xref: /openbmc/linux/net/mac80211/sta_info.c (revision 4049e09acdf4ffd270cb8fbf1cf5b39c3d02357c)
1 /*
2  * Copyright 2002-2005, Instant802 Networks, Inc.
3  * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  */
9 
10 #include <linux/module.h>
11 #include <linux/init.h>
12 #include <linux/netdevice.h>
13 #include <linux/types.h>
14 #include <linux/slab.h>
15 #include <linux/skbuff.h>
16 #include <linux/if_arp.h>
17 #include <linux/timer.h>
18 #include <linux/rtnetlink.h>
19 
20 #include <net/mac80211.h>
21 #include "ieee80211_i.h"
22 #include "driver-ops.h"
23 #include "rate.h"
24 #include "sta_info.h"
25 #include "debugfs_sta.h"
26 #include "mesh.h"
27 
28 /**
29  * DOC: STA information lifetime rules
30  *
31  * STA info structures (&struct sta_info) are managed in a hash table
32  * for faster lookup and a list for iteration. They are managed using
33  * RCU, i.e. access to the list and hash table is protected by RCU.
34  *
35  * Upon allocating a STA info structure with sta_info_alloc(), the caller
36  * owns that structure. It must then insert it into the hash table using
37  * either sta_info_insert() or sta_info_insert_rcu(); only in the latter
38  * case (which acquires an rcu read section but must not be called from
39  * within one) will the pointer still be valid after the call. Note that
40  * the caller may not do much with the STA info before inserting it, in
41  * particular, it may not start any mesh peer link management or add
42  * encryption keys.
43  *
44  * When the insertion fails (sta_info_insert()) returns non-zero), the
45  * structure will have been freed by sta_info_insert()!
46  *
47  * Station entries are added by mac80211 when you establish a link with a
48  * peer. This means different things for the different type of interfaces
49  * we support. For a regular station this mean we add the AP sta when we
50  * receive an association response from the AP. For IBSS this occurs when
51  * get to know about a peer on the same IBSS. For WDS we add the sta for
52  * the peer immediately upon device open. When using AP mode we add stations
53  * for each respective station upon request from userspace through nl80211.
54  *
55  * In order to remove a STA info structure, various sta_info_destroy_*()
56  * calls are available.
57  *
58  * There is no concept of ownership on a STA entry, each structure is
59  * owned by the global hash table/list until it is removed. All users of
60  * the structure need to be RCU protected so that the structure won't be
61  * freed before they are done using it.
62  */
63 
64 /* Caller must hold local->sta_lock */
65 static int sta_info_hash_del(struct ieee80211_local *local,
66 			     struct sta_info *sta)
67 {
68 	struct sta_info *s;
69 
70 	s = rcu_dereference_protected(local->sta_hash[STA_HASH(sta->sta.addr)],
71 				      lockdep_is_held(&local->sta_lock));
72 	if (!s)
73 		return -ENOENT;
74 	if (s == sta) {
75 		rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)],
76 				   s->hnext);
77 		return 0;
78 	}
79 
80 	while (rcu_access_pointer(s->hnext) &&
81 	       rcu_access_pointer(s->hnext) != sta)
82 		s = rcu_dereference_protected(s->hnext,
83 					lockdep_is_held(&local->sta_lock));
84 	if (rcu_access_pointer(s->hnext)) {
85 		rcu_assign_pointer(s->hnext, sta->hnext);
86 		return 0;
87 	}
88 
89 	return -ENOENT;
90 }
91 
92 /* protected by RCU */
93 struct sta_info *sta_info_get(struct ieee80211_sub_if_data *sdata,
94 			      const u8 *addr)
95 {
96 	struct ieee80211_local *local = sdata->local;
97 	struct sta_info *sta;
98 
99 	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
100 				    lockdep_is_held(&local->sta_lock) ||
101 				    lockdep_is_held(&local->sta_mtx));
102 	while (sta) {
103 		if (sta->sdata == sdata && !sta->dummy &&
104 		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
105 			break;
106 		sta = rcu_dereference_check(sta->hnext,
107 					    lockdep_is_held(&local->sta_lock) ||
108 					    lockdep_is_held(&local->sta_mtx));
109 	}
110 	return sta;
111 }
112 
113 /* get a station info entry even if it is a dummy station*/
114 struct sta_info *sta_info_get_rx(struct ieee80211_sub_if_data *sdata,
115 			      const u8 *addr)
116 {
117 	struct ieee80211_local *local = sdata->local;
118 	struct sta_info *sta;
119 
120 	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
121 				    lockdep_is_held(&local->sta_lock) ||
122 				    lockdep_is_held(&local->sta_mtx));
123 	while (sta) {
124 		if (sta->sdata == sdata &&
125 		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
126 			break;
127 		sta = rcu_dereference_check(sta->hnext,
128 					    lockdep_is_held(&local->sta_lock) ||
129 					    lockdep_is_held(&local->sta_mtx));
130 	}
131 	return sta;
132 }
133 
134 /*
135  * Get sta info either from the specified interface
136  * or from one of its vlans
137  */
138 struct sta_info *sta_info_get_bss(struct ieee80211_sub_if_data *sdata,
139 				  const u8 *addr)
140 {
141 	struct ieee80211_local *local = sdata->local;
142 	struct sta_info *sta;
143 
144 	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
145 				    lockdep_is_held(&local->sta_lock) ||
146 				    lockdep_is_held(&local->sta_mtx));
147 	while (sta) {
148 		if ((sta->sdata == sdata ||
149 		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
150 		    !sta->dummy &&
151 		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
152 			break;
153 		sta = rcu_dereference_check(sta->hnext,
154 					    lockdep_is_held(&local->sta_lock) ||
155 					    lockdep_is_held(&local->sta_mtx));
156 	}
157 	return sta;
158 }
159 
160 /*
161  * Get sta info either from the specified interface
162  * or from one of its vlans (including dummy stations)
163  */
164 struct sta_info *sta_info_get_bss_rx(struct ieee80211_sub_if_data *sdata,
165 				  const u8 *addr)
166 {
167 	struct ieee80211_local *local = sdata->local;
168 	struct sta_info *sta;
169 
170 	sta = rcu_dereference_check(local->sta_hash[STA_HASH(addr)],
171 				    lockdep_is_held(&local->sta_lock) ||
172 				    lockdep_is_held(&local->sta_mtx));
173 	while (sta) {
174 		if ((sta->sdata == sdata ||
175 		     (sta->sdata->bss && sta->sdata->bss == sdata->bss)) &&
176 		    memcmp(sta->sta.addr, addr, ETH_ALEN) == 0)
177 			break;
178 		sta = rcu_dereference_check(sta->hnext,
179 					    lockdep_is_held(&local->sta_lock) ||
180 					    lockdep_is_held(&local->sta_mtx));
181 	}
182 	return sta;
183 }
184 
185 struct sta_info *sta_info_get_by_idx(struct ieee80211_sub_if_data *sdata,
186 				     int idx)
187 {
188 	struct ieee80211_local *local = sdata->local;
189 	struct sta_info *sta;
190 	int i = 0;
191 
192 	list_for_each_entry_rcu(sta, &local->sta_list, list) {
193 		if (sdata != sta->sdata)
194 			continue;
195 		if (i < idx) {
196 			++i;
197 			continue;
198 		}
199 		return sta;
200 	}
201 
202 	return NULL;
203 }
204 
205 /**
206  * __sta_info_free - internal STA free helper
207  *
208  * @local: pointer to the global information
209  * @sta: STA info to free
210  *
211  * This function must undo everything done by sta_info_alloc()
212  * that may happen before sta_info_insert().
