Merge tag 'mac80211-next-for-davem-2016-02-26' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next

-29

Documentation/ABI/obsolete/sysfs-class-rfkill

··· 1 - rfkill - radio frequency (RF) connector kill switch support 2 - 3 - For details to this subsystem look at Documentation/rfkill.txt. 4 - 5 - What: /sys/class/rfkill/rfkill[0-9]+/state 6 - Date: 09-Jul-2007 7 - KernelVersion v2.6.22 8 - Contact: linux-wireless@vger.kernel.org 9 - Description: Current state of the transmitter. 10 - This file is deprecated and scheduled to be removed in 2014, 11 - because its not possible to express the 'soft and hard block' 12 - state of the rfkill driver. 13 - Values: A numeric value. 14 - 0: RFKILL_STATE_SOFT_BLOCKED 15 - transmitter is turned off by software 16 - 1: RFKILL_STATE_UNBLOCKED 17 - transmitter is (potentially) active 18 - 2: RFKILL_STATE_HARD_BLOCKED 19 - transmitter is forced off by something outside of 20 - the driver's control. 21 - 22 - What: /sys/class/rfkill/rfkill[0-9]+/claim 23 - Date: 09-Jul-2007 24 - KernelVersion v2.6.22 25 - Contact: linux-wireless@vger.kernel.org 26 - Description: This file is deprecated because there no longer is a way to 27 - claim just control over a single rfkill instance. 28 - This file is scheduled to be removed in 2012. 29 - Values: 0: Kernel handles events

+13

Documentation/ABI/removed/sysfs-class-rfkill

··· 1 + rfkill - radio frequency (RF) connector kill switch support 2 + 3 + For details to this subsystem look at Documentation/rfkill.txt. 4 + 5 + What: /sys/class/rfkill/rfkill[0-9]+/claim 6 + Date: 09-Jul-2007 7 + KernelVersion v2.6.22 8 + Contact: linux-wireless@vger.kernel.org 9 + Description: This file was deprecated because there no longer was a way to 10 + claim just control over a single rfkill instance. 11 + This file was scheduled to be removed in 2012, and was removed 12 + in 2016. 13 + Values: 0: Kernel handles events

+24 -3

Documentation/ABI/stable/sysfs-class-rfkill

··· 2 2 3 3 For details to this subsystem look at Documentation/rfkill.txt. 4 4 5 - For the deprecated /sys/class/rfkill/*/state and 6 - /sys/class/rfkill/*/claim knobs of this interface look in 7 - Documentation/ABI/obsolete/sysfs-class-rfkill. 5 + For the deprecated /sys/class/rfkill/*/claim knobs of this interface look in 6 + Documentation/ABI/removed/sysfs-class-rfkill. 8 7 9 8 What: /sys/class/rfkill 10 9 Date: 09-Jul-2007 ··· 39 40 Values: A numeric value. 40 41 0: false 41 42 1: true 43 + 44 + 45 + What: /sys/class/rfkill/rfkill[0-9]+/state 46 + Date: 09-Jul-2007 47 + KernelVersion v2.6.22 48 + Contact: linux-wireless@vger.kernel.org 49 + Description: Current state of the transmitter. 50 + This file was scheduled to be removed in 2014, but due to its 51 + large number of users it will be sticking around for a bit 52 + longer. Despite it being marked as stabe, the newer "hard" and 53 + "soft" interfaces should be preffered, since it is not possible 54 + to express the 'soft and hard block' state of the rfkill driver 55 + through this interface. There will likely be another attempt to 56 + remove it in the future. 57 + Values: A numeric value. 58 + 0: RFKILL_STATE_SOFT_BLOCKED 59 + transmitter is turned off by software 60 + 1: RFKILL_STATE_UNBLOCKED 61 + transmitter is (potentially) active 62 + 2: RFKILL_STATE_HARD_BLOCKED 63 + transmitter is forced off by something outside of 64 + the driver's control. 42 65 43 66 44 67 What: /sys/class/rfkill/rfkill[0-9]+/hard

+17

Documentation/networking/mac80211-injection.txt

··· 28 28 IEEE80211_RADIOTAP_F_TX_NOACK: frame should be sent without waiting for 29 29 an ACK even if it is a unicast frame 30 30 31 + * IEEE80211_RADIOTAP_RATE 32 + 33 + legacy rate for the transmission (only for devices without own rate control) 34 + 35 + * IEEE80211_RADIOTAP_MCS 36 + 37 + HT rate for the transmission (only for devices without own rate control). 38 + Also some flags are parsed 39 + 40 + IEEE80211_TX_RC_SHORT_GI: use short guard interval 41 + IEEE80211_TX_RC_40_MHZ_WIDTH: send in HT40 mode 42 + 43 + * IEEE80211_RADIOTAP_DATA_RETRIES 44 + 45 + number of retries when either IEEE80211_RADIOTAP_RATE or 46 + IEEE80211_RADIOTAP_MCS was used 47 + 31 48 The injection code can also skip all other currently defined radiotap fields 32 49 facilitating replay of captured radiotap headers directly. 33 50

+2

Documentation/rfkill.txt

··· 83 83 assign the poll_hw_block() callback (then the rfkill core will poll the 84 84 device). Don't do this unless you cannot get the event in any other way. 85 85 86 + RFKill provides per-switch LED triggers, which can be used to drive LEDs 87 + according to the switch state (LED_FULL when blocked, LED_OFF otherwise). 86 88 87 89 88 90 5. Userspace support

+10 -7

arch/arm/mach-tegra/board-paz00.c

··· 17 17 * 18 18 */ 19 19 20 + #include <linux/property.h> 20 21 #include <linux/gpio/machine.h> 21 22 #include <linux/platform_device.h> 22 - #include <linux/rfkill-gpio.h> 23 23 24 24 #include "board.h" 25 25 26 - static struct rfkill_gpio_platform_data wifi_rfkill_platform_data = { 27 - .name = "wifi_rfkill", 28 - .type = RFKILL_TYPE_WLAN, 26 + static struct property_entry __initdata wifi_rfkill_prop[] = { 27 + PROPERTY_ENTRY_STRING("name", "wifi_rfkill"), 28 + PROPERTY_ENTRY_STRING("type", "wlan"), 29 + { }, 30 + }; 31 + 32 + static struct property_set __initdata wifi_rfkill_pset = { 33 + .properties = wifi_rfkill_prop, 29 34 }; 30 35 31 36 static struct platform_device wifi_rfkill_device = { 32 37 .name = "rfkill_gpio", 33 38 .id = -1, 34 - .dev = { 35 - .platform_data = &wifi_rfkill_platform_data, 36 - }, 37 39 }; 38 40 39 41 static struct gpiod_lookup_table wifi_gpio_lookup = { ··· 49 47 50 48 void __init tegra_paz00_wifikill_init(void) 51 49 { 50 + platform_device_add_properties(&wifi_rfkill_device, &wifi_rfkill_pset); 52 51 gpiod_add_lookup_table(&wifi_gpio_lookup); 53 52 platform_device_register(&wifi_rfkill_device); 54 53 }

+4 -3

drivers/net/wireless/ath/ath10k/mac.c

··· 6366 6366 6367 6367 static int ath10k_ampdu_action(struct ieee80211_hw *hw, 6368 6368 struct ieee80211_vif *vif, 6369 - enum ieee80211_ampdu_mlme_action action, 6370 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 6371 - u8 buf_size, bool amsdu) 6369 + struct ieee80211_ampdu_params *params) 6372 6370 { 6373 6371 struct ath10k *ar = hw->priv; 6374 6372 struct ath10k_vif *arvif = ath10k_vif_to_arvif(vif); 6373 + struct ieee80211_sta *sta = params->sta; 6374 + enum ieee80211_ampdu_mlme_action action = params->action; 6375 + u16 tid = params->tid; 6375 6376 6376 6377 ath10k_dbg(ar, ATH10K_DBG_MAC, "mac ampdu vdev_id %i sta %pM tid %hu action %d\n", 6377 6378 arvif->vdev_id, sta->addr, tid, action);

+4 -3

drivers/net/wireless/ath/ath9k/htc_drv_main.c

··· 1657 1657 1658 1658 static int ath9k_htc_ampdu_action(struct ieee80211_hw *hw, 1659 1659 struct ieee80211_vif *vif, 1660 - enum ieee80211_ampdu_mlme_action action, 1661 - struct ieee80211_sta *sta, 1662 - u16 tid, u16 *ssn, u8 buf_size, bool amsdu) 1660 + struct ieee80211_ampdu_params *params) 1663 1661 { 1664 1662 struct ath9k_htc_priv *priv = hw->priv; 1665 1663 struct ath9k_htc_sta *ista; 1666 1664 int ret = 0; 1665 + struct ieee80211_sta *sta = params->sta; 1666 + enum ieee80211_ampdu_mlme_action action = params->action; 1667 + u16 tid = params->tid; 1667 1668 1668 1669 mutex_lock(&priv->mutex); 1669 1670 ath9k_htc_ps_wakeup(priv);

+5 -3

drivers/net/wireless/ath/ath9k/main.c

··· 1864 1864 1865 1865 static int ath9k_ampdu_action(struct ieee80211_hw *hw, 1866 1866 struct ieee80211_vif *vif, 1867 - enum ieee80211_ampdu_mlme_action action, 1868 - struct ieee80211_sta *sta, 1869 - u16 tid, u16 *ssn, u8 buf_size, bool amsdu) 1867 + struct ieee80211_ampdu_params *params) 1870 1868 { 1871 1869 struct ath_softc *sc = hw->priv; 1872 1870 struct ath_common *common = ath9k_hw_common(sc->sc_ah); 1873 1871 bool flush = false; 1874 1872 int ret = 0; 1873 + struct ieee80211_sta *sta = params->sta; 1874 + enum ieee80211_ampdu_mlme_action action = params->action; 1875 + u16 tid = params->tid; 1876 + u16 *ssn = &params->ssn; 1875 1877 1876 1878 mutex_lock(&sc->mutex); 1877 1879

+5 -3

drivers/net/wireless/ath/carl9170/main.c

··· 1413 1413 1414 1414 static int carl9170_op_ampdu_action(struct ieee80211_hw *hw, 1415 1415 struct ieee80211_vif *vif, 1416 - enum ieee80211_ampdu_mlme_action action, 1417 - struct ieee80211_sta *sta, 1418 - u16 tid, u16 *ssn, u8 buf_size, bool amsdu) 1416 + struct ieee80211_ampdu_params *params) 1419 1417 { 1418 + struct ieee80211_sta *sta = params->sta; 1419 + enum ieee80211_ampdu_mlme_action action = params->action; 1420 + u16 tid = params->tid; 1421 + u16 *ssn = &params->ssn; 1420 1422 struct ar9170 *ar = hw->priv; 1421 1423 struct carl9170_sta_info *sta_info = (void *) sta->drv_priv; 1422 1424 struct carl9170_sta_tid *tid_info;

+5 -3

drivers/net/wireless/ath/wcn36xx/main.c

··· 857 857 858 858 static int wcn36xx_ampdu_action(struct ieee80211_hw *hw, 859 859 struct ieee80211_vif *vif, 860 - enum ieee80211_ampdu_mlme_action action, 861 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 862 - u8 buf_size, bool amsdu) 860 + struct ieee80211_ampdu_params *params) 863 861 { 864 862 struct wcn36xx *wcn = hw->priv; 865 863 struct wcn36xx_sta *sta_priv = NULL; 864 + struct ieee80211_sta *sta = params->sta; 865 + enum ieee80211_ampdu_mlme_action action = params->action; 866 + u16 tid = params->tid; 867 + u16 *ssn = &params->ssn; 866 868 867 869 wcn36xx_dbg(WCN36XX_DBG_MAC, "mac ampdu action action %d tid %d\n", 868 870 action, tid);

+10

drivers/net/wireless/ath/wil6210/cfg80211.c

··· 422 422 if (sme->privacy && !rsn_eid) 423 423 wil_info(wil, "WSC connection\n"); 424 424 425 + if (sme->pbss) { 426 + wil_err(wil, "connect - PBSS not yet supported\n"); 427 + return -EOPNOTSUPP; 428 + } 429 + 425 430 bss = cfg80211_get_bss(wiphy, sme->channel, sme->bssid, 426 431 sme->ssid, sme->ssid_len, 427 432 IEEE80211_BSS_TYPE_ESS, IEEE80211_PRIVACY_ANY); ··· 873 868 if (!channel) { 874 869 wil_err(wil, "AP: No channel???\n"); 875 870 return -EINVAL; 871 + } 872 + 873 + if (info->pbss) { 874 + wil_err(wil, "AP: PBSS not yet supported\n"); 875 + return -EOPNOTSUPP; 876 876 } 877 877 878 878 switch (info->hidden_ssid) {

+5 -3

drivers/net/wireless/broadcom/brcm80211/brcmsmac/mac80211_if.c

··· 818 818 static int 819 819 brcms_ops_ampdu_action(struct ieee80211_hw *hw, 820 820 struct ieee80211_vif *vif, 821 - enum ieee80211_ampdu_mlme_action action, 822 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 823 - u8 buf_size, bool amsdu) 821 + struct ieee80211_ampdu_params *params) 824 822 { 825 823 struct brcms_info *wl = hw->priv; 826 824 struct scb *scb = &wl->wlc->pri_scb; 827 825 int status; 826 + struct ieee80211_sta *sta = params->sta; 827 + enum ieee80211_ampdu_mlme_action action = params->action; 828 + u16 tid = params->tid; 829 + u8 buf_size = params->buf_size; 828 830 829 831 if (WARN_ON(scb->magic != SCB_MAGIC)) 830 832 return -EIDRM;

+5 -3

drivers/net/wireless/intel/iwlegacy/4965-mac.c

··· 5982 5982 5983 5983 int 5984 5984 il4965_mac_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 5985 - enum ieee80211_ampdu_mlme_action action, 5986 - struct ieee80211_sta *sta, u16 tid, u16 * ssn, 5987 - u8 buf_size, bool amsdu) 5985 + struct ieee80211_ampdu_params *params) 5988 5986 { 5989 5987 struct il_priv *il = hw->priv; 5990 5988 int ret = -EINVAL; 5989 + struct ieee80211_sta *sta = params->sta; 5990 + enum ieee80211_ampdu_mlme_action action = params->action; 5991 + u16 tid = params->tid; 5992 + u16 *ssn = &params->ssn; 5991 5993 5992 5994 D_HT("A-MPDU action on addr %pM tid %d\n", sta->addr, tid); 5993 5995

+1 -3

drivers/net/wireless/intel/iwlegacy/4965.h

··· 182 182 struct ieee80211_sta *sta, u32 iv32, 183 183 u16 *phase1key); 184 184 int il4965_mac_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 185 - enum ieee80211_ampdu_mlme_action action, 186 - struct ieee80211_sta *sta, u16 tid, u16 * ssn, 187 - u8 buf_size, bool amsdu); 185 + struct ieee80211_ampdu_params *params); 188 186 int il4965_mac_sta_add(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 189 187 struct ieee80211_sta *sta); 190 188 void

+8 -12

drivers/net/wireless/intel/iwlwifi/dvm/lib.c

··· 943 943 switch (key->cipher) { 944 944 case WLAN_CIPHER_SUITE_TKIP: 945 945 if (sta) { 946 + u64 pn64; 947 + 946 948 tkip_sc = data->rsc_tsc->all_tsc_rsc.tkip.unicast_rsc; 947 949 tkip_tx_sc = &data->rsc_tsc->all_tsc_rsc.tkip.tsc; 948 950 949 951 rx_p1ks = data->tkip->rx_uni; 950 952 951 - ieee80211_get_key_tx_seq(key, &seq); 952 - tkip_tx_sc->iv16 = cpu_to_le16(seq.tkip.iv16); 953 - tkip_tx_sc->iv32 = cpu_to_le32(seq.tkip.iv32); 953 + pn64 = atomic64_read(&key->tx_pn); 954 + tkip_tx_sc->iv16 = cpu_to_le16(TKIP_PN_TO_IV16(pn64)); 955 + tkip_tx_sc->iv32 = cpu_to_le32(TKIP_PN_TO_IV32(pn64)); 954 956 955 957 ieee80211_get_tkip_p1k_iv(key, seq.tkip.iv32, p1k); 956 958 iwlagn_convert_p1k(p1k, data->tkip->tx.p1k); ··· 998 996 break; 999 997 case WLAN_CIPHER_SUITE_CCMP: 1000 998 if (sta) { 1001 - u8 *pn = seq.ccmp.pn; 999 + u64 pn64; 1002 1000 1003 1001 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.unicast_rsc; 1004 1002 aes_tx_sc = &data->rsc_tsc->all_tsc_rsc.aes.tsc; 1005 1003 1006 - ieee80211_get_key_tx_seq(key, &seq); 1007 - aes_tx_sc->pn = cpu_to_le64( 1008 - (u64)pn[5] | 1009 - ((u64)pn[4] << 8) | 1010 - ((u64)pn[3] << 16) | 1011 - ((u64)pn[2] << 24) | 1012 - ((u64)pn[1] << 32) | 1013 - ((u64)pn[0] << 40)); 1004 + pn64 = atomic64_read(&key->tx_pn); 1005 + aes_tx_sc->pn = cpu_to_le64(pn64); 1014 1006 } else 1015 1007 aes_sc = data->rsc_tsc->all_tsc_rsc.aes.multicast_rsc; 1016 1008

+6 -3

drivers/net/wireless/intel/iwlwifi/dvm/mac80211.c

··· 732 732 733 733 static int iwlagn_mac_ampdu_action(struct ieee80211_hw *hw, 734 734 struct ieee80211_vif *vif, 735 - enum ieee80211_ampdu_mlme_action action, 736 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 737 - u8 buf_size, bool amsdu) 735 + struct ieee80211_ampdu_params *params) 738 736 { 739 737 struct iwl_priv *priv = IWL_MAC80211_GET_DVM(hw); 740 738 int ret = -EINVAL; 739 + struct ieee80211_sta *sta = params->sta; 740 + enum ieee80211_ampdu_mlme_action action = params->action; 741 + u16 tid = params->tid; 742 + u16 *ssn = &params->ssn; 743 + u8 buf_size = params->buf_size; 741 744 struct iwl_station_priv *sta_priv = (void *) sta->drv_priv; 742 745 743 746 IWL_DEBUG_HT(priv, "A-MPDU action on addr %pM tid %d\n",

+10 -5

drivers/net/wireless/intel/iwlwifi/mvm/d3.c

··· 251 251 return; 252 252 case WLAN_CIPHER_SUITE_TKIP: 253 253 if (sta) { 254 + u64 pn64; 255 + 254 256 tkip_sc = data->rsc_tsc->all_tsc_rsc.tkip.unicast_rsc; 255 257 tkip_tx_sc = &data->rsc_tsc->all_tsc_rsc.tkip.tsc; 256 258 257 259 rx_p1ks = data->tkip->rx_uni; 258 260 259 - ieee80211_get_key_tx_seq(key, &seq); 260 - tkip_tx_sc->iv16 = cpu_to_le16(seq.tkip.iv16); 261 - tkip_tx_sc->iv32 = cpu_to_le32(seq.tkip.iv32); 261 + pn64 = atomic64_read(&key->tx_pn); 262 + tkip_tx_sc->iv16 = cpu_to_le16(TKIP_PN_TO_IV16(pn64)); 263 + tkip_tx_sc->iv32 = cpu_to_le32(TKIP_PN_TO_IV32(pn64)); 262 264 263 - ieee80211_get_tkip_p1k_iv(key, seq.tkip.iv32, p1k); 265 + ieee80211_get_tkip_p1k_iv(key, TKIP_PN_TO_IV32(pn64), 266 + p1k); 264 267 iwl_mvm_convert_p1k(p1k, data->tkip->tx.p1k); 265 268 266 269 memcpy(data->tkip->mic_keys.tx, ··· 1617 1614 case WLAN_CIPHER_SUITE_TKIP: 1618 1615 iwl_mvm_tkip_sc_to_seq(&sc->tkip.tsc, &seq); 1619 1616 iwl_mvm_set_tkip_rx_seq(sc->tkip.unicast_rsc, key); 1620 - ieee80211_set_key_tx_seq(key, &seq); 1617 + atomic64_set(&key->tx_pn, 1618 + (u64)seq.tkip.iv16 | 1619 + ((u64)seq.tkip.iv32 << 16)); 1621 1620 break; 1622 1621 } 1623 1622

+7 -4

drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c

··· 837 837 838 838 static int iwl_mvm_mac_ampdu_action(struct ieee80211_hw *hw, 839 839 struct ieee80211_vif *vif, 840 - enum ieee80211_ampdu_mlme_action action, 841 - struct ieee80211_sta *sta, u16 tid, 842 - u16 *ssn, u8 buf_size, bool amsdu) 840 + struct ieee80211_ampdu_params *params) 843 841 { 844 842 struct iwl_mvm *mvm = IWL_MAC80211_GET_MVM(hw); 845 843 int ret; 846 844 bool tx_agg_ref = false; 845 + struct ieee80211_sta *sta = params->sta; 846 + enum ieee80211_ampdu_mlme_action action = params->action; 847 + u16 tid = params->tid; 848 + u16 *ssn = &params->ssn; 849 + u8 buf_size = params->buf_size; 847 850 848 851 IWL_DEBUG_HT(mvm, "A-MPDU action on addr %pM tid %d: action %d\n", 849 852 sta->addr, tid, action); ··· 2585 2582 switch (key->cipher) { 2586 2583 case WLAN_CIPHER_SUITE_TKIP: 2587 2584 key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC; 2588 - key->flags |= IEEE80211_KEY_FLAG_GENERATE_IV; 2585 + key->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE; 2589 2586 break; 2590 2587 case WLAN_CIPHER_SUITE_CCMP: 2591 2588 key->flags |= IEEE80211_KEY_FLAG_PUT_IV_SPACE;

+2

drivers/net/wireless/intel/iwlwifi/mvm/tx.c

··· 299 299 300 300 case WLAN_CIPHER_SUITE_TKIP: 301 301 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP; 302 + pn = atomic64_inc_return(&keyconf->tx_pn); 303 + ieee80211_tkip_add_iv(crypto_hdr, keyconf, pn); 302 304 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key); 303 305 break; 304 306

+6 -6

drivers/net/wireless/mac80211_hwsim.c

··· 1334 1334 data->tx_bytes += skb->len; 1335 1335 ack = mac80211_hwsim_tx_frame_no_nl(hw, skb, channel); 1336 1336 1337 - if (ack && skb->len >= 16) { 1338 - struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 1337 + if (ack && skb->len >= 16) 1339 1338 mac80211_hwsim_monitor_ack(channel, hdr->addr2); 1340 - } 1341 1339 1342 1340 ieee80211_tx_info_clear_status(txi); 1343 1341 ··· 1844 1846 1845 1847 static int mac80211_hwsim_ampdu_action(struct ieee80211_hw *hw, 1846 1848 struct ieee80211_vif *vif, 1847 - enum ieee80211_ampdu_mlme_action action, 1848 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 1849 - u8 buf_size, bool amsdu) 1849 + struct ieee80211_ampdu_params *params) 1850 1850 { 1851 + struct ieee80211_sta *sta = params->sta; 1852 + enum ieee80211_ampdu_mlme_action action = params->action; 1853 + u16 tid = params->tid; 1854 + 1851 1855 switch (action) { 1852 1856 case IEEE80211_AMPDU_TX_START: 1853 1857 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);

+6 -4

drivers/net/wireless/marvell/mwl8k.c

··· 5421 5421 5422 5422 static int 5423 5423 mwl8k_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 5424 - enum ieee80211_ampdu_mlme_action action, 5425 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 5426 - u8 buf_size, bool amsdu) 5424 + struct ieee80211_ampdu_params *params) 5427 5425 { 5428 - 5426 + struct ieee80211_sta *sta = params->sta; 5427 + enum ieee80211_ampdu_mlme_action action = params->action; 5428 + u16 tid = params->tid; 5429 + u16 *ssn = &params->ssn; 5430 + u8 buf_size = params->buf_size; 5429 5431 int i, rc = 0; 5430 5432 struct mwl8k_priv *priv = hw->priv; 5431 5433 struct mwl8k_ampdu_stream *stream;

+5 -3

drivers/net/wireless/mediatek/mt7601u/main.c

··· 334 334 335 335 static int 336 336 mt76_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 337 - enum ieee80211_ampdu_mlme_action action, 338 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, u8 buf_size, 339 - bool amsdu) 337 + struct ieee80211_ampdu_params *params) 340 338 { 341 339 struct mt7601u_dev *dev = hw->priv; 340 + struct ieee80211_sta *sta = params->sta; 341 + enum ieee80211_ampdu_mlme_action action = params->action; 342 + u16 tid = params->tid; 343 + u16 *ssn = &params->ssn; 342 344 struct mt76_sta *msta = (struct mt76_sta *) sta->drv_priv; 343 345 344 346 WARN_ON(msta->wcid.idx > GROUP_WCID(0));

+4 -3

drivers/net/wireless/ralink/rt2x00/rt2800lib.c

··· 7936 7936 EXPORT_SYMBOL_GPL(rt2800_get_tsf); 7937 7937 7938 7938 int rt2800_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 7939 - enum ieee80211_ampdu_mlme_action action, 7940 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 7941 - u8 buf_size, bool amsdu) 7939 + struct ieee80211_ampdu_params *params) 7942 7940 { 7941 + struct ieee80211_sta *sta = params->sta; 7942 + enum ieee80211_ampdu_mlme_action action = params->action; 7943 + u16 tid = params->tid; 7943 7944 struct rt2x00_sta *sta_priv = (struct rt2x00_sta *)sta->drv_priv; 7944 7945 int ret = 0; 7945 7946

+1 -3

drivers/net/wireless/ralink/rt2x00/rt2800lib.h

··· 218 218 const struct ieee80211_tx_queue_params *params); 219 219 u64 rt2800_get_tsf(struct ieee80211_hw *hw, struct ieee80211_vif *vif); 220 220 int rt2800_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 221 - enum ieee80211_ampdu_mlme_action action, 222 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 223 - u8 buf_size, bool amsdu); 221 + struct ieee80211_ampdu_params *params); 224 222 int rt2800_get_survey(struct ieee80211_hw *hw, int idx, 225 223 struct survey_info *survey); 226 224 void rt2800_disable_wpdma(struct rt2x00_dev *rt2x00dev);

+3 -3

drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu.c

··· 5375 5375 5376 5376 static int 5377 5377 rtl8xxxu_ampdu_action(struct ieee80211_hw *hw, struct ieee80211_vif *vif, 5378 - enum ieee80211_ampdu_mlme_action action, 5379 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, u8 buf_size, 5380 - bool amsdu) 5378 + struct ieee80211_ampdu_params *params) 5381 5379 { 5382 5380 struct rtl8xxxu_priv *priv = hw->priv; 5383 5381 struct device *dev = &priv->udev->dev; 5384 5382 u8 ampdu_factor, ampdu_density; 5383 + struct ieee80211_sta *sta = params->sta; 5384 + enum ieee80211_ampdu_mlme_action action = params->action; 5385 5385 5386 5386 switch (action) { 5387 5387 case IEEE80211_AMPDU_TX_START:

+5 -3

drivers/net/wireless/realtek/rtlwifi/core.c

··· 1371 1371 1372 1372 static int rtl_op_ampdu_action(struct ieee80211_hw *hw, 1373 1373 struct ieee80211_vif *vif, 1374 - enum ieee80211_ampdu_mlme_action action, 1375 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 1376 - u8 buf_size, bool amsdu) 1374 + struct ieee80211_ampdu_params *params) 1377 1375 { 1378 1376 struct rtl_priv *rtlpriv = rtl_priv(hw); 1377 + struct ieee80211_sta *sta = params->sta; 1378 + enum ieee80211_ampdu_mlme_action action = params->action; 1379 + u16 tid = params->tid; 1380 + u16 *ssn = &params->ssn; 1379 1381 1380 1382 switch (action) { 1381 1383 case IEEE80211_AMPDU_TX_START:

+7 -12

drivers/net/wireless/rsi/rsi_91x_mac80211.c

··· 659 659 * informs the f/w regarding this. 660 660 * @hw: Pointer to the ieee80211_hw structure. 661 661 * @vif: Pointer to the ieee80211_vif structure. 662 - * @action: ieee80211_ampdu_mlme_action enum. 663 - * @sta: Pointer to the ieee80211_sta structure. 664 - * @tid: Traffic identifier. 665 - * @ssn: Pointer to ssn value. 666 - * @buf_size: Buffer size (for kernel version > 2.6.38). 667 - * @amsdu: is AMSDU in AMPDU allowed 662 + * @params: Pointer to A-MPDU action parameters 668 663 * 669 664 * Return: status: 0 on success, negative error code on failure. 670 665 */ 671 666 static int rsi_mac80211_ampdu_action(struct ieee80211_hw *hw, 672 667 struct ieee80211_vif *vif, 673 - enum ieee80211_ampdu_mlme_action action, 674 - struct ieee80211_sta *sta, 675 - unsigned short tid, 676 - unsigned short *ssn, 677 - unsigned char buf_size, 678 - bool amsdu) 668 + struct ieee80211_ampdu_params *params) 679 669 { 680 670 int status = -EOPNOTSUPP; 681 671 struct rsi_hw *adapter = hw->priv; 682 672 struct rsi_common *common = adapter->priv; 683 673 u16 seq_no = 0; 684 674 u8 ii = 0; 675 + struct ieee80211_sta *sta = params->sta; 676 + enum ieee80211_ampdu_mlme_action action = params->action; 677 + u16 tid = params->tid; 678 + u16 *ssn = &params->ssn; 679 + u8 buf_size = params->buf_size; 685 680 686 681 for (ii = 0; ii < RSI_MAX_VIFS; ii++) { 687 682 if (vif == adapter->vifs[ii])

+1 -3

drivers/net/wireless/st/cw1200/sta.c

··· 2129 2129 2130 2130 int cw1200_ampdu_action(struct ieee80211_hw *hw, 2131 2131 struct ieee80211_vif *vif, 2132 - enum ieee80211_ampdu_mlme_action action, 2133 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 2134 - u8 buf_size, bool amsdu) 2132 + struct ieee80211_ampdu_params *params) 2135 2133 { 2136 2134 /* Aggregation is implemented fully in firmware, 2137 2135 * including block ack negotiation. Do not allow

+1 -3

drivers/net/wireless/st/cw1200/sta.h

··· 109 109 u32 changed); 110 110 int cw1200_ampdu_action(struct ieee80211_hw *hw, 111 111 struct ieee80211_vif *vif, 112 - enum ieee80211_ampdu_mlme_action action, 113 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 114 - u8 buf_size, bool amsdu); 112 + struct ieee80211_ampdu_params *params); 115 113 116 114 void cw1200_suspend_resume(struct cw1200_common *priv, 117 115 struct wsm_suspend_resume *arg);

+5 -3

drivers/net/wireless/ti/wlcore/main.c

··· 5187 5187 5188 5188 static int wl1271_op_ampdu_action(struct ieee80211_hw *hw, 5189 5189 struct ieee80211_vif *vif, 5190 - enum ieee80211_ampdu_mlme_action action, 5191 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 5192 - u8 buf_size, bool amsdu) 5190 + struct ieee80211_ampdu_params *params) 5193 5191 { 5194 5192 struct wl1271 *wl = hw->priv; 5195 5193 struct wl12xx_vif *wlvif = wl12xx_vif_to_data(vif); 5196 5194 int ret; 5197 5195 u8 hlid, *ba_bitmap; 5196 + struct ieee80211_sta *sta = params->sta; 5197 + enum ieee80211_ampdu_mlme_action action = params->action; 5198 + u16 tid = params->tid; 5199 + u16 *ssn = &params->ssn; 5198 5200 5199 5201 wl1271_debug(DEBUG_MAC80211, "mac80211 ampdu action %d tid %d", action, 5200 5202 tid);

+8 -4

drivers/staging/vt6655/rxtx.c

··· 1210 1210 struct sk_buff *skb, u16 payload_len, 1211 1211 struct vnt_mic_hdr *mic_hdr) 1212 1212 { 1213 - struct ieee80211_key_seq seq; 1213 + u64 pn64; 1214 1214 u8 *iv = ((u8 *)hdr + ieee80211_get_hdrlen_from_skb(skb)); 1215 1215 1216 1216 /* strip header and icv len from payload */ ··· 1243 1243 mic_hdr->payload_len = cpu_to_be16(payload_len); 1244 1244 ether_addr_copy(mic_hdr->mic_addr2, hdr->addr2); 1245 1245 1246 - ieee80211_get_key_tx_seq(tx_key, &seq); 1247 - 1248 - memcpy(mic_hdr->ccmp_pn, seq.ccmp.pn, IEEE80211_CCMP_PN_LEN); 1246 + pn64 = atomic64_read(&tx_key->tx_pn); 1247 + mic_hdr->ccmp_pn[5] = pn64; 1248 + mic_hdr->ccmp_pn[4] = pn64 >> 8; 1249 + mic_hdr->ccmp_pn[3] = pn64 >> 16; 1250 + mic_hdr->ccmp_pn[2] = pn64 >> 24; 1251 + mic_hdr->ccmp_pn[1] = pn64 >> 32; 1252 + mic_hdr->ccmp_pn[0] = pn64 >> 40; 1249 1253 1250 1254 if (ieee80211_has_a4(hdr->frame_control)) 1251 1255 mic_hdr->hlen = cpu_to_be16(28);

+8 -4

drivers/staging/vt6656/rxtx.c

··· 716 716 u16 payload_len, struct vnt_mic_hdr *mic_hdr) 717 717 { 718 718 struct ieee80211_hdr *hdr = tx_context->hdr; 719 - struct ieee80211_key_seq seq; 719 + u64 pn64; 720 720 u8 *iv = ((u8 *)hdr + ieee80211_get_hdrlen_from_skb(skb)); 721 721 722 722 /* strip header and icv len from payload */ ··· 749 749 mic_hdr->payload_len = cpu_to_be16(payload_len); 750 750 ether_addr_copy(mic_hdr->mic_addr2, hdr->addr2); 751 751 752 - ieee80211_get_key_tx_seq(tx_key, &seq); 753 - 754 - memcpy(mic_hdr->ccmp_pn, seq.ccmp.pn, IEEE80211_CCMP_PN_LEN); 752 + pn64 = atomic64_read(&tx_key->tx_pn); 753 + mic_hdr->ccmp_pn[5] = pn64; 754 + mic_hdr->ccmp_pn[4] = pn64 >> 8; 755 + mic_hdr->ccmp_pn[3] = pn64 >> 16; 756 + mic_hdr->ccmp_pn[2] = pn64 >> 24; 757 + mic_hdr->ccmp_pn[1] = pn64 >> 32; 758 + mic_hdr->ccmp_pn[0] = pn64 >> 40; 755 759 756 760 if (ieee80211_has_a4(hdr->frame_control)) 757 761 mic_hdr->hlen = cpu_to_be16(28);

+26

include/linux/ieee80211.h

··· 163 163 /* 30 byte 4 addr hdr, 2 byte QoS, 2304 byte MSDU, 12 byte crypt, 4 byte FCS */ 164 164 #define IEEE80211_MAX_FRAME_LEN 2352 165 165 166 + /* Maximal size of an A-MSDU */ 167 + #define IEEE80211_MAX_MPDU_LEN_HT_3839 3839 168 + #define IEEE80211_MAX_MPDU_LEN_HT_7935 7935 169 + 170 + #define IEEE80211_MAX_MPDU_LEN_VHT_3895 3895 171 + #define IEEE80211_MAX_MPDU_LEN_VHT_7991 7991 172 + #define IEEE80211_MAX_MPDU_LEN_VHT_11454 11454 173 + 166 174 #define IEEE80211_MAX_SSID_LEN 32 167 175 168 176 #define IEEE80211_MAX_MESH_ID_LEN 32 ··· 851 843 }; 852 844 853 845 #define WLAN_SA_QUERY_TR_ID_LEN 2 846 + #define WLAN_MEMBERSHIP_LEN 8 847 + #define WLAN_USER_POSITION_LEN 16 854 848 855 849 /** 856 850 * struct ieee80211_tpc_report_ie ··· 999 989 u8 action_code; 1000 990 u8 operating_mode; 1001 991 } __packed vht_opmode_notif; 992 + struct { 993 + u8 action_code; 994 + u8 membership[WLAN_MEMBERSHIP_LEN]; 995 + u8 position[WLAN_USER_POSITION_LEN]; 996 + } __packed vht_group_notif; 1002 997 struct { 1003 998 u8 action_code; 1004 999 u8 dialog_token; ··· 1513 1498 #define IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895 0x00000000 1514 1499 #define IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991 0x00000001 1515 1500 #define IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 0x00000002 1501 + #define IEEE80211_VHT_CAP_MAX_MPDU_MASK 0x00000003 1516 1502 #define IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ 0x00000004 1517 1503 #define IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ 0x00000008 1518 1504 #define IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK 0x0000000C ··· 2094 2078 2095 2079 #define WLAN_EXT_CAPA8_TDLS_WIDE_BW_ENABLED BIT(5) 2096 2080 #define WLAN_EXT_CAPA8_OPMODE_NOTIF BIT(6) 2081 + 2082 + /* Defines the maximal number of MSDUs in an A-MSDU. */ 2083 + #define WLAN_EXT_CAPA8_MAX_MSDU_IN_AMSDU_LSB BIT(7) 2084 + #define WLAN_EXT_CAPA9_MAX_MSDU_IN_AMSDU_MSB BIT(0) 2085 + 2086 + /* 2087 + * Fine Timing Measurement Initiator - bit 71 of @WLAN_EID_EXT_CAPABILITY 2088 + * information element 2089 + */ 2090 + #define WLAN_EXT_CAPA9_FTM_INITIATOR BIT(7) 2097 2091 2098 2092 /* TDLS specific payload type in the LLC/SNAP header */ 2099 2093 #define WLAN_TDLS_SNAP_RFTYPE 0x2

-37

include/linux/rfkill-gpio.h

··· 1 - /* 2 - * Copyright (c) 2011, NVIDIA Corporation. 3 - * 4 - * This program is free software; you can redistribute it and/or modify 5 - * it under the terms of the GNU General Public License as published by 6 - * the Free Software Foundation; either version 2 of the License, or 7 - * (at your option) any later version. 8 - * 9 - * This program is distributed in the hope that it will be useful, but WITHOUT 10 - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for 12 - * more details. 13 - * 14 - * You should have received a copy of the GNU General Public License along 15 - * with this program; if not, write to the Free Software Foundation, Inc., 16 - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 17 - */ 18 - 19 - 20 - #ifndef __RFKILL_GPIO_H 21 - #define __RFKILL_GPIO_H 22 - 23 - #include <linux/types.h> 24 - #include <linux/rfkill.h> 25 - 26 - /** 27 - * struct rfkill_gpio_platform_data - platform data for rfkill gpio device. 28 - * for unused gpio's, the expected value is -1. 29 - * @name: name for the gpio rf kill instance 30 - */ 31 - 32 - struct rfkill_gpio_platform_data { 33 - char *name; 34 - enum rfkill_type type; 35 - }; 36 - 37 - #endif /* __RFKILL_GPIO_H */

+17 -1

include/linux/rfkill.h

··· 104 104 * 105 105 * Pause polling -- say transmitter is off for other reasons. 106 106 * NOTE: not necessary for suspend/resume -- in that case the 107 - * core stops polling anyway 107 + * core stops polling anyway (but will also correctly handle 108 + * the case of polling having been paused before suspend.) 108 109 */ 109 110 void rfkill_pause_polling(struct rfkill *rfkill); 110 111 ··· 213 212 * @rfkill: rfkill struct to query 214 213 */ 215 214 bool rfkill_blocked(struct rfkill *rfkill); 215 + 216 + /** 217 + * rfkill_find_type - Helpper for finding rfkill type by name 218 + * @name: the name of the type 219 + * 220 + * Returns enum rfkill_type that conrresponds the name. 221 + */ 222 + enum rfkill_type rfkill_find_type(const char *name); 223 + 216 224 #else /* !RFKILL */ 217 225 static inline struct rfkill * __must_check 218 226 rfkill_alloc(const char *name, ··· 278 268 { 279 269 return false; 280 270 } 271 + 272 + static inline enum rfkill_type rfkill_find_type(const char *name) 273 + { 274 + return RFKILL_TYPE_ALL; 275 + } 276 + 281 277 #endif /* RFKILL || RFKILL_MODULE */ 282 278 283 279

+8

include/net/cfg80211.h

··· 712 712 * @p2p_opp_ps: P2P opportunistic PS 713 713 * @acl: ACL configuration used by the drivers which has support for 714 714 * MAC address based access control 715 + * @pbss: If set, start as a PCP instead of AP. Relevant for DMG 716 + * networks. 715 717 */ 716 718 struct cfg80211_ap_settings { 717 719 struct cfg80211_chan_def chandef; ··· 732 730 u8 p2p_ctwindow; 733 731 bool p2p_opp_ps; 734 732 const struct cfg80211_acl_data *acl; 733 + bool pbss; 735 734 }; 736 735 737 736 /** ··· 1891 1888 * @ht_capa_mask: The bits of ht_capa which are to be used. 1892 1889 * @vht_capa: VHT Capability overrides 1893 1890 * @vht_capa_mask: The bits of vht_capa which are to be used. 1891 + * @pbss: if set, connect to a PCP instead of AP. Valid for DMG 1892 + * networks. 1894 1893 */ 1895 1894 struct cfg80211_connect_params { 1896 1895 struct ieee80211_channel *channel; ··· 1915 1910 struct ieee80211_ht_cap ht_capa_mask; 1916 1911 struct ieee80211_vht_cap vht_capa; 1917 1912 struct ieee80211_vht_cap vht_capa_mask; 1913 + bool pbss; 1918 1914 }; 1919 1915 1920 1916 /** ··· 3495 3489 * registered for unexpected class 3 frames (AP mode) 3496 3490 * @conn: (private) cfg80211 software SME connection state machine data 3497 3491 * @connect_keys: (private) keys to set after connection is established 3492 + * @conn_bss_type: connecting/connected BSS type 3498 3493 * @ibss_fixed: (private) IBSS is using fixed BSSID 3499 3494 * @ibss_dfs_possible: (private) IBSS may change to a DFS channel 3500 3495 * @event_list: (private) list for internal event processing ··· 3526 3519 u8 ssid_len, mesh_id_len, mesh_id_up_len; 3527 3520 struct cfg80211_conn *conn; 3528 3521 struct cfg80211_cached_keys *connect_keys; 3522 + enum ieee80211_bss_type conn_bss_type; 3529 3523 3530 3524 struct list_head event_list; 3531 3525 spinlock_t event_lock;

+152 -46

include/net/mac80211.h

··· 5 5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 6 6 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net> 7 7 * Copyright 2013-2014 Intel Mobile Communications GmbH 8 - * Copyright (C) 2015 Intel Deutschland GmbH 8 + * Copyright (C) 2015 - 2016 Intel Deutschland GmbH 9 9 * 10 10 * This program is free software; you can redistribute it and/or modify 11 11 * it under the terms of the GNU General Public License version 2 as ··· 298 298 * note that this is only called when it changes after the channel 299 299 * context had been assigned. 300 300 * @BSS_CHANGED_OCB: OCB join status changed 301 + * @BSS_CHANGED_MU_GROUPS: VHT MU-MIMO group id or user position changed 301 302 */ 302 303 enum ieee80211_bss_change { 303 304 BSS_CHANGED_ASSOC = 1<<0, ··· 324 323 BSS_CHANGED_BEACON_INFO = 1<<20, 325 324 BSS_CHANGED_BANDWIDTH = 1<<21, 326 325 BSS_CHANGED_OCB = 1<<22, 326 + BSS_CHANGED_MU_GROUPS = 1<<23, 327 327 328 328 /* when adding here, make sure to change ieee80211_reconfig */ 329 329 }; ··· 438 436 }; 439 437 440 438 /** 439 + * struct ieee80211_mu_group_data - STA's VHT MU-MIMO group data 440 + * 441 + * This structure describes the group id data of VHT MU-MIMO 442 + * 443 + * @membership: 64 bits array - a bit is set if station is member of the group 444 + * @position: 2 bits per group id indicating the position in the group 445 + */ 446 + struct ieee80211_mu_group_data { 447 + u8 membership[WLAN_MEMBERSHIP_LEN]; 448 + u8 position[WLAN_USER_POSITION_LEN]; 449 + }; 450 + 451 + /** 441 452 * struct ieee80211_bss_conf - holds the BSS's changing parameters 442 453 * 443 454 * This structure keeps information about a BSS (and an association ··· 492 477 * @enable_beacon: whether beaconing should be enabled or not 493 478 * @chandef: Channel definition for this BSS -- the hardware might be 494 479 * configured a higher bandwidth than this BSS uses, for example. 480 + * @mu_group: VHT MU-MIMO group membership data 495 481 * @ht_operation_mode: HT operation mode like in &struct ieee80211_ht_operation. 496 482 * This field is only valid when the channel is a wide HT/VHT channel. 497 483 * Note that with TDLS this can be the case (channel is HT, protection must ··· 551 535 s32 cqm_rssi_thold; 552 536 u32 cqm_rssi_hyst; 553 537 struct cfg80211_chan_def chandef; 538 + struct ieee80211_mu_group_data mu_group; 554 539 __be32 arp_addr_list[IEEE80211_BSS_ARP_ADDR_LIST_LEN]; 555 540 int arp_addr_cnt; 556 541 bool qos; ··· 708 691 * protocol frame (e.g. EAP) 709 692 * @IEEE80211_TX_CTRL_PS_RESPONSE: This frame is a response to a poll 710 693 * frame (PS-Poll or uAPSD). 694 + * @IEEE80211_TX_CTRL_RATE_INJECT: This frame is injected with rate information 711 695 * 712 696 * These flags are used in tx_info->control.flags. 713 697 */ 714 698 enum mac80211_tx_control_flags { 715 699 IEEE80211_TX_CTRL_PORT_CTRL_PROTO = BIT(0), 716 700 IEEE80211_TX_CTRL_PS_RESPONSE = BIT(1), 701 + IEEE80211_TX_CTRL_RATE_INJECT = BIT(2), 717 702 }; 718 703 719 704 /* ··· 1012 993 * @RX_FLAG_MACTIME_END: The timestamp passed in the RX status (@mactime 1013 994 * field) is valid and contains the time the last symbol of the MPDU 1014 995 * (including FCS) was received. 996 + * @RX_FLAG_MACTIME_PLCP_START: The timestamp passed in the RX status (@mactime 997 + * field) is valid and contains the time the SYNC preamble was received. 1015 998 * @RX_FLAG_SHORTPRE: Short preamble was used for this frame 1016 999 * @RX_FLAG_HT: HT MCS was used and rate_idx is MCS index 1017 1000 * @RX_FLAG_VHT: VHT MCS was used and rate_index is MCS index ··· 1035 1014 * @RX_FLAG_AMPDU_DELIM_CRC_KNOWN: The delimiter CRC field is known (the CRC 1036 1015 * is stored in the @ampdu_delimiter_crc field) 1037 1016 * @RX_FLAG_LDPC: LDPC was used 1017 + * @RX_FLAG_ONLY_MONITOR: Report frame only to monitor interfaces without 1018 + * processing it in any regular way. 1019 + * This is useful if drivers offload some frames but still want to report 1020 + * them for sniffing purposes. 1021 + * @RX_FLAG_SKIP_MONITOR: Process and report frame to all interfaces except 1022 + * monitor interfaces. 1023 + * This is useful if drivers offload some frames but still want to report 1024 + * them for sniffing purposes. 1038 1025 * @RX_FLAG_STBC_MASK: STBC 2 bit bitmask. 1 - Nss=1, 2 - Nss=2, 3 - Nss=3 1039 1026 * @RX_FLAG_10MHZ: 10 MHz (half channel) was used 1040 1027 * @RX_FLAG_5MHZ: 5 MHz (quarter channel) was used ··· 1062 1033 enum mac80211_rx_flags { 1063 1034 RX_FLAG_MMIC_ERROR = BIT(0), 1064 1035 RX_FLAG_DECRYPTED = BIT(1), 1036 + RX_FLAG_MACTIME_PLCP_START = BIT(2), 1065 1037 RX_FLAG_MMIC_STRIPPED = BIT(3), 1066 1038 RX_FLAG_IV_STRIPPED = BIT(4), 1067 1039 RX_FLAG_FAILED_FCS_CRC = BIT(5), ··· 1076 1046 RX_FLAG_HT_GF = BIT(13), 1077 1047 RX_FLAG_AMPDU_DETAILS = BIT(14), 1078 1048 RX_FLAG_PN_VALIDATED = BIT(15), 1079 - /* bit 16 free */ 1049 + RX_FLAG_DUP_VALIDATED = BIT(16), 1080 1050 RX_FLAG_AMPDU_LAST_KNOWN = BIT(17), 1081 1051 RX_FLAG_AMPDU_IS_LAST = BIT(18), 1082 1052 RX_FLAG_AMPDU_DELIM_CRC_ERROR = BIT(19), ··· 1084 1054 RX_FLAG_MACTIME_END = BIT(21), 1085 1055 RX_FLAG_VHT = BIT(22), 1086 1056 RX_FLAG_LDPC = BIT(23), 1057 + RX_FLAG_ONLY_MONITOR = BIT(24), 1058 + RX_FLAG_SKIP_MONITOR = BIT(25), 1087 1059 RX_FLAG_STBC_MASK = BIT(26) | BIT(27), 1088 1060 RX_FLAG_10MHZ = BIT(28), 1089 1061 RX_FLAG_5MHZ = BIT(29), ··· 1104 1072 * @RX_VHT_FLAG_160MHZ: 160 MHz was used 1105 1073 * @RX_VHT_FLAG_BF: packet was beamformed 1106 1074 */ 1075 + 1107 1076 enum mac80211_rx_vht_flags { 1108 1077 RX_VHT_FLAG_80MHZ = BIT(0), 1109 1078 RX_VHT_FLAG_160MHZ = BIT(1), ··· 1124 1091 * it but can store it and pass it back to the driver for synchronisation 1125 1092 * @band: the active band when this frame was received 1126 1093 * @freq: frequency the radio was tuned to when receiving this frame, in MHz 1094 + * This field must be set for management frames, but isn't strictly needed 1095 + * for data (other) frames - for those it only affects radiotap reporting. 1127 1096 * @signal: signal strength when receiving this frame, either in dBm, in dB or 1128 1097 * unspecified depending on the hardware capabilities flags 1129 1098 * @IEEE80211_HW_SIGNAL_* ··· 1382 1347 * @csa_active: marks whether a channel switch is going on. Internally it is 1383 1348 * write-protected by sdata_lock and local->mtx so holding either is fine 1384 1349 * for read access. 1350 + * @mu_mimo_owner: indicates interface owns MU-MIMO capability 1385 1351 * @driver_flags: flags/capabilities the driver has for this interface, 1386 1352 * these need to be set (or cleared) when the interface is added 1387 1353 * or, if supported by the driver, the interface type is changed ··· 1409 1373 u8 addr[ETH_ALEN]; 1410 1374 bool p2p; 1411 1375 bool csa_active; 1376 + bool mu_mimo_owner; 1412 1377 1413 1378 u8 cab_queue; 1414 1379 u8 hw_queue[IEEE80211_NUM_ACS]; ··· 1523 1486 * wants to be given when a frame is transmitted and needs to be 1524 1487 * encrypted in hardware. 1525 1488 * @cipher: The key's cipher suite selector. 1526 - * @tx_pn: PN used for TX on non-TKIP keys, may be used by the driver 1527 - * as well if it needs to do software PN assignment by itself 1528 - * (e.g. due to TSO) 1489 + * @tx_pn: PN used for TX keys, may be used by the driver as well if it 1490 + * needs to do software PN assignment by itself (e.g. due to TSO) 1529 1491 * @flags: key flags, see &enum ieee80211_key_flags. 1530 1492 * @keyidx: the key index (0-3) 1531 1493 * @keylen: key material length ··· 1549 1513 }; 1550 1514 1551 1515 #define IEEE80211_MAX_PN_LEN 16 1516 + 1517 + #define TKIP_PN_TO_IV16(pn) ((u16)(pn & 0xffff)) 1518 + #define TKIP_PN_TO_IV32(pn) ((u32)((pn >> 16) & 0xffffffff)) 1552 1519 1553 1520 /** 1554 1521 * struct ieee80211_key_seq - key sequence counter ··· 1723 1684 * @tdls_initiator: indicates the STA is an initiator of the TDLS link. Only 1724 1685 * valid if the STA is a TDLS peer in the first place. 1725 1686 * @mfp: indicates whether the STA uses management frame protection or not. 1687 + * @max_amsdu_subframes: indicates the maximal number of MSDUs in a single 1688 + * A-MSDU. Taken from the Extended Capabilities element. 0 means 1689 + * unlimited. 1690 + * @max_amsdu_len: indicates the maximal length of an A-MSDU in bytes. This 1691 + * field is always valid for packets with a VHT preamble. For packets 1692 + * with a HT preamble, additional limits apply: 1693 + * + If the skb is transmitted as part of a BA agreement, the 1694 + * A-MSDU maximal size is min(max_amsdu_len, 4065) bytes. 1695 + * + If the skb is not part of a BA aggreement, the A-MSDU maximal 1696 + * size is min(max_amsdu_len, 7935) bytes. 1697 + * Both additional HT limits must be enforced by the low level driver. 1698 + * This is defined by the spec (IEEE 802.11-2012 section 8.3.2.2 NOTE 2). 1726 1699 * @txq: per-TID data TX queues (if driver uses the TXQ abstraction) 1727 1700 */ 1728 1701 struct ieee80211_sta { ··· 1753 1702 bool tdls; 1754 1703 bool tdls_initiator; 1755 1704 bool mfp; 1705 + u8 max_amsdu_subframes; 1706 + u16 max_amsdu_len; 1756 1707 1757 1708 struct ieee80211_txq *txq[IEEE80211_NUM_TIDS]; 1758 1709 ··· 1963 1910 * by just its MAC address; this prevents, for example, the same station 1964 1911 * from connecting to two virtual AP interfaces at the same time. 1965 1912 * 1913 + * @IEEE80211_HW_SUPPORTS_REORDERING_BUFFER: Hardware (or driver) manages the 1914 + * reordering buffer internally, guaranteeing mac80211 receives frames in 1915 + * order and does not need to manage its own reorder buffer or BA session 1916 + * timeout. 1917 + * 1966 1918 * @NUM_IEEE80211_HW_FLAGS: number of hardware flags, used for sizing arrays 1967 1919 */ 1968 1920 enum ieee80211_hw_flags { ··· 2004 1946 IEEE80211_HW_SUPPORTS_AMSDU_IN_AMPDU, 2005 1947 IEEE80211_HW_BEACON_TX_STATUS, 2006 1948 IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR, 1949 + IEEE80211_HW_SUPPORTS_REORDERING_BUFFER, 2007 1950 2008 1951 /* keep last, obviously */ 2009 1952 NUM_IEEE80211_HW_FLAGS ··· 2226 2167 * @hw: the &struct ieee80211_hw to set the MAC address for 2227 2168 * @addr: the address to set 2228 2169 */ 2229 - static inline void SET_IEEE80211_PERM_ADDR(struct ieee80211_hw *hw, u8 *addr) 2170 + static inline void SET_IEEE80211_PERM_ADDR(struct ieee80211_hw *hw, const u8 *addr) 2230 2171 { 2231 2172 memcpy(hw->wiphy->perm_addr, addr, ETH_ALEN); 2232 2173 } ··· 2743 2684 }; 2744 2685 2745 2686 /** 2687 + * struct ieee80211_ampdu_params - AMPDU action parameters 2688 + * 2689 + * @action: the ampdu action, value from %ieee80211_ampdu_mlme_action. 2690 + * @sta: peer of this AMPDU session 2691 + * @tid: tid of the BA session 2692 + * @ssn: start sequence number of the session. TX/RX_STOP can pass 0. When 2693 + * action is set to %IEEE80211_AMPDU_RX_START the driver passes back the 2694 + * actual ssn value used to start the session and writes the value here. 2695 + * @buf_size: reorder buffer size (number of subframes). Valid only when the 2696 + * action is set to %IEEE80211_AMPDU_RX_START or 2697 + * %IEEE80211_AMPDU_TX_OPERATIONAL 2698 + * @amsdu: indicates the peer's ability to receive A-MSDU within A-MPDU. 2699 + * valid when the action is set to %IEEE80211_AMPDU_TX_OPERATIONAL 2700 + * @timeout: BA session timeout. Valid only when the action is set to 2701 + * %IEEE80211_AMPDU_RX_START 2702 + */ 2703 + struct ieee80211_ampdu_params { 2704 + enum ieee80211_ampdu_mlme_action action; 2705 + struct ieee80211_sta *sta; 2706 + u16 tid; 2707 + u16 ssn; 2708 + u8 buf_size; 2709 + bool amsdu; 2710 + u16 timeout; 2711 + }; 2712 + 2713 + /** 2746 2714 * enum ieee80211_frame_release_type - frame release reason 2747 2715 * @IEEE80211_FRAME_RELEASE_PSPOLL: frame released for PS-Poll 2748 2716 * @IEEE80211_FRAME_RELEASE_UAPSD: frame(s) released due to ··· 3113 3027 * @ampdu_action: Perform a certain A-MPDU action 3114 3028 * The RA/TID combination determines the destination and TID we want 3115 3029 * the ampdu action to be performed for. The action is defined through 3116 - * ieee80211_ampdu_mlme_action. Starting sequence number (@ssn) 3117 - * is the first frame we expect to perform the action on. Notice 3118 - * that TX/RX_STOP can pass NULL for this parameter. 3119 - * The @buf_size parameter is only valid when the action is set to 3120 - * %IEEE80211_AMPDU_TX_OPERATIONAL and indicates the peer's reorder 3121 - * buffer size (number of subframes) for this session -- the driver 3122 - * may neither send aggregates containing more subframes than this 3030 + * ieee80211_ampdu_mlme_action. 3031 + * When the action is set to %IEEE80211_AMPDU_TX_OPERATIONAL the driver 3032 + * may neither send aggregates containing more subframes than @buf_size 3123 3033 * nor send aggregates in a way that lost frames would exceed the 3124 3034 * buffer size. If just limiting the aggregate size, this would be 3125 3035 * possible with a buf_size of 8: ··· 3126 3044 * buffer size of 8. Correct ways to retransmit #1 would be: 3127 3045 * - TX: 1 or 18 or 81 3128 3046 * Even "189" would be wrong since 1 could be lost again. 3129 - * The @amsdu parameter is valid when the action is set to 3130 - * %IEEE80211_AMPDU_TX_OPERATIONAL and indicates the peer's ability 3131 - * to receive A-MSDU within A-MPDU. 3132 3047 * 3133 3048 * Returns a negative error code on failure. 3134 3049 * The callback can sleep. ··· 3467 3388 int (*tx_last_beacon)(struct ieee80211_hw *hw); 3468 3389 int (*ampdu_action)(struct ieee80211_hw *hw, 3469 3390 struct ieee80211_vif *vif, 3470 - enum ieee80211_ampdu_mlme_action action, 3471 - struct ieee80211_sta *sta, u16 tid, u16 *ssn, 3472 - u8 buf_size, bool amsdu); 3391 + struct ieee80211_ampdu_params *params); 3473 3392 int (*get_survey)(struct ieee80211_hw *hw, int idx, 3474 3393 struct survey_info *survey); 3475 3394 void (*rfkill_poll)(struct ieee80211_hw *hw); ··· 4451 4374 struct sk_buff *skb, u8 *p2k); 4452 4375 4453 4376 /** 4454 - * ieee80211_get_key_tx_seq - get key TX sequence counter 4377 + * ieee80211_tkip_add_iv - write TKIP IV and Ext. IV to pos 4455 4378 * 4379 + * @pos: start of crypto header 4456 4380 * @keyconf: the parameter passed with the set key 4457 - * @seq: buffer to receive the sequence data 4381 + * @pn: PN to add 4458 4382 * 4459 - * This function allows a driver to retrieve the current TX IV/PN 4460 - * for the given key. It must not be called if IV generation is 4461 - * offloaded to the device. 4383 + * Returns: pointer to the octet following IVs (i.e. beginning of 4384 + * the packet payload) 4462 4385 * 4463 - * Note that this function may only be called when no TX processing 4464 - * can be done concurrently, for example when queues are stopped 4465 - * and the stop has been synchronized. 4386 + * This function writes the tkip IV value to pos (which should 4387 + * point to the crypto header) 4466 4388 */ 4467 - void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, 4468 - struct ieee80211_key_seq *seq); 4389 + u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key_conf *keyconf, u64 pn); 4469 4390 4470 4391 /** 4471 4392 * ieee80211_get_key_rx_seq - get key RX sequence counter ··· 4483 4408 */ 4484 4409 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, 4485 4410 int tid, struct ieee80211_key_seq *seq); 4486 - 4487 - /** 4488 - * ieee80211_set_key_tx_seq - set key TX sequence counter 4489 - * 4490 - * @keyconf: the parameter passed with the set key 4491 - * @seq: new sequence data 4492 - * 4493 - * This function allows a driver to set the current TX IV/PNs for the 4494 - * given key. This is useful when resuming from WoWLAN sleep and the 4495 - * device may have transmitted frames using the PTK, e.g. replies to 4496 - * ARP requests. 4497 - * 4498 - * Note that this function may only be called when no TX processing 4499 - * can be done concurrently. 4500 - */ 4501 - void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, 4502 - struct ieee80211_key_seq *seq); 4503 4411 4504 4412 /** 4505 4413 * ieee80211_set_key_rx_seq - set key RX sequence counter ··· 5179 5121 const u8 *addr); 5180 5122 5181 5123 /** 5124 + * ieee80211_mark_rx_ba_filtered_frames - move RX BA window and mark filtered 5125 + * @pubsta: station struct 5126 + * @tid: the session's TID 5127 + * @ssn: starting sequence number of the bitmap, all frames before this are 5128 + * assumed to be out of the window after the call 5129 + * @filtered: bitmap of filtered frames, BIT(0) is the @ssn entry etc. 5130 + * @received_mpdus: number of received mpdus in firmware 5131 + * 5132 + * This function moves the BA window and releases all frames before @ssn, and 5133 + * marks frames marked in the bitmap as having been filtered. Afterwards, it 5134 + * checks if any frames in the window starting from @ssn can now be released 5135 + * (in case they were only waiting for frames that were filtered.) 5136 + */ 5137 + void ieee80211_mark_rx_ba_filtered_frames(struct ieee80211_sta *pubsta, u8 tid, 5138 + u16 ssn, u64 filtered, 5139 + u16 received_mpdus); 5140 + 5141 + /** 5182 5142 * ieee80211_send_bar - send a BlockAckReq frame 5183 5143 * 5184 5144 * can be used to flush pending frames from the peer's aggregation reorder ··· 5447 5371 return ieee80211_iftype_p2p(vif->type, vif->p2p); 5448 5372 } 5449 5373 5374 + /** 5375 + * ieee80211_update_mu_groups - set the VHT MU-MIMO groud data 5376 + * 5377 + * @vif: the specified virtual interface 5378 + * @membership: 64 bits array - a bit is set if station is member of the group 5379 + * @position: 2 bits per group id indicating the position in the group 5380 + * 5381 + * Note: This function assumes that the given vif is valid and the position and 5382 + * membership data is of the correct size and are in the same byte order as the 5383 + * matching GroupId management frame. 5384 + * Calls to this function need to be serialized with RX path. 5385 + */ 5386 + void ieee80211_update_mu_groups(struct ieee80211_vif *vif, 5387 + const u8 *membership, const u8 *position); 5388 + 5450 5389 void ieee80211_enable_rssi_reports(struct ieee80211_vif *vif, 5451 5390 int rssi_min_thold, 5452 5391 int rssi_max_thold); ··· 5614 5523 */ 5615 5524 struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw, 5616 5525 struct ieee80211_txq *txq); 5526 + 5527 + /** 5528 + * ieee80211_txq_get_depth - get pending frame/byte count of given txq 5529 + * 5530 + * The values are not guaranteed to be coherent with regard to each other, i.e. 5531 + * txq state can change half-way of this function and the caller may end up 5532 + * with "new" frame_cnt and "old" byte_cnt or vice-versa. 5533 + * 5534 + * @txq: pointer obtained from station or virtual interface 5535 + * @frame_cnt: pointer to store frame count 5536 + * @byte_cnt: pointer to store byte count 5537 + */ 5538 + void ieee80211_txq_get_depth(struct ieee80211_txq *txq, 5539 + unsigned long *frame_cnt, 5540 + unsigned long *byte_cnt); 5617 5541 #endif /* MAC80211_H */

