net/mac80211/status.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * Copyright 2002-2005, Instant802 Networks, Inc.
0004  * Copyright 2005-2006, Devicescape Software, Inc.
0005  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
0006  * Copyright 2008-2010  Johannes Berg <johannes@sipsolutions.net>
0007  * Copyright 2013-2014  Intel Mobile Communications GmbH
0008  * Copyright 2021-2022  Intel Corporation
0009  */
0010
0011 #include <linux/export.h>
0012 #include <linux/etherdevice.h>
0013 #include <net/mac80211.h>
0014 #include <asm/unaligned.h>
0015 #include "ieee80211_i.h"
0016 #include "rate.h"
0017 #include "mesh.h"
0018 #include "led.h"
0019 #include "wme.h"
0020
0021
0022 void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
0023                  struct sk_buff *skb)
0024 {
0025     struct ieee80211_local *local = hw_to_local(hw);
0026     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0027     int tmp;
0028
0029     skb->pkt_type = IEEE80211_TX_STATUS_MSG;
0030     skb_queue_tail(info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS ?
0031                &local->skb_queue : &local->skb_queue_unreliable, skb);
0032     tmp = skb_queue_len(&local->skb_queue) +
0033         skb_queue_len(&local->skb_queue_unreliable);
0034     while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
0035            (skb = skb_dequeue(&local->skb_queue_unreliable))) {
0036         ieee80211_free_txskb(hw, skb);
0037         tmp--;
0038         I802_DEBUG_INC(local->tx_status_drop);
0039     }
0040     tasklet_schedule(&local->tasklet);
0041 }
0042 EXPORT_SYMBOL(ieee80211_tx_status_irqsafe);
0043
0044 static void ieee80211_handle_filtered_frame(struct ieee80211_local *local,
0045                         struct sta_info *sta,
0046                         struct sk_buff *skb)
0047 {
0048     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0049     struct ieee80211_hdr *hdr = (void *)skb->data;
0050     int ac;
0051
0052     if (info->flags & (IEEE80211_TX_CTL_NO_PS_BUFFER |
0053                IEEE80211_TX_CTL_AMPDU |
0054                IEEE80211_TX_CTL_HW_80211_ENCAP)) {
0055         ieee80211_free_txskb(&local->hw, skb);
0056         return;
0057     }
0058
0059     /*
0060      * This skb 'survived' a round-trip through the driver, and
0061      * hopefully the driver didn't mangle it too badly. However,
0062      * we can definitely not rely on the control information
0063      * being correct. Clear it so we don't get junk there, and
0064      * indicate that it needs new processing, but must not be
0065      * modified/encrypted again.
0066      */
0067     memset(&info->control, 0, sizeof(info->control));
0068
0069     info->control.jiffies = jiffies;
0070     info->control.vif = &sta->sdata->vif;
0071     info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
0072     info->flags |= IEEE80211_TX_INTFL_RETRANSMISSION;
0073     info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
0074
0075     sta->deflink.status_stats.filtered++;
0076
0077     /*
0078      * Clear more-data bit on filtered frames, it might be set
0079      * but later frames might time out so it might have to be
0080      * clear again ... It's all rather unlikely (this frame
0081      * should time out first, right?) but let's not confuse
0082      * peers unnecessarily.
0083      */
0084     if (hdr->frame_control & cpu_to_le16(IEEE80211_FCTL_MOREDATA))
0085         hdr->frame_control &= ~cpu_to_le16(IEEE80211_FCTL_MOREDATA);
0086
0087     if (ieee80211_is_data_qos(hdr->frame_control)) {
0088         u8 *p = ieee80211_get_qos_ctl(hdr);
0089         int tid = *p & IEEE80211_QOS_CTL_TID_MASK;
0090
0091         /*
0092          * Clear EOSP if set, this could happen e.g.
0093          * if an absence period (us being a P2P GO)
0094          * shortens the SP.
0095          */
0096         if (*p & IEEE80211_QOS_CTL_EOSP)
0097             *p &= ~IEEE80211_QOS_CTL_EOSP;
0098         ac = ieee80211_ac_from_tid(tid);
0099     } else {
0100         ac = IEEE80211_AC_BE;
0101     }
0102
0103     /*
0104      * Clear the TX filter mask for this STA when sending the next
0105      * packet. If the STA went to power save mode, this will happen
0106      * when it wakes up for the next time.
0107      */
0108     set_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT);
0109     ieee80211_clear_fast_xmit(sta);
0110
0111     /*
0112      * This code races in the following way:
0113      *
0114      *  (1) STA sends frame indicating it will go to sleep and does so
0115      *  (2) hardware/firmware adds STA to filter list, passes frame up
0116      *  (3) hardware/firmware processes TX fifo and suppresses a frame
0117      *  (4) we get TX status before having processed the frame and
0118      *  knowing that the STA has gone to sleep.
0119      *
0120      * This is actually quite unlikely even when both those events are
0121      * processed from interrupts coming in quickly after one another or
0122      * even at the same time because we queue both TX status events and
0123      * RX frames to be processed by a tasklet and process them in the
0124      * same order that they were received or TX status last. Hence, there
0125      * is no race as long as the frame RX is processed before the next TX
0126      * status, which drivers can ensure, see below.
0127      *
0128      * Note that this can only happen if the hardware or firmware can
0129      * actually add STAs to the filter list, if this is done by the
0130      * driver in response to set_tim() (which will only reduce the race
0131      * this whole filtering tries to solve, not completely solve it)
0132      * this situation cannot happen.
0133      *
0134      * To completely solve this race drivers need to make sure that they
0135      *  (a) don't mix the irq-safe/not irq-safe TX status/RX processing
0136      *  functions and
0137      *  (b) always process RX events before TX status events if ordering
0138      *      can be unknown, for example with different interrupt status
0139      *  bits.
0140      *  (c) if PS mode transitions are manual (i.e. the flag
0141      *      %IEEE80211_HW_AP_LINK_PS is set), always process PS state
0142      *      changes before calling TX status events if ordering can be
0143      *  unknown.
