LXR linux/net/mac80211/offchannel.c

   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Off-channel operation helpers
   4 *
   5 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   6 * Copyright 2004, Instant802 Networks, Inc.
   7 * Copyright 2005, Devicescape Software, Inc.
   8 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   9 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
  10 * Copyright 2009       Johannes Berg <johannes@sipsolutions.net>
  11 */
  12#include <linux/export.h>
  13#include <net/mac80211.h>
  14#include "ieee80211_i.h"
  15#include "driver-ops.h"
  16
  17/*
  18 * Tell our hardware to disable PS.
  19 * Optionally inform AP that we will go to sleep so that it will buffer
  20 * the frames while we are doing off-channel work.  This is optional
  21 * because we *may* be doing work on-operating channel, and want our
  22 * hardware unconditionally awake, but still let the AP send us normal frames.
  23 */
  24static void ieee80211_offchannel_ps_enable(struct ieee80211_sub_if_data *sdata)
  25{
  26        struct ieee80211_local *local = sdata->local;
  27        struct ieee80211_if_managed *ifmgd = &sdata->u.mgd;
  28
  29        local->offchannel_ps_enabled = false;
  30
  31        /* FIXME: what to do when local->pspolling is true? */
  32
  33        del_timer_sync(&local->dynamic_ps_timer);
  34        del_timer_sync(&ifmgd->bcn_mon_timer);
  35        del_timer_sync(&ifmgd->conn_mon_timer);
  36
  37        cancel_work_sync(&local->dynamic_ps_enable_work);
  38
  39        if (local->hw.conf.flags & IEEE80211_CONF_PS) {
  40                local->offchannel_ps_enabled = true;
  41                local->hw.conf.flags &= ~IEEE80211_CONF_PS;
  42                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
  43        }
  44
  45        if (!local->offchannel_ps_enabled ||
  46            !ieee80211_hw_check(&local->hw, PS_NULLFUNC_STACK))
  47                /*
  48                 * If power save was enabled, no need to send a nullfunc
  49                 * frame because AP knows that we are sleeping. But if the
  50                 * hardware is creating the nullfunc frame for power save
  51                 * status (ie. IEEE80211_HW_PS_NULLFUNC_STACK is not
  52                 * enabled) and power save was enabled, the firmware just
  53                 * sent a null frame with power save disabled. So we need
  54                 * to send a new nullfunc frame to inform the AP that we
  55                 * are again sleeping.
  56                 */
  57                ieee80211_send_nullfunc(local, sdata, true);
  58}
  59
  60/* inform AP that we are awake again, unless power save is enabled */
  61static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata)
  62{
  63        struct ieee80211_local *local = sdata->local;
  64
  65        if (!local->ps_sdata)
  66                ieee80211_send_nullfunc(local, sdata, false);
  67        else if (local->offchannel_ps_enabled) {
  68                /*
  69                 * In !IEEE80211_HW_PS_NULLFUNC_STACK case the hardware
  70                 * will send a nullfunc frame with the powersave bit set
  71                 * even though the AP already knows that we are sleeping.
  72                 * This could be avoided by sending a null frame with power
  73                 * save bit disabled before enabling the power save, but
  74                 * this doesn't gain anything.
  75                 *
  76                 * When IEEE80211_HW_PS_NULLFUNC_STACK is enabled, no need
  77                 * to send a nullfunc frame because AP already knows that
  78                 * we are sleeping, let's just enable power save mode in
  79                 * hardware.
  80                 */
  81                /* TODO:  Only set hardware if CONF_PS changed?
  82                 * TODO:  Should we set offchannel_ps_enabled to false?
  83                 */
  84                local->hw.conf.flags |= IEEE80211_CONF_PS;
  85                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_PS);
  86        } else if (local->hw.conf.dynamic_ps_timeout > 0) {
  87                /*
  88                 * If IEEE80211_CONF_PS was not set and the dynamic_ps_timer
  89                 * had been running before leaving the operating channel,
  90                 * restart the timer now and send a nullfunc frame to inform
  91                 * the AP that we are awake.
  92                 */
  93                ieee80211_send_nullfunc(local, sdata, false);
  94                mod_timer(&local->dynamic_ps_timer, jiffies +
  95                          msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
  96        }
  97
  98        ieee80211_sta_reset_beacon_monitor(sdata);
  99        ieee80211_sta_reset_conn_monitor(sdata);
 100}
 101
 102void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local)
 103{
 104        struct ieee80211_sub_if_data *sdata;
 105
 106        if (WARN_ON(local->use_chanctx))
 107                return;
 108
 109        /*
 110         * notify the AP about us leaving the channel and stop all
 111         * STA interfaces.
