1 /* 2 * HT handling 3 * 4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi> 5 * Copyright 2002-2005, Instant802 Networks, Inc. 6 * Copyright 2005-2006, Devicescape Software, Inc. 7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net> 9 * Copyright 2007-2009, Intel Corporation 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License version 2 as 13 * published by the Free Software Foundation. 14 */ 15 16 #include <linux/ieee80211.h> 17 #include <linux/slab.h> 18 #include <net/mac80211.h> 19 #include "ieee80211_i.h" 20 #include "driver-ops.h" 21 #include "wme.h" 22 23 /** 24 * DOC: TX aggregation 25 * 26 * Aggregation on the TX side requires setting the hardware flag 27 * %IEEE80211_HW_AMPDU_AGGREGATION as well as, if present, the @ampdu_queues 28 * hardware parameter to the number of hardware AMPDU queues. If there are no 29 * hardware queues then the driver will (currently) have to do all frame 30 * buffering. 31 * 32 * When TX aggregation is started by some subsystem (usually the rate control 33 * algorithm would be appropriate) by calling the 34 * ieee80211_start_tx_ba_session() function, the driver will be notified via 35 * its @ampdu_action function, with the %IEEE80211_AMPDU_TX_START action. 36 * 37 * In response to that, the driver is later required to call the 38 * ieee80211_start_tx_ba_cb() (or ieee80211_start_tx_ba_cb_irqsafe()) 39 * function, which will start the aggregation session. 40 * 41 * Similarly, when the aggregation session is stopped by 42 * ieee80211_stop_tx_ba_session(), the driver's @ampdu_action function will 43 * be called with the action %IEEE80211_AMPDU_TX_STOP. In this case, the 44 * call must not fail, and the driver must later call ieee80211_stop_tx_ba_cb() 45 * (or ieee80211_stop_tx_ba_cb_irqsafe()). 46 */ 47 48 static void ieee80211_send_addba_request(struct ieee80211_sub_if_data *sdata, 49 const u8 *da, u16 tid, 50 u8 dialog_token, u16 start_seq_num, 51 u16 agg_size, u16 timeout) 52 { 53 struct ieee80211_local *local = sdata->local; 54 struct sk_buff *skb; 55 struct ieee80211_mgmt *mgmt; 56 u16 capab; 57 58 skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom); 59 60 if (!skb) { 61 printk(KERN_ERR "%s: failed to allocate buffer " 62 "for addba request frame\n", sdata->name); 63 return; 64 } 65 skb_reserve(skb, local->hw.extra_tx_headroom); 66 mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24); 67 memset(mgmt, 0, 24); 68 memcpy(mgmt->da, da, ETH_ALEN); 69 memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN); 70 if (sdata->vif.type == NL80211_IFTYPE_AP || 71 sdata->vif.type == NL80211_IFTYPE_AP_VLAN) 72 memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN); 73 else if (sdata->vif.type == NL80211_IFTYPE_STATION) 74 memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN); 75 76 mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT | 77 IEEE80211_STYPE_ACTION); 78 79 skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_req)); 80 81 mgmt->u.action.category = WLAN_CATEGORY_BACK; 82 mgmt->u.action.u.addba_req.action_code = WLAN_ACTION_ADDBA_REQ; 83 84 mgmt->u.action.u.addba_req.dialog_token = dialog_token; 85 capab = (u16)(1 << 1); /* bit 1 aggregation policy */ 86 capab |= (u16)(tid << 2); /* bit 