1 files changed, 52 insertions, 49 deletions
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index b5fbe970e48f..c2b80500ae72 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -65,14 +65,14 @@ static inline
 void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
 {
        atomic_inc(&sdata->u.sta.mshstats.estab_plinks);
-        mesh_accept_plinks_update(sdata->dev);
+        mesh_accept_plinks_update(sdata);
 }
 static inline
 void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
 {
        atomic_dec(&sdata->u.sta.mshstats.estab_plinks);
-        mesh_accept_plinks_update(sdata->dev);
+        mesh_accept_plinks_update(sdata);
 }
 /**
@@ -99,12 +99,13 @@ static inline void mesh_plink_fsm_restart(struct sta_info *sta)
 *
 * Returns: non-NULL on success, ERR_PTR() on error.
 */
-struct sta_info *mesh_plink_add(u8 *hw_addr, u64 rates, struct net_device *dev)
+struct sta_info *mesh_plink_add(u8 *hw_addr, u64 rates,
+                                struct ieee80211_sub_if_data *sdata)
 {
-        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+        struct ieee80211_local *local = sdata->local;
        struct sta_info *sta;
-        if (memcmp(hw_addr, dev->dev_addr, ETH_ALEN) == 0)
+        if (compare_ether_addr(hw_addr, sdata->dev->dev_addr) == 0)
                /* never add ourselves as neighbours */
                return ERR_PTR(-EINVAL);
@@ -114,7 +115,7 @@ struct sta_info *mesh_plink_add(u8 *hw_addr, u64 rates, struct net_device *dev)
        if (local->num_sta >= MESH_MAX_PLINKS)
                return ERR_PTR(-ENOSPC);
-        sta = sta_info_add(local, dev, hw_addr, GFP_KERNEL);
+        sta = sta_info_add(sdata, hw_addr);
        if (IS_ERR(sta))
                return sta;
@@ -125,7 +126,7 @@ struct sta_info *mesh_plink_add(u8 *hw_addr, u64 rates, struct net_device *dev)
        sta->supp_rates[local->hw.conf.channel->band] = rates;
        rate_control_rate_init(sta, local);
-        mesh_accept_plinks_update(dev);
+        mesh_accept_plinks_update(sdata);
        return sta;
 }
@@ -141,7 +142,8 @@ struct sta_info *mesh_plink_add(u8 *hw_addr, u64 rates, struct net_device *dev)
 */
 static void __mesh_plink_deactivate(struct sta_info *sta)
 {
-        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+        struct ieee80211_sub_if_data *sdata = sta->sdata;
        if (sta->plink_state == ESTAB)
                mesh_plink_dec_estab_count(sdata);
        sta->plink_state = BLOCKED;
@@ -246,11 +248,15 @@ void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct net_device *dev,
        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
        struct sta_info *sta;
+        rcu_read_lock();
        sta = sta_info_get(local, hw_addr);
        if (!sta) {
-                sta = mesh_plink_add(hw_addr, rates, dev);
+                sta = mesh_plink_add(hw_addr, rates, sdata);
-                if (IS_ERR(sta))
+                if (IS_ERR(sta)) {
+                        rcu_read_unlock();
                        return;
+                }
        }
        sta->last_rx = jiffies;
@@ -260,7 +266,7 @@ void mesh_neighbour_update(u8 *hw_addr, u64 rates, struct net_device *dev,
                        sdata->u.sta.mshcfg.auto_open_plinks)
                mesh_plink_open(sta);
-        sta_info_put(sta);
+        rcu_read_unlock();
 }
 static void mesh_plink_timer(unsigned long data)
@@ -273,6 +279,11 @@ static void mesh_plink_timer(unsigned long data)
        DECLARE_MAC_BUF(mac);
 #endif
+        /*
+         * This STA is valid because sta_info_destroy() will
+         * del_timer_sync() this timer after having made sure
+         * it cannot be readded (by deleting the plink.)