 112         */
 113
 114        /*
 115         * Stop queues and transmit all frames queued by the driver
 116         * before sending nullfunc to enable powersave at the AP.
 117         */
 118        ieee80211_stop_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
 119                                        IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
 120                                        false);
 121        ieee80211_flush_queues(local, NULL, false);
 122
 123        mutex_lock(&local->iflist_mtx);
 124        list_for_each_entry(sdata, &local->interfaces, list) {
 125                if (!ieee80211_sdata_running(sdata))
 126                        continue;
 127
 128                if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE ||
 129                    sdata->vif.type == NL80211_IFTYPE_NAN)
 130                        continue;
 131
 132                if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
 133                        set_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
 134
 135                /* Check to see if we should disable beaconing. */
 136                if (sdata->vif.bss_conf.enable_beacon) {
 137                        set_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
 138                                &sdata->state);
 139                        sdata->vif.bss_conf.enable_beacon = false;
 140                        ieee80211_bss_info_change_notify(
 141                                sdata, BSS_CHANGED_BEACON_ENABLED);
 142                }
 143
 144                if (sdata->vif.type == NL80211_IFTYPE_STATION &&
 145                    sdata->u.mgd.associated)
 146                        ieee80211_offchannel_ps_enable(sdata);
 147        }
 148        mutex_unlock(&local->iflist_mtx);
 149}
 150
 151void ieee80211_offchannel_return(struct ieee80211_local *local)
 152{
 153        struct ieee80211_sub_if_data *sdata;
 154
 155        if (WARN_ON(local->use_chanctx))
 156                return;
 157
 158        mutex_lock(&local->iflist_mtx);
 159        list_for_each_entry(sdata, &local->interfaces, list) {
 160                if (sdata->vif.type == NL80211_IFTYPE_P2P_DEVICE)
 161                        continue;
 162
 163                if (sdata->vif.type != NL80211_IFTYPE_MONITOR)
 164                        clear_bit(SDATA_STATE_OFFCHANNEL, &sdata->state);
 165
 166                if (!ieee80211_sdata_running(sdata))
 167                        continue;
 168
 169                /* Tell AP we're back */
 170                if (sdata->vif.type == NL80211_IFTYPE_STATION &&
 171                    sdata->u.mgd.associated)
 172                        ieee80211_offchannel_ps_disable(sdata);
 173
 174                if (test_and_clear_bit(SDATA_STATE_OFFCHANNEL_BEACON_STOPPED,
 175                                       &sdata->state)) {
 176                        sdata->vif.bss_conf.enable_beacon = true;
 177                        ieee80211_bss_info_change_notify(
 178                                sdata, BSS_CHANGED_BEACON_ENABLED);
 179                }
 180        }
 181        mutex_unlock(&local->iflist_mtx);
 182
 183        ieee80211_wake_queues_by_reason(&local->hw, IEEE80211_MAX_QUEUE_MAP,
 184                                        IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL,
 185                                        false);
 186}
 187
 188static void ieee80211_roc_notify_destroy(struct ieee80211_roc_work *roc)
 189{
 190        /* was never transmitted */
 191        if (roc->frame) {
 192                cfg80211_mgmt_tx_status(&roc->sdata->wdev, roc->mgmt_tx_cookie,
 193                                        roc->frame->data, roc->frame->len,
 194                                        false, GFP_KERNEL);
 195                ieee80211_free_txskb(&roc->sdata->local->hw, roc->frame);
 196        }
 197
 198        if (!roc->mgmt_tx_cookie)
 199                cfg80211_remain_on_channel_expired(&roc->sdata->wdev,
 200                                                   roc->cookie, roc->chan,
 201                                                   GFP_KERNEL);
 202
 203        list_del(&roc->list);
 204        kfree(roc);
 205}
 206
 207static unsigned long ieee80211_end_finished_rocs(struct ieee80211_local *local,
 208                                                 unsigned long now)
 209{
 210        struct ieee80211_roc_work *roc, *tmp;
 211        long remaining_dur_min = LONG_MAX;
 212
 213        lockdep_assert_held(&local->mtx);
 214
 215        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 216                long remaining;
 217
 218                if (!roc->started)
 219                        break;
 220
 221                remaining = roc->start_time +
 222                            msecs_to_jiffies(roc->duration) -
 223                            now;
 224
 225                /* In case of HW ROC, it is possible that the HW finished the
 226                 * ROC session before the actual requested time. In such a case
 227                 * end the ROC session (disregarding the remaining time).
