[deliverable/linux.git] / net / mac80211 / agg-rx.c

/*
 * HT handling
 *
 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
 * Copyright 2002-2005, Instant802 Networks, Inc.
 * Copyright 2005-2006, Devicescape Software, Inc.
 * Copyright 2006-2007	Jiri Benc <jbenc@suse.cz>
 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
 * Copyright 2007-2010, Intel Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/**
 * DOC: RX A-MPDU aggregation
 *
 * Aggregation on the RX side requires only implementing the
 * @ampdu_action callback that is invoked to start/stop any
 * block-ack sessions for RX aggregation.
 *
 * When RX aggregation is started by the peer, the driver is
 * notified via @ampdu_action function, with the
 * %IEEE80211_AMPDU_RX_START action, and may reject the request
 * in which case a negative response is sent to the peer, if it
 * accepts it a positive response is sent.
 *
 * While the session is active, the device/driver are required
 * to de-aggregate frames and pass them up one by one to mac80211,
 * which will handle the reorder buffer.
 *
 * When the aggregation session is stopped again by the peer or
 * ourselves, the driver's @ampdu_action function will be called
 * with the action %IEEE80211_AMPDU_RX_STOP. In this case, the
 * call must not fail.
 */

#include <linux/ieee80211.h>
#include <linux/slab.h>
#include <linux/export.h>
#include <net/mac80211.h>
#include "ieee80211_i.h"
#include "driver-ops.h"

static void ieee80211_free_tid_rx(struct rcu_head *h)
{
	struct tid_ampdu_rx *tid_rx =
		container_of(h, struct tid_ampdu_rx, rcu_head);
	int i;

	del_timer_sync(&tid_rx->reorder_timer);

	for (i = 0; i < tid_rx->buf_size; i++)
		dev_kfree_skb(tid_rx->reorder_buf[i]);
	kfree(tid_rx->reorder_buf);
	kfree(tid_rx->reorder_time);
	kfree(tid_rx);
}

void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
				     u16 initiator, u16 reason, bool tx)
{
	struct ieee80211_local *local = sta->local;
	struct tid_ampdu_rx *tid_rx;

	lockdep_assert_held(&sta->ampdu_mlme.mtx);

	tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid],
					lockdep_is_held(&sta->ampdu_mlme.mtx));

	if (!tid_rx)
		return;

	RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL);

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG
	       "Rx BA session stop requested for %pM tid %u %s reason: %d\n",
	       sta->sta.addr, tid,
	       initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator",
	       (int)reason);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
			     &sta->sta, tid, NULL, 0))
		printk(KERN_DEBUG "HW problem - can not stop rx "
				"aggregation for tid %d\n", tid);

	/* check if this is a self generated aggregation halt */
	if (initiator == WLAN_BACK_RECIPIENT && tx)
		ieee80211_send_delba(sta->sdata, sta->sta.addr,
				     tid, WLAN_BACK_RECIPIENT, reason);

	del_timer_sync(&tid_rx->session_timer);

	call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
}

void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
				    u16 initiator, u16 reason, bool tx)
{
	mutex_lock(&sta->ampdu_mlme.mtx);
	___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx);
	mutex_unlock(&sta->ampdu_mlme.mtx);
}

void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap,
				  const u8 *addr)
{
	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
	struct sta_info *sta;
	int i;

	rcu_read_lock();
	sta = sta_info_get_bss(sdata, addr);
	if (!sta) {
		rcu_read_unlock();
		return;
	}

	for (i = 0; i < STA_TID_NUM; i++)
		if (ba_rx_bitmap & BIT(i))
			set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested);

	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
	rcu_read_unlock();
}
EXPORT_SYMBOL(ieee80211_stop_rx_ba_session);

/*
 * After accepting the AddBA Request we activated a timer,
 * resetting it after each frame that arrives from the originator.
 */
static void sta_rx_agg_session_timer_expired(unsigned long data)
{
	/* not an elegant detour, but there is no choice as the timer passes
	 * only one argument, and various sta_info are needed here, so init
	 * flow in sta_info_create gives the TID as data, while the timer_to_id
	 * array gives the sta through container_of */
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
					 timer_to_tid[0]);
	struct tid_ampdu_rx *tid_rx;
	unsigned long timeout;

	rcu_read_lock();
	tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[*ptid]);
	if (!tid_rx) {
		rcu_read_unlock();
		return;
	}

	timeout = tid_rx->last_rx + TU_TO_JIFFIES(tid_rx->timeout);
	if (time_is_after_jiffies(timeout)) {
		mod_timer(&tid_rx->session_timer, timeout);
		rcu_read_unlock();
		return;
	}
	rcu_read_unlock();

