]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/mac80211/tx.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge existing fixes from regulator/for-5.14
[mirror_ubuntu-jammy-kernel.git] / net / mac80211 / tx.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright (C) 2018-2021 Intel Corporation
9 *
10 * Transmit and frame generation functions.
11 */
12
13 #include <linux/kernel.h>
14 #include <linux/slab.h>
15 #include <linux/skbuff.h>
16 #include <linux/if_vlan.h>
17 #include <linux/etherdevice.h>
18 #include <linux/bitmap.h>
19 #include <linux/rcupdate.h>
20 #include <linux/export.h>
21 #include <linux/timekeeping.h>
22 #include <net/net_namespace.h>
23 #include <net/ieee80211_radiotap.h>
24 #include <net/cfg80211.h>
25 #include <net/mac80211.h>
26 #include <net/codel.h>
27 #include <net/codel_impl.h>
28 #include <asm/unaligned.h>
29 #include <net/fq_impl.h>
30
31 #include "ieee80211_i.h"
32 #include "driver-ops.h"
33 #include "led.h"
34 #include "mesh.h"
35 #include "wep.h"
36 #include "wpa.h"
37 #include "wme.h"
38 #include "rate.h"
39
40 /* misc utils */
41
42 static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
43 struct sk_buff *skb, int group_addr,
44 int next_frag_len)
45 {
46 int rate, mrate, erp, dur, i, shift = 0;
47 struct ieee80211_rate *txrate;
48 struct ieee80211_local *local = tx->local;
49 struct ieee80211_supported_band *sband;
50 struct ieee80211_hdr *hdr;
51 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
52 struct ieee80211_chanctx_conf *chanctx_conf;
53 u32 rate_flags = 0;
54
55 /* assume HW handles this */
56 if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
57 return 0;
58
59 rcu_read_lock();
60 chanctx_conf = rcu_dereference(tx->sdata->vif.chanctx_conf);
61 if (chanctx_conf) {
62 shift = ieee80211_chandef_get_shift(&chanctx_conf->def);
63 rate_flags = ieee80211_chandef_rate_flags(&chanctx_conf->def);
64 }
65 rcu_read_unlock();
66
67 /* uh huh? */
68 if (WARN_ON_ONCE(tx->rate.idx < 0))
69 return 0;
70
71 sband = local->hw.wiphy->bands[info->band];
72 txrate = &sband->bitrates[tx->rate.idx];
73
74 erp = txrate->flags & IEEE80211_RATE_ERP_G;
75
76 /* device is expected to do this */
77 if (sband->band == NL80211_BAND_S1GHZ)
78 return 0;
79
80 /*
81 * data and mgmt (except PS Poll):
82 * - during CFP: 32768
83 * - during contention period:
84 * if addr1 is group address: 0
85 * if more fragments = 0 and addr1 is individual address: time to
86 * transmit one ACK plus SIFS
87 * if more fragments = 1 and addr1 is individual address: time to
88 * transmit next fragment plus 2 x ACK plus 3 x SIFS
89 *
90 * IEEE 802.11, 9.6:
91 * - control response frame (CTS or ACK) shall be transmitted using the
92 * same rate as the immediately previous frame in the frame exchange
93 * sequence, if this rate belongs to the PHY mandatory rates, or else
94 * at the highest possible rate belonging to the PHY rates in the
95 * BSSBasicRateSet
96 */
97 hdr = (struct ieee80211_hdr *)skb->data;
98 if (ieee80211_is_ctl(hdr->frame_control)) {
99 /* TODO: These control frames are not currently sent by
100 * mac80211, but should they be implemented, this function
101 * needs to be updated to support duration field calculation.
102 *
103 * RTS: time needed to transmit pending data/mgmt frame plus
104 * one CTS frame plus one ACK frame plus 3 x SIFS
105 * CTS: duration of immediately previous RTS minus time
106 * required to transmit CTS and its SIFS
107 * ACK: 0 if immediately previous directed data/mgmt had
108 * more=0, with more=1 duration in ACK frame is duration
109 * from previous frame minus time needed to transmit ACK
110 * and its SIFS
111 * PS Poll: BIT(15) | BIT(14) | aid
112 */
113 return 0;
114 }
115
116 /* data/mgmt */
117 if (0 /* FIX: data/mgmt during CFP */)
118 return cpu_to_le16(32768);
119
120 if (group_addr) /* Group address as the destination - no ACK */
121 return 0;
122
123 /* Individual destination address:
124 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
125 * CTS and ACK frames shall be transmitted using the highest rate in
126 * basic rate set that is less than or equal to the rate of the
127 * immediately previous frame and that is using the same modulation
128 * (CCK or OFDM). If no basic rate set matches with these requirements,
129 * the highest mandatory rate of the PHY that is less than or equal to
130 * the rate of the previous frame is used.
131 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
132 */
133 rate = -1;
134 /* use lowest available if everything fails */
135 mrate = sband->bitrates[0].bitrate;
136 for (i = 0; i < sband->n_bitrates; i++) {
137 struct ieee80211_rate *r = &sband->bitrates[i];
138
139 if (r->bitrate > txrate->bitrate)
140 break;
141
142 if ((rate_flags & r->flags) != rate_flags)
143 continue;
144
145 if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
146 rate = DIV_ROUND_UP(r->bitrate, 1 << shift);
147
148 switch (sband->band) {
149 case NL80211_BAND_2GHZ: {
150 u32 flag;
151 if (tx->sdata->flags & IEEE80211_SDATA_OPERATING_GMODE)
152 flag = IEEE80211_RATE_MANDATORY_G;
153 else
154 flag = IEEE80211_RATE_MANDATORY_B;
155 if (r->flags & flag)
156 mrate = r->bitrate;
157 break;
158 }
159 case NL80211_BAND_5GHZ:
160 case NL80211_BAND_6GHZ:
161 if (r->flags & IEEE80211_RATE_MANDATORY_A)
162 mrate = r->bitrate;
163 break;
164 case NL80211_BAND_S1GHZ:
165 case NL80211_BAND_60GHZ:
166 /* TODO, for now fall through */
167 case NUM_NL80211_BANDS:
168 WARN_ON(1);
169 break;
170 }
171 }
172 if (rate == -1) {
173 /* No matching basic rate found; use highest suitable mandatory
174 * PHY rate */
175 rate = DIV_ROUND_UP(mrate, 1 << shift);
176 }
177
178 /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
179 if (ieee80211_is_data_qos(hdr->frame_control) &&
180 *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
181 dur = 0;
182 else
183 /* Time needed to transmit ACK
184 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
185 * to closest integer */
186 dur = ieee80211_frame_duration(sband->band, 10, rate, erp,
187 tx->sdata->vif.bss_conf.use_short_preamble,
188 shift);
189
190 if (next_frag_len) {
191 /* Frame is fragmented: duration increases with time needed to
192 * transmit next fragment plus ACK and 2 x SIFS. */
193 dur *= 2; /* ACK + SIFS */
194 /* next fragment */
195 dur += ieee80211_frame_duration(sband->band, next_frag_len,
196 txrate->bitrate, erp,
197 tx->sdata->vif.bss_conf.use_short_preamble,
198 shift);
199 }
200
201 return cpu_to_le16(dur);
202 }
203
204 /* tx handlers */
205 static ieee80211_tx_result debug_noinline
206 ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
207 {
208 struct ieee80211_local *local = tx->local;
209 struct ieee80211_if_managed *ifmgd;
210 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
211
212 /* driver doesn't support power save */
213 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
214 return TX_CONTINUE;
215
216 /* hardware does dynamic power save */
217 if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
218 return TX_CONTINUE;
219
220 /* dynamic power save disabled */
221 if (local->hw.conf.dynamic_ps_timeout <= 0)
222 return TX_CONTINUE;
223
224 /* we are scanning, don't enable power save */
225 if (local->scanning)
226 return TX_CONTINUE;
227
228 if (!local->ps_sdata)
229 return TX_CONTINUE;
230
231 /* No point if we're going to suspend */
232 if (local->quiescing)
233 return TX_CONTINUE;
234
235 /* dynamic ps is supported only in managed mode */
236 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
237 return TX_CONTINUE;
238
239 if (unlikely(info->flags & IEEE80211_TX_INTFL_OFFCHAN_TX_OK))
240 return TX_CONTINUE;
241
242 ifmgd = &tx->sdata->u.mgd;
243
244 /*
245 * Don't wakeup from power save if u-apsd is enabled, voip ac has
246 * u-apsd enabled and the frame is in voip class. This effectively
247 * means that even if all access categories have u-apsd enabled, in
248 * practise u-apsd is only used with the voip ac. This is a
249 * workaround for the case when received voip class packets do not
250 * have correct qos tag for some reason, due the network or the
251 * peer application.
252 *
253 * Note: ifmgd->uapsd_queues access is racy here. If the value is
254 * changed via debugfs, user needs to reassociate manually to have
255 * everything in sync.
256 */
257 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
258 (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
259 skb_get_queue_mapping(tx->skb) == IEEE80211_AC_VO)
260 return TX_CONTINUE;
261
262 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
263 ieee80211_stop_queues_by_reason(&local->hw,
264 IEEE80211_MAX_QUEUE_MAP,
265 IEEE80211_QUEUE_STOP_REASON_PS,
266 false);
267 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
268 ieee80211_queue_work(&local->hw,
269 &local->dynamic_ps_disable_work);
270 }
271
272 /* Don't restart the timer if we're not disassociated */
273 if (!ifmgd->associated)
274 return TX_CONTINUE;
275
276 mod_timer(&local->dynamic_ps_timer, jiffies +
277 msecs_to_jiffies(local->hw.conf.dynamic_ps_timeout));
278
279 return TX_CONTINUE;
280 }
281
282 static ieee80211_tx_result debug_noinline
283 ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
284 {
285
286 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
287 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
288 bool assoc = false;
289
290 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
291 return TX_CONTINUE;
292
293 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
294 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
295 !ieee80211_is_probe_req(hdr->frame_control) &&
296 !ieee80211_is_any_nullfunc(hdr->frame_control))
297 /*
298 * When software scanning only nullfunc frames (to notify
299 * the sleep state to the AP) and probe requests (for the
300 * active scan) are allowed, all other frames should not be
301 * sent and we should not get here, but if we do
302 * nonetheless, drop them to avoid sending them
303 * off-channel. See the link below and
304 * ieee80211_start_scan() for more.
305 *
306 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
307 */
308 return TX_DROP;
309
310 if (tx->sdata->vif.type == NL80211_IFTYPE_OCB)
311 return TX_CONTINUE;
312
313 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
314 return TX_CONTINUE;
315
316 if (tx->sta)
317 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
318
319 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
320 if (unlikely(!assoc &&
321 ieee80211_is_data(hdr->frame_control))) {
322 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
323 sdata_info(tx->sdata,
324 "dropped data frame to not associated station %pM\n",
325 hdr->addr1);
326 #endif
327 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
328 return TX_DROP;
329 }
330 } else if (unlikely(ieee80211_is_data(hdr->frame_control) &&
331 ieee80211_vif_get_num_mcast_if(tx->sdata) == 0)) {
332 /*
333 * No associated STAs - no need to send multicast
334 * frames.
335 */
336 return TX_DROP;
337 }
338
339 return TX_CONTINUE;
340 }
341
342 /* This function is called whenever the AP is about to exceed the maximum limit
343 * of buffered frames for power saving STAs. This situation should not really
344 * happen often during normal operation, so dropping the oldest buffered packet
345 * from each queue should be OK to make some room for new frames. */
346 static void purge_old_ps_buffers(struct ieee80211_local *local)
347 {
348 int total = 0, purged = 0;
349 struct sk_buff *skb;
350 struct ieee80211_sub_if_data *sdata;
351 struct sta_info *sta;
352
353 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
354 struct ps_data *ps;
355
356 if (sdata->vif.type == NL80211_IFTYPE_AP)
357 ps = &sdata->u.ap.ps;
358 else if (ieee80211_vif_is_mesh(&sdata->vif))
359 ps = &sdata->u.mesh.ps;
360 else
361 continue;
362
363 skb = skb_dequeue(&ps->bc_buf);
364 if (skb) {
365 purged++;
366 ieee80211_free_txskb(&local->hw, skb);
367 }
368 total += skb_queue_len(&ps->bc_buf);
369 }
370
371 /*
372 * Drop one frame from each station from the lowest-priority
373 * AC that has frames at all.
374 */
375 list_for_each_entry_rcu(sta, &local->sta_list, list) {
376 int ac;
377
378 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
379 skb = skb_dequeue(&sta->ps_tx_buf[ac]);
380 total += skb_queue_len(&sta->ps_tx_buf[ac]);
381 if (skb) {
382 purged++;
383 ieee80211_free_txskb(&local->hw, skb);
384 break;
385 }
386 }
387 }
388
389 local->total_ps_buffered = total;
390 ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
391 }
392
393 static ieee80211_tx_result
394 ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
395 {
396 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
397 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
398 struct ps_data *ps;
399
400 /*
401 * broadcast/multicast frame
402 *
403 * If any of the associated/peer stations is in power save mode,
404 * the frame is buffered to be sent after DTIM beacon frame.
405 * This is done either by the hardware or us.
406 */
407
408 /* powersaving STAs currently only in AP/VLAN/mesh mode */
409 if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
410 tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
411 if (!tx->sdata->bss)
412 return TX_CONTINUE;
413
414 ps = &tx->sdata->bss->ps;
415 } else if (ieee80211_vif_is_mesh(&tx->sdata->vif)) {
416 ps = &tx->sdata->u.mesh.ps;
417 } else {
418 return TX_CONTINUE;
419 }
420
421
422 /* no buffering for ordered frames */
423 if (ieee80211_has_order(hdr->frame_control))
424 return TX_CONTINUE;
425
426 if (ieee80211_is_probe_req(hdr->frame_control))
427 return TX_CONTINUE;
428
429 if (ieee80211_hw_check(&tx->local->hw, QUEUE_CONTROL))
430 info->hw_queue = tx->sdata->vif.cab_queue;
431
432 /* no stations in PS mode and no buffered packets */
433 if (!atomic_read(&ps->num_sta_ps) && skb_queue_empty(&ps->bc_buf))
434 return TX_CONTINUE;
435
436 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
437
438 /* device releases frame after DTIM beacon */
439 if (!ieee80211_hw_check(&tx->local->hw, HOST_BROADCAST_PS_BUFFERING))
440 return TX_CONTINUE;
441
442 /* buffered in mac80211 */
443 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
444 purge_old_ps_buffers(tx->local);
445
446 if (skb_queue_len(&ps->bc_buf) >= AP_MAX_BC_BUFFER) {
447 ps_dbg(tx->sdata,
448 "BC TX buffer full - dropping the oldest frame\n");
449 ieee80211_free_txskb(&tx->local->hw, skb_dequeue(&ps->bc_buf));
450 } else
451 tx->local->total_ps_buffered++;
452
453 skb_queue_tail(&ps->bc_buf, tx->skb);
454
455 return TX_QUEUED;
456 }
457
458 static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
459 struct sk_buff *skb)
460 {
461 if (!ieee80211_is_mgmt(fc))
462 return 0;
463
464 if (sta == NULL || !test_sta_flag(sta, WLAN_STA_MFP))
465 return 0;
466
467 if (!ieee80211_is_robust_mgmt_frame(skb))
468 return 0;
469
470 return 1;
471 }
472
473 static ieee80211_tx_result
474 ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
475 {
476 struct sta_info *sta = tx->sta;
477 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
478 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
479 struct ieee80211_local *local = tx->local;
480
481 if (unlikely(!sta))
482 return TX_CONTINUE;
483
484 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
485 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
486 test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
487 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
488 int ac = skb_get_queue_mapping(tx->skb);
489
490 if (ieee80211_is_mgmt(hdr->frame_control) &&
491 !ieee80211_is_bufferable_mmpdu(hdr->frame_control)) {
492 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
493 return TX_CONTINUE;
494 }
495
496 ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
497 sta->sta.addr, sta->sta.aid, ac);
498 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
499 purge_old_ps_buffers(tx->local);
500
501 /* sync with ieee80211_sta_ps_deliver_wakeup */
502 spin_lock(&sta->ps_lock);
503 /*
504 * STA woke up the meantime and all the frames on ps_tx_buf have
505 * been queued to pending queue. No reordering can happen, go
506 * ahead and Tx the packet.
507 */
508 if (!test_sta_flag(sta, WLAN_STA_PS_STA) &&
509 !test_sta_flag(sta, WLAN_STA_PS_DRIVER) &&
510 !test_sta_flag(sta, WLAN_STA_PS_DELIVER)) {
511 spin_unlock(&sta->ps_lock);
512 return TX_CONTINUE;
513 }
514
515 if (skb_queue_len(&sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
516 struct sk_buff *old = skb_dequeue(&sta->ps_tx_buf[ac]);
517 ps_dbg(tx->sdata,
518 "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
519 sta->sta.addr, ac);
520 ieee80211_free_txskb(&local->hw, old);
521 } else
522 tx->local->total_ps_buffered++;
523
524 info->control.jiffies = jiffies;
525 info->control.vif = &tx->sdata->vif;
526 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
527 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
528 skb_queue_tail(&sta->ps_tx_buf[ac], tx->skb);
529 spin_unlock(&sta->ps_lock);
530
531 if (!timer_pending(&local->sta_cleanup))
532 mod_timer(&local->sta_cleanup,
533 round_jiffies(jiffies +
534 STA_INFO_CLEANUP_INTERVAL));
535
536 /*
537 * We queued up some frames, so the TIM bit might
538 * need to be set, recalculate it.
539 */
540 sta_info_recalc_tim(sta);
541
542 return TX_QUEUED;
543 } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
544 ps_dbg(tx->sdata,
545 "STA %pM in PS mode, but polling/in SP -> send frame\n",
546 sta->sta.addr);
547 }
548
549 return TX_CONTINUE;
550 }
551
552 static ieee80211_tx_result debug_noinline
553 ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
554 {
555 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
556 return TX_CONTINUE;
557
558 if (tx->flags & IEEE80211_TX_UNICAST)
559 return ieee80211_tx_h_unicast_ps_buf(tx);
560 else
561 return ieee80211_tx_h_multicast_ps_buf(tx);
562 }
563
564 static ieee80211_tx_result debug_noinline
565 ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
566 {
567 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
568
569 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
570 if (tx->sdata->control_port_no_encrypt)
571 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
572 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
573 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
574 }
575
576 return TX_CONTINUE;
577 }
578
579 static ieee80211_tx_result debug_noinline
580 ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
581 {
582 struct ieee80211_key *key;
583 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
584 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
585
586 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
587 tx->key = NULL;
588 return TX_CONTINUE;
589 }
590
591 if (tx->sta &&
592 (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
593 tx->key = key;
594 else if (ieee80211_is_group_privacy_action(tx->skb) &&
595 (key = rcu_dereference(tx->sdata->default_multicast_key)))
596 tx->key = key;
597 else if (ieee80211_is_mgmt(hdr->frame_control) &&
598 is_multicast_ether_addr(hdr->addr1) &&
599 ieee80211_is_robust_mgmt_frame(tx->skb) &&
600 (key = rcu_dereference(tx->sdata->default_mgmt_key)))
601 tx->key = key;
602 else if (is_multicast_ether_addr(hdr->addr1) &&
603 (key = rcu_dereference(tx->sdata->default_multicast_key)))
604 tx->key = key;
605 else if (!is_multicast_ether_addr(hdr->addr1) &&
606 (key = rcu_dereference(tx->sdata->default_unicast_key)))
607 tx->key = key;
608 else
609 tx->key = NULL;
610
611 if (tx->key) {
612 bool skip_hw = false;
613
614 /* TODO: add threshold stuff again */
615
616 switch (tx->key->conf.cipher) {
617 case WLAN_CIPHER_SUITE_WEP40:
618 case WLAN_CIPHER_SUITE_WEP104:
619 case WLAN_CIPHER_SUITE_TKIP:
620 if (!ieee80211_is_data_present(hdr->frame_control))
621 tx->key = NULL;
622 break;
623 case WLAN_CIPHER_SUITE_CCMP:
624 case WLAN_CIPHER_SUITE_CCMP_256:
625 case WLAN_CIPHER_SUITE_GCMP:
626 case WLAN_CIPHER_SUITE_GCMP_256:
627 if (!ieee80211_is_data_present(hdr->frame_control) &&
628 !ieee80211_use_mfp(hdr->frame_control, tx->sta,
629 tx->skb) &&
630 !ieee80211_is_group_privacy_action(tx->skb))
631 tx->key = NULL;
632 else
633 skip_hw = (tx->key->conf.flags &
634 IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
635 ieee80211_is_mgmt(hdr->frame_control);
636 break;
637 case WLAN_CIPHER_SUITE_AES_CMAC:
638 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
639 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
640 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
641 if (!ieee80211_is_mgmt(hdr->frame_control))
642 tx->key = NULL;
643 break;
644 }
645
646 if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
647 !ieee80211_is_deauth(hdr->frame_control)))
648 return TX_DROP;
649
650 if (!skip_hw && tx->key &&
651 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
652 info->control.hw_key = &tx->key->conf;
653 } else if (ieee80211_is_data_present(hdr->frame_control) && tx->sta &&
654 test_sta_flag(tx->sta, WLAN_STA_USES_ENCRYPTION)) {
655 return TX_DROP;
656 }
657
658 return TX_CONTINUE;
659 }
660
661 static ieee80211_tx_result debug_noinline
662 ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
663 {
664 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
665 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
666 struct ieee80211_supported_band *sband;
667 u32 len;
668 struct ieee80211_tx_rate_control txrc;
669 struct ieee80211_sta_rates *ratetbl = NULL;
670 bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
671 bool assoc = false;
672
673 memset(&txrc, 0, sizeof(txrc));
674
675 sband = tx->local->hw.wiphy->bands[info->band];
676
677 len = min_t(u32, tx->skb->len + FCS_LEN,
678 tx->local->hw.wiphy->frag_threshold);
679
680 /* set up the tx rate control struct we give the RC algo */
681 txrc.hw = &tx->local->hw;
682 txrc.sband = sband;
683 txrc.bss_conf = &tx->sdata->vif.bss_conf;
684 txrc.skb = tx->skb;
685 txrc.reported_rate.idx = -1;
686 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
687
688 if (tx->sdata->rc_has_mcs_mask[info->band])
689 txrc.rate_idx_mcs_mask =
690 tx->sdata->rc_rateidx_mcs_mask[info->band];
691
692 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
693 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
694 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC ||
695 tx->sdata->vif.type == NL80211_IFTYPE_OCB);
696
697 /* set up RTS protection if desired */
698 if (len > tx->local->hw.wiphy->rts_threshold) {
699 txrc.rts = true;
700 }
701
702 info->control.use_rts = txrc.rts;
703 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
704
705 /*
706 * Use short preamble if the BSS can handle it, but not for
707 * management frames unless we know the receiver can handle
708 * that -- the management frame might be to a station that
709 * just wants a probe response.
710 */
711 if (tx->sdata->vif.bss_conf.use_short_preamble &&
712 (ieee80211_is_tx_data(tx->skb) ||
713 (tx->sta && test_sta_flag(tx->sta, WLAN_STA_SHORT_PREAMBLE))))
714 txrc.short_preamble = true;
715
716 info->control.short_preamble = txrc.short_preamble;
717
718 /* don't ask rate control when rate already injected via radiotap */
719 if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)
720 return TX_CONTINUE;
721
722 if (tx->sta)
723 assoc = test_sta_flag(tx->sta, WLAN_STA_ASSOC);
724
725 /*
726 * Lets not bother rate control if we're associated and cannot
727 * talk to the sta. This should not happen.
728 */
729 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
730 !rate_usable_index_exists(sband, &tx->sta->sta),
731 "%s: Dropped data frame as no usable bitrate found while "
732 "scanning and associated. Target station: "
733 "%pM on %d GHz band\n",
734 tx->sdata->name,
735 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
736 info->band ? 5 : 2))
737 return TX_DROP;
738
739 /*
740 * If we're associated with the sta at this point we know we can at
741 * least send the frame at the lowest bit rate.
