1 /* 2 * Copyright 2002-2005, Instant802 Networks, Inc. 3 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10 #include <linux/module.h> 11 #include <linux/init.h> 12 #include <linux/netdevice.h> 13 #include <linux/types.h> 14 #include <linux/slab.h> 15 #include <linux/skbuff.h> 16 #include <linux/if_arp.h> 17 #include <linux/timer.h> 18 #include <linux/rtnetlink.h> 19 20 #include <net/mac80211.h> 21 #include "ieee80211_i.h" 22 #include "driver-ops.h" 23 #include "rate.h" 24 #include "sta_info.h" 25 #include "debugfs_sta.h" 26 #include "mesh.h" 27 28 /** 29 * DOC: STA information lifetime rules 30 * 31 * STA info structures (&struct sta_info) are managed in a hash table 32 * for faster lookup and a list for iteration. They are managed using 33 * RCU, i.e. access to the list and hash table is protected by RCU. 34 * 35 * Upon allocating a STA info structure with sta_info_alloc(), the caller owns 36 * that structure. It must then either destroy it using sta_info_destroy() 37 * (which is pretty useless) or insert it into the hash table using 38 * sta_info_insert() which demotes the reference from ownership to a regular 39 * RCU-protected reference; if the function is called without protection by an 40 * RCU critical section the reference is instantly invalidated. Note that the 41 * caller may not do much with the STA info before inserting it, in particular, 42 * it may not start any mesh peer link management or add encryption keys. 43 * 44 * When the insertion fails (sta_info_insert()) returns non-zero), the 45 * structure will have been freed by sta_info_insert()! 46 * 47 * sta entries are added by mac80211 when you establish a link with a 48 * peer. This means different things for the different type of interfaces 49 * we support. For a regular station this mean we add the AP sta when we 50 * receive an assocation response from the AP. For IBSS this occurs when 51 * we receive a probe response or a beacon from target IBSS network. For 52 * WDS we add the sta for the peer imediately upon device open. When using 53 * AP mode we add stations for each respective station upon request from 54 * userspace through nl80211. 55 * 56 * Because there are debugfs entries for each station, and adding those 57 * must be able to sleep, it is also possible to "pin" a station entry, 58 * that means it can be removed from the hash table but not be freed. 59 * See the comment in __sta_info_unlink() for more information, this is 60 * an internal capability only. 61 * 62 * In order to remove a STA info structure, the caller needs to first 63 * unlink it (sta_info_unlink()) from the list and hash tables and 64 * then destroy it; sta_info_destroy() will wait for an RCU grace period 65 * to elapse before actually freeing it. Due to the pinning and the 66 * possibility of multiple callers trying to remove the same STA info at 67 * the same time, sta_info_unlink() can clear the STA info pointer it is 68 * passed to indicate that the STA info is owned by somebody else now. 69 * 70 * If sta_info_unlink() did not clear the pointer then the caller owns 71 * the STA info structure now and is responsible of destroying it with 72 * a call to sta_info_destroy(). 