LXR linux/net/mac80211/sta

   1/*
   2 * Copyright 2002-2005, Instant802 Networks, Inc.
   3 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License version 2 as
   7 * published by the Free Software Foundation.
   8 */
   9
  10#include <linux/module.h>
  11#include <linux/init.h>
  12#include <linux/etherdevice.h>
  13#include <linux/netdevice.h>
  14#include <linux/types.h>
  15#include <linux/slab.h>
  16#include <linux/skbuff.h>
  17#include <linux/if_arp.h>
  18#include <linux/timer.h>
  19#include <linux/rtnetlink.h>
  20
  21#include <net/mac80211.h>
  22#include "ieee80211_i.h"
  23#include "driver-ops.h"
  24#include "rate.h"
  25#include "sta_info.h"
  26#include "debugfs_sta.h"
  27#include "mesh.h"
  28#include "wme.h"
  29
  30/**
  31 * DOC: STA information lifetime rules
  32 *
  33 * STA info structures (&struct sta_info) are managed in a hash table
  34 * for faster lookup and a list for iteration. They are managed using
  35 * RCU, i.e. access to the list and hash table is protected by RCU.
  36 *
  37 * Upon allocating a STA info structure with sta_info_alloc(), the caller
  38 * owns that structure. It must then insert it into the hash table using
  39 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
  40 * case (which acquires an rcu read section but must not be called from
  41 * within one) will the pointer still be valid after the call. Note that
  42 * the caller may not do much with the STA info before inserting it, in
  43 * particular, it may not start any mesh peer link management or add
  44 * encryption keys.
  45 *
  46 * When the insertion fails (sta_info_insert()) returns non-zero), the
  47 * structure will have been freed by sta_info_insert()!
  48 *
  49 * Station entries are added by mac80211 when you establish a link with a
  50 * peer. This means different things for the different type of interfaces
  51 * we support. For a regular station this mean we add the AP sta when we
  52 * receive an association response from the AP. For IBSS this occurs when
  53 * get to know about a peer on the same IBSS. For WDS we add the sta for
  54 * the peer immediately upon device open. When using AP mode we add stations
  55 * for each respective station upon request from userspace through nl80211.
  56 *
  57 * In order to remove a STA info structure, various sta_info_destroy_*()
  58 * calls are available.
  59 *
  60 * There is no concept of ownership on a STA entry, each structure is
  61 * owned by the global hash table/list until it is removed. All users of
  62 * the structure need to be RCU protected so that the structure won't be
  63 * freed before they are done using it.
  64 */
  65
  66/* Caller must hold local->sta_mtx */
  67static int sta_info_hash_del(struct ieee80211_local *local,
  68                             struct sta_info *sta)
  69{
  70        struct sta_info *s;
  71
  72        s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
  73                                      lockdep_is_held(&local->sta_mtx));
  74        if (!s)
  75                return -ENOENT;
  76        if (s == sta) {
  77                rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
  78                                   s->hnext);
  79                return 0;
  80        }
  81
  82        while (rcu_access_pointer(s->hnext) &&
  83               rcu_access_pointer(s->hnext) != sta)
  84                s = rcu_dereference_protected(s->hnext,
  85                                        lockdep_is_held(&local->sta_mtx));
  86        if (rcu_access_pointer(s->hnext)) {
  87                rcu_assign_pointer(s->hnext, sta->hnext);
  88                return 0;
  89        }
  90
  91        return -ENOENT;
  92}
  93
  94static void cleanup_single_sta(struct sta_info *sta)
  95{
  96        int ac, i;
  97        struct tid_ampdu_tx *tid_tx;
  98        struct ieee80211_sub_if_data *sdata = sta->sdata;
  99        struct ieee80211_local *local = sdata->local;
 100        struct ps_data *ps;
 101
 102        /*
 103         * At this point, when being called as call_rcu callback,
 104         * neither mac80211 nor the driver can reference this
 105         * sta struct any more except by still existing timers
 106         * associated with this station that we clean up below.
 107         *
 108         * Note though that this still uses the sdata and even
 109         * calls the driver in AP and mesh mode, so interfaces
 110         * of those types mush use call sta_info_flush_cleanup()
 111         * (typically via sta_info_flush()) before deconfiguring
 112         * the driver.
 113         *
 114         * In station mode, nothing happens here so it doesn't
 115         * have to (and doesn't) do that, this is intentional to
 116         * speed up roaming.
 117         */
 118
 119        if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
 120                if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
 121                    sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 122                        ps = &sdata->bss->ps;
 123                else if (ieee80211_vif_is_mesh(&sdata->vif))
 124                        ps = &sdata->u.mesh.ps;
 125                else
 126                        return;
 127
 128                clear_sta_flag(sta, WLAN_STA_PS_STA);
 129
 130                atomic_dec(&ps->num_sta_ps);
 131                sta_info_recalc_tim(sta);
 132        }
 133
 134        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 135                local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
 136                ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
 137                ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
 138        }
 139
 140        if (ieee80211_vif_is_mesh(&sdata->vif))
 141                mesh_sta_cleanup(sta);
 142
 143        cancel_work_sync(&sta->drv_unblock_wk);
 144
 145        /*
 146         * Destroy aggregation state here. It would be nice to wait for the
 147         * driver to finish aggregation stop and then clean up, but for now
 148         * drivers have to handle aggregation stop being requested, followed
 149         * directly by station destruction.