742 */
743 rate_control_get_rate(tx->sdata, tx->sta, &txrc);
744
745 if (tx->sta && !info->control.skip_table)
746 ratetbl = rcu_dereference(tx->sta->sta.rates);
747
748 if (unlikely(info->control.rates[0].idx < 0)) {
749 if (ratetbl) {
750 struct ieee80211_tx_rate rate = {
751 .idx = ratetbl->rate[0].idx,
752 .flags = ratetbl->rate[0].flags,
753 .count = ratetbl->rate[0].count
754 };
755
756 if (ratetbl->rate[0].idx < 0)
757 return TX_DROP;
758
759 tx->rate = rate;
760 } else {
761 return TX_DROP;
762 }
763 } else {
764 tx->rate = info->control.rates[0];
765 }
766
767 if (txrc.reported_rate.idx < 0) {
768 txrc.reported_rate = tx->rate;
769 if (tx->sta && ieee80211_is_tx_data(tx->skb))
770 tx->sta->tx_stats.last_rate = txrc.reported_rate;
771 } else if (tx->sta)
772 tx->sta->tx_stats.last_rate = txrc.reported_rate;
773
774 if (ratetbl)
775 return TX_CONTINUE;
776
777 if (unlikely(!info->control.rates[0].count))
778 info->control.rates[0].count = 1;
779
780 if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
781 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
782 info->control.rates[0].count = 1;
783
784 return TX_CONTINUE;
785 }
786
787 static __le16 ieee80211_tx_next_seq(struct sta_info *sta, int tid)
788 {
789 u16 *seq = &sta->tid_seq[tid];
790 __le16 ret = cpu_to_le16(*seq);
791
792 /* Increase the sequence number. */
793 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
794
795 return ret;
796 }
797
798 static ieee80211_tx_result debug_noinline
799 ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
800 {
801 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
802 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
803 int tid;
804
805 /*
806 * Packet injection may want to control the sequence
807 * number, if we have no matching interface then we
808 * neither assign one ourselves nor ask the driver to.
809 */
810 if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
811 return TX_CONTINUE;
812
813 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
814 return TX_CONTINUE;
815
816 if (ieee80211_hdrlen(hdr->frame_control) < 24)
817 return TX_CONTINUE;
818
819 if (ieee80211_is_qos_nullfunc(hdr->frame_control))
820 return TX_CONTINUE;
821
822 if (info->control.flags & IEEE80211_TX_CTRL_NO_SEQNO)
823 return TX_CONTINUE;
824
825 /*
826 * Anything but QoS data that has a sequence number field
827 * (is long enough) gets a sequence number from the global
828 * counter. QoS data frames with a multicast destination
829 * also use the global counter (802.11-2012 9.3.2.10).
830 */
831 if (!ieee80211_is_data_qos(hdr->frame_control) ||
832 is_multicast_ether_addr(hdr->addr1)) {
833 /* driver should assign sequence number */
834 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
835 /* for pure STA mode without beacons, we can do it */
836 hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
837 tx->sdata->sequence_number += 0x10;
838 if (tx->sta)
839 tx->sta->tx_stats.msdu[IEEE80211_NUM_TIDS]++;
840 return TX_CONTINUE;
841 }
842
843 /*
844 * This should be true for injected/management frames only, for
845 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
846 * above since they are not QoS-data frames.
847 */
848 if (!tx->sta)
849 return TX_CONTINUE;
850
851 /* include per-STA, per-TID sequence counter */
852 tid = ieee80211_get_tid(hdr);
853 tx->sta->tx_stats.msdu[tid]++;
854
855 hdr->seq_ctrl = ieee80211_tx_next_seq(tx->sta, tid);
856
857 return TX_CONTINUE;
858 }
859
860 static int ieee80211_fragment(struct ieee80211_tx_data *tx,
861 struct sk_buff *skb, int hdrlen,
862 int frag_threshold)
863 {
864 struct ieee80211_local *local = tx->local;
865 struct ieee80211_tx_info *info;
866 struct sk_buff *tmp;
867 int per_fragm = frag_threshold - hdrlen - FCS_LEN;
868 int pos = hdrlen + per_fragm;
869 int rem = skb->len - hdrlen - per_fragm;
870
871 if (WARN_ON(rem < 0))
872 return -EINVAL;
873
874 /* first fragment was already added to queue by caller */
875
876 while (rem) {
877 int fraglen = per_fragm;
878
879 if (fraglen > rem)
880 fraglen = rem;
881 rem -= fraglen;
882 tmp = dev_alloc_skb(local->tx_headroom +
883 frag_threshold +
884 tx->sdata->encrypt_headroom +
885 IEEE80211_ENCRYPT_TAILROOM);
886 if (!tmp)
887 return -ENOMEM;
888
889 __skb_queue_tail(&tx->skbs, tmp);
890
891 skb_reserve(tmp,
892 local->tx_headroom + tx->sdata->encrypt_headroom);
893
894 /* copy control information */
895 memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
896
897 info = IEEE80211_SKB_CB(tmp);
898 info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
899 IEEE80211_TX_CTL_FIRST_FRAGMENT);
900
901 if (rem)
902 info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
903
904 skb_copy_queue_mapping(tmp, skb);
905 tmp->priority = skb->priority;
906 tmp->dev = skb->dev;
907
908 /* copy header and data */
909 skb_put_data(tmp, skb->data, hdrlen);
910 skb_put_data(tmp, skb->data + pos, fraglen);
911
912 pos += fraglen;
913 }
914
915 /* adjust first fragment's length */
916 skb_trim(skb, hdrlen + per_fragm);
917 return 0;
918 }
919
920 static ieee80211_tx_result debug_noinline
921 ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
922 {
923 struct sk_buff *skb = tx->skb;
924 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
925 struct ieee80211_hdr *hdr = (void *)skb->data;
926 int frag_threshold = tx->local->hw.wiphy->frag_threshold;
927 int hdrlen;
928 int fragnum;
929
930 /* no matter what happens, tx->skb moves to tx->skbs */
931 __skb_queue_tail(&tx->skbs, skb);
932 tx->skb = NULL;
933
934 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
935 return TX_CONTINUE;
936
937 if (ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG))
938 return TX_CONTINUE;
939
940 /*
941 * Warn when submitting a fragmented A-MPDU frame and drop it.
942 * This scenario is handled in ieee80211_tx_prepare but extra
943 * caution taken here as fragmented ampdu may cause Tx stop.
944 */
945 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
946 return TX_DROP;
947
948 hdrlen = ieee80211_hdrlen(hdr->frame_control);
949
950 /* internal error, why isn't DONTFRAG set? */
951 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
952 return TX_DROP;
953
954 /*
955 * Now fragment the frame. This will allocate all the fragments and
956 * chain them (using skb as the first fragment) to skb->next.
957 * During transmission, we will remove the successfully transmitted
958 * fragments from this list. When the low-level driver rejects one
959 * of the fragments then we will simply pretend to accept the skb
960 * but store it away as pending.
961 */
962 if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
963 return TX_DROP;
964
965 /* update duration/seq/flags of fragments */
966 fragnum = 0;
967
968 skb_queue_walk(&tx->skbs, skb) {
969 const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
970
971 hdr = (void *)skb->data;
972 info = IEEE80211_SKB_CB(skb);
973
974 if (!skb_queue_is_last(&tx->skbs, skb)) {
975 hdr->frame_control |= morefrags;
976 /*
977 * No multi-rate retries for fragmented frames, that
978 * would completely throw off the NAV at other STAs.
979 */
980 info->control.rates[1].idx = -1;
981 info->control.rates[2].idx = -1;
982 info->control.rates[3].idx = -1;
983 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
984 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
985 } else {
986 hdr->frame_control &= ~morefrags;
987 }
988 hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
989 fragnum++;
990 }
991
992 return TX_CONTINUE;
993 }
994
995 static ieee80211_tx_result debug_noinline
996 ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
997 {
998 struct sk_buff *skb;
999 int ac = -1;
1000
1001 if (!tx->sta)
1002 return TX_CONTINUE;
1003
1004 skb_queue_walk(&tx->skbs, skb) {
1005 ac = skb_get_queue_mapping(skb);
1006 tx->sta->tx_stats.bytes[ac] += skb->len;
1007 }
1008 if (ac >= 0)
1009 tx->sta->tx_stats.packets[ac]++;
1010
1011 return TX_CONTINUE;
1012 }
1013
1014 static ieee80211_tx_result debug_noinline
1015 ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1016 {
1017 if (!tx->key)
1018 return TX_CONTINUE;
1019
1020 switch (tx->key->conf.cipher) {
1021 case WLAN_CIPHER_SUITE_WEP40:
1022 case WLAN_CIPHER_SUITE_WEP104:
1023 return ieee80211_crypto_wep_encrypt(tx);
1024 case WLAN_CIPHER_SUITE_TKIP:
1025 return ieee80211_crypto_tkip_encrypt(tx);
1026 case WLAN_CIPHER_SUITE_CCMP:
1027 return ieee80211_crypto_ccmp_encrypt(
1028 tx, IEEE80211_CCMP_MIC_LEN);
1029 case WLAN_CIPHER_SUITE_CCMP_256:
1030 return ieee80211_crypto_ccmp_encrypt(
1031 tx, IEEE80211_CCMP_256_MIC_LEN);
1032 case WLAN_CIPHER_SUITE_AES_CMAC:
1033 return ieee80211_crypto_aes_cmac_encrypt(tx);
1034 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1035 return ieee80211_crypto_aes_cmac_256_encrypt(tx);
1036 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1037 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1038 return ieee80211_crypto_aes_gmac_encrypt(tx);
1039 case WLAN_CIPHER_SUITE_GCMP:
1040 case WLAN_CIPHER_SUITE_GCMP_256:
1041 return ieee80211_crypto_gcmp_encrypt(tx);
1042 default:
1043 return ieee80211_crypto_hw_encrypt(tx);
1044 }
1045
1046 return TX_DROP;
1047 }
1048
1049 static ieee80211_tx_result debug_noinline
1050 ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1051 {
1052 struct sk_buff *skb;
1053 struct ieee80211_hdr *hdr;
1054 int next_len;
1055 bool group_addr;
1056
1057 skb_queue_walk(&tx->skbs, skb) {
1058 hdr = (void *) skb->data;
1059 if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1060 break; /* must not overwrite AID */
1061 if (!skb_queue_is_last(&tx->skbs, skb)) {
1062 struct sk_buff *next = skb_queue_next(&tx->skbs, skb);
1063 next_len = next->len;
1064 } else
1065 next_len = 0;
1066 group_addr = is_multicast_ether_addr(hdr->addr1);
1067
1068 hdr->duration_id =
1069 ieee80211_duration(tx, skb, group_addr, next_len);
1070 }
1071
1072 return TX_CONTINUE;
1073 }
1074
1075 /* actual transmit path */
1076
1077 static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1078 struct sk_buff *skb,
1079 struct ieee80211_tx_info *info,
1080 struct tid_ampdu_tx *tid_tx,
1081 int tid)
1082 {
1083 bool queued = false;
1084 bool reset_agg_timer = false;
1085 struct sk_buff *purge_skb = NULL;
1086
1087 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1088 info->flags |= IEEE80211_TX_CTL_AMPDU;
1089 reset_agg_timer = true;
1090 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1091 /*
1092 * nothing -- this aggregation session is being started
1093 * but that might still fail with the driver
1094 */
1095 } else if (!tx->sta->sta.txq[tid]) {
1096 spin_lock(&tx->sta->lock);
1097 /*
1098 * Need to re-check now, because we may get here
1099 *
1100 * 1) in the window during which the setup is actually
1101 * already done, but not marked yet because not all
1102 * packets are spliced over to the driver pending
1103 * queue yet -- if this happened we acquire the lock
1104 * either before or after the splice happens, but
1105 * need to recheck which of these cases happened.
1106 *
1107 * 2) during session teardown, if the OPERATIONAL bit
1108 * was cleared due to the teardown but the pointer
1109 * hasn't been assigned NULL yet (or we loaded it
1110 * before it was assigned) -- in this case it may
1111 * now be NULL which means we should just let the
1112 * packet pass through because splicing the frames
1113 * back is already done.
1114 */
1115 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1116
1117 if (!tid_tx) {
1118 /* do nothing, let packet pass through */
1119 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1120 info->flags |= IEEE80211_TX_CTL_AMPDU;
1121 reset_agg_timer = true;
1122 } else {
1123 queued = true;
1124 if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) {
1125 clear_sta_flag(tx->sta, WLAN_STA_SP);
1126 ps_dbg(tx->sta->sdata,
1127 "STA %pM aid %d: SP frame queued, close the SP w/o telling the peer\n",
1128 tx->sta->sta.addr, tx->sta->sta.aid);
1129 }
1130 info->control.vif = &tx->sdata->vif;
1131 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1132 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1133 __skb_queue_tail(&tid_tx->pending, skb);
1134 if (skb_queue_len(&tid_tx->pending) > STA_MAX_TX_BUFFER)
1135 purge_skb = __skb_dequeue(&tid_tx->pending);
1136 }
1137 spin_unlock(&tx->sta->lock);
1138
1139 if (purge_skb)
1140 ieee80211_free_txskb(&tx->local->hw, purge_skb);
1141 }
1142
1143 /* reset session timer */
1144 if (reset_agg_timer)
1145 tid_tx->last_tx = jiffies;
1146
1147 return queued;
1148 }
1149
1150 /*
1151 * initialises @tx
1152 * pass %NULL for the station if unknown, a valid pointer if known
1153 * or an ERR_PTR() if the station is known not to exist
1154 */
1155 static ieee80211_tx_result
1156 ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1157 struct ieee80211_tx_data *tx,
1158 struct sta_info *sta, struct sk_buff *skb)
1159 {
1160 struct ieee80211_local *local = sdata->local;
1161 struct ieee80211_hdr *hdr;
1162 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1163 int tid;
1164
1165 memset(tx, 0, sizeof(*tx));
1166 tx->skb = skb;
1167 tx->local = local;
1168 tx->sdata = sdata;
1169 __skb_queue_head_init(&tx->skbs);
1170
1171 /*
1172 * If this flag is set to true anywhere, and we get here,
1173 * we are doing the needed processing, so remove the flag
1174 * now.
1175 */
1176 info->control.flags &= ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1177
1178 hdr = (struct ieee80211_hdr *) skb->data;
1179
1180 if (likely(sta)) {
1181 if (!IS_ERR(sta))
1182 tx->sta = sta;
1183 } else {
1184 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1185 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1186 if (!tx->sta && sdata->wdev.use_4addr)
1187 return TX_DROP;
1188 } else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
1189 tx->sta = sta_info_get_bss(sdata, hdr->addr1);
1190 }
1191 if (!tx->sta && !is_multicast_ether_addr(hdr->addr1))
1192 tx->sta = sta_info_get(sdata, hdr->addr1);
1193 }
1194
1195 if (tx->sta && ieee80211_is_data_qos(hdr->frame_control) &&
1196 !ieee80211_is_qos_nullfunc(hdr->frame_control) &&
1197 ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) &&
1198 !ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW)) {
1199 struct tid_ampdu_tx *tid_tx;
1200
1201 tid = ieee80211_get_tid(hdr);
1202
1203 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1204 if (tid_tx) {
1205 bool queued;
1206
1207 queued = ieee80211_tx_prep_agg(tx, skb, info,
1208 tid_tx, tid);
1209
1210 if (unlikely(queued))
1211 return TX_QUEUED;
1212 }
1213 }
1214
1215 if (is_multicast_ether_addr(hdr->addr1)) {
1216 tx->flags &= ~IEEE80211_TX_UNICAST;
1217 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1218 } else
1219 tx->flags |= IEEE80211_TX_UNICAST;
1220
1221 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1222 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1223 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1224 info->flags & IEEE80211_TX_CTL_AMPDU)
1225 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1226 }
1227
1228 if (!tx->sta)
1229 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1230 else if (test_and_clear_sta_flag(tx->sta, WLAN_STA_CLEAR_PS_FILT)) {
1231 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1232 ieee80211_check_fast_xmit(tx->sta);
1233 }
1234
1235 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1236
1237 return TX_CONTINUE;
1238 }
1239
1240 static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local,
1241 struct ieee80211_vif *vif,
1242 struct sta_info *sta,
1243 struct sk_buff *skb)
1244 {
1245 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1246 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1247 struct ieee80211_txq *txq = NULL;
1248
1249 if ((info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) ||
1250 (info->control.flags & IEEE80211_TX_CTRL_PS_RESPONSE))
1251 return NULL;
1252
1253 if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
1254 unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
1255 if ((!ieee80211_is_mgmt(hdr->frame_control) ||
1256 ieee80211_is_bufferable_mmpdu(hdr->frame_control) ||
1257 vif->type == NL80211_IFTYPE_STATION) &&
1258 sta && sta->uploaded) {
1259 /*
1260 * This will be NULL if the driver didn't set the
1261 * opt-in hardware flag.
1262 */
1263 txq = sta->sta.txq[IEEE80211_NUM_TIDS];
1264 }
1265 } else if (sta) {
1266 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1267
1268 if (!sta->uploaded)
1269 return NULL;
1270
1271 txq = sta->sta.txq[tid];
1272 } else if (vif) {
1273 txq = vif->txq;
1274 }
1275
1276 if (!txq)
1277 return NULL;
1278
1279 return to_txq_info(txq);
1280 }
1281
1282 static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
1283 {
1284 IEEE80211_SKB_CB(skb)->control.enqueue_time = codel_get_time();
1285 }
1286
1287 static u32 codel_skb_len_func(const struct sk_buff *skb)
1288 {
1289 return skb->len;
1290 }
1291
1292 static codel_time_t codel_skb_time_func(const struct sk_buff *skb)
1293 {
1294 const struct ieee80211_tx_info *info;
1295
1296 info = (const struct ieee80211_tx_info *)skb->cb;
1297 return info->control.enqueue_time;
1298 }
1299
1300 static struct sk_buff *codel_dequeue_func(struct codel_vars *cvars,
1301 void *ctx)
1302 {
1303 struct ieee80211_local *local;
1304 struct txq_info *txqi;
1305 struct fq *fq;
1306 struct fq_flow *flow;
1307
1308 txqi = ctx;
1309 local = vif_to_sdata(txqi->txq.vif)->local;
1310 fq = &local->fq;
1311
1312 if (cvars == &txqi->def_cvars)
1313 flow = &txqi->tin.default_flow;
1314 else
1315 flow = &fq->flows[cvars - local->cvars];
1316
1317 return fq_flow_dequeue(fq, flow);
1318 }
1319
1320 static void codel_drop_func(struct sk_buff *skb,
1321 void *ctx)
1322 {
1323 struct ieee80211_local *local;
1324 struct ieee80211_hw *hw;
1325 struct txq_info *txqi;
1326
1327 txqi = ctx;
1328 local = vif_to_sdata(txqi->txq.vif)->local;
1329 hw = &local->hw;
1330
1331 ieee80211_free_txskb(hw, skb);
1332 }
1333
1334 static struct sk_buff *fq_tin_dequeue_func(struct fq *fq,
1335 struct fq_tin *tin,
1336 struct fq_flow *flow)
1337 {
1338 struct ieee80211_local *local;
1339 struct txq_info *txqi;
1340 struct codel_vars *cvars;
1341 struct codel_params *cparams;
1342 struct codel_stats *cstats;
1343
1344 local = container_of(fq, struct ieee80211_local, fq);
1345 txqi = container_of(tin, struct txq_info, tin);
1346 cstats = &txqi->cstats;
1347
1348 if (txqi->txq.sta) {
1349 struct sta_info *sta = container_of(txqi->txq.sta,
1350 struct sta_info, sta);
1351 cparams = &sta->cparams;
1352 } else {
1353 cparams = &local->cparams;
1354 }
1355
1356 if (flow == &tin->default_flow)
1357 cvars = &txqi->def_cvars;
1358 else
1359 cvars = &local->cvars[flow - fq->flows];
1360
1361 return codel_dequeue(txqi,
1362 &flow->backlog,
1363 cparams,
1364 cvars,
1365 cstats,
1366 codel_skb_len_func,
1367 codel_skb_time_func,
1368 codel_drop_func,
1369 codel_dequeue_func);
1370 }
1371
1372 static void fq_skb_free_func(struct fq *fq,
1373 struct fq_tin *tin,
1374 struct fq_flow *flow,
1375 struct sk_buff *skb)
1376 {
1377 struct ieee80211_local *local;
1378
1379 local = container_of(fq, struct ieee80211_local, fq);
1380 ieee80211_free_txskb(&local->hw, skb);
1381 }
1382
1383 static void ieee80211_txq_enqueue(struct ieee80211_local *local,
1384 struct txq_info *txqi,
1385 struct sk_buff *skb)
1386 {
1387 struct fq *fq = &local->fq;
1388 struct fq_tin *tin = &txqi->tin;
1389 u32 flow_idx = fq_flow_idx(fq, skb);
1390
1391 ieee80211_set_skb_enqueue_time(skb);
1392
1393 spin_lock_bh(&fq->lock);
1394 /*
1395 * For management frames, don't really apply codel etc.,
1396 * we don't want to apply any shaping or anything we just
1397 * want to simplify the driver API by having them on the
1398 * txqi.
1399 */
1400 if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS)) {
1401 IEEE80211_SKB_CB(skb)->control.flags |=
1402 IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1403 __skb_queue_tail(&txqi->frags, skb);
1404 } else {
1405 fq_tin_enqueue(fq, tin, flow_idx, skb,
1406 fq_skb_free_func);
1407 }
1408 spin_unlock_bh(&fq->lock);
1409 }
1410
1411 static bool fq_vlan_filter_func(struct fq *fq, struct fq_tin *tin,
1412 struct fq_flow *flow, struct sk_buff *skb,
1413 void *data)
1414 {
1415 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1416
1417 return info->control.vif == data;
1418 }
1419
1420 void ieee80211_txq_remove_vlan(struct ieee80211_local *local,
1421 struct ieee80211_sub_if_data *sdata)
1422 {
1423 struct fq *fq = &local->fq;
1424 struct txq_info *txqi;
1425 struct fq_tin *tin;
1426 struct ieee80211_sub_if_data *ap;
1427
1428 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1429 return;
1430
1431 ap = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1432
1433 if (!ap->vif.txq)
1434 return;
1435
1436 txqi = to_txq_info(ap->vif.txq);
1437 tin = &txqi->tin;
1438
1439 spin_lock_bh(&fq->lock);
1440 fq_tin_filter(fq, tin, fq_vlan_filter_func, &sdata->vif,
1441 fq_skb_free_func);
1442 spin_unlock_bh(&fq->lock);
1443 }
1444
1445 void ieee80211_txq_init(struct ieee80211_sub_if_data *sdata,
1446 struct sta_info *sta,
1447 struct txq_info *txqi, int tid)
1448 {
1449 fq_tin_init(&txqi->tin);
1450 codel_vars_init(&txqi->def_cvars);
1451 codel_stats_init(&txqi->cstats);
1452 __skb_queue_head_init(&txqi->frags);
1453 RB_CLEAR_NODE(&txqi->schedule_order);
1454
1455 txqi->txq.vif = &sdata->vif;
1456
1457 if (!sta) {
1458 sdata->vif.txq = &txqi->txq;
1459 txqi->txq.tid = 0;
1460 txqi->txq.ac = IEEE80211_AC_BE;
1461
1462 return;
1463 }
1464
1465 if (tid == IEEE80211_NUM_TIDS) {
1466 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1467 /* Drivers need to opt in to the management MPDU TXQ */
1468 if (!ieee80211_hw_check(&sdata->local->hw,
1469 STA_MMPDU_TXQ))
1470 return;
1471 } else if (!ieee80211_hw_check(&sdata->local->hw,
1472 BUFF_MMPDU_TXQ)) {
1473 /* Drivers need to opt in to the bufferable MMPDU TXQ */
1474 return;
1475 }
1476 txqi->txq.ac = IEEE80211_AC_VO;
1477 } else {
1478 txqi->txq.ac = ieee80211_ac_from_tid(tid);
1479 }
1480
1481 txqi->txq.sta = &sta->sta;
1482 txqi->txq.tid = tid;
1483 sta->sta.txq[tid] = &txqi->txq;
1484 }
1485
1486 void ieee80211_txq_purge(struct ieee80211_local *local,
1487 struct txq_info *txqi)
1488 {
1489 struct fq *fq = &local->fq;
1490 struct fq_tin *tin = &txqi->tin;
1491
1492 spin_lock_bh(&fq->lock);
1493 fq_tin_reset(fq, tin, fq_skb_free_func);
1494 ieee80211_purge_tx_queue(&local->hw, &txqi->frags);
1495 spin_unlock_bh(&fq->lock);
1496
1497 ieee80211_unschedule_txq(&local->hw, &txqi->txq, true);
1498 }
1499
1500 void ieee80211_txq_set_params(struct ieee80211_local *local)
1501 {
1502 if (local->hw.wiphy->txq_limit)
1503 local->fq.limit = local->hw.wiphy->txq_limit;
1504 else
1505 local->hw.wiphy->txq_limit = local->fq.limit;
1506
1507 if (local->hw.wiphy->txq_memory_limit)
1508 local->fq.memory_limit = local->hw.wiphy->txq_memory_limit;
1509 else
1510 local->hw.wiphy->txq_memory_limit = local->fq.memory_limit;
1511
1512 if (local->hw.wiphy->txq_quantum)
1513 local->fq.quantum = local->hw.wiphy->txq_quantum;
1514 else
1515 local->hw.wiphy->txq_quantum = local->fq.quantum;
1516 }
1517
1518 int ieee80211_txq_setup_flows(struct ieee80211_local *local)
1519 {
1520 struct fq *fq = &local->fq;
1521 int ret;
1522 int i;
1523 bool supp_vht = false;
1524 enum nl80211_band band;
1525
1526 if (!local->ops->wake_tx_queue)
1527 return 0;
1528
1529 ret = fq_init(fq, 4096);
1530 if (ret)
1531 return ret;
1532
1533 /*
1534 * If the hardware doesn't support VHT, it is safe to limit the maximum
1535 * queue size. 4 Mbytes is 64 max-size aggregates in 802.11n.