73 * 74 * In all other cases, there is no concept of ownership on a STA entry, 75 * each structure is owned by the global hash table/list until it is 76 * removed. All users of the structure need to be RCU protected so that 77 * the structure won't be freed before they are done using it. 78 */ 79 80 /* Caller must hold local->sta_lock */ 81 static int sta_info_hash_del(struct ieee80211_local *local, 82 struct sta_info *sta) 83 { 84 struct sta_info *s; 85 86 s = local->sta_hash[STA_HASH(sta->sta.addr)]; 87 if (!s) 88 return -ENOENT; 89 if (s == sta) { 90 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], 91 s->hnext); 92 return 0; 93 } 94 95 while (s->hnext && s->hnext != sta) 96 s = s->hnext; 97 if (s->hnext) { 98 rcu_assign_pointer(s->hnext, sta->hnext); 99 return 0; 100 } 101 102 return -ENOENT; 103 } 104 105 /* protected by RCU */ 106 struct sta_info *sta_info_get(struct ieee80211_local *local, const u8 *addr) 107 { 108 struct sta_info *sta; 109 110 sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]); 111 while (sta) { 112 if (memcmp(sta->sta.addr, addr, ETH_ALEN) == 0) 113 break; 114 sta = rcu_dereference(sta->hnext); 115 } 116 return sta; 117 } 118 119 struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata, 120 int idx) 121 { 122 struct ieee80211_local *local = sdata->local; 123 struct sta_info *sta; 124 int i = 0; 125 126 list_for_each_entry_rcu(sta, &local->sta_list, list) { 127 if (sdata != sta->sdata) 128 continue; 129 if (i < idx) { 130 ++i; 131 continue; 132 } 133 return sta; 134 } 135 136 return NULL; 137 } 138 139 /** 140 * __sta_info_free - internal STA free helper 141 * 142 * @local: pointer to the global information 143 * @sta: STA info to free 144 * 145 * This function must undo everything done by sta_info_alloc() 146 * that may happen before sta_info_insert(). 147 */ 148 static void __sta_info_free(struct ieee80211_local *local, 149 struct sta_info *sta) 150 { 151 if (sta->rate_ctrl) { 152 rate_control_free_sta(sta); 153 rate_control_put(sta->rate_ctrl); 154 } 155 156 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 157 printk(KERN_DEBUG "%s: Destroyed STA %pM\n", 158 wiphy_name(local->hw.wiphy), sta->sta.addr); 159 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 160 161 kfree(sta); 162 } 163 164 void sta_info_destroy(struct sta_info *sta) 165 { 166 struct ieee80211_local *local; 167 struct sk_buff *skb; 168 int i; 169 170 might_sleep(); 171 172 if (!sta) 173 return; 174 175 local = sta->local; 176 177 cancel_work_sync(&sta->drv_unblock_wk); 178 179 rate_control_remove_sta_debugfs(sta); 180 ieee80211_sta_debugfs_remove(sta); 181 182 #ifdef CONFIG_MAC80211_MESH 183 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) 184 mesh_plink_deactivate(sta); 185 #endif 186 187 /* 188 * We have only unlinked the key, and actually destroying it 189 * may mean it is removed from hardware which requires that 190 * the key->sta pointer is still valid, so flush the key todo 191 * list here. 192 * 193 * ieee80211_key_todo() will synchronize_rcu() so after this 194 * nothing can reference this sta struct any more. 195 */ 196 ieee80211_key_todo(); 197 198 #ifdef CONFIG_MAC80211_MESH 199 if (ieee80211_vif_is_mesh(&sta->sdata->vif)) 200 del_timer_sync(&sta->plink_timer); 201 #endif 202 203 while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { 204 local->total_ps_buffered--; 205 dev_kfree_skb_any(skb); 206 } 207 208 while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) 209 dev_kfree_skb_any(skb); 210 211 for (i = 0; i < STA_TID_NUM; i++) { 212 struct tid_ampdu_rx *tid_rx; 213 struct tid_ampdu_tx *tid_tx; 214 215 spin_lock_bh(&sta->lock); 216 tid_rx = sta->ampdu_mlme.tid_rx[i]; 217 /* Make sure timer won't free the tid_rx struct, see below */ 218 if (tid_rx) 219 tid_rx->shutdown = true; 220 221 spin_unlock_bh(&sta->lock); 222 223 /* 224 * Outside spinlock - shutdown is true now so that the timer 225 * won't free tid_rx, we have to do that now. Can't let the 226 * timer do it because we have to sync the timer outside the 227 * lock that it takes itself. 