+         */
        sta = (struct sta_info *) data;
        spin_lock_bh(&sta->plink_lock);
@@ -286,8 +297,8 @@ static void mesh_plink_timer(unsigned long data)
        reason = 0;
        llid = sta->llid;
        plid = sta->plid;
-        dev = sta->dev;
+        sdata = sta->sdata;
-        sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+        dev = sdata->dev;
        switch (sta->plink_state) {
        case OPN_RCVD:
@@ -302,8 +313,7 @@ static void mesh_plink_timer(unsigned long data)
                        sta->plink_timeout = sta->plink_timeout +
                                             rand % sta->plink_timeout;
                        ++sta->plink_retries;
-                        if (!mod_plink_timer(sta, sta->plink_timeout))
+                        mod_plink_timer(sta, sta->plink_timeout);
-                                __sta_info_get(sta);
                        spin_unlock_bh(&sta->plink_lock);
                        mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid,
                                            0, 0);
@@ -316,16 +326,14 @@ static void mesh_plink_timer(unsigned long data)
                if (!reason)
                        reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT);
                sta->plink_state = HOLDING;
-                if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))
+                mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
-                        __sta_info_get(sta);
                spin_unlock_bh(&sta->plink_lock);
                mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, plid,
                                    reason);
                break;
        case HOLDING:
                /* holding timer */
-                if (del_timer(&sta->plink_timer))
+                del_timer(&sta->plink_timer);
-                        sta_info_put(sta);
                mesh_plink_fsm_restart(sta);
                spin_unlock_bh(&sta->plink_lock);
                break;
@@ -333,8 +341,6 @@ static void mesh_plink_timer(unsigned long data)
                spin_unlock_bh(&sta->plink_lock);
                break;
        }
-        sta_info_put(sta);
 }
 static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
@@ -343,14 +349,13 @@ static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
        sta->plink_timer.data = (unsigned long) sta;
        sta->plink_timer.function = mesh_plink_timer;
        sta->plink_timeout = timeout;
-        __sta_info_get(sta);
        add_timer(&sta->plink_timer);
 }
 int mesh_plink_open(struct sta_info *sta)
 {
        __le16 llid;
-        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+        struct ieee80211_sub_if_data *sdata = sta->sdata;
 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
        DECLARE_MAC_BUF(mac);
 #endif
@@ -360,7 +365,6 @@ int mesh_plink_open(struct sta_info *sta)
        sta->llid = llid;
        if (sta->plink_state != LISTEN) {
                spin_unlock_bh(&sta->plink_lock);
-                sta_info_put(sta);
                return -EBUSY;
        }
        sta->plink_state = OPN_SNT;
@@ -369,7 +373,8 @@ int mesh_plink_open(struct sta_info *sta)
        mpl_dbg("Mesh plink: starting establishment with %s\n",
                print_mac(mac, sta->addr));
-        return mesh_plink_frame_tx(sta->dev, PLINK_OPEN, sta->addr, llid, 0, 0);
+        return mesh_plink_frame_tx(sdata->dev, PLINK_OPEN,
+                                   sta->addr, llid, 0, 0);
 }
 void mesh_plink_block(struct sta_info *sta)
@@ -386,7 +391,7 @@ void mesh_plink_block(struct sta_info *sta)
 int mesh_plink_close(struct sta_info *sta)
 {
-        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);
+        struct ieee80211_sub_if_data *sdata = sta->sdata;
        int llid, plid, reason;
 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
        DECLARE_MAC_BUF(mac);
@@ -401,13 +406,11 @@ int mesh_plink_close(struct sta_info *sta)
        if (sta->plink_state == LISTEN || sta->plink_state == BLOCKED) {
                mesh_plink_fsm_restart(sta);
