net/mac80211/sta_info.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright 2002-2005, Instant802 Networks, Inc.
0004  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
0005  * Copyright 2013-2014  Intel Mobile Communications GmbH
0006  * Copyright (C) 2015 - 2017 Intel Deutschland GmbH
0007  * Copyright (C) 2018-2021 Intel Corporation
0008  */
0009
0010 #include <linux/module.h>
0011 #include <linux/init.h>
0012 #include <linux/etherdevice.h>
0013 #include <linux/netdevice.h>
0014 #include <linux/types.h>
0015 #include <linux/slab.h>
0016 #include <linux/skbuff.h>
0017 #include <linux/if_arp.h>
0018 #include <linux/timer.h>
0019 #include <linux/rtnetlink.h>
0020
0021 #include <net/codel.h>
0022 #include <net/mac80211.h>
0023 #include "ieee80211_i.h"
0024 #include "driver-ops.h"
0025 #include "rate.h"
0026 #include "sta_info.h"
0027 #include "debugfs_sta.h"
0028 #include "mesh.h"
0029 #include "wme.h"
0030
0031 /**
0032  * DOC: STA information lifetime rules
0033  *
0034  * STA info structures (&struct sta_info) are managed in a hash table
0035  * for faster lookup and a list for iteration. They are managed using
0036  * RCU, i.e. access to the list and hash table is protected by RCU.
0037  *
0038  * Upon allocating a STA info structure with sta_info_alloc(), the caller
0039  * owns that structure. It must then insert it into the hash table using
0040  * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
0041  * case (which acquires an rcu read section but must not be called from
0042  * within one) will the pointer still be valid after the call. Note that
0043  * the caller may not do much with the STA info before inserting it, in
0044  * particular, it may not start any mesh peer link management or add
0045  * encryption keys.
0046  *
0047  * When the insertion fails (sta_info_insert()) returns non-zero), the
0048  * structure will have been freed by sta_info_insert()!
0049  *
0050  * Station entries are added by mac80211 when you establish a link with a
0051  * peer. This means different things for the different type of interfaces
0052  * we support. For a regular station this mean we add the AP sta when we
0053  * receive an association response from the AP. For IBSS this occurs when
0054  * get to know about a peer on the same IBSS. For WDS we add the sta for
0055  * the peer immediately upon device open. When using AP mode we add stations
0056  * for each respective station upon request from userspace through nl80211.
0057  *
0058  * In order to remove a STA info structure, various sta_info_destroy_*()
0059  * calls are available.
0060  *
0061  * There is no concept of ownership on a STA entry, each structure is
0062  * owned by the global hash table/list until it is removed. All users of
0063  * the structure need to be RCU protected so that the structure won't be
0064  * freed before they are done using it.
0065  */
0066
0067 struct sta_link_alloc {
0068     struct link_sta_info info;
0069     struct ieee80211_link_sta sta;
0070     struct rcu_head rcu_head;
0071 };
0072
0073 static const struct rhashtable_params sta_rht_params = {
0074     .nelem_hint = 3, /* start small */
0075     .automatic_shrinking = true,
0076     .head_offset = offsetof(struct sta_info, hash_node),
0077     .key_offset = offsetof(struct sta_info, addr),
0078     .key_len = ETH_ALEN,
0079     .max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
0080 };
0081
0082 static const struct rhashtable_params link_sta_rht_params = {
0083     .nelem_hint = 3, /* start small */
0084     .automatic_shrinking = true,
0085     .head_offset = offsetof(struct link_sta_info, link_hash_node),
0086     .key_offset = offsetof(struct link_sta_info, addr),
0087     .key_len = ETH_ALEN,
0088     .max_size = CONFIG_MAC80211_STA_HASH_MAX_SIZE,
0089 };
0090
0091 /* Caller must hold local->sta_mtx */
0092 static int sta_info_hash_del(struct ieee80211_local *local,
0093                  struct sta_info *sta)
0094 {
0095     return rhltable_remove(&local->sta_hash, &sta->hash_node,
0096                    sta_rht_params);
0097 }
0098
0099 static int link_sta_info_hash_add(struct ieee80211_local *local,
0100                   struct link_sta_info *link_sta)
0101 {
0102     lockdep_assert_held(&local->sta_mtx);
0103     return rhltable_insert(&local->link_sta_hash,
0104                    &link_sta->link_hash_node,
0105                    link_sta_rht_params);
0106 }
0107
0108 static int link_sta_info_hash_del(struct ieee80211_local *local,
0109                   struct link_sta_info *link_sta)
0110 {
0111     lockdep_assert_held(&local->sta_mtx);
0112     return rhltable_remove(&local->link_sta_hash,
0113                    &link_sta->link_hash_node,
0114                    link_sta_rht_params);
0115 }
0116
0117 static void __cleanup_single_sta(struct sta_info *sta)
0118 {
0119     int ac, i;
0120     struct tid_ampdu_tx *tid_tx;
0121     struct ieee80211_sub_if_data *sdata = sta->sdata;
0122     struct ieee80211_local *local = sdata->local;
0123     struct ps_data *ps;
0124
0125     if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
0126         test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
0127         test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
0128         if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
0129             sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
0130             ps = &sdata->bss->ps;
0131         else if (ieee80211_vif_is_mesh(&sdata->vif))
0132             ps = &sdata->u.mesh.ps;
0133         else
0134             return;
0135
0136         clear_sta_flag(sta, WLAN_STA_PS_STA);
0137         clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
0138         clear_sta_flag(sta, WLAN_STA_PS_DELIVER);
0139
0140         atomic_dec(&ps->num_sta_ps);
0141     }
0142
0143     if (sta->sta.txq[0]) {
0144         for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
0145             struct txq_info *txqi;
0146
0147             if (!sta->sta.txq[i])
0148                 continue;
0149
0150             txqi = to_txq_info(sta->sta.txq[i]);
0151
0152             ieee80211_txq_purge(local, txqi);
0153         }
0154     }
0155
0156     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
0157         local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
0158         ieee80211_purge_tx_queue(&local->hw, &sta->ps_tx_buf[ac]);
0159         ieee80211_purge_tx_queue(&local->hw, &sta->tx_filtered[ac]);
0160     }
0161
0162     if (ieee80211_vif_is_mesh(&sdata->vif))
0163         mesh_sta_cleanup(sta);
0164
0165     cancel_work_sync(&sta->drv_deliver_wk);
0166
0167     /*
0168      * Destroy aggregation state here. It would be nice to wait for the
0169      * driver to finish aggregation stop and then clean up, but for now
0170      * drivers have to handle aggregation stop being requested, followed
0171      * directly by station destruction.
0172      */
0173     for (i = 0; i < IEEE80211_NUM_TIDS; i++) {
0174         kfree(sta->ampdu_mlme.tid_start_tx[i]);
0175         tid_tx = rcu_dereference_raw(sta->ampdu_mlme.tid_tx[i]);
0176         if (!tid_tx)
0177             continue;
0178         ieee80211_purge_tx_queue(&local->hw, &tid_tx->pending);
0179         kfree(tid_tx);
0180     }
0181 }
0182
0183 static void cleanup_single_sta(struct sta_info *sta)
0184 {
0185     struct ieee80211_sub_if_data *sdata = sta->sdata;
0186     struct ieee80211_local *local = sdata->local;
0187
0188     __cleanup_single_sta(sta);
0189     sta_info_free(local, sta);
0190 }
0191
0192 struct rhlist_head *sta_info_hash_lookup(struct ieee80211_local *local,
0193                      const u8 *addr)
0194 {
0195     return rhltable_lookup(&local->sta_hash, addr, sta_rht_params);
0196 }
0197
0198 /* protected by RCU */
0199 struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
0200                   const u8 *addr)
0201 {
0202     struct ieee80211_local *local = sdata->local;
0203     struct rhlist_head *tmp;
0204     struct sta_info *sta;
0205
0206     rcu_read_lock();
0207     for_each_sta_info(local, addr, sta, tmp) {
0208         if (sta->sdata == sdata) {
0209             rcu_read_unlock();
0210             /* this is safe as the caller must already hold
0211              * another rcu read section or the mutex
0212              */
0213             return sta;
0214         }
0215     }
0216     rcu_read_unlock();
0217     return NULL;
0218 }
0219
0220 /*
0221  * Get sta info either from the specified interface
0222  * or from one of its vlans
0223  */
0224 struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
0225                   const u8 *addr)
0226 {
0227     struct ieee80211_local *local = sdata->local;
0228     struct rhlist_head *tmp;
0229     struct sta_info *sta;
0230
0231     rcu_read_lock();
0232     for_each_sta_info(local, addr, sta, tmp) {
0233         if (sta->sdata == sdata ||
0234             (sta->sdata->bss && sta->sdata->bss == sdata->bss)) {
0235             rcu_read_unlock();
0236             /* this is safe as the caller must already hold
0237              * another rcu read section or the mutex
0238              */
0239             return sta;
0240         }
0241     }
0242     rcu_read_unlock();
0243     return NULL;
0244 }
0245
0246 struct rhlist_head *link_sta_info_hash_lookup(struct ieee80211_local *local,
0247                           const u8 *addr)
0248 {
0249     return rhltable_lookup(&local->link_sta_hash, addr,
0250                    link_sta_rht_params);
0251 }
0252
0253 struct link_sta_info *
0254 link_sta_info_get_bss(struct ieee80211_sub_if_data *sdata, const u8 *addr)
0255 {
0256     struct ieee80211_local *local = sdata->local;
0257     struct rhlist_head *tmp;
0258     struct link_sta_info *link_sta;
0259
0260     rcu_read_lock();
0261     for_each_link_sta_info(local, addr, link_sta, tmp) {
0262         struct sta_info *sta = link_sta->sta;
0263
0264         if (sta->sdata == sdata ||
0265             (sta->sdata->bss && sta->sdata->bss == sdata->bss)) {
0266             rcu_read_unlock();
0267             /* this is safe as the caller must already hold
0268              * another rcu read section or the mutex
0269              */
0270             return link_sta;
0271         }
0272     }
0273     rcu_read_unlock();
0274     return NULL;
0275 }
0276
0277 struct sta_info *sta_info_get_by_addrs(struct ieee80211_local *local,
0278                        const u8 *sta_addr, const u8 *vif_addr)
0279 {
0280     struct rhlist_head *tmp;
0281     struct sta_info *sta;
0282
0283     for_each_sta_info(local, sta_addr, sta, tmp) {
0284         if (ether_addr_equal(vif_addr, sta->sdata->vif.addr))
0285             return sta;
0286     }
0287
0288     return NULL;
0289 }
0290
0291 struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
0292                      int idx)
0293 {
0294     struct ieee80211_local *local = sdata->local;
0295     struct sta_info *sta;
0296     int i = 0;
0297
0298     list_for_each_entry_rcu(sta, &local->sta_list, list,
0299                 lockdep_is_held(&local->sta_mtx)) {
0300         if (sdata != sta->sdata)
0301             continue;
0302         if (i < idx) {
0303             ++i;
0304             continue;
0305         }
0306         return sta;
0307     }
0308
0309     return NULL;
0310 }
0311
0312 static void sta_info_free_link(struct link_sta_info *link_sta)
0313 {
0314     free_percpu(link_sta->pcpu_rx_stats);
0315 }
0316
0317 static void sta_remove_link(struct sta_info *sta, unsigned int link_id,
0318                 bool unhash)
0319 {
0320     struct sta_link_alloc *alloc = NULL;
0321     struct link_sta_info *link_sta;
0322
0323     link_sta = rcu_dereference_protected(sta->link[link_id],
0324                          lockdep_is_held(&sta->local->sta_mtx));
0325
0326     if (WARN_ON(!link_sta))
0327         return;
0328
0329     if (unhash)
0330         link_sta_info_hash_del(sta->local, link_sta);
0331
0332     if (link_sta != &sta->deflink)
0333         alloc = container_of(link_sta, typeof(*alloc), info);
0334
0335     sta->sta.valid_links &= ~BIT(link_id);
0336     RCU_INIT_POINTER(sta->link[link_id], NULL);
0337     RCU_INIT_POINTER(sta->sta.link[link_id], NULL);
0338     if (alloc) {
0339         sta_info_free_link(&alloc->info);
0340         kfree_rcu(alloc, rcu_head);
0341     }
0342 }
0343
0344 /**
0345  * sta_info_free - free STA
0346  *
0347  * @local: pointer to the global information
0348  * @sta: STA info to free
0349  *
0350  * This function must undo everything done by sta_info_alloc()
0351  * that may happen before sta_info_insert(). It may only be
0352  * called when sta_info_insert() has not been attempted (and
0353  * if that fails, the station is freed anyway.)
0354  */
0355 void sta_info_free(struct ieee80211_local *local, struct sta_info *sta)
0356 {
0357     int i;
0358
0359     for (i = 0; i < ARRAY_SIZE(sta->link); i++) {
0360         if (!(sta->sta.valid_links & BIT(i)))
0361             continue;
0362
0363         sta_remove_link(sta, i, false);
0364     }
0365
0366     /*
0367      * If we had used sta_info_pre_move_state() then we might not
0368      * have gone through the state transitions down again, so do
0369      * it here now (and warn if it's inserted).
0370      *
0371      * This will clear state such as fast TX/RX that may have been
0372      * allocated during state transitions.
