net/mac80211/work.c at v3.1-rc9

tjh.dev / kernel
fork atom
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom
kernel / net / mac80211 / work.c
at v3.1-rc9 1303 lines 34 kB view raw
wrap content
   1/*
   2 * mac80211 work implementation
   3 *
   4 * Copyright 2003-2008, Jouni Malinen <j@w1.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net>
  10 *
  11 * This program is free software; you can redistribute it and/or modify
  12 * it under the terms of the GNU General Public License version 2 as
  13 * published by the Free Software Foundation.
  14 */
  15
  16#include <linux/delay.h>
  17#include <linux/if_ether.h>
  18#include <linux/skbuff.h>
  19#include <linux/if_arp.h>
  20#include <linux/etherdevice.h>
  21#include <linux/crc32.h>
  22#include <linux/slab.h>
  23#include <net/mac80211.h>
  24#include <asm/unaligned.h>
  25
  26#include "ieee80211_i.h"
  27#include "rate.h"
  28#include "driver-ops.h"
  29
  30#define IEEE80211_AUTH_TIMEOUT (HZ / 5)
  31#define IEEE80211_AUTH_MAX_TRIES 3
  32#define IEEE80211_ASSOC_TIMEOUT (HZ / 5)
  33#define IEEE80211_ASSOC_MAX_TRIES 3
  34
  35enum work_action {
  36	WORK_ACT_MISMATCH,
  37	WORK_ACT_NONE,
  38	WORK_ACT_TIMEOUT,
  39	WORK_ACT_DONE,
  40};
  41
  42
  43/* utils */
  44static inline void ASSERT_WORK_MTX(struct ieee80211_local *local)
  45{
  46	lockdep_assert_held(&local->mtx);
  47}
  48
  49/*
  50 * We can have multiple work items (and connection probing)
  51 * scheduling this timer, but we need to take care to only
  52 * reschedule it when it should fire _earlier_ than it was
  53 * asked for before, or if it's not pending right now. This
  54 * function ensures that. Note that it then is required to
  55 * run this function for all timeouts after the first one
  56 * has happened -- the work that runs from this timer will
  57 * do that.
  58 */
  59static void run_again(struct ieee80211_local *local,
  60		      unsigned long timeout)
  61{
  62	ASSERT_WORK_MTX(local);
  63
  64	if (!timer_pending(&local->work_timer) ||
  65	    time_before(timeout, local->work_timer.expires))
  66		mod_timer(&local->work_timer, timeout);
  67}
  68
  69void free_work(struct ieee80211_work *wk)
  70{
  71	kfree_rcu(wk, rcu_head);
  72}
  73
  74static int ieee80211_compatible_rates(const u8 *supp_rates, int supp_rates_len,
  75				      struct ieee80211_supported_band *sband,
  76				      u32 *rates)
  77{
  78	int i, j, count;
  79	*rates = 0;
  80	count = 0;
  81	for (i = 0; i < supp_rates_len; i++) {
  82		int rate = (supp_rates[i] & 0x7F) * 5;
  83
  84		for (j = 0; j < sband->n_bitrates; j++)
  85			if (sband->bitrates[j].bitrate == rate) {
  86				*rates |= BIT(j);
  87				count++;
  88				break;
  89			}
  90	}
  91
  92	return count;
  93}
  94
  95/* frame sending functions */
  96
  97static void ieee80211_add_ht_ie(struct sk_buff *skb, const u8 *ht_info_ie,
  98				struct ieee80211_supported_band *sband,
  99				struct ieee80211_channel *channel,
 100				enum ieee80211_smps_mode smps)
 101{
 102	struct ieee80211_ht_info *ht_info;
 103	u8 *pos;
 104	u32 flags = channel->flags;
 105	u16 cap = sband->ht_cap.cap;
 106	__le16 tmp;
 107
 108	if (!sband->ht_cap.ht_supported)
 109		return;
 110
 111	if (!ht_info_ie)
 112		return;
 113
 114	if (ht_info_ie[1] < sizeof(struct ieee80211_ht_info))
 115		return;
 116
 117	ht_info = (struct ieee80211_ht_info *)(ht_info_ie + 2);
 118
 119	/* determine capability flags */
 120
 121	switch (ht_info->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) {
 122	case IEEE80211_HT_PARAM_CHA_SEC_ABOVE:
 123		if (flags & IEEE80211_CHAN_NO_HT40PLUS) {
 124			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 125			cap &= ~IEEE80211_HT_CAP_SGI_40;
 126		}
 127		break;
 128	case IEEE80211_HT_PARAM_CHA_SEC_BELOW:
 129		if (flags & IEEE80211_CHAN_NO_HT40MINUS) {
 130			cap &= ~IEEE80211_HT_CAP_SUP_WIDTH_20_40;
 131			cap &= ~IEEE80211_HT_CAP_SGI_40;
 132		}
 133		break;
 134	}
 135
 136	/* set SM PS mode properly */
 137	cap &= ~IEEE80211_HT_CAP_SM_PS;
 138	switch (smps) {
 139	case IEEE80211_SMPS_AUTOMATIC:
 140	case IEEE80211_SMPS_NUM_MODES:
 141		WARN_ON(1);
 142	case IEEE80211_SMPS_OFF:
 143		cap |= WLAN_HT_CAP_SM_PS_DISABLED <<
 144			IEEE80211_HT_CAP_SM_PS_SHIFT;
 145		break;
 146	case IEEE80211_SMPS_STATIC:
 147		cap |= WLAN_HT_CAP_SM_PS_STATIC <<
 148			IEEE80211_HT_CAP_SM_PS_SHIFT;
 149		break;
 150	case IEEE80211_SMPS_DYNAMIC:
 151		cap |= WLAN_HT_CAP_SM_PS_DYNAMIC <<
 152			IEEE80211_HT_CAP_SM_PS_SHIFT;
 153		break;
 154	}
 155
 156	/* reserve and fill IE */
 157
 158	pos = skb_put(skb, sizeof(struct ieee80211_ht_cap) + 2);
 159	*pos++ = WLAN_EID_HT_CAPABILITY;
 160	*pos++ = sizeof(struct ieee80211_ht_cap);
 161	memset(pos, 0, sizeof(struct ieee80211_ht_cap));
 162
 163	/* capability flags */
 164	tmp = cpu_to_le16(cap);
 165	memcpy(pos, &tmp, sizeof(u16));
 166	pos += sizeof(u16);
 167
 168	/* AMPDU parameters */
 169	*pos++ = sband->ht_cap.ampdu_factor |
 170		 (sband->ht_cap.ampdu_density <<
 171			IEEE80211_HT_AMPDU_PARM_DENSITY_SHIFT);
 172
 173	/* MCS set */
 174	memcpy(pos, &sband->ht_cap.mcs, sizeof(sband->ht_cap.mcs));
 175	pos += sizeof(sband->ht_cap.mcs);
 176
 177	/* extended capabilities */
 178	pos += sizeof(__le16);
 179
 180	/* BF capabilities */
 181	pos += sizeof(__le32);
 182
 183	/* antenna selection */
 184	pos += sizeof(u8);
 185}
 186
 187static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
 188				 struct ieee80211_work *wk)
 189{
 190	struct ieee80211_local *local = sdata->local;
 191	struct sk_buff *skb;
 192	struct ieee80211_mgmt *mgmt;
 193	u8 *pos, qos_info;
 194	size_t offset = 0, noffset;
 195	int i, count, rates_len, supp_rates_len;
 196	u16 capab;
 197	struct ieee80211_supported_band *sband;
 198	u32 rates = 0;
 199
 200	sband = local->hw.wiphy->bands[wk->chan->band];
 201
 202	if (wk->assoc.supp_rates_len) {
 203		/*
 204		 * Get all rates supported by the device and the AP as
 205		 * some APs don't like getting a superset of their rates
 206		 * in the association request (e.g. D-Link DAP 1353 in
 207		 * b-only mode)...
