1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18#include <linux/ieee80211.h>
19#include <linux/slab.h>
20#include <linux/export.h>
21#include <net/mac80211.h>
22#include "ieee80211_i.h"
23#include "driver-ops.h"
24#include "wme.h"
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata,
65 const u8 *da, u16 tid,
66 u8 dialog_token, u16 start_seq_num,
67 u16 agg_size, u16 timeout)
68{
69 struct ieee80211_local *local = sdata->local;
70 struct sk_buff *skb;
71 struct ieee80211_mgmt *mgmt;
72 u16 capab;
73
74 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
75
76 if (!skb)
77 return;
78
79 skb_reserve(skb, local->hw.extra_tx_headroom);
80 mgmt = skb_put_zero(skb, 24);
81 memcpy(mgmt->da, da, ETH_ALEN);
82 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
83 if (sdata->vif.type == NL80211_IFTYPE_AP ||
84 sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
85 sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
86 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
87 else if (sdata->vif.type == NL80211_IFTYPE_STATION)
88 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
89 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
90 memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
91
92 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
93 IEEE80211_STYPE_ACTION);
94
95 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req));
96
97 mgmt->u.action.category = WLAN_CATEGORY_BACK;
98 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ;
99
100 mgmt->u.action.u.addba_req.dialog_token = dialog_token;
101 capab = (u16)(1 << 0);
102 capab |= (u16)(1 << 1);
103 capab |= (u16)(tid << 2);
104 capab |= (u16)(agg_size << 6);
105
106 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab);
107
108 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout);
109 mgmt->u.action.u.addba_req.start_seq_num =
110 cpu_to_le16(start_seq_num << 4);
111
112 ieee80211_tx_skb(sdata, skb);
113}
114
115void ieee80211_send_bar(struct ieee80211_vif *vif, u8 *ra, u16 tid, u16 ssn)
116{
117 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
118 struct ieee80211_local *local = sdata->local;
119 struct sk_buff *skb;
120 struct ieee80211_bar *bar;
121 u16 bar_control = 0;
122
123 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom);
124 if (!skb)
125 return;
126
127 skb_reserve(skb, local->hw.extra_tx_headroom);
128 bar = skb_put_zero(skb, sizeof(*bar));
129 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
130 IEEE80211_STYPE_BACK_REQ);
131 memcpy(bar->ra, ra, ETH_ALEN);
132 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN);
133 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL;
134 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA;
135 bar_control |= (u16)(tid << IEEE80211_BAR_CTRL_TID_INFO_SHIFT);
136 bar->control = cpu_to_le16(bar_control);
137 bar->start_seq_num = cpu_to_le16(ssn);
138
139 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
140 IEEE80211_TX_CTL_REQ_TX_STATUS;
141 ieee80211_tx_skb_tid(sdata, skb, tid);
142}
143EXPORT_SYMBOL(ieee80211_send_bar);
144
145void ieee80211_assign_tid_tx(struct sta_info *sta, int tid,
146 struct tid_ampdu_tx *tid_tx)
147{
148 lockdep_assert_held(&sta->ampdu_mlme.mtx);
149 lockdep_assert_held(&sta->lock);
150 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx);
151}
152
153
154
155
156
157
158
