9 files changed, 125 insertions, 46 deletions
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index fb306814576a..a6893602f87a 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2582,7 +2582,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
                        list_del(&dep->list);
                        mutex_unlock(&local->mtx);
-                        ieee80211_roc_notify_destroy(dep);
+                        ieee80211_roc_notify_destroy(dep, true);
                        return 0;
                }
@@ -2622,7 +2622,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
                        ieee80211_start_next_roc(local);
                mutex_unlock(&local->mtx);
-                ieee80211_roc_notify_destroy(found);
+                ieee80211_roc_notify_destroy(found, true);
        } else {
                /* work may be pending so use it all the time */
                found->abort = true;
@@ -2632,6 +2632,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
                /* work will clean up etc */
                flush_delayed_work(&found->work);
+                WARN_ON(!found->to_be_freed);
+                kfree(found);
        }
        return 0;
diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c
index 78c0d90dd641..931be419ab5a 100644
--- a/net/mac80211/chan.c
+++ b/net/mac80211/chan.c
@@ -63,6 +63,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
                      enum ieee80211_chanctx_mode mode)
 {
        struct ieee80211_chanctx *ctx;
+        u32 changed;
        int err;
        lockdep_assert_held(&local->chanctx_mtx);
@@ -76,6 +77,13 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
        ctx->conf.rx_chains_dynamic = 1;
        ctx->mode = mode;
+        /* acquire mutex to prevent idle from changing */
+        mutex_lock(&local->mtx);
+        /* turn idle off *before* setting channel -- some drivers need that */
+        changed = ieee80211_idle_off(local);
+        if (changed)
+                ieee80211_hw_config(local, changed);
        if (!local->use_chanctx) {
                local->_oper_channel_type =
                        cfg80211_get_chandef_type(chandef);
@@ -85,14 +93,17 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
                err = drv_add_chanctx(local, ctx);
                if (err) {
                        kfree(ctx);
-                        return ERR_PTR(err);
+                        ctx = ERR_PTR(err);
+                        ieee80211_recalc_idle(local);
+                        goto out;
                }
        }
+        /* and keep the mutex held until the new chanctx is on the list */
        list_add_rcu(&ctx->list, &local->chanctx_list);
-        mutex_lock(&local->mtx);
+ out:
-        ieee80211_recalc_idle(local);
        mutex_unlock(&local->mtx);
        return ctx;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 388580a1bada..5672533a0832 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -309,6 +309,7 @@ struct ieee80211_roc_work {
        struct ieee80211_channel *chan;
        bool started, abort, hw_begun, notified;
+        bool to_be_freed;
        unsigned long hw_start_time;
@@ -1347,7 +1348,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local);
 void ieee80211_roc_setup(struct ieee80211_local *local);
 void ieee80211_start_next_roc(struct ieee80211_local *local);
 void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata);
-void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc);
+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
 void ieee80211_sw_roc_work(struct work_struct *work);
 void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
@@ -1361,6 +1362,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
                             enum nl80211_iftype type);
 void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata);
 void ieee80211_remove_interfaces(struct ieee80211_local *local);
+u32 ieee80211_idle_off(struct ieee80211_local *local);
 void ieee80211_recalc_idle(struct ieee80211_local *local);
 void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
                                    const int offset);
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
index baaa8608e52d..9ed49ad0380f 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
@@ -78,7 +78,7 @@ void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata)
                ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER);
 }
-static u32 ieee80211_idle_off(struct ieee80211_local *local)
+static u32 __ieee80211_idle_off(struct ieee80211_local *local)
 {
        if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
                return 0;