5:2 TID number */ 87 capab |= (u16)(agg_size << 6); /* bit 15:6 max size of aggergation */ 88 89 mgmt->u.action.u.addba_req.capab = cpu_to_le16(capab); 90 91 mgmt->u.action.u.addba_req.timeout = cpu_to_le16(timeout); 92 mgmt->u.action.u.addba_req.start_seq_num = 93 cpu_to_le16(start_seq_num << 4); 94 95 ieee80211_tx_skb(sdata, skb); 96 } 97 98 void ieee80211_send_bar(struct ieee80211_sub_if_data *sdata, u8 *ra, u16 tid, u16 ssn) 99 { 100 struct ieee80211_local *local = sdata->local; 101 struct sk_buff *skb; 102 struct ieee80211_bar *bar; 103 u16 bar_control = 0; 104 105 skb = dev_alloc_skb(sizeof(*bar) + local->hw.extra_tx_headroom); 106 if (!skb) { 107 printk(KERN_ERR "%s: failed to allocate buffer for " 108 "bar frame\n", sdata->name); 109 return; 110 } 111 skb_reserve(skb, local->hw.extra_tx_headroom); 112 bar = (struct ieee80211_bar *)skb_put(skb, sizeof(*bar)); 113 memset(bar, 0, sizeof(*bar)); 114 bar->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL | 115 IEEE80211_STYPE_BACK_REQ); 116 memcpy(bar->ra, ra, ETH_ALEN); 117 memcpy(bar->ta, sdata->vif.addr, ETH_ALEN); 118 bar_control |= (u16)IEEE80211_BAR_CTRL_ACK_POLICY_NORMAL; 119 bar_control |= (u16)IEEE80211_BAR_CTRL_CBMTID_COMPRESSED_BA; 120 bar_control |= (u16)(tid << 12); 121 bar->control = cpu_to_le16(bar_control); 122 bar->start_seq_num = cpu_to_le16(ssn); 123 124 IEEE80211_SKB_CB(skb)->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT; 125 ieee80211_tx_skb(sdata, skb); 126 } 127 128 static void kfree_tid_tx(struct rcu_head *rcu_head) 129 { 130 struct tid_ampdu_tx *tid_tx = 131 container_of(rcu_head, struct tid_ampdu_tx, rcu_head); 132 133 kfree(tid_tx); 134 } 135 136 static int ___ieee80211_stop_tx_ba_session( 137 struct sta_info *sta, u16 tid, 138 enum ieee80211_back_parties initiator) 139 { 140 struct ieee80211_local *local = sta->local; 141 struct tid_ampdu_tx *tid_tx = sta->ampdu_mlme.tid_tx[tid]; 142 int ret; 143 144 lockdep_assert_held(&sta->lock); 145 146 if (WARN_ON(!tid_tx)) 147 return -ENOENT; 148 149 #ifdef CONFIG_MAC80211_HT_DEBUG 150 printk(KERN_DEBUG "Tx BA session stop requested for %pM tid %u\n", 151 sta->sta.addr, tid); 152 #endif /* CONFIG_MAC80211_HT_DEBUG */ 153 154 set_bit(HT_AGG_STATE_STOPPING, &tid_tx->state); 155 156 /* 157 * After this packets are no longer handed right through 158 * to the driver but are put onto tid_tx->pending instead, 159 * with locking to ensure proper access. 160 */ 161 clear_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state); 162 163 tid_tx->stop_initiator = initiator; 164 165 ret = drv_ampdu_action(local, sta->sdata, 166 IEEE80211_AMPDU_TX_STOP, 167 &sta->sta, tid, NULL); 168 169 /* HW shall not deny going back to legacy */ 170 if (WARN_ON(ret)) { 171 /* 172 * We may have pending packets get stuck in this case... 173 * Not bothering with a workaround for now. 174 */ 175 } 176 177 return ret; 178 } 179 180 /* 181 * After sending add Block Ack request we activated a timer until 182 * add Block Ack response will arrive from the recipient. 183 * If this timer expires sta_addba_resp_timer_expired will be executed. 