213  */
214 static void __sta_info_free(struct ieee80211_local *local,
215 			    struct sta_info *sta)
216 {
217 	if (sta->rate_ctrl) {
218 		rate_control_free_sta(sta);
219 		rate_control_put(sta->rate_ctrl);
220 	}
221 
222 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
223 	wiphy_debug(local->hw.wiphy, "Destroyed STA %pM\n", sta->sta.addr);
224 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
225 
226 	kfree(sta);
227 }
228 
229 /* Caller must hold local->sta_lock */
230 static void sta_info_hash_add(struct ieee80211_local *local,
231 			      struct sta_info *sta)
232 {
233 	sta->hnext = local->sta_hash[STA_HASH(sta->sta.addr)];
234 	rcu_assign_pointer(local->sta_hash[STA_HASH(sta->sta.addr)], sta);
235 }
236 
237 static void sta_unblock(struct work_struct *wk)
238 {
239 	struct sta_info *sta;
240 
241 	sta = container_of(wk, struct sta_info, drv_unblock_wk);
242 
243 	if (sta->dead)
244 		return;
245 
246 	if (!test_sta_flags(sta, WLAN_STA_PS_STA))
247 		ieee80211_sta_ps_deliver_wakeup(sta);
248 	else if (test_and_clear_sta_flags(sta, WLAN_STA_PSPOLL)) {
249 		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
250 		ieee80211_sta_ps_deliver_poll_response(sta);
251 	} else
252 		clear_sta_flags(sta, WLAN_STA_PS_DRIVER);
253 }
254 
255 static int sta_prepare_rate_control(struct ieee80211_local *local,
256 				    struct sta_info *sta, gfp_t gfp)
257 {
258 	if (local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)
259 		return 0;
260 
261 	sta->rate_ctrl = rate_control_get(local->rate_ctrl);
262 	sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl,
263 						     &sta->sta, gfp);
264 	if (!sta->rate_ctrl_priv) {
265 		rate_control_put(sta->rate_ctrl);
266 		return -ENOMEM;
267 	}
268 
269 	return 0;
270 }
271 
272 struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata,
273 				u8 *addr, gfp_t gfp)
274 {
275 	struct ieee80211_local *local = sdata->local;
276 	struct sta_info *sta;
277 	struct timespec uptime;
278 	int i;
279 
280 	sta = kzalloc(sizeof(*sta) + local->hw.sta_data_size, gfp);
281 	if (!sta)
282 		return NULL;
283 
284 	spin_lock_init(&sta->lock);
285 	spin_lock_init(&sta->flaglock);
286 	INIT_WORK(&sta->drv_unblock_wk, sta_unblock);
287 	INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
288 	mutex_init(&sta->ampdu_mlme.mtx);
289 
290 	memcpy(sta->sta.addr, addr, ETH_ALEN);
291 	sta->local = local;
292 	sta->sdata = sdata;
293 	sta->last_rx = jiffies;
294 
295 	do_posix_clock_monotonic_gettime(&uptime);
296 	sta->last_connected = uptime.tv_sec;
297 	ewma_init(&sta->avg_signal, 1024, 8);
298 
299 	if (sta_prepare_rate_control(local, sta, gfp)) {
300 		kfree(sta);
301 		return NULL;
302 	}
303 
304 	for (i = 0; i < STA_TID_NUM; i++) {
305 		/*
306 		 * timer_to_tid must be initialized with identity mapping
307 		 * to enable session_timer's data differentiation. See
308 		 * sta_rx_agg_session_timer_expired for usage.