#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
#endif
	set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired);
	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
}

static void sta_rx_agg_reorder_timer_expired(unsigned long data)
{
	u8 *ptid = (u8 *)data;
	u8 *timer_to_id = ptid - *ptid;
	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
			timer_to_tid[0]);

	rcu_read_lock();
	ieee80211_release_reorder_timeout(sta, *ptid);
	rcu_read_unlock();
}

static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data *sdata, u8 *da, u16 tid,
				      u8 dialog_token, u16 status, u16 policy,
				      u16 buf_size, u16 timeout)
{
	struct ieee80211_local *local = sdata->local;
	struct sk_buff *skb;
	struct ieee80211_mgmt *mgmt;
	u16 capab;

	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
	if (!skb)
		return;

	skb_reserve(skb, local->hw.extra_tx_headroom);
	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	memset(mgmt, 0, 24);
	memcpy(mgmt->da, da, ETH_ALEN);
	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
	if (sdata->vif.type == NL80211_IFTYPE_AP ||
	    sdata->vif.type == NL80211_IFTYPE_AP_VLAN ||
	    sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
		memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
	else if (sdata->vif.type == NL80211_IFTYPE_STATION)
		memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
	else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
		memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);

	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
					  IEEE80211_STYPE_ACTION);

	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;

	capab = (u16)(policy << 1);	/* bit 1 aggregation policy */
	capab |= (u16)(tid << 2); 	/* bit 5:2 TID number */
	capab |= (u16)(buf_size << 6);	/* bit 15:6 max size of aggregation */

	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);

	ieee80211_tx_skb(sdata, skb);
}

void ieee80211_process_addba_request(struct ieee80211_local *local,
				     struct sta_info *sta,
				     struct ieee80211_mgmt *mgmt,
				     size_t len)
{
	struct tid_ampdu_rx *tid_agg_rx;
	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
	u8 dialog_token;
	int ret = -EOPNOTSUPP;

	/* extract session parameters from addba request frame */
	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
	start_seq_num =
		le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;

	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;

	status = WLAN_STATUS_REQUEST_DECLINED;

	if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		printk(KERN_DEBUG "Suspend in progress. "
		       "Denying ADDBA request\n");
#endif
		goto end_no_lock;
	}

	/* sanity check for incoming parameters:
	 * check if configuration can support the BA policy
	 * and if buffer size does not exceeds max value */
	/* XXX: check own ht delayed BA capability?? */
	if (((ba_policy != 1) &&
	     (!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) ||
	    (buf_size > IEEE80211_MAX_AMPDU_BUF)) {
		status = WLAN_STATUS_INVALID_QOS_PARAM;
#ifdef CONFIG_MAC80211_HT_DEBUG
		net_dbg_ratelimited("AddBA Req with bad params from %pM on tid %u. policy %d, buffer size %d\n",
				    mgmt->sa, tid, ba_policy, buf_size);
#endif /* CONFIG_MAC80211_HT_DEBUG */
		goto end_no_lock;
	}
	/* determine default buffer size */
	if (buf_size == 0)
		buf_size = IEEE80211_MAX_AMPDU_BUF;

	/* make sure the size doesn't exceed the maximum supported by the hw */
	if (buf_size > local->hw.max_rx_aggregation_subframes)
		buf_size = local->hw.max_rx_aggregation_subframes;

	/* examine state machine */
	mutex_lock(&sta->ampdu_mlme.mtx);

	if (sta->ampdu_mlme.tid_rx[tid]) {
#ifdef CONFIG_MAC80211_HT_DEBUG
		net_dbg_ratelimited("unexpected AddBA Req from %pM on tid %u\n",
				    mgmt->sa, tid);
#endif /* CONFIG_MAC80211_HT_DEBUG */

		/* delete existing Rx BA session on the same tid */
		___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
						WLAN_STATUS_UNSPECIFIED_QOS,
						false);
	}

	/* prepare A-MPDU MLME for Rx aggregation */
	tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
	if (!tid_agg_rx)
		goto end;

	spin_lock_init(&tid_agg_rx->reorder_lock);