 208		 */
 209		rates_len = ieee80211_compatible_rates(wk->assoc.supp_rates,
 210						       wk->assoc.supp_rates_len,
 211						       sband, &rates);
 212	} else {
 213		/*
 214		 * In case AP not provide any supported rates information
 215		 * before association, we send information element(s) with
 216		 * all rates that we support.
 217		 */
 218		rates = ~0;
 219		rates_len = sband->n_bitrates;
 220	}
 221
 222	skb = alloc_skb(local->hw.extra_tx_headroom +
 223			sizeof(*mgmt) + /* bit too much but doesn't matter */
 224			2 + wk->assoc.ssid_len + /* SSID */
 225			4 + rates_len + /* (extended) rates */
 226			4 + /* power capability */
 227			2 + 2 * sband->n_channels + /* supported channels */
 228			2 + sizeof(struct ieee80211_ht_cap) + /* HT */
 229			wk->ie_len + /* extra IEs */
 230			9, /* WMM */
 231			GFP_KERNEL);
 232	if (!skb) {
 233		printk(KERN_DEBUG "%s: failed to allocate buffer for assoc "
 234		       "frame\n", sdata->name);
 235		return;
 236	}
 237	skb_reserve(skb, local->hw.extra_tx_headroom);
 238
 239	capab = WLAN_CAPABILITY_ESS;
 240
 241	if (sband->band == IEEE80211_BAND_2GHZ) {
 242		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_SLOT_INCAPABLE))
 243			capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
 244		if (!(local->hw.flags & IEEE80211_HW_2GHZ_SHORT_PREAMBLE_INCAPABLE))
 245			capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
 246	}
 247
 248	if (wk->assoc.capability & WLAN_CAPABILITY_PRIVACY)
 249		capab |= WLAN_CAPABILITY_PRIVACY;
 250
 251	if ((wk->assoc.capability & WLAN_CAPABILITY_SPECTRUM_MGMT) &&
 252	    (local->hw.flags & IEEE80211_HW_SPECTRUM_MGMT))
 253		capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
 254
 255	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
 256	memset(mgmt, 0, 24);
 257	memcpy(mgmt->da, wk->filter_ta, ETH_ALEN);
 258	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
 259	memcpy(mgmt->bssid, wk->filter_ta, ETH_ALEN);
 260
 261	if (!is_zero_ether_addr(wk->assoc.prev_bssid)) {
 262		skb_put(skb, 10);
 263		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 264						  IEEE80211_STYPE_REASSOC_REQ);
 265		mgmt->u.reassoc_req.capab_info = cpu_to_le16(capab);
 266		mgmt->u.reassoc_req.listen_interval =
 267				cpu_to_le16(local->hw.conf.listen_interval);
 268		memcpy(mgmt->u.reassoc_req.current_ap, wk->assoc.prev_bssid,
 269		       ETH_ALEN);
 270	} else {
 271		skb_put(skb, 4);
 272		mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
 273						  IEEE80211_STYPE_ASSOC_REQ);
 274		mgmt->u.assoc_req.capab_info = cpu_to_le16(capab);
 275		mgmt->u.assoc_req.listen_interval =
 276				cpu_to_le16(local->hw.conf.listen_interval);
 277	}
 278
 279	/* SSID */
 280	pos = skb_put(skb, 2 + wk->assoc.ssid_len);
 281	*pos++ = WLAN_EID_SSID;
 282	*pos++ = wk->assoc.ssid_len;
 283	memcpy(pos, wk->assoc.ssid, wk->assoc.ssid_len);
 284
 285	/* add all rates which were marked to be used above */
 286	supp_rates_len = rates_len;
 287	if (supp_rates_len > 8)
 288		supp_rates_len = 8;
 289
 290	pos = skb_put(skb, supp_rates_len + 2);
 291	*pos++ = WLAN_EID_SUPP_RATES;
 292	*pos++ = supp_rates_len;
 293
 294	count = 0;
 295	for (i = 0; i < sband->n_bitrates; i++) {
 296		if (BIT(i) & rates) {
 297			int rate = sband->bitrates[i].bitrate;
 298			*pos++ = (u8) (rate / 5);
 299			if (++count == 8)
 300				break;
 301		}
 302	}
 303
 304	if (rates_len > count) {
 305		pos = skb_put(skb, rates_len - count + 2);
 306		*pos++ = WLAN_EID_EXT_SUPP_RATES;
 307		*pos++ = rates_len - count;
 308
 309		for (i++; i < sband->n_bitrates; i++) {
 310			if (BIT(i) & rates) {
 311				int rate = sband->bitrates[i].bitrate;
 312				*pos++ = (u8) (rate / 5);
 313			}
 314		}
 315	}
 316
 317	if (capab & WLAN_CAPABILITY_SPECTRUM_MGMT) {
 318		/* 1. power capabilities */
 319		pos = skb_put(skb, 4);
 320		*pos++ = WLAN_EID_PWR_CAPABILITY;
 321		*pos++ = 2;
 322		*pos++ = 0; /* min tx power */
 323		*pos++ = wk->chan->max_power; /* max tx power */
 324
 325		/* 2. supported channels */
 326		/* TODO: get this in reg domain format */
 327		pos = skb_put(skb, 2 * sband->n_channels + 2);
 328		*pos++ = WLAN_EID_SUPPORTED_CHANNELS;