@@ -87,7 +87,7 @@ static u32 ieee80211_idle_off(struct ieee80211_local *local)
        return IEEE80211_CONF_CHANGE_IDLE;
 }
-static u32 ieee80211_idle_on(struct ieee80211_local *local)
+static u32 __ieee80211_idle_on(struct ieee80211_local *local)
 {
        if (local->hw.conf.flags & IEEE80211_CONF_IDLE)
                return 0;
@@ -98,16 +98,18 @@ static u32 ieee80211_idle_on(struct ieee80211_local *local)
        return IEEE80211_CONF_CHANGE_IDLE;
 }
-void ieee80211_recalc_idle(struct ieee80211_local *local)
+static u32 __ieee80211_recalc_idle(struct ieee80211_local *local,
+                                   bool force_active)
 {
        bool working = false, scanning, active;
        unsigned int led_trig_start = 0, led_trig_stop = 0;
        struct ieee80211_roc_work *roc;
-        u32 change;
        lockdep_assert_held(&local->mtx);
-        active = !list_empty(&local->chanctx_list) || local->monitors;
+        active = force_active ||
+                 !list_empty(&local->chanctx_list) ||
+                 local->monitors;
        if (!local->ops->remain_on_channel) {
                list_for_each_entry(roc, &local->roc_list, list) {
@@ -132,9 +134,18 @@ void ieee80211_recalc_idle(struct ieee80211_local *local)
        ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
        if (working || scanning || active)
-                change = ieee80211_idle_off(local);
+                return __ieee80211_idle_off(local);
-        else
+        return __ieee80211_idle_on(local);
-                change = ieee80211_idle_on(local);
+}
+u32 ieee80211_idle_off(struct ieee80211_local *local)
+{
+        return __ieee80211_recalc_idle(local, true);
+}
+void ieee80211_recalc_idle(struct ieee80211_local *local)
+{
+        u32 change = __ieee80211_recalc_idle(local, false);
        if (change)
                ieee80211_hw_config(local, change);
 }
@@ -349,21 +360,19 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
 static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
 {
        struct ieee80211_sub_if_data *sdata;
-        int ret = 0;
+        int ret;
        if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
                return 0;
-        mutex_lock(&local->iflist_mtx);
+        ASSERT_RTNL();
        if (local->monitor_sdata)
-                goto out_unlock;
+                return 0;
        sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
-        if (!sdata) {
+        if (!sdata)
-                ret = -ENOMEM;
+                return -ENOMEM;
-                goto out_unlock;
-        }
        /* set up data */
        sdata->local = local;
@@ -377,13 +386,13 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
        if (WARN_ON(ret)) {
                /* ok .. stupid driver, it asked for this! */
                kfree(sdata);
-                goto out_unlock;
+                return ret;
        }
        ret = ieee80211_check_queues(sdata);
        if (ret) {
                kfree(sdata);
-                goto out_unlock;
+                return ret;
        }
        ret = ieee80211_vif_use_channel(sdata, &local->monitor_chandef,
@@ -391,13 +400,14 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
        if (ret) {
                drv_remove_interface(local, sdata);
                kfree(sdata);
-                goto out_unlock;
+                return ret;
        }
+        mutex_lock(&local->iflist_mtx);
        rcu_assign_pointer(local->monitor_sdata, sdata);
- out_unlock:
        mutex_unlock(&local->iflist_mtx);
-        return ret;
+        return 0;
 }
 static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
@@ -407,14 +417,20 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
        if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
                return;
+        ASSERT_RTNL();
        mutex_lock(&local->iflist_mtx);
        sdata = rcu_dereference_protected(local->monitor_sdata,
                                          lockdep_is_held(&local->iflist_mtx));
-        if (!sdata)
+        if (!sdata) {
-                goto out_unlock;
+                mutex_unlock(&local->iflist_mtx);
+                return;
+        }
        rcu_assign_pointer(local->monitor_sdata, NULL);
+        mutex_unlock(&local->iflist_mtx);
        synchronize_net();
        ieee80211_vif_release_channel(sdata);
@@ -422,8 +438,6 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
        drv_remove_interface(local, sdata);
        kfree(sdata);
- out_unlock:
-        mutex_unlock(&local->iflist_mtx);
 }
 /*
diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index 29ce2aa87e7b..4749b3858695 100644
