aboutsummaryrefslogtreecommitdiffstats
path: root/net/mac80211
diff options
context:
space:
mode:
Diffstat (limited to 'net/mac80211')
-rw-r--r--net/mac80211/Kconfig14
-rw-r--r--net/mac80211/aes_ccm.c15
-rw-r--r--net/mac80211/aes_cmac.c9
-rw-r--r--net/mac80211/agg-rx.c55
-rw-r--r--net/mac80211/agg-tx.c105
-rw-r--r--net/mac80211/cfg.c873
-rw-r--r--net/mac80211/chan.c5
-rw-r--r--net/mac80211/debugfs.c175
-rw-r--r--net/mac80211/debugfs.h2
-rw-r--r--net/mac80211/debugfs_key.c136
-rw-r--r--net/mac80211/debugfs_key.h8
-rw-r--r--net/mac80211/debugfs_netdev.c132
-rw-r--r--net/mac80211/debugfs_sta.c90
-rw-r--r--net/mac80211/driver-ops.h237
-rw-r--r--net/mac80211/driver-trace.h588
-rw-r--r--net/mac80211/ht.c79
-rw-r--r--net/mac80211/ibss.c128
-rw-r--r--net/mac80211/ieee80211_i.h269
-rw-r--r--net/mac80211/iface.c529
-rw-r--r--net/mac80211/key.c291
-rw-r--r--net/mac80211/key.h21
-rw-r--r--net/mac80211/led.c186
-rw-r--r--net/mac80211/led.h45
-rw-r--r--net/mac80211/main.c374
-rw-r--r--net/mac80211/mesh.c144
-rw-r--r--net/mac80211/mesh.h61
-rw-r--r--net/mac80211/mesh_hwmp.c51
-rw-r--r--net/mac80211/mesh_pathtbl.c317
-rw-r--r--net/mac80211/mesh_plink.c130
-rw-r--r--net/mac80211/mlme.c531
-rw-r--r--net/mac80211/offchannel.c173
-rw-r--r--net/mac80211/pm.c29
-rw-r--r--net/mac80211/rate.c33
-rw-r--r--net/mac80211/rc80211_minstrel.c4
-rw-r--r--net/mac80211/rc80211_minstrel_debugfs.c1
-rw-r--r--net/mac80211/rc80211_minstrel_ht.c138
-rw-r--r--net/mac80211/rc80211_minstrel_ht_debugfs.c3
-rw-r--r--net/mac80211/rc80211_pid.h5
-rw-r--r--net/mac80211/rc80211_pid_debugfs.c3
-rw-r--r--net/mac80211/rx.c1101
-rw-r--r--net/mac80211/scan.c384
-rw-r--r--net/mac80211/sta_info.c127
-rw-r--r--net/mac80211/sta_info.h107
-rw-r--r--net/mac80211/status.c99
-rw-r--r--net/mac80211/tkip.c4
-rw-r--r--net/mac80211/tkip.h4
-rw-r--r--net/mac80211/tx.c374
-rw-r--r--net/mac80211/util.c174
-rw-r--r--net/mac80211/wep.c44
-rw-r--r--net/mac80211/wep.h4
-rw-r--r--net/mac80211/wme.c31
-rw-r--r--net/mac80211/work.c209
-rw-r--r--net/mac80211/wpa.c153
53 files changed, 6084 insertions, 2720 deletions
diff --git a/net/mac80211/Kconfig b/net/mac80211/Kconfig
index 4d6f8653ec88..f5fdfcbf552a 100644
--- a/net/mac80211/Kconfig
+++ b/net/mac80211/Kconfig
@@ -2,10 +2,10 @@ config MAC80211
2 tristate "Generic IEEE 802.11 Networking Stack (mac80211)" 2 tristate "Generic IEEE 802.11 Networking Stack (mac80211)"
3 depends on CFG80211 3 depends on CFG80211
4 select CRYPTO 4 select CRYPTO
5 select CRYPTO_ECB
6 select CRYPTO_ARC4 5 select CRYPTO_ARC4
7 select CRYPTO_AES 6 select CRYPTO_AES
8 select CRC32 7 select CRC32
8 select AVERAGE
9 ---help--- 9 ---help---
10 This option enables the hardware independent IEEE 802.11 10 This option enables the hardware independent IEEE 802.11
11 networking stack. 11 networking stack.
@@ -16,10 +16,10 @@ comment "CFG80211 needs to be enabled for MAC80211"
16if MAC80211 != n 16if MAC80211 != n
17 17
18config MAC80211_HAS_RC 18config MAC80211_HAS_RC
19 def_bool n 19 bool
20 20
21config MAC80211_RC_PID 21config MAC80211_RC_PID
22 bool "PID controller based rate control algorithm" if EMBEDDED 22 bool "PID controller based rate control algorithm" if EXPERT
23 select MAC80211_HAS_RC 23 select MAC80211_HAS_RC
24 ---help--- 24 ---help---
25 This option enables a TX rate control algorithm for 25 This option enables a TX rate control algorithm for
@@ -27,14 +27,14 @@ config MAC80211_RC_PID
27 rate. 27 rate.
28 28
29config MAC80211_RC_MINSTREL 29config MAC80211_RC_MINSTREL
30 bool "Minstrel" if EMBEDDED 30 bool "Minstrel" if EXPERT
31 select MAC80211_HAS_RC 31 select MAC80211_HAS_RC
32 default y 32 default y
33 ---help--- 33 ---help---
34 This option enables the 'minstrel' TX rate control algorithm 34 This option enables the 'minstrel' TX rate control algorithm
35 35
36config MAC80211_RC_MINSTREL_HT 36config MAC80211_RC_MINSTREL_HT
37 bool "Minstrel 802.11n support" if EMBEDDED 37 bool "Minstrel 802.11n support" if EXPERT
38 depends on MAC80211_RC_MINSTREL 38 depends on MAC80211_RC_MINSTREL
39 default y 39 default y
40 ---help--- 40 ---help---
@@ -77,7 +77,7 @@ config MAC80211_RC_DEFAULT
77endif 77endif
78 78
79comment "Some wireless drivers require a rate control algorithm" 79comment "Some wireless drivers require a rate control algorithm"
80 depends on MAC80211_HAS_RC=n 80 depends on MAC80211 && MAC80211_HAS_RC=n
81 81
82config MAC80211_MESH 82config MAC80211_MESH
83 bool "Enable mac80211 mesh networking (pre-802.11s) support" 83 bool "Enable mac80211 mesh networking (pre-802.11s) support"
@@ -92,7 +92,7 @@ config MAC80211_MESH
92config MAC80211_LEDS 92config MAC80211_LEDS
93 bool "Enable LED triggers" 93 bool "Enable LED triggers"
94 depends on MAC80211 94 depends on MAC80211
95 select NEW_LEDS 95 depends on LEDS_CLASS
96 select LEDS_TRIGGERS 96 select LEDS_TRIGGERS
97 ---help--- 97 ---help---
98 This option enables a few LED triggers for different 98 This option enables a few LED triggers for different
diff --git a/net/mac80211/aes_ccm.c b/net/mac80211/aes_ccm.c
index a87cb3ba2df6..b9b595c08112 100644
--- a/net/mac80211/aes_ccm.c
+++ b/net/mac80211/aes_ccm.c
@@ -54,13 +54,12 @@ void ieee80211_aes_ccm_encrypt(struct crypto_cipher *tfm, u8 *scratch,
54 u8 *cdata, u8 *mic) 54 u8 *cdata, u8 *mic)
55{ 55{
56 int i, j, last_len, num_blocks; 56 int i, j, last_len, num_blocks;
57 u8 *pos, *cpos, *b, *s_0, *e, *b_0, *aad; 57 u8 *pos, *cpos, *b, *s_0, *e, *b_0;
58 58
59 b = scratch; 59 b = scratch;
60 s_0 = scratch + AES_BLOCK_LEN; 60 s_0 = scratch + AES_BLOCK_LEN;
61 e = scratch + 2 * AES_BLOCK_LEN; 61 e = scratch + 2 * AES_BLOCK_LEN;
62 b_0 = scratch + 3 * AES_BLOCK_LEN; 62 b_0 = scratch + 3 * AES_BLOCK_LEN;
63 aad = scratch + 4 * AES_BLOCK_LEN;
64 63
65 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 64 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
66 last_len = data_len % AES_BLOCK_LEN; 65 last_len = data_len % AES_BLOCK_LEN;
@@ -94,13 +93,12 @@ int ieee80211_aes_ccm_decrypt(struct crypto_cipher *tfm, u8 *scratch,
94 u8 *cdata, size_t data_len, u8 *mic, u8 *data) 93 u8 *cdata, size_t data_len, u8 *mic, u8 *data)
95{ 94{
96 int i, j, last_len, num_blocks; 95 int i, j, last_len, num_blocks;
97 u8 *pos, *cpos, *b, *s_0, *a, *b_0, *aad; 96 u8 *pos, *cpos, *b, *s_0, *a, *b_0;
98 97
99 b = scratch; 98 b = scratch;
100 s_0 = scratch + AES_BLOCK_LEN; 99 s_0 = scratch + AES_BLOCK_LEN;
101 a = scratch + 2 * AES_BLOCK_LEN; 100 a = scratch + 2 * AES_BLOCK_LEN;
102 b_0 = scratch + 3 * AES_BLOCK_LEN; 101 b_0 = scratch + 3 * AES_BLOCK_LEN;
103 aad = scratch + 4 * AES_BLOCK_LEN;
104 102
105 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN); 103 num_blocks = DIV_ROUND_UP(data_len, AES_BLOCK_LEN);
106 last_len = data_len % AES_BLOCK_LEN; 104 last_len = data_len % AES_BLOCK_LEN;
@@ -138,10 +136,8 @@ struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
138 struct crypto_cipher *tfm; 136 struct crypto_cipher *tfm;
139 137
140 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); 138 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
141 if (IS_ERR(tfm)) 139 if (!IS_ERR(tfm))
142 return NULL; 140 crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
143
144 crypto_cipher_setkey(tfm, key, ALG_CCMP_KEY_LEN);
145 141
146 return tfm; 142 return tfm;
147} 143}
@@ -149,6 +145,5 @@ struct crypto_cipher *ieee80211_aes_key_setup_encrypt(const u8 key[])
149 145
150void ieee80211_aes_key_free(struct crypto_cipher *tfm) 146void ieee80211_aes_key_free(struct crypto_cipher *tfm)
151{ 147{
152 if (tfm) 148 crypto_free_cipher(tfm);
153 crypto_free_cipher(tfm);
154} 149}
diff --git a/net/mac80211/aes_cmac.c b/net/mac80211/aes_cmac.c
index 3d097b3d7b62..d502b2684a66 100644
--- a/net/mac80211/aes_cmac.c
+++ b/net/mac80211/aes_cmac.c
@@ -119,10 +119,8 @@ struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
119 struct crypto_cipher *tfm; 119 struct crypto_cipher *tfm;
120 120
121 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC); 121 tfm = crypto_alloc_cipher("aes", 0, CRYPTO_ALG_ASYNC);
122 if (IS_ERR(tfm)) 122 if (!IS_ERR(tfm))
123 return NULL; 123 crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);
124
125 crypto_cipher_setkey(tfm, key, AES_CMAC_KEY_LEN);
126 124
127 return tfm; 125 return tfm;
128} 126}
@@ -130,6 +128,5 @@ struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[])
130 128
131void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm) 129void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm)
132{ 130{
133 if (tfm) 131 crypto_free_cipher(tfm);
134 crypto_free_cipher(tfm);
135} 132}
diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c
index 965b272499fd..9c0d76cdca92 100644
--- a/net/mac80211/agg-rx.c
+++ b/net/mac80211/agg-rx.c
@@ -56,14 +56,15 @@ static void ieee80211_free_tid_rx(struct rcu_head *h)
56} 56}
57 57
58void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 58void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
59 u16 initiator, u16 reason) 59 u16 initiator, u16 reason, bool tx)
60{ 60{
61 struct ieee80211_local *local = sta->local; 61 struct ieee80211_local *local = sta->local;
62 struct tid_ampdu_rx *tid_rx; 62 struct tid_ampdu_rx *tid_rx;
63 63
64 lockdep_assert_held(&sta->ampdu_mlme.mtx); 64 lockdep_assert_held(&sta->ampdu_mlme.mtx);
65 65
66 tid_rx = sta->ampdu_mlme.tid_rx[tid]; 66 tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid],
67 lockdep_is_held(&sta->ampdu_mlme.mtx));
67 68
68 if (!tid_rx) 69 if (!tid_rx)
69 return; 70 return;
@@ -76,25 +77,26 @@ void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
76#endif /* CONFIG_MAC80211_HT_DEBUG */ 77#endif /* CONFIG_MAC80211_HT_DEBUG */
77 78
78 if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP, 79 if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
79 &sta->sta, tid, NULL)) 80 &sta->sta, tid, NULL, 0))
80 printk(KERN_DEBUG "HW problem - can not stop rx " 81 printk(KERN_DEBUG "HW problem - can not stop rx "
81 "aggregation for tid %d\n", tid); 82 "aggregation for tid %d\n", tid);
82 83
83 /* check if this is a self generated aggregation halt */ 84 /* check if this is a self generated aggregation halt */
84 if (initiator == WLAN_BACK_RECIPIENT) 85 if (initiator == WLAN_BACK_RECIPIENT && tx)
85 ieee80211_send_delba(sta->sdata, sta->sta.addr, 86 ieee80211_send_delba(sta->sdata, sta->sta.addr,
86 tid, 0, reason); 87 tid, 0, reason);
87 88
88 del_timer_sync(&tid_rx->session_timer); 89 del_timer_sync(&tid_rx->session_timer);
90 del_timer_sync(&tid_rx->reorder_timer);
89 91
90 call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx); 92 call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
91} 93}
92 94
93void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 95void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
94 u16 initiator, u16 reason) 96 u16 initiator, u16 reason, bool tx)
95{ 97{
96 mutex_lock(&sta->ampdu_mlme.mtx); 98 mutex_lock(&sta->ampdu_mlme.mtx);
97 ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason); 99 ___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx);
98 mutex_unlock(&sta->ampdu_mlme.mtx); 100 mutex_unlock(&sta->ampdu_mlme.mtx);
99} 101}
100 102
@@ -120,6 +122,18 @@ static void sta_rx_agg_session_timer_expired(unsigned long data)
120 ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work); 122 ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
121} 123}
122 124
125static void sta_rx_agg_reorder_timer_expired(unsigned long data)
126{
127 u8 *ptid = (u8 *)data;
128 u8 *timer_to_id = ptid - *ptid;
129 struct sta_info *sta = container_of(timer_to_id, struct sta_info,
130 timer_to_tid[0]);
131
132 rcu_read_lock();
133 ieee80211_release_reorder_timeout(sta, *ptid);
134 rcu_read_unlock();
135}
136
123static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid, 137static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
124 u8 dialog_token, u16 status, u16 policy, 138 u8 dialog_token, u16 status, u16 policy,
125 u16 buf_size, u16 timeout) 139 u16 buf_size, u16 timeout)
@@ -172,8 +186,6 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
172 struct ieee80211_mgmt *mgmt, 186 struct ieee80211_mgmt *mgmt,
173 size_t len) 187 size_t len)
174{ 188{
175 struct ieee80211_hw *hw = &local->hw;
176 struct ieee80211_conf *conf = &hw->conf;
177 struct tid_ampdu_rx *tid_agg_rx; 189 struct tid_ampdu_rx *tid_agg_rx;
178 u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status; 190 u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
179 u8 dialog_token; 191 u8 dialog_token;
@@ -218,14 +230,12 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
218 goto end_no_lock; 230 goto end_no_lock;
219 } 231 }
220 /* determine default buffer size */ 232 /* determine default buffer size */
221 if (buf_size == 0) { 233 if (buf_size == 0)
222 struct ieee80211_supported_band *sband; 234 buf_size = IEEE80211_MAX_AMPDU_BUF;
223
224 sband = local->hw.wiphy->bands[conf->channel->band];
225 buf_size = IEEE80211_MIN_AMPDU_BUF;
226 buf_size = buf_size << sband->ht_cap.ampdu_factor;
227 }
228 235
236 /* make sure the size doesn't exceed the maximum supported by the hw */
237 if (buf_size > local->hw.max_rx_aggregation_subframes)
238 buf_size = local->hw.max_rx_aggregation_subframes;
229 239
230 /* examine state machine */ 240 /* examine state machine */
231 mutex_lock(&sta->ampdu_mlme.mtx); 241 mutex_lock(&sta->ampdu_mlme.mtx);
@@ -241,7 +251,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
241 } 251 }
242 252
243 /* prepare A-MPDU MLME for Rx aggregation */ 253 /* prepare A-MPDU MLME for Rx aggregation */
244 tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_ATOMIC); 254 tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
245 if (!tid_agg_rx) { 255 if (!tid_agg_rx) {
246#ifdef CONFIG_MAC80211_HT_DEBUG 256#ifdef CONFIG_MAC80211_HT_DEBUG
247 if (net_ratelimit()) 257 if (net_ratelimit())
@@ -251,16 +261,23 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
251 goto end; 261 goto end;
252 } 262 }
253 263
264 spin_lock_init(&tid_agg_rx->reorder_lock);
265
254 /* rx timer */ 266 /* rx timer */
255 tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired; 267 tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
256 tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid]; 268 tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
257 init_timer(&tid_agg_rx->session_timer); 269 init_timer(&tid_agg_rx->session_timer);
258 270
271 /* rx reorder timer */
272 tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
273 tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid];
274 init_timer(&tid_agg_rx->reorder_timer);
275
259 /* prepare reordering buffer */ 276 /* prepare reordering buffer */
260 tid_agg_rx->reorder_buf = 277 tid_agg_rx->reorder_buf =
261 kcalloc(buf_size, sizeof(struct sk_buff *), GFP_ATOMIC); 278 kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL);
262 tid_agg_rx->reorder_time = 279 tid_agg_rx->reorder_time =
263 kcalloc(buf_size, sizeof(unsigned long), GFP_ATOMIC); 280 kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
264 if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) { 281 if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) {
265#ifdef CONFIG_MAC80211_HT_DEBUG 282#ifdef CONFIG_MAC80211_HT_DEBUG
266 if (net_ratelimit()) 283 if (net_ratelimit())
@@ -274,7 +291,7 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
274 } 291 }
275 292
276 ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START, 293 ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
277 &sta->sta, tid, &start_seq_num); 294 &sta->sta, tid, &start_seq_num, 0);
278#ifdef CONFIG_MAC80211_HT_DEBUG 295#ifdef CONFIG_MAC80211_HT_DEBUG
279 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret); 296 printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
280#endif /* CONFIG_MAC80211_HT_DEBUG */ 297#endif /* CONFIG_MAC80211_HT_DEBUG */
diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c
index 8f23401832b7..c8be8eff70da 100644
--- a/net/mac80211/agg-tx.c
+++ b/net/mac80211/agg-tx.c
@@ -136,33 +136,37 @@ void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u1
136 ieee80211_tx_skb(sdata, skb); 136 ieee80211_tx_skb(sdata, skb);
137} 137}
138 138
139static void kfree_tid_tx(struct rcu_head *rcu_head) 139void ieee80211_assign_tid_tx(struct sta_info *sta, int tid,
140 struct tid_ampdu_tx *tid_tx)
140{ 141{
141 struct tid_ampdu_tx *tid_tx = 142 lockdep_assert_held(&sta->ampdu_mlme.mtx);
142 container_of(rcu_head, struct tid_ampdu_tx, rcu_head); 143 lockdep_assert_held(&sta->lock);
143 144 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx);
144 kfree(tid_tx);
145} 145}
146 146
147int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 147int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
148 enum ieee80211_back_parties initiator) 148 enum ieee80211_back_parties initiator,
149 bool tx)
149{ 150{
150 struct ieee80211_local *local = sta->local; 151 struct ieee80211_local *local = sta->local;
151 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid]; 152 struct tid_ampdu_tx *tid_tx;
152 int ret; 153 int ret;
153 154
154 lockdep_assert_held(&sta->ampdu_mlme.mtx); 155 lockdep_assert_held(&sta->ampdu_mlme.mtx);
155 156
156 if (!tid_tx)
157 return -ENOENT;
158
159 spin_lock_bh(&sta->lock); 157 spin_lock_bh(&sta->lock);
160 158
159 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
160 if (!tid_tx) {
161 spin_unlock_bh(&sta->lock);
162 return -ENOENT;
163 }
164
161 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) { 165 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
162 /* not even started yet! */ 166 /* not even started yet! */
163 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 167 ieee80211_assign_tid_tx(sta, tid, NULL);
164 spin_unlock_bh(&sta->lock); 168 spin_unlock_bh(&sta->lock);
165 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 169 kfree_rcu(tid_tx, rcu_head);
166 return 0; 170 return 0;
167 } 171 }
168 172
@@ -185,10 +189,11 @@ int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
185 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state); 189 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
186 190
187 tid_tx->stop_initiator = initiator; 191 tid_tx->stop_initiator = initiator;
192 tid_tx->tx_stop = tx;
188 193
189 ret = drv_ampdu_action(local, sta->sdata, 194 ret = drv_ampdu_action(local, sta->sdata,
190 IEEE80211_AMPDU_TX_STOP, 195 IEEE80211_AMPDU_TX_STOP,
191 &sta->sta, tid, NULL); 196 &sta->sta, tid, NULL, 0);
192 197
193 /* HW shall not deny going back to legacy */ 198 /* HW shall not deny going back to legacy */
194 if (WARN_ON(ret)) { 199 if (WARN_ON(ret)) {
@@ -281,13 +286,13 @@ ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid)
281 286
282void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) 287void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
283{ 288{
284 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid]; 289 struct tid_ampdu_tx *tid_tx;
285 struct ieee80211_local *local = sta->local; 290 struct ieee80211_local *local = sta->local;
286 struct ieee80211_sub_if_data *sdata = sta->sdata; 291 struct ieee80211_sub_if_data *sdata = sta->sdata;
287 u16 start_seq_num; 292 u16 start_seq_num;
288 int ret; 293 int ret;
289 294
290 lockdep_assert_held(&sta->ampdu_mlme.mtx); 295 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
291 296
292 /* 297 /*
293 * While we're asking the driver about the aggregation, 298 * While we're asking the driver about the aggregation,
@@ -309,18 +314,18 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
309 start_seq_num = sta->tid_seq[tid] >> 4; 314 start_seq_num = sta->tid_seq[tid] >> 4;
310 315
311 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 316 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START,
312 &sta->sta, tid, &start_seq_num); 317 &sta->sta, tid, &start_seq_num, 0);
313 if (ret) { 318 if (ret) {
314#ifdef CONFIG_MAC80211_HT_DEBUG 319#ifdef CONFIG_MAC80211_HT_DEBUG
315 printk(KERN_DEBUG "BA request denied - HW unavailable for" 320 printk(KERN_DEBUG "BA request denied - HW unavailable for"
316 " tid %d\n", tid); 321 " tid %d\n", tid);
317#endif 322#endif
318 spin_lock_bh(&sta->lock); 323 spin_lock_bh(&sta->lock);
319 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 324 ieee80211_assign_tid_tx(sta, tid, NULL);
320 spin_unlock_bh(&sta->lock); 325 spin_unlock_bh(&sta->lock);
321 326
322 ieee80211_wake_queue_agg(local, tid); 327 ieee80211_wake_queue_agg(local, tid);
323 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 328 kfree_rcu(tid_tx, rcu_head);
324 return; 329 return;
325 } 330 }
326 331
@@ -340,10 +345,12 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
340 /* send AddBA request */ 345 /* send AddBA request */
341 ieee80211_send_addba_request(sdata, sta->sta.addr, tid, 346 ieee80211_send_addba_request(sdata, sta->sta.addr, tid,
342 tid_tx->dialog_token, start_seq_num, 347 tid_tx->dialog_token, start_seq_num,
343 0x40, 5000); 348 local->hw.max_tx_aggregation_subframes,
349 tid_tx->timeout);
344} 350}
345 351
346int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 352int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
353 u16 timeout)
347{ 354{
348 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 355 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
349 struct ieee80211_sub_if_data *sdata = sta->sdata; 356 struct ieee80211_sub_if_data *sdata = sta->sdata;
@@ -392,9 +399,9 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
392 goto err_unlock_sta; 399 goto err_unlock_sta;
393 } 400 }
394 401
395 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 402 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
396 /* check if the TID is not in aggregation flow already */ 403 /* check if the TID is not in aggregation flow already */
397 if (tid_tx) { 404 if (tid_tx || sta->ampdu_mlme.tid_start_tx[tid]) {
398#ifdef CONFIG_MAC80211_HT_DEBUG 405#ifdef CONFIG_MAC80211_HT_DEBUG
399 printk(KERN_DEBUG "BA request denied - session is not " 406 printk(KERN_DEBUG "BA request denied - session is not "
400 "idle on tid %u\n", tid); 407 "idle on tid %u\n", tid);
@@ -418,6 +425,8 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
418 skb_queue_head_init(&tid_tx->pending); 425 skb_queue_head_init(&tid_tx->pending);
419 __set_bit(HT_AGG_STATE_WANT_START, &tid_tx->state); 426 __set_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
420 427
428 tid_tx->timeout = timeout;
429
421 /* Tx timer */ 430 /* Tx timer */
422 tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired; 431 tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired;
423 tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid]; 432 tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid];
@@ -427,8 +436,11 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
427 sta->ampdu_mlme.dialog_token_allocator++; 436 sta->ampdu_mlme.dialog_token_allocator++;
428 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator; 437 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator;
429 438
430 /* finally, assign it to the array */ 439 /*
431 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx); 440 * Finally, assign it to the start array; the work item will
441 * collect it and move it to the normal array.
442 */
443 sta->ampdu_mlme.tid_start_tx[tid] = tid_tx;
432 444
433 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work); 445 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
434 446
@@ -474,15 +486,19 @@ ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid)
474static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 486static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
475 struct sta_info *sta, u16 tid) 487 struct sta_info *sta, u16 tid)
476{ 488{
489 struct tid_ampdu_tx *tid_tx;
490
477 lockdep_assert_held(&sta->ampdu_mlme.mtx); 491 lockdep_assert_held(&sta->ampdu_mlme.mtx);
478 492
493 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
494
479#ifdef CONFIG_MAC80211_HT_DEBUG 495#ifdef CONFIG_MAC80211_HT_DEBUG
480 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid); 496 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid);
481#endif 497#endif
482 498
483 drv_ampdu_action(local, sta->sdata, 499 drv_ampdu_action(local, sta->sdata,
484 IEEE80211_AMPDU_TX_OPERATIONAL, 500 IEEE80211_AMPDU_TX_OPERATIONAL,
485 &sta->sta, tid, NULL); 501 &sta->sta, tid, NULL, tid_tx->buf_size);
486 502
487 /* 503 /*
488 * synchronize with TX path, while splicing the TX path 504 * synchronize with TX path, while splicing the TX path
@@ -490,13 +506,13 @@ static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
490 */ 506 */
491 spin_lock_bh(&sta->lock); 507 spin_lock_bh(&sta->lock);
492 508
493 ieee80211_agg_splice_packets(local, sta->ampdu_mlme.tid_tx[tid], tid); 509 ieee80211_agg_splice_packets(local, tid_tx, tid);
494 /* 510 /*
495 * Now mark as operational. This will be visible 511 * Now mark as operational. This will be visible
496 * in the TX path, and lets it go lock-free in 512 * in the TX path, and lets it go lock-free in
497 * the common case. 513 * the common case.
498 */ 514 */
499 set_bit(HT_AGG_STATE_OPERATIONAL, &sta->ampdu_mlme.tid_tx[tid]->state); 515 set_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
500 ieee80211_agg_splice_finish(local, tid); 516 ieee80211_agg_splice_finish(local, tid);
501 517
502 spin_unlock_bh(&sta->lock); 518 spin_unlock_bh(&sta->lock);
@@ -530,7 +546,7 @@ void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid)
530 } 546 }
531 547
532 mutex_lock(&sta->ampdu_mlme.mtx); 548 mutex_lock(&sta->ampdu_mlme.mtx);
533 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 549 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
534 550
535 if (WARN_ON(!tid_tx)) { 551 if (WARN_ON(!tid_tx)) {
536#ifdef CONFIG_MAC80211_HT_DEBUG 552#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -577,13 +593,14 @@ void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
577EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 593EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);
578 594
579int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 595int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
580 enum ieee80211_back_parties initiator) 596 enum ieee80211_back_parties initiator,
597 bool tx)
581{ 598{
582 int ret; 599 int ret;
583 600
584 mutex_lock(&sta->ampdu_mlme.mtx); 601 mutex_lock(&sta->ampdu_mlme.mtx);
585 602
586 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 603 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator, tx);
587 604
588 mutex_unlock(&sta->ampdu_mlme.mtx); 605 mutex_unlock(&sta->ampdu_mlme.mtx);
589 606
@@ -607,7 +624,7 @@ int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
607 return -EINVAL; 624 return -EINVAL;
608 625
609 spin_lock_bh(&sta->lock); 626 spin_lock_bh(&sta->lock);
610 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 627 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
611 628
612 if (!tid_tx) { 629 if (!tid_tx) {
613 ret = -ENOENT; 630 ret = -ENOENT;
@@ -663,7 +680,7 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
663 680
664 mutex_lock(&sta->ampdu_mlme.mtx); 681 mutex_lock(&sta->ampdu_mlme.mtx);
665 spin_lock_bh(&sta->lock); 682 spin_lock_bh(&sta->lock);
666 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 683 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
667 684
668 if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) { 685 if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
669#ifdef CONFIG_MAC80211_HT_DEBUG 686#ifdef CONFIG_MAC80211_HT_DEBUG
@@ -672,7 +689,7 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
672 goto unlock_sta; 689 goto unlock_sta;
673 } 690 }
674 691
675 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR) 692 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR && tid_tx->tx_stop)
676 ieee80211_send_delba(sta->sdata, ra, tid, 693 ieee80211_send_delba(sta->sdata, ra, tid,
677 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 694 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);
678 695
@@ -689,11 +706,11 @@ void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid)
689 ieee80211_agg_splice_packets(local, tid_tx, tid); 706 ieee80211_agg_splice_packets(local, tid_tx, tid);
690 707
691 /* future packets must not find the tid_tx struct any more */ 708 /* future packets must not find the tid_tx struct any more */
692 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 709 ieee80211_assign_tid_tx(sta, tid, NULL);
693 710
694 ieee80211_agg_splice_finish(local, tid); 711 ieee80211_agg_splice_finish(local, tid);
695 712
696 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 713 kfree_rcu(tid_tx, rcu_head);
697 714
698 unlock_sta: 715 unlock_sta:
699 spin_unlock_bh(&sta->lock); 716 spin_unlock_bh(&sta->lock);
@@ -736,13 +753,15 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
736{ 753{
737 struct tid_ampdu_tx *tid_tx; 754 struct tid_ampdu_tx *tid_tx;
738 u16 capab, tid; 755 u16 capab, tid;
756 u8 buf_size;
739 757
740 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 758 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
741 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 759 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
760 buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
742 761
743 mutex_lock(&sta->ampdu_mlme.mtx); 762 mutex_lock(&sta->ampdu_mlme.mtx);
744 763
745 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 764 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
746 if (!tid_tx) 765 if (!tid_tx)
747 goto out; 766 goto out;
748 767
@@ -761,18 +780,30 @@ void ieee80211_process_addba_resp(struct ieee80211_local *local,
761 780
762 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 781 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
763 == WLAN_STATUS_SUCCESS) { 782 == WLAN_STATUS_SUCCESS) {
783 /*
784 * IEEE 802.11-2007 7.3.1.14:
785 * In an ADDBA Response frame, when the Status Code field
786 * is set to 0, the Buffer Size subfield is set to a value
787 * of at least 1.
788 */
789 if (!buf_size)
790 goto out;
791
764 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED, 792 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED,
765 &tid_tx->state)) { 793 &tid_tx->state)) {
766 /* ignore duplicate response */ 794 /* ignore duplicate response */
767 goto out; 795 goto out;
768 } 796 }
769 797
798 tid_tx->buf_size = buf_size;
799
770 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)) 800 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))
771 ieee80211_agg_tx_operational(local, sta, tid); 801 ieee80211_agg_tx_operational(local, sta, tid);
772 802
773 sta->ampdu_mlme.addba_req_num[tid] = 0; 803 sta->ampdu_mlme.addba_req_num[tid] = 0;
774 } else { 804 } else {
775 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 805 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR,
806 true);
776 } 807 }
777 808
778 out: 809 out:
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 29ac8e1a509e..be70c70d3f5b 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -19,52 +19,26 @@
19#include "rate.h" 19#include "rate.h"
20#include "mesh.h" 20#include "mesh.h"
21 21
22static bool nl80211_type_check(enum nl80211_iftype type) 22static struct net_device *ieee80211_add_iface(struct wiphy *wiphy, char *name,
23{ 23 enum nl80211_iftype type,
24 switch (type) { 24 u32 *flags,
25 case NL80211_IFTYPE_ADHOC: 25 struct vif_params *params)
26 case NL80211_IFTYPE_STATION:
27 case NL80211_IFTYPE_MONITOR:
28#ifdef CONFIG_MAC80211_MESH
29 case NL80211_IFTYPE_MESH_POINT:
30#endif
31 case NL80211_IFTYPE_AP:
32 case NL80211_IFTYPE_AP_VLAN:
33 case NL80211_IFTYPE_WDS:
34 return true;
35 default:
36 return false;
37 }
38}
39
40static bool nl80211_params_check(enum nl80211_iftype type,
41 struct vif_params *params)
42{
43 if (!nl80211_type_check(type))
44 return false;
45
46 return true;
47}
48
49static int ieee80211_add_iface(struct wiphy *wiphy, char *name,
50 enum nl80211_iftype type, u32 *flags,
51 struct vif_params *params)
52{ 26{
53 struct ieee80211_local *local = wiphy_priv(wiphy); 27 struct ieee80211_local *local = wiphy_priv(wiphy);
54 struct net_device *dev; 28 struct net_device *dev;
55 struct ieee80211_sub_if_data *sdata; 29 struct ieee80211_sub_if_data *sdata;
56 int err; 30 int err;
57 31
58 if (!nl80211_params_check(type, params))
59 return -EINVAL;
60
61 err = ieee80211_if_add(local, name, &dev, type, params); 32 err = ieee80211_if_add(local, name, &dev, type, params);
62 if (err || type != NL80211_IFTYPE_MONITOR || !flags) 33 if (err)
63 return err; 34 return ERR_PTR(err);
64 35
65 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 36 if (type == NL80211_IFTYPE_MONITOR && flags) {
66 sdata->u.mntr_flags = *flags; 37 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
67 return 0; 38 sdata->u.mntr_flags = *flags;
39 }
40
41 return dev;
68} 42}
69 43
70static int ieee80211_del_iface(struct wiphy *wiphy, struct net_device *dev) 44static int ieee80211_del_iface(struct wiphy *wiphy, struct net_device *dev)
@@ -82,21 +56,10 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
82 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 56 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
83 int ret; 57 int ret;
84 58
85 if (ieee80211_sdata_running(sdata))
86 return -EBUSY;
87
88 if (!nl80211_params_check(type, params))
89 return -EINVAL;
90
91 ret = ieee80211_if_change_type(sdata, type); 59 ret = ieee80211_if_change_type(sdata, type);
92 if (ret) 60 if (ret)
93 return ret; 61 return ret;
94 62
95 if (ieee80211_vif_is_mesh(&sdata->vif) && params->mesh_id_len)
96 ieee80211_sdata_set_mesh_id(sdata,
97 params->mesh_id_len,
98 params->mesh_id);
99
100 if (type == NL80211_IFTYPE_AP_VLAN && 63 if (type == NL80211_IFTYPE_AP_VLAN &&
101 params && params->use_4addr == 0) 64 params && params->use_4addr == 0)
102 rcu_assign_pointer(sdata->u.vlan.sta, NULL); 65 rcu_assign_pointer(sdata->u.vlan.sta, NULL);
@@ -104,59 +67,79 @@ static int ieee80211_change_iface(struct wiphy *wiphy,
104 params && params->use_4addr >= 0) 67 params && params->use_4addr >= 0)
105 sdata->u.mgd.use_4addr = params->use_4addr; 68 sdata->u.mgd.use_4addr = params->use_4addr;
106 69
107 if (sdata->vif.type == NL80211_IFTYPE_MONITOR && flags) 70 if (sdata->vif.type == NL80211_IFTYPE_MONITOR && flags) {
108 sdata->u.mntr_flags = *flags; 71 struct ieee80211_local *local = sdata->local;
72
73 if (ieee80211_sdata_running(sdata)) {
74 /*
75 * Prohibit MONITOR_FLAG_COOK_FRAMES to be
76 * changed while the interface is up.
77 * Else we would need to add a lot of cruft
78 * to update everything:
79 * cooked_mntrs, monitor and all fif_* counters
80 * reconfigure hardware
81 */
82 if ((*flags & MONITOR_FLAG_COOK_FRAMES) !=
83 (sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))
84 return -EBUSY;
85
86 ieee80211_adjust_monitor_flags(sdata, -1);
87 sdata->u.mntr_flags = *flags;
88 ieee80211_adjust_monitor_flags(sdata, 1);
89
90 ieee80211_configure_filter(local);
91 } else {
92 /*
93 * Because the interface is down, ieee80211_do_stop
94 * and ieee80211_do_open take care of "everything"
95 * mentioned in the comment above.
96 */
97 sdata->u.mntr_flags = *flags;
98 }
99 }
109 100
110 return 0; 101 return 0;
111} 102}
112 103
113static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev, 104static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
114 u8 key_idx, const u8 *mac_addr, 105 u8 key_idx, bool pairwise, const u8 *mac_addr,
115 struct key_params *params) 106 struct key_params *params)
116{ 107{
117 struct ieee80211_sub_if_data *sdata; 108 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
118 struct sta_info *sta = NULL; 109 struct sta_info *sta = NULL;
119 enum ieee80211_key_alg alg;
120 struct ieee80211_key *key; 110 struct ieee80211_key *key;
121 int err; 111 int err;
122 112
123 if (!netif_running(dev)) 113 if (!ieee80211_sdata_running(sdata))
124 return -ENETDOWN; 114 return -ENETDOWN;
125 115
126 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 116 /* reject WEP and TKIP keys if WEP failed to initialize */
127
128 switch (params->cipher) { 117 switch (params->cipher) {
129 case WLAN_CIPHER_SUITE_WEP40: 118 case WLAN_CIPHER_SUITE_WEP40:
130 case WLAN_CIPHER_SUITE_WEP104:
131 alg = ALG_WEP;
132 break;
133 case WLAN_CIPHER_SUITE_TKIP: 119 case WLAN_CIPHER_SUITE_TKIP:
134 alg = ALG_TKIP; 120 case WLAN_CIPHER_SUITE_WEP104:
135 break; 121 if (IS_ERR(sdata->local->wep_tx_tfm))
136 case WLAN_CIPHER_SUITE_CCMP: 122 return -EINVAL;
137 alg = ALG_CCMP;
138 break;
139 case WLAN_CIPHER_SUITE_AES_CMAC:
140 alg = ALG_AES_CMAC;
141 break; 123 break;
142 default: 124 default:
143 return -EINVAL; 125 break;
144 } 126 }
145 127
146 /* reject WEP and TKIP keys if WEP failed to initialize */ 128 key = ieee80211_key_alloc(params->cipher, key_idx, params->key_len,
147 if ((alg == ALG_WEP || alg == ALG_TKIP) && 129 params->key, params->seq_len, params->seq);
148 IS_ERR(sdata->local->wep_tx_tfm)) 130 if (IS_ERR(key))
149 return -EINVAL; 131 return PTR_ERR(key);
150 132
151 key = ieee80211_key_alloc(alg, key_idx, params->key_len, params->key, 133 if (pairwise)
152 params->seq_len, params->seq); 134 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
153 if (!key)
154 return -ENOMEM;
155 135
156 mutex_lock(&sdata->local->sta_mtx); 136 mutex_lock(&sdata->local->sta_mtx);
157 137
158 if (mac_addr) { 138 if (mac_addr) {
159 sta = sta_info_get_bss(sdata, mac_addr); 139 if (ieee80211_vif_is_mesh(&sdata->vif))
140 sta = sta_info_get(sdata, mac_addr);
141 else
142 sta = sta_info_get_bss(sdata, mac_addr);
160 if (!sta) { 143 if (!sta) {
161 ieee80211_key_free(sdata->local, key); 144 ieee80211_key_free(sdata->local, key);
162 err = -ENOENT; 145 err = -ENOENT;
@@ -164,9 +147,10 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
164 } 147 }
165 } 148 }
166 149
167 ieee80211_key_link(key, sdata, sta); 150 err = ieee80211_key_link(key, sdata, sta);
151 if (err)
152 ieee80211_key_free(sdata->local, key);
168 153
169 err = 0;
170 out_unlock: 154 out_unlock:
171 mutex_unlock(&sdata->local->sta_mtx); 155 mutex_unlock(&sdata->local->sta_mtx);
172 156
@@ -174,15 +158,16 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev,
174} 158}
175 159
176static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev, 160static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
177 u8 key_idx, const u8 *mac_addr) 161 u8 key_idx, bool pairwise, const u8 *mac_addr)
178{ 162{
179 struct ieee80211_sub_if_data *sdata; 163 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
164 struct ieee80211_local *local = sdata->local;
180 struct sta_info *sta; 165 struct sta_info *sta;
166 struct ieee80211_key *key = NULL;
181 int ret; 167 int ret;
182 168
183 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 169 mutex_lock(&local->sta_mtx);
184 170 mutex_lock(&local->key_mtx);
185 mutex_lock(&sdata->local->sta_mtx);
186 171
187 if (mac_addr) { 172 if (mac_addr) {
188 ret = -ENOENT; 173 ret = -ENOENT;
@@ -191,32 +176,31 @@ static int ieee80211_del_key(struct wiphy *wiphy, struct net_device *dev,
191 if (!sta) 176 if (!sta)
192 goto out_unlock; 177 goto out_unlock;
193 178
194 if (sta->key) { 179 if (pairwise)
195 ieee80211_key_free(sdata->local, sta->key); 180 key = key_mtx_dereference(local, sta->ptk);
196 WARN_ON(sta->key); 181 else
197 ret = 0; 182 key = key_mtx_dereference(local, sta->gtk[key_idx]);
198 } 183 } else
199 184 key = key_mtx_dereference(local, sdata->keys[key_idx]);
200 goto out_unlock;
201 }
202 185
203 if (!sdata->keys[key_idx]) { 186 if (!key) {
204 ret = -ENOENT; 187 ret = -ENOENT;
205 goto out_unlock; 188 goto out_unlock;
206 } 189 }
207 190
208 ieee80211_key_free(sdata->local, sdata->keys[key_idx]); 191 __ieee80211_key_free(key);
209 WARN_ON(sdata->keys[key_idx]);
210 192
211 ret = 0; 193 ret = 0;
212 out_unlock: 194 out_unlock:
213 mutex_unlock(&sdata->local->sta_mtx); 195 mutex_unlock(&local->key_mtx);
196 mutex_unlock(&local->sta_mtx);
214 197
215 return ret; 198 return ret;
216} 199}
217 200
218static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev, 201static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
219 u8 key_idx, const u8 *mac_addr, void *cookie, 202 u8 key_idx, bool pairwise, const u8 *mac_addr,
203 void *cookie,
220 void (*callback)(void *cookie, 204 void (*callback)(void *cookie,
221 struct key_params *params)) 205 struct key_params *params))
222{ 206{
@@ -224,7 +208,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
224 struct sta_info *sta = NULL; 208 struct sta_info *sta = NULL;
225 u8 seq[6] = {0}; 209 u8 seq[6] = {0};
226 struct key_params params; 210 struct key_params params;
227 struct ieee80211_key *key; 211 struct ieee80211_key *key = NULL;
228 u32 iv32; 212 u32 iv32;
229 u16 iv16; 213 u16 iv16;
230 int err = -ENOENT; 214 int err = -ENOENT;
@@ -238,19 +222,22 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
238 if (!sta) 222 if (!sta)
239 goto out; 223 goto out;
240 224
241 key = sta->key; 225 if (pairwise)
226 key = rcu_dereference(sta->ptk);
227 else if (key_idx < NUM_DEFAULT_KEYS)
228 key = rcu_dereference(sta->gtk[key_idx]);
242 } else 229 } else
243 key = sdata->keys[key_idx]; 230 key = rcu_dereference(sdata->keys[key_idx]);
244 231
245 if (!key) 232 if (!key)
246 goto out; 233 goto out;
247 234
248 memset(&params, 0, sizeof(params)); 235 memset(&params, 0, sizeof(params));
249 236
250 switch (key->conf.alg) { 237 params.cipher = key->conf.cipher;
251 case ALG_TKIP:
252 params.cipher = WLAN_CIPHER_SUITE_TKIP;
253 238
239 switch (key->conf.cipher) {
240 case WLAN_CIPHER_SUITE_TKIP:
254 iv32 = key->u.tkip.tx.iv32; 241 iv32 = key->u.tkip.tx.iv32;
255 iv16 = key->u.tkip.tx.iv16; 242 iv16 = key->u.tkip.tx.iv16;
256 243
@@ -268,8 +255,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
268 params.seq = seq; 255 params.seq = seq;
269 params.seq_len = 6; 256 params.seq_len = 6;
270 break; 257 break;
271 case ALG_CCMP: 258 case WLAN_CIPHER_SUITE_CCMP:
272 params.cipher = WLAN_CIPHER_SUITE_CCMP;
273 seq[0] = key->u.ccmp.tx_pn[5]; 259 seq[0] = key->u.ccmp.tx_pn[5];
274 seq[1] = key->u.ccmp.tx_pn[4]; 260 seq[1] = key->u.ccmp.tx_pn[4];
275 seq[2] = key->u.ccmp.tx_pn[3]; 261 seq[2] = key->u.ccmp.tx_pn[3];
@@ -279,14 +265,7 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
279 params.seq = seq; 265 params.seq = seq;
280 params.seq_len = 6; 266 params.seq_len = 6;
281 break; 267 break;
282 case ALG_WEP: 268 case WLAN_CIPHER_SUITE_AES_CMAC:
283 if (key->conf.keylen == 5)
284 params.cipher = WLAN_CIPHER_SUITE_WEP40;
285 else
286 params.cipher = WLAN_CIPHER_SUITE_WEP104;
287 break;
288 case ALG_AES_CMAC:
289 params.cipher = WLAN_CIPHER_SUITE_AES_CMAC;
290 seq[0] = key->u.aes_cmac.tx_pn[5]; 269 seq[0] = key->u.aes_cmac.tx_pn[5];
291 seq[1] = key->u.aes_cmac.tx_pn[4]; 270 seq[1] = key->u.aes_cmac.tx_pn[4];
292 seq[2] = key->u.aes_cmac.tx_pn[3]; 271 seq[2] = key->u.aes_cmac.tx_pn[3];
@@ -311,11 +290,12 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev,
311 290
312static int ieee80211_config_default_key(struct wiphy *wiphy, 291static int ieee80211_config_default_key(struct wiphy *wiphy,
313 struct net_device *dev, 292 struct net_device *dev,
314 u8 key_idx) 293 u8 key_idx, bool uni,
294 bool multi)
315{ 295{
316 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 296 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
317 297
318 ieee80211_set_default_key(sdata, key_idx); 298 ieee80211_set_default_key(sdata, key_idx, uni, multi);
319 299
320 return 0; 300 return 0;
321} 301}
@@ -331,9 +311,21 @@ static int ieee80211_config_default_mgmt_key(struct wiphy *wiphy,
331 return 0; 311 return 0;
332} 312}
333 313
314static void rate_idx_to_bitrate(struct rate_info *rate, struct sta_info *sta, int idx)
315{
316 if (!(rate->flags & RATE_INFO_FLAGS_MCS)) {
317 struct ieee80211_supported_band *sband;
318 sband = sta->local->hw.wiphy->bands[
319 sta->local->hw.conf.channel->band];
320 rate->legacy = sband->bitrates[idx].bitrate;
321 } else
322 rate->mcs = idx;
323}
324
334static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo) 325static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
335{ 326{
336 struct ieee80211_sub_if_data *sdata = sta->sdata; 327 struct ieee80211_sub_if_data *sdata = sta->sdata;
328 struct timespec uptime;
337 329
338 sinfo->generation = sdata->local->sta_generation; 330 sinfo->generation = sdata->local->sta_generation;
339 331
@@ -342,18 +334,31 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
342 STATION_INFO_TX_BYTES | 334 STATION_INFO_TX_BYTES |
343 STATION_INFO_RX_PACKETS | 335 STATION_INFO_RX_PACKETS |
344 STATION_INFO_TX_PACKETS | 336 STATION_INFO_TX_PACKETS |
345 STATION_INFO_TX_BITRATE; 337 STATION_INFO_TX_RETRIES |
338 STATION_INFO_TX_FAILED |
339 STATION_INFO_TX_BITRATE |
340 STATION_INFO_RX_BITRATE |
341 STATION_INFO_RX_DROP_MISC |
342 STATION_INFO_BSS_PARAM |
343 STATION_INFO_CONNECTED_TIME;
344
345 do_posix_clock_monotonic_gettime(&uptime);
346 sinfo->connected_time = uptime.tv_sec - sta->last_connected;
346 347
347 sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx); 348 sinfo->inactive_time = jiffies_to_msecs(jiffies - sta->last_rx);
348 sinfo->rx_bytes = sta->rx_bytes; 349 sinfo->rx_bytes = sta->rx_bytes;
349 sinfo->tx_bytes = sta->tx_bytes; 350 sinfo->tx_bytes = sta->tx_bytes;
350 sinfo->rx_packets = sta->rx_packets; 351 sinfo->rx_packets = sta->rx_packets;
351 sinfo->tx_packets = sta->tx_packets; 352 sinfo->tx_packets = sta->tx_packets;
353 sinfo->tx_retries = sta->tx_retry_count;
354 sinfo->tx_failed = sta->tx_retry_failed;
355 sinfo->rx_dropped_misc = sta->rx_dropped;
352 356
353 if ((sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) || 357 if ((sta->local->hw.flags & IEEE80211_HW_SIGNAL_DBM) ||
354 (sta->local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)) { 358 (sta->local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)) {
355 sinfo->filled |= STATION_INFO_SIGNAL; 359 sinfo->filled |= STATION_INFO_SIGNAL | STATION_INFO_SIGNAL_AVG;
356 sinfo->signal = (s8)sta->last_signal; 360 sinfo->signal = (s8)sta->last_signal;
361 sinfo->signal_avg = (s8) -ewma_read(&sta->avg_signal);
357 } 362 }
358 363
359 sinfo->txrate.flags = 0; 364 sinfo->txrate.flags = 0;
@@ -363,15 +368,16 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
363 sinfo->txrate.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH; 368 sinfo->txrate.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
364 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_SHORT_GI) 369 if (sta->last_tx_rate.flags & IEEE80211_TX_RC_SHORT_GI)
365 sinfo->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI; 370 sinfo->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
371 rate_idx_to_bitrate(&sinfo->txrate, sta, sta->last_tx_rate.idx);
366 372
367 if (!(sta->last_tx_rate.flags & IEEE80211_TX_RC_MCS)) { 373 sinfo->rxrate.flags = 0;
368 struct ieee80211_supported_band *sband; 374 if (sta->last_rx_rate_flag & RX_FLAG_HT)
369 sband = sta->local->hw.wiphy->bands[ 375 sinfo->rxrate.flags |= RATE_INFO_FLAGS_MCS;
370 sta->local->hw.conf.channel->band]; 376 if (sta->last_rx_rate_flag & RX_FLAG_40MHZ)
371 sinfo->txrate.legacy = 377 sinfo->rxrate.flags |= RATE_INFO_FLAGS_40_MHZ_WIDTH;
372 sband->bitrates[sta->last_tx_rate.idx].bitrate; 378 if (sta->last_rx_rate_flag & RX_FLAG_SHORT_GI)
373 } else 379 sinfo->rxrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
374 sinfo->txrate.mcs = sta->last_tx_rate.idx; 380 rate_idx_to_bitrate(&sinfo->rxrate, sta, sta->last_rx_rate_idx);
375 381
376 if (ieee80211_vif_is_mesh(&sdata->vif)) { 382 if (ieee80211_vif_is_mesh(&sdata->vif)) {
377#ifdef CONFIG_MAC80211_MESH 383#ifdef CONFIG_MAC80211_MESH
@@ -384,6 +390,16 @@ static void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo)
384 sinfo->plink_state = sta->plink_state; 390 sinfo->plink_state = sta->plink_state;
385#endif 391#endif
386 } 392 }
393
394 sinfo->bss_param.flags = 0;
395 if (sdata->vif.bss_conf.use_cts_prot)
396 sinfo->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
397 if (sdata->vif.bss_conf.use_short_preamble)
398 sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
399 if (sdata->vif.bss_conf.use_short_slot)
400 sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
401 sinfo->bss_param.dtim_period = sdata->local->hw.conf.ps_dtim_period;
402 sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
387} 403}
388 404
389 405
@@ -447,7 +463,7 @@ static int ieee80211_config_beacon(struct ieee80211_sub_if_data *sdata,
447 int size; 463 int size;
448 int err = -EINVAL; 464 int err = -EINVAL;
449 465
450 old = sdata->u.ap.beacon; 466 old = rtnl_dereference(sdata->u.ap.beacon);
451 467
452 /* head must not be zero-length */ 468 /* head must not be zero-length */
453 if (params->head && !params->head_len) 469 if (params->head && !params->head_len)
@@ -542,8 +558,7 @@ static int ieee80211_add_beacon(struct wiphy *wiphy, struct net_device *dev,
542 558
543 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 559 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
544 560
545 old = sdata->u.ap.beacon; 561 old = rtnl_dereference(sdata->u.ap.beacon);
546
547 if (old) 562 if (old)
548 return -EALREADY; 563 return -EALREADY;
549 564
@@ -558,8 +573,7 @@ static int ieee80211_set_beacon(struct wiphy *wiphy, struct net_device *dev,
558 573
559 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 574 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
560 575
561 old = sdata->u.ap.beacon; 576 old = rtnl_dereference(sdata->u.ap.beacon);
562
563 if (!old) 577 if (!old)
564 return -ENOENT; 578 return -ENOENT;
565 579
@@ -573,8 +587,7 @@ static int ieee80211_del_beacon(struct wiphy *wiphy, struct net_device *dev)
573 587
574 sdata = IEEE80211_DEV_TO_SUB_IF(dev); 588 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
575 589
576 old = sdata->u.ap.beacon; 590 old = rtnl_dereference(sdata->u.ap.beacon);
577
578 if (!old) 591 if (!old)
579 return -ENOENT; 592 return -ENOENT;
580 593
@@ -634,6 +647,7 @@ static void sta_apply_parameters(struct ieee80211_local *local,
634 struct sta_info *sta, 647 struct sta_info *sta,
635 struct station_parameters *params) 648 struct station_parameters *params)
636{ 649{
650 unsigned long flags;
637 u32 rates; 651 u32 rates;
638 int i, j; 652 int i, j;
639 struct ieee80211_supported_band *sband; 653 struct ieee80211_supported_band *sband;
@@ -642,7 +656,7 @@ static void sta_apply_parameters(struct ieee80211_local *local,
642 656
643 sband = local->hw.wiphy->bands[local->oper_channel->band]; 657 sband = local->hw.wiphy->bands[local->oper_channel->band];
644 658
645 spin_lock_bh(&sta->lock); 659 spin_lock_irqsave(&sta->flaglock, flags);
646 mask = params->sta_flags_mask; 660 mask = params->sta_flags_mask;
647 set = params->sta_flags_set; 661 set = params->sta_flags_set;
648 662
@@ -669,7 +683,13 @@ static void sta_apply_parameters(struct ieee80211_local *local,
669 if (set & BIT(NL80211_STA_FLAG_MFP)) 683 if (set & BIT(NL80211_STA_FLAG_MFP))
670 sta->flags |= WLAN_STA_MFP; 684 sta->flags |= WLAN_STA_MFP;
671 } 685 }
672 spin_unlock_bh(&sta->lock); 686
687 if (mask & BIT(NL80211_STA_FLAG_AUTHENTICATED)) {
688 sta->flags &= ~WLAN_STA_AUTH;
689 if (set & BIT(NL80211_STA_FLAG_AUTHENTICATED))
690 sta->flags |= WLAN_STA_AUTH;
691 }
692 spin_unlock_irqrestore(&sta->flaglock, flags);
673 693
674 /* 694 /*
675 * cfg80211 validates this (1-2007) and allows setting the AID 695 * cfg80211 validates this (1-2007) and allows setting the AID
@@ -706,15 +726,29 @@ static void sta_apply_parameters(struct ieee80211_local *local,
706 params->ht_capa, 726 params->ht_capa,
707 &sta->sta.ht_cap); 727 &sta->sta.ht_cap);
708 728
709 if (ieee80211_vif_is_mesh(&sdata->vif) && params->plink_action) { 729 if (ieee80211_vif_is_mesh(&sdata->vif)) {
710 switch (params->plink_action) { 730#ifdef CONFIG_MAC80211_MESH
711 case PLINK_ACTION_OPEN: 731 if (sdata->u.mesh.security & IEEE80211_MESH_SEC_SECURED)
712 mesh_plink_open(sta); 732 switch (params->plink_state) {
713 break; 733 case NL80211_PLINK_LISTEN:
714 case PLINK_ACTION_BLOCK: 734 case NL80211_PLINK_ESTAB:
715 mesh_plink_block(sta); 735 case NL80211_PLINK_BLOCKED:
716 break; 736 sta->plink_state = params->plink_state;
717 } 737 break;
738 default:
739 /* nothing */
740 break;
741 }
742 else
743 switch (params->plink_action) {
744 case PLINK_ACTION_OPEN:
745 mesh_plink_open(sta);
746 break;
747 case PLINK_ACTION_BLOCK:
748 mesh_plink_block(sta);
749 break;
750 }
751#endif
718 } 752 }
719} 753}
720 754
@@ -828,6 +862,10 @@ static int ieee80211_change_station(struct wiphy *wiphy,
828 862
829 rcu_read_unlock(); 863 rcu_read_unlock();
830 864
865 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
866 params->sta_flags_mask & BIT(NL80211_STA_FLAG_AUTHORIZED))
867 ieee80211_recalc_ps(local, -1);
868
831 return 0; 869 return 0;
832} 870}
833 871
@@ -911,8 +949,10 @@ static int ieee80211_change_mpath(struct wiphy *wiphy,
911static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop, 949static void mpath_set_pinfo(struct mesh_path *mpath, u8 *next_hop,
912 struct mpath_info *pinfo) 950 struct mpath_info *pinfo)
913{ 951{
914 if (mpath->next_hop) 952 struct sta_info *next_hop_sta = rcu_dereference(mpath->next_hop);
915 memcpy(next_hop, mpath->next_hop->sta.addr, ETH_ALEN); 953
954 if (next_hop_sta)
955 memcpy(next_hop, next_hop_sta->sta.addr, ETH_ALEN);
916 else 956 else
917 memset(next_hop, 0, ETH_ALEN); 957 memset(next_hop, 0, ETH_ALEN);
918 958
@@ -991,7 +1031,7 @@ static int ieee80211_dump_mpath(struct wiphy *wiphy, struct net_device *dev,
991 return 0; 1031 return 0;
992} 1032}
993 1033
994static int ieee80211_get_mesh_params(struct wiphy *wiphy, 1034static int ieee80211_get_mesh_config(struct wiphy *wiphy,
995 struct net_device *dev, 1035 struct net_device *dev,
996 struct mesh_config *conf) 1036 struct mesh_config *conf)
997{ 1037{
@@ -1007,9 +1047,43 @@ static inline bool _chg_mesh_attr(enum nl80211_meshconf_params parm, u32 mask)
1007 return (mask >> (parm-1)) & 0x1; 1047 return (mask >> (parm-1)) & 0x1;
1008} 1048}
1009 1049
1010static int ieee80211_set_mesh_params(struct wiphy *wiphy, 1050static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
1011 struct net_device *dev, 1051 const struct mesh_setup *setup)
1012 const struct mesh_config *nconf, u32 mask) 1052{
1053 u8 *new_ie;
1054 const u8 *old_ie;
1055
1056 /* allocate information elements */
1057 new_ie = NULL;
1058 old_ie = ifmsh->ie;
1059
1060 if (setup->ie_len) {
1061 new_ie = kmemdup(setup->ie, setup->ie_len,
1062 GFP_KERNEL);
1063 if (!new_ie)
1064 return -ENOMEM;
1065 }
1066 ifmsh->ie_len = setup->ie_len;
1067 ifmsh->ie = new_ie;
1068 kfree(old_ie);
1069
1070 /* now copy the rest of the setup parameters */
1071 ifmsh->mesh_id_len = setup->mesh_id_len;
1072 memcpy(ifmsh->mesh_id, setup->mesh_id, ifmsh->mesh_id_len);
1073 ifmsh->mesh_pp_id = setup->path_sel_proto;
1074 ifmsh->mesh_pm_id = setup->path_metric;
1075 ifmsh->security = IEEE80211_MESH_SEC_NONE;
1076 if (setup->is_authenticated)
1077 ifmsh->security |= IEEE80211_MESH_SEC_AUTHED;
1078 if (setup->is_secure)
1079 ifmsh->security |= IEEE80211_MESH_SEC_SECURED;
1080
1081 return 0;
1082}
1083
1084static int ieee80211_update_mesh_config(struct wiphy *wiphy,
1085 struct net_device *dev, u32 mask,
1086 const struct mesh_config *nconf)
1013{ 1087{
1014 struct mesh_config *conf; 1088 struct mesh_config *conf;
1015 struct ieee80211_sub_if_data *sdata; 1089 struct ieee80211_sub_if_data *sdata;
@@ -1032,6 +1106,8 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1032 conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries; 1106 conf->dot11MeshMaxRetries = nconf->dot11MeshMaxRetries;
1033 if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask)) 1107 if (_chg_mesh_attr(NL80211_MESHCONF_TTL, mask))
1034 conf->dot11MeshTTL = nconf->dot11MeshTTL; 1108 conf->dot11MeshTTL = nconf->dot11MeshTTL;
1109 if (_chg_mesh_attr(NL80211_MESHCONF_ELEMENT_TTL, mask))
1110 conf->dot11MeshTTL = nconf->element_ttl;
1035 if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask)) 1111 if (_chg_mesh_attr(NL80211_MESHCONF_AUTO_OPEN_PLINKS, mask))
1036 conf->auto_open_plinks = nconf->auto_open_plinks; 1112 conf->auto_open_plinks = nconf->auto_open_plinks;
1037 if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask)) 1113 if (_chg_mesh_attr(NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, mask))
@@ -1058,6 +1134,31 @@ static int ieee80211_set_mesh_params(struct wiphy *wiphy,
1058 return 0; 1134 return 0;
1059} 1135}
1060 1136
1137static int ieee80211_join_mesh(struct wiphy *wiphy, struct net_device *dev,
1138 const struct mesh_config *conf,
1139 const struct mesh_setup *setup)
1140{
1141 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1142 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
1143 int err;
1144
1145 memcpy(&ifmsh->mshcfg, conf, sizeof(struct mesh_config));
1146 err = copy_mesh_setup(ifmsh, setup);
1147 if (err)
1148 return err;
1149 ieee80211_start_mesh(sdata);
1150
1151 return 0;
1152}
1153
1154static int ieee80211_leave_mesh(struct wiphy *wiphy, struct net_device *dev)
1155{
1156 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1157
1158 ieee80211_stop_mesh(sdata);
1159
1160 return 0;
1161}
1061#endif 1162#endif
1062 1163
1063static int ieee80211_change_bss(struct wiphy *wiphy, 1164static int ieee80211_change_bss(struct wiphy *wiphy,
@@ -1116,6 +1217,12 @@ static int ieee80211_change_bss(struct wiphy *wiphy,
1116 sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS; 1217 sdata->flags &= ~IEEE80211_SDATA_DONT_BRIDGE_PACKETS;
1117 } 1218 }
1118 1219
1220 if (params->ht_opmode >= 0) {
1221 sdata->vif.bss_conf.ht_operation_mode =
1222 (u16) params->ht_opmode;
1223 changed |= BSS_CHANGED_HT;
1224 }
1225
1119 ieee80211_bss_info_change_notify(sdata, changed); 1226 ieee80211_bss_info_change_notify(sdata, changed);
1120 1227
1121 return 0; 1228 return 0;
@@ -1143,9 +1250,9 @@ static int ieee80211_set_txq_params(struct wiphy *wiphy,
1143 p.uapsd = false; 1250 p.uapsd = false;
1144 1251
1145 if (drv_conf_tx(local, params->queue, &p)) { 1252 if (drv_conf_tx(local, params->queue, &p)) {
1146 printk(KERN_DEBUG "%s: failed to set TX queue " 1253 wiphy_debug(local->hw.wiphy,
1147 "parameters for queue %d\n", 1254 "failed to set TX queue parameters for queue %d\n",
1148 wiphy_name(local->hw.wiphy), params->queue); 1255 params->queue);
1149 return -EINVAL; 1256 return -EINVAL;
1150 } 1257 }
1151 1258
@@ -1159,6 +1266,9 @@ static int ieee80211_set_channel(struct wiphy *wiphy,
1159{ 1266{
1160 struct ieee80211_local *local = wiphy_priv(wiphy); 1267 struct ieee80211_local *local = wiphy_priv(wiphy);
1161 struct ieee80211_sub_if_data *sdata = NULL; 1268 struct ieee80211_sub_if_data *sdata = NULL;
1269 struct ieee80211_channel *old_oper;
1270 enum nl80211_channel_type old_oper_type;
1271 enum nl80211_channel_type old_vif_oper_type= NL80211_CHAN_NO_HT;
1162 1272
1163 if (netdev) 1273 if (netdev)
1164 sdata = IEEE80211_DEV_TO_SUB_IF(netdev); 1274 sdata = IEEE80211_DEV_TO_SUB_IF(netdev);
@@ -1176,22 +1286,33 @@ static int ieee80211_set_channel(struct wiphy *wiphy,
1176 break; 1286 break;
1177 } 1287 }
1178 1288
1179 local->oper_channel = chan; 1289 if (sdata)
1290 old_vif_oper_type = sdata->vif.bss_conf.channel_type;
1291 old_oper_type = local->_oper_channel_type;
1180 1292
1181 if (!ieee80211_set_channel_type(local, sdata, channel_type)) 1293 if (!ieee80211_set_channel_type(local, sdata, channel_type))
1182 return -EBUSY; 1294 return -EBUSY;
1183 1295
1184 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 1296 old_oper = local->oper_channel;
1185 if (sdata && sdata->vif.type != NL80211_IFTYPE_MONITOR) 1297 local->oper_channel = chan;
1298
1299 /* Update driver if changes were actually made. */
1300 if ((old_oper != local->oper_channel) ||
1301 (old_oper_type != local->_oper_channel_type))
1302 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
1303
1304 if ((sdata && sdata->vif.type != NL80211_IFTYPE_MONITOR) &&
1305 old_vif_oper_type != sdata->vif.bss_conf.channel_type)
1186 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT); 1306 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_HT);
1187 1307
1188 return 0; 1308 return 0;
1189} 1309}
1190 1310
1191#ifdef CONFIG_PM 1311#ifdef CONFIG_PM
1192static int ieee80211_suspend(struct wiphy *wiphy) 1312static int ieee80211_suspend(struct wiphy *wiphy,
1313 struct cfg80211_wowlan *wowlan)
1193{ 1314{
1194 return __ieee80211_suspend(wiphy_priv(wiphy)); 1315 return __ieee80211_suspend(wiphy_priv(wiphy), wowlan);
1195} 1316}
1196 1317
1197static int ieee80211_resume(struct wiphy *wiphy) 1318static int ieee80211_resume(struct wiphy *wiphy)
@@ -1207,19 +1328,57 @@ static int ieee80211_scan(struct wiphy *wiphy,
1207 struct net_device *dev, 1328 struct net_device *dev,
1208 struct cfg80211_scan_request *req) 1329 struct cfg80211_scan_request *req)
1209{ 1330{
1210 struct ieee80211_sub_if_data *sdata; 1331 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1211
1212 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1213 1332
1214 if (sdata->vif.type != NL80211_IFTYPE_STATION && 1333 switch (ieee80211_vif_type_p2p(&sdata->vif)) {
1215 sdata->vif.type != NL80211_IFTYPE_ADHOC && 1334 case NL80211_IFTYPE_STATION:
1216 sdata->vif.type != NL80211_IFTYPE_MESH_POINT && 1335 case NL80211_IFTYPE_ADHOC:
1217 (sdata->vif.type != NL80211_IFTYPE_AP || sdata->u.ap.beacon)) 1336 case NL80211_IFTYPE_MESH_POINT:
1337 case NL80211_IFTYPE_P2P_CLIENT:
1338 break;
1339 case NL80211_IFTYPE_P2P_GO:
1340 if (sdata->local->ops->hw_scan)
1341 break;
1342 /*
1343 * FIXME: implement NoA while scanning in software,
1344 * for now fall through to allow scanning only when
1345 * beaconing hasn't been configured yet
1346 */
1347 case NL80211_IFTYPE_AP:
1348 if (sdata->u.ap.beacon)
1349 return -EOPNOTSUPP;
1350 break;
1351 default:
1218 return -EOPNOTSUPP; 1352 return -EOPNOTSUPP;
1353 }
1219 1354
1220 return ieee80211_request_scan(sdata, req); 1355 return ieee80211_request_scan(sdata, req);
1221} 1356}
1222 1357
1358static int
1359ieee80211_sched_scan_start(struct wiphy *wiphy,
1360 struct net_device *dev,
1361 struct cfg80211_sched_scan_request *req)
1362{
1363 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1364
1365 if (!sdata->local->ops->sched_scan_start)
1366 return -EOPNOTSUPP;
1367
1368 return ieee80211_request_sched_scan_start(sdata, req);
1369}
1370
1371static int
1372ieee80211_sched_scan_stop(struct wiphy *wiphy, struct net_device *dev)
1373{
1374 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1375
1376 if (!sdata->local->ops->sched_scan_stop)
1377 return -EOPNOTSUPP;
1378
1379 return ieee80211_request_sched_scan_stop(sdata);
1380}
1381
1223static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev, 1382static int ieee80211_auth(struct wiphy *wiphy, struct net_device *dev,
1224 struct cfg80211_auth_request *req) 1383 struct cfg80211_auth_request *req)
1225{ 1384{
@@ -1296,6 +1455,13 @@ static int ieee80211_set_wiphy_params(struct wiphy *wiphy, u32 changed)
1296 struct ieee80211_local *local = wiphy_priv(wiphy); 1455 struct ieee80211_local *local = wiphy_priv(wiphy);
1297 int err; 1456 int err;
1298 1457
1458 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) {
1459 err = drv_set_frag_threshold(local, wiphy->frag_threshold);
1460
1461 if (err)
1462 return err;
1463 }
1464
1299 if (changed & WIPHY_PARAM_COVERAGE_CLASS) { 1465 if (changed & WIPHY_PARAM_COVERAGE_CLASS) {
1300 err = drv_set_coverage_class(local, wiphy->coverage_class); 1466 err = drv_set_coverage_class(local, wiphy->coverage_class);
1301 1467
@@ -1362,7 +1528,7 @@ static int ieee80211_get_tx_power(struct wiphy *wiphy, int *dbm)
1362} 1528}
1363 1529
1364static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev, 1530static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
1365 u8 *addr) 1531 const u8 *addr)
1366{ 1532{
1367 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1533 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1368 1534
@@ -1397,6 +1563,8 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1397 enum ieee80211_smps_mode old_req; 1563 enum ieee80211_smps_mode old_req;
1398 int err; 1564 int err;
1399 1565
1566 lockdep_assert_held(&sdata->u.mgd.mtx);
1567
1400 old_req = sdata->u.mgd.req_smps; 1568 old_req = sdata->u.mgd.req_smps;
1401 sdata->u.mgd.req_smps = smps_mode; 1569 sdata->u.mgd.req_smps = smps_mode;
1402 1570
@@ -1411,7 +1579,7 @@ int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1411 if (!sdata->u.mgd.associated || 1579 if (!sdata->u.mgd.associated ||
1412 sdata->vif.bss_conf.channel_type == NL80211_CHAN_NO_HT) { 1580 sdata->vif.bss_conf.channel_type == NL80211_CHAN_NO_HT) {
1413 mutex_lock(&sdata->local->iflist_mtx); 1581 mutex_lock(&sdata->local->iflist_mtx);
1414 ieee80211_recalc_smps(sdata->local, sdata); 1582 ieee80211_recalc_smps(sdata->local);
1415 mutex_unlock(&sdata->local->iflist_mtx); 1583 mutex_unlock(&sdata->local->iflist_mtx);
1416 return 0; 1584 return 0;
1417 } 1585 }
@@ -1502,16 +1670,13 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1502{ 1670{
1503 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1671 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1504 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr); 1672 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
1505 int i; 1673 int i, ret;
1506
1507 /*
1508 * This _could_ be supported by providing a hook for
1509 * drivers for this function, but at this point it
1510 * doesn't seem worth bothering.
1511 */
1512 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
1513 return -EOPNOTSUPP;
1514 1674
1675 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) {
1676 ret = drv_set_bitrate_mask(local, sdata, mask);
1677 if (ret)
1678 return ret;
1679 }
1515 1680
1516 for (i = 0; i < IEEE80211_NUM_BANDS; i++) 1681 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
1517 sdata->rc_rateidx_mask[i] = mask->control[i].legacy; 1682 sdata->rc_rateidx_mask[i] = mask->control[i].legacy;
@@ -1519,6 +1684,37 @@ static int ieee80211_set_bitrate_mask(struct wiphy *wiphy,
1519 return 0; 1684 return 0;
1520} 1685}
1521 1686
1687static int ieee80211_remain_on_channel_hw(struct ieee80211_local *local,
1688 struct net_device *dev,
1689 struct ieee80211_channel *chan,
1690 enum nl80211_channel_type chantype,
1691 unsigned int duration, u64 *cookie)
1692{
1693 int ret;
1694 u32 random_cookie;
1695
1696 lockdep_assert_held(&local->mtx);
1697
1698 if (local->hw_roc_cookie)
1699 return -EBUSY;
1700 /* must be nonzero */
1701 random_cookie = random32() | 1;
1702
1703 *cookie = random_cookie;
1704 local->hw_roc_dev = dev;
1705 local->hw_roc_cookie = random_cookie;
1706 local->hw_roc_channel = chan;
1707 local->hw_roc_channel_type = chantype;
1708 local->hw_roc_duration = duration;
1709 ret = drv_remain_on_channel(local, chan, chantype, duration);
1710 if (ret) {
1711 local->hw_roc_channel = NULL;
1712 local->hw_roc_cookie = 0;
1713 }
1714
1715 return ret;
1716}
1717
1522static int ieee80211_remain_on_channel(struct wiphy *wiphy, 1718static int ieee80211_remain_on_channel(struct wiphy *wiphy,
1523 struct net_device *dev, 1719 struct net_device *dev,
1524 struct ieee80211_channel *chan, 1720 struct ieee80211_channel *chan,
@@ -1527,46 +1723,131 @@ static int ieee80211_remain_on_channel(struct wiphy *wiphy,
1527 u64 *cookie) 1723 u64 *cookie)
1528{ 1724{
1529 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1725 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1726 struct ieee80211_local *local = sdata->local;
1727
1728 if (local->ops->remain_on_channel) {
1729 int ret;
1730
1731 mutex_lock(&local->mtx);
1732 ret = ieee80211_remain_on_channel_hw(local, dev,
1733 chan, channel_type,
1734 duration, cookie);
1735 local->hw_roc_for_tx = false;
1736 mutex_unlock(&local->mtx);
1737
1738 return ret;
1739 }
1530 1740
1531 return ieee80211_wk_remain_on_channel(sdata, chan, channel_type, 1741 return ieee80211_wk_remain_on_channel(sdata, chan, channel_type,
1532 duration, cookie); 1742 duration, cookie);
1533} 1743}
1534 1744
1745static int ieee80211_cancel_remain_on_channel_hw(struct ieee80211_local *local,
1746 u64 cookie)
1747{
1748 int ret;
1749
1750 lockdep_assert_held(&local->mtx);
1751
1752 if (local->hw_roc_cookie != cookie)
1753 return -ENOENT;
1754
1755 ret = drv_cancel_remain_on_channel(local);
1756 if (ret)
1757 return ret;
1758
1759 local->hw_roc_cookie = 0;
1760 local->hw_roc_channel = NULL;
1761
1762 ieee80211_recalc_idle(local);
1763
1764 return 0;
1765}
1766
1535static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy, 1767static int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
1536 struct net_device *dev, 1768 struct net_device *dev,
1537 u64 cookie) 1769 u64 cookie)
1538{ 1770{
1539 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1771 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1772 struct ieee80211_local *local = sdata->local;
1773
1774 if (local->ops->cancel_remain_on_channel) {
1775 int ret;
1776
1777 mutex_lock(&local->mtx);
1778 ret = ieee80211_cancel_remain_on_channel_hw(local, cookie);
1779 mutex_unlock(&local->mtx);
1780
1781 return ret;
1782 }
1540 1783
1541 return ieee80211_wk_cancel_remain_on_channel(sdata, cookie); 1784 return ieee80211_wk_cancel_remain_on_channel(sdata, cookie);
1542} 1785}
1543 1786
1544static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev, 1787static enum work_done_result
1545 struct ieee80211_channel *chan, 1788ieee80211_offchan_tx_done(struct ieee80211_work *wk, struct sk_buff *skb)
1546 enum nl80211_channel_type channel_type, 1789{
1547 bool channel_type_valid, 1790 /*
1548 const u8 *buf, size_t len, u64 *cookie) 1791 * Use the data embedded in the work struct for reporting
1792 * here so if the driver mangled the SKB before dropping
1793 * it (which is the only way we really should get here)
1794 * then we don't report mangled data.
1795 *
1796 * If there was no wait time, then by the time we get here
1797 * the driver will likely not have reported the status yet,
1798 * so in that case userspace will have to deal with it.
1799 */
1800
1801 if (wk->offchan_tx.wait && wk->offchan_tx.frame)
1802 cfg80211_mgmt_tx_status(wk->sdata->dev,
1803 (unsigned long) wk->offchan_tx.frame,
1804 wk->ie, wk->ie_len, false, GFP_KERNEL);
1805
1806 return WORK_DONE_DESTROY;
1807}
1808
1809static int ieee80211_mgmt_tx(struct wiphy *wiphy, struct net_device *dev,
1810 struct ieee80211_channel *chan, bool offchan,
1811 enum nl80211_channel_type channel_type,
1812 bool channel_type_valid, unsigned int wait,
1813 const u8 *buf, size_t len, u64 *cookie)
1549{ 1814{
1550 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1815 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1551 struct ieee80211_local *local = sdata->local; 1816 struct ieee80211_local *local = sdata->local;
1552 struct sk_buff *skb; 1817 struct sk_buff *skb;
1553 struct sta_info *sta; 1818 struct sta_info *sta;
1819 struct ieee80211_work *wk;
1554 const struct ieee80211_mgmt *mgmt = (void *)buf; 1820 const struct ieee80211_mgmt *mgmt = (void *)buf;
1555 u32 flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX | 1821 u32 flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
1556 IEEE80211_TX_CTL_REQ_TX_STATUS; 1822 IEEE80211_TX_CTL_REQ_TX_STATUS;
1823 bool is_offchan = false;
1557 1824
1558 /* Check that we are on the requested channel for transmission */ 1825 /* Check that we are on the requested channel for transmission */
1559 if (chan != local->tmp_channel && 1826 if (chan != local->tmp_channel &&
1560 chan != local->oper_channel) 1827 chan != local->oper_channel)
1561 return -EBUSY; 1828 is_offchan = true;
1562 if (channel_type_valid && 1829 if (channel_type_valid &&
1563 (channel_type != local->tmp_channel_type && 1830 (channel_type != local->tmp_channel_type &&
1564 channel_type != local->_oper_channel_type)) 1831 channel_type != local->_oper_channel_type))
1832 is_offchan = true;
1833
1834 if (chan == local->hw_roc_channel) {
1835 /* TODO: check channel type? */
1836 is_offchan = false;
1837 flags |= IEEE80211_TX_CTL_TX_OFFCHAN;
1838 }
1839
1840 if (is_offchan && !offchan)
1565 return -EBUSY; 1841 return -EBUSY;
1566 1842
1567 switch (sdata->vif.type) { 1843 switch (sdata->vif.type) {
1568 case NL80211_IFTYPE_ADHOC: 1844 case NL80211_IFTYPE_ADHOC:
1569 if (mgmt->u.action.category == WLAN_CATEGORY_PUBLIC) 1845 case NL80211_IFTYPE_AP:
1846 case NL80211_IFTYPE_AP_VLAN:
1847 case NL80211_IFTYPE_P2P_GO:
1848 case NL80211_IFTYPE_MESH_POINT:
1849 if (!ieee80211_is_action(mgmt->frame_control) ||
1850 mgmt->u.action.category == WLAN_CATEGORY_PUBLIC)
1570 break; 1851 break;
1571 rcu_read_lock(); 1852 rcu_read_lock();
1572 sta = sta_info_get(sdata, mgmt->da); 1853 sta = sta_info_get(sdata, mgmt->da);
@@ -1575,8 +1856,7 @@ static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev,
1575 return -ENOLINK; 1856 return -ENOLINK;
1576 break; 1857 break;
1577 case NL80211_IFTYPE_STATION: 1858 case NL80211_IFTYPE_STATION:
1578 if (!(sdata->u.mgd.flags & IEEE80211_STA_MFP_ENABLED)) 1859 case NL80211_IFTYPE_P2P_CLIENT:
1579 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1580 break; 1860 break;
1581 default: 1861 default:
1582 return -EOPNOTSUPP; 1862 return -EOPNOTSUPP;
@@ -1592,12 +1872,219 @@ static int ieee80211_action(struct wiphy *wiphy, struct net_device *dev,
1592 IEEE80211_SKB_CB(skb)->flags = flags; 1872 IEEE80211_SKB_CB(skb)->flags = flags;
1593 1873
1594 skb->dev = sdata->dev; 1874 skb->dev = sdata->dev;
1595 ieee80211_tx_skb(sdata, skb);
1596 1875
1597 *cookie = (unsigned long) skb; 1876 *cookie = (unsigned long) skb;
1877
1878 if (is_offchan && local->ops->offchannel_tx) {
1879 int ret;
1880
1881 IEEE80211_SKB_CB(skb)->band = chan->band;
1882
1883 mutex_lock(&local->mtx);
1884
1885 if (local->hw_offchan_tx_cookie) {
1886 mutex_unlock(&local->mtx);
1887 return -EBUSY;
1888 }
1889
1890 /* TODO: bitrate control, TX processing? */
1891 ret = drv_offchannel_tx(local, skb, chan, channel_type, wait);
1892
1893 if (ret == 0)
1894 local->hw_offchan_tx_cookie = *cookie;
1895 mutex_unlock(&local->mtx);
1896
1897 /*
1898 * Allow driver to return 1 to indicate it wants to have the
1899 * frame transmitted with a remain_on_channel + regular TX.
1900 */
1901 if (ret != 1)
1902 return ret;
1903 }
1904
1905 if (is_offchan && local->ops->remain_on_channel) {
1906 unsigned int duration;
1907 int ret;
1908
1909 mutex_lock(&local->mtx);
1910 /*
1911 * If the duration is zero, then the driver
1912 * wouldn't actually do anything. Set it to
1913 * 100 for now.
1914 *
1915 * TODO: cancel the off-channel operation
1916 * when we get the SKB's TX status and
1917 * the wait time was zero before.
1918 */
1919 duration = 100;
1920 if (wait)
1921 duration = wait;
1922 ret = ieee80211_remain_on_channel_hw(local, dev, chan,
1923 channel_type,
1924 duration, cookie);
1925 if (ret) {
1926 kfree_skb(skb);
1927 mutex_unlock(&local->mtx);
1928 return ret;
1929 }
1930
1931 local->hw_roc_for_tx = true;
1932 local->hw_roc_duration = wait;
1933
1934 /*
1935 * queue up frame for transmission after
1936 * ieee80211_ready_on_channel call
1937 */
1938
1939 /* modify cookie to prevent API mismatches */
1940 *cookie ^= 2;
1941 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN;
1942 local->hw_roc_skb = skb;
1943 local->hw_roc_skb_for_status = skb;
1944 mutex_unlock(&local->mtx);
1945
1946 return 0;
1947 }
1948
1949 /*
1950 * Can transmit right away if the channel was the
1951 * right one and there's no wait involved... If a
1952 * wait is involved, we might otherwise not be on
1953 * the right channel for long enough!
1954 */
1955 if (!is_offchan && !wait && !sdata->vif.bss_conf.idle) {
1956 ieee80211_tx_skb(sdata, skb);
1957 return 0;
1958 }
1959
1960 wk = kzalloc(sizeof(*wk) + len, GFP_KERNEL);
1961 if (!wk) {
1962 kfree_skb(skb);
1963 return -ENOMEM;
1964 }
1965
1966 wk->type = IEEE80211_WORK_OFFCHANNEL_TX;
1967 wk->chan = chan;
1968 wk->chan_type = channel_type;
1969 wk->sdata = sdata;
1970 wk->done = ieee80211_offchan_tx_done;
1971 wk->offchan_tx.frame = skb;
1972 wk->offchan_tx.wait = wait;
1973 wk->ie_len = len;
1974 memcpy(wk->ie, buf, len);
1975
1976 ieee80211_add_work(wk);
1598 return 0; 1977 return 0;
1599} 1978}
1600 1979
1980static int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
1981 struct net_device *dev,
1982 u64 cookie)
1983{
1984 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1985 struct ieee80211_local *local = sdata->local;
1986 struct ieee80211_work *wk;
1987 int ret = -ENOENT;
1988
1989 mutex_lock(&local->mtx);
1990
1991 if (local->ops->offchannel_tx_cancel_wait &&
1992 local->hw_offchan_tx_cookie == cookie) {
1993 ret = drv_offchannel_tx_cancel_wait(local);
1994
1995 if (!ret)
1996 local->hw_offchan_tx_cookie = 0;
1997
1998 mutex_unlock(&local->mtx);
1999
2000 return ret;
2001 }
2002
2003 if (local->ops->cancel_remain_on_channel) {
2004 cookie ^= 2;
2005 ret = ieee80211_cancel_remain_on_channel_hw(local, cookie);
2006
2007 if (ret == 0) {
2008 kfree_skb(local->hw_roc_skb);
2009 local->hw_roc_skb = NULL;
2010 local->hw_roc_skb_for_status = NULL;
2011 }
2012
2013 mutex_unlock(&local->mtx);
2014
2015 return ret;
2016 }
2017
2018 list_for_each_entry(wk, &local->work_list, list) {
2019 if (wk->sdata != sdata)
2020 continue;
2021
2022 if (wk->type != IEEE80211_WORK_OFFCHANNEL_TX)
2023 continue;
2024
2025 if (cookie != (unsigned long) wk->offchan_tx.frame)
2026 continue;
2027
2028 wk->timeout = jiffies;
2029
2030 ieee80211_queue_work(&local->hw, &local->work_work);
2031 ret = 0;
2032 break;
2033 }
2034 mutex_unlock(&local->mtx);
2035
2036 return ret;
2037}
2038
2039static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
2040 struct net_device *dev,
2041 u16 frame_type, bool reg)
2042{
2043 struct ieee80211_local *local = wiphy_priv(wiphy);
2044
2045 if (frame_type != (IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_PROBE_REQ))
2046 return;
2047
2048 if (reg)
2049 local->probe_req_reg++;
2050 else
2051 local->probe_req_reg--;
2052
2053 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
2054}
2055
2056static int ieee80211_set_antenna(struct wiphy *wiphy, u32 tx_ant, u32 rx_ant)
2057{
2058 struct ieee80211_local *local = wiphy_priv(wiphy);
2059
2060 if (local->started)
2061 return -EOPNOTSUPP;
2062
2063 return drv_set_antenna(local, tx_ant, rx_ant);
2064}
2065
2066static int ieee80211_get_antenna(struct wiphy *wiphy, u32 *tx_ant, u32 *rx_ant)
2067{
2068 struct ieee80211_local *local = wiphy_priv(wiphy);
2069
2070 return drv_get_antenna(local, tx_ant, rx_ant);
2071}
2072
2073static int ieee80211_set_ringparam(struct wiphy *wiphy, u32 tx, u32 rx)
2074{
2075 struct ieee80211_local *local = wiphy_priv(wiphy);
2076
2077 return drv_set_ringparam(local, tx, rx);
2078}
2079
2080static void ieee80211_get_ringparam(struct wiphy *wiphy,
2081 u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max)
2082{
2083 struct ieee80211_local *local = wiphy_priv(wiphy);
2084
2085 drv_get_ringparam(local, tx, tx_max, rx, rx_max);
2086}
2087
1601struct cfg80211_ops mac80211_config_ops = { 2088struct cfg80211_ops mac80211_config_ops = {
1602 .add_virtual_intf = ieee80211_add_iface, 2089 .add_virtual_intf = ieee80211_add_iface,
1603 .del_virtual_intf = ieee80211_del_iface, 2090 .del_virtual_intf = ieee80211_del_iface,
@@ -1622,8 +2109,10 @@ struct cfg80211_ops mac80211_config_ops = {
1622 .change_mpath = ieee80211_change_mpath, 2109 .change_mpath = ieee80211_change_mpath,
1623 .get_mpath = ieee80211_get_mpath, 2110 .get_mpath = ieee80211_get_mpath,
1624 .dump_mpath = ieee80211_dump_mpath, 2111 .dump_mpath = ieee80211_dump_mpath,
1625 .set_mesh_params = ieee80211_set_mesh_params, 2112 .update_mesh_config = ieee80211_update_mesh_config,
1626 .get_mesh_params = ieee80211_get_mesh_params, 2113 .get_mesh_config = ieee80211_get_mesh_config,
2114 .join_mesh = ieee80211_join_mesh,
2115 .leave_mesh = ieee80211_leave_mesh,
1627#endif 2116#endif
1628 .change_bss = ieee80211_change_bss, 2117 .change_bss = ieee80211_change_bss,
1629 .set_txq_params = ieee80211_set_txq_params, 2118 .set_txq_params = ieee80211_set_txq_params,
@@ -1631,6 +2120,8 @@ struct cfg80211_ops mac80211_config_ops = {
1631 .suspend = ieee80211_suspend, 2120 .suspend = ieee80211_suspend,
1632 .resume = ieee80211_resume, 2121 .resume = ieee80211_resume,
1633 .scan = ieee80211_scan, 2122 .scan = ieee80211_scan,
2123 .sched_scan_start = ieee80211_sched_scan_start,
2124 .sched_scan_stop = ieee80211_sched_scan_stop,
1634 .auth = ieee80211_auth, 2125 .auth = ieee80211_auth,
1635 .assoc = ieee80211_assoc, 2126 .assoc = ieee80211_assoc,
1636 .deauth = ieee80211_deauth, 2127 .deauth = ieee80211_deauth,
@@ -1647,6 +2138,12 @@ struct cfg80211_ops mac80211_config_ops = {
1647 .set_bitrate_mask = ieee80211_set_bitrate_mask, 2138 .set_bitrate_mask = ieee80211_set_bitrate_mask,
1648 .remain_on_channel = ieee80211_remain_on_channel, 2139 .remain_on_channel = ieee80211_remain_on_channel,
1649 .cancel_remain_on_channel = ieee80211_cancel_remain_on_channel, 2140 .cancel_remain_on_channel = ieee80211_cancel_remain_on_channel,
1650 .action = ieee80211_action, 2141 .mgmt_tx = ieee80211_mgmt_tx,
2142 .mgmt_tx_cancel_wait = ieee80211_mgmt_tx_cancel_wait,
1651 .set_cqm_rssi_config = ieee80211_set_cqm_rssi_config, 2143 .set_cqm_rssi_config = ieee80211_set_cqm_rssi_config,
2144 .mgmt_frame_register = ieee80211_mgmt_frame_register,
2145 .set_antenna = ieee80211_set_antenna,
2146 .get_antenna = ieee80211_get_antenna,
2147 .set_ringparam = ieee80211_set_ringparam,
2148 .get_ringparam = ieee80211_get_ringparam,
1652}; 2149};
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 32be11e4c4d9..889c3e93e0f4 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -11,7 +11,7 @@ __ieee80211_get_channel_mode(struct ieee80211_local *local,
11{ 11{
12 struct ieee80211_sub_if_data *sdata; 12 struct ieee80211_sub_if_data *sdata;
13 13
14 WARN_ON(!mutex_is_locked(&local->iflist_mtx)); 14 lockdep_assert_held(&local->iflist_mtx);
15 15
16 list_for_each_entry(sdata, &local->interfaces, list) { 16 list_for_each_entry(sdata, &local->interfaces, list) {
17 if (sdata == ignore) 17 if (sdata == ignore)
@@ -77,6 +77,9 @@ bool ieee80211_set_channel_type(struct ieee80211_local *local,
77 switch (tmp->vif.bss_conf.channel_type) { 77 switch (tmp->vif.bss_conf.channel_type) {
78 case NL80211_CHAN_NO_HT: 78 case NL80211_CHAN_NO_HT:
79 case NL80211_CHAN_HT20: 79 case NL80211_CHAN_HT20:
80 if (superchan > tmp->vif.bss_conf.channel_type)
81 break;
82
80 superchan = tmp->vif.bss_conf.channel_type; 83 superchan = tmp->vif.bss_conf.channel_type;
81 break; 84 break;
82 case NL80211_CHAN_HT40PLUS: 85 case NL80211_CHAN_HT40PLUS:
diff --git a/net/mac80211/debugfs.c b/net/mac80211/debugfs.c
index a694c593ff6a..186e02f7cc32 100644
--- a/net/mac80211/debugfs.c
+++ b/net/mac80211/debugfs.c
@@ -21,23 +21,43 @@ int mac80211_open_file_generic(struct inode *inode, struct file *file)
21 return 0; 21 return 0;
22} 22}
23 23
24#define DEBUGFS_READONLY_FILE(name, buflen, fmt, value...) \ 24#define DEBUGFS_FORMAT_BUFFER_SIZE 100
25
26int mac80211_format_buffer(char __user *userbuf, size_t count,
27 loff_t *ppos, char *fmt, ...)