+14

include/uapi/linux/nl80211.h

··· 1727 1727 * underlying device supports these minimal RRM features: 1728 1728 * %NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES, 1729 1729 * %NL80211_FEATURE_QUIET, 1730 + * Or, if global RRM is supported, see: 1731 + * %NL80211_EXT_FEATURE_RRM 1730 1732 * If this flag is used, driver must add the Power Capabilities IE to the 1731 1733 * association request. In addition, it must also set the RRM capability 1732 1734 * flag in the association request's Capability Info field. ··· 1791 1789 * thus it must not specify the number of iterations, only the interval 1792 1790 * between scans. The scan plans are executed sequentially. 1793 1791 * Each scan plan is a nested attribute of &enum nl80211_sched_scan_plan. 1792 + * @NL80211_ATTR_PBSS: flag attribute. If set it means operate 1793 + * in a PBSS. Specified in %NL80211_CMD_CONNECT to request 1794 + * connecting to a PCP, and in %NL80211_CMD_START_AP to start 1795 + * a PCP instead of AP. Relevant for DMG networks only. 1794 1796 * 1795 1797 * @NUM_NL80211_ATTR: total number of nl80211_attrs available 1796 1798 * @NL80211_ATTR_MAX: highest attribute number currently defined ··· 2169 2163 NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL, 2170 2164 NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS, 2171 2165 NL80211_ATTR_SCHED_SCAN_PLANS, 2166 + 2167 + NL80211_ATTR_PBSS, 2172 2168 2173 2169 /* add attributes here, update the policy in nl80211.c */ 2174 2170 ··· 4404 4396 /** 4405 4397 * enum nl80211_ext_feature_index - bit index of extended features. 4406 4398 * @NL80211_EXT_FEATURE_VHT_IBSS: This driver supports IBSS with VHT datarates. 4399 + * @NL80211_EXT_FEATURE_RRM: This driver supports RRM. When featured, user can 4400 + * can request to use RRM (see %NL80211_ATTR_USE_RRM) with 4401 + * %NL80211_CMD_ASSOCIATE and %NL80211_CMD_CONNECT requests, which will set 4402 + * the ASSOC_REQ_USE_RRM flag in the association request even if 4403 + * NL80211_FEATURE_QUIET is not advertized. 4407 4404 * 4408 4405 * @NUM_NL80211_EXT_FEATURES: number of extended features. 4409 4406 * @MAX_NL80211_EXT_FEATURES: highest extended feature index. 4410 4407 */ 4411 4408 enum nl80211_ext_feature_index { 4412 4409 NL80211_EXT_FEATURE_VHT_IBSS, 4410 + NL80211_EXT_FEATURE_RRM, 4413 4411 4414 4412 /* add new features before the definition below */ 4415 4413 NUM_NL80211_EXT_FEATURES,

+2

include/uapi/linux/rfkill.h

··· 59 59 * @RFKILL_OP_DEL: a device was removed 60 60 * @RFKILL_OP_CHANGE: a device's state changed -- userspace changes one device 61 61 * @RFKILL_OP_CHANGE_ALL: userspace changes all devices (of a type, or all) 62 + * into a state, also updating the default state used for devices that 63 + * are hot-plugged later. 62 64 */ 63 65 enum rfkill_operation { 64 66 RFKILL_OP_ADD = 0,

+44 -6

net/mac80211/agg-rx.c

··· 7 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 9 * Copyright 2007-2010, Intel Corporation 10 + * Copyright(c) 2015 Intel Deutschland GmbH 10 11 * 11 12 * This program is free software; you can redistribute it and/or modify 12 13 * it under the terms of the GNU General Public License version 2 as ··· 62 61 { 63 62 struct ieee80211_local *local = sta->local; 64 63 struct tid_ampdu_rx *tid_rx; 64 + struct ieee80211_ampdu_params params = { 65 + .sta = &sta->sta, 66 + .action = IEEE80211_AMPDU_RX_STOP, 67 + .tid = tid, 68 + .amsdu = false, 69 + .timeout = 0, 70 + .ssn = 0, 71 + }; 65 72 66 73 lockdep_assert_held(&sta->ampdu_mlme.mtx); 67 74 68 75 tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid], 69 76 lockdep_is_held(&sta->ampdu_mlme.mtx)); 70 77 71 - if (!tid_rx) 78 + if (!test_bit(tid, sta->ampdu_mlme.agg_session_valid)) 72 79 return; 73 80 74 81 RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL); 82 + __clear_bit(tid, sta->ampdu_mlme.agg_session_valid); 75 83 76 84 ht_dbg(sta->sdata, 77 85 "Rx BA session stop requested for %pM tid %u %s reason: %d\n", ··· 88 78 initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator", 89 79 (int)reason); 90 80 91 - if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP, 92 - &sta->sta, tid, NULL, 0, false)) 81 + if (drv_ampdu_action(local, sta->sdata, &params)) 93 82 sdata_info(sta->sdata, 94 83 "HW problem - can not stop rx aggregation for %pM tid %d\n", 95 84 sta->sta.addr, tid); ··· 97 88 if (initiator == WLAN_BACK_RECIPIENT && tx) 98 89 ieee80211_send_delba(sta->sdata, sta->sta.addr, 99 90 tid, WLAN_BACK_RECIPIENT, reason); 91 + 92 + /* 93 + * return here in case tid_rx is not assigned - which will happen if 94 + * IEEE80211_HW_SUPPORTS_REORDERING_BUFFER is set. 95 + */ 96 + if (!tid_rx) 97 + return; 100 98 101 99 del_timer_sync(&tid_rx->session_timer); 102 100 ··· 253 237 { 254 238 struct ieee80211_local *local = sta->sdata->local; 255 239 struct tid_ampdu_rx *tid_agg_rx; 240 + struct ieee80211_ampdu_params params = { 241 + .sta = &sta->sta, 242 + .action = IEEE80211_AMPDU_RX_START, 243 + .tid = tid, 244 + .amsdu = false, 245 + .timeout = timeout, 246 + .ssn = start_seq_num, 247 + }; 248 + 256 249 int i, ret = -EOPNOTSUPP; 257 250 u16 status = WLAN_STATUS_REQUEST_DECLINED; 258 251 ··· 300 275 /* make sure the size doesn't exceed the maximum supported by the hw */ 301 276 if (buf_size > local->hw.max_rx_aggregation_subframes) 302 277 buf_size = local->hw.max_rx_aggregation_subframes; 278 + params.buf_size = buf_size; 303 279 304 280 /* examine state machine */ 305 281 mutex_lock(&sta->ampdu_mlme.mtx); 306 282 307 - if (sta->ampdu_mlme.tid_rx[tid]) { 283 + if (test_bit(tid, sta->ampdu_mlme.agg_session_valid)) { 308 284 ht_dbg_ratelimited(sta->sdata, 309 285 "unexpected AddBA Req from %pM on tid %u\n", 310 286 sta->sta.addr, tid); ··· 314 288 ___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT, 315 289 WLAN_STATUS_UNSPECIFIED_QOS, 316 290 false); 291 + } 292 + 293 + if (ieee80211_hw_check(&local->hw, SUPPORTS_REORDERING_BUFFER)) { 294 + ret = drv_ampdu_action(local, sta->sdata, &params); 295 + ht_dbg(sta->sdata, 296 + "Rx A-MPDU request on %pM tid %d result %d\n", 297 + sta->sta.addr, tid, ret); 298 + if (!ret) 299 + status = WLAN_STATUS_SUCCESS; 300 + goto end; 317 301 } 318 302 319 303 /* prepare A-MPDU MLME for Rx aggregation */ ··· 358 322 for (i = 0; i < buf_size; i++) 359 323 __skb_queue_head_init(&tid_agg_rx->reorder_buf[i]); 360 324 361 - ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START, 362 - &sta->sta, tid, &start_seq_num, 0, false); 325 + ret = drv_ampdu_action(local, sta->sdata, &params); 363 326 ht_dbg(sta->sdata, "Rx A-MPDU request on %pM tid %d result %d\n", 364 327 sta->sta.addr, tid, ret); 365 328 if (ret) { ··· 376 341 tid_agg_rx->timeout = timeout; 377 342 tid_agg_rx->stored_mpdu_num = 0; 378 343 tid_agg_rx->auto_seq = auto_seq; 344 + tid_agg_rx->reorder_buf_filtered = 0; 379 345 status = WLAN_STATUS_SUCCESS; 380 346 381 347 /* activate it for RX */ ··· 388 352 } 389 353 390 354 end: 355 + if (status == WLAN_STATUS_SUCCESS) 356 + __set_bit(tid, sta->ampdu_mlme.agg_session_valid); 391 357 mutex_unlock(&sta->ampdu_mlme.mtx); 392 358 393 359 end_no_lock:

+35 -18

net/mac80211/agg-tx.c

··· 7 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 9 * Copyright 2007-2010, Intel Corporation 10 + * Copyright(c) 2015 Intel Deutschland GmbH 10 11 * 11 12 * This program is free software; you can redistribute it and/or modify 12 13 * it under the terms of the GNU General Public License version 2 as ··· 296 295 { 297 296 struct ieee80211_local *local = sta->local; 298 297 struct tid_ampdu_tx *tid_tx; 299 - enum ieee80211_ampdu_mlme_action action; 298 + struct ieee80211_ampdu_params params = { 299 + .sta = &sta->sta, 300 + .tid = tid, 301 + .buf_size = 0, 302 + .amsdu = false, 303 + .timeout = 0, 304 + .ssn = 0, 305 + }; 300 306 int ret; 301 307 302 308 lockdep_assert_held(&sta->ampdu_mlme.mtx); ··· 312 304 case AGG_STOP_DECLINED: 313 305 case AGG_STOP_LOCAL_REQUEST: 314 306 case AGG_STOP_PEER_REQUEST: 315 - action = IEEE80211_AMPDU_TX_STOP_CONT; 307 + params.action = IEEE80211_AMPDU_TX_STOP_CONT; 316 308 break; 317 309 case AGG_STOP_DESTROY_STA: 318 - action = IEEE80211_AMPDU_TX_STOP_FLUSH; 310 + params.action = IEEE80211_AMPDU_TX_STOP_FLUSH; 319 311 break; 320 312 default: 321 313 WARN_ON_ONCE(1); ··· 338 330 spin_unlock_bh(&sta->lock); 339 331 if (reason != AGG_STOP_DESTROY_STA) 340 332 return -EALREADY; 341 - ret = drv_ampdu_action(local, sta->sdata, 342 - IEEE80211_AMPDU_TX_STOP_FLUSH_CONT, 343 - &sta->sta, tid, NULL, 0, false); 333 + params.action = IEEE80211_AMPDU_TX_STOP_FLUSH_CONT; 334 + ret = drv_ampdu_action(local, sta->sdata, &params); 344 335 WARN_ON_ONCE(ret); 345 336 return 0; 346 337 } ··· 388 381 WLAN_BACK_INITIATOR; 389 382 tid_tx->tx_stop = reason == AGG_STOP_LOCAL_REQUEST; 390 383 391 - ret = drv_ampdu_action(local, sta->sdata, action, 392 - &sta->sta, tid, NULL, 0, false); 384 + ret = drv_ampdu_action(local, sta->sdata, &params); 393 385 394 386 /* HW shall not deny going back to legacy */ 395 387 if (WARN_ON(ret)) { ··· 451 445 struct tid_ampdu_tx *tid_tx; 452 446 struct ieee80211_local *local = sta->local; 453 447 struct ieee80211_sub_if_data *sdata = sta->sdata; 454 - u16 start_seq_num; 448 + struct ieee80211_ampdu_params params = { 449 + .sta = &sta->sta, 450 + .action = IEEE80211_AMPDU_TX_START, 451 + .tid = tid, 452 + .buf_size = 0, 453 + .amsdu = false, 454 + .timeout = 0, 455 + }; 455 456 int ret; 456 457 457 458 tid_tx = rcu_dereference_protected_tid_tx(sta, tid); ··· 480 467 */ 481 468 synchronize_net(); 482 469 483 - start_seq_num = sta->tid_seq[tid] >> 4; 484 - 485 - ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 486 - &sta->sta, tid, &start_seq_num, 0, false); 470 + params.ssn = sta->tid_seq[tid] >> 4; 471 + ret = drv_ampdu_action(local, sdata, &params); 487 472 if (ret) { 488 473 ht_dbg(sdata, 489 474 "BA request denied - HW unavailable for %pM tid %d\n", ··· 510 499 511 500 /* send AddBA request */ 512 501 ieee80211_send_addba_request(sdata, sta->sta.addr, tid, 513 - tid_tx->dialog_token, start_seq_num, 502 + tid_tx->dialog_token, params.ssn, 514 503 IEEE80211_MAX_AMPDU_BUF, 515 504 tid_tx->timeout); 516 505 } ··· 695 684 struct sta_info *sta, u16 tid) 696 685 { 697 686 struct tid_ampdu_tx *tid_tx; 687 + struct ieee80211_ampdu_params params = { 688 + .sta = &sta->sta, 689 + .action = IEEE80211_AMPDU_TX_OPERATIONAL, 690 + .tid = tid, 691 + .timeout = 0, 692 + .ssn = 0, 693 + }; 698 694 699 695 lockdep_assert_held(&sta->ampdu_mlme.mtx); 700 696 701 697 tid_tx = rcu_dereference_protected_tid_tx(sta, tid); 698 + params.buf_size = tid_tx->buf_size; 699 + params.amsdu = tid_tx->amsdu; 702 700 703 701 ht_dbg(sta->sdata, "Aggregation is on for %pM tid %d\n", 704 702 sta->sta.addr, tid); 705 703 706 - drv_ampdu_action(local, sta->sdata, 707 - IEEE80211_AMPDU_TX_OPERATIONAL, 708 - &sta->sta, tid, NULL, tid_tx->buf_size, 709 - tid_tx->amsdu); 704 + drv_ampdu_action(local, sta->sdata, &params); 710 705 711 706 /* 712 707 * synchronize with TX path, while splicing the TX path

+32 -2

net/mac80211/cfg.c

··· 339 339 340 340 switch (key->conf.cipher) { 341 341 case WLAN_CIPHER_SUITE_TKIP: 342 - iv32 = key->u.tkip.tx.iv32; 343 - iv16 = key->u.tkip.tx.iv16; 342 + pn64 = atomic64_read(&key->conf.tx_pn); 343 + iv32 = TKIP_PN_TO_IV32(pn64); 344 + iv16 = TKIP_PN_TO_IV16(pn64); 344 345 345 346 if (key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE && 346 347 !(key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV)) { ··· 1132 1131 sta->sta.max_sp = params->max_sp; 1133 1132 } 1134 1133 1134 + /* The sender might not have sent the last bit, consider it to be 0 */ 1135 + if (params->ext_capab_len >= 8) { 1136 + u8 val = (params->ext_capab[7] & 1137 + WLAN_EXT_CAPA8_MAX_MSDU_IN_AMSDU_LSB) >> 7; 1138 + 1139 + /* we did get all the bits, take the MSB as well */ 1140 + if (params->ext_capab_len >= 9) { 1141 + u8 val_msb = params->ext_capab[8] & 1142 + WLAN_EXT_CAPA9_MAX_MSDU_IN_AMSDU_MSB; 1143 + val_msb <<= 1; 1144 + val |= val_msb; 1145 + } 1146 + 1147 + switch (val) { 1148 + case 1: 1149 + sta->sta.max_amsdu_subframes = 32; 1150 + break; 1151 + case 2: 1152 + sta->sta.max_amsdu_subframes = 16; 1153 + break; 1154 + case 3: 1155 + sta->sta.max_amsdu_subframes = 8; 1156 + break; 1157 + default: 1158 + sta->sta.max_amsdu_subframes = 0; 1159 + } 1160 + } 1161 + 1135 1162 /* 1136 1163 * cfg80211 validates this (1-2007) and allows setting the AID 1137 1164 * only when creating a new station entry ··· 1189 1160 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, 1190 1161 params->ht_capa, sta); 1191 1162 1163 + /* VHT can override some HT caps such as the A-MSDU max length */ 1192 1164 if (params->vht_capa) 1193 1165 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 1194 1166 params->vht_capa, sta);