 329		*pos++ = 2 * sband->n_channels;
 330		for (i = 0; i < sband->n_channels; i++) {
 331			*pos++ = ieee80211_frequency_to_channel(
 332					sband->channels[i].center_freq);
 333			*pos++ = 1; /* one channel in the subband*/
 334		}
 335	}
 336
 337	/* if present, add any custom IEs that go before HT */
 338	if (wk->ie_len && wk->ie) {
 339		static const u8 before_ht[] = {
 340			WLAN_EID_SSID,
 341			WLAN_EID_SUPP_RATES,
 342			WLAN_EID_EXT_SUPP_RATES,
 343			WLAN_EID_PWR_CAPABILITY,
 344			WLAN_EID_SUPPORTED_CHANNELS,
 345			WLAN_EID_RSN,
 346			WLAN_EID_QOS_CAPA,
 347			WLAN_EID_RRM_ENABLED_CAPABILITIES,
 348			WLAN_EID_MOBILITY_DOMAIN,
 349			WLAN_EID_SUPPORTED_REGULATORY_CLASSES,
 350		};
 351		noffset = ieee80211_ie_split(wk->ie, wk->ie_len,
 352					     before_ht, ARRAY_SIZE(before_ht),
 353					     offset);
 354		pos = skb_put(skb, noffset - offset);
 355		memcpy(pos, wk->ie + offset, noffset - offset);
 356		offset = noffset;
 357	}
 358
 359	if (wk->assoc.use_11n && wk->assoc.wmm_used &&
 360	    local->hw.queues >= 4)
 361		ieee80211_add_ht_ie(skb, wk->assoc.ht_information_ie,
 362				    sband, wk->chan, wk->assoc.smps);
 363
 364	/* if present, add any custom non-vendor IEs that go after HT */
 365	if (wk->ie_len && wk->ie) {
 366		noffset = ieee80211_ie_split_vendor(wk->ie, wk->ie_len,
 367						    offset);
 368		pos = skb_put(skb, noffset - offset);
 369		memcpy(pos, wk->ie + offset, noffset - offset);
 370		offset = noffset;
 371	}
 372
 373	if (wk->assoc.wmm_used && local->hw.queues >= 4) {
 374		if (wk->assoc.uapsd_used) {
 375			qos_info = local->uapsd_queues;
 376			qos_info |= (local->uapsd_max_sp_len <<
 377				     IEEE80211_WMM_IE_STA_QOSINFO_SP_SHIFT);
 378		} else {
 379			qos_info = 0;
 380		}
 381
 382		pos = skb_put(skb, 9);
 383		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
 384		*pos++ = 7; /* len */
 385		*pos++ = 0x00; /* Microsoft OUI 00:50:F2 */
 386		*pos++ = 0x50;
 387		*pos++ = 0xf2;
 388		*pos++ = 2; /* WME */
 389		*pos++ = 0; /* WME info */
 390		*pos++ = 1; /* WME ver */
 391		*pos++ = qos_info;
 392	}
 393
 394	/* add any remaining custom (i.e. vendor specific here) IEs */
 395	if (wk->ie_len && wk->ie) {
 396		noffset = wk->ie_len;
 397		pos = skb_put(skb, noffset - offset);
 398		memcpy(pos, wk->ie + offset, noffset - offset);
 399	}
 400
 401	IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
 402	ieee80211_tx_skb(sdata, skb);
 403}
 404
 405static void ieee80211_remove_auth_bss(struct ieee80211_local *local,
 406				      struct ieee80211_work *wk)
 407{
 408	struct cfg80211_bss *cbss;
 409	u16 capa_val = WLAN_CAPABILITY_ESS;
 410
 411	if (wk->probe_auth.privacy)
 412		capa_val |= WLAN_CAPABILITY_PRIVACY;
 413
 414	cbss = cfg80211_get_bss(local->hw.wiphy, wk->chan, wk->filter_ta,
 415				wk->probe_auth.ssid, wk->probe_auth.ssid_len,
 416				WLAN_CAPABILITY_ESS | WLAN_CAPABILITY_PRIVACY,
 417				capa_val);
 418	if (!cbss)
 419		return;
 420
 421	cfg80211_unlink_bss(local->hw.wiphy, cbss);
 422	cfg80211_put_bss(cbss);
 423}
 424
 425static enum work_action __must_check
 426ieee80211_direct_probe(struct ieee80211_work *wk)
 427{
 428	struct ieee80211_sub_if_data *sdata = wk->sdata;
 429	struct ieee80211_local *local = sdata->local;
 430
 431	if (!wk->probe_auth.synced) {
 432		int ret = drv_tx_sync(local, sdata, wk->filter_ta,
 433				      IEEE80211_TX_SYNC_AUTH);
 434		if (ret)
 435			return WORK_ACT_TIMEOUT;
 436	}
 437	wk->probe_auth.synced = true;
 438
 439	wk->probe_auth.tries++;
 440	if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
 441		printk(KERN_DEBUG "%s: direct probe to %pM timed out\n",
 442		       sdata->name, wk->filter_ta);
 443
 444		/*
 445		 * Most likely AP is not in the range so remove the
 446		 * bss struct for that AP.
 447		 */
 448		ieee80211_remove_auth_bss(local, wk);
 449
 450		return WORK_ACT_TIMEOUT;
 451	}
 452
 453	printk(KERN_DEBUG "%s: direct probe to %pM (try %d/%i)\n",
 454	       sdata->name, wk->filter_ta, wk->probe_auth.tries,
 455	       IEEE80211_AUTH_MAX_TRIES);
 456
 457	/*
 458	 * Direct probe is sent to broadcast address as some APs
 459	 * will not answer to direct packet in unassociated state.