184 */ 185 static void sta_addba_resp_timer_expired(unsigned long data) 186 { 187 /* not an elegant detour, but there is no choice as the timer passes 188 * only one argument, and both sta_info and TID are needed, so init 189 * flow in sta_info_create gives the TID as data, while the timer_to_id 190 * array gives the sta through container_of */ 191 u16 tid = *(u8 *)data; 192 struct sta_info *sta = container_of((void *)data, 193 struct sta_info, timer_to_tid[tid]); 194 struct tid_ampdu_tx *tid_tx; 195 196 /* check if the TID waits for addBA response */ 197 spin_lock_bh(&sta->lock); 198 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 199 if (!tid_tx || 200 test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) { 201 spin_unlock_bh(&sta->lock); 202 #ifdef CONFIG_MAC80211_HT_DEBUG 203 printk(KERN_DEBUG "timer expired on tid %d but we are not " 204 "(or no longer) expecting addBA response there\n", 205 tid); 206 #endif 207 return; 208 } 209 210 #ifdef CONFIG_MAC80211_HT_DEBUG 211 printk(KERN_DEBUG "addBA response timer expired on tid %d\n", tid); 212 #endif 213 214 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 215 spin_unlock_bh(&sta->lock); 216 } 217 218 static inline int ieee80211_ac_from_tid(int tid) 219 { 220 return ieee802_1d_to_ac[tid & 7]; 221 } 222 223 /* 224 * When multiple aggregation sessions on multiple stations 225 * are being created/destroyed simultaneously, we need to 226 * refcount the global queue stop caused by that in order 227 * to not get into a situation where one of the aggregation 228 * setup or teardown re-enables queues before the other is 229 * ready to handle that. 230 * 231 * These two functions take care of this issue by keeping 232 * a global "agg_queue_stop" refcount. 233 */ 234 static void __acquires(agg_queue) 235 ieee80211_stop_queue_agg(struct ieee80211_local *local, int tid) 236 { 237 int queue = ieee80211_ac_from_tid(tid); 238 239 if (atomic_inc_return(&local->agg_queue_stop[queue]) == 1) 240 ieee80211_stop_queue_by_reason( 241 &local->hw, queue, 242 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 243 __acquire(agg_queue); 244 } 245 246 static void __releases(agg_queue) 247 ieee80211_wake_queue_agg(struct ieee80211_local *local, int tid) 248 { 249 int queue = ieee80211_ac_from_tid(tid); 250 251 if (atomic_dec_return(&local->agg_queue_stop[queue]) == 0) 252 ieee80211_wake_queue_by_reason( 253 &local->hw, queue, 254 IEEE80211_QUEUE_STOP_REASON_AGGREGATION); 255 __release(agg_queue); 256 } 257 258 int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 259 { 260 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 261 struct ieee80211_sub_if_data *sdata = sta->sdata; 262 struct ieee80211_local *local = sdata->local; 263 struct tid_ampdu_tx *tid_tx; 264 int ret = 0; 265 u16 start_seq_num; 266 267 trace_api_start_tx_ba_session(pubsta, tid); 268 269 if (WARN_ON(!local->ops->ampdu_action)) 270 return -EINVAL; 271 272 if ((tid >= STA_TID_NUM) || 273 !(local->hw.flags & IEEE80211_HW_AMPDU_AGGREGATION)) 274 return -EINVAL; 275 276 #ifdef CONFIG_MAC80211_HT_DEBUG 277 printk(KERN_DEBUG "Open BA session requested for %pM tid %u\n", 278 pubsta->addr, tid); 279 #endif /* CONFIG_MAC80211_HT_DEBUG */ 280 281 /* 282 * The aggregation code is not prepared to handle 283 * anything but STA/AP due to the BSSID handling. 