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -1060,7 +1060,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
        rcu_read_lock();
        list_for_each_entry_rcu(sdata, &local->interfaces, list)
-                if (ieee80211_vif_is_mesh(&sdata->vif))
+                if (ieee80211_vif_is_mesh(&sdata->vif) &&
+                    ieee80211_sdata_running(sdata))
                        ieee80211_queue_work(&local->hw, &sdata->work);
        rcu_read_unlock();
 }
diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c
index 141577412d84..346ad4cfb013 100644
--- a/net/mac80211/mlme.c
+++ b/net/mac80211/mlme.c
@@ -3608,8 +3608,10 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
        /* Restart STA timers */
        rcu_read_lock();
-        list_for_each_entry_rcu(sdata, &local->interfaces, list)
+        list_for_each_entry_rcu(sdata, &local->interfaces, list) {
-                ieee80211_restart_sta_timer(sdata);
+                if (ieee80211_sdata_running(sdata))
+                        ieee80211_restart_sta_timer(sdata);
+        }
        rcu_read_unlock();
 }
@@ -3962,8 +3964,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
        /* prep auth_data so we don't go into idle on disassoc */
        ifmgd->auth_data = auth_data;
-        if (ifmgd->associated)
+        if (ifmgd->associated) {
-                ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
+                u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
+                ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
+                                       WLAN_REASON_UNSPECIFIED,
+                                       false, frame_buf);
+                __cfg80211_send_deauth(sdata->dev, frame_buf,
+                                       sizeof(frame_buf));
+        }
        sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
@@ -4023,8 +4033,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
        mutex_lock(&ifmgd->mtx);
-        if (ifmgd->associated)
+        if (ifmgd->associated) {
-                ieee80211_set_disassoc(sdata, 0, 0, false, NULL);
+                u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
+                ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
+                                       WLAN_REASON_UNSPECIFIED,
+                                       false, frame_buf);
+                __cfg80211_send_deauth(sdata->dev, frame_buf,
+                                       sizeof(frame_buf));
+        }
        if (ifmgd->auth_data && !ifmgd->auth_data->done) {
                err = -EBUSY;
diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c
index cc79b4a2e821..430bd254e496 100644
--- a/net/mac80211/offchannel.c
+++ b/net/mac80211/offchannel.c
@@ -297,10 +297,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
        }
 }
-void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
+void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free)
 {
        struct ieee80211_roc_work *dep, *tmp;
+        if (WARN_ON(roc->to_be_freed))
+                return;
        /* was never transmitted */
        if (roc->frame) {
                cfg80211_mgmt_tx_status(&roc->sdata->wdev,
@@ -316,9 +319,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
                                                   GFP_KERNEL);
        list_for_each_entry_safe(dep, tmp, &roc->dependents, list)
-                ieee80211_roc_notify_destroy(dep);
+                ieee80211_roc_notify_destroy(dep, true);
-        kfree(roc);
+        if (free)
+                kfree(roc);
+        else
+                roc->to_be_freed = true;
 }
 void ieee80211_sw_roc_work(struct work_struct *work)
@@ -331,6 +337,9 @@ void ieee80211_sw_roc_work(struct work_struct *work)
        mutex_lock(&local->mtx);
+        if (roc->to_be_freed)
+                goto out_unlock;
        if (roc->abort)
                goto finish;
@@ -370,7 +379,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
 finish:
                list_del(&roc->list);
                started = roc->started;
-                ieee80211_roc_notify_destroy(roc);
+                ieee80211_roc_notify_destroy(roc, !roc->abort);
                if (started) {
                        drv_flush(local, false);
@@ -410,7 +419,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work)
        list_del(&roc->list);
-        ieee80211_roc_notify_destroy(roc);
+        ieee80211_roc_notify_destroy(roc, true);
        /* if there's another roc, start it now */
        ieee80211_start_next_roc(local);
@@ -460,12 +469,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata)
        list_for_each_entry_safe(roc, tmp, &tmp_list, list) {