 150         */
 151        for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
 152                kfree(sta->ampdu_mlme.tid_start_tx[i]);
 153                tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
 154                if (!tid_tx)
 155                        continue;
 156                ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
 157                kfree(tid_tx);
 158        }
 159
 160        sta_info_free(local, sta);
 161}
 162
 163void ieee80211_cleanup_sdata_stas(struct ieee80211_sub_if_data *sdata)
 164{
 165        struct sta_info *sta;
 166
 167        spin_lock_bh(&sdata->cleanup_stations_lock);
 168        while (!list_empty(&sdata->cleanup_stations)) {
 169                sta = list_first_entry(&sdata->cleanup_stations,
 170                                       struct sta_info, list);
 171                list_del(&sta->list);
 172                spin_unlock_bh(&sdata->cleanup_stations_lock);
 173
 174                cleanup_single_sta(sta);
 175
 176                spin_lock_bh(&sdata->cleanup_stations_lock);
 177        }
 178
 179        spin_unlock_bh(&sdata->cleanup_stations_lock);
 180}
 181
 182static void free_sta_rcu(struct rcu_head *h)
 183{
 184        struct sta_info *sta = container_of(h, struct sta_info, rcu_head);
 185        struct ieee80211_sub_if_data *sdata = sta->sdata;
 186
 187        spin_lock(&sdata->cleanup_stations_lock);
 188        list_add_tail(&sta->list, &sdata->cleanup_stations);
 189        spin_unlock(&sdata->cleanup_stations_lock);
 190
 191        ieee80211_queue_work(&sdata->local->hw, &sdata->cleanup_stations_wk);
 192}
 193
 194/* protected by RCU */
 195struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
 196                              const u8 *addr)
 197{
 198        struct ieee80211_local *local = sdata->local;
 199        struct sta_info *sta;
 200
 201        sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
 202                                    lockdep_is_held(&local->sta_mtx));
 203        while (sta) {
 204                if (sta->sdata == sdata &&
 205                    ether_addr_equal(sta->sta.addr, addr))
 206                        break;
 207                sta = rcu_dereference_check(sta->hnext,
 208                                            lockdep_is_held(&local->sta_mtx));
 209        }
 210        return sta;
 211}
 212
 213/*
 214 * Get sta info either from the specified interface
 215 * or from one of its vlans
 216 */
 217struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
 218                                  const u8 *addr)
 219{
 220        struct ieee80211_local *local = sdata->local;
 221        struct sta_info *sta;
 222
 223        sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
 224                                    lockdep_is_held(&local->sta_mtx));
 225        while (sta) {
 226                if ((sta->sdata == sdata ||
 227                     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
 228                    ether_addr_equal(sta->sta.addr, addr))
 229                        break;
 230                sta = rcu_dereference_check(sta->hnext,
 231                                            lockdep_is_held(&local->sta_mtx));
 232        }
 233        return sta;
 234}
 235
 236struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
 237                                     int idx)
 238{
 239        struct ieee80211_local *local = sdata->local;
 240        struct sta_info *sta;
 241        int i = 0;
 242
 243        list_for_each_entry_rcu(sta, &local->sta_list, list) {
 244                if (sdata != sta->sdata)
 245                        continue;
 246                if (i < idx) {
 247                        ++i;
 248                        continue;
 249                }
 250                return sta;
 251        }
 252
 253        return NULL;
 254}
 255
 256/**
 257 * sta_info_free - free STA
 258 *
 259 * @local: pointer to the global information
 260 * @sta: STA info to free
 261 *
 262 * This function must undo everything done by sta_info_alloc()
 263 * that may happen before sta_info_insert(). It may only be
 264 * called when sta_info_insert() has not been attempted (and
 265 * if that fails, the station is freed anyway.)
 266 */
 267void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
 268{
 269        if (sta->rate_ctrl)
 270                rate_control_free_sta(sta);
 271
 272        sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
 273
 274        kfree(sta);
 275}
 276
 277/* Caller must hold local->sta_mtx */
 278static void sta_info_hash_add(struct ieee80211_local *local,
 279                              struct sta_info *sta)
 280{
 281        lockdep_assert_held(&local->sta_mtx);
 282        sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
 283        rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
 284}
 285
 286static void sta_unblock(struct work_struct *wk)
 287{
 288        struct sta_info *sta;
 289
 290        sta = container_of(wk, struct sta_info, drv_unblock_wk);
 291
 292        if (sta->dead)
 293                return;
 294
 295        if (!test_sta_flag(sta, WLAN_STA_PS_STA)) {
 296                local_bh_disable();
 297                ieee80211_sta_ps_deliver_wakeup(sta);
 298                local_bh_enable();
 299        } else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL)) {
 300                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 301
 302                local_bh_disable();
 303                ieee80211_sta_ps_deliver_poll_response(sta);
 304                local_bh_enable();
 305        } else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD)) {
 306                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 307
 308                local_bh_disable();
 309                ieee80211_sta_ps_deliver_uapsd(sta);
 310                local_bh_enable();
 311        } else
 312                clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
 313}
 314
 315static int sta_prepare_rate_control(struct ieee80211_local *local,
 316                                    struct sta_info *sta, gfp_t gfp)
 317{
 318        if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
 319                return 0;
 320
 321        sta->rate_ctrl = local->rate_ctrl;
 322        sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
 323                                                     &sta->sta, gfp);
 324        if (!sta->rate_ctrl_priv)
 325                return -ENOMEM;
 326
 327        return 0;
 328}
 329
 330struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
 331                                const u8 *addr, gfp_t gfp)
 332{
 333        struct ieee80211_local *local = sdata->local;
 334        struct sta_info *sta;
 335        struct timespec uptime;
 336        int i;
 337
 338        sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
 339        if (!sta)
 340                return NULL;
 341
 342        spin_lock_init(&sta->lock);
 343        INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
 344        INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
 345        mutex_init(&sta->ampdu_mlme.mtx);
 346#ifdef CONFIG_MAC80211_MESH
 347        if (ieee80211_vif_is_mesh(&sdata->vif) &&
 348            !sdata->u.mesh.user_mpm)
 349                init_timer(&sta->plink_timer);
 350        sta->nonpeer_pm = NL80211_MESH_POWER_ACTIVE;
 351#endif
 352
 353        memcpy(sta->sta.addr, addr, ETH_ALEN);
 354        sta->local = local;
 355        sta->sdata = sdata;
 356        sta->last_rx = jiffies;
 357
 358        sta->sta_state = IEEE80211_STA_NONE;
 359
 360        do_posix_clock_monotonic_gettime(&uptime);
 361        sta->last_connected = uptime.tv_sec;
 362        ewma_init(&sta->avg_signal, 1024, 8);
 363        for (i = 0; i < ARRAY_SIZE(sta->chain_signal_avg); i++)
 364                ewma_init(&sta->chain_signal_avg[i], 1024, 8);
 365
 366        if (sta_prepare_rate_control(local, sta, gfp)) {
 367                kfree(sta);
 368                return NULL;
 369        }
 370
 371        for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
 372                /*
 373                 * timer_to_tid must be initialized with identity mapping
 374                 * to enable session_timer's data differentiation. See
 375                 * sta_rx_agg_session_timer_expired for usage.
