1 /* 2 * HT handling 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2002-2005, Instant802 Networks, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2007-2009, Intel Corporation 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16 #include <linux/ieee80211.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "wme.h" 22 23 /** 24 * DOC: TX aggregation 25 * 26 * Aggregation on the TX side requires setting the hardware flag 27 * %IEEE80211_HW_AMPDU_AGGREGATION as well as, if present, the @ampdu_queues 28 * hardware parameter to the number of hardware AMPDU queues. If there are no 29 * hardware queues then the driver will (currently) have to do all frame 30 * buffering. 31 * 32 * When TX aggregation is started by some subsystem (usually the rate control 33 * algorithm would be appropriate) by calling the 34 * ieee80211_start_tx_ba_session() function, the driver will be notified via 35 * its @ampdu_action function, with the %IEEE80211_AMPDU_TX_START action. 36 * 37 * In response to that, the driver is later required to call the 38 * ieee80211_start_tx_ba_cb() (or ieee80211_start_tx_ba_cb_irqsafe()) 39 * function, which will start the aggregation session. 40 * 41 * Similarly, when the aggregation session is stopped by 42 * ieee80211_stop_tx_ba_session(), the driver's @ampdu_action function will 43 * be called with the action %IEEE80211_AMPDU_TX_STOP. In this case, the 44 * call must not fail, and the driver must later call ieee80211_stop_tx_ba_cb() 45 * (or ieee80211_stop_tx_ba_cb_irqsafe()). 46 */ 47 48 static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, 49 const u8 *da, u16 tid, 50 u8 dialog_token, u16 start_seq_num, 51 u16 agg_size, u16 timeout) 52 { 53 struct ieee80211_local *local = sdata->local; 54 struct sk_buff *skb; 55 struct ieee80211_mgmt *mgmt; 56 u16 capab; 57 58 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom); 59 60 if (!skb) { 61 printk(KERN_ERR "%s: failed to allocate buffer " 62 "for addba request frame\n", sdata->name); 63 return; 64 } 65 skb_reserve(skb, local->hw.extra_tx_headroom); 66 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 67 memset(mgmt, 0, 24); 68 memcpy(mgmt->da, da, ETH_ALEN); 69 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 70 if (sdata->vif.type == NL80211_IFTYPE_AP || 71 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 72 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 73 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 74 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 75 76 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 77 IEEE80211_STYPE_ACTION); 78 79 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req)); 80 81 mgmt->u.action.category = WLAN_CATEGORY_BACK; 82 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ; 83 84 mgmt->u.action.u.addba_req.dialog_token = dialog_token; 85 capab = (u16)(1 << 1); /* bit 1 aggregation policy */ 86 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 87 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */ 88 89 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab); 90 91 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout); 92 mgmt->u.action.u.addba_req.start_seq_num = 93 cpu_to_le16(start_seq_num << 4); 94 95 ieee80211_tx_skb(sdata, skb); 96 } 97 98 void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 99 { 100 struct ieee80211_local *local = sdata->local; 101 struct sk_buff *skb; 102 struct ieee80211_bar *bar; 103 u16 bar_control = 0; 104 105 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom); 106 if (!skb) { 107 printk(KERN_ERR "%s: failed to allocate buffer for " 108 "bar frame\n", sdata->name); 