LXR linux/net/mac80211/offchannel.c

   1/*
   2 * Off-channel operation helpers
   3 *
   4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 * Copyright 2009       Johannes Berg <johannes@sipsolutions.net>
  10 *
  11 * This program is free software; you can redistribute it and/or modify
  12 * it under the terms of the GNU General Public License version 2 as
  13 * published by the Free Software Foundation.
  14 */
  15#include <linux/export.h>
  16#include <net/mac80211.h>
  17#include "ieee80211_i.h"
  18#include "driver-ops.h"
  19
  20/*
  21 * Tell our hardware to disable PS.
  22 * Optionally inform AP that we will go to sleep so that it will buffer
  23 * the frames while we are doing off-channel work.  This is optional
  24 * because we *may* be doing work on-operating channel, and want our
  25 * hardware unconditionally awake, but still let the AP send us normal frames.
  26 */
  27static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
  28{
  29        struct ieee80211_local *local = sdata->local;
  30        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
  31
  32        local->offchannel_ps_enabled = false;
  33
  34        /* FIXME: what to do when local->pspolling is true? */
  35
  36        del_timer_sync(&local->dynamic_ps_timer);
  37        del_timer_sync(&ifmgd->bcn_mon_timer);
  38        del_timer_sync(&ifmgd->conn_mon_timer);
  39
  40        cancel_work_sync(&local->dynamic_ps_enable_work);
  41
  42        if (local->hw.conf.flags & IEEE80211_CONF_PS) {
  43                local->offchannel_ps_enabled = true;
  44                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
  45                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
  46        }
  47
  48        if (!local->offchannel_ps_enabled ||
  49            !ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
  50                /*
  51                 * If power save was enabled, no need to send a nullfunc
  52                 * frame because AP knows that we are sleeping. But if the
  53                 * hardware is creating the nullfunc frame for power save
  54                 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
  55                 * enabled) and power save was enabled, the firmware just
  56                 * sent a null frame with power save disabled. So we need
  57                 * to send a new nullfunc frame to inform the AP that we
  58                 * are again sleeping.
  59                 */
  60                ieee80211_send_nullfunc(local, sdata, true);
  61}
  62
  63/* inform AP that we are awake again, unless power save is enabled */
  64static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
  65{
  66        struct ieee80211_local *local = sdata->local;
  67
  68        if (!local->ps_sdata)
  69                ieee80211_send_nullfunc(local, sdata, false);
  70        else if (local->offchannel_ps_enabled) {
  71                /*
  72                 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware
  73                 * will send a nullfunc frame with the powersave bit set
  74                 * even though the AP already knows that we are sleeping.
  75                 * This could be avoided by sending a null frame with power
  76                 * save bit disabled before enabling the power save, but
  77                 * this doesn't gain anything.
  78                 *
  79                 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need
  80                 * to send a nullfunc frame because AP already knows that
  81                 * we are sleeping, let's just enable power save mode in
  82                 * hardware.
  83                 */
  84                /* TODO:  Only set hardware if CONF_PS changed?
  85                 * TODO:  Should we set offchannel_ps_enabled to false?
  86                 */
  87                local->hw.conf.flags |= IEEE80211_CONF_PS;
  88                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
  89        } else if (local->hw.conf.dynamic_ps_timeout > 0) {
  90                /*
  91                 * If IEEE80211_CONF_PS was not set and the dynamic_ps_timer
  92                 * had been running before leaving the operating channel,
  93                 * restart the timer now and send a nullfunc frame to inform
  94                 * the AP that we are awake.
  95                 */
  96                ieee80211_send_nullfunc(local, sdata, false);
  97                mod_timer(&local->dynamic_ps_timer, jiffies +
  98                          msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
  99        }
 100
 101        ieee80211_sta_reset_beacon_monitor(sdata);
 102        ieee80211_sta_reset_conn_monitor(sdata);
 103}
 104
 105void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local)
 106{
 107        struct ieee80211_sub_if_data *sdata;
 108
 109        if (WARN_ON(local->use_chanctx))
 110                return;
 111
 112        /*
 113         * notify the AP about us leaving the channel and stop all
 114         * STA interfaces.
 115         */
 116
 117        /*
 118         * Stop queues and transmit all frames queued by the driver
 119         * before sending nullfunc to enable powersave at the AP.