159
160
161
162
163
164static void __acquires(agg_queue)
165ieee80211_stop_queue_agg(struct ieee80211_sub_if_data *sdata, int tid)
166{
167 int queue = sdata->vif.hw_queue[ieee80211_ac_from_tid(tid)];
168
169
170
171 if (atomic_inc_return(&sdata->local->agg_queue_stop[queue]) == 1)
172 ieee80211_stop_queue_by_reason(
173 &sdata->local->hw, queue,
174 IEEE80211_QUEUE_STOP_REASON_AGGREGATION,
175 false);
176 __acquire(agg_queue);
177}
178
179static void __releases(agg_queue)
180ieee80211_wake_queue_agg(struct ieee80211_sub_if_data *sdata, int tid)
181{
182 int queue = sdata->vif.hw_queue[ieee80211_ac_from_tid(tid)];
183
184 if (atomic_dec_return(&sdata->local->agg_queue_stop[queue]) == 0)
185 ieee80211_wake_queue_by_reason(
186 &sdata->local->hw, queue,
187 IEEE80211_QUEUE_STOP_REASON_AGGREGATION,
188 false);
189 __release(agg_queue);
190}
191
192static void
193ieee80211_agg_stop_txq(struct sta_info *sta, int tid)
194{
195 struct ieee80211_txq *txq = sta->sta.txq[tid];
196 struct ieee80211_sub_if_data *sdata;
197 struct fq *fq;
198 struct txq_info *txqi;
199
200 if (!txq)
201 return;
202
203 txqi = to_txq_info(txq);
204 sdata = vif_to_sdata(txq->vif);
205 fq = &sdata->local->fq;
206
207
208 spin_lock_bh(&fq->lock);
209 set_bit(IEEE80211_TXQ_STOP, &txqi->flags);
210 spin_unlock_bh(&fq->lock);
211}
212
213static void
214ieee80211_agg_start_txq(struct sta_info *sta, int tid, bool enable)
215{
216 struct ieee80211_txq *txq = sta->sta.txq[tid];
217 struct txq_info *txqi;
218
219 if (!txq)
220 return;
221
222 txqi = to_txq_info(txq);
223
224 if (enable)
225 set_bit(IEEE80211_TXQ_AMPDU, &txqi->flags);
226 else
227 clear_bit(IEEE80211_TXQ_AMPDU, &txqi->flags);
228
229 clear_bit(IEEE80211_TXQ_STOP, &txqi->flags);
230 local_bh_disable();
231 rcu_read_lock();
232 drv_wake_tx_queue(sta->sdata->local, txqi);
233 rcu_read_unlock();
234 local_bh_enable();
235}
236
237
238
239
240
241static void __acquires(agg_queue)
242ieee80211_agg_splice_packets(struct ieee80211_sub_if_data *sdata,
243 struct tid_ampdu_tx *tid_tx, u16 tid)
244{
245 struct ieee80211_local *local = sdata->local;
246 int queue = sdata->vif.hw_queue[ieee80211_ac_from_tid(tid)];
247 unsigned long flags;
248
249 ieee80211_stop_queue_agg(sdata, tid);
250
251 if (WARN(!tid_tx,
252 "TID %d gone but expected when splicing aggregates from the pending queue\n",
253 tid))
254 return;
255
256 if (!skb_queue_empty(&tid_tx->pending)) {
257 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
258
259 skb_queue_splice_tail_init(&tid_tx->pending,
260 &local->pending[queue]);
261 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
262 }
263}
264
265static void __releases(agg_queue)
266ieee80211_agg_splice_finish(struct ieee80211_sub_if_data *sdata, u16 tid)
267{
268 ieee80211_wake_queue_agg(sdata, tid);
269}
270
271static void ieee80211_remove_tid_tx(struct sta_info *sta, int tid)
272{
273 struct tid_ampdu_tx *tid_tx;
274
275 lockdep_assert_held(&sta->ampdu_mlme.mtx);
276 lockdep_assert_held(&sta->lock);
277
278 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
279
280
281
282
283
284
285
286
287
288
289
290 ieee80211_agg_splice_packets(sta->sdata, tid_tx, tid);
291
292
293 ieee80211_assign_tid_tx(sta, tid, NULL);
294
295 ieee80211_agg_splice_finish(sta->sdata, tid);
296 ieee80211_agg_start_txq(sta, tid, false);
297
