701}
628EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb);
629 702
630void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 703void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
631 const u8 *ra, u16 tid) 704 const u8 *ra, u16 tid)
@@ -646,11 +719,10 @@ void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
646 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 719 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
647 memcpy(&ra_tid->ra, ra, ETH_ALEN); 720 memcpy(&ra_tid->ra, ra, ETH_ALEN);
648 ra_tid->tid = tid; 721 ra_tid->tid = tid;
649 ra_tid->vif = vif;
650 722
651 skb->pkt_type = IEEE80211_DELBA_MSG; 723 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_STOP;
652 skb_queue_tail(&local->skb_queue, skb); 724 skb_queue_tail(&sdata->skb_queue, skb);
653 tasklet_schedule(&local->tasklet); 725 ieee80211_queue_work(&local->hw, &sdata->work);
654} 726}
655EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe); 727EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe);
656 728
@@ -660,40 +732,40 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
660 struct ieee80211_mgmt *mgmt, 732 struct ieee80211_mgmt *mgmt,
661 size_t len) 733 size_t len)
662{ 734{
735 struct tid_ampdu_tx *tid_tx;
663 u16 capab, tid; 736 u16 capab, tid;
664 u8 *state;
665 737
666 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 738 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
667 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 739 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
668 740
669 state = &sta->ampdu_mlme.tid_state_tx[tid]; 741 mutex_lock(&sta->ampdu_mlme.mtx);
670
671 spin_lock_bh(&sta->lock);
672 742
673 if (!(*state & HT_ADDBA_REQUESTED_MSK)) 743 tid_tx = sta->ampdu_mlme.tid_tx[tid];
744 if (!tid_tx)
674 goto out; 745 goto out;
675 746
676 if (mgmt->u.action.u.addba_resp.dialog_token != 747 if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) {
677 sta->ampdu_mlme.tid_tx[tid]->dialog_token) {
678#ifdef CONFIG_MAC80211_HT_DEBUG 748#ifdef CONFIG_MAC80211_HT_DEBUG
679 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 749 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid);
680#endif /* CONFIG_MAC80211_HT_DEBUG */ 750#endif
681 goto out; 751 goto out;
682 } 752 }
683 753
684 del_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 754 del_timer(&tid_tx->addba_resp_timer);
685 755
686#ifdef CONFIG_MAC80211_HT_DEBUG 756#ifdef CONFIG_MAC80211_HT_DEBUG
687 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid); 757 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid);
688#endif /* CONFIG_MAC80211_HT_DEBUG */ 758#endif
689 759
690 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 760 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
691 == WLAN_STATUS_SUCCESS) { 761 == WLAN_STATUS_SUCCESS) {
692 u8 curstate = *state; 762 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED,
693 763 &tid_tx->state)) {
694 *state |= HT_ADDBA_RECEIVED_MSK; 764 /* ignore duplicate response */
765 goto out;
766 }
695 767
696 if (*state != curstate && *state == HT_AGG_STATE_OPERATIONAL) 768 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))
697 ieee80211_agg_tx_operational(local, sta, tid); 769 ieee80211_agg_tx_operational(local, sta, tid);
698 770
699 sta->ampdu_mlme.addba_req_num[tid] = 0; 771 sta->ampdu_mlme.addba_req_num[tid] = 0;
@@ -702,5 +774,5 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
702 } 774 }
703 775
704 out: 776 out:
705 spin_unlock_bh(&sta->lock); 777 mutex_unlock(&sta->ampdu_mlme.mtx);
706} 778}
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 67ee34f57df7..29ac8e1a509e 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -120,6 +120,9 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
120 struct ieee80211_key *key; 120 struct ieee80211_key *key;
121 int err; 121 int err;
122 122
123 if (!netif_running(dev))
124 return -ENETDOWN;
125
123 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 126 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
124 127
125 switch (params->cipher) { 128 switch (params->cipher) {
@@ -140,17 +143,22 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
140 return -EINVAL; 143 return -EINVAL;
141 } 144 }
142 145
146 /* reject WEP and TKIP keys if WEP failed to initialize */
147 if ((alg == ALG_WEP || alg == ALG_TKIP) &&
148 IS_ERR(sdata->local->wep_tx_tfm))
149 return -EINVAL;
150
143 key = ieee80211_key_alloc(alg, key_idx, params->key_len, params->key, 151 key = ieee80211_key_alloc(alg, key_idx, params->key_len, params->key,
144 params->seq_len, params->seq); 152 params->seq_len, params->seq);
145 if (!key) 153 if (!key)
146 return -ENOMEM; 154 return -ENOMEM;
147 155
148 rcu_read_lock(); 156 mutex_lock(&sdata->local->sta_mtx);
149 157
150 if (mac_addr) { 158 if (mac_addr) {
151 sta = sta_info_get_bss(sdata, mac_addr); 159 sta = sta_info_get_bss(sdata, mac_addr);
152 if (!sta) { 160 if (!sta) {
153 ieee80211_key_free(key); 161 ieee80211_key_free(sdata->local, key);
154 err = -ENOENT; 162 err = -ENOENT;
155 goto out_unlock; 163 goto out_unlock;
156 } 164 }
@@ -160,7 +168,7 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
160 168
161 err = 0; 169 err = 0;
162 out_unlock: 170 out_unlock:
163 rcu_read_unlock(); 171 mutex_unlock(&sdata->local->sta_mtx);
164 172
165 return err; 173 return err;
166} 174}
@@ -174,7 +182,7 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
174 182
175 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 183 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
176 184
177 rcu_read_lock(); 185 mutex_lock(&sdata->local->sta_mtx);
178 186
179 if (mac_addr) { 187 if (mac_addr) {
180 ret = -ENOENT; 188 ret = -ENOENT;
@@ -184,7 +192,7 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
184 goto out_unlock; 192 goto out_unlock;
185 193
186 if (sta->key) { 194 if (sta->key) {
187 ieee80211_key_free(sta->key); 195 ieee80211_key_free(sdata->local, sta->key);
188 WARN_ON(sta->key); 196 WARN_ON(sta->key);
189 ret = 0; 197 ret = 0;
190 } 198 }
@@ -197,12 +205,12 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
197 goto out_unlock; 205 goto out_unlock;
198 } 206 }
199 207
200 ieee80211_key_free(sdata->keys[key_idx]); 208 ieee80211_key_free(sdata->local, sdata->keys[key_idx]);
201 WARN_ON(sdata->keys[key_idx]); 209 WARN_ON(sdata->keys[key_idx]);
202 210
203 ret = 0; 211 ret = 0;
204 out_unlock: 212 out_unlock:
205 rcu_read_unlock(); 213 mutex_unlock(&sdata->local->sta_mtx);
206 214
207 return ret; 215 return ret;
208} 216}
@@ -305,15 +313,10 @@ static int ieee80211_config_default_key(struct wiphy *wiphy,
305 struct net_device *dev, 313 struct net_device *dev,
306 u8 key_idx) 314 u8 key_idx)
307{ 315{
308 struct ieee80211_sub_if_data *sdata; 316 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
309
310 rcu_read_lock();
311 317
312 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
313 ieee80211_set_default_key(sdata, key_idx); 318 ieee80211_set_default_key(sdata, key_idx);
314 319
315 rcu_read_unlock();
316
317 return 0; 320 return 0;
318} 321}
319 322
@@ -321,15 +324,10 @@ static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
321 struct net_device *dev, 324 struct net_device *dev,
322 u8 key_idx) 325 u8 key_idx)
323{ 326{
324 struct ieee80211_sub_if_data *sdata; 327 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
325
326 rcu_read_lock();
327 328
328 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
329 ieee80211_set_default_mgmt_key(sdata, key_idx); 329 ieee80211_set_default_mgmt_key(sdata, key_idx);
330 330
331 rcu_read_unlock();
332
333 return 0; 331 return 0;
334} 332}
335 333
@@ -415,9 +413,6 @@ static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
415{ 413{
416 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 414 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
417 415
418 if (!local->ops->get_survey)
419 return -EOPNOTSUPP;
420
421 return drv_get_survey(local, idx, survey); 416 return drv_get_survey(local, idx, survey);
422} 417}
423 418
@@ -600,7 +595,7 @@ struct iapp_layer2_update {
600 u8 ssap; /* 0 */ 595 u8 ssap; /* 0 */
601 u8 control; 596 u8 control;
602 u8 xid_info[3]; 597 u8 xid_info[3];
603} __attribute__ ((packed)); 598} __packed;
604 599
605static void ieee80211_send_layer2_update(struct sta_info *sta) 600static void ieee80211_send_layer2_update(struct sta_info *sta)
606{ 601{
@@ -1154,10 +1149,6 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1154 return -EINVAL; 1149 return -EINVAL;
1155 } 1150 }
1156 1151
1157 /* enable WMM or activate new settings */
1158 local->hw.conf.flags |= IEEE80211_CONF_QOS;
1159 drv_config(local, IEEE80211_CONF_CHANGE_QOS);
1160
1161 return 0; 1152 return 0;
1162} 1153}
1163 1154
@@ -1331,28 +1322,28 @@ static int ieee80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1331} 1322}
1332 1323
1333static int ieee80211_set_tx_power(struct wiphy *wiphy, 1324static int ieee80211_set_tx_power(struct wiphy *wiphy,
1334 enum tx_power_setting type, int dbm) 1325 enum nl80211_tx_power_setting type, int mbm)
1335{ 1326{
1336 struct ieee80211_local *local = wiphy_priv(wiphy); 1327 struct ieee80211_local *local = wiphy_priv(wiphy);
1337 struct ieee80211_channel *chan = local->hw.conf.channel; 1328 struct ieee80211_channel *chan = local->hw.conf.channel;
1338 u32 changes = 0; 1329 u32 changes = 0;
1339 1330
1340 switch (type) { 1331 switch (type) {
1341 case TX_POWER_AUTOMATIC: 1332 case NL80211_TX_POWER_AUTOMATIC:
1342 local->user_power_level = -1; 1333 local->user_power_level = -1;
1343 break; 1334 break;
1344 case TX_POWER_LIMITED: 1335 case NL80211_TX_POWER_LIMITED:
1345 if (dbm < 0) 1336 if (mbm < 0 || (mbm % 100))
1346 return -EINVAL; 1337 return -EOPNOTSUPP;
1347 local->user_power_level = dbm; 1338 local->user_power_level = MBM_TO_DBM(mbm);
1348 break; 1339 break;
1349 case TX_POWER_FIXED: 1340 case NL80211_TX_POWER_FIXED:
1350 if (dbm < 0) 1341 if (mbm < 0 || (mbm % 100))
1351 return -EINVAL; 1342 return -EOPNOTSUPP;
1352 /* TODO: move to cfg80211 when it knows the channel */ 1343 /* TODO: move to cfg80211 when it knows the channel */
1353 if (dbm > chan->max_power) 1344 if (MBM_TO_DBM(mbm) > chan->max_power)
1354 return -EINVAL; 1345 return -EINVAL;
1355 local->user_power_level = dbm; 1346 local->user_power_level = MBM_TO_DBM(mbm);
1356 break; 1347 break;
1357 } 1348 }
1358 1349
@@ -1448,7 +1439,6 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1448{ 1439{
1449 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1440 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1450 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1441 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1451 struct ieee80211_conf *conf = &local->hw.conf;
1452 1442
1453 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1443 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1454 return -EOPNOTSUPP; 1444 return -EOPNOTSUPP;
@@ -1457,11 +1447,11 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1457 return -EOPNOTSUPP; 1447 return -EOPNOTSUPP;
1458 1448
1459 if (enabled == sdata->u.mgd.powersave && 1449 if (enabled == sdata->u.mgd.powersave &&
1460 timeout == conf->dynamic_ps_forced_timeout) 1450 timeout == local->dynamic_ps_forced_timeout)
1461 return 0; 1451 return 0;
1462 1452
1463 sdata->u.mgd.powersave = enabled; 1453 sdata->u.mgd.powersave = enabled;
1464 conf->dynamic_ps_forced_timeout = timeout; 1454 local->dynamic_ps_forced_timeout = timeout;
1465 1455
1466 /* no change, but if automatic follow powersave */ 1456 /* no change, but if automatic follow powersave */
1467 mutex_lock(&sdata->u.mgd.mtx); 1457 mutex_lock(&sdata->u.mgd.mtx);
@@ -1554,10 +1544,58 @@ static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
1554static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev, 1544static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev,
1555 struct ieee80211_channel *chan, 1545 struct ieee80211_channel *chan,
1556 enum nl80211_channel_type channel_type, 1546 enum nl80211_channel_type channel_type,
1547 bool channel_type_valid,
1557 const u8 *buf, size_t len, u64 *cookie) 1548 const u8 *buf, size_t len, u64 *cookie)
1558{ 1549{
1559 return ieee80211_mgd_action(IEEE80211_DEV_TO_SUB_IF(dev), chan, 1550 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1560 channel_type, buf, len, cookie); 1551 struct ieee80211_local *local = sdata->local;
1552 struct sk_buff *skb;
1553 struct sta_info *sta;
1554 const struct ieee80211_mgmt *mgmt = (void *)buf;
1555 u32 flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
1556 IEEE80211_TX_CTL_REQ_TX_STATUS;
1557
1558 /* Check that we are on the requested channel for transmission */
1559 if (chan != local->tmp_channel &&
1560 chan != local->oper_channel)
1561 return -EBUSY;
1562 if (channel_type_valid &&
1563 (channel_type != local->tmp_channel_type &&
1564 channel_type != local->_oper_channel_type))
1565 return -EBUSY;
1566
1567 switch (sdata->vif.type) {
1568 case NL80211_IFTYPE_ADHOC:
1569 if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC)
1570 break;
1571 rcu_read_lock();
1572 sta = sta_info_get(sdata, mgmt->da);
1573 rcu_read_unlock();
1574 if (!sta)
1575 return -ENOLINK;
1576 break;
1577 case NL80211_IFTYPE_STATION:
1578 if (!(sdata->u.mgd.flags & IEEE80211_STA_MFP_ENABLED))
1579 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1580 break;
1581 default:
1582 return -EOPNOTSUPP;
1583 }
1584
1585 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
1586 if (!skb)
1587 return -ENOMEM;
1588 skb_reserve(skb, local->hw.extra_tx_headroom);
1589
1590 memcpy(skb_put(skb, len), buf, len);
1591
1592 IEEE80211_SKB_CB(skb)->flags = flags;
1593
1594 skb->dev = sdata->dev;
1595 ieee80211_tx_skb(sdata, skb);
1596
1597 *cookie = (unsigned long) skb;
1598 return 0;
1561} 1599}
1562 1600
1563struct cfg80211_ops mac80211_config_ops = { 1601struct cfg80211_ops mac80211_config_ops = {
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index 637929b65ccc..a694c593ff6a 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -307,9 +307,6 @@ static const struct file_operations queues_ops = {
307 307
308/* statistics stuff */ 308/* statistics stuff */
309 309
310#define DEBUGFS_STATS_FILE(name, buflen, fmt, value...) \
311 DEBUGFS_READONLY_FILE(stats_ ##name, buflen, fmt, ##value)
312
313static ssize_t format_devstat_counter(struct ieee80211_local *local, 310static ssize_t format_devstat_counter(struct ieee80211_local *local,
314 char __user *userbuf, 311 char __user *userbuf,
315 size_t count, loff_t *ppos, 312 size_t count, loff_t *ppos,
@@ -351,75 +348,16 @@ static const struct file_operations stats_ ##name## _ops = { \
351 .open = mac80211_open_file_generic, \ 348 .open = mac80211_open_file_generic, \
352}; 349};
353 350
354#define DEBUGFS_STATS_ADD(name) \ 351#define DEBUGFS_STATS_ADD(name, field) \
352 debugfs_create_u32(#name, 0400, statsd, (u32 *) &field);
353#define DEBUGFS_DEVSTATS_ADD(name) \
355 debugfs_create_file(#name, 0400, statsd, local, &stats_ ##name## _ops); 354 debugfs_create_file(#name, 0400, statsd, local, &stats_ ##name## _ops);
356 355
357DEBUGFS_STATS_FILE(transmitted_fragment_count, 20, "%u",
358 local->dot11TransmittedFragmentCount);
359DEBUGFS_STATS_FILE(multicast_transmitted_frame_count, 20, "%u",
360 local->dot11MulticastTransmittedFrameCount);
361DEBUGFS_STATS_FILE(failed_count, 20, "%u",
362 local->dot11FailedCount);
363DEBUGFS_STATS_FILE(retry_count, 20, "%u",
364 local->dot11RetryCount);
365DEBUGFS_STATS_FILE(multiple_retry_count, 20, "%u",
366 local->dot11MultipleRetryCount);
367DEBUGFS_STATS_FILE(frame_duplicate_count, 20, "%u",
368 local->dot11FrameDuplicateCount);
369DEBUGFS_STATS_FILE(received_fragment_count, 20, "%u",
370 local->dot11ReceivedFragmentCount);
371DEBUGFS_STATS_FILE(multicast_received_frame_count, 20, "%u",
372 local->dot11MulticastReceivedFrameCount);
373DEBUGFS_STATS_FILE(transmitted_frame_count, 20, "%u",
374 local->dot11TransmittedFrameCount);
375#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
376DEBUGFS_STATS_FILE(tx_handlers_drop, 20, "%u",
377 local->tx_handlers_drop);
378DEBUGFS_STATS_FILE(tx_handlers_queued, 20, "%u",
379 local->tx_handlers_queued);
380DEBUGFS_STATS_FILE(tx_handlers_drop_unencrypted, 20, "%u",
381 local->tx_handlers_drop_unencrypted);
382DEBUGFS_STATS_FILE(tx_handlers_drop_fragment, 20, "%u",
383 local->tx_handlers_drop_fragment);
384DEBUGFS_STATS_FILE(tx_handlers_drop_wep, 20, "%u",
385 local->tx_handlers_drop_wep);
386DEBUGFS_STATS_FILE(tx_handlers_drop_not_assoc, 20, "%u",
387 local->tx_handlers_drop_not_assoc);
388DEBUGFS_STATS_FILE(tx_handlers_drop_unauth_port, 20, "%u",
389 local->tx_handlers_drop_unauth_port);
390DEBUGFS_STATS_FILE(rx_handlers_drop, 20, "%u",
391 local->rx_handlers_drop);
392DEBUGFS_STATS_FILE(rx_handlers_queued, 20, "%u",
393 local->rx_handlers_queued);
394DEBUGFS_STATS_FILE(rx_handlers_drop_nullfunc, 20, "%u",
395 local->rx_handlers_drop_nullfunc);
396DEBUGFS_STATS_FILE(rx_handlers_drop_defrag, 20, "%u",
397 local->rx_handlers_drop_defrag);
398DEBUGFS_STATS_FILE(rx_handlers_drop_short, 20, "%u",
399 local->rx_handlers_drop_short);
400DEBUGFS_STATS_FILE(rx_handlers_drop_passive_scan, 20, "%u",
401 local->rx_handlers_drop_passive_scan);
402DEBUGFS_STATS_FILE(tx_expand_skb_head, 20, "%u",
403 local->tx_expand_skb_head);
404DEBUGFS_STATS_FILE(tx_expand_skb_head_cloned, 20, "%u",
405 local->tx_expand_skb_head_cloned);
406DEBUGFS_STATS_FILE(rx_expand_skb_head, 20, "%u",
407 local->rx_expand_skb_head);
408DEBUGFS_STATS_FILE(rx_expand_skb_head2, 20, "%u",
409 local->rx_expand_skb_head2);
410DEBUGFS_STATS_FILE(rx_handlers_fragments, 20, "%u",
411 local->rx_handlers_fragments);
412DEBUGFS_STATS_FILE(tx_status_drop, 20, "%u",
413 local->tx_status_drop);
414
415#endif
416
417DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount); 356DEBUGFS_DEVSTATS_FILE(dot11ACKFailureCount);
418DEBUGFS_DEVSTATS_FILE(dot11RTSFailureCount); 357DEBUGFS_DEVSTATS_FILE(dot11RTSFailureCount);
419DEBUGFS_DEVSTATS_FILE(dot11FCSErrorCount); 358DEBUGFS_DEVSTATS_FILE(dot11FCSErrorCount);
420DEBUGFS_DEVSTATS_FILE(dot11RTSSuccessCount); 359DEBUGFS_DEVSTATS_FILE(dot11RTSSuccessCount);
421 360
422
423void debugfs_hw_add(struct ieee80211_local *local) 361void debugfs_hw_add(struct ieee80211_local *local)
424{ 362{
425 struct dentry *phyd = local->hw.wiphy->debugfsdir; 363 struct dentry *phyd = local->hw.wiphy->debugfsdir;
@@ -448,38 +386,60 @@ void debugfs_hw_add(struct ieee80211_local *local)
448 if (!statsd) 386 if (!statsd)
449 return; 387 return;
450 388
451 DEBUGFS_STATS_ADD(transmitted_fragment_count); 389 DEBUGFS_STATS_ADD(transmitted_fragment_count,
452 DEBUGFS_STATS_ADD(multicast_transmitted_frame_count); 390 local->dot11TransmittedFragmentCount);
453 DEBUGFS_STATS_ADD(failed_count); 391 DEBUGFS_STATS_ADD(multicast_transmitted_frame_count,
454 DEBUGFS_STATS_ADD(retry_count); 392 local->dot11MulticastTransmittedFrameCount);
455 DEBUGFS_STATS_ADD(multiple_retry_count); 393 DEBUGFS_STATS_ADD(failed_count, local->dot11FailedCount);
456 DEBUGFS_STATS_ADD(frame_duplicate_count); 394 DEBUGFS_STATS_ADD(retry_count, local->dot11RetryCount);
457 DEBUGFS_STATS_ADD(received_fragment_count); 395 DEBUGFS_STATS_ADD(multiple_retry_count,
458 DEBUGFS_STATS_ADD(multicast_received_frame_count); 396 local->dot11MultipleRetryCount);
459 DEBUGFS_STATS_ADD(transmitted_frame_count); 397 DEBUGFS_STATS_ADD(frame_duplicate_count,
398 local->dot11FrameDuplicateCount);
399 DEBUGFS_STATS_ADD(received_fragment_count,
400 local->dot11ReceivedFragmentCount);
401 DEBUGFS_STATS_ADD(multicast_received_frame_count,
402 local->dot11MulticastReceivedFrameCount);
403 DEBUGFS_STATS_ADD(transmitted_frame_count,
404 local->dot11TransmittedFrameCount);
460#ifdef CONFIG_MAC80211_DEBUG_COUNTERS 405#ifdef CONFIG_MAC80211_DEBUG_COUNTERS
461 DEBUGFS_STATS_ADD(tx_handlers_drop); 406 DEBUGFS_STATS_ADD(tx_handlers_drop, local->tx_handlers_drop);
462 DEBUGFS_STATS_ADD(tx_handlers_queued); 407 DEBUGFS_STATS_ADD(tx_handlers_queued, local->tx_handlers_queued);
463 DEBUGFS_STATS_ADD(tx_handlers_drop_unencrypted); 408 DEBUGFS_STATS_ADD(tx_handlers_drop_unencrypted,
464 DEBUGFS_STATS_ADD(tx_handlers_drop_fragment); 409 local->tx_handlers_drop_unencrypted);
465 DEBUGFS_STATS_ADD(tx_handlers_drop_wep); 410 DEBUGFS_STATS_ADD(tx_handlers_drop_fragment,
466 DEBUGFS_STATS_ADD(tx_handlers_drop_not_assoc); 411 local->tx_handlers_drop_fragment);
467 DEBUGFS_STATS_ADD(tx_handlers_drop_unauth_port); 412 DEBUGFS_STATS_ADD(tx_handlers_drop_wep,
468 DEBUGFS_STATS_ADD(rx_handlers_drop); 413 local->tx_handlers_drop_wep);
469 DEBUGFS_STATS_ADD(rx_handlers_queued); 414 DEBUGFS_STATS_ADD(tx_handlers_drop_not_assoc,
470 DEBUGFS_STATS_ADD(rx_handlers_drop_nullfunc); 415 local->tx_handlers_drop_not_assoc);
471 DEBUGFS_STATS_ADD(rx_handlers_drop_defrag); 416 DEBUGFS_STATS_ADD(tx_handlers_drop_unauth_port,
472 DEBUGFS_STATS_ADD(rx_handlers_drop_short); 417 local->tx_handlers_drop_unauth_port);
473 DEBUGFS_STATS_ADD(rx_handlers_drop_passive_scan); 418 DEBUGFS_STATS_ADD(rx_handlers_drop, local->rx_handlers_drop);
474 DEBUGFS_STATS_ADD(tx_expand_skb_head); 419 DEBUGFS_STATS_ADD(rx_handlers_queued, local->rx_handlers_queued);
475 DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned); 420 DEBUGFS_STATS_ADD(rx_handlers_drop_nullfunc,
476 DEBUGFS_STATS_ADD(rx_expand_skb_head); 421 local->rx_handlers_drop_nullfunc);
477 DEBUGFS_STATS_ADD(rx_expand_skb_head2); 422 DEBUGFS_STATS_ADD(rx_handlers_drop_defrag,
478 DEBUGFS_STATS_ADD(rx_handlers_fragments); 423 local->rx_handlers_drop_defrag);
479 DEBUGFS_STATS_ADD(tx_status_drop); 424 DEBUGFS_STATS_ADD(rx_handlers_drop_short,
425 local->rx_handlers_drop_short);
426 DEBUGFS_STATS_ADD(rx_handlers_drop_passive_scan,
427 local->rx_handlers_drop_passive_scan);
428 DEBUGFS_STATS_ADD(tx_expand_skb_head,
429 local->tx_expand_skb_head);
430 DEBUGFS_STATS_ADD(tx_expand_skb_head_cloned,
431 local->tx_expand_skb_head_cloned);
432 DEBUGFS_STATS_ADD(rx_expand_skb_head,
433 local->rx_expand_skb_head);
434 DEBUGFS_STATS_ADD(rx_expand_skb_head2,
435 local->rx_expand_skb_head2);
436 DEBUGFS_STATS_ADD(rx_handlers_fragments,
437 local->rx_handlers_fragments);
438 DEBUGFS_STATS_ADD(tx_status_drop,
439 local->tx_status_drop);
480#endif 440#endif
481 DEBUGFS_STATS_ADD(dot11ACKFailureCount); 441 DEBUGFS_DEVSTATS_ADD(dot11ACKFailureCount);
482 DEBUGFS_STATS_ADD(dot11RTSFailureCount); 442 DEBUGFS_DEVSTATS_ADD(dot11RTSFailureCount);
483 DEBUGFS_STATS_ADD(dot11FCSErrorCount); 443 DEBUGFS_DEVSTATS_ADD(dot11FCSErrorCount);
484 DEBUGFS_STATS_ADD(dot11RTSSuccessCount); 444 DEBUGFS_DEVSTATS_ADD(dot11RTSSuccessCount);
485} 445}
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c
index 97c9e46e859e..fa5e76e658ef 100644
--- a/net/mac80211/debugfs_key.c
+++ b/net/mac80211/debugfs_key.c
@@ -143,7 +143,7 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
143 len = p - buf; 143 len = p - buf;
144 break; 144 break;
145 case ALG_CCMP: 145 case ALG_CCMP:
146 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { 146 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++) {
147 rpn = key->u.ccmp.rx_pn[i]; 147 rpn = key->u.ccmp.rx_pn[i];
148 p += scnprintf(p, sizeof(buf)+buf-p, 148 p += scnprintf(p, sizeof(buf)+buf-p,
149 "%02x%02x%02x%02x%02x%02x\n", 149 "%02x%02x%02x%02x%02x%02x\n",
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index e763f1529ddb..76839d4dfaac 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -30,7 +30,6 @@ static ssize_t sta_ ##name## _read(struct file *file, \
30} 30}
31#define STA_READ_D(name, field) STA_READ(name, 20, field, "%d\n") 31#define STA_READ_D(name, field) STA_READ(name, 20, field, "%d\n")
32#define STA_READ_U(name, field) STA_READ(name, 20, field, "%u\n") 32#define STA_READ_U(name, field) STA_READ(name, 20, field, "%u\n")
33#define STA_READ_LU(name, field) STA_READ(name, 20, field, "%lu\n")
34#define STA_READ_S(name, field) STA_READ(name, 20, field, "%s\n") 33#define STA_READ_S(name, field) STA_READ(name, 20, field, "%s\n")
35 34
36#define STA_OPS(name) \ 35#define STA_OPS(name) \
@@ -52,19 +51,7 @@ static const struct file_operations sta_ ##name## _ops = { \
52 51
53STA_FILE(aid, sta.aid, D); 52STA_FILE(aid, sta.aid, D);
54STA_FILE(dev, sdata->name, S); 53STA_FILE(dev, sdata->name, S);
55STA_FILE(rx_packets, rx_packets, LU);
56STA_FILE(tx_packets, tx_packets, LU);
57STA_FILE(rx_bytes, rx_bytes, LU);
58STA_FILE(tx_bytes, tx_bytes, LU);
59STA_FILE(rx_duplicates, num_duplicates, LU);
60STA_FILE(rx_fragments, rx_fragments, LU);
61STA_FILE(rx_dropped, rx_dropped, LU);
62STA_FILE(tx_fragments, tx_fragments, LU);
63STA_FILE(tx_filtered, tx_filtered_count, LU);
64STA_FILE(tx_retry_failed, tx_retry_failed, LU);
65STA_FILE(tx_retry_count, tx_retry_count, LU);
66STA_FILE(last_signal, last_signal, D); 54STA_FILE(last_signal, last_signal, D);
67STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU);
68 55
69static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 56static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
70 size_t count, loff_t *ppos) 57 size_t count, loff_t *ppos)
@@ -134,28 +121,25 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
134 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", 121 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n",
135 sta->ampdu_mlme.dialog_token_allocator + 1); 122 sta->ampdu_mlme.dialog_token_allocator + 1);
136 p += scnprintf(p, sizeof(buf) + buf - p, 123 p += scnprintf(p, sizeof(buf) + buf - p,
137 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tSSN\tpending\n"); 124 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tpending\n");
138 for (i = 0; i < STA_TID_NUM; i++) { 125 for (i = 0; i < STA_TID_NUM; i++) {
139 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i); 126 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i);
140 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 127 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
141 sta->ampdu_mlme.tid_active_rx[i]); 128 !!sta->ampdu_mlme.tid_rx[i]);
142 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x", 129 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
143 sta->ampdu_mlme.tid_active_rx[i] ? 130 sta->ampdu_mlme.tid_rx[i] ?
144 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0); 131 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0);
145 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x", 132 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
146 sta->ampdu_mlme.tid_active_rx[i] ? 133 sta->ampdu_mlme.tid_rx[i] ?
147 sta->ampdu_mlme.tid_rx[i]->ssn : 0); 134 sta->ampdu_mlme.tid_rx[i]->ssn : 0);
148 135
149 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 136 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
150 sta->ampdu_mlme.tid_state_tx[i]); 137 !!sta->ampdu_mlme.tid_tx[i]);
151 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x", 138 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
152 sta->ampdu_mlme.tid_state_tx[i] ? 139 sta->ampdu_mlme.tid_tx[i] ?
153 sta->ampdu_mlme.tid_tx[i]->dialog_token : 0); 140 sta->ampdu_mlme.tid_tx[i]->dialog_token : 0);
154 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
155 sta->ampdu_mlme.tid_state_tx[i] ?
156 sta->ampdu_mlme.tid_tx[i]->ssn : 0);
157 p += scnprintf(p, sizeof(buf) + buf - p, "\t%03d", 141 p += scnprintf(p, sizeof(buf) + buf - p, "\t%03d",
158 sta->ampdu_mlme.tid_state_tx[i] ? 142 sta->ampdu_mlme.tid_tx[i] ?