 376                 */
 377                sta->timer_to_tid[i] = i;
 378        }
 379        for (i = 0; i < IEEE80211_NUM_ACS; i++) {
 380                skb_queue_head_init(&sta->ps_tx_buf[i]);
 381                skb_queue_head_init(&sta->tx_filtered[i]);
 382        }
 383
 384        for (i = 0; i < IEEE80211_NUM_TIDS; i++)
 385                sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
 386
 387        sta->sta.smps_mode = IEEE80211_SMPS_OFF;
 388
 389        sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
 390
 391        return sta;
 392}
 393
 394static int sta_info_insert_check(struct sta_info *sta)
 395{
 396        struct ieee80211_sub_if_data *sdata = sta->sdata;
 397
 398        /*
 399         * Can't be a WARN_ON because it can be triggered through a race:
 400         * something inserts a STA (on one CPU) without holding the RTNL
 401         * and another CPU turns off the net device.
 402         */
 403        if (unlikely(!ieee80211_sdata_running(sdata)))
 404                return -ENETDOWN;
 405
 406        if (WARN_ON(ether_addr_equal(sta->sta.addr, sdata->vif.addr) ||
 407                    is_multicast_ether_addr(sta->sta.addr)))
 408                return -EINVAL;
 409
 410        return 0;
 411}
 412
 413static int sta_info_insert_drv_state(struct ieee80211_local *local,
 414                                     struct ieee80211_sub_if_data *sdata,
 415                                     struct sta_info *sta)
 416{
 417        enum ieee80211_sta_state state;
 418        int err = 0;
 419
 420        for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
 421                err = drv_sta_state(local, sdata, sta, state, state + 1);
 422                if (err)
 423                        break;
 424        }
 425
 426        if (!err) {
 427                /*
 428                 * Drivers using legacy sta_add/sta_remove callbacks only
 429                 * get uploaded set to true after sta_add is called.
 430                 */
 431                if (!local->ops->sta_add)
 432                        sta->uploaded = true;
 433                return 0;
 434        }
 435
 436        if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
 437                sdata_info(sdata,
 438                           "failed to move IBSS STA %pM to state %d (%d) - keeping it anyway\n",
 439                           sta->sta.addr, state + 1, err);
 440                err = 0;
 441        }
 442
 443        /* unwind on error */
 444        for (; state > IEEE80211_STA_NOTEXIST; state--)
 445                WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));
 446
 447        return err;
 448}
 449
 450/*
 451 * should be called with sta_mtx locked
 452 * this function replaces the mutex lock
 453 * with a RCU lock
 454 */
 455static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
 456{
 457        struct ieee80211_local *local = sta->local;
 458        struct ieee80211_sub_if_data *sdata = sta->sdata;
 459        struct station_info sinfo;
 460        int err = 0;
 461
 462        lockdep_assert_held(&local->sta_mtx);
 463
 464        /* check if STA exists already */
 465        if (sta_info_get_bss(sdata, sta->sta.addr)) {
 466                err = -EEXIST;
 467                goto out_err;
 468        }
 469
 470        /* notify driver */
 471        err = sta_info_insert_drv_state(local, sdata, sta);
 472        if (err)
 473                goto out_err;
 474
 475        local->num_sta++;
 476        local->sta_generation++;
 477        smp_mb();
 478
 479        /* make the station visible */
 480        sta_info_hash_add(local, sta);
 481
 482        list_add_rcu(&sta->list, &local->sta_list);
 483
 484        set_sta_flag(sta, WLAN_STA_INSERTED);
 485
 486        ieee80211_sta_debugfs_add(sta);
 487        rate_control_add_sta_debugfs(sta);
 488
 489        memset(&sinfo, 0, sizeof(sinfo));
 490        sinfo.filled = 0;
 491        sinfo.generation = local->sta_generation;
 492        cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
 493
 494        sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr);
 495
 496        /* move reference to rcu-protected */
 497        rcu_read_lock();
 498        mutex_unlock(&local->sta_mtx);
 499
 500        if (ieee80211_vif_is_mesh(&sdata->vif))
 501                mesh_accept_plinks_update(sdata);
 502
 503        return 0;
 504 out_err:
 505        mutex_unlock(&local->sta_mtx);
 506        rcu_read_lock();
 507        return err;
 508}
 509
 510int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
 511{
 512        struct ieee80211_local *local = sta->local;
 513        int err = 0;
 514
 515        might_sleep();
 516
 517        err = sta_info_insert_check(sta);
 518        if (err) {
 519                rcu_read_lock();
 520                goto out_free;
 521        }
 522
 523        mutex_lock(&local->sta_mtx);
 524
 525        err = sta_info_insert_finish(sta);
 526        if (err)
 527                goto out_free;
 528
 529        return 0;
 530 out_free:
 531        BUG_ON(!err);
 532        sta_info_free(local, sta);
 533        return err;
 534}
 535
 536int sta_info_insert(struct sta_info *sta)
 537{
 538        int err = sta_info_insert_rcu(sta);
 539
 540        rcu_read_unlock();
 541
 542        return err;
 543}
 544
 545static inline void __bss_tim_set(u8 *tim, u16 id)
 546{
 547        /*
 548         * This format has been mandated by the IEEE specifications,
 549         * so this line may not be changed to use the __set_bit() format.
 550         */
 551        tim[id / 8] |= (1 << (id % 8));
 552}
 553
 554static inline void __bss_tim_clear(u8 *tim, u16 id)
 555{
 556        /*
 557         * This format has been mandated by the IEEE specifications,
 558         * so this line may not be changed to use the __clear_bit() format.
 559         */
 560        tim[id / 8] &= ~(1 << (id % 8));
 561}
 562
 563static inline bool __bss_tim_get(u8 *tim, u16 id)
 564{
 565        /*
 566         * This format has been mandated by the IEEE specifications,
 567         * so this line may not be changed to use the test_bit() format.
