aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2010-05-21 00:04:44 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2010-05-21 00:04:44 -0400
commitf8965467f366fd18f01feafb5db10512d7b4422c (patch)
tree3706a9cd779859271ca61b85c63a1bc3f82d626e /net/mac80211
parenta26272e5200765691e67d6780e52b32498fdb659 (diff)
parent2ec8c6bb5d8f3a62a79f463525054bae1e3d4487 (diff)
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1674 commits) qlcnic: adding co maintainer ixgbe: add support for active DA cables ixgbe: dcb, do not tag tc_prio_control frames ixgbe: fix ixgbe_tx_is_paused logic ixgbe: always enable vlan strip/insert when DCB is enabled ixgbe: remove some redundant code in setting FCoE FIP filter ixgbe: fix wrong offset to fc_frame_header in ixgbe_fcoe_ddp ixgbe: fix header len when unsplit packet overflows to data buffer ipv6: Never schedule DAD timer on dead address ipv6: Use POSTDAD state ipv6: Use state_lock to protect ifa state ipv6: Replace inet6_ifaddr->dead with state cxgb4: notify upper drivers if the device is already up when they load cxgb4: keep interrupts available when the ports are brought down cxgb4: fix initial addition of MAC address cnic: Return SPQ credit to bnx2x after ring setup and shutdown. cnic: Convert cnic_local_flags to atomic ops. can: Fix SJA1000 command register writes on SMP systems bridge: fix build for CONFIG_SYSFS disabled ARCNET: Limit com20020 PCI ID matches for SOHARD cards ... Fix up various conflicts with pcmcia tree drivers/net/ {pcmcia/3c589_cs.c, wireless/orinoco/orinoco_cs.c and wireless/orinoco/spectrum_cs.c} and feature removal (Documentation/feature-removal-schedule.txt). Also fix a non-content conflict due to pm_qos_requirement getting renamed in the PM tree (now pm_qos_request) in net/mac80211/scan.c
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig17
-rw-r--r--net/mac80211/Makefile3
-rw-r--r--net/mac80211/agg-rx.c80
-rw-r--r--net/mac80211/agg-tx.c16
-rw-r--r--net/mac80211/cfg.c122
-rw-r--r--net/mac80211/chan.c127
-rw-r--r--net/mac80211/debugfs.h1
-rw-r--r--net/mac80211/debugfs_netdev.c12
-rw-r--r--net/mac80211/debugfs_sta.c79
-rw-r--r--net/mac80211/driver-ops.h33
-rw-r--r--net/mac80211/driver-trace.h333
-rw-r--r--net/mac80211/ht.c3
-rw-r--r--net/mac80211/ibss.c46
-rw-r--r--net/mac80211/ieee80211_i.h51
-rw-r--r--net/mac80211/iface.c124
-rw-r--r--net/mac80211/key.c1
-rw-r--r--net/mac80211/main.c28
-rw-r--r--net/mac80211/mesh.c6
-rw-r--r--net/mac80211/mesh.h2
-rw-r--r--net/mac80211/mesh_hwmp.c5
-rw-r--r--net/mac80211/mesh_plink.c2
-rw-r--r--net/mac80211/mlme.c310
-rw-r--r--net/mac80211/pm.c2
-rw-r--r--net/mac80211/rc80211_minstrel.c2
-rw-r--r--net/mac80211/rc80211_minstrel.h11
-rw-r--r--net/mac80211/rc80211_minstrel_debugfs.c41
-rw-r--r--net/mac80211/rx.c108
-rw-r--r--net/mac80211/scan.c126
-rw-r--r--net/mac80211/sta_info.c105
-rw-r--r--net/mac80211/sta_info.h12
-rw-r--r--net/mac80211/status.c21
-rw-r--r--net/mac80211/tx.c26
-rw-r--r--net/mac80211/util.c36
-rw-r--r--net/mac80211/work.c62
34 files changed, 1568 insertions, 385 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index a952b7f8c648..8a91f6c0bb18 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -15,8 +15,12 @@ comment "CFG80211 needs to be enabled for MAC80211"
15 15
16if MAC80211 != n 16if MAC80211 != n
17 17
18config MAC80211_HAS_RC
19 def_bool n
20
18config MAC80211_RC_PID 21config MAC80211_RC_PID
19 bool "PID controller based rate control algorithm" if EMBEDDED 22 bool "PID controller based rate control algorithm" if EMBEDDED
23 select MAC80211_HAS_RC
20 ---help--- 24 ---help---
21 This option enables a TX rate control algorithm for 25 This option enables a TX rate control algorithm for
22 mac80211 that uses a PID controller to select the TX 26 mac80211 that uses a PID controller to select the TX
@@ -24,12 +28,14 @@ config MAC80211_RC_PID
24 28
25config MAC80211_RC_MINSTREL 29config MAC80211_RC_MINSTREL
26 bool "Minstrel" if EMBEDDED 30 bool "Minstrel" if EMBEDDED
31 select MAC80211_HAS_RC
27 default y 32 default y
28 ---help--- 33 ---help---
29 This option enables the 'minstrel' TX rate control algorithm 34 This option enables the 'minstrel' TX rate control algorithm
30 35
31choice 36choice
32 prompt "Default rate control algorithm" 37 prompt "Default rate control algorithm"
38 depends on MAC80211_HAS_RC
33 default MAC80211_RC_DEFAULT_MINSTREL 39 default MAC80211_RC_DEFAULT_MINSTREL
34 ---help--- 40 ---help---
35 This option selects the default rate control algorithm 41 This option selects the default rate control algorithm
@@ -62,6 +68,9 @@ config MAC80211_RC_DEFAULT
62 68
63endif 69endif
64 70
71comment "Some wireless drivers require a rate control algorithm"
72 depends on MAC80211_HAS_RC=n
73
65config MAC80211_MESH 74config MAC80211_MESH
66 bool "Enable mac80211 mesh networking (pre-802.11s) support" 75 bool "Enable mac80211 mesh networking (pre-802.11s) support"
67 depends on MAC80211 && EXPERIMENTAL 76 depends on MAC80211 && EXPERIMENTAL
@@ -212,8 +221,8 @@ config MAC80211_DRIVER_API_TRACER
212 depends on EVENT_TRACING 221 depends on EVENT_TRACING
213 help 222 help
214 Say Y here to make mac80211 register with the ftrace 223 Say Y here to make mac80211 register with the ftrace
215 framework for the driver API -- you can see which 224 framework for the driver API -- you can then see which
216 driver methods it is calling then by looking at the 225 driver methods it is calling and which API functions
217 trace. 226 drivers are calling by looking at the trace.
218 227
219 If unsure, say N. 228 If unsure, say Y.
diff --git a/net/mac80211/Makefile b/net/mac80211/Makefile
index 04420291e7ad..84b48ba8a77e 100644
--- a/net/mac80211/Makefile
+++ b/net/mac80211/Makefile
@@ -23,7 +23,8 @@ mac80211-y := \
23 key.o \ 23 key.o \
24 util.o \ 24 util.o \
25 wme.o \ 25 wme.o \
26 event.o 26 event.o \
27 chan.o
27 28
28mac80211-$(CONFIG_MAC80211_LEDS) += led.o 29mac80211-$(CONFIG_MAC80211_LEDS) += led.o
29mac80211-$(CONFIG_MAC80211_DEBUGFS) += \ 30mac80211-$(CONFIG_MAC80211_DEBUGFS) += \
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index f9516a27e233..6bb9a9a94960 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -19,23 +19,25 @@
19#include "ieee80211_i.h" 19#include "ieee80211_i.h"
20#include "driver-ops.h" 20#include "driver-ops.h"
21 21
22void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 22static void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
23 u16 initiator, u16 reason) 23 u16 initiator, u16 reason,
24 bool from_timer)
24{ 25{
25 struct ieee80211_local *local = sta->local; 26 struct ieee80211_local *local = sta->local;
27 struct tid_ampdu_rx *tid_rx;
26 int i; 28 int i;
27 29
28 /* check if TID is in operational state */
29 spin_lock_bh(&sta->lock); 30 spin_lock_bh(&sta->lock);
30 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL) { 31
32 /* check if TID is in operational state */
33 if (!sta->ampdu_mlme.tid_active_rx[tid]) {
31 spin_unlock_bh(&sta->lock); 34 spin_unlock_bh(&sta->lock);
32 return; 35 return;
33 } 36 }
34 37
35 sta->ampdu_mlme.tid_state_rx[tid] = 38 sta->ampdu_mlme.tid_active_rx[tid] = false;
36 HT_AGG_STATE_REQ_STOP_BA_MSK | 39
37 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 40 tid_rx = sta->ampdu_mlme.tid_rx[tid];
38 spin_unlock_bh(&sta->lock);
39 41
40#ifdef CONFIG_MAC80211_HT_DEBUG 42#ifdef CONFIG_MAC80211_HT_DEBUG
41 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n", 43 printk(KERN_DEBUG "Rx BA session stop requested for %pM tid %u\n",
@@ -47,61 +49,42 @@ void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
47 printk(KERN_DEBUG "HW problem - can not stop rx " 49 printk(KERN_DEBUG "HW problem - can not stop rx "
48 "aggregation for tid %d\n", tid); 50 "aggregation for tid %d\n", tid);
49 51
50 /* shutdown timer has not expired */
51 if (initiator != WLAN_BACK_TIMER)
52 del_timer_sync(&sta->ampdu_mlme.tid_rx[tid]->session_timer);
53
54 /* check if this is a self generated aggregation halt */ 52 /* check if this is a self generated aggregation halt */
55 if (initiator == WLAN_BACK_RECIPIENT || initiator == WLAN_BACK_TIMER) 53 if (initiator == WLAN_BACK_RECIPIENT)
56 ieee80211_send_delba(sta->sdata, sta->sta.addr, 54 ieee80211_send_delba(sta->sdata, sta->sta.addr,
57 tid, 0, reason); 55 tid, 0, reason);
58 56
59 /* free the reordering buffer */ 57 /* free the reordering buffer */
60 for (i = 0; i < sta->ampdu_mlme.tid_rx[tid]->buf_size; i++) { 58 for (i = 0; i < tid_rx->buf_size; i++) {
61 if (sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]) { 59 if (tid_rx->reorder_buf[i]) {
62 /* release the reordered frames */ 60 /* release the reordered frames */
63 dev_kfree_skb(sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i]); 61 dev_kfree_skb(tid_rx->reorder_buf[i]);
64 sta->ampdu_mlme.tid_rx[tid]->stored_mpdu_num--; 62 tid_rx->stored_mpdu_num--;
65 sta->ampdu_mlme.tid_rx[tid]->reorder_buf[i] = NULL; 63 tid_rx->reorder_buf[i] = NULL;
66 } 64 }
67 } 65 }
68 66
69 spin_lock_bh(&sta->lock);
70 /* free resources */ 67 /* free resources */
71 kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_buf); 68 kfree(tid_rx->reorder_buf);
72 kfree(sta->ampdu_mlme.tid_rx[tid]->reorder_time); 69 kfree(tid_rx->reorder_time);
73 70 sta->ampdu_mlme.tid_rx[tid] = NULL;
74 if (!sta->ampdu_mlme.tid_rx[tid]->shutdown) {
75 kfree(sta->ampdu_mlme.tid_rx[tid]);
76 sta->ampdu_mlme.tid_rx[tid] = NULL;
77 }
78 71
79 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_IDLE;
80 spin_unlock_bh(&sta->lock); 72 spin_unlock_bh(&sta->lock);
73
74 if (!from_timer)
75 del_timer_sync(&tid_rx->session_timer);
76 kfree(tid_rx);
81} 77}
82 78
83void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, 79void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
84 u16 initiator, u16 reason) 80 u16 initiator, u16 reason)
85{ 81{
86 struct sta_info *sta; 82 ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, false);
87
88 rcu_read_lock();
89
90 sta = sta_info_get(sdata, ra);
91 if (!sta) {
92 rcu_read_unlock();
93 return;
94 }
95
96 __ieee80211_stop_rx_ba_session(sta, tid, initiator, reason);
97
98 rcu_read_unlock();
99} 83}
100 84
101/* 85/*
102 * After accepting the AddBA Request we activated a timer, 86 * After accepting the AddBA Request we activated a timer,
103 * resetting it after each frame that arrives from the originator. 87 * resetting it after each frame that arrives from the originator.
104 * if this timer expires ieee80211_sta_stop_rx_ba_session will be executed.
105 */ 88 */
106static void sta_rx_agg_session_timer_expired(unsigned long data) 89static void sta_rx_agg_session_timer_expired(unsigned long data)
107{ 90{
@@ -117,9 +100,8 @@ static void sta_rx_agg_session_timer_expired(unsigned long data)
117#ifdef CONFIG_MAC80211_HT_DEBUG 100#ifdef CONFIG_MAC80211_HT_DEBUG
118 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid); 101 printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
119#endif 102#endif
120 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr, 103 ___ieee80211_stop_rx_ba_session(sta, *ptid, WLAN_BACK_RECIPIENT,
121 (u16)*ptid, WLAN_BACK_TIMER, 104 WLAN_REASON_QSTA_TIMEOUT, true);
122 WLAN_REASON_QSTA_TIMEOUT);
123} 105}
124 106
125static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid, 107static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
@@ -194,7 +176,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
194 176
195 status = WLAN_STATUS_REQUEST_DECLINED; 177 status = WLAN_STATUS_REQUEST_DECLINED;
196 178
197 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) { 179 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) {
198#ifdef CONFIG_MAC80211_HT_DEBUG 180#ifdef CONFIG_MAC80211_HT_DEBUG
199 printk(KERN_DEBUG "Suspend in progress. " 181 printk(KERN_DEBUG "Suspend in progress. "
200 "Denying ADDBA request\n"); 182 "Denying ADDBA request\n");
@@ -232,7 +214,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
232 /* examine state machine */ 214 /* examine state machine */
233 spin_lock_bh(&sta->lock); 215 spin_lock_bh(&sta->lock);
234 216
235 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_IDLE) { 217 if (sta->ampdu_mlme.tid_active_rx[tid]) {
236#ifdef CONFIG_MAC80211_HT_DEBUG 218#ifdef CONFIG_MAC80211_HT_DEBUG
237 if (net_ratelimit()) 219 if (net_ratelimit())
238 printk(KERN_DEBUG "unexpected AddBA Req from " 220 printk(KERN_DEBUG "unexpected AddBA Req from "
@@ -294,7 +276,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
294 } 276 }
295 277
296 /* change state and send addba resp */ 278 /* change state and send addba resp */
297 sta->ampdu_mlme.tid_state_rx[tid] = HT_AGG_STATE_OPERATIONAL; 279 sta->ampdu_mlme.tid_active_rx[tid] = true;
298 tid_agg_rx->dialog_token = dialog_token; 280 tid_agg_rx->dialog_token = dialog_token;
299 tid_agg_rx->ssn = start_seq_num; 281 tid_agg_rx->ssn = start_seq_num;
300 tid_agg_rx->head_seq_num = start_seq_num; 282 tid_agg_rx->head_seq_num = start_seq_num;
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 87782a4bb541..c163d0a149f4 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -186,7 +186,7 @@ static void sta_addba_resp_timer_expired(unsigned long data)
186 spin_unlock_bh(&sta->lock); 186 spin_unlock_bh(&sta->lock);
187#ifdef CONFIG_MAC80211_HT_DEBUG 187#ifdef CONFIG_MAC80211_HT_DEBUG
188 printk(KERN_DEBUG "timer expired on tid %d but we are not " 188 printk(KERN_DEBUG "timer expired on tid %d but we are not "
189 "(or no longer) expecting addBA response there", 189 "(or no longer) expecting addBA response there\n",
190 tid); 190 tid);
191#endif 191#endif
192 return; 192 return;
@@ -214,6 +214,8 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
214 int ret = 0; 214 int ret = 0;
215 u16 start_seq_num; 215 u16 start_seq_num;
216 216
217 trace_api_start_tx_ba_session(pubsta, tid);
218
217 if (WARN_ON(!local->ops->ampdu_action)) 219 if (WARN_ON(!local->ops->ampdu_action))
218 return -EINVAL; 220 return -EINVAL;
219 221
@@ -245,7 +247,7 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
245 return -EINVAL; 247 return -EINVAL;
246 } 248 }
247 249
248 if (test_sta_flags(sta, WLAN_STA_SUSPEND)) { 250 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) {
249#ifdef CONFIG_MAC80211_HT_DEBUG 251#ifdef CONFIG_MAC80211_HT_DEBUG
250 printk(KERN_DEBUG "Suspend in progress. " 252 printk(KERN_DEBUG "Suspend in progress. "
251 "Denying BA session request\n"); 253 "Denying BA session request\n");
@@ -414,7 +416,7 @@ static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
414 struct sta_info *sta, u16 tid) 416 struct sta_info *sta, u16 tid)
415{ 417{
416#ifdef CONFIG_MAC80211_HT_DEBUG 418#ifdef CONFIG_MAC80211_HT_DEBUG
417 printk(KERN_DEBUG "Aggregation is on for tid %d \n", tid); 419 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid);
418#endif 420#endif
419 421
420 spin_lock(&local->ampdu_lock); 422 spin_lock(&local->ampdu_lock);
@@ -440,6 +442,8 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
440 struct sta_info *sta; 442 struct sta_info *sta;
441 u8 *state; 443 u8 *state;
442 444
445 trace_api_start_tx_ba_cb(sdata, ra, tid);
446
443 if (tid >= STA_TID_NUM) { 447 if (tid >= STA_TID_NUM) {
444#ifdef CONFIG_MAC80211_HT_DEBUG 448#ifdef CONFIG_MAC80211_HT_DEBUG
445 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 449 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
@@ -541,6 +545,8 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
541 struct ieee80211_sub_if_data *sdata = sta->sdata; 545 struct ieee80211_sub_if_data *sdata = sta->sdata;
542 struct ieee80211_local *local = sdata->local; 546 struct ieee80211_local *local = sdata->local;
543 547
548 trace_api_stop_tx_ba_session(pubsta, tid, initiator);
549
544 if (!local->ops->ampdu_action) 550 if (!local->ops->ampdu_action)
545 return -EINVAL; 551 return -EINVAL;
546 552
@@ -558,6 +564,8 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
558 struct sta_info *sta; 564 struct sta_info *sta;
559 u8 *state; 565 u8 *state;
560 566
567 trace_api_stop_tx_ba_cb(sdata, ra, tid);
568
561 if (tid >= STA_TID_NUM) { 569 if (tid >= STA_TID_NUM) {
562#ifdef CONFIG_MAC80211_HT_DEBUG 570#ifdef CONFIG_MAC80211_HT_DEBUG
563 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 571 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n",
@@ -674,7 +682,7 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
674 del_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 682 del_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer);
675 683
676#ifdef CONFIG_MAC80211_HT_DEBUG 684#ifdef CONFIG_MAC80211_HT_DEBUG
677 printk(KERN_DEBUG "switched off addBA timer for tid %d \n", tid); 685 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid);
678#endif /* CONFIG_MAC80211_HT_DEBUG */ 686#endif /* CONFIG_MAC80211_HT_DEBUG */
679 687
680 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 688 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index edc872e22c9b..c7000a6ca379 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -97,9 +97,6 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
97 params->mesh_id_len, 97 params->mesh_id_len,
98 params->mesh_id); 98 params->mesh_id);
99 99
100 if (sdata->vif.type != NL80211_IFTYPE_MONITOR || !flags)
101 return 0;
102
103 if (type == NL80211_IFTYPE_AP_VLAN && 100 if (type == NL80211_IFTYPE_AP_VLAN &&
104 params && params->use_4addr == 0) 101 params && params->use_4addr == 0)
105 rcu_assign_pointer(sdata->u.vlan.sta, NULL); 102 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
@@ -107,7 +104,9 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
107 params && params->use_4addr >= 0) 104 params && params->use_4addr >= 0)
108 sdata->u.mgd.use_4addr = params->use_4addr; 105 sdata->u.mgd.use_4addr = params->use_4addr;
109 106
110 sdata->u.mntr_flags = *flags; 107 if (sdata->vif.type == NL80211_IFTYPE_MONITOR && flags)
108 sdata->u.mntr_flags = *flags;
109
111 return 0; 110 return 0;
112} 111}
113 112
@@ -411,6 +410,17 @@ static int ieee80211_dump_station(struct wiphy *wiphy, struct net_device *dev,
411 return ret; 410 return ret;
412} 411}
413 412
413static int ieee80211_dump_survey(struct wiphy *wiphy, struct net_device *dev,
414 int idx, struct survey_info *survey)
415{
416 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
417
418 if (!local->ops->get_survey)
419 return -EOPNOTSUPP;
420
421 return drv_get_survey(local, idx, survey);
422}
423
414static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev, 424static int ieee80211_get_station(struct wiphy *wiphy, struct net_device *dev,
415 u8 *mac, struct station_info *sinfo) 425 u8 *mac, struct station_info *sinfo)
416{ 426{
@@ -1104,6 +1114,13 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1104 changed |= BSS_CHANGED_BASIC_RATES; 1114 changed |= BSS_CHANGED_BASIC_RATES;
1105 } 1115 }
1106 1116
1117 if (params->ap_isolate >= 0) {
1118 if (params->ap_isolate)
1119 sdata->flags |= IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
1120 else
1121 sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
1122 }
1123
1107 ieee80211_bss_info_change_notify(sdata, changed); 1124 ieee80211_bss_info_change_notify(sdata, changed);
1108 1125
1109 return 0; 1126 return 0;
@@ -1137,19 +1154,47 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1137 return -EINVAL; 1154 return -EINVAL;
1138 } 1155 }
1139 1156
1157 /* enable WMM or activate new settings */
1158 local->hw.conf.flags |= IEEE80211_CONF_QOS;
1159 drv_config(local, IEEE80211_CONF_CHANGE_QOS);
1160
1140 return 0; 1161 return 0;
1141} 1162}
1142 1163
1143static int ieee80211_set_channel(struct wiphy *wiphy, 1164static int ieee80211_set_channel(struct wiphy *wiphy,
1165 struct net_device *netdev,
1144 struct ieee80211_channel *chan, 1166 struct ieee80211_channel *chan,
1145 enum nl80211_channel_type channel_type) 1167 enum nl80211_channel_type channel_type)
1146{ 1168{
1147 struct ieee80211_local *local = wiphy_priv(wiphy); 1169 struct ieee80211_local *local = wiphy_priv(wiphy);
1170 struct ieee80211_sub_if_data *sdata = NULL;
1171
1172 if (netdev)
1173 sdata = IEEE80211_DEV_TO_SUB_IF(netdev);
1174
1175 switch (ieee80211_get_channel_mode(local, NULL)) {
1176 case CHAN_MODE_HOPPING:
1177 return -EBUSY;
1178 case CHAN_MODE_FIXED:
1179 if (local->oper_channel != chan)
1180 return -EBUSY;
1181 if (!sdata && local->_oper_channel_type == channel_type)
1182 return 0;
1183 break;
1184 case CHAN_MODE_UNDEFINED:
1185 break;
1186 }
1148 1187
1149 local->oper_channel = chan; 1188 local->oper_channel = chan;
1150 local->oper_channel_type = channel_type;
1151 1189
1152 return ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 1190 if (!ieee80211_set_channel_type(local, sdata, channel_type))
1191 return -EBUSY;
1192
1193 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1194 if (sdata && sdata->vif.type != NL80211_IFTYPE_MONITOR)
1195 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1196
1197 return 0;
1153} 1198}
1154 1199
1155#ifdef CONFIG_PM 1200#ifdef CONFIG_PM
@@ -1193,6 +1238,20 @@ static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
1193static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev, 1238static int ieee80211_assoc(struct wiphy *wiphy, struct net_device *dev,
1194 struct cfg80211_assoc_request *req) 1239 struct cfg80211_assoc_request *req)
1195{ 1240{
1241 struct ieee80211_local *local = wiphy_priv(wiphy);
1242 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1243
1244 switch (ieee80211_get_channel_mode(local, sdata)) {
1245 case CHAN_MODE_HOPPING:
1246 return -EBUSY;
1247 case CHAN_MODE_FIXED:
1248 if (local->oper_channel == req->bss->channel)
1249 break;
1250 return -EBUSY;
1251 case CHAN_MODE_UNDEFINED:
1252 break;
1253 }
1254
1196 return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req); 1255 return ieee80211_mgd_assoc(IEEE80211_DEV_TO_SUB_IF(dev), req);
1197} 1256}
1198 1257
@@ -1215,8 +1274,22 @@ static int ieee80211_disassoc(struct wiphy *wiphy, struct net_device *dev,
1215static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev, 1274static int ieee80211_join_ibss(struct wiphy *wiphy, struct net_device *dev,
1216 struct cfg80211_ibss_params *params) 1275 struct cfg80211_ibss_params *params)
1217{ 1276{
1277 struct ieee80211_local *local = wiphy_priv(wiphy);
1218 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1278 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1219 1279
1280 switch (ieee80211_get_channel_mode(local, sdata)) {
1281 case CHAN_MODE_HOPPING:
1282 return -EBUSY;
1283 case CHAN_MODE_FIXED:
1284 if (!params->channel_fixed)
1285 return -EBUSY;
1286 if (local->oper_channel == params->channel)
1287 break;
1288 return -EBUSY;
1289 case CHAN_MODE_UNDEFINED:
1290 break;
1291 }
1292
1220 return ieee80211_ibss_join(sdata, params); 1293 return ieee80211_ibss_join(sdata, params);
1221} 1294}
1222 1295
@@ -1345,7 +1418,7 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1345 * association, there's no need to send an action frame. 1418 * association, there's no need to send an action frame.