 120         */
 121        ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
 122                                        IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
 123                                        false);
 124        ieee80211_flush_queues(local, NULL, false);
 125
 126        mutex_lock(&local->iflist_mtx);
 127        list_for_each_entry(sdata, &local->interfaces, list) {
 128                if (!ieee80211_sdata_running(sdata))
 129                        continue;
 130
 131                if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE ||
 132                    sdata->vif.type == NL80211_IFTYPE_NAN)
 133                        continue;
 134
 135                if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
 136                        set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
 137
 138                /* Check to see if we should disable beaconing. */
 139                if (sdata->vif.bss_conf.enable_beacon) {
 140                        set_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
 141                                &sdata->state);
 142                        sdata->vif.bss_conf.enable_beacon = false;
 143                        ieee80211_bss_info_change_notify(
 144                                sdata, BSS_CHANGED_BEACON_ENABLED);
 145                }
 146
 147                if (sdata->vif.type == NL80211_IFTYPE_STATION &&
 148                    sdata->u.mgd.associated)
 149                        ieee80211_offchannel_ps_enable(sdata);
 150        }
 151        mutex_unlock(&local->iflist_mtx);
 152}
 153
 154void ieee80211_offchannel_return(struct ieee80211_local *local)
 155{
 156        struct ieee80211_sub_if_data *sdata;
 157
 158        if (WARN_ON(local->use_chanctx))
 159                return;
 160
 161        mutex_lock(&local->iflist_mtx);
 162        list_for_each_entry(sdata, &local->interfaces, list) {
 163                if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
 164                        continue;
 165
 166                if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
 167                        clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
 168
 169                if (!ieee80211_sdata_running(sdata))
 170                        continue;
 171
 172                /* Tell AP we're back */
 173                if (sdata->vif.type == NL80211_IFTYPE_STATION &&
 174                    sdata->u.mgd.associated)
 175                        ieee80211_offchannel_ps_disable(sdata);
 176
 177                if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
 178                                       &sdata->state)) {
 179                        sdata->vif.bss_conf.enable_beacon = true;
 180                        ieee80211_bss_info_change_notify(
 181                                sdata, BSS_CHANGED_BEACON_ENABLED);
 182                }
 183        }
 184        mutex_unlock(&local->iflist_mtx);
 185
 186        ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
 187                                        IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
 188                                        false);
 189}
 190
 191static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
 192{
 193        /* was never transmitted */
 194        if (roc->frame) {
 195                cfg80211_mgmt_tx_status(&roc->sdata->wdev, roc->mgmt_tx_cookie,
 196                                        roc->frame->data, roc->frame->len,
 197                                        false, GFP_KERNEL);
 198                ieee80211_free_txskb(&roc->sdata->local->hw, roc->frame);
 199        }
 200
 201        if (!roc->mgmt_tx_cookie)
 202                cfg80211_remain_on_channel_expired(&roc->sdata->wdev,
 203                                                   roc->cookie, roc->chan,
 204                                                   GFP_KERNEL);
 205
 206        list_del(&roc->list);
 207        kfree(roc);
 208}
 209
 210static unsigned long ieee80211_end_finished_rocs(struct ieee80211_local *local,
 211                                                 unsigned long now)
 212{
 213        struct ieee80211_roc_work *roc, *tmp;
 214        long remaining_dur_min = LONG_MAX;
 215
 216        lockdep_assert_held(&local->mtx);
 217
 218        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 219                long remaining;
 220
 221                if (!roc->started)
 222                        break;
 223
 224                remaining = roc->start_time +
 225                            msecs_to_jiffies(roc->duration) -
 226                            now;
 227
 228                /* In case of HW ROC, it is possible that the HW finished the
 229                 * ROC session before the actual requested time. In such a case
 230                 * end the ROC session (disregarding the remaining time).