                if (local->ops->remain_on_channel) {
                        list_del(&roc->list);
-                        ieee80211_roc_notify_destroy(roc);
+                        ieee80211_roc_notify_destroy(roc, true);
                } else {
                        ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);
                        /* work will clean up etc */
                        flush_delayed_work(&roc->work);
+                        WARN_ON(!roc->to_be_freed);
+                        kfree(roc);
                }
        }
diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index bb73ed2d20b9..c6844ad080be 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -2675,7 +2675,19 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
                memset(nskb->cb, 0, sizeof(nskb->cb));
-                ieee80211_tx_skb(rx->sdata, nskb);
+                if (rx->sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
+                        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(nskb);
+                        info->flags = IEEE80211_TX_CTL_TX_OFFCHAN |
+                                      IEEE80211_TX_INTFL_OFFCHAN_TX_OK |
+                                      IEEE80211_TX_CTL_NO_CCK_RATE;
+                        if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
+                                info->hw_queue =
+                                        local->hw.offchannel_tx_hw_queue;
+                }
+                __ieee80211_tx_skb_tid_band(rx->sdata, nskb, 7,
+                                            status->band);
        }
        dev_kfree_skb(rx->skb);
        return RX_QUEUED;
diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c
index a79ce820cb50..238a0cca320e 100644
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -766,6 +766,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
        struct ieee80211_local *local;
        struct ieee80211_sub_if_data *sdata;
        int ret, i;
+        bool have_key = false;
        might_sleep();
@@ -793,12 +794,19 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
        list_del_rcu(&sta->list);
        mutex_lock(&local->key_mtx);
-        for (i = 0; i < NUM_DEFAULT_KEYS; i++)
+        for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
                __ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
-        if (sta->ptk)
+                have_key = true;
+        }
+        if (sta->ptk) {
                __ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
+                have_key = true;
+        }
        mutex_unlock(&local->key_mtx);
+        if (!have_key)
+                synchronize_net();
        sta->dead = true;
        local->num_sta--;

diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c index fb306814576a..a6893602f87a 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c
@@ -2582,7 +2582,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2582	list_del(&dep->list);	2582	list_del(&dep->list);
2583	mutex_unlock(&local->mtx);	2583	mutex_unlock(&local->mtx);
2584		2584
2585	ieee80211_roc_notify_destroy(dep);	2585	ieee80211_roc_notify_destroy(dep, true);
2586	return 0;	2586	return 0;
2587	}	2587	}
2588		2588
@@ -2622,7 +2622,7 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2622	ieee80211_start_next_roc(local);	2622	ieee80211_start_next_roc(local);
2623	mutex_unlock(&local->mtx);	2623	mutex_unlock(&local->mtx);
2624		2624
2625	ieee80211_roc_notify_destroy(found);	2625	ieee80211_roc_notify_destroy(found, true);
2626	} else {	2626	} else {
2627	/* work may be pending so use it all the time */	2627	/* work may be pending so use it all the time */
2628	found->abort = true;	2628	found->abort = true;
@@ -2632,6 +2632,8 @@ static int ieee80211_cancel_roc(struct ieee80211_local *local,
2632		2632
2633	/* work will clean up etc */	2633	/* work will clean up etc */
2634	flush_delayed_work(&found->work);	2634	flush_delayed_work(&found->work);
		2635	WARN_ON(!found->to_be_freed);
		2636	kfree(found);
2635	}	2637	}
2636		2638
2637	return 0;	2639	return 0;


diff --git a/net/mac80211/chan.c b/net/mac80211/chan.c index 78c0d90dd641..931be419ab5a 100644 --- a/net/mac80211/chan.c +++ b/net/mac80211/chan.c
@@ -63,6 +63,7 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
63	enum ieee80211_chanctx_mode mode)	63	enum ieee80211_chanctx_mode mode)
64	{	64	{
65	struct ieee80211_chanctx *ctx;	65	struct ieee80211_chanctx *ctx;
		66	u32 changed;
66	int err;	67	int err;
67		68
68	lockdep_assert_held(&local->chanctx_mtx);	69	lockdep_assert_held(&local->chanctx_mtx);
@@ -76,6 +77,13 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