309 		 */
310 		sta->timer_to_tid[i] = i;
311 	}
312 	for (i = 0; i < IEEE80211_NUM_ACS; i++) {
313 		skb_queue_head_init(&sta->ps_tx_buf[i]);
314 		skb_queue_head_init(&sta->tx_filtered[i]);
315 	}
316 
317 	for (i = 0; i < NUM_RX_DATA_QUEUES; i++)
318 		sta->last_seq_ctrl[i] = cpu_to_le16(USHRT_MAX);
319 
320 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
321 	wiphy_debug(local->hw.wiphy, "Allocated STA %pM\n", sta->sta.addr);
322 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
323 
324 #ifdef CONFIG_MAC80211_MESH
325 	sta->plink_state = NL80211_PLINK_LISTEN;
326 	init_timer(&sta->plink_timer);
327 #endif
328 
329 	return sta;
330 }
331 
332 static int sta_info_finish_insert(struct sta_info *sta,
333 				bool async, bool dummy_reinsert)
334 {
335 	struct ieee80211_local *local = sta->local;
336 	struct ieee80211_sub_if_data *sdata = sta->sdata;
337 	struct station_info sinfo;
338 	unsigned long flags;
339 	int err = 0;
340 
341 	lockdep_assert_held(&local->sta_mtx);
342 
343 	if (!sta->dummy || dummy_reinsert) {
344 		/* notify driver */
345 		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
346 			sdata = container_of(sdata->bss,
347 					     struct ieee80211_sub_if_data,
348 					     u.ap);
349 		err = drv_sta_add(local, sdata, &sta->sta);
350 		if (err) {
351 			if (!async)
352 				return err;
353 			printk(KERN_DEBUG "%s: failed to add IBSS STA %pM to "
354 					  "driver (%d) - keeping it anyway.\n",
355 			       sdata->name, sta->sta.addr, err);
356 		} else {
357 			sta->uploaded = true;
358 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
359 			if (async)
360 				wiphy_debug(local->hw.wiphy,
361 					    "Finished adding IBSS STA %pM\n",
362 					    sta->sta.addr);
363 #endif
364 		}
365 
366 		sdata = sta->sdata;
367 	}
368 
369 	if (!dummy_reinsert) {
370 		if (!async) {
371 			local->num_sta++;
372 			local->sta_generation++;
373 			smp_mb();
374 
375 			/* make the station visible */
376 			spin_lock_irqsave(&local->sta_lock, flags);
377 			sta_info_hash_add(local, sta);
378 			spin_unlock_irqrestore(&local->sta_lock, flags);
379 		}
380 
381 		list_add(&sta->list, &local->sta_list);
382 	} else {
383 		sta->dummy = false;
384 	}
385 
386 	if (!sta->dummy) {
387 		ieee80211_sta_debugfs_add(sta);
388 		rate_control_add_sta_debugfs(sta);
389 
390 		memset(&sinfo, 0, sizeof(sinfo));
391 		sinfo.filled = 0;
392 		sinfo.generation = local->sta_generation;
393 		cfg80211_new_sta(sdata->dev, sta->sta.addr, &sinfo, GFP_KERNEL);
394 	}
395 
396 	return 0;
397 }
398 
399 static void sta_info_finish_pending(struct ieee80211_local *local)
400 {
401 	struct sta_info *sta;
402 	unsigned long flags;
403 
404 	spin_lock_irqsave(&local->sta_lock, flags);
405 	while (!list_empty(&local->sta_pending_list)) {
406 		sta = list_first_entry(&local->sta_pending_list,
407 				       struct sta_info, list);
408 		list_del(&sta->list);
409 		spin_unlock_irqrestore(&local->sta_lock, flags);
410 
411 		sta_info_finish_insert(sta, true, false);
412 
413 		spin_lock_irqsave(&local->sta_lock, flags);
414 	}
415 	spin_unlock_irqrestore(&local->sta_lock, flags);
416 }
417 
418 static void sta_info_finish_work(struct work_struct *work)
419 {
420 	struct ieee80211_local *local =
421 		container_of(work, struct ieee80211_local, sta_finish_work);
422 
423 	mutex_lock(&local->sta_mtx);
424 	sta_info_finish_pending(local);
425 	mutex_unlock(&local->sta_mtx);
426 }
427 
428 static int sta_info_insert_check(struct sta_info *sta)
429 {
430 	struct ieee80211_sub_if_data *sdata = sta->sdata;
431 
432 	/*
433 	 * Can't be a WARN_ON because it can be triggered through a race:
434 	 * something inserts a STA (on one CPU) without holding the RTNL
435 	 * and another CPU turns off the net device.
436 	 */
437 	if (unlikely(!ieee80211_sdata_running(sdata)))
438 		return -ENETDOWN;
439 
440 	if (WARN_ON(compare_ether_addr(sta->sta.addr, sdata->vif.addr) == 0 ||
441 		    is_multicast_ether_addr(sta->sta.addr)))
442 		return -EINVAL;
443 
444 	return 0;
445 }
446 
447 static int sta_info_insert_ibss(struct sta_info *sta) __acquires(RCU)
448 {
449 	struct ieee80211_local *local = sta->local;
450 	struct ieee80211_sub_if_data *sdata = sta->sdata;
451 	unsigned long flags;
452 
453 	spin_lock_irqsave(&local->sta_lock, flags);
454 	/* check if STA exists already */
455 	if (sta_info_get_bss_rx(sdata, sta->sta.addr)) {
456 		spin_unlock_irqrestore(&local->sta_lock, flags);
457 		rcu_read_lock();
458 		return -EEXIST;
459 	}
460 
461 	local->num_sta++;
462 	local->sta_generation++;
463 	smp_mb();
464 	sta_info_hash_add(local, sta);
465 
466 	list_add_tail(&sta->list, &local->sta_pending_list);
467 
468 	rcu_read_lock();
469 	spin_unlock_irqrestore(&local->sta_lock, flags);
470 
471 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
472 	wiphy_debug(local->hw.wiphy, "Added IBSS STA %pM\n",
473 			sta->sta.addr);
474 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
475 
476 	ieee80211_queue_work(&local->hw, &local->sta_finish_work);
477 
478 	return 0;
479 }
480 
481 /*
482  * should be called with sta_mtx locked
483  * this function replaces the mutex lock
484  * with a RCU lock
485  */
486 static int sta_info_insert_non_ibss(struct sta_info *sta) __acquires(RCU)
487 {
488 	struct ieee80211_local *local = sta->local;
489 	struct ieee80211_sub_if_data *sdata = sta->sdata;
490 	unsigned long flags;
491 	struct sta_info *exist_sta;
492 	bool dummy_reinsert = false;
493 	int err = 0;
494 
495 	lockdep_assert_held(&local->sta_mtx);
496 
497 	/*
498 	 * On first glance, this will look racy, because the code
499 	 * in this function, which inserts a station with sleeping,
500 	 * unlocks the sta_lock between checking existence in the
501 	 * hash table and inserting into it.