0373      */
0374     while (sta->sta_state > IEEE80211_STA_NONE) {
0375         int ret;
0376
0377         WARN_ON_ONCE(test_sta_flag(sta, WLAN_STA_INSERTED));
0378
0379         ret = sta_info_move_state(sta, sta->sta_state - 1);
0380         if (WARN_ONCE(ret, "sta_info_move_state() returned %d\n", ret))
0381             break;
0382     }
0383
0384     if (sta->rate_ctrl)
0385         rate_control_free_sta(sta);
0386
0387     sta_dbg(sta->sdata, "Destroyed STA %pM\n", sta->sta.addr);
0388
0389     if (sta->sta.txq[0])
0390         kfree(to_txq_info(sta->sta.txq[0]));
0391     kfree(rcu_dereference_raw(sta->sta.rates));
0392 #ifdef CONFIG_MAC80211_MESH
0393     kfree(sta->mesh);
0394 #endif
0395
0396     sta_info_free_link(&sta->deflink);
0397     kfree(sta);
0398 }
0399
0400 /* Caller must hold local->sta_mtx */
0401 static int sta_info_hash_add(struct ieee80211_local *local,
0402                  struct sta_info *sta)
0403 {
0404     return rhltable_insert(&local->sta_hash, &sta->hash_node,
0405                    sta_rht_params);
0406 }
0407
0408 static void sta_deliver_ps_frames(struct work_struct *wk)
0409 {
0410     struct sta_info *sta;
0411
0412     sta = container_of(wk, struct sta_info, drv_deliver_wk);
0413
0414     if (sta->dead)
0415         return;
0416
0417     local_bh_disable();
0418     if (!test_sta_flag(sta, WLAN_STA_PS_STA))
0419         ieee80211_sta_ps_deliver_wakeup(sta);
0420     else if (test_and_clear_sta_flag(sta, WLAN_STA_PSPOLL))
0421         ieee80211_sta_ps_deliver_poll_response(sta);
0422     else if (test_and_clear_sta_flag(sta, WLAN_STA_UAPSD))
0423         ieee80211_sta_ps_deliver_uapsd(sta);
0424     local_bh_enable();
0425 }
0426
0427 static int sta_prepare_rate_control(struct ieee80211_local *local,
0428                     struct sta_info *sta, gfp_t gfp)
0429 {
0430     if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
0431         return 0;
0432
0433     sta->rate_ctrl = local->rate_ctrl;
0434     sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
0435                              sta, gfp);
0436     if (!sta->rate_ctrl_priv)
0437         return -ENOMEM;
0438
0439     return 0;
0440 }
0441
0442 static int sta_info_alloc_link(struct ieee80211_local *local,
0443                    struct link_sta_info *link_info,
0444                    gfp_t gfp)
0445 {
0446     struct ieee80211_hw *hw = &local->hw;
0447     int i;
0448
0449     if (ieee80211_hw_check(hw, USES_RSS)) {
0450         link_info->pcpu_rx_stats =
0451             alloc_percpu_gfp(struct ieee80211_sta_rx_stats, gfp);
0452         if (!link_info->pcpu_rx_stats)
0453             return -ENOMEM;
0454     }
0455
0456     link_info->rx_stats.last_rx = jiffies;
0457     u64_stats_init(&link_info->rx_stats.syncp);
0458
0459     ewma_signal_init(&link_info->rx_stats_avg.signal);
0460     ewma_avg_signal_init(&link_info->status_stats.avg_ack_signal);
0461     for (i = 0; i < ARRAY_SIZE(link_info->rx_stats_avg.chain_signal); i++)
0462         ewma_signal_init(&link_info->rx_stats_avg.chain_signal[i]);
0463
0464     return 0;
0465 }
0466
0467 static void sta_info_add_link(struct sta_info *sta,
0468                   unsigned int link_id,
0469                   struct link_sta_info *link_info,
0470                   struct ieee80211_link_sta *link_sta)
0471 {
0472     link_info->sta = sta;
0473     link_info->link_id = link_id;
0474     link_info->pub = link_sta;
0475     rcu_assign_pointer(sta->link[link_id], link_info);
0476     rcu_assign_pointer(sta->sta.link[link_id], link_sta);
0477 }
0478
0479 static struct sta_info *
0480 __sta_info_alloc(struct ieee80211_sub_if_data *sdata,
0481          const u8 *addr, int link_id, const u8 *link_addr,
0482          gfp_t gfp)
0483 {
0484     struct ieee80211_local *local = sdata->local;
0485     struct ieee80211_hw *hw = &local->hw;
0486     struct sta_info *sta;
0487     int i;
0488
0489     sta = kzalloc(sizeof(*sta) + hw->sta_data_size, gfp);
0490     if (!sta)
0491         return NULL;
0492
0493     sta->local = local;
0494     sta->sdata = sdata;
0495
0496     if (sta_info_alloc_link(local, &sta->deflink, gfp))
0497         goto free;
0498
0499     if (link_id >= 0) {
0500         sta_info_add_link(sta, link_id, &sta->deflink,
0501                   &sta->sta.deflink);
0502         sta->sta.valid_links = BIT(link_id);
0503     } else {
0504         sta_info_add_link(sta, 0, &sta->deflink, &sta->sta.deflink);
0505     }
0506
0507     spin_lock_init(&sta->lock);
0508     spin_lock_init(&sta->ps_lock);
0509     INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
0510     INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
0511     mutex_init(&sta->ampdu_mlme.mtx);
0512 #ifdef CONFIG_MAC80211_MESH
0513     if (ieee80211_vif_is_mesh(&sdata->vif)) {
0514         sta->mesh = kzalloc(sizeof(*sta->mesh), gfp);
0515         if (!sta->mesh)
0516             goto free;
0517         sta->mesh->plink_sta = sta;
0518         spin_lock_init(&sta->mesh->plink_lock);
0519         if (!sdata->u.mesh.user_mpm)
0520             timer_setup(&sta->mesh->plink_timer, mesh_plink_timer,
0521                     0);
0522         sta->mesh->nonpeer_pm = NL80211_MESH_POWER_ACTIVE;
0523     }
0524 #endif
0525
0526     memcpy(sta->addr, addr, ETH_ALEN);
0527     memcpy(sta->sta.addr, addr, ETH_ALEN);
0528     memcpy(sta->deflink.addr, link_addr, ETH_ALEN);
0529     memcpy(sta->sta.deflink.addr, link_addr, ETH_ALEN);
0530     sta->sta.max_rx_aggregation_subframes =
0531         local->hw.max_rx_aggregation_subframes;
0532
0533     /* TODO link specific alloc and assignments for MLO Link STA */
0534
0535     /* Extended Key ID needs to install keys for keyid 0 and 1 Rx-only.
0536      * The Tx path starts to use a key as soon as the key slot ptk_idx
0537      * references to is not NULL. To not use the initial Rx-only key
0538      * prematurely for Tx initialize ptk_idx to an impossible PTK keyid
0539      * which always will refer to a NULL key.
0540      */
0541     BUILD_BUG_ON(ARRAY_SIZE(sta->ptk) <= INVALID_PTK_KEYIDX);
0542     sta->ptk_idx = INVALID_PTK_KEYIDX;
0543
0544
0545     ieee80211_init_frag_cache(&sta->frags);
0546
0547     sta->sta_state = IEEE80211_STA_NONE;
0548
0549     /* Mark TID as unreserved */
0550     sta->reserved_tid = IEEE80211_TID_UNRESERVED;
0551
0552     sta->last_connected = ktime_get_seconds();
0553
0554     if (local->ops->wake_tx_queue) {
0555         void *txq_data;
0556         int size = sizeof(struct txq_info) +
0557                ALIGN(hw->txq_data_size, sizeof(void *));
0558
0559         txq_data = kcalloc(ARRAY_SIZE(sta->sta.txq), size, gfp);
0560         if (!txq_data)
0561             goto free;
0562
0563         for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
0564             struct txq_info *txq = txq_data + i * size;
0565
0566             /* might not do anything for the bufferable MMPDU TXQ */
0567             ieee80211_txq_init(sdata, sta, txq, i);
0568         }
0569     }
0570
0571     if (sta_prepare_rate_control(local, sta, gfp))
0572         goto free_txq;
0573
0574     sta->airtime_weight = IEEE80211_DEFAULT_AIRTIME_WEIGHT;
0575
0576     for (i = 0; i < IEEE80211_NUM_ACS; i++) {
0577         skb_queue_head_init(&sta->ps_tx_buf[i]);
0578         skb_queue_head_init(&sta->tx_filtered[i]);
0579         sta->airtime[i].deficit = sta->airtime_weight;
0580         atomic_set(&sta->airtime[i].aql_tx_pending, 0);
0581         sta->airtime[i].aql_limit_low = local->aql_txq_limit_low[i];
0582         sta->airtime[i].aql_limit_high = local->aql_txq_limit_high[i];
0583     }
0584
0585     for (i = 0; i < IEEE80211_NUM_TIDS; i++)
0586         sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
0587
0588     for (i = 0; i < NUM_NL80211_BANDS; i++) {
0589         u32 mandatory = 0;
0590         int r;
0591
0592         if (!hw->wiphy->bands[i])
0593             continue;
0594
0595         switch (i) {
0596         case NL80211_BAND_2GHZ:
0597         case NL80211_BAND_LC:
0598             /*
0599              * We use both here, even if we cannot really know for
0600              * sure the station will support both, but the only use
0601              * for this is when we don't know anything yet and send
0602              * management frames, and then we'll pick the lowest
0603              * possible rate anyway.
0604              * If we don't include _G here, we cannot find a rate
0605              * in P2P, and thus trigger the WARN_ONCE() in rate.c
0606              */
0607             mandatory = IEEE80211_RATE_MANDATORY_B |
0608                     IEEE80211_RATE_MANDATORY_G;
0609             break;
0610         case NL80211_BAND_5GHZ:
0611             mandatory = IEEE80211_RATE_MANDATORY_A;
0612             break;
0613         case NL80211_BAND_60GHZ:
0614             WARN_ON(1);
0615             mandatory = 0;
0616             break;
0617         }
0618
0619         for (r = 0; r < hw->wiphy->bands[i]->n_bitrates; r++) {
0620             struct ieee80211_rate *rate;
0621
0622             rate = &hw->wiphy->bands[i]->bitrates[r];
0623
0624             if (!(rate->flags & mandatory))
0625                 continue;
0626             sta->sta.deflink.supp_rates[i] |= BIT(r);
0627         }
0628     }
0629
0630     sta->sta.smps_mode = IEEE80211_SMPS_OFF;
0631     sta->sta.max_rc_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_BA;
0632
0633     sta->cparams.ce_threshold = CODEL_DISABLED_THRESHOLD;
0634     sta->cparams.target = MS2TIME(20);
0635     sta->cparams.interval = MS2TIME(100);
0636     sta->cparams.ecn = true;
0637     sta->cparams.ce_threshold_selector = 0;
0638     sta->cparams.ce_threshold_mask = 0;
0639
0640     sta_dbg(sdata, "Allocated STA %pM\n", sta->sta.addr);
0641
0642     return sta;
0643
0644 free_txq:
0645     if (sta->sta.txq[0])
0646         kfree(to_txq_info(sta->sta.txq[0]));
0647 free:
0648     sta_info_free_link(&sta->deflink);
0649 #ifdef CONFIG_MAC80211_MESH
0650     kfree(sta->mesh);
0651 #endif
0652     kfree(sta);
0653     return NULL;
0654 }
0655
0656 struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
0657                 const u8 *addr, gfp_t gfp)
0658 {
0659     return __sta_info_alloc(sdata, addr, -1, addr, gfp);
0660 }
0661
0662 struct sta_info *sta_info_alloc_with_link(struct ieee80211_sub_if_data *sdata,
0663                       const u8 *mld_addr,
0664                       unsigned int link_id,
0665                       const u8 *link_addr,
0666                       gfp_t gfp)
0667 {
0668     return __sta_info_alloc(sdata, mld_addr, link_id, link_addr, gfp);
0669 }
0670
0671 static int sta_info_insert_check(struct sta_info *sta)
0672 {
0673     struct ieee80211_sub_if_data *sdata = sta->sdata;
0674
0675     /*
0676      * Can't be a WARN_ON because it can be triggered through a race:
0677      * something inserts a STA (on one CPU) without holding the RTNL
0678      * and another CPU turns off the net device.
0679      */
0680     if (unlikely(!ieee80211_sdata_running(sdata)))
0681         return -ENETDOWN;
0682
0683     if (WARN_ON(ether_addr_equal(sta->sta.addr, sdata->vif.addr) ||
0684             !is_valid_ether_addr(sta->sta.addr)))
0685         return -EINVAL;
0686
0687     /* The RCU read lock is required by rhashtable due to
0688      * asynchronous resize/rehash.  We also require the mutex
0689      * for correctness.
0690      */
0691     rcu_read_lock();
0692     lockdep_assert_held(&sdata->local->sta_mtx);
0693     if (ieee80211_hw_check(&sdata->local->hw, NEEDS_UNIQUE_STA_ADDR) &&
0694         ieee80211_find_sta_by_ifaddr(&sdata->local->hw, sta->addr, NULL)) {
0695         rcu_read_unlock();
0696         return -ENOTUNIQ;
0697     }
0698     rcu_read_unlock();
0699
0700     return 0;
0701 }
0702
0703 static int sta_info_insert_drv_state(struct ieee80211_local *local,
0704                      struct ieee80211_sub_if_data *sdata,
0705                      struct sta_info *sta)
0706 {
0707     enum ieee80211_sta_state state;
0708     int err = 0;
0709
0710     for (state = IEEE80211_STA_NOTEXIST; state < sta->sta_state; state++) {
0711         err = drv_sta_state(local, sdata, sta, state, state + 1);
0712         if (err)
0713             break;
0714     }
0715
0716     if (!err) {
0717         /*
0718          * Drivers using legacy sta_add/sta_remove callbacks only
0719          * get uploaded set to true after sta_add is called.
