1 /* 2 * HT handling 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2002-2005, Instant802 Networks, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2007-2010, Intel Corporation 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16 #include <linux/ieee80211.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "wme.h" 22 23 /** 24 * DOC: TX A-MPDU aggregation 25 * 26 * Aggregation on the TX side requires setting the hardware flag 27 * %IEEE80211_HW_AMPDU_AGGREGATION. The driver will then be handed 28 * packets with a flag indicating A-MPDU aggregation. The driver 29 * or device is responsible for actually aggregating the frames, 30 * as well as deciding how many and which to aggregate. 31 * 32 * When TX aggregation is started by some subsystem (usually the rate 33 * control algorithm would be appropriate) by calling the 34 * ieee80211_start_tx_ba_session() function, the driver will be 35 * notified via its @ampdu_action function, with the 36 * %IEEE80211_AMPDU_TX_START action. 37 * 38 * In response to that, the driver is later required to call the 39 * ieee80211_start_tx_ba_cb_irqsafe() function, which will really 40 * start the aggregation session after the peer has also responded. 41 * If the peer responds negatively, the session will be stopped 42 * again right away. Note that it is possible for the aggregation 43 * session to be stopped before the driver has indicated that it 44 * is done setting it up, in which case it must not indicate the 45 * setup completion. 46 * 47 * Also note that, since we also need to wait for a response from 48 * the peer, the driver is notified of the completion of the 49 * handshake by the %IEEE80211_AMPDU_TX_OPERATIONAL action to the 50 * @ampdu_action callback. 51 * 52 * Similarly, when the aggregation session is stopped by the peer 53 * or something calling ieee80211_stop_tx_ba_session(), the driver's 54 * @ampdu_action function will be called with the action 55 * %IEEE80211_AMPDU_TX_STOP. In this case, the call must not fail, 56 * and the driver must later call ieee80211_stop_tx_ba_cb_irqsafe(). 57 */ 58 59 static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, 60 const u8 *da, u16 tid, 61 u8 dialog_token, u16 start_seq_num, 62 u16 agg_size, u16 timeout) 63 { 64 struct ieee80211_local *local = sdata->local; 65 struct sk_buff *skb; 66 struct ieee80211_mgmt *mgmt; 67 u16 capab; 68 69 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom); 70 71 if (!skb) { 72 printk(KERN_ERR "%s: failed to allocate buffer " 73 "for addba request frame\n", sdata->name); 74 return; 75 } 76 skb_reserve(skb, local->hw.extra_tx_headroom); 77 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 78 memset(mgmt, 0, 24); 79 memcpy(mgmt->da, da, ETH_ALEN); 80 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 81 if (sdata->vif.type == NL80211_IFTYPE_AP || 82 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 83 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 84 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 85 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 86 87 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 88 IEEE80211_STYPE_ACTION); 89 90 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req)); 91 92 mgmt->u.action.category = WLAN_CATEGORY_BACK; 93 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ; 94 95 mgmt->u.action.u.addba_req.dialog_token = dialog_token; 96 capab = (u16)(1 << 1); /* bit 1 aggregation policy */ 97 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 98 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */ 99 100 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab); 101 102 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout); 103 mgmt->u.action.u.addba_req.start_seq_num = 104 cpu_to_le16(start_seq_num << 4); 105 106 ieee80211_tx_skb(sdata, skb); 107 } 108 109 void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 110 { 111 struct ieee80211_local *local = sdata->local; 112 struct sk_buff *skb; 113 struct ieee80211_bar *bar; 114 u16 