	/* rx timer */
	tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
	tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	init_timer_deferrable(&tid_agg_rx->session_timer);

	/* rx reorder timer */
	tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
	tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	init_timer(&tid_agg_rx->reorder_timer);

	/* prepare reordering buffer */
	tid_agg_rx->reorder_buf =
		kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL);
	tid_agg_rx->reorder_time =
		kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
	if (!tid_agg_rx->reorder_buf || !tid_agg_rx->reorder_time) {
		kfree(tid_agg_rx->reorder_buf);
		kfree(tid_agg_rx->reorder_time);
		kfree(tid_agg_rx);
		goto end;
	}

	ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
			       &sta->sta, tid, &start_seq_num, 0);
#ifdef CONFIG_MAC80211_HT_DEBUG
	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
#endif /* CONFIG_MAC80211_HT_DEBUG */

	if (ret) {
		kfree(tid_agg_rx->reorder_buf);
		kfree(tid_agg_rx->reorder_time);
		kfree(tid_agg_rx);
		goto end;
	}

	/* update data */
	tid_agg_rx->dialog_token = dialog_token;
	tid_agg_rx->ssn = start_seq_num;
	tid_agg_rx->head_seq_num = start_seq_num;
	tid_agg_rx->buf_size = buf_size;
	tid_agg_rx->timeout = timeout;
	tid_agg_rx->stored_mpdu_num = 0;
	status = WLAN_STATUS_SUCCESS;

	/* activate it for RX */
	rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);

	if (timeout) {
		mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));
		tid_agg_rx->last_rx = jiffies;
	}

end:
	mutex_unlock(&sta->ampdu_mlme.mtx);