28{
29 va_list args;
30 char buf[DEBUGFS_FORMAT_BUFFER_SIZE];
31 int res;
32
33 va_start(args, fmt);
34 res = vscnprintf(buf, sizeof(buf), fmt, args);
35 va_end(args);
36
37 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
38}
39
40#define DEBUGFS_READONLY_FILE_FN(name, fmt, value...) \
25static ssize_t name## _read(struct file *file, char __user *userbuf, \ 41static ssize_t name## _read(struct file *file, char __user *userbuf, \
26 size_t count, loff_t *ppos) \ 42 size_t count, loff_t *ppos) \
27{ \ 43{ \
28 struct ieee80211_local *local = file->private_data; \ 44 struct ieee80211_local *local = file->private_data; \
29 char buf[buflen]; \
30 int res; \
31 \
32 res = scnprintf(buf, buflen, fmt "\n", ##value); \
33 return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
34} \
35 \ 45 \
46 return mac80211_format_buffer(userbuf, count, ppos, \
47 fmt "\n", ##value); \
48}
49
50#define DEBUGFS_READONLY_FILE_OPS(name) \
36static const struct file_operations name## _ops = { \ 51static const struct file_operations name## _ops = { \
37 .read = name## _read, \ 52 .read = name## _read, \
38 .open = mac80211_open_file_generic, \ 53 .open = mac80211_open_file_generic, \
54 .llseek = generic_file_llseek, \
39}; 55};
40 56
57#define DEBUGFS_READONLY_FILE(name, fmt, value...) \
58 DEBUGFS_READONLY_FILE_FN(name, fmt, value) \
59 DEBUGFS_READONLY_FILE_OPS(name)
60
41#define DEBUGFS_ADD(name) \ 61#define DEBUGFS_ADD(name) \
42 debugfs_create_file(#name, 0400, phyd, local, &name## _ops); 62 debugfs_create_file(#name, 0400, phyd, local, &name## _ops);
43 63
@@ -45,13 +65,17 @@ static const struct file_operations name## _ops = { \
45 debugfs_create_file(#name, mode, phyd, local, &name## _ops); 65 debugfs_create_file(#name, mode, phyd, local, &name## _ops);
46 66
47 67
48DEBUGFS_READONLY_FILE(frequency, 20, "%d", 68DEBUGFS_READONLY_FILE(user_power, "%d",
69 local->user_power_level);
70DEBUGFS_READONLY_FILE(power, "%d",
71 local->hw.conf.power_level);
72DEBUGFS_READONLY_FILE(frequency, "%d",
49 local->hw.conf.channel->center_freq); 73 local->hw.conf.channel->center_freq);
50DEBUGFS_READONLY_FILE(total_ps_buffered, 20, "%d", 74DEBUGFS_READONLY_FILE(total_ps_buffered, "%d",
51 local->total_ps_buffered); 75 local->total_ps_buffered);
52DEBUGFS_READONLY_FILE(wep_iv, 20, "%#08x", 76DEBUGFS_READONLY_FILE(wep_iv, "%#08x",
53 local->wep_iv & 0xffffff); 77 local->wep_iv & 0xffffff);
54DEBUGFS_READONLY_FILE(rate_ctrl_alg, 100, "%s", 78DEBUGFS_READONLY_FILE(rate_ctrl_alg, "%s",
55 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver"); 79 local->rate_ctrl ? local->rate_ctrl->ops->name : "hw/driver");
56 80
57static ssize_t tsf_read(struct file *file, char __user *user_buf, 81static ssize_t tsf_read(struct file *file, char __user *user_buf,
@@ -59,13 +83,11 @@ static ssize_t tsf_read(struct file *file, char __user *user_buf,
59{ 83{
60 struct ieee80211_local *local = file->private_data; 84 struct ieee80211_local *local = file->private_data;
61 u64 tsf; 85 u64 tsf;
62 char buf[100];
63 86
64 tsf = drv_get_tsf(local); 87 tsf = drv_get_tsf(local);
65 88
66 snprintf(buf, sizeof(buf), "0x%016llx\n", (unsigned long long) tsf); 89 return mac80211_format_buffer(user_buf, count, ppos, "0x%016llx\n",
67 90 (unsigned long long) tsf);
68 return simple_read_from_buffer(user_buf, count, ppos, buf, 19);
69} 91}
70 92
71static ssize_t tsf_write(struct file *file, 93static ssize_t tsf_write(struct file *file,
@@ -85,13 +107,15 @@ static ssize_t tsf_write(struct file *file,
85 if (strncmp(buf, "reset", 5) == 0) { 107 if (strncmp(buf, "reset", 5) == 0) {
86 if (local->ops->reset_tsf) { 108 if (local->ops->reset_tsf) {
87 drv_reset_tsf(local); 109 drv_reset_tsf(local);
88 printk(KERN_INFO "%s: debugfs reset TSF\n", wiphy_name(local->hw.wiphy)); 110 wiphy_info(local->hw.wiphy, "debugfs reset TSF\n");
89 } 111 }
90 } else { 112 } else {
91 tsf = simple_strtoul(buf, NULL, 0); 113 tsf = simple_strtoul(buf, NULL, 0);
92 if (local->ops->set_tsf) { 114 if (local->ops->set_tsf) {
93 drv_set_tsf(local, tsf); 115 drv_set_tsf(local, tsf);
94 printk(KERN_INFO "%s: debugfs set TSF to %#018llx\n", wiphy_name(local->hw.wiphy), tsf); 116 wiphy_info(local->hw.wiphy,
117 "debugfs set TSF to %#018llx\n", tsf);
118
95 } 119 }
96 } 120 }
97 121
@@ -101,7 +125,8 @@ static ssize_t tsf_write(struct file *file,
101static const struct file_operations tsf_ops = { 125static const struct file_operations tsf_ops = {
102 .read = tsf_read, 126 .read = tsf_read,
103 .write = tsf_write, 127 .write = tsf_write,
104 .open = mac80211_open_file_generic 128 .open = mac80211_open_file_generic,
129 .llseek = default_llseek,
105}; 130};
106 131
107static ssize_t reset_write(struct file *file, const char __user *user_buf, 132static ssize_t reset_write(struct file *file, const char __user *user_buf,
@@ -110,7 +135,7 @@ static ssize_t reset_write(struct file *file, const char __user *user_buf,
110 struct ieee80211_local *local = file->private_data; 135 struct ieee80211_local *local = file->private_data;
111 136
112 rtnl_lock(); 137 rtnl_lock();
113 __ieee80211_suspend(&local->hw); 138 __ieee80211_suspend(&local->hw, NULL);
114 __ieee80211_resume(&local->hw); 139 __ieee80211_resume(&local->hw);
115 rtnl_unlock(); 140 rtnl_unlock();
116 141
@@ -120,18 +145,16 @@ static ssize_t reset_write(struct file *file, const char __user *user_buf,
120static const struct file_operations reset_ops = { 145static const struct file_operations reset_ops = {
121 .write = reset_write, 146 .write = reset_write,
122 .open = mac80211_open_file_generic, 147 .open = mac80211_open_file_generic,
148 .llseek = noop_llseek,
123}; 149};
124 150
125static ssize_t noack_read(struct file *file, char __user *user_buf, 151static ssize_t noack_read(struct file *file, char __user *user_buf,
126 size_t count, loff_t *ppos) 152 size_t count, loff_t *ppos)
127{ 153{
128 struct ieee80211_local *local = file->private_data; 154 struct ieee80211_local *local = file->private_data;
129 int res;
130 char buf[10];
131 155
132 res = scnprintf(buf, sizeof(buf), "%d\n", local->wifi_wme_noack_test); 156 return mac80211_format_buffer(user_buf, count, ppos, "%d\n",
133 157 local->wifi_wme_noack_test);
134 return simple_read_from_buffer(user_buf, count, ppos, buf, res);
135} 158}
136 159
137static ssize_t noack_write(struct file *file, 160static ssize_t noack_write(struct file *file,
@@ -155,19 +178,16 @@ static ssize_t noack_write(struct file *file,
155static const struct file_operations noack_ops = { 178static const struct file_operations noack_ops = {
156 .read = noack_read, 179 .read = noack_read,
157 .write = noack_write, 180 .write = noack_write,
158 .open = mac80211_open_file_generic 181 .open = mac80211_open_file_generic,
182 .llseek = default_llseek,
159}; 183};
160 184
161static ssize_t uapsd_queues_read(struct file *file, char __user *user_buf, 185static ssize_t uapsd_queues_read(struct file *file, char __user *user_buf,
162 size_t count, loff_t *ppos) 186 size_t count, loff_t *ppos)
163{ 187{
164 struct ieee80211_local *local = file->private_data; 188 struct ieee80211_local *local = file->private_data;
165 int res; 189 return mac80211_format_buffer(user_buf, count, ppos, "0x%x\n",
166 char buf[10]; 190 local->uapsd_queues);
167
168 res = scnprintf(buf, sizeof(buf), "0x%x\n", local->uapsd_queues);
169
170 return simple_read_from_buffer(user_buf, count, ppos, buf, res);
171} 191}
172 192
173static ssize_t uapsd_queues_write(struct file *file, 193static ssize_t uapsd_queues_write(struct file *file,
@@ -201,19 +221,17 @@ static ssize_t uapsd_queues_write(struct file *file,
201static const struct file_operations uapsd_queues_ops = { 221static const struct file_operations uapsd_queues_ops = {
202 .read = uapsd_queues_read, 222 .read = uapsd_queues_read,
203 .write = uapsd_queues_write, 223 .write = uapsd_queues_write,
204 .open = mac80211_open_file_generic 224 .open = mac80211_open_file_generic,
225 .llseek = default_llseek,
205}; 226};
206 227
207static ssize_t uapsd_max_sp_len_read(struct file *file, char __user *user_buf, 228static ssize_t uapsd_max_sp_len_read(struct file *file, char __user *user_buf,
208 size_t count, loff_t *ppos) 229 size_t count, loff_t *ppos)
209{ 230{
210 struct ieee80211_local *local = file->private_data; 231 struct ieee80211_local *local = file->private_data;
211 int res;
212 char buf[10];
213
214 res = scnprintf(buf, sizeof(buf), "0x%x\n", local->uapsd_max_sp_len);
215 232
216 return simple_read_from_buffer(user_buf, count, ppos, buf, res); 233 return mac80211_format_buffer(user_buf, count, ppos, "0x%x\n",
234 local->uapsd_max_sp_len);
217} 235}
218 236
219static ssize_t uapsd_max_sp_len_write(struct file *file, 237static ssize_t uapsd_max_sp_len_write(struct file *file,
@@ -247,7 +265,8 @@ static ssize_t uapsd_max_sp_len_write(struct file *file,
247static const struct file_operations uapsd_max_sp_len_ops = { 265static const struct file_operations uapsd_max_sp_len_ops = {
248 .read = uapsd_max_sp_len_read, 266 .read = uapsd_max_sp_len_read,
249 .write = uapsd_max_sp_len_write, 267 .write = uapsd_max_sp_len_write,
250 .open = mac80211_open_file_generic 268 .open = mac80211_open_file_generic,
269 .llseek = default_llseek,
251}; 270};
252 271
253static ssize_t channel_type_read(struct file *file, char __user *user_buf, 272static ssize_t channel_type_read(struct file *file, char __user *user_buf,
@@ -277,10 +296,70 @@ static ssize_t channel_type_read(struct file *file, char __user *user_buf,
277 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf)); 296 return simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
278} 297}
279 298
280static const struct file_operations channel_type_ops = { 299static ssize_t hwflags_read(struct file *file, char __user *user_buf,
281 .read = channel_type_read, 300 size_t count, loff_t *ppos)
282 .open = mac80211_open_file_generic 301{
283}; 302 struct ieee80211_local *local = file->private_data;
303 int mxln = 500;
304 ssize_t rv;
305 char *buf = kzalloc(mxln, GFP_KERNEL);
306 int sf = 0; /* how many written so far */
307
308 sf += snprintf(buf, mxln - sf, "0x%x\n", local->hw.flags);
309 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
310 sf += snprintf(buf + sf, mxln - sf, "HAS_RATE_CONTROL\n");
311 if (local->hw.flags & IEEE80211_HW_RX_INCLUDES_FCS)
312 sf += snprintf(buf + sf, mxln - sf, "RX_INCLUDES_FCS\n");
313 if (local->hw.flags & IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING)
314 sf += snprintf(buf + sf, mxln - sf,
315 "HOST_BCAST_PS_BUFFERING\n");
316 if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE)
317 sf += snprintf(buf + sf, mxln - sf,
318 "2GHZ_SHORT_SLOT_INCAPABLE\n");
319 if (local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE)
320 sf += snprintf(buf + sf, mxln - sf,
321 "2GHZ_SHORT_PREAMBLE_INCAPABLE\n");
322 if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
323 sf += snprintf(buf + sf, mxln - sf, "SIGNAL_UNSPEC\n");
324 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
325 sf += snprintf(buf + sf, mxln - sf, "SIGNAL_DBM\n");
326 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
327 sf += snprintf(buf + sf, mxln - sf, "NEED_DTIM_PERIOD\n");
328 if (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT)
329 sf += snprintf(buf + sf, mxln - sf, "SPECTRUM_MGMT\n");
330 if (local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)
331 sf += snprintf(buf + sf, mxln - sf, "AMPDU_AGGREGATION\n");
332 if (local->hw.flags & IEEE80211_HW_SUPPORTS_PS)
333 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PS\n");
334 if (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)
335 sf += snprintf(buf + sf, mxln - sf, "PS_NULLFUNC_STACK\n");
336 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_PS)
337 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_PS\n");
338 if (local->hw.flags & IEEE80211_HW_MFP_CAPABLE)
339 sf += snprintf(buf + sf, mxln - sf, "MFP_CAPABLE\n");
340 if (local->hw.flags & IEEE80211_HW_BEACON_FILTER)
341 sf += snprintf(buf + sf, mxln - sf, "BEACON_FILTER\n");
342 if (local->hw.flags & IEEE80211_HW_SUPPORTS_STATIC_SMPS)
343 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_STATIC_SMPS\n");
344 if (local->hw.flags & IEEE80211_HW_SUPPORTS_DYNAMIC_SMPS)
345 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_DYNAMIC_SMPS\n");
346 if (local->hw.flags & IEEE80211_HW_SUPPORTS_UAPSD)
347 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_UAPSD\n");
348 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
349 sf += snprintf(buf + sf, mxln - sf, "REPORTS_TX_ACK_STATUS\n");
350 if (local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
351 sf += snprintf(buf + sf, mxln - sf, "CONNECTION_MONITOR\n");
352 if (local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)
353 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_CQM_RSSI\n");
354 if (local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK)
355 sf += snprintf(buf + sf, mxln - sf, "SUPPORTS_PER_STA_GTK\n");
356 if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
357 sf += snprintf(buf + sf, mxln - sf, "AP_LINK_PS\n");
358
359 rv = simple_read_from_buffer(user_buf, count, ppos, buf, strlen(buf));
360 kfree(buf);
361 return rv;
362}
284 363
285static ssize_t queues_read(struct file *file, char __user *user_buf, 364static ssize_t queues_read(struct file *file, char __user *user_buf,
286 size_t count, loff_t *ppos) 365 size_t count, loff_t *ppos)
@@ -300,10 +379,9 @@ static ssize_t queues_read(struct file *file, char __user *user_buf,
300 return simple_read_from_buffer(user_buf, count, ppos, buf, res); 379 return simple_read_from_buffer(user_buf, count, ppos, buf, res);
301} 380}
302 381
303static const struct file_operations queues_ops = { 382DEBUGFS_READONLY_FILE_OPS(hwflags);
304 .read = queues_read, 383DEBUGFS_READONLY_FILE_OPS(channel_type);
305 .open = mac80211_open_file_generic 384DEBUGFS_READONLY_FILE_OPS(queues);
306};
307 385
308/* statistics stuff */ 386/* statistics stuff */
309 387
@@ -346,6 +424,7 @@ static ssize_t stats_ ##name## _read(struct file *file, \
346static const struct file_operations stats_ ##name## _ops = { \ 424static const struct file_operations stats_ ##name## _ops = { \
347 .read = stats_ ##name## _read, \ 425 .read = stats_ ##name## _read, \
348 .open = mac80211_open_file_generic, \ 426 .open = mac80211_open_file_generic, \
427 .llseek = generic_file_llseek, \
349}; 428};
350 429
351#define DEBUGFS_STATS_ADD(name, field) \ 430#define DEBUGFS_STATS_ADD(name, field) \
@@ -366,7 +445,6 @@ void debugfs_hw_add(struct ieee80211_local *local)
366 if (!phyd) 445 if (!phyd)
367 return; 446 return;
368 447
369 local->debugfs.stations = debugfs_create_dir("stations", phyd);
370 local->debugfs.keys = debugfs_create_dir("keys", phyd); 448 local->debugfs.keys = debugfs_create_dir("keys", phyd);
371 449
372 DEBUGFS_ADD(frequency); 450 DEBUGFS_ADD(frequency);
@@ -379,6 +457,9 @@ void debugfs_hw_add(struct ieee80211_local *local)
379 DEBUGFS_ADD(uapsd_queues); 457 DEBUGFS_ADD(uapsd_queues);
380 DEBUGFS_ADD(uapsd_max_sp_len); 458 DEBUGFS_ADD(uapsd_max_sp_len);
381 DEBUGFS_ADD(channel_type); 459 DEBUGFS_ADD(channel_type);
460 DEBUGFS_ADD(hwflags);
461 DEBUGFS_ADD(user_power);
462 DEBUGFS_ADD(power);
382 463
383 statsd = debugfs_create_dir("statistics", phyd); 464 statsd = debugfs_create_dir("statistics", phyd);
384 465
diff --git a/net/mac80211/debugfs.h b/net/mac80211/debugfs.h
index 09cc9be34796..7c87529630f5 100644
--- a/net/mac80211/debugfs.h
+++ b/net/mac80211/debugfs.h
@@ -4,6 +4,8 @@
4#ifdef CONFIG_MAC80211_DEBUGFS 4#ifdef CONFIG_MAC80211_DEBUGFS
5extern void debugfs_hw_add(struct ieee80211_local *local); 5extern void debugfs_hw_add(struct ieee80211_local *local);
6extern int mac80211_open_file_generic(struct inode *inode, struct file *file); 6extern int mac80211_open_file_generic(struct inode *inode, struct file *file);
7extern int mac80211_format_buffer(char __user *userbuf, size_t count,
8 loff_t *ppos, char *fmt, ...);
7#else 9#else
8static inline void debugfs_hw_add(struct ieee80211_local *local) 10static inline void debugfs_hw_add(struct ieee80211_local *local)
9{ 11{
diff --git a/net/mac80211/debugfs_key.c b/net/mac80211/debugfs_key.c
index fa5e76e658ef..33c58b85c911 100644
--- a/net/mac80211/debugfs_key.c
+++ b/net/mac80211/debugfs_key.c
@@ -15,37 +15,38 @@
15#include "debugfs.h" 15#include "debugfs.h"
16#include "debugfs_key.h" 16#include "debugfs_key.h"
17 17
18#define KEY_READ(name, prop, buflen, format_string) \ 18#define KEY_READ(name, prop, format_string) \
19static ssize_t key_##name##_read(struct file *file, \ 19static ssize_t key_##name##_read(struct file *file, \
20 char __user *userbuf, \ 20 char __user *userbuf, \
21 size_t count, loff_t *ppos) \ 21 size_t count, loff_t *ppos) \
22{ \ 22{ \
23 char buf[buflen]; \
24 struct ieee80211_key *key = file->private_data; \ 23 struct ieee80211_key *key = file->private_data; \
25 int res = scnprintf(buf, buflen, format_string, key->prop); \ 24 return mac80211_format_buffer(userbuf, count, ppos, \
26 return simple_read_from_buffer(userbuf, count, ppos, buf, res); \ 25 format_string, key->prop); \
27} 26}
28#define KEY_READ_D(name) KEY_READ(name, name, 20, "%d\n") 27#define KEY_READ_D(name) KEY_READ(name, name, "%d\n")
29#define KEY_READ_X(name) KEY_READ(name, name, 20, "0x%x\n") 28#define KEY_READ_X(name) KEY_READ(name, name, "0x%x\n")
30 29
31#define KEY_OPS(name) \ 30#define KEY_OPS(name) \
32static const struct file_operations key_ ##name## _ops = { \ 31static const struct file_operations key_ ##name## _ops = { \
33 .read = key_##name##_read, \ 32 .read = key_##name##_read, \
34 .open = mac80211_open_file_generic, \ 33 .open = mac80211_open_file_generic, \
34 .llseek = generic_file_llseek, \
35} 35}
36 36
37#define KEY_FILE(name, format) \ 37#define KEY_FILE(name, format) \
38 KEY_READ_##format(name) \ 38 KEY_READ_##format(name) \
39 KEY_OPS(name) 39 KEY_OPS(name)
40 40
41#define KEY_CONF_READ(name, buflen, format_string) \ 41#define KEY_CONF_READ(name, format_string) \
42 KEY_READ(conf_##name, conf.name, buflen, format_string) 42 KEY_READ(conf_##name, conf.name, format_string)
43#define KEY_CONF_READ_D(name) KEY_CONF_READ(name, 20, "%d\n") 43#define KEY_CONF_READ_D(name) KEY_CONF_READ(name, "%d\n")
44 44
45#define KEY_CONF_OPS(name) \ 45#define KEY_CONF_OPS(name) \
46static const struct file_operations key_ ##name## _ops = { \ 46static const struct file_operations key_ ##name## _ops = { \
47 .read = key_conf_##name##_read, \ 47 .read = key_conf_##name##_read, \
48 .open = mac80211_open_file_generic, \ 48 .open = mac80211_open_file_generic, \
49 .llseek = generic_file_llseek, \
49} 50}
50 51
51#define KEY_CONF_FILE(name, format) \ 52#define KEY_CONF_FILE(name, format) \
@@ -57,33 +58,20 @@ KEY_CONF_FILE(keyidx, D);
57KEY_CONF_FILE(hw_key_idx, D); 58KEY_CONF_FILE(hw_key_idx, D);
58KEY_FILE(flags, X); 59KEY_FILE(flags, X);
59KEY_FILE(tx_rx_count, D); 60KEY_FILE(tx_rx_count, D);
60KEY_READ(ifindex, sdata->name, IFNAMSIZ + 2, "%s\n"); 61KEY_READ(ifindex, sdata->name, "%s\n");
61KEY_OPS(ifindex); 62KEY_OPS(ifindex);
62 63
63static ssize_t key_algorithm_read(struct file *file, 64static ssize_t key_algorithm_read(struct file *file,
64 char __user *userbuf, 65 char __user *userbuf,
65 size_t count, loff_t *ppos) 66 size_t count, loff_t *ppos)
66{ 67{
67 char *alg; 68 char buf[15];
68 struct ieee80211_key *key = file->private_data; 69 struct ieee80211_key *key = file->private_data;
70 u32 c = key->conf.cipher;
69 71
70 switch (key->conf.alg) { 72 sprintf(buf, "%.2x-%.2x-%.2x:%d\n",
71 case ALG_WEP: 73 c >> 24, (c >> 16) & 0xff, (c >> 8) & 0xff, c & 0xff);
72 alg = "WEP\n"; 74 return simple_read_from_buffer(userbuf, count, ppos, buf, strlen(buf));
73 break;
74 case ALG_TKIP:
75 alg = "TKIP\n";
76 break;
77 case ALG_CCMP:
78 alg = "CCMP\n";
79 break;
80 case ALG_AES_CMAC:
81 alg = "AES-128-CMAC\n";
82 break;
83 default:
84 return 0;
85 }
86 return simple_read_from_buffer(userbuf, count, ppos, alg, strlen(alg));
87} 75}
88KEY_OPS(algorithm); 76KEY_OPS(algorithm);
89 77
@@ -95,21 +83,22 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,
95 int len; 83 int len;
96 struct ieee80211_key *key = file->private_data; 84 struct ieee80211_key *key = file->private_data;
97 85
98 switch (key->conf.alg) { 86 switch (key->conf.cipher) {
99 case ALG_WEP: 87 case WLAN_CIPHER_SUITE_WEP40:
88 case WLAN_CIPHER_SUITE_WEP104:
100 len = scnprintf(buf, sizeof(buf), "\n"); 89 len = scnprintf(buf, sizeof(buf), "\n");
101 break; 90 break;
102 case ALG_TKIP: 91 case WLAN_CIPHER_SUITE_TKIP:
103 len = scnprintf(buf, sizeof(buf), "%08x %04x\n", 92 len = scnprintf(buf, sizeof(buf), "%08x %04x\n",
104 key->u.tkip.tx.iv32, 93 key->u.tkip.tx.iv32,
105 key->u.tkip.tx.iv16); 94 key->u.tkip.tx.iv16);
106 break; 95 break;
107 case ALG_CCMP: 96 case WLAN_CIPHER_SUITE_CCMP:
108 tpn = key->u.ccmp.tx_pn; 97 tpn = key->u.ccmp.tx_pn;
109 len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", 98 len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
110 tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], tpn[5]); 99 tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], tpn[5]);
111 break; 100 break;
112 case ALG_AES_CMAC: 101 case WLAN_CIPHER_SUITE_AES_CMAC:
113 tpn = key->u.aes_cmac.tx_pn; 102 tpn = key->u.aes_cmac.tx_pn;
114 len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n", 103 len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",
115 tpn[0], tpn[1], tpn[2], tpn[3], tpn[4], 104 tpn[0], tpn[1], tpn[2], tpn[3], tpn[4],
@@ -130,11 +119,12 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
130 int i, len; 119 int i, len;
131 const u8 *rpn; 120 const u8 *rpn;
132 121
133 switch (key->conf.alg) { 122 switch (key->conf.cipher) {
134 case ALG_WEP: 123 case WLAN_CIPHER_SUITE_WEP40:
124 case WLAN_CIPHER_SUITE_WEP104:
135 len = scnprintf(buf, sizeof(buf), "\n"); 125 len = scnprintf(buf, sizeof(buf), "\n");
136 break; 126 break;
137 case ALG_TKIP: 127 case WLAN_CIPHER_SUITE_TKIP:
138 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 128 for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
139 p += scnprintf(p, sizeof(buf)+buf-p, 129 p += scnprintf(p, sizeof(buf)+buf-p,
140 "%08x %04x\n", 130 "%08x %04x\n",
@@ -142,7 +132,7 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
142 key->u.tkip.rx[i].iv16); 132 key->u.tkip.rx[i].iv16);
143 len = p - buf; 133 len = p - buf;
144 break; 134 break;
145 case ALG_CCMP: 135 case WLAN_CIPHER_SUITE_CCMP:
146 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++) { 136 for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++) {
147 rpn = key->u.ccmp.rx_pn[i]; 137 rpn = key->u.ccmp.rx_pn[i];
148 p += scnprintf(p, sizeof(buf)+buf-p, 138 p += scnprintf(p, sizeof(buf)+buf-p,
@@ -152,7 +142,7 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
152 } 142 }
153 len = p - buf; 143 len = p - buf;
154 break; 144 break;
155 case ALG_AES_CMAC: 145 case WLAN_CIPHER_SUITE_AES_CMAC:
156 rpn = key->u.aes_cmac.rx_pn; 146 rpn = key->u.aes_cmac.rx_pn;
157 p += scnprintf(p, sizeof(buf)+buf-p, 147 p += scnprintf(p, sizeof(buf)+buf-p,
158 "%02x%02x%02x%02x%02x%02x\n", 148 "%02x%02x%02x%02x%02x%02x\n",
@@ -174,11 +164,11 @@ static ssize_t key_replays_read(struct file *file, char __user *userbuf,
174 char buf[20]; 164 char buf[20];
175 int len; 165 int len;
176 166
177 switch (key->conf.alg) { 167 switch (key->conf.cipher) {
178 case ALG_CCMP: 168 case WLAN_CIPHER_SUITE_CCMP:
179 len = scnprintf(buf, sizeof(buf), "%u\n", key->u.ccmp.replays); 169 len = scnprintf(buf, sizeof(buf), "%u\n", key->u.ccmp.replays);
180 break; 170 break;
181 case ALG_AES_CMAC: 171 case WLAN_CIPHER_SUITE_AES_CMAC:
182 len = scnprintf(buf, sizeof(buf), "%u\n", 172 len = scnprintf(buf, sizeof(buf), "%u\n",
183 key->u.aes_cmac.replays); 173 key->u.aes_cmac.replays);
184 break; 174 break;
@@ -196,8 +186,8 @@ static ssize_t key_icverrors_read(struct file *file, char __user *userbuf,
196 char buf[20]; 186 char buf[20];
197 int len; 187 int len;
198 188
199 switch (key->conf.alg) { 189 switch (key->conf.cipher) {
200 case ALG_AES_CMAC: 190 case WLAN_CIPHER_SUITE_AES_CMAC:
201 len = scnprintf(buf, sizeof(buf), "%u\n", 191 len = scnprintf(buf, sizeof(buf), "%u\n",
202 key->u.aes_cmac.icverrors); 192 key->u.aes_cmac.icverrors);
203 break; 193 break;
@@ -212,9 +202,13 @@ static ssize_t key_key_read(struct file *file, char __user *userbuf,
212 size_t count, loff_t *ppos) 202 size_t count, loff_t *ppos)
213{ 203{
214 struct ieee80211_key *key = file->private_data; 204 struct ieee80211_key *key = file->private_data;
215 int i, res, bufsize = 2 * key->conf.keylen + 2; 205 int i, bufsize = 2 * key->conf.keylen + 2;
216 char *buf = kmalloc(bufsize, GFP_KERNEL); 206 char *buf = kmalloc(bufsize, GFP_KERNEL);
217 char *p = buf; 207 char *p = buf;
208 ssize_t res;
209
210 if (!buf)
211 return -ENOMEM;
218 212
219 for (i = 0; i < key->conf.keylen; i++) 213 for (i = 0; i < key->conf.keylen; i++)
220 p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]); 214 p += scnprintf(p, bufsize + buf - p, "%02x", key->conf.key[i]);
@@ -247,16 +241,12 @@ void ieee80211_debugfs_key_add(struct ieee80211_key *key)
247 if (!key->debugfs.dir) 241 if (!key->debugfs.dir)
248 return; 242 return;
249 243
250 rcu_read_lock(); 244 sta = key->sta;
251 sta = rcu_dereference(key->sta); 245 if (sta) {
252 if (sta)
253 sprintf(buf, "../../stations/%pM", sta->sta.addr); 246 sprintf(buf, "../../stations/%pM", sta->sta.addr);
254 rcu_read_unlock();
255
256 /* using sta as a boolean is fine outside RCU lock */
257 if (sta)
258 key->debugfs.stalink = 247 key->debugfs.stalink =
259 debugfs_create_symlink("station", key->debugfs.dir, buf); 248 debugfs_create_symlink("station", key->debugfs.dir, buf);
249 }
260 250
261 DEBUGFS_ADD(keylen); 251 DEBUGFS_ADD(keylen);
262 DEBUGFS_ADD(flags); 252 DEBUGFS_ADD(flags);
@@ -280,7 +270,8 @@ void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
280 debugfs_remove_recursive(key->debugfs.dir); 270 debugfs_remove_recursive(key->debugfs.dir);
281 key->debugfs.dir = NULL; 271 key->debugfs.dir = NULL;
282} 272}
283void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata) 273
274void ieee80211_debugfs_key_update_default(struct ieee80211_sub_if_data *sdata)
284{ 275{
285 char buf[50]; 276 char buf[50];
286 struct ieee80211_key *key; 277 struct ieee80211_key *key;
@@ -288,25 +279,31 @@ void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata)
288 if (!sdata->debugfs.dir) 279 if (!sdata->debugfs.dir)
289 return; 280 return;
290 281
291 /* this is running under the key lock */ 282 lockdep_assert_held(&sdata->local->key_mtx);
292 283
293 key = sdata->default_key; 284 if (sdata->default_unicast_key) {
294 if (key) { 285 key = key_mtx_dereference(sdata->local,
286 sdata->default_unicast_key);
295 sprintf(buf, "../keys/%d", key->debugfs.cnt); 287 sprintf(buf, "../keys/%d", key->debugfs.cnt);
296 sdata->debugfs.default_key = 288 sdata->debugfs.default_unicast_key =
297 debugfs_create_symlink("default_key", 289 debugfs_create_symlink("default_unicast_key",
298 sdata->debugfs.dir, buf); 290 sdata->debugfs.dir, buf);
299 } else 291 } else {
300 ieee80211_debugfs_key_remove_default(sdata); 292 debugfs_remove(sdata->debugfs.default_unicast_key);
301} 293 sdata->debugfs.default_unicast_key = NULL;
302 294 }
303void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata)
304{
305 if (!sdata)
306 return;
307 295
308 debugfs_remove(sdata->debugfs.default_key); 296 if (sdata->default_multicast_key) {
309 sdata->debugfs.default_key = NULL; 297 key = key_mtx_dereference(sdata->local,
298 sdata->default_multicast_key);
299 sprintf(buf, "../keys/%d", key->debugfs.cnt);
300 sdata->debugfs.default_multicast_key =
301 debugfs_create_symlink("default_multicast_key",
302 sdata->debugfs.dir, buf);
303 } else {
304 debugfs_remove(sdata->debugfs.default_multicast_key);
305 sdata->debugfs.default_multicast_key = NULL;
306 }
310} 307}
311 308
312void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata) 309void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
@@ -317,9 +314,8 @@ void ieee80211_debugfs_key_add_mgmt_default(struct ieee80211_sub_if_data *sdata)
317 if (!sdata->debugfs.dir) 314 if (!sdata->debugfs.dir)
318 return; 315 return;
319 316
320 /* this is running under the key lock */ 317 key = key_mtx_dereference(sdata->local,
321 318 sdata->default_mgmt_key);
322 key = sdata->default_mgmt_key;
323 if (key) { 319 if (key) {
324 sprintf(buf, "../keys/%d", key->debugfs.cnt); 320 sprintf(buf, "../keys/%d", key->debugfs.cnt);
325 sdata->debugfs.default_mgmt_key = 321 sdata->debugfs.default_mgmt_key =
diff --git a/net/mac80211/debugfs_key.h b/net/mac80211/debugfs_key.h
index 54717b4e1371..32adc77e9c77 100644
--- a/net/mac80211/debugfs_key.h
+++ b/net/mac80211/debugfs_key.h
@@ -4,8 +4,7 @@
4#ifdef CONFIG_MAC80211_DEBUGFS 4#ifdef CONFIG_MAC80211_DEBUGFS
5void ieee80211_debugfs_key_add(struct ieee80211_key *key); 5void ieee80211_debugfs_key_add(struct ieee80211_key *key);
6void ieee80211_debugfs_key_remove(struct ieee80211_key *key); 6void ieee80211_debugfs_key_remove(struct ieee80211_key *key);
7void ieee80211_debugfs_key_add_default(struct ieee80211_sub_if_data *sdata); 7void ieee80211_debugfs_key_update_default(struct ieee80211_sub_if_data *sdata);
8void ieee80211_debugfs_key_remove_default(struct ieee80211_sub_if_data *sdata);
9void ieee80211_debugfs_key_add_mgmt_default( 8void ieee80211_debugfs_key_add_mgmt_default(
10 struct ieee80211_sub_if_data *sdata); 9 struct ieee80211_sub_if_data *sdata);
11void ieee80211_debugfs_key_remove_mgmt_default( 10void ieee80211_debugfs_key_remove_mgmt_default(
@@ -17,10 +16,7 @@ static inline void ieee80211_debugfs_key_add(struct ieee80211_key *key)
17{} 16{}
18static inline void ieee80211_debugfs_key_remove(struct ieee80211_key *key) 17static inline void ieee80211_debugfs_key_remove(struct ieee80211_key *key)
19{} 18{}
20static inline void ieee80211_debugfs_key_add_default( 19static inline void ieee80211_debugfs_key_update_default(
21 struct ieee80211_sub_if_data *sdata)
22{}
23static inline void ieee80211_debugfs_key_remove_default(
24 struct ieee80211_sub_if_data *sdata) 20 struct ieee80211_sub_if_data *sdata)
25{} 21{}
26static inline void ieee80211_debugfs_key_add_mgmt_default( 22static inline void ieee80211_debugfs_key_add_mgmt_default(
diff --git a/net/mac80211/debugfs_netdev.c b/net/mac80211/debugfs_netdev.c
index 20b2998fa0ed..9ea7c0d0103f 100644
--- a/net/mac80211/debugfs_netdev.c
+++ b/net/mac80211/debugfs_netdev.c
@@ -36,7 +36,7 @@ static ssize_t ieee80211_if_read(
36 ret = (*format)(sdata, buf, sizeof(buf)); 36 ret = (*format)(sdata, buf, sizeof(buf));
37 read_unlock(&dev_base_lock); 37 read_unlock(&dev_base_lock);
38 38
39 if (ret != -EINVAL) 39 if (ret >= 0)
40 ret = simple_read_from_buffer(userbuf, count, ppos, buf, ret); 40 ret = simple_read_from_buffer(userbuf, count, ppos, buf, ret);
41 41
42 return ret; 42 return ret;
@@ -81,6 +81,8 @@ static ssize_t ieee80211_if_fmt_##name( \
81 IEEE80211_IF_FMT(name, field, "%d\n") 81 IEEE80211_IF_FMT(name, field, "%d\n")
82#define IEEE80211_IF_FMT_HEX(name, field) \ 82#define IEEE80211_IF_FMT_HEX(name, field) \
83 IEEE80211_IF_FMT(name, field, "%#x\n") 83 IEEE80211_IF_FMT(name, field, "%#x\n")
84#define IEEE80211_IF_FMT_LHEX(name, field) \
85 IEEE80211_IF_FMT(name, field, "%#lx\n")
84#define IEEE80211_IF_FMT_SIZE(name, field) \ 86#define IEEE80211_IF_FMT_SIZE(name, field) \
85 IEEE80211_IF_FMT(name, field, "%zd\n") 87 IEEE80211_IF_FMT(name, field, "%zd\n")
86 88
@@ -121,6 +123,7 @@ static const struct file_operations name##_ops = { \
121 .read = ieee80211_if_read_##name, \ 123 .read = ieee80211_if_read_##name, \
122 .write = (_write), \ 124 .write = (_write), \
123 .open = mac80211_open_file_generic, \ 125 .open = mac80211_open_file_generic, \
126 .llseek = generic_file_llseek, \
124} 127}
125 128
126#define __IEEE80211_IF_FILE_W(name) \ 129#define __IEEE80211_IF_FILE_W(name) \
@@ -144,6 +147,9 @@ IEEE80211_IF_FILE(rc_rateidx_mask_2ghz, rc_rateidx_mask[IEEE80211_BAND_2GHZ],
144 HEX); 147 HEX);
145IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ], 148IEEE80211_IF_FILE(rc_rateidx_mask_5ghz, rc_rateidx_mask[IEEE80211_BAND_5GHZ],
146 HEX); 149 HEX);
150IEEE80211_IF_FILE(flags, flags, HEX);
151IEEE80211_IF_FILE(state, state, LHEX);
152IEEE80211_IF_FILE(channel_type, vif.bss_conf.channel_type, DEC);
147 153
148/* STA attributes */ 154/* STA attributes */
149IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC); 155IEEE80211_IF_FILE(bssid, u.mgd.bssid, MAC);
@@ -171,9 +177,9 @@ static int ieee80211_set_smps(struct ieee80211_sub_if_data *sdata,
171 if (sdata->vif.type != NL80211_IFTYPE_STATION) 177 if (sdata->vif.type != NL80211_IFTYPE_STATION)
172 return -EOPNOTSUPP; 178 return -EOPNOTSUPP;
173 179
174 mutex_lock(&local->iflist_mtx); 180 mutex_lock(&sdata->u.mgd.mtx);
175 err = __ieee80211_request_smps(sdata, smps_mode); 181 err = __ieee80211_request_smps(sdata, smps_mode);
176 mutex_unlock(&local->iflist_mtx); 182 mutex_unlock(&sdata->u.mgd.mtx);
177 183
178 return err; 184 return err;
179} 185}
@@ -215,6 +221,104 @@ static ssize_t ieee80211_if_parse_smps(struct ieee80211_sub_if_data *sdata,
215 221
216__IEEE80211_IF_FILE_W(smps); 222__IEEE80211_IF_FILE_W(smps);
217 223
224static ssize_t ieee80211_if_fmt_tkip_mic_test(
225 const struct ieee80211_sub_if_data *sdata, char *buf, int buflen)
226{
227 return -EOPNOTSUPP;
228}
229
230static int hwaddr_aton(const char *txt, u8 *addr)
231{
232 int i;
233
234 for (i = 0; i < ETH_ALEN; i++) {
235 int a, b;
236
237 a = hex_to_bin(*txt++);
238 if (a < 0)
239 return -1;
240 b = hex_to_bin(*txt++);
241 if (b < 0)
242 return -1;
243 *addr++ = (a << 4) | b;
244 if (i < 5 && *txt++ != ':')
245 return -1;
246 }
247
248 return 0;
249}
250
251static ssize_t ieee80211_if_parse_tkip_mic_test(
252 struct ieee80211_sub_if_data *sdata, const char *buf, int buflen)
253{
254 struct ieee80211_local *local = sdata->local;
255 u8 addr[ETH_ALEN];
256 struct sk_buff *skb;
257 struct ieee80211_hdr *hdr;
258 __le16 fc;
259
260 /*
261 * Assume colon-delimited MAC address with possible white space
262 * following.
263 */
264 if (buflen < 3 * ETH_ALEN - 1)
265 return -EINVAL;
266 if (hwaddr_aton(buf, addr) < 0)
267 return -EINVAL;
268
269 if (!ieee80211_sdata_running(sdata))
270 return -ENOTCONN;
271
272 skb = dev_alloc_skb(local->hw.extra_tx_headroom + 24 + 100);
273 if (!skb)
274 return -ENOMEM;
275 skb_reserve(skb, local->hw.extra_tx_headroom);
276
277 hdr = (struct ieee80211_hdr *) skb_put(skb, 24);
278 memset(hdr, 0, 24);
279 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
280
281 switch (sdata->vif.type) {
282 case NL80211_IFTYPE_AP:
283 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
284 /* DA BSSID SA */
285 memcpy(hdr->addr1, addr, ETH_ALEN);
286 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
287 memcpy(hdr->addr3, sdata->vif.addr, ETH_ALEN);
288 break;
289 case NL80211_IFTYPE_STATION:
290 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
291 /* BSSID SA DA */
292 if (sdata->vif.bss_conf.bssid == NULL) {
293 dev_kfree_skb(skb);
294 return -ENOTCONN;
295 }
296 memcpy(hdr->addr1, sdata->vif.bss_conf.bssid, ETH_ALEN);
297 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
298 memcpy(hdr->addr3, addr, ETH_ALEN);
299 break;
300 default:
301 dev_kfree_skb(skb);
302 return -EOPNOTSUPP;
303 }
304 hdr->frame_control = fc;
305
306 /*
307 * Add some length to the test frame to make it look bit more valid.
308 * The exact contents does not matter since the recipient is required
309 * to drop this because of the Michael MIC failure.
310 */
311 memset(skb_put(skb, 50), 0, 50);
312
313 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_TKIP_MIC_FAILURE;
314
315 ieee80211_tx_skb(sdata, skb);
316
317 return buflen;
318}
319
320__IEEE80211_IF_FILE_W(tkip_mic_test);
321
218/* AP attributes */ 322/* AP attributes */
219IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC); 323IEEE80211_IF_FILE(num_sta_ps, u.ap.num_sta_ps, ATOMIC);
220IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC); 324IEEE80211_IF_FILE(dtim_count, u.ap.dtim_count, DEC);
@@ -250,6 +354,7 @@ IEEE80211_IF_FILE(dot11MeshConfirmTimeout,
250IEEE80211_IF_FILE(dot11MeshHoldingTimeout, 354IEEE80211_IF_FILE(dot11MeshHoldingTimeout,
251 u.mesh.mshcfg.dot11MeshHoldingTimeout, DEC); 355 u.mesh.mshcfg.dot11MeshHoldingTimeout, DEC);
252IEEE80211_IF_FILE(dot11MeshTTL, u.mesh.mshcfg.dot11MeshTTL, DEC); 356IEEE80211_IF_FILE(dot11MeshTTL, u.mesh.mshcfg.dot11MeshTTL, DEC);
357IEEE80211_IF_FILE(element_ttl, u.mesh.mshcfg.element_ttl, DEC);
253IEEE80211_IF_FILE(auto_open_plinks, u.mesh.mshcfg.auto_open_plinks, DEC); 358IEEE80211_IF_FILE(auto_open_plinks, u.mesh.mshcfg.auto_open_plinks, DEC);
254IEEE80211_IF_FILE(dot11MeshMaxPeerLinks, 359IEEE80211_IF_FILE(dot11MeshMaxPeerLinks,
255 u.mesh.mshcfg.dot11MeshMaxPeerLinks, DEC); 360 u.mesh.mshcfg.dot11MeshMaxPeerLinks, DEC);
@@ -281,6 +386,9 @@ IEEE80211_IF_FILE(dot11MeshHWMPRootMode,
281static void add_sta_files(struct ieee80211_sub_if_data *sdata) 386static void add_sta_files(struct ieee80211_sub_if_data *sdata)
282{ 387{
283 DEBUGFS_ADD(drop_unencrypted); 388 DEBUGFS_ADD(drop_unencrypted);
389 DEBUGFS_ADD(flags);
390 DEBUGFS_ADD(state);
391 DEBUGFS_ADD(channel_type);
284 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 392 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
285 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 393 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
286 394
@@ -289,22 +397,30 @@ static void add_sta_files(struct ieee80211_sub_if_data *sdata)
289 DEBUGFS_ADD(last_beacon); 397 DEBUGFS_ADD(last_beacon);
290 DEBUGFS_ADD(ave_beacon); 398 DEBUGFS_ADD(ave_beacon);
291 DEBUGFS_ADD_MODE(smps, 0600); 399 DEBUGFS_ADD_MODE(smps, 0600);
400 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
292} 401}
293 402
294static void add_ap_files(struct ieee80211_sub_if_data *sdata) 403static void add_ap_files(struct ieee80211_sub_if_data *sdata)
295{ 404{
296 DEBUGFS_ADD(drop_unencrypted); 405 DEBUGFS_ADD(drop_unencrypted);
406 DEBUGFS_ADD(flags);
407 DEBUGFS_ADD(state);
408 DEBUGFS_ADD(channel_type);
297 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 409 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
298 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 410 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
299 411
300 DEBUGFS_ADD(num_sta_ps); 412 DEBUGFS_ADD(num_sta_ps);
301 DEBUGFS_ADD(dtim_count); 413 DEBUGFS_ADD(dtim_count);
302 DEBUGFS_ADD(num_buffered_multicast); 414 DEBUGFS_ADD(num_buffered_multicast);
415 DEBUGFS_ADD_MODE(tkip_mic_test, 0200);
303} 416}
304 417
305static void add_wds_files(struct ieee80211_sub_if_data *sdata) 418static void add_wds_files(struct ieee80211_sub_if_data *sdata)
306{ 419{
307 DEBUGFS_ADD(drop_unencrypted); 420 DEBUGFS_ADD(drop_unencrypted);
421 DEBUGFS_ADD(flags);
422 DEBUGFS_ADD(state);
423 DEBUGFS_ADD(channel_type);
308 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 424 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
309 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 425 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
310 426
@@ -314,12 +430,18 @@ static void add_wds_files(struct ieee80211_sub_if_data *sdata)
314static void add_vlan_files(struct ieee80211_sub_if_data *sdata) 430static void add_vlan_files(struct ieee80211_sub_if_data *sdata)
315{ 431{
316 DEBUGFS_ADD(drop_unencrypted); 432 DEBUGFS_ADD(drop_unencrypted);
433 DEBUGFS_ADD(flags);
434 DEBUGFS_ADD(state);
435 DEBUGFS_ADD(channel_type);
317 DEBUGFS_ADD(rc_rateidx_mask_2ghz); 436 DEBUGFS_ADD(rc_rateidx_mask_2ghz);
318 DEBUGFS_ADD(rc_rateidx_mask_5ghz); 437 DEBUGFS_ADD(rc_rateidx_mask_5ghz);
319} 438}
320 439
321static void add_monitor_files(struct ieee80211_sub_if_data *sdata) 440static void add_monitor_files(struct ieee80211_sub_if_data *sdata)
322{ 441{
442 DEBUGFS_ADD(flags);
443 DEBUGFS_ADD(state);
444 DEBUGFS_ADD(channel_type);
323} 445}
324 446
325#ifdef CONFIG_MAC80211_MESH 447#ifdef CONFIG_MAC80211_MESH
@@ -354,6 +476,7 @@ static void add_mesh_config(struct ieee80211_sub_if_data *sdata)
354 MESHPARAMS_ADD(dot11MeshConfirmTimeout); 476 MESHPARAMS_ADD(dot11MeshConfirmTimeout);
355 MESHPARAMS_ADD(dot11MeshHoldingTimeout); 477 MESHPARAMS_ADD(dot11MeshHoldingTimeout);
356 MESHPARAMS_ADD(dot11MeshTTL); 478 MESHPARAMS_ADD(dot11MeshTTL);
479 MESHPARAMS_ADD(element_ttl);
357 MESHPARAMS_ADD(auto_open_plinks); 480 MESHPARAMS_ADD(auto_open_plinks);
358 MESHPARAMS_ADD(dot11MeshMaxPeerLinks); 481 MESHPARAMS_ADD(dot11MeshMaxPeerLinks);
359 MESHPARAMS_ADD(dot11MeshHWMPactivePathTimeout); 482 MESHPARAMS_ADD(dot11MeshHWMPactivePathTimeout);
@@ -409,6 +532,9 @@ void ieee80211_debugfs_add_netdev(struct ieee80211_sub_if_data *sdata)
409 sprintf(buf, "netdev:%s", sdata->name); 532 sprintf(buf, "netdev:%s", sdata->name);
410 sdata->debugfs.dir = debugfs_create_dir(buf, 533 sdata->debugfs.dir = debugfs_create_dir(buf,
411 sdata->local->hw.wiphy->debugfsdir); 534 sdata->local->hw.wiphy->debugfsdir);
535 if (sdata->debugfs.dir)
536 sdata->debugfs.subdir_stations = debugfs_create_dir("stations",
537 sdata->debugfs.dir);
412 add_files(sdata); 538 add_files(sdata);
413} 539}
414 540
diff --git a/net/mac80211/debugfs_sta.c b/net/mac80211/debugfs_sta.c
index 76839d4dfaac..a01d2137fddc 100644
--- a/net/mac80211/debugfs_sta.c
+++ b/net/mac80211/debugfs_sta.c
@@ -17,25 +17,24 @@
17 17
18/* sta attributtes */ 18/* sta attributtes */
19 19
20#define STA_READ(name, buflen, field, format_string) \ 20#define STA_READ(name, field, format_string) \
21static ssize_t sta_ ##name## _read(struct file *file, \ 21static ssize_t sta_ ##name## _read(struct file *file, \
22 char __user *userbuf, \ 22 char __user *userbuf, \
23 size_t count, loff_t *ppos) \ 23 size_t count, loff_t *ppos) \
24{ \ 24{ \
25 int res; \
26 struct sta_info *sta = file->private_data; \ 25 struct sta_info *sta = file->private_data; \
27 char buf[buflen]; \ 26 return mac80211_format_buffer(userbuf, count, ppos, \
28 res = scnprintf(buf, buflen, format_string, sta->field); \ 27 format_string, sta->field); \
29 return simple_read_from_buffer(userbuf, count, ppos, buf, res); \
30} 28}
31#define STA_READ_D(name, field) STA_READ(name, 20, field, "%d\n") 29#define STA_READ_D(name, field) STA_READ(name, field, "%d\n")
32#define STA_READ_U(name, field) STA_READ(name, 20, field, "%u\n") 30#define STA_READ_U(name, field) STA_READ(name, field, "%u\n")
33#define STA_READ_S(name, field) STA_READ(name, 20, field, "%s\n") 31#define STA_READ_S(name, field) STA_READ(name, field, "%s\n")
34 32
35#define STA_OPS(name) \ 33#define STA_OPS(name) \
36static const struct file_operations sta_ ##name## _ops = { \ 34static const struct file_operations sta_ ##name## _ops = { \
37 .read = sta_##name##_read, \ 35 .read = sta_##name##_read, \
38 .open = mac80211_open_file_generic, \ 36 .open = mac80211_open_file_generic, \
37 .llseek = generic_file_llseek, \
39} 38}
40 39
41#define STA_OPS_RW(name) \ 40#define STA_OPS_RW(name) \
@@ -43,6 +42,7 @@ static const struct file_operations sta_ ##name## _ops = { \
43 .read = sta_##name##_read, \ 42 .read = sta_##name##_read, \
44 .write = sta_##name##_write, \ 43 .write = sta_##name##_write, \
45 .open = mac80211_open_file_generic, \ 44 .open = mac80211_open_file_generic, \
45 .llseek = generic_file_llseek, \
46} 46}
47 47
48#define STA_FILE(name, field, format) \ 48#define STA_FILE(name, field, format) \
@@ -77,25 +77,46 @@ static ssize_t sta_num_ps_buf_frames_read(struct file *file,
77 char __user *userbuf, 77 char __user *userbuf,
78 size_t count, loff_t *ppos) 78 size_t count, loff_t *ppos)
79{ 79{
80 char buf[20];
81 struct sta_info *sta = file->private_data; 80 struct sta_info *sta = file->private_data;
82 int res = scnprintf(buf, sizeof(buf), "%u\n", 81 return mac80211_format_buffer(userbuf, count, ppos, "%u\n",
83 skb_queue_len(&sta->ps_tx_buf)); 82 skb_queue_len(&sta->ps_tx_buf));
84 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
85} 83}
86STA_OPS(num_ps_buf_frames); 84STA_OPS(num_ps_buf_frames);
87 85
88static ssize_t sta_inactive_ms_read(struct file *file, char __user *userbuf, 86static ssize_t sta_inactive_ms_read(struct file *file, char __user *userbuf,
89 size_t count, loff_t *ppos) 87 size_t count, loff_t *ppos)
90{ 88{
91 char buf[20];
92 struct sta_info *sta = file->private_data; 89 struct sta_info *sta = file->private_data;
93 int res = scnprintf(buf, sizeof(buf), "%d\n", 90 return mac80211_format_buffer(userbuf, count, ppos, "%d\n",
94 jiffies_to_msecs(jiffies - sta->last_rx)); 91 jiffies_to_msecs(jiffies - sta->last_rx));
95 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
96} 92}
97STA_OPS(inactive_ms); 93STA_OPS(inactive_ms);
98 94
95
96static ssize_t sta_connected_time_read(struct file *file, char __user *userbuf,
97 size_t count, loff_t *ppos)
98{
99 struct sta_info *sta = file->private_data;
100 struct timespec uptime;
101 struct tm result;
102 long connected_time_secs;
103 char buf[100];
104 int res;
105 do_posix_clock_monotonic_gettime(&uptime);
106 connected_time_secs = uptime.tv_sec - sta->last_connected;
107 time_to_tm(connected_time_secs, 0, &result);
108 result.tm_year -= 70;
109 result.tm_mday -= 1;
110 res = scnprintf(buf, sizeof(buf),
111 "years - %ld\nmonths - %d\ndays - %d\nclock - %d:%d:%d\n\n",
112 result.tm_year, result.tm_mon, result.tm_mday,
113 result.tm_hour, result.tm_min, result.tm_sec);
114 return simple_read_from_buffer(userbuf, count, ppos, buf, res);
115}
116STA_OPS(connected_time);
117
118
119
99static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf, 120static ssize_t sta_last_seq_ctrl_read(struct file *file, char __user *userbuf,
100 size_t count, loff_t *ppos) 121 size_t count, loff_t *ppos)
101{ 122{
@@ -116,34 +137,35 @@ static ssize_t sta_agg_status_read(struct file *file, char __user *userbuf,
116 char buf[71 + STA_TID_NUM * 40], *p = buf; 137 char buf[71 + STA_TID_NUM * 40], *p = buf;
117 int i; 138 int i;
118 struct sta_info *sta = file->private_data; 139 struct sta_info *sta = file->private_data;
140 struct tid_ampdu_rx *tid_rx;
141 struct tid_ampdu_tx *tid_tx;
142
143 rcu_read_lock();
119 144
120 spin_lock_bh(&sta->lock);
121 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n", 145 p += scnprintf(p, sizeof(buf) + buf - p, "next dialog_token: %#02x\n",
122 sta->ampdu_mlme.dialog_token_allocator + 1); 146 sta->ampdu_mlme.dialog_token_allocator + 1);
123 p += scnprintf(p, sizeof(buf) + buf - p, 147 p += scnprintf(p, sizeof(buf) + buf - p,
124 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tpending\n"); 148 "TID\t\tRX active\tDTKN\tSSN\t\tTX\tDTKN\tpending\n");
149
125 for (i = 0; i < STA_TID_NUM; i++) { 150 for (i = 0; i < STA_TID_NUM; i++) {
151 tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[i]);
152 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[i]);
153
126 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i); 154 p += scnprintf(p, sizeof(buf) + buf - p, "%02d", i);
127 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 155 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", !!tid_rx);
128 !!sta->ampdu_mlme.tid_rx[i]);
129 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x", 156 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
130 sta->ampdu_mlme.tid_rx[i] ? 157 tid_rx ? tid_rx->dialog_token : 0);
131 sta->ampdu_mlme.tid_rx[i]->dialog_token : 0);
132 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x", 158 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.3x",
133 sta->ampdu_mlme.tid_rx[i] ? 159 tid_rx ? tid_rx->ssn : 0);
134 sta->ampdu_mlme.tid_rx[i]->ssn : 0);
135 160
136 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", 161 p += scnprintf(p, sizeof(buf) + buf - p, "\t\t%x", !!tid_tx);
137 !!sta->ampdu_mlme.tid_tx[i]);
138 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x", 162 p += scnprintf(p, sizeof(buf) + buf - p, "\t%#.2x",
139 sta->ampdu_mlme.tid_tx[i] ? 163 tid_tx ? tid_tx->dialog_token : 0);
140 sta->ampdu_mlme.tid_tx[i]->dialog_token : 0);
141 p += scnprintf(p, sizeof(buf) + buf - p, "\t%03d", 164 p += scnprintf(p, sizeof(buf) + buf - p, "\t%03d",
142 sta->ampdu_mlme.tid_tx[i] ? 165 tid_tx ? skb_queue_len(&tid_tx->pending) : 0);
143 skb_queue_len(&sta->ampdu_mlme.tid_tx[i]->pending) : 0);
144 p += scnprintf(p, sizeof(buf) + buf - p, "\n"); 166 p += scnprintf(p, sizeof(buf) + buf - p, "\n");
145 } 167 }
146 spin_unlock_bh(&sta->lock); 168 rcu_read_unlock();
147 169
148 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf); 170 return simple_read_from_buffer(userbuf, count, ppos, buf, p - buf);
149} 171}
@@ -192,11 +214,12 @@ static ssize_t sta_agg_status_write(struct file *file, const char __user *userbu
192 214
193 if (tx) { 215 if (tx) {
194 if (start) 216 if (start)
195 ret = ieee80211_start_tx_ba_session(&sta->sta, tid); 217 ret = ieee80211_start_tx_ba_session(&sta->sta, tid, 5000);
196 else 218 else
197 ret = ieee80211_stop_tx_ba_session(&sta->sta, tid); 219 ret = ieee80211_stop_tx_ba_session(&sta->sta, tid);
198 } else { 220 } else {
199 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 3); 221 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
222 3, true);
200 ret = 0; 223 ret = 0;
201 } 224 }
202 225
@@ -300,7 +323,7 @@ STA_OPS(ht_capa);
300 323
301void ieee80211_sta_debugfs_add(struct sta_info *sta) 324void ieee80211_sta_debugfs_add(struct sta_info *sta)
302{ 325{
303 struct dentry *stations_dir = sta->local->debugfs.stations; 326 struct dentry *stations_dir = sta->sdata->debugfs.subdir_stations;
304 u8 mac[3*ETH_ALEN]; 327 u8 mac[3*ETH_ALEN];
305 328
306 sta->debugfs.add_has_run = true; 329 sta->debugfs.add_has_run = true;
@@ -326,6 +349,7 @@ void ieee80211_sta_debugfs_add(struct sta_info *sta)
326 DEBUGFS_ADD(flags); 349 DEBUGFS_ADD(flags);
327 DEBUGFS_ADD(num_ps_buf_frames); 350 DEBUGFS_ADD(num_ps_buf_frames);
328 DEBUGFS_ADD(inactive_ms); 351 DEBUGFS_ADD(inactive_ms);
352 DEBUGFS_ADD(connected_time);
329 DEBUGFS_ADD(last_seq_ctrl); 353 DEBUGFS_ADD(last_seq_ctrl);
330 DEBUGFS_ADD(agg_status); 354 DEBUGFS_ADD(agg_status);
331 DEBUGFS_ADD(dev); 355 DEBUGFS_ADD(dev);
diff --git a/net/mac80211/driver-ops.h b/net/mac80211/driver-ops.h
index 14123dce544b..eebf7a67daf7 100644
--- a/net/mac80211/driver-ops.h
+++ b/net/mac80211/driver-ops.h
@@ -5,9 +5,9 @@
5#include "ieee80211_i.h" 5#include "ieee80211_i.h"
6#include "driver-trace.h" 6#include "driver-trace.h"
7 7
8static inline int drv_tx(struct ieee80211_local *local, struct sk_buff *skb) 8static inline void drv_tx(struct ieee80211_local *local, struct sk_buff *skb)
9{ 9{
10 return local->ops->tx(&local->hw, skb); 10 local->ops->tx(&local->hw, skb);
11} 11}
12 12
13static inline int drv_start(struct ieee80211_local *local) 13static inline int drv_start(struct ieee80211_local *local)
@@ -41,6 +41,33 @@ static inline void drv_stop(struct ieee80211_local *local)
41 local->started = false; 41 local->started = false;
42} 42}
43 43
44#ifdef CONFIG_PM
45static inline int drv_suspend(struct ieee80211_local *local,
46 struct cfg80211_wowlan *wowlan)
47{
48 int ret;
49
50 might_sleep();
51
52 trace_drv_suspend(local);
53 ret = local->ops->suspend(&local->hw, wowlan);
54 trace_drv_return_int(local, ret);
55 return ret;
56}
57
58static inline int drv_resume(struct ieee80211_local *local)
59{
60 int ret;
61
62 might_sleep();
63
64 trace_drv_resume(local);
65 ret = local->ops->resume(&local->hw);
66 trace_drv_return_int(local, ret);
67 return ret;
68}
69#endif
70
44static inline int drv_add_interface(struct ieee80211_local *local, 71static inline int drv_add_interface(struct ieee80211_local *local,
45 struct ieee80211_vif *vif) 72 struct ieee80211_vif *vif)
46{ 73{
@@ -54,6 +81,20 @@ static inline int drv_add_interface(struct ieee80211_local *local,
54 return ret; 81 return ret;
55} 82}
56 83
84static inline int drv_change_interface(struct ieee80211_local *local,
85 struct ieee80211_sub_if_data *sdata,
86 enum nl80211_iftype type, bool p2p)
87{
88 int ret;
89
90 might_sleep();
91
92 trace_drv_change_interface(local, sdata, type, p2p);
93 ret = local->ops->change_interface(&local->hw, &sdata->vif, type, p2p);
94 trace_drv_return_int(local, ret);
95 return ret;
96}
97
57static inline void drv_remove_interface(struct ieee80211_local *local, 98static inline void drv_remove_interface(struct ieee80211_local *local,
58 struct ieee80211_vif *vif) 99 struct ieee80211_vif *vif)
59{ 100{
@@ -171,12 +212,39 @@ static inline int drv_hw_scan(struct ieee80211_local *local,
171 212
172 might_sleep(); 213 might_sleep();
173 214
174 trace_drv_hw_scan(local, sdata, req); 215 trace_drv_hw_scan(local, sdata);
175 ret = local->ops->hw_scan(&local->hw, &sdata->vif, req); 216 ret = local->ops->hw_scan(&local->hw, &sdata->vif, req);
176 trace_drv_return_int(local, ret); 217 trace_drv_return_int(local, ret);
177 return ret; 218 return ret;
178} 219}
179 220
221static inline int
222drv_sched_scan_start(struct ieee80211_local *local,
223 struct ieee80211_sub_if_data *sdata,
224 struct cfg80211_sched_scan_request *req,
225 struct ieee80211_sched_scan_ies *ies)
226{
227 int ret;
228
229 might_sleep();
230
231 trace_drv_sched_scan_start(local, sdata);
232 ret = local->ops->sched_scan_start(&local->hw, &sdata->vif,
233 req, ies);
234 trace_drv_return_int(local, ret);
235 return ret;
236}
237
238static inline void drv_sched_scan_stop(struct ieee80211_local *local,
239 struct ieee80211_sub_if_data *sdata)
240{
241 might_sleep();
242
243 trace_drv_sched_scan_stop(local, sdata);
244 local->ops->sched_scan_stop(&local->hw, &sdata->vif);
245 trace_drv_return_void(local);
246}
247
180static inline void drv_sw_scan_start(struct ieee80211_local *local) 248static inline void drv_sw_scan_start(struct ieee80211_local *local)
181{ 249{
182 might_sleep(); 250 might_sleep();
@@ -219,6 +287,20 @@ static inline void drv_get_tkip_seq(struct ieee80211_local *local,
219 trace_drv_get_tkip_seq(local, hw_key_idx, iv32, iv16); 287 trace_drv_get_tkip_seq(local, hw_key_idx, iv32, iv16);
220} 288}
221 289
290static inline int drv_set_frag_threshold(struct ieee80211_local *local,
291 u32 value)
292{
293 int ret = 0;
294
295 might_sleep();
296
297 trace_drv_set_frag_threshold(local, value);
298 if (local->ops->set_frag_threshold)
299 ret = local->ops->set_frag_threshold(&local->hw, value);
300 trace_drv_return_int(local, ret);
301 return ret;
302}
303
222static inline int drv_set_rts_threshold(struct ieee80211_local *local, 304static inline int drv_set_rts_threshold(struct ieee80211_local *local,
223 u32 value) 305 u32 value)
224{ 306{
@@ -339,7 +421,7 @@ static inline void drv_reset_tsf(struct ieee80211_local *local)
339 421
340static inline int drv_tx_last_beacon(struct ieee80211_local *local) 422static inline int drv_tx_last_beacon(struct ieee80211_local *local)
341{ 423{
342 int ret = 1; 424 int ret = 0; /* default unsuported op for less congestion */
343 425
344 might_sleep(); 426 might_sleep();
345 427
@@ -354,17 +436,17 @@ static inline int drv_ampdu_action(struct ieee80211_local *local,
354 struct ieee80211_sub_if_data *sdata, 436 struct ieee80211_sub_if_data *sdata,
355 enum ieee80211_ampdu_mlme_action action, 437 enum ieee80211_ampdu_mlme_action action,
356 struct ieee80211_sta *sta, u16 tid, 438 struct ieee80211_sta *sta, u16 tid,
357 u16 *ssn) 439 u16 *ssn, u8 buf_size)
358{ 440{
359 int ret = -EOPNOTSUPP; 441 int ret = -EOPNOTSUPP;
360 442
361 might_sleep(); 443 might_sleep();
362 444
363 trace_drv_ampdu_action(local, sdata, action, sta, tid, ssn); 445 trace_drv_ampdu_action(local, sdata, action, sta, tid, ssn, buf_size);
364 446
365 if (local->ops->ampdu_action) 447 if (local->ops->ampdu_action)
366 ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action, 448 ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action,
367 sta, tid, ssn); 449 sta, tid, ssn, buf_size);
368 450
369 trace_drv_return_int(local, ret); 451 trace_drv_return_int(local, ret);
370 452
@@ -414,4 +496,145 @@ static inline void drv_channel_switch(struct ieee80211_local *local,
414 trace_drv_return_void(local); 496 trace_drv_return_void(local);
415} 497}
416 498
499
500static inline int drv_set_antenna(struct ieee80211_local *local,
501 u32 tx_ant, u32 rx_ant)
502{
503 int ret = -EOPNOTSUPP;
504 might_sleep();
505 if (local->ops->set_antenna)
506 ret = local->ops->set_antenna(&local->hw, tx_ant, rx_ant);
507 trace_drv_set_antenna(local, tx_ant, rx_ant, ret);
508 return ret;
509}
510
511static inline int drv_get_antenna(struct ieee80211_local *local,
512 u32 *tx_ant, u32 *rx_ant)
513{
514 int ret = -EOPNOTSUPP;
515 might_sleep();
516 if (local->ops->get_antenna)
517 ret = local->ops->get_antenna(&local->hw, tx_ant, rx_ant);
518 trace_drv_get_antenna(local, *tx_ant, *rx_ant, ret);
519 return ret;
520}
521
522static inline int drv_remain_on_channel(struct ieee80211_local *local,
523 struct ieee80211_channel *chan,
524 enum nl80211_channel_type chantype,
525 unsigned int duration)
526{
527 int ret;
528
529 might_sleep();
530
531 trace_drv_remain_on_channel(local, chan, chantype, duration);
532 ret = local->ops->remain_on_channel(&local->hw, chan, chantype,
533 duration);
534 trace_drv_return_int(local, ret);
535
536 return ret;
537}
538
539static inline int drv_cancel_remain_on_channel(struct ieee80211_local *local)
540{
541 int ret;
542
543 might_sleep();
544
545 trace_drv_cancel_remain_on_channel(local);
546 ret = local->ops->cancel_remain_on_channel(&local->hw);
547 trace_drv_return_int(local, ret);
548
549 return ret;
550}
551
552static inline int drv_offchannel_tx(struct ieee80211_local *local,
553 struct sk_buff *skb,
554 struct ieee80211_channel *chan,
555 enum nl80211_channel_type channel_type,
556 unsigned int wait)
557{
558 int ret;
559
560 might_sleep();
561
562 trace_drv_offchannel_tx(local, skb, chan, channel_type, wait);
563 ret = local->ops->offchannel_tx(&local->hw, skb, chan,
564 channel_type, wait);
565 trace_drv_return_int(local, ret);
566
567 return ret;
568}
569
570static inline int drv_offchannel_tx_cancel_wait(struct ieee80211_local *local)
571{
572 int ret;
573
574 might_sleep();
575
576 trace_drv_offchannel_tx_cancel_wait(local);
577 ret = local->ops->offchannel_tx_cancel_wait(&local->hw);
578 trace_drv_return_int(local, ret);
579
580 return ret;
581}
582
583static inline int drv_set_ringparam(struct ieee80211_local *local,
584 u32 tx, u32 rx)
585{
586 int ret = -ENOTSUPP;
587
588 might_sleep();
589
590 trace_drv_set_ringparam(local, tx, rx);
591 if (local->ops->set_ringparam)
592 ret = local->ops->set_ringparam(&local->hw, tx, rx);
593 trace_drv_return_int(local, ret);
594
595 return ret;
596}
597
598static inline void drv_get_ringparam(struct ieee80211_local *local,
599 u32 *tx, u32 *tx_max, u32 *rx, u32 *rx_max)
600{
601 might_sleep();
602
603 trace_drv_get_ringparam(local, tx, tx_max, rx, rx_max);
604 if (local->ops->get_ringparam)
605 local->ops->get_ringparam(&local->hw, tx, tx_max, rx, rx_max);
606 trace_drv_return_void(local);
607}
608
609static inline bool drv_tx_frames_pending(struct ieee80211_local *local)
610{
611 bool ret = false;
612
613 might_sleep();
614
615 trace_drv_tx_frames_pending(local);
616 if (local->ops->tx_frames_pending)
617 ret = local->ops->tx_frames_pending(&local->hw);
618 trace_drv_return_bool(local, ret);
619
620 return ret;
621}
622
623static inline int drv_set_bitrate_mask(struct ieee80211_local *local,
624 struct ieee80211_sub_if_data *sdata,
625 const struct cfg80211_bitrate_mask *mask)
626{
627 int ret = -EOPNOTSUPP;
628
629 might_sleep();
630
631 trace_drv_set_bitrate_mask(local, sdata, mask);
632 if (local->ops->set_bitrate_mask)
633 ret = local->ops->set_bitrate_mask(&local->hw,
634 &sdata->vif, mask);
635 trace_drv_return_int(local, ret);
636
637 return ret;
638}
639
417#endif /* __MAC80211_DRIVER_OPS */ 640#endif /* __MAC80211_DRIVER_OPS */
diff --git a/net/mac80211/driver-trace.h b/net/mac80211/driver-trace.h
index 5d5d2a974668..ed9edcbd9aa5 100644
--- a/net/mac80211/driver-trace.h
+++ b/net/mac80211/driver-trace.h
@@ -9,6 +9,11 @@
9#undef TRACE_EVENT 9#undef TRACE_EVENT
10#define TRACE_EVENT(name, proto, ...) \ 10#define TRACE_EVENT(name, proto, ...) \
11static inline void trace_ ## name(proto) {} 11static inline void trace_ ## name(proto) {}
12#undef DECLARE_EVENT_CLASS
13#define DECLARE_EVENT_CLASS(...)
14#undef DEFINE_EVENT
15#define DEFINE_EVENT(evt_class, name, proto, ...) \
16static inline void trace_ ## name(proto) {}
12#endif 17#endif
13 18
14#undef TRACE_SYSTEM 19#undef TRACE_SYSTEM
@@ -25,18 +30,20 @@ static inline void trace_ ## name(proto) {}
25#define STA_PR_FMT " sta:%pM" 30#define STA_PR_FMT " sta:%pM"
26#define STA_PR_ARG __entry->sta_addr 31#define STA_PR_ARG __entry->sta_addr
27 32
28#define VIF_ENTRY __field(enum nl80211_iftype, vif_type) __field(void *, sdata) \ 33#define VIF_ENTRY __field(enum nl80211_iftype, vif_type) __field(void *, sdata) \
34 __field(bool, p2p) \
29 __string(vif_name, sdata->dev ? sdata->dev->name : "<nodev>") 35 __string(vif_name, sdata->dev ? sdata->dev->name : "<nodev>")
30#define VIF_ASSIGN __entry->vif_type = sdata->vif.type; __entry->sdata = sdata; \ 36#define VIF_ASSIGN __entry->vif_type = sdata->vif.type; __entry->sdata = sdata; \
37 __entry->p2p = sdata->vif.p2p; \
31 __assign_str(vif_name, sdata->dev ? sdata->dev->name : "<nodev>") 38 __assign_str(vif_name, sdata->dev ? sdata->dev->name : "<nodev>")
32#define VIF_PR_FMT " vif:%s(%d)" 39#define VIF_PR_FMT " vif:%s(%d%s)"
33#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type 40#define VIF_PR_ARG __get_str(vif_name), __entry->vif_type, __entry->p2p ? "/p2p" : ""
34 41
35/* 42/*
36 * Tracing for driver callbacks. 43 * Tracing for driver callbacks.
37 */ 44 */
38 45
39TRACE_EVENT(drv_return_void, 46DECLARE_EVENT_CLASS(local_only_evt,
40 TP_PROTO(struct ieee80211_local *local), 47 TP_PROTO(struct ieee80211_local *local),
41 TP_ARGS(local), 48 TP_ARGS(local),
42 TP_STRUCT__entry( 49 TP_STRUCT__entry(
@@ -48,117 +55,178 @@ TRACE_EVENT(drv_return_void,
48 TP_printk(LOCAL_PR_FMT, LOCAL_PR_ARG) 55 TP_printk(LOCAL_PR_FMT, LOCAL_PR_ARG)
49); 56);
50 57
51TRACE_EVENT(drv_return_int, 58DECLARE_EVENT_CLASS(local_sdata_addr_evt,
52 TP_PROTO(struct ieee80211_local *local, int ret), 59 TP_PROTO(struct ieee80211_local *local,
53 TP_ARGS(local, ret), 60 struct ieee80211_sub_if_data *sdata),
61 TP_ARGS(local, sdata),
62
54 TP_STRUCT__entry( 63 TP_STRUCT__entry(
55 LOCAL_ENTRY 64 LOCAL_ENTRY
56 __field(int, ret) 65 VIF_ENTRY
66 __array(char, addr, 6)
57 ), 67 ),
68
58 TP_fast_assign( 69 TP_fast_assign(
59 LOCAL_ASSIGN; 70 LOCAL_ASSIGN;
60 __entry->ret = ret; 71 VIF_ASSIGN;
72 memcpy(__entry->addr, sdata->vif.addr, 6);
61 ), 73 ),
62 TP_printk(LOCAL_PR_FMT " - %d", LOCAL_PR_ARG, __entry->ret) 74
75 TP_printk(
76 LOCAL_PR_FMT VIF_PR_FMT " addr:%pM",
77 LOCAL_PR_ARG, VIF_PR_ARG, __entry->addr
78 )
63); 79);
64 80
65TRACE_EVENT(drv_return_u64, 81DECLARE_EVENT_CLASS(local_u32_evt,
66 TP_PROTO(struct ieee80211_local *local, u64 ret), 82 TP_PROTO(struct ieee80211_local *local, u32 value),
67 TP_ARGS(local, ret), 83 TP_ARGS(local, value),
84
68 TP_STRUCT__entry( 85 TP_STRUCT__entry(
69 LOCAL_ENTRY 86 LOCAL_ENTRY
70 __field(u64, ret) 87 __field(u32, value)
71 ), 88 ),
89
72 TP_fast_assign( 90 TP_fast_assign(
73 LOCAL_ASSIGN; 91 LOCAL_ASSIGN;
74 __entry->ret = ret; 92 __entry->value = value;
75 ), 93 ),
76 TP_printk(LOCAL_PR_FMT " - %llu", LOCAL_PR_ARG, __entry->ret)
77);
78 94
79TRACE_EVENT(drv_start, 95 TP_printk(
80 TP_PROTO(struct ieee80211_local *local), 96 LOCAL_PR_FMT " value:%d",
97 LOCAL_PR_ARG, __entry->value
98 )
99);
81 100
82 TP_ARGS(local), 101DECLARE_EVENT_CLASS(local_sdata_evt,
102 TP_PROTO(struct ieee80211_local *local,
103 struct ieee80211_sub_if_data *sdata),
104 TP_ARGS(local, sdata),
83 105
84 TP_STRUCT__entry( 106 TP_STRUCT__entry(
85 LOCAL_ENTRY 107 LOCAL_ENTRY
108 VIF_ENTRY
86 ), 109 ),
87 110
88 TP_fast_assign( 111 TP_fast_assign(
89 LOCAL_ASSIGN; 112 LOCAL_ASSIGN;
113 VIF_ASSIGN;
90 ), 114 ),
91 115
92 TP_printk( 116 TP_printk(
93 LOCAL_PR_FMT, LOCAL_PR_ARG 117 LOCAL_PR_FMT VIF_PR_FMT,
118 LOCAL_PR_ARG, VIF_PR_ARG
94 ) 119 )
95); 120);
96 121
97TRACE_EVENT(drv_stop, 122DEFINE_EVENT(local_only_evt, drv_return_void,
98 TP_PROTO(struct ieee80211_local *local), 123 TP_PROTO(struct ieee80211_local *local),
124 TP_ARGS(local)
125);
99 126
100 TP_ARGS(local), 127TRACE_EVENT(drv_return_int,
101 128 TP_PROTO(struct ieee80211_local *local, int ret),
129 TP_ARGS(local, ret),
102 TP_STRUCT__entry( 130 TP_STRUCT__entry(
103 LOCAL_ENTRY 131 LOCAL_ENTRY
132 __field(int, ret)
104 ), 133 ),
105
106 TP_fast_assign( 134 TP_fast_assign(
107 LOCAL_ASSIGN; 135 LOCAL_ASSIGN;
136 __entry->ret = ret;
108 ), 137 ),
109 138 TP_printk(LOCAL_PR_FMT " - %d", LOCAL_PR_ARG, __entry->ret)
110 TP_printk(
111 LOCAL_PR_FMT, LOCAL_PR_ARG
112 )
113); 139);
114 140
115TRACE_EVENT(drv_add_interface, 141TRACE_EVENT(drv_return_bool,
116 TP_PROTO(struct ieee80211_local *local, 142 TP_PROTO(struct ieee80211_local *local, bool ret),
117 struct ieee80211_sub_if_data *sdata), 143 TP_ARGS(local, ret),
118
119 TP_ARGS(local, sdata),
120
121 TP_STRUCT__entry( 144 TP_STRUCT__entry(
122 LOCAL_ENTRY 145 LOCAL_ENTRY
123 VIF_ENTRY 146 __field(bool, ret)
124 __array(char, addr, 6) 147 ),
148 TP_fast_assign(
149 LOCAL_ASSIGN;
150 __entry->ret = ret;
125 ), 151 ),
152 TP_printk(LOCAL_PR_FMT " - %s", LOCAL_PR_ARG, (__entry->ret) ?
153 "true" : "false")
154);
126 155
156TRACE_EVENT(drv_return_u64,
157 TP_PROTO(struct ieee80211_local *local, u64 ret),
158 TP_ARGS(local, ret),
159 TP_STRUCT__entry(
160 LOCAL_ENTRY
161 __field(u64, ret)
162 ),
127 TP_fast_assign( 163 TP_fast_assign(
128 LOCAL_ASSIGN; 164 LOCAL_ASSIGN;
129 VIF_ASSIGN; 165 __entry->ret = ret;
130 memcpy(__entry->addr, sdata->vif.addr, 6);
131 ), 166 ),
167 TP_printk(LOCAL_PR_FMT " - %llu", LOCAL_PR_ARG, __entry->ret)
168);
132 169
133 TP_printk( 170DEFINE_EVENT(local_only_evt, drv_start,
134 LOCAL_PR_FMT VIF_PR_FMT " addr:%pM", 171 TP_PROTO(struct ieee80211_local *local),
135 LOCAL_PR_ARG, VIF_PR_ARG, __entry->addr 172 TP_ARGS(local)
136 ) 173);
174
175DEFINE_EVENT(local_only_evt, drv_suspend,
176 TP_PROTO(struct ieee80211_local *local),
177 TP_ARGS(local)
137); 178);
138 179
139TRACE_EVENT(drv_remove_interface, 180DEFINE_EVENT(local_only_evt, drv_resume,
140 TP_PROTO(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata), 181 TP_PROTO(struct ieee80211_local *local),
182 TP_ARGS(local)
183);
141 184
142 TP_ARGS(local, sdata), 185DEFINE_EVENT(local_only_evt, drv_stop,
186 TP_PROTO(struct ieee80211_local *local),
187 TP_ARGS(local)
188);
189
190DEFINE_EVENT(local_sdata_addr_evt, drv_add_interface,
191 TP_PROTO(struct ieee80211_local *local,
192 struct ieee80211_sub_if_data *sdata),
193 TP_ARGS(local, sdata)
194);
195
196TRACE_EVENT(drv_change_interface,
197 TP_PROTO(struct ieee80211_local *local,
198 struct ieee80211_sub_if_data *sdata,
199 enum nl80211_iftype type, bool p2p),
200
201 TP_ARGS(local, sdata, type, p2p),
143 202
144 TP_STRUCT__entry( 203 TP_STRUCT__entry(
145 LOCAL_ENTRY 204 LOCAL_ENTRY
146 VIF_ENTRY 205 VIF_ENTRY
147 __array(char, addr, 6) 206 __field(u32, new_type)
207 __field(bool, new_p2p)
148 ), 208 ),
149 209
150 TP_fast_assign( 210 TP_fast_assign(
151 LOCAL_ASSIGN; 211 LOCAL_ASSIGN;
152 VIF_ASSIGN; 212 VIF_ASSIGN;
153 memcpy(__entry->addr, sdata->vif.addr, 6); 213 __entry->new_type = type;
214 __entry->new_p2p = p2p;
154 ), 215 ),
155 216
156 TP_printk( 217 TP_printk(
157 LOCAL_PR_FMT VIF_PR_FMT " addr:%pM", 218 LOCAL_PR_FMT VIF_PR_FMT " new type:%d%s",
158 LOCAL_PR_ARG, VIF_PR_ARG, __entry->addr 219 LOCAL_PR_ARG, VIF_PR_ARG, __entry->new_type,
220 __entry->new_p2p ? "/p2p" : ""
159 ) 221 )
160); 222);
161 223
224DEFINE_EVENT(local_sdata_addr_evt, drv_remove_interface,
225 TP_PROTO(struct ieee80211_local *local,
226 struct ieee80211_sub_if_data *sdata),
227 TP_ARGS(local, sdata)
228);
229
162TRACE_EVENT(drv_config, 230TRACE_EVENT(drv_config,
163 TP_PROTO(struct ieee80211_local *local, 231 TP_PROTO(struct ieee80211_local *local,
164 u32 changed), 232 u32 changed),
@@ -336,7 +404,7 @@ TRACE_EVENT(drv_set_key,
336 LOCAL_ENTRY 404 LOCAL_ENTRY
337 VIF_ENTRY 405 VIF_ENTRY
338 STA_ENTRY 406 STA_ENTRY
339 __field(enum ieee80211_key_alg, alg) 407 __field(u32, cipher)
340 __field(u8, hw_key_idx) 408 __field(u8, hw_key_idx)
341 __field(u8, flags) 409 __field(u8, flags)
342 __field(s8, keyidx) 410 __field(s8, keyidx)
@@ -346,7 +414,7 @@ TRACE_EVENT(drv_set_key,
346 LOCAL_ASSIGN; 414 LOCAL_ASSIGN;
347 VIF_ASSIGN; 415 VIF_ASSIGN;
348 STA_ASSIGN; 416 STA_ASSIGN;
349 __entry->alg = key->alg; 417 __entry->cipher = key->cipher;
350 __entry->flags = key->flags; 418 __entry->flags = key->flags;
351 __entry->keyidx = key->keyidx; 419 __entry->keyidx = key->keyidx;
352 __entry->hw_key_idx = key->hw_key_idx; 420 __entry->hw_key_idx = key->hw_key_idx;
@@ -386,63 +454,32 @@ TRACE_EVENT(drv_update_tkip_key,
386 ) 454 )
387); 455);
388 456
389TRACE_EVENT(drv_hw_scan, 457DEFINE_EVENT(local_sdata_evt, drv_hw_scan,
390 TP_PROTO(struct ieee80211_local *local, 458 TP_PROTO(struct ieee80211_local *local,
391 struct ieee80211_sub_if_data *sdata, 459 struct ieee80211_sub_if_data *sdata),
392 struct cfg80211_scan_request *req), 460 TP_ARGS(local, sdata)
393 461);
394 TP_ARGS(local, sdata, req),
395
396 TP_STRUCT__entry(
397 LOCAL_ENTRY
398 VIF_ENTRY
399 ),
400 462
401 TP_fast_assign( 463DEFINE_EVENT(local_sdata_evt, drv_sched_scan_start,
402 LOCAL_ASSIGN; 464 TP_PROTO(struct ieee80211_local *local,
403 VIF_ASSIGN; 465 struct ieee80211_sub_if_data *sdata),
404 ), 466 TP_ARGS(local, sdata)
467);
405 468
406 TP_printk( 469DEFINE_EVENT(local_sdata_evt, drv_sched_scan_stop,
407 LOCAL_PR_FMT VIF_PR_FMT, 470 TP_PROTO(struct ieee80211_local *local,
408 LOCAL_PR_ARG,VIF_PR_ARG 471 struct ieee80211_sub_if_data *sdata),
409 ) 472 TP_ARGS(local, sdata)
410); 473);
411 474
412TRACE_EVENT(drv_sw_scan_start, 475DEFINE_EVENT(local_only_evt, drv_sw_scan_start,
413 TP_PROTO(struct ieee80211_local *local), 476 TP_PROTO(struct ieee80211_local *local),
414 477 TP_ARGS(local)
415 TP_ARGS(local),
416
417 TP_STRUCT__entry(
418 LOCAL_ENTRY
419 ),
420
421 TP_fast_assign(
422 LOCAL_ASSIGN;
423 ),
424
425 TP_printk(
426 LOCAL_PR_FMT, LOCAL_PR_ARG
427 )
428); 478);
429 479
430TRACE_EVENT(drv_sw_scan_complete, 480DEFINE_EVENT(local_only_evt, drv_sw_scan_complete,
431 TP_PROTO(struct ieee80211_local *local), 481 TP_PROTO(struct ieee80211_local *local),
432 482 TP_ARGS(local)
433 TP_ARGS(local),
434
435 TP_STRUCT__entry(
436 LOCAL_ENTRY
437 ),
438
439 TP_fast_assign(
440 LOCAL_ASSIGN;
441 ),
442
443 TP_printk(
444 LOCAL_PR_FMT, LOCAL_PR_ARG
445 )
446); 483);
447 484
448TRACE_EVENT(drv_get_stats, 485TRACE_EVENT(drv_get_stats,
@@ -501,25 +538,14 @@ TRACE_EVENT(drv_get_tkip_seq,
501 ) 538 )
502); 539);
503 540
504TRACE_EVENT(drv_set_rts_threshold, 541DEFINE_EVENT(local_u32_evt, drv_set_frag_threshold,
505 TP_PROTO(struct ieee80211_local *local, u32 value), 542 TP_PROTO(struct ieee80211_local *local, u32 value),
543 TP_ARGS(local, value)
544);
506 545
507 TP_ARGS(local, value), 546DEFINE_EVENT(local_u32_evt, drv_set_rts_threshold,
508 547 TP_PROTO(struct ieee80211_local *local, u32 value),
509 TP_STRUCT__entry( 548 TP_ARGS(local, value)
510 LOCAL_ENTRY
511 __field(u32, value)
512 ),
513
514 TP_fast_assign(
515 LOCAL_ASSIGN;
516 __entry->value = value;
517 ),
518
519 TP_printk(
520 LOCAL_PR_FMT " value:%d",
521 LOCAL_PR_ARG, __entry->value
522 )
523); 549);
524 550
525TRACE_EVENT(drv_set_coverage_class, 551TRACE_EVENT(drv_set_coverage_class,
@@ -651,23 +677,9 @@ TRACE_EVENT(drv_conf_tx,
651 ) 677 )
652); 678);
653 679
654TRACE_EVENT(drv_get_tsf, 680DEFINE_EVENT(local_only_evt, drv_get_tsf,
655 TP_PROTO(struct ieee80211_local *local), 681 TP_PROTO(struct ieee80211_local *local),
656 682 TP_ARGS(local)
657 TP_ARGS(local),
658
659 TP_STRUCT__entry(
660 LOCAL_ENTRY
661 ),
662
663 TP_fast_assign(
664 LOCAL_ASSIGN;
665 ),
666
667 TP_printk(
668 LOCAL_PR_FMT,
669 LOCAL_PR_ARG
670 )
671); 683);
672 684
673TRACE_EVENT(drv_set_tsf, 685TRACE_EVENT(drv_set_tsf,
@@ -691,41 +703,14 @@ TRACE_EVENT(drv_set_tsf,
691 ) 703 )
692); 704);
693 705
694TRACE_EVENT(drv_reset_tsf, 706DEFINE_EVENT(local_only_evt, drv_reset_tsf,
695 TP_PROTO(struct ieee80211_local *local), 707 TP_PROTO(struct ieee80211_local *local),
696 708 TP_ARGS(local)
697 TP_ARGS(local),
698
699 TP_STRUCT__entry(
700 LOCAL_ENTRY
701 ),
702
703 TP_fast_assign(
704 LOCAL_ASSIGN;
705 ),
706
707 TP_printk(
708 LOCAL_PR_FMT, LOCAL_PR_ARG
709 )
710); 709);
711 710
712TRACE_EVENT(drv_tx_last_beacon, 711DEFINE_EVENT(local_only_evt, drv_tx_last_beacon,
713 TP_PROTO(struct ieee80211_local *local), 712 TP_PROTO(struct ieee80211_local *local),
714 713 TP_ARGS(local)
715 TP_ARGS(local),
716
717 TP_STRUCT__entry(
718 LOCAL_ENTRY
719 ),
720
721 TP_fast_assign(
722 LOCAL_ASSIGN;
723 ),
724
725 TP_printk(
726 LOCAL_PR_FMT,
727 LOCAL_PR_ARG
728 )
729); 714);
730 715
731TRACE_EVENT(drv_ampdu_action, 716TRACE_EVENT(drv_ampdu_action,
@@ -733,9 +718,9 @@ TRACE_EVENT(drv_ampdu_action,
733 struct ieee80211_sub_if_data *sdata, 718 struct ieee80211_sub_if_data *sdata,
734 enum ieee80211_ampdu_mlme_action action, 719 enum ieee80211_ampdu_mlme_action action,
735 struct ieee80211_sta *sta, u16 tid, 720 struct ieee80211_sta *sta, u16 tid,
736 u16 *ssn), 721 u16 *ssn, u8 buf_size),
737 722
738 TP_ARGS(local, sdata, action, sta, tid, ssn), 723 TP_ARGS(local, sdata, action, sta, tid, ssn, buf_size),
739 724
740 TP_STRUCT__entry( 725 TP_STRUCT__entry(
741 LOCAL_ENTRY 726 LOCAL_ENTRY
@@ -743,6 +728,7 @@ TRACE_EVENT(drv_ampdu_action,
743 __field(u32, action) 728 __field(u32, action)
744 __field(u16, tid) 729 __field(u16, tid)
745 __field(u16, ssn) 730 __field(u16, ssn)
731 __field(u8, buf_size)
746 VIF_ENTRY 732 VIF_ENTRY
747 ), 733 ),
748 734
@@ -753,11 +739,13 @@ TRACE_EVENT(drv_ampdu_action,
753 __entry->action = action; 739 __entry->action = action;
754 __entry->tid = tid; 740 __entry->tid = tid;
755 __entry->ssn = ssn ? *ssn : 0; 741 __entry->ssn = ssn ? *ssn : 0;
742 __entry->buf_size = buf_size;
756 ), 743 ),
757 744
758 TP_printk( 745 TP_printk(
759 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d", 746 LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d buf:%d",
760 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, __entry->tid 747 LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action,
748 __entry->tid, __entry->buf_size
761 ) 749 )
762); 750);
763 751
@@ -832,6 +820,204 @@ TRACE_EVENT(drv_channel_switch,
832 ) 820 )
833); 821);
834 822
823TRACE_EVENT(drv_set_antenna,
824 TP_PROTO(struct ieee80211_local *local, u32 tx_ant, u32 rx_ant, int ret),
825
826 TP_ARGS(local, tx_ant, rx_ant, ret),
827
828 TP_STRUCT__entry(
829 LOCAL_ENTRY
830 __field(u32, tx_ant)
831 __field(u32, rx_ant)
832 __field(int, ret)
833 ),
834
835 TP_fast_assign(
836 LOCAL_ASSIGN;
837 __entry->tx_ant = tx_ant;
838 __entry->rx_ant = rx_ant;
839 __entry->ret = ret;
840 ),
841
842 TP_printk(
843 LOCAL_PR_FMT " tx_ant:%d rx_ant:%d ret:%d",
844 LOCAL_PR_ARG, __entry->tx_ant, __entry->rx_ant, __entry->ret
845 )
846);
847
848TRACE_EVENT(drv_get_antenna,
849 TP_PROTO(struct ieee80211_local *local, u32 tx_ant, u32 rx_ant, int ret),
850
851 TP_ARGS(local, tx_ant, rx_ant, ret),
852
853 TP_STRUCT__entry(
854 LOCAL_ENTRY
855 __field(u32, tx_ant)
856 __field(u32, rx_ant)
857 __field(int, ret)
858 ),
859
860 TP_fast_assign(
861 LOCAL_ASSIGN;
862 __entry->tx_ant = tx_ant;
863 __entry->rx_ant = rx_ant;
864 __entry->ret = ret;
865 ),
866
867 TP_printk(
868 LOCAL_PR_FMT " tx_ant:%d rx_ant:%d ret:%d",
869 LOCAL_PR_ARG, __entry->tx_ant, __entry->rx_ant, __entry->ret
870 )
871);
872
873TRACE_EVENT(drv_remain_on_channel,
874 TP_PROTO(struct ieee80211_local *local, struct ieee80211_channel *chan,
875 enum nl80211_channel_type chantype, unsigned int duration),
876
877 TP_ARGS(local, chan, chantype, duration),
878
879 TP_STRUCT__entry(
880 LOCAL_ENTRY
881 __field(int, center_freq)
882 __field(int, channel_type)
883 __field(unsigned int, duration)
884 ),
885
886 TP_fast_assign(
887 LOCAL_ASSIGN;
888 __entry->center_freq = chan->center_freq;
889 __entry->channel_type = chantype;
890 __entry->duration = duration;
891 ),
892
893 TP_printk(
894 LOCAL_PR_FMT " freq:%dMHz duration:%dms",
895 LOCAL_PR_ARG, __entry->center_freq, __entry->duration
896 )
897);
898
899DEFINE_EVENT(local_only_evt, drv_cancel_remain_on_channel,
900 TP_PROTO(struct ieee80211_local *local),
901 TP_ARGS(local)
902);
903
904TRACE_EVENT(drv_offchannel_tx,
905 TP_PROTO(struct ieee80211_local *local, struct sk_buff *skb,
906 struct ieee80211_channel *chan,
907 enum nl80211_channel_type channel_type,
908 unsigned int wait),
909
910 TP_ARGS(local, skb, chan, channel_type, wait),
911
912 TP_STRUCT__entry(
913 LOCAL_ENTRY
914 __field(int, center_freq)
915 __field(int, channel_type)
916 __field(unsigned int, wait)
917 ),
918
919 TP_fast_assign(
920 LOCAL_ASSIGN;
921 __entry->center_freq = chan->center_freq;
922 __entry->channel_type = channel_type;
923 __entry->wait = wait;
924 ),
925
926 TP_printk(
927 LOCAL_PR_FMT " freq:%dMHz, wait:%dms",
928 LOCAL_PR_ARG, __entry->center_freq, __entry->wait
929 )
930);
931
932TRACE_EVENT(drv_set_ringparam,
933 TP_PROTO(struct ieee80211_local *local, u32 tx, u32 rx),
934
935 TP_ARGS(local, tx, rx),
936
937 TP_STRUCT__entry(
938 LOCAL_ENTRY
939 __field(u32, tx)
940 __field(u32, rx)
941 ),
942
943 TP_fast_assign(
944 LOCAL_ASSIGN;
945 __entry->tx = tx;
946 __entry->rx = rx;
947 ),
948
949 TP_printk(
950 LOCAL_PR_FMT " tx:%d rx %d",
951 LOCAL_PR_ARG, __entry->tx, __entry->rx
952 )
953);
954
955TRACE_EVENT(drv_get_ringparam,
956 TP_PROTO(struct ieee80211_local *local, u32 *tx, u32 *tx_max,
957 u32 *rx, u32 *rx_max),
958
959 TP_ARGS(local, tx, tx_max, rx, rx_max),
960
961 TP_STRUCT__entry(
962 LOCAL_ENTRY
963 __field(u32, tx)
964 __field(u32, tx_max)
965 __field(u32, rx)
966 __field(u32, rx_max)
967 ),
968
969 TP_fast_assign(
970 LOCAL_ASSIGN;
971 __entry->tx = *tx;
972 __entry->tx_max = *tx_max;
973 __entry->rx = *rx;
974 __entry->rx_max = *rx_max;
975 ),
976
977 TP_printk(
978 LOCAL_PR_FMT " tx:%d tx_max %d rx %d rx_max %d",
979 LOCAL_PR_ARG,
980 __entry->tx, __entry->tx_max, __entry->rx, __entry->rx_max
981 )
982);
983
984DEFINE_EVENT(local_only_evt, drv_tx_frames_pending,
985 TP_PROTO(struct ieee80211_local *local),
986 TP_ARGS(local)
987);
988
989DEFINE_EVENT(local_only_evt, drv_offchannel_tx_cancel_wait,
990 TP_PROTO(struct ieee80211_local *local),
991 TP_ARGS(local)
992);
993
994TRACE_EVENT(drv_set_bitrate_mask,
995 TP_PROTO(struct ieee80211_local *local,
996 struct ieee80211_sub_if_data *sdata,
997 const struct cfg80211_bitrate_mask *mask),
998
999 TP_ARGS(local, sdata, mask),
1000
1001 TP_STRUCT__entry(
1002 LOCAL_ENTRY
1003 VIF_ENTRY
1004 __field(u32, legacy_2g)
1005 __field(u32, legacy_5g)
1006 ),
1007
1008 TP_fast_assign(
1009 LOCAL_ASSIGN;
1010 VIF_ASSIGN;
1011 __entry->legacy_2g = mask->control[IEEE80211_BAND_2GHZ].legacy;
1012 __entry->legacy_5g = mask->control[IEEE80211_BAND_5GHZ].legacy;
1013 ),
1014
1015 TP_printk(
1016 LOCAL_PR_FMT VIF_PR_FMT " 2G Mask:0x%x 5G Mask:0x%x",
1017 LOCAL_PR_ARG, VIF_PR_ARG, __entry->legacy_2g, __entry->legacy_5g
1018 )
1019);
1020
835/* 1021/*
836 * Tracing for API calls that drivers call. 1022 * Tracing for API calls that drivers call.
837 */ 1023 */
@@ -924,23 +1110,9 @@ TRACE_EVENT(api_stop_tx_ba_cb,
924 ) 1110 )
925); 1111);
926 1112
927TRACE_EVENT(api_restart_hw, 1113DEFINE_EVENT(local_only_evt, api_restart_hw,
928 TP_PROTO(struct ieee80211_local *local), 1114 TP_PROTO(struct ieee80211_local *local),
929 1115 TP_ARGS(local)
930 TP_ARGS(local),
931
932 TP_STRUCT__entry(
933 LOCAL_ENTRY
934 ),
935
936 TP_fast_assign(
937 LOCAL_ASSIGN;
938 ),
939
940 TP_printk(
941 LOCAL_PR_FMT,
942 LOCAL_PR_ARG
943 )
944); 1116);
945 1117
946TRACE_EVENT(api_beacon_loss, 1118TRACE_EVENT(api_beacon_loss,
@@ -1024,6 +1196,42 @@ TRACE_EVENT(api_scan_completed,
1024 ) 1196 )
1025); 1197);
1026 1198
1199TRACE_EVENT(api_sched_scan_results,
1200 TP_PROTO(struct ieee80211_local *local),
1201
1202 TP_ARGS(local),
1203
1204 TP_STRUCT__entry(
1205 LOCAL_ENTRY
1206 ),
1207
1208 TP_fast_assign(
1209 LOCAL_ASSIGN;
1210 ),
1211
1212 TP_printk(
1213 LOCAL_PR_FMT, LOCAL_PR_ARG
1214 )
1215);
1216
1217TRACE_EVENT(api_sched_scan_stopped,
1218 TP_PROTO(struct ieee80211_local *local),
1219
1220 TP_ARGS(local),
1221
1222 TP_STRUCT__entry(
1223 LOCAL_ENTRY
1224 ),
1225
1226 TP_fast_assign(
1227 LOCAL_ASSIGN;
1228 ),
1229
1230 TP_printk(
1231 LOCAL_PR_FMT, LOCAL_PR_ARG
1232 )
1233);
1234
1027TRACE_EVENT(api_sta_block_awake, 1235TRACE_EVENT(api_sta_block_awake,
1028 TP_PROTO(struct ieee80211_local *local, 1236 TP_PROTO(struct ieee80211_local *local,
1029 struct ieee80211_sta *sta, bool block), 1237 struct ieee80211_sta *sta, bool block),
@@ -1069,6 +1277,16 @@ TRACE_EVENT(api_chswitch_done,
1069 ) 1277 )
1070); 1278);
1071 1279
1280DEFINE_EVENT(local_only_evt, api_ready_on_channel,
1281 TP_PROTO(struct ieee80211_local *local),
1282 TP_ARGS(local)
1283);
1284
1285DEFINE_EVENT(local_only_evt, api_remain_on_channel_expired,
1286 TP_PROTO(struct ieee80211_local *local),
1287 TP_ARGS(local)
1288);
1289
1072/* 1290/*
1073 * Tracing for internal functions 1291 * Tracing for internal functions
1074 * (which may also be called in response to driver calls) 1292 * (which may also be called in response to driver calls)
diff --git a/net/mac80211/ht.c b/net/mac80211/ht.c
index 9d101fb33861..591add22bcc0 100644
--- a/net/mac80211/ht.c
+++ b/net/mac80211/ht.c
@@ -66,6 +66,9 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
66 /* own MCS TX capabilities */ 66 /* own MCS TX capabilities */
67 tx_mcs_set_cap = sband->ht_cap.mcs.tx_params; 67 tx_mcs_set_cap = sband->ht_cap.mcs.tx_params;
68 68
69 /* Copy peer MCS TX capabilities, the driver might need them. */
70 ht_cap->mcs.tx_params = ht_cap_ie->mcs.tx_params;
71
69 /* can we TX with MCS rates? */ 72 /* can we TX with MCS rates? */
70 if (!(tx_mcs_set_cap & IEEE80211_HT_MCS_TX_DEFINED)) 73 if (!(tx_mcs_set_cap & IEEE80211_HT_MCS_TX_DEFINED))
71 return; 74 return;
@@ -79,7 +82,7 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
79 max_tx_streams = IEEE80211_HT_MCS_TX_MAX_STREAMS; 82 max_tx_streams = IEEE80211_HT_MCS_TX_MAX_STREAMS;
80 83
81 /* 84 /*
82 * 802.11n D5.0 20.3.5 / 20.6 says: 85 * 802.11n-2009 20.3.5 / 20.6 says:
83 * - indices 0 to 7 and 32 are single spatial stream 86 * - indices 0 to 7 and 32 are single spatial stream
84 * - 8 to 31 are multiple spatial streams using equal modulation 87 * - 8 to 31 are multiple spatial streams using equal modulation
85 * [8..15 for two streams, 16..23 for three and 24..31 for four] 88 * [8..15 for two streams, 16..23 for three and 24..31 for four]
@@ -101,16 +104,16 @@ void ieee80211_ht_cap_ie_to_sta_ht_cap(struct ieee80211_supported_band *sband,
101 ht_cap->mcs.rx_mask[32/8] |= 1; 104 ht_cap->mcs.rx_mask[32/8] |= 1;
102} 105}
103 106
104void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta) 107void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta, bool tx)
105{ 108{
106 int i; 109 int i;
107 110
108 cancel_work_sync(&sta->ampdu_mlme.work); 111 cancel_work_sync(&sta->ampdu_mlme.work);
109 112
110 for (i = 0; i < STA_TID_NUM; i++) { 113 for (i = 0; i < STA_TID_NUM; i++) {
111 __ieee80211_stop_tx_ba_session(sta, i, WLAN_BACK_INITIATOR); 114 __ieee80211_stop_tx_ba_session(sta, i, WLAN_BACK_INITIATOR, tx);
112 __ieee80211_stop_rx_ba_session(sta, i, WLAN_BACK_RECIPIENT, 115 __ieee80211_stop_rx_ba_session(sta, i, WLAN_BACK_RECIPIENT,
113 WLAN_REASON_QSTA_LEAVE_QBSS); 116 WLAN_REASON_QSTA_LEAVE_QBSS, tx);
114 } 117 }
115} 118}
116 119
@@ -135,18 +138,34 @@ void ieee80211_ba_session_work(struct work_struct *work)
135 if (test_and_clear_bit(tid, sta->ampdu_mlme.tid_rx_timer_expired)) 138 if (test_and_clear_bit(tid, sta->ampdu_mlme.tid_rx_timer_expired))
136 ___ieee80211_stop_rx_ba_session( 139 ___ieee80211_stop_rx_ba_session(
137 sta, tid, WLAN_BACK_RECIPIENT, 140 sta, tid, WLAN_BACK_RECIPIENT,
138 WLAN_REASON_QSTA_TIMEOUT); 141 WLAN_REASON_QSTA_TIMEOUT, true);
142
143 tid_tx = sta->ampdu_mlme.tid_start_tx[tid];
144 if (tid_tx) {
145 /*
146 * Assign it over to the normal tid_tx array
147 * where it "goes live".