298 kfree_rcu(tid_tx, rcu_head);
299}
300
301int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
302 enum ieee80211_agg_stop_reason reason)
303{
304 struct ieee80211_local *local = sta->local;
305 struct tid_ampdu_tx *tid_tx;
306 struct ieee80211_ampdu_params params = {
307 .sta = &sta->sta,
308 .tid = tid,
309 .buf_size = 0,
310 .amsdu = false,
311 .timeout = 0,
312 .ssn = 0,
313 };
314 int ret;
315
316 lockdep_assert_held(&sta->ampdu_mlme.mtx);
317
318 switch (reason) {
319 case AGG_STOP_DECLINED:
320 case AGG_STOP_LOCAL_REQUEST:
321 case AGG_STOP_PEER_REQUEST:
322 params.action = IEEE80211_AMPDU_TX_STOP_CONT;
323 break;
324 case AGG_STOP_DESTROY_STA:
325 params.action = IEEE80211_AMPDU_TX_STOP_FLUSH;
326 break;
327 default:
328 WARN_ON_ONCE(1);
329 return -EINVAL;
330 }
331
332 spin_lock_bh(&sta->lock);
333
334
335 tid_tx = sta->ampdu_mlme.tid_start_tx[tid];
336 kfree(tid_tx);
337 sta->ampdu_mlme.tid_start_tx[tid] = NULL;
338
339 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
340 if (!tid_tx) {
341 spin_unlock_bh(&sta->lock);
342 return -ENOENT;
343 }
344
345
346
347
348
349 if (test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
350 spin_unlock_bh(&sta->lock);
351 if (reason != AGG_STOP_DESTROY_STA)
352 return -EALREADY;
353 params.action = IEEE80211_AMPDU_TX_STOP_FLUSH_CONT;
354 ret = drv_ampdu_action(local, sta->sdata, ¶ms);
355 WARN_ON_ONCE(ret);
356 return 0;
357 }
358
359 if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
360
361 ieee80211_assign_tid_tx(sta, tid, NULL);
362 spin_unlock_bh(&sta->lock);
363 kfree_rcu(tid_tx, rcu_head);
364 return 0;
365 }
366
367 set_bit(HT_AGG_STATE_STOPPING, &tid_tx->state);
368
369 spin_unlock_bh(&sta->lock);
370
371 ht_dbg(sta->sdata, "Tx BA session stop requested for %pM tid %u\n",
372 sta->sta.addr, tid);
373
374 del_timer_sync(&tid_tx->addba_resp_timer);
375 del_timer_sync(&tid_tx->session_timer);
376
377
378
379
380
381
382 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
383
384
385
386
387
388
389
390
391
392
393
394
395
396 if (!local->in_reconfig)
397 synchronize_net();
398
399 tid_tx->stop_initiator = reason == AGG_STOP_PEER_REQUEST ?
400 WLAN_BACK_RECIPIENT :
401 WLAN_BACK_INITIATOR;
402 tid_tx->tx_stop = reason == AGG_STOP_LOCAL_REQUEST;
403
404 ret = drv_ampdu_action(local, sta->sdata, ¶ms);
405
406
407 if (WARN_ON(ret)) {
408
409
410
411
412 }
413
414
415
416
417
418
419
420
421
422
423
424 return 0;
425}
426
427
428
429
430
431
432static void sta_addba_resp_timer_expired(struct timer_list *t)
433{
434 struct tid_ampdu_tx *tid_tx = from_timer(tid_tx, t, addba_resp_timer);
435 struct sta_info *sta = tid_tx->sta;
436 u8 tid = tid_tx->tid;
437
438
439 if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) {
440 ht_dbg(sta->sdata,
441 "timer expired on %pM tid %d not expecting addBA response\n",
442 sta->sta.addr, tid);
443 return;
444 }
445
446 ht_dbg(sta->sdata, "addBA response timer expired on %pM tid %d\n",
447 sta->sta.addr, tid);
448
449 ieee80211_stop_tx_ba_session(&sta->sta, tid);
450}
451
452void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid)
453{
454 struct tid_ampdu_tx *tid_tx;
455 struct ieee80211_local *local = sta->local;
456 struct ieee80211_sub_if_data *sdata = sta->sdata;
457 struct ieee80211_ampdu_params params = {
458 .sta = &sta->sta,
459 .action = IEEE80211_AMPDU_TX_START,