 231                 */
 232                if (roc->abort || roc->hw_begun || remaining <= 0)
 233                        ieee80211_roc_notify_destroy(roc);
 234                else
 235                        remaining_dur_min = min(remaining_dur_min, remaining);
 236        }
 237
 238        return remaining_dur_min;
 239}
 240
 241static bool ieee80211_recalc_sw_work(struct ieee80211_local *local,
 242                                     unsigned long now)
 243{
 244        long dur = ieee80211_end_finished_rocs(local, now);
 245
 246        if (dur == LONG_MAX)
 247                return false;
 248
 249        mod_delayed_work(local->workqueue, &local->roc_work, dur);
 250        return true;
 251}
 252
 253static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
 254                                         unsigned long start_time)
 255{
 256        if (WARN_ON(roc->notified))
 257                return;
 258
 259        roc->start_time = start_time;
 260        roc->started = true;
 261
 262        if (roc->mgmt_tx_cookie) {
 263                if (!WARN_ON(!roc->frame)) {
 264                        ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7,
 265                                                  roc->chan->band);
 266                        roc->frame = NULL;
 267                }
 268        } else {
 269                cfg80211_ready_on_channel(&roc->sdata->wdev, roc->cookie,
 270                                          roc->chan, roc->req_duration,
 271                                          GFP_KERNEL);
 272        }
 273
 274        roc->notified = true;
 275}
 276
 277static void ieee80211_hw_roc_start(struct work_struct *work)
 278{
 279        struct ieee80211_local *local =
 280                container_of(work, struct ieee80211_local, hw_roc_start);
 281        struct ieee80211_roc_work *roc;
 282
 283        mutex_lock(&local->mtx);
 284
 285        list_for_each_entry(roc, &local->roc_list, list) {
 286                if (!roc->started)
 287                        break;
 288
 289                roc->hw_begun = true;
 290                ieee80211_handle_roc_started(roc, local->hw_roc_start_time);
 291        }
 292
 293        mutex_unlock(&local->mtx);
 294}
 295
 296void ieee80211_ready_on_channel(struct ieee80211_hw *hw)
 297{
 298        struct ieee80211_local *local = hw_to_local(hw);
 299
 300        local->hw_roc_start_time = jiffies;
 301
 302        trace_api_ready_on_channel(local);
 303
 304        ieee80211_queue_work(hw, &local->hw_roc_start);
 305}
 306EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel);
 307
 308static void _ieee80211_start_next_roc(struct ieee80211_local *local)
 309{
 310        struct ieee80211_roc_work *roc, *tmp;
 311        enum ieee80211_roc_type type;
 312        u32 min_dur, max_dur;
 313
 314        lockdep_assert_held(&local->mtx);
 315
 316        if (WARN_ON(list_empty(&local->roc_list)))
 317                return;
 318
 319        roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
 320                               list);
 321
 322        if (WARN_ON(roc->started))
 323                return;
 324
 325        min_dur = roc->duration;
 326        max_dur = roc->duration;
 327        type = roc->type;
 328
 329        list_for_each_entry(tmp, &local->roc_list, list) {
 330                if (tmp == roc)
 331                        continue;
 332                if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 333                        break;
 334                max_dur = max(tmp->duration, max_dur);
 335                min_dur = min(tmp->duration, min_dur);
 336                type = max(tmp->type, type);
 337        }
 338
 339        if (local->ops->remain_on_channel) {
 340                int ret = drv_remain_on_channel(local, roc->sdata, roc->chan,
 341                                                max_dur, type);
 342
 343                if (ret) {
 344                        wiphy_warn(local->hw.wiphy,
 345                                   "failed to start next HW ROC (%d)\n", ret);
 346                        /*
 347                         * queue the work struct again to avoid recursion
 348                         * when multiple failures occur
 349                         */
 350                        list_for_each_entry(tmp, &local->roc_list, list) {
 351                                if (tmp->sdata != roc->sdata ||
 352                                    tmp->chan != roc->chan)
 353                                        break;
 354                                tmp->started = true;
 355                                tmp->abort = true;
 356                        }
 357                        ieee80211_queue_work(&local->hw, &local->hw_roc_done);
 358                        return;
 359                }
 360
 361                /* we'll notify about the start once the HW calls back */
 362                list_for_each_entry(tmp, &local->roc_list, list) {
 363                        if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 364                                break;
 365                        tmp->started = true;
 366                }
 367        } else {
 368                /* If actually operating on the desired channel (with at least
 369                 * 20 MHz channel width) don't stop all the operations but still
 370                 * treat it as though the ROC operation started properly, so
 371                 * other ROC operations won't interfere with this one.