76	ctx->conf.rx_chains_dynamic = 1;	77	ctx->conf.rx_chains_dynamic = 1;
77	ctx->mode = mode;	78	ctx->mode = mode;
78		79
		80	/* acquire mutex to prevent idle from changing */
		81	mutex_lock(&local->mtx);
		82	/* turn idle off before setting channel -- some drivers need that */
		83	changed = ieee80211_idle_off(local);
		84	if (changed)
		85	ieee80211_hw_config(local, changed);
		86
79	if (!local->use_chanctx) {	87	if (!local->use_chanctx) {
80	local->_oper_channel_type =	88	local->_oper_channel_type =
81	cfg80211_get_chandef_type(chandef);	89	cfg80211_get_chandef_type(chandef);
@@ -85,14 +93,17 @@ ieee80211_new_chanctx(struct ieee80211_local *local,
85	err = drv_add_chanctx(local, ctx);	93	err = drv_add_chanctx(local, ctx);
86	if (err) {	94	if (err) {
87	kfree(ctx);	95	kfree(ctx);
88	return ERR_PTR(err);	96	ctx = ERR_PTR(err);
		97
		98	ieee80211_recalc_idle(local);
		99	goto out;
89	}	100	}
90	}	101	}
91		102
		103	/* and keep the mutex held until the new chanctx is on the list */
92	list_add_rcu(&ctx->list, &local->chanctx_list);	104	list_add_rcu(&ctx->list, &local->chanctx_list);
93		105
94	mutex_lock(&local->mtx);	106	out:
95	ieee80211_recalc_idle(local);
96	mutex_unlock(&local->mtx);	107	mutex_unlock(&local->mtx);
97		108
98	return ctx;	109	return ctx;


diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index 388580a1bada..5672533a0832 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h
@@ -309,6 +309,7 @@ struct ieee80211_roc_work {
309	struct ieee80211_channel *chan;	309	struct ieee80211_channel *chan;
310		310
311	bool started, abort, hw_begun, notified;	311	bool started, abort, hw_begun, notified;
		312	bool to_be_freed;
312		313
313	unsigned long hw_start_time;	314	unsigned long hw_start_time;
314		315
@@ -1347,7 +1348,7 @@ void ieee80211_offchannel_return(struct ieee80211_local *local);
1347	void ieee80211_roc_setup(struct ieee80211_local *local);	1348	void ieee80211_roc_setup(struct ieee80211_local *local);
1348	void ieee80211_start_next_roc(struct ieee80211_local *local);	1349	void ieee80211_start_next_roc(struct ieee80211_local *local);
1349	void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata);	1350	void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata);
1350	void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc);	1351	void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free);
1351	void ieee80211_sw_roc_work(struct work_struct *work);	1352	void ieee80211_sw_roc_work(struct work_struct *work);
1352	void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);	1353	void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc);
1353		1354
@@ -1361,6 +1362,7 @@ int ieee80211_if_change_type(struct ieee80211_sub_if_data *sdata,
1361	enum nl80211_iftype type);	1362	enum nl80211_iftype type);
1362	void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata);	1363	void ieee80211_if_remove(struct ieee80211_sub_if_data *sdata);
1363	void ieee80211_remove_interfaces(struct ieee80211_local *local);	1364	void ieee80211_remove_interfaces(struct ieee80211_local *local);
		1365	u32 ieee80211_idle_off(struct ieee80211_local *local);
1364	void ieee80211_recalc_idle(struct ieee80211_local *local);	1366	void ieee80211_recalc_idle(struct ieee80211_local *local);
1365	void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,	1367	void ieee80211_adjust_monitor_flags(struct ieee80211_sub_if_data *sdata,
1366	const int offset);	1368	const int offset);


diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index baaa8608e52d..9ed49ad0380f 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c
@@ -78,7 +78,7 @@ void ieee80211_recalc_txpower(struct ieee80211_sub_if_data *sdata)
78	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER);	78	ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_TXPOWER);
79	}	79	}
80		80
81	static u32 ieee80211_idle_off(struct ieee80211_local *local)	81	static u32 __ieee80211_idle_off(struct ieee80211_local *local)
82	{	82	{
83	if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))	83	if (!(local->hw.conf.flags & IEEE80211_CONF_IDLE))
84	return 0;	84	return 0;
@@ -87,7 +87,7 @@ static u32 ieee80211_idle_off(struct ieee80211_local *local)
87	return IEEE80211_CONF_CHANGE_IDLE;	87	return IEEE80211_CONF_CHANGE_IDLE;
88	}	88	}
89		89
90	static u32 ieee80211_idle_on(struct ieee80211_local *local)	90	static u32 __ieee80211_idle_on(struct ieee80211_local *local)
91	{	91	{
92	if (local->hw.conf.flags & IEEE80211_CONF_IDLE)	92	if (local->hw.conf.flags & IEEE80211_CONF_IDLE)
93	return 0;	93	return 0;
@@ -98,16 +98,18 @@ static u32 ieee80211_idle_on(struct ieee80211_local *local)
98	return IEEE80211_CONF_CHANGE_IDLE;	98	return IEEE80211_CONF_CHANGE_IDLE;
99	}	99	}
100		100