+1 -1

net/mac80211/chan.c

··· 231 231 !(sta->sdata->bss && sta->sdata->bss == sdata->bss)) 232 232 continue; 233 233 234 - if (!sta->uploaded) 234 + if (!sta->uploaded || !test_sta_flag(sta, WLAN_STA_ASSOC)) 235 235 continue; 236 236 237 237 max_bw = max(max_bw, ieee80211_get_sta_bw(&sta->sta));

+1

net/mac80211/debugfs.c

··· 126 126 FLAG(SUPPORTS_AMSDU_IN_AMPDU), 127 127 FLAG(BEACON_TX_STATUS), 128 128 FLAG(NEEDS_UNIQUE_STA_ADDR), 129 + FLAG(SUPPORTS_REORDERING_BUFFER), 129 130 #undef FLAG 130 131 }; 131 132

+3 -2

net/mac80211/debugfs_key.c

··· 132 132 len = scnprintf(buf, sizeof(buf), "\n"); 133 133 break; 134 134 case WLAN_CIPHER_SUITE_TKIP: 135 + pn = atomic64_read(&key->conf.tx_pn); 135 136 len = scnprintf(buf, sizeof(buf), "%08x %04x\n", 136 - key->u.tkip.tx.iv32, 137 - key->u.tkip.tx.iv16); 137 + TKIP_PN_TO_IV32(pn), 138 + TKIP_PN_TO_IV16(pn)); 138 139 break; 139 140 case WLAN_CIPHER_SUITE_CCMP: 140 141 case WLAN_CIPHER_SUITE_CCMP_256:

+3 -7

net/mac80211/driver-ops.c

··· 284 284 285 285 int drv_ampdu_action(struct ieee80211_local *local, 286 286 struct ieee80211_sub_if_data *sdata, 287 - enum ieee80211_ampdu_mlme_action action, 288 - struct ieee80211_sta *sta, u16 tid, 289 - u16 *ssn, u8 buf_size, bool amsdu) 287 + struct ieee80211_ampdu_params *params) 290 288 { 291 289 int ret = -EOPNOTSUPP; 292 290 ··· 294 296 if (!check_sdata_in_driver(sdata)) 295 297 return -EIO; 296 298 297 - trace_drv_ampdu_action(local, sdata, action, sta, tid, 298 - ssn, buf_size, amsdu); 299 + trace_drv_ampdu_action(local, sdata, params); 299 300 300 301 if (local->ops->ampdu_action) 301 - ret = local->ops->ampdu_action(&local->hw, &sdata->vif, action, 302 - sta, tid, ssn, buf_size, amsdu); 302 + ret = local->ops->ampdu_action(&local->hw, &sdata->vif, params); 303 303 304 304 trace_drv_return_int(local, ret); 305 305

+1 -3

net/mac80211/driver-ops.h

··· 585 585 586 586 int drv_ampdu_action(struct ieee80211_local *local, 587 587 struct ieee80211_sub_if_data *sdata, 588 - enum ieee80211_ampdu_mlme_action action, 589 - struct ieee80211_sta *sta, u16 tid, 590 - u16 *ssn, u8 buf_size, bool amsdu); 588 + struct ieee80211_ampdu_params *params); 591 589 592 590 static inline int drv_get_survey(struct ieee80211_local *local, int idx, 593 591 struct survey_info *survey)

+5

net/mac80211/ht.c

··· 230 230 /* set Rx highest rate */ 231 231 ht_cap.mcs.rx_highest = ht_cap_ie->mcs.rx_highest; 232 232 233 + if (ht_cap.cap & IEEE80211_HT_CAP_MAX_AMSDU) 234 + sta->sta.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_7935; 235 + else 236 + sta->sta.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_HT_3839; 237 + 233 238 apply: 234 239 changed = memcmp(&sta->sta.ht_cap, &ht_cap, sizeof(ht_cap)); 235 240

+19 -13

net/mac80211/ibss.c

··· 7 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 8 * Copyright 2009, Johannes Berg <johannes@sipsolutions.net> 9 9 * Copyright 2013-2014 Intel Mobile Communications GmbH 10 + * Copyright(c) 2016 Intel Deutschland GmbH 10 11 * 11 12 * This program is free software; you can redistribute it and/or modify 12 13 * it under the terms of the GNU General Public License version 2 as ··· 1051 1050 struct cfg80211_chan_def chandef; 1052 1051 enum ieee80211_sta_rx_bandwidth bw = sta->sta.bandwidth; 1053 1052 1054 - ieee80211_ht_oper_to_chandef(channel, 1055 - elems->ht_operation, 1056 - &chandef); 1053 + cfg80211_chandef_create(&chandef, channel, NL80211_CHAN_NO_HT); 1054 + ieee80211_chandef_ht_oper(elems->ht_operation, &chandef); 1057 1055 1058 1056 memcpy(&htcap_ie, elems->ht_cap_elem, sizeof(htcap_ie)); 1059 1057 rates_updated |= ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband, ··· 1066 1066 struct ieee80211_vht_cap cap_ie; 1067 1067 struct ieee80211_sta_vht_cap cap = sta->sta.vht_cap; 1068 1068 1069 - ieee80211_vht_oper_to_chandef(channel, 1070 - elems->vht_operation, 1071 - &chandef); 1069 + ieee80211_chandef_vht_oper(elems->vht_operation, 1070 + &chandef); 1072 1071 memcpy(&cap_ie, elems->vht_cap_elem, sizeof(cap_ie)); 1073 1072 ieee80211_vht_cap_ie_to_sta_vht_cap(sdata, sband, 1074 1073 &cap_ie, sta); ··· 1484 1485 1485 1486 sdata_info(sdata, "Trigger new scan to find an IBSS to join\n"); 1486 1487 1487 - num = ieee80211_ibss_setup_scan_channels(local->hw.wiphy, 1488 - &ifibss->chandef, 1489 - channels, 1490 - ARRAY_SIZE(channels)); 1491 1488 scan_width = cfg80211_chandef_to_scan_width(&ifibss->chandef); 1492 - ieee80211_request_ibss_scan(sdata, ifibss->ssid, 1493 - ifibss->ssid_len, channels, num, 1494 - scan_width); 1489 + 1490 + if (ifibss->fixed_channel) { 1491 + num = ieee80211_ibss_setup_scan_channels(local->hw.wiphy, 1492 + &ifibss->chandef, 1493 + channels, 1494 + ARRAY_SIZE(channels)); 1495 + ieee80211_request_ibss_scan(sdata, ifibss->ssid, 1496 + ifibss->ssid_len, channels, 1497 + num, scan_width); 1498 + } else { 1499 + ieee80211_request_ibss_scan(sdata, ifibss->ssid, 1500 + ifibss->ssid_len, NULL, 1501 + 0, scan_width); 1502 + } 1495 1503 } else { 1496 1504 int interval = IEEE80211_SCAN_INTERVAL; 1497 1505

+14 -23

net/mac80211/ieee80211_i.h

··· 716 716 * back to wireless media and to the local net stack. 717 717 * @IEEE80211_SDATA_DISCONNECT_RESUME: Disconnect after resume. 718 718 * @IEEE80211_SDATA_IN_DRIVER: indicates interface was added to driver 719 - * @IEEE80211_SDATA_MU_MIMO_OWNER: indicates interface owns MU-MIMO capability 720 719 */ 721 720 enum ieee80211_sub_if_data_flags { 722 721 IEEE80211_SDATA_ALLMULTI = BIT(0), ··· 723 724 IEEE80211_SDATA_DONT_BRIDGE_PACKETS = BIT(3), 724 725 IEEE80211_SDATA_DISCONNECT_RESUME = BIT(4), 725 726 IEEE80211_SDATA_IN_DRIVER = BIT(5), 726 - IEEE80211_SDATA_MU_MIMO_OWNER = BIT(6), 727 727 }; 728 728 729 729 /** ··· 802 804 struct txq_info { 803 805 struct sk_buff_head queue; 804 806 unsigned long flags; 807 + unsigned long byte_cnt; 805 808 806 809 /* keep last! */ 807 810 struct ieee80211_txq txq; ··· 1465 1466 { 1466 1467 WARN_ON_ONCE(status->flag & RX_FLAG_MACTIME_START && 1467 1468 status->flag & RX_FLAG_MACTIME_END); 1468 - return status->flag & (RX_FLAG_MACTIME_START | RX_FLAG_MACTIME_END); 1469 + if (status->flag & (RX_FLAG_MACTIME_START | RX_FLAG_MACTIME_END)) 1470 + return true; 1471 + /* can't handle HT/VHT preamble yet */ 1472 + if (status->flag & RX_FLAG_MACTIME_PLCP_START && 1473 + !(status->flag & (RX_FLAG_HT | RX_FLAG_VHT))) 1474 + return true; 1475 + return false; 1469 1476 } 1470 1477 1471 1478 u64 ieee80211_calculate_rx_timestamp(struct ieee80211_local *local, ··· 1719 1714 enum ieee80211_sta_rx_bandwidth ieee80211_sta_cap_rx_bw(struct sta_info *sta); 1720 1715 enum ieee80211_sta_rx_bandwidth ieee80211_sta_cur_vht_bw(struct sta_info *sta); 1721 1716 void ieee80211_sta_set_rx_nss(struct sta_info *sta); 1717 + void ieee80211_process_mu_groups(struct ieee80211_sub_if_data *sdata, 1718 + struct ieee80211_mgmt *mgmt); 1722 1719 u32 __ieee80211_vht_handle_opmode(struct ieee80211_sub_if_data *sdata, 1723 1720 struct sta_info *sta, u8 opmode, 1724 1721 enum ieee80211_band band); ··· 1836 1829 ieee802_11_parse_elems_crc(start, len, action, elems, 0, 0); 1837 1830 } 1838 1831 1839 - static inline bool ieee80211_rx_reorder_ready(struct sk_buff_head *frames) 1840 - { 1841 - struct sk_buff *tail = skb_peek_tail(frames); 1842 - struct ieee80211_rx_status *status; 1843 - 1844 - if (!tail) 1845 - return false; 1846 - 1847 - status = IEEE80211_SKB_RXCB(tail); 1848 - if (status->flag & RX_FLAG_AMSDU_MORE) 1849 - return false; 1850 - 1851 - return true; 1852 - } 1853 1832 1854 1833 extern const int ieee802_1d_to_ac[8]; 1855 1834 ··· 1979 1986 u8 *ieee80211_add_wmm_info_ie(u8 *buf, u8 qosinfo); 1980 1987 1981 1988 /* channel management */ 1982 - void ieee80211_ht_oper_to_chandef(struct ieee80211_channel *control_chan, 1983 - const struct ieee80211_ht_operation *ht_oper, 1984 - struct cfg80211_chan_def *chandef); 1985 - void ieee80211_vht_oper_to_chandef(struct ieee80211_channel *control_chan, 1986 - const struct ieee80211_vht_operation *oper, 1987 - struct cfg80211_chan_def *chandef); 1989 + bool ieee80211_chandef_ht_oper(const struct ieee80211_ht_operation *ht_oper, 1990 + struct cfg80211_chan_def *chandef); 1991 + bool ieee80211_chandef_vht_oper(const struct ieee80211_vht_operation *oper, 1992 + struct cfg80211_chan_def *chandef); 1988 1993 u32 ieee80211_chandef_downgrade(struct cfg80211_chan_def *c); 1989 1994 1990 1995 int __must_check

+14

net/mac80211/iface.c

··· 977 977 if (sdata->vif.txq) { 978 978 struct txq_info *txqi = to_txq_info(sdata->vif.txq); 979 979 980 + spin_lock_bh(&txqi->queue.lock); 980 981 ieee80211_purge_tx_queue(&local->hw, &txqi->queue); 982 + txqi->byte_cnt = 0; 983 + spin_unlock_bh(&txqi->queue.lock); 984 + 981 985 atomic_set(&sdata->txqs_len[txqi->txq.ac], 0); 982 986 } 983 987 ··· 1275 1271 } 1276 1272 } 1277 1273 mutex_unlock(&local->sta_mtx); 1274 + } else if (ieee80211_is_action(mgmt->frame_control) && 1275 + mgmt->u.action.category == WLAN_CATEGORY_VHT) { 1276 + switch (mgmt->u.action.u.vht_group_notif.action_code) { 1277 + case WLAN_VHT_ACTION_GROUPID_MGMT: 1278 + ieee80211_process_mu_groups(sdata, mgmt); 1279 + break; 1280 + default: 1281 + WARN_ON(1); 1282 + break; 1283 + } 1278 1284 } else if (ieee80211_is_data_qos(mgmt->frame_control)) { 1279 1285 struct ieee80211_hdr *hdr = (void *)mgmt; 1280 1286 /*

-86

net/mac80211/key.c

··· 932 932 } 933 933 EXPORT_SYMBOL_GPL(ieee80211_gtk_rekey_notify); 934 934 935 - void ieee80211_get_key_tx_seq(struct ieee80211_key_conf *keyconf, 936 - struct ieee80211_key_seq *seq) 937 - { 938 - struct ieee80211_key *key; 939 - u64 pn64; 940 - 941 - if (WARN_ON(!(keyconf->flags & IEEE80211_KEY_FLAG_GENERATE_IV))) 942 - return; 943 - 944 - key = container_of(keyconf, struct ieee80211_key, conf); 945 - 946 - switch (key->conf.cipher) { 947 - case WLAN_CIPHER_SUITE_TKIP: 948 - seq->tkip.iv32 = key->u.tkip.tx.iv32; 949 - seq->tkip.iv16 = key->u.tkip.tx.iv16; 950 - break; 951 - case WLAN_CIPHER_SUITE_CCMP: 952 - case WLAN_CIPHER_SUITE_CCMP_256: 953 - case WLAN_CIPHER_SUITE_AES_CMAC: 954 - case WLAN_CIPHER_SUITE_BIP_CMAC_256: 955 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 956 - offsetof(typeof(*seq), aes_cmac)); 957 - case WLAN_CIPHER_SUITE_BIP_GMAC_128: 958 - case WLAN_CIPHER_SUITE_BIP_GMAC_256: 959 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 960 - offsetof(typeof(*seq), aes_gmac)); 961 - case WLAN_CIPHER_SUITE_GCMP: 962 - case WLAN_CIPHER_SUITE_GCMP_256: 963 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 964 - offsetof(typeof(*seq), gcmp)); 965 - pn64 = atomic64_read(&key->conf.tx_pn); 966 - seq->ccmp.pn[5] = pn64; 967 - seq->ccmp.pn[4] = pn64 >> 8; 968 - seq->ccmp.pn[3] = pn64 >> 16; 969 - seq->ccmp.pn[2] = pn64 >> 24; 970 - seq->ccmp.pn[1] = pn64 >> 32; 971 - seq->ccmp.pn[0] = pn64 >> 40; 972 - break; 973 - default: 974 - WARN_ON(1); 975 - } 976 - } 977 - EXPORT_SYMBOL(ieee80211_get_key_tx_seq); 978 - 979 935 void ieee80211_get_key_rx_seq(struct ieee80211_key_conf *keyconf, 980 936 int tid, struct ieee80211_key_seq *seq) 981 937 { ··· 984 1028 } 985 1029 } 986 1030 EXPORT_SYMBOL(ieee80211_get_key_rx_seq); 987 - 988 - void ieee80211_set_key_tx_seq(struct ieee80211_key_conf *keyconf, 989 - struct ieee80211_key_seq *seq) 990 - { 991 - struct ieee80211_key *key; 992 - u64 pn64; 993 - 994 - key = container_of(keyconf, struct ieee80211_key, conf); 995 - 996 - switch (key->conf.cipher) { 997 - case WLAN_CIPHER_SUITE_TKIP: 998 - key->u.tkip.tx.iv32 = seq->tkip.iv32; 999 - key->u.tkip.tx.iv16 = seq->tkip.iv16; 1000 - break; 1001 - case WLAN_CIPHER_SUITE_CCMP: 1002 - case WLAN_CIPHER_SUITE_CCMP_256: 1003 - case WLAN_CIPHER_SUITE_AES_CMAC: 1004 - case WLAN_CIPHER_SUITE_BIP_CMAC_256: 1005 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 1006 - offsetof(typeof(*seq), aes_cmac)); 1007 - case WLAN_CIPHER_SUITE_BIP_GMAC_128: 1008 - case WLAN_CIPHER_SUITE_BIP_GMAC_256: 1009 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 1010 - offsetof(typeof(*seq), aes_gmac)); 1011 - case WLAN_CIPHER_SUITE_GCMP: 1012 - case WLAN_CIPHER_SUITE_GCMP_256: 1013 - BUILD_BUG_ON(offsetof(typeof(*seq), ccmp) != 1014 - offsetof(typeof(*seq), gcmp)); 1015 - pn64 = (u64)seq->ccmp.pn[5] | 1016 - ((u64)seq->ccmp.pn[4] << 8) | 1017 - ((u64)seq->ccmp.pn[3] << 16) | 1018 - ((u64)seq->ccmp.pn[2] << 24) | 1019 - ((u64)seq->ccmp.pn[1] << 32) | 1020 - ((u64)seq->ccmp.pn[0] << 40); 1021 - atomic64_set(&key->conf.tx_pn, pn64); 1022 - break; 1023 - default: 1024 - WARN_ON(1); 1025 - break; 1026 - } 1027 - } 1028 - EXPORT_SYMBOL_GPL(ieee80211_set_key_tx_seq); 1029 1031 1030 1032 void ieee80211_set_key_rx_seq(struct ieee80211_key_conf *keyconf, 1031 1033 int tid, struct ieee80211_key_seq *seq)

+7 -3

net/mac80211/key.h

··· 44 44 }; 45 45 46 46 struct tkip_ctx { 47 - u32 iv32; /* current iv32 */ 48 - u16 iv16; /* current iv16 */ 49 47 u16 p1k[5]; /* p1k cache */ 50 48 u32 p1k_iv32; /* iv32 for which p1k computed */ 51 49 enum ieee80211_internal_tkip_state state; 50 + }; 51 + 52 + struct tkip_ctx_rx { 53 + struct tkip_ctx ctx; 54 + u32 iv32; /* current iv32 */ 55 + u16 iv16; /* current iv16 */ 52 56 }; 53 57 54 58 struct ieee80211_key { ··· 75 71 struct tkip_ctx tx; 76 72 77 73 /* last received RSC */ 78 - struct tkip_ctx rx[IEEE80211_NUM_TIDS]; 74 + struct tkip_ctx_rx rx[IEEE80211_NUM_TIDS]; 79 75 80 76 /* number of mic failures */ 81 77 u32 mic_failures;

+4 -5

net/mac80211/mesh.c

··· 91 91 if (sdata->vif.bss_conf.basic_rates != basic_rates) 92 92 return false; 93 93 94 - ieee80211_ht_oper_to_chandef(sdata->vif.bss_conf.chandef.chan, 95 - ie->ht_operation, &sta_chan_def); 96 - 97 - ieee80211_vht_oper_to_chandef(sdata->vif.bss_conf.chandef.chan, 98 - ie->vht_operation, &sta_chan_def); 94 + cfg80211_chandef_create(&sta_chan_def, sdata->vif.bss_conf.chandef.chan, 95 + NL80211_CHAN_NO_HT); 96 + ieee80211_chandef_ht_oper(ie->ht_operation, &sta_chan_def); 97 + ieee80211_chandef_vht_oper(ie->vht_operation, &sta_chan_def); 99 98 100 99 if (!cfg80211_chandef_compatible(&sdata->vif.bss_conf.chandef, 101 100 &sta_chan_def))

-3

net/mac80211/mesh.h

··· 137 137 * @copy_node: function to copy nodes of the table 138 138 * @size_order: determines size of the table, there will be 2^size_order hash 139 139 * buckets 140 - * @mean_chain_len: maximum average length for the hash buckets' list, if it is 141 - * reached, the table will grow 142 140 * @known_gates: list of known mesh gates and their mpaths by the station. The 143 141 * gate's mpath may or may not be resolved and active. 144 142 * ··· 152 154 void (*free_node) (struct hlist_node *p, bool free_leafs); 153 155 int (*copy_node) (struct hlist_node *p, struct mesh_table *newtbl); 154 156 int size_order; 155 - int mean_chain_len; 156 157 struct hlist_head *known_gates; 157 158 spinlock_t gates_lock; 158 159

+95 -16

net/mac80211/mesh_pathtbl.c

··· 55 55 static DEFINE_RWLOCK(pathtbl_resize_lock); 56 56 57 57 58 + static inline struct mesh_table *resize_dereference_paths( 59 + struct mesh_table __rcu *table) 60 + { 61 + return rcu_dereference_protected(table, 62 + lockdep_is_held(&pathtbl_resize_lock)); 63 + } 64 + 58 65 static inline struct mesh_table *resize_dereference_mesh_paths(void) 59 66 { 60 - return rcu_dereference_protected(mesh_paths, 61 - lockdep_is_held(&pathtbl_resize_lock)); 67 + return resize_dereference_paths(mesh_paths); 62 68 } 63 69 64 70 static inline struct mesh_table *resize_dereference_mpp_paths(void) 65 71 { 66 - return rcu_dereference_protected(mpp_paths, 67 - lockdep_is_held(&pathtbl_resize_lock)); 72 + return resize_dereference_paths(mpp_paths); 68 73 } 69 74 70 75 /* ··· 165 160 int i; 166 161 167 162 if (atomic_read(&oldtbl->entries) 168 - < oldtbl->mean_chain_len * (oldtbl->hash_mask + 1)) 163 + < MEAN_CHAIN_LEN * (oldtbl->hash_mask + 1)) 169 164 return -EAGAIN; 170 165 171 166 newtbl->free_node = oldtbl->free_node; 172 - newtbl->mean_chain_len = oldtbl->mean_chain_len; 173 167 newtbl->copy_node = oldtbl->copy_node; 174 168 newtbl->known_gates = oldtbl->known_gates; 175 169 atomic_set(&newtbl->entries, atomic_read(&oldtbl->entries)); ··· 589 585 590 586 hlist_add_head_rcu(&new_node->list, bucket); 591 587 if (atomic_inc_return(&tbl->entries) >= 592 - tbl->mean_chain_len * (tbl->hash_mask + 1)) 588 + MEAN_CHAIN_LEN * (tbl->hash_mask + 1)) 593 589 grow = 1; 594 590 595 591 mesh_paths_generation++; ··· 718 714 719 715 hlist_add_head_rcu(&new_node->list, bucket); 720 716 if (atomic_inc_return(&tbl->entries) >= 721 - tbl->mean_chain_len * (tbl->hash_mask + 1)) 717 + MEAN_CHAIN_LEN * (tbl->hash_mask + 1)) 722 718 grow = 1; 723 719 724 720 spin_unlock(&tbl->hashwlock[hash_idx]); ··· 839 835 rcu_read_unlock(); 840 836 } 841 837 838 + static void mpp_flush_by_proxy(struct ieee80211_sub_if_data *sdata, 839 + const u8 *proxy) 840 + { 841 + struct mesh_table *tbl; 842 + struct mesh_path *mpp; 843 + struct mpath_node *node; 844 + int i; 845 + 846 + rcu_read_lock(); 847 + read_lock_bh(&pathtbl_resize_lock); 848 + tbl = resize_dereference_mpp_paths(); 849 + for_each_mesh_entry(tbl, node, i) { 850 + mpp = node->mpath; 851 + if (ether_addr_equal(mpp->mpp, proxy)) { 852 + spin_lock(&tbl->hashwlock[i]); 853 + __mesh_path_del(tbl, node); 854 + spin_unlock(&tbl->hashwlock[i]); 855 + } 856 + } 857 + read_unlock_bh(&pathtbl_resize_lock); 858 + rcu_read_unlock(); 859 + } 860 + 842 861 static void table_flush_by_iface(struct mesh_table *tbl, 843 862 struct ieee80211_sub_if_data *sdata) 844 863 { ··· 903 876 } 904 877 905 878 /** 906 - * mesh_path_del - delete a mesh path from the table 879 + * table_path_del - delete a path from the mesh or mpp table 907 880 * 908 - * @addr: dst address (ETH_ALEN length) 881 + * @tbl: mesh or mpp path table 909 882 * @sdata: local subif 883 + * @addr: dst address (ETH_ALEN length) 910 884 * 911 885 * Returns: 0 if successful 912 886 */ 913 - int mesh_path_del(struct ieee80211_sub_if_data *sdata, const u8 *addr) 887 + static int table_path_del(struct mesh_table __rcu *rcu_tbl, 888 + struct ieee80211_sub_if_data *sdata, 889 + const u8 *addr) 914 890 { 915 891 struct mesh_table *tbl; 916 892 struct mesh_path *mpath; ··· 922 892 int hash_idx; 923 893 int err = 0; 924 894 925 - read_lock_bh(&pathtbl_resize_lock); 926 - tbl = resize_dereference_mesh_paths(); 895 + tbl = resize_dereference_paths(rcu_tbl); 927 896 hash_idx = mesh_table_hash(addr, sdata, tbl); 928 897 bucket = &tbl->hash_buckets[hash_idx]; 929 898 ··· 938 909 939 910 err = -ENXIO; 940 911 enddel: 941 - mesh_paths_generation++; 942 912 spin_unlock(&tbl->hashwlock[hash_idx]); 913 + return err; 914 + } 915 + 916 + /** 917 + * mesh_path_del - delete a mesh path from the table 918 + * 919 + * @addr: dst address (ETH_ALEN length) 920 + * @sdata: local subif 921 + * 922 + * Returns: 0 if successful 923 + */ 924 + int mesh_path_del(struct ieee80211_sub_if_data *sdata, const u8 *addr) 925 + { 926 + int err = 0; 927 + 928 + /* flush relevant mpp entries first */ 929 + mpp_flush_by_proxy(sdata, addr); 930 + 931 + read_lock_bh(&pathtbl_resize_lock); 932 + err = table_path_del(mesh_paths, sdata, addr); 933 + mesh_paths_generation++; 943 934 read_unlock_bh(&pathtbl_resize_lock); 935 + 936 + return err; 937 + } 938 + 939 + /** 940 + * mpp_path_del - delete a mesh proxy path from the table 941 + * 942 + * @addr: addr address (ETH_ALEN length) 943 + * @sdata: local subif 944 + * 945 + * Returns: 0 if successful 946 + */ 947 + static int mpp_path_del(struct ieee80211_sub_if_data *sdata, const u8 *addr) 948 + { 949 + int err = 0; 950 + 951 + read_lock_bh(&pathtbl_resize_lock); 952 + err = table_path_del(mpp_paths, sdata, addr); 953 + mpp_paths_generation++; 954 + read_unlock_bh(&pathtbl_resize_lock); 955 + 944 956 return err; 945 957 } 946 958 ··· 1146 1076 return -ENOMEM; 1147 1077 tbl_path->free_node = &mesh_path_node_free; 1148 1078 tbl_path->copy_node = &mesh_path_node_copy; 1149 - tbl_path->mean_chain_len = MEAN_CHAIN_LEN; 1150 1079 tbl_path->known_gates = kzalloc(sizeof(struct hlist_head), GFP_ATOMIC); 1151 1080 if (!tbl_path->known_gates) { 1152 1081 ret = -ENOMEM; ··· 1161 1092 } 1162 1093 tbl_mpp->free_node = &mesh_path_node_free; 1163 1094 tbl_mpp->copy_node = &mesh_path_node_copy; 1164 - tbl_mpp->mean_chain_len = MEAN_CHAIN_LEN; 1165 1095 tbl_mpp->known_gates = kzalloc(sizeof(struct hlist_head), GFP_ATOMIC); 1166 1096 if (!tbl_mpp->known_gates) { 1167 1097 ret = -ENOMEM; ··· 1199 1131 time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE)) 1200 1132 mesh_path_del(mpath->sdata, mpath->dst); 1201 1133 } 1134 + 1135 + tbl = rcu_dereference(mpp_paths); 1136 + for_each_mesh_entry(tbl, node, i) { 1137 + if (node->mpath->sdata != sdata) 1138 + continue; 1139 + mpath = node->mpath; 1140 + if ((!(mpath->flags & MESH_PATH_FIXED)) && 1141 + time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE)) 1142 + mpp_path_del(mpath->sdata, mpath->dst); 1143 + } 1144 + 1202 1145 rcu_read_unlock(); 1203 1146 } 1204 1147