 460	 */
 461	ieee80211_send_probe_req(sdata, NULL, wk->probe_auth.ssid,
 462				 wk->probe_auth.ssid_len, NULL, 0,
 463				 (u32) -1, true);
 464
 465	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
 466	run_again(local, wk->timeout);
 467
 468	return WORK_ACT_NONE;
 469}
 470
 471
 472static enum work_action __must_check
 473ieee80211_authenticate(struct ieee80211_work *wk)
 474{
 475	struct ieee80211_sub_if_data *sdata = wk->sdata;
 476	struct ieee80211_local *local = sdata->local;
 477
 478	if (!wk->probe_auth.synced) {
 479		int ret = drv_tx_sync(local, sdata, wk->filter_ta,
 480				      IEEE80211_TX_SYNC_AUTH);
 481		if (ret)
 482			return WORK_ACT_TIMEOUT;
 483	}
 484	wk->probe_auth.synced = true;
 485
 486	wk->probe_auth.tries++;
 487	if (wk->probe_auth.tries > IEEE80211_AUTH_MAX_TRIES) {
 488		printk(KERN_DEBUG "%s: authentication with %pM"
 489		       " timed out\n", sdata->name, wk->filter_ta);
 490
 491		/*
 492		 * Most likely AP is not in the range so remove the
 493		 * bss struct for that AP.
 494		 */
 495		ieee80211_remove_auth_bss(local, wk);
 496
 497		return WORK_ACT_TIMEOUT;
 498	}
 499
 500	printk(KERN_DEBUG "%s: authenticate with %pM (try %d)\n",
 501	       sdata->name, wk->filter_ta, wk->probe_auth.tries);
 502
 503	ieee80211_send_auth(sdata, 1, wk->probe_auth.algorithm, wk->ie,
 504			    wk->ie_len, wk->filter_ta, NULL, 0, 0);
 505	wk->probe_auth.transaction = 2;
 506
 507	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
 508	run_again(local, wk->timeout);
 509
 510	return WORK_ACT_NONE;
 511}
 512
 513static enum work_action __must_check
 514ieee80211_associate(struct ieee80211_work *wk)
 515{
 516	struct ieee80211_sub_if_data *sdata = wk->sdata;
 517	struct ieee80211_local *local = sdata->local;
 518
 519	if (!wk->assoc.synced) {
 520		int ret = drv_tx_sync(local, sdata, wk->filter_ta,
 521				      IEEE80211_TX_SYNC_ASSOC);
 522		if (ret)
 523			return WORK_ACT_TIMEOUT;
 524	}
 525	wk->assoc.synced = true;
 526
 527	wk->assoc.tries++;
 528	if (wk->assoc.tries > IEEE80211_ASSOC_MAX_TRIES) {
 529		printk(KERN_DEBUG "%s: association with %pM"
 530		       " timed out\n",
 531		       sdata->name, wk->filter_ta);
 532
 533		/*
 534		 * Most likely AP is not in the range so remove the
 535		 * bss struct for that AP.
 536		 */
 537		if (wk->assoc.bss)
 538			cfg80211_unlink_bss(local->hw.wiphy, wk->assoc.bss);
 539
 540		return WORK_ACT_TIMEOUT;
 541	}
 542
 543	printk(KERN_DEBUG "%s: associate with %pM (try %d)\n",
 544	       sdata->name, wk->filter_ta, wk->assoc.tries);
 545	ieee80211_send_assoc(sdata, wk);
 546
 547	wk->timeout = jiffies + IEEE80211_ASSOC_TIMEOUT;
 548	run_again(local, wk->timeout);
 549
 550	return WORK_ACT_NONE;
 551}
 552
 553static enum work_action __must_check
 554ieee80211_remain_on_channel_timeout(struct ieee80211_work *wk)
 555{
 556	/*
 557	 * First time we run, do nothing -- the generic code will
 558	 * have switched to the right channel etc.
 559	 */
 560	if (!wk->started) {
 561		wk->timeout = jiffies + msecs_to_jiffies(wk->remain.duration);
 562
 563		cfg80211_ready_on_channel(wk->sdata->dev, (unsigned long) wk,
 564					  wk->chan, wk->chan_type,
 565					  wk->remain.duration, GFP_KERNEL);
 566
 567		return WORK_ACT_NONE;
 568	}
 569
 570	return WORK_ACT_TIMEOUT;
 571}
 572
 573static enum work_action __must_check
 574ieee80211_offchannel_tx(struct ieee80211_work *wk)
 575{
 576	if (!wk->started) {
 577		wk->timeout = jiffies + msecs_to_jiffies(wk->offchan_tx.wait);
 578
 579		/*
 580		 * After this, offchan_tx.frame remains but now is no
 581		 * longer a valid pointer -- we still need it as the
 582		 * cookie for canceling this work.
 583		 */
 584		ieee80211_tx_skb(wk->sdata, wk->offchan_tx.frame);
 585
 586		return WORK_ACT_NONE;
 587	}
 588
 589	return WORK_ACT_TIMEOUT;
 590}
 591
 592static enum work_action __must_check
 593ieee80211_assoc_beacon_wait(struct ieee80211_work *wk)
 594{
 595	if (wk->started)
 596		return WORK_ACT_TIMEOUT;
 597
 598	/*
 599	 * Wait up to one beacon interval ...
 600	 * should this be more if we miss one?