1536 */
1537 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1538 struct ieee80211_supported_band *sband;
1539
1540 sband = local->hw.wiphy->bands[band];
1541 if (!sband)
1542 continue;
1543
1544 supp_vht = supp_vht || sband->vht_cap.vht_supported;
1545 }
1546
1547 if (!supp_vht)
1548 fq->memory_limit = 4 << 20; /* 4 Mbytes */
1549
1550 codel_params_init(&local->cparams);
1551 local->cparams.interval = MS2TIME(100);
1552 local->cparams.target = MS2TIME(20);
1553 local->cparams.ecn = true;
1554
1555 local->cvars = kcalloc(fq->flows_cnt, sizeof(local->cvars[0]),
1556 GFP_KERNEL);
1557 if (!local->cvars) {
1558 spin_lock_bh(&fq->lock);
1559 fq_reset(fq, fq_skb_free_func);
1560 spin_unlock_bh(&fq->lock);
1561 return -ENOMEM;
1562 }
1563
1564 for (i = 0; i < fq->flows_cnt; i++)
1565 codel_vars_init(&local->cvars[i]);
1566
1567 ieee80211_txq_set_params(local);
1568
1569 return 0;
1570 }
1571
1572 void ieee80211_txq_teardown_flows(struct ieee80211_local *local)
1573 {
1574 struct fq *fq = &local->fq;
1575
1576 if (!local->ops->wake_tx_queue)
1577 return;
1578
1579 kfree(local->cvars);
1580 local->cvars = NULL;
1581
1582 spin_lock_bh(&fq->lock);
1583 fq_reset(fq, fq_skb_free_func);
1584 spin_unlock_bh(&fq->lock);
1585 }
1586
1587 static bool ieee80211_queue_skb(struct ieee80211_local *local,
1588 struct ieee80211_sub_if_data *sdata,
1589 struct sta_info *sta,
1590 struct sk_buff *skb)
1591 {
1592 struct ieee80211_vif *vif;
1593 struct txq_info *txqi;
1594
1595 if (!local->ops->wake_tx_queue ||
1596 sdata->vif.type == NL80211_IFTYPE_MONITOR)
1597 return false;
1598
1599 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1600 sdata = container_of(sdata->bss,
1601 struct ieee80211_sub_if_data, u.ap);
1602
1603 vif = &sdata->vif;
1604 txqi = ieee80211_get_txq(local, vif, sta, skb);
1605
1606 if (!txqi)
1607 return false;
1608
1609 ieee80211_txq_enqueue(local, txqi, skb);
1610
1611 schedule_and_wake_txq(local, txqi);
1612
1613 return true;
1614 }
1615
1616 static bool ieee80211_tx_frags(struct ieee80211_local *local,
1617 struct ieee80211_vif *vif,
1618 struct sta_info *sta,
1619 struct sk_buff_head *skbs,
1620 bool txpending)
1621 {
1622 struct ieee80211_tx_control control = {};
1623 struct sk_buff *skb, *tmp;
1624 unsigned long flags;
1625
1626 skb_queue_walk_safe(skbs, skb, tmp) {
1627 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1628 int q = info->hw_queue;
1629
1630 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1631 if (WARN_ON_ONCE(q >= local->hw.queues)) {
1632 __skb_unlink(skb, skbs);
1633 ieee80211_free_txskb(&local->hw, skb);
1634 continue;
1635 }
1636 #endif
1637
1638 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1639 if (local->queue_stop_reasons[q] ||
1640 (!txpending && !skb_queue_empty(&local->pending[q]))) {
1641 if (unlikely(info->flags &
1642 IEEE80211_TX_INTFL_OFFCHAN_TX_OK)) {
1643 if (local->queue_stop_reasons[q] &
1644 ~BIT(IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL)) {
1645 /*
1646 * Drop off-channel frames if queues
1647 * are stopped for any reason other
1648 * than off-channel operation. Never
1649 * queue them.
1650 */
1651 spin_unlock_irqrestore(
1652 &local->queue_stop_reason_lock,
1653 flags);
1654 ieee80211_purge_tx_queue(&local->hw,
1655 skbs);
1656 return true;
1657 }
1658 } else {
1659
1660 /*
1661 * Since queue is stopped, queue up frames for
1662 * later transmission from the tx-pending
1663 * tasklet when the queue is woken again.
1664 */
1665 if (txpending)
1666 skb_queue_splice_init(skbs,
1667 &local->pending[q]);
1668 else
1669 skb_queue_splice_tail_init(skbs,
1670 &local->pending[q]);
1671
1672 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
1673 flags);
1674 return false;
1675 }
1676 }
1677 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
1678
1679 info->control.vif = vif;
1680 control.sta = sta ? &sta->sta : NULL;
1681
1682 __skb_unlink(skb, skbs);
1683 drv_tx(local, &control, skb);
1684 }
1685
1686 return true;
1687 }
1688
1689 /*
1690 * Returns false if the frame couldn't be transmitted but was queued instead.
1691 */
1692 static bool __ieee80211_tx(struct ieee80211_local *local,
1693 struct sk_buff_head *skbs, int led_len,
1694 struct sta_info *sta, bool txpending)
1695 {
1696 struct ieee80211_tx_info *info;
1697 struct ieee80211_sub_if_data *sdata;
1698 struct ieee80211_vif *vif;
1699 struct sk_buff *skb;
1700 bool result;
1701 __le16 fc;
1702
1703 if (WARN_ON(skb_queue_empty(skbs)))
1704 return true;
1705
1706 skb = skb_peek(skbs);
1707 fc = ((struct ieee80211_hdr *)skb->data)->frame_control;
1708 info = IEEE80211_SKB_CB(skb);
1709 sdata = vif_to_sdata(info->control.vif);
1710 if (sta && !sta->uploaded)
1711 sta = NULL;
1712
1713 switch (sdata->vif.type) {
1714 case NL80211_IFTYPE_MONITOR:
1715 if (sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
1716 vif = &sdata->vif;
1717 break;
1718 }
1719 sdata = rcu_dereference(local->monitor_sdata);
1720 if (sdata) {
1721 vif = &sdata->vif;
1722 info->hw_queue =
1723 vif->hw_queue[skb_get_queue_mapping(skb)];
1724 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
1725 ieee80211_purge_tx_queue(&local->hw, skbs);
1726 return true;
1727 } else
1728 vif = NULL;
1729 break;
1730 case NL80211_IFTYPE_AP_VLAN:
1731 sdata = container_of(sdata->bss,
1732 struct ieee80211_sub_if_data, u.ap);
1733 fallthrough;
1734 default:
1735 vif = &sdata->vif;
1736 break;
1737 }
1738
1739 result = ieee80211_tx_frags(local, vif, sta, skbs, txpending);
1740
1741 ieee80211_tpt_led_trig_tx(local, fc, led_len);
1742
1743 WARN_ON_ONCE(!skb_queue_empty(skbs));
1744
1745 return result;
1746 }
1747
1748 /*
1749 * Invoke TX handlers, return 0 on success and non-zero if the
1750 * frame was dropped or queued.
1751 *
1752 * The handlers are split into an early and late part. The latter is everything
1753 * that can be sensitive to reordering, and will be deferred to after packets
1754 * are dequeued from the intermediate queues (when they are enabled).
1755 */
1756 static int invoke_tx_handlers_early(struct ieee80211_tx_data *tx)
1757 {
1758 ieee80211_tx_result res = TX_DROP;
1759
1760 #define CALL_TXH(txh) \
1761 do { \
1762 res = txh(tx); \
1763 if (res != TX_CONTINUE) \
1764 goto txh_done; \
1765 } while (0)
1766
1767 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1768 CALL_TXH(ieee80211_tx_h_check_assoc);
1769 CALL_TXH(ieee80211_tx_h_ps_buf);
1770 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1771 CALL_TXH(ieee80211_tx_h_select_key);
1772
1773 txh_done:
1774 if (unlikely(res == TX_DROP)) {
1775 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1776 if (tx->skb)
1777 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1778 else
1779 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1780 return -1;
1781 } else if (unlikely(res == TX_QUEUED)) {
1782 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1783 return -1;
1784 }
1785
1786 return 0;
1787 }
1788
1789 /*
1790 * Late handlers can be called while the sta lock is held. Handlers that can
1791 * cause packets to be generated will cause deadlock!
1792 */
1793 static int invoke_tx_handlers_late(struct ieee80211_tx_data *tx)
1794 {
1795 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx->skb);
1796 ieee80211_tx_result res = TX_CONTINUE;
1797
1798 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1799 __skb_queue_tail(&tx->skbs, tx->skb);
1800 tx->skb = NULL;
1801 goto txh_done;
1802 }
1803
1804 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1805 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1806
1807 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1808 CALL_TXH(ieee80211_tx_h_sequence);
1809 CALL_TXH(ieee80211_tx_h_fragment);
1810 /* handlers after fragment must be aware of tx info fragmentation! */
1811 CALL_TXH(ieee80211_tx_h_stats);
1812 CALL_TXH(ieee80211_tx_h_encrypt);
1813 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1814 CALL_TXH(ieee80211_tx_h_calculate_duration);
1815 #undef CALL_TXH
1816
1817 txh_done:
1818 if (unlikely(res == TX_DROP)) {
1819 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1820 if (tx->skb)
1821 ieee80211_free_txskb(&tx->local->hw, tx->skb);
1822 else
1823 ieee80211_purge_tx_queue(&tx->local->hw, &tx->skbs);
1824 return -1;
1825 } else if (unlikely(res == TX_QUEUED)) {
1826 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1827 return -1;
1828 }
1829
1830 return 0;
1831 }
1832
1833 static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1834 {
1835 int r = invoke_tx_handlers_early(tx);
1836
1837 if (r)
1838 return r;
1839 return invoke_tx_handlers_late(tx);
1840 }
1841
1842 bool ieee80211_tx_prepare_skb(struct ieee80211_hw *hw,
1843 struct ieee80211_vif *vif, struct sk_buff *skb,
1844 int band, struct ieee80211_sta **sta)
1845 {
1846 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
1847 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1848 struct ieee80211_tx_data tx;
1849 struct sk_buff *skb2;
1850
1851 if (ieee80211_tx_prepare(sdata, &tx, NULL, skb) == TX_DROP)
1852 return false;
1853
1854 info->band = band;
1855 info->control.vif = vif;
1856 info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)];
1857
1858 if (invoke_tx_handlers(&tx))
1859 return false;
1860
1861 if (sta) {
1862 if (tx.sta)
1863 *sta = &tx.sta->sta;
1864 else
1865 *sta = NULL;
1866 }
1867
1868 /* this function isn't suitable for fragmented data frames */
1869 skb2 = __skb_dequeue(&tx.skbs);
1870 if (WARN_ON(skb2 != skb || !skb_queue_empty(&tx.skbs))) {
1871 ieee80211_free_txskb(hw, skb2);
1872 ieee80211_purge_tx_queue(hw, &tx.skbs);
1873 return false;
1874 }
1875
1876 return true;
1877 }
1878 EXPORT_SYMBOL(ieee80211_tx_prepare_skb);
1879
1880 /*
1881 * Returns false if the frame couldn't be transmitted but was queued instead.
1882 */
1883 static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1884 struct sta_info *sta, struct sk_buff *skb,
1885 bool txpending)
1886 {
1887 struct ieee80211_local *local = sdata->local;
1888 struct ieee80211_tx_data tx;
1889 ieee80211_tx_result res_prepare;
1890 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1891 bool result = true;
1892 int led_len;
1893
1894 if (unlikely(skb->len < 10)) {
1895 dev_kfree_skb(skb);
1896 return true;
1897 }
1898
1899 /* initialises tx */
1900 led_len = skb->len;
1901 res_prepare = ieee80211_tx_prepare(sdata, &tx, sta, skb);
1902
1903 if (unlikely(res_prepare == TX_DROP)) {
1904 ieee80211_free_txskb(&local->hw, skb);
1905 return true;
1906 } else if (unlikely(res_prepare == TX_QUEUED)) {
1907 return true;
1908 }
1909
1910 /* set up hw_queue value early */
1911 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1912 !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1913 info->hw_queue =
1914 sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1915
1916 if (invoke_tx_handlers_early(&tx))
1917 return true;
1918
1919 if (ieee80211_queue_skb(local, sdata, tx.sta, tx.skb))
1920 return true;
1921
1922 if (!invoke_tx_handlers_late(&tx))
1923 result = __ieee80211_tx(local, &tx.skbs, led_len,
1924 tx.sta, txpending);
1925
1926 return result;
1927 }
1928
1929 /* device xmit handlers */
1930
1931 enum ieee80211_encrypt {
1932 ENCRYPT_NO,
1933 ENCRYPT_MGMT,
1934 ENCRYPT_DATA,
1935 };
1936
1937 static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1938 struct sk_buff *skb,
1939 int head_need,
1940 enum ieee80211_encrypt encrypt)
1941 {
1942 struct ieee80211_local *local = sdata->local;
1943 bool enc_tailroom;
1944 int tail_need = 0;
1945
1946 enc_tailroom = encrypt == ENCRYPT_MGMT ||
1947 (encrypt == ENCRYPT_DATA &&
1948 sdata->crypto_tx_tailroom_needed_cnt);
1949
1950 if (enc_tailroom) {
1951 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1952 tail_need -= skb_tailroom(skb);
1953 tail_need = max_t(int, tail_need, 0);
1954 }
1955
1956 if (skb_cloned(skb) &&
1957 (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
1958 !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
1959 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
1960 else if (head_need || tail_need)
1961 I802_DEBUG_INC(local->tx_expand_skb_head);
1962 else
1963 return 0;
1964
1965 if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
1966 wiphy_debug(local->hw.wiphy,
1967 "failed to reallocate TX buffer\n");
1968 return -ENOMEM;
1969 }
1970
1971 return 0;
1972 }
1973
1974 void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
1975 struct sta_info *sta, struct sk_buff *skb)
1976 {
1977 struct ieee80211_local *local = sdata->local;
1978 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1979 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1980 int headroom;
1981 enum ieee80211_encrypt encrypt;
1982
1983 if (info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)
1984 encrypt = ENCRYPT_NO;
1985 else if (ieee80211_is_mgmt(hdr->frame_control))
1986 encrypt = ENCRYPT_MGMT;
1987 else
1988 encrypt = ENCRYPT_DATA;
1989
1990 headroom = local->tx_headroom;
1991 if (encrypt != ENCRYPT_NO)
1992 headroom += sdata->encrypt_headroom;
1993 headroom -= skb_headroom(skb);
1994 headroom = max_t(int, 0, headroom);
1995
1996 if (ieee80211_skb_resize(sdata, skb, headroom, encrypt)) {
1997 ieee80211_free_txskb(&local->hw, skb);
1998 return;
1999 }
2000
2001 /* reload after potential resize */
2002 hdr = (struct ieee80211_hdr *) skb->data;
2003 info->control.vif = &sdata->vif;
2004
2005 if (ieee80211_vif_is_mesh(&sdata->vif)) {
2006 if (ieee80211_is_data(hdr->frame_control) &&
2007 is_unicast_ether_addr(hdr->addr1)) {
2008 if (mesh_nexthop_resolve(sdata, skb))
2009 return; /* skb queued: don't free */
2010 } else {
2011 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
2012 }
2013 }
2014
2015 ieee80211_set_qos_hdr(sdata, skb);
2016 ieee80211_tx(sdata, sta, skb, false);
2017 }
2018
2019 static bool ieee80211_validate_radiotap_len(struct sk_buff *skb)
2020 {
2021 struct ieee80211_radiotap_header *rthdr =
2022 (struct ieee80211_radiotap_header *)skb->data;
2023
2024 /* check for not even having the fixed radiotap header part */
2025 if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
2026 return false; /* too short to be possibly valid */
2027
2028 /* is it a header version we can trust to find length from? */
2029 if (unlikely(rthdr->it_version))
2030 return false; /* only version 0 is supported */
2031
2032 /* does the skb contain enough to deliver on the alleged length? */
2033 if (unlikely(skb->len < ieee80211_get_radiotap_len(skb->data)))
2034 return false; /* skb too short for claimed rt header extent */
2035
2036 return true;
2037 }
2038
2039 bool ieee80211_parse_tx_radiotap(struct sk_buff *skb,
2040 struct net_device *dev)
2041 {
2042 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2043 struct ieee80211_radiotap_iterator iterator;
2044 struct ieee80211_radiotap_header *rthdr =
2045 (struct ieee80211_radiotap_header *) skb->data;
2046 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2047 int ret = ieee80211_radiotap_iterator_init(&iterator, rthdr, skb->len,
2048 NULL);
2049 u16 txflags;
2050 u16 rate = 0;
2051 bool rate_found = false;
2052 u8 rate_retries = 0;
2053 u16 rate_flags = 0;
2054 u8 mcs_known, mcs_flags, mcs_bw;
2055 u16 vht_known;
2056 u8 vht_mcs = 0, vht_nss = 0;
2057 int i;
2058
2059 if (!ieee80211_validate_radiotap_len(skb))
2060 return false;
2061
2062 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2063 IEEE80211_TX_CTL_DONTFRAG;
2064
2065 /*
2066 * for every radiotap entry that is present
2067 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
2068 * entries present, or -EINVAL on error)
2069 */
2070
2071 while (!ret) {
2072 ret = ieee80211_radiotap_iterator_next(&iterator);
2073
2074 if (ret)
2075 continue;
2076
2077 /* see if this argument is something we can use */
2078 switch (iterator.this_arg_index) {
2079 /*
2080 * You must take care when dereferencing iterator.this_arg
2081 * for multibyte types... the pointer is not aligned. Use
2082 * get_unaligned((type *)iterator.this_arg) to dereference
2083 * iterator.this_arg for type "type" safely on all arches.
2084 */
2085 case IEEE80211_RADIOTAP_FLAGS:
2086 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
2087 /*
2088 * this indicates that the skb we have been
2089 * handed has the 32-bit FCS CRC at the end...
2090 * we should react to that by snipping it off
2091 * because it will be recomputed and added
2092 * on transmission
2093 */
2094 if (skb->len < (iterator._max_length + FCS_LEN))
2095 return false;
2096
2097 skb_trim(skb, skb->len - FCS_LEN);
2098 }
2099 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
2100 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
2101 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
2102 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
2103 break;
2104
2105 case IEEE80211_RADIOTAP_TX_FLAGS:
2106 txflags = get_unaligned_le16(iterator.this_arg);
2107 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
2108 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2109 if (txflags & IEEE80211_RADIOTAP_F_TX_NOSEQNO)
2110 info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO;
2111 if (txflags & IEEE80211_RADIOTAP_F_TX_ORDER)
2112 info->control.flags |=
2113 IEEE80211_TX_CTRL_DONT_REORDER;
2114 break;
2115
2116 case IEEE80211_RADIOTAP_RATE:
2117 rate = *iterator.this_arg;
2118 rate_flags = 0;
2119 rate_found = true;
2120 break;
2121
2122 case IEEE80211_RADIOTAP_DATA_RETRIES:
2123 rate_retries = *iterator.this_arg;
2124 break;
2125
2126 case IEEE80211_RADIOTAP_MCS:
2127 mcs_known = iterator.this_arg[0];
2128 mcs_flags = iterator.this_arg[1];
2129 if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS))
2130 break;
2131
2132 rate_found = true;
2133 rate = iterator.this_arg[2];
2134 rate_flags = IEEE80211_TX_RC_MCS;
2135
2136 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI &&
2137 mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
2138 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2139
2140 mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
2141 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
2142 mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
2143 rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2144
2145 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_FEC &&
2146 mcs_flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC)
2147 info->flags |= IEEE80211_TX_CTL_LDPC;
2148
2149 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_STBC) {
2150 u8 stbc = u8_get_bits(mcs_flags,
2151 IEEE80211_RADIOTAP_MCS_STBC_MASK);
2152
2153 info->flags |=
2154 u32_encode_bits(stbc,
2155 IEEE80211_TX_CTL_STBC);
2156 }
2157 break;
2158
2159 case IEEE80211_RADIOTAP_VHT:
2160 vht_known = get_unaligned_le16(iterator.this_arg);
2161 rate_found = true;
2162
2163 rate_flags = IEEE80211_TX_RC_VHT_MCS;
2164 if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) &&
2165 (iterator.this_arg[2] &
2166 IEEE80211_RADIOTAP_VHT_FLAG_SGI))
2167 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2168 if (vht_known &
2169 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) {
2170 if (iterator.this_arg[3] == 1)
2171 rate_flags |=
2172 IEEE80211_TX_RC_40_MHZ_WIDTH;
2173 else if (iterator.this_arg[3] == 4)
2174 rate_flags |=
2175 IEEE80211_TX_RC_80_MHZ_WIDTH;
2176 else if (iterator.this_arg[3] == 11)
2177 rate_flags |=
2178 IEEE80211_TX_RC_160_MHZ_WIDTH;
2179 }
2180
2181 vht_mcs = iterator.this_arg[4] >> 4;
2182 vht_nss = iterator.this_arg[4] & 0xF;
2183 break;
2184
2185 /*
2186 * Please update the file
2187 * Documentation/networking/mac80211-injection.rst
2188 * when parsing new fields here.