bar_control = 0; 115 116 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom); 117 if (!skb) { 118 printk(KERN_ERR "%s: failed to allocate buffer for " 119 "bar frame\n", sdata->name); 120 return; 121 } 122 skb_reserve(skb, local->hw.extra_tx_headroom); 123 bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar)); 124 memset(bar, 0, sizeof(*bar)); 125 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL | 126 IEEE80211_STYPE_BACK_REQ); 127 memcpy(bar->ra, ra, ETH_ALEN); 128 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN); 129 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL; 130 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA; 131 bar_control |= (u16)(tid << 12); 132 bar->control = cpu_to_le16(bar_control); 133 bar->start_seq_num = cpu_to_le16(ssn); 134 135 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 136 ieee80211_tx_skb(sdata, skb); 137 } 138 139 static void kfree_tid_tx(struct rcu_head *rcu_head) 140 { 141 struct tid_ampdu_tx *tid_tx = 142 container_of(rcu_head, struct tid_ampdu_tx, rcu_head); 143 144 kfree(tid_tx); 145 } 146 147 int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 148 enum ieee80211_back_parties initiator) 149 { 150 struct ieee80211_local *local = sta->local; 151 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid]; 152 int ret; 153 154 lockdep_assert_held(&sta->ampdu_mlme.mtx); 155 156 if (!tid_tx) 157 return -ENOENT; 158 159 spin_lock_bh(&sta->lock); 160 161 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) { 162 /* not even started yet! */ 163 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 164 spin_unlock_bh(&sta->lock); 165 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 166 return 0; 167 } 168 169 spin_unlock_bh(&sta->lock); 170 171 #ifdef CONFIG_MAC80211_HT_DEBUG 172 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n", 173 sta->sta.addr, tid); 174 #endif /* CONFIG_MAC80211_HT_DEBUG */ 175 176 set_bit(HT_AGG_STATE_STOPPING, &tid_tx->state); 177 178 /* 179 * After this packets are no longer handed right through 180 * to the driver but are put onto tid_tx->pending instead, 181 * with locking to ensure proper access. 182 */ 183 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state); 184 185 tid_tx->stop_initiator = initiator; 186 187 ret = drv_ampdu_action(local, sta->sdata, 188 IEEE80211_AMPDU_TX_STOP, 189 &sta->sta, tid, NULL); 190 191 /* HW shall not deny going back to legacy */ 192 if (WARN_ON(ret)) { 193 /* 194 * We may have pending packets get stuck in this case... 195 * Not bothering with a workaround for now. 196 */ 197 } 198 199 return ret; 200 } 201 202 /* 203 * After sending add Block Ack request we activated a timer until 204 * add Block Ack response will arrive from the recipient. 205 * If this timer expires sta_addba_resp_timer_expired will be executed. 206 */ 207 static void sta_addba_resp_timer_expired(unsigned long data) 208 { 209 /* not an elegant detour, but there is no choice as the timer passes 210 * only one argument, and both sta_info and TID are needed, so init 211 * flow in sta_info_create gives the TID as data, while the timer_to_id 212 * array gives the sta through container_of */ 213 u16 tid = *(u8 *)data; 214 struct sta_info *sta = container_of((void *)data, 215 struct sta_info, timer_to_tid[tid]); 216 struct tid_ampdu_tx *tid_tx; 217 218 /* check if the TID waits for addBA response */ 219 rcu_read_lock(); 220 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]); 221 if (!tid_tx || 222 test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) { 223 rcu_read_unlock(); 224 #ifdef CONFIG_MAC80211_HT_DEBUG 225 printk(KERN_DEBUG "timer expired on tid %d but we are not " 226 "(or no longer) expecting addBA response there\n", 227 tid); 228 #endif 229 return; 230 } 231 232 #ifdef CONFIG_MAC80211_HT_DEBUG 233 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 234 #endif 235 236 ieee80211_stop_tx_ba_session(&sta->sta, tid); 237 rcu_read_unlock(); 238 } 239 240 static inline int ieee80211_ac_from_tid(int tid) 241 { 242 return ieee802_1d_to_ac[tid & 7]; 243 } 244 245 /* 246 * When multiple aggregation sessions on multiple stations 247 * are being created/destroyed simultaneously, we need to 248 * refcount the global queue stop caused by that in order 249 * to not get into a situation where one of the aggregation 250 * setup or teardown re-enables queues before the other is 251 * ready to handle that. 252 * 253 * These two functions take care of this issue by keeping 254 * a global "agg_queue_stop" refcount. 