228 */ 229 if (tid_rx) { 230 del_timer_sync(&tid_rx->session_timer); 231 kfree(tid_rx); 232 } 233 234 /* 235 * No need to do such complications for TX agg sessions, the 236 * path leading to freeing the tid_tx struct goes via a call 237 * from the driver, and thus needs to look up the sta struct 238 * again, which cannot be found when we get here. Hence, we 239 * just need to delete the timer and free the aggregation 240 * info; we won't be telling the peer about it then but that 241 * doesn't matter if we're not talking to it again anyway. 242 */ 243 tid_tx = sta->ampdu_mlme.tid_tx[i]; 244 if (tid_tx) { 245 del_timer_sync(&tid_tx->addba_resp_timer); 246 /* 247 * STA removed while aggregation session being 248 * started? Bit odd, but purge frames anyway. 249 */ 250 skb_queue_purge(&tid_tx->pending); 251 kfree(tid_tx); 252 } 253 } 254 255 __sta_info_free(local, sta); 256 } 257 258 259 /* Caller must hold local->sta_lock */ 260 static void sta_info_hash_add(struct ieee80211_local *local, 261 struct sta_info *sta) 262 { 263 sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)]; 264 rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta); 265 } 266 267 static void sta_unblock(struct work_struct *wk) 268 { 269 struct sta_info *sta; 270 271 sta = container_of(wk, struct sta_info, drv_unblock_wk); 272 273 if (sta->dead) 274 return; 275 276 if (!test_sta_flags(sta, WLAN_STA_PS_STA)) 277 ieee80211_sta_ps_deliver_wakeup(sta); 278 else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) 279 ieee80211_sta_ps_deliver_poll_response(sta); 280 } 281 282 static int sta_prepare_rate_control(struct ieee80211_local *local, 283 struct sta_info *sta, gfp_t gfp) 284 { 285 if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) 286 return 0; 287 288 sta->rate_ctrl = rate_control_get(local->rate_ctrl); 289 sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, 290 &sta->sta, gfp); 291 if (!sta->rate_ctrl_priv) { 292 rate_control_put(sta->rate_ctrl); 293 return -ENOMEM; 294 } 295 296 return 0; 297 } 298 299 struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, 300 u8 *addr, gfp_t gfp) 301 { 302 struct ieee80211_local *local = sdata->local; 303 struct sta_info *sta; 304 int i; 305 306 sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp); 307 if (!sta) 308 return NULL; 309 310 spin_lock_init(&sta->lock); 311 spin_lock_init(&sta->flaglock); 312 INIT_WORK(&sta->drv_unblock_wk, sta_unblock); 313 314 memcpy(sta->sta.addr, addr, ETH_ALEN); 315 sta->local = local; 316 sta->sdata = sdata; 317 318 if (sta_prepare_rate_control(local, sta, gfp)) { 319 kfree(sta); 320 return NULL; 321 } 322 323 for (i = 0; i < STA_TID_NUM; i++) { 324 /* timer_to_tid must be initialized with identity mapping to 325 * enable session_timer's data differentiation. refer to 326 * sta_rx_agg_session_timer_expired for useage */ 327 sta->timer_to_tid[i] = i; 328 /* rx */ 329 sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE; 330 sta->ampdu_mlme.tid_rx[i] = NULL; 331 /* tx */ 332 sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE; 333 sta->ampdu_mlme.tid_tx[i] = NULL; 334 sta->ampdu_mlme.addba_req_num[i] = 0; 335 } 336 skb_queue_head_init(&sta->ps_tx_buf); 337 skb_queue_head_init(&sta->tx_filtered); 338 339 for (i = 0; i < NUM_RX_DATA_QUEUES; i++) 340 sta->last_seq_ctrl[i] = cpu_to_le16(USHORT_MAX); 341 342 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 343 printk(KERN_DEBUG "%s: Allocated STA %pM\n", 344 wiphy_name(local->hw.wiphy), sta->sta.addr); 345 