aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211/sta_info.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211/sta_info.c')
-rw-r--r--net/mac80211/sta_info.c731
1 files changed, 363 insertions, 368 deletions
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index f735826f055c..211c475f73c6 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -32,49 +32,33 @@
32 * for faster lookup and a list for iteration. They are managed using 32 * for faster lookup and a list for iteration. They are managed using
33 * RCU, i.e. access to the list and hash table is protected by RCU. 33 * RCU, i.e. access to the list and hash table is protected by RCU.
34 * 34 *
35 * Upon allocating a STA info structure with sta_info_alloc(), the caller owns 35 * Upon allocating a STA info structure with sta_info_alloc(), the caller
36 * that structure. It must then either destroy it using sta_info_destroy() 36 * owns that structure. It must then insert it into the hash table using
37 * (which is pretty useless) or insert it into the hash table using 37 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
38 * sta_info_insert() which demotes the reference from ownership to a regular 38 * case (which acquires an rcu read section but must not be called from
39 * RCU-protected reference; if the function is called without protection by an 39 * within one) will the pointer still be valid after the call. Note that
40 * RCU critical section the reference is instantly invalidated. Note that the 40 * the caller may not do much with the STA info before inserting it, in
41 * caller may not do much with the STA info before inserting it, in particular, 41 * particular, it may not start any mesh peer link management or add
42 * it may not start any mesh peer link management or add encryption keys. 42 * encryption keys.
43 * 43 *
44 * When the insertion fails (sta_info_insert()) returns non-zero), the 44 * When the insertion fails (sta_info_insert()) returns non-zero), the
45 * structure will have been freed by sta_info_insert()! 45 * structure will have been freed by sta_info_insert()!
46 * 46 *
47 * sta entries are added by mac80211 when you establish a link with a 47 * Station entries are added by mac80211 when you establish a link with a
48 * peer. This means different things for the different type of interfaces 48 * peer. This means different things for the different type of interfaces
49 * we support. For a regular station this mean we add the AP sta when we 49 * we support. For a regular station this mean we add the AP sta when we
50 * receive an assocation response from the AP. For IBSS this occurs when 50 * receive an assocation response from the AP. For IBSS this occurs when
51 * we receive a probe response or a beacon from target IBSS network. For 51 * get to know about a peer on the same IBSS. For WDS we add the sta for
52 * WDS we add the sta for the peer imediately upon device open. When using 52 * the peer imediately upon device open. When using AP mode we add stations
53 * AP mode we add stations for each respective station upon request from 53 * for each respective station upon request from userspace through nl80211.
54 * userspace through nl80211.
55 * 54 *
56 * Because there are debugfs entries for each station, and adding those 55 * In order to remove a STA info structure, various sta_info_destroy_*()
57 * must be able to sleep, it is also possible to "pin" a station entry, 56 * calls are available.
58 * that means it can be removed from the hash table but not be freed.
59 * See the comment in __sta_info_unlink() for more information, this is
60 * an internal capability only.
61 * 57 *
62 * In order to remove a STA info structure, the caller needs to first 58 * There is no concept of ownership on a STA entry, each structure is
63 * unlink it (sta_info_unlink()) from the list and hash tables and 59 * owned by the global hash table/list until it is removed. All users of
64 * then destroy it; sta_info_destroy() will wait for an RCU grace period 60 * the structure need to be RCU protected so that the structure won't be
65 * to elapse before actually freeing it. Due to the pinning and the 61 * freed before they are done using it.
66 * possibility of multiple callers trying to remove the same STA info at
67 * the same time, sta_info_unlink() can clear the STA info pointer it is
68 * passed to indicate that the STA info is owned by somebody else now.
69 *
70 * If sta_info_unlink() did not clear the pointer then the caller owns
71 * the STA info structure now and is responsible of destroying it with
72 * a call to sta_info_destroy().
73 *
74 * In all other cases, there is no concept of ownership on a STA entry,
75 * each structure is owned by the global hash table/list until it is
76 * removed. All users of the structure need to be RCU protected so that
77 * the structure won't be freed before they are done using it.