255 */ 256 static void __acquires(agg_queue) 257 ieee80211_stop_queue_agg(struct ieee80211_local *local, int tid) 258 { 259 int queue = ieee80211_ac_from_tid(tid); 260 261 if (atomic_inc_return(&local->agg_queue_stop[queue]) == 1) 262 ieee80211_stop_queue_by_reason( 263 &local->hw, queue, 264 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 265 __acquire(agg_queue); 266 } 267 268 static void __releases(agg_queue) 269 ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid) 270 { 271 int queue = ieee80211_ac_from_tid(tid); 272 273 if (atomic_dec_return(&local->agg_queue_stop[queue]) == 0) 274 ieee80211_wake_queue_by_reason( 275 &local->hw, queue, 276 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 277 __release(agg_queue); 278 } 279 280 void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) 281 { 282 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid]; 283 struct ieee80211_local *local = sta->local; 284 struct ieee80211_sub_if_data *sdata = sta->sdata; 285 u16 start_seq_num; 286 int ret; 287 288 lockdep_assert_held(&sta->ampdu_mlme.mtx); 289 290 /* 291 * While we're asking the driver about the aggregation, 292 * stop the AC queue so that we don't have to worry 293 * about frames that came in while we were doing that, 294 * which would require us to put them to the AC pending 295 * afterwards which just makes the code more complex. 296 */ 297 ieee80211_stop_queue_agg(local, tid); 298 299 clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state); 300 301 /* 302 * make sure no packets are being processed to get 303 * valid starting sequence number 304 */ 305 synchronize_net(); 306 307 start_seq_num = sta->tid_seq[tid] >> 4; 308 309 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 310 &sta->sta, tid, &start_seq_num); 311 if (ret) { 312 #ifdef CONFIG_MAC80211_HT_DEBUG 313 printk(KERN_DEBUG "BA request denied - HW unavailable for" 314 " tid %d\n", tid); 315 #endif 316 spin_lock_bh(&sta->lock); 317 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 318 spin_unlock_bh(&sta->lock); 319 320 ieee80211_wake_queue_agg(local, tid); 321 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 322 return; 323 } 324 325 /* we can take packets again now */ 326 ieee80211_wake_queue_agg(local, tid); 327 328 /* activate the timer for the recipient's addBA response */ 329 mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL); 330 #ifdef CONFIG_MAC80211_HT_DEBUG 331 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 332 #endif 333 334 spin_lock_bh(&sta->lock); 335 sta->ampdu_mlme.addba_req_num[tid]++; 336 spin_unlock_bh(&sta->lock); 337 338 /* send AddBA request */ 339 ieee80211_send_addba_request(sdata, sta->sta.addr, tid, 340 tid_tx->dialog_token, start_seq_num, 341 0x40, 5000); 342 } 343 344 int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 345 { 346 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 347 struct ieee80211_sub_if_data *sdata = sta->sdata; 348 struct ieee80211_local *local = sdata->local; 349 struct tid_ampdu_tx *tid_tx; 350 int ret = 0; 351 352 trace_api_start_tx_ba_session(pubsta, tid); 353 354 if (WARN_ON(!local->ops->ampdu_action)) 355 return -EINVAL; 356 357 if ((tid >= STA_TID_NUM) || 358 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) 359 return -EINVAL; 360 361 #ifdef CONFIG_MAC80211_HT_DEBUG 362 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 363 pubsta->addr, tid); 364 #endif /* CONFIG_MAC80211_HT_DEBUG */ 365 366 /* 367 * The aggregation code is not prepared to handle 368 * anything but STA/AP due to the BSSID handling. 