284 * IBSS could work in the code but isn't supported 285 * by drivers or the standard. 286 */ 287 if (sdata->vif.type != NL80211_IFTYPE_STATION && 288 sdata->vif.type != NL80211_IFTYPE_AP_VLAN && 289 sdata->vif.type != NL80211_IFTYPE_AP) 290 return -EINVAL; 291 292 if (test_sta_flags(sta, WLAN_STA_BLOCK_BA)) { 293 #ifdef CONFIG_MAC80211_HT_DEBUG 294 printk(KERN_DEBUG "BA sessions blocked. " 295 "Denying BA session request\n"); 296 #endif 297 return -EINVAL; 298 } 299 300 spin_lock_bh(&sta->lock); 301 302 /* we have tried too many times, receiver does not want A-MPDU */ 303 if (sta->ampdu_mlme.addba_req_num[tid] > HT_AGG_MAX_RETRIES) { 304 ret = -EBUSY; 305 goto err_unlock_sta; 306 } 307 308 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 309 /* check if the TID is not in aggregation flow already */ 310 if (tid_tx) { 311 #ifdef CONFIG_MAC80211_HT_DEBUG 312 printk(KERN_DEBUG "BA request denied - session is not " 313 "idle on tid %u\n", tid); 314 #endif /* CONFIG_MAC80211_HT_DEBUG */ 315 ret = -EAGAIN; 316 goto err_unlock_sta; 317 } 318 319 /* 320 * While we're asking the driver about the aggregation, 321 * stop the AC queue so that we don't have to worry 322 * about frames that came in while we were doing that, 323 * which would require us to put them to the AC pending 324 * afterwards which just makes the code more complex. 325 */ 326 ieee80211_stop_queue_agg(local, tid); 327 328 /* prepare A-MPDU MLME for Tx aggregation */ 329 tid_tx = kzalloc(sizeof(struct tid_ampdu_tx), GFP_ATOMIC); 330 if (!tid_tx) { 331 #ifdef CONFIG_MAC80211_HT_DEBUG 332 if (net_ratelimit()) 333 printk(KERN_ERR "allocate tx mlme to tid %d failed\n", 334 tid); 335 #endif 336 ret = -ENOMEM; 337 goto err_wake_queue; 338 } 339 340 skb_queue_head_init(&tid_tx->pending); 341 342 /* Tx timer */ 343 tid_tx->addba_resp_timer.function = sta_addba_resp_timer_expired; 344 tid_tx->addba_resp_timer.data = (unsigned long)&sta->timer_to_tid[tid]; 345 init_timer(&tid_tx->addba_resp_timer); 346 347 start_seq_num = sta->tid_seq[tid] >> 4; 348 349 ret = drv_ampdu_action(local, sdata, IEEE80211_AMPDU_TX_START, 350 pubsta, tid, &start_seq_num); 351 if (ret) { 352 #ifdef CONFIG_MAC80211_HT_DEBUG 353 printk(KERN_DEBUG "BA request denied - HW unavailable for" 354 " tid %d\n", tid); 355 #endif /* CONFIG_MAC80211_HT_DEBUG */ 356 goto err_free; 357 } 358 359 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], tid_tx); 360 361 /* Driver vetoed or OKed, but we can take packets again now */ 362 ieee80211_wake_queue_agg(local, tid); 363 364 /* activate the timer for the recipient's addBA response */ 365 tid_tx->addba_resp_timer.expires = jiffies + ADDBA_RESP_INTERVAL; 366 add_timer(&tid_tx->addba_resp_timer); 367 #ifdef CONFIG_MAC80211_HT_DEBUG 368 printk(KERN_DEBUG "activated addBA response timer on tid %d\n", tid); 369 #endif 370 371 /* prepare tid data */ 372 sta->ampdu_mlme.dialog_token_allocator++; 373 tid_tx->dialog_token = sta->ampdu_mlme.dialog_token_allocator; 374 tid_tx->ssn = start_seq_num; 375 376 sta->ampdu_mlme.addba_req_num[tid]++; 377 378 spin_unlock_bh(&sta->lock); 379 380 /* send AddBA request */ 381 ieee80211_send_addba_request(sdata, pubsta->addr, tid, 382 tid_tx->dialog_token, tid_tx->ssn, 383 0x40, 5000); 384 return 0; 