 228                 */
 229                if (roc->abort || roc->hw_begun || remaining <= 0)
 230                        ieee80211_roc_notify_destroy(roc);
 231                else
 232                        remaining_dur_min = min(remaining_dur_min, remaining);
 233        }
 234
 235        return remaining_dur_min;
 236}
 237
 238static bool ieee80211_recalc_sw_work(struct ieee80211_local *local,
 239                                     unsigned long now)
 240{
 241        long dur = ieee80211_end_finished_rocs(local, now);
 242
 243        if (dur == LONG_MAX)
 244                return false;
 245
 246        mod_delayed_work(local->workqueue, &local->roc_work, dur);
 247        return true;
 248}
 249
 250static void ieee80211_handle_roc_started(struct ieee80211_roc_work *roc,
 251                                         unsigned long start_time)
 252{
 253        if (WARN_ON(roc->notified))
 254                return;
 255
 256        roc->start_time = start_time;
 257        roc->started = true;
 258
 259        if (roc->mgmt_tx_cookie) {
 260                if (!WARN_ON(!roc->frame)) {
 261                        ieee80211_tx_skb_tid_band(roc->sdata, roc->frame, 7,
 262                                                  roc->chan->band, 0);
 263                        roc->frame = NULL;
 264                }
 265        } else {
 266                cfg80211_ready_on_channel(&roc->sdata->wdev, roc->cookie,
 267                                          roc->chan, roc->req_duration,
 268                                          GFP_KERNEL);
 269        }
 270
 271        roc->notified = true;
 272}
 273
 274static void ieee80211_hw_roc_start(struct work_struct *work)
 275{
 276        struct ieee80211_local *local =
 277                container_of(work, struct ieee80211_local, hw_roc_start);
 278        struct ieee80211_roc_work *roc;
 279
 280        mutex_lock(&local->mtx);
 281
 282        list_for_each_entry(roc, &local->roc_list, list) {
 283                if (!roc->started)
 284                        break;
 285
 286                roc->hw_begun = true;
 287                ieee80211_handle_roc_started(roc, local->hw_roc_start_time);
 288        }
 289
 290        mutex_unlock(&local->mtx);
 291}
 292
 293void ieee80211_ready_on_channel(struct ieee80211_hw *hw)
 294{
 295        struct ieee80211_local *local = hw_to_local(hw);
 296
 297        local->hw_roc_start_time = jiffies;
 298
 299        trace_api_ready_on_channel(local);
 300
 301        ieee80211_queue_work(hw, &local->hw_roc_start);
 302}
 303EXPORT_SYMBOL_GPL(ieee80211_ready_on_channel);
 304
 305static void _ieee80211_start_next_roc(struct ieee80211_local *local)
 306{
 307        struct ieee80211_roc_work *roc, *tmp;
 308        enum ieee80211_roc_type type;
 309        u32 min_dur, max_dur;
 310
 311        lockdep_assert_held(&local->mtx);
 312
 313        if (WARN_ON(list_empty(&local->roc_list)))
 314                return;
 315
 316        roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
 317                               list);
 318
 319        if (WARN_ON(roc->started))
 320                return;
 321
 322        min_dur = roc->duration;
 323        max_dur = roc->duration;
 324        type = roc->type;
 325
 326        list_for_each_entry(tmp, &local->roc_list, list) {
 327                if (tmp == roc)
 328                        continue;
 329                if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 330                        break;
 331                max_dur = max(tmp->duration, max_dur);
 332                min_dur = min(tmp->duration, min_dur);
 333                type = max(tmp->type, type);
 334        }
 335
 336        if (local->ops->remain_on_channel) {
 337                int ret = drv_remain_on_channel(local, roc->sdata, roc->chan,
 338                                                max_dur, type);
 339
 340                if (ret) {
 341                        wiphy_warn(local->hw.wiphy,
 342                                   "failed to start next HW ROC (%d)\n", ret);
 343                        /*
 344                         * queue the work struct again to avoid recursion
 345                         * when multiple failures occur
 346                         */
 347                        list_for_each_entry(tmp, &local->roc_list, list) {
 348                                if (tmp->sdata != roc->sdata ||
 349                                    tmp->chan != roc->chan)
 350                                        break;
 351                                tmp->started = true;
 352                                tmp->abort = true;
 353                        }
 354                        ieee80211_queue_work(&local->hw, &local->hw_roc_done);
 355                        return;
 356                }
 357
 358                /* we'll notify about the start once the HW calls back */
 359                list_for_each_entry(tmp, &local->roc_list, list) {
 360                        if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 361                                break;
 362                        tmp->started = true;
 363                }
 364        } else {
 365                /* If actually operating on the desired channel (with at least
 366                 * 20 MHz channel width) don't stop all the operations but still
 367                 * treat it as though the ROC operation started properly, so
 368                 * other ROC operations won't interfere with this one.
