From fe3bf0f59e97193f8619707f5d9458ce71a4f8d8 Mon Sep 17 00:00:00 2001 From: Ron Rindjunsky Date: Mon, 28 Jan 2008 14:07:19 +0200 Subject: mac80211: A-MPDU Tx MLME data initialization This patch initialize A-MPDU MLME data for Tx sessions. Signed-off-by: Ron Rindjunsky Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 1f74bd29635..ddc1f47194d 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -117,8 +117,10 @@ static void sta_info_release(struct kref *kref) while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { dev_kfree_skb_any(skb); } - for (i = 0; i < STA_TID_NUM; i++) + for (i = 0; i < STA_TID_NUM; i++) { del_timer_sync(&sta->ampdu_mlme.tid_rx[i].session_timer); + del_timer_sync(&sta->ampdu_mlme.tid_tx[i].addba_resp_timer); + } rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); rate_control_put(sta->rate_ctrl); kfree(sta); @@ -157,17 +159,26 @@ struct sta_info * sta_info_add(struct ieee80211_local *local, sta->local = local; sta->dev = dev; spin_lock_init(&sta->ampdu_mlme.ampdu_rx); + spin_lock_init(&sta->ampdu_mlme.ampdu_tx); for (i = 0; i < STA_TID_NUM; i++) { /* timer_to_tid must be initialized with identity mapping to * enable session_timer's data differentiation. refer to * sta_rx_agg_session_timer_expired for useage */ sta->timer_to_tid[i] = i; + /* tid to tx queue: initialize according to HW (0 is valid) */ + sta->tid_to_tx_q[i] = local->hw.queues; /* rx timers */ sta->ampdu_mlme.tid_rx[i].session_timer.function = sta_rx_agg_session_timer_expired; sta->ampdu_mlme.tid_rx[i].session_timer.data = (unsigned long)&sta->timer_to_tid[i]; init_timer(&sta->ampdu_mlme.tid_rx[i].session_timer); + /* tx timers */ + sta->ampdu_mlme.tid_tx[i].addba_resp_timer.function = + sta_addba_resp_timer_expired; + sta->ampdu_mlme.tid_tx[i].addba_resp_timer.data = + (unsigned long)&sta->timer_to_tid[i]; + init_timer(&sta->ampdu_mlme.tid_tx[i].addba_resp_timer); } skb_queue_head_init(&sta->ps_tx_buf); skb_queue_head_init(&sta->tx_filtered); -- cgit v1.2.3 From 8318d78a44d49ac1edf2bdec7299de3617c4232e Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 24 Jan 2008 19:38:38 +0100 Subject: cfg80211 API for channels/bitrates, mac80211 and driver conversion This patch creates new cfg80211 wiphy API for channel and bitrate registration and converts mac80211 and drivers to the new API. The old mac80211 API is completely ripped out. All drivers (except ath5k) are updated to the new API, in many cases I expect that optimisations can be done. Along with the regulatory code I've also ripped out the IEEE80211_HW_DEFAULT_REG_DOMAIN_CONFIGURED flag, I believe it to be unnecessary if the hardware simply gives us whatever channels it wants to support and we then enable/disable them as required, which is pretty much required for travelling. Additionally, the patch adds proper "basic" rate handling for STA mode interface, AP mode interface will have to have new API added to allow userspace to set the basic rate set, currently it'll be empty... However, the basic rate handling will need to be moved to the BSS conf stuff. I do expect there to be bugs in this, especially wrt. transmit power handling where I'm basically clueless about how it should work. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 24 ------------------------ 1 file changed, 24 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index ddc1f47194d..746bbdea6b4 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -74,30 +74,6 @@ struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr) } EXPORT_SYMBOL(sta_info_get); -int sta_info_min_txrate_get(struct ieee80211_local *local) -{ - struct sta_info *sta; - struct ieee80211_hw_mode *mode; - int min_txrate = 9999999; - int i; - - read_lock_bh(&local->sta_lock); - mode = local->oper_hw_mode; - for (i = 0; i < STA_HASH_SIZE; i++) { - sta = local->sta_hash[i]; - while (sta) { - if (sta->txrate < min_txrate) - min_txrate = sta->txrate; - sta = sta->hnext; - } - } - read_unlock_bh(&local->sta_lock); - if (min_txrate == 9999999) - min_txrate = 0; - - return mode->rates[min_txrate].rate; -} - static void sta_info_release(struct kref *kref) { -- cgit v1.2.3 From d2259243a19894eee06c16e278adfea81dc42bd9 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 20 Feb 2008 01:36:16 +0100 Subject: mac80211: invoke set_tim() callback after setting own TIM info Drivers should be allowed to simply get a complete new beacon when set_tim() is invoked (and set_tim() is required for drivers that just want a beacon template!), so we need to update our own TIM bitmap before calling set_tim() so that getting the beacon will now get an already updated beacon. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 746bbdea6b4..cbe00979e44 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -396,11 +396,11 @@ void sta_info_remove_aid_ptr(struct sta_info *sta) sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + if (sdata->bss) + __bss_tim_clear(sdata->bss, sta->aid); if (sdata->local->ops->set_tim) sdata->local->ops->set_tim(local_to_hw(sdata->local), sta->aid, 0); - if (sdata->bss) - __bss_tim_clear(sdata->bss, sta->aid); } -- cgit v1.2.3 From 836341a70471ba77657b0b420dd7eea3c30a038b Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 20 Feb 2008 02:07:21 +0100 Subject: mac80211: remove sta TIM flag, fix expiry TIM handling The TIM flag that is kept in each station's info is completely useless, there's no code (aside from the debugfs display code) checking it, hence it can be removed. While doing that, I noticed that the TIM handling is broken when buffered frames expire, so fix that. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index cbe00979e44..a843bb7dd2d 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -286,6 +286,7 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, { unsigned long flags; struct sk_buff *skb; + struct ieee80211_sub_if_data *sdata; DECLARE_MAC_BUF(mac); if (skb_queue_empty(&sta->ps_tx_buf)) @@ -294,21 +295,28 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, for (;;) { spin_lock_irqsave(&sta->ps_tx_buf.lock, flags); skb = skb_peek(&sta->ps_tx_buf); - if (sta_info_buffer_expired(local, sta, skb)) { + if (sta_info_buffer_expired(local, sta, skb)) skb = __skb_dequeue(&sta->ps_tx_buf); - if (skb_queue_empty(&sta->ps_tx_buf)) - sta->flags &= ~WLAN_STA_TIM; - } else + else skb = NULL; spin_unlock_irqrestore(&sta->ps_tx_buf.lock, flags); - if (skb) { - local->total_ps_buffered--; - printk(KERN_DEBUG "Buffered frame expired (STA " - "%s)\n", print_mac(mac, sta->addr)); - dev_kfree_skb(skb); - } else + if (!skb) break; + + sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + local->total_ps_buffered--; + printk(KERN_DEBUG "Buffered frame expired (STA " + "%s)\n", print_mac(mac, sta->addr)); + dev_kfree_skb(skb); + + if (skb_queue_empty(&sta->ps_tx_buf)) { + if (sdata->bss) + bss_tim_set(sta->local, sdata->bss, sta->aid); + if (sta->local->ops->set_tim) + sta->local->ops->set_tim(local_to_hw(sta->local), + sta->aid, 0); + } } } -- cgit v1.2.3 From 004c872e78d433f84f0a5cd4db7a6c780c0946e1 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 20 Feb 2008 11:21:35 +0100 Subject: mac80211: consolidate TIM handling code This consolidates all TIM handling code to avoid re-introducing errors with the bitmap/set_tim order and to reduce code. While reading the code I noticed a possible problem so I also added a comment about that. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 87 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 61 insertions(+), 26 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index a843bb7dd2d..b31a627ff97 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -191,6 +191,64 @@ struct sta_info * sta_info_add(struct ieee80211_local *local, return sta; } +static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) +{ + /* + * This format has been mandated by the IEEE specifications, + * so this line may not be changed to use the __set_bit() format. + */ + bss->tim[aid / 8] |= (1 << (aid % 8)); +} + +static inline void __bss_tim_clear(struct ieee80211_if_ap *bss, u16 aid) +{ + /* + * This format has been mandated by the IEEE specifications, + * so this line may not be changed to use the __clear_bit() format. + */ + bss->tim[aid / 8] &= ~(1 << (aid % 8)); +} + +static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss, + struct sta_info *sta) +{ + if (bss) + __bss_tim_set(bss, sta->aid); + if (sta->local->ops->set_tim) + sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 1); +} + +void sta_info_set_tim_bit(struct sta_info *sta) +{ + struct ieee80211_sub_if_data *sdata; + + sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + + read_lock_bh(&sta->local->sta_lock); + __sta_info_set_tim_bit(sdata->bss, sta); + read_unlock_bh(&sta->local->sta_lock); +} + +static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, + struct sta_info *sta) +{ + if (bss) + __bss_tim_clear(bss, sta->aid); + if (sta->local->ops->set_tim) + sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 0); +} + +void sta_info_clear_tim_bit(struct sta_info *sta) +{ + struct ieee80211_sub_if_data *sdata; + + sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + + read_lock_bh(&sta->local->sta_lock); + __sta_info_clear_tim_bit(sdata->bss, sta); + read_unlock_bh(&sta->local->sta_lock); +} + /* Caller must hold local->sta_lock */ void sta_info_remove(struct sta_info *sta) { @@ -207,10 +265,9 @@ void sta_info_remove(struct sta_info *sta) sta->flags &= ~WLAN_STA_PS; if (sdata->bss) atomic_dec(&sdata->bss->num_sta_ps); + __sta_info_clear_tim_bit(sdata->bss, sta); } local->num_sta--; - sta_info_remove_aid_ptr(sta); - } void sta_info_free(struct sta_info *sta) @@ -310,13 +367,8 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, "%s)\n", print_mac(mac, sta->addr)); dev_kfree_skb(skb); - if (skb_queue_empty(&sta->ps_tx_buf)) { - if (sdata->bss) - bss_tim_set(sta->local, sdata->bss, sta->aid); - if (sta->local->ops->set_tim) - sta->local->ops->set_tim(local_to_hw(sta->local), - sta->aid, 0); - } + if (skb_queue_empty(&sta->ps_tx_buf)) + sta_info_clear_tim_bit(sta); } } @@ -395,23 +447,6 @@ void sta_info_stop(struct ieee80211_local *local) sta_info_flush(local, NULL); } -void sta_info_remove_aid_ptr(struct sta_info *sta) -{ - struct ieee80211_sub_if_data *sdata; - - if (sta->aid <= 0) - return; - - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); - - if (sdata->bss) - __bss_tim_clear(sdata->bss, sta->aid); - if (sdata->local->ops->set_tim) - sdata->local->ops->set_tim(local_to_hw(sdata->local), - sta->aid, 0); -} - - /** * sta_info_flush - flush matching STA entries from the STA table * @local: local interface data -- cgit v1.2.3 From 43ba7e958f2ca05e4e9171a15402288419289d71 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 21 Feb 2008 14:09:30 +0100 Subject: mac80211: atomically check whether STA exists already When a STA structure is added, it is often checked whether it already exists before adding it. This, however, isn't done atomically so there is a race condition that could lead to two STA structures being added with the same MAC address. This patch changes sta_info_add() to return an ERR_PTR in case of failure and adds the failure mode -EEXIST when the STA already exists. Signed-off-by: Johannes Berg Cc: Luis Carlos Cobo Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index b31a627ff97..c6c0df4bbd2 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -55,19 +55,29 @@ static int sta_info_hash_del(struct ieee80211_local *local, return -ENOENT; } -struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr) +/* must hold local->sta_lock */ +static struct sta_info *__sta_info_find(struct ieee80211_local *local, + u8 *addr) { struct sta_info *sta; - read_lock_bh(&local->sta_lock); sta = local->sta_hash[STA_HASH(addr)]; while (sta) { - if (memcmp(sta->addr, addr, ETH_ALEN) == 0) { - __sta_info_get(sta); + if (compare_ether_addr(sta->addr, addr) == 0) break; - } sta = sta->hnext; } + return sta; +} + +struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr) +{ + struct sta_info *sta; + + read_lock_bh(&local->sta_lock); + sta = __sta_info_find(local, addr); + if (sta) + __sta_info_get(sta); read_unlock_bh(&local->sta_lock); return sta; @@ -110,8 +120,8 @@ void sta_info_put(struct sta_info *sta) EXPORT_SYMBOL(sta_info_put); -struct sta_info * sta_info_add(struct ieee80211_local *local, - struct net_device *dev, u8 *addr, gfp_t gfp) +struct sta_info *sta_info_add(struct ieee80211_local *local, + struct net_device *dev, u8 *addr, gfp_t gfp) { struct sta_info *sta; int i; @@ -119,7 +129,7 @@ struct sta_info * sta_info_add(struct ieee80211_local *local, sta = kzalloc(sizeof(*sta), gfp); if (!sta) - return NULL; + return ERR_PTR(-ENOMEM); kref_init(&sta->kref); @@ -128,7 +138,7 @@ struct sta_info * sta_info_add(struct ieee80211_local *local, if (!sta->rate_ctrl_priv) { rate_control_put(sta->rate_ctrl); kfree(sta); - return NULL; + return ERR_PTR(-ENOMEM); } memcpy(sta->addr, addr, ETH_ALEN); @@ -158,9 +168,15 @@ struct sta_info * sta_info_add(struct ieee80211_local *local, } skb_queue_head_init(&sta->ps_tx_buf); skb_queue_head_init(&sta->tx_filtered); - __sta_info_get(sta); /* sta used by caller, decremented by - * sta_info_put() */ write_lock_bh(&local->sta_lock); + /* mark sta as used (by caller) */ + __sta_info_get(sta); + /* check if STA exists already */ + if (__sta_info_find(local, addr)) { + write_unlock_bh(&local->sta_lock); + sta_info_put(sta); + return ERR_PTR(-EEXIST); + } list_add(&sta->list, &local->sta_list); local->num_sta++; sta_info_hash_add(local, sta); -- cgit v1.2.3 From db4d1169d0b893bfb7923b6526748fe2c5a7373f Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 25 Feb 2008 16:27:45 +0100 Subject: mac80211: split ieee80211_key_alloc/free In order to RCU-ify sta_info, we need to be able to allocate a key without linking it to an sdata/sta structure (because allocation cannot be done in an rcu critical section). This patch splits up ieee80211_key_alloc() and updates all users appropriately. While at it, this patch fixes a number of race conditions such as finally making key replacement atomic, unfortunately at the expense of more complex code. Note that this patch documents /existing/ bugs with sta info and key interaction, there is currently a race condition when a sta info is freed without holding the RTNL. This will finally be fixed by a followup patch. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index c6c0df4bbd2..e384e6632d9 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -312,7 +312,7 @@ void sta_info_free(struct sta_info *sta) #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ ieee80211_key_free(sta->key); - sta->key = NULL; + WARN_ON(sta->key); if (local->ops->sta_notify) { struct ieee80211_sub_if_data *sdata; -- cgit v1.2.3 From ee3858551ae6d044578f598f8001db5f1a9fd52e Mon Sep 17 00:00:00 2001 From: Luis Carlos Cobo Date: Sat, 23 Feb 2008 15:17:11 +0100 Subject: mac80211: mesh data structures and first mesh changes Includes integration in struct sta_info of mesh peer link elements, previously on their own mesh peer link table. Signed-off-by: Luis Carlos Cobo Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 42 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index e384e6632d9..1f3c9eb9850 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -21,6 +21,9 @@ #include "ieee80211_rate.h" #include "sta_info.h" #include "debugfs_sta.h" +#ifdef CONFIG_MAC80211_MESH +#include "mesh.h" +#endif /* Caller must hold local->sta_lock */ static void sta_info_hash_add(struct ieee80211_local *local, @@ -84,6 +87,27 @@ struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr) } EXPORT_SYMBOL(sta_info_get); +struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, + struct net_device *dev) +{ + struct sta_info *sta; + int i = 0; + + read_lock_bh(&local->sta_lock); + list_for_each_entry(sta, &local->sta_list, list) { + if (i < idx) { + ++i; + continue; + } else if (!dev || dev == sta->dev) { + __sta_info_get(sta); + read_unlock_bh(&local->sta_lock); + return sta; + } + } + read_unlock_bh(&local->sta_lock); + + return NULL; +} static void sta_info_release(struct kref *kref) { @@ -284,12 +308,19 @@ void sta_info_remove(struct sta_info *sta) __sta_info_clear_tim_bit(sdata->bss, sta); } local->num_sta--; + +#ifdef CONFIG_MAC80211_MESH + if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) + mesh_accept_plinks_update(sdata->dev); +#endif } void sta_info_free(struct sta_info *sta) { struct sk_buff *skb; struct ieee80211_local *local = sta->local; + struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + DECLARE_MAC_BUF(mac); might_sleep(); @@ -298,6 +329,14 @@ void sta_info_free(struct sta_info *sta) sta_info_remove(sta); write_unlock_bh(&local->sta_lock); +#ifdef CONFIG_MAC80211_MESH + if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) { + spin_lock_bh(&sta->plink_lock); + mesh_plink_deactivate(sta); + spin_unlock_bh(&sta->plink_lock); + } +#endif + while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { local->total_ps_buffered--; dev_kfree_skb(skb); @@ -315,9 +354,6 @@ void sta_info_free(struct sta_info *sta) WARN_ON(sta->key); if (local->ops->sta_notify) { - struct ieee80211_sub_if_data *sdata; - - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) sdata = sdata->u.vlan.ap; -- cgit v1.2.3 From 902acc7896d7649fb30e4b22bd4e643c7f34b02c Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Sat, 23 Feb 2008 15:17:19 +0100 Subject: mac80211: clean up mesh code Various cleanups, reducing the #ifdef mess and other things. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 1f3c9eb9850..81c4e3392f4 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -21,9 +21,7 @@ #include "ieee80211_rate.h" #include "sta_info.h" #include "debugfs_sta.h" -#ifdef CONFIG_MAC80211_MESH #include "mesh.h" -#endif /* Caller must hold local->sta_lock */ static void sta_info_hash_add(struct ieee80211_local *local, @@ -309,10 +307,8 @@ void sta_info_remove(struct sta_info *sta) } local->num_sta--; -#ifdef CONFIG_MAC80211_MESH - if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) + if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_accept_plinks_update(sdata->dev); -#endif } void sta_info_free(struct sta_info *sta) @@ -329,13 +325,8 @@ void sta_info_free(struct sta_info *sta) sta_info_remove(sta); write_unlock_bh(&local->sta_lock); -#ifdef CONFIG_MAC80211_MESH - if (sdata->vif.type == IEEE80211_IF_TYPE_MESH_POINT) { - spin_lock_bh(&sta->plink_lock); + if (ieee80211_vif_is_mesh(&sdata->vif)) mesh_plink_deactivate(sta); - spin_unlock_bh(&sta->plink_lock); - } -#endif while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { local->total_ps_buffered--; -- cgit v1.2.3 From d0709a65181beb787ef3f58cfe45536a2bb254c8 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 25 Feb 2008 16:27:46 +0100 Subject: mac80211: RCU-ify STA info structure access This makes access to the STA hash table/list use RCU to protect against freeing of items. However, it's not a true RCU, the copy step is missing: whenever somebody changes a STA item it is simply updated. This is an existing race condition that is now somewhat understandable. This patch also fixes the race key freeing vs. STA destruction by making sure that sta_info_destroy() is always called under RTNL and frees the key. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 387 ++++++++++++++++++++++++++++++------------------ 1 file changed, 240 insertions(+), 147 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 81c4e3392f4..ee5b66abc0f 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -15,6 +15,7 @@ #include #include #include +#include #include #include "ieee80211_i.h" @@ -23,14 +24,43 @@ #include "debugfs_sta.h" #include "mesh.h" -/* Caller must hold local->sta_lock */ -static void sta_info_hash_add(struct ieee80211_local *local, - struct sta_info *sta) -{ - sta->hnext = local->sta_hash[STA_HASH(sta->addr)]; - local->sta_hash[STA_HASH(sta->addr)] = sta; -} - +/** + * DOC: STA information lifetime rules + * + * STA info structures (&struct sta_info) are managed in a hash table + * for faster lookup and a list for iteration. They are managed using + * RCU, i.e. access to the list and hash table is protected by RCU. + * + * STA info structures are always "alive" when they are added with + * @sta_info_add() [this may be changed in the future to allow allocating + * outside of a critical section!], they are then added to the hash + * table and list. Therefore, @sta_info_add() must also be RCU protected, + * also, the caller of @sta_info_add() cannot assume that it owns the + * structure. + * + * Because there are debugfs entries for each station, and adding those + * must be able to sleep, it is also possible to "pin" a station entry, + * that means it can be removed from the hash table but not be freed. + * See the comment in @__sta_info_unlink() for more information. + * + * In order to remove a STA info structure, the caller needs to first + * unlink it (@sta_info_unlink()) from the list and hash tables and + * then wait for an RCU synchronisation before it can be freed. Due to + * the pinning and the possibility of multiple callers trying to remove + * the same STA info at the same time, @sta_info_unlink() can clear the + * STA info pointer it is passed to indicate that the STA info is owned + * by somebody else now. + * + * If @sta_info_unlink() did not clear the pointer then the caller owns + * the STA info structure now and is responsible of destroying it with + * a call to @sta_info_destroy(), not before RCU synchronisation, of + * course. Note that sta_info_destroy() must be protected by the RTNL. + * + * In all other cases, there is no concept of ownership on a STA entry, + * each structure is owned by the global hash table/list until it is + * removed. All users of the structure need to be RCU protected so that + * the structure won't be freed before they are done using it. + */ /* Caller must hold local->sta_lock */ static int sta_info_hash_del(struct ieee80211_local *local, @@ -42,46 +72,39 @@ static int sta_info_hash_del(struct ieee80211_local *local, if (!s) return -ENOENT; if (s == sta) { - local->sta_hash[STA_HASH(sta->addr)] = s->hnext; + rcu_assign_pointer(local->sta_hash[STA_HASH(sta->addr)], + s->hnext); return 0; } while (s->hnext && s->hnext != sta) s = s->hnext; if (s->hnext) { - s->hnext = sta->hnext; + rcu_assign_pointer(s->hnext, sta->hnext); return 0; } return -ENOENT; } -/* must hold local->sta_lock */ +/* protected by RCU */ static struct sta_info *__sta_info_find(struct ieee80211_local *local, u8 *addr) { struct sta_info *sta; - sta = local->sta_hash[STA_HASH(addr)]; + sta = rcu_dereference(local->sta_hash[STA_HASH(addr)]); while (sta) { if (compare_ether_addr(sta->addr, addr) == 0) break; - sta = sta->hnext; + sta = rcu_dereference(sta->hnext); } return sta; } struct sta_info *sta_info_get(struct ieee80211_local *local, u8 *addr) { - struct sta_info *sta; - - read_lock_bh(&local->sta_lock); - sta = __sta_info_find(local, addr); - if (sta) - __sta_info_get(sta); - read_unlock_bh(&local->sta_lock); - - return sta; + return __sta_info_find(local, addr); } EXPORT_SYMBOL(sta_info_get); @@ -91,81 +114,101 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, struct sta_info *sta; int i = 0; - read_lock_bh(&local->sta_lock); - list_for_each_entry(sta, &local->sta_list, list) { + list_for_each_entry_rcu(sta, &local->sta_list, list) { if (i < idx) { ++i; continue; - } else if (!dev || dev == sta->dev) { - __sta_info_get(sta); - read_unlock_bh(&local->sta_lock); + } else if (!dev || dev == sta->sdata->dev) { return sta; } } - read_unlock_bh(&local->sta_lock); return NULL; } -static void sta_info_release(struct kref *kref) +void sta_info_destroy(struct sta_info *sta) { - struct sta_info *sta = container_of(kref, struct sta_info, kref); struct ieee80211_local *local = sta->local; struct sk_buff *skb; int i; - /* free sta structure; it has already been removed from - * hash table etc. external structures. Make sure that all - * buffered frames are release (one might have been added - * after sta_info_free() was called). */ + ASSERT_RTNL(); + might_sleep(); + + rate_control_remove_sta_debugfs(sta); + ieee80211_sta_debugfs_remove(sta); + +#ifdef CONFIG_MAC80211_MESH + if (ieee80211_vif_is_mesh(&sta->sdata->vif)) + mesh_plink_deactivate(sta); +#endif + + /* + * NOTE: This will call synchronize_rcu() internally to + * make sure no key references can be in use. We rely on + * that here for the mesh code! + */ + ieee80211_key_free(sta->key); + WARN_ON(sta->key); + +#ifdef CONFIG_MAC80211_MESH + if (ieee80211_vif_is_mesh(&sta->sdata->vif)) + del_timer_sync(&sta->plink_timer); +#endif + while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { local->total_ps_buffered--; dev_kfree_skb_any(skb); } - while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { + + while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) dev_kfree_skb_any(skb); - } + for (i = 0; i < STA_TID_NUM; i++) { del_timer_sync(&sta->ampdu_mlme.tid_rx[i].session_timer); del_timer_sync(&sta->ampdu_mlme.tid_tx[i].addba_resp_timer); } rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); rate_control_put(sta->rate_ctrl); + kfree(sta); } -void sta_info_put(struct sta_info *sta) +/* Caller must hold local->sta_lock */ +static void sta_info_hash_add(struct ieee80211_local *local, + struct sta_info *sta) { - kref_put(&sta->kref, sta_info_release); + sta->hnext = local->sta_hash[STA_HASH(sta->addr)]; + rcu_assign_pointer(local->sta_hash[STA_HASH(sta->addr)], sta); } -EXPORT_SYMBOL(sta_info_put); - -struct sta_info *sta_info_add(struct ieee80211_local *local, - struct net_device *dev, u8 *addr, gfp_t gfp) +struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, + u8 *addr) { + struct ieee80211_local *local = sdata->local; struct sta_info *sta; int i; DECLARE_MAC_BUF(mac); + unsigned long flags; - sta = kzalloc(sizeof(*sta), gfp); + sta = kzalloc(sizeof(*sta), GFP_ATOMIC); if (!sta) return ERR_PTR(-ENOMEM); - kref_init(&sta->kref); + memcpy(sta->addr, addr, ETH_ALEN); + sta->local = local; + sta->sdata = sdata; sta->rate_ctrl = rate_control_get(local->rate_ctrl); - sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, gfp); + sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, + GFP_ATOMIC); if (!sta->rate_ctrl_priv) { rate_control_put(sta->rate_ctrl); kfree(sta); return ERR_PTR(-ENOMEM); } - memcpy(sta->addr, addr, ETH_ALEN); - sta->local = local; - sta->dev = dev; spin_lock_init(&sta->ampdu_mlme.ampdu_rx); spin_lock_init(&sta->ampdu_mlme.ampdu_tx); for (i = 0; i < STA_TID_NUM; i++) { @@ -190,29 +233,26 @@ struct sta_info *sta_info_add(struct ieee80211_local *local, } skb_queue_head_init(&sta->ps_tx_buf); skb_queue_head_init(&sta->tx_filtered); - write_lock_bh(&local->sta_lock); - /* mark sta as used (by caller) */ - __sta_info_get(sta); + spin_lock_irqsave(&local->sta_lock, flags); /* check if STA exists already */ if (__sta_info_find(local, addr)) { - write_unlock_bh(&local->sta_lock); - sta_info_put(sta); + spin_unlock_irqrestore(&local->sta_lock, flags); return ERR_PTR(-EEXIST); } list_add(&sta->list, &local->sta_list); local->num_sta++; sta_info_hash_add(local, sta); - if (local->ops->sta_notify) { - struct ieee80211_sub_if_data *sdata; - sdata = IEEE80211_DEV_TO_SUB_IF(dev); + /* notify driver */ + if (local->ops->sta_notify) { if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) sdata = sdata->u.vlan.ap; local->ops->sta_notify(local_to_hw(local), &sdata->vif, STA_NOTIFY_ADD, addr); } - write_unlock_bh(&local->sta_lock); + + spin_unlock_irqrestore(&local->sta_lock, flags); #ifdef CONFIG_MAC80211_VERBOSE_DEBUG printk(KERN_DEBUG "%s: Added STA %s\n", @@ -252,19 +292,20 @@ static void __sta_info_set_tim_bit(struct ieee80211_if_ap *bss, { if (bss) __bss_tim_set(bss, sta->aid); - if (sta->local->ops->set_tim) + if (sta->local->ops->set_tim) { + sta->local->tim_in_locked_section = true; sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 1); + sta->local->tim_in_locked_section = false; + } } void sta_info_set_tim_bit(struct sta_info *sta) { - struct ieee80211_sub_if_data *sdata; - - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + unsigned long