159 skb_queue_len(&sta->ampdu_mlme.tid_tx[i]->pending) : 0); 143 skb_queue_len(&sta->ampdu_mlme.tid_tx[i]->pending) : 0);
160 p += scnprintf(p, sizeof(buf) + buf - p, "\n"); 144 p += scnprintf(p, sizeof(buf) + buf - p, "\n");
161 } 145 }
@@ -210,8 +194,7 @@ static ssize_t sta_agg_status_write(struct file *file, const char __user *userbu
210 if (start) 194 if (start)
211 ret = ieee80211_start_tx_ba_session(&sta->sta, tid); 195 ret = ieee80211_start_tx_ba_session(&sta->sta, tid);
212 else 196 else
213 ret = ieee80211_stop_tx_ba_session(&sta->sta, tid, 197 ret = ieee80211_stop_tx_ba_session(&sta->sta, tid);
214 WLAN_BACK_RECIPIENT);
215 } else { 198 } else {
216 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 3); 199 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 3);
217 ret = 0; 200 ret = 0;
@@ -307,6 +290,13 @@ STA_OPS(ht_capa);
307 debugfs_create_file(#name, 0400, \ 290 debugfs_create_file(#name, 0400, \
308 sta->debugfs.dir, sta, &sta_ ##name## _ops); 291 sta->debugfs.dir, sta, &sta_ ##name## _ops);
309 292
293#define DEBUGFS_ADD_COUNTER(name, field) \
294 if (sizeof(sta->field) == sizeof(u32)) \
295 debugfs_create_u32(#name, 0400, sta->debugfs.dir, \
296 (u32 *) &sta->field); \
297 else \
298 debugfs_create_u64(#name, 0400, sta->debugfs.dir, \
299 (u64 *) &sta->field);
310 300
311void ieee80211_sta_debugfs_add(struct sta_info *sta) 301void ieee80211_sta_debugfs_add(struct sta_info *sta)
312{ 302{
@@ -339,20 +329,21 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
339 DEBUGFS_ADD(last_seq_ctrl); 329 DEBUGFS_ADD(last_seq_ctrl);
340 DEBUGFS_ADD(agg_status); 330 DEBUGFS_ADD(agg_status);
341 DEBUGFS_ADD(dev); 331 DEBUGFS_ADD(dev);
342 DEBUGFS_ADD(rx_packets);
343 DEBUGFS_ADD(tx_packets);
344 DEBUGFS_ADD(rx_bytes);
345 DEBUGFS_ADD(tx_bytes);
346 DEBUGFS_ADD(rx_duplicates);
347 DEBUGFS_ADD(rx_fragments);
348 DEBUGFS_ADD(rx_dropped);
349 DEBUGFS_ADD(tx_fragments);
350 DEBUGFS_ADD(tx_filtered);
351 DEBUGFS_ADD(tx_retry_failed);
352 DEBUGFS_ADD(tx_retry_count);
353 DEBUGFS_ADD(last_signal); 332 DEBUGFS_ADD(last_signal);
354 DEBUGFS_ADD(wep_weak_iv_count);
355 DEBUGFS_ADD(ht_capa); 333 DEBUGFS_ADD(ht_capa);
334
335 DEBUGFS_ADD_COUNTER(rx_packets, rx_packets);
336 DEBUGFS_ADD_COUNTER(tx_packets, tx_packets);
337 DEBUGFS_ADD_COUNTER(rx_bytes, rx_bytes);
338 DEBUGFS_ADD_COUNTER(tx_bytes, tx_bytes);
339 DEBUGFS_ADD_COUNTER(rx_duplicates, num_duplicates);
340 DEBUGFS_ADD_COUNTER(rx_fragments, rx_fragments);
341 DEBUGFS_ADD_COUNTER(rx_dropped, rx_dropped);
342 DEBUGFS_ADD_COUNTER(tx_fragments, tx_fragments);
343 DEBUGFS_ADD_COUNTER(tx_filtered, tx_filtered_count);
344 DEBUGFS_ADD_COUNTER(tx_retry_failed, tx_retry_failed);
345 DEBUGFS_ADD_COUNTER(tx_retry_count, tx_retry_count);
346 DEBUGFS_ADD_COUNTER(wep_weak_iv_count, wep_weak_iv_count);
356} 347}
357 348
358void ieee80211_sta_debugfs_remove(struct sta_info *sta) 349void ieee80211_sta_debugfs_remove(struct sta_info *sta)
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 9c1da0809160..14123dce544b 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -16,10 +16,11 @@ static inline int drv_start(struct ieee80211_local *local)
16 16
17 might_sleep(); 17 might_sleep();
18 18
19 trace_drv_start(local);
19 local->started = true; 20 local->started = true;
20 smp_mb(); 21 smp_mb();
21 ret = local->ops->start(&local->hw); 22 ret = local->ops->start(&local->hw);
22 trace_drv_start(local, ret); 23 trace_drv_return_int(local, ret);
23 return ret; 24 return ret;
24} 25}
25 26
@@ -27,8 +28,9 @@ static inline void drv_stop(struct ieee80211_local *local)
27{ 28{
28 might_sleep(); 29 might_sleep();
29 30
30 local->ops->stop(&local->hw);
31 trace_drv_stop(local); 31 trace_drv_stop(local);
32 local->ops->stop(&local->hw);
33 trace_drv_return_void(local);
32 34
33 /* sync away all work on the tasklet before clearing started */ 35 /* sync away all work on the tasklet before clearing started */
34 tasklet_disable(&local->tasklet); 36 tasklet_disable(&local->tasklet);
@@ -46,8 +48,9 @@ static inline int drv_add_interface(struct ieee80211_local *local,
46 48
47 might_sleep(); 49 might_sleep();
48 50
51 trace_drv_add_interface(local, vif_to_sdata(vif));
49 ret = local->ops->add_interface(&local->hw, vif); 52 ret = local->ops->add_interface(&local->hw, vif);
50 trace_drv_add_interface(local, vif_to_sdata(vif), ret); 53 trace_drv_return_int(local, ret);
51 return ret; 54 return ret;
52} 55}
53 56
@@ -56,8 +59,9 @@ static inline void drv_remove_interface(struct ieee80211_local *local,
56{ 59{
57 might_sleep(); 60 might_sleep();
58 61
59 local->ops->remove_interface(&local->hw, vif);
60 trace_drv_remove_interface(local, vif_to_sdata(vif)); 62 trace_drv_remove_interface(local, vif_to_sdata(vif));
63 local->ops->remove_interface(&local->hw, vif);
64 trace_drv_return_void(local);
61} 65}
62 66
63static inline int drv_config(struct ieee80211_local *local, u32 changed) 67static inline int drv_config(struct ieee80211_local *local, u32 changed)
@@ -66,8 +70,9 @@ static inline int drv_config(struct ieee80211_local *local, u32 changed)
66 70
67 might_sleep(); 71 might_sleep();
68 72
73 trace_drv_config(local, changed);
69 ret = local->ops->config(&local->hw, changed); 74 ret = local->ops->config(&local->hw, changed);
70 trace_drv_config(local, changed, ret); 75 trace_drv_return_int(local, ret);
71 return ret; 76 return ret;
72} 77}
73 78
@@ -78,9 +83,10 @@ static inline void drv_bss_info_changed(struct ieee80211_local *local,
78{ 83{
79 might_sleep(); 84 might_sleep();
80 85
86 trace_drv_bss_info_changed(local, sdata, info, changed);
81 if (local->ops->bss_info_changed) 87 if (local->ops->bss_info_changed)
82 local->ops->bss_info_changed(&local->hw, &sdata->vif, info, changed); 88 local->ops->bss_info_changed(&local->hw, &sdata->vif, info, changed);
83 trace_drv_bss_info_changed(local, sdata, info, changed); 89 trace_drv_return_void(local);
84} 90}
85 91
86static inline u64 drv_prepare_multicast(struct ieee80211_local *local, 92static inline u64 drv_prepare_multicast(struct ieee80211_local *local,
@@ -88,10 +94,12 @@ static inline u64 drv_prepare_multicast(struct ieee80211_local *local,
88{ 94{
89 u64 ret = 0; 95 u64 ret = 0;
90 96
97 trace_drv_prepare_multicast(local, mc_list->count);
98
91 if (local->ops->prepare_multicast) 99 if (local->ops->prepare_multicast)
92 ret = local->ops->prepare_multicast(&local->hw, mc_list); 100 ret = local->ops->prepare_multicast(&local->hw, mc_list);
93 101
94 trace_drv_prepare_multicast(local, mc_list->count, ret); 102 trace_drv_return_u64(local, ret);
95 103
96 return ret; 104 return ret;
97} 105}
@@ -103,19 +111,21 @@ static inline void drv_configure_filter(struct ieee80211_local *local,
103{ 111{
104 might_sleep(); 112 might_sleep();
105 113
106 local->ops->configure_filter(&local->hw, changed_flags, total_flags,
107 multicast);
108 trace_drv_configure_filter(local, changed_flags, total_flags, 114 trace_drv_configure_filter(local, changed_flags, total_flags,
109 multicast); 115 multicast);
116 local->ops->configure_filter(&local->hw, changed_flags, total_flags,
117 multicast);
118 trace_drv_return_void(local);
110} 119}
111 120
112static inline int drv_set_tim(struct ieee80211_local *local, 121static inline int drv_set_tim(struct ieee80211_local *local,
113 struct ieee80211_sta *sta, bool set) 122 struct ieee80211_sta *sta, bool set)
114{ 123{
115 int ret = 0; 124 int ret = 0;
125 trace_drv_set_tim(local, sta, set);
116 if (local->ops->set_tim) 126 if (local->ops->set_tim)
117 ret = local->ops->set_tim(&local->hw, sta, set); 127 ret = local->ops->set_tim(&local->hw, sta, set);
118 trace_drv_set_tim(local, sta, set, ret); 128 trace_drv_return_int(local, ret);
119 return ret; 129 return ret;
120} 130}
121 131
@@ -129,8 +139,9 @@ static inline int drv_set_key(struct ieee80211_local *local,
129 139
130 might_sleep(); 140 might_sleep();
131 141
142 trace_drv_set_key(local, cmd, sdata, sta, key);
132 ret = local->ops->set_key(&local->hw, cmd, &sdata->vif, sta, key); 143 ret = local->ops->set_key(&local->hw, cmd, &sdata->vif, sta, key);
133 trace_drv_set_key(local, cmd, sdata, sta, key, ret); 144 trace_drv_return_int(local, ret);
134 return ret; 145 return ret;
135} 146}
136 147
@@ -145,10 +156,11 @@ static inline void drv_update_tkip_key(struct ieee80211_local *local,
145 if (sta) 156 if (sta)
146 ista = &sta->sta; 157 ista = &sta->sta;
147 158
159 trace_drv_update_tkip_key(local, sdata, conf, ista, iv32);
148 if (local->ops->update_tkip_key) 160 if (local->ops->update_tkip_key)
149 local->ops->update_tkip_key(&local->hw, &sdata->vif, conf, 161 local->ops->update_tkip_key(&local->hw, &sdata->vif, conf,
150 ista, iv32, phase1key); 162 ista, iv32, phase1key);
151 trace_drv_update_tkip_key(local, sdata, conf, ista, iv32); 163 trace_drv_return_void(local);
152} 164}
153 165
154static inline int drv_hw_scan(struct ieee80211_local *local, 166static inline int drv_hw_scan(struct ieee80211_local *local,
@@ -159,8 +171,9 @@ static inline int drv_hw_scan(struct ieee80211_local *local,
159 171
160 might_sleep(); 172 might_sleep();
161 173
174 trace_drv_hw_scan(local, sdata, req);
162 ret = local->ops->hw_scan(&local->hw, &sdata->vif, req); 175 ret = local->ops->hw_scan(&local->hw, &sdata->vif, req);
163 trace_drv_hw_scan(local, sdata, req, ret); 176 trace_drv_return_int(local, ret);
164 return ret; 177 return ret;
165} 178}
166 179
@@ -168,18 +181,20 @@ static inline void drv_sw_scan_start(struct ieee80211_local *local)
168{ 181{
169 might_sleep(); 182 might_sleep();
170 183
184 trace_drv_sw_scan_start(local);
171 if (local->ops->sw_scan_start) 185 if (local->ops->sw_scan_start)
172 local->ops->sw_scan_start(&local->hw); 186 local->ops->sw_scan_start(&local->hw);
173 trace_drv_sw_scan_start(local); 187 trace_drv_return_void(local);
174} 188}
175 189
176static inline void drv_sw_scan_complete(struct ieee80211_local *local) 190static inline void drv_sw_scan_complete(struct ieee80211_local *local)
177{ 191{
178 might_sleep(); 192 might_sleep();
179 193
194 trace_drv_sw_scan_complete(local);
180 if (local->ops->sw_scan_complete) 195 if (local->ops->sw_scan_complete)
181 local->ops->sw_scan_complete(&local->hw); 196 local->ops->sw_scan_complete(&local->hw);
182 trace_drv_sw_scan_complete(local); 197 trace_drv_return_void(local);
183} 198}
184 199
185static inline int drv_get_stats(struct ieee80211_local *local, 200static inline int drv_get_stats(struct ieee80211_local *local,
@@ -211,9 +226,10 @@ static inline int drv_set_rts_threshold(struct ieee80211_local *local,
211 226
212 might_sleep(); 227 might_sleep();
213 228
229 trace_drv_set_rts_threshold(local, value);
214 if (local->ops->set_rts_threshold) 230 if (local->ops->set_rts_threshold)
215 ret = local->ops->set_rts_threshold(&local->hw, value); 231 ret = local->ops->set_rts_threshold(&local->hw, value);
216 trace_drv_set_rts_threshold(local, value, ret); 232 trace_drv_return_int(local, ret);
217 return ret; 233 return ret;
218} 234}
219 235
@@ -223,12 +239,13 @@ static inline int drv_set_coverage_class(struct ieee80211_local *local,
223 int ret = 0; 239 int ret = 0;
224 might_sleep(); 240 might_sleep();
225 241
242 trace_drv_set_coverage_class(local, value);
226 if (local->ops->set_coverage_class) 243 if (local->ops->set_coverage_class)
227 local->ops->set_coverage_class(&local->hw, value); 244 local->ops->set_coverage_class(&local->hw, value);
228 else 245 else
229 ret = -EOPNOTSUPP; 246 ret = -EOPNOTSUPP;
230 247
231 trace_drv_set_coverage_class(local, value, ret); 248 trace_drv_return_int(local, ret);
232 return ret; 249 return ret;
233} 250}
234 251
@@ -237,9 +254,10 @@ static inline void drv_sta_notify(struct ieee80211_local *local,
237 enum sta_notify_cmd cmd, 254 enum sta_notify_cmd cmd,
238 struct ieee80211_sta *sta) 255 struct ieee80211_sta *sta)
239{ 256{
257 trace_drv_sta_notify(local, sdata, cmd, sta);
240 if (local->ops->sta_notify) 258 if (local->ops->sta_notify)
241 local->ops->sta_notify(&local->hw, &sdata->vif, cmd, sta); 259 local->ops->sta_notify(&local->hw, &sdata->vif, cmd, sta);
242 trace_drv_sta_notify(local, sdata, cmd, sta); 260 trace_drv_return_void(local);
243} 261}
244 262
245static inline int drv_sta_add(struct ieee80211_local *local, 263static inline int drv_sta_add(struct ieee80211_local *local,
@@ -250,13 +268,11 @@ static inline int drv_sta_add(struct ieee80211_local *local,
250 268
251 might_sleep(); 269 might_sleep();
252 270
271 trace_drv_sta_add(local, sdata, sta);
253 if (local->ops->sta_add) 272 if (local->ops->sta_add)
254 ret = local->ops->sta_add(&local->hw, &sdata->vif, sta); 273 ret = local->ops->sta_add(&local->hw, &sdata->vif, sta);
255 else if (local->ops->sta_notify)
256 local->ops->sta_notify(&local->hw, &sdata->vif,
257 STA_NOTIFY_ADD, sta);
258 274
259 trace_drv_sta_add(local, sdata, sta, ret); 275 trace_drv_return_int(local, ret);
260 276
261 return ret; 277 return ret;
262} 278}
@@ -267,13 +283,11 @@ static inline void drv_sta_remove(struct ieee80211_local *local,
267{ 283{
268 might_sleep(); 284 might_sleep();
269 285
286 trace_drv_sta_remove(local, sdata, sta);
270 if (local->ops->sta_remove) 287 if (local->ops->sta_remove)
271 local->ops->sta_remove(&local->hw, &sdata->vif, sta); 288 local->ops->sta_remove(&local->hw, &sdata->vif, sta);
272 else if (local->ops->sta_notify)
273 local->ops->sta_notify(&local->hw, &sdata->vif,
274 STA_NOTIFY_REMOVE, sta);
275 289
276 trace_drv_sta_remove(local, sdata, sta); 290 trace_drv_return_void(local);
277} 291}
278 292
279static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue, 293static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue,
@@ -283,9 +297,10 @@ static inline int drv_conf_tx(struct ieee80211_local *local, u16 queue,
283 297
284 might_sleep(); 298 might_sleep();
285 299
300 trace_drv_conf_tx(local, queue, params);
286 if (local->ops->conf_tx) 301 if (local->ops->conf_tx)
287 ret = local->ops->conf_tx(&local->hw, queue, params); 302 ret = local->ops->conf_tx(&local->hw, queue, params);
288 trace_drv_conf_tx(local, queue, params, ret); 303 trace_drv_return_int(local, ret);
289 return ret; 304 return ret;
290} 305}
291 306
@@ -295,9 +310,10 @@ static inline u64 drv_get_tsf(struct ieee80211_local *local)
295 310
296 might_sleep(); 311 might_sleep();
297 312
313 trace_drv_get_tsf(local);
298 if (local->ops->get_tsf) 314 if (local->ops->get_tsf)
299 ret = local->ops->get_tsf(&local->hw); 315 ret = local->ops->get_tsf(&local->hw);
300 trace_drv_get_tsf(local, ret); 316 trace_drv_return_u64(local, ret);
301 return ret; 317 return ret;
302} 318}
303 319
@@ -305,18 +321,20 @@ static inline void drv_set_tsf(struct ieee80211_local *local, u64 tsf)
305{ 321{
306 might_sleep(); 322 might_sleep();
307 323
324 trace_drv_set_tsf(local, tsf);
308 if (local->ops->set_tsf) 325 if (local->ops->set_tsf)
309 local->ops->set_tsf(&local->hw, tsf); 326 local->ops->set_tsf(&local->hw, tsf);
310 trace_drv_set_tsf(local, tsf); 327 trace_drv_return_void(local);
311} 328}
312 329
313static inline void drv_reset_tsf(struct ieee80211_local *local) 330static inline void drv_reset_tsf(struct ieee80211_local *local)
314{ 331{
315 might_sleep(); 332 might_sleep();
316 333
334 trace_drv_reset_tsf(local);
317 if (local->ops->reset_tsf) 335 if (local->ops->reset_tsf)
318 local->ops->reset_tsf(&local->hw); 336 local->ops->reset_tsf(&local->hw);
319 trace_drv_reset_tsf(local); 337 trace_drv_return_void(local);
320} 338}
321 339
322static inline int drv_tx_last_beacon(struct ieee80211_local *local) 340static inline int drv_tx_last_beacon(struct ieee80211_local *local)
@@ -325,9 +343,10 @@ static inline int drv_tx_last_beacon(struct ieee80211_local *local)
325 343
326 might_sleep(); 344 might_sleep();
327 345
346 trace_drv_tx_last_beacon(local);
328 if (local->ops->tx_last_beacon) 347 if (local->ops->tx_last_beacon)
329 ret = local->ops->tx_last_beacon(&local->hw); 348 ret = local->ops->tx_last_beacon(&local->hw);
330 trace_drv_tx_last_beacon(local, ret); 349 trace_drv_return_int(local, ret);
331 return ret; 350 return ret;
332} 351}
333 352
@@ -338,10 +357,17 @@ static inline int drv_ampdu_action(struct ieee80211_local *local,
338 u16 *ssn) 357 u16 *ssn)
339{ 358{
340 int ret = -EOPNOTSUPP; 359 int ret = -EOPNOTSUPP;
360
361 might_sleep();
362
363 trace_drv_ampdu_action(local, sdata, action, sta, tid, ssn);
364
341 if (local->ops->ampdu_action) 365 if (local->ops->ampdu_action)
342 ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action, 366 ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action,
343 sta, tid, ssn); 367 sta, tid, ssn);
344 trace_drv_ampdu_action(local, sdata, action, sta, tid, ssn, ret); 368
369 trace_drv_return_int(local, ret);
370
345 return ret; 371 return ret;
346} 372}
347 373
@@ -349,9 +375,14 @@ static inline int drv_get_survey(struct ieee80211_local *local, int idx,
349 struct survey_info *survey) 375 struct survey_info *survey)
350{ 376{
351 int ret = -EOPNOTSUPP; 377 int ret = -EOPNOTSUPP;
378
379 trace_drv_get_survey(local, idx, survey);
380
352 if (local->ops->get_survey) 381 if (local->ops->get_survey)
353 ret = local->ops->get_survey(&local->hw, idx, survey); 382 ret = local->ops->get_survey(&local->hw, idx, survey);
354 /* trace_drv_get_survey(local, idx, survey, ret); */ 383
384 trace_drv_return_int(local, ret);
385
355 return ret; 386 return ret;
356} 387}
357 388
@@ -370,6 +401,7 @@ static inline void drv_flush(struct ieee80211_local *local, bool drop)
370 trace_drv_flush(local, drop); 401 trace_drv_flush(local, drop);
371 if (local->ops->flush) 402 if (local->ops->flush)
372 local->ops->flush(&local->hw, drop); 403 local->ops->flush(&local->hw, drop);
404 trace_drv_return_void(local);
373} 405}
374 406
375static inline void drv_channel_switch(struct ieee80211_local *local, 407static inline void drv_channel_switch(struct ieee80211_local *local,
@@ -377,9 +409,9 @@ static inline void drv_channel_switch(struct ieee80211_local *local,
377{ 409{
378 might_sleep(); 410 might_sleep();
379 411
380 local->ops->channel_switch(&local->hw, ch_switch);
381
382 trace_drv_channel_switch(local, ch_switch); 412 trace_drv_channel_switch(local, ch_switch);
413 local->ops->channel_switch(&local->hw, ch_switch);
414 trace_drv_return_void(local);
383} 415}
384 416
385#endif /* __MAC80211_DRIVER_OPS */ 417#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 6a9b2342a9c2..5d5d2a974668 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -36,20 +36,58 @@ static inline void trace_ ## name(proto) {}
36 * Tracing for driver callbacks. 36 * Tracing for driver callbacks.
37 */ 37 */
38 38
39TRACE_EVENT(drv_start, 39TRACE_EVENT(drv_return_void,
40 TP_PROTO(struct ieee80211_local *local, int ret), 40 TP_PROTO(struct ieee80211_local *local),
41 TP_ARGS(local),
42 TP_STRUCT__entry(
43 LOCAL_ENTRY
44 ),
45 TP_fast_assign(
46 LOCAL_ASSIGN;
47 ),
48 TP_printk(LOCAL_PR_FMT, LOCAL_PR_ARG)
49);
41 50
51TRACE_EVENT(drv_return_int,
52 TP_PROTO(struct ieee80211_local *local, int ret),
42 TP_ARGS(local, ret), 53 TP_ARGS(local, ret),
43
44 TP_STRUCT__entry( 54 TP_STRUCT__entry(
45 LOCAL_ENTRY 55 LOCAL_ENTRY
46 __field(int, ret) 56 __field(int, ret)
47 ), 57 ),
58 TP_fast_assign(
59 LOCAL_ASSIGN;
60 __entry->ret = ret;
61 ),
62 TP_printk(LOCAL_PR_FMT " - %d", LOCAL_PR_ARG, __entry->ret)
63);
48 64
65TRACE_EVENT(drv_return_u64,
66 TP_PROTO(struct ieee80211_local *local, u64 ret),
67 TP_ARGS(local, ret),
68 TP_STRUCT__entry(
69 LOCAL_ENTRY
70 __field(u64, ret)
71 ),
49 TP_fast_assign( 72 TP_fast_assign(
50 LOCAL_ASSIGN; 73 LOCAL_ASSIGN;
51 __entry->ret = ret; 74 __entry->ret = ret;
52 ), 75 ),
76 TP_printk(LOCAL_PR_FMT " - %llu", LOCAL_PR_ARG, __entry->ret)
77);
78
79TRACE_EVENT(drv_start,
80 TP_PROTO(struct ieee80211_local *local),
81
82 TP_ARGS(local),
83
84 TP_STRUCT__entry(
85 LOCAL_ENTRY
86 ),
87
88 TP_fast_assign(
89 LOCAL_ASSIGN;
90 ),
53 91
54 TP_printk( 92 TP_printk(
55 LOCAL_PR_FMT, LOCAL_PR_ARG 93 LOCAL_PR_FMT, LOCAL_PR_ARG
@@ -76,28 +114,25 @@ TRACE_EVENT(drv_stop,
76 114
77TRACE_EVENT(drv_add_interface, 115TRACE_EVENT(drv_add_interface,
78 TP_PROTO(struct ieee80211_local *local, 116 TP_PROTO(struct ieee80211_local *local,
79 struct ieee80211_sub_if_data *sdata, 117 struct ieee80211_sub_if_data *sdata),
80 int ret),
81 118
82 TP_ARGS(local, sdata, ret), 119 TP_ARGS(local, sdata),
83 120
84 TP_STRUCT__entry( 121 TP_STRUCT__entry(
85 LOCAL_ENTRY 122 LOCAL_ENTRY
86 VIF_ENTRY 123 VIF_ENTRY
87 __array(char, addr, 6) 124 __array(char, addr, 6)
88 __field(int, ret)
89 ), 125 ),
90 126
91 TP_fast_assign( 127 TP_fast_assign(
92 LOCAL_ASSIGN; 128 LOCAL_ASSIGN;
93 VIF_ASSIGN; 129 VIF_ASSIGN;
94 memcpy(__entry->addr, sdata->vif.addr, 6); 130 memcpy(__entry->addr, sdata->vif.addr, 6);
95 __entry->ret = ret;
96 ), 131 ),
97 132
98 TP_printk( 133 TP_printk(
99 LOCAL_PR_FMT VIF_PR_FMT " addr:%pM ret:%d", 134 LOCAL_PR_FMT VIF_PR_FMT " addr:%pM",
100 LOCAL_PR_ARG, VIF_PR_ARG, __entry->addr, __entry->ret 135 LOCAL_PR_ARG, VIF_PR_ARG, __entry->addr
101 ) 136 )
102); 137);
103 138
@@ -126,15 +161,13 @@ TRACE_EVENT(drv_remove_interface,
126 161
127TRACE_EVENT(drv_config, 162TRACE_EVENT(drv_config,
128 TP_PROTO(struct ieee80211_local *local, 163 TP_PROTO(struct ieee80211_local *local,
129 u32 changed, 164 u32 changed),
130 int ret),
131 165
132 TP_ARGS(local, changed, ret), 166 TP_ARGS(local, changed),
133 167
134 TP_STRUCT__entry( 168 TP_STRUCT__entry(
135 LOCAL_ENTRY 169 LOCAL_ENTRY
136 __field(u32, changed) 170 __field(u32, changed)
137 __field(int, ret)
138 __field(u32, flags) 171 __field(u32, flags)
139 __field(int, power_level) 172 __field(int, power_level)
140 __field(int, dynamic_ps_timeout) 173 __field(int, dynamic_ps_timeout)
@@ -150,7 +183,6 @@ TRACE_EVENT(drv_config,
150 TP_fast_assign( 183 TP_fast_assign(
151 LOCAL_ASSIGN; 184 LOCAL_ASSIGN;
152 __entry->changed = changed; 185 __entry->changed = changed;
153 __entry->ret = ret;
154 __entry->flags = local->hw.conf.flags; 186 __entry->flags = local->hw.conf.flags;
155 __entry->power_level = local->hw.conf.power_level; 187 __entry->power_level = local->hw.conf.power_level;
156 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout; 188 __entry->dynamic_ps_timeout = local->hw.conf.dynamic_ps_timeout;
@@ -164,8 +196,8 @@ TRACE_EVENT(drv_config,
164 ), 196 ),
165 197
166 TP_printk( 198 TP_printk(
167 LOCAL_PR_FMT " ch:%#x freq:%d ret:%d", 199 LOCAL_PR_FMT " ch:%#x freq:%d",
168 LOCAL_PR_ARG, __entry->changed, __entry->center_freq, __entry->ret 200 LOCAL_PR_ARG, __entry->changed, __entry->center_freq
169 ) 201 )
170); 202);
171 203
@@ -220,26 +252,23 @@ TRACE_EVENT(drv_bss_info_changed,
220); 252);
221 253
222TRACE_EVENT(drv_prepare_multicast, 254TRACE_EVENT(drv_prepare_multicast,
223 TP_PROTO(struct ieee80211_local *local, int mc_count, u64 ret), 255 TP_PROTO(struct ieee80211_local *local, int mc_count),
224 256
225 TP_ARGS(local, mc_count, ret), 257 TP_ARGS(local, mc_count),
226 258
227 TP_STRUCT__entry( 259 TP_STRUCT__entry(
228 LOCAL_ENTRY 260 LOCAL_ENTRY
229 __field(int, mc_count) 261 __field(int, mc_count)
230 __field(u64, ret)
231 ), 262 ),
232 263
233 TP_fast_assign( 264 TP_fast_assign(
234 LOCAL_ASSIGN; 265 LOCAL_ASSIGN;
235 __entry->mc_count = mc_count; 266 __entry->mc_count = mc_count;
236 __entry->ret = ret;
237 ), 267 ),
238 268
239 TP_printk( 269 TP_printk(
240 LOCAL_PR_FMT " prepare mc (%d): %llx", 270 LOCAL_PR_FMT " prepare mc (%d)",
241 LOCAL_PR_ARG, __entry->mc_count, 271 LOCAL_PR_ARG, __entry->mc_count
242 (unsigned long long) __entry->ret
243 ) 272 )
244); 273);
245 274
@@ -273,27 +302,25 @@ TRACE_EVENT(drv_configure_filter,
273 302
274TRACE_EVENT(drv_set_tim, 303TRACE_EVENT(drv_set_tim,
275 TP_PROTO(struct ieee80211_local *local, 304 TP_PROTO(struct ieee80211_local *local,
276 struct ieee80211_sta *sta, bool set, int ret), 305 struct ieee80211_sta *sta, bool set),
277 306
278 TP_ARGS(local, sta, set, ret), 307 TP_ARGS(local, sta, set),
279 308
280 TP_STRUCT__entry( 309 TP_STRUCT__entry(
281 LOCAL_ENTRY 310 LOCAL_ENTRY
282 STA_ENTRY 311 STA_ENTRY
283 __field(bool, set) 312 __field(bool, set)
284 __field(int, ret)
285 ), 313 ),
286 314
287 TP_fast_assign( 315 TP_fast_assign(
288 LOCAL_ASSIGN; 316 LOCAL_ASSIGN;
289 STA_ASSIGN; 317 STA_ASSIGN;
290 __entry->set = set; 318 __entry->set = set;
291 __entry->ret = ret;
292 ), 319 ),
293 320
294 TP_printk( 321 TP_printk(
295 LOCAL_PR_FMT STA_PR_FMT " set:%d ret:%d", 322 LOCAL_PR_FMT STA_PR_FMT " set:%d",
296 LOCAL_PR_ARG, STA_PR_FMT, __entry->set, __entry->ret 323 LOCAL_PR_ARG, STA_PR_FMT, __entry->set
297 ) 324 )
298); 325);
299 326
@@ -301,9 +328,9 @@ TRACE_EVENT(drv_set_key,
301 TP_PROTO(struct ieee80211_local *local, 328 TP_PROTO(struct ieee80211_local *local,
302 enum set_key_cmd cmd, struct ieee80211_sub_if_data *sdata, 329 enum set_key_cmd cmd, struct ieee80211_sub_if_data *sdata,
303 struct ieee80211_sta *sta, 330 struct ieee80211_sta *sta,
304 struct ieee80211_key_conf *key, int ret), 331 struct ieee80211_key_conf *key),
305 332
306 TP_ARGS(local, cmd, sdata, sta, key, ret), 333 TP_ARGS(local, cmd, sdata, sta, key),
307 334
308 TP_STRUCT__entry( 335 TP_STRUCT__entry(
309 LOCAL_ENTRY 336 LOCAL_ENTRY
@@ -313,7 +340,6 @@ TRACE_EVENT(drv_set_key,
313 __field(u8, hw_key_idx) 340 __field(u8, hw_key_idx)
314 __field(u8, flags) 341 __field(u8, flags)
315 __field(s8, keyidx) 342 __field(s8, keyidx)
316 __field(int, ret)
317 ), 343 ),
318 344
319 TP_fast_assign( 345 TP_fast_assign(
@@ -324,12 +350,11 @@ TRACE_EVENT(drv_set_key,
324 __entry->flags = key->flags; 350 __entry->flags = key->flags;
325 __entry->keyidx = key->keyidx; 351 __entry->keyidx = key->keyidx;
326 __entry->hw_key_idx = key->hw_key_idx; 352 __entry->hw_key_idx = key->hw_key_idx;
327 __entry->ret = ret;
328 ), 353 ),
329 354
330 TP_printk( 355 TP_printk(
331 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " ret:%d", 356 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT,
332 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->ret 357 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG
333 ) 358 )
334); 359);
335 360
@@ -364,25 +389,23 @@ TRACE_EVENT(drv_update_tkip_key,
364TRACE_EVENT(drv_hw_scan, 389TRACE_EVENT(drv_hw_scan,
365 TP_PROTO(struct ieee80211_local *local, 390 TP_PROTO(struct ieee80211_local *local,
366 struct ieee80211_sub_if_data *sdata, 391 struct ieee80211_sub_if_data *sdata,
367 struct cfg80211_scan_request *req, int ret), 392 struct cfg80211_scan_request *req),
368 393
369 TP_ARGS(local, sdata, req, ret), 394 TP_ARGS(local, sdata, req),
370 395
371 TP_STRUCT__entry( 396 TP_STRUCT__entry(
372 LOCAL_ENTRY 397 LOCAL_ENTRY
373 VIF_ENTRY 398 VIF_ENTRY
374 __field(int, ret)
375 ), 399 ),
376 400
377 TP_fast_assign( 401 TP_fast_assign(
378 LOCAL_ASSIGN; 402 LOCAL_ASSIGN;
379 VIF_ASSIGN; 403 VIF_ASSIGN;
380 __entry->ret = ret;
381 ), 404 ),
382 405
383 TP_printk( 406 TP_printk(
384 LOCAL_PR_FMT VIF_PR_FMT " ret:%d", 407 LOCAL_PR_FMT VIF_PR_FMT,
385 LOCAL_PR_ARG,VIF_PR_ARG, __entry->ret 408 LOCAL_PR_ARG,VIF_PR_ARG
386 ) 409 )
387); 410);
388 411
@@ -479,48 +502,44 @@ TRACE_EVENT(drv_get_tkip_seq,
479); 502);
480 503
481TRACE_EVENT(drv_set_rts_threshold, 504TRACE_EVENT(drv_set_rts_threshold,
482 TP_PROTO(struct ieee80211_local *local, u32 value, int ret), 505 TP_PROTO(struct ieee80211_local *local, u32 value),
483 506
484 TP_ARGS(local, value, ret), 507 TP_ARGS(local, value),
485 508
486 TP_STRUCT__entry( 509 TP_STRUCT__entry(
487 LOCAL_ENTRY 510 LOCAL_ENTRY
488 __field(u32, value) 511 __field(u32, value)
489 __field(int, ret)
490 ), 512 ),
491 513
492 TP_fast_assign( 514 TP_fast_assign(
493 LOCAL_ASSIGN; 515 LOCAL_ASSIGN;
494 __entry->ret = ret;
495 __entry->value = value; 516 __entry->value = value;
496 ), 517 ),
497 518
498 TP_printk( 519 TP_printk(
499 LOCAL_PR_FMT " value:%d ret:%d", 520 LOCAL_PR_FMT " value:%d",
500 LOCAL_PR_ARG, __entry->value, __entry->ret 521 LOCAL_PR_ARG, __entry->value
501 ) 522 )
502); 523);
503 524
504TRACE_EVENT(drv_set_coverage_class, 525TRACE_EVENT(drv_set_coverage_class,
505 TP_PROTO(struct ieee80211_local *local, u8 value, int ret), 526 TP_PROTO(struct ieee80211_local *local, u8 value),
506 527
507 TP_ARGS(local, value, ret), 528 TP_ARGS(local, value),
508 529
509 TP_STRUCT__entry( 530 TP_STRUCT__entry(
510 LOCAL_ENTRY 531 LOCAL_ENTRY
511 __field(u8, value) 532 __field(u8, value)
512 __field(int, ret)
513 ), 533 ),
514 534
515 TP_fast_assign( 535 TP_fast_assign(
516 LOCAL_ASSIGN; 536 LOCAL_ASSIGN;
517 __entry->ret = ret;
518 __entry->value = value; 537 __entry->value = value;
519 ), 538 ),
520 539
521 TP_printk( 540 TP_printk(
522 LOCAL_PR_FMT " value:%d ret:%d", 541 LOCAL_PR_FMT " value:%d",
523 LOCAL_PR_ARG, __entry->value, __entry->ret 542 LOCAL_PR_ARG, __entry->value
524 ) 543 )
525); 544);
526 545
@@ -555,27 +574,25 @@ TRACE_EVENT(drv_sta_notify,
555TRACE_EVENT(drv_sta_add, 574TRACE_EVENT(drv_sta_add,
556 TP_PROTO(struct ieee80211_local *local, 575 TP_PROTO(struct ieee80211_local *local,
557 struct ieee80211_sub_if_data *sdata, 576 struct ieee80211_sub_if_data *sdata,
558 struct ieee80211_sta *sta, int ret), 577 struct ieee80211_sta *sta),
559 578
560 TP_ARGS(local, sdata, sta, ret), 579 TP_ARGS(local, sdata, sta),
561 580
562 TP_STRUCT__entry( 581 TP_STRUCT__entry(
563 LOCAL_ENTRY 582 LOCAL_ENTRY
564 VIF_ENTRY 583 VIF_ENTRY
565 STA_ENTRY 584 STA_ENTRY
566 __field(int, ret)
567 ), 585 ),
568 586
569 TP_fast_assign( 587 TP_fast_assign(
570 LOCAL_ASSIGN; 588 LOCAL_ASSIGN;
571 VIF_ASSIGN; 589 VIF_ASSIGN;
572 STA_ASSIGN; 590 STA_ASSIGN;
573 __entry->ret = ret;
574 ), 591 ),
575 592
576 TP_printk( 593 TP_printk(
577 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " ret:%d", 594 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT,
578 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->ret 595 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG
579 ) 596 )
580); 597);
581 598
@@ -606,10 +623,9 @@ TRACE_EVENT(drv_sta_remove,
606 623
607TRACE_EVENT(drv_conf_tx, 624TRACE_EVENT(drv_conf_tx,
608 TP_PROTO(struct ieee80211_local *local, u16 queue, 625 TP_PROTO(struct ieee80211_local *local, u16 queue,
609 const struct ieee80211_tx_queue_params *params, 626 const struct ieee80211_tx_queue_params *params),
610 int ret),
611 627
612 TP_ARGS(local, queue, params, ret), 628 TP_ARGS(local, queue, params),
613 629
614 TP_STRUCT__entry( 630 TP_STRUCT__entry(
615 LOCAL_ENTRY 631 LOCAL_ENTRY
@@ -618,13 +634,11 @@ TRACE_EVENT(drv_conf_tx,
618 __field(u16, cw_min) 634 __field(u16, cw_min)
619 __field(u16, cw_max) 635 __field(u16, cw_max)
620 __field(u8, aifs) 636 __field(u8, aifs)
621 __field(int, ret)
622 ), 637 ),
623 638
624 TP_fast_assign( 639 TP_fast_assign(
625 LOCAL_ASSIGN; 640 LOCAL_ASSIGN;
626 __entry->queue = queue; 641 __entry->queue = queue;
627 __entry->ret = ret;
628 __entry->txop = params->txop; 642 __entry->txop = params->txop;
629 __entry->cw_max = params->cw_max; 643 __entry->cw_max = params->cw_max;
630 __entry->cw_min = params->cw_min; 644 __entry->cw_min = params->cw_min;
@@ -632,29 +646,27 @@ TRACE_EVENT(drv_conf_tx,
632 ), 646 ),
633 647
634 TP_printk( 648 TP_printk(
635 LOCAL_PR_FMT " queue:%d ret:%d", 649 LOCAL_PR_FMT " queue:%d",
636 LOCAL_PR_ARG, __entry->queue, __entry->ret 650 LOCAL_PR_ARG, __entry->queue
637 ) 651 )
638); 652);
639 653
640TRACE_EVENT(drv_get_tsf, 654TRACE_EVENT(drv_get_tsf,
641 TP_PROTO(struct ieee80211_local *local, u64 ret), 655 TP_PROTO(struct ieee80211_local *local),
642 656
643 TP_ARGS(local, ret), 657 TP_ARGS(local),
644 658
645 TP_STRUCT__entry( 659 TP_STRUCT__entry(
646 LOCAL_ENTRY 660 LOCAL_ENTRY
647 __field(u64, ret)
648 ), 661 ),
649 662
650 TP_fast_assign( 663 TP_fast_assign(
651 LOCAL_ASSIGN; 664 LOCAL_ASSIGN;
652 __entry->ret = ret;
653 ), 665 ),
654 666
655 TP_printk( 667 TP_printk(
656 LOCAL_PR_FMT " ret:%llu", 668 LOCAL_PR_FMT,
657 LOCAL_PR_ARG, (unsigned long long)__entry->ret 669 LOCAL_PR_ARG
658 ) 670 )
659); 671);
660 672
@@ -698,23 +710,21 @@ TRACE_EVENT(drv_reset_tsf,
698); 710);
699 711
700TRACE_EVENT(drv_tx_last_beacon, 712TRACE_EVENT(drv_tx_last_beacon,
701 TP_PROTO(struct ieee80211_local *local, int ret), 713 TP_PROTO(struct ieee80211_local *local),
702 714
703 TP_ARGS(local, ret), 715 TP_ARGS(local),
704 716
705 TP_STRUCT__entry( 717 TP_STRUCT__entry(
706 LOCAL_ENTRY 718 LOCAL_ENTRY
707 __field(int, ret)
708 ), 719 ),
709 720
710 TP_fast_assign( 721 TP_fast_assign(
711 LOCAL_ASSIGN; 722 LOCAL_ASSIGN;
712 __entry->ret = ret;
713 ), 723 ),
714 724
715 TP_printk( 725 TP_printk(
716 LOCAL_PR_FMT " ret:%d", 726 LOCAL_PR_FMT,
717 LOCAL_PR_ARG, __entry->ret 727 LOCAL_PR_ARG
718 ) 728 )
719); 729);
720 730
@@ -723,9 +733,9 @@ TRACE_EVENT(drv_ampdu_action,
723 struct ieee80211_sub_if_data *sdata, 733 struct ieee80211_sub_if_data *sdata,
724 enum ieee80211_ampdu_mlme_action action, 734 enum ieee80211_ampdu_mlme_action action,
725 struct ieee80211_sta *sta, u16 tid, 735 struct ieee80211_sta *sta, u16 tid,
726 u16 *ssn, int ret), 736 u16 *ssn),
727 737
728 TP_ARGS(local, sdata, action, sta, tid, ssn, ret), 738 TP_ARGS(local, sdata, action, sta, tid, ssn),
729 739
730 TP_STRUCT__entry( 740 TP_STRUCT__entry(
731 LOCAL_ENTRY 741 LOCAL_ENTRY
@@ -733,7 +743,6 @@ TRACE_EVENT(drv_ampdu_action,
733 __field(u32, action) 743 __field(u32, action)
734 __field(u16, tid) 744 __field(u16, tid)
735 __field(u16, ssn) 745 __field(u16, ssn)
736 __field(int, ret)
737 VIF_ENTRY 746 VIF_ENTRY
738 ), 747 ),
739 748
@@ -741,15 +750,36 @@ TRACE_EVENT(drv_ampdu_action,
741 LOCAL_ASSIGN; 750 LOCAL_ASSIGN;
742 VIF_ASSIGN; 751 VIF_ASSIGN;
743 STA_ASSIGN; 752 STA_ASSIGN;
744 __entry->ret = ret;
745 __entry->action = action; 753 __entry->action = action;
746 __entry->tid = tid; 754 __entry->tid = tid;
747 __entry->ssn = ssn ? *ssn : 0; 755 __entry->ssn = ssn ? *ssn : 0;
748 ), 756 ),
749 757
750 TP_printk( 758 TP_printk(
751 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d ret:%d", 759 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d",
752 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid, __entry->ret 760 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid
761 )
762);
763
764TRACE_EVENT(drv_get_survey,
765 TP_PROTO(struct ieee80211_local *local, int idx,
766 struct survey_info *survey),
767
768 TP_ARGS(local, idx, survey),
769
770 TP_STRUCT__entry(
771 LOCAL_ENTRY
772 __field(int, idx)
773 ),
774
775 TP_fast_assign(
776 LOCAL_ASSIGN;
777 __entry->idx = idx;
778 ),
779
780 TP_printk(
781 LOCAL_PR_FMT " idx:%d",
782 LOCAL_PR_ARG, __entry->idx
753 ) 783 )
754); 784);
755 785
@@ -851,25 +881,23 @@ TRACE_EVENT(api_start_tx_ba_cb,
851); 881);
852 882
853TRACE_EVENT(api_stop_tx_ba_session, 883TRACE_EVENT(api_stop_tx_ba_session,
854 TP_PROTO(struct ieee80211_sta *sta, u16 tid, u16 initiator), 884 TP_PROTO(struct ieee80211_sta *sta, u16 tid),
855 885
856 TP_ARGS(sta, tid, initiator), 886 TP_ARGS(sta, tid),
857 887
858 TP_STRUCT__entry( 888 TP_STRUCT__entry(
859 STA_ENTRY 889 STA_ENTRY
860 __field(u16, tid) 890 __field(u16, tid)
861 __field(u16, initiator)
862 ), 891 ),
863 892
864 TP_fast_assign( 893 TP_fast_assign(
865 STA_ASSIGN; 894 STA_ASSIGN;
866 __entry->tid = tid; 895 __entry->tid = tid;
867 __entry->initiator = initiator;
868 ), 896 ),
869 897
870 TP_printk( 898 TP_printk(
871 STA_PR_FMT " tid:%d initiator:%d", 899 STA_PR_FMT " tid:%d",
872 STA_PR_ARG, __entry->tid, __entry->initiator 900 STA_PR_ARG, __entry->tid
873 ) 901 )
874); 902);
875 903
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 2ab106a0a491..9d101fb33861 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -6,7 +6,7 @@
6 * Copyright 2005-2006, Devicescape Software, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9 * Copyright 2007-2008, Intel Corporation 9 * Copyright 2007-2010, Intel Corporation
10 * 10 *
11 * This program is free software; you can redistribute it and/or modify 11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License version 2 as 12 * it under the terms of the GNU General Public License version 2 as
@@ -29,7 +29,7 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
29 29
30 memset(ht_cap, 0, sizeof(*ht_cap)); 30 memset(ht_cap, 0, sizeof(*ht_cap));
31 31
32 if (!ht_cap_ie) 32 if (!ht_cap_ie || !sband->ht_cap.ht_supported)
33 return; 33 return;
34 34
35 ht_cap->ht_supported = true; 35 ht_cap->ht_supported = true;
@@ -105,6 +105,8 @@ void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta)
105{ 105{
106 int i; 106 int i;
107 107
108 cancel_work_sync(&sta->ampdu_mlme.work);
109
108 for (i = 0; i < STA_TID_NUM; i++) { 110 for (i = 0; i < STA_TID_NUM; i++) {
109 __ieee80211_stop_tx_ba_session(sta, i, WLAN_BACK_INITIATOR); 111 __ieee80211_stop_tx_ba_session(sta, i, WLAN_BACK_INITIATOR);
110 __ieee80211_stop_rx_ba_session(sta, i, WLAN_BACK_RECIPIENT, 112 __ieee80211_stop_rx_ba_session(sta, i, WLAN_BACK_RECIPIENT,
@@ -112,6 +114,43 @@ void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta)
112 } 114 }
113} 115}
114 116
117void ieee80211_ba_session_work(struct work_struct *work)
118{
119 struct sta_info *sta =
120 container_of(work, struct sta_info, ampdu_mlme.work);
121 struct tid_ampdu_tx *tid_tx;
122 int tid;
123
124 /*
125 * When this flag is set, new sessions should be
126 * blocked, and existing sessions will be torn
127 * down by the code that set the flag, so this
128 * need not run.