 568         */
 569        return tim[id / 8] & (1 << (id % 8));
 570}
 571
 572static unsigned long ieee80211_tids_for_ac(int ac)
 573{
 574        /* If we ever support TIDs > 7, this obviously needs to be adjusted */
 575        switch (ac) {
 576        case IEEE80211_AC_VO:
 577                return BIT(6) | BIT(7);
 578        case IEEE80211_AC_VI:
 579                return BIT(4) | BIT(5);
 580        case IEEE80211_AC_BE:
 581                return BIT(0) | BIT(3);
 582        case IEEE80211_AC_BK:
 583                return BIT(1) | BIT(2);
 584        default:
 585                WARN_ON(1);
 586                return 0;
 587        }
 588}
 589
 590void sta_info_recalc_tim(struct sta_info *sta)
 591{
 592        struct ieee80211_local *local = sta->local;
 593        struct ps_data *ps;
 594        bool indicate_tim = false;
 595        u8 ignore_for_tim = sta->sta.uapsd_queues;
 596        int ac;
 597        u16 id;
 598
 599        if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
 600            sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
 601                if (WARN_ON_ONCE(!sta->sdata->bss))
 602                        return;
 603
 604                ps = &sta->sdata->bss->ps;
 605                id = sta->sta.aid;
 606#ifdef CONFIG_MAC80211_MESH
 607        } else if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
 608                ps = &sta->sdata->u.mesh.ps;
 609                /* TIM map only for PLID <= IEEE80211_MAX_AID */
 610                id = le16_to_cpu(sta->plid) % IEEE80211_MAX_AID;
 611#endif
 612        } else {
 613                return;
 614        }
 615
 616        /* No need to do anything if the driver does all */
 617        if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
 618                return;
 619
 620        if (sta->dead)
 621                goto done;
 622
 623        /*
 624         * If all ACs are delivery-enabled then we should build
 625         * the TIM bit for all ACs anyway; if only some are then
 626         * we ignore those and build the TIM bit using only the
 627         * non-enabled ones.
 628         */
 629        if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
 630                ignore_for_tim = 0;
 631
 632        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
 633                unsigned long tids;
 634
 635                if (ignore_for_tim & BIT(ac))
 636                        continue;
 637
 638                indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
 639                                !skb_queue_empty(&sta->ps_tx_buf[ac]);
 640                if (indicate_tim)
 641                        break;
 642
 643                tids = ieee80211_tids_for_ac(ac);
 644
 645                indicate_tim |=
 646                        sta->driver_buffered_tids & tids;
 647        }
 648
 649 done:
 650        spin_lock_bh(&local->tim_lock);
 651
 652        if (indicate_tim == __bss_tim_get(ps->tim, id))
 653                goto out_unlock;
 654
 655        if (indicate_tim)
 656                __bss_tim_set(ps->tim, id);
 657        else
 658                __bss_tim_clear(ps->tim, id);
 659
 660        if (local->ops->set_tim) {
 661                local->tim_in_locked_section = true;
 662                drv_set_tim(local, &sta->sta, indicate_tim);
 663                local->tim_in_locked_section = false;
 664        }
 665
 666out_unlock:
 667        spin_unlock_bh(&local->tim_lock);
 668}
 669
 670static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
 671{
 672        struct ieee80211_tx_info *info;
 673        int timeout;
 674
 675        if (!skb)
 676                return false;
 677
 678        info = IEEE80211_SKB_CB(skb);
 679
 680        /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
 681        timeout = (sta->listen_interval *
 682                   sta->sdata->vif.bss_conf.beacon_int *
 683                   32 / 15625) * HZ;
 684        if (timeout < STA_TX_BUFFER_EXPIRE)
 685                timeout = STA_TX_BUFFER_EXPIRE;
 686        return time_after(jiffies, info->control.jiffies + timeout);
 687}
 688
 689
 690static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
 691                                                struct sta_info *sta, int ac)
 692{
 693        unsigned long flags;
 694        struct sk_buff *skb;
 695
 696        /*
 697         * First check for frames that should expire on the filtered
 698         * queue. Frames here were rejected by the driver and are on
 699         * a separate queue to avoid reordering with normal PS-buffered
 700         * frames. They also aren't accounted for right now in the
 701         * total_ps_buffered counter.
 702         */
 703        for (;;) {
 704                spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
 705                skb = skb_peek(&sta->tx_filtered[ac]);
 706                if (sta_info_buffer_expired(sta, skb))
 707                        skb = __skb_dequeue(&sta->tx_filtered[ac]);
 708                else
 709                        skb = NULL;
 710                spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
 711
 712                /*
 713                 * Frames are queued in order, so if this one
 714                 * hasn't expired yet we can stop testing. If
 715                 * we actually reached the end of the queue we
 716                 * also need to stop, of course.
 717                 */
 718                if (!skb)
 719                        break;
 720                ieee80211_free_txskb(&local->hw, skb);
 721        }
 722
 723        /*
 724         * Now also check the normal PS-buffered queue, this will
 725         * only find something if the filtered queue was emptied
 726         * since the filtered frames are all before the normal PS
 727         * buffered frames.
 728         */
 729        for (;;) {
 730                spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
 731                skb = skb_peek(&sta->ps_tx_buf[ac]);
 732                if (sta_info_buffer_expired(sta, skb))
 733                        skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
 734                else
 735                        skb = NULL;
 736                spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
 737
 738                /*
 739                 * frames are queued in order, so if this one
 740                 * hasn't expired yet (or we reached the end of
 741                 * the queue) we can stop testing
 742                 */
 743                if (!skb)
 744                        break;
 745
 746                local->total_ps_buffered--;
 747                ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
 748                       sta->sta.addr);
 749                ieee80211_free_txskb(&local->hw, skb);
 750        }
 751
 752        /*
 753         * Finally, recalculate the TIM bit for this station -- it might
 754         * now be clear because the station was too slow to retrieve its
 755         * frames.
 756         */
 757        sta_info_recalc_tim(sta);
 758
 759        /*
 760         * Return whether there are any frames still buffered, this is
 761         * used to check whether the cleanup timer still needs to run,
 762         * if there are no frames we don't need to rearm the timer.