385 386 err_free: 387 kfree(tid_tx); 388 err_wake_queue: 389 ieee80211_wake_queue_agg(local, tid); 390 err_unlock_sta: 391 spin_unlock_bh(&sta->lock); 392 return ret; 393 } 394 EXPORT_SYMBOL(ieee80211_start_tx_ba_session); 395 396 /* 397 * splice packets from the STA's pending to the local pending, 398 * requires a call to ieee80211_agg_splice_finish later 399 */ 400 static void __acquires(agg_queue) 401 ieee80211_agg_splice_packets(struct ieee80211_local *local, 402 struct tid_ampdu_tx *tid_tx, u16 tid) 403 { 404 int queue = ieee80211_ac_from_tid(tid); 405 unsigned long flags; 406 407 ieee80211_stop_queue_agg(local, tid); 408 409 if (WARN(!tid_tx, "TID %d gone but expected when splicing aggregates" 410 " from the pending queue\n", tid)) 411 return; 412 413 if (!skb_queue_empty(&tid_tx->pending)) { 414 spin_lock_irqsave(&local->queue_stop_reason_lock, flags); 415 /* copy over remaining packets */ 416 skb_queue_splice_tail_init(&tid_tx->pending, 417 &local->pending[queue]); 418 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); 419 } 420 } 421 422 static void __releases(agg_queue) 423 ieee80211_agg_splice_finish(struct ieee80211_local *local, u16 tid) 424 { 425 ieee80211_wake_queue_agg(local, tid); 426 } 427 428 /* caller must hold sta->lock */ 429 static void ieee80211_agg_tx_operational(struct ieee80211_local *local, 430 struct sta_info *sta, u16 tid) 431 { 432 lockdep_assert_held(&sta->lock); 433 434 #ifdef CONFIG_MAC80211_HT_DEBUG 435 printk(KERN_DEBUG "Aggregation is on for tid %d\n", tid); 436 #endif 437 438 ieee80211_agg_splice_packets(local, sta->ampdu_mlme.tid_tx[tid], tid); 439 /* 440 * Now mark as operational. This will be visible 441 * in the TX path, and lets it go lock-free in 442 * the common case. 443 */ 444 set_bit(HT_AGG_STATE_OPERATIONAL, &sta->ampdu_mlme.tid_tx[tid]->state); 445 ieee80211_agg_splice_finish(local, tid); 446 447 drv_ampdu_action(local, sta->sdata, 448 IEEE80211_AMPDU_TX_OPERATIONAL, 449 &sta->sta, tid, NULL); 450 } 451 452 void ieee80211_start_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u16 tid) 453 { 454 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 455 struct ieee80211_local *local = sdata->local; 456 struct sta_info *sta; 457 struct tid_ampdu_tx *tid_tx; 458 459 trace_api_start_tx_ba_cb(sdata, ra, tid); 460 461 if (tid >= STA_TID_NUM) { 462 #ifdef CONFIG_MAC80211_HT_DEBUG 463 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 464 tid, STA_TID_NUM); 465 #endif 466 return; 467 } 468 469 rcu_read_lock(); 470 sta = sta_info_get(sdata, ra); 471 if (!sta) { 472 rcu_read_unlock(); 473 #ifdef CONFIG_MAC80211_HT_DEBUG 474 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 475 #endif 476 return; 477 } 478 479 spin_lock_bh(&sta->lock); 480 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 481 482 if (WARN_ON(!tid_tx)) { 483 #ifdef CONFIG_MAC80211_HT_DEBUG 484 printk(KERN_DEBUG "addBA was not requested!