end_no_lock:
	ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
				  dialog_token, status, 1, buf_size, timeout);
}
Commit	Line	Data
b8695a8f JB	1	/*
	2	* HT handling
	3	*
	4	* Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
	5	* Copyright 2002-2005, Instant802 Networks, Inc.
	6	* Copyright 2005-2006, Devicescape Software, Inc.
	7	* Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
	8	* Copyright 2007, Michael Wu <flamingice@sourmilk.net>
a93e3644	9	* Copyright 2007-2010, Intel Corporation
b8695a8f JB	10	*
	11	* This program is free software; you can redistribute it and/or modify
	12	* it under the terms of the GNU General Public License version 2 as
	13	* published by the Free Software Foundation.
	14	*/
	15
73a72a81 JB	16	/**
	17	* DOC: RX A-MPDU aggregation
	18	*
	19	* Aggregation on the RX side requires only implementing the
	20	* @ampdu_action callback that is invoked to start/stop any
	21	* block-ack sessions for RX aggregation.
	22	*
	23	* When RX aggregation is started by the peer, the driver is
	24	* notified via @ampdu_action function, with the
	25	* %IEEE80211_AMPDU_RX_START action, and may reject the request
	26	* in which case a negative response is sent to the peer, if it
	27	* accepts it a positive response is sent.
	28	*
	29	* While the session is active, the device/driver are required
	30	* to de-aggregate frames and pass them up one by one to mac80211,
	31	* which will handle the reorder buffer.
	32	*
	33	* When the aggregation session is stopped again by the peer or
	34	* ourselves, the driver's @ampdu_action function will be called
	35	* with the action %IEEE80211_AMPDU_RX_STOP. In this case, the
	36	* call must not fail.
	37	*/
	38
b8695a8f	39	#include <linux/ieee80211.h>
5a0e3ad6	40	#include <linux/slab.h>
bc3b2d7f	41	#include <linux/export.h>
b8695a8f JB	42	#include <net/mac80211.h>
b8695a8f JB	43	#include "ieee80211_i.h"
24487981	44	#include "driver-ops.h"
b8695a8f	45
a87f736d JB	46	static void ieee80211_free_tid_rx(struct rcu_head *h)
	47	{
	48	struct tid_ampdu_rx *tid_rx =
	49	container_of(h, struct tid_ampdu_rx, rcu_head);
	50	int i;
	51
d72308bf SG	52	del_timer_sync(&tid_rx->reorder_timer);
d72308bf SG	53
a87f736d JB	54	for (i = 0; i < tid_rx->buf_size; i++)
	55	dev_kfree_skb(tid_rx->reorder_buf[i]);
	56	kfree(tid_rx->reorder_buf);
	57	kfree(tid_rx->reorder_time);
	58	kfree(tid_rx);
	59	}
	60
7c3b1dd8	61	void ___ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
53f73c09	62	u16 initiator, u16 reason, bool tx)
b8695a8f	63	{
d75636ef	64	struct ieee80211_local *local = sta->local;
098a6070	65	struct tid_ampdu_rx *tid_rx;
b8695a8f	66
a93e3644	67	lockdep_assert_held(&sta->ampdu_mlme.mtx);
098a6070	68
40b275b6 JB	69	tid_rx = rcu_dereference_protected(sta->ampdu_mlme.tid_rx[tid],
40b275b6 JB	70	lockdep_is_held(&sta->ampdu_mlme.mtx));
a87f736d	71
7c3b1dd8	72	if (!tid_rx)
b8695a8f	73	return;
d75636ef	74
a9b3cd7f	75	RCU_INIT_POINTER(sta->ampdu_mlme.tid_rx[tid], NULL);
b8695a8f	76
b8695a8f	77	#ifdef CONFIG_MAC80211_HT_DEBUG
5ccc32ff NM	78	printk(KERN_DEBUG
	79	"Rx BA session stop requested for %pM tid %u %s reason: %d\n",
	80	sta->sta.addr, tid,
	81	initiator == WLAN_BACK_RECIPIENT ? "recipient" : "inititator",
	82	(int)reason);
b8695a8f JB	83	#endif /* CONFIG_MAC80211_HT_DEBUG */
b8695a8f JB	84
12375ef9	85	if (drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_STOP,
0b01f030	86	&sta->sta, tid, NULL, 0))
b8695a8f JB	87	printk(KERN_DEBUG "HW problem - can not stop rx "
	88	"aggregation for tid %d\n", tid);
	89
b8695a8f	90	/* check if this is a self generated aggregation halt */
53f73c09	91	if (initiator == WLAN_BACK_RECIPIENT && tx)