502 	 *
503 	 * However, it is not racy against itself because it keeps
504 	 * the mutex locked.
505 	 */
506 
507 	spin_lock_irqsave(&local->sta_lock, flags);
508 	/*
509 	 * check if STA exists already.
510 	 * only accept a scenario of a second call to sta_info_insert_non_ibss
511 	 * with a dummy station entry that was inserted earlier
512 	 * in that case - assume that the dummy station flag should
513 	 * be removed.
514 	 */
515 	exist_sta = sta_info_get_bss_rx(sdata, sta->sta.addr);
516 	if (exist_sta) {
517 		if (exist_sta == sta && sta->dummy) {
518 			dummy_reinsert = true;
519 		} else {
520 			spin_unlock_irqrestore(&local->sta_lock, flags);
521 			mutex_unlock(&local->sta_mtx);
522 			rcu_read_lock();
523 			return -EEXIST;
524 		}
525 	}
526 
527 	spin_unlock_irqrestore(&local->sta_lock, flags);
528 
529 	err = sta_info_finish_insert(sta, false, dummy_reinsert);
530 	if (err) {
531 		mutex_unlock(&local->sta_mtx);
532 		rcu_read_lock();
533 		return err;
534 	}
535 
536 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
537 	wiphy_debug(local->hw.wiphy, "Inserted %sSTA %pM\n",
538 			sta->dummy ? "dummy " : "", sta->sta.addr);
539 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
540 
541 	/* move reference to rcu-protected */
542 	rcu_read_lock();
543 	mutex_unlock(&local->sta_mtx);
544 
545 	if (ieee80211_vif_is_mesh(&sdata->vif))
546 		mesh_accept_plinks_update(sdata);
547 
548 	return 0;
549 }
550 
551 int sta_info_insert_rcu(struct sta_info *sta) __acquires(RCU)
552 {
553 	struct ieee80211_local *local = sta->local;
554 	struct ieee80211_sub_if_data *sdata = sta->sdata;
555 	int err = 0;
556 
557 	err = sta_info_insert_check(sta);
558 	if (err) {
559 		rcu_read_lock();
560 		goto out_free;
561 	}
562 
563 	/*
564 	 * In ad-hoc mode, we sometimes need to insert stations
565 	 * from tasklet context from the RX path. To avoid races,
566 	 * always do so in that case -- see the comment below.
567 	 */
568 	if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
569 		err = sta_info_insert_ibss(sta);
570 		if (err)
571 			goto out_free;
572 
573 		return 0;
574 	}
575 
576 	/*
577 	 * It might seem that the function called below is in race against
578 	 * the function call above that atomically inserts the station... That,
579 	 * however, is not true because the above code can only
580 	 * be invoked for IBSS interfaces, and the below code will
581 	 * not be -- and the two do not race against each other as
582 	 * the hash table also keys off the interface.
583 	 */
584 
585 	might_sleep();
586 
587 	mutex_lock(&local->sta_mtx);
588 
589 	err = sta_info_insert_non_ibss(sta);
590 	if (err)
591 		goto out_free;
592 
593 	return 0;
594  out_free:
595 	BUG_ON(!err);
596 	__sta_info_free(local, sta);
597 	return err;
598 }
599 
600 int sta_info_insert(struct sta_info *sta)
601 {
602 	int err = sta_info_insert_rcu(sta);
603 
604 	rcu_read_unlock();
605 
606 	return err;
607 }
608 
609 /* Caller must hold sta->local->sta_mtx */
610 int sta_info_reinsert(struct sta_info *sta)
611 {
612 	struct ieee80211_local *local = sta->local;
613 	int err = 0;
614 
615 	err = sta_info_insert_check(sta);
616 	if (err) {
617 		mutex_unlock(&local->sta_mtx);
618 		return err;
619 	}
620 
621 	might_sleep();
622 
623 	err = sta_info_insert_non_ibss(sta);
624 	rcu_read_unlock();
625 	return err;
626 }
627 
628 static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid)
629 {
630 	/*
631 	 * This format has been mandated by the IEEE specifications,
632 	 * so this line may not be changed to use the __set_bit() format.
633 	 */
634 	bss->tim[aid / 8] |= (1 << (aid % 8));
635 }
636 
637 static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid)
638 {
639 	/*
640 	 * This format has been mandated by the IEEE specifications,
641 	 * so this line may not be changed to use the __clear_bit() format.
642 	 */
643 	bss->tim[aid / 8] &= ~(1 << (aid % 8));
644 }
645 
646 static unsigned long ieee80211_tids_for_ac(int ac)
647 {
648 	/* If we ever support TIDs > 7, this obviously needs to be adjusted */
649 	switch (ac) {
650 	case IEEE80211_AC_VO:
651 		return BIT(6) | BIT(7);
652 	case IEEE80211_AC_VI:
653 		return BIT(4) | BIT(5);
654 	case IEEE80211_AC_BE:
655 		return BIT(0) | BIT(3);
656 	case IEEE80211_AC_BK:
657 		return BIT(1) | BIT(2);
658 	default:
659 		WARN_ON(1);
660 		return 0;
661 	}
662 }
663 
664 void sta_info_recalc_tim(struct sta_info *sta)
665 {
666 	struct ieee80211_local *local = sta->local;
667 	struct ieee80211_if_ap *bss = sta->sdata->bss;
668 	unsigned long flags;
669 	bool indicate_tim = false;
670 	u8 ignore_for_tim = sta->sta.uapsd_queues;
671 	int ac;
672 
673 	if (WARN_ON_ONCE(!sta->sdata->bss))
674 		return;
675 
676 	/* No need to do anything if the driver does all */
677 	if (local->hw.flags & IEEE80211_HW_AP_LINK_PS)
678 		return;
679 
680 	if (sta->dead)
681 		goto done;
682 
683 	/*
684 	 * If all ACs are delivery-enabled then we should build
685 	 * the TIM bit for all ACs anyway; if only some are then
686 	 * we ignore those and build the TIM bit using only the
687 	 * non-enabled ones.