 763         */
 764        return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
 765                 skb_queue_empty(&sta->tx_filtered[ac]));
 766}
 767
 768static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
 769                                             struct sta_info *sta)
 770{
 771        bool have_buffered = false;
 772        int ac;
 773
 774        /* This is only necessary for stations on BSS/MBSS interfaces */
 775        if (!sta->sdata->bss &&
 776            !ieee80211_vif_is_mesh(&sta->sdata->vif))
 777                return false;
 778
 779        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
 780                have_buffered |=
 781                        sta_info_cleanup_expire_buffered_ac(local, sta, ac);
 782
 783        return have_buffered;
 784}
 785
 786int __must_check __sta_info_destroy(struct sta_info *sta)
 787{
 788        struct ieee80211_local *local;
 789        struct ieee80211_sub_if_data *sdata;
 790        int ret;
 791
 792        might_sleep();
 793
 794        if (!sta)
 795                return -ENOENT;
 796
 797        local = sta->local;
 798        sdata = sta->sdata;
 799
 800        lockdep_assert_held(&local->sta_mtx);
 801
 802        /*
 803         * Before removing the station from the driver and
 804         * rate control, it might still start new aggregation
 805         * sessions -- block that to make sure the tear-down
 806         * will be sufficient.
 807         */
 808        set_sta_flag(sta, WLAN_STA_BLOCK_BA);
 809        ieee80211_sta_tear_down_BA_sessions(sta, AGG_STOP_DESTROY_STA);
 810
 811        ret = sta_info_hash_del(local, sta);
 812        if (ret)
 813                return ret;
 814
 815        list_del_rcu(&sta->list);
 816
 817        /* this always calls synchronize_net() */
 818        ieee80211_free_sta_keys(local, sta);
 819
 820        sta->dead = true;
 821
 822        local->num_sta--;
 823        local->sta_generation++;
 824
 825        if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
 826                RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
 827
 828        while (sta->sta_state > IEEE80211_STA_NONE) {
 829                ret = sta_info_move_state(sta, sta->sta_state - 1);
 830                if (ret) {
 831                        WARN_ON_ONCE(1);
 832                        break;
 833                }
 834        }
 835
 836        if (sta->uploaded) {
 837                ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
 838                                    IEEE80211_STA_NOTEXIST);
 839                WARN_ON_ONCE(ret != 0);
 840        }
 841
 842        sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr);
 843
 844        cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);
 845
 846        rate_control_remove_sta_debugfs(sta);
 847        ieee80211_sta_debugfs_remove(sta);
 848
 849        call_rcu(&sta->rcu_head, free_sta_rcu);
 850
 851        return 0;
 852}
 853
 854int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
 855{
 856        struct sta_info *sta;
 857        int ret;
 858
 859        mutex_lock(&sdata->local->sta_mtx);
 860        sta = sta_info_get(sdata, addr);
 861        ret = __sta_info_destroy(sta);
 862        mutex_unlock(&sdata->local->sta_mtx);
 863
 864        return ret;
 865}
 866
 867int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
 868                              const u8 *addr)
 869{
 870        struct sta_info *sta;
 871        int ret;
 872
 873        mutex_lock(&sdata->local->sta_mtx);
 874        sta = sta_info_get_bss(sdata, addr);
 875        ret = __sta_info_destroy(sta);
 876        mutex_unlock(&sdata->local->sta_mtx);
 877
 878        return ret;
 879}
 880
 881static void sta_info_cleanup(unsigned long data)
 882{
 883        struct ieee80211_local *local = (struct ieee80211_local *) data;
 884        struct sta_info *sta;
 885        bool timer_needed = false;
 886
 887        rcu_read_lock();
 888        list_for_each_entry_rcu(sta, &local->sta_list, list)
 889                if (sta_info_cleanup_expire_buffered(local, sta))
 890                        timer_needed = true;
 891        rcu_read_unlock();
 892
 893        if (local->quiescing)
 894                return;
 895
 896        if (!timer_needed)
 897                return;
 898
 899        mod_timer(&local->sta_cleanup,
 900                  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
 901}
 902
 903void sta_info_init(struct ieee80211_local *local)
 904{
 905        spin_lock_init(&local->tim_lock);
 906        mutex_init(&local->sta_mtx);
 907        INIT_LIST_HEAD(&local->sta_list);
 908
 909        setup_timer(&local->sta_cleanup, sta_info_cleanup,
 910                    (unsigned long)local);
 911}
 912
 913void sta_info_stop(struct ieee80211_local *local)
 914{
 915        del_timer_sync(&local->sta_cleanup);
 916}
 917
 918
 919int sta_info_flush_defer(struct ieee80211_sub_if_data *sdata)
 920{
 921        struct ieee80211_local *local = sdata->local;
 922        struct sta_info *sta, *tmp;
 923        int ret = 0;
 924
 925        might_sleep();
 926
 927        mutex_lock(&local->sta_mtx);
 928        list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
 929                if (sdata == sta->sdata) {
 930                        WARN_ON(__sta_info_destroy(sta));
 931                        ret++;
 932                }
 933        }
 934        mutex_unlock(&local->sta_mtx);
 935
 936        return ret;
 937}
 938
 939void sta_info_flush_cleanup(struct ieee80211_sub_if_data *sdata)
 940{
 941        ieee80211_cleanup_sdata_stas(sdata);
 942        cancel_work_sync(&sdata->cleanup_stations_wk);
 943}
 944
 945void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
 946                          unsigned long exp_time)
 947{
 948        struct ieee80211_local *local = sdata->local;
 949        struct sta_info *sta, *tmp;
 950
 951        mutex_lock(&local->sta_mtx);
 952
 953        list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
 954                if (sdata != sta->sdata)
 955                        continue;
 956
 957                if (time_after(jiffies, sta->last_rx + exp_time)) {
 958                        sta_dbg(sta->sdata, "expiring inactive STA %pM\n",
 959                                sta->sta.addr);
 960
 961                        if (ieee80211_vif_is_mesh(&sdata->vif) &&
 962                            test_sta_flag(sta, WLAN_STA_PS_STA))
 963                                atomic_dec(&sdata->u.mesh.ps.num_sta_ps);
 964
 965                        WARN_ON(__sta_info_destroy(sta));
 966                }
 967        }
 968
 969        mutex_unlock(&local->sta_mtx);
 970}
 971
 972struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
 973                                               const u8 *addr,
 974                                               const u8 *localaddr)
 975{
 976        struct sta_info *sta, *nxt;
 977
 978        /*
 979         * Just return a random station if localaddr is NULL
 980         * ... first in list.