d75636ef	92	ieee80211_send_delba(sta->sdata, sta->sta.addr,
a7f39f60	93	tid, WLAN_BACK_RECIPIENT, reason);
b8695a8f	94
7c3b1dd8	95	del_timer_sync(&tid_rx->session_timer);
a87f736d JB	96
a87f736d JB	97	call_rcu(&tid_rx->rcu_head, ieee80211_free_tid_rx);
b8695a8f JB	98	}
b8695a8f JB	99
2aab4c27	100	void __ieee80211_stop_rx_ba_session(struct sta_info *sta, u16 tid,
53f73c09	101	u16 initiator, u16 reason, bool tx)
2aab4c27	102	{
a93e3644	103	mutex_lock(&sta->ampdu_mlme.mtx);
53f73c09	104	___ieee80211_stop_rx_ba_session(sta, tid, initiator, reason, tx);
a93e3644	105	mutex_unlock(&sta->ampdu_mlme.mtx);
2aab4c27 JB	106	}
2aab4c27 JB	107
f41ccd71 SL	108	void ieee80211_stop_rx_ba_session(struct ieee80211_vif *vif, u16 ba_rx_bitmap,
	109	const u8 *addr)
	110	{
	111	struct ieee80211_sub_if_data *sdata = vif_to_sdata(vif);
0a557ed3	112	struct sta_info *sta;
f41ccd71 SL	113	int i;
f41ccd71 SL	114
0a557ed3	115	rcu_read_lock();
bc192f89	116	sta = sta_info_get_bss(sdata, addr);
0a557ed3 EP	117	if (!sta) {
	118	rcu_read_unlock();
	119	return;
	120	}
	121
f41ccd71 SL	122	for (i = 0; i < STA_TID_NUM; i++)
	123	if (ba_rx_bitmap & BIT(i))
	124	set_bit(i, sta->ampdu_mlme.tid_rx_stop_requested);
	125
	126	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
0a557ed3	127	rcu_read_unlock();
f41ccd71 SL	128	}
	129	EXPORT_SYMBOL(ieee80211_stop_rx_ba_session);
	130
b8695a8f JB	131	/*
	132	* After accepting the AddBA Request we activated a timer,
	133	* resetting it after each frame that arrives from the originator.
b8695a8f JB	134	*/
	135	static void sta_rx_agg_session_timer_expired(unsigned long data)
	136	{
	137	/* not an elegant detour, but there is no choice as the timer passes
	138	* only one argument, and various sta_info are needed here, so init
	139	* flow in sta_info_create gives the TID as data, while the timer_to_id
	140	* array gives the sta through container_of */
	141	u8 ptid = (u8 )data;
	142	u8 timer_to_id = ptid - ptid;
	143	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
	144	timer_to_tid[0]);
12d3952f FF	145	struct tid_ampdu_rx *tid_rx;
	146	unsigned long timeout;
	147
d8c7aae6	148	rcu_read_lock();
12d3952f	149	tid_rx = rcu_dereference(sta->ampdu_mlme.tid_rx[*ptid]);
d8c7aae6 FF	150	if (!tid_rx) {
d8c7aae6 FF	151	rcu_read_unlock();
12d3952f	152	return;
d8c7aae6	153	}
12d3952f FF	154
	155	timeout = tid_rx->last_rx + TU_TO_JIFFIES(tid_rx->timeout);
	156	if (time_is_after_jiffies(timeout)) {
	157	mod_timer(&tid_rx->session_timer, timeout);
d8c7aae6	158	rcu_read_unlock();
12d3952f FF	159	return;
12d3952f FF	160	}
d8c7aae6	161	rcu_read_unlock();
b8695a8f JB	162
	163	#ifdef CONFIG_MAC80211_HT_DEBUG
	164	printk(KERN_DEBUG "rx session timer expired on tid %d\n", (u16)*ptid);
	165	#endif
7c3b1dd8 JB	166	set_bit(*ptid, sta->ampdu_mlme.tid_rx_timer_expired);
7c3b1dd8 JB	167	ieee80211_queue_work(&sta->local->hw, &sta->ampdu_mlme.work);
b8695a8f JB	168	}
b8695a8f JB	169
2bff8ebf CL	170	static void sta_rx_agg_reorder_timer_expired(unsigned long data)
	171	{
	172	u8 ptid = (u8 )data;
	173	u8 timer_to_id = ptid - ptid;
	174	struct sta_info *sta = container_of(timer_to_id, struct sta_info,
	175	timer_to_tid[0]);
	176
	177	rcu_read_lock();
2bff8ebf	178	ieee80211_release_reorder_timeout(sta, *ptid);
2bff8ebf CL	179	rcu_read_unlock();
	180	}
	181
b8695a8f JB	182	static void ieee80211_send_addba_resp(struct ieee80211_sub_if_data sdata, u8 da, u16 tid,
	183	u8 dialog_token, u16 status, u16 policy,
	184	u16 buf_size, u16 timeout)
	185	{
b8695a8f JB	186	struct ieee80211_local *local = sdata->local;
	187	struct sk_buff *skb;
	188	struct ieee80211_mgmt *mgmt;