 369                 */
 370                roc->on_channel = roc->chan == local->_oper_chandef.chan &&
 371                                  local->_oper_chandef.width != NL80211_CHAN_WIDTH_5 &&
 372                                  local->_oper_chandef.width != NL80211_CHAN_WIDTH_10;
 373
 374                /* start this ROC */
 375                ieee80211_recalc_idle(local);
 376
 377                if (!roc->on_channel) {
 378                        ieee80211_offchannel_stop_vifs(local);
 379
 380                        local->tmp_channel = roc->chan;
 381                        ieee80211_hw_config(local, 0);
 382                }
 383
 384                ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
 385                                             msecs_to_jiffies(min_dur));
 386
 387                /* tell userspace or send frame(s) */
 388                list_for_each_entry(tmp, &local->roc_list, list) {
 389                        if (tmp->sdata != roc->sdata || tmp->chan != roc->chan)
 390                                break;
 391
 392                        tmp->on_channel = roc->on_channel;
 393                        ieee80211_handle_roc_started(tmp, jiffies);
 394                }
 395        }
 396}
 397
 398void ieee80211_start_next_roc(struct ieee80211_local *local)
 399{
 400        struct ieee80211_roc_work *roc;
 401
 402        lockdep_assert_held(&local->mtx);
 403
 404        if (list_empty(&local->roc_list)) {
 405                ieee80211_run_deferred_scan(local);
 406                return;
 407        }
 408
 409        /* defer roc if driver is not started (i.e. during reconfig) */
 410        if (local->in_reconfig)
 411                return;
 412
 413        roc = list_first_entry(&local->roc_list, struct ieee80211_roc_work,
 414                               list);
 415
 416        if (WARN_ON_ONCE(roc->started))
 417                return;
 418
 419        if (local->ops->remain_on_channel) {
 420                _ieee80211_start_next_roc(local);
 421        } else {
 422                /* delay it a bit */
 423                ieee80211_queue_delayed_work(&local->hw, &local->roc_work,
 424                                             round_jiffies_relative(HZ/2));
 425        }
 426}
 427
 428static void __ieee80211_roc_work(struct ieee80211_local *local)
 429{
 430        struct ieee80211_roc_work *roc;
 431        bool on_channel;
 432
 433        lockdep_assert_held(&local->mtx);
 434
 435        if (WARN_ON(local->ops->remain_on_channel))
 436                return;
 437
 438        roc = list_first_entry_or_null(&local->roc_list,
 439                                       struct ieee80211_roc_work, list);
 440        if (!roc)
 441                return;
 442
 443        if (!roc->started) {
 444                WARN_ON(local->use_chanctx);
 445                _ieee80211_start_next_roc(local);
 446        } else {
 447                on_channel = roc->on_channel;
 448                if (ieee80211_recalc_sw_work(local, jiffies))
 449                        return;
 450
 451                /* careful - roc pointer became invalid during recalc */
 452
 453                if (!on_channel) {
 454                        ieee80211_flush_queues(local, NULL, false);
 455
 456                        local->tmp_channel = NULL;
 457                        ieee80211_hw_config(local, 0);
 458
 459                        ieee80211_offchannel_return(local);
 460                }
 461
 462                ieee80211_recalc_idle(local);
 463                ieee80211_start_next_roc(local);
 464        }
 465}
 466
 467static void ieee80211_roc_work(struct work_struct *work)
 468{
 469        struct ieee80211_local *local =
 470                container_of(work, struct ieee80211_local, roc_work.work);
 471
 472        mutex_lock(&local->mtx);
 473        __ieee80211_roc_work(local);
 474        mutex_unlock(&local->mtx);
 475}
 476
 477static void ieee80211_hw_roc_done(struct work_struct *work)
 478{
 479        struct ieee80211_local *local =
 480                container_of(work, struct ieee80211_local, hw_roc_done);
 481
 482        mutex_lock(&local->mtx);
 483
 484        ieee80211_end_finished_rocs(local, jiffies);
 485
 486        /* if there's another roc, start it now */
 487        ieee80211_start_next_roc(local);
 488
 489        mutex_unlock(&local->mtx);
 490}
 491
 492void ieee80211_remain_on_channel_expired(struct ieee80211_hw *hw)
 493{
 494        struct ieee80211_local *local = hw_to_local(hw);
 495
 496        trace_api_remain_on_channel_expired(local);
 497
 498        ieee80211_queue_work(hw, &local->hw_roc_done);
 499}
 500EXPORT_SYMBOL_GPL(ieee80211_remain_on_channel_expired);
 501
 502static bool
 503ieee80211_coalesce_hw_started_roc(struct ieee80211_local *local,
 504                                  struct ieee80211_roc_work *new_roc,
 505                                  struct ieee80211_roc_work *cur_roc)
 506{
 507        unsigned long now = jiffies;
 508        unsigned long remaining;
 509
 510        if (WARN_ON(!cur_roc->started))
 511                return false;
 512
 513        /* if it was scheduled in the hardware, but not started yet,