78 */ 62 */
79 63
80/* Caller must hold local->sta_lock */ 64/* Caller must hold local->sta_lock */
@@ -185,101 +169,6 @@ static void __sta_info_free(struct ieee80211_local *local,
185 kfree(sta); 169 kfree(sta);
186} 170}
187 171
188void sta_info_destroy(struct sta_info *sta)
189{
190 struct ieee80211_local *local;
191 struct sk_buff *skb;
192 int i;
193
194 might_sleep();
195
196 if (!sta)
197 return;
198
199 local = sta->local;
200
201 cancel_work_sync(&sta->drv_unblock_wk);
202
203 rate_control_remove_sta_debugfs(sta);
204 ieee80211_sta_debugfs_remove(sta);
205
206#ifdef CONFIG_MAC80211_MESH
207 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
208 mesh_plink_deactivate(sta);
209#endif
210
211 /*
212 * We have only unlinked the key, and actually destroying it
213 * may mean it is removed from hardware which requires that
214 * the key->sta pointer is still valid, so flush the key todo
215 * list here.
216 *
217 * ieee80211_key_todo() will synchronize_rcu() so after this
218 * nothing can reference this sta struct any more.
219 */
220 ieee80211_key_todo();
221
222#ifdef CONFIG_MAC80211_MESH
223 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
224 del_timer_sync(&sta->plink_timer);
225#endif
226
227 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
228 local->total_ps_buffered--;
229 dev_kfree_skb_any(skb);
230 }
231
232 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
233 dev_kfree_skb_any(skb);
234
235 for (i = 0; i < STA_TID_NUM; i++) {
236 struct tid_ampdu_rx *tid_rx;
237 struct tid_ampdu_tx *tid_tx;
238
239 spin_lock_bh(&sta->lock);
240 tid_rx = sta->ampdu_mlme.tid_rx[i];
241 /* Make sure timer won't free the tid_rx struct, see below */
242 if (tid_rx)
243 tid_rx->shutdown = true;
244
245 spin_unlock_bh(&sta->lock);
246
247 /*
248 * Outside spinlock - shutdown is true now so that the timer
249 * won't free tid_rx, we have to do that now. Can't let the
250 * timer do it because we have to sync the timer outside the
251 * lock that it takes itself.
252 */
253 if (tid_rx) {
254 del_timer_sync(&tid_rx->session_timer);
255 kfree(tid_rx);
256 }
257
258 /*
259 * No need to do such complications for TX agg sessions, the
260 * path leading to freeing the tid_tx struct goes via a call
261 * from the driver, and thus needs to look up the sta struct
262 * again, which cannot be found when we get here. Hence, we
263 * just need to delete the timer and free the aggregation
264 * info; we won't be telling the peer about it then but that
265 * doesn't matter if we're not talking to it again anyway.
266 */
267 tid_tx = sta->ampdu_mlme.tid_tx[i];
268 if (tid_tx) {
269 del_timer_sync(&tid_tx->addba_resp_timer);
270 /*
271 * STA removed while aggregation session being
272 * started? Bit odd, but purge frames anyway.
273 */
274 skb_queue_purge(&tid_tx->pending);
275 kfree(tid_tx);
276 }
277 }
278
279 __sta_info_free(local, sta);
280}
281
282
283/* Caller must hold local->sta_lock */ 172/* Caller must hold local->sta_lock */
284static void sta_info_hash_add(struct ieee80211_local *local, 173static void sta_info_hash_add(struct ieee80211_local *local,
285 struct sta_info *sta) 174 struct sta_info *sta)
@@ -376,7 +265,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
376 return sta; 265 return sta;
377} 266}
378 267
379int sta_info_insert(struct sta_info *sta) 268static int sta_info_finish_insert(struct sta_info *sta, bool async)
380{ 269{
381 struct ieee80211_local *local = sta->local; 270 struct ieee80211_local *local = sta->local;
382 struct ieee80211_sub_if_data *sdata = sta->sdata; 271 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -384,6 +273,91 @@ int sta_info_insert(struct sta_info *sta)
384 unsigned long flags; 273 unsigned long flags;
385 int err = 0; 274 int err = 0;
386 275
276 WARN_ON(!mutex_is_locked(&local->sta_mtx));
277
278 /* notify driver */
279 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
280 sdata = container_of(sdata->bss,
281 struct ieee80211_sub_if_data,
282 u.ap);
283 err = drv_sta_add(local, sdata, &sta->sta);
284 if (err) {
285 if (!async)
286 return err;
287 printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to driver (%d)"