101	void ieee80211_recalc_idle(struct ieee80211_local *local)	101	static u32 __ieee80211_recalc_idle(struct ieee80211_local *local,
		102	bool force_active)
102	{	103	{
103	bool working = false, scanning, active;	104	bool working = false, scanning, active;
104	unsigned int led_trig_start = 0, led_trig_stop = 0;	105	unsigned int led_trig_start = 0, led_trig_stop = 0;
105	struct ieee80211_roc_work *roc;	106	struct ieee80211_roc_work *roc;
106	u32 change;
107		107
108	lockdep_assert_held(&local->mtx);	108	lockdep_assert_held(&local->mtx);
109		109
110	active = !list_empty(&local->chanctx_list) \|\| local->monitors;	110	active = force_active \|\|
		111	!list_empty(&local->chanctx_list) \|\|
		112	local->monitors;
111		113
112	if (!local->ops->remain_on_channel) {	114	if (!local->ops->remain_on_channel) {
113	list_for_each_entry(roc, &local->roc_list, list) {	115	list_for_each_entry(roc, &local->roc_list, list) {
@@ -132,9 +134,18 @@ void ieee80211_recalc_idle(struct ieee80211_local *local)
132	ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);	134	ieee80211_mod_tpt_led_trig(local, led_trig_start, led_trig_stop);
133		135
134	if (working \|\| scanning \|\| active)	136	if (working \|\| scanning \|\| active)
135	change = ieee80211_idle_off(local);	137	return __ieee80211_idle_off(local);
136	else	138	return __ieee80211_idle_on(local);
137	change = ieee80211_idle_on(local);	139	}
		140
		141	u32 ieee80211_idle_off(struct ieee80211_local *local)
		142	{
		143	return __ieee80211_recalc_idle(local, true);
		144	}
		145
		146	void ieee80211_recalc_idle(struct ieee80211_local *local)
		147	{
		148	u32 change = __ieee80211_recalc_idle(local, false);
138	if (change)	149	if (change)
139	ieee80211_hw_config(local, change);	150	ieee80211_hw_config(local, change);
140	}	151	}
@@ -349,21 +360,19 @@ static void ieee80211_set_default_queues(struct ieee80211_sub_if_data *sdata)
349	static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)	360	static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
350	{	361	{
351	struct ieee80211_sub_if_data *sdata;	362	struct ieee80211_sub_if_data *sdata;
352	int ret = 0;	363	int ret;
353		364
354	if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))	365	if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
355	return 0;	366	return 0;
356		367
357	mutex_lock(&local->iflist_mtx);	368	ASSERT_RTNL();
358		369
359	if (local->monitor_sdata)	370	if (local->monitor_sdata)
360	goto out_unlock;	371	return 0;
361		372
362	sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);	373	sdata = kzalloc(sizeof(*sdata) + local->hw.vif_data_size, GFP_KERNEL);
363	if (!sdata) {	374	if (!sdata)
364	ret = -ENOMEM;	375	return -ENOMEM;
365	goto out_unlock;
366	}
367		376
368	/* set up data */	377	/* set up data */
369	sdata->local = local;	378	sdata->local = local;
@@ -377,13 +386,13 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
377	if (WARN_ON(ret)) {	386	if (WARN_ON(ret)) {
378	/* ok .. stupid driver, it asked for this! */	387	/* ok .. stupid driver, it asked for this! */
379	kfree(sdata);	388	kfree(sdata);
380	goto out_unlock;	389	return ret;
381	}	390	}
382		391
383	ret = ieee80211_check_queues(sdata);	392	ret = ieee80211_check_queues(sdata);
384	if (ret) {	393	if (ret) {
385	kfree(sdata);	394	kfree(sdata);
386	goto out_unlock;	395	return ret;
387	}	396	}
388		397
389	ret = ieee80211_vif_use_channel(sdata, &local->monitor_chandef,	398	ret = ieee80211_vif_use_channel(sdata, &local->monitor_chandef,
@@ -391,13 +400,14 @@ static int ieee80211_add_virtual_monitor(struct ieee80211_local *local)
391	if (ret) {	400	if (ret) {
392	drv_remove_interface(local, sdata);	401	drv_remove_interface(local, sdata);
393	kfree(sdata);	402	kfree(sdata);
394	goto out_unlock;	403	return ret;
395	}	404	}
396		405
		406	mutex_lock(&local->iflist_mtx);
397	rcu_assign_pointer(local->monitor_sdata, sdata);	407	rcu_assign_pointer(local->monitor_sdata, sdata);
398	out_unlock:
399	mutex_unlock(&local->iflist_mtx);	408	mutex_unlock(&local->iflist_mtx);
400	return ret;	409
		410	return 0;
401	}	411	}
402		412
403	static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)	413	static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
@@ -407,14 +417,20 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
407	if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))	417	if (!(local->hw.flags & IEEE80211_HW_WANT_MONITOR_VIF))
408	return;	418	return;
409		419
		420	ASSERT_RTNL();
		421
410	mutex_lock(&local->iflist_mtx);	422	mutex_lock(&local->iflist_mtx);
411		423
412	sdata = rcu_dereference_protected(local->monitor_sdata,	424	sdata = rcu_dereference_protected(local->monitor_sdata,