0144      */
0145     if (test_sta_flag(sta, WLAN_STA_PS_STA) &&
0146         skb_queue_len(&sta->tx_filtered[ac]) < STA_MAX_TX_BUFFER) {
0147         skb_queue_tail(&sta->tx_filtered[ac], skb);
0148         sta_info_recalc_tim(sta);
0149
0150         if (!timer_pending(&local->sta_cleanup))
0151             mod_timer(&local->sta_cleanup,
0152                   round_jiffies(jiffies +
0153                         STA_INFO_CLEANUP_INTERVAL));
0154         return;
0155     }
0156
0157     if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
0158         !(info->flags & IEEE80211_TX_INTFL_RETRIED)) {
0159         /* Software retry the packet once */
0160         info->flags |= IEEE80211_TX_INTFL_RETRIED;
0161         ieee80211_add_pending_skb(local, skb);
0162         return;
0163     }
0164
0165     ps_dbg_ratelimited(sta->sdata,
0166                "dropped TX filtered frame, queue_len=%d PS=%d @%lu\n",
0167                skb_queue_len(&sta->tx_filtered[ac]),
0168                !!test_sta_flag(sta, WLAN_STA_PS_STA), jiffies);
0169     ieee80211_free_txskb(&local->hw, skb);
0170 }
0171
0172 static void ieee80211_check_pending_bar(struct sta_info *sta, u8 *addr, u8 tid)
0173 {
0174     struct tid_ampdu_tx *tid_tx;
0175
0176     tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
0177     if (!tid_tx || !tid_tx->bar_pending)
0178         return;
0179
0180     tid_tx->bar_pending = false;
0181     ieee80211_send_bar(&sta->sdata->vif, addr, tid, tid_tx->failed_bar_ssn);
0182 }
0183
0184 static void ieee80211_frame_acked(struct sta_info *sta, struct sk_buff *skb)
0185 {
0186     struct ieee80211_mgmt *mgmt = (void *) skb->data;
0187     struct ieee80211_local *local = sta->local;
0188     struct ieee80211_sub_if_data *sdata = sta->sdata;
0189
0190     if (ieee80211_is_data_qos(mgmt->frame_control)) {
0191         struct ieee80211_hdr *hdr = (void *) skb->data;
0192         u8 *qc = ieee80211_get_qos_ctl(hdr);
0193         u16 tid = qc[0] & 0xf;
0194
0195         ieee80211_check_pending_bar(sta, hdr->addr1, tid);
0196     }
0197
0198     if (ieee80211_is_action(mgmt->frame_control) &&
0199         !ieee80211_has_protected(mgmt->frame_control) &&
0200         mgmt->u.action.category == WLAN_CATEGORY_HT &&
0201         mgmt->u.action.u.ht_smps.action == WLAN_HT_ACTION_SMPS &&
0202         ieee80211_sdata_running(sdata)) {
0203         enum ieee80211_smps_mode smps_mode;
0204
0205         switch (mgmt->u.action.u.ht_smps.smps_control) {
0206         case WLAN_HT_SMPS_CONTROL_DYNAMIC:
0207             smps_mode = IEEE80211_SMPS_DYNAMIC;
0208             break;
0209         case WLAN_HT_SMPS_CONTROL_STATIC:
0210             smps_mode = IEEE80211_SMPS_STATIC;
0211             break;
0212         case WLAN_HT_SMPS_CONTROL_DISABLED:
0213         default: /* shouldn't happen since we don't send that */
0214             smps_mode = IEEE80211_SMPS_OFF;
0215             break;
0216         }
0217
0218         if (sdata->vif.type == NL80211_IFTYPE_STATION) {
0219             /*
0220              * This update looks racy, but isn't -- if we come
0221              * here we've definitely got a station that we're
0222              * talking to, and on a managed interface that can
0223              * only be the AP. And the only other place updating
0224              * this variable in managed mode is before association.
0225              */
0226             sdata->deflink.smps_mode = smps_mode;
0227             ieee80211_queue_work(&local->hw, &sdata->recalc_smps);
0228         }
0229     }
0230 }
0231
0232 static void ieee80211_set_bar_pending(struct sta_info *sta, u8 tid, u16 ssn)
0233 {
0234     struct tid_ampdu_tx *tid_tx;
0235
0236     tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
0237     if (!tid_tx)
0238         return;
0239
0240     tid_tx->failed_bar_ssn = ssn;
0241     tid_tx->bar_pending = true;
0242 }
0243
0244 static int ieee80211_tx_radiotap_len(struct ieee80211_tx_info *info,
0245                      struct ieee80211_tx_status *status)
0246 {
0247     struct ieee80211_rate_status *status_rate = NULL;
0248     int len = sizeof(struct ieee80211_radiotap_header);
0249
0250     if (status && status->n_rates)
0251         status_rate = &status->rates[status->n_rates - 1];
0252
0253     /* IEEE80211_RADIOTAP_RATE rate */
0254     if (status_rate && !(status_rate->rate_idx.flags &
0255                         (RATE_INFO_FLAGS_MCS |
0256                          RATE_INFO_FLAGS_DMG |
0257                          RATE_INFO_FLAGS_EDMG |
0258                          RATE_INFO_FLAGS_VHT_MCS |
0259                          RATE_INFO_FLAGS_HE_MCS)))
0260         len += 2;
0261     else if (info->status.rates[0].idx >= 0 &&
0262          !(info->status.rates[0].flags &
0263            (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS)))
0264         len += 2;
0265
0266     /* IEEE80211_RADIOTAP_TX_FLAGS */
0267     len += 2;
0268
0269     /* IEEE80211_RADIOTAP_DATA_RETRIES */
0270     len += 1;
0271
0272     /* IEEE80211_RADIOTAP_MCS
0273      * IEEE80211_RADIOTAP_VHT */
0274     if (status_rate) {
0275         if (status_rate->rate_idx.flags & RATE_INFO_FLAGS_MCS)
0276             len += 3;
0277         else if (status_rate->rate_idx.flags & RATE_INFO_FLAGS_VHT_MCS)
0278             len = ALIGN(len, 2) + 12;
0279         else if (status_rate->rate_idx.flags & RATE_INFO_FLAGS_HE_MCS)
0280             len = ALIGN(len, 2) + 12;
0281     } else if (info->status.rates[0].idx >= 0) {
0282         if (info->status.rates[0].flags & IEEE80211_TX_RC_MCS)
0283             len += 3;
0284         else if (info->status.rates[0].flags & IEEE80211_TX_RC_VHT_MCS)
0285             len = ALIGN(len, 2) + 12;
0286     }
0287
0288     return len;
0289 }
0290
0291 static void
0292 ieee80211_add_tx_radiotap_header(struct ieee80211_local *local,
0293                  struct sk_buff *skb, int retry_count,
0294                  int rtap_len, int shift,
0295                  struct ieee80211_tx_status *status)
0296 {
0297     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0298     struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
0299     struct ieee80211_radiotap_header *rthdr;
0300     struct ieee80211_rate_status *status_rate = NULL;
0301     unsigned char *pos;
0302     u16 legacy_rate = 0;
0303     u16 txflags;
0304
0305     if (status && status->n_rates)
0306         status_rate = &status->rates[status->n_rates - 1];
0307
0308     rthdr = skb_push(skb, rtap_len);
0309
0310     memset(rthdr, 0, rtap_len);
0311     rthdr->it_len = cpu_to_le16(rtap_len);
0312     rthdr->it_present =
0313         cpu_to_le32(BIT(IEEE80211_RADIOTAP_TX_FLAGS) |
0314                 BIT(IEEE80211_RADIOTAP_DATA_RETRIES));
0315     pos = (unsigned char *)(rthdr + 1);
0316
0317     /*
0318      * XXX: Once radiotap gets the bitmap reset thing the vendor
0319      *  extensions proposal contains, we can actually report
0320      *  the whole set of tries we did.