288 " - keeping it anyway.\n",
289 sdata->name, sta->sta.addr, err);
290 } else {
291 sta->uploaded = true;
292#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
293 if (async)
294 printk(KERN_DEBUG "%s: Finished adding IBSS STA %pM\n",
295 wiphy_name(local->hw.wiphy), sta->sta.addr);
296#endif
297 }
298
299 sdata = sta->sdata;
300
301 if (!async) {
302 local->num_sta++;
303 local->sta_generation++;
304 smp_mb();
305
306 /* make the station visible */
307 spin_lock_irqsave(&local->sta_lock, flags);
308 sta_info_hash_add(local, sta);
309 spin_unlock_irqrestore(&local->sta_lock, flags);
310 }
311
312 list_add(&sta->list, &local->sta_list);
313
314 ieee80211_sta_debugfs_add(sta);
315 rate_control_add_sta_debugfs(sta);
316
317 sinfo.filled = 0;
318 sinfo.generation = local->sta_generation;
319 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
320
321
322 return 0;
323}
324
325static void sta_info_finish_pending(struct ieee80211_local *local)
326{
327 struct sta_info *sta;
328 unsigned long flags;
329
330 spin_lock_irqsave(&local->sta_lock, flags);
331 while (!list_empty(&local->sta_pending_list)) {
332 sta = list_first_entry(&local->sta_pending_list,
333 struct sta_info, list);
334 list_del(&sta->list);
335 spin_unlock_irqrestore(&local->sta_lock, flags);
336
337 sta_info_finish_insert(sta, true);
338
339 spin_lock_irqsave(&local->sta_lock, flags);
340 }
341 spin_unlock_irqrestore(&local->sta_lock, flags);
342}
343
344static void sta_info_finish_work(struct work_struct *work)
345{
346 struct ieee80211_local *local =
347 container_of(work, struct ieee80211_local, sta_finish_work);
348
349 mutex_lock(&local->sta_mtx);
350 sta_info_finish_pending(local);
351 mutex_unlock(&local->sta_mtx);
352}
353
354int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
355{
356 struct ieee80211_local *local = sta->local;
357 struct ieee80211_sub_if_data *sdata = sta->sdata;
358 unsigned long flags;
359 int err = 0;
360
387 /* 361 /*
388 * Can't be a WARN_ON because it can be triggered through a race: 362 * Can't be a WARN_ON because it can be triggered through a race:
389 * something inserts a STA (on one CPU) without holding the RTNL 363 * something inserts a STA (on one CPU) without holding the RTNL
@@ -391,36 +365,87 @@ int sta_info_insert(struct sta_info *sta)
391 */ 365 */
392 if (unlikely(!ieee80211_sdata_running(sdata))) { 366 if (unlikely(!ieee80211_sdata_running(sdata))) {
393 err = -ENETDOWN; 367 err = -ENETDOWN;
368 rcu_read_lock();
394 goto out_free; 369 goto out_free;
395 } 370 }
396 371
397 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 || 372 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
398 is_multicast_ether_addr(sta->sta.addr))) { 373 is_multicast_ether_addr(sta->sta.addr))) {
399 err = -EINVAL; 374 err = -EINVAL;
375 rcu_read_lock();
400 goto out_free; 376 goto out_free;
401 } 377 }
402 378
379 /*
380 * In ad-hoc mode, we sometimes need to insert stations
381 * from tasklet context from the RX path. To avoid races,
382 * always do so in that case -- see the comment below.
383 */
384 if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
385 spin_lock_irqsave(&local->sta_lock, flags);
386 /* check if STA exists already */
387 if (sta_info_get_bss(sdata, sta->sta.addr)) {
388 spin_unlock_irqrestore(&local->sta_lock, flags);
389 rcu_read_lock();
390 err = -EEXIST;
391 goto out_free;
392 }
393
394 local->num_sta++;
395 local->sta_generation++;
396 smp_mb();
397 sta_info_hash_add(local, sta);
398
399 list_add_tail(&sta->list, &local->sta_pending_list);
400
401 rcu_read_lock();
402 spin_unlock_irqrestore(&local->sta_lock, flags);
403
404#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
405 printk(KERN_DEBUG "%s: Added IBSS STA %pM\n",
406 wiphy_name(local->hw.wiphy), sta->sta.addr);
407#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
408
409 ieee80211_queue_work(&local->hw, &local->sta_finish_work);
410
411 return 0;
412 }
413
414 /*
415 * On first glance, this will look racy, because the code
416 * below this point, which inserts a station with sleeping,
417 * unlocks the sta_lock between checking existence in the
418 * hash table and inserting into it.