 601	 */
 602	printk(KERN_DEBUG "%s: waiting for beacon from %pM\n",
 603	       wk->sdata->name, wk->filter_ta);
 604	wk->timeout = TU_TO_EXP_TIME(wk->assoc.bss->beacon_interval);
 605	return WORK_ACT_NONE;
 606}
 607
 608static void ieee80211_auth_challenge(struct ieee80211_work *wk,
 609				     struct ieee80211_mgmt *mgmt,
 610				     size_t len)
 611{
 612	struct ieee80211_sub_if_data *sdata = wk->sdata;
 613	u8 *pos;
 614	struct ieee802_11_elems elems;
 615
 616	pos = mgmt->u.auth.variable;
 617	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 618	if (!elems.challenge)
 619		return;
 620	ieee80211_send_auth(sdata, 3, wk->probe_auth.algorithm,
 621			    elems.challenge - 2, elems.challenge_len + 2,
 622			    wk->filter_ta, wk->probe_auth.key,
 623			    wk->probe_auth.key_len, wk->probe_auth.key_idx);
 624	wk->probe_auth.transaction = 4;
 625}
 626
 627static enum work_action __must_check
 628ieee80211_rx_mgmt_auth(struct ieee80211_work *wk,
 629		       struct ieee80211_mgmt *mgmt, size_t len)
 630{
 631	u16 auth_alg, auth_transaction, status_code;
 632
 633	if (wk->type != IEEE80211_WORK_AUTH)
 634		return WORK_ACT_MISMATCH;
 635
 636	if (len < 24 + 6)
 637		return WORK_ACT_NONE;
 638
 639	auth_alg = le16_to_cpu(mgmt->u.auth.auth_alg);
 640	auth_transaction = le16_to_cpu(mgmt->u.auth.auth_transaction);
 641	status_code = le16_to_cpu(mgmt->u.auth.status_code);
 642
 643	if (auth_alg != wk->probe_auth.algorithm ||
 644	    auth_transaction != wk->probe_auth.transaction)
 645		return WORK_ACT_NONE;
 646
 647	if (status_code != WLAN_STATUS_SUCCESS) {
 648		printk(KERN_DEBUG "%s: %pM denied authentication (status %d)\n",
 649		       wk->sdata->name, mgmt->sa, status_code);
 650		return WORK_ACT_DONE;
 651	}
 652
 653	switch (wk->probe_auth.algorithm) {
 654	case WLAN_AUTH_OPEN:
 655	case WLAN_AUTH_LEAP:
 656	case WLAN_AUTH_FT:
 657		break;
 658	case WLAN_AUTH_SHARED_KEY:
 659		if (wk->probe_auth.transaction != 4) {
 660			ieee80211_auth_challenge(wk, mgmt, len);
 661			/* need another frame */
 662			return WORK_ACT_NONE;
 663		}
 664		break;
 665	default:
 666		WARN_ON(1);
 667		return WORK_ACT_NONE;
 668	}
 669
 670	printk(KERN_DEBUG "%s: authenticated\n", wk->sdata->name);
 671	return WORK_ACT_DONE;
 672}
 673
 674static enum work_action __must_check
 675ieee80211_rx_mgmt_assoc_resp(struct ieee80211_work *wk,
 676			     struct ieee80211_mgmt *mgmt, size_t len,
 677			     bool reassoc)
 678{
 679	struct ieee80211_sub_if_data *sdata = wk->sdata;
 680	struct ieee80211_local *local = sdata->local;
 681	u16 capab_info, status_code, aid;
 682	struct ieee802_11_elems elems;
 683	u8 *pos;
 684
 685	if (wk->type != IEEE80211_WORK_ASSOC)
 686		return WORK_ACT_MISMATCH;
 687
 688	/*
 689	 * AssocResp and ReassocResp have identical structure, so process both
 690	 * of them in this function.
 691	 */
 692
 693	if (len < 24 + 6)
 694		return WORK_ACT_NONE;
 695
 696	capab_info = le16_to_cpu(mgmt->u.assoc_resp.capab_info);
 697	status_code = le16_to_cpu(mgmt->u.assoc_resp.status_code);
 698	aid = le16_to_cpu(mgmt->u.assoc_resp.aid);
 699
 700	printk(KERN_DEBUG "%s: RX %sssocResp from %pM (capab=0x%x "
 701	       "status=%d aid=%d)\n",
 702	       sdata->name, reassoc ? "Rea" : "A", mgmt->sa,
 703	       capab_info, status_code, (u16)(aid & ~(BIT(15) | BIT(14))));
 704
 705	pos = mgmt->u.assoc_resp.variable;
 706	ieee802_11_parse_elems(pos, len - (pos - (u8 *) mgmt), &elems);
 707
 708	if (status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY &&
 709	    elems.timeout_int && elems.timeout_int_len == 5 &&
 710	    elems.timeout_int[0] == WLAN_TIMEOUT_ASSOC_COMEBACK) {
 711		u32 tu, ms;
 712		tu = get_unaligned_le32(elems.timeout_int + 1);
 713		ms = tu * 1024 / 1000;
 714		printk(KERN_DEBUG "%s: %pM rejected association temporarily; "
 715		       "comeback duration %u TU (%u ms)\n",
 716		       sdata->name, mgmt->sa, tu, ms);
 717		wk->timeout = jiffies + msecs_to_jiffies(ms);
 718		if (ms > IEEE80211_ASSOC_TIMEOUT)
 719			run_again(local, wk->timeout);
 720		return WORK_ACT_NONE;
 721	}
 722
 723	if (status_code != WLAN_STATUS_SUCCESS)
 724		printk(KERN_DEBUG "%s: %pM denied association (code=%d)\n",
 725		       sdata->name, mgmt->sa, status_code);
 726	else
 727		printk(KERN_DEBUG "%s: associated\n", sdata->name);
 728
 729	return WORK_ACT_DONE;
 730}
 731
 732static enum work_action __must_check
 733ieee80211_rx_mgmt_probe_resp(struct ieee80211_work *wk,
 734			     struct ieee80211_mgmt *mgmt, size_t len,
 735			     struct ieee80211_rx_status *rx_status)
 736{
 737	struct ieee80211_sub_if_data *sdata = wk->sdata;
 738	struct ieee80211_local *local = sdata->local;
 739	size_t baselen;
 740
 741	ASSERT_WORK_MTX(local);
 742
 743	if (wk->type != IEEE80211_WORK_DIRECT_PROBE)
 744		return WORK_ACT_MISMATCH;
 745
 746	if (len < 24 + 12)
 747		return WORK_ACT_NONE;
 748
 749	baselen = (u8 *) mgmt->u.probe_resp.variable - (u8 *) mgmt;
 750	if (baselen > len)
 751		return WORK_ACT_NONE;
 752
 753	printk(KERN_DEBUG "%s: direct probe responded\n", sdata->name);
 754	return WORK_ACT_DONE;
 755}
 756
 757static enum work_action __must_check
 758ieee80211_rx_mgmt_beacon(struct ieee80211_work *wk,
 759			 struct ieee80211_mgmt *mgmt, size_t len)
 760{
 761	struct ieee80211_sub_if_data *sdata = wk->sdata;
 762	struct ieee80211_local *local = sdata->local;
 763
 764	ASSERT_WORK_MTX(local);
 765
 766	if (wk->type != IEEE80211_WORK_ASSOC_BEACON_WAIT)
 767		return WORK_ACT_MISMATCH;
 768
 769	if (len < 24 + 12)
 770		return WORK_ACT_NONE;
 771
 772	printk(KERN_DEBUG "%s: beacon received\n", sdata->name);
 773	return WORK_ACT_DONE;
 774}
 775
 776static void ieee80211_work_rx_queued_mgmt(struct ieee80211_local *local,
 777					  struct sk_buff *skb)
 778{
 779	struct ieee80211_rx_status *rx_status;
 780	struct ieee80211_mgmt *mgmt;
 781	struct ieee80211_work *wk;
 782	enum work_action rma = WORK_ACT_NONE;
 783	u16 fc;
 784
 785	rx_status = (struct ieee80211_rx_status *) skb->cb;
 786	mgmt = (struct ieee80211_mgmt *) skb->data;
 787	fc = le16_to_cpu(mgmt->frame_control);
 788
 789	mutex_lock(&local->mtx);
 790
 791	list_for_each_entry(wk, &local->work_list, list) {
 792		const u8 *bssid = NULL;
 793
 794		switch (wk->type) {
 795		case IEEE80211_WORK_DIRECT_PROBE:
 796		case IEEE80211_WORK_AUTH:
 797		case IEEE80211_WORK_ASSOC:
 798		case IEEE80211_WORK_ASSOC_BEACON_WAIT:
 799			bssid = wk->filter_ta;
 800			break;
 801		default:
 802			continue;
 803		}
 804
 805		/*
 806		 * Before queuing, we already verified mgmt->sa,
 807		 * so this is needed just for matching.