 514         * we can only combine if the older one had a longer duration
 515         */
 516        if (!cur_roc->hw_begun && new_roc->duration > cur_roc->duration)
 517                return false;
 518
 519        remaining = cur_roc->start_time +
 520                    msecs_to_jiffies(cur_roc->duration) -
 521                    now;
 522
 523        /* if it doesn't fit entirely, schedule a new one */
 524        if (new_roc->duration > jiffies_to_msecs(remaining))
 525                return false;
 526
 527        /* add just after the current one so we combine their finish later */
 528        list_add(&new_roc->list, &cur_roc->list);
 529
 530        /* if the existing one has already begun then let this one also
 531         * begin, otherwise they'll both be marked properly by the work
 532         * struct that runs once the driver notifies us of the beginning
 533         */
 534        if (cur_roc->hw_begun) {
 535                new_roc->hw_begun = true;
 536                ieee80211_handle_roc_started(new_roc, now);
 537        }
 538
 539        return true;
 540}
 541
 542static int ieee80211_start_roc_work(struct ieee80211_local *local,
 543                                    struct ieee80211_sub_if_data *sdata,
 544                                    struct ieee80211_channel *channel,
 545                                    unsigned int duration, u64 *cookie,
 546                                    struct sk_buff *txskb,
 547                                    enum ieee80211_roc_type type)
 548{
 549        struct ieee80211_roc_work *roc, *tmp;
 550        bool queued = false, combine_started = true;
 551        int ret;
 552
 553        lockdep_assert_held(&local->mtx);
 554
 555        if (local->use_chanctx && !local->ops->remain_on_channel)
 556                return -EOPNOTSUPP;
 557
 558        roc = kzalloc(sizeof(*roc), GFP_KERNEL);
 559        if (!roc)
 560                return -ENOMEM;
 561
 562        /*
 563         * If the duration is zero, then the driver
 564         * wouldn't actually do anything. Set it to
 565         * 10 for now.
 566         *
 567         * TODO: cancel the off-channel operation
 568         *       when we get the SKB's TX status and
 569         *       the wait time was zero before.
 570         */
 571        if (!duration)
 572                duration = 10;
 573
 574        roc->chan = channel;
 575        roc->duration = duration;
 576        roc->req_duration = duration;
 577        roc->frame = txskb;
 578        roc->type = type;
 579        roc->sdata = sdata;
 580
 581        /*
 582         * cookie is either the roc cookie (for normal roc)
 583         * or the SKB (for mgmt TX)
 584         */
 585        if (!txskb) {
 586                roc->cookie = ieee80211_mgmt_tx_cookie(local);
 587                *cookie = roc->cookie;
 588        } else {
 589                roc->mgmt_tx_cookie = *cookie;
 590        }
 591
 592        /* if there's no need to queue, handle it immediately */
 593        if (list_empty(&local->roc_list) &&
 594            !local->scanning && !ieee80211_is_radar_required(local)) {
 595                /* if not HW assist, just queue & schedule work */
 596                if (!local->ops->remain_on_channel) {
 597                        list_add_tail(&roc->list, &local->roc_list);
 598                        ieee80211_queue_delayed_work(&local->hw,
 599                                                     &local->roc_work, 0);
 600                } else {
 601                        /* otherwise actually kick it off here
 602                         * (for error handling)
 603                         */
 604                        ret = drv_remain_on_channel(local, sdata, channel,
 605                                                    duration, type);
 606                        if (ret) {
 607                                kfree(roc);
 608                                return ret;
 609                        }
 610                        roc->started = true;
 611                        list_add_tail(&roc->list, &local->roc_list);
 612                }
 613
 614                return 0;
 615        }
 616
 617        /* otherwise handle queueing */
 618
 619        list_for_each_entry(tmp, &local->roc_list, list) {
 620                if (tmp->chan != channel || tmp->sdata != sdata)
 621                        continue;
 622
 623                /*
 624                 * Extend this ROC if possible: If it hasn't started, add
 625                 * just after the new one to combine.
 626                 */
 627                if (!tmp->started) {
 628                        list_add(&roc->list, &tmp->list);
 629                        queued = true;
 630                        break;
 631                }
 632
 633                if (!combine_started)
 634                        continue;
 635
 636                if (!local->ops->remain_on_channel) {
 637                        /* If there's no hardware remain-on-channel, and
 638                         * doing so won't push us over the maximum r-o-c
 639                         * we allow, then we can just add the new one to
 640                         * the list and mark it as having started now.