2189 */
2190
2191 default:
2192 break;
2193 }
2194 }
2195
2196 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
2197 return false;
2198
2199 if (rate_found) {
2200 struct ieee80211_supported_band *sband =
2201 local->hw.wiphy->bands[info->band];
2202
2203 info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT;
2204
2205 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2206 info->control.rates[i].idx = -1;
2207 info->control.rates[i].flags = 0;
2208 info->control.rates[i].count = 0;
2209 }
2210
2211 if (rate_flags & IEEE80211_TX_RC_MCS) {
2212 info->control.rates[0].idx = rate;
2213 } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) {
2214 ieee80211_rate_set_vht(info->control.rates, vht_mcs,
2215 vht_nss);
2216 } else if (sband) {
2217 for (i = 0; i < sband->n_bitrates; i++) {
2218 if (rate * 5 != sband->bitrates[i].bitrate)
2219 continue;
2220
2221 info->control.rates[0].idx = i;
2222 break;
2223 }
2224 }
2225
2226 if (info->control.rates[0].idx < 0)
2227 info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT;
2228
2229 info->control.rates[0].flags = rate_flags;
2230 info->control.rates[0].count = min_t(u8, rate_retries + 1,
2231 local->hw.max_rate_tries);
2232 }
2233
2234 return true;
2235 }
2236
2237 netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
2238 struct net_device *dev)
2239 {
2240 struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
2241 struct ieee80211_chanctx_conf *chanctx_conf;
2242 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2243 struct ieee80211_hdr *hdr;
2244 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
2245 struct cfg80211_chan_def *chandef;
2246 u16 len_rthdr;
2247 int hdrlen;
2248
2249 memset(info, 0, sizeof(*info));
2250 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2251 IEEE80211_TX_CTL_INJECTED;
2252
2253 /* Sanity-check the length of the radiotap header */
2254 if (!ieee80211_validate_radiotap_len(skb))
2255 goto fail;
2256
2257 /* we now know there is a radiotap header with a length we can use */
2258 len_rthdr = ieee80211_get_radiotap_len(skb->data);
2259
2260 /*
2261 * fix up the pointers accounting for the radiotap
2262 * header still being in there. We are being given
2263 * a precooked IEEE80211 header so no need for
2264 * normal processing
2265 */
2266 skb_set_mac_header(skb, len_rthdr);
2267 /*
2268 * these are just fixed to the end of the rt area since we
2269 * don't have any better information and at this point, nobody cares
2270 */
2271 skb_set_network_header(skb, len_rthdr);
2272 skb_set_transport_header(skb, len_rthdr);
2273
2274 if (skb->len < len_rthdr + 2)
2275 goto fail;
2276
2277 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
2278 hdrlen = ieee80211_hdrlen(hdr->frame_control);
2279
2280 if (skb->len < len_rthdr + hdrlen)
2281 goto fail;
2282
2283 /*
2284 * Initialize skb->protocol if the injected frame is a data frame
2285 * carrying a rfc1042 header
2286 */
2287 if (ieee80211_is_data(hdr->frame_control) &&
2288 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
2289 u8 *payload = (u8 *)hdr + hdrlen;
2290
2291 if (ether_addr_equal(payload, rfc1042_header))
2292 skb->protocol = cpu_to_be16((payload[6] << 8) |
2293 payload[7]);
2294 }
2295
2296 rcu_read_lock();
2297
2298 /*
2299 * We process outgoing injected frames that have a local address
2300 * we handle as though they are non-injected frames.
2301 * This code here isn't entirely correct, the local MAC address
2302 * isn't always enough to find the interface to use; for proper
2303 * VLAN support we have an nl80211-based mechanism.
2304 *
2305 * This is necessary, for example, for old hostapd versions that
2306 * don't use nl80211-based management TX/RX.
2307 */
2308 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2309
2310 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2311 if (!ieee80211_sdata_running(tmp_sdata))
2312 continue;
2313 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2314 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2315 continue;
2316 if (ether_addr_equal(tmp_sdata->vif.addr, hdr->addr2)) {
2317 sdata = tmp_sdata;
2318 break;
2319 }
2320 }
2321
2322 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2323 if (!chanctx_conf) {
2324 tmp_sdata = rcu_dereference(local->monitor_sdata);
2325 if (tmp_sdata)
2326 chanctx_conf =
2327 rcu_dereference(tmp_sdata->vif.chanctx_conf);
2328 }
2329
2330 if (chanctx_conf)
2331 chandef = &chanctx_conf->def;
2332 else if (!local->use_chanctx)
2333 chandef = &local->_oper_chandef;
2334 else
2335 goto fail_rcu;
2336
2337 /*
2338 * Frame injection is not allowed if beaconing is not allowed
2339 * or if we need radar detection. Beaconing is usually not allowed when
2340 * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
2341 * Passive scan is also used in world regulatory domains where
2342 * your country is not known and as such it should be treated as
2343 * NO TX unless the channel is explicitly allowed in which case
2344 * your current regulatory domain would not have the passive scan
2345 * flag.
2346 *
2347 * Since AP mode uses monitor interfaces to inject/TX management
2348 * frames we can make AP mode the exception to this rule once it
2349 * supports radar detection as its implementation can deal with
2350 * radar detection by itself. We can do that later by adding a
2351 * monitor flag interfaces used for AP support.
2352 */
2353 if (!cfg80211_reg_can_beacon(local->hw.wiphy, chandef,
2354 sdata->vif.type))
2355 goto fail_rcu;
2356
2357 info->band = chandef->chan->band;
2358
2359 /* Initialize skb->priority according to frame type and TID class,
2360 * with respect to the sub interface that the frame will actually
2361 * be transmitted on. If the DONT_REORDER flag is set, the original
2362 * skb-priority is preserved to assure frames injected with this
2363 * flag are not reordered relative to each other.
2364 */
2365 ieee80211_select_queue_80211(sdata, skb, hdr);
2366 skb_set_queue_mapping(skb, ieee80211_ac_from_tid(skb->priority));
2367
2368 /*
2369 * Process the radiotap header. This will now take into account the
2370 * selected chandef above to accurately set injection rates and
2371 * retransmissions.
2372 */
2373 if (!ieee80211_parse_tx_radiotap(skb, dev))
2374 goto fail_rcu;
2375
2376 /* remove the injection radiotap header */
2377 skb_pull(skb, len_rthdr);
2378
2379 ieee80211_xmit(sdata, NULL, skb);
2380 rcu_read_unlock();
2381
2382 return NETDEV_TX_OK;
2383
2384 fail_rcu:
2385 rcu_read_unlock();
2386 fail:
2387 dev_kfree_skb(skb);
2388 return NETDEV_TX_OK; /* meaning, we dealt with the skb */
2389 }
2390
2391 static inline bool ieee80211_is_tdls_setup(struct sk_buff *skb)
2392 {
2393 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
2394
2395 return ethertype == ETH_P_TDLS &&
2396 skb->len > 14 &&
2397 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE;
2398 }
2399
2400 int ieee80211_lookup_ra_sta(struct ieee80211_sub_if_data *sdata,
2401 struct sk_buff *skb,
2402 struct sta_info **sta_out)
2403 {
2404 struct sta_info *sta;
2405
2406 switch (sdata->vif.type) {
2407 case NL80211_IFTYPE_AP_VLAN:
2408 sta = rcu_dereference(sdata->u.vlan.sta);
2409 if (sta) {
2410 *sta_out = sta;
2411 return 0;
2412 } else if (sdata->wdev.use_4addr) {
2413 return -ENOLINK;
2414 }
2415 fallthrough;
2416 case NL80211_IFTYPE_AP:
2417 case NL80211_IFTYPE_OCB:
2418 case NL80211_IFTYPE_ADHOC:
2419 if (is_multicast_ether_addr(skb->data)) {
2420 *sta_out = ERR_PTR(-ENOENT);
2421 return 0;
2422 }
2423 sta = sta_info_get_bss(sdata, skb->data);
2424 break;
2425 #ifdef CONFIG_MAC80211_MESH
2426 case NL80211_IFTYPE_MESH_POINT:
2427 /* determined much later */
2428 *sta_out = NULL;
2429 return 0;
2430 #endif
2431 case NL80211_IFTYPE_STATION:
2432 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2433 sta = sta_info_get(sdata, skb->data);
2434 if (sta && test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2435 if (test_sta_flag(sta,
2436 WLAN_STA_TDLS_PEER_AUTH)) {
2437 *sta_out = sta;
2438 return 0;
2439 }
2440
2441 /*
2442 * TDLS link during setup - throw out frames to
2443 * peer. Allow TDLS-setup frames to unauthorized
2444 * peers for the special case of a link teardown
2445 * after a TDLS sta is removed due to being
2446 * unreachable.
2447 */
2448 if (!ieee80211_is_tdls_setup(skb))
2449 return -EINVAL;
2450 }
2451
2452 }
2453
2454 sta = sta_info_get(sdata, sdata->u.mgd.bssid);
2455 if (!sta)
2456 return -ENOLINK;
2457 break;
2458 default:
2459 return -EINVAL;
2460 }
2461
2462 *sta_out = sta ?: ERR_PTR(-ENOENT);
2463 return 0;
2464 }
2465
2466 static u16 ieee80211_store_ack_skb(struct ieee80211_local *local,
2467 struct sk_buff *skb,
2468 u32 *info_flags,
2469 u64 *cookie)
2470 {
2471 struct sk_buff *ack_skb;
2472 u16 info_id = 0;
2473
2474 if (skb->sk)
2475 ack_skb = skb_clone_sk(skb);
2476 else
2477 ack_skb = skb_clone(skb, GFP_ATOMIC);
2478
2479 if (ack_skb) {
2480 unsigned long flags;
2481 int id;
2482
2483 spin_lock_irqsave(&local->ack_status_lock, flags);
2484 id = idr_alloc(&local->ack_status_frames, ack_skb,
2485 1, 0x2000, GFP_ATOMIC);
2486 spin_unlock_irqrestore(&local->ack_status_lock, flags);
2487
2488 if (id >= 0) {
2489 info_id = id;
2490 *info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2491 if (cookie) {
2492 *cookie = ieee80211_mgmt_tx_cookie(local);
2493 IEEE80211_SKB_CB(ack_skb)->ack.cookie = *cookie;
2494 }
2495 } else {
2496 kfree_skb(ack_skb);
2497 }
2498 }
2499
2500 return info_id;
2501 }
2502
2503 /**
2504 * ieee80211_build_hdr - build 802.11 header in the given frame
2505 * @sdata: virtual interface to build the header for
2506 * @skb: the skb to build the header in
2507 * @info_flags: skb flags to set
2508 * @sta: the station pointer
2509 * @ctrl_flags: info control flags to set
2510 * @cookie: cookie pointer to fill (if not %NULL)
2511 *
2512 * This function takes the skb with 802.3 header and reformats the header to
2513 * the appropriate IEEE 802.11 header based on which interface the packet is
2514 * being transmitted on.
2515 *
2516 * Note that this function also takes care of the TX status request and
2517 * potential unsharing of the SKB - this needs to be interleaved with the
2518 * header building.
2519 *
2520 * The function requires the read-side RCU lock held
2521 *
2522 * Returns: the (possibly reallocated) skb or an ERR_PTR() code
2523 */
2524 static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
2525 struct sk_buff *skb, u32 info_flags,
2526 struct sta_info *sta, u32 ctrl_flags,
2527 u64 *cookie)
2528 {
2529 struct ieee80211_local *local = sdata->local;
2530 struct ieee80211_tx_info *info;
2531 int head_need;
2532 u16 ethertype, hdrlen, meshhdrlen = 0;
2533 __le16 fc;
2534 struct ieee80211_hdr hdr;
2535 struct ieee80211s_hdr mesh_hdr __maybe_unused;
2536 struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
2537 const u8 *encaps_data;
2538 int encaps_len, skip_header_bytes;
2539 bool wme_sta = false, authorized = false;
2540 bool tdls_peer;
2541 bool multicast;
2542 u16 info_id = 0;
2543 struct ieee80211_chanctx_conf *chanctx_conf;
2544 struct ieee80211_sub_if_data *ap_sdata;
2545 enum nl80211_band band;
2546 int ret;
2547
2548 if (IS_ERR(sta))
2549 sta = NULL;
2550
2551 #ifdef CONFIG_MAC80211_DEBUGFS
2552 if (local->force_tx_status)
2553 info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2554 #endif
2555
2556 /* convert Ethernet header to proper 802.11 header (based on
2557 * operation mode) */
2558 ethertype = (skb->data[12] << 8) | skb->data[13];
2559 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2560
2561 switch (sdata->vif.type) {
2562 case NL80211_IFTYPE_AP_VLAN:
2563 if (sdata->wdev.use_4addr) {
2564 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2565 /* RA TA DA SA */
2566 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
2567 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2568 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2569 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2570 hdrlen = 30;
2571 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2572 wme_sta = sta->sta.wme;
2573 }
2574 ap_sdata = container_of(sdata->bss, struct ieee80211_sub_if_data,
2575 u.ap);
2576 chanctx_conf = rcu_dereference(ap_sdata->vif.chanctx_conf);
2577 if (!chanctx_conf) {
2578 ret = -ENOTCONN;
2579 goto free;
2580 }
2581 band = chanctx_conf->def.chan->band;
2582 if (sdata->wdev.use_4addr)
2583 break;
2584 fallthrough;
2585 case NL80211_IFTYPE_AP:
2586 if (sdata->vif.type == NL80211_IFTYPE_AP)
2587 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2588 if (!chanctx_conf) {
2589 ret = -ENOTCONN;
2590 goto free;
2591 }
2592 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2593 /* DA BSSID SA */
2594 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2595 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2596 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
2597 hdrlen = 24;
2598 band = chanctx_conf->def.chan->band;
2599 break;
2600 #ifdef CONFIG_MAC80211_MESH
2601 case NL80211_IFTYPE_MESH_POINT:
2602 if (!is_multicast_ether_addr(skb->data)) {
2603 struct sta_info *next_hop;
2604 bool mpp_lookup = true;
2605
2606 mpath = mesh_path_lookup(sdata, skb->data);
2607 if (mpath) {
2608 mpp_lookup = false;
2609 next_hop = rcu_dereference(mpath->next_hop);
2610 if (!next_hop ||
2611 !(mpath->flags & (MESH_PATH_ACTIVE |
2612 MESH_PATH_RESOLVING)))
2613 mpp_lookup = true;
2614 }
2615
2616 if (mpp_lookup) {
2617 mppath = mpp_path_lookup(sdata, skb->data);
2618 if (mppath)
2619 mppath->exp_time = jiffies;
2620 }
2621
2622 if (mppath && mpath)
2623 mesh_path_del(sdata, mpath->dst);
2624 }
2625
2626 /*
2627 * Use address extension if it is a packet from
2628 * another interface or if we know the destination
2629 * is being proxied by a portal (i.e. portal address
2630 * differs from proxied address)
2631 */
2632 if (ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN) &&
2633 !(mppath && !ether_addr_equal(mppath->mpp, skb->data))) {
2634 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2635 skb->data, skb->data + ETH_ALEN);
2636 meshhdrlen = ieee80211_new_mesh_header(sdata, &mesh_hdr,
2637 NULL, NULL);
2638 } else {
2639 /* DS -> MBSS (802.11-2012 13.11.3.3).
2640 * For unicast with unknown forwarding information,
2641 * destination might be in the MBSS or if that fails
2642 * forwarded to another mesh gate. In either case
2643 * resolution will be handled in ieee80211_xmit(), so
2644 * leave the original DA. This also works for mcast */
2645 const u8 *mesh_da = skb->data;
2646
2647 if (mppath)
2648 mesh_da = mppath->mpp;
2649 else if (mpath)
2650 mesh_da = mpath->dst;
2651
2652 hdrlen = ieee80211_fill_mesh_addresses(&hdr, &fc,
2653 mesh_da, sdata->vif.addr);
2654 if (is_multicast_ether_addr(mesh_da))
2655 /* DA TA mSA AE:SA */
2656 meshhdrlen = ieee80211_new_mesh_header(
2657 sdata, &mesh_hdr,
2658 skb->data + ETH_ALEN, NULL);
2659 else
2660 /* RA TA mDA mSA AE:DA SA */
2661 meshhdrlen = ieee80211_new_mesh_header(
2662 sdata, &mesh_hdr, skb->data,
2663 skb->data + ETH_ALEN);
2664
2665 }
2666 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2667 if (!chanctx_conf) {
2668 ret = -ENOTCONN;
2669 goto free;
2670 }
2671 band = chanctx_conf->def.chan->band;
2672
2673 /* For injected frames, fill RA right away as nexthop lookup
2674 * will be skipped.
2675 */
2676 if ((ctrl_flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP) &&
2677 is_zero_ether_addr(hdr.addr1))
2678 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2679 break;
2680 #endif
2681 case NL80211_IFTYPE_STATION:
2682 /* we already did checks when looking up the RA STA */
2683 tdls_peer = test_sta_flag(sta, WLAN_STA_TDLS_PEER);
2684
2685 if (tdls_peer) {
2686 /* DA SA BSSID */
2687 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2688 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2689 memcpy(hdr.addr3, sdata->u.mgd.bssid, ETH_ALEN);
2690 hdrlen = 24;
2691 } else if (sdata->u.mgd.use_4addr &&
2692 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
2693 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2694 IEEE80211_FCTL_TODS);
2695 /* RA TA DA SA */
2696 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
2697 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2698 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2699 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2700 hdrlen = 30;
2701 } else {
2702 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2703 /* BSSID SA DA */
2704 memcpy(hdr.addr1, sdata->u.mgd.bssid, ETH_ALEN);
2705 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2706 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2707 hdrlen = 24;
2708 }
2709 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2710 if (!chanctx_conf) {
2711 ret = -ENOTCONN;
2712 goto free;
2713 }
2714 band = chanctx_conf->def.chan->band;
2715 break;
2716 case NL80211_IFTYPE_OCB:
2717 /* DA SA BSSID */
2718 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2719 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2720 eth_broadcast_addr(hdr.addr3);
2721 hdrlen = 24;
2722 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2723 if (!chanctx_conf) {
2724 ret = -ENOTCONN;
2725 goto free;
2726 }
2727 band = chanctx_conf->def.chan->band;
2728 break;
2729 case NL80211_IFTYPE_ADHOC:
2730 /* DA SA BSSID */
2731 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2732 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2733 memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
2734 hdrlen = 24;
2735 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2736 if (!chanctx_conf) {
2737 ret = -ENOTCONN;
2738 goto free;
2739 }
2740 band = chanctx_conf->def.chan->band;
2741 break;
2742 default:
2743 ret = -EINVAL;
2744 goto free;
2745 }
2746
2747 multicast = is_multicast_ether_addr(hdr.addr1);
2748
2749 /* sta is always NULL for mesh */
2750 if (sta) {
2751 authorized = test_sta_flag(sta, WLAN_STA_AUTHORIZED);
2752 wme_sta = sta->sta.wme;
2753 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
2754 /* For mesh, the use of the QoS header is mandatory */
2755 wme_sta = true;
2756 }
2757
2758 /* receiver does QoS (which also means we do) use it */
2759 if (wme_sta) {
2760 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2761 hdrlen += 2;
2762 }
2763
2764 /*
2765 * Drop unicast frames to unauthorised stations unless they are
2766 * EAPOL frames from the local station.
2767 */
2768 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
2769 (sdata->vif.type != NL80211_IFTYPE_OCB) &&
2770 !multicast && !authorized &&
2771 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
2772 !ether_addr_equal(sdata->vif.addr, skb->data + ETH_ALEN)))) {
2773 #ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2774 net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
2775 sdata->name, hdr.addr1);
2776 #endif
2777
2778 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
2779
2780 ret = -EPERM;
2781 goto free;
2782 }
2783
2784 if (unlikely(!multicast && ((skb->sk &&
2785 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS) ||
2786 ctrl_flags & IEEE80211_TX_CTL_REQ_TX_STATUS)))
2787 info_id = ieee80211_store_ack_skb(local, skb, &info_flags,
2788 cookie);
2789
2790 /*
2791 * If the skb is shared we need to obtain our own copy.
2792 */
2793 if (skb_shared(skb)) {
2794 struct sk_buff *tmp_skb = skb;
2795
2796 /* can't happen -- skb is a clone if info_id != 0 */
2797 WARN_ON(info_id);
2798
2799 skb = skb_clone(skb, GFP_ATOMIC);
2800 kfree_skb(tmp_skb);
2801
2802 if (!skb) {
2803 ret = -ENOMEM;
2804 goto free;
2805 }
2806 }
2807
2808 hdr.frame_control = fc;
2809 hdr.duration_id = 0;
2810 hdr.seq_ctrl = 0;
2811
2812 skip_header_bytes = ETH_HLEN;
2813 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2814 encaps_data = bridge_tunnel_header;
2815 encaps_len = sizeof(bridge_tunnel_header);
2816 skip_header_bytes -= 2;
2817 } else if (ethertype >= ETH_P_802_3_MIN) {
2818 encaps_data = rfc1042_header;
2819 encaps_len = sizeof(rfc1042_header);
2820 skip_header_bytes -= 2;
2821 } else {
2822 encaps_data = NULL;
2823 encaps_len = 0;
2824 }
2825
2826 skb_pull(skb, skip_header_bytes);
2827 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2828
2829 /*
2830 * So we need to modify the skb header and hence need a copy of
2831 * that. The head_need variable above doesn't, so far, include
2832 * the needed header space that we don't need right away. If we
2833 * can, then we don't reallocate right now but only after the
2834 * frame arrives at the master device (if it does...)
2835 *
2836 * If we cannot, however, then we will reallocate to include all
2837 * the ever needed space. Also, if we need to reallocate it anyway,
2838 * make it big enough for everything we may ever need.
2839 */
2840
2841 if (head_need > 0 || skb_cloned(skb)) {
2842 head_need += sdata->encrypt_headroom;
2843 head_need += local->tx_headroom;
2844 head_need = max_t(int, 0, head_need);
2845 if (ieee80211_skb_resize(sdata, skb, head_need, ENCRYPT_DATA)) {
2846 ieee80211_free_txskb(&local->hw, skb);
2847 skb = NULL;
2848 return ERR_PTR(-ENOMEM);
2849 }
2850 }
2851
2852 if (encaps_data)
2853 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2854
2855 #ifdef CONFIG_MAC80211_MESH
2856 if (meshhdrlen > 0)
2857 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2858 #endif
2859
2860 if (ieee80211_is_data_qos(fc)) {
2861 __le16 *qos_control;
2862
2863 qos_control = skb_push(skb, 2);
2864 memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2865 /*
2866 * Maybe we could actually set some fields here, for now just
2867 * initialise to zero to indicate no special operation.
2868 */
2869 *qos_control = 0;
2870 } else
2871 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2872
2873 skb_reset_mac_header(skb);
2874
2875 info = IEEE80211_SKB_CB(skb);
2876 memset(info, 0, sizeof(*info));
2877
2878 info->flags = info_flags;
2879 info->ack_frame_id = info_id;
2880 info->band = band;
2881 info->control.flags = ctrl_flags;
2882
2883 return skb;
2884 free:
2885 kfree_skb(skb);
2886 return ERR_PTR(ret);
2887 }
2888
2889 /*
2890 * fast-xmit overview
2891 *
2892 * The core idea of this fast-xmit is to remove per-packet checks by checking
2893 * them out of band. ieee80211_check_fast_xmit() implements the out-of-band
2894 * checks that are needed to get the sta->fast_tx pointer assigned, after which
2895 * much less work can be done per packet. For example, fragmentation must be
2896 * disabled or the fast_tx pointer will not be set. All the conditions are seen
2897 * in the code here.
2898 *
2899 * Once assigned, the fast_tx data structure also caches the per-packet 802.11
2900 * header and other data to aid packet processing in ieee80211_xmit_fast().
2901 *
2902 * The most difficult part of this is that when any of these assumptions
2903 * change, an external trigger (i.e. a call to ieee80211_clear_fast_xmit(),
2904 * ieee80211_check_fast_xmit() or friends) is required to reset the data,
2905 * since the per-packet code no longer checks the conditions. This is reflected
2906 * by the calls to these functions throughout the rest of the code, and must be
2907 * maintained if any of the TX path checks change.
2908 */
2909
2910 void ieee80211_check_fast_xmit(struct sta_info *sta)
2911 {
2912 struct ieee80211_fast_tx build = {}, *fast_tx = NULL, *old;
2913 struct ieee80211_local *local = sta->local;
2914 struct ieee80211_sub_if_data *sdata = sta->sdata;
2915 struct ieee80211_hdr *hdr = (void *)build.hdr;
2916 struct ieee80211_chanctx_conf *chanctx_conf;
2917 __le16 fc;
2918
2919 if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
2920 return;
2921
2922 /* Locking here protects both the pointer itself, and against concurrent
2923 * invocations winning data access races to, e.g., the key pointer that
2924 * is used.
2925 * Without it, the invocation of this function right after the key
2926 * pointer changes wouldn't be sufficient, as another CPU could access
2927 * the pointer, then stall, and then do the cache update after the CPU
2928 * that invalidated the key.
2929 * With the locking, such scenarios cannot happen as the check for the
2930 * key and the fast-tx assignment are done atomically, so the CPU that
2931 * modifies the key will either wait or other one will see the key
2932 * cleared/changed already.