 808		 */
 809		if (compare_ether_addr(bssid, mgmt->bssid))
 810			continue;
 811
 812		switch (fc & IEEE80211_FCTL_STYPE) {
 813		case IEEE80211_STYPE_BEACON:
 814			rma = ieee80211_rx_mgmt_beacon(wk, mgmt, skb->len);
 815			break;
 816		case IEEE80211_STYPE_PROBE_RESP:
 817			rma = ieee80211_rx_mgmt_probe_resp(wk, mgmt, skb->len,
 818							   rx_status);
 819			break;
 820		case IEEE80211_STYPE_AUTH:
 821			rma = ieee80211_rx_mgmt_auth(wk, mgmt, skb->len);
 822			break;
 823		case IEEE80211_STYPE_ASSOC_RESP:
 824			rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
 825							   skb->len, false);
 826			break;
 827		case IEEE80211_STYPE_REASSOC_RESP:
 828			rma = ieee80211_rx_mgmt_assoc_resp(wk, mgmt,
 829							   skb->len, true);
 830			break;
 831		default:
 832			WARN_ON(1);
 833			rma = WORK_ACT_NONE;
 834		}
 835
 836		/*
 837		 * We've either received an unexpected frame, or we have
 838		 * multiple work items and need to match the frame to the
 839		 * right one.
 840		 */
 841		if (rma == WORK_ACT_MISMATCH)
 842			continue;
 843
 844		/*
 845		 * We've processed this frame for that work, so it can't
 846		 * belong to another work struct.
 847		 * NB: this is also required for correctness for 'rma'!
 848		 */
 849		break;
 850	}
 851
 852	switch (rma) {
 853	case WORK_ACT_MISMATCH:
 854		/* ignore this unmatched frame */
 855		break;
 856	case WORK_ACT_NONE:
 857		break;
 858	case WORK_ACT_DONE:
 859		list_del_rcu(&wk->list);
 860		break;
 861	default:
 862		WARN(1, "unexpected: %d", rma);
 863	}
 864
 865	mutex_unlock(&local->mtx);
 866
 867	if (rma != WORK_ACT_DONE)
 868		goto out;
 869
 870	switch (wk->done(wk, skb)) {
 871	case WORK_DONE_DESTROY:
 872		free_work(wk);
 873		break;
 874	case WORK_DONE_REQUEUE:
 875		synchronize_rcu();
 876		wk->started = false; /* restart */
 877		mutex_lock(&local->mtx);
 878		list_add_tail(&wk->list, &local->work_list);
 879		mutex_unlock(&local->mtx);
 880	}
 881
 882 out:
 883	kfree_skb(skb);
 884}
 885
 886static bool ieee80211_work_ct_coexists(enum nl80211_channel_type wk_ct,
 887				       enum nl80211_channel_type oper_ct)
 888{
 889	switch (wk_ct) {
 890	case NL80211_CHAN_NO_HT:
 891		return true;
 892	case NL80211_CHAN_HT20:
 893		if (oper_ct != NL80211_CHAN_NO_HT)
 894			return true;
 895		return false;
 896	case NL80211_CHAN_HT40MINUS:
 897	case NL80211_CHAN_HT40PLUS:
 898		return (wk_ct == oper_ct);
 899	}
 900	WARN_ON(1); /* shouldn't get here */
 901	return false;
 902}
 903
 904static enum nl80211_channel_type
 905ieee80211_calc_ct(enum nl80211_channel_type wk_ct,
 906		  enum nl80211_channel_type oper_ct)
 907{
 908	switch (wk_ct) {
 909	case NL80211_CHAN_NO_HT:
 910		return oper_ct;
 911	case NL80211_CHAN_HT20:
 912		if (oper_ct != NL80211_CHAN_NO_HT)
 913			return oper_ct;
 914		return wk_ct;
 915	case NL80211_CHAN_HT40MINUS:
 916	case NL80211_CHAN_HT40PLUS:
 917		return wk_ct;
 918	}
 919	WARN_ON(1); /* shouldn't get here */
 920	return wk_ct;
 921}
 922
 923
 924static void ieee80211_work_timer(unsigned long data)
 925{
 926	struct ieee80211_local *local = (void *) data;
 927
 928	if (local->quiescing)
 929		return;
 930
 931	ieee80211_queue_work(&local->hw, &local->work_work);
 932}
 933
 934static void ieee80211_work_work(struct work_struct *work)
 935{
 936	struct ieee80211_local *local =
 937		container_of(work, struct ieee80211_local, work_work);
 938	struct sk_buff *skb;
 939	struct ieee80211_work *wk, *tmp;
 940	LIST_HEAD(free_work);
 941	enum work_action rma;
 942	bool remain_off_channel = false;
 943
 944	if (local->scanning)
 945		return;
 946
 947	/*
 948	 * ieee80211_queue_work() should have picked up most cases,
 949	 * here we'll pick the rest.