 981         */
 982        for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
 983                if (localaddr &&
 984                    !ether_addr_equal(sta->sdata->vif.addr, localaddr))
 985                        continue;
 986                if (!sta->uploaded)
 987                        return NULL;
 988                return &sta->sta;
 989        }
 990
 991        return NULL;
 992}
 993EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
 994
 995struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
 996                                         const u8 *addr)
 997{
 998        struct sta_info *sta;
 999
1000        if (!vif)

1001                return NULL;
1002
1003        sta = sta_info_get_bss(vif_to_sdata(vif), addr);
1004        if (!sta)
1005                return NULL;
1006
1007        if (!sta->uploaded)
1008                return NULL;
1009
1010        return &sta->sta;
1011}
1012EXPORT_SYMBOL(ieee80211_find_sta);
1013
1014static void clear_sta_ps_flags(void *_sta)
1015{
1016        struct sta_info *sta = _sta;
1017        struct ieee80211_sub_if_data *sdata = sta->sdata;
1018        struct ps_data *ps;
1019
1020        if (sdata->vif.type == NL80211_IFTYPE_AP ||
1021            sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1022                ps = &sdata->bss->ps;
1023        else if (ieee80211_vif_is_mesh(&sdata->vif))
1024                ps = &sdata->u.mesh.ps;
1025        else
1026                return;
1027
1028        clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
1029        if (test_and_clear_sta_flag(sta, WLAN_STA_PS_STA))
1030                atomic_dec(&ps->num_sta_ps);
1031}
1032
1033/* powersave support code */
1034void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1035{
1036        struct ieee80211_sub_if_data *sdata = sta->sdata;
1037        struct ieee80211_local *local = sdata->local;
1038        struct sk_buff_head pending;
1039        int filtered = 0, buffered = 0, ac;
1040        unsigned long flags;
1041
1042        clear_sta_flag(sta, WLAN_STA_SP);
1043
1044        BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1);
1045        sta->driver_buffered_tids = 0;
1046
1047        if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1048                drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1049
1050        skb_queue_head_init(&pending);
1051
1052        /* Send all buffered frames to the station */
1053        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1054                int count = skb_queue_len(&pending), tmp;
1055
1056                spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
1057                skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
1058                spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
1059                tmp = skb_queue_len(&pending);
1060                filtered += tmp - count;
1061                count = tmp;
1062
1063                spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
1064                skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
1065                spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
1066                tmp = skb_queue_len(&pending);
1067                buffered += tmp - count;
1068        }
1069
1070        ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta);
1071
1072        local->total_ps_buffered -= buffered;
1073
1074        sta_info_recalc_tim(sta);
1075
1076        ps_dbg(sdata,
1077               "STA %pM aid %d sending %d filtered/%d PS frames since STA not sleeping anymore\n",
1078               sta->sta.addr, sta->sta.aid, filtered, buffered);
1079}
1080
1081static void ieee80211_send_null_response(struct ieee80211_sub_if_data *sdata,
1082                                         struct sta_info *sta, int tid,
1083                                         enum ieee80211_frame_release_type reason)
1084{
1085        struct ieee80211_local *local = sdata->local;
1086        struct ieee80211_qos_hdr *nullfunc;
1087        struct sk_buff *skb;
1088        int size = sizeof(*nullfunc);
1089        __le16 fc;
1090        bool qos = test_sta_flag(sta, WLAN_STA_WME);
1091        struct ieee80211_tx_info *info;
1092        struct ieee80211_chanctx_conf *chanctx_conf;
1093
1094        if (qos) {
1095                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1096                                 IEEE80211_STYPE_QOS_NULLFUNC |
1097                                 IEEE80211_FCTL_FROMDS);
1098        } else {
1099                size -= 2;
1100                fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1101                                 IEEE80211_STYPE_NULLFUNC |
1102                                 IEEE80211_FCTL_FROMDS);
1103        }
1104
1105        skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
1106        if (!skb)
1107                return;
1108
1109        skb_reserve(skb, local->hw.extra_tx_headroom);
1110
1111        nullfunc = (void *) skb_put(skb, size);
1112        nullfunc->frame_control = fc;
1113        nullfunc->duration_id = 0;
1114        memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
1115        memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1116        memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
1117
1118        skb->priority = tid;
1119        skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]);
1120        if (qos) {
1121                nullfunc->qos_ctrl = cpu_to_le16(tid);
1122
1123                if (reason == IEEE80211_FRAME_RELEASE_UAPSD)
1124                        nullfunc->qos_ctrl |=
1125                                cpu_to_le16(IEEE80211_QOS_CTL_EOSP);
1126        }
1127
1128        info = IEEE80211_SKB_CB(skb);
1129
1130        /*
1131         * Tell TX path to send this frame even though the
1132         * STA may still remain is PS mode after this frame
1133         * exchange. Also set EOSP to indicate this packet
1134         * ends the poll/service period.
1135         */
1136        info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
1137                       IEEE80211_TX_CTL_PS_RESPONSE |
1138                       IEEE80211_TX_STATUS_EOSP |
1139                       IEEE80211_TX_CTL_REQ_TX_STATUS;
1140
1141        drv_allow_buffered_frames(local, sta, BIT(tid), 1, reason, false);
1142
1143        skb->dev = sdata->dev;
1144
1145        rcu_read_lock();
1146        chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
1147        if (WARN_ON(!chanctx_conf)) {
1148                rcu_read_unlock();
1149                kfree_skb(skb);
1150                return;
1151        }
1152
1153        ieee80211_xmit(sdata, skb, chanctx_conf->def.chan->band);
1154        rcu_read_unlock();
1155}
1156
1157static void
1158ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1159                                  int n_frames, u8 ignored_acs,
1160                                  enum ieee80211_frame_release_type reason)
1161{
1162        struct ieee80211_sub_if_data *sdata = sta->sdata;
1163        struct ieee80211_local *local = sdata->local;
1164        bool found = false;
1165        bool more_data = false;
1166        int ac;
1167        unsigned long driver_release_tids = 0;
1168        struct sk_buff_head frames;
1169
1170        /* Service or PS-Poll period starts */
1171        set_sta_flag(sta, WLAN_STA_SP);
1172
1173        __skb_queue_head_init(&frames);
1174
1175        /*
1176         * Get response frame(s) and more data bit for it.