                spin_unlock_bh(&sta->plink_lock);
-                sta_info_put(sta);
                return 0;
        } else if (sta->plink_state == ESTAB) {
                __mesh_plink_deactivate(sta);
                /* The timer should not be running */
-                if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))
+                mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
-                        __sta_info_get(sta);
        } else if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))
                sta->ignore_plink_timer = true;
@@ -415,15 +418,16 @@ int mesh_plink_close(struct sta_info *sta)
        llid = sta->llid;
        plid = sta->plid;
        spin_unlock_bh(&sta->plink_lock);
-        mesh_plink_frame_tx(sta->dev, PLINK_CLOSE, sta->addr, llid, plid,
+        mesh_plink_frame_tx(sta->sdata->dev, PLINK_CLOSE, sta->addr, llid,
-                            reason);
+                            plid, reason);
        return 0;
 }
 void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                         size_t len, struct ieee80211_rx_status *rx_status)
 {
-        struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
+        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
+        struct ieee80211_local *local = sdata->local;
        struct ieee802_11_elems elems;
        struct sta_info *sta;
        enum plink_event event;
@@ -435,7 +439,6 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
        DECLARE_MAC_BUF(mac);
 #endif
-        struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
        if (is_multicast_ether_addr(mgmt->da)) {
                mpl_dbg("Mesh plink: ignore frame from multicast address");
@@ -474,14 +477,17 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
        if (ftype == PLINK_CONFIRM || (ftype == PLINK_CLOSE && ie_len == 7))
                memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2);
+        rcu_read_lock();
        sta = sta_info_get(local, mgmt->sa);
        if (!sta && ftype != PLINK_OPEN) {
                mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
+                rcu_read_unlock();
                return;
        }
        if (sta && sta->plink_state == BLOCKED) {
-                sta_info_put(sta);
+                rcu_read_unlock();
                return;
        }
@@ -505,13 +511,15 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                u64 rates;
                if (!mesh_plink_free_count(sdata)) {
                        mpl_dbg("Mesh plink error: no more free plinks\n");
+                        rcu_read_unlock();
                        return;
                }
                rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
-                sta = mesh_plink_add(mgmt->sa, rates, dev);
+                sta = mesh_plink_add(mgmt->sa, rates, sdata);
                if (IS_ERR(sta)) {
                        mpl_dbg("Mesh plink error: plink table full\n");
+                        rcu_read_unlock();
                        return;
                }
                event = OPN_ACPT;
@@ -521,14 +529,14 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                switch (ftype) {
                case PLINK_OPEN:
                        if (!mesh_plink_free_count(sdata) ||
-                                        (sta->plid && sta->plid != plid))
+                            (sta->plid && sta->plid != plid))
                                event = OPN_IGNR;
                        else
                                event = OPN_ACPT;
                        break;
                case PLINK_CONFIRM:
                        if (!mesh_plink_free_count(sdata) ||
-                                (sta->llid != llid || sta->plid != plid))
+                            (sta->llid != llid || sta->plid != plid))
                                event = CNF_IGNR;
                        else
                                event = CNF_ACPT;
@@ -555,7 +563,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                default:
                        mpl_dbg("Mesh plink: unknown frame subtype\n");
                        spin_unlock_bh(&sta->plink_lock);
-                        sta_info_put(sta);
+                        rcu_read_unlock();
                        return;
                }
        }
@@ -659,8 +667,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                                            plid, 0);
                        break;
                case CNF_ACPT:
-                        if (del_timer(&sta->plink_timer))
+                        del_timer(&sta->plink_timer);
-                                sta_info_put(sta);
                        sta->plink_state = ESTAB;
                        mesh_plink_inc_estab_count(sdata);
                        spin_unlock_bh(&sta->plink_lock);
@@ -693,8 +700,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                                            plid, reason);
                        break;
                case OPN_ACPT:
-                        if (del_timer(&sta->plink_timer))
+                        del_timer(&sta->plink_timer);
-                                sta_info_put(sta);
                        sta->plink_state = ESTAB;
                        mesh_plink_inc_estab_count(sdata);
                        spin_unlock_bh(&sta->plink_lock);
@@ -717,9 +723,7 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                        __mesh_plink_deactivate(sta);
                        sta->plink_state = HOLDING;
                        llid = sta->llid;
-                        if (!mod_plink_timer(sta,
+                        mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
-                                        dot11MeshHoldingTimeout(sdata)))
-                                __sta_info_get(sta);
                        spin_unlock_bh(&sta->plink_lock);
                        mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
                                            plid, reason);
@@ -738,10 +742,8 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
        case HOLDING:
                switch (event) {
                case CLS_ACPT:
-                        if (del_timer(&sta->plink_timer)) {
+                        if (del_timer(&sta->plink_timer))
                                sta->ignore_plink_timer = 1;
-                                sta_info_put(sta);
-                        }
                        mesh_plink_fsm_restart(sta);
                        spin_unlock_bh(&sta->plink_lock);
                        break;
@@ -766,5 +768,6 @@ void mesh_rx_plink_frame(struct net_device *dev, struct ieee80211_mgmt *mgmt,
                spin_unlock_bh(&sta->plink_lock);
                break;
        }
-        sta_info_put(sta);
+        rcu_read_unlock();
 }

diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c index b5fbe970e48f..c2b80500ae72 100644 --- a/net/mac80211/mesh_plink.c +++ b/net/mac80211/mesh_plink.c
@@ -65,14 +65,14 @@ static inline
65	void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)	65	void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
66	{	66	{
67	atomic_inc(&sdata->u.sta.mshstats.estab_plinks);	67	atomic_inc(&sdata->u.sta.mshstats.estab_plinks);
68	mesh_accept_plinks_update(sdata->dev);	68	mesh_accept_plinks_update(sdata);
69	}	69	}
70		70
71	static inline	71	static inline
72	void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)	72	void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
73	{	73	{
74	atomic_dec(&sdata->u.sta.mshstats.estab_plinks);	74	atomic_dec(&sdata->u.sta.mshstats.estab_plinks);
75	mesh_accept_plinks_update(sdata->dev);	75	mesh_accept_plinks_update(sdata);
76	}	76	}
77		77
78	/**	78	/**
@@ -99,12 +99,13 @@ static inline void mesh_plink_fsm_restart(struct sta_info *sta)
99	*	99	*
100	* Returns: non-NULL on success, ERR_PTR() on error.	100	* Returns: non-NULL on success, ERR_PTR() on error.
101	*/	101	*/
102	struct sta_info mesh_plink_add(u8 hw_addr, u64 rates, struct net_device *dev)	102	struct sta_info mesh_plink_add(u8 hw_addr, u64 rates,