 641                         * If it would push over the limit, don't try to
 642                         * combine with other started ones (that haven't
 643                         * been running as long) but potentially sort it
 644                         * with others that had the same fate.
 645                         */
 646                        unsigned long now = jiffies;
 647                        u32 elapsed = jiffies_to_msecs(now - tmp->start_time);
 648                        struct wiphy *wiphy = local->hw.wiphy;
 649                        u32 max_roc = wiphy->max_remain_on_channel_duration;
 650
 651                        if (elapsed + roc->duration > max_roc) {
 652                                combine_started = false;
 653                                continue;
 654                        }
 655
 656                        list_add(&roc->list, &tmp->list);
 657                        queued = true;
 658                        roc->on_channel = tmp->on_channel;
 659                        ieee80211_handle_roc_started(roc, now);
 660                        ieee80211_recalc_sw_work(local, now);
 661                        break;
 662                }
 663
 664                queued = ieee80211_coalesce_hw_started_roc(local, roc, tmp);
 665                if (queued)
 666                        break;
 667                /* if it wasn't queued, perhaps it can be combined with
 668                 * another that also couldn't get combined previously,
 669                 * but no need to check for already started ones, since
 670                 * that can't work.
 671                 */
 672                combine_started = false;
 673        }
 674
 675        if (!queued)
 676                list_add_tail(&roc->list, &local->roc_list);
 677
 678        return 0;
 679}
 680
 681int ieee80211_remain_on_channel(struct wiphy *wiphy, struct wireless_dev *wdev,
 682                                struct ieee80211_channel *chan,
 683                                unsigned int duration, u64 *cookie)
 684{
 685        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 686        struct ieee80211_local *local = sdata->local;
 687        int ret;
 688
 689        mutex_lock(&local->mtx);
 690        ret = ieee80211_start_roc_work(local, sdata, chan,
 691                                       duration, cookie, NULL,
 692                                       IEEE80211_ROC_TYPE_NORMAL);
 693        mutex_unlock(&local->mtx);
 694
 695        return ret;
 696}
 697
 698static int ieee80211_cancel_roc(struct ieee80211_local *local,
 699                                u64 cookie, bool mgmt_tx)
 700{
 701        struct ieee80211_roc_work *roc, *tmp, *found = NULL;
 702        int ret;
 703
 704        if (!cookie)
 705                return -ENOENT;
 706
 707        flush_work(&local->hw_roc_start);
 708
 709        mutex_lock(&local->mtx);
 710        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 711                if (!mgmt_tx && roc->cookie != cookie)
 712                        continue;
 713                else if (mgmt_tx && roc->mgmt_tx_cookie != cookie)
 714                        continue;
 715
 716                found = roc;
 717                break;
 718        }
 719
 720        if (!found) {
 721                mutex_unlock(&local->mtx);
 722                return -ENOENT;
 723        }
 724
 725        if (!found->started) {
 726                ieee80211_roc_notify_destroy(found);
 727                goto out_unlock;
 728        }
 729
 730        if (local->ops->remain_on_channel) {
 731                ret = drv_cancel_remain_on_channel(local);
 732                if (WARN_ON_ONCE(ret)) {
 733                        mutex_unlock(&local->mtx);
 734                        return ret;
 735                }
 736
 737                /* TODO:
 738                 * if multiple items were combined here then we really shouldn't
 739                 * cancel them all - we should wait for as much time as needed
 740                 * for the longest remaining one, and only then cancel ...