419 *
420 * However, it is not racy against itself because it keeps
421 * the mutex locked. It still seems to race against the
422 * above code that atomically inserts the station... That,
423 * however, is not true because the above code can only
424 * be invoked for IBSS interfaces, and the below code will
425 * not be -- and the two do not race against each other as
426 * the hash table also keys off the interface.
427 */
428
429 might_sleep();
430
431 mutex_lock(&local->sta_mtx);
432
403 spin_lock_irqsave(&local->sta_lock, flags); 433 spin_lock_irqsave(&local->sta_lock, flags);
404 /* check if STA exists already */ 434 /* check if STA exists already */
405 if (sta_info_get(sdata, sta->sta.addr)) { 435 if (sta_info_get_bss(sdata, sta->sta.addr)) {
406 spin_unlock_irqrestore(&local->sta_lock, flags); 436 spin_unlock_irqrestore(&local->sta_lock, flags);
437 rcu_read_lock();
407 err = -EEXIST; 438 err = -EEXIST;
408 goto out_free; 439 goto out_free;
409 } 440 }
410 list_add(&sta->list, &local->sta_list);
411 local->sta_generation++;
412 local->num_sta++;
413 sta_info_hash_add(local, sta);
414 441
415 /* notify driver */ 442 spin_unlock_irqrestore(&local->sta_lock, flags);
416 if (local->ops->sta_notify) {
417 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
418 sdata = container_of(sdata->bss,
419 struct ieee80211_sub_if_data,
420 u.ap);
421 443
422 drv_sta_notify(local, sdata, STA_NOTIFY_ADD, &sta->sta); 444 err = sta_info_finish_insert(sta, false);
423 sdata = sta->sdata; 445 if (err) {
446 mutex_unlock(&local->sta_mtx);
447 rcu_read_lock();
448 goto out_free;
424 } 449 }
425 450
426#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 451#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -428,22 +453,9 @@ int sta_info_insert(struct sta_info *sta)
428 wiphy_name(local->hw.wiphy), sta->sta.addr); 453 wiphy_name(local->hw.wiphy), sta->sta.addr);
429#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 454#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
430 455
431 spin_unlock_irqrestore(&local->sta_lock, flags); 456 /* move reference to rcu-protected */
432 457 rcu_read_lock();
433 sinfo.filled = 0; 458 mutex_unlock(&local->sta_mtx);
434 sinfo.generation = local->sta_generation;
435 cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_ATOMIC);
436
437#ifdef CONFIG_MAC80211_DEBUGFS
438 /*
439 * Debugfs entry adding might sleep, so schedule process
440 * context task for adding entry for STAs that do not yet
441 * have one.
442 * NOTE: due to auto-freeing semantics this may only be done
443 * if the insertion is successful!
444 */
445 schedule_work(&local->sta_debugfs_add);
446#endif
447 459
448 if (ieee80211_vif_is_mesh(&sdata->vif)) 460 if (ieee80211_vif_is_mesh(&sdata->vif))
449 mesh_accept_plinks_update(sdata); 461 mesh_accept_plinks_update(sdata);
@@ -455,6 +467,15 @@ int sta_info_insert(struct sta_info *sta)
455 return err; 467 return err;
456} 468}
457 469
470int sta_info_insert(struct sta_info *sta)
471{
472 int err = sta_info_insert_rcu(sta);
473
474 rcu_read_unlock();
475
476 return err;
477}
478
458static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 479static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
459{ 480{
460 /* 481 /*
@@ -523,108 +544,6 @@ void sta_info_clear_tim_bit(struct sta_info *sta)
523 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 544 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
524} 545}
525 546
526static void __sta_info_unlink(struct sta_info **sta)
527{
528 struct ieee80211_local *local = (*sta)->local;
529 struct ieee80211_sub_if_data *sdata = (*sta)->sdata;
530 /*
531 * pull caller's reference if we're already gone.