1346 */ 1419 */
1347 if (!sdata->u.mgd.associated || 1420 if (!sdata->u.mgd.associated ||
1348 sdata->local->oper_channel_type == NL80211_CHAN_NO_HT) { 1421 sdata->vif.bss_conf.channel_type == NL80211_CHAN_NO_HT) {
1349 mutex_lock(&sdata->local->iflist_mtx); 1422 mutex_lock(&sdata->local->iflist_mtx);
1350 ieee80211_recalc_smps(sdata->local, sdata); 1423 ieee80211_recalc_smps(sdata->local, sdata);
1351 mutex_unlock(&sdata->local->iflist_mtx); 1424 mutex_unlock(&sdata->local->iflist_mtx);
@@ -1384,11 +1457,11 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1384 return -EOPNOTSUPP; 1457 return -EOPNOTSUPP;
1385 1458
1386 if (enabled == sdata->u.mgd.powersave && 1459 if (enabled == sdata->u.mgd.powersave &&
1387 timeout == conf->dynamic_ps_timeout) 1460 timeout == conf->dynamic_ps_forced_timeout)
1388 return 0; 1461 return 0;
1389 1462
1390 sdata->u.mgd.powersave = enabled; 1463 sdata->u.mgd.powersave = enabled;
1391 conf->dynamic_ps_timeout = timeout; 1464 conf->dynamic_ps_forced_timeout = timeout;
1392 1465
1393 /* no change, but if automatic follow powersave */ 1466 /* no change, but if automatic follow powersave */
1394 mutex_lock(&sdata->u.mgd.mtx); 1467 mutex_lock(&sdata->u.mgd.mtx);
@@ -1403,6 +1476,35 @@ static int ieee80211_set_power_mgmt(struct wiphy *wiphy, struct net_device *dev,
1403 return 0; 1476 return 0;
1404} 1477}
1405 1478
1479static int ieee80211_set_cqm_rssi_config(struct wiphy *wiphy,
1480 struct net_device *dev,
1481 s32 rssi_thold, u32 rssi_hyst)
1482{
1483 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1484 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1485 struct ieee80211_vif *vif = &sdata->vif;
1486 struct ieee80211_bss_conf *bss_conf = &vif->bss_conf;
1487
1488 if (rssi_thold == bss_conf->cqm_rssi_thold &&
1489 rssi_hyst == bss_conf->cqm_rssi_hyst)
1490 return 0;
1491
1492 bss_conf->cqm_rssi_thold = rssi_thold;
1493 bss_conf->cqm_rssi_hyst = rssi_hyst;
1494
1495 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) {
1496 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1497 return -EOPNOTSUPP;
1498 return 0;
1499 }
1500
1501 /* tell the driver upon association, unless already associated */
1502 if (sdata->u.mgd.associated)
1503 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_CQM);
1504
1505 return 0;
1506}
1507
1406static int ieee80211_set_bitrate_mask(struct wiphy *wiphy, 1508static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1407 struct net_device *dev, 1509 struct net_device *dev,
1408 const u8 *addr, 1510 const u8 *addr,
@@ -1475,6 +1577,7 @@ struct cfg80211_ops mac80211_config_ops = {
1475 .change_station = ieee80211_change_station, 1577 .change_station = ieee80211_change_station,
1476 .get_station = ieee80211_get_station, 1578 .get_station = ieee80211_get_station,
1477 .dump_station = ieee80211_dump_station, 1579 .dump_station = ieee80211_dump_station,
1580 .dump_survey = ieee80211_dump_survey,
1478#ifdef CONFIG_MAC80211_MESH 1581#ifdef CONFIG_MAC80211_MESH
1479 .add_mpath = ieee80211_add_mpath, 1582 .add_mpath = ieee80211_add_mpath,
1480 .del_mpath = ieee80211_del_mpath, 1583 .del_mpath = ieee80211_del_mpath,
@@ -1507,4 +1610,5 @@ struct cfg80211_ops mac80211_config_ops = {
1507 .remain_on_channel = ieee80211_remain_on_channel, 1610 .remain_on_channel = ieee80211_remain_on_channel,
1508 .cancel_remain_on_channel = ieee80211_cancel_remain_on_channel, 1611 .cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
1509 .action = ieee80211_action, 1612 .action = ieee80211_action,
1613 .set_cqm_rssi_config = ieee80211_set_cqm_rssi_config,
1510}; 1614};
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
new file mode 100644
index 000000000000..5d218c530a4e
--- /dev/null
+++ b/net/mac80211/chan.c
@@ -0,0 +1,127 @@
1/*
2 * mac80211 - channel management
3 */
4
5#include <linux/nl80211.h>
6#include "ieee80211_i.h"
7
8enum ieee80211_chan_mode
9__ieee80211_get_channel_mode(struct ieee80211_local *local,
10 struct ieee80211_sub_if_data *ignore)
11{
12 struct ieee80211_sub_if_data *sdata;
13
14 WARN_ON(!mutex_is_locked(&local->iflist_mtx));
15
16 list_for_each_entry(sdata, &local->interfaces, list) {
17 if (sdata == ignore)
18 continue;
19
20 if (!ieee80211_sdata_running(sdata))
21 continue;
22
23 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
24 continue;
25
26 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
27 !sdata->u.mgd.associated)
28 continue;
29
30 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
31 if (!sdata->u.ibss.ssid_len)
32 continue;
33 if (!sdata->u.ibss.fixed_channel)
34 return CHAN_MODE_HOPPING;
35 }
36
37 if (sdata->vif.type == NL80211_IFTYPE_AP &&
38 !sdata->u.ap.beacon)
39 continue;
40
41 return CHAN_MODE_FIXED;
42 }
43
44 return CHAN_MODE_UNDEFINED;
45}
46
47enum ieee80211_chan_mode
48ieee80211_get_channel_mode(struct ieee80211_local *local,
49 struct ieee80211_sub_if_data *ignore)
50{
51 enum ieee80211_chan_mode mode;
52
53 mutex_lock(&local->iflist_mtx);
54 mode = __ieee80211_get_channel_mode(local, ignore);
55 mutex_unlock(&local->iflist_mtx);
56
57 return mode;
58}
59
60bool ieee80211_set_channel_type(struct ieee80211_local *local,
61 struct ieee80211_sub_if_data *sdata,
62 enum nl80211_channel_type chantype)
63{
64 struct ieee80211_sub_if_data *tmp;
65 enum nl80211_channel_type superchan = NL80211_CHAN_NO_HT;
66 bool result;
67
68 mutex_lock(&local->iflist_mtx);
69
70 list_for_each_entry(tmp, &local->interfaces, list) {
71 if (tmp == sdata)
72 continue;
73
74 if (!ieee80211_sdata_running(tmp))
75 continue;
76
77 switch (tmp->vif.bss_conf.channel_type) {
78 case NL80211_CHAN_NO_HT:
79 case NL80211_CHAN_HT20:
80 superchan = tmp->vif.bss_conf.channel_type;
81 break;
82 case NL80211_CHAN_HT40PLUS:
83 WARN_ON(superchan == NL80211_CHAN_HT40MINUS);
84 superchan = NL80211_CHAN_HT40PLUS;
85 break;
86 case NL80211_CHAN_HT40MINUS:
87 WARN_ON(superchan == NL80211_CHAN_HT40PLUS);
88 superchan = NL80211_CHAN_HT40MINUS;
89 break;
90 }
91 }
92
93 switch (superchan) {
94 case NL80211_CHAN_NO_HT:
95 case NL80211_CHAN_HT20:
96 /*
97 * allow any change that doesn't go to no-HT
98 * (if it already is no-HT no change is needed)
99 */
100 if (chantype == NL80211_CHAN_NO_HT)
101 break;
102 superchan = chantype;
103 break;
104 case NL80211_CHAN_HT40PLUS:
105 case NL80211_CHAN_HT40MINUS:
106 /* allow smaller bandwidth and same */
107 if (chantype == NL80211_CHAN_NO_HT)
108 break;
109 if (chantype == NL80211_CHAN_HT20)
110 break;
111 if (superchan == chantype)
112 break;
113 result = false;
114 goto out;
115 }
116
117 local->_oper_channel_type = superchan;
118
119 if (sdata)
120 sdata->vif.bss_conf.channel_type = chantype;
121
122 result = true;
123 out:
124 mutex_unlock(&local->iflist_mtx);
125
126 return result;
127}
diff --git a/net/mac80211/debugfs.h b/net/mac80211/debugfs.h
index 68e6a2050f9a..09cc9be34796 100644
--- a/net/mac80211/debugfs.h
+++ b/net/mac80211/debugfs.h
@@ -7,7 +7,6 @@ extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
7#else 7#else
8static inline void debugfs_hw_add(struct ieee80211_local *local) 8static inline void debugfs_hw_add(struct ieee80211_local *local)
9{ 9{
10 return;
11} 10}
12#endif 11#endif
13 12
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 83d4289d954b..20b2998fa0ed 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -100,6 +100,14 @@ static ssize_t ieee80211_if_fmt_##name( \
100 return scnprintf(buf, buflen, "%pM\n", sdata->field); \ 100 return scnprintf(buf, buflen, "%pM\n", sdata->field); \
101} 101}
102 102
103#define IEEE80211_IF_FMT_DEC_DIV_16(name, field) \
104static ssize_t ieee80211_if_fmt_##name( \
105 const struct ieee80211_sub_if_data *sdata, \
106 char *buf, int buflen) \
107{ \
108 return scnprintf(buf, buflen, "%d\n", sdata->field / 16); \
109}
110
103#define __IEEE80211_IF_FILE(name, _write) \ 111#define __IEEE80211_IF_FILE(name, _write) \
104static ssize_t ieee80211_if_read_##name(struct file *file, \ 112static ssize_t ieee80211_if_read_##name(struct file *file, \
105 char __user *userbuf, \ 113 char __user *userbuf, \
@@ -140,6 +148,8 @@ IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ],
140/* STA attributes */ 148/* STA attributes */
141IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC); 149IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC);
142IEEE80211_IF_FILE(aid, u.mgd.aid, DEC); 150IEEE80211_IF_FILE(aid, u.mgd.aid, DEC);
151IEEE80211_IF_FILE(last_beacon, u.mgd.last_beacon_signal, DEC);
152IEEE80211_IF_FILE(ave_beacon, u.mgd.ave_beacon_signal, DEC_DIV_16);
143 153
144static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata, 154static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
145 enum ieee80211_smps_mode smps_mode) 155 enum ieee80211_smps_mode smps_mode)
@@ -276,6 +286,8 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
276 286
277 DEBUGFS_ADD(bssid); 287 DEBUGFS_ADD(bssid);
278 DEBUGFS_ADD(aid); 288 DEBUGFS_ADD(aid);
289 DEBUGFS_ADD(last_beacon);
290 DEBUGFS_ADD(ave_beacon);
279 DEBUGFS_ADD_MODE(smps, 0600); 291 DEBUGFS_ADD_MODE(smps, 0600);
280} 292}
281 293
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index d92800bb2d2f..e763f1529ddb 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -39,6 +39,13 @@ static const struct file_operations sta_ ##name## _ops = { \
39 .open = mac80211_open_file_generic, \ 39 .open = mac80211_open_file_generic, \
40} 40}
41 41
42#define STA_OPS_RW(name) \
43static const struct file_operations sta_ ##name## _ops = { \
44 .read = sta_##name##_read, \
45 .write = sta_##name##_write, \
46 .open = mac80211_open_file_generic, \
47}
48
42#define STA_FILE(name, field, format) \ 49#define STA_FILE(name, field, format) \
43 STA_READ_##format(name, field) \ 50 STA_READ_##format(name, field) \
44 STA_OPS(name) 51 STA_OPS(name)
@@ -57,7 +64,6 @@ STA_FILE(tx_filtered, tx_filtered_count, LU);
57STA_FILE(tx_retry_failed, tx_retry_failed, LU); 64STA_FILE(tx_retry_failed, tx_retry_failed, LU);
58STA_FILE(tx_retry_count, tx_retry_count, LU); 65STA_FILE(tx_retry_count, tx_retry_count, LU);
59STA_FILE(last_signal, last_signal, D); 66STA_FILE(last_signal, last_signal, D);
60STA_FILE(last_noise, last_noise, D);
61STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU); 67STA_FILE(wep_weak_iv_count, wep_weak_iv_count, LU);
62 68
63static ssize_t sta_flags_read(struct file *file, char __user *userbuf, 69static ssize_t sta_flags_read(struct file *file, char __user *userbuf,
@@ -120,7 +126,7 @@ STA_OPS(last_seq_ctrl);
120static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf, 126static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
121 size_t count, loff_t *ppos) 127 size_t count, loff_t *ppos)
122{ 128{
123 char buf[64 + STA_TID_NUM * 40], *p = buf; 129 char buf[71 + STA_TID_NUM * 40], *p = buf;
124 int i; 130 int i;
125 struct sta_info *sta = file->private_data; 131 struct sta_info *sta = file->private_data;
126 132
@@ -128,16 +134,16 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
128 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", 134 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n",
129 sta->ampdu_mlme.dialog_token_allocator + 1); 135 sta->ampdu_mlme.dialog_token_allocator + 1);
130 p += scnprintf(p, sizeof(buf) + buf - p, 136 p += scnprintf(p, sizeof(buf) + buf - p,
131 "TID\t\tRX\tDTKN\tSSN\t\tTX\tDTKN\tSSN\tpending\n"); 137 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tSSN\tpending\n");
132 for (i = 0; i < STA_TID_NUM; i++) { 138 for (i = 0; i < STA_TID_NUM; i++) {
133 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i); 139 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i);
134 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 140 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
135 sta->ampdu_mlme.tid_state_rx[i]); 141 sta->ampdu_mlme.tid_active_rx[i]);
136 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x", 142 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
137 sta->ampdu_mlme.tid_state_rx[i] ? 143 sta->ampdu_mlme.tid_active_rx[i] ?
138 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0); 144 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0);
139 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x", 145 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
140 sta->ampdu_mlme.tid_state_rx[i] ? 146 sta->ampdu_mlme.tid_active_rx[i] ?
141 sta->ampdu_mlme.tid_rx[i]->ssn : 0); 147 sta->ampdu_mlme.tid_rx[i]->ssn : 0);
142 148
143 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 149 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x",
@@ -157,7 +163,63 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
157 163
158 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf); 164 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
159} 165}
160STA_OPS(agg_status); 166
167static ssize_t sta_agg_status_write(struct file *file, const char __user *userbuf,
168 size_t count, loff_t *ppos)
169{
170 char _buf[12], *buf = _buf;
171 struct sta_info *sta = file->private_data;
172 bool start, tx;
173 unsigned long tid;
174 int ret;
175
176 if (count > sizeof(_buf))
177 return -EINVAL;
178
179 if (copy_from_user(buf, userbuf, count))
180 return -EFAULT;
181
182 buf[sizeof(_buf) - 1] = '\0';
183
184 if (strncmp(buf, "tx ", 3) == 0) {
185 buf += 3;
186 tx = true;
187 } else if (strncmp(buf, "rx ", 3) == 0) {
188 buf += 3;
189 tx = false;
190 } else
191 return -EINVAL;
192
193 if (strncmp(buf, "start ", 6) == 0) {
194 buf += 6;
195 start = true;
196 if (!tx)
197 return -EINVAL;
198 } else if (strncmp(buf, "stop ", 5) == 0) {
199 buf += 5;
200 start = false;
201 } else
202 return -EINVAL;
203
204 tid = simple_strtoul(buf, NULL, 0);
205
206 if (tid >= STA_TID_NUM)
207 return -EINVAL;
208
209 if (tx) {
210 if (start)
211 ret = ieee80211_start_tx_ba_session(&sta->sta, tid);
212 else
213 ret = ieee80211_stop_tx_ba_session(&sta->sta, tid,
214 WLAN_BACK_RECIPIENT);
215 } else {
216 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 3);
217 ret = 0;
218 }
219
220 return ret ?: count;
221}
222STA_OPS_RW(agg_status);
161 223
162static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf, 224static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf,
163 size_t count, loff_t *ppos) 225 size_t count, loff_t *ppos)
@@ -177,7 +239,7 @@ static ssize_t sta_ht_capa_read(struct file *file, char __user *userbuf,
177 if (htc->ht_supported) { 239 if (htc->ht_supported) {
178 p += scnprintf(p, sizeof(buf)+buf-p, "cap: %#.4x\n", htc->cap); 240 p += scnprintf(p, sizeof(buf)+buf-p, "cap: %#.4x\n", htc->cap);
179 241
180 PRINT_HT_CAP((htc->cap & BIT(0)), "RX LDCP"); 242 PRINT_HT_CAP((htc->cap & BIT(0)), "RX LDPC");
181 PRINT_HT_CAP((htc->cap & BIT(1)), "HT20/HT40"); 243 PRINT_HT_CAP((htc->cap & BIT(1)), "HT20/HT40");
182 PRINT_HT_CAP(!(htc->cap & BIT(1)), "HT20"); 244 PRINT_HT_CAP(!(htc->cap & BIT(1)), "HT20");
183 245
@@ -289,7 +351,6 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
289 DEBUGFS_ADD(tx_retry_failed); 351 DEBUGFS_ADD(tx_retry_failed);
290 DEBUGFS_ADD(tx_retry_count); 352 DEBUGFS_ADD(tx_retry_count);
291 DEBUGFS_ADD(last_signal); 353 DEBUGFS_ADD(last_signal);
292 DEBUGFS_ADD(last_noise);
293 DEBUGFS_ADD(wep_weak_iv_count); 354 DEBUGFS_ADD(wep_weak_iv_count);
294 DEBUGFS_ADD(ht_capa); 355 DEBUGFS_ADD(ht_capa);
295} 356}
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index c3d844093a2f..4f2271316650 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -84,16 +84,14 @@ static inline void drv_bss_info_changed(struct ieee80211_local *local,
84} 84}
85 85
86static inline u64 drv_prepare_multicast(struct ieee80211_local *local, 86static inline u64 drv_prepare_multicast(struct ieee80211_local *local,
87 int mc_count, 87 struct netdev_hw_addr_list *mc_list)
88 struct dev_addr_list *mc_list)
89{ 88{
90 u64 ret = 0; 89 u64 ret = 0;
91 90
92 if (local->ops->prepare_multicast) 91 if (local->ops->prepare_multicast)
93 ret = local->ops->prepare_multicast(&local->hw, mc_count, 92 ret = local->ops->prepare_multicast(&local->hw, mc_list);
94 mc_list);
95 93
96 trace_drv_prepare_multicast(local, mc_count, ret); 94 trace_drv_prepare_multicast(local, mc_list->count, ret);
97 95
98 return ret; 96 return ret;
99} 97}
@@ -154,14 +152,15 @@ static inline void drv_update_tkip_key(struct ieee80211_local *local,
154} 152}
155 153
156static inline int drv_hw_scan(struct ieee80211_local *local, 154static inline int drv_hw_scan(struct ieee80211_local *local,
155 struct ieee80211_sub_if_data *sdata,
157 struct cfg80211_scan_request *req) 156 struct cfg80211_scan_request *req)
158{ 157{
159 int ret; 158 int ret;
160 159
161 might_sleep(); 160 might_sleep();
162 161
163 ret = local->ops->hw_scan(&local->hw, req); 162 ret = local->ops->hw_scan(&local->hw, &sdata->vif, req);
164 trace_drv_hw_scan(local, req, ret); 163 trace_drv_hw_scan(local, sdata, req, ret);
165 return ret; 164 return ret;
166} 165}
167 166
@@ -346,6 +345,15 @@ static inline int drv_ampdu_action(struct ieee80211_local *local,
346 return ret; 345 return ret;
347} 346}
348 347
348static inline int drv_get_survey(struct ieee80211_local *local, int idx,
349 struct survey_info *survey)
350{
351 int ret = -EOPNOTSUPP;
352 if (local->ops->conf_tx)
353 ret = local->ops->get_survey(&local->hw, idx, survey);
354 /* trace_drv_get_survey(local, idx, survey, ret); */
355 return ret;
356}
349 357
350static inline void drv_rfkill_poll(struct ieee80211_local *local) 358static inline void drv_rfkill_poll(struct ieee80211_local *local)
351{ 359{
@@ -363,4 +371,15 @@ static inline void drv_flush(struct ieee80211_local *local, bool drop)
363 if (local->ops->flush) 371 if (local->ops->flush)
364 local->ops->flush(&local->hw, drop); 372 local->ops->flush(&local->hw, drop);
365} 373}
374
375static inline void drv_channel_switch(struct ieee80211_local *local,
376 struct ieee80211_channel_switch *ch_switch)
377{
378 might_sleep();
379
380 local->ops->channel_switch(&local->hw, ch_switch);
381
382 trace_drv_channel_switch(local, ch_switch);
383}
384
366#endif /* __MAC80211_DRIVER_OPS */ 385#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 41baf730a5c7..6a9b2342a9c2 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -32,6 +32,10 @@ static inline void trace_ ## name(proto) {}
32#define VIF_PR_FMT " vif:%s(%d)" 32#define VIF_PR_FMT " vif:%s(%d)"
33#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type 33#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type
34 34
35/*
36 * Tracing for driver callbacks.