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 346 347 #ifdef CONFIG_MAC80211_MESH 348 sta->plink_state = PLINK_LISTEN; 349 init_timer(&sta->plink_timer); 350 #endif 351 352 return sta; 353 } 354 355 int sta_info_insert(struct sta_info *sta) 356 { 357 struct ieee80211_local *local = sta->local; 358 struct ieee80211_sub_if_data *sdata = sta->sdata; 359 unsigned long flags; 360 int err = 0; 361 362 /* 363 * Can't be a WARN_ON because it can be triggered through a race: 364 * something inserts a STA (on one CPU) without holding the RTNL 365 * and another CPU turns off the net device. 366 */ 367 if (unlikely(!netif_running(sdata->dev))) { 368 err = -ENETDOWN; 369 goto out_free; 370 } 371 372 if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->dev->dev_addr) == 0 || 373 is_multicast_ether_addr(sta->sta.addr))) { 374 err = -EINVAL; 375 goto out_free; 376 } 377 378 spin_lock_irqsave(&local->sta_lock, flags); 379 /* check if STA exists already */ 380 if (sta_info_get(local, sta->sta.addr)) { 381 spin_unlock_irqrestore(&local->sta_lock, flags); 382 err = -EEXIST; 383 goto out_free; 384 } 385 list_add(&sta->list, &local->sta_list); 386 local->sta_generation++; 387 local->num_sta++; 388 sta_info_hash_add(local, sta); 389 390 /* notify driver */ 391 if (local->ops->sta_notify) { 392 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 393 sdata = container_of(sdata->bss, 394 struct ieee80211_sub_if_data, 395 u.ap); 396 397 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_ADD, &sta->sta); 398 sdata = sta->sdata; 399 } 400 401 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 402 printk(KERN_DEBUG "%s: Inserted STA %pM\n", 403 wiphy_name(local->hw.wiphy), sta->sta.addr); 404 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 405 406 spin_unlock_irqrestore(&local->sta_lock, flags); 407 408 #ifdef CONFIG_MAC80211_DEBUGFS 409 /* 410 * Debugfs entry adding might sleep, so schedule process 411 * context task for adding entry for STAs that do not yet 412 * have one. 413 * NOTE: due to auto-freeing semantics this may only be done 414 * if the insertion is successful! 415 */ 416 schedule_work(&local->sta_debugfs_add); 417 #endif 418 419 if (ieee80211_vif_is_mesh(&sdata->vif)) 420 mesh_accept_plinks_update(sdata); 421 422 return 0; 423 out_free: 424 BUG_ON(!err); 425 __sta_info_free(local, sta); 426 return err; 427 } 428 429 static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) 430 { 431 /* 432 * This format has been mandated by the IEEE specifications, 433 * so this line may not be changed to use the __set_bit() format. 434 */ 435 bss->tim[aid / 8] |= (1 << (aid % 8)); 436 } 437 438 static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid) 439 { 440 /* 441 * This format has been mandated by the IEEE specifications, 442 * so this line may not be changed to use the __clear_bit() format. 443 */ 444 bss->tim[aid / 8] &= ~(1 << (aid % 8)); 445 } 446 447 static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss, 448 struct sta_info *sta) 449 { 450 BUG_ON(!bss); 451 452 __bss_tim_set(bss, sta->sta.aid); 453 454 if (sta->local->ops->set_tim) { 455 sta->local->tim_in_locked_section = true; 456 drv_set_tim(sta->local, &sta->sta, true); 457 sta->local->tim_in_locked_section = false; 458 } 459 } 460 461 void sta_info_set_tim_bit(struct sta_info *sta) 462 { 463 unsigned long flags; 464 465 BUG_ON(!sta->sdata->bss); 466 467 spin_lock_irqsave(&sta->local->sta_lock, flags); 468 __sta_info_set_tim_bit(sta->sdata->bss, sta); 469 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 470 } 471 472 static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, 