532 */
533 if (sta_info_hash_del(local, *sta)) {
534 *sta = NULL;
535 return;
536 }
537
538 if ((*sta)->key) {
539 ieee80211_key_free((*sta)->key);
540 WARN_ON((*sta)->key);
541 }
542
543 list_del(&(*sta)->list);
544 (*sta)->dead = true;
545
546 if (test_and_clear_sta_flags(*sta,
547 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
548 BUG_ON(!sdata->bss);
549
550 atomic_dec(&sdata->bss->num_sta_ps);
551 __sta_info_clear_tim_bit(sdata->bss, *sta);
552 }
553
554 local->num_sta--;
555 local->sta_generation++;
556
557 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
558 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
559
560 if (local->ops->sta_notify) {
561 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
562 sdata = container_of(sdata->bss,
563 struct ieee80211_sub_if_data,
564 u.ap);
565
566 drv_sta_notify(local, sdata, STA_NOTIFY_REMOVE,
567 &(*sta)->sta);
568 sdata = (*sta)->sdata;
569 }
570
571 if (ieee80211_vif_is_mesh(&sdata->vif)) {
572 mesh_accept_plinks_update(sdata);
573#ifdef CONFIG_MAC80211_MESH
574 del_timer(&(*sta)->plink_timer);
575#endif
576 }
577
578#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
579 printk(KERN_DEBUG "%s: Removed STA %pM\n",
580 wiphy_name(local->hw.wiphy), (*sta)->sta.addr);
581#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
582
583 /*
584 * Finally, pull caller's reference if the STA is pinned by the
585 * task that is adding the debugfs entries. In that case, we
586 * leave the STA "to be freed".
587 *
588 * The rules are not trivial, but not too complex either:
589 * (1) pin_status is only modified under the sta_lock
590 * (2) STAs may only be pinned under the RTNL so that
591 * sta_info_flush() is guaranteed to actually destroy
592 * all STAs that are active for a given interface, this
593 * is required for correctness because otherwise we
594 * could notify a driver that an interface is going
595 * away and only after that (!) notify it about a STA
596 * on that interface going away.
597 * (3) sta_info_debugfs_add_work() will set the status
598 * to PINNED when it found an item that needs a new
599 * debugfs directory created. In that case, that item
600 * must not be freed although all *RCU* users are done
601 * with it. Hence, we tell the caller of _unlink()
602 * that the item is already gone (as can happen when
603 * two tasks try to unlink/destroy at the same time)
604 * (4) We set the pin_status to DESTROY here when we
605 * find such an item.
606 * (5) sta_info_debugfs_add_work() will reset the pin_status
607 * from PINNED to NORMAL when it is done with the item,
608 * but will check for DESTROY before resetting it in
609 * which case it will free the item.
610 */
611 if ((*sta)->pin_status == STA_INFO_PIN_STAT_PINNED) {
612 (*sta)->pin_status = STA_INFO_PIN_STAT_DESTROY;
613 *sta = NULL;
614 return;
615 }
616}
617
618void sta_info_unlink(struct sta_info **sta)
619{
620 struct ieee80211_local *local = (*sta)->local;
621 unsigned long flags;
622
623 spin_lock_irqsave(&local->sta_lock, flags);
624 __sta_info_unlink(sta);
625 spin_unlock_irqrestore(&local->sta_lock, flags);
626}
627
628static int sta_info_buffer_expired(struct sta_info *sta, 547static int sta_info_buffer_expired(struct sta_info *sta,
629 struct sk_buff *skb) 548 struct sk_buff *skb)
630{ 549{
@@ -681,109 +600,209 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
681 } 600 }
682} 601}
683 602
684 603static int __must_check __sta_info_destroy(struct sta_info *sta)
685static void sta_info_cleanup(unsigned long data)
686{ 604{
687 struct ieee80211_local *local = (struct ieee80211_local *) data; 605 struct ieee80211_local *local;
688 struct sta_info *sta; 606 struct ieee80211_sub_if_data *sdata;
