1 /* 2 * Off-channel operation helpers 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2004, Instant802 Networks, Inc. 6 * Copyright 2005, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2009 Johannes Berg <johannes@sipsolutions.net> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 #include <linux/export.h> 16 #include <net/mac80211.h> 17 #include "ieee80211_i.h" 18 #include "driver-ops.h" 19 20 /* 21 * Tell our hardware to disable PS. 22 * Optionally inform AP that we will go to sleep so that it will buffer 23 * the frames while we are doing off-channel work. This is optional 24 * because we *may* be doing work on-operating channel, and want our 25 * hardware unconditionally awake, but still let the AP send us normal frames. 26 */ 27 static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata) 28 { 29 struct ieee80211_local *local = sdata->local; 30 struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; 31 32 local->offchannel_ps_enabled = false; 33 34 /* FIXME: what to do when local->pspolling is true? */ 35 36 del_timer_sync(&local->dynamic_ps_timer); 37 del_timer_sync(&ifmgd->bcn_mon_timer); 38 del_timer_sync(&ifmgd->conn_mon_timer); 39 40 cancel_work_sync(&local->dynamic_ps_enable_work); 41 42 if (local->hw.conf.flags & IEEE80211_CONF_PS) { 43 local->offchannel_ps_enabled = true; 44 local->hw.conf.flags &= ~IEEE80211_CONF_PS; 45 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 46 } 47 48 if (!local->offchannel_ps_enabled || 49 !ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK)) 50 /* 51 * If power save was enabled, no need to send a nullfunc 52 * frame because AP knows that we are sleeping. But if the 53 * hardware is creating the nullfunc frame for power save 54 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not 55 * enabled) and power save was enabled, the firmware just 56 * sent a null frame with power save disabled. So we need 57 * to send a new nullfunc frame to inform the AP that we 58 * are again sleeping. 59 */ 60 ieee80211_send_nullfunc(local, sdata, true); 61 } 62 63 /* inform AP that we are awake again, unless power save is enabled */ 64 static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata) 65 { 66 struct ieee80211_local *local = sdata->local; 67 68 if (!local->ps_sdata) 69 ieee80211_send_nullfunc(local, sdata, false); 70 else if (local->offchannel_ps_enabled) { 71 /* 72 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware 73 * will send a nullfunc frame with the powersave bit set 74 * even though the AP already knows that we are sleeping. 75 * This could be avoided by sending a null frame with power 76 * save bit disabled before enabling the power save, but 77 * this doesn't gain anything. 78 * 79 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need 80 * to send a nullfunc frame because AP already knows that 81 * we are sleeping, let's just enable power save mode in 82 * hardware. 83 */ 84 /* TODO: Only set hardware if CONF_PS changed? 85 * TODO: Should we set offchannel_ps_enabled to false? 86 */ 87 local->hw.conf.flags |= IEEE80211_CONF_PS; 88 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS); 89 } else if (local->hw.conf.dynamic_ps_timeout > 0) { 90 /* 91 * If IEEE80211_CONF_PS was not set and the dynamic_ps_timer 92 * had been running before leaving the operating channel, 93 * restart the timer now and send a nullfunc frame to inform 94 * the AP that we are awake. 