net/mac80211/work.c at v3.0-rc6

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v3.0-rc6 1277 lines 33 kB view raw
wrap content
   1/*
   2 * mac80211 work implementation
   3 *
   4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
  10 *
  11 * This program is free software; you can redistribute it and/or modify
  12 * it under the terms of the GNU General Public License version 2 as
  13 * published by the Free Software Foundation.
  14 */
  15
  16#include <linux/delay.h>
  17#include <linux/if_ether.h>
  18#include <linux/skbuff.h>
  19#include <linux/if_arp.h>
  20#include <linux/etherdevice.h>
  21#include <linux/crc32.h>
  22#include <linux/slab.h>
  23#include <net/mac80211.h>
  24#include <asm/unaligned.h>
  25
  26#include "ieee80211_i.h"
  27#include "rate.h"
  28
  29#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
  30#define IEEE80211_AUTH_MAX_TRIES 3
  31#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
  32#define IEEE80211_ASSOC_MAX_TRIES 3
  33
  34enum work_action {
  35	WORK_ACT_MISMATCH,
  36	WORK_ACT_NONE,
  37	WORK_ACT_TIMEOUT,
  38	WORK_ACT_DONE,
  39};
  40
  41
  42/* utils */
  43static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
  44{
  45	lockdep_assert_held(&local->mtx);
  46}
  47
  48/*
  49 * We can have multiple work items (and connection probing)
  50 * scheduling this timer, but we need to take care to only
  51 * reschedule it when it should fire _earlier_ than it was
  52 * asked for before, or if it's not pending right now. This
  53 * function ensures that. Note that it then is required to
  54 * run this function for all timeouts after the first one
  55 * has happened -- the work that runs from this timer will
  56 * do that.
  57 */
  58static void run_again(struct ieee80211_local *local,
  59		      unsigned long timeout)
  60{
  61	ASSERT_WORK_MTX(local);
  62
  63	if (!timer_pending(&local->work_timer) ||
  64	    time_before(timeout, local->work_timer.expires))
  65		mod_timer(&local->work_timer, timeout);
  66}
  67
  68void free_work(struct ieee80211_work *wk)
  69{
  70	kfree_rcu(wk, rcu_head);
  71}
  72
  73static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
  74				      struct ieee80211_supported_band *sband,
  75				      u32 *rates)
  76{
  77	int i, j, count;
  78	*rates = 0;
  79	count = 0;
  80	for (i = 0; i < supp_rates_len; i++) {
  81		int rate = (supp_rates[i] & 0x7F) * 5;
  82
  83		for (j = 0; j < sband->n_bitrates; j++)
  84			if (sband->bitrates[j].bitrate == rate) {
  85				*rates |= BIT(j);
  86				count++;
  87				break;
  88			}
  89	}
  90
  91	return count;
  92}
  93
  94/* frame sending functions */
  95
  96static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
  97				struct ieee80211_supported_band *sband,
  98				struct ieee80211_channel *channel,
  99				enum ieee80211_smps_mode smps)
 100{
 101	struct ieee80211_ht_info *ht_info;
 102	u8 *pos;
 103	u32 flags = channel->flags;
 104	u16 cap = sband->ht_cap.cap;
 105	__le16 tmp;
 106
 107	if (!sband->ht_cap.ht_supported)
 108		return;
 109
 110	if (!ht_info_ie)
 111		return;
 112
 113	if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
 114		return;
 115
 116	ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
 117
 118	/* determine capability flags */
 119
 120	switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
 121	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
 122		if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
 123			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 124			cap &= ~IEEE80211_HT_CAP_SGI_40;
 125		}
 126		break;
 127	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
 128		if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
 129			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 130			cap &= ~IEEE80211_HT_CAP_SGI_40;
 131		}
 132		break;
 133	}
 134
 135	/* set SM PS mode properly */
 136	cap &= ~IEEE80211_HT_CAP_SM_PS;
 137	switch (smps) {
 138	case IEEE80211_SMPS_AUTOMATIC:
 139	case IEEE80211_SMPS_NUM_MODES:
 140		WARN_ON(1);
 141	case IEEE80211_SMPS_OFF:
 142		cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
 143			IEEE80211_HT_CAP_SM_PS_SHIFT;
 144		break;
 145	case IEEE80211_SMPS_STATIC:
 146		cap |= WLAN_HT_CAP_SM_PS_STATIC <<
 147			IEEE80211_HT_CAP_SM_PS_SHIFT;
 148		break;
 149	case IEEE80211_SMPS_DYNAMIC:
 150		cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
 151			IEEE80211_HT_CAP_SM_PS_SHIFT;
 152		break;
 153	}
 154
 155	/* reserve and fill IE */
 156
 157	pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
 158	*pos++ = WLAN_EID_HT_CAPABILITY;
 159	*pos++ = sizeof(struct ieee80211_ht_cap);
 160	memset(pos, 0, sizeof(struct ieee80211_ht_cap));
 161
 162	/* capability flags */
 163	tmp = cpu_to_le16(cap);
 164	memcpy(pos, &tmp, sizeof(u16));
 165	pos += sizeof(u16);
 166
 167	/* AMPDU parameters */
 168	*pos++ = sband->ht_cap.ampdu_factor |
 169		 (sband->ht_cap.ampdu_density <<
 170			IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
 171
 172	/* MCS set */
 173	memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
 174	pos += sizeof(sband->ht_cap.mcs);
 175
 176	/* extended capabilities */
 177	pos += sizeof(__le16);
 178
 179	/* BF capabilities */
 180	pos += sizeof(__le32);
 181
 182	/* antenna selection */
 183	pos += sizeof(u8);
 184}
 185
 186static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
 187				 struct ieee80211_work *wk)
 188{
 189	struct ieee80211_local *local = sdata->local;
 190	struct sk_buff *skb;
 191	struct ieee80211_mgmt *mgmt;
 192	u8 *pos, qos_info;
 193	size_t offset = 0, noffset;
 194	int i, count, rates_len, supp_rates_len;
 195	u16 capab;
 196	struct ieee80211_supported_band *sband;
 197	u32 rates = 0;
 198
 199	sband = local->hw.wiphy->bands[wk->chan->band];
 200
 201	if (wk->assoc.supp_rates_len) {
 202		/*
 203		 * Get all rates supported by the device and the AP as
 204		 * some APs don't like getting a superset of their rates
 205		 * in the association request (e.g. D-Link DAP 1353 in
 206		 * b-only mode)...