	189	u16 capab;
	190
	191	skb = dev_alloc_skb(sizeof(*mgmt) + local->hw.extra_tx_headroom);
d15b8459	192	if (!skb)
b8695a8f	193	return;
b8695a8f JB	194
	195	skb_reserve(skb, local->hw.extra_tx_headroom);
	196	mgmt = (struct ieee80211_mgmt *) skb_put(skb, 24);
	197	memset(mgmt, 0, 24);
	198	memcpy(mgmt->da, da, ETH_ALEN);
47846c9b	199	memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
8abd3f9b	200	if (sdata->vif.type == NL80211_IFTYPE_AP \|\|
ae2772b3 TP	201	sdata->vif.type == NL80211_IFTYPE_AP_VLAN \|\|
ae2772b3 TP	202	sdata->vif.type == NL80211_IFTYPE_MESH_POINT)
47846c9b	203	memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
46900298 JB	204	else if (sdata->vif.type == NL80211_IFTYPE_STATION)
46900298 JB	205	memcpy(mgmt->bssid, sdata->u.mgd.bssid, ETH_ALEN);
13c40c54 AS	206	else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
13c40c54 AS	207	memcpy(mgmt->bssid, sdata->u.ibss.bssid, ETH_ALEN);
46900298	208
b8695a8f JB	209	mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT \|
	210	IEEE80211_STYPE_ACTION);
	211
	212	skb_put(skb, 1 + sizeof(mgmt->u.action.u.addba_resp));
	213	mgmt->u.action.category = WLAN_CATEGORY_BACK;
	214	mgmt->u.action.u.addba_resp.action_code = WLAN_ACTION_ADDBA_RESP;
	215	mgmt->u.action.u.addba_resp.dialog_token = dialog_token;
	216
	217	capab = (u16)(policy << 1); /* bit 1 aggregation policy */
	218	capab \|= (u16)(tid << 2); /* bit 5:2 TID number */
	219	capab \|= (u16)(buf_size << 6); /* bit 15:6 max size of aggregation */
	220
	221	mgmt->u.action.u.addba_resp.capab = cpu_to_le16(capab);
	222	mgmt->u.action.u.addba_resp.timeout = cpu_to_le16(timeout);
	223	mgmt->u.action.u.addba_resp.status = cpu_to_le16(status);
	224
62ae67be	225	ieee80211_tx_skb(sdata, skb);
b8695a8f JB	226	}
	227
	228	void ieee80211_process_addba_request(struct ieee80211_local *local,
	229	struct sta_info *sta,
	230	struct ieee80211_mgmt *mgmt,
	231	size_t len)
	232	{
b8695a8f JB	233	struct tid_ampdu_rx *tid_agg_rx;
	234	u16 capab, tid, timeout, ba_policy, buf_size, start_seq_num, status;
	235	u8 dialog_token;
	236	int ret = -EOPNOTSUPP;
	237
	238	/* extract session parameters from addba request frame */
	239	dialog_token = mgmt->u.action.u.addba_req.dialog_token;
	240	timeout = le16_to_cpu(mgmt->u.action.u.addba_req.timeout);
	241	start_seq_num =
	242	le16_to_cpu(mgmt->u.action.u.addba_req.start_seq_num) >> 4;
	243
	244	capab = le16_to_cpu(mgmt->u.action.u.addba_req.capab);
	245	ba_policy = (capab & IEEE80211_ADDBA_PARAM_POLICY_MASK) >> 1;
	246	tid = (capab & IEEE80211_ADDBA_PARAM_TID_MASK) >> 2;
	247	buf_size = (capab & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) >> 6;
	248
	249	status = WLAN_STATUS_REQUEST_DECLINED;
	250
c2c98fde	251	if (test_sta_flag(sta, WLAN_STA_BLOCK_BA)) {
722f069a S	252	#ifdef CONFIG_MAC80211_HT_DEBUG
	253	printk(KERN_DEBUG "Suspend in progress. "
	254	"Denying ADDBA request\n");
	255	#endif
	256	goto end_no_lock;
	257	}
	258
b8695a8f JB	259	/* sanity check for incoming parameters:
	260	* check if configuration can support the BA policy
	261	* and if buffer size does not exceeds max value */
	262	/* XXX: check own ht delayed BA capability?? */
f64f9e71 JP	263	if (((ba_policy != 1) &&
	264	(!(sta->sta.ht_cap.cap & IEEE80211_HT_CAP_DELAY_BA))) \|\|
	265	(buf_size > IEEE80211_MAX_AMPDU_BUF)) {
b8695a8f JB	266	status = WLAN_STATUS_INVALID_QOS_PARAM;
b8695a8f JB	267	#ifdef CONFIG_MAC80211_HT_DEBUG
e87cc472 JP	268	net_dbg_ratelimited("AddBA Req with bad params from %pM on tid %u. policy %d, buffer size %d\n",
e87cc472 JP	269	mgmt->sa, tid, ba_policy, buf_size);
b8695a8f JB	270	#endif /* CONFIG_MAC80211_HT_DEBUG */