		103	struct ieee80211_sub_if_data *sdata)
103	{	104	{
104	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);	105	struct ieee80211_local *local = sdata->local;
105	struct sta_info *sta;	106	struct sta_info *sta;
106		107
107	if (memcmp(hw_addr, dev->dev_addr, ETH_ALEN) == 0)	108	if (compare_ether_addr(hw_addr, sdata->dev->dev_addr) == 0)
108	/* never add ourselves as neighbours */	109	/* never add ourselves as neighbours */
109	return ERR_PTR(-EINVAL);	110	return ERR_PTR(-EINVAL);
110		111
@@ -114,7 +115,7 @@ struct sta_info mesh_plink_add(u8 hw_addr, u64 rates, struct net_device *dev)
114	if (local->num_sta >= MESH_MAX_PLINKS)	115	if (local->num_sta >= MESH_MAX_PLINKS)
115	return ERR_PTR(-ENOSPC);	116	return ERR_PTR(-ENOSPC);
116		117
117	sta = sta_info_add(local, dev, hw_addr, GFP_KERNEL);	118	sta = sta_info_add(sdata, hw_addr);
118	if (IS_ERR(sta))	119	if (IS_ERR(sta))
119	return sta;	120	return sta;
120		121
@@ -125,7 +126,7 @@ struct sta_info mesh_plink_add(u8 hw_addr, u64 rates, struct net_device *dev)
125	sta->supp_rates[local->hw.conf.channel->band] = rates;	126	sta->supp_rates[local->hw.conf.channel->band] = rates;
126	rate_control_rate_init(sta, local);	127	rate_control_rate_init(sta, local);
127		128
128	mesh_accept_plinks_update(dev);	129	mesh_accept_plinks_update(sdata);
129		130
130	return sta;	131	return sta;
131	}	132	}
@@ -141,7 +142,8 @@ struct sta_info mesh_plink_add(u8 hw_addr, u64 rates, struct net_device *dev)
141	*/	142	*/
142	static void __mesh_plink_deactivate(struct sta_info *sta)	143	static void __mesh_plink_deactivate(struct sta_info *sta)
143	{	144	{
144	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);	145	struct ieee80211_sub_if_data *sdata = sta->sdata;
		146
145	if (sta->plink_state == ESTAB)	147	if (sta->plink_state == ESTAB)
146	mesh_plink_dec_estab_count(sdata);	148	mesh_plink_dec_estab_count(sdata);
147	sta->plink_state = BLOCKED;	149	sta->plink_state = BLOCKED;
@@ -246,11 +248,15 @@ void mesh_neighbour_update(u8 hw_addr, u64 rates, struct net_device dev,
246	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);	248	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
247	struct sta_info *sta;	249	struct sta_info *sta;
248		250
		251	rcu_read_lock();
		252
249	sta = sta_info_get(local, hw_addr);	253	sta = sta_info_get(local, hw_addr);
250	if (!sta) {	254	if (!sta) {
251	sta = mesh_plink_add(hw_addr, rates, dev);	255	sta = mesh_plink_add(hw_addr, rates, sdata);
252	if (IS_ERR(sta))	256	if (IS_ERR(sta)) {
		257	rcu_read_unlock();
253	return;	258	return;
		259	}
254	}	260	}
255		261
256	sta->last_rx = jiffies;	262	sta->last_rx = jiffies;
@@ -260,7 +266,7 @@ void mesh_neighbour_update(u8 hw_addr, u64 rates, struct net_device dev,
260	sdata->u.sta.mshcfg.auto_open_plinks)	266	sdata->u.sta.mshcfg.auto_open_plinks)
261	mesh_plink_open(sta);	267	mesh_plink_open(sta);
262		268
263	sta_info_put(sta);	269	rcu_read_unlock();
264	}	270	}
265		271
266	static void mesh_plink_timer(unsigned long data)	272	static void mesh_plink_timer(unsigned long data)
@@ -273,6 +279,11 @@ static void mesh_plink_timer(unsigned long data)
273	DECLARE_MAC_BUF(mac);	279	DECLARE_MAC_BUF(mac);
274	#endif	280	#endif
275		281
		282	/*
		283	* This STA is valid because sta_info_destroy() will
		284	* del_timer_sync() this timer after having made sure
		285	* it cannot be readded (by deleting the plink.)
		286	*/
276	sta = (struct sta_info *) data;	287	sta = (struct sta_info *) data;
277		288
278	spin_lock_bh(&sta->plink_lock);	289	spin_lock_bh(&sta->plink_lock);
@@ -286,8 +297,8 @@ static void mesh_plink_timer(unsigned long data)
286	reason = 0;	297	reason = 0;
287	llid = sta->llid;	298	llid = sta->llid;
288	plid = sta->plid;	299	plid = sta->plid;
289	dev = sta->dev;	300	sdata = sta->sdata;
290	sdata = IEEE80211_DEV_TO_SUB_IF(dev);	301	dev = sdata->dev;
291		302
292	switch (sta->plink_state) {	303	switch (sta->plink_state) {
293	case OPN_RCVD:	304	case OPN_RCVD:
@@ -302,8 +313,7 @@ static void mesh_plink_timer(unsigned long data)