+4 -6

net/mac80211/mesh_plink.c

··· 976 976 mpl_dbg(sdata, "Mesh plink error: no more free plinks\n"); 977 977 goto out; 978 978 } 979 + 980 + /* new matching peer */ 981 + event = OPN_ACPT; 982 + goto out; 979 983 } else { 980 984 if (!test_sta_flag(sta, WLAN_STA_AUTH)) { 981 985 mpl_dbg(sdata, "Mesh plink: Action frame from non-authed peer\n"); ··· 987 983 } 988 984 if (sta->mesh->plink_state == NL80211_PLINK_BLOCKED) 989 985 goto out; 990 - } 991 - 992 - /* new matching peer */ 993 - if (!sta) { 994 - event = OPN_ACPT; 995 - goto out; 996 986 } 997 987 998 988 switch (ftype) {

+30 -49

net/mac80211/mlme.c

··· 6 6 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 7 7 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 8 8 * Copyright 2013-2014 Intel Mobile Communications GmbH 9 - * Copyright (C) 2015 Intel Deutschland GmbH 9 + * Copyright (C) 2015 - 2016 Intel Deutschland GmbH 10 10 * 11 11 * This program is free software; you can redistribute it and/or modify 12 12 * it under the terms of the GNU General Public License version 2 as ··· 196 196 197 197 /* check 40 MHz support, if we have it */ 198 198 if (sta_ht_cap.cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) { 199 - switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 200 - case IEEE80211_HT_PARAM_CHA_SEC_ABOVE: 201 - chandef->width = NL80211_CHAN_WIDTH_40; 202 - chandef->center_freq1 += 10; 203 - break; 204 - case IEEE80211_HT_PARAM_CHA_SEC_BELOW: 205 - chandef->width = NL80211_CHAN_WIDTH_40; 206 - chandef->center_freq1 -= 10; 207 - break; 208 - } 199 + ieee80211_chandef_ht_oper(ht_oper, chandef); 209 200 } else { 210 201 /* 40 MHz (and 80 MHz) must be supported for VHT */ 211 202 ret = IEEE80211_STA_DISABLE_VHT; ··· 210 219 goto out; 211 220 } 212 221 213 - vht_chandef.chan = channel; 214 - vht_chandef.center_freq1 = 215 - ieee80211_channel_to_frequency(vht_oper->center_freq_seg1_idx, 216 - channel->band); 217 - vht_chandef.center_freq2 = 0; 218 - 219 - switch (vht_oper->chan_width) { 220 - case IEEE80211_VHT_CHANWIDTH_USE_HT: 221 - vht_chandef.width = chandef->width; 222 - vht_chandef.center_freq1 = chandef->center_freq1; 223 - break; 224 - case IEEE80211_VHT_CHANWIDTH_80MHZ: 225 - vht_chandef.width = NL80211_CHAN_WIDTH_80; 226 - break; 227 - case IEEE80211_VHT_CHANWIDTH_160MHZ: 228 - vht_chandef.width = NL80211_CHAN_WIDTH_160; 229 - break; 230 - case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 231 - vht_chandef.width = NL80211_CHAN_WIDTH_80P80; 232 - vht_chandef.center_freq2 = 233 - ieee80211_channel_to_frequency( 234 - vht_oper->center_freq_seg2_idx, 235 - channel->band); 236 - break; 237 - default: 222 + vht_chandef = *chandef; 223 + if (!ieee80211_chandef_vht_oper(vht_oper, &vht_chandef)) { 238 224 if (!(ifmgd->flags & IEEE80211_STA_DISABLE_VHT)) 239 225 sdata_info(sdata, 240 - "AP VHT operation IE has invalid channel width (%d), disable VHT\n", 241 - vht_oper->chan_width); 226 + "AP VHT information is invalid, disable VHT\n"); 242 227 ret = IEEE80211_STA_DISABLE_VHT; 243 228 goto out; 244 229 } ··· 559 592 struct ieee80211_sub_if_data *other; 560 593 561 594 list_for_each_entry_rcu(other, &local->interfaces, list) { 562 - if (other->flags & IEEE80211_SDATA_MU_MIMO_OWNER) { 595 + if (other->vif.mu_mimo_owner) { 563 596 disable_mu_mimo = true; 564 597 break; 565 598 } ··· 567 600 if (disable_mu_mimo) 568 601 cap &= ~IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE; 569 602 else 570 - sdata->flags |= IEEE80211_SDATA_MU_MIMO_OWNER; 603 + sdata->vif.mu_mimo_owner = true; 571 604 } 572 605 573 606 mask = IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK; ··· 1605 1638 1606 1639 void ieee80211_dfs_cac_timer_work(struct work_struct *work) 1607 1640 { 1608 - struct delayed_work *delayed_work = 1609 - container_of(work, struct delayed_work, work); 1641 + struct delayed_work *delayed_work = to_delayed_work(work); 1610 1642 struct ieee80211_sub_if_data *sdata = 1611 1643 container_of(delayed_work, struct ieee80211_sub_if_data, 1612 1644 dfs_cac_timer_work); ··· 2045 2079 memset(&ifmgd->ht_capa_mask, 0, sizeof(ifmgd->ht_capa_mask)); 2046 2080 memset(&ifmgd->vht_capa, 0, sizeof(ifmgd->vht_capa)); 2047 2081 memset(&ifmgd->vht_capa_mask, 0, sizeof(ifmgd->vht_capa_mask)); 2048 - sdata->flags &= ~IEEE80211_SDATA_MU_MIMO_OWNER; 2082 + 2083 + /* reset MU-MIMO ownership and group data */ 2084 + memset(sdata->vif.bss_conf.mu_group.membership, 0, 2085 + sizeof(sdata->vif.bss_conf.mu_group.membership)); 2086 + memset(sdata->vif.bss_conf.mu_group.position, 0, 2087 + sizeof(sdata->vif.bss_conf.mu_group.position)); 2088 + changed |= BSS_CHANGED_MU_GROUPS; 2089 + sdata->vif.mu_mimo_owner = false; 2049 2090 2050 2091 sdata->ap_power_level = IEEE80211_UNSET_POWER_LEVEL; 2051 2092 ··· 2509 2536 eth_zero_addr(sdata->u.mgd.bssid); 2510 2537 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BSSID); 2511 2538 sdata->u.mgd.flags = 0; 2512 - sdata->flags &= ~IEEE80211_SDATA_MU_MIMO_OWNER; 2539 + sdata->vif.mu_mimo_owner = false; 2540 + 2513 2541 mutex_lock(&sdata->local->mtx); 2514 2542 ieee80211_vif_release_channel(sdata); 2515 2543 mutex_unlock(&sdata->local->mtx); ··· 3545 3571 elems.ht_cap_elem, elems.ht_operation, 3546 3572 elems.vht_operation, bssid, &changed)) { 3547 3573 mutex_unlock(&local->sta_mtx); 3574 + sdata_info(sdata, 3575 + "failed to follow AP %pM bandwidth change, disconnect\n", 3576 + bssid); 3548 3577 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 3549 3578 WLAN_REASON_DEAUTH_LEAVING, 3550 3579 true, deauth_buf); ··· 3923 3946 * We actually lost the connection ... or did we? 3924 3947 * Let's make sure! 3925 3948 */ 3926 - wiphy_debug(local->hw.wiphy, 3927 - "%s: No probe response from AP %pM" 3928 - " after %dms, disconnecting.\n", 3929 - sdata->name, 3930 - bssid, probe_wait_ms); 3949 + mlme_dbg(sdata, 3950 + "No probe response from AP %pM after %dms, disconnecting.\n", 3951 + bssid, probe_wait_ms); 3931 3952 3932 3953 ieee80211_sta_connection_lost(sdata, bssid, 3933 3954 WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY, false); ··· 4511 4536 if (ifmgd->associated) { 4512 4537 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4513 4538 4539 + sdata_info(sdata, 4540 + "disconnect from AP %pM for new auth to %pM\n", 4541 + ifmgd->associated->bssid, req->bss->bssid); 4514 4542 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4515 4543 WLAN_REASON_UNSPECIFIED, 4516 4544 false, frame_buf); ··· 4582 4604 if (ifmgd->associated) { 4583 4605 u8 frame_buf[IEEE80211_DEAUTH_FRAME_LEN]; 4584 4606 4607 + sdata_info(sdata, 4608 + "disconnect from AP %pM for new assoc to %pM\n", 4609 + ifmgd->associated->bssid, req->bss->bssid); 4585 4610 ieee80211_set_disassoc(sdata, IEEE80211_STYPE_DEAUTH, 4586 4611 WLAN_REASON_UNSPECIFIED, 4587 4612 false, frame_buf);

+123 -16

net/mac80211/rx.c

··· 4 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 5 * Copyright 2007-2010 Johannes Berg <johannes@sipsolutions.net> 6 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 + * Copyright(c) 2015 - 2016 Intel Deutschland GmbH 7 8 * 8 9 * This program is free software; you can redistribute it and/or modify 9 10 * it under the terms of the GNU General Public License version 2 as ··· 19 18 #include <linux/etherdevice.h> 20 19 #include <linux/rcupdate.h> 21 20 #include <linux/export.h> 21 + #include <linux/bitops.h> 22 22 #include <net/mac80211.h> 23 23 #include <net/ieee80211_radiotap.h> 24 24 #include <asm/unaligned.h> ··· 124 122 hdr = (void *)(skb->data + rtap_vendor_space); 125 123 126 124 if (status->flag & (RX_FLAG_FAILED_FCS_CRC | 127 - RX_FLAG_FAILED_PLCP_CRC)) 125 + RX_FLAG_FAILED_PLCP_CRC | 126 + RX_FLAG_ONLY_MONITOR)) 128 127 return true; 129 128 130 129 if (unlikely(skb->len < 16 + present_fcs_len + rtap_vendor_space)) ··· 510 507 return NULL; 511 508 } 512 509 513 - if (!local->monitors) { 510 + if (!local->monitors || (status->flag & RX_FLAG_SKIP_MONITOR)) { 514 511 if (should_drop_frame(origskb, present_fcs_len, 515 512 rtap_vendor_space)) { 516 513 dev_kfree_skb(origskb); ··· 800 797 return RX_CONTINUE; 801 798 } 802 799 800 + static inline bool ieee80211_rx_reorder_ready(struct tid_ampdu_rx *tid_agg_rx, 801 + int index) 802 + { 803 + struct sk_buff_head *frames = &tid_agg_rx->reorder_buf[index]; 804 + struct sk_buff *tail = skb_peek_tail(frames); 805 + struct ieee80211_rx_status *status; 806 + 807 + if (tid_agg_rx->reorder_buf_filtered & BIT_ULL(index)) 808 + return true; 809 + 810 + if (!tail) 811 + return false; 812 + 813 + status = IEEE80211_SKB_RXCB(tail); 814 + if (status->flag & RX_FLAG_AMSDU_MORE) 815 + return false; 816 + 817 + return true; 818 + } 819 + 803 820 static void ieee80211_release_reorder_frame(struct ieee80211_sub_if_data *sdata, 804 821 struct tid_ampdu_rx *tid_agg_rx, 805 822 int index, ··· 834 811 if (skb_queue_empty(skb_list)) 835 812 goto no_frame; 836 813 837 - if (!ieee80211_rx_reorder_ready(skb_list)) { 814 + if (!ieee80211_rx_reorder_ready(tid_agg_rx, index)) { 838 815 __skb_queue_purge(skb_list); 839 816 goto no_frame; 840 817 } ··· 848 825 } 849 826 850 827 no_frame: 828 + tid_agg_rx->reorder_buf_filtered &= ~BIT_ULL(index); 851 829 tid_agg_rx->head_seq_num = ieee80211_sn_inc(tid_agg_rx->head_seq_num); 852 830 } 853 831 ··· 889 865 890 866 /* release the buffer until next missing frame */ 891 867 index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; 892 - if (!ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index]) && 868 + if (!ieee80211_rx_reorder_ready(tid_agg_rx, index) && 893 869 tid_agg_rx->stored_mpdu_num) { 894 870 /* 895 871 * No buffers ready to be released, but check whether any ··· 898 874 int skipped = 1; 899 875 for (j = (index + 1) % tid_agg_rx->buf_size; j != index; 900 876 j = (j + 1) % tid_agg_rx->buf_size) { 901 - if (!ieee80211_rx_reorder_ready( 902 - &tid_agg_rx->reorder_buf[j])) { 877 + if (!ieee80211_rx_reorder_ready(tid_agg_rx, j)) { 903 878 skipped++; 904 879 continue; 905 880 } ··· 925 902 skipped) & IEEE80211_SN_MASK; 926 903 skipped = 0; 927 904 } 928 - } else while (ieee80211_rx_reorder_ready( 929 - &tid_agg_rx->reorder_buf[index])) { 905 + } else while (ieee80211_rx_reorder_ready(tid_agg_rx, index)) { 930 906 ieee80211_release_reorder_frame(sdata, tid_agg_rx, index, 931 907 frames); 932 908 index = tid_agg_rx->head_seq_num % tid_agg_rx->buf_size; ··· 936 914 937 915 for (; j != (index - 1) % tid_agg_rx->buf_size; 938 916 j = (j + 1) % tid_agg_rx->buf_size) { 939 - if (ieee80211_rx_reorder_ready( 940 - &tid_agg_rx->reorder_buf[j])) 917 + if (ieee80211_rx_reorder_ready(tid_agg_rx, j)) 941 918 break; 942 919 } 943 920 ··· 1007 986 index = mpdu_seq_num % tid_agg_rx->buf_size; 1008 987 1009 988 /* check if we already stored this frame */ 1010 - if (ieee80211_rx_reorder_ready(&tid_agg_rx->reorder_buf[index])) { 989 + if (ieee80211_rx_reorder_ready(tid_agg_rx, index)) { 1011 990 dev_kfree_skb(skb); 1012 991 goto out; 1013 992 } ··· 1119 1098 { 1120 1099 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)rx->skb->data; 1121 1100 struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(rx->skb); 1101 + 1102 + if (status->flag & RX_FLAG_DUP_VALIDATED) 1103 + return RX_CONTINUE; 1122 1104 1123 1105 /* 1124 1106 * Drop duplicate 802.11 retransmissions ··· 2223 2199 skb->dev = dev; 2224 2200 __skb_queue_head_init(&frame_list); 2225 2201 2226 - if (skb_linearize(skb)) 2227 - return RX_DROP_UNUSABLE; 2228 - 2229 2202 ieee80211_amsdu_to_8023s(skb, &frame_list, dev->dev_addr, 2230 2203 rx->sdata->vif.type, 2231 2204 rx->local->hw.extra_tx_headroom, true); ··· 2252 2231 struct ieee80211_local *local = rx->local; 2253 2232 struct ieee80211_sub_if_data *sdata = rx->sdata; 2254 2233 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh; 2255 - u16 q, hdrlen; 2234 + u16 ac, q, hdrlen; 2256 2235 2257 2236 hdr = (struct ieee80211_hdr *) skb->data; 2258 2237 hdrlen = ieee80211_hdrlen(hdr->frame_control); ··· 2311 2290 spin_lock_bh(&mppath->state_lock); 2312 2291 if (!ether_addr_equal(mppath->mpp, mpp_addr)) 2313 2292 memcpy(mppath->mpp, mpp_addr, ETH_ALEN); 2293 + mppath->exp_time = jiffies; 2314 2294 spin_unlock_bh(&mppath->state_lock); 2315 2295 } 2316 2296 rcu_read_unlock(); ··· 2322 2300 ether_addr_equal(sdata->vif.addr, hdr->addr3)) 2323 2301 return RX_CONTINUE; 2324 2302 2325 - q = ieee80211_select_queue_80211(sdata, skb, hdr); 2303 + ac = ieee80211_select_queue_80211(sdata, skb, hdr); 2304 + q = sdata->vif.hw_queue[ac]; 2326 2305 if (ieee80211_queue_stopped(&local->hw, q)) { 2327 2306 IEEE80211_IFSTA_MESH_CTR_INC(ifmsh, dropped_frames_congestion); 2328 2307 return RX_DROP_MONITOR; ··· 2760 2737 ieee80211_vht_handle_opmode(rx->sdata, rx->sta, 2761 2738 opmode, status->band); 2762 2739 goto handled; 2740 + } 2741 + case WLAN_VHT_ACTION_GROUPID_MGMT: { 2742 + if (len < IEEE80211_MIN_ACTION_SIZE + 25) 2743 + goto invalid; 2744 + goto queue; 2763 2745 } 2764 2746 default: 2765 2747 break; ··· 3302 3274 3303 3275 ieee80211_rx_handlers(&rx, &frames); 3304 3276 } 3277 + 3278 + void ieee80211_mark_rx_ba_filtered_frames(struct ieee80211_sta *pubsta, u8 tid, 3279 + u16 ssn, u64 filtered, 3280 + u16 received_mpdus) 3281 + { 3282 + struct sta_info *sta; 3283 + struct tid_ampdu_rx *tid_agg_rx; 3284 + struct sk_buff_head frames; 3285 + struct ieee80211_rx_data rx = { 3286 + /* This is OK -- must be QoS data frame */ 3287 + .security_idx = tid, 3288 + .seqno_idx = tid, 3289 + }; 3290 + int i, diff; 3291 + 3292 + if (WARN_ON(!pubsta || tid >= IEEE80211_NUM_TIDS)) 3293 + return; 3294 + 3295 + __skb_queue_head_init(&frames); 3296 + 3297 + sta = container_of(pubsta, struct sta_info, sta); 3298 + 3299 + rx.sta = sta; 3300 + rx.sdata = sta->sdata; 3301 + rx.local = sta->local; 3302 + 3303 + rcu_read_lock(); 3304 + tid_agg_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[tid]); 3305 + if (!tid_agg_rx) 3306 + goto out; 3307 + 3308 + spin_lock_bh(&tid_agg_rx->reorder_lock); 3309 + 3310 + if (received_mpdus >= IEEE80211_SN_MODULO >> 1) { 3311 + int release; 3312 + 3313 + /* release all frames in the reorder buffer */ 3314 + release = (tid_agg_rx->head_seq_num + tid_agg_rx->buf_size) % 3315 + IEEE80211_SN_MODULO; 3316 + ieee80211_release_reorder_frames(sta->sdata, tid_agg_rx, 3317 + release, &frames); 3318 + /* update ssn to match received ssn */ 3319 + tid_agg_rx->head_seq_num = ssn; 3320 + } else { 3321 + ieee80211_release_reorder_frames(sta->sdata, tid_agg_rx, ssn, 3322 + &frames); 3323 + } 3324 + 3325 + /* handle the case that received ssn is behind the mac ssn. 3326 + * it can be tid_agg_rx->buf_size behind and still be valid */ 3327 + diff = (tid_agg_rx->head_seq_num - ssn) & IEEE80211_SN_MASK; 3328 + if (diff >= tid_agg_rx->buf_size) { 3329 + tid_agg_rx->reorder_buf_filtered = 0; 3330 + goto release; 3331 + } 3332 + filtered = filtered >> diff; 3333 + ssn += diff; 3334 + 3335 + /* update bitmap */ 3336 + for (i = 0; i < tid_agg_rx->buf_size; i++) { 3337 + int index = (ssn + i) % tid_agg_rx->buf_size; 3338 + 3339 + tid_agg_rx->reorder_buf_filtered &= ~BIT_ULL(index); 3340 + if (filtered & BIT_ULL(i)) 3341 + tid_agg_rx->reorder_buf_filtered |= BIT_ULL(index); 3342 + } 3343 + 3344 + /* now process also frames that the filter marking released */ 3345 + ieee80211_sta_reorder_release(sta->sdata, tid_agg_rx, &frames); 3346 + 3347 + release: 3348 + spin_unlock_bh(&tid_agg_rx->reorder_lock); 3349 + 3350 + ieee80211_rx_handlers(&rx, &frames); 3351 + 3352 + out: 3353 + rcu_read_unlock(); 3354 + } 3355 + EXPORT_SYMBOL(ieee80211_mark_rx_ba_filtered_frames); 3305 3356 3306 3357 /* main receive path */ 3307 3358

+23 -12

net/mac80211/sta_info.c

··· 116 116 117 117 ieee80211_purge_tx_queue(&local->hw, &txqi->queue); 118 118 atomic_sub(n, &sdata->txqs_len[txqi->txq.ac]); 119 + txqi->byte_cnt = 0; 119 120 } 120 121 } 121 122 ··· 499 498 { 500 499 struct ieee80211_local *local = sta->local; 501 500 struct ieee80211_sub_if_data *sdata = sta->sdata; 502 - struct station_info sinfo; 501 + struct station_info *sinfo; 503 502 int err = 0; 504 503 505 504 lockdep_assert_held(&local->sta_mtx); 505 + 506 + sinfo = kzalloc(sizeof(struct station_info), GFP_KERNEL); 507 + if (!sinfo) { 508 + err = -ENOMEM; 509 + goto out_err; 510 + } 506 511 507 512 /* check if STA exists already */ 508 513 if (sta_info_get_bss(sdata, sta->sta.addr)) { ··· 537 530 /* accept BA sessions now */ 538 531 clear_sta_flag(sta, WLAN_STA_BLOCK_BA); 539 532 540 - ieee80211_recalc_min_chandef(sdata); 541 533 ieee80211_sta_debugfs_add(sta); 542 534 rate_control_add_sta_debugfs(sta); 543 535 544 - memset(&sinfo, 0, sizeof(sinfo)); 545 - sinfo.filled = 0; 546 - sinfo.generation = local->sta_generation; 547 - cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL); 536 + sinfo->generation = local->sta_generation; 537 + cfg80211_new_sta(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL); 538 + kfree(sinfo); 548 539 549 540 sta_dbg(sdata, "Inserted STA %pM\n", sta->sta.addr); 550 541 ··· 562 557 __cleanup_single_sta(sta); 563 558 out_err: 564 559 mutex_unlock(&local->sta_mtx); 560 + kfree(sinfo); 565 561 rcu_read_lock(); 566 562 return err; 567 563 } ··· 904 898 { 905 899 struct ieee80211_local *local = sta->local; 906 900 struct ieee80211_sub_if_data *sdata = sta->sdata; 907 - struct station_info sinfo = {}; 901 + struct station_info *sinfo; 908 902 int ret; 909 903 910 904 /* ··· 942 936 943 937 sta_dbg(sdata, "Removed STA %pM\n", sta->sta.addr); 944 938 945 - sta_set_sinfo(sta, &sinfo); 946 - cfg80211_del_sta_sinfo(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL); 939 + sinfo = kzalloc(sizeof(*sinfo), GFP_KERNEL); 940 + if (sinfo) 941 + sta_set_sinfo(sta, sinfo); 942 + cfg80211_del_sta_sinfo(sdata->dev, sta->sta.addr, sinfo, GFP_KERNEL); 943 + kfree(sinfo); 947 944 948 945 rate_control_remove_sta_debugfs(sta); 949 946 ieee80211_sta_debugfs_remove(sta); 950 - ieee80211_recalc_min_chandef(sdata); 951 947 952 948 cleanup_single_sta(sta); 953 949 } ··· 1816 1808 clear_bit(WLAN_STA_AUTH, &sta->_flags); 1817 1809 break; 1818 1810 case IEEE80211_STA_AUTH: 1819 - if (sta->sta_state == IEEE80211_STA_NONE) 1811 + if (sta->sta_state == IEEE80211_STA_NONE) { 1820 1812 set_bit(WLAN_STA_AUTH, &sta->_flags); 1821 - else if (sta->sta_state == IEEE80211_STA_ASSOC) 1813 + } else if (sta->sta_state == IEEE80211_STA_ASSOC) { 1822 1814 clear_bit(WLAN_STA_ASSOC, &sta->_flags); 1815 + ieee80211_recalc_min_chandef(sta->sdata); 1816 + } 1823 1817 break; 1824 1818 case IEEE80211_STA_ASSOC: 1825 1819 if (sta->sta_state == IEEE80211_STA_AUTH) { 1826 1820 set_bit(WLAN_STA_ASSOC, &sta->_flags); 1821 + ieee80211_recalc_min_chandef(sta->sdata); 1827 1822 } else if (sta->sta_state == IEEE80211_STA_AUTHORIZED) { 1828 1823 if (sta->sdata->vif.type == NL80211_IFTYPE_AP || 1829 1824 (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN &&

+15 -9

net/mac80211/sta_info.h

··· 1 1 /* 2 2 * Copyright 2002-2005, Devicescape Software, Inc. 3 3 * Copyright 2013-2014 Intel Mobile Communications GmbH 4 + * Copyright(c) 2015 Intel Deutschland GmbH 4 5 * 5 6 * This program is free software; you can redistribute it and/or modify 6 7 * it under the terms of the GNU General Public License version 2 as ··· 168 167 * 169 168 * @reorder_buf: buffer to reorder incoming aggregated MPDUs. An MPDU may be an 170 169 * A-MSDU with individually reported subframes. 170 + * @reorder_buf_filtered: bitmap indicating where there are filtered frames in 171 + * the reorder buffer that should be ignored when releasing frames 171 172 * @reorder_time: jiffies when skb was added 172 173 * @session_timer: check if peer keeps Tx-ing on the TID (by timeout value) 173 174 * @reorder_timer: releases expired frames from the reorder buffer. ··· 197 194 struct tid_ampdu_rx { 198 195 struct rcu_head rcu_head; 199 196 spinlock_t reorder_lock; 197 + u64 reorder_buf_filtered; 200 198 struct sk_buff_head *reorder_buf; 201 199 unsigned long *reorder_time; 202 200 struct timer_list session_timer; ··· 216 212 /** 217 213 * struct sta_ampdu_mlme - STA aggregation information. 218 214 * 215 + * @mtx: mutex to protect all TX data (except non-NULL assignments 216 + * to tid_tx[idx], which are protected by the sta spinlock) 217 + * tid_start_tx is also protected by sta->lock. 219 218 * @tid_rx: aggregation info for Rx per TID -- RCU protected 220 - * @tid_tx: aggregation info for Tx per TID 221 - * @tid_start_tx: sessions where start was requested 222 - * @addba_req_num: number of times addBA request has been sent. 223 - * @last_addba_req_time: timestamp of the last addBA request. 224 - * @dialog_token_allocator: dialog token enumerator for each new session; 225 - * @work: work struct for starting/stopping aggregation 226 219 * @tid_rx_timer_expired: bitmap indicating on which TIDs the 227 220 * RX timer expired until the work for it runs 228 221 * @tid_rx_stop_requested: bitmap indicating which BA sessions per TID the 229 222 * driver requested to close until the work for it runs 230 - * @mtx: mutex to protect all TX data (except non-NULL assignments 231 - * to tid_tx[idx], which are protected by the sta spinlock) 232 - * tid_start_tx is also protected by sta->lock. 223 + * @agg_session_valid: bitmap indicating which TID has a rx BA session open on 224 + * @work: work struct for starting/stopping aggregation 225 + * @tid_tx: aggregation info for Tx per TID 226 + * @tid_start_tx: sessions where start was requested 227 + * @last_addba_req_time: timestamp of the last addBA request. 228 + * @addba_req_num: number of times addBA request has been sent. 229 + * @dialog_token_allocator: dialog token enumerator for each new session; 233 230 */ 234 231 struct sta_ampdu_mlme { 235 232 struct mutex mtx; ··· 238 233 struct tid_ampdu_rx __rcu *tid_rx[IEEE80211_NUM_TIDS]; 239 234 unsigned long tid_rx_timer_expired[BITS_TO_LONGS(IEEE80211_NUM_TIDS)]; 240 235 unsigned long tid_rx_stop_requested[BITS_TO_LONGS(IEEE80211_NUM_TIDS)]; 236 + unsigned long agg_session_valid[BITS_TO_LONGS(IEEE80211_NUM_TIDS)]; 241 237 /* tx */ 242 238 struct work_struct work; 243 239 struct tid_ampdu_tx __rcu *tid_tx[IEEE80211_NUM_TIDS];