0321      */
0322
0323     /* IEEE80211_RADIOTAP_RATE */
0324
0325     if (status_rate) {
0326         if (!(status_rate->rate_idx.flags &
0327                         (RATE_INFO_FLAGS_MCS |
0328                          RATE_INFO_FLAGS_DMG |
0329                          RATE_INFO_FLAGS_EDMG |
0330                          RATE_INFO_FLAGS_VHT_MCS |
0331                          RATE_INFO_FLAGS_HE_MCS)))
0332             legacy_rate = status_rate->rate_idx.legacy;
0333     } else if (info->status.rates[0].idx >= 0 &&
0334          !(info->status.rates[0].flags & (IEEE80211_TX_RC_MCS |
0335                           IEEE80211_TX_RC_VHT_MCS))) {
0336         struct ieee80211_supported_band *sband;
0337
0338         sband = local->hw.wiphy->bands[info->band];
0339         legacy_rate =
0340             sband->bitrates[info->status.rates[0].idx].bitrate;
0341     }
0342
0343     if (legacy_rate) {
0344         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_RATE));
0345         *pos = DIV_ROUND_UP(legacy_rate, 5 * (1 << shift));
0346         /* padding for tx flags */
0347         pos += 2;
0348     }
0349
0350     /* IEEE80211_RADIOTAP_TX_FLAGS */
0351     txflags = 0;
0352     if (!(info->flags & IEEE80211_TX_STAT_ACK) &&
0353         !is_multicast_ether_addr(hdr->addr1))
0354         txflags |= IEEE80211_RADIOTAP_F_TX_FAIL;
0355
0356     if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_CTS_PROTECT)
0357         txflags |= IEEE80211_RADIOTAP_F_TX_CTS;
0358     if (info->status.rates[0].flags & IEEE80211_TX_RC_USE_RTS_CTS)
0359         txflags |= IEEE80211_RADIOTAP_F_TX_RTS;
0360
0361     put_unaligned_le16(txflags, pos);
0362     pos += 2;
0363
0364     /* IEEE80211_RADIOTAP_DATA_RETRIES */
0365     /* for now report the total retry_count */
0366     *pos = retry_count;
0367     pos++;
0368
0369     if (status_rate && (status_rate->rate_idx.flags & RATE_INFO_FLAGS_MCS))
0370     {
0371         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_MCS));
0372         pos[0] = IEEE80211_RADIOTAP_MCS_HAVE_MCS |
0373              IEEE80211_RADIOTAP_MCS_HAVE_GI |
0374              IEEE80211_RADIOTAP_MCS_HAVE_BW;
0375         if (status_rate->rate_idx.flags & RATE_INFO_FLAGS_SHORT_GI)
0376             pos[1] |= IEEE80211_RADIOTAP_MCS_SGI;
0377         if (status_rate->rate_idx.bw == RATE_INFO_BW_40)
0378             pos[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
0379         pos[2] = status_rate->rate_idx.mcs;
0380         pos += 3;
0381     } else if (status_rate && (status_rate->rate_idx.flags &
0382                     RATE_INFO_FLAGS_VHT_MCS))
0383     {
0384         u16 known = local->hw.radiotap_vht_details &
0385             (IEEE80211_RADIOTAP_VHT_KNOWN_GI |
0386              IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH);
0387
0388         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_VHT));
0389
0390         /* required alignment from rthdr */
0391         pos = (u8 *)rthdr + ALIGN(pos - (u8 *)rthdr, 2);
0392
0393         /* u16 known - IEEE80211_RADIOTAP_VHT_KNOWN_* */
0394         put_unaligned_le16(known, pos);
0395         pos += 2;
0396
0397         /* u8 flags - IEEE80211_RADIOTAP_VHT_FLAG_* */
0398         if (status_rate->rate_idx.flags & RATE_INFO_FLAGS_SHORT_GI)
0399             *pos |= IEEE80211_RADIOTAP_VHT_FLAG_SGI;
0400         pos++;
0401
0402         /* u8 bandwidth */
0403         switch (status_rate->rate_idx.bw) {
0404         case RATE_INFO_BW_160:
0405             *pos = 11;
0406             break;
0407         case RATE_INFO_BW_80:
0408             *pos = 4;
0409             break;
0410         case RATE_INFO_BW_40:
0411             *pos = 1;
0412             break;
0413         default:
0414             *pos = 0;
0415             break;
0416         }
0417         pos++;
0418
0419         /* u8 mcs_nss[4] */
0420         *pos = (status_rate->rate_idx.mcs << 4) |
0421                 status_rate->rate_idx.nss;
0422         pos += 4;
0423
0424         /* u8 coding */
0425         pos++;
0426         /* u8 group_id */
0427         pos++;
0428         /* u16 partial_aid */
0429         pos += 2;
0430     } else if (status_rate && (status_rate->rate_idx.flags &
0431                     RATE_INFO_FLAGS_HE_MCS))
0432     {
0433         struct ieee80211_radiotap_he *he;
0434
0435         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_HE));
0436
0437         /* required alignment from rthdr */
0438         pos = (u8 *)rthdr + ALIGN(pos - (u8 *)rthdr, 2);
0439         he = (struct ieee80211_radiotap_he *)pos;
0440
0441         he->data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_FORMAT_SU |
0442                     IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN |
0443                     IEEE80211_RADIOTAP_HE_DATA1_DATA_DCM_KNOWN |
0444                     IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN);
0445
0446         he->data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN);
0447
0448 #define HE_PREP(f, val) le16_encode_bits(val, IEEE80211_RADIOTAP_HE_##f)
0449
0450         he->data6 |= HE_PREP(DATA6_NSTS, status_rate->rate_idx.nss);
0451
0452 #define CHECK_GI(s) \
0453     BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA5_GI_##s != \
0454     (int)NL80211_RATE_INFO_HE_GI_##s)
0455
0456         CHECK_GI(0_8);
0457         CHECK_GI(1_6);
0458         CHECK_GI(3_2);
0459
0460         he->data3 |= HE_PREP(DATA3_DATA_MCS, status_rate->rate_idx.mcs);
0461         he->data3 |= HE_PREP(DATA3_DATA_DCM, status_rate->rate_idx.he_dcm);
0462
0463         he->data5 |= HE_PREP(DATA5_GI, status_rate->rate_idx.he_gi);
0464
0465         switch (status_rate->rate_idx.bw) {
0466         case RATE_INFO_BW_20:
0467             he->data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC,
0468                          IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_20MHZ);
0469             break;
0470         case RATE_INFO_BW_40:
0471             he->data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC,
0472                          IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_40MHZ);
0473             break;
0474         case RATE_INFO_BW_80:
0475             he->data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC,
0476                          IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_80MHZ);