369 * IBSS could work in the code but isn't supported 370 * by drivers or the standard. 371 */ 372 if (sdata->vif.type != NL80211_IFTYPE_STATION && 373 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 374 sdata->vif.type != NL80211_IFTYPE_AP) 375 return -EINVAL; 376 377 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 378 #ifdef CONFIG_MAC80211_HT_DEBUG 379 printk(KERN_DEBUG "BA sessions blocked. " 380 "Denying BA session request\n"); 381 #endif 382 return -EINVAL; 383 } 384 385 spin_lock_bh(&sta->lock); 386 387 /* we have tried too many times, receiver does not want A-MPDU */ 388 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 389 ret = -EBUSY; 390 goto err_unlock_sta; 391 } 392 393 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 394 /* check if the TID is not in aggregation flow already */ 395 if (tid_tx) { 396 #ifdef CONFIG_MAC80211_HT_DEBUG 397 printk(KERN_DEBUG "BA request denied - session is not " 398 "idle on tid %u\n", tid); 399 #endif /* CONFIG_MAC80211_HT_DEBUG */ 400 ret = -EAGAIN; 401 goto err_unlock_sta; 402 } 403 404 /* prepare A-MPDU MLME for Tx aggregation */ 405 tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 406 if (!tid_tx) { 407 #ifdef CONFIG_MAC80211_HT_DEBUG 408 if (net_ratelimit()) 409 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 410 tid); 411 #endif 412 ret = -ENOMEM; 413 goto err_unlock_sta; 414 } 415 416 skb_queue_head_init(&tid_tx->pending); 417 __set_bit(HT_AGG_STATE_WANT_START, &tid_tx->state); 418 419 /* Tx timer */ 420 tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired; 421 tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid]; 422 init_timer(&tid_tx->addba_resp_timer); 423 424 /* assign a dialog token */ 425 sta->ampdu_mlme.dialog_token_allocator++; 426 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator; 427 428 /* finally, assign it to the array */ 429 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx); 430 431 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work); 432 433 /* this flow continues off the work */ 434 err_unlock_sta: 435 spin_unlock_bh(&sta->lock); 436 return ret; 437 } 438 EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 439 440 /* 441 * splice packets from the STA's pending to the local pending, 442 * requires a call to ieee80211_agg_splice_finish later 443 */ 444 static void __acquires(agg_queue) 445 ieee80211_agg_splice_packets(struct ieee80211_local *local, 446 struct tid_ampdu_tx *tid_tx, u16 tid) 447 { 448 int queue = ieee80211_ac_from_tid(tid); 449 unsigned long flags; 450 451 ieee80211_stop_queue_agg(local, tid); 452 453 if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" 454 " from the pending queue\n", tid)) 455 return; 456 457 if (!skb_queue_empty(&tid_tx->pending)) { 458 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 459 /* copy over remaining packets */ 460 skb_queue_splice_tail_init(&tid_tx->pending, 461 &local->pending[queue]); 462 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 463 } 464 } 465 466 static void __releases(agg_queue) 467 ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) 468 { 469 ieee80211_wake_queue_agg(local, tid); 470 } 471 472 static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 473 struct sta_info *sta, u16 tid) 474 { 475 lockdep_assert_held(&sta->ampdu_mlme.mtx); 476 477 #ifdef CONFIG_MAC80211_HT_DEBUG 478 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid); 479 #endif 480 481 drv_ampdu_action(local, sta->sdata, 482 IEEE80211_AMPDU_TX_OPERATIONAL, 483 &sta->sta, tid, NULL); 484 485 /* 486 * synchronize with TX path, while splicing the TX path 487 * should block so it won't put more packets onto pending. 