aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/agg-tx.c6
-rw-r--r--net/mac80211/driver-ops.h2
-rw-r--r--net/mac80211/mlme.c52
-rw-r--r--net/mac80211/rx.c16
4 files changed, 64 insertions, 12 deletions
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index feb15c4a1fad..d1b6664a2532 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -332,14 +332,16 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
332 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 332 IEEE80211_QUEUE_STOP_REASON_AGGREGATION);
333 333
334 spin_unlock(&local->ampdu_lock); 334 spin_unlock(&local->ampdu_lock);
335 spin_unlock_bh(&sta->lock);
336 335
337 /* send an addBA request */ 336 /* prepare tid data */
338 sta->ampdu_mlme.dialog_token_allocator++; 337 sta->ampdu_mlme.dialog_token_allocator++;
339 sta->ampdu_mlme.tid_tx[tid]->dialog_token = 338 sta->ampdu_mlme.tid_tx[tid]->dialog_token =
340 sta->ampdu_mlme.dialog_token_allocator; 339 sta->ampdu_mlme.dialog_token_allocator;
341 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 340 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num;
342 341
342 spin_unlock_bh(&sta->lock);
343
344 /* send AddBA request */
343 ieee80211_send_addba_request(sdata, pubsta->addr, tid, 345 ieee80211_send_addba_request(sdata, pubsta->addr, tid,
344 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 346 sta->ampdu_mlme.tid_tx[tid]->dialog_token,
345 sta->ampdu_mlme.tid_tx[tid]->ssn, 347 sta->ampdu_mlme.tid_tx[tid]->ssn,
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index d1139e4f88a9..7d18a3245e3d 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -360,7 +360,7 @@ static inline int drv_get_survey(struct ieee80211_local *local, int idx,
360 struct survey_info *survey) 360 struct survey_info *survey)
361{ 361{
362 int ret = -EOPNOTSUPP; 362 int ret = -EOPNOTSUPP;
363 if (local->ops->conf_tx) 363 if (local->ops->get_survey)
364 ret = local->ops->get_survey(&local->hw, idx, survey); 364 ret = local->ops->get_survey(&local->hw, idx, survey);
365 /* trace_drv_get_survey(local, idx, survey, ret); */ 365 /* trace_drv_get_survey(local, idx, survey, ret); */
366 return ret; 366 return ret;
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 9420cf14fae4..2ab4e86d9929 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -1692,14 +1692,52 @@ static void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1692 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len); 1692 rma = ieee80211_rx_mgmt_disassoc(sdata, mgmt, skb->len);
1693 break; 1693 break;
1694 case IEEE80211_STYPE_ACTION: 1694 case IEEE80211_STYPE_ACTION:
1695 if (mgmt->u.action.category != WLAN_CATEGORY_SPECTRUM_MGMT) 1695 switch (mgmt->u.action.category) {
1696 case WLAN_CATEGORY_BACK: {
1697 struct ieee80211_local *local = sdata->local;
1698 int len = skb->len;
1699 struct sta_info *sta;
1700
1701 rcu_read_lock();
1702 sta = sta_info_get(sdata, mgmt->sa);
1703 if (!sta) {
1704 rcu_read_unlock();
1705 break;
1706 }
1707
1708 local_bh_disable();
1709
1710 switch (mgmt->u.action.u.addba_req.action_code) {
1711 case WLAN_ACTION_ADDBA_REQ:
1712 if (len < (IEEE80211_MIN_ACTION_SIZE +