0720          */
0721         if (!local->ops->sta_add)
0722             sta->uploaded = true;
0723         return 0;
0724     }
0725
0726     if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
0727         sdata_info(sdata,
0728                "failed to move IBSS STA %pM to state %d (%d) - keeping it anyway\n",
0729                sta->sta.addr, state + 1, err);
0730         err = 0;
0731     }
0732
0733     /* unwind on error */
0734     for (; state > IEEE80211_STA_NOTEXIST; state--)
0735         WARN_ON(drv_sta_state(local, sdata, sta, state, state - 1));
0736
0737     return err;
0738 }
0739
0740 static void
0741 ieee80211_recalc_p2p_go_ps_allowed(struct ieee80211_sub_if_data *sdata)
0742 {
0743     struct ieee80211_local *local = sdata->local;
0744     bool allow_p2p_go_ps = sdata->vif.p2p;
0745     struct sta_info *sta;
0746
0747     rcu_read_lock();
0748     list_for_each_entry_rcu(sta, &local->sta_list, list) {
0749         if (sdata != sta->sdata ||
0750             !test_sta_flag(sta, WLAN_STA_ASSOC))
0751             continue;
0752         if (!sta->sta.support_p2p_ps) {
0753             allow_p2p_go_ps = false;
0754             break;
0755         }
0756     }
0757     rcu_read_unlock();
0758
0759     if (allow_p2p_go_ps != sdata->vif.bss_conf.allow_p2p_go_ps) {
0760         sdata->vif.bss_conf.allow_p2p_go_ps = allow_p2p_go_ps;
0761         ieee80211_link_info_change_notify(sdata, &sdata->deflink,
0762                           BSS_CHANGED_P2P_PS);
0763     }
0764 }
0765
0766 /*
0767  * should be called with sta_mtx locked
0768  * this function replaces the mutex lock
0769  * with a RCU lock
0770  */
0771 static int sta_info_insert_finish(struct sta_info *sta) __acquires(RCU)
0772 {
0773     struct ieee80211_local *local = sta->local;
0774     struct ieee80211_sub_if_data *sdata = sta->sdata;
0775     struct station_info *sinfo = NULL;
0776     int err = 0;
0777
0778     lockdep_assert_held(&local->sta_mtx);
0779
0780     /* check if STA exists already */
0781     if (sta_info_get_bss(sdata, sta->sta.addr)) {
0782         err = -EEXIST;
0783         goto out_cleanup;
0784     }
0785
0786     sinfo = kzalloc(sizeof(struct station_info), GFP_KERNEL);
0787     if (!sinfo) {
0788         err = -ENOMEM;
0789         goto out_cleanup;
0790     }
0791
0792     local->num_sta++;
0793     local->sta_generation++;
0794     smp_mb();
0795
0796     /* simplify things and don't accept BA sessions yet */
0797     set_sta_flag(sta, WLAN_STA_BLOCK_BA);
0798
0799     /* make the station visible */
0800     err = sta_info_hash_add(local, sta);
0801     if (err)
0802         goto out_drop_sta;
0803
0804     if (sta->sta.valid_links) {
0805         err = link_sta_info_hash_add(local, &sta->deflink);
0806         if (err) {
0807             sta_info_hash_del(local, sta);
0808             goto out_drop_sta;
0809         }
0810     }
0811
0812     list_add_tail_rcu(&sta->list, &local->sta_list);
0813
0814     /* update channel context before notifying the driver about state
0815      * change, this enables driver using the updated channel context right away.
0816      */
0817     if (sta->sta_state >= IEEE80211_STA_ASSOC) {
0818         ieee80211_recalc_min_chandef(sta->sdata, -1);
0819         if (!sta->sta.support_p2p_ps)
0820             ieee80211_recalc_p2p_go_ps_allowed(sta->sdata);
0821     }
0822
0823     /* notify driver */
0824     err = sta_info_insert_drv_state(local, sdata, sta);
0825     if (err)
0826         goto out_remove;
0827
0828     set_sta_flag(sta, WLAN_STA_INSERTED);
0829
0830     /* accept BA sessions now */
0831     clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
0832
0833     ieee80211_sta_debugfs_add(sta);
0834     rate_control_add_sta_debugfs(sta);
0835
0836     sinfo->generation = local->sta_generation;
0837     cfg80211_new_sta(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL);
0838     kfree(sinfo);
0839
0840     sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr);
0841
0842     /* move reference to rcu-protected */
0843     rcu_read_lock();
0844     mutex_unlock(&local->sta_mtx);
0845
0846     if (ieee80211_vif_is_mesh(&sdata->vif))
0847         mesh_accept_plinks_update(sdata);
0848
0849     return 0;
0850  out_remove:
0851     if (sta->sta.valid_links)
0852         link_sta_info_hash_del(local, &sta->deflink);
0853     sta_info_hash_del(local, sta);
0854     list_del_rcu(&sta->list);
0855  out_drop_sta:
0856     local->num_sta--;
0857     synchronize_net();
0858  out_cleanup:
0859     cleanup_single_sta(sta);
0860     mutex_unlock(&local->sta_mtx);
0861     kfree(sinfo);
0862     rcu_read_lock();
0863     return err;
0864 }
0865
0866 int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
0867 {
0868     struct ieee80211_local *local = sta->local;
0869     int err;
0870
0871     might_sleep();
0872
0873     mutex_lock(&local->sta_mtx);
0874
0875     err = sta_info_insert_check(sta);
0876     if (err) {
0877         sta_info_free(local, sta);
0878         mutex_unlock(&local->sta_mtx);
0879         rcu_read_lock();
0880         return err;
0881     }
0882
0883     return sta_info_insert_finish(sta);
0884 }
0885
0886 int sta_info_insert(struct sta_info *sta)
0887 {
0888     int err = sta_info_insert_rcu(sta);
0889
0890     rcu_read_unlock();
0891
0892     return err;
0893 }
0894
0895 static inline void __bss_tim_set(u8 *tim, u16 id)
0896 {
0897     /*
0898      * This format has been mandated by the IEEE specifications,
0899      * so this line may not be changed to use the __set_bit() format.
0900      */
0901     tim[id / 8] |= (1 << (id % 8));
0902 }
0903
0904 static inline void __bss_tim_clear(u8 *tim, u16 id)
0905 {
0906     /*
0907      * This format has been mandated by the IEEE specifications,
0908      * so this line may not be changed to use the __clear_bit() format.
0909      */
0910     tim[id / 8] &= ~(1 << (id % 8));
0911 }
0912
0913 static inline bool __bss_tim_get(u8 *tim, u16 id)
0914 {
0915     /*
0916      * This format has been mandated by the IEEE specifications,
0917      * so this line may not be changed to use the test_bit() format.
0918      */
0919     return tim[id / 8] & (1 << (id % 8));
0920 }
0921
0922 static unsigned long ieee80211_tids_for_ac(int ac)
0923 {
0924     /* If we ever support TIDs > 7, this obviously needs to be adjusted */
0925     switch (ac) {
0926     case IEEE80211_AC_VO:
0927         return BIT(6) | BIT(7);
0928     case IEEE80211_AC_VI:
0929         return BIT(4) | BIT(5);
0930     case IEEE80211_AC_BE:
0931         return BIT(0) | BIT(3);
0932     case IEEE80211_AC_BK:
0933         return BIT(1) | BIT(2);
0934     default:
0935         WARN_ON(1);
0936         return 0;
0937     }
0938 }
0939
0940 static void __sta_info_recalc_tim(struct sta_info *sta, bool ignore_pending)
0941 {
0942     struct ieee80211_local *local = sta->local;
0943     struct ps_data *ps;
0944     bool indicate_tim = false;
0945     u8 ignore_for_tim = sta->sta.uapsd_queues;
0946     int ac;
0947     u16 id = sta->sta.aid;
0948
0949     if (sta->sdata->vif.type == NL80211_IFTYPE_AP ||
0950         sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
0951         if (WARN_ON_ONCE(!sta->sdata->bss))
0952             return;
0953
0954         ps = &sta->sdata->bss->ps;
0955 #ifdef CONFIG_MAC80211_MESH
0956     } else if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
0957         ps = &sta->sdata->u.mesh.ps;
0958 #endif
0959     } else {
0960         return;
0961     }
0962
0963     /* No need to do anything if the driver does all */
0964     if (ieee80211_hw_check(&local->hw, AP_LINK_PS) && !local->ops->set_tim)
0965         return;
0966
0967     if (sta->dead)
0968         goto done;
0969
0970     /*
0971      * If all ACs are delivery-enabled then we should build
0972      * the TIM bit for all ACs anyway; if only some are then
0973      * we ignore those and build the TIM bit using only the
0974      * non-enabled ones.
0975      */
0976     if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
0977         ignore_for_tim = 0;
0978
0979     if (ignore_pending)
0980         ignore_for_tim = BIT(IEEE80211_NUM_ACS) - 1;
0981
0982     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
0983         unsigned long tids;
0984
0985         if (ignore_for_tim & ieee80211_ac_to_qos_mask[ac])
0986             continue;
0987
0988         indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
0989                 !skb_queue_empty(&sta->ps_tx_buf[ac]);
0990         if (indicate_tim)
0991             break;
0992
0993         tids = ieee80211_tids_for_ac(ac);
0994
0995         indicate_tim |=
0996             sta->driver_buffered_tids & tids;
0997         indicate_tim |=
0998             sta->txq_buffered_tids & tids;
0999     }
1000
1001  done:
1002     spin_lock_bh(&local->tim_lock);
1003
1004     if (indicate_tim == __bss_tim_get(ps->tim, id))
1005         goto out_unlock;
1006
1007     if (indicate_tim)
1008         __bss_tim_set(ps->tim, id);
1009     else
1010         __bss_tim_clear(ps->tim, id);
1011
1012     if (local->ops->set_tim && !WARN_ON(sta->dead)) {
1013         local->tim_in_locked_section = true;
1014         drv_set_tim(local, &sta->sta, indicate_tim);
1015         local->tim_in_locked_section = false;
1016     }
1017
1018 out_unlock:
1019     spin_unlock_bh(&local->tim_lock);
1020 }
1021
1022 void sta_info_recalc_tim(struct sta_info *sta)
1023 {
1024     __sta_info_recalc_tim(sta, false);
1025 }
1026
1027 static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
1028 {
1029     struct ieee80211_tx_info *info;
1030     int timeout;
1031
1032     if (!skb)
1033         return false;
1034
1035     info = IEEE80211_SKB_CB(skb);
1036
1037     /* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
1038     timeout = (sta->listen_interval *
1039            sta->sdata->vif.bss_conf.beacon_int *
1040            32 / 15625) * HZ;
1041     if (timeout < STA_TX_BUFFER_EXPIRE)
1042         timeout = STA_TX_BUFFER_EXPIRE;
1043     return time_after(jiffies, info->control.jiffies + timeout);
1044 }
1045
1046
1047 static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
1048                         struct sta_info *sta, int ac)
1049 {
1050     unsigned long flags;
1051     struct sk_buff *skb;
1052
1053     /*
1054      * First check for frames that should expire on the filtered
1055      * queue. Frames here were rejected by the driver and are on
1056      * a separate queue to avoid reordering with normal PS-buffered
1057      * frames. They also aren't accounted for right now in the
1058      * total_ps_buffered counter.
1059      */
1060     for (;;) {
1061         spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
1062         skb = skb_peek(&sta->tx_filtered[ac]);
1063         if (sta_info_buffer_expired(sta, skb))
1064             skb = __skb_dequeue(&sta->tx_filtered[ac]);
1065         else
1066             skb = NULL;
1067         spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
1068
1069         /*
1070          * Frames are queued in order, so if this one
1071          * hasn't expired yet we can stop testing. If
1072          * we actually reached the end of the queue we
1073          * also need to stop, of course.
1074          */
1075         if (!skb)
1076             break;
1077         ieee80211_free_txskb(&local->hw, skb);
1078     }
1079
1080     /*
1081      * Now also check the normal PS-buffered queue, this will
1082      * only find something if the filtered queue was emptied
1083      * since the filtered frames are all before the normal PS
1084      * buffered frames.
1085      */
1086     for (;;) {
1087         spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
1088         skb = skb_peek(&sta->ps_tx_buf[ac]);
1089         if (sta_info_buffer_expired(sta, skb))
1090             skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
1091         else
1092             skb = NULL;
1093         spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
1094
1095         /*
1096          * frames are queued in order, so if this one
1097          * hasn't expired yet (or we reached the end of
1098          * the queue) we can stop testing
1099          */
1100         if (!skb)
1101             break;
1102
1103         local->total_ps_buffered--;
1104         ps_dbg(sta->sdata, "Buffered frame expired (STA %pM)\n",
1105                sta->sta.addr);
1106         ieee80211_free_txskb(&local->hw, skb);
1107     }
1108
1109     /*
1110      * Finally, recalculate the TIM bit for this station -- it might
1111      * now be clear because the station was too slow to retrieve its
1112      * frames.