148 */
149 spin_lock_bh(&sta->lock);
150
151 sta->ampdu_mlme.tid_start_tx[tid] = NULL;
152 /* could there be a race? */
153 if (sta->ampdu_mlme.tid_tx[tid])
154 kfree(tid_tx);
155 else
156 ieee80211_assign_tid_tx(sta, tid, tid_tx);
157 spin_unlock_bh(&sta->lock);
139 158
140 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 159 ieee80211_tx_ba_session_handle_start(sta, tid);
141 if (!tid_tx)
142 continue; 160 continue;
161 }
143 162
144 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) 163 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
145 ieee80211_tx_ba_session_handle_start(sta, tid); 164 if (tid_tx && test_and_clear_bit(HT_AGG_STATE_WANT_STOP,
146 else if (test_and_clear_bit(HT_AGG_STATE_WANT_STOP, 165 &tid_tx->state))
147 &tid_tx->state))
148 ___ieee80211_stop_tx_ba_session(sta, tid, 166 ___ieee80211_stop_tx_ba_session(sta, tid,
149 WLAN_BACK_INITIATOR); 167 WLAN_BACK_INITIATOR,
168 true);
150 } 169 }
151 mutex_unlock(&sta->ampdu_mlme.mtx); 170 mutex_unlock(&sta->ampdu_mlme.mtx);
152} 171}
@@ -214,9 +233,11 @@ void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
214#endif /* CONFIG_MAC80211_HT_DEBUG */ 233#endif /* CONFIG_MAC80211_HT_DEBUG */
215 234
216 if (initiator == WLAN_BACK_INITIATOR) 235 if (initiator == WLAN_BACK_INITIATOR)
217 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_INITIATOR, 0); 236 __ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_INITIATOR, 0,
237 true);
218 else 238 else
219 __ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_RECIPIENT); 239 __ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
240 true);
220} 241}
221 242
222int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata, 243int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
@@ -265,3 +286,33 @@ int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
265 286
266 return 0; 287 return 0;
267} 288}
289
290void ieee80211_request_smps_work(struct work_struct *work)
291{
292 struct ieee80211_sub_if_data *sdata =
293 container_of(work, struct ieee80211_sub_if_data,
294 u.mgd.request_smps_work);
295
296 mutex_lock(&sdata->u.mgd.mtx);
297 __ieee80211_request_smps(sdata, sdata->u.mgd.driver_smps_mode);
298 mutex_unlock(&sdata->u.mgd.mtx);
299}
300
301void ieee80211_request_smps(struct ieee80211_vif *vif,
302 enum ieee80211_smps_mode smps_mode)
303{
304 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
305
306 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
307 return;
308
309 if (WARN_ON(smps_mode == IEEE80211_SMPS_OFF))
310 smps_mode = IEEE80211_SMPS_AUTOMATIC;
311
312 sdata->u.mgd.driver_smps_mode = smps_mode;
313
314 ieee80211_queue_work(&sdata->local->hw,
315 &sdata->u.mgd.request_smps_work);
316}
317/* this might change ... don't want non-open drivers using it */
318EXPORT_SYMBOL_GPL(ieee80211_request_smps);
diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c
index c691780725a7..56c24cabf26d 100644
--- a/net/mac80211/ibss.c
+++ b/net/mac80211/ibss.c
@@ -31,7 +31,6 @@
31#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ) 31#define IEEE80211_IBSS_JOIN_TIMEOUT (7 * HZ)
32 32
33#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ) 33#define IEEE80211_IBSS_MERGE_INTERVAL (30 * HZ)
34#define IEEE80211_IBSS_MERGE_DELAY 0x400000
35#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ) 34#define IEEE80211_IBSS_INACTIVITY_LIMIT (60 * HZ)
36 35
37#define IEEE80211_IBSS_MAX_STA_ENTRIES 128 36#define IEEE80211_IBSS_MAX_STA_ENTRIES 128
@@ -41,7 +40,7 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
41 struct ieee80211_mgmt *mgmt, 40 struct ieee80211_mgmt *mgmt,
42 size_t len) 41 size_t len)
43{ 42{
44 u16 auth_alg, auth_transaction, status_code; 43 u16 auth_alg, auth_transaction;
45 44
46 lockdep_assert_held(&sdata->u.ibss.mtx); 45 lockdep_assert_held(&sdata->u.ibss.mtx);
47 46
@@ -50,7 +49,6 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata,
50 49
51 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg); 50 auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
52 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction); 51 auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
53 status_code = le16_to_cpu(mgmt->u.auth.status_code);
54 52
55 /* 53 /*
56 * IEEE 802.11 standard does not require authentication in IBSS 54 * IEEE 802.11 standard does not require authentication in IBSS
@@ -173,6 +171,19 @@ static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
173 memcpy(skb_put(skb, ifibss->ie_len), 171 memcpy(skb_put(skb, ifibss->ie_len),
174 ifibss->ie, ifibss->ie_len); 172 ifibss->ie, ifibss->ie_len);
175 173
174 if (local->hw.queues >= 4) {
175 pos = skb_put(skb, 9);
176 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
177 *pos++ = 7; /* len */
178 *pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
179 *pos++ = 0x50;
180 *pos++ = 0xf2;
181 *pos++ = 2; /* WME */
182 *pos++ = 0; /* WME info */
183 *pos++ = 1; /* WME ver */
184 *pos++ = 0; /* U-APSD no in use */
185 }
186
176 rcu_assign_pointer(ifibss->presp, skb); 187 rcu_assign_pointer(ifibss->presp, skb);
177 188
178 sdata->vif.bss_conf.beacon_int = beacon_int; 189 sdata->vif.bss_conf.beacon_int = beacon_int;
@@ -257,7 +268,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
257 enum ieee80211_band band = rx_status->band; 268 enum ieee80211_band band = rx_status->band;
258 269
259 if (elems->ds_params && elems->ds_params_len == 1) 270 if (elems->ds_params && elems->ds_params_len == 1)
260 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 271 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
272 band);
261 else 273 else
262 freq = rx_status->freq; 274 freq = rx_status->freq;
263 275
@@ -266,37 +278,45 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
266 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED) 278 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
267 return; 279 return;
268 280
269 if (sdata->vif.type == NL80211_IFTYPE_ADHOC && elems->supp_rates && 281 if (sdata->vif.type == NL80211_IFTYPE_ADHOC &&
270 memcmp(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) { 282 memcmp(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) {
271 supp_rates = ieee80211_sta_get_rates(local, elems, band);
272 283
273 rcu_read_lock(); 284 rcu_read_lock();
274
275 sta = sta_info_get(sdata, mgmt->sa); 285 sta = sta_info_get(sdata, mgmt->sa);
276 if (sta) {
277 u32 prev_rates;
278 286
279 prev_rates = sta->sta.supp_rates[band]; 287 if (elems->supp_rates) {
280 /* make sure mandatory rates are always added */ 288 supp_rates = ieee80211_sta_get_rates(local, elems,
281 sta->sta.supp_rates[band] = supp_rates | 289 band);
282 ieee80211_mandatory_rates(local, band); 290 if (sta) {
291 u32 prev_rates;
283 292
284 if (sta->sta.supp_rates[band] != prev_rates) { 293 prev_rates = sta->sta.supp_rates[band];
294 /* make sure mandatory rates are always added */
295 sta->sta.supp_rates[band] = supp_rates |
296 ieee80211_mandatory_rates(local, band);
297
298 if (sta->sta.supp_rates[band] != prev_rates) {
285#ifdef CONFIG_MAC80211_IBSS_DEBUG 299#ifdef CONFIG_MAC80211_IBSS_DEBUG
286 printk(KERN_DEBUG "%s: updated supp_rates set " 300 printk(KERN_DEBUG
287 "for %pM based on beacon/probe_response " 301 "%s: updated supp_rates set "
288 "(0x%x -> 0x%x)\n", 302 "for %pM based on beacon"
289 sdata->name, sta->sta.addr, 303 "/probe_resp (0x%x -> 0x%x)\n",
290 prev_rates, sta->sta.supp_rates[band]); 304 sdata->name, sta->sta.addr,
305 prev_rates,
306 sta->sta.supp_rates[band]);
291#endif 307#endif
292 rate_control_rate_init(sta); 308 rate_control_rate_init(sta);
293 } 309 }
294 rcu_read_unlock(); 310 } else
295 } else { 311 sta = ieee80211_ibss_add_sta(sdata, mgmt->bssid,
296 rcu_read_unlock(); 312 mgmt->sa, supp_rates,
297 ieee80211_ibss_add_sta(sdata, mgmt->bssid, mgmt->sa, 313 GFP_ATOMIC);
298 supp_rates, GFP_KERNEL);
299 } 314 }
315
316 if (sta && elems->wmm_info)
317 set_sta_flags(sta, WLAN_STA_WME);
318
319 rcu_read_unlock();
300 } 320 }
301 321
302 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems, 322 bss = ieee80211_bss_info_update(local, rx_status, mgmt, len, elems,
@@ -333,7 +353,7 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
333 if (memcmp(cbss->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0) 353 if (memcmp(cbss->bssid, sdata->u.ibss.bssid, ETH_ALEN) == 0)
334 goto put_bss; 354 goto put_bss;
335 355
336 if (rx_status->flag & RX_FLAG_TSFT) { 356 if (rx_status->flag & RX_FLAG_MACTIME_MPDU) {
337 /* 357 /*
338 * For correct IBSS merging we need mactime; since mactime is 358 * For correct IBSS merging we need mactime; since mactime is
339 * defined as the time the first data symbol of the frame hits 359 * defined as the time the first data symbol of the frame hits
@@ -375,10 +395,6 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
375 jiffies); 395 jiffies);
376#endif 396#endif
377 397
378 /* give slow hardware some time to do the TSF sync */
379 if (rx_timestamp < IEEE80211_IBSS_MERGE_DELAY)
380 goto put_bss;
381
382 if (beacon_timestamp > rx_timestamp) { 398 if (beacon_timestamp > rx_timestamp) {
383#ifdef CONFIG_MAC80211_IBSS_DEBUG 399#ifdef CONFIG_MAC80211_IBSS_DEBUG
384 printk(KERN_DEBUG "%s: beacon TSF higher than " 400 printk(KERN_DEBUG "%s: beacon TSF higher than "
@@ -427,14 +443,15 @@ struct sta_info *ieee80211_ibss_add_sta(struct ieee80211_sub_if_data *sdata,
427 return NULL; 443 return NULL;
428 444
429#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 445#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
430 printk(KERN_DEBUG "%s: Adding new IBSS station %pM (dev=%s)\n", 446 wiphy_debug(local->hw.wiphy, "Adding new IBSS station %pM (dev=%s)\n",
431 wiphy_name(local->hw.wiphy), addr, sdata->name); 447 addr, sdata->name);
432#endif 448#endif
433 449
434 sta = sta_info_alloc(sdata, addr, gfp); 450 sta = sta_info_alloc(sdata, addr, gfp);
435 if (!sta) 451 if (!sta)
436 return NULL; 452 return NULL;
437 453
454 sta->last_rx = jiffies;
438 set_sta_flags(sta, WLAN_STA_AUTHORIZED); 455 set_sta_flags(sta, WLAN_STA_AUTHORIZED);
439 456
440 /* make sure mandatory rates are always added */ 457 /* make sure mandatory rates are always added */
@@ -509,8 +526,6 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata)
509static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 526static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
510{ 527{
511 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 528 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
512 struct ieee80211_local *local = sdata->local;
513 struct ieee80211_supported_band *sband;
514 u8 bssid[ETH_ALEN]; 529 u8 bssid[ETH_ALEN];
515 u16 capability; 530 u16 capability;
516 int i; 531 int i;
@@ -533,8 +548,6 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata)
533 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n", 548 printk(KERN_DEBUG "%s: Creating new IBSS network, BSSID %pM\n",
534 sdata->name, bssid); 549 sdata->name, bssid);
535 550
536 sband = local->hw.wiphy->bands[ifibss->channel->band];
537
538 capability = WLAN_CAPABILITY_IBSS; 551 capability = WLAN_CAPABILITY_IBSS;
539 552
540 if (ifibss->privacy) 553 if (ifibss->privacy)
@@ -641,20 +654,24 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata)
641} 654}
642 655
643static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata, 656static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
644 struct ieee80211_mgmt *mgmt, 657 struct sk_buff *req)
645 size_t len)
646{ 658{
659 struct ieee80211_mgmt *mgmt = (void *)req->data;
647 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss; 660 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
648 struct ieee80211_local *local = sdata->local; 661 struct ieee80211_local *local = sdata->local;
649 int tx_last_beacon; 662 int tx_last_beacon, len = req->len;
650 struct sk_buff *skb; 663 struct sk_buff *skb;
651 struct ieee80211_mgmt *resp; 664 struct ieee80211_mgmt *resp;
665 struct sk_buff *presp;
652 u8 *pos, *end; 666 u8 *pos, *end;
653 667
654 lockdep_assert_held(&ifibss->mtx); 668 lockdep_assert_held(&ifibss->mtx);
655 669
670 presp = rcu_dereference_protected(ifibss->presp,
671 lockdep_is_held(&ifibss->mtx));
672
656 if (ifibss->state != IEEE80211_IBSS_MLME_JOINED || 673 if (ifibss->state != IEEE80211_IBSS_MLME_JOINED ||
657 len < 24 + 2 || !ifibss->presp) 674 len < 24 + 2 || !presp)
658 return; 675 return;
659 676
660 tx_last_beacon = drv_tx_last_beacon(local); 677 tx_last_beacon = drv_tx_last_beacon(local);
@@ -666,7 +683,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
666 mgmt->bssid, tx_last_beacon); 683 mgmt->bssid, tx_last_beacon);
667#endif /* CONFIG_MAC80211_IBSS_DEBUG */ 684#endif /* CONFIG_MAC80211_IBSS_DEBUG */
668 685
669 if (!tx_last_beacon) 686 if (!tx_last_beacon && is_multicast_ether_addr(mgmt->da))
670 return; 687 return;
671 688
672 if (memcmp(mgmt->bssid, ifibss->bssid, ETH_ALEN) != 0 && 689 if (memcmp(mgmt->bssid, ifibss->bssid, ETH_ALEN) != 0 &&
@@ -692,7 +709,7 @@ static void ieee80211_rx_mgmt_probe_req(struct ieee80211_sub_if_data *sdata,
692 } 709 }
693 710
694 /* Reply with ProbeResp */ 711 /* Reply with ProbeResp */
695 skb = skb_copy(ifibss->presp, GFP_KERNEL); 712 skb = skb_copy(presp, GFP_KERNEL);
696 if (!skb) 713 if (!skb)
697 return; 714 return;
698 715
@@ -758,9 +775,12 @@ void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
758 775
759 mutex_lock(&sdata->u.ibss.mtx); 776 mutex_lock(&sdata->u.ibss.mtx);
760 777
778 if (!sdata->u.ibss.ssid_len)
779 goto mgmt_out; /* not ready to merge yet */
780
761 switch (fc & IEEE80211_FCTL_STYPE) { 781 switch (fc & IEEE80211_FCTL_STYPE) {
762 case IEEE80211_STYPE_PROBE_REQ: 782 case IEEE80211_STYPE_PROBE_REQ:
763 ieee80211_rx_mgmt_probe_req(sdata, mgmt, skb->len); 783 ieee80211_rx_mgmt_probe_req(sdata, skb);
764 break; 784 break;
765 case IEEE80211_STYPE_PROBE_RESP: 785 case IEEE80211_STYPE_PROBE_RESP:
766 ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len, 786 ieee80211_rx_mgmt_probe_resp(sdata, mgmt, skb->len,
@@ -775,6 +795,7 @@ void ieee80211_ibss_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
775 break; 795 break;
776 } 796 }
777 797
798 mgmt_out:
778 mutex_unlock(&sdata->u.ibss.mtx); 799 mutex_unlock(&sdata->u.ibss.mtx);
779} 800}
780 801
@@ -893,6 +914,8 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
893 914
894 sdata->u.ibss.privacy = params->privacy; 915 sdata->u.ibss.privacy = params->privacy;
895 sdata->u.ibss.basic_rates = params->basic_rates; 916 sdata->u.ibss.basic_rates = params->basic_rates;
917 memcpy(sdata->vif.bss_conf.mcast_rate, params->mcast_rate,
918 sizeof(params->mcast_rate));
896 919
897 sdata->vif.bss_conf.beacon_int = params->beacon_interval; 920 sdata->vif.bss_conf.beacon_int = params->beacon_interval;
898 921
@@ -920,12 +943,14 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata,
920 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN); 943 memcpy(sdata->u.ibss.ssid, params->ssid, IEEE80211_MAX_SSID_LEN);
921 sdata->u.ibss.ssid_len = params->ssid_len; 944 sdata->u.ibss.ssid_len = params->ssid_len;
922 945
946 mutex_unlock(&sdata->u.ibss.mtx);
947
948 mutex_lock(&sdata->local->mtx);
923 ieee80211_recalc_idle(sdata->local); 949 ieee80211_recalc_idle(sdata->local);
950 mutex_unlock(&sdata->local->mtx);
924 951
925 ieee80211_queue_work(&sdata->local->hw, &sdata->work); 952 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
926 953
927 mutex_unlock(&sdata->u.ibss.mtx);
928
929 return 0; 954 return 0;
930} 955}
931 956
@@ -940,6 +965,10 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
940 965
941 mutex_lock(&sdata->u.ibss.mtx); 966 mutex_lock(&sdata->u.ibss.mtx);
942 967
968 sdata->u.ibss.state = IEEE80211_IBSS_MLME_SEARCH;
969 memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
970 sdata->u.ibss.ssid_len = 0;
971
943 active_ibss = ieee80211_sta_active_ibss(sdata); 972 active_ibss = ieee80211_sta_active_ibss(sdata);
944 973
945 if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) { 974 if (!active_ibss && !is_zero_ether_addr(ifibss->bssid)) {
@@ -964,7 +993,8 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
964 993
965 /* remove beacon */ 994 /* remove beacon */
966 kfree(sdata->u.ibss.ie); 995 kfree(sdata->u.ibss.ie);
967 skb = sdata->u.ibss.presp; 996 skb = rcu_dereference_protected(sdata->u.ibss.presp,
997 lockdep_is_held(&sdata->u.ibss.mtx));
968 rcu_assign_pointer(sdata->u.ibss.presp, NULL); 998 rcu_assign_pointer(sdata->u.ibss.presp, NULL);
969 sdata->vif.bss_conf.ibss_joined = false; 999 sdata->vif.bss_conf.ibss_joined = false;
970 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED | 1000 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED |
@@ -973,14 +1003,14 @@ int ieee80211_ibss_leave(struct ieee80211_sub_if_data *sdata)
973 kfree_skb(skb); 1003 kfree_skb(skb);
974 1004
975 skb_queue_purge(&sdata->skb_queue); 1005 skb_queue_purge(&sdata->skb_queue);
976 memset(sdata->u.ibss.bssid, 0, ETH_ALEN);
977 sdata->u.ibss.ssid_len = 0;
978 1006
979 del_timer_sync(&sdata->u.ibss.timer); 1007 del_timer_sync(&sdata->u.ibss.timer);
980 1008
981 mutex_unlock(&sdata->u.ibss.mtx); 1009 mutex_unlock(&sdata->u.ibss.mtx);
982 1010
1011 mutex_lock(&local->mtx);
983 ieee80211_recalc_idle(sdata->local); 1012 ieee80211_recalc_idle(sdata->local);
1013 mutex_unlock(&local->mtx);
984 1014
985 return 0; 1015 return 0;
986} 1016}
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 65e0ed6c2975..090b0ec1e056 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -23,6 +23,7 @@
23#include <linux/types.h> 23#include <linux/types.h>
24#include <linux/spinlock.h> 24#include <linux/spinlock.h>
25#include <linux/etherdevice.h> 25#include <linux/etherdevice.h>
26#include <linux/leds.h>
26#include <net/ieee80211_radiotap.h> 27#include <net/ieee80211_radiotap.h>
27#include <net/cfg80211.h> 28#include <net/cfg80211.h>
28#include <net/mac80211.h> 29#include <net/mac80211.h>
@@ -50,12 +51,6 @@ struct ieee80211_local;
50 * increased memory use (about 2 kB of RAM per entry). */ 51 * increased memory use (about 2 kB of RAM per entry). */
51#define IEEE80211_FRAGMENT_MAX 4 52#define IEEE80211_FRAGMENT_MAX 4
52 53
53/*
54 * Time after which we ignore scan results and no longer report/use
55 * them in any way.
56 */
57#define IEEE80211_SCAN_RESULT_EXPIRE (10 * HZ)
58
59#define TU_TO_EXP_TIME(x) (jiffies + usecs_to_jiffies((x) * 1024)) 54#define TU_TO_EXP_TIME(x) (jiffies + usecs_to_jiffies((x) * 1024))
60 55
61#define IEEE80211_DEFAULT_UAPSD_QUEUES \ 56#define IEEE80211_DEFAULT_UAPSD_QUEUES \
@@ -102,7 +97,7 @@ struct ieee80211_bss {
102 size_t supp_rates_len; 97 size_t supp_rates_len;
103 98
104 /* 99 /*
105 * During assocation, we save an ERP value from a probe response so 100 * During association, we save an ERP value from a probe response so
106 * that we can feed ERP info to the driver when handling the 101 * that we can feed ERP info to the driver when handling the
107 * association completes. these fields probably won't be up-to-date 102 * association completes. these fields probably won't be up-to-date
108 * otherwise, you probably don't want to use them. 103 * otherwise, you probably don't want to use them.
@@ -165,12 +160,39 @@ typedef unsigned __bitwise__ ieee80211_rx_result;
165#define RX_DROP_MONITOR ((__force ieee80211_rx_result) 2u) 160#define RX_DROP_MONITOR ((__force ieee80211_rx_result) 2u)
166#define RX_QUEUED ((__force ieee80211_rx_result) 3u) 161#define RX_QUEUED ((__force ieee80211_rx_result) 3u)
167 162
168#define IEEE80211_RX_IN_SCAN BIT(0) 163/**
169/* frame is destined to interface currently processed (incl. multicast frames) */ 164 * enum ieee80211_packet_rx_flags - packet RX flags
170#define IEEE80211_RX_RA_MATCH BIT(1) 165 * @IEEE80211_RX_RA_MATCH: frame is destined to interface currently processed
171#define IEEE80211_RX_AMSDU BIT(2) 166 * (incl. multicast frames)
172#define IEEE80211_RX_FRAGMENTED BIT(3) 167 * @IEEE80211_RX_IN_SCAN: received while scanning
173/* only add flags here that do not change with subframes of an aMPDU */ 168 * @IEEE80211_RX_FRAGMENTED: fragmented frame
169 * @IEEE80211_RX_AMSDU: a-MSDU packet
170 * @IEEE80211_RX_MALFORMED_ACTION_FRM: action frame is malformed
171 * @IEEE80211_RX_DEFERRED_RELEASE: frame was subjected to receive reordering
172 *
173 * These are per-frame flags that are attached to a frame in the
174 * @rx_flags field of &struct ieee80211_rx_status.
175 */
176enum ieee80211_packet_rx_flags {
177 IEEE80211_RX_IN_SCAN = BIT(0),
178 IEEE80211_RX_RA_MATCH = BIT(1),
179 IEEE80211_RX_FRAGMENTED = BIT(2),
180 IEEE80211_RX_AMSDU = BIT(3),
181 IEEE80211_RX_MALFORMED_ACTION_FRM = BIT(4),
182 IEEE80211_RX_DEFERRED_RELEASE = BIT(5),
183};
184
185/**
186 * enum ieee80211_rx_flags - RX data flags
187 *
188 * @IEEE80211_RX_CMNTR: received on cooked monitor already
189 *
190 * These flags are used across handling multiple interfaces
191 * for a single frame.
192 */
193enum ieee80211_rx_flags {
194 IEEE80211_RX_CMNTR = BIT(0),
195};
174 196
175struct ieee80211_rx_data { 197struct ieee80211_rx_data {
176 struct sk_buff *skb; 198 struct sk_buff *skb;
@@ -192,7 +214,7 @@ struct beacon_data {
192}; 214};
193 215
194struct ieee80211_if_ap { 216struct ieee80211_if_ap {
195 struct beacon_data *beacon; 217 struct beacon_data __rcu *beacon;
196 218
197 struct list_head vlans; 219 struct list_head vlans;
198 220
@@ -203,6 +225,7 @@ struct ieee80211_if_ap {
203 struct sk_buff_head ps_bc_buf; 225 struct sk_buff_head ps_bc_buf;
204 atomic_t num_sta_ps; /* number of stations in PS mode */ 226 atomic_t num_sta_ps; /* number of stations in PS mode */
205 int dtim_count; 227 int dtim_count;
228 bool dtim_bc_mc;
206}; 229};
207 230
208struct ieee80211_if_wds { 231struct ieee80211_if_wds {
@@ -214,7 +237,7 @@ struct ieee80211_if_vlan {
214 struct list_head list; 237 struct list_head list;
215 238
216 /* used for all tx if the VLAN is configured to 4-addr mode */ 239 /* used for all tx if the VLAN is configured to 4-addr mode */
217 struct sta_info *sta; 240 struct sta_info __rcu *sta;
218}; 241};
219 242
220struct mesh_stats { 243struct mesh_stats {
@@ -241,6 +264,7 @@ enum ieee80211_work_type {
241 IEEE80211_WORK_ASSOC_BEACON_WAIT, 264 IEEE80211_WORK_ASSOC_BEACON_WAIT,
242 IEEE80211_WORK_ASSOC, 265 IEEE80211_WORK_ASSOC,
243 IEEE80211_WORK_REMAIN_ON_CHANNEL, 266 IEEE80211_WORK_REMAIN_ON_CHANNEL,
267 IEEE80211_WORK_OFFCHANNEL_TX,
244}; 268};
245 269
246/** 270/**
@@ -301,6 +325,10 @@ struct ieee80211_work {
301 struct { 325 struct {
302 u32 duration; 326 u32 duration;
303 } remain; 327 } remain;
328 struct {
329 struct sk_buff *frame;
330 u32 wait;
331 } offchan_tx;
304 }; 332 };
305 333
306 int ie_len; 334 int ie_len;
@@ -330,8 +358,10 @@ struct ieee80211_if_managed {
330 struct work_struct chswitch_work; 358 struct work_struct chswitch_work;
331 struct work_struct beacon_connection_loss_work; 359 struct work_struct beacon_connection_loss_work;
332 360
361 unsigned long beacon_timeout;
333 unsigned long probe_timeout; 362 unsigned long probe_timeout;
334 int probe_send_count; 363 int probe_send_count;
364 bool nullfunc_failed;
335 365
336 struct mutex mtx; 366 struct mutex mtx;
337 struct cfg80211_bss *associated; 367 struct cfg80211_bss *associated;
@@ -343,10 +373,14 @@ struct ieee80211_if_managed {
343 unsigned long timers_running; /* used for quiesce/restart */ 373 unsigned long timers_running; /* used for quiesce/restart */
344 bool powersave; /* powersave requested for this iface */ 374 bool powersave; /* powersave requested for this iface */
345 enum ieee80211_smps_mode req_smps, /* requested smps mode */ 375 enum ieee80211_smps_mode req_smps, /* requested smps mode */
346 ap_smps; /* smps mode AP thinks we're in */ 376 ap_smps, /* smps mode AP thinks we're in */
377 driver_smps_mode; /* smps mode request */
378
379 struct work_struct request_smps_work;
347 380
348 unsigned int flags; 381 unsigned int flags;
349 382
383 bool beacon_crc_valid;
350 u32 beacon_crc; 384 u32 beacon_crc;
351 385
352 enum { 386 enum {
@@ -371,6 +405,13 @@ struct ieee80211_if_managed {
371 int ave_beacon_signal; 405 int ave_beacon_signal;
372 406
373 /* 407 /*
408 * Number of Beacon frames used in ave_beacon_signal. This can be used
409 * to avoid generating less reliable cqm events that would be based
410 * only on couple of received frames.
411 */
412 unsigned int count_beacon_signal;
413
414 /*
374 * Last Beacon frame signal strength average (ave_beacon_signal / 16) 415 * Last Beacon frame signal strength average (ave_beacon_signal / 16)
375 * that triggered a cqm event. 0 indicates that no event has been 416 * that triggered a cqm event. 0 indicates that no event has been
376 * generated for the current association. 417 * generated for the current association.
@@ -401,7 +442,8 @@ struct ieee80211_if_ibss {
401 442
402 unsigned long ibss_join_req; 443 unsigned long ibss_join_req;
403 /* probe response/beacon for IBSS */ 444 /* probe response/beacon for IBSS */
404 struct sk_buff *presp, *skb; 445 struct sk_buff __rcu *presp;
446 struct sk_buff *skb;
405 447
406 enum { 448 enum {
407 IEEE80211_IBSS_MLME_SEARCH, 449 IEEE80211_IBSS_MLME_SEARCH,
@@ -447,6 +489,13 @@ struct ieee80211_if_mesh {
447 struct mesh_config mshcfg; 489 struct mesh_config mshcfg;
448 u32 mesh_seqnum; 490 u32 mesh_seqnum;
449 bool accepting_plinks; 491 bool accepting_plinks;
492 const u8 *ie;
493 u8 ie_len;
494 enum {
495 IEEE80211_MESH_SEC_NONE = 0x0,
496 IEEE80211_MESH_SEC_AUTHED = 0x1,
497 IEEE80211_MESH_SEC_SECURED = 0x2,
498 } security;
450}; 499};
451 500
452#ifdef CONFIG_MAC80211_MESH 501#ifdef CONFIG_MAC80211_MESH
@@ -474,6 +523,19 @@ enum ieee80211_sub_if_data_flags {
474 IEEE80211_SDATA_DONT_BRIDGE_PACKETS = BIT(3), 523 IEEE80211_SDATA_DONT_BRIDGE_PACKETS = BIT(3),
475}; 524};
476 525
526/**
527 * enum ieee80211_sdata_state_bits - virtual interface state bits
528 * @SDATA_STATE_RUNNING: virtual interface is up & running; this
529 * mirrors netif_running() but is separate for interface type
530 * change handling while the interface is up
531 * @SDATA_STATE_OFFCHANNEL: This interface is currently in offchannel
532 * mode, so queues are stopped
533 */
534enum ieee80211_sdata_state_bits {
535 SDATA_STATE_RUNNING,
536 SDATA_STATE_OFFCHANNEL,
537};
538
477struct ieee80211_sub_if_data { 539struct ieee80211_sub_if_data {
478 struct list_head list; 540 struct list_head list;
479 541
@@ -487,6 +549,8 @@ struct ieee80211_sub_if_data {
487 549
488 unsigned int flags; 550 unsigned int flags;
489 551
552 unsigned long state;
553
490 int drop_unencrypted; 554 int drop_unencrypted;
491 555
492 char name[IFNAMSIZ]; 556 char name[IFNAMSIZ];
@@ -497,17 +561,21 @@ struct ieee80211_sub_if_data {
497 */ 561 */
498 bool ht_opmode_valid; 562 bool ht_opmode_valid;
499 563
564 /* to detect idle changes */
565 bool old_idle;
566
500 /* Fragment table for host-based reassembly */ 567 /* Fragment table for host-based reassembly */
501 struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX]; 568 struct ieee80211_fragment_entry fragments[IEEE80211_FRAGMENT_MAX];
502 unsigned int fragment_next; 569 unsigned int fragment_next;
503 570
504#define NUM_DEFAULT_KEYS 4 571 struct ieee80211_key __rcu *keys[NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS];
505#define NUM_DEFAULT_MGMT_KEYS 2 572 struct ieee80211_key __rcu *default_unicast_key;
506 struct ieee80211_key *keys[NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS]; 573 struct ieee80211_key __rcu *default_multicast_key;
507 struct ieee80211_key *default_key; 574 struct ieee80211_key __rcu *default_mgmt_key;
508 struct ieee80211_key *default_mgmt_key;
509 575
510 u16 sequence_number; 576 u16 sequence_number;
577 __be16 control_port_protocol;
578 bool control_port_no_encrypt;
511 579
512 struct work_struct work; 580 struct work_struct work;
513 struct sk_buff_head skb_queue; 581 struct sk_buff_head skb_queue;
@@ -530,16 +598,16 @@ struct ieee80211_sub_if_data {
530 struct ieee80211_if_vlan vlan; 598 struct ieee80211_if_vlan vlan;
531 struct ieee80211_if_managed mgd; 599 struct ieee80211_if_managed mgd;
532 struct ieee80211_if_ibss ibss; 600 struct ieee80211_if_ibss ibss;
533#ifdef CONFIG_MAC80211_MESH
534 struct ieee80211_if_mesh mesh; 601 struct ieee80211_if_mesh mesh;
535#endif
536 u32 mntr_flags; 602 u32 mntr_flags;
537 } u; 603 } u;
538 604
539#ifdef CONFIG_MAC80211_DEBUGFS 605#ifdef CONFIG_MAC80211_DEBUGFS
540 struct { 606 struct {
541 struct dentry *dir; 607 struct dentry *dir;
542 struct dentry *default_key; 608 struct dentry *subdir_stations;
609 struct dentry *default_unicast_key;
610 struct dentry *default_multicast_key;
543 struct dentry *default_mgmt_key; 611 struct dentry *default_mgmt_key;
544 } debugfs; 612 } debugfs;
545#endif 613#endif
@@ -553,19 +621,6 @@ struct ieee80211_sub_if_data *vif_to_sdata(struct ieee80211_vif *p)
553 return container_of(p, struct ieee80211_sub_if_data, vif); 621 return container_of(p, struct ieee80211_sub_if_data, vif);
554} 622}
555 623
556static inline void
557ieee80211_sdata_set_mesh_id(struct ieee80211_sub_if_data *sdata,
558 u8 mesh_id_len, u8 *mesh_id)
559{
560#ifdef CONFIG_MAC80211_MESH
561 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
562 ifmsh->mesh_id_len = mesh_id_len;
563 memcpy(ifmsh->mesh_id, mesh_id, mesh_id_len);
564#else
565 WARN_ON(1);
566#endif
567}
568
569enum sdata_queue_type { 624enum sdata_queue_type {
570 IEEE80211_SDATA_QUEUE_TYPE_FRAME = 0, 625 IEEE80211_SDATA_QUEUE_TYPE_FRAME = 0,
571 IEEE80211_SDATA_QUEUE_AGG_START = 1, 626 IEEE80211_SDATA_QUEUE_AGG_START = 1,
@@ -586,6 +641,20 @@ enum queue_stop_reason {
586 IEEE80211_QUEUE_STOP_REASON_SKB_ADD, 641 IEEE80211_QUEUE_STOP_REASON_SKB_ADD,
587}; 642};
588 643
644#ifdef CONFIG_MAC80211_LEDS
645struct tpt_led_trigger {
646 struct led_trigger trig;
647 char name[32];
648 const struct ieee80211_tpt_blink *blink_table;
649 unsigned int blink_table_len;
650 struct timer_list timer;
651 unsigned long prev_traffic;
652 unsigned long tx_bytes, rx_bytes;
653 unsigned int active, want;
654 bool running;
655};
656#endif
657
589/** 658/**
590 * mac80211 scan flags - currently active scan mode 659 * mac80211 scan flags - currently active scan mode
591 * 660 *
@@ -593,13 +662,16 @@ enum queue_stop_reason {
593 * well be on the operating channel 662 * well be on the operating channel
594 * @SCAN_HW_SCANNING: The hardware is scanning for us, we have no way to 663 * @SCAN_HW_SCANNING: The hardware is scanning for us, we have no way to
595 * determine if we are on the operating channel or not 664 * determine if we are on the operating channel or not
596 * @SCAN_OFF_CHANNEL: We're off our operating channel for scanning, 665 * @SCAN_COMPLETED: Set for our scan work function when the driver reported
597 * gets only set in conjunction with SCAN_SW_SCANNING 666 * that the scan completed.
667 * @SCAN_ABORTED: Set for our scan work function when the driver reported
668 * a scan complete for an aborted scan.
598 */ 669 */
599enum { 670enum {
600 SCAN_SW_SCANNING, 671 SCAN_SW_SCANNING,
601 SCAN_HW_SCANNING, 672 SCAN_HW_SCANNING,
602 SCAN_OFF_CHANNEL, 673 SCAN_COMPLETED,
674 SCAN_ABORTED,
603}; 675};
604 676
605/** 677/**
@@ -634,7 +706,6 @@ struct ieee80211_local {
634 /* 706 /*
635 * work stuff, potentially off-channel (in the future) 707 * work stuff, potentially off-channel (in the future)
636 */ 708 */
637 struct mutex work_mtx;
638 struct list_head work_list; 709 struct list_head work_list;
639 struct timer_list work_timer; 710 struct timer_list work_timer;
640 struct work_struct work_work; 711 struct work_struct work_work;
@@ -653,9 +724,13 @@ struct ieee80211_local {
653 int open_count; 724 int open_count;
654 int monitors, cooked_mntrs; 725 int monitors, cooked_mntrs;
655 /* number of interfaces with corresponding FIF_ flags */ 726 /* number of interfaces with corresponding FIF_ flags */
656 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll; 727 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
728 fif_probe_req;
729 int probe_req_reg;
657 unsigned int filter_flags; /* FIF_* */ 730 unsigned int filter_flags; /* FIF_* */
658 731
732 bool wiphy_ciphers_allocated;
733
659 /* protects the aggregated multicast list and filter calls */ 734 /* protects the aggregated multicast list and filter calls */
660 spinlock_t filter_lock; 735 spinlock_t filter_lock;
661 736
@@ -695,6 +770,9 @@ struct ieee80211_local {
695 /* device is started */ 770 /* device is started */
696 bool started; 771 bool started;
697 772
773 /* wowlan is enabled -- don't reconfig on resume */
774 bool wowlan;
775
698 int tx_headroom; /* required headroom for hardware/radiotap */ 776 int tx_headroom; /* required headroom for hardware/radiotap */
699 777
700 /* Tasklet and skb queue to process calls from IRQ mode. All frames 778 /* Tasklet and skb queue to process calls from IRQ mode. All frames
@@ -706,6 +784,15 @@ struct ieee80211_local {
706 struct sk_buff_head skb_queue; 784 struct sk_buff_head skb_queue;
707 struct sk_buff_head skb_queue_unreliable; 785 struct sk_buff_head skb_queue_unreliable;
708 786
787 /*
788 * Internal FIFO queue which is shared between multiple rx path
789 * stages. Its main task is to provide a serialization mechanism,
790 * so all rx handlers can enjoy having exclusive access to their
791 * private data structures.
792 */
793 struct sk_buff_head rx_skb_queue;
794 bool running_rx_handler; /* protected by rx_skb_queue.lock */
795
709 /* Station data */ 796 /* Station data */
710 /* 797 /*
711 * The mutex only protects the list and counter, 798 * The mutex only protects the list and counter,
@@ -717,7 +804,7 @@ struct ieee80211_local {
717 spinlock_t sta_lock; 804 spinlock_t sta_lock;
718 unsigned long num_sta; 805 unsigned long num_sta;
719 struct list_head sta_list, sta_pending_list; 806 struct list_head sta_list, sta_pending_list;
720 struct sta_info *sta_hash[STA_HASH_SIZE]; 807 struct sta_info __rcu *sta_hash[STA_HASH_SIZE];
721 struct timer_list sta_cleanup; 808 struct timer_list sta_cleanup;
722 struct work_struct sta_finish_work; 809 struct work_struct sta_finish_work;
723 int sta_generation; 810 int sta_generation;
@@ -732,8 +819,8 @@ struct ieee80211_local {
732 819
733 struct rate_control_ref *rate_ctrl; 820 struct rate_control_ref *rate_ctrl;
734 821
735 struct crypto_blkcipher *wep_tx_tfm; 822 struct crypto_cipher *wep_tx_tfm;
736 struct crypto_blkcipher *wep_rx_tfm; 823 struct crypto_cipher *wep_rx_tfm;
737 u32 wep_iv; 824 u32 wep_iv;
738 825
739 /* see iface.c */ 826 /* see iface.c */
@@ -746,9 +833,10 @@ struct ieee80211_local {
746 */ 833 */
747 struct mutex key_mtx; 834 struct mutex key_mtx;
748 835
836 /* mutex for scan and work locking */
837 struct mutex mtx;
749 838
750 /* Scanning and BSS list */ 839 /* Scanning and BSS list */
751 struct mutex scan_mtx;
752 unsigned long scanning; 840 unsigned long scanning;
753 struct cfg80211_ssid scan_ssid; 841 struct cfg80211_ssid scan_ssid;
754 struct cfg80211_scan_request *int_scan_req; 842 struct cfg80211_scan_request *int_scan_req;
@@ -758,6 +846,10 @@ struct ieee80211_local {
758 int scan_channel_idx; 846 int scan_channel_idx;
759 int scan_ies_len; 847 int scan_ies_len;
760 848
849 bool sched_scanning;
850 struct ieee80211_sched_scan_ies sched_scan_ies;
851 struct work_struct sched_scan_stopped_work;
852
761 unsigned long leave_oper_channel_time; 853 unsigned long leave_oper_channel_time;
762 enum mac80211_scan_state next_scan_state; 854 enum mac80211_scan_state next_scan_state;
763 struct delayed_work scan_work; 855 struct delayed_work scan_work;
@@ -784,6 +876,7 @@ struct ieee80211_local {
784#ifdef CONFIG_MAC80211_LEDS 876#ifdef CONFIG_MAC80211_LEDS
785 int tx_led_counter, rx_led_counter; 877 int tx_led_counter, rx_led_counter;
786 struct led_trigger *tx_led, *rx_led, *assoc_led, *radio_led; 878 struct led_trigger *tx_led, *rx_led, *assoc_led, *radio_led;
879 struct tpt_led_trigger *tpt_led_trigger;
787 char tx_led_name[32], rx_led_name[32], 880 char tx_led_name[32], rx_led_name[32],
788 assoc_led_name[32], radio_led_name[32]; 881 assoc_led_name[32], radio_led_name[32];
789#endif 882#endif
@@ -866,10 +959,24 @@ struct ieee80211_local {
866#ifdef CONFIG_MAC80211_DEBUGFS 959#ifdef CONFIG_MAC80211_DEBUGFS
867 struct local_debugfsdentries { 960 struct local_debugfsdentries {
868 struct dentry *rcdir; 961 struct dentry *rcdir;
869 struct dentry *stations;
870 struct dentry *keys; 962 struct dentry *keys;
871 } debugfs; 963 } debugfs;
872#endif 964#endif
965
966 struct ieee80211_channel *hw_roc_channel;
967 struct net_device *hw_roc_dev;
968 struct sk_buff *hw_roc_skb, *hw_roc_skb_for_status;
969 struct work_struct hw_roc_start, hw_roc_done;
970 enum nl80211_channel_type hw_roc_channel_type;
971 unsigned int hw_roc_duration;
972 u32 hw_roc_cookie;
973 bool hw_roc_for_tx;
974 unsigned long hw_offchan_tx_cookie;
975
976 /* dummy netdev for use w/ NAPI */
977 struct net_device napi_dev;
978
979 struct napi_struct napi;
873}; 980};
874 981
875static inline struct ieee80211_sub_if_data * 982static inline struct ieee80211_sub_if_data *
@@ -974,8 +1081,6 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
974void ieee80211_configure_filter(struct ieee80211_local *local); 1081void ieee80211_configure_filter(struct ieee80211_local *local);
975u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata); 1082u32 ieee80211_reset_erp_info(struct ieee80211_sub_if_data *sdata);
976 1083
977extern bool ieee80211_disable_40mhz_24ghz;
978
979/* STA code */ 1084/* STA code */
980void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata); 1085void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata);
981int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 1086int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
@@ -1003,6 +1108,8 @@ void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata);
1003void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata); 1108void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata);
1004void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, 1109void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1005 struct sk_buff *skb); 1110 struct sk_buff *skb);
1111void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata);
1112void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata);
1006 1113
1007/* IBSS code */ 1114/* IBSS code */
1008void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local); 1115void ieee80211_ibss_notify_scan_completed(struct ieee80211_local *local);
@@ -1050,11 +1157,22 @@ ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
1050void ieee80211_rx_bss_put(struct ieee80211_local *local, 1157void ieee80211_rx_bss_put(struct ieee80211_local *local,
1051 struct ieee80211_bss *bss); 1158 struct ieee80211_bss *bss);
1052 1159
1160/* scheduled scan handling */
1161int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
1162 struct cfg80211_sched_scan_request *req);
1163int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata);
1164void ieee80211_sched_scan_stopped_work(struct work_struct *work);
1165
1053/* off-channel helpers */ 1166/* off-channel helpers */
1054void ieee80211_offchannel_stop_beaconing(struct ieee80211_local *local); 1167bool ieee80211_cfg_on_oper_channel(struct ieee80211_local *local);
1055void ieee80211_offchannel_stop_station(struct ieee80211_local *local); 1168void ieee80211_offchannel_enable_all_ps(struct ieee80211_local *local,
1169 bool tell_ap);
1170void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local,
1171 bool offchannel_ps_enable);
1056void ieee80211_offchannel_return(struct ieee80211_local *local, 1172void ieee80211_offchannel_return(struct ieee80211_local *local,
1057 bool enable_beaconing); 1173 bool enable_beaconing,
1174 bool offchannel_ps_disable);
1175void ieee80211_hw_roc_setup(struct ieee80211_local *local);
1058 1176
1059/* interface handling */ 1177/* interface handling */
1060int ieee80211_iface_init(void); 1178int ieee80211_iface_init(void);
@@ -1068,10 +1186,12 @@ void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata);
1068void ieee80211_remove_interfaces(struct ieee80211_local *local); 1186void ieee80211_remove_interfaces(struct ieee80211_local *local);
1069u32 __ieee80211_recalc_idle(struct ieee80211_local *local); 1187u32 __ieee80211_recalc_idle(struct ieee80211_local *local);
1070void ieee80211_recalc_idle(struct ieee80211_local *local); 1188void ieee80211_recalc_idle(struct ieee80211_local *local);
1189void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1190 const int offset);
1071 1191
1072static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata) 1192static inline bool ieee80211_sdata_running(struct ieee80211_sub_if_data *sdata)
1073{ 1193{
1074 return netif_running(sdata->dev); 1194 return test_bit(SDATA_STATE_RUNNING, &sdata->state);
1075} 1195}
1076 1196
1077/* tx handling */ 1197/* tx handling */
@@ -1105,12 +1225,13 @@ void ieee80211_send_delba(struct ieee80211_sub_if_data *sdata,
1105int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata, 1225int ieee80211_send_smps_action(struct ieee80211_sub_if_data *sdata,
1106 enum ieee80211_smps_mode smps, const u8 *da, 1226 enum ieee80211_smps_mode smps, const u8 *da,
1107 const u8 *bssid); 1227 const u8 *bssid);
1228void ieee80211_request_smps_work(struct work_struct *work);
1108 1229
1109void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 1230void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
1110 u16 initiator, u16 reason); 1231 u16 initiator, u16 reason, bool stop);
1111void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid, 1232void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
1112 u16 initiator, u16 reason); 1233 u16 initiator, u16 reason, bool stop);
1113void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta); 1234void ieee80211_sta_tear_down_BA_sessions(struct sta_info *sta, bool tx);
1114void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata, 1235void ieee80211_process_delba(struct ieee80211_sub_if_data *sdata,
1115 struct sta_info *sta, 1236 struct sta_info *sta,
1116 struct ieee80211_mgmt *mgmt, size_t len); 1237 struct ieee80211_mgmt *mgmt, size_t len);
@@ -1124,13 +1245,16 @@ void ieee80211_process_addba_request(struct ieee80211_local *local,
1124 size_t len); 1245 size_t len);
1125 1246
1126int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 1247int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
1127 enum ieee80211_back_parties initiator); 1248 enum ieee80211_back_parties initiator,
1249 bool tx);
1128int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 1250int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
1129 enum ieee80211_back_parties initiator); 1251 enum ieee80211_back_parties initiator,
1252 bool tx);
1130void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid); 1253void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid);
1131void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid); 1254void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid);
1132void ieee80211_ba_session_work(struct work_struct *work); 1255void ieee80211_ba_session_work(struct work_struct *work);
1133void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid); 1256void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid);
1257void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid);
1134 1258
1135/* Spectrum management */ 1259/* Spectrum management */
1136void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata, 1260void ieee80211_process_measurement_req(struct ieee80211_sub_if_data *sdata,
@@ -1142,14 +1266,22 @@ int ieee80211_reconfig(struct ieee80211_local *local);
1142void ieee80211_stop_device(struct ieee80211_local *local); 1266void ieee80211_stop_device(struct ieee80211_local *local);
1143 1267
1144#ifdef CONFIG_PM 1268#ifdef CONFIG_PM
1145int __ieee80211_suspend(struct ieee80211_hw *hw); 1269int __ieee80211_suspend(struct ieee80211_hw *hw,
1270 struct cfg80211_wowlan *wowlan);
1146 1271
1147static inline int __ieee80211_resume(struct ieee80211_hw *hw) 1272static inline int __ieee80211_resume(struct ieee80211_hw *hw)
1148{ 1273{
1274 struct ieee80211_local *local = hw_to_local(hw);
1275
1276 WARN(test_bit(SCAN_HW_SCANNING, &local->scanning),
1277 "%s: resume with hardware scan still in progress\n",
1278 wiphy_name(hw->wiphy));
1279
1149 return ieee80211_reconfig(hw_to_local(hw)); 1280 return ieee80211_reconfig(hw_to_local(hw));
1150} 1281}
1151#else 1282#else
1152static inline int __ieee80211_suspend(struct ieee80211_hw *hw) 1283static inline int __ieee80211_suspend(struct ieee80211_hw *hw,
1284 struct cfg80211_wowlan *wowlan)
1153{ 1285{
1154 return 0; 1286 return 0;
1155} 1287}
@@ -1187,6 +1319,8 @@ void ieee80211_send_nullfunc(struct ieee80211_local *local,
1187 int powersave); 1319 int powersave);
1188void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1320void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1189 struct ieee80211_hdr *hdr); 1321 struct ieee80211_hdr *hdr);
1322void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1323 struct ieee80211_hdr *hdr, bool ack);
1190void ieee80211_beacon_connection_loss_work(struct work_struct *work); 1324void ieee80211_beacon_connection_loss_work(struct work_struct *work);
1191 1325
1192void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw, 1326void ieee80211_wake_queues_by_reason(struct ieee80211_hw *hw,
@@ -1201,6 +1335,9 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
1201 struct sk_buff *skb); 1335 struct sk_buff *skb);
1202int ieee80211_add_pending_skbs(struct ieee80211_local *local, 1336int ieee80211_add_pending_skbs(struct ieee80211_local *local,
1203 struct sk_buff_head *skbs); 1337 struct sk_buff_head *skbs);
1338int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
1339 struct sk_buff_head *skbs,
1340 void (*fn)(void *data), void *data);
1204 1341
1205void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata, 1342void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1206 u16 transaction, u16 auth_alg, 1343 u16 transaction, u16 auth_alg,
@@ -1208,7 +1345,12 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
1208 const u8 *key, u8 key_len, u8 key_idx); 1345 const u8 *key, u8 key_len, u8 key_idx);
1209int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 1346int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1210 const u8 *ie, size_t ie_len, 1347 const u8 *ie, size_t ie_len,
1211 enum ieee80211_band band); 1348 enum ieee80211_band band, u32 rate_mask,
1349 u8 channel);
1350struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1351 u8 *dst,
1352 const u8 *ssid, size_t ssid_len,
1353 const u8 *ie, size_t ie_len);
1212void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1354void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1213 const u8 *ssid, size_t ssid_len, 1355 const u8 *ssid, size_t ssid_len,
1214 const u8 *ie, size_t ie_len); 1356 const u8 *ie, size_t ie_len);
@@ -1221,8 +1363,7 @@ u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
1221 enum ieee80211_band band); 1363 enum ieee80211_band band);
1222int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata, 1364int __ieee80211_request_smps(struct ieee80211_sub_if_data *sdata,
1223 enum ieee80211_smps_mode smps_mode); 1365 enum ieee80211_smps_mode smps_mode);
1224void ieee80211_recalc_smps(struct ieee80211_local *local, 1366void ieee80211_recalc_smps(struct ieee80211_local *local);
1225 struct ieee80211_sub_if_data *forsdata);
1226 1367
1227size_t ieee80211_ie_split(const u8 *ies, size_t ielen, 1368size_t ieee80211_ie_split(const u8 *ies, size_t ielen,
1228 const u8 *ids, int n_ids, size_t offset); 1369 const u8 *ids, int n_ids, size_t offset);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index ebbe264e2b0b..dee30aea9ab3 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -24,6 +24,7 @@
24#include "led.h" 24#include "led.h"
25#include "driver-ops.h" 25#include "driver-ops.h"
26#include "wme.h" 26#include "wme.h"
27#include "rate.h"
27 28
28/** 29/**
29 * DOC: Interface list locking 30 * DOC: Interface list locking
@@ -94,21 +95,14 @@ static inline int identical_mac_addr_allowed(int type1, int type2)
94 type2 == NL80211_IFTYPE_AP_VLAN)); 95 type2 == NL80211_IFTYPE_AP_VLAN));
95} 96}
96 97
97static int ieee80211_open(struct net_device *dev) 98static int ieee80211_check_concurrent_iface(struct ieee80211_sub_if_data *sdata,
99 enum nl80211_iftype iftype)
98{ 100{
99 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
100 struct ieee80211_sub_if_data *nsdata;
101 struct ieee80211_local *local = sdata->local; 101 struct ieee80211_local *local = sdata->local;
102 struct sta_info *sta; 102 struct ieee80211_sub_if_data *nsdata;
103 u32 changed = 0; 103 struct net_device *dev = sdata->dev;
104 int res;
105 u32 hw_reconf_flags = 0;
106 u8 null_addr[ETH_ALEN] = {0};
107 104
108 /* fail early if user set an invalid address */ 105 ASSERT_RTNL();
109 if (compare_ether_addr(dev->dev_addr, null_addr) &&
110 !is_valid_ether_addr(dev->dev_addr))
111 return -EADDRNOTAVAIL;
112 106
113 /* we hold the RTNL here so can safely walk the list */ 107 /* we hold the RTNL here so can safely walk the list */
114 list_for_each_entry(nsdata, &local->interfaces, list) { 108 list_for_each_entry(nsdata, &local->interfaces, list) {
@@ -125,7 +119,7 @@ static int ieee80211_open(struct net_device *dev)
125 * belonging to the same hardware. Then, however, we're 119 * belonging to the same hardware. Then, however, we're
126 * faced with having to adopt two different TSF timers... 120 * faced with having to adopt two different TSF timers...
127 */ 121 */
128 if (sdata->vif.type == NL80211_IFTYPE_ADHOC && 122 if (iftype == NL80211_IFTYPE_ADHOC &&
129 nsdata->vif.type == NL80211_IFTYPE_ADHOC) 123 nsdata->vif.type == NL80211_IFTYPE_ADHOC)
130 return -EBUSY; 124 return -EBUSY;
131 125
@@ -139,19 +133,56 @@ static int ieee80211_open(struct net_device *dev)
139 /* 133 /*
140 * check whether it may have the same address 134 * check whether it may have the same address
141 */ 135 */
142 if (!identical_mac_addr_allowed(sdata->vif.type, 136 if (!identical_mac_addr_allowed(iftype,
143 nsdata->vif.type)) 137 nsdata->vif.type))
144 return -ENOTUNIQ; 138 return -ENOTUNIQ;
145 139
146 /* 140 /*
147 * can only add VLANs to enabled APs 141 * can only add VLANs to enabled APs
148 */ 142 */
149 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN && 143 if (iftype == NL80211_IFTYPE_AP_VLAN &&
150 nsdata->vif.type == NL80211_IFTYPE_AP) 144 nsdata->vif.type == NL80211_IFTYPE_AP)
151 sdata->bss = &nsdata->u.ap; 145 sdata->bss = &nsdata->u.ap;
152 } 146 }
153 } 147 }
154 148
149 return 0;
150}
151
152void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
153 const int offset)
154{
155 struct ieee80211_local *local = sdata->local;
156 u32 flags = sdata->u.mntr_flags;
157
158#define ADJUST(_f, _s) do { \
159 if (flags & MONITOR_FLAG_##_f) \
160 local->fif_##_s += offset; \
161 } while (0)
162
163 ADJUST(FCSFAIL, fcsfail);
164 ADJUST(PLCPFAIL, plcpfail);
165 ADJUST(CONTROL, control);
166 ADJUST(CONTROL, pspoll);
167 ADJUST(OTHER_BSS, other_bss);
168
169#undef ADJUST
170}
171
172/*
173 * NOTE: Be very careful when changing this function, it must NOT return
174 * an error on interface type changes that have been pre-checked, so most
175 * checks should be in ieee80211_check_concurrent_iface.
176 */
177static int ieee80211_do_open(struct net_device *dev, bool coming_up)
178{
179 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
180 struct ieee80211_local *local = sdata->local;
181 struct sta_info *sta;
182 u32 changed = 0;
183 int res;
184 u32 hw_reconf_flags = 0;
185
155 switch (sdata->vif.type) { 186 switch (sdata->vif.type) {
156 case NL80211_IFTYPE_WDS: 187 case NL80211_IFTYPE_WDS:
157 if (!is_valid_ether_addr(sdata->u.wds.remote_addr)) 188 if (!is_valid_ether_addr(sdata->u.wds.remote_addr))
@@ -166,18 +197,15 @@ static int ieee80211_open(struct net_device *dev)
166 sdata->bss = &sdata->u.ap; 197 sdata->bss = &sdata->u.ap;
167 break; 198 break;
168 case NL80211_IFTYPE_MESH_POINT: 199 case NL80211_IFTYPE_MESH_POINT:
169 if (!ieee80211_vif_is_mesh(&sdata->vif))
170 break;
171 /* mesh ifaces must set allmulti to forward mcast traffic */
172 atomic_inc(&local->iff_allmultis);
173 break;
174 case NL80211_IFTYPE_STATION: 200 case NL80211_IFTYPE_STATION:
175 case NL80211_IFTYPE_MONITOR: 201 case NL80211_IFTYPE_MONITOR:
176 case NL80211_IFTYPE_ADHOC: 202 case NL80211_IFTYPE_ADHOC:
177 /* no special treatment */ 203 /* no special treatment */
178 break; 204 break;
179 case NL80211_IFTYPE_UNSPECIFIED: 205 case NL80211_IFTYPE_UNSPECIFIED:
180 case __NL80211_IFTYPE_AFTER_LAST: 206 case NUM_NL80211_IFTYPES:
207 case NL80211_IFTYPE_P2P_CLIENT:
208 case NL80211_IFTYPE_P2P_GO:
181 /* cannot happen */ 209 /* cannot happen */
182 WARN_ON(1); 210 WARN_ON(1);
183 break; 211 break;
@@ -187,39 +215,32 @@ static int ieee80211_open(struct net_device *dev)
187 res = drv_start(local); 215 res = drv_start(local);
188 if (res) 216 if (res)
189 goto err_del_bss; 217 goto err_del_bss;
218 if (local->ops->napi_poll)
219 napi_enable(&local->napi);
190 /* we're brought up, everything changes */ 220 /* we're brought up, everything changes */
191 hw_reconf_flags = ~0; 221 hw_reconf_flags = ~0;
192 ieee80211_led_radio(local, true); 222 ieee80211_led_radio(local, true);
223 ieee80211_mod_tpt_led_trig(local,
224 IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
193 } 225 }
194 226
195 /* 227 /*
196 * Check all interfaces and copy the hopefully now-present 228 * Copy the hopefully now-present MAC address to
197 * MAC address to those that have the special null one. 229 * this interface, if it has the special null one.
198 */ 230 */
199 list_for_each_entry(nsdata, &local->interfaces, list) { 231 if (is_zero_ether_addr(dev->dev_addr)) {
200 struct net_device *ndev = nsdata->dev; 232 memcpy(dev->dev_addr,
201 233 local->hw.wiphy->perm_addr,
202 /* 234 ETH_ALEN);
203 * No need to check running since we do not allow 235 memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN);
204 * it to start up with this invalid address. 236
205 */ 237 if (!is_valid_ether_addr(dev->dev_addr)) {
206 if (compare_ether_addr(null_addr, ndev->dev_addr) == 0) { 238 if (!local->open_count)
207 memcpy(ndev->dev_addr, 239 drv_stop(local);
208 local->hw.wiphy->perm_addr, 240 return -EADDRNOTAVAIL;
209 ETH_ALEN);
210 memcpy(ndev->perm_addr, ndev->dev_addr, ETH_ALEN);
211 } 241 }
212 } 242 }
213 243
214 /*
215 * Validate the MAC address for this device.
216 */
217 if (!is_valid_ether_addr(dev->dev_addr)) {
218 if (!local->open_count)
219 drv_stop(local);
220 return -EADDRNOTAVAIL;
221 }
222
223 switch (sdata->vif.type) { 244 switch (sdata->vif.type) {
224 case NL80211_IFTYPE_AP_VLAN: 245 case NL80211_IFTYPE_AP_VLAN:
225 /* no need to tell driver */ 246 /* no need to tell driver */
@@ -237,35 +258,25 @@ static int ieee80211_open(struct net_device *dev)
237 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR; 258 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
238 } 259 }
239 260
240 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 261 ieee80211_adjust_monitor_flags(sdata, 1);
241 local->fif_fcsfail++;
242 if (sdata->u.mntr_flags & MONITOR_FLAG_PLCPFAIL)
243 local->fif_plcpfail++;
244 if (sdata->u.mntr_flags & MONITOR_FLAG_CONTROL) {
245 local->fif_control++;
246 local->fif_pspoll++;
247 }
248 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
249 local->fif_other_bss++;
250
251 ieee80211_configure_filter(local); 262 ieee80211_configure_filter(local);
252 263
253 netif_carrier_on(dev); 264 netif_carrier_on(dev);
254 break; 265 break;
255 default: 266 default:
256 res = drv_add_interface(local, &sdata->vif); 267 if (coming_up) {
257 if (res) 268 res = drv_add_interface(local, &sdata->vif);
258 goto err_stop; 269 if (res)
259 270 goto err_stop;
260 if (ieee80211_vif_is_mesh(&sdata->vif)) { 271 }
261 local->fif_other_bss++;
262 ieee80211_configure_filter(local);
263 272
264 ieee80211_start_mesh(sdata); 273 if (sdata->vif.type == NL80211_IFTYPE_AP) {
265 } else if (sdata->vif.type == NL80211_IFTYPE_AP) {
266 local->fif_pspoll++; 274 local->fif_pspoll++;
275 local->fif_probe_req++;
267 276
268 ieee80211_configure_filter(local); 277 ieee80211_configure_filter(local);
278 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
279 local->fif_probe_req++;
269 } 280 }
270 281
271 changed |= ieee80211_reset_erp_info(sdata); 282 changed |= ieee80211_reset_erp_info(sdata);
@@ -277,6 +288,8 @@ static int ieee80211_open(struct net_device *dev)
277 netif_carrier_on(dev); 288 netif_carrier_on(dev);
278 } 289 }
279 290
291 set_bit(SDATA_STATE_RUNNING, &sdata->state);
292
280 if (sdata->vif.type == NL80211_IFTYPE_WDS) { 293 if (sdata->vif.type == NL80211_IFTYPE_WDS) {
281 /* Create STA entry for the WDS peer */ 294 /* Create STA entry for the WDS peer */
282 sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr, 295 sta = sta_info_alloc(sdata, sdata->u.wds.remote_addr,
@@ -294,6 +307,8 @@ static int ieee80211_open(struct net_device *dev)
294 /* STA has been freed */ 307 /* STA has been freed */
295 goto err_del_interface; 308 goto err_del_interface;
296 } 309 }
310
311 rate_control_rate_init(sta);
297 } 312 }
298 313
299 /* 314 /*
@@ -307,9 +322,13 @@ static int ieee80211_open(struct net_device *dev)
307 if (sdata->flags & IEEE80211_SDATA_PROMISC) 322 if (sdata->flags & IEEE80211_SDATA_PROMISC)
308 atomic_inc(&local->iff_promiscs); 323 atomic_inc(&local->iff_promiscs);
309 324
325 mutex_lock(&local->mtx);
310 hw_reconf_flags |= __ieee80211_recalc_idle(local); 326 hw_reconf_flags |= __ieee80211_recalc_idle(local);
327 mutex_unlock(&local->mtx);
328
329 if (coming_up)
330 local->open_count++;
311 331
312 local->open_count++;
313 if (hw_reconf_flags) { 332 if (hw_reconf_flags) {
314 ieee80211_hw_config(local, hw_reconf_flags); 333 ieee80211_hw_config(local, hw_reconf_flags);
315 /* 334 /*
@@ -334,22 +353,46 @@ static int ieee80211_open(struct net_device *dev)
334 sdata->bss = NULL; 353 sdata->bss = NULL;
335 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 354 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
336 list_del(&sdata->u.vlan.list); 355 list_del(&sdata->u.vlan.list);
356 clear_bit(SDATA_STATE_RUNNING, &sdata->state);
337 return res; 357 return res;
338} 358}
339 359
340static int ieee80211_stop(struct net_device *dev) 360static int ieee80211_open(struct net_device *dev)
341{ 361{
342 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 362 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
363 int err;
364
365 /* fail early if user set an invalid address */
366 if (!is_zero_ether_addr(dev->dev_addr) &&
367 !is_valid_ether_addr(dev->dev_addr))
368 return -EADDRNOTAVAIL;
369
370 err = ieee80211_check_concurrent_iface(sdata, sdata->vif.type);
371 if (err)
372 return err;
373
374 return ieee80211_do_open(dev, true);
375}
376
377static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
378 bool going_down)
379{
343 struct ieee80211_local *local = sdata->local; 380 struct ieee80211_local *local = sdata->local;
344 unsigned long flags; 381 unsigned long flags;
345 struct sk_buff *skb, *tmp; 382 struct sk_buff *skb, *tmp;
346 u32 hw_reconf_flags = 0; 383 u32 hw_reconf_flags = 0;
347 int i; 384 int i;
385 enum nl80211_channel_type orig_ct;
386
387 clear_bit(SDATA_STATE_RUNNING, &sdata->state);
388
389 if (local->scan_sdata == sdata)
390 ieee80211_scan_cancel(local);
348 391
349 /* 392 /*
350 * Stop TX on this interface first. 393 * Stop TX on this interface first.
351 */ 394 */
352 netif_tx_stop_all_queues(dev); 395 netif_tx_stop_all_queues(sdata->dev);
353 396
354 /* 397 /*
355 * Purge work for this interface. 398 * Purge work for this interface.
@@ -366,12 +409,9 @@ static int ieee80211_stop(struct net_device *dev)
366 * (because if we remove a STA after ops->remove_interface() 409 * (because if we remove a STA after ops->remove_interface()
367 * the driver will have removed the vif info already!) 410 * the driver will have removed the vif info already!)
368 * 411 *
369 * We could relax this and only unlink the stations from the 412 * This is relevant only in AP, WDS and mesh modes, since in
370 * hash table and list but keep them on a per-sdata list that 413 * all other modes we've already removed all stations when
371 * will be inserted back again when the interface is brought 414 * disconnecting etc.
372 * up again, but I don't currently see a use case for that,
373 * except with WDS which gets a STA entry created when it is
374 * brought up.
375 */ 415 */
376 sta_info_flush(local, sdata); 416 sta_info_flush(local, sdata);
377 417
@@ -387,14 +427,19 @@ static int ieee80211_stop(struct net_device *dev)
387 if (sdata->flags & IEEE80211_SDATA_PROMISC) 427 if (sdata->flags & IEEE80211_SDATA_PROMISC)
388 atomic_dec(&local->iff_promiscs); 428 atomic_dec(&local->iff_promiscs);
389 429
390 if (sdata->vif.type == NL80211_IFTYPE_AP) 430 if (sdata->vif.type == NL80211_IFTYPE_AP) {
391 local->fif_pspoll--; 431 local->fif_pspoll--;
432 local->fif_probe_req--;
433 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
434 local->fif_probe_req--;
435 }
392 436
393 netif_addr_lock_bh(dev); 437 netif_addr_lock_bh(sdata->dev);
394 spin_lock_bh(&local->filter_lock); 438 spin_lock_bh(&local->filter_lock);
395 __hw_addr_unsync(&local->mc_list, &dev->mc, dev->addr_len); 439 __hw_addr_unsync(&local->mc_list, &sdata->dev->mc,
440 sdata->dev->addr_len);
396 spin_unlock_bh(&local->filter_lock); 441 spin_unlock_bh(&local->filter_lock);
397 netif_addr_unlock_bh(dev); 442 netif_addr_unlock_bh(sdata->dev);
398 443
399 ieee80211_configure_filter(local); 444 ieee80211_configure_filter(local);
400 445
@@ -404,13 +449,24 @@ static int ieee80211_stop(struct net_device *dev)
404 /* APs need special treatment */ 449 /* APs need special treatment */
405 if (sdata->vif.type == NL80211_IFTYPE_AP) { 450 if (sdata->vif.type == NL80211_IFTYPE_AP) {
406 struct ieee80211_sub_if_data *vlan, *tmpsdata; 451 struct ieee80211_sub_if_data *vlan, *tmpsdata;
407 struct beacon_data *old_beacon = sdata->u.ap.beacon; 452 struct beacon_data *old_beacon =
453 rtnl_dereference(sdata->u.ap.beacon);
454
455 /* sdata_running will return false, so this will disable */
456 ieee80211_bss_info_change_notify(sdata,
457 BSS_CHANGED_BEACON_ENABLED);
408 458
409 /* remove beacon */ 459 /* remove beacon */
410 rcu_assign_pointer(sdata->u.ap.beacon, NULL); 460 rcu_assign_pointer(sdata->u.ap.beacon, NULL);
411 synchronize_rcu(); 461 synchronize_rcu();
412 kfree(old_beacon); 462 kfree(old_beacon);
413 463
464 /* free all potentially still buffered bcast frames */
465 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
466 local->total_ps_buffered--;
467 dev_kfree_skb(skb);
468 }
469
414 /* down all dependent devices, that is VLANs */ 470 /* down all dependent devices, that is VLANs */
415 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans, 471 list_for_each_entry_safe(vlan, tmpsdata, &sdata->u.ap.vlans,
416 u.vlan.list) 472 u.vlan.list)
@@ -418,7 +474,8 @@ static int ieee80211_stop(struct net_device *dev)
418 WARN_ON(!list_empty(&sdata->u.ap.vlans)); 474 WARN_ON(!list_empty(&sdata->u.ap.vlans));
419 } 475 }
420 476
421 local->open_count--; 477 if (going_down)
478 local->open_count--;
422 479
423 switch (sdata->vif.type) { 480 switch (sdata->vif.type) {
424 case NL80211_IFTYPE_AP_VLAN: 481 case NL80211_IFTYPE_AP_VLAN:
@@ -437,52 +494,9 @@ static int ieee80211_stop(struct net_device *dev)
437 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR; 494 hw_reconf_flags |= IEEE80211_CONF_CHANGE_MONITOR;
438 } 495 }
439 496
440 if (sdata->u.mntr_flags & MONITOR_FLAG_FCSFAIL) 497 ieee80211_adjust_monitor_flags(sdata, -1);
441 local->fif_fcsfail--;
442 if (sdata->u.mntr_flags & MONITOR_FLAG_PLCPFAIL)
443 local->fif_plcpfail--;
444 if (sdata->u.mntr_flags & MONITOR_FLAG_CONTROL) {
445 local->fif_pspoll--;
446 local->fif_control--;
447 }
448 if (sdata->u.mntr_flags & MONITOR_FLAG_OTHER_BSS)
449 local->fif_other_bss--;
450
451 ieee80211_configure_filter(local); 498 ieee80211_configure_filter(local);
452 break; 499 break;
453 case NL80211_IFTYPE_STATION:
454 del_timer_sync(&sdata->u.mgd.chswitch_timer);
455 del_timer_sync(&sdata->u.mgd.timer);
456 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
457 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
458 /*
459 * If any of the timers fired while we waited for it, it will
460 * have queued its work. Now the work will be running again
461 * but will not rearm the timer again because it checks
462 * whether the interface is running, which, at this point,
463 * it no longer is.
464 */
465 cancel_work_sync(&sdata->u.mgd.chswitch_work);
466 cancel_work_sync(&sdata->u.mgd.monitor_work);
467 cancel_work_sync(&sdata->u.mgd.beacon_connection_loss_work);
468
469 /* fall through */
470 case NL80211_IFTYPE_ADHOC:
471 if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
472 del_timer_sync(&sdata->u.ibss.timer);
473 /* fall through */
474 case NL80211_IFTYPE_MESH_POINT:
475 if (ieee80211_vif_is_mesh(&sdata->vif)) {
476 /* other_bss and allmulti are always set on mesh
477 * ifaces */
478 local->fif_other_bss--;
479 atomic_dec(&local->iff_allmultis);
480
481 ieee80211_configure_filter(local);
482
483 ieee80211_stop_mesh(sdata);
484 }
485 /* fall through */
486 default: 500 default:
487 flush_work(&sdata->work); 501 flush_work(&sdata->work);
488 /* 502 /*
@@ -494,31 +508,35 @@ static int ieee80211_stop(struct net_device *dev)
494 synchronize_rcu(); 508 synchronize_rcu();
495 skb_queue_purge(&sdata->skb_queue); 509 skb_queue_purge(&sdata->skb_queue);
496 510
497 if (local->scan_sdata == sdata)
498 ieee80211_scan_cancel(local);
499
500 /* 511 /*
501 * Disable beaconing for AP and mesh, IBSS can't 512 * Disable beaconing here for mesh only, AP and IBSS
502 * still be joined to a network at this point. 513 * are already taken care of.
503 */ 514 */
504 if (sdata->vif.type == NL80211_IFTYPE_AP || 515 if (sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
505 sdata->vif.type == NL80211_IFTYPE_MESH_POINT) {
506 ieee80211_bss_info_change_notify(sdata, 516 ieee80211_bss_info_change_notify(sdata,
507 BSS_CHANGED_BEACON_ENABLED); 517 BSS_CHANGED_BEACON_ENABLED);
508 }
509 518
510 /* free all remaining keys, there shouldn't be any */ 519 /*
520 * Free all remaining keys, there shouldn't be any,
521 * except maybe group keys in AP more or WDS?
522 */
511 ieee80211_free_keys(sdata); 523 ieee80211_free_keys(sdata);
512 drv_remove_interface(local, &sdata->vif); 524
525 if (going_down)
526 drv_remove_interface(local, &sdata->vif);
513 } 527 }
514 528
515 sdata->bss = NULL; 529 sdata->bss = NULL;
516 530
531 mutex_lock(&local->mtx);
517 hw_reconf_flags |= __ieee80211_recalc_idle(local); 532 hw_reconf_flags |= __ieee80211_recalc_idle(local);
533 mutex_unlock(&local->mtx);
518 534
519 ieee80211_recalc_ps(local, -1); 535 ieee80211_recalc_ps(local, -1);
520 536
521 if (local->open_count == 0) { 537 if (local->open_count == 0) {
538 if (local->ops->napi_poll)
539 napi_disable(&local->napi);
522 ieee80211_clear_tx_pending(local); 540 ieee80211_clear_tx_pending(local);
523 ieee80211_stop_device(local); 541 ieee80211_stop_device(local);
524 542
@@ -526,8 +544,14 @@ static int ieee80211_stop(struct net_device *dev)
526 hw_reconf_flags = 0; 544 hw_reconf_flags = 0;
527 } 545 }
528 546
547 /* Re-calculate channel-type, in case there are multiple vifs
548 * on different channel types.
549 */
550 orig_ct = local->_oper_channel_type;
551 ieee80211_set_channel_type(local, NULL, NL80211_CHAN_NO_HT);
552
529 /* do after stop to avoid reconfiguring when we stop anyway */ 553 /* do after stop to avoid reconfiguring when we stop anyway */
530 if (hw_reconf_flags) 554 if (hw_reconf_flags || (orig_ct != local->_oper_channel_type))
531 ieee80211_hw_config(local, hw_reconf_flags); 555 ieee80211_hw_config(local, hw_reconf_flags);
532 556
533 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 557 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
@@ -541,6 +565,13 @@ static int ieee80211_stop(struct net_device *dev)
541 } 565 }
542 } 566 }
543 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 567 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
568}
569
570static int ieee80211_stop(struct net_device *dev)
571{
572 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
573
574 ieee80211_do_stop(sdata, true);
544 575
545 return 0; 576 return 0;
546} 577}
@@ -585,8 +616,6 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
585{ 616{
586 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 617 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
587 struct ieee80211_local *local = sdata->local; 618 struct ieee80211_local *local = sdata->local;
588 struct beacon_data *beacon;
589 struct sk_buff *skb;
590 int flushed; 619 int flushed;
591 int i; 620 int i;
592 621
@@ -599,37 +628,8 @@ static void ieee80211_teardown_sdata(struct net_device *dev)
599 __skb_queue_purge(&sdata->fragments[i].skb_list); 628 __skb_queue_purge(&sdata->fragments[i].skb_list);
600 sdata->fragment_next = 0; 629 sdata->fragment_next = 0;
601 630
602 switch (sdata->vif.type) { 631 if (ieee80211_vif_is_mesh(&sdata->vif))
603 case NL80211_IFTYPE_AP: 632 mesh_rmc_free(sdata);
604 beacon = sdata->u.ap.beacon;
605 rcu_assign_pointer(sdata->u.ap.beacon, NULL);
606 synchronize_rcu();
607 kfree(beacon);
608
609 while ((skb = skb_dequeue(&sdata->u.ap.ps_bc_buf))) {
610 local->total_ps_buffered--;
611 dev_kfree_skb(skb);
612 }
613
614 break;
615 case NL80211_IFTYPE_MESH_POINT:
616 if (ieee80211_vif_is_mesh(&sdata->vif))
617 mesh_rmc_free(sdata);
618 break;
619 case NL80211_IFTYPE_ADHOC:
620 if (WARN_ON(sdata->u.ibss.presp))
621 kfree_skb(sdata->u.ibss.presp);
622 break;
623 case NL80211_IFTYPE_STATION:
624 case NL80211_IFTYPE_WDS:
625 case NL80211_IFTYPE_AP_VLAN:
626 case NL80211_IFTYPE_MONITOR:
627 break;
628 case NL80211_IFTYPE_UNSPECIFIED:
629 case __NL80211_IFTYPE_AFTER_LAST:
630 BUG();
631 break;
632 }
633 633
634 flushed = sta_info_flush(local, sdata); 634 flushed = sta_info_flush(local, sdata);
635 WARN_ON(flushed); 635 WARN_ON(flushed);
@@ -791,7 +791,8 @@ static void ieee80211_iface_work(struct work_struct *work)
791 791
792 __ieee80211_stop_rx_ba_session( 792 __ieee80211_stop_rx_ba_session(
793 sta, tid, WLAN_BACK_RECIPIENT, 793 sta, tid, WLAN_BACK_RECIPIENT,
794 WLAN_REASON_QSTA_REQUIRE_SETUP); 794 WLAN_REASON_QSTA_REQUIRE_SETUP,
795 true);
795 } 796 }
796 mutex_unlock(&local->sta_mtx); 797 mutex_unlock(&local->sta_mtx);
797 } else switch (sdata->vif.type) { 798 } else switch (sdata->vif.type) {
@@ -844,9 +845,13 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
844 845
845 /* and set some type-dependent values */ 846 /* and set some type-dependent values */
846 sdata->vif.type = type; 847 sdata->vif.type = type;
848 sdata->vif.p2p = false;
847 sdata->dev->netdev_ops = &ieee80211_dataif_ops; 849 sdata->dev->netdev_ops = &ieee80211_dataif_ops;
848 sdata->wdev.iftype = type; 850 sdata->wdev.iftype = type;
849 851
852 sdata->control_port_protocol = cpu_to_be16(ETH_P_PAE);
853 sdata->control_port_no_encrypt = false;
854
850 /* only monitor differs */ 855 /* only monitor differs */
851 sdata->dev->type = ARPHRD_ETHER; 856 sdata->dev->type = ARPHRD_ETHER;
852 857
@@ -854,10 +859,20 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
854 INIT_WORK(&sdata->work, ieee80211_iface_work); 859 INIT_WORK(&sdata->work, ieee80211_iface_work);
855 860
856 switch (type) { 861 switch (type) {
862 case NL80211_IFTYPE_P2P_GO:
863 type = NL80211_IFTYPE_AP;
864 sdata->vif.type = type;
865 sdata->vif.p2p = true;
866 /* fall through */
857 case NL80211_IFTYPE_AP: 867 case NL80211_IFTYPE_AP:
858 skb_queue_head_init(&sdata->u.ap.ps_bc_buf); 868 skb_queue_head_init(&sdata->u.ap.ps_bc_buf);
859 INIT_LIST_HEAD(&sdata->u.ap.vlans); 869 INIT_LIST_HEAD(&sdata->u.ap.vlans);
860 break; 870 break;
871 case NL80211_IFTYPE_P2P_CLIENT:
872 type = NL80211_IFTYPE_STATION;
873 sdata->vif.type = type;
874 sdata->vif.p2p = true;
875 /* fall through */
861 case NL80211_IFTYPE_STATION: 876 case NL80211_IFTYPE_STATION:
862 ieee80211_sta_setup_sdata(sdata); 877 ieee80211_sta_setup_sdata(sdata);
863 break; 878 break;
@@ -878,7 +893,7 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
878 case NL80211_IFTYPE_AP_VLAN: 893 case NL80211_IFTYPE_AP_VLAN:
879 break; 894 break;
880 case NL80211_IFTYPE_UNSPECIFIED: 895 case NL80211_IFTYPE_UNSPECIFIED:
881 case __NL80211_IFTYPE_AFTER_LAST: 896 case NUM_NL80211_IFTYPES:
882 BUG(); 897 BUG();
883 break; 898 break;
884 } 899 }
@@ -886,12 +901,85 @@ static void ieee80211_setup_sdata(struct ieee80211_sub_if_data *sdata,
886 ieee80211_debugfs_add_netdev(sdata); 901 ieee80211_debugfs_add_netdev(sdata);
887} 902}
888 903
904static int ieee80211_runtime_change_iftype(struct ieee80211_sub_if_data *sdata,
905 enum nl80211_iftype type)
906{
907 struct ieee80211_local *local = sdata->local;
908 int ret, err;
909 enum nl80211_iftype internal_type = type;
910 bool p2p = false;
911
912 ASSERT_RTNL();
913
914 if (!local->ops->change_interface)
915 return -EBUSY;
916
917 switch (sdata->vif.type) {
918 case NL80211_IFTYPE_AP:
919 case NL80211_IFTYPE_STATION:
920 case NL80211_IFTYPE_ADHOC:
921 /*
922 * Could maybe also all others here?
923 * Just not sure how that interacts
924 * with the RX/config path e.g. for
925 * mesh.
926 */
927 break;
928 default:
929 return -EBUSY;
930 }
931
932 switch (type) {
933 case NL80211_IFTYPE_AP:
934 case NL80211_IFTYPE_STATION:
935 case NL80211_IFTYPE_ADHOC:
936 /*
937 * Could probably support everything
938 * but WDS here (WDS do_open can fail
939 * under memory pressure, which this
940 * code isn't prepared to handle).
941 */
942 break;
943 case NL80211_IFTYPE_P2P_CLIENT:
944 p2p = true;
945 internal_type = NL80211_IFTYPE_STATION;
946 break;
947 case NL80211_IFTYPE_P2P_GO:
948 p2p = true;
949 internal_type = NL80211_IFTYPE_AP;
950 break;
951 default:
952 return -EBUSY;
953 }
954
955 ret = ieee80211_check_concurrent_iface(sdata, internal_type);
956 if (ret)
957 return ret;
958
959 ieee80211_do_stop(sdata, false);
960
961 ieee80211_teardown_sdata(sdata->dev);
962
963 ret = drv_change_interface(local, sdata, internal_type, p2p);
964 if (ret)
965 type = sdata->vif.type;
966
967 ieee80211_setup_sdata(sdata, type);
968
969 err = ieee80211_do_open(sdata->dev, false);
970 WARN(err, "type change: do_open returned %d", err);
971
972 return ret;
973}
974
889int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata, 975int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
890 enum nl80211_iftype type) 976 enum nl80211_iftype type)
891{ 977{
978 int ret;
979
892 ASSERT_RTNL(); 980 ASSERT_RTNL();
893 981
894 if (type == sdata->vif.type) 982 if (type == ieee80211_vif_type_p2p(&sdata->vif))
895 return 0; 983 return 0;
896 984
897 /* Setting ad-hoc mode on non-IBSS channel is not supported. */ 985 /* Setting ad-hoc mode on non-IBSS channel is not supported. */
@@ -899,18 +987,15 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
899 type == NL80211_IFTYPE_ADHOC) 987 type == NL80211_IFTYPE_ADHOC)
900 return -EOPNOTSUPP; 988 return -EOPNOTSUPP;
901 989
902 /* 990 if (ieee80211_sdata_running(sdata)) {
903 * We could, here, on changes between IBSS/STA/MESH modes, 991 ret = ieee80211_runtime_change_iftype(sdata, type);
904 * invoke an MLME function instead that disassociates etc. 992 if (ret)
905 * and goes into the requested mode. 993 return ret;
906 */ 994 } else {
907 995 /* Purge and reset type-dependent state. */
908 if (ieee80211_sdata_running(sdata)) 996 ieee80211_teardown_sdata(sdata->dev);
909 return -EBUSY; 997 ieee80211_setup_sdata(sdata, type);
910 998 }
911 /* Purge and reset type-dependent state. */
912 ieee80211_teardown_sdata(sdata->dev);
913 ieee80211_setup_sdata(sdata, type);
914 999
915 /* reset some values that shouldn't be kept across type changes */ 1000 /* reset some values that shouldn't be kept across type changes */
916 sdata->vif.bss_conf.basic_rates = 1001 sdata->vif.bss_conf.basic_rates =
@@ -1107,12 +1192,6 @@ int ieee80211_if_add(struct ieee80211_local *local, const char *name,
1107 if (ret) 1192 if (ret)
1108 goto fail; 1193 goto fail;
1109 1194
1110 if (ieee80211_vif_is_mesh(&sdata->vif) &&
1111 params && params->mesh_id_len)
1112 ieee80211_sdata_set_mesh_id(sdata,
1113 params->mesh_id_len,
1114 params->mesh_id);
1115
1116 mutex_lock(&local->iflist_mtx); 1195 mutex_lock(&local->iflist_mtx);
1117 list_add_tail_rcu(&sdata->list, &local->interfaces); 1196 list_add_tail_rcu(&sdata->list, &local->interfaces);
1118 mutex_unlock(&local->iflist_mtx); 1197 mutex_unlock(&local->iflist_mtx);
@@ -1158,6 +1237,7 @@ void ieee80211_remove_interfaces(struct ieee80211_local *local)
1158 } 1237 }
1159 mutex_unlock(&local->iflist_mtx); 1238 mutex_unlock(&local->iflist_mtx);
1160 unregister_netdevice_many(&unreg_list); 1239 unregister_netdevice_many(&unreg_list);
1240 list_del(&unreg_list);
1161} 1241}
1162 1242
1163static u32 ieee80211_idle_off(struct ieee80211_local *local, 1243static u32 ieee80211_idle_off(struct ieee80211_local *local,
@@ -1167,8 +1247,7 @@ static u32 ieee80211_idle_off(struct ieee80211_local *local,
1167 return 0; 1247 return 0;
1168 1248
1169#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1249#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1170 printk(KERN_DEBUG "%s: device no longer idle - %s\n", 1250 wiphy_debug(local->hw.wiphy, "device no longer idle - %s\n", reason);
1171 wiphy_name(local->hw.wiphy), reason);
1172#endif 1251#endif
1173 1252
1174 local->hw.conf.flags &= ~IEEE80211_CONF_IDLE; 1253 local->hw.conf.flags &= ~IEEE80211_CONF_IDLE;
@@ -1181,8 +1260,7 @@ static u32 ieee80211_idle_on(struct ieee80211_local *local)
1181 return 0; 1260 return 0;
1182 1261
1183#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1262#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1184 printk(KERN_DEBUG "%s: device now idle\n", 1263 wiphy_debug(local->hw.wiphy, "device now idle\n");
1185 wiphy_name(local->hw.wiphy));
1186#endif 1264#endif
1187 1265
1188 drv_flush(local, false); 1266 drv_flush(local, false);
@@ -1195,28 +1273,79 @@ u32 __ieee80211_recalc_idle(struct ieee80211_local *local)
1195{ 1273{
1196 struct ieee80211_sub_if_data *sdata; 1274 struct ieee80211_sub_if_data *sdata;
1197 int count = 0; 1275 int count = 0;
1276 bool working = false, scanning = false, hw_roc = false;
1277 struct ieee80211_work *wk;
1278 unsigned int led_trig_start = 0, led_trig_stop = 0;
1198 1279
1199 if (!list_empty(&local->work_list)) 1280#ifdef CONFIG_PROVE_LOCKING
1200 return ieee80211_idle_off(local, "working"); 1281 WARN_ON(debug_locks && !lockdep_rtnl_is_held() &&
1201 1282 !lockdep_is_held(&local->iflist_mtx));
1202 if (local->scanning) 1283#endif
1203 return ieee80211_idle_off(local, "scanning"); 1284 lockdep_assert_held(&local->mtx);
1204 1285
1205 list_for_each_entry(sdata, &local->interfaces, list) { 1286 list_for_each_entry(sdata, &local->interfaces, list) {
1206 if (!ieee80211_sdata_running(sdata)) 1287 if (!ieee80211_sdata_running(sdata)) {
1288 sdata->vif.bss_conf.idle = true;
1207 continue; 1289 continue;
1290 }
1291
1292 sdata->old_idle = sdata->vif.bss_conf.idle;
1293
1208 /* do not count disabled managed interfaces */ 1294 /* do not count disabled managed interfaces */
1209 if (sdata->vif.type == NL80211_IFTYPE_STATION && 1295 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1210 !sdata->u.mgd.associated) 1296 !sdata->u.mgd.associated) {
1297 sdata->vif.bss_conf.idle = true;
1211 continue; 1298 continue;
1299 }
1212 /* do not count unused IBSS interfaces */ 1300 /* do not count unused IBSS interfaces */
1213 if (sdata->vif.type == NL80211_IFTYPE_ADHOC && 1301 if (sdata->vif.type == NL80211_IFTYPE_ADHOC &&
1214 !sdata->u.ibss.ssid_len) 1302 !sdata->u.ibss.ssid_len) {
1303 sdata->vif.bss_conf.idle = true;
1215 continue; 1304 continue;
1305 }
1216 /* count everything else */ 1306 /* count everything else */
1217 count++; 1307 count++;
1218 } 1308 }
1219 1309
1310 list_for_each_entry(wk, &local->work_list, list) {
1311 working = true;
1312 wk->sdata->vif.bss_conf.idle = false;
1313 }
1314
1315 if (local->scan_sdata) {
1316 scanning = true;
1317 local->scan_sdata->vif.bss_conf.idle = false;
1318 }
1319
1320 if (local->hw_roc_channel)
1321 hw_roc = true;
1322
1323 list_for_each_entry(sdata, &local->interfaces, list) {
1324 if (sdata->old_idle == sdata->vif.bss_conf.idle)
1325 continue;
1326 if (!ieee80211_sdata_running(sdata))
1327 continue;
1328 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_IDLE);
1329 }
1330
1331 if (working || scanning || hw_roc)
1332 led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_WORK;
1333 else
1334 led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_WORK;
1335
1336 if (count)
1337 led_trig_start |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
1338 else
1339 led_trig_stop |= IEEE80211_TPT_LEDTRIG_FL_CONNECTED;
1340
1341 ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
1342
1343 if (hw_roc)
1344 return ieee80211_idle_off(local, "hw remain-on-channel");
1345 if (working)
1346 return ieee80211_idle_off(local, "working");
1347 if (scanning)
1348 return ieee80211_idle_off(local, "scanning");
1220 if (!count) 1349 if (!count)
1221 return ieee80211_idle_on(local); 1350 return ieee80211_idle_on(local);
1222 else 1351 else
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index 1b9d87ed143a..f825e2f0a57e 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -30,26 +30,27 @@
30 * keys and per-station keys. Since each station belongs to an interface, 30 * keys and per-station keys. Since each station belongs to an interface,
31 * each station key also belongs to that interface. 31 * each station key also belongs to that interface.
32 * 32 *
33 * Hardware acceleration is done on a best-effort basis, for each key 33 * Hardware acceleration is done on a best-effort basis for algorithms
34 * that is eligible the hardware is asked to enable that key but if 34 * that are implemented in software, for each key the hardware is asked
35 * it cannot do that they key is simply kept for software encryption. 35 * to enable that key for offloading but if it cannot do that the key is
36 * There is currently no way of knowing this except by looking into 36 * simply kept for software encryption (unless it is for an algorithm
37 * debugfs. 37 * that isn't implemented in software).
38 * There is currently no way of knowing whether a key is handled in SW
39 * or HW except by looking into debugfs.
38 * 40 *
39 * All key operations are protected internally. 41 * All key management is internally protected by a mutex. Within all
40 * 42 * other parts of mac80211, key references are, just as STA structure
41 * Within mac80211, key references are, just as STA structure references, 43 * references, protected by RCU. Note, however, that some things are
42 * protected by RCU. Note, however, that some things are unprotected, 44 * unprotected, namely the key->sta dereferences within the hardware
43 * namely the key->sta dereferences within the hardware acceleration 45 * acceleration functions. This means that sta_info_destroy() must
44 * functions. This means that sta_info_destroy() must remove the key 46 * remove the key which waits for an RCU grace period.
45 * which waits for an RCU grace period.
46 */ 47 */
47 48
48static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }; 49static const u8 bcast_addr[ETH_ALEN] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
49 50
50static void assert_key_lock(struct ieee80211_local *local) 51static void assert_key_lock(struct ieee80211_local *local)
51{ 52{
52 WARN_ON(!mutex_is_locked(&local->key_mtx)); 53 lockdep_assert_held(&local->key_mtx);
53} 54}
54 55
55static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key) 56static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
@@ -60,7 +61,7 @@ static struct ieee80211_sta *get_sta_for_key(struct ieee80211_key *key)
60 return NULL; 61 return NULL;
61} 62}
62 63
63static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key) 64static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
64{ 65{
65 struct ieee80211_sub_if_data *sdata; 66 struct ieee80211_sub_if_data *sdata;
66 struct ieee80211_sta *sta; 67 struct ieee80211_sta *sta;
@@ -69,28 +70,57 @@ static void ieee80211_key_enable_hw_accel(struct ieee80211_key *key)
69 might_sleep(); 70 might_sleep();
70 71
71 if (!key->local->ops->set_key) 72 if (!key->local->ops->set_key)
72 return; 73 goto out_unsupported;
73 74
74 assert_key_lock(key->local); 75 assert_key_lock(key->local);
75 76
76 sta = get_sta_for_key(key); 77 sta = get_sta_for_key(key);
77 78
79 /*
80 * If this is a per-STA GTK, check if it
81 * is supported; if not, return.
82 */
83 if (sta && !(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE) &&
84 !(key->local->hw.flags & IEEE80211_HW_SUPPORTS_PER_STA_GTK))
85 goto out_unsupported;
86
78 sdata = key->sdata; 87 sdata = key->sdata;
79 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 88 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
89 /*
90 * The driver doesn't know anything about VLAN interfaces.
91 * Hence, don't send GTKs for VLAN interfaces to the driver.
92 */
93 if (!(key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE))
94 goto out_unsupported;
80 sdata = container_of(sdata->bss, 95 sdata = container_of(sdata->bss,
81 struct ieee80211_sub_if_data, 96 struct ieee80211_sub_if_data,
82 u.ap); 97 u.ap);
98 }
83 99
84 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf); 100 ret = drv_set_key(key->local, SET_KEY, sdata, sta, &key->conf);
85 101
86 if (!ret) 102 if (!ret) {
87 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE; 103 key->flags |= KEY_FLAG_UPLOADED_TO_HARDWARE;
104 return 0;
105 }
88 106
89 if (ret && ret != -ENOSPC && ret != -EOPNOTSUPP) 107 if (ret != -ENOSPC && ret != -EOPNOTSUPP)
90 printk(KERN_ERR "mac80211-%s: failed to set key " 108 wiphy_err(key->local->hw.wiphy,
91 "(%d, %pM) to hardware (%d)\n", 109 "failed to set key (%d, %pM) to hardware (%d)\n",
92 wiphy_name(key->local->hw.wiphy), 110 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
93 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret); 111
112 out_unsupported:
113 switch (key->conf.cipher) {
114 case WLAN_CIPHER_SUITE_WEP40:
115 case WLAN_CIPHER_SUITE_WEP104:
116 case WLAN_CIPHER_SUITE_TKIP:
117 case WLAN_CIPHER_SUITE_CCMP:
118 case WLAN_CIPHER_SUITE_AES_CMAC:
119 /* all of these we can do in software */
120 return 0;
121 default:
122 return -EINVAL;
123 }
94} 124}
95 125
96static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key) 126static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
@@ -121,36 +151,56 @@ static void ieee80211_key_disable_hw_accel(struct ieee80211_key *key)
121 sta, &key->conf); 151 sta, &key->conf);
122 152
123 if (ret) 153 if (ret)
124 printk(KERN_ERR "mac80211-%s: failed to remove key " 154 wiphy_err(key->local->hw.wiphy,
125 "(%d, %pM) from hardware (%d)\n", 155 "failed to remove key (%d, %pM) from hardware (%d)\n",
126 wiphy_name(key->local->hw.wiphy), 156 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
127 key->conf.keyidx, sta ? sta->addr : bcast_addr, ret);
128 157
129 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE; 158 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
130} 159}
131 160
161void ieee80211_key_removed(struct ieee80211_key_conf *key_conf)
162{
163 struct ieee80211_key *key;
164
165 key = container_of(key_conf, struct ieee80211_key, conf);
166
167 might_sleep();
168 assert_key_lock(key->local);
169
170 key->flags &= ~KEY_FLAG_UPLOADED_TO_HARDWARE;
171
172 /*
173 * Flush TX path to avoid attempts to use this key
174 * after this function returns. Until then, drivers
175 * must be prepared to handle the key.
176 */
177 synchronize_rcu();
178}
179EXPORT_SYMBOL_GPL(ieee80211_key_removed);
180
132static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, 181static void __ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata,
133 int idx) 182 int idx, bool uni, bool multi)
134{ 183{
135 struct ieee80211_key *key = NULL; 184 struct ieee80211_key *key = NULL;
136 185
137 assert_key_lock(sdata->local); 186 assert_key_lock(sdata->local);
138 187
139 if (idx >= 0 && idx < NUM_DEFAULT_KEYS) 188 if (idx >= 0 && idx < NUM_DEFAULT_KEYS)
140 key = sdata->keys[idx]; 189 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
141 190
142 rcu_assign_pointer(sdata->default_key, key); 191 if (uni)
192 rcu_assign_pointer(sdata->default_unicast_key, key);
193 if (multi)
194 rcu_assign_pointer(sdata->default_multicast_key, key);
143 195
144 if (key) { 196 ieee80211_debugfs_key_update_default(sdata);
145 ieee80211_debugfs_key_remove_default(key->sdata);
146 ieee80211_debugfs_key_add_default(key->sdata);
147 }
148} 197}
149 198
150void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx) 199void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
200 bool uni, bool multi)
151{ 201{
152 mutex_lock(&sdata->local->key_mtx); 202 mutex_lock(&sdata->local->key_mtx);
153 __ieee80211_set_default_key(sdata, idx); 203 __ieee80211_set_default_key(sdata, idx, uni, multi);
154 mutex_unlock(&sdata->local->key_mtx); 204 mutex_unlock(&sdata->local->key_mtx);
155} 205}
156 206
@@ -163,14 +213,11 @@ __ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, int idx)
163 213
164 if (idx >= NUM_DEFAULT_KEYS && 214 if (idx >= NUM_DEFAULT_KEYS &&
165 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 215 idx < NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
166 key = sdata->keys[idx]; 216 key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
167 217
168 rcu_assign_pointer(sdata->default_mgmt_key, key); 218 rcu_assign_pointer(sdata->default_mgmt_key, key);
169 219
170 if (key) { 220 ieee80211_debugfs_key_update_default(sdata);
171 ieee80211_debugfs_key_remove_mgmt_default(key->sdata);
172 ieee80211_debugfs_key_add_mgmt_default(key->sdata);
173 }
174} 221}
175 222
176void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 223void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
@@ -184,16 +231,24 @@ void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
184 231
185static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata, 232static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
186 struct sta_info *sta, 233 struct sta_info *sta,
234 bool pairwise,
187 struct ieee80211_key *old, 235 struct ieee80211_key *old,
188 struct ieee80211_key *new) 236 struct ieee80211_key *new)
189{ 237{
190 int idx, defkey, defmgmtkey; 238 int idx;
239 bool defunikey, defmultikey, defmgmtkey;
191 240
192 if (new) 241 if (new)
193 list_add(&new->list, &sdata->key_list); 242 list_add(&new->list, &sdata->key_list);
194 243
195 if (sta) { 244 if (sta && pairwise) {
196 rcu_assign_pointer(sta->key, new); 245 rcu_assign_pointer(sta->ptk, new);
246 } else if (sta) {
247 if (old)
248 idx = old->conf.keyidx;
249 else
250 idx = new->conf.keyidx;
251 rcu_assign_pointer(sta->gtk[idx], new);
197 } else { 252 } else {
198 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx); 253 WARN_ON(new && old && new->conf.keyidx != old->conf.keyidx);
199 254
@@ -202,45 +257,51 @@ static void __ieee80211_key_replace(struct ieee80211_sub_if_data *sdata,
202 else 257 else
203 idx = new->conf.keyidx; 258 idx = new->conf.keyidx;
204 259
205 defkey = old && sdata->default_key == old; 260 defunikey = old &&
206 defmgmtkey = old && sdata->default_mgmt_key == old; 261 old == key_mtx_dereference(sdata->local,
207 262 sdata->default_unicast_key);
208 if (defkey && !new) 263 defmultikey = old &&
209 __ieee80211_set_default_key(sdata, -1); 264 old == key_mtx_dereference(sdata->local,
265 sdata->default_multicast_key);
266 defmgmtkey = old &&
267 old == key_mtx_dereference(sdata->local,
268 sdata->default_mgmt_key);
269
270 if (defunikey && !new)
271 __ieee80211_set_default_key(sdata, -1, true, false);
272 if (defmultikey && !new)
273 __ieee80211_set_default_key(sdata, -1, false, true);
210 if (defmgmtkey && !new) 274 if (defmgmtkey && !new)
211 __ieee80211_set_default_mgmt_key(sdata, -1); 275 __ieee80211_set_default_mgmt_key(sdata, -1);
212 276
213 rcu_assign_pointer(sdata->keys[idx], new); 277 rcu_assign_pointer(sdata->keys[idx], new);
214 if (defkey && new) 278 if (defunikey && new)
215 __ieee80211_set_default_key(sdata, new->conf.keyidx); 279 __ieee80211_set_default_key(sdata, new->conf.keyidx,
280 true, false);
281 if (defmultikey && new)
282 __ieee80211_set_default_key(sdata, new->conf.keyidx,
283 false, true);
216 if (defmgmtkey && new) 284 if (defmgmtkey && new)
217 __ieee80211_set_default_mgmt_key(sdata, 285 __ieee80211_set_default_mgmt_key(sdata,
218 new->conf.keyidx); 286 new->conf.keyidx);
219 } 287 }
220 288
221 if (old) { 289 if (old)
222 /* 290 list_del(&old->list);
223 * We'll use an empty list to indicate that the key
224 * has already been removed.