688 	 */
689 	if (ignore_for_tim == BIT(IEEE80211_NUM_ACS) - 1)
690 		ignore_for_tim = 0;
691 
692 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
693 		unsigned long tids;
694 
695 		if (ignore_for_tim & BIT(ac))
696 			continue;
697 
698 		indicate_tim |= !skb_queue_empty(&sta->tx_filtered[ac]) ||
699 				!skb_queue_empty(&sta->ps_tx_buf[ac]);
700 		if (indicate_tim)
701 			break;
702 
703 		tids = ieee80211_tids_for_ac(ac);
704 
705 		indicate_tim |=
706 			sta->driver_buffered_tids & tids;
707 	}
708 
709  done:
710 	spin_lock_irqsave(&local->sta_lock, flags);
711 
712 	if (indicate_tim)
713 		__bss_tim_set(bss, sta->sta.aid);
714 	else
715 		__bss_tim_clear(bss, sta->sta.aid);
716 
717 	if (local->ops->set_tim) {
718 		local->tim_in_locked_section = true;
719 		drv_set_tim(local, &sta->sta, indicate_tim);
720 		local->tim_in_locked_section = false;
721 	}
722 
723 	spin_unlock_irqrestore(&local->sta_lock, flags);
724 }
725 
726 static bool sta_info_buffer_expired(struct sta_info *sta, struct sk_buff *skb)
727 {
728 	struct ieee80211_tx_info *info;
729 	int timeout;
730 
731 	if (!skb)
732 		return false;
733 
734 	info = IEEE80211_SKB_CB(skb);
735 
736 	/* Timeout: (2 * listen_interval * beacon_int * 1024 / 1000000) sec */
737 	timeout = (sta->listen_interval *
738 		   sta->sdata->vif.bss_conf.beacon_int *
739 		   32 / 15625) * HZ;
740 	if (timeout < STA_TX_BUFFER_EXPIRE)
741 		timeout = STA_TX_BUFFER_EXPIRE;
742 	return time_after(jiffies, info->control.jiffies + timeout);
743 }
744 
745 
746 static bool sta_info_cleanup_expire_buffered_ac(struct ieee80211_local *local,
747 						struct sta_info *sta, int ac)
748 {
749 	unsigned long flags;
750 	struct sk_buff *skb;
751 
752 	/*
753 	 * First check for frames that should expire on the filtered
754 	 * queue. Frames here were rejected by the driver and are on
755 	 * a separate queue to avoid reordering with normal PS-buffered
756 	 * frames. They also aren't accounted for right now in the
757 	 * total_ps_buffered counter.
758 	 */
759 	for (;;) {
760 		spin_lock_irqsave(&sta->tx_filtered[ac].lock, flags);
761 		skb = skb_peek(&sta->tx_filtered[ac]);
762 		if (sta_info_buffer_expired(sta, skb))
763 			skb = __skb_dequeue(&sta->tx_filtered[ac]);
764 		else
765 			skb = NULL;
766 		spin_unlock_irqrestore(&sta->tx_filtered[ac].lock, flags);
767 
768 		/*
769 		 * Frames are queued in order, so if this one
770 		 * hasn't expired yet we can stop testing. If
771 		 * we actually reached the end of the queue we
772 		 * also need to stop, of course.
773 		 */
774 		if (!skb)
775 			break;
776 		dev_kfree_skb(skb);
777 	}
778 
779 	/*
780 	 * Now also check the normal PS-buffered queue, this will
781 	 * only find something if the filtered queue was emptied
782 	 * since the filtered frames are all before the normal PS
783 	 * buffered frames.
784 	 */
785 	for (;;) {
786 		spin_lock_irqsave(&sta->ps_tx_buf[ac].lock, flags);
787 		skb = skb_peek(&sta->ps_tx_buf[ac]);
788 		if (sta_info_buffer_expired(sta, skb))
789 			skb = __skb_dequeue(&sta->ps_tx_buf[ac]);
790 		else
791 			skb = NULL;
792 		spin_unlock_irqrestore(&sta->ps_tx_buf[ac].lock, flags);
793 
794 		/*
795 		 * frames are queued in order, so if this one
796 		 * hasn't expired yet (or we reached the end of
797 		 * the queue) we can stop testing
798 		 */
799 		if (!skb)
800 			break;
801 
802 		local->total_ps_buffered--;
803 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
804 		printk(KERN_DEBUG "Buffered frame expired (STA %pM)\n",
805 		       sta->sta.addr);
806 #endif
807 		dev_kfree_skb(skb);
808 	}
809 
810 	/*
811 	 * Finally, recalculate the TIM bit for this station -- it might
812 	 * now be clear because the station was too slow to retrieve its
813 	 * frames.
814 	 */
815 	sta_info_recalc_tim(sta);
816 
817 	/*
818 	 * Return whether there are any frames still buffered, this is
819 	 * used to check whether the cleanup timer still needs to run,
820 	 * if there are no frames we don't need to rearm the timer.
821 	 */
822 	return !(skb_queue_empty(&sta->ps_tx_buf[ac]) &&
823 		 skb_queue_empty(&sta->tx_filtered[ac]));
824 }
825 
826 static bool sta_info_cleanup_expire_buffered(struct ieee80211_local *local,
827 					     struct sta_info *sta)
828 {
829 	bool have_buffered = false;
830 	int ac;
831 
832 	/* This is only necessary for stations on BSS interfaces */
833 	if (!sta->sdata->bss)
834 		return false;
835 
836 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++)
837 		have_buffered |=
838 			sta_info_cleanup_expire_buffered_ac(local, sta, ac);
839 
840 	return have_buffered;
841 }
842 
843 static int __must_check __sta_info_destroy(struct sta_info *sta)
844 {
845 	struct ieee80211_local *local;
846 	struct ieee80211_sub_if_data *sdata;
847 	unsigned long flags;
848 	int ret, i, ac;
849 
850 	might_sleep();
851 
852 	if (!sta)
853 		return -ENOENT;
854 
855 	local = sta->local;
856 	sdata = sta->sdata;
857 
858 	/*
859 	 * Before removing the station from the driver and
860 	 * rate control, it might still start new aggregation
861 	 * sessions -- block that to make sure the tear-down
862 	 * will be sufficient.