 207		 */
 208		rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
 209						       wk->assoc.supp_rates_len,
 210						       sband, &rates);
 211	} else {
 212		/*
 213		 * In case AP not provide any supported rates information
 214		 * before association, we send information element(s) with
 215		 * all rates that we support.
 216		 */
 217		rates = ~0;
 218		rates_len = sband->n_bitrates;
 219	}
 220
 221	skb = alloc_skb(local->hw.extra_tx_headroom +
 222			sizeof(*mgmt) + /* bit too much but doesn't matter */
 223			2 + wk->assoc.ssid_len + /* SSID */
 224			4 + rates_len + /* (extended) rates */
 225			4 + /* power capability */
 226			2 + 2 * sband->n_channels + /* supported channels */
 227			2 + sizeof(struct ieee80211_ht_cap) + /* HT */
 228			wk->ie_len + /* extra IEs */
 229			9, /* WMM */
 230			GFP_KERNEL);
 231	if (!skb) {
 232		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
 233		       "frame\n", sdata->name);
 234		return;
 235	}
 236	skb_reserve(skb, local->hw.extra_tx_headroom);
 237
 238	capab = WLAN_CAPABILITY_ESS;
 239
 240	if (sband->band == IEEE80211_BAND_2GHZ) {
 241		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
 242			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
 243		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
 244			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
 245	}
 246
 247	if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
 248		capab |= WLAN_CAPABILITY_PRIVACY;
 249
 250	if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
 251	    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
 252		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
 253
 254	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
 255	memset(mgmt, 0, 24);
 256	memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
 257	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
 258	memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
 259
 260	if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
 261		skb_put(skb, 10);
 262		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 263						  IEEE80211_STYPE_REASSOC_REQ);
 264		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
 265		mgmt->u.reassoc_req.listen_interval =
 266				cpu_to_le16(local->hw.conf.listen_interval);
 267		memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
 268		       ETH_ALEN);
 269	} else {
 270		skb_put(skb, 4);
 271		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 272						  IEEE80211_STYPE_ASSOC_REQ);
 273		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
 274		mgmt->u.assoc_req.listen_interval =
 275				cpu_to_le16(local->hw.conf.listen_interval);
 276	}
 277
 278	/* SSID */
 279	pos = skb_put(skb, 2 + wk->assoc.ssid_len);
 280	*pos++ = WLAN_EID_SSID;
 281	*pos++ = wk->assoc.ssid_len;
 282	memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
 283
 284	/* add all rates which were marked to be used above */
 285	supp_rates_len = rates_len;
 286	if (supp_rates_len > 8)
 287		supp_rates_len = 8;
 288
 289	pos = skb_put(skb, supp_rates_len + 2);
 290	*pos++ = WLAN_EID_SUPP_RATES;
 291	*pos++ = supp_rates_len;
 292
 293	count = 0;
 294	for (i = 0; i < sband->n_bitrates; i++) {
 295		if (BIT(i) & rates) {
 296			int rate = sband->bitrates[i].bitrate;
 297			*pos++ = (u8) (rate / 5);
 298			if (++count == 8)
 299				break;
 300		}
 301	}
 302
 303	if (rates_len > count) {
 304		pos = skb_put(skb, rates_len - count + 2);
 305		*pos++ = WLAN_EID_EXT_SUPP_RATES;
 306		*pos++ = rates_len - count;
 307
 308		for (i++; i < sband->n_bitrates; i++) {
 309			if (BIT(i) & rates) {
 310				int rate = sband->bitrates[i].bitrate;
 311				*pos++ = (u8) (rate / 5);
 312			}
 313		}
 314	}
 315
 316	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
 317		/* 1. power capabilities */
 318		pos = skb_put(skb, 4);
 319		*pos++ = WLAN_EID_PWR_CAPABILITY;
 320		*pos++ = 2;
 321		*pos++ = 0; /* min tx power */
 322		*pos++ = wk->chan->max_power; /* max tx power */
 323
 324		/* 2. supported channels */
 325		/* TODO: get this in reg domain format */
 326		pos = skb_put(skb, 2 * sband->n_channels + 2);
 327		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
 328		*pos++ = 2 * sband->n_channels;
 329		for (i = 0; i < sband->n_channels; i++) {
 330			*pos++ = ieee80211_frequency_to_channel(
 331					sband->channels[i].center_freq);
 332			*pos++ = 1; /* one channel in the subband*/
 333		}
 334	}
 335
 336	/* if present, add any custom IEs that go before HT */