37 */
38
35TRACE_EVENT(drv_start, 39TRACE_EVENT(drv_start,
36 TP_PROTO(struct ieee80211_local *local, int ret), 40 TP_PROTO(struct ieee80211_local *local, int ret),
37 41
@@ -359,23 +363,26 @@ TRACE_EVENT(drv_update_tkip_key,
359 363
360TRACE_EVENT(drv_hw_scan, 364TRACE_EVENT(drv_hw_scan,
361 TP_PROTO(struct ieee80211_local *local, 365 TP_PROTO(struct ieee80211_local *local,
366 struct ieee80211_sub_if_data *sdata,
362 struct cfg80211_scan_request *req, int ret), 367 struct cfg80211_scan_request *req, int ret),
363 368
364 TP_ARGS(local, req, ret), 369 TP_ARGS(local, sdata, req, ret),
365 370
366 TP_STRUCT__entry( 371 TP_STRUCT__entry(
367 LOCAL_ENTRY 372 LOCAL_ENTRY
373 VIF_ENTRY
368 __field(int, ret) 374 __field(int, ret)
369 ), 375 ),
370 376
371 TP_fast_assign( 377 TP_fast_assign(
372 LOCAL_ASSIGN; 378 LOCAL_ASSIGN;
379 VIF_ASSIGN;
373 __entry->ret = ret; 380 __entry->ret = ret;
374 ), 381 ),
375 382
376 TP_printk( 383 TP_printk(
377 LOCAL_PR_FMT " ret:%d", 384 LOCAL_PR_FMT VIF_PR_FMT " ret:%d",
378 LOCAL_PR_ARG, __entry->ret 385 LOCAL_PR_ARG,VIF_PR_ARG, __entry->ret
379 ) 386 )
380); 387);
381 388
@@ -766,6 +773,326 @@ TRACE_EVENT(drv_flush,
766 LOCAL_PR_ARG, __entry->drop 773 LOCAL_PR_ARG, __entry->drop
767 ) 774 )
768); 775);
776
777TRACE_EVENT(drv_channel_switch,
778 TP_PROTO(struct ieee80211_local *local,
779 struct ieee80211_channel_switch *ch_switch),
780
781 TP_ARGS(local, ch_switch),
782
783 TP_STRUCT__entry(
784 LOCAL_ENTRY
785 __field(u64, timestamp)
786 __field(bool, block_tx)
787 __field(u16, freq)
788 __field(u8, count)
789 ),
790
791 TP_fast_assign(
792 LOCAL_ASSIGN;
793 __entry->timestamp = ch_switch->timestamp;
794 __entry->block_tx = ch_switch->block_tx;
795 __entry->freq = ch_switch->channel->center_freq;
796 __entry->count = ch_switch->count;
797 ),
798
799 TP_printk(
800 LOCAL_PR_FMT " new freq:%u count:%d",
801 LOCAL_PR_ARG, __entry->freq, __entry->count
802 )
803);
804
805/*
806 * Tracing for API calls that drivers call.
807 */
808
809TRACE_EVENT(api_start_tx_ba_session,
810 TP_PROTO(struct ieee80211_sta *sta, u16 tid),
811
812 TP_ARGS(sta, tid),
813
814 TP_STRUCT__entry(
815 STA_ENTRY
816 __field(u16, tid)
817 ),
818
819 TP_fast_assign(
820 STA_ASSIGN;
821 __entry->tid = tid;
822 ),
823
824 TP_printk(
825 STA_PR_FMT " tid:%d",
826 STA_PR_ARG, __entry->tid
827 )
828);
829
830TRACE_EVENT(api_start_tx_ba_cb,
831 TP_PROTO(struct ieee80211_sub_if_data *sdata, const u8 *ra, u16 tid),
832
833 TP_ARGS(sdata, ra, tid),
834
835 TP_STRUCT__entry(
836 VIF_ENTRY
837 __array(u8, ra, ETH_ALEN)
838 __field(u16, tid)
839 ),
840
841 TP_fast_assign(
842 VIF_ASSIGN;
843 memcpy(__entry->ra, ra, ETH_ALEN);
844 __entry->tid = tid;
845 ),
846
847 TP_printk(
848 VIF_PR_FMT " ra:%pM tid:%d",
849 VIF_PR_ARG, __entry->ra, __entry->tid
850 )
851);
852
853TRACE_EVENT(api_stop_tx_ba_session,
854 TP_PROTO(struct ieee80211_sta *sta, u16 tid, u16 initiator),
855
856 TP_ARGS(sta, tid, initiator),
857
858 TP_STRUCT__entry(
859 STA_ENTRY
860 __field(u16, tid)
861 __field(u16, initiator)
862 ),
863
864 TP_fast_assign(
865 STA_ASSIGN;
866 __entry->tid = tid;
867 __entry->initiator = initiator;
868 ),
869
870 TP_printk(
871 STA_PR_FMT " tid:%d initiator:%d",
872 STA_PR_ARG, __entry->tid, __entry->initiator
873 )
874);
875
876TRACE_EVENT(api_stop_tx_ba_cb,
877 TP_PROTO(struct ieee80211_sub_if_data *sdata, const u8 *ra, u16 tid),
878
879 TP_ARGS(sdata, ra, tid),
880
881 TP_STRUCT__entry(
882 VIF_ENTRY
883 __array(u8, ra, ETH_ALEN)
884 __field(u16, tid)
885 ),
886
887 TP_fast_assign(
888 VIF_ASSIGN;
889 memcpy(__entry->ra, ra, ETH_ALEN);
890 __entry->tid = tid;
891 ),
892
893 TP_printk(
894 VIF_PR_FMT " ra:%pM tid:%d",
895 VIF_PR_ARG, __entry->ra, __entry->tid
896 )
897);
898
899TRACE_EVENT(api_restart_hw,
900 TP_PROTO(struct ieee80211_local *local),
901
902 TP_ARGS(local),
903
904 TP_STRUCT__entry(
905 LOCAL_ENTRY
906 ),
907
908 TP_fast_assign(
909 LOCAL_ASSIGN;
910 ),
911
912 TP_printk(
913 LOCAL_PR_FMT,
914 LOCAL_PR_ARG
915 )
916);
917
918TRACE_EVENT(api_beacon_loss,
919 TP_PROTO(struct ieee80211_sub_if_data *sdata),
920
921 TP_ARGS(sdata),
922
923 TP_STRUCT__entry(
924 VIF_ENTRY
925 ),
926
927 TP_fast_assign(
928 VIF_ASSIGN;
929 ),
930
931 TP_printk(
932 VIF_PR_FMT,
933 VIF_PR_ARG
934 )
935);
936
937TRACE_EVENT(api_connection_loss,
938 TP_PROTO(struct ieee80211_sub_if_data *sdata),
939
940 TP_ARGS(sdata),
941
942 TP_STRUCT__entry(
943 VIF_ENTRY
944 ),
945
946 TP_fast_assign(
947 VIF_ASSIGN;
948 ),
949
950 TP_printk(
951 VIF_PR_FMT,
952 VIF_PR_ARG
953 )
954);
955
956TRACE_EVENT(api_cqm_rssi_notify,
957 TP_PROTO(struct ieee80211_sub_if_data *sdata,
958 enum nl80211_cqm_rssi_threshold_event rssi_event),
959
960 TP_ARGS(sdata, rssi_event),
961
962 TP_STRUCT__entry(
963 VIF_ENTRY
964 __field(u32, rssi_event)
965 ),
966
967 TP_fast_assign(
968 VIF_ASSIGN;
969 __entry->rssi_event = rssi_event;
970 ),
971
972 TP_printk(
973 VIF_PR_FMT " event:%d",
974 VIF_PR_ARG, __entry->rssi_event
975 )
976);
977
978TRACE_EVENT(api_scan_completed,
979 TP_PROTO(struct ieee80211_local *local, bool aborted),
980
981 TP_ARGS(local, aborted),
982
983 TP_STRUCT__entry(
984 LOCAL_ENTRY
985 __field(bool, aborted)
986 ),
987
988 TP_fast_assign(
989 LOCAL_ASSIGN;
990 __entry->aborted = aborted;
991 ),
992
993 TP_printk(
994 LOCAL_PR_FMT " aborted:%d",
995 LOCAL_PR_ARG, __entry->aborted
996 )
997);
998
999TRACE_EVENT(api_sta_block_awake,
1000 TP_PROTO(struct ieee80211_local *local,
1001 struct ieee80211_sta *sta, bool block),
1002
1003 TP_ARGS(local, sta, block),
1004
1005 TP_STRUCT__entry(
1006 LOCAL_ENTRY
1007 STA_ENTRY
1008 __field(bool, block)
1009 ),
1010
1011 TP_fast_assign(
1012 LOCAL_ASSIGN;
1013 STA_ASSIGN;
1014 __entry->block = block;
1015 ),
1016
1017 TP_printk(
1018 LOCAL_PR_FMT STA_PR_FMT " block:%d",
1019 LOCAL_PR_ARG, STA_PR_FMT, __entry->block
1020 )
1021);
1022
1023TRACE_EVENT(api_chswitch_done,
1024 TP_PROTO(struct ieee80211_sub_if_data *sdata, bool success),
1025
1026 TP_ARGS(sdata, success),
1027
1028 TP_STRUCT__entry(
1029 VIF_ENTRY
1030 __field(bool, success)
1031 ),
1032
1033 TP_fast_assign(
1034 VIF_ASSIGN;
1035 __entry->success = success;
1036 ),
1037
1038 TP_printk(
1039 VIF_PR_FMT " success=%d",
1040 VIF_PR_ARG, __entry->success
1041 )
1042);
1043
1044/*
1045 * Tracing for internal functions
1046 * (which may also be called in response to driver calls)
1047 */
1048
1049TRACE_EVENT(wake_queue,
1050 TP_PROTO(struct ieee80211_local *local, u16 queue,
1051 enum queue_stop_reason reason),
1052
1053 TP_ARGS(local, queue, reason),
1054
1055 TP_STRUCT__entry(
1056 LOCAL_ENTRY
1057 __field(u16, queue)
1058 __field(u32, reason)
1059 ),
1060
1061 TP_fast_assign(
1062 LOCAL_ASSIGN;
1063 __entry->queue = queue;
1064 __entry->reason = reason;
1065 ),
1066
1067 TP_printk(
1068 LOCAL_PR_FMT " queue:%d, reason:%d",
1069 LOCAL_PR_ARG, __entry->queue, __entry->reason
1070 )
1071);
1072
1073TRACE_EVENT(stop_queue,
1074 TP_PROTO(struct ieee80211_local *local, u16 queue,
1075 enum queue_stop_reason reason),
1076
1077 TP_ARGS(local, queue, reason),
1078
1079 TP_STRUCT__entry(
1080 LOCAL_ENTRY
1081 __field(u16, queue)
1082 __field(u32, reason)
1083 ),
1084
1085 TP_fast_assign(
1086 LOCAL_ASSIGN;
1087 __entry->queue = queue;
1088 __entry->reason = reason;
1089 ),
1090
1091 TP_printk(
1092 LOCAL_PR_FMT " queue:%d, reason:%d",
1093 LOCAL_PR_ARG, __entry->queue, __entry->reason
1094 )
1095);
769#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */ 1096#endif /* !__MAC80211_DRIVER_TRACE || TRACE_HEADER_MULTI_READ */
770 1097
771#undef TRACE_INCLUDE_PATH 1098#undef TRACE_INCLUDE_PATH
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index bb677a73b7c9..2ab106a0a491 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -175,8 +175,7 @@ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
175#endif /* CONFIG_MAC80211_HT_DEBUG */ 175#endif /* CONFIG_MAC80211_HT_DEBUG */
176 176
177 if (initiator == WLAN_BACK_INITIATOR) 177 if (initiator == WLAN_BACK_INITIATOR)
178 ieee80211_sta_stop_rx_ba_session(sdata, sta->sta.addr, tid, 178 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_INITIATOR, 0);
179 WLAN_BACK_INITIATOR, 0);
180 else { /* WLAN_BACK_RECIPIENT */ 179 else { /* WLAN_BACK_RECIPIENT */
181 spin_lock_bh(&sta->lock); 180 spin_lock_bh(&sta->lock);
182 if (sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK) 181 if (sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK)
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index e2976da4e0d9..b2cc1fda6cfd 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -92,12 +92,18 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
92 if (memcmp(ifibss->bssid, bssid, ETH_ALEN)) 92 if (memcmp(ifibss->bssid, bssid, ETH_ALEN))
93 sta_info_flush(sdata->local, sdata); 93 sta_info_flush(sdata->local, sdata);
94 94
95 /* if merging, indicate to driver that we leave the old IBSS */
96 if (sdata->vif.bss_conf.ibss_joined) {
97 sdata->vif.bss_conf.ibss_joined = false;
98 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_IBSS);
99 }
100
95 memcpy(ifibss->bssid, bssid, ETH_ALEN); 101 memcpy(ifibss->bssid, bssid, ETH_ALEN);
96 102
97 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0; 103 sdata->drop_unencrypted = capability & WLAN_CAPABILITY_PRIVACY ? 1 : 0;
98 104
99 local->oper_channel = chan; 105 local->oper_channel = chan;
100 local->oper_channel_type = NL80211_CHAN_NO_HT; 106 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT));
101 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 107 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
102 108
103 sband = local->hw.wiphy->bands[chan->band]; 109 sband = local->hw.wiphy->bands[chan->band];
@@ -171,6 +177,8 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
171 bss_change |= BSS_CHANGED_BSSID; 177 bss_change |= BSS_CHANGED_BSSID;
172 bss_change |= BSS_CHANGED_BEACON; 178 bss_change |= BSS_CHANGED_BEACON;
173 bss_change |= BSS_CHANGED_BEACON_ENABLED; 179 bss_change |= BSS_CHANGED_BEACON_ENABLED;
180 bss_change |= BSS_CHANGED_IBSS;
181 sdata->vif.bss_conf.ibss_joined = true;
174 ieee80211_bss_info_change_notify(sdata, bss_change); 182 ieee80211_bss_info_change_notify(sdata, bss_change);
175 183
176 ieee80211_sta_def_wmm_params(sdata, sband->n_bitrates, supp_rates); 184 ieee80211_sta_def_wmm_params(sdata, sband->n_bitrates, supp_rates);
@@ -265,17 +273,16 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
265 sta->sta.supp_rates[band] = supp_rates | 273 sta->sta.supp_rates[band] = supp_rates |
266 ieee80211_mandatory_rates(local, band); 274 ieee80211_mandatory_rates(local, band);
267 275
276 if (sta->sta.supp_rates[band] != prev_rates) {
268#ifdef CONFIG_MAC80211_IBSS_DEBUG 277#ifdef CONFIG_MAC80211_IBSS_DEBUG
269 if (sta->sta.supp_rates[band] != prev_rates)
270 printk(KERN_DEBUG "%s: updated supp_rates set " 278 printk(KERN_DEBUG "%s: updated supp_rates set "
271 "for %pM based on beacon info (0x%llx | " 279 "for %pM based on beacon/probe_response "
272 "0x%llx -> 0x%llx)\n", 280 "(0x%x -> 0x%x)\n",
273 sdata->name, 281 sdata->name, sta->sta.addr,
274 sta->sta.addr, 282 prev_rates, sta->sta.supp_rates[band]);
275 (unsigned long long) prev_rates,
276 (unsigned long long) supp_rates,
277 (unsigned long long) sta->sta.supp_rates[band]);
278#endif 283#endif
284 rate_control_rate_init(sta);
285 }
279 rcu_read_unlock(); 286 rcu_read_unlock();
280 } else { 287 } else {
281 rcu_read_unlock(); 288 rcu_read_unlock();
@@ -371,6 +378,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
371 sdata->name, mgmt->bssid); 378 sdata->name, mgmt->bssid);
372#endif 379#endif
373 ieee80211_sta_join_ibss(sdata, bss); 380 ieee80211_sta_join_ibss(sdata, bss);
381 supp_rates = ieee80211_sta_get_rates(local, elems, band);
374 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, 382 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa,
375 supp_rates, GFP_KERNEL); 383 supp_rates, GFP_KERNEL);
376 } 384 }
@@ -481,7 +489,9 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
481 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other " 489 printk(KERN_DEBUG "%s: No active IBSS STAs - trying to scan for other "
482 "IBSS networks with same SSID (merge)\n", sdata->name); 490 "IBSS networks with same SSID (merge)\n", sdata->name);
483 491
484 ieee80211_request_internal_scan(sdata, ifibss->ssid, ifibss->ssid_len); 492 ieee80211_request_internal_scan(sdata,
493 ifibss->ssid, ifibss->ssid_len,
494 ifibss->fixed_channel ? ifibss->channel : NULL);
485} 495}
486 496
487static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 497static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
@@ -588,8 +598,9 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
588 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to " 598 printk(KERN_DEBUG "%s: Trigger new scan to find an IBSS to "
589 "join\n", sdata->name); 599 "join\n", sdata->name);
590 600
591 ieee80211_request_internal_scan(sdata, ifibss->ssid, 601 ieee80211_request_internal_scan(sdata,
592 ifibss->ssid_len); 602 ifibss->ssid, ifibss->ssid_len,
603 ifibss->fixed_channel ? ifibss->channel : NULL);
593 } else { 604 } else {
594 int interval = IEEE80211_SCAN_INTERVAL; 605 int interval = IEEE80211_SCAN_INTERVAL;
595 606
@@ -897,6 +908,13 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
897 sdata->u.ibss.channel = params->channel; 908 sdata->u.ibss.channel = params->channel;
898 sdata->u.ibss.fixed_channel = params->channel_fixed; 909 sdata->u.ibss.fixed_channel = params->channel_fixed;
899 910
911 /* fix ourselves to that channel now already */
912 if (params->channel_fixed) {
913 sdata->local->oper_channel = params->channel;
914 WARN_ON(!ieee80211_set_channel_type(sdata->local, sdata,
915 NL80211_CHAN_NO_HT));
916 }
917
900 if (params->ie) { 918 if (params->ie) {
901 sdata->u.ibss.ie = kmemdup(params->ie, params->ie_len, 919 sdata->u.ibss.ie = kmemdup(params->ie, params->ie_len,
902 GFP_KERNEL); 920 GFP_KERNEL);
@@ -951,7 +969,9 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
951 kfree(sdata->u.ibss.ie); 969 kfree(sdata->u.ibss.ie);
952 skb = sdata->u.ibss.presp; 970 skb = sdata->u.ibss.presp;
953 rcu_assign_pointer(sdata->u.ibss.presp, NULL); 971 rcu_assign_pointer(sdata->u.ibss.presp, NULL);
954 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED); 972 sdata->vif.bss_conf.ibss_joined = false;
973 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
974 BSS_CHANGED_IBSS);
955 synchronize_rcu(); 975 synchronize_rcu();
956 kfree_skb(skb); 976 kfree_skb(skb);
957 977
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 241533e1bc03..1a9e2da37a93 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -317,6 +317,7 @@ enum ieee80211_sta_flags {
317 IEEE80211_STA_MFP_ENABLED = BIT(6), 317 IEEE80211_STA_MFP_ENABLED = BIT(6),
318 IEEE80211_STA_UAPSD_ENABLED = BIT(7), 318 IEEE80211_STA_UAPSD_ENABLED = BIT(7),
319 IEEE80211_STA_NULLFUNC_ACKED = BIT(8), 319 IEEE80211_STA_NULLFUNC_ACKED = BIT(8),
320 IEEE80211_STA_RESET_SIGNAL_AVE = BIT(9),
320}; 321};
321 322
322struct ieee80211_if_managed { 323struct ieee80211_if_managed {
@@ -327,7 +328,7 @@ struct ieee80211_if_managed {
327 struct work_struct work; 328 struct work_struct work;
328 struct work_struct monitor_work; 329 struct work_struct monitor_work;
329 struct work_struct chswitch_work; 330 struct work_struct chswitch_work;
330 struct work_struct beacon_loss_work; 331 struct work_struct beacon_connection_loss_work;
331 332
332 unsigned long probe_timeout; 333 unsigned long probe_timeout;
333 int probe_send_count; 334 int probe_send_count;
@@ -359,6 +360,24 @@ struct ieee80211_if_managed {
359 int wmm_last_param_set; 360 int wmm_last_param_set;
360 361
361 u8 use_4addr; 362 u8 use_4addr;
363
364 /* Signal strength from the last Beacon frame in the current BSS. */
365 int last_beacon_signal;
366
367 /*
368 * Weighted average of the signal strength from Beacon frames in the
369 * current BSS. This is in units of 1/16 of the signal unit to maintain
370 * accuracy and to speed up calculations, i.e., the value need to be
371 * divided by 16 to get the actual value.
372 */
373 int ave_beacon_signal;
374
375 /*
376 * Last Beacon frame signal strength average (ave_beacon_signal / 16)
377 * that triggered a cqm event. 0 indicates that no event has been
378 * generated for the current association.
