sta_info.c 66.4 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0-only
2
3
4
/*
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
5
 * Copyright 2013-2014  Intel Mobile Communications GmbH
6
 * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
7
 * Copyright (C) 2018-2019 Intel Corporation
8
9
10
11
 */

#include <linux/module.h>
#include <linux/init.h>
12
#include <linux/etherdevice.h>
13
14
15
16
17
#include <linux/netdevice.h>
#include <linux/types.h>
#include <linux/slab.h>
#include <linux/skbuff.h>
#include <linux/if_arp.h>
18
#include <linux/timer.h>
19
#include <linux/rtnetlink.h>
20

21
#include <net/codel.h>
22
23
#include <net/mac80211.h>
#include "ieee80211_i.h"
24
#include "driver-ops.h"
Johannes Berg's avatar
Johannes Berg committed
25
#include "rate.h"
26
#include "sta_info.h"
27
#include "debugfs_sta.h"
28
#include "mesh.h"
29
#include "wme.h"
30

31
32
33
34
35
36
37
/**
 * DOC: STA information lifetime rules
 *
 * STA info structures (&struct sta_info) are managed in a hash table
 * for faster lookup and a list for iteration. They are managed using
 * RCU, i.e. access to the list and hash table is protected by RCU.
 *
38
39
40
41
42
43
44
45
 * Upon allocating a STA info structure with sta_info_alloc(), the caller
 * owns that structure. It must then insert it into the hash table using
 * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
 * case (which acquires an rcu read section but must not be called from
 * within one) will the pointer still be valid after the call. Note that
 * the caller may not do much with the STA info before inserting it, in
 * particular, it may not start any mesh peer link management or add
 * encryption keys.
46
47
48
 *
 * When the insertion fails (sta_info_insert()) returns non-zero), the
 * structure will have been freed by sta_info_insert()!
49
 *
50
 * Station entries are added by mac80211 when you establish a link with a
51
52
 * peer. This means different things for the different type of interfaces
 * we support. For a regular station this mean we add the AP sta when we
Lucas De Marchi's avatar
Lucas De Marchi committed
53
 * receive an association response from the AP. For IBSS this occurs when
54
 * get to know about a peer on the same IBSS. For WDS we add the sta for
Lucas De Marchi's avatar
Lucas De Marchi committed
55
 * the peer immediately upon device open. When using AP mode we add stations
56
 * for each respective station upon request from userspace through nl80211.
57
 *
58
59
 * In order to remove a STA info structure, various sta_info_destroy_*()
 * calls are available.
60
 *
61
62
63
64
 * There is no concept of ownership on a STA entry, each structure is
 * owned by the global hash table/list until it is removed. All users of
 * the structure need to be RCU protected so that the structure won't be
 * freed before they are done using it.
65
 */
66

67
68
static const struct rhashtable_params sta_rht_params = {
	.nelem_hint = 3, /* start small */
69
	.automatic_shrinking = true,
70
	.head_offset = offsetof(struct sta_info, hash_node),
71
	.key_offset = offsetof(struct sta_info, addr),
72
	.key_len = ETH_ALEN,
73
	.max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
74
75
};

76
/* Caller must hold local->sta_mtx */
77
78
static int sta_info_hash_del(struct ieee80211_local *local,
			     struct sta_info *sta)
79
{
80
81
	return rhltable_remove(&local->sta_hash, &sta->hash_node,
			       sta_rht_params);
82
83
}

84
static void __cleanup_single_sta(struct sta_info *sta)
85
86
87
88
89
{
	int ac, i;
	struct tid_ampdu_tx *tid_tx;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;
90
	struct ps_data *ps;
91

92
	if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
93
94
	    test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
	    test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
95
96
97
		if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
		    sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
			ps = &sdata->bss->ps;
98
99
		else if (ieee80211_vif_is_mesh(&sdata->vif))
			ps = &sdata->u.mesh.ps;
100
101
		else
			return;
102
103

		clear_sta_flag(sta, WLAN_STA_PS_STA);
104
		clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
105
		clear_sta_flag(sta, WLAN_STA_PS_DELIVER);
106