 337	if (wk->ie_len && wk->ie) {
 338		static const u8 before_ht[] = {
 339			WLAN_EID_SSID,
 340			WLAN_EID_SUPP_RATES,
 341			WLAN_EID_EXT_SUPP_RATES,
 342			WLAN_EID_PWR_CAPABILITY,
 343			WLAN_EID_SUPPORTED_CHANNELS,
 344			WLAN_EID_RSN,
 345			WLAN_EID_QOS_CAPA,
 346			WLAN_EID_RRM_ENABLED_CAPABILITIES,
 347			WLAN_EID_MOBILITY_DOMAIN,
 348			WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
 349		};
 350		noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
 351					     before_ht, ARRAY_SIZE(before_ht),
 352					     offset);
 353		pos = skb_put(skb, noffset - offset);
 354		memcpy(pos, wk->ie + offset, noffset - offset);
 355		offset = noffset;
 356	}
 357
 358	if (wk->assoc.use_11n && wk->assoc.wmm_used &&
 359	    local->hw.queues >= 4)
 360		ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
 361				    sband, wk->chan, wk->assoc.smps);
 362
 363	/* if present, add any custom non-vendor IEs that go after HT */
 364	if (wk->ie_len && wk->ie) {
 365		noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
 366						    offset);
 367		pos = skb_put(skb, noffset - offset);
 368		memcpy(pos, wk->ie + offset, noffset - offset);
 369		offset = noffset;
 370	}
 371
 372	if (wk->assoc.wmm_used && local->hw.queues >= 4) {
 373		if (wk->assoc.uapsd_used) {
 374			qos_info = local->uapsd_queues;
 375			qos_info |= (local->uapsd_max_sp_len <<
 376				     IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
 377		} else {
 378			qos_info = 0;
 379		}
 380
 381		pos = skb_put(skb, 9);
 382		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
 383		*pos++ = 7; /* len */
 384		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
 385		*pos++ = 0x50;
 386		*pos++ = 0xf2;
 387		*pos++ = 2; /* WME */
 388		*pos++ = 0; /* WME info */
 389		*pos++ = 1; /* WME ver */
 390		*pos++ = qos_info;
 391	}
 392
 393	/* add any remaining custom (i.e. vendor specific here) IEs */
 394	if (wk->ie_len && wk->ie) {
 395		noffset = wk->ie_len;
 396		pos = skb_put(skb, noffset - offset);
 397		memcpy(pos, wk->ie + offset, noffset - offset);
 398	}
 399
 400	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
 401	ieee80211_tx_skb(sdata, skb);
 402}
 403
 404static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
 405				      struct ieee80211_work *wk)
 406{
 407	struct cfg80211_bss *cbss;
 408	u16 capa_val = WLAN_CAPABILITY_ESS;
 409
 410	if (wk->probe_auth.privacy)
 411		capa_val |= WLAN_CAPABILITY_PRIVACY;
 412
 413	cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
 414				wk->probe_auth.ssid, wk->probe_auth.ssid_len,
 415				WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
 416				capa_val);
 417	if (!cbss)
 418		return;
 419
 420	cfg80211_unlink_bss(local->hw.wiphy, cbss);
 421	cfg80211_put_bss(cbss);
 422}
 423
 424static enum work_action __must_check
 425ieee80211_direct_probe(struct ieee80211_work *wk)
 426{
 427	struct ieee80211_sub_if_data *sdata = wk->sdata;
 428	struct ieee80211_local *local = sdata->local;
 429
 430	wk->probe_auth.tries++;
 431	if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
 432		printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
 433		       sdata->name, wk->filter_ta);
 434
 435		/*
 436		 * Most likely AP is not in the range so remove the
 437		 * bss struct for that AP.
 438		 */
 439		ieee80211_remove_auth_bss(local, wk);
 440
 441		return WORK_ACT_TIMEOUT;
 442	}
 443
 444	printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
 445	       sdata->name, wk->filter_ta, wk->probe_auth.tries,
 446	       IEEE80211_AUTH_MAX_TRIES);
 447
 448	/*
 449	 * Direct probe is sent to broadcast address as some APs
 450	 * will not answer to direct packet in unassociated state.
 451	 */
 452	ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
 453				 wk->probe_auth.ssid_len, NULL, 0);
 454
 455	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
 456	run_again(local, wk->timeout);
 457
 458	return WORK_ACT_NONE;
 459}
 460
 461
 462static enum work_action __must_check
 463ieee80211_authenticate(struct ieee80211_work *wk)
 464{
 465	struct ieee80211_sub_if_data *sdata = wk->sdata;
 466	struct ieee80211_local *local = sdata->local;
 467
 468	wk->probe_auth.tries++;
 469	if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
 470		printk(KERN_DEBUG "%s: authentication with %pM"
 471		       " timed out\n", sdata->name, wk->filter_ta);
 472
 473		/*
 474		 * Most likely AP is not in the range so remove the
 475		 * bss struct for that AP.