413	lockdep_is_held(&local->iflist_mtx));	425	lockdep_is_held(&local->iflist_mtx));
414	if (!sdata)	426	if (!sdata) {
415	goto out_unlock;	427	mutex_unlock(&local->iflist_mtx);
		428	return;
		429	}
416		430
417	rcu_assign_pointer(local->monitor_sdata, NULL);	431	rcu_assign_pointer(local->monitor_sdata, NULL);
		432	mutex_unlock(&local->iflist_mtx);
		433
418	synchronize_net();	434	synchronize_net();
419		435
420	ieee80211_vif_release_channel(sdata);	436	ieee80211_vif_release_channel(sdata);
@@ -422,8 +438,6 @@ static void ieee80211_del_virtual_monitor(struct ieee80211_local *local)
422	drv_remove_interface(local, sdata);	438	drv_remove_interface(local, sdata);
423		439
424	kfree(sdata);	440	kfree(sdata);
425	out_unlock:
426	mutex_unlock(&local->iflist_mtx);
427	}	441	}
428		442
429	/*	443	/*


diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index 29ce2aa87e7b..4749b3858695 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c
@@ -1060,7 +1060,8 @@ void ieee80211_mesh_notify_scan_completed(struct ieee80211_local *local)
1060		1060
1061	rcu_read_lock();	1061	rcu_read_lock();
1062	list_for_each_entry_rcu(sdata, &local->interfaces, list)	1062	list_for_each_entry_rcu(sdata, &local->interfaces, list)
1063	if (ieee80211_vif_is_mesh(&sdata->vif))	1063	if (ieee80211_vif_is_mesh(&sdata->vif) &&
		1064	ieee80211_sdata_running(sdata))
1064	ieee80211_queue_work(&local->hw, &sdata->work);	1065	ieee80211_queue_work(&local->hw, &sdata->work);
1065	rcu_read_unlock();	1066	rcu_read_unlock();
1066	}	1067	}


diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 141577412d84..346ad4cfb013 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c
@@ -3608,8 +3608,10 @@ void ieee80211_mlme_notify_scan_completed(struct ieee80211_local *local)
3608		3608
3609	/* Restart STA timers */	3609	/* Restart STA timers */
3610	rcu_read_lock();	3610	rcu_read_lock();
3611	list_for_each_entry_rcu(sdata, &local->interfaces, list)	3611	list_for_each_entry_rcu(sdata, &local->interfaces, list) {
3612	ieee80211_restart_sta_timer(sdata);	3612	if (ieee80211_sdata_running(sdata))
		3613	ieee80211_restart_sta_timer(sdata);
		3614	}
3613	rcu_read_unlock();	3615	rcu_read_unlock();
3614	}	3616	}
3615		3617
@@ -3962,8 +3964,16 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata,
3962	/* prep auth_data so we don't go into idle on disassoc */	3964	/* prep auth_data so we don't go into idle on disassoc */
3963	ifmgd->auth_data = auth_data;	3965	ifmgd->auth_data = auth_data;
3964		3966
3965	if (ifmgd->associated)	3967	if (ifmgd->associated) {
3966	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);	3968	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
		3969
		3970	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
		3971	WLAN_REASON_UNSPECIFIED,
		3972	false, frame_buf);
		3973
		3974	__cfg80211_send_deauth(sdata->dev, frame_buf,
		3975	sizeof(frame_buf));
		3976	}
3967		3977
3968	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);	3978	sdata_info(sdata, "authenticate with %pM\n", req->bss->bssid);
3969		3979
@@ -4023,8 +4033,16 @@ int ieee80211_mgd_assoc(struct ieee80211_sub_if_data *sdata,
4023		4033
4024	mutex_lock(&ifmgd->mtx);	4034	mutex_lock(&ifmgd->mtx);
4025		4035
4026	if (ifmgd->associated)	4036	if (ifmgd->associated) {
4027	ieee80211_set_disassoc(sdata, 0, 0, false, NULL);	4037	u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN];
		4038
		4039	ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH,
		4040	WLAN_REASON_UNSPECIFIED,
		4041	false, frame_buf);
		4042
		4043	__cfg80211_send_deauth(sdata->dev, frame_buf,
		4044	sizeof(frame_buf));
		4045	}
4028		4046
4029	if (ifmgd->auth_data && !ifmgd->auth_data->done) {	4047	if (ifmgd->auth_data && !ifmgd->auth_data->done) {
4030	err = -EBUSY;	4048	err = -EBUSY;


diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c index cc79b4a2e821..430bd254e496 100644 --- a/net/mac80211/offchannel.c +++ b/net/mac80211/offchannel.c
@@ -297,10 +297,13 @@ void ieee80211_start_next_roc(struct ieee80211_local *local)
297	}	297	}
298	}	298	}
299		299
300	void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)	300	void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc, bool free)
301	{	301	{
302	struct ieee80211_roc_work dep, tmp;	302	struct ieee80211_roc_work dep, tmp;
303		303
		304	if (WARN_ON(roc->to_be_freed))
		305	return;
		306
304	/* was never transmitted */	307	/* was never transmitted */
305	if (roc->frame) {	308	if (roc->frame) {
306	cfg80211_mgmt_tx_status(&roc->sdata->wdev,	309	cfg80211_mgmt_tx_status(&roc->sdata->wdev,
@@ -316,9 +319,12 @@ void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
316	GFP_KERNEL);	319	GFP_KERNEL);
317		320