302	sta->plink_timeout = sta->plink_timeout +	313	sta->plink_timeout = sta->plink_timeout +
303	rand % sta->plink_timeout;	314	rand % sta->plink_timeout;
304	++sta->plink_retries;	315	++sta->plink_retries;
305	if (!mod_plink_timer(sta, sta->plink_timeout))	316	mod_plink_timer(sta, sta->plink_timeout);
306	__sta_info_get(sta);
307	spin_unlock_bh(&sta->plink_lock);	317	spin_unlock_bh(&sta->plink_lock);
308	mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid,	318	mesh_plink_frame_tx(dev, PLINK_OPEN, sta->addr, llid,
309	0, 0);	319	0, 0);
@@ -316,16 +326,14 @@ static void mesh_plink_timer(unsigned long data)
316	if (!reason)	326	if (!reason)
317	reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT);	327	reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT);
318	sta->plink_state = HOLDING;	328	sta->plink_state = HOLDING;
319	if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))	329	mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
320	__sta_info_get(sta);
321	spin_unlock_bh(&sta->plink_lock);	330	spin_unlock_bh(&sta->plink_lock);
322	mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, plid,	331	mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid, plid,
323	reason);	332	reason);
324	break;	333	break;
325	case HOLDING:	334	case HOLDING:
326	/* holding timer */	335	/* holding timer */
327	if (del_timer(&sta->plink_timer))	336	del_timer(&sta->plink_timer);
328	sta_info_put(sta);
329	mesh_plink_fsm_restart(sta);	337	mesh_plink_fsm_restart(sta);
330	spin_unlock_bh(&sta->plink_lock);	338	spin_unlock_bh(&sta->plink_lock);
331	break;	339	break;
@@ -333,8 +341,6 @@ static void mesh_plink_timer(unsigned long data)
333	spin_unlock_bh(&sta->plink_lock);	341	spin_unlock_bh(&sta->plink_lock);
334	break;	342	break;
335	}	343	}
336
337	sta_info_put(sta);
338	}	344	}
339		345
340	static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)	346	static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
@@ -343,14 +349,13 @@ static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
343	sta->plink_timer.data = (unsigned long) sta;	349	sta->plink_timer.data = (unsigned long) sta;
344	sta->plink_timer.function = mesh_plink_timer;	350	sta->plink_timer.function = mesh_plink_timer;
345	sta->plink_timeout = timeout;	351	sta->plink_timeout = timeout;
346	__sta_info_get(sta);
347	add_timer(&sta->plink_timer);	352	add_timer(&sta->plink_timer);
348	}	353	}
349		354
350	int mesh_plink_open(struct sta_info *sta)	355	int mesh_plink_open(struct sta_info *sta)
351	{	356	{
352	__le16 llid;	357	__le16 llid;
353	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);	358	struct ieee80211_sub_if_data *sdata = sta->sdata;
354	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG	359	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
355	DECLARE_MAC_BUF(mac);	360	DECLARE_MAC_BUF(mac);
356	#endif	361	#endif
@@ -360,7 +365,6 @@ int mesh_plink_open(struct sta_info *sta)
360	sta->llid = llid;	365	sta->llid = llid;
361	if (sta->plink_state != LISTEN) {	366	if (sta->plink_state != LISTEN) {
362	spin_unlock_bh(&sta->plink_lock);	367	spin_unlock_bh(&sta->plink_lock);
363	sta_info_put(sta);
364	return -EBUSY;	368	return -EBUSY;
365	}	369	}
366	sta->plink_state = OPN_SNT;	370	sta->plink_state = OPN_SNT;
@@ -369,7 +373,8 @@ int mesh_plink_open(struct sta_info *sta)
369	mpl_dbg("Mesh plink: starting establishment with %s\n",	373	mpl_dbg("Mesh plink: starting establishment with %s\n",
370	print_mac(mac, sta->addr));	374	print_mac(mac, sta->addr));
371		375
372	return mesh_plink_frame_tx(sta->dev, PLINK_OPEN, sta->addr, llid, 0, 0);	376	return mesh_plink_frame_tx(sdata->dev, PLINK_OPEN,
		377	sta->addr, llid, 0, 0);
373	}	378	}
374		379
375	void mesh_plink_block(struct sta_info *sta)	380	void mesh_plink_block(struct sta_info *sta)
@@ -386,7 +391,7 @@ void mesh_plink_block(struct sta_info *sta)
386		391
387	int mesh_plink_close(struct sta_info *sta)	392	int mesh_plink_close(struct sta_info *sta)
388	{	393	{
389	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev);	394	struct ieee80211_sub_if_data *sdata = sta->sdata;