109 return; 110 } 111 skb_reserve(skb, local->hw.extra_tx_headroom); 112 bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar)); 113 memset(bar, 0, sizeof(*bar)); 114 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL | 115 IEEE80211_STYPE_BACK_REQ); 116 memcpy(bar->ra, ra, ETH_ALEN); 117 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN); 118 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL; 119 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA; 120 bar_control |= (u16)(tid << 12); 121 bar->control = cpu_to_le16(bar_control); 122 bar->start_seq_num = cpu_to_le16(ssn); 123 124 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 125 ieee80211_tx_skb(sdata, skb); 126 } 127 128 int ___ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 129 enum ieee80211_back_parties initiator) 130 { 131 struct ieee80211_local *local = sta->local; 132 int ret; 133 u8 *state; 134 135 #ifdef CONFIG_MAC80211_HT_DEBUG 136 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n", 137 sta->sta.addr, tid); 138 #endif /* CONFIG_MAC80211_HT_DEBUG */ 139 140 state = &sta->ampdu_mlme.tid_state_tx[tid]; 141 142 if (*state == HT_AGG_STATE_OPERATIONAL) 143 sta->ampdu_mlme.addba_req_num[tid] = 0; 144 145 *state = HT_AGG_STATE_REQ_STOP_BA_MSK | 146 (initiator << HT_AGG_STATE_INITIATOR_SHIFT); 147 148 ret = drv_ampdu_action(local, sta->sdata, 149 IEEE80211_AMPDU_TX_STOP, 150 &sta->sta, tid, NULL); 151 152 /* HW shall not deny going back to legacy */ 153 if (WARN_ON(ret)) { 154 /* 155 * We may have pending packets get stuck in this case... 156 * Not bothering with a workaround for now. 157 */ 158 } 159 160 return ret; 161 } 162 163 /* 164 * After sending add Block Ack request we activated a timer until 165 * add Block Ack response will arrive from the recipient. 166 * If this timer expires sta_addba_resp_timer_expired will be executed. 167 */ 168 static void sta_addba_resp_timer_expired(unsigned long data) 169 { 170 /* not an elegant detour, but there is no choice as the timer passes 171 * only one argument, and both sta_info and TID are needed, so init 172 * flow in sta_info_create gives the TID as data, while the timer_to_id 173 * array gives the sta through container_of */ 174 u16 tid = *(u8 *)data; 175 struct sta_info *sta = container_of((void *)data, 176 struct sta_info, timer_to_tid[tid]); 177 u8 *state; 178 179 state = &sta->ampdu_mlme.tid_state_tx[tid]; 180 181 /* check if the TID waits for addBA response */ 182 spin_lock_bh(&sta->lock); 183 if ((*state & (HT_ADDBA_REQUESTED_MSK | HT_ADDBA_RECEIVED_MSK | 184 HT_AGG_STATE_REQ_STOP_BA_MSK)) != 185 HT_ADDBA_REQUESTED_MSK) { 186 spin_unlock_bh(&sta->lock); 187 #ifdef CONFIG_MAC80211_HT_DEBUG 188 printk(KERN_DEBUG "timer expired on tid %d but we are not " 189 "(or no longer) expecting addBA response there\n", 190 tid); 191 #endif 192 return; 193 } 194 195 #ifdef CONFIG_MAC80211_HT_DEBUG 196 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 197 #endif 198 199 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 200 spin_unlock_bh(&sta->lock); 201 } 202 203 static inline int ieee80211_ac_from_tid(int tid) 204 { 205 return ieee802_1d_to_ac[tid & 7]; 206 } 207 208 int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 209 { 210 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 211 struct ieee80211_sub_if_data *sdata = sta->sdata; 212 struct ieee80211_local *local = sdata->local; 213 u8 *state; 214 int ret = 0; 215 u16 start_seq_num; 216 217 trace_api_start_tx_ba_session(pubsta, tid); 218 219 if (WARN_ON(!local->ops->ampdu_action)) 220 return -EINVAL; 221 222 if ((tid >= STA_TID_NUM) || 223 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) 224 return -EINVAL; 225 226 #ifdef CONFIG_MAC80211_HT_DEBUG 227 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 228 pubsta->addr, tid); 229 #endif /* CONFIG_MAC80211_HT_DEBUG */ 230 231 /* 232 * The aggregation code is not prepared to handle 233 * anything but STA/AP due to the BSSID handling. 