488 */ 489 spin_lock_bh(&sta->lock); 490 491 ieee80211_agg_splice_packets(local, sta->ampdu_mlme.tid_tx[tid], tid); 492 /* 493 * Now mark as operational. This will be visible 494 * in the TX path, and lets it go lock-free in 495 * the common case. 496 */ 497 set_bit(HT_AGG_STATE_OPERATIONAL, &sta->ampdu_mlme.tid_tx[tid]->state); 498 ieee80211_agg_splice_finish(local, tid); 499 500 spin_unlock_bh(&sta->lock); 501 } 502 503 void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid) 504 { 505 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 506 struct ieee80211_local *local = sdata->local; 507 struct sta_info *sta; 508 struct tid_ampdu_tx *tid_tx; 509 510 trace_api_start_tx_ba_cb(sdata, ra, tid); 511 512 if (tid >= STA_TID_NUM) { 513 #ifdef CONFIG_MAC80211_HT_DEBUG 514 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 515 tid, STA_TID_NUM); 516 #endif 517 return; 518 } 519 520 mutex_lock(&local->sta_mtx); 521 sta = sta_info_get(sdata, ra); 522 if (!sta) { 523 mutex_unlock(&local->sta_mtx); 524 #ifdef CONFIG_MAC80211_HT_DEBUG 525 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 526 #endif 527 return; 528 } 529 530 mutex_lock(&sta->ampdu_mlme.mtx); 531 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 532 533 if (WARN_ON(!tid_tx)) { 534 #ifdef CONFIG_MAC80211_HT_DEBUG 535 printk(KERN_DEBUG "addBA was not requested!\n"); 536 #endif 537 goto unlock; 538 } 539 540 if (WARN_ON(test_and_set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))) 541 goto unlock; 542 543 if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) 544 ieee80211_agg_tx_operational(local, sta, tid); 545 546 unlock: 547 mutex_unlock(&sta->ampdu_mlme.mtx); 548 mutex_unlock(&local->sta_mtx); 549 } 550 551 void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 552 const u8 *ra, u16 tid) 553 { 554 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 555 struct ieee80211_local *local = sdata->local; 556 struct ieee80211_ra_tid *ra_tid; 557 struct sk_buff *skb = dev_alloc_skb(0); 558 559 if (unlikely(!skb)) { 560 #ifdef CONFIG_MAC80211_HT_DEBUG 561 if (net_ratelimit()) 562 printk(KERN_WARNING "%s: Not enough memory, " 563 "dropping start BA session", sdata->name); 564 #endif 565 return; 566 } 567 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 568 memcpy(&ra_tid->ra, ra, ETH_ALEN); 569 ra_tid->tid = tid; 570 571 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_START; 572 skb_queue_tail(&sdata->skb_queue, skb); 573 ieee80211_queue_work(&local->hw, &sdata->work); 574 } 575 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 576 577 int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 578 enum ieee80211_back_parties initiator) 579 { 580 int ret; 581 582 mutex_lock(&sta->ampdu_mlme.mtx); 583 584 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 585 586 mutex_unlock(&sta->ampdu_mlme.mtx); 587 588 return ret; 589 } 590 591 int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 592 { 593 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 594 struct ieee80211_sub_if_data *sdata = sta->sdata; 595 struct ieee80211_local *local = sdata->local; 596 struct tid_ampdu_tx *tid_tx; 597 int ret = 0; 598 599 trace_api_stop_tx_ba_session(pubsta, tid); 600 601 if (!local->ops->ampdu_action) 602 return -EINVAL; 603 604 if (tid >= STA_TID_NUM) 605 return -EINVAL; 606 607 spin_lock_bh(&sta->lock); 608 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 609 610 if (!tid_tx) { 611 ret = -ENOENT; 612 goto unlock; 613 } 614 615 if (test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) { 616 /* already in progress stopping it */ 617 ret = 0; 618 goto unlock; 619 } 620 621 set_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state); 622 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work); 623 624 unlock: 625 spin_unlock_bh(&sta->lock); 626 return ret; 627 } 628 EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 629 630 void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid) 631 { 632 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 633 struct ieee80211_local *local = sdata->local; 634 struct sta_info *sta; 635 struct tid_ampdu_tx *tid_tx; 636 637 trace_api_stop_tx_ba_cb(sdata, ra, tid); 638 639 if (tid >= STA_TID_NUM) { 640 #ifdef CONFIG_MAC80211_HT_DEBUG 641 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 642 tid, STA_TID_NUM); 