225 */
226 list_del_init(&old->list);
227 }
228} 291}
229 292
230struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, 293struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
231 int idx,
232 size_t key_len,
233 const u8 *key_data, 294 const u8 *key_data,
234 size_t seq_len, const u8 *seq) 295 size_t seq_len, const u8 *seq)
235{ 296{
236 struct ieee80211_key *key; 297 struct ieee80211_key *key;
237 int i, j; 298 int i, j, err;
238 299
239 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS); 300 BUG_ON(idx < 0 || idx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS);
240 301
241 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL); 302 key = kzalloc(sizeof(struct ieee80211_key) + key_len, GFP_KERNEL);
242 if (!key) 303 if (!key)
243 return NULL; 304 return ERR_PTR(-ENOMEM);
244 305
245 /* 306 /*
246 * Default to software encryption; we'll later upload the 307 * Default to software encryption; we'll later upload the
@@ -249,15 +310,16 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
249 key->conf.flags = 0; 310 key->conf.flags = 0;
250 key->flags = 0; 311 key->flags = 0;
251 312
252 key->conf.alg = alg; 313 key->conf.cipher = cipher;
253 key->conf.keyidx = idx; 314 key->conf.keyidx = idx;
254 key->conf.keylen = key_len; 315 key->conf.keylen = key_len;
255 switch (alg) { 316 switch (cipher) {
256 case ALG_WEP: 317 case WLAN_CIPHER_SUITE_WEP40:
318 case WLAN_CIPHER_SUITE_WEP104:
257 key->conf.iv_len = WEP_IV_LEN; 319 key->conf.iv_len = WEP_IV_LEN;
258 key->conf.icv_len = WEP_ICV_LEN; 320 key->conf.icv_len = WEP_ICV_LEN;
259 break; 321 break;
260 case ALG_TKIP: 322 case WLAN_CIPHER_SUITE_TKIP:
261 key->conf.iv_len = TKIP_IV_LEN; 323 key->conf.iv_len = TKIP_IV_LEN;
262 key->conf.icv_len = TKIP_ICV_LEN; 324 key->conf.icv_len = TKIP_ICV_LEN;
263 if (seq) { 325 if (seq) {
@@ -269,7 +331,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
269 } 331 }
270 } 332 }
271 break; 333 break;
272 case ALG_CCMP: 334 case WLAN_CIPHER_SUITE_CCMP:
273 key->conf.iv_len = CCMP_HDR_LEN; 335 key->conf.iv_len = CCMP_HDR_LEN;
274 key->conf.icv_len = CCMP_MIC_LEN; 336 key->conf.icv_len = CCMP_MIC_LEN;
275 if (seq) { 337 if (seq) {
@@ -278,42 +340,38 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
278 key->u.ccmp.rx_pn[i][j] = 340 key->u.ccmp.rx_pn[i][j] =
279 seq[CCMP_PN_LEN - j - 1]; 341 seq[CCMP_PN_LEN - j - 1];
280 } 342 }
281 break;
282 case ALG_AES_CMAC:
283 key->conf.iv_len = 0;
284 key->conf.icv_len = sizeof(struct ieee80211_mmie);
285 if (seq)
286 for (j = 0; j < 6; j++)
287 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
288 break;
289 }
290 memcpy(key->conf.key, key_data, key_len);
291 INIT_LIST_HEAD(&key->list);
292
293 if (alg == ALG_CCMP) {
294 /* 343 /*
295 * Initialize AES key state here as an optimization so that 344 * Initialize AES key state here as an optimization so that
296 * it does not need to be initialized for every packet. 345 * it does not need to be initialized for every packet.
297 */ 346 */
298 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data); 347 key->u.ccmp.tfm = ieee80211_aes_key_setup_encrypt(key_data);
299 if (!key->u.ccmp.tfm) { 348 if (IS_ERR(key->u.ccmp.tfm)) {
349 err = PTR_ERR(key->u.ccmp.tfm);
300 kfree(key); 350 kfree(key);
301 return NULL; 351 return ERR_PTR(err);
302 } 352 }
303 } 353 break;
304 354 case WLAN_CIPHER_SUITE_AES_CMAC:
305 if (alg == ALG_AES_CMAC) { 355 key->conf.iv_len = 0;
356 key->conf.icv_len = sizeof(struct ieee80211_mmie);
357 if (seq)
358 for (j = 0; j < 6; j++)
359 key->u.aes_cmac.rx_pn[j] = seq[6 - j - 1];
306 /* 360 /*
307 * Initialize AES key state here as an optimization so that 361 * Initialize AES key state here as an optimization so that
308 * it does not need to be initialized for every packet. 362 * it does not need to be initialized for every packet.
309 */ 363 */
310 key->u.aes_cmac.tfm = 364 key->u.aes_cmac.tfm =
311 ieee80211_aes_cmac_key_setup(key_data); 365 ieee80211_aes_cmac_key_setup(key_data);
312 if (!key->u.aes_cmac.tfm) { 366 if (IS_ERR(key->u.aes_cmac.tfm)) {
367 err = PTR_ERR(key->u.aes_cmac.tfm);
313 kfree(key); 368 kfree(key);
314 return NULL; 369 return ERR_PTR(err);
315 } 370 }
371 break;
316 } 372 }
373 memcpy(key->conf.key, key_data, key_len);
374 INIT_LIST_HEAD(&key->list);
317 375
318 return key; 376 return key;
319} 377}
@@ -323,12 +381,18 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key)
323 if (!key) 381 if (!key)
324 return; 382 return;
325 383
384 /*
385 * Synchronize so the TX path can no longer be using
386 * this key before we free/remove it.
387 */
388 synchronize_rcu();
389
326 if (key->local) 390 if (key->local)
327 ieee80211_key_disable_hw_accel(key); 391 ieee80211_key_disable_hw_accel(key);
328 392
329 if (key->conf.alg == ALG_CCMP) 393 if (key->conf.cipher == WLAN_CIPHER_SUITE_CCMP)
330 ieee80211_aes_key_free(key->u.ccmp.tfm); 394 ieee80211_aes_key_free(key->u.ccmp.tfm);
331 if (key->conf.alg == ALG_AES_CMAC) 395 if (key->conf.cipher == WLAN_CIPHER_SUITE_AES_CMAC)
332 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm); 396 ieee80211_aes_cmac_key_free(key->u.aes_cmac.tfm);
333 if (key->local) 397 if (key->local)
334 ieee80211_debugfs_key_remove(key); 398 ieee80211_debugfs_key_remove(key);
@@ -336,16 +400,18 @@ static void __ieee80211_key_destroy(struct ieee80211_key *key)
336 kfree(key); 400 kfree(key);
337} 401}
338 402
339void ieee80211_key_link(struct ieee80211_key *key, 403int ieee80211_key_link(struct ieee80211_key *key,
340 struct ieee80211_sub_if_data *sdata, 404 struct ieee80211_sub_if_data *sdata,
341 struct sta_info *sta) 405 struct sta_info *sta)
342{ 406{
343 struct ieee80211_key *old_key; 407 struct ieee80211_key *old_key;
344 int idx; 408 int idx, ret;
409 bool pairwise;
345 410
346 BUG_ON(!sdata); 411 BUG_ON(!sdata);
347 BUG_ON(!key); 412 BUG_ON(!key);
348 413
414 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
349 idx = key->conf.keyidx; 415 idx = key->conf.keyidx;
350 key->local = sdata->local; 416 key->local = sdata->local;
351 key->sdata = sdata; 417 key->sdata = sdata;
@@ -358,20 +424,13 @@ void ieee80211_key_link(struct ieee80211_key *key,
358 */ 424 */
359 if (test_sta_flags(sta, WLAN_STA_WME)) 425 if (test_sta_flags(sta, WLAN_STA_WME))
360 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA; 426 key->conf.flags |= IEEE80211_KEY_FLAG_WMM_STA;
361
362 /*
363 * This key is for a specific sta interface,
364 * inform the driver that it should try to store
365 * this key as pairwise key.
366 */
367 key->conf.flags |= IEEE80211_KEY_FLAG_PAIRWISE;
368 } else { 427 } else {
369 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 428 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
370 struct sta_info *ap; 429 struct sta_info *ap;
371 430
372 /* 431 /*
373 * We're getting a sta pointer in, 432 * We're getting a sta pointer in, so must be under
374 * so must be under RCU read lock. 433 * appropriate locking for sta_info_get().
375 */ 434 */
376 435
377 /* same here, the AP could be using QoS */ 436 /* same here, the AP could be using QoS */
@@ -386,38 +445,43 @@ void ieee80211_key_link(struct ieee80211_key *key,
386 445
387 mutex_lock(&sdata->local->key_mtx); 446 mutex_lock(&sdata->local->key_mtx);
388 447
389 if (sta) 448 if (sta && pairwise)
390 old_key = sta->key; 449 old_key = key_mtx_dereference(sdata->local, sta->ptk);
450 else if (sta)
451 old_key = key_mtx_dereference(sdata->local, sta->gtk[idx]);
391 else 452 else
392 old_key = sdata->keys[idx]; 453 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
393 454
394 __ieee80211_key_replace(sdata, sta, old_key, key); 455 __ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
395 __ieee80211_key_destroy(old_key); 456 __ieee80211_key_destroy(old_key);
396 457
397 ieee80211_debugfs_key_add(key); 458 ieee80211_debugfs_key_add(key);
398 459
399 ieee80211_key_enable_hw_accel(key); 460 ret = ieee80211_key_enable_hw_accel(key);
400 461
401 mutex_unlock(&sdata->local->key_mtx); 462 mutex_unlock(&sdata->local->key_mtx);
463
464 return ret;
402} 465}
403 466
404static void __ieee80211_key_free(struct ieee80211_key *key) 467void __ieee80211_key_free(struct ieee80211_key *key)
405{ 468{
469 if (!key)
470 return;
471
406 /* 472 /*
407 * Replace key with nothingness if it was ever used. 473 * Replace key with nothingness if it was ever used.
408 */ 474 */
409 if (key->sdata) 475 if (key->sdata)
410 __ieee80211_key_replace(key->sdata, key->sta, 476 __ieee80211_key_replace(key->sdata, key->sta,
411 key, NULL); 477 key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE,
478 key, NULL);
412 __ieee80211_key_destroy(key); 479 __ieee80211_key_destroy(key);
413} 480}
414 481
415void ieee80211_key_free(struct ieee80211_local *local, 482void ieee80211_key_free(struct ieee80211_local *local,
416 struct ieee80211_key *key) 483 struct ieee80211_key *key)
417{ 484{
418 if (!key)
419 return;
420
421 mutex_lock(&local->key_mtx); 485 mutex_lock(&local->key_mtx);
422 __ieee80211_key_free(key); 486 __ieee80211_key_free(key);
423 mutex_unlock(&local->key_mtx); 487 mutex_unlock(&local->key_mtx);
@@ -460,11 +524,12 @@ void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata)
460 524
461 mutex_lock(&sdata->local->key_mtx); 525 mutex_lock(&sdata->local->key_mtx);
462 526
463 ieee80211_debugfs_key_remove_default(sdata);
464 ieee80211_debugfs_key_remove_mgmt_default(sdata); 527 ieee80211_debugfs_key_remove_mgmt_default(sdata);
465 528
466 list_for_each_entry_safe(key, tmp, &sdata->key_list, list) 529 list_for_each_entry_safe(key, tmp, &sdata->key_list, list)
467 __ieee80211_key_free(key); 530 __ieee80211_key_free(key);
468 531
532 ieee80211_debugfs_key_update_default(sdata);
533
469 mutex_unlock(&sdata->local->key_mtx); 534 mutex_unlock(&sdata->local->key_mtx);
470} 535}
diff --git a/net/mac80211/key.h b/net/mac80211/key.h
index b665bbb7a471..d801d5351336 100644
--- a/net/mac80211/key.h
+++ b/net/mac80211/key.h
@@ -16,9 +16,11 @@
16#include <linux/rcupdate.h> 16#include <linux/rcupdate.h>
17#include <net/mac80211.h> 17#include <net/mac80211.h>
18 18
19#define NUM_DEFAULT_KEYS 4
20#define NUM_DEFAULT_MGMT_KEYS 2
21
19#define WEP_IV_LEN 4 22#define WEP_IV_LEN 4
20#define WEP_ICV_LEN 4 23#define WEP_ICV_LEN 4
21#define ALG_TKIP_KEY_LEN 32
22#define ALG_CCMP_KEY_LEN 16 24#define ALG_CCMP_KEY_LEN 16
23#define CCMP_HDR_LEN 8 25#define CCMP_HDR_LEN 8
24#define CCMP_MIC_LEN 8 26#define CCMP_MIC_LEN 8
@@ -123,25 +125,28 @@ struct ieee80211_key {
123 struct ieee80211_key_conf conf; 125 struct ieee80211_key_conf conf;
124}; 126};
125 127
126struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg, 128struct ieee80211_key *ieee80211_key_alloc(u32 cipher, int idx, size_t key_len,
127 int idx,
128 size_t key_len,
129 const u8 *key_data, 129 const u8 *key_data,
130 size_t seq_len, const u8 *seq); 130 size_t seq_len, const u8 *seq);
131/* 131/*
132 * Insert a key into data structures (sdata, sta if necessary) 132 * Insert a key into data structures (sdata, sta if necessary)
133 * to make it used, free old key. 133 * to make it used, free old key.
134 */ 134 */
135void ieee80211_key_link(struct ieee80211_key *key, 135int __must_check ieee80211_key_link(struct ieee80211_key *key,
136 struct ieee80211_sub_if_data *sdata, 136 struct ieee80211_sub_if_data *sdata,
137 struct sta_info *sta); 137 struct sta_info *sta);
138void __ieee80211_key_free(struct ieee80211_key *key);
138void ieee80211_key_free(struct ieee80211_local *local, 139void ieee80211_key_free(struct ieee80211_local *local,
139 struct ieee80211_key *key); 140 struct ieee80211_key *key);
140void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx); 141void ieee80211_set_default_key(struct ieee80211_sub_if_data *sdata, int idx,
142 bool uni, bool multi);
141void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata, 143void ieee80211_set_default_mgmt_key(struct ieee80211_sub_if_data *sdata,
142 int idx); 144 int idx);
143void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata); 145void ieee80211_free_keys(struct ieee80211_sub_if_data *sdata);
144void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata); 146void ieee80211_enable_keys(struct ieee80211_sub_if_data *sdata);
145void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata); 147void ieee80211_disable_keys(struct ieee80211_sub_if_data *sdata);
146 148
149#define key_mtx_dereference(local, ref) \
150 rcu_dereference_protected(ref, lockdep_is_held(&((local)->key_mtx)))
151
147#endif /* IEEE80211_KEY_H */ 152#endif /* IEEE80211_KEY_H */
diff --git a/net/mac80211/led.c b/net/mac80211/led.c
index 063aad944246..14590332c81c 100644
--- a/net/mac80211/led.c
+++ b/net/mac80211/led.c
@@ -54,12 +54,22 @@ void ieee80211_led_radio(struct ieee80211_local *local, bool enabled)
54 led_trigger_event(local->radio_led, LED_OFF); 54 led_trigger_event(local->radio_led, LED_OFF);
55} 55}
56 56
57void ieee80211_led_names(struct ieee80211_local *local)
58{
59 snprintf(local->rx_led_name, sizeof(local->rx_led_name),
60 "%srx", wiphy_name(local->hw.wiphy));
61 snprintf(local->tx_led_name, sizeof(local->tx_led_name),
62 "%stx", wiphy_name(local->hw.wiphy));
63 snprintf(local->assoc_led_name, sizeof(local->assoc_led_name),
64 "%sassoc", wiphy_name(local->hw.wiphy));
65 snprintf(local->radio_led_name, sizeof(local->radio_led_name),
66 "%sradio", wiphy_name(local->hw.wiphy));
67}
68
57void ieee80211_led_init(struct ieee80211_local *local) 69void ieee80211_led_init(struct ieee80211_local *local)
58{ 70{
59 local->rx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL); 71 local->rx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
60 if (local->rx_led) { 72 if (local->rx_led) {
61 snprintf(local->rx_led_name, sizeof(local->rx_led_name),
62 "%srx", wiphy_name(local->hw.wiphy));
63 local->rx_led->name = local->rx_led_name; 73 local->rx_led->name = local->rx_led_name;
64 if (led_trigger_register(local->rx_led)) { 74 if (led_trigger_register(local->rx_led)) {
65 kfree(local->rx_led); 75 kfree(local->rx_led);
@@ -69,8 +79,6 @@ void ieee80211_led_init(struct ieee80211_local *local)
69 79
70 local->tx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL); 80 local->tx_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
71 if (local->tx_led) { 81 if (local->tx_led) {
72 snprintf(local->tx_led_name, sizeof(local->tx_led_name),
73 "%stx", wiphy_name(local->hw.wiphy));
74 local->tx_led->name = local->tx_led_name; 82 local->tx_led->name = local->tx_led_name;
75 if (led_trigger_register(local->tx_led)) { 83 if (led_trigger_register(local->tx_led)) {
76 kfree(local->tx_led); 84 kfree(local->tx_led);
@@ -80,8 +88,6 @@ void ieee80211_led_init(struct ieee80211_local *local)
80 88
81 local->assoc_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL); 89 local->assoc_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
82 if (local->assoc_led) { 90 if (local->assoc_led) {
83 snprintf(local->assoc_led_name, sizeof(local->assoc_led_name),
84 "%sassoc", wiphy_name(local->hw.wiphy));
85 local->assoc_led->name = local->assoc_led_name; 91 local->assoc_led->name = local->assoc_led_name;
86 if (led_trigger_register(local->assoc_led)) { 92 if (led_trigger_register(local->assoc_led)) {
87 kfree(local->assoc_led); 93 kfree(local->assoc_led);
@@ -91,14 +97,19 @@ void ieee80211_led_init(struct ieee80211_local *local)
91 97
92 local->radio_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL); 98 local->radio_led = kzalloc(sizeof(struct led_trigger), GFP_KERNEL);
93 if (local->radio_led) { 99 if (local->radio_led) {
94 snprintf(local->radio_led_name, sizeof(local->radio_led_name),
95 "%sradio", wiphy_name(local->hw.wiphy));
96 local->radio_led->name = local->radio_led_name; 100 local->radio_led->name = local->radio_led_name;
97 if (led_trigger_register(local->radio_led)) { 101 if (led_trigger_register(local->radio_led)) {
98 kfree(local->radio_led); 102 kfree(local->radio_led);
99 local->radio_led = NULL; 103 local->radio_led = NULL;
100 } 104 }
101 } 105 }
106
107 if (local->tpt_led_trigger) {
108 if (led_trigger_register(&local->tpt_led_trigger->trig)) {
109 kfree(local->tpt_led_trigger);
110 local->tpt_led_trigger = NULL;
111 }
112 }
102} 113}
103 114
104void ieee80211_led_exit(struct ieee80211_local *local) 115void ieee80211_led_exit(struct ieee80211_local *local)
@@ -119,15 +130,18 @@ void ieee80211_led_exit(struct ieee80211_local *local)
119 led_trigger_unregister(local->rx_led); 130 led_trigger_unregister(local->rx_led);
120 kfree(local->rx_led); 131 kfree(local->rx_led);
121 } 132 }
133
134 if (local->tpt_led_trigger) {
135 led_trigger_unregister(&local->tpt_led_trigger->trig);
136 kfree(local->tpt_led_trigger);
137 }
122} 138}
123 139
124char *__ieee80211_get_radio_led_name(struct ieee80211_hw *hw) 140char *__ieee80211_get_radio_led_name(struct ieee80211_hw *hw)
125{ 141{
126 struct ieee80211_local *local = hw_to_local(hw); 142 struct ieee80211_local *local = hw_to_local(hw);
127 143
128 if (local->radio_led) 144 return local->radio_led_name;
129 return local->radio_led_name;
130 return NULL;
131} 145}
132EXPORT_SYMBOL(__ieee80211_get_radio_led_name); 146EXPORT_SYMBOL(__ieee80211_get_radio_led_name);
133 147
@@ -135,9 +149,7 @@ char *__ieee80211_get_assoc_led_name(struct ieee80211_hw *hw)
135{ 149{
136 struct ieee80211_local *local = hw_to_local(hw); 150 struct ieee80211_local *local = hw_to_local(hw);
137 151
138 if (local->assoc_led) 152 return local->assoc_led_name;
139 return local->assoc_led_name;
140 return NULL;
141} 153}
142EXPORT_SYMBOL(__ieee80211_get_assoc_led_name); 154EXPORT_SYMBOL(__ieee80211_get_assoc_led_name);
143 155
@@ -145,9 +157,7 @@ char *__ieee80211_get_tx_led_name(struct ieee80211_hw *hw)
145{ 157{
146 struct ieee80211_local *local = hw_to_local(hw); 158 struct ieee80211_local *local = hw_to_local(hw);
147 159
148 if (local->tx_led) 160 return local->tx_led_name;
149 return local->tx_led_name;
150 return NULL;
151} 161}
152EXPORT_SYMBOL(__ieee80211_get_tx_led_name); 162EXPORT_SYMBOL(__ieee80211_get_tx_led_name);
153 163
@@ -155,8 +165,144 @@ char *__ieee80211_get_rx_led_name(struct ieee80211_hw *hw)
155{ 165{
156 struct ieee80211_local *local = hw_to_local(hw); 166 struct ieee80211_local *local = hw_to_local(hw);
157 167
158 if (local->rx_led) 168 return local->rx_led_name;
159 return local->rx_led_name;
160 return NULL;
161} 169}
162EXPORT_SYMBOL(__ieee80211_get_rx_led_name); 170EXPORT_SYMBOL(__ieee80211_get_rx_led_name);
171
172static unsigned long tpt_trig_traffic(struct ieee80211_local *local,
173 struct tpt_led_trigger *tpt_trig)
174{
175 unsigned long traffic, delta;
176
177 traffic = tpt_trig->tx_bytes + tpt_trig->rx_bytes;
178
179 delta = traffic - tpt_trig->prev_traffic;
180 tpt_trig->prev_traffic = traffic;
181 return DIV_ROUND_UP(delta, 1024 / 8);
182}
183
184static void tpt_trig_timer(unsigned long data)
185{
186 struct ieee80211_local *local = (void *)data;
187 struct tpt_led_trigger *tpt_trig = local->tpt_led_trigger;
188 struct led_classdev *led_cdev;
189 unsigned long on, off, tpt;
190 int i;
191
192 if (!tpt_trig->running)
193 return;
194
195 mod_timer(&tpt_trig->timer, round_jiffies(jiffies + HZ));
196
197 tpt = tpt_trig_traffic(local, tpt_trig);
198
199 /* default to just solid on */
200 on = 1;
201 off = 0;
202
203 for (i = tpt_trig->blink_table_len - 1; i >= 0; i--) {
204 if (tpt_trig->blink_table[i].throughput < 0 ||
205 tpt > tpt_trig->blink_table[i].throughput) {
206 off = tpt_trig->blink_table[i].blink_time / 2;
207 on = tpt_trig->blink_table[i].blink_time - off;
208 break;
209 }
210 }
211
212 read_lock(&tpt_trig->trig.leddev_list_lock);
213 list_for_each_entry(led_cdev, &tpt_trig->trig.led_cdevs, trig_list)
214 led_blink_set(led_cdev, &on, &off);
215 read_unlock(&tpt_trig->trig.leddev_list_lock);
216}
217
218char *__ieee80211_create_tpt_led_trigger(struct ieee80211_hw *hw,
219 unsigned int flags,
220 const struct ieee80211_tpt_blink *blink_table,
221 unsigned int blink_table_len)
222{
223 struct ieee80211_local *local = hw_to_local(hw);
224 struct tpt_led_trigger *tpt_trig;
225
226 if (WARN_ON(local->tpt_led_trigger))
227 return NULL;
228
229 tpt_trig = kzalloc(sizeof(struct tpt_led_trigger), GFP_KERNEL);
230 if (!tpt_trig)
231 return NULL;
232
233 snprintf(tpt_trig->name, sizeof(tpt_trig->name),
234 "%stpt", wiphy_name(local->hw.wiphy));
235
236 tpt_trig->trig.name = tpt_trig->name;
237
238 tpt_trig->blink_table = blink_table;
239 tpt_trig->blink_table_len = blink_table_len;
240 tpt_trig->want = flags;
241
242 setup_timer(&tpt_trig->timer, tpt_trig_timer, (unsigned long)local);
243
244 local->tpt_led_trigger = tpt_trig;
245
246 return tpt_trig->name;
247}
248EXPORT_SYMBOL(__ieee80211_create_tpt_led_trigger);
249
250static void ieee80211_start_tpt_led_trig(struct ieee80211_local *local)
251{
252 struct tpt_led_trigger *tpt_trig = local->tpt_led_trigger;
253
254 if (tpt_trig->running)
255 return;
256
257 /* reset traffic */
258 tpt_trig_traffic(local, tpt_trig);
259 tpt_trig->running = true;
260
261 tpt_trig_timer((unsigned long)local);
262 mod_timer(&tpt_trig->timer, round_jiffies(jiffies + HZ));
263}
264
265static void ieee80211_stop_tpt_led_trig(struct ieee80211_local *local)
266{
267 struct tpt_led_trigger *tpt_trig = local->tpt_led_trigger;
268 struct led_classdev *led_cdev;
269
270 if (!tpt_trig->running)
271 return;
272
273 tpt_trig->running = false;
274 del_timer_sync(&tpt_trig->timer);
275
276 read_lock(&tpt_trig->trig.leddev_list_lock);
277 list_for_each_entry(led_cdev, &tpt_trig->trig.led_cdevs, trig_list)
278 led_brightness_set(led_cdev, LED_OFF);
279 read_unlock(&tpt_trig->trig.leddev_list_lock);
280}
281
282void ieee80211_mod_tpt_led_trig(struct ieee80211_local *local,
283 unsigned int types_on, unsigned int types_off)
284{
285 struct tpt_led_trigger *tpt_trig = local->tpt_led_trigger;
286 bool allowed;
287
288 WARN_ON(types_on & types_off);
289
290 if (!tpt_trig)
291 return;
292
293 tpt_trig->active &= ~types_off;
294 tpt_trig->active |= types_on;
295
296 /*
297 * Regardless of wanted state, we shouldn't blink when
298 * the radio is disabled -- this can happen due to some
299 * code ordering issues with __ieee80211_recalc_idle()
300 * being called before the radio is started.
301 */
302 allowed = tpt_trig->active & IEEE80211_TPT_LEDTRIG_FL_RADIO;
303
304 if (!allowed || !(tpt_trig->active & tpt_trig->want))
305 ieee80211_stop_tpt_led_trig(local);
306 else
307 ieee80211_start_tpt_led_trig(local);
308}
diff --git a/net/mac80211/led.h b/net/mac80211/led.h
index 77b1e1ba6039..e0275d9befa8 100644
--- a/net/mac80211/led.h
+++ b/net/mac80211/led.h
@@ -12,14 +12,17 @@
12#include "ieee80211_i.h" 12#include "ieee80211_i.h"
13 13
14#ifdef CONFIG_MAC80211_LEDS 14#ifdef CONFIG_MAC80211_LEDS
15extern void ieee80211_led_rx(struct ieee80211_local *local); 15void ieee80211_led_rx(struct ieee80211_local *local);
16extern void ieee80211_led_tx(struct ieee80211_local *local, int q); 16void ieee80211_led_tx(struct ieee80211_local *local, int q);
17extern void ieee80211_led_assoc(struct ieee80211_local *local, 17void ieee80211_led_assoc(struct ieee80211_local *local,
18 bool associated); 18 bool associated);
19extern void ieee80211_led_radio(struct ieee80211_local *local, 19void ieee80211_led_radio(struct ieee80211_local *local,
20 bool enabled); 20 bool enabled);
21extern void ieee80211_led_init(struct ieee80211_local *local); 21void ieee80211_led_names(struct ieee80211_local *local);
22extern void ieee80211_led_exit(struct ieee80211_local *local); 22void ieee80211_led_init(struct ieee80211_local *local);
23void ieee80211_led_exit(struct ieee80211_local *local);
24void ieee80211_mod_tpt_led_trig(struct ieee80211_local *local,
25 unsigned int types_on, unsigned int types_off);
23#else 26#else
24static inline void ieee80211_led_rx(struct ieee80211_local *local) 27static inline void ieee80211_led_rx(struct ieee80211_local *local)
25{ 28{
@@ -35,10 +38,36 @@ static inline void ieee80211_led_radio(struct ieee80211_local *local,
35 bool enabled) 38 bool enabled)
36{ 39{
37} 40}
41static inline void ieee80211_led_names(struct ieee80211_local *local)
42{
43}
38static inline void ieee80211_led_init(struct ieee80211_local *local) 44static inline void ieee80211_led_init(struct ieee80211_local *local)
39{ 45{
40} 46}
41static inline void ieee80211_led_exit(struct ieee80211_local *local) 47static inline void ieee80211_led_exit(struct ieee80211_local *local)
42{ 48{
43} 49}
50static inline void ieee80211_mod_tpt_led_trig(struct ieee80211_local *local,
51 unsigned int types_on,
52 unsigned int types_off)
53{
54}
55#endif
56
57static inline void
58ieee80211_tpt_led_trig_tx(struct ieee80211_local *local, __le16 fc, int bytes)
59{
60#ifdef CONFIG_MAC80211_LEDS
61 if (local->tpt_led_trigger && ieee80211_is_data(fc))
62 local->tpt_led_trigger->tx_bytes += bytes;
63#endif
64}
65
66static inline void
67ieee80211_tpt_led_trig_rx(struct ieee80211_local *local, __le16 fc, int bytes)
68{
69#ifdef CONFIG_MAC80211_LEDS
70 if (local->tpt_led_trigger && ieee80211_is_data(fc))
71 local->tpt_led_trigger->rx_bytes += bytes;
44#endif 72#endif
73}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
index ded5c3843e06..866f269183cf 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -33,11 +33,7 @@
33#include "cfg.h" 33#include "cfg.h"
34#include "debugfs.h" 34#include "debugfs.h"
35 35
36 36static struct lock_class_key ieee80211_rx_skb_queue_class;
37bool ieee80211_disable_40mhz_24ghz;
38module_param(ieee80211_disable_40mhz_24ghz, bool, 0644);
39MODULE_PARM_DESC(ieee80211_disable_40mhz_24ghz,
40 "Disable 40MHz support in the 2.4GHz band");
41 37
42void ieee80211_configure_filter(struct ieee80211_local *local) 38void ieee80211_configure_filter(struct ieee80211_local *local)
43{ 39{
@@ -54,6 +50,9 @@ void ieee80211_configure_filter(struct ieee80211_local *local)
54 if (local->monitors || local->scanning) 50 if (local->monitors || local->scanning)
55 new_flags |= FIF_BCN_PRBRESP_PROMISC; 51 new_flags |= FIF_BCN_PRBRESP_PROMISC;
56 52
53 if (local->fif_probe_req || local->probe_req_reg)
54 new_flags |= FIF_PROBE_REQ;
55
57 if (local->fif_fcsfail) 56 if (local->fif_fcsfail)
58 new_flags |= FIF_FCSFAIL; 57 new_flags |= FIF_FCSFAIL;
59 58
@@ -93,32 +92,89 @@ static void ieee80211_reconfig_filter(struct work_struct *work)
93 ieee80211_configure_filter(local); 92 ieee80211_configure_filter(local);
94} 93}
95 94
95/*
96 * Returns true if we are logically configured to be on
97 * the operating channel AND the hardware-conf is currently
98 * configured on the operating channel. Compares channel-type
99 * as well.
100 */
101bool ieee80211_cfg_on_oper_channel(struct ieee80211_local *local)
102{
103 struct ieee80211_channel *chan, *scan_chan;
104 enum nl80211_channel_type channel_type;
105
106 /* This logic needs to match logic in ieee80211_hw_config */
107 if (local->scan_channel) {
108 chan = local->scan_channel;
109 /* If scanning on oper channel, use whatever channel-type
110 * is currently in use.
111 */
112 if (chan == local->oper_channel)
113 channel_type = local->_oper_channel_type;
114 else
115 channel_type = NL80211_CHAN_NO_HT;
116 } else if (local->tmp_channel) {
117 chan = scan_chan = local->tmp_channel;
118 channel_type = local->tmp_channel_type;
119 } else {
120 chan = local->oper_channel;
121 channel_type = local->_oper_channel_type;
122 }
123
124 if (chan != local->oper_channel ||
125 channel_type != local->_oper_channel_type)
126 return false;
127
128 /* Check current hardware-config against oper_channel. */
129 if ((local->oper_channel != local->hw.conf.channel) ||
130 (local->_oper_channel_type != local->hw.conf.channel_type))
131 return false;
132
133 return true;
134}
135
96int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) 136int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
97{ 137{
98 struct ieee80211_channel *chan, *scan_chan; 138 struct ieee80211_channel *chan, *scan_chan;
99 int ret = 0; 139 int ret = 0;
100 int power; 140 int power;
101 enum nl80211_channel_type channel_type; 141 enum nl80211_channel_type channel_type;
142 u32 offchannel_flag;
102 143
103 might_sleep(); 144 might_sleep();
104 145
105 scan_chan = local->scan_channel; 146 scan_chan = local->scan_channel;
106 147
148 /* If this off-channel logic ever changes, ieee80211_on_oper_channel
149 * may need to change as well.
150 */
151 offchannel_flag = local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
107 if (scan_chan) { 152 if (scan_chan) {
108 chan = scan_chan; 153 chan = scan_chan;
109 channel_type = NL80211_CHAN_NO_HT; 154 /* If scanning on oper channel, use whatever channel-type
110 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL; 155 * is currently in use.
156 */
157 if (chan == local->oper_channel)
158 channel_type = local->_oper_channel_type;
159 else
160 channel_type = NL80211_CHAN_NO_HT;
111 } else if (local->tmp_channel) { 161 } else if (local->tmp_channel) {
112 chan = scan_chan = local->tmp_channel; 162 chan = scan_chan = local->tmp_channel;
113 channel_type = local->tmp_channel_type; 163 channel_type = local->tmp_channel_type;
114 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
115 } else { 164 } else {
116 chan = local->oper_channel; 165 chan = local->oper_channel;
117 channel_type = local->_oper_channel_type; 166 channel_type = local->_oper_channel_type;
118 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL;
119 } 167 }
120 168
121 if (chan != local->hw.conf.channel || 169 if (chan != local->oper_channel ||
170 channel_type != local->_oper_channel_type)
171 local->hw.conf.flags |= IEEE80211_CONF_OFFCHANNEL;
172 else
173 local->hw.conf.flags &= ~IEEE80211_CONF_OFFCHANNEL;
174
175 offchannel_flag ^= local->hw.conf.flags & IEEE80211_CONF_OFFCHANNEL;
176
177 if (offchannel_flag || chan != local->hw.conf.channel ||
122 channel_type != local->hw.conf.channel_type) { 178 channel_type != local->hw.conf.channel_type) {
123 local->hw.conf.channel = chan; 179 local->hw.conf.channel = chan;
124 local->hw.conf.channel_type = channel_type; 180 local->hw.conf.channel_type = channel_type;
@@ -137,7 +193,8 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
137 changed |= IEEE80211_CONF_CHANGE_SMPS; 193 changed |= IEEE80211_CONF_CHANGE_SMPS;
138 } 194 }
139 195
140 if (scan_chan) 196 if ((local->scanning & SCAN_SW_SCANNING) ||
197 (local->scanning & SCAN_HW_SCANNING))
141 power = chan->max_power; 198 power = chan->max_power;
142 else 199 else
143 power = local->power_constr_level ? 200 power = local->power_constr_level ?
@@ -197,6 +254,8 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
197 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid; 254 sdata->vif.bss_conf.bssid = sdata->u.ibss.bssid;
198 else if (sdata->vif.type == NL80211_IFTYPE_AP) 255 else if (sdata->vif.type == NL80211_IFTYPE_AP)
199 sdata->vif.bss_conf.bssid = sdata->vif.addr; 256 sdata->vif.bss_conf.bssid = sdata->vif.addr;
257 else if (sdata->vif.type == NL80211_IFTYPE_WDS)
258 sdata->vif.bss_conf.bssid = NULL;
200 else if (ieee80211_vif_is_mesh(&sdata->vif)) { 259 else if (ieee80211_vif_is_mesh(&sdata->vif)) {
201 sdata->vif.bss_conf.bssid = zero; 260 sdata->vif.bss_conf.bssid = zero;
202 } else { 261 } else {
@@ -207,6 +266,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
207 switch (sdata->vif.type) { 266 switch (sdata->vif.type) {
208 case NL80211_IFTYPE_AP: 267 case NL80211_IFTYPE_AP:
209 case NL80211_IFTYPE_ADHOC: 268 case NL80211_IFTYPE_ADHOC:
269 case NL80211_IFTYPE_WDS:
210 case NL80211_IFTYPE_MESH_POINT: 270 case NL80211_IFTYPE_MESH_POINT:
211 break; 271 break;
212 default: 272 default:
@@ -219,7 +279,7 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
219 279
220 if (changed & BSS_CHANGED_BEACON_ENABLED) { 280 if (changed & BSS_CHANGED_BEACON_ENABLED) {
221 if (local->quiescing || !ieee80211_sdata_running(sdata) || 281 if (local->quiescing || !ieee80211_sdata_running(sdata) ||
222 test_bit(SCAN_SW_SCANNING, &local->scanning)) { 282 test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state)) {
223 sdata->vif.bss_conf.enable_beacon = false; 283 sdata->vif.bss_conf.enable_beacon = false;
224 } else { 284 } else {
225 /* 285 /*
@@ -235,9 +295,12 @@ void ieee80211_bss_info_change_notify(struct ieee80211_sub_if_data *sdata,
235 sdata->vif.bss_conf.enable_beacon = 295 sdata->vif.bss_conf.enable_beacon =
236 !!sdata->u.ibss.presp; 296 !!sdata->u.ibss.presp;
237 break; 297 break;
298#ifdef CONFIG_MAC80211_MESH
238 case NL80211_IFTYPE_MESH_POINT: 299 case NL80211_IFTYPE_MESH_POINT:
239 sdata->vif.bss_conf.enable_beacon = true; 300 sdata->vif.bss_conf.enable_beacon =
301 !!sdata->u.mesh.mesh_id_len;
240 break; 302 break;
303#endif
241 default: 304 default:
242 /* not reached */ 305 /* not reached */
243 WARN_ON(1); 306 WARN_ON(1);
@@ -291,7 +354,17 @@ static void ieee80211_restart_work(struct work_struct *work)
291 struct ieee80211_local *local = 354 struct ieee80211_local *local =
292 container_of(work, struct ieee80211_local, restart_work); 355 container_of(work, struct ieee80211_local, restart_work);
293 356
357 /* wait for scan work complete */
358 flush_workqueue(local->workqueue);
359
360 mutex_lock(&local->mtx);
361 WARN(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
362 local->sched_scanning,
363 "%s called with hardware scan in progress\n", __func__);
364 mutex_unlock(&local->mtx);
365
294 rtnl_lock(); 366 rtnl_lock();
367 ieee80211_scan_cancel(local);
295 ieee80211_reconfig(local); 368 ieee80211_reconfig(local);
296 rtnl_unlock(); 369 rtnl_unlock();
297} 370}
@@ -302,7 +375,10 @@ void ieee80211_restart_hw(struct ieee80211_hw *hw)
302 375
303 trace_api_restart_hw(local); 376 trace_api_restart_hw(local);
304 377
305 /* use this reason, __ieee80211_resume will unblock it */ 378 wiphy_info(hw->wiphy,
379 "Hardware restart was requested\n");
380
381 /* use this reason, ieee80211_reconfig will unblock it */
306 ieee80211_stop_queues_by_reason(hw, 382 ieee80211_stop_queues_by_reason(hw,
307 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 383 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
308 384
@@ -316,7 +392,7 @@ static void ieee80211_recalc_smps_work(struct work_struct *work)
316 container_of(work, struct ieee80211_local, recalc_smps); 392 container_of(work, struct ieee80211_local, recalc_smps);
317 393
318 mutex_lock(&local->iflist_mtx); 394 mutex_lock(&local->iflist_mtx);
319 ieee80211_recalc_smps(local, NULL); 395 ieee80211_recalc_smps(local);
320 mutex_unlock(&local->iflist_mtx); 396 mutex_unlock(&local->iflist_mtx);
321} 397}
322 398
@@ -336,9 +412,6 @@ static int ieee80211_ifa_changed(struct notifier_block *nb,
336 struct ieee80211_if_managed *ifmgd; 412 struct ieee80211_if_managed *ifmgd;
337 int c = 0; 413 int c = 0;
338 414
339 if (!netif_running(ndev))
340 return NOTIFY_DONE;
341
342 /* Make sure it's our interface that got changed */ 415 /* Make sure it's our interface that got changed */
343 if (!wdev) 416 if (!wdev)
344 return NOTIFY_DONE; 417 return NOTIFY_DONE;
@@ -349,11 +422,14 @@ static int ieee80211_ifa_changed(struct notifier_block *nb,
349 sdata = IEEE80211_DEV_TO_SUB_IF(ndev); 422 sdata = IEEE80211_DEV_TO_SUB_IF(ndev);
350 bss_conf = &sdata->vif.bss_conf; 423 bss_conf = &sdata->vif.bss_conf;
351 424
425 if (!ieee80211_sdata_running(sdata))
426 return NOTIFY_DONE;
427
352 /* ARP filtering is only supported in managed mode */ 428 /* ARP filtering is only supported in managed mode */
353 if (sdata->vif.type != NL80211_IFTYPE_STATION) 429 if (sdata->vif.type != NL80211_IFTYPE_STATION)
354 return NOTIFY_DONE; 430 return NOTIFY_DONE;
355 431
356 idev = sdata->dev->ip_ptr; 432 idev = __in_dev_get_rtnl(sdata->dev);
357 if (!idev) 433 if (!idev)
358 return NOTIFY_DONE; 434 return NOTIFY_DONE;
359 435
@@ -390,6 +466,86 @@ static int ieee80211_ifa_changed(struct notifier_block *nb,
390} 466}
391#endif 467#endif
392 468
469static int ieee80211_napi_poll(struct napi_struct *napi, int budget)
470{
471 struct ieee80211_local *local =
472 container_of(napi, struct ieee80211_local, napi);
473
474 return local->ops->napi_poll(&local->hw, budget);
475}
476
477void ieee80211_napi_schedule(struct ieee80211_hw *hw)
478{
479 struct ieee80211_local *local = hw_to_local(hw);
480
481 napi_schedule(&local->napi);
482}
483EXPORT_SYMBOL(ieee80211_napi_schedule);
484
485void ieee80211_napi_complete(struct ieee80211_hw *hw)
486{
487 struct ieee80211_local *local = hw_to_local(hw);
488
489 napi_complete(&local->napi);
490}
491EXPORT_SYMBOL(ieee80211_napi_complete);
492
493/* There isn't a lot of sense in it, but you can transmit anything you like */
494static const struct ieee80211_txrx_stypes
495ieee80211_default_mgmt_stypes[NUM_NL80211_IFTYPES] = {
496 [NL80211_IFTYPE_ADHOC] = {
497 .tx = 0xffff,
498 .rx = BIT(IEEE80211_STYPE_ACTION >> 4),
499 },
500 [NL80211_IFTYPE_STATION] = {
501 .tx = 0xffff,
502 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
503 BIT(IEEE80211_STYPE_PROBE_REQ >> 4),
504 },
505 [NL80211_IFTYPE_AP] = {
506 .tx = 0xffff,
507 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
508 BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
509 BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
510 BIT(IEEE80211_STYPE_DISASSOC >> 4) |
511 BIT(IEEE80211_STYPE_AUTH >> 4) |
512 BIT(IEEE80211_STYPE_DEAUTH >> 4) |
513 BIT(IEEE80211_STYPE_ACTION >> 4),
514 },
515 [NL80211_IFTYPE_AP_VLAN] = {
516 /* copy AP */
517 .tx = 0xffff,
518 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
519 BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
520 BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
521 BIT(IEEE80211_STYPE_DISASSOC >> 4) |
522 BIT(IEEE80211_STYPE_AUTH >> 4) |
523 BIT(IEEE80211_STYPE_DEAUTH >> 4) |
524 BIT(IEEE80211_STYPE_ACTION >> 4),
525 },
526 [NL80211_IFTYPE_P2P_CLIENT] = {
527 .tx = 0xffff,
528 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
529 BIT(IEEE80211_STYPE_PROBE_REQ >> 4),
530 },
531 [NL80211_IFTYPE_P2P_GO] = {
532 .tx = 0xffff,
533 .rx = BIT(IEEE80211_STYPE_ASSOC_REQ >> 4) |
534 BIT(IEEE80211_STYPE_REASSOC_REQ >> 4) |
535 BIT(IEEE80211_STYPE_PROBE_REQ >> 4) |
536 BIT(IEEE80211_STYPE_DISASSOC >> 4) |
537 BIT(IEEE80211_STYPE_AUTH >> 4) |
538 BIT(IEEE80211_STYPE_DEAUTH >> 4) |
539 BIT(IEEE80211_STYPE_ACTION >> 4),
540 },
541 [NL80211_IFTYPE_MESH_POINT] = {
542 .tx = 0xffff,
543 .rx = BIT(IEEE80211_STYPE_ACTION >> 4) |
544 BIT(IEEE80211_STYPE_AUTH >> 4) |
545 BIT(IEEE80211_STYPE_DEAUTH >> 4),
546 },
547};
548
393struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len, 549struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
394 const struct ieee80211_ops *ops) 550 const struct ieee80211_ops *ops)
395{ 551{
@@ -419,10 +575,16 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
419 if (!wiphy) 575 if (!wiphy)
420 return NULL; 576 return NULL;
421 577
578 wiphy->mgmt_stypes = ieee80211_default_mgmt_stypes;
579
580 wiphy->privid = mac80211_wiphy_privid;
581
422 wiphy->flags |= WIPHY_FLAG_NETNS_OK | 582 wiphy->flags |= WIPHY_FLAG_NETNS_OK |
423 WIPHY_FLAG_4ADDR_AP | 583 WIPHY_FLAG_4ADDR_AP |
424 WIPHY_FLAG_4ADDR_STATION; 584 WIPHY_FLAG_4ADDR_STATION;
425 wiphy->privid = mac80211_wiphy_privid; 585
586 if (!ops->set_key)
587 wiphy->flags |= WIPHY_FLAG_IBSS_RSN;
426 588
427 wiphy->bss_priv_size = sizeof(struct ieee80211_bss); 589 wiphy->bss_priv_size = sizeof(struct ieee80211_bss);
428 590
@@ -444,6 +606,8 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
444 /* set up some defaults */ 606 /* set up some defaults */
445 local->hw.queues = 1; 607 local->hw.queues = 1;
446 local->hw.max_rates = 1; 608 local->hw.max_rates = 1;
609 local->hw.max_report_rates = 0;
610 local->hw.max_rx_aggregation_subframes = IEEE80211_MAX_AMPDU_BUF;
447 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long; 611 local->hw.conf.long_frame_max_tx_count = wiphy->retry_long;
448 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short; 612 local->hw.conf.short_frame_max_tx_count = wiphy->retry_short;
449 local->user_power_level = -1; 613 local->user_power_level = -1;
@@ -455,12 +619,22 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
455 __hw_addr_init(&local->mc_list); 619 __hw_addr_init(&local->mc_list);
456 620
457 mutex_init(&local->iflist_mtx); 621 mutex_init(&local->iflist_mtx);
458 mutex_init(&local->scan_mtx); 622 mutex_init(&local->mtx);
459 623
460 mutex_init(&local->key_mtx); 624 mutex_init(&local->key_mtx);
461 spin_lock_init(&local->filter_lock); 625 spin_lock_init(&local->filter_lock);
462 spin_lock_init(&local->queue_stop_reason_lock); 626 spin_lock_init(&local->queue_stop_reason_lock);
463 627
628 /*
629 * The rx_skb_queue is only accessed from tasklets,
630 * but other SKB queues are used from within IRQ
631 * context. Therefore, this one needs a different
632 * locking class so our direct, non-irq-safe use of
633 * the queue's lock doesn't throw lockdep warnings.
634 */
635 skb_queue_head_init_class(&local->rx_skb_queue,
636 &ieee80211_rx_skb_queue_class);
637
464 INIT_DELAYED_WORK(&local->scan_work, ieee80211_scan_work); 638 INIT_DELAYED_WORK(&local->scan_work, ieee80211_scan_work);
465 639
466 ieee80211_work_init(local); 640 ieee80211_work_init(local);
@@ -478,6 +652,9 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
478 setup_timer(&local->dynamic_ps_timer, 652 setup_timer(&local->dynamic_ps_timer,
479 ieee80211_dynamic_ps_timer, (unsigned long) local); 653 ieee80211_dynamic_ps_timer, (unsigned long) local);
480 654
655 INIT_WORK(&local->sched_scan_stopped_work,
656 ieee80211_sched_scan_stopped_work);
657
481 sta_info_init(local); 658 sta_info_init(local);
482 659
483 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) { 660 for (i = 0; i < IEEE80211_MAX_QUEUES; i++) {
@@ -494,6 +671,13 @@ struct ieee80211_hw *ieee80211_alloc_hw(size_t priv_data_len,
494 skb_queue_head_init(&local->skb_queue); 671 skb_queue_head_init(&local->skb_queue);
495 skb_queue_head_init(&local->skb_queue_unreliable); 672 skb_queue_head_init(&local->skb_queue_unreliable);
496 673
674 /* init dummy netdev for use w/ NAPI */
675 init_dummy_netdev(&local->napi_dev);
676
677 ieee80211_led_names(local);
678
679 ieee80211_hw_roc_setup(local);
680
497 return local_to_hw(local); 681 return local_to_hw(local);
498} 682}
499EXPORT_SYMBOL(ieee80211_alloc_hw); 683EXPORT_SYMBOL(ieee80211_alloc_hw);
@@ -501,11 +685,12 @@ EXPORT_SYMBOL(ieee80211_alloc_hw);
501int ieee80211_register_hw(struct ieee80211_hw *hw) 685int ieee80211_register_hw(struct ieee80211_hw *hw)
502{ 686{
503 struct ieee80211_local *local = hw_to_local(hw); 687 struct ieee80211_local *local = hw_to_local(hw);
504 int result; 688 int result, i;
505 enum ieee80211_band band; 689 enum ieee80211_band band;
506 int channels, max_bitrates; 690 int channels, max_bitrates;
507 bool supp_ht; 691 bool supp_ht;
508 static const u32 cipher_suites[] = { 692 static const u32 cipher_suites[] = {
693 /* keep WEP first, it may be removed below */
509 WLAN_CIPHER_SUITE_WEP40, 694 WLAN_CIPHER_SUITE_WEP40,
510 WLAN_CIPHER_SUITE_WEP104, 695 WLAN_CIPHER_SUITE_WEP104,
511 WLAN_CIPHER_SUITE_TKIP, 696 WLAN_CIPHER_SUITE_TKIP,
@@ -515,6 +700,16 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
515 WLAN_CIPHER_SUITE_AES_CMAC 700 WLAN_CIPHER_SUITE_AES_CMAC
516 }; 701 };
517 702
703 if ((hw->wiphy->wowlan.flags || hw->wiphy->wowlan.n_patterns)
704#ifdef CONFIG_PM
705 && (!local->ops->suspend || !local->ops->resume)
706#endif
707 )
708 return -EINVAL;
709
710 if (hw->max_report_rates == 0)
711 hw->max_report_rates = hw->max_rates;
712
518 /* 713 /*
519 * generic code guarantees at least one band, 714 * generic code guarantees at least one band,
520 * set this very early because much code assumes 715 * set this very early because much code assumes
@@ -548,11 +743,46 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
548 return -ENOMEM; 743 return -ENOMEM;
549 744
550 /* if low-level driver supports AP, we also support VLAN */ 745 /* if low-level driver supports AP, we also support VLAN */
551 if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) 746 if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_AP)) {
552 local->hw.wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN); 747 hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_AP_VLAN);
748 hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_AP_VLAN);
749 }
553 750
554 /* mac80211 always supports monitor */ 751 /* mac80211 always supports monitor */
555 local->hw.wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR); 752 hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_MONITOR);
753 hw->wiphy->software_iftypes |= BIT(NL80211_IFTYPE_MONITOR);
754
755 /*
756 * mac80211 doesn't support more than 1 channel, and also not more
757 * than one IBSS interface
758 */
759 for (i = 0; i < hw->wiphy->n_iface_combinations; i++) {
760 const struct ieee80211_iface_combination *c;
761 int j;
762
763 c = &hw->wiphy->iface_combinations[i];
764
765 if (c->num_different_channels > 1)
766 return -EINVAL;
767
768 for (j = 0; j < c->n_limits; j++)
769 if ((c->limits[j].types & BIT(NL80211_IFTYPE_ADHOC)) &&
770 c->limits[j].max > 1)
771 return -EINVAL;
772 }
773
774#ifndef CONFIG_MAC80211_MESH
775 /* mesh depends on Kconfig, but drivers should set it if they want */
776 local->hw.wiphy->interface_modes &= ~BIT(NL80211_IFTYPE_MESH_POINT);
777#endif
778
779 /* if the underlying driver supports mesh, mac80211 will (at least)
780 * provide routing of mesh authentication frames to userspace */
781 if (local->hw.wiphy->interface_modes & BIT(NL80211_IFTYPE_MESH_POINT))
782 local->hw.wiphy->flags |= WIPHY_FLAG_MESH_AUTH;
783
784 /* mac80211 supports control port protocol changing */
785 local->hw.wiphy->flags |= WIPHY_FLAG_CONTROL_PORT_PROTOCOL;
556 786
557 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 787 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
558 local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM; 788 local->hw.wiphy->signal_type = CFG80211_SIGNAL_TYPE_MBM;
@@ -566,10 +796,11 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
566 /* 796 /*
567 * Calculate scan IE length -- we need this to alloc 797 * Calculate scan IE length -- we need this to alloc
568 * memory and to subtract from the driver limit. It 798 * memory and to subtract from the driver limit. It
569 * includes the (extended) supported rates and HT 799 * includes the DS Params, (extended) supported rates, and HT
570 * information -- SSID is the driver's responsibility. 800 * information -- SSID is the driver's responsibility.
571 */ 801 */
572 local->scan_ies_len = 4 + max_bitrates; /* (ext) supp rates */ 802 local->scan_ies_len = 4 + max_bitrates /* (ext) supp rates */ +
803 3 /* DS Params */;
573 if (supp_ht) 804 if (supp_ht)
574 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap); 805 local->scan_ies_len += 2 + sizeof(struct ieee80211_ht_cap);
575 806
@@ -589,10 +820,47 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
589 if (local->hw.wiphy->max_scan_ie_len) 820 if (local->hw.wiphy->max_scan_ie_len)
590 local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len; 821 local->hw.wiphy->max_scan_ie_len -= local->scan_ies_len;
591 822
592 local->hw.wiphy->cipher_suites = cipher_suites; 823 /* Set up cipher suites unless driver already did */
593 local->hw.wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites); 824 if (!local->hw.wiphy->cipher_suites) {
594 if (!(local->hw.flags & IEEE80211_HW_MFP_CAPABLE)) 825 local->hw.wiphy->cipher_suites = cipher_suites;
595 local->hw.wiphy->n_cipher_suites--; 826 local->hw.wiphy->n_cipher_suites = ARRAY_SIZE(cipher_suites);
827 if (!(local->hw.flags & IEEE80211_HW_MFP_CAPABLE))
828 local->hw.wiphy->n_cipher_suites--;
829 }
830 if (IS_ERR(local->wep_tx_tfm) || IS_ERR(local->wep_rx_tfm)) {
831 if (local->hw.wiphy->cipher_suites == cipher_suites) {
832 local->hw.wiphy->cipher_suites += 2;
833 local->hw.wiphy->n_cipher_suites -= 2;
834 } else {
835 u32 *suites;
836 int r, w = 0;
837
838 /* Filter out WEP */
839
840 suites = kmemdup(
841 local->hw.wiphy->cipher_suites,
842 sizeof(u32) * local->hw.wiphy->n_cipher_suites,
843 GFP_KERNEL);
844 if (!suites)
845 return -ENOMEM;
846 for (r = 0; r < local->hw.wiphy->n_cipher_suites; r++) {
847 u32 suite = local->hw.wiphy->cipher_suites[r];
848 if (suite == WLAN_CIPHER_SUITE_WEP40 ||
849 suite == WLAN_CIPHER_SUITE_WEP104)
850 continue;
851 suites[w++] = suite;
852 }
853 local->hw.wiphy->cipher_suites = suites;
854 local->hw.wiphy->n_cipher_suites = w;
855 local->wiphy_ciphers_allocated = true;
856 }
857 }
858
859 if (!local->ops->remain_on_channel)
860 local->hw.wiphy->max_remain_on_channel_duration = 5000;
861
862 if (local->ops->sched_scan_start)
863 local->hw.wiphy->flags |= WIPHY_FLAG_SUPPORTS_SCHED_SCAN;
596 864
597 result = wiphy_register(local->hw.wiphy); 865 result = wiphy_register(local->hw.wiphy);
598 if (result < 0) 866 if (result < 0)
@@ -606,7 +874,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
606 hw->queues = IEEE80211_MAX_QUEUES; 874 hw->queues = IEEE80211_MAX_QUEUES;
607 875
608 local->workqueue = 876 local->workqueue =
609 create_singlethread_workqueue(wiphy_name(local->hw.wiphy)); 877 alloc_ordered_workqueue(wiphy_name(local->hw.wiphy), 0);
610 if (!local->workqueue) { 878 if (!local->workqueue) {
611 result = -ENOMEM; 879 result = -ENOMEM;
612 goto fail_workqueue; 880 goto fail_workqueue;
@@ -617,8 +885,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
617 * and we need some headroom for passing the frame to monitor 885 * and we need some headroom for passing the frame to monitor
618 * interfaces, but never both at the same time. 886 * interfaces, but never both at the same time.
619 */ 887 */
888#ifndef __CHECKER__
620 BUILD_BUG_ON(IEEE80211_TX_STATUS_HEADROOM != 889 BUILD_BUG_ON(IEEE80211_TX_STATUS_HEADROOM !=
621 sizeof(struct ieee80211_tx_status_rtap_hdr)); 890 sizeof(struct ieee80211_tx_status_rtap_hdr));
891#endif
622 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom, 892 local->tx_headroom = max_t(unsigned int , local->hw.extra_tx_headroom,
623 sizeof(struct ieee80211_tx_status_rtap_hdr)); 893 sizeof(struct ieee80211_tx_status_rtap_hdr));
624 894
@@ -635,22 +905,18 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
635 905
636 local->dynamic_ps_forced_timeout = -1; 906 local->dynamic_ps_forced_timeout = -1;
637 907
638 result = sta_info_start(local);
639 if (result < 0)
640 goto fail_sta_info;
641
642 result = ieee80211_wep_init(local); 908 result = ieee80211_wep_init(local);
643 if (result < 0) 909 if (result < 0)
644 printk(KERN_DEBUG "%s: Failed to initialize wep: %d\n", 910 wiphy_debug(local->hw.wiphy, "Failed to initialize wep: %d\n",
645 wiphy_name(local->hw.wiphy), result); 911 result);
646 912
647 rtnl_lock(); 913 rtnl_lock();
648 914
649 result = ieee80211_init_rate_ctrl_alg(local, 915 result = ieee80211_init_rate_ctrl_alg(local,
650 hw->rate_control_algorithm); 916 hw->rate_control_algorithm);
651 if (result < 0) { 917 if (result < 0) {
652 printk(KERN_DEBUG "%s: Failed to initialize rate control " 918 wiphy_debug(local->hw.wiphy,
653 "algorithm\n", wiphy_name(local->hw.wiphy)); 919 "Failed to initialize rate control algorithm\n");
654 goto fail_rate; 920 goto fail_rate;
655 } 921 }
656 922
@@ -659,8 +925,8 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
659 result = ieee80211_if_add(local, "wlan%d", NULL, 925 result = ieee80211_if_add(local, "wlan%d", NULL,
660 NL80211_IFTYPE_STATION, NULL); 926 NL80211_IFTYPE_STATION, NULL);
661 if (result) 927 if (result)
662 printk(KERN_WARNING "%s: Failed to add default virtual iface\n", 928 wiphy_warn(local->hw.wiphy,
663 wiphy_name(local->hw.wiphy)); 929 "Failed to add default virtual iface\n");
664 } 930 }
665 931
666 rtnl_unlock(); 932 rtnl_unlock();
@@ -683,6 +949,9 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
683 goto fail_ifa; 949 goto fail_ifa;
684#endif 950#endif
685 951
952 netif_napi_add(&local->napi_dev, &local->napi, ieee80211_napi_poll,
953 local->hw.napi_weight);
954
686 return 0; 955 return 0;
687 956
688#ifdef CONFIG_INET 957#ifdef CONFIG_INET
@@ -698,11 +967,12 @@ int ieee80211_register_hw(struct ieee80211_hw *hw)
698 rtnl_unlock(); 967 rtnl_unlock();
699 ieee80211_wep_free(local); 968 ieee80211_wep_free(local);
700 sta_info_stop(local); 969 sta_info_stop(local);
701 fail_sta_info:
702 destroy_workqueue(local->workqueue); 970 destroy_workqueue(local->workqueue);
703 fail_workqueue: 971 fail_workqueue:
704 wiphy_unregister(local->hw.wiphy); 972 wiphy_unregister(local->hw.wiphy);
705 fail_wiphy_register: 973 fail_wiphy_register:
974 if (local->wiphy_ciphers_allocated)
975 kfree(local->hw.wiphy->cipher_suites);
706 kfree(local->int_scan_req); 976 kfree(local->int_scan_req);
707 return result; 977 return result;
708} 978}
@@ -738,6 +1008,7 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
738 */ 1008 */
739 del_timer_sync(&local->work_timer); 1009 del_timer_sync(&local->work_timer);
740 1010
1011 cancel_work_sync(&local->restart_work);
741 cancel_work_sync(&local->reconfig_filter); 1012 cancel_work_sync(&local->reconfig_filter);
742 1013
743 ieee80211_clear_tx_pending(local); 1014 ieee80211_clear_tx_pending(local);
@@ -746,10 +1017,10 @@ void ieee80211_unregister_hw(struct ieee80211_hw *hw)
746 1017
747 if (skb_queue_len(&local->skb_queue) || 1018 if (skb_queue_len(&local->skb_queue) ||
748 skb_queue_len(&local->skb_queue_unreliable)) 1019 skb_queue_len(&local->skb_queue_unreliable))
749 printk(KERN_WARNING "%s: skb_queue not empty\n", 1020 wiphy_warn(local->hw.wiphy, "skb_queue not empty\n");
750 wiphy_name(local->hw.wiphy));
751 skb_queue_purge(&local->skb_queue); 1021 skb_queue_purge(&local->skb_queue);
752 skb_queue_purge(&local->skb_queue_unreliable); 1022 skb_queue_purge(&local->skb_queue_unreliable);
1023 skb_queue_purge(&local->rx_skb_queue);
753 1024
754 destroy_workqueue(local->workqueue); 1025 destroy_workqueue(local->workqueue);
755 wiphy_unregister(local->hw.wiphy); 1026 wiphy_unregister(local->hw.wiphy);
@@ -764,7 +1035,10 @@ void ieee80211_free_hw(struct ieee80211_hw *hw)
764 struct ieee80211_local *local = hw_to_local(hw); 1035 struct ieee80211_local *local = hw_to_local(hw);
765 1036
766 mutex_destroy(&local->iflist_mtx); 1037 mutex_destroy(&local->iflist_mtx);
767 mutex_destroy(&local->scan_mtx); 1038 mutex_destroy(&local->mtx);
1039
1040 if (local->wiphy_ciphers_allocated)
1041 kfree(local->hw.wiphy->cipher_suites);
768 1042
769 wiphy_free(local->hw.wiphy); 1043 wiphy_free(local->hw.wiphy);
770} 1044}
@@ -812,16 +1086,12 @@ static void __exit ieee80211_exit(void)
812 rc80211_minstrel_ht_exit(); 1086 rc80211_minstrel_ht_exit();
813 rc80211_minstrel_exit(); 1087 rc80211_minstrel_exit();
814 1088
815 /*
816 * For key todo, it'll be empty by now but the work
817 * might still be scheduled.
818 */
819 flush_scheduled_work();
820
821 if (mesh_allocated) 1089 if (mesh_allocated)
822 ieee80211s_stop(); 1090 ieee80211s_stop();
823 1091
824 ieee80211_iface_exit(); 1092 ieee80211_iface_exit();
1093
1094 rcu_barrier();
825} 1095}
826 1096
827 1097
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index c8a4f19ed13b..29e9980c8e60 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -124,15 +124,6 @@ void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata)
124 ieee80211_mesh_housekeeping_timer((unsigned long) sdata); 124 ieee80211_mesh_housekeeping_timer((unsigned long) sdata);
125} 125}
126 126
127void mesh_ids_set_default(struct ieee80211_if_mesh *sta)
128{
129 sta->mesh_pp_id = 0; /* HWMP */
130 sta->mesh_pm_id = 0; /* Airtime */
131 sta->mesh_cc_id = 0; /* Disabled */
132 sta->mesh_sp_id = 0; /* Neighbor Offset */
133 sta->mesh_auth_id = 0; /* Disabled */
134}
135
136int mesh_rmc_init(struct ieee80211_sub_if_data *sdata) 127int mesh_rmc_init(struct ieee80211_sub_if_data *sdata)
137{ 128{
138 int i; 129 int i;
@@ -287,49 +278,13 @@ void mesh_mgmt_ies_add(struct sk_buff *skb, struct ieee80211_sub_if_data *sdata)
287 *pos++ |= sdata->u.mesh.accepting_plinks ? 278 *pos++ |= sdata->u.mesh.accepting_plinks ?
288 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00; 279 MESHCONF_CAPAB_ACCEPT_PLINKS : 0x00;
289 *pos++ = 0x00; 280 *pos++ = 0x00;
290}
291 281
292u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata, struct mesh_table *tbl) 282 if (sdata->u.mesh.ie) {
293{ 283 int len = sdata->u.mesh.ie_len;
294 /* Use last four bytes of hw addr and interface index as hash index */ 284 const u8 *data = sdata->u.mesh.ie;
295 return jhash_2words(*(u32 *)(addr+2), sdata->dev->ifindex, tbl->hash_rnd) 285 if (skb_tailroom(skb) > len)
296 & tbl->hash_mask; 286 memcpy(skb_put(skb, len), data, len);
297}
298
299struct mesh_table *mesh_table_alloc(int size_order)
300{
301 int i;
302 struct mesh_table *newtbl;
303
304 newtbl = kmalloc(sizeof(struct mesh_table), GFP_KERNEL);
305 if (!newtbl)
306 return NULL;
307
308 newtbl->hash_buckets = kzalloc(sizeof(struct hlist_head) *
309 (1 << size_order), GFP_KERNEL);
310
311 if (!newtbl->hash_buckets) {
312 kfree(newtbl);
313 return NULL;
314 } 287 }
315
316 newtbl->hashwlock = kmalloc(sizeof(spinlock_t) *
317 (1 << size_order), GFP_KERNEL);
318 if (!newtbl->hashwlock) {
319 kfree(newtbl->hash_buckets);
320 kfree(newtbl);
321 return NULL;
322 }
323
324 newtbl->size_order = size_order;
325 newtbl->hash_mask = (1 << size_order) - 1;
326 atomic_set(&newtbl->entries, 0);
327 get_random_bytes(&newtbl->hash_rnd,
328 sizeof(newtbl->hash_rnd));
329 for (i = 0; i <= newtbl->hash_mask; i++)
330 spin_lock_init(&newtbl->hashwlock[i]);
331
332 return newtbl;
333} 288}
334 289
335 290
@@ -412,39 +367,33 @@ int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
412 * ieee80211_new_mesh_header - create a new mesh header 367 * ieee80211_new_mesh_header - create a new mesh header
413 * @meshhdr: uninitialized mesh header 368 * @meshhdr: uninitialized mesh header
414 * @sdata: mesh interface to be used 369 * @sdata: mesh interface to be used
415 * @addr4: addr4 of the mesh frame (1st in ae header) 370 * @addr4or5: 1st address in the ae header, which may correspond to address 4
416 * may be NULL 371 * (if addr6 is NULL) or address 5 (if addr6 is present). It may
417 * @addr5: addr5 of the mesh frame (1st or 2nd in ae header) 372 * be NULL.
418 * may be NULL unless addr6 is present 373 * @addr6: 2nd address in the ae header, which corresponds to addr6 of the
419 * @addr6: addr6 of the mesh frame (2nd or 3rd in ae header) 374 * mesh frame
420 * may be NULL unless addr5 is present
421 * 375 *
422 * Return the header length. 376 * Return the header length.
423 */ 377 */
424int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr, 378int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr,
425 struct ieee80211_sub_if_data *sdata, char *addr4, 379 struct ieee80211_sub_if_data *sdata, char *addr4or5,
426 char *addr5, char *addr6) 380 char *addr6)
427{ 381{
428 int aelen = 0; 382 int aelen = 0;
383 BUG_ON(!addr4or5 && addr6);
429 memset(meshhdr, 0, sizeof(*meshhdr)); 384 memset(meshhdr, 0, sizeof(*meshhdr));
430 meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 385 meshhdr->ttl = sdata->u.mesh.mshcfg.dot11MeshTTL;
431 put_unaligned(cpu_to_le32(sdata->u.mesh.mesh_seqnum), &meshhdr->seqnum); 386 put_unaligned(cpu_to_le32(sdata->u.mesh.mesh_seqnum), &meshhdr->seqnum);
432 sdata->u.mesh.mesh_seqnum++; 387 sdata->u.mesh.mesh_seqnum++;
433 if (addr4) { 388 if (addr4or5 && !addr6) {
434 meshhdr->flags |= MESH_FLAGS_AE_A4; 389 meshhdr->flags |= MESH_FLAGS_AE_A4;
435 aelen += ETH_ALEN; 390 aelen += ETH_ALEN;
436 memcpy(meshhdr->eaddr1, addr4, ETH_ALEN); 391 memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
437 } 392 } else if (addr4or5 && addr6) {
438 if (addr5 && addr6) {
439 meshhdr->flags |= MESH_FLAGS_AE_A5_A6; 393 meshhdr->flags |= MESH_FLAGS_AE_A5_A6;
440 aelen += 2 * ETH_ALEN; 394 aelen += 2 * ETH_ALEN;
441 if (!addr4) { 395 memcpy(meshhdr->eaddr1, addr4or5, ETH_ALEN);
442 memcpy(meshhdr->eaddr1, addr5, ETH_ALEN); 396 memcpy(meshhdr->eaddr2, addr6, ETH_ALEN);
443 memcpy(meshhdr->eaddr2, addr6, ETH_ALEN);
444 } else {
445 memcpy(meshhdr->eaddr2, addr5, ETH_ALEN);
446 memcpy(meshhdr->eaddr3, addr6, ETH_ALEN);
447 }
448 } 397 }
449 return 6 + aelen; 398 return 6 + aelen;
450} 399}
@@ -513,6 +462,14 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
513 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 462 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
514 struct ieee80211_local *local = sdata->local; 463 struct ieee80211_local *local = sdata->local;
515 464
465 local->fif_other_bss++;
466 /* mesh ifaces must set allmulti to forward mcast traffic */
467 atomic_inc(&local->iff_allmultis);
468 ieee80211_configure_filter(local);
469
470 ifmsh->mesh_cc_id = 0; /* Disabled */
471 ifmsh->mesh_sp_id = 0; /* Neighbor Offset */
472 ifmsh->mesh_auth_id = 0; /* Disabled */
516 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags); 473 set_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags);
517 ieee80211_mesh_root_setup(ifmsh); 474 ieee80211_mesh_root_setup(ifmsh);
518 ieee80211_queue_work(&local->hw, &sdata->work); 475 ieee80211_queue_work(&local->hw, &sdata->work);
@@ -524,6 +481,13 @@ void ieee80211_start_mesh(struct ieee80211_sub_if_data *sdata)
524 481
525void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata) 482void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
526{ 483{
484 struct ieee80211_local *local = sdata->local;
485 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
486
487 ifmsh->mesh_id_len = 0;
488 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON_ENABLED);
489 sta_info_flush(local, NULL);
490
527 del_timer_sync(&sdata->u.mesh.housekeeping_timer); 491 del_timer_sync(&sdata->u.mesh.housekeeping_timer);
528 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer); 492 del_timer_sync(&sdata->u.mesh.mesh_path_root_timer);
529 /* 493 /*
@@ -534,6 +498,10 @@ void ieee80211_stop_mesh(struct ieee80211_sub_if_data *sdata)
534 * it no longer is. 498 * it no longer is.
535 */ 499 */
536 cancel_work_sync(&sdata->work); 500 cancel_work_sync(&sdata->work);
501
502 local->fif_other_bss--;
503 atomic_dec(&local->iff_allmultis);
504 ieee80211_configure_filter(local);
537} 505}
538 506
539static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata, 507static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
@@ -562,8 +530,12 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
562 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen, 530 ieee802_11_parse_elems(mgmt->u.probe_resp.variable, len - baselen,
563 &elems); 531 &elems);
564 532
533 /* ignore beacons from secure mesh peers if our security is off */
534 if (elems.rsn_len && sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE)
535 return;
536
565 if (elems.ds_params && elems.ds_params_len == 1) 537 if (elems.ds_params && elems.ds_params_len == 1)
566 freq = ieee80211_channel_to_frequency(elems.ds_params[0]); 538 freq = ieee80211_channel_to_frequency(elems.ds_params[0], band);
567 else 539 else
568 freq = rx_status->freq; 540 freq = rx_status->freq;
569 541
@@ -575,9 +547,7 @@ static void ieee80211_mesh_rx_bcn_presp(struct ieee80211_sub_if_data *sdata,
575 if (elems.mesh_id && elems.mesh_config && 547 if (elems.mesh_id && elems.mesh_config &&
576 mesh_matches_local(&elems, sdata)) { 548 mesh_matches_local(&elems, sdata)) {
577 supp_rates = ieee80211_sta_get_rates(local, &elems, band); 549 supp_rates = ieee80211_sta_get_rates(local, &elems, band);
578 550 mesh_neighbour_update(mgmt->sa, supp_rates, sdata, &elems);
579 mesh_neighbour_update(mgmt->sa, supp_rates, sdata,
580 mesh_peer_accepts_plinks(&elems));
581 } 551 }
582} 552}
583 553
@@ -587,7 +557,7 @@ static void ieee80211_mesh_rx_mgmt_action(struct ieee80211_sub_if_data *sdata,
587 struct ieee80211_rx_status *rx_status) 557 struct ieee80211_rx_status *rx_status)
588{ 558{
589 switch (mgmt->u.action.category) { 559 switch (mgmt->u.action.category) {
590 case WLAN_CATEGORY_MESH_PLINK: 560 case WLAN_CATEGORY_MESH_ACTION:
591 mesh_rx_plink_frame(sdata, mgmt, len, rx_status); 561 mesh_rx_plink_frame(sdata, mgmt, len, rx_status);
592 break; 562 break;
593 case WLAN_CATEGORY_MESH_PATH_SEL: 563 case WLAN_CATEGORY_MESH_PATH_SEL:
@@ -600,12 +570,9 @@ void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
600 struct sk_buff *skb) 570 struct sk_buff *skb)
601{ 571{
602 struct ieee80211_rx_status *rx_status; 572 struct ieee80211_rx_status *rx_status;
603 struct ieee80211_if_mesh *ifmsh;
604 struct ieee80211_mgmt *mgmt; 573 struct ieee80211_mgmt *mgmt;
605 u16 stype; 574 u16 stype;
606 575
607 ifmsh = &sdata->u.mesh;
608
609 rx_status = IEEE80211_SKB_RXCB(skb); 576 rx_status = IEEE80211_SKB_RXCB(skb);
610 mgmt = (struct ieee80211_mgmt *) skb->data; 577 mgmt = (struct ieee80211_mgmt *) skb->data;
611 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE; 578 stype = le16_to_cpu(mgmt->frame_control) & IEEE80211_FCTL_STYPE;
@@ -634,7 +601,7 @@ void ieee80211_mesh_work(struct ieee80211_sub_if_data *sdata)
634 if (test_and_clear_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags)) 601 if (test_and_clear_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags))
635 mesh_mpath_table_grow(); 602 mesh_mpath_table_grow();
636 603
637 if (test_and_clear_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags)) 604 if (test_and_clear_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags))
638 mesh_mpp_table_grow(); 605 mesh_mpp_table_grow();
639 606
640 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags)) 607 if (test_and_clear_bit(MESH_WORK_HOUSEKEEPING, &ifmsh->wrkq_flags))
@@ -663,26 +630,6 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
663 ieee80211_mesh_housekeeping_timer, 630 ieee80211_mesh_housekeeping_timer,
664 (unsigned long) sdata); 631 (unsigned long) sdata);
665 632
666 ifmsh->mshcfg.dot11MeshRetryTimeout = MESH_RET_T;
667 ifmsh->mshcfg.dot11MeshConfirmTimeout = MESH_CONF_T;
668 ifmsh->mshcfg.dot11MeshHoldingTimeout = MESH_HOLD_T;
669 ifmsh->mshcfg.dot11MeshMaxRetries = MESH_MAX_RETR;
670 ifmsh->mshcfg.dot11MeshTTL = MESH_TTL;
671 ifmsh->mshcfg.auto_open_plinks = true;
672 ifmsh->mshcfg.dot11MeshMaxPeerLinks =
673 MESH_MAX_ESTAB_PLINKS;
674 ifmsh->mshcfg.dot11MeshHWMPactivePathTimeout =
675 MESH_PATH_TIMEOUT;
676 ifmsh->mshcfg.dot11MeshHWMPpreqMinInterval =
677 MESH_PREQ_MIN_INT;
678 ifmsh->mshcfg.dot11MeshHWMPnetDiameterTraversalTime =
679 MESH_DIAM_TRAVERSAL_TIME;
680 ifmsh->mshcfg.dot11MeshHWMPmaxPREQretries =
681 MESH_MAX_PREQ_RETRIES;
682 ifmsh->mshcfg.path_refresh_time =
683 MESH_PATH_REFRESH_TIME;
684 ifmsh->mshcfg.min_discovery_timeout =
685 MESH_MIN_DISCOVERY_TIMEOUT;
686 ifmsh->accepting_plinks = true; 633 ifmsh->accepting_plinks = true;
687 ifmsh->preq_id = 0; 634 ifmsh->preq_id = 0;
688 ifmsh->sn = 0; 635 ifmsh->sn = 0;
@@ -692,7 +639,6 @@ void ieee80211_mesh_init_sdata(struct ieee80211_sub_if_data *sdata)
692 /* Allocate all mesh structures when creating the first mesh interface. */ 639 /* Allocate all mesh structures when creating the first mesh interface. */
693 if (!mesh_allocated) 640 if (!mesh_allocated)
694 ieee80211s_init(); 641 ieee80211s_init();
695 mesh_ids_set_default(ifmsh);
696 setup_timer(&ifmsh->mesh_path_timer, 642 setup_timer(&ifmsh->mesh_path_timer,
697 ieee80211_mesh_path_timer, 643 ieee80211_mesh_path_timer,
698 (unsigned long) sdata); 644 (unsigned long) sdata);
diff --git a/net/mac80211/mesh.h b/net/mac80211/mesh.h
index ebd3f1d9d889..249e733362e7 100644
--- a/net/mac80211/mesh.h
+++ b/net/mac80211/mesh.h
@@ -92,7 +92,7 @@ struct mesh_path {
92 u8 dst[ETH_ALEN]; 92 u8 dst[ETH_ALEN];
93 u8 mpp[ETH_ALEN]; /* used for MPP or MAP */ 93 u8 mpp[ETH_ALEN]; /* used for MPP or MAP */
94 struct ieee80211_sub_if_data *sdata; 94 struct ieee80211_sub_if_data *sdata;
95 struct sta_info *next_hop; 95 struct sta_info __rcu *next_hop;
96 struct timer_list timer; 96 struct timer_list timer;
97 struct sk_buff_head frame_queue; 97 struct sk_buff_head frame_queue;
98 struct rcu_head rcu; 98 struct rcu_head rcu;
@@ -115,11 +115,12 @@ struct mesh_path {
115 * @hash_rnd: random value used for hash computations 115 * @hash_rnd: random value used for hash computations
116 * @entries: number of entries in the table 116 * @entries: number of entries in the table
117 * @free_node: function to free nodes of the table 117 * @free_node: function to free nodes of the table
118 * @copy_node: fuction to copy nodes of the table 118 * @copy_node: function to copy nodes of the table
119 * @size_order: determines size of the table, there will be 2^size_order hash 119 * @size_order: determines size of the table, there will be 2^size_order hash
120 * buckets 120 * buckets
121 * @mean_chain_len: maximum average length for the hash buckets' list, if it is 121 * @mean_chain_len: maximum average length for the hash buckets' list, if it is
122 * reached, the table will grow 122 * reached, the table will grow
123 * rcu_head: RCU head to free the table
123 */ 124 */
124struct mesh_table { 125struct mesh_table {
125 /* Number of buckets will be 2^N */ 126 /* Number of buckets will be 2^N */
@@ -132,6 +133,8 @@ struct mesh_table {
132 int (*copy_node) (struct hlist_node *p, struct mesh_table *newtbl); 133 int (*copy_node) (struct hlist_node *p, struct mesh_table *newtbl);
133 int size_order; 134 int size_order;
134 int mean_chain_len; 135 int mean_chain_len;
136
137 struct rcu_head rcu_head;
135}; 138};
136 139
137/* Recent multicast cache */ 140/* Recent multicast cache */
@@ -164,44 +167,10 @@ struct mesh_rmc {
164}; 167};
165 168
166 169
167/*
168 * MESH_CFG_COMP_LEN Includes:
169 * - Active path selection protocol ID.
170 * - Active path selection metric ID.
171 * - Congestion control mode identifier.
172 * - Channel precedence.
173 * Does not include mesh capabilities, which may vary across nodes in the same
174 * mesh
175 */
176#define MESH_CFG_CMP_LEN (IEEE80211_MESH_CONFIG_LEN - 2)
177
178/* Default values, timeouts in ms */
179#define MESH_TTL 31
180#define MESH_MAX_RETR 3
181#define MESH_RET_T 100
182#define MESH_CONF_T 100
183#define MESH_HOLD_T 100
184
185#define MESH_PATH_TIMEOUT 5000
186/* Minimum interval between two consecutive PREQs originated by the same
187 * interface
188 */
189#define MESH_PREQ_MIN_INT 10
190#define MESH_DIAM_TRAVERSAL_TIME 50
191/* A path will be refreshed if it is used PATH_REFRESH_TIME milliseconds before
192 * timing out. This way it will remain ACTIVE and no data frames will be
193 * unnecesarily held in the pending queue.
194 */
195#define MESH_PATH_REFRESH_TIME 1000
196#define MESH_MIN_DISCOVERY_TIMEOUT (2 * MESH_DIAM_TRAVERSAL_TIME)
197#define MESH_DEFAULT_BEACON_INTERVAL 1000 /* in 1024 us units */ 170#define MESH_DEFAULT_BEACON_INTERVAL 1000 /* in 1024 us units */
198 171
199#define MESH_MAX_PREQ_RETRIES 4
200#define MESH_PATH_EXPIRE (600 * HZ) 172#define MESH_PATH_EXPIRE (600 * HZ)
201 173
202/* Default maximum number of established plinks per interface */
203#define MESH_MAX_ESTAB_PLINKS 32
204
205/* Default maximum number of plinks per interface */ 174/* Default maximum number of plinks per interface */
206#define MESH_MAX_PLINKS 256 175#define MESH_MAX_PLINKS 256
207 176
@@ -221,8 +190,8 @@ struct mesh_rmc {
221int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc, 190int ieee80211_fill_mesh_addresses(struct ieee80211_hdr *hdr, __le16 *fc,
222 const u8 *da, const u8 *sa); 191 const u8 *da, const u8 *sa);
223int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr, 192int ieee80211_new_mesh_header(struct ieee80211s_hdr *meshhdr,
224 struct ieee80211_sub_if_data *sdata, char *addr4, 193 struct ieee80211_sub_if_data *sdata, char *addr4or5,
225 char *addr5, char *addr6); 194 char *addr6);
226int mesh_rmc_check(u8 *addr, struct ieee80211s_hdr *mesh_hdr, 195int mesh_rmc_check(u8 *addr, struct ieee80211s_hdr *mesh_hdr,
227 struct ieee80211_sub_if_data *sdata); 196 struct ieee80211_sub_if_data *sdata);
228bool mesh_matches_local(struct ieee802_11_elems *ie, 197bool mesh_matches_local(struct ieee802_11_elems *ie,
@@ -260,7 +229,8 @@ void mesh_rx_path_sel_frame(struct ieee80211_sub_if_data *sdata,
260int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata); 229int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata);
261/* Mesh plinks */ 230/* Mesh plinks */
262void mesh_neighbour_update(u8 *hw_addr, u32 rates, 231void mesh_neighbour_update(u8 *hw_addr, u32 rates,
263 struct ieee80211_sub_if_data *sdata, bool add); 232 struct ieee80211_sub_if_data *sdata,
233 struct ieee802_11_elems *ie);
264bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie); 234bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie);
265void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata); 235void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);
266void mesh_plink_broken(struct sta_info *sta); 236void mesh_plink_broken(struct sta_info *sta);
@@ -273,12 +243,8 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata,
273 243
274/* Private interfaces */ 244/* Private interfaces */
275/* Mesh tables */ 245/* Mesh tables */
276struct mesh_table *mesh_table_alloc(int size_order);
277void mesh_table_free(struct mesh_table *tbl, bool free_leafs);
278void mesh_mpath_table_grow(void); 246void mesh_mpath_table_grow(void);
279void mesh_mpp_table_grow(void); 247void mesh_mpp_table_grow(void);
280u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata,
281 struct mesh_table *tbl);
282/* Mesh paths */ 248/* Mesh paths */
283int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn, __le16 target_rcode, 249int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn, __le16 target_rcode,
284 const u8 *ra, struct ieee80211_sub_if_data *sdata); 250 const u8 *ra, struct ieee80211_sub_if_data *sdata);
@@ -318,9 +284,10 @@ static inline void mesh_path_activate(struct mesh_path *mpath)
318 mpath->flags |= MESH_PATH_ACTIVE | MESH_PATH_RESOLVED; 284 mpath->flags |= MESH_PATH_ACTIVE | MESH_PATH_RESOLVED;
319} 285}
320 286
321#define for_each_mesh_entry(x, p, node, i) \ 287static inline bool mesh_path_sel_is_hwmp(struct ieee80211_sub_if_data *sdata)
322 for (i = 0; i <= x->hash_mask; i++) \ 288{
323 hlist_for_each_entry_rcu(node, p, &x->hash_buckets[i], list) 289 return sdata->u.mesh.mesh_pp_id == IEEE80211_PATH_PROTOCOL_HWMP;
290}
324 291
325void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local); 292void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local);
326 293
@@ -338,6 +305,8 @@ static inline void ieee80211_mesh_restart(struct ieee80211_sub_if_data *sdata)
338{} 305{}
339static inline void mesh_plink_quiesce(struct sta_info *sta) {} 306static inline void mesh_plink_quiesce(struct sta_info *sta) {}
340static inline void mesh_plink_restart(struct sta_info *sta) {} 307static inline void mesh_plink_restart(struct sta_info *sta) {}
308static inline bool mesh_path_sel_is_hwmp(struct ieee80211_sub_if_data *sdata)
309{ return false; }
341#endif 310#endif
342 311
343#endif /* IEEE80211S_H */ 312#endif /* IEEE80211S_H */
diff --git a/net/mac80211/mesh_hwmp.c b/net/mac80211/mesh_hwmp.c
index 829e08a657d0..2b18053070c1 100644
--- a/net/mac80211/mesh_hwmp.c
+++ b/net/mac80211/mesh_hwmp.c
@@ -232,7 +232,7 @@ int mesh_path_error_tx(u8 ttl, u8 *target, __le32 target_sn,
232 *pos++ = WLAN_EID_PERR; 232 *pos++ = WLAN_EID_PERR;
233 *pos++ = ie_len; 233 *pos++ = ie_len;
234 /* ttl */ 234 /* ttl */
235 *pos++ = MESH_TTL; 235 *pos++ = ttl;
236 /* number of destinations */ 236 /* number of destinations */
237 *pos++ = 1; 237 *pos++ = 1;
238 /* 238 /*
@@ -391,7 +391,6 @@ static u32 hwmp_route_info_get(struct ieee80211_sub_if_data *sdata,
391 (mpath->flags & MESH_PATH_SN_VALID)) { 391 (mpath->flags & MESH_PATH_SN_VALID)) {
392 if (SN_GT(mpath->sn, orig_sn) || 392 if (SN_GT(mpath->sn, orig_sn) ||
393 (mpath->sn == orig_sn && 393 (mpath->sn == orig_sn &&
394 action == MPATH_PREQ &&
395 new_metric >= mpath->metric)) { 394 new_metric >= mpath->metric)) {
396 process = false; 395 process = false;
397 fresh_info = false; 396 fresh_info = false;
@@ -522,7 +521,7 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
522 521
523 if (reply) { 522 if (reply) {
524 lifetime = PREQ_IE_LIFETIME(preq_elem); 523 lifetime = PREQ_IE_LIFETIME(preq_elem);
525 ttl = ifmsh->mshcfg.dot11MeshTTL; 524 ttl = ifmsh->mshcfg.element_ttl;
526 if (ttl != 0) { 525 if (ttl != 0) {
527 mhwmp_dbg("replying to the PREQ\n"); 526 mhwmp_dbg("replying to the PREQ\n");
528 mesh_path_sel_frame_tx(MPATH_PREP, 0, target_addr, 527 mesh_path_sel_frame_tx(MPATH_PREP, 0, target_addr,
@@ -561,6 +560,14 @@ static void hwmp_preq_frame_process(struct ieee80211_sub_if_data *sdata,
561} 560}
562 561
563 562
563static inline struct sta_info *
564next_hop_deref_protected(struct mesh_path *mpath)
565{
566 return rcu_dereference_protected(mpath->next_hop,
567 lockdep_is_held(&mpath->state_lock));
568}
569
570
564static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata, 571static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
565 struct ieee80211_mgmt *mgmt, 572 struct ieee80211_mgmt *mgmt,
566 u8 *prep_elem, u32 metric) 573 u8 *prep_elem, u32 metric)
@@ -600,7 +607,7 @@ static void hwmp_prep_frame_process(struct ieee80211_sub_if_data *sdata,
600 spin_unlock_bh(&mpath->state_lock); 607 spin_unlock_bh(&mpath->state_lock);
601 goto fail; 608 goto fail;
602 } 609 }
603 memcpy(next_hop, mpath->next_hop->sta.addr, ETH_ALEN); 610 memcpy(next_hop, next_hop_deref_protected(mpath)->sta.addr, ETH_ALEN);
604 spin_unlock_bh(&mpath->state_lock); 611 spin_unlock_bh(&mpath->state_lock);
605 --ttl; 612 --ttl;
606 flags = PREP_IE_FLAGS(prep_elem); 613 flags = PREP_IE_FLAGS(prep_elem);
@@ -633,7 +640,6 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
633 struct mesh_path *mpath; 640 struct mesh_path *mpath;
634 u8 ttl; 641 u8 ttl;
635 u8 *ta, *target_addr; 642 u8 *ta, *target_addr;
636 u8 target_flags;
637 u32 target_sn; 643 u32 target_sn;
638 u16 target_rcode; 644 u16 target_rcode;
639 645
@@ -644,7 +650,6 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
644 return; 650 return;
645 } 651 }
646 ttl--; 652 ttl--;
647 target_flags = PERR_IE_TARGET_FLAGS(perr_elem);
648 target_addr = PERR_IE_TARGET_ADDR(perr_elem); 653 target_addr = PERR_IE_TARGET_ADDR(perr_elem);
649 target_sn = PERR_IE_TARGET_SN(perr_elem); 654 target_sn = PERR_IE_TARGET_SN(perr_elem);
650 target_rcode = PERR_IE_TARGET_RCODE(perr_elem); 655 target_rcode = PERR_IE_TARGET_RCODE(perr_elem);
@@ -654,7 +659,8 @@ static void hwmp_perr_frame_process(struct ieee80211_sub_if_data *sdata,
654 if (mpath) { 659 if (mpath) {
655 spin_lock_bh(&mpath->state_lock); 660 spin_lock_bh(&mpath->state_lock);
656 if (mpath->flags & MESH_PATH_ACTIVE && 661 if (mpath->flags & MESH_PATH_ACTIVE &&
657 memcmp(ta, mpath->next_hop->sta.addr, ETH_ALEN) == 0 && 662 memcmp(ta, next_hop_deref_protected(mpath)->sta.addr,
663 ETH_ALEN) == 0 &&
658 (!(mpath->flags & MESH_PATH_SN_VALID) || 664 (!(mpath->flags & MESH_PATH_SN_VALID) ||
659 SN_GT(target_sn, mpath->sn))) { 665 SN_GT(target_sn, mpath->sn))) {
660 mpath->flags &= ~MESH_PATH_ACTIVE; 666 mpath->flags &= ~MESH_PATH_ACTIVE;
@@ -675,12 +681,10 @@ static void hwmp_rann_frame_process(struct ieee80211_sub_if_data *sdata,
675{ 681{
676 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 682 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
677 struct mesh_path *mpath; 683 struct mesh_path *mpath;
678 u8 *ta;
679 u8 ttl, flags, hopcount; 684 u8 ttl, flags, hopcount;
680 u8 *orig_addr; 685 u8 *orig_addr;
681 u32 orig_sn, metric; 686 u32 orig_sn, metric;
682 687
683 ta = mgmt->sa;
684 ttl = rann->rann_ttl; 688 ttl = rann->rann_ttl;
685 if (ttl <= 1) { 689 if (ttl <= 1) {
686 ifmsh->mshstats.dropped_frames_ttl++; 690 ifmsh->mshstats.dropped_frames_ttl++;
@@ -877,7 +881,7 @@ void mesh_path_start_discovery(struct ieee80211_sub_if_data *sdata)
877 sdata->u.mesh.last_sn_update = jiffies; 881 sdata->u.mesh.last_sn_update = jiffies;
878 } 882 }
879 lifetime = default_lifetime(sdata); 883 lifetime = default_lifetime(sdata);
880 ttl = sdata->u.mesh.mshcfg.dot11MeshTTL; 884 ttl = sdata->u.mesh.mshcfg.element_ttl;
881 if (ttl == 0) { 885 if (ttl == 0) {
882 sdata->u.mesh.mshstats.dropped_frames_ttl++; 886 sdata->u.mesh.mshstats.dropped_frames_ttl++;
883 spin_unlock_bh(&mpath->state_lock); 887 spin_unlock_bh(&mpath->state_lock);
@@ -918,6 +922,7 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
918{ 922{
919 struct sk_buff *skb_to_free = NULL; 923 struct sk_buff *skb_to_free = NULL;
920 struct mesh_path *mpath; 924 struct mesh_path *mpath;
925 struct sta_info *next_hop;
921 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 926 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
922 u8 *target_addr = hdr->addr3; 927 u8 *target_addr = hdr->addr3;
923 int err = 0; 928 int err = 0;
@@ -945,7 +950,11 @@ int mesh_nexthop_lookup(struct sk_buff *skb,
945 mesh_queue_preq(mpath, 950 mesh_queue_preq(mpath,
946 PREQ_Q_F_START | PREQ_Q_F_REFRESH); 951 PREQ_Q_F_START | PREQ_Q_F_REFRESH);
947 } 952 }
948 memcpy(hdr->addr1, mpath->next_hop->sta.addr, ETH_ALEN); 953 next_hop = rcu_dereference(mpath->next_hop);
954 if (next_hop)
955 memcpy(hdr->addr1, next_hop->sta.addr, ETH_ALEN);
956 else
957 err = -ENOENT;
949 } else { 958 } else {
950 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 959 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
951 if (!(mpath->flags & MESH_PATH_RESOLVING)) { 960 if (!(mpath->flags & MESH_PATH_RESOLVING)) {
@@ -971,20 +980,11 @@ endlookup:
971 980
972void mesh_path_timer(unsigned long data) 981void mesh_path_timer(unsigned long data)
973{ 982{
974 struct ieee80211_sub_if_data *sdata; 983 struct mesh_path *mpath = (void *) data;
975 struct mesh_path *mpath; 984 struct ieee80211_sub_if_data *sdata = mpath->sdata;
976
977 rcu_read_lock();
978 mpath = (struct mesh_path *) data;
979 mpath = rcu_dereference(mpath);
980 if (!mpath)
981 goto endmpathtimer;
982 sdata = mpath->sdata;
983 985
984 if (sdata->local->quiescing) { 986 if (sdata->local->quiescing)
985 rcu_read_unlock();
986 return; 987 return;
987 }
988 988
989 spin_lock_bh(&mpath->state_lock); 989 spin_lock_bh(&mpath->state_lock);
990 if (mpath->flags & MESH_PATH_RESOLVED || 990 if (mpath->flags & MESH_PATH_RESOLVED ||
@@ -1001,8 +1001,6 @@ void mesh_path_timer(unsigned long data)
1001 } 1001 }
1002 1002
1003 spin_unlock_bh(&mpath->state_lock); 1003 spin_unlock_bh(&mpath->state_lock);
1004endmpathtimer:
1005 rcu_read_unlock();
1006} 1004}
1007 1005
1008void 1006void
@@ -1013,5 +1011,6 @@ mesh_path_tx_root_frame(struct ieee80211_sub_if_data *sdata)
1013 mesh_path_sel_frame_tx(MPATH_RANN, 0, sdata->vif.addr, 1011 mesh_path_sel_frame_tx(MPATH_RANN, 0, sdata->vif.addr,
1014 cpu_to_le32(++ifmsh->sn), 1012 cpu_to_le32(++ifmsh->sn),
1015 0, NULL, 0, broadcast_addr, 1013 0, NULL, 0, broadcast_addr,
1016 0, MESH_TTL, 0, 0, 0, sdata); 1014 0, sdata->u.mesh.mshcfg.element_ttl,
1015 0, 0, 0, sdata);
1017} 1016}
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 349e466cf08b..0d2faacc3e87 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -36,10 +36,77 @@ struct mpath_node {
36 struct mesh_path *mpath; 36 struct mesh_path *mpath;
37}; 37};
38 38
39static struct mesh_table *mesh_paths; 39static struct mesh_table __rcu *mesh_paths;
40static struct mesh_table *mpp_paths; /* Store paths for MPP&MAP */ 40static struct mesh_table __rcu *mpp_paths; /* Store paths for MPP&MAP */
41 41
42int mesh_paths_generation; 42int mesh_paths_generation;
43
44/* This lock will have the grow table function as writer and add / delete nodes
45 * as readers. When reading the table (i.e. doing lookups) we are well protected
46 * by RCU
47 */
48static DEFINE_RWLOCK(pathtbl_resize_lock);
49
50
51static inline struct mesh_table *resize_dereference_mesh_paths(void)
52{
53 return rcu_dereference_protected(mesh_paths,
54 lockdep_is_held(&pathtbl_resize_lock));
55}
56
57static inline struct mesh_table *resize_dereference_mpp_paths(void)
58{
59 return rcu_dereference_protected(mpp_paths,
60 lockdep_is_held(&pathtbl_resize_lock));
61}
62
63/*
64 * CAREFUL -- "tbl" must not be an expression,
65 * in particular not an rcu_dereference(), since
66 * it's used twice. So it is illegal to do
67 * for_each_mesh_entry(rcu_dereference(...), ...)