1113      */
1114     sta_info_recalc_tim(sta);
1115
1116     /*
1117      * Return whether there are any frames still buffered, this is
1118      * used to check whether the cleanup timer still needs to run,
1119      * if there are no frames we don't need to rearm the timer.
1120      */
1121     return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
1122          skb_queue_empty(&sta->tx_filtered[ac]));
1123 }
1124
1125 static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
1126                          struct sta_info *sta)
1127 {
1128     bool have_buffered = false;
1129     int ac;
1130
1131     /* This is only necessary for stations on BSS/MBSS interfaces */
1132     if (!sta->sdata->bss &&
1133         !ieee80211_vif_is_mesh(&sta->sdata->vif))
1134         return false;
1135
1136     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
1137         have_buffered |=
1138             sta_info_cleanup_expire_buffered_ac(local, sta, ac);
1139
1140     return have_buffered;
1141 }
1142
1143 static int __must_check __sta_info_destroy_part1(struct sta_info *sta)
1144 {
1145     struct ieee80211_local *local;
1146     struct ieee80211_sub_if_data *sdata;
1147     int ret, i;
1148
1149     might_sleep();
1150
1151     if (!sta)
1152         return -ENOENT;
1153
1154     local = sta->local;
1155     sdata = sta->sdata;
1156
1157     lockdep_assert_held(&local->sta_mtx);
1158
1159     /*
1160      * Before removing the station from the driver and
1161      * rate control, it might still start new aggregation
1162      * sessions -- block that to make sure the tear-down
1163      * will be sufficient.
1164      */
1165     set_sta_flag(sta, WLAN_STA_BLOCK_BA);
1166     ieee80211_sta_tear_down_BA_sessions(sta, AGG_STOP_DESTROY_STA);
1167
1168     /*
1169      * Before removing the station from the driver there might be pending
1170      * rx frames on RSS queues sent prior to the disassociation - wait for
1171      * all such frames to be processed.
1172      */
1173     drv_sync_rx_queues(local, sta);
1174
1175     for (i = 0; i < ARRAY_SIZE(sta->link); i++) {
1176         struct link_sta_info *link_sta;
1177
1178         if (!(sta->sta.valid_links & BIT(i)))
1179             continue;
1180
1181         link_sta = rcu_dereference_protected(sta->link[i],
1182                              lockdep_is_held(&local->sta_mtx));
1183
1184         link_sta_info_hash_del(local, link_sta);
1185     }
1186
1187     ret = sta_info_hash_del(local, sta);
1188     if (WARN_ON(ret))
1189         return ret;
1190
1191     /*
1192      * for TDLS peers, make sure to return to the base channel before
1193      * removal.
1194      */
1195     if (test_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL)) {
1196         drv_tdls_cancel_channel_switch(local, sdata, &sta->sta);
1197         clear_sta_flag(sta, WLAN_STA_TDLS_OFF_CHANNEL);
1198     }
1199
1200     list_del_rcu(&sta->list);
1201     sta->removed = true;
1202
1203     drv_sta_pre_rcu_remove(local, sta->sdata, sta);
1204
1205     if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&
1206         rcu_access_pointer(sdata->u.vlan.sta) == sta)
1207         RCU_INIT_POINTER(sdata->u.vlan.sta, NULL);
1208
1209     return 0;
1210 }
1211
1212 static void __sta_info_destroy_part2(struct sta_info *sta)
1213 {
1214     struct ieee80211_local *local = sta->local;
1215     struct ieee80211_sub_if_data *sdata = sta->sdata;
1216     struct station_info *sinfo;
1217     int ret;
1218
1219     /*
1220      * NOTE: This assumes at least synchronize_net() was done
1221      *   after _part1 and before _part2!
1222      */
1223
1224     might_sleep();
1225     lockdep_assert_held(&local->sta_mtx);
1226
1227     if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
1228         ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
1229         WARN_ON_ONCE(ret);
1230     }
1231
1232     /* now keys can no longer be reached */
1233     ieee80211_free_sta_keys(local, sta);
1234
1235     /* disable TIM bit - last chance to tell driver */
1236     __sta_info_recalc_tim(sta, true);
1237
1238     sta->dead = true;
1239
1240     local->num_sta--;
1241     local->sta_generation++;
1242
1243     while (sta->sta_state > IEEE80211_STA_NONE) {
1244         ret = sta_info_move_state(sta, sta->sta_state - 1);
1245         if (ret) {
1246             WARN_ON_ONCE(1);
1247             break;
1248         }
1249     }
1250
1251     if (sta->uploaded) {
1252         ret = drv_sta_state(local, sdata, sta, IEEE80211_STA_NONE,
1253                     IEEE80211_STA_NOTEXIST);
1254         WARN_ON_ONCE(ret != 0);
1255     }
1256
1257     sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr);
1258
1259     sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL);
1260     if (sinfo)
1261         sta_set_sinfo(sta, sinfo, true);
1262     cfg80211_del_sta_sinfo(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL);
1263     kfree(sinfo);
1264
1265     ieee80211_sta_debugfs_remove(sta);
1266
1267     ieee80211_destroy_frag_cache(&sta->frags);
1268
1269     cleanup_single_sta(sta);
1270 }
1271
1272 int __must_check __sta_info_destroy(struct sta_info *sta)
1273 {
1274     int err = __sta_info_destroy_part1(sta);
1275
1276     if (err)
1277         return err;
1278
1279     synchronize_net();
1280
1281     __sta_info_destroy_part2(sta);
1282
1283     return 0;
1284 }
1285
1286 int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
1287 {
1288     struct sta_info *sta;
1289     int ret;
1290
1291     mutex_lock(&sdata->local->sta_mtx);
1292     sta = sta_info_get(sdata, addr);
1293     ret = __sta_info_destroy(sta);
1294     mutex_unlock(&sdata->local->sta_mtx);
1295
1296     return ret;
1297 }
1298
1299 int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
1300                   const u8 *addr)
1301 {
1302     struct sta_info *sta;
1303     int ret;
1304
1305     mutex_lock(&sdata->local->sta_mtx);
1306     sta = sta_info_get_bss(sdata, addr);
1307     ret = __sta_info_destroy(sta);
1308     mutex_unlock(&sdata->local->sta_mtx);
1309
1310     return ret;
1311 }
1312
1313 static void sta_info_cleanup(struct timer_list *t)
1314 {
1315     struct ieee80211_local *local = from_timer(local, t, sta_cleanup);
1316     struct sta_info *sta;
1317     bool timer_needed = false;
1318
1319     rcu_read_lock();
1320     list_for_each_entry_rcu(sta, &local->sta_list, list)
1321         if (sta_info_cleanup_expire_buffered(local, sta))
1322             timer_needed = true;
1323     rcu_read_unlock();
1324
1325     if (local->quiescing)
1326         return;
1327
1328     if (!timer_needed)
1329         return;
1330
1331     mod_timer(&local->sta_cleanup,
1332           round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
1333 }
1334
1335 int sta_info_init(struct ieee80211_local *local)
1336 {
1337     int err;
1338
1339     err = rhltable_init(&local->sta_hash, &sta_rht_params);
1340     if (err)
1341         return err;
1342
1343     err = rhltable_init(&local->link_sta_hash, &link_sta_rht_params);
1344     if (err) {
1345         rhltable_destroy(&local->sta_hash);
1346         return err;
1347     }
1348
1349     spin_lock_init(&local->tim_lock);
1350     mutex_init(&local->sta_mtx);
1351     INIT_LIST_HEAD(&local->sta_list);
1352
1353     timer_setup(&local->sta_cleanup, sta_info_cleanup, 0);
1354     return 0;
1355 }
1356
1357 void sta_info_stop(struct ieee80211_local *local)
1358 {
1359     del_timer_sync(&local->sta_cleanup);
1360     rhltable_destroy(&local->sta_hash);
1361     rhltable_destroy(&local->link_sta_hash);
1362 }
1363
1364
1365 int __sta_info_flush(struct ieee80211_sub_if_data *sdata, bool vlans)
1366 {
1367     struct ieee80211_local *local = sdata->local;
1368     struct sta_info *sta, *tmp;
1369     LIST_HEAD(free_list);
1370     int ret = 0;
1371
1372     might_sleep();
1373
1374     WARN_ON(vlans && sdata->vif.type != NL80211_IFTYPE_AP);
1375     WARN_ON(vlans && !sdata->bss);
1376
1377     mutex_lock(&local->sta_mtx);
1378     list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
1379         if (sdata == sta->sdata ||
1380             (vlans && sdata->bss == sta->sdata->bss)) {
1381             if (!WARN_ON(__sta_info_destroy_part1(sta)))
1382                 list_add(&sta->free_list, &free_list);
1383             ret++;
1384         }
1385     }
1386
1387     if (!list_empty(&free_list)) {
1388         synchronize_net();
1389         list_for_each_entry_safe(sta, tmp, &free_list, free_list)
1390             __sta_info_destroy_part2(sta);
1391     }
1392     mutex_unlock(&local->sta_mtx);
1393
1394     return ret;
1395 }
1396
1397 void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
1398               unsigned long exp_time)
1399 {
1400     struct ieee80211_local *local = sdata->local;
1401     struct sta_info *sta, *tmp;
1402
1403     mutex_lock(&local->sta_mtx);
1404
1405     list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
1406         unsigned long last_active = ieee80211_sta_last_active(sta);
1407
1408         if (sdata != sta->sdata)
1409             continue;
1410
1411         if (time_is_before_jiffies(last_active + exp_time)) {
1412             sta_dbg(sta->sdata, "expiring inactive STA %pM\n",
1413                 sta->sta.addr);
1414
1415             if (ieee80211_vif_is_mesh(&sdata->vif) &&
1416                 test_sta_flag(sta, WLAN_STA_PS_STA))
1417                 atomic_dec(&sdata->u.mesh.ps.num_sta_ps);
1418
1419             WARN_ON(__sta_info_destroy(sta));
1420         }
1421     }
1422
1423     mutex_unlock(&local->sta_mtx);
1424 }
1425
1426 struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
1427                            const u8 *addr,
1428                            const u8 *localaddr)
1429 {
1430     struct ieee80211_local *local = hw_to_local(hw);
1431     struct rhlist_head *tmp;
1432     struct sta_info *sta;
1433
1434     /*
1435      * Just return a random station if localaddr is NULL
1436      * ... first in list.
1437      */
1438     for_each_sta_info(local, addr, sta, tmp) {
1439         if (localaddr &&
1440             !ether_addr_equal(sta->sdata->vif.addr, localaddr))
1441             continue;
1442         if (!sta->uploaded)
1443             return NULL;
1444         return &sta->sta;
1445     }
1446
1447     return NULL;
1448 }
1449 EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
1450
1451 struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
1452                      const u8 *addr)
1453 {
1454     struct sta_info *sta;
1455
1456     if (!vif)
1457         return NULL;
1458
1459     sta = sta_info_get_bss(vif_to_sdata(vif), addr);
1460     if (!sta)
1461         return NULL;
1462
1463     if (!sta->uploaded)
1464         return NULL;
1465
1466     return &sta->sta;
1467 }
1468 EXPORT_SYMBOL(ieee80211_find_sta);
1469
1470 /* powersave support code */
1471 void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1472 {
1473     struct ieee80211_sub_if_data *sdata = sta->sdata;
1474     struct ieee80211_local *local = sdata->local;
1475     struct sk_buff_head pending;
1476     int filtered = 0, buffered = 0, ac, i;
1477     unsigned long flags;
1478     struct ps_data *ps;
1479
1480     if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1481         sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
1482                      u.ap);
1483
1484     if (sdata->vif.type == NL80211_IFTYPE_AP)
1485         ps = &sdata->bss->ps;
1486     else if (ieee80211_vif_is_mesh(&sdata->vif))
1487         ps = &sdata->u.mesh.ps;
1488     else
1489         return;
1490
1491     clear_sta_flag(sta, WLAN_STA_SP);
1492
1493     BUILD_BUG_ON(BITS_TO_LONGS(IEEE80211_NUM_TIDS) > 1);
1494     sta->driver_buffered_tids = 0;
1495     sta->txq_buffered_tids = 0;
1496
1497     if (!ieee80211_hw_check(&local->hw, AP_LINK_PS))
1498         drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1499
1500     for (i = 0; i < ARRAY_SIZE(sta->sta.txq); i++) {
1501         if (!sta->sta.txq[i] || !txq_has_queue(sta->sta.txq[i]))
1502             continue;
1503
1504         schedule_and_wake_txq(local, to_txq_info(sta->sta.txq[i]));
1505     }
1506
1507     skb_queue_head_init(&pending);
1508
1509     /* sync with ieee80211_tx_h_unicast_ps_buf */
1510     spin_lock(&sta->ps_lock);
1511     /* Send all buffered frames to the station */
1512     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1513         int count = skb_queue_len(&pending), tmp;
1514
1515         spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
1516         skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
1517         spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
1518         tmp = skb_queue_len(&pending);
1519         filtered += tmp - count;
1520         count = tmp;
1521
1522         spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
1523         skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
1524         spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
1525         tmp = skb_queue_len(&pending);
1526         buffered += tmp - count;
1527     }
1528
1529     ieee80211_add_pending_skbs(local, &pending);
1530
1531     /* now we're no longer in the deliver code */
1532     clear_sta_flag(sta, WLAN_STA_PS_DELIVER);
1533
1534     /* The station might have polled and then woken up before we responded,
1535      * so clear these flags now to avoid them sticking around.