95 */ 96 ieee80211_send_nullfunc(local, sdata, false); 97 mod_timer(&local->dynamic_ps_timer, jiffies + 98 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout)); 99 } 100 101 ieee80211_sta_reset_beacon_monitor(sdata); 102 ieee80211_sta_reset_conn_monitor(sdata); 103 } 104 105 void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local) 106 { 107 struct ieee80211_sub_if_data *sdata; 108 109 if (WARN_ON(local->use_chanctx)) 110 return; 111 112 /* 113 * notify the AP about us leaving the channel and stop all 114 * STA interfaces. 115 */ 116 117 /* 118 * Stop queues and transmit all frames queued by the driver 119 * before sending nullfunc to enable powersave at the AP. 120 */ 121 ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP, 122 IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL, 123 false); 124 ieee80211_flush_queues(local, NULL, false); 125 126 mutex_lock(&local->iflist_mtx); 127 list_for_each_entry(sdata, &local->interfaces, list) { 128 if (!ieee80211_sdata_running(sdata)) 129 continue; 130 131 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE || 132 sdata->vif.type == NL80211_IFTYPE_NAN) 133 continue; 134 135 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 136 set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 137 138 /* Check to see if we should disable beaconing. */ 139 if (sdata->vif.bss_conf.enable_beacon) { 140 set_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, 141 &sdata->state); 142 sdata->vif.bss_conf.enable_beacon = false; 143 ieee80211_bss_info_change_notify( 144 sdata, BSS_CHANGED_BEACON_ENABLED); 145 } 146 147 if (sdata->vif.type == NL80211_IFTYPE_STATION && 148 sdata->u.mgd.associated) 149 ieee80211_offchannel_ps_enable(sdata); 150 } 151 mutex_unlock(&local->iflist_mtx); 152 } 153 154 void ieee80211_offchannel_return(struct ieee80211_local *local) 155 { 156 struct ieee80211_sub_if_data *sdata; 157 158 if (WARN_ON(local->use_chanctx)) 159 return; 160 161 mutex_lock(&local->iflist_mtx); 162 list_for_each_entry(sdata, &local->interfaces, list) { 163 if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE) 164 continue; 165 166 if (sdata->vif.type != NL80211_IFTYPE_MONITOR) 167 clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state); 168 169 if (!ieee80211_sdata_running(sdata)) 170 continue; 171 172 /* Tell AP we're back */ 173 if (sdata->vif.type == NL80211_IFTYPE_STATION && 174 sdata->u.mgd.associated) 175 ieee80211_offchannel_ps_disable(sdata); 176 177 if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED, 178 &sdata->state)) { 179 sdata->vif.bss_conf.enable_beacon = true; 180 ieee80211_bss_info_change_notify( 181 sdata, BSS_CHANGED_BEACON_ENABLED); 182 } 183 } 184 mutex_unlock(&local->iflist_mtx); 185 186 ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP, 187 IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL, 188 false); 189 } 190 191 static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc) 192 { 193 /* was never transmitted */ 194 if (roc->frame) { 195 cfg80211_mgmt_tx_status(&roc->sdata->wdev, roc->mgmt_tx_cookie, 196 roc->frame->data, roc->frame->len, 197 false, GFP_KERNEL); 198 ieee80211_free_txskb(&roc->sdata->local->hw, roc->frame); 199 } 200 201 if (!roc->mgmt_tx_cookie) 202 cfg80211_remain_on_channel_expired(&roc->sdata->wdev, 203 roc->cookie, roc->chan, 204 GFP_KERNEL); 205 else 206 cfg80211_tx_mgmt_expired(&roc->sdata->wdev, 207 roc->mgmt_tx_cookie, 208 roc->chan, GFP_KERNEL); 209 210 list_del(&roc->list); 211 kfree(roc); 212 } 213 214 static unsigned long ieee80211_end_finished_rocs(struct ieee80211_local *local, 215 unsigned long now) 216 { 217 struct ieee80211_roc_work *roc, *tmp; 218 long remaining_dur_min = LONG_MAX; 219 220 lockdep_assert_held(&local->mtx); 221 222 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 223 long remaining; 224 225 if (!roc->started) 226 break; 227 228 remaining = roc->start_time + 229 msecs_to_jiffies(roc->duration) - 230 now; 231 232 /* In case of HW ROC, it is possible that the HW finished the 233 * ROC session before the actual requested time. In such a case 234 * end the ROC session (disregarding the remaining time). 