379 */
380 int last_cqm_event_signal;
362}; 381};
363 382
364enum ieee80211_ibss_request { 383enum ieee80211_ibss_request {
@@ -646,8 +665,7 @@ struct ieee80211_local {
646 struct work_struct recalc_smps; 665 struct work_struct recalc_smps;
647 666
648 /* aggregated multicast list */ 667 /* aggregated multicast list */
649 struct dev_addr_list *mc_list; 668 struct netdev_hw_addr_list mc_list;
650 int mc_count;
651 669
652 bool tim_in_locked_section; /* see ieee80211_beacon_get() */ 670 bool tim_in_locked_section; /* see ieee80211_beacon_get() */
653 671
@@ -745,10 +763,11 @@ struct ieee80211_local {
745 int scan_channel_idx; 763 int scan_channel_idx;
746 int scan_ies_len; 764 int scan_ies_len;
747 765
766 unsigned long leave_oper_channel_time;
748 enum mac80211_scan_state next_scan_state; 767 enum mac80211_scan_state next_scan_state;
749 struct delayed_work scan_work; 768 struct delayed_work scan_work;
750 struct ieee80211_sub_if_data *scan_sdata; 769 struct ieee80211_sub_if_data *scan_sdata;
751 enum nl80211_channel_type oper_channel_type; 770 enum nl80211_channel_type _oper_channel_type;
752 struct ieee80211_channel *oper_channel, *csa_channel; 771 struct ieee80211_channel *oper_channel, *csa_channel;
753 772
754 /* Temporary remain-on-channel for off-channel operations */ 773 /* Temporary remain-on-channel for off-channel operations */
@@ -979,7 +998,8 @@ int ieee80211_max_network_latency(struct notifier_block *nb,
979 unsigned long data, void *dummy); 998 unsigned long data, void *dummy);
980void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 999void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
981 struct ieee80211_channel_sw_ie *sw_elem, 1000 struct ieee80211_channel_sw_ie *sw_elem,
982 struct ieee80211_bss *bss); 1001 struct ieee80211_bss *bss,
1002 u64 timestamp);
983void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata); 1003void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata);
984void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata); 1004void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata);
985 1005
@@ -1000,7 +1020,8 @@ void ieee80211_ibss_restart(struct ieee80211_sub_if_data *sdata);
1000/* scan/BSS handling */ 1020/* scan/BSS handling */
1001void ieee80211_scan_work(struct work_struct *work); 1021void ieee80211_scan_work(struct work_struct *work);
1002int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, 1022int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
1003 const u8 *ssid, u8 ssid_len); 1023 const u8 *ssid, u8 ssid_len,
1024 struct ieee80211_channel *chan);
1004int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 1025int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
1005 struct cfg80211_scan_request *req); 1026 struct cfg80211_scan_request *req);
1006void ieee80211_scan_cancel(struct ieee80211_local *local); 1027void ieee80211_scan_cancel(struct ieee80211_local *local);
@@ -1078,8 +1099,6 @@ int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
1078 enum ieee80211_smps_mode smps, const u8 *da, 1099 enum ieee80211_smps_mode smps, const u8 *da,
1079 const u8 *bssid); 1100 const u8 *bssid);
1080 1101
1081void ieee80211_sta_stop_rx_ba_session(struct ieee80211_sub_if_data *sdata, u8 *da,
1082 u16 tid, u16 initiator, u16 reason);
1083void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 1102void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
1084 u16 initiator, u16 reason); 1103 u16 initiator, u16 reason);
1085void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta); 1104void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta);
@@ -1155,7 +1174,7 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
1155 int powersave); 1174 int powersave);
1156void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1175void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1157 struct ieee80211_hdr *hdr); 1176 struct ieee80211_hdr *hdr);
1158void ieee80211_beacon_loss_work(struct work_struct *work); 1177void ieee80211_beacon_connection_loss_work(struct work_struct *work);
1159 1178
1160void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw, 1179void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw,
1161 enum queue_stop_reason reason); 1180 enum queue_stop_reason reason);
@@ -1210,6 +1229,20 @@ int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1210int ieee80211_wk_cancel_remain_on_channel( 1229int ieee80211_wk_cancel_remain_on_channel(
1211 struct ieee80211_sub_if_data *sdata, u64 cookie); 1230 struct ieee80211_sub_if_data *sdata, u64 cookie);
1212 1231
1232/* channel management */
1233enum ieee80211_chan_mode {
1234 CHAN_MODE_UNDEFINED,
1235 CHAN_MODE_HOPPING,
1236 CHAN_MODE_FIXED,
1237};
1238
1239enum ieee80211_chan_mode
1240ieee80211_get_channel_mode(struct ieee80211_local *local,
1241 struct ieee80211_sub_if_data *ignore);
1242bool ieee80211_set_channel_type(struct ieee80211_local *local,
1243 struct ieee80211_sub_if_data *sdata,
1244 enum nl80211_channel_type chantype);
1245
1213#ifdef CONFIG_MAC80211_NOINLINE 1246#ifdef CONFIG_MAC80211_NOINLINE
1214#define debug_noinline noinline 1247#define debug_noinline noinline
1215#else 1248#else
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index e08fa8eda1b3..50deb017fd6e 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -413,8 +413,7 @@ static int ieee80211_stop(struct net_device *dev)
413 413
414 netif_addr_lock_bh(dev); 414 netif_addr_lock_bh(dev);
415 spin_lock_bh(&local->filter_lock); 415 spin_lock_bh(&local->filter_lock);
416 __dev_addr_unsync(&local->mc_list, &local->mc_count, 416 __hw_addr_unsync(&local->mc_list, &dev->mc, dev->addr_len);
417 &dev->mc_list, &dev->mc_count);
418 spin_unlock_bh(&local->filter_lock); 417 spin_unlock_bh(&local->filter_lock);
419 netif_addr_unlock_bh(dev); 418 netif_addr_unlock_bh(dev);
420 419
@@ -487,7 +486,7 @@ static int ieee80211_stop(struct net_device *dev)
487 cancel_work_sync(&sdata->u.mgd.work); 486 cancel_work_sync(&sdata->u.mgd.work);
488 cancel_work_sync(&sdata->u.mgd.chswitch_work); 487 cancel_work_sync(&sdata->u.mgd.chswitch_work);
489 cancel_work_sync(&sdata->u.mgd.monitor_work); 488 cancel_work_sync(&sdata->u.mgd.monitor_work);
490 cancel_work_sync(&sdata->u.mgd.beacon_loss_work); 489 cancel_work_sync(&sdata->u.mgd.beacon_connection_loss_work);
491 490
492 /* 491 /*
493 * When we get here, the interface is marked down. 492 * When we get here, the interface is marked down.
@@ -597,8 +596,7 @@ static void ieee80211_set_multicast_list(struct net_device *dev)
597 sdata->flags ^= IEEE80211_SDATA_PROMISC; 596 sdata->flags ^= IEEE80211_SDATA_PROMISC;
598 } 597 }
599 spin_lock_bh(&local->filter_lock); 598 spin_lock_bh(&local->filter_lock);
600 __dev_addr_sync(&local->mc_list, &local->mc_count, 599 __hw_addr_sync(&local->mc_list, &dev->mc, dev->addr_len);
601 &dev->mc_list, &dev->mc_count);
602 spin_unlock_bh(&local->filter_lock); 600 spin_unlock_bh(&local->filter_lock);
603 ieee80211_queue_work(&local->hw, &local->reconfig_filter); 601 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
604} 602}
@@ -816,6 +814,118 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
816 return 0; 814 return 0;
817} 815}
818 816
817static void ieee80211_assign_perm_addr(struct ieee80211_local *local,
818 struct net_device *dev,
819 enum nl80211_iftype type)
820{
821 struct ieee80211_sub_if_data *sdata;
822 u64 mask, start, addr, val, inc;
823 u8 *m;
824 u8 tmp_addr[ETH_ALEN];
825 int i;
826
827 /* default ... something at least */
828 memcpy(dev->perm_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
829
830 if (is_zero_ether_addr(local->hw.wiphy->addr_mask) &&
831 local->hw.wiphy->n_addresses <= 1)
832 return;
833
834
835 mutex_lock(&local->iflist_mtx);
836
837 switch (type) {
838 case NL80211_IFTYPE_MONITOR:
839 /* doesn't matter */
840 break;
841 case NL80211_IFTYPE_WDS:
842 case NL80211_IFTYPE_AP_VLAN:
843 /* match up with an AP interface */
844 list_for_each_entry(sdata, &local->interfaces, list) {
845 if (sdata->vif.type != NL80211_IFTYPE_AP)
846 continue;
847 memcpy(dev->perm_addr, sdata->vif.addr, ETH_ALEN);
848 break;
849 }
850 /* keep default if no AP interface present */
851 break;
852 default:
853 /* assign a new address if possible -- try n_addresses first */
854 for (i = 0; i < local->hw.wiphy->n_addresses; i++) {
855 bool used = false;
856
857 list_for_each_entry(sdata, &local->interfaces, list) {
858 if (memcmp(local->hw.wiphy->addresses[i].addr,
859 sdata->vif.addr, ETH_ALEN) == 0) {
860 used = true;
861 break;
862 }
863 }
864
865 if (!used) {
866 memcpy(dev->perm_addr,
867 local->hw.wiphy->addresses[i].addr,
868 ETH_ALEN);
869 break;
870 }
871 }
872
873 /* try mask if available */
874 if (is_zero_ether_addr(local->hw.wiphy->addr_mask))
875 break;
876
877 m = local->hw.wiphy->addr_mask;
878 mask = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
879 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
880 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
881
882 if (__ffs64(mask) + hweight64(mask) != fls64(mask)) {
883 /* not a contiguous mask ... not handled now! */
884 printk(KERN_DEBUG "not contiguous\n");
885 break;
886 }
887
888 m = local->hw.wiphy->perm_addr;
889 start = ((u64)m[0] << 5*8) | ((u64)m[1] << 4*8) |
890 ((u64)m[2] << 3*8) | ((u64)m[3] << 2*8) |
891 ((u64)m[4] << 1*8) | ((u64)m[5] << 0*8);
892
893 inc = 1ULL<<__ffs64(mask);
894 val = (start & mask);
895 addr = (start & ~mask) | (val & mask);
896 do {
897 bool used = false;
898
899 tmp_addr[5] = addr >> 0*8;
900 tmp_addr[4] = addr >> 1*8;
901 tmp_addr[3] = addr >> 2*8;
902 tmp_addr[2] = addr >> 3*8;
903 tmp_addr[1] = addr >> 4*8;
904 tmp_addr[0] = addr >> 5*8;
905
906 val += inc;
907
908 list_for_each_entry(sdata, &local->interfaces, list) {
909 if (memcmp(tmp_addr, sdata->vif.addr,
910 ETH_ALEN) == 0) {
911 used = true;
912 break;
913 }
914 }
915
916 if (!used) {
917 memcpy(dev->perm_addr, tmp_addr, ETH_ALEN);
918 break;
919 }
920 addr = (start & ~mask) | (val & mask);
921 } while (addr != start);
922
923 break;
924 }
925
926 mutex_unlock(&local->iflist_mtx);
927}
928
819int ieee80211_if_add(struct ieee80211_local *local, const char *name, 929int ieee80211_if_add(struct ieee80211_local *local, const char *name,
820 struct net_device **new_dev, enum nl80211_iftype type, 930 struct net_device **new_dev, enum nl80211_iftype type,
821 struct vif_params *params) 931 struct vif_params *params)
@@ -845,8 +955,8 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
845 if (ret < 0) 955 if (ret < 0)
846 goto fail; 956 goto fail;
847 957
848 memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN); 958 ieee80211_assign_perm_addr(local, ndev, type);
849 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN); 959 memcpy(ndev->dev_addr, ndev->perm_addr, ETH_ALEN);
850 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy)); 960 SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
851 961
852 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */ 962 /* don't use IEEE80211_DEV_TO_SUB_IF because it checks too much */
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index e8f6e3b252d8..8d4b41787dcf 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -140,6 +140,7 @@ static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
140 struct ieee80211_sub_if_data, 140 struct ieee80211_sub_if_data,
141 u.ap); 141 u.ap);
142 142
143 key->conf.ap_addr = sdata->dev->dev_addr;
143 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 144 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
144 145
145 if (!ret) { 146 if (!ret) {
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index b887e484ae04..22a384dfab65 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -71,7 +71,7 @@ void ieee80211_configure_filter(struct ieee80211_local *local)
71 spin_lock_bh(&local->filter_lock); 71 spin_lock_bh(&local->filter_lock);
72 changed_flags = local->filter_flags ^ new_flags; 72 changed_flags = local->filter_flags ^ new_flags;
73 73
74 mc = drv_prepare_multicast(local, local->mc_count, local->mc_list); 74 mc = drv_prepare_multicast(local, &local->mc_list);
75 spin_unlock_bh(&local->filter_lock); 75 spin_unlock_bh(&local->filter_lock);
76 76
77 /* be a bit nasty */ 77 /* be a bit nasty */
@@ -111,7 +111,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
111 channel_type = local->tmp_channel_type; 111 channel_type = local->tmp_channel_type;
112 } else { 112 } else {
113 chan = local->oper_channel; 113 chan = local->oper_channel;
114 channel_type = local->oper_channel_type; 114 channel_type = local->_oper_channel_type;
115 } 115 }
116 116
117 if (chan != local->hw.conf.channel || 117 if (chan != local->hw.conf.channel ||
@@ -309,6 +309,8 @@ void ieee80211_restart_hw(struct ieee80211_hw *hw)
309{ 309{
310 struct ieee80211_local *local = hw_to_local(hw); 310 struct ieee80211_local *local = hw_to_local(hw);
311 311
312 trace_api_restart_hw(local);
313
312 /* use this reason, __ieee80211_resume will unblock it */ 314 /* use this reason, __ieee80211_resume will unblock it */
313 ieee80211_stop_queues_by_reason(hw, 315 ieee80211_stop_queues_by_reason(hw,
314 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 316 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
@@ -388,6 +390,9 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
388 local->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN; 390 local->uapsd_max_sp_len = IEEE80211_DEFAULT_MAX_SP_LEN;
389 391
390 INIT_LIST_HEAD(&local->interfaces); 392 INIT_LIST_HEAD(&local->interfaces);
393
394 __hw_addr_init(&local->mc_list);
395
391 mutex_init(&local->iflist_mtx); 396 mutex_init(&local->iflist_mtx);
392 mutex_init(&local->scan_mtx); 397 mutex_init(&local->scan_mtx);
393 398
@@ -437,7 +442,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
437 struct ieee80211_local *local = hw_to_local(hw); 442 struct ieee80211_local *local = hw_to_local(hw);
438 int result; 443 int result;
439 enum ieee80211_band band; 444 enum ieee80211_band band;
440 int channels, i, j, max_bitrates; 445 int channels, max_bitrates;
441 bool supp_ht; 446 bool supp_ht;
442 static const u32 cipher_suites[] = { 447 static const u32 cipher_suites[] = {
443 WLAN_CIPHER_SUITE_WEP40, 448 WLAN_CIPHER_SUITE_WEP40,
@@ -567,6 +572,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
567 572
568 local->hw.conf.listen_interval = local->hw.max_listen_interval; 573 local->hw.conf.listen_interval = local->hw.max_listen_interval;
569 574
575 local->hw.conf.dynamic_ps_forced_timeout = -1;
576
570 result = sta_info_start(local); 577 result = sta_info_start(local);
571 if (result < 0) 578 if (result < 0)
572 goto fail_sta_info; 579 goto fail_sta_info;
@@ -601,21 +608,6 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
601 608
602 ieee80211_led_init(local); 609 ieee80211_led_init(local);
603 610
604 /* alloc internal scan request */
605 i = 0;
606 local->int_scan_req->ssids = &local->scan_ssid;
607 local->int_scan_req->n_ssids = 1;
608 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
609 if (!hw->wiphy->bands[band])
610 continue;
611 for (j = 0; j < hw->wiphy->bands[band]->n_channels; j++) {
612 local->int_scan_req->channels[i] =
613 &hw->wiphy->bands[band]->channels[j];
614 i++;
615 }
616 }
617 local->int_scan_req->n_channels = i;
618
619 local->network_latency_notifier.notifier_call = 611 local->network_latency_notifier.notifier_call =
620 ieee80211_max_network_latency; 612 ieee80211_max_network_latency;
621 result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY, 613 result = pm_qos_add_notifier(PM_QOS_NETWORK_LATENCY,
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 859ee5f3d941..bde81031727a 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -287,8 +287,6 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
287 *pos++ |= sdata->u.mesh.accepting_plinks ? 287 *pos++ |= sdata->u.mesh.accepting_plinks ?
288 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00; 288 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
289 *pos++ = 0x00; 289 *pos++ = 0x00;
290
291 return;
292} 290}
293 291
294u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata, struct mesh_table *tbl) 292u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata, struct mesh_table *tbl)
@@ -601,10 +599,10 @@ static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
601 struct ieee80211_rx_status *rx_status) 599 struct ieee80211_rx_status *rx_status)
602{ 600{
603 switch (mgmt->u.action.category) { 601 switch (mgmt->u.action.category) {
604 case MESH_PLINK_CATEGORY: 602 case WLAN_CATEGORY_MESH_PLINK:
605 mesh_rx_plink_frame(sdata, mgmt, len, rx_status); 603 mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
606 break; 604 break;
607 case MESH_PATH_SEL_CATEGORY: 605 case WLAN_CATEGORY_MESH_PATH_SEL:
608 mesh_rx_path_sel_frame(sdata, mgmt, len); 606 mesh_rx_path_sel_frame(sdata, mgmt, len);
609 break; 607 break;
610 } 608 }
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index 85562c59d7d6..c88087f1cd0f 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -209,8 +209,6 @@ struct mesh_rmc {
209#define MESH_MAX_MPATHS 1024 209#define MESH_MAX_MPATHS 1024
210 210
211/* Pending ANA approval */ 211/* Pending ANA approval */
212#define MESH_PLINK_CATEGORY 30
213#define MESH_PATH_SEL_CATEGORY 32
214#define MESH_PATH_SEL_ACTION 0 212#define MESH_PATH_SEL_ACTION 0
215 213
216/* PERR reason codes */ 214/* PERR reason codes */
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index fefc45c4b4e8..0705018d8d1e 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -132,7 +132,7 @@ static int mesh_path_sel_frame_tx(enum mpath_frame_type action, u8 flags,
132 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 132 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
133 /* BSSID == SA */ 133 /* BSSID == SA */
134 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 134 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
135 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 135 mgmt->u.action.category = WLAN_CATEGORY_MESH_PATH_SEL;
136 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION; 136 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
137 137
138 switch (action) { 138 switch (action) {
@@ -225,7 +225,7 @@ int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
225 memcpy(mgmt->da, ra, ETH_ALEN); 225 memcpy(mgmt->da, ra, ETH_ALEN);
226 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 226 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
227 /* BSSID is left zeroed, wildcard value */ 227 /* BSSID is left zeroed, wildcard value */
228 mgmt->u.action.category = MESH_PATH_SEL_CATEGORY; 228 mgmt->u.action.category = WLAN_CATEGORY_MESH_PATH_SEL;
229 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION; 229 mgmt->u.action.u.mesh_action.action_code = MESH_PATH_SEL_ACTION;
230 ie_len = 15; 230 ie_len = 15;
231 pos = skb_put(skb, 2 + ie_len); 231 pos = skb_put(skb, 2 + ie_len);
@@ -624,7 +624,6 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
624fail: 624fail:
625 rcu_read_unlock(); 625 rcu_read_unlock();
626 sdata->u.mesh.mshstats.dropped_frames_no_route++; 626 sdata->u.mesh.mshstats.dropped_frames_no_route++;
627 return;
628} 627}
629 628
630static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata, 629static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index 7b7080e2b49f..3cd5f7b5d693 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -172,7 +172,7 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
172 memcpy(mgmt->da, da, ETH_ALEN); 172 memcpy(mgmt->da, da, ETH_ALEN);
173 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 173 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
174 /* BSSID is left zeroed, wildcard value */ 174 /* BSSID is left zeroed, wildcard value */
175 mgmt->u.action.category = MESH_PLINK_CATEGORY; 175 mgmt->u.action.category = WLAN_CATEGORY_MESH_PLINK;
176 mgmt->u.action.u.plink_action.action_code = action; 176 mgmt->u.action.u.plink_action.action_code = action;
177 177
178 if (action == PLINK_CLOSE) 178 if (action == PLINK_CLOSE)
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 88f95e7bab49..0839c4e8fd2e 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -47,6 +47,13 @@
47 */ 47 */
48#define IEEE80211_PROBE_WAIT (HZ / 2) 48#define IEEE80211_PROBE_WAIT (HZ / 2)
49 49
50/*
51 * Weight given to the latest Beacon frame when calculating average signal
52 * strength for Beacon frames received in the current BSS. This must be
53 * between 1 and 15.
54 */
55#define IEEE80211_SIGNAL_AVE_WEIGHT 3
56
50#define TMR_RUNNING_TIMER 0 57#define TMR_RUNNING_TIMER 0
51#define TMR_RUNNING_CHANSW 1 58#define TMR_RUNNING_CHANSW 1
52 59
@@ -130,11 +137,14 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
130 struct sta_info *sta; 137 struct sta_info *sta;
131 u32 changed = 0; 138 u32 changed = 0;
132 u16 ht_opmode; 139 u16 ht_opmode;
133 bool enable_ht = true, ht_changed; 140 bool enable_ht = true;
141 enum nl80211_channel_type prev_chantype;
134 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 142 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
135 143
136 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 144 sband = local->hw.wiphy->bands[local->hw.conf.channel->band];
137 145
146 prev_chantype = sdata->vif.bss_conf.channel_type;
147
138 /* HT is not supported */ 148 /* HT is not supported */
139 if (!sband->ht_cap.ht_supported) 149 if (!sband->ht_cap.ht_supported)
140 enable_ht = false; 150 enable_ht = false;
@@ -165,38 +175,37 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
165 } 175 }
166 } 176 }
167 177
168 ht_changed = conf_is_ht(&local->hw.conf) != enable_ht ||
169 channel_type != local->hw.conf.channel_type;
170
171 if (local->tmp_channel) 178 if (local->tmp_channel)
172 local->tmp_channel_type = channel_type; 179 local->tmp_channel_type = channel_type;
173 local->oper_channel_type = channel_type;
174 180
175 if (ht_changed) { 181 if (!ieee80211_set_channel_type(local, sdata, channel_type)) {
176 /* channel_type change automatically detected */ 182 /* can only fail due to HT40+/- mismatch */
177 ieee80211_hw_config(local, 0); 183 channel_type = NL80211_CHAN_HT20;
184 WARN_ON(!ieee80211_set_channel_type(local, sdata, channel_type));
185 }
186
187 /* channel_type change automatically detected */
188 ieee80211_hw_config(local, 0);
178 189
190 if (prev_chantype != channel_type) {
179 rcu_read_lock(); 191 rcu_read_lock();
180 sta = sta_info_get(sdata, bssid); 192 sta = sta_info_get(sdata, bssid);
181 if (sta) 193 if (sta)
182 rate_control_rate_update(local, sband, sta, 194 rate_control_rate_update(local, sband, sta,
183 IEEE80211_RC_HT_CHANGED, 195 IEEE80211_RC_HT_CHANGED,
184 local->oper_channel_type); 196 channel_type);
185 rcu_read_unlock(); 197 rcu_read_unlock();
186 } 198 }
187
188 /* disable HT */
189 if (!enable_ht)
190 return 0;
191 199
192 ht_opmode = le16_to_cpu(hti->operation_mode); 200 ht_opmode = le16_to_cpu(hti->operation_mode);
193 201
194 /* if bss configuration changed store the new one */ 202 /* if bss configuration changed store the new one */
195 if (!sdata->ht_opmode_valid || 203 if (sdata->ht_opmode_valid != enable_ht ||
196 sdata->vif.bss_conf.ht_operation_mode != ht_opmode) { 204 sdata->vif.bss_conf.ht_operation_mode != ht_opmode ||
205 prev_chantype != channel_type) {
197 changed |= BSS_CHANGED_HT; 206 changed |= BSS_CHANGED_HT;
198 sdata->vif.bss_conf.ht_operation_mode = ht_opmode; 207 sdata->vif.bss_conf.ht_operation_mode = ht_opmode;
199 sdata->ht_opmode_valid = true; 208 sdata->ht_opmode_valid = enable_ht;
200 } 209 }
201 210
202 return changed; 211 return changed;
@@ -206,7 +215,7 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
206 215
207static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata, 216static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
208 const u8 *bssid, u16 stype, u16 reason, 217 const u8 *bssid, u16 stype, u16 reason,
209 void *cookie) 218 void *cookie, bool send_frame)
210{ 219{
211 struct ieee80211_local *local = sdata->local; 220 struct ieee80211_local *local = sdata->local;
212 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 221 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
@@ -243,7 +252,11 @@ static void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,
243 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len); 252 cfg80211_send_disassoc(sdata->dev, (u8 *)mgmt, skb->len);
244 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED)) 253 if (!(ifmgd->flags & IEEE80211_STA_MFP_ENABLED))
245 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 254 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
246 ieee80211_tx_skb(sdata, skb); 255
256 if (send_frame)
257 ieee80211_tx_skb(sdata, skb);
258 else
259 kfree_skb(skb);
247} 260}
248 261
249void ieee80211_send_pspoll(struct ieee80211_local *local, 262void ieee80211_send_pspoll(struct ieee80211_local *local,
@@ -329,7 +342,11 @@ static void ieee80211_chswitch_work(struct work_struct *work)
329 goto out; 342 goto out;
330 343
331 sdata->local->oper_channel = sdata->local->csa_channel; 344 sdata->local->oper_channel = sdata->local->csa_channel;
332 ieee80211_hw_config(sdata->local, IEEE80211_CONF_CHANGE_CHANNEL); 345 if (!sdata->local->ops->channel_switch) {
346 /* call "hw_config" only if doing sw channel switch */
347 ieee80211_hw_config(sdata->local,
348 IEEE80211_CONF_CHANGE_CHANNEL);
349 }
333 350
334 /* XXX: shouldn't really modify cfg80211-owned data! */ 351 /* XXX: shouldn't really modify cfg80211-owned data! */
335 ifmgd->associated->channel = sdata->local->oper_channel; 352 ifmgd->associated->channel = sdata->local->oper_channel;
@@ -341,6 +358,29 @@ static void ieee80211_chswitch_work(struct work_struct *work)
341 mutex_unlock(&ifmgd->mtx); 358 mutex_unlock(&ifmgd->mtx);
342} 359}
343 360
361void ieee80211_chswitch_done(struct ieee80211_vif *vif, bool success)
362{
363 struct ieee80211_sub_if_data *sdata;
364 struct ieee80211_if_managed *ifmgd;
365
366 sdata = vif_to_sdata(vif);
367 ifmgd = &sdata->u.mgd;
368
369 trace_api_chswitch_done(sdata, success);
370 if (!success) {
371 /*
372 * If the channel switch was not successful, stay
373 * around on the old channel. We currently lack
374 * good handling of this situation, possibly we
375 * should just drop the association.