1536      */
1537     clear_sta_flag(sta, WLAN_STA_PSPOLL);
1538     clear_sta_flag(sta, WLAN_STA_UAPSD);
1539     spin_unlock(&sta->ps_lock);
1540
1541     atomic_dec(&ps->num_sta_ps);
1542
1543     local->total_ps_buffered -= buffered;
1544
1545     sta_info_recalc_tim(sta);
1546
1547     ps_dbg(sdata,
1548            "STA %pM aid %d sending %d filtered/%d PS frames since STA woke up\n",
1549            sta->sta.addr, sta->sta.aid, filtered, buffered);
1550
1551     ieee80211_check_fast_xmit(sta);
1552 }
1553
1554 static void ieee80211_send_null_response(struct sta_info *sta, int tid,
1555                      enum ieee80211_frame_release_type reason,
1556                      bool call_driver, bool more_data)
1557 {
1558     struct ieee80211_sub_if_data *sdata = sta->sdata;
1559     struct ieee80211_local *local = sdata->local;
1560     struct ieee80211_qos_hdr *nullfunc;
1561     struct sk_buff *skb;
1562     int size = sizeof(*nullfunc);
1563     __le16 fc;
1564     bool qos = sta->sta.wme;
1565     struct ieee80211_tx_info *info;
1566     struct ieee80211_chanctx_conf *chanctx_conf;
1567
1568     if (qos) {
1569         fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1570                  IEEE80211_STYPE_QOS_NULLFUNC |
1571                  IEEE80211_FCTL_FROMDS);
1572     } else {
1573         size -= 2;
1574         fc = cpu_to_le16(IEEE80211_FTYPE_DATA |
1575                  IEEE80211_STYPE_NULLFUNC |
1576                  IEEE80211_FCTL_FROMDS);
1577     }
1578
1579     skb = dev_alloc_skb(local->hw.extra_tx_headroom + size);
1580     if (!skb)
1581         return;
1582
1583     skb_reserve(skb, local->hw.extra_tx_headroom);
1584
1585     nullfunc = skb_put(skb, size);
1586     nullfunc->frame_control = fc;
1587     nullfunc->duration_id = 0;
1588     memcpy(nullfunc->addr1, sta->sta.addr, ETH_ALEN);
1589     memcpy(nullfunc->addr2, sdata->vif.addr, ETH_ALEN);
1590     memcpy(nullfunc->addr3, sdata->vif.addr, ETH_ALEN);
1591     nullfunc->seq_ctrl = 0;
1592
1593     skb->priority = tid;
1594     skb_set_queue_mapping(skb, ieee802_1d_to_ac[tid]);
1595     if (qos) {
1596         nullfunc->qos_ctrl = cpu_to_le16(tid);
1597
1598         if (reason == IEEE80211_FRAME_RELEASE_UAPSD) {
1599             nullfunc->qos_ctrl |=
1600                 cpu_to_le16(IEEE80211_QOS_CTL_EOSP);
1601             if (more_data)
1602                 nullfunc->frame_control |=
1603                     cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1604         }
1605     }
1606
1607     info = IEEE80211_SKB_CB(skb);
1608
1609     /*
1610      * Tell TX path to send this frame even though the
1611      * STA may still remain is PS mode after this frame
1612      * exchange. Also set EOSP to indicate this packet
1613      * ends the poll/service period.
1614      */
1615     info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER |
1616                IEEE80211_TX_STATUS_EOSP |
1617                IEEE80211_TX_CTL_REQ_TX_STATUS;
1618
1619     info->control.flags |= IEEE80211_TX_CTRL_PS_RESPONSE;
1620
1621     if (call_driver)
1622         drv_allow_buffered_frames(local, sta, BIT(tid), 1,
1623                       reason, false);
1624
1625     skb->dev = sdata->dev;
1626
1627     rcu_read_lock();
1628     chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
1629     if (WARN_ON(!chanctx_conf)) {
1630         rcu_read_unlock();
1631         kfree_skb(skb);
1632         return;
1633     }
1634
1635     info->band = chanctx_conf->def.chan->band;
1636     ieee80211_xmit(sdata, sta, skb);
1637     rcu_read_unlock();
1638 }
1639
1640 static int find_highest_prio_tid(unsigned long tids)
1641 {
1642     /* lower 3 TIDs aren't ordered perfectly */
1643     if (tids & 0xF8)
1644         return fls(tids) - 1;
1645     /* TID 0 is BE just like TID 3 */
1646     if (tids & BIT(0))
1647         return 0;
1648     return fls(tids) - 1;
1649 }
1650
1651 /* Indicates if the MORE_DATA bit should be set in the last
1652  * frame obtained by ieee80211_sta_ps_get_frames.
1653  * Note that driver_release_tids is relevant only if
1654  * reason = IEEE80211_FRAME_RELEASE_PSPOLL
1655  */
1656 static bool
1657 ieee80211_sta_ps_more_data(struct sta_info *sta, u8 ignored_acs,
1658                enum ieee80211_frame_release_type reason,
1659                unsigned long driver_release_tids)
1660 {
1661     int ac;
1662
1663     /* If the driver has data on more than one TID then
1664      * certainly there's more data if we release just a
1665      * single frame now (from a single TID). This will
1666      * only happen for PS-Poll.
1667      */
1668     if (reason == IEEE80211_FRAME_RELEASE_PSPOLL &&
1669         hweight16(driver_release_tids) > 1)
1670         return true;
1671
1672     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1673         if (ignored_acs & ieee80211_ac_to_qos_mask[ac])
1674             continue;
1675
1676         if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1677             !skb_queue_empty(&sta->ps_tx_buf[ac]))
1678             return true;
1679     }
1680
1681     return false;
1682 }
1683
1684 static void
1685 ieee80211_sta_ps_get_frames(struct sta_info *sta, int n_frames, u8 ignored_acs,
1686                 enum ieee80211_frame_release_type reason,
1687                 struct sk_buff_head *frames,
1688                 unsigned long *driver_release_tids)
1689 {
1690     struct ieee80211_sub_if_data *sdata = sta->sdata;
1691     struct ieee80211_local *local = sdata->local;
1692     int ac;
1693
1694     /* Get response frame(s) and more data bit for the last one. */
1695     for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1696         unsigned long tids;
1697
1698         if (ignored_acs & ieee80211_ac_to_qos_mask[ac])
1699             continue;
1700
1701         tids = ieee80211_tids_for_ac(ac);
1702
1703         /* if we already have frames from software, then we can't also
1704          * release from hardware queues
1705          */
1706         if (skb_queue_empty(frames)) {
1707             *driver_release_tids |=
1708                 sta->driver_buffered_tids & tids;
1709             *driver_release_tids |= sta->txq_buffered_tids & tids;
1710         }
1711
1712         if (!*driver_release_tids) {
1713             struct sk_buff *skb;
1714
1715             while (n_frames > 0) {
1716                 skb = skb_dequeue(&sta->tx_filtered[ac]);
1717                 if (!skb) {
1718                     skb = skb_dequeue(
1719                         &sta->ps_tx_buf[ac]);
1720                     if (skb)
1721                         local->total_ps_buffered--;
1722                 }
1723                 if (!skb)
1724                     break;
1725                 n_frames--;
1726                 __skb_queue_tail(frames, skb);
1727             }
1728         }
1729
1730         /* If we have more frames buffered on this AC, then abort the
1731          * loop since we can't send more data from other ACs before
1732          * the buffered frames from this.
1733          */
1734         if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1735             !skb_queue_empty(&sta->ps_tx_buf[ac]))
1736             break;
1737     }
1738 }
1739
1740 static void
1741 ieee80211_sta_ps_deliver_response(struct sta_info *sta,
1742                   int n_frames, u8 ignored_acs,
1743                   enum ieee80211_frame_release_type reason)
1744 {
1745     struct ieee80211_sub_if_data *sdata = sta->sdata;
1746     struct ieee80211_local *local = sdata->local;
1747     unsigned long driver_release_tids = 0;
1748     struct sk_buff_head frames;
1749     bool more_data;
1750
1751     /* Service or PS-Poll period starts */
1752     set_sta_flag(sta, WLAN_STA_SP);
1753
1754     __skb_queue_head_init(&frames);
1755
1756     ieee80211_sta_ps_get_frames(sta, n_frames, ignored_acs, reason,
1757                     &frames, &driver_release_tids);
1758
1759     more_data = ieee80211_sta_ps_more_data(sta, ignored_acs, reason, driver_release_tids);
1760
1761     if (driver_release_tids && reason == IEEE80211_FRAME_RELEASE_PSPOLL)
1762         driver_release_tids =
1763             BIT(find_highest_prio_tid(driver_release_tids));
1764
1765     if (skb_queue_empty(&frames) && !driver_release_tids) {
1766         int tid, ac;
1767
1768         /*
1769          * For PS-Poll, this can only happen due to a race condition
1770          * when we set the TIM bit and the station notices it, but
1771          * before it can poll for the frame we expire it.
1772          *
1773          * For uAPSD, this is said in the standard (11.2.1.5 h):
1774          *  At each unscheduled SP for a non-AP STA, the AP shall
1775          *  attempt to transmit at least one MSDU or MMPDU, but no
1776          *  more than the value specified in the Max SP Length field
1777          *  in the QoS Capability element from delivery-enabled ACs,
1778          *  that are destined for the non-AP STA.
1779          *
1780          * Since we have no other MSDU/MMPDU, transmit a QoS null frame.
1781          */
1782
1783         /* This will evaluate to 1, 3, 5 or 7. */
1784         for (ac = IEEE80211_AC_VO; ac < IEEE80211_NUM_ACS; ac++)
1785             if (!(ignored_acs & ieee80211_ac_to_qos_mask[ac]))
1786                 break;
1787         tid = 7 - 2 * ac;
1788
1789         ieee80211_send_null_response(sta, tid, reason, true, false);
1790     } else if (!driver_release_tids) {
1791         struct sk_buff_head pending;
1792         struct sk_buff *skb;
1793         int num = 0;
1794         u16 tids = 0;
1795         bool need_null = false;
1796
1797         skb_queue_head_init(&pending);
1798
1799         while ((skb = __skb_dequeue(&frames))) {
1800             struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1801             struct ieee80211_hdr *hdr = (void *) skb->data;
1802             u8 *qoshdr = NULL;
1803
1804             num++;
1805
1806             /*
1807              * Tell TX path to send this frame even though the
1808              * STA may still remain is PS mode after this frame
1809              * exchange.
1810              */
1811             info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
1812             info->control.flags |= IEEE80211_TX_CTRL_PS_RESPONSE;
1813
1814             /*
1815              * Use MoreData flag to indicate whether there are
1816              * more buffered frames for this STA
1817              */
1818             if (more_data || !skb_queue_empty(&frames))
1819                 hdr->frame_control |=
1820                     cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1821             else
1822                 hdr->frame_control &=
1823                     cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1824
1825             if (ieee80211_is_data_qos(hdr->frame_control) ||
1826                 ieee80211_is_qos_nullfunc(hdr->frame_control))
1827                 qoshdr = ieee80211_get_qos_ctl(hdr);
1828
1829             tids |= BIT(skb->priority);
1830
1831             __skb_queue_tail(&pending, skb);
1832
1833             /* end service period after last frame or add one */
1834             if (!skb_queue_empty(&frames))
1835                 continue;
1836
1837             if (reason != IEEE80211_FRAME_RELEASE_UAPSD) {
1838                 /* for PS-Poll, there's only one frame */
1839                 info->flags |= IEEE80211_TX_STATUS_EOSP |
1840                            IEEE80211_TX_CTL_REQ_TX_STATUS;
1841                 break;
1842             }
1843
1844             /* For uAPSD, things are a bit more complicated. If the
1845              * last frame has a QoS header (i.e. is a QoS-data or
1846              * QoS-nulldata frame) then just set the EOSP bit there
1847              * and be done.
1848              * If the frame doesn't have a QoS header (which means
1849              * it should be a bufferable MMPDU) then we can't set
1850              * the EOSP bit in the QoS header; add a QoS-nulldata
1851              * frame to the list to send it after the MMPDU.
1852              *
1853              * Note that this code is only in the mac80211-release
1854              * code path, we assume that the driver will not buffer
1855              * anything but QoS-data frames, or if it does, will
1856              * create the QoS-nulldata frame by itself if needed.
1857              *
1858              * Cf. 802.11-2012 10.2.1.10 (c).
1859              */
1860             if (qoshdr) {
1861                 *qoshdr |= IEEE80211_QOS_CTL_EOSP;
1862
1863                 info->flags |= IEEE80211_TX_STATUS_EOSP |
1864                            IEEE80211_TX_CTL_REQ_TX_STATUS;
1865             } else {
1866                 /* The standard isn't completely clear on this
1867                  * as it says the more-data bit should be set
1868                  * if there are more BUs. The QoS-Null frame
1869                  * we're about to send isn't buffered yet, we
1870                  * only create it below, but let's pretend it
1871                  * was buffered just in case some clients only
1872                  * expect more-data=0 when eosp=1.