234 * IBSS could work in the code but isn't supported 235 * by drivers or the standard. 236 */ 237 if (sdata->vif.type != NL80211_IFTYPE_STATION && 238 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 239 sdata->vif.type != NL80211_IFTYPE_AP) 240 return -EINVAL; 241 242 if (test_sta_flags(sta, WLAN_STA_DISASSOC)) { 243 #ifdef CONFIG_MAC80211_HT_DEBUG 244 printk(KERN_DEBUG "Disassociation is in progress. " 245 "Denying BA session request\n"); 246 #endif 247 return -EINVAL; 248 } 249 250 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 251 #ifdef CONFIG_MAC80211_HT_DEBUG 252 printk(KERN_DEBUG "Suspend in progress. " 253 "Denying BA session request\n"); 254 #endif 255 return -EINVAL; 256 } 257 258 spin_lock_bh(&sta->lock); 259 spin_lock(&local->ampdu_lock); 260 261 /* we have tried too many times, receiver does not want A-MPDU */ 262 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 263 ret = -EBUSY; 264 goto err_unlock_sta; 265 } 266 267 state = &sta->ampdu_mlme.tid_state_tx[tid]; 268 /* check if the TID is not in aggregation flow already */ 269 if (*state != HT_AGG_STATE_IDLE) { 270 #ifdef CONFIG_MAC80211_HT_DEBUG 271 printk(KERN_DEBUG "BA request denied - session is not " 272 "idle on tid %u\n", tid); 273 #endif /* CONFIG_MAC80211_HT_DEBUG */ 274 ret = -EAGAIN; 275 goto err_unlock_sta; 276 } 277 278 /* 279 * While we're asking the driver about the aggregation, 280 * stop the AC queue so that we don't have to worry 281 * about frames that came in while we were doing that, 282 * which would require us to put them to the AC pending 283 * afterwards which just makes the code more complex. 284 */ 285 ieee80211_stop_queue_by_reason( 286 &local->hw, ieee80211_ac_from_tid(tid), 287 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 288 289 /* prepare A-MPDU MLME for Tx aggregation */ 290 sta->ampdu_mlme.tid_tx[tid] = 291 kmalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 292 if (!sta->ampdu_mlme.tid_tx[tid]) { 293 #ifdef CONFIG_MAC80211_HT_DEBUG 294 if (net_ratelimit()) 295 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 296 tid); 297 #endif 298 ret = -ENOMEM; 299 goto err_wake_queue; 300 } 301 302 skb_queue_head_init(&sta->ampdu_mlme.tid_tx[tid]->pending); 303 304 /* Tx timer */ 305 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.function = 306 sta_addba_resp_timer_expired; 307 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.data = 308 (unsigned long)&sta->timer_to_tid[tid]; 309 init_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 310 311 /* Ok, the Addba frame hasn't been sent yet, but if the driver calls the 312 * call back right away, it must see that the flow has begun */ 313 *state |= HT_ADDBA_REQUESTED_MSK; 314 315 start_seq_num = sta->tid_seq[tid] >> 4; 316 317 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 318 pubsta, tid, &start_seq_num); 319 320 if (ret) { 321 #ifdef CONFIG_MAC80211_HT_DEBUG 322 printk(KERN_DEBUG "BA request denied - HW unavailable for" 323 " tid %d\n", tid); 324 #endif /* CONFIG_MAC80211_HT_DEBUG */ 325 *state = HT_AGG_STATE_IDLE; 326 goto err_free; 327 } 328 329 /* Driver vetoed or OKed, but we can take packets again now */ 330 ieee80211_wake_queue_by_reason( 331 &local->hw, ieee80211_ac_from_tid(tid), 332 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 