460 .tid = tid,
461 .buf_size = 0,
462 .amsdu = false,
463 .timeout = 0,
464 };
465 int ret;
466
467 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
468
469
470
471
472
473
474 clear_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
475
476 ieee80211_agg_stop_txq(sta, tid);
477
478
479
480
481
482
483
484 synchronize_net();
485
486 params.ssn = sta->tid_seq[tid] >> 4;
487 ret = drv_ampdu_action(local, sdata, ¶ms);
488 if (ret) {
489 ht_dbg(sdata,
490 "BA request denied - HW unavailable for %pM tid %d\n",
491 sta->sta.addr, tid);
492 spin_lock_bh(&sta->lock);
493 ieee80211_agg_splice_packets(sdata, tid_tx, tid);
494 ieee80211_assign_tid_tx(sta, tid, NULL);
495 ieee80211_agg_splice_finish(sdata, tid);
496 spin_unlock_bh(&sta->lock);
497
498 ieee80211_agg_start_txq(sta, tid, false);
499
500 kfree_rcu(tid_tx, rcu_head);
501 return;
502 }
503
504
505 mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL);
506 ht_dbg(sdata, "activated addBA response timer on %pM tid %d\n",
507 sta->sta.addr, tid);
508
509 spin_lock_bh(&sta->lock);
510 sta->ampdu_mlme.last_addba_req_time[tid] = jiffies;
511 sta->ampdu_mlme.addba_req_num[tid]++;
512 spin_unlock_bh(&sta->lock);
513
514
515 ieee80211_send_addba_request(sdata, sta->sta.addr, tid,
516 tid_tx->dialog_token, params.ssn,
517 IEEE80211_MAX_AMPDU_BUF,
518 tid_tx->timeout);
519}
520
521
522
523
524
525static void sta_tx_agg_session_timer_expired(struct timer_list *t)
526{
527 struct tid_ampdu_tx *tid_tx = from_timer(tid_tx, t, session_timer);
528 struct sta_info *sta = tid_tx->sta;
529 u8 tid = tid_tx->tid;
530 unsigned long timeout;
531
532 if (test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
533 return;
534 }
535
536 timeout = tid_tx->last_tx + TU_TO_JIFFIES(tid_tx->timeout);
537 if (time_is_after_jiffies(timeout)) {
538 mod_timer(&tid_tx->session_timer, timeout);
539 return;
540 }
541
542 ht_dbg(sta->sdata, "tx session timer expired on %pM tid %d\n",
543 sta->sta.addr, tid);
544
545 ieee80211_stop_tx_ba_session(&sta->sta, tid);
546}
547
548int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid,
549 u16 timeout)
550{
551 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
552 struct ieee80211_sub_if_data *sdata = sta->sdata;
553 struct ieee80211_local *local = sdata->local;
554 struct tid_ampdu_tx *tid_tx;
555 int ret = 0;
556
557 trace_api_start_tx_ba_session(pubsta, tid);
558
559 if (WARN(sta->reserved_tid == tid,
560 "Requested to start BA session on reserved tid=%d", tid))
561 return -EINVAL;
562
563 if (!pubsta->ht_cap.ht_supported)
564 return -EINVAL;
565
566 if (WARN_ON_ONCE(!local->ops->ampdu_action))
567 return -EINVAL;
568
569 if ((tid >= IEEE80211_NUM_TIDS) ||
570 !ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) ||
571 ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW))
572 return -EINVAL;
573
574 if (WARN_ON(tid >= IEEE80211_FIRST_TSPEC_TSID))
575 return -EINVAL;
576
577 ht_dbg(sdata, "Open BA session requested for %pM tid %u\n",
578 pubsta->addr, tid);
579
580 if (sdata->vif.type != NL80211_IFTYPE_STATION &&
581 sdata->vif.type != NL80211_IFTYPE_MESH_POINT &&
582 sdata->vif.type != NL80211_IFTYPE_AP_VLAN &&
583 sdata->vif.type != NL80211_IFTYPE_AP &&
584 sdata->vif.type != NL80211_IFTYPE_ADHOC)
585 return -EINVAL;
586
587 if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