863 	 */
864 	set_sta_flags(sta, WLAN_STA_BLOCK_BA);
865 	ieee80211_sta_tear_down_BA_sessions(sta, true);
866 
867 	spin_lock_irqsave(&local->sta_lock, flags);
868 	ret = sta_info_hash_del(local, sta);
869 	/* this might still be the pending list ... which is fine */
870 	if (!ret)
871 		list_del(&sta->list);
872 	spin_unlock_irqrestore(&local->sta_lock, flags);
873 	if (ret)
874 		return ret;
875 
876 	mutex_lock(&local->key_mtx);
877 	for (i = 0; i < NUM_DEFAULT_KEYS; i++)
878 		__ieee80211_key_free(key_mtx_dereference(local, sta->gtk[i]));
879 	if (sta->ptk)
880 		__ieee80211_key_free(key_mtx_dereference(local, sta->ptk));
881 	mutex_unlock(&local->key_mtx);
882 
883 	sta->dead = true;
884 
885 	if (test_and_clear_sta_flags(sta,
886 				WLAN_STA_PS_STA | WLAN_STA_PS_DRIVER)) {
887 		BUG_ON(!sdata->bss);
888 
889 		atomic_dec(&sdata->bss->num_sta_ps);
890 		sta_info_recalc_tim(sta);
891 	}
892 
893 	local->num_sta--;
894 	local->sta_generation++;
895 
896 	if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
897 		rcu_assign_pointer(sdata->u.vlan.sta, NULL);
898 
899 	if (sta->uploaded) {
900 		if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
901 			sdata = container_of(sdata->bss,
902 					     struct ieee80211_sub_if_data,
903 					     u.ap);
904 		drv_sta_remove(local, sdata, &sta->sta);
905 		sdata = sta->sdata;
906 	}
907 
908 	/*
909 	 * At this point, after we wait for an RCU grace period,
910 	 * neither mac80211 nor the driver can reference this
911 	 * sta struct any more except by still existing timers
912 	 * associated with this station that we clean up below.
913 	 */
914 	synchronize_rcu();
915 
916 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
917 		local->total_ps_buffered -= skb_queue_len(&sta->ps_tx_buf[ac]);
918 		__skb_queue_purge(&sta->ps_tx_buf[ac]);
919 		__skb_queue_purge(&sta->tx_filtered[ac]);
920 	}
921 
922 #ifdef CONFIG_MAC80211_MESH
923 	if (ieee80211_vif_is_mesh(&sdata->vif))
924 		mesh_accept_plinks_update(sdata);
925 #endif
926 
927 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
928 	wiphy_debug(local->hw.wiphy, "Removed STA %pM\n", sta->sta.addr);
929 #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
930 	cancel_work_sync(&sta->drv_unblock_wk);
931 
932 	cfg80211_del_sta(sdata->dev, sta->sta.addr, GFP_KERNEL);
933 
934 	rate_control_remove_sta_debugfs(sta);
935 	ieee80211_sta_debugfs_remove(sta);
936 
937 #ifdef CONFIG_MAC80211_MESH
938 	if (ieee80211_vif_is_mesh(&sta->sdata->vif)) {
939 		mesh_plink_deactivate(sta);
940 		del_timer_sync(&sta->plink_timer);
941 	}
942 #endif
943 
944 	__sta_info_free(local, sta);
945 
946 	return 0;
947 }
948 
949 int sta_info_destroy_addr(struct ieee80211_sub_if_data *sdata, const u8 *addr)
950 {
951 	struct sta_info *sta;
952 	int ret;
953 
954 	mutex_lock(&sdata->local->sta_mtx);
955 	sta = sta_info_get_rx(sdata, addr);
956 	ret = __sta_info_destroy(sta);
957 	mutex_unlock(&sdata->local->sta_mtx);
958 
959 	return ret;
960 }
961 
962 int sta_info_destroy_addr_bss(struct ieee80211_sub_if_data *sdata,
963 			      const u8 *addr)
964 {
965 	struct sta_info *sta;
966 	int ret;
967 
968 	mutex_lock(&sdata->local->sta_mtx);
969 	sta = sta_info_get_bss_rx(sdata, addr);
970 	ret = __sta_info_destroy(sta);
971 	mutex_unlock(&sdata->local->sta_mtx);
972 
973 	return ret;
974 }
975 
976 static void sta_info_cleanup(unsigned long data)
977 {
978 	struct ieee80211_local *local = (struct ieee80211_local *) data;
979 	struct sta_info *sta;
980 	bool timer_needed = false;
981 
982 	rcu_read_lock();
983 	list_for_each_entry_rcu(sta, &local->sta_list, list)
984 		if (sta_info_cleanup_expire_buffered(local, sta))
985 			timer_needed = true;
986 	rcu_read_unlock();
987 
988 	if (local->quiescing)
989 		return;
990 
991 	if (!timer_needed)
992 		return;
993 
994 	mod_timer(&local->sta_cleanup,
995 		  round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL));
996 }
997 
998 void sta_info_init(struct ieee80211_local *local)
999 {
1000 	spin_lock_init(&local->sta_lock);
1001 	mutex_init(&local->sta_mtx);
1002 	INIT_LIST_HEAD(&local->sta_list);
1003 	INIT_LIST_HEAD(&local->sta_pending_list);
1004 	INIT_WORK(&local->sta_finish_work, sta_info_finish_work);
1005 
1006 	setup_timer(&local->sta_cleanup, sta_info_cleanup,
1007 		    (unsigned long)local);
1008 }
1009 
1010 void sta_info_stop(struct ieee80211_local *local)
1011 {
1012 	del_timer(&local->sta_cleanup);
1013 	sta_info_flush(local, NULL);
1014 }
1015 
1016 /**
1017  * sta_info_flush - flush matching STA entries from the STA table
1018  *
1019  * Returns the number of removed STA entries.