1873                  */
1874                 hdr->frame_control |=
1875                     cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1876                 need_null = true;
1877                 num++;
1878             }
1879             break;
1880         }
1881
1882         drv_allow_buffered_frames(local, sta, tids, num,
1883                       reason, more_data);
1884
1885         ieee80211_add_pending_skbs(local, &pending);
1886
1887         if (need_null)
1888             ieee80211_send_null_response(
1889                 sta, find_highest_prio_tid(tids),
1890                 reason, false, false);
1891
1892         sta_info_recalc_tim(sta);
1893     } else {
1894         int tid;
1895
1896         /*
1897          * We need to release a frame that is buffered somewhere in the
1898          * driver ... it'll have to handle that.
1899          * Note that the driver also has to check the number of frames
1900          * on the TIDs we're releasing from - if there are more than
1901          * n_frames it has to set the more-data bit (if we didn't ask
1902          * it to set it anyway due to other buffered frames); if there
1903          * are fewer than n_frames it has to make sure to adjust that
1904          * to allow the service period to end properly.
1905          */
1906         drv_release_buffered_frames(local, sta, driver_release_tids,
1907                         n_frames, reason, more_data);
1908
1909         /*
1910          * Note that we don't recalculate the TIM bit here as it would
1911          * most likely have no effect at all unless the driver told us
1912          * that the TID(s) became empty before returning here from the
1913          * release function.
1914          * Either way, however, when the driver tells us that the TID(s)
1915          * became empty or we find that a txq became empty, we'll do the
1916          * TIM recalculation.
1917          */
1918
1919         if (!sta->sta.txq[0])
1920             return;
1921
1922         for (tid = 0; tid < ARRAY_SIZE(sta->sta.txq); tid++) {
1923             if (!sta->sta.txq[tid] ||
1924                 !(driver_release_tids & BIT(tid)) ||
1925                 txq_has_queue(sta->sta.txq[tid]))
1926                 continue;
1927
1928             sta_info_recalc_tim(sta);
1929             break;
1930         }
1931     }
1932 }
1933
1934 void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
1935 {
1936     u8 ignore_for_response = sta->sta.uapsd_queues;
1937
1938     /*
1939      * If all ACs are delivery-enabled then we should reply
1940      * from any of them, if only some are enabled we reply
1941      * only from the non-enabled ones.
1942      */
1943     if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1)
1944         ignore_for_response = 0;
1945
1946     ieee80211_sta_ps_deliver_response(sta, 1, ignore_for_response,
1947                       IEEE80211_FRAME_RELEASE_PSPOLL);
1948 }
1949
1950 void ieee80211_sta_ps_deliver_uapsd(struct sta_info *sta)
1951 {
1952     int n_frames = sta->sta.max_sp;
1953     u8 delivery_enabled = sta->sta.uapsd_queues;
1954
1955     /*
1956      * If we ever grow support for TSPEC this might happen if
1957      * the TSPEC update from hostapd comes in between a trigger
1958      * frame setting WLAN_STA_UAPSD in the RX path and this
1959      * actually getting called.
1960      */
1961     if (!delivery_enabled)
1962         return;
1963
1964     switch (sta->sta.max_sp) {
1965     case 1:
1966         n_frames = 2;
1967         break;
1968     case 2:
1969         n_frames = 4;
1970         break;
1971     case 3:
1972         n_frames = 6;
1973         break;
1974     case 0:
1975         /* XXX: what is a good value? */
1976         n_frames = 128;
1977         break;
1978     }
1979
1980     ieee80211_sta_ps_deliver_response(sta, n_frames, ~delivery_enabled,
1981                       IEEE80211_FRAME_RELEASE_UAPSD);
1982 }
1983
1984 void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
1985                    struct ieee80211_sta *pubsta, bool block)
1986 {
1987     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1988
1989     trace_api_sta_block_awake(sta->local, pubsta, block);
1990
1991     if (block) {
1992         set_sta_flag(sta, WLAN_STA_PS_DRIVER);
1993         ieee80211_clear_fast_xmit(sta);
1994         return;
1995     }
1996
1997     if (!test_sta_flag(sta, WLAN_STA_PS_DRIVER))
1998         return;
1999
2000     if (!test_sta_flag(sta, WLAN_STA_PS_STA)) {
2001         set_sta_flag(sta, WLAN_STA_PS_DELIVER);
2002         clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
2003         ieee80211_queue_work(hw, &sta->drv_deliver_wk);
2004     } else if (test_sta_flag(sta, WLAN_STA_PSPOLL) ||
2005            test_sta_flag(sta, WLAN_STA_UAPSD)) {
2006         /* must be asleep in this case */
2007         clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
2008         ieee80211_queue_work(hw, &sta->drv_deliver_wk);
2009     } else {
2010         clear_sta_flag(sta, WLAN_STA_PS_DRIVER);
2011         ieee80211_check_fast_xmit(sta);
2012     }
2013 }
2014 EXPORT_SYMBOL(ieee80211_sta_block_awake);
2015
2016 void ieee80211_sta_eosp(struct ieee80211_sta *pubsta)
2017 {
2018     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
2019     struct ieee80211_local *local = sta->local;
2020
2021     trace_api_eosp(local, pubsta);
2022
2023     clear_sta_flag(sta, WLAN_STA_SP);
2024 }
2025 EXPORT_SYMBOL(ieee80211_sta_eosp);
2026
2027 void ieee80211_send_eosp_nullfunc(struct ieee80211_sta *pubsta, int tid)
2028 {
2029     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
2030     enum ieee80211_frame_release_type reason;
2031     bool more_data;
2032
2033     trace_api_send_eosp_nullfunc(sta->local, pubsta, tid);
2034
2035     reason = IEEE80211_FRAME_RELEASE_UAPSD;
2036     more_data = ieee80211_sta_ps_more_data(sta, ~sta->sta.uapsd_queues,
2037                            reason, 0);
2038
2039     ieee80211_send_null_response(sta, tid, reason, false, more_data);
2040 }
2041 EXPORT_SYMBOL(ieee80211_send_eosp_nullfunc);
2042
2043 void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
2044                 u8 tid, bool buffered)
2045 {
2046     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
2047
2048     if (WARN_ON(tid >= IEEE80211_NUM_TIDS))
2049         return;
2050
2051     trace_api_sta_set_buffered(sta->local, pubsta, tid, buffered);
2052
2053     if (buffered)
2054         set_bit(tid, &sta->driver_buffered_tids);
2055     else
2056         clear_bit(tid, &sta->driver_buffered_tids);
2057
2058     sta_info_recalc_tim(sta);
2059 }
2060 EXPORT_SYMBOL(ieee80211_sta_set_buffered);
2061
2062 void ieee80211_sta_register_airtime(struct ieee80211_sta *pubsta, u8 tid,
2063                     u32 tx_airtime, u32 rx_airtime)
2064 {
2065     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
2066     struct ieee80211_local *local = sta->sdata->local;
2067     u8 ac = ieee80211_ac_from_tid(tid);
2068     u32 airtime = 0;
2069     u32 diff;
2070
2071     if (sta->local->airtime_flags & AIRTIME_USE_TX)
2072         airtime += tx_airtime;
2073     if (sta->local->airtime_flags & AIRTIME_USE_RX)
2074         airtime += rx_airtime;
2075
2076     spin_lock_bh(&local->active_txq_lock[ac]);
2077     sta->airtime[ac].tx_airtime += tx_airtime;
2078     sta->airtime[ac].rx_airtime += rx_airtime;
2079
2080     diff = (u32)jiffies - sta->airtime[ac].last_active;
2081     if (diff <= AIRTIME_ACTIVE_DURATION)
2082         sta->airtime[ac].deficit -= airtime;
2083
2084     spin_unlock_bh(&local->active_txq_lock[ac]);
2085 }
2086 EXPORT_SYMBOL(ieee80211_sta_register_airtime);
2087
2088 void ieee80211_sta_update_pending_airtime(struct ieee80211_local *local,
2089                       struct sta_info *sta, u8 ac,
2090                       u16 tx_airtime, bool tx_completed)
2091 {
2092     int tx_pending;
2093
2094     if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
2095         return;
2096
2097     if (!tx_completed) {
2098         if (sta)
2099             atomic_add(tx_airtime,
2100                    &sta->airtime[ac].aql_tx_pending);
2101
2102         atomic_add(tx_airtime, &local->aql_total_pending_airtime);
2103         atomic_add(tx_airtime, &local->aql_ac_pending_airtime[ac]);
2104         return;
2105     }
2106
2107     if (sta) {
2108         tx_pending = atomic_sub_return(tx_airtime,
2109                            &sta->airtime[ac].aql_tx_pending);
2110         if (tx_pending < 0)
2111             atomic_cmpxchg(&sta->airtime[ac].aql_tx_pending,
2112                        tx_pending, 0);
2113     }
2114
2115     atomic_sub(tx_airtime, &local->aql_total_pending_airtime);
2116     tx_pending = atomic_sub_return(tx_airtime,
2117                        &local->aql_ac_pending_airtime[ac]);
2118     if (WARN_ONCE(tx_pending < 0,
2119               "Device %s AC %d pending airtime underflow: %u, %u",
2120               wiphy_name(local->hw.wiphy), ac, tx_pending,
2121               tx_airtime)) {
2122         atomic_cmpxchg(&local->aql_ac_pending_airtime[ac],
2123                    tx_pending, 0);
2124         atomic_sub(tx_pending, &local->aql_total_pending_airtime);
2125     }
2126 }
2127
2128 int sta_info_move_state(struct sta_info *sta,
2129             enum ieee80211_sta_state new_state)
2130 {
2131     might_sleep();
2132
2133     if (sta->sta_state == new_state)
2134         return 0;
2135
2136     /* check allowed transitions first */
2137
2138     switch (new_state) {
2139     case IEEE80211_STA_NONE:
2140         if (sta->sta_state != IEEE80211_STA_AUTH)
2141             return -EINVAL;
2142         break;
2143     case IEEE80211_STA_AUTH:
2144         if (sta->sta_state != IEEE80211_STA_NONE &&
2145             sta->sta_state != IEEE80211_STA_ASSOC)
2146             return -EINVAL;
2147         break;
2148     case IEEE80211_STA_ASSOC:
2149         if (sta->sta_state != IEEE80211_STA_AUTH &&
2150             sta->sta_state != IEEE80211_STA_AUTHORIZED)
2151             return -EINVAL;
2152         break;
2153     case IEEE80211_STA_AUTHORIZED:
2154         if (sta->sta_state != IEEE80211_STA_ASSOC)
2155             return -EINVAL;
2156         break;
2157     default:
2158         WARN(1, "invalid state %d", new_state);
2159         return -EINVAL;
2160     }
2161
2162     sta_dbg(sta->sdata, "moving STA %pM to state %d\n",
2163         sta->sta.addr, new_state);
2164
2165     /*
2166      * notify the driver before the actual changes so it can
2167      * fail the transition
2168      */
2169     if (test_sta_flag(sta, WLAN_STA_INSERTED)) {
2170         int err = drv_sta_state(sta->local, sta->sdata, sta,
2171                     sta->sta_state, new_state);
2172         if (err)
2173             return err;
2174     }
2175
2176     /* reflect the change in all state variables */
2177
2178     switch (new_state) {
2179     case IEEE80211_STA_NONE:
2180         if (sta->sta_state == IEEE80211_STA_AUTH)
2181             clear_bit(WLAN_STA_AUTH, &sta->_flags);
2182         break;
2183     case IEEE80211_STA_AUTH:
2184         if (sta->sta_state == IEEE80211_STA_NONE) {
2185             set_bit(WLAN_STA_AUTH, &sta->_flags);
2186         } else if (sta->sta_state == IEEE80211_STA_ASSOC) {
2187             clear_bit(WLAN_STA_ASSOC, &sta->_flags);
2188             ieee80211_recalc_min_chandef(sta->sdata, -1);
2189             if (!sta->sta.support_p2p_ps)
2190                 ieee80211_recalc_p2p_go_ps_allowed(sta->sdata);
2191         }
2192         break;
2193     case IEEE80211_STA_ASSOC:
2194         if (sta->sta_state == IEEE80211_STA_AUTH) {
2195             set_bit(WLAN_STA_ASSOC, &sta->_flags);
2196             sta->assoc_at = ktime_get_boottime_ns();
2197             ieee80211_recalc_min_chandef(sta->sdata, -1);
2198             if (!sta->sta.support_p2p_ps)
2199                 ieee80211_recalc_p2p_go_ps_allowed(sta->sdata);
2200         } else if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
2201             ieee80211_vif_dec_num_mcast(sta->sdata);
2202             clear_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
2203             ieee80211_clear_fast_xmit(sta);
2204             ieee80211_clear_fast_rx(sta);
2205         }
2206         break;
2207     case IEEE80211_STA_AUTHORIZED:
2208         if (sta->sta_state == IEEE80211_STA_ASSOC) {