2933 */
2934 spin_lock_bh(&sta->lock);
2935 if (ieee80211_hw_check(&local->hw, SUPPORTS_PS) &&
2936 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS) &&
2937 sdata->vif.type == NL80211_IFTYPE_STATION)
2938 goto out;
2939
2940 if (!test_sta_flag(sta, WLAN_STA_AUTHORIZED))
2941 goto out;
2942
2943 if (test_sta_flag(sta, WLAN_STA_PS_STA) ||
2944 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
2945 test_sta_flag(sta, WLAN_STA_PS_DELIVER) ||
2946 test_sta_flag(sta, WLAN_STA_CLEAR_PS_FILT))
2947 goto out;
2948
2949 if (sdata->noack_map)
2950 goto out;
2951
2952 /* fast-xmit doesn't handle fragmentation at all */
2953 if (local->hw.wiphy->frag_threshold != (u32)-1 &&
2954 !ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG))
2955 goto out;
2956
2957 rcu_read_lock();
2958 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
2959 if (!chanctx_conf) {
2960 rcu_read_unlock();
2961 goto out;
2962 }
2963 build.band = chanctx_conf->def.chan->band;
2964 rcu_read_unlock();
2965
2966 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2967
2968 switch (sdata->vif.type) {
2969 case NL80211_IFTYPE_ADHOC:
2970 /* DA SA BSSID */
2971 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
2972 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
2973 memcpy(hdr->addr3, sdata->u.ibss.bssid, ETH_ALEN);
2974 build.hdr_len = 24;
2975 break;
2976 case NL80211_IFTYPE_STATION:
2977 if (test_sta_flag(sta, WLAN_STA_TDLS_PEER)) {
2978 /* DA SA BSSID */
2979 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
2980 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
2981 memcpy(hdr->addr3, sdata->u.mgd.bssid, ETH_ALEN);
2982 build.hdr_len = 24;
2983 break;
2984 }
2985
2986 if (sdata->u.mgd.use_4addr) {
2987 /* non-regular ethertype cannot use the fastpath */
2988 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2989 IEEE80211_FCTL_TODS);
2990 /* RA TA DA SA */
2991 memcpy(hdr->addr1, sdata->u.mgd.bssid, ETH_ALEN);
2992 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
2993 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
2994 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
2995 build.hdr_len = 30;
2996 break;
2997 }
2998 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2999 /* BSSID SA DA */
3000 memcpy(hdr->addr1, sdata->u.mgd.bssid, ETH_ALEN);
3001 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3002 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3003 build.hdr_len = 24;
3004 break;
3005 case NL80211_IFTYPE_AP_VLAN:
3006 if (sdata->wdev.use_4addr) {
3007 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3008 IEEE80211_FCTL_TODS);
3009 /* RA TA DA SA */
3010 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
3011 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3012 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3013 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3014 build.hdr_len = 30;
3015 break;
3016 }
3017 fallthrough;
3018 case NL80211_IFTYPE_AP:
3019 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
3020 /* DA BSSID SA */
3021 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3022 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3023 build.sa_offs = offsetof(struct ieee80211_hdr, addr3);
3024 build.hdr_len = 24;
3025 break;
3026 default:
3027 /* not handled on fast-xmit */
3028 goto out;
3029 }
3030
3031 if (sta->sta.wme) {
3032 build.hdr_len += 2;
3033 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3034 }
3035
3036 /* We store the key here so there's no point in using rcu_dereference()
3037 * but that's fine because the code that changes the pointers will call
3038 * this function after doing so. For a single CPU that would be enough,
3039 * for multiple see the comment above.
3040 */
3041 build.key = rcu_access_pointer(sta->ptk[sta->ptk_idx]);
3042 if (!build.key)
3043 build.key = rcu_access_pointer(sdata->default_unicast_key);
3044 if (build.key) {
3045 bool gen_iv, iv_spc, mmic;
3046
3047 gen_iv = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV;
3048 iv_spc = build.key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE;
3049 mmic = build.key->conf.flags &
3050 (IEEE80211_KEY_FLAG_GENERATE_MMIC |
3051 IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
3052
3053 /* don't handle software crypto */
3054 if (!(build.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
3055 goto out;
3056
3057 /* Key is being removed */
3058 if (build.key->flags & KEY_FLAG_TAINTED)
3059 goto out;
3060
3061 switch (build.key->conf.cipher) {
3062 case WLAN_CIPHER_SUITE_CCMP:
3063 case WLAN_CIPHER_SUITE_CCMP_256:
3064 if (gen_iv)
3065 build.pn_offs = build.hdr_len;
3066 if (gen_iv || iv_spc)
3067 build.hdr_len += IEEE80211_CCMP_HDR_LEN;
3068 break;
3069 case WLAN_CIPHER_SUITE_GCMP:
3070 case WLAN_CIPHER_SUITE_GCMP_256:
3071 if (gen_iv)
3072 build.pn_offs = build.hdr_len;
3073 if (gen_iv || iv_spc)
3074 build.hdr_len += IEEE80211_GCMP_HDR_LEN;
3075 break;
3076 case WLAN_CIPHER_SUITE_TKIP:
3077 /* cannot handle MMIC or IV generation in xmit-fast */
3078 if (mmic || gen_iv)
3079 goto out;
3080 if (iv_spc)
3081 build.hdr_len += IEEE80211_TKIP_IV_LEN;
3082 break;
3083 case WLAN_CIPHER_SUITE_WEP40:
3084 case WLAN_CIPHER_SUITE_WEP104:
3085 /* cannot handle IV generation in fast-xmit */
3086 if (gen_iv)
3087 goto out;
3088 if (iv_spc)
3089 build.hdr_len += IEEE80211_WEP_IV_LEN;
3090 break;
3091 case WLAN_CIPHER_SUITE_AES_CMAC:
3092 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3093 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3094 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3095 WARN(1,
3096 "management cipher suite 0x%x enabled for data\n",
3097 build.key->conf.cipher);
3098 goto out;
3099 default:
3100 /* we don't know how to generate IVs for this at all */
3101 if (WARN_ON(gen_iv))
3102 goto out;
3103 /* pure hardware keys are OK, of course */
3104 if (!(build.key->flags & KEY_FLAG_CIPHER_SCHEME))
3105 break;
3106 /* cipher scheme might require space allocation */
3107 if (iv_spc &&
3108 build.key->conf.iv_len > IEEE80211_FAST_XMIT_MAX_IV)
3109 goto out;
3110 if (iv_spc)
3111 build.hdr_len += build.key->conf.iv_len;
3112 }
3113
3114 fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
3115 }
3116
3117 hdr->frame_control = fc;
3118
3119 memcpy(build.hdr + build.hdr_len,
3120 rfc1042_header, sizeof(rfc1042_header));
3121 build.hdr_len += sizeof(rfc1042_header);
3122
3123 fast_tx = kmemdup(&build, sizeof(build), GFP_ATOMIC);
3124 /* if the kmemdup fails, continue w/o fast_tx */
3125 if (!fast_tx)
3126 goto out;
3127
3128 out:
3129 /* we might have raced against another call to this function */
3130 old = rcu_dereference_protected(sta->fast_tx,
3131 lockdep_is_held(&sta->lock));
3132 rcu_assign_pointer(sta->fast_tx, fast_tx);
3133 if (old)
3134 kfree_rcu(old, rcu_head);
3135 spin_unlock_bh(&sta->lock);
3136 }
3137
3138 void ieee80211_check_fast_xmit_all(struct ieee80211_local *local)
3139 {
3140 struct sta_info *sta;
3141
3142 rcu_read_lock();
3143 list_for_each_entry_rcu(sta, &local->sta_list, list)
3144 ieee80211_check_fast_xmit(sta);
3145 rcu_read_unlock();
3146 }
3147
3148 void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata)
3149 {
3150 struct ieee80211_local *local = sdata->local;
3151 struct sta_info *sta;
3152
3153 rcu_read_lock();
3154
3155 list_for_each_entry_rcu(sta, &local->sta_list, list) {
3156 if (sdata != sta->sdata &&
3157 (!sta->sdata->bss || sta->sdata->bss != sdata->bss))
3158 continue;
3159 ieee80211_check_fast_xmit(sta);
3160 }
3161
3162 rcu_read_unlock();
3163 }
3164
3165 void ieee80211_clear_fast_xmit(struct sta_info *sta)
3166 {
3167 struct ieee80211_fast_tx *fast_tx;
3168
3169 spin_lock_bh(&sta->lock);
3170 fast_tx = rcu_dereference_protected(sta->fast_tx,
3171 lockdep_is_held(&sta->lock));
3172 RCU_INIT_POINTER(sta->fast_tx, NULL);
3173 spin_unlock_bh(&sta->lock);
3174
3175 if (fast_tx)
3176 kfree_rcu(fast_tx, rcu_head);
3177 }
3178
3179 static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
3180 struct sk_buff *skb, int headroom)
3181 {
3182 if (skb_headroom(skb) < headroom) {
3183 I802_DEBUG_INC(local->tx_expand_skb_head);
3184
3185 if (pskb_expand_head(skb, headroom, 0, GFP_ATOMIC)) {
3186 wiphy_debug(local->hw.wiphy,
3187 "failed to reallocate TX buffer\n");
3188 return false;
3189 }
3190 }
3191
3192 return true;
3193 }
3194
3195 static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
3196 struct ieee80211_fast_tx *fast_tx,
3197 struct sk_buff *skb)
3198 {
3199 struct ieee80211_local *local = sdata->local;
3200 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3201 struct ieee80211_hdr *hdr;
3202 struct ethhdr *amsdu_hdr;
3203 int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
3204 int subframe_len = skb->len - hdr_len;
3205 void *data;
3206 u8 *qc, *h_80211_src, *h_80211_dst;
3207 const u8 *bssid;
3208
3209 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
3210 return false;
3211
3212 if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
3213 return true;
3214
3215 if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(*amsdu_hdr)))
3216 return false;
3217
3218 data = skb_push(skb, sizeof(*amsdu_hdr));
3219 memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
3220 hdr = data;
3221 amsdu_hdr = data + hdr_len;
3222 /* h_80211_src/dst is addr* field within hdr */
3223 h_80211_src = data + fast_tx->sa_offs;
3224 h_80211_dst = data + fast_tx->da_offs;
3225
3226 amsdu_hdr->h_proto = cpu_to_be16(subframe_len);
3227 ether_addr_copy(amsdu_hdr->h_source, h_80211_src);
3228 ether_addr_copy(amsdu_hdr->h_dest, h_80211_dst);
3229
3230 /* according to IEEE 802.11-2012 8.3.2 table 8-19, the outer SA/DA
3231 * fields needs to be changed to BSSID for A-MSDU frames depending
3232 * on FromDS/ToDS values.
3233 */
3234 switch (sdata->vif.type) {
3235 case NL80211_IFTYPE_STATION:
3236 bssid = sdata->u.mgd.bssid;
3237 break;
3238 case NL80211_IFTYPE_AP:
3239 case NL80211_IFTYPE_AP_VLAN:
3240 bssid = sdata->vif.addr;
3241 break;
3242 default:
3243 bssid = NULL;
3244 }
3245
3246 if (bssid && ieee80211_has_fromds(hdr->frame_control))
3247 ether_addr_copy(h_80211_src, bssid);
3248
3249 if (bssid && ieee80211_has_tods(hdr->frame_control))
3250 ether_addr_copy(h_80211_dst, bssid);
3251
3252 qc = ieee80211_get_qos_ctl(hdr);
3253 *qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
3254
3255 info->control.flags |= IEEE80211_TX_CTRL_AMSDU;
3256
3257 return true;
3258 }
3259
3260 static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata,
3261 struct sta_info *sta,
3262 struct ieee80211_fast_tx *fast_tx,
3263 struct sk_buff *skb)
3264 {
3265 struct ieee80211_local *local = sdata->local;
3266 struct fq *fq = &local->fq;
3267 struct fq_tin *tin;
3268 struct fq_flow *flow;
3269 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3270 struct ieee80211_txq *txq = sta->sta.txq[tid];
3271 struct txq_info *txqi;
3272 struct sk_buff **frag_tail, *head;
3273 int subframe_len = skb->len - ETH_ALEN;
3274 u8 max_subframes = sta->sta.max_amsdu_subframes;
3275 int max_frags = local->hw.max_tx_fragments;
3276 int max_amsdu_len = sta->sta.max_amsdu_len;
3277 int orig_truesize;
3278 u32 flow_idx;
3279 __be16 len;
3280 void *data;
3281 bool ret = false;
3282 unsigned int orig_len;
3283 int n = 2, nfrags, pad = 0;
3284 u16 hdrlen;
3285
3286 if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
3287 return false;
3288
3289 if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
3290 return false;
3291
3292 if (skb_is_gso(skb))
3293 return false;
3294
3295 if (!txq)
3296 return false;
3297
3298 txqi = to_txq_info(txq);
3299 if (test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags))
3300 return false;
3301
3302 if (sta->sta.max_rc_amsdu_len)
3303 max_amsdu_len = min_t(int, max_amsdu_len,
3304 sta->sta.max_rc_amsdu_len);
3305
3306 if (sta->sta.max_tid_amsdu_len[tid])
3307 max_amsdu_len = min_t(int, max_amsdu_len,
3308 sta->sta.max_tid_amsdu_len[tid]);
3309
3310 flow_idx = fq_flow_idx(fq, skb);
3311
3312 spin_lock_bh(&fq->lock);
3313
3314 /* TODO: Ideally aggregation should be done on dequeue to remain
3315 * responsive to environment changes.
3316 */
3317
3318 tin = &txqi->tin;
3319 flow = fq_flow_classify(fq, tin, flow_idx, skb);
3320 head = skb_peek_tail(&flow->queue);
3321 if (!head || skb_is_gso(head))
3322 goto out;
3323
3324 orig_truesize = head->truesize;
3325 orig_len = head->len;
3326
3327 if (skb->len + head->len > max_amsdu_len)
3328 goto out;
3329
3330 nfrags = 1 + skb_shinfo(skb)->nr_frags;
3331 nfrags += 1 + skb_shinfo(head)->nr_frags;
3332 frag_tail = &skb_shinfo(head)->frag_list;
3333 while (*frag_tail) {
3334 nfrags += 1 + skb_shinfo(*frag_tail)->nr_frags;
3335 frag_tail = &(*frag_tail)->next;
3336 n++;
3337 }
3338
3339 if (max_subframes && n > max_subframes)
3340 goto out;
3341
3342 if (max_frags && nfrags > max_frags)
3343 goto out;
3344
3345 if (!drv_can_aggregate_in_amsdu(local, head, skb))
3346 goto out;
3347
3348 if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, head))
3349 goto out;
3350
3351 /*
3352 * Pad out the previous subframe to a multiple of 4 by adding the
3353 * padding to the next one, that's being added. Note that head->len
3354 * is the length of the full A-MSDU, but that works since each time
3355 * we add a new subframe we pad out the previous one to a multiple
3356 * of 4 and thus it no longer matters in the next round.
3357 */
3358 hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header);
3359 if ((head->len - hdrlen) & 3)
3360 pad = 4 - ((head->len - hdrlen) & 3);
3361
3362 if (!ieee80211_amsdu_realloc_pad(local, skb, sizeof(rfc1042_header) +
3363 2 + pad))
3364 goto out_recalc;
3365
3366 ret = true;
3367 data = skb_push(skb, ETH_ALEN + 2);
3368 memmove(data, data + ETH_ALEN + 2, 2 * ETH_ALEN);
3369
3370 data += 2 * ETH_ALEN;
3371 len = cpu_to_be16(subframe_len);
3372 memcpy(data, &len, 2);
3373 memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
3374
3375 memset(skb_push(skb, pad), 0, pad);
3376
3377 head->len += skb->len;
3378 head->data_len += skb->len;
3379 *frag_tail = skb;
3380
3381 out_recalc:
3382 fq->memory_usage += head->truesize - orig_truesize;
3383 if (head->len != orig_len) {
3384 flow->backlog += head->len - orig_len;
3385 tin->backlog_bytes += head->len - orig_len;
3386 }
3387 out:
3388 spin_unlock_bh(&fq->lock);
3389
3390 return ret;
3391 }
3392
3393 /*
3394 * Can be called while the sta lock is held. Anything that can cause packets to
3395 * be generated will cause deadlock!
3396 */
3397 static ieee80211_tx_result
3398 ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
3399 struct sta_info *sta, u8 pn_offs,
3400 struct ieee80211_key *key,
3401 struct ieee80211_tx_data *tx)
3402 {
3403 struct sk_buff *skb = tx->skb;
3404 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3405 struct ieee80211_hdr *hdr = (void *)skb->data;
3406 u8 tid = IEEE80211_NUM_TIDS;
3407
3408 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
3409 ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
3410 return TX_DROP;
3411
3412 if (key)
3413 info->control.hw_key = &key->conf;
3414
3415 dev_sw_netstats_tx_add(skb->dev, 1, skb->len);
3416
3417 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3418 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3419 hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
3420 } else {
3421 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
3422 hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
3423 sdata->sequence_number += 0x10;
3424 }
3425
3426 if (skb_shinfo(skb)->gso_size)
3427 sta->tx_stats.msdu[tid] +=
3428 DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
3429 else
3430 sta->tx_stats.msdu[tid]++;
3431
3432 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
3433
3434 /* statistics normally done by ieee80211_tx_h_stats (but that
3435 * has to consider fragmentation, so is more complex)
3436 */
3437 sta->tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
3438 sta->tx_stats.packets[skb_get_queue_mapping(skb)]++;
3439
3440 if (pn_offs) {
3441 u64 pn;
3442 u8 *crypto_hdr = skb->data + pn_offs;
3443
3444 switch (key->conf.cipher) {
3445 case WLAN_CIPHER_SUITE_CCMP:
3446 case WLAN_CIPHER_SUITE_CCMP_256:
3447 case WLAN_CIPHER_SUITE_GCMP:
3448 case WLAN_CIPHER_SUITE_GCMP_256:
3449 pn = atomic64_inc_return(&key->conf.tx_pn);
3450 crypto_hdr[0] = pn;
3451 crypto_hdr[1] = pn >> 8;
3452 crypto_hdr[3] = 0x20 | (key->conf.keyidx << 6);
3453 crypto_hdr[4] = pn >> 16;
3454 crypto_hdr[5] = pn >> 24;
3455 crypto_hdr[6] = pn >> 32;
3456 crypto_hdr[7] = pn >> 40;
3457 break;
3458 }
3459 }
3460
3461 return TX_CONTINUE;
3462 }
3463
3464 static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3465 struct sta_info *sta,
3466 struct ieee80211_fast_tx *fast_tx,
3467 struct sk_buff *skb)
3468 {
3469 struct ieee80211_local *local = sdata->local;
3470 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
3471 int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
3472 int hw_headroom = sdata->local->hw.extra_tx_headroom;
3473 struct ethhdr eth;
3474 struct ieee80211_tx_info *info;
3475 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3476 struct ieee80211_tx_data tx;
3477 ieee80211_tx_result r;
3478 struct tid_ampdu_tx *tid_tx = NULL;
3479 u8 tid = IEEE80211_NUM_TIDS;
3480
3481 /* control port protocol needs a lot of special handling */
3482 if (cpu_to_be16(ethertype) == sdata->control_port_protocol)
3483 return false;
3484
3485 /* only RFC 1042 SNAP */
3486 if (ethertype < ETH_P_802_3_MIN)
3487 return false;
3488
3489 /* don't handle TX status request here either */
3490 if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)
3491 return false;
3492
3493 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3494 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3495 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
3496 if (tid_tx) {
3497 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
3498 return false;
3499 if (tid_tx->timeout)
3500 tid_tx->last_tx = jiffies;
3501 }
3502 }
3503
3504 /* after this point (skb is modified) we cannot return false */
3505
3506 if (skb_shared(skb)) {
3507 struct sk_buff *tmp_skb = skb;
3508
3509 skb = skb_clone(skb, GFP_ATOMIC);
3510 kfree_skb(tmp_skb);
3511
3512 if (!skb)
3513 return true;
3514 }
3515
3516 if ((hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) &&
3517 ieee80211_amsdu_aggregate(sdata, sta, fast_tx, skb))
3518 return true;
3519
3520 /* will not be crypto-handled beyond what we do here, so use false
3521 * as the may-encrypt argument for the resize to not account for
3522 * more room than we already have in 'extra_head'
3523 */
3524 if (unlikely(ieee80211_skb_resize(sdata, skb,
3525 max_t(int, extra_head + hw_headroom -
3526 skb_headroom(skb), 0),
3527 ENCRYPT_NO))) {
3528 kfree_skb(skb);
3529 return true;
3530 }
3531
3532 memcpy(&eth, skb->data, ETH_HLEN - 2);
3533 hdr = skb_push(skb, extra_head);
3534 memcpy(skb->data, fast_tx->hdr, fast_tx->hdr_len);
3535 memcpy(skb->data + fast_tx->da_offs, eth.h_dest, ETH_ALEN);
3536 memcpy(skb->data + fast_tx->sa_offs, eth.h_source, ETH_ALEN);
3537
3538 info = IEEE80211_SKB_CB(skb);
3539 memset(info, 0, sizeof(*info));
3540 info->band = fast_tx->band;
3541 info->control.vif = &sdata->vif;
3542 info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
3543 IEEE80211_TX_CTL_DONTFRAG |
3544 (tid_tx ? IEEE80211_TX_CTL_AMPDU : 0);
3545 info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT;
3546
3547 #ifdef CONFIG_MAC80211_DEBUGFS
3548 if (local->force_tx_status)
3549 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
3550 #endif
3551
3552 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3553 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3554 *ieee80211_get_qos_ctl(hdr) = tid;
3555 }
3556
3557 __skb_queue_head_init(&tx.skbs);
3558
3559 tx.flags = IEEE80211_TX_UNICAST;
3560 tx.local = local;
3561 tx.sdata = sdata;
3562 tx.sta = sta;
3563 tx.key = fast_tx->key;
3564
3565 if (ieee80211_queue_skb(local, sdata, sta, skb))
3566 return true;
3567
3568 tx.skb = skb;
3569 r = ieee80211_xmit_fast_finish(sdata, sta, fast_tx->pn_offs,
3570 fast_tx->key, &tx);
3571 tx.skb = NULL;
3572 if (r == TX_DROP) {
3573 kfree_skb(skb);
3574 return true;
3575 }
3576
3577 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3578 sdata = container_of(sdata->bss,
3579 struct ieee80211_sub_if_data, u.ap);
3580
3581 __skb_queue_tail(&tx.skbs, skb);
3582 ieee80211_tx_frags(local, &sdata->vif, sta, &tx.skbs, false);
3583 return true;
3584 }
3585
3586 struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
3587 struct ieee80211_txq *txq)
3588 {
3589 struct ieee80211_local *local = hw_to_local(hw);
3590 struct txq_info *txqi = container_of(txq, struct txq_info, txq);
3591 struct ieee80211_hdr *hdr;
3592 struct sk_buff *skb = NULL;
3593 struct fq *fq = &local->fq;
3594 struct fq_tin *tin = &txqi->tin;
3595 struct ieee80211_tx_info *info;
3596 struct ieee80211_tx_data tx;
3597 ieee80211_tx_result r;
3598 struct ieee80211_vif *vif = txq->vif;
3599
3600 WARN_ON_ONCE(softirq_count() == 0);
3601
3602 if (!ieee80211_txq_airtime_check(hw, txq))
3603 return NULL;
3604
3605 begin:
3606 spin_lock_bh(&fq->lock);
3607
3608 if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ||
3609 test_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags))
3610 goto out;
3611
3612 if (vif->txqs_stopped[txq->ac]) {
3613 set_bit(IEEE80211_TXQ_STOP_NETIF_TX, &txqi->flags);
3614 goto out;
3615 }
3616
3617 /* Make sure fragments stay together. */
3618 skb = __skb_dequeue(&txqi->frags);
3619 if (unlikely(skb)) {
3620 if (!(IEEE80211_SKB_CB(skb)->control.flags &
3621 IEEE80211_TX_INTCFL_NEED_TXPROCESSING))
3622 goto out;
3623 IEEE80211_SKB_CB(skb)->control.flags &=
3624 ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
3625 } else {
3626 skb = fq_tin_dequeue(fq, tin, fq_tin_dequeue_func);
3627 }
3628
3629 if (!skb)
3630 goto out;
3631
3632 spin_unlock_bh(&fq->lock);
3633
3634 hdr = (struct ieee80211_hdr *)skb->data;
3635 info = IEEE80211_SKB_CB(skb);
3636
3637 memset(&tx, 0, sizeof(tx));
3638 __skb_queue_head_init(&tx.skbs);
3639 tx.local = local;
3640 tx.skb = skb;
3641 tx.sdata = vif_to_sdata(info->control.vif);
3642
3643 if (txq->sta) {
3644 tx.sta = container_of(txq->sta, struct sta_info, sta);
3645 /*
3646 * Drop unicast frames to unauthorised stations unless they are
3647 * injected frames or EAPOL frames from the local station.