1177         */
1178        for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1179                unsigned long tids;
1180
1181                if (ignored_acs & BIT(ac))
1182                        continue;
1183
1184                tids = ieee80211_tids_for_ac(ac);
1185
1186                if (!found) {
1187                        driver_release_tids = sta->driver_buffered_tids & tids;
1188                        if (driver_release_tids) {
1189                                found = true;
1190                        } else {
1191                                struct sk_buff *skb;
1192
1193                                while (n_frames > 0) {
1194                                        skb = skb_dequeue(&sta->tx_filtered[ac]);
1195                                        if (!skb) {
1196                                                skb = skb_dequeue(
1197                                                        &sta->ps_tx_buf[ac]);
1198                                                if (skb)
1199                                                        local->total_ps_buffered--;
1200                                        }
1201                                        if (!skb)
1202                                                break;
1203                                        n_frames--;
1204                                        found = true;
1205                                        __skb_queue_tail(&frames, skb);
1206                                }
1207                        }
1208
1209                        /*
1210                         * If the driver has data on more than one TID then
1211                         * certainly there's more data if we release just a
1212                         * single frame now (from a single TID).
1213                         */
1214                        if (reason == IEEE80211_FRAME_RELEASE_PSPOLL &&
1215                            hweight16(driver_release_tids) > 1) {
1216                                more_data = true;
1217                                driver_release_tids =
1218                                        BIT(ffs(driver_release_tids) - 1);
1219                                break;
1220                        }
1221                }
1222
1223                if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1224                    !skb_queue_empty(&sta->ps_tx_buf[ac])) {
1225                        more_data = true;
1226                        break;
1227                }
1228        }
1229
1230        if (!found) {
1231                int tid;
1232
1233                /*
1234                 * For PS-Poll, this can only happen due to a race condition
1235                 * when we set the TIM bit and the station notices it, but
1236                 * before it can poll for the frame we expire it.
1237                 *
1238                 * For uAPSD, this is said in the standard (11.2.1.5 h):
1239                 *      At each unscheduled SP for a non-AP STA, the AP shall
1240                 *      attempt to transmit at least one MSDU or MMPDU, but no
1241                 *      more than the value specified in the Max SP Length field
1242                 *      in the QoS Capability element from delivery-enabled ACs,
1243                 *      that are destined for the non-AP STA.
1244                 *
1245                 * Since we have no other MSDU/MMPDU, transmit a QoS null frame.
1246                 */
1247
1248                /* This will evaluate to 1, 3, 5 or 7. */
1249                tid = 7 - ((ffs(~ignored_acs) - 1) << 1);
1250
1251                ieee80211_send_null_response(sdata, sta, tid, reason);
1252                return;
1253        }
1254
1255        if (!driver_release_tids) {
1256                struct sk_buff_head pending;
1257                struct sk_buff *skb;
1258                int num = 0;
1259                u16 tids = 0;
1260
1261                skb_queue_head_init(&pending);
1262
1263                while ((skb = __skb_dequeue(&frames))) {
1264                        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1265                        struct ieee80211_hdr *hdr = (void *) skb->data;
1266                        u8 *qoshdr = NULL;
1267
1268                        num++;
1269
1270                        /*
1271                         * Tell TX path to send this frame even though the
1272                         * STA may still remain is PS mode after this frame
1273                         * exchange.
1274                         */
1275                        info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
1276                                       IEEE80211_TX_CTL_PS_RESPONSE;
1277
1278                        /*
1279                         * Use MoreData flag to indicate whether there are
1280                         * more buffered frames for this STA
1281                         */
1282                        if (more_data || !skb_queue_empty(&frames))
1283                                hdr->frame_control |=
1284                                        cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1285                        else
1286                                hdr->frame_control &=
1287                                        cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1288
1289                        if (ieee80211_is_data_qos(hdr->frame_control) ||
1290                            ieee80211_is_qos_nullfunc(hdr->frame_control))
1291                                qoshdr = ieee80211_get_qos_ctl(hdr);
1292
1293                        /* end service period after last frame */
1294                        if (skb_queue_empty(&frames)) {
1295                                if (reason == IEEE80211_FRAME_RELEASE_UAPSD &&
1296                                    qoshdr)
1297                                        *qoshdr |= IEEE80211_QOS_CTL_EOSP;
1298
1299                                info->flags |= IEEE80211_TX_STATUS_EOSP |
1300                                               IEEE80211_TX_CTL_REQ_TX_STATUS;
1301                        }
1302
1303                        if (qoshdr)
1304                                tids |= BIT(*qoshdr & IEEE80211_QOS_CTL_TID_MASK);
1305                        else
1306                                tids |= BIT(0);
1307
1308                        __skb_queue_tail(&pending, skb);
1309                }
1310
1311                drv_allow_buffered_frames(local, sta, tids, num,
1312                                          reason, more_data);
1313
1314                ieee80211_add_pending_skbs(local, &pending);
1315
1316                sta_info_recalc_tim(sta);
1317        } else {
1318                /*
1319                 * We need to release a frame that is buffered somewhere in the
1320                 * driver ... it'll have to handle that.
1321                 * Note that, as per the comment above, it'll also have to see
1322                 * if there is more than just one frame on the specific TID that
1323                 * we're releasing from, and it needs to set the more-data bit
1324                 * accordingly if we tell it that there's no more data. If we do
1325                 * tell it there's more data, then of course the more-data bit
1326                 * needs to be set anyway.
1327                 */
1328                drv_release_buffered_frames(local, sta, driver_release_tids,
1329                                            n_frames, reason, more_data);
1330
1331                /*
1332                 * Note that we don't recalculate the TIM bit here as it would
1333                 * most likely have no effect at all unless the driver told us
1334                 * that the TID became empty before returning here from the
1335                 * release function.
1336                 * Either way, however, when the driver tells us that the TID
1337                 * became empty we'll do the TIM recalculation.