2209             ieee80211_vif_inc_num_mcast(sta->sdata);
2210             set_bit(WLAN_STA_AUTHORIZED, &sta->_flags);
2211             ieee80211_check_fast_xmit(sta);
2212             ieee80211_check_fast_rx(sta);
2213         }
2214         if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
2215             sta->sdata->vif.type == NL80211_IFTYPE_AP)
2216             cfg80211_send_layer2_update(sta->sdata->dev,
2217                             sta->sta.addr);
2218         break;
2219     default:
2220         break;
2221     }
2222
2223     sta->sta_state = new_state;
2224
2225     return 0;
2226 }
2227
2228 static struct ieee80211_sta_rx_stats *
2229 sta_get_last_rx_stats(struct sta_info *sta)
2230 {
2231     struct ieee80211_sta_rx_stats *stats = &sta->deflink.rx_stats;
2232     int cpu;
2233
2234     if (!sta->deflink.pcpu_rx_stats)
2235         return stats;
2236
2237     for_each_possible_cpu(cpu) {
2238         struct ieee80211_sta_rx_stats *cpustats;
2239
2240         cpustats = per_cpu_ptr(sta->deflink.pcpu_rx_stats, cpu);
2241
2242         if (time_after(cpustats->last_rx, stats->last_rx))
2243             stats = cpustats;
2244     }
2245
2246     return stats;
2247 }
2248
2249 static void sta_stats_decode_rate(struct ieee80211_local *local, u32 rate,
2250                   struct rate_info *rinfo)
2251 {
2252     rinfo->bw = STA_STATS_GET(BW, rate);
2253
2254     switch (STA_STATS_GET(TYPE, rate)) {
2255     case STA_STATS_RATE_TYPE_VHT:
2256         rinfo->flags = RATE_INFO_FLAGS_VHT_MCS;
2257         rinfo->mcs = STA_STATS_GET(VHT_MCS, rate);
2258         rinfo->nss = STA_STATS_GET(VHT_NSS, rate);
2259         if (STA_STATS_GET(SGI, rate))
2260             rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
2261         break;
2262     case STA_STATS_RATE_TYPE_HT:
2263         rinfo->flags = RATE_INFO_FLAGS_MCS;
2264         rinfo->mcs = STA_STATS_GET(HT_MCS, rate);
2265         if (STA_STATS_GET(SGI, rate))
2266             rinfo->flags |= RATE_INFO_FLAGS_SHORT_GI;
2267         break;
2268     case STA_STATS_RATE_TYPE_LEGACY: {
2269         struct ieee80211_supported_band *sband;
2270         u16 brate;
2271         unsigned int shift;
2272         int band = STA_STATS_GET(LEGACY_BAND, rate);
2273         int rate_idx = STA_STATS_GET(LEGACY_IDX, rate);
2274
2275         sband = local->hw.wiphy->bands[band];
2276
2277         if (WARN_ON_ONCE(!sband->bitrates))
2278             break;
2279
2280         brate = sband->bitrates[rate_idx].bitrate;
2281         if (rinfo->bw == RATE_INFO_BW_5)
2282             shift = 2;
2283         else if (rinfo->bw == RATE_INFO_BW_10)
2284             shift = 1;
2285         else
2286             shift = 0;
2287         rinfo->legacy = DIV_ROUND_UP(brate, 1 << shift);
2288         break;
2289         }
2290     case STA_STATS_RATE_TYPE_HE:
2291         rinfo->flags = RATE_INFO_FLAGS_HE_MCS;
2292         rinfo->mcs = STA_STATS_GET(HE_MCS, rate);
2293         rinfo->nss = STA_STATS_GET(HE_NSS, rate);
2294         rinfo->he_gi = STA_STATS_GET(HE_GI, rate);
2295         rinfo->he_ru_alloc = STA_STATS_GET(HE_RU, rate);
2296         rinfo->he_dcm = STA_STATS_GET(HE_DCM, rate);
2297         break;
2298     }
2299 }
2300
2301 static int sta_set_rate_info_rx(struct sta_info *sta, struct rate_info *rinfo)
2302 {
2303     u16 rate = READ_ONCE(sta_get_last_rx_stats(sta)->last_rate);
2304
2305     if (rate == STA_STATS_RATE_INVALID)
2306         return -EINVAL;
2307
2308     sta_stats_decode_rate(sta->local, rate, rinfo);
2309     return 0;
2310 }
2311
2312 static inline u64 sta_get_tidstats_msdu(struct ieee80211_sta_rx_stats *rxstats,
2313                     int tid)
2314 {
2315     unsigned int start;
2316     u64 value;
2317
2318     do {
2319         start = u64_stats_fetch_begin_irq(&rxstats->syncp);
2320         value = rxstats->msdu[tid];
2321     } while (u64_stats_fetch_retry_irq(&rxstats->syncp, start));
2322
2323     return value;
2324 }
2325
2326 static void sta_set_tidstats(struct sta_info *sta,
2327                  struct cfg80211_tid_stats *tidstats,
2328                  int tid)
2329 {
2330     struct ieee80211_local *local = sta->local;
2331     int cpu;
2332
2333     if (!(tidstats->filled & BIT(NL80211_TID_STATS_RX_MSDU))) {
2334         tidstats->rx_msdu += sta_get_tidstats_msdu(&sta->deflink.rx_stats,
2335                                tid);
2336
2337         if (sta->deflink.pcpu_rx_stats) {
2338             for_each_possible_cpu(cpu) {
2339                 struct ieee80211_sta_rx_stats *cpurxs;
2340
2341                 cpurxs = per_cpu_ptr(sta->deflink.pcpu_rx_stats,
2342                              cpu);
2343                 tidstats->rx_msdu +=
2344                     sta_get_tidstats_msdu(cpurxs, tid);
2345             }
2346         }
2347
2348         tidstats->filled |= BIT(NL80211_TID_STATS_RX_MSDU);
2349     }
2350
2351     if (!(tidstats->filled & BIT(NL80211_TID_STATS_TX_MSDU))) {
2352         tidstats->filled |= BIT(NL80211_TID_STATS_TX_MSDU);
2353         tidstats->tx_msdu = sta->deflink.tx_stats.msdu[tid];
2354     }
2355
2356     if (!(tidstats->filled & BIT(NL80211_TID_STATS_TX_MSDU_RETRIES)) &&
2357         ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
2358         tidstats->filled |= BIT(NL80211_TID_STATS_TX_MSDU_RETRIES);
2359         tidstats->tx_msdu_retries = sta->deflink.status_stats.msdu_retries[tid];
2360     }
2361
2362     if (!(tidstats->filled & BIT(NL80211_TID_STATS_TX_MSDU_FAILED)) &&
2363         ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
2364         tidstats->filled |= BIT(NL80211_TID_STATS_TX_MSDU_FAILED);
2365         tidstats->tx_msdu_failed = sta->deflink.status_stats.msdu_failed[tid];
2366     }
2367
2368     if (local->ops->wake_tx_queue && tid < IEEE80211_NUM_TIDS) {
2369         spin_lock_bh(&local->fq.lock);
2370         rcu_read_lock();
2371
2372         tidstats->filled |= BIT(NL80211_TID_STATS_TXQ_STATS);
2373         ieee80211_fill_txq_stats(&tidstats->txq_stats,
2374                      to_txq_info(sta->sta.txq[tid]));
2375
2376         rcu_read_unlock();
2377         spin_unlock_bh(&local->fq.lock);
2378     }
2379 }
2380
2381 static inline u64 sta_get_stats_bytes(struct ieee80211_sta_rx_stats *rxstats)
2382 {
2383     unsigned int start;
2384     u64 value;
2385
2386     do {
2387         start = u64_stats_fetch_begin_irq(&rxstats->syncp);
2388         value = rxstats->bytes;
2389     } while (u64_stats_fetch_retry_irq(&rxstats->syncp, start));
2390
2391     return value;
2392 }
2393
2394 void sta_set_sinfo(struct sta_info *sta, struct station_info *sinfo,
2395            bool tidstats)
2396 {
2397     struct ieee80211_sub_if_data *sdata = sta->sdata;
2398     struct ieee80211_local *local = sdata->local;
2399     u32 thr = 0;
2400     int i, ac, cpu;
2401     struct ieee80211_sta_rx_stats *last_rxstats;
2402
2403     last_rxstats = sta_get_last_rx_stats(sta);
2404
2405     sinfo->generation = sdata->local->sta_generation;
2406
2407     /* do before driver, so beacon filtering drivers have a
2408      * chance to e.g. just add the number of filtered beacons
2409      * (or just modify the value entirely, of course)
2410      */
2411     if (sdata->vif.type == NL80211_IFTYPE_STATION)
2412         sinfo->rx_beacon = sdata->deflink.u.mgd.count_beacon_signal;
2413
2414     drv_sta_statistics(local, sdata, &sta->sta, sinfo);
2415     sinfo->filled |= BIT_ULL(NL80211_STA_INFO_INACTIVE_TIME) |
2416              BIT_ULL(NL80211_STA_INFO_STA_FLAGS) |
2417              BIT_ULL(NL80211_STA_INFO_BSS_PARAM) |
2418              BIT_ULL(NL80211_STA_INFO_CONNECTED_TIME) |
2419              BIT_ULL(NL80211_STA_INFO_ASSOC_AT_BOOTTIME) |
2420              BIT_ULL(NL80211_STA_INFO_RX_DROP_MISC);
2421
2422     if (sdata->vif.type == NL80211_IFTYPE_STATION) {
2423         sinfo->beacon_loss_count =
2424             sdata->deflink.u.mgd.beacon_loss_count;
2425         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_LOSS);
2426     }
2427
2428     sinfo->connected_time = ktime_get_seconds() - sta->last_connected;
2429     sinfo->assoc_at = sta->assoc_at;
2430     sinfo->inactive_time =
2431         jiffies_to_msecs(jiffies - ieee80211_sta_last_active(sta));
2432
2433     if (!(sinfo->filled & (BIT_ULL(NL80211_STA_INFO_TX_BYTES64) |
2434                    BIT_ULL(NL80211_STA_INFO_TX_BYTES)))) {
2435         sinfo->tx_bytes = 0;
2436         for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2437             sinfo->tx_bytes += sta->deflink.tx_stats.bytes[ac];
2438         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BYTES64);
2439     }
2440
2441     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_PACKETS))) {
2442         sinfo->tx_packets = 0;
2443         for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2444             sinfo->tx_packets += sta->deflink.tx_stats.packets[ac];
2445         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_PACKETS);
2446     }
2447
2448     if (!(sinfo->filled & (BIT_ULL(NL80211_STA_INFO_RX_BYTES64) |
2449                    BIT_ULL(NL80211_STA_INFO_RX_BYTES)))) {
2450         sinfo->rx_bytes += sta_get_stats_bytes(&sta->deflink.rx_stats);
2451
2452         if (sta->deflink.pcpu_rx_stats) {
2453             for_each_possible_cpu(cpu) {
2454                 struct ieee80211_sta_rx_stats *cpurxs;
2455
2456                 cpurxs = per_cpu_ptr(sta->deflink.pcpu_rx_stats,
2457                              cpu);
2458                 sinfo->rx_bytes += sta_get_stats_bytes(cpurxs);
2459             }
2460         }
2461
2462         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BYTES64);
2463     }
2464
2465     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_PACKETS))) {
2466         sinfo->rx_packets = sta->deflink.rx_stats.packets;
2467         if (sta->deflink.pcpu_rx_stats) {
2468             for_each_possible_cpu(cpu) {
2469                 struct ieee80211_sta_rx_stats *cpurxs;
2470
2471                 cpurxs = per_cpu_ptr(sta->deflink.pcpu_rx_stats,
2472                              cpu);
2473                 sinfo->rx_packets += cpurxs->packets;
2474             }
2475         }
2476         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_PACKETS);
2477     }
2478
2479     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_RETRIES))) {
2480         sinfo->tx_retries = sta->deflink.status_stats.retry_count;
2481         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_RETRIES);
2482     }
2483
2484     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_FAILED))) {
2485         sinfo->tx_failed = sta->deflink.status_stats.retry_failed;
2486         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
2487     }
2488
2489     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_DURATION))) {
2490         for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2491             sinfo->rx_duration += sta->airtime[ac].rx_airtime;
2492         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_DURATION);
2493     }
2494
2495     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_DURATION))) {
2496         for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
2497             sinfo->tx_duration += sta->airtime[ac].tx_airtime;
2498         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_DURATION);
2499     }
2500
2501     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_AIRTIME_WEIGHT))) {
2502         sinfo->airtime_weight = sta->airtime_weight;
2503         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_AIRTIME_WEIGHT);
2504     }
2505
2506     sinfo->rx_dropped_misc = sta->deflink.rx_stats.dropped;
2507     if (sta->deflink.pcpu_rx_stats) {
2508         for_each_possible_cpu(cpu) {
2509             struct ieee80211_sta_rx_stats *cpurxs;
2510
2511             cpurxs = per_cpu_ptr(sta->deflink.pcpu_rx_stats, cpu);
2512             sinfo->rx_dropped_misc += cpurxs->dropped;
2513         }
2514     }
2515
2516     if (sdata->vif.type == NL80211_IFTYPE_STATION &&
2517         !(sdata->vif.driver_flags & IEEE80211_VIF_BEACON_FILTER)) {
2518         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_BEACON_RX) |
2519                  BIT_ULL(NL80211_STA_INFO_BEACON_SIGNAL_AVG);
2520         sinfo->rx_beacon_signal_avg = ieee80211_ave_rssi(&sdata->vif);
2521     }
2522
2523     if (ieee80211_hw_check(&sta->local->hw, SIGNAL_DBM) ||