 476		 */
 477		ieee80211_remove_auth_bss(local, wk);
 478
 479		return WORK_ACT_TIMEOUT;
 480	}
 481
 482	printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
 483	       sdata->name, wk->filter_ta, wk->probe_auth.tries);
 484
 485	ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
 486			    wk->ie_len, wk->filter_ta, NULL, 0, 0);
 487	wk->probe_auth.transaction = 2;
 488
 489	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
 490	run_again(local, wk->timeout);
 491
 492	return WORK_ACT_NONE;
 493}
 494
 495static enum work_action __must_check
 496ieee80211_associate(struct ieee80211_work *wk)
 497{
 498	struct ieee80211_sub_if_data *sdata = wk->sdata;
 499	struct ieee80211_local *local = sdata->local;
 500
 501	wk->assoc.tries++;
 502	if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
 503		printk(KERN_DEBUG "%s: association with %pM"
 504		       " timed out\n",
 505		       sdata->name, wk->filter_ta);
 506
 507		/*
 508		 * Most likely AP is not in the range so remove the
 509		 * bss struct for that AP.
 510		 */
 511		if (wk->assoc.bss)
 512			cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
 513
 514		return WORK_ACT_TIMEOUT;
 515	}
 516
 517	printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
 518	       sdata->name, wk->filter_ta, wk->assoc.tries);
 519	ieee80211_send_assoc(sdata, wk);
 520
 521	wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
 522	run_again(local, wk->timeout);
 523
 524	return WORK_ACT_NONE;
 525}
 526
 527static enum work_action __must_check
 528ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
 529{
 530	/*
 531	 * First time we run, do nothing -- the generic code will
 532	 * have switched to the right channel etc.
 533	 */
 534	if (!wk->started) {
 535		wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
 536
 537		cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
 538					  wk->chan, wk->chan_type,
 539					  wk->remain.duration, GFP_KERNEL);
 540
 541		return WORK_ACT_NONE;
 542	}
 543
 544	return WORK_ACT_TIMEOUT;
 545}
 546
 547static enum work_action __must_check
 548ieee80211_offchannel_tx(struct ieee80211_work *wk)
 549{
 550	if (!wk->started) {
 551		wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
 552
 553		/*
 554		 * After this, offchan_tx.frame remains but now is no
 555		 * longer a valid pointer -- we still need it as the
 556		 * cookie for canceling this work.
 557		 */
 558		ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
 559
 560		return WORK_ACT_NONE;
 561	}
 562
 563	return WORK_ACT_TIMEOUT;
 564}
 565
 566static enum work_action __must_check
 567ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
 568{
 569	if (wk->started)
 570		return WORK_ACT_TIMEOUT;
 571
 572	/*
 573	 * Wait up to one beacon interval ...
 574	 * should this be more if we miss one?
 575	 */
 576	printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
 577	       wk->sdata->name, wk->filter_ta);
 578	wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
 579	return WORK_ACT_NONE;
 580}
 581
 582static void ieee80211_auth_challenge(struct ieee80211_work *wk,
 583				     struct ieee80211_mgmt *mgmt,
 584				     size_t len)
 585{
 586	struct ieee80211_sub_if_data *sdata = wk->sdata;
 587	u8 *pos;
 588	struct ieee802_11_elems elems;
 589
 590	pos = mgmt->u.auth.variable;
 591	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 592	if (!elems.challenge)
 593		return;
 594	ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
 595			    elems.challenge - 2, elems.challenge_len + 2,
 596			    wk->filter_ta, wk->probe_auth.key,
 597			    wk->probe_auth.key_len, wk->probe_auth.key_idx);
 598	wk->probe_auth.transaction = 4;
 599}
 600
 601static enum work_action __must_check
 602ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
 603		       struct ieee80211_mgmt *mgmt, size_t len)
 604{
 605	u16 auth_alg, auth_transaction, status_code;
 606
 607	if (wk->type != IEEE80211_WORK_AUTH)
 608		return WORK_ACT_MISMATCH;
 609
 610	if (len < 24 + 6)
 611		return WORK_ACT_NONE;
 612
 613	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
 614	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
 615	status_code = le16_to_cpu(mgmt->u.auth.status_code);
 616
 617	if (auth_alg != wk->probe_auth.algorithm ||
 618	    auth_transaction != wk->probe_auth.transaction)
 619		return WORK_ACT_NONE;
 620
 621	if (status_code != WLAN_STATUS_SUCCESS) {
 622		printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
 623		       wk->sdata->name, mgmt->sa, status_code);
 624		return WORK_ACT_DONE;
 625	}
 626
 627	switch (wk->probe_auth.algorithm) {
 628	case WLAN_AUTH_OPEN:
 629	case WLAN_AUTH_LEAP:
 630	case WLAN_AUTH_FT:
 631		break;
 632	case WLAN_AUTH_SHARED_KEY:
 633		if (wk->probe_auth.transaction != 4) {
 634			ieee80211_auth_challenge(wk, mgmt, len);
 635			/* need another frame */
 636			return WORK_ACT_NONE;
 637		}
 638		break;
 639	default:
 640		WARN_ON(1);
 641		return WORK_ACT_NONE;
 642	}
 643
 644	printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
 645	return WORK_ACT_DONE;
 646}
 647
 648static enum work_action __must_check
 649ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
 650			     struct ieee80211_mgmt *mgmt, size_t len,
 651			     bool reassoc)
 652{
 653	struct ieee80211_sub_if_data *sdata = wk->sdata;
 654	struct ieee80211_local *local = sdata->local;
 655	u16 capab_info, status_code, aid;
 656	struct ieee802_11_elems elems;
 657	u8 *pos;
 658
 659	if (wk->type != IEEE80211_WORK_ASSOC)
 660		return WORK_ACT_MISMATCH;
 661
 662	/*
 663	 * AssocResp and ReassocResp have identical structure, so process both
 664	 * of them in this function.