107
		atomic_dec(&ps->num_sta_ps);
108
109
	}

110
111
	if (sta->sta.txq[0]) {
		for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
112
113
114
115
116
117
			struct txq_info *txqi;

			if (!sta->sta.txq[i])
				continue;

			txqi = to_txq_info(sta->sta.txq[i]);
118

119
			ieee80211_txq_purge(local, txqi);
120
121
122
		}
	}

123
124
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
		local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
125
126
		ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
		ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
127
128
	}

129
130
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_sta_cleanup(sta);
131

132
	cancel_work_sync(&sta->drv_deliver_wk);
133
134
135
136
137
138
139

	/*
	 * Destroy aggregation state here. It would be nice to wait for the
	 * driver to finish aggregation stop and then clean up, but for now
	 * drivers have to handle aggregation stop being requested, followed
	 * directly by station destruction.
	 */
140
	for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
141
		kfree(sta->ampdu_mlme.tid_start_tx[i]);
142
143
144
		tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
		if (!tid_tx)
			continue;
145
		ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
146
147
		kfree(tid_tx);
	}
148
}
149

150
151
152
153
154
155
static void cleanup_single_sta(struct sta_info *sta)
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;
	struct ieee80211_local *local = sdata->local;

	__cleanup_single_sta(sta);
156
157
158
	sta_info_free(local, sta);
}

159
160
161
162
163
164
struct rhlist_head *sta_info_hash_lookup(struct ieee80211_local *local,
					 const u8 *addr)
{
	return rhltable_lookup(&local->sta_hash, addr, sta_rht_params);
}

165
/* protected by RCU */
166
167
struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
			      const u8 *addr)
168
{
169
	struct ieee80211_local *local = sdata->local;
170
	struct rhlist_head *tmp;
171
	struct sta_info *sta;
172

173
	rcu_read_lock();
174
	for_each_sta_info(local, addr, sta, tmp) {
175
176
177
178
179
180
181
182
183
184
		if (sta->sdata == sdata) {
			rcu_read_unlock();
			/* this is safe as the caller must already hold
			 * another rcu read section or the mutex
			 */
			return sta;
		}
	}
	rcu_read_unlock();
	return NULL;
185
186
}

187
188
189
190
191
192
193
194
/*
 * Get sta info either from the specified interface
 * or from one of its vlans
 */
struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
				  const u8 *addr)
{
	struct ieee80211_local *local = sdata->local;
195
	struct rhlist_head *tmp;
196
197
	struct sta_info *sta;

198
	rcu_read_lock();
199
	for_each_sta_info(local, addr, sta, tmp) {
200
201
202
203
204
205
206
207
		if (sta->sdata == sdata ||
		    (sta->sdata->bss && sta->sdata->bss == sdata->bss)) {
			rcu_read_unlock();
			/* this is safe as the caller must already hold
			 * another rcu read section or the mutex
			 */
			return sta;
		}
208
	}
209
210
	rcu_read_unlock();
	return NULL;
211
212
}

213
214
struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
				     int idx)
215
{
216
	struct ieee80211_local *local = sdata->local;
217
218
219
	struct sta_info *sta;
	int i = 0;

220
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
221
		if (sdata != sta->sdata)
222
			continue;
223
224
225
226
		if (i < idx) {
			++i;
			continue;
		}
227
		return sta;
228
229
230
231
	}

	return NULL;
}
232

233
/**
234
 * sta_info_free - free STA
235
 *
236
 * @local: pointer to the global information
237
238
239
 * @sta: STA info to free
 *
 * This function must undo everything done by sta_info_alloc()
240
241
242
 * that may happen before sta_info_insert(). It may only be
 * called when sta_info_insert() has not been attempted (and
 * if that fails, the station is freed anyway.)
243
 */
244
void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
245
{
246
	if (sta->rate_ctrl)
247
		rate_control_free_sta(sta);
248

Johannes Berg's avatar
Johannes Berg committed
249
	sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
250

251
252
	if (sta->sta.txq[0])
		kfree(to_txq_info(sta->sta.txq[0]));
253
	kfree(rcu_dereference_raw(sta->sta.rates));
254
255
256
#ifdef CONFIG_MAC80211_MESH
	kfree(sta->mesh);
#endif
257
	free_percpu(sta->pcpu_rx_stats);
258
259
260
	kfree(sta);
}

261
/* Caller must hold local->sta_mtx */
262
263
static int sta_info_hash_add(struct ieee80211_local *local,
			     struct sta_info *sta)
264
{
265
266
	return rhltable_insert(&local->sta_hash, &sta->hash_node,
			       sta_rht_params);
267
268
}