390	int llid, plid, reason;	395	int llid, plid, reason;
391	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG	396	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
392	DECLARE_MAC_BUF(mac);	397	DECLARE_MAC_BUF(mac);
@@ -401,13 +406,11 @@ int mesh_plink_close(struct sta_info *sta)
401	if (sta->plink_state == LISTEN \|\| sta->plink_state == BLOCKED) {	406	if (sta->plink_state == LISTEN \|\| sta->plink_state == BLOCKED) {
402	mesh_plink_fsm_restart(sta);	407	mesh_plink_fsm_restart(sta);
403	spin_unlock_bh(&sta->plink_lock);	408	spin_unlock_bh(&sta->plink_lock);
404	sta_info_put(sta);
405	return 0;	409	return 0;
406	} else if (sta->plink_state == ESTAB) {	410	} else if (sta->plink_state == ESTAB) {
407	__mesh_plink_deactivate(sta);	411	__mesh_plink_deactivate(sta);
408	/* The timer should not be running */	412	/* The timer should not be running */
409	if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))	413	mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
410	__sta_info_get(sta);
411	} else if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))	414	} else if (!mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)))
412	sta->ignore_plink_timer = true;	415	sta->ignore_plink_timer = true;
413		416
@@ -415,15 +418,16 @@ int mesh_plink_close(struct sta_info *sta)
415	llid = sta->llid;	418	llid = sta->llid;
416	plid = sta->plid;	419	plid = sta->plid;
417	spin_unlock_bh(&sta->plink_lock);	420	spin_unlock_bh(&sta->plink_lock);
418	mesh_plink_frame_tx(sta->dev, PLINK_CLOSE, sta->addr, llid, plid,	421	mesh_plink_frame_tx(sta->sdata->dev, PLINK_CLOSE, sta->addr, llid,
419	reason);	422	plid, reason);
420	return 0;	423	return 0;
421	}	424	}
422		425
423	void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,	426	void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
424	size_t len, struct ieee80211_rx_status *rx_status)	427	size_t len, struct ieee80211_rx_status *rx_status)
425	{	428	{
426	struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);	429	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
		430	struct ieee80211_local *local = sdata->local;
427	struct ieee802_11_elems elems;	431	struct ieee802_11_elems elems;
428	struct sta_info *sta;	432	struct sta_info *sta;
429	enum plink_event event;	433	enum plink_event event;
@@ -435,7 +439,6 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
435	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG	439	#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
436	DECLARE_MAC_BUF(mac);	440	DECLARE_MAC_BUF(mac);
437	#endif	441	#endif
438	struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
439		442
440	if (is_multicast_ether_addr(mgmt->da)) {	443	if (is_multicast_ether_addr(mgmt->da)) {
441	mpl_dbg("Mesh plink: ignore frame from multicast address");	444	mpl_dbg("Mesh plink: ignore frame from multicast address");
@@ -474,14 +477,17 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
474	if (ftype == PLINK_CONFIRM \|\| (ftype == PLINK_CLOSE && ie_len == 7))	477	if (ftype == PLINK_CONFIRM \|\| (ftype == PLINK_CLOSE && ie_len == 7))
475	memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2);	478	memcpy(&llid, PLINK_GET_PLID(elems.peer_link), 2);
476		479
		480	rcu_read_lock();
		481
477	sta = sta_info_get(local, mgmt->sa);	482	sta = sta_info_get(local, mgmt->sa);
478	if (!sta && ftype != PLINK_OPEN) {	483	if (!sta && ftype != PLINK_OPEN) {
479	mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");	484	mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
		485	rcu_read_unlock();
480	return;	486	return;
481	}	487	}
482		488
483	if (sta && sta->plink_state == BLOCKED) {	489	if (sta && sta->plink_state == BLOCKED) {
484	sta_info_put(sta);	490	rcu_read_unlock();
485	return;	491	return;
486	}	492	}
487		493
@@ -505,13 +511,15 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
505	u64 rates;	511	u64 rates;
506	if (!mesh_plink_free_count(sdata)) {	512	if (!mesh_plink_free_count(sdata)) {
507	mpl_dbg("Mesh plink error: no more free plinks\n");	513	mpl_dbg("Mesh plink error: no more free plinks\n");