 950	 */
 951	if (WARN(local->suspended, "work scheduled while going to suspend\n"))
 952		return;
 953
 954	/* first process frames to avoid timing out while a frame is pending */
 955	while ((skb = skb_dequeue(&local->work_skb_queue)))
 956		ieee80211_work_rx_queued_mgmt(local, skb);
 957
 958	mutex_lock(&local->mtx);
 959
 960	ieee80211_recalc_idle(local);
 961
 962	list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
 963		bool started = wk->started;
 964
 965		/* mark work as started if it's on the current off-channel */
 966		if (!started && local->tmp_channel &&
 967		    wk->chan == local->tmp_channel &&
 968		    wk->chan_type == local->tmp_channel_type) {
 969			started = true;
 970			wk->timeout = jiffies;
 971		}
 972
 973		if (!started && !local->tmp_channel) {
 974			bool on_oper_chan;
 975			bool tmp_chan_changed = false;
 976			bool on_oper_chan2;
 977			enum nl80211_channel_type wk_ct;
 978			on_oper_chan = ieee80211_cfg_on_oper_channel(local);
 979
 980			/* Work with existing channel type if possible. */
 981			wk_ct = wk->chan_type;
 982			if (wk->chan == local->hw.conf.channel)
 983				wk_ct = ieee80211_calc_ct(wk->chan_type,
 984						local->hw.conf.channel_type);
 985
 986			if (local->tmp_channel)
 987				if ((local->tmp_channel != wk->chan) ||
 988				    (local->tmp_channel_type != wk_ct))
 989					tmp_chan_changed = true;
 990
 991			local->tmp_channel = wk->chan;
 992			local->tmp_channel_type = wk_ct;
 993			/*
 994			 * Leave the station vifs in awake mode if they
 995			 * happen to be on the same channel as
 996			 * the requested channel.
 997			 */
 998			on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
 999			if (on_oper_chan != on_oper_chan2) {
1000				if (on_oper_chan2) {
1001					/* going off oper channel, PS too */
1002					ieee80211_offchannel_stop_vifs(local,
1003								       true);
1004					ieee80211_hw_config(local, 0);
1005				} else {
1006					/* going on channel, but leave PS
1007					 * off-channel. */
1008					ieee80211_hw_config(local, 0);
1009					ieee80211_offchannel_return(local,
1010								    true,
1011								    false);
1012				}
1013			} else if (tmp_chan_changed)
1014				/* Still off-channel, but on some other
1015				 * channel, so update hardware.
1016				 * PS should already be off-channel.
1017				 */
1018				ieee80211_hw_config(local, 0);
1019
1020			started = true;
1021			wk->timeout = jiffies;
1022		}
1023
1024		/* don't try to work with items that aren't started */
1025		if (!started)
1026			continue;
1027
1028		if (time_is_after_jiffies(wk->timeout)) {
1029			/*
1030			 * This work item isn't supposed to be worked on
1031			 * right now, but take care to adjust the timer
1032			 * properly.
1033			 */
1034			run_again(local, wk->timeout);
1035			continue;
1036		}
1037
1038		switch (wk->type) {
1039		default:
1040			WARN_ON(1);
1041			/* nothing */
1042			rma = WORK_ACT_NONE;
1043			break;
1044		case IEEE80211_WORK_ABORT:
1045			rma = WORK_ACT_TIMEOUT;
1046			break;
1047		case IEEE80211_WORK_DIRECT_PROBE:
1048			rma = ieee80211_direct_probe(wk);
1049			break;
1050		case IEEE80211_WORK_AUTH:
1051			rma = ieee80211_authenticate(wk);
1052			break;
1053		case IEEE80211_WORK_ASSOC:
1054			rma = ieee80211_associate(wk);
1055			break;
1056		case IEEE80211_WORK_REMAIN_ON_CHANNEL:
1057			rma = ieee80211_remain_on_channel_timeout(wk);
1058			break;
1059		case IEEE80211_WORK_OFFCHANNEL_TX:
1060			rma = ieee80211_offchannel_tx(wk);
1061			break;
1062		case IEEE80211_WORK_ASSOC_BEACON_WAIT:
1063			rma = ieee80211_assoc_beacon_wait(wk);
1064			break;
1065		}
1066
1067		wk->started = started;
1068
1069		switch (rma) {
1070		case WORK_ACT_NONE:
1071			/* might have changed the timeout */
1072			run_again(local, wk->timeout);
1073			break;
1074		case WORK_ACT_TIMEOUT:
1075			list_del_rcu(&wk->list);
1076			synchronize_rcu();
1077			list_add(&wk->list, &free_work);
1078			break;
1079		default:
1080			WARN(1, "unexpected: %d", rma);
1081		}
1082	}
1083
1084	list_for_each_entry(wk, &local->work_list, list) {
1085		if (!wk->started)
1086			continue;
1087		if (wk->chan != local->tmp_channel)
1088			continue;
1089		if (ieee80211_work_ct_coexists(wk->chan_type,
1090					       local->tmp_channel_type))
1091			continue;
1092		remain_off_channel = true;
1093	}
1094
1095	if (!remain_off_channel && local->tmp_channel) {
1096		bool on_oper_chan = ieee80211_cfg_on_oper_channel(local);
1097		local->tmp_channel = NULL;
1098		/* If tmp_channel wasn't operating channel, then
1099		 * we need to go back on-channel.
1100		 * NOTE:  If we can ever be here while scannning,
1101		 * or if the hw_config() channel config logic changes,
1102		 * then we may need to do a more thorough check to see if
1103		 * we still need to do a hardware config.  Currently,
1104		 * we cannot be here while scanning, however.
1105		 */
1106		if (ieee80211_cfg_on_oper_channel(local) && !on_oper_chan)
1107			ieee80211_hw_config(local, 0);
1108
1109		/* At the least, we need to disable offchannel_ps,
1110		 * so just go ahead and run the entire offchannel
1111		 * return logic here.  We *could* skip enabling
1112		 * beaconing if we were already on-oper-channel
1113		 * as a future optimization.