235 */ 236 if (roc->abort || roc->hw_begun || remaining <= 0) 237 ieee80211_roc_notify_destroy(roc); 238 else 239 remaining_dur_min = min(remaining_dur_min, remaining); 240 } 241 242 return remaining_dur_min; 243 } 244 245 static bool ieee80211_recalc_sw_work(struct ieee80211_local *local, 246 unsigned long now) 247 { 248 long dur = ieee80211_end_finished_rocs(local, now); 249 250 if (dur == LONG_MAX) 251 return false; 252 253 mod_delayed_work(local->workqueue, &local->roc_work, dur); 254 return true; 255 } 256 257 static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc, 258 unsigned long start_time) 259 { 260 if (WARN_ON(roc->notified)) 261 return; 262 263 roc->start_time = start_time; 264 roc->started = true; 265 266 if (roc->mgmt_tx_cookie) { 267 if (!WARN_ON(!roc->frame)) { 268 ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7, 269 roc->chan->band, 0); 270 roc->frame = NULL; 271 } 272 } else { 273 cfg80211_ready_on_channel(&roc->sdata->wdev, roc->cookie, 274 roc->chan, roc->req_duration, 275 GFP_KERNEL); 276 } 277 278 roc->notified = true; 279 } 280 281 static void ieee80211_hw_roc_start(struct work_struct *work) 282 { 283 struct ieee80211_local *local = 284 container_of(work, struct ieee80211_local, hw_roc_start); 285 struct ieee80211_roc_work *roc; 286 287 mutex_lock(&local->mtx); 288 289 list_for_each_entry(roc, &local->roc_list, list) { 290 if (!roc->started) 291 break; 292 293 roc->hw_begun = true; 294 ieee80211_handle_roc_started(roc, local->hw_roc_start_time); 295 } 296 297 mutex_unlock(&local->mtx); 298 } 299 300 void ieee80211_ready_on_channel(struct ieee80211_hw *hw) 301 { 302 struct ieee80211_local *local = hw_to_local(hw); 303 304 local->hw_roc_start_time = jiffies; 305 306 trace_api_ready_on_channel(local); 307 308 ieee80211_queue_work(hw, &local->hw_roc_start); 309 } 310 EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel); 311 312 static void _ieee80211_start_next_roc(struct ieee80211_local *local) 313 { 314 struct ieee80211_roc_work *roc, *tmp; 315 enum ieee80211_roc_type type; 316 u32 min_dur, max_dur; 317 318 lockdep_assert_held(&local->mtx); 319 320 if (WARN_ON(list_empty(&local->roc_list))) 321 return; 322 323 roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, 324 list); 325 326 if (WARN_ON(roc->started)) 327 return; 328 329 min_dur = roc->duration; 330 max_dur = roc->duration; 331 type = roc->type; 332 333 list_for_each_entry(tmp, &local->roc_list, list) { 334 if (tmp == roc) 335 continue; 336 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 337 break; 338 max_dur = max(tmp->duration, max_dur); 339 min_dur = min(tmp->duration, min_dur); 340 type = max(tmp->type, type); 341 } 342 343 if (local->ops->remain_on_channel) { 344 int ret = drv_remain_on_channel(local, roc->sdata, roc->chan, 345 max_dur, type); 346 347 if (ret) { 348 wiphy_warn(local->hw.wiphy, 349 "failed to start next HW ROC (%d)\n", ret); 350 /* 351 * queue the work struct again to avoid recursion 352 * when multiple failures occur 353 */ 354 list_for_each_entry(tmp, &local->roc_list, list) { 355 if (tmp->sdata != roc->sdata || 356 tmp->chan != roc->chan) 357 break; 358 tmp->started = true; 359 tmp->abort = true; 360 } 361 ieee80211_queue_work(&local->hw, &local->hw_roc_done); 