607 struct sk_buff *skb;
608 unsigned long flags;
609 int ret, i;
689 610
690 rcu_read_lock(); 611 might_sleep();
691 list_for_each_entry_rcu(sta, &local->sta_list, list)
692 sta_info_cleanup_expire_buffered(local, sta);
693 rcu_read_unlock();
694 612
695 if (local->quiescing) 613 if (!sta)
696 return; 614 return -ENOENT;
697 615
698 local->sta_cleanup.expires = 616 local = sta->local;
699 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 617 sdata = sta->sdata;
700 add_timer(&local->sta_cleanup);
701}
702 618
703#ifdef CONFIG_MAC80211_DEBUGFS 619 spin_lock_irqsave(&local->sta_lock, flags);
704/* 620 ret = sta_info_hash_del(local, sta);
705 * See comment in __sta_info_unlink, 621 /* this might still be the pending list ... which is fine */
706 * caller must hold local->sta_lock. 622 if (!ret)
707 */ 623 list_del(&sta->list);
708static void __sta_info_pin(struct sta_info *sta) 624 spin_unlock_irqrestore(&local->sta_lock, flags);
709{ 625 if (ret)
710 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); 626 return ret;
711 sta->pin_status = STA_INFO_PIN_STAT_PINNED; 627
628 if (sta->key) {
629 ieee80211_key_free(sta->key);
630 /*
631 * We have only unlinked the key, and actually destroying it
632 * may mean it is removed from hardware which requires that
633 * the key->sta pointer is still valid, so flush the key todo
634 * list here.
635 *
636 * ieee80211_key_todo() will synchronize_rcu() so after this
637 * nothing can reference this sta struct any more.
638 */
639 ieee80211_key_todo();
640
641 WARN_ON(sta->key);
642 }
643
644 sta->dead = true;
645
646 if (test_and_clear_sta_flags(sta,
647 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
648 BUG_ON(!sdata->bss);
649
650 atomic_dec(&sdata->bss->num_sta_ps);
651 __sta_info_clear_tim_bit(sdata->bss, sta);
652 }
653
654 local->num_sta--;
655 local->sta_generation++;
656
657 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
658 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
659
660 if (sta->uploaded) {
661 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
662 sdata = container_of(sdata->bss,
663 struct ieee80211_sub_if_data,
664 u.ap);
665 drv_sta_remove(local, sdata, &sta->sta);
666 sdata = sta->sdata;
667 }
668
669#ifdef CONFIG_MAC80211_MESH
670 if (ieee80211_vif_is_mesh(&sdata->vif)) {
671 mesh_accept_plinks_update(sdata);
672 del_timer(&sta->plink_timer);
673 }
674#endif
675
676#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
677 printk(KERN_DEBUG "%s: Removed STA %pM\n",
678 wiphy_name(local->hw.wiphy), sta->sta.addr);
679#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
680 cancel_work_sync(&sta->drv_unblock_wk);
681
682 rate_control_remove_sta_debugfs(sta);
683 ieee80211_sta_debugfs_remove(sta);
684
685#ifdef CONFIG_MAC80211_MESH
686 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
687 mesh_plink_deactivate(sta);
688 del_timer_sync(&sta->plink_timer);
689 }
690#endif
691
692 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) {
693 local->total_ps_buffered--;
694 dev_kfree_skb_any(skb);
695 }
696
697 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL)
698 dev_kfree_skb_any(skb);
699
700 for (i = 0; i < STA_TID_NUM; i++) {
701 struct tid_ampdu_rx *tid_rx;
702 struct tid_ampdu_tx *tid_tx;
703
704 spin_lock_bh(&sta->lock);
705 tid_rx = sta->ampdu_mlme.tid_rx[i];
706 /* Make sure timer won't free the tid_rx struct, see below */
707 if (tid_rx)
708 tid_rx->shutdown = true;
709
710 spin_unlock_bh(&sta->lock);
711
712 /*
713 * Outside spinlock - shutdown is true now so that the timer
714 * won't free tid_rx, we have to do that now. Can't let the
715 * timer do it because we have to sync the timer outside the
716 * lock that it takes itself.