1020  *
1021  * @local: local interface data
1022  * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs
1023  */
1024 int sta_info_flush(struct ieee80211_local *local,
1025 		   struct ieee80211_sub_if_data *sdata)
1026 {
1027 	struct sta_info *sta, *tmp;
1028 	int ret = 0;
1029 
1030 	might_sleep();
1031 
1032 	mutex_lock(&local->sta_mtx);
1033 
1034 	sta_info_finish_pending(local);
1035 
1036 	list_for_each_entry_safe(sta, tmp, &local->sta_list, list) {
1037 		if (!sdata || sdata == sta->sdata)
1038 			WARN_ON(__sta_info_destroy(sta));
1039 	}
1040 	mutex_unlock(&local->sta_mtx);
1041 
1042 	return ret;
1043 }
1044 
1045 void ieee80211_sta_expire(struct ieee80211_sub_if_data *sdata,
1046 			  unsigned long exp_time)
1047 {
1048 	struct ieee80211_local *local = sdata->local;
1049 	struct sta_info *sta, *tmp;
1050 
1051 	mutex_lock(&local->sta_mtx);
1052 	list_for_each_entry_safe(sta, tmp, &local->sta_list, list)
1053 		if (time_after(jiffies, sta->last_rx + exp_time)) {
1054 #ifdef CONFIG_MAC80211_IBSS_DEBUG
1055 			printk(KERN_DEBUG "%s: expiring inactive STA %pM\n",
1056 			       sdata->name, sta->sta.addr);
1057 #endif
1058 			WARN_ON(__sta_info_destroy(sta));
1059 		}
1060 	mutex_unlock(&local->sta_mtx);
1061 }
1062 
1063 struct ieee80211_sta *ieee80211_find_sta_by_ifaddr(struct ieee80211_hw *hw,
1064 					       const u8 *addr,
1065 					       const u8 *localaddr)
1066 {
1067 	struct sta_info *sta, *nxt;
1068 
1069 	/*
1070 	 * Just return a random station if localaddr is NULL
1071 	 * ... first in list.
1072 	 */
1073 	for_each_sta_info(hw_to_local(hw), addr, sta, nxt) {
1074 		if (localaddr &&
1075 		    compare_ether_addr(sta->sdata->vif.addr, localaddr) != 0)
1076 			continue;
1077 		if (!sta->uploaded)
1078 			return NULL;
1079 		return &sta->sta;
1080 	}
1081 
1082 	return NULL;
1083 }
1084 EXPORT_SYMBOL_GPL(ieee80211_find_sta_by_ifaddr);
1085 
1086 struct ieee80211_sta *ieee80211_find_sta(struct ieee80211_vif *vif,
1087 					 const u8 *addr)
1088 {
1089 	struct sta_info *sta;
1090 
1091 	if (!vif)
1092 		return NULL;
1093 
1094 	sta = sta_info_get_bss(vif_to_sdata(vif), addr);
1095 	if (!sta)
1096 		return NULL;
1097 
1098 	if (!sta->uploaded)
1099 		return NULL;
1100 
1101 	return &sta->sta;
1102 }
1103 EXPORT_SYMBOL(ieee80211_find_sta);
1104 
1105 static void clear_sta_ps_flags(void *_sta)
1106 {
1107 	struct sta_info *sta = _sta;
1108 
1109 	clear_sta_flags(sta, WLAN_STA_PS_DRIVER | WLAN_STA_PS_STA);
1110 }
1111 
1112 /* powersave support code */
1113 void ieee80211_sta_ps_deliver_wakeup(struct sta_info *sta)
1114 {
1115 	struct ieee80211_sub_if_data *sdata = sta->sdata;
1116 	struct ieee80211_local *local = sdata->local;
1117 	struct sk_buff_head pending;
1118 	int filtered = 0, buffered = 0, ac;
1119 
1120 	BUILD_BUG_ON(BITS_TO_LONGS(STA_TID_NUM) > 1);
1121 	sta->driver_buffered_tids = 0;
1122 
1123 	if (!(local->hw.flags & IEEE80211_HW_AP_LINK_PS))
1124 		drv_sta_notify(local, sdata, STA_NOTIFY_AWAKE, &sta->sta);
1125 
1126 	skb_queue_head_init(&pending);
1127 
1128 	/* Send all buffered frames to the station */
1129 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1130 		int count = skb_queue_len(&pending), tmp;
1131 
1132 		skb_queue_splice_tail_init(&sta->tx_filtered[ac], &pending);
1133 		tmp = skb_queue_len(&pending);
1134 		filtered += tmp - count;
1135 		count = tmp;
1136 
1137 		skb_queue_splice_tail_init(&sta->ps_tx_buf[ac], &pending);
1138 		tmp = skb_queue_len(&pending);
1139 		buffered += tmp - count;
1140 	}
1141 
1142 	ieee80211_add_pending_skbs_fn(local, &pending, clear_sta_ps_flags, sta);
1143 
1144 	local->total_ps_buffered -= buffered;
1145 
1146 	sta_info_recalc_tim(sta);
1147 
1148 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1149 	printk(KERN_DEBUG "%s: STA %pM aid %d sending %d filtered/%d PS frames "
1150 	       "since STA not sleeping anymore\n", sdata->name,
1151 	       sta->sta.addr, sta->sta.aid, filtered, buffered);
1152 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1153 }
1154 
1155 void ieee80211_sta_ps_deliver_poll_response(struct sta_info *sta)
1156 {
1157 	struct ieee80211_sub_if_data *sdata = sta->sdata;
1158 	struct ieee80211_local *local = sdata->local;
1159 	struct sk_buff *skb = NULL;
1160 	bool found = false;
1161 	bool more_data = false;
1162 	int ac;
1163 	unsigned long driver_release_tids = 0;
1164 	u8 ignore_for_response = sta->sta.uapsd_queues;
1165 
1166 	/*
1167 	 * If all ACs are delivery-enabled then we should reply
1168 	 * from any of them, if only some are enabled we reply
1169 	 * only from the non-enabled ones.