0477             break;
0478         case RATE_INFO_BW_160:
0479             he->data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC,
0480                          IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_160MHZ);
0481             break;
0482         case RATE_INFO_BW_HE_RU:
0483 #define CHECK_RU_ALLOC(s) \
0484     BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA5_DATA_BW_RU_ALLOC_##s##T != \
0485     NL80211_RATE_INFO_HE_RU_ALLOC_##s + 4)
0486
0487             CHECK_RU_ALLOC(26);
0488             CHECK_RU_ALLOC(52);
0489             CHECK_RU_ALLOC(106);
0490             CHECK_RU_ALLOC(242);
0491             CHECK_RU_ALLOC(484);
0492             CHECK_RU_ALLOC(996);
0493             CHECK_RU_ALLOC(2x996);
0494
0495             he->data5 |= HE_PREP(DATA5_DATA_BW_RU_ALLOC,
0496                          status_rate->rate_idx.he_ru_alloc + 4);
0497             break;
0498         default:
0499             WARN_ONCE(1, "Invalid SU BW %d\n", status_rate->rate_idx.bw);
0500         }
0501
0502         pos += sizeof(struct ieee80211_radiotap_he);
0503     }
0504
0505     if (status_rate || info->status.rates[0].idx < 0)
0506         return;
0507
0508     /* IEEE80211_RADIOTAP_MCS
0509      * IEEE80211_RADIOTAP_VHT */
0510     if (info->status.rates[0].flags & IEEE80211_TX_RC_MCS) {
0511         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_MCS));
0512         pos[0] = IEEE80211_RADIOTAP_MCS_HAVE_MCS |
0513              IEEE80211_RADIOTAP_MCS_HAVE_GI |
0514              IEEE80211_RADIOTAP_MCS_HAVE_BW;
0515         if (info->status.rates[0].flags & IEEE80211_TX_RC_SHORT_GI)
0516             pos[1] |= IEEE80211_RADIOTAP_MCS_SGI;
0517         if (info->status.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
0518             pos[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
0519         if (info->status.rates[0].flags & IEEE80211_TX_RC_GREEN_FIELD)
0520             pos[1] |= IEEE80211_RADIOTAP_MCS_FMT_GF;
0521         pos[2] = info->status.rates[0].idx;
0522         pos += 3;
0523     } else if (info->status.rates[0].flags & IEEE80211_TX_RC_VHT_MCS) {
0524         u16 known = local->hw.radiotap_vht_details &
0525             (IEEE80211_RADIOTAP_VHT_KNOWN_GI |
0526              IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH);
0527
0528         rthdr->it_present |= cpu_to_le32(BIT(IEEE80211_RADIOTAP_VHT));
0529
0530         /* required alignment from rthdr */
0531         pos = (u8 *)rthdr + ALIGN(pos - (u8 *)rthdr, 2);
0532
0533         /* u16 known - IEEE80211_RADIOTAP_VHT_KNOWN_* */
0534         put_unaligned_le16(known, pos);
0535         pos += 2;
0536
0537         /* u8 flags - IEEE80211_RADIOTAP_VHT_FLAG_* */
0538         if (info->status.rates[0].flags & IEEE80211_TX_RC_SHORT_GI)
0539             *pos |= IEEE80211_RADIOTAP_VHT_FLAG_SGI;
0540         pos++;
0541
0542         /* u8 bandwidth */
0543         if (info->status.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
0544             *pos = 1;
0545         else if (info->status.rates[0].flags & IEEE80211_TX_RC_80_MHZ_WIDTH)
0546             *pos = 4;
0547         else if (info->status.rates[0].flags & IEEE80211_TX_RC_160_MHZ_WIDTH)
0548             *pos = 11;
0549         else /* IEEE80211_TX_RC_{20_MHZ_WIDTH,FIXME:DUP_DATA} */
0550             *pos = 0;
0551         pos++;
0552
0553         /* u8 mcs_nss[4] */
0554         *pos = (ieee80211_rate_get_vht_mcs(&info->status.rates[0]) << 4) |
0555             ieee80211_rate_get_vht_nss(&info->status.rates[0]);
0556         pos += 4;
0557
0558         /* u8 coding */
0559         pos++;
0560         /* u8 group_id */
0561         pos++;
0562         /* u16 partial_aid */
0563         pos += 2;
0564     }
0565 }
0566
0567 /*
0568  * Handles the tx for TDLS teardown frames.
0569  * If the frame wasn't ACKed by the peer - it will be re-sent through the AP
0570  */
0571 static void ieee80211_tdls_td_tx_handle(struct ieee80211_local *local,
0572                     struct ieee80211_sub_if_data *sdata,
0573                     struct sk_buff *skb, u32 flags)
0574 {
0575     struct sk_buff *teardown_skb;
0576     struct sk_buff *orig_teardown_skb;
0577     bool is_teardown = false;
0578
0579     /* Get the teardown data we need and free the lock */
0580     spin_lock(&sdata->u.mgd.teardown_lock);
0581     teardown_skb = sdata->u.mgd.teardown_skb;
0582     orig_teardown_skb = sdata->u.mgd.orig_teardown_skb;
0583     if ((skb == orig_teardown_skb) && teardown_skb) {
0584         sdata->u.mgd.teardown_skb = NULL;
0585         sdata->u.mgd.orig_teardown_skb = NULL;
0586         is_teardown = true;
0587     }
0588     spin_unlock(&sdata->u.mgd.teardown_lock);
0589
0590     if (is_teardown) {
0591         /* This mechanism relies on being able to get ACKs */
0592         WARN_ON(!ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS));
0593
0594         /* Check if peer has ACKed */
0595         if (flags & IEEE80211_TX_STAT_ACK) {
0596             dev_kfree_skb_any(teardown_skb);
0597         } else {
0598             tdls_dbg(sdata,
0599                  "TDLS Resending teardown through AP\n");
0600
0601             ieee80211_subif_start_xmit(teardown_skb, skb->dev);
0602         }
0603     }
0604 }
0605
0606 static struct ieee80211_sub_if_data *
0607 ieee80211_sdata_from_skb(struct ieee80211_local *local, struct sk_buff *skb)
0608 {
0609     struct ieee80211_sub_if_data *sdata;
0610
0611     if (skb->dev) {
0612         list_for_each_entry_rcu(sdata, &local->interfaces, list) {
0613             if (!sdata->dev)
0614                 continue;
0615
0616             if (skb->dev == sdata->dev)
0617                 return sdata;
0618         }
0619
0620         return NULL;
0621     }
0622
0623     return rcu_dereference(local->p2p_sdata);
0624 }
0625
0626 static void ieee80211_report_ack_skb(struct ieee80211_local *local,
0627                      struct sk_buff *orig_skb,
0628                      bool acked, bool dropped,
0629                      ktime_t ack_hwtstamp)
0630 {
0631     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(orig_skb);
0632     struct sk_buff *skb;
0633     unsigned long flags;
0634
0635     spin_lock_irqsave(&local->ack_status_lock, flags);