717 */
718 if (tid_rx) {
719 del_timer_sync(&tid_rx->session_timer);
720 kfree(tid_rx);
721 }
722
723 /*
724 * No need to do such complications for TX agg sessions, the
725 * path leading to freeing the tid_tx struct goes via a call
726 * from the driver, and thus needs to look up the sta struct
727 * again, which cannot be found when we get here. Hence, we
728 * just need to delete the timer and free the aggregation
729 * info; we won't be telling the peer about it then but that
730 * doesn't matter if we're not talking to it again anyway.
731 */
732 tid_tx = sta->ampdu_mlme.tid_tx[i];
733 if (tid_tx) {
734 del_timer_sync(&tid_tx->addba_resp_timer);
735 /*
736 * STA removed while aggregation session being
737 * started? Bit odd, but purge frames anyway.
738 */
739 skb_queue_purge(&tid_tx->pending);
740 kfree(tid_tx);
741 }
742 }
743
744 __sta_info_free(local, sta);
745
746 return 0;
712} 747}
713 748
714/* 749int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
715 * See comment in __sta_info_unlink, returns sta if it
716 * needs to be destroyed.
717 */
718static struct sta_info *__sta_info_unpin(struct sta_info *sta)
719{ 750{
720 struct sta_info *ret = NULL; 751 struct sta_info *sta;
721 unsigned long flags; 752 int ret;
722 753
723 spin_lock_irqsave(&sta->local->sta_lock, flags); 754 mutex_lock(&sdata->local->sta_mtx);
724 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && 755 sta = sta_info_get(sdata, addr);
725 sta->pin_status != STA_INFO_PIN_STAT_PINNED); 756 ret = __sta_info_destroy(sta);
726 if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) 757 mutex_unlock(&sdata->local->sta_mtx);
727 ret = sta;
728 sta->pin_status = STA_INFO_PIN_STAT_NORMAL;
729 spin_unlock_irqrestore(&sta->local->sta_lock, flags);
730 758
731 return ret; 759 return ret;
732} 760}
733 761
734static void sta_info_debugfs_add_work(struct work_struct *work) 762int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
763 const u8 *addr)
735{ 764{
736 struct ieee80211_local *local = 765 struct sta_info *sta;
737 container_of(work, struct ieee80211_local, sta_debugfs_add); 766 int ret;
738 struct sta_info *sta, *tmp;
739 unsigned long flags;
740 767
741 /* We need to keep the RTNL across the whole pinned status. */ 768 mutex_lock(&sdata->local->sta_mtx);
742 rtnl_lock(); 769 sta = sta_info_get_bss(sdata, addr);
743 while (1) { 770 ret = __sta_info_destroy(sta);
744 sta = NULL; 771 mutex_unlock(&sdata->local->sta_mtx);
745 772
746 spin_lock_irqsave(&local->sta_lock, flags); 773 return ret;
747 list_for_each_entry(tmp, &local->sta_list, list) { 774}
748 /*
749 * debugfs.add_has_run will be set by
750 * ieee80211_sta_debugfs_add regardless
751 * of what else it does.
752 */
753 if (!tmp->debugfs.add_has_run) {
754 sta = tmp;
755 __sta_info_pin(sta);
756 break;
757 }
758 }
759 spin_unlock_irqrestore(&local->sta_lock, flags);
760 775
761 if (!sta) 776static void sta_info_cleanup(unsigned long data)
762 break; 777{
778 struct ieee80211_local *local = (struct ieee80211_local *) data;
779 struct sta_info *sta;
780
781 rcu_read_lock();
782 list_for_each_entry_rcu(sta, &local->sta_list, list)
783 sta_info_cleanup_expire_buffered(local, sta);
784 rcu_read_unlock();
763 785
764 ieee80211_sta_debugfs_add(sta); 786 if (local->quiescing)
765 rate_control_add_sta_debugfs(sta); 787 return;
766 788
767 sta = __sta_info_unpin(sta); 789 local->sta_cleanup.expires =
768 sta_info_destroy(sta); 790 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
769 } 791 add_timer(&local->sta_cleanup);
770 rtnl_unlock();
771} 792}
772#endif
773 793
774void sta_info_init(struct ieee80211_local *local) 794void sta_info_init(struct ieee80211_local *local)
775{ 795{
776 spin_lock_init(&local->sta_lock); 796 spin_lock_init(&local->sta_lock);
797 mutex_init(&local->sta_mtx);