68 */
69#define for_each_mesh_entry(tbl, p, node, i) \
70 for (i = 0; i <= tbl->hash_mask; i++) \
71 hlist_for_each_entry_rcu(node, p, &tbl->hash_buckets[i], list)
72
73
74static struct mesh_table *mesh_table_alloc(int size_order)
75{
76 int i;
77 struct mesh_table *newtbl;
78
79 newtbl = kmalloc(sizeof(struct mesh_table), GFP_ATOMIC);
80 if (!newtbl)
81 return NULL;
82
83 newtbl->hash_buckets = kzalloc(sizeof(struct hlist_head) *
84 (1 << size_order), GFP_ATOMIC);
85
86 if (!newtbl->hash_buckets) {
87 kfree(newtbl);
88 return NULL;
89 }
90
91 newtbl->hashwlock = kmalloc(sizeof(spinlock_t) *
92 (1 << size_order), GFP_ATOMIC);
93 if (!newtbl->hashwlock) {
94 kfree(newtbl->hash_buckets);
95 kfree(newtbl);
96 return NULL;
97 }
98
99 newtbl->size_order = size_order;
100 newtbl->hash_mask = (1 << size_order) - 1;
101 atomic_set(&newtbl->entries, 0);
102 get_random_bytes(&newtbl->hash_rnd,
103 sizeof(newtbl->hash_rnd));
104 for (i = 0; i <= newtbl->hash_mask; i++)
105 spin_lock_init(&newtbl->hashwlock[i]);
106
107 return newtbl;
108}
109
43static void __mesh_table_free(struct mesh_table *tbl) 110static void __mesh_table_free(struct mesh_table *tbl)
44{ 111{
45 kfree(tbl->hash_buckets); 112 kfree(tbl->hash_buckets);
@@ -47,7 +114,7 @@ static void __mesh_table_free(struct mesh_table *tbl)
47 kfree(tbl); 114 kfree(tbl);
48} 115}
49 116
50void mesh_table_free(struct mesh_table *tbl, bool free_leafs) 117static void mesh_table_free(struct mesh_table *tbl, bool free_leafs)
51{ 118{
52 struct hlist_head *mesh_hash; 119 struct hlist_head *mesh_hash;
53 struct hlist_node *p, *q; 120 struct hlist_node *p, *q;
@@ -55,60 +122,56 @@ void mesh_table_free(struct mesh_table *tbl, bool free_leafs)
55 122
56 mesh_hash = tbl->hash_buckets; 123 mesh_hash = tbl->hash_buckets;
57 for (i = 0; i <= tbl->hash_mask; i++) { 124 for (i = 0; i <= tbl->hash_mask; i++) {
58 spin_lock(&tbl->hashwlock[i]); 125 spin_lock_bh(&tbl->hashwlock[i]);
59 hlist_for_each_safe(p, q, &mesh_hash[i]) { 126 hlist_for_each_safe(p, q, &mesh_hash[i]) {
60 tbl->free_node(p, free_leafs); 127 tbl->free_node(p, free_leafs);
61 atomic_dec(&tbl->entries); 128 atomic_dec(&tbl->entries);
62 } 129 }
63 spin_unlock(&tbl->hashwlock[i]); 130 spin_unlock_bh(&tbl->hashwlock[i]);
64 } 131 }
65 __mesh_table_free(tbl); 132 __mesh_table_free(tbl);
66} 133}
67 134
68static struct mesh_table *mesh_table_grow(struct mesh_table *tbl) 135static int mesh_table_grow(struct mesh_table *oldtbl,
136 struct mesh_table *newtbl)
69{ 137{
70 struct mesh_table *newtbl;
71 struct hlist_head *oldhash; 138 struct hlist_head *oldhash;
72 struct hlist_node *p, *q; 139 struct hlist_node *p, *q;
73 int i; 140 int i;
74 141
75 if (atomic_read(&tbl->entries) 142 if (atomic_read(&oldtbl->entries)
76 < tbl->mean_chain_len * (tbl->hash_mask + 1)) 143 < oldtbl->mean_chain_len * (oldtbl->hash_mask + 1))
77 goto endgrow; 144 return -EAGAIN;
78 145
79 newtbl = mesh_table_alloc(tbl->size_order + 1); 146 newtbl->free_node = oldtbl->free_node;
80 if (!newtbl) 147 newtbl->mean_chain_len = oldtbl->mean_chain_len;
81 goto endgrow; 148 newtbl->copy_node = oldtbl->copy_node;
149 atomic_set(&newtbl->entries, atomic_read(&oldtbl->entries));
82 150
83 newtbl->free_node = tbl->free_node; 151 oldhash = oldtbl->hash_buckets;
84 newtbl->mean_chain_len = tbl->mean_chain_len; 152 for (i = 0; i <= oldtbl->hash_mask; i++)
85 newtbl->copy_node = tbl->copy_node;
86 atomic_set(&newtbl->entries, atomic_read(&tbl->entries));
87
88 oldhash = tbl->hash_buckets;
89 for (i = 0; i <= tbl->hash_mask; i++)
90 hlist_for_each(p, &oldhash[i]) 153 hlist_for_each(p, &oldhash[i])
91 if (tbl->copy_node(p, newtbl) < 0) 154 if (oldtbl->copy_node(p, newtbl) < 0)
92 goto errcopy; 155 goto errcopy;
93 156
94 return newtbl; 157 return 0;
95 158
96errcopy: 159errcopy:
97 for (i = 0; i <= newtbl->hash_mask; i++) { 160 for (i = 0; i <= newtbl->hash_mask; i++) {
98 hlist_for_each_safe(p, q, &newtbl->hash_buckets[i]) 161 hlist_for_each_safe(p, q, &newtbl->hash_buckets[i])
99 tbl->free_node(p, 0); 162 oldtbl->free_node(p, 0);
100 } 163 }
101 __mesh_table_free(newtbl); 164 return -ENOMEM;
102endgrow:
103 return NULL;
104} 165}
105 166
167static u32 mesh_table_hash(u8 *addr, struct ieee80211_sub_if_data *sdata,
168 struct mesh_table *tbl)
169{
170 /* Use last four bytes of hw addr and interface index as hash index */
171 return jhash_2words(*(u32 *)(addr+2), sdata->dev->ifindex, tbl->hash_rnd)
172 & tbl->hash_mask;
173}
106 174
107/* This lock will have the grow table function as writer and add / delete nodes
108 * as readers. When reading the table (i.e. doing lookups) we are well protected
109 * by RCU
110 */
111static DEFINE_RWLOCK(pathtbl_resize_lock);
112 175
113/** 176/**
114 * 177 *
@@ -218,12 +281,13 @@ struct mesh_path *mpp_path_lookup(u8 *dst, struct ieee80211_sub_if_data *sdata)
218 */ 281 */
219struct mesh_path *mesh_path_lookup_by_idx(int idx, struct ieee80211_sub_if_data *sdata) 282struct mesh_path *mesh_path_lookup_by_idx(int idx, struct ieee80211_sub_if_data *sdata)
220{ 283{
284 struct mesh_table *tbl = rcu_dereference(mesh_paths);
221 struct mpath_node *node; 285 struct mpath_node *node;
222 struct hlist_node *p; 286 struct hlist_node *p;
223 int i; 287 int i;
224 int j = 0; 288 int j = 0;
225 289
226 for_each_mesh_entry(mesh_paths, p, node, i) { 290 for_each_mesh_entry(tbl, p, node, i) {
227 if (sdata && node->mpath->sdata != sdata) 291 if (sdata && node->mpath->sdata != sdata)
228 continue; 292 continue;
229 if (j++ == idx) { 293 if (j++ == idx) {
@@ -253,6 +317,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
253{ 317{
254 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 318 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
255 struct ieee80211_local *local = sdata->local; 319 struct ieee80211_local *local = sdata->local;
320 struct mesh_table *tbl;
256 struct mesh_path *mpath, *new_mpath; 321 struct mesh_path *mpath, *new_mpath;
257 struct mpath_node *node, *new_node; 322 struct mpath_node *node, *new_node;
258 struct hlist_head *bucket; 323 struct hlist_head *bucket;
@@ -280,7 +345,7 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
280 if (!new_node) 345 if (!new_node)
281 goto err_node_alloc; 346 goto err_node_alloc;
282 347
283 read_lock(&pathtbl_resize_lock); 348 read_lock_bh(&pathtbl_resize_lock);
284 memcpy(new_mpath->dst, dst, ETH_ALEN); 349 memcpy(new_mpath->dst, dst, ETH_ALEN);
285 new_mpath->sdata = sdata; 350 new_mpath->sdata = sdata;
286 new_mpath->flags = 0; 351 new_mpath->flags = 0;
@@ -292,10 +357,12 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
292 spin_lock_init(&new_mpath->state_lock); 357 spin_lock_init(&new_mpath->state_lock);
293 init_timer(&new_mpath->timer); 358 init_timer(&new_mpath->timer);
294 359
295 hash_idx = mesh_table_hash(dst, sdata, mesh_paths); 360 tbl = resize_dereference_mesh_paths();
296 bucket = &mesh_paths->hash_buckets[hash_idx];
297 361
298 spin_lock(&mesh_paths->hashwlock[hash_idx]); 362 hash_idx = mesh_table_hash(dst, sdata, tbl);
363 bucket = &tbl->hash_buckets[hash_idx];
364
365 spin_lock_bh(&tbl->hashwlock[hash_idx]);
299 366
300 err = -EEXIST; 367 err = -EEXIST;
301 hlist_for_each_entry(node, n, bucket, list) { 368 hlist_for_each_entry(node, n, bucket, list) {
@@ -305,14 +372,14 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
305 } 372 }
306 373
307 hlist_add_head_rcu(&new_node->list, bucket); 374 hlist_add_head_rcu(&new_node->list, bucket);
308 if (atomic_inc_return(&mesh_paths->entries) >= 375 if (atomic_inc_return(&tbl->entries) >=
309 mesh_paths->mean_chain_len * (mesh_paths->hash_mask + 1)) 376 tbl->mean_chain_len * (tbl->hash_mask + 1))
310 grow = 1; 377 grow = 1;
311 378
312 mesh_paths_generation++; 379 mesh_paths_generation++;
313 380
314 spin_unlock(&mesh_paths->hashwlock[hash_idx]); 381 spin_unlock_bh(&tbl->hashwlock[hash_idx]);
315 read_unlock(&pathtbl_resize_lock); 382 read_unlock_bh(&pathtbl_resize_lock);
316 if (grow) { 383 if (grow) {
317 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags); 384 set_bit(MESH_WORK_GROW_MPATH_TABLE, &ifmsh->wrkq_flags);
318 ieee80211_queue_work(&local->hw, &sdata->work); 385 ieee80211_queue_work(&local->hw, &sdata->work);
@@ -320,8 +387,8 @@ int mesh_path_add(u8 *dst, struct ieee80211_sub_if_data *sdata)
320 return 0; 387 return 0;
321 388
322err_exists: 389err_exists:
323 spin_unlock(&mesh_paths->hashwlock[hash_idx]); 390 spin_unlock_bh(&tbl->hashwlock[hash_idx]);
324 read_unlock(&pathtbl_resize_lock); 391 read_unlock_bh(&pathtbl_resize_lock);
325 kfree(new_node); 392 kfree(new_node);
326err_node_alloc: 393err_node_alloc:
327 kfree(new_mpath); 394 kfree(new_mpath);
@@ -330,46 +397,59 @@ err_path_alloc:
330 return err; 397 return err;
331} 398}
332 399
400static void mesh_table_free_rcu(struct rcu_head *rcu)
401{
402 struct mesh_table *tbl = container_of(rcu, struct mesh_table, rcu_head);
403
404 mesh_table_free(tbl, false);
405}
406
333void mesh_mpath_table_grow(void) 407void mesh_mpath_table_grow(void)
334{ 408{
335 struct mesh_table *oldtbl, *newtbl; 409 struct mesh_table *oldtbl, *newtbl;
336 410
337 write_lock(&pathtbl_resize_lock); 411 write_lock_bh(&pathtbl_resize_lock);
338 oldtbl = mesh_paths; 412 oldtbl = resize_dereference_mesh_paths();
339 newtbl = mesh_table_grow(mesh_paths); 413 newtbl = mesh_table_alloc(oldtbl->size_order + 1);
340 if (!newtbl) { 414 if (!newtbl)
341 write_unlock(&pathtbl_resize_lock); 415 goto out;
342 return; 416 if (mesh_table_grow(oldtbl, newtbl) < 0) {
417 __mesh_table_free(newtbl);
418 goto out;
343 } 419 }
344 rcu_assign_pointer(mesh_paths, newtbl); 420 rcu_assign_pointer(mesh_paths, newtbl);
345 write_unlock(&pathtbl_resize_lock);
346 421
347 synchronize_rcu(); 422 call_rcu(&oldtbl->rcu_head, mesh_table_free_rcu);
348 mesh_table_free(oldtbl, false); 423
424 out:
425 write_unlock_bh(&pathtbl_resize_lock);
349} 426}
350 427
351void mesh_mpp_table_grow(void) 428void mesh_mpp_table_grow(void)
352{ 429{
353 struct mesh_table *oldtbl, *newtbl; 430 struct mesh_table *oldtbl, *newtbl;
354 431
355 write_lock(&pathtbl_resize_lock); 432 write_lock_bh(&pathtbl_resize_lock);
356 oldtbl = mpp_paths; 433 oldtbl = resize_dereference_mpp_paths();
357 newtbl = mesh_table_grow(mpp_paths); 434 newtbl = mesh_table_alloc(oldtbl->size_order + 1);
358 if (!newtbl) { 435 if (!newtbl)
359 write_unlock(&pathtbl_resize_lock); 436 goto out;
360 return; 437 if (mesh_table_grow(oldtbl, newtbl) < 0) {
438 __mesh_table_free(newtbl);
439 goto out;
361 } 440 }
362 rcu_assign_pointer(mpp_paths, newtbl); 441 rcu_assign_pointer(mpp_paths, newtbl);
363 write_unlock(&pathtbl_resize_lock); 442 call_rcu(&oldtbl->rcu_head, mesh_table_free_rcu);
364 443
365 synchronize_rcu(); 444 out:
366 mesh_table_free(oldtbl, false); 445 write_unlock_bh(&pathtbl_resize_lock);
367} 446}
368 447
369int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata) 448int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
370{ 449{
371 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 450 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
372 struct ieee80211_local *local = sdata->local; 451 struct ieee80211_local *local = sdata->local;
452 struct mesh_table *tbl;
373 struct mesh_path *mpath, *new_mpath; 453 struct mesh_path *mpath, *new_mpath;
374 struct mpath_node *node, *new_node; 454 struct mpath_node *node, *new_node;
375 struct hlist_head *bucket; 455 struct hlist_head *bucket;
@@ -394,7 +474,7 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
394 if (!new_node) 474 if (!new_node)
395 goto err_node_alloc; 475 goto err_node_alloc;
396 476
397 read_lock(&pathtbl_resize_lock); 477 read_lock_bh(&pathtbl_resize_lock);
398 memcpy(new_mpath->dst, dst, ETH_ALEN); 478 memcpy(new_mpath->dst, dst, ETH_ALEN);
399 memcpy(new_mpath->mpp, mpp, ETH_ALEN); 479 memcpy(new_mpath->mpp, mpp, ETH_ALEN);
400 new_mpath->sdata = sdata; 480 new_mpath->sdata = sdata;
@@ -404,10 +484,12 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
404 new_mpath->exp_time = jiffies; 484 new_mpath->exp_time = jiffies;
405 spin_lock_init(&new_mpath->state_lock); 485 spin_lock_init(&new_mpath->state_lock);
406 486
407 hash_idx = mesh_table_hash(dst, sdata, mpp_paths); 487 tbl = resize_dereference_mpp_paths();
408 bucket = &mpp_paths->hash_buckets[hash_idx];
409 488
410 spin_lock(&mpp_paths->hashwlock[hash_idx]); 489 hash_idx = mesh_table_hash(dst, sdata, tbl);
490 bucket = &tbl->hash_buckets[hash_idx];
491
492 spin_lock_bh(&tbl->hashwlock[hash_idx]);
411 493
412 err = -EEXIST; 494 err = -EEXIST;
413 hlist_for_each_entry(node, n, bucket, list) { 495 hlist_for_each_entry(node, n, bucket, list) {
@@ -417,12 +499,12 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
417 } 499 }
418 500
419 hlist_add_head_rcu(&new_node->list, bucket); 501 hlist_add_head_rcu(&new_node->list, bucket);
420 if (atomic_inc_return(&mpp_paths->entries) >= 502 if (atomic_inc_return(&tbl->entries) >=
421 mpp_paths->mean_chain_len * (mpp_paths->hash_mask + 1)) 503 tbl->mean_chain_len * (tbl->hash_mask + 1))
422 grow = 1; 504 grow = 1;
423 505
424 spin_unlock(&mpp_paths->hashwlock[hash_idx]); 506 spin_unlock_bh(&tbl->hashwlock[hash_idx]);
425 read_unlock(&pathtbl_resize_lock); 507 read_unlock_bh(&pathtbl_resize_lock);
426 if (grow) { 508 if (grow) {
427 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags); 509 set_bit(MESH_WORK_GROW_MPP_TABLE, &ifmsh->wrkq_flags);
428 ieee80211_queue_work(&local->hw, &sdata->work); 510 ieee80211_queue_work(&local->hw, &sdata->work);
@@ -430,8 +512,8 @@ int mpp_path_add(u8 *dst, u8 *mpp, struct ieee80211_sub_if_data *sdata)
430 return 0; 512 return 0;
431 513
432err_exists: 514err_exists:
433 spin_unlock(&mpp_paths->hashwlock[hash_idx]); 515 spin_unlock_bh(&tbl->hashwlock[hash_idx]);
434 read_unlock(&pathtbl_resize_lock); 516 read_unlock_bh(&pathtbl_resize_lock);
435 kfree(new_node); 517 kfree(new_node);
436err_node_alloc: 518err_node_alloc:
437 kfree(new_mpath); 519 kfree(new_mpath);
@@ -450,6 +532,7 @@ err_path_alloc:
450 */ 532 */
451void mesh_plink_broken(struct sta_info *sta) 533void mesh_plink_broken(struct sta_info *sta)
452{ 534{
535 struct mesh_table *tbl;
453 static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 536 static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
454 struct mesh_path *mpath; 537 struct mesh_path *mpath;
455 struct mpath_node *node; 538 struct mpath_node *node;
@@ -458,17 +541,18 @@ void mesh_plink_broken(struct sta_info *sta)
458 int i; 541 int i;
459 542
460 rcu_read_lock(); 543 rcu_read_lock();
461 for_each_mesh_entry(mesh_paths, p, node, i) { 544 tbl = rcu_dereference(mesh_paths);
545 for_each_mesh_entry(tbl, p, node, i) {
462 mpath = node->mpath; 546 mpath = node->mpath;
463 spin_lock_bh(&mpath->state_lock); 547 spin_lock_bh(&mpath->state_lock);
464 if (mpath->next_hop == sta && 548 if (rcu_dereference(mpath->next_hop) == sta &&
465 mpath->flags & MESH_PATH_ACTIVE && 549 mpath->flags & MESH_PATH_ACTIVE &&
466 !(mpath->flags & MESH_PATH_FIXED)) { 550 !(mpath->flags & MESH_PATH_FIXED)) {
467 mpath->flags &= ~MESH_PATH_ACTIVE; 551 mpath->flags &= ~MESH_PATH_ACTIVE;
468 ++mpath->sn; 552 ++mpath->sn;
469 spin_unlock_bh(&mpath->state_lock); 553 spin_unlock_bh(&mpath->state_lock);
470 mesh_path_error_tx(MESH_TTL, mpath->dst, 554 mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl,
471 cpu_to_le32(mpath->sn), 555 mpath->dst, cpu_to_le32(mpath->sn),
472 cpu_to_le16(PERR_RCODE_DEST_UNREACH), 556 cpu_to_le16(PERR_RCODE_DEST_UNREACH),
473 bcast, sdata); 557 bcast, sdata);
474 } else 558 } else
@@ -490,30 +574,38 @@ void mesh_plink_broken(struct sta_info *sta)
490 */ 574 */
491void mesh_path_flush_by_nexthop(struct sta_info *sta) 575void mesh_path_flush_by_nexthop(struct sta_info *sta)
492{ 576{
577 struct mesh_table *tbl;
493 struct mesh_path *mpath; 578 struct mesh_path *mpath;
494 struct mpath_node *node; 579 struct mpath_node *node;
495 struct hlist_node *p; 580 struct hlist_node *p;
496 int i; 581 int i;
497 582
498 for_each_mesh_entry(mesh_paths, p, node, i) { 583 rcu_read_lock();
584 tbl = rcu_dereference(mesh_paths);
585 for_each_mesh_entry(tbl, p, node, i) {
499 mpath = node->mpath; 586 mpath = node->mpath;
500 if (mpath->next_hop == sta) 587 if (rcu_dereference(mpath->next_hop) == sta)
501 mesh_path_del(mpath->dst, mpath->sdata); 588 mesh_path_del(mpath->dst, mpath->sdata);
502 } 589 }
590 rcu_read_unlock();
503} 591}
504 592
505void mesh_path_flush(struct ieee80211_sub_if_data *sdata) 593void mesh_path_flush(struct ieee80211_sub_if_data *sdata)
506{ 594{
595 struct mesh_table *tbl;
507 struct mesh_path *mpath; 596 struct mesh_path *mpath;
508 struct mpath_node *node; 597 struct mpath_node *node;
509 struct hlist_node *p; 598 struct hlist_node *p;
510 int i; 599 int i;
511 600
512 for_each_mesh_entry(mesh_paths, p, node, i) { 601 rcu_read_lock();
602 tbl = rcu_dereference(mesh_paths);
603 for_each_mesh_entry(tbl, p, node, i) {
513 mpath = node->mpath; 604 mpath = node->mpath;
514 if (mpath->sdata == sdata) 605 if (mpath->sdata == sdata)
515 mesh_path_del(mpath->dst, mpath->sdata); 606 mesh_path_del(mpath->dst, mpath->sdata);
516 } 607 }
608 rcu_read_unlock();
517} 609}
518 610
519static void mesh_path_node_reclaim(struct rcu_head *rp) 611static void mesh_path_node_reclaim(struct rcu_head *rp)
@@ -537,6 +629,7 @@ static void mesh_path_node_reclaim(struct rcu_head *rp)
537 */ 629 */
538int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata) 630int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
539{ 631{
632 struct mesh_table *tbl;
540 struct mesh_path *mpath; 633 struct mesh_path *mpath;
541 struct mpath_node *node; 634 struct mpath_node *node;
542 struct hlist_head *bucket; 635 struct hlist_head *bucket;
@@ -544,20 +637,21 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
544 int hash_idx; 637 int hash_idx;
545 int err = 0; 638 int err = 0;
546 639
547 read_lock(&pathtbl_resize_lock); 640 read_lock_bh(&pathtbl_resize_lock);
548 hash_idx = mesh_table_hash(addr, sdata, mesh_paths); 641 tbl = resize_dereference_mesh_paths();
549 bucket = &mesh_paths->hash_buckets[hash_idx]; 642 hash_idx = mesh_table_hash(addr, sdata, tbl);
643 bucket = &tbl->hash_buckets[hash_idx];
550 644
551 spin_lock(&mesh_paths->hashwlock[hash_idx]); 645 spin_lock_bh(&tbl->hashwlock[hash_idx]);
552 hlist_for_each_entry(node, n, bucket, list) { 646 hlist_for_each_entry(node, n, bucket, list) {
553 mpath = node->mpath; 647 mpath = node->mpath;
554 if (mpath->sdata == sdata && 648 if (mpath->sdata == sdata &&
555 memcmp(addr, mpath->dst, ETH_ALEN) == 0) { 649 memcmp(addr, mpath->dst, ETH_ALEN) == 0) {
556 spin_lock_bh(&mpath->state_lock); 650 spin_lock_bh(&mpath->state_lock);
557 mpath->flags |= MESH_PATH_RESOLVING; 651 mpath->flags |= MESH_PATH_RESOLVING;
558 hlist_del_rcu(&node->list); 652 hlist_del_rcu(&node->list);
559 call_rcu(&node->rcu, mesh_path_node_reclaim); 653 call_rcu(&node->rcu, mesh_path_node_reclaim);
560 atomic_dec(&mesh_paths->entries); 654 atomic_dec(&tbl->entries);
561 spin_unlock_bh(&mpath->state_lock); 655 spin_unlock_bh(&mpath->state_lock);
562 goto enddel; 656 goto enddel;
563 } 657 }
@@ -566,8 +660,8 @@ int mesh_path_del(u8 *addr, struct ieee80211_sub_if_data *sdata)
566 err = -ENXIO; 660 err = -ENXIO;
567enddel: 661enddel:
568 mesh_paths_generation++; 662 mesh_paths_generation++;
569 spin_unlock(&mesh_paths->hashwlock[hash_idx]); 663 spin_unlock_bh(&tbl->hashwlock[hash_idx]);
570 read_unlock(&pathtbl_resize_lock); 664 read_unlock_bh(&pathtbl_resize_lock);
571 return err; 665 return err;
572} 666}
573 667
@@ -614,7 +708,8 @@ void mesh_path_discard_frame(struct sk_buff *skb,
614 mpath = mesh_path_lookup(da, sdata); 708 mpath = mesh_path_lookup(da, sdata);
615 if (mpath) 709 if (mpath)
616 sn = ++mpath->sn; 710 sn = ++mpath->sn;
617 mesh_path_error_tx(MESH_TTL, skb->data, cpu_to_le32(sn), 711 mesh_path_error_tx(sdata->u.mesh.mshcfg.element_ttl, skb->data,
712 cpu_to_le32(sn),
618 cpu_to_le16(PERR_RCODE_NO_ROUTE), ra, sdata); 713 cpu_to_le16(PERR_RCODE_NO_ROUTE), ra, sdata);
619 } 714 }
620 715
@@ -627,7 +722,7 @@ void mesh_path_discard_frame(struct sk_buff *skb,
627 * 722 *
628 * @mpath: mesh path whose queue has to be freed 723 * @mpath: mesh path whose queue has to be freed
629 * 724 *
630 * Locking: the function must me called withing a rcu_read_lock region 725 * Locking: the function must me called within a rcu_read_lock region
631 */ 726 */
632void mesh_path_flush_pending(struct mesh_path *mpath) 727void mesh_path_flush_pending(struct mesh_path *mpath)
633{ 728{
@@ -666,8 +761,10 @@ static void mesh_path_node_free(struct hlist_node *p, bool free_leafs)
666 struct mpath_node *node = hlist_entry(p, struct mpath_node, list); 761 struct mpath_node *node = hlist_entry(p, struct mpath_node, list);
667 mpath = node->mpath; 762 mpath = node->mpath;
668 hlist_del_rcu(p); 763 hlist_del_rcu(p);
669 if (free_leafs) 764 if (free_leafs) {
765 del_timer_sync(&mpath->timer);
670 kfree(mpath); 766 kfree(mpath);
767 }
671 kfree(node); 768 kfree(node);
672} 769}
673 770
@@ -692,52 +789,60 @@ static int mesh_path_node_copy(struct hlist_node *p, struct mesh_table *newtbl)
692 789
693int mesh_pathtbl_init(void) 790int mesh_pathtbl_init(void)
694{ 791{
695 mesh_paths = mesh_table_alloc(INIT_PATHS_SIZE_ORDER); 792 struct mesh_table *tbl_path, *tbl_mpp;
696 if (!mesh_paths) 793
794 tbl_path = mesh_table_alloc(INIT_PATHS_SIZE_ORDER);
795 if (!tbl_path)
697 return -ENOMEM; 796 return -ENOMEM;
698 mesh_paths->free_node = &mesh_path_node_free; 797 tbl_path->free_node = &mesh_path_node_free;
699 mesh_paths->copy_node = &mesh_path_node_copy; 798 tbl_path->copy_node = &mesh_path_node_copy;
700 mesh_paths->mean_chain_len = MEAN_CHAIN_LEN; 799 tbl_path->mean_chain_len = MEAN_CHAIN_LEN;
701 800
702 mpp_paths = mesh_table_alloc(INIT_PATHS_SIZE_ORDER); 801 tbl_mpp = mesh_table_alloc(INIT_PATHS_SIZE_ORDER);
703 if (!mpp_paths) { 802 if (!tbl_mpp) {
704 mesh_table_free(mesh_paths, true); 803 mesh_table_free(tbl_path, true);
705 return -ENOMEM; 804 return -ENOMEM;
706 } 805 }
707 mpp_paths->free_node = &mesh_path_node_free; 806 tbl_mpp->free_node = &mesh_path_node_free;
708 mpp_paths->copy_node = &mesh_path_node_copy; 807 tbl_mpp->copy_node = &mesh_path_node_copy;
709 mpp_paths->mean_chain_len = MEAN_CHAIN_LEN; 808 tbl_mpp->mean_chain_len = MEAN_CHAIN_LEN;
809
810 /* Need no locking since this is during init */
811 RCU_INIT_POINTER(mesh_paths, tbl_path);
812 RCU_INIT_POINTER(mpp_paths, tbl_mpp);
710 813
711 return 0; 814 return 0;
712} 815}
713 816
714void mesh_path_expire(struct ieee80211_sub_if_data *sdata) 817void mesh_path_expire(struct ieee80211_sub_if_data *sdata)
715{ 818{
819 struct mesh_table *tbl;
716 struct mesh_path *mpath; 820 struct mesh_path *mpath;
717 struct mpath_node *node; 821 struct mpath_node *node;
718 struct hlist_node *p; 822 struct hlist_node *p;
719 int i; 823 int i;
720 824
721 read_lock(&pathtbl_resize_lock); 825 rcu_read_lock();
722 for_each_mesh_entry(mesh_paths, p, node, i) { 826 tbl = rcu_dereference(mesh_paths);
827 for_each_mesh_entry(tbl, p, node, i) {
723 if (node->mpath->sdata != sdata) 828 if (node->mpath->sdata != sdata)
724 continue; 829 continue;
725 mpath = node->mpath; 830 mpath = node->mpath;
726 spin_lock_bh(&mpath->state_lock); 831 spin_lock_bh(&mpath->state_lock);
727 if ((!(mpath->flags & MESH_PATH_RESOLVING)) && 832 if ((!(mpath->flags & MESH_PATH_RESOLVING)) &&
728 (!(mpath->flags & MESH_PATH_FIXED)) && 833 (!(mpath->flags & MESH_PATH_FIXED)) &&
729 time_after(jiffies, 834 time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE)) {
730 mpath->exp_time + MESH_PATH_EXPIRE)) {
731 spin_unlock_bh(&mpath->state_lock); 835 spin_unlock_bh(&mpath->state_lock);
732 mesh_path_del(mpath->dst, mpath->sdata); 836 mesh_path_del(mpath->dst, mpath->sdata);
733 } else 837 } else
734 spin_unlock_bh(&mpath->state_lock); 838 spin_unlock_bh(&mpath->state_lock);
735 } 839 }
736 read_unlock(&pathtbl_resize_lock); 840 rcu_read_unlock();
737} 841}
738 842
739void mesh_pathtbl_unregister(void) 843void mesh_pathtbl_unregister(void)
740{ 844{
741 mesh_table_free(mesh_paths, true); 845 /* no need for locking during exit path */
742 mesh_table_free(mpp_paths, true); 846 mesh_table_free(rcu_dereference_raw(mesh_paths), true);
847 mesh_table_free(rcu_dereference_raw(mpp_paths), true);
743} 848}
diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
index ea13a80a476c..f4adc0917888 100644
--- a/net/mac80211/mesh_plink.c
+++ b/net/mac80211/mesh_plink.c
@@ -43,7 +43,7 @@
43#define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks) 43#define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks)
44 44
45enum plink_frame_type { 45enum plink_frame_type {
46 PLINK_OPEN = 0, 46 PLINK_OPEN = 1,
47 PLINK_CONFIRM, 47 PLINK_CONFIRM,
48 PLINK_CLOSE 48 PLINK_CLOSE
49}; 49};
@@ -83,7 +83,7 @@ void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
83 */ 83 */
84static inline void mesh_plink_fsm_restart(struct sta_info *sta) 84static inline void mesh_plink_fsm_restart(struct sta_info *sta)
85{ 85{
86 sta->plink_state = PLINK_LISTEN; 86 sta->plink_state = NL80211_PLINK_LISTEN;
87 sta->llid = sta->plid = sta->reason = 0; 87 sta->llid = sta->plid = sta->reason = 0;
88 sta->plink_retries = 0; 88 sta->plink_retries = 0;
89} 89}
@@ -105,7 +105,7 @@ static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
105 if (!sta) 105 if (!sta)
106 return NULL; 106 return NULL;
107 107
108 sta->flags = WLAN_STA_AUTHORIZED; 108 sta->flags = WLAN_STA_AUTHORIZED | WLAN_STA_AUTH;
109 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 109 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
110 rate_control_rate_init(sta); 110 rate_control_rate_init(sta);
111 111
@@ -126,11 +126,11 @@ static bool __mesh_plink_deactivate(struct sta_info *sta)
126 struct ieee80211_sub_if_data *sdata = sta->sdata; 126 struct ieee80211_sub_if_data *sdata = sta->sdata;
127 bool deactivated = false; 127 bool deactivated = false;
128 128
129 if (sta->plink_state == PLINK_ESTAB) { 129 if (sta->plink_state == NL80211_PLINK_ESTAB) {
130 mesh_plink_dec_estab_count(sdata); 130 mesh_plink_dec_estab_count(sdata);
131 deactivated = true; 131 deactivated = true;
132 } 132 }
133 sta->plink_state = PLINK_BLOCKED; 133 sta->plink_state = NL80211_PLINK_BLOCKED;
134 mesh_path_flush_by_nexthop(sta); 134 mesh_path_flush_by_nexthop(sta);
135 135
136 return deactivated; 136 return deactivated;
@@ -160,7 +160,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
160 enum plink_frame_type action, u8 *da, __le16 llid, __le16 plid, 160 enum plink_frame_type action, u8 *da, __le16 llid, __le16 plid,
161 __le16 reason) { 161 __le16 reason) {
162 struct ieee80211_local *local = sdata->local; 162 struct ieee80211_local *local = sdata->local;
163 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400); 163 struct sk_buff *skb = dev_alloc_skb(local->hw.extra_tx_headroom + 400 +
164 sdata->u.mesh.ie_len);
164 struct ieee80211_mgmt *mgmt; 165 struct ieee80211_mgmt *mgmt;
165 bool include_plid = false; 166 bool include_plid = false;
166 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A }; 167 static const u8 meshpeeringproto[] = { 0x00, 0x0F, 0xAC, 0x2A };
@@ -180,8 +181,8 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
180 IEEE80211_STYPE_ACTION); 181 IEEE80211_STYPE_ACTION);
181 memcpy(mgmt->da, da, ETH_ALEN); 182 memcpy(mgmt->da, da, ETH_ALEN);
182 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 183 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
183 /* BSSID is left zeroed, wildcard value */ 184 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
184 mgmt->u.action.category = WLAN_CATEGORY_MESH_PLINK; 185 mgmt->u.action.category = WLAN_CATEGORY_MESH_ACTION;
185 mgmt->u.action.u.plink_action.action_code = action; 186 mgmt->u.action.u.plink_action.action_code = action;
186 187
187 if (action == PLINK_CLOSE) 188 if (action == PLINK_CLOSE)
@@ -236,8 +237,9 @@ static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
236 return 0; 237 return 0;
237} 238}
238 239
239void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data *sdata, 240void mesh_neighbour_update(u8 *hw_addr, u32 rates,
240 bool peer_accepting_plinks) 241 struct ieee80211_sub_if_data *sdata,
242 struct ieee802_11_elems *elems)
241{ 243{
242 struct ieee80211_local *local = sdata->local; 244 struct ieee80211_local *local = sdata->local;
243 struct sta_info *sta; 245 struct sta_info *sta;
@@ -247,8 +249,14 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data
247 sta = sta_info_get(sdata, hw_addr); 249 sta = sta_info_get(sdata, hw_addr);
248 if (!sta) { 250 if (!sta) {
249 rcu_read_unlock(); 251 rcu_read_unlock();
250 252 /* Userspace handles peer allocation when security is enabled
251 sta = mesh_plink_alloc(sdata, hw_addr, rates); 253 * */
254 if (sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED)
255 cfg80211_notify_new_peer_candidate(sdata->dev, hw_addr,
256 elems->ie_start, elems->total_len,
257 GFP_KERNEL);
258 else
259 sta = mesh_plink_alloc(sdata, hw_addr, rates);
252 if (!sta) 260 if (!sta)
253 return; 261 return;
254 if (sta_info_insert_rcu(sta)) { 262 if (sta_info_insert_rcu(sta)) {
@@ -259,7 +267,8 @@ void mesh_neighbour_update(u8 *hw_addr, u32 rates, struct ieee80211_sub_if_data
259 267
260 sta->last_rx = jiffies; 268 sta->last_rx = jiffies;
261 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 269 sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
262 if (peer_accepting_plinks && sta->plink_state == PLINK_LISTEN && 270 if (mesh_peer_accepts_plinks(elems) &&
271 sta->plink_state == NL80211_PLINK_LISTEN &&
263 sdata->u.mesh.accepting_plinks && 272 sdata->u.mesh.accepting_plinks &&
264 sdata->u.mesh.mshcfg.auto_open_plinks) 273 sdata->u.mesh.mshcfg.auto_open_plinks)
265 mesh_plink_open(sta); 274 mesh_plink_open(sta);
@@ -299,8 +308,8 @@ static void mesh_plink_timer(unsigned long data)
299 sdata = sta->sdata; 308 sdata = sta->sdata;
300 309
301 switch (sta->plink_state) { 310 switch (sta->plink_state) {
302 case PLINK_OPN_RCVD: 311 case NL80211_PLINK_OPN_RCVD:
303 case PLINK_OPN_SNT: 312 case NL80211_PLINK_OPN_SNT:
304 /* retry timer */ 313 /* retry timer */
305 if (sta->plink_retries < dot11MeshMaxRetries(sdata)) { 314 if (sta->plink_retries < dot11MeshMaxRetries(sdata)) {
306 u32 rand; 315 u32 rand;
@@ -319,17 +328,17 @@ static void mesh_plink_timer(unsigned long data)
319 } 328 }
320 reason = cpu_to_le16(MESH_MAX_RETRIES); 329 reason = cpu_to_le16(MESH_MAX_RETRIES);
321 /* fall through on else */ 330 /* fall through on else */
322 case PLINK_CNF_RCVD: 331 case NL80211_PLINK_CNF_RCVD:
323 /* confirm timer */ 332 /* confirm timer */
324 if (!reason) 333 if (!reason)
325 reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT); 334 reason = cpu_to_le16(MESH_CONFIRM_TIMEOUT);
326 sta->plink_state = PLINK_HOLDING; 335 sta->plink_state = NL80211_PLINK_HOLDING;
327 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 336 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
328 spin_unlock_bh(&sta->lock); 337 spin_unlock_bh(&sta->lock);
329 mesh_plink_frame_tx(sdata, PLINK_CLOSE, sta->sta.addr, llid, plid, 338 mesh_plink_frame_tx(sdata, PLINK_CLOSE, sta->sta.addr, llid, plid,
330 reason); 339 reason);
331 break; 340 break;
332 case PLINK_HOLDING: 341 case NL80211_PLINK_HOLDING:
333 /* holding timer */ 342 /* holding timer */
334 del_timer(&sta->plink_timer); 343 del_timer(&sta->plink_timer);
335 mesh_plink_fsm_restart(sta); 344 mesh_plink_fsm_restart(sta);
@@ -371,14 +380,17 @@ int mesh_plink_open(struct sta_info *sta)
371 __le16 llid; 380 __le16 llid;
372 struct ieee80211_sub_if_data *sdata = sta->sdata; 381 struct ieee80211_sub_if_data *sdata = sta->sdata;
373 382
383 if (!test_sta_flags(sta, WLAN_STA_AUTH))
384 return -EPERM;
385
374 spin_lock_bh(&sta->lock); 386 spin_lock_bh(&sta->lock);
375 get_random_bytes(&llid, 2); 387 get_random_bytes(&llid, 2);
376 sta->llid = llid; 388 sta->llid = llid;
377 if (sta->plink_state != PLINK_LISTEN) { 389 if (sta->plink_state != NL80211_PLINK_LISTEN) {
378 spin_unlock_bh(&sta->lock); 390 spin_unlock_bh(&sta->lock);
379 return -EBUSY; 391 return -EBUSY;
380 } 392 }
381 sta->plink_state = PLINK_OPN_SNT; 393 sta->plink_state = NL80211_PLINK_OPN_SNT;
382 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata)); 394 mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
383 spin_unlock_bh(&sta->lock); 395 spin_unlock_bh(&sta->lock);
384 mpl_dbg("Mesh plink: starting establishment with %pM\n", 396 mpl_dbg("Mesh plink: starting establishment with %pM\n",
@@ -395,7 +407,7 @@ void mesh_plink_block(struct sta_info *sta)
395 407
396 spin_lock_bh(&sta->lock); 408 spin_lock_bh(&sta->lock);
397 deactivated = __mesh_plink_deactivate(sta); 409 deactivated = __mesh_plink_deactivate(sta);
398 sta->plink_state = PLINK_BLOCKED; 410 sta->plink_state = NL80211_PLINK_BLOCKED;
399 spin_unlock_bh(&sta->lock); 411 spin_unlock_bh(&sta->lock);
400 412
401 if (deactivated) 413 if (deactivated)
@@ -412,19 +424,19 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
412 enum plink_event event; 424 enum plink_event event;
413 enum plink_frame_type ftype; 425 enum plink_frame_type ftype;
414 size_t baselen; 426 size_t baselen;
415 bool deactivated; 427 bool deactivated, matches_local = true;
416 u8 ie_len; 428 u8 ie_len;
417 u8 *baseaddr; 429 u8 *baseaddr;
418 __le16 plid, llid, reason; 430 __le16 plid, llid, reason;
419#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG 431#ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
420 static const char *mplstates[] = { 432 static const char *mplstates[] = {
421 [PLINK_LISTEN] = "LISTEN", 433 [NL80211_PLINK_LISTEN] = "LISTEN",
422 [PLINK_OPN_SNT] = "OPN-SNT", 434 [NL80211_PLINK_OPN_SNT] = "OPN-SNT",
423 [PLINK_OPN_RCVD] = "OPN-RCVD", 435 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD",
424 [PLINK_CNF_RCVD] = "CNF_RCVD", 436 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD",
425 [PLINK_ESTAB] = "ESTAB", 437 [NL80211_PLINK_ESTAB] = "ESTAB",
426 [PLINK_HOLDING] = "HOLDING", 438 [NL80211_PLINK_HOLDING] = "HOLDING",
427 [PLINK_BLOCKED] = "BLOCKED" 439 [NL80211_PLINK_BLOCKED] = "BLOCKED"
428 }; 440 };
429#endif 441#endif
430 442
@@ -448,6 +460,11 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
448 mpl_dbg("Mesh plink: missing necessary peer link ie\n"); 460 mpl_dbg("Mesh plink: missing necessary peer link ie\n");
449 return; 461 return;
450 } 462 }
463 if (elems.rsn_len &&
464 sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) {
465 mpl_dbg("Mesh plink: can't establish link with secure peer\n");
466 return;
467 }
451 468
452 ftype = mgmt->u.action.u.plink_action.action_code; 469 ftype = mgmt->u.action.u.plink_action.action_code;
453 ie_len = elems.peer_link_len; 470 ie_len = elems.peer_link_len;
@@ -479,7 +496,13 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
479 return; 496 return;
480 } 497 }
481 498
482 if (sta && sta->plink_state == PLINK_BLOCKED) { 499 if (sta && !test_sta_flags(sta, WLAN_STA_AUTH)) {
500 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
501 rcu_read_unlock();
502 return;
503 }
504
505 if (sta && sta->plink_state == NL80211_PLINK_BLOCKED) {
483 rcu_read_unlock(); 506 rcu_read_unlock();
484 return; 507 return;
485 } 508 }
@@ -487,6 +510,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
487 /* Now we will figure out the appropriate event... */ 510 /* Now we will figure out the appropriate event... */
488 event = PLINK_UNDEFINED; 511 event = PLINK_UNDEFINED;
489 if (ftype != PLINK_CLOSE && (!mesh_matches_local(&elems, sdata))) { 512 if (ftype != PLINK_CLOSE && (!mesh_matches_local(&elems, sdata))) {
513 matches_local = false;
490 switch (ftype) { 514 switch (ftype) {
491 case PLINK_OPEN: 515 case PLINK_OPEN:
492 event = OPN_RJCT; 516 event = OPN_RJCT;
@@ -498,7 +522,15 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
498 /* avoid warning */ 522 /* avoid warning */
499 break; 523 break;
500 } 524 }
501 spin_lock_bh(&sta->lock); 525 }
526
527 if (!sta && !matches_local) {
528 rcu_read_unlock();
529 reason = cpu_to_le16(MESH_CAPABILITY_POLICY_VIOLATION);
530 llid = 0;
531 mesh_plink_frame_tx(sdata, PLINK_CLOSE, mgmt->sa, llid,
532 plid, reason);
533 return;
502 } else if (!sta) { 534 } else if (!sta) {
503 /* ftype == PLINK_OPEN */ 535 /* ftype == PLINK_OPEN */
504 u32 rates; 536 u32 rates;
@@ -522,7 +554,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
522 } 554 }
523 event = OPN_ACPT; 555 event = OPN_ACPT;
524 spin_lock_bh(&sta->lock); 556 spin_lock_bh(&sta->lock);
525 } else { 557 } else if (matches_local) {
526 spin_lock_bh(&sta->lock); 558 spin_lock_bh(&sta->lock);
527 switch (ftype) { 559 switch (ftype) {
528 case PLINK_OPEN: 560 case PLINK_OPEN:
@@ -540,7 +572,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
540 event = CNF_ACPT; 572 event = CNF_ACPT;
541 break; 573 break;
542 case PLINK_CLOSE: 574 case PLINK_CLOSE:
543 if (sta->plink_state == PLINK_ESTAB) 575 if (sta->plink_state == NL80211_PLINK_ESTAB)
544 /* Do not check for llid or plid. This does not 576 /* Do not check for llid or plid. This does not
545 * follow the standard but since multiple plinks 577 * follow the standard but since multiple plinks
546 * per sta are not supported, it is necessary in 578 * per sta are not supported, it is necessary in
@@ -564,6 +596,8 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
564 rcu_read_unlock(); 596 rcu_read_unlock();
565 return; 597 return;
566 } 598 }
599 } else {
600 spin_lock_bh(&sta->lock);
567 } 601 }
568 602
569 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n", 603 mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
@@ -573,14 +607,14 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
573 reason = 0; 607 reason = 0;
574 switch (sta->plink_state) { 608 switch (sta->plink_state) {
575 /* spin_unlock as soon as state is updated at each case */ 609 /* spin_unlock as soon as state is updated at each case */
576 case PLINK_LISTEN: 610 case NL80211_PLINK_LISTEN:
577 switch (event) { 611 switch (event) {
578 case CLS_ACPT: 612 case CLS_ACPT:
579 mesh_plink_fsm_restart(sta); 613 mesh_plink_fsm_restart(sta);
580 spin_unlock_bh(&sta->lock); 614 spin_unlock_bh(&sta->lock);
581 break; 615 break;
582 case OPN_ACPT: 616 case OPN_ACPT:
583 sta->plink_state = PLINK_OPN_RCVD; 617 sta->plink_state = NL80211_PLINK_OPN_RCVD;
584 sta->plid = plid; 618 sta->plid = plid;
585 get_random_bytes(&llid, 2); 619 get_random_bytes(&llid, 2);
586 sta->llid = llid; 620 sta->llid = llid;
@@ -597,7 +631,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
597 } 631 }
598 break; 632 break;
599 633
600 case PLINK_OPN_SNT: 634 case NL80211_PLINK_OPN_SNT:
601 switch (event) { 635 switch (event) {
602 case OPN_RJCT: 636 case OPN_RJCT:
603 case CNF_RJCT: 637 case CNF_RJCT:
@@ -606,7 +640,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
606 if (!reason) 640 if (!reason)
607 reason = cpu_to_le16(MESH_CLOSE_RCVD); 641 reason = cpu_to_le16(MESH_CLOSE_RCVD);
608 sta->reason = reason; 642 sta->reason = reason;
609 sta->plink_state = PLINK_HOLDING; 643 sta->plink_state = NL80211_PLINK_HOLDING;
610 if (!mod_plink_timer(sta, 644 if (!mod_plink_timer(sta,
611 dot11MeshHoldingTimeout(sdata))) 645 dot11MeshHoldingTimeout(sdata)))
612 sta->ignore_plink_timer = true; 646 sta->ignore_plink_timer = true;
@@ -618,7 +652,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
618 break; 652 break;
619 case OPN_ACPT: 653 case OPN_ACPT:
620 /* retry timer is left untouched */ 654 /* retry timer is left untouched */
621 sta->plink_state = PLINK_OPN_RCVD; 655 sta->plink_state = NL80211_PLINK_OPN_RCVD;
622 sta->plid = plid; 656 sta->plid = plid;
623 llid = sta->llid; 657 llid = sta->llid;
624 spin_unlock_bh(&sta->lock); 658 spin_unlock_bh(&sta->lock);
@@ -626,7 +660,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
626 plid, 0); 660 plid, 0);
627 break; 661 break;
628 case CNF_ACPT: 662 case CNF_ACPT:
629 sta->plink_state = PLINK_CNF_RCVD; 663 sta->plink_state = NL80211_PLINK_CNF_RCVD;
630 if (!mod_plink_timer(sta, 664 if (!mod_plink_timer(sta,
631 dot11MeshConfirmTimeout(sdata))) 665 dot11MeshConfirmTimeout(sdata)))
632 sta->ignore_plink_timer = true; 666 sta->ignore_plink_timer = true;
@@ -639,7 +673,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
639 } 673 }
640 break; 674 break;
641 675
642 case PLINK_OPN_RCVD: 676 case NL80211_PLINK_OPN_RCVD:
643 switch (event) { 677 switch (event) {
644 case OPN_RJCT: 678 case OPN_RJCT:
645 case CNF_RJCT: 679 case CNF_RJCT:
@@ -648,7 +682,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
648 if (!reason) 682 if (!reason)
649 reason = cpu_to_le16(MESH_CLOSE_RCVD); 683 reason = cpu_to_le16(MESH_CLOSE_RCVD);
650 sta->reason = reason; 684 sta->reason = reason;
651 sta->plink_state = PLINK_HOLDING; 685 sta->plink_state = NL80211_PLINK_HOLDING;
652 if (!mod_plink_timer(sta, 686 if (!mod_plink_timer(sta,
653 dot11MeshHoldingTimeout(sdata))) 687 dot11MeshHoldingTimeout(sdata)))
654 sta->ignore_plink_timer = true; 688 sta->ignore_plink_timer = true;
@@ -666,7 +700,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
666 break; 700 break;
667 case CNF_ACPT: 701 case CNF_ACPT:
668 del_timer(&sta->plink_timer); 702 del_timer(&sta->plink_timer);
669 sta->plink_state = PLINK_ESTAB; 703 sta->plink_state = NL80211_PLINK_ESTAB;
670 spin_unlock_bh(&sta->lock); 704 spin_unlock_bh(&sta->lock);
671 mesh_plink_inc_estab_count(sdata); 705 mesh_plink_inc_estab_count(sdata);
672 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 706 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
@@ -679,7 +713,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
679 } 713 }
680 break; 714 break;
681 715
682 case PLINK_CNF_RCVD: 716 case NL80211_PLINK_CNF_RCVD:
683 switch (event) { 717 switch (event) {
684 case OPN_RJCT: 718 case OPN_RJCT:
685 case CNF_RJCT: 719 case CNF_RJCT:
@@ -688,7 +722,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
688 if (!reason) 722 if (!reason)
689 reason = cpu_to_le16(MESH_CLOSE_RCVD); 723 reason = cpu_to_le16(MESH_CLOSE_RCVD);
690 sta->reason = reason; 724 sta->reason = reason;
691 sta->plink_state = PLINK_HOLDING; 725 sta->plink_state = NL80211_PLINK_HOLDING;
692 if (!mod_plink_timer(sta, 726 if (!mod_plink_timer(sta,
693 dot11MeshHoldingTimeout(sdata))) 727 dot11MeshHoldingTimeout(sdata)))
694 sta->ignore_plink_timer = true; 728 sta->ignore_plink_timer = true;
@@ -700,7 +734,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
700 break; 734 break;
701 case OPN_ACPT: 735 case OPN_ACPT:
702 del_timer(&sta->plink_timer); 736 del_timer(&sta->plink_timer);
703 sta->plink_state = PLINK_ESTAB; 737 sta->plink_state = NL80211_PLINK_ESTAB;
704 spin_unlock_bh(&sta->lock); 738 spin_unlock_bh(&sta->lock);
705 mesh_plink_inc_estab_count(sdata); 739 mesh_plink_inc_estab_count(sdata);
706 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON); 740 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
@@ -715,13 +749,13 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
715 } 749 }
716 break; 750 break;
717 751
718 case PLINK_ESTAB: 752 case NL80211_PLINK_ESTAB:
719 switch (event) { 753 switch (event) {
720 case CLS_ACPT: 754 case CLS_ACPT:
721 reason = cpu_to_le16(MESH_CLOSE_RCVD); 755 reason = cpu_to_le16(MESH_CLOSE_RCVD);
722 sta->reason = reason; 756 sta->reason = reason;
723 deactivated = __mesh_plink_deactivate(sta); 757 deactivated = __mesh_plink_deactivate(sta);
724 sta->plink_state = PLINK_HOLDING; 758 sta->plink_state = NL80211_PLINK_HOLDING;
725 llid = sta->llid; 759 llid = sta->llid;
726 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata)); 760 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
727 spin_unlock_bh(&sta->lock); 761 spin_unlock_bh(&sta->lock);
@@ -741,7 +775,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
741 break; 775 break;
742 } 776 }
743 break; 777 break;
744 case PLINK_HOLDING: 778 case NL80211_PLINK_HOLDING:
745 switch (event) { 779 switch (event) {
746 case CLS_ACPT: 780 case CLS_ACPT:
747 if (del_timer(&sta->plink_timer)) 781 if (del_timer(&sta->plink_timer))
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index b6c163ac22da..d595265d6c22 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -28,13 +28,26 @@
28#include "rate.h" 28#include "rate.h"
29#include "led.h" 29#include "led.h"
30 30
31#define IEEE80211_MAX_PROBE_TRIES 5 31static int max_nullfunc_tries = 2;
32module_param(max_nullfunc_tries, int, 0644);
33MODULE_PARM_DESC(max_nullfunc_tries,
34 "Maximum nullfunc tx tries before disconnecting (reason 4).");
35
36static int max_probe_tries = 5;
37module_param(max_probe_tries, int, 0644);
38MODULE_PARM_DESC(max_probe_tries,
39 "Maximum probe tries before disconnecting (reason 4).");
32 40
33/* 41/*
34 * beacon loss detection timeout 42 * Beacon loss timeout is calculated as N frames times the
35 * XXX: should depend on beacon interval 43 * advertised beacon interval. This may need to be somewhat
44 * higher than what hardware might detect to account for
45 * delays in the host processing frames. But since we also
46 * probe on beacon miss before declaring the connection lost
47 * default to what we want.
36 */ 48 */
37#define IEEE80211_BEACON_LOSS_TIME (2 * HZ) 49#define IEEE80211_BEACON_LOSS_COUNT 7
50
38/* 51/*
39 * Time the connection can be idle before we probe 52 * Time the connection can be idle before we probe
40 * it to see if we can still talk to the AP. 53 * it to see if we can still talk to the AP.
@@ -45,7 +58,11 @@
45 * a probe request because of beacon loss or for 58 * a probe request because of beacon loss or for
46 * checking the connection still works. 59 * checking the connection still works.
47 */ 60 */
48#define IEEE80211_PROBE_WAIT (HZ / 2) 61static int probe_wait_ms = 500;
62module_param(probe_wait_ms, int, 0644);
63MODULE_PARM_DESC(probe_wait_ms,
64 "Maximum time(ms) to wait for probe response"
65 " before disconnecting (reason 4).");
49 66
50/* 67/*
51 * Weight given to the latest Beacon frame when calculating average signal 68 * Weight given to the latest Beacon frame when calculating average signal
@@ -54,6 +71,12 @@
54 */ 71 */
55#define IEEE80211_SIGNAL_AVE_WEIGHT 3 72#define IEEE80211_SIGNAL_AVE_WEIGHT 3
56 73
74/*
75 * How many Beacon frames need to have been used in average signal strength
76 * before starting to indicate signal change events.
77 */
78#define IEEE80211_SIGNAL_AVE_MIN_COUNT 4
79
57#define TMR_RUNNING_TIMER 0 80#define TMR_RUNNING_TIMER 0
58#define TMR_RUNNING_CHANSW 1 81#define TMR_RUNNING_CHANSW 1
59 82
@@ -67,26 +90,17 @@ enum rx_mgmt_action {
67 /* no action required */ 90 /* no action required */
68 RX_MGMT_NONE, 91 RX_MGMT_NONE,
69 92
70 /* caller must call cfg80211_send_rx_auth() */
71 RX_MGMT_CFG80211_AUTH,
72
73 /* caller must call cfg80211_send_rx_assoc() */
74 RX_MGMT_CFG80211_ASSOC,
75
76 /* caller must call cfg80211_send_deauth() */ 93 /* caller must call cfg80211_send_deauth() */
77 RX_MGMT_CFG80211_DEAUTH, 94 RX_MGMT_CFG80211_DEAUTH,
78 95
79 /* caller must call cfg80211_send_disassoc() */ 96 /* caller must call cfg80211_send_disassoc() */
80 RX_MGMT_CFG80211_DISASSOC, 97 RX_MGMT_CFG80211_DISASSOC,
81
82 /* caller must tell cfg80211 about internal error */
83 RX_MGMT_CFG80211_ASSOC_ERROR,
84}; 98};
85 99
86/* utils */ 100/* utils */
87static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd) 101static inline void ASSERT_MGD_MTX(struct ieee80211_if_managed *ifmgd)
88{ 102{
89 WARN_ON(!mutex_is_locked(&ifmgd->mtx)); 103 lockdep_assert_held(&ifmgd->mtx);
90} 104}
91 105
92/* 106/*
@@ -109,13 +123,29 @@ static void run_again(struct ieee80211_if_managed *ifmgd,
109 mod_timer(&ifmgd->timer, timeout); 123 mod_timer(&ifmgd->timer, timeout);
110} 124}
111 125
112static void mod_beacon_timer(struct ieee80211_sub_if_data *sdata) 126void ieee80211_sta_reset_beacon_monitor(struct ieee80211_sub_if_data *sdata)
113{ 127{
114 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER) 128 if (sdata->local->hw.flags & IEEE80211_HW_BEACON_FILTER)
115 return; 129 return;
116 130
117 mod_timer(&sdata->u.mgd.bcn_mon_timer, 131 mod_timer(&sdata->u.mgd.bcn_mon_timer,
118 round_jiffies_up(jiffies + IEEE80211_BEACON_LOSS_TIME)); 132 round_jiffies_up(jiffies + sdata->u.mgd.beacon_timeout));
133}
134
135void ieee80211_sta_reset_conn_monitor(struct ieee80211_sub_if_data *sdata)
136{
137 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
138
139 if (unlikely(!sdata->u.mgd.associated))
140 return;
141
142 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
143 return;
144
145 mod_timer(&sdata->u.mgd.conn_mon_timer,
146 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME));
147
148 ifmgd->probe_send_count = 0;
119} 149}
120 150
121static int ecw2cw(int ecw) 151static int ecw2cw(int ecw)
@@ -136,6 +166,7 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
136 struct ieee80211_supported_band *sband; 166 struct ieee80211_supported_band *sband;
137 struct sta_info *sta; 167 struct sta_info *sta;
138 u32 changed = 0; 168 u32 changed = 0;
169 int hti_cfreq;
139 u16 ht_opmode; 170 u16 ht_opmode;
140 bool enable_ht = true; 171 bool enable_ht = true;
141 enum nl80211_channel_type prev_chantype; 172 enum nl80211_channel_type prev_chantype;
@@ -149,10 +180,27 @@ static u32 ieee80211_enable_ht(struct ieee80211_sub_if_data *sdata,
149 if (!sband->ht_cap.ht_supported) 180 if (!sband->ht_cap.ht_supported)
150 enable_ht = false; 181 enable_ht = false;
151 182
152 /* check that channel matches the right operating channel */ 183 if (enable_ht) {
153 if (local->hw.conf.channel->center_freq != 184 hti_cfreq = ieee80211_channel_to_frequency(hti->control_chan,
154 ieee80211_channel_to_frequency(hti->control_chan)) 185 sband->band);
155 enable_ht = false; 186 /* check that channel matches the right operating channel */
187 if (local->hw.conf.channel->center_freq != hti_cfreq) {
188 /* Some APs mess this up, evidently.
189 * Netgear WNDR3700 sometimes reports 4 higher than
190 * the actual channel, for instance.
191 */
192 printk(KERN_DEBUG
193 "%s: Wrong control channel in association"
194 " response: configured center-freq: %d"
195 " hti-cfreq: %d hti->control_chan: %d"
196 " band: %d. Disabling HT.\n",
197 sdata->name,
198 local->hw.conf.channel->center_freq,
199 hti_cfreq, hti->control_chan,
200 sband->band);
201 enable_ht = false;
202 }
203 }
156 204
157 if (enable_ht) { 205 if (enable_ht) {
158 channel_type = NL80211_CHAN_HT20; 206 channel_type = NL80211_CHAN_HT20;
@@ -404,7 +452,8 @@ void ieee80211_sta_process_chanswitch(struct ieee80211_sub_if_data *sdata,
404 container_of((void *)bss, struct cfg80211_bss, priv); 452 container_of((void *)bss, struct cfg80211_bss, priv);
405 struct ieee80211_channel *new_ch; 453 struct ieee80211_channel *new_ch;
406 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 454 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
407 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num); 455 int new_freq = ieee80211_channel_to_frequency(sw_elem->new_ch_num,
456 cbss->channel->band);
408 457
409 ASSERT_MGD_MTX(ifmgd); 458 ASSERT_MGD_MTX(ifmgd);
410 459
@@ -555,6 +604,37 @@ static void ieee80211_change_ps(struct ieee80211_local *local)
555 } 604 }
556} 605}
557 606
607static bool ieee80211_powersave_allowed(struct ieee80211_sub_if_data *sdata)
608{
609 struct ieee80211_if_managed *mgd = &sdata->u.mgd;
610 struct sta_info *sta = NULL;
611 u32 sta_flags = 0;
612
613 if (!mgd->powersave)
614 return false;
615
616 if (!mgd->associated)
617 return false;
618
619 if (!mgd->associated->beacon_ies)
620 return false;
621
622 if (mgd->flags & (IEEE80211_STA_BEACON_POLL |
623 IEEE80211_STA_CONNECTION_POLL))
624 return false;
625
626 rcu_read_lock();
627 sta = sta_info_get(sdata, mgd->bssid);
628 if (sta)
629 sta_flags = get_sta_flags(sta);
630 rcu_read_unlock();
631
632 if (!(sta_flags & WLAN_STA_AUTHORIZED))
633 return false;
634
635 return true;
636}
637
558/* need to hold RTNL or interface lock */ 638/* need to hold RTNL or interface lock */
559void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency) 639void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
560{ 640{
@@ -575,17 +655,21 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
575 list_for_each_entry(sdata, &local->interfaces, list) { 655 list_for_each_entry(sdata, &local->interfaces, list) {
576 if (!ieee80211_sdata_running(sdata)) 656 if (!ieee80211_sdata_running(sdata))
577 continue; 657 continue;
658 if (sdata->vif.type == NL80211_IFTYPE_AP) {
659 /* If an AP vif is found, then disable PS
660 * by setting the count to zero thereby setting
661 * ps_sdata to NULL.
662 */
663 count = 0;
664 break;
665 }
578 if (sdata->vif.type != NL80211_IFTYPE_STATION) 666 if (sdata->vif.type != NL80211_IFTYPE_STATION)
579 continue; 667 continue;
580 found = sdata; 668 found = sdata;
581 count++; 669 count++;
582 } 670 }
583 671
584 if (count == 1 && found->u.mgd.powersave && 672 if (count == 1 && ieee80211_powersave_allowed(found)) {
585 found->u.mgd.associated &&
586 found->u.mgd.associated->beacon_ies &&
587 !(found->u.mgd.flags & (IEEE80211_STA_BEACON_POLL |
588 IEEE80211_STA_CONNECTION_POLL))) {
589 struct ieee80211_conf *conf = &local->hw.conf; 673 struct ieee80211_conf *conf = &local->hw.conf;
590 s32 beaconint_us; 674 s32 beaconint_us;
591 675
@@ -600,11 +684,12 @@ void ieee80211_recalc_ps(struct ieee80211_local *local, s32 latency)
600 /* 684 /*
601 * Go to full PSM if the user configures a very low 685 * Go to full PSM if the user configures a very low
602 * latency requirement. 686 * latency requirement.
603 * The 2 second value is there for compatibility until 687 * The 2000 second value is there for compatibility
604 * the PM_QOS_NETWORK_LATENCY is configured with real 688 * until the PM_QOS_NETWORK_LATENCY is configured
605 * values. 689 * with real values.
606 */ 690 */
607 if (latency > 1900000000 && latency != 2000000000) 691 if (latency > (1900 * USEC_PER_MSEC) &&
692 latency != (2000 * USEC_PER_SEC))
608 timeout = 0; 693 timeout = 0;
609 else 694 else
610 timeout = 100; 695 timeout = 100;
@@ -665,6 +750,8 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
665 dynamic_ps_enable_work); 750 dynamic_ps_enable_work);
666 struct ieee80211_sub_if_data *sdata = local->ps_sdata; 751 struct ieee80211_sub_if_data *sdata = local->ps_sdata;
667 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 752 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
753 unsigned long flags;
754 int q;
668 755
669 /* can only happen when PS was just disabled anyway */ 756 /* can only happen when PS was just disabled anyway */
670 if (!sdata) 757 if (!sdata)
@@ -673,9 +760,38 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
673 if (local->hw.conf.flags & IEEE80211_CONF_PS) 760 if (local->hw.conf.flags & IEEE80211_CONF_PS)
674 return; 761 return;
675 762
763 /*
764 * transmission can be stopped by others which leads to
765 * dynamic_ps_timer expiry. Postpond the ps timer if it
766 * is not the actual idle state.
767 */
768 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
769 for (q = 0; q < local->hw.queues; q++) {
770 if (local->queue_stop_reasons[q]) {
771 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
772 flags);
773 mod_timer(&local->dynamic_ps_timer, jiffies +
774 msecs_to_jiffies(
775 local->hw.conf.dynamic_ps_timeout));
776 return;
777 }
778 }
779 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
780
676 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) && 781 if ((local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK) &&
677 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) 782 (!(ifmgd->flags & IEEE80211_STA_NULLFUNC_ACKED))) {
678 ieee80211_send_nullfunc(local, sdata, 1); 783 netif_tx_stop_all_queues(sdata->dev);
784
785 if (drv_tx_frames_pending(local))
786 mod_timer(&local->dynamic_ps_timer, jiffies +
787 msecs_to_jiffies(
788 local->hw.conf.dynamic_ps_timeout));
789 else {
790 ieee80211_send_nullfunc(local, sdata, 1);
791 /* Flush to get the tx status of nullfunc frame */
792 drv_flush(local, false);
793 }
794 }
679 795
680 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) && 796 if (!((local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) &&
681 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) || 797 (local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) ||
@@ -684,6 +800,8 @@ void ieee80211_dynamic_ps_enable_work(struct work_struct *work)
684 local->hw.conf.flags |= IEEE80211_CONF_PS; 800 local->hw.conf.flags |= IEEE80211_CONF_PS;
685 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 801 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
686 } 802 }
803
804 netif_tx_wake_all_queues(sdata->dev);
687} 805}
688 806
689void ieee80211_dynamic_ps_timer(unsigned long data) 807void ieee80211_dynamic_ps_timer(unsigned long data)
@@ -778,16 +896,17 @@ static void ieee80211_sta_wmm_params(struct ieee80211_local *local,
778 params.uapsd = uapsd; 896 params.uapsd = uapsd;
779 897
780#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 898#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
781 printk(KERN_DEBUG "%s: WMM queue=%d aci=%d acm=%d aifs=%d " 899 wiphy_debug(local->hw.wiphy,
782 "cWmin=%d cWmax=%d txop=%d uapsd=%d\n", 900 "WMM queue=%d aci=%d acm=%d aifs=%d "
783 wiphy_name(local->hw.wiphy), queue, aci, acm, 901 "cWmin=%d cWmax=%d txop=%d uapsd=%d\n",
784 params.aifs, params.cw_min, params.cw_max, params.txop, 902 queue, aci, acm,
785 params.uapsd); 903 params.aifs, params.cw_min, params.cw_max,
904 params.txop, params.uapsd);
786#endif 905#endif
787 if (drv_conf_tx(local, queue, &params)) 906 if (drv_conf_tx(local, queue, &params))
788 printk(KERN_DEBUG "%s: failed to set TX queue " 907 wiphy_debug(local->hw.wiphy,
789 "parameters for queue %d\n", 908 "failed to set TX queue parameters for queue %d\n",
790 wiphy_name(local->hw.wiphy), queue); 909 queue);
791 } 910 }
792 911
793 /* enable WMM or activate new settings */ 912 /* enable WMM or activate new settings */
@@ -851,6 +970,9 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
851 bss_info_changed |= ieee80211_handle_bss_capability(sdata, 970 bss_info_changed |= ieee80211_handle_bss_capability(sdata,
852 cbss->capability, bss->has_erp_value, bss->erp_value); 971 cbss->capability, bss->has_erp_value, bss->erp_value);
853 972
973 sdata->u.mgd.beacon_timeout = usecs_to_jiffies(ieee80211_tu_to_usec(
974 IEEE80211_BEACON_LOSS_COUNT * bss_conf->beacon_int));
975
854 sdata->u.mgd.associated = cbss; 976 sdata->u.mgd.associated = cbss;
855 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN); 977 memcpy(sdata->u.mgd.bssid, cbss->bssid, ETH_ALEN);
856 978
@@ -860,14 +982,6 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
860 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL | 982 sdata->u.mgd.flags &= ~(IEEE80211_STA_CONNECTION_POLL |
861 IEEE80211_STA_BEACON_POLL); 983 IEEE80211_STA_BEACON_POLL);
862 984
863 /*
864 * Always handle WMM once after association regardless
865 * of the first value the AP uses. Setting -1 here has
866 * that effect because the AP values is an unsigned
867 * 4-bit value.
868 */
869 sdata->u.mgd.wmm_last_param_set = -1;
870
871 ieee80211_led_assoc(local, 1); 985 ieee80211_led_assoc(local, 1);
872 986
873 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD) 987 if (local->hw.flags & IEEE80211_HW_NEED_DTIM_PERIOD)
@@ -901,7 +1015,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
901 1015
902 mutex_lock(&local->iflist_mtx); 1016 mutex_lock(&local->iflist_mtx);
903 ieee80211_recalc_ps(local, -1); 1017 ieee80211_recalc_ps(local, -1);
904 ieee80211_recalc_smps(local, sdata); 1018 ieee80211_recalc_smps(local);
905 mutex_unlock(&local->iflist_mtx); 1019 mutex_unlock(&local->iflist_mtx);
906 1020
907 netif_tx_start_all_queues(sdata->dev); 1021 netif_tx_start_all_queues(sdata->dev);
@@ -909,7 +1023,7 @@ static void ieee80211_set_associated(struct ieee80211_sub_if_data *sdata,
909} 1023}
910 1024
911static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata, 1025static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
912 bool remove_sta) 1026 bool remove_sta, bool tx)
913{ 1027{
914 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1028 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
915 struct ieee80211_local *local = sdata->local; 1029 struct ieee80211_local *local = sdata->local;
@@ -948,7 +1062,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
948 sta = sta_info_get(sdata, bssid); 1062 sta = sta_info_get(sdata, bssid);
949 if (sta) { 1063 if (sta) {
950 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 1064 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
951 ieee80211_sta_tear_down_BA_sessions(sta); 1065 ieee80211_sta_tear_down_BA_sessions(sta, tx);
952 } 1066 }
953 mutex_unlock(&local->sta_mtx); 1067 mutex_unlock(&local->sta_mtx);
954 1068
@@ -975,6 +1089,7 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
975 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 1089 local->hw.conf.flags &= ~IEEE80211_CONF_PS;
976 config_changed |= IEEE80211_CONF_CHANGE_PS; 1090 config_changed |= IEEE80211_CONF_CHANGE_PS;
977 } 1091 }
1092 local->ps_sdata = NULL;
978 1093
979 ieee80211_hw_config(local, config_changed); 1094 ieee80211_hw_config(local, config_changed);
980 1095
@@ -990,6 +1105,11 @@ static void ieee80211_set_disassoc(struct ieee80211_sub_if_data *sdata,
990 1105
991 if (remove_sta) 1106 if (remove_sta)
992 sta_info_destroy_addr(sdata, bssid); 1107 sta_info_destroy_addr(sdata, bssid);
1108
1109 del_timer_sync(&sdata->u.mgd.conn_mon_timer);
1110 del_timer_sync(&sdata->u.mgd.bcn_mon_timer);
1111 del_timer_sync(&sdata->u.mgd.timer);
1112 del_timer_sync(&sdata->u.mgd.chswitch_timer);
993} 1113}
994 1114
995void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata, 1115void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
@@ -1006,24 +1126,89 @@ void ieee80211_sta_rx_notify(struct ieee80211_sub_if_data *sdata,
1006 if (is_multicast_ether_addr(hdr->addr1)) 1126 if (is_multicast_ether_addr(hdr->addr1))
1007 return; 1127 return;
1008 1128
1129 ieee80211_sta_reset_conn_monitor(sdata);
1130}
1131
1132static void ieee80211_reset_ap_probe(struct ieee80211_sub_if_data *sdata)
1133{
1134 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1135
1136 if (!(ifmgd->flags & (IEEE80211_STA_BEACON_POLL |
1137 IEEE80211_STA_CONNECTION_POLL)))
1138 return;
1139
1140 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1141 IEEE80211_STA_BEACON_POLL);
1142 mutex_lock(&sdata->local->iflist_mtx);
1143 ieee80211_recalc_ps(sdata->local, -1);
1144 mutex_unlock(&sdata->local->iflist_mtx);
1145
1009 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR) 1146 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1010 return; 1147 return;
1011 1148
1012 mod_timer(&sdata->u.mgd.conn_mon_timer, 1149 /*
1013 round_jiffies_up(jiffies + IEEE80211_CONNECTION_IDLE_TIME)); 1150 * We've received a probe response, but are not sure whether
1151 * we have or will be receiving any beacons or data, so let's
1152 * schedule the timers again, just in case.
1153 */
1154 ieee80211_sta_reset_beacon_monitor(sdata);
1155
1156 mod_timer(&ifmgd->conn_mon_timer,
1157 round_jiffies_up(jiffies +
1158 IEEE80211_CONNECTION_IDLE_TIME));
1159}
1160
1161void ieee80211_sta_tx_notify(struct ieee80211_sub_if_data *sdata,
1162 struct ieee80211_hdr *hdr, bool ack)
1163{
1164 if (!ieee80211_is_data(hdr->frame_control))
1165 return;
1166
1167 if (ack)
1168 ieee80211_sta_reset_conn_monitor(sdata);
1169
1170 if (ieee80211_is_nullfunc(hdr->frame_control) &&
1171 sdata->u.mgd.probe_send_count > 0) {
1172 if (ack)
1173 sdata->u.mgd.probe_send_count = 0;
1174 else
1175 sdata->u.mgd.nullfunc_failed = true;
1176 ieee80211_queue_work(&sdata->local->hw, &sdata->work);
1177 }
1014} 1178}
1015 1179
1016static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata) 1180static void ieee80211_mgd_probe_ap_send(struct ieee80211_sub_if_data *sdata)
1017{ 1181{
1018 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1182 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1019 const u8 *ssid; 1183 const u8 *ssid;
1184 u8 *dst = ifmgd->associated->bssid;
1185 u8 unicast_limit = max(1, max_probe_tries - 3);
1020 1186
1021 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID); 1187 /*
1022 ieee80211_send_probe_req(sdata, ifmgd->associated->bssid, 1188 * Try sending broadcast probe requests for the last three
1023 ssid + 2, ssid[1], NULL, 0); 1189 * probe requests after the first ones failed since some
1190 * buggy APs only support broadcast probe requests.
1191 */
1192 if (ifmgd->probe_send_count >= unicast_limit)
1193 dst = NULL;
1194
1195 /*
1196 * When the hardware reports an accurate Tx ACK status, it's
1197 * better to send a nullfunc frame instead of a probe request,
1198 * as it will kick us off the AP quickly if we aren't associated
1199 * anymore. The timeout will be reset if the frame is ACKed by
1200 * the AP.
1201 */
1202 if (sdata->local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
1203 ifmgd->nullfunc_failed = false;
1204 ieee80211_send_nullfunc(sdata->local, sdata, 0);
1205 } else {
1206 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1207 ieee80211_send_probe_req(sdata, dst, ssid + 2, ssid[1], NULL, 0);
1208 }
1024 1209
1025 ifmgd->probe_send_count++; 1210 ifmgd->probe_send_count++;
1026 ifmgd->probe_timeout = jiffies + IEEE80211_PROBE_WAIT; 1211 ifmgd->probe_timeout = jiffies + msecs_to_jiffies(probe_wait_ms);
1027 run_again(ifmgd, ifmgd->probe_timeout); 1212 run_again(ifmgd, ifmgd->probe_timeout);
1028} 1213}
1029 1214
@@ -1086,6 +1271,30 @@ static void ieee80211_mgd_probe_ap(struct ieee80211_sub_if_data *sdata,
1086 mutex_unlock(&ifmgd->mtx); 1271 mutex_unlock(&ifmgd->mtx);
1087} 1272}
1088 1273
1274struct sk_buff *ieee80211_ap_probereq_get(struct ieee80211_hw *hw,
1275 struct ieee80211_vif *vif)
1276{
1277 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1278 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
1279 struct sk_buff *skb;
1280 const u8 *ssid;
1281
1282 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_STATION))
1283 return NULL;
1284
1285 ASSERT_MGD_MTX(ifmgd);
1286
1287 if (!ifmgd->associated)
1288 return NULL;
1289
1290 ssid = ieee80211_bss_get_ie(ifmgd->associated, WLAN_EID_SSID);
1291 skb = ieee80211_build_probe_req(sdata, ifmgd->associated->bssid,
1292 ssid + 2, ssid[1], NULL, 0);
1293
1294 return skb;
1295}
1296EXPORT_SYMBOL(ieee80211_ap_probereq_get);
1297
1089static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata) 1298static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1090{ 1299{
1091 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 1300 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
@@ -1100,11 +1309,15 @@ static void __ieee80211_connection_loss(struct ieee80211_sub_if_data *sdata)
1100 1309
1101 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 1310 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1102 1311
1103 printk(KERN_DEBUG "Connection to AP %pM lost.\n", bssid); 1312 printk(KERN_DEBUG "%s: Connection to AP %pM lost.\n",
1313 sdata->name, bssid);
1104 1314
1105 ieee80211_set_disassoc(sdata, true); 1315 ieee80211_set_disassoc(sdata, true, true);
1106 ieee80211_recalc_idle(local);
1107 mutex_unlock(&ifmgd->mtx); 1316 mutex_unlock(&ifmgd->mtx);
1317
1318 mutex_lock(&local->mtx);
1319 ieee80211_recalc_idle(local);
1320 mutex_unlock(&local->mtx);
1108 /* 1321 /*
1109 * must be outside lock due to cfg80211, 1322 * must be outside lock due to cfg80211,
1110 * but that's not a problem. 1323 * but that's not a problem.
@@ -1172,8 +1385,10 @@ ieee80211_rx_mgmt_deauth(struct ieee80211_sub_if_data *sdata,
1172 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n", 1385 printk(KERN_DEBUG "%s: deauthenticated from %pM (Reason: %u)\n",
1173 sdata->name, bssid, reason_code); 1386 sdata->name, bssid, reason_code);
1174 1387
1175 ieee80211_set_disassoc(sdata, true); 1388 ieee80211_set_disassoc(sdata, true, false);
1389 mutex_lock(&sdata->local->mtx);
1176 ieee80211_recalc_idle(sdata->local); 1390 ieee80211_recalc_idle(sdata->local);
1391 mutex_unlock(&sdata->local->mtx);
1177 1392
1178 return RX_MGMT_CFG80211_DEAUTH; 1393 return RX_MGMT_CFG80211_DEAUTH;
1179} 1394}
@@ -1202,8 +1417,10 @@ ieee80211_rx_mgmt_disassoc(struct ieee80211_sub_if_data *sdata,
1202 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n", 1417 printk(KERN_DEBUG "%s: disassociated from %pM (Reason: %u)\n",
1203 sdata->name, mgmt->sa, reason_code); 1418 sdata->name, mgmt->sa, reason_code);
1204 1419
1205 ieee80211_set_disassoc(sdata, true); 1420 ieee80211_set_disassoc(sdata, true, false);
1421 mutex_lock(&sdata->local->mtx);
1206 ieee80211_recalc_idle(sdata->local); 1422 ieee80211_recalc_idle(sdata->local);
1423 mutex_unlock(&sdata->local->mtx);
1207 return RX_MGMT_CFG80211_DISASSOC; 1424 return RX_MGMT_CFG80211_DISASSOC;
1208} 1425}
1209 1426
@@ -1262,7 +1479,7 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1262 1479
1263 rates = 0; 1480 rates = 0;
1264 basic_rates = 0; 1481 basic_rates = 0;
1265 sband = local->hw.wiphy->bands[local->hw.conf.channel->band]; 1482 sband = local->hw.wiphy->bands[wk->chan->band];
1266 1483
1267 for (i = 0; i < elems.supp_rates_len; i++) { 1484 for (i = 0; i < elems.supp_rates_len; i++) {
1268 int rate = (elems.supp_rates[i] & 0x7f) * 5; 1485 int rate = (elems.supp_rates[i] & 0x7f) * 5;
@@ -1298,11 +1515,11 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1298 } 1515 }
1299 } 1516 }
1300 1517
1301 sta->sta.supp_rates[local->hw.conf.channel->band] = rates; 1518 sta->sta.supp_rates[wk->chan->band] = rates;
1302 sdata->vif.bss_conf.basic_rates = basic_rates; 1519 sdata->vif.bss_conf.basic_rates = basic_rates;
1303 1520
1304 /* cf. IEEE 802.11 9.2.12 */ 1521 /* cf. IEEE 802.11 9.2.12 */
1305 if (local->hw.conf.channel->band == IEEE80211_BAND_2GHZ && 1522 if (wk->chan->band == IEEE80211_BAND_2GHZ &&
1306 have_higher_than_11mbit) 1523 have_higher_than_11mbit)
1307 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE; 1524 sdata->flags |= IEEE80211_SDATA_OPERATING_GMODE;
1308 else 1525 else
@@ -1330,6 +1547,14 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1330 return false; 1547 return false;
1331 } 1548 }
1332 1549
1550 /*
1551 * Always handle WMM once after association regardless
1552 * of the first value the AP uses. Setting -1 here has
1553 * that effect because the AP values is an unsigned
1554 * 4-bit value.
1555 */
1556 ifmgd->wmm_last_param_set = -1;
1557
1333 if (elems.wmm_param) 1558 if (elems.wmm_param)
1334 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param, 1559 ieee80211_sta_wmm_params(local, sdata, elems.wmm_param,
1335 elems.wmm_param_len); 1560 elems.wmm_param_len);
@@ -1362,7 +1587,7 @@ static bool ieee80211_assoc_success(struct ieee80211_work *wk,
1362 * Also start the timer that will detect beacon loss. 1587 * Also start the timer that will detect beacon loss.
1363 */ 1588 */
1364 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt); 1589 ieee80211_sta_rx_notify(sdata, (struct ieee80211_hdr *)mgmt);
1365 mod_beacon_timer(sdata); 1590 ieee80211_sta_reset_beacon_monitor(sdata);
1366 1591
1367 return true; 1592 return true;
1368} 1593}
@@ -1388,7 +1613,8 @@ static void ieee80211_rx_bss_info(struct ieee80211_sub_if_data *sdata,
1388 } 1613 }
1389 1614
1390 if (elems->ds_params && elems->ds_params_len == 1) 1615 if (elems->ds_params && elems->ds_params_len == 1)
1391 freq = ieee80211_channel_to_frequency(elems->ds_params[0]); 1616 freq = ieee80211_channel_to_frequency(elems->ds_params[0],
1617 rx_status->band);
1392 else 1618 else
1393 freq = rx_status->freq; 1619 freq = rx_status->freq;
1394 1620
@@ -1448,29 +1674,8 @@ static void ieee80211_rx_mgmt_probe_resp(struct ieee80211_sub_if_data *sdata,
1448 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false); 1674 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, false);
1449 1675
1450 if (ifmgd->associated && 1676 if (ifmgd->associated &&
1451 memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0 && 1677 memcmp(mgmt->bssid, ifmgd->associated->bssid, ETH_ALEN) == 0)
1452 ifmgd->flags & (IEEE80211_STA_BEACON_POLL | 1678 ieee80211_reset_ap_probe(sdata);
1453 IEEE80211_STA_CONNECTION_POLL)) {
1454 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
1455 IEEE80211_STA_BEACON_POLL);
1456 mutex_lock(&sdata->local->iflist_mtx);
1457 ieee80211_recalc_ps(sdata->local, -1);
1458 mutex_unlock(&sdata->local->iflist_mtx);
1459
1460 if (sdata->local->hw.flags & IEEE80211_HW_CONNECTION_MONITOR)
1461 return;
1462
1463 /*
1464 * We've received a probe response, but are not sure whether
1465 * we have or will be receiving any beacons or data, so let's
1466 * schedule the timers again, just in case.
1467 */
1468 mod_beacon_timer(sdata);
1469
1470 mod_timer(&ifmgd->conn_mon_timer,
1471 round_jiffies_up(jiffies +
1472 IEEE80211_CONNECTION_IDLE_TIME));
1473 }
1474} 1679}
1475 1680
1476/* 1681/*
@@ -1540,15 +1745,18 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1540 ifmgd->last_beacon_signal = rx_status->signal; 1745 ifmgd->last_beacon_signal = rx_status->signal;
1541 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) { 1746 if (ifmgd->flags & IEEE80211_STA_RESET_SIGNAL_AVE) {
1542 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE; 1747 ifmgd->flags &= ~IEEE80211_STA_RESET_SIGNAL_AVE;
1543 ifmgd->ave_beacon_signal = rx_status->signal; 1748 ifmgd->ave_beacon_signal = rx_status->signal * 16;
1544 ifmgd->last_cqm_event_signal = 0; 1749 ifmgd->last_cqm_event_signal = 0;
1750 ifmgd->count_beacon_signal = 1;
1545 } else { 1751 } else {
1546 ifmgd->ave_beacon_signal = 1752 ifmgd->ave_beacon_signal =
1547 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 + 1753 (IEEE80211_SIGNAL_AVE_WEIGHT * rx_status->signal * 16 +
1548 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) * 1754 (16 - IEEE80211_SIGNAL_AVE_WEIGHT) *
1549 ifmgd->ave_beacon_signal) / 16; 1755 ifmgd->ave_beacon_signal) / 16;
1756 ifmgd->count_beacon_signal++;
1550 } 1757 }
1551 if (bss_conf->cqm_rssi_thold && 1758 if (bss_conf->cqm_rssi_thold &&
1759 ifmgd->count_beacon_signal >= IEEE80211_SIGNAL_AVE_MIN_COUNT &&
1552 !(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) { 1760 !(local->hw.flags & IEEE80211_HW_SUPPORTS_CQM_RSSI)) {
1553 int sig = ifmgd->ave_beacon_signal / 16; 1761 int sig = ifmgd->ave_beacon_signal / 16;
1554 int last_event = ifmgd->last_cqm_event_signal; 1762 int last_event = ifmgd->last_cqm_event_signal;
@@ -1588,7 +1796,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1588 * Push the beacon loss detection into the future since 1796 * Push the beacon loss detection into the future since
1589 * we are processing a beacon from the AP just now. 1797 * we are processing a beacon from the AP just now.
1590 */ 1798 */
1591 mod_beacon_timer(sdata); 1799 ieee80211_sta_reset_beacon_monitor(sdata);
1592 1800
1593 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4); 1801 ncrc = crc32_be(0, (void *)&mgmt->u.beacon.beacon_int, 4);
1594 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable, 1802 ncrc = ieee802_11_parse_elems_crc(mgmt->u.beacon.variable,
@@ -1599,7 +1807,7 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1599 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len, 1807 directed_tim = ieee80211_check_tim(elems.tim, elems.tim_len,
1600 ifmgd->aid); 1808 ifmgd->aid);
1601 1809
1602 if (ncrc != ifmgd->beacon_crc) { 1810 if (ncrc != ifmgd->beacon_crc || !ifmgd->beacon_crc_valid) {
1603 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems, 1811 ieee80211_rx_bss_info(sdata, mgmt, len, rx_status, &elems,
1604 true); 1812 true);
1605 1813
@@ -1630,9 +1838,10 @@ static void ieee80211_rx_mgmt_beacon(struct ieee80211_sub_if_data *sdata,
1630 } 1838 }
1631 } 1839 }
1632 1840
1633 if (ncrc == ifmgd->beacon_crc) 1841 if (ncrc == ifmgd->beacon_crc && ifmgd->beacon_crc_valid)
1634 return; 1842 return;
1635 ifmgd->beacon_crc = ncrc; 1843 ifmgd->beacon_crc = ncrc;
1844 ifmgd->beacon_crc_valid = true;
1636 1845
1637 if (elems.erp_info && elems.erp_info_len >= 1) { 1846 if (elems.erp_info && elems.erp_info_len >= 1) {
1638 erp_valid = true; 1847 erp_valid = true;
@@ -1751,7 +1960,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1751 struct ieee80211_local *local = sdata->local; 1960 struct ieee80211_local *local = sdata->local;
1752 struct ieee80211_work *wk; 1961 struct ieee80211_work *wk;
1753 1962
1754 mutex_lock(&local->work_mtx); 1963 mutex_lock(&local->mtx);
1755 list_for_each_entry(wk, &local->work_list, list) { 1964 list_for_each_entry(wk, &local->work_list, list) {
1756 if (wk->sdata != sdata) 1965 if (wk->sdata != sdata)
1757 continue; 1966 continue;
@@ -1783,7 +1992,7 @@ void ieee80211_sta_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata,
1783 free_work(wk); 1992 free_work(wk);
1784 break; 1993 break;
1785 } 1994 }
1786 mutex_unlock(&local->work_mtx); 1995 mutex_unlock(&local->mtx);
1787 1996
1788 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len); 1997 cfg80211_send_deauth(sdata->dev, (u8 *)mgmt, skb->len);
1789 } 1998 }
@@ -1804,6 +2013,31 @@ static void ieee80211_sta_timer(unsigned long data)
1804 ieee80211_queue_work(&local->hw, &sdata->work); 2013 ieee80211_queue_work(&local->hw, &sdata->work);
1805} 2014}
1806 2015
2016static void ieee80211_sta_connection_lost(struct ieee80211_sub_if_data *sdata,
2017 u8 *bssid)
2018{
2019 struct ieee80211_local *local = sdata->local;
2020 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
2021
2022 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL |
2023 IEEE80211_STA_BEACON_POLL);
2024
2025 ieee80211_set_disassoc(sdata, true, true);
2026 mutex_unlock(&ifmgd->mtx);
2027 mutex_lock(&local->mtx);
2028 ieee80211_recalc_idle(local);
2029 mutex_unlock(&local->mtx);
2030 /*
2031 * must be outside lock due to cfg80211,
2032 * but that's not a problem.
2033 */
2034 ieee80211_send_deauth_disassoc(sdata, bssid,
2035 IEEE80211_STYPE_DEAUTH,
2036 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
2037 NULL, true);
2038 mutex_lock(&ifmgd->mtx);
2039}
2040
1807void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata) 2041void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
1808{ 2042{
1809 struct ieee80211_local *local = sdata->local; 2043 struct ieee80211_local *local = sdata->local;
@@ -1816,17 +2050,56 @@ void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
1816 IEEE80211_STA_CONNECTION_POLL) && 2050 IEEE80211_STA_CONNECTION_POLL) &&
1817 ifmgd->associated) { 2051 ifmgd->associated) {
1818 u8 bssid[ETH_ALEN]; 2052 u8 bssid[ETH_ALEN];
2053 int max_tries;
1819 2054
1820 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN); 2055 memcpy(bssid, ifmgd->associated->bssid, ETH_ALEN);
1821 if (time_is_after_jiffies(ifmgd->probe_timeout))
1822 run_again(ifmgd, ifmgd->probe_timeout);
1823 2056
1824 else if (ifmgd->probe_send_count < IEEE80211_MAX_PROBE_TRIES) { 2057 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS)
2058 max_tries = max_nullfunc_tries;
2059 else
2060 max_tries = max_probe_tries;
2061
2062 /* ACK received for nullfunc probing frame */
2063 if (!ifmgd->probe_send_count)
2064 ieee80211_reset_ap_probe(sdata);
2065 else if (ifmgd->nullfunc_failed) {
2066 if (ifmgd->probe_send_count < max_tries) {
2067#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2068 wiphy_debug(local->hw.wiphy,
2069 "%s: No ack for nullfunc frame to"
2070 " AP %pM, try %d/%i\n",
2071 sdata->name, bssid,
2072 ifmgd->probe_send_count, max_tries);
2073#endif
2074 ieee80211_mgd_probe_ap_send(sdata);
2075 } else {
2076#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2077 wiphy_debug(local->hw.wiphy,
2078 "%s: No ack for nullfunc frame to"
2079 " AP %pM, disconnecting.\n",
2080 sdata->name, bssid);
2081#endif
2082 ieee80211_sta_connection_lost(sdata, bssid);
2083 }
2084 } else if (time_is_after_jiffies(ifmgd->probe_timeout))
2085 run_again(ifmgd, ifmgd->probe_timeout);
2086 else if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
2087#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2088 wiphy_debug(local->hw.wiphy,
2089 "%s: Failed to send nullfunc to AP %pM"
2090 " after %dms, disconnecting.\n",
2091 sdata->name,
2092 bssid, probe_wait_ms);
2093#endif
2094 ieee80211_sta_connection_lost(sdata, bssid);
2095 } else if (ifmgd->probe_send_count < max_tries) {
1825#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 2096#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1826 printk(KERN_DEBUG "No probe response from AP %pM" 2097 wiphy_debug(local->hw.wiphy,
1827 " after %dms, try %d\n", bssid, 2098 "%s: No probe response from AP %pM"
1828 (1000 * IEEE80211_PROBE_WAIT)/HZ, 2099 " after %dms, try %d/%i\n",
1829 ifmgd->probe_send_count); 2100 sdata->name,
2101 bssid, probe_wait_ms,
2102 ifmgd->probe_send_count, max_tries);
1830#endif 2103#endif
1831 ieee80211_mgd_probe_ap_send(sdata); 2104 ieee80211_mgd_probe_ap_send(sdata);
1832 } else { 2105 } else {
@@ -1834,23 +2107,13 @@ void ieee80211_sta_work(struct ieee80211_sub_if_data *sdata)
1834 * We actually lost the connection ... or did we? 2107 * We actually lost the connection ... or did we?
1835 * Let's make sure! 2108 * Let's make sure!
1836 */ 2109 */
1837 ifmgd->flags &= ~(IEEE80211_STA_CONNECTION_POLL | 2110 wiphy_debug(local->hw.wiphy,
1838 IEEE80211_STA_BEACON_POLL); 2111 "%s: No probe response from AP %pM"
1839 printk(KERN_DEBUG "No probe response from AP %pM" 2112 " after %dms, disconnecting.\n",
1840 " after %dms, disconnecting.\n", 2113 sdata->name,
1841 bssid, (1000 * IEEE80211_PROBE_WAIT)/HZ); 2114 bssid, probe_wait_ms);
1842 ieee80211_set_disassoc(sdata, true); 2115
1843 ieee80211_recalc_idle(local); 2116 ieee80211_sta_connection_lost(sdata, bssid);
1844 mutex_unlock(&ifmgd->mtx);
1845 /*
1846 * must be outside lock due to cfg80211,
1847 * but that's not a problem.
1848 */
1849 ieee80211_send_deauth_disassoc(sdata, bssid,
1850 IEEE80211_STYPE_DEAUTH,
1851 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY,
1852 NULL, true);
1853 mutex_lock(&ifmgd->mtx);
1854 } 2117 }
1855 } 2118 }
1856 2119
@@ -1917,6 +2180,8 @@ void ieee80211_sta_quiesce(struct ieee80211_sub_if_data *sdata)
1917 * time -- the code here is properly synchronised. 2180 * time -- the code here is properly synchronised.
1918 */ 2181 */
1919 2182
2183 cancel_work_sync(&ifmgd->request_smps_work);
2184
1920 cancel_work_sync(&ifmgd->beacon_connection_loss_work); 2185 cancel_work_sync(&ifmgd->beacon_connection_loss_work);
1921 if (del_timer_sync(&ifmgd->timer)) 2186 if (del_timer_sync(&ifmgd->timer))
1922 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running); 2187 set_bit(TMR_RUNNING_TIMER, &ifmgd->timers_running);
@@ -1939,6 +2204,8 @@ void ieee80211_sta_restart(struct ieee80211_sub_if_data *sdata)
1939 add_timer(&ifmgd->timer); 2204 add_timer(&ifmgd->timer);
1940 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running)) 2205 if (test_and_clear_bit(TMR_RUNNING_CHANSW, &ifmgd->timers_running))
1941 add_timer(&ifmgd->chswitch_timer); 2206 add_timer(&ifmgd->chswitch_timer);
2207 ieee80211_sta_reset_beacon_monitor(sdata);
2208 ieee80211_restart_sta_timer(sdata);
1942} 2209}
1943#endif 2210#endif
1944 2211
@@ -1952,6 +2219,7 @@ void ieee80211_sta_setup_sdata(struct ieee80211_sub_if_data *sdata)
1952 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work); 2219 INIT_WORK(&ifmgd->chswitch_work, ieee80211_chswitch_work);
1953 INIT_WORK(&ifmgd->beacon_connection_loss_work, 2220 INIT_WORK(&ifmgd->beacon_connection_loss_work,
1954 ieee80211_beacon_connection_loss_work); 2221 ieee80211_beacon_connection_loss_work);
2222 INIT_WORK(&ifmgd->request_smps_work, ieee80211_request_smps_work);
1955 setup_timer(&ifmgd->timer, ieee80211_sta_timer, 2223 setup_timer(&ifmgd->timer, ieee80211_sta_timer,
1956 (unsigned long) sdata); 2224 (unsigned long) sdata);
1957 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer, 2225 setup_timer(&ifmgd->bcn_mon_timer, ieee80211_sta_bcn_mon_timer,
@@ -2081,6 +2349,7 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
2081 else 2349 else
2082 wk->type = IEEE80211_WORK_DIRECT_PROBE; 2350 wk->type = IEEE80211_WORK_DIRECT_PROBE;
2083 wk->chan = req->bss->channel; 2351 wk->chan = req->bss->channel;
2352 wk->chan_type = NL80211_CHAN_NO_HT;
2084 wk->sdata = sdata; 2353 wk->sdata = sdata;
2085 wk->done = ieee80211_probe_auth_done; 2354 wk->done = ieee80211_probe_auth_done;
2086 2355
@@ -2158,7 +2427,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2158 } 2427 }
2159 2428
2160 /* Trying to reassociate - clear previous association state */ 2429 /* Trying to reassociate - clear previous association state */
2161 ieee80211_set_disassoc(sdata, true); 2430 ieee80211_set_disassoc(sdata, true, false);
2162 } 2431 }
2163 mutex_unlock(&ifmgd->mtx); 2432 mutex_unlock(&ifmgd->mtx);
2164 2433
@@ -2169,6 +2438,8 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2169 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N; 2438 ifmgd->flags &= ~IEEE80211_STA_DISABLE_11N;
2170 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED; 2439 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
2171 2440
2441 ifmgd->beacon_crc_valid = false;
2442
2172 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++) 2443 for (i = 0; i < req->crypto.n_ciphers_pairwise; i++)
2173 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 || 2444 if (req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_WEP40 ||
2174 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP || 2445 req->crypto.ciphers_pairwise[i] == WLAN_CIPHER_SUITE_TKIP ||
@@ -2228,6 +2499,7 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2228 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN); 2499 memcpy(wk->assoc.prev_bssid, req->prev_bssid, ETH_ALEN);
2229 2500
2230 wk->chan = req->bss->channel; 2501 wk->chan = req->bss->channel;
2502 wk->chan_type = NL80211_CHAN_NO_HT;
2231 wk->sdata = sdata; 2503 wk->sdata = sdata;
2232 wk->done = ieee80211_assoc_done; 2504 wk->done = ieee80211_assoc_done;
2233 if (!bss->dtim_period && 2505 if (!bss->dtim_period &&
@@ -2249,6 +2521,9 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
2249 else 2521 else
2250 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT; 2522 ifmgd->flags &= ~IEEE80211_STA_CONTROL_PORT;
2251 2523
2524 sdata->control_port_protocol = req->crypto.control_port_ethertype;
2525 sdata->control_port_no_encrypt = req->crypto.control_port_no_encrypt;
2526
2252 ieee80211_add_work(wk); 2527 ieee80211_add_work(wk);
2253 return 0; 2528 return 0;
2254} 2529}
@@ -2267,7 +2542,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2267 2542
2268 memcpy(bssid, req->bss->bssid, ETH_ALEN); 2543 memcpy(bssid, req->bss->bssid, ETH_ALEN);
2269 if (ifmgd->associated == req->bss) { 2544 if (ifmgd->associated == req->bss) {
2270 ieee80211_set_disassoc(sdata, false); 2545 ieee80211_set_disassoc(sdata, false, true);
2271 mutex_unlock(&ifmgd->mtx); 2546 mutex_unlock(&ifmgd->mtx);
2272 assoc_bss = true; 2547 assoc_bss = true;
2273 } else { 2548 } else {
@@ -2275,7 +2550,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2275 2550
2276 mutex_unlock(&ifmgd->mtx); 2551 mutex_unlock(&ifmgd->mtx);
2277 2552
2278 mutex_lock(&local->work_mtx); 2553 mutex_lock(&local->mtx);
2279 list_for_each_entry(wk, &local->work_list, list) { 2554 list_for_each_entry(wk, &local->work_list, list) {
2280 if (wk->sdata != sdata) 2555 if (wk->sdata != sdata)
2281 continue; 2556 continue;
@@ -2294,7 +2569,7 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2294 free_work(wk); 2569 free_work(wk);
2295 break; 2570 break;
2296 } 2571 }
2297 mutex_unlock(&local->work_mtx); 2572 mutex_unlock(&local->mtx);
2298 2573
2299 /* 2574 /*
2300 * If somebody requests authentication and we haven't 2575 * If somebody requests authentication and we haven't
@@ -2319,7 +2594,9 @@ int ieee80211_mgd_deauth(struct ieee80211_sub_if_data *sdata,
2319 if (assoc_bss) 2594 if (assoc_bss)
2320 sta_info_destroy_addr(sdata, bssid); 2595 sta_info_destroy_addr(sdata, bssid);
2321 2596
2597 mutex_lock(&sdata->local->mtx);
2322 ieee80211_recalc_idle(sdata->local); 2598 ieee80211_recalc_idle(sdata->local);
2599 mutex_unlock(&sdata->local->mtx);
2323 2600
2324 return 0; 2601 return 0;
2325} 2602}
@@ -2348,7 +2625,7 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2348 sdata->name, req->bss->bssid, req->reason_code); 2625 sdata->name, req->bss->bssid, req->reason_code);
2349 2626
2350 memcpy(bssid, req->bss->bssid, ETH_ALEN); 2627 memcpy(bssid, req->bss->bssid, ETH_ALEN);
2351 ieee80211_set_disassoc(sdata, false); 2628 ieee80211_set_disassoc(sdata, false, true);
2352 2629
2353 mutex_unlock(&ifmgd->mtx); 2630 mutex_unlock(&ifmgd->mtx);
2354 2631
@@ -2357,7 +2634,9 @@ int ieee80211_mgd_disassoc(struct ieee80211_sub_if_data *sdata,
2357 cookie, !req->local_state_change); 2634 cookie, !req->local_state_change);
2358 sta_info_destroy_addr(sdata, bssid); 2635 sta_info_destroy_addr(sdata, bssid);
2359 2636
2637 mutex_lock(&sdata->local->mtx);
2360 ieee80211_recalc_idle(sdata->local); 2638 ieee80211_recalc_idle(sdata->local);
2639 mutex_unlock(&sdata->local->mtx);
2361 2640
2362 return 0; 2641 return 0;
2363} 2642}
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index c36b1911987a..13427b194ced 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -14,20 +14,29 @@
14 */ 14 */
15#include <net/mac80211.h> 15#include <net/mac80211.h>
16#include "ieee80211_i.h" 16#include "ieee80211_i.h"
17#include "driver-trace.h"
17 18
18/* 19/*
19 * inform AP that we will go to sleep so that it will buffer the frames 20 * Tell our hardware to disable PS.
20 * while we scan 21 * Optionally inform AP that we will go to sleep so that it will buffer
22 * the frames while we are doing off-channel work. This is optional
23 * because we *may* be doing work on-operating channel, and want our
24 * hardware unconditionally awake, but still let the AP send us normal frames.