0636     skb = idr_remove(&local->ack_status_frames, info->ack_frame_id);
0637     spin_unlock_irqrestore(&local->ack_status_lock, flags);
0638
0639     if (!skb)
0640         return;
0641
0642     if (info->flags & IEEE80211_TX_INTFL_NL80211_FRAME_TX) {
0643         u64 cookie = IEEE80211_SKB_CB(skb)->ack.cookie;
0644         struct ieee80211_sub_if_data *sdata;
0645         struct ieee80211_hdr *hdr = (void *)skb->data;
0646         bool is_valid_ack_signal =
0647             !!(info->status.flags & IEEE80211_TX_STATUS_ACK_SIGNAL_VALID);
0648         struct cfg80211_tx_status status = {
0649             .cookie = cookie,
0650             .buf = skb->data,
0651             .len = skb->len,
0652             .ack = acked,
0653         };
0654
0655         if (ieee80211_is_timing_measurement(orig_skb) ||
0656             ieee80211_is_ftm(orig_skb)) {
0657             status.tx_tstamp =
0658                 ktime_to_ns(skb_hwtstamps(orig_skb)->hwtstamp);
0659             status.ack_tstamp = ktime_to_ns(ack_hwtstamp);
0660         }
0661
0662         rcu_read_lock();
0663         sdata = ieee80211_sdata_from_skb(local, skb);
0664         if (sdata) {
0665             if (skb->protocol == sdata->control_port_protocol ||
0666                 skb->protocol == cpu_to_be16(ETH_P_PREAUTH))
0667                 cfg80211_control_port_tx_status(&sdata->wdev,
0668                                 cookie,
0669                                 skb->data,
0670                                 skb->len,
0671                                 acked,
0672                                 GFP_ATOMIC);
0673             else if (ieee80211_is_any_nullfunc(hdr->frame_control))
0674                 cfg80211_probe_status(sdata->dev, hdr->addr1,
0675                               cookie, acked,
0676                               info->status.ack_signal,
0677                               is_valid_ack_signal,
0678                               GFP_ATOMIC);
0679             else if (ieee80211_is_mgmt(hdr->frame_control))
0680                 cfg80211_mgmt_tx_status_ext(&sdata->wdev,
0681                                 &status,
0682                                 GFP_ATOMIC);
0683             else
0684                 pr_warn("Unknown status report in ack skb\n");
0685
0686         }
0687         rcu_read_unlock();
0688
0689         dev_kfree_skb_any(skb);
0690     } else if (dropped) {
0691         dev_kfree_skb_any(skb);
0692     } else {
0693         /* consumes skb */
0694         skb_complete_wifi_ack(skb, acked);
0695     }
0696 }
0697
0698 static void ieee80211_report_used_skb(struct ieee80211_local *local,
0699                       struct sk_buff *skb, bool dropped,
0700                       ktime_t ack_hwtstamp)
0701 {
0702     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0703     u16 tx_time_est = ieee80211_info_get_tx_time_est(info);
0704     struct ieee80211_hdr *hdr = (void *)skb->data;
0705     bool acked = info->flags & IEEE80211_TX_STAT_ACK;
0706
0707     if (dropped)
0708         acked = false;
0709
0710     if (tx_time_est) {
0711         struct sta_info *sta;
0712
0713         rcu_read_lock();
0714
0715         sta = sta_info_get_by_addrs(local, hdr->addr1, hdr->addr2);
0716         ieee80211_sta_update_pending_airtime(local, sta,
0717                              skb_get_queue_mapping(skb),
0718                              tx_time_est,
0719                              true);
0720         rcu_read_unlock();
0721     }
0722
0723     if (info->flags & IEEE80211_TX_INTFL_MLME_CONN_TX) {
0724         struct ieee80211_sub_if_data *sdata;
0725
0726         rcu_read_lock();
0727
0728         sdata = ieee80211_sdata_from_skb(local, skb);
0729
0730         if (!sdata) {
0731             skb->dev = NULL;
0732         } else if (!dropped) {
0733             unsigned int hdr_size =
0734                 ieee80211_hdrlen(hdr->frame_control);
0735
0736             /* Check to see if packet is a TDLS teardown packet */
0737             if (ieee80211_is_data(hdr->frame_control) &&
0738                 (ieee80211_get_tdls_action(skb, hdr_size) ==
0739                  WLAN_TDLS_TEARDOWN)) {
0740                 ieee80211_tdls_td_tx_handle(local, sdata, skb,
0741                                 info->flags);
0742             } else if (ieee80211_s1g_is_twt_setup(skb)) {
0743                 if (!acked) {
0744                     struct sk_buff *qskb;
0745
0746                     qskb = skb_clone(skb, GFP_ATOMIC);
0747                     if (qskb) {
0748                         skb_queue_tail(&sdata->status_queue,
0749                                    qskb);
0750                         ieee80211_queue_work(&local->hw,
0751                                      &sdata->work);
0752                     }
0753                 }
0754             } else {
0755                 ieee80211_mgd_conn_tx_status(sdata,
0756                                  hdr->frame_control,
0757                                  acked);
0758             }
0759         }
0760
0761         rcu_read_unlock();
0762     } else if (info->ack_frame_id) {
0763         ieee80211_report_ack_skb(local, skb, acked, dropped,
0764                      ack_hwtstamp);
0765     }
0766
0767     if (!dropped && skb->destructor) {
0768         skb->wifi_acked_valid = 1;
0769         skb->wifi_acked = acked;
0770     }
0771
0772     ieee80211_led_tx(local);
0773
0774     if (skb_has_frag_list(skb)) {
0775         kfree_skb_list(skb_shinfo(skb)->frag_list);
0776         skb_shinfo(skb)->frag_list = NULL;
0777     }
0778 }
0779
0780 /*
0781  * Use a static threshold for now, best value to be determined
0782  * by testing ...
0783  * Should it depend on:
0784  *  - on # of retransmissions
0785  *  - current throughput (higher value for higher tpt)?
0786  */
0787 #define STA_LOST_PKT_THRESHOLD  50
0788 #define STA_LOST_PKT_TIME   HZ      /* 1 sec since last ACK */
0789 #define STA_LOST_TDLS_PKT_TIME      (10*HZ) /* 10secs since last ACK */
0790
0791 static void ieee80211_lost_packet(struct sta_info *sta,
0792                   struct ieee80211_tx_info *info)
0793 {
0794     unsigned long pkt_time = STA_LOST_PKT_TIME;
0795     unsigned int pkt_thr = STA_LOST_PKT_THRESHOLD;
0796
0797     /* If driver relies on its own algorithm for station kickout, skip
0798      * mac80211 packet loss mechanism.