1170 	 */
1171 	if (ignore_for_response == BIT(IEEE80211_NUM_ACS) - 1)
1172 		ignore_for_response = 0;
1173 
1174 	/*
1175 	 * Get response frame and more data bit for it.
1176 	 */
1177 	for (ac = 0; ac < IEEE80211_NUM_ACS; ac++) {
1178 		unsigned long tids;
1179 
1180 		if (ignore_for_response & BIT(ac))
1181 			continue;
1182 
1183 		tids = ieee80211_tids_for_ac(ac);
1184 
1185 		if (!found) {
1186 			driver_release_tids = sta->driver_buffered_tids & tids;
1187 			if (driver_release_tids) {
1188 				found = true;
1189 			} else {
1190 				skb = skb_dequeue(&sta->tx_filtered[ac]);
1191 				if (!skb) {
1192 					skb = skb_dequeue(&sta->ps_tx_buf[ac]);
1193 					if (skb)
1194 						local->total_ps_buffered--;
1195 				}
1196 				if (skb)
1197 					found = true;
1198 			}
1199 
1200 			/*
1201 			 * If the driver has data on more than one TID then
1202 			 * certainly there's more data if we release just a
1203 			 * single frame now (from a single TID).
1204 			 */
1205 			if (hweight16(driver_release_tids) > 1) {
1206 				more_data = true;
1207 				driver_release_tids =
1208 					BIT(ffs(driver_release_tids) - 1);
1209 				break;
1210 			}
1211 		}
1212 
1213 		if (!skb_queue_empty(&sta->tx_filtered[ac]) ||
1214 		    !skb_queue_empty(&sta->ps_tx_buf[ac])) {
1215 			more_data = true;
1216 			break;
1217 		}
1218 	}
1219 
1220 	if (!found) {
1221 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1222 		/*
1223 		 * FIXME: This can be the result of a race condition between
1224 		 *	  us expiring a frame and the station polling for it.
1225 		 *	  Should we send it a null-func frame indicating we
1226 		 *	  have nothing buffered for it?
1227 		 */
1228 		printk(KERN_DEBUG "%s: STA %pM sent PS Poll even "
1229 		       "though there are no buffered frames for it\n",
1230 		       sdata->name, sta->sta.addr);
1231 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1232 
1233 		return;
1234 	}
1235 
1236 	if (skb) {
1237 		struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1238 		struct ieee80211_hdr *hdr =
1239 			(struct ieee80211_hdr *) skb->data;
1240 
1241 		/*
1242 		 * Tell TX path to send this frame even though the STA may
1243 		 * still remain is PS mode after this frame exchange.
1244 		 */
1245 		info->flags |= IEEE80211_TX_CTL_PSPOLL_RESPONSE;
1246 
1247 #ifdef CONFIG_MAC80211_VERBOSE_PS_DEBUG
1248 		printk(KERN_DEBUG "STA %pM aid %d: PS Poll\n",
1249 		       sta->sta.addr, sta->sta.aid);
1250 #endif /* CONFIG_MAC80211_VERBOSE_PS_DEBUG */
1251 
1252 		/* Use MoreData flag to indicate whether there are more
1253 		 * buffered frames for this STA */
1254 		if (!more_data)
1255 			hdr->frame_control &= cpu_to_le16(~IEEE80211_FCTL_MOREDATA);
1256 		else
1257 			hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_MOREDATA);
1258 
1259 		ieee80211_add_pending_skb(local, skb);
1260 
1261 		sta_info_recalc_tim(sta);
1262 	} else {
1263 		/*
1264 		 * We need to release a frame that is buffered somewhere in the
1265 		 * driver ... it'll have to handle that.
1266 		 * Note that, as per the comment above, it'll also have to see
1267 		 * if there is more than just one frame on the specific TID that
1268 		 * we're releasing from, and it needs to set the more-data bit
1269 		 * accordingly if we tell it that there's no more data. If we do
1270 		 * tell it there's more data, then of course the more-data bit
1271 		 * needs to be set anyway.
1272 		 */
1273 		drv_release_buffered_frames(local, sta, driver_release_tids,
1274 					    1, IEEE80211_FRAME_RELEASE_PSPOLL,
1275 					    more_data);
1276 
1277 		/*
1278 		 * Note that we don't recalculate the TIM bit here as it would
1279 		 * most likely have no effect at all unless the driver told us
1280 		 * that the TID became empty before returning here from the
1281 		 * release function.
1282 		 * Either way, however, when the driver tells us that the TID
1283 		 * became empty we'll do the TIM recalculation.
1284 		 */
1285 	}
1286 }
1287 
1288 void ieee80211_sta_block_awake(struct ieee80211_hw *hw,
1289 			       struct ieee80211_sta *pubsta, bool block)
1290 {
1291 	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1292 
1293 	trace_api_sta_block_awake(sta->local, pubsta, block);
1294 
1295 	if (block)
1296 		set_sta_flags(sta, WLAN_STA_PS_DRIVER);
1297 	else if (test_sta_flags(sta, WLAN_STA_PS_DRIVER))
1298 		ieee80211_queue_work(hw, &sta->drv_unblock_wk);
1299 }
1300 EXPORT_SYMBOL(ieee80211_sta_block_awake);
1301 
1302 void ieee80211_sta_set_buffered(struct ieee80211_sta *pubsta,
1303 				u8 tid, bool buffered)
1304 {
1305 	struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
1306 
1307 	if (WARN_ON(tid >= STA_TID_NUM))
1308 		return;
1309 
1310 	if (buffered)
1311 		set_bit(tid, &sta->driver_buffered_tids);
1312 	else
1313 		clear_bit(tid, &sta->driver_buffered_tids);
1314 
1315 	sta_info_recalc_tim(sta);
1316 }
1317 EXPORT_SYMBOL(ieee80211_sta_set_buffered);
1318