2524         ieee80211_hw_check(&sta->local->hw, SIGNAL_UNSPEC)) {
2525         if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL))) {
2526             sinfo->signal = (s8)last_rxstats->last_signal;
2527             sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL);
2528         }
2529
2530         if (!sta->deflink.pcpu_rx_stats &&
2531             !(sinfo->filled & BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG))) {
2532             sinfo->signal_avg =
2533                 -ewma_signal_read(&sta->deflink.rx_stats_avg.signal);
2534             sinfo->filled |= BIT_ULL(NL80211_STA_INFO_SIGNAL_AVG);
2535         }
2536     }
2537
2538     /* for the average - if pcpu_rx_stats isn't set - rxstats must point to
2539      * the sta->rx_stats struct, so the check here is fine with and without
2540      * pcpu statistics
2541      */
2542     if (last_rxstats->chains &&
2543         !(sinfo->filled & (BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL) |
2544                    BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG)))) {
2545         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL);
2546         if (!sta->deflink.pcpu_rx_stats)
2547             sinfo->filled |= BIT_ULL(NL80211_STA_INFO_CHAIN_SIGNAL_AVG);
2548
2549         sinfo->chains = last_rxstats->chains;
2550
2551         for (i = 0; i < ARRAY_SIZE(sinfo->chain_signal); i++) {
2552             sinfo->chain_signal[i] =
2553                 last_rxstats->chain_signal_last[i];
2554             sinfo->chain_signal_avg[i] =
2555                 -ewma_signal_read(&sta->deflink.rx_stats_avg.chain_signal[i]);
2556         }
2557     }
2558
2559     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_TX_BITRATE)) &&
2560         !sta->sta.valid_links) {
2561         sta_set_rate_info_tx(sta, &sta->deflink.tx_stats.last_rate,
2562                      &sinfo->txrate);
2563         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_BITRATE);
2564     }
2565
2566     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_RX_BITRATE)) &&
2567         !sta->sta.valid_links) {
2568         if (sta_set_rate_info_rx(sta, &sinfo->rxrate) == 0)
2569             sinfo->filled |= BIT_ULL(NL80211_STA_INFO_RX_BITRATE);
2570     }
2571
2572     if (tidstats && !cfg80211_sinfo_alloc_tid_stats(sinfo, GFP_KERNEL)) {
2573         for (i = 0; i < IEEE80211_NUM_TIDS + 1; i++)
2574             sta_set_tidstats(sta, &sinfo->pertid[i], i);
2575     }
2576
2577     if (ieee80211_vif_is_mesh(&sdata->vif)) {
2578 #ifdef CONFIG_MAC80211_MESH
2579         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_LLID) |
2580                  BIT_ULL(NL80211_STA_INFO_PLID) |
2581                  BIT_ULL(NL80211_STA_INFO_PLINK_STATE) |
2582                  BIT_ULL(NL80211_STA_INFO_LOCAL_PM) |
2583                  BIT_ULL(NL80211_STA_INFO_PEER_PM) |
2584                  BIT_ULL(NL80211_STA_INFO_NONPEER_PM) |
2585                  BIT_ULL(NL80211_STA_INFO_CONNECTED_TO_GATE) |
2586                  BIT_ULL(NL80211_STA_INFO_CONNECTED_TO_AS);
2587
2588         sinfo->llid = sta->mesh->llid;
2589         sinfo->plid = sta->mesh->plid;
2590         sinfo->plink_state = sta->mesh->plink_state;
2591         if (test_sta_flag(sta, WLAN_STA_TOFFSET_KNOWN)) {
2592             sinfo->filled |= BIT_ULL(NL80211_STA_INFO_T_OFFSET);
2593             sinfo->t_offset = sta->mesh->t_offset;
2594         }
2595         sinfo->local_pm = sta->mesh->local_pm;
2596         sinfo->peer_pm = sta->mesh->peer_pm;
2597         sinfo->nonpeer_pm = sta->mesh->nonpeer_pm;
2598         sinfo->connected_to_gate = sta->mesh->connected_to_gate;
2599         sinfo->connected_to_as = sta->mesh->connected_to_as;
2600 #endif
2601     }
2602
2603     sinfo->bss_param.flags = 0;
2604     if (sdata->vif.bss_conf.use_cts_prot)
2605         sinfo->bss_param.flags |= BSS_PARAM_FLAGS_CTS_PROT;
2606     if (sdata->vif.bss_conf.use_short_preamble)
2607         sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_PREAMBLE;
2608     if (sdata->vif.bss_conf.use_short_slot)
2609         sinfo->bss_param.flags |= BSS_PARAM_FLAGS_SHORT_SLOT_TIME;
2610     sinfo->bss_param.dtim_period = sdata->vif.bss_conf.dtim_period;
2611     sinfo->bss_param.beacon_interval = sdata->vif.bss_conf.beacon_int;
2612
2613     sinfo->sta_flags.set = 0;
2614     sinfo->sta_flags.mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
2615                 BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
2616                 BIT(NL80211_STA_FLAG_WME) |
2617                 BIT(NL80211_STA_FLAG_MFP) |
2618                 BIT(NL80211_STA_FLAG_AUTHENTICATED) |
2619                 BIT(NL80211_STA_FLAG_ASSOCIATED) |
2620                 BIT(NL80211_STA_FLAG_TDLS_PEER);
2621     if (test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2622         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHORIZED);
2623     if (test_sta_flag(sta, WLAN_STA_SHORT_PREAMBLE))
2624         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
2625     if (sta->sta.wme)
2626         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_WME);
2627     if (test_sta_flag(sta, WLAN_STA_MFP))
2628         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_MFP);
2629     if (test_sta_flag(sta, WLAN_STA_AUTH))
2630         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
2631     if (test_sta_flag(sta, WLAN_STA_ASSOC))
2632         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_ASSOCIATED);
2633     if (test_sta_flag(sta, WLAN_STA_TDLS_PEER))
2634         sinfo->sta_flags.set |= BIT(NL80211_STA_FLAG_TDLS_PEER);
2635
2636     thr = sta_get_expected_throughput(sta);
2637
2638     if (thr != 0) {
2639         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_EXPECTED_THROUGHPUT);
2640         sinfo->expected_throughput = thr;
2641     }
2642
2643     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL)) &&
2644         sta->deflink.status_stats.ack_signal_filled) {
2645         sinfo->ack_signal = sta->deflink.status_stats.last_ack_signal;
2646         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL);
2647     }
2648
2649     if (!(sinfo->filled & BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL_AVG)) &&
2650         sta->deflink.status_stats.ack_signal_filled) {
2651         sinfo->avg_ack_signal =
2652             -(s8)ewma_avg_signal_read(
2653                 &sta->deflink.status_stats.avg_ack_signal);
2654         sinfo->filled |=
2655             BIT_ULL(NL80211_STA_INFO_ACK_SIGNAL_AVG);
2656     }
2657
2658     if (ieee80211_vif_is_mesh(&sdata->vif)) {
2659         sinfo->filled |= BIT_ULL(NL80211_STA_INFO_AIRTIME_LINK_METRIC);
2660         sinfo->airtime_link_metric =
2661             airtime_link_metric_get(local, sta);
2662     }
2663 }
2664
2665 u32 sta_get_expected_throughput(struct sta_info *sta)
2666 {
2667     struct ieee80211_sub_if_data *sdata = sta->sdata;
2668     struct ieee80211_local *local = sdata->local;
2669     struct rate_control_ref *ref = NULL;
2670     u32 thr = 0;
2671
2672     if (test_sta_flag(sta, WLAN_STA_RATE_CONTROL))
2673         ref = local->rate_ctrl;
2674
2675     /* check if the driver has a SW RC implementation */
2676     if (ref && ref->ops->get_expected_throughput)
2677         thr = ref->ops->get_expected_throughput(sta->rate_ctrl_priv);
2678     else
2679         thr = drv_get_expected_throughput(local, sta);
2680
2681     return thr;
2682 }
2683
2684 unsigned long ieee80211_sta_last_active(struct sta_info *sta)
2685 {
2686     struct ieee80211_sta_rx_stats *stats = sta_get_last_rx_stats(sta);
2687
2688     if (!sta->deflink.status_stats.last_ack ||
2689         time_after(stats->last_rx, sta->deflink.status_stats.last_ack))
2690         return stats->last_rx;
2691     return sta->deflink.status_stats.last_ack;
2692 }
2693
2694 static void sta_update_codel_params(struct sta_info *sta, u32 thr)
2695 {
2696     if (!sta->sdata->local->ops->wake_tx_queue)
2697         return;
2698
2699     if (thr && thr < STA_SLOW_THRESHOLD * sta->local->num_sta) {
2700         sta->cparams.target = MS2TIME(50);
2701         sta->cparams.interval = MS2TIME(300);
2702         sta->cparams.ecn = false;
2703     } else {
2704         sta->cparams.target = MS2TIME(20);
2705         sta->cparams.interval = MS2TIME(100);
2706         sta->cparams.ecn = true;
2707     }
2708 }
2709
2710 void ieee80211_sta_set_expected_throughput(struct ieee80211_sta *pubsta,
2711                        u32 thr)
2712 {
2713     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
2714
2715     sta_update_codel_params(sta, thr);
2716 }
2717
2718 int ieee80211_sta_allocate_link(struct sta_info *sta, unsigned int link_id)
2719 {
2720     struct ieee80211_sub_if_data *sdata = sta->sdata;
2721     struct sta_link_alloc *alloc;
2722     int ret;
2723
2724     lockdep_assert_held(&sdata->local->sta_mtx);
2725
2726     /* must represent an MLD from the start */
2727     if (WARN_ON(!sta->sta.valid_links))
2728         return -EINVAL;
2729
2730     if (WARN_ON(sta->sta.valid_links & BIT(link_id) ||
2731             sta->link[link_id]))
2732         return -EBUSY;
2733
2734     alloc = kzalloc(sizeof(*alloc), GFP_KERNEL);
2735     if (!alloc)
2736         return -ENOMEM;
2737
2738     ret = sta_info_alloc_link(sdata->local, &alloc->info, GFP_KERNEL);
2739     if (ret) {
2740         kfree(alloc);
2741         return ret;
2742     }
2743
2744     sta_info_add_link(sta, link_id, &alloc->info, &alloc->sta);
2745
2746     return 0;
2747 }
2748
2749 void ieee80211_sta_free_link(struct sta_info *sta, unsigned int link_id)
2750 {
2751     lockdep_assert_held(&sta->sdata->local->sta_mtx);
2752
2753     sta_remove_link(sta, link_id, false);
2754 }
2755
2756 int ieee80211_sta_activate_link(struct sta_info *sta, unsigned int link_id)
2757 {
2758     struct ieee80211_sub_if_data *sdata = sta->sdata;
2759     struct link_sta_info *link_sta;
2760     u16 old_links = sta->sta.valid_links;
2761     u16 new_links = old_links | BIT(link_id);
2762     int ret;
2763
2764     link_sta = rcu_dereference_protected(sta->link[link_id],
2765                          lockdep_is_held(&sdata->local->sta_mtx));
2766
2767     if (WARN_ON(old_links == new_links || !link_sta))
2768         return -EINVAL;
2769
2770     rcu_read_lock();
2771     if (link_sta_info_hash_lookup(sdata->local, link_sta->addr)) {
2772         rcu_read_unlock();
2773         return -EALREADY;
2774     }
2775     /* we only modify under the mutex so this is fine */
2776     rcu_read_unlock();
2777
2778     sta->sta.valid_links = new_links;
2779
2780     if (!test_sta_flag(sta, WLAN_STA_INSERTED)) {
2781         ret = 0;
2782         goto hash;
2783     }
2784
2785     ret = drv_change_sta_links(sdata->local, sdata, &sta->sta,
2786                    old_links, new_links);
2787     if (ret) {
2788         sta->sta.valid_links = old_links;
2789         sta_remove_link(sta, link_id, false);
2790         return ret;
2791     }
2792
2793 hash:
2794     ret = link_sta_info_hash_add(sdata->local, link_sta);
2795     WARN_ON(ret);
2796     return 0;
2797 }
2798
2799 void ieee80211_sta_remove_link(struct sta_info *sta, unsigned int link_id)
2800 {
2801     struct ieee80211_sub_if_data *sdata = sta->sdata;
2802
2803     lockdep_assert_held(&sdata->local->sta_mtx);
2804
2805     sta->sta.valid_links &= ~BIT(link_id);
2806
2807     if (test_sta_flag(sta, WLAN_STA_INSERTED))
2808         drv_change_sta_links(sdata->local, sdata, &sta->sta,
2809                      sta->sta.valid_links,
2810                      sta->sta.valid_links & ~BIT(link_id));
2811
2812     sta_remove_link(sta, link_id, true);
2813 }
2814
2815 void ieee80211_sta_set_max_amsdu_subframes(struct sta_info *sta,
2816                        const u8 *ext_capab,
2817                        unsigned int ext_capab_len)
2818 {
2819     u8 val;
2820
2821     sta->sta.max_amsdu_subframes = 0;
2822
2823     if (ext_capab_len < 8)
2824         return;
2825
2826     /* The sender might not have sent the last bit, consider it to be 0 */
2827     val = u8_get_bits(ext_capab[7], WLAN_EXT_CAPA8_MAX_MSDU_IN_AMSDU_LSB);
2828
2829     /* we did get all the bits, take the MSB as well */
2830     if (ext_capab_len >= 9)
2831         val |= u8_get_bits(ext_capab[8],
2832                    WLAN_EXT_CAPA9_MAX_MSDU_IN_AMSDU_MSB) << 1;
2833
2834     if (val)
2835         sta->sta.max_amsdu_subframes = 4 << val;
2836 }