362 return; 363 } 364 365 /* we'll notify about the start once the HW calls back */ 366 list_for_each_entry(tmp, &local->roc_list, list) { 367 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 368 break; 369 tmp->started = true; 370 } 371 } else { 372 /* If actually operating on the desired channel (with at least 373 * 20 MHz channel width) don't stop all the operations but still 374 * treat it as though the ROC operation started properly, so 375 * other ROC operations won't interfere with this one. 376 */ 377 roc->on_channel = roc->chan == local->_oper_chandef.chan && 378 local->_oper_chandef.width != NL80211_CHAN_WIDTH_5 && 379 local->_oper_chandef.width != NL80211_CHAN_WIDTH_10; 380 381 /* start this ROC */ 382 ieee80211_recalc_idle(local); 383 384 if (!roc->on_channel) { 385 ieee80211_offchannel_stop_vifs(local); 386 387 local->tmp_channel = roc->chan; 388 ieee80211_hw_config(local, 0); 389 } 390 391 ieee80211_queue_delayed_work(&local->hw, &local->roc_work, 392 msecs_to_jiffies(min_dur)); 393 394 /* tell userspace or send frame(s) */ 395 list_for_each_entry(tmp, &local->roc_list, list) { 396 if (tmp->sdata != roc->sdata || tmp->chan != roc->chan) 397 break; 398 399 tmp->on_channel = roc->on_channel; 400 ieee80211_handle_roc_started(tmp, jiffies); 401 } 402 } 403 } 404 405 void ieee80211_start_next_roc(struct ieee80211_local *local) 406 { 407 struct ieee80211_roc_work *roc; 408 409 lockdep_assert_held(&local->mtx); 410 411 if (list_empty(&local->roc_list)) { 412 ieee80211_run_deferred_scan(local); 413 return; 414 } 415 416 /* defer roc if driver is not started (i.e. during reconfig) */ 417 if (local->in_reconfig) 418 return; 419 420 roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work, 421 list); 422 423 if (WARN_ON_ONCE(roc->started)) 424 return; 425 426 if (local->ops->remain_on_channel) { 427 _ieee80211_start_next_roc(local); 428 } else { 429 /* delay it a bit */ 430 ieee80211_queue_delayed_work(&local->hw, &local->roc_work, 431 round_jiffies_relative(HZ/2)); 432 } 433 } 434 435 static void __ieee80211_roc_work(struct ieee80211_local *local) 436 { 437 struct ieee80211_roc_work *roc; 438 bool on_channel; 439 440 lockdep_assert_held(&local->mtx); 441 442 if (WARN_ON(local->ops->remain_on_channel)) 443 return; 444 445 roc = list_first_entry_or_null(&local->roc_list, 446 struct ieee80211_roc_work, list); 447 if (!roc) 448 return; 449 450 if (!roc->started) { 451 WARN_ON(local->use_chanctx); 452 _ieee80211_start_next_roc(local); 453 } else { 454 on_channel = roc->on_channel; 455 if (ieee80211_recalc_sw_work(local, jiffies)) 456 return; 457 458 /* careful - roc pointer became invalid during recalc */ 459 460 if (!on_channel) { 461 ieee80211_flush_queues(local, NULL, false); 462 463 local->tmp_channel = NULL; 464 ieee80211_hw_config(local, 0); 465 466 ieee80211_offchannel_return(local); 467 } 468 469 ieee80211_recalc_idle(local); 470 ieee80211_start_next_roc(local); 471 } 472 } 473 474 static void ieee80211_roc_work(struct work_struct *work) 475 { 476 struct ieee80211_local *local = 477 container_of(work, struct ieee80211_local, roc_work.work); 478 479 mutex_lock(&local->mtx); 480 __ieee80211_roc_work(local); 481 mutex_unlock(&local->mtx); 482 } 483 484 static void ieee80211_hw_roc_done(struct work_struct *work) 485 { 486 struct ieee80211_local *local = 487 container_of(work, struct ieee80211_local, hw_roc_done); 488 489 mutex_lock(&local->mtx); 490 491 ieee80211_end_finished_rocs(local, jiffies); 492 493 /* if there's another roc, start it now */ 494 ieee80211_start_next_roc(local); 495 