269
static void sta_deliver_ps_frames(struct work_struct *wk)
270
271
272
{
	struct sta_info *sta;

273
	sta = container_of(wk, struct sta_info, drv_deliver_wk);
274
275
276
277

	if (sta->dead)
		return;

278
279
	local_bh_disable();
	if (!test_sta_flag(sta, WLAN_STA_PS_STA))
280
		ieee80211_sta_ps_deliver_wakeup(sta);
281
	else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL))
282
		ieee80211_sta_ps_deliver_poll_response(sta);
283
	else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD))
Johannes Berg's avatar
Johannes Berg committed
284
		ieee80211_sta_ps_deliver_uapsd(sta);
285
	local_bh_enable();
286
287
}

288
289
290
static int sta_prepare_rate_control(struct ieee80211_local *local,
				    struct sta_info *sta, gfp_t gfp)
{
291
	if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
292
293
		return 0;

294
	sta->rate_ctrl = local->rate_ctrl;
295
	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
Johannes Berg's avatar
Johannes Berg committed
296
						     sta, gfp);
297
	if (!sta->rate_ctrl_priv)
298
299
300
301
302
		return -ENOMEM;

	return 0;
}

Johannes Berg's avatar
Johannes Berg committed
303
struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
304
				const u8 *addr, gfp_t gfp)
305
{
306
	struct ieee80211_local *local = sdata->local;
307
	struct ieee80211_hw *hw = &local->hw;
308
	struct sta_info *sta;
309
	int i;
310

311
	sta = kzalloc(sizeof(*sta) + hw->sta_data_size, gfp);
312
	if (!sta)
Johannes Berg's avatar
Johannes Berg committed
313
		return NULL;
314

315
316
	if (ieee80211_hw_check(hw, USES_RSS)) {
		sta->pcpu_rx_stats =
317
			alloc_percpu_gfp(struct ieee80211_sta_rx_stats, gfp);
318
319
320
321
		if (!sta->pcpu_rx_stats)
			goto free;
	}

322
	spin_lock_init(&sta->lock);
323
	spin_lock_init(&sta->ps_lock);
324
	INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
Johannes Berg's avatar
Johannes Berg committed
325
	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
326
	mutex_init(&sta->ampdu_mlme.mtx);
327
#ifdef CONFIG_MAC80211_MESH
328
329
330
331
	if (ieee80211_vif_is_mesh(&sdata->vif)) {
		sta->mesh = kzalloc(sizeof(*sta->mesh), gfp);
		if (!sta->mesh)
			goto free;
332
		sta->mesh->plink_sta = sta;
333
334
335
		spin_lock_init(&sta->mesh->plink_lock);
		if (ieee80211_vif_is_mesh(&sdata->vif) &&
		    !sdata->u.mesh.user_mpm)
336
337
			timer_setup(&sta->mesh->plink_timer, mesh_plink_timer,
				    0);
338
339
		sta->mesh->nonpeer_pm = NL80211_MESH_POWER_ACTIVE;
	}
340
#endif
341

342
	memcpy(sta->addr, addr, ETH_ALEN);
343
	memcpy(sta->sta.addr, addr, ETH_ALEN);
344
345
346
	sta->sta.max_rx_aggregation_subframes =
		local->hw.max_rx_aggregation_subframes;

347
348
349
350
351
352
353
354
355
	/* Extended Key ID needs to install keys for keyid 0 and 1 Rx-only.
	 * The Tx path starts to use a key as soon as the key slot ptk_idx
	 * references to is not NULL. To not use the initial Rx-only key
	 * prematurely for Tx initialize ptk_idx to an impossible PTK keyid
	 * which always will refer to a NULL key.
	 */
	BUILD_BUG_ON(ARRAY_SIZE(sta->ptk) <= INVALID_PTK_KEYIDX);
	sta->ptk_idx = INVALID_PTK_KEYIDX;

356
357
	sta->local = local;
	sta->sdata = sdata;
358
	sta->rx_stats.last_rx = jiffies;
359

360
361
	u64_stats_init(&sta->rx_stats.syncp);

362
363
	sta->sta_state = IEEE80211_STA_NONE;

364
365
366
	/* Mark TID as unreserved */
	sta->reserved_tid = IEEE80211_TID_UNRESERVED;