 665	 */
 666
 667	if (len < 24 + 6)
 668		return WORK_ACT_NONE;
 669
 670	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
 671	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
 672	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
 673
 674	printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
 675	       "status=%d aid=%d)\n",
 676	       sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
 677	       capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
 678
 679	pos = mgmt->u.assoc_resp.variable;
 680	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 681
 682	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
 683	    elems.timeout_int && elems.timeout_int_len == 5 &&
 684	    elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
 685		u32 tu, ms;
 686		tu = get_unaligned_le32(elems.timeout_int + 1);
 687		ms = tu * 1024 / 1000;
 688		printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
 689		       "comeback duration %u TU (%u ms)\n",
 690		       sdata->name, mgmt->sa, tu, ms);
 691		wk->timeout = jiffies + msecs_to_jiffies(ms);
 692		if (ms > IEEE80211_ASSOC_TIMEOUT)
 693			run_again(local, wk->timeout);
 694		return WORK_ACT_NONE;
 695	}
 696
 697	if (status_code != WLAN_STATUS_SUCCESS)
 698		printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
 699		       sdata->name, mgmt->sa, status_code);
 700	else
 701		printk(KERN_DEBUG "%s: associated\n", sdata->name);
 702
 703	return WORK_ACT_DONE;
 704}
 705
 706static enum work_action __must_check
 707ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
 708			     struct ieee80211_mgmt *mgmt, size_t len,
 709			     struct ieee80211_rx_status *rx_status)
 710{
 711	struct ieee80211_sub_if_data *sdata = wk->sdata;
 712	struct ieee80211_local *local = sdata->local;
 713	size_t baselen;
 714
 715	ASSERT_WORK_MTX(local);
 716
 717	if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
 718		return WORK_ACT_MISMATCH;
 719
 720	if (len < 24 + 12)
 721		return WORK_ACT_NONE;
 722
 723	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
 724	if (baselen > len)
 725		return WORK_ACT_NONE;
 726
 727	printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
 728	return WORK_ACT_DONE;
 729}
 730
 731static enum work_action __must_check
 732ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
 733			 struct ieee80211_mgmt *mgmt, size_t len)
 734{
 735	struct ieee80211_sub_if_data *sdata = wk->sdata;
 736	struct ieee80211_local *local = sdata->local;
 737
 738	ASSERT_WORK_MTX(local);
 739
 740	if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
 741		return WORK_ACT_MISMATCH;
 742
 743	if (len < 24 + 12)
 744		return WORK_ACT_NONE;
 745
 746	printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
 747	return WORK_ACT_DONE;
 748}
 749
 750static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
 751					  struct sk_buff *skb)
 752{
 753	struct ieee80211_rx_status *rx_status;
 754	struct ieee80211_mgmt *mgmt;
 755	struct ieee80211_work *wk;
 756	enum work_action rma = WORK_ACT_NONE;
 757	u16 fc;
 758
 759	rx_status = (struct ieee80211_rx_status *) skb->cb;
 760	mgmt = (struct ieee80211_mgmt *) skb->data;
 761	fc = le16_to_cpu(mgmt->frame_control);
 762
 763	mutex_lock(&local->mtx);
 764
 765	list_for_each_entry(wk, &local->work_list, list) {
 766		const u8 *bssid = NULL;
 767
 768		switch (wk->type) {
 769		case IEEE80211_WORK_DIRECT_PROBE:
 770		case IEEE80211_WORK_AUTH:
 771		case IEEE80211_WORK_ASSOC:
 772		case IEEE80211_WORK_ASSOC_BEACON_WAIT:
 773			bssid = wk->filter_ta;
 774			break;
 775		default:
 776			continue;
 777		}
 778
 779		/*
 780		 * Before queuing, we already verified mgmt->sa,
 781		 * so this is needed just for matching.
 782		 */
 783		if (compare_ether_addr(bssid, mgmt->bssid))
 784			continue;
 785
 786		switch (fc & IEEE80211_FCTL_STYPE) {
 787		case IEEE80211_STYPE_BEACON:
 788			rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
 789			break;
 790		case IEEE80211_STYPE_PROBE_RESP:
 791			rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
 792							   rx_status);
 793			break;
 794		case IEEE80211_STYPE_AUTH:
 795			rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
 796			break;
 797		case IEEE80211_STYPE_ASSOC_RESP:
 798			rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
 799							   skb->len, false);
 800			break;
 801		case IEEE80211_STYPE_REASSOC_RESP:
 802			rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
 803							   skb->len, true);
 804			break;
 805		default:
 806			WARN_ON(1);
 807			rma = WORK_ACT_NONE;
 808		}
 809
 810		/*
 811		 * We've either received an unexpected frame, or we have
 812		 * multiple work items and need to match the frame to the
 813		 * right one.