496 mutex_unlock(&local->mtx); 497 } 498 499 void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw) 500 { 501 struct ieee80211_local *local = hw_to_local(hw); 502 503 trace_api_remain_on_channel_expired(local); 504 505 ieee80211_queue_work(hw, &local->hw_roc_done); 506 } 507 EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired); 508 509 static bool 510 ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local, 511 struct ieee80211_roc_work *new_roc, 512 struct ieee80211_roc_work *cur_roc) 513 { 514 unsigned long now = jiffies; 515 unsigned long remaining; 516 517 if (WARN_ON(!cur_roc->started)) 518 return false; 519 520 /* if it was scheduled in the hardware, but not started yet, 521 * we can only combine if the older one had a longer duration 522 */ 523 if (!cur_roc->hw_begun && new_roc->duration > cur_roc->duration) 524 return false; 525 526 remaining = cur_roc->start_time + 527 msecs_to_jiffies(cur_roc->duration) - 528 now; 529 530 /* if it doesn't fit entirely, schedule a new one */ 531 if (new_roc->duration > jiffies_to_msecs(remaining)) 532 return false; 533 534 /* add just after the current one so we combine their finish later */ 535 list_add(&new_roc->list, &cur_roc->list); 536 537 /* if the existing one has already begun then let this one also 538 * begin, otherwise they'll both be marked properly by the work 539 * struct that runs once the driver notifies us of the beginning 540 */ 541 if (cur_roc->hw_begun) { 542 new_roc->hw_begun = true; 543 ieee80211_handle_roc_started(new_roc, now); 544 } 545 546 return true; 547 } 548 549 static int ieee80211_start_roc_work(struct ieee80211_local *local, 550 struct ieee80211_sub_if_data *sdata, 551 struct ieee80211_channel *channel, 552 unsigned int duration, u64 *cookie, 553 struct sk_buff *txskb, 554 enum ieee80211_roc_type type) 555 { 556 struct ieee80211_roc_work *roc, *tmp; 557 bool queued = false, combine_started = true; 558 int ret; 559 560 lockdep_assert_held(&local->mtx); 561 562 if (local->use_chanctx && !local->ops->remain_on_channel) 563 return -EOPNOTSUPP; 564 565 roc = kzalloc(sizeof(*roc), GFP_KERNEL); 566 if (!roc) 567 return -ENOMEM; 568 569 /* 570 * If the duration is zero, then the driver 571 * wouldn't actually do anything. Set it to 572 * 10 for now. 573 * 574 * TODO: cancel the off-channel operation 575 * when we get the SKB's TX status and 576 * the wait time was zero before. 577 */ 578 if (!duration) 579 duration = 10; 580 581 roc->chan = channel; 582 roc->duration = duration; 583 roc->req_duration = duration; 584 roc->frame = txskb; 585 roc->type = type; 586 roc->sdata = sdata; 587 588 /* 589 * cookie is either the roc cookie (for normal roc) 590 * or the SKB (for mgmt TX) 591 */ 592 if (!txskb) { 593 roc->cookie = ieee80211_mgmt_tx_cookie(local); 594 *cookie = roc->cookie; 595 } else { 596 roc->mgmt_tx_cookie = *cookie; 597 } 598 599 /* if there's no need to queue, handle it immediately */ 600 if (list_empty(&local->roc_list) && 601 !local->scanning && !ieee80211_is_radar_required(local)) { 602 /* if not HW assist, just queue & schedule work */ 603 if (!local->ops->remain_on_channel) { 604 list_add_tail(&roc->list, &local->roc_list); 605 ieee80211_queue_delayed_work(&local->hw, 606 &local->roc_work, 0); 607 } else { 608 /* otherwise actually kick it off here 609 * (for error handling) 610 */ 611 ret = drv_remain_on_channel(local, sdata, channel, 612 duration, type); 613 if (ret) { 614 kfree(roc); 615 return ret; 616 } 617 roc->started = true; 618 list_add_tail(&roc->list, &local->roc_list); 619 } 620 621 return 0; 622 } 623 624 /* otherwise handle queueing */ 625 626 list_for_each_entry(tmp, &local->roc_list, list) { 627 if (tmp->chan != channel || tmp->sdata != sdata) 628 continue; 629 630 /* 631 * Extend this ROC if possible: If it hasn't started, add 632 * just after the new one to combine. 