129 */
130 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA))
131 return;
132
133 mutex_lock(&sta->ampdu_mlme.mtx);
134 for (tid = 0; tid < STA_TID_NUM; tid++) {
135 if (test_and_clear_bit(tid, sta->ampdu_mlme.tid_rx_timer_expired))
136 ___ieee80211_stop_rx_ba_session(
137 sta, tid, WLAN_BACK_RECIPIENT,
138 WLAN_REASON_QSTA_TIMEOUT);
139
140 tid_tx = sta->ampdu_mlme.tid_tx[tid];
141 if (!tid_tx)
142 continue;
143
144 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state))
145 ieee80211_tx_ba_session_handle_start(sta, tid);
146 else if (test_and_clear_bit(HT_AGG_STATE_WANT_STOP,
147 &tid_tx->state))
148 ___ieee80211_stop_tx_ba_session(sta, tid,
149 WLAN_BACK_INITIATOR);
150 }
151 mutex_unlock(&sta->ampdu_mlme.mtx);
152}
153
115void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata, 154void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
116 const u8 *da, u16 tid, 155 const u8 *da, u16 tid,
117 u16 initiator, u16 reason_code) 156 u16 initiator, u16 reason_code)
@@ -176,13 +215,8 @@ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
176 215
177 if (initiator == WLAN_BACK_INITIATOR) 216 if (initiator == WLAN_BACK_INITIATOR)
178 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_INITIATOR, 0); 217 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_INITIATOR, 0);
179 else { /* WLAN_BACK_RECIPIENT */ 218 else
180 spin_lock_bh(&sta->lock); 219 __ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_RECIPIENT);
181 if (sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK)
182 ___ieee80211_stop_tx_ba_session(sta, tid,
183 WLAN_BACK_RECIPIENT);
184 spin_unlock_bh(&sta->lock);
185 }
186} 220}
187 221
188int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata, 222int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index b2cc1fda6cfd..c691780725a7 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -43,6 +43,8 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
43{ 43{
44 u16 auth_alg, auth_transaction, status_code; 44 u16 auth_alg, auth_transaction, status_code;
45 45
46 lockdep_assert_held(&sdata->u.ibss.mtx);
47
46 if (len < 24 + 6) 48 if (len < 24 + 6)
47 return; 49 return;
48 50
@@ -78,6 +80,8 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
78 u32 bss_change; 80 u32 bss_change;
79 u8 supp_rates[IEEE80211_MAX_SUPP_RATES]; 81 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
80 82
83 lockdep_assert_held(&ifibss->mtx);
84
81 /* Reset own TSF to allow time synchronization work. */ 85 /* Reset own TSF to allow time synchronization work. */
82 drv_reset_tsf(local); 86 drv_reset_tsf(local);
83 87
@@ -172,11 +176,13 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
172 rcu_assign_pointer(ifibss->presp, skb); 176 rcu_assign_pointer(ifibss->presp, skb);
173 177
174 sdata->vif.bss_conf.beacon_int = beacon_int; 178 sdata->vif.bss_conf.beacon_int = beacon_int;
179 sdata->vif.bss_conf.basic_rates = basic_rates;
175 bss_change = BSS_CHANGED_BEACON_INT; 180 bss_change = BSS_CHANGED_BEACON_INT;
176 bss_change |= ieee80211_reset_erp_info(sdata); 181 bss_change |= ieee80211_reset_erp_info(sdata);
177 bss_change |= BSS_CHANGED_BSSID; 182 bss_change |= BSS_CHANGED_BSSID;
178 bss_change |= BSS_CHANGED_BEACON; 183 bss_change |= BSS_CHANGED_BEACON;
179 bss_change |= BSS_CHANGED_BEACON_ENABLED; 184 bss_change |= BSS_CHANGED_BEACON_ENABLED;
185 bss_change |= BSS_CHANGED_BASIC_RATES;
180 bss_change |= BSS_CHANGED_IBSS; 186 bss_change |= BSS_CHANGED_IBSS;
181 sdata->vif.bss_conf.ibss_joined = true; 187 sdata->vif.bss_conf.ibss_joined = true;
182 ieee80211_bss_info_change_notify(sdata, bss_change); 188 ieee80211_bss_info_change_notify(sdata, bss_change);
@@ -203,6 +209,8 @@ static void ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
203 int i, j; 209 int i, j;
204 u16 beacon_int = cbss->beacon_interval; 210 u16 beacon_int = cbss->beacon_interval;
205 211
212 lockdep_assert_held(&sdata->u.ibss.mtx);
213
206 if (beacon_int < 10) 214 if (beacon_int < 10)
207 beacon_int = 10; 215 beacon_int = 10;
208 216
@@ -447,6 +455,8 @@ static int ieee80211_sta_active_ibss(struct ieee80211_sub_if_data *sdata)
447 int active = 0; 455 int active = 0;
448 struct sta_info *sta; 456 struct sta_info *sta;
449 457
458 lockdep_assert_held(&sdata->u.ibss.mtx);
459
450 rcu_read_lock(); 460 rcu_read_lock();
451 461
452 list_for_each_entry_rcu(sta, &local->sta_list, list) { 462 list_for_each_entry_rcu(sta, &local->sta_list, list) {
@@ -471,6 +481,8 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
471{ 481{
472 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 482 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
473 483
484 lockdep_assert_held(&ifibss->mtx);
485
474 mod_timer(&ifibss->timer, 486 mod_timer(&ifibss->timer,
475 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL)); 487 round_jiffies(jiffies + IEEE80211_IBSS_MERGE_INTERVAL));
476 488
@@ -503,6 +515,8 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
503 u16 capability; 515 u16 capability;
504 int i; 516 int i;
505 517
518 lockdep_assert_held(&ifibss->mtx);
519
506 if (ifibss->fixed_bssid) { 520 if (ifibss->fixed_bssid) {
507 memcpy(bssid, ifibss->bssid, ETH_ALEN); 521 memcpy(bssid, ifibss->bssid, ETH_ALEN);
508 } else { 522 } else {
@@ -529,7 +543,7 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
529 sdata->drop_unencrypted = 0; 543 sdata->drop_unencrypted = 0;
530 544
531 __ieee80211_sta_join_ibss(sdata, bssid, sdata->vif.bss_conf.beacon_int, 545 __ieee80211_sta_join_ibss(sdata, bssid, sdata->vif.bss_conf.beacon_int,
532 ifibss->channel, 3, /* first two are basic */ 546 ifibss->channel, ifibss->basic_rates,
533 capability, 0); 547 capability, 0);
534} 548}
535 549
@@ -547,6 +561,8 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
547 int active_ibss; 561 int active_ibss;
548 u16 capability; 562 u16 capability;
549 563
564 lockdep_assert_held(&ifibss->mtx);
565
550 active_ibss = ieee80211_sta_active_ibss(sdata); 566 active_ibss = ieee80211_sta_active_ibss(sdata);
551#ifdef CONFIG_MAC80211_IBSS_DEBUG 567#ifdef CONFIG_MAC80211_IBSS_DEBUG
552 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n", 568 printk(KERN_DEBUG "%s: sta_find_ibss (active_ibss=%d)\n",
@@ -635,6 +651,8 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
635 struct ieee80211_mgmt *resp; 651 struct ieee80211_mgmt *resp;
636 u8 *pos, *end; 652 u8 *pos, *end;
637 653
654 lockdep_assert_held(&ifibss->mtx);
655
638 if (ifibss->state != IEEE80211_IBSS_MLME_JOINED || 656 if (ifibss->state != IEEE80211_IBSS_MLME_JOINED ||
639 len < 24 + 2 || !ifibss->presp) 657 len < 24 + 2 || !ifibss->presp)
640 return; 658 return;
@@ -727,8 +745,8 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
727 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, true); 745 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, true);
728} 746}
729 747
730static void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 748void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
731 struct sk_buff *skb) 749 struct sk_buff *skb)
732{ 750{
733 struct ieee80211_rx_status *rx_status; 751 struct ieee80211_rx_status *rx_status;
734 struct ieee80211_mgmt *mgmt; 752 struct ieee80211_mgmt *mgmt;
@@ -738,6 +756,8 @@ static void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
738 mgmt = (struct ieee80211_mgmt *) skb->data; 756 mgmt = (struct ieee80211_mgmt *) skb->data;
739 fc = le16_to_cpu(mgmt->frame_control); 757 fc = le16_to_cpu(mgmt->frame_control);
740 758
759 mutex_lock(&sdata->u.ibss.mtx);
760
741 switch (fc & IEEE80211_FCTL_STYPE) { 761 switch (fc & IEEE80211_FCTL_STYPE) {
742 case IEEE80211_STYPE_PROBE_REQ: 762 case IEEE80211_STYPE_PROBE_REQ:
743 ieee80211_rx_mgmt_probe_req(sdata, mgmt, skb->len); 763 ieee80211_rx_mgmt_probe_req(sdata, mgmt, skb->len);
@@ -755,35 +775,22 @@ static void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
755 break; 775 break;
756 } 776 }
757 777
758 kfree_skb(skb); 778 mutex_unlock(&sdata->u.ibss.mtx);
759} 779}
760 780
761static void ieee80211_ibss_work(struct work_struct *work) 781void ieee80211_ibss_work(struct ieee80211_sub_if_data *sdata)
762{ 782{
763 struct ieee80211_sub_if_data *sdata = 783 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
764 container_of(work, struct ieee80211_sub_if_data, u.ibss.work);
765 struct ieee80211_local *local = sdata->local;
766 struct ieee80211_if_ibss *ifibss;
767 struct sk_buff *skb;
768
769 if (WARN_ON(local->suspended))
770 return;
771
772 if (!ieee80211_sdata_running(sdata))
773 return;
774
775 if (local->scanning)
776 return;
777
778 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_ADHOC))
779 return;
780 ifibss = &sdata->u.ibss;
781 784
782 while ((skb = skb_dequeue(&ifibss->skb_queue))) 785 mutex_lock(&ifibss->mtx);
783 ieee80211_ibss_rx_queued_mgmt(sdata, skb);
784 786
785 if (!test_and_clear_bit(IEEE80211_IBSS_REQ_RUN, &ifibss->request)) 787 /*
786 return; 788 * Work could be scheduled after scan or similar
789 * when we aren't even joined (or trying) with a
790 * network.
791 */
792 if (!ifibss->ssid_len)
793 goto out;
787 794
788 switch (ifibss->state) { 795 switch (ifibss->state) {
789 case IEEE80211_IBSS_MLME_SEARCH: 796 case IEEE80211_IBSS_MLME_SEARCH:
@@ -796,6 +803,9 @@ static void ieee80211_ibss_work(struct work_struct *work)
796 WARN_ON(1); 803 WARN_ON(1);
797 break; 804 break;
798 } 805 }
806
807 out:
808 mutex_unlock(&ifibss->mtx);
799} 809}
800 810
801static void ieee80211_ibss_timer(unsigned long data) 811static void ieee80211_ibss_timer(unsigned long data)
@@ -810,8 +820,7 @@ static void ieee80211_ibss_timer(unsigned long data)
810 return; 820 return;
811 } 821 }
812 822
813 set_bit(IEEE80211_IBSS_REQ_RUN, &ifibss->request); 823 ieee80211_queue_work(&local->hw, &sdata->work);
814 ieee80211_queue_work(&local->hw, &ifibss->work);
815} 824}
816 825
817#ifdef CONFIG_PM 826#ifdef CONFIG_PM
@@ -819,7 +828,6 @@ void ieee80211_ibss_quiesce(struct ieee80211_sub_if_data *sdata)
819{ 828{
820 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 829 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
821 830
822 cancel_work_sync(&ifibss->work);
823 if (del_timer_sync(&ifibss->timer)) 831 if (del_timer_sync(&ifibss->timer))
824 ifibss->timer_running = true; 832 ifibss->timer_running = true;
825} 833}
@@ -839,10 +847,9 @@ void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata)
839{ 847{
840 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 848 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
841 849
842 INIT_WORK(&ifibss->work, ieee80211_ibss_work);
843 setup_timer(&ifibss->timer, ieee80211_ibss_timer, 850 setup_timer(&ifibss->timer, ieee80211_ibss_timer,
844 (unsigned long) sdata); 851 (unsigned long) sdata);
845 skb_queue_head_init(&ifibss->skb_queue); 852 mutex_init(&ifibss->mtx);
846} 853}
847 854
848/* scan finished notification */ 855/* scan finished notification */
@@ -856,45 +863,28 @@ void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local)
856 continue; 863 continue;
857 if (sdata->vif.type != NL80211_IFTYPE_ADHOC) 864 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
858 continue; 865 continue;
859 if (!sdata->u.ibss.ssid_len)
860 continue;
861 sdata->u.ibss.last_scan_completed = jiffies; 866 sdata->u.ibss.last_scan_completed = jiffies;
862 mod_timer(&sdata->u.ibss.timer, 0); 867 ieee80211_queue_work(&local->hw, &sdata->work);
863 } 868 }
864 mutex_unlock(&local->iflist_mtx); 869 mutex_unlock(&local->iflist_mtx);
865} 870}
866 871
867ieee80211_rx_result
868ieee80211_ibss_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
869{
870 struct ieee80211_local *local = sdata->local;
871 struct ieee80211_mgmt *mgmt;
872 u16 fc;
873
874 if (skb->len < 24)
875 return RX_DROP_MONITOR;
876
877 mgmt = (struct ieee80211_mgmt *) skb->data;
878 fc = le16_to_cpu(mgmt->frame_control);
879
880 switch (fc & IEEE80211_FCTL_STYPE) {
881 case IEEE80211_STYPE_PROBE_RESP:
882 case IEEE80211_STYPE_BEACON:
883 case IEEE80211_STYPE_PROBE_REQ:
884 case IEEE80211_STYPE_AUTH:
885 skb_queue_tail(&sdata->u.ibss.skb_queue, skb);
886 ieee80211_queue_work(&local->hw, &sdata->u.ibss.work);
887 return RX_QUEUED;
888 }
889
890 return RX_DROP_MONITOR;
891}
892
893int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, 872int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
894 struct cfg80211_ibss_params *params) 873 struct cfg80211_ibss_params *params)
895{ 874{
896 struct sk_buff *skb; 875 struct sk_buff *skb;
897 876
877 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom +
878 36 /* bitrates */ +
879 34 /* SSID */ +
880 3 /* DS params */ +
881 4 /* IBSS params */ +
882 params->ie_len);
883 if (!skb)
884 return -ENOMEM;
885
886 mutex_lock(&sdata->u.ibss.mtx);
887
898 if (params->bssid) { 888 if (params->bssid) {
899 memcpy(sdata->u.ibss.bssid, params->bssid, ETH_ALEN); 889 memcpy(sdata->u.ibss.bssid, params->bssid, ETH_ALEN);
900 sdata->u.ibss.fixed_bssid = true; 890 sdata->u.ibss.fixed_bssid = true;
@@ -902,6 +892,7 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
902 sdata->u.ibss.fixed_bssid = false; 892 sdata->u.ibss.fixed_bssid = false;
903 893
904 sdata->u.ibss.privacy = params->privacy; 894 sdata->u.ibss.privacy = params->privacy;
895 sdata->u.ibss.basic_rates = params->basic_rates;
905 896
906 sdata->vif.bss_conf.beacon_int = params->beacon_interval; 897 sdata->vif.bss_conf.beacon_int = params->beacon_interval;
907 898
@@ -922,34 +913,18 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
922 sdata->u.ibss.ie_len = params->ie_len; 913 sdata->u.ibss.ie_len = params->ie_len;
923 } 914 }
924 915
925 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom +
926 36 /* bitrates */ +
927 34 /* SSID */ +
928 3 /* DS params */ +
929 4 /* IBSS params */ +
930 params->ie_len);
931 if (!skb)
932 return -ENOMEM;
933
934 sdata->u.ibss.skb = skb; 916 sdata->u.ibss.skb = skb;
935 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH; 917 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
936 sdata->u.ibss.ibss_join_req = jiffies; 918 sdata->u.ibss.ibss_join_req = jiffies;
937 919
938 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); 920 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN);
939
940 /*
941 * The ssid_len setting below is used to see whether
942 * we are active, and we need all other settings
943 * before that may get visible.
944 */
945 mb();
946
947 sdata->u.ibss.ssid_len = params->ssid_len; 921 sdata->u.ibss.ssid_len = params->ssid_len;
948 922
949 ieee80211_recalc_idle(sdata->local); 923 ieee80211_recalc_idle(sdata->local);
950 924
951 set_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request); 925 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
952 ieee80211_queue_work(&sdata->local->hw, &sdata->u.ibss.work); 926
927 mutex_unlock(&sdata->u.ibss.mtx);
953 928
954 return 0; 929 return 0;
955} 930}
@@ -957,11 +932,33 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
957int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata) 932int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
958{ 933{
959 struct sk_buff *skb; 934 struct sk_buff *skb;
935 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
936 struct ieee80211_local *local = sdata->local;
937 struct cfg80211_bss *cbss;
938 u16 capability;
939 int active_ibss;
960 940
961 del_timer_sync(&sdata->u.ibss.timer); 941 mutex_lock(&sdata->u.ibss.mtx);
962 clear_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request); 942
963 cancel_work_sync(&sdata->u.ibss.work); 943 active_ibss = ieee80211_sta_active_ibss(sdata);
964 clear_bit(IEEE80211_IBSS_REQ_RUN, &sdata->u.ibss.request); 944
945 if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) {
946 capability = WLAN_CAPABILITY_IBSS;
947
948 if (ifibss->privacy)
949 capability |= WLAN_CAPABILITY_PRIVACY;
950
951 cbss = cfg80211_get_bss(local->hw.wiphy, ifibss->channel,
952 ifibss->bssid, ifibss->ssid,
953 ifibss->ssid_len, WLAN_CAPABILITY_IBSS |
954 WLAN_CAPABILITY_PRIVACY,
955 capability);
956
957 if (cbss) {
958 cfg80211_unlink_bss(local->hw.wiphy, cbss);
959 cfg80211_put_bss(cbss);
960 }
961 }
965 962
966 sta_info_flush(sdata->local, sdata); 963 sta_info_flush(sdata->local, sdata);
967 964
@@ -975,10 +972,14 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
975 synchronize_rcu(); 972 synchronize_rcu();
976 kfree_skb(skb); 973 kfree_skb(skb);
977 974
978 skb_queue_purge(&sdata->u.ibss.skb_queue); 975 skb_queue_purge(&sdata->skb_queue);
979 memset(sdata->u.ibss.bssid, 0, ETH_ALEN); 976 memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
980 sdata->u.ibss.ssid_len = 0; 977 sdata->u.ibss.ssid_len = 0;
981 978
979 del_timer_sync(&sdata->u.ibss.timer);
980
981 mutex_unlock(&sdata->u.ibss.mtx);
982
982 ieee80211_recalc_idle(sdata->local); 983 ieee80211_recalc_idle(sdata->local);
983 984
984 return 0; 985 return 0;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 1a9e2da37a93..65e0ed6c2975 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -238,6 +238,7 @@ enum ieee80211_work_type {
238 IEEE80211_WORK_ABORT, 238 IEEE80211_WORK_ABORT,
239 IEEE80211_WORK_DIRECT_PROBE, 239 IEEE80211_WORK_DIRECT_PROBE,
240 IEEE80211_WORK_AUTH, 240 IEEE80211_WORK_AUTH,
241 IEEE80211_WORK_ASSOC_BEACON_WAIT,
241 IEEE80211_WORK_ASSOC, 242 IEEE80211_WORK_ASSOC,
242 IEEE80211_WORK_REMAIN_ON_CHANNEL, 243 IEEE80211_WORK_REMAIN_ON_CHANNEL,
243}; 244};
@@ -325,7 +326,6 @@ struct ieee80211_if_managed {
325 struct timer_list conn_mon_timer; 326 struct timer_list conn_mon_timer;
326 struct timer_list bcn_mon_timer; 327 struct timer_list bcn_mon_timer;
327 struct timer_list chswitch_timer; 328 struct timer_list chswitch_timer;
328 struct work_struct work;
329 struct work_struct monitor_work; 329 struct work_struct monitor_work;
330 struct work_struct chswitch_work; 330 struct work_struct chswitch_work;
331 struct work_struct beacon_connection_loss_work; 331 struct work_struct beacon_connection_loss_work;
@@ -340,8 +340,6 @@ struct ieee80211_if_managed {
340 340
341 u16 aid; 341 u16 aid;
342 342
343 struct sk_buff_head skb_queue;
344
345 unsigned long timers_running; /* used for quiesce/restart */ 343 unsigned long timers_running; /* used for quiesce/restart */
346 bool powersave; /* powersave requested for this iface */ 344 bool powersave; /* powersave requested for this iface */
347 enum ieee80211_smps_mode req_smps, /* requested smps mode */ 345 enum ieee80211_smps_mode req_smps, /* requested smps mode */
@@ -380,19 +378,15 @@ struct ieee80211_if_managed {
380 int last_cqm_event_signal; 378 int last_cqm_event_signal;
381}; 379};
382 380
383enum ieee80211_ibss_request {
384 IEEE80211_IBSS_REQ_RUN = 0,
385};
386
387struct ieee80211_if_ibss { 381struct ieee80211_if_ibss {
388 struct timer_list timer; 382 struct timer_list timer;
389 struct work_struct work;
390 383
391 struct sk_buff_head skb_queue; 384 struct mutex mtx;
392 385
393 unsigned long request;
394 unsigned long last_scan_completed; 386 unsigned long last_scan_completed;
395 387
388 u32 basic_rates;
389
396 bool timer_running; 390 bool timer_running;
397 391
398 bool fixed_bssid; 392 bool fixed_bssid;
@@ -416,11 +410,9 @@ struct ieee80211_if_ibss {
416}; 410};
417 411
418struct ieee80211_if_mesh { 412struct ieee80211_if_mesh {
419 struct work_struct work;
420 struct timer_list housekeeping_timer; 413 struct timer_list housekeeping_timer;
421 struct timer_list mesh_path_timer; 414 struct timer_list mesh_path_timer;
422 struct timer_list mesh_path_root_timer; 415 struct timer_list mesh_path_root_timer;
423 struct sk_buff_head skb_queue;
424 416
425 unsigned long timers_running; 417 unsigned long timers_running;
426 418
@@ -517,6 +509,11 @@ struct ieee80211_sub_if_data {
517 509
518 u16 sequence_number; 510 u16 sequence_number;
519 511
512 struct work_struct work;
513 struct sk_buff_head skb_queue;
514
515 bool arp_filter_state;
516
520 /* 517 /*
521 * AP this belongs to: self in AP mode and 518 * AP this belongs to: self in AP mode and
522 * corresponding AP in VLAN mode, NULL for 519 * corresponding AP in VLAN mode, NULL for
@@ -569,11 +566,15 @@ ieee80211_sdata_set_mesh_id(struct ieee80211_sub_if_data *sdata,
569#endif 566#endif
570} 567}
571 568
569enum sdata_queue_type {
570 IEEE80211_SDATA_QUEUE_TYPE_FRAME = 0,
571 IEEE80211_SDATA_QUEUE_AGG_START = 1,
572 IEEE80211_SDATA_QUEUE_AGG_STOP = 2,
573};
574
572enum { 575enum {
573 IEEE80211_RX_MSG = 1, 576 IEEE80211_RX_MSG = 1,
574 IEEE80211_TX_STATUS_MSG = 2, 577 IEEE80211_TX_STATUS_MSG = 2,
575 IEEE80211_DELBA_MSG = 3,
576 IEEE80211_ADDBA_MSG = 4,
577}; 578};
578 579
579enum queue_stop_reason { 580enum queue_stop_reason {
@@ -724,13 +725,7 @@ struct ieee80211_local {
724 struct sk_buff_head pending[IEEE80211_MAX_QUEUES]; 725 struct sk_buff_head pending[IEEE80211_MAX_QUEUES];
725 struct tasklet_struct tx_pending_tasklet; 726 struct tasklet_struct tx_pending_tasklet;
726 727
727 /* 728 atomic_t agg_queue_stop[IEEE80211_MAX_QUEUES];
728 * This lock is used to prevent concurrent A-MPDU
729 * session start/stop processing, this thus also
730 * synchronises the ->ampdu_action() callback to
731 * drivers and limits it to one at a time.
732 */
733 spinlock_t ampdu_lock;
734 729
735 /* number of interfaces with corresponding IFF_ flags */ 730 /* number of interfaces with corresponding IFF_ flags */
736 atomic_t iff_allmultis, iff_promiscs; 731 atomic_t iff_allmultis, iff_promiscs;
@@ -746,10 +741,10 @@ struct ieee80211_local {
746 struct mutex iflist_mtx; 741 struct mutex iflist_mtx;
747 742
748 /* 743 /*
749 * Key lock, protects sdata's key_list and sta_info's 744 * Key mutex, protects sdata's key_list and sta_info's
750 * key pointers (write access, they're RCU.) 745 * key pointers (write access, they're RCU.)
751 */ 746 */
752 spinlock_t key_lock; 747 struct mutex key_mtx;
753 748
754 749
755 /* Scanning and BSS list */ 750 /* Scanning and BSS list */
@@ -851,6 +846,15 @@ struct ieee80211_local {
851 struct work_struct dynamic_ps_disable_work; 846 struct work_struct dynamic_ps_disable_work;
852 struct timer_list dynamic_ps_timer; 847 struct timer_list dynamic_ps_timer;
853 struct notifier_block network_latency_notifier; 848 struct notifier_block network_latency_notifier;
849 struct notifier_block ifa_notifier;
850
851 /*
852 * The dynamic ps timeout configured from user space via WEXT -
853 * this will override whatever chosen by mac80211 internally.
854 */
855 int dynamic_ps_forced_timeout;
856 int dynamic_ps_user_timeout;
857 bool disable_dynamic_ps;
854 858
855 int user_power_level; /* in dBm */ 859 int user_power_level; /* in dBm */
856 int power_constr_level; /* in dBm */ 860 int power_constr_level; /* in dBm */
@@ -874,9 +878,8 @@ IEEE80211_DEV_TO_SUB_IF(struct net_device *dev)
874 return netdev_priv(dev); 878 return netdev_priv(dev);
875} 879}
876 880
877/* this struct represents 802.11n's RA/TID combination along with our vif */ 881/* this struct represents 802.11n's RA/TID combination */
878struct ieee80211_ra_tid { 882struct ieee80211_ra_tid {
879 struct ieee80211_vif *vif;
880 u8 ra[ETH_ALEN]; 883 u8 ra[ETH_ALEN];
881 u16 tid; 884 u16 tid;
882}; 885};
@@ -985,29 +988,25 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
985int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata, 988int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
986 struct cfg80211_disassoc_request *req, 989 struct cfg80211_disassoc_request *req,
987 void *cookie); 990 void *cookie);
988int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
989 struct ieee80211_channel *chan,
990 enum nl80211_channel_type channel_type,
991 const u8 *buf, size_t len, u64 *cookie);
992ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata,
993 struct sk_buff *skb);
994void ieee80211_send_pspoll(struct ieee80211_local *local, 991void ieee80211_send_pspoll(struct ieee80211_local *local,
995 struct ieee80211_sub_if_data *sdata); 992 struct ieee80211_sub_if_data *sdata);
996void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency); 993void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency);
997int ieee80211_max_network_latency(struct notifier_block *nb, 994int ieee80211_max_network_latency(struct notifier_block *nb,
998 unsigned long data, void *dummy); 995 unsigned long data, void *dummy);
996int ieee80211_set_arp_filter(struct ieee80211_sub_if_data *sdata);
999void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 997void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
1000 struct ieee80211_channel_sw_ie *sw_elem, 998 struct ieee80211_channel_sw_ie *sw_elem,
1001 struct ieee80211_bss *bss, 999 struct ieee80211_bss *bss,
1002 u64 timestamp); 1000 u64 timestamp);
1003void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata); 1001void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata);
1004void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata); 1002void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata);
1003void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
1004void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1005 struct sk_buff *skb);
1005 1006
1006/* IBSS code */ 1007/* IBSS code */
1007void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local); 1008void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local);
1008void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata); 1009void ieee80211_ibss_setup_sdata(struct ieee80211_sub_if_data *sdata);
1009ieee80211_rx_result
1010ieee80211_ibss_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
1011struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata, 1010struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
1012 u8 *bssid, u8 *addr, u32 supp_rates, 1011 u8 *bssid, u8 *addr, u32 supp_rates,
1013 gfp_t gfp); 1012 gfp_t gfp);
@@ -1016,6 +1015,14 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
1016int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata); 1015int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata);
1017void ieee80211_ibss_quiesce(struct ieee80211_sub_if_data *sdata); 1016void ieee80211_ibss_quiesce(struct ieee80211_sub_if_data *sdata);
1018void ieee80211_ibss_restart(struct ieee80211_sub_if_data *sdata); 1017void ieee80211_ibss_restart(struct ieee80211_sub_if_data *sdata);
1018void ieee80211_ibss_work(struct ieee80211_sub_if_data *sdata);
1019void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1020 struct sk_buff *skb);
1021
1022/* mesh code */
1023void ieee80211_mesh_work(struct ieee80211_sub_if_data *sdata);
1024void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1025 struct sk_buff *skb);
1019 1026
1020/* scan/BSS handling */ 1027/* scan/BSS handling */
1021void ieee80211_scan_work(struct work_struct *work); 1028void ieee80211_scan_work(struct work_struct *work);
@@ -1084,7 +1091,7 @@ struct ieee80211_tx_status_rtap_hdr {
1084 u8 padding_for_rate; 1091 u8 padding_for_rate;
1085 __le16 tx_flags; 1092 __le16 tx_flags;
1086 u8 data_retries; 1093 u8 data_retries;
1087} __attribute__ ((packed)); 1094} __packed;
1088 1095
1089 1096
1090/* HT */ 1097/* HT */
@@ -1099,6 +1106,8 @@ int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
1099 enum ieee80211_smps_mode smps, const u8 *da, 1106 enum ieee80211_smps_mode smps, const u8 *da,
1100 const u8 *bssid); 1107 const u8 *bssid);
1101 1108
1109void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
1110 u16 initiator, u16 reason);
1102void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 1111void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
1103 u16 initiator, u16 reason); 1112 u16 initiator, u16 reason);
1104void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta); 1113void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta);
@@ -1118,6 +1127,10 @@ int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
1118 enum ieee80211_back_parties initiator); 1127 enum ieee80211_back_parties initiator);
1119int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 1128int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
1120 enum ieee80211_back_parties initiator); 1129 enum ieee80211_back_parties initiator);
1130void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid);
1131void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid);
1132void ieee80211_ba_session_work(struct work_struct *work);
1133void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid);
1121 1134
1122/* Spectrum management */ 1135/* Spectrum management */
1123void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata, 1136void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index 50deb017fd6e..ebbe264e2b0b 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -249,6 +249,8 @@ static int ieee80211_open(struct net_device *dev)
249 local->fif_other_bss++; 249 local->fif_other_bss++;
250 250
251 ieee80211_configure_filter(local); 251 ieee80211_configure_filter(local);
252
253 netif_carrier_on(dev);
252 break; 254 break;
253 default: 255 default:
254 res = drv_add_interface(local, &sdata->vif); 256 res = drv_add_interface(local, &sdata->vif);
@@ -268,7 +270,6 @@ static int ieee80211_open(struct net_device *dev)
268 270
269 changed |= ieee80211_reset_erp_info(sdata); 271 changed |= ieee80211_reset_erp_info(sdata);
270 ieee80211_bss_info_change_notify(sdata, changed); 272 ieee80211_bss_info_change_notify(sdata, changed);
271 ieee80211_enable_keys(sdata);
272 273
273 if (sdata->vif.type == NL80211_IFTYPE_STATION) 274 if (sdata->vif.type == NL80211_IFTYPE_STATION)
274 netif_carrier_off(dev); 275 netif_carrier_off(dev);
@@ -321,15 +322,6 @@ static int ieee80211_open(struct net_device *dev)
321 322
322 ieee80211_recalc_ps(local, -1); 323 ieee80211_recalc_ps(local, -1);
323 324
324 /*
325 * ieee80211_sta_work is disabled while network interface
326 * is down. Therefore, some configuration changes may not
327 * yet be effective. Trigger execution of ieee80211_sta_work
328 * to fix this.
329 */
330 if (sdata->vif.type == NL80211_IFTYPE_STATION)
331 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
332
333 netif_tx_start_all_queues(dev); 325 netif_tx_start_all_queues(dev);
334 326
335 return 0; 327 return 0;
@@ -349,7 +341,6 @@ static int ieee80211_stop(struct net_device *dev)
349{ 341{
350 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 342 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
351 struct ieee80211_local *local = sdata->local; 343 struct ieee80211_local *local = sdata->local;
352 struct sta_info *sta;
353 unsigned long flags; 344 unsigned long flags;
354 struct sk_buff *skb, *tmp; 345 struct sk_buff *skb, *tmp;
355 u32 hw_reconf_flags = 0; 346 u32 hw_reconf_flags = 0;
@@ -366,18 +357,6 @@ static int ieee80211_stop(struct net_device *dev)
366 ieee80211_work_purge(sdata); 357 ieee80211_work_purge(sdata);
367 358
368 /* 359 /*
369 * Now delete all active aggregation sessions.