 372                 */
 373                roc->on_channel = roc->chan == local->_oper_chandef.chan &&
 374                                  local->_oper_chandef.width != NL80211_CHAN_WIDTH_5 &&
 375                                  local->_oper_chandef.width != NL80211_CHAN_WIDTH_10;
 376
 377                /* start this ROC */
 378                ieee80211_recalc_idle(local);
 379
 380                if (!roc->on_channel) {
 381                        ieee80211_offchannel_stop_vifs(local);
 382
 383                        local->tmp_channel = roc->chan;
 384                        ieee80211_hw_config(local, 0);
 385                }
 386
 387                ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
 388                                             msecs_to_jiffies(min_dur));
 389
 390                /* tell userspace or send frame(s) */
 391                list_for_each_entry(tmp, &local->roc_list, list) {
 392                        if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 393                                break;
 394
 395                        tmp->on_channel = roc->on_channel;
 396                        ieee80211_handle_roc_started(tmp, jiffies);
 397                }
 398        }
 399}
 400
 401void ieee80211_start_next_roc(struct ieee80211_local *local)
 402{
 403        struct ieee80211_roc_work *roc;
 404
 405        lockdep_assert_held(&local->mtx);
 406
 407        if (list_empty(&local->roc_list)) {
 408                ieee80211_run_deferred_scan(local);
 409                return;
 410        }
 411
 412        /* defer roc if driver is not started (i.e. during reconfig) */
 413        if (local->in_reconfig)
 414                return;
 415
 416        roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
 417                               list);
 418
 419        if (WARN_ON_ONCE(roc->started))
 420                return;
 421
 422        if (local->ops->remain_on_channel) {
 423                _ieee80211_start_next_roc(local);
 424        } else {
 425                /* delay it a bit */
 426                ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
 427                                             round_jiffies_relative(HZ/2));
 428        }
 429}
 430
 431static void __ieee80211_roc_work(struct ieee80211_local *local)
 432{
 433        struct ieee80211_roc_work *roc;
 434        bool on_channel;
 435
 436        lockdep_assert_held(&local->mtx);
 437
 438        if (WARN_ON(local->ops->remain_on_channel))
 439                return;
 440
 441        roc = list_first_entry_or_null(&local->roc_list,
 442                                       struct ieee80211_roc_work, list);
 443        if (!roc)
 444                return;
 445
 446        if (!roc->started) {
 447                WARN_ON(local->use_chanctx);
 448                _ieee80211_start_next_roc(local);
 449        } else {
 450                on_channel = roc->on_channel;
 451                if (ieee80211_recalc_sw_work(local, jiffies))
 452                        return;
 453
 454                /* careful - roc pointer became invalid during recalc */
 455
 456                if (!on_channel) {
 457                        ieee80211_flush_queues(local, NULL, false);
 458
 459                        local->tmp_channel = NULL;
 460                        ieee80211_hw_config(local, 0);
 461
 462                        ieee80211_offchannel_return(local);
 463                }
 464
 465                ieee80211_recalc_idle(local);
 466                ieee80211_start_next_roc(local);
 467        }
 468}
 469
 470static void ieee80211_roc_work(struct work_struct *work)
 471{
 472        struct ieee80211_local *local =
 473                container_of(work, struct ieee80211_local, roc_work.work);
 474
 475        mutex_lock(&local->mtx);
 476        __ieee80211_roc_work(local);
 477        mutex_unlock(&local->mtx);
 478}
 479
 480static void ieee80211_hw_roc_done(struct work_struct *work)
 481{
 482        struct ieee80211_local *local =
 483                container_of(work, struct ieee80211_local, hw_roc_done);
 484
 485        mutex_lock(&local->mtx);
 486
 487        ieee80211_end_finished_rocs(local, jiffies);
 488
 489        /* if there's another roc, start it now */
 490        ieee80211_start_next_roc(local);
 491
 492        mutex_unlock(&local->mtx);
 493}
 494
 495void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw)
 496{
 497        struct ieee80211_local *local = hw_to_local(hw);
 498
 499        trace_api_remain_on_channel_expired(local);
 500
 501        ieee80211_queue_work(hw, &local->hw_roc_done);
 502}
 503EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired);
 504
 505static bool
 506ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local,
 507                                  struct ieee80211_roc_work *new_roc,
 508                                  struct ieee80211_roc_work *cur_roc)
 509{
 510        unsigned long now = jiffies;
 511        unsigned long remaining;
 512
 513        if (WARN_ON(!cur_roc->started))
 514                return false;
 515
 516        /* if it was scheduled in the hardware, but not started yet,
 517         * we can only combine if the older one had a longer duration