21 */ 25 */
22static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata) 26static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata,
27 bool tell_ap)
23{ 28{
24 struct ieee80211_local *local = sdata->local; 29 struct ieee80211_local *local = sdata->local;
30 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
25 31
26 local->offchannel_ps_enabled = false; 32 local->offchannel_ps_enabled = false;
27 33
28 /* FIXME: what to do when local->pspolling is true? */ 34 /* FIXME: what to do when local->pspolling is true? */
29 35
30 del_timer_sync(&local->dynamic_ps_timer); 36 del_timer_sync(&local->dynamic_ps_timer);
37 del_timer_sync(&ifmgd->bcn_mon_timer);
38 del_timer_sync(&ifmgd->conn_mon_timer);
39
31 cancel_work_sync(&local->dynamic_ps_enable_work); 40 cancel_work_sync(&local->dynamic_ps_enable_work);
32 41
33 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 42 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
@@ -36,8 +45,8 @@ static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
36 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 45 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
37 } 46 }
38 47
39 if (!(local->offchannel_ps_enabled) || 48 if (tell_ap && (!local->offchannel_ps_enabled ||
40 !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)) 49 !(local->hw.flags & IEEE80211_HW_PS_NULLFUNC_STACK)))
41 /* 50 /*
42 * If power save was enabled, no need to send a nullfunc 51 * If power save was enabled, no need to send a nullfunc
43 * frame because AP knows that we are sleeping. But if the 52 * frame because AP knows that we are sleeping. But if the
@@ -72,6 +81,9 @@ static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
72 * we are sleeping, let's just enable power save mode in 81 * we are sleeping, let's just enable power save mode in
73 * hardware. 82 * hardware.
74 */ 83 */
84 /* TODO: Only set hardware if CONF_PS changed?
85 * TODO: Should we set offchannel_ps_enabled to false?
86 */
75 local->hw.conf.flags |= IEEE80211_CONF_PS; 87 local->hw.conf.flags |= IEEE80211_CONF_PS;
76 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 88 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
77 } else if (local->hw.conf.dynamic_ps_timeout > 0) { 89 } else if (local->hw.conf.dynamic_ps_timeout > 0) {
@@ -85,62 +97,66 @@ static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
85 mod_timer(&local->dynamic_ps_timer, jiffies + 97 mod_timer(&local->dynamic_ps_timer, jiffies +
86 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 98 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
87 } 99 }
100
101 ieee80211_sta_reset_beacon_monitor(sdata);
102 ieee80211_sta_reset_conn_monitor(sdata);
88} 103}
89 104
90void ieee80211_offchannel_stop_beaconing(struct ieee80211_local *local) 105void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local,
106 bool offchannel_ps_enable)
91{ 107{
92 struct ieee80211_sub_if_data *sdata; 108 struct ieee80211_sub_if_data *sdata;
93 109
110 /*
111 * notify the AP about us leaving the channel and stop all
112 * STA interfaces.
113 */
94 mutex_lock(&local->iflist_mtx); 114 mutex_lock(&local->iflist_mtx);
95 list_for_each_entry(sdata, &local->interfaces, list) { 115 list_for_each_entry(sdata, &local->interfaces, list) {
96 if (!ieee80211_sdata_running(sdata)) 116 if (!ieee80211_sdata_running(sdata))
97 continue; 117 continue;
98 118
99 /* disable beaconing */ 119 if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
120 set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
121
122 /* Check to see if we should disable beaconing. */
100 if (sdata->vif.type == NL80211_IFTYPE_AP || 123 if (sdata->vif.type == NL80211_IFTYPE_AP ||
101 sdata->vif.type == NL80211_IFTYPE_ADHOC || 124 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
102 sdata->vif.type == NL80211_IFTYPE_MESH_POINT) 125 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
103 ieee80211_bss_info_change_notify( 126 ieee80211_bss_info_change_notify(
104 sdata, BSS_CHANGED_BEACON_ENABLED); 127 sdata, BSS_CHANGED_BEACON_ENABLED);
105 128
106 /* 129 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) {
107 * only handle non-STA interfaces here, STA interfaces
108 * are handled in ieee80211_offchannel_stop_station(),
109 * e.g., from the background scan state machine.
110 *
111 * In addition, do not stop monitor interface to allow it to be
112 * used from user space controlled off-channel operations.
113 */
114 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
115 sdata->vif.type != NL80211_IFTYPE_MONITOR)
116 netif_tx_stop_all_queues(sdata->dev); 130 netif_tx_stop_all_queues(sdata->dev);
131 if (offchannel_ps_enable &&
132 (sdata->vif.type == NL80211_IFTYPE_STATION) &&
133 sdata->u.mgd.associated)
134 ieee80211_offchannel_ps_enable(sdata, true);
135 }
117 } 136 }
118 mutex_unlock(&local->iflist_mtx); 137 mutex_unlock(&local->iflist_mtx);
119} 138}
120 139
121void ieee80211_offchannel_stop_station(struct ieee80211_local *local) 140void ieee80211_offchannel_enable_all_ps(struct ieee80211_local *local,
141 bool tell_ap)
122{ 142{
123 struct ieee80211_sub_if_data *sdata; 143 struct ieee80211_sub_if_data *sdata;
124 144
125 /*
126 * notify the AP about us leaving the channel and stop all STA interfaces
127 */
128 mutex_lock(&local->iflist_mtx); 145 mutex_lock(&local->iflist_mtx);
129 list_for_each_entry(sdata, &local->interfaces, list) { 146 list_for_each_entry(sdata, &local->interfaces, list) {
130 if (!ieee80211_sdata_running(sdata)) 147 if (!ieee80211_sdata_running(sdata))
131 continue; 148 continue;
132 149
133 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 150 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
134 netif_tx_stop_all_queues(sdata->dev); 151 sdata->u.mgd.associated)
135 if (sdata->u.mgd.associated) 152 ieee80211_offchannel_ps_enable(sdata, tell_ap);
136 ieee80211_offchannel_ps_enable(sdata);
137 }
138 } 153 }
139 mutex_unlock(&local->iflist_mtx); 154 mutex_unlock(&local->iflist_mtx);
140} 155}
141 156
142void ieee80211_offchannel_return(struct ieee80211_local *local, 157void ieee80211_offchannel_return(struct ieee80211_local *local,
143 bool enable_beaconing) 158 bool enable_beaconing,
159 bool offchannel_ps_disable)
144{ 160{
145 struct ieee80211_sub_if_data *sdata; 161 struct ieee80211_sub_if_data *sdata;
146 162
@@ -150,15 +166,28 @@ void ieee80211_offchannel_return(struct ieee80211_local *local,
150 continue; 166 continue;
151 167
152 /* Tell AP we're back */ 168 /* Tell AP we're back */
153 if (sdata->vif.type == NL80211_IFTYPE_STATION) { 169 if (offchannel_ps_disable &&
170 sdata->vif.type == NL80211_IFTYPE_STATION) {
154 if (sdata->u.mgd.associated) 171 if (sdata->u.mgd.associated)
155 ieee80211_offchannel_ps_disable(sdata); 172 ieee80211_offchannel_ps_disable(sdata);
156 } 173 }
157 174
158 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 175 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) {
176 clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
177 /*
178 * This may wake up queues even though the driver
179 * currently has them stopped. This is not very
180 * likely, since the driver won't have gotten any
181 * (or hardly any) new packets while we weren't
182 * on the right channel, and even if it happens
183 * it will at most lead to queueing up one more
184 * packet per queue in mac80211 rather than on
185 * the interface qdisc.
186 */
159 netif_tx_wake_all_queues(sdata->dev); 187 netif_tx_wake_all_queues(sdata->dev);
188 }
160 189
161 /* re-enable beaconing */ 190 /* Check to see if we should re-enable beaconing */
162 if (enable_beaconing && 191 if (enable_beaconing &&
163 (sdata->vif.type == NL80211_IFTYPE_AP || 192 (sdata->vif.type == NL80211_IFTYPE_AP ||
164 sdata->vif.type == NL80211_IFTYPE_ADHOC || 193 sdata->vif.type == NL80211_IFTYPE_ADHOC ||
@@ -168,3 +197,87 @@ void ieee80211_offchannel_return(struct ieee80211_local *local,
168 } 197 }
169 mutex_unlock(&local->iflist_mtx); 198 mutex_unlock(&local->iflist_mtx);
170} 199}
200
201static void ieee80211_hw_roc_start(struct work_struct *work)
202{
203 struct ieee80211_local *local =
204 container_of(work, struct ieee80211_local, hw_roc_start);
205 struct ieee80211_sub_if_data *sdata;
206
207 mutex_lock(&local->mtx);
208
209 if (!local->hw_roc_channel) {
210 mutex_unlock(&local->mtx);
211 return;
212 }
213
214 ieee80211_recalc_idle(local);
215
216 if (local->hw_roc_skb) {
217 sdata = IEEE80211_DEV_TO_SUB_IF(local->hw_roc_dev);
218 ieee80211_tx_skb(sdata, local->hw_roc_skb);
219 local->hw_roc_skb = NULL;
220 } else {
221 cfg80211_ready_on_channel(local->hw_roc_dev,
222 local->hw_roc_cookie,
223 local->hw_roc_channel,
224 local->hw_roc_channel_type,
225 local->hw_roc_duration,
226 GFP_KERNEL);
227 }
228
229 mutex_unlock(&local->mtx);
230}
231
232void ieee80211_ready_on_channel(struct ieee80211_hw *hw)
233{
234 struct ieee80211_local *local = hw_to_local(hw);
235
236 trace_api_ready_on_channel(local);
237
238 ieee80211_queue_work(hw, &local->hw_roc_start);
239}
240EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel);
241
242static void ieee80211_hw_roc_done(struct work_struct *work)
243{
244 struct ieee80211_local *local =
245 container_of(work, struct ieee80211_local, hw_roc_done);
246
247 mutex_lock(&local->mtx);
248
249 if (!local->hw_roc_channel) {
250 mutex_unlock(&local->mtx);
251 return;
252 }
253
254 if (!local->hw_roc_for_tx)
255 cfg80211_remain_on_channel_expired(local->hw_roc_dev,
256 local->hw_roc_cookie,
257 local->hw_roc_channel,
258 local->hw_roc_channel_type,
259 GFP_KERNEL);
260
261 local->hw_roc_channel = NULL;
262 local->hw_roc_cookie = 0;
263
264 ieee80211_recalc_idle(local);
265
266 mutex_unlock(&local->mtx);
267}
268
269void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw)
270{
271 struct ieee80211_local *local = hw_to_local(hw);
272
273 trace_api_remain_on_channel_expired(local);
274
275 ieee80211_queue_work(hw, &local->hw_roc_done);
276}
277EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired);
278
279void ieee80211_hw_roc_setup(struct ieee80211_local *local)
280{
281 INIT_WORK(&local->hw_roc_start, ieee80211_hw_roc_start);
282 INIT_WORK(&local->hw_roc_done, ieee80211_hw_roc_done);
283}
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
index d287fde0431d..730778a2c90c 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
@@ -6,7 +6,7 @@
6#include "driver-ops.h" 6#include "driver-ops.h"
7#include "led.h" 7#include "led.h"
8 8
9int __ieee80211_suspend(struct ieee80211_hw *hw) 9int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
10{ 10{
11 struct ieee80211_local *local = hw_to_local(hw); 11 struct ieee80211_local *local = hw_to_local(hw);
12 struct ieee80211_sub_if_data *sdata; 12 struct ieee80211_sub_if_data *sdata;
@@ -14,12 +14,23 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
14 14
15 ieee80211_scan_cancel(local); 15 ieee80211_scan_cancel(local);
16 16
17 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
18 mutex_lock(&local->sta_mtx);
19 list_for_each_entry(sta, &local->sta_list, list) {
20 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
21 ieee80211_sta_tear_down_BA_sessions(sta, true);
22 }
23 mutex_unlock(&local->sta_mtx);
24 }
25
17 ieee80211_stop_queues_by_reason(hw, 26 ieee80211_stop_queues_by_reason(hw,
18 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 27 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
19 28
20 /* flush out all packets */ 29 /* flush out all packets */
21 synchronize_net(); 30 synchronize_net();
22 31
32 drv_flush(local, false);
33
23 local->quiescing = true; 34 local->quiescing = true;
24 /* make quiescing visible to timers everywhere */ 35 /* make quiescing visible to timers everywhere */
25 mb(); 36 mb();
@@ -36,6 +47,16 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
36 cancel_work_sync(&local->dynamic_ps_enable_work); 47 cancel_work_sync(&local->dynamic_ps_enable_work);
37 del_timer_sync(&local->dynamic_ps_timer); 48 del_timer_sync(&local->dynamic_ps_timer);
38 49
50 local->wowlan = wowlan && local->open_count;
51 if (local->wowlan) {
52 int err = drv_suspend(local, wowlan);
53 if (err) {
54 local->quiescing = false;
55 return err;
56 }
57 goto suspend;
58 }
59
39 /* disable keys */ 60 /* disable keys */
40 list_for_each_entry(sdata, &local->interfaces, list) 61 list_for_each_entry(sdata, &local->interfaces, list)
41 ieee80211_disable_keys(sdata); 62 ieee80211_disable_keys(sdata);
@@ -43,11 +64,6 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
43 /* tear down aggregation sessions and remove STAs */ 64 /* tear down aggregation sessions and remove STAs */
44 mutex_lock(&local->sta_mtx); 65 mutex_lock(&local->sta_mtx);
45 list_for_each_entry(sta, &local->sta_list, list) { 66 list_for_each_entry(sta, &local->sta_list, list) {
46 if (hw->flags & IEEE80211_HW_AMPDU_AGGREGATION) {
47 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
48 ieee80211_sta_tear_down_BA_sessions(sta);
49 }
50
51 if (sta->uploaded) { 67 if (sta->uploaded) {
52 sdata = sta->sdata; 68 sdata = sta->sdata;
53 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 69 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
@@ -98,6 +114,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw)
98 if (local->open_count) 114 if (local->open_count)
99 ieee80211_stop_device(local); 115 ieee80211_stop_device(local);
100 116
117 suspend:
101 local->suspended = true; 118 local->suspended = true;
102 /* need suspended to be visible before quiescing is false */ 119 /* need suspended to be visible before quiescing is false */
103 barrier(); 120 barrier();
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
index be04d46110fe..3d5a2cb835c4 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
@@ -145,6 +145,7 @@ static ssize_t rcname_read(struct file *file, char __user *userbuf,
145static const struct file_operations rcname_ops = { 145static const struct file_operations rcname_ops = {
146 .read = rcname_read, 146 .read = rcname_read,
147 .open = mac80211_open_file_generic, 147 .open = mac80211_open_file_generic,
148 .llseek = default_llseek,
148}; 149};
149#endif 150#endif
150 151
@@ -207,10 +208,11 @@ static bool rc_no_data_or_no_ack(struct ieee80211_tx_rate_control *txrc)
207 208
208 fc = hdr->frame_control; 209 fc = hdr->frame_control;
209 210
210 return ((info->flags & IEEE80211_TX_CTL_NO_ACK) || !ieee80211_is_data(fc)); 211 return (info->flags & IEEE80211_TX_CTL_NO_ACK) || !ieee80211_is_data(fc);
211} 212}
212 213
213static void rc_send_low_broadcast(s8 *idx, u32 basic_rates, u8 max_rate_idx) 214static void rc_send_low_broadcast(s8 *idx, u32 basic_rates,
215 struct ieee80211_supported_band *sband)
214{ 216{
215 u8 i; 217 u8 i;
216 218
@@ -221,7 +223,7 @@ static void rc_send_low_broadcast(s8 *idx, u32 basic_rates, u8 max_rate_idx)
221 if (basic_rates & (1 << *idx)) 223 if (basic_rates & (1 << *idx))
222 return; /* selected rate is a basic rate */ 224 return; /* selected rate is a basic rate */
223 225
224 for (i = *idx + 1; i <= max_rate_idx; i++) { 226 for (i = *idx + 1; i <= sband->n_bitrates; i++) {
225 if (basic_rates & (1 << i)) { 227 if (basic_rates & (1 << i)) {
226 *idx = i; 228 *idx = i;
227 return; 229 return;
@@ -236,16 +238,25 @@ bool rate_control_send_low(struct ieee80211_sta *sta,
236 struct ieee80211_tx_rate_control *txrc) 238 struct ieee80211_tx_rate_control *txrc)
237{ 239{
238 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb); 240 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(txrc->skb);
241 struct ieee80211_supported_band *sband = txrc->sband;
242 int mcast_rate;
239 243
240 if (!sta || !priv_sta || rc_no_data_or_no_ack(txrc)) { 244 if (!sta || !priv_sta || rc_no_data_or_no_ack(txrc)) {
241 info->control.rates[0].idx = rate_lowest_index(txrc->sband, sta); 245 info->control.rates[0].idx = rate_lowest_index(txrc->sband, sta);
242 info->control.rates[0].count = 246 info->control.rates[0].count =
243 (info->flags & IEEE80211_TX_CTL_NO_ACK) ? 247 (info->flags & IEEE80211_TX_CTL_NO_ACK) ?
244 1 : txrc->hw->max_rate_tries; 248 1 : txrc->hw->max_rate_tries;
245 if (!sta && txrc->ap) 249 if (!sta && txrc->bss) {
250 mcast_rate = txrc->bss_conf->mcast_rate[sband->band];
251 if (mcast_rate > 0) {
252 info->control.rates[0].idx = mcast_rate - 1;
253 return true;
254 }
255
246 rc_send_low_broadcast(&info->control.rates[0].idx, 256 rc_send_low_broadcast(&info->control.rates[0].idx,
247 txrc->bss_conf->basic_rates, 257 txrc->bss_conf->basic_rates,
248 txrc->sband->n_bitrates); 258 sband);
259 }
249 return true; 260 return true;
250 } 261 }
251 return false; 262 return false;
@@ -328,6 +339,9 @@ void rate_control_get_rate(struct ieee80211_sub_if_data *sdata,
328 * if needed. 339 * if needed.
329 */ 340 */
330 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 341 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
342 /* Skip invalid rates */
343 if (info->control.rates[i].idx < 0)
344 break;
331 /* Rate masking supports only legacy rates for now */ 345 /* Rate masking supports only legacy rates for now */
332 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS) 346 if (info->control.rates[i].flags & IEEE80211_TX_RC_MCS)
333 continue; 347 continue;
@@ -368,8 +382,8 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
368 382
369 ref = rate_control_alloc(name, local); 383 ref = rate_control_alloc(name, local);
370 if (!ref) { 384 if (!ref) {
371 printk(KERN_WARNING "%s: Failed to select rate control " 385 wiphy_warn(local->hw.wiphy,
372 "algorithm\n", wiphy_name(local->hw.wiphy)); 386 "Failed to select rate control algorithm\n");
373 return -ENOENT; 387 return -ENOENT;
374 } 388 }
375 389
@@ -380,9 +394,8 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
380 sta_info_flush(local, NULL); 394 sta_info_flush(local, NULL);
381 } 395 }
382 396
383 printk(KERN_DEBUG "%s: Selected rate control " 397 wiphy_debug(local->hw.wiphy, "Selected rate control algorithm '%s'\n",
384 "algorithm '%s'\n", wiphy_name(local->hw.wiphy), 398 ref->ops->name);
385 ref->ops->name);
386 399
387 return 0; 400 return 0;
388} 401}
diff --git a/net/mac80211/rc80211_minstrel.c b/net/mac80211/rc80211_minstrel.c
index 778c604d7939..8adac67395f7 100644
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -417,8 +417,8 @@ minstrel_rate_init(void *priv, struct ieee80211_supported_band *sband,
417 tx_time_single = mr->ack_time + mr->perfect_tx_time; 417 tx_time_single = mr->ack_time + mr->perfect_tx_time;
418 418
419 /* contention window */ 419 /* contention window */
420 tx_time_single += t_slot + min(cw, mp->cw_max); 420 tx_time_single += (t_slot * cw) >> 1;
421 cw = (cw << 1) | 1; 421 cw = min((cw << 1) | 1, mp->cw_max);
422 422
423 tx_time += tx_time_single; 423 tx_time += tx_time_single;
424 tx_time_cts += tx_time_single + mi->sp_ack_dur; 424 tx_time_cts += tx_time_single + mi->sp_ack_dur;
diff --git a/net/mac80211/rc80211_minstrel_debugfs.c b/net/mac80211/rc80211_minstrel_debugfs.c
index 241e76f3fdf2..a290ad231d77 100644
--- a/net/mac80211/rc80211_minstrel_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_debugfs.c
@@ -122,6 +122,7 @@ static const struct file_operations minstrel_stat_fops = {
122 .open = minstrel_stats_open, 122 .open = minstrel_stats_open,
123 .read = minstrel_stats_read, 123 .read = minstrel_stats_read,
124 .release = minstrel_stats_release, 124 .release = minstrel_stats_release,
125 .llseek = default_llseek,
125}; 126};
126 127
127void 128void
diff --git a/net/mac80211/rc80211_minstrel_ht.c b/net/mac80211/rc80211_minstrel_ht.c
index c5b465904e3b..333b5118be6d 100644
--- a/net/mac80211/rc80211_minstrel_ht.c
+++ b/net/mac80211/rc80211_minstrel_ht.c
@@ -259,7 +259,7 @@ minstrel_ht_update_stats(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
259 } 259 }
260 } 260 }
261 261
262 /* try to sample up to half of the availble rates during each interval */ 262 /* try to sample up to half of the available rates during each interval */
263 mi->sample_count *= 4; 263 mi->sample_count *= 4;
264 264
265 cur_prob = 0; 265 cur_prob = 0;
@@ -371,7 +371,10 @@ minstrel_aggr_check(struct minstrel_priv *mp, struct ieee80211_sta *pubsta, stru
371 if (likely(sta->ampdu_mlme.tid_tx[tid])) 371 if (likely(sta->ampdu_mlme.tid_tx[tid]))
372 return; 372 return;
373 373
374 ieee80211_start_tx_ba_session(pubsta, tid); 374 if (skb_get_queue_mapping(skb) == IEEE80211_AC_VO)
375 return;
376
377 ieee80211_start_tx_ba_session(pubsta, tid, 5000);
375} 378}
376 379
377static void 380static void
@@ -397,8 +400,9 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
397 !(info->flags & IEEE80211_TX_STAT_AMPDU)) 400 !(info->flags & IEEE80211_TX_STAT_AMPDU))
398 return; 401 return;
399 402
400 if (!info->status.ampdu_len) { 403 if (!(info->flags & IEEE80211_TX_STAT_AMPDU)) {
401 info->status.ampdu_ack_len = 1; 404 info->status.ampdu_ack_len =
405 (info->flags & IEEE80211_TX_STAT_ACK ? 1 : 0);
402 info->status.ampdu_len = 1; 406 info->status.ampdu_len = 1;
403 } 407 }
404 408
@@ -406,15 +410,13 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
406 mi->ampdu_len += info->status.ampdu_len; 410 mi->ampdu_len += info->status.ampdu_len;
407 411
408 if (!mi->sample_wait && !mi->sample_tries && mi->sample_count > 0) { 412 if (!mi->sample_wait && !mi->sample_tries && mi->sample_count > 0) {
409 mi->sample_wait = 4 + 2 * MINSTREL_TRUNC(mi->avg_ampdu_len); 413 mi->sample_wait = 16 + 2 * MINSTREL_TRUNC(mi->avg_ampdu_len);
410 mi->sample_tries = 3; 414 mi->sample_tries = 2;
411 mi->sample_count--; 415 mi->sample_count--;
412 } 416 }
413 417
414 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE) { 418 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
415 mi->sample_packets += info->status.ampdu_len; 419 mi->sample_packets += info->status.ampdu_len;
416 minstrel_next_sample_idx(mi);
417 }
418 420
419 for (i = 0; !last; i++) { 421 for (i = 0; !last; i++) {
420 last = (i == IEEE80211_TX_MAX_RATES - 1) || 422 last = (i == IEEE80211_TX_MAX_RATES - 1) ||
@@ -426,7 +428,7 @@ minstrel_ht_tx_status(void *priv, struct ieee80211_supported_band *sband,
426 group = minstrel_ht_get_group_idx(&ar[i]); 428 group = minstrel_ht_get_group_idx(&ar[i]);
427 rate = &mi->groups[group].rates[ar[i].idx % 8]; 429 rate = &mi->groups[group].rates[ar[i].idx % 8];
428 430
429 if (last && (info->flags & IEEE80211_TX_STAT_ACK)) 431 if (last)
430 rate->success += info->status.ampdu_ack_len; 432 rate->success += info->status.ampdu_ack_len;
431 433
432 rate->attempts += ar[i].count * info->status.ampdu_len; 434 rate->attempts += ar[i].count * info->status.ampdu_len;
@@ -462,6 +464,7 @@ minstrel_calc_retransmit(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
462 const struct mcs_group *group; 464 const struct mcs_group *group;
463 unsigned int tx_time, tx_time_rtscts, tx_time_data; 465 unsigned int tx_time, tx_time_rtscts, tx_time_data;
464 unsigned int cw = mp->cw_min; 466 unsigned int cw = mp->cw_min;
467 unsigned int ctime = 0;
465 unsigned int t_slot = 9; /* FIXME */ 468 unsigned int t_slot = 9; /* FIXME */
466 unsigned int ampdu_len = MINSTREL_TRUNC(mi->avg_ampdu_len); 469 unsigned int ampdu_len = MINSTREL_TRUNC(mi->avg_ampdu_len);
467 470
@@ -478,13 +481,27 @@ minstrel_calc_retransmit(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
478 481
479 group = &minstrel_mcs_groups[index / MCS_GROUP_RATES]; 482 group = &minstrel_mcs_groups[index / MCS_GROUP_RATES];
480 tx_time_data = group->duration[index % MCS_GROUP_RATES] * ampdu_len; 483 tx_time_data = group->duration[index % MCS_GROUP_RATES] * ampdu_len;
481 tx_time = 2 * (t_slot + mi->overhead + tx_time_data); 484
482 tx_time_rtscts = 2 * (t_slot + mi->overhead_rtscts + tx_time_data); 485 /* Contention time for first 2 tries */
486 ctime = (t_slot * cw) >> 1;
487 cw = min((cw << 1) | 1, mp->cw_max);
488 ctime += (t_slot * cw) >> 1;
489 cw = min((cw << 1) | 1, mp->cw_max);
490
491 /* Total TX time for data and Contention after first 2 tries */
492 tx_time = ctime + 2 * (mi->overhead + tx_time_data);
493 tx_time_rtscts = ctime + 2 * (mi->overhead_rtscts + tx_time_data);
494
495 /* See how many more tries we can fit inside segment size */
483 do { 496 do {
484 cw = (cw << 1) | 1; 497 /* Contention time for this try */
485 cw = min(cw, mp->cw_max); 498 ctime = (t_slot * cw) >> 1;
486 tx_time += cw + t_slot + mi->overhead; 499 cw = min((cw << 1) | 1, mp->cw_max);
487 tx_time_rtscts += cw + t_slot + mi->overhead_rtscts; 500
501 /* Total TX time after this try */
502 tx_time += ctime + mi->overhead + tx_time_data;
503 tx_time_rtscts += ctime + mi->overhead_rtscts + tx_time_data;
504
488 if (tx_time_rtscts < mp->segment_size) 505 if (tx_time_rtscts < mp->segment_size)
489 mr->retry_count_rtscts++; 506 mr->retry_count_rtscts++;
490 } while ((tx_time < mp->segment_size) && 507 } while ((tx_time < mp->segment_size) &&
@@ -505,7 +522,9 @@ minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
505 if (!mr->retry_updated) 522 if (!mr->retry_updated)
506 minstrel_calc_retransmit(mp, mi, index); 523 minstrel_calc_retransmit(mp, mi, index);
507 524
508 if (mr->probability < MINSTREL_FRAC(20, 100)) 525 if (sample)
526 rate->count = 1;
527 else if (mr->probability < MINSTREL_FRAC(20, 100))
509 rate->count = 2; 528 rate->count = 2;
510 else if (rtscts) 529 else if (rtscts)
511 rate->count = mr->retry_count_rtscts; 530 rate->count = mr->retry_count_rtscts;
@@ -513,9 +532,7 @@ minstrel_ht_set_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi,
513 rate->count = mr->retry_count; 532 rate->count = mr->retry_count;
514 533
515 rate->flags = IEEE80211_TX_RC_MCS | group->flags; 534 rate->flags = IEEE80211_TX_RC_MCS | group->flags;
516 if (txrc->short_preamble) 535 if (rtscts)
517 rate->flags |= IEEE80211_TX_RC_USE_SHORT_PREAMBLE;
518 if (txrc->rts || rtscts)
519 rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS; 536 rate->flags |= IEEE80211_TX_RC_USE_RTS_CTS;
520 rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES; 537 rate->idx = index % MCS_GROUP_RATES + (group->streams - 1) * MCS_GROUP_RATES;
521} 538}
@@ -547,13 +564,14 @@ minstrel_get_sample_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
547 sample_idx = sample_table[mg->column][mg->index]; 564 sample_idx = sample_table[mg->column][mg->index];
548 mr = &mg->rates[sample_idx]; 565 mr = &mg->rates[sample_idx];
549 sample_idx += mi->sample_group * MCS_GROUP_RATES; 566 sample_idx += mi->sample_group * MCS_GROUP_RATES;
567 minstrel_next_sample_idx(mi);
550 568
551 /* 569 /*
552 * When not using MRR, do not sample if the probability is already 570 * When not using MRR, do not sample if the probability is already
553 * higher than 95% to avoid wasting airtime 571 * higher than 95% to avoid wasting airtime
554 */ 572 */
555 if (!mp->has_mrr && (mr->probability > MINSTREL_FRAC(95, 100))) 573 if (!mp->has_mrr && (mr->probability > MINSTREL_FRAC(95, 100)))
556 goto next; 574 return -1;
557 575
558 /* 576 /*
559 * Make sure that lower rates get sampled only occasionally, 577 * Make sure that lower rates get sampled only occasionally,
@@ -561,18 +579,14 @@ minstrel_get_sample_rate(struct minstrel_priv *mp, struct minstrel_ht_sta *mi)
561 */ 579 */
562 if (minstrel_get_duration(sample_idx) > 580 if (minstrel_get_duration(sample_idx) >
563 minstrel_get_duration(mi->max_tp_rate)) { 581 minstrel_get_duration(mi->max_tp_rate)) {
564 if (mr->sample_skipped < 10) 582 if (mr->sample_skipped < 20)
565 goto next; 583 return -1;
566 584
567 if (mi->sample_slow++ > 2) 585 if (mi->sample_slow++ > 2)
568 goto next; 586 return -1;
569 } 587 }
570 588
571 return sample_idx; 589 return sample_idx;
572
573next:
574 minstrel_next_sample_idx(mi);
575 return -1;
576} 590}
577 591
578static void 592static void
@@ -585,6 +599,7 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
585 struct minstrel_ht_sta *mi = &msp->ht; 599 struct minstrel_ht_sta *mi = &msp->ht;
586 struct minstrel_priv *mp = priv; 600 struct minstrel_priv *mp = priv;
587 int sample_idx; 601 int sample_idx;
602 bool sample = false;
588 603
589 if (rate_control_send_low(sta, priv_sta, txrc)) 604 if (rate_control_send_low(sta, priv_sta, txrc))
590 return; 605 return;
@@ -595,21 +610,49 @@ minstrel_ht_get_rate(void *priv, struct ieee80211_sta *sta, void *priv_sta,
595 info->flags |= mi->tx_flags; 610 info->flags |= mi->tx_flags;
596 sample_idx = minstrel_get_sample_rate(mp, mi); 611 sample_idx = minstrel_get_sample_rate(mp, mi);
597 if (sample_idx >= 0) { 612 if (sample_idx >= 0) {
613 sample = true;
598 minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx, 614 minstrel_ht_set_rate(mp, mi, &ar[0], sample_idx,
599 txrc, true, false); 615 txrc, true, false);
600 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate,
601 txrc, false, true);
602 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE; 616 info->flags |= IEEE80211_TX_CTL_RATE_CTRL_PROBE;
603 } else { 617 } else {
604 minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate, 618 minstrel_ht_set_rate(mp, mi, &ar[0], mi->max_tp_rate,
605 txrc, false, false); 619 txrc, false, false);
606 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2,
607 txrc, false, true);
608 } 620 }
609 minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate, txrc, false, true);
610 621
611 ar[3].count = 0; 622 if (mp->hw->max_rates >= 3) {
612 ar[3].idx = -1; 623 /*
624 * At least 3 tx rates supported, use
625 * sample_rate -> max_tp_rate -> max_prob_rate for sampling and
626 * max_tp_rate -> max_tp_rate2 -> max_prob_rate by default.
627 */
628 if (sample_idx >= 0)
629 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate,
630 txrc, false, false);
631 else
632 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_tp_rate2,
633 txrc, false, true);
634
635 minstrel_ht_set_rate(mp, mi, &ar[2], mi->max_prob_rate,
636 txrc, false, !sample);
637
638 ar[3].count = 0;
639 ar[3].idx = -1;
640 } else if (mp->hw->max_rates == 2) {
641 /*
642 * Only 2 tx rates supported, use
643 * sample_rate -> max_prob_rate for sampling and
644 * max_tp_rate -> max_prob_rate by default.
645 */
646 minstrel_ht_set_rate(mp, mi, &ar[1], mi->max_prob_rate,
647 txrc, false, !sample);
648
649 ar[2].count = 0;
650 ar[2].idx = -1;
651 } else {
652 /* Not using MRR, only use the first rate */
653 ar[1].count = 0;
654 ar[1].idx = -1;
655 }
613 656
614 mi->total_packets++; 657 mi->total_packets++;
615 658
@@ -631,18 +674,14 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
631 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs; 674 struct ieee80211_mcs_info *mcs = &sta->ht_cap.mcs;
632 struct ieee80211_local *local = hw_to_local(mp->hw); 675 struct ieee80211_local *local = hw_to_local(mp->hw);
633 u16 sta_cap = sta->ht_cap.cap; 676 u16 sta_cap = sta->ht_cap.cap;
677 int n_supported = 0;
634 int ack_dur; 678 int ack_dur;
635 int stbc; 679 int stbc;
636 int i; 680 int i;
637 681
638 /* fall back to the old minstrel for legacy stations */ 682 /* fall back to the old minstrel for legacy stations */
639 if (!sta->ht_cap.ht_supported) { 683 if (!sta->ht_cap.ht_supported)
640 msp->is_ht = false; 684 goto use_legacy;
641 memset(&msp->legacy, 0, sizeof(msp->legacy));
642 msp->legacy.r = msp->ratelist;
643 msp->legacy.sample_table = msp->sample_table;
644 return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
645 }
646 685
647 BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) != 686 BUILD_BUG_ON(ARRAY_SIZE(minstrel_mcs_groups) !=
648 MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS); 687 MINSTREL_MAX_STREAMS * MINSTREL_STREAM_GROUPS);
@@ -697,7 +736,22 @@ minstrel_ht_update_caps(void *priv, struct ieee80211_supported_band *sband,
697 736
698 mi->groups[i].supported = 737 mi->groups[i].supported =
699 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1]; 738 mcs->rx_mask[minstrel_mcs_groups[i].streams - 1];
739
740 if (mi->groups[i].supported)
741 n_supported++;
700 } 742 }
743
744 if (!n_supported)
745 goto use_legacy;
746
747 return;
748
749use_legacy:
750 msp->is_ht = false;
751 memset(&msp->legacy, 0, sizeof(msp->legacy));
752 msp->legacy.r = msp->ratelist;
753 msp->legacy.sample_table = msp->sample_table;
754 return mac80211_minstrel.rate_init(priv, sband, sta, &msp->legacy);
701} 755}
702 756
703static void 757static void
diff --git a/net/mac80211/rc80211_minstrel_ht_debugfs.c b/net/mac80211/rc80211_minstrel_ht_debugfs.c
index 4a5a4b3e7799..cefcb5d2dae6 100644
--- a/net/mac80211/rc80211_minstrel_ht_debugfs.c
+++ b/net/mac80211/rc80211_minstrel_ht_debugfs.c
@@ -90,7 +90,7 @@ minstrel_ht_stats_open(struct inode *inode, struct file *file)
90 MINSTREL_TRUNC(mi->avg_ampdu_len * 10) % 10); 90 MINSTREL_TRUNC(mi->avg_ampdu_len * 10) % 10);
91 ms->len = p - ms->buf; 91 ms->len = p - ms->buf;
92 92
93 return 0; 93 return nonseekable_open(inode, file);
94} 94}
95 95
96static const struct file_operations minstrel_ht_stat_fops = { 96static const struct file_operations minstrel_ht_stat_fops = {
@@ -98,6 +98,7 @@ static const struct file_operations minstrel_ht_stat_fops = {
98 .open = minstrel_ht_stats_open, 98 .open = minstrel_ht_stats_open,
99 .read = minstrel_stats_read, 99 .read = minstrel_stats_read,
100 .release = minstrel_stats_release, 100 .release = minstrel_stats_release,
101 .llseek = no_llseek,
101}; 102};
102 103
103void 104void
diff --git a/net/mac80211/rc80211_pid.h b/net/mac80211/rc80211_pid.h
index 1a873f00691a..19111c7bf454 100644
--- a/net/mac80211/rc80211_pid.h
+++ b/net/mac80211/rc80211_pid.h
@@ -24,9 +24,6 @@
24/* Fixed point arithmetic shifting amount. */ 24/* Fixed point arithmetic shifting amount. */
25#define RC_PID_ARITH_SHIFT 8 25#define RC_PID_ARITH_SHIFT 8
26 26
27/* Fixed point arithmetic factor. */
28#define RC_PID_ARITH_FACTOR (1 << RC_PID_ARITH_SHIFT)
29
30/* Proportional PID component coefficient. */ 27/* Proportional PID component coefficient. */
31#define RC_PID_COEFF_P 15 28#define RC_PID_COEFF_P 15
32/* Integral PID component coefficient. */ 29/* Integral PID component coefficient. */
@@ -80,7 +77,7 @@ union rc_pid_event_data {
80}; 77};
81 78
82struct rc_pid_event { 79struct rc_pid_event {
83 /* The time when the event occured */ 80 /* The time when the event occurred */
84 unsigned long timestamp; 81 unsigned long timestamp;
85 82
86 /* Event ID number */ 83 /* Event ID number */
diff --git a/net/mac80211/rc80211_pid_debugfs.c b/net/mac80211/rc80211_pid_debugfs.c
index 47438b4a9af5..4851e9e2daed 100644
--- a/net/mac80211/rc80211_pid_debugfs.c
+++ b/net/mac80211/rc80211_pid_debugfs.c
@@ -162,7 +162,7 @@ static ssize_t rate_control_pid_events_read(struct file *file, char __user *buf,
162 file_info->next_entry = (file_info->next_entry + 1) % 162 file_info->next_entry = (file_info->next_entry + 1) %
163 RC_PID_EVENT_RING_SIZE; 163 RC_PID_EVENT_RING_SIZE;
164 164
165 /* Print information about the event. Note that userpace needs to 165 /* Print information about the event. Note that userspace needs to
166 * provide large enough buffers. */ 166 * provide large enough buffers. */
167 length = length < RC_PID_PRINT_BUF_SIZE ? 167 length = length < RC_PID_PRINT_BUF_SIZE ?
168 length : RC_PID_PRINT_BUF_SIZE; 168 length : RC_PID_PRINT_BUF_SIZE;
@@ -206,6 +206,7 @@ static const struct file_operations rc_pid_fop_events = {
206 .poll = rate_control_pid_events_poll, 206 .poll = rate_control_pid_events_poll,
207 .open = rate_control_pid_events_open, 207 .open = rate_control_pid_events_open,
208 .release = rate_control_pid_events_release, 208 .release = rate_control_pid_events_release,
209 .llseek = noop_llseek,
209}; 210};
210 211
211void rate_control_pid_add_sta_debugfs(void *priv, void *priv_sta, 212void rate_control_pid_add_sta_debugfs(void *priv, void *priv_sta,
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 28624282c5f3..7fa8c6be7bf0 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -77,7 +77,7 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
77 /* always present fields */ 77 /* always present fields */
78 len = sizeof(struct ieee80211_radiotap_header) + 9; 78 len = sizeof(struct ieee80211_radiotap_header) + 9;
79 79
80 if (status->flag & RX_FLAG_TSFT) 80 if (status->flag & RX_FLAG_MACTIME_MPDU)
81 len += 8; 81 len += 8;
82 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) 82 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
83 len += 1; 83 len += 1;
@@ -85,6 +85,9 @@ ieee80211_rx_radiotap_len(struct ieee80211_local *local,
85 if (len & 1) /* padding for RX_FLAGS if necessary */ 85 if (len & 1) /* padding for RX_FLAGS if necessary */
86 len++; 86 len++;
87 87
88 if (status->flag & RX_FLAG_HT) /* HT info */
89 len += 3;
90
88 return len; 91 return len;
89} 92}
90 93
@@ -120,7 +123,7 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
120 /* the order of the following fields is important */ 123 /* the order of the following fields is important */
121 124
122 /* IEEE80211_RADIOTAP_TSFT */ 125 /* IEEE80211_RADIOTAP_TSFT */
123 if (status->flag & RX_FLAG_TSFT) { 126 if (status->flag & RX_FLAG_MACTIME_MPDU) {
124 put_unaligned_le64(status->mactime, pos); 127 put_unaligned_le64(status->mactime, pos);
125 rthdr->it_present |= 128 rthdr->it_present |=
126 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT); 129 cpu_to_le32(1 << IEEE80211_RADIOTAP_TSFT);
@@ -139,11 +142,9 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
139 /* IEEE80211_RADIOTAP_RATE */ 142 /* IEEE80211_RADIOTAP_RATE */
140 if (status->flag & RX_FLAG_HT) { 143 if (status->flag & RX_FLAG_HT) {
141 /* 144 /*
142 * TODO: add following information into radiotap header once 145 * MCS information is a separate field in radiotap,
143 * suitable fields are defined for it: 146 * added below. The byte here is needed as padding
144 * - MCS index (status->rate_idx) 147 * for the channel though, so initialise it to 0.
145 * - HT40 (status->flag & RX_FLAG_40MHZ)
146 * - short-GI (status->flag & RX_FLAG_SHORT_GI)
147 */ 148 */
148 *pos = 0; 149 *pos = 0;
149 } else { 150 } else {
@@ -193,6 +194,20 @@ ieee80211_add_rx_radiotap_header(struct ieee80211_local *local,
193 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP; 194 rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP;
194 put_unaligned_le16(rx_flags, pos); 195 put_unaligned_le16(rx_flags, pos);
195 pos += 2; 196 pos += 2;
197
198 if (status->flag & RX_FLAG_HT) {
199 rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_MCS);
200 *pos++ = IEEE80211_RADIOTAP_MCS_HAVE_MCS |
201 IEEE80211_RADIOTAP_MCS_HAVE_GI |
202 IEEE80211_RADIOTAP_MCS_HAVE_BW;
203 *pos = 0;
204 if (status->flag & RX_FLAG_SHORT_GI)
205 *pos |= IEEE80211_RADIOTAP_MCS_SGI;
206 if (status->flag & RX_FLAG_40MHZ)
207 *pos |= IEEE80211_RADIOTAP_MCS_BW_40;
208 pos++;
209 *pos++ = status->rate_idx;
210 }
196} 211}
197 212
198/* 213/*
@@ -315,6 +330,7 @@ ieee80211_rx_monitor(struct ieee80211_local *local, struct sk_buff *origskb,
315static void ieee80211_parse_qos(struct ieee80211_rx_data *rx) 330static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
316{ 331{
317 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 332 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
333 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
318 int tid; 334 int tid;
319 335
320 /* does the frame have a qos control field? */ 336 /* does the frame have a qos control field? */
@@ -323,9 +339,7 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
323 /* frame has qos control */ 339 /* frame has qos control */
324 tid = *qc & IEEE80211_QOS_CTL_TID_MASK; 340 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
325 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT) 341 if (*qc & IEEE80211_QOS_CONTROL_A_MSDU_PRESENT)
326 rx->flags |= IEEE80211_RX_AMSDU; 342 status->rx_flags |= IEEE80211_RX_AMSDU;
327 else
328 rx->flags &= ~IEEE80211_RX_AMSDU;
329 } else { 343 } else {
330 /* 344 /*
331 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"): 345 * IEEE 802.11-2007, 7.1.3.4.1 ("Sequence Number field"):
@@ -368,7 +382,7 @@ static void ieee80211_parse_qos(struct ieee80211_rx_data *rx)
368 * specs were sane enough this time around to require padding each A-MSDU 382 * specs were sane enough this time around to require padding each A-MSDU
369 * subframe to a length that is a multiple of four. 383 * subframe to a length that is a multiple of four.
370 * 384 *
371 * Padding like Atheros hardware adds which is inbetween the 802.11 header and 385 * Padding like Atheros hardware adds which is between the 802.11 header and
372 * the payload is not supported, the driver is required to move the 802.11 386 * the payload is not supported, the driver is required to move the 802.11
373 * header to be directly in front of the payload in that case. 387 * header to be directly in front of the payload in that case.
374 */ 388 */
@@ -387,26 +401,21 @@ static ieee80211_rx_result debug_noinline
387ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx) 401ieee80211_rx_h_passive_scan(struct ieee80211_rx_data *rx)
388{ 402{
389 struct ieee80211_local *local = rx->local; 403 struct ieee80211_local *local = rx->local;
404 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
390 struct sk_buff *skb = rx->skb; 405 struct sk_buff *skb = rx->skb;
391 406
392 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning))) 407 if (likely(!(status->rx_flags & IEEE80211_RX_IN_SCAN) &&
393 return ieee80211_scan_rx(rx->sdata, skb); 408 !local->sched_scanning))
394 409 return RX_CONTINUE;
395 if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning) &&
396 (rx->flags & IEEE80211_RX_IN_SCAN))) {
397 /* drop all the other packets during a software scan anyway */
398 if (ieee80211_scan_rx(rx->sdata, skb) != RX_QUEUED)
399 dev_kfree_skb(skb);
400 return RX_QUEUED;
401 }
402 410
403 if (unlikely(rx->flags & IEEE80211_RX_IN_SCAN)) { 411 if (test_bit(SCAN_HW_SCANNING, &local->scanning) ||
404 /* scanning finished during invoking of handlers */ 412 test_bit(SCAN_SW_SCANNING, &local->scanning) ||
405 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan); 413 local->sched_scanning)
406 return RX_DROP_UNUSABLE; 414 return ieee80211_scan_rx(rx->sdata, skb);
407 }
408 415
409 return RX_CONTINUE; 416 /* scanning finished during invoking of handlers */
417 I802_DEBUG_INC(local->rx_handlers_drop_passive_scan);
418 return RX_DROP_UNUSABLE;
410} 419}
411 420
412 421
@@ -481,22 +490,26 @@ ieee80211_rx_mesh_check(struct ieee80211_rx_data *rx)
481 * establisment frame, beacon or probe, drop the frame. 490 * establisment frame, beacon or probe, drop the frame.
482 */ 491 */
483 492
484 if (!rx->sta || sta_plink_state(rx->sta) != PLINK_ESTAB) { 493 if (!rx->sta || sta_plink_state(rx->sta) != NL80211_PLINK_ESTAB) {
485 struct ieee80211_mgmt *mgmt; 494 struct ieee80211_mgmt *mgmt;
486 495
487 if (!ieee80211_is_mgmt(hdr->frame_control)) 496 if (!ieee80211_is_mgmt(hdr->frame_control))
488 return RX_DROP_MONITOR; 497 return RX_DROP_MONITOR;
489 498
490 if (ieee80211_is_action(hdr->frame_control)) { 499 if (ieee80211_is_action(hdr->frame_control)) {
500 u8 category;
491 mgmt = (struct ieee80211_mgmt *)hdr; 501 mgmt = (struct ieee80211_mgmt *)hdr;
492 if (mgmt->u.action.category != WLAN_CATEGORY_MESH_PLINK) 502 category = mgmt->u.action.category;
503 if (category != WLAN_CATEGORY_MESH_ACTION &&
504 category != WLAN_CATEGORY_SELF_PROTECTED)
493 return RX_DROP_MONITOR; 505 return RX_DROP_MONITOR;
494 return RX_CONTINUE; 506 return RX_CONTINUE;
495 } 507 }
496 508
497 if (ieee80211_is_probe_req(hdr->frame_control) || 509 if (ieee80211_is_probe_req(hdr->frame_control) ||
498 ieee80211_is_probe_resp(hdr->frame_control) || 510 ieee80211_is_probe_resp(hdr->frame_control) ||
499 ieee80211_is_beacon(hdr->frame_control)) 511 ieee80211_is_beacon(hdr->frame_control) ||
512 ieee80211_is_auth(hdr->frame_control))
500 return RX_CONTINUE; 513 return RX_CONTINUE;
501 514
502 return RX_DROP_MONITOR; 515 return RX_DROP_MONITOR;
@@ -535,26 +548,23 @@ static inline u16 seq_sub(u16 sq1, u16 sq2)
535 548
536static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw, 549static void ieee80211_release_reorder_frame(struct ieee80211_hw *hw,
537 struct tid_ampdu_rx *tid_agg_rx, 550 struct tid_ampdu_rx *tid_agg_rx,
538 int index, 551 int index)
539 struct sk_buff_head *frames)
540{ 552{
541 struct ieee80211_supported_band *sband; 553 struct ieee80211_local *local = hw_to_local(hw);
542 struct ieee80211_rate *rate = NULL;
543 struct sk_buff *skb = tid_agg_rx->reorder_buf[index]; 554 struct sk_buff *skb = tid_agg_rx->reorder_buf[index];
544 struct ieee80211_rx_status *status; 555 struct ieee80211_rx_status *status;
545 556
557 lockdep_assert_held(&tid_agg_rx->reorder_lock);
558
546 if (!skb) 559 if (!skb)
547 goto no_frame; 560 goto no_frame;
548 561
549 status = IEEE80211_SKB_RXCB(skb); 562 /* release the frame from the reorder ring buffer */
550
551 /* release the reordered frames to stack */
552 sband = hw->wiphy->bands[status->band];
553 if (!(status->flag & RX_FLAG_HT))
554 rate = &sband->bitrates[status->rate_idx];
555 tid_agg_rx->stored_mpdu_num--; 563 tid_agg_rx->stored_mpdu_num--;
556 tid_agg_rx->reorder_buf[index] = NULL; 564 tid_agg_rx->reorder_buf[index] = NULL;
557 __skb_queue_tail(frames, skb); 565 status = IEEE80211_SKB_RXCB(skb);
566 status->rx_flags |= IEEE80211_RX_DEFERRED_RELEASE;
567 skb_queue_tail(&local->rx_skb_queue, skb);
558 568
559no_frame: 569no_frame:
560 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); 570 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
@@ -562,15 +572,16 @@ no_frame:
562 572
563static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw, 573static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
564 struct tid_ampdu_rx *tid_agg_rx, 574 struct tid_ampdu_rx *tid_agg_rx,
565 u16 head_seq_num, 575 u16 head_seq_num)
566 struct sk_buff_head *frames)
567{ 576{
568 int index; 577 int index;
569 578
579 lockdep_assert_held(&tid_agg_rx->reorder_lock);
580
570 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) { 581 while (seq_less(tid_agg_rx->head_seq_num, head_seq_num)) {
571 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) % 582 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
572 tid_agg_rx->buf_size; 583 tid_agg_rx->buf_size;
573 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames); 584 ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
574 } 585 }
575} 586}
576 587
@@ -580,9 +591,79 @@ static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
580 * frames that have not yet been received are assumed to be lost and the skb 591 * frames that have not yet been received are assumed to be lost and the skb
581 * can be released for processing. This may also release other skb's from the 592 * can be released for processing. This may also release other skb's from the
582 * reorder buffer if there are no additional gaps between the frames. 593 * reorder buffer if there are no additional gaps between the frames.
594 *
595 * Callers must hold tid_agg_rx->reorder_lock.
583 */ 596 */
584#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10) 597#define HT_RX_REORDER_BUF_TIMEOUT (HZ / 10)
585 598
599static void ieee80211_sta_reorder_release(struct ieee80211_hw *hw,
600 struct tid_ampdu_rx *tid_agg_rx)
601{
602 int index, j;
603
604 lockdep_assert_held(&tid_agg_rx->reorder_lock);
605
606 /* release the buffer until next missing frame */
607 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
608 tid_agg_rx->buf_size;
609 if (!tid_agg_rx->reorder_buf[index] &&
610 tid_agg_rx->stored_mpdu_num > 1) {
611 /*
612 * No buffers ready to be released, but check whether any
613 * frames in the reorder buffer have timed out.
614 */
615 int skipped = 1;
616 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
617 j = (j + 1) % tid_agg_rx->buf_size) {
618 if (!tid_agg_rx->reorder_buf[j]) {
619 skipped++;
620 continue;
621 }
622 if (skipped &&
623 !time_after(jiffies, tid_agg_rx->reorder_time[j] +
624 HT_RX_REORDER_BUF_TIMEOUT))
625 goto set_release_timer;
626
627#ifdef CONFIG_MAC80211_HT_DEBUG
628 if (net_ratelimit())
629 wiphy_debug(hw->wiphy,
630 "release an RX reorder frame due to timeout on earlier frames\n");
631#endif
632 ieee80211_release_reorder_frame(hw, tid_agg_rx, j);
633
634 /*
635 * Increment the head seq# also for the skipped slots.
636 */
637 tid_agg_rx->head_seq_num =
638 (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK;
639 skipped = 0;
640 }
641 } else while (tid_agg_rx->reorder_buf[index]) {
642 ieee80211_release_reorder_frame(hw, tid_agg_rx, index);
643 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
644 tid_agg_rx->buf_size;
645 }
646
647 if (tid_agg_rx->stored_mpdu_num) {
648 j = index = seq_sub(tid_agg_rx->head_seq_num,
649 tid_agg_rx->ssn) % tid_agg_rx->buf_size;
650
651 for (; j != (index - 1) % tid_agg_rx->buf_size;
652 j = (j + 1) % tid_agg_rx->buf_size) {
653 if (tid_agg_rx->reorder_buf[j])
654 break;
655 }
656
657 set_release_timer:
658
659 mod_timer(&tid_agg_rx->reorder_timer,
660 tid_agg_rx->reorder_time[j] + 1 +
661 HT_RX_REORDER_BUF_TIMEOUT);
662 } else {
663 del_timer(&tid_agg_rx->reorder_timer);
664 }
665}
666
586/* 667/*
587 * As this function belongs to the RX path it must be under 668 * As this function belongs to the RX path it must be under
588 * rcu_read_lock protection. It returns false if the frame 669 * rcu_read_lock protection. It returns false if the frame
@@ -590,14 +671,16 @@ static void ieee80211_release_reorder_frames(struct ieee80211_hw *hw,
590 */ 671 */
591static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw, 672static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
592 struct tid_ampdu_rx *tid_agg_rx, 673 struct tid_ampdu_rx *tid_agg_rx,
593 struct sk_buff *skb, 674 struct sk_buff *skb)
594 struct sk_buff_head *frames)
595{ 675{
596 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 676 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
597 u16 sc = le16_to_cpu(hdr->seq_ctrl); 677 u16 sc = le16_to_cpu(hdr->seq_ctrl);
598 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4; 678 u16 mpdu_seq_num = (sc & IEEE80211_SCTL_SEQ) >> 4;
599 u16 head_seq_num, buf_size; 679 u16 head_seq_num, buf_size;
600 int index; 680 int index;
681 bool ret = true;
682
683 spin_lock(&tid_agg_rx->reorder_lock);
601 684
602 buf_size = tid_agg_rx->buf_size; 685 buf_size = tid_agg_rx->buf_size;
603 head_seq_num = tid_agg_rx->head_seq_num; 686 head_seq_num = tid_agg_rx->head_seq_num;
@@ -605,7 +688,7 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
605 /* frame with out of date sequence number */ 688 /* frame with out of date sequence number */
606 if (seq_less(mpdu_seq_num, head_seq_num)) { 689 if (seq_less(mpdu_seq_num, head_seq_num)) {
607 dev_kfree_skb(skb); 690 dev_kfree_skb(skb);
608 return true; 691 goto out;
609 } 692 }
610 693
611 /* 694 /*
@@ -615,8 +698,7 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
615 if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) { 698 if (!seq_less(mpdu_seq_num, head_seq_num + buf_size)) {
616 head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size)); 699 head_seq_num = seq_inc(seq_sub(mpdu_seq_num, buf_size));
617 /* release stored frames up to new head to stack */ 700 /* release stored frames up to new head to stack */
618 ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num, 701 ieee80211_release_reorder_frames(hw, tid_agg_rx, head_seq_num);
619 frames);
620 } 702 }
621 703
622 /* Now the new frame is always in the range of the reordering buffer */ 704 /* Now the new frame is always in the range of the reordering buffer */
@@ -626,76 +708,38 @@ static bool ieee80211_sta_manage_reorder_buf(struct ieee80211_hw *hw,
626 /* check if we already stored this frame */ 708 /* check if we already stored this frame */
627 if (tid_agg_rx->reorder_buf[index]) { 709 if (tid_agg_rx->reorder_buf[index]) {
628 dev_kfree_skb(skb); 710 dev_kfree_skb(skb);
629 return true; 711 goto out;
630 } 712 }
631 713
632 /* 714 /*
633 * If the current MPDU is in the right order and nothing else 715 * If the current MPDU is in the right order and nothing else
634 * is stored we can process it directly, no need to buffer it. 716 * is stored we can process it directly, no need to buffer it.
717 * If it is first but there's something stored, we may be able
718 * to release frames after this one.
635 */ 719 */
636 if (mpdu_seq_num == tid_agg_rx->head_seq_num && 720 if (mpdu_seq_num == tid_agg_rx->head_seq_num &&
637 tid_agg_rx->stored_mpdu_num == 0) { 721 tid_agg_rx->stored_mpdu_num == 0) {
638 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num); 722 tid_agg_rx->head_seq_num = seq_inc(tid_agg_rx->head_seq_num);
639 return false; 723 ret = false;
724 goto out;
640 } 725 }
641 726
642 /* put the frame in the reordering buffer */ 727 /* put the frame in the reordering buffer */
643 tid_agg_rx->reorder_buf[index] = skb; 728 tid_agg_rx->reorder_buf[index] = skb;
644 tid_agg_rx->reorder_time[index] = jiffies; 729 tid_agg_rx->reorder_time[index] = jiffies;
645 tid_agg_rx->stored_mpdu_num++; 730 tid_agg_rx->stored_mpdu_num++;
646 /* release the buffer until next missing frame */ 731 ieee80211_sta_reorder_release(hw, tid_agg_rx);
647 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
648 tid_agg_rx->buf_size;
649 if (!tid_agg_rx->reorder_buf[index] &&
650 tid_agg_rx->stored_mpdu_num > 1) {
651 /*
652 * No buffers ready to be released, but check whether any
653 * frames in the reorder buffer have timed out.
654 */
655 int j;
656 int skipped = 1;
657 for (j = (index + 1) % tid_agg_rx->buf_size; j != index;
658 j = (j + 1) % tid_agg_rx->buf_size) {
659 if (!tid_agg_rx->reorder_buf[j]) {
660 skipped++;
661 continue;
662 }
663 if (!time_after(jiffies, tid_agg_rx->reorder_time[j] +
664 HT_RX_REORDER_BUF_TIMEOUT))
665 break;
666
667#ifdef CONFIG_MAC80211_HT_DEBUG
668 if (net_ratelimit())
669 printk(KERN_DEBUG "%s: release an RX reorder "
670 "frame due to timeout on earlier "
671 "frames\n",
672 wiphy_name(hw->wiphy));
673#endif
674 ieee80211_release_reorder_frame(hw, tid_agg_rx,
675 j, frames);
676
677 /*
678 * Increment the head seq# also for the skipped slots.
679 */
680 tid_agg_rx->head_seq_num =
681 (tid_agg_rx->head_seq_num + skipped) & SEQ_MASK;
682 skipped = 0;
683 }
684 } else while (tid_agg_rx->reorder_buf[index]) {
685 ieee80211_release_reorder_frame(hw, tid_agg_rx, index, frames);
686 index = seq_sub(tid_agg_rx->head_seq_num, tid_agg_rx->ssn) %
687 tid_agg_rx->buf_size;
688 }
689 732
690 return true; 733 out:
734 spin_unlock(&tid_agg_rx->reorder_lock);
735 return ret;
691} 736}
692 737
693/* 738/*
694 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns 739 * Reorder MPDUs from A-MPDUs, keeping them on a buffer. Returns
695 * true if the MPDU was buffered, false if it should be processed. 740 * true if the MPDU was buffered, false if it should be processed.
696 */ 741 */
697static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx, 742static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx)
698 struct sk_buff_head *frames)
699{ 743{
700 struct sk_buff *skb = rx->skb; 744 struct sk_buff *skb = rx->skb;
701 struct ieee80211_local *local = rx->local; 745 struct ieee80211_local *local = rx->local;
@@ -750,28 +794,29 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
750 * sure that we cannot get to it any more before doing 794 * sure that we cannot get to it any more before doing
751 * anything with it. 795 * anything with it.
752 */ 796 */
753 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb, frames)) 797 if (ieee80211_sta_manage_reorder_buf(hw, tid_agg_rx, skb))
754 return; 798 return;
755 799
756 dont_reorder: 800 dont_reorder:
757 __skb_queue_tail(frames, skb); 801 skb_queue_tail(&local->rx_skb_queue, skb);
758} 802}
759 803
760static ieee80211_rx_result debug_noinline 804static ieee80211_rx_result debug_noinline
761ieee80211_rx_h_check(struct ieee80211_rx_data *rx) 805ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
762{ 806{
763 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 807 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
808 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
764 809
765 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */ 810 /* Drop duplicate 802.11 retransmissions (IEEE 802.11 Chap. 9.2.9) */
766 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) { 811 if (rx->sta && !is_multicast_ether_addr(hdr->addr1)) {
767 if (unlikely(ieee80211_has_retry(hdr->frame_control) && 812 if (unlikely(ieee80211_has_retry(hdr->frame_control) &&
768 rx->sta->last_seq_ctrl[rx->queue] == 813 rx->sta->last_seq_ctrl[rx->queue] ==
769 hdr->seq_ctrl)) { 814 hdr->seq_ctrl)) {
770 if (rx->flags & IEEE80211_RX_RA_MATCH) { 815 if (status->rx_flags & IEEE80211_RX_RA_MATCH) {
771 rx->local->dot11FrameDuplicateCount++; 816 rx->local->dot11FrameDuplicateCount++;
772 rx->sta->num_duplicates++; 817 rx->sta->num_duplicates++;
773 } 818 }
774 return RX_DROP_MONITOR; 819 return RX_DROP_UNUSABLE;
775 } else 820 } else
776 rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl; 821 rx->sta->last_seq_ctrl[rx->queue] = hdr->seq_ctrl;
777 } 822 }
@@ -796,18 +841,9 @@ ieee80211_rx_h_check(struct ieee80211_rx_data *rx)
796 if (unlikely((ieee80211_is_data(hdr->frame_control) || 841 if (unlikely((ieee80211_is_data(hdr->frame_control) ||
797 ieee80211_is_pspoll(hdr->frame_control)) && 842 ieee80211_is_pspoll(hdr->frame_control)) &&
798 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC && 843 rx->sdata->vif.type != NL80211_IFTYPE_ADHOC &&
799 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC)))) { 844 rx->sdata->vif.type != NL80211_IFTYPE_WDS &&
800 if ((!ieee80211_has_fromds(hdr->frame_control) && 845 (!rx->sta || !test_sta_flags(rx->sta, WLAN_STA_ASSOC))))
801 !ieee80211_has_tods(hdr->frame_control) &&
802 ieee80211_is_data(hdr->frame_control)) ||
803 !(rx->flags & IEEE80211_RX_RA_MATCH)) {
804 /* Drop IBSS frames and frames for other hosts
805 * silently. */
806 return RX_DROP_MONITOR;
807 }
808
809 return RX_DROP_MONITOR; 846 return RX_DROP_MONITOR;
810 }
811 847
812 return RX_CONTINUE; 848 return RX_CONTINUE;
813} 849}
@@ -822,7 +858,7 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
822 int keyidx; 858 int keyidx;
823 int hdrlen; 859 int hdrlen;
824 ieee80211_rx_result result = RX_DROP_UNUSABLE; 860 ieee80211_rx_result result = RX_DROP_UNUSABLE;
825 struct ieee80211_key *stakey = NULL; 861 struct ieee80211_key *sta_ptk = NULL;
826 int mmie_keyidx = -1; 862 int mmie_keyidx = -1;
827 __le16 fc; 863 __le16 fc;
828 864
@@ -857,22 +893,25 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
857 * No point in finding a key and decrypting if the frame is neither 893 * No point in finding a key and decrypting if the frame is neither
858 * addressed to us nor a multicast frame. 894 * addressed to us nor a multicast frame.
859 */ 895 */
860 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 896 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
861 return RX_CONTINUE; 897 return RX_CONTINUE;
862 898
863 /* start without a key */ 899 /* start without a key */
864 rx->key = NULL; 900 rx->key = NULL;
865 901
866 if (rx->sta) 902 if (rx->sta)
867 stakey = rcu_dereference(rx->sta->key); 903 sta_ptk = rcu_dereference(rx->sta->ptk);
868 904
869 fc = hdr->frame_control; 905 fc = hdr->frame_control;
870 906
871 if (!ieee80211_has_protected(fc)) 907 if (!ieee80211_has_protected(fc))
872 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb); 908 mmie_keyidx = ieee80211_get_mmie_keyidx(rx->skb);
873 909
874 if (!is_multicast_ether_addr(hdr->addr1) && stakey) { 910 if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
875 rx->key = stakey; 911 rx->key = sta_ptk;
912 if ((status->flag & RX_FLAG_DECRYPTED) &&
913 (status->flag & RX_FLAG_IV_STRIPPED))
914 return RX_CONTINUE;
876 /* Skip decryption if the frame is not protected. */ 915 /* Skip decryption if the frame is not protected. */
877 if (!ieee80211_has_protected(fc)) 916 if (!ieee80211_has_protected(fc))
878 return RX_CONTINUE; 917 return RX_CONTINUE;
@@ -885,7 +924,10 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
885 if (mmie_keyidx < NUM_DEFAULT_KEYS || 924 if (mmie_keyidx < NUM_DEFAULT_KEYS ||
886 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS) 925 mmie_keyidx >= NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS)
887 return RX_DROP_MONITOR; /* unexpected BIP keyidx */ 926 return RX_DROP_MONITOR; /* unexpected BIP keyidx */
888 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]); 927 if (rx->sta)
928 rx->key = rcu_dereference(rx->sta->gtk[mmie_keyidx]);
929 if (!rx->key)
930 rx->key = rcu_dereference(rx->sdata->keys[mmie_keyidx]);
889 } else if (!ieee80211_has_protected(fc)) { 931 } else if (!ieee80211_has_protected(fc)) {
890 /* 932 /*
891 * The frame was not protected, so skip decryption. However, we 933 * The frame was not protected, so skip decryption. However, we
@@ -894,12 +936,31 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
894 * have been expected. 936 * have been expected.
895 */ 937 */
896 struct ieee80211_key *key = NULL; 938 struct ieee80211_key *key = NULL;
939 struct ieee80211_sub_if_data *sdata = rx->sdata;
940 int i;
941
897 if (ieee80211_is_mgmt(fc) && 942 if (ieee80211_is_mgmt(fc) &&
898 is_multicast_ether_addr(hdr->addr1) && 943 is_multicast_ether_addr(hdr->addr1) &&
899 (key = rcu_dereference(rx->sdata->default_mgmt_key))) 944 (key = rcu_dereference(rx->sdata->default_mgmt_key)))
900 rx->key = key; 945 rx->key = key;
901 else if ((key = rcu_dereference(rx->sdata->default_key))) 946 else {
902 rx->key = key; 947 if (rx->sta) {
948 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
949 key = rcu_dereference(rx->sta->gtk[i]);
950 if (key)
951 break;
952 }
953 }
954 if (!key) {
955 for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
956 key = rcu_dereference(sdata->keys[i]);
957 if (key)
958 break;
959 }
960 }
961 if (key)
962 rx->key = key;
963 }
903 return RX_CONTINUE; 964 return RX_CONTINUE;
904 } else { 965 } else {
905 u8 keyid; 966 u8 keyid;
@@ -928,16 +989,25 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
928 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1); 989 skb_copy_bits(rx->skb, hdrlen + 3, &keyid, 1);
929 keyidx = keyid >> 6; 990 keyidx = keyid >> 6;
930 991
931 rx->key = rcu_dereference(rx->sdata->keys[keyidx]); 992 /* check per-station GTK first, if multicast packet */
993 if (is_multicast_ether_addr(hdr->addr1) && rx->sta)
994 rx->key = rcu_dereference(rx->sta->gtk[keyidx]);
932 995
933 /* 996 /* if not found, try default key */
934 * RSNA-protected unicast frames should always be sent with 997 if (!rx->key) {
935 * pairwise or station-to-station keys, but for WEP we allow 998 rx->key = rcu_dereference(rx->sdata->keys[keyidx]);
936 * using a key index as well. 999
937 */ 1000 /*
938 if (rx->key && rx->key->conf.alg != ALG_WEP && 1001 * RSNA-protected unicast frames should always be
939 !is_multicast_ether_addr(hdr->addr1)) 1002 * sent with pairwise or station-to-station keys,
940 rx->key = NULL; 1003 * but for WEP we allow using a key index as well.
1004 */
1005 if (rx->key &&
1006 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP40 &&
1007 rx->key->conf.cipher != WLAN_CIPHER_SUITE_WEP104 &&
1008 !is_multicast_ether_addr(hdr->addr1))
1009 rx->key = NULL;
1010 }
941 } 1011 }
942 1012
943 if (rx->key) { 1013 if (rx->key) {
@@ -951,8 +1021,9 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
951 return RX_DROP_UNUSABLE; 1021 return RX_DROP_UNUSABLE;
952 /* the hdr variable is invalid now! */ 1022 /* the hdr variable is invalid now! */
953 1023
954 switch (rx->key->conf.alg) { 1024 switch (rx->key->conf.cipher) {
955 case ALG_WEP: 1025 case WLAN_CIPHER_SUITE_WEP40:
1026 case WLAN_CIPHER_SUITE_WEP104:
956 /* Check for weak IVs if possible */ 1027 /* Check for weak IVs if possible */
957 if (rx->sta && ieee80211_is_data(fc) && 1028 if (rx->sta && ieee80211_is_data(fc) &&
958 (!(status->flag & RX_FLAG_IV_STRIPPED) || 1029 (!(status->flag & RX_FLAG_IV_STRIPPED) ||
@@ -962,15 +1033,21 @@ ieee80211_rx_h_decrypt(struct ieee80211_rx_data *rx)
962 1033
963 result = ieee80211_crypto_wep_decrypt(rx); 1034 result = ieee80211_crypto_wep_decrypt(rx);
964 break; 1035 break;
965 case ALG_TKIP: 1036 case WLAN_CIPHER_SUITE_TKIP:
966 result = ieee80211_crypto_tkip_decrypt(rx); 1037 result = ieee80211_crypto_tkip_decrypt(rx);
967 break; 1038 break;
968 case ALG_CCMP: 1039 case WLAN_CIPHER_SUITE_CCMP:
969 result = ieee80211_crypto_ccmp_decrypt(rx); 1040 result = ieee80211_crypto_ccmp_decrypt(rx);
970 break; 1041 break;
971 case ALG_AES_CMAC: 1042 case WLAN_CIPHER_SUITE_AES_CMAC:
972 result = ieee80211_crypto_aes_cmac_decrypt(rx); 1043 result = ieee80211_crypto_aes_cmac_decrypt(rx);
973 break; 1044 break;
1045 default:
1046 /*
1047 * We can reach here only with HW-only algorithms
1048 * but why didn't it decrypt the frame?!
1049 */
1050 return RX_DROP_UNUSABLE;
974 } 1051 }
975 1052
976 /* either the frame has been decrypted or will be dropped */ 1053 /* either the frame has been decrypted or will be dropped */
@@ -1019,7 +1096,8 @@ static void ap_sta_ps_start(struct sta_info *sta)
1019 1096
1020 atomic_inc(&sdata->bss->num_sta_ps); 1097 atomic_inc(&sdata->bss->num_sta_ps);
1021 set_sta_flags(sta, WLAN_STA_PS_STA); 1098 set_sta_flags(sta, WLAN_STA_PS_STA);
1022 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta); 1099 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1100 drv_sta_notify(local, sdata, STA_NOTIFY_SLEEP, &sta->sta);
1023#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1101#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1024 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n", 1102 printk(KERN_DEBUG "%s: STA %pM aid %d enters power save mode\n",
1025 sdata->name, sta->sta.addr, sta->sta.aid); 1103 sdata->name, sta->sta.addr, sta->sta.aid);
@@ -1032,8 +1110,6 @@ static void ap_sta_ps_end(struct sta_info *sta)
1032 1110
1033 atomic_dec(&sdata->bss->num_sta_ps); 1111 atomic_dec(&sdata->bss->num_sta_ps);
1034 1112
1035 clear_sta_flags(sta, WLAN_STA_PS_STA);
1036
1037#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 1113#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1038 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n", 1114 printk(KERN_DEBUG "%s: STA %pM aid %d exits power save mode\n",
1039 sdata->name, sta->sta.addr, sta->sta.aid); 1115 sdata->name, sta->sta.addr, sta->sta.aid);
@@ -1050,6 +1126,27 @@ static void ap_sta_ps_end(struct sta_info *sta)
1050 ieee80211_sta_ps_deliver_wakeup(sta); 1126 ieee80211_sta_ps_deliver_wakeup(sta);
1051} 1127}
1052 1128
1129int ieee80211_sta_ps_transition(struct ieee80211_sta *sta, bool start)
1130{
1131 struct sta_info *sta_inf = container_of(sta, struct sta_info, sta);
1132 bool in_ps;
1133
1134 WARN_ON(!(sta_inf->local->hw.flags & IEEE80211_HW_AP_LINK_PS));
1135
1136 /* Don't let the same PS state be set twice */
1137 in_ps = test_sta_flags(sta_inf, WLAN_STA_PS_STA);
1138 if ((start && in_ps) || (!start && !in_ps))
1139 return -EINVAL;
1140
1141 if (start)
1142 ap_sta_ps_start(sta_inf);
1143 else
1144 ap_sta_ps_end(sta_inf);
1145
1146 return 0;
1147}
1148EXPORT_SYMBOL(ieee80211_sta_ps_transition);
1149
1053static ieee80211_rx_result debug_noinline 1150static ieee80211_rx_result debug_noinline
1054ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx) 1151ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1055{ 1152{
@@ -1069,17 +1166,26 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1069 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) { 1166 if (rx->sdata->vif.type == NL80211_IFTYPE_ADHOC) {
1070 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len, 1167 u8 *bssid = ieee80211_get_bssid(hdr, rx->skb->len,
1071 NL80211_IFTYPE_ADHOC); 1168 NL80211_IFTYPE_ADHOC);
1072 if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0) 1169 if (compare_ether_addr(bssid, rx->sdata->u.ibss.bssid) == 0) {
1073 sta->last_rx = jiffies; 1170 sta->last_rx = jiffies;
1171 if (ieee80211_is_data(hdr->frame_control)) {
1172 sta->last_rx_rate_idx = status->rate_idx;
1173 sta->last_rx_rate_flag = status->flag;
1174 }
1175 }
1074 } else if (!is_multicast_ether_addr(hdr->addr1)) { 1176 } else if (!is_multicast_ether_addr(hdr->addr1)) {
1075 /* 1177 /*
1076 * Mesh beacons will update last_rx when if they are found to 1178 * Mesh beacons will update last_rx when if they are found to
1077 * match the current local configuration when processed. 1179 * match the current local configuration when processed.
1078 */ 1180 */
1079 sta->last_rx = jiffies; 1181 sta->last_rx = jiffies;
1182 if (ieee80211_is_data(hdr->frame_control)) {
1183 sta->last_rx_rate_idx = status->rate_idx;
1184 sta->last_rx_rate_flag = status->flag;
1185 }
1080 } 1186 }
1081 1187
1082 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 1188 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1083 return RX_CONTINUE; 1189 return RX_CONTINUE;
1084 1190
1085 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION) 1191 if (rx->sdata->vif.type == NL80211_IFTYPE_STATION)
@@ -1088,12 +1194,15 @@ ieee80211_rx_h_sta_process(struct ieee80211_rx_data *rx)
1088 sta->rx_fragments++; 1194 sta->rx_fragments++;
1089 sta->rx_bytes += rx->skb->len; 1195 sta->rx_bytes += rx->skb->len;
1090 sta->last_signal = status->signal; 1196 sta->last_signal = status->signal;
1197 ewma_add(&sta->avg_signal, -status->signal);
1091 1198
1092 /* 1199 /*
1093 * Change STA power saving mode only at the end of a frame 1200 * Change STA power saving mode only at the end of a frame
1094 * exchange sequence. 1201 * exchange sequence.
1095 */ 1202 */
1096 if (!ieee80211_has_morefrags(hdr->frame_control) && 1203 if (!(sta->local->hw.flags & IEEE80211_HW_AP_LINK_PS) &&
1204 !ieee80211_has_morefrags(hdr->frame_control) &&
1205 !(status->rx_flags & IEEE80211_RX_DEFERRED_RELEASE) &&
1097 (rx->sdata->vif.type == NL80211_IFTYPE_AP || 1206 (rx->sdata->vif.type == NL80211_IFTYPE_AP ||
1098 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) { 1207 rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)) {
1099 if (test_sta_flags(sta, WLAN_STA_PS_STA)) { 1208 if (test_sta_flags(sta, WLAN_STA_PS_STA)) {
@@ -1236,6 +1345,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1236 unsigned int frag, seq; 1345 unsigned int frag, seq;
1237 struct ieee80211_fragment_entry *entry; 1346 struct ieee80211_fragment_entry *entry;
1238 struct sk_buff *skb; 1347 struct sk_buff *skb;
1348 struct ieee80211_rx_status *status;
1239 1349
1240 hdr = (struct ieee80211_hdr *)rx->skb->data; 1350 hdr = (struct ieee80211_hdr *)rx->skb->data;
1241 fc = hdr->frame_control; 1351 fc = hdr->frame_control;
@@ -1265,7 +1375,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1265 /* This is the first fragment of a new frame. */ 1375 /* This is the first fragment of a new frame. */
1266 entry = ieee80211_reassemble_add(rx->sdata, frag, seq, 1376 entry = ieee80211_reassemble_add(rx->sdata, frag, seq,
1267 rx->queue, &(rx->skb)); 1377 rx->queue, &(rx->skb));
1268 if (rx->key && rx->key->conf.alg == ALG_CCMP && 1378 if (rx->key && rx->key->conf.cipher == WLAN_CIPHER_SUITE_CCMP &&
1269 ieee80211_has_protected(fc)) { 1379 ieee80211_has_protected(fc)) {
1270 int queue = ieee80211_is_mgmt(fc) ? 1380 int queue = ieee80211_is_mgmt(fc) ?
1271 NUM_RX_DATA_QUEUES : rx->queue; 1381 NUM_RX_DATA_QUEUES : rx->queue;
@@ -1294,7 +1404,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1294 int i; 1404 int i;
1295 u8 pn[CCMP_PN_LEN], *rpn; 1405 u8 pn[CCMP_PN_LEN], *rpn;
1296 int queue; 1406 int queue;
1297 if (!rx->key || rx->key->conf.alg != ALG_CCMP) 1407 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_CCMP)
1298 return RX_DROP_UNUSABLE; 1408 return RX_DROP_UNUSABLE;
1299 memcpy(pn, entry->last_pn, CCMP_PN_LEN); 1409 memcpy(pn, entry->last_pn, CCMP_PN_LEN);
1300 for (i = CCMP_PN_LEN - 1; i >= 0; i--) { 1410 for (i = CCMP_PN_LEN - 1; i >= 0; i--) {
@@ -1335,7 +1445,8 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
1335 } 1445 }
1336 1446
1337 /* Complete frame has been reassembled - process it now */ 1447 /* Complete frame has been reassembled - process it now */
1338 rx->flags |= IEEE80211_RX_FRAGMENTED; 1448 status = IEEE80211_SKB_RXCB(rx->skb);
1449 status->rx_flags |= IEEE80211_RX_FRAGMENTED;
1339 1450
1340 out: 1451 out:
1341 if (rx->sta) 1452 if (rx->sta)
@@ -1352,9 +1463,10 @@ ieee80211_rx_h_ps_poll(struct ieee80211_rx_data *rx)
1352{ 1463{
1353 struct ieee80211_sub_if_data *sdata = rx->sdata; 1464 struct ieee80211_sub_if_data *sdata = rx->sdata;
1354 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control; 1465 __le16 fc = ((struct ieee80211_hdr *)rx->skb->data)->frame_control;
1466 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1355 1467
1356 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) || 1468 if (likely(!rx->sta || !ieee80211_is_pspoll(fc) ||
1357 !(rx->flags & IEEE80211_RX_RA_MATCH))) 1469 !(status->rx_flags & IEEE80211_RX_RA_MATCH)))
1358 return RX_CONTINUE; 1470 return RX_CONTINUE;
1359 1471
1360 if ((sdata->vif.type != NL80211_IFTYPE_AP) && 1472 if ((sdata->vif.type != NL80211_IFTYPE_AP) &&
@@ -1442,12 +1554,30 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1442 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) { 1554 if (rx->sta && test_sta_flags(rx->sta, WLAN_STA_MFP)) {
1443 if (unlikely(!ieee80211_has_protected(fc) && 1555 if (unlikely(!ieee80211_has_protected(fc) &&
1444 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) && 1556 ieee80211_is_unicast_robust_mgmt_frame(rx->skb) &&
1445 rx->key)) 1557 rx->key)) {
1558 if (ieee80211_is_deauth(fc))
1559 cfg80211_send_unprot_deauth(rx->sdata->dev,
1560 rx->skb->data,
1561 rx->skb->len);
1562 else if (ieee80211_is_disassoc(fc))
1563 cfg80211_send_unprot_disassoc(rx->sdata->dev,
1564 rx->skb->data,
1565 rx->skb->len);
1446 return -EACCES; 1566 return -EACCES;
1567 }
1447 /* BIP does not use Protected field, so need to check MMIE */ 1568 /* BIP does not use Protected field, so need to check MMIE */
1448 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) && 1569 if (unlikely(ieee80211_is_multicast_robust_mgmt_frame(rx->skb) &&
1449 ieee80211_get_mmie_keyidx(rx->skb) < 0)) 1570 ieee80211_get_mmie_keyidx(rx->skb) < 0)) {
1571 if (ieee80211_is_deauth(fc))
1572 cfg80211_send_unprot_deauth(rx->sdata->dev,
1573 rx->skb->data,
1574 rx->skb->len);
1575 else if (ieee80211_is_disassoc(fc))
1576 cfg80211_send_unprot_disassoc(rx->sdata->dev,
1577 rx->skb->data,
1578 rx->skb->len);
1450 return -EACCES; 1579 return -EACCES;
1580 }
1451 /* 1581 /*
1452 * When using MFP, Action frames are not allowed prior to 1582 * When using MFP, Action frames are not allowed prior to
1453 * having configured keys. 1583 * having configured keys.
@@ -1462,21 +1592,43 @@ ieee80211_drop_unencrypted_mgmt(struct ieee80211_rx_data *rx)
1462} 1592}
1463 1593
1464static int 1594static int
1465__ieee80211_data_to_8023(struct ieee80211_rx_data *rx) 1595__ieee80211_data_to_8023(struct ieee80211_rx_data *rx, bool *port_control)
1466{ 1596{
1467 struct ieee80211_sub_if_data *sdata = rx->sdata; 1597 struct ieee80211_sub_if_data *sdata = rx->sdata;
1468 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1598 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1599 bool check_port_control = false;
1600 struct ethhdr *ehdr;
1601 int ret;
1469 1602
1603 *port_control = false;
1470 if (ieee80211_has_a4(hdr->frame_control) && 1604 if (ieee80211_has_a4(hdr->frame_control) &&
1471 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta) 1605 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && !sdata->u.vlan.sta)
1472 return -1; 1606 return -1;
1473 1607
1608 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1609 !!sdata->u.mgd.use_4addr != !!ieee80211_has_a4(hdr->frame_control)) {
1610
1611 if (!sdata->u.mgd.use_4addr)
1612 return -1;
1613 else
1614 check_port_control = true;
1615 }
1616
1474 if (is_multicast_ether_addr(hdr->addr1) && 1617 if (is_multicast_ether_addr(hdr->addr1) &&
1475 ((sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta) || 1618 sdata->vif.type == NL80211_IFTYPE_AP_VLAN && sdata->u.vlan.sta)
1476 (sdata->vif.type == NL80211_IFTYPE_STATION && sdata->u.mgd.use_4addr))) 1619 return -1;
1620
1621 ret = ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type);
1622 if (ret < 0)
1623 return ret;
1624
1625 ehdr = (struct ethhdr *) rx->skb->data;
1626 if (ehdr->h_proto == rx->sdata->control_port_protocol)
1627 *port_control = true;
1628 else if (check_port_control)
1477 return -1; 1629 return -1;
1478 1630
1479 return ieee80211_data_to_8023(rx->skb, sdata->vif.addr, sdata->vif.type); 1631 return 0;
1480} 1632}
1481 1633
1482/* 1634/*
@@ -1492,7 +1644,7 @@ static bool ieee80211_frame_allowed(struct ieee80211_rx_data *rx, __le16 fc)
1492 * Allow EAPOL frames to us/the PAE group address regardless 1644 * Allow EAPOL frames to us/the PAE group address regardless
1493 * of whether the frame was encrypted or not. 1645 * of whether the frame was encrypted or not.
1494 */ 1646 */
1495 if (ehdr->h_proto == htons(ETH_P_PAE) && 1647 if (ehdr->h_proto == rx->sdata->control_port_protocol &&
1496 (compare_ether_addr(ehdr->h_dest, rx->sdata->vif.addr) == 0 || 1648 (compare_ether_addr(ehdr->h_dest, rx->sdata->vif.addr) == 0 ||
1497 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0)) 1649 compare_ether_addr(ehdr->h_dest, pae_group_addr) == 0))
1498 return true; 1650 return true;
@@ -1515,6 +1667,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1515 struct sk_buff *skb, *xmit_skb; 1667 struct sk_buff *skb, *xmit_skb;
1516 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data; 1668 struct ethhdr *ehdr = (struct ethhdr *) rx->skb->data;
1517 struct sta_info *dsta; 1669 struct sta_info *dsta;
1670 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1518 1671
1519 skb = rx->skb; 1672 skb = rx->skb;
1520 xmit_skb = NULL; 1673 xmit_skb = NULL;
@@ -1522,7 +1675,7 @@ ieee80211_deliver_skb(struct ieee80211_rx_data *rx)
1522 if ((sdata->vif.type == NL80211_IFTYPE_AP || 1675 if ((sdata->vif.type == NL80211_IFTYPE_AP ||
1523 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) && 1676 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) &&
1524 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) && 1677 !(sdata->flags & IEEE80211_SDATA_DONT_BRIDGE_PACKETS) &&
1525 (rx->flags & IEEE80211_RX_RA_MATCH) && 1678 (status->rx_flags & IEEE80211_RX_RA_MATCH) &&
1526 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) { 1679 (sdata->vif.type != NL80211_IFTYPE_AP_VLAN || !sdata->u.vlan.sta)) {
1527 if (is_multicast_ether_addr(ehdr->h_dest)) { 1680 if (is_multicast_ether_addr(ehdr->h_dest)) {
1528 /* 1681 /*
@@ -1599,6 +1752,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1599 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1752 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1600 __le16 fc = hdr->frame_control; 1753 __le16 fc = hdr->frame_control;
1601 struct sk_buff_head frame_list; 1754 struct sk_buff_head frame_list;
1755 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1602 1756
1603 if (unlikely(!ieee80211_is_data(fc))) 1757 if (unlikely(!ieee80211_is_data(fc)))
1604 return RX_CONTINUE; 1758 return RX_CONTINUE;
@@ -1606,7 +1760,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1606 if (unlikely(!ieee80211_is_data_present(fc))) 1760 if (unlikely(!ieee80211_is_data_present(fc)))
1607 return RX_DROP_MONITOR; 1761 return RX_DROP_MONITOR;
1608 1762
1609 if (!(rx->flags & IEEE80211_RX_AMSDU)) 1763 if (!(status->rx_flags & IEEE80211_RX_AMSDU))
1610 return RX_CONTINUE; 1764 return RX_CONTINUE;
1611 1765
1612 if (ieee80211_has_a4(hdr->frame_control) && 1766 if (ieee80211_has_a4(hdr->frame_control) &&
@@ -1629,7 +1783,7 @@ ieee80211_rx_h_amsdu(struct ieee80211_rx_data *rx)
1629 1783
1630 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr, 1784 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr,
1631 rx->sdata->vif.type, 1785 rx->sdata->vif.type,
1632 rx->local->hw.extra_tx_headroom); 1786 rx->local->hw.extra_tx_headroom, true);
1633 1787
1634 while (!skb_queue_empty(&frame_list)) { 1788 while (!skb_queue_empty(&frame_list)) {
1635 rx->skb = __skb_dequeue(&frame_list); 1789 rx->skb = __skb_dequeue(&frame_list);
@@ -1657,6 +1811,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1657 struct sk_buff *skb = rx->skb, *fwd_skb; 1811 struct sk_buff *skb = rx->skb, *fwd_skb;
1658 struct ieee80211_local *local = rx->local; 1812 struct ieee80211_local *local = rx->local;
1659 struct ieee80211_sub_if_data *sdata = rx->sdata; 1813 struct ieee80211_sub_if_data *sdata = rx->sdata;
1814 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
1660 1815
1661 hdr = (struct ieee80211_hdr *) skb->data; 1816 hdr = (struct ieee80211_hdr *) skb->data;
1662 hdrlen = ieee80211_hdrlen(hdr->frame_control); 1817 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -1702,7 +1857,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1702 1857
1703 mesh_hdr->ttl--; 1858 mesh_hdr->ttl--;
1704 1859
1705 if (rx->flags & IEEE80211_RX_RA_MATCH) { 1860 if (status->rx_flags & IEEE80211_RX_RA_MATCH) {
1706 if (!mesh_hdr->ttl) 1861 if (!mesh_hdr->ttl)
1707 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh, 1862 IEEE80211_IFSTA_MESH_CTR_INC(&rx->sdata->u.mesh,
1708 dropped_frames_ttl); 1863 dropped_frames_ttl);
@@ -1715,6 +1870,8 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1715 if (!fwd_skb && net_ratelimit()) 1870 if (!fwd_skb && net_ratelimit())
1716 printk(KERN_DEBUG "%s: failed to clone mesh frame\n", 1871 printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
1717 sdata->name); 1872 sdata->name);
1873 if (!fwd_skb)
1874 goto out;
1718 1875
1719 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data; 1876 fwd_hdr = (struct ieee80211_hdr *) fwd_skb->data;
1720 memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN); 1877 memcpy(fwd_hdr->addr2, sdata->vif.addr, ETH_ALEN);
@@ -1752,6 +1909,7 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
1752 } 1909 }
1753 } 1910 }
1754 1911
1912 out:
1755 if (is_multicast_ether_addr(hdr->addr1) || 1913 if (is_multicast_ether_addr(hdr->addr1) ||
1756 sdata->dev->flags & IFF_PROMISC) 1914 sdata->dev->flags & IFF_PROMISC)
1757 return RX_CONTINUE; 1915 return RX_CONTINUE;
@@ -1768,6 +1926,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1768 struct net_device *dev = sdata->dev; 1926 struct net_device *dev = sdata->dev;
1769 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1927 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data;
1770 __le16 fc = hdr->frame_control; 1928 __le16 fc = hdr->frame_control;
1929 bool port_control;
1771 int err; 1930 int err;
1772 1931
1773 if (unlikely(!ieee80211_is_data(hdr->frame_control))) 1932 if (unlikely(!ieee80211_is_data(hdr->frame_control)))
@@ -1784,21 +1943,31 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1784 sdata->vif.type == NL80211_IFTYPE_AP) 1943 sdata->vif.type == NL80211_IFTYPE_AP)
1785 return RX_DROP_MONITOR; 1944 return RX_DROP_MONITOR;
1786 1945
1787 err = __ieee80211_data_to_8023(rx); 1946 err = __ieee80211_data_to_8023(rx, &port_control);
1788 if (unlikely(err)) 1947 if (unlikely(err))
1789 return RX_DROP_UNUSABLE; 1948 return RX_DROP_UNUSABLE;
1790 1949
1791 if (!ieee80211_frame_allowed(rx, fc)) 1950 if (!ieee80211_frame_allowed(rx, fc))
1792 return RX_DROP_MONITOR; 1951 return RX_DROP_MONITOR;
1793 1952
1953 if (rx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1954 unlikely(port_control) && sdata->bss) {
1955 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
1956 u.ap);
1957 dev = sdata->dev;
1958 rx->sdata = sdata;
1959 }
1960
1794 rx->skb->dev = dev; 1961 rx->skb->dev = dev;
1795 1962
1796 dev->stats.rx_packets++; 1963 dev->stats.rx_packets++;
1797 dev->stats.rx_bytes += rx->skb->len; 1964 dev->stats.rx_bytes += rx->skb->len;
1798 1965
1799 if (ieee80211_is_data(hdr->frame_control) && 1966 if (local->ps_sdata && local->hw.conf.dynamic_ps_timeout > 0 &&
1800 !is_multicast_ether_addr(hdr->addr1) && 1967 !is_multicast_ether_addr(
1801 local->hw.conf.dynamic_ps_timeout > 0 && local->ps_sdata) { 1968 ((struct ethhdr *)rx->skb->data)->h_dest) &&
1969 (!local->scanning &&
1970 !test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))) {
1802 mod_timer(&local->dynamic_ps_timer, jiffies + 1971 mod_timer(&local->dynamic_ps_timer, jiffies +
1803 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 1972 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
1804 } 1973 }
@@ -1809,7 +1978,7 @@ ieee80211_rx_h_data(struct ieee80211_rx_data *rx)
1809} 1978}
1810 1979
1811static ieee80211_rx_result debug_noinline 1980static ieee80211_rx_result debug_noinline
1812ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames) 1981ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx)
1813{ 1982{
1814 struct ieee80211_local *local = rx->local; 1983 struct ieee80211_local *local = rx->local;
1815 struct ieee80211_hw *hw = &local->hw; 1984 struct ieee80211_hw *hw = &local->hw;
@@ -1847,9 +2016,11 @@ ieee80211_rx_h_ctrl(struct ieee80211_rx_data *rx, struct sk_buff_head *frames)
1847 mod_timer(&tid_agg_rx->session_timer, 2016 mod_timer(&tid_agg_rx->session_timer,
1848 TU_TO_EXP_TIME(tid_agg_rx->timeout)); 2017 TU_TO_EXP_TIME(tid_agg_rx->timeout));
1849 2018
2019 spin_lock(&tid_agg_rx->reorder_lock);
1850 /* release stored frames up to start of BAR */ 2020 /* release stored frames up to start of BAR */
1851 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num, 2021 ieee80211_release_reorder_frames(hw, tid_agg_rx, start_seq_num);
1852 frames); 2022 spin_unlock(&tid_agg_rx->reorder_lock);
2023
1853 kfree_skb(skb); 2024 kfree_skb(skb);
1854 return RX_QUEUED; 2025 return RX_QUEUED;
1855 } 2026 }
@@ -1909,13 +2080,38 @@ static void ieee80211_process_sa_query_req(struct ieee80211_sub_if_data *sdata,
1909} 2080}
1910 2081
1911static ieee80211_rx_result debug_noinline 2082static ieee80211_rx_result debug_noinline
2083ieee80211_rx_h_mgmt_check(struct ieee80211_rx_data *rx)
2084{
2085 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2086 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2087
2088 /*
2089 * From here on, look only at management frames.
2090 * Data and control frames are already handled,
2091 * and unknown (reserved) frames are useless.
2092 */
2093 if (rx->skb->len < 24)
2094 return RX_DROP_MONITOR;
2095
2096 if (!ieee80211_is_mgmt(mgmt->frame_control))
2097 return RX_DROP_MONITOR;
2098
2099 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
2100 return RX_DROP_MONITOR;
2101
2102 if (ieee80211_drop_unencrypted_mgmt(rx))
2103 return RX_DROP_UNUSABLE;
2104
2105 return RX_CONTINUE;
2106}
2107
2108static ieee80211_rx_result debug_noinline
1912ieee80211_rx_h_action(struct ieee80211_rx_data *rx) 2109ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1913{ 2110{
1914 struct ieee80211_local *local = rx->local; 2111 struct ieee80211_local *local = rx->local;
1915 struct ieee80211_sub_if_data *sdata = rx->sdata; 2112 struct ieee80211_sub_if_data *sdata = rx->sdata;
1916 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data; 2113 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
1917 struct sk_buff *nskb; 2114 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
1918 struct ieee80211_rx_status *status;
1919 int len = rx->skb->len; 2115 int len = rx->skb->len;
1920 2116
1921 if (!ieee80211_is_action(mgmt->frame_control)) 2117 if (!ieee80211_is_action(mgmt->frame_control))
@@ -1928,10 +2124,7 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
1928 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC) 2124 if (!rx->sta && mgmt->u.action.category != WLAN_CATEGORY_PUBLIC)
1929 return RX_DROP_UNUSABLE; 2125 return RX_DROP_UNUSABLE;
1930 2126
1931 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 2127 if (!(status->rx_flags & IEEE80211_RX_RA_MATCH))
1932 return RX_DROP_UNUSABLE;
1933
1934 if (ieee80211_drop_unencrypted_mgmt(rx))
1935 return RX_DROP_UNUSABLE; 2128 return RX_DROP_UNUSABLE;
1936 2129
1937 switch (mgmt->u.action.category) { 2130 switch (mgmt->u.action.category) {
@@ -2017,24 +2210,46 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2017 goto handled; 2210 goto handled;
2018 } 2211 }
2019 break; 2212 break;
2020 case WLAN_CATEGORY_MESH_PLINK: 2213 case WLAN_CATEGORY_MESH_ACTION:
2021 case WLAN_CATEGORY_MESH_PATH_SEL:
2022 if (!ieee80211_vif_is_mesh(&sdata->vif)) 2214 if (!ieee80211_vif_is_mesh(&sdata->vif))
2023 break; 2215 break;
2024 goto queue; 2216 goto queue;
2217 case WLAN_CATEGORY_MESH_PATH_SEL:
2218 if (!mesh_path_sel_is_hwmp(sdata))
2219 break;
2220 goto queue;
2025 } 2221 }
2026 2222
2223 return RX_CONTINUE;
2224
2027 invalid: 2225 invalid:
2028 /* 2226 status->rx_flags |= IEEE80211_RX_MALFORMED_ACTION_FRM;
2029 * For AP mode, hostapd is responsible for handling any action 2227 /* will return in the next handlers */
2030 * frames that we didn't handle, including returning unknown 2228 return RX_CONTINUE;
2031 * ones. For all other modes we will return them to the sender, 2229
2032 * setting the 0x80 bit in the action category, as required by 2230 handled:
2033 * 802.11-2007 7.3.1.11. 2231 if (rx->sta)
2034 */ 2232 rx->sta->rx_packets++;
2035 if (sdata->vif.type == NL80211_IFTYPE_AP || 2233 dev_kfree_skb(rx->skb);
2036 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 2234 return RX_QUEUED;
2037 return RX_DROP_MONITOR; 2235
2236 queue:
2237 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2238 skb_queue_tail(&sdata->skb_queue, rx->skb);
2239 ieee80211_queue_work(&local->hw, &sdata->work);
2240 if (rx->sta)
2241 rx->sta->rx_packets++;
2242 return RX_QUEUED;
2243}
2244
2245static ieee80211_rx_result debug_noinline
2246ieee80211_rx_h_userspace_mgmt(struct ieee80211_rx_data *rx)
2247{
2248 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2249
2250 /* skip known-bad action frames and return them in the next handler */
2251 if (status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM)
2252 return RX_CONTINUE;
2038 2253
2039 /* 2254 /*
2040 * Getting here means the kernel doesn't know how to handle 2255 * Getting here means the kernel doesn't know how to handle
@@ -2042,12 +2257,46 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2042 * so userspace can register for those to know whether ones 2257 * so userspace can register for those to know whether ones
2043 * it transmitted were processed or returned. 2258 * it transmitted were processed or returned.
2044 */ 2259 */
2045 status = IEEE80211_SKB_RXCB(rx->skb);
2046 2260
2047 if (cfg80211_rx_action(rx->sdata->dev, status->freq, 2261 if (cfg80211_rx_mgmt(rx->sdata->dev, status->freq,
2048 rx->skb->data, rx->skb->len, 2262 rx->skb->data, rx->skb->len,
2049 GFP_ATOMIC)) 2263 GFP_ATOMIC)) {
2050 goto handled; 2264 if (rx->sta)
2265 rx->sta->rx_packets++;
2266 dev_kfree_skb(rx->skb);
2267 return RX_QUEUED;
2268 }
2269
2270
2271 return RX_CONTINUE;
2272}
2273
2274static ieee80211_rx_result debug_noinline
2275ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2276{
2277 struct ieee80211_local *local = rx->local;
2278 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) rx->skb->data;
2279 struct sk_buff *nskb;
2280 struct ieee80211_sub_if_data *sdata = rx->sdata;
2281 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb);
2282
2283 if (!ieee80211_is_action(mgmt->frame_control))
2284 return RX_CONTINUE;
2285
2286 /*
2287 * For AP mode, hostapd is responsible for handling any action
2288 * frames that we didn't handle, including returning unknown
2289 * ones. For all other modes we will return them to the sender,
2290 * setting the 0x80 bit in the action category, as required by
2291 * 802.11-2007 7.3.1.11.
2292 * Newer versions of hostapd shall also use the management frame
2293 * registration mechanisms, but older ones still use cooked
2294 * monitor interfaces so push all frames there.