777 INIT_LIST_HEAD(&local->sta_list); 798 INIT_LIST_HEAD(&local->sta_list);
799 INIT_LIST_HEAD(&local->sta_pending_list);
800 INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
778 801
779 setup_timer(&local->sta_cleanup, sta_info_cleanup, 802 setup_timer(&local->sta_cleanup, sta_info_cleanup,
780 (unsigned long)local); 803 (unsigned long)local);
781 local->sta_cleanup.expires = 804 local->sta_cleanup.expires =
782 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 805 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
783
784#ifdef CONFIG_MAC80211_DEBUGFS
785 INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_work);
786#endif
787} 806}
788 807
789int sta_info_start(struct ieee80211_local *local) 808int sta_info_start(struct ieee80211_local *local)
@@ -795,16 +814,6 @@ int sta_info_start(struct ieee80211_local *local)
795void sta_info_stop(struct ieee80211_local *local) 814void sta_info_stop(struct ieee80211_local *local)
796{ 815{
797 del_timer(&local->sta_cleanup); 816 del_timer(&local->sta_cleanup);
798#ifdef CONFIG_MAC80211_DEBUGFS
799 /*
800 * Make sure the debugfs adding work isn't pending after this
801 * because we're about to be destroyed. It doesn't matter
802 * whether it ran or not since we're going to flush all STAs
803 * anyway.
804 */
805 cancel_work_sync(&local->sta_debugfs_add);
806#endif
807
808 sta_info_flush(local, NULL); 817 sta_info_flush(local, NULL);
809} 818}
810 819
@@ -820,26 +829,19 @@ int sta_info_flush(struct ieee80211_local *local,
820 struct ieee80211_sub_if_data *sdata) 829 struct ieee80211_sub_if_data *sdata)
821{ 830{
822 struct sta_info *sta, *tmp; 831 struct sta_info *sta, *tmp;
823 LIST_HEAD(tmp_list);
824 int ret = 0; 832 int ret = 0;
825 unsigned long flags;
826 833
827 might_sleep(); 834 might_sleep();
828 835
829 spin_lock_irqsave(&local->sta_lock, flags); 836 mutex_lock(&local->sta_mtx);
837
838 sta_info_finish_pending(local);
839
830 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 840 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
831 if (!sdata || sdata == sta->sdata) { 841 if (!sdata || sdata == sta->sdata)
832 __sta_info_unlink(&sta); 842 WARN_ON(__sta_info_destroy(sta));
833 if (sta) {
834 list_add_tail(&sta->list, &tmp_list);
835 ret++;
836 }
837 }
838 } 843 }
839 spin_unlock_irqrestore(&local->sta_lock, flags); 844 mutex_unlock(&local->sta_mtx);
840
841 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
842 sta_info_destroy(sta);
843 845
844 return ret; 846 return ret;
845} 847}
@@ -849,24 +851,17 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
849{ 851{
850 struct ieee80211_local *local = sdata->local; 852 struct ieee80211_local *local = sdata->local;
851 struct sta_info *sta, *tmp; 853 struct sta_info *sta, *tmp;
852 LIST_HEAD(tmp_list);
853 unsigned long flags;
854 854
855 spin_lock_irqsave(&local->sta_lock, flags); 855 mutex_lock(&local->sta_mtx);
856 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 856 list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
857 if (time_after(jiffies, sta->last_rx + exp_time)) { 857 if (time_after(jiffies, sta->last_rx + exp_time)) {
858#ifdef CONFIG_MAC80211_IBSS_DEBUG 858#ifdef CONFIG_MAC80211_IBSS_DEBUG
859 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n", 859 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
860 sdata->name, sta->sta.addr); 860 sdata->name, sta->sta.addr);
861#endif 861#endif
862 __sta_info_unlink(&sta); 862 WARN_ON(__sta_info_destroy(sta));
863 if (sta)
864 list_add(&sta->list, &tmp_list);
865 } 863 }
866 spin_unlock_irqrestore(&local->sta_lock, flags); 864 mutex_unlock(&local->sta_mtx);
867
868 list_for_each_entry_safe(sta, tmp, &tmp_list, list)
869 sta_info_destroy(sta);
870} 865}
871 866
872struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw, 867struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-13 03:50:55 -0500