 518         */
 519        if (!cur_roc->hw_begun && new_roc->duration > cur_roc->duration)
 520                return false;
 521
 522        remaining = cur_roc->start_time +
 523                    msecs_to_jiffies(cur_roc->duration) -
 524                    now;
 525
 526        /* if it doesn't fit entirely, schedule a new one */
 527        if (new_roc->duration > jiffies_to_msecs(remaining))
 528                return false;
 529
 530        /* add just after the current one so we combine their finish later */
 531        list_add(&new_roc->list, &cur_roc->list);
 532
 533        /* if the existing one has already begun then let this one also
 534         * begin, otherwise they'll both be marked properly by the work
 535         * struct that runs once the driver notifies us of the beginning
 536         */
 537        if (cur_roc->hw_begun) {
 538                new_roc->hw_begun = true;
 539                ieee80211_handle_roc_started(new_roc, now);
 540        }
 541
 542        return true;
 543}
 544
 545static int ieee80211_start_roc_work(struct ieee80211_local *local,
 546                                    struct ieee80211_sub_if_data *sdata,
 547                                    struct ieee80211_channel *channel,
 548                                    unsigned int duration, u64 *cookie,
 549                                    struct sk_buff *txskb,
 550                                    enum ieee80211_roc_type type)
 551{
 552        struct ieee80211_roc_work *roc, *tmp;
 553        bool queued = false, combine_started = true;
 554        int ret;
 555
 556        lockdep_assert_held(&local->mtx);
 557
 558        if (local->use_chanctx && !local->ops->remain_on_channel)
 559                return -EOPNOTSUPP;
 560
 561        roc = kzalloc(sizeof(*roc), GFP_KERNEL);
 562        if (!roc)
 563                return -ENOMEM;
 564
 565        /*
 566         * If the duration is zero, then the driver
 567         * wouldn't actually do anything. Set it to
 568         * 10 for now.
 569         *
 570         * TODO: cancel the off-channel operation
 571         *       when we get the SKB's TX status and
 572         *       the wait time was zero before.
 573         */
 574        if (!duration)
 575                duration = 10;
 576
 577        roc->chan = channel;
 578        roc->duration = duration;
 579        roc->req_duration = duration;
 580        roc->frame = txskb;
 581        roc->type = type;
 582        roc->sdata = sdata;
 583
 584        /*
 585         * cookie is either the roc cookie (for normal roc)
 586         * or the SKB (for mgmt TX)
 587         */
 588        if (!txskb) {
 589                roc->cookie = ieee80211_mgmt_tx_cookie(local);
 590                *cookie = roc->cookie;
 591        } else {
 592                roc->mgmt_tx_cookie = *cookie;
 593        }
 594
 595        /* if there's no need to queue, handle it immediately */
 596        if (list_empty(&local->roc_list) &&
 597            !local->scanning && !ieee80211_is_radar_required(local)) {
 598                /* if not HW assist, just queue & schedule work */
 599                if (!local->ops->remain_on_channel) {
 600                        list_add_tail(&roc->list, &local->roc_list);
 601                        ieee80211_queue_delayed_work(&local->hw,
 602                                                     &local->roc_work, 0);
 603                } else {
 604                        /* otherwise actually kick it off here
 605                         * (for error handling)
 606                         */
 607                        ret = drv_remain_on_channel(local, sdata, channel,
 608                                                    duration, type);
 609                        if (ret) {
 610                                kfree(roc);
 611                                return ret;
 612                        }
 613                        roc->started = true;
 614                        list_add_tail(&roc->list, &local->roc_list);
 615                }
 616
 617                return 0;
 618        }
 619
 620        /* otherwise handle queueing */
 621
 622        list_for_each_entry(tmp, &local->roc_list, list) {
 623                if (tmp->chan != channel || tmp->sdata != sdata)
 624                        continue;
 625
 626                /*
 627                 * Extend this ROC if possible: If it hasn't started, add
 628                 * just after the new one to combine.
 629                 */
 630                if (!tmp->started) {
 631                        list_add(&roc->list, &tmp->list);
 632                        queued = true;
 633                        break;
 634                }
 635
 636                if (!combine_started)
 637                        continue;
 638
 639                if (!local->ops->remain_on_channel) {
 640                        /* If there's no hardware remain-on-channel, and
 641                         * doing so won't push us over the maximum r-o-c
 642                         * we allow, then we can just add the new one to
 643                         * the list and mark it as having started now.