\n"); 485 #endif 486 spin_unlock_bh(&sta->lock); 487 rcu_read_unlock(); 488 return; 489 } 490 491 if (WARN_ON(test_and_set_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state))) 492 goto out; 493 494 if (test_bit(HT_AGG_STATE_RESPONSE_RECEIVED, &tid_tx->state)) 495 ieee80211_agg_tx_operational(local, sta, tid); 496 497 out: 498 spin_unlock_bh(&sta->lock); 499 rcu_read_unlock(); 500 } 501 502 void ieee80211_start_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 503 const u8 *ra, u16 tid) 504 { 505 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 506 struct ieee80211_local *local = sdata->local; 507 struct ieee80211_ra_tid *ra_tid; 508 struct sk_buff *skb = dev_alloc_skb(0); 509 510 if (unlikely(!skb)) { 511 #ifdef CONFIG_MAC80211_HT_DEBUG 512 if (net_ratelimit()) 513 printk(KERN_WARNING "%s: Not enough memory, " 514 "dropping start BA session", sdata->name); 515 #endif 516 return; 517 } 518 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 519 memcpy(&ra_tid->ra, ra, ETH_ALEN); 520 ra_tid->tid = tid; 521 522 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_START; 523 skb_queue_tail(&sdata->skb_queue, skb); 524 ieee80211_queue_work(&local->hw, &sdata->work); 525 } 526 EXPORT_SYMBOL(ieee80211_start_tx_ba_cb_irqsafe); 527 528 int __ieee80211_stop_tx_ba_session(struct sta_info *sta, u16 tid, 529 enum ieee80211_back_parties initiator) 530 { 531 struct tid_ampdu_tx *tid_tx; 532 int ret; 533 534 spin_lock_bh(&sta->lock); 535 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 536 537 /* check if the TID is in aggregation */ 538 if (!tid_tx || !test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) { 539 ret = -ENOENT; 540 goto unlock; 541 } 542 543 ret = ___ieee80211_stop_tx_ba_session(sta, tid, initiator); 544 545 unlock: 546 spin_unlock_bh(&sta->lock); 547 return ret; 548 } 549 550 int ieee80211_stop_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid) 551 { 552 struct sta_info *sta = container_of(pubsta, struct sta_info, sta); 553 struct ieee80211_sub_if_data *sdata = sta->sdata; 554 struct ieee80211_local *local = sdata->local; 555 556 trace_api_stop_tx_ba_session(pubsta, tid); 557 558 if (!local->ops->ampdu_action) 559 return -EINVAL; 560 561 if (tid >= STA_TID_NUM) 562 return -EINVAL; 563 564 return __ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 565 } 566 EXPORT_SYMBOL(ieee80211_stop_tx_ba_session); 567 568 void ieee80211_stop_tx_ba_cb(struct ieee80211_vif *vif, u8 *ra, u8 tid) 569 { 570 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 571 struct ieee80211_local *local = sdata->local; 572 struct sta_info *sta; 573 struct tid_ampdu_tx *tid_tx; 574 575 trace_api_stop_tx_ba_cb(sdata, ra, tid); 576 577 if (tid >= STA_TID_NUM) { 578 #ifdef CONFIG_MAC80211_HT_DEBUG 579 printk(KERN_DEBUG "Bad TID value: tid = %d (>= %d)\n", 580 tid, STA_TID_NUM); 581 #endif 582 return; 583 } 584 585 #ifdef CONFIG_MAC80211_HT_DEBUG 586 printk(KERN_DEBUG "Stopping Tx BA session for %pM tid %d\n", 587 ra, tid); 588 #endif /* CONFIG_MAC80211_HT_DEBUG */ 589 590 rcu_read_lock(); 591 sta = sta_info_get(sdata, ra); 592 if (!sta) { 593 #ifdef CONFIG_MAC80211_HT_DEBUG 594 printk(KERN_DEBUG "Could not find station: %pM\n", ra); 595 #endif 596 rcu_read_unlock(); 597 return; 598 } 599 600 spin_lock_bh(&sta->lock); 601 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 602 603 if (!tid_tx || !test_bit(HT_AGG_STATE_STOPPING, &tid_tx->state)) { 604 #ifdef CONFIG_MAC80211_HT_DEBUG 605 printk(KERN_DEBUG "unexpected callback to A-MPDU stop\n"); 606 #endif 607 spin_unlock_bh(&sta->lock); 608 rcu_read_unlock(); 609 return; 610 } 611 612 if (tid_tx->stop_initiator == WLAN_BACK_INITIATOR) 613 ieee80211_send_delba(sta->sdata, ra, tid, 614 WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); 615 616 /* 617 * When we get here, the TX path will not be lockless any more wrt. 618 * aggregation, since the OPERATIONAL bit has long been cleared. 