3648 */
3649 if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
3650 ieee80211_is_data(hdr->frame_control) &&
3651 !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
3652 tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
3653 !is_multicast_ether_addr(hdr->addr1) &&
3654 !test_sta_flag(tx.sta, WLAN_STA_AUTHORIZED) &&
3655 (!(info->control.flags &
3656 IEEE80211_TX_CTRL_PORT_CTRL_PROTO) ||
3657 !ether_addr_equal(tx.sdata->vif.addr,
3658 hdr->addr2)))) {
3659 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
3660 ieee80211_free_txskb(&local->hw, skb);
3661 goto begin;
3662 }
3663 }
3664
3665 /*
3666 * The key can be removed while the packet was queued, so need to call
3667 * this here to get the current key.
3668 */
3669 r = ieee80211_tx_h_select_key(&tx);
3670 if (r != TX_CONTINUE) {
3671 ieee80211_free_txskb(&local->hw, skb);
3672 goto begin;
3673 }
3674
3675 if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
3676 info->flags |= IEEE80211_TX_CTL_AMPDU;
3677 else
3678 info->flags &= ~IEEE80211_TX_CTL_AMPDU;
3679
3680 if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3681 if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3682 r = ieee80211_tx_h_rate_ctrl(&tx);
3683 if (r != TX_CONTINUE) {
3684 ieee80211_free_txskb(&local->hw, skb);
3685 goto begin;
3686 }
3687 }
3688 goto encap_out;
3689 }
3690
3691 if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
3692 struct sta_info *sta = container_of(txq->sta, struct sta_info,
3693 sta);
3694 u8 pn_offs = 0;
3695
3696 if (tx.key &&
3697 (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
3698 pn_offs = ieee80211_hdrlen(hdr->frame_control);
3699
3700 r = ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
3701 tx.key, &tx);
3702 if (r != TX_CONTINUE) {
3703 ieee80211_free_txskb(&local->hw, skb);
3704 goto begin;
3705 }
3706 } else {
3707 if (invoke_tx_handlers_late(&tx))
3708 goto begin;
3709
3710 skb = __skb_dequeue(&tx.skbs);
3711
3712 if (!skb_queue_empty(&tx.skbs)) {
3713 spin_lock_bh(&fq->lock);
3714 skb_queue_splice_tail(&tx.skbs, &txqi->frags);
3715 spin_unlock_bh(&fq->lock);
3716 }
3717 }
3718
3719 if (skb_has_frag_list(skb) &&
3720 !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
3721 if (skb_linearize(skb)) {
3722 ieee80211_free_txskb(&local->hw, skb);
3723 goto begin;
3724 }
3725 }
3726
3727 switch (tx.sdata->vif.type) {
3728 case NL80211_IFTYPE_MONITOR:
3729 if (tx.sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
3730 vif = &tx.sdata->vif;
3731 break;
3732 }
3733 tx.sdata = rcu_dereference(local->monitor_sdata);
3734 if (tx.sdata) {
3735 vif = &tx.sdata->vif;
3736 info->hw_queue =
3737 vif->hw_queue[skb_get_queue_mapping(skb)];
3738 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
3739 ieee80211_free_txskb(&local->hw, skb);
3740 goto begin;
3741 } else {
3742 vif = NULL;
3743 }
3744 break;
3745 case NL80211_IFTYPE_AP_VLAN:
3746 tx.sdata = container_of(tx.sdata->bss,
3747 struct ieee80211_sub_if_data, u.ap);
3748 fallthrough;
3749 default:
3750 vif = &tx.sdata->vif;
3751 break;
3752 }
3753
3754 encap_out:
3755 IEEE80211_SKB_CB(skb)->control.vif = vif;
3756
3757 if (vif &&
3758 wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL)) {
3759 bool ampdu = txq->ac != IEEE80211_AC_VO;
3760 u32 airtime;
3761
3762 airtime = ieee80211_calc_expected_tx_airtime(hw, vif, txq->sta,
3763 skb->len, ampdu);
3764 if (airtime) {
3765 airtime = ieee80211_info_set_tx_time_est(info, airtime);
3766 ieee80211_sta_update_pending_airtime(local, tx.sta,
3767 txq->ac,
3768 airtime,
3769 false);
3770 }
3771 }
3772
3773 return skb;
3774
3775 out:
3776 spin_unlock_bh(&fq->lock);
3777
3778 return skb;
3779 }
3780 EXPORT_SYMBOL(ieee80211_tx_dequeue);
3781
3782 struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
3783 {
3784 struct ieee80211_local *local = hw_to_local(hw);
3785 struct airtime_sched_info *air_sched;
3786 u64 now = ktime_get_boottime_ns();
3787 struct ieee80211_txq *ret = NULL;
3788 struct airtime_info *air_info;
3789 struct txq_info *txqi = NULL;
3790 struct rb_node *node;
3791 bool first = false;
3792
3793 air_sched = &local->airtime[ac];
3794 spin_lock_bh(&air_sched->lock);
3795
3796 node = air_sched->schedule_pos;
3797
3798 begin:
3799 if (!node) {
3800 node = rb_first_cached(&air_sched->active_txqs);
3801 first = true;
3802 } else {
3803 node = rb_next(node);
3804 }
3805
3806 if (!node)
3807 goto out;
3808
3809 txqi = container_of(node, struct txq_info, schedule_order);
3810 air_info = to_airtime_info(&txqi->txq);
3811
3812 if (air_info->v_t > air_sched->v_t &&
3813 (!first || !airtime_catchup_v_t(air_sched, air_info->v_t, now)))
3814 goto out;
3815
3816 if (!ieee80211_txq_airtime_check(hw, &txqi->txq)) {
3817 first = false;
3818 goto begin;
3819 }
3820
3821 air_sched->schedule_pos = node;
3822 air_sched->last_schedule_activity = now;
3823 ret = &txqi->txq;
3824 out:
3825 spin_unlock_bh(&air_sched->lock);
3826 return ret;
3827 }
3828 EXPORT_SYMBOL(ieee80211_next_txq);
3829
3830 static void __ieee80211_insert_txq(struct rb_root_cached *root,
3831 struct txq_info *txqi)
3832 {
3833 struct rb_node **new = &root->rb_root.rb_node;
3834 struct airtime_info *old_air, *new_air;
3835 struct rb_node *parent = NULL;
3836 struct txq_info *__txqi;
3837 bool leftmost = true;
3838
3839 while (*new) {
3840 parent = *new;
3841 __txqi = rb_entry(parent, struct txq_info, schedule_order);
3842 old_air = to_airtime_info(&__txqi->txq);
3843 new_air = to_airtime_info(&txqi->txq);
3844
3845 if (new_air->v_t <= old_air->v_t) {
3846 new = &parent->rb_left;
3847 } else {
3848 new = &parent->rb_right;
3849 leftmost = false;
3850 }
3851 }
3852
3853 rb_link_node(&txqi->schedule_order, parent, new);
3854 rb_insert_color_cached(&txqi->schedule_order, root, leftmost);
3855 }
3856
3857 void ieee80211_resort_txq(struct ieee80211_hw *hw,
3858 struct ieee80211_txq *txq)
3859 {
3860 struct airtime_info *air_info = to_airtime_info(txq);
3861 struct ieee80211_local *local = hw_to_local(hw);
3862 struct txq_info *txqi = to_txq_info(txq);
3863 struct airtime_sched_info *air_sched;
3864
3865 air_sched = &local->airtime[txq->ac];
3866
3867 lockdep_assert_held(&air_sched->lock);
3868
3869 if (!RB_EMPTY_NODE(&txqi->schedule_order)) {
3870 struct airtime_info *a_prev = NULL, *a_next = NULL;
3871 struct txq_info *t_prev, *t_next;
3872 struct rb_node *n_prev, *n_next;
3873
3874 /* Erasing a node can cause an expensive rebalancing operation,
3875 * so we check the previous and next nodes first and only remove
3876 * and re-insert if the current node is not already in the
3877 * correct position.
3878 */
3879 if ((n_prev = rb_prev(&txqi->schedule_order)) != NULL) {
3880 t_prev = container_of(n_prev, struct txq_info,
3881 schedule_order);
3882 a_prev = to_airtime_info(&t_prev->txq);
3883 }
3884
3885 if ((n_next = rb_next(&txqi->schedule_order)) != NULL) {
3886 t_next = container_of(n_next, struct txq_info,
3887 schedule_order);
3888 a_next = to_airtime_info(&t_next->txq);
3889 }
3890
3891 if ((!a_prev || a_prev->v_t <= air_info->v_t) &&
3892 (!a_next || a_next->v_t > air_info->v_t))
3893 return;
3894
3895 if (air_sched->schedule_pos == &txqi->schedule_order)
3896 air_sched->schedule_pos = n_prev;
3897
3898 rb_erase_cached(&txqi->schedule_order,
3899 &air_sched->active_txqs);
3900 RB_CLEAR_NODE(&txqi->schedule_order);
3901 __ieee80211_insert_txq(&air_sched->active_txqs, txqi);
3902 }
3903 }
3904
3905 void ieee80211_update_airtime_weight(struct ieee80211_local *local,
3906 struct airtime_sched_info *air_sched,
3907 u64 now, bool force)
3908 {
3909 struct airtime_info *air_info, *tmp;
3910 u64 weight_sum = 0;
3911
3912 if (unlikely(!now))
3913 now = ktime_get_boottime_ns();
3914
3915 lockdep_assert_held(&air_sched->lock);
3916
3917 if (!force && (air_sched->last_weight_update <
3918 now - AIRTIME_ACTIVE_DURATION))
3919 return;
3920
3921 list_for_each_entry_safe(air_info, tmp,
3922 &air_sched->active_list, list) {
3923 if (airtime_is_active(air_info, now))
3924 weight_sum += air_info->weight;
3925 else
3926 list_del_init(&air_info->list);
3927 }
3928 airtime_weight_sum_set(air_sched, weight_sum);
3929 air_sched->last_weight_update = now;
3930 }
3931
3932 void ieee80211_schedule_txq(struct ieee80211_hw *hw,
3933 struct ieee80211_txq *txq)
3934 __acquires(txq_lock) __releases(txq_lock)
3935 {
3936 struct ieee80211_local *local = hw_to_local(hw);
3937 struct txq_info *txqi = to_txq_info(txq);
3938 struct airtime_sched_info *air_sched;
3939 u64 now = ktime_get_boottime_ns();
3940 struct airtime_info *air_info;
3941 u8 ac = txq->ac;
3942 bool was_active;
3943
3944 air_sched = &local->airtime[ac];
3945 air_info = to_airtime_info(txq);
3946
3947 spin_lock_bh(&air_sched->lock);
3948 was_active = airtime_is_active(air_info, now);
3949 airtime_set_active(air_sched, air_info, now);
3950
3951 if (!RB_EMPTY_NODE(&txqi->schedule_order))
3952 goto out;
3953
3954 /* If the station has been inactive for a while, catch up its v_t so it
3955 * doesn't get indefinite priority; see comment above the definition of
3956 * AIRTIME_MAX_BEHIND.
3957 */
3958 if ((!was_active && air_info->v_t < air_sched->v_t) ||
3959 air_info->v_t < air_sched->v_t - AIRTIME_MAX_BEHIND)
3960 air_info->v_t = air_sched->v_t;
3961
3962 ieee80211_update_airtime_weight(local, air_sched, now, !was_active);
3963 __ieee80211_insert_txq(&air_sched->active_txqs, txqi);
3964
3965 out:
3966 spin_unlock_bh(&air_sched->lock);
3967 }
3968 EXPORT_SYMBOL(ieee80211_schedule_txq);
3969
3970 static void __ieee80211_unschedule_txq(struct ieee80211_hw *hw,
3971 struct ieee80211_txq *txq,
3972 bool purge)
3973 {
3974 struct ieee80211_local *local = hw_to_local(hw);
3975 struct txq_info *txqi = to_txq_info(txq);
3976 struct airtime_sched_info *air_sched;
3977 struct airtime_info *air_info;
3978
3979 air_sched = &local->airtime[txq->ac];
3980 air_info = to_airtime_info(&txqi->txq);
3981
3982 lockdep_assert_held(&air_sched->lock);
3983
3984 if (purge) {
3985 list_del_init(&air_info->list);
3986 ieee80211_update_airtime_weight(local, air_sched, 0, true);
3987 }
3988
3989 if (RB_EMPTY_NODE(&txqi->schedule_order))
3990 return;
3991
3992 if (air_sched->schedule_pos == &txqi->schedule_order)
3993 air_sched->schedule_pos = rb_prev(&txqi->schedule_order);
3994
3995 if (!purge)
3996 airtime_set_active(air_sched, air_info,
3997 ktime_get_boottime_ns());
3998
3999 rb_erase_cached(&txqi->schedule_order,
4000 &air_sched->active_txqs);
4001 RB_CLEAR_NODE(&txqi->schedule_order);
4002 }
4003
4004 void ieee80211_unschedule_txq(struct ieee80211_hw *hw,
4005 struct ieee80211_txq *txq,
4006 bool purge)
4007 __acquires(txq_lock) __releases(txq_lock)
4008 {
4009 struct ieee80211_local *local = hw_to_local(hw);
4010
4011 spin_lock_bh(&local->airtime[txq->ac].lock);
4012 __ieee80211_unschedule_txq(hw, txq, purge);
4013 spin_unlock_bh(&local->airtime[txq->ac].lock);
4014 }
4015
4016 void ieee80211_return_txq(struct ieee80211_hw *hw,
4017 struct ieee80211_txq *txq, bool force)
4018 {
4019 struct ieee80211_local *local = hw_to_local(hw);
4020 struct txq_info *txqi = to_txq_info(txq);
4021
4022 spin_lock_bh(&local->airtime[txq->ac].lock);
4023
4024 if (!RB_EMPTY_NODE(&txqi->schedule_order) && !force &&
4025 !txq_has_queue(txq))
4026 __ieee80211_unschedule_txq(hw, txq, false);
4027
4028 spin_unlock_bh(&local->airtime[txq->ac].lock);
4029 }
4030 EXPORT_SYMBOL(ieee80211_return_txq);
4031
4032 DEFINE_STATIC_KEY_FALSE(aql_disable);
4033
4034 bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
4035 struct ieee80211_txq *txq)
4036 {
4037 struct airtime_info *air_info = to_airtime_info(txq);
4038 struct ieee80211_local *local = hw_to_local(hw);
4039
4040 if (!wiphy_ext_feature_isset(local->hw.wiphy, NL80211_EXT_FEATURE_AQL))
4041 return true;
4042
4043 if (static_branch_unlikely(&aql_disable))
4044 return true;
4045
4046 if (!txq->sta)
4047 return true;
4048
4049 if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
4050 return true;
4051
4052 if (atomic_read(&air_info->aql_tx_pending) < air_info->aql_limit_low)
4053 return true;
4054
4055 if (atomic_read(&local->aql_total_pending_airtime) <
4056 local->aql_threshold &&
4057 atomic_read(&air_info->aql_tx_pending) < air_info->aql_limit_high)
4058 return true;
4059
4060 return false;
4061 }
4062 EXPORT_SYMBOL(ieee80211_txq_airtime_check);
4063
4064 bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
4065 struct ieee80211_txq *txq)
4066 {
4067 struct txq_info *first_txqi = NULL, *txqi = to_txq_info(txq);
4068 struct ieee80211_local *local = hw_to_local(hw);
4069 struct airtime_sched_info *air_sched;
4070 struct airtime_info *air_info;
4071 struct rb_node *node = NULL;
4072 bool ret = false;
4073 u64 now;
4074
4075
4076 if (!ieee80211_txq_airtime_check(hw, txq))
4077 return false;
4078
4079 air_sched = &local->airtime[txq->ac];
4080 spin_lock_bh(&air_sched->lock);
4081
4082 if (RB_EMPTY_NODE(&txqi->schedule_order))
4083 goto out;
4084
4085 now = ktime_get_boottime_ns();
4086
4087 /* Like in ieee80211_next_txq(), make sure the first station in the
4088 * scheduling order is eligible for transmission to avoid starvation.
4089 */
4090 node = rb_first_cached(&air_sched->active_txqs);
4091 if (node) {
4092 first_txqi = container_of(node, struct txq_info,
4093 schedule_order);
4094 air_info = to_airtime_info(&first_txqi->txq);
4095
4096 if (air_sched->v_t < air_info->v_t)
4097 airtime_catchup_v_t(air_sched, air_info->v_t, now);
4098 }
4099
4100 air_info = to_airtime_info(&txqi->txq);
4101 if (air_info->v_t <= air_sched->v_t) {
4102 air_sched->last_schedule_activity = now;
4103 ret = true;
4104 }
4105
4106 out:
4107 spin_unlock_bh(&air_sched->lock);
4108 return ret;
4109 }
4110 EXPORT_SYMBOL(ieee80211_txq_may_transmit);
4111
4112 void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
4113 {
4114 struct ieee80211_local *local = hw_to_local(hw);
4115 struct airtime_sched_info *air_sched = &local->airtime[ac];
4116
4117 spin_lock_bh(&air_sched->lock);
4118 air_sched->schedule_pos = NULL;
4119 spin_unlock_bh(&air_sched->lock);
4120 }
4121 EXPORT_SYMBOL(ieee80211_txq_schedule_start);
4122
4123 static void
4124 ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
4125 struct sta_info *sta,
4126 struct sk_buff *skb)
4127 {
4128 struct rate_control_ref *ref = sdata->local->rate_ctrl;
4129 u16 tid;
4130
4131 if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
4132 return;
4133
4134 if (!sta || !sta->sta.ht_cap.ht_supported ||
4135 !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
4136 skb->protocol == sdata->control_port_protocol)
4137 return;
4138
4139 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
4140 if (likely(sta->ampdu_mlme.tid_tx[tid]))
4141 return;
4142
4143 ieee80211_start_tx_ba_session(&sta->sta, tid, 0);
4144 }
4145
4146 void __ieee80211_subif_start_xmit(struct sk_buff *skb,
4147 struct net_device *dev,
4148 u32 info_flags,
4149 u32 ctrl_flags,
4150 u64 *cookie)
4151 {
4152 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4153 struct ieee80211_local *local = sdata->local;
4154 struct sta_info *sta;
4155 struct sk_buff *next;
4156
4157 if (unlikely(skb->len < ETH_HLEN)) {
4158 kfree_skb(skb);
4159 return;
4160 }
4161
4162 rcu_read_lock();
4163
4164 if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
4165 goto out_free;
4166
4167 if (IS_ERR(sta))
4168 sta = NULL;
4169
4170 if (local->ops->wake_tx_queue) {
4171 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
4172 skb_set_queue_mapping(skb, queue);
4173 skb_get_hash(skb);
4174 }
4175
4176 ieee80211_aggr_check(sdata, sta, skb);
4177
4178 if (sta) {
4179 struct ieee80211_fast_tx *fast_tx;
4180
4181 sk_pacing_shift_update(skb->sk, sdata->local->hw.tx_sk_pacing_shift);
4182
4183 fast_tx = rcu_dereference(sta->fast_tx);
4184
4185 if (fast_tx &&
4186 ieee80211_xmit_fast(sdata, sta, fast_tx, skb))
4187 goto out;
4188 }
4189
4190 if (skb_is_gso(skb)) {
4191 struct sk_buff *segs;
4192
4193 segs = skb_gso_segment(skb, 0);
4194 if (IS_ERR(segs)) {
4195 goto out_free;
4196 } else if (segs) {
4197 consume_skb(skb);
4198 skb = segs;
4199 }
4200 } else {
4201 /* we cannot process non-linear frames on this path */
4202 if (skb_linearize(skb)) {
4203 kfree_skb(skb);
4204 goto out;
4205 }
4206
4207 /* the frame could be fragmented, software-encrypted, and other
4208 * things so we cannot really handle checksum offload with it -
4209 * fix it up in software before we handle anything else.
4210 */
4211 if (skb->ip_summed == CHECKSUM_PARTIAL) {
4212 skb_set_transport_header(skb,
4213 skb_checksum_start_offset(skb));
4214 if (skb_checksum_help(skb))
4215 goto out_free;
4216 }
4217 }
4218
4219 skb_list_walk_safe(skb, skb, next) {
4220 skb_mark_not_on_list(skb);
4221
4222 if (skb->protocol == sdata->control_port_protocol)
4223 ctrl_flags |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
4224
4225 skb = ieee80211_build_hdr(sdata, skb, info_flags,
4226 sta, ctrl_flags, cookie);
4227 if (IS_ERR(skb)) {
4228 kfree_skb_list(next);
4229 goto out;
4230 }
4231
4232 dev_sw_netstats_tx_add(dev, 1, skb->len);
4233
4234 ieee80211_xmit(sdata, sta, skb);
4235 }
4236 goto out;
4237 out_free:
4238 kfree_skb(skb);
4239 out:
4240 rcu_read_unlock();
4241 }
4242
4243 static int ieee80211_change_da(struct sk_buff *skb, struct sta_info *sta)
4244 {
4245 struct ethhdr *eth;
4246 int err;
4247
4248 err = skb_ensure_writable(skb, ETH_HLEN);
4249 if (unlikely(err))
4250 return err;
4251
4252 eth = (void *)skb->data;
4253 ether_addr_copy(eth->h_dest, sta->sta.addr);
4254
4255 return 0;
4256 }
4257
4258 static bool ieee80211_multicast_to_unicast(struct sk_buff *skb,
4259 struct net_device *dev)
4260 {
4261 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4262 const struct ethhdr *eth = (void *)skb->data;
4263 const struct vlan_ethhdr *ethvlan = (void *)skb->data;
4264 __be16 ethertype;
4265
4266 if (likely(!is_multicast_ether_addr(eth->h_dest)))
4267 return false;
4268
4269 switch (sdata->vif.type) {
4270 case NL80211_IFTYPE_AP_VLAN:
4271 if (sdata->u.vlan.sta)
4272 return false;
4273 if (sdata->wdev.use_4addr)
4274 return false;
4275 fallthrough;
4276 case NL80211_IFTYPE_AP:
4277 /* check runtime toggle for this bss */
4278 if (!sdata->bss->multicast_to_unicast)
4279 return false;
4280 break;
4281 default:
4282 return false;
4283 }
4284
4285 /* multicast to unicast conversion only for some payload */
4286 ethertype = eth->h_proto;
4287 if (ethertype == htons(ETH_P_8021Q) && skb->len >= VLAN_ETH_HLEN)
4288 ethertype = ethvlan->h_vlan_encapsulated_proto;
4289 switch (ethertype) {
4290 case htons(ETH_P_ARP):
4291 case htons(ETH_P_IP):
4292 case htons(ETH_P_IPV6):
4293 break;
4294 default:
4295 return false;
4296 }
4297
4298 return true;
4299 }
4300
4301 static void
4302 ieee80211_convert_to_unicast(struct sk_buff *skb, struct net_device *dev,
4303 struct sk_buff_head *queue)
4304 {
4305 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4306 struct ieee80211_local *local = sdata->local;
4307 const struct ethhdr *eth = (struct ethhdr *)skb->data;
4308 struct sta_info *sta, *first = NULL;
4309 struct sk_buff *cloned_skb;
4310
4311 rcu_read_lock();
4312
4313 list_for_each_entry_rcu(sta, &local->sta_list, list) {
4314 if (sdata != sta->sdata)
4315 /* AP-VLAN mismatch */
4316 continue;
4317 if (unlikely(ether_addr_equal(eth->h_source, sta->sta.addr)))
4318 /* do not send back to source */
4319 continue;
4320 if (!first) {
4321 first = sta;
4322 continue;
4323 }
4324 cloned_skb = skb_clone(skb, GFP_ATOMIC);
4325 if (!cloned_skb)
4326 goto multicast;
4327 if (unlikely(ieee80211_change_da(cloned_skb, sta))) {
4328 dev_kfree_skb(cloned_skb);
4329 goto multicast;
4330 }
4331 __skb_queue_tail(queue, cloned_skb);
4332 }
4333
4334 if (likely(first)) {
4335 if (unlikely(ieee80211_change_da(skb, first)))
4336 goto multicast;
4337 __skb_queue_tail(queue, skb);
4338 } else {
4339 /* no STA connected, drop */
4340 kfree_skb(skb);
4341 skb = NULL;
4342 }
4343
4344 goto out;
4345 multicast:
4346 __skb_queue_purge(queue);
4347 __skb_queue_tail(queue, skb);
4348 out:
4349 rcu_read_unlock();
4350 }
4351
4352 /**
4353 * ieee80211_subif_start_xmit - netif start_xmit function for 802.3 vifs
4354 * @skb: packet to be sent
4355 * @dev: incoming interface
4356 *
4357 * On failure skb will be freed.