333 334 spin_unlock(&local->ampdu_lock); 335 336 /* prepare tid data */ 337 sta->ampdu_mlme.dialog_token_allocator++; 338 sta->ampdu_mlme.tid_tx[tid]->dialog_token = 339 sta->ampdu_mlme.dialog_token_allocator; 340 sta->ampdu_mlme.tid_tx[tid]->ssn = start_seq_num; 341 342 spin_unlock_bh(&sta->lock); 343 344 /* send AddBA request */ 345 ieee80211_send_addba_request(sdata, pubsta->addr, tid, 346 sta->ampdu_mlme.tid_tx[tid]->dialog_token, 347 sta->ampdu_mlme.tid_tx[tid]->ssn, 348 0x40, 5000); 349 sta->ampdu_mlme.addba_req_num[tid]++; 350 /* activate the timer for the recipient's addBA response */ 351 sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer.expires = 352 jiffies + ADDBA_RESP_INTERVAL; 353 add_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 354 #ifdef CONFIG_MAC80211_HT_DEBUG 355 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 356 #endif 357 return 0; 358 359 err_free: 360 kfree(sta->ampdu_mlme.tid_tx[tid]); 361 sta->ampdu_mlme.tid_tx[tid] = NULL; 362 err_wake_queue: 363 ieee80211_wake_queue_by_reason( 364 &local->hw, ieee80211_ac_from_tid(tid), 365 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 366 err_unlock_sta: 367 spin_unlock(&local->ampdu_lock); 368 spin_unlock_bh(&sta->lock); 369 return ret; 370 } 371 EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 372 373 /* 374 * splice packets from the STA's pending to the local pending, 375 * requires a call to ieee80211_agg_splice_finish and holding 376 * local->ampdu_lock across both calls. 377 */ 378 static void ieee80211_agg_splice_packets(struct ieee80211_local *local, 379 struct sta_info *sta, u16 tid) 380 { 381 unsigned long flags; 382 u16 queue = ieee80211_ac_from_tid(tid); 383 384 ieee80211_stop_queue_by_reason( 385 &local->hw, queue, 386 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 387 388 if (!(sta->ampdu_mlme.tid_state_tx[tid] & HT_ADDBA_REQUESTED_MSK)) 389 return; 390 391 if (WARN(!sta->ampdu_mlme.tid_tx[tid], 392 "TID %d gone but expected when splicing aggregates from" 393 "the pending queue\n", tid)) 394 return; 395 396 if (!skb_queue_empty(&sta->ampdu_mlme.tid_tx[tid]->pending)) { 397 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 398 /* copy over remaining packets */ 399 skb_queue_splice_tail_init( 400 &sta->ampdu_mlme.tid_tx[tid]->pending, 401 &local->pending[queue]); 402 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 403 } 404 } 405 406 static void ieee80211_agg_splice_finish(struct ieee80211_local *local, 407 struct sta_info *sta, u16 tid) 408 { 409 u16 queue = ieee80211_ac_from_tid(tid); 410 411 ieee80211_wake_queue_by_reason( 412 &local->hw, queue, 413 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 414 } 415 416 /* caller must hold sta->lock */ 417 static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 418 struct sta_info *sta, u16 tid) 419 { 420 #ifdef CONFIG_MAC80211_HT_DEBUG 421 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid); 422 #endif 423 424 spin_lock(&local->ampdu_lock); 425 ieee80211_agg_splice_packets(local, sta, tid); 426 /* 427 * NB: we rely on sta->lock being taken in the TX 428 * processing here when adding to the pending queue, 429 * otherwise we could only change the state of the 430 * session to OPERATIONAL _here_. 