0799      */
0800     if (ieee80211_hw_check(&sta->local->hw, REPORTS_LOW_ACK))
0801         return;
0802
0803     /* This packet was aggregated but doesn't carry status info */
0804     if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
0805         !(info->flags & IEEE80211_TX_STAT_AMPDU))
0806         return;
0807
0808     sta->deflink.status_stats.lost_packets++;
0809     if (sta->sta.tdls) {
0810         pkt_time = STA_LOST_TDLS_PKT_TIME;
0811         pkt_thr = STA_LOST_PKT_THRESHOLD;
0812     }
0813
0814     /*
0815      * If we're in TDLS mode, make sure that all STA_LOST_PKT_THRESHOLD
0816      * of the last packets were lost, and that no ACK was received in the
0817      * last STA_LOST_TDLS_PKT_TIME ms, before triggering the CQM packet-loss
0818      * mechanism.
0819      * For non-TDLS, use STA_LOST_PKT_THRESHOLD and STA_LOST_PKT_TIME
0820      */
0821     if (sta->deflink.status_stats.lost_packets < pkt_thr ||
0822         !time_after(jiffies, sta->deflink.status_stats.last_pkt_time + pkt_time))
0823         return;
0824
0825     cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
0826                     sta->deflink.status_stats.lost_packets,
0827                     GFP_ATOMIC);
0828     sta->deflink.status_stats.lost_packets = 0;
0829 }
0830
0831 static int ieee80211_tx_get_rates(struct ieee80211_hw *hw,
0832                   struct ieee80211_tx_info *info,
0833                   int *retry_count)
0834 {
0835     int count = -1;
0836     int i;
0837
0838     for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
0839         if ((info->flags & IEEE80211_TX_CTL_AMPDU) &&
0840             !(info->flags & IEEE80211_TX_STAT_AMPDU)) {
0841             /* just the first aggr frame carry status info */
0842             info->status.rates[i].idx = -1;
0843             info->status.rates[i].count = 0;
0844             break;
0845         } else if (info->status.rates[i].idx < 0) {
0846             break;
0847         } else if (i >= hw->max_report_rates) {
0848             /* the HW cannot have attempted that rate */
0849             info->status.rates[i].idx = -1;
0850             info->status.rates[i].count = 0;
0851             break;
0852         }
0853
0854         count += info->status.rates[i].count;
0855     }
0856
0857     if (count < 0)
0858         count = 0;
0859
0860     *retry_count = count;
0861     return i - 1;
0862 }
0863
0864 void ieee80211_tx_monitor(struct ieee80211_local *local, struct sk_buff *skb,
0865               int retry_count, int shift, bool send_to_cooked,
0866               struct ieee80211_tx_status *status)
0867 {
0868     struct sk_buff *skb2;
0869     struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
0870     struct ieee80211_sub_if_data *sdata;
0871     struct net_device *prev_dev = NULL;
0872     int rtap_len;
0873
0874     /* send frame to monitor interfaces now */
0875     rtap_len = ieee80211_tx_radiotap_len(info, status);
0876     if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
0877         pr_err("ieee80211_tx_status: headroom too small\n");
0878         dev_kfree_skb(skb);
0879         return;
0880     }
0881     ieee80211_add_tx_radiotap_header(local, skb, retry_count,
0882                      rtap_len, shift, status);
0883
0884     /* XXX: is this sufficient for BPF? */
0885     skb_reset_mac_header(skb);
0886     skb->ip_summed = CHECKSUM_UNNECESSARY;
0887     skb->pkt_type = PACKET_OTHERHOST;
0888     skb->protocol = htons(ETH_P_802_2);
0889     memset(skb->cb, 0, sizeof(skb->cb));
0890
0891     rcu_read_lock();
0892     list_for_each_entry_rcu(sdata, &local->interfaces, list) {
0893         if (sdata->vif.type == NL80211_IFTYPE_MONITOR) {
0894             if (!ieee80211_sdata_running(sdata))
0895                 continue;
0896
0897             if ((sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES) &&
0898                 !send_to_cooked)
0899                 continue;
0900
0901             if (prev_dev) {
0902                 skb2 = skb_clone(skb, GFP_ATOMIC);
0903                 if (skb2) {
0904                     skb2->dev = prev_dev;
0905                     netif_rx(skb2);
0906                 }
0907             }
0908
0909             prev_dev = sdata->dev;
0910         }
0911     }
0912     if (prev_dev) {
0913         skb->dev = prev_dev;
0914         netif_rx(skb);
0915         skb = NULL;
0916     }
0917     rcu_read_unlock();
0918     dev_kfree_skb(skb);
0919 }
0920
0921 static void __ieee80211_tx_status(struct ieee80211_hw *hw,
0922                   struct ieee80211_tx_status *status,
0923                   int rates_idx, int retry_count)
0924 {
0925     struct sk_buff *skb = status->skb;
0926     struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
0927     struct ieee80211_local *local = hw_to_local(hw);
0928     struct ieee80211_tx_info *info = status->info;
0929     struct sta_info *sta;
0930     __le16 fc;
0931     bool send_to_cooked;
0932     bool acked;
0933     bool noack_success;
0934     struct ieee80211_bar *bar;
0935     int shift = 0;
0936     int tid = IEEE80211_NUM_TIDS;
0937
0938     fc = hdr->frame_control;
0939
0940     if (status->sta) {
0941         sta = container_of(status->sta, struct sta_info, sta);
0942         shift = ieee80211_vif_get_shift(&sta->sdata->vif);
0943
0944         if (info->flags & IEEE80211_TX_STATUS_EOSP)
0945             clear_sta_flag(sta, WLAN_STA_SP);
0946
0947         acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
0948         noack_success = !!(info->flags &
0949                    IEEE80211_TX_STAT_NOACK_TRANSMITTED);
0950
0951         /* mesh Peer Service Period support */
0952         if (ieee80211_vif_is_mesh(&sta->sdata->vif) &&
0953             ieee80211_is_data_qos(fc))
0954             ieee80211_mpsp_trigger_process(
0955                 ieee80211_get_qos_ctl(hdr), sta, true, acked);
0956
0957         if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL) &&
0958             (ieee80211_is_data(hdr->frame_control)) &&
0959             (rates_idx != -1))
0960             sta->deflink.tx_stats.last_rate =
0961                 info->status.rates[rates_idx];
0962
0963         if ((info->flags & IEEE80211_TX_STAT_AMPDU_NO_BACK) &&
0964             (ieee80211_is_data_qos(fc))) {
0965             u16 ssn;
0966             u8 *qc;
0967
0968             qc = ieee80211_get_qos_ctl(hdr);
0969             tid = qc[0] & 0xf;
0970             ssn = ((le16_to_cpu(hdr->seq_ctrl) + 0x10)
0971                         & IEEE80211_SCTL_SEQ);
0972             ieee80211_send_bar(&sta->sdata->vif, hdr->addr1,
0973                        tid, ssn);
0974         } else if (ieee80211_is_data_qos(fc)) {
0975             u8 *qc = ieee80211_get_qos_ctl(hdr);
0976
0977             tid = qc[0] & 0xf;
0978         }
0979
0980         if (!acked && ieee80211_is_back_req(fc)) {
0981             u16 control;
0982
0983             /*
0984              * BAR failed, store the last SSN and retry sending
0985              * the BAR when the next unicast transmission on the
0986              * same TID succeeds.