4358 */
4359 netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
4360 struct net_device *dev)
4361 {
4362 if (unlikely(ieee80211_multicast_to_unicast(skb, dev))) {
4363 struct sk_buff_head queue;
4364
4365 __skb_queue_head_init(&queue);
4366 ieee80211_convert_to_unicast(skb, dev, &queue);
4367 while ((skb = __skb_dequeue(&queue)))
4368 __ieee80211_subif_start_xmit(skb, dev, 0, 0, NULL);
4369 } else {
4370 __ieee80211_subif_start_xmit(skb, dev, 0, 0, NULL);
4371 }
4372
4373 return NETDEV_TX_OK;
4374 }
4375
4376 static bool ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4377 struct sk_buff *skb, int led_len,
4378 struct sta_info *sta,
4379 bool txpending)
4380 {
4381 struct ieee80211_local *local = sdata->local;
4382 struct ieee80211_tx_control control = {};
4383 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4384 struct ieee80211_sta *pubsta = NULL;
4385 unsigned long flags;
4386 int q = info->hw_queue;
4387
4388 if (sta)
4389 sk_pacing_shift_update(skb->sk, local->hw.tx_sk_pacing_shift);
4390
4391 if (ieee80211_queue_skb(local, sdata, sta, skb))
4392 return true;
4393
4394 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4395
4396 if (local->queue_stop_reasons[q] ||
4397 (!txpending && !skb_queue_empty(&local->pending[q]))) {
4398 if (txpending)
4399 skb_queue_head(&local->pending[q], skb);
4400 else
4401 skb_queue_tail(&local->pending[q], skb);
4402
4403 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4404
4405 return false;
4406 }
4407
4408 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4409
4410 if (sta && sta->uploaded)
4411 pubsta = &sta->sta;
4412
4413 control.sta = pubsta;
4414
4415 drv_tx(local, &control, skb);
4416
4417 return true;
4418 }
4419
4420 static void ieee80211_8023_xmit(struct ieee80211_sub_if_data *sdata,
4421 struct net_device *dev, struct sta_info *sta,
4422 struct ieee80211_key *key, struct sk_buff *skb)
4423 {
4424 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4425 struct ieee80211_local *local = sdata->local;
4426 struct tid_ampdu_tx *tid_tx;
4427 u8 tid;
4428
4429 if (local->ops->wake_tx_queue) {
4430 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
4431 skb_set_queue_mapping(skb, queue);
4432 skb_get_hash(skb);
4433 }
4434
4435 if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
4436 test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
4437 goto out_free;
4438
4439 memset(info, 0, sizeof(*info));
4440
4441 ieee80211_aggr_check(sdata, sta, skb);
4442
4443 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
4444 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
4445 if (tid_tx) {
4446 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
4447 /* fall back to non-offload slow path */
4448 __ieee80211_subif_start_xmit(skb, dev, 0, 0, NULL);
4449 return;
4450 }
4451
4452 info->flags |= IEEE80211_TX_CTL_AMPDU;
4453 if (tid_tx->timeout)
4454 tid_tx->last_tx = jiffies;
4455 }
4456
4457 if (unlikely(skb->sk &&
4458 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS))
4459 info->ack_frame_id = ieee80211_store_ack_skb(local, skb,
4460 &info->flags, NULL);
4461
4462 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
4463
4464 dev_sw_netstats_tx_add(dev, 1, skb->len);
4465
4466 sta->tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
4467 sta->tx_stats.packets[skb_get_queue_mapping(skb)]++;
4468
4469 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
4470 sdata = container_of(sdata->bss,
4471 struct ieee80211_sub_if_data, u.ap);
4472
4473 info->flags |= IEEE80211_TX_CTL_HW_80211_ENCAP;
4474 info->control.vif = &sdata->vif;
4475
4476 if (key)
4477 info->control.hw_key = &key->conf;
4478
4479 ieee80211_tx_8023(sdata, skb, skb->len, sta, false);
4480
4481 return;
4482
4483 out_free:
4484 kfree_skb(skb);
4485 }
4486
4487 netdev_tx_t ieee80211_subif_start_xmit_8023(struct sk_buff *skb,
4488 struct net_device *dev)
4489 {
4490 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4491 struct ethhdr *ehdr = (struct ethhdr *)skb->data;
4492 struct ieee80211_key *key;
4493 struct sta_info *sta;
4494
4495 if (unlikely(skb->len < ETH_HLEN)) {
4496 kfree_skb(skb);
4497 return NETDEV_TX_OK;
4498 }
4499
4500 rcu_read_lock();
4501
4502 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4503 kfree_skb(skb);
4504 goto out;
4505 }
4506
4507 if (unlikely(IS_ERR_OR_NULL(sta) || !sta->uploaded ||
4508 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
4509 sdata->control_port_protocol == ehdr->h_proto))
4510 goto skip_offload;
4511
4512 key = rcu_dereference(sta->ptk[sta->ptk_idx]);
4513 if (!key)
4514 key = rcu_dereference(sdata->default_unicast_key);
4515
4516 if (key && (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) ||
4517 key->conf.cipher == WLAN_CIPHER_SUITE_TKIP))
4518 goto skip_offload;
4519
4520 ieee80211_8023_xmit(sdata, dev, sta, key, skb);
4521 goto out;
4522
4523 skip_offload:
4524 ieee80211_subif_start_xmit(skb, dev);
4525 out:
4526 rcu_read_unlock();
4527
4528 return NETDEV_TX_OK;
4529 }
4530
4531 struct sk_buff *
4532 ieee80211_build_data_template(struct ieee80211_sub_if_data *sdata,
4533 struct sk_buff *skb, u32 info_flags)
4534 {
4535 struct ieee80211_hdr *hdr;
4536 struct ieee80211_tx_data tx = {
4537 .local = sdata->local,
4538 .sdata = sdata,
4539 };
4540 struct sta_info *sta;
4541
4542 rcu_read_lock();
4543
4544 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4545 kfree_skb(skb);
4546 skb = ERR_PTR(-EINVAL);
4547 goto out;
4548 }
4549
4550 skb = ieee80211_build_hdr(sdata, skb, info_flags, sta, 0, NULL);
4551 if (IS_ERR(skb))
4552 goto out;
4553
4554 hdr = (void *)skb->data;
4555 tx.sta = sta_info_get(sdata, hdr->addr1);
4556 tx.skb = skb;
4557
4558 if (ieee80211_tx_h_select_key(&tx) != TX_CONTINUE) {
4559 rcu_read_unlock();
4560 kfree_skb(skb);
4561 return ERR_PTR(-EINVAL);
4562 }
4563
4564 out:
4565 rcu_read_unlock();
4566 return skb;
4567 }
4568
4569 /*
4570 * ieee80211_clear_tx_pending may not be called in a context where
4571 * it is possible that it packets could come in again.
4572 */
4573 void ieee80211_clear_tx_pending(struct ieee80211_local *local)
4574 {
4575 struct sk_buff *skb;
4576 int i;
4577
4578 for (i = 0; i < local->hw.queues; i++) {
4579 while ((skb = skb_dequeue(&local->pending[i])) != NULL)
4580 ieee80211_free_txskb(&local->hw, skb);
4581 }
4582 }
4583
4584 /*
4585 * Returns false if the frame couldn't be transmitted but was queued instead,
4586 * which in this case means re-queued -- take as an indication to stop sending
4587 * more pending frames.
4588 */
4589 static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
4590 struct sk_buff *skb)
4591 {
4592 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4593 struct ieee80211_sub_if_data *sdata;
4594 struct sta_info *sta;
4595 struct ieee80211_hdr *hdr;
4596 bool result;
4597 struct ieee80211_chanctx_conf *chanctx_conf;
4598
4599 sdata = vif_to_sdata(info->control.vif);
4600
4601 if (info->control.flags & IEEE80211_TX_INTCFL_NEED_TXPROCESSING) {
4602 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
4603 if (unlikely(!chanctx_conf)) {
4604 dev_kfree_skb(skb);
4605 return true;
4606 }
4607 info->band = chanctx_conf->def.chan->band;
4608 result = ieee80211_tx(sdata, NULL, skb, true);
4609 } else if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
4610 if (ieee80211_lookup_ra_sta(sdata, skb, &sta)) {
4611 dev_kfree_skb(skb);
4612 return true;
4613 }
4614
4615 if (IS_ERR(sta) || (sta && !sta->uploaded))
4616 sta = NULL;
4617
4618 result = ieee80211_tx_8023(sdata, skb, skb->len, sta, true);
4619 } else {
4620 struct sk_buff_head skbs;
4621
4622 __skb_queue_head_init(&skbs);
4623 __skb_queue_tail(&skbs, skb);
4624
4625 hdr = (struct ieee80211_hdr *)skb->data;
4626 sta = sta_info_get(sdata, hdr->addr1);
4627
4628 result = __ieee80211_tx(local, &skbs, skb->len, sta, true);
4629 }
4630
4631 return result;
4632 }
4633
4634 /*
4635 * Transmit all pending packets. Called from tasklet.
4636 */
4637 void ieee80211_tx_pending(struct tasklet_struct *t)
4638 {
4639 struct ieee80211_local *local = from_tasklet(local, t,
4640 tx_pending_tasklet);
4641 unsigned long flags;
4642 int i;
4643 bool txok;
4644
4645 rcu_read_lock();
4646
4647 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4648 for (i = 0; i < local->hw.queues; i++) {
4649 /*
4650 * If queue is stopped by something other than due to pending
4651 * frames, or we have no pending frames, proceed to next queue.
4652 */
4653 if (local->queue_stop_reasons[i] ||
4654 skb_queue_empty(&local->pending[i]))
4655 continue;
4656
4657 while (!skb_queue_empty(&local->pending[i])) {
4658 struct sk_buff *skb = __skb_dequeue(&local->pending[i]);
4659 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4660
4661 if (WARN_ON(!info->control.vif)) {
4662 ieee80211_free_txskb(&local->hw, skb);
4663 continue;
4664 }
4665
4666 spin_unlock_irqrestore(&local->queue_stop_reason_lock,
4667 flags);
4668
4669 txok = ieee80211_tx_pending_skb(local, skb);
4670 spin_lock_irqsave(&local->queue_stop_reason_lock,
4671 flags);
4672 if (!txok)
4673 break;
4674 }
4675
4676 if (skb_queue_empty(&local->pending[i]))
4677 ieee80211_propagate_queue_wake(local, i);
4678 }
4679 spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
4680
4681 rcu_read_unlock();
4682 }
4683
4684 /* functions for drivers to get certain frames */
4685
4686 static void __ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4687 struct ps_data *ps, struct sk_buff *skb,
4688 bool is_template)
4689 {
4690 u8 *pos, *tim;
4691 int aid0 = 0;
4692 int i, have_bits = 0, n1, n2;
4693
4694 /* Generate bitmap for TIM only if there are any STAs in power save
4695 * mode. */
4696 if (atomic_read(&ps->num_sta_ps) > 0)
4697 /* in the hope that this is faster than
4698 * checking byte-for-byte */
4699 have_bits = !bitmap_empty((unsigned long *)ps->tim,
4700 IEEE80211_MAX_AID+1);
4701 if (!is_template) {
4702 if (ps->dtim_count == 0)
4703 ps->dtim_count = sdata->vif.bss_conf.dtim_period - 1;
4704 else
4705 ps->dtim_count--;
4706 }
4707
4708 tim = pos = skb_put(skb, 6);
4709 *pos++ = WLAN_EID_TIM;
4710 *pos++ = 4;
4711 *pos++ = ps->dtim_count;
4712 *pos++ = sdata->vif.bss_conf.dtim_period;
4713
4714 if (ps->dtim_count == 0 && !skb_queue_empty(&ps->bc_buf))
4715 aid0 = 1;
4716
4717 ps->dtim_bc_mc = aid0 == 1;
4718
4719 if (have_bits) {
4720 /* Find largest even number N1 so that bits numbered 1 through
4721 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
4722 * (N2 + 1) x 8 through 2007 are 0. */
4723 n1 = 0;
4724 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
4725 if (ps->tim[i]) {
4726 n1 = i & 0xfe;
4727 break;
4728 }
4729 }
4730 n2 = n1;
4731 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
4732 if (ps->tim[i]) {
4733 n2 = i;
4734 break;
4735 }
4736 }
4737
4738 /* Bitmap control */
4739 *pos++ = n1 | aid0;
4740 /* Part Virt Bitmap */
4741 skb_put(skb, n2 - n1);
4742 memcpy(pos, ps->tim + n1, n2 - n1 + 1);
4743
4744 tim[1] = n2 - n1 + 4;
4745 } else {
4746 *pos++ = aid0; /* Bitmap control */
4747 *pos++ = 0; /* Part Virt Bitmap */
4748 }
4749 }
4750
4751 static int ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4752 struct ps_data *ps, struct sk_buff *skb,
4753 bool is_template)
4754 {
4755 struct ieee80211_local *local = sdata->local;
4756
4757 /*
4758 * Not very nice, but we want to allow the driver to call
4759 * ieee80211_beacon_get() as a response to the set_tim()
4760 * callback. That, however, is already invoked under the
4761 * sta_lock to guarantee consistent and race-free update
4762 * of the tim bitmap in mac80211 and the driver.
4763 */
4764 if (local->tim_in_locked_section) {
4765 __ieee80211_beacon_add_tim(sdata, ps, skb, is_template);
4766 } else {
4767 spin_lock_bh(&local->tim_lock);
4768 __ieee80211_beacon_add_tim(sdata, ps, skb, is_template);
4769 spin_unlock_bh(&local->tim_lock);
4770 }
4771
4772 return 0;
4773 }
4774
4775 static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
4776 struct beacon_data *beacon)
4777 {
4778 struct probe_resp *resp;
4779 u8 *beacon_data;
4780 size_t beacon_data_len;
4781 int i;
4782 u8 count = beacon->cntdwn_current_counter;
4783
4784 switch (sdata->vif.type) {
4785 case NL80211_IFTYPE_AP:
4786 beacon_data = beacon->tail;
4787 beacon_data_len = beacon->tail_len;
4788 break;
4789 case NL80211_IFTYPE_ADHOC:
4790 beacon_data = beacon->head;
4791 beacon_data_len = beacon->head_len;
4792 break;
4793 case NL80211_IFTYPE_MESH_POINT:
4794 beacon_data = beacon->head;
4795 beacon_data_len = beacon->head_len;
4796 break;
4797 default:
4798 return;
4799 }
4800
4801 rcu_read_lock();
4802 for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; ++i) {
4803 resp = rcu_dereference(sdata->u.ap.probe_resp);
4804
4805 if (beacon->cntdwn_counter_offsets[i]) {
4806 if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[i] >=
4807 beacon_data_len)) {
4808 rcu_read_unlock();
4809 return;
4810 }
4811
4812 beacon_data[beacon->cntdwn_counter_offsets[i]] = count;
4813 }
4814
4815 if (sdata->vif.type == NL80211_IFTYPE_AP && resp)
4816 resp->data[resp->cntdwn_counter_offsets[i]] = count;
4817 }
4818 rcu_read_unlock();
4819 }
4820
4821 static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
4822 {
4823 beacon->cntdwn_current_counter--;
4824
4825 /* the counter should never reach 0 */
4826 WARN_ON_ONCE(!beacon->cntdwn_current_counter);
4827
4828 return beacon->cntdwn_current_counter;
4829 }
4830
4831 u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif)
4832 {
4833 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4834 struct beacon_data *beacon = NULL;
4835 u8 count = 0;
4836
4837 rcu_read_lock();
4838
4839 if (sdata->vif.type == NL80211_IFTYPE_AP)
4840 beacon = rcu_dereference(sdata->u.ap.beacon);
4841 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
4842 beacon = rcu_dereference(sdata->u.ibss.presp);
4843 else if (ieee80211_vif_is_mesh(&sdata->vif))
4844 beacon = rcu_dereference(sdata->u.mesh.beacon);
4845
4846 if (!beacon)
4847 goto unlock;
4848
4849 count = __ieee80211_beacon_update_cntdwn(beacon);
4850
4851 unlock:
4852 rcu_read_unlock();
4853 return count;
4854 }
4855 EXPORT_SYMBOL(ieee80211_beacon_update_cntdwn);
4856
4857 void ieee80211_beacon_set_cntdwn(struct ieee80211_vif *vif, u8 counter)
4858 {
4859 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4860 struct beacon_data *beacon = NULL;
4861
4862 rcu_read_lock();
4863
4864 if (sdata->vif.type == NL80211_IFTYPE_AP)
4865 beacon = rcu_dereference(sdata->u.ap.beacon);
4866 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
4867 beacon = rcu_dereference(sdata->u.ibss.presp);
4868 else if (ieee80211_vif_is_mesh(&sdata->vif))
4869 beacon = rcu_dereference(sdata->u.mesh.beacon);
4870
4871 if (!beacon)
4872 goto unlock;
4873
4874 if (counter < beacon->cntdwn_current_counter)
4875 beacon->cntdwn_current_counter = counter;
4876
4877 unlock:
4878 rcu_read_unlock();
4879 }
4880 EXPORT_SYMBOL(ieee80211_beacon_set_cntdwn);
4881
4882 bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif)
4883 {
4884 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
4885 struct beacon_data *beacon = NULL;
4886 u8 *beacon_data;
4887 size_t beacon_data_len;
4888 int ret = false;
4889
4890 if (!ieee80211_sdata_running(sdata))
4891 return false;
4892
4893 rcu_read_lock();
4894 if (vif->type == NL80211_IFTYPE_AP) {
4895 struct ieee80211_if_ap *ap = &sdata->u.ap;
4896
4897 beacon = rcu_dereference(ap->beacon);
4898 if (WARN_ON(!beacon || !beacon->tail))
4899 goto out;
4900 beacon_data = beacon->tail;
4901 beacon_data_len = beacon->tail_len;
4902 } else if (vif->type == NL80211_IFTYPE_ADHOC) {
4903 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
4904
4905 beacon = rcu_dereference(ifibss->presp);
4906 if (!beacon)
4907 goto out;
4908
4909 beacon_data = beacon->head;
4910 beacon_data_len = beacon->head_len;
4911 } else if (vif->type == NL80211_IFTYPE_MESH_POINT) {
4912 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
4913
4914 beacon = rcu_dereference(ifmsh->beacon);
4915 if (!beacon)
4916 goto out;
4917
4918 beacon_data = beacon->head;
4919 beacon_data_len = beacon->head_len;
4920 } else {
4921 WARN_ON(1);
4922 goto out;
4923 }
4924
4925 if (!beacon->cntdwn_counter_offsets[0])
4926 goto out;
4927
4928 if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[0] > beacon_data_len))
4929 goto out;
4930
4931 if (beacon_data[beacon->cntdwn_counter_offsets[0]] == 1)
4932 ret = true;
4933
4934 out:
4935 rcu_read_unlock();
4936
4937 return ret;
4938 }
4939 EXPORT_SYMBOL(ieee80211_beacon_cntdwn_is_complete);
4940
4941 static int ieee80211_beacon_protect(struct sk_buff *skb,
4942 struct ieee80211_local *local,
4943 struct ieee80211_sub_if_data *sdata)
4944 {
4945 ieee80211_tx_result res;
4946 struct ieee80211_tx_data tx;
4947 struct sk_buff *check_skb;
4948
4949 memset(&tx, 0, sizeof(tx));
4950 tx.key = rcu_dereference(sdata->default_beacon_key);
4951 if (!tx.key)
4952 return 0;
4953 tx.local = local;
4954 tx.sdata = sdata;
4955 __skb_queue_head_init(&tx.skbs);
4956 __skb_queue_tail(&tx.skbs, skb);
4957 res = ieee80211_tx_h_encrypt(&tx);
4958 check_skb = __skb_dequeue(&tx.skbs);
4959 /* we may crash after this, but it'd be a bug in crypto */
4960 WARN_ON(check_skb != skb);
4961 if (WARN_ON_ONCE(res != TX_CONTINUE))
4962 return -EINVAL;
4963
4964 return 0;
4965 }
4966
4967 static struct sk_buff *
4968 __ieee80211_beacon_get(struct ieee80211_hw *hw,
4969 struct ieee80211_vif *vif,
4970 struct ieee80211_mutable_offsets *offs,
4971 bool is_template)
4972 {
4973 struct ieee80211_local *local = hw_to_local(hw);
4974 struct beacon_data *beacon = NULL;
4975 struct sk_buff *skb = NULL;
4976 struct ieee80211_tx_info *info;
4977 struct ieee80211_sub_if_data *sdata = NULL;
4978 enum nl80211_band band;
4979 struct ieee80211_tx_rate_control txrc;
4980 struct ieee80211_chanctx_conf *chanctx_conf;
4981 int csa_off_base = 0;
4982
4983 rcu_read_lock();
4984
4985 sdata = vif_to_sdata(vif);
4986 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
4987
4988 if (!ieee80211_sdata_running(sdata) || !chanctx_conf)
4989 goto out;
4990
4991 if (offs)
4992 memset(offs, 0, sizeof(*offs));
4993
4994 if (sdata->vif.type == NL80211_IFTYPE_AP) {
4995 struct ieee80211_if_ap *ap = &sdata->u.ap;
4996
4997 beacon = rcu_dereference(ap->beacon);
4998 if (beacon) {
4999 if (beacon->cntdwn_counter_offsets[0]) {
5000 if (!is_template)
5001 ieee80211_beacon_update_cntdwn(vif);
5002
5003 ieee80211_set_beacon_cntdwn(sdata, beacon);
5004 }
5005
5006 /*
5007 * headroom, head length,
5008 * tail length and maximum TIM length
5009 */
5010 skb = dev_alloc_skb(local->tx_headroom +
5011 beacon->head_len +
5012 beacon->tail_len + 256 +
5013 local->hw.extra_beacon_tailroom);
5014 if (!skb)
5015 goto out;
5016
5017 skb_reserve(skb, local->tx_headroom);
5018 skb_put_data(skb, beacon->head, beacon->head_len);
5019
5020 ieee80211_beacon_add_tim(sdata, &ap->ps, skb,
5021 is_template);
5022
5023 if (offs) {
5024 offs->tim_offset = beacon->head_len;
5025 offs->tim_length = skb->len - beacon->head_len;
5026
5027 /* for AP the csa offsets are from tail */
5028 csa_off_base = skb->len;
5029 }
5030
5031 if (beacon->tail)
5032 skb_put_data(skb, beacon->tail,
5033 beacon->tail_len);
5034
5035 if (ieee80211_beacon_protect(skb, local, sdata) < 0)
5036 goto out;
5037 } else
5038 goto out;
5039 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
5040 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5041 struct ieee80211_hdr *hdr;
5042
5043 beacon = rcu_dereference(ifibss->presp);
5044 if (!beacon)
5045 goto out;
5046
5047 if (beacon->cntdwn_counter_offsets[0]) {
5048 if (!is_template)
5049 __ieee80211_beacon_update_cntdwn(beacon);
5050
5051 ieee80211_set_beacon_cntdwn(sdata, beacon);
5052 }
5053
5054 skb = dev_alloc_skb(local->tx_headroom + beacon->head_len +
5055 local->hw.extra_beacon_tailroom);
5056 if (!skb)
5057 goto out;
5058 skb_reserve(skb, local->tx_headroom);
5059 skb_put_data(skb, beacon->head, beacon->head_len);
5060
5061 hdr = (struct ieee80211_hdr *) skb->data;
5062 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5063 IEEE80211_STYPE_BEACON);
5064 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5065 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5066
5067 beacon = rcu_dereference(ifmsh->beacon);
5068 if (!beacon)
5069 goto out;
5070
5071 if (beacon->cntdwn_counter_offsets[0]) {
5072 if (!is_template)
5073 /* TODO: For mesh csa_counter is in TU, so
5074 * decrementing it by one isn't correct, but
5075 * for now we leave it consistent with overall
5076 * mac80211's behavior.