431 */ 432 ieee80211_agg_splice_finish(local, sta, tid); 433 spin_unlock(&local->ampdu_lock); 434 435 drv_ampdu_action(local, sta->sdata, 436 IEEE80211_AMPDU_TX_OPERATIONAL, 437 &sta->sta, tid, NULL); 438 } 439 440 void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid) 441 { 442 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 443 struct ieee80211_local *local = sdata->local; 444 struct sta_info *sta; 445 u8 *state; 446 447 trace_api_start_tx_ba_cb(sdata, ra, tid); 448 449 if (tid >= STA_TID_NUM) { 450 #ifdef CONFIG_MAC80211_HT_DEBUG 451 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 452 tid, STA_TID_NUM); 453 #endif 454 return; 455 } 456 457 rcu_read_lock(); 458 sta = sta_info_get(sdata, ra); 459 if (!sta) { 460 rcu_read_unlock(); 461 #ifdef CONFIG_MAC80211_HT_DEBUG 462 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 463 #endif 464 return; 465 } 466 467 state = &sta->ampdu_mlme.tid_state_tx[tid]; 468 spin_lock_bh(&sta->lock); 469 470 if (WARN_ON(!(*state & HT_ADDBA_REQUESTED_MSK))) { 471 #ifdef CONFIG_MAC80211_HT_DEBUG 472 printk(KERN_DEBUG "addBA was not requested yet, state is %d\n", 473 *state); 474 #endif 475 spin_unlock_bh(&sta->lock); 476 rcu_read_unlock(); 477 return; 478 } 479 480 if (WARN_ON(*state & HT_ADDBA_DRV_READY_MSK)) 481 goto out; 482 483 *state |= HT_ADDBA_DRV_READY_MSK; 484 485 if (*state == HT_AGG_STATE_OPERATIONAL) 486 ieee80211_agg_tx_operational(local, sta, tid); 487 488 out: 489 spin_unlock_bh(&sta->lock); 490 rcu_read_unlock(); 491 } 492 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb); 493 494 void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 495 const u8 *ra, u16 tid) 496 { 497 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 498 struct ieee80211_local *local = sdata->local; 499 struct ieee80211_ra_tid *ra_tid; 500 struct sk_buff *skb = dev_alloc_skb(0); 501 502 if (unlikely(!skb)) { 503 #ifdef CONFIG_MAC80211_HT_DEBUG 504 if (net_ratelimit()) 505 printk(KERN_WARNING "%s: Not enough memory, " 506 "dropping start BA session", sdata->name); 507 #endif 508 return; 509 } 510 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 511 memcpy(&ra_tid->ra, ra, ETH_ALEN); 512 ra_tid->tid = tid; 513 ra_tid->vif = vif; 514 515 skb->pkt_type = IEEE80211_ADDBA_MSG; 516 skb_queue_tail(&local->skb_queue, skb); 517 tasklet_schedule(&local->tasklet); 518 } 519 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 520 521 int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 522 enum ieee80211_back_parties initiator) 523 { 524 u8 *state; 525 int ret; 526 527 /* check if the TID is in aggregation */ 528 state = &sta->ampdu_mlme.tid_state_tx[tid]; 529 spin_lock_bh(&sta->lock); 530 531 if (*state != HT_AGG_STATE_OPERATIONAL) { 532 ret = -ENOENT; 533 goto unlock; 534 } 535 536 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 537 538 unlock: 539 spin_unlock_bh(&sta->lock); 540 return ret; 541 } 542 543 int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, 544 enum ieee80211_back_parties initiator) 545 { 546 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 547 struct ieee80211_sub_if_data *sdata = sta->sdata; 548 struct ieee80211_local *local = sdata->local; 549 550 trace_api_stop_tx_ba_session(pubsta, tid, initiator); 551 552 if (!local->ops->ampdu_action) 553 return -EINVAL; 554 555 if (tid >= STA_TID_NUM) 556 return -EINVAL; 557 558 return __ieee80211_stop_tx_ba_session(sta, tid, initiator); 559 } 560 EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 561 562 void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid) 563 { 564 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 565 struct ieee80211_local *local = sdata->local; 566 struct sta_info *sta; 567 u8 *state; 568 569 trace_api_stop_tx_ba_cb(sdata, ra, tid); 570 571 if (tid >= STA_TID_NUM) { 572 #ifdef CONFIG_MAC80211_HT_DEBUG 573 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 574 tid, STA_TID_NUM); 575 #endif 576 return; 577 } 578 579 #ifdef CONFIG_MAC80211_HT_DEBUG 580 printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n", 