0987              */
0988             bar = (struct ieee80211_bar *) skb->data;
0989             control = le16_to_cpu(bar->control);
0990             if (!(control & IEEE80211_BAR_CTRL_MULTI_TID)) {
0991                 u16 ssn = le16_to_cpu(bar->start_seq_num);
0992
0993                 tid = (control &
0994                        IEEE80211_BAR_CTRL_TID_INFO_MASK) >>
0995                       IEEE80211_BAR_CTRL_TID_INFO_SHIFT;
0996
0997                 ieee80211_set_bar_pending(sta, tid, ssn);
0998             }
0999         }
1000
1001         if (info->flags & IEEE80211_TX_STAT_TX_FILTERED) {
1002             ieee80211_handle_filtered_frame(local, sta, skb);
1003             return;
1004         } else if (ieee80211_is_data_present(fc)) {
1005             if (!acked && !noack_success)
1006                 sta->deflink.status_stats.msdu_failed[tid]++;
1007
1008             sta->deflink.status_stats.msdu_retries[tid] +=
1009                 retry_count;
1010         }
1011
1012         if (!(info->flags & IEEE80211_TX_CTL_INJECTED) && acked)
1013             ieee80211_frame_acked(sta, skb);
1014
1015     }
1016
1017     /* SNMP counters
1018      * Fragments are passed to low-level drivers as separate skbs, so these
1019      * are actually fragments, not frames. Update frame counters only for
1020      * the first fragment of the frame. */
1021     if ((info->flags & IEEE80211_TX_STAT_ACK) ||
1022         (info->flags & IEEE80211_TX_STAT_NOACK_TRANSMITTED)) {
1023         if (ieee80211_is_first_frag(hdr->seq_ctrl)) {
1024             I802_DEBUG_INC(local->dot11TransmittedFrameCount);
1025             if (is_multicast_ether_addr(ieee80211_get_DA(hdr)))
1026                 I802_DEBUG_INC(local->dot11MulticastTransmittedFrameCount);
1027             if (retry_count > 0)
1028                 I802_DEBUG_INC(local->dot11RetryCount);
1029             if (retry_count > 1)
1030                 I802_DEBUG_INC(local->dot11MultipleRetryCount);
1031         }
1032
1033         /* This counter shall be incremented for an acknowledged MPDU
1034          * with an individual address in the address 1 field or an MPDU
1035          * with a multicast address in the address 1 field of type Data
1036          * or Management. */
1037         if (!is_multicast_ether_addr(hdr->addr1) ||
1038             ieee80211_is_data(fc) ||
1039             ieee80211_is_mgmt(fc))
1040             I802_DEBUG_INC(local->dot11TransmittedFragmentCount);
1041     } else {
1042         if (ieee80211_is_first_frag(hdr->seq_ctrl))
1043             I802_DEBUG_INC(local->dot11FailedCount);
1044     }
1045
1046     if (ieee80211_is_any_nullfunc(fc) &&
1047         ieee80211_has_pm(fc) &&
1048         ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS) &&
1049         !(info->flags & IEEE80211_TX_CTL_INJECTED) &&
1050         local->ps_sdata && !(local->scanning)) {
1051         if (info->flags & IEEE80211_TX_STAT_ACK)
1052             local->ps_sdata->u.mgd.flags |=
1053                     IEEE80211_STA_NULLFUNC_ACKED;
1054         mod_timer(&local->dynamic_ps_timer,
1055               jiffies + msecs_to_jiffies(10));
1056     }
1057
1058     ieee80211_report_used_skb(local, skb, false, status->ack_hwtstamp);
1059
1060     /* this was a transmitted frame, but now we want to reuse it */
1061     skb_orphan(skb);
1062
1063     /* Need to make a copy before skb->cb gets cleared */
1064     send_to_cooked = !!(info->flags & IEEE80211_TX_CTL_INJECTED) ||
1065              !(ieee80211_is_data(fc));
1066
1067     /*
1068      * This is a bit racy but we can avoid a lot of work
1069      * with this test...
1070      */
1071     if (!local->monitors && (!send_to_cooked || !local->cooked_mntrs)) {
1072         if (status->free_list)
1073             list_add_tail(&skb->list, status->free_list);
1074         else
1075             dev_kfree_skb(skb);
1076         return;
1077     }
1078
1079     /* send to monitor interfaces */
1080     ieee80211_tx_monitor(local, skb, retry_count, shift,
1081                  send_to_cooked, status);
1082 }
1083
1084 void ieee80211_tx_status(struct ieee80211_hw *hw, struct sk_buff *skb)
1085 {
1086     struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1087     struct ieee80211_local *local = hw_to_local(hw);
1088     struct ieee80211_tx_status status = {
1089         .skb = skb,
1090         .info = IEEE80211_SKB_CB(skb),
1091     };
1092     struct sta_info *sta;
1093
1094     rcu_read_lock();
1095
1096     sta = sta_info_get_by_addrs(local, hdr->addr1, hdr->addr2);
1097     if (sta)
1098         status.sta = &sta->sta;
1099
1100     ieee80211_tx_status_ext(hw, &status);
1101     rcu_read_unlock();
1102 }
1103 EXPORT_SYMBOL(ieee80211_tx_status);
1104
1105 void ieee80211_tx_status_ext(struct ieee80211_hw *hw,
1106                  struct ieee80211_tx_status *status)
1107 {
1108     struct ieee80211_local *local = hw_to_local(hw);
1109     struct ieee80211_tx_info *info = status->info;
1110     struct ieee80211_sta *pubsta = status->sta;
1111     struct sk_buff *skb = status->skb;
1112     struct sta_info *sta = NULL;
1113     int rates_idx, retry_count;
1114     bool acked, noack_success, ack_signal_valid;
1115     u16 tx_time_est;
1116
1117     if (pubsta) {
1118         sta = container_of(pubsta, struct sta_info, sta);
1119
1120         if (status->n_rates)
1121             sta->deflink.tx_stats.last_rate_info =
1122                 status->rates[status->n_rates - 1].rate_idx;
1123     }
1124
1125     if (skb && (tx_time_est =
1126             ieee80211_info_get_tx_time_est(IEEE80211_SKB_CB(skb))) > 0) {
1127         /* Do this here to avoid the expensive lookup of the sta
1128          * in ieee80211_report_used_skb().