473 struct sta_info *sta) 474 { 475 BUG_ON(!bss); 476 477 __bss_tim_clear(bss, sta->sta.aid); 478 479 if (sta->local->ops->set_tim) { 480 sta->local->tim_in_locked_section = true; 481 drv_set_tim(sta->local, &sta->sta, false); 482 sta->local->tim_in_locked_section = false; 483 } 484 } 485 486 void sta_info_clear_tim_bit(struct sta_info *sta) 487 { 488 unsigned long flags; 489 490 BUG_ON(!sta->sdata->bss); 491 492 spin_lock_irqsave(&sta->local->sta_lock, flags); 493 __sta_info_clear_tim_bit(sta->sdata->bss, sta); 494 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 495 } 496 497 static void __sta_info_unlink(struct sta_info **sta) 498 { 499 struct ieee80211_local *local = (*sta)->local; 500 struct ieee80211_sub_if_data *sdata = (*sta)->sdata; 501 /* 502 * pull caller's reference if we're already gone. 503 */ 504 if (sta_info_hash_del(local, *sta)) { 505 *sta = NULL; 506 return; 507 } 508 509 if ((*sta)->key) { 510 ieee80211_key_free((*sta)->key); 511 WARN_ON((*sta)->key); 512 } 513 514 list_del(&(*sta)->list); 515 (*sta)->dead = true; 516 517 if (test_and_clear_sta_flags(*sta, 518 WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) { 519 BUG_ON(!sdata->bss); 520 521 atomic_dec(&sdata->bss->num_sta_ps); 522 __sta_info_clear_tim_bit(sdata->bss, *sta); 523 } 524 525 local->num_sta--; 526 local->sta_generation++; 527 528 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 529 rcu_assign_pointer(sdata->u.vlan.sta, NULL); 530 531 if (local->ops->sta_notify) { 532 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 533 sdata = container_of(sdata->bss, 534 struct ieee80211_sub_if_data, 535 u.ap); 536 537 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_REMOVE, 538 &(*sta)->sta); 539 sdata = (*sta)->sdata; 540 } 541 542 if (ieee80211_vif_is_mesh(&sdata->vif)) { 543 mesh_accept_plinks_update(sdata); 544 #ifdef CONFIG_MAC80211_MESH 545 del_timer(&(*sta)->plink_timer); 546 #endif 547 } 548 549 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG 550 printk(KERN_DEBUG "%s: Removed STA %pM\n", 551 wiphy_name(local->hw.wiphy), (*sta)->sta.addr); 552 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ 553 554 /* 555 * Finally, pull caller's reference if the STA is pinned by the 556 * task that is adding the debugfs entries. In that case, we 557 * leave the STA "to be freed". 558 * 559 * The rules are not trivial, but not too complex either: 560 * (1) pin_status is only modified under the sta_lock 561 * (2) STAs may only be pinned under the RTNL so that 562 * sta_info_flush() is guaranteed to actually destroy 563 * all STAs that are active for a given interface, this 564 * is required for correctness because otherwise we 565 * could notify a driver that an interface is going 566 * away and only after that (!) notify it about a STA 567 * on that interface going away. 568 * (3) sta_info_debugfs_add_work() will set the status 569 * to PINNED when it found an item that needs a new 570 * debugfs directory created. In that case, that item 571 * must not be freed although all *RCU* users are done 572 * with it. Hence, we tell the caller of _unlink() 573 * that the item is already gone (as can happen when 574 * two tasks try to unlink/destroy at the same time) 575 * (4) We set the pin_status to DESTROY here when we 576 * find such an item. 577 * (5) sta_info_debugfs_add_work() will reset the pin_status 578 * from PINNED to NORMAL when it is done with the item, 579 * but will check for DESTROY before resetting it in 580 * which case it will free the item. 581 */ 582 if ((*sta)->pin_status == STA_INFO_PIN_STAT_PINNED) { 