376 */
377 sdata->local->csa_channel = sdata->local->oper_channel;
378 }
379
380 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
381}
382EXPORT_SYMBOL(ieee80211_chswitch_done);
383
344static void ieee80211_chswitch_timer(unsigned long data) 384static void ieee80211_chswitch_timer(unsigned long data)
345{ 385{
346 struct ieee80211_sub_if_data *sdata = 386 struct ieee80211_sub_if_data *sdata =
@@ -357,7 +397,8 @@ static void ieee80211_chswitch_timer(unsigned long data)
357 397
358void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata, 398void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
359 struct ieee80211_channel_sw_ie *sw_elem, 399 struct ieee80211_channel_sw_ie *sw_elem,
360 struct ieee80211_bss *bss) 400 struct ieee80211_bss *bss,
401 u64 timestamp)
361{ 402{
362 struct cfg80211_bss *cbss = 403 struct cfg80211_bss *cbss =
363 container_of((void *)bss, struct cfg80211_bss, priv); 404 container_of((void *)bss, struct cfg80211_bss, priv);
@@ -385,10 +426,29 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
385 426
386 sdata->local->csa_channel = new_ch; 427 sdata->local->csa_channel = new_ch;
387 428
429 if (sdata->local->ops->channel_switch) {
430 /* use driver's channel switch callback */
431 struct ieee80211_channel_switch ch_switch;
432 memset(&ch_switch, 0, sizeof(ch_switch));
433 ch_switch.timestamp = timestamp;
434 if (sw_elem->mode) {
435 ch_switch.block_tx = true;
436 ieee80211_stop_queues_by_reason(&sdata->local->hw,
437 IEEE80211_QUEUE_STOP_REASON_CSA);
438 }
439 ch_switch.channel = new_ch;
440 ch_switch.count = sw_elem->count;
441 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
442 drv_channel_switch(sdata->local, &ch_switch);
443 return;
444 }
445
446 /* channel switch handled in software */
388 if (sw_elem->count <= 1) { 447 if (sw_elem->count <= 1) {
389 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work); 448 ieee80211_queue_work(&sdata->local->hw, &ifmgd->chswitch_work);
390 } else { 449 } else {
391 ieee80211_stop_queues_by_reason(&sdata->local->hw, 450 if (sw_elem->mode)
451 ieee80211_stop_queues_by_reason(&sdata->local->hw,
392 IEEE80211_QUEUE_STOP_REASON_CSA); 452 IEEE80211_QUEUE_STOP_REASON_CSA);
393 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED; 453 ifmgd->flags |= IEEE80211_STA_CSA_RECEIVED;
394 mod_timer(&ifmgd->chswitch_timer, 454 mod_timer(&ifmgd->chswitch_timer,
@@ -467,6 +527,7 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
467{ 527{
468 struct ieee80211_sub_if_data *sdata, *found = NULL; 528 struct ieee80211_sub_if_data *sdata, *found = NULL;
469 int count = 0; 529 int count = 0;
530 int timeout;
470 531
471 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) { 532 if (!(local->hw.flags & IEEE80211_HW_SUPPORTS_PS)) {
472 local->ps_sdata = NULL; 533 local->ps_sdata = NULL;
@@ -500,6 +561,26 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
500 beaconint_us = ieee80211_tu_to_usec( 561 beaconint_us = ieee80211_tu_to_usec(
501 found->vif.bss_conf.beacon_int); 562 found->vif.bss_conf.beacon_int);
502 563
564 timeout = local->hw.conf.dynamic_ps_forced_timeout;
565 if (timeout < 0) {
566 /*
567 * The 2 second value is there for compatibility until
568 * the PM_QOS_NETWORK_LATENCY is configured with real
569 * values.
570 */
571 if (latency == 2000000000)
572 timeout = 100;
573 else if (latency <= 50000)
574 timeout = 300;
575 else if (latency <= 100000)
576 timeout = 100;
577 else if (latency <= 500000)
578 timeout = 50;
579 else
580 timeout = 0;
581 }
582 local->hw.conf.dynamic_ps_timeout = timeout;
583
503 if (beaconint_us > latency) { 584 if (beaconint_us > latency) {
504 local->ps_sdata = NULL; 585 local->ps_sdata = NULL;
505 } else { 586 } else {
@@ -592,6 +673,9 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
592 int count; 673 int count;
593 u8 *pos, uapsd_queues = 0; 674 u8 *pos, uapsd_queues = 0;
594 675
676 if (!local->ops->conf_tx)
677 return;
678
595 if (local->hw.queues < 4) 679 if (local->hw.queues < 4)
596 return; 680 return;
597 681
@@ -666,11 +750,15 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
666 params.aifs, params.cw_min, params.cw_max, params.txop, 750 params.aifs, params.cw_min, params.cw_max, params.txop,
667 params.uapsd); 751 params.uapsd);
668#endif 752#endif
669 if (drv_conf_tx(local, queue, &params) && local->ops->conf_tx) 753 if (drv_conf_tx(local, queue, &params))
670 printk(KERN_DEBUG "%s: failed to set TX queue " 754 printk(KERN_DEBUG "%s: failed to set TX queue "
671 "parameters for queue %d\n", 755 "parameters for queue %d\n",
672 wiphy_name(local->hw.wiphy), queue); 756 wiphy_name(local->hw.wiphy), queue);
673 } 757 }
758
759 /* enable WMM or activate new settings */
760 local->hw.conf.flags |= IEEE80211_CONF_QOS;
761 drv_config(local, IEEE80211_CONF_CHANGE_QOS);
674} 762}
675 763
676static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata, 764static u32 ieee80211_handle_bss_capability(struct ieee80211_sub_if_data *sdata,
@@ -731,6 +819,8 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
731 sdata->u.mgd.associated = cbss; 819 sdata->u.mgd.associated = cbss;
732 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 820 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
733 821
822 sdata->u.mgd.flags |= IEEE80211_STA_RESET_SIGNAL_AVE;
823
734 /* just to be sure */ 824 /* just to be sure */
735 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 825 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
736 IEEE80211_STA_BEACON_POLL); 826 IEEE80211_STA_BEACON_POLL);
@@ -756,6 +846,11 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
756 /* And the BSSID changed - we're associated now */ 846 /* And the BSSID changed - we're associated now */
757 bss_info_changed |= BSS_CHANGED_BSSID; 847 bss_info_changed |= BSS_CHANGED_BSSID;
758 848
849 /* Tell the driver to monitor connection quality (if supported) */
850 if ((local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI) &&
851 sdata->vif.bss_conf.cqm_rssi_thold)
852 bss_info_changed |= BSS_CHANGED_CQM;
853
759 ieee80211_bss_info_change_notify(sdata, bss_info_changed); 854 ieee80211_bss_info_change_notify(sdata, bss_info_changed);
760 855
761 mutex_lock(&local->iflist_mtx); 856 mutex_lock(&local->iflist_mtx);
@@ -767,7 +862,8 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
767 netif_carrier_on(sdata->dev); 862 netif_carrier_on(sdata->dev);
768} 863}
769 864
770static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata) 865static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
866 bool remove_sta)
771{ 867{
772 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 868 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
773 struct ieee80211_local *local = sdata->local; 869 struct ieee80211_local *local = sdata->local;
@@ -819,7 +915,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata)
819 ieee80211_set_wmm_default(sdata); 915 ieee80211_set_wmm_default(sdata);
820 916
821 /* channel(_type) changes are handled by ieee80211_hw_config */ 917 /* channel(_type) changes are handled by ieee80211_hw_config */
822 local->oper_channel_type = NL80211_CHAN_NO_HT; 918 WARN_ON(!ieee80211_set_channel_type(local, sdata, NL80211_CHAN_NO_HT));
823 919
824 /* on the next assoc, re-program HT parameters */ 920 /* on the next assoc, re-program HT parameters */
825 sdata->ht_opmode_valid = false; 921 sdata->ht_opmode_valid = false;
@@ -836,11 +932,12 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata)
836 932
837 ieee80211_hw_config(local, config_changed); 933 ieee80211_hw_config(local, config_changed);
838 934
839 /* And the BSSID changed -- not very interesting here */ 935 /* The BSSID (not really interesting) and HT changed */
840 changed |= BSS_CHANGED_BSSID; 936 changed |= BSS_CHANGED_BSSID | BSS_CHANGED_HT;
841 ieee80211_bss_info_change_notify(sdata, changed); 937 ieee80211_bss_info_change_notify(sdata, changed);
842 938
843 sta_info_destroy_addr(sdata, bssid); 939 if (remove_sta)
940 sta_info_destroy_addr(sdata, bssid);
844} 941}
845 942
846void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 943void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
@@ -857,6 +954,9 @@ void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
857 if (is_multicast_ether_addr(hdr->addr1)) 954 if (is_multicast_ether_addr(hdr->addr1))
858 return; 955 return;
859 956
957 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
958 return;
959
860 mod_timer(&sdata->u.mgd.conn_mon_timer, 960 mod_timer(&sdata->u.mgd.conn_mon_timer,
861 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 961 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
862} 962}
@@ -934,23 +1034,72 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
934 mutex_unlock(&ifmgd->mtx); 1034 mutex_unlock(&ifmgd->mtx);
935} 1035}
936 1036
937void ieee80211_beacon_loss_work(struct work_struct *work) 1037static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1038{
1039 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1040 struct ieee80211_local *local = sdata->local;
1041 u8 bssid[ETH_ALEN];
1042
1043 mutex_lock(&ifmgd->mtx);
1044 if (!ifmgd->associated) {
1045 mutex_unlock(&ifmgd->mtx);
1046 return;
1047 }
1048
1049 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1050
1051 printk(KERN_DEBUG "Connection to AP %pM lost.\n", bssid);
1052
1053 ieee80211_set_disassoc(sdata, true);
1054 ieee80211_recalc_idle(local);
1055 mutex_unlock(&ifmgd->mtx);
1056 /*
1057 * must be outside lock due to cfg80211,
1058 * but that's not a problem.
1059 */
1060 ieee80211_send_deauth_disassoc(sdata, bssid,
1061 IEEE80211_STYPE_DEAUTH,
1062 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1063 NULL, true);
1064}
1065
1066void ieee80211_beacon_connection_loss_work(struct work_struct *work)
938{ 1067{
939 struct ieee80211_sub_if_data *sdata = 1068 struct ieee80211_sub_if_data *sdata =
940 container_of(work, struct ieee80211_sub_if_data, 1069 container_of(work, struct ieee80211_sub_if_data,
941 u.mgd.beacon_loss_work); 1070 u.mgd.beacon_connection_loss_work);
942 1071
943 ieee80211_mgd_probe_ap(sdata, true); 1072 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1073 __ieee80211_connection_loss(sdata);
1074 else
1075 ieee80211_mgd_probe_ap(sdata, true);
944} 1076}
945 1077
946void ieee80211_beacon_loss(struct ieee80211_vif *vif) 1078void ieee80211_beacon_loss(struct ieee80211_vif *vif)
947{ 1079{
948 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 1080 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1081 struct ieee80211_hw *hw = &sdata->local->hw;
949 1082
950 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 1083 trace_api_beacon_loss(sdata);
1084
1085 WARN_ON(hw->flags & IEEE80211_HW_CONNECTION_MONITOR);
1086 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
951} 1087}
952EXPORT_SYMBOL(ieee80211_beacon_loss); 1088EXPORT_SYMBOL(ieee80211_beacon_loss);
953 1089
1090void ieee80211_connection_loss(struct ieee80211_vif *vif)
1091{
1092 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1093 struct ieee80211_hw *hw = &sdata->local->hw;
1094
1095 trace_api_connection_loss(sdata);
1096
1097 WARN_ON(!(hw->flags & IEEE80211_HW_CONNECTION_MONITOR));
1098 ieee80211_queue_work(hw, &sdata->u.mgd.beacon_connection_loss_work);
1099}
1100EXPORT_SYMBOL(ieee80211_connection_loss);
1101
1102
954static enum rx_mgmt_action __must_check 1103static enum rx_mgmt_action __must_check
955ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata, 1104ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
956 struct ieee80211_mgmt *mgmt, size_t len) 1105 struct ieee80211_mgmt *mgmt, size_t len)
@@ -971,7 +1120,7 @@ ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
971 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 1120 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
972 sdata->name, bssid, reason_code); 1121 sdata->name, bssid, reason_code);
973 1122
974 ieee80211_set_disassoc(sdata); 1123 ieee80211_set_disassoc(sdata, true);
975 ieee80211_recalc_idle(sdata->local); 1124 ieee80211_recalc_idle(sdata->local);
976 1125
977 return RX_MGMT_CFG80211_DEAUTH; 1126 return RX_MGMT_CFG80211_DEAUTH;
@@ -1001,7 +1150,7 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1001 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1150 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1002 sdata->name, mgmt->sa, reason_code); 1151 sdata->name, mgmt->sa, reason_code);
1003 1152
1004 ieee80211_set_disassoc(sdata); 1153 ieee80211_set_disassoc(sdata, true);
1005 ieee80211_recalc_idle(sdata->local); 1154 ieee80211_recalc_idle(sdata->local);
1006 return RX_MGMT_CFG80211_DISASSOC; 1155 return RX_MGMT_CFG80211_DISASSOC;
1007} 1156}
@@ -1215,7 +1364,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1215 ETH_ALEN) == 0)) { 1364 ETH_ALEN) == 0)) {
1216 struct ieee80211_channel_sw_ie *sw_elem = 1365 struct ieee80211_channel_sw_ie *sw_elem =
1217 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem; 1366 (struct ieee80211_channel_sw_ie *)elems->ch_switch_elem;
1218 ieee80211_sta_process_chanswitch(sdata, sw_elem, bss); 1367 ieee80211_sta_process_chanswitch(sdata, sw_elem,
1368 bss, rx_status->mactime);
1219 } 1369 }
1220} 1370}
1221 1371
@@ -1254,12 +1404,17 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1254 mutex_lock(&sdata->local->iflist_mtx); 1404 mutex_lock(&sdata->local->iflist_mtx);
1255 ieee80211_recalc_ps(sdata->local, -1); 1405 ieee80211_recalc_ps(sdata->local, -1);
1256 mutex_unlock(&sdata->local->iflist_mtx); 1406 mutex_unlock(&sdata->local->iflist_mtx);
1407
1408 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1409 return;
1410
1257 /* 1411 /*
1258 * We've received a probe response, but are not sure whether 1412 * We've received a probe response, but are not sure whether
1259 * we have or will be receiving any beacons or data, so let's 1413 * we have or will be receiving any beacons or data, so let's
1260 * schedule the timers again, just in case. 1414 * schedule the timers again, just in case.