367
	sta->last_connected = ktime_get_seconds();
368
	ewma_signal_init(&sta->rx_stats_avg.signal);
369
	ewma_avg_signal_init(&sta->status_stats.avg_ack_signal);
370
371
	for (i = 0; i < ARRAY_SIZE(sta->rx_stats_avg.chain_signal); i++)
		ewma_signal_init(&sta->rx_stats_avg.chain_signal[i]);
372

373
374
375
376
377
378
379
380
381
382
383
384
	if (local->ops->wake_tx_queue) {
		void *txq_data;
		int size = sizeof(struct txq_info) +
			   ALIGN(hw->txq_data_size, sizeof(void *));

		txq_data = kcalloc(ARRAY_SIZE(sta->sta.txq), size, gfp);
		if (!txq_data)
			goto free;

		for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
			struct txq_info *txq = txq_data + i * size;

385
			/* might not do anything for the bufferable MMPDU TXQ */
386
			ieee80211_txq_init(sdata, sta, txq, i);
387
		}
388
	}
389

390
391
392
	if (sta_prepare_rate_control(local, sta, gfp))
		goto free_txq;

393
394
	sta->airtime_weight = IEEE80211_DEFAULT_AIRTIME_WEIGHT;

395
396
397
	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
		skb_queue_head_init(&sta->ps_tx_buf[i]);
		skb_queue_head_init(&sta->tx_filtered[i]);
398
		sta->airtime[i].deficit = sta->airtime_weight;
399
	}
Johannes Berg's avatar
Johannes Berg committed
400

401
	for (i = 0; i < IEEE80211_NUM_TIDS; i++)
402
		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
403

404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
	for (i = 0; i < NUM_NL80211_BANDS; i++) {
		u32 mandatory = 0;
		int r;

		if (!hw->wiphy->bands[i])
			continue;

		switch (i) {
		case NL80211_BAND_2GHZ:
			/*
			 * We use both here, even if we cannot really know for
			 * sure the station will support both, but the only use
			 * for this is when we don't know anything yet and send
			 * management frames, and then we'll pick the lowest
			 * possible rate anyway.
			 * If we don't include _G here, we cannot find a rate
			 * in P2P, and thus trigger the WARN_ONCE() in rate.c
			 */
			mandatory = IEEE80211_RATE_MANDATORY_B |
				    IEEE80211_RATE_MANDATORY_G;
			break;
		case NL80211_BAND_5GHZ:
			mandatory = IEEE80211_RATE_MANDATORY_A;
			break;
		case NL80211_BAND_60GHZ:
			WARN_ON(1);
			mandatory = 0;
			break;
		}

		for (r = 0; r < hw->wiphy->bands[i]->n_bitrates; r++) {
			struct ieee80211_rate *rate;

			rate = &hw->wiphy->bands[i]->bitrates[r];

			if (!(rate->flags & mandatory))
				continue;
			sta->sta.supp_rates[i] |= BIT(r);
		}
	}

445
	sta->sta.smps_mode = IEEE80211_SMPS_OFF;
446
447
	if (sdata->vif.type == NL80211_IFTYPE_AP ||
	    sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
448
449
450
451
452
453
454
455
456
		struct ieee80211_supported_band *sband;
		u8 smps;

		sband = ieee80211_get_sband(sdata);
		if (!sband)
			goto free_txq;

		smps = (sband->ht_cap.cap & IEEE80211_HT_CAP_SM_PS) >>
			IEEE80211_HT_CAP_SM_PS_SHIFT;
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
		/*
		 * Assume that hostapd advertises our caps in the beacon and
		 * this is the known_smps_mode for a station that just assciated
		 */
		switch (smps) {
		case WLAN_HT_SMPS_CONTROL_DISABLED:
			sta->known_smps_mode = IEEE80211_SMPS_OFF;
			break;
		case WLAN_HT_SMPS_CONTROL_STATIC:
			sta->known_smps_mode = IEEE80211_SMPS_STATIC;
			break;
		case WLAN_HT_SMPS_CONTROL_DYNAMIC:
			sta->known_smps_mode = IEEE80211_SMPS_DYNAMIC;
			break;
		default:
			WARN_ON(1);
		}
	}
475

476
477
	sta->sta.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;