583 (*sta)->pin_status = STA_INFO_PIN_STAT_DESTROY; 584 *sta = NULL; 585 return; 586 } 587 } 588 589 void sta_info_unlink(struct sta_info **sta) 590 { 591 struct ieee80211_local *local = (*sta)->local; 592 unsigned long flags; 593 594 spin_lock_irqsave(&local->sta_lock, flags); 595 __sta_info_unlink(sta); 596 spin_unlock_irqrestore(&local->sta_lock, flags); 597 } 598 599 static int sta_info_buffer_expired(struct sta_info *sta, 600 struct sk_buff *skb) 601 { 602 struct ieee80211_tx_info *info; 603 int timeout; 604 605 if (!skb) 606 return 0; 607 608 info = IEEE80211_SKB_CB(skb); 609 610 /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */ 611 timeout = (sta->listen_interval * 612 sta->sdata->vif.bss_conf.beacon_int * 613 32 / 15625) * HZ; 614 if (timeout < STA_TX_BUFFER_EXPIRE) 615 timeout = STA_TX_BUFFER_EXPIRE; 616 return time_after(jiffies, info->control.jiffies + timeout); 617 } 618 619 620 static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, 621 struct sta_info *sta) 622 { 623 unsigned long flags; 624 struct sk_buff *skb; 625 struct ieee80211_sub_if_data *sdata; 626 627 if (skb_queue_empty(&sta->ps_tx_buf)) 628 return; 629 630 for (;;) { 631 spin_lock_irqsave(&sta->ps_tx_buf.lock, flags); 632 skb = skb_peek(&sta->ps_tx_buf); 633 if (sta_info_buffer_expired(sta, skb)) 634 skb = __skb_dequeue(&sta->ps_tx_buf); 635 else 636 skb = NULL; 637 spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags); 638 639 if (!skb) 640 break; 641 642 sdata = sta->sdata; 643 local->total_ps_buffered--; 644 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 645 printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n", 646 sta->sta.addr); 647 #endif 648 dev_kfree_skb(skb); 649 650 if (skb_queue_empty(&sta->ps_tx_buf)) 651 sta_info_clear_tim_bit(sta); 652 } 653 } 654 655 656 static void sta_info_cleanup(unsigned long data) 657 { 658 struct ieee80211_local *local = (struct ieee80211_local *) data; 659 struct sta_info *sta; 660 661 rcu_read_lock(); 662 list_for_each_entry_rcu(sta, &local->sta_list, list) 663 sta_info_cleanup_expire_buffered(local, sta); 664 rcu_read_unlock(); 665 666 if (local->quiescing) 667 return; 668 669 local->sta_cleanup.expires = 670 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 671 add_timer(&local->sta_cleanup); 672 } 673 674 #ifdef CONFIG_MAC80211_DEBUGFS 675 /* 676 * See comment in __sta_info_unlink, 677 * caller must hold local->sta_lock. 678 */ 679 static void __sta_info_pin(struct sta_info *sta) 680 { 681 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); 682 sta->pin_status = STA_INFO_PIN_STAT_PINNED; 683 } 684 685 /* 686 * See comment in __sta_info_unlink, returns sta if it 687 * needs to be destroyed. 688 */ 689 static struct sta_info *__sta_info_unpin(struct sta_info *sta) 690 { 691 struct sta_info *ret = NULL; 692 unsigned long flags; 693 694 spin_lock_irqsave(&sta->local->sta_lock, flags); 695 WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && 696 sta->pin_status != STA_INFO_PIN_STAT_PINNED); 697 if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) 698 ret = sta; 699 sta->pin_status = STA_INFO_PIN_STAT_NORMAL; 700 spin_unlock_irqrestore(&sta->local->sta_lock, flags); 701 702 return ret; 703 } 704 705 static void sta_info_debugfs_add_work(struct work_struct *work) 706 { 707 struct ieee80211_local *local = 708 container_of(work, struct ieee80211_local, sta_debugfs_add); 709 struct sta_info *sta, *tmp; 710 unsigned long flags; 711 712 /* We need to keep the RTNL across the whole pinned status. */ 713 rtnl_lock(); 714 while (1) { 715 sta = NULL; 716 717 