 814		 */
 815		if (rma == WORK_ACT_MISMATCH)
 816			continue;
 817
 818		/*
 819		 * We've processed this frame for that work, so it can't
 820		 * belong to another work struct.
 821		 * NB: this is also required for correctness for 'rma'!
 822		 */
 823		break;
 824	}
 825
 826	switch (rma) {
 827	case WORK_ACT_MISMATCH:
 828		/* ignore this unmatched frame */
 829		break;
 830	case WORK_ACT_NONE:
 831		break;
 832	case WORK_ACT_DONE:
 833		list_del_rcu(&wk->list);
 834		break;
 835	default:
 836		WARN(1, "unexpected: %d", rma);
 837	}
 838
 839	mutex_unlock(&local->mtx);
 840
 841	if (rma != WORK_ACT_DONE)
 842		goto out;
 843
 844	switch (wk->done(wk, skb)) {
 845	case WORK_DONE_DESTROY:
 846		free_work(wk);
 847		break;
 848	case WORK_DONE_REQUEUE:
 849		synchronize_rcu();
 850		wk->started = false; /* restart */
 851		mutex_lock(&local->mtx);
 852		list_add_tail(&wk->list, &local->work_list);
 853		mutex_unlock(&local->mtx);
 854	}
 855
 856 out:
 857	kfree_skb(skb);
 858}
 859
 860static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct,
 861				       enum nl80211_channel_type oper_ct)
 862{
 863	switch (wk_ct) {
 864	case NL80211_CHAN_NO_HT:
 865		return true;
 866	case NL80211_CHAN_HT20:
 867		if (oper_ct != NL80211_CHAN_NO_HT)
 868			return true;
 869		return false;
 870	case NL80211_CHAN_HT40MINUS:
 871	case NL80211_CHAN_HT40PLUS:
 872		return (wk_ct == oper_ct);
 873	}
 874	WARN_ON(1); /* shouldn't get here */
 875	return false;
 876}
 877
 878static enum nl80211_channel_type
 879ieee80211_calc_ct(enum nl80211_channel_type wk_ct,
 880		  enum nl80211_channel_type oper_ct)
 881{
 882	switch (wk_ct) {
 883	case NL80211_CHAN_NO_HT:
 884		return oper_ct;
 885	case NL80211_CHAN_HT20:
 886		if (oper_ct != NL80211_CHAN_NO_HT)
 887			return oper_ct;
 888		return wk_ct;
 889	case NL80211_CHAN_HT40MINUS:
 890	case NL80211_CHAN_HT40PLUS:
 891		return wk_ct;
 892	}
 893	WARN_ON(1); /* shouldn't get here */
 894	return wk_ct;
 895}
 896
 897
 898static void ieee80211_work_timer(unsigned long data)
 899{
 900	struct ieee80211_local *local = (void *) data;
 901
 902	if (local->quiescing)
 903		return;
 904
 905	ieee80211_queue_work(&local->hw, &local->work_work);
 906}
 907
 908static void ieee80211_work_work(struct work_struct *work)
 909{
 910	struct ieee80211_local *local =
 911		container_of(work, struct ieee80211_local, work_work);
 912	struct sk_buff *skb;
 913	struct ieee80211_work *wk, *tmp;
 914	LIST_HEAD(free_work);
 915	enum work_action rma;
 916	bool remain_off_channel = false;
 917
 918	if (local->scanning)
 919		return;
 920
 921	/*
 922	 * ieee80211_queue_work() should have picked up most cases,
 923	 * here we'll pick the rest.
 924	 */
 925	if (WARN(local->suspended, "work scheduled while going to suspend\n"))
 926		return;
 927
 928	/* first process frames to avoid timing out while a frame is pending */
 929	while ((skb = skb_dequeue(&local->work_skb_queue)))
 930		ieee80211_work_rx_queued_mgmt(local, skb);
 931
 932	mutex_lock(&local->mtx);
 933
 934	ieee80211_recalc_idle(local);
 935
 936	list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
 937		bool started = wk->started;
 938
 939		/* mark work as started if it's on the current off-channel */
 940		if (!started && local->tmp_channel &&
 941		    wk->chan == local->tmp_channel &&
 942		    wk->chan_type == local->tmp_channel_type) {
 943			started = true;
 944			wk->timeout = jiffies;
 945		}
 946
 947		if (!started && !local->tmp_channel) {
 948			bool on_oper_chan;
 949			bool tmp_chan_changed = false;
 950			bool on_oper_chan2;
 951			enum nl80211_channel_type wk_ct;
 952			on_oper_chan = ieee80211_cfg_on_oper_channel(local);
 953
 954			/* Work with existing channel type if possible. */
 955			wk_ct = wk->chan_type;
 956			if (wk->chan == local->hw.conf.channel)
 957				wk_ct = ieee80211_calc_ct(wk->chan_type,
 958						local->hw.conf.channel_type);
 959
 960			if (local->tmp_channel)
 961				if ((local->tmp_channel != wk->chan) ||
 962				    (local->tmp_channel_type != wk_ct))
 963					tmp_chan_changed = true;
 964
 965			local->tmp_channel = wk->chan;
 966			local->tmp_channel_type = wk_ct;
 967			/*
 968			 * Leave the station vifs in awake mode if they
 969			 * happen to be on the same channel as
 970			 * the requested channel.