 741                 */
 742                list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 743                        if (!roc->started)
 744                                break;
 745                        if (roc == found)
 746                                found = NULL;
 747                        ieee80211_roc_notify_destroy(roc);
 748                }
 749
 750                /* that really must not happen - it was started */
 751                WARN_ON(found);
 752
 753                ieee80211_start_next_roc(local);
 754        } else {
 755                /* go through work struct to return to the operating channel */
 756                found->abort = true;
 757                mod_delayed_work(local->workqueue, &local->roc_work, 0);
 758        }
 759
 760 out_unlock:
 761        mutex_unlock(&local->mtx);
 762
 763        return 0;
 764}
 765
 766int ieee80211_cancel_remain_on_channel(struct wiphy *wiphy,
 767                                       struct wireless_dev *wdev, u64 cookie)
 768{
 769        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 770        struct ieee80211_local *local = sdata->local;
 771
 772        return ieee80211_cancel_roc(local, cookie, false);
 773}
 774
 775int ieee80211_mgmt_tx(struct wiphy *wiphy, struct wireless_dev *wdev,
 776                      struct cfg80211_mgmt_tx_params *params, u64 *cookie)
 777{
 778        struct ieee80211_sub_if_data *sdata = IEEE80211_WDEV_TO_SUB_IF(wdev);
 779        struct ieee80211_local *local = sdata->local;
 780        struct sk_buff *skb;
 781        struct sta_info *sta;
 782        const struct ieee80211_mgmt *mgmt = (void *)params->buf;
 783        bool need_offchan = false;
 784        u32 flags;
 785        int ret;
 786        u8 *data;
 787
 788        if (params->dont_wait_for_ack)
 789                flags = IEEE80211_TX_CTL_NO_ACK;
 790        else
 791                flags = IEEE80211_TX_INTFL_NL80211_FRAME_TX |
 792                        IEEE80211_TX_CTL_REQ_TX_STATUS;
 793
 794        if (params->no_cck)
 795                flags |= IEEE80211_TX_CTL_NO_CCK_RATE;
 796
 797        switch (sdata->vif.type) {
 798        case NL80211_IFTYPE_ADHOC:
 799                if (!sdata->vif.bss_conf.ibss_joined)
 800                        need_offchan = true;
 801#ifdef CONFIG_MAC80211_MESH
 802                /* fall through */
 803        case NL80211_IFTYPE_MESH_POINT:
 804                if (ieee80211_vif_is_mesh(&sdata->vif) &&
 805                    !sdata->u.mesh.mesh_id_len)
 806                        need_offchan = true;
 807#endif
 808                /* fall through */
 809        case NL80211_IFTYPE_AP:
 810        case NL80211_IFTYPE_AP_VLAN:
 811        case NL80211_IFTYPE_P2P_GO:
 812                if (sdata->vif.type != NL80211_IFTYPE_ADHOC &&
 813                    !ieee80211_vif_is_mesh(&sdata->vif) &&
 814                    !rcu_access_pointer(sdata->bss->beacon))
 815                        need_offchan = true;
 816                if (!ieee80211_is_action(mgmt->frame_control) ||
 817                    mgmt->u.action.category == WLAN_CATEGORY_PUBLIC ||
 818                    mgmt->u.action.category == WLAN_CATEGORY_SELF_PROTECTED ||
 819                    mgmt->u.action.category == WLAN_CATEGORY_SPECTRUM_MGMT)
 820                        break;
 821                rcu_read_lock();
 822                sta = sta_info_get_bss(sdata, mgmt->da);
 823                rcu_read_unlock();
 824                if (!sta)
 825                        return -ENOLINK;
 826                break;
 827        case NL80211_IFTYPE_STATION:
 828        case NL80211_IFTYPE_P2P_CLIENT:
 829                sdata_lock(sdata);
 830                if (!sdata->u.mgd.associated ||
 831                    (params->offchan && params->wait &&
 832                     local->ops->remain_on_channel &&
 833                     memcmp(sdata->u.mgd.associated->bssid,
 834                            mgmt->bssid, ETH_ALEN)))
 835                        need_offchan = true;
 836                sdata_unlock(sdata);
 837                break;
 838        case NL80211_IFTYPE_P2P_DEVICE:
 839                need_offchan = true;
 840                break;
 841        case NL80211_IFTYPE_NAN:
 842        default:
 843                return -EOPNOTSUPP;
 844        }
 845
 846        /* configurations requiring offchan cannot work if no channel has been
 847         * specified
 848         */
 849        if (need_offchan && !params->chan)
 850                return -EINVAL;
 851
 852        mutex_lock(&local->mtx);
 853
 854        /* Check if the operating channel is the requested channel */
 855        if (!need_offchan) {
 856                struct ieee80211_chanctx_conf *chanctx_conf;
 857
 858                rcu_read_lock();
 859                chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
 860
 861                if (chanctx_conf) {
 862                        need_offchan = params->chan &&
 863                                       (params->chan !=
 864                                        chanctx_conf->def.chan);
 865                } else if (!params->chan) {
 866                        ret = -EINVAL;
 867                        rcu_read_unlock();
 868                        goto out_unlock;
 869                } else {
 870                        need_offchan = true;
 871                }
 872                rcu_read_unlock();
 873        }
 874
 875        if (need_offchan && !params->offchan) {
 876                ret = -EBUSY;
 877                goto out_unlock;
 878        }
 879
 880        skb = dev_alloc_skb(local->hw.extra_tx_headroom + params->len);
 881        if (!skb) {
 882                ret = -ENOMEM;
 883                goto out_unlock;
 884        }
 885        skb_reserve(skb, local->hw.extra_tx_headroom);
 886
 887        data = skb_put_data(skb, params->buf, params->len);
 888
 889        /* Update CSA counters */
 890        if (sdata->vif.csa_active &&
 891            (sdata->vif.type == NL80211_IFTYPE_AP ||
 892             sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
 893             sdata->vif.type == NL80211_IFTYPE_ADHOC) &&
 894            params->n_csa_offsets) {
 895                int i;
 896                struct beacon_data *beacon = NULL;
 897
 898                rcu_read_lock();
 899
 900                if (sdata->vif.type == NL80211_IFTYPE_AP)
 901                        beacon = rcu_dereference(sdata->u.ap.beacon);
 902                else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
 903                        beacon = rcu_dereference(sdata->u.ibss.presp);
 904                else if (ieee80211_vif_is_mesh(&sdata->vif))
 905                        beacon = rcu_dereference(sdata->u.mesh.beacon);
 906
 907                if (beacon)
 908                        for (i = 0; i < params->n_csa_offsets; i++)
 909                                data[params->csa_offsets[i]] =
 910                                        beacon->csa_current_counter;
 911
 912                rcu_read_unlock();
 913        }
 914
 915        IEEE80211_SKB_CB(skb)->flags = flags;
 916
 917        skb->dev = sdata->dev;
 918
 919        if (!params->dont_wait_for_ack) {
 920                /* make a copy to preserve the frame contents
 921                 * in case of encryption.