spin_lock_irqsave(&local->sta_lock, flags); 718 list_for_each_entry(tmp, &local->sta_list, list) { 719 /* 720 * debugfs.add_has_run will be set by 721 * ieee80211_sta_debugfs_add regardless 722 * of what else it does. 723 */ 724 if (!tmp->debugfs.add_has_run) { 725 sta = tmp; 726 __sta_info_pin(sta); 727 break; 728 } 729 } 730 spin_unlock_irqrestore(&local->sta_lock, flags); 731 732 if (!sta) 733 break; 734 735 ieee80211_sta_debugfs_add(sta); 736 rate_control_add_sta_debugfs(sta); 737 738 sta = __sta_info_unpin(sta); 739 sta_info_destroy(sta); 740 } 741 rtnl_unlock(); 742 } 743 #endif 744 745 void sta_info_init(struct ieee80211_local *local) 746 { 747 spin_lock_init(&local->sta_lock); 748 INIT_LIST_HEAD(&local->sta_list); 749 750 setup_timer(&local->sta_cleanup, sta_info_cleanup, 751 (unsigned long)local); 752 local->sta_cleanup.expires = 753 round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); 754 755 #ifdef CONFIG_MAC80211_DEBUGFS 756 INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_work); 757 #endif 758 } 759 760 int sta_info_start(struct ieee80211_local *local) 761 { 762 add_timer(&local->sta_cleanup); 763 return 0; 764 } 765 766 void sta_info_stop(struct ieee80211_local *local) 767 { 768 del_timer(&local->sta_cleanup); 769 #ifdef CONFIG_MAC80211_DEBUGFS 770 /* 771 * Make sure the debugfs adding work isn't pending after this 772 * because we're about to be destroyed. It doesn't matter 773 * whether it ran or not since we're going to flush all STAs 774 * anyway. 775 */ 776 cancel_work_sync(&local->sta_debugfs_add); 777 #endif 778 779 sta_info_flush(local, NULL); 780 } 781 782 /** 783 * sta_info_flush - flush matching STA entries from the STA table 784 * 785 * Returns the number of removed STA entries. 786 * 787 * @local: local interface data 788 * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs 789 */ 790 int sta_info_flush(struct ieee80211_local *local, 791 struct ieee80211_sub_if_data *sdata) 792 { 793 struct sta_info *sta, *tmp; 794 LIST_HEAD(tmp_list); 795 int ret = 0; 796 unsigned long flags; 797 798 might_sleep(); 799 800 spin_lock_irqsave(&local->sta_lock, flags); 801 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { 802 if (!sdata || sdata == sta->sdata) { 803 __sta_info_unlink(&sta); 804 if (sta) { 805 list_add_tail(&sta->list, &tmp_list); 806 ret++; 807 } 808 } 809 } 810 spin_unlock_irqrestore(&local->sta_lock, flags); 811 812 list_for_each_entry_safe(sta, tmp, &tmp_list, list) 813 sta_info_destroy(sta); 814 815 return ret; 816 } 817 818 void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata, 819 unsigned long exp_time) 820 { 821 struct ieee80211_local *local = sdata->local; 822 struct sta_info *sta, *tmp; 823 LIST_HEAD(tmp_list); 824 unsigned long flags; 825 826 spin_lock_irqsave(&local->sta_lock, flags); 827 list_for_each_entry_safe(sta, tmp, &local->sta_list, list) 828 if (time_after(jiffies, sta->last_rx + exp_time)) { 829 #ifdef CONFIG_MAC80211_IBSS_DEBUG 830 printk(KERN_DEBUG "%s: expiring inactive STA %pM\n", 831 sdata->dev->name, sta->sta.addr); 832 #endif 833 __sta_info_unlink(&sta); 834 if (sta) 835 list_add(&sta->list, &tmp_list); 836 } 837 spin_unlock_irqrestore(&local->sta_lock, flags); 838 839 list_for_each_entry_safe(sta, tmp, &tmp_list, list) 840 sta_info_destroy(sta); 841 } 842 843 struct ieee80211_sta *ieee80211_find_sta_by_hw(struct ieee80211_hw *hw, 844 const u8 *addr) 845 { 846 struct sta_info *sta = sta_info_get(hw_to_local(hw), addr); 847 848 if (!sta) 849 return NULL; 850 return &sta->sta; 851 } 852 EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_hw); 853 854 struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif, 855 const u8 *addr) 856 { 857 struct ieee80211_sub_if_data *sdata; 858 859 if (!vif) 860 return NULL; 861 862 sdata = vif_to_sdata(vif); 863 864 return ieee80211_find_sta_by_hw(&sdata->local->hw, addr); 865 } 866 EXPORT_SYMBOL(ieee80211_find_sta); 867 868 /* powersave support code */ 869 void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta) 870 { 871 struct ieee80211_sub_if_data *sdata = sta->sdata; 872 struct ieee80211_local *local = sdata->local; 873 int sent, buffered; 874 875 drv_sta_notify(local, &sdata->vif, STA_NOTIFY_AWAKE, &sta->sta); 876 877 if (!skb_queue_empty(&sta->ps_tx_buf)) 878 sta_info_clear_tim_bit(sta); 879 880 /* Send all buffered frames to the station */ 881 sent = ieee80211_add_pending_skbs(local, &sta->tx_filtered); 882 buffered = ieee80211_add_pending_skbs(local, &sta->ps_tx_buf); 883 sent += buffered; 884 local->total_ps_buffered -= buffered; 885 886 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 887 printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames " 888 "since STA not sleeping anymore\n", sdata->dev->name, 889 sta->sta.addr, sta->sta.aid, sent - buffered, buffered); 890 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 891 } 892 893 void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta) 894 { 895 struct ieee80211_sub_if_data *sdata = sta->sdata; 896 struct ieee80211_local *local = sdata->local; 897 struct sk_buff *skb; 898 int no_pending_pkts; 899 900 skb = skb_dequeue(&sta->tx_filtered); 901 if (!skb) { 902 skb = skb_dequeue(&sta->ps_tx_buf); 903 if (skb) 904 local->total_ps_buffered--; 905 } 906 no_pending_pkts = skb_queue_empty(&sta->tx_filtered) && 907 skb_queue_empty(&sta->ps_tx_buf); 908 909 if (skb) { 910 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 911 struct ieee80211_hdr *hdr = 912 (struct ieee80211_hdr *) skb->data; 913 914 /* 915 * Tell TX path to send this frame even though the STA may 916 * still remain is PS mode after this frame exchange. 917 */ 918 info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE; 919 920 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 921 printk(KERN_DEBUG "STA %pM aid %d: PS Poll (entries after %d)\n", 922 sta->sta.addr, sta->sta.aid, 923 skb_queue_len(&sta->ps_tx_buf)); 924 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 925 926 /* Use MoreData flag to indicate whether there are more 927 * buffered frames for this STA */ 928 if (no_pending_pkts) 929 hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA); 930 else 931 hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA); 932 933 ieee80211_add_pending_skb(local, skb); 934 935 if (no_pending_pkts) 936 sta_info_clear_tim_bit(sta); 937 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG 938 } else { 939 /* 940 * FIXME: This can be the result of a race condition between 941 * us expiring a frame and the station polling for it. 942 * Should we send it a null-func frame indicating we 943 * have nothing buffered for it? 944 */ 945 printk(KERN_DEBUG "%s: STA %pM sent PS Poll even " 946 "though there are no buffered frames for it\n", 947 sdata->dev->name, sta->sta.addr); 948 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */ 949 } 950 } 951 952 void ieee80211_sta_block_awake(struct ieee80211_hw *hw, 953 struct ieee80211_sta *pubsta, bool block) 954 { 955 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 956 957 if (block) 958 set_sta_flags(sta, WLAN_STA_PS_DRIVER); 959 else 960 ieee80211_queue_work(hw, &sta->drv_unblock_wk); 961 } 962 EXPORT_SYMBOL(ieee80211_sta_block_awake); 963