1338                 */
1339        }
1340}
1341
1342void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
1343{
1344        u8 ignore_for_response = sta->sta.uapsd_queues;
1345
1346        /*
1347         * If all ACs are delivery-enabled then we should reply
1348         * from any of them, if only some are enabled we reply
1349         * only from the non-enabled ones.
1350         */
1351        if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1)
1352                ignore_for_response = 0;
1353
1354        ieee80211_sta_ps_deliver_response(sta, 1, ignore_for_response,
1355                                          IEEE80211_FRAME_RELEASE_PSPOLL);
1356}
1357
1358void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta)
1359{
1360        int n_frames = sta->sta.max_sp;
1361        u8 delivery_enabled = sta->sta.uapsd_queues;
1362
1363        /*
1364         * If we ever grow support for TSPEC this might happen if
1365         * the TSPEC update from hostapd comes in between a trigger
1366         * frame setting WLAN_STA_UAPSD in the RX path and this
1367         * actually getting called.
1368         */
1369        if (!delivery_enabled)
1370                return;
1371
1372        switch (sta->sta.max_sp) {
1373        case 1:
1374                n_frames = 2;
1375                break;
1376        case 2:
1377                n_frames = 4;
1378                break;
1379        case 3:
1380                n_frames = 6;
1381                break;
1382        case 0:
1383                /* XXX: what is a good value? */
1384                n_frames = 8;
1385                break;
1386        }
1387
1388        ieee80211_sta_ps_deliver_response(sta, n_frames, ~delivery_enabled,
1389                                          IEEE80211_FRAME_RELEASE_UAPSD);
1390}
1391
1392void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
1393                               struct ieee80211_sta *pubsta, bool block)
1394{
1395        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1396
1397        trace_api_sta_block_awake(sta->local, pubsta, block);
1398
1399        if (block)
1400                set_sta_flag(sta, WLAN_STA_PS_DRIVER);
1401        else if (test_sta_flag(sta, WLAN_STA_PS_DRIVER))
1402                ieee80211_queue_work(hw, &sta->drv_unblock_wk);
1403}
1404EXPORT_SYMBOL(ieee80211_sta_block_awake);
1405
1406void ieee80211_sta_eosp(struct ieee80211_sta *pubsta)
1407{
1408        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1409        struct ieee80211_local *local = sta->local;
1410
1411        trace_api_eosp(local, pubsta);
1412
1413        clear_sta_flag(sta, WLAN_STA_SP);
1414}
1415EXPORT_SYMBOL(ieee80211_sta_eosp);
1416
1417void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
1418                                u8 tid, bool buffered)
1419{
1420        struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1421
1422        if (WARN_ON(tid >= IEEE80211_NUM_TIDS))
1423                return;
1424
1425        if (buffered)
1426                set_bit(tid, &sta->driver_buffered_tids);
1427        else
1428                clear_bit(tid, &sta->driver_buffered_tids);
1429
1430        sta_info_recalc_tim(sta);
1431}
1432EXPORT_SYMBOL(ieee80211_sta_set_buffered);
1433
1434int sta_info_move_state(struct sta_info *sta,
1435                        enum ieee80211_sta_state new_state)
1436{
1437        might_sleep();
1438
1439        if (sta->sta_state == new_state)
1440                return 0;
1441
1442        /* check allowed transitions first */
1443
1444        switch (new_state) {
1445        case IEEE80211_STA_NONE:
1446                if (sta->sta_state != IEEE80211_STA_AUTH)
1447                        return -EINVAL;
1448                break;
1449        case IEEE80211_STA_AUTH:
1450                if (sta->sta_state != IEEE80211_STA_NONE &&
1451                    sta->sta_state != IEEE80211_STA_ASSOC)
1452                        return -EINVAL;
1453                break;
1454        case IEEE80211_STA_ASSOC:
1455                if (sta->sta_state != IEEE80211_STA_AUTH &&
1456                    sta->sta_state != IEEE80211_STA_AUTHORIZED)
1457                        return -EINVAL;
1458                break;
1459        case IEEE80211_STA_AUTHORIZED:
1460                if (sta->sta_state != IEEE80211_STA_ASSOC)
1461                        return -EINVAL;
1462                break;
1463        default:
1464                WARN(1, "invalid state %d", new_state);
1465                return -EINVAL;
1466        }
1467
1468        sta_dbg(sta->sdata, "moving STA %pM to state %d\n",
1469                sta->sta.addr, new_state);
1470
1471        /*
1472         * notify the driver before the actual changes so it can
1473         * fail the transition
1474         */
1475        if (test_sta_flag(sta, WLAN_STA_INSERTED)) {
1476                int err = drv_sta_state(sta->local, sta->sdata, sta,
1477                                        sta->sta_state, new_state);
1478                if (err)
1479                        return err;
1480        }
1481
1482        /* reflect the change in all state variables */
1483
1484        switch (new_state) {
1485        case IEEE80211_STA_NONE:
1486                if (sta->sta_state == IEEE80211_STA_AUTH)
1487                        clear_bit(WLAN_STA_AUTH, &sta->_flags);
1488                break;
1489        case IEEE80211_STA_AUTH:
1490                if (sta->sta_state == IEEE80211_STA_NONE)
1491                        set_bit(WLAN_STA_AUTH, &sta->_flags);
1492                else if (sta->sta_state == IEEE80211_STA_ASSOC)
1493                        clear_bit(WLAN_STA_ASSOC, &sta->_flags);
1494                break;
1495        case IEEE80211_STA_ASSOC:
1496                if (sta->sta_state == IEEE80211_STA_AUTH) {
1497                        set_bit(WLAN_STA_ASSOC, &sta->_flags);
1498                } else if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
1499                        if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
1500                            (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1501                             !sta->sdata->u.vlan.sta))
1502                                atomic_dec(&sta->sdata->bss->num_mcast_sta);
1503                        clear_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1504                }
1505                break;
1506        case IEEE80211_STA_AUTHORIZED:
1507                if (sta->sta_state == IEEE80211_STA_ASSOC) {
1508                        if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
1509                            (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1510                             !sta->sdata->u.vlan.sta))
1511                                atomic_inc(&sta->sdata->bss->num_mcast_sta);
1512                        set_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
1513                }
1514                break;
1515        default:
1516                break;
1517        }
1518
1519        sta->sta_state = new_state;
1520
1521        return 0;
1522}
1523