478
479
480
481
482
	sta->cparams.ce_threshold = CODEL_DISABLED_THRESHOLD;
	sta->cparams.target = MS2TIME(20);
	sta->cparams.interval = MS2TIME(100);
	sta->cparams.ecn = true;

Johannes Berg's avatar
Johannes Berg committed
483
	sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
484

485
	return sta;
486
487
488
489
490

free_txq:
	if (sta->sta.txq[0])
		kfree(to_txq_info(sta->sta.txq[0]));
free:
491
	free_percpu(sta->pcpu_rx_stats);
492
493
494
#ifdef CONFIG_MAC80211_MESH
	kfree(sta->mesh);
#endif
495
496
	kfree(sta);
	return NULL;
Johannes Berg's avatar
Johannes Berg committed
497
498
}

499
static int sta_info_insert_check(struct sta_info *sta)
500
501
502
{
	struct ieee80211_sub_if_data *sdata = sta->sdata;

503
504
505
506
507
	/*
	 * Can't be a WARN_ON because it can be triggered through a race:
	 * something inserts a STA (on one CPU) without holding the RTNL
	 * and another CPU turns off the net device.
	 */
508
509
	if (unlikely(!ieee80211_sdata_running(sdata)))
		return -ENETDOWN;
510

511
	if (WARN_ON(ether_addr_equal(sta->sta.addr, sdata->vif.addr) ||
512
513
514
		    is_multicast_ether_addr(sta->sta.addr)))
		return -EINVAL;

515
516
517
	/* The RCU read lock is required by rhashtable due to
	 * asynchronous resize/rehash.  We also require the mutex
	 * for correctness.
518
519
520
521
522
523
524
525
526
527
	 */
	rcu_read_lock();
	lockdep_assert_held(&sdata->local->sta_mtx);
	if (ieee80211_hw_check(&sdata->local->hw, NEEDS_UNIQUE_STA_ADDR) &&
	    ieee80211_find_sta_by_ifaddr(&sdata->local->hw, sta->addr, NULL)) {
		rcu_read_unlock();
		return -ENOTUNIQ;
	}
	rcu_read_unlock();

528
529
530
	return 0;
}

531
532
533
534
535
536
537
538
539
540
541
542
543
544
static int sta_info_insert_drv_state(struct ieee80211_local *local,
				     struct ieee80211_sub_if_data *sdata,
				     struct sta_info *sta)
{
	enum ieee80211_sta_state state;
	int err = 0;

	for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
		err = drv_sta_state(local, sdata, sta, state, state + 1);
		if (err)
			break;
	}

	if (!err) {
545
546
547
548
549
550
		/*
		 * Drivers using legacy sta_add/sta_remove callbacks only
		 * get uploaded set to true after sta_add is called.
		 */
		if (!local->ops->sta_add)
			sta->uploaded = true;
551
552
553
554
		return 0;
	}

	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
Johannes Berg's avatar
Johannes Berg committed
555
556
557
		sdata_info(sdata,
			   "failed to move IBSS STA %pM to state %d (%d) - keeping it anyway\n",
			   sta->sta.addr, state + 1, err);
558
559
560
561
562
563
564
565
566
567
		err = 0;
	}

	/* unwind on error */
	for (; state > IEEE80211_STA_NOTEXIST; state--)
		WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));

	return err;
}

568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
static void
ieee80211_recalc_p2p_go_ps_allowed(struct ieee80211_sub_if_data *sdata)
{
	struct ieee80211_local *local = sdata->local;
	bool allow_p2p_go_ps = sdata->vif.p2p;
	struct sta_info *sta;

	rcu_read_lock();
	list_for_each_entry_rcu(sta, &local->sta_list, list) {
		if (sdata != sta->sdata ||
		    !test_sta_flag(sta, WLAN_STA_ASSOC))
			continue;
		if (!sta->sta.support_p2p_ps) {
			allow_p2p_go_ps = false;
			break;
		}
	}
	rcu_read_unlock();

	if (allow_p2p_go_ps != sdata->vif.bss_conf.allow_p2p_go_ps) {
		sdata->vif.bss_conf.allow_p2p_go_ps = allow_p2p_go_ps;
		ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_P2P_PS);
	}
}