	271	goto end_no_lock;
	272	}
	273	/* determine default buffer size */
82694f76 LC	274	if (buf_size == 0)
82694f76 LC	275	buf_size = IEEE80211_MAX_AMPDU_BUF;
b8695a8f	276
df6ba5d8 LC	277	/* make sure the size doesn't exceed the maximum supported by the hw */
	278	if (buf_size > local->hw.max_rx_aggregation_subframes)
	279	buf_size = local->hw.max_rx_aggregation_subframes;
b8695a8f JB	280
b8695a8f JB	281	/* examine state machine */
a93e3644	282	mutex_lock(&sta->ampdu_mlme.mtx);
b8695a8f	283
a87f736d	284	if (sta->ampdu_mlme.tid_rx[tid]) {
b8695a8f	285	#ifdef CONFIG_MAC80211_HT_DEBUG
e87cc472 JP	286	net_dbg_ratelimited("unexpected AddBA Req from %pM on tid %u\n",
e87cc472 JP	287	mgmt->sa, tid);
b8695a8f	288	#endif /* CONFIG_MAC80211_HT_DEBUG */
15b4d843 AN	289
	290	/* delete existing Rx BA session on the same tid */
	291	___ieee80211_stop_rx_ba_session(sta, tid, WLAN_BACK_RECIPIENT,
	292	WLAN_STATUS_UNSPECIFIED_QOS,
	293	false);
b8695a8f JB	294	}
	295
	296	/* prepare A-MPDU MLME for Rx aggregation */
dd318575	297	tid_agg_rx = kmalloc(sizeof(struct tid_ampdu_rx), GFP_KERNEL);
d15b8459	298	if (!tid_agg_rx)
b8695a8f	299	goto end;
b8695a8f	300
2bff8ebf CL	301	spin_lock_init(&tid_agg_rx->reorder_lock);
2bff8ebf CL	302
a87f736d JB	303	/* rx timer */
	304	tid_agg_rx->session_timer.function = sta_rx_agg_session_timer_expired;
	305	tid_agg_rx->session_timer.data = (unsigned long)&sta->timer_to_tid[tid];
12d3952f	306	init_timer_deferrable(&tid_agg_rx->session_timer);
b8695a8f	307
2bff8ebf CL	308	/* rx reorder timer */
	309	tid_agg_rx->reorder_timer.function = sta_rx_agg_reorder_timer_expired;
	310	tid_agg_rx->reorder_timer.data = (unsigned long)&sta->timer_to_tid[tid];
	311	init_timer(&tid_agg_rx->reorder_timer);
	312
b8695a8f JB	313	/* prepare reordering buffer */
b8695a8f JB	314	tid_agg_rx->reorder_buf =
dd318575	315	kcalloc(buf_size, sizeof(struct sk_buff *), GFP_KERNEL);
4d050f1d	316	tid_agg_rx->reorder_time =
dd318575	317	kcalloc(buf_size, sizeof(unsigned long), GFP_KERNEL);
4d050f1d	318	if (!tid_agg_rx->reorder_buf \|\| !tid_agg_rx->reorder_time) {
4d050f1d JM	319	kfree(tid_agg_rx->reorder_buf);
4d050f1d JM	320	kfree(tid_agg_rx->reorder_time);
a87f736d	321	kfree(tid_agg_rx);
b8695a8f JB	322	goto end;
	323	}
	324
12375ef9	325	ret = drv_ampdu_action(local, sta->sdata, IEEE80211_AMPDU_RX_START,
0b01f030	326	&sta->sta, tid, &start_seq_num, 0);
b8695a8f JB	327	#ifdef CONFIG_MAC80211_HT_DEBUG
	328	printk(KERN_DEBUG "Rx A-MPDU request on tid %d result %d\n", tid, ret);
	329	#endif /* CONFIG_MAC80211_HT_DEBUG */
	330
	331	if (ret) {
	332	kfree(tid_agg_rx->reorder_buf);
a87f736d	333	kfree(tid_agg_rx->reorder_time);
b8695a8f	334	kfree(tid_agg_rx);
b8695a8f JB	335	goto end;
	336	}
	337
a87f736d	338	/* update data */
b8695a8f JB	339	tid_agg_rx->dialog_token = dialog_token;
	340	tid_agg_rx->ssn = start_seq_num;
	341	tid_agg_rx->head_seq_num = start_seq_num;
	342	tid_agg_rx->buf_size = buf_size;
	343	tid_agg_rx->timeout = timeout;
	344	tid_agg_rx->stored_mpdu_num = 0;
	345	status = WLAN_STATUS_SUCCESS;
a87f736d JB	346
a87f736d JB	347	/* activate it for RX */
cf778b00	348	rcu_assign_pointer(sta->ampdu_mlme.tid_rx[tid], tid_agg_rx);
f955ebb4	349
12d3952f	350	if (timeout) {
f955ebb4	351	mod_timer(&tid_agg_rx->session_timer, TU_TO_EXP_TIME(timeout));
12d3952f FF	352	tid_agg_rx->last_rx = jiffies;
12d3952f FF	353	}
f955ebb4	354
b8695a8f	355	end:
a93e3644	356	mutex_unlock(&sta->ampdu_mlme.mtx);
b8695a8f JB	357
	358	end_no_lock:
	359	ieee80211_send_addba_resp(sta->sdata, sta->sta.addr, tid,
	360	dialog_token, status, 1, buf_size, timeout);
	361	}