 971			 */
 972			on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
 973			if (on_oper_chan != on_oper_chan2) {
 974				if (on_oper_chan2) {
 975					/* going off oper channel, PS too */
 976					ieee80211_offchannel_stop_vifs(local,
 977								       true);
 978					ieee80211_hw_config(local, 0);
 979				} else {
 980					/* going on channel, but leave PS
 981					 * off-channel. */
 982					ieee80211_hw_config(local, 0);
 983					ieee80211_offchannel_return(local,
 984								    true,
 985								    false);
 986				}
 987			} else if (tmp_chan_changed)
 988				/* Still off-channel, but on some other
 989				 * channel, so update hardware.
 990				 * PS should already be off-channel.
 991				 */
 992				ieee80211_hw_config(local, 0);
 993
 994			started = true;
 995			wk->timeout = jiffies;
 996		}
 997
 998		/* don't try to work with items that aren't started */
 999		if (!started)
1000			continue;
1001
1002		if (time_is_after_jiffies(wk->timeout)) {
1003			/*
1004			 * This work item isn't supposed to be worked on
1005			 * right now, but take care to adjust the timer
1006			 * properly.
1007			 */
1008			run_again(local, wk->timeout);
1009			continue;
1010		}
1011
1012		switch (wk->type) {
1013		default:
1014			WARN_ON(1);
1015			/* nothing */
1016			rma = WORK_ACT_NONE;
1017			break;
1018		case IEEE80211_WORK_ABORT:
1019			rma = WORK_ACT_TIMEOUT;
1020			break;
1021		case IEEE80211_WORK_DIRECT_PROBE:
1022			rma = ieee80211_direct_probe(wk);
1023			break;
1024		case IEEE80211_WORK_AUTH:
1025			rma = ieee80211_authenticate(wk);
1026			break;
1027		case IEEE80211_WORK_ASSOC:
1028			rma = ieee80211_associate(wk);
1029			break;
1030		case IEEE80211_WORK_REMAIN_ON_CHANNEL:
1031			rma = ieee80211_remain_on_channel_timeout(wk);
1032			break;
1033		case IEEE80211_WORK_OFFCHANNEL_TX:
1034			rma = ieee80211_offchannel_tx(wk);
1035			break;
1036		case IEEE80211_WORK_ASSOC_BEACON_WAIT:
1037			rma = ieee80211_assoc_beacon_wait(wk);
1038			break;
1039		}
1040
1041		wk->started = started;
1042
1043		switch (rma) {
1044		case WORK_ACT_NONE:
1045			/* might have changed the timeout */
1046			run_again(local, wk->timeout);
1047			break;
1048		case WORK_ACT_TIMEOUT:
1049			list_del_rcu(&wk->list);
1050			synchronize_rcu();
1051			list_add(&wk->list, &free_work);
1052			break;
1053		default:
1054			WARN(1, "unexpected: %d", rma);
1055		}
1056	}
1057
1058	list_for_each_entry(wk, &local->work_list, list) {
1059		if (!wk->started)
1060			continue;
1061		if (wk->chan != local->tmp_channel)
1062			continue;
1063		if (ieee80211_work_ct_coexists(wk->chan_type,
1064					       local->tmp_channel_type))
1065			continue;
1066		remain_off_channel = true;
1067	}
1068
1069	if (!remain_off_channel && local->tmp_channel) {
1070		bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
1071		local->tmp_channel = NULL;
1072		/* If tmp_channel wasn't operating channel, then
1073		 * we need to go back on-channel.
1074		 * NOTE:  If we can ever be here while scannning,
1075		 * or if the hw_config() channel config logic changes,
1076		 * then we may need to do a more thorough check to see if
1077		 * we still need to do a hardware config.  Currently,
1078		 * we cannot be here while scanning, however.
1079		 */
1080		if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan)
1081			ieee80211_hw_config(local, 0);
1082
1083		/* At the least, we need to disable offchannel_ps,
1084		 * so just go ahead and run the entire offchannel
1085		 * return logic here.  We *could* skip enabling
1086		 * beaconing if we were already on-oper-channel
1087		 * as a future optimization.