619 * Thus it will block on getting the lock, if it occurs. So if we 620 * stop the queue now, we will not get any more packets, and any 621 * that might be being processed will wait for us here, thereby 622 * guaranteeing that no packets go to the tid_tx pending queue any 623 * more. 624 */ 625 626 ieee80211_agg_splice_packets(local, tid_tx, tid); 627 628 /* future packets must not find the tid_tx struct any more */ 629 rcu_assign_pointer(sta->ampdu_mlme.tid_tx[tid], NULL); 630 631 ieee80211_agg_splice_finish(local, tid); 632 633 call_rcu(&tid_tx->rcu_head, kfree_tid_tx); 634 635 spin_unlock_bh(&sta->lock); 636 rcu_read_unlock(); 637 } 638 639 void ieee80211_stop_tx_ba_cb_irqsafe(struct ieee80211_vif *vif, 640 const u8 *ra, u16 tid) 641 { 642 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif); 643 struct ieee80211_local *local = sdata->local; 644 struct ieee80211_ra_tid *ra_tid; 645 struct sk_buff *skb = dev_alloc_skb(0); 646 647 if (unlikely(!skb)) { 648 #ifdef CONFIG_MAC80211_HT_DEBUG 649 if (net_ratelimit()) 650 printk(KERN_WARNING "%s: Not enough memory, " 651 "dropping stop BA session", sdata->name); 652 #endif 653 return; 654 } 655 ra_tid = (struct ieee80211_ra_tid *) &skb->cb; 656 memcpy(&ra_tid->ra, ra, ETH_ALEN); 657 ra_tid->tid = tid; 658 659 skb->pkt_type = IEEE80211_SDATA_QUEUE_AGG_STOP; 660 skb_queue_tail(&sdata->skb_queue, skb); 661 ieee80211_queue_work(&local->hw, &sdata->work); 662 } 663 EXPORT_SYMBOL(ieee80211_stop_tx_ba_cb_irqsafe); 664 665 666 void ieee80211_process_addba_resp(struct ieee80211_local *local, 667 struct sta_info *sta, 668 struct ieee80211_mgmt *mgmt, 669 size_t len) 670 { 671 struct tid_ampdu_tx *tid_tx; 672 u16 capab, tid; 673 674 capab = le16_to_cpu(mgmt->u.action.u.addba_resp.capab); 675 tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2; 676 677 spin_lock_bh(&sta->lock); 678 679 tid_tx = sta->ampdu_mlme.tid_tx[tid]; 680 681 if (!tid_tx) 682 goto out; 683 684 if (mgmt->u.action.u.addba_resp.dialog_token != tid_tx->dialog_token) { 685 #ifdef CONFIG_MAC80211_HT_DEBUG 686 printk(KERN_DEBUG "wrong addBA response token, tid %d\n", tid); 687 #endif 688 goto out; 689 } 690 691 del_timer(&tid_tx->addba_resp_timer); 692 693 #ifdef CONFIG_MAC80211_HT_DEBUG 694 printk(KERN_DEBUG "switched off addBA timer for tid %d\n", tid); 695 #endif 696 697 if (le16_to_cpu(mgmt->u.action.u.addba_resp.status) 698 == WLAN_STATUS_SUCCESS) { 699 if (test_and_set_bit(HT_AGG_STATE_RESPONSE_RECEIVED, 700 &tid_tx->state)) { 701 /* ignore duplicate response */ 702 goto out; 703 } 704 705 if (test_bit(HT_AGG_STATE_DRV_READY, &tid_tx->state)) 706 ieee80211_agg_tx_operational(local, sta, tid); 707 708 sta->ampdu_mlme.addba_req_num[tid] = 0; 709 } else { 710 ___ieee80211_stop_tx_ba_session(sta, tid, WLAN_BACK_INITIATOR); 711 } 712 713 out: 714 spin_unlock_bh(&sta->lock); 715 } 716