 644                         * If it would push over the limit, don't try to
 645                         * combine with other started ones (that haven't
 646                         * been running as long) but potentially sort it
 647                         * with others that had the same fate.
 648                         */
 649                        unsigned long now = jiffies;
 650                        u32 elapsed = jiffies_to_msecs(now - tmp->start_time);
 651                        struct wiphy *wiphy = local->hw.wiphy;
 652                        u32 max_roc = wiphy->max_remain_on_channel_duration;
 653
 654                        if (elapsed + roc->duration > max_roc) {
 655                                combine_started = false;
 656                                continue;
 657                        }
 658
 659                        list_add(&roc->list, &tmp->list);
 660                        queued = true;
 661                        roc->on_channel = tmp->on_channel;
 662                        ieee80211_handle_roc_started(roc, now);
 663                        ieee80211_recalc_sw_work(local, now);
 664                        break;
 665                }
 666
 667                queued = ieee80211_coalesce_hw_started_roc(local, roc, tmp);
 668                if (queued)
 669                        break;
 670                /* if it wasn't queued, perhaps it can be combined with
 671                 * another that also couldn't get combined previously,
 672                 * but no need to check for already started ones, since
 673                 * that can't work.
 674                 */
 675                combine_started = false;
 676        }
 677
 678        if (!queued)
 679                list_add_tail(&roc->list, &local->roc_list);
 680
 681        return 0;
 682}
 683
 684int ieee80211_remain_on_channel(struct wiphy *wiphy, struct wireless_dev *wdev,
 685                                struct ieee80211_channel *chan,
 686                                unsigned int duration, u64 *cookie)
 687{
 688        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 689        struct ieee80211_local *local = sdata->local;
 690        int ret;
 691
 692        mutex_lock(&local->mtx);
 693        ret = ieee80211_start_roc_work(local, sdata, chan,
 694                                       duration, cookie, NULL,
 695                                       IEEE80211_ROC_TYPE_NORMAL);
 696        mutex_unlock(&local->mtx);
 697
 698        return ret;
 699}
 700
 701static int ieee80211_cancel_roc(struct ieee80211_local *local,
 702                                u64 cookie, bool mgmt_tx)
 703{
 704        struct ieee80211_roc_work *roc, *tmp, *found = NULL;
 705        int ret;
 706
 707        if (!cookie)
 708                return -ENOENT;
 709
 710        mutex_lock(&local->mtx);
 711        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 712                if (!mgmt_tx && roc->cookie != cookie)
 713                        continue;
 714                else if (mgmt_tx && roc->mgmt_tx_cookie != cookie)
 715                        continue;
 716
 717                found = roc;
 718                break;
 719        }
 720
 721        if (!found) {
 722                mutex_unlock(&local->mtx);
 723                return -ENOENT;
 724        }
 725
 726        if (!found->started) {
 727                ieee80211_roc_notify_destroy(found);
 728                goto out_unlock;
 729        }
 730
 731        if (local->ops->remain_on_channel) {
 732                ret = drv_cancel_remain_on_channel(local);
 733                if (WARN_ON_ONCE(ret)) {
 734                        mutex_unlock(&local->mtx);
 735                        return ret;
 736                }
 737
 738                /* TODO:
 739                 * if multiple items were combined here then we really shouldn't
 740                 * cancel them all - we should wait for as much time as needed
 741                 * for the longest remaining one, and only then cancel ...