588 ht_dbg(sdata,
589 "BA sessions blocked - Denying BA session request %pM tid %d\n",
590 sta->sta.addr, tid);
591 return -EINVAL;
592 }
593
594
595
596
597
598
599
600
601
602
603
604
605
606 if (sta->sdata->vif.type == NL80211_IFTYPE_ADHOC &&
607 !sta->sta.ht_cap.ht_supported) {
608 ht_dbg(sdata,
609 "BA request denied - IBSS STA %pM does not advertise HT support\n",
610 pubsta->addr);
611 return -EINVAL;
612 }
613
614 spin_lock_bh(&sta->lock);
615
616
617 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) {
618 ret = -EBUSY;
619 goto err_unlock_sta;
620 }
621
622
623
624
625
626
627 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_BURST_RETRIES &&
628 time_before(jiffies, sta->ampdu_mlme.last_addba_req_time[tid] +
629 HT_AGG_RETRIES_PERIOD)) {
630 ht_dbg(sdata,
631 "BA request denied - %d failed requests on %pM tid %u\n",
632 sta->ampdu_mlme.addba_req_num[tid], sta->sta.addr, tid);
633 ret = -EBUSY;
634 goto err_unlock_sta;
635 }
636
637 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
638
639 if (tid_tx || sta->ampdu_mlme.tid_start_tx[tid]) {
640 ht_dbg(sdata,
641 "BA request denied - session is not idle on %pM tid %u\n",
642 sta->sta.addr, tid);
643 ret = -EAGAIN;
644 goto err_unlock_sta;
645 }
646
647
648 tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC);
649 if (!tid_tx) {
650 ret = -ENOMEM;
651 goto err_unlock_sta;
652 }
653
654 skb_queue_head_init(&tid_tx->pending);
655 __set_bit(HT_AGG_STATE_WANT_START, &tid_tx->state);
656
657 tid_tx->timeout = timeout;
658 tid_tx->sta = sta;
659 tid_tx->tid = tid;
660
661
662 timer_setup(&tid_tx->addba_resp_timer, sta_addba_resp_timer_expired, 0);
663
664
665 timer_setup(&tid_tx->session_timer,
666 sta_tx_agg_session_timer_expired, TIMER_DEFERRABLE);
667
668
669 sta->ampdu_mlme.dialog_token_allocator++;
670 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator;
671
672
673
674
675
676 sta->ampdu_mlme.tid_start_tx[tid] = tid_tx;
677
678 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
679
680
681 err_unlock_sta:
682 spin_unlock_bh(&sta->lock);
683 return ret;
684}
685EXPORT_SYMBOL(ieee80211_start_tx_ba_session);
686
687static void ieee80211_agg_tx_operational(struct ieee80211_local *local,
688 struct sta_info *sta, u16 tid)
689{
690 struct tid_ampdu_tx *tid_tx;
691 struct ieee80211_ampdu_params params = {
692 .sta = &sta->sta,
693 .action = IEEE80211_AMPDU_TX_OPERATIONAL,
694 .tid = tid,
695 .timeout = 0,
696 .ssn = 0,
697 };
698
699 lockdep_assert_held(&sta->ampdu_mlme.mtx);
700
701 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
702 params.buf_size = tid_tx->buf_size;
703 params.amsdu = tid_tx->amsdu;
704
705 ht_dbg(sta->sdata, "Aggregation is on for %pM tid %d\n",
706 sta->sta.addr, tid);
707
708 drv_ampdu_action(local, sta->sdata, ¶ms);
709
710
711
712
713
714 spin_lock_bh(&sta->lock);
715
716 ieee80211_agg_splice_packets(sta->sdata, tid_tx, tid);
717
718
719
720
721
722 set_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state);
723 ieee80211_agg_splice_finish(sta->sdata, tid);
724
725 spin_unlock_bh(&sta->lock);
726
727 ieee80211_agg_start_txq(sta, tid, true);
728}
729
730void ieee80211_start_tx_ba_cb(struct sta_info *sta, int tid,
731 struct tid_ampdu_tx *tid_tx)
732{
733 struct ieee80211_sub_if_data *sdata = sta->sdata;
734 struct ieee80211_local *local = sdata->local;
735