+18 -18

net/mac80211/tkip.c

··· 1 1 /* 2 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 3 * Copyright 2005, Devicescape Software, Inc. 4 + * Copyright (C) 2016 Intel Deutschland GmbH 4 5 * 5 6 * This program is free software; you can redistribute it and/or modify 6 7 * it under the terms of the GNU General Public License version 2 as ··· 143 142 /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets 144 143 * of the IV. Returns pointer to the octet following IVs (i.e., beginning of 145 144 * the packet payload). */ 146 - u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key) 145 + u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key_conf *keyconf, u64 pn) 147 146 { 148 - lockdep_assert_held(&key->u.tkip.txlock); 149 - 150 - pos = write_tkip_iv(pos, key->u.tkip.tx.iv16); 151 - *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; 152 - put_unaligned_le32(key->u.tkip.tx.iv32, pos); 147 + pos = write_tkip_iv(pos, TKIP_PN_TO_IV16(pn)); 148 + *pos++ = (keyconf->keyidx << 6) | (1 << 5) /* Ext IV */; 149 + put_unaligned_le32(TKIP_PN_TO_IV32(pn), pos); 153 150 return pos + 4; 154 151 } 152 + EXPORT_SYMBOL_GPL(ieee80211_tkip_add_iv); 155 153 156 154 static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32) 157 155 { ··· 250 250 u8 rc4key[16], keyid, *pos = payload; 251 251 int res; 252 252 const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; 253 + struct tkip_ctx_rx *rx_ctx = &key->u.tkip.rx[queue]; 253 254 254 255 if (payload_len < 12) 255 256 return -1; ··· 266 265 if ((keyid >> 6) != key->conf.keyidx) 267 266 return TKIP_DECRYPT_INVALID_KEYIDX; 268 267 269 - if (key->u.tkip.rx[queue].state != TKIP_STATE_NOT_INIT && 270 - (iv32 < key->u.tkip.rx[queue].iv32 || 271 - (iv32 == key->u.tkip.rx[queue].iv32 && 272 - iv16 <= key->u.tkip.rx[queue].iv16))) 268 + if (rx_ctx->ctx.state != TKIP_STATE_NOT_INIT && 269 + (iv32 < rx_ctx->iv32 || 270 + (iv32 == rx_ctx->iv32 && iv16 <= rx_ctx->iv16))) 273 271 return TKIP_DECRYPT_REPLAY; 274 272 275 273 if (only_iv) { 276 274 res = TKIP_DECRYPT_OK; 277 - key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED; 275 + rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED; 278 276 goto done; 279 277 } 280 278 281 - if (key->u.tkip.rx[queue].state == TKIP_STATE_NOT_INIT || 282 - key->u.tkip.rx[queue].iv32 != iv32) { 279 + if (rx_ctx->ctx.state == TKIP_STATE_NOT_INIT || 280 + rx_ctx->iv32 != iv32) { 283 281 /* IV16 wrapped around - perform TKIP phase 1 */ 284 - tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32); 282 + tkip_mixing_phase1(tk, &rx_ctx->ctx, ta, iv32); 285 283 } 286 284 if (key->local->ops->update_tkip_key && 287 285 key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE && 288 - key->u.tkip.rx[queue].state != TKIP_STATE_PHASE1_HW_UPLOADED) { 286 + rx_ctx->ctx.state != TKIP_STATE_PHASE1_HW_UPLOADED) { 289 287 struct ieee80211_sub_if_data *sdata = key->sdata; 290 288 291 289 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 292 290 sdata = container_of(key->sdata->bss, 293 291 struct ieee80211_sub_if_data, u.ap); 294 292 drv_update_tkip_key(key->local, sdata, &key->conf, key->sta, 295 - iv32, key->u.tkip.rx[queue].p1k); 296 - key->u.tkip.rx[queue].state = TKIP_STATE_PHASE1_HW_UPLOADED; 293 + iv32, rx_ctx->ctx.p1k); 294 + rx_ctx->ctx.state = TKIP_STATE_PHASE1_HW_UPLOADED; 297 295 } 298 296 299 - tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key); 297 + tkip_mixing_phase2(tk, &rx_ctx->ctx, iv16, rc4key); 300 298 301 299 res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12); 302 300 done:

-2

net/mac80211/tkip.h

··· 13 13 #include <linux/crypto.h> 14 14 #include "key.h" 15 15 16 - u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key); 17 - 18 16 int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, 19 17 struct ieee80211_key *key, 20 18 struct sk_buff *skb,

+23 -20

net/mac80211/trace.h

··· 80 80 #define KEY_PR_FMT " cipher:0x%x, flags=%#x, keyidx=%d, hw_key_idx=%d" 81 81 #define KEY_PR_ARG __entry->cipher, __entry->flags, __entry->keyidx, __entry->hw_key_idx 82 82 83 - 83 + #define AMPDU_ACTION_ENTRY __field(enum ieee80211_ampdu_mlme_action, \ 84 + ieee80211_ampdu_mlme_action) \ 85 + STA_ENTRY \ 86 + __field(u16, tid) \ 87 + __field(u16, ssn) \ 88 + __field(u8, buf_size) \ 89 + __field(bool, amsdu) \ 90 + __field(u16, timeout) 91 + #define AMPDU_ACTION_ASSIGN STA_NAMED_ASSIGN(params->sta); \ 92 + __entry->tid = params->tid; \ 93 + __entry->ssn = params->ssn; \ 94 + __entry->buf_size = params->buf_size; \ 95 + __entry->amsdu = params->amsdu; \ 96 + __entry->timeout = params->timeout; 97 + #define AMPDU_ACTION_PR_FMT STA_PR_FMT " tid %d, ssn %d, buf_size %u, amsdu %d, timeout %d" 98 + #define AMPDU_ACTION_PR_ARG STA_PR_ARG, __entry->tid, __entry->ssn, \ 99 + __entry->buf_size, __entry->amsdu, __entry->timeout 84 100 85 101 /* 86 102 * Tracing for driver callbacks. ··· 986 970 TRACE_EVENT(drv_ampdu_action, 987 971 TP_PROTO(struct ieee80211_local *local, 988 972 struct ieee80211_sub_if_data *sdata, 989 - enum ieee80211_ampdu_mlme_action action, 990 - struct ieee80211_sta *sta, u16 tid, 991 - u16 *ssn, u8 buf_size, bool amsdu), 973 + struct ieee80211_ampdu_params *params), 992 974 993 - TP_ARGS(local, sdata, action, sta, tid, ssn, buf_size, amsdu), 975 + TP_ARGS(local, sdata, params), 994 976 995 977 TP_STRUCT__entry( 996 978 LOCAL_ENTRY 997 - STA_ENTRY 998 - __field(u32, action) 999 - __field(u16, tid) 1000 - __field(u16, ssn) 1001 - __field(u8, buf_size) 1002 - __field(bool, amsdu) 1003 979 VIF_ENTRY 980 + AMPDU_ACTION_ENTRY 1004 981 ), 1005 982 1006 983 TP_fast_assign( 1007 984 LOCAL_ASSIGN; 1008 985 VIF_ASSIGN; 1009 - STA_ASSIGN; 1010 - __entry->action = action; 1011 - __entry->tid = tid; 1012 - __entry->ssn = ssn ? *ssn : 0; 1013 - __entry->buf_size = buf_size; 1014 - __entry->amsdu = amsdu; 986 + AMPDU_ACTION_ASSIGN; 1015 987 ), 1016 988 1017 989 TP_printk( 1018 - LOCAL_PR_FMT VIF_PR_FMT STA_PR_FMT " action:%d tid:%d buf:%d amsdu:%d", 1019 - LOCAL_PR_ARG, VIF_PR_ARG, STA_PR_ARG, __entry->action, 1020 - __entry->tid, __entry->buf_size, __entry->amsdu 990 + LOCAL_PR_FMT VIF_PR_FMT AMPDU_ACTION_PR_FMT, 991 + LOCAL_PR_ARG, VIF_PR_ARG, AMPDU_ACTION_PR_ARG 1021 992 ) 1022 993 ); 1023 994

+85 -7

net/mac80211/tx.c

··· 710 710 711 711 info->control.short_preamble = txrc.short_preamble; 712 712 713 + /* don't ask rate control when rate already injected via radiotap */ 714 + if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT) 715 + return TX_CONTINUE; 716 + 713 717 if (tx->sta) 714 718 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC); 715 719 ··· 1270 1266 if (atomic_read(&sdata->txqs_len[ac]) >= local->hw.txq_ac_max_pending) 1271 1267 netif_stop_subqueue(sdata->dev, ac); 1272 1268 1273 - skb_queue_tail(&txqi->queue, skb); 1269 + spin_lock_bh(&txqi->queue.lock); 1270 + txqi->byte_cnt += skb->len; 1271 + __skb_queue_tail(&txqi->queue, skb); 1272 + spin_unlock_bh(&txqi->queue.lock); 1273 + 1274 1274 drv_wake_tx_queue(local, txqi); 1275 1275 1276 1276 return; ··· 1301 1293 skb = __skb_dequeue(&txqi->queue); 1302 1294 if (!skb) 1303 1295 goto out; 1296 + 1297 + txqi->byte_cnt -= skb->len; 1304 1298 1305 1299 atomic_dec(&sdata->txqs_len[ac]); 1306 1300 if (__netif_subqueue_stopped(sdata->dev, ac)) ··· 1675 1665 ieee80211_tx(sdata, sta, skb, false); 1676 1666 } 1677 1667 1678 - static bool ieee80211_parse_tx_radiotap(struct sk_buff *skb) 1668 + static bool ieee80211_parse_tx_radiotap(struct ieee80211_local *local, 1669 + struct sk_buff *skb) 1679 1670 { 1680 1671 struct ieee80211_radiotap_iterator iterator; 1681 1672 struct ieee80211_radiotap_header *rthdr = 1682 1673 (struct ieee80211_radiotap_header *) skb->data; 1683 1674 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1675 + struct ieee80211_supported_band *sband = 1676 + local->hw.wiphy->bands[info->band]; 1684 1677 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len, 1685 1678 NULL); 1686 1679 u16 txflags; 1680 + u16 rate = 0; 1681 + bool rate_found = false; 1682 + u8 rate_retries = 0; 1683 + u16 rate_flags = 0; 1684 + u8 mcs_known, mcs_flags; 1685 + int i; 1687 1686 1688 1687 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT | 1689 1688 IEEE80211_TX_CTL_DONTFRAG; ··· 1743 1724 info->flags |= IEEE80211_TX_CTL_NO_ACK; 1744 1725 break; 1745 1726 1727 + case IEEE80211_RADIOTAP_RATE: 1728 + rate = *iterator.this_arg; 1729 + rate_flags = 0; 1730 + rate_found = true; 1731 + break; 1732 + 1733 + case IEEE80211_RADIOTAP_DATA_RETRIES: 1734 + rate_retries = *iterator.this_arg; 1735 + break; 1736 + 1737 + case IEEE80211_RADIOTAP_MCS: 1738 + mcs_known = iterator.this_arg[0]; 1739 + mcs_flags = iterator.this_arg[1]; 1740 + if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS)) 1741 + break; 1742 + 1743 + rate_found = true; 1744 + rate = iterator.this_arg[2]; 1745 + rate_flags = IEEE80211_TX_RC_MCS; 1746 + 1747 + if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI && 1748 + mcs_flags & IEEE80211_RADIOTAP_MCS_SGI) 1749 + rate_flags |= IEEE80211_TX_RC_SHORT_GI; 1750 + 1751 + if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW && 1752 + mcs_flags & IEEE80211_RADIOTAP_MCS_BW_40) 1753 + rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; 1754 + break; 1755 + 1746 1756 /* 1747 1757 * Please update the file 1748 1758 * Documentation/networking/mac80211-injection.txt ··· 1785 1737 1786 1738 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */ 1787 1739 return false; 1740 + 1741 + if (rate_found) { 1742 + info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT; 1743 + 1744 + for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) { 1745 + info->control.rates[i].idx = -1; 1746 + info->control.rates[i].flags = 0; 1747 + info->control.rates[i].count = 0; 1748 + } 1749 + 1750 + if (rate_flags & IEEE80211_TX_RC_MCS) { 1751 + info->control.rates[0].idx = rate; 1752 + } else { 1753 + for (i = 0; i < sband->n_bitrates; i++) { 1754 + if (rate * 5 != sband->bitrates[i].bitrate) 1755 + continue; 1756 + 1757 + info->control.rates[0].idx = i; 1758 + break; 1759 + } 1760 + } 1761 + 1762 + info->control.rates[0].flags = rate_flags; 1763 + info->control.rates[0].count = min_t(u8, rate_retries + 1, 1764 + local->hw.max_rate_tries); 1765 + } 1788 1766 1789 1767 /* 1790 1768 * remove the radiotap header ··· 1892 1818 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS | 1893 1819 IEEE80211_TX_CTL_INJECTED; 1894 1820 1895 - /* process and remove the injection radiotap header */ 1896 - if (!ieee80211_parse_tx_radiotap(skb)) 1897 - goto fail; 1898 - 1899 1821 rcu_read_lock(); 1900 1822 1901 1823 /* ··· 1953 1883 goto fail_rcu; 1954 1884 1955 1885 info->band = chandef->chan->band; 1886 + 1887 + /* process and remove the injection radiotap header */ 1888 + if (!ieee80211_parse_tx_radiotap(local, skb)) 1889 + goto fail_rcu; 1890 + 1956 1891 ieee80211_xmit(sdata, NULL, skb); 1957 1892 rcu_read_unlock(); 1958 1893 ··· 2174 2099 mpp_lookup = true; 2175 2100 } 2176 2101 2177 - if (mpp_lookup) 2102 + if (mpp_lookup) { 2178 2103 mppath = mpp_path_lookup(sdata, skb->data); 2104 + if (mppath) 2105 + mppath->exp_time = jiffies; 2106 + } 2179 2107 2180 2108 if (mppath && mpath) 2181 2109 mesh_path_del(mpath->sdata, mpath->dst);

+90 -28

net/mac80211/util.c

··· 4 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 5 5 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net> 6 6 * Copyright 2013-2014 Intel Mobile Communications GmbH 7 - * Copyright (C) 2015 Intel Deutschland GmbH 7 + * Copyright (C) 2015-2016 Intel Deutschland GmbH 8 8 * 9 9 * This program is free software; you can redistribute it and/or modify 10 10 * it under the terms of the GNU General Public License version 2 as ··· 1928 1928 BSS_CHANGED_IDLE | 1929 1929 BSS_CHANGED_TXPOWER; 1930 1930 1931 + if (sdata->vif.mu_mimo_owner) 1932 + changed |= BSS_CHANGED_MU_GROUPS; 1933 + 1931 1934 switch (sdata->vif.type) { 1932 1935 case NL80211_IFTYPE_STATION: 1933 1936 changed |= BSS_CHANGED_ASSOC | ··· 2374 2371 2375 2372 switch (chandef->width) { 2376 2373 case NL80211_CHAN_WIDTH_160: 2377 - vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_160MHZ; 2374 + /* 2375 + * Convert 160 MHz channel width to new style as interop 2376 + * workaround. 2377 + */ 2378 + vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ; 2379 + vht_oper->center_freq_seg2_idx = vht_oper->center_freq_seg1_idx; 2380 + if (chandef->chan->center_freq < chandef->center_freq1) 2381 + vht_oper->center_freq_seg1_idx -= 8; 2382 + else 2383 + vht_oper->center_freq_seg1_idx += 8; 2378 2384 break; 2379 2385 case NL80211_CHAN_WIDTH_80P80: 2380 - vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80P80MHZ; 2386 + /* 2387 + * Convert 80+80 MHz channel width to new style as interop 2388 + * workaround. 2389 + */ 2390 + vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ; 2381 2391 break; 2382 2392 case NL80211_CHAN_WIDTH_80: 2383 2393 vht_oper->chan_width = IEEE80211_VHT_CHANWIDTH_80MHZ; ··· 2406 2390 return pos + sizeof(struct ieee80211_vht_operation); 2407 2391 } 2408 2392 2409 - void ieee80211_ht_oper_to_chandef(struct ieee80211_channel *control_chan, 2410 - const struct ieee80211_ht_operation *ht_oper, 2411 - struct cfg80211_chan_def *chandef) 2393 + bool ieee80211_chandef_ht_oper(const struct ieee80211_ht_operation *ht_oper, 2394 + struct cfg80211_chan_def *chandef) 2412 2395 { 2413 2396 enum nl80211_channel_type channel_type; 2414 2397 2415 - if (!ht_oper) { 2416 - cfg80211_chandef_create(chandef, control_chan, 2417 - NL80211_CHAN_NO_HT); 2418 - return; 2419 - } 2398 + if (!ht_oper) 2399 + return false; 2420 2400 2421 2401 switch (ht_oper->ht_param & IEEE80211_HT_PARAM_CHA_SEC_OFFSET) { 2422 2402 case IEEE80211_HT_PARAM_CHA_SEC_NONE: ··· 2426 2414 break; 2427 2415 default: 2428 2416 channel_type = NL80211_CHAN_NO_HT; 2417 + return false; 2429 2418 } 2430 2419 2431 - cfg80211_chandef_create(chandef, control_chan, channel_type); 2420 + cfg80211_chandef_create(chandef, chandef->chan, channel_type); 2421 + return true; 2432 2422 } 2433 2423 2434 - void ieee80211_vht_oper_to_chandef(struct ieee80211_channel *control_chan, 2435 - const struct ieee80211_vht_operation *oper, 2436 - struct cfg80211_chan_def *chandef) 2424 + bool ieee80211_chandef_vht_oper(const struct ieee80211_vht_operation *oper, 2425 + struct cfg80211_chan_def *chandef) 2437 2426 { 2438 - if (!oper) 2439 - return; 2427 + struct cfg80211_chan_def new = *chandef; 2428 + int cf1, cf2; 2440 2429 2441 - chandef->chan = control_chan; 2430 + if (!oper) 2431 + return false; 2432 + 2433 + cf1 = ieee80211_channel_to_frequency(oper->center_freq_seg1_idx, 2434 + chandef->chan->band); 2435 + cf2 = ieee80211_channel_to_frequency(oper->center_freq_seg2_idx, 2436 + chandef->chan->band); 2442 2437 2443 2438 switch (oper->chan_width) { 2444 2439 case IEEE80211_VHT_CHANWIDTH_USE_HT: 2445 2440 break; 2446 2441 case IEEE80211_VHT_CHANWIDTH_80MHZ: 2447 - chandef->width = NL80211_CHAN_WIDTH_80; 2442 + new.width = NL80211_CHAN_WIDTH_80; 2443 + new.center_freq1 = cf1; 2444 + /* If needed, adjust based on the newer interop workaround. */ 2445 + if (oper->center_freq_seg2_idx) { 2446 + unsigned int diff; 2447 + 2448 + diff = abs(oper->center_freq_seg2_idx - 2449 + oper->center_freq_seg1_idx); 2450 + if (diff == 8) { 2451 + new.width = NL80211_CHAN_WIDTH_160; 2452 + new.center_freq1 = cf2; 2453 + } else if (diff > 8) { 2454 + new.width = NL80211_CHAN_WIDTH_80P80; 2455 + new.center_freq2 = cf2; 2456 + } 2457 + } 2448 2458 break; 2449 2459 case IEEE80211_VHT_CHANWIDTH_160MHZ: 2450 - chandef->width = NL80211_CHAN_WIDTH_160; 2460 + new.width = NL80211_CHAN_WIDTH_160; 2461 + new.center_freq1 = cf1; 2451 2462 break; 2452 2463 case IEEE80211_VHT_CHANWIDTH_80P80MHZ: 2453 - chandef->width = NL80211_CHAN_WIDTH_80P80; 2464 + new.width = NL80211_CHAN_WIDTH_80P80; 2465 + new.center_freq1 = cf1; 2466 + new.center_freq2 = cf2; 2454 2467 break; 2455 2468 default: 2456 - break; 2469 + return false; 2457 2470 } 2458 2471 2459 - chandef->center_freq1 = 2460 - ieee80211_channel_to_frequency(oper->center_freq_seg1_idx, 2461 - control_chan->band); 2462 - chandef->center_freq2 = 2463 - ieee80211_channel_to_frequency(oper->center_freq_seg2_idx, 2464 - control_chan->band); 2472 + if (!cfg80211_chandef_valid(&new)) 2473 + return false; 2474 + 2475 + *chandef = new; 2476 + return true; 2465 2477 } 2466 2478 2467 2479 int ieee80211_parse_bitrates(struct cfg80211_chan_def *chandef, ··· 2708 2672 sband = local->hw.wiphy->bands[status->band]; 2709 2673 bitrate = sband->bitrates[status->rate_idx].bitrate; 2710 2674 ri.legacy = DIV_ROUND_UP(bitrate, (1 << shift)); 2675 + 2676 + if (status->flag & RX_FLAG_MACTIME_PLCP_START) { 2677 + /* TODO: handle HT/VHT preambles */ 2678 + if (status->band == IEEE80211_BAND_5GHZ) { 2679 + ts += 20 << shift; 2680 + mpdu_offset += 2; 2681 + } else if (status->flag & RX_FLAG_SHORTPRE) { 2682 + ts += 96; 2683 + } else { 2684 + ts += 192; 2685 + } 2686 + } 2711 2687 } 2712 2688 2713 2689 rate = cfg80211_calculate_bitrate(&ri); ··· 3405 3357 txqi->txq.ac = IEEE80211_AC_BE; 3406 3358 } 3407 3359 } 3360 + 3361 + void ieee80211_txq_get_depth(struct ieee80211_txq *txq, 3362 + unsigned long *frame_cnt, 3363 + unsigned long *byte_cnt) 3364 + { 3365 + struct txq_info *txqi = to_txq_info(txq); 3366 + 3367 + if (frame_cnt) 3368 + *frame_cnt = txqi->queue.qlen; 3369 + 3370 + if (byte_cnt) 3371 + *byte_cnt = txqi->byte_cnt; 3372 + } 3373 + EXPORT_SYMBOL(ieee80211_txq_get_depth);

+57

net/mac80211/vht.c

··· 1 1 /* 2 2 * VHT handling 3 3 * 4 + * Portions of this file 5 + * Copyright(c) 2015 - 2016 Intel Deutschland GmbH 6 + * 4 7 * This program is free software; you can redistribute it and/or modify 5 8 * it under the terms of the GNU General Public License version 2 as 6 9 * published by the Free Software Foundation. ··· 281 278 } 282 279 283 280 sta->sta.bandwidth = ieee80211_sta_cur_vht_bw(sta); 281 + 282 + /* If HT IE reported 3839 bytes only, stay with that size. */ 283 + if (sta->sta.max_amsdu_len == IEEE80211_MAX_MPDU_LEN_HT_3839) 284 + return; 285 + 286 + switch (vht_cap->cap & IEEE80211_VHT_CAP_MAX_MPDU_MASK) { 287 + case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454: 288 + sta->sta.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_11454; 289 + break; 290 + case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991: 291 + sta->sta.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_7991; 292 + break; 293 + case IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895: 294 + default: 295 + sta->sta.max_amsdu_len = IEEE80211_MAX_MPDU_LEN_VHT_3895; 296 + break; 297 + } 284 298 } 285 299 286 300 enum ieee80211_sta_rx_bandwidth ieee80211_sta_cap_rx_bw(struct sta_info *sta) ··· 444 424 445 425 return changed; 446 426 } 427 + 428 + void ieee80211_process_mu_groups(struct ieee80211_sub_if_data *sdata, 429 + struct ieee80211_mgmt *mgmt) 430 + { 431 + struct ieee80211_bss_conf *bss_conf = &sdata->vif.bss_conf; 432 + 433 + if (!sdata->vif.mu_mimo_owner) 434 + return; 435 + 436 + if (!memcmp(mgmt->u.action.u.vht_group_notif.position, 437 + bss_conf->mu_group.position, WLAN_USER_POSITION_LEN) && 438 + !memcmp(mgmt->u.action.u.vht_group_notif.membership, 439 + bss_conf->mu_group.membership, WLAN_MEMBERSHIP_LEN)) 440 + return; 441 + 442 + memcpy(bss_conf->mu_group.membership, 443 + mgmt->u.action.u.vht_group_notif.membership, 444 + WLAN_MEMBERSHIP_LEN); 445 + memcpy(bss_conf->mu_group.position, 446 + mgmt->u.action.u.vht_group_notif.position, 447 + WLAN_USER_POSITION_LEN); 448 + 449 + ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_MU_GROUPS); 450 + } 451 + 452 + void ieee80211_update_mu_groups(struct ieee80211_vif *vif, 453 + const u8 *membership, const u8 *position) 454 + { 455 + struct ieee80211_bss_conf *bss_conf = &vif->bss_conf; 456 + 457 + if (WARN_ON_ONCE(!vif->mu_mimo_owner)) 458 + return; 459 + 460 + memcpy(bss_conf->mu_group.membership, membership, WLAN_MEMBERSHIP_LEN); 461 + memcpy(bss_conf->mu_group.position, position, WLAN_USER_POSITION_LEN); 462 + } 463 + EXPORT_SYMBOL_GPL(ieee80211_update_mu_groups); 447 464 448 465 void ieee80211_vht_handle_opmode(struct ieee80211_sub_if_data *sdata, 449 466 struct sta_info *sta, u8 opmode,

+4 -7

net/mac80211/wpa.c

··· 1 1 /* 2 2 * Copyright 2002-2004, Instant802 Networks, Inc. 3 3 * Copyright 2008, Jouni Malinen <j@w1.fi> 4 + * Copyright (C) 2016 Intel Deutschland GmbH 4 5 * 5 6 * This program is free software; you can redistribute it and/or modify 6 7 * it under the terms of the GNU General Public License version 2 as ··· 184 183 return RX_DROP_UNUSABLE; 185 184 } 186 185 187 - 188 186 static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb) 189 187 { 190 188 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; ··· 191 191 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 192 192 unsigned int hdrlen; 193 193 int len, tail; 194 + u64 pn; 194 195 u8 *pos; 195 196 196 197 if (info->control.hw_key && ··· 223 222 return 0; 224 223 225 224 /* Increase IV for the frame */ 226 - spin_lock(&key->u.tkip.txlock); 227 - key->u.tkip.tx.iv16++; 228 - if (key->u.tkip.tx.iv16 == 0) 229 - key->u.tkip.tx.iv32++; 230 - pos = ieee80211_tkip_add_iv(pos, key); 231 - spin_unlock(&key->u.tkip.txlock); 225 + pn = atomic64_inc_return(&key->conf.tx_pn); 226 + pos = ieee80211_tkip_add_iv(pos, &key->conf, pn); 232 227 233 228 /* hwaccel - with software IV */ 234 229 if (info->control.hw_key)

+1 -2

net/rfkill/Kconfig

··· 41 41 default n 42 42 help 43 43 If you say yes here you get support of a generic gpio RFKILL 44 - driver. The platform should fill in the appropriate fields in the 45 - rfkill_gpio_platform_data structure and pass that to the driver. 44 + driver.