593
594
595
596
597
/*
 * should be called with sta_mtx locked
 * this function replaces the mutex lock
 * with a RCU lock
 */
598
static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
599
600
601
{
	struct ieee80211_local *local = sta->local;
	struct ieee80211_sub_if_data *sdata = sta->sdata;
602
	struct station_info *sinfo = NULL;
603
604
605
	int err = 0;

	lockdep_assert_held(&local->sta_mtx);
606

607
608
609
610
	/* check if STA exists already */
	if (sta_info_get_bss(sdata, sta->sta.addr)) {
		err = -EEXIST;
		goto out_err;
611
	}
612

613
614
615
616
617
618
	sinfo = kzalloc(sizeof(struct station_info), GFP_KERNEL);
	if (!sinfo) {
		err = -ENOMEM;
		goto out_err;
	}

619
620
621
	local->num_sta++;
	local->sta_generation++;
	smp_mb();
622

623
624
625
	/* simplify things and don't accept BA sessions yet */
	set_sta_flag(sta, WLAN_STA_BLOCK_BA);

626
	/* make the station visible */
627
628
629
	err = sta_info_hash_add(local, sta);
	if (err)
		goto out_drop_sta;
630

631
	list_add_tail_rcu(&sta->list, &local->sta_list);
632

633
634
635
636
637
	/* notify driver */
	err = sta_info_insert_drv_state(local, sdata, sta);
	if (err)
		goto out_remove;

638
	set_sta_flag(sta, WLAN_STA_INSERTED);
639
640
641
642
643
644
645

	if (sta->sta_state >= IEEE80211_STA_ASSOC) {
		ieee80211_recalc_min_chandef(sta->sdata);
		if (!sta->sta.support_p2p_ps)
			ieee80211_recalc_p2p_go_ps_allowed(sta->sdata);
	}

646
647
	/* accept BA sessions now */
	clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
648

649
650
	ieee80211_sta_debugfs_add(sta);
	rate_control_add_sta_debugfs(sta);
651

652
653
654
	sinfo->generation = local->sta_generation;
	cfg80211_new_sta(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL);
	kfree(sinfo);
655

Johannes Berg's avatar
Johannes Berg committed
656
	sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr);
657

658
659
660
	/* move reference to rcu-protected */
	rcu_read_lock();
	mutex_unlock(&local->sta_mtx);
661

Johannes Berg's avatar
Johannes Berg committed
662
663
664
	if (ieee80211_vif_is_mesh(&sdata->vif))
		mesh_accept_plinks_update(sdata);

665
	return 0;
666
667
668
 out_remove:
	sta_info_hash_del(local, sta);
	list_del_rcu(&sta->list);
669
 out_drop_sta:
670
671
672
	local->num_sta--;
	synchronize_net();
	__cleanup_single_sta(sta);
673
674
 out_err:
	mutex_unlock(&local->sta_mtx);
Sudip Mukherjee's avatar
Sudip Mukherjee committed
675
	kfree(sinfo);
676
677
	rcu_read_lock();
	return err;
678
679
680
681
682
}

int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
{
	struct ieee80211_local *local = sta->local;
683
	int err;
684

685
686
	might_sleep();

687
688
	mutex_lock(&local->sta_mtx);

689
690
	err = sta_info_insert_check(sta);
	if (err) {
691
		mutex_unlock(&local->sta_mtx);
692
693
694
695
		rcu_read_lock();
		goto out_free;
	}

696
	err = sta_info_insert_finish(sta);
697
698
699
	if (err)
		goto out_free;

Johannes Berg's avatar
Johannes Berg committed
700
	return 0;
701
 out_free:
702
	sta_info_free(local, sta);
703
	return err;
704
705
}

706
707
708
709
710
711
712
713
714
int sta_info_insert(struct sta_info *sta)
{
	int err = sta_info_insert_rcu(sta);

	rcu_read_unlock();

	return err;
}

715
static inline void __bss_tim_set(u8 *tim, u16 id)
716
717
718
719
720
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __set_bit() format.
	 */
721
	tim[id / 8] |= (1 << (id % 8));
722
723
}

724
static inline void __bss_tim_clear(u8 *tim, u16 id)
725
726
727
728
729
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the __clear_bit() format.
	 */
730
	tim[id / 8] &= ~(1 << (id % 8));
731
732
}