370 */
371 rcu_read_lock();
372
373 list_for_each_entry_rcu(sta, &local->sta_list, list) {
374 if (sta->sdata == sdata)
375 ieee80211_sta_tear_down_BA_sessions(sta);
376 }
377
378 rcu_read_unlock();
379
380 /*
381 * Remove all stations associated with this interface. 360 * Remove all stations associated with this interface.
382 * 361 *
383 * This must be done before calling ops->remove_interface() 362 * This must be done before calling ops->remove_interface()
@@ -483,27 +462,14 @@ static int ieee80211_stop(struct net_device *dev)
483 * whether the interface is running, which, at this point, 462 * whether the interface is running, which, at this point,
484 * it no longer is. 463 * it no longer is.
485 */ 464 */
486 cancel_work_sync(&sdata->u.mgd.work);
487 cancel_work_sync(&sdata->u.mgd.chswitch_work); 465 cancel_work_sync(&sdata->u.mgd.chswitch_work);
488 cancel_work_sync(&sdata->u.mgd.monitor_work); 466 cancel_work_sync(&sdata->u.mgd.monitor_work);
489 cancel_work_sync(&sdata->u.mgd.beacon_connection_loss_work); 467 cancel_work_sync(&sdata->u.mgd.beacon_connection_loss_work);
490 468
491 /*
492 * When we get here, the interface is marked down.
493 * Call synchronize_rcu() to wait for the RX path
494 * should it be using the interface and enqueuing
495 * frames at this very time on another CPU.
496 */
497 synchronize_rcu();
498 skb_queue_purge(&sdata->u.mgd.skb_queue);
499 /* fall through */ 469 /* fall through */
500 case NL80211_IFTYPE_ADHOC: 470 case NL80211_IFTYPE_ADHOC:
501 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) { 471 if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
502 del_timer_sync(&sdata->u.ibss.timer); 472 del_timer_sync(&sdata->u.ibss.timer);
503 cancel_work_sync(&sdata->u.ibss.work);
504 synchronize_rcu();
505 skb_queue_purge(&sdata->u.ibss.skb_queue);
506 }
507 /* fall through */ 473 /* fall through */
508 case NL80211_IFTYPE_MESH_POINT: 474 case NL80211_IFTYPE_MESH_POINT:
509 if (ieee80211_vif_is_mesh(&sdata->vif)) { 475 if (ieee80211_vif_is_mesh(&sdata->vif)) {
@@ -518,6 +484,16 @@ static int ieee80211_stop(struct net_device *dev)
518 } 484 }
519 /* fall through */ 485 /* fall through */
520 default: 486 default:
487 flush_work(&sdata->work);
488 /*
489 * When we get here, the interface is marked down.
490 * Call synchronize_rcu() to wait for the RX path
491 * should it be using the interface and enqueuing
492 * frames at this very time on another CPU.
493 */
494 synchronize_rcu();
495 skb_queue_purge(&sdata->skb_queue);
496
521 if (local->scan_sdata == sdata) 497 if (local->scan_sdata == sdata)
522 ieee80211_scan_cancel(local); 498 ieee80211_scan_cancel(local);
523 499
@@ -531,8 +507,8 @@ static int ieee80211_stop(struct net_device *dev)
531 BSS_CHANGED_BEACON_ENABLED); 507 BSS_CHANGED_BEACON_ENABLED);
532 } 508 }
533 509
534 /* disable all keys for as long as this netdev is down */ 510 /* free all remaining keys, there shouldn't be any */
535 ieee80211_disable_keys(sdata); 511 ieee80211_free_keys(sdata);
536 drv_remove_interface(local, &sdata->vif); 512 drv_remove_interface(local, &sdata->vif);
537 } 513 }
538 514
@@ -727,6 +703,136 @@ static void ieee80211_if_setup(struct net_device *dev)
727 dev->destructor = free_netdev; 703 dev->destructor = free_netdev;
728} 704}
729 705
706static void ieee80211_iface_work(struct work_struct *work)
707{
708 struct ieee80211_sub_if_data *sdata =
709 container_of(work, struct ieee80211_sub_if_data, work);
710 struct ieee80211_local *local = sdata->local;
711 struct sk_buff *skb;
712 struct sta_info *sta;
713 struct ieee80211_ra_tid *ra_tid;
714
715 if (!ieee80211_sdata_running(sdata))
716 return;
717
718 if (local->scanning)
719 return;
720
721 /*
722 * ieee80211_queue_work() should have picked up most cases,
723 * here we'll pick the rest.
724 */
725 if (WARN(local->suspended,
726 "interface work scheduled while going to suspend\n"))
727 return;
728
729 /* first process frames */
730 while ((skb = skb_dequeue(&sdata->skb_queue))) {
731 struct ieee80211_mgmt *mgmt = (void *)skb->data;
732
733 if (skb->pkt_type == IEEE80211_SDATA_QUEUE_AGG_START) {
734 ra_tid = (void *)&skb->cb;
735 ieee80211_start_tx_ba_cb(&sdata->vif, ra_tid->ra,
736 ra_tid->tid);
737 } else if (skb->pkt_type == IEEE80211_SDATA_QUEUE_AGG_STOP) {
738 ra_tid = (void *)&skb->cb;
739 ieee80211_stop_tx_ba_cb(&sdata->vif, ra_tid->ra,
740 ra_tid->tid);
741 } else if (ieee80211_is_action(mgmt->frame_control) &&
742 mgmt->u.action.category == WLAN_CATEGORY_BACK) {
743 int len = skb->len;
744
745 mutex_lock(&local->sta_mtx);
746 sta = sta_info_get_bss(sdata, mgmt->sa);
747 if (sta) {
748 switch (mgmt->u.action.u.addba_req.action_code) {
749 case WLAN_ACTION_ADDBA_REQ:
750 ieee80211_process_addba_request(
751 local, sta, mgmt, len);
752 break;
753 case WLAN_ACTION_ADDBA_RESP:
754 ieee80211_process_addba_resp(local, sta,
755 mgmt, len);
756 break;
757 case WLAN_ACTION_DELBA:
758 ieee80211_process_delba(sdata, sta,
759 mgmt, len);
760 break;
761 default:
762 WARN_ON(1);
763 break;
764 }
765 }
766 mutex_unlock(&local->sta_mtx);
767 } else if (ieee80211_is_data_qos(mgmt->frame_control)) {
768 struct ieee80211_hdr *hdr = (void *)mgmt;
769 /*
770 * So the frame isn't mgmt, but frame_control
771 * is at the right place anyway, of course, so
772 * the if statement is correct.
773 *
774 * Warn if we have other data frame types here,
775 * they must not get here.
776 */
777 WARN_ON(hdr->frame_control &
778 cpu_to_le16(IEEE80211_STYPE_NULLFUNC));
779 WARN_ON(!(hdr->seq_ctrl &
780 cpu_to_le16(IEEE80211_SCTL_FRAG)));
781 /*
782 * This was a fragment of a frame, received while
783 * a block-ack session was active. That cannot be
784 * right, so terminate the session.
785 */
786 mutex_lock(&local->sta_mtx);
787 sta = sta_info_get_bss(sdata, mgmt->sa);
788 if (sta) {
789 u16 tid = *ieee80211_get_qos_ctl(hdr) &
790 IEEE80211_QOS_CTL_TID_MASK;
791
792 __ieee80211_stop_rx_ba_session(
793 sta, tid, WLAN_BACK_RECIPIENT,
794 WLAN_REASON_QSTA_REQUIRE_SETUP);
795 }
796 mutex_unlock(&local->sta_mtx);
797 } else switch (sdata->vif.type) {
798 case NL80211_IFTYPE_STATION:
799 ieee80211_sta_rx_queued_mgmt(sdata, skb);
800 break;
801 case NL80211_IFTYPE_ADHOC:
802 ieee80211_ibss_rx_queued_mgmt(sdata, skb);
803 break;
804 case NL80211_IFTYPE_MESH_POINT:
805 if (!ieee80211_vif_is_mesh(&sdata->vif))
806 break;
807 ieee80211_mesh_rx_queued_mgmt(sdata, skb);
808 break;
809 default:
810 WARN(1, "frame for unexpected interface type");
811 break;
812 }
813
814 kfree_skb(skb);
815 }
816
817 /* then other type-dependent work */
818 switch (sdata->vif.type) {
819 case NL80211_IFTYPE_STATION:
820 ieee80211_sta_work(sdata);
821 break;
822 case NL80211_IFTYPE_ADHOC:
823 ieee80211_ibss_work(sdata);
824 break;
825 case NL80211_IFTYPE_MESH_POINT:
826 if (!ieee80211_vif_is_mesh(&sdata->vif))
827 break;
828 ieee80211_mesh_work(sdata);
829 break;
830 default:
831 break;
832 }
833}
834
835
730/* 836/*
731 * Helper function to initialise an interface to a specific type. 837 * Helper function to initialise an interface to a specific type.
732 */ 838 */
@@ -744,6 +850,9 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
744 /* only monitor differs */ 850 /* only monitor differs */
745 sdata->dev->type = ARPHRD_ETHER; 851 sdata->dev->type = ARPHRD_ETHER;
746 852
853 skb_queue_head_init(&sdata->skb_queue);
854 INIT_WORK(&sdata->work, ieee80211_iface_work);
855
747 switch (type) { 856 switch (type) {
748 case NL80211_IFTYPE_AP: 857 case NL80211_IFTYPE_AP:
749 skb_queue_head_init(&sdata->u.ap.ps_bc_buf); 858 skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
@@ -969,6 +1078,9 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
969 sdata->wdev.wiphy = local->hw.wiphy; 1078 sdata->wdev.wiphy = local->hw.wiphy;
970 sdata->local = local; 1079 sdata->local = local;
971 sdata->dev = ndev; 1080 sdata->dev = ndev;
1081#ifdef CONFIG_INET
1082 sdata->arp_filter_state = true;
1083#endif
972 1084
973 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++) 1085 for (i = 0; i < IEEE80211_FRAGMENT_MAX; i++)
974 skb_queue_head_init(&sdata->fragments[i].skb_list); 1086 skb_queue_head_init(&sdata->fragments[i].skb_list);
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index e8f6e3b252d8..1b9d87ed143a 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -36,80 +36,20 @@
36 * There is currently no way of knowing this except by looking into 36 * There is currently no way of knowing this except by looking into
37 * debugfs. 37 * debugfs.
38 * 38 *
39 * All key operations are protected internally so you can call them at 39 * All key operations are protected internally.
40 * any time.
41 * 40 *
42 * Within mac80211, key references are, just as STA structure references, 41 * Within mac80211, key references are, just as STA structure references,
43 * protected by RCU. Note, however, that some things are unprotected, 42 * protected by RCU. Note, however, that some things are unprotected,
44 * namely the key->sta dereferences within the hardware acceleration 43 * namely the key->sta dereferences within the hardware acceleration
45 * functions. This means that sta_info_destroy() must flush the key todo 44 * functions. This means that sta_info_destroy() must remove the key
46 * list. 45 * which waits for an RCU grace period.
47 *
48 * All the direct key list manipulation functions must not sleep because
49 * they can operate on STA info structs that are protected by RCU.
50 */ 46 */
51 47
52static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 48static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
53 49
54/* key mutex: used to synchronise todo runners */ 50static void assert_key_lock(struct ieee80211_local *local)
55static DEFINE_MUTEX(key_mutex);
56static DEFINE_SPINLOCK(todo_lock);
57static LIST_HEAD(todo_list);
58
59static void key_todo(struct work_struct *work)
60{
61 ieee80211_key_todo();
62}
63
64static DECLARE_WORK(todo_work, key_todo);
65
66/**
67 * add_todo - add todo item for a key
68 *
69 * @key: key to add to do item for
70 * @flag: todo flag(s)
71 *
72 * Must be called with IRQs or softirqs disabled.
73 */
74static void add_todo(struct ieee80211_key *key, u32 flag)
75{
76 if (!key)
77 return;
78
79 spin_lock(&todo_lock);
80 key->flags |= flag;
81 /*
82 * Remove again if already on the list so that we move it to the end.
83 */
84 if (!list_empty(&key->todo))
85 list_del(&key->todo);
86 list_add_tail(&key->todo, &todo_list);
87 schedule_work(&todo_work);
88 spin_unlock(&todo_lock);
89}
90
91/**
92 * ieee80211_key_lock - lock the mac80211 key operation lock
93 *
94 * This locks the (global) mac80211 key operation lock, all
95 * key operations must be done under this lock.
96 */
97static void ieee80211_key_lock(void)
98{
99 mutex_lock(&key_mutex);
100}
101
102/**
103 * ieee80211_key_unlock - unlock the mac80211 key operation lock
104 */
105static void ieee80211_key_unlock(void)
106{
107 mutex_unlock(&key_mutex);
108}
109
110static void assert_key_lock(void)
111{ 51{
112 WARN_ON(!mutex_is_locked(&key_mutex)); 52 WARN_ON(!mutex_is_locked(&local->key_mtx));
113} 53}
114 54
115static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) 55static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
@@ -126,12 +66,13 @@ static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
126 struct ieee80211_sta *sta; 66 struct ieee80211_sta *sta;
127 int ret; 67 int ret;
128 68
129 assert_key_lock();
130 might_sleep(); 69 might_sleep();
131 70
132 if (!key->local->ops->set_key) 71 if (!key->local->ops->set_key)
133 return; 72 return;
134 73
74 assert_key_lock(key->local);
75
135 sta = get_sta_for_key(key); 76 sta = get_sta_for_key(key);
136 77
137 sdata = key->sdata; 78 sdata = key->sdata;
@@ -142,11 +83,8 @@ static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
142 83
143 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 84 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
144 85
145 if (!ret) { 86 if (!ret)
146 spin_lock_bh(&todo_lock);
147 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 87 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
148 spin_unlock_bh(&todo_lock);
149 }
150 88
151 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP) 89 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP)
152 printk(KERN_ERR "mac80211-%s: failed to set key " 90 printk(KERN_ERR "mac80211-%s: failed to set key "
@@ -161,18 +99,15 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
161 struct ieee80211_sta *sta; 99 struct ieee80211_sta *sta;
162 int ret; 100 int ret;
163 101
164 assert_key_lock();
165 might_sleep(); 102 might_sleep();
166 103
167 if (!key || !key->local->ops->set_key) 104 if (!key || !key->local->ops->set_key)
168 return; 105 return;
169 106
170 spin_lock_bh(&todo_lock); 107 assert_key_lock(key->local);
171 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)) { 108
172 spin_unlock_bh(&todo_lock); 109 if (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
173 return; 110 return;
174 }
175 spin_unlock_bh(&todo_lock);
176 111
177 sta = get_sta_for_key(key); 112 sta = get_sta_for_key(key);
178 sdata = key->sdata; 113 sdata = key->sdata;
@@ -191,9 +126,7 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
191 wiphy_name(key->local->hw.wiphy), 126 wiphy_name(key->local->hw.wiphy),
192 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 127 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
193 128
194 spin_lock_bh(&todo_lock);
195 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 129 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
196 spin_unlock_bh(&todo_lock);
197} 130}
198 131
199static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 132static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
@@ -201,22 +134,24 @@ static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
201{ 134{
202 struct ieee80211_key *key = NULL; 135 struct ieee80211_key *key = NULL;
203 136
137 assert_key_lock(sdata->local);
138
204 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 139 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
205 key = sdata->keys[idx]; 140 key = sdata->keys[idx];
206 141
207 rcu_assign_pointer(sdata->default_key, key); 142 rcu_assign_pointer(sdata->default_key, key);
208 143
209 if (key) 144 if (key) {
210 add_todo(key, KEY_FLAG_TODO_DEFKEY); 145 ieee80211_debugfs_key_remove_default(key->sdata);
146 ieee80211_debugfs_key_add_default(key->sdata);
147 }
211} 148}
212 149
213void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) 150void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx)
214{ 151{
215 unsigned long flags; 152 mutex_lock(&sdata->local->key_mtx);
216
217 spin_lock_irqsave(&sdata->local->key_lock, flags);
218 __ieee80211_set_default_key(sdata, idx); 153 __ieee80211_set_default_key(sdata, idx);
219 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 154 mutex_unlock(&sdata->local->key_mtx);
220} 155}
221 156
222static void 157static void
@@ -224,24 +159,26 @@ __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
224{ 159{
225 struct ieee80211_key *key = NULL; 160 struct ieee80211_key *key = NULL;
226 161
162 assert_key_lock(sdata->local);
163
227 if (idx >= NUM_DEFAULT_KEYS && 164 if (idx >= NUM_DEFAULT_KEYS &&
228 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 165 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
229 key = sdata->keys[idx]; 166 key = sdata->keys[idx];
230 167
231 rcu_assign_pointer(sdata->default_mgmt_key, key); 168 rcu_assign_pointer(sdata->default_mgmt_key, key);
232 169
233 if (key) 170 if (key) {
234 add_todo(key, KEY_FLAG_TODO_DEFMGMTKEY); 171 ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
172 ieee80211_debugfs_key_add_mgmt_default(key->sdata);
173 }
235} 174}
236 175
237void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 176void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
238 int idx) 177 int idx)
239{ 178{
240 unsigned long flags; 179 mutex_lock(&sdata->local->key_mtx);
241
242 spin_lock_irqsave(&sdata->local->key_lock, flags);
243 __ieee80211_set_default_mgmt_key(sdata, idx); 180 __ieee80211_set_default_mgmt_key(sdata, idx);
244 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 181 mutex_unlock(&sdata->local->key_mtx);
245} 182}
246 183
247 184
@@ -336,7 +273,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
336 key->conf.iv_len = CCMP_HDR_LEN; 273 key->conf.iv_len = CCMP_HDR_LEN;
337 key->conf.icv_len = CCMP_MIC_LEN; 274 key->conf.icv_len = CCMP_MIC_LEN;
338 if (seq) { 275 if (seq) {
339 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 276 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
340 for (j = 0; j < CCMP_PN_LEN; j++) 277 for (j = 0; j < CCMP_PN_LEN; j++)
341 key->u.ccmp.rx_pn[i][j] = 278 key->u.ccmp.rx_pn[i][j] =
342 seq[CCMP_PN_LEN - j - 1]; 279 seq[CCMP_PN_LEN - j - 1];
@@ -352,7 +289,6 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
352 } 289 }
353 memcpy(key->conf.key, key_data, key_len); 290 memcpy(key->conf.key, key_data, key_len);
354 INIT_LIST_HEAD(&key->list); 291 INIT_LIST_HEAD(&key->list);
355 INIT_LIST_HEAD(&key->todo);
356 292
357 if (alg == ALG_CCMP) { 293 if (alg == ALG_CCMP) {
358 /* 294 /*
@@ -382,12 +318,29 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
382 return key; 318 return key;
383} 319}
384 320
321static void __ieee80211_key_destroy(struct ieee80211_key *key)
322{
323 if (!key)
324 return;
325
326 if (key->local)
327 ieee80211_key_disable_hw_accel(key);
328
329 if (key->conf.alg == ALG_CCMP)
330 ieee80211_aes_key_free(key->u.ccmp.tfm);
331 if (key->conf.alg == ALG_AES_CMAC)
332 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
333 if (key->local)
334 ieee80211_debugfs_key_remove(key);
335
336 kfree(key);
337}
338
385void ieee80211_key_link(struct ieee80211_key *key, 339void ieee80211_key_link(struct ieee80211_key *key,
386 struct ieee80211_sub_if_data *sdata, 340 struct ieee80211_sub_if_data *sdata,
387 struct sta_info *sta) 341 struct sta_info *sta)
388{ 342{
389 struct ieee80211_key *old_key; 343 struct ieee80211_key *old_key;
390 unsigned long flags;
391 int idx; 344 int idx;
392 345
393 BUG_ON(!sdata); 346 BUG_ON(!sdata);
@@ -431,7 +384,7 @@ void ieee80211_key_link(struct ieee80211_key *key,
431 } 384 }
432 } 385 }
433 386
434 spin_lock_irqsave(&sdata->local->key_lock, flags); 387 mutex_lock(&sdata->local->key_mtx);
435 388
436 if (sta) 389 if (sta)
437 old_key = sta->key; 390 old_key = sta->key;
@@ -439,15 +392,13 @@ void ieee80211_key_link(struct ieee80211_key *key,
439 old_key = sdata->keys[idx]; 392 old_key = sdata->keys[idx];
440 393
441 __ieee80211_key_replace(sdata, sta, old_key, key); 394 __ieee80211_key_replace(sdata, sta, old_key, key);
395 __ieee80211_key_destroy(old_key);
442 396
443 /* free old key later */ 397 ieee80211_debugfs_key_add(key);
444 add_todo(old_key, KEY_FLAG_TODO_DELETE);
445 398
446 add_todo(key, KEY_FLAG_TODO_ADD_DEBUGFS); 399 ieee80211_key_enable_hw_accel(key);
447 if (ieee80211_sdata_running(sdata))
448 add_todo(key, KEY_FLAG_TODO_HWACCEL_ADD);
449 400
450 spin_unlock_irqrestore(&sdata->local->key_lock, flags); 401 mutex_unlock(&sdata->local->key_mtx);
451} 402}
452 403
453static void __ieee80211_key_free(struct ieee80211_key *key) 404static void __ieee80211_key_free(struct ieee80211_key *key)
@@ -458,170 +409,62 @@ static void __ieee80211_key_free(struct ieee80211_key *key)
458 if (key->sdata) 409 if (key->sdata)
459 __ieee80211_key_replace(key->sdata, key->sta, 410 __ieee80211_key_replace(key->sdata, key->sta,
460 key, NULL); 411 key, NULL);
461 412 __ieee80211_key_destroy(key);
462 add_todo(key, KEY_FLAG_TODO_DELETE);
463} 413}
464 414
465void ieee80211_key_free(struct ieee80211_key *key) 415void ieee80211_key_free(struct ieee80211_local *local,
416 struct ieee80211_key *key)
466{ 417{
467 unsigned long flags;
468
469 if (!key) 418 if (!key)
470 return; 419 return;
471 420
472 if (!key->sdata) { 421 mutex_lock(&local->key_mtx);
473 /* The key has not been linked yet, simply free it
474 * and don't Oops */
475 if (key->conf.alg == ALG_CCMP)
476 ieee80211_aes_key_free(key->u.ccmp.tfm);
477 kfree(key);
478 return;
479 }
480
481 spin_lock_irqsave(&key->sdata->local->key_lock, flags);
482 __ieee80211_key_free(key); 422 __ieee80211_key_free(key);
483 spin_unlock_irqrestore(&key->sdata->local->key_lock, flags); 423 mutex_unlock(&local->key_mtx);
484} 424}
485 425
486/* 426void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
487 * To be safe against concurrent manipulations of the list (which shouldn't
488 * actually happen) we need to hold the spinlock. But under the spinlock we
489 * can't actually do much, so we defer processing to the todo list. Then run
490 * the todo list to be sure the operation and possibly previously pending
491 * operations are completed.
492 */
493static void ieee80211_todo_for_each_key(struct ieee80211_sub_if_data *sdata,
494 u32 todo_flags)
495{ 427{
496 struct ieee80211_key *key; 428 struct ieee80211_key *key;
497 unsigned long flags;
498
499 might_sleep();
500
501 spin_lock_irqsave(&sdata->local->key_lock, flags);
502 list_for_each_entry(key, &sdata->key_list, list)
503 add_todo(key, todo_flags);
504 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
505 429
506 ieee80211_key_todo();
507}
508
509void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata)
510{
511 ASSERT_RTNL(); 430 ASSERT_RTNL();
512 431
513 if (WARN_ON(!ieee80211_sdata_running(sdata))) 432 if (WARN_ON(!ieee80211_sdata_running(sdata)))
514 return; 433 return;
515 434
516 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_ADD); 435 mutex_lock(&sdata->local->key_mtx);
517}
518 436
519void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata) 437 list_for_each_entry(key, &sdata->key_list, list)
520{ 438 ieee80211_key_enable_hw_accel(key);
521 ASSERT_RTNL();
522
523 ieee80211_todo_for_each_key(sdata, KEY_FLAG_TODO_HWACCEL_REMOVE);
524}
525
526static void __ieee80211_key_destroy(struct ieee80211_key *key)
527{
528 if (!key)
529 return;
530
531 ieee80211_key_disable_hw_accel(key);
532
533 if (key->conf.alg == ALG_CCMP)
534 ieee80211_aes_key_free(key->u.ccmp.tfm);
535 if (key->conf.alg == ALG_AES_CMAC)
536 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
537 ieee80211_debugfs_key_remove(key);
538 439
539 kfree(key); 440 mutex_unlock(&sdata->local->key_mtx);
540} 441}
541 442
542static void __ieee80211_key_todo(void) 443void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata)
543{ 444{
544 struct ieee80211_key *key; 445 struct ieee80211_key *key;
545 bool work_done;
546 u32 todoflags;
547 446
548 /* 447 ASSERT_RTNL();
549 * NB: sta_info_destroy relies on this!
550 */
551 synchronize_rcu();
552
553 spin_lock_bh(&todo_lock);
554 while (!list_empty(&todo_list)) {
555 key = list_first_entry(&todo_list, struct ieee80211_key, todo);
556 list_del_init(&key->todo);
557 todoflags = key->flags & (KEY_FLAG_TODO_ADD_DEBUGFS |
558 KEY_FLAG_TODO_DEFKEY |
559 KEY_FLAG_TODO_DEFMGMTKEY |
560 KEY_FLAG_TODO_HWACCEL_ADD |
561 KEY_FLAG_TODO_HWACCEL_REMOVE |
562 KEY_FLAG_TODO_DELETE);
563 key->flags &= ~todoflags;
564 spin_unlock_bh(&todo_lock);
565
566 work_done = false;
567
568 if (todoflags & KEY_FLAG_TODO_ADD_DEBUGFS) {
569 ieee80211_debugfs_key_add(key);
570 work_done = true;
571 }
572 if (todoflags & KEY_FLAG_TODO_DEFKEY) {
573 ieee80211_debugfs_key_remove_default(key->sdata);
574 ieee80211_debugfs_key_add_default(key->sdata);
575 work_done = true;
576 }
577 if (todoflags & KEY_FLAG_TODO_DEFMGMTKEY) {
578 ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
579 ieee80211_debugfs_key_add_mgmt_default(key->sdata);
580 work_done = true;
581 }
582 if (todoflags & KEY_FLAG_TODO_HWACCEL_ADD) {
583 ieee80211_key_enable_hw_accel(key);
584 work_done = true;
585 }
586 if (todoflags & KEY_FLAG_TODO_HWACCEL_REMOVE) {
587 ieee80211_key_disable_hw_accel(key);
588 work_done = true;
589 }
590 if (todoflags & KEY_FLAG_TODO_DELETE) {
591 __ieee80211_key_destroy(key);
592 work_done = true;
593 }
594 448
595 WARN_ON(!work_done); 449 mutex_lock(&sdata->local->key_mtx);
596 450
597 spin_lock_bh(&todo_lock); 451 list_for_each_entry(key, &sdata->key_list, list)
598 } 452 ieee80211_key_disable_hw_accel(key);
599 spin_unlock_bh(&todo_lock);
600}
601 453
602void ieee80211_key_todo(void) 454 mutex_unlock(&sdata->local->key_mtx);
603{
604 ieee80211_key_lock();
605 __ieee80211_key_todo();
606 ieee80211_key_unlock();
607} 455}
608 456
609void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata) 457void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
610{ 458{
611 struct ieee80211_key *key, *tmp; 459 struct ieee80211_key *key, *tmp;
612 unsigned long flags;
613 460
614 ieee80211_key_lock(); 461 mutex_lock(&sdata->local->key_mtx);
615 462
616 ieee80211_debugfs_key_remove_default(sdata); 463 ieee80211_debugfs_key_remove_default(sdata);
617 ieee80211_debugfs_key_remove_mgmt_default(sdata); 464 ieee80211_debugfs_key_remove_mgmt_default(sdata);
618 465
619 spin_lock_irqsave(&sdata->local->key_lock, flags);
620 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 466 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
621 __ieee80211_key_free(key); 467 __ieee80211_key_free(key);
622 spin_unlock_irqrestore(&sdata->local->key_lock, flags);
623
624 __ieee80211_key_todo();
625 468
626 ieee80211_key_unlock(); 469 mutex_unlock(&sdata->local->key_mtx);
627} 470}
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index bdc2968c2bbe..b665bbb7a471 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -38,25 +38,9 @@ struct sta_info;
38 * 38 *
39 * @KEY_FLAG_UPLOADED_TO_HARDWARE: Indicates that this key is present 39 * @KEY_FLAG_UPLOADED_TO_HARDWARE: Indicates that this key is present
40 * in the hardware for TX crypto hardware acceleration. 40 * in the hardware for TX crypto hardware acceleration.
41 * @KEY_FLAG_TODO_DELETE: Key is marked for deletion and will, after an
42 * RCU grace period, no longer be reachable other than from the
43 * todo list.
44 * @KEY_FLAG_TODO_HWACCEL_ADD: Key needs to be added to hardware acceleration.
45 * @KEY_FLAG_TODO_HWACCEL_REMOVE: Key needs to be removed from hardware
46 * acceleration.
47 * @KEY_FLAG_TODO_DEFKEY: Key is default key and debugfs needs to be updated.
48 * @KEY_FLAG_TODO_ADD_DEBUGFS: Key needs to be added to debugfs.
49 * @KEY_FLAG_TODO_DEFMGMTKEY: Key is default management key and debugfs needs
50 * to be updated.
51 */ 41 */
52enum ieee80211_internal_key_flags { 42enum ieee80211_internal_key_flags {
53 KEY_FLAG_UPLOADED_TO_HARDWARE = BIT(0), 43 KEY_FLAG_UPLOADED_TO_HARDWARE = BIT(0),
54 KEY_FLAG_TODO_DELETE = BIT(1),
55 KEY_FLAG_TODO_HWACCEL_ADD = BIT(2),
56 KEY_FLAG_TODO_HWACCEL_REMOVE = BIT(3),
57 KEY_FLAG_TODO_DEFKEY = BIT(4),
58 KEY_FLAG_TODO_ADD_DEBUGFS = BIT(5),
59 KEY_FLAG_TODO_DEFMGMTKEY = BIT(6),
60}; 44};
61 45
62enum ieee80211_internal_tkip_state { 46enum ieee80211_internal_tkip_state {
@@ -79,10 +63,8 @@ struct ieee80211_key {
79 63
80 /* for sdata list */ 64 /* for sdata list */
81 struct list_head list; 65 struct list_head list;
82 /* for todo list */
83 struct list_head todo;
84 66
85 /* protected by todo lock! */ 67 /* protected by key mutex */
86 unsigned int flags; 68 unsigned int flags;
87 69
88 union { 70 union {
@@ -95,7 +77,13 @@ struct ieee80211_key {
95 } tkip; 77 } tkip;
96 struct { 78 struct {
97 u8 tx_pn[6]; 79 u8 tx_pn[6];
98 u8 rx_pn[NUM_RX_DATA_QUEUES][6]; 80 /*
81 * Last received packet number. The first
82 * NUM_RX_DATA_QUEUES counters are used with Data
83 * frames and the last counter is used with Robust
84 * Management frames.