633 */ 634 if (!tmp->started) { 635 list_add(&roc->list, &tmp->list); 636 queued = true; 637 break; 638 } 639 640 if (!combine_started) 641 continue; 642 643 if (!local->ops->remain_on_channel) { 644 /* If there's no hardware remain-on-channel, and 645 * doing so won't push us over the maximum r-o-c 646 * we allow, then we can just add the new one to 647 * the list and mark it as having started now. 648 * If it would push over the limit, don't try to 649 * combine with other started ones (that haven't 650 * been running as long) but potentially sort it 651 * with others that had the same fate. 652 */ 653 unsigned long now = jiffies; 654 u32 elapsed = jiffies_to_msecs(now - tmp->start_time); 655 struct wiphy *wiphy = local->hw.wiphy; 656 u32 max_roc = wiphy->max_remain_on_channel_duration; 657 658 if (elapsed + roc->duration > max_roc) { 659 combine_started = false; 660 continue; 661 } 662 663 list_add(&roc->list, &tmp->list); 664 queued = true; 665 roc->on_channel = tmp->on_channel; 666 ieee80211_handle_roc_started(roc, now); 667 ieee80211_recalc_sw_work(local, now); 668 break; 669 } 670 671 queued = ieee80211_coalesce_hw_started_roc(local, roc, tmp); 672 if (queued) 673 break; 674 /* if it wasn't queued, perhaps it can be combined with 675 * another that also couldn't get combined previously, 676 * but no need to check for already started ones, since 677 * that can't work. 678 */ 679 combine_started = false; 680 } 681 682 if (!queued) 683 list_add_tail(&roc->list, &local->roc_list); 684 685 return 0; 686 } 687 688 int ieee80211_remain_on_channel(struct wiphy *wiphy, struct wireless_dev *wdev, 689 struct ieee80211_channel *chan, 690 unsigned int duration, u64 *cookie) 691 { 692 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 693 struct ieee80211_local *local = sdata->local; 694 int ret; 695 696 mutex_lock(&local->mtx); 697 ret = ieee80211_start_roc_work(local, sdata, chan, 698 duration, cookie, NULL, 699 IEEE80211_ROC_TYPE_NORMAL); 700 mutex_unlock(&local->mtx); 701 702 return ret; 703 } 704 705 static int ieee80211_cancel_roc(struct ieee80211_local *local, 706 u64 cookie, bool mgmt_tx) 707 { 708 struct ieee80211_roc_work *roc, *tmp, *found = NULL; 709 int ret; 710 711 if (!cookie) 712 return -ENOENT; 713 714 flush_work(&local->hw_roc_start); 715 716 mutex_lock(&local->mtx); 717 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 718 if (!mgmt_tx && roc->cookie != cookie) 719 continue; 720 else if (mgmt_tx && roc->mgmt_tx_cookie != cookie) 721 continue; 722 723 found = roc; 724 break; 725 } 726 727 if (!found) { 728 mutex_unlock(&local->mtx); 729 return -ENOENT; 730 } 731 732 if (!found->started) { 733 ieee80211_roc_notify_destroy(found); 734 goto out_unlock; 735 } 736 737 if (local->ops->remain_on_channel) { 738 ret = drv_cancel_remain_on_channel(local); 739 if (WARN_ON_ONCE(ret)) { 740 mutex_unlock(&local->mtx); 741 return ret; 742 } 743 744 /* TODO: 745 * if multiple items were combined here then we really shouldn't 746 * cancel them all - we should wait for as much time as needed 747 * for the longest remaining one, and only then cancel ... 