5077 */
5078 __ieee80211_beacon_update_cntdwn(beacon);
5079
5080 ieee80211_set_beacon_cntdwn(sdata, beacon);
5081 }
5082
5083 if (ifmsh->sync_ops)
5084 ifmsh->sync_ops->adjust_tsf(sdata, beacon);
5085
5086 skb = dev_alloc_skb(local->tx_headroom +
5087 beacon->head_len +
5088 256 + /* TIM IE */
5089 beacon->tail_len +
5090 local->hw.extra_beacon_tailroom);
5091 if (!skb)
5092 goto out;
5093 skb_reserve(skb, local->tx_headroom);
5094 skb_put_data(skb, beacon->head, beacon->head_len);
5095 ieee80211_beacon_add_tim(sdata, &ifmsh->ps, skb, is_template);
5096
5097 if (offs) {
5098 offs->tim_offset = beacon->head_len;
5099 offs->tim_length = skb->len - beacon->head_len;
5100 }
5101
5102 skb_put_data(skb, beacon->tail, beacon->tail_len);
5103 } else {
5104 WARN_ON(1);
5105 goto out;
5106 }
5107
5108 /* CSA offsets */
5109 if (offs && beacon) {
5110 int i;
5111
5112 for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; i++) {
5113 u16 csa_off = beacon->cntdwn_counter_offsets[i];
5114
5115 if (!csa_off)
5116 continue;
5117
5118 offs->cntdwn_counter_offs[i] = csa_off_base + csa_off;
5119 }
5120 }
5121
5122 band = chanctx_conf->def.chan->band;
5123
5124 info = IEEE80211_SKB_CB(skb);
5125
5126 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5127 info->flags |= IEEE80211_TX_CTL_NO_ACK;
5128 info->band = band;
5129
5130 memset(&txrc, 0, sizeof(txrc));
5131 txrc.hw = hw;
5132 txrc.sband = local->hw.wiphy->bands[band];
5133 txrc.bss_conf = &sdata->vif.bss_conf;
5134 txrc.skb = skb;
5135 txrc.reported_rate.idx = -1;
5136 if (sdata->beacon_rate_set && sdata->beacon_rateidx_mask[band])
5137 txrc.rate_idx_mask = sdata->beacon_rateidx_mask[band];
5138 else
5139 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
5140 txrc.bss = true;
5141 rate_control_get_rate(sdata, NULL, &txrc);
5142
5143 info->control.vif = vif;
5144
5145 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
5146 IEEE80211_TX_CTL_ASSIGN_SEQ |
5147 IEEE80211_TX_CTL_FIRST_FRAGMENT;
5148 out:
5149 rcu_read_unlock();
5150 return skb;
5151
5152 }
5153
5154 struct sk_buff *
5155 ieee80211_beacon_get_template(struct ieee80211_hw *hw,
5156 struct ieee80211_vif *vif,
5157 struct ieee80211_mutable_offsets *offs)
5158 {
5159 return __ieee80211_beacon_get(hw, vif, offs, true);
5160 }
5161 EXPORT_SYMBOL(ieee80211_beacon_get_template);
5162
5163 struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
5164 struct ieee80211_vif *vif,
5165 u16 *tim_offset, u16 *tim_length)
5166 {
5167 struct ieee80211_mutable_offsets offs = {};
5168 struct sk_buff *bcn = __ieee80211_beacon_get(hw, vif, &offs, false);
5169 struct sk_buff *copy;
5170 struct ieee80211_supported_band *sband;
5171 int shift;
5172
5173 if (!bcn)
5174 return bcn;
5175
5176 if (tim_offset)
5177 *tim_offset = offs.tim_offset;
5178
5179 if (tim_length)
5180 *tim_length = offs.tim_length;
5181
5182 if (ieee80211_hw_check(hw, BEACON_TX_STATUS) ||
5183 !hw_to_local(hw)->monitors)
5184 return bcn;
5185
5186 /* send a copy to monitor interfaces */
5187 copy = skb_copy(bcn, GFP_ATOMIC);
5188 if (!copy)
5189 return bcn;
5190
5191 shift = ieee80211_vif_get_shift(vif);
5192 sband = ieee80211_get_sband(vif_to_sdata(vif));
5193 if (!sband)
5194 return bcn;
5195
5196 ieee80211_tx_monitor(hw_to_local(hw), copy, sband, 1, shift, false,
5197 NULL);
5198
5199 return bcn;
5200 }
5201 EXPORT_SYMBOL(ieee80211_beacon_get_tim);
5202
5203 struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
5204 struct ieee80211_vif *vif)
5205 {
5206 struct ieee80211_if_ap *ap = NULL;
5207 struct sk_buff *skb = NULL;
5208 struct probe_resp *presp = NULL;
5209 struct ieee80211_hdr *hdr;
5210 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5211
5212 if (sdata->vif.type != NL80211_IFTYPE_AP)
5213 return NULL;
5214
5215 rcu_read_lock();
5216
5217 ap = &sdata->u.ap;
5218 presp = rcu_dereference(ap->probe_resp);
5219 if (!presp)
5220 goto out;
5221
5222 skb = dev_alloc_skb(presp->len);
5223 if (!skb)
5224 goto out;
5225
5226 skb_put_data(skb, presp->data, presp->len);
5227
5228 hdr = (struct ieee80211_hdr *) skb->data;
5229 memset(hdr->addr1, 0, sizeof(hdr->addr1));
5230
5231 out:
5232 rcu_read_unlock();
5233 return skb;
5234 }
5235 EXPORT_SYMBOL(ieee80211_proberesp_get);
5236
5237 struct sk_buff *ieee80211_get_fils_discovery_tmpl(struct ieee80211_hw *hw,
5238 struct ieee80211_vif *vif)
5239 {
5240 struct sk_buff *skb = NULL;
5241 struct fils_discovery_data *tmpl = NULL;
5242 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5243
5244 if (sdata->vif.type != NL80211_IFTYPE_AP)
5245 return NULL;
5246
5247 rcu_read_lock();
5248 tmpl = rcu_dereference(sdata->u.ap.fils_discovery);
5249 if (!tmpl) {
5250 rcu_read_unlock();
5251 return NULL;
5252 }
5253
5254 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5255 if (skb) {
5256 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5257 skb_put_data(skb, tmpl->data, tmpl->len);
5258 }
5259
5260 rcu_read_unlock();
5261 return skb;
5262 }
5263 EXPORT_SYMBOL(ieee80211_get_fils_discovery_tmpl);
5264
5265 struct sk_buff *
5266 ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
5267 struct ieee80211_vif *vif)
5268 {
5269 struct sk_buff *skb = NULL;
5270 struct unsol_bcast_probe_resp_data *tmpl = NULL;
5271 struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
5272
5273 if (sdata->vif.type != NL80211_IFTYPE_AP)
5274 return NULL;
5275
5276 rcu_read_lock();
5277 tmpl = rcu_dereference(sdata->u.ap.unsol_bcast_probe_resp);
5278 if (!tmpl) {
5279 rcu_read_unlock();
5280 return NULL;
5281 }
5282
5283 skb = dev_alloc_skb(sdata->local->hw.extra_tx_headroom + tmpl->len);
5284 if (skb) {
5285 skb_reserve(skb, sdata->local->hw.extra_tx_headroom);
5286 skb_put_data(skb, tmpl->data, tmpl->len);
5287 }
5288
5289 rcu_read_unlock();
5290 return skb;
5291 }
5292 EXPORT_SYMBOL(ieee80211_get_unsol_bcast_probe_resp_tmpl);
5293
5294 struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
5295 struct ieee80211_vif *vif)
5296 {
5297 struct ieee80211_sub_if_data *sdata;
5298 struct ieee80211_if_managed *ifmgd;
5299 struct ieee80211_pspoll *pspoll;
5300 struct ieee80211_local *local;
5301 struct sk_buff *skb;
5302
5303 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5304 return NULL;
5305
5306 sdata = vif_to_sdata(vif);
5307 ifmgd = &sdata->u.mgd;
5308 local = sdata->local;
5309
5310 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*pspoll));
5311 if (!skb)
5312 return NULL;
5313
5314 skb_reserve(skb, local->hw.extra_tx_headroom);
5315
5316 pspoll = skb_put_zero(skb, sizeof(*pspoll));
5317 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
5318 IEEE80211_STYPE_PSPOLL);
5319 pspoll->aid = cpu_to_le16(sdata->vif.bss_conf.aid);
5320
5321 /* aid in PS-Poll has its two MSBs each set to 1 */
5322 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
5323
5324 memcpy(pspoll->bssid, ifmgd->bssid, ETH_ALEN);
5325 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
5326
5327 return skb;
5328 }
5329 EXPORT_SYMBOL(ieee80211_pspoll_get);
5330
5331 struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
5332 struct ieee80211_vif *vif,
5333 bool qos_ok)
5334 {
5335 struct ieee80211_hdr_3addr *nullfunc;
5336 struct ieee80211_sub_if_data *sdata;
5337 struct ieee80211_if_managed *ifmgd;
5338 struct ieee80211_local *local;
5339 struct sk_buff *skb;
5340 bool qos = false;
5341
5342 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5343 return NULL;
5344
5345 sdata = vif_to_sdata(vif);
5346 ifmgd = &sdata->u.mgd;
5347 local = sdata->local;
5348
5349 if (qos_ok) {
5350 struct sta_info *sta;
5351
5352 rcu_read_lock();
5353 sta = sta_info_get(sdata, ifmgd->bssid);
5354 qos = sta && sta->sta.wme;
5355 rcu_read_unlock();
5356 }
5357
5358 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
5359 sizeof(*nullfunc) + 2);
5360 if (!skb)
5361 return NULL;
5362
5363 skb_reserve(skb, local->hw.extra_tx_headroom);
5364
5365 nullfunc = skb_put_zero(skb, sizeof(*nullfunc));
5366 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
5367 IEEE80211_STYPE_NULLFUNC |
5368 IEEE80211_FCTL_TODS);
5369 if (qos) {
5370 __le16 qoshdr = cpu_to_le16(7);
5371
5372 BUILD_BUG_ON((IEEE80211_STYPE_QOS_NULLFUNC |
5373 IEEE80211_STYPE_NULLFUNC) !=
5374 IEEE80211_STYPE_QOS_NULLFUNC);
5375 nullfunc->frame_control |=
5376 cpu_to_le16(IEEE80211_STYPE_QOS_NULLFUNC);
5377 skb->priority = 7;
5378 skb_set_queue_mapping(skb, IEEE80211_AC_VO);
5379 skb_put_data(skb, &qoshdr, sizeof(qoshdr));
5380 }
5381
5382 memcpy(nullfunc->addr1, ifmgd->bssid, ETH_ALEN);
5383 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
5384 memcpy(nullfunc->addr3, ifmgd->bssid, ETH_ALEN);
5385
5386 return skb;
5387 }
5388 EXPORT_SYMBOL(ieee80211_nullfunc_get);
5389
5390 struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
5391 const u8 *src_addr,
5392 const u8 *ssid, size_t ssid_len,
5393 size_t tailroom)
5394 {
5395 struct ieee80211_local *local = hw_to_local(hw);
5396 struct ieee80211_hdr_3addr *hdr;
5397 struct sk_buff *skb;
5398 size_t ie_ssid_len;
5399 u8 *pos;
5400
5401 ie_ssid_len = 2 + ssid_len;
5402
5403 skb = dev_alloc_skb(local->hw.extra_tx_headroom + sizeof(*hdr) +
5404 ie_ssid_len + tailroom);
5405 if (!skb)
5406 return NULL;
5407
5408 skb_reserve(skb, local->hw.extra_tx_headroom);
5409
5410 hdr = skb_put_zero(skb, sizeof(*hdr));
5411 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5412 IEEE80211_STYPE_PROBE_REQ);
5413 eth_broadcast_addr(hdr->addr1);
5414 memcpy(hdr->addr2, src_addr, ETH_ALEN);
5415 eth_broadcast_addr(hdr->addr3);
5416
5417 pos = skb_put(skb, ie_ssid_len);
5418 *pos++ = WLAN_EID_SSID;
5419 *pos++ = ssid_len;
5420 if (ssid_len)
5421 memcpy(pos, ssid, ssid_len);
5422 pos += ssid_len;
5423
5424 return skb;
5425 }
5426 EXPORT_SYMBOL(ieee80211_probereq_get);
5427
5428 void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5429 const void *frame, size_t frame_len,
5430 const struct ieee80211_tx_info *frame_txctl,
5431 struct ieee80211_rts *rts)
5432 {
5433 const struct ieee80211_hdr *hdr = frame;
5434
5435 rts->frame_control =
5436 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
5437 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
5438 frame_txctl);
5439 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
5440 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
5441 }
5442 EXPORT_SYMBOL(ieee80211_rts_get);
5443
5444 void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5445 const void *frame, size_t frame_len,
5446 const struct ieee80211_tx_info *frame_txctl,
5447 struct ieee80211_cts *cts)
5448 {
5449 const struct ieee80211_hdr *hdr = frame;
5450
5451 cts->frame_control =
5452 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
5453 cts->duration = ieee80211_ctstoself_duration(hw, vif,
5454 frame_len, frame_txctl);
5455 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
5456 }
5457 EXPORT_SYMBOL(ieee80211_ctstoself_get);
5458
5459 struct sk_buff *
5460 ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
5461 struct ieee80211_vif *vif)
5462 {
5463 struct ieee80211_local *local = hw_to_local(hw);
5464 struct sk_buff *skb = NULL;
5465 struct ieee80211_tx_data tx;
5466 struct ieee80211_sub_if_data *sdata;
5467 struct ps_data *ps;
5468 struct ieee80211_tx_info *info;
5469 struct ieee80211_chanctx_conf *chanctx_conf;
5470
5471 sdata = vif_to_sdata(vif);
5472
5473 rcu_read_lock();
5474 chanctx_conf = rcu_dereference(sdata->vif.chanctx_conf);
5475
5476 if (!chanctx_conf)
5477 goto out;
5478
5479 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5480 struct beacon_data *beacon =
5481 rcu_dereference(sdata->u.ap.beacon);
5482
5483 if (!beacon || !beacon->head)
5484 goto out;
5485
5486 ps = &sdata->u.ap.ps;
5487 } else if (ieee80211_vif_is_mesh(&sdata->vif)) {
5488 ps = &sdata->u.mesh.ps;
5489 } else {
5490 goto out;
5491 }
5492
5493 if (ps->dtim_count != 0 || !ps->dtim_bc_mc)
5494 goto out; /* send buffered bc/mc only after DTIM beacon */
5495
5496 while (1) {
5497 skb = skb_dequeue(&ps->bc_buf);
5498 if (!skb)
5499 goto out;
5500 local->total_ps_buffered--;
5501
5502 if (!skb_queue_empty(&ps->bc_buf) && skb->len >= 2) {
5503 struct ieee80211_hdr *hdr =
5504 (struct ieee80211_hdr *) skb->data;
5505 /* more buffered multicast/broadcast frames ==> set
5506 * MoreData flag in IEEE 802.11 header to inform PS
5507 * STAs */
5508 hdr->frame_control |=
5509 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
5510 }
5511
5512 if (sdata->vif.type == NL80211_IFTYPE_AP)
5513 sdata = IEEE80211_DEV_TO_SUB_IF(skb->dev);
5514 if (!ieee80211_tx_prepare(sdata, &tx, NULL, skb))
5515 break;
5516 ieee80211_free_txskb(hw, skb);
5517 }
5518
5519 info = IEEE80211_SKB_CB(skb);
5520
5521 tx.flags |= IEEE80211_TX_PS_BUFFERED;
5522 info->band = chanctx_conf->def.chan->band;
5523
5524 if (invoke_tx_handlers(&tx))
5525 skb = NULL;
5526 out:
5527 rcu_read_unlock();
5528
5529 return skb;
5530 }
5531 EXPORT_SYMBOL(ieee80211_get_buffered_bc);
5532
5533 int ieee80211_reserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5534 {
5535 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5536 struct ieee80211_sub_if_data *sdata = sta->sdata;
5537 struct ieee80211_local *local = sdata->local;
5538 int ret;
5539 u32 queues;
5540
5541 lockdep_assert_held(&local->sta_mtx);
5542
5543 /* only some cases are supported right now */
5544 switch (sdata->vif.type) {
5545 case NL80211_IFTYPE_STATION:
5546 case NL80211_IFTYPE_AP:
5547 case NL80211_IFTYPE_AP_VLAN:
5548 break;
5549 default:
5550 WARN_ON(1);
5551 return -EINVAL;
5552 }
5553
5554 if (WARN_ON(tid >= IEEE80211_NUM_UPS))
5555 return -EINVAL;
5556
5557 if (sta->reserved_tid == tid) {
5558 ret = 0;
5559 goto out;
5560 }
5561
5562 if (sta->reserved_tid != IEEE80211_TID_UNRESERVED) {
5563 sdata_err(sdata, "TID reservation already active\n");
5564 ret = -EALREADY;
5565 goto out;
5566 }
5567
5568 ieee80211_stop_vif_queues(sdata->local, sdata,
5569 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5570
5571 synchronize_net();
5572
5573 /* Tear down BA sessions so we stop aggregating on this TID */
5574 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
5575 set_sta_flag(sta, WLAN_STA_BLOCK_BA);
5576 __ieee80211_stop_tx_ba_session(sta, tid,
5577 AGG_STOP_LOCAL_REQUEST);
5578 }
5579
5580 queues = BIT(sdata->vif.hw_queue[ieee802_1d_to_ac[tid]]);
5581 __ieee80211_flush_queues(local, sdata, queues, false);
5582
5583 sta->reserved_tid = tid;
5584
5585 ieee80211_wake_vif_queues(local, sdata,
5586 IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5587
5588 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION))
5589 clear_sta_flag(sta, WLAN_STA_BLOCK_BA);
5590
5591 ret = 0;
5592 out:
5593 return ret;
5594 }
5595 EXPORT_SYMBOL(ieee80211_reserve_tid);
5596
5597 void ieee80211_unreserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5598 {
5599 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5600 struct ieee80211_sub_if_data *sdata = sta->sdata;
5601
5602 lockdep_assert_held(&sdata->local->sta_mtx);
5603
5604 /* only some cases are supported right now */
5605 switch (sdata->vif.type) {
5606 case NL80211_IFTYPE_STATION:
5607 case NL80211_IFTYPE_AP:
5608 case NL80211_IFTYPE_AP_VLAN:
5609 break;
5610 default:
5611 WARN_ON(1);
5612 return;
5613 }
5614
5615 if (tid != sta->reserved_tid) {
5616 sdata_err(sdata, "TID to unreserve (%d) isn't reserved\n", tid);
5617 return;
5618 }
5619
5620 sta->reserved_tid = IEEE80211_TID_UNRESERVED;
5621 }
5622 EXPORT_SYMBOL(ieee80211_unreserve_tid);
5623
5624 void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata,
5625 struct sk_buff *skb, int tid,
5626 enum nl80211_band band)
5627 {
5628 int ac = ieee80211_ac_from_tid(tid);
5629
5630 skb_reset_mac_header(skb);
5631 skb_set_queue_mapping(skb, ac);
5632 skb->priority = tid;
5633
5634 skb->dev = sdata->dev;
5635
5636 /*
5637 * The other path calling ieee80211_xmit is from the tasklet,
5638 * and while we can handle concurrent transmissions locking
5639 * requirements are that we do not come into tx with bhs on.
5640 */
5641 local_bh_disable();
5642 IEEE80211_SKB_CB(skb)->band = band;
5643 ieee80211_xmit(sdata, NULL, skb);
5644 local_bh_enable();
5645 }
5646
5647 int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
5648 const u8 *buf, size_t len,
5649 const u8 *dest, __be16 proto, bool unencrypted,
5650 u64 *cookie)
5651 {
5652 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5653 struct ieee80211_local *local = sdata->local;
5654 struct sta_info *sta;
5655 struct sk_buff *skb;
5656 struct ethhdr *ehdr;
5657 u32 ctrl_flags = 0;
5658 u32 flags = 0;
5659
5660 /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE
5661 * or Pre-Authentication
5662 */
5663 if (proto != sdata->control_port_protocol &&
5664 proto != cpu_to_be16(ETH_P_PREAUTH))
5665 return -EINVAL;
5666
5667 if (proto == sdata->control_port_protocol)
5668 ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
5669 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
5670
5671 if (unencrypted)
5672 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5673
5674 if (cookie)
5675 ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
5676
5677 flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
5678
5679 skb = dev_alloc_skb(local->hw.extra_tx_headroom +
5680 sizeof(struct ethhdr) + len);
5681 if (!skb)
5682 return -ENOMEM;
5683
5684 skb_reserve(skb, local->hw.extra_tx_headroom + sizeof(struct ethhdr));
5685
5686 skb_put_data(skb, buf, len);
5687
5688 ehdr = skb_push(skb, sizeof(struct ethhdr));
5689 memcpy(ehdr->h_dest, dest, ETH_ALEN);
5690 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
5691 ehdr->h_proto = proto;
5692
5693 skb->dev = dev;
5694 skb->protocol = proto;
5695 skb_reset_network_header(skb);
5696 skb_reset_mac_header(skb);
5697
5698 /* update QoS header to prioritize control port frames if possible,
5699 * priorization also happens for control port frames send over
5700 * AF_PACKET
5701 */
5702 rcu_read_lock();
5703
5704 if (ieee80211_lookup_ra_sta(sdata, skb, &sta) == 0 && !IS_ERR(sta)) {
5705 u16 queue = __ieee80211_select_queue(sdata, sta, skb);
5706
5707 skb_set_queue_mapping(skb, queue);
5708 skb_get_hash(skb);
5709 }
5710
5711 rcu_read_unlock();
5712
5713 /* mutex lock is only needed for incrementing the cookie counter */
5714 mutex_lock(&local->mtx);
5715
5716 local_bh_disable();
5717 __ieee80211_subif_start_xmit(skb, skb->dev, flags, ctrl_flags, cookie);
5718 local_bh_enable();
5719
5720 mutex_unlock(&local->mtx);
5721
5722 return 0;
5723 }
5724
5725 int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
5726 const u8 *buf, size_t len)
5727 {
5728 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
5729 struct ieee80211_local *local = sdata->local;
5730 struct sk_buff *skb;
5731
5732 skb = dev_alloc_skb(local->hw.extra_tx_headroom + len +
5733 30 + /* header size */
5734 18); /* 11s header size */
5735 if (!skb)
5736 return -ENOMEM;
5737
5738 skb_reserve(skb, local->hw.extra_tx_headroom);
5739 skb_put_data(skb, buf, len);
5740
5741 skb->dev = dev;
5742 skb->protocol = htons(ETH_P_802_3);
5743 skb_reset_network_header(skb);
5744 skb_reset_mac_header(skb);
5745
5746 local_bh_disable();
5747 __ieee80211_subif_start_xmit(skb, skb->dev, 0,
5748 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP,
5749 NULL);
5750 local_bh_enable();
5751
5752 return 0;
5753 }
Ubuntu Jammy Linux kernel mirror