85 */
86 u8 rx_pn[NUM_RX_DATA_QUEUES + 1][6];
99 struct crypto_cipher *tfm; 87 struct crypto_cipher *tfm;
100 u32 replays; /* dot11RSNAStatsCCMPReplays */ 88 u32 replays; /* dot11RSNAStatsCCMPReplays */
101 /* scratch buffers for virt_to_page() (crypto API) */ 89 /* scratch buffers for virt_to_page() (crypto API) */
@@ -147,7 +135,8 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
147void ieee80211_key_link(struct ieee80211_key *key, 135void ieee80211_key_link(struct ieee80211_key *key,
148 struct ieee80211_sub_if_data *sdata, 136 struct ieee80211_sub_if_data *sdata,
149 struct sta_info *sta); 137 struct sta_info *sta);
150void ieee80211_key_free(struct ieee80211_key *key); 138void ieee80211_key_free(struct ieee80211_local *local,
139 struct ieee80211_key *key);
151void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx); 140void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx);
152void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 141void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
153 int idx); 142 int idx);
@@ -155,6 +144,4 @@ void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata);
155void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata); 144void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata);
156void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata); 145void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata);
157 146
158void ieee80211_key_todo(void);
159
160#endif /* IEEE80211_KEY_H */ 147#endif /* IEEE80211_KEY_H */
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index 22a384dfab65..798a91b100cc 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -20,6 +20,7 @@
20#include <linux/rtnetlink.h> 20#include <linux/rtnetlink.h>
21#include <linux/bitmap.h> 21#include <linux/bitmap.h>
22#include <linux/pm_qos_params.h> 22#include <linux/pm_qos_params.h>
23#include <linux/inetdevice.h>
23#include <net/net_namespace.h> 24#include <net/net_namespace.h>
24#include <net/cfg80211.h> 25#include <net/cfg80211.h>
25 26
@@ -106,12 +107,15 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
106 if (scan_chan) { 107 if (scan_chan) {
107 chan = scan_chan; 108 chan = scan_chan;
108 channel_type = NL80211_CHAN_NO_HT; 109 channel_type = NL80211_CHAN_NO_HT;
110 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
109 } else if (local->tmp_channel) { 111 } else if (local->tmp_channel) {
110 chan = scan_chan = local->tmp_channel; 112 chan = scan_chan = local->tmp_channel;
111 channel_type = local->tmp_channel_type; 113 channel_type = local->tmp_channel_type;
114 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
112 } else { 115 } else {
113 chan = local->oper_channel; 116 chan = local->oper_channel;
114 channel_type = local->_oper_channel_type; 117 channel_type = local->_oper_channel_type;
118 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL;
115 } 119 }
116 120
117 if (chan != local->hw.conf.channel || 121 if (chan != local->hw.conf.channel ||
@@ -259,7 +263,6 @@ static void ieee80211_tasklet_handler(unsigned long data)
259{ 263{
260 struct ieee80211_local *local = (struct ieee80211_local *) data; 264 struct ieee80211_local *local = (struct ieee80211_local *) data;
261 struct sk_buff *skb; 265 struct sk_buff *skb;
262 struct ieee80211_ra_tid *ra_tid;
263 266
264 while ((skb = skb_dequeue(&local->skb_queue)) || 267 while ((skb = skb_dequeue(&local->skb_queue)) ||
265 (skb = skb_dequeue(&local->skb_queue_unreliable))) { 268 (skb = skb_dequeue(&local->skb_queue_unreliable))) {
@@ -274,18 +277,6 @@ static void ieee80211_tasklet_handler(unsigned long data)
274 skb->pkt_type = 0; 277 skb->pkt_type = 0;
275 ieee80211_tx_status(local_to_hw(local), skb); 278 ieee80211_tx_status(local_to_hw(local), skb);
276 break; 279 break;
277 case IEEE80211_DELBA_MSG:
278 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
279 ieee80211_stop_tx_ba_cb(ra_tid->vif, ra_tid->ra,
280 ra_tid->tid);
281 dev_kfree_skb(skb);
282 break;
283 case IEEE80211_ADDBA_MSG:
284 ra_tid = (struct ieee80211_ra_tid *) &skb->cb;
285 ieee80211_start_tx_ba_cb(ra_tid->vif, ra_tid->ra,
286 ra_tid->tid);
287 dev_kfree_skb(skb);
288 break ;
289 default: 280 default:
290 WARN(1, "mac80211: Packet is of unknown type %d\n", 281 WARN(1, "mac80211: Packet is of unknown type %d\n",
291 skb->pkt_type); 282 skb->pkt_type);
@@ -329,6 +320,76 @@ static void ieee80211_recalc_smps_work(struct work_struct *work)
329 mutex_unlock(&local->iflist_mtx); 320 mutex_unlock(&local->iflist_mtx);
330} 321}
331 322
323#ifdef CONFIG_INET
324static int ieee80211_ifa_changed(struct notifier_block *nb,
325 unsigned long data, void *arg)
326{
327 struct in_ifaddr *ifa = arg;
328 struct ieee80211_local *local =
329 container_of(nb, struct ieee80211_local,
330 ifa_notifier);
331 struct net_device *ndev = ifa->ifa_dev->dev;
332 struct wireless_dev *wdev = ndev->ieee80211_ptr;
333 struct in_device *idev;
334 struct ieee80211_sub_if_data *sdata;
335 struct ieee80211_bss_conf *bss_conf;
336 struct ieee80211_if_managed *ifmgd;
337 int c = 0;
338
339 if (!netif_running(ndev))
340 return NOTIFY_DONE;
341
342 /* Make sure it's our interface that got changed */
343 if (!wdev)
344 return NOTIFY_DONE;
345
346 if (wdev->wiphy != local->hw.wiphy)
347 return NOTIFY_DONE;
348
349 sdata = IEEE80211_DEV_TO_SUB_IF(ndev);
350 bss_conf = &sdata->vif.bss_conf;
351
352 /* ARP filtering is only supported in managed mode */
353 if (sdata->vif.type != NL80211_IFTYPE_STATION)
354 return NOTIFY_DONE;
355
356 idev = sdata->dev->ip_ptr;
357 if (!idev)
358 return NOTIFY_DONE;
359
360 ifmgd = &sdata->u.mgd;
361 mutex_lock(&ifmgd->mtx);
362
363 /* Copy the addresses to the bss_conf list */
364 ifa = idev->ifa_list;
365 while (c < IEEE80211_BSS_ARP_ADDR_LIST_LEN && ifa) {
366 bss_conf->arp_addr_list[c] = ifa->ifa_address;
367 ifa = ifa->ifa_next;
368 c++;
369 }
370
371 /* If not all addresses fit the list, disable filtering */
372 if (ifa) {
373 sdata->arp_filter_state = false;
374 c = 0;
375 } else {
376 sdata->arp_filter_state = true;
377 }
378 bss_conf->arp_addr_cnt = c;
379
380 /* Configure driver only if associated */
381 if (ifmgd->associated) {
382 bss_conf->arp_filter_enabled = sdata->arp_filter_state;
383 ieee80211_bss_info_change_notify(sdata,
384 BSS_CHANGED_ARP_FILTER);
385 }
386
387 mutex_unlock(&ifmgd->mtx);
388
389 return NOTIFY_DONE;
390}
391#endif
392
332struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len, 393struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
333 const struct ieee80211_ops *ops) 394 const struct ieee80211_ops *ops)
334{ 395{
@@ -396,7 +457,7 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
396 mutex_init(&local->iflist_mtx); 457 mutex_init(&local->iflist_mtx);
397 mutex_init(&local->scan_mtx); 458 mutex_init(&local->scan_mtx);
398 459
399 spin_lock_init(&local->key_lock); 460 mutex_init(&local->key_mtx);
400 spin_lock_init(&local->filter_lock); 461 spin_lock_init(&local->filter_lock);
401 spin_lock_init(&local->queue_stop_reason_lock); 462 spin_lock_init(&local->queue_stop_reason_lock);
402 463
@@ -419,8 +480,10 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
419 480
420 sta_info_init(local); 481 sta_info_init(local);
421 482
422 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) 483 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
423 skb_queue_head_init(&local->pending[i]); 484 skb_queue_head_init(&local->pending[i]);
485 atomic_set(&local->agg_queue_stop[i], 0);
486 }
424 tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending, 487 tasklet_init(&local->tx_pending_tasklet, ieee80211_tx_pending,
425 (unsigned long)local); 488 (unsigned long)local);
426 489
@@ -431,8 +494,6 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
431 skb_queue_head_init(&local->skb_queue); 494 skb_queue_head_init(&local->skb_queue);
432 skb_queue_head_init(&local->skb_queue_unreliable); 495 skb_queue_head_init(&local->skb_queue_unreliable);
433 496
434 spin_lock_init(&local->ampdu_lock);
435
436 return local_to_hw(local); 497 return local_to_hw(local);
437} 498}
438EXPORT_SYMBOL(ieee80211_alloc_hw); 499EXPORT_SYMBOL(ieee80211_alloc_hw);
@@ -572,18 +633,16 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
572 633
573 local->hw.conf.listen_interval = local->hw.max_listen_interval; 634 local->hw.conf.listen_interval = local->hw.max_listen_interval;
574 635
575 local->hw.conf.dynamic_ps_forced_timeout = -1; 636 local->dynamic_ps_forced_timeout = -1;
576 637
577 result = sta_info_start(local); 638 result = sta_info_start(local);
578 if (result < 0) 639 if (result < 0)
579 goto fail_sta_info; 640 goto fail_sta_info;
580 641
581 result = ieee80211_wep_init(local); 642 result = ieee80211_wep_init(local);
582 if (result < 0) { 643 if (result < 0)
583 printk(KERN_DEBUG "%s: Failed to initialize wep: %d\n", 644 printk(KERN_DEBUG "%s: Failed to initialize wep: %d\n",
584 wiphy_name(local->hw.wiphy), result); 645 wiphy_name(local->hw.wiphy), result);
585 goto fail_wep;
586 }
587 646
588 rtnl_lock(); 647 rtnl_lock();
589 648
@@ -612,21 +671,32 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
612 ieee80211_max_network_latency; 671 ieee80211_max_network_latency;
613 result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY, 672 result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY,
614 &local->network_latency_notifier); 673 &local->network_latency_notifier);
615
616 if (result) { 674 if (result) {
617 rtnl_lock(); 675 rtnl_lock();
618 goto fail_pm_qos; 676 goto fail_pm_qos;
619 } 677 }
620 678
679#ifdef CONFIG_INET
680 local->ifa_notifier.notifier_call = ieee80211_ifa_changed;
681 result = register_inetaddr_notifier(&local->ifa_notifier);
682 if (result)
683 goto fail_ifa;
684#endif
685
621 return 0; 686 return 0;
622 687
688#ifdef CONFIG_INET
689 fail_ifa:
690 pm_qos_remove_notifier(PM_QOS_NETWORK_LATENCY,
691 &local->network_latency_notifier);
692 rtnl_lock();
693#endif
623 fail_pm_qos: 694 fail_pm_qos:
624 ieee80211_led_exit(local); 695 ieee80211_led_exit(local);
625 ieee80211_remove_interfaces(local); 696 ieee80211_remove_interfaces(local);
626 fail_rate: 697 fail_rate:
627 rtnl_unlock(); 698 rtnl_unlock();
628 ieee80211_wep_free(local); 699 ieee80211_wep_free(local);
629 fail_wep:
630 sta_info_stop(local); 700 sta_info_stop(local);
631 fail_sta_info: 701 fail_sta_info:
632 destroy_workqueue(local->workqueue); 702 destroy_workqueue(local->workqueue);
@@ -647,6 +717,9 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
647 717
648 pm_qos_remove_notifier(PM_QOS_NETWORK_LATENCY, 718 pm_qos_remove_notifier(PM_QOS_NETWORK_LATENCY,
649 &local->network_latency_notifier); 719 &local->network_latency_notifier);
720#ifdef CONFIG_INET
721 unregister_inetaddr_notifier(&local->ifa_notifier);
722#endif
650 723
651 rtnl_lock(); 724 rtnl_lock();
652 725
@@ -704,6 +777,10 @@ static int __init ieee80211_init(void)
704 if (ret) 777 if (ret)
705 return ret; 778 return ret;
706 779
780 ret = rc80211_minstrel_ht_init();
781 if (ret)
782 goto err_minstrel;
783
707 ret = rc80211_pid_init(); 784 ret = rc80211_pid_init();
708 if (ret) 785 if (ret)
709 goto err_pid; 786 goto err_pid;
@@ -716,6 +793,8 @@ static int __init ieee80211_init(void)
716 err_netdev: 793 err_netdev:
717 rc80211_pid_exit(); 794 rc80211_pid_exit();
718 err_pid: 795 err_pid:
796 rc80211_minstrel_ht_exit();
797 err_minstrel:
719 rc80211_minstrel_exit(); 798 rc80211_minstrel_exit();
720 799
721 return ret; 800 return ret;
@@ -724,6 +803,7 @@ static int __init ieee80211_init(void)
724static void __exit ieee80211_exit(void) 803static void __exit ieee80211_exit(void)
725{ 804{
726 rc80211_pid_exit(); 805 rc80211_pid_exit();
806 rc80211_minstrel_ht_exit();
727 rc80211_minstrel_exit(); 807 rc80211_minstrel_exit();
728 808
729 /* 809 /*
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index bde81031727a..c8a4f19ed13b 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -54,7 +54,7 @@ static void ieee80211_mesh_housekeeping_timer(unsigned long data)
54 return; 54 return;
55 } 55 }
56 56
57 ieee80211_queue_work(&local->hw, &ifmsh->work); 57 ieee80211_queue_work(&local->hw, &sdata->work);
58} 58}
59 59
60/** 60/**
@@ -345,7 +345,7 @@ static void ieee80211_mesh_path_timer(unsigned long data)
345 return; 345 return;
346 } 346 }
347 347
348 ieee80211_queue_work(&local->hw, &ifmsh->work); 348 ieee80211_queue_work(&local->hw, &sdata->work);
349} 349}
350 350
351static void ieee80211_mesh_path_root_timer(unsigned long data) 351static void ieee80211_mesh_path_root_timer(unsigned long data)
@@ -362,7 +362,7 @@ static void ieee80211_mesh_path_root_timer(unsigned long data)
362 return; 362 return;
363 } 363 }
364 364
365 ieee80211_queue_work(&local->hw, &ifmsh->work); 365 ieee80211_queue_work(&local->hw, &sdata->work);
366} 366}
367 367
368void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh) 368void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh)
@@ -484,9 +484,6 @@ void ieee80211_mesh_quiesce(struct ieee80211_sub_if_data *sdata)
484{ 484{
485 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 485 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
486 486
487 /* might restart the timer but that doesn't matter */
488 cancel_work_sync(&ifmsh->work);
489
490 /* use atomic bitops in case both timers fire at the same time */ 487 /* use atomic bitops in case both timers fire at the same time */
491 488
492 if (del_timer_sync(&ifmsh->housekeeping_timer)) 489 if (del_timer_sync(&ifmsh->housekeeping_timer))
@@ -518,7 +515,7 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
518 515
519 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags); 516 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
520 ieee80211_mesh_root_setup(ifmsh); 517 ieee80211_mesh_root_setup(ifmsh);
521 ieee80211_queue_work(&local->hw, &ifmsh->work); 518 ieee80211_queue_work(&local->hw, &sdata->work);
522 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL; 519 sdata->vif.bss_conf.beacon_int = MESH_DEFAULT_BEACON_INTERVAL;
523 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON | 520 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON |
524 BSS_CHANGED_BEACON_ENABLED | 521 BSS_CHANGED_BEACON_ENABLED |
@@ -536,16 +533,7 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
536 * whether the interface is running, which, at this point, 533 * whether the interface is running, which, at this point,
537 * it no longer is. 534 * it no longer is.
538 */ 535 */
539 cancel_work_sync(&sdata->u.mesh.work); 536 cancel_work_sync(&sdata->work);
540
541 /*
542 * When we get here, the interface is marked down.
543 * Call synchronize_rcu() to wait for the RX path
544 * should it be using the interface and enqueuing
545 * frames at this very time on another CPU.
546 */
547 rcu_barrier(); /* Wait for RX path and call_rcu()'s */
548 skb_queue_purge(&sdata->u.mesh.skb_queue);
549} 537}
550 538
551static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, 539static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
@@ -608,8 +596,8 @@ static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
608 } 596 }
609} 597}
610 598
611static void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 599void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
612 struct sk_buff *skb) 600 struct sk_buff *skb)
613{ 601{
614 struct ieee80211_rx_status *rx_status; 602 struct ieee80211_rx_status *rx_status;
615 struct ieee80211_if_mesh *ifmsh; 603 struct ieee80211_if_mesh *ifmsh;
@@ -632,26 +620,11 @@ static void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
632 ieee80211_mesh_rx_mgmt_action(sdata, mgmt, skb->len, rx_status); 620 ieee80211_mesh_rx_mgmt_action(sdata, mgmt, skb->len, rx_status);
633 break; 621 break;
634 } 622 }
635
636 kfree_skb(skb);
637} 623}
638 624
639static void ieee80211_mesh_work(struct work_struct *work) 625void ieee80211_mesh_work(struct ieee80211_sub_if_data *sdata)
640{ 626{
641 struct ieee80211_sub_if_data *sdata =
642 container_of(work, struct ieee80211_sub_if_data, u.mesh.work);
643 struct ieee80211_local *local = sdata->local;
644 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 627 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
645 struct sk_buff *skb;
646
647 if (!ieee80211_sdata_running(sdata))
648 return;
649
650 if (local->scanning)
651 return;
652
653 while ((skb = skb_dequeue(&ifmsh->skb_queue)))
654 ieee80211_mesh_rx_queued_mgmt(sdata, skb);
655 628
656 if (ifmsh->preq_queue_len && 629 if (ifmsh->preq_queue_len &&
657 time_after(jiffies, 630 time_after(jiffies,
@@ -678,7 +651,7 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
678 rcu_read_lock(); 651 rcu_read_lock();
679 list_for_each_entry_rcu(sdata, &local->interfaces, list) 652 list_for_each_entry_rcu(sdata, &local->interfaces, list)
680 if (ieee80211_vif_is_mesh(&sdata->vif)) 653 if (ieee80211_vif_is_mesh(&sdata->vif))
681 ieee80211_queue_work(&local->hw, &sdata->u.mesh.work); 654 ieee80211_queue_work(&local->hw, &sdata->work);
682 rcu_read_unlock(); 655 rcu_read_unlock();
683} 656}
684 657
@@ -686,11 +659,9 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
686{ 659{
687 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 660 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
688 661
689 INIT_WORK(&ifmsh->work, ieee80211_mesh_work);
690 setup_timer(&ifmsh->housekeeping_timer, 662 setup_timer(&ifmsh->housekeeping_timer,
691 ieee80211_mesh_housekeeping_timer, 663 ieee80211_mesh_housekeeping_timer,
692 (unsigned long) sdata); 664 (unsigned long) sdata);
693 skb_queue_head_init(&sdata->u.mesh.skb_queue);
694 665
695 ifmsh->mshcfg.dot11MeshRetryTimeout = MESH_RET_T; 666 ifmsh->mshcfg.dot11MeshRetryTimeout = MESH_RET_T;
696 ifmsh->mshcfg.dot11MeshConfirmTimeout = MESH_CONF_T; 667 ifmsh->mshcfg.dot11MeshConfirmTimeout = MESH_CONF_T;
@@ -731,29 +702,3 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
731 INIT_LIST_HEAD(&ifmsh->preq_queue.list); 702 INIT_LIST_HEAD(&ifmsh->preq_queue.list);
732 spin_lock_init(&ifmsh->mesh_preq_queue_lock); 703 spin_lock_init(&ifmsh->mesh_preq_queue_lock);
733} 704}
734
735ieee80211_rx_result
736ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
737{
738 struct ieee80211_local *local = sdata->local;
739 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
740 struct ieee80211_mgmt *mgmt;
741 u16 fc;
742
743 if (skb->len < 24)
744 return RX_DROP_MONITOR;
745
746 mgmt = (struct ieee80211_mgmt *) skb->data;
747 fc = le16_to_cpu(mgmt->frame_control);
748
749 switch (fc & IEEE80211_FCTL_STYPE) {
750 case IEEE80211_STYPE_ACTION:
751 case IEEE80211_STYPE_PROBE_RESP:
752 case IEEE80211_STYPE_BEACON:
753 skb_queue_tail(&ifmsh->skb_queue, skb);
754 ieee80211_queue_work(&local->hw, &ifmsh->work);
755 return RX_QUEUED;
756 }
757
758 return RX_CONTINUE;
759}
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index c88087f1cd0f..ebd3f1d9d889 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -237,8 +237,6 @@ void ieee80211s_update_metric(struct ieee80211_local *local,
237 struct sta_info *stainfo, struct sk_buff *skb); 237 struct sta_info *stainfo, struct sk_buff *skb);
238void ieee80211s_stop(void); 238void ieee80211s_stop(void);
239void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata); 239void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata);
240ieee80211_rx_result
241ieee80211_mesh_rx_mgmt(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb);
242void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata); 240void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata);
243void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata); 241void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata);
244void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh); 242void ieee80211_mesh_root_setup(struct ieee80211_if_mesh *ifmsh);
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 0705018d8d1e..829e08a657d0 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -805,14 +805,14 @@ static void mesh_queue_preq(struct mesh_path *mpath, u8 flags)
805 spin_unlock(&ifmsh->mesh_preq_queue_lock); 805 spin_unlock(&ifmsh->mesh_preq_queue_lock);
806 806
807 if (time_after(jiffies, ifmsh->last_preq + min_preq_int_jiff(sdata))) 807 if (time_after(jiffies, ifmsh->last_preq + min_preq_int_jiff(sdata)))
808 ieee80211_queue_work(&sdata->local->hw, &ifmsh->work); 808 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
809 809
810 else if (time_before(jiffies, ifmsh->last_preq)) { 810 else if (time_before(jiffies, ifmsh->last_preq)) {
811 /* avoid long wait if did not send preqs for a long time 811 /* avoid long wait if did not send preqs for a long time
812 * and jiffies wrapped around 812 * and jiffies wrapped around
813 */ 813 */
814 ifmsh->last_preq = jiffies - min_preq_int_jiff(sdata) - 1; 814 ifmsh->last_preq = jiffies - min_preq_int_jiff(sdata) - 1;
815 ieee80211_queue_work(&sdata->local->hw, &ifmsh->work); 815 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
816 } else 816 } else
817 mod_timer(&ifmsh->mesh_path_timer, ifmsh->last_preq + 817 mod_timer(&ifmsh->mesh_path_timer, ifmsh->last_preq +
818 min_preq_int_jiff(sdata)); 818 min_preq_int_jiff(sdata));
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 181ffd6efd81..349e466cf08b 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -315,7 +315,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
315 read_unlock(&pathtbl_resize_lock); 315 read_unlock(&pathtbl_resize_lock);
316 if (grow) { 316 if (grow) {
317 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags); 317 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags);
318 ieee80211_queue_work(&local->hw, &ifmsh->work); 318 ieee80211_queue_work(&local->hw, &sdata->work);
319 } 319 }
320 return 0; 320 return 0;
321 321
@@ -425,7 +425,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
425 read_unlock(&pathtbl_resize_lock); 425 read_unlock(&pathtbl_resize_lock);
426 if (grow) { 426 if (grow) {
427 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags); 427 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags);
428 ieee80211_queue_work(&local->hw, &ifmsh->work); 428 ieee80211_queue_work(&local->hw, &sdata->work);
429 } 429 }
430 return 0; 430 return 0;
431 431
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 3cd5f7b5d693..ea13a80a476c 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -65,7 +65,6 @@ void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
65{ 65{
66 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks); 66 atomic_inc(&sdata->u.mesh.mshstats.estab_plinks);
67 mesh_accept_plinks_update(sdata); 67 mesh_accept_plinks_update(sdata);
68 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
69} 68}
70 69
71static inline 70static inline
@@ -73,7 +72,6 @@ void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
73{ 72{
74 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks); 73 atomic_dec(&sdata->u.mesh.mshstats.estab_plinks);
75 mesh_accept_plinks_update(sdata); 74 mesh_accept_plinks_update(sdata);
76 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
77} 75}
78 76
79/** 77/**
@@ -115,7 +113,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
115} 113}
116 114
117/** 115/**
118 * mesh_plink_deactivate - deactivate mesh peer link 116 * __mesh_plink_deactivate - deactivate mesh peer link
119 * 117 *
120 * @sta: mesh peer link to deactivate 118 * @sta: mesh peer link to deactivate
121 * 119 *
@@ -123,18 +121,23 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
123 * 121 *
124 * Locking: the caller must hold sta->lock 122 * Locking: the caller must hold sta->lock
125 */ 123 */
126static void __mesh_plink_deactivate(struct sta_info *sta) 124static bool __mesh_plink_deactivate(struct sta_info *sta)
127{ 125{
128 struct ieee80211_sub_if_data *sdata = sta->sdata; 126 struct ieee80211_sub_if_data *sdata = sta->sdata;
127 bool deactivated = false;
129 128
130 if (sta->plink_state == PLINK_ESTAB) 129 if (sta->plink_state == PLINK_ESTAB) {
131 mesh_plink_dec_estab_count(sdata); 130 mesh_plink_dec_estab_count(sdata);
131 deactivated = true;
132 }
132 sta->plink_state = PLINK_BLOCKED; 133 sta->plink_state = PLINK_BLOCKED;
133 mesh_path_flush_by_nexthop(sta); 134 mesh_path_flush_by_nexthop(sta);
135
136 return deactivated;
134} 137}
135 138
136/** 139/**
137 * __mesh_plink_deactivate - deactivate mesh peer link 140 * mesh_plink_deactivate - deactivate mesh peer link
138 * 141 *
139 * @sta: mesh peer link to deactivate 142 * @sta: mesh peer link to deactivate
140 * 143 *
@@ -142,9 +145,15 @@ static void __mesh_plink_deactivate(struct sta_info *sta)
142 */ 145 */
143void mesh_plink_deactivate(struct sta_info *sta) 146void mesh_plink_deactivate(struct sta_info *sta)
144{ 147{
148 struct ieee80211_sub_if_data *sdata = sta->sdata;
149 bool deactivated;
150
145 spin_lock_bh(&sta->lock); 151 spin_lock_bh(&sta->lock);
146 __mesh_plink_deactivate(sta); 152 deactivated = __mesh_plink_deactivate(sta);
147 spin_unlock_bh(&sta->lock); 153 spin_unlock_bh(&sta->lock);
154
155 if (deactivated)
156 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
148} 157}
149 158
150static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata, 159static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
@@ -381,10 +390,16 @@ int mesh_plink_open(struct sta_info *sta)
381 390
382void mesh_plink_block(struct sta_info *sta) 391void mesh_plink_block(struct sta_info *sta)
383{ 392{
393 struct ieee80211_sub_if_data *sdata = sta->sdata;
394 bool deactivated;
395
384 spin_lock_bh(&sta->lock); 396 spin_lock_bh(&sta->lock);
385 __mesh_plink_deactivate(sta); 397 deactivated = __mesh_plink_deactivate(sta);
386 sta->plink_state = PLINK_BLOCKED; 398 sta->plink_state = PLINK_BLOCKED;
387 spin_unlock_bh(&sta->lock); 399 spin_unlock_bh(&sta->lock);
400
401 if (deactivated)
402 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
388} 403}
389 404
390 405
@@ -397,6 +412,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
397 enum plink_event event; 412 enum plink_event event;
398 enum plink_frame_type ftype; 413 enum plink_frame_type ftype;
399 size_t baselen; 414 size_t baselen;
415 bool deactivated;
400 u8 ie_len; 416 u8 ie_len;
401 u8 *baseaddr; 417 u8 *baseaddr;
402 __le16 plid, llid, reason; 418 __le16 plid, llid, reason;
@@ -651,8 +667,9 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
651 case CNF_ACPT: 667 case CNF_ACPT:
652 del_timer(&sta->plink_timer); 668 del_timer(&sta->plink_timer);
653 sta->plink_state = PLINK_ESTAB; 669 sta->plink_state = PLINK_ESTAB;
654 mesh_plink_inc_estab_count(sdata);
655 spin_unlock_bh(&sta->lock); 670 spin_unlock_bh(&sta->lock);
671 mesh_plink_inc_estab_count(sdata);
672 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
656 mpl_dbg("Mesh plink with %pM ESTABLISHED\n", 673 mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
657 sta->sta.addr); 674 sta->sta.addr);
658 break; 675 break;
@@ -684,8 +701,9 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
684 case OPN_ACPT: 701 case OPN_ACPT:
685 del_timer(&sta->plink_timer); 702 del_timer(&sta->plink_timer);
686 sta->plink_state = PLINK_ESTAB; 703 sta->plink_state = PLINK_ESTAB;
687 mesh_plink_inc_estab_count(sdata);
688 spin_unlock_bh(&sta->lock); 704 spin_unlock_bh(&sta->lock);
705 mesh_plink_inc_estab_count(sdata);
706 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
689 mpl_dbg("Mesh plink with %pM ESTABLISHED\n", 707 mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
690 sta->sta.addr); 708 sta->sta.addr);
691 mesh_plink_frame_tx(sdata, PLINK_CONFIRM, sta->sta.addr, llid, 709 mesh_plink_frame_tx(sdata, PLINK_CONFIRM, sta->sta.addr, llid,
@@ -702,11 +720,13 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
702 case CLS_ACPT: 720 case CLS_ACPT:
703 reason = cpu_to_le16(MESH_CLOSE_RCVD); 721 reason = cpu_to_le16(MESH_CLOSE_RCVD);
704 sta->reason = reason; 722 sta->reason = reason;
705 __mesh_plink_deactivate(sta); 723 deactivated = __mesh_plink_deactivate(sta);
706 sta->plink_state = PLINK_HOLDING; 724 sta->plink_state = PLINK_HOLDING;
707 llid = sta->llid; 725 llid = sta->llid;
708 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 726 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
709 spin_unlock_bh(&sta->lock); 727 spin_unlock_bh(&sta->lock);
728 if (deactivated)
729 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
710 mesh_plink_frame_tx(sdata, PLINK_CLOSE, sta->sta.addr, llid, 730 mesh_plink_frame_tx(sdata, PLINK_CLOSE, sta->sta.addr, llid,
711 plid, reason); 731 plid, reason);
712 break; 732 break;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index f803f8b72a93..b6c163ac22da 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -478,6 +478,39 @@ static void ieee80211_handle_pwr_constr(struct ieee80211_sub_if_data *sdata,
478 } 478 }
479} 479}
480 480
481void ieee80211_enable_dyn_ps(struct ieee80211_vif *vif)
482{
483 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
484 struct ieee80211_local *local = sdata->local;
485 struct ieee80211_conf *conf = &local->hw.conf;
486
487 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
488 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) ||
489 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS));
490
491 local->disable_dynamic_ps = false;
492 conf->dynamic_ps_timeout = local->dynamic_ps_user_timeout;
493}
494EXPORT_SYMBOL(ieee80211_enable_dyn_ps);
495
496void ieee80211_disable_dyn_ps(struct ieee80211_vif *vif)
497{
498 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
499 struct ieee80211_local *local = sdata->local;
500 struct ieee80211_conf *conf = &local->hw.conf;
501
502 WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION ||
503 !(local->hw.flags & IEEE80211_HW_SUPPORTS_PS) ||
504 (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS));
505
506 local->disable_dynamic_ps = true;
507 conf->dynamic_ps_timeout = 0;
508 del_timer_sync(&local->dynamic_ps_timer);
509 ieee80211_queue_work(&local->hw,
510 &local->dynamic_ps_enable_work);
511}
512EXPORT_SYMBOL(ieee80211_disable_dyn_ps);
513
481/* powersave */ 514/* powersave */
482static void ieee80211_enable_ps(struct ieee80211_local *local, 515static void ieee80211_enable_ps(struct ieee80211_local *local,
483 struct ieee80211_sub_if_data *sdata) 516 struct ieee80211_sub_if_data *sdata)
@@ -553,6 +586,7 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
553 found->u.mgd.associated->beacon_ies && 586 found->u.mgd.associated->beacon_ies &&
554 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL | 587 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
555 IEEE80211_STA_CONNECTION_POLL))) { 588 IEEE80211_STA_CONNECTION_POLL))) {
589 struct ieee80211_conf *conf = &local->hw.conf;
556 s32 beaconint_us; 590 s32 beaconint_us;
557 591
558 if (latency < 0) 592 if (latency < 0)
@@ -561,25 +595,24 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
561 beaconint_us = ieee80211_tu_to_usec( 595 beaconint_us = ieee80211_tu_to_usec(
562 found->vif.bss_conf.beacon_int); 596 found->vif.bss_conf.beacon_int);
563 597
564 timeout = local->hw.conf.dynamic_ps_forced_timeout; 598 timeout = local->dynamic_ps_forced_timeout;
565 if (timeout < 0) { 599 if (timeout < 0) {
566 /* 600 /*
601 * Go to full PSM if the user configures a very low
602 * latency requirement.
567 * The 2 second value is there for compatibility until 603 * The 2 second value is there for compatibility until
568 * the PM_QOS_NETWORK_LATENCY is configured with real 604 * the PM_QOS_NETWORK_LATENCY is configured with real
569 * values. 605 * values.
570 */ 606 */
571 if (latency == 2000000000) 607 if (latency > 1900000000 && latency != 2000000000)
572 timeout = 100;
573 else if (latency <= 50000)
574 timeout = 300;
575 else if (latency <= 100000)
576 timeout = 100;
577 else if (latency <= 500000)
578 timeout = 50;
579 else
580 timeout = 0; 608 timeout = 0;
609 else
610 timeout = 100;
581 } 611 }
582 local->hw.conf.dynamic_ps_timeout = timeout; 612 local->dynamic_ps_user_timeout = timeout;
613 if (!local->disable_dynamic_ps)
614 conf->dynamic_ps_timeout =
615 local->dynamic_ps_user_timeout;
583 616
584 if (beaconint_us > latency) { 617 if (beaconint_us > latency) {
585 local->ps_sdata = NULL; 618 local->ps_sdata = NULL;
@@ -665,10 +698,11 @@ void ieee80211_dynamic_ps_timer(unsigned long data)
665 698
666/* MLME */ 699/* MLME */
667static void ieee80211_sta_wmm_params(struct ieee80211_local *local, 700static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
668 struct ieee80211_if_managed *ifmgd, 701 struct ieee80211_sub_if_data *sdata,
669 u8 *wmm_param, size_t wmm_param_len) 702 u8 *wmm_param, size_t wmm_param_len)
670{ 703{
671 struct ieee80211_tx_queue_params params; 704 struct ieee80211_tx_queue_params params;
705 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
672 size_t left; 706 size_t left;
673 int count; 707 int count;
674 u8 *pos, uapsd_queues = 0; 708 u8 *pos, uapsd_queues = 0;
@@ -757,8 +791,8 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
757 } 791 }
758 792
759 /* enable WMM or activate new settings */ 793 /* enable WMM or activate new settings */
760 local->hw.conf.flags |= IEEE80211_CONF_QOS; 794 sdata->vif.bss_conf.qos = true;
761 drv_config(local, IEEE80211_CONF_CHANGE_QOS); 795 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
762} 796}
763 797
764static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 798static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
@@ -806,11 +840,12 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
806{ 840{
807 struct ieee80211_bss *bss = (void *)cbss->priv; 841 struct ieee80211_bss *bss = (void *)cbss->priv;
808 struct ieee80211_local *local = sdata->local; 842 struct ieee80211_local *local = sdata->local;
843 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
809 844
810 bss_info_changed |= BSS_CHANGED_ASSOC; 845 bss_info_changed |= BSS_CHANGED_ASSOC;
811 /* set timing information */ 846 /* set timing information */
812 sdata->vif.bss_conf.beacon_int = cbss->beacon_interval; 847 bss_conf->beacon_int = cbss->beacon_interval;
813 sdata->vif.bss_conf.timestamp = cbss->tsf; 848 bss_conf->timestamp = cbss->tsf;
814 849
815 bss_info_changed |= BSS_CHANGED_BEACON_INT; 850 bss_info_changed |= BSS_CHANGED_BEACON_INT;
816 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 851 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
@@ -835,7 +870,12 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
835 870
836 ieee80211_led_assoc(local, 1); 871 ieee80211_led_assoc(local, 1);
837 872
838 sdata->vif.bss_conf.assoc = 1; 873 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
874 bss_conf->dtim_period = bss->dtim_period;
875 else
876 bss_conf->dtim_period = 0;
877
878 bss_conf->assoc = 1;
839 /* 879 /*
840 * For now just always ask the driver to update the basic rateset 880 * For now just always ask the driver to update the basic rateset
841 * when we have associated, we aren't checking whether it actually 881 * when we have associated, we aren't checking whether it actually
@@ -848,9 +888,15 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
848 888
849 /* Tell the driver to monitor connection quality (if supported) */ 889 /* Tell the driver to monitor connection quality (if supported) */
850 if ((local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI) && 890 if ((local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI) &&
851 sdata->vif.bss_conf.cqm_rssi_thold) 891 bss_conf->cqm_rssi_thold)
852 bss_info_changed |= BSS_CHANGED_CQM; 892 bss_info_changed |= BSS_CHANGED_CQM;
853 893
894 /* Enable ARP filtering */
895 if (bss_conf->arp_filter_enabled != sdata->arp_filter_state) {
896 bss_conf->arp_filter_enabled = sdata->arp_filter_state;
897 bss_info_changed |= BSS_CHANGED_ARP_FILTER;
898 }
899
854 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 900 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
855 901
856 mutex_lock(&local->iflist_mtx); 902 mutex_lock(&local->iflist_mtx);
@@ -898,13 +944,13 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
898 netif_tx_stop_all_queues(sdata->dev); 944 netif_tx_stop_all_queues(sdata->dev);
899 netif_carrier_off(sdata->dev); 945 netif_carrier_off(sdata->dev);
900 946
901 rcu_read_lock(); 947 mutex_lock(&local->sta_mtx);
902 sta = sta_info_get(sdata, bssid); 948 sta = sta_info_get(sdata, bssid);
903 if (sta) { 949 if (sta) {
904 set_sta_flags(sta, WLAN_STA_DISASSOC); 950 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
905 ieee80211_sta_tear_down_BA_sessions(sta); 951 ieee80211_sta_tear_down_BA_sessions(sta);
906 } 952 }
907 rcu_read_unlock(); 953 mutex_unlock(&local->sta_mtx);
908 954
909 changed |= ieee80211_reset_erp_info(sdata); 955 changed |= ieee80211_reset_erp_info(sdata);
910 956
@@ -932,6 +978,12 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
932 978
933 ieee80211_hw_config(local, config_changed); 979 ieee80211_hw_config(local, config_changed);
934 980
981 /* Disable ARP filtering */
982 if (sdata->vif.bss_conf.arp_filter_enabled) {
983 sdata->vif.bss_conf.arp_filter_enabled = false;
984 changed |= BSS_CHANGED_ARP_FILTER;
985 }
986
935 /* The BSSID (not really interesting) and HT changed */ 987 /* The BSSID (not really interesting) and HT changed */
936 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT; 988 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
937 ieee80211_bss_info_change_notify(sdata, changed); 989 ieee80211_bss_info_change_notify(sdata, changed);
@@ -1279,7 +1331,7 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1279 } 1331 }
1280 1332
1281 if (elems.wmm_param) 1333 if (elems.wmm_param)
1282 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1334 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
1283 elems.wmm_param_len); 1335 elems.wmm_param_len);
1284 else 1336 else
1285 ieee80211_set_wmm_default(sdata); 1337 ieee80211_set_wmm_default(sdata);
@@ -1551,7 +1603,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1551 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1603 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
1552 true); 1604 true);
1553 1605
1554 ieee80211_sta_wmm_params(local, ifmgd, elems.wmm_param, 1606 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
1555 elems.wmm_param_len); 1607 elems.wmm_param_len);
1556 } 1608 }
1557 1609
@@ -1633,35 +1685,8 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1633 ieee80211_bss_info_change_notify(sdata, changed); 1685 ieee80211_bss_info_change_notify(sdata, changed);
1634} 1686}
1635 1687
1636ieee80211_rx_result ieee80211_sta_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1688void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1637 struct sk_buff *skb) 1689 struct sk_buff *skb)
1638{
1639 struct ieee80211_local *local = sdata->local;
1640 struct ieee80211_mgmt *mgmt;
1641 u16 fc;
1642
1643 if (skb->len < 24)
1644 return RX_DROP_MONITOR;
1645
1646 mgmt = (struct ieee80211_mgmt *) skb->data;
1647 fc = le16_to_cpu(mgmt->frame_control);
1648
1649 switch (fc & IEEE80211_FCTL_STYPE) {
1650 case IEEE80211_STYPE_PROBE_RESP:
1651 case IEEE80211_STYPE_BEACON:
1652 case IEEE80211_STYPE_DEAUTH:
1653 case IEEE80211_STYPE_DISASSOC:
1654 case IEEE80211_STYPE_ACTION:
1655 skb_queue_tail(&sdata->u.mgd.skb_queue, skb);
1656 ieee80211_queue_work(&local->hw, &sdata->u.mgd.work);
1657 return RX_QUEUED;
1658 }
1659
1660 return RX_DROP_MONITOR;
1661}
1662
1663static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1664 struct sk_buff *skb)
1665{ 1690{
1666 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1691 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1667 struct ieee80211_rx_status *rx_status; 1692 struct ieee80211_rx_status *rx_status;
@@ -1693,44 +1718,6 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1693 break; 1718 break;
1694 case IEEE80211_STYPE_ACTION: 1719 case IEEE80211_STYPE_ACTION:
1695 switch (mgmt->u.action.category) { 1720 switch (mgmt->u.action.category) {
1696 case WLAN_CATEGORY_BACK: {
1697 struct ieee80211_local *local = sdata->local;
1698 int len = skb->len;
1699 struct sta_info *sta;
1700
1701 rcu_read_lock();
1702 sta = sta_info_get(sdata, mgmt->sa);
1703 if (!sta) {
1704 rcu_read_unlock();
1705 break;
1706 }
1707
1708 local_bh_disable();
1709
1710 switch (mgmt->u.action.u.addba_req.action_code) {
1711 case WLAN_ACTION_ADDBA_REQ:
1712 if (len < (IEEE80211_MIN_ACTION_SIZE +
1713 sizeof(mgmt->u.action.u.addba_req)))
1714 break;
1715 ieee80211_process_addba_request(local, sta, mgmt, len);
1716 break;
1717 case WLAN_ACTION_ADDBA_RESP:
1718 if (len < (IEEE80211_MIN_ACTION_SIZE +
1719 sizeof(mgmt->u.action.u.addba_resp)))
1720 break;
1721 ieee80211_process_addba_resp(local, sta, mgmt, len);
1722 break;
1723 case WLAN_ACTION_DELBA:
1724 if (len < (IEEE80211_MIN_ACTION_SIZE +
1725 sizeof(mgmt->u.action.u.delba)))
1726 break;
1727 ieee80211_process_delba(sdata, sta, mgmt, len);
1728 break;
1729 }
1730 local_bh_enable();
1731 rcu_read_unlock();
1732 break;
1733 }
1734 case WLAN_CATEGORY_SPECTRUM_MGMT: 1721 case WLAN_CATEGORY_SPECTRUM_MGMT:
1735 ieee80211_sta_process_chanswitch(sdata, 1722 ieee80211_sta_process_chanswitch(sdata,
1736 &mgmt->u.action.u.chan_switch.sw_elem, 1723 &mgmt->u.action.u.chan_switch.sw_elem,
@@ -1754,7 +1741,7 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1754 default: 1741 default:
1755 WARN(1, "unexpected: %d", rma); 1742 WARN(1, "unexpected: %d", rma);
1756 } 1743 }
1757 goto out; 1744 return;
1758 } 1745 }
1759 1746
1760 mutex_unlock(&ifmgd->mtx); 1747 mutex_unlock(&ifmgd->mtx);
@@ -1769,7 +1756,8 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1769 if (wk->sdata != sdata) 1756 if (wk->sdata != sdata)
1770 continue; 1757 continue;
1771 1758
1772 if (wk->type != IEEE80211_WORK_ASSOC) 1759 if (wk->type != IEEE80211_WORK_ASSOC &&
1760 wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
1773 continue; 1761 continue;
1774 1762
1775 if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN)) 1763 if (memcmp(mgmt->bssid, wk->filter_ta, ETH_ALEN))
@@ -1799,8 +1787,6 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1799 1787
1800 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1788 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1801 } 1789 }
1802 out:
1803 kfree_skb(skb);
1804} 1790}
1805 1791
1806static void ieee80211_sta_timer(unsigned long data) 1792static void ieee80211_sta_timer(unsigned long data)
@@ -1815,39 +1801,13 @@ static void ieee80211_sta_timer(unsigned long data)
1815 return; 1801 return;
1816 } 1802 }
1817 1803
1818 ieee80211_queue_work(&local->hw, &ifmgd->work); 1804 ieee80211_queue_work(&local->hw, &sdata->work);
1819} 1805}
1820 1806
1821static void ieee80211_sta_work(struct work_struct *work) 1807void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
1822{ 1808{
1823 struct ieee80211_sub_if_data *sdata =
1824 container_of(work, struct ieee80211_sub_if_data, u.mgd.work);
1825 struct ieee80211_local *local = sdata->local; 1809 struct ieee80211_local *local = sdata->local;
1826 struct ieee80211_if_managed *ifmgd; 1810 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1827 struct sk_buff *skb;
1828
1829 if (!ieee80211_sdata_running(sdata))
1830 return;
1831
1832 if (local->scanning)
1833 return;
1834
1835 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1836 return;
1837
1838 /*
1839 * ieee80211_queue_work() should have picked up most cases,
1840 * here we'll pick the the rest.