2295 */
2296 if (!(status->rx_flags & IEEE80211_RX_MALFORMED_ACTION_FRM) &&
2297 (sdata->vif.type == NL80211_IFTYPE_AP ||
2298 sdata->vif.type == NL80211_IFTYPE_AP_VLAN))
2299 return RX_DROP_MONITOR;
2051 2300
2052 /* do not return rejected action frames */ 2301 /* do not return rejected action frames */
2053 if (mgmt->u.action.category & 0x80) 2302 if (mgmt->u.action.category & 0x80)
@@ -2066,20 +2315,8 @@ ieee80211_rx_h_action(struct ieee80211_rx_data *rx)
2066 2315
2067 ieee80211_tx_skb(rx->sdata, nskb); 2316 ieee80211_tx_skb(rx->sdata, nskb);
2068 } 2317 }
2069
2070 handled:
2071 if (rx->sta)
2072 rx->sta->rx_packets++;
2073 dev_kfree_skb(rx->skb); 2318 dev_kfree_skb(rx->skb);
2074 return RX_QUEUED; 2319 return RX_QUEUED;
2075
2076 queue:
2077 rx->skb->pkt_type = IEEE80211_SDATA_QUEUE_TYPE_FRAME;
2078 skb_queue_tail(&sdata->skb_queue, rx->skb);
2079 ieee80211_queue_work(&local->hw, &sdata->work);
2080 if (rx->sta)
2081 rx->sta->rx_packets++;
2082 return RX_QUEUED;
2083} 2320}
2084 2321
2085static ieee80211_rx_result debug_noinline 2322static ieee80211_rx_result debug_noinline
@@ -2090,15 +2327,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2090 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data; 2327 struct ieee80211_mgmt *mgmt = (void *)rx->skb->data;
2091 __le16 stype; 2328 __le16 stype;
2092 2329
2093 if (!(rx->flags & IEEE80211_RX_RA_MATCH))
2094 return RX_DROP_MONITOR;
2095
2096 if (rx->skb->len < 24)
2097 return RX_DROP_MONITOR;
2098
2099 if (ieee80211_drop_unencrypted_mgmt(rx))
2100 return RX_DROP_UNUSABLE;
2101
2102 rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb); 2330 rxs = ieee80211_work_rx_mgmt(rx->sdata, rx->skb);
2103 if (rxs != RX_CONTINUE) 2331 if (rxs != RX_CONTINUE)
2104 return rxs; 2332 return rxs;
@@ -2117,6 +2345,10 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2117 break; 2345 break;
2118 case cpu_to_le16(IEEE80211_STYPE_DEAUTH): 2346 case cpu_to_le16(IEEE80211_STYPE_DEAUTH):
2119 case cpu_to_le16(IEEE80211_STYPE_DISASSOC): 2347 case cpu_to_le16(IEEE80211_STYPE_DISASSOC):
2348 if (is_multicast_ether_addr(mgmt->da) &&
2349 !is_broadcast_ether_addr(mgmt->da))
2350 return RX_DROP_MONITOR;
2351
2120 /* process only for station */ 2352 /* process only for station */
2121 if (sdata->vif.type != NL80211_IFTYPE_STATION) 2353 if (sdata->vif.type != NL80211_IFTYPE_STATION)
2122 return RX_DROP_MONITOR; 2354 return RX_DROP_MONITOR;
@@ -2141,47 +2373,6 @@ ieee80211_rx_h_mgmt(struct ieee80211_rx_data *rx)
2141 return RX_QUEUED; 2373 return RX_QUEUED;
2142} 2374}
2143 2375
2144static void ieee80211_rx_michael_mic_report(struct ieee80211_hdr *hdr,
2145 struct ieee80211_rx_data *rx)
2146{
2147 int keyidx;
2148 unsigned int hdrlen;
2149
2150 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2151 if (rx->skb->len >= hdrlen + 4)
2152 keyidx = rx->skb->data[hdrlen + 3] >> 6;
2153 else
2154 keyidx = -1;
2155
2156 if (!rx->sta) {
2157 /*
2158 * Some hardware seem to generate incorrect Michael MIC
2159 * reports; ignore them to avoid triggering countermeasures.
2160 */
2161 return;
2162 }
2163
2164 if (!ieee80211_has_protected(hdr->frame_control))
2165 return;
2166
2167 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && keyidx) {
2168 /*
2169 * APs with pairwise keys should never receive Michael MIC
2170 * errors for non-zero keyidx because these are reserved for
2171 * group keys and only the AP is sending real multicast
2172 * frames in the BSS.
2173 */
2174 return;
2175 }
2176
2177 if (!ieee80211_is_data(hdr->frame_control) &&
2178 !ieee80211_is_auth(hdr->frame_control))
2179 return;
2180
2181 mac80211_ev_michael_mic_failure(rx->sdata, keyidx, hdr, NULL,
2182 GFP_ATOMIC);
2183}
2184
2185/* TODO: use IEEE80211_RX_FRAGMENTED */ 2376/* TODO: use IEEE80211_RX_FRAGMENTED */
2186static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx, 2377static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2187 struct ieee80211_rate *rate) 2378 struct ieee80211_rate *rate)
@@ -2199,6 +2390,14 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2199 struct net_device *prev_dev = NULL; 2390 struct net_device *prev_dev = NULL;
2200 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2391 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2201 2392
2393 /*
2394 * If cooked monitor has been processed already, then
2395 * don't do it again. If not, set the flag.
2396 */
2397 if (rx->flags & IEEE80211_RX_CMNTR)
2398 goto out_free_skb;
2399 rx->flags |= IEEE80211_RX_CMNTR;
2400
2202 if (skb_headroom(skb) < sizeof(*rthdr) && 2401 if (skb_headroom(skb) < sizeof(*rthdr) &&
2203 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC)) 2402 pskb_expand_head(skb, sizeof(*rthdr), 0, GFP_ATOMIC))
2204 goto out_free_skb; 2403 goto out_free_skb;
@@ -2253,29 +2452,52 @@ static void ieee80211_rx_cooked_monitor(struct ieee80211_rx_data *rx,
2253 if (prev_dev) { 2452 if (prev_dev) {
2254 skb->dev = prev_dev; 2453 skb->dev = prev_dev;
2255 netif_receive_skb(skb); 2454 netif_receive_skb(skb);
2256 skb = NULL; 2455 return;
2257 } else 2456 }
2258 goto out_free_skb;
2259
2260 return;
2261 2457
2262 out_free_skb: 2458 out_free_skb:
2263 dev_kfree_skb(skb); 2459 dev_kfree_skb(skb);
2264} 2460}
2265 2461
2462static void ieee80211_rx_handlers_result(struct ieee80211_rx_data *rx,
2463 ieee80211_rx_result res)
2464{
2465 switch (res) {
2466 case RX_DROP_MONITOR:
2467 I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop);
2468 if (rx->sta)
2469 rx->sta->rx_dropped++;
2470 /* fall through */
2471 case RX_CONTINUE: {
2472 struct ieee80211_rate *rate = NULL;
2473 struct ieee80211_supported_band *sband;
2474 struct ieee80211_rx_status *status;
2475
2476 status = IEEE80211_SKB_RXCB((rx->skb));
2477
2478 sband = rx->local->hw.wiphy->bands[status->band];
2479 if (!(status->flag & RX_FLAG_HT))
2480 rate = &sband->bitrates[status->rate_idx];
2481
2482 ieee80211_rx_cooked_monitor(rx, rate);
2483 break;
2484 }
2485 case RX_DROP_UNUSABLE:
2486 I802_DEBUG_INC(rx->sdata->local->rx_handlers_drop);
2487 if (rx->sta)
2488 rx->sta->rx_dropped++;
2489 dev_kfree_skb(rx->skb);
2490 break;
2491 case RX_QUEUED:
2492 I802_DEBUG_INC(rx->sdata->local->rx_handlers_queued);
2493 break;
2494 }
2495}
2266 2496
2267static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata, 2497static void ieee80211_rx_handlers(struct ieee80211_rx_data *rx)
2268 struct ieee80211_rx_data *rx,
2269 struct sk_buff *skb,
2270 struct ieee80211_rate *rate)
2271{ 2498{
2272 struct sk_buff_head reorder_release;
2273 ieee80211_rx_result res = RX_DROP_MONITOR; 2499 ieee80211_rx_result res = RX_DROP_MONITOR;
2274 2500 struct sk_buff *skb;
2275 __skb_queue_head_init(&reorder_release);
2276
2277 rx->skb = skb;
2278 rx->sdata = sdata;
2279 2501
2280#define CALL_RXH(rxh) \ 2502#define CALL_RXH(rxh) \
2281 do { \ 2503 do { \
@@ -2284,17 +2506,15 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
2284 goto rxh_next; \ 2506 goto rxh_next; \
2285 } while (0); 2507 } while (0);
2286 2508
2287 /* 2509 spin_lock(&rx->local->rx_skb_queue.lock);
2288 * NB: the rxh_next label works even if we jump 2510 if (rx->local->running_rx_handler)
2289 * to it from here because then the list will 2511 goto unlock;
2290 * be empty, which is a trivial check 2512
2291 */ 2513 rx->local->running_rx_handler = true;
2292 CALL_RXH(ieee80211_rx_h_passive_scan)
2293 CALL_RXH(ieee80211_rx_h_check)
2294 2514
2295 ieee80211_rx_reorder_ampdu(rx, &reorder_release); 2515 while ((skb = __skb_dequeue(&rx->local->rx_skb_queue))) {
2516 spin_unlock(&rx->local->rx_skb_queue.lock);
2296 2517
2297 while ((skb = __skb_dequeue(&reorder_release))) {
2298 /* 2518 /*
2299 * all the other fields are valid across frames 2519 * all the other fields are valid across frames
2300 * that belong to an aMPDU since they are on the 2520 * that belong to an aMPDU since they are on the
@@ -2312,50 +2532,86 @@ static void ieee80211_invoke_rx_handlers(struct ieee80211_sub_if_data *sdata,
2312 CALL_RXH(ieee80211_rx_h_remove_qos_control) 2532 CALL_RXH(ieee80211_rx_h_remove_qos_control)
2313 CALL_RXH(ieee80211_rx_h_amsdu) 2533 CALL_RXH(ieee80211_rx_h_amsdu)
2314#ifdef CONFIG_MAC80211_MESH 2534#ifdef CONFIG_MAC80211_MESH
2315 if (ieee80211_vif_is_mesh(&sdata->vif)) 2535 if (ieee80211_vif_is_mesh(&rx->sdata->vif))
2316 CALL_RXH(ieee80211_rx_h_mesh_fwding); 2536 CALL_RXH(ieee80211_rx_h_mesh_fwding);
2317#endif 2537#endif
2318 CALL_RXH(ieee80211_rx_h_data) 2538 CALL_RXH(ieee80211_rx_h_data)
2319 2539 CALL_RXH(ieee80211_rx_h_ctrl);
2320 /* special treatment -- needs the queue */ 2540 CALL_RXH(ieee80211_rx_h_mgmt_check)
2321 res = ieee80211_rx_h_ctrl(rx, &reorder_release);
2322 if (res != RX_CONTINUE)
2323 goto rxh_next;
2324
2325 CALL_RXH(ieee80211_rx_h_action) 2541 CALL_RXH(ieee80211_rx_h_action)
2542 CALL_RXH(ieee80211_rx_h_userspace_mgmt)
2543 CALL_RXH(ieee80211_rx_h_action_return)
2326 CALL_RXH(ieee80211_rx_h_mgmt) 2544 CALL_RXH(ieee80211_rx_h_mgmt)
2327 2545
2546 rxh_next:
2547 ieee80211_rx_handlers_result(rx, res);
2548 spin_lock(&rx->local->rx_skb_queue.lock);
2328#undef CALL_RXH 2549#undef CALL_RXH
2550 }
2551
2552 rx->local->running_rx_handler = false;
2553
2554 unlock:
2555 spin_unlock(&rx->local->rx_skb_queue.lock);
2556}
2557
2558static void ieee80211_invoke_rx_handlers(struct ieee80211_rx_data *rx)
2559{
2560 ieee80211_rx_result res = RX_DROP_MONITOR;
2561
2562#define CALL_RXH(rxh) \
2563 do { \
2564 res = rxh(rx); \
2565 if (res != RX_CONTINUE) \
2566 goto rxh_next; \
2567 } while (0);
2568
2569 CALL_RXH(ieee80211_rx_h_passive_scan)
2570 CALL_RXH(ieee80211_rx_h_check)
2571
2572 ieee80211_rx_reorder_ampdu(rx);
2573
2574 ieee80211_rx_handlers(rx);
2575 return;
2329 2576
2330 rxh_next: 2577 rxh_next:
2331 switch (res) { 2578 ieee80211_rx_handlers_result(rx, res);
2332 case RX_DROP_MONITOR: 2579
2333 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2580#undef CALL_RXH
2334 if (rx->sta) 2581}
2335 rx->sta->rx_dropped++; 2582
2336 /* fall through */ 2583/*
2337 case RX_CONTINUE: 2584 * This function makes calls into the RX path, therefore
2338 ieee80211_rx_cooked_monitor(rx, rate); 2585 * it has to be invoked under RCU read lock.
2339 break; 2586 */
2340 case RX_DROP_UNUSABLE: 2587void ieee80211_release_reorder_timeout(struct sta_info *sta, int tid)
2341 I802_DEBUG_INC(sdata->local->rx_handlers_drop); 2588{
2342 if (rx->sta) 2589 struct ieee80211_rx_data rx = {
2343 rx->sta->rx_dropped++; 2590 .sta = sta,
2344 dev_kfree_skb(rx->skb); 2591 .sdata = sta->sdata,
2345 break; 2592 .local = sta->local,
2346 case RX_QUEUED: 2593 .queue = tid,
2347 I802_DEBUG_INC(sdata->local->rx_handlers_queued); 2594 .flags = 0,
2348 break; 2595 };
2349 } 2596 struct tid_ampdu_rx *tid_agg_rx;
2350 } 2597
2598 tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]);
2599 if (!tid_agg_rx)
2600 return;
2601
2602 spin_lock(&tid_agg_rx->reorder_lock);
2603 ieee80211_sta_reorder_release(&sta->local->hw, tid_agg_rx);
2604 spin_unlock(&tid_agg_rx->reorder_lock);
2605
2606 ieee80211_rx_handlers(&rx);
2351} 2607}
2352 2608
2353/* main receive path */ 2609/* main receive path */
2354 2610
2355static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata, 2611static int prepare_for_handlers(struct ieee80211_rx_data *rx,
2356 struct ieee80211_rx_data *rx,
2357 struct ieee80211_hdr *hdr) 2612 struct ieee80211_hdr *hdr)
2358{ 2613{
2614 struct ieee80211_sub_if_data *sdata = rx->sdata;
2359 struct sk_buff *skb = rx->skb; 2615 struct sk_buff *skb = rx->skb;
2360 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2616 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2361 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type); 2617 u8 *bssid = ieee80211_get_bssid(hdr, skb->len, sdata->vif.type);
@@ -2367,9 +2623,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2367 return 0; 2623 return 0;
2368 if (!multicast && 2624 if (!multicast &&
2369 compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) { 2625 compare_ether_addr(sdata->vif.addr, hdr->addr1) != 0) {
2370 if (!(sdata->dev->flags & IFF_PROMISC)) 2626 if (!(sdata->dev->flags & IFF_PROMISC) ||
2627 sdata->u.mgd.use_4addr)
2371 return 0; 2628 return 0;
2372 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2629 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2373 } 2630 }
2374 break; 2631 break;
2375 case NL80211_IFTYPE_ADHOC: 2632 case NL80211_IFTYPE_ADHOC:
@@ -2379,15 +2636,15 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2379 return 1; 2636 return 1;
2380 } 2637 }
2381 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) { 2638 else if (!ieee80211_bssid_match(bssid, sdata->u.ibss.bssid)) {
2382 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2639 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN))
2383 return 0; 2640 return 0;
2384 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2641 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2385 } else if (!multicast && 2642 } else if (!multicast &&
2386 compare_ether_addr(sdata->vif.addr, 2643 compare_ether_addr(sdata->vif.addr,
2387 hdr->addr1) != 0) { 2644 hdr->addr1) != 0) {
2388 if (!(sdata->dev->flags & IFF_PROMISC)) 2645 if (!(sdata->dev->flags & IFF_PROMISC))
2389 return 0; 2646 return 0;
2390 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2647 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2391 } else if (!rx->sta) { 2648 } else if (!rx->sta) {
2392 int rate_idx; 2649 int rate_idx;
2393 if (status->flag & RX_FLAG_HT) 2650 if (status->flag & RX_FLAG_HT)
@@ -2405,7 +2662,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2405 if (!(sdata->dev->flags & IFF_PROMISC)) 2662 if (!(sdata->dev->flags & IFF_PROMISC))
2406 return 0; 2663 return 0;
2407 2664
2408 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2665 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2409 } 2666 }
2410 break; 2667 break;
2411 case NL80211_IFTYPE_AP_VLAN: 2668 case NL80211_IFTYPE_AP_VLAN:
@@ -2416,9 +2673,10 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2416 return 0; 2673 return 0;
2417 } else if (!ieee80211_bssid_match(bssid, 2674 } else if (!ieee80211_bssid_match(bssid,
2418 sdata->vif.addr)) { 2675 sdata->vif.addr)) {
2419 if (!(rx->flags & IEEE80211_RX_IN_SCAN)) 2676 if (!(status->rx_flags & IEEE80211_RX_IN_SCAN) &&
2677 !ieee80211_is_beacon(hdr->frame_control))
2420 return 0; 2678 return 0;
2421 rx->flags &= ~IEEE80211_RX_RA_MATCH; 2679 status->rx_flags &= ~IEEE80211_RX_RA_MATCH;
2422 } 2680 }
2423 break; 2681 break;
2424 case NL80211_IFTYPE_WDS: 2682 case NL80211_IFTYPE_WDS:
@@ -2427,9 +2685,7 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2427 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2)) 2685 if (compare_ether_addr(sdata->u.wds.remote_addr, hdr->addr2))
2428 return 0; 2686 return 0;
2429 break; 2687 break;
2430 case NL80211_IFTYPE_MONITOR: 2688 default:
2431 case NL80211_IFTYPE_UNSPECIFIED:
2432 case __NL80211_IFTYPE_AFTER_LAST:
2433 /* should never get here */ 2689 /* should never get here */
2434 WARN_ON(1); 2690 WARN_ON(1);
2435 break; 2691 break;
@@ -2439,12 +2695,50 @@ static int prepare_for_handlers(struct ieee80211_sub_if_data *sdata,
2439} 2695}
2440 2696
2441/* 2697/*
2698 * This function returns whether or not the SKB
2699 * was destined for RX processing or not, which,
2700 * if consume is true, is equivalent to whether
2701 * or not the skb was consumed.
2702 */
2703static bool ieee80211_prepare_and_rx_handle(struct ieee80211_rx_data *rx,
2704 struct sk_buff *skb, bool consume)
2705{
2706 struct ieee80211_local *local = rx->local;
2707 struct ieee80211_sub_if_data *sdata = rx->sdata;
2708 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2709 struct ieee80211_hdr *hdr = (void *)skb->data;
2710 int prepares;
2711
2712 rx->skb = skb;
2713 status->rx_flags |= IEEE80211_RX_RA_MATCH;
2714 prepares = prepare_for_handlers(rx, hdr);
2715
2716 if (!prepares)
2717 return false;
2718
2719 if (!consume) {
2720 skb = skb_copy(skb, GFP_ATOMIC);
2721 if (!skb) {
2722 if (net_ratelimit())
2723 wiphy_debug(local->hw.wiphy,
2724 "failed to copy skb for %s\n",
2725 sdata->name);
2726 return true;
2727 }
2728
2729 rx->skb = skb;
2730 }
2731
2732 ieee80211_invoke_rx_handlers(rx);
2733 return true;
2734}
2735
2736/*
2442 * This is the actual Rx frames handler. as it blongs to Rx path it must 2737 * This is the actual Rx frames handler. as it blongs to Rx path it must
2443 * be called with rcu_read_lock protection. 2738 * be called with rcu_read_lock protection.
2444 */ 2739 */
2445static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw, 2740static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2446 struct sk_buff *skb, 2741 struct sk_buff *skb)
2447 struct ieee80211_rate *rate)
2448{ 2742{
2449 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 2743 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
2450 struct ieee80211_local *local = hw_to_local(hw); 2744 struct ieee80211_local *local = hw_to_local(hw);
@@ -2452,11 +2746,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2452 struct ieee80211_hdr *hdr; 2746 struct ieee80211_hdr *hdr;
2453 __le16 fc; 2747 __le16 fc;
2454 struct ieee80211_rx_data rx; 2748 struct ieee80211_rx_data rx;
2455 int prepares; 2749 struct ieee80211_sub_if_data *prev;
2456 struct ieee80211_sub_if_data *prev = NULL; 2750 struct sta_info *sta, *tmp, *prev_sta;
2457 struct sk_buff *skb_new;
2458 struct sta_info *sta, *tmp;
2459 bool found_sta = false;
2460 int err = 0; 2751 int err = 0;
2461 2752
2462 fc = ((struct ieee80211_hdr *)skb->data)->frame_control; 2753 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
@@ -2468,8 +2759,8 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2468 local->dot11ReceivedFragmentCount++; 2759 local->dot11ReceivedFragmentCount++;
2469 2760
2470 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) || 2761 if (unlikely(test_bit(SCAN_HW_SCANNING, &local->scanning) ||
2471 test_bit(SCAN_OFF_CHANNEL, &local->scanning))) 2762 test_bit(SCAN_SW_SCANNING, &local->scanning)))
2472 rx.flags |= IEEE80211_RX_IN_SCAN; 2763 status->rx_flags |= IEEE80211_RX_IN_SCAN;
2473 2764
2474 if (ieee80211_is_mgmt(fc)) 2765 if (ieee80211_is_mgmt(fc))
2475 err = skb_linearize(skb); 2766 err = skb_linearize(skb);
@@ -2486,91 +2777,69 @@ static void __ieee80211_rx_handle_packet(struct ieee80211_hw *hw,
2486 ieee80211_verify_alignment(&rx); 2777 ieee80211_verify_alignment(&rx);
2487 2778
2488 if (ieee80211_is_data(fc)) { 2779 if (ieee80211_is_data(fc)) {
2780 prev_sta = NULL;
2781
2489 for_each_sta_info(local, hdr->addr2, sta, tmp) { 2782 for_each_sta_info(local, hdr->addr2, sta, tmp) {
2490 rx.sta = sta; 2783 if (!prev_sta) {
2491 found_sta = true; 2784 prev_sta = sta;
2492 rx.sdata = sta->sdata;
2493
2494 rx.flags |= IEEE80211_RX_RA_MATCH;
2495 prepares = prepare_for_handlers(rx.sdata, &rx, hdr);
2496 if (prepares) {
2497 if (status->flag & RX_FLAG_MMIC_ERROR) {
2498 if (rx.flags & IEEE80211_RX_RA_MATCH)
2499 ieee80211_rx_michael_mic_report(hdr, &rx);
2500 } else
2501 prev = rx.sdata;
2502 }
2503 }
2504 }
2505 if (!found_sta) {
2506 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2507 if (!ieee80211_sdata_running(sdata))
2508 continue; 2785 continue;
2786 }
2509 2787
2510 if (sdata->vif.type == NL80211_IFTYPE_MONITOR || 2788 rx.sta = prev_sta;
2511 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 2789 rx.sdata = prev_sta->sdata;
2512 continue; 2790 ieee80211_prepare_and_rx_handle(&rx, skb, false);
2513 2791
2514 /* 2792 prev_sta = sta;
2515 * frame is destined for this interface, but if it's 2793 }
2516 * not also for the previous one we handle that after
2517 * the loop to avoid copying the SKB once too much
2518 */
2519 2794
2520 if (!prev) { 2795 if (prev_sta) {
2521 prev = sdata; 2796 rx.sta = prev_sta;
2522 continue; 2797 rx.sdata = prev_sta->sdata;
2523 }
2524 2798
2525 rx.sta = sta_info_get_bss(prev, hdr->addr2); 2799 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
2800 return;
2801 goto out;
2802 }
2803 }
2526 2804
2527 rx.flags |= IEEE80211_RX_RA_MATCH; 2805 prev = NULL;
2528 prepares = prepare_for_handlers(prev, &rx, hdr);
2529 2806
2530 if (!prepares) 2807 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
2531 goto next; 2808 if (!ieee80211_sdata_running(sdata))
2809 continue;
2532 2810
2533 if (status->flag & RX_FLAG_MMIC_ERROR) { 2811 if (sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2534 rx.sdata = prev; 2812 sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2535 if (rx.flags & IEEE80211_RX_RA_MATCH) 2813 continue;
2536 ieee80211_rx_michael_mic_report(hdr,
2537 &rx);
2538 goto next;
2539 }
2540 2814
2541 /* 2815 /*
2542 * frame was destined for the previous interface 2816 * frame is destined for this interface, but if it's
2543 * so invoke RX handlers for it 2817 * not also for the previous one we handle that after
2544 */ 2818 * the loop to avoid copying the SKB once too much
2819 */
2545 2820
2546 skb_new = skb_copy(skb, GFP_ATOMIC); 2821 if (!prev) {
2547 if (!skb_new) {
2548 if (net_ratelimit())
2549 printk(KERN_DEBUG "%s: failed to copy "
2550 "multicast frame for %s\n",
2551 wiphy_name(local->hw.wiphy),
2552 prev->name);
2553 goto next;
2554 }
2555 ieee80211_invoke_rx_handlers(prev, &rx, skb_new, rate);
2556next:
2557 prev = sdata; 2822 prev = sdata;
2823 continue;
2558 } 2824 }
2559 2825
2560 if (prev) { 2826 rx.sta = sta_info_get_bss(prev, hdr->addr2);
2561 rx.sta = sta_info_get_bss(prev, hdr->addr2); 2827 rx.sdata = prev;
2828 ieee80211_prepare_and_rx_handle(&rx, skb, false);
2562 2829
2563 rx.flags |= IEEE80211_RX_RA_MATCH; 2830 prev = sdata;
2564 prepares = prepare_for_handlers(prev, &rx, hdr); 2831 }
2565 2832
2566 if (!prepares) 2833 if (prev) {
2567 prev = NULL; 2834 rx.sta = sta_info_get_bss(prev, hdr->addr2);
2568 } 2835 rx.sdata = prev;
2836
2837 if (ieee80211_prepare_and_rx_handle(&rx, skb, true))
2838 return;
2569 } 2839 }
2570 if (prev) 2840
2571 ieee80211_invoke_rx_handlers(prev, &rx, skb, rate); 2841 out:
2572 else 2842 dev_kfree_skb(skb);
2573 dev_kfree_skb(skb);
2574} 2843}
2575 2844
2576/* 2845/*
@@ -2611,30 +2880,41 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2611 if (WARN_ON(!local->started)) 2880 if (WARN_ON(!local->started))
2612 goto drop; 2881 goto drop;
2613 2882
2614 if (status->flag & RX_FLAG_HT) { 2883 if (likely(!(status->flag & RX_FLAG_FAILED_PLCP_CRC))) {
2615 /* 2884 /*
2616 * rate_idx is MCS index, which can be [0-76] as documented on: 2885 * Validate the rate, unless a PLCP error means that
2617 * 2886 * we probably can't have a valid rate here anyway.
2618 * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n
2619 *
2620 * Anything else would be some sort of driver or hardware error.
2621 * The driver should catch hardware errors.
2622 */ 2887 */
2623 if (WARN((status->rate_idx < 0 || 2888
2624 status->rate_idx > 76), 2889 if (status->flag & RX_FLAG_HT) {
2625 "Rate marked as an HT rate but passed " 2890 /*
2626 "status->rate_idx is not " 2891 * rate_idx is MCS index, which can be [0-76]
2627 "an MCS index [0-76]: %d (0x%02x)\n", 2892 * as documented on:
2628 status->rate_idx, 2893 *
2629 status->rate_idx)) 2894 * http://wireless.kernel.org/en/developers/Documentation/ieee80211/802.11n
2630 goto drop; 2895 *
2631 } else { 2896 * Anything else would be some sort of driver or
2632 if (WARN_ON(status->rate_idx < 0 || 2897 * hardware error. The driver should catch hardware
2633 status->rate_idx >= sband->n_bitrates)) 2898 * errors.
2634 goto drop; 2899 */
2635 rate = &sband->bitrates[status->rate_idx]; 2900 if (WARN((status->rate_idx < 0 ||
2901 status->rate_idx > 76),
2902 "Rate marked as an HT rate but passed "
2903 "status->rate_idx is not "
2904 "an MCS index [0-76]: %d (0x%02x)\n",
2905 status->rate_idx,
2906 status->rate_idx))
2907 goto drop;
2908 } else {
2909 if (WARN_ON(status->rate_idx < 0 ||
2910 status->rate_idx >= sband->n_bitrates))
2911 goto drop;
2912 rate = &sband->bitrates[status->rate_idx];
2913 }
2636 } 2914 }
2637 2915
2916 status->rx_flags = 0;
2917
2638 /* 2918 /*
2639 * key references and virtual interfaces are protected using RCU 2919 * key references and virtual interfaces are protected using RCU
2640 * and this requires that we are in a read-side RCU section during 2920 * and this requires that we are in a read-side RCU section during
@@ -2654,7 +2934,10 @@ void ieee80211_rx(struct ieee80211_hw *hw, struct sk_buff *skb)
2654 return; 2934 return;
2655 } 2935 }
2656 2936
2657 __ieee80211_rx_handle_packet(hw, skb, rate); 2937 ieee80211_tpt_led_trig_rx(local,
2938 ((struct ieee80211_hdr *)skb->data)->frame_control,
2939 skb->len);
2940 __ieee80211_rx_handle_packet(hw, skb);
2658 2941
2659 rcu_read_unlock(); 2942 rcu_read_unlock();
2660 2943
diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c
index 872d7b6ef6b3..669d2e32efb6 100644
--- a/net/mac80211/scan.c
+++ b/net/mac80211/scan.c
@@ -170,7 +170,7 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
170 return RX_CONTINUE; 170 return RX_CONTINUE;
171 171
172 if (skb->len < 24) 172 if (skb->len < 24)
173 return RX_DROP_MONITOR; 173 return RX_CONTINUE;
174 174
175 presp = ieee80211_is_probe_resp(fc); 175 presp = ieee80211_is_probe_resp(fc);
176 if (presp) { 176 if (presp) {
@@ -196,7 +196,8 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
196 ieee802_11_parse_elems(elements, skb->len - baselen, &elems); 196 ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
197 197
198 if (elems.ds_params && elems.ds_params_len == 1) 198 if (elems.ds_params && elems.ds_params_len == 1)
199 freq = ieee80211_channel_to_frequency(elems.ds_params[0]); 199 freq = ieee80211_channel_to_frequency(elems.ds_params[0],
200 rx_status->band);
200 else 201 else
201 freq = rx_status->freq; 202 freq = rx_status->freq;
202 203
@@ -211,6 +212,14 @@ ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
211 if (bss) 212 if (bss)
212 ieee80211_rx_bss_put(sdata->local, bss); 213 ieee80211_rx_bss_put(sdata->local, bss);
213 214
215 /* If we are on-operating-channel, and this packet is for the
216 * current channel, pass the pkt on up the stack so that
217 * the rest of the stack can make use of it.
218 */
219 if (ieee80211_cfg_on_oper_channel(sdata->local)
220 && (channel == sdata->local->oper_channel))
221 return RX_CONTINUE;
222
214 dev_kfree_skb(skb); 223 dev_kfree_skb(skb);
215 return RX_QUEUED; 224 return RX_QUEUED;
216} 225}
@@ -242,20 +251,21 @@ static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
242 local->hw_scan_req->n_channels = n_chans; 251 local->hw_scan_req->n_channels = n_chans;
243 252
244 ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie, 253 ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
245 req->ie, req->ie_len, band); 254 req->ie, req->ie_len, band, (u32) -1,
255 0);
246 local->hw_scan_req->ie_len = ielen; 256 local->hw_scan_req->ie_len = ielen;
247 257
248 return true; 258 return true;
249} 259}
250 260
251void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted) 261static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
262 bool was_hw_scan)
252{ 263{
253 struct ieee80211_local *local = hw_to_local(hw); 264 struct ieee80211_local *local = hw_to_local(hw);
254 bool was_hw_scan; 265 bool on_oper_chan;
255 266 bool enable_beacons = false;
256 trace_api_scan_completed(local, aborted);
257 267
258 mutex_lock(&local->scan_mtx); 268 lockdep_assert_held(&local->mtx);
259 269
260 /* 270 /*
261 * It's ok to abort a not-yet-running scan (that 271 * It's ok to abort a not-yet-running scan (that
@@ -266,17 +276,13 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
266 if (WARN_ON(!local->scanning && !aborted)) 276 if (WARN_ON(!local->scanning && !aborted))
267 aborted = true; 277 aborted = true;
268 278
269 if (WARN_ON(!local->scan_req)) { 279 if (WARN_ON(!local->scan_req))
270 mutex_unlock(&local->scan_mtx);
271 return; 280 return;
272 }
273 281
274 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
275 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) { 282 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
276 ieee80211_queue_delayed_work(&local->hw, 283 int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);
277 &local->scan_work, 0); 284 if (rc == 0)
278 mutex_unlock(&local->scan_mtx); 285 return;
279 return;
280 } 286 }
281 287
282 kfree(local->hw_scan_req); 288 kfree(local->hw_scan_req);
@@ -290,26 +296,46 @@ void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
290 local->scanning = 0; 296 local->scanning = 0;
291 local->scan_channel = NULL; 297 local->scan_channel = NULL;
292 298
293 /* we only have to protect scan_req and hw/sw scan */ 299 on_oper_chan = ieee80211_cfg_on_oper_channel(local);
294 mutex_unlock(&local->scan_mtx);
295
296 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
297 if (was_hw_scan)
298 goto done;
299
300 ieee80211_configure_filter(local);
301
302 drv_sw_scan_complete(local);
303 300
304 ieee80211_offchannel_return(local, true); 301 if (was_hw_scan || !on_oper_chan)
302 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
303 else
304 /* Set power back to normal operating levels. */
305 ieee80211_hw_config(local, 0);
306
307 if (!was_hw_scan) {
308 bool on_oper_chan2;
309 ieee80211_configure_filter(local);
310 drv_sw_scan_complete(local);
311 on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
312 /* We should always be on-channel at this point. */
313 WARN_ON(!on_oper_chan2);
314 if (on_oper_chan2 && (on_oper_chan != on_oper_chan2))
315 enable_beacons = true;
316
317 ieee80211_offchannel_return(local, enable_beacons, true);
318 }
305 319
306 done:
307 ieee80211_recalc_idle(local); 320 ieee80211_recalc_idle(local);
321
308 ieee80211_mlme_notify_scan_completed(local); 322 ieee80211_mlme_notify_scan_completed(local);
309 ieee80211_ibss_notify_scan_completed(local); 323 ieee80211_ibss_notify_scan_completed(local);
310 ieee80211_mesh_notify_scan_completed(local); 324 ieee80211_mesh_notify_scan_completed(local);
311 ieee80211_queue_work(&local->hw, &local->work_work); 325 ieee80211_queue_work(&local->hw, &local->work_work);
312} 326}
327
328void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
329{
330 struct ieee80211_local *local = hw_to_local(hw);
331
332 trace_api_scan_completed(local, aborted);
333
334 set_bit(SCAN_COMPLETED, &local->scanning);
335 if (aborted)
336 set_bit(SCAN_ABORTED, &local->scanning);
337 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
338}
313EXPORT_SYMBOL(ieee80211_scan_completed); 339EXPORT_SYMBOL(ieee80211_scan_completed);
314 340
315static int ieee80211_start_sw_scan(struct ieee80211_local *local) 341static int ieee80211_start_sw_scan(struct ieee80211_local *local)
@@ -329,16 +355,21 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local)
329 */ 355 */
330 drv_sw_scan_start(local); 356 drv_sw_scan_start(local);
331 357
332 ieee80211_offchannel_stop_beaconing(local);
333
334 local->leave_oper_channel_time = 0; 358 local->leave_oper_channel_time = 0;
335 local->next_scan_state = SCAN_DECISION; 359 local->next_scan_state = SCAN_DECISION;
336 local->scan_channel_idx = 0; 360 local->scan_channel_idx = 0;
337 361
338 drv_flush(local, false); 362 /* We always want to use off-channel PS, even if we
363 * are not really leaving oper-channel. Don't
364 * tell the AP though, as long as we are on-channel.
365 */
366 ieee80211_offchannel_enable_all_ps(local, false);
339 367
340 ieee80211_configure_filter(local); 368 ieee80211_configure_filter(local);
341 369
370 /* We need to set power level at maximum rate for scanning. */
371 ieee80211_hw_config(local, 0);
372
342 ieee80211_queue_delayed_work(&local->hw, 373 ieee80211_queue_delayed_work(&local->hw,
343 &local->scan_work, 374 &local->scan_work,
344 IEEE80211_CHANNEL_TIME); 375 IEEE80211_CHANNEL_TIME);
@@ -353,6 +384,8 @@ static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
353 struct ieee80211_local *local = sdata->local; 384 struct ieee80211_local *local = sdata->local;
354 int rc; 385 int rc;
355 386
387 lockdep_assert_held(&local->mtx);
388
356 if (local->scan_req) 389 if (local->scan_req)
357 return -EBUSY; 390 return -EBUSY;
358 391
@@ -434,8 +467,8 @@ ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
434 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME; 467 return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
435} 468}
436 469
437static int ieee80211_scan_state_decision(struct ieee80211_local *local, 470static void ieee80211_scan_state_decision(struct ieee80211_local *local,
438 unsigned long *next_delay) 471 unsigned long *next_delay)
439{ 472{
440 bool associated = false; 473 bool associated = false;
441 bool tx_empty = true; 474 bool tx_empty = true;
@@ -445,12 +478,6 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
445 struct ieee80211_sub_if_data *sdata; 478 struct ieee80211_sub_if_data *sdata;
446 struct ieee80211_channel *next_chan; 479 struct ieee80211_channel *next_chan;
447 480
448 /* if no more bands/channels left, complete scan and advance to the idle state */
449 if (local->scan_channel_idx >= local->scan_req->n_channels) {
450 ieee80211_scan_completed(&local->hw, false);
451 return 1;
452 }
453
454 /* 481 /*
455 * check if at least one STA interface is associated, 482 * check if at least one STA interface is associated,
456 * check if at least one STA interface has pending tx frames 483 * check if at least one STA interface has pending tx frames
@@ -479,7 +506,20 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
479 } 506 }
480 mutex_unlock(&local->iflist_mtx); 507 mutex_unlock(&local->iflist_mtx);
481 508
482 if (local->scan_channel) { 509 next_chan = local->scan_req->channels[local->scan_channel_idx];
510
511 if (ieee80211_cfg_on_oper_channel(local)) {
512 /* We're currently on operating channel. */
513 if (next_chan == local->oper_channel)
514 /* We don't need to move off of operating channel. */
515 local->next_scan_state = SCAN_SET_CHANNEL;
516 else
517 /*
518 * We do need to leave operating channel, as next
519 * scan is somewhere else.
520 */
521 local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
522 } else {
483 /* 523 /*
484 * we're currently scanning a different channel, let's 524 * we're currently scanning a different channel, let's
485 * see if we can scan another channel without interfering 525 * see if we can scan another channel without interfering
@@ -495,7 +535,6 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
495 * 535 *
496 * Otherwise switch back to the operating channel. 536 * Otherwise switch back to the operating channel.
497 */ 537 */
498 next_chan = local->scan_req->channels[local->scan_channel_idx];
499 538
500 bad_latency = time_after(jiffies + 539 bad_latency = time_after(jiffies +
501 ieee80211_scan_get_channel_time(next_chan), 540 ieee80211_scan_get_channel_time(next_chan),
@@ -513,24 +552,18 @@ static int ieee80211_scan_state_decision(struct ieee80211_local *local,
513 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL; 552 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
514 else 553 else
515 local->next_scan_state = SCAN_SET_CHANNEL; 554 local->next_scan_state = SCAN_SET_CHANNEL;
516 } else {
517 /*
518 * we're on the operating channel currently, let's
519 * leave that channel now to scan another one
520 */
521 local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
522 } 555 }
523 556
524 *next_delay = 0; 557 *next_delay = 0;
525 return 0;
526} 558}
527 559
528static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local, 560static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
529 unsigned long *next_delay) 561 unsigned long *next_delay)
530{ 562{
531 ieee80211_offchannel_stop_station(local); 563 /* PS will already be in off-channel mode,
532 564 * we do that once at the beginning of scanning.
533 __set_bit(SCAN_OFF_CHANNEL, &local->scanning); 565 */
566 ieee80211_offchannel_stop_vifs(local, false);
534 567
535 /* 568 /*
536 * What if the nullfunc frames didn't arrive? 569 * What if the nullfunc frames didn't arrive?
@@ -553,15 +586,15 @@ static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *loca
553{ 586{
554 /* switch back to the operating channel */ 587 /* switch back to the operating channel */
555 local->scan_channel = NULL; 588 local->scan_channel = NULL;
556 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); 589 if (!ieee80211_cfg_on_oper_channel(local))
590 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
557 591
558 /* 592 /*
559 * Only re-enable station mode interface now; beaconing will be 593 * Re-enable vifs and beaconing. Leave PS
560 * re-enabled once the full scan has been completed. 594 * in off-channel state..will put that back
595 * on-channel at the end of scanning.
561 */ 596 */
562 ieee80211_offchannel_return(local, false); 597 ieee80211_offchannel_return(local, true, false);
563
564 __clear_bit(SCAN_OFF_CHANNEL, &local->scanning);
565 598
566 *next_delay = HZ / 5; 599 *next_delay = HZ / 5;
567 local->next_scan_state = SCAN_DECISION; 600 local->next_scan_state = SCAN_DECISION;
@@ -577,8 +610,11 @@ static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
577 chan = local->scan_req->channels[local->scan_channel_idx]; 610 chan = local->scan_req->channels[local->scan_channel_idx];
578 611
579 local->scan_channel = chan; 612 local->scan_channel = chan;
580 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL)) 613
581 skip = 1; 614 /* Only call hw-config if we really need to change channels. */
615 if (chan != local->hw.conf.channel)
616 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
617 skip = 1;
582 618
583 /* advance state machine to next channel/band */ 619 /* advance state machine to next channel/band */
584 local->scan_channel_idx++; 620 local->scan_channel_idx++;
@@ -636,23 +672,22 @@ void ieee80211_scan_work(struct work_struct *work)
636{ 672{
637 struct ieee80211_local *local = 673 struct ieee80211_local *local =
638 container_of(work, struct ieee80211_local, scan_work.work); 674 container_of(work, struct ieee80211_local, scan_work.work);
639 struct ieee80211_sub_if_data *sdata = local->scan_sdata; 675 struct ieee80211_sub_if_data *sdata;
640 unsigned long next_delay = 0; 676 unsigned long next_delay = 0;
677 bool aborted, hw_scan;
641 678
642 mutex_lock(&local->scan_mtx); 679 mutex_lock(&local->mtx);
643 if (!sdata || !local->scan_req) {
644 mutex_unlock(&local->scan_mtx);
645 return;
646 }
647 680
648 if (local->hw_scan_req) { 681 sdata = local->scan_sdata;
649 int rc = drv_hw_scan(local, sdata, local->hw_scan_req); 682
650 mutex_unlock(&local->scan_mtx); 683 if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
651 if (rc) 684 aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
652 ieee80211_scan_completed(&local->hw, true); 685 goto out_complete;
653 return;
654 } 686 }
655 687
688 if (!sdata || !local->scan_req)
689 goto out;
690
656 if (local->scan_req && !local->scanning) { 691 if (local->scan_req && !local->scanning) {
657 struct cfg80211_scan_request *req = local->scan_req; 692 struct cfg80211_scan_request *req = local->scan_req;
658 int rc; 693 int rc;
@@ -661,21 +696,21 @@ void ieee80211_scan_work(struct work_struct *work)
661 local->scan_sdata = NULL; 696 local->scan_sdata = NULL;
662 697
663 rc = __ieee80211_start_scan(sdata, req); 698 rc = __ieee80211_start_scan(sdata, req);
664 mutex_unlock(&local->scan_mtx); 699 if (rc) {
665 700 /* need to complete scan in cfg80211 */
666 if (rc) 701 local->scan_req = req;
667 ieee80211_scan_completed(&local->hw, true); 702 aborted = true;
668 return; 703 goto out_complete;
704 } else
705 goto out;
669 } 706 }
670 707
671 mutex_unlock(&local->scan_mtx);
672
673 /* 708 /*
674 * Avoid re-scheduling when the sdata is going away. 709 * Avoid re-scheduling when the sdata is going away.
675 */ 710 */
676 if (!ieee80211_sdata_running(sdata)) { 711 if (!ieee80211_sdata_running(sdata)) {
677 ieee80211_scan_completed(&local->hw, true); 712 aborted = true;
678 return; 713 goto out_complete;
679 } 714 }
680 715
681 /* 716 /*
@@ -683,10 +718,19 @@ void ieee80211_scan_work(struct work_struct *work)
683 * without scheduling a new work 718 * without scheduling a new work
684 */ 719 */
685 do { 720 do {
721 if (!ieee80211_sdata_running(sdata)) {
722 aborted = true;
723 goto out_complete;
724 }
725
686 switch (local->next_scan_state) { 726 switch (local->next_scan_state) {
687 case SCAN_DECISION: 727 case SCAN_DECISION:
688 if (ieee80211_scan_state_decision(local, &next_delay)) 728 /* if no more bands/channels left, complete scan */
689 return; 729 if (local->scan_channel_idx >= local->scan_req->n_channels) {
730 aborted = false;
731 goto out_complete;
732 }
733 ieee80211_scan_state_decision(local, &next_delay);
690 break; 734 break;
691 case SCAN_SET_CHANNEL: 735 case SCAN_SET_CHANNEL:
692 ieee80211_scan_state_set_channel(local, &next_delay); 736 ieee80211_scan_state_set_channel(local, &next_delay);
@@ -704,6 +748,13 @@ void ieee80211_scan_work(struct work_struct *work)
704 } while (next_delay == 0); 748 } while (next_delay == 0);
705 749
706 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay); 750 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
751 goto out;
752
753out_complete:
754 hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
755 __ieee80211_scan_completed(&local->hw, aborted, hw_scan);
756out:
757 mutex_unlock(&local->mtx);
707} 758}
708 759
709int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, 760int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
@@ -711,9 +762,9 @@ int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
711{ 762{
712 int res; 763 int res;
713 764
714 mutex_lock(&sdata->local->scan_mtx); 765 mutex_lock(&sdata->local->mtx);
715 res = __ieee80211_start_scan(sdata, req); 766 res = __ieee80211_start_scan(sdata, req);
716 mutex_unlock(&sdata->local->scan_mtx); 767 mutex_unlock(&sdata->local->mtx);
717 768
718 return res; 769 return res;
719} 770}
@@ -726,7 +777,7 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
726 int ret = -EBUSY; 777 int ret = -EBUSY;
727 enum ieee80211_band band; 778 enum ieee80211_band band;
728 779
729 mutex_lock(&local->scan_mtx); 780 mutex_lock(&local->mtx);
730 781
731 /* busy scanning */ 782 /* busy scanning */
732 if (local->scan_req) 783 if (local->scan_req)
@@ -761,25 +812,166 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
761 812
762 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req); 813 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
763 unlock: 814 unlock:
764 mutex_unlock(&local->scan_mtx); 815 mutex_unlock(&local->mtx);
765 return ret; 816 return ret;
766} 817}
767 818
819/*
820 * Only call this function when a scan can't be queued -- under RTNL.
821 */
768void ieee80211_scan_cancel(struct ieee80211_local *local) 822void ieee80211_scan_cancel(struct ieee80211_local *local)
769{ 823{
770 bool abortscan; 824 bool abortscan;
771 825
772 cancel_delayed_work_sync(&local->scan_work);
773
774 /* 826 /*
775 * Only call this function when a scan can't be 827 * We are only canceling software scan, or deferred scan that was not
776 * queued -- mostly at suspend under RTNL. 828 * yet really started (see __ieee80211_start_scan ).
829 *
830 * Regarding hardware scan:
831 * - we can not call __ieee80211_scan_completed() as when
832 * SCAN_HW_SCANNING bit is set this function change
833 * local->hw_scan_req to operate on 5G band, what race with
834 * driver which can use local->hw_scan_req
835 *
836 * - we can not cancel scan_work since driver can schedule it
837 * by ieee80211_scan_completed(..., true) to finish scan
838 *
839 * Hence low lever driver is responsible for canceling HW scan.
777 */ 840 */
778 mutex_lock(&local->scan_mtx);
779 abortscan = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
780 (!local->scanning && local->scan_req);
781 mutex_unlock(&local->scan_mtx);
782 841
783 if (abortscan) 842 mutex_lock(&local->mtx);
784 ieee80211_scan_completed(&local->hw, true); 843 abortscan = local->scan_req && !test_bit(SCAN_HW_SCANNING, &local->scanning);
844 if (abortscan) {
845 /*
846 * The scan is canceled, but stop work from being pending.
847 *
848 * If the work is currently running, it must be blocked on
849 * the mutex, but we'll set scan_sdata = NULL and it'll
850 * simply exit once it acquires the mutex.
851 */
852 cancel_delayed_work(&local->scan_work);
853 /* and clean up */
854 __ieee80211_scan_completed(&local->hw, true, false);
855 }
856 mutex_unlock(&local->mtx);
857}
858
859int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
860 struct cfg80211_sched_scan_request *req)
861{
862 struct ieee80211_local *local = sdata->local;
863 int ret, i;
864
865 mutex_lock(&sdata->local->mtx);
866
867 if (local->sched_scanning) {
868 ret = -EBUSY;
869 goto out;
870 }
871
872 if (!local->ops->sched_scan_start) {
873 ret = -ENOTSUPP;
874 goto out;
875 }
876
877 for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
878 local->sched_scan_ies.ie[i] = kzalloc(2 +
879 IEEE80211_MAX_SSID_LEN +
880 local->scan_ies_len +
881 req->ie_len,
882 GFP_KERNEL);
883 if (!local->sched_scan_ies.ie[i]) {
884 ret = -ENOMEM;
885 goto out_free;
886 }
887
888 local->sched_scan_ies.len[i] =
889 ieee80211_build_preq_ies(local,
890 local->sched_scan_ies.ie[i],
891 req->ie, req->ie_len, i,
892 (u32) -1, 0);
893 }
894
895 ret = drv_sched_scan_start(local, sdata, req,
896 &local->sched_scan_ies);
897 if (ret == 0) {
898 local->sched_scanning = true;
899 goto out;
900 }
901
902out_free:
903 while (i > 0)
904 kfree(local->sched_scan_ies.ie[--i]);
905out:
906 mutex_unlock(&sdata->local->mtx);
907 return ret;
908}
909
910int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata)
911{
912 struct ieee80211_local *local = sdata->local;
913 int ret = 0, i;
914
915 mutex_lock(&sdata->local->mtx);
916
917 if (!local->ops->sched_scan_stop) {
918 ret = -ENOTSUPP;
919 goto out;
920 }
921
922 if (local->sched_scanning) {
923 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
924 kfree(local->sched_scan_ies.ie[i]);
925
926 drv_sched_scan_stop(local, sdata);
927 local->sched_scanning = false;
928 }
929out:
930 mutex_unlock(&sdata->local->mtx);
931
932 return ret;
933}
934
935void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
936{
937 struct ieee80211_local *local = hw_to_local(hw);
938
939 trace_api_sched_scan_results(local);
940
941 cfg80211_sched_scan_results(hw->wiphy);
942}
943EXPORT_SYMBOL(ieee80211_sched_scan_results);
944
945void ieee80211_sched_scan_stopped_work(struct work_struct *work)
946{
947 struct ieee80211_local *local =
948 container_of(work, struct ieee80211_local,
949 sched_scan_stopped_work);
950 int i;
951
952 mutex_lock(&local->mtx);
953
954 if (!local->sched_scanning) {
955 mutex_unlock(&local->mtx);
956 return;
957 }
958
959 for (i = 0; i < IEEE80211_NUM_BANDS; i++)
960 kfree(local->sched_scan_ies.ie[i]);
961
962 local->sched_scanning = false;
963
964 mutex_unlock(&local->mtx);
965
966 cfg80211_sched_scan_stopped(local->hw.wiphy);
967}
968
969void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
970{
971 struct ieee80211_local *local = hw_to_local(hw);
972
973 trace_api_sched_scan_stopped(local);
974
975 ieee80211_queue_work(&local->hw, &local->sched_scan_stopped_work);
785} 976}
977EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index 6d86f0c1ad04..b83870bf60fa 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -47,9 +47,9 @@
47 * Station entries are added by mac80211 when you establish a link with a 47 * Station entries are added by mac80211 when you establish a link with a
48 * peer. This means different things for the different type of interfaces 48 * peer. This means different things for the different type of interfaces
49 * we support. For a regular station this mean we add the AP sta when we 49 * we support. For a regular station this mean we add the AP sta when we
50 * receive an assocation response from the AP. For IBSS this occurs when 50 * receive an association response from the AP. For IBSS this occurs when
51 * get to know about a peer on the same IBSS. For WDS we add the sta for 51 * get to know about a peer on the same IBSS. For WDS we add the sta for
52 * the peer imediately upon device open. When using AP mode we add stations 52 * the peer immediately upon device open. When using AP mode we add stations
53 * for each respective station upon request from userspace through nl80211. 53 * for each respective station upon request from userspace through nl80211.
54 * 54 *
55 * In order to remove a STA info structure, various sta_info_destroy_*() 55 * In order to remove a STA info structure, various sta_info_destroy_*()
@@ -67,7 +67,8 @@ static int sta_info_hash_del(struct ieee80211_local *local,
67{ 67{
68 struct sta_info *s; 68 struct sta_info *s;
69 69
70 s = local->sta_hash[STA_HASH(sta->sta.addr)]; 70 s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
71 lockdep_is_held(&local->sta_lock));
71 if (!s) 72 if (!s)
72 return -ENOENT; 73 return -ENOENT;
73 if (s == sta) { 74 if (s == sta) {
@@ -76,9 +77,11 @@ static int sta_info_hash_del(struct ieee80211_local *local,
76 return 0; 77 return 0;
77 } 78 }
78 79
79 while (s->hnext && s->hnext != sta) 80 while (rcu_access_pointer(s->hnext) &&
80 s = s->hnext; 81 rcu_access_pointer(s->hnext) != sta)
81 if (s->hnext) { 82 s = rcu_dereference_protected(s->hnext,
83 lockdep_is_held(&local->sta_lock));
84 if (rcu_access_pointer(s->hnext)) {
82 rcu_assign_pointer(s->hnext, sta->hnext); 85 rcu_assign_pointer(s->hnext, sta->hnext);
83 return 0; 86 return 0;
84 } 87 }
@@ -125,7 +128,7 @@ struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
125 lockdep_is_held(&local->sta_mtx)); 128 lockdep_is_held(&local->sta_mtx));
126 while (sta) { 129 while (sta) {
127 if ((sta->sdata == sdata || 130 if ((sta->sdata == sdata ||
128 sta->sdata->bss == sdata->bss) && 131 (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
129 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 132 memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
130 break; 133 break;
131 sta = rcu_dereference_check(sta->hnext, 134 sta = rcu_dereference_check(sta->hnext,
@@ -174,8 +177,7 @@ static void __sta_info_free(struct ieee80211_local *local,
174 } 177 }
175 178
176#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 179#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
177 printk(KERN_DEBUG "%s: Destroyed STA %pM\n", 180 wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
178 wiphy_name(local->hw.wiphy), sta->sta.addr);
179#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 181#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
180 182
181 kfree(sta); 183 kfree(sta);
@@ -200,8 +202,11 @@ static void sta_unblock(struct work_struct *wk)
200 202
201 if (!test_sta_flags(sta, WLAN_STA_PS_STA)) 203 if (!test_sta_flags(sta, WLAN_STA_PS_STA))
202 ieee80211_sta_ps_deliver_wakeup(sta); 204 ieee80211_sta_ps_deliver_wakeup(sta);
203 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) 205 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) {
206 clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
204 ieee80211_sta_ps_deliver_poll_response(sta); 207 ieee80211_sta_ps_deliver_poll_response(sta);
208 } else
209 clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
205} 210}
206 211
207static int sta_prepare_rate_control(struct ieee80211_local *local, 212static int sta_prepare_rate_control(struct ieee80211_local *local,
@@ -226,6 +231,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
226{ 231{
227 struct ieee80211_local *local = sdata->local; 232 struct ieee80211_local *local = sdata->local;
228 struct sta_info *sta; 233 struct sta_info *sta;
234 struct timespec uptime;
229 int i; 235 int i;
230 236
231 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp); 237 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
@@ -241,6 +247,11 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
241 memcpy(sta->sta.addr, addr, ETH_ALEN); 247 memcpy(sta->sta.addr, addr, ETH_ALEN);
242 sta->local = local; 248 sta->local = local;
243 sta->sdata = sdata; 249 sta->sdata = sdata;
250 sta->last_rx = jiffies;
251
252 do_posix_clock_monotonic_gettime(&uptime);
253 sta->last_connected = uptime.tv_sec;
254 ewma_init(&sta->avg_signal, 1024, 8);
244 255
245 if (sta_prepare_rate_control(local, sta, gfp)) { 256 if (sta_prepare_rate_control(local, sta, gfp)) {
246 kfree(sta); 257 kfree(sta);
@@ -262,12 +273,11 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
262 sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX); 273 sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
263 274
264#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 275#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
265 printk(KERN_DEBUG "%s: Allocated STA %pM\n", 276 wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr);
266 wiphy_name(local->hw.wiphy), sta->sta.addr);
267#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 277#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
268 278
269#ifdef CONFIG_MAC80211_MESH 279#ifdef CONFIG_MAC80211_MESH
270 sta->plink_state = PLINK_LISTEN; 280 sta->plink_state = NL80211_PLINK_LISTEN;
271 init_timer(&sta->plink_timer); 281 init_timer(&sta->plink_timer);
272#endif 282#endif
273 283
@@ -282,7 +292,7 @@ static int sta_info_finish_insert(struct sta_info *sta, bool async)
282 unsigned long flags; 292 unsigned long flags;
283 int err = 0; 293 int err = 0;
284 294
285 WARN_ON(!mutex_is_locked(&local->sta_mtx)); 295 lockdep_assert_held(&local->sta_mtx);
286 296
287 /* notify driver */ 297 /* notify driver */
288 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 298 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
@@ -300,8 +310,9 @@ static int sta_info_finish_insert(struct sta_info *sta, bool async)
300 sta->uploaded = true; 310 sta->uploaded = true;
301#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 311#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
302 if (async) 312 if (async)
303 printk(KERN_DEBUG "%s: Finished adding IBSS STA %pM\n", 313 wiphy_debug(local->hw.wiphy,
304 wiphy_name(local->hw.wiphy), sta->sta.addr); 314 "Finished adding IBSS STA %pM\n",
315 sta->sta.addr);
305#endif 316#endif
306 } 317 }
307 318
@@ -411,8 +422,8 @@ int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
411 spin_unlock_irqrestore(&local->sta_lock, flags); 422 spin_unlock_irqrestore(&local->sta_lock, flags);
412 423
413#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 424#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
414 printk(KERN_DEBUG "%s: Added IBSS STA %pM\n", 425 wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n",
415 wiphy_name(local->hw.wiphy), sta->sta.addr); 426 sta->sta.addr);
416#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 427#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
417 428
418 ieee80211_queue_work(&local->hw, &local->sta_finish_work); 429 ieee80211_queue_work(&local->hw, &local->sta_finish_work);
@@ -459,8 +470,7 @@ int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
459 } 470 }
460 471
461#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 472#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
462 printk(KERN_DEBUG "%s: Inserted STA %pM\n", 473 wiphy_debug(local->hw.wiphy, "Inserted STA %pM\n", sta->sta.addr);
463 wiphy_name(local->hw.wiphy), sta->sta.addr);
464#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 474#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
465 475
466 /* move reference to rcu-protected */ 476 /* move reference to rcu-protected */
@@ -580,7 +590,6 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
580{ 590{
581 unsigned long flags; 591 unsigned long flags;
582 struct sk_buff *skb; 592 struct sk_buff *skb;
583 struct ieee80211_sub_if_data *sdata;
584 593
585 if (skb_queue_empty(&sta->ps_tx_buf)) 594 if (skb_queue_empty(&sta->ps_tx_buf))
586 return false; 595 return false;
@@ -597,7 +606,6 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
597 if (!skb) 606 if (!skb)
598 break; 607 break;
599 608
600 sdata = sta->sdata;
601 local->total_ps_buffered--; 609 local->total_ps_buffered--;
602#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 610#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
603 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n", 611 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
@@ -605,7 +613,8 @@ static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
605#endif 613#endif
606 dev_kfree_skb(skb); 614 dev_kfree_skb(skb);
607 615
608 if (skb_queue_empty(&sta->ps_tx_buf)) 616 if (skb_queue_empty(&sta->ps_tx_buf) &&
617 !test_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF))
609 sta_info_clear_tim_bit(sta); 618 sta_info_clear_tim_bit(sta);
610 } 619 }
611 620
@@ -618,7 +627,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
618 struct ieee80211_sub_if_data *sdata; 627 struct ieee80211_sub_if_data *sdata;
619 struct sk_buff *skb; 628 struct sk_buff *skb;
620 unsigned long flags; 629 unsigned long flags;
621 int ret; 630 int ret, i;
622 631
623 might_sleep(); 632 might_sleep();
624 633
@@ -635,7 +644,7 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
635 * will be sufficient. 644 * will be sufficient.
636 */ 645 */
637 set_sta_flags(sta, WLAN_STA_BLOCK_BA); 646 set_sta_flags(sta, WLAN_STA_BLOCK_BA);
638 ieee80211_sta_tear_down_BA_sessions(sta); 647 ieee80211_sta_tear_down_BA_sessions(sta, true);
639 648
640 spin_lock_irqsave(&local->sta_lock, flags); 649 spin_lock_irqsave(&local->sta_lock, flags);
641 ret = sta_info_hash_del(local, sta); 650 ret = sta_info_hash_del(local, sta);
@@ -646,10 +655,12 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
646 if (ret) 655 if (ret)
647 return ret; 656 return ret;
648 657
649 if (sta->key) { 658 mutex_lock(&local->key_mtx);
650 ieee80211_key_free(local, sta->key); 659 for (i = 0; i < NUM_DEFAULT_KEYS; i++)
651 WARN_ON(sta->key); 660 __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
652 } 661 if (sta->ptk)
662 __ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
663 mutex_unlock(&local->key_mtx);
653 664
654 sta->dead = true; 665 sta->dead = true;
655 666
@@ -690,11 +701,12 @@ static int __must_check __sta_info_destroy(struct sta_info *sta)
690#endif 701#endif
691 702
692#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 703#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
693 printk(KERN_DEBUG "%s: Removed STA %pM\n", 704 wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr);
694 wiphy_name(local->hw.wiphy), sta->sta.addr);
695#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 705#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
696 cancel_work_sync(&sta->drv_unblock_wk); 706 cancel_work_sync(&sta->drv_unblock_wk);
697 707
708 cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);
709
698 rate_control_remove_sta_debugfs(sta); 710 rate_control_remove_sta_debugfs(sta);
699 ieee80211_sta_debugfs_remove(sta); 711 ieee80211_sta_debugfs_remove(sta);
700 712
@@ -763,9 +775,8 @@ static void sta_info_cleanup(unsigned long data)
763 if (!timer_needed) 775 if (!timer_needed)
764 return; 776 return;
765 777
766 local->sta_cleanup.expires = 778 mod_timer(&local->sta_cleanup,
767 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 779 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
768 add_timer(&local->sta_cleanup);
769} 780}
770 781
771void sta_info_init(struct ieee80211_local *local) 782void sta_info_init(struct ieee80211_local *local)
@@ -778,14 +789,6 @@ void sta_info_init(struct ieee80211_local *local)
778 789
779 setup_timer(&local->sta_cleanup, sta_info_cleanup, 790 setup_timer(&local->sta_cleanup, sta_info_cleanup,
780 (unsigned long)local); 791 (unsigned long)local);
781 local->sta_cleanup.expires =
782 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL);
783}
784
785int sta_info_start(struct ieee80211_local *local)
786{
787 add_timer(&local->sta_cleanup);
788 return 0;
789} 792}
790 793
791void sta_info_stop(struct ieee80211_local *local) 794void sta_info_stop(struct ieee80211_local *local)
@@ -841,13 +844,20 @@ void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
841 mutex_unlock(&local->sta_mtx); 844 mutex_unlock(&local->sta_mtx);
842} 845}
843 846
844struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw, 847struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
845 const u8 *addr) 848 const u8 *addr,
849 const u8 *localaddr)
846{ 850{
847 struct sta_info *sta, *nxt; 851 struct sta_info *sta, *nxt;
848 852
849 /* Just return a random station ... first in list ... */ 853 /*
854 * Just return a random station if localaddr is NULL
855 * ... first in list.
856 */
850 for_each_sta_info(hw_to_local(hw), addr, sta, nxt) { 857 for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
858 if (localaddr &&
859 compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0)
860 continue;
851 if (!sta->uploaded) 861 if (!sta->uploaded)
852 return NULL; 862 return NULL;
853 return &sta->sta; 863 return &sta->sta;
@@ -855,7 +865,7 @@ struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw,
855 865
856 return NULL; 866 return NULL;
857} 867}
858EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw); 868EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
859 869
860struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif, 870struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
861 const u8 *addr) 871 const u8 *addr)
@@ -876,6 +886,13 @@ struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
876} 886}
877EXPORT_SYMBOL(ieee80211_find_sta); 887EXPORT_SYMBOL(ieee80211_find_sta);
878 888
889static void clear_sta_ps_flags(void *_sta)
890{
891 struct sta_info *sta = _sta;
892
893 clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA);
894}
895
879/* powersave support code */ 896/* powersave support code */
880void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) 897void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
881{ 898{
@@ -883,14 +900,17 @@ void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
883 struct ieee80211_local *local = sdata->local; 900 struct ieee80211_local *local = sdata->local;
884 int sent, buffered; 901 int sent, buffered;
885 902
886 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta); 903 clear_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
904 if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
905 drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
887 906
888 if (!skb_queue_empty(&sta->ps_tx_buf)) 907 if (!skb_queue_empty(&sta->ps_tx_buf))
889 sta_info_clear_tim_bit(sta); 908 sta_info_clear_tim_bit(sta);
890 909
891 /* Send all buffered frames to the station */ 910 /* Send all buffered frames to the station */
892 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered); 911 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered);
893 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf); 912 buffered = ieee80211_add_pending_skbs_fn(local, &sta->ps_tx_buf,
913 clear_sta_ps_flags, sta);
894 sent += buffered; 914 sent += buffered;
895 local->total_ps_buffered -= buffered; 915 local->total_ps_buffered -= buffered;
896 916
@@ -969,7 +989,16 @@ void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
969 989
970 if (block) 990 if (block)
971 set_sta_flags(sta, WLAN_STA_PS_DRIVER); 991 set_sta_flags(sta, WLAN_STA_PS_DRIVER);
972 else 992 else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER))
973 ieee80211_queue_work(hw, &sta->drv_unblock_wk); 993 ieee80211_queue_work(hw, &sta->drv_unblock_wk);
974} 994}
975EXPORT_SYMBOL(ieee80211_sta_block_awake); 995EXPORT_SYMBOL(ieee80211_sta_block_awake);
996
997void ieee80211_sta_set_tim(struct ieee80211_sta *pubsta)
998{
999 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1000
1001 set_sta_flags(sta, WLAN_STA_PS_DRIVER_BUF);
1002 sta_info_set_tim_bit(sta);
1003}
1004EXPORT_SYMBOL(ieee80211_sta_set_tim);
diff --git a/net/mac80211/sta_info.h b/net/mac80211/sta_info.h
index 54262e72376d..c6ae8718bd57 100644
--- a/net/mac80211/sta_info.h
+++ b/net/mac80211/sta_info.h
@@ -13,6 +13,7 @@
13#include <linux/types.h> 13#include <linux/types.h>
14#include <linux/if_ether.h> 14#include <linux/if_ether.h>
15#include <linux/workqueue.h> 15#include <linux/workqueue.h>
16#include <linux/average.h>
16#include "key.h" 17#include "key.h"
17 18
18/** 19/**
@@ -42,6 +43,8 @@
42 * be in the queues 43 * be in the queues
43 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping 44 * @WLAN_STA_PSPOLL: Station sent PS-poll while driver was keeping
44 * station in power-save mode, reply when the driver unblocks. 45 * station in power-save mode, reply when the driver unblocks.
46 * @WLAN_STA_PS_DRIVER_BUF: Station has frames pending in driver internal
47 * buffers. Automatically cleared on station wake-up.
45 */ 48 */
46enum ieee80211_sta_info_flags { 49enum ieee80211_sta_info_flags {
47 WLAN_STA_AUTH = 1<<0, 50 WLAN_STA_AUTH = 1<<0,
@@ -57,6 +60,7 @@ enum ieee80211_sta_info_flags {
57 WLAN_STA_BLOCK_BA = 1<<11, 60 WLAN_STA_BLOCK_BA = 1<<11,
58 WLAN_STA_PS_DRIVER = 1<<12, 61 WLAN_STA_PS_DRIVER = 1<<12,
59 WLAN_STA_PSPOLL = 1<<13, 62 WLAN_STA_PSPOLL = 1<<13,
63 WLAN_STA_PS_DRIVER_BUF = 1<<14,
60}; 64};
61 65
62#define STA_TID_NUM 16 66#define STA_TID_NUM 16
@@ -77,24 +81,31 @@ enum ieee80211_sta_info_flags {
77 * @addba_resp_timer: timer for peer's response to addba request 81 * @addba_resp_timer: timer for peer's response to addba request
78 * @pending: pending frames queue -- use sta's spinlock to protect 82 * @pending: pending frames queue -- use sta's spinlock to protect
79 * @dialog_token: dialog token for aggregation session 83 * @dialog_token: dialog token for aggregation session
84 * @timeout: session timeout value to be filled in ADDBA requests
80 * @state: session state (see above) 85 * @state: session state (see above)
81 * @stop_initiator: initiator of a session stop 86 * @stop_initiator: initiator of a session stop
87 * @tx_stop: TX DelBA frame when stopping
88 * @buf_size: reorder buffer size at receiver
82 * 89 *
83 * This structure is protected by RCU and the per-station 90 * This structure's lifetime is managed by RCU, assignments to
84 * spinlock. Assignments to the array holding it must hold 91 * the array holding it must hold the aggregation mutex.
85 * the spinlock, only the TX path can access it under RCU 92 *
86 * lock-free if, and only if, the state has the flag 93 * The TX path can access it under RCU lock-free if, and
87 * %HT_AGG_STATE_OPERATIONAL set. Otherwise, the TX path 94 * only if, the state has the flag %HT_AGG_STATE_OPERATIONAL
88 * must also acquire the spinlock and re-check the state, 95 * set. Otherwise, the TX path must also acquire the spinlock
89 * see comments in the tx code touching it. 96 * and re-check the state, see comments in the tx code
97 * touching it.
90 */ 98 */
91struct tid_ampdu_tx { 99struct tid_ampdu_tx {
92 struct rcu_head rcu_head; 100 struct rcu_head rcu_head;
93 struct timer_list addba_resp_timer; 101 struct timer_list addba_resp_timer;
94 struct sk_buff_head pending; 102 struct sk_buff_head pending;
95 unsigned long state; 103 unsigned long state;
104 u16 timeout;
96 u8 dialog_token; 105 u8 dialog_token;
97 u8 stop_initiator; 106 u8 stop_initiator;
107 bool tx_stop;
108 u8 buf_size;
98}; 109};
99 110
100/** 111/**
@@ -103,6 +114,7 @@ struct tid_ampdu_tx {
103 * @reorder_buf: buffer to reorder incoming aggregated MPDUs 114 * @reorder_buf: buffer to reorder incoming aggregated MPDUs
104 * @reorder_time: jiffies when skb was added 115 * @reorder_time: jiffies when skb was added
105 * @session_timer: check if peer keeps Tx-ing on the TID (by timeout value) 116 * @session_timer: check if peer keeps Tx-ing on the TID (by timeout value)
117 * @reorder_timer: releases expired frames from the reorder buffer.
106 * @head_seq_num: head sequence number in reordering buffer. 118 * @head_seq_num: head sequence number in reordering buffer.
107 * @stored_mpdu_num: number of MPDUs in reordering buffer 119 * @stored_mpdu_num: number of MPDUs in reordering buffer
108 * @ssn: Starting Sequence Number expected to be aggregated. 120 * @ssn: Starting Sequence Number expected to be aggregated.
@@ -110,20 +122,23 @@ struct tid_ampdu_tx {
110 * @timeout: reset timer value (in TUs). 122 * @timeout: reset timer value (in TUs).
111 * @dialog_token: dialog token for aggregation session 123 * @dialog_token: dialog token for aggregation session
112 * @rcu_head: RCU head used for freeing this struct 124 * @rcu_head: RCU head used for freeing this struct
125 * @reorder_lock: serializes access to reorder buffer, see below.
126 *
127 * This structure's lifetime is managed by RCU, assignments to
128 * the array holding it must hold the aggregation mutex.
113 * 129 *
114 * This structure is protected by RCU and the per-station 130 * The @reorder_lock is used to protect the members of this
115 * spinlock. Assignments to the array holding it must hold 131 * struct, except for @timeout, @buf_size and @dialog_token,
116 * the spinlock, only the RX path can access it under RCU 132 * which are constant across the lifetime of the struct (the
117 * lock-free. The RX path, since it is single-threaded, 133 * dialog token being used only for debugging).
118 * can even modify the structure without locking since the
119 * only other modifications to it are done when the struct
120 * can not yet or no longer be found by the RX path.
121 */ 134 */
122struct tid_ampdu_rx { 135struct tid_ampdu_rx {
123 struct rcu_head rcu_head; 136 struct rcu_head rcu_head;
137 spinlock_t reorder_lock;
124 struct sk_buff **reorder_buf; 138 struct sk_buff **reorder_buf;
125 unsigned long *reorder_time; 139 unsigned long *reorder_time;
126 struct timer_list session_timer; 140 struct timer_list session_timer;
141 struct timer_list reorder_timer;
127 u16 head_seq_num; 142 u16 head_seq_num;
128 u16 stored_mpdu_num; 143 u16 stored_mpdu_num;
129 u16 ssn; 144 u16 ssn;
@@ -137,6 +152,7 @@ struct tid_ampdu_rx {
137 * 152 *
138 * @tid_rx: aggregation info for Rx per TID -- RCU protected 153 * @tid_rx: aggregation info for Rx per TID -- RCU protected
139 * @tid_tx: aggregation info for Tx per TID 154 * @tid_tx: aggregation info for Tx per TID
155 * @tid_start_tx: sessions where start was requested
140 * @addba_req_num: number of times addBA request has been sent. 156 * @addba_req_num: number of times addBA request has been sent.
141 * @dialog_token_allocator: dialog token enumerator for each new session; 157 * @dialog_token_allocator: dialog token enumerator for each new session;
142 * @work: work struct for starting/stopping aggregation 158 * @work: work struct for starting/stopping aggregation
@@ -148,40 +164,18 @@ struct tid_ampdu_rx {
148struct sta_ampdu_mlme { 164struct sta_ampdu_mlme {
149 struct mutex mtx; 165 struct mutex mtx;
150 /* rx */ 166 /* rx */
151 struct tid_ampdu_rx *tid_rx[STA_TID_NUM]; 167 struct tid_ampdu_rx __rcu *tid_rx[STA_TID_NUM];
152 unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)]; 168 unsigned long tid_rx_timer_expired[BITS_TO_LONGS(STA_TID_NUM)];
153 /* tx */ 169 /* tx */
154 struct work_struct work; 170 struct work_struct work;
155 struct tid_ampdu_tx *tid_tx[STA_TID_NUM]; 171 struct tid_ampdu_tx __rcu *tid_tx[STA_TID_NUM];
172 struct tid_ampdu_tx *tid_start_tx[STA_TID_NUM];
156 u8 addba_req_num[STA_TID_NUM]; 173 u8 addba_req_num[STA_TID_NUM];
157 u8 dialog_token_allocator; 174 u8 dialog_token_allocator;
158}; 175};
159 176
160 177
161/** 178/**
162 * enum plink_state - state of a mesh peer link finite state machine
163 *
164 * @PLINK_LISTEN: initial state, considered the implicit state of non existant
165 * mesh peer links
166 * @PLINK_OPN_SNT: mesh plink open frame has been sent to this mesh peer
167 * @PLINK_OPN_RCVD: mesh plink open frame has been received from this mesh peer
168 * @PLINK_CNF_RCVD: mesh plink confirm frame has been received from this mesh
169 * peer
170 * @PLINK_ESTAB: mesh peer link is established
171 * @PLINK_HOLDING: mesh peer link is being closed or cancelled
172 * @PLINK_BLOCKED: all frames transmitted from this mesh plink are discarded
173 */
174enum plink_state {
175 PLINK_LISTEN,
176 PLINK_OPN_SNT,
177 PLINK_OPN_RCVD,
178 PLINK_CNF_RCVD,
179 PLINK_ESTAB,
180 PLINK_HOLDING,
181 PLINK_BLOCKED
182};
183
184/**
185 * struct sta_info - STA information 179 * struct sta_info - STA information
186 * 180 *
187 * This structure collects information about a station that 181 * This structure collects information about a station that
@@ -191,11 +185,14 @@ enum plink_state {
191 * @hnext: hash table linked list pointer 185 * @hnext: hash table linked list pointer
192 * @local: pointer to the global information 186 * @local: pointer to the global information
193 * @sdata: virtual interface this station belongs to 187 * @sdata: virtual interface this station belongs to
194 * @key: peer key negotiated with this station, if any 188 * @ptk: peer key negotiated with this station, if any
189 * @gtk: group keys negotiated with this station, if any
195 * @rate_ctrl: rate control algorithm reference 190 * @rate_ctrl: rate control algorithm reference
196 * @rate_ctrl_priv: rate control private per-STA pointer 191 * @rate_ctrl_priv: rate control private per-STA pointer
197 * @last_tx_rate: rate used for last transmit, to report to userspace as 192 * @last_tx_rate: rate used for last transmit, to report to userspace as
198 * "the" transmit rate 193 * "the" transmit rate
194 * @last_rx_rate_idx: rx status rate index of the last data packet
195 * @last_rx_rate_flag: rx status flag of the last data packet
199 * @lock: used for locking all fields that require locking, see comments 196 * @lock: used for locking all fields that require locking, see comments
200 * in the header file. 197 * in the header file.
201 * @flaglock: spinlock for flags accesses 198 * @flaglock: spinlock for flags accesses
@@ -211,10 +208,12 @@ enum plink_state {
211 * @rx_bytes: Number of bytes received from this STA 208 * @rx_bytes: Number of bytes received from this STA
212 * @wep_weak_iv_count: number of weak WEP IVs received from this station 209 * @wep_weak_iv_count: number of weak WEP IVs received from this station
213 * @last_rx: time (in jiffies) when last frame was received from this STA 210 * @last_rx: time (in jiffies) when last frame was received from this STA
211 * @last_connected: time (in seconds) when a station got connected
214 * @num_duplicates: number of duplicate frames received from this STA 212 * @num_duplicates: number of duplicate frames received from this STA
215 * @rx_fragments: number of received MPDUs 213 * @rx_fragments: number of received MPDUs
216 * @rx_dropped: number of dropped MPDUs from this STA 214 * @rx_dropped: number of dropped MPDUs from this STA
217 * @last_signal: signal of last received frame from this STA 215 * @last_signal: signal of last received frame from this STA
216 * @avg_signal: moving average of signal of received frames from this STA
218 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue) 217 * @last_seq_ctrl: last received seq/frag number from this STA (per RX queue)
219 * @tx_filtered_count: number of frames the hardware filtered for this STA 218 * @tx_filtered_count: number of frames the hardware filtered for this STA
220 * @tx_retry_failed: number of frames that failed retry 219 * @tx_retry_failed: number of frames that failed retry
@@ -239,14 +238,16 @@ enum plink_state {
239 * @sta: station information we share with the driver 238 * @sta: station information we share with the driver
240 * @dead: set to true when sta is unlinked 239 * @dead: set to true when sta is unlinked
241 * @uploaded: set to true when sta is uploaded to the driver 240 * @uploaded: set to true when sta is uploaded to the driver
241 * @lost_packets: number of consecutive lost packets
242 */ 242 */
243struct sta_info { 243struct sta_info {
244 /* General information, mostly static */ 244 /* General information, mostly static */
245 struct list_head list; 245 struct list_head list;
246 struct sta_info *hnext; 246 struct sta_info __rcu *hnext;
247 struct ieee80211_local *local; 247 struct ieee80211_local *local;
248 struct ieee80211_sub_if_data *sdata; 248 struct ieee80211_sub_if_data *sdata;
249 struct ieee80211_key *key; 249 struct ieee80211_key __rcu *gtk[NUM_DEFAULT_KEYS + NUM_DEFAULT_MGMT_KEYS];
250 struct ieee80211_key __rcu *ptk;
250 struct rate_control_ref *rate_ctrl; 251 struct rate_control_ref *rate_ctrl;
251 void *rate_ctrl_priv; 252 void *rate_ctrl_priv;
252 spinlock_t lock; 253 spinlock_t lock;
@@ -277,10 +278,12 @@ struct sta_info {
277 unsigned long rx_packets, rx_bytes; 278 unsigned long rx_packets, rx_bytes;
278 unsigned long wep_weak_iv_count; 279 unsigned long wep_weak_iv_count;
279 unsigned long last_rx; 280 unsigned long last_rx;
281 long last_connected;
280 unsigned long num_duplicates; 282 unsigned long num_duplicates;
281 unsigned long rx_fragments; 283 unsigned long rx_fragments;
282 unsigned long rx_dropped; 284 unsigned long rx_dropped;
283 int last_signal; 285 int last_signal;
286 struct ewma avg_signal;
284 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES]; 287 __le16 last_seq_ctrl[NUM_RX_DATA_QUEUES];
285 288
286 /* Updated from TX status path only, no locking requirements */ 289 /* Updated from TX status path only, no locking requirements */
@@ -294,6 +297,8 @@ struct sta_info {
294 unsigned long tx_bytes; 297 unsigned long tx_bytes;
295 unsigned long tx_fragments; 298 unsigned long tx_fragments;
296 struct ieee80211_tx_rate last_tx_rate; 299 struct ieee80211_tx_rate last_tx_rate;
300 int last_rx_rate_idx;
301 int last_rx_rate_flag;
297 u16 tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1]; 302 u16 tid_seq[IEEE80211_QOS_CTL_TID_MASK + 1];
298 303
299 /* 304 /*
@@ -313,7 +318,7 @@ struct sta_info {
313 u8 plink_retries; 318 u8 plink_retries;
314 bool ignore_plink_timer; 319 bool ignore_plink_timer;
315 bool plink_timer_was_running; 320 bool plink_timer_was_running;
316 enum plink_state plink_state; 321 enum nl80211_plink_state plink_state;
317 u32 plink_timeout; 322 u32 plink_timeout;
318 struct timer_list plink_timer; 323 struct timer_list plink_timer;
319#endif 324#endif
@@ -325,16 +330,18 @@ struct sta_info {
325 } debugfs; 330 } debugfs;
326#endif 331#endif
327 332
333 unsigned int lost_packets;
334
328 /* keep last! */ 335 /* keep last! */
329 struct ieee80211_sta sta; 336 struct ieee80211_sta sta;
330}; 337};
331 338
332static inline enum plink_state sta_plink_state(struct sta_info *sta) 339static inline enum nl80211_plink_state sta_plink_state(struct sta_info *sta)
333{ 340{
334#ifdef CONFIG_MAC80211_MESH 341#ifdef CONFIG_MAC80211_MESH
335 return sta->plink_state; 342 return sta->plink_state;
336#endif 343#endif
337 return PLINK_LISTEN; 344 return NL80211_PLINK_LISTEN;
338} 345}
339 346
340static inline void set_sta_flags(struct sta_info *sta, const u32 flags) 347static inline void set_sta_flags(struct sta_info *sta, const u32 flags)
@@ -393,7 +400,16 @@ static inline u32 get_sta_flags(struct sta_info *sta)
393 return ret; 400 return ret;
394} 401}
395 402
403void ieee80211_assign_tid_tx(struct sta_info *sta, int tid,
404 struct tid_ampdu_tx *tid_tx);
396 405
406static inline struct tid_ampdu_tx *
407rcu_dereference_protected_tid_tx(struct sta_info *sta, int tid)
408{
409 return rcu_dereference_protected(sta->ampdu_mlme.tid_tx[tid],
410 lockdep_is_held(&sta->lock) ||
411 lockdep_is_held(&sta->ampdu_mlme.mtx));
412}
397 413
398#define STA_HASH_SIZE 256 414#define STA_HASH_SIZE 256
399#define STA_HASH(sta) (sta[5]) 415#define STA_HASH(sta) (sta[5])
@@ -474,7 +490,6 @@ void sta_info_set_tim_bit(struct sta_info *sta);
474void sta_info_clear_tim_bit(struct sta_info *sta); 490void sta_info_clear_tim_bit(struct sta_info *sta);
475 491
476void sta_info_init(struct ieee80211_local *local); 492void sta_info_init(struct ieee80211_local *local);
477int sta_info_start(struct ieee80211_local *local);
478void sta_info_stop(struct ieee80211_local *local); 493void sta_info_stop(struct ieee80211_local *local);
479int sta_info_flush(struct ieee80211_local *local, 494int sta_info_flush(struct ieee80211_local *local,
480 struct ieee80211_sub_if_data *sdata); 495 struct ieee80211_sub_if_data *sdata);
diff --git a/net/mac80211/status.c b/net/mac80211/status.c
index 34da67995d94..1658efaa2e8e 100644
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -58,6 +58,7 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
58 info->control.vif = &sta->sdata->vif; 58 info->control.vif = &sta->sdata->vif;
59 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING | 59 info->flags |= IEEE80211_TX_INTFL_NEED_TXPROCESSING |
60 IEEE80211_TX_INTFL_RETRANSMISSION; 60 IEEE80211_TX_INTFL_RETRANSMISSION;
61 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
61 62
62 sta->tx_filtered_count++; 63 sta->tx_filtered_count++;
63 64
@@ -97,6 +98,10 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
97 * (b) always process RX events before TX status events if ordering 98 * (b) always process RX events before TX status events if ordering
98 * can be unknown, for example with different interrupt status 99 * can be unknown, for example with different interrupt status
99 * bits. 100 * bits.
101 * (c) if PS mode transitions are manual (i.e. the flag
102 * %IEEE80211_HW_AP_LINK_PS is set), always process PS state
103 * changes before calling TX status events if ordering can be
104 * unknown.
100 */ 105 */
101 if (test_sta_flags(sta, WLAN_STA_PS_STA) && 106 if (test_sta_flags(sta, WLAN_STA_PS_STA) &&
102 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) { 107 skb_queue_len(&sta->tx_filtered) < STA_MAX_TX_BUFFER) {
@@ -114,11 +119,10 @@ static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
114 119
115#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 120#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
116 if (net_ratelimit()) 121 if (net_ratelimit())
117 printk(KERN_DEBUG "%s: dropped TX filtered frame, " 122 wiphy_debug(local->hw.wiphy,
118 "queue_len=%d PS=%d @%lu\n", 123 "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
119 wiphy_name(local->hw.wiphy), 124 skb_queue_len(&sta->tx_filtered),
120 skb_queue_len(&sta->tx_filtered), 125 !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies);
121 !!test_sta_flags(sta, WLAN_STA_PS_STA), jiffies);
122#endif 126#endif
123 dev_kfree_skb(skb); 127 dev_kfree_skb(skb);
124} 128}
@@ -157,6 +161,15 @@ static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
157 } 161 }
158} 162}
159 163
164/*
165 * Use a static threshold for now, best value to be determined
166 * by testing ...
167 * Should it depend on:
168 * - on # of retransmissions
169 * - current throughput (higher value for higher tpt)?
170 */
171#define STA_LOST_PKT_THRESHOLD 50
172
160void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb) 173void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
161{ 174{
162 struct sk_buff *skb2; 175 struct sk_buff *skb2;
@@ -173,18 +186,22 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
173 int retry_count = -1, i; 186 int retry_count = -1, i;
174 int rates_idx = -1; 187 int rates_idx = -1;
175 bool send_to_cooked; 188 bool send_to_cooked;
189 bool acked;
176 190
177 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 191 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
178 /* the HW cannot have attempted that rate */ 192 if (info->status.rates[i].idx < 0) {
179 if (i >= hw->max_rates) { 193 break;
194 } else if (i >= hw->max_report_rates) {
195 /* the HW cannot have attempted that rate */
180 info->status.rates[i].idx = -1; 196 info->status.rates[i].idx = -1;
181 info->status.rates[i].count = 0; 197 info->status.rates[i].count = 0;
182 } else if (info->status.rates[i].idx >= 0) { 198 break;
183 rates_idx = i;
184 } 199 }
185 200
186 retry_count += info->status.rates[i].count; 201 retry_count += info->status.rates[i].count;
187 } 202 }
203 rates_idx = i - 1;
204
188 if (retry_count < 0) 205 if (retry_count < 0)
189 retry_count = 0; 206 retry_count = 0;
190 207
@@ -198,8 +215,8 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
198 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN)) 215 if (memcmp(hdr->addr2, sta->sdata->vif.addr, ETH_ALEN))
199 continue; 216 continue;
200 217
201 if (!(info->flags & IEEE80211_TX_STAT_ACK) && 218 acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
202 test_sta_flags(sta, WLAN_STA_PS_STA)) { 219 if (!acked && test_sta_flags(sta, WLAN_STA_PS_STA)) {
203 /* 220 /*
204 * The STA is in power save mode, so assume 221 * The STA is in power save mode, so assume
205 * that this TX packet failed because of that. 222 * that this TX packet failed because of that.
@@ -231,7 +248,7 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
231 rcu_read_unlock(); 248 rcu_read_unlock();
232 return; 249 return;
233 } else { 250 } else {
234 if (!(info->flags & IEEE80211_TX_STAT_ACK)) 251 if (!acked)
235 sta->tx_retry_failed++; 252 sta->tx_retry_failed++;
236 sta->tx_retry_count += retry_count; 253 sta->tx_retry_count += retry_count;
237 } 254 }
@@ -240,9 +257,25 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
240 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) 257 if (ieee80211_vif_is_mesh(&sta->sdata->vif))
241 ieee80211s_update_metric(local, sta, skb); 258 ieee80211s_update_metric(local, sta, skb);
242 259
243 if (!(info->flags & IEEE80211_TX_CTL_INJECTED) && 260 if (!(info->flags & IEEE80211_TX_CTL_INJECTED) && acked)
244 (info->flags & IEEE80211_TX_STAT_ACK))
245 ieee80211_frame_acked(sta, skb); 261 ieee80211_frame_acked(sta, skb);
262
263 if ((sta->sdata->vif.type == NL80211_IFTYPE_STATION) &&
264 (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS))
265 ieee80211_sta_tx_notify(sta->sdata, (void *) skb->data, acked);
266
267 if (local->hw.flags & IEEE80211_HW_REPORTS_TX_ACK_STATUS) {
268 if (info->flags & IEEE80211_TX_STAT_ACK) {
269 if (sta->lost_packets)
270 sta->lost_packets = 0;
271 } else if (++sta->lost_packets >= STA_LOST_PKT_THRESHOLD) {
272 cfg80211_cqm_pktloss_notify(sta->sdata->dev,
273 sta->sta.addr,
274 sta->lost_packets,
275 GFP_ATOMIC);
276 sta->lost_packets = 0;
277 }
278 }
246 } 279 }
247 280
248 rcu_read_unlock(); 281 rcu_read_unlock();
@@ -288,17 +321,37 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
288 if (info->flags & IEEE80211_TX_STAT_ACK) { 321 if (info->flags & IEEE80211_TX_STAT_ACK) {
289 local->ps_sdata->u.mgd.flags |= 322 local->ps_sdata->u.mgd.flags |=
290 IEEE80211_STA_NULLFUNC_ACKED; 323 IEEE80211_STA_NULLFUNC_ACKED;
291 ieee80211_queue_work(&local->hw,
292 &local->dynamic_ps_enable_work);
293 } else 324 } else
294 mod_timer(&local->dynamic_ps_timer, jiffies + 325 mod_timer(&local->dynamic_ps_timer, jiffies +
295 msecs_to_jiffies(10)); 326 msecs_to_jiffies(10));
296 } 327 }
297 328
298 if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) 329 if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) {
299 cfg80211_action_tx_status( 330 struct ieee80211_work *wk;
300 skb->dev, (unsigned long) skb, skb->data, skb->len, 331 u64 cookie = (unsigned long)skb;
332
333 rcu_read_lock();
334 list_for_each_entry_rcu(wk, &local->work_list, list) {
335 if (wk->type != IEEE80211_WORK_OFFCHANNEL_TX)
336 continue;
337 if (wk->offchan_tx.frame != skb)
338 continue;
339 wk->offchan_tx.frame = NULL;
340 break;
341 }
342 rcu_read_unlock();
343 if (local->hw_roc_skb_for_status == skb) {
344 cookie = local->hw_roc_cookie ^ 2;
345 local->hw_roc_skb_for_status = NULL;
346 }
347
348 if (cookie == local->hw_offchan_tx_cookie)
349 local->hw_offchan_tx_cookie = 0;
350
351 cfg80211_mgmt_tx_status(
352 skb->dev, cookie, skb->data, skb->len,
301 !!(info->flags & IEEE80211_TX_STAT_ACK), GFP_ATOMIC); 353 !!(info->flags & IEEE80211_TX_STAT_ACK), GFP_ATOMIC);
354 }
302 355
303 /* this was a transmitted frame, but now we want to reuse it */ 356 /* this was a transmitted frame, but now we want to reuse it */
304 skb_orphan(skb); 357 skb_orphan(skb);
@@ -393,3 +446,11 @@ void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
393 dev_kfree_skb(skb); 446 dev_kfree_skb(skb);
394} 447}
395EXPORT_SYMBOL(ieee80211_tx_status); 448EXPORT_SYMBOL(ieee80211_tx_status);
449
450void ieee80211_report_low_ack(struct ieee80211_sta *pubsta, u32 num_packets)
451{
452 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
453 cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
454 num_packets, GFP_ATOMIC);
455}
456EXPORT_SYMBOL(ieee80211_report_low_ack);
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index e840c9cd46db..757e4eb2baf7 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -202,7 +202,7 @@ EXPORT_SYMBOL(ieee80211_get_tkip_key);
202 * @payload_len is the length of payload (_not_ including IV/ICV length). 202 * @payload_len is the length of payload (_not_ including IV/ICV length).
203 * @ta is the transmitter addresses. 203 * @ta is the transmitter addresses.
204 */ 204 */
205int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 205int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm,
206 struct ieee80211_key *key, 206 struct ieee80211_key *key,
207 u8 *pos, size_t payload_len, u8 *ta) 207 u8 *pos, size_t payload_len, u8 *ta)
208{ 208{
@@ -223,7 +223,7 @@ int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm,
223 * beginning of the buffer containing IEEE 802.11 header payload, i.e., 223 * beginning of the buffer containing IEEE 802.11 header payload, i.e.,
224 * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the 224 * including IV, Ext. IV, real data, Michael MIC, ICV. @payload_len is the
225 * length of payload, including IV, Ext. IV, MIC, ICV. */ 225 * length of payload, including IV, Ext. IV, MIC, ICV. */
226int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, 226int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
227 struct ieee80211_key *key, 227 struct ieee80211_key *key,
228 u8 *payload, size_t payload_len, u8 *ta, 228 u8 *payload, size_t payload_len, u8 *ta,
229 u8 *ra, int only_iv, int queue, 229 u8 *ra, int only_iv, int queue,
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h
index 7e83dee976fa..1cab9c86978f 100644
--- a/net/mac80211/tkip.h
+++ b/net/mac80211/tkip.h
@@ -15,7 +15,7 @@
15 15
16u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16); 16u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16);
17 17
18int ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, 18int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm,
19 struct ieee80211_key *key, 19 struct ieee80211_key *key,
20 u8 *pos, size_t payload_len, u8 *ta); 20 u8 *pos, size_t payload_len, u8 *ta);
21enum { 21enum {
@@ -24,7 +24,7 @@ enum {
24 TKIP_DECRYPT_INVALID_KEYIDX = -2, 24 TKIP_DECRYPT_INVALID_KEYIDX = -2,
25 TKIP_DECRYPT_REPLAY = -3, 25 TKIP_DECRYPT_REPLAY = -3,
26}; 26};
27int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, 27int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
28 struct ieee80211_key *key, 28 struct ieee80211_key *key,
29 u8 *payload, size_t payload_len, u8 *ta, 29 u8 *payload, size_t payload_len, u8 *ta,
30 u8 *ra, int only_iv, int queue, 30 u8 *ra, int only_iv, int queue,
diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
index c54db966926b..3104c844b544 100644
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -33,10 +33,6 @@
33#include "wme.h" 33#include "wme.h"
34#include "rate.h" 34#include "rate.h"
35 35
36#define IEEE80211_TX_OK 0
37#define IEEE80211_TX_AGAIN 1
38#define IEEE80211_TX_PENDING 2
39
40/* misc utils */ 36/* misc utils */
41 37
42static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr, 38static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
@@ -173,7 +169,7 @@ static __le16 ieee80211_duration(struct ieee80211_tx_data *tx, int group_addr,
173 return cpu_to_le16(dur); 169 return cpu_to_le16(dur);
174} 170}
175 171
176static int inline is_ieee80211_device(struct ieee80211_local *local, 172static inline int is_ieee80211_device(struct ieee80211_local *local,
177 struct net_device *dev) 173 struct net_device *dev)
178{ 174{
179 return local == wdev_priv(dev->ieee80211_ptr); 175 return local == wdev_priv(dev->ieee80211_ptr);
@@ -236,10 +232,15 @@ ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
236 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 232 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
237 ieee80211_stop_queues_by_reason(&local->hw, 233 ieee80211_stop_queues_by_reason(&local->hw,
238 IEEE80211_QUEUE_STOP_REASON_PS); 234 IEEE80211_QUEUE_STOP_REASON_PS);
235 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
239 ieee80211_queue_work(&local->hw, 236 ieee80211_queue_work(&local->hw,
240 &local->dynamic_ps_disable_work); 237 &local->dynamic_ps_disable_work);
241 } 238 }
242 239
240 /* Don't restart the timer if we're not disassociated */
241 if (!ifmgd->associated)
242 return TX_CONTINUE;
243
243 mod_timer(&local->dynamic_ps_timer, jiffies + 244 mod_timer(&local->dynamic_ps_timer, jiffies +
244 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 245 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
245 246
@@ -257,7 +258,8 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
257 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED)) 258 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
258 return TX_CONTINUE; 259 return TX_CONTINUE;
259 260
260 if (unlikely(test_bit(SCAN_OFF_CHANNEL, &tx->local->scanning)) && 261 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
262 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
261 !ieee80211_is_probe_req(hdr->frame_control) && 263 !ieee80211_is_probe_req(hdr->frame_control) &&
262 !ieee80211_is_nullfunc(hdr->frame_control)) 264 !ieee80211_is_nullfunc(hdr->frame_control))
263 /* 265 /*
@@ -273,6 +275,9 @@ ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
273 */ 275 */
274 return TX_DROP; 276 return TX_DROP;
275 277
278 if (tx->sdata->vif.type == NL80211_IFTYPE_WDS)
279 return TX_CONTINUE;
280
276 if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT) 281 if (tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
277 return TX_CONTINUE; 282 return TX_CONTINUE;
278 283
@@ -351,8 +356,8 @@ static void purge_old_ps_buffers(struct ieee80211_local *local)
351 356
352 local->total_ps_buffered = total; 357 local->total_ps_buffered = total;
353#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 358#ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
354 printk(KERN_DEBUG "%s: PS buffers full - purged %d frames\n", 359 wiphy_debug(local->hw.wiphy, "PS buffers full - purged %d frames\n",
355 wiphy_name(local->hw.wiphy), purged); 360 purged);
356#endif 361#endif
357} 362}
358 363
@@ -509,6 +514,18 @@ ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
509} 514}
510 515
511static ieee80211_tx_result debug_noinline 516static ieee80211_tx_result debug_noinline
517ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
518{
519 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
520
521 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol &&
522 tx->sdata->control_port_no_encrypt))
523 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
524
525 return TX_CONTINUE;
526}
527
528static ieee80211_tx_result debug_noinline
512ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) 529ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
513{ 530{
514 struct ieee80211_key *key = NULL; 531 struct ieee80211_key *key = NULL;
@@ -517,17 +534,21 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
517 534
518 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) 535 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT))
519 tx->key = NULL; 536 tx->key = NULL;
520 else if (tx->sta && (key = rcu_dereference(tx->sta->key))) 537 else if (tx->sta && (key = rcu_dereference(tx->sta->ptk)))
521 tx->key = key; 538 tx->key = key;
522 else if (ieee80211_is_mgmt(hdr->frame_control) && 539 else if (ieee80211_is_mgmt(hdr->frame_control) &&
523 is_multicast_ether_addr(hdr->addr1) && 540 is_multicast_ether_addr(hdr->addr1) &&
524 ieee80211_is_robust_mgmt_frame(hdr) && 541 ieee80211_is_robust_mgmt_frame(hdr) &&
525 (key = rcu_dereference(tx->sdata->default_mgmt_key))) 542 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
526 tx->key = key; 543 tx->key = key;
527 else if ((key = rcu_dereference(tx->sdata->default_key))) 544 else if (is_multicast_ether_addr(hdr->addr1) &&
545 (key = rcu_dereference(tx->sdata->default_multicast_key)))
546 tx->key = key;
547 else if (!is_multicast_ether_addr(hdr->addr1) &&
548 (key = rcu_dereference(tx->sdata->default_unicast_key)))
528 tx->key = key; 549 tx->key = key;
529 else if (tx->sdata->drop_unencrypted && 550 else if (tx->sdata->drop_unencrypted &&
530 (tx->skb->protocol != cpu_to_be16(ETH_P_PAE)) && 551 (tx->skb->protocol != tx->sdata->control_port_protocol) &&
531 !(info->flags & IEEE80211_TX_CTL_INJECTED) && 552 !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
532 (!ieee80211_is_robust_mgmt_frame(hdr) || 553 (!ieee80211_is_robust_mgmt_frame(hdr) ||
533 (ieee80211_is_action(hdr->frame_control) && 554 (ieee80211_is_action(hdr->frame_control) &&
@@ -543,15 +564,16 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
543 tx->key->tx_rx_count++; 564 tx->key->tx_rx_count++;
544 /* TODO: add threshold stuff again */ 565 /* TODO: add threshold stuff again */
545 566
546 switch (tx->key->conf.alg) { 567 switch (tx->key->conf.cipher) {
547 case ALG_WEP: 568 case WLAN_CIPHER_SUITE_WEP40:
569 case WLAN_CIPHER_SUITE_WEP104:
548 if (ieee80211_is_auth(hdr->frame_control)) 570 if (ieee80211_is_auth(hdr->frame_control))
549 break; 571 break;
550 case ALG_TKIP: 572 case WLAN_CIPHER_SUITE_TKIP:
551 if (!ieee80211_is_data_present(hdr->frame_control)) 573 if (!ieee80211_is_data_present(hdr->frame_control))
552 tx->key = NULL; 574 tx->key = NULL;
553 break; 575 break;
554 case ALG_CCMP: 576 case WLAN_CIPHER_SUITE_CCMP:
555 if (!ieee80211_is_data_present(hdr->frame_control) && 577 if (!ieee80211_is_data_present(hdr->frame_control) &&
556 !ieee80211_use_mfp(hdr->frame_control, tx->sta, 578 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
557 tx->skb)) 579 tx->skb))
@@ -561,7 +583,7 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
561 IEEE80211_KEY_FLAG_SW_MGMT) && 583 IEEE80211_KEY_FLAG_SW_MGMT) &&
562 ieee80211_is_mgmt(hdr->frame_control); 584 ieee80211_is_mgmt(hdr->frame_control);
563 break; 585 break;
564 case ALG_AES_CMAC: 586 case WLAN_CIPHER_SUITE_AES_CMAC:
565 if (!ieee80211_is_mgmt(hdr->frame_control)) 587 if (!ieee80211_is_mgmt(hdr->frame_control))
566 tx->key = NULL; 588 tx->key = NULL;
567 break; 589 break;
@@ -606,7 +628,8 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
606 txrc.max_rate_idx = -1; 628 txrc.max_rate_idx = -1;
607 else 629 else
608 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 630 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
609 txrc.ap = tx->sdata->vif.type == NL80211_IFTYPE_AP; 631 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
632 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC);
610 633
611 /* set up RTS protection if desired */ 634 /* set up RTS protection if desired */
612 if (len > tx->local->hw.wiphy->rts_threshold) { 635 if (len > tx->local->hw.wiphy->rts_threshold) {
@@ -649,10 +672,11 @@ ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
649 if (unlikely(info->control.rates[0].idx < 0)) 672 if (unlikely(info->control.rates[0].idx < 0))
650 return TX_DROP; 673 return TX_DROP;
651 674
652 if (txrc.reported_rate.idx < 0) 675 if (txrc.reported_rate.idx < 0) {
653 txrc.reported_rate = info->control.rates[0]; 676 txrc.reported_rate = info->control.rates[0];
654 677 if (tx->sta && ieee80211_is_data(hdr->frame_control))
655 if (tx->sta) 678 tx->sta->last_tx_rate = txrc.reported_rate;
679 } else if (tx->sta)
656 tx->sta->last_tx_rate = txrc.reported_rate; 680 tx->sta->last_tx_rate = txrc.reported_rate;
657 681
658 if (unlikely(!info->control.rates[0].count)) 682 if (unlikely(!info->control.rates[0].count))
@@ -946,22 +970,31 @@ ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
946static ieee80211_tx_result debug_noinline 970static ieee80211_tx_result debug_noinline
947ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx) 971ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
948{ 972{
973 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
974
949 if (!tx->key) 975 if (!tx->key)
950 return TX_CONTINUE; 976 return TX_CONTINUE;
951 977
952 switch (tx->key->conf.alg) { 978 switch (tx->key->conf.cipher) {
953 case ALG_WEP: 979 case WLAN_CIPHER_SUITE_WEP40:
980 case WLAN_CIPHER_SUITE_WEP104:
954 return ieee80211_crypto_wep_encrypt(tx); 981 return ieee80211_crypto_wep_encrypt(tx);
955 case ALG_TKIP: 982 case WLAN_CIPHER_SUITE_TKIP:
956 return ieee80211_crypto_tkip_encrypt(tx); 983 return ieee80211_crypto_tkip_encrypt(tx);
957 case ALG_CCMP: 984 case WLAN_CIPHER_SUITE_CCMP:
958 return ieee80211_crypto_ccmp_encrypt(tx); 985 return ieee80211_crypto_ccmp_encrypt(tx);
959 case ALG_AES_CMAC: 986 case WLAN_CIPHER_SUITE_AES_CMAC:
960 return ieee80211_crypto_aes_cmac_encrypt(tx); 987 return ieee80211_crypto_aes_cmac_encrypt(tx);
988 default:
989 /* handle hw-only algorithm */
990 if (info->control.hw_key) {
991 ieee80211_tx_set_protected(tx);
992 return TX_CONTINUE;
993 }
994 break;
995
961 } 996 }
962 997
963 /* not reached */
964 WARN_ON(1);
965 return TX_DROP; 998 return TX_DROP;
966} 999}
967 1000
@@ -1007,16 +1040,17 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
1007 struct ieee80211_radiotap_iterator iterator; 1040 struct ieee80211_radiotap_iterator iterator;
1008 struct ieee80211_radiotap_header *rthdr = 1041 struct ieee80211_radiotap_header *rthdr =
1009 (struct ieee80211_radiotap_header *) skb->data; 1042 (struct ieee80211_radiotap_header *) skb->data;
1010 struct ieee80211_supported_band *sband; 1043 bool hw_frag;
1011 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1044 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1012 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len, 1045 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
1013 NULL); 1046 NULL);
1014 1047
1015 sband = tx->local->hw.wiphy->bands[tx->channel->band];
1016
1017 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1048 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1018 tx->flags &= ~IEEE80211_TX_FRAGMENTED; 1049 tx->flags &= ~IEEE80211_TX_FRAGMENTED;
1019 1050
1051 /* packet is fragmented in HW if we have a non-NULL driver callback */
1052 hw_frag = (tx->local->ops->set_frag_threshold != NULL);
1053
1020 /* 1054 /*
1021 * for every radiotap entry that is present 1055 * for every radiotap entry that is present
1022 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more 1056 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
@@ -1053,7 +1087,8 @@ static bool __ieee80211_parse_tx_radiotap(struct ieee80211_tx_data *tx,
1053 } 1087 }
1054 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP) 1088 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
1055 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT; 1089 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
1056 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) 1090 if ((*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG) &&
1091 !hw_frag)
1057 tx->flags |= IEEE80211_TX_FRAGMENTED; 1092 tx->flags |= IEEE80211_TX_FRAGMENTED;
1058 break; 1093 break;
1059 1094
@@ -1116,7 +1151,7 @@ static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1116 * packet pass through because splicing the frames 1151 * packet pass through because splicing the frames
1117 * back is already done. 1152 * back is already done.