748 */ 749 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 750 if (!roc->started) 751 break; 752 if (roc == found) 753 found = NULL; 754 ieee80211_roc_notify_destroy(roc); 755 } 756 757 /* that really must not happen - it was started */ 758 WARN_ON(found); 759 760 ieee80211_start_next_roc(local); 761 } else { 762 /* go through work struct to return to the operating channel */ 763 found->abort = true; 764 mod_delayed_work(local->workqueue, &local->roc_work, 0); 765 } 766 767 out_unlock: 768 mutex_unlock(&local->mtx); 769 770 return 0; 771 } 772 773 int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy, 774 struct wireless_dev *wdev, u64 cookie) 775 { 776 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 777 struct ieee80211_local *local = sdata->local; 778 779 return ieee80211_cancel_roc(local, cookie, false); 780 } 781 782 int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev, 783 struct cfg80211_mgmt_tx_params *params, u64 *cookie) 784 { 785 struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev); 786 struct ieee80211_local *local = sdata->local; 787 struct sk_buff *skb; 788 struct sta_info *sta; 789 const struct ieee80211_mgmt *mgmt = (void *)params->buf; 790 bool need_offchan = false; 791 u32 flags; 792 int ret; 793 u8 *data; 794 795 if (params->dont_wait_for_ack) 796 flags = IEEE80211_TX_CTL_NO_ACK; 797 else 798 flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX | 799 IEEE80211_TX_CTL_REQ_TX_STATUS; 800 801 if (params->no_cck) 802 flags |= IEEE80211_TX_CTL_NO_CCK_RATE; 803 804 switch (sdata->vif.type) { 805 case NL80211_IFTYPE_ADHOC: 806 if (!sdata->vif.bss_conf.ibss_joined) 807 need_offchan = true; 808 #ifdef CONFIG_MAC80211_MESH 809 /* fall through */ 810 case NL80211_IFTYPE_MESH_POINT: 811 if (ieee80211_vif_is_mesh(&sdata->vif) && 812 !sdata->u.mesh.mesh_id_len) 813 need_offchan = true; 814 #endif 815 /* fall through */ 816 case NL80211_IFTYPE_AP: 817 case NL80211_IFTYPE_AP_VLAN: 818 case NL80211_IFTYPE_P2P_GO: 819 if (sdata->vif.type != NL80211_IFTYPE_ADHOC && 820 !ieee80211_vif_is_mesh(&sdata->vif) && 821 !rcu_access_pointer(sdata->bss->beacon)) 822 need_offchan = true; 823 if (!ieee80211_is_action(mgmt->frame_control) || 824 mgmt->u.action.category == WLAN_CATEGORY_PUBLIC || 825 mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED || 826 mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT) 827 break; 828 rcu_read_lock(); 829 sta = sta_info_get_bss(sdata, mgmt->da); 830 rcu_read_unlock(); 831 if (!sta) 832 return -ENOLINK; 833 break; 834 case NL80211_IFTYPE_STATION: 835 case NL80211_IFTYPE_P2P_CLIENT: 836 sdata_lock(sdata); 837 if (!sdata->u.mgd.associated || 838 (params->offchan && params->wait && 839 local->ops->remain_on_channel && 840 memcmp(sdata->u.mgd.associated->bssid, 841 mgmt->bssid, ETH_ALEN))) 842 need_offchan = true; 843 sdata_unlock(sdata); 844 break; 845 case NL80211_IFTYPE_P2P_DEVICE: 846 need_offchan = true; 847 break; 848 case NL80211_IFTYPE_NAN: 849 default: 850 return -EOPNOTSUPP; 851 } 852 853 /* configurations requiring offchan cannot work if no channel has been 854 * specified 855 */ 856 if (need_offchan && !params->chan) 857 return -EINVAL; 858 859 mutex_lock(&local->mtx); 860 861 /* Check if the operating channel is the requested channel */ 862 if (!need_offchan) { 863 struct ieee80211_chanctx_conf *chanctx_conf; 864 865 rcu_read_lock(); 866 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf); 867 868 if (chanctx_conf) { 869 need_offchan = params->chan && 870 (params->chan != 871 chanctx_conf->def.chan); 872 } else if (!params->chan) { 873 ret = -EINVAL; 874 rcu_read_unlock(); 875 goto out_unlock; 876 } else { 877 need_offchan = true; 878 } 879 rcu_read_unlock(); 880 } 881 882 if (need_offchan && !params->offchan) { 883 ret = -EBUSY; 884 goto out_unlock; 885 } 886 887 skb = dev_alloc_skb(local->hw.extra_tx_headroom + params->len); 888 if (!skb) { 889 ret = -ENOMEM; 890 goto out_unlock; 891 } 892 skb_reserve(skb, local->hw.extra_tx_headroom); 893 894 data = skb_put_data(skb, params->buf, params->len); 895 896 /* Update CSA counters */ 897 if (sdata->vif.csa_active && 898 (sdata->vif.type == NL80211_IFTYPE_AP || 899 sdata->vif.type == NL80211_IFTYPE_MESH_POINT || 900 sdata->vif.type == NL80211_IFTYPE_ADHOC) && 901 params->n_csa_offsets) { 902 int i; 903 struct beacon_data *beacon = NULL; 904 905 rcu_read_lock(); 906 907 if (sdata->vif.type == NL80211_IFTYPE_AP) 908 beacon = rcu_dereference(sdata->u.ap.beacon); 909 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) 910 beacon = rcu_dereference(sdata->u.ibss.presp); 911 else if (ieee80211_vif_is_mesh(&sdata->vif)) 912 beacon = rcu_dereference(sdata->u.mesh.beacon); 913 914 if (beacon) 915 for (i = 0; i < params->n_csa_offsets; i++) 916 data[params->csa_offsets[i]] = 917 beacon->csa_current_counter; 918 919 rcu_read_unlock(); 920 } 921 922 IEEE80211_SKB_CB(skb)->flags = flags; 923 924 skb->dev = sdata->dev; 925 926 if (!params->dont_wait_for_ack) { 927 /* make a copy to preserve the frame contents 928 * in case of encryption. 929 */ 930 ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_KERNEL); 931 if (ret) { 932 kfree_skb(skb); 933 goto out_unlock; 934 } 935 } else { 936 /* Assign a dummy non-zero cookie, it's not sent to 937 * userspace in this case but we rely on its value 938 * internally in the need_offchan case to distinguish 939 * mgmt-tx from remain-on-channel. 940 */ 941 *cookie = 0xffffffff; 942 } 943 944 if (!need_offchan) { 945 ieee80211_tx_skb(sdata, skb); 946 ret = 0; 947 goto out_unlock; 948 } 949 950 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN | 951 IEEE80211_TX_INTFL_OFFCHAN_TX_OK; 952 if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) 953 IEEE80211_SKB_CB(skb)->hw_queue = 954 local->hw.offchannel_tx_hw_queue; 955 956 /* This will handle all kinds of coalescing and immediate TX */ 957 ret = ieee80211_start_roc_work(local, sdata, params->chan, 958 params->wait, cookie, skb, 959 IEEE80211_ROC_TYPE_MGMT_TX); 960 if (ret) 961 ieee80211_free_txskb(&local->hw, skb); 962 out_unlock: 963 mutex_unlock(&local->mtx); 964 return ret; 965 } 966 967 int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy, 968 struct wireless_dev *wdev, u64 cookie) 969 { 970 struct ieee80211_local *local = wiphy_priv(wiphy); 971 972 return ieee80211_cancel_roc(local, cookie, true); 973 } 974 975 void ieee80211_roc_setup(struct ieee80211_local *local) 976 { 977 INIT_WORK(&local->hw_roc_start, ieee80211_hw_roc_start); 978 INIT_WORK(&local->hw_roc_done, ieee80211_hw_roc_done); 979 INIT_DELAYED_WORK(&local->roc_work, ieee80211_roc_work); 980 INIT_LIST_HEAD(&local->roc_list); 981 } 982 983 void ieee80211_roc_purge(struct ieee80211_local *local, 984 struct ieee80211_sub_if_data *sdata) 985 { 986 struct ieee80211_roc_work *roc, *tmp; 987 bool work_to_do = false; 988 989 mutex_lock(&local->mtx); 990 list_for_each_entry_safe(roc, tmp, &local->roc_list, list) { 991 if (sdata && roc->sdata != sdata) 992 continue; 993 994 if (roc->started) { 995 if (local->ops->remain_on_channel) { 996 /* can race, so ignore return value */ 997 drv_cancel_remain_on_channel(local); 998 ieee80211_roc_notify_destroy(roc); 999 } else { 1000 roc->abort = true; 1001 work_to_do = true; 1002 } 1003 } else { 1004 ieee80211_roc_notify_destroy(roc); 1005 } 1006 } 1007 if (work_to_do) 1008 __ieee80211_roc_work(local); 1009 mutex_unlock(&local->mtx); 1010 } 1011