1841 */
1842 if (WARN(local->suspended, "STA MLME work scheduled while "
1843 "going to suspend\n"))
1844 return;
1845
1846 ifmgd = &sdata->u.mgd;
1847
1848 /* first process frames to avoid timing out while a frame is pending */
1849 while ((skb = skb_dequeue(&ifmgd->skb_queue)))
1850 ieee80211_sta_rx_queued_mgmt(sdata, skb);
1851 1811
1852 /* then process the rest of the work */ 1812 /* then process the rest of the work */
1853 mutex_lock(&ifmgd->mtx); 1813 mutex_lock(&ifmgd->mtx);
@@ -1942,8 +1902,7 @@ static void ieee80211_restart_sta_timer(struct ieee80211_sub_if_data *sdata)
1942 ieee80211_queue_work(&sdata->local->hw, 1902 ieee80211_queue_work(&sdata->local->hw,
1943 &sdata->u.mgd.monitor_work); 1903 &sdata->u.mgd.monitor_work);
1944 /* and do all the other regular work too */ 1904 /* and do all the other regular work too */
1945 ieee80211_queue_work(&sdata->local->hw, 1905 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1946 &sdata->u.mgd.work);
1947 } 1906 }
1948} 1907}
1949 1908
@@ -1958,7 +1917,6 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
1958 * time -- the code here is properly synchronised. 1917 * time -- the code here is properly synchronised.
1959 */ 1918 */
1960 1919
1961 cancel_work_sync(&ifmgd->work);
1962 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 1920 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
1963 if (del_timer_sync(&ifmgd->timer)) 1921 if (del_timer_sync(&ifmgd->timer))
1964 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 1922 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
@@ -1990,7 +1948,6 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
1990 struct ieee80211_if_managed *ifmgd; 1948 struct ieee80211_if_managed *ifmgd;
1991 1949
1992 ifmgd = &sdata->u.mgd; 1950 ifmgd = &sdata->u.mgd;
1993 INIT_WORK(&ifmgd->work, ieee80211_sta_work);
1994 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 1951 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
1995 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 1952 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
1996 INIT_WORK(&ifmgd->beacon_connection_loss_work, 1953 INIT_WORK(&ifmgd->beacon_connection_loss_work,
@@ -2003,7 +1960,6 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
2003 (unsigned long) sdata); 1960 (unsigned long) sdata);
2004 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer, 1961 setup_timer(&ifmgd->chswitch_timer, ieee80211_chswitch_timer,
2005 (unsigned long) sdata); 1962 (unsigned long) sdata);
2006 skb_queue_head_init(&ifmgd->skb_queue);
2007 1963
2008 ifmgd->flags = 0; 1964 ifmgd->flags = 0;
2009 1965
@@ -2081,6 +2037,8 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2081 auth_alg = WLAN_AUTH_OPEN; 2037 auth_alg = WLAN_AUTH_OPEN;
2082 break; 2038 break;
2083 case NL80211_AUTHTYPE_SHARED_KEY: 2039 case NL80211_AUTHTYPE_SHARED_KEY:
2040 if (IS_ERR(sdata->local->wep_tx_tfm))
2041 return -EOPNOTSUPP;
2084 auth_alg = WLAN_AUTH_SHARED_KEY; 2042 auth_alg = WLAN_AUTH_SHARED_KEY;
2085 break; 2043 break;
2086 case NL80211_AUTHTYPE_FT: 2044 case NL80211_AUTHTYPE_FT:
@@ -2134,6 +2092,8 @@ static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
2134 struct sk_buff *skb) 2092 struct sk_buff *skb)
2135{ 2093{
2136 struct ieee80211_mgmt *mgmt; 2094 struct ieee80211_mgmt *mgmt;
2095 struct ieee80211_rx_status *rx_status;
2096 struct ieee802_11_elems elems;
2137 u16 status; 2097 u16 status;
2138 2098
2139 if (!skb) { 2099 if (!skb) {
@@ -2141,6 +2101,19 @@ static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
2141 return WORK_DONE_DESTROY; 2101 return WORK_DONE_DESTROY;
2142 } 2102 }
2143 2103
2104 if (wk->type == IEEE80211_WORK_ASSOC_BEACON_WAIT) {
2105 mutex_lock(&wk->sdata->u.mgd.mtx);
2106 rx_status = (void *) skb->cb;
2107 ieee802_11_parse_elems(skb->data + 24 + 12, skb->len - 24 - 12, &elems);
2108 ieee80211_rx_bss_info(wk->sdata, (void *)skb->data, skb->len, rx_status,
2109 &elems, true);
2110 mutex_unlock(&wk->sdata->u.mgd.mtx);
2111
2112 wk->type = IEEE80211_WORK_ASSOC;
2113 /* not really done yet */
2114 return WORK_DONE_REQUEUE;
2115 }
2116
2144 mgmt = (void *)skb->data; 2117 mgmt = (void *)skb->data;
2145 status = le16_to_cpu(mgmt->u.assoc_resp.status_code); 2118 status = le16_to_cpu(mgmt->u.assoc_resp.status_code);
2146 2119
@@ -2153,6 +2126,7 @@ static enum work_done_result ieee80211_assoc_done(struct ieee80211_work *wk,
2153 wk->filter_ta); 2126 wk->filter_ta);
2154 return WORK_DONE_DESTROY; 2127 return WORK_DONE_DESTROY;
2155 } 2128 }
2129
2156 mutex_unlock(&wk->sdata->u.mgd.mtx); 2130 mutex_unlock(&wk->sdata->u.mgd.mtx);
2157 } 2131 }
2158 2132
@@ -2253,10 +2227,14 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2253 if (req->prev_bssid) 2227 if (req->prev_bssid)
2254 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN); 2228 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN);
2255 2229
2256 wk->type = IEEE80211_WORK_ASSOC;
2257 wk->chan = req->bss->channel; 2230 wk->chan = req->bss->channel;
2258 wk->sdata = sdata; 2231 wk->sdata = sdata;
2259 wk->done = ieee80211_assoc_done; 2232 wk->done = ieee80211_assoc_done;
2233 if (!bss->dtim_period &&
2234 sdata->local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
2235 wk->type = IEEE80211_WORK_ASSOC_BEACON_WAIT;
2236 else
2237 wk->type = IEEE80211_WORK_ASSOC;
2260 2238
2261 if (req->use_mfp) { 2239 if (req->use_mfp) {
2262 ifmgd->mfp = IEEE80211_MFP_REQUIRED; 2240 ifmgd->mfp = IEEE80211_MFP_REQUIRED;
@@ -2282,14 +2260,16 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2282 struct ieee80211_local *local = sdata->local; 2260 struct ieee80211_local *local = sdata->local;
2283 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2261 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2284 struct ieee80211_work *wk; 2262 struct ieee80211_work *wk;
2285 const u8 *bssid = req->bss->bssid; 2263 u8 bssid[ETH_ALEN];
2264 bool assoc_bss = false;
2286 2265
2287 mutex_lock(&ifmgd->mtx); 2266 mutex_lock(&ifmgd->mtx);
2288 2267
2268 memcpy(bssid, req->bss->bssid, ETH_ALEN);
2289 if (ifmgd->associated == req->bss) { 2269 if (ifmgd->associated == req->bss) {
2290 bssid = req->bss->bssid; 2270 ieee80211_set_disassoc(sdata, false);
2291 ieee80211_set_disassoc(sdata, true);
2292 mutex_unlock(&ifmgd->mtx); 2271 mutex_unlock(&ifmgd->mtx);
2272 assoc_bss = true;
2293 } else { 2273 } else {
2294 bool not_auth_yet = false; 2274 bool not_auth_yet = false;
2295 2275
@@ -2302,7 +2282,8 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2302 2282
2303 if (wk->type != IEEE80211_WORK_DIRECT_PROBE && 2283 if (wk->type != IEEE80211_WORK_DIRECT_PROBE &&
2304 wk->type != IEEE80211_WORK_AUTH && 2284 wk->type != IEEE80211_WORK_AUTH &&
2305 wk->type != IEEE80211_WORK_ASSOC) 2285 wk->type != IEEE80211_WORK_ASSOC &&
2286 wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
2306 continue; 2287 continue;
2307 2288
2308 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN)) 2289 if (memcmp(req->bss->bssid, wk->filter_ta, ETH_ALEN))
@@ -2335,6 +2316,8 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2335 ieee80211_send_deauth_disassoc(sdata, bssid, IEEE80211_STYPE_DEAUTH, 2316 ieee80211_send_deauth_disassoc(sdata, bssid, IEEE80211_STYPE_DEAUTH,
2336 req->reason_code, cookie, 2317 req->reason_code, cookie,
2337 !req->local_state_change); 2318 !req->local_state_change);
2319 if (assoc_bss)
2320 sta_info_destroy_addr(sdata, bssid);
2338 2321
2339 ieee80211_recalc_idle(sdata->local); 2322 ieee80211_recalc_idle(sdata->local);
2340 2323
@@ -2379,41 +2362,6 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2379 return 0; 2362 return 0;
2380} 2363}
2381 2364
2382int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
2383 struct ieee80211_channel *chan,
2384 enum nl80211_channel_type channel_type,
2385 const u8 *buf, size_t len, u64 *cookie)
2386{
2387 struct ieee80211_local *local = sdata->local;
2388 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2389 struct sk_buff *skb;
2390
2391 /* Check that we are on the requested channel for transmission */
2392 if ((chan != local->tmp_channel ||
2393 channel_type != local->tmp_channel_type) &&
2394 (chan != local->oper_channel ||
2395 channel_type != local->_oper_channel_type))
2396 return -EBUSY;
2397
2398 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
2399 if (!skb)
2400 return -ENOMEM;
2401 skb_reserve(skb, local->hw.extra_tx_headroom);
2402
2403 memcpy(skb_put(skb, len), buf, len);
2404
2405 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
2406 IEEE80211_SKB_CB(skb)->flags |=
2407 IEEE80211_TX_INTFL_DONT_ENCRYPT;
2408 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX |
2409 IEEE80211_TX_CTL_REQ_TX_STATUS;
2410 skb->dev = sdata->dev;
2411 ieee80211_tx_skb(sdata, skb);
2412
2413 *cookie = (unsigned long) skb;
2414 return 0;
2415}
2416
2417void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif, 2365void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
2418 enum nl80211_cqm_rssi_threshold_event rssi_event, 2366 enum nl80211_cqm_rssi_threshold_event rssi_event,
2419 gfp_t gfp) 2367 gfp_t gfp)
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 75202b295a4e..d287fde0431d 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -40,22 +40,14 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
40 list_for_each_entry(sdata, &local->interfaces, list) 40 list_for_each_entry(sdata, &local->interfaces, list)
41 ieee80211_disable_keys(sdata); 41 ieee80211_disable_keys(sdata);
42 42
43 /* Tear down aggregation sessions */ 43 /* tear down aggregation sessions and remove STAs */
44 44 mutex_lock(&local->sta_mtx);
45 rcu_read_lock(); 45 list_for_each_entry(sta, &local->sta_list, list) {
46 46 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
47 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
48 list_for_each_entry_rcu(sta, &local->sta_list, list) {
49 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 47 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
50 ieee80211_sta_tear_down_BA_sessions(sta); 48 ieee80211_sta_tear_down_BA_sessions(sta);
51 } 49 }
52 }
53 50
54 rcu_read_unlock();
55
56 /* remove STAs */
57 mutex_lock(&local->sta_mtx);
58 list_for_each_entry(sta, &local->sta_list, list) {
59 if (sta->uploaded) { 51 if (sta->uploaded) {
60 sdata = sta->sdata; 52 sdata = sta->sdata;
61 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 53 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
@@ -72,6 +64,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
72 64
73 /* remove all interfaces */ 65 /* remove all interfaces */
74 list_for_each_entry(sdata, &local->interfaces, list) { 66 list_for_each_entry(sdata, &local->interfaces, list) {
67 cancel_work_sync(&sdata->work);
68
75 switch(sdata->vif.type) { 69 switch(sdata->vif.type) {
76 case NL80211_IFTYPE_STATION: 70 case NL80211_IFTYPE_STATION:
77 ieee80211_sta_quiesce(sdata); 71 ieee80211_sta_quiesce(sdata);
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index 6d0bd198af19..be04d46110fe 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -103,6 +103,7 @@ ieee80211_rate_control_ops_get(const char *name)
103 struct rate_control_ops *ops; 103 struct rate_control_ops *ops;
104 const char *alg_name; 104 const char *alg_name;
105 105
106 kparam_block_sysfs_write(ieee80211_default_rc_algo);
106 if (!name) 107 if (!name)
107 alg_name = ieee80211_default_rc_algo; 108 alg_name = ieee80211_default_rc_algo;
108 else 109 else
@@ -120,6 +121,7 @@ ieee80211_rate_control_ops_get(const char *name)
120 /* try built-in one if specific alg requested but not found */ 121 /* try built-in one if specific alg requested but not found */
121 if (!ops && strlen(CONFIG_MAC80211_RC_DEFAULT)) 122 if (!ops && strlen(CONFIG_MAC80211_RC_DEFAULT))
122 ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT); 123 ops = ieee80211_try_rate_control_ops_get(CONFIG_MAC80211_RC_DEFAULT);
124 kparam_unblock_sysfs_write(ieee80211_default_rc_algo);
123 125
124 return ops; 126 return ops;
125} 127}
diff --git a/net/mac80211/rate.h b/net/mac80211/rate.h
index 065a96190e32..168427b0ffdc 100644
--- a/net/mac80211/rate.h
+++ b/net/mac80211/rate.h
@@ -147,5 +147,18 @@ static inline void rc80211_minstrel_exit(void)
147} 147}
148#endif 148#endif
149 149
150#ifdef CONFIG_MAC80211_RC_MINSTREL_HT
151extern int rc80211_minstrel_ht_init(void);
152extern void rc80211_minstrel_ht_exit(void);
153#else
154static inline int rc80211_minstrel_ht_init(void)
155{
156 return 0;
157}
158static inline void rc80211_minstrel_ht_exit(void)
159{
160}
161#endif
162
150 163
151#endif /* IEEE80211_RATE_H */ 164#endif /* IEEE80211_RATE_H */
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index f65ce6dcc8e2..778c604d7939 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -67,7 +67,6 @@ rix_to_ndx(struct minstrel_sta_info *mi, int rix)
67 for (i = rix; i >= 0; i--) 67 for (i = rix; i >= 0; i--)
68 if (mi->r[i].rix == rix) 68 if (mi->r[i].rix == rix)
69 break; 69 break;
70 WARN_ON(i < 0);
71 return i; 70 return i;
72} 71}
73 72
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
new file mode 100644
index 000000000000..c5b465904e3b
--- /dev/null
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -0,0 +1,827 @@
1/*
2 * Copyright (C) 2010 Felix Fietkau <nbd@openwrt.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8#include <linux/netdevice.h>
9#include <linux/types.h>
10#include <linux/skbuff.h>
11#include <linux/debugfs.h>
12#include <linux/random.h>
13#include <linux/ieee80211.h>
14#include <net/mac80211.h>
15#include "rate.h"
16#include "rc80211_minstrel.h"
17#include "rc80211_minstrel_ht.h"
18
19#define AVG_PKT_SIZE 1200
20#define SAMPLE_COLUMNS 10
21#define EWMA_LEVEL 75
22
23/* Number of bits for an average sized packet */
24#define MCS_NBITS (AVG_PKT_SIZE << 3)
25
26/* Number of symbols for a packet with (bps) bits per symbol */
27#define MCS_NSYMS(bps) ((MCS_NBITS + (bps) - 1) / (bps))
28
29/* Transmission time for a packet containing (syms) symbols */
30#define MCS_SYMBOL_TIME(sgi, syms) \
31 (sgi ? \
32 ((syms) * 18 + 4) / 5 : /* syms * 3.6 us */ \
33 (syms) << 2 /* syms * 4 us */ \
34 )
35
36/* Transmit duration for the raw data part of an average sized packet */
37#define MCS_DURATION(streams, sgi, bps) MCS_SYMBOL_TIME(sgi, MCS_NSYMS((streams) * (bps)))
38
39/* MCS rate information for an MCS group */
40#define MCS_GROUP(_streams, _sgi, _ht40) { \
41 .streams = _streams, \
42 .flags = \
43 (_sgi ? IEEE80211_TX_RC_SHORT_GI : 0) | \
44 (_ht40 ? IEEE80211_TX_RC_40_MHZ_WIDTH : 0), \
45 .duration = { \
46 MCS_DURATION(_streams, _sgi, _ht40 ? 54 : 26), \
47 MCS_DURATION(_streams, _sgi, _ht40 ? 108 : 52), \
48 MCS_DURATION(_streams, _sgi, _ht40 ? 162 : 78), \
49 MCS_DURATION(_streams, _sgi, _ht40 ? 216 : 104), \
50 MCS_DURATION(_streams, _sgi, _ht40 ? 324 : 156), \
51 MCS_DURATION(_streams, _sgi, _ht40 ? 432 : 208), \
52 MCS_DURATION(_streams, _sgi, _ht40 ? 486 : 234), \
53 MCS_DURATION(_streams, _sgi, _ht40 ? 540 : 260) \
54 } \
55}
56
57/*
58 * To enable sufficiently targeted rate sampling, MCS rates are divided into
59 * groups, based on the number of streams and flags (HT40, SGI) that they
60 * use.
61 */
62const struct mcs_group minstrel_mcs_groups[] = {
63 MCS_GROUP(1, 0, 0),
64 MCS_GROUP(2, 0, 0),
65#if MINSTREL_MAX_STREAMS >= 3
66 MCS_GROUP(3, 0, 0),
67#endif
68
69 MCS_GROUP(1, 1, 0),
70 MCS_GROUP(2, 1, 0),
71#if MINSTREL_MAX_STREAMS >= 3
72 MCS_GROUP(3, 1, 0),
73#endif
74
75 MCS_GROUP(1, 0, 1),
76 MCS_GROUP(2, 0, 1),
77#if MINSTREL_MAX_STREAMS >= 3
78 MCS_GROUP(3, 0, 1),
79#endif
80
81 MCS_GROUP(1, 1, 1),
82 MCS_GROUP(2, 1, 1),
83#if MINSTREL_MAX_STREAMS >= 3
84 MCS_GROUP(3, 1, 1),
85#endif
86};
87
88static u8 sample_table[SAMPLE_COLUMNS][MCS_GROUP_RATES];
89
90/*
91 * Perform EWMA (Exponentially Weighted Moving Average) calculation
92 */
93static int
94minstrel_ewma(int old, int new, int weight)
95{
96 return (new * (100 - weight) + old * weight) / 100;
97}
98
99/*
100 * Look up an MCS group index based on mac80211 rate information
101 */
102static int
103minstrel_ht_get_group_idx(struct ieee80211_tx_rate *rate)
104{
105 int streams = (rate->idx / MCS_GROUP_RATES) + 1;
106 u32 flags = IEEE80211_TX_RC_SHORT_GI | IEEE80211_TX_RC_40_MHZ_WIDTH;
107 int i;
108
109 for (i = 0; i < ARRAY_SIZE(minstrel_mcs_groups); i++) {
110 if (minstrel_mcs_groups[i].streams != streams)
111 continue;
112 if (minstrel_mcs_groups[i].flags != (rate->flags & flags))
113 continue;
114
115 return i;
116 }
117
118 WARN_ON(1);
119 return 0;
120}
121
122static inline struct minstrel_rate_stats *
123minstrel_get_ratestats(struct minstrel_ht_sta *mi, int index)
124{
125 return &mi->groups[index / MCS_GROUP_RATES].rates[index % MCS_GROUP_RATES];
126}
127
128
129/*
130 * Recalculate success probabilities and counters for a rate using EWMA
131 */
132static void
133minstrel_calc_rate_ewma(struct minstrel_priv *mp, struct minstrel_rate_stats *mr)
134{
135 if (unlikely(mr->attempts > 0)) {
136 mr->sample_skipped = 0;
137 mr->cur_prob = MINSTREL_FRAC(mr->success, mr->attempts);
138 if (!mr->att_hist)
139 mr->probability = mr->cur_prob;
140 else
141 mr->probability = minstrel_ewma(mr->probability,
142 mr->cur_prob, EWMA_LEVEL);
143 mr->att_hist += mr->attempts;
144 mr->succ_hist += mr->success;
145 } else {
146 mr->sample_skipped++;
147 }
148 mr->last_success = mr->success;
149 mr->last_attempts = mr->attempts;
150 mr->success = 0;
151 mr->attempts = 0;
152}
153
154/*
155 * Calculate throughput based on the average A-MPDU length, taking into account
156 * the expected number of retransmissions and their expected length
157 */
158static void
159minstrel_ht_calc_tp(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
160 int group, int rate)
161{
162 struct minstrel_rate_stats *mr;
163 unsigned int usecs;
164
165 mr = &mi->groups[group].rates[rate];
166
167 if (mr->probability < MINSTREL_FRAC(1, 10)) {
168 mr->cur_tp = 0;
169 return;
170 }
171
172 usecs = mi->overhead / MINSTREL_TRUNC(mi->avg_ampdu_len);
173 usecs += minstrel_mcs_groups[group].duration[rate];
174 mr->cur_tp = MINSTREL_TRUNC((1000000 / usecs) * mr->probability);
175}
176
177/*
178 * Update rate statistics and select new primary rates
179 *
180 * Rules for rate selection:
181 * - max_prob_rate must use only one stream, as a tradeoff between delivery
182 * probability and throughput during strong fluctuations
183 * - as long as the max prob rate has a probability of more than 3/4, pick
184 * higher throughput rates, even if the probablity is a bit lower
185 */
186static void
187minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
188{
189 struct minstrel_mcs_group_data *mg;
190 struct minstrel_rate_stats *mr;
191 int cur_prob, cur_prob_tp, cur_tp, cur_tp2;
192 int group, i, index;
193
194 if (mi->ampdu_packets > 0) {
195 mi->avg_ampdu_len = minstrel_ewma(mi->avg_ampdu_len,
196 MINSTREL_FRAC(mi->ampdu_len, mi->ampdu_packets), EWMA_LEVEL);
197 mi->ampdu_len = 0;
198 mi->ampdu_packets = 0;
199 }
200
201 mi->sample_slow = 0;
202 mi->sample_count = 0;
203 mi->max_tp_rate = 0;
204 mi->max_tp_rate2 = 0;
205 mi->max_prob_rate = 0;
206
207 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) {
208 cur_prob = 0;
209 cur_prob_tp = 0;
210 cur_tp = 0;
211 cur_tp2 = 0;
212
213 mg = &mi->groups[group];
214 if (!mg->supported)
215 continue;
216
217 mg->max_tp_rate = 0;
218 mg->max_tp_rate2 = 0;
219 mg->max_prob_rate = 0;
220 mi->sample_count++;
221
222 for (i = 0; i < MCS_GROUP_RATES; i++) {
223 if (!(mg->supported & BIT(i)))
224 continue;
225
226 mr = &mg->rates[i];
227 mr->retry_updated = false;
228 index = MCS_GROUP_RATES * group + i;
229 minstrel_calc_rate_ewma(mp, mr);
230 minstrel_ht_calc_tp(mp, mi, group, i);
231
232 if (!mr->cur_tp)
233 continue;
234
235 /* ignore the lowest rate of each single-stream group */
236 if (!i && minstrel_mcs_groups[group].streams == 1)
237 continue;
238
239 if ((mr->cur_tp > cur_prob_tp && mr->probability >
240 MINSTREL_FRAC(3, 4)) || mr->probability > cur_prob) {
241 mg->max_prob_rate = index;
242 cur_prob = mr->probability;
243 cur_prob_tp = mr->cur_tp;
244 }
245
246 if (mr->cur_tp > cur_tp) {
247 swap(index, mg->max_tp_rate);
248 cur_tp = mr->cur_tp;
249 mr = minstrel_get_ratestats(mi, index);
250 }
251
252 if (index >= mg->max_tp_rate)
253 continue;
254
255 if (mr->cur_tp > cur_tp2) {
256 mg->max_tp_rate2 = index;
257 cur_tp2 = mr->cur_tp;
258 }
259 }
260 }
261
262 /* try to sample up to half of the availble rates during each interval */
263 mi->sample_count *= 4;
264
265 cur_prob = 0;
266 cur_prob_tp = 0;
267 cur_tp = 0;
268 cur_tp2 = 0;
269 for (group = 0; group < ARRAY_SIZE(minstrel_mcs_groups); group++) {
270 mg = &mi->groups[group];
271 if (!mg->supported)
272 continue;
273
274 mr = minstrel_get_ratestats(mi, mg->max_prob_rate);
275 if (cur_prob_tp < mr->cur_tp &&
276 minstrel_mcs_groups[group].streams == 1) {
277 mi->max_prob_rate = mg->max_prob_rate;
278 cur_prob = mr->cur_prob;
279 cur_prob_tp = mr->cur_tp;
280 }
281
282 mr = minstrel_get_ratestats(mi, mg->max_tp_rate);
283 if (cur_tp < mr->cur_tp) {
284 mi->max_tp_rate = mg->max_tp_rate;
285 cur_tp = mr->cur_tp;
286 }
287
288 mr = minstrel_get_ratestats(mi, mg->max_tp_rate2);
289 if (cur_tp2 < mr->cur_tp) {
290 mi->max_tp_rate2 = mg->max_tp_rate2;
291 cur_tp2 = mr->cur_tp;
292 }
293 }
294
295 mi->stats_update = jiffies;
296}
297
298static bool
299minstrel_ht_txstat_valid(struct ieee80211_tx_rate *rate)
300{
301 if (!rate->count)
302 return false;
303
304 if (rate->idx < 0)
305 return false;
306
307 return !!(rate->flags & IEEE80211_TX_RC_MCS);
308}
309
310static void
311minstrel_next_sample_idx(struct minstrel_ht_sta *mi)
312{
313 struct minstrel_mcs_group_data *mg;
314
315 for (;;) {
316 mi->sample_group++;
317 mi->sample_group %= ARRAY_SIZE(minstrel_mcs_groups);
318 mg = &mi->groups[mi->sample_group];
319
320 if (!mg->supported)
321 continue;
322
323 if (++mg->index >= MCS_GROUP_RATES) {
324 mg->index = 0;
325 if (++mg->column >= ARRAY_SIZE(sample_table))
326 mg->column = 0;
327 }
328 break;
329 }
330}
331
332static void
333minstrel_downgrade_rate(struct minstrel_ht_sta *mi, unsigned int *idx,
334 bool primary)
335{
336 int group, orig_group;
337
338 orig_group = group = *idx / MCS_GROUP_RATES;
339 while (group > 0) {
340 group--;
341
342 if (!mi->groups[group].supported)
343 continue;
344
345 if (minstrel_mcs_groups[group].streams >
346 minstrel_mcs_groups[orig_group].streams)
347 continue;
348
349 if (primary)
350 *idx = mi->groups[group].max_tp_rate;
351 else
352 *idx = mi->groups[group].max_tp_rate2;
353 break;
354 }
355}
356
357static void
358minstrel_aggr_check(struct minstrel_priv *mp, struct ieee80211_sta *pubsta, struct sk_buff *skb)
359{
360 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
361 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
362 u16 tid;
363
364 if (unlikely(!ieee80211_is_data_qos(hdr->frame_control)))
365 return;
366
367 if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))
368 return;
369
370 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
371 if (likely(sta->ampdu_mlme.tid_tx[tid]))
372 return;
373
374 ieee80211_start_tx_ba_session(pubsta, tid);
375}
376
377static void
378minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
379 struct ieee80211_sta *sta, void *priv_sta,
380 struct sk_buff *skb)
381{
382 struct minstrel_ht_sta_priv *msp = priv_sta;
383 struct minstrel_ht_sta *mi = &msp->ht;
384 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
385 struct ieee80211_tx_rate *ar = info->status.rates;
386 struct minstrel_rate_stats *rate, *rate2;
387 struct minstrel_priv *mp = priv;
388 bool last = false;
389 int group;
390 int i = 0;
391
392 if (!msp->is_ht)
393 return mac80211_minstrel.tx_status(priv, sband, sta, &msp->legacy, skb);
394
395 /* This packet was aggregated but doesn't carry status info */
396 if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
397 !(info->flags & IEEE80211_TX_STAT_AMPDU))
398 return;
399
400 if (!info->status.ampdu_len) {
401 info->status.ampdu_ack_len = 1;
402 info->status.ampdu_len = 1;
403 }
404
405 mi->ampdu_packets++;
406 mi->ampdu_len += info->status.ampdu_len;
407
408 if (!mi->sample_wait && !mi->sample_tries && mi->sample_count > 0) {
409 mi->sample_wait = 4 + 2 * MINSTREL_TRUNC(mi->avg_ampdu_len);
410 mi->sample_tries = 3;
411 mi->sample_count--;
412 }
413
414 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) {
415 mi->sample_packets += info->status.ampdu_len;
416 minstrel_next_sample_idx(mi);
417 }
418
419 for (i = 0; !last; i++) {
420 last = (i == IEEE80211_TX_MAX_RATES - 1) ||
421 !minstrel_ht_txstat_valid(&ar[i + 1]);
422
423 if (!minstrel_ht_txstat_valid(&ar[i]))
424 break;
425
426 group = minstrel_ht_get_group_idx(&ar[i]);
427 rate = &mi->groups[group].rates[ar[i].idx % 8];
428
429 if (last && (info->flags & IEEE80211_TX_STAT_ACK))
430 rate->success += info->status.ampdu_ack_len;
431
432 rate->attempts += ar[i].count * info->status.ampdu_len;
433 }
434
435 /*
436 * check for sudden death of spatial multiplexing,
437 * downgrade to a lower number of streams if necessary.
438 */
439 rate = minstrel_get_ratestats(mi, mi->max_tp_rate);
440 if (rate->attempts > 30 &&
441 MINSTREL_FRAC(rate->success, rate->attempts) <
442 MINSTREL_FRAC(20, 100))
443 minstrel_downgrade_rate(mi, &mi->max_tp_rate, true);
444
445 rate2 = minstrel_get_ratestats(mi, mi->max_tp_rate2);
446 if (rate2->attempts > 30 &&
447 MINSTREL_FRAC(rate2->success, rate2->attempts) <
448 MINSTREL_FRAC(20, 100))
449 minstrel_downgrade_rate(mi, &mi->max_tp_rate2, false);
450
451 if (time_after(jiffies, mi->stats_update + (mp->update_interval / 2 * HZ) / 1000)) {
452 minstrel_ht_update_stats(mp, mi);
453 minstrel_aggr_check(mp, sta, skb);
454 }
455}
456
457static void
458minstrel_calc_retransmit(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
459 int index)
460{
461 struct minstrel_rate_stats *mr;
462 const struct mcs_group *group;
463 unsigned int tx_time, tx_time_rtscts, tx_time_data;
464 unsigned int cw = mp->cw_min;
465 unsigned int t_slot = 9; /* FIXME */
466 unsigned int ampdu_len = MINSTREL_TRUNC(mi->avg_ampdu_len);
467
468 mr = minstrel_get_ratestats(mi, index);
469 if (mr->probability < MINSTREL_FRAC(1, 10)) {
470 mr->retry_count = 1;
471 mr->retry_count_rtscts = 1;
472 return;
473 }
474
475 mr->retry_count = 2;
476 mr->retry_count_rtscts = 2;
477 mr->retry_updated = true;
478
479 group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
480 tx_time_data = group->duration[index % MCS_GROUP_RATES] * ampdu_len;
481 tx_time = 2 * (t_slot + mi->overhead + tx_time_data);
482 tx_time_rtscts = 2 * (t_slot + mi->overhead_rtscts + tx_time_data);
483 do {
484 cw = (cw << 1) | 1;
485 cw = min(cw, mp->cw_max);
486 tx_time += cw + t_slot + mi->overhead;
487 tx_time_rtscts += cw + t_slot + mi->overhead_rtscts;
488 if (tx_time_rtscts < mp->segment_size)
489 mr->retry_count_rtscts++;
490 } while ((tx_time < mp->segment_size) &&
491 (++mr->retry_count < mp->max_retry));
492}
493
494
495static void
496minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
497 struct ieee80211_tx_rate *rate, int index,
498 struct ieee80211_tx_rate_control *txrc,
499 bool sample, bool rtscts)
500{
501 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
502 struct minstrel_rate_stats *mr;
503
504 mr = minstrel_get_ratestats(mi, index);
505 if (!mr->retry_updated)
506 minstrel_calc_retransmit(mp, mi, index);
507
508 if (mr->probability < MINSTREL_FRAC(20, 100))
509 rate->count = 2;
510 else if (rtscts)
511 rate->count = mr->retry_count_rtscts;
512 else
513 rate->count = mr->retry_count;
514
515 rate->flags = IEEE80211_TX_RC_MCS | group->flags;
516 if (txrc->short_preamble)
517 rate->flags |= IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
518 if (txrc->rts || rtscts)
519 rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS;
520 rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES;
521}
522
523static inline int
524minstrel_get_duration(int index)
525{
526 const struct mcs_group *group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
527 return group->duration[index % MCS_GROUP_RATES];
528}
529
530static int
531minstrel_get_sample_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
532{
533 struct minstrel_rate_stats *mr;
534 struct minstrel_mcs_group_data *mg;
535 int sample_idx = 0;
536
537 if (mi->sample_wait > 0) {
538 mi->sample_wait--;
539 return -1;
540 }
541
542 if (!mi->sample_tries)
543 return -1;
544
545 mi->sample_tries--;
546 mg = &mi->groups[mi->sample_group];
547 sample_idx = sample_table[mg->column][mg->index];
548 mr = &mg->rates[sample_idx];
549 sample_idx += mi->sample_group * MCS_GROUP_RATES;
550
551 /*
552 * When not using MRR, do not sample if the probability is already
553 * higher than 95% to avoid wasting airtime
554 */
555 if (!mp->has_mrr && (mr->probability > MINSTREL_FRAC(95, 100)))
556 goto next;
557
558 /*
559 * Make sure that lower rates get sampled only occasionally,
560 * if the link is working perfectly.