733
734
735
736
737
738
739
740
741
static inline bool __bss_tim_get(u8 *tim, u16 id)
{
	/*
	 * This format has been mandated by the IEEE specifications,
	 * so this line may not be changed to use the test_bit() format.
	 */
	return tim[id / 8] & (1 << (id % 8));
}

742
static unsigned long ieee80211_tids_for_ac(int ac)
743
{
744
745
746
747
748
749
750
751
752
753
754
755
756
	/* If we ever support TIDs > 7, this obviously needs to be adjusted */
	switch (ac) {
	case IEEE80211_AC_VO:
		return BIT(6) | BIT(7);
	case IEEE80211_AC_VI:
		return BIT(4) | BIT(5);
	case IEEE80211_AC_BE:
		return BIT(0) | BIT(3);
	case IEEE80211_AC_BK:
		return BIT(1) | BIT(2);
	default:
		WARN_ON(1);
		return 0;
757
	}
758
759
}

760
static void __sta_info_recalc_tim(struct sta_info *sta, bool ignore_pending)
761
{
762
	struct ieee80211_local *local = sta->local;
763
	struct ps_data *ps;
764
765
766
	bool indicate_tim = false;
	u8 ignore_for_tim = sta->sta.uapsd_queues;
	int ac;
767
	u16 id = sta->sta.aid;
768
769
770
771
772

	if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
	    sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
		if (WARN_ON_ONCE(!sta->sdata->bss))
			return;
773

774
		ps = &sta->sdata->bss->ps;
775
776
777
778
#ifdef CONFIG_MAC80211_MESH
	} else if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
		ps = &sta->sdata->u.mesh.ps;
#endif
779
	} else {
780
		return;
781
	}
782

783
	/* No need to do anything if the driver does all */
784
	if (ieee80211_hw_check(&local->hw, AP_LINK_PS) && !local->ops->set_tim)
785
		return;
786

787
788
	if (sta->dead)
		goto done;
789

790
791
792
793
794
795
796
797
798
	/*
	 * If all ACs are delivery-enabled then we should build
	 * the TIM bit for all ACs anyway; if only some are then
	 * we ignore those and build the TIM bit using only the
	 * non-enabled ones.
	 */
	if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
		ignore_for_tim = 0;

799
800
801
	if (ignore_pending)
		ignore_for_tim = BIT(IEEE80211_NUM_ACS) - 1;

802
803
	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
		unsigned long tids;
804

805
		if (ignore_for_tim & ieee80211_ac_to_qos_mask[ac])
806
807
808
809
810
811
			continue;

		indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
				!skb_queue_empty(&sta->ps_tx_buf[ac]);
		if (indicate_tim)
			break;
812

813
814
815
816
		tids = ieee80211_tids_for_ac(ac);

		indicate_tim |=
			sta->driver_buffered_tids & tids;
817
818
		indicate_tim |=
			sta->txq_buffered_tids & tids;
819
	}
820

821
 done:
822
	spin_lock_bh(&local->tim_lock);
823

824
825
826
	if (indicate_tim == __bss_tim_get(ps->tim, id))
		goto out_unlock;

827
	if (indicate_tim)
828
		__bss_tim_set(ps->tim, id);
829
	else
830
		__bss_tim_clear(ps->tim, id);
831

832
	if (local->ops->set_tim && !WARN_ON(sta->dead)) {
833
		local->tim_in_locked_section = true;
834
		drv_set_tim(local, &sta->sta, indicate_tim);
835
836
		local->tim_in_locked_section = false;
	}
837

838
out_unlock:
839
	spin_unlock_bh(&local->tim_lock);
840
841
}

842
843
844
845
846
void sta_info_recalc_tim(struct sta_info *sta)
{
	__sta_info_recalc_tim(sta, false);
}

847
static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
848
{
849
	struct ieee80211_tx_info *info;
850
851
852
	int timeout;

	if (!skb)
853
		return false;
854

855
	info = IEEE80211_SKB_CB(skb);
856
857

	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
858
859
860
	timeout = (sta->listen_interval *
		   sta->sdata->vif.bss_conf.beacon_int *
		   32 / 15625) * HZ;
861
862
	if (timeout < STA_TX_BUFFER_EXPIRE)
		timeout = STA_TX_BUFFER_EXPIRE;
863
	return time_after(jiffies, info->control.jiffies + timeout);
864
865
866
}