736 if (WARN_ON(test_and_set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)))
737 return;
738
739 if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state))
740 ieee80211_agg_tx_operational(local, sta, tid);
741}
742
743static struct tid_ampdu_tx *
744ieee80211_lookup_tid_tx(struct ieee80211_sub_if_data *sdata,
745 const u8 *ra, u16 tid, struct sta_info **sta)
746{
747 struct tid_ampdu_tx *tid_tx;
748
749 if (tid >= IEEE80211_NUM_TIDS) {
750 ht_dbg(sdata, "Bad TID value: tid = %d (>= %d)\n",
751 tid, IEEE80211_NUM_TIDS);
752 return NULL;
753 }
754
755 *sta = sta_info_get_bss(sdata, ra);
756 if (!*sta) {
757 ht_dbg(sdata, "Could not find station: %pM\n", ra);
758 return NULL;
759 }
760
761 tid_tx = rcu_dereference((*sta)->ampdu_mlme.tid_tx[tid]);
762
763 if (WARN_ON(!tid_tx))
764 ht_dbg(sdata, "addBA was not requested!\n");
765
766 return tid_tx;
767}
768
769void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
770 const u8 *ra, u16 tid)
771{
772 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
773 struct ieee80211_local *local = sdata->local;
774 struct sta_info *sta;
775 struct tid_ampdu_tx *tid_tx;
776
777 trace_api_start_tx_ba_cb(sdata, ra, tid);
778
779 rcu_read_lock();
780 tid_tx = ieee80211_lookup_tid_tx(sdata, ra, tid, &sta);
781 if (!tid_tx)
782 goto out;
783
784 set_bit(HT_AGG_STATE_START_CB, &tid_tx->state);
785 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
786 out:
787 rcu_read_unlock();
788}
789EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe);
790
791int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid,
792 enum ieee80211_agg_stop_reason reason)
793{
794 int ret;
795
796 mutex_lock(&sta->ampdu_mlme.mtx);
797
798 ret = ___ieee80211_stop_tx_ba_session(sta, tid, reason);
799
800 mutex_unlock(&sta->ampdu_mlme.mtx);
801
802 return ret;
803}
804
805int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid)
806{
807 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
808 struct ieee80211_sub_if_data *sdata = sta->sdata;
809 struct ieee80211_local *local = sdata->local;
810 struct tid_ampdu_tx *tid_tx;
811 int ret = 0;
812
813 trace_api_stop_tx_ba_session(pubsta, tid);
814
815 if (!local->ops->ampdu_action)
816 return -EINVAL;
817
818 if (tid >= IEEE80211_NUM_TIDS)
819 return -EINVAL;
820
821 spin_lock_bh(&sta->lock);
822 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
823
824 if (!tid_tx) {
825 ret = -ENOENT;
826 goto unlock;
827 }
828
829 WARN(sta->reserved_tid == tid,
830 "Requested to stop BA session on reserved tid=%d", tid);
831
832 if (test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
833
834 ret = 0;
835 goto unlock;
836 }
837
838 set_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state);
839 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
840
841 unlock:
842 spin_unlock_bh(&sta->lock);
843 return ret;
844}
845EXPORT_SYMBOL(ieee80211_stop_tx_ba_session);
846
847void ieee80211_stop_tx_ba_cb(struct sta_info *sta, int tid,
848 struct tid_ampdu_tx *tid_tx)
849{
850 struct ieee80211_sub_if_data *sdata = sta->sdata;
851 bool send_delba = false;
852
853 ht_dbg(sdata, "Stopping Tx BA session for %pM tid %d\n",
854 sta->sta.addr, tid);
855
856 spin_lock_bh(&sta->lock);
857
858 if (!test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
859 ht_dbg(sdata,
860 "unexpected callback to A-MPDU stop for %pM tid %d\n",