1114		 */
1115		ieee80211_offchannel_return(local, true, true);
1116
1117		/* give connection some time to breathe */
1118		run_again(local, jiffies + HZ/2);
1119	}
1120
1121	if (list_empty(&local->work_list) && local->scan_req &&
1122	    !local->scanning)
1123		ieee80211_queue_delayed_work(&local->hw,
1124					     &local->scan_work,
1125					     round_jiffies_relative(0));
1126
1127	ieee80211_recalc_idle(local);
1128
1129	mutex_unlock(&local->mtx);
1130
1131	list_for_each_entry_safe(wk, tmp, &free_work, list) {
1132		wk->done(wk, NULL);
1133		list_del(&wk->list);
1134		kfree(wk);
1135	}
1136}
1137
1138void ieee80211_add_work(struct ieee80211_work *wk)
1139{
1140	struct ieee80211_local *local;
1141
1142	if (WARN_ON(!wk->chan))
1143		return;
1144
1145	if (WARN_ON(!wk->sdata))
1146		return;
1147
1148	if (WARN_ON(!wk->done))
1149		return;
1150
1151	if (WARN_ON(!ieee80211_sdata_running(wk->sdata)))
1152		return;
1153
1154	wk->started = false;
1155
1156	local = wk->sdata->local;
1157	mutex_lock(&local->mtx);
1158	list_add_tail(&wk->list, &local->work_list);
1159	mutex_unlock(&local->mtx);
1160
1161	ieee80211_queue_work(&local->hw, &local->work_work);
1162}
1163
1164void ieee80211_work_init(struct ieee80211_local *local)
1165{
1166	INIT_LIST_HEAD(&local->work_list);
1167	setup_timer(&local->work_timer, ieee80211_work_timer,
1168		    (unsigned long)local);
1169	INIT_WORK(&local->work_work, ieee80211_work_work);
1170	skb_queue_head_init(&local->work_skb_queue);
1171}
1172
1173void ieee80211_work_purge(struct ieee80211_sub_if_data *sdata)
1174{
1175	struct ieee80211_local *local = sdata->local;
1176	struct ieee80211_work *wk;
1177	bool cleanup = false;
1178
1179	mutex_lock(&local->mtx);
1180	list_for_each_entry(wk, &local->work_list, list) {
1181		if (wk->sdata != sdata)
1182			continue;
1183		cleanup = true;
1184		wk->type = IEEE80211_WORK_ABORT;
1185		wk->started = true;
1186		wk->timeout = jiffies;
1187	}
1188	mutex_unlock(&local->mtx);
1189
1190	/* run cleanups etc. */
1191	if (cleanup)
1192		ieee80211_work_work(&local->work_work);
1193
1194	mutex_lock(&local->mtx);
1195	list_for_each_entry(wk, &local->work_list, list) {
1196		if (wk->sdata != sdata)
1197			continue;
1198		WARN_ON(1);
1199		break;
1200	}
1201	mutex_unlock(&local->mtx);
1202}
1203
1204ieee80211_rx_result ieee80211_work_rx_mgmt(struct ieee80211_sub_if_data *sdata,
1205					   struct sk_buff *skb)
1206{
1207	struct ieee80211_local *local = sdata->local;
1208	struct ieee80211_mgmt *mgmt;
1209	struct ieee80211_work *wk;
1210	u16 fc;
1211
1212	if (skb->len < 24)
1213		return RX_DROP_MONITOR;
1214
1215	mgmt = (struct ieee80211_mgmt *) skb->data;
1216	fc = le16_to_cpu(mgmt->frame_control);
1217
1218	list_for_each_entry_rcu(wk, &local->work_list, list) {
1219		if (sdata != wk->sdata)
1220			continue;
1221		if (compare_ether_addr(wk->filter_ta, mgmt->sa))
1222			continue;
1223		if (compare_ether_addr(wk->filter_ta, mgmt->bssid))
1224			continue;
1225
1226		switch (fc & IEEE80211_FCTL_STYPE) {
1227		case IEEE80211_STYPE_AUTH:
1228		case IEEE80211_STYPE_PROBE_RESP:
1229		case IEEE80211_STYPE_ASSOC_RESP:
1230		case IEEE80211_STYPE_REASSOC_RESP:
1231		case IEEE80211_STYPE_BEACON:
1232			skb_queue_tail(&local->work_skb_queue, skb);
1233			ieee80211_queue_work(&local->hw, &local->work_work);
1234			return RX_QUEUED;
1235		}
1236	}
1237
1238	return RX_CONTINUE;
1239}
1240
1241static enum work_done_result ieee80211_remain_done(struct ieee80211_work *wk,
1242						   struct sk_buff *skb)
1243{
1244	/*
1245	 * We are done serving the remain-on-channel command.
1246	 */
1247	cfg80211_remain_on_channel_expired(wk->sdata->dev, (unsigned long) wk,
1248					   wk->chan, wk->chan_type,
1249					   GFP_KERNEL);
1250
1251	return WORK_DONE_DESTROY;
1252}
1253
1254int ieee80211_wk_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1255				   struct ieee80211_channel *chan,
1256				   enum nl80211_channel_type channel_type,
1257				   unsigned int duration, u64 *cookie)
1258{
1259	struct ieee80211_work *wk;
1260
1261	wk = kzalloc(sizeof(*wk), GFP_KERNEL);
1262	if (!wk)
1263		return -ENOMEM;
1264
1265	wk->type = IEEE80211_WORK_REMAIN_ON_CHANNEL;
1266	wk->chan = chan;
1267	wk->chan_type = channel_type;
1268	wk->sdata = sdata;
1269	wk->done = ieee80211_remain_done;
1270
1271	wk->remain.duration = duration;
1272
1273	*cookie = (unsigned long) wk;
1274
1275	ieee80211_add_work(wk);
1276
1277	return 0;
1278}
1279
1280int ieee80211_wk_cancel_remain_on_channel(struct ieee80211_sub_if_data *sdata,
1281					  u64 cookie)
1282{
1283	struct ieee80211_local *local = sdata->local;
1284	struct ieee80211_work *wk, *tmp;
1285	bool found = false;
1286
1287	mutex_lock(&local->mtx);
1288	list_for_each_entry_safe(wk, tmp, &local->work_list, list) {
1289		if ((unsigned long) wk == cookie) {
1290			wk->timeout = jiffies;
1291			found = true;
1292			break;
1293		}
1294	}
1295	mutex_unlock(&local->mtx);
1296
1297	if (!found)
1298		return -ENOENT;
1299
1300	ieee80211_queue_work(&local->hw, &local->work_work);
1301
1302	return 0;
1303}