561 */
562 if (minstrel_get_duration(sample_idx) >
563 minstrel_get_duration(mi->max_tp_rate)) {
564 if (mr->sample_skipped < 10)
565 goto next;
566
567 if (mi->sample_slow++ > 2)
568 goto next;
569 }
570
571 return sample_idx;
572
573next:
574 minstrel_next_sample_idx(mi);
575 return -1;
576}
577
578static void
579minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
580 struct ieee80211_tx_rate_control *txrc)
581{
582 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
583 struct ieee80211_tx_rate *ar = info->status.rates;
584 struct minstrel_ht_sta_priv *msp = priv_sta;
585 struct minstrel_ht_sta *mi = &msp->ht;
586 struct minstrel_priv *mp = priv;
587 int sample_idx;
588
589 if (rate_control_send_low(sta, priv_sta, txrc))
590 return;
591
592 if (!msp->is_ht)
593 return mac80211_minstrel.get_rate(priv, sta, &msp->legacy, txrc);
594
595 info->flags |= mi->tx_flags;
596 sample_idx = minstrel_get_sample_rate(mp, mi);
597 if (sample_idx >= 0) {
598 minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx,
599 txrc, true, false);
600 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate,
601 txrc, false, true);
602 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
603 } else {
604 minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate,
605 txrc, false, false);
606 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2,
607 txrc, false, true);
608 }
609 minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate, txrc, false, true);
610
611 ar[3].count = 0;
612 ar[3].idx = -1;
613
614 mi->total_packets++;
615
616 /* wraparound */
617 if (mi->total_packets == ~0) {
618 mi->total_packets = 0;
619 mi->sample_packets = 0;
620 }
621}
622
623static void
624minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
625 struct ieee80211_sta *sta, void *priv_sta,
626 enum nl80211_channel_type oper_chan_type)
627{
628 struct minstrel_priv *mp = priv;
629 struct minstrel_ht_sta_priv *msp = priv_sta;
630 struct minstrel_ht_sta *mi = &msp->ht;
631 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
632 struct ieee80211_local *local = hw_to_local(mp->hw);
633 u16 sta_cap = sta->ht_cap.cap;
634 int ack_dur;
635 int stbc;
636 int i;
637
638 /* fall back to the old minstrel for legacy stations */
639 if (!sta->ht_cap.ht_supported) {
640 msp->is_ht = false;
641 memset(&msp->legacy, 0, sizeof(msp->legacy));
642 msp->legacy.r = msp->ratelist;
643 msp->legacy.sample_table = msp->sample_table;
644 return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
645 }
646
647 BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) !=
648 MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS);
649
650 msp->is_ht = true;
651 memset(mi, 0, sizeof(*mi));
652 mi->stats_update = jiffies;
653
654 ack_dur = ieee80211_frame_duration(local, 10, 60, 1, 1);
655 mi->overhead = ieee80211_frame_duration(local, 0, 60, 1, 1) + ack_dur;
656 mi->overhead_rtscts = mi->overhead + 2 * ack_dur;
657
658 mi->avg_ampdu_len = MINSTREL_FRAC(1, 1);
659
660 /* When using MRR, sample more on the first attempt, without delay */
661 if (mp->has_mrr) {
662 mi->sample_count = 16;
663 mi->sample_wait = 0;
664 } else {
665 mi->sample_count = 8;
666 mi->sample_wait = 8;
667 }
668 mi->sample_tries = 4;
669
670 stbc = (sta_cap & IEEE80211_HT_CAP_RX_STBC) >>
671 IEEE80211_HT_CAP_RX_STBC_SHIFT;
672 mi->tx_flags |= stbc << IEEE80211_TX_CTL_STBC_SHIFT;
673
674 if (sta_cap & IEEE80211_HT_CAP_LDPC_CODING)
675 mi->tx_flags |= IEEE80211_TX_CTL_LDPC;
676
677 if (oper_chan_type != NL80211_CHAN_HT40MINUS &&
678 oper_chan_type != NL80211_CHAN_HT40PLUS)
679 sta_cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
680
681 for (i = 0; i < ARRAY_SIZE(mi->groups); i++) {
682 u16 req = 0;
683
684 mi->groups[i].supported = 0;
685 if (minstrel_mcs_groups[i].flags & IEEE80211_TX_RC_SHORT_GI) {
686 if (minstrel_mcs_groups[i].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
687 req |= IEEE80211_HT_CAP_SGI_40;
688 else
689 req |= IEEE80211_HT_CAP_SGI_20;
690 }
691
692 if (minstrel_mcs_groups[i].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
693 req |= IEEE80211_HT_CAP_SUP_WIDTH_20_40;
694
695 if ((sta_cap & req) != req)
696 continue;
697
698 mi->groups[i].supported =
699 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1];
700 }
701}
702
703static void
704minstrel_ht_rate_init(void *priv, struct ieee80211_supported_band *sband,
705 struct ieee80211_sta *sta, void *priv_sta)
706{
707 struct minstrel_priv *mp = priv;
708
709 minstrel_ht_update_caps(priv, sband, sta, priv_sta, mp->hw->conf.channel_type);
710}
711
712static void
713minstrel_ht_rate_update(void *priv, struct ieee80211_supported_band *sband,
714 struct ieee80211_sta *sta, void *priv_sta,
715 u32 changed, enum nl80211_channel_type oper_chan_type)
716{
717 minstrel_ht_update_caps(priv, sband, sta, priv_sta, oper_chan_type);
718}
719
720static void *
721minstrel_ht_alloc_sta(void *priv, struct ieee80211_sta *sta, gfp_t gfp)
722{
723 struct ieee80211_supported_band *sband;
724 struct minstrel_ht_sta_priv *msp;
725 struct minstrel_priv *mp = priv;
726 struct ieee80211_hw *hw = mp->hw;
727 int max_rates = 0;
728 int i;
729
730 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
731 sband = hw->wiphy->bands[i];
732 if (sband && sband->n_bitrates > max_rates)
733 max_rates = sband->n_bitrates;
734 }
735
736 msp = kzalloc(sizeof(struct minstrel_ht_sta), gfp);
737 if (!msp)
738 return NULL;
739
740 msp->ratelist = kzalloc(sizeof(struct minstrel_rate) * max_rates, gfp);
741 if (!msp->ratelist)
742 goto error;
743
744 msp->sample_table = kmalloc(SAMPLE_COLUMNS * max_rates, gfp);
745 if (!msp->sample_table)
746 goto error1;
747
748 return msp;
749
750error1:
751 kfree(msp->ratelist);
752error:
753 kfree(msp);
754 return NULL;
755}
756
757static void
758minstrel_ht_free_sta(void *priv, struct ieee80211_sta *sta, void *priv_sta)
759{
760 struct minstrel_ht_sta_priv *msp = priv_sta;
761
762 kfree(msp->sample_table);
763 kfree(msp->ratelist);
764 kfree(msp);
765}
766
767static void *
768minstrel_ht_alloc(struct ieee80211_hw *hw, struct dentry *debugfsdir)
769{
770 return mac80211_minstrel.alloc(hw, debugfsdir);
771}
772
773static void
774minstrel_ht_free(void *priv)
775{
776 mac80211_minstrel.free(priv);
777}
778
779static struct rate_control_ops mac80211_minstrel_ht = {
780 .name = "minstrel_ht",
781 .tx_status = minstrel_ht_tx_status,
782 .get_rate = minstrel_ht_get_rate,
783 .rate_init = minstrel_ht_rate_init,
784 .rate_update = minstrel_ht_rate_update,
785 .alloc_sta = minstrel_ht_alloc_sta,
786 .free_sta = minstrel_ht_free_sta,
787 .alloc = minstrel_ht_alloc,
788 .free = minstrel_ht_free,
789#ifdef CONFIG_MAC80211_DEBUGFS
790 .add_sta_debugfs = minstrel_ht_add_sta_debugfs,
791 .remove_sta_debugfs = minstrel_ht_remove_sta_debugfs,
792#endif
793};
794
795
796static void
797init_sample_table(void)
798{
799 int col, i, new_idx;
800 u8 rnd[MCS_GROUP_RATES];
801
802 memset(sample_table, 0xff, sizeof(sample_table));
803 for (col = 0; col < SAMPLE_COLUMNS; col++) {
804 for (i = 0; i < MCS_GROUP_RATES; i++) {
805 get_random_bytes(rnd, sizeof(rnd));
806 new_idx = (i + rnd[i]) % MCS_GROUP_RATES;
807
808 while (sample_table[col][new_idx] != 0xff)
809 new_idx = (new_idx + 1) % MCS_GROUP_RATES;
810
811 sample_table[col][new_idx] = i;
812 }
813 }
814}
815
816int __init
817rc80211_minstrel_ht_init(void)
818{
819 init_sample_table();
820 return ieee80211_rate_control_register(&mac80211_minstrel_ht);
821}
822
823void
824rc80211_minstrel_ht_exit(void)
825{
826 ieee80211_rate_control_unregister(&mac80211_minstrel_ht);
827}
diff --git a/net/mac80211/rc80211_minstrel_ht.h b/net/mac80211/rc80211_minstrel_ht.h
new file mode 100644
index 000000000000..462d2b227ed5
--- /dev/null
+++ b/net/mac80211/rc80211_minstrel_ht.h
@@ -0,0 +1,130 @@
1/*
2 * Copyright (C) 2010 Felix Fietkau <nbd@openwrt.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8
9#ifndef __RC_MINSTREL_HT_H
10#define __RC_MINSTREL_HT_H
11
12/*
13 * The number of streams can be changed to 2 to reduce code
14 * size and memory footprint.
15 */
16#define MINSTREL_MAX_STREAMS 3
17#define MINSTREL_STREAM_GROUPS 4
18
19/* scaled fraction values */
20#define MINSTREL_SCALE 16
21#define MINSTREL_FRAC(val, div) (((val) << MINSTREL_SCALE) / div)
22#define MINSTREL_TRUNC(val) ((val) >> MINSTREL_SCALE)
23
24#define MCS_GROUP_RATES 8
25
26struct mcs_group {
27 u32 flags;
28 unsigned int streams;
29 unsigned int duration[MCS_GROUP_RATES];
30};
31
32extern const struct mcs_group minstrel_mcs_groups[];
33
34struct minstrel_rate_stats {
35 /* current / last sampling period attempts/success counters */
36 unsigned int attempts, last_attempts;
37 unsigned int success, last_success;
38
39 /* total attempts/success counters */
40 u64 att_hist, succ_hist;
41
42 /* current throughput */
43 unsigned int cur_tp;
44
45 /* packet delivery probabilities */
46 unsigned int cur_prob, probability;
47
48 /* maximum retry counts */
49 unsigned int retry_count;
50 unsigned int retry_count_rtscts;
51
52 bool retry_updated;
53 u8 sample_skipped;
54};
55
56struct minstrel_mcs_group_data {
57 u8 index;
58 u8 column;
59
60 /* bitfield of supported MCS rates of this group */
61 u8 supported;
62
63 /* selected primary rates */
64 unsigned int max_tp_rate;
65 unsigned int max_tp_rate2;
66 unsigned int max_prob_rate;
67
68 /* MCS rate statistics */
69 struct minstrel_rate_stats rates[MCS_GROUP_RATES];
70};
71
72struct minstrel_ht_sta {
73 /* ampdu length (average, per sampling interval) */
74 unsigned int ampdu_len;
75 unsigned int ampdu_packets;
76
77 /* ampdu length (EWMA) */
78 unsigned int avg_ampdu_len;
79
80 /* best throughput rate */
81 unsigned int max_tp_rate;
82
83 /* second best throughput rate */
84 unsigned int max_tp_rate2;
85
86 /* best probability rate */
87 unsigned int max_prob_rate;
88
89 /* time of last status update */
90 unsigned long stats_update;
91
92 /* overhead time in usec for each frame */
93 unsigned int overhead;
94 unsigned int overhead_rtscts;
95
96 unsigned int total_packets;
97 unsigned int sample_packets;
98
99 /* tx flags to add for frames for this sta */
100 u32 tx_flags;
101
102 u8 sample_wait;
103 u8 sample_tries;
104 u8 sample_count;
105 u8 sample_slow;
106
107 /* current MCS group to be sampled */
108 u8 sample_group;
109
110 /* MCS rate group info and statistics */
111 struct minstrel_mcs_group_data groups[MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS];
112};
113
114struct minstrel_ht_sta_priv {
115 union {
116 struct minstrel_ht_sta ht;
117 struct minstrel_sta_info legacy;
118 };
119#ifdef CONFIG_MAC80211_DEBUGFS
120 struct dentry *dbg_stats;
121#endif
122 void *ratelist;
123 void *sample_table;
124 bool is_ht;
125};
126
127void minstrel_ht_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);
128void minstrel_ht_remove_sta_debugfs(void *priv, void *priv_sta);
129
130#endif
diff --git a/net/mac80211/rc80211_minstrel_ht_debugfs.c b/net/mac80211/rc80211_minstrel_ht_debugfs.c
new file mode 100644
index 000000000000..4a5a4b3e7799
--- /dev/null
+++ b/net/mac80211/rc80211_minstrel_ht_debugfs.c
@@ -0,0 +1,118 @@
1/*
2 * Copyright (C) 2010 Felix Fietkau <nbd@openwrt.org>
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 */
8#include <linux/netdevice.h>
9#include <linux/types.h>
10#include <linux/skbuff.h>
11#include <linux/debugfs.h>
12#include <linux/ieee80211.h>
13#include <net/mac80211.h>
14#include "rc80211_minstrel.h"
15#include "rc80211_minstrel_ht.h"
16
17static int
18minstrel_ht_stats_open(struct inode *inode, struct file *file)
19{
20 struct minstrel_ht_sta_priv *msp = inode->i_private;
21 struct minstrel_ht_sta *mi = &msp->ht;
22 struct minstrel_debugfs_info *ms;
23 unsigned int i, j, tp, prob, eprob;
24 char *p;
25 int ret;
26
27 if (!msp->is_ht) {
28 inode->i_private = &msp->legacy;
29 ret = minstrel_stats_open(inode, file);
30 inode->i_private = msp;
31 return ret;
32 }
33
34 ms = kmalloc(sizeof(*ms) + 8192, GFP_KERNEL);
35 if (!ms)
36 return -ENOMEM;
37
38 file->private_data = ms;
39 p = ms->buf;
40 p += sprintf(p, "type rate throughput ewma prob this prob "
41 "this succ/attempt success attempts\n");
42 for (i = 0; i < MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS; i++) {
43 char htmode = '2';
44 char gimode = 'L';
45
46 if (!mi->groups[i].supported)
47 continue;
48
49 if (minstrel_mcs_groups[i].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
50 htmode = '4';
51 if (minstrel_mcs_groups[i].flags & IEEE80211_TX_RC_SHORT_GI)
52 gimode = 'S';
53
54 for (j = 0; j < MCS_GROUP_RATES; j++) {
55 struct minstrel_rate_stats *mr = &mi->groups[i].rates[j];
56 int idx = i * MCS_GROUP_RATES + j;
57
58 if (!(mi->groups[i].supported & BIT(j)))
59 continue;
60
61 p += sprintf(p, "HT%c0/%cGI ", htmode, gimode);
62
63 *(p++) = (idx == mi->max_tp_rate) ? 'T' : ' ';
64 *(p++) = (idx == mi->max_tp_rate2) ? 't' : ' ';
65 *(p++) = (idx == mi->max_prob_rate) ? 'P' : ' ';
66 p += sprintf(p, "MCS%-2u", (minstrel_mcs_groups[i].streams - 1) *
67 MCS_GROUP_RATES + j);
68
69 tp = mr->cur_tp / 10;
70 prob = MINSTREL_TRUNC(mr->cur_prob * 1000);
71 eprob = MINSTREL_TRUNC(mr->probability * 1000);
72
73 p += sprintf(p, " %6u.%1u %6u.%1u %6u.%1u "
74 "%3u(%3u) %8llu %8llu\n",
75 tp / 10, tp % 10,
76 eprob / 10, eprob % 10,
77 prob / 10, prob % 10,
78 mr->last_success,
79 mr->last_attempts,
80 (unsigned long long)mr->succ_hist,
81 (unsigned long long)mr->att_hist);
82 }
83 }
84 p += sprintf(p, "\nTotal packet count:: ideal %d "
85 "lookaround %d\n",
86 max(0, (int) mi->total_packets - (int) mi->sample_packets),
87 mi->sample_packets);
88 p += sprintf(p, "Average A-MPDU length: %d.%d\n",
89 MINSTREL_TRUNC(mi->avg_ampdu_len),
90 MINSTREL_TRUNC(mi->avg_ampdu_len * 10) % 10);
91 ms->len = p - ms->buf;
92
93 return 0;
94}
95
96static const struct file_operations minstrel_ht_stat_fops = {
97 .owner = THIS_MODULE,
98 .open = minstrel_ht_stats_open,
99 .read = minstrel_stats_read,
100 .release = minstrel_stats_release,
101};
102
103void
104minstrel_ht_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir)
105{
106 struct minstrel_ht_sta_priv *msp = priv_sta;
107
108 msp->dbg_stats = debugfs_create_file("rc_stats", S_IRUGO, dir, msp,
109 &minstrel_ht_stat_fops);
110}
111
112void
113minstrel_ht_remove_sta_debugfs(void *priv, void *priv_sta)
114{
115 struct minstrel_ht_sta_priv *msp = priv_sta;
116
117 debugfs_remove(msp->dbg_stats);
118}
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index be9abc2e6348..fa0f37e4afe4 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -293,7 +293,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
293 skb2 = skb_clone(skb, GFP_ATOMIC); 293 skb2 = skb_clone(skb, GFP_ATOMIC);
294 if (skb2) { 294 if (skb2) {
295 skb2->dev = prev_dev; 295 skb2->dev = prev_dev;
296 netif_rx(skb2); 296 netif_receive_skb(skb2);
297 } 297 }
298 } 298 }
299 299
@@ -304,7 +304,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
304 304
305 if (prev_dev) { 305 if (prev_dev) {
306 skb->dev = prev_dev; 306 skb->dev = prev_dev;
307 netif_rx(skb); 307 netif_receive_skb(skb);
308 } else 308 } else
309 dev_kfree_skb(skb); 309 dev_kfree_skb(skb);
310 310
@@ -719,16 +719,13 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
719 719
720 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 720 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
721 721
722 spin_lock(&sta->lock); 722 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
723 723 if (!tid_agg_rx)
724 if (!sta->ampdu_mlme.tid_active_rx[tid]) 724 goto dont_reorder;
725 goto dont_reorder_unlock;
726
727 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
728 725
729 /* qos null data frames are excluded */ 726 /* qos null data frames are excluded */
730 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC))) 727 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
731 goto dont_reorder_unlock; 728 goto dont_reorder;
732 729
733 /* new, potentially un-ordered, ampdu frame - process it */ 730 /* new, potentially un-ordered, ampdu frame - process it */
734 731
@@ -740,20 +737,22 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
740 /* if this mpdu is fragmented - terminate rx aggregation session */ 737 /* if this mpdu is fragmented - terminate rx aggregation session */
741 sc = le16_to_cpu(hdr->seq_ctrl); 738 sc = le16_to_cpu(hdr->seq_ctrl);
742 if (sc & IEEE80211_SCTL_FRAG) { 739 if (sc & IEEE80211_SCTL_FRAG) {
743 spin_unlock(&sta->lock); 740 skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
744 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 741 skb_queue_tail(&rx->sdata->skb_queue, skb);
745 WLAN_REASON_QSTA_REQUIRE_SETUP); 742 ieee80211_queue_work(&local->hw, &rx->sdata->work);
746 dev_kfree_skb(skb);
747 return; 743 return;
748 } 744 }
749 745
750 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames)) { 746 /*
751 spin_unlock(&sta->lock); 747 * No locking needed -- we will only ever process one
748 * RX packet at a time, and thus own tid_agg_rx. All
749 * other code manipulating it needs to (and does) make
750 * sure that we cannot get to it any more before doing
751 * anything with it.
752 */
753 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames))
752 return; 754 return;
753 }
754 755
755 dont_reorder_unlock:
756 spin_unlock(&sta->lock);
757 dont_reorder: 756 dont_reorder:
758 __skb_queue_tail(frames, skb); 757 __skb_queue_tail(frames, skb);
759} 758}
@@ -825,6 +824,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
825 ieee80211_rx_result result = RX_DROP_UNUSABLE; 824 ieee80211_rx_result result = RX_DROP_UNUSABLE;
826 struct ieee80211_key *stakey = NULL; 825 struct ieee80211_key *stakey = NULL;
827 int mmie_keyidx = -1; 826 int mmie_keyidx = -1;
827 __le16 fc;
828 828
829 /* 829 /*
830 * Key selection 101 830 * Key selection 101
@@ -866,13 +866,15 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
866 if (rx->sta) 866 if (rx->sta)
867 stakey = rcu_dereference(rx->sta->key); 867 stakey = rcu_dereference(rx->sta->key);
868 868
869 if (!ieee80211_has_protected(hdr->frame_control)) 869 fc = hdr->frame_control;
870
871 if (!ieee80211_has_protected(fc))
870 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb); 872 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
871 873
872 if (!is_multicast_ether_addr(hdr->addr1) && stakey) { 874 if (!is_multicast_ether_addr(hdr->addr1) && stakey) {
873 rx->key = stakey; 875 rx->key = stakey;
874 /* Skip decryption if the frame is not protected. */ 876 /* Skip decryption if the frame is not protected. */
875 if (!ieee80211_has_protected(hdr->frame_control)) 877 if (!ieee80211_has_protected(fc))
876 return RX_CONTINUE; 878 return RX_CONTINUE;
877 } else if (mmie_keyidx >= 0) { 879 } else if (mmie_keyidx >= 0) {
878 /* Broadcast/multicast robust management frame / BIP */ 880 /* Broadcast/multicast robust management frame / BIP */
@@ -884,7 +886,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
884 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 886 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
885 return RX_DROP_MONITOR; /* unexpected BIP keyidx */ 887 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
886 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]); 888 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
887 } else if (!ieee80211_has_protected(hdr->frame_control)) { 889 } else if (!ieee80211_has_protected(fc)) {
888 /* 890 /*
889 * The frame was not protected, so skip decryption. However, we 891 * The frame was not protected, so skip decryption. However, we
890 * need to set rx->key if there is a key that could have been 892 * need to set rx->key if there is a key that could have been
@@ -892,7 +894,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
892 * have been expected. 894 * have been expected.
893 */ 895 */
894 struct ieee80211_key *key = NULL; 896 struct ieee80211_key *key = NULL;
895 if (ieee80211_is_mgmt(hdr->frame_control) && 897 if (ieee80211_is_mgmt(fc) &&
896 is_multicast_ether_addr(hdr->addr1) && 898 is_multicast_ether_addr(hdr->addr1) &&
897 (key = rcu_dereference(rx->sdata->default_mgmt_key))) 899 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
898 rx->key = key; 900 rx->key = key;
@@ -914,7 +916,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
914 (status->flag & RX_FLAG_IV_STRIPPED)) 916 (status->flag & RX_FLAG_IV_STRIPPED))
915 return RX_CONTINUE; 917 return RX_CONTINUE;
916 918
917 hdrlen = ieee80211_hdrlen(hdr->frame_control); 919 hdrlen = ieee80211_hdrlen(fc);
918 920
919 if (rx->skb->len < 8 + hdrlen) 921 if (rx->skb->len < 8 + hdrlen)
920 return RX_DROP_UNUSABLE; /* TODO: count this? */ 922 return RX_DROP_UNUSABLE; /* TODO: count this? */
@@ -947,19 +949,17 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
947 949
948 if (skb_linearize(rx->skb)) 950 if (skb_linearize(rx->skb))
949 return RX_DROP_UNUSABLE; 951 return RX_DROP_UNUSABLE;
950 952 /* the hdr variable is invalid now! */
951 hdr = (struct ieee80211_hdr *)rx->skb->data;
952
953 /* Check for weak IVs if possible */
954 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
955 ieee80211_is_data(hdr->frame_control) &&
956 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
957 !(status->flag & RX_FLAG_DECRYPTED)) &&
958 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
959 rx->sta->wep_weak_iv_count++;
960 953
961 switch (rx->key->conf.alg) { 954 switch (rx->key->conf.alg) {
962 case ALG_WEP: 955 case ALG_WEP:
956 /* Check for weak IVs if possible */
957 if (rx->sta && ieee80211_is_data(fc) &&
958 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
959 !(status->flag & RX_FLAG_DECRYPTED)) &&
960 ieee80211_wep_is_weak_iv(rx->skb, rx->key))
961 rx->sta->wep_weak_iv_count++;
962
963 result = ieee80211_crypto_wep_decrypt(rx); 963 result = ieee80211_crypto_wep_decrypt(rx);
964 break; 964 break;
965 case ALG_TKIP: 965 case ALG_TKIP:
@@ -1267,11 +1267,13 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1267 rx->queue, &(rx->skb)); 1267 rx->queue, &(rx->skb));
1268 if (rx->key && rx->key->conf.alg == ALG_CCMP && 1268 if (rx->key && rx->key->conf.alg == ALG_CCMP &&
1269 ieee80211_has_protected(fc)) { 1269 ieee80211_has_protected(fc)) {
1270 int queue = ieee80211_is_mgmt(fc) ?
1271 NUM_RX_DATA_QUEUES : rx->queue;
1270 /* Store CCMP PN so that we can verify that the next 1272 /* Store CCMP PN so that we can verify that the next
1271 * fragment has a sequential PN value. */ 1273 * fragment has a sequential PN value. */
1272 entry->ccmp = 1; 1274 entry->ccmp = 1;
1273 memcpy(entry->last_pn, 1275 memcpy(entry->last_pn,
1274 rx->key->u.ccmp.rx_pn[rx->queue], 1276 rx->key->u.ccmp.rx_pn[queue],
1275 CCMP_PN_LEN); 1277 CCMP_PN_LEN);
1276 } 1278 }
1277 return RX_QUEUED; 1279 return RX_QUEUED;
@@ -1291,6 +1293,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1291 if (entry->ccmp) { 1293 if (entry->ccmp) {
1292 int i; 1294 int i;
1293 u8 pn[CCMP_PN_LEN], *rpn; 1295 u8 pn[CCMP_PN_LEN], *rpn;
1296 int queue;
1294 if (!rx->key || rx->key->conf.alg != ALG_CCMP) 1297 if (!rx->key || rx->key->conf.alg != ALG_CCMP)
1295 return RX_DROP_UNUSABLE; 1298 return RX_DROP_UNUSABLE;
1296 memcpy(pn, entry->last_pn, CCMP_PN_LEN); 1299 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
@@ -1299,7 +1302,9 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1299 if (pn[i]) 1302 if (pn[i])
1300 break; 1303 break;
1301 } 1304 }
1302 rpn = rx->key->u.ccmp.rx_pn[rx->queue]; 1305 queue = ieee80211_is_mgmt(fc) ?
1306 NUM_RX_DATA_QUEUES : rx->queue;
1307 rpn = rx->key->u.ccmp.rx_pn[queue];
1303 if (memcmp(pn, rpn, CCMP_PN_LEN)) 1308 if (memcmp(pn, rpn, CCMP_PN_LEN))
1304 return RX_DROP_UNUSABLE; 1309 return RX_DROP_UNUSABLE;
1305 memcpy(entry->last_pn, pn, CCMP_PN_LEN); 1310 memcpy(entry->last_pn, pn, CCMP_PN_LEN);
@@ -1573,7 +1578,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1573 /* deliver to local stack */ 1578 /* deliver to local stack */
1574 skb->protocol = eth_type_trans(skb, dev); 1579 skb->protocol = eth_type_trans(skb, dev);
1575 memset(skb->cb, 0, sizeof(skb->cb)); 1580 memset(skb->cb, 0, sizeof(skb->cb));
1576 netif_rx(skb); 1581 netif_receive_skb(skb);
1577 } 1582 }
1578 } 1583 }
1579 1584
@@ -1829,13 +1834,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1829 &bar_data, sizeof(bar_data))) 1834 &bar_data, sizeof(bar_data)))
1830 return RX_DROP_MONITOR; 1835 return RX_DROP_MONITOR;
1831 1836
1832 spin_lock(&rx->sta->lock);
1833 tid = le16_to_cpu(bar_data.control) >> 12; 1837 tid = le16_to_cpu(bar_data.control) >> 12;
1834 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) { 1838
1835 spin_unlock(&rx->sta->lock); 1839 tid_agg_rx = rcu_dereference(rx->sta->ampdu_mlme.tid_rx[tid]);
1840 if (!tid_agg_rx)
1836 return RX_DROP_MONITOR; 1841 return RX_DROP_MONITOR;
1837 }
1838 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1839 1842
1840 start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4; 1843 start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4;
1841 1844
@@ -1848,11 +1851,15 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1848 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num, 1851 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
1849 frames); 1852 frames);
1850 kfree_skb(skb); 1853 kfree_skb(skb);
1851 spin_unlock(&rx->sta->lock);
1852 return RX_QUEUED; 1854 return RX_QUEUED;
1853 } 1855 }
1854 1856
1855 return RX_CONTINUE; 1857 /*
1858 * After this point, we only want management frames,
1859 * so we can drop all remaining control frames to
1860 * cooked monitor interfaces.
1861 */
1862 return RX_DROP_MONITOR;
1856} 1863}
1857 1864
1858static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata, 1865static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
@@ -1944,30 +1951,27 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1944 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1951 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1945 break; 1952 break;
1946 1953
1947 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1948 return ieee80211_sta_rx_mgmt(sdata, rx->skb);
1949
1950 switch (mgmt->u.action.u.addba_req.action_code) { 1954 switch (mgmt->u.action.u.addba_req.action_code) {
1951 case WLAN_ACTION_ADDBA_REQ: 1955 case WLAN_ACTION_ADDBA_REQ:
1952 if (len < (IEEE80211_MIN_ACTION_SIZE + 1956 if (len < (IEEE80211_MIN_ACTION_SIZE +
1953 sizeof(mgmt->u.action.u.addba_req))) 1957 sizeof(mgmt->u.action.u.addba_req)))
1954 return RX_DROP_MONITOR; 1958 goto invalid;
1955 ieee80211_process_addba_request(local, rx->sta, mgmt, len); 1959 break;
1956 goto handled;
1957 case WLAN_ACTION_ADDBA_RESP: 1960 case WLAN_ACTION_ADDBA_RESP:
1958 if (len < (IEEE80211_MIN_ACTION_SIZE + 1961 if (len < (IEEE80211_MIN_ACTION_SIZE +
1959 sizeof(mgmt->u.action.u.addba_resp))) 1962 sizeof(mgmt->u.action.u.addba_resp)))
1960 break; 1963 goto invalid;
1961 ieee80211_process_addba_resp(local, rx->sta, mgmt, len); 1964 break;
1962 goto handled;
1963 case WLAN_ACTION_DELBA: 1965 case WLAN_ACTION_DELBA:
1964 if (len < (IEEE80211_MIN_ACTION_SIZE + 1966 if (len < (IEEE80211_MIN_ACTION_SIZE +
1965 sizeof(mgmt->u.action.u.delba))) 1967 sizeof(mgmt->u.action.u.delba)))
1966 break; 1968 goto invalid;
1967 ieee80211_process_delba(sdata, rx->sta, mgmt, len); 1969 break;
1968 goto handled; 1970 default:
1971 goto invalid;
1969 } 1972 }
1970 break; 1973
1974 goto queue;
1971 case WLAN_CATEGORY_SPECTRUM_MGMT: 1975 case WLAN_CATEGORY_SPECTRUM_MGMT:
1972 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ) 1976 if (local->hw.conf.channel->band != IEEE80211_BAND_5GHZ)
1973 break; 1977 break;
@@ -1997,7 +2001,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1997 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN)) 2001 if (memcmp(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN))
1998 break; 2002 break;
1999 2003
2000 return ieee80211_sta_rx_mgmt(sdata, rx->skb); 2004 goto queue;
2001 } 2005 }
2002 break; 2006 break;
2003 case WLAN_CATEGORY_SA_QUERY: 2007 case WLAN_CATEGORY_SA_QUERY:
@@ -2015,11 +2019,12 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2015 break; 2019 break;
2016 case WLAN_CATEGORY_MESH_PLINK: 2020 case WLAN_CATEGORY_MESH_PLINK:
2017 case WLAN_CATEGORY_MESH_PATH_SEL: 2021 case WLAN_CATEGORY_MESH_PATH_SEL:
2018 if (ieee80211_vif_is_mesh(&sdata->vif)) 2022 if (!ieee80211_vif_is_mesh(&sdata->vif))
2019 return ieee80211_mesh_rx_mgmt(sdata, rx->skb); 2023 break;
2020 break; 2024 goto queue;
2021 } 2025 }
2022 2026
2027 invalid:
2023 /* 2028 /*
2024 * For AP mode, hostapd is responsible for handling any action 2029 * For AP mode, hostapd is responsible for handling any action
2025 * frames that we didn't handle, including returning unknown 2030 * frames that we didn't handle, including returning unknown
@@ -2039,8 +2044,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2039 */ 2044 */
2040 status = IEEE80211_SKB_RXCB(rx->skb); 2045 status = IEEE80211_SKB_RXCB(rx->skb);
2041 2046
2042 if (sdata->vif.type == NL80211_IFTYPE_STATION && 2047 if (cfg80211_rx_action(rx->sdata->dev, status->freq,
2043 cfg80211_rx_action(rx->sdata->dev, status->freq,
2044 rx->skb->data, rx->skb->len, 2048 rx->skb->data, rx->skb->len,
2045 GFP_ATOMIC)) 2049 GFP_ATOMIC))
2046 goto handled; 2050 goto handled;
@@ -2052,11 +2056,11 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2052 nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0, 2056 nskb = skb_copy_expand(rx->skb, local->hw.extra_tx_headroom, 0,
2053 GFP_ATOMIC); 2057 GFP_ATOMIC);
2054 if (nskb) { 2058 if (nskb) {
2055 struct ieee80211_mgmt *mgmt = (void *)nskb->data; 2059 struct ieee80211_mgmt *nmgmt = (void *)nskb->data;
2056 2060
2057 mgmt->u.action.category |= 0x80; 2061 nmgmt->u.action.category |= 0x80;
2058 memcpy(mgmt->da, mgmt->sa, ETH_ALEN); 2062 memcpy(nmgmt->da, nmgmt->sa, ETH_ALEN);
2059 memcpy(mgmt->sa, rx->sdata->vif.addr, ETH_ALEN); 2063 memcpy(nmgmt->sa, rx->sdata->vif.addr, ETH_ALEN);
2060 2064
2061 memset(nskb->cb, 0, sizeof(nskb->cb)); 2065 memset(nskb->cb, 0, sizeof(nskb->cb));
2062 2066
@@ -2068,6 +2072,14 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2068 rx->sta->rx_packets++; 2072 rx->sta->rx_packets++;
2069 dev_kfree_skb(rx->skb); 2073 dev_kfree_skb(rx->skb);
2070 return RX_QUEUED; 2074 return RX_QUEUED;
2075
2076 queue:
2077 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2078 skb_queue_tail(&sdata->skb_queue, rx->skb);
2079 ieee80211_queue_work(&local->hw, &sdata->work);
2080 if (rx->sta)
2081 rx->sta->rx_packets++;
2082 return RX_QUEUED;
2071} 2083}
2072 2084
2073static ieee80211_rx_result debug_noinline 2085static ieee80211_rx_result debug_noinline
@@ -2075,10 +2087,15 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2075{ 2087{
2076 struct ieee80211_sub_if_data *sdata = rx->sdata; 2088 struct ieee80211_sub_if_data *sdata = rx->sdata;
2077 ieee80211_rx_result rxs; 2089 ieee80211_rx_result rxs;
2090 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data;
2091 __le16 stype;
2078 2092
2079 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 2093 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
2080 return RX_DROP_MONITOR; 2094 return RX_DROP_MONITOR;
2081 2095
2096 if (rx->skb->len < 24)
2097 return RX_DROP_MONITOR;
2098
2082 if (ieee80211_drop_unencrypted_mgmt(rx)) 2099 if (ieee80211_drop_unencrypted_mgmt(rx))
2083 return RX_DROP_UNUSABLE; 2100 return RX_DROP_UNUSABLE;
2084 2101
@@ -2086,16 +2103,42 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2086 if (rxs != RX_CONTINUE) 2103 if (rxs != RX_CONTINUE)
2087 return rxs; 2104 return rxs;
2088 2105
2089 if (ieee80211_vif_is_mesh(&sdata->vif)) 2106 stype = mgmt->frame_control & cpu_to_le16(IEEE80211_FCTL_STYPE);
2090 return ieee80211_mesh_rx_mgmt(sdata, rx->skb);
2091 2107
2092 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) 2108 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
2093 return ieee80211_ibss_rx_mgmt(sdata, rx->skb); 2109 sdata->vif.type != NL80211_IFTYPE_ADHOC &&
2110 sdata->vif.type != NL80211_IFTYPE_STATION)
2111 return RX_DROP_MONITOR;
2112
2113 switch (stype) {
2114 case cpu_to_le16(IEEE80211_STYPE_BEACON):
2115 case cpu_to_le16(IEEE80211_STYPE_PROBE_RESP):
2116 /* process for all: mesh, mlme, ibss */
2117 break;
2118 case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
2119 case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
2120 /* process only for station */
2121 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2122 return RX_DROP_MONITOR;
2123 break;
2124 case cpu_to_le16(IEEE80211_STYPE_PROBE_REQ):
2125 case cpu_to_le16(IEEE80211_STYPE_AUTH):
2126 /* process only for ibss */
2127 if (sdata->vif.type != NL80211_IFTYPE_ADHOC)
2128 return RX_DROP_MONITOR;
2129 break;
2130 default:
2131 return RX_DROP_MONITOR;
2132 }
2094 2133
2095 if (sdata->vif.type == NL80211_IFTYPE_STATION) 2134 /* queue up frame and kick off work to process it */
2096 return ieee80211_sta_rx_mgmt(sdata, rx->skb); 2135 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2136 skb_queue_tail(&sdata->skb_queue, rx->skb);
2137 ieee80211_queue_work(&rx->local->hw, &sdata->work);
2138 if (rx->sta)
2139 rx->sta->rx_packets++;
2097 2140
2098 return RX_DROP_MONITOR; 2141 return RX_QUEUED;
2099} 2142}
2100 2143
2101static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr, 2144static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
@@ -2151,7 +2194,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2151 u8 rate_or_pad; 2194 u8 rate_or_pad;
2152 __le16 chan_freq; 2195 __le16 chan_freq;
2153 __le16 chan_flags; 2196 __le16 chan_flags;
2154 } __attribute__ ((packed)) *rthdr; 2197 } __packed *rthdr;
2155 struct sk_buff *skb = rx->skb, *skb2; 2198 struct sk_buff *skb = rx->skb, *skb2;
2156 struct net_device *prev_dev = NULL; 2199 struct net_device *prev_dev = NULL;
2157 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2200 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
@@ -2201,7 +2244,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2201 skb2 = skb_clone(skb, GFP_ATOMIC); 2244 skb2 = skb_clone(skb, GFP_ATOMIC);
2202 if (skb2) { 2245 if (skb2) {
2203 skb2->dev = prev_dev; 2246 skb2->dev = prev_dev;
2204 netif_rx(skb2); 2247 netif_receive_skb(skb2);
2205 } 2248 }
2206 } 2249 }
2207 2250
@@ -2212,7 +2255,7 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2212 2255
2213 if (prev_dev) { 2256 if (prev_dev) {
2214 skb->dev = prev_dev; 2257 skb->dev = prev_dev;
2215 netif_rx(skb); 2258 netif_receive_skb(skb);
2216 skb = NULL; 2259 skb = NULL;
2217 } else 2260 } else
2218 goto out_free_skb; 2261 goto out_free_skb;
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index e1b0be7a57b9..872d7b6ef6b3 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -114,6 +114,10 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
114 bss->dtim_period = tim_ie->dtim_period; 114 bss->dtim_period = tim_ie->dtim_period;
115 } 115 }
116 116
117 /* If the beacon had no TIM IE, or it was invalid, use 1 */
118 if (beacon && !bss->dtim_period)
119 bss->dtim_period = 1;
120
117 /* replace old supported rates if we get new values */ 121 /* replace old supported rates if we get new values */
118 srlen = 0; 122 srlen = 0;
119 if (elems->supp_rates) { 123 if (elems->supp_rates) {
@@ -396,19 +400,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
396 else 400 else
397 __set_bit(SCAN_SW_SCANNING, &local->scanning); 401 __set_bit(SCAN_SW_SCANNING, &local->scanning);
398 402
399 /*
400 * Kicking off the scan need not be protected,
401 * only the scan variable stuff, since now
402 * local->scan_req is assigned and other callers
403 * will abort their scan attempts.
404 *
405 * This avoids too many locking dependencies
406 * so that the scan completed calls have more
407 * locking freedom.