1261 */ 1415 */
1262 mod_beacon_timer(sdata); 1416 mod_beacon_timer(sdata);
1417
1263 mod_timer(&ifmgd->conn_mon_timer, 1418 mod_timer(&ifmgd->conn_mon_timer,
1264 round_jiffies_up(jiffies + 1419 round_jiffies_up(jiffies +
1265 IEEE80211_CONNECTION_IDLE_TIME)); 1420 IEEE80211_CONNECTION_IDLE_TIME));
@@ -1293,6 +1448,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1293 struct ieee80211_rx_status *rx_status) 1448 struct ieee80211_rx_status *rx_status)
1294{ 1449{
1295 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1450 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1451 struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf;
1296 size_t baselen; 1452 size_t baselen;
1297 struct ieee802_11_elems elems; 1453 struct ieee802_11_elems elems;
1298 struct ieee80211_local *local = sdata->local; 1454 struct ieee80211_local *local = sdata->local;
@@ -1328,6 +1484,41 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1328 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0) 1484 if (memcmp(bssid, mgmt->bssid, ETH_ALEN) != 0)
1329 return; 1485 return;
1330 1486
1487 /* Track average RSSI from the Beacon frames of the current AP */
1488 ifmgd->last_beacon_signal = rx_status->signal;
1489 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
1490 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
1491 ifmgd->ave_beacon_signal = rx_status->signal;
1492 ifmgd->last_cqm_event_signal = 0;
1493 } else {
1494 ifmgd->ave_beacon_signal =
1495 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
1496 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
1497 ifmgd->ave_beacon_signal) / 16;
1498 }
1499 if (bss_conf->cqm_rssi_thold &&
1500 !(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) {
1501 int sig = ifmgd->ave_beacon_signal / 16;
1502 int last_event = ifmgd->last_cqm_event_signal;
1503 int thold = bss_conf->cqm_rssi_thold;
1504 int hyst = bss_conf->cqm_rssi_hyst;
1505 if (sig < thold &&
1506 (last_event == 0 || sig < last_event - hyst)) {
1507 ifmgd->last_cqm_event_signal = sig;
1508 ieee80211_cqm_rssi_notify(
1509 &sdata->vif,
1510 NL80211_CQM_RSSI_THRESHOLD_EVENT_LOW,
1511 GFP_KERNEL);
1512 } else if (sig > thold &&
1513 (last_event == 0 || sig > last_event + hyst)) {
1514 ifmgd->last_cqm_event_signal = sig;
1515 ieee80211_cqm_rssi_notify(
1516 &sdata->vif,
1517 NL80211_CQM_RSSI_THRESHOLD_EVENT_HIGH,
1518 GFP_KERNEL);
1519 }
1520 }
1521
1331 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) { 1522 if (ifmgd->flags & IEEE80211_STA_BEACON_POLL) {
1332#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1523#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1333 if (net_ratelimit()) { 1524 if (net_ratelimit()) {
@@ -1506,7 +1697,8 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1506 1697
1507 ieee80211_sta_process_chanswitch(sdata, 1698 ieee80211_sta_process_chanswitch(sdata,
1508 &mgmt->u.action.u.chan_switch.sw_elem, 1699 &mgmt->u.action.u.chan_switch.sw_elem,
1509 (void *)ifmgd->associated->priv); 1700 (void *)ifmgd->associated->priv,
1701 rx_status->mactime);
1510 break; 1702 break;
1511 } 1703 }
1512 mutex_unlock(&ifmgd->mtx); 1704 mutex_unlock(&ifmgd->mtx);
@@ -1613,7 +1805,7 @@ static void ieee80211_sta_work(struct work_struct *work)
1613 printk(KERN_DEBUG "No probe response from AP %pM" 1805 printk(KERN_DEBUG "No probe response from AP %pM"
1614 " after %dms, disconnecting.\n", 1806 " after %dms, disconnecting.\n",
1615 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 1807 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ);
1616 ieee80211_set_disassoc(sdata); 1808 ieee80211_set_disassoc(sdata, true);
1617 ieee80211_recalc_idle(local); 1809 ieee80211_recalc_idle(local);
1618 mutex_unlock(&ifmgd->mtx); 1810 mutex_unlock(&ifmgd->mtx);
1619 /* 1811 /*
@@ -1623,7 +1815,7 @@ static void ieee80211_sta_work(struct work_struct *work)
1623 ieee80211_send_deauth_disassoc(sdata, bssid, 1815 ieee80211_send_deauth_disassoc(sdata, bssid,
1624 IEEE80211_STYPE_DEAUTH, 1816 IEEE80211_STYPE_DEAUTH,
1625 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, 1817 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1626 NULL); 1818 NULL, true);
1627 mutex_lock(&ifmgd->mtx); 1819 mutex_lock(&ifmgd->mtx);
1628 } 1820 }
1629 } 1821 }
@@ -1640,7 +1832,8 @@ static void ieee80211_sta_bcn_mon_timer(unsigned long data)
1640 if (local->quiescing) 1832 if (local->quiescing)
1641 return; 1833 return;
1642 1834
1643 ieee80211_queue_work(&sdata->local->hw, &sdata->u.mgd.beacon_loss_work); 1835 ieee80211_queue_work(&sdata->local->hw,
1836 &sdata->u.mgd.beacon_connection_loss_work);
1644} 1837}
1645 1838
1646static void ieee80211_sta_conn_mon_timer(unsigned long data) 1839static void ieee80211_sta_conn_mon_timer(unsigned long data)
@@ -1692,7 +1885,7 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
1692 */ 1885 */
1693 1886
1694 cancel_work_sync(&ifmgd->work); 1887 cancel_work_sync(&ifmgd->work);
1695 cancel_work_sync(&ifmgd->beacon_loss_work); 1888 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
1696 if (del_timer_sync(&ifmgd->timer)) 1889 if (del_timer_sync(&ifmgd->timer))
1697 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 1890 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
1698 1891
@@ -1726,7 +1919,8 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
1726 INIT_WORK(&ifmgd->work, ieee80211_sta_work); 1919 INIT_WORK(&ifmgd->work, ieee80211_sta_work);
1727 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work); 1920 INIT_WORK(&ifmgd->monitor_work, ieee80211_sta_monitor_work);
1728 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 1921 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
1729 INIT_WORK(&ifmgd->beacon_loss_work, ieee80211_beacon_loss_work); 1922 INIT_WORK(&ifmgd->beacon_connection_loss_work,
1923 ieee80211_beacon_connection_loss_work);
1730 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 1924 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
1731 (unsigned long) sdata); 1925 (unsigned long) sdata);
1732 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 1926 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
@@ -1805,6 +1999,9 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
1805 struct ieee80211_work *wk; 1999 struct ieee80211_work *wk;
1806 u16 auth_alg; 2000 u16 auth_alg;
1807 2001
2002 if (req->local_state_change)
2003 return 0; /* no need to update mac80211 state */
2004
1808 switch (req->auth_type) { 2005 switch (req->auth_type) {
1809 case NL80211_AUTHTYPE_OPEN_SYSTEM: 2006 case NL80211_AUTHTYPE_OPEN_SYSTEM:
1810 auth_alg = WLAN_AUTH_OPEN; 2007 auth_alg = WLAN_AUTH_OPEN;
@@ -1913,7 +2110,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
1913 } 2110 }
1914 2111
1915 /* Trying to reassociate - clear previous association state */ 2112 /* Trying to reassociate - clear previous association state */
1916 ieee80211_set_disassoc(sdata); 2113 ieee80211_set_disassoc(sdata, true);
1917 } 2114 }
1918 mutex_unlock(&ifmgd->mtx); 2115 mutex_unlock(&ifmgd->mtx);
1919 2116
@@ -2017,7 +2214,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2017 2214
2018 if (ifmgd->associated == req->bss) { 2215 if (ifmgd->associated == req->bss) {
2019 bssid = req->bss->bssid; 2216 bssid = req->bss->bssid;
2020 ieee80211_set_disassoc(sdata); 2217 ieee80211_set_disassoc(sdata, true);
2021 mutex_unlock(&ifmgd->mtx); 2218 mutex_unlock(&ifmgd->mtx);
2022 } else { 2219 } else {
2023 bool not_auth_yet = false; 2220 bool not_auth_yet = false;
@@ -2061,9 +2258,9 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2061 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n", 2258 printk(KERN_DEBUG "%s: deauthenticating from %pM by local choice (reason=%d)\n",
2062 sdata->name, bssid, req->reason_code); 2259 sdata->name, bssid, req->reason_code);
2063 2260
2064 ieee80211_send_deauth_disassoc(sdata, bssid, 2261 ieee80211_send_deauth_disassoc(sdata, bssid, IEEE80211_STYPE_DEAUTH,
2065 IEEE80211_STYPE_DEAUTH, req->reason_code, 2262 req->reason_code, cookie,
2066 cookie); 2263 !req->local_state_change);
2067 2264
2068 ieee80211_recalc_idle(sdata->local); 2265 ieee80211_recalc_idle(sdata->local);
2069 2266
@@ -2075,6 +2272,7 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2075 void *cookie) 2272 void *cookie)
2076{ 2273{
2077 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 2274 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2275 u8 bssid[ETH_ALEN];
2078 2276
2079 mutex_lock(&ifmgd->mtx); 2277 mutex_lock(&ifmgd->mtx);
2080 2278
@@ -2092,13 +2290,15 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2092 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n", 2290 printk(KERN_DEBUG "%s: disassociating from %pM by local choice (reason=%d)\n",
2093 sdata->name, req->bss->bssid, req->reason_code); 2291 sdata->name, req->bss->bssid, req->reason_code);
2094 2292
2095 ieee80211_set_disassoc(sdata); 2293 memcpy(bssid, req->bss->bssid, ETH_ALEN);
2294 ieee80211_set_disassoc(sdata, false);
2096 2295
2097 mutex_unlock(&ifmgd->mtx); 2296 mutex_unlock(&ifmgd->mtx);
2098 2297
2099 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid, 2298 ieee80211_send_deauth_disassoc(sdata, req->bss->bssid,
2100 IEEE80211_STYPE_DISASSOC, req->reason_code, 2299 IEEE80211_STYPE_DISASSOC, req->reason_code,
2101 cookie); 2300 cookie, !req->local_state_change);
2301 sta_info_destroy_addr(sdata, bssid);
2102 2302
2103 ieee80211_recalc_idle(sdata->local); 2303 ieee80211_recalc_idle(sdata->local);
2104 2304
@@ -2118,7 +2318,7 @@ int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
2118 if ((chan != local->tmp_channel || 2318 if ((chan != local->tmp_channel ||
2119 channel_type != local->tmp_channel_type) && 2319 channel_type != local->tmp_channel_type) &&
2120 (chan != local->oper_channel || 2320 (chan != local->oper_channel ||
2121 channel_type != local->oper_channel_type)) 2321 channel_type != local->_oper_channel_type))
2122 return -EBUSY; 2322 return -EBUSY;
2123 2323
2124 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len); 2324 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len);
@@ -2139,3 +2339,15 @@ int ieee80211_mgd_action(struct ieee80211_sub_if_data *sdata,
2139 *cookie = (unsigned long) skb; 2339 *cookie = (unsigned long) skb;
2140 return 0; 2340 return 0;
2141} 2341}
2342
2343void ieee80211_cqm_rssi_notify(struct ieee80211_vif *vif,
2344 enum nl80211_cqm_rssi_threshold_event rssi_event,
2345 gfp_t gfp)
2346{
2347 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
2348
2349 trace_api_cqm_rssi_notify(sdata, rssi_event);
2350
2351 cfg80211_cqm_rssi_notify(sdata->dev, rssi_event, gfp);
2352}
2353EXPORT_SYMBOL(ieee80211_cqm_rssi_notify);
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index 0e64484e861c..75202b295a4e 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -46,7 +46,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
46 46
47 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 47 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
48 list_for_each_entry_rcu(sta, &local->sta_list, list) { 48 list_for_each_entry_rcu(sta, &local->sta_list, list) {
49 set_sta_flags(sta, WLAN_STA_SUSPEND); 49 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
50 ieee80211_sta_tear_down_BA_sessions(sta); 50 ieee80211_sta_tear_down_BA_sessions(sta);
51 } 51 }
52 } 52 }
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 818abfae9007..f65ce6dcc8e2 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -542,7 +542,7 @@ minstrel_free(void *priv)
542 kfree(priv); 542 kfree(priv);
543} 543}
544 544
545static struct rate_control_ops mac80211_minstrel = { 545struct rate_control_ops mac80211_minstrel = {
546 .name = "minstrel", 546 .name = "minstrel",
547 .tx_status = minstrel_tx_status, 547 .tx_status = minstrel_tx_status,
548 .get_rate = minstrel_get_rate, 548 .get_rate = minstrel_get_rate,
diff --git a/net/mac80211/rc80211_minstrel.h b/net/mac80211/rc80211_minstrel.h
index 38bf4168fc3a..0f5a83370aa6 100644
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -80,7 +80,18 @@ struct minstrel_priv {
80 unsigned int lookaround_rate_mrr; 80 unsigned int lookaround_rate_mrr;
81}; 81};
82 82
83struct minstrel_debugfs_info {
84 size_t len;
85 char buf[];
86};
87
88extern struct rate_control_ops mac80211_minstrel;
83void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir); 89void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);
84void minstrel_remove_sta_debugfs(void *priv, void *priv_sta); 90void minstrel_remove_sta_debugfs(void *priv, void *priv_sta);
85 91
92/* debugfs */
93int minstrel_stats_open(struct inode *inode, struct file *file);
94ssize_t minstrel_stats_read(struct file *file, char __user *buf, size_t len, loff_t *ppos);
95int minstrel_stats_release(struct inode *inode, struct file *file);
96
86#endif 97#endif
diff --git a/net/mac80211/rc80211_minstrel_debugfs.c b/net/mac80211/rc80211_minstrel_debugfs.c
index 0e1f12b1b6dd..241e76f3fdf2 100644
--- a/net/mac80211/rc80211_minstrel_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_debugfs.c
@@ -53,21 +53,15 @@
53#include <net/mac80211.h> 53#include <net/mac80211.h>
54#include "rc80211_minstrel.h" 54#include "rc80211_minstrel.h"
55 55
56struct minstrel_stats_info { 56int
57 struct minstrel_sta_info *mi;
58 char buf[4096];
59 size_t len;
60};
61
62static int
63minstrel_stats_open(struct inode *inode, struct file *file) 57minstrel_stats_open(struct inode *inode, struct file *file)
64{ 58{
65 struct minstrel_sta_info *mi = inode->i_private; 59 struct minstrel_sta_info *mi = inode->i_private;
66 struct minstrel_stats_info *ms; 60 struct minstrel_debugfs_info *ms;
67 unsigned int i, tp, prob, eprob; 61 unsigned int i, tp, prob, eprob;
68 char *p; 62 char *p;
69 63
70 ms = kmalloc(sizeof(*ms), GFP_KERNEL); 64 ms = kmalloc(sizeof(*ms) + 4096, GFP_KERNEL);
71 if (!ms) 65 if (!ms)
72 return -ENOMEM; 66 return -ENOMEM;
73 67
@@ -107,36 +101,19 @@ minstrel_stats_open(struct inode *inode, struct file *file)
107 return 0; 101 return 0;
108} 102}
109 103
110static ssize_t 104ssize_t
111minstrel_stats_read(struct file *file, char __user *buf, size_t len, loff_t *o) 105minstrel_stats_read(struct file *file, char __user *buf, size_t len, loff_t *ppos)
112{ 106{
113 struct minstrel_stats_info *ms; 107 struct minstrel_debugfs_info *ms;
114 char *src;
115 108
116 ms = file->private_data; 109 ms = file->private_data;
117 src = ms->buf; 110 return simple_read_from_buffer(buf, len, ppos, ms->buf, ms->len);
118
119 len = min(len, ms->len);
120 if (len <= *o)
121 return 0;
122
123 src += *o;
124 len -= *o;
125 *o += len;
126
127 if (copy_to_user(buf, src, len))
128 return -EFAULT;
129
130 return len;
131} 111}
132 112
133static int 113int
134minstrel_stats_release(struct inode *inode, struct file *file) 114minstrel_stats_release(struct inode *inode, struct file *file)
135{ 115{
136 struct minstrel_stats_info *ms = file->private_data; 116 kfree(file->private_data);
137
138 kfree(ms);
139
140 return 0; 117 return 0;
141} 118}
142 119
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 04ea07f0e78a..6e2a7bcd8cb8 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -39,7 +39,7 @@ static struct sk_buff *remove_monitor_info(struct ieee80211_local *local,
39{ 39{
40 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) { 40 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) {
41 if (likely(skb->len > FCS_LEN)) 41 if (likely(skb->len > FCS_LEN))
42 skb_trim(skb, skb->len - FCS_LEN); 42 __pskb_trim(skb, skb->len - FCS_LEN);
43 else { 43 else {
44 /* driver bug */ 44 /* driver bug */
45 WARN_ON(1); 45 WARN_ON(1);
@@ -81,8 +81,6 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
81 len += 8; 81 len += 8;
82 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 82 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
83 len += 1; 83 len += 1;
84 if (local->hw.flags & IEEE80211_HW_NOISE_DBM)
85 len += 1;
86 84
87 if (len & 1) /* padding for RX_FLAGS if necessary */ 85 if (len & 1) /* padding for RX_FLAGS if necessary */
88 len++; 86 len++;
@@ -179,14 +177,6 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
179 pos++; 177 pos++;
180 } 178 }
181 179
182 /* IEEE80211_RADIOTAP_DBM_ANTNOISE */
183 if (local->hw.flags & IEEE80211_HW_NOISE_DBM) {
184 *pos = status->noise;
185 rthdr->it_present |=
186 cpu_to_le32(1 << IEEE80211_RADIOTAP_DBM_ANTNOISE);
187 pos++;
188 }
189
190 /* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */ 180 /* IEEE80211_RADIOTAP_LOCK_QUALITY is missing */
191 181
192 /* IEEE80211_RADIOTAP_ANTENNA */ 182 /* IEEE80211_RADIOTAP_ANTENNA */
@@ -236,6 +226,12 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
236 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS) 226 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
237 present_fcs_len = FCS_LEN; 227 present_fcs_len = FCS_LEN;
238 228
229 /* make sure hdr->frame_control is on the linear part */
230 if (!pskb_may_pull(origskb, 2)) {
231 dev_kfree_skb(origskb);
232 return NULL;
233 }
234
239 if (!local->monitors) { 235 if (!local->monitors) {
240 if (should_drop_frame(origskb, present_fcs_len)) { 236 if (should_drop_frame(origskb, present_fcs_len)) {
241 dev_kfree_skb(origskb); 237 dev_kfree_skb(origskb);
@@ -493,7 +489,7 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
493 489
494 if (ieee80211_is_action(hdr->frame_control)) { 490 if (ieee80211_is_action(hdr->frame_control)) {
495 mgmt = (struct ieee80211_mgmt *)hdr; 491 mgmt = (struct ieee80211_mgmt *)hdr;
496 if (mgmt->u.action.category != MESH_PLINK_CATEGORY) 492 if (mgmt->u.action.category != WLAN_CATEGORY_MESH_PLINK)
497 return RX_DROP_MONITOR; 493 return RX_DROP_MONITOR;
498 return RX_CONTINUE; 494 return RX_CONTINUE;
499 } 495 }
@@ -723,14 +719,16 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
723 719
724 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK; 720 tid = *ieee80211_get_qos_ctl(hdr) & IEEE80211_QOS_CTL_TID_MASK;
725 721
726 if (sta->ampdu_mlme.tid_state_rx[tid] != HT_AGG_STATE_OPERATIONAL) 722 spin_lock(&sta->lock);
727 goto dont_reorder; 723
724 if (!sta->ampdu_mlme.tid_active_rx[tid])
725 goto dont_reorder_unlock;
728 726
729 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid]; 727 tid_agg_rx = sta->ampdu_mlme.tid_rx[tid];
730 728
731 /* qos null data frames are excluded */ 729 /* qos null data frames are excluded */
732 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC))) 730 if (unlikely(hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_NULLFUNC)))
733 goto dont_reorder; 731 goto dont_reorder_unlock;
734 732
735 /* new, potentially un-ordered, ampdu frame - process it */ 733 /* new, potentially un-ordered, ampdu frame - process it */
736 734
@@ -742,15 +740,20 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
742 /* if this mpdu is fragmented - terminate rx aggregation session */ 740 /* if this mpdu is fragmented - terminate rx aggregation session */
743 sc = le16_to_cpu(hdr->seq_ctrl); 741 sc = le16_to_cpu(hdr->seq_ctrl);
744 if (sc & IEEE80211_SCTL_FRAG) { 742 if (sc & IEEE80211_SCTL_FRAG) {
745 ieee80211_sta_stop_rx_ba_session(sta->sdata, sta->sta.addr, 743 spin_unlock(&sta->lock);
746 tid, 0, WLAN_REASON_QSTA_REQUIRE_SETUP); 744 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
745 WLAN_REASON_QSTA_REQUIRE_SETUP);
747 dev_kfree_skb(skb); 746 dev_kfree_skb(skb);
748 return; 747 return;
749 } 748 }
750 749
751 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames)) 750 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames)) {
751 spin_unlock(&sta->lock);
752 return; 752 return;
753 }
753 754
755 dont_reorder_unlock:
756 spin_unlock(&sta->lock);
754 dont_reorder: 757 dont_reorder:
755 __skb_queue_tail(frames, skb); 758 __skb_queue_tail(frames, skb);
756} 759}
@@ -897,6 +900,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
897 rx->key = key; 900 rx->key = key;
898 return RX_CONTINUE; 901 return RX_CONTINUE;
899 } else { 902 } else {
903 u8 keyid;
900 /* 904 /*
901 * The device doesn't give us the IV so we won't be 905 * The device doesn't give us the IV so we won't be
902 * able to look up the key. That's ok though, we 906 * able to look up the key. That's ok though, we
@@ -919,7 +923,8 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
919 * no need to call ieee80211_wep_get_keyidx, 923 * no need to call ieee80211_wep_get_keyidx,
920 * it verifies a bunch of things we've done already 924 * it verifies a bunch of things we've done already
921 */ 925 */
922 keyidx = rx->skb->data[hdrlen + 3] >> 6; 926 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
927 keyidx = keyid >> 6;
923 928
924 rx->key = rcu_dereference(rx->sdata->keys[keyidx]); 929 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
925 930
@@ -940,6 +945,11 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
940 return RX_DROP_MONITOR; 945 return RX_DROP_MONITOR;
941 } 946 }
942 947
948 if (skb_linearize(rx->skb))
949 return RX_DROP_UNUSABLE;
950
951 hdr = (struct ieee80211_hdr *)rx->skb->data;
952
943 /* Check for weak IVs if possible */ 953 /* Check for weak IVs if possible */
944 if (rx->sta && rx->key->conf.alg == ALG_WEP && 954 if (rx->sta && rx->key->conf.alg == ALG_WEP &&
945 ieee80211_is_data(hdr->frame_control) && 955 ieee80211_is_data(hdr->frame_control) &&
@@ -1078,7 +1088,6 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1078 sta->rx_fragments++; 1088 sta->rx_fragments++;
1079 sta->rx_bytes += rx->skb->len; 1089 sta->rx_bytes += rx->skb->len;
1080 sta->last_signal = status->signal; 1090 sta->last_signal = status->signal;
1081 sta->last_noise = status->noise;
1082 1091
1083 /* 1092 /*
1084 * Change STA power saving mode only at the end of a frame 1093 * Change STA power saving mode only at the end of a frame
@@ -1241,6 +1250,15 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1241 } 1250 }
1242 I802_DEBUG_INC(rx->local->rx_handlers_fragments); 1251 I802_DEBUG_INC(rx->local->rx_handlers_fragments);
1243 1252
1253 if (skb_linearize(rx->skb))
1254 return RX_DROP_UNUSABLE;
1255
1256 /*
1257 * skb_linearize() might change the skb->data and
1258 * previously cached variables (in this case, hdr) need to
1259 * be refreshed with the new data.
1260 */
1261 hdr = (struct ieee80211_hdr *)rx->skb->data;
1244 seq = (sc & IEEE80211_SCTL_SEQ) >> 4; 1262 seq = (sc & IEEE80211_SCTL_SEQ) >> 4;
1245 1263
1246 if (frag == 0) { 1264 if (frag == 0) {
@@ -1406,21 +1424,24 @@ static int
1406ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx) 1424ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1407{ 1425{
1408 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1426 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1427 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1409 __le16 fc = hdr->frame_control; 1428 __le16 fc = hdr->frame_control;
1410 int res;
1411 1429
1412 res = ieee80211_drop_unencrypted(rx, fc); 1430 /*
1413 if (unlikely(res)) 1431 * Pass through unencrypted frames if the hardware has
1414 return res; 1432 * decrypted them already.