1129          */
1130         ieee80211_sta_update_pending_airtime(local, sta,
1131                              skb_get_queue_mapping(skb),
1132                              tx_time_est,
1133                              true);
1134         ieee80211_info_set_tx_time_est(IEEE80211_SKB_CB(skb), 0);
1135     }
1136
1137     if (!status->info)
1138         goto free;
1139
1140     rates_idx = ieee80211_tx_get_rates(hw, info, &retry_count);
1141
1142     acked = !!(info->flags & IEEE80211_TX_STAT_ACK);
1143     noack_success = !!(info->flags & IEEE80211_TX_STAT_NOACK_TRANSMITTED);
1144     ack_signal_valid =
1145         !!(info->status.flags & IEEE80211_TX_STATUS_ACK_SIGNAL_VALID);
1146
1147     if (pubsta) {
1148         struct ieee80211_sub_if_data *sdata = sta->sdata;
1149
1150         if (!acked && !noack_success)
1151             sta->deflink.status_stats.retry_failed++;
1152         sta->deflink.status_stats.retry_count += retry_count;
1153
1154         if (ieee80211_hw_check(&local->hw, REPORTS_TX_ACK_STATUS)) {
1155             if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1156                 skb && !(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
1157                 ieee80211_sta_tx_notify(sdata, (void *) skb->data,
1158                             acked, info->status.tx_time);
1159
1160             if (acked) {
1161                 sta->deflink.status_stats.last_ack = jiffies;
1162
1163                 if (sta->deflink.status_stats.lost_packets)
1164                     sta->deflink.status_stats.lost_packets = 0;
1165
1166                 /* Track when last packet was ACKed */
1167                 sta->deflink.status_stats.last_pkt_time = jiffies;
1168
1169                 /* Reset connection monitor */
1170                 if (sdata->vif.type == NL80211_IFTYPE_STATION &&
1171                     unlikely(sdata->u.mgd.probe_send_count > 0))
1172                     sdata->u.mgd.probe_send_count = 0;
1173
1174                 if (ack_signal_valid) {
1175                     sta->deflink.status_stats.last_ack_signal =
1176                              (s8)info->status.ack_signal;
1177                     sta->deflink.status_stats.ack_signal_filled = true;
1178                     ewma_avg_signal_add(&sta->deflink.status_stats.avg_ack_signal,
1179                                 -info->status.ack_signal);
1180                 }
1181             } else if (test_sta_flag(sta, WLAN_STA_PS_STA)) {
1182                 /*
1183                  * The STA is in power save mode, so assume
1184                  * that this TX packet failed because of that.
1185                  */
1186                 if (skb)
1187                     ieee80211_handle_filtered_frame(local, sta, skb);
1188                 return;
1189             } else if (noack_success) {
1190                 /* nothing to do here, do not account as lost */
1191             } else {
1192                 ieee80211_lost_packet(sta, info);
1193             }
1194         }
1195
1196         rate_control_tx_status(local, status);
1197         if (ieee80211_vif_is_mesh(&sta->sdata->vif))
1198             ieee80211s_update_metric(local, sta, status);
1199     }
1200
1201     if (skb && !(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP))
1202         return __ieee80211_tx_status(hw, status, rates_idx,
1203                          retry_count);
1204
1205     if (acked || noack_success) {
1206         I802_DEBUG_INC(local->dot11TransmittedFrameCount);
1207         if (!pubsta)
1208             I802_DEBUG_INC(local->dot11MulticastTransmittedFrameCount);
1209         if (retry_count > 0)
1210             I802_DEBUG_INC(local->dot11RetryCount);
1211         if (retry_count > 1)
1212             I802_DEBUG_INC(local->dot11MultipleRetryCount);
1213     } else {
1214         I802_DEBUG_INC(local->dot11FailedCount);
1215     }
1216
1217 free:
1218     if (!skb)
1219         return;
1220
1221     ieee80211_report_used_skb(local, skb, false, status->ack_hwtstamp);
1222     if (status->free_list)
1223         list_add_tail(&skb->list, status->free_list);
1224     else
1225         dev_kfree_skb(skb);
1226 }
1227 EXPORT_SYMBOL(ieee80211_tx_status_ext);
1228
1229 void ieee80211_tx_rate_update(struct ieee80211_hw *hw,
1230                   struct ieee80211_sta *pubsta,
1231                   struct ieee80211_tx_info *info)
1232 {
1233     struct ieee80211_local *local = hw_to_local(hw);
1234     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1235     struct ieee80211_tx_status status = {
1236         .info = info,
1237         .sta = pubsta,
1238     };
1239
1240     rate_control_tx_status(local, &status);
1241
1242     if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL))
1243         sta->deflink.tx_stats.last_rate = info->status.rates[0];
1244 }
1245 EXPORT_SYMBOL(ieee80211_tx_rate_update);
1246
1247 void ieee80211_tx_status_8023(struct ieee80211_hw *hw,
1248                   struct ieee80211_vif *vif,
1249                   struct sk_buff *skb)
1250 {
1251     struct ieee80211_sub_if_data *sdata;
1252     struct ieee80211_tx_status status = {
1253         .skb = skb,
1254         .info = IEEE80211_SKB_CB(skb),
1255     };
1256     struct sta_info *sta;
1257
1258     sdata = vif_to_sdata(vif);
1259
1260     rcu_read_lock();
1261
1262     if (!ieee80211_lookup_ra_sta(sdata, skb, &sta) && !IS_ERR(sta))
1263         status.sta = &sta->sta;
1264
1265     ieee80211_tx_status_ext(hw, &status);
1266
1267     rcu_read_unlock();
1268 }
1269 EXPORT_SYMBOL(ieee80211_tx_status_8023);
1270
1271 void ieee80211_report_low_ack(struct ieee80211_sta *pubsta, u32 num_packets)
1272 {
1273     struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1274     cfg80211_cqm_pktloss_notify(sta->sdata->dev, sta->sta.addr,
1275                     num_packets, GFP_ATOMIC);
1276 }
1277 EXPORT_SYMBOL(ieee80211_report_low_ack);
1278
1279 void ieee80211_free_txskb(struct ieee80211_hw *hw, struct sk_buff *skb)
1280 {
1281     struct ieee80211_local *local = hw_to_local(hw);
1282     ktime_t kt = ktime_set(0, 0);
1283
1284     ieee80211_report_used_skb(local, skb, true, kt);
1285     dev_kfree_skb_any(skb);
1286 }
1287 EXPORT_SYMBOL(ieee80211_free_txskb);
1288
1289 void ieee80211_purge_tx_queue(struct ieee80211_hw *hw,
1290                   struct sk_buff_head *skbs)
1291 {
1292     struct sk_buff *skb;
1293
1294     while ((skb = __skb_dequeue(skbs)))
1295         ieee80211_free_txskb(hw, skb);
1296 }