1118 */ 1153 */
1119 tid_tx = tx->sta->ampdu_mlme.tid_tx[tid]; 1154 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1120 1155
1121 if (!tid_tx) { 1156 if (!tid_tx) {
1122 /* do nothing, let packet pass through */ 1157 /* do nothing, let packet pass through */
@@ -1156,8 +1191,10 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1156 /* 1191 /*
1157 * Set this flag (used below to indicate "automatic fragmentation"), 1192 * Set this flag (used below to indicate "automatic fragmentation"),
1158 * it will be cleared/left by radiotap as desired. 1193 * it will be cleared/left by radiotap as desired.
1194 * Only valid when fragmentation is done by the stack.
1159 */ 1195 */
1160 tx->flags |= IEEE80211_TX_FRAGMENTED; 1196 if (!local->ops->set_frag_threshold)
1197 tx->flags |= IEEE80211_TX_FRAGMENTED;
1161 1198
1162 /* process and remove the injection radiotap header */ 1199 /* process and remove the injection radiotap header */
1163 if (unlikely(info->flags & IEEE80211_TX_INTFL_HAS_RADIOTAP)) { 1200 if (unlikely(info->flags & IEEE80211_TX_INTFL_HAS_RADIOTAP)) {
@@ -1245,29 +1282,55 @@ ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1245 return TX_CONTINUE; 1282 return TX_CONTINUE;
1246} 1283}
1247 1284
1248static int __ieee80211_tx(struct ieee80211_local *local, 1285/*
1249 struct sk_buff **skbp, 1286 * Returns false if the frame couldn't be transmitted but was queued instead.
1250 struct sta_info *sta, 1287 */
1251 bool txpending) 1288static bool __ieee80211_tx(struct ieee80211_local *local, struct sk_buff **skbp,
1289 struct sta_info *sta, bool txpending)
1252{ 1290{
1253 struct sk_buff *skb = *skbp, *next; 1291 struct sk_buff *skb = *skbp, *next;
1254 struct ieee80211_tx_info *info; 1292 struct ieee80211_tx_info *info;
1255 struct ieee80211_sub_if_data *sdata; 1293 struct ieee80211_sub_if_data *sdata;
1256 unsigned long flags; 1294 unsigned long flags;
1257 int ret, len; 1295 int len;
1258 bool fragm = false; 1296 bool fragm = false;
1259 1297
1260 while (skb) { 1298 while (skb) {
1261 int q = skb_get_queue_mapping(skb); 1299 int q = skb_get_queue_mapping(skb);
1300 __le16 fc;
1262 1301
1263 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 1302 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1264 ret = IEEE80211_TX_OK;
1265 if (local->queue_stop_reasons[q] || 1303 if (local->queue_stop_reasons[q] ||
1266 (!txpending && !skb_queue_empty(&local->pending[q]))) 1304 (!txpending && !skb_queue_empty(&local->pending[q]))) {
1267 ret = IEEE80211_TX_PENDING; 1305 /*
1306 * Since queue is stopped, queue up frames for later
1307 * transmission from the tx-pending tasklet when the
1308 * queue is woken again.
1309 */
1310
1311 do {
1312 next = skb->next;
1313 skb->next = NULL;
1314 /*
1315 * NB: If txpending is true, next must already
1316 * be NULL since we must've gone through this
1317 * loop before already; therefore we can just
1318 * queue the frame to the head without worrying
1319 * about reordering of fragments.
1320 */
1321 if (unlikely(txpending))
1322 __skb_queue_head(&local->pending[q],
1323 skb);
1324 else
1325 __skb_queue_tail(&local->pending[q],
1326 skb);
1327 } while ((skb = next));
1328
1329 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1330 flags);
1331 return false;
1332 }
1268 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 1333 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1269 if (ret != IEEE80211_TX_OK)
1270 return ret;
1271 1334
1272 info = IEEE80211_SKB_CB(skb); 1335 info = IEEE80211_SKB_CB(skb);
1273 1336
@@ -1301,22 +1364,16 @@ static int __ieee80211_tx(struct ieee80211_local *local,
1301 else 1364 else
1302 info->control.sta = NULL; 1365 info->control.sta = NULL;
1303 1366
1304 ret = drv_tx(local, skb); 1367 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
1305 if (WARN_ON(ret != NETDEV_TX_OK && skb->len != len)) { 1368 drv_tx(local, skb);
1306 dev_kfree_skb(skb);
1307 ret = NETDEV_TX_OK;
1308 }
1309 if (ret != NETDEV_TX_OK) {
1310 info->control.vif = &sdata->vif;
1311 return IEEE80211_TX_AGAIN;
1312 }
1313 1369
1370 ieee80211_tpt_led_trig_tx(local, fc, len);
1314 *skbp = skb = next; 1371 *skbp = skb = next;
1315 ieee80211_led_tx(local, 1); 1372 ieee80211_led_tx(local, 1);
1316 fragm = true; 1373 fragm = true;
1317 } 1374 }
1318 1375
1319 return IEEE80211_TX_OK; 1376 return true;
1320} 1377}
1321 1378
1322/* 1379/*
@@ -1339,6 +1396,7 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1339 CALL_TXH(ieee80211_tx_h_dynamic_ps); 1396 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1340 CALL_TXH(ieee80211_tx_h_check_assoc); 1397 CALL_TXH(ieee80211_tx_h_check_assoc);
1341 CALL_TXH(ieee80211_tx_h_ps_buf); 1398 CALL_TXH(ieee80211_tx_h_ps_buf);
1399 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1342 CALL_TXH(ieee80211_tx_h_select_key); 1400 CALL_TXH(ieee80211_tx_h_select_key);
1343 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)) 1401 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1344 CALL_TXH(ieee80211_tx_h_rate_ctrl); 1402 CALL_TXH(ieee80211_tx_h_rate_ctrl);
@@ -1352,7 +1410,8 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1352 /* handlers after fragment must be aware of tx info fragmentation! */ 1410 /* handlers after fragment must be aware of tx info fragmentation! */
1353 CALL_TXH(ieee80211_tx_h_stats); 1411 CALL_TXH(ieee80211_tx_h_stats);
1354 CALL_TXH(ieee80211_tx_h_encrypt); 1412 CALL_TXH(ieee80211_tx_h_encrypt);
1355 CALL_TXH(ieee80211_tx_h_calculate_duration); 1413 if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL))
1414 CALL_TXH(ieee80211_tx_h_calculate_duration);
1356#undef CALL_TXH 1415#undef CALL_TXH
1357 1416
1358 txh_done: 1417 txh_done:
@@ -1374,23 +1433,21 @@ static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1374 return 0; 1433 return 0;
1375} 1434}
1376 1435
1377static void ieee80211_tx(struct ieee80211_sub_if_data *sdata, 1436/*
1437 * Returns false if the frame couldn't be transmitted but was queued instead.
1438 */
1439static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1378 struct sk_buff *skb, bool txpending) 1440 struct sk_buff *skb, bool txpending)
1379{ 1441{
1380 struct ieee80211_local *local = sdata->local; 1442 struct ieee80211_local *local = sdata->local;
1381 struct ieee80211_tx_data tx; 1443 struct ieee80211_tx_data tx;
1382 ieee80211_tx_result res_prepare; 1444 ieee80211_tx_result res_prepare;
1383 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1445 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1384 struct sk_buff *next; 1446 bool result = true;
1385 unsigned long flags;
1386 int ret, retries;
1387 u16 queue;
1388
1389 queue = skb_get_queue_mapping(skb);
1390 1447
1391 if (unlikely(skb->len < 10)) { 1448 if (unlikely(skb->len < 10)) {
1392 dev_kfree_skb(skb); 1449 dev_kfree_skb(skb);
1393 return; 1450 return true;
1394 } 1451 }
1395 1452
1396 rcu_read_lock(); 1453 rcu_read_lock();
@@ -1400,85 +1457,19 @@ static void ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1400 1457
1401 if (unlikely(res_prepare == TX_DROP)) { 1458 if (unlikely(res_prepare == TX_DROP)) {
1402 dev_kfree_skb(skb); 1459 dev_kfree_skb(skb);
1403 rcu_read_unlock(); 1460 goto out;
1404 return;
1405 } else if (unlikely(res_prepare == TX_QUEUED)) { 1461 } else if (unlikely(res_prepare == TX_QUEUED)) {
1406 rcu_read_unlock(); 1462 goto out;
1407 return;
1408 } 1463 }
1409 1464
1410 tx.channel = local->hw.conf.channel; 1465 tx.channel = local->hw.conf.channel;
1411 info->band = tx.channel->band; 1466 info->band = tx.channel->band;
1412 1467
1413 if (invoke_tx_handlers(&tx)) 1468 if (!invoke_tx_handlers(&tx))
1414 goto out; 1469 result = __ieee80211_tx(local, &tx.skb, tx.sta, txpending);
1415
1416 retries = 0;
1417 retry:
1418 ret = __ieee80211_tx(local, &tx.skb, tx.sta, txpending);
1419 switch (ret) {
1420 case IEEE80211_TX_OK:
1421 break;
1422 case IEEE80211_TX_AGAIN:
1423 /*
1424 * Since there are no fragmented frames on A-MPDU
1425 * queues, there's no reason for a driver to reject
1426 * a frame there, warn and drop it.
1427 */
1428 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
1429 goto drop;
1430 /* fall through */
1431 case IEEE80211_TX_PENDING:
1432 skb = tx.skb;
1433
1434 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1435
1436 if (local->queue_stop_reasons[queue] ||
1437 !skb_queue_empty(&local->pending[queue])) {
1438 /*
1439 * if queue is stopped, queue up frames for later
1440 * transmission from the tasklet
1441 */
1442 do {
1443 next = skb->next;
1444 skb->next = NULL;
1445 if (unlikely(txpending))
1446 __skb_queue_head(&local->pending[queue],
1447 skb);
1448 else
1449 __skb_queue_tail(&local->pending[queue],
1450 skb);
1451 } while ((skb = next));
1452
1453 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1454 flags);
1455 } else {
1456 /*
1457 * otherwise retry, but this is a race condition or
1458 * a driver bug (which we warn about if it persists)
1459 */
1460 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1461 flags);
1462
1463 retries++;
1464 if (WARN(retries > 10, "tx refused but queue active\n"))
1465 goto drop;
1466 goto retry;
1467 }
1468 }
1469 out: 1470 out:
1470 rcu_read_unlock(); 1471 rcu_read_unlock();
1471 return; 1472 return result;
1472
1473 drop:
1474 rcu_read_unlock();
1475
1476 skb = tx.skb;
1477 while (skb) {
1478 next = skb->next;
1479 dev_kfree_skb(skb);
1480 skb = next;
1481 }
1482} 1473}
1483 1474
1484/* device xmit handlers */ 1475/* device xmit handlers */
@@ -1505,14 +1496,16 @@ static int ieee80211_skb_resize(struct ieee80211_local *local,
1505 skb_orphan(skb); 1496 skb_orphan(skb);
1506 } 1497 }
1507 1498
1508 if (skb_header_cloned(skb)) 1499 if (skb_cloned(skb))
1509 I802_DEBUG_INC(local->tx_expand_skb_head_cloned); 1500 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1510 else 1501 else if (head_need || tail_need)
1511 I802_DEBUG_INC(local->tx_expand_skb_head); 1502 I802_DEBUG_INC(local->tx_expand_skb_head);
1503 else
1504 return 0;
1512 1505
1513 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) { 1506 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1514 printk(KERN_DEBUG "%s: failed to reallocate TX buffer\n", 1507 wiphy_debug(local->hw.wiphy,
1515 wiphy_name(local->hw.wiphy)); 1508 "failed to reallocate TX buffer\n");
1516 return -ENOMEM; 1509 return -ENOMEM;
1517 } 1510 }
1518 1511
@@ -1561,7 +1554,12 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1561 list) { 1554 list) {
1562 if (!ieee80211_sdata_running(tmp_sdata)) 1555 if (!ieee80211_sdata_running(tmp_sdata))
1563 continue; 1556 continue;
1564 if (tmp_sdata->vif.type != NL80211_IFTYPE_AP) 1557 if (tmp_sdata->vif.type ==
1558 NL80211_IFTYPE_MONITOR ||
1559 tmp_sdata->vif.type ==
1560 NL80211_IFTYPE_AP_VLAN ||
1561 tmp_sdata->vif.type ==
1562 NL80211_IFTYPE_WDS)
1565 continue; 1563 continue;
1566 if (compare_ether_addr(tmp_sdata->vif.addr, 1564 if (compare_ether_addr(tmp_sdata->vif.addr,
1567 hdr->addr2) == 0) { 1565 hdr->addr2) == 0) {
@@ -1586,6 +1584,7 @@ static void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1586 return; 1584 return;
1587 } 1585 }
1588 1586
1587 hdr = (struct ieee80211_hdr *) skb->data;
1589 info->control.vif = &sdata->vif; 1588 info->control.vif = &sdata->vif;
1590 1589
1591 if (ieee80211_vif_is_mesh(&sdata->vif) && 1590 if (ieee80211_vif_is_mesh(&sdata->vif) &&
@@ -1694,26 +1693,25 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1694{ 1693{
1695 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev); 1694 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
1696 struct ieee80211_local *local = sdata->local; 1695 struct ieee80211_local *local = sdata->local;
1697 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1696 struct ieee80211_tx_info *info;
1698 int ret = NETDEV_TX_BUSY, head_need; 1697 int ret = NETDEV_TX_BUSY, head_need;
1699 u16 ethertype, hdrlen, meshhdrlen = 0; 1698 u16 ethertype, hdrlen, meshhdrlen = 0;
1700 __le16 fc; 1699 __le16 fc;
1701 struct ieee80211_hdr hdr; 1700 struct ieee80211_hdr hdr;
1702 struct ieee80211s_hdr mesh_hdr; 1701 struct ieee80211s_hdr mesh_hdr __maybe_unused;
1702 struct mesh_path __maybe_unused *mppath = NULL;
1703 const u8 *encaps_data; 1703 const u8 *encaps_data;
1704 int encaps_len, skip_header_bytes; 1704 int encaps_len, skip_header_bytes;
1705 int nh_pos, h_pos; 1705 int nh_pos, h_pos;
1706 struct sta_info *sta = NULL; 1706 struct sta_info *sta = NULL;
1707 u32 sta_flags = 0; 1707 u32 sta_flags = 0;
1708 struct sk_buff *tmp_skb;
1708 1709
1709 if (unlikely(skb->len < ETH_HLEN)) { 1710 if (unlikely(skb->len < ETH_HLEN)) {
1710 ret = NETDEV_TX_OK; 1711 ret = NETDEV_TX_OK;
1711 goto fail; 1712 goto fail;
1712 } 1713 }
1713 1714
1714 nh_pos = skb_network_header(skb) - skb->data;
1715 h_pos = skb_transport_header(skb) - skb->data;
1716
1717 /* convert Ethernet header to proper 802.11 header (based on 1715 /* convert Ethernet header to proper 802.11 header (based on
1718 * operation mode) */ 1716 * operation mode) */
1719 ethertype = (skb->data[12] << 8) | skb->data[13]; 1717 ethertype = (skb->data[12] << 8) | skb->data[13];
@@ -1762,28 +1760,34 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1762 ret = NETDEV_TX_OK; 1760 ret = NETDEV_TX_OK;
1763 goto fail; 1761 goto fail;
1764 } 1762 }
1763 rcu_read_lock();
1764 if (!is_multicast_ether_addr(skb->data))
1765 mppath = mpp_path_lookup(skb->data, sdata);
1765 1766
1767 /*
1768 * Use address extension if it is a packet from
1769 * another interface or if we know the destination
1770 * is being proxied by a portal (i.e. portal address
1771 * differs from proxied address)
1772 */
1766 if (compare_ether_addr(sdata->vif.addr, 1773 if (compare_ether_addr(sdata->vif.addr,
1767 skb->data + ETH_ALEN) == 0) { 1774 skb->data + ETH_ALEN) == 0 &&
1775 !(mppath && compare_ether_addr(mppath->mpp, skb->data))) {
1768 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc, 1776 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
1769 skb->data, skb->data + ETH_ALEN); 1777 skb->data, skb->data + ETH_ALEN);
1778 rcu_read_unlock();
1770 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr, 1779 meshhdrlen = ieee80211_new_mesh_header(&mesh_hdr,
1771 sdata, NULL, NULL, NULL); 1780 sdata, NULL, NULL);
1772 } else { 1781 } else {
1773 /* packet from other interface */
1774 struct mesh_path *mppath;
1775 int is_mesh_mcast = 1; 1782 int is_mesh_mcast = 1;
1776 const u8 *mesh_da; 1783 const u8 *mesh_da;
1777 1784
1778 rcu_read_lock();
1779 if (is_multicast_ether_addr(skb->data)) 1785 if (is_multicast_ether_addr(skb->data))
1780 /* DA TA mSA AE:SA */ 1786 /* DA TA mSA AE:SA */
1781 mesh_da = skb->data; 1787 mesh_da = skb->data;
1782 else { 1788 else {
1783 static const u8 bcast[ETH_ALEN] = 1789 static const u8 bcast[ETH_ALEN] =
1784 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 1790 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1785
1786 mppath = mpp_path_lookup(skb->data, sdata);
1787 if (mppath) { 1791 if (mppath) {
1788 /* RA TA mDA mSA AE:DA SA */ 1792 /* RA TA mDA mSA AE:DA SA */
1789 mesh_da = mppath->mpp; 1793 mesh_da = mppath->mpp;
@@ -1801,13 +1805,11 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1801 ieee80211_new_mesh_header(&mesh_hdr, 1805 ieee80211_new_mesh_header(&mesh_hdr,
1802 sdata, 1806 sdata,
1803 skb->data + ETH_ALEN, 1807 skb->data + ETH_ALEN,
1804 NULL,
1805 NULL); 1808 NULL);
1806 else 1809 else
1807 meshhdrlen = 1810 meshhdrlen =
1808 ieee80211_new_mesh_header(&mesh_hdr, 1811 ieee80211_new_mesh_header(&mesh_hdr,
1809 sdata, 1812 sdata,
1810 NULL,
1811 skb->data, 1813 skb->data,
1812 skb->data + ETH_ALEN); 1814 skb->data + ETH_ALEN);
1813 1815
@@ -1816,7 +1818,8 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1816#endif 1818#endif
1817 case NL80211_IFTYPE_STATION: 1819 case NL80211_IFTYPE_STATION:
1818 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN); 1820 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
1819 if (sdata->u.mgd.use_4addr && ethertype != ETH_P_PAE) { 1821 if (sdata->u.mgd.use_4addr &&
1822 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
1820 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS); 1823 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
1821 /* RA TA DA SA */ 1824 /* RA TA DA SA */
1822 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN); 1825 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
@@ -1869,7 +1872,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1869 if (!ieee80211_vif_is_mesh(&sdata->vif) && 1872 if (!ieee80211_vif_is_mesh(&sdata->vif) &&
1870 unlikely(!is_multicast_ether_addr(hdr.addr1) && 1873 unlikely(!is_multicast_ether_addr(hdr.addr1) &&
1871 !(sta_flags & WLAN_STA_AUTHORIZED) && 1874 !(sta_flags & WLAN_STA_AUTHORIZED) &&
1872 !(ethertype == ETH_P_PAE && 1875 !(cpu_to_be16(ethertype) == sdata->control_port_protocol &&
1873 compare_ether_addr(sdata->vif.addr, 1876 compare_ether_addr(sdata->vif.addr,
1874 skb->data + ETH_ALEN) == 0))) { 1877 skb->data + ETH_ALEN) == 0))) {
1875#ifdef CONFIG_MAC80211_VERBOSE_DEBUG 1878#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
@@ -1885,6 +1888,20 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1885 goto fail; 1888 goto fail;
1886 } 1889 }
1887 1890
1891 /*
1892 * If the skb is shared we need to obtain our own copy.
1893 */
1894 if (skb_shared(skb)) {
1895 tmp_skb = skb;
1896 skb = skb_clone(skb, GFP_ATOMIC);
1897 kfree_skb(tmp_skb);
1898
1899 if (!skb) {
1900 ret = NETDEV_TX_OK;
1901 goto fail;
1902 }
1903 }
1904
1888 hdr.frame_control = fc; 1905 hdr.frame_control = fc;
1889 hdr.duration_id = 0; 1906 hdr.duration_id = 0;
1890 hdr.seq_ctrl = 0; 1907 hdr.seq_ctrl = 0;
@@ -1903,6 +1920,9 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1903 encaps_len = 0; 1920 encaps_len = 0;
1904 } 1921 }
1905 1922
1923 nh_pos = skb_network_header(skb) - skb->data;
1924 h_pos = skb_transport_header(skb) - skb->data;
1925
1906 skb_pull(skb, skip_header_bytes); 1926 skb_pull(skb, skip_header_bytes);
1907 nh_pos -= skip_header_bytes; 1927 nh_pos -= skip_header_bytes;
1908 h_pos -= skip_header_bytes; 1928 h_pos -= skip_header_bytes;
@@ -1969,6 +1989,7 @@ netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
1969 skb_set_network_header(skb, nh_pos); 1989 skb_set_network_header(skb, nh_pos);
1970 skb_set_transport_header(skb, h_pos); 1990 skb_set_transport_header(skb, h_pos);
1971 1991
1992 info = IEEE80211_SKB_CB(skb);
1972 memset(info, 0, sizeof(*info)); 1993 memset(info, 0, sizeof(*info));
1973 1994
1974 dev->trans_start = jiffies; 1995 dev->trans_start = jiffies;
@@ -1996,6 +2017,11 @@ void ieee80211_clear_tx_pending(struct ieee80211_local *local)
1996 skb_queue_purge(&local->pending[i]); 2017 skb_queue_purge(&local->pending[i]);
1997} 2018}
1998 2019
2020/*
2021 * Returns false if the frame couldn't be transmitted but was queued instead,
2022 * which in this case means re-queued -- take as an indication to stop sending
2023 * more pending frames.
2024 */
1999static bool ieee80211_tx_pending_skb(struct ieee80211_local *local, 2025static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
2000 struct sk_buff *skb) 2026 struct sk_buff *skb)
2001{ 2027{
@@ -2003,20 +2029,17 @@ static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
2003 struct ieee80211_sub_if_data *sdata; 2029 struct ieee80211_sub_if_data *sdata;
2004 struct sta_info *sta; 2030 struct sta_info *sta;
2005 struct ieee80211_hdr *hdr; 2031 struct ieee80211_hdr *hdr;
2006 int ret; 2032 bool result;
2007 bool result = true;
2008 2033
2009 sdata = vif_to_sdata(info->control.vif); 2034 sdata = vif_to_sdata(info->control.vif);
2010 2035
2011 if (info->flags & IEEE80211_TX_INTFL_NEED_TXPROCESSING) { 2036 if (info->flags & IEEE80211_TX_INTFL_NEED_TXPROCESSING) {
2012 ieee80211_tx(sdata, skb, true); 2037 result = ieee80211_tx(sdata, skb, true);
2013 } else { 2038 } else {
2014 hdr = (struct ieee80211_hdr *)skb->data; 2039 hdr = (struct ieee80211_hdr *)skb->data;
2015 sta = sta_info_get(sdata, hdr->addr1); 2040 sta = sta_info_get(sdata, hdr->addr1);
2016 2041
2017 ret = __ieee80211_tx(local, &skb, sta, true); 2042 result = __ieee80211_tx(local, &skb, sta, true);
2018 if (ret != IEEE80211_TX_OK)
2019 result = false;
2020 } 2043 }
2021 2044
2022 return result; 2045 return result;
@@ -2058,8 +2081,6 @@ void ieee80211_tx_pending(unsigned long data)
2058 flags); 2081 flags);
2059 2082
2060 txok = ieee80211_tx_pending_skb(local, skb); 2083 txok = ieee80211_tx_pending_skb(local, skb);
2061 if (!txok)
2062 __skb_queue_head(&local->pending[i], skb);
2063 spin_lock_irqsave(&local->queue_stop_reason_lock, 2084 spin_lock_irqsave(&local->queue_stop_reason_lock,
2064 flags); 2085 flags);
2065 if (!txok) 2086 if (!txok)
@@ -2068,8 +2089,7 @@ void ieee80211_tx_pending(unsigned long data)
2068 2089
2069 if (skb_queue_empty(&local->pending[i])) 2090 if (skb_queue_empty(&local->pending[i]))
2070 list_for_each_entry_rcu(sdata, &local->interfaces, list) 2091 list_for_each_entry_rcu(sdata, &local->interfaces, list)
2071 netif_tx_wake_queue( 2092 netif_wake_subqueue(sdata->dev, i);
2072 netdev_get_tx_queue(sdata->dev, i));
2073 } 2093 }
2074 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 2094 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
2075 2095
@@ -2108,6 +2128,8 @@ static void ieee80211_beacon_add_tim(struct ieee80211_if_ap *bss,
2108 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf)) 2128 if (bss->dtim_count == 0 && !skb_queue_empty(&bss->ps_bc_buf))
2109 aid0 = 1; 2129 aid0 = 1;
2110 2130
2131 bss->dtim_bc_mc = aid0 == 1;
2132
2111 if (have_bits) { 2133 if (have_bits) {
2112 /* Find largest even number N1 so that bits numbered 1 through 2134 /* Find largest even number N1 so that bits numbered 1 through
2113 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits 2135 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
@@ -2160,6 +2182,9 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2160 2182
2161 sdata = vif_to_sdata(vif); 2183 sdata = vif_to_sdata(vif);
2162 2184
2185 if (!ieee80211_sdata_running(sdata))
2186 goto out;
2187
2163 if (tim_offset) 2188 if (tim_offset)
2164 *tim_offset = 0; 2189 *tim_offset = 0;
2165 if (tim_length) 2190 if (tim_length)
@@ -2168,7 +2193,7 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2168 if (sdata->vif.type == NL80211_IFTYPE_AP) { 2193 if (sdata->vif.type == NL80211_IFTYPE_AP) {
2169 ap = &sdata->u.ap; 2194 ap = &sdata->u.ap;
2170 beacon = rcu_dereference(ap->beacon); 2195 beacon = rcu_dereference(ap->beacon);
2171 if (ap && beacon) { 2196 if (beacon) {
2172 /* 2197 /*
2173 * headroom, head length, 2198 * headroom, head length,
2174 * tail length and maximum TIM length 2199 * tail length and maximum TIM length
@@ -2229,8 +2254,14 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2229 struct ieee80211_mgmt *mgmt; 2254 struct ieee80211_mgmt *mgmt;
2230 u8 *pos; 2255 u8 *pos;
2231 2256
2257#ifdef CONFIG_MAC80211_MESH
2258 if (!sdata->u.mesh.mesh_id_len)
2259 goto out;
2260#endif
2261
2232 /* headroom, head length, tail length and maximum TIM length */ 2262 /* headroom, head length, tail length and maximum TIM length */
2233 skb = dev_alloc_skb(local->tx_headroom + 400); 2263 skb = dev_alloc_skb(local->tx_headroom + 400 +
2264 sdata->u.mesh.ie_len);
2234 if (!skb) 2265 if (!skb)
2235 goto out; 2266 goto out;
2236 2267
@@ -2274,7 +2305,7 @@ struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
2274 txrc.max_rate_idx = -1; 2305 txrc.max_rate_idx = -1;
2275 else 2306 else
2276 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1; 2307 txrc.max_rate_idx = fls(txrc.rate_idx_mask) - 1;
2277 txrc.ap = true; 2308 txrc.bss = true;
2278 rate_control_get_rate(sdata, NULL, &txrc); 2309 rate_control_get_rate(sdata, NULL, &txrc);
2279 2310
2280 info->control.vif = vif; 2311 info->control.vif = vif;
@@ -2453,7 +2484,6 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2453{ 2484{
2454 struct ieee80211_local *local = hw_to_local(hw); 2485 struct ieee80211_local *local = hw_to_local(hw);
2455 struct sk_buff *skb = NULL; 2486 struct sk_buff *skb = NULL;
2456 struct sta_info *sta;
2457 struct ieee80211_tx_data tx; 2487 struct ieee80211_tx_data tx;
2458 struct ieee80211_sub_if_data *sdata; 2488 struct ieee80211_sub_if_data *sdata;
2459 struct ieee80211_if_ap *bss = NULL; 2489 struct ieee80211_if_ap *bss = NULL;
@@ -2469,7 +2499,7 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2469 if (sdata->vif.type != NL80211_IFTYPE_AP || !beacon || !beacon->head) 2499 if (sdata->vif.type != NL80211_IFTYPE_AP || !beacon || !beacon->head)
2470 goto out; 2500 goto out;
2471 2501
2472 if (bss->dtim_count != 0) 2502 if (bss->dtim_count != 0 || !bss->dtim_bc_mc)
2473 goto out; /* send buffered bc/mc only after DTIM beacon */ 2503 goto out; /* send buffered bc/mc only after DTIM beacon */
2474 2504
2475 while (1) { 2505 while (1) {
@@ -2495,7 +2525,6 @@ ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
2495 2525
2496 info = IEEE80211_SKB_CB(skb); 2526 info = IEEE80211_SKB_CB(skb);
2497 2527
2498 sta = tx.sta;
2499 tx.flags |= IEEE80211_TX_PS_BUFFERED; 2528 tx.flags |= IEEE80211_TX_PS_BUFFERED;
2500 tx.channel = local->hw.conf.channel; 2529 tx.channel = local->hw.conf.channel;
2501 info->band = tx.channel->band; 2530 info->band = tx.channel->band;
@@ -2515,8 +2544,9 @@ void ieee80211_tx_skb(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
2515 skb_set_network_header(skb, 0); 2544 skb_set_network_header(skb, 0);
2516 skb_set_transport_header(skb, 0); 2545 skb_set_transport_header(skb, 0);
2517 2546
2518 /* send all internal mgmt frames on VO */ 2547 /* Send all internal mgmt frames on VO. Accordingly set TID to 7. */
2519 skb_set_queue_mapping(skb, 0); 2548 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
2549 skb->priority = 7;
2520 2550
2521 /* 2551 /*
2522 * The other path calling ieee80211_xmit is from the tasklet, 2552 * The other path calling ieee80211_xmit is from the tasklet,
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
index 748387d45bc0..d3fe2d237485 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
@@ -283,8 +283,11 @@ static void __ieee80211_wake_queue(struct ieee80211_hw *hw, int queue,
283 283
284 if (skb_queue_empty(&local->pending[queue])) { 284 if (skb_queue_empty(&local->pending[queue])) {
285 rcu_read_lock(); 285 rcu_read_lock();
286 list_for_each_entry_rcu(sdata, &local->interfaces, list) 286 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
287 netif_tx_wake_queue(netdev_get_tx_queue(sdata->dev, queue)); 287 if (test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
288 continue;
289 netif_wake_subqueue(sdata->dev, queue);
290 }
288 rcu_read_unlock(); 291 rcu_read_unlock();
289 } else 292 } else
290 tasklet_schedule(&local->tx_pending_tasklet); 293 tasklet_schedule(&local->tx_pending_tasklet);
@@ -323,7 +326,7 @@ static void __ieee80211_stop_queue(struct ieee80211_hw *hw, int queue,
323 326
324 rcu_read_lock(); 327 rcu_read_lock();
325 list_for_each_entry_rcu(sdata, &local->interfaces, list) 328 list_for_each_entry_rcu(sdata, &local->interfaces, list)
326 netif_tx_stop_queue(netdev_get_tx_queue(sdata->dev, queue)); 329 netif_stop_subqueue(sdata->dev, queue);
327 rcu_read_unlock(); 330 rcu_read_unlock();
328} 331}
329 332
@@ -365,8 +368,9 @@ void ieee80211_add_pending_skb(struct ieee80211_local *local,
365 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 368 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
366} 369}
367 370
368int ieee80211_add_pending_skbs(struct ieee80211_local *local, 371int ieee80211_add_pending_skbs_fn(struct ieee80211_local *local,
369 struct sk_buff_head *skbs) 372 struct sk_buff_head *skbs,
373 void (*fn)(void *data), void *data)
370{ 374{
371 struct ieee80211_hw *hw = &local->hw; 375 struct ieee80211_hw *hw = &local->hw;
372 struct sk_buff *skb; 376 struct sk_buff *skb;
@@ -391,6 +395,9 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local,
391 __skb_queue_tail(&local->pending[queue], skb); 395 __skb_queue_tail(&local->pending[queue], skb);
392 } 396 }
393 397
398 if (fn)
399 fn(data);
400
394 for (i = 0; i < hw->queues; i++) 401 for (i = 0; i < hw->queues; i++)
395 __ieee80211_wake_queue(hw, i, 402 __ieee80211_wake_queue(hw, i,
396 IEEE80211_QUEUE_STOP_REASON_SKB_ADD); 403 IEEE80211_QUEUE_STOP_REASON_SKB_ADD);
@@ -399,6 +406,12 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local,
399 return ret; 406 return ret;
400} 407}
401 408
409int ieee80211_add_pending_skbs(struct ieee80211_local *local,
410 struct sk_buff_head *skbs)
411{
412 return ieee80211_add_pending_skbs_fn(local, skbs, NULL, NULL);
413}
414
402void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw, 415void ieee80211_stop_queues_by_reason(struct ieee80211_hw *hw,
403 enum queue_stop_reason reason) 416 enum queue_stop_reason reason)
404{ 417{
@@ -471,16 +484,10 @@ void ieee80211_iterate_active_interfaces(
471 484
472 list_for_each_entry(sdata, &local->interfaces, list) { 485 list_for_each_entry(sdata, &local->interfaces, list) {
473 switch (sdata->vif.type) { 486 switch (sdata->vif.type) {
474 case __NL80211_IFTYPE_AFTER_LAST:
475 case NL80211_IFTYPE_UNSPECIFIED:
476 case NL80211_IFTYPE_MONITOR: 487 case NL80211_IFTYPE_MONITOR:
477 case NL80211_IFTYPE_AP_VLAN: 488 case NL80211_IFTYPE_AP_VLAN:
478 continue; 489 continue;
479 case NL80211_IFTYPE_AP: 490 default:
480 case NL80211_IFTYPE_STATION:
481 case NL80211_IFTYPE_ADHOC:
482 case NL80211_IFTYPE_WDS:
483 case NL80211_IFTYPE_MESH_POINT:
484 break; 491 break;
485 } 492 }
486 if (ieee80211_sdata_running(sdata)) 493 if (ieee80211_sdata_running(sdata))
@@ -505,16 +512,10 @@ void ieee80211_iterate_active_interfaces_atomic(
505 512
506 list_for_each_entry_rcu(sdata, &local->interfaces, list) { 513 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
507 switch (sdata->vif.type) { 514 switch (sdata->vif.type) {
508 case __NL80211_IFTYPE_AFTER_LAST:
509 case NL80211_IFTYPE_UNSPECIFIED:
510 case NL80211_IFTYPE_MONITOR: 515 case NL80211_IFTYPE_MONITOR:
511 case NL80211_IFTYPE_AP_VLAN: 516 case NL80211_IFTYPE_AP_VLAN:
512 continue; 517 continue;
513 case NL80211_IFTYPE_AP: 518 default:
514 case NL80211_IFTYPE_STATION:
515 case NL80211_IFTYPE_ADHOC:
516 case NL80211_IFTYPE_WDS:
517 case NL80211_IFTYPE_MESH_POINT:
518 break; 519 break;
519 } 520 }
520 if (ieee80211_sdata_running(sdata)) 521 if (ieee80211_sdata_running(sdata))
@@ -904,26 +905,34 @@ void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,
904 905
905int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer, 906int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
906 const u8 *ie, size_t ie_len, 907 const u8 *ie, size_t ie_len,
907 enum ieee80211_band band) 908 enum ieee80211_band band, u32 rate_mask,
909 u8 channel)
908{ 910{
909 struct ieee80211_supported_band *sband; 911 struct ieee80211_supported_band *sband;
910 u8 *pos; 912 u8 *pos;
911 size_t offset = 0, noffset; 913 size_t offset = 0, noffset;
912 int supp_rates_len, i; 914 int supp_rates_len, i;
915 u8 rates[32];
916 int num_rates;
917 int ext_rates_len;
913 918
914 sband = local->hw.wiphy->bands[band]; 919 sband = local->hw.wiphy->bands[band];
915 920
916 pos = buffer; 921 pos = buffer;
917 922
918 supp_rates_len = min_t(int, sband->n_bitrates, 8); 923 num_rates = 0;
924 for (i = 0; i < sband->n_bitrates; i++) {
925 if ((BIT(i) & rate_mask) == 0)
926 continue; /* skip rate */
927 rates[num_rates++] = (u8) (sband->bitrates[i].bitrate / 5);
928 }
929
930 supp_rates_len = min_t(int, num_rates, 8);
919 931
920 *pos++ = WLAN_EID_SUPP_RATES; 932 *pos++ = WLAN_EID_SUPP_RATES;
921 *pos++ = supp_rates_len; 933 *pos++ = supp_rates_len;
922 934 memcpy(pos, rates, supp_rates_len);
923 for (i = 0; i < supp_rates_len; i++) { 935 pos += supp_rates_len;
924 int rate = sband->bitrates[i].bitrate;
925 *pos++ = (u8) (rate / 5);
926 }
927 936
928 /* insert "request information" if in custom IEs */ 937 /* insert "request information" if in custom IEs */
929 if (ie && ie_len) { 938 if (ie && ie_len) {
@@ -941,14 +950,18 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
941 offset = noffset; 950 offset = noffset;
942 } 951 }
943 952
944 if (sband->n_bitrates > i) { 953 ext_rates_len = num_rates - supp_rates_len;
954 if (ext_rates_len > 0) {
945 *pos++ = WLAN_EID_EXT_SUPP_RATES; 955 *pos++ = WLAN_EID_EXT_SUPP_RATES;
946 *pos++ = sband->n_bitrates - i; 956 *pos++ = ext_rates_len;
957 memcpy(pos, rates + supp_rates_len, ext_rates_len);
958 pos += ext_rates_len;
959 }
947 960
948 for (; i < sband->n_bitrates; i++) { 961 if (channel && sband->band == IEEE80211_BAND_2GHZ) {
949 int rate = sband->bitrates[i].bitrate; 962 *pos++ = WLAN_EID_DS_PARAMS;
950 *pos++ = (u8) (rate / 5); 963 *pos++ = 1;
951 } 964 *pos++ = channel;
952 } 965 }
953 966
954 /* insert custom IEs that go before HT */ 967 /* insert custom IEs that go before HT */
@@ -973,12 +986,6 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
973 u16 cap = sband->ht_cap.cap; 986 u16 cap = sband->ht_cap.cap;
974 __le16 tmp; 987 __le16 tmp;
975 988
976 if (ieee80211_disable_40mhz_24ghz &&
977 sband->band == IEEE80211_BAND_2GHZ) {
978 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
979 cap &= ~IEEE80211_HT_CAP_SGI_40;
980 }
981
982 *pos++ = WLAN_EID_HT_CAPABILITY; 989 *pos++ = WLAN_EID_HT_CAPABILITY;
983 *pos++ = sizeof(struct ieee80211_ht_cap); 990 *pos++ = sizeof(struct ieee80211_ht_cap);
984 memset(pos, 0, sizeof(struct ieee80211_ht_cap)); 991 memset(pos, 0, sizeof(struct ieee80211_ht_cap));
@@ -1008,26 +1015,34 @@ int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,
1008 return pos - buffer; 1015 return pos - buffer;
1009} 1016}
1010 1017
1011void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst, 1018struct sk_buff *ieee80211_build_probe_req(struct ieee80211_sub_if_data *sdata,
1012 const u8 *ssid, size_t ssid_len, 1019 u8 *dst,
1013 const u8 *ie, size_t ie_len) 1020 const u8 *ssid, size_t ssid_len,
1021 const u8 *ie, size_t ie_len)
1014{ 1022{
1015 struct ieee80211_local *local = sdata->local; 1023 struct ieee80211_local *local = sdata->local;
1016 struct sk_buff *skb; 1024 struct sk_buff *skb;
1017 struct ieee80211_mgmt *mgmt; 1025 struct ieee80211_mgmt *mgmt;
1018 size_t buf_len; 1026 size_t buf_len;
1019 u8 *buf; 1027 u8 *buf;
1028 u8 chan;
1020 1029
1021 /* FIXME: come up with a proper value */ 1030 /* FIXME: come up with a proper value */
1022 buf = kmalloc(200 + ie_len, GFP_KERNEL); 1031 buf = kmalloc(200 + ie_len, GFP_KERNEL);
1023 if (!buf) { 1032 if (!buf) {
1024 printk(KERN_DEBUG "%s: failed to allocate temporary IE " 1033 printk(KERN_DEBUG "%s: failed to allocate temporary IE "
1025 "buffer\n", sdata->name); 1034 "buffer\n", sdata->name);
1026 return; 1035 return NULL;
1027 } 1036 }
1028 1037
1038 chan = ieee80211_frequency_to_channel(
1039 local->hw.conf.channel->center_freq);
1040
1029 buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len, 1041 buf_len = ieee80211_build_preq_ies(local, buf, ie, ie_len,
1030 local->hw.conf.channel->band); 1042 local->hw.conf.channel->band,
1043 sdata->rc_rateidx_mask
1044 [local->hw.conf.channel->band],
1045 chan);
1031 1046
1032 skb = ieee80211_probereq_get(&local->hw, &sdata->vif, 1047 skb = ieee80211_probereq_get(&local->hw, &sdata->vif,
1033 ssid, ssid_len, 1048 ssid, ssid_len,
@@ -1040,8 +1055,20 @@ void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1040 } 1055 }
1041 1056
1042 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 1057 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
1043 ieee80211_tx_skb(sdata, skb);
1044 kfree(buf); 1058 kfree(buf);
1059
1060 return skb;
1061}
1062
1063void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,
1064 const u8 *ssid, size_t ssid_len,
1065 const u8 *ie, size_t ie_len)
1066{
1067 struct sk_buff *skb;
1068
1069 skb = ieee80211_build_probe_req(sdata, dst, ssid, ssid_len, ie, ie_len);
1070 if (skb)
1071 ieee80211_tx_skb(sdata, skb);
1045} 1072}
1046 1073
1047u32 ieee80211_sta_get_rates(struct ieee80211_local *local, 1074u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
@@ -1083,6 +1110,7 @@ u32 ieee80211_sta_get_rates(struct ieee80211_local *local,
1083void ieee80211_stop_device(struct ieee80211_local *local) 1110void ieee80211_stop_device(struct ieee80211_local *local)
1084{ 1111{
1085 ieee80211_led_radio(local, false); 1112 ieee80211_led_radio(local, false);
1113 ieee80211_mod_tpt_led_trig(local, 0, IEEE80211_TPT_LEDTRIG_FL_RADIO);
1086 1114
1087 cancel_work_sync(&local->reconfig_filter); 1115 cancel_work_sync(&local->reconfig_filter);
1088 1116
@@ -1097,9 +1125,27 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1097 struct sta_info *sta; 1125 struct sta_info *sta;
1098 int res; 1126 int res;
1099 1127
1128#ifdef CONFIG_PM
1100 if (local->suspended) 1129 if (local->suspended)
1101 local->resuming = true; 1130 local->resuming = true;
1102 1131
1132 if (local->wowlan) {
1133 local->wowlan = false;
1134 res = drv_resume(local);
1135 if (res < 0) {
1136 local->resuming = false;
1137 return res;
1138 }
1139 if (res == 0)
1140 goto wake_up;
1141 WARN_ON(res > 1);
1142 /*
1143 * res is 1, which means the driver requested
1144 * to go through a regular reset on wakeup.
1145 */
1146 }
1147#endif
1148
1103 /* restart hardware */ 1149 /* restart hardware */
1104 if (local->open_count) { 1150 if (local->open_count) {
1105 /* 1151 /*
@@ -1117,6 +1163,8 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1117 } 1163 }
1118 1164
1119 ieee80211_led_radio(local, true); 1165 ieee80211_led_radio(local, true);
1166 ieee80211_mod_tpt_led_trig(local,
1167 IEEE80211_TPT_LEDTRIG_FL_RADIO, 0);
1120 } 1168 }
1121 1169
1122 /* add interfaces */ 1170 /* add interfaces */
@@ -1142,6 +1190,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1142 } 1190 }
1143 mutex_unlock(&local->sta_mtx); 1191 mutex_unlock(&local->sta_mtx);
1144 1192
1193 /* setup fragmentation threshold */
1194 drv_set_frag_threshold(local, hw->wiphy->frag_threshold);
1195
1145 /* setup RTS threshold */ 1196 /* setup RTS threshold */
1146 drv_set_rts_threshold(local, hw->wiphy->rts_threshold); 1197 drv_set_rts_threshold(local, hw->wiphy->rts_threshold);
1147 1198
@@ -1171,7 +1222,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1171 switch (sdata->vif.type) { 1222 switch (sdata->vif.type) {
1172 case NL80211_IFTYPE_STATION: 1223 case NL80211_IFTYPE_STATION:
1173 changed |= BSS_CHANGED_ASSOC; 1224 changed |= BSS_CHANGED_ASSOC;
1225 mutex_lock(&sdata->u.mgd.mtx);
1174 ieee80211_bss_info_change_notify(sdata, changed); 1226 ieee80211_bss_info_change_notify(sdata, changed);
1227 mutex_unlock(&sdata->u.mgd.mtx);
1175 break; 1228 break;
1176 case NL80211_IFTYPE_ADHOC: 1229 case NL80211_IFTYPE_ADHOC:
1177 changed |= BSS_CHANGED_IBSS; 1230 changed |= BSS_CHANGED_IBSS;
@@ -1189,7 +1242,9 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1189 /* ignore virtual */ 1242 /* ignore virtual */
1190 break; 1243 break;
1191 case NL80211_IFTYPE_UNSPECIFIED: 1244 case NL80211_IFTYPE_UNSPECIFIED:
1192 case __NL80211_IFTYPE_AFTER_LAST: 1245 case NUM_NL80211_IFTYPES:
1246 case NL80211_IFTYPE_P2P_CLIENT:
1247 case NL80211_IFTYPE_P2P_GO:
1193 WARN_ON(1); 1248 WARN_ON(1);
1194 break; 1249 break;
1195 } 1250 }
@@ -1209,7 +1264,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1209 mutex_lock(&local->sta_mtx); 1264 mutex_lock(&local->sta_mtx);
1210 1265
1211 list_for_each_entry(sta, &local->sta_list, list) { 1266 list_for_each_entry(sta, &local->sta_list, list) {
1212 ieee80211_sta_tear_down_BA_sessions(sta); 1267 ieee80211_sta_tear_down_BA_sessions(sta, true);
1213 clear_sta_flags(sta, WLAN_STA_BLOCK_BA); 1268 clear_sta_flags(sta, WLAN_STA_BLOCK_BA);
1214 } 1269 }
1215 1270
@@ -1221,6 +1276,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1221 if (ieee80211_sdata_running(sdata)) 1276 if (ieee80211_sdata_running(sdata))
1222 ieee80211_enable_keys(sdata); 1277 ieee80211_enable_keys(sdata);
1223 1278
1279 wake_up:
1224 ieee80211_wake_queues_by_reason(hw, 1280 ieee80211_wake_queues_by_reason(hw,
1225 IEEE80211_QUEUE_STOP_REASON_SUSPEND); 1281 IEEE80211_QUEUE_STOP_REASON_SUSPEND);
1226 1282
@@ -1253,7 +1309,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
1253 } 1309 }
1254 } 1310 }
1255 1311
1256 add_timer(&local->sta_cleanup); 1312 mod_timer(&local->sta_cleanup, jiffies + 1);
1257 1313
1258 mutex_lock(&local->sta_mtx); 1314 mutex_lock(&local->sta_mtx);
1259 list_for_each_entry(sta, &local->sta_list, list) 1315 list_for_each_entry(sta, &local->sta_list, list)
@@ -1285,17 +1341,13 @@ static int check_mgd_smps(struct ieee80211_if_managed *ifmgd,
1285} 1341}
1286 1342
1287/* must hold iflist_mtx */ 1343/* must hold iflist_mtx */
1288void ieee80211_recalc_smps(struct ieee80211_local *local, 1344void ieee80211_recalc_smps(struct ieee80211_local *local)
1289 struct ieee80211_sub_if_data *forsdata)
1290{ 1345{
1291 struct ieee80211_sub_if_data *sdata; 1346 struct ieee80211_sub_if_data *sdata;
1292 enum ieee80211_smps_mode smps_mode = IEEE80211_SMPS_OFF; 1347 enum ieee80211_smps_mode smps_mode = IEEE80211_SMPS_OFF;
1293 int count = 0; 1348 int count = 0;
1294 1349
1295 if (forsdata) 1350 lockdep_assert_held(&local->iflist_mtx);
1296 WARN_ON(!mutex_is_locked(&forsdata->u.mgd.mtx));
1297
1298 WARN_ON(!mutex_is_locked(&local->iflist_mtx));
1299 1351
1300 /* 1352 /*
1301 * This function could be improved to handle multiple 1353 * This function could be improved to handle multiple
@@ -1308,22 +1360,12 @@ void ieee80211_recalc_smps(struct ieee80211_local *local,
1308 */ 1360 */
1309 1361
1310 list_for_each_entry(sdata, &local->interfaces, list) { 1362 list_for_each_entry(sdata, &local->interfaces, list) {
1311 if (!netif_running(sdata->dev)) 1363 if (!ieee80211_sdata_running(sdata))
1312 continue; 1364 continue;
1313 if (sdata->vif.type != NL80211_IFTYPE_STATION) 1365 if (sdata->vif.type != NL80211_IFTYPE_STATION)
1314 goto set; 1366 goto set;
1315 if (sdata != forsdata) { 1367
1316 /* 1368 count += check_mgd_smps(&sdata->u.mgd, &smps_mode);
1317 * This nested is ok -- we are holding the iflist_mtx
1318 * so can't get here twice or so. But it's required
1319 * since normally we acquire it first and then the
1320 * iflist_mtx.
1321 */
1322 mutex_lock_nested(&sdata->u.mgd.mtx, SINGLE_DEPTH_NESTING);
1323 count += check_mgd_smps(&sdata->u.mgd, &smps_mode);
1324 mutex_unlock(&sdata->u.mgd.mtx);
1325 } else
1326 count += check_mgd_smps(&sdata->u.mgd, &smps_mode);
1327 1369
1328 if (count > 1) { 1370 if (count > 1) {
1329 smps_mode = IEEE80211_SMPS_OFF; 1371 smps_mode = IEEE80211_SMPS_OFF;
diff --git a/net/mac80211/wep.c b/net/mac80211/wep.c
index 9ebc8d8a1f5b..a1c6bfd55f0f 100644
--- a/net/mac80211/wep.c
+++ b/net/mac80211/wep.c
@@ -30,17 +30,15 @@ int ieee80211_wep_init(struct ieee80211_local *local)
30 /* start WEP IV from a random value */ 30 /* start WEP IV from a random value */
31 get_random_bytes(&local->wep_iv, WEP_IV_LEN); 31 get_random_bytes(&local->wep_iv, WEP_IV_LEN);
32 32
33 local->wep_tx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 33 local->wep_tx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC);
34 CRYPTO_ALG_ASYNC);
35 if (IS_ERR(local->wep_tx_tfm)) { 34 if (IS_ERR(local->wep_tx_tfm)) {
36 local->wep_rx_tfm = ERR_PTR(-EINVAL); 35 local->wep_rx_tfm = ERR_PTR(-EINVAL);
37 return PTR_ERR(local->wep_tx_tfm); 36 return PTR_ERR(local->wep_tx_tfm);
38 } 37 }
39 38
40 local->wep_rx_tfm = crypto_alloc_blkcipher("ecb(arc4)", 0, 39 local->wep_rx_tfm = crypto_alloc_cipher("arc4", 0, CRYPTO_ALG_ASYNC);
41 CRYPTO_ALG_ASYNC);
42 if (IS_ERR(local->wep_rx_tfm)) { 40 if (IS_ERR(local->wep_rx_tfm)) {
43 crypto_free_blkcipher(local->wep_tx_tfm); 41 crypto_free_cipher(local->wep_tx_tfm);
44 local->wep_tx_tfm = ERR_PTR(-EINVAL); 42 local->wep_tx_tfm = ERR_PTR(-EINVAL);
45 return PTR_ERR(local->wep_rx_tfm); 43 return PTR_ERR(local->wep_rx_tfm);
46 } 44 }
@@ -51,9 +49,9 @@ int ieee80211_wep_init(struct ieee80211_local *local)
51void ieee80211_wep_free(struct ieee80211_local *local) 49void ieee80211_wep_free(struct ieee80211_local *local)
52{ 50{
53 if (!IS_ERR(local->wep_tx_tfm)) 51 if (!IS_ERR(local->wep_tx_tfm))
54 crypto_free_blkcipher(local->wep_tx_tfm); 52 crypto_free_cipher(local->wep_tx_tfm);
55 if (!IS_ERR(local->wep_rx_tfm)) 53 if (!IS_ERR(local->wep_rx_tfm))
56 crypto_free_blkcipher(local->wep_rx_tfm); 54 crypto_free_cipher(local->wep_rx_tfm);
57} 55}
58 56
59static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen) 57static inline bool ieee80211_wep_weak_iv(u32 iv, int keylen)
@@ -127,12 +125,11 @@ static void ieee80211_wep_remove_iv(struct ieee80211_local *local,
127/* Perform WEP encryption using given key. data buffer must have tailroom 125/* Perform WEP encryption using given key. data buffer must have tailroom
128 * for 4-byte ICV. data_len must not include this ICV. Note: this function 126 * for 4-byte ICV. data_len must not include this ICV. Note: this function
129 * does _not_ add IV. data = RC4(data | CRC32(data)) */ 127 * does _not_ add IV. data = RC4(data | CRC32(data)) */
130int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 128int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
131 size_t klen, u8 *data, size_t data_len) 129 size_t klen, u8 *data, size_t data_len)
132{ 130{
133 struct blkcipher_desc desc = { .tfm = tfm };
134 struct scatterlist sg;
135 __le32 icv; 131 __le32 icv;
132 int i;
136 133
137 if (IS_ERR(tfm)) 134 if (IS_ERR(tfm))
138 return -1; 135 return -1;
@@ -140,9 +137,9 @@ int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key,
140 icv = cpu_to_le32(~crc32_le(~0, data, data_len)); 137 icv = cpu_to_le32(~crc32_le(~0, data, data_len));
141 put_unaligned(icv, (__le32 *)(data + data_len)); 138 put_unaligned(icv, (__le32 *)(data + data_len));
142 139
143 crypto_blkcipher_setkey(tfm, rc4key, klen); 140 crypto_cipher_setkey(tfm, rc4key, klen);
144 sg_init_one(&sg, data, data_len + WEP_ICV_LEN); 141 for (i = 0; i < data_len + WEP_ICV_LEN; i++)
145 crypto_blkcipher_encrypt(&desc, &sg, &sg, sg.length); 142 crypto_cipher_encrypt_one(tfm, data + i, data + i);
146 143
147 return 0; 144 return 0;
148} 145}
@@ -186,19 +183,18 @@ int ieee80211_wep_encrypt(struct ieee80211_local *local,
186/* Perform WEP decryption using given key. data buffer includes encrypted 183/* Perform WEP decryption using given key. data buffer includes encrypted
187 * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV. 184 * payload, including 4-byte ICV, but _not_ IV. data_len must not include ICV.
188 * Return 0 on success and -1 on ICV mismatch. */ 185 * Return 0 on success and -1 on ICV mismatch. */
189int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 186int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
190 size_t klen, u8 *data, size_t data_len) 187 size_t klen, u8 *data, size_t data_len)
191{ 188{
192 struct blkcipher_desc desc = { .tfm = tfm };
193 struct scatterlist sg;
194 __le32 crc; 189 __le32 crc;
190 int i;
195 191
196 if (IS_ERR(tfm)) 192 if (IS_ERR(tfm))
197 return -1; 193 return -1;
198 194
199 crypto_blkcipher_setkey(tfm, rc4key, klen); 195 crypto_cipher_setkey(tfm, rc4key, klen);
200 sg_init_one(&sg, data, data_len + WEP_ICV_LEN); 196 for (i = 0; i < data_len + WEP_ICV_LEN; i++)
201 crypto_blkcipher_decrypt(&desc, &sg, &sg, sg.length); 197 crypto_cipher_decrypt_one(tfm, data + i, data + i);
202 198
203 crc = cpu_to_le32(~crc32_le(~0, data, data_len)); 199 crc = cpu_to_le32(~crc32_le(~0, data, data_len));
204 if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0) 200 if (memcmp(&crc, data + data_len, WEP_ICV_LEN) != 0)
@@ -222,7 +218,7 @@ static int ieee80211_wep_decrypt(struct ieee80211_local *local,
222 struct ieee80211_key *key) 218 struct ieee80211_key *key)
223{ 219{
224 u32 klen; 220 u32 klen;
225 u8 *rc4key; 221 u8 rc4key[3 + WLAN_KEY_LEN_WEP104];
226 u8 keyidx; 222 u8 keyidx;
227 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 223 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
228 unsigned int hdrlen; 224 unsigned int hdrlen;
@@ -240,15 +236,11 @@ static int ieee80211_wep_decrypt(struct ieee80211_local *local,
240 236
241 keyidx = skb->data[hdrlen + 3] >> 6; 237 keyidx = skb->data[hdrlen + 3] >> 6;
242 238
243 if (!key || keyidx != key->conf.keyidx || key->conf.alg != ALG_WEP) 239 if (!key || keyidx != key->conf.keyidx)
244 return -1; 240 return -1;
245 241
246 klen = 3 + key->conf.keylen; 242 klen = 3 + key->conf.keylen;
247 243
248 rc4key = kmalloc(klen, GFP_ATOMIC);
249 if (!rc4key)
250 return -1;
251
252 /* Prepend 24-bit IV to RC4 key */ 244 /* Prepend 24-bit IV to RC4 key */
253 memcpy(rc4key, skb->data + hdrlen, 3); 245 memcpy(rc4key, skb->data + hdrlen, 3);
254 246
@@ -260,8 +252,6 @@ static int ieee80211_wep_decrypt(struct ieee80211_local *local,
260 len)) 252 len))
261 ret = -1; 253 ret = -1;
262 254
263 kfree(rc4key);
264
265 /* Trim ICV */ 255 /* Trim ICV */
266 skb_trim(skb, skb->len - WEP_ICV_LEN); 256 skb_trim(skb, skb->len - WEP_ICV_LEN);
267 257
diff --git a/net/mac80211/wep.h b/net/mac80211/wep.h
index 58654ee33518..01e54840a628 100644
--- a/net/mac80211/wep.h
+++ b/net/mac80211/wep.h
@@ -18,12 +18,12 @@
18 18
19int ieee80211_wep_init(struct ieee80211_local *local); 19int ieee80211_wep_init(struct ieee80211_local *local);
20void ieee80211_wep_free(struct ieee80211_local *local); 20void ieee80211_wep_free(struct ieee80211_local *local);
21int ieee80211_wep_encrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 21int ieee80211_wep_encrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
22 size_t klen, u8 *data, size_t data_len); 22 size_t klen, u8 *data, size_t data_len);
23int ieee80211_wep_encrypt(struct ieee80211_local *local, 23int ieee80211_wep_encrypt(struct ieee80211_local *local,
24 struct sk_buff *skb, 24 struct sk_buff *skb,
25 const u8 *key, int keylen, int keyidx); 25 const u8 *key, int keylen, int keyidx);
26int ieee80211_wep_decrypt_data(struct crypto_blkcipher *tfm, u8 *rc4key, 26int ieee80211_wep_decrypt_data(struct crypto_cipher *tfm, u8 *rc4key,
27 size_t klen, u8 *data, size_t data_len); 27 size_t klen, u8 *data, size_t data_len);
28bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key); 28bool ieee80211_wep_is_weak_iv(struct sk_buff *skb, struct ieee80211_key *key);
29 29
diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c
index 34e6d02da779..28bc084dbfb9 100644
--- a/net/mac80211/wme.c
+++ b/net/mac80211/wme.c
@@ -21,7 +21,16 @@
21/* Default mapping in classifier to work with default 21/* Default mapping in classifier to work with default
22 * queue setup. 22 * queue setup.
23 */ 23 */
24const int ieee802_1d_to_ac[8] = { 2, 3, 3, 2, 1, 1, 0, 0 }; 24const int ieee802_1d_to_ac[8] = {
25 IEEE80211_AC_BE,
26 IEEE80211_AC_BK,
27 IEEE80211_AC_BK,
28 IEEE80211_AC_BE,
29 IEEE80211_AC_VI,
30 IEEE80211_AC_VI,
31 IEEE80211_AC_VO,
32 IEEE80211_AC_VO
33};
25 34
26static int wme_downgrade_ac(struct sk_buff *skb) 35static int wme_downgrade_ac(struct sk_buff *skb)
27{ 36{
@@ -50,26 +59,22 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
50{ 59{
51 struct ieee80211_local *local = sdata->local; 60 struct ieee80211_local *local = sdata->local;
52 struct sta_info *sta = NULL; 61 struct sta_info *sta = NULL;
53 u32 sta_flags = 0;
54 const u8 *ra = NULL; 62 const u8 *ra = NULL;
55 bool qos = false; 63 bool qos = false;
56 64
57 if (local->hw.queues < 4 || skb->len < 6) { 65 if (local->hw.queues < 4 || skb->len < 6) {
58 skb->priority = 0; /* required for correct WPA/11i MIC */ 66 skb->priority = 0; /* required for correct WPA/11i MIC */
59 return min_t(u16, local->hw.queues - 1, 67 return min_t(u16, local->hw.queues - 1, IEEE80211_AC_BE);
60 ieee802_1d_to_ac[skb->priority]);
61 } 68 }
62 69
63 rcu_read_lock(); 70 rcu_read_lock();
64 switch (sdata->vif.type) { 71 switch (sdata->vif.type) {
65 case NL80211_IFTYPE_AP_VLAN: 72 case NL80211_IFTYPE_AP_VLAN:
66 rcu_read_lock();
67 sta = rcu_dereference(sdata->u.vlan.sta); 73 sta = rcu_dereference(sdata->u.vlan.sta);
68 if (sta) 74 if (sta) {
69 sta_flags = get_sta_flags(sta); 75 qos = get_sta_flags(sta) & WLAN_STA_WME;
70 rcu_read_unlock();
71 if (sta)
72 break; 76 break;
77 }
73 case NL80211_IFTYPE_AP: 78 case NL80211_IFTYPE_AP:
74 ra = skb->data; 79 ra = skb->data;
75 break; 80 break;
@@ -98,17 +103,13 @@ u16 ieee80211_select_queue(struct ieee80211_sub_if_data *sdata,
98 if (!sta && ra && !is_multicast_ether_addr(ra)) { 103 if (!sta && ra && !is_multicast_ether_addr(ra)) {
99 sta = sta_info_get(sdata, ra); 104 sta = sta_info_get(sdata, ra);
100 if (sta) 105 if (sta)
101 sta_flags = get_sta_flags(sta); 106 qos = get_sta_flags(sta) & WLAN_STA_WME;
102 } 107 }
103
104 if (sta_flags & WLAN_STA_WME)
105 qos = true;
106
107 rcu_read_unlock(); 108 rcu_read_unlock();
108 109
109 if (!qos) { 110 if (!qos) {
110 skb->priority = 0; /* required for correct WPA/11i MIC */ 111 skb->priority = 0; /* required for correct WPA/11i MIC */
111 return ieee802_1d_to_ac[skb->priority]; 112 return IEEE80211_AC_BE;
112 } 113 }
113 114
114 /* use the data classifier to determine what 802.1d tag the 115 /* use the data classifier to determine what 802.1d tag the
diff --git a/net/mac80211/work.c b/net/mac80211/work.c
index 81d4ad64184a..d2e7f0e86677 100644
--- a/net/mac80211/work.c
+++ b/net/mac80211/work.c
@@ -30,7 +30,6 @@
30#define IEEE80211_AUTH_MAX_TRIES 3 30#define IEEE80211_AUTH_MAX_TRIES 3
31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5) 31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
32#define IEEE80211_ASSOC_MAX_TRIES 3 32#define IEEE80211_ASSOC_MAX_TRIES 3
33#define IEEE80211_MAX_PROBE_TRIES 5
34 33
35enum work_action { 34enum work_action {
36 WORK_ACT_MISMATCH, 35 WORK_ACT_MISMATCH,
@@ -43,7 +42,7 @@ enum work_action {
43/* utils */ 42/* utils */
44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local) 43static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
45{ 44{
46 WARN_ON(!mutex_is_locked(&local->work_mtx)); 45 lockdep_assert_held(&local->mtx);
47} 46}
48 47
49/* 48/*
@@ -66,17 +65,9 @@ static void run_again(struct ieee80211_local *local,
66 mod_timer(&local->work_timer, timeout); 65 mod_timer(&local->work_timer, timeout);
67} 66}
68 67
69static void work_free_rcu(struct rcu_head *head)
70{
71 struct ieee80211_work *wk =
72 container_of(head, struct ieee80211_work, rcu_head);
73
74 kfree(wk);
75}
76
77void free_work(struct ieee80211_work *wk) 68void free_work(struct ieee80211_work *wk)
78{ 69{
79 call_rcu(&wk->rcu_head, work_free_rcu); 70 kfree_rcu(wk, rcu_head);
80} 71}
81 72
82static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len, 73static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
@@ -126,12 +117,6 @@ static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
126 117
127 /* determine capability flags */ 118 /* determine capability flags */
128 119
129 if (ieee80211_disable_40mhz_24ghz &&
130 sband->band == IEEE80211_BAND_2GHZ) {
131 cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
132 cap &= ~IEEE80211_HT_CAP_SGI_40;
133 }
134
135 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 120 switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
136 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 121 case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
137 if (flags & IEEE80211_CHAN_NO_HT40PLUS) { 122 if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
@@ -205,9 +190,8 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
205 struct sk_buff *skb; 190 struct sk_buff *skb;
206 struct ieee80211_mgmt *mgmt; 191 struct ieee80211_mgmt *mgmt;
207 u8 *pos, qos_info; 192 u8 *pos, qos_info;
208 const u8 *ies;
209 size_t offset = 0, noffset; 193 size_t offset = 0, noffset;
210 int i, len, count, rates_len, supp_rates_len; 194 int i, count, rates_len, supp_rates_len;
211 u16 capab; 195 u16 capab;
212 struct ieee80211_supported_band *sband; 196 struct ieee80211_supported_band *sband;
213 u32 rates = 0; 197 u32 rates = 0;
@@ -292,7 +276,7 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
292 } 276 }
293 277
294 /* SSID */ 278 /* SSID */
295 ies = pos = skb_put(skb, 2 + wk->assoc.ssid_len); 279 pos = skb_put(skb, 2 + wk->assoc.ssid_len);
296 *pos++ = WLAN_EID_SSID; 280 *pos++ = WLAN_EID_SSID;
297 *pos++ = wk->assoc.ssid_len; 281 *pos++ = wk->assoc.ssid_len;
298 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len); 282 memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
@@ -302,7 +286,6 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
302 if (supp_rates_len > 8) 286 if (supp_rates_len > 8)
303 supp_rates_len = 8; 287 supp_rates_len = 8;
304 288
305 len = sband->n_bitrates;
306 pos = skb_put(skb, supp_rates_len + 2); 289 pos = skb_put(skb, supp_rates_len + 2);
307 *pos++ = WLAN_EID_SUPP_RATES; 290 *pos++ = WLAN_EID_SUPP_RATES;
308 *pos++ = supp_rates_len; 291 *pos++ = supp_rates_len;
@@ -458,8 +441,9 @@ ieee80211_direct_probe(struct ieee80211_work *wk)
458 return WORK_ACT_TIMEOUT; 441 return WORK_ACT_TIMEOUT;
459 } 442 }
460 443
461 printk(KERN_DEBUG "%s: direct probe to %pM (try %d)\n", 444 printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
462 sdata->name, wk->filter_ta, wk->probe_auth.tries); 445 sdata->name, wk->filter_ta, wk->probe_auth.tries,
446 IEEE80211_AUTH_MAX_TRIES);
463 447
464 /* 448 /*
465 * Direct probe is sent to broadcast address as some APs 449 * Direct probe is sent to broadcast address as some APs
@@ -561,6 +545,25 @@ ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
561} 545}
562 546
563static enum work_action __must_check 547static enum work_action __must_check
548ieee80211_offchannel_tx(struct ieee80211_work *wk)
549{
550 if (!wk->started) {
551 wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
552
553 /*
554 * After this, offchan_tx.frame remains but now is no
555 * longer a valid pointer -- we still need it as the
556 * cookie for canceling this work.
557 */
558 ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
559
560 return WORK_ACT_NONE;
561 }
562
563 return WORK_ACT_TIMEOUT;
564}
565
566static enum work_action __must_check
564ieee80211_assoc_beacon_wait(struct ieee80211_work *wk) 567ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
565{ 568{
566 if (wk->started) 569 if (wk->started)
@@ -757,7 +760,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
757 mgmt = (struct ieee80211_mgmt *) skb->data; 760 mgmt = (struct ieee80211_mgmt *) skb->data;
758 fc = le16_to_cpu(mgmt->frame_control); 761 fc = le16_to_cpu(mgmt->frame_control);
759 762
760 mutex_lock(&local->work_mtx); 763 mutex_lock(&local->mtx);
761 764
762 list_for_each_entry(wk, &local->work_list, list) { 765 list_for_each_entry(wk, &local->work_list, list) {
763 const u8 *bssid = NULL; 766 const u8 *bssid = NULL;
@@ -833,7 +836,7 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
833 WARN(1, "unexpected: %d", rma); 836 WARN(1, "unexpected: %d", rma);
834 } 837 }
835 838
836 mutex_unlock(&local->work_mtx); 839 mutex_unlock(&local->mtx);
837 840
838 if (rma != WORK_ACT_DONE) 841 if (rma != WORK_ACT_DONE)
839 goto out; 842 goto out;
@@ -845,15 +848,53 @@ static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
845 case WORK_DONE_REQUEUE: 848 case WORK_DONE_REQUEUE:
846 synchronize_rcu(); 849 synchronize_rcu();
847 wk->started = false; /* restart */ 850 wk->started = false; /* restart */
848 mutex_lock(&local->work_mtx); 851 mutex_lock(&local->mtx);
849 list_add_tail(&wk->list, &local->work_list); 852 list_add_tail(&wk->list, &local->work_list);
850 mutex_unlock(&local->work_mtx); 853 mutex_unlock(&local->mtx);
851 } 854 }
852 855
853 out: 856 out:
854 kfree_skb(skb); 857 kfree_skb(skb);
855} 858}
856 859
860static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct,
861 enum nl80211_channel_type oper_ct)
862{
863 switch (wk_ct) {
864 case NL80211_CHAN_NO_HT:
865 return true;
866 case NL80211_CHAN_HT20:
867 if (oper_ct != NL80211_CHAN_NO_HT)
868 return true;
869 return false;
870 case NL80211_CHAN_HT40MINUS:
871 case NL80211_CHAN_HT40PLUS:
872 return (wk_ct == oper_ct);
873 }
874 WARN_ON(1); /* shouldn't get here */
875 return false;
876}
877
878static enum nl80211_channel_type
879ieee80211_calc_ct(enum nl80211_channel_type wk_ct,
880 enum nl80211_channel_type oper_ct)
881{
882 switch (wk_ct) {
883 case NL80211_CHAN_NO_HT:
884 return oper_ct;
885 case NL80211_CHAN_HT20:
886 if (oper_ct != NL80211_CHAN_NO_HT)
887 return oper_ct;
888 return wk_ct;
889 case NL80211_CHAN_HT40MINUS:
890 case NL80211_CHAN_HT40PLUS:
891 return wk_ct;
892 }
893 WARN_ON(1); /* shouldn't get here */
894 return wk_ct;
895}
896
897
857static void ieee80211_work_timer(unsigned long data) 898static void ieee80211_work_timer(unsigned long data)
858{ 899{
859 struct ieee80211_local *local = (void *) data; 900 struct ieee80211_local *local = (void *) data;
@@ -888,9 +929,9 @@ static void ieee80211_work_work(struct work_struct *work)
888 while ((skb = skb_dequeue(&local->work_skb_queue))) 929 while ((skb = skb_dequeue(&local->work_skb_queue)))
889 ieee80211_work_rx_queued_mgmt(local, skb); 930 ieee80211_work_rx_queued_mgmt(local, skb);
890 931
891 ieee80211_recalc_idle(local); 932 mutex_lock(&local->mtx);
892 933
893 mutex_lock(&local->work_mtx); 934 ieee80211_recalc_idle(local);
894 935
895 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 936 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
896 bool started = wk->started; 937 bool started = wk->started;
@@ -904,18 +945,52 @@ static void ieee80211_work_work(struct work_struct *work)
904 } 945 }
905 946
906 if (!started && !local->tmp_channel) { 947 if (!started && !local->tmp_channel) {
948 bool on_oper_chan;
949 bool tmp_chan_changed = false;
950 bool on_oper_chan2;
951 enum nl80211_channel_type wk_ct;
952 on_oper_chan = ieee80211_cfg_on_oper_channel(local);
953
954 /* Work with existing channel type if possible. */
955 wk_ct = wk->chan_type;
956 if (wk->chan == local->hw.conf.channel)
957 wk_ct = ieee80211_calc_ct(wk->chan_type,
958 local->hw.conf.channel_type);
959
960 if (local->tmp_channel)
961 if ((local->tmp_channel != wk->chan) ||
962 (local->tmp_channel_type != wk_ct))
963 tmp_chan_changed = true;
964
965 local->tmp_channel = wk->chan;
966 local->tmp_channel_type = wk_ct;
907 /* 967 /*
908 * TODO: could optimize this by leaving the 968 * Leave the station vifs in awake mode if they
909 * station vifs in awake mode if they 969 * happen to be on the same channel as
910 * happen to be on the same channel as 970 * the requested channel.
911 * the requested channel
912 */ 971 */
913 ieee80211_offchannel_stop_beaconing(local); 972 on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
914 ieee80211_offchannel_stop_station(local); 973 if (on_oper_chan != on_oper_chan2) {
974 if (on_oper_chan2) {
975 /* going off oper channel, PS too */
976 ieee80211_offchannel_stop_vifs(local,
977 true);
978 ieee80211_hw_config(local, 0);
979 } else {
980 /* going on channel, but leave PS
981 * off-channel. */
982 ieee80211_hw_config(local, 0);
983 ieee80211_offchannel_return(local,
984 true,
985 false);
986 }
987 } else if (tmp_chan_changed)
988 /* Still off-channel, but on some other
989 * channel, so update hardware.
990 * PS should already be off-channel.
991 */
992 ieee80211_hw_config(local, 0);
915 993
916 local->tmp_channel = wk->chan;
917 local->tmp_channel_type = wk->chan_type;
918 ieee80211_hw_config(local, 0);
919 started = true; 994 started = true;
920 wk->timeout = jiffies; 995 wk->timeout = jiffies;
921 } 996 }
@@ -955,6 +1030,9 @@ static void ieee80211_work_work(struct work_struct *work)
955 case IEEE80211_WORK_REMAIN_ON_CHANNEL: 1030 case IEEE80211_WORK_REMAIN_ON_CHANNEL:
956 rma = ieee80211_remain_on_channel_timeout(wk); 1031 rma = ieee80211_remain_on_channel_timeout(wk);
957 break; 1032 break;
1033 case IEEE80211_WORK_OFFCHANNEL_TX:
1034 rma = ieee80211_offchannel_tx(wk);
1035 break;
958 case IEEE80211_WORK_ASSOC_BEACON_WAIT: 1036 case IEEE80211_WORK_ASSOC_BEACON_WAIT:
959 rma = ieee80211_assoc_beacon_wait(wk); 1037 rma = ieee80211_assoc_beacon_wait(wk);
960 break; 1038 break;
@@ -982,33 +1060,48 @@ static void ieee80211_work_work(struct work_struct *work)
982 continue; 1060 continue;
983 if (wk->chan != local->tmp_channel) 1061 if (wk->chan != local->tmp_channel)
984 continue; 1062 continue;
985 if (wk->chan_type != local->tmp_channel_type) 1063 if (ieee80211_work_ct_coexists(wk->chan_type,
1064 local->tmp_channel_type))
986 continue; 1065 continue;
987 remain_off_channel = true; 1066 remain_off_channel = true;
988 } 1067 }
989 1068
990 if (!remain_off_channel && local->tmp_channel) { 1069 if (!remain_off_channel && local->tmp_channel) {
1070 bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
991 local->tmp_channel = NULL; 1071 local->tmp_channel = NULL;
992 ieee80211_hw_config(local, 0); 1072 /* If tmp_channel wasn't operating channel, then
993 ieee80211_offchannel_return(local, true); 1073 * we need to go back on-channel.
1074 * NOTE: If we can ever be here while scannning,
1075 * or if the hw_config() channel config logic changes,
1076 * then we may need to do a more thorough check to see if
1077 * we still need to do a hardware config. Currently,
1078 * we cannot be here while scanning, however.
1079 */
1080 if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan)
1081 ieee80211_hw_config(local, 0);
1082
1083 /* At the least, we need to disable offchannel_ps,
1084 * so just go ahead and run the entire offchannel
1085 * return logic here. We *could* skip enabling
1086 * beaconing if we were already on-oper-channel
1087 * as a future optimization.
1088 */
1089 ieee80211_offchannel_return(local, true, true);
1090
994 /* give connection some time to breathe */ 1091 /* give connection some time to breathe */
995 run_again(local, jiffies + HZ/2); 1092 run_again(local, jiffies + HZ/2);
996 } 1093 }
997 1094
998 mutex_lock(&local->scan_mtx);
999
1000 if (list_empty(&local->work_list) && local->scan_req && 1095 if (list_empty(&local->work_list) && local->scan_req &&
1001 !local->scanning) 1096 !local->scanning)
1002 ieee80211_queue_delayed_work(&local->hw, 1097 ieee80211_queue_delayed_work(&local->hw,
1003 &local->scan_work, 1098 &local->scan_work,
1004 round_jiffies_relative(0)); 1099 round_jiffies_relative(0));
1005 1100
1006 mutex_unlock(&local->scan_mtx);
1007
1008 mutex_unlock(&local->work_mtx);
1009
1010 ieee80211_recalc_idle(local); 1101 ieee80211_recalc_idle(local);
1011 1102
1103 mutex_unlock(&local->mtx);
1104
1012 list_for_each_entry_safe(wk, tmp, &free_work, list) { 1105 list_for_each_entry_safe(wk, tmp, &free_work, list) {
1013 wk->done(wk, NULL); 1106 wk->done(wk, NULL);
1014 list_del(&wk->list); 1107 list_del(&wk->list);
@@ -1035,16 +1128,15 @@ void ieee80211_add_work(struct ieee80211_work *wk)
1035 wk->started = false; 1128 wk->started = false;
1036 1129
1037 local = wk->sdata->local; 1130 local = wk->sdata->local;
1038 mutex_lock(&local->work_mtx); 1131 mutex_lock(&local->mtx);
1039 list_add_tail(&wk->list, &local->work_list); 1132 list_add_tail(&wk->list, &local->work_list);
1040 mutex_unlock(&local->work_mtx); 1133 mutex_unlock(&local->mtx);
1041 1134
1042 ieee80211_queue_work(&local->hw, &local->work_work); 1135 ieee80211_queue_work(&local->hw, &local->work_work);
1043} 1136}
1044 1137
1045void ieee80211_work_init(struct ieee80211_local *local) 1138void ieee80211_work_init(struct ieee80211_local *local)
1046{ 1139{
1047 mutex_init(&local->work_mtx);
1048 INIT_LIST_HEAD(&local->work_list); 1140 INIT_LIST_HEAD(&local->work_list);
1049 setup_timer(&local->work_timer, ieee80211_work_timer, 1141 setup_timer(&local->work_timer, ieee80211_work_timer,
1050 (unsigned long)local); 1142 (unsigned long)local);
@@ -1056,28 +1148,31 @@ void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1056{ 1148{
1057 struct ieee80211_local *local = sdata->local; 1149 struct ieee80211_local *local = sdata->local;
1058 struct ieee80211_work *wk; 1150 struct ieee80211_work *wk;
1151 bool cleanup = false;
1059 1152
1060 mutex_lock(&local->work_mtx); 1153 mutex_lock(&local->mtx);
1061 list_for_each_entry(wk, &local->work_list, list) { 1154 list_for_each_entry(wk, &local->work_list, list) {
1062 if (wk->sdata != sdata) 1155 if (wk->sdata != sdata)
1063 continue; 1156 continue;
1157 cleanup = true;
1064 wk->type = IEEE80211_WORK_ABORT; 1158 wk->type = IEEE80211_WORK_ABORT;
1065 wk->started = true; 1159 wk->started = true;
1066 wk->timeout = jiffies; 1160 wk->timeout = jiffies;
1067 } 1161 }
1068 mutex_unlock(&local->work_mtx); 1162 mutex_unlock(&local->mtx);
1069 1163
1070 /* run cleanups etc. */ 1164 /* run cleanups etc. */
1071 ieee80211_work_work(&local->work_work); 1165 if (cleanup)
1166 ieee80211_work_work(&local->work_work);
1072 1167
1073 mutex_lock(&local->work_mtx); 1168 mutex_lock(&local->mtx);
1074 list_for_each_entry(wk, &local->work_list, list) { 1169 list_for_each_entry(wk, &local->work_list, list) {
1075 if (wk->sdata != sdata) 1170 if (wk->sdata != sdata)
1076 continue; 1171 continue;
1077 WARN_ON(1); 1172 WARN_ON(1);
1078 break; 1173 break;
1079 } 1174 }
1080 mutex_unlock(&local->work_mtx); 1175 mutex_unlock(&local->mtx);
1081} 1176}
1082 1177
1083ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata, 1178ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
@@ -1163,7 +1258,7 @@ int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1163 struct ieee80211_work *wk, *tmp; 1258 struct ieee80211_work *wk, *tmp;
1164 bool found = false; 1259 bool found = false;
1165 1260
1166 mutex_lock(&local->work_mtx); 1261 mutex_lock(&local->mtx);
1167 list_for_each_entry_safe(wk, tmp, &local->work_list, list) { 1262 list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1168 if ((unsigned long) wk == cookie) { 1263 if ((unsigned long) wk == cookie) {
1169 wk->timeout = jiffies; 1264 wk->timeout = jiffies;
@@ -1171,7 +1266,7 @@ int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1171 break; 1266 break;
1172 } 1267 }
1173 } 1268 }
1174 mutex_unlock(&local->work_mtx); 1269 mutex_unlock(&local->mtx);
1175 1270
1176 if (!found) 1271 if (!found)
1177 return -ENOENT; 1272 return -ENOENT;
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index 8d59d27d887e..8f6a302d2ac3 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -26,18 +26,17 @@
26ieee80211_tx_result 26ieee80211_tx_result
27ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx) 27ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
28{ 28{
29 u8 *data, *key, *mic, key_offset; 29 u8 *data, *key, *mic;
30 size_t data_len; 30 size_t data_len;
31 unsigned int hdrlen; 31 unsigned int hdrlen;
32 struct ieee80211_hdr *hdr; 32 struct ieee80211_hdr *hdr;
33 struct sk_buff *skb = tx->skb; 33 struct sk_buff *skb = tx->skb;
34 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 34 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
35 int authenticator;
36 int tail; 35 int tail;
37 36
38 hdr = (struct ieee80211_hdr *)skb->data; 37 hdr = (struct ieee80211_hdr *)skb->data;
39 if (!tx->key || tx->key->conf.alg != ALG_TKIP || skb->len < 24 || 38 if (!tx->key || tx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
40 !ieee80211_is_data_present(hdr->frame_control)) 39 skb->len < 24 || !ieee80211_is_data_present(hdr->frame_control))
41 return TX_CONTINUE; 40 return TX_CONTINUE;
42 41
43 hdrlen = ieee80211_hdrlen(hdr->frame_control); 42 hdrlen = ieee80211_hdrlen(hdr->frame_control);
@@ -47,6 +46,11 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
47 data = skb->data + hdrlen; 46 data = skb->data + hdrlen;
48 data_len = skb->len - hdrlen; 47 data_len = skb->len - hdrlen;
49 48
49 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE)) {
50 /* Need to use software crypto for the test */
51 info->control.hw_key = NULL;
52 }
53
50 if (info->control.hw_key && 54 if (info->control.hw_key &&
51 !(tx->flags & IEEE80211_TX_FRAGMENTED) && 55 !(tx->flags & IEEE80211_TX_FRAGMENTED) &&
52 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) { 56 !(tx->key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_MMIC)) {
@@ -62,17 +66,11 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
62 skb_headroom(skb) < TKIP_IV_LEN)) 66 skb_headroom(skb) < TKIP_IV_LEN))
63 return TX_DROP; 67 return TX_DROP;
64 68
65#if 0 69 key = &tx->key->conf.key[NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY];
66 authenticator = fc & IEEE80211_FCTL_FROMDS; /* FIX */
67#else
68 authenticator = 1;
69#endif
70 key_offset = authenticator ?
71 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY :
72 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY;
73 key = &tx->key->conf.key[key_offset];
74 mic = skb_put(skb, MICHAEL_MIC_LEN); 70 mic = skb_put(skb, MICHAEL_MIC_LEN);
75 michael_mic(key, hdr, data, data_len, mic); 71 michael_mic(key, hdr, data, data_len, mic);
72 if (unlikely(info->flags & IEEE80211_TX_INTFL_TKIP_MIC_FAILURE))
73 mic[0]++;
76 74
77 return TX_CONTINUE; 75 return TX_CONTINUE;
78} 76}
@@ -81,23 +79,63 @@ ieee80211_tx_h_michael_mic_add(struct ieee80211_tx_data *tx)
81ieee80211_rx_result 79ieee80211_rx_result
82ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx) 80ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
83{ 81{
84 u8 *data, *key = NULL, key_offset; 82 u8 *data, *key = NULL;
85 size_t data_len; 83 size_t data_len;
86 unsigned int hdrlen; 84 unsigned int hdrlen;
87 u8 mic[MICHAEL_MIC_LEN]; 85 u8 mic[MICHAEL_MIC_LEN];
88 struct sk_buff *skb = rx->skb; 86 struct sk_buff *skb = rx->skb;
89 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 87 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
90 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 88 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
91 int authenticator = 1, wpa_test = 0; 89 int queue = rx->queue;
90
91 /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */
92 if (rx->queue == NUM_RX_DATA_QUEUES - 1)
93 queue = 0;
92 94
93 /* No way to verify the MIC if the hardware stripped it */ 95 /*
94 if (status->flag & RX_FLAG_MMIC_STRIPPED) 96 * it makes no sense to check for MIC errors on anything other
97 * than data frames.
98 */
99 if (!ieee80211_is_data_present(hdr->frame_control))
95 return RX_CONTINUE; 100 return RX_CONTINUE;
96 101
97 if (!rx->key || rx->key->conf.alg != ALG_TKIP || 102 /*
98 !ieee80211_has_protected(hdr->frame_control) || 103 * No way to verify the MIC if the hardware stripped it or
99 !ieee80211_is_data_present(hdr->frame_control)) 104 * the IV with the key index. In this case we have solely rely
105 * on the driver to set RX_FLAG_MMIC_ERROR in the event of a
106 * MIC failure report.
107 */
108 if (status->flag & (RX_FLAG_MMIC_STRIPPED | RX_FLAG_IV_STRIPPED)) {
109 if (status->flag & RX_FLAG_MMIC_ERROR)
110 goto mic_fail;
111
112 if (!(status->flag & RX_FLAG_IV_STRIPPED))
113 goto update_iv;
114
100 return RX_CONTINUE; 115 return RX_CONTINUE;
116 }
117
118 /*
119 * Some hardware seems to generate Michael MIC failure reports; even
120 * though, the frame was not encrypted with TKIP and therefore has no
121 * MIC. Ignore the flag them to avoid triggering countermeasures.
122 */
123 if (!rx->key || rx->key->conf.cipher != WLAN_CIPHER_SUITE_TKIP ||
124 !(status->flag & RX_FLAG_DECRYPTED))
125 return RX_CONTINUE;
126
127 if (rx->sdata->vif.type == NL80211_IFTYPE_AP && rx->key->conf.keyidx) {
128 /*
129 * APs with pairwise keys should never receive Michael MIC
130 * errors for non-zero keyidx because these are reserved for
131 * group keys and only the AP is sending real multicast
132 * frames in the BSS. (
133 */
134 return RX_DROP_UNUSABLE;
135 }
136
137 if (status->flag & RX_FLAG_MMIC_ERROR)
138 goto mic_fail;
101 139
102 hdrlen = ieee80211_hdrlen(hdr->frame_control); 140 hdrlen = ieee80211_hdrlen(hdr->frame_control);
103 if (skb->len < hdrlen + MICHAEL_MIC_LEN) 141 if (skb->len < hdrlen + MICHAEL_MIC_LEN)
@@ -105,35 +143,31 @@ ieee80211_rx_h_michael_mic_verify(struct ieee80211_rx_data *rx)
105 143
106 data = skb->data + hdrlen; 144 data = skb->data + hdrlen;
107 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN; 145 data_len = skb->len - hdrlen - MICHAEL_MIC_LEN;
108 146 key = &rx->key->conf.key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
109#if 0
110 authenticator = fc & IEEE80211_FCTL_TODS; /* FIX */
111#else
112 authenticator = 1;
113#endif
114 key_offset = authenticator ?
115 NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY :
116 NL80211_TKIP_DATA_OFFSET_TX_MIC_KEY;
117 key = &rx->key->conf.key[key_offset];
118 michael_mic(key, hdr, data, data_len, mic); 147 michael_mic(key, hdr, data, data_len, mic);
119 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0 || wpa_test) { 148 if (memcmp(mic, data + data_len, MICHAEL_MIC_LEN) != 0)
120 if (!(rx->flags & IEEE80211_RX_RA_MATCH)) 149 goto mic_fail;
121 return RX_DROP_UNUSABLE;
122
123 mac80211_ev_michael_mic_failure(rx->sdata, rx->key->conf.keyidx,
124 (void *) skb->data, NULL,
125 GFP_ATOMIC);
126 return RX_DROP_UNUSABLE;
127 }
128 150
129 /* remove Michael MIC from payload */ 151 /* remove Michael MIC from payload */
130 skb_trim(skb, skb->len - MICHAEL_MIC_LEN); 152 skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
131 153
154update_iv:
132 /* update IV in key information to be able to detect replays */ 155 /* update IV in key information to be able to detect replays */
133 rx->key->u.tkip.rx[rx->queue].iv32 = rx->tkip_iv32; 156 rx->key->u.tkip.rx[queue].iv32 = rx->tkip_iv32;
134 rx->key->u.tkip.rx[rx->queue].iv16 = rx->tkip_iv16; 157 rx->key->u.tkip.rx[queue].iv16 = rx->tkip_iv16;
135 158
136 return RX_CONTINUE; 159 return RX_CONTINUE;
160
161mic_fail:
162 /*
163 * In some cases the key can be unset - e.g. a multicast packet, in
164 * a driver that supports HW encryption. Send up the key idx only if
165 * the key is set.
166 */
167 mac80211_ev_michael_mic_failure(rx->sdata,
168 rx->key ? rx->key->conf.keyidx : -1,
169 (void *) skb->data, NULL, GFP_ATOMIC);
170 return RX_DROP_UNUSABLE;
137} 171}
138 172
139 173
@@ -208,10 +242,15 @@ ieee80211_rx_result
208ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) 242ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
209{ 243{
210 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data; 244 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) rx->skb->data;
211 int hdrlen, res, hwaccel = 0, wpa_test = 0; 245 int hdrlen, res, hwaccel = 0;
212 struct ieee80211_key *key = rx->key; 246 struct ieee80211_key *key = rx->key;
213 struct sk_buff *skb = rx->skb; 247 struct sk_buff *skb = rx->skb;
214 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); 248 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
249 int queue = rx->queue;
250
251 /* otherwise, TKIP is vulnerable to TID 0 vs. non-QoS replays */
252 if (rx->queue == NUM_RX_DATA_QUEUES - 1)
253 queue = 0;
215 254
216 hdrlen = ieee80211_hdrlen(hdr->frame_control); 255 hdrlen = ieee80211_hdrlen(hdr->frame_control);
217 256
@@ -221,27 +260,21 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx)
221 if (!rx->sta || skb->len - hdrlen < 12) 260 if (!rx->sta || skb->len - hdrlen < 12)
222 return RX_DROP_UNUSABLE; 261 return RX_DROP_UNUSABLE;
223 262
224 if (status->flag & RX_FLAG_DECRYPTED) { 263 /*
225 if (status->flag & RX_FLAG_IV_STRIPPED) { 264 * Let TKIP code verify IV, but skip decryption.
226 /* 265 * In the case where hardware checks the IV as well,
227 * Hardware took care of all processing, including 266 * we don't even get here, see ieee80211_rx_h_decrypt()
228 * replay protection, and stripped the ICV/IV so 267 */
229 * we cannot do any checks here. 268 if (status->flag & RX_FLAG_DECRYPTED)
230 */
231 return RX_CONTINUE;
232 }
233
234 /* let TKIP code verify IV, but skip decryption */
235 hwaccel = 1; 269 hwaccel = 1;
236 }
237 270
238 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm, 271 res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
239 key, skb->data + hdrlen, 272 key, skb->data + hdrlen,
240 skb->len - hdrlen, rx->sta->sta.addr, 273 skb->len - hdrlen, rx->sta->sta.addr,
241 hdr->addr1, hwaccel, rx->queue, 274 hdr->addr1, hwaccel, queue,
242 &rx->tkip_iv32, 275 &rx->tkip_iv32,
243 &rx->tkip_iv16); 276 &rx->tkip_iv16);
244 if (res != TKIP_DECRYPT_OK || wpa_test) 277 if (res != TKIP_DECRYPT_OK)
245 return RX_DROP_UNUSABLE; 278 return RX_DROP_UNUSABLE;
246 279
247 /* Trim ICV */ 280 /* Trim ICV */
@@ -447,10 +480,6 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
447 if (!rx->sta || data_len < 0) 480 if (!rx->sta || data_len < 0)
448 return RX_DROP_UNUSABLE; 481 return RX_DROP_UNUSABLE;
449 482
450 if ((status->flag & RX_FLAG_DECRYPTED) &&
451 (status->flag & RX_FLAG_IV_STRIPPED))
452 return RX_CONTINUE;
453
454 ccmp_hdr2pn(pn, skb->data + hdrlen); 483 ccmp_hdr2pn(pn, skb->data + hdrlen);
455 484
456 queue = ieee80211_is_mgmt(hdr->frame_control) ? 485 queue = ieee80211_is_mgmt(hdr->frame_control) ?
@@ -564,10 +593,6 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx)
564 if (!ieee80211_is_mgmt(hdr->frame_control)) 593 if (!ieee80211_is_mgmt(hdr->frame_control))
565 return RX_CONTINUE; 594 return RX_CONTINUE;
566 595
567 if ((status->flag & RX_FLAG_DECRYPTED) &&
568 (status->flag & RX_FLAG_IV_STRIPPED))
569 return RX_CONTINUE;
570
571 if (skb->len < 24 + sizeof(*mmie)) 596 if (skb->len < 24 + sizeof(*mmie))
572 return RX_DROP_UNUSABLE; 597 return RX_DROP_UNUSABLE;
573 598
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-14 17:13:53 -0400