+81 -91

net/rfkill/core.c

··· 57 57 58 58 bool registered; 59 59 bool persistent; 60 + bool polling_paused; 61 + bool suspended; 60 62 61 63 const struct rfkill_ops *ops; 62 64 void *data; ··· 235 233 rfkill_send_events(rfkill, RFKILL_OP_CHANGE); 236 234 } 237 235 238 - static bool __rfkill_set_hw_state(struct rfkill *rfkill, 239 - bool blocked, bool *change) 240 - { 241 - unsigned long flags; 242 - bool prev, any; 243 - 244 - BUG_ON(!rfkill); 245 - 246 - spin_lock_irqsave(&rfkill->lock, flags); 247 - prev = !!(rfkill->state & RFKILL_BLOCK_HW); 248 - if (blocked) 249 - rfkill->state |= RFKILL_BLOCK_HW; 250 - else 251 - rfkill->state &= ~RFKILL_BLOCK_HW; 252 - *change = prev != blocked; 253 - any = !!(rfkill->state & RFKILL_BLOCK_ANY); 254 - spin_unlock_irqrestore(&rfkill->lock, flags); 255 - 256 - rfkill_led_trigger_event(rfkill); 257 - 258 - return any; 259 - } 260 - 261 236 /** 262 237 * rfkill_set_block - wrapper for set_block method 263 238 * ··· 264 285 spin_lock_irqsave(&rfkill->lock, flags); 265 286 prev = rfkill->state & RFKILL_BLOCK_SW; 266 287 267 - if (rfkill->state & RFKILL_BLOCK_SW) 288 + if (prev) 268 289 rfkill->state |= RFKILL_BLOCK_SW_PREV; 269 290 else 270 291 rfkill->state &= ~RFKILL_BLOCK_SW_PREV; ··· 282 303 spin_lock_irqsave(&rfkill->lock, flags); 283 304 if (err) { 284 305 /* 285 - * Failed -- reset status to _prev, this may be different 286 - * from what set set _PREV to earlier in this function 306 + * Failed -- reset status to _PREV, which may be different 307 + * from what we have set _PREV to earlier in this function 287 308 * if rfkill_set_sw_state was invoked. 288 309 */ 289 310 if (rfkill->state & RFKILL_BLOCK_SW_PREV) ··· 302 323 rfkill_event(rfkill); 303 324 } 304 325 326 + static void rfkill_update_global_state(enum rfkill_type type, bool blocked) 327 + { 328 + int i; 329 + 330 + if (type != RFKILL_TYPE_ALL) { 331 + rfkill_global_states[type].cur = blocked; 332 + return; 333 + } 334 + 335 + for (i = 0; i < NUM_RFKILL_TYPES; i++) 336 + rfkill_global_states[i].cur = blocked; 337 + } 338 + 305 339 #ifdef CONFIG_RFKILL_INPUT 306 340 static atomic_t rfkill_input_disabled = ATOMIC_INIT(0); 307 341 ··· 324 332 * @blocked: the new state 325 333 * 326 334 * This function sets the state of all switches of given type, 327 - * unless a specific switch is claimed by userspace (in which case, 328 - * that switch is left alone) or suspended. 335 + * unless a specific switch is suspended. 329 336 * 330 337 * Caller must have acquired rfkill_global_mutex. 331 338 */ ··· 332 341 { 333 342 struct rfkill *rfkill; 334 343 335 - if (type == RFKILL_TYPE_ALL) { 336 - int i; 337 - 338 - for (i = 0; i < NUM_RFKILL_TYPES; i++) 339 - rfkill_global_states[i].cur = blocked; 340 - } else { 341 - rfkill_global_states[type].cur = blocked; 342 - } 343 - 344 + rfkill_update_global_state(type, blocked); 344 345 list_for_each_entry(rfkill, &rfkill_list, node) { 345 346 if (rfkill->type != type && type != RFKILL_TYPE_ALL) 346 347 continue; ··· 460 477 } 461 478 #endif 462 479 463 - 464 480 bool rfkill_set_hw_state(struct rfkill *rfkill, bool blocked) 465 481 { 466 - bool ret, change; 482 + unsigned long flags; 483 + bool ret, prev; 467 484 468 - ret = __rfkill_set_hw_state(rfkill, blocked, &change); 485 + BUG_ON(!rfkill); 486 + 487 + spin_lock_irqsave(&rfkill->lock, flags); 488 + prev = !!(rfkill->state & RFKILL_BLOCK_HW); 489 + if (blocked) 490 + rfkill->state |= RFKILL_BLOCK_HW; 491 + else 492 + rfkill->state &= ~RFKILL_BLOCK_HW; 493 + ret = !!(rfkill->state & RFKILL_BLOCK_ANY); 494 + spin_unlock_irqrestore(&rfkill->lock, flags); 495 + 496 + rfkill_led_trigger_event(rfkill); 469 497 470 498 if (!rfkill->registered) 471 499 return ret; 472 500 473 - if (change) 501 + if (prev != blocked) 474 502 schedule_work(&rfkill->uevent_work); 475 503 476 504 return ret; ··· 576 582 } 577 583 EXPORT_SYMBOL(rfkill_set_states); 578 584 585 + static const char * const rfkill_types[] = { 586 + NULL, /* RFKILL_TYPE_ALL */ 587 + "wlan", 588 + "bluetooth", 589 + "ultrawideband", 590 + "wimax", 591 + "wwan", 592 + "gps", 593 + "fm", 594 + "nfc", 595 + }; 596 + 597 + enum rfkill_type rfkill_find_type(const char *name) 598 + { 599 + int i; 600 + 601 + BUILD_BUG_ON(ARRAY_SIZE(rfkill_types) != NUM_RFKILL_TYPES); 602 + 603 + if (!name) 604 + return RFKILL_TYPE_ALL; 605 + 606 + for (i = 1; i < NUM_RFKILL_TYPES; i++) 607 + if (!strcmp(name, rfkill_types[i])) 608 + return i; 609 + return RFKILL_TYPE_ALL; 610 + } 611 + EXPORT_SYMBOL(rfkill_find_type); 612 + 579 613 static ssize_t name_show(struct device *dev, struct device_attribute *attr, 580 614 char *buf) 581 615 { ··· 613 591 } 614 592 static DEVICE_ATTR_RO(name); 615 593 616 - static const char *rfkill_get_type_str(enum rfkill_type type) 617 - { 618 - BUILD_BUG_ON(NUM_RFKILL_TYPES != RFKILL_TYPE_NFC + 1); 619 - 620 - switch (type) { 621 - case RFKILL_TYPE_WLAN: 622 - return "wlan"; 623 - case RFKILL_TYPE_BLUETOOTH: 624 - return "bluetooth"; 625 - case RFKILL_TYPE_UWB: 626 - return "ultrawideband"; 627 - case RFKILL_TYPE_WIMAX: 628 - return "wimax"; 629 - case RFKILL_TYPE_WWAN: 630 - return "wwan"; 631 - case RFKILL_TYPE_GPS: 632 - return "gps"; 633 - case RFKILL_TYPE_FM: 634 - return "fm"; 635 - case RFKILL_TYPE_NFC: 636 - return "nfc"; 637 - default: 638 - BUG(); 639 - } 640 - } 641 - 642 594 static ssize_t type_show(struct device *dev, struct device_attribute *attr, 643 595 char *buf) 644 596 { 645 597 struct rfkill *rfkill = to_rfkill(dev); 646 598 647 - return sprintf(buf, "%s\n", rfkill_get_type_str(rfkill->type)); 599 + return sprintf(buf, "%s\n", rfkill_types[rfkill->type]); 648 600 } 649 601 static DEVICE_ATTR_RO(type); 650 602 ··· 726 730 } 727 731 static DEVICE_ATTR_RW(state); 728 732 729 - static ssize_t claim_show(struct device *dev, struct device_attribute *attr, 730 - char *buf) 731 - { 732 - return sprintf(buf, "%d\n", 0); 733 - } 734 - static DEVICE_ATTR_RO(claim); 735 - 736 733 static struct attribute *rfkill_dev_attrs[] = { 737 734 &dev_attr_name.attr, 738 735 &dev_attr_type.attr, 739 736 &dev_attr_index.attr, 740 737 &dev_attr_persistent.attr, 741 738 &dev_attr_state.attr, 742 - &dev_attr_claim.attr, 743 739 &dev_attr_soft.attr, 744 740 &dev_attr_hard.attr, 745 741 NULL, ··· 756 768 if (error) 757 769 return error; 758 770 error = add_uevent_var(env, "RFKILL_TYPE=%s", 759 - rfkill_get_type_str(rfkill->type)); 771 + rfkill_types[rfkill->type]); 760 772 if (error) 761 773 return error; 762 774 spin_lock_irqsave(&rfkill->lock, flags); ··· 774 786 if (!rfkill->ops->poll) 775 787 return; 776 788 789 + rfkill->polling_paused = true; 777 790 cancel_delayed_work_sync(&rfkill->poll_work); 778 791 } 779 792 EXPORT_SYMBOL(rfkill_pause_polling); ··· 784 795 BUG_ON(!rfkill); 785 796 786 797 if (!rfkill->ops->poll) 798 + return; 799 + 800 + rfkill->polling_paused = false; 801 + 802 + if (rfkill->suspended) 787 803 return; 788 804 789 805 queue_delayed_work(system_power_efficient_wq, ··· 801 807 { 802 808 struct rfkill *rfkill = to_rfkill(dev); 803 809 804 - rfkill_pause_polling(rfkill); 810 + rfkill->suspended = true; 811 + cancel_delayed_work_sync(&rfkill->poll_work); 805 812 806 813 return 0; 807 814 } ··· 812 817 struct rfkill *rfkill = to_rfkill(dev); 813 818 bool cur; 814 819 820 + rfkill->suspended = false; 821 + 815 822 if (!rfkill->persistent) { 816 823 cur = !!(rfkill->state & RFKILL_BLOCK_SW); 817 824 rfkill_set_block(rfkill, cur); 818 825 } 819 826 820 - rfkill_resume_polling(rfkill); 827 + if (rfkill->ops->poll && !rfkill->polling_paused) 828 + queue_delayed_work(system_power_efficient_wq, 829 + &rfkill->poll_work, 0); 821 830 822 831 return 0; 823 832 } ··· 1163 1164 1164 1165 mutex_lock(&rfkill_global_mutex); 1165 1166 1166 - if (ev.op == RFKILL_OP_CHANGE_ALL) { 1167 - if (ev.type == RFKILL_TYPE_ALL) { 1168 - enum rfkill_type i; 1169 - for (i = 0; i < NUM_RFKILL_TYPES; i++) 1170 - rfkill_global_states[i].cur = ev.soft; 1171 - } else { 1172 - rfkill_global_states[ev.type].cur = ev.soft; 1173 - } 1174 - } 1167 + if (ev.op == RFKILL_OP_CHANGE_ALL) 1168 + rfkill_update_global_state(ev.type, ev.soft); 1175 1169 1176 1170 list_for_each_entry(rfkill, &rfkill_list, node) { 1177 1171 if (rfkill->idx != ev.idx && ev.op != RFKILL_OP_CHANGE_ALL) ··· 1253 1261 static int __init rfkill_init(void) 1254 1262 { 1255 1263 int error; 1256 - int i; 1257 1264 1258 - for (i = 0; i < NUM_RFKILL_TYPES; i++) 1259 - rfkill_global_states[i].cur = !rfkill_default_state; 1265 + rfkill_update_global_state(RFKILL_TYPE_ALL, !rfkill_default_state); 1260 1266 1261 1267 error = class_register(&rfkill_class); 1262 1268 if (error)

+11 -13

net/rfkill/rfkill-gpio.c

··· 27 27 #include <linux/acpi.h> 28 28 #include <linux/gpio/consumer.h> 29 29 30 - #include <linux/rfkill-gpio.h> 31 - 32 30 struct rfkill_gpio_data { 33 31 const char *name; 34 32 enum rfkill_type type; ··· 79 81 if (!id) 80 82 return -ENODEV; 81 83 82 - rfkill->name = dev_name(dev); 83 84 rfkill->type = (unsigned)id->driver_data; 84 85 85 86 return acpi_dev_add_driver_gpios(ACPI_COMPANION(dev), ··· 87 90 88 91 static int rfkill_gpio_probe(struct platform_device *pdev) 89 92 { 90 - struct rfkill_gpio_platform_data *pdata = pdev->dev.platform_data; 91 93 struct rfkill_gpio_data *rfkill; 92 94 struct gpio_desc *gpio; 95 + const char *type_name; 93 96 int ret; 94 97 95 98 rfkill = devm_kzalloc(&pdev->dev, sizeof(*rfkill), GFP_KERNEL); 96 99 if (!rfkill) 97 100 return -ENOMEM; 98 101 102 + device_property_read_string(&pdev->dev, "name", &rfkill->name); 103 + device_property_read_string(&pdev->dev, "type", &type_name); 104 + 105 + if (!rfkill->name) 106 + rfkill->name = dev_name(&pdev->dev); 107 + 108 + rfkill->type = rfkill_find_type(type_name); 109 + 99 110 if (ACPI_HANDLE(&pdev->dev)) { 100 111 ret = rfkill_gpio_acpi_probe(&pdev->dev, rfkill); 101 112 if (ret) 102 113 return ret; 103 - } else if (pdata) { 104 - rfkill->name = pdata->name; 105 - rfkill->type = pdata->type; 106 - } else { 107 - return -ENODEV; 108 114 } 109 115 110 116 rfkill->clk = devm_clk_get(&pdev->dev, NULL); ··· 124 124 125 125 rfkill->shutdown_gpio = gpio; 126 126 127 - /* Make sure at-least one of the GPIO is defined and that 128 - * a name is specified for this instance 129 - */ 130 - if ((!rfkill->reset_gpio && !rfkill->shutdown_gpio) || !rfkill->name) { 127 + /* Make sure at-least one GPIO is defined for this instance */ 128 + if (!rfkill->reset_gpio && !rfkill->shutdown_gpio) { 131 129 dev_err(&pdev->dev, "invalid platform data\n"); 132 130 return -EINVAL; 133 131 }

+6 -19

net/wireless/Kconfig

··· 50 50 default n 51 51 help 52 52 This option enables some additional warnings that help 53 - cfg80211 developers and driver developers, but that can 54 - trigger due to races with userspace. 53 + cfg80211 developers and driver developers, but beware that 54 + they can also trigger due to races with userspace. 55 55 56 56 For example, when a driver reports that it was disconnected 57 57 from the AP, but the user disconnects manually at the same ··· 60 60 Say Y only if you are developing cfg80211 or a driver based 61 61 on it (or mac80211). 62 62 63 - 64 - config CFG80211_REG_DEBUG 65 - bool "cfg80211 regulatory debugging" 66 - depends on CFG80211 67 - default n 68 - ---help--- 69 - You can enable this if you want to debug regulatory changes. 70 - For more information on cfg80211 regulatory refer to the wireless 71 - wiki: 72 - 73 - http://wireless.kernel.org/en/developers/Regulatory 74 - 75 - If unsure, say N. 76 63 77 64 config CFG80211_CERTIFICATION_ONUS 78 65 bool "cfg80211 certification onus" ··· 110 123 interface which associated to an AP which userspace assumes or confirms 111 124 to be an authorized master, i.e., with radar detection support and DFS 112 125 capabilities. However, note that in order to not create daisy chain 113 - scenarios, this relaxation is not allowed in cases that the BSS client 126 + scenarios, this relaxation is not allowed in cases where the BSS client 114 127 is associated to P2P GO and in addition the P2P GO instantiated on 115 128 a channel due to this relaxation should not allow connection from 116 129 non P2P clients. ··· 135 148 depends on CFG80211 136 149 depends on DEBUG_FS 137 150 ---help--- 138 - You can enable this if you want to debugfs entries for cfg80211. 151 + You can enable this if you want debugfs entries for cfg80211. 139 152 140 153 If unsure, say N. 141 154 ··· 146 159 ---help--- 147 160 This option generates an internal data structure representing 148 161 the wireless regulatory rules described in net/wireless/db.txt 149 - and includes code to query that database. This is an alternative 162 + and includes code to query that database. This is an alternative 150 163 to using CRDA for defining regulatory rules for the kernel. 151 164 152 165 Using this option requires some parsing of the db.txt at build time, ··· 159 172 160 173 http://wireless.kernel.org/en/developers/Regulatory 161 174 162 - Most distributions have a CRDA package. So if unsure, say N. 175 + Most distributions have a CRDA package. So if unsure, say N. 163 176 164 177 config CFG80211_CRDA_SUPPORT 165 178 bool "support CRDA" if CFG80211_INTERNAL_REGDB

+10

net/wireless/core.c

··· 352 352 WARN_ON(ops->add_station && !ops->del_station); 353 353 WARN_ON(ops->add_mpath && !ops->del_mpath); 354 354 WARN_ON(ops->join_mesh && !ops->leave_mesh); 355 + WARN_ON(ops->start_p2p_device && !ops->stop_p2p_device); 356 + WARN_ON(ops->start_ap && !ops->stop_ap); 357 + WARN_ON(ops->join_ocb && !ops->leave_ocb); 358 + WARN_ON(ops->suspend && !ops->resume); 359 + WARN_ON(ops->sched_scan_start && !ops->sched_scan_stop); 360 + WARN_ON(ops->remain_on_channel && !ops->cancel_remain_on_channel); 361 + WARN_ON(ops->tdls_channel_switch && !ops->tdls_cancel_channel_switch); 362 + WARN_ON(ops->add_tx_ts && !ops->del_tx_ts); 363 + WARN_ON(ops->set_tx_power && !ops->get_tx_power); 364 + WARN_ON(ops->set_antenna && !ops->get_antenna); 355 365 356 366 alloc_size = sizeof(*rdev) + sizeof_priv; 357 367

+1 -2

net/wireless/mlme.c

··· 711 711 712 712 void cfg80211_dfs_channels_update_work(struct work_struct *work) 713 713 { 714 - struct delayed_work *delayed_work; 714 + struct delayed_work *delayed_work = to_delayed_work(work); 715 715 struct cfg80211_registered_device *rdev; 716 716 struct cfg80211_chan_def chandef; 717 717 struct ieee80211_supported_band *sband; ··· 721 721 unsigned long timeout, next_time = 0; 722 722 int bandid, i; 723 723 724 - delayed_work = container_of(work, struct delayed_work, work); 725 724 rdev = container_of(delayed_work, struct cfg80211_registered_device, 726 725 dfs_update_channels_wk); 727 726 wiphy = &rdev->wiphy;

+22 -7

net/wireless/nl80211.c

··· 3 3 * 4 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 5 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 - * Copyright 2015 Intel Deutschland GmbH 6 + * Copyright 2015-2016 Intel Deutschland GmbH 7 7 */ 8 8 9 9 #include <linux/if.h> ··· 401 401 [NL80211_ATTR_NETNS_FD] = { .type = NLA_U32 }, 402 402 [NL80211_ATTR_SCHED_SCAN_DELAY] = { .type = NLA_U32 }, 403 403 [NL80211_ATTR_REG_INDOOR] = { .type = NLA_FLAG }, 404 + [NL80211_ATTR_PBSS] = { .type = NLA_FLAG }, 404 405 }; 405 406 406 407 /* policy for the key attributes */ ··· 3461 3460 if (IS_ERR(params.acl)) 3462 3461 return PTR_ERR(params.acl); 3463 3462 } 3463 + 3464 + params.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 3465 + if (params.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ]) 3466 + return -EOPNOTSUPP; 3464 3467 3465 3468 wdev_lock(wdev); 3466 3469 err = rdev_start_ap(rdev, dev, &params); ··· 7286 7281 } 7287 7282 7288 7283 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 7289 - if (!(rdev->wiphy.features & 7290 - NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) || 7291 - !(rdev->wiphy.features & NL80211_FEATURE_QUIET)) 7284 + if (!((rdev->wiphy.features & 7285 + NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 7286 + (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 7287 + !wiphy_ext_feature_isset(&rdev->wiphy, 7288 + NL80211_EXT_FEATURE_RRM)) 7292 7289 return -EINVAL; 7293 7290 req.flags |= ASSOC_REQ_USE_RRM; 7294 7291 } ··· 7978 7971 } 7979 7972 7980 7973 if (nla_get_flag(info->attrs[NL80211_ATTR_USE_RRM])) { 7981 - if (!(rdev->wiphy.features & 7982 - NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) || 7983 - !(rdev->wiphy.features & NL80211_FEATURE_QUIET)) { 7974 + if (!((rdev->wiphy.features & 7975 + NL80211_FEATURE_DS_PARAM_SET_IE_IN_PROBES) && 7976 + (rdev->wiphy.features & NL80211_FEATURE_QUIET)) && 7977 + !wiphy_ext_feature_isset(&rdev->wiphy, 7978 + NL80211_EXT_FEATURE_RRM)) { 7984 7979 kzfree(connkeys); 7985 7980 return -EINVAL; 7986 7981 } 7987 7982 connect.flags |= ASSOC_REQ_USE_RRM; 7983 + } 7984 + 7985 + connect.pbss = nla_get_flag(info->attrs[NL80211_ATTR_PBSS]); 7986 + if (connect.pbss && !rdev->wiphy.bands[IEEE80211_BAND_60GHZ]) { 7987 + kzfree(connkeys); 7988 + return -EOPNOTSUPP; 7988 7989 } 7989 7990 7990 7991 wdev_lock(dev->ieee80211_ptr);

+1

net/wireless/radiotap.c

··· 43 43 [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, 44 44 [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, }, 45 45 [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, }, 46 + [IEEE80211_RADIOTAP_VHT] = { .align = 2, .size = 12, }, 46 47 /* 47 48 * add more here as they are defined in radiotap.h 48 49 */