 742                 */
 743                list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 744                        if (!roc->started)
 745                                break;
 746                        if (roc == found)
 747                                found = NULL;
 748                        ieee80211_roc_notify_destroy(roc);
 749                }
 750
 751                /* that really must not happen - it was started */
 752                WARN_ON(found);
 753
 754                ieee80211_start_next_roc(local);
 755        } else {
 756                /* go through work struct to return to the operating channel */
 757                found->abort = true;
 758                mod_delayed_work(local->workqueue, &local->roc_work, 0);
 759        }
 760
 761 out_unlock:
 762        mutex_unlock(&local->mtx);
 763
 764        return 0;
 765}
 766
 767int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
 768                                       struct wireless_dev *wdev, u64 cookie)
 769{
 770        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 771        struct ieee80211_local *local = sdata->local;
 772
 773        return ieee80211_cancel_roc(local, cookie, false);
 774}
 775
 776int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
 777                      struct cfg80211_mgmt_tx_params *params, u64 *cookie)
 778{
 779        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 780        struct ieee80211_local *local = sdata->local;
 781        struct sk_buff *skb;
 782        struct sta_info *sta;
 783        const struct ieee80211_mgmt *mgmt = (void *)params->buf;
 784        bool need_offchan = false;
 785        u32 flags;
 786        int ret;
 787        u8 *data;
 788
 789        if (params->dont_wait_for_ack)
 790                flags = IEEE80211_TX_CTL_NO_ACK;
 791        else
 792                flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
 793                        IEEE80211_TX_CTL_REQ_TX_STATUS;
 794
 795        if (params->no_cck)
 796                flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
 797
 798        switch (sdata->vif.type) {
 799        case NL80211_IFTYPE_ADHOC:
 800                if (!sdata->vif.bss_conf.ibss_joined)
 801                        need_offchan = true;
 802                /* fall through */
 803#ifdef CONFIG_MAC80211_MESH
 804        case NL80211_IFTYPE_MESH_POINT:
 805                if (ieee80211_vif_is_mesh(&sdata->vif) &&
 806                    !sdata->u.mesh.mesh_id_len)
 807                        need_offchan = true;
 808                /* fall through */
 809#endif
 810        case NL80211_IFTYPE_AP:
 811        case NL80211_IFTYPE_AP_VLAN:
 812        case NL80211_IFTYPE_P2P_GO:
 813                if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
 814                    !ieee80211_vif_is_mesh(&sdata->vif) &&
 815                    !rcu_access_pointer(sdata->bss->beacon))
 816                        need_offchan = true;
 817                if (!ieee80211_is_action(mgmt->frame_control) ||
 818                    mgmt->u.action.category == WLAN_CATEGORY_PUBLIC ||
 819                    mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED ||
 820                    mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT)
 821                        break;
 822                rcu_read_lock();
 823                sta = sta_info_get_bss(sdata, mgmt->da);
 824                rcu_read_unlock();
 825                if (!sta)
 826                        return -ENOLINK;
 827                break;
 828        case NL80211_IFTYPE_STATION:
 829        case NL80211_IFTYPE_P2P_CLIENT:
 830                sdata_lock(sdata);
 831                if (!sdata->u.mgd.associated ||
 832                    (params->offchan && params->wait &&
 833                     local->ops->remain_on_channel &&
 834                     memcmp(sdata->u.mgd.associated->bssid,
 835                            mgmt->bssid, ETH_ALEN)))
 836                        need_offchan = true;
 837                sdata_unlock(sdata);
 838                break;
 839        case NL80211_IFTYPE_P2P_DEVICE:
 840                need_offchan = true;
 841                break;
 842        case NL80211_IFTYPE_NAN:
 843        default:
 844                return -EOPNOTSUPP;
 845        }
 846
 847        /* configurations requiring offchan cannot work if no channel has been
 848         * specified
 849         */
 850        if (need_offchan && !params->chan)
 851                return -EINVAL;
 852
 853        mutex_lock(&local->mtx);
 854
 855        /* Check if the operating channel is the requested channel */
 856        if (!need_offchan) {
 857                struct ieee80211_chanctx_conf *chanctx_conf;
 858
 859                rcu_read_lock();
 860                chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
 861
 862                if (chanctx_conf) {
 863                        need_offchan = params->chan &&
 864                                       (params->chan !=
 865                                        chanctx_conf->def.chan);
 866                } else if (!params->chan) {
 867                        ret = -EINVAL;
 868                        rcu_read_unlock();
 869                        goto out_unlock;
 870                } else {
 871                        need_offchan = true;
 872                }