1713 sizeof(mgmt->u.action.u.addba_req)))
1714 break;
1715 ieee80211_process_addba_request(local, sta, mgmt, len);
1716 break;
1717 case WLAN_ACTION_ADDBA_RESP:
1718 if (len < (IEEE80211_MIN_ACTION_SIZE +
1719 sizeof(mgmt->u.action.u.addba_resp)))
1720 break;
1721 ieee80211_process_addba_resp(local, sta, mgmt, len);
1722 break;
1723 case WLAN_ACTION_DELBA:
1724 if (len < (IEEE80211_MIN_ACTION_SIZE +
1725 sizeof(mgmt->u.action.u.delba)))
1726 break;
1727 ieee80211_process_delba(sdata, sta, mgmt, len);
1728 break;
1729 }
1730 local_bh_enable();
1731 rcu_read_unlock();
1696 break; 1732 break;
1697 1733 }
1698 ieee80211_sta_process_chanswitch(sdata, 1734 case WLAN_CATEGORY_SPECTRUM_MGMT:
1699 &mgmt->u.action.u.chan_switch.sw_elem, 1735 ieee80211_sta_process_chanswitch(sdata,
1700 (void *)ifmgd->associated->priv, 1736 &mgmt->u.action.u.chan_switch.sw_elem,
1701 rx_status->mactime); 1737 (void *)ifmgd->associated->priv,
1702 break; 1738 rx_status->mactime);
1739 break;
1740 }
1703 } 1741 }
1704 mutex_unlock(&ifmgd->mtx); 1742 mutex_unlock(&ifmgd->mtx);
1705 1743
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 0b9898ac4d87..6e7d6d48fe1e 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1819,17 +1819,26 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1819 return RX_CONTINUE; 1819 return RX_CONTINUE;
1820 1820
1821 if (ieee80211_is_back_req(bar->frame_control)) { 1821 if (ieee80211_is_back_req(bar->frame_control)) {
1822 struct {
1823 __le16 control, start_seq_num;
1824 } __packed bar_data;
1825
1822 if (!rx->sta) 1826 if (!rx->sta)
1823 return RX_DROP_MONITOR; 1827 return RX_DROP_MONITOR;
1828
1829 if (skb_copy_bits(skb, offsetof(struct ieee80211_bar, control),
1830 &bar_data, sizeof(bar_data)))
1831 return RX_DROP_MONITOR;
1832
1824 spin_lock(&rx->sta->lock); 1833 spin_lock(&rx->sta->lock);
1825 tid = le16_to_cpu(bar->control) >> 12; 1834 tid = le16_to_cpu(bar_data.control) >> 12;
1826 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) { 1835 if (!rx->sta->ampdu_mlme.tid_active_rx[tid]) {
1827 spin_unlock(&rx->sta->lock); 1836 spin_unlock(&rx->sta->lock);
1828 return RX_DROP_MONITOR; 1837 return RX_DROP_MONITOR;
1829 } 1838 }
1830 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid]; 1839 tid_agg_rx = rx->sta->ampdu_mlme.tid_rx[tid];
1831 1840
1832 start_seq_num = le16_to_cpu(bar->start_seq_num) >> 4; 1841 start_seq_num = le16_to_cpu(bar_data.start_seq_num) >> 4;
1833 1842
1834 /* reset session timer */ 1843 /* reset session timer */
1835 if (tid_agg_rx->timeout) 1844 if (tid_agg_rx->timeout)
@@ -1941,6 +1950,9 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1941 if (len < IEEE80211_MIN_ACTION_SIZE + 1) 1950 if (len < IEEE80211_MIN_ACTION_SIZE + 1)
1942 break; 1951 break;
1943 1952
1953 if (sdata->vif.type == NL80211_IFTYPE_STATION)
1954 return ieee80211_sta_rx_mgmt(sdata, rx->skb);
1955
1944 switch (mgmt->u.action.u.addba_req.action_code) { 1956 switch (mgmt->u.action.u.addba_req.action_code) {
1945 case WLAN_ACTION_ADDBA_REQ: 1957 case WLAN_ACTION_ADDBA_REQ:
1946 if (len < (IEEE80211_MIN_ACTION_SIZE + 1958 if (len < (IEEE80211_MIN_ACTION_SIZE +