1433 */
1434 if (status->flag & RX_FLAG_DECRYPTED)
1435 return 0;
1415 1436
1416 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { 1437 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
1417 if (unlikely(ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && 1438 if (unlikely(!ieee80211_has_protected(fc) &&
1439 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1418 rx->key)) 1440 rx->key))
1419 return -EACCES; 1441 return -EACCES;
1420 /* BIP does not use Protected field, so need to check MMIE */ 1442 /* BIP does not use Protected field, so need to check MMIE */
1421 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) && 1443 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1422 ieee80211_get_mmie_keyidx(rx->skb) < 0 && 1444 ieee80211_get_mmie_keyidx(rx->skb) < 0))
1423 rx->key))
1424 return -EACCES; 1445 return -EACCES;
1425 /* 1446 /*
1426 * When using MFP, Action frames are not allowed prior to 1447 * When using MFP, Action frames are not allowed prior to
@@ -1598,6 +1619,9 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1598 skb->dev = dev; 1619 skb->dev = dev;
1599 __skb_queue_head_init(&frame_list); 1620 __skb_queue_head_init(&frame_list);
1600 1621
1622 if (skb_linearize(skb))
1623 return RX_DROP_UNUSABLE;
1624
1601 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr, 1625 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
1602 rx->sdata->vif.type, 1626 rx->sdata->vif.type,
1603 rx->local->hw.extra_tx_headroom); 1627 rx->local->hw.extra_tx_headroom);
@@ -1796,10 +1820,12 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1796 if (ieee80211_is_back_req(bar->frame_control)) { 1820 if (ieee80211_is_back_req(bar->frame_control)) {
1797 if (!rx->sta) 1821 if (!rx->sta)
1798 return RX_DROP_MONITOR; 1822 return RX_DROP_MONITOR;
1823 spin_lock(&rx->sta->lock);
1799 tid = le16_to_cpu(bar->control) >> 12; 1824 tid = le16_to_cpu(bar->control) >> 12;
1800 if (rx->sta->ampdu_mlme.tid_state_rx[tid] 1825 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) {
1801 != HT_AGG_STATE_OPERATIONAL) 1826 spin_unlock(&rx->sta->lock);
1802 return RX_DROP_MONITOR; 1827 return RX_DROP_MONITOR;
1828 }
1803 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1829 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1804 1830
1805 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1831 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4;
@@ -1813,6 +1839,7 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1813 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num, 1839 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num,
1814 frames); 1840 frames);
1815 kfree_skb(skb); 1841 kfree_skb(skb);
1842 spin_unlock(&rx->sta->lock);
1816 return RX_QUEUED; 1843 return RX_QUEUED;
1817 } 1844 }
1818 1845
@@ -1974,8 +2001,8 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1974 goto handled; 2001 goto handled;
1975 } 2002 }
1976 break; 2003 break;
1977 case MESH_PLINK_CATEGORY: 2004 case WLAN_CATEGORY_MESH_PLINK:
1978 case MESH_PATH_SEL_CATEGORY: 2005 case WLAN_CATEGORY_MESH_PATH_SEL:
1979 if (ieee80211_vif_is_mesh(&sdata->vif)) 2006 if (ieee80211_vif_is_mesh(&sdata->vif))
1980 return ieee80211_mesh_rx_mgmt(sdata, rx->skb); 2007 return ieee80211_mesh_rx_mgmt(sdata, rx->skb);
1981 break; 2008 break;
@@ -2372,29 +2399,42 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2372 struct ieee80211_local *local = hw_to_local(hw); 2399 struct ieee80211_local *local = hw_to_local(hw);
2373 struct ieee80211_sub_if_data *sdata; 2400 struct ieee80211_sub_if_data *sdata;
2374 struct ieee80211_hdr *hdr; 2401 struct ieee80211_hdr *hdr;
2402 __le16 fc;
2375 struct ieee80211_rx_data rx; 2403 struct ieee80211_rx_data rx;
2376 int prepares; 2404 int prepares;
2377 struct ieee80211_sub_if_data *prev = NULL; 2405 struct ieee80211_sub_if_data *prev = NULL;
2378 struct sk_buff *skb_new; 2406 struct sk_buff *skb_new;
2379 struct sta_info *sta, *tmp; 2407 struct sta_info *sta, *tmp;
2380 bool found_sta = false; 2408 bool found_sta = false;
2409 int err = 0;
2381 2410
2382 hdr = (struct ieee80211_hdr *)skb->data; 2411 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
2383 memset(&rx, 0, sizeof(rx)); 2412 memset(&rx, 0, sizeof(rx));
2384 rx.skb = skb; 2413 rx.skb = skb;
2385 rx.local = local; 2414 rx.local = local;
2386 2415
2387 if (ieee80211_is_data(hdr->frame_control) || ieee80211_is_mgmt(hdr->frame_control)) 2416 if (ieee80211_is_data(fc) || ieee80211_is_mgmt(fc))
2388 local->dot11ReceivedFragmentCount++; 2417 local->dot11ReceivedFragmentCount++;
2389 2418
2390 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2419 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2391 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2420 test_bit(SCAN_OFF_CHANNEL, &local->scanning)))
2392 rx.flags |= IEEE80211_RX_IN_SCAN; 2421 rx.flags |= IEEE80211_RX_IN_SCAN;
2393 2422
2423 if (ieee80211_is_mgmt(fc))
2424 err = skb_linearize(skb);
2425 else
2426 err = !pskb_may_pull(skb, ieee80211_hdrlen(fc));
2427
2428 if (err) {
2429 dev_kfree_skb(skb);
2430 return;
2431 }
2432
2433 hdr = (struct ieee80211_hdr *)skb->data;
2394 ieee80211_parse_qos(&rx); 2434 ieee80211_parse_qos(&rx);
2395 ieee80211_verify_alignment(&rx); 2435 ieee80211_verify_alignment(&rx);
2396 2436
2397 if (ieee80211_is_data(hdr->frame_control)) { 2437 if (ieee80211_is_data(fc)) {
2398 for_each_sta_info(local, hdr->addr2, sta, tmp) { 2438 for_each_sta_info(local, hdr->addr2, sta, tmp) {
2399 rx.sta = sta; 2439 rx.sta = sta;
2400 found_sta = true; 2440 found_sta = true;
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 85507bd9e341..e1b0be7a57b9 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -14,6 +14,8 @@
14 14
15#include <linux/if_arp.h> 15#include <linux/if_arp.h>
16#include <linux/rtnetlink.h> 16#include <linux/rtnetlink.h>
17#include <linux/pm_qos_params.h>
18#include <net/sch_generic.h>
17#include <linux/slab.h> 19#include <linux/slab.h>
18#include <net/mac80211.h> 20#include <net/mac80211.h>
19 21
@@ -83,7 +85,7 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
83{ 85{
84 struct cfg80211_bss *cbss; 86 struct cfg80211_bss *cbss;
85 struct ieee80211_bss *bss; 87 struct ieee80211_bss *bss;
86 int clen; 88 int clen, srlen;
87 s32 signal = 0; 89 s32 signal = 0;
88 90
89 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 91 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
@@ -112,23 +114,24 @@ ieee80211_bss_info_update(struct ieee80211_local *local,
112 bss->dtim_period = tim_ie->dtim_period; 114 bss->dtim_period = tim_ie->dtim_period;
113 } 115 }
114 116
115 bss->supp_rates_len = 0; 117 /* replace old supported rates if we get new values */
118 srlen = 0;
116 if (elems->supp_rates) { 119 if (elems->supp_rates) {
117 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 120 clen = IEEE80211_MAX_SUPP_RATES;
118 if (clen > elems->supp_rates_len) 121 if (clen > elems->supp_rates_len)
119 clen = elems->supp_rates_len; 122 clen = elems->supp_rates_len;
120 memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates, 123 memcpy(bss->supp_rates, elems->supp_rates, clen);
121 clen); 124 srlen += clen;
122 bss->supp_rates_len += clen;
123 } 125 }
124 if (elems->ext_supp_rates) { 126 if (elems->ext_supp_rates) {
125 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len; 127 clen = IEEE80211_MAX_SUPP_RATES - srlen;
126 if (clen > elems->ext_supp_rates_len) 128 if (clen > elems->ext_supp_rates_len)
127 clen = elems->ext_supp_rates_len; 129 clen = elems->ext_supp_rates_len;
128 memcpy(&bss->supp_rates[bss->supp_rates_len], 130 memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, clen);
129 elems->ext_supp_rates, clen); 131 srlen += clen;
130 bss->supp_rates_len += clen;
131 } 132 }
133 if (srlen)
134 bss->supp_rates_len = srlen;
132 135
133 bss->wmm_used = elems->wmm_param || elems->wmm_info; 136 bss->wmm_used = elems->wmm_param || elems->wmm_info;
134 bss->uapsd_supported = is_uapsd_supported(elems); 137 bss->uapsd_supported = is_uapsd_supported(elems);
@@ -246,6 +249,8 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
246 struct ieee80211_local *local = hw_to_local(hw); 249 struct ieee80211_local *local = hw_to_local(hw);
247 bool was_hw_scan; 250 bool was_hw_scan;
248 251
252 trace_api_scan_completed(local, aborted);
253
249 mutex_lock(&local->scan_mtx); 254 mutex_lock(&local->scan_mtx);
250 255
251 /* 256 /*
@@ -322,6 +327,7 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local)
322 327
323 ieee80211_offchannel_stop_beaconing(local); 328 ieee80211_offchannel_stop_beaconing(local);
324 329
330 local->leave_oper_channel_time = 0;
325 local->next_scan_state = SCAN_DECISION; 331 local->next_scan_state = SCAN_DECISION;
326 local->scan_channel_idx = 0; 332 local->scan_channel_idx = 0;
327 333
@@ -406,7 +412,7 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
406 412
407 if (local->ops->hw_scan) { 413 if (local->ops->hw_scan) {
408 WARN_ON(!ieee80211_prep_hw_scan(local)); 414 WARN_ON(!ieee80211_prep_hw_scan(local));
409 rc = drv_hw_scan(local, local->hw_scan_req); 415 rc = drv_hw_scan(local, sdata, local->hw_scan_req);
410 } else 416 } else
411 rc = ieee80211_start_sw_scan(local); 417 rc = ieee80211_start_sw_scan(local);
412 418
@@ -426,11 +432,28 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
426 return rc; 432 return rc;
427} 433}
428 434
435static unsigned long
436ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
437{
438 /*
439 * TODO: channel switching also consumes quite some time,
440 * add that delay as well to get a better estimation
441 */
442 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
443 return IEEE80211_PASSIVE_CHANNEL_TIME;
444 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
445}
446
429static int ieee80211_scan_state_decision(struct ieee80211_local *local, 447static int ieee80211_scan_state_decision(struct ieee80211_local *local,
430 unsigned long *next_delay) 448 unsigned long *next_delay)
431{ 449{
432 bool associated = false; 450 bool associated = false;
451 bool tx_empty = true;
452 bool bad_latency;
453 bool listen_int_exceeded;
454 unsigned long min_beacon_int = 0;
433 struct ieee80211_sub_if_data *sdata; 455 struct ieee80211_sub_if_data *sdata;
456 struct ieee80211_channel *next_chan;
434 457
435 /* if no more bands/channels left, complete scan and advance to the idle state */ 458 /* if no more bands/channels left, complete scan and advance to the idle state */
436 if (local->scan_channel_idx >= local->scan_req->n_channels) { 459 if (local->scan_channel_idx >= local->scan_req->n_channels) {
@@ -438,7 +461,11 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
438 return 1; 461 return 1;
439 } 462 }
440 463
441 /* check if at least one STA interface is associated */ 464 /*
465 * check if at least one STA interface is associated,
466 * check if at least one STA interface has pending tx frames
467 * and grab the lowest used beacon interval
468 */
442 mutex_lock(&local->iflist_mtx); 469 mutex_lock(&local->iflist_mtx);
443 list_for_each_entry(sdata, &local->interfaces, list) { 470 list_for_each_entry(sdata, &local->interfaces, list) {
444 if (!ieee80211_sdata_running(sdata)) 471 if (!ieee80211_sdata_running(sdata))
@@ -447,7 +474,16 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
447 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 474 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
448 if (sdata->u.mgd.associated) { 475 if (sdata->u.mgd.associated) {
449 associated = true; 476 associated = true;
450 break; 477
478 if (sdata->vif.bss_conf.beacon_int <
479 min_beacon_int || min_beacon_int == 0)
480 min_beacon_int =
481 sdata->vif.bss_conf.beacon_int;
482
483 if (!qdisc_all_tx_empty(sdata->dev)) {
484 tx_empty = false;
485 break;
486 }
451 } 487 }
452 } 488 }
453 } 489 }
@@ -456,11 +492,34 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
456 if (local->scan_channel) { 492 if (local->scan_channel) {
457 /* 493 /*
458 * we're currently scanning a different channel, let's 494 * we're currently scanning a different channel, let's
459 * switch back to the operating channel now if at least 495 * see if we can scan another channel without interfering
460 * one interface is associated. Otherwise just scan the 496 * with the current traffic situation.
461 * next channel 497 *
498 * Since we don't know if the AP has pending frames for us
499 * we can only check for our tx queues and use the current
500 * pm_qos requirements for rx. Hence, if no tx traffic occurs
501 * at all we will scan as many channels in a row as the pm_qos
502 * latency allows us to. Additionally we also check for the
503 * currently negotiated listen interval to prevent losing
504 * frames unnecessarily.
505 *
506 * Otherwise switch back to the operating channel.
462 */ 507 */
463 if (associated) 508 next_chan = local->scan_req->channels[local->scan_channel_idx];
509
510 bad_latency = time_after(jiffies +
511 ieee80211_scan_get_channel_time(next_chan),
512 local->leave_oper_channel_time +
513 usecs_to_jiffies(pm_qos_request(PM_QOS_NETWORK_LATENCY)));
514
515 listen_int_exceeded = time_after(jiffies +
516 ieee80211_scan_get_channel_time(next_chan),
517 local->leave_oper_channel_time +
518 usecs_to_jiffies(min_beacon_int * 1024) *
519 local->hw.conf.listen_interval);
520
521 if (associated && ( !tx_empty || bad_latency ||
522 listen_int_exceeded))
464 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL; 523 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
465 else 524 else
466 local->next_scan_state = SCAN_SET_CHANNEL; 525 local->next_scan_state = SCAN_SET_CHANNEL;
@@ -492,6 +551,9 @@ static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *loca
492 else 551 else
493 *next_delay = HZ / 10; 552 *next_delay = HZ / 10;
494 553
554 /* remember when we left the operating channel */
555 local->leave_oper_channel_time = jiffies;
556
495 /* advance to the next channel to be scanned */ 557 /* advance to the next channel to be scanned */
496 local->next_scan_state = SCAN_SET_CHANNEL; 558 local->next_scan_state = SCAN_SET_CHANNEL;
497} 559}
@@ -594,7 +656,7 @@ void ieee80211_scan_work(struct work_struct *work)
594 } 656 }
595 657
596 if (local->hw_scan_req) { 658 if (local->hw_scan_req) {
597 int rc = drv_hw_scan(local, local->hw_scan_req); 659 int rc = drv_hw_scan(local, sdata, local->hw_scan_req);
598 mutex_unlock(&local->scan_mtx); 660 mutex_unlock(&local->scan_mtx);
599 if (rc) 661 if (rc)
600 ieee80211_scan_completed(&local->hw, true); 662 ieee80211_scan_completed(&local->hw, true);
@@ -667,10 +729,12 @@ int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
667} 729}
668 730
669int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, 731int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
670 const u8 *ssid, u8 ssid_len) 732 const u8 *ssid, u8 ssid_len,
733 struct ieee80211_channel *chan)
671{ 734{
672 struct ieee80211_local *local = sdata->local; 735 struct ieee80211_local *local = sdata->local;
673 int ret = -EBUSY; 736 int ret = -EBUSY;
737 enum nl80211_band band;
674 738
675 mutex_lock(&local->scan_mtx); 739 mutex_lock(&local->scan_mtx);
676 740
@@ -678,6 +742,30 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
678 if (local->scan_req) 742 if (local->scan_req)
679 goto unlock; 743 goto unlock;
680 744
745 /* fill internal scan request */
746 if (!chan) {
747 int i, nchan = 0;
748
749 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
750 if (!local->hw.wiphy->bands[band])
751 continue;
752 for (i = 0;
753 i < local->hw.wiphy->bands[band]->n_channels;
754 i++) {
755 local->int_scan_req->channels[nchan] =
756 &local->hw.wiphy->bands[band]->channels[i];
757 nchan++;
758 }
759 }
760
761 local->int_scan_req->n_channels = nchan;
762 } else {
763 local->int_scan_req->channels[0] = chan;
764 local->int_scan_req->n_channels = 1;
765 }
766
767 local->int_scan_req->ssids = &local->scan_ssid;
768 local->int_scan_req->n_ssids = 1;
681 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN); 769 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
682 local->int_scan_req->ssids[0].ssid_len = ssid_len; 770 local->int_scan_req->ssids[0].ssid_len = ssid_len;
683 771
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index fb12cec4d333..730197591ab5 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -250,9 +250,6 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
250 * enable session_timer's data differentiation. refer to 250 * enable session_timer's data differentiation. refer to
251 * sta_rx_agg_session_timer_expired for useage */ 251 * sta_rx_agg_session_timer_expired for useage */
252 sta->timer_to_tid[i] = i; 252 sta->timer_to_tid[i] = i;
253 /* rx */
254 sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE;
255 sta->ampdu_mlme.tid_rx[i] = NULL;
256 /* tx */ 253 /* tx */
257 sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE; 254 sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE;
258 sta->ampdu_mlme.tid_tx[i] = NULL; 255 sta->ampdu_mlme.tid_tx[i] = NULL;
@@ -578,7 +575,7 @@ static int sta_info_buffer_expired(struct sta_info *sta,
578} 575}
579 576
580 577
581static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, 578static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
582 struct sta_info *sta) 579 struct sta_info *sta)
583{ 580{
584 unsigned long flags; 581 unsigned long flags;
@@ -586,7 +583,7 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
586 struct ieee80211_sub_if_data *sdata; 583 struct ieee80211_sub_if_data *sdata;
587 584
588 if (skb_queue_empty(&sta->ps_tx_buf)) 585 if (skb_queue_empty(&sta->ps_tx_buf))
589 return; 586 return false;
590 587
591 for (;;) { 588 for (;;) {
592 spin_lock_irqsave(&sta->ps_tx_buf.lock, flags); 589 spin_lock_irqsave(&sta->ps_tx_buf.lock, flags);
@@ -611,6 +608,8 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
611 if (skb_queue_empty(&sta->ps_tx_buf)) 608 if (skb_queue_empty(&sta->ps_tx_buf))
612 sta_info_clear_tim_bit(sta); 609 sta_info_clear_tim_bit(sta);
613 } 610 }
611
612 return true;
614} 613}
615 614
616static int __must_check __sta_info_destroy(struct sta_info *sta) 615static int __must_check __sta_info_destroy(struct sta_info *sta)
@@ -619,7 +618,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
619 struct ieee80211_sub_if_data *sdata; 618 struct ieee80211_sub_if_data *sdata;
620 struct sk_buff *skb; 619 struct sk_buff *skb;
621 unsigned long flags; 620 unsigned long flags;
622 int ret, i; 621 int ret;
623 622
624 might_sleep(); 623 might_sleep();
625 624
@@ -629,6 +628,15 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
629 local = sta->local; 628 local = sta->local;
630 sdata = sta->sdata; 629 sdata = sta->sdata;
631 630
631 /*
632 * Before removing the station from the driver and
633 * rate control, it might still start new aggregation
634 * sessions -- block that to make sure the tear-down
635 * will be sufficient.
636 */
637 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
638 ieee80211_sta_tear_down_BA_sessions(sta);
639
632 spin_lock_irqsave(&local->sta_lock, flags); 640 spin_lock_irqsave(&local->sta_lock, flags);
633 ret = sta_info_hash_del(local, sta); 641 ret = sta_info_hash_del(local, sta);
634 /* this might still be the pending list ... which is fine */ 642 /* this might still be the pending list ... which is fine */
@@ -645,9 +653,6 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
645 * may mean it is removed from hardware which requires that 653 * may mean it is removed from hardware which requires that
646 * the key->sta pointer is still valid, so flush the key todo 654 * the key->sta pointer is still valid, so flush the key todo
647 * list here. 655 * list here.
648 *
649 * ieee80211_key_todo() will synchronize_rcu() so after this
650 * nothing can reference this sta struct any more.
651 */ 656 */
652 ieee80211_key_todo(); 657 ieee80211_key_todo();
653 658
@@ -679,11 +684,17 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
679 sdata = sta->sdata; 684 sdata = sta->sdata;
680 } 685 }
681 686
687 /*
688 * At this point, after we wait for an RCU grace period,
689 * neither mac80211 nor the driver can reference this
690 * sta struct any more except by still existing timers
691 * associated with this station that we clean up below.
692 */
693 synchronize_rcu();
694
682#ifdef CONFIG_MAC80211_MESH 695#ifdef CONFIG_MAC80211_MESH
683 if (ieee80211_vif_is_mesh(&sdata->vif)) { 696 if (ieee80211_vif_is_mesh(&sdata->vif))
684 mesh_accept_plinks_update(sdata); 697 mesh_accept_plinks_update(sdata);
685 del_timer(&sta->plink_timer);
686 }
687#endif 698#endif
688 699
689#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 700#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -710,50 +721,6 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
710 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) 721 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
711 dev_kfree_skb_any(skb); 722 dev_kfree_skb_any(skb);
712 723
713 for (i = 0; i < STA_TID_NUM; i++) {
714 struct tid_ampdu_rx *tid_rx;
715 struct tid_ampdu_tx *tid_tx;
716
717 spin_lock_bh(&sta->lock);
718 tid_rx = sta->ampdu_mlme.tid_rx[i];
719 /* Make sure timer won't free the tid_rx struct, see below */
720 if (tid_rx)
721 tid_rx->shutdown = true;
722
723 spin_unlock_bh(&sta->lock);
724
725 /*
726 * Outside spinlock - shutdown is true now so that the timer
727 * won't free tid_rx, we have to do that now. Can't let the
728 * timer do it because we have to sync the timer outside the
729 * lock that it takes itself.
730 */
731 if (tid_rx) {
732 del_timer_sync(&tid_rx->session_timer);
733 kfree(tid_rx);
734 }
735
736 /*
737 * No need to do such complications for TX agg sessions, the
738 * path leading to freeing the tid_tx struct goes via a call
739 * from the driver, and thus needs to look up the sta struct
740 * again, which cannot be found when we get here. Hence, we
741 * just need to delete the timer and free the aggregation
742 * info; we won't be telling the peer about it then but that
743 * doesn't matter if we're not talking to it again anyway.
744 */
745 tid_tx = sta->ampdu_mlme.tid_tx[i];
746 if (tid_tx) {
747 del_timer_sync(&tid_tx->addba_resp_timer);
748 /*
749 * STA removed while aggregation session being
750 * started? Bit odd, but purge frames anyway.
751 */
752 skb_queue_purge(&tid_tx->pending);
753 kfree(tid_tx);
754 }
755 }
756
757 __sta_info_free(local, sta); 724 __sta_info_free(local, sta);
758 725
759 return 0; 726 return 0;
@@ -790,15 +757,20 @@ static void sta_info_cleanup(unsigned long data)
790{ 757{
791 struct ieee80211_local *local = (struct ieee80211_local *) data; 758 struct ieee80211_local *local = (struct ieee80211_local *) data;
792 struct sta_info *sta; 759 struct sta_info *sta;
760 bool timer_needed = false;
793 761
794 rcu_read_lock(); 762 rcu_read_lock();
795 list_for_each_entry_rcu(sta, &local->sta_list, list) 763 list_for_each_entry_rcu(sta, &local->sta_list, list)
796 sta_info_cleanup_expire_buffered(local, sta); 764 if (sta_info_cleanup_expire_buffered(local, sta))
765 timer_needed = true;
797 rcu_read_unlock(); 766 rcu_read_unlock();
798 767
799 if (local->quiescing) 768 if (local->quiescing)
800 return; 769 return;
801 770
771 if (!timer_needed)
772 return;
773
802 local->sta_cleanup.expires = 774 local->sta_cleanup.expires =
803 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 775 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
804 add_timer(&local->sta_cleanup); 776 add_timer(&local->sta_cleanup);
@@ -883,8 +855,12 @@ struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
883 struct sta_info *sta, *nxt; 855 struct sta_info *sta, *nxt;
884 856
885 /* Just return a random station ... first in list ... */ 857 /* Just return a random station ... first in list ... */
886 for_each_sta_info(hw_to_local(hw), addr, sta, nxt) 858 for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
859 if (!sta->uploaded)
860 return NULL;
887 return &sta->sta; 861 return &sta->sta;
862 }
863
888 return NULL; 864 return NULL;
889} 865}
890EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw); 866EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw);
@@ -892,14 +868,19 @@ EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw);
892struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif, 868struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
893 const u8 *addr) 869 const u8 *addr)
894{ 870{
895 struct ieee80211_sub_if_data *sdata; 871 struct sta_info *sta;
896 872
897 if (!vif) 873 if (!vif)
898 return NULL; 874 return NULL;
899 875
900 sdata = vif_to_sdata(vif); 876 sta = sta_info_get_bss(vif_to_sdata(vif), addr);
877 if (!sta)
878 return NULL;
879
880 if (!sta->uploaded)
881 return NULL;
901 882
902 return ieee80211_find_sta_by_hw(&sdata->local->hw, addr); 883 return &sta->sta;
903} 884}
904EXPORT_SYMBOL(ieee80211_find_sta); 885EXPORT_SYMBOL(ieee80211_find_sta);
905 886
@@ -992,6 +973,8 @@ void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
992{ 973{
993 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 974 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
994 975
976 trace_api_sta_block_awake(sta->local, pubsta, block);
977
995 if (block) 978 if (block)
996 set_sta_flags(sta, WLAN_STA_PS_DRIVER); 979 set_sta_flags(sta, WLAN_STA_PS_DRIVER);
997 else 980 else
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 822d84522937..48a5e80957f0 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -35,8 +35,8 @@
35 * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next 35 * IEEE80211_TX_CTL_CLEAR_PS_FILT control flag) when the next
36 * frame to this station is transmitted. 36 * frame to this station is transmitted.
37 * @WLAN_STA_MFP: Management frame protection is used with this STA. 37 * @WLAN_STA_MFP: Management frame protection is used with this STA.
38 * @WLAN_STA_SUSPEND: Set/cleared during a suspend/resume cycle. 38 * @WLAN_STA_BLOCK_BA: Used to deny ADDBA requests (both TX and RX)
39 * Used to deny ADDBA requests (both TX and RX). 39 * during suspend/resume and station removal.