1088		 */
1089		ieee80211_offchannel_return(local, true, true);
1090
1091		/* give connection some time to breathe */
1092		run_again(local, jiffies + HZ/2);
1093	}
1094
1095	if (list_empty(&local->work_list) && local->scan_req &&
1096	    !local->scanning)
1097		ieee80211_queue_delayed_work(&local->hw,
1098					     &local->scan_work,
1099					     round_jiffies_relative(0));
1100
1101	ieee80211_recalc_idle(local);
1102
1103	mutex_unlock(&local->mtx);
1104
1105	list_for_each_entry_safe(wk, tmp, &free_work, list) {
1106		wk->done(wk, NULL);
1107		list_del(&wk->list);
1108		kfree(wk);
1109	}
1110}
1111
1112void ieee80211_add_work(struct ieee80211_work *wk)
1113{
1114	struct ieee80211_local *local;
1115
1116	if (WARN_ON(!wk->chan))
1117		return;
1118
1119	if (WARN_ON(!wk->sdata))
1120		return;
1121
1122	if (WARN_ON(!wk->done))
1123		return;
1124
1125	if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
1126		return;
1127
1128	wk->started = false;
1129
1130	local = wk->sdata->local;
1131	mutex_lock(&local->mtx);
1132	list_add_tail(&wk->list, &local->work_list);
1133	mutex_unlock(&local->mtx);
1134
1135	ieee80211_queue_work(&local->hw, &local->work_work);
1136}
1137
1138void ieee80211_work_init(struct ieee80211_local *local)
1139{
1140	INIT_LIST_HEAD(&local->work_list);
1141	setup_timer(&local->work_timer, ieee80211_work_timer,
1142		    (unsigned long)local);
1143	INIT_WORK(&local->work_work, ieee80211_work_work);
1144	skb_queue_head_init(&local->work_skb_queue);
1145}
1146
1147void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1148{
1149	struct ieee80211_local *local = sdata->local;
1150	struct ieee80211_work *wk;
1151	bool cleanup = false;
1152
1153	mutex_lock(&local->mtx);
1154	list_for_each_entry(wk, &local->work_list, list) {
1155		if (wk->sdata != sdata)
1156			continue;
1157		cleanup = true;
1158		wk->type = IEEE80211_WORK_ABORT;
1159		wk->started = true;
1160		wk->timeout = jiffies;
1161	}
1162	mutex_unlock(&local->mtx);
1163
1164	/* run cleanups etc. */
1165	if (cleanup)
1166		ieee80211_work_work(&local->work_work);
1167
1168	mutex_lock(&local->mtx);
1169	list_for_each_entry(wk, &local->work_list, list) {
1170		if (wk->sdata != sdata)
1171			continue;
1172		WARN_ON(1);
1173		break;
1174	}
1175	mutex_unlock(&local->mtx);
1176}
1177
1178ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1179					   struct sk_buff *skb)
1180{
1181	struct ieee80211_local *local = sdata->local;
1182	struct ieee80211_mgmt *mgmt;
1183	struct ieee80211_work *wk;
1184	u16 fc;
1185
1186	if (skb->len < 24)
1187		return RX_DROP_MONITOR;
1188
1189	mgmt = (struct ieee80211_mgmt *) skb->data;
1190	fc = le16_to_cpu(mgmt->frame_control);
1191
1192	list_for_each_entry_rcu(wk, &local->work_list, list) {
1193		if (sdata != wk->sdata)
1194			continue;
1195		if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1196			continue;
1197		if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1198			continue;
1199
1200		switch (fc & IEEE80211_FCTL_STYPE) {
1201		case IEEE80211_STYPE_AUTH:
1202		case IEEE80211_STYPE_PROBE_RESP:
1203		case IEEE80211_STYPE_ASSOC_RESP:
1204		case IEEE80211_STYPE_REASSOC_RESP:
1205		case IEEE80211_STYPE_BEACON:
1206			skb_queue_tail(&local->work_skb_queue, skb);
1207			ieee80211_queue_work(&local->hw, &local->work_work);
1208			return RX_QUEUED;
1209		}
1210	}
1211
1212	return RX_CONTINUE;
1213}
1214
1215static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1216						   struct sk_buff *skb)
1217{
1218	/*
1219	 * We are done serving the remain-on-channel command.
1220	 */
1221	cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1222					   wk->chan, wk->chan_type,
1223					   GFP_KERNEL);
1224
1225	return WORK_DONE_DESTROY;
1226}
1227
1228int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1229				   struct ieee80211_channel *chan,
1230				   enum nl80211_channel_type channel_type,
1231				   unsigned int duration, u64 *cookie)
1232{
1233	struct ieee80211_work *wk;
1234
1235	wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1236	if (!wk)
1237		return -ENOMEM;
1238
1239	wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1240	wk->chan = chan;
1241	wk->chan_type = channel_type;
1242	wk->sdata = sdata;
1243	wk->done = ieee80211_remain_done;
1244
1245	wk->remain.duration = duration;
1246
1247	*cookie = (unsigned long) wk;
1248
1249	ieee80211_add_work(wk);
1250
1251	return 0;
1252}
1253
1254int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1255					  u64 cookie)
1256{
1257	struct ieee80211_local *local = sdata->local;
1258	struct ieee80211_work *wk, *tmp;
1259	bool found = false;
1260
1261	mutex_lock(&local->mtx);
1262	list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1263		if ((unsigned long) wk == cookie) {
1264			wk->timeout = jiffies;
1265			found = true;
1266			break;
1267		}
1268	}
1269	mutex_unlock(&local->mtx);
1270
1271	if (!found)
1272		return -ENOENT;
1273
1274	ieee80211_queue_work(&local->hw, &local->work_work);
1275
1276	return 0;
1277}