		514	rcu_read_unlock();
508	return;	515	return;
509	}	516	}
510		517
511	rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);	518	rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
512	sta = mesh_plink_add(mgmt->sa, rates, dev);	519	sta = mesh_plink_add(mgmt->sa, rates, sdata);
513	if (IS_ERR(sta)) {	520	if (IS_ERR(sta)) {
514	mpl_dbg("Mesh plink error: plink table full\n");	521	mpl_dbg("Mesh plink error: plink table full\n");
		522	rcu_read_unlock();
515	return;	523	return;
516	}	524	}
517	event = OPN_ACPT;	525	event = OPN_ACPT;
@@ -521,14 +529,14 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
521	switch (ftype) {	529	switch (ftype) {
522	case PLINK_OPEN:	530	case PLINK_OPEN:
523	if (!mesh_plink_free_count(sdata) \|\|	531	if (!mesh_plink_free_count(sdata) \|\|
524	(sta->plid && sta->plid != plid))	532	(sta->plid && sta->plid != plid))
525	event = OPN_IGNR;	533	event = OPN_IGNR;
526	else	534	else
527	event = OPN_ACPT;	535	event = OPN_ACPT;
528	break;	536	break;
529	case PLINK_CONFIRM:	537	case PLINK_CONFIRM:
530	if (!mesh_plink_free_count(sdata) \|\|	538	if (!mesh_plink_free_count(sdata) \|\|
531	(sta->llid != llid \|\| sta->plid != plid))	539	(sta->llid != llid \|\| sta->plid != plid))
532	event = CNF_IGNR;	540	event = CNF_IGNR;
533	else	541	else
534	event = CNF_ACPT;	542	event = CNF_ACPT;
@@ -555,7 +563,7 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
555	default:	563	default:
556	mpl_dbg("Mesh plink: unknown frame subtype\n");	564	mpl_dbg("Mesh plink: unknown frame subtype\n");
557	spin_unlock_bh(&sta->plink_lock);	565	spin_unlock_bh(&sta->plink_lock);
558	sta_info_put(sta);	566	rcu_read_unlock();
559	return;	567	return;
560	}	568	}
561	}	569	}
@@ -659,8 +667,7 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
659	plid, 0);	667	plid, 0);
660	break;	668	break;
661	case CNF_ACPT:	669	case CNF_ACPT:
662	if (del_timer(&sta->plink_timer))	670	del_timer(&sta->plink_timer);
663	sta_info_put(sta);
664	sta->plink_state = ESTAB;	671	sta->plink_state = ESTAB;
665	mesh_plink_inc_estab_count(sdata);	672	mesh_plink_inc_estab_count(sdata);
666	spin_unlock_bh(&sta->plink_lock);	673	spin_unlock_bh(&sta->plink_lock);
@@ -693,8 +700,7 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
693	plid, reason);	700	plid, reason);
694	break;	701	break;
695	case OPN_ACPT:	702	case OPN_ACPT:
696	if (del_timer(&sta->plink_timer))	703	del_timer(&sta->plink_timer);
697	sta_info_put(sta);
698	sta->plink_state = ESTAB;	704	sta->plink_state = ESTAB;
699	mesh_plink_inc_estab_count(sdata);	705	mesh_plink_inc_estab_count(sdata);
700	spin_unlock_bh(&sta->plink_lock);	706	spin_unlock_bh(&sta->plink_lock);
@@ -717,9 +723,7 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
717	__mesh_plink_deactivate(sta);	723	__mesh_plink_deactivate(sta);
718	sta->plink_state = HOLDING;	724	sta->plink_state = HOLDING;
719	llid = sta->llid;	725	llid = sta->llid;
720	if (!mod_plink_timer(sta,	726	mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
721	dot11MeshHoldingTimeout(sdata)))
722	__sta_info_get(sta);
723	spin_unlock_bh(&sta->plink_lock);	727	spin_unlock_bh(&sta->plink_lock);
724	mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,	728	mesh_plink_frame_tx(dev, PLINK_CLOSE, sta->addr, llid,
725	plid, reason);	729	plid, reason);
@@ -738,10 +742,8 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
738	case HOLDING:	742	case HOLDING:
739	switch (event) {	743	switch (event) {
740	case CLS_ACPT:	744	case CLS_ACPT:
741	if (del_timer(&sta->plink_timer)) {	745	if (del_timer(&sta->plink_timer))
742	sta->ignore_plink_timer = 1;	746	sta->ignore_plink_timer = 1;
743	sta_info_put(sta);
744	}
745	mesh_plink_fsm_restart(sta);	747	mesh_plink_fsm_restart(sta);
746	spin_unlock_bh(&sta->plink_lock);	748	spin_unlock_bh(&sta->plink_lock);
747	break;	749	break;
@@ -766,5 +768,6 @@ void mesh_rx_plink_frame(struct net_device dev, struct ieee80211_mgmt mgmt,
766	spin_unlock_bh(&sta->plink_lock);	768	spin_unlock_bh(&sta->plink_lock);
767	break;	769	break;
768	}	770	}
769	sta_info_put(sta);	771
		772	rcu_read_unlock();
770	}	773	}