581 ra, tid); 582 #endif /* CONFIG_MAC80211_HT_DEBUG */ 583 584 rcu_read_lock(); 585 sta = sta_info_get(sdata, ra); 586 if (!sta) { 587 #ifdef CONFIG_MAC80211_HT_DEBUG 588 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 589 #endif 590 rcu_read_unlock(); 591 return; 592 } 593 state = &sta->ampdu_mlme.tid_state_tx[tid]; 594 595 /* NOTE: no need to use sta->lock in this state check, as 596 * ieee80211_stop_tx_ba_session will let only one stop call to 597 * pass through per sta/tid 598 */ 599 if ((*state & HT_AGG_STATE_REQ_STOP_BA_MSK) == 0) { 600 #ifdef CONFIG_MAC80211_HT_DEBUG 601 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 602 #endif 603 rcu_read_unlock(); 604 return; 605 } 606 607 if (*state & HT_AGG_STATE_INITIATOR_MSK) 608 ieee80211_send_delba(sta->sdata, ra, tid, 609 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 610 611 spin_lock_bh(&sta->lock); 612 spin_lock(&local->ampdu_lock); 613 614 ieee80211_agg_splice_packets(local, sta, tid); 615 616 *state = HT_AGG_STATE_IDLE; 617 /* from now on packets are no longer put onto sta->pending */ 618 kfree(sta->ampdu_mlme.tid_tx[tid]); 619 sta->ampdu_mlme.tid_tx[tid] = NULL; 620 621 ieee80211_agg_splice_finish(local, sta, tid); 622 623 spin_unlock(&local->ampdu_lock); 624 spin_unlock_bh(&sta->lock); 625 626 rcu_read_unlock(); 627 } 628 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb); 629 630 void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 631 const u8 *ra, u16 tid) 632 { 633 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 634 struct ieee80211_local *local = sdata->local; 635 struct ieee80211_ra_tid *ra_tid; 636 struct sk_buff *skb = dev_alloc_skb(0); 637 638 if (unlikely(!skb)) { 639 #ifdef CONFIG_MAC80211_HT_DEBUG 640 if (net_ratelimit()) 641 printk(KERN_WARNING "%s: Not enough memory, " 642 "dropping stop BA session", sdata->name); 643 #endif 644 return; 645 } 646 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 647 memcpy(&ra_tid->ra, ra, ETH_ALEN); 648 ra_tid->tid = tid; 649 ra_tid->vif = vif; 650 651 skb->pkt_type = IEEE80211_DELBA_MSG; 652 skb_queue_tail(&local->skb_queue, skb); 653 tasklet_schedule(&local->tasklet); 654 } 655 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe); 656 657 658 void ieee80211_process_addba_resp(struct ieee80211_local *local, 659 struct sta_info *sta, 660 struct ieee80211_mgmt *mgmt, 661 size_t len) 662 { 663 u16 capab, tid; 664 u8 *state; 665 666 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 667 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 668 669 state = &sta->ampdu_mlme.tid_state_tx[tid]; 670 671 spin_lock_bh(&sta->lock); 672 673 if (!(*state & HT_ADDBA_REQUESTED_MSK)) 674 goto out; 675 676 if (mgmt->u.action.u.addba_resp.dialog_token != 677 sta->ampdu_mlme.tid_tx[tid]->dialog_token) { 678 #ifdef CONFIG_MAC80211_HT_DEBUG 679 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 680 #endif /* CONFIG_MAC80211_HT_DEBUG */ 681 goto out; 682 } 683 684 del_timer(&sta->ampdu_mlme.tid_tx[tid]->addba_resp_timer); 685 686 #ifdef CONFIG_MAC80211_HT_DEBUG 687 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid); 688 #endif /* CONFIG_MAC80211_HT_DEBUG */ 689 690 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 691 == WLAN_STATUS_SUCCESS) { 692 u8 curstate = *state; 693 694 *state |= HT_ADDBA_RECEIVED_MSK; 695 696 if (*state != curstate && *state == HT_AGG_STATE_OPERATIONAL) 697 ieee80211_agg_tx_operational(local, sta, tid); 698 699 sta->ampdu_mlme.addba_req_num[tid] = 0; 700 } else { 701 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 702 } 703 704 out: 705 spin_unlock_bh(&sta->lock); 706 } 707