 873                rcu_read_unlock();
 874        }
 875
 876        if (need_offchan && !params->offchan) {
 877                ret = -EBUSY;
 878                goto out_unlock;
 879        }
 880
 881        skb = dev_alloc_skb(local->hw.extra_tx_headroom + params->len);
 882        if (!skb) {
 883                ret = -ENOMEM;
 884                goto out_unlock;
 885        }
 886        skb_reserve(skb, local->hw.extra_tx_headroom);
 887
 888        data = skb_put(skb, params->len);
 889        memcpy(data, params->buf, params->len);
 890
 891        /* Update CSA counters */
 892        if (sdata->vif.csa_active &&
 893            (sdata->vif.type == NL80211_IFTYPE_AP ||
 894             sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
 895             sdata->vif.type == NL80211_IFTYPE_ADHOC) &&
 896            params->n_csa_offsets) {
 897                int i;
 898                struct beacon_data *beacon = NULL;
 899
 900                rcu_read_lock();
 901
 902                if (sdata->vif.type == NL80211_IFTYPE_AP)
 903                        beacon = rcu_dereference(sdata->u.ap.beacon);
 904                else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
 905                        beacon = rcu_dereference(sdata->u.ibss.presp);
 906                else if (ieee80211_vif_is_mesh(&sdata->vif))
 907                        beacon = rcu_dereference(sdata->u.mesh.beacon);
 908
 909                if (beacon)
 910                        for (i = 0; i < params->n_csa_offsets; i++)
 911                                data[params->csa_offsets[i]] =
 912                                        beacon->csa_current_counter;
 913
 914                rcu_read_unlock();
 915        }
 916
 917        IEEE80211_SKB_CB(skb)->flags = flags;
 918
 919        skb->dev = sdata->dev;
 920
 921        if (!params->dont_wait_for_ack) {
 922                /* make a copy to preserve the frame contents
 923                 * in case of encryption.
 924                 */
 925                ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_KERNEL);
 926                if (ret) {
 927                        kfree_skb(skb);
 928                        goto out_unlock;
 929                }
 930        } else {
 931                /* Assign a dummy non-zero cookie, it's not sent to
 932                 * userspace in this case but we rely on its value
 933                 * internally in the need_offchan case to distinguish
 934                 * mgmt-tx from remain-on-channel.
 935                 */
 936                *cookie = 0xffffffff;
 937        }
 938
 939        if (!need_offchan) {
 940                ieee80211_tx_skb(sdata, skb);
 941                ret = 0;
 942                goto out_unlock;
 943        }
 944
 945        IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN |
 946                                        IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
 947        if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
 948                IEEE80211_SKB_CB(skb)->hw_queue =
 949                        local->hw.offchannel_tx_hw_queue;
 950
 951        /* This will handle all kinds of coalescing and immediate TX */
 952        ret = ieee80211_start_roc_work(local, sdata, params->chan,
 953                                       params->wait, cookie, skb,
 954                                       IEEE80211_ROC_TYPE_MGMT_TX);
 955        if (ret)
 956                ieee80211_free_txskb(&local->hw, skb);
 957 out_unlock:
 958        mutex_unlock(&local->mtx);
 959        return ret;
 960}
 961
 962int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
 963                                  struct wireless_dev *wdev, u64 cookie)
 964{
 965        struct ieee80211_local *local = wiphy_priv(wiphy);
 966
 967        return ieee80211_cancel_roc(local, cookie, true);
 968}
 969
 970void ieee80211_roc_setup(struct ieee80211_local *local)
 971{
 972        INIT_WORK(&local->hw_roc_start, ieee80211_hw_roc_start);
 973        INIT_WORK(&local->hw_roc_done, ieee80211_hw_roc_done);
 974        INIT_DELAYED_WORK(&local->roc_work, ieee80211_roc_work);
 975        INIT_LIST_HEAD(&local->roc_list);
 976}
 977
 978void ieee80211_roc_purge(struct ieee80211_local *local,
 979                         struct ieee80211_sub_if_data *sdata)
 980{
 981        struct ieee80211_roc_work *roc, *tmp;
 982        bool work_to_do = false;
 983
 984        mutex_lock(&local->mtx);
 985        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 986                if (sdata && roc->sdata != sdata)
 987                        continue;
 988
 989                if (roc->started) {
 990                        if (local->ops->remain_on_channel) {
 991                                /* can race, so ignore return value */
 992                                drv_cancel_remain_on_channel(local);
 993                                ieee80211_roc_notify_destroy(roc);
 994                        } else {
 995                                roc->abort = true;
 996                                work_to_do = true;
 997                        }
 998                } else {
 999                        ieee80211_roc_notify_destroy(roc);
1000                }

1001        }
1002        if (work_to_do)
1003                __ieee80211_roc_work(local);
1004        mutex_unlock(&local->mtx);
1005}
1006