408 */
409
410 ieee80211_recalc_idle(local); 403 ieee80211_recalc_idle(local);
411 mutex_unlock(&local->scan_mtx);
412 404
413 if (local->ops->hw_scan) { 405 if (local->ops->hw_scan) {
414 WARN_ON(!ieee80211_prep_hw_scan(local)); 406 WARN_ON(!ieee80211_prep_hw_scan(local));
@@ -416,8 +408,6 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
416 } else 408 } else
417 rc = ieee80211_start_sw_scan(local); 409 rc = ieee80211_start_sw_scan(local);
418 410
419 mutex_lock(&local->scan_mtx);
420
421 if (rc) { 411 if (rc) {
422 kfree(local->hw_scan_req); 412 kfree(local->hw_scan_req);
423 local->hw_scan_req = NULL; 413 local->hw_scan_req = NULL;
@@ -734,7 +724,7 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
734{ 724{
735 struct ieee80211_local *local = sdata->local; 725 struct ieee80211_local *local = sdata->local;
736 int ret = -EBUSY; 726 int ret = -EBUSY;
737 enum nl80211_band band; 727 enum ieee80211_band band;
738 728
739 mutex_lock(&local->scan_mtx); 729 mutex_lock(&local->scan_mtx);
740 730
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index ba9360a475b0..6d86f0c1ad04 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -235,6 +235,8 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
235 spin_lock_init(&sta->lock); 235 spin_lock_init(&sta->lock);
236 spin_lock_init(&sta->flaglock); 236 spin_lock_init(&sta->flaglock);
237 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 237 INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
238 INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
239 mutex_init(&sta->ampdu_mlme.mtx);
238 240
239 memcpy(sta->sta.addr, addr, ETH_ALEN); 241 memcpy(sta->sta.addr, addr, ETH_ALEN);
240 sta->local = local; 242 sta->local = local;
@@ -246,14 +248,12 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
246 } 248 }
247 249
248 for (i = 0; i < STA_TID_NUM; i++) { 250 for (i = 0; i < STA_TID_NUM; i++) {
249 /* timer_to_tid must be initialized with identity mapping to 251 /*
250 * enable session_timer's data differentiation. refer to 252 * timer_to_tid must be initialized with identity mapping
251 * sta_rx_agg_session_timer_expired for useage */ 253 * to enable session_timer's data differentiation. See
254 * sta_rx_agg_session_timer_expired for usage.
255 */
252 sta->timer_to_tid[i] = i; 256 sta->timer_to_tid[i] = i;
253 /* tx */
254 sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE;
255 sta->ampdu_mlme.tid_tx[i] = NULL;
256 sta->ampdu_mlme.addba_req_num[i] = 0;
257 } 257 }
258 skb_queue_head_init(&sta->ps_tx_buf); 258 skb_queue_head_init(&sta->ps_tx_buf);
259 skb_queue_head_init(&sta->tx_filtered); 259 skb_queue_head_init(&sta->tx_filtered);
@@ -647,15 +647,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
647 return ret; 647 return ret;
648 648
649 if (sta->key) { 649 if (sta->key) {
650 ieee80211_key_free(sta->key); 650 ieee80211_key_free(local, sta->key);
651 /*
652 * We have only unlinked the key, and actually destroying it
653 * may mean it is removed from hardware which requires that
654 * the key->sta pointer is still valid, so flush the key todo
655 * list here.
656 */
657 ieee80211_key_todo();
658
659 WARN_ON(sta->key); 651 WARN_ON(sta->key);
660 } 652 }
661 653
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index df9d45544ca5..54262e72376d 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -42,9 +42,6 @@
42 * be in the queues 42 * be in the queues
43 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping 43 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
44 * station in power-save mode, reply when the driver unblocks. 44 * station in power-save mode, reply when the driver unblocks.
45 * @WLAN_STA_DISASSOC: Disassociation in progress.
46 * This is used to reject TX BA session requests when disassociation
47 * is in progress.
48 */ 45 */
49enum ieee80211_sta_info_flags { 46enum ieee80211_sta_info_flags {
50 WLAN_STA_AUTH = 1<<0, 47 WLAN_STA_AUTH = 1<<0,
@@ -60,38 +57,44 @@ enum ieee80211_sta_info_flags {
60 WLAN_STA_BLOCK_BA = 1<<11, 57 WLAN_STA_BLOCK_BA = 1<<11,
61 WLAN_STA_PS_DRIVER = 1<<12, 58 WLAN_STA_PS_DRIVER = 1<<12,
62 WLAN_STA_PSPOLL = 1<<13, 59 WLAN_STA_PSPOLL = 1<<13,
63 WLAN_STA_DISASSOC = 1<<14,
64}; 60};
65 61
66#define STA_TID_NUM 16 62#define STA_TID_NUM 16
67#define ADDBA_RESP_INTERVAL HZ 63#define ADDBA_RESP_INTERVAL HZ
68#define HT_AGG_MAX_RETRIES (0x3) 64#define HT_AGG_MAX_RETRIES 0x3
69 65
70#define HT_AGG_STATE_INITIATOR_SHIFT (4) 66#define HT_AGG_STATE_DRV_READY 0
71 67#define HT_AGG_STATE_RESPONSE_RECEIVED 1
72#define HT_ADDBA_REQUESTED_MSK BIT(0) 68#define HT_AGG_STATE_OPERATIONAL 2
73#define HT_ADDBA_DRV_READY_MSK BIT(1) 69#define HT_AGG_STATE_STOPPING 3
74#define HT_ADDBA_RECEIVED_MSK BIT(2) 70#define HT_AGG_STATE_WANT_START 4
75#define HT_AGG_STATE_REQ_STOP_BA_MSK BIT(3) 71#define HT_AGG_STATE_WANT_STOP 5
76#define HT_AGG_STATE_INITIATOR_MSK BIT(HT_AGG_STATE_INITIATOR_SHIFT)
77#define HT_AGG_STATE_IDLE (0x0)
78#define HT_AGG_STATE_OPERATIONAL (HT_ADDBA_REQUESTED_MSK | \
79 HT_ADDBA_DRV_READY_MSK | \
80 HT_ADDBA_RECEIVED_MSK)
81 72
82/** 73/**
83 * struct tid_ampdu_tx - TID aggregation information (Tx). 74 * struct tid_ampdu_tx - TID aggregation information (Tx).
84 * 75 *
76 * @rcu_head: rcu head for freeing structure
85 * @addba_resp_timer: timer for peer's response to addba request 77 * @addba_resp_timer: timer for peer's response to addba request
86 * @pending: pending frames queue -- use sta's spinlock to protect 78 * @pending: pending frames queue -- use sta's spinlock to protect
87 * @ssn: Starting Sequence Number expected to be aggregated.
88 * @dialog_token: dialog token for aggregation session 79 * @dialog_token: dialog token for aggregation session
80 * @state: session state (see above)
81 * @stop_initiator: initiator of a session stop
82 *
83 * This structure is protected by RCU and the per-station
84 * spinlock. Assignments to the array holding it must hold
85 * the spinlock, only the TX path can access it under RCU
86 * lock-free if, and only if, the state has the flag
87 * %HT_AGG_STATE_OPERATIONAL set. Otherwise, the TX path
88 * must also acquire the spinlock and re-check the state,
89 * see comments in the tx code touching it.
89 */ 90 */
90struct tid_ampdu_tx { 91struct tid_ampdu_tx {
92 struct rcu_head rcu_head;
91 struct timer_list addba_resp_timer; 93 struct timer_list addba_resp_timer;
92 struct sk_buff_head pending; 94 struct sk_buff_head pending;
93 u16 ssn; 95 unsigned long state;
94 u8 dialog_token; 96 u8 dialog_token;
97 u8 stop_initiator;
95}; 98};
96 99
97/** 100/**
@@ -106,8 +109,18 @@ struct tid_ampdu_tx {
106 * @buf_size: buffer size for incoming A-MPDUs 109 * @buf_size: buffer size for incoming A-MPDUs
107 * @timeout: reset timer value (in TUs). 110 * @timeout: reset timer value (in TUs).
108 * @dialog_token: dialog token for aggregation session 111 * @dialog_token: dialog token for aggregation session
112 * @rcu_head: RCU head used for freeing this struct
113 *
114 * This structure is protected by RCU and the per-station
115 * spinlock. Assignments to the array holding it must hold
116 * the spinlock, only the RX path can access it under RCU
117 * lock-free. The RX path, since it is single-threaded,
118 * can even modify the structure without locking since the
119 * only other modifications to it are done when the struct
120 * can not yet or no longer be found by the RX path.
109 */ 121 */
110struct tid_ampdu_rx { 122struct tid_ampdu_rx {
123 struct rcu_head rcu_head;
111 struct sk_buff **reorder_buf; 124 struct sk_buff **reorder_buf;
112 unsigned long *reorder_time; 125 unsigned long *reorder_time;
113 struct timer_list session_timer; 126 struct timer_list session_timer;
@@ -120,6 +133,32 @@ struct tid_ampdu_rx {
120}; 133};
121 134
122/** 135/**
136 * struct sta_ampdu_mlme - STA aggregation information.
137 *
138 * @tid_rx: aggregation info for Rx per TID -- RCU protected
139 * @tid_tx: aggregation info for Tx per TID
140 * @addba_req_num: number of times addBA request has been sent.
141 * @dialog_token_allocator: dialog token enumerator for each new session;
142 * @work: work struct for starting/stopping aggregation
143 * @tid_rx_timer_expired: bitmap indicating on which TIDs the
144 * RX timer expired until the work for it runs
145 * @mtx: mutex to protect all TX data (except non-NULL assignments
146 * to tid_tx[idx], which are protected by the sta spinlock)
147 */
148struct sta_ampdu_mlme {
149 struct mutex mtx;
150 /* rx */
151 struct tid_ampdu_rx *tid_rx[STA_TID_NUM];
152 unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)];
153 /* tx */
154 struct work_struct work;
155 struct tid_ampdu_tx *tid_tx[STA_TID_NUM];
156 u8 addba_req_num[STA_TID_NUM];
157 u8 dialog_token_allocator;
158};
159
160
161/**
123 * enum plink_state - state of a mesh peer link finite state machine 162 * enum plink_state - state of a mesh peer link finite state machine
124 * 163 *
125 * @PLINK_LISTEN: initial state, considered the implicit state of non existant 164 * @PLINK_LISTEN: initial state, considered the implicit state of non existant
@@ -143,28 +182,6 @@ enum plink_state {
143}; 182};
144 183
145/** 184/**
146 * struct sta_ampdu_mlme - STA aggregation information.
147 *
148 * @tid_active_rx: TID's state in Rx session state machine.
149 * @tid_rx: aggregation info for Rx per TID
150 * @tid_state_tx: TID's state in Tx session state machine.
151 * @tid_tx: aggregation info for Tx per TID
152 * @addba_req_num: number of times addBA request has been sent.
153 * @dialog_token_allocator: dialog token enumerator for each new session;
154 */
155struct sta_ampdu_mlme {
156 /* rx */
157 bool tid_active_rx[STA_TID_NUM];
158 struct tid_ampdu_rx *tid_rx[STA_TID_NUM];
159 /* tx */
160 u8 tid_state_tx[STA_TID_NUM];
161 struct tid_ampdu_tx *tid_tx[STA_TID_NUM];
162 u8 addba_req_num[STA_TID_NUM];
163 u8 dialog_token_allocator;
164};
165
166
167/**
168 * struct sta_info - STA information 185 * struct sta_info - STA information
169 * 186 *
170 * This structure collects information about a station that 187 * This structure collects information about a station that
@@ -410,20 +427,20 @@ void for_each_sta_info_type_check(struct ieee80211_local *local,
410{ 427{
411} 428}
412 429
413#define for_each_sta_info(local, _addr, sta, nxt) \ 430#define for_each_sta_info(local, _addr, _sta, nxt) \
414 for ( /* initialise loop */ \ 431 for ( /* initialise loop */ \
415 sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\ 432 _sta = rcu_dereference(local->sta_hash[STA_HASH(_addr)]),\
416 nxt = sta ? rcu_dereference(sta->hnext) : NULL; \ 433 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL; \
417 /* typecheck */ \ 434 /* typecheck */ \
418 for_each_sta_info_type_check(local, (_addr), sta, nxt), \ 435 for_each_sta_info_type_check(local, (_addr), _sta, nxt),\
419 /* continue condition */ \ 436 /* continue condition */ \
420 sta; \ 437 _sta; \
421 /* advance loop */ \ 438 /* advance loop */ \
422 sta = nxt, \ 439 _sta = nxt, \
423 nxt = sta ? rcu_dereference(sta->hnext) : NULL \ 440 nxt = _sta ? rcu_dereference(_sta->hnext) : NULL \
424 ) \ 441 ) \
425 /* compare address and run code only if it matches */ \ 442 /* compare address and run code only if it matches */ \
426 if (memcmp(sta->sta.addr, (_addr), ETH_ALEN) == 0) 443 if (memcmp(_sta->sta.addr, (_addr), ETH_ALEN) == 0)
427 444
428/* 445/*
429 * Get STA info by index, BROKEN! 446 * Get STA info by index, BROKEN!
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 94613af009f3..10caec5ea8fa 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -47,7 +47,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
47 /* 47 /*
48 * This skb 'survived' a round-trip through the driver, and 48 * This skb 'survived' a round-trip through the driver, and
49 * hopefully the driver didn't mangle it too badly. However, 49 * hopefully the driver didn't mangle it too badly. However,
50 * we can definitely not rely on the the control information 50 * we can definitely not rely on the control information
51 * being correct. Clear it so we don't get junk there, and 51 * being correct. Clear it so we don't get junk there, and
52 * indicate that it needs new processing, but must not be 52 * indicate that it needs new processing, but must not be
53 * modified/encrypted again. 53 * modified/encrypted again.
@@ -377,7 +377,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
377 skb2 = skb_clone(skb, GFP_ATOMIC); 377 skb2 = skb_clone(skb, GFP_ATOMIC);
378 if (skb2) { 378 if (skb2) {
379 skb2->dev = prev_dev; 379 skb2->dev = prev_dev;
380 netif_rx(skb2); 380 netif_receive_skb(skb2);
381 } 381 }
382 } 382 }
383 383
@@ -386,7 +386,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
386 } 386 }
387 if (prev_dev) { 387 if (prev_dev) {
388 skb->dev = prev_dev; 388 skb->dev = prev_dev;
389 netif_rx(skb); 389 netif_receive_skb(skb);
390 skb = NULL; 390 skb = NULL;
391 } 391 }
392 rcu_read_unlock(); 392 rcu_read_unlock();
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 7ef491e9d66d..e840c9cd46db 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -202,9 +202,9 @@ EXPORT_SYMBOL(ieee80211_get_tkip_key);
202 * @payload_len is the length of payload (_not_ including IV/ICV length). 202 * @payload_len is the length of payload (_not_ including IV/ICV length).
203 * @ta is the transmitter addresses. 203 * @ta is the transmitter addresses.
204 */ 204 */
205void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 205int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
206 struct ieee80211_key *key, 206 struct ieee80211_key *key,
207 u8 *pos, size_t payload_len, u8 *ta) 207 u8 *pos, size_t payload_len, u8 *ta)
208{ 208{
209 u8 rc4key[16]; 209 u8 rc4key[16];
210 struct tkip_ctx *ctx = &key->u.tkip.tx; 210 struct tkip_ctx *ctx = &key->u.tkip.tx;
@@ -216,7 +216,7 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
216 216
217 tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key); 217 tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key);
218 218
219 ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len); 219 return ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len);
220} 220}
221 221
222/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the 222/* Decrypt packet payload with TKIP using @key. @pos is a pointer to the
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h
index d4714383f5fc..7e83dee976fa 100644
--- a/net/mac80211/tkip.h
+++ b/net/mac80211/tkip.h
@@ -15,7 +15,7 @@
15 15
16u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16); 16u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16);
17 17
18void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 18int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
19 struct ieee80211_key *key, 19 struct ieee80211_key *key,
20 u8 *pos, size_t payload_len, u8 *ta); 20 u8 *pos, size_t payload_len, u8 *ta);
21enum { 21enum {
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index 680bcb7093db..c54db966926b 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -576,17 +576,6 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
576} 576}
577 577
578static ieee80211_tx_result debug_noinline 578static ieee80211_tx_result debug_noinline
579ieee80211_tx_h_sta(struct ieee80211_tx_data *tx)
580{
581 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
582
583 if (tx->sta && tx->sta->uploaded)
584 info->control.sta = &tx->sta->sta;
585
586 return TX_CONTINUE;
587}
588
589static ieee80211_tx_result debug_noinline
590ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx) 579ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
591{ 580{
592 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 581 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
@@ -1092,6 +1081,59 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
1092 return true; 1081 return true;
1093} 1082}
1094 1083
1084static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1085 struct sk_buff *skb,
1086 struct ieee80211_tx_info *info,
1087 struct tid_ampdu_tx *tid_tx,
1088 int tid)
1089{
1090 bool queued = false;
1091
1092 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1093 info->flags |= IEEE80211_TX_CTL_AMPDU;
1094 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1095 /*
1096 * nothing -- this aggregation session is being started
1097 * but that might still fail with the driver
1098 */
1099 } else {
1100 spin_lock(&tx->sta->lock);
1101 /*
1102 * Need to re-check now, because we may get here
1103 *
1104 * 1) in the window during which the setup is actually
1105 * already done, but not marked yet because not all
1106 * packets are spliced over to the driver pending
1107 * queue yet -- if this happened we acquire the lock
1108 * either before or after the splice happens, but
1109 * need to recheck which of these cases happened.
1110 *
1111 * 2) during session teardown, if the OPERATIONAL bit
1112 * was cleared due to the teardown but the pointer
1113 * hasn't been assigned NULL yet (or we loaded it
1114 * before it was assigned) -- in this case it may
1115 * now be NULL which means we should just let the
1116 * packet pass through because splicing the frames
1117 * back is already done.
1118 */
1119 tid_tx = tx->sta->ampdu_mlme.tid_tx[tid];
1120
1121 if (!tid_tx) {
1122 /* do nothing, let packet pass through */
1123 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1124 info->flags |= IEEE80211_TX_CTL_AMPDU;
1125 } else {
1126 queued = true;
1127 info->control.vif = &tx->sdata->vif;
1128 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1129 __skb_queue_tail(&tid_tx->pending, skb);
1130 }
1131 spin_unlock(&tx->sta->lock);
1132 }
1133
1134 return queued;
1135}
1136
1095/* 1137/*
1096 * initialises @tx 1138 * initialises @tx
1097 */ 1139 */
@@ -1104,8 +1146,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1104 struct ieee80211_hdr *hdr; 1146 struct ieee80211_hdr *hdr;
1105 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1147 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1106 int hdrlen, tid; 1148 int hdrlen, tid;
1107 u8 *qc, *state; 1149 u8 *qc;
1108 bool queued = false;
1109 1150
1110 memset(tx, 0, sizeof(*tx)); 1151 memset(tx, 0, sizeof(*tx));
1111 tx->skb = skb; 1152 tx->skb = skb;
@@ -1157,35 +1198,16 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1157 qc = ieee80211_get_qos_ctl(hdr); 1198 qc = ieee80211_get_qos_ctl(hdr);
1158 tid = *qc & IEEE80211_QOS_CTL_TID_MASK; 1199 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
1159 1200
1160 spin_lock(&tx->sta->lock); 1201 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1161 /* 1202 if (tid_tx) {
1162 * XXX: This spinlock could be fairly expensive, but see the 1203 bool queued;
1163 * comment in agg-tx.c:ieee80211_agg_tx_operational().
1164 * One way to solve this would be to do something RCU-like
1165 * for managing the tid_tx struct and using atomic bitops
1166 * for the actual state -- by introducing an actual
1167 * 'operational' bit that would be possible. It would
1168 * require changing ieee80211_agg_tx_operational() to
1169 * set that bit, and changing the way tid_tx is managed
1170 * everywhere, including races between that bit and
1171 * tid_tx going away (tid_tx being added can be easily
1172 * committed to memory before the 'operational' bit).
1173 */
1174 tid_tx = tx->sta->ampdu_mlme.tid_tx[tid];
1175 state = &tx->sta->ampdu_mlme.tid_state_tx[tid];
1176 if (*state == HT_AGG_STATE_OPERATIONAL) {
1177 info->flags |= IEEE80211_TX_CTL_AMPDU;
1178 } else if (*state != HT_AGG_STATE_IDLE) {
1179 /* in progress */
1180 queued = true;
1181 info->control.vif = &sdata->vif;
1182 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1183 __skb_queue_tail(&tid_tx->pending, skb);
1184 }
1185 spin_unlock(&tx->sta->lock);
1186 1204
1187 if (unlikely(queued)) 1205 queued = ieee80211_tx_prep_agg(tx, skb, info,
1188 return TX_QUEUED; 1206 tid_tx, tid);
1207
1208 if (unlikely(queued))
1209 return TX_QUEUED;
1210 }
1189 } 1211 }
1190 1212
1191 if (is_multicast_ether_addr(hdr->addr1)) { 1213 if (is_multicast_ether_addr(hdr->addr1)) {
@@ -1274,6 +1296,11 @@ static int __ieee80211_tx(struct ieee80211_local *local,
1274 break; 1296 break;
1275 } 1297 }
1276 1298
1299 if (sta && sta->uploaded)
1300 info->control.sta = &sta->sta;
1301 else
1302 info->control.sta = NULL;
1303
1277 ret = drv_tx(local, skb); 1304 ret = drv_tx(local, skb);
1278 if (WARN_ON(ret != NETDEV_TX_OK && skb->len != len)) { 1305 if (WARN_ON(ret != NETDEV_TX_OK && skb->len != len)) {
1279 dev_kfree_skb(skb); 1306 dev_kfree_skb(skb);
@@ -1313,7 +1340,6 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1313 CALL_TXH(ieee80211_tx_h_check_assoc); 1340 CALL_TXH(ieee80211_tx_h_check_assoc);
1314 CALL_TXH(ieee80211_tx_h_ps_buf); 1341 CALL_TXH(ieee80211_tx_h_ps_buf);
1315 CALL_TXH(ieee80211_tx_h_select_key); 1342 CALL_TXH(ieee80211_tx_h_select_key);
1316 CALL_TXH(ieee80211_tx_h_sta);
1317 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)) 1343 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1318 CALL_TXH(ieee80211_tx_h_rate_ctrl); 1344 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1319 1345
@@ -1909,11 +1935,13 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1909 h_pos += encaps_len; 1935 h_pos += encaps_len;
1910 } 1936 }
1911 1937
1938#ifdef CONFIG_MAC80211_MESH
1912 if (meshhdrlen > 0) { 1939 if (meshhdrlen > 0) {
1913 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen); 1940 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
1914 nh_pos += meshhdrlen; 1941 nh_pos += meshhdrlen;
1915 h_pos += meshhdrlen; 1942 h_pos += meshhdrlen;
1916 } 1943 }
1944#endif
1917 1945
1918 if (ieee80211_is_data_qos(fc)) { 1946 if (ieee80211_is_data_qos(fc)) {
1919 __le16 *qos_control; 1947 __le16 *qos_control;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 5b79d552780a..748387d45bc0 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -803,8 +803,12 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
803 803
804 /* after reinitialize QoS TX queues setting to default, 804 /* after reinitialize QoS TX queues setting to default,
805 * disable QoS at all */ 805 * disable QoS at all */
806 local->hw.conf.flags &= ~IEEE80211_CONF_QOS; 806
807 drv_config(local, IEEE80211_CONF_CHANGE_QOS); 807 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) {
808 sdata->vif.bss_conf.qos =
809 sdata->vif.type != NL80211_IFTYPE_STATION;
810 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_QOS);
811 }
808} 812}
809 813
810void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, 814void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
@@ -1138,18 +1142,6 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1138 } 1142 }
1139 mutex_unlock(&local->sta_mtx); 1143 mutex_unlock(&local->sta_mtx);
1140 1144
1141 /* Clear Suspend state so that ADDBA requests can be processed */
1142
1143 rcu_read_lock();
1144
1145 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
1146 list_for_each_entry_rcu(sta, &local->sta_list, list) {
1147 clear_sta_flags(sta, WLAN_STA_BLOCK_BA);
1148 }
1149 }
1150
1151 rcu_read_unlock();
1152
1153 /* setup RTS threshold */ 1145 /* setup RTS threshold */
1154 drv_set_rts_threshold(local, hw->wiphy->rts_threshold); 1146 drv_set_rts_threshold(local, hw->wiphy->rts_threshold);
1155 1147
@@ -1173,7 +1165,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1173 BSS_CHANGED_BASIC_RATES | 1165 BSS_CHANGED_BASIC_RATES |
1174 BSS_CHANGED_BEACON_INT | 1166 BSS_CHANGED_BEACON_INT |
1175 BSS_CHANGED_BSSID | 1167 BSS_CHANGED_BSSID |
1176 BSS_CHANGED_CQM; 1168 BSS_CHANGED_CQM |
1169 BSS_CHANGED_QOS;
1177 1170
1178 switch (sdata->vif.type) { 1171 switch (sdata->vif.type) {
1179 case NL80211_IFTYPE_STATION: 1172 case NL80211_IFTYPE_STATION:
@@ -1202,13 +1195,26 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1202 } 1195 }
1203 } 1196 }
1204 1197
1205 rcu_read_lock(); 1198 /*
1199 * Clear the WLAN_STA_BLOCK_BA flag so new aggregation
1200 * sessions can be established after a resume.
1201 *
1202 * Also tear down aggregation sessions since reconfiguring
1203 * them in a hardware restart scenario is not easily done
1204 * right now, and the hardware will have lost information
1205 * about the sessions, but we and the AP still think they
1206 * are active. This is really a workaround though.
1207 */
1206 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 1208 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
1207 list_for_each_entry_rcu(sta, &local->sta_list, list) { 1209 mutex_lock(&local->sta_mtx);
1210
1211 list_for_each_entry(sta, &local->sta_list, list) {
1208 ieee80211_sta_tear_down_BA_sessions(sta); 1212 ieee80211_sta_tear_down_BA_sessions(sta);
1213 clear_sta_flags(sta, WLAN_STA_BLOCK_BA);
1209 } 1214 }
1215
1216 mutex_unlock(&local->sta_mtx);
1210 } 1217 }
1211 rcu_read_unlock();
1212 1218
1213 /* add back keys */ 1219 /* add back keys */
1214 list_for_each_entry(sdata, &local->interfaces, list) 1220 list_for_each_entry(sdata, &local->interfaces, list)
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 5f3a4113bda1..9ebc8d8a1f5b 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -32,13 +32,16 @@ int ieee80211_wep_init(struct ieee80211_local *local)
32 32
33 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 33 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
34 CRYPTO_ALG_ASYNC); 34 CRYPTO_ALG_ASYNC);
35 if (IS_ERR(local->wep_tx_tfm)) 35 if (IS_ERR(local->wep_tx_tfm)) {
36 local->wep_rx_tfm = ERR_PTR(-EINVAL);
36 return PTR_ERR(local->wep_tx_tfm); 37 return PTR_ERR(local->wep_tx_tfm);
38 }
37 39
38 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 40 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0,
39 CRYPTO_ALG_ASYNC); 41 CRYPTO_ALG_ASYNC);
40 if (IS_ERR(local->wep_rx_tfm)) { 42 if (IS_ERR(local->wep_rx_tfm)) {
41 crypto_free_blkcipher(local->wep_tx_tfm); 43 crypto_free_blkcipher(local->wep_tx_tfm);
44 local->wep_tx_tfm = ERR_PTR(-EINVAL);
42 return PTR_ERR(local->wep_rx_tfm); 45 return PTR_ERR(local->wep_rx_tfm);
43 } 46 }
44 47
@@ -47,8 +50,10 @@ int ieee80211_wep_init(struct ieee80211_local *local)
47 50
48void ieee80211_wep_free(struct ieee80211_local *local) 51void ieee80211_wep_free(struct ieee80211_local *local)
49{ 52{
50 crypto_free_blkcipher(local->wep_tx_tfm); 53 if (!IS_ERR(local->wep_tx_tfm))
51 crypto_free_blkcipher(local->wep_rx_tfm); 54 crypto_free_blkcipher(local->wep_tx_tfm);
55 if (!IS_ERR(local->wep_rx_tfm))
56 crypto_free_blkcipher(local->wep_rx_tfm);
52} 57}
53 58
54static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen) 59static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen)
@@ -122,19 +127,24 @@ static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
122/* Perform WEP encryption using given key. data buffer must have tailroom 127/* Perform WEP encryption using given key. data buffer must have tailroom
123 * for 4-byte ICV. data_len must not include this ICV. Note: this function 128 * for 4-byte ICV. data_len must not include this ICV. Note: this function
124 * does _not_ add IV. data = RC4(data | CRC32(data)) */ 129 * does _not_ add IV. data = RC4(data | CRC32(data)) */
125void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 130int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
126 size_t klen, u8 *data, size_t data_len) 131 size_t klen, u8 *data, size_t data_len)
127{ 132{
128 struct blkcipher_desc desc = { .tfm = tfm }; 133 struct blkcipher_desc desc = { .tfm = tfm };
129 struct scatterlist sg; 134 struct scatterlist sg;
130 __le32 icv; 135 __le32 icv;
131 136
137 if (IS_ERR(tfm))
138 return -1;
139
132 icv = cpu_to_le32(~crc32_le(~0, data, data_len)); 140 icv = cpu_to_le32(~crc32_le(~0, data, data_len));
133 put_unaligned(icv, (__le32 *)(data + data_len)); 141 put_unaligned(icv, (__le32 *)(data + data_len));
134 142
135 crypto_blkcipher_setkey(tfm, rc4key, klen); 143 crypto_blkcipher_setkey(tfm, rc4key, klen);
136 sg_init_one(&sg, data, data_len + WEP_ICV_LEN); 144 sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
137 crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length); 145 crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length);
146
147 return 0;
138} 148}
139 149
140 150
@@ -168,10 +178,8 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local,
168 /* Add room for ICV */ 178 /* Add room for ICV */
169 skb_put(skb, WEP_ICV_LEN); 179 skb_put(skb, WEP_ICV_LEN);
170 180
171 ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, keylen + 3, 181 return ieee80211_wep_encrypt_data(local->wep_tx_tfm, rc4key, keylen + 3,
172 iv + WEP_IV_LEN, len); 182 iv + WEP_IV_LEN, len);
173
174 return 0;
175} 183}
176 184
177 185
@@ -185,6 +193,9 @@ int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
185 struct scatterlist sg; 193 struct scatterlist sg;
186 __le32 crc; 194 __le32 crc;
187 195
196 if (IS_ERR(tfm))
197 return -1;
198
188 crypto_blkcipher_setkey(tfm, rc4key, klen); 199 crypto_blkcipher_setkey(tfm, rc4key, klen);
189 sg_init_one(&sg, data, data_len + WEP_ICV_LEN); 200 sg_init_one(&sg, data, data_len + WEP_ICV_LEN);
190 crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length); 201 crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length);
diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h
index fe29d7e5759f..58654ee33518 100644
--- a/net/mac80211/wep.h
+++ b/net/mac80211/wep.h
@@ -18,7 +18,7 @@
18 18
19int ieee80211_wep_init(struct ieee80211_local *local); 19int ieee80211_wep_init(struct ieee80211_local *local);
20void ieee80211_wep_free(struct ieee80211_local *local); 20void ieee80211_wep_free(struct ieee80211_local *local);
21void ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 21int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
22 size_t klen, u8 *data, size_t data_len); 22 size_t klen, u8 *data, size_t data_len);
23int ieee80211_wep_encrypt(struct ieee80211_local *local, 23int ieee80211_wep_encrypt(struct ieee80211_local *local,
24 struct sk_buff *skb, 24 struct sk_buff *skb,
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index b025dc7bb0fd..81d4ad64184a 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -560,6 +560,22 @@ ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
560 return WORK_ACT_TIMEOUT; 560 return WORK_ACT_TIMEOUT;
561} 561}
562 562
563static enum work_action __must_check
564ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
565{
566 if (wk->started)
567 return WORK_ACT_TIMEOUT;
568
569 /*
570 * Wait up to one beacon interval ...
571 * should this be more if we miss one?
572 */
573 printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
574 wk->sdata->name, wk->filter_ta);
575 wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
576 return WORK_ACT_NONE;
577}
578
563static void ieee80211_auth_challenge(struct ieee80211_work *wk, 579static void ieee80211_auth_challenge(struct ieee80211_work *wk,
564 struct ieee80211_mgmt *mgmt, 580 struct ieee80211_mgmt *mgmt,
565 size_t len) 581 size_t len)
@@ -709,6 +725,25 @@ ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
709 return WORK_ACT_DONE; 725 return WORK_ACT_DONE;
710} 726}
711 727
728static enum work_action __must_check
729ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
730 struct ieee80211_mgmt *mgmt, size_t len)
731{
732 struct ieee80211_sub_if_data *sdata = wk->sdata;
733 struct ieee80211_local *local = sdata->local;
734
735 ASSERT_WORK_MTX(local);
736
737 if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
738 return WORK_ACT_MISMATCH;
739
740 if (len < 24 + 12)
741 return WORK_ACT_NONE;
742
743 printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
744 return WORK_ACT_DONE;
745}
746
712static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local, 747static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
713 struct sk_buff *skb) 748 struct sk_buff *skb)
714{ 749{
@@ -731,6 +766,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
731 case IEEE80211_WORK_DIRECT_PROBE: 766 case IEEE80211_WORK_DIRECT_PROBE:
732 case IEEE80211_WORK_AUTH: 767 case IEEE80211_WORK_AUTH:
733 case IEEE80211_WORK_ASSOC: 768 case IEEE80211_WORK_ASSOC:
769 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
734 bssid = wk->filter_ta; 770 bssid = wk->filter_ta;
735 break; 771 break;
736 default: 772 default:
@@ -745,6 +781,9 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
745 continue; 781 continue;
746 782
747 switch (fc & IEEE80211_FCTL_STYPE) { 783 switch (fc & IEEE80211_FCTL_STYPE) {
784 case IEEE80211_STYPE_BEACON:
785 rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
786 break;
748 case IEEE80211_STYPE_PROBE_RESP: 787 case IEEE80211_STYPE_PROBE_RESP:
749 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len, 788 rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
750 rx_status); 789 rx_status);
@@ -840,7 +879,7 @@ static void ieee80211_work_work(struct work_struct *work)
840 879
841 /* 880 /*
842 * ieee80211_queue_work() should have picked up most cases, 881 * ieee80211_queue_work() should have picked up most cases,
843 * here we'll pick the the rest. 882 * here we'll pick the rest.
844 */ 883 */
845 if (WARN(local->suspended, "work scheduled while going to suspend\n")) 884 if (WARN(local->suspended, "work scheduled while going to suspend\n"))
846 return; 885 return;
@@ -916,6 +955,9 @@ static void ieee80211_work_work(struct work_struct *work)
916 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 955 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
917 rma = ieee80211_remain_on_channel_timeout(wk); 956 rma = ieee80211_remain_on_channel_timeout(wk);
918 break; 957 break;
958 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
959 rma = ieee80211_assoc_beacon_wait(wk);
960 break;
919 } 961 }
920 962
921 wk->started = started; 963 wk->started = started;
@@ -1065,6 +1107,7 @@ ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1065 case IEEE80211_STYPE_PROBE_RESP: 1107 case IEEE80211_STYPE_PROBE_RESP:
1066 case IEEE80211_STYPE_ASSOC_RESP: 1108 case IEEE80211_STYPE_ASSOC_RESP:
1067 case IEEE80211_STYPE_REASSOC_RESP: 1109 case IEEE80211_STYPE_REASSOC_RESP:
1110 case IEEE80211_STYPE_BEACON:
1068 skb_queue_tail(&local->work_skb_queue, skb); 1111 skb_queue_tail(&local->work_skb_queue, skb);
1069 ieee80211_queue_work(&local->hw, &local->work_work); 1112 ieee80211_queue_work(&local->hw, &local->work_work);
1070 return RX_QUEUED; 1113 return RX_QUEUED;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 0adbcc941ac9..8d59d27d887e 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -183,9 +183,8 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
183 skb_put(skb, TKIP_ICV_LEN); 183 skb_put(skb, TKIP_ICV_LEN);
184 184
185 hdr = (struct ieee80211_hdr *) skb->data; 185 hdr = (struct ieee80211_hdr *) skb->data;
186 ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm, 186 return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
187 key, pos, len, hdr->addr2); 187 key, pos, len, hdr->addr2);
188 return 0;
189} 188}
190 189
191 190
@@ -436,6 +435,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
436 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 435 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
437 u8 pn[CCMP_PN_LEN]; 436 u8 pn[CCMP_PN_LEN];
438 int data_len; 437 int data_len;
438 int queue;
439 439
440 hdrlen = ieee80211_hdrlen(hdr->frame_control); 440 hdrlen = ieee80211_hdrlen(hdr->frame_control);
441 441
@@ -453,7 +453,10 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
453 453
454 ccmp_hdr2pn(pn, skb->data + hdrlen); 454 ccmp_hdr2pn(pn, skb->data + hdrlen);
455 455
456 if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) { 456 queue = ieee80211_is_mgmt(hdr->frame_control) ?
457 NUM_RX_DATA_QUEUES : rx->queue;
458
459 if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
457 key->u.ccmp.replays++; 460 key->u.ccmp.replays++;
458 return RX_DROP_UNUSABLE; 461 return RX_DROP_UNUSABLE;
459 } 462 }
@@ -470,7 +473,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
470 return RX_DROP_UNUSABLE; 473 return RX_DROP_UNUSABLE;
471 } 474 }
472 475
473 memcpy(key->u.ccmp.rx_pn[rx->queue], pn, CCMP_PN_LEN); 476 memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
474 477
475 /* Remove CCMP header and MIC */ 478 /* Remove CCMP header and MIC */
476 skb_trim(skb, skb->len - CCMP_MIC_LEN); 479 skb_trim(skb, skb->len - CCMP_MIC_LEN);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-26 06:16:25 -0500