40 * @WLAN_STA_PS_DRIVER: driver requires keeping this station in 40 * @WLAN_STA_PS_DRIVER: driver requires keeping this station in
41 * power-save mode logically to flush frames that might still 41 * power-save mode logically to flush frames that might still
42 * be in the queues 42 * be in the queues
@@ -57,7 +57,7 @@ enum ieee80211_sta_info_flags {
57 WLAN_STA_WDS = 1<<7, 57 WLAN_STA_WDS = 1<<7,
58 WLAN_STA_CLEAR_PS_FILT = 1<<9, 58 WLAN_STA_CLEAR_PS_FILT = 1<<9,
59 WLAN_STA_MFP = 1<<10, 59 WLAN_STA_MFP = 1<<10,
60 WLAN_STA_SUSPEND = 1<<11, 60 WLAN_STA_BLOCK_BA = 1<<11,
61 WLAN_STA_PS_DRIVER = 1<<12, 61 WLAN_STA_PS_DRIVER = 1<<12,
62 WLAN_STA_PSPOLL = 1<<13, 62 WLAN_STA_PSPOLL = 1<<13,
63 WLAN_STA_DISASSOC = 1<<14, 63 WLAN_STA_DISASSOC = 1<<14,
@@ -106,7 +106,6 @@ struct tid_ampdu_tx {
106 * @buf_size: buffer size for incoming A-MPDUs 106 * @buf_size: buffer size for incoming A-MPDUs
107 * @timeout: reset timer value (in TUs). 107 * @timeout: reset timer value (in TUs).
108 * @dialog_token: dialog token for aggregation session 108 * @dialog_token: dialog token for aggregation session
109 * @shutdown: this session is being shut down due to STA removal
110 */ 109 */
111struct tid_ampdu_rx { 110struct tid_ampdu_rx {
112 struct sk_buff **reorder_buf; 111 struct sk_buff **reorder_buf;
@@ -118,7 +117,6 @@ struct tid_ampdu_rx {
118 u16 buf_size; 117 u16 buf_size;
119 u16 timeout; 118 u16 timeout;
120 u8 dialog_token; 119 u8 dialog_token;
121 bool shutdown;
122}; 120};
123 121
124/** 122/**
@@ -156,7 +154,7 @@ enum plink_state {
156 */ 154 */
157struct sta_ampdu_mlme { 155struct sta_ampdu_mlme {
158 /* rx */ 156 /* rx */
159 u8 tid_state_rx[STA_TID_NUM]; 157 bool tid_active_rx[STA_TID_NUM];
160 struct tid_ampdu_rx *tid_rx[STA_TID_NUM]; 158 struct tid_ampdu_rx *tid_rx[STA_TID_NUM];
161 /* tx */ 159 /* tx */
162 u8 tid_state_tx[STA_TID_NUM]; 160 u8 tid_state_tx[STA_TID_NUM];
@@ -200,7 +198,6 @@ struct sta_ampdu_mlme {
200 * @rx_fragments: number of received MPDUs 198 * @rx_fragments: number of received MPDUs
201 * @rx_dropped: number of dropped MPDUs from this STA 199 * @rx_dropped: number of dropped MPDUs from this STA
202 * @last_signal: signal of last received frame from this STA 200 * @last_signal: signal of last received frame from this STA
203 * @last_noise: noise of last received frame from this STA
204 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue) 201 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue)
205 * @tx_filtered_count: number of frames the hardware filtered for this STA 202 * @tx_filtered_count: number of frames the hardware filtered for this STA
206 * @tx_retry_failed: number of frames that failed retry 203 * @tx_retry_failed: number of frames that failed retry
@@ -267,7 +264,6 @@ struct sta_info {
267 unsigned long rx_fragments; 264 unsigned long rx_fragments;
268 unsigned long rx_dropped; 265 unsigned long rx_dropped;
269 int last_signal; 266 int last_signal;
270 int last_noise;
271 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; 267 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
272 268
273 /* Updated from TX status path only, no locking requirements */ 269 /* Updated from TX status path only, no locking requirements */
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 56d5b9a6ec5b..94613af009f3 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -171,13 +171,16 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
171 struct net_device *prev_dev = NULL; 171 struct net_device *prev_dev = NULL;
172 struct sta_info *sta, *tmp; 172 struct sta_info *sta, *tmp;
173 int retry_count = -1, i; 173 int retry_count = -1, i;
174 bool injected; 174 int rates_idx = -1;
175 bool send_to_cooked;
175 176
176 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 177 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
177 /* the HW cannot have attempted that rate */ 178 /* the HW cannot have attempted that rate */
178 if (i >= hw->max_rates) { 179 if (i >= hw->max_rates) {
179 info->status.rates[i].idx = -1; 180 info->status.rates[i].idx = -1;
180 info->status.rates[i].count = 0; 181 info->status.rates[i].count = 0;
182 } else if (info->status.rates[i].idx >= 0) {
183 rates_idx = i;
181 } 184 }
182 185
183 retry_count += info->status.rates[i].count; 186 retry_count += info->status.rates[i].count;
@@ -206,6 +209,10 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
206 return; 209 return;
207 } 210 }
208 211
212 if ((local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) &&
213 (rates_idx != -1))
214 sta->last_tx_rate = info->status.rates[rates_idx];
215
209 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) && 216 if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
210 (ieee80211_is_data_qos(fc))) { 217 (ieee80211_is_data_qos(fc))) {
211 u16 tid, ssn; 218 u16 tid, ssn;
@@ -296,11 +303,15 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
296 /* this was a transmitted frame, but now we want to reuse it */ 303 /* this was a transmitted frame, but now we want to reuse it */
297 skb_orphan(skb); 304 skb_orphan(skb);
298 305
306 /* Need to make a copy before skb->cb gets cleared */
307 send_to_cooked = !!(info->flags & IEEE80211_TX_CTL_INJECTED) ||
308 (type != IEEE80211_FTYPE_DATA);
309
299 /* 310 /*
300 * This is a bit racy but we can avoid a lot of work 311 * This is a bit racy but we can avoid a lot of work
301 * with this test... 312 * with this test...
302 */ 313 */
303 if (!local->monitors && !local->cooked_mntrs) { 314 if (!local->monitors && (!send_to_cooked || !local->cooked_mntrs)) {
304 dev_kfree_skb(skb); 315 dev_kfree_skb(skb);
305 return; 316 return;
306 } 317 }
@@ -345,9 +356,6 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
345 /* for now report the total retry_count */ 356 /* for now report the total retry_count */
346 rthdr->data_retries = retry_count; 357 rthdr->data_retries = retry_count;
347 358
348 /* Need to make a copy before skb->cb gets cleared */
349 injected = !!(info->flags & IEEE80211_TX_CTL_INJECTED);
350
351 /* XXX: is this sufficient for BPF? */ 359 /* XXX: is this sufficient for BPF? */
352 skb_set_mac_header(skb, 0); 360 skb_set_mac_header(skb, 0);
353 skb->ip_summed = CHECKSUM_UNNECESSARY; 361 skb->ip_summed = CHECKSUM_UNNECESSARY;
@@ -362,8 +370,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
362 continue; 370 continue;
363 371
364 if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) && 372 if ((sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES) &&
365 !injected && 373 !send_to_cooked)
366 (type == IEEE80211_FTYPE_DATA))
367 continue; 374 continue;
368 375
369 if (prev_dev) { 376 if (prev_dev) {
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index cfc473e1b050..680bcb7093db 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -429,6 +429,7 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
429 struct sta_info *sta = tx->sta; 429 struct sta_info *sta = tx->sta;
430 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb); 430 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
431 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data; 431 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
432 struct ieee80211_local *local = tx->local;
432 u32 staflags; 433 u32 staflags;
433 434
434 if (unlikely(!sta || 435 if (unlikely(!sta ||
@@ -476,6 +477,12 @@ ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
476 info->control.vif = &tx->sdata->vif; 477 info->control.vif = &tx->sdata->vif;
477 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 478 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
478 skb_queue_tail(&sta->ps_tx_buf, tx->skb); 479 skb_queue_tail(&sta->ps_tx_buf, tx->skb);
480
481 if (!timer_pending(&local->sta_cleanup))
482 mod_timer(&local->sta_cleanup,
483 round_jiffies(jiffies +
484 STA_INFO_CLEANUP_INTERVAL));
485
479 return TX_QUEUED; 486 return TX_QUEUED;
480 } 487 }
481#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 488#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
@@ -513,6 +520,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
513 else if (tx->sta && (key = rcu_dereference(tx->sta->key))) 520 else if (tx->sta && (key = rcu_dereference(tx->sta->key)))
514 tx->key = key; 521 tx->key = key;
515 else if (ieee80211_is_mgmt(hdr->frame_control) && 522 else if (ieee80211_is_mgmt(hdr->frame_control) &&
523 is_multicast_ether_addr(hdr->addr1) &&
524 ieee80211_is_robust_mgmt_frame(hdr) &&
516 (key = rcu_dereference(tx->sdata->default_mgmt_key))) 525 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
517 tx->key = key; 526 tx->key = key;
518 else if ((key = rcu_dereference(tx->sdata->default_key))) 527 else if ((key = rcu_dereference(tx->sdata->default_key)))
@@ -584,7 +593,8 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
584 struct ieee80211_hdr *hdr = (void *)tx->skb->data; 593 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
585 struct ieee80211_supported_band *sband; 594 struct ieee80211_supported_band *sband;
586 struct ieee80211_rate *rate; 595 struct ieee80211_rate *rate;
587 int i, len; 596 int i;
597 u32 len;
588 bool inval = false, rts = false, short_preamble = false; 598 bool inval = false, rts = false, short_preamble = false;
589 struct ieee80211_tx_rate_control txrc; 599 struct ieee80211_tx_rate_control txrc;
590 u32 sta_flags; 600 u32 sta_flags;
@@ -593,7 +603,7 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
593 603
594 sband = tx->local->hw.wiphy->bands[tx->channel->band]; 604 sband = tx->local->hw.wiphy->bands[tx->channel->band];
595 605
596 len = min_t(int, tx->skb->len + FCS_LEN, 606 len = min_t(u32, tx->skb->len + FCS_LEN,
597 tx->local->hw.wiphy->frag_threshold); 607 tx->local->hw.wiphy->frag_threshold);
598 608
599 /* set up the tx rate control struct we give the RC algo */ 609 /* set up the tx rate control struct we give the RC algo */
@@ -1142,13 +1152,12 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1142 1152
1143 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) && 1153 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1144 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) { 1154 (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) {
1145 unsigned long flags;
1146 struct tid_ampdu_tx *tid_tx; 1155 struct tid_ampdu_tx *tid_tx;
1147 1156
1148 qc = ieee80211_get_qos_ctl(hdr); 1157 qc = ieee80211_get_qos_ctl(hdr);
1149 tid = *qc & IEEE80211_QOS_CTL_TID_MASK; 1158 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
1150 1159
1151 spin_lock_irqsave(&tx->sta->lock, flags); 1160 spin_lock(&tx->sta->lock);
1152 /* 1161 /*
1153 * XXX: This spinlock could be fairly expensive, but see the 1162 * XXX: This spinlock could be fairly expensive, but see the
1154 * comment in agg-tx.c:ieee80211_agg_tx_operational(). 1163 * comment in agg-tx.c:ieee80211_agg_tx_operational().
@@ -1173,7 +1182,7 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1173 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING; 1182 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING;
1174 __skb_queue_tail(&tid_tx->pending, skb); 1183 __skb_queue_tail(&tid_tx->pending, skb);
1175 } 1184 }
1176 spin_unlock_irqrestore(&tx->sta->lock, flags); 1185 spin_unlock(&tx->sta->lock);
1177 1186
1178 if (unlikely(queued)) 1187 if (unlikely(queued))
1179 return TX_QUEUED; 1188 return TX_QUEUED;
@@ -2011,14 +2020,12 @@ void ieee80211_tx_pending(unsigned long data)
2011 while (!skb_queue_empty(&local->pending[i])) { 2020 while (!skb_queue_empty(&local->pending[i])) {
2012 struct sk_buff *skb = __skb_dequeue(&local->pending[i]); 2021 struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
2013 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 2022 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2014 struct ieee80211_sub_if_data *sdata;
2015 2023
2016 if (WARN_ON(!info->control.vif)) { 2024 if (WARN_ON(!info->control.vif)) {
2017 kfree_skb(skb); 2025 kfree_skb(skb);
2018 continue; 2026 continue;
2019 } 2027 }
2020 2028
2021 sdata = vif_to_sdata(info->control.vif);
2022 spin_unlock_irqrestore(&local->queue_stop_reason_lock, 2029 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
2023 flags); 2030 flags);
2024 2031
@@ -2244,8 +2251,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2244 2251
2245 info->control.vif = vif; 2252 info->control.vif = vif;
2246 2253
2247 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT; 2254 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
2248 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ; 2255 IEEE80211_TX_CTL_ASSIGN_SEQ |
2256 IEEE80211_TX_CTL_FIRST_FRAGMENT;
2249 out: 2257 out:
2250 rcu_read_unlock(); 2258 rcu_read_unlock();
2251 return skb; 2259 return skb;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 53af57047435..5b79d552780a 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -270,6 +270,8 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
270 struct ieee80211_local *local = hw_to_local(hw); 270 struct ieee80211_local *local = hw_to_local(hw);
271 struct ieee80211_sub_if_data *sdata; 271 struct ieee80211_sub_if_data *sdata;
272 272
273 trace_wake_queue(local, queue, reason);
274
273 if (WARN_ON(queue >= hw->queues)) 275 if (WARN_ON(queue >= hw->queues))
274 return; 276 return;
275 277
@@ -312,6 +314,8 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
312 struct ieee80211_local *local = hw_to_local(hw); 314 struct ieee80211_local *local = hw_to_local(hw);
313 struct ieee80211_sub_if_data *sdata; 315 struct ieee80211_sub_if_data *sdata;
314 316
317 trace_stop_queue(local, queue, reason);
318
315 if (WARN_ON(queue >= hw->queues)) 319 if (WARN_ON(queue >= hw->queues))
316 return; 320 return;
317 321
@@ -796,6 +800,11 @@ void ieee80211_set_wmm_default(struct ieee80211_sub_if_data *sdata)
796 800
797 drv_conf_tx(local, queue, &qparam); 801 drv_conf_tx(local, queue, &qparam);
798 } 802 }
803
804 /* after reinitialize QoS TX queues setting to default,
805 * disable QoS at all */
806 local->hw.conf.flags &= ~IEEE80211_CONF_QOS;
807 drv_config(local, IEEE80211_CONF_CHANGE_QOS);
799} 808}
800 809
801void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata, 810void ieee80211_sta_def_wmm_params(struct ieee80211_sub_if_data *sdata,
@@ -1135,7 +1144,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1135 1144
1136 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) { 1145 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
1137 list_for_each_entry_rcu(sta, &local->sta_list, list) { 1146 list_for_each_entry_rcu(sta, &local->sta_list, list) {
1138 clear_sta_flags(sta, WLAN_STA_SUSPEND); 1147 clear_sta_flags(sta, WLAN_STA_BLOCK_BA);
1139 } 1148 }
1140 } 1149 }
1141 1150
@@ -1151,18 +1160,33 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1151 1160
1152 /* Finally also reconfigure all the BSS information */ 1161 /* Finally also reconfigure all the BSS information */
1153 list_for_each_entry(sdata, &local->interfaces, list) { 1162 list_for_each_entry(sdata, &local->interfaces, list) {
1154 u32 changed = ~0; 1163 u32 changed;
1164
1155 if (!ieee80211_sdata_running(sdata)) 1165 if (!ieee80211_sdata_running(sdata))
1156 continue; 1166 continue;
1167
1168 /* common change flags for all interface types */
1169 changed = BSS_CHANGED_ERP_CTS_PROT |
1170 BSS_CHANGED_ERP_PREAMBLE |
1171 BSS_CHANGED_ERP_SLOT |
1172 BSS_CHANGED_HT |
1173 BSS_CHANGED_BASIC_RATES |
1174 BSS_CHANGED_BEACON_INT |
1175 BSS_CHANGED_BSSID |
1176 BSS_CHANGED_CQM;
1177
1157 switch (sdata->vif.type) { 1178 switch (sdata->vif.type) {
1158 case NL80211_IFTYPE_STATION: 1179 case NL80211_IFTYPE_STATION:
1159 /* disable beacon change bits */ 1180 changed |= BSS_CHANGED_ASSOC;
1160 changed &= ~(BSS_CHANGED_BEACON | 1181 ieee80211_bss_info_change_notify(sdata, changed);
1161 BSS_CHANGED_BEACON_ENABLED); 1182 break;
1162 /* fall through */
1163 case NL80211_IFTYPE_ADHOC: 1183 case NL80211_IFTYPE_ADHOC:
1184 changed |= BSS_CHANGED_IBSS;
1185 /* fall through */
1164 case NL80211_IFTYPE_AP: 1186 case NL80211_IFTYPE_AP:
1165 case NL80211_IFTYPE_MESH_POINT: 1187 case NL80211_IFTYPE_MESH_POINT:
1188 changed |= BSS_CHANGED_BEACON |
1189 BSS_CHANGED_BEACON_ENABLED;
1166 ieee80211_bss_info_change_notify(sdata, changed); 1190 ieee80211_bss_info_change_notify(sdata, changed);
1167 break; 1191 break;
1168 case NL80211_IFTYPE_WDS: 1192 case NL80211_IFTYPE_WDS:
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 15e1ba931b87..be3d4a698692 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -33,6 +33,7 @@
33#define IEEE80211_MAX_PROBE_TRIES 5 33#define IEEE80211_MAX_PROBE_TRIES 5
34 34
35enum work_action { 35enum work_action {
36 WORK_ACT_MISMATCH,
36 WORK_ACT_NONE, 37 WORK_ACT_NONE,
37 WORK_ACT_TIMEOUT, 38 WORK_ACT_TIMEOUT,
38 WORK_ACT_DONE, 39 WORK_ACT_DONE,
@@ -213,15 +214,25 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
213 214
214 sband = local->hw.wiphy->bands[wk->chan->band]; 215 sband = local->hw.wiphy->bands[wk->chan->band];
215 216
216 /* 217 if (wk->assoc.supp_rates_len) {
217 * Get all rates supported by the device and the AP as 218 /*
218 * some APs don't like getting a superset of their rates 219 * Get all rates supported by the device and the AP as
219 * in the association request (e.g. D-Link DAP 1353 in 220 * some APs don't like getting a superset of their rates
220 * b-only mode)... 221 * in the association request (e.g. D-Link DAP 1353 in
221 */ 222 * b-only mode)...
222 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates, 223 */
223 wk->assoc.supp_rates_len, 224 rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
224 sband, &rates); 225 wk->assoc.supp_rates_len,
226 sband, &rates);
227 } else {
228 /*
229 * In case AP not provide any supported rates information
230 * before association, we send information element(s) with
231 * all rates that we support.
232 */
233 rates = ~0;
234 rates_len = sband->n_bitrates;
235 }
225 236
226 skb = alloc_skb(local->hw.extra_tx_headroom + 237 skb = alloc_skb(local->hw.extra_tx_headroom +
227 sizeof(*mgmt) + /* bit too much but doesn't matter */ 238 sizeof(*mgmt) + /* bit too much but doesn't matter */
@@ -575,7 +586,7 @@ ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
575 u16 auth_alg, auth_transaction, status_code; 586 u16 auth_alg, auth_transaction, status_code;
576 587
577 if (wk->type != IEEE80211_WORK_AUTH) 588 if (wk->type != IEEE80211_WORK_AUTH)
578 return WORK_ACT_NONE; 589 return WORK_ACT_MISMATCH;
579 590
580 if (len < 24 + 6) 591 if (len < 24 + 6)
581 return WORK_ACT_NONE; 592 return WORK_ACT_NONE;
@@ -626,6 +637,9 @@ ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
626 struct ieee802_11_elems elems; 637 struct ieee802_11_elems elems;
627 u8 *pos; 638 u8 *pos;
628 639
640 if (wk->type != IEEE80211_WORK_ASSOC)
641 return WORK_ACT_MISMATCH;
642
629 /* 643 /*
630 * AssocResp and ReassocResp have identical structure, so process both 644 * AssocResp and ReassocResp have identical structure, so process both
631 * of them in this function. 645 * of them in this function.
@@ -681,6 +695,12 @@ ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
681 695
682 ASSERT_WORK_MTX(local); 696 ASSERT_WORK_MTX(local);
683 697
698 if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
699 return WORK_ACT_MISMATCH;
700
701 if (len < 24 + 12)
702 return WORK_ACT_NONE;
703
684 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt; 704 baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
685 if (baselen > len) 705 if (baselen > len)
686 return WORK_ACT_NONE; 706 return WORK_ACT_NONE;
@@ -695,7 +715,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
695 struct ieee80211_rx_status *rx_status; 715 struct ieee80211_rx_status *rx_status;
696 struct ieee80211_mgmt *mgmt; 716 struct ieee80211_mgmt *mgmt;
697 struct ieee80211_work *wk; 717 struct ieee80211_work *wk;
698 enum work_action rma = WORK_ACT_NONE; 718 enum work_action rma;
699 u16 fc; 719 u16 fc;
700 720
701 rx_status = (struct ieee80211_rx_status *) skb->cb; 721 rx_status = (struct ieee80211_rx_status *) skb->cb;
@@ -742,7 +762,17 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
742 break; 762 break;
743 default: 763 default:
744 WARN_ON(1); 764 WARN_ON(1);
765 rma = WORK_ACT_NONE;
745 } 766 }
767
768 /*
769 * We've either received an unexpected frame, or we have
770 * multiple work items and need to match the frame to the
771 * right one.
772 */
773 if (rma == WORK_ACT_MISMATCH)
774 continue;
775
746 /* 776 /*
747 * We've processed this frame for that work, so it can't 777 * We've processed this frame for that work, so it can't
748 * belong to another work struct. 778 * belong to another work struct.
@@ -752,6 +782,9 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
752 } 782 }
753 783
754 switch (rma) { 784 switch (rma) {
785 case WORK_ACT_MISMATCH:
786 /* ignore this unmatched frame */
787 break;
755 case WORK_ACT_NONE: 788 case WORK_ACT_NONE:
756 break; 789 break;
757 case WORK_ACT_DONE: 790 case WORK_ACT_DONE:
@@ -920,11 +953,16 @@ static void ieee80211_work_work(struct work_struct *work)
920 run_again(local, jiffies + HZ/2); 953 run_again(local, jiffies + HZ/2);
921 } 954 }
922 955
923 if (list_empty(&local->work_list) && local->scan_req) 956 mutex_lock(&local->scan_mtx);
957
958 if (list_empty(&local->work_list) && local->scan_req &&
959 !local->scanning)
924 ieee80211_queue_delayed_work(&local->hw, 960 ieee80211_queue_delayed_work(&local->hw,
925 &local->scan_work, 961 &local->scan_work,
926 round_jiffies_relative(0)); 962 round_jiffies_relative(0));
927 963
964 mutex_unlock(&local->scan_mtx);
965
928 mutex_unlock(&local->work_mtx); 966 mutex_unlock(&local->work_mtx);
929 967
930 ieee80211_recalc_idle(local); 968 ieee80211_recalc_idle(local);
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-12 02:30:17 -0500