318	list_for_each_entry_safe(dep, tmp, &roc->dependents, list)	321	list_for_each_entry_safe(dep, tmp, &roc->dependents, list)
319	ieee80211_roc_notify_destroy(dep);	322	ieee80211_roc_notify_destroy(dep, true);
320		323
321	kfree(roc);	324	if (free)
		325	kfree(roc);
		326	else
		327	roc->to_be_freed = true;
322	}	328	}
323		329
324	void ieee80211_sw_roc_work(struct work_struct *work)	330	void ieee80211_sw_roc_work(struct work_struct *work)
@@ -331,6 +337,9 @@ void ieee80211_sw_roc_work(struct work_struct *work)
331		337
332	mutex_lock(&local->mtx);	338	mutex_lock(&local->mtx);
333		339
		340	if (roc->to_be_freed)
		341	goto out_unlock;
		342
334	if (roc->abort)	343	if (roc->abort)
335	goto finish;	344	goto finish;
336		345
@@ -370,7 +379,7 @@ void ieee80211_sw_roc_work(struct work_struct *work)
370	finish:	379	finish:
371	list_del(&roc->list);	380	list_del(&roc->list);
372	started = roc->started;	381	started = roc->started;
373	ieee80211_roc_notify_destroy(roc);	382	ieee80211_roc_notify_destroy(roc, !roc->abort);
374		383
375	if (started) {	384	if (started) {
376	drv_flush(local, false);	385	drv_flush(local, false);
@@ -410,7 +419,7 @@ static void ieee80211_hw_roc_done(struct work_struct *work)
410		419
411	list_del(&roc->list);	420	list_del(&roc->list);
412		421
413	ieee80211_roc_notify_destroy(roc);	422	ieee80211_roc_notify_destroy(roc, true);
414		423
415	/* if there's another roc, start it now */	424	/* if there's another roc, start it now */
416	ieee80211_start_next_roc(local);	425	ieee80211_start_next_roc(local);
@@ -460,12 +469,14 @@ void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata)
460	list_for_each_entry_safe(roc, tmp, &tmp_list, list) {	469	list_for_each_entry_safe(roc, tmp, &tmp_list, list) {
461	if (local->ops->remain_on_channel) {	470	if (local->ops->remain_on_channel) {
462	list_del(&roc->list);	471	list_del(&roc->list);
463	ieee80211_roc_notify_destroy(roc);	472	ieee80211_roc_notify_destroy(roc, true);
464	} else {	473	} else {
465	ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);	474	ieee80211_queue_delayed_work(&local->hw, &roc->work, 0);
466		475
467	/* work will clean up etc */	476	/* work will clean up etc */
468	flush_delayed_work(&roc->work);	477	flush_delayed_work(&roc->work);
		478	WARN_ON(!roc->to_be_freed);
		479	kfree(roc);
469	}	480	}
470	}	481	}
471		482


diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c index bb73ed2d20b9..c6844ad080be 100644 --- a/net/mac80211/rx.c +++ b/net/mac80211/rx.c
@@ -2675,7 +2675,19 @@ ieee80211_rx_h_action_return(struct ieee80211_rx_data *rx)
2675		2675
2676	memset(nskb->cb, 0, sizeof(nskb->cb));	2676	memset(nskb->cb, 0, sizeof(nskb->cb));
2677		2677
2678	ieee80211_tx_skb(rx->sdata, nskb);	2678	if (rx->sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) {
		2679	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(nskb);
		2680
		2681	info->flags = IEEE80211_TX_CTL_TX_OFFCHAN \|
		2682	IEEE80211_TX_INTFL_OFFCHAN_TX_OK \|
		2683	IEEE80211_TX_CTL_NO_CCK_RATE;
		2684	if (local->hw.flags & IEEE80211_HW_QUEUE_CONTROL)
		2685	info->hw_queue =
		2686	local->hw.offchannel_tx_hw_queue;
		2687	}
		2688
		2689	__ieee80211_tx_skb_tid_band(rx->sdata, nskb, 7,
		2690	status->band);
2679	}	2691	}
2680	dev_kfree_skb(rx->skb);	2692	dev_kfree_skb(rx->skb);
2681	return RX_QUEUED;	2693	return RX_QUEUED;


diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index a79ce820cb50..238a0cca320e 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c
@@ -766,6 +766,7 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
766	struct ieee80211_local *local;	766	struct ieee80211_local *local;
767	struct ieee80211_sub_if_data *sdata;	767	struct ieee80211_sub_if_data *sdata;
768	int ret, i;	768	int ret, i;
		769	bool have_key = false;
769		770
770	might_sleep();	771	might_sleep();
771		772
@@ -793,12 +794,19 @@ int __must_check __sta_info_destroy(struct sta_info *sta)
793	list_del_rcu(&sta->list);	794	list_del_rcu(&sta->list);
794		795
795	mutex_lock(&local->key_mtx);	796	mutex_lock(&local->key_mtx);
796	for (i = 0; i < NUM_DEFAULT_KEYS; i++)	797	for (i = 0; i < NUM_DEFAULT_KEYS; i++) {
797	__ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));	798	__ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
798	if (sta->ptk)	799	have_key = true;
		800	}
		801	if (sta->ptk) {
799	__ieee80211_key_free(key_mtx_dereference(local, sta->ptk));	802	__ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
		803	have_key = true;
		804	}
800	mutex_unlock(&local->key_mtx);	805	mutex_unlock(&local->key_mtx);
801		806
		807	if (!have_key)
		808	synchronize_net();
		809
802	sta->dead = true;	810	sta->dead = true;
803		811
804	local->num_sta--;	812	local->num_sta--;