 922                 */
 923                ret = ieee80211_attach_ack_skb(local, skb, cookie, GFP_KERNEL);
 924                if (ret) {
 925                        kfree_skb(skb);
 926                        goto out_unlock;
 927                }
 928        } else {
 929                /* Assign a dummy non-zero cookie, it's not sent to
 930                 * userspace in this case but we rely on its value
 931                 * internally in the need_offchan case to distinguish
 932                 * mgmt-tx from remain-on-channel.
 933                 */
 934                *cookie = 0xffffffff;
 935        }
 936
 937        if (!need_offchan) {
 938                ieee80211_tx_skb(sdata, skb);
 939                ret = 0;
 940                goto out_unlock;
 941        }
 942
 943        IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_CTL_TX_OFFCHAN |
 944                                        IEEE80211_TX_INTFL_OFFCHAN_TX_OK;
 945        if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
 946                IEEE80211_SKB_CB(skb)->hw_queue =
 947                        local->hw.offchannel_tx_hw_queue;
 948
 949        /* This will handle all kinds of coalescing and immediate TX */
 950        ret = ieee80211_start_roc_work(local, sdata, params->chan,
 951                                       params->wait, cookie, skb,
 952                                       IEEE80211_ROC_TYPE_MGMT_TX);
 953        if (ret)
 954                ieee80211_free_txskb(&local->hw, skb);
 955 out_unlock:
 956        mutex_unlock(&local->mtx);
 957        return ret;
 958}
 959
 960int ieee80211_mgmt_tx_cancel_wait(struct wiphy *wiphy,
 961                                  struct wireless_dev *wdev, u64 cookie)
 962{
 963        struct ieee80211_local *local = wiphy_priv(wiphy);
 964
 965        return ieee80211_cancel_roc(local, cookie, true);
 966}
 967
 968void ieee80211_roc_setup(struct ieee80211_local *local)
 969{
 970        INIT_WORK(&local->hw_roc_start, ieee80211_hw_roc_start);
 971        INIT_WORK(&local->hw_roc_done, ieee80211_hw_roc_done);
 972        INIT_DELAYED_WORK(&local->roc_work, ieee80211_roc_work);
 973        INIT_LIST_HEAD(&local->roc_list);
 974}
 975
 976void ieee80211_roc_purge(struct ieee80211_local *local,
 977                         struct ieee80211_sub_if_data *sdata)
 978{
 979        struct ieee80211_roc_work *roc, *tmp;
 980        bool work_to_do = false;
 981
 982        mutex_lock(&local->mtx);
 983        list_for_each_entry_safe(roc, tmp, &local->roc_list, list) {
 984                if (sdata && roc->sdata != sdata)
 985                        continue;
 986
 987                if (roc->started) {
 988                        if (local->ops->remain_on_channel) {
 989                                /* can race, so ignore return value */
 990                                drv_cancel_remain_on_channel(local);
 991                                ieee80211_roc_notify_destroy(roc);
 992                        } else {
 993                                roc->abort = true;
 994                                work_to_do = true;
 995                        }
 996                } else {
 997                        ieee80211_roc_notify_destroy(roc);
 998                }
 999        }
1000        if (work_to_do)

1001                __ieee80211_roc_work(local);
1002        mutex_unlock(&local->mtx);
1003}
1004