+34 -88

net/wireless/reg.c

··· 60 60 #include "regdb.h" 61 61 #include "nl80211.h" 62 62 63 - #ifdef CONFIG_CFG80211_REG_DEBUG 64 - #define REG_DBG_PRINT(format, args...) \ 65 - printk(KERN_DEBUG pr_fmt(format), ##args) 66 - #else 67 - #define REG_DBG_PRINT(args...) 68 - #endif 69 - 70 63 /* 71 64 * Grace period we give before making sure all current interfaces reside on 72 65 * channels allowed by the current regulatory domain. ··· 171 178 if (wiphy_regd->dfs_region == regd->dfs_region) 172 179 goto out; 173 180 174 - REG_DBG_PRINT("%s: device specific dfs_region " 175 - "(%s) disagrees with cfg80211's " 176 - "central dfs_region (%s)\n", 177 - dev_name(&wiphy->dev), 178 - reg_dfs_region_str(wiphy_regd->dfs_region), 179 - reg_dfs_region_str(regd->dfs_region)); 181 + pr_debug("%s: device specific dfs_region (%s) disagrees with cfg80211's central dfs_region (%s)\n", 182 + dev_name(&wiphy->dev), 183 + reg_dfs_region_str(wiphy_regd->dfs_region), 184 + reg_dfs_region_str(regd->dfs_region)); 180 185 181 186 out: 182 187 return regd->dfs_region; ··· 534 543 535 544 static void crda_timeout_work(struct work_struct *work) 536 545 { 537 - REG_DBG_PRINT("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); 546 + pr_debug("Timeout while waiting for CRDA to reply, restoring regulatory settings\n"); 538 547 rtnl_lock(); 539 548 reg_crda_timeouts++; 540 549 restore_regulatory_settings(true); ··· 576 585 577 586 if (!is_world_regdom((char *) alpha2)) 578 587 pr_debug("Calling CRDA for country: %c%c\n", 579 - alpha2[0], alpha2[1]); 588 + alpha2[0], alpha2[1]); 580 589 else 581 590 pr_debug("Calling CRDA to update world regulatory domain\n"); 582 591 ··· 1123 1132 } 1124 1133 EXPORT_SYMBOL(reg_initiator_name); 1125 1134 1126 - static void chan_reg_rule_print_dbg(const struct ieee80211_regdomain *regd, 1127 - struct ieee80211_channel *chan, 1128 - const struct ieee80211_reg_rule *reg_rule) 1129 - { 1130 - #ifdef CONFIG_CFG80211_REG_DEBUG 1131 - const struct ieee80211_power_rule *power_rule; 1132 - const struct ieee80211_freq_range *freq_range; 1133 - char max_antenna_gain[32], bw[32]; 1134 - 1135 - power_rule = &reg_rule->power_rule; 1136 - freq_range = &reg_rule->freq_range; 1137 - 1138 - if (!power_rule->max_antenna_gain) 1139 - snprintf(max_antenna_gain, sizeof(max_antenna_gain), "N/A"); 1140 - else 1141 - snprintf(max_antenna_gain, sizeof(max_antenna_gain), "%d mBi", 1142 - power_rule->max_antenna_gain); 1143 - 1144 - if (reg_rule->flags & NL80211_RRF_AUTO_BW) 1145 - snprintf(bw, sizeof(bw), "%d KHz, %d KHz AUTO", 1146 - freq_range->max_bandwidth_khz, 1147 - reg_get_max_bandwidth(regd, reg_rule)); 1148 - else 1149 - snprintf(bw, sizeof(bw), "%d KHz", 1150 - freq_range->max_bandwidth_khz); 1151 - 1152 - REG_DBG_PRINT("Updating information on frequency %d MHz with regulatory rule:\n", 1153 - chan->center_freq); 1154 - 1155 - REG_DBG_PRINT("(%d KHz - %d KHz @ %s), (%s, %d mBm)\n", 1156 - freq_range->start_freq_khz, freq_range->end_freq_khz, 1157 - bw, max_antenna_gain, 1158 - power_rule->max_eirp); 1159 - #endif 1160 - } 1161 - 1162 1135 static uint32_t reg_rule_to_chan_bw_flags(const struct ieee80211_regdomain *regd, 1163 1136 const struct ieee80211_reg_rule *reg_rule, 1164 1137 const struct ieee80211_channel *chan) ··· 1197 1242 if (lr->initiator == NL80211_REGDOM_SET_BY_DRIVER && 1198 1243 request_wiphy && request_wiphy == wiphy && 1199 1244 request_wiphy->regulatory_flags & REGULATORY_STRICT_REG) { 1200 - REG_DBG_PRINT("Disabling freq %d MHz for good\n", 1201 - chan->center_freq); 1245 + pr_debug("Disabling freq %d MHz for good\n", 1246 + chan->center_freq); 1202 1247 chan->orig_flags |= IEEE80211_CHAN_DISABLED; 1203 1248 chan->flags = chan->orig_flags; 1204 1249 } else { 1205 - REG_DBG_PRINT("Disabling freq %d MHz\n", 1206 - chan->center_freq); 1250 + pr_debug("Disabling freq %d MHz\n", 1251 + chan->center_freq); 1207 1252 chan->flags |= IEEE80211_CHAN_DISABLED; 1208 1253 } 1209 1254 return; 1210 1255 } 1211 1256 1212 1257 regd = reg_get_regdomain(wiphy); 1213 - chan_reg_rule_print_dbg(regd, chan, reg_rule); 1214 1258 1215 1259 power_rule = &reg_rule->power_rule; 1216 1260 bw_flags = reg_rule_to_chan_bw_flags(regd, reg_rule, chan); ··· 1347 1393 return true; 1348 1394 1349 1395 if (!lr) { 1350 - REG_DBG_PRINT("Ignoring regulatory request set by %s " 1351 - "since last_request is not set\n", 1352 - reg_initiator_name(initiator)); 1396 + pr_debug("Ignoring regulatory request set by %s since last_request is not set\n", 1397 + reg_initiator_name(initiator)); 1353 1398 return true; 1354 1399 } 1355 1400 1356 1401 if (initiator == NL80211_REGDOM_SET_BY_CORE && 1357 1402 wiphy->regulatory_flags & REGULATORY_CUSTOM_REG) { 1358 - REG_DBG_PRINT("Ignoring regulatory request set by %s " 1359 - "since the driver uses its own custom " 1360 - "regulatory domain\n", 1361 - reg_initiator_name(initiator)); 1403 + pr_debug("Ignoring regulatory request set by %s since the driver uses its own custom regulatory domain\n", 1404 + reg_initiator_name(initiator)); 1362 1405 return true; 1363 1406 } 1364 1407 ··· 1366 1415 if (wiphy_strict_alpha2_regd(wiphy) && !wiphy->regd && 1367 1416 initiator != NL80211_REGDOM_SET_BY_COUNTRY_IE && 1368 1417 !is_world_regdom(lr->alpha2)) { 1369 - REG_DBG_PRINT("Ignoring regulatory request set by %s " 1370 - "since the driver requires its own regulatory " 1371 - "domain to be set first\n", 1372 - reg_initiator_name(initiator)); 1418 + pr_debug("Ignoring regulatory request set by %s since the driver requires its own regulatory domain to be set first\n", 1419 + reg_initiator_name(initiator)); 1373 1420 return true; 1374 1421 } 1375 1422 ··· 1648 1699 { 1649 1700 struct cfg80211_registered_device *rdev; 1650 1701 1651 - REG_DBG_PRINT("Verifying active interfaces after reg change\n"); 1702 + pr_debug("Verifying active interfaces after reg change\n"); 1652 1703 rtnl_lock(); 1653 1704 1654 1705 list_for_each_entry(rdev, &cfg80211_rdev_list, list) ··· 1730 1781 } 1731 1782 1732 1783 if (IS_ERR(reg_rule)) { 1733 - REG_DBG_PRINT("Disabling freq %d MHz as custom regd has no rule that fits it\n", 1734 - chan->center_freq); 1784 + pr_debug("Disabling freq %d MHz as custom regd has no rule that fits it\n", 1785 + chan->center_freq); 1735 1786 if (wiphy->regulatory_flags & REGULATORY_WIPHY_SELF_MANAGED) { 1736 1787 chan->flags |= IEEE80211_CHAN_DISABLED; 1737 1788 } else { ··· 1740 1791 } 1741 1792 return; 1742 1793 } 1743 - 1744 - chan_reg_rule_print_dbg(regd, chan, reg_rule); 1745 1794 1746 1795 power_rule = &reg_rule->power_rule; 1747 1796 bw_flags = reg_rule_to_chan_bw_flags(regd, reg_rule, chan); ··· 2471 2524 if (is_user_regdom_saved()) { 2472 2525 /* Unless we're asked to ignore it and reset it */ 2473 2526 if (reset_user) { 2474 - REG_DBG_PRINT("Restoring regulatory settings including user preference\n"); 2527 + pr_debug("Restoring regulatory settings including user preference\n"); 2475 2528 user_alpha2[0] = '9'; 2476 2529 user_alpha2[1] = '7'; 2477 2530 ··· 2481 2534 * back as they were for a full restore. 2482 2535 */ 2483 2536 if (!is_world_regdom(ieee80211_regdom)) { 2484 - REG_DBG_PRINT("Keeping preference on module parameter ieee80211_regdom: %c%c\n", 2485 - ieee80211_regdom[0], ieee80211_regdom[1]); 2537 + pr_debug("Keeping preference on module parameter ieee80211_regdom: %c%c\n", 2538 + ieee80211_regdom[0], ieee80211_regdom[1]); 2486 2539 alpha2[0] = ieee80211_regdom[0]; 2487 2540 alpha2[1] = ieee80211_regdom[1]; 2488 2541 } 2489 2542 } else { 2490 - REG_DBG_PRINT("Restoring regulatory settings while preserving user preference for: %c%c\n", 2491 - user_alpha2[0], user_alpha2[1]); 2543 + pr_debug("Restoring regulatory settings while preserving user preference for: %c%c\n", 2544 + user_alpha2[0], user_alpha2[1]); 2492 2545 alpha2[0] = user_alpha2[0]; 2493 2546 alpha2[1] = user_alpha2[1]; 2494 2547 } 2495 2548 } else if (!is_world_regdom(ieee80211_regdom)) { 2496 - REG_DBG_PRINT("Keeping preference on module parameter ieee80211_regdom: %c%c\n", 2497 - ieee80211_regdom[0], ieee80211_regdom[1]); 2549 + pr_debug("Keeping preference on module parameter ieee80211_regdom: %c%c\n", 2550 + ieee80211_regdom[0], ieee80211_regdom[1]); 2498 2551 alpha2[0] = ieee80211_regdom[0]; 2499 2552 alpha2[1] = ieee80211_regdom[1]; 2500 2553 } else 2501 - REG_DBG_PRINT("Restoring regulatory settings\n"); 2554 + pr_debug("Restoring regulatory settings\n"); 2502 2555 } 2503 2556 2504 2557 static void restore_custom_reg_settings(struct wiphy *wiphy) ··· 2610 2663 list_splice_tail_init(&tmp_reg_req_list, &reg_requests_list); 2611 2664 spin_unlock(&reg_requests_lock); 2612 2665 2613 - REG_DBG_PRINT("Kicking the queue\n"); 2666 + pr_debug("Kicking the queue\n"); 2614 2667 2615 2668 schedule_work(&reg_work); 2616 2669 } 2617 2670 2618 2671 void regulatory_hint_disconnect(void) 2619 2672 { 2620 - REG_DBG_PRINT("All devices are disconnected, going to restore regulatory settings\n"); 2673 + pr_debug("All devices are disconnected, going to restore regulatory settings\n"); 2621 2674 restore_regulatory_settings(false); 2622 2675 } 2623 2676 ··· 2665 2718 if (!reg_beacon) 2666 2719 return -ENOMEM; 2667 2720 2668 - REG_DBG_PRINT("Found new beacon on frequency: %d MHz (Ch %d) on %s\n", 2669 - beacon_chan->center_freq, 2670 - ieee80211_frequency_to_channel(beacon_chan->center_freq), 2671 - wiphy_name(wiphy)); 2721 + pr_debug("Found new beacon on frequency: %d MHz (Ch %d) on %s\n", 2722 + beacon_chan->center_freq, 2723 + ieee80211_frequency_to_channel(beacon_chan->center_freq), 2724 + wiphy_name(wiphy)); 2672 2725 2673 2726 memcpy(&reg_beacon->chan, beacon_chan, 2674 2727 sizeof(struct ieee80211_channel)); ··· 2747 2800 case NL80211_DFS_JP: 2748 2801 return true; 2749 2802 default: 2750 - REG_DBG_PRINT("Ignoring uknown DFS master region: %d\n", 2751 - dfs_region); 2803 + pr_debug("Ignoring uknown DFS master region: %d\n", dfs_region); 2752 2804 return false; 2753 2805 } 2754 2806 }

+6 -3

net/wireless/sme.c

··· 264 264 wdev->conn->params.bssid, 265 265 wdev->conn->params.ssid, 266 266 wdev->conn->params.ssid_len, 267 - IEEE80211_BSS_TYPE_ESS, 267 + wdev->conn_bss_type, 268 268 IEEE80211_PRIVACY(wdev->conn->params.privacy)); 269 269 if (!bss) 270 270 return NULL; ··· 687 687 WARN_ON_ONCE(!wiphy_to_rdev(wdev->wiphy)->ops->connect); 688 688 bss = cfg80211_get_bss(wdev->wiphy, NULL, bssid, 689 689 wdev->ssid, wdev->ssid_len, 690 - IEEE80211_BSS_TYPE_ESS, 690 + wdev->conn_bss_type, 691 691 IEEE80211_PRIVACY_ANY); 692 692 if (bss) 693 693 cfg80211_hold_bss(bss_from_pub(bss)); ··· 846 846 847 847 bss = cfg80211_get_bss(wdev->wiphy, channel, bssid, wdev->ssid, 848 848 wdev->ssid_len, 849 - IEEE80211_BSS_TYPE_ESS, IEEE80211_PRIVACY_ANY); 849 + wdev->conn_bss_type, IEEE80211_PRIVACY_ANY); 850 850 if (WARN_ON(!bss)) 851 851 return; 852 852 ··· 1016 1016 wdev->connect_keys = connkeys; 1017 1017 memcpy(wdev->ssid, connect->ssid, connect->ssid_len); 1018 1018 wdev->ssid_len = connect->ssid_len; 1019 + 1020 + wdev->conn_bss_type = connect->pbss ? IEEE80211_BSS_TYPE_PBSS : 1021 + IEEE80211_BSS_TYPE_ESS; 1019 1022 1020 1023 if (!rdev->ops->connect) 1021 1024 err = cfg80211_sme_connect(wdev, connect, prev_bssid);

+174 -101

net/wireless/util.c

··· 393 393 } 394 394 EXPORT_SYMBOL(ieee80211_get_hdrlen_from_skb); 395 395 396 - unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) 396 + static unsigned int __ieee80211_get_mesh_hdrlen(u8 flags) 397 397 { 398 - int ae = meshhdr->flags & MESH_FLAGS_AE; 398 + int ae = flags & MESH_FLAGS_AE; 399 399 /* 802.11-2012, 8.2.4.7.3 */ 400 400 switch (ae) { 401 401 default: ··· 407 407 return 18; 408 408 } 409 409 } 410 + 411 + unsigned int ieee80211_get_mesh_hdrlen(struct ieee80211s_hdr *meshhdr) 412 + { 413 + return __ieee80211_get_mesh_hdrlen(meshhdr->flags); 414 + } 410 415 EXPORT_SYMBOL(ieee80211_get_mesh_hdrlen); 411 416 412 - int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, 413 - enum nl80211_iftype iftype) 417 + static int __ieee80211_data_to_8023(struct sk_buff *skb, struct ethhdr *ehdr, 418 + const u8 *addr, enum nl80211_iftype iftype) 414 419 { 415 420 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data; 416 - u16 hdrlen, ethertype; 417 - u8 *payload; 418 - u8 dst[ETH_ALEN]; 419 - u8 src[ETH_ALEN] __aligned(2); 421 + struct { 422 + u8 hdr[ETH_ALEN] __aligned(2); 423 + __be16 proto; 424 + } payload; 425 + struct ethhdr tmp; 426 + u16 hdrlen; 427 + u8 mesh_flags = 0; 420 428 421 429 if (unlikely(!ieee80211_is_data_present(hdr->frame_control))) 422 430 return -1; 423 431 424 432 hdrlen = ieee80211_hdrlen(hdr->frame_control); 433 + if (skb->len < hdrlen + 8) 434 + return -1; 425 435 426 436 /* convert IEEE 802.11 header + possible LLC headers into Ethernet 427 437 * header ··· 442 432 * 1 0 BSSID SA DA n/a 443 433 * 1 1 RA TA DA SA 444 434 */ 445 - memcpy(dst, ieee80211_get_DA(hdr), ETH_ALEN); 446 - memcpy(src, ieee80211_get_SA(hdr), ETH_ALEN); 435 + memcpy(tmp.h_dest, ieee80211_get_DA(hdr), ETH_ALEN); 436 + memcpy(tmp.h_source, ieee80211_get_SA(hdr), ETH_ALEN); 437 + 438 + if (iftype == NL80211_IFTYPE_MESH_POINT) 439 + skb_copy_bits(skb, hdrlen, &mesh_flags, 1); 447 440 448 441 switch (hdr->frame_control & 449 442 cpu_to_le16(IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS)) { ··· 463 450 iftype != NL80211_IFTYPE_STATION)) 464 451 return -1; 465 452 if (iftype == NL80211_IFTYPE_MESH_POINT) { 466 - struct ieee80211s_hdr *meshdr = 467 - (struct ieee80211s_hdr *) (skb->data + hdrlen); 468 - /* make sure meshdr->flags is on the linear part */ 469 - if (!pskb_may_pull(skb, hdrlen + 1)) 453 + if (mesh_flags & MESH_FLAGS_AE_A4) 470 454 return -1; 471 - if (meshdr->flags & MESH_FLAGS_AE_A4) 472 - return -1; 473 - if (meshdr->flags & MESH_FLAGS_AE_A5_A6) { 455 + if (mesh_flags & MESH_FLAGS_AE_A5_A6) { 474 456 skb_copy_bits(skb, hdrlen + 475 457 offsetof(struct ieee80211s_hdr, eaddr1), 476 - dst, ETH_ALEN); 477 - skb_copy_bits(skb, hdrlen + 478 - offsetof(struct ieee80211s_hdr, eaddr2), 479 - src, ETH_ALEN); 458 + tmp.h_dest, 2 * ETH_ALEN); 480 459 } 481 - hdrlen += ieee80211_get_mesh_hdrlen(meshdr); 460 + hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags); 482 461 } 483 462 break; 484 463 case cpu_to_le16(IEEE80211_FCTL_FROMDS): 485 464 if ((iftype != NL80211_IFTYPE_STATION && 486 465 iftype != NL80211_IFTYPE_P2P_CLIENT && 487 466 iftype != NL80211_IFTYPE_MESH_POINT) || 488 - (is_multicast_ether_addr(dst) && 489 - ether_addr_equal(src, addr))) 467 + (is_multicast_ether_addr(tmp.h_dest) && 468 + ether_addr_equal(tmp.h_source, addr))) 490 469 return -1; 491 470 if (iftype == NL80211_IFTYPE_MESH_POINT) { 492 - struct ieee80211s_hdr *meshdr = 493 - (struct ieee80211s_hdr *) (skb->data + hdrlen); 494 - /* make sure meshdr->flags is on the linear part */ 495 - if (!pskb_may_pull(skb, hdrlen + 1)) 471 + if (mesh_flags & MESH_FLAGS_AE_A5_A6) 496 472 return -1; 497 - if (meshdr->flags & MESH_FLAGS_AE_A5_A6) 498 - return -1; 499 - if (meshdr->flags & MESH_FLAGS_AE_A4) 473 + if (mesh_flags & MESH_FLAGS_AE_A4) 500 474 skb_copy_bits(skb, hdrlen + 501 475 offsetof(struct ieee80211s_hdr, eaddr1), 502 - src, ETH_ALEN); 503 - hdrlen += ieee80211_get_mesh_hdrlen(meshdr); 476 + tmp.h_source, ETH_ALEN); 477 + hdrlen += __ieee80211_get_mesh_hdrlen(mesh_flags); 504 478 } 505 479 break; 506 480 case cpu_to_le16(0): ··· 498 498 break; 499 499 } 500 500 501 - if (!pskb_may_pull(skb, hdrlen + 8)) 502 - return -1; 501 + skb_copy_bits(skb, hdrlen, &payload, sizeof(payload)); 502 + tmp.h_proto = payload.proto; 503 503 504 - payload = skb->data + hdrlen; 505 - ethertype = (payload[6] << 8) | payload[7]; 506 - 507 - if (likely((ether_addr_equal(payload, rfc1042_header) && 508 - ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 509 - ether_addr_equal(payload, bridge_tunnel_header))) { 504 + if (likely((ether_addr_equal(payload.hdr, rfc1042_header) && 505 + tmp.h_proto != htons(ETH_P_AARP) && 506 + tmp.h_proto != htons(ETH_P_IPX)) || 507 + ether_addr_equal(payload.hdr, bridge_tunnel_header))) 510 508 /* remove RFC1042 or Bridge-Tunnel encapsulation and 511 509 * replace EtherType */ 512 - skb_pull(skb, hdrlen + 6); 513 - memcpy(skb_push(skb, ETH_ALEN), src, ETH_ALEN); 514 - memcpy(skb_push(skb, ETH_ALEN), dst, ETH_ALEN); 515 - } else { 516 - struct ethhdr *ehdr; 517 - __be16 len; 510 + hdrlen += ETH_ALEN + 2; 511 + else 512 + tmp.h_proto = htons(skb->len); 518 513 519 - skb_pull(skb, hdrlen); 520 - len = htons(skb->len); 514 + pskb_pull(skb, hdrlen); 515 + 516 + if (!ehdr) 521 517 ehdr = (struct ethhdr *) skb_push(skb, sizeof(struct ethhdr)); 522 - memcpy(ehdr->h_dest, dst, ETH_ALEN); 523 - memcpy(ehdr->h_source, src, ETH_ALEN); 524 - ehdr->h_proto = len; 525 - } 518 + memcpy(ehdr, &tmp, sizeof(tmp)); 519 + 526 520 return 0; 521 + } 522 + 523 + int ieee80211_data_to_8023(struct sk_buff *skb, const u8 *addr, 524 + enum nl80211_iftype iftype) 525 + { 526 + return __ieee80211_data_to_8023(skb, NULL, addr, iftype); 527 527 } 528 528 EXPORT_SYMBOL(ieee80211_data_to_8023); 529 529 ··· 644 644 } 645 645 EXPORT_SYMBOL(ieee80211_data_from_8023); 646 646 647 + static void 648 + __frame_add_frag(struct sk_buff *skb, struct page *page, 649 + void *ptr, int len, int size) 650 + { 651 + struct skb_shared_info *sh = skb_shinfo(skb); 652 + int page_offset; 653 + 654 + atomic_inc(&page->_count); 655 + page_offset = ptr - page_address(page); 656 + skb_add_rx_frag(skb, sh->nr_frags, page, page_offset, len, size); 657 + } 658 + 659 + static void 660 + __ieee80211_amsdu_copy_frag(struct sk_buff *skb, struct sk_buff *frame, 661 + int offset, int len) 662 + { 663 + struct skb_shared_info *sh = skb_shinfo(skb); 664 + const skb_frag_t *frag = &sh->frags[-1]; 665 + struct page *frag_page; 666 + void *frag_ptr; 667 + int frag_len, frag_size; 668 + int head_size = skb->len - skb->data_len; 669 + int cur_len; 670 + 671 + frag_page = virt_to_head_page(skb->head); 672 + frag_ptr = skb->data; 673 + frag_size = head_size; 674 + 675 + while (offset >= frag_size) { 676 + offset -= frag_size; 677 + frag++; 678 + frag_page = skb_frag_page(frag); 679 + frag_ptr = skb_frag_address(frag); 680 + frag_size = skb_frag_size(frag); 681 + } 682 + 683 + frag_ptr += offset; 684 + frag_len = frag_size - offset; 685 + 686 + cur_len = min(len, frag_len); 687 + 688 + __frame_add_frag(frame, frag_page, frag_ptr, cur_len, frag_size); 689 + len -= cur_len; 690 + 691 + while (len > 0) { 692 + frag++; 693 + frag_len = skb_frag_size(frag); 694 + cur_len = min(len, frag_len); 695 + __frame_add_frag(frame, skb_frag_page(frag), 696 + skb_frag_address(frag), cur_len, frag_len); 697 + len -= cur_len; 698 + } 699 + } 700 + 701 + static struct sk_buff * 702 + __ieee80211_amsdu_copy(struct sk_buff *skb, unsigned int hlen, 703 + int offset, int len, bool reuse_frag) 704 + { 705 + struct sk_buff *frame; 706 + int cur_len = len; 707 + 708 + if (skb->len - offset < len) 709 + return NULL; 710 + 711 + /* 712 + * When reusing framents, copy some data to the head to simplify 713 + * ethernet header handling and speed up protocol header processing 714 + * in the stack later. 715 + */ 716 + if (reuse_frag) 717 + cur_len = min_t(int, len, 32); 718 + 719 + /* 720 + * Allocate and reserve two bytes more for payload 721 + * alignment since sizeof(struct ethhdr) is 14. 722 + */ 723 + frame = dev_alloc_skb(hlen + sizeof(struct ethhdr) + 2 + cur_len); 724 + 725 + skb_reserve(frame, hlen + sizeof(struct ethhdr) + 2); 726 + skb_copy_bits(skb, offset, skb_put(frame, cur_len), cur_len); 727 + 728 + len -= cur_len; 729 + if (!len) 730 + return frame; 731 + 732 + offset += cur_len; 733 + __ieee80211_amsdu_copy_frag(skb, frame, offset, len); 734 + 735 + return frame; 736 + } 647 737 648 738 void ieee80211_amsdu_to_8023s(struct sk_buff *skb, struct sk_buff_head *list, 649 739 const u8 *addr, enum nl80211_iftype iftype, 650 740 const unsigned int extra_headroom, 651 741 bool has_80211_header) 652 742 { 743 + unsigned int hlen = ALIGN(extra_headroom, 4); 653 744 struct sk_buff *frame = NULL; 654 745 u16 ethertype; 655 746 u8 *payload; 656 - const struct ethhdr *eth; 657 - int remaining, err; 658 - u8 dst[ETH_ALEN], src[ETH_ALEN]; 747 + int offset = 0, remaining, err; 748 + struct ethhdr eth; 749 + bool reuse_frag = skb->head_frag && !skb_has_frag_list(skb); 750 + bool reuse_skb = false; 751 + bool last = false; 659 752 660 753 if (has_80211_header) { 661 - err = ieee80211_data_to_8023(skb, addr, iftype); 754 + err = __ieee80211_data_to_8023(skb, &eth, addr, iftype); 662 755 if (err) 663 756 goto out; 664 - 665 - /* skip the wrapping header */ 666 - eth = (struct ethhdr *) skb_pull(skb, sizeof(struct ethhdr)); 667 - if (!eth) 668 - goto out; 669 - } else { 670 - eth = (struct ethhdr *) skb->data; 671 757 } 672 758 673 - while (skb != frame) { 759 + while (!last) { 760 + unsigned int subframe_len; 761 + int len; 674 762 u8 padding; 675 - __be16 len = eth->h_proto; 676 - unsigned int subframe_len = sizeof(struct ethhdr) + ntohs(len); 677 763 678 - remaining = skb->len; 679 - memcpy(dst, eth->h_dest, ETH_ALEN); 680 - memcpy(src, eth->h_source, ETH_ALEN); 681 - 764 + skb_copy_bits(skb, offset, &eth, sizeof(eth)); 765 + len = ntohs(eth.h_proto); 766 + subframe_len = sizeof(struct ethhdr) + len; 682 767 padding = (4 - subframe_len) & 0x3; 768 + 683 769 /* the last MSDU has no padding */ 770 + remaining = skb->len - offset; 684 771 if (subframe_len > remaining) 685 772 goto purge; 686 773 687 - skb_pull(skb, sizeof(struct ethhdr)); 774 + offset += sizeof(struct ethhdr); 688 775 /* reuse skb for the last subframe */ 689 - if (remaining <= subframe_len + padding) 776 + last = remaining <= subframe_len + padding; 777 + if (!skb_is_nonlinear(skb) && !reuse_frag && last) { 778 + skb_pull(skb, offset); 690 779 frame = skb; 691 - else { 692 - unsigned int hlen = ALIGN(extra_headroom, 4); 693 - /* 694 - * Allocate and reserve two bytes more for payload 695 - * alignment since sizeof(struct ethhdr) is 14. 696 - */ 697 - frame = dev_alloc_skb(hlen + subframe_len + 2); 780 + reuse_skb = true; 781 + } else { 782 + frame = __ieee80211_amsdu_copy(skb, hlen, offset, len, 783 + reuse_frag); 698 784 if (!frame) 699 785 goto purge; 700 786 701 - skb_reserve(frame, hlen + sizeof(struct ethhdr) + 2); 702 - memcpy(skb_put(frame, ntohs(len)), skb->data, 703 - ntohs(len)); 704 - 705 - eth = (struct ethhdr *)skb_pull(skb, ntohs(len) + 706 - padding); 707 - if (!eth) { 708 - dev_kfree_skb(frame); 709 - goto purge; 710 - } 787 + offset += len + padding; 711 788 } 712 789 713 790 skb_reset_network_header(frame); ··· 793 716 794 717 payload = frame->data; 795 718 ethertype = (payload[6] << 8) | payload[7]; 796 - 797 719 if (likely((ether_addr_equal(payload, rfc1042_header) && 798 720 ethertype != ETH_P_AARP && ethertype != ETH_P_IPX) || 799 721 ether_addr_equal(payload, bridge_tunnel_header))) { 800 - /* remove RFC1042 or Bridge-Tunnel 801 - * encapsulation and replace EtherType */ 802 - skb_pull(frame, 6); 803 - memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN); 804 - memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN); 805 - } else { 806 - memcpy(skb_push(frame, sizeof(__be16)), &len, 807 - sizeof(__be16)); 808 - memcpy(skb_push(frame, ETH_ALEN), src, ETH_ALEN); 809 - memcpy(skb_push(frame, ETH_ALEN), dst, ETH_ALEN); 722 + eth.h_proto = htons(ethertype); 723 + skb_pull(frame, ETH_ALEN + 2); 810 724 } 725 + 726 + memcpy(skb_push(frame, sizeof(eth)), &eth, sizeof(eth)); 811 727 __skb_queue_tail(list, frame); 812 728 } 729 + 730 + if (!reuse_skb) 731 + dev_kfree_skb(skb); 813 732 814 733 return; 815 734