861 sta->sta.addr, tid);
862 goto unlock_sta;
863 }
864
865 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR && tid_tx->tx_stop)
866 send_delba = true;
867
868 ieee80211_remove_tid_tx(sta, tid);
869
870 unlock_sta:
871 spin_unlock_bh(&sta->lock);
872
873 if (send_delba)
874 ieee80211_send_delba(sdata, sta->sta.addr, tid,
875 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE);
876}
877
878void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif,
879 const u8 *ra, u16 tid)
880{
881 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
882 struct ieee80211_local *local = sdata->local;
883 struct sta_info *sta;
884 struct tid_ampdu_tx *tid_tx;
885
886 trace_api_stop_tx_ba_cb(sdata, ra, tid);
887
888 rcu_read_lock();
889 tid_tx = ieee80211_lookup_tid_tx(sdata, ra, tid, &sta);
890 if (!tid_tx)
891 goto out;
892
893 set_bit(HT_AGG_STATE_STOP_CB, &tid_tx->state);
894 ieee80211_queue_work(&local->hw, &sta->ampdu_mlme.work);
895 out:
896 rcu_read_unlock();
897}
898EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe);
899
900
901void ieee80211_process_addba_resp(struct ieee80211_local *local,
902 struct sta_info *sta,
903 struct ieee80211_mgmt *mgmt,
904 size_t len)
905{
906 struct tid_ampdu_tx *tid_tx;
907 struct ieee80211_txq *txq;
908 u16 capab, tid;
909 u8 buf_size;
910 bool amsdu;
911
912 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab);
913 amsdu = capab & IEEE80211_ADDBA_PARAM_AMSDU_MASK;
914 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
915 buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
916 buf_size = min(buf_size, local->hw.max_tx_aggregation_subframes);
917
918 txq = sta->sta.txq[tid];
919 if (!amsdu && txq)
920 set_bit(IEEE80211_TXQ_NO_AMSDU, &to_txq_info(txq)->flags);
921
922 mutex_lock(&sta->ampdu_mlme.mtx);
923
924 tid_tx = rcu_dereference_protected_tid_tx(sta, tid);
925 if (!tid_tx)
926 goto out;
927
928 if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) {
929 ht_dbg(sta->sdata, "wrong addBA response token, %pM tid %d\n",
930 sta->sta.addr, tid);
931 goto out;
932 }
933
934 del_timer_sync(&tid_tx->addba_resp_timer);
935
936 ht_dbg(sta->sdata, "switched off addBA timer for %pM tid %d\n",
937 sta->sta.addr, tid);
938
939
940
941
942
943
944 if (test_bit(HT_AGG_STATE_WANT_STOP, &tid_tx->state) ||
945 test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) {
946 ht_dbg(sta->sdata,
947 "got addBA resp for %pM tid %d but we already gave up\n",
948 sta->sta.addr, tid);
949 goto out;
950 }
951
952
953
954
955
956
957
958 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status)
959 == WLAN_STATUS_SUCCESS && buf_size) {
960 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED,
961 &tid_tx->state)) {
962
963 goto out;
964 }
965
966 tid_tx->buf_size = buf_size;
967 tid_tx->amsdu = amsdu;
968
969 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))
970 ieee80211_agg_tx_operational(local, sta, tid);
971
972 sta->ampdu_mlme.addba_req_num[tid] = 0;
973
974 tid_tx->timeout =
975 le16_to_cpu(mgmt->u.action.u.addba_resp.timeout);
976
977 if (tid_tx->timeout) {
978 mod_timer(&tid_tx->session_timer,
979 TU_TO_EXP_TIME(tid_tx->timeout));
980 tid_tx->last_tx = jiffies;
981 }
982
983 } else {
984 ___ieee80211_stop_tx_ba_session(sta, tid, AGG_STOP_DECLINED);
985 }
986
987 out:
988 mutex_unlock(&sta->ampdu_mlme.mtx);
989}
990