867
868
static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
						struct sta_info *sta, int ac)
869
870
871
872
{
	unsigned long flags;
	struct sk_buff *skb;

873
874
875
876
877
878
879
880
	/*
	 * First check for frames that should expire on the filtered
	 * queue. Frames here were rejected by the driver and are on
	 * a separate queue to avoid reordering with normal PS-buffered
	 * frames. They also aren't accounted for right now in the
	 * total_ps_buffered counter.
	 */
	for (;;) {
881
882
		spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
		skb = skb_peek(&sta->tx_filtered[ac]);
883
		if (sta_info_buffer_expired(sta, skb))
884
			skb = __skb_dequeue(&sta->tx_filtered[ac]);
885
886
		else
			skb = NULL;
887
		spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
888
889
890
891
892
893
894
895
896

		/*
		 * Frames are queued in order, so if this one
		 * hasn't expired yet we can stop testing. If
		 * we actually reached the end of the queue we
		 * also need to stop, of course.
		 */
		if (!skb)
			break;
897
		ieee80211_free_txskb(&local->hw, skb);
898
899
900
901
902
903
904
905
	}

	/*
	 * Now also check the normal PS-buffered queue, this will
	 * only find something if the filtered queue was emptied
	 * since the filtered frames are all before the normal PS
	 * buffered frames.
	 */
906
	for (;;) {
907
908
		spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
		skb = skb_peek(&sta->ps_tx_buf[ac]);
909
		if (sta_info_buffer_expired(sta, skb))
910
			skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
911
		else
912
			skb = NULL;
913
		spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
914

915
916
917
918
919
		/*
		 * frames are queued in order, so if this one
		 * hasn't expired yet (or we reached the end of
		 * the queue) we can stop testing
		 */
920
		if (!skb)
921
			break;
922
923

		local->total_ps_buffered--;
Johannes Berg's avatar
Johannes Berg committed
924
925
		ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
		       sta->sta.addr);
926
		ieee80211_free_txskb(&local->hw, skb);
927
	}
928

929
930
931
932
933
934
935
936
937
938
939
940
	/*
	 * Finally, recalculate the TIM bit for this station -- it might
	 * now be clear because the station was too slow to retrieve its
	 * frames.
	 */
	sta_info_recalc_tim(sta);

	/*
	 * Return whether there are any frames still buffered, this is
	 * used to check whether the cleanup timer still needs to run,
	 * if there are no frames we don't need to rearm the timer.
	 */
941
942
943
944
945
946
947
948
949
950
	return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
		 skb_queue_empty(&sta->tx_filtered[ac]));
}

static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
					     struct sta_info *sta)
{
	bool have_buffered = false;
	int ac;

951
952
953
	/* This is only necessary for stations on BSS/MBSS interfaces */
	if (!sta->sdata->bss &&
	    !ieee80211_vif_is_mesh(&sta->sdata->vif))
954
955
956
957
958
959
960
		return false;

	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
		have_buffered |=
			sta_info_cleanup_expire_buffered_ac(local, sta, ac);

	return have_buffered;
961
962
}

963
static int __must_check __sta_info_destroy_part1(struct sta_info *sta)
964
{
965
966
	struct ieee80211_local *local;
	struct ieee80211_sub_if_data *sdata;
967
	int ret;
968

969
	might_sleep();
970

971
972
	if (!sta)
		return -ENOENT;
973

974
975
	local = sta->local;
	sdata = sta->sdata;
976

977
978
	lockdep_assert_held(&local->sta_mtx);

979
980
981
982
983
984
	/*
	 * Before removing the station from the driver and
	 * rate control, it might still start new aggregation
	 * sessions -- block that to make sure the tear-down
	 * will be sufficient.
	 */
985
	set_sta_flag(sta, WLAN_STA_BLOCK_BA);
986
	ieee80211_sta_tear_down_BA_sessions(sta, AGG_STOP_DESTROY_STA);
987

988
989
990
991
992
993
994
	/*
	 * Before removing the station from the driver there might be pending
	 * rx frames on RSS queues sent prior to the disassociation - wait for
	 * all such frames to be processed.
	 */
	drv_sync_rx_queues(local, sta);

995
	ret = sta_info_hash_del(local, sta);
996
	if (WARN_ON(ret))
997
998
		return ret;

999
1000
	/*
	 * for TDLS peers, make sure to return to the base channel before