643 #endif 644 return; 645 } 646 647 #ifdef CONFIG_MAC80211_HT_DEBUG 648 printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n", 649 ra, tid); 650 #endif /* CONFIG_MAC80211_HT_DEBUG */ 651 652 mutex_lock(&local->sta_mtx); 653 654 sta = sta_info_get(sdata, ra); 655 if (!sta) { 656 #ifdef CONFIG_MAC80211_HT_DEBUG 657 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 658 #endif 659 goto unlock; 660 } 661 662 mutex_lock(&sta->ampdu_mlme.mtx); 663 spin_lock_bh(&sta->lock); 664 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 665 666 if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) { 667 #ifdef CONFIG_MAC80211_HT_DEBUG 668 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 669 #endif 670 goto unlock_sta; 671 } 672 673 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR) 674 ieee80211_send_delba(sta->sdata, ra, tid, 675 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 676 677 /* 678 * When we get here, the TX path will not be lockless any more wrt. 679 * aggregation, since the OPERATIONAL bit has long been cleared. 680 * Thus it will block on getting the lock, if it occurs. So if we 681 * stop the queue now, we will not get any more packets, and any 682 * that might be being processed will wait for us here, thereby 683 * guaranteeing that no packets go to the tid_tx pending queue any 684 * more. 685 */ 686 687 ieee80211_agg_splice_packets(local, tid_tx, tid); 688 689 /* future packets must not find the tid_tx struct any more */ 690 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 691 692 ieee80211_agg_splice_finish(local, tid); 693 694 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 695 696 unlock_sta: 697 spin_unlock_bh(&sta->lock); 698 mutex_unlock(&sta->ampdu_mlme.mtx); 699 unlock: 700 mutex_unlock(&local->sta_mtx); 701 } 702 703 void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 704 const u8 *ra, u16 tid) 705 { 706 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 707 struct ieee80211_local *local = sdata->local; 708 struct ieee80211_ra_tid *ra_tid; 709 struct sk_buff *skb = dev_alloc_skb(0); 710 711 if (unlikely(!skb)) { 712 #ifdef CONFIG_MAC80211_HT_DEBUG 713 if (net_ratelimit()) 714 printk(KERN_WARNING "%s: Not enough memory, " 715 "dropping stop BA session", sdata->name); 716 #endif 717 return; 718 } 719 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 720 memcpy(&ra_tid->ra, ra, ETH_ALEN); 721 ra_tid->tid = tid; 722 723 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_STOP; 724 skb_queue_tail(&sdata->skb_queue, skb); 725 ieee80211_queue_work(&local->hw, &sdata->work); 726 } 727 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe); 728 729 730 void ieee80211_process_addba_resp(struct ieee80211_local *local, 731 struct sta_info *sta, 732 struct ieee80211_mgmt *mgmt, 733 size_t len) 734 { 735 struct tid_ampdu_tx *tid_tx; 736 u16 capab, tid; 737 738 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 739 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 740 741 mutex_lock(&sta->ampdu_mlme.mtx); 742 743 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 744 if (!tid_tx) 745 goto out; 746 747 if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) { 748 #ifdef CONFIG_MAC80211_HT_DEBUG 749 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 750 #endif 751 goto out; 752 } 753 754 del_timer(&tid_tx->addba_resp_timer); 755 756 #ifdef CONFIG_MAC80211_HT_DEBUG 757 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid); 758 #endif 759 760 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 761 == WLAN_STATUS_SUCCESS) { 762 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED, 763 &tid_tx->state)) { 764 /* ignore duplicate response */ 765 goto out; 766 } 767 768 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)) 769 ieee80211_agg_tx_operational(local, sta, tid); 770 771 sta->ampdu_mlme.addba_req_num[tid] = 0; 772 } else { 773 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 774 } 775 776 out: 777 mutex_unlock(&sta->ampdu_mlme.mtx); 778 } 779