flags; - read_lock_bh(&sta->local->sta_lock); - __sta_info_set_tim_bit(sdata->bss, sta); - read_unlock_bh(&sta->local->sta_lock); + spin_lock_irqsave(&sta->local->sta_lock, flags); + __sta_info_set_tim_bit(sta->sdata->bss, sta); + spin_unlock_irqrestore(&sta->local->sta_lock, flags); } static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, @@ -272,93 +313,135 @@ static void __sta_info_clear_tim_bit(struct ieee80211_if_ap *bss, { if (bss) __bss_tim_clear(bss, sta->aid); - if (sta->local->ops->set_tim) + if (sta->local->ops->set_tim) { + sta->local->tim_in_locked_section = true; sta->local->ops->set_tim(local_to_hw(sta->local), sta->aid, 0); + sta->local->tim_in_locked_section = false; + } } void sta_info_clear_tim_bit(struct sta_info *sta) { - struct ieee80211_sub_if_data *sdata; - - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + unsigned long flags; - read_lock_bh(&sta->local->sta_lock); - __sta_info_clear_tim_bit(sdata->bss, sta); - read_unlock_bh(&sta->local->sta_lock); + spin_lock_irqsave(&sta->local->sta_lock, flags); + __sta_info_clear_tim_bit(sta->sdata->bss, sta); + spin_unlock_irqrestore(&sta->local->sta_lock, flags); } -/* Caller must hold local->sta_lock */ -void sta_info_remove(struct sta_info *sta) +/* + * See comment in __sta_info_unlink, + * caller must hold local->sta_lock. + */ +static void __sta_info_pin(struct sta_info *sta) { - struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata; + WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); + sta->pin_status = STA_INFO_PIN_STAT_PINNED; +} - /* don't do anything if we've been removed already */ - if (sta_info_hash_del(local, sta)) - return; +/* + * See comment in __sta_info_unlink, returns sta if it + * needs to be destroyed. + */ +static struct sta_info *__sta_info_unpin(struct sta_info *sta) +{ + struct sta_info *ret = NULL; + unsigned long flags; - list_del(&sta->list); - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); - if (sta->flags & WLAN_STA_PS) { - sta->flags &= ~WLAN_STA_PS; - if (sdata->bss) - atomic_dec(&sdata->bss->num_sta_ps); - __sta_info_clear_tim_bit(sdata->bss, sta); - } - local->num_sta--; + spin_lock_irqsave(&sta->local->sta_lock, flags); + WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && + sta->pin_status != STA_INFO_PIN_STAT_PINNED); + if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) + ret = sta; + sta->pin_status = STA_INFO_PIN_STAT_NORMAL; + spin_unlock_irqrestore(&sta->local->sta_lock, flags); - if (ieee80211_vif_is_mesh(&sdata->vif)) - mesh_accept_plinks_update(sdata->dev); + return ret; } -void sta_info_free(struct sta_info *sta) +static void __sta_info_unlink(struct sta_info **sta) { - struct sk_buff *skb; - struct ieee80211_local *local = sta->local; - struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); - - DECLARE_MAC_BUF(mac); - - might_sleep(); + struct ieee80211_local *local = (*sta)->local; + struct ieee80211_sub_if_data *sdata = (*sta)->sdata; +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + DECLARE_MAC_BUF(mbuf); +#endif + /* + * pull caller's reference if we're already gone. + */ + if (sta_info_hash_del(local, *sta)) { + *sta = NULL; + return; + } - write_lock_bh(&local->sta_lock); - sta_info_remove(sta); - write_unlock_bh(&local->sta_lock); + /* + * Also pull caller's reference if the STA is pinned by the + * task that is adding the debugfs entries. In that case, we + * leave the STA "to be freed". + * + * The rules are not trivial, but not too complex either: + * (1) pin_status is only modified under the sta_lock + * (2) sta_info_debugfs_add_work() will set the status + * to PINNED when it found an item that needs a new + * debugfs directory created. In that case, that item + * must not be freed although all *RCU* users are done + * with it. Hence, we tell the caller of _unlink() + * that the item is already gone (as can happen when + * two tasks try to unlink/destroy at the same time) + * (3) We set the pin_status to DESTROY here when we + * find such an item. + * (4) sta_info_debugfs_add_work() will reset the pin_status + * from PINNED to NORMAL when it is done with the item, + * but will check for DESTROY before resetting it in + * which case it will free the item. + */ + if ((*sta)->pin_status == STA_INFO_PIN_STAT_PINNED) { + (*sta)->pin_status = STA_INFO_PIN_STAT_DESTROY; + *sta = NULL; + return; + } - if (ieee80211_vif_is_mesh(&sdata->vif)) - mesh_plink_deactivate(sta); + list_del(&(*sta)->list); - while ((skb = skb_dequeue(&sta->ps_tx_buf)) != NULL) { - local->total_ps_buffered--; - dev_kfree_skb(skb); - } - while ((skb = skb_dequeue(&sta->tx_filtered)) != NULL) { - dev_kfree_skb(skb); + if ((*sta)->flags & WLAN_STA_PS) { + (*sta)->flags &= ~WLAN_STA_PS; + if (sdata->bss) + atomic_dec(&sdata->bss->num_sta_ps); + __sta_info_clear_tim_bit(sdata->bss, *sta); } -#ifdef CONFIG_MAC80211_VERBOSE_DEBUG - printk(KERN_DEBUG "%s: Removed STA %s\n", - wiphy_name(local->hw.wiphy), print_mac(mac, sta->addr)); -#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ - - ieee80211_key_free(sta->key); - WARN_ON(sta->key); + local->num_sta--; if (local->ops->sta_notify) { - if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) sdata = sdata->u.vlan.ap; local->ops->sta_notify(local_to_hw(local), &sdata->vif, - STA_NOTIFY_REMOVE, sta->addr); + STA_NOTIFY_REMOVE, (*sta)->addr); } - rate_control_remove_sta_debugfs(sta); - ieee80211_sta_debugfs_remove(sta); + if (ieee80211_vif_is_mesh(&sdata->vif)) { + mesh_accept_plinks_update(sdata); +#ifdef CONFIG_MAC80211_MESH + del_timer(&(*sta)->plink_timer); +#endif + } - sta_info_put(sta); +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + printk(KERN_DEBUG "%s: Removed STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mbuf, (*sta)->addr)); +#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ } +void sta_info_unlink(struct sta_info **sta) +{ + struct ieee80211_local *local = (*sta)->local; + unsigned long flags; + + spin_lock_irqsave(&local->sta_lock, flags); + __sta_info_unlink(sta); + spin_unlock_irqrestore(&local->sta_lock, flags); +} static inline int sta_info_buffer_expired(struct ieee80211_local *local, struct sta_info *sta, @@ -404,7 +487,7 @@ static void sta_info_cleanup_expire_buffered(struct ieee80211_local *local, if (!skb) break; - sdata = IEEE80211_DEV_TO_SUB_IF(sta->dev); + sdata = sta->sdata; local->total_ps_buffered--; printk(KERN_DEBUG "Buffered frame expired (STA " "%s)\n", print_mac(mac, sta->addr)); @@ -421,13 +504,10 @@ static void sta_info_cleanup(unsigned long data) struct ieee80211_local *local = (struct ieee80211_local *) data; struct sta_info *sta; - read_lock_bh(&local->sta_lock); - list_for_each_entry(sta, &local->sta_list, list) { - __sta_info_get(sta); + rcu_read_lock(); + list_for_each_entry_rcu(sta, &local->sta_list, list) sta_info_cleanup_expire_buffered(local, sta); - sta_info_put(sta); - } - read_unlock_bh(&local->sta_lock); + rcu_read_unlock(); local->sta_cleanup.expires = round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); @@ -435,37 +515,45 @@ static void sta_info_cleanup(unsigned long data) } #ifdef CONFIG_MAC80211_DEBUGFS -static void sta_info_debugfs_add_task(struct work_struct *work) +static void sta_info_debugfs_add_work(struct work_struct *work) { struct ieee80211_local *local = container_of(work, struct ieee80211_local, sta_debugfs_add); struct sta_info *sta, *tmp; + unsigned long flags; while (1) { sta = NULL; - read_lock_bh(&local->sta_lock); + + spin_lock_irqsave(&local->sta_lock, flags); list_for_each_entry(tmp, &local->sta_list, list) { if (!tmp->debugfs.dir) { sta = tmp; - __sta_info_get(sta); + __sta_info_pin(sta); break; } } - read_unlock_bh(&local->sta_lock); + spin_unlock_irqrestore(&local->sta_lock, flags); if (!sta) break; ieee80211_sta_debugfs_add(sta); rate_control_add_sta_debugfs(sta); - sta_info_put(sta); + + sta = __sta_info_unpin(sta); + + if (sta) { + synchronize_rcu(); + sta_info_destroy(sta); + } } } #endif void sta_info_init(struct ieee80211_local *local) { - rwlock_init(&local->sta_lock); + spin_lock_init(&local->sta_lock); INIT_LIST_HEAD(&local->sta_list); setup_timer(&local->sta_cleanup, sta_info_cleanup, @@ -474,7 +562,7 @@ void sta_info_init(struct ieee80211_local *local) round_jiffies(jiffies + STA_INFO_CLEANUP_INTERVAL); #ifdef CONFIG_MAC80211_DEBUGFS - INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_task); + INIT_WORK(&local->sta_debugfs_add, sta_info_debugfs_add_work); #endif } @@ -493,24 +581,29 @@ void sta_info_stop(struct ieee80211_local *local) /** * sta_info_flush - flush matching STA entries from the STA table * @local: local interface data - * @dev: matching rule for the net device (sta->dev) or %NULL to match all STAs + * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs */ -void sta_info_flush(struct ieee80211_local *local, struct net_device *dev) +void sta_info_flush(struct ieee80211_local *local, + struct ieee80211_sub_if_data *sdata) { struct sta_info *sta, *tmp; LIST_HEAD(tmp_list); + unsigned long flags; - write_lock_bh(&local->sta_lock); - list_for_each_entry_safe(sta, tmp, &local->sta_list, list) - if (!dev || dev == sta->dev) { - __sta_info_get(sta); - sta_info_remove(sta); - list_add_tail(&sta->list, &tmp_list); - } - write_unlock_bh(&local->sta_lock); + might_sleep(); - list_for_each_entry_safe(sta, tmp, &tmp_list, list) { - sta_info_free(sta); - sta_info_put(sta); + spin_lock_irqsave(&local->sta_lock, flags); + list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { + if (!sdata || sdata == sta->sdata) { + __sta_info_unlink(&sta); + if (sta) + list_add_tail(&sta->list, &tmp_list); + } } + spin_unlock_irqrestore(&local->sta_lock, flags); + + synchronize_rcu(); + + list_for_each_entry_safe(sta, tmp, &tmp_list, list) + sta_info_destroy(sta); } -- cgit v1.2.3 From 73651ee6396c499ccb59ebc84c9274db01ed026d Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 25 Feb 2008 16:27:47 +0100 Subject: mac80211: split sta_info_add sta_info_add() has two functions: allocating a station info structure and inserting it into the hash table/list. Splitting these two functions allows allocating with GFP_KERNEL in many places instead of GFP_ATOMIC which is now required by the RCU protection. Additionally, in many places RCU protection is now no longer needed at all because between sta_info_alloc() and sta_info_insert() the caller owns the structure. This fixes a few race conditions with setting initial flags and similar, but not all (see comments in ieee80211_sta.c and cfg.c). More documentation on the existing races will be in a follow-up patch. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 72 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 50 insertions(+), 22 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index ee5b66abc0f..a230a959739 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -31,12 +31,13 @@ * for faster lookup and a list for iteration. They are managed using * RCU, i.e. access to the list and hash table is protected by RCU. * - * STA info structures are always "alive" when they are added with - * @sta_info_add() [this may be changed in the future to allow allocating - * outside of a critical section!], they are then added to the hash - * table and list. Therefore, @sta_info_add() must also be RCU protected, - * also, the caller of @sta_info_add() cannot assume that it owns the - * structure. + * Upon allocating a STA info structure with @sta_info_alloc() or + * mesh_plink_alloc(), the caller owns that structure. It must then either + * destroy it using @sta_info_destroy() (which is pretty useless) or insert + * it into the hash table using @sta_info_insert() which demotes the reference + * from ownership to a regular RCU-protected reference; if the function + * is called without protection by an RCU critical section the reference + * is instantly invalidated. * * Because there are debugfs entries for each station, and adding those * must be able to sleep, it is also possible to "pin" a station entry, @@ -131,6 +132,10 @@ void sta_info_destroy(struct sta_info *sta) struct ieee80211_local *local = sta->local; struct sk_buff *skb; int i; + DECLARE_MAC_BUF(mbuf); + + if (!sta) + return; ASSERT_RTNL(); might_sleep(); @@ -171,6 +176,11 @@ void sta_info_destroy(struct sta_info *sta) rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); rate_control_put(sta->rate_ctrl); +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + printk(KERN_DEBUG "%s: Destroyed STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); +#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ + kfree(sta); } @@ -183,18 +193,17 @@ static void sta_info_hash_add(struct ieee80211_local *local, rcu_assign_pointer(local->sta_hash[STA_HASH(sta->addr)], sta); } -struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, - u8 *addr) +struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, + u8 *addr, gfp_t gfp) { struct ieee80211_local *local = sdata->local; struct sta_info *sta; int i; - DECLARE_MAC_BUF(mac); - unsigned long flags; + DECLARE_MAC_BUF(mbuf); - sta = kzalloc(sizeof(*sta), GFP_ATOMIC); + sta = kzalloc(sizeof(*sta), gfp); if (!sta) - return ERR_PTR(-ENOMEM); + return NULL; memcpy(sta->addr, addr, ETH_ALEN); sta->local = local; @@ -202,11 +211,11 @@ struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, sta->rate_ctrl = rate_control_get(local->rate_ctrl); sta->rate_ctrl_priv = rate_control_alloc_sta(sta->rate_ctrl, - GFP_ATOMIC); + gfp); if (!sta->rate_ctrl_priv) { rate_control_put(sta->rate_ctrl); kfree(sta); - return ERR_PTR(-ENOMEM); + return NULL; } spin_lock_init(&sta->ampdu_mlme.ampdu_rx); @@ -233,11 +242,27 @@ struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, } skb_queue_head_init(&sta->ps_tx_buf); skb_queue_head_init(&sta->tx_filtered); + +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + printk(KERN_DEBUG "%s: Allocated STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); +#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ + + return sta; +} + +int sta_info_insert(struct sta_info *sta) +{ + struct ieee80211_local *local = sta->local; + struct ieee80211_sub_if_data *sdata = sta->sdata; + unsigned long flags; + DECLARE_MAC_BUF(mac); + spin_lock_irqsave(&local->sta_lock, flags); /* check if STA exists already */ - if (__sta_info_find(local, addr)) { + if (__sta_info_find(local, sta->addr)) { spin_unlock_irqrestore(&local->sta_lock, flags); - return ERR_PTR(-EEXIST); + return -EEXIST; } list_add(&sta->list, &local->sta_list); local->num_sta++; @@ -249,16 +274,16 @@ struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, sdata = sdata->u.vlan.ap; local->ops->sta_notify(local_to_hw(local), &sdata->vif, - STA_NOTIFY_ADD, addr); + STA_NOTIFY_ADD, sta->addr); } - spin_unlock_irqrestore(&local->sta_lock, flags); - #ifdef CONFIG_MAC80211_VERBOSE_DEBUG - printk(KERN_DEBUG "%s: Added STA %s\n", - wiphy_name(local->hw.wiphy), print_mac(mac, addr)); + printk(KERN_DEBUG "%s: Inserted STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mac, sta->addr)); #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ + spin_unlock_irqrestore(&local->sta_lock, flags); + #ifdef CONFIG_MAC80211_DEBUGFS /* debugfs entry adding might sleep, so schedule process * context task for adding entry for STAs that do not yet @@ -266,7 +291,10 @@ struct sta_info *sta_info_add(struct ieee80211_sub_if_data *sdata, queue_work(local->hw.workqueue, &local->sta_debugfs_add); #endif - return sta; + if (ieee80211_vif_is_mesh(&sdata->vif)) + mesh_accept_plinks_update(sdata); + + return 0; } static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) -- cgit v1.2.3 From 44213b5e13c907bf4aa2e73941944f90184c8772 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 25 Feb 2008 16:27:49 +0100 Subject: mac80211: remove STA entries when taking down interface When we take down an interface, we need to remove the STA info items that belong to it because otherwise we might invoke a sta_notify() callback in the driver when we later delete the STA entries, but in that case the driver will already have removed its knowledge of the interface they belonged to leading to confusion. Also, we could invoke the set_tim() callback after the driver removed its knowledge of the interface, which can lead to a crash if it requests a beacon with a then-invalid vif pointer! A side effect of this patch is that, because it was easier, it disallows changing the WDS peer while an interface is up. Should that actually be necessary, it can be added back, but the WDS peer STA entry may not be added while the interface is UP so for now I've simplified the WDS peer's STA entry lifetime management. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index a230a959739..a767042ec4f 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -258,6 +258,8 @@ int sta_info_insert(struct sta_info *sta) unsigned long flags; DECLARE_MAC_BUF(mac); + WARN_ON(!netif_running(sdata->dev)); + spin_lock_irqsave(&local->sta_lock, flags); /* check if STA exists already */ if (__sta_info_find(local, sta->addr)) { @@ -608,14 +610,18 @@ void sta_info_stop(struct ieee80211_local *local) /** * sta_info_flush - flush matching STA entries from the STA table + * + * Returns the number of removed STA entries. + * * @local: local interface data * @sdata: matching rule for the net device (sta->dev) or %NULL to match all STAs */ -void sta_info_flush(struct ieee80211_local *local, +int sta_info_flush(struct ieee80211_local *local, struct ieee80211_sub_if_data *sdata) { struct sta_info *sta, *tmp; LIST_HEAD(tmp_list); + int ret = 0; unsigned long flags; might_sleep(); @@ -624,8 +630,10 @@ void sta_info_flush(struct ieee80211_local *local, list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { if (!sdata || sdata == sta->sdata) { __sta_info_unlink(&sta); - if (sta) + if (sta) { list_add_tail(&sta->list, &tmp_list); + ret++; + } } } spin_unlock_irqrestore(&local->sta_lock, flags); @@ -634,4 +642,6 @@ void sta_info_flush(struct ieee80211_local *local, list_for_each_entry_safe(sta, tmp, &tmp_list, list) sta_info_destroy(sta); + + return ret; } -- cgit v1.2.3 From dbbea6713d6096cd1c411cb453a6b71292c78b33 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 26 Feb 2008 14:34:06 +0100 Subject: mac80211: add documentation book Quite a while ago I started this book. The required kernel-doc patches have since gone into the tree so it is now possible to build the book in mainline. The actual documentation is still rather incomplete and not all things are linked into the book, but this enables us to edit the documentation collaboratively, hopefully driver authors can add documentation based on their experience with mac80211. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index a767042ec4f..42414b44159 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -31,10 +31,10 @@ * for faster lookup and a list for iteration. They are managed using * RCU, i.e. access to the list and hash table is protected by RCU. * - * Upon allocating a STA info structure with @sta_info_alloc() or + * Upon allocating a STA info structure with sta_info_alloc() or * mesh_plink_alloc(), the caller owns that structure. It must then either - * destroy it using @sta_info_destroy() (which is pretty useless) or insert - * it into the hash table using @sta_info_insert() which demotes the reference + * destroy it using sta_info_destroy() (which is pretty useless) or insert + * it into the hash table using sta_info_insert() which demotes the reference * from ownership to a regular RCU-protected reference; if the function * is called without protection by an RCU critical section the reference * is instantly invalidated. @@ -42,19 +42,19 @@ * Because there are debugfs entries for each station, and adding those * must be able to sleep, it is also possible to "pin" a station entry, * that means it can be removed from the hash table but not be freed. - * See the comment in @__sta_info_unlink() for more information. + * See the comment in __sta_info_unlink() for more information. * * In order to remove a STA info structure, the caller needs to first - * unlink it (@sta_info_unlink()) from the list and hash tables and + * unlink it (sta_info_unlink()) from the list and hash tables and * then wait for an RCU synchronisation before it can be freed. Due to * the pinning and the possibility of multiple callers trying to remove - * the same STA info at the same time, @sta_info_unlink() can clear the + * the same STA info at the same time, sta_info_unlink() can clear the * STA info pointer it is passed to indicate that the STA info is owned * by somebody else now. * - * If @sta_info_unlink() did not clear the pointer then the caller owns + * If sta_info_unlink() did not clear the pointer then the caller owns * the STA info structure now and is responsible of destroying it with - * a call to @sta_info_destroy(), not before RCU synchronisation, of + * a call to sta_info_destroy(), not before RCU synchronisation, of * course. Note that sta_info_destroy() must be protected by the RTNL. * * In all other cases, there is no concept of ownership on a STA entry, -- cgit v1.2.3 From 03e4497ebeaa8011eb0ab0a54496ed6413b9d1a4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Wed, 27 Feb 2008 09:56:40 +0100 Subject: mac80211: fix sta_info mesh timer bug I noticed a bug I introduced when mesh is enabled: sta_info_destroy() will end up calling cancel_timer() on a timer that has never been initialized because the timer is only initialized in mesh_plink_alloc(), not in sta_info_alloc(). This patch moves the initialization of all mesh related fields into sta_info_alloc(), adds a bit of sanity checking to the cfg80211 handlers and sta_info_insert() and makes mesh_plink_alloc() a static helper function that is only used from the mesh plink code. Signed-off-by: Johannes Berg Cc: Luis Carlos Cobo Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 33 +++++++++++++++++++++++++-------- 1 file changed, 25 insertions(+), 8 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 42414b44159..909fa38edb6 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -31,13 +31,12 @@ * for faster lookup and a list for iteration. They are managed using * RCU, i.e. access to the list and hash table is protected by RCU. * - * Upon allocating a STA info structure with sta_info_alloc() or - * mesh_plink_alloc(), the caller owns that structure. It must then either - * destroy it using sta_info_destroy() (which is pretty useless) or insert - * it into the hash table using sta_info_insert() which demotes the reference - * from ownership to a regular RCU-protected reference; if the function - * is called without protection by an RCU critical section the reference - * is instantly invalidated. + * Upon allocating a STA info structure with sta_info_alloc(), the caller owns + * that structure. It must then either destroy it using sta_info_destroy() + * (which is pretty useless) or insert it into the hash table using + * sta_info_insert() which demotes the reference from ownership to a regular + * RCU-protected reference; if the function is called without protection by an + * RCU critical section the reference is instantly invalidated. * * Because there are debugfs entries for each station, and adding those * must be able to sleep, it is also possible to "pin" a station entry, @@ -248,6 +247,12 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ +#ifdef CONFIG_MAC80211_MESH + sta->plink_state = LISTEN; + spin_lock_init(&sta->plink_lock); + init_timer(&sta->plink_timer); +#endif + return sta; } @@ -258,7 +263,19 @@ int sta_info_insert(struct sta_info *sta) unsigned long flags; DECLARE_MAC_BUF(mac); - WARN_ON(!netif_running(sdata->dev)); + /* + * Can't be a WARN_ON because it can be triggered through a race: + * something inserts a STA (on one CPU) without holding the RTNL + * and another CPU turns off the net device. + */ + if (unlikely(!netif_running(sdata->dev))) + return -ENETDOWN; + + if (WARN_ON(compare_ether_addr(sta->addr, sdata->dev->dev_addr) == 0)) + return -EINVAL; + + if (WARN_ON(is_multicast_ether_addr(sta->addr))) + return -EINVAL; spin_lock_irqsave(&local->sta_lock, flags); /* check if STA exists already */ -- cgit v1.2.3 From b4e08ea141e6d663dec31b31d6289baeaaa2a3a2 Mon Sep 17 00:00:00 2001 From: Luis Carlos Cobo Date: Fri, 29 Feb 2008 15:46:08 -0800 Subject: mac80211: add PLINK_ prefix and kernel doc to enum plink_state Signed-off-by: Luis Carlos Cobo Acked-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 909fa38edb6..e27f896dae5 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -248,7 +248,7 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, #endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ #ifdef CONFIG_MAC80211_MESH - sta->plink_state = LISTEN; + sta->plink_state = PLINK_LISTEN; spin_lock_init(&sta->plink_lock); init_timer(&sta->plink_timer); #endif -- cgit v1.2.3 From 2a8ca29a88e3858685c463ffd19e11c20d14c73a Mon Sep 17 00:00:00 2001 From: Luis Carlos Cobo Date: Fri, 29 Feb 2008 17:51:25 -0800 Subject: mac80211: fix mesh_path and sta_info get_by_idx functions Skip properly entries whose dev does not match. Signed-off-by: Luis Carlos Cobo Acked-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index e27f896dae5..3b84c16cf05 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -115,12 +115,13 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, int i = 0; list_for_each_entry_rcu(sta, &local->sta_list, list) { + if (dev && dev != sta->sdata->dev) + continue; if (i < idx) { ++i; continue; - } else if (!dev || dev == sta->sdata->dev) { - return sta; } + return sta; } return NULL; -- cgit v1.2.3 From cee24a3e580f1062c8bb8b1692b95014d882bc7d Mon Sep 17 00:00:00 2001 From: Ron Rindjunsky Date: Wed, 26 Mar 2008 20:36:03 +0200 Subject: mac80211: A-MPDU MLME use dynamic allocation This patch alters the A-MPDU MLME in sta_info to use dynamic allocation, thus drastically improving memory usage - from a constant ~2 Kbyte in the previous (static) allocation to a lower limit of ~200 Byte and an upper limit of ~2 Kbyte. Signed-off-by: Ron Rindjunsky Signed-off-by: Tomas Winkler Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 3b84c16cf05..f708367092d 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -170,9 +170,16 @@ void sta_info_destroy(struct sta_info *sta) dev_kfree_skb_any(skb); for (i = 0; i < STA_TID_NUM; i++) { - del_timer_sync(&sta->ampdu_mlme.tid_rx[i].session_timer); - del_timer_sync(&sta->ampdu_mlme.tid_tx[i].addba_resp_timer); + spin_lock_bh(&sta->ampdu_mlme.ampdu_rx); + if (sta->ampdu_mlme.tid_rx[i]) + del_timer_sync(&sta->ampdu_mlme.tid_rx[i]->session_timer); + spin_unlock_bh(&sta->ampdu_mlme.ampdu_rx); + spin_lock_bh(&sta->ampdu_mlme.ampdu_tx); + if (sta->ampdu_mlme.tid_tx[i]) + del_timer_sync(&sta->ampdu_mlme.tid_tx[i]->addba_resp_timer); + spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); } + rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); rate_control_put(sta->rate_ctrl); @@ -227,18 +234,13 @@ struct sta_info *sta_info_alloc(struct ieee80211_sub_if_data *sdata, sta->timer_to_tid[i] = i; /* tid to tx queue: initialize according to HW (0 is valid) */ sta->tid_to_tx_q[i] = local->hw.queues; - /* rx timers */ - sta->ampdu_mlme.tid_rx[i].session_timer.function = - sta_rx_agg_session_timer_expired; - sta->ampdu_mlme.tid_rx[i].session_timer.data = - (unsigned long)&sta->timer_to_tid[i]; - init_timer(&sta->ampdu_mlme.tid_rx[i].session_timer); - /* tx timers */ - sta->ampdu_mlme.tid_tx[i].addba_resp_timer.function = - sta_addba_resp_timer_expired; - sta->ampdu_mlme.tid_tx[i].addba_resp_timer.data = - (unsigned long)&sta->timer_to_tid[i]; - init_timer(&sta->ampdu_mlme.tid_tx[i].addba_resp_timer); + /* rx */ + sta->ampdu_mlme.tid_state_rx[i] = HT_AGG_STATE_IDLE; + sta->ampdu_mlme.tid_rx[i] = NULL; + /* tx */ + sta->ampdu_mlme.tid_state_tx[i] = HT_AGG_STATE_IDLE; + sta->ampdu_mlme.tid_tx[i] = NULL; + sta->ampdu_mlme.addba_req_num[i] = 0; } skb_queue_head_init(&sta->ps_tx_buf); skb_queue_head_init(&sta->tx_filtered); -- cgit v1.2.3 From 97bff8ecf4e4e26749a67dcfbb7565d8a0f4acb4 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 31 Mar 2008 19:23:00 +0200 Subject: mac80211: fix sta_info_destroy(NULL) sta_info_destroy(NULL) should be valid, but currently isn't because the argument is dereferenced before the NULL check. There are no users that currently pass in NULL, i.e. all check before calling the function, but I want to change that. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index f708367092d..2a5a2f067ba 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -129,16 +129,18 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, void sta_info_destroy(struct sta_info *sta) { - struct ieee80211_local *local = sta->local; + struct ieee80211_local *local; struct sk_buff *skb; int i; DECLARE_MAC_BUF(mbuf); + ASSERT_RTNL(); + might_sleep(); + if (!sta) return; - ASSERT_RTNL(); - might_sleep(); + local = sta->local; rate_control_remove_sta_debugfs(sta); ieee80211_sta_debugfs_remove(sta); -- cgit v1.2.3 From 93e5deb1ae39b56f4743955e76c72251256f23c1 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 1 Apr 2008 15:21:00 +0200 Subject: mac80211: automatically free sta struct when insertion fails When STA structure insertion fails, it has been allocated but isn't really alive yet, it isn't reachable by any other code and also can't yet have much configured. This patch changes the code so that when the insertion fails, the resulting STA pointer is no longer valid because it is freed. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 80 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 57 insertions(+), 23 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 2a5a2f067ba..5497ca1843f 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -36,16 +36,23 @@ * (which is pretty useless) or insert it into the hash table using * sta_info_insert() which demotes the reference from ownership to a regular * RCU-protected reference; if the function is called without protection by an - * RCU critical section the reference is instantly invalidated. + * RCU critical section the reference is instantly invalidated. Note that the + * caller may not do much with the STA info before inserting it, in particular, + * it may not start any mesh peer link management or add encryption keys. + * + * When the insertion fails (sta_info_insert()) returns non-zero), the + * structure will have been freed by sta_info_insert()! * * Because there are debugfs entries for each station, and adding those * must be able to sleep, it is also possible to "pin" a station entry, * that means it can be removed from the hash table but not be freed. - * See the comment in __sta_info_unlink() for more information. + * See the comment in __sta_info_unlink() for more information, this is + * an internal capability only. * * In order to remove a STA info structure, the caller needs to first * unlink it (sta_info_unlink()) from the list and hash tables and - * then wait for an RCU synchronisation before it can be freed. Due to + * then destroy it while holding the RTNL; sta_info_destroy() will wait + * for an RCU grace period to elapse before actually freeing it. Due to * the pinning and the possibility of multiple callers trying to remove * the same STA info at the same time, sta_info_unlink() can clear the * STA info pointer it is passed to indicate that the STA info is owned @@ -127,12 +134,35 @@ struct sta_info *sta_info_get_by_idx(struct ieee80211_local *local, int idx, return NULL; } +/** + * __sta_info_free - internal STA free helper + * + * @sta: STA info to free + * + * This function must undo everything done by sta_info_alloc() + * that may happen before sta_info_insert(). + */ +static void __sta_info_free(struct ieee80211_local *local, + struct sta_info *sta) +{ + DECLARE_MAC_BUF(mbuf); + + rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); + rate_control_put(sta->rate_ctrl); + +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + printk(KERN_DEBUG "%s: Destroyed STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); +#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ + + kfree(sta); +} + void sta_info_destroy(struct sta_info *sta) { struct ieee80211_local *local; struct sk_buff *skb; int i; - DECLARE_MAC_BUF(mbuf); ASSERT_RTNL(); might_sleep(); @@ -182,15 +212,7 @@ void sta_info_destroy(struct sta_info *sta) spin_unlock_bh(&sta->ampdu_mlme.ampdu_tx); } - rate_control_free_sta(sta->rate_ctrl, sta->rate_ctrl_priv); - rate_control_put(sta->rate_ctrl); - -#ifdef CONFIG_MAC80211_VERBOSE_DEBUG - printk(KERN_DEBUG "%s: Destroyed STA %s\n", - wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr)); -#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ - - kfree(sta); + __sta_info_free(local, sta); } @@ -266,6 +288,7 @@ int sta_info_insert(struct sta_info *sta) struct ieee80211_local *local = sta->local; struct ieee80211_sub_if_data *sdata = sta->sdata; unsigned long flags; + int err = 0; DECLARE_MAC_BUF(mac); /* @@ -273,20 +296,23 @@ int sta_info_insert(struct sta_info *sta) * something inserts a STA (on one CPU) without holding the RTNL * and another CPU turns off the net device. */ - if (unlikely(!netif_running(sdata->dev))) - return -ENETDOWN; - - if (WARN_ON(compare_ether_addr(sta->addr, sdata->dev->dev_addr) == 0)) - return -EINVAL; + if (unlikely(!netif_running(sdata->dev))) { + err = -ENETDOWN; + goto out_free; + } - if (WARN_ON(is_multicast_ether_addr(sta->addr))) - return -EINVAL; + if (WARN_ON(compare_ether_addr(sta->addr, sdata->dev->dev_addr) == 0 || + is_multicast_ether_addr(sta->addr))) { + err = -EINVAL; + goto out_free; + } spin_lock_irqsave(&local->sta_lock, flags); /* check if STA exists already */ if (__sta_info_find(local, sta->addr)) { spin_unlock_irqrestore(&local->sta_lock, flags); - return -EEXIST; + err = -EEXIST; + goto out_free; } list_add(&sta->list, &local->sta_list); local->num_sta++; @@ -309,9 +335,13 @@ int sta_info_insert(struct sta_info *sta) spin_unlock_irqrestore(&local->sta_lock, flags); #ifdef CONFIG_MAC80211_DEBUGFS - /* debugfs entry adding might sleep, so schedule process + /* + * Debugfs entry adding might sleep, so schedule process * context task for adding entry for STAs that do not yet - * have one. */ + * have one. + * NOTE: due to auto-freeing semantics this may only be done + * if the insertion is successful! + */ queue_work(local->hw.workqueue, &local->sta_debugfs_add); #endif @@ -319,6 +349,10 @@ int sta_info_insert(struct sta_info *sta) mesh_accept_plinks_update(sdata); return 0; + out_free: + BUG_ON(!err); + __sta_info_free(local, sta); + return err; } static inline void __bss_tim_set(struct ieee80211_if_ap *bss, u16 aid) -- cgit v1.2.3 From 4f6fab472c4c7c21d577f85fabec7628d4a05637 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 31 Mar 2008 19:23:02 +0200 Subject: mac80211: clean up sta_info_destroy() users wrt. RCU/locking Calling sta_info_destroy() doesn't require RCU-synchronisation before-hand because it does that internally. However, it does require rtnl-locking so insert that where necessary. Also clean up the code doing it internally to be a bit clearer and not synchronize twice if keys are configured. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 5497ca1843f..dfca96e05d6 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -180,13 +180,22 @@ void sta_info_destroy(struct sta_info *sta) mesh_plink_deactivate(sta); #endif - /* - * NOTE: This will call synchronize_rcu() internally to - * make sure no key references can be in use. We rely on - * that here for the mesh code! - */ - ieee80211_key_free(sta->key); - WARN_ON(sta->key); + if (sta->key) { + /* + * NOTE: This will call synchronize_rcu() internally to + * make sure no key references can be in use. We rely on + * that when we take this branch to make sure nobody can + * reference this STA struct any longer! + */ + ieee80211_key_free(sta->key); + WARN_ON(sta->key); + } else { + /* + * Make sure that nobody can reference this STA struct + * any longer. + */ + synchronize_rcu(); + } #ifdef CONFIG_MAC80211_MESH if (ieee80211_vif_is_mesh(&sta->sdata->vif)) @@ -628,11 +637,9 @@ static void sta_info_debugfs_add_work(struct work_struct *work) rate_control_add_sta_debugfs(sta); sta = __sta_info_unpin(sta); - - if (sta) { - synchronize_rcu(); - sta_info_destroy(sta); - } + rtnl_lock(); + sta_info_destroy(sta); + rtnl_unlock(); } } #endif @@ -694,8 +701,6 @@ int sta_info_flush(struct ieee80211_local *local, } spin_unlock_irqrestore(&local->sta_lock, flags); - synchronize_rcu(); - list_for_each_entry_safe(sta, tmp, &tmp_list, list) sta_info_destroy(sta); -- cgit v1.2.3 From dc6676b7f2c2072ec05254aaca32e99f87a8a417 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Mon, 31 Mar 2008 19:23:03 +0200 Subject: mac80211: sta_info_flush() fixes When the IBSS code tries to flush the STA list, it does so in an atomic context. Flushing isn't safe there, however, and requires the RTNL, so we need to defer it to a workqueue. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index dfca96e05d6..f5c65e89128 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -644,10 +644,41 @@ static void sta_info_debugfs_add_work(struct work_struct *work) } #endif +void __ieee80211_run_pending_flush(struct ieee80211_local *local) +{ + struct sta_info *sta; + unsigned long flags; + + ASSERT_RTNL(); + + spin_lock_irqsave(&local->sta_lock, flags); + while (!list_empty(&local->sta_flush_list)) { + sta = list_first_entry(&local->sta_flush_list, + struct sta_info, list); + list_del(&sta->list); + spin_unlock_irqrestore(&local->sta_lock, flags); + sta_info_destroy(sta); + spin_lock_irqsave(&local->sta_lock, flags); + } + spin_unlock_irqrestore(&local->sta_lock, flags); +} + +static void ieee80211_sta_flush_work(struct work_struct *work) +{ + struct ieee80211_local *local = + container_of(work, struct ieee80211_local, sta_flush_work); + + rtnl_lock(); + __ieee80211_run_pending_flush(local); + rtnl_unlock(); +} + void sta_info_init(struct ieee80211_local *local) { spin_lock_init(&local->sta_lock); INIT_LIST_HEAD(&local->sta_list); + INIT_LIST_HEAD(&local->sta_flush_list); + INIT_WORK(&local->sta_flush_work, ieee80211_sta_flush_work); setup_timer(&local->sta_cleanup, sta_info_cleanup, (unsigned long)local); @@ -668,7 +699,12 @@ int sta_info_start(struct ieee80211_local *local) void sta_info_stop(struct ieee80211_local *local) { del_timer(&local->sta_cleanup); + cancel_work_sync(&local->sta_flush_work); + + rtnl_lock(); sta_info_flush(local, NULL); + __ieee80211_run_pending_flush(local); + rtnl_unlock(); } /** @@ -688,6 +724,7 @@ int sta_info_flush(struct ieee80211_local *local, unsigned long flags; might_sleep(); + ASSERT_RTNL(); spin_lock_irqsave(&local->sta_lock, flags); list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { @@ -706,3 +743,36 @@ int sta_info_flush(struct ieee80211_local *local, return ret; } + +/** + * sta_info_flush_delayed - flush matching STA entries from the STA table + * + * This function unlinks all stations for a given interface and queues + * them for freeing. Note that the workqueue function scheduled here has + * to run before any new keys can be added to the system to avoid set_key() + * callback ordering issues. + * + * @sdata: the interface + */ +void sta_info_flush_delayed(struct ieee80211_sub_if_data *sdata) +{ + struct ieee80211_local *local = sdata->local; + struct sta_info *sta, *tmp; + unsigned long flags; + bool work = false; + + spin_lock_irqsave(&local->sta_lock, flags); + list_for_each_entry_safe(sta, tmp, &local->sta_list, list) { + if (sdata == sta->sdata) { + __sta_info_unlink(&sta); + if (sta) { + list_add_tail(&sta->list, + &local->sta_flush_list); + work = true; + } + } + } + if (work) + schedule_work(&local->sta_flush_work); + spin_unlock_irqrestore(&local->sta_lock, flags); +} -- cgit v1.2.3 From cb585bccfedab0c228344ffa258950c417dea6b5 Mon Sep 17 00:00:00 2001 From: Luis Carlos Cobo Date: Mon, 31 Mar 2008 15:21:23 -0700 Subject: mac80211: fix spinlock recursion on sta expiration Signed-off-by: Luis Carlos Cobo Acked-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index f5c65e89128..7e1e8725764 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -454,7 +454,7 @@ static struct sta_info *__sta_info_unpin(struct sta_info *sta) return ret; } -static void __sta_info_unlink(struct sta_info **sta) +void __sta_info_unlink(struct sta_info **sta) { struct ieee80211_local *local = (*sta)->local; struct ieee80211_sub_if_data *sdata = (*sta)->sdata; -- cgit v1.2.3 From 49ec6fa22028054f292c9c290415b88281f7b783 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Thu, 3 Apr 2008 14:31:05 +0200 Subject: mac80211: fix possible sta-debugfs work lockup Because we queue the sta-debugfs-adding work on our mac80211 workqueue (which needs to be flushed under RTNL) and that work needs the RTNL, it can currently deadlock, thanks to Reinette Chatre for pointing out the lockdep warning about this. This patch fixes it by moving this work to the common kernel workqueue (using schedule_work) and canceling it as appropriate. It also fixes a related problem: When a STA is pinned by the debugfs adding work and sta_info_flush() runs concurrently it is not guaranteed that all STAs are removed from the driver before the corresponding interface is removed which may lead to bugs. Signed-off-by: Johannes Berg Cc: Reinette Chatre Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 7e1e8725764..bfdaf5c82f9 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -351,7 +351,7 @@ int sta_info_insert(struct sta_info *sta) * NOTE: due to auto-freeing semantics this may only be done * if the insertion is successful! */ - queue_work(local->hw.workqueue, &local->sta_debugfs_add); + schedule_work(&local->sta_debugfs_add); #endif if (ieee80211_vif_is_mesh(&sdata->vif)) @@ -476,16 +476,23 @@ void __sta_info_unlink(struct sta_info **sta) * * The rules are not trivial, but not too complex either: * (1) pin_status is only modified under the sta_lock - * (2) sta_info_debugfs_add_work() will set the status + * (2) STAs may only be pinned under the RTNL so that + * sta_info_flush() is guaranteed to actually destroy + * all STAs that are active for a given interface, this + * is required for correctness because otherwise we + * could notify a driver that an interface is going + * away and only after that (!) notify it about a STA + * on that interface going away. + * (3) sta_info_debugfs_add_work() will set the status * to PINNED when it found an item that needs a new * debugfs directory created. In that case, that item * must not be freed although all *RCU* users are done * with it. Hence, we tell the caller of _unlink() * that the item is already gone (as can happen when * two tasks try to unlink/destroy at the same time) - * (3) We set the pin_status to DESTROY here when we + * (4) We set the pin_status to DESTROY here when we * find such an item. - * (4) sta_info_debugfs_add_work() will reset the pin_status + * (5) sta_info_debugfs_add_work() will reset the pin_status * from PINNED to NORMAL when it is done with the item, * but will check for DESTROY before resetting it in * which case it will free the item. @@ -617,6 +624,8 @@ static void sta_info_debugfs_add_work(struct work_struct *work) struct sta_info *sta, *tmp; unsigned long flags; + /* We need to keep the RTNL across the whole pinned status. */ + rtnl_lock(); while (1) { sta = NULL; @@ -637,10 +646,9 @@ static void sta_info_debugfs_add_work(struct work_struct *work) rate_control_add_sta_debugfs(sta); sta = __sta_info_unpin(sta); - rtnl_lock(); sta_info_destroy(sta); - rtnl_unlock(); } + rtnl_unlock(); } #endif @@ -700,6 +708,15 @@ void sta_info_stop(struct ieee80211_local *local) { del_timer(&local->sta_cleanup); cancel_work_sync(&local->sta_flush_work); +#ifdef CONFIG_MAC80211_DEBUGFS + /* + * Make sure the debugfs adding work isn't pending after this + * because we're about to be destroyed. It doesn't matter + * whether it ran or not since we're going to flush all STAs + * anyway. + */ + cancel_work_sync(&local->sta_debugfs_add); +#endif rtnl_lock(); sta_info_flush(local, NULL); -- cgit v1.2.3 From 4d6141c30a2567a85d869d55f579438b3365d719 Mon Sep 17 00:00:00 2001 From: Jiri Slaby Date: Mon, 7 Apr 2008 21:53:49 +0200 Subject: mac80211: fix defined but not used These two symbols are used only in ifdeffed function. Move them to that section too. net/mac80211/sta_info.c:387: warning: `__sta_info_pin' defined but not used net/mac80211/sta_info.c:397: warning: `__sta_info_unpin' defined but not used Signed-off-by: Jiri Slaby Cc: Michael Wu Cc: Johannes Berg Cc: Jiri Benc Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 60 ++++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index bfdaf5c82f9..130aad2de10 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -424,36 +424,6 @@ void sta_info_clear_tim_bit(struct sta_info *sta) spin_unlock_irqrestore(&sta->local->sta_lock, flags); } -/* - * See comment in __sta_info_unlink, - * caller must hold local->sta_lock. - */ -static void __sta_info_pin(struct sta_info *sta) -{ - WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); - sta->pin_status = STA_INFO_PIN_STAT_PINNED; -} - -/* - * See comment in __sta_info_unlink, returns sta if it - * needs to be destroyed. - */ -static struct sta_info *__sta_info_unpin(struct sta_info *sta) -{ - struct sta_info *ret = NULL; - unsigned long flags; - - spin_lock_irqsave(&sta->local->sta_lock, flags); - WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && - sta->pin_status != STA_INFO_PIN_STAT_PINNED); - if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) - ret = sta; - sta->pin_status = STA_INFO_PIN_STAT_NORMAL; - spin_unlock_irqrestore(&sta->local->sta_lock, flags); - - return ret; -} - void __sta_info_unlink(struct sta_info **sta) { struct ieee80211_local *local = (*sta)->local; @@ -617,6 +587,36 @@ static void sta_info_cleanup(unsigned long data) } #ifdef CONFIG_MAC80211_DEBUGFS +/* + * See comment in __sta_info_unlink, + * caller must hold local->sta_lock. + */ +static void __sta_info_pin(struct sta_info *sta) +{ + WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_NORMAL); + sta->pin_status = STA_INFO_PIN_STAT_PINNED; +} + +/* + * See comment in __sta_info_unlink, returns sta if it + * needs to be destroyed. + */ +static struct sta_info *__sta_info_unpin(struct sta_info *sta) +{ + struct sta_info *ret = NULL; + unsigned long flags; + + spin_lock_irqsave(&sta->local->sta_lock, flags); + WARN_ON(sta->pin_status != STA_INFO_PIN_STAT_DESTROY && + sta->pin_status != STA_INFO_PIN_STAT_PINNED); + if (sta->pin_status == STA_INFO_PIN_STAT_DESTROY) + ret = sta; + sta->pin_status = STA_INFO_PIN_STAT_NORMAL; + spin_unlock_irqrestore(&sta->local->sta_lock, flags); + + return ret; +} + static void sta_info_debugfs_add_work(struct work_struct *work) { struct ieee80211_local *local = -- cgit v1.2.3 From 7d1559f1737d5ca27b267b0392015f42b3bbe2fa Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 8 Apr 2008 13:08:20 +0200 Subject: mac80211: fix sta-info pinning When a STA is supposed to be unlinked but is pinned, it still needs to be unlinked from all structures. Only at the end of the unlink process should we check for pin status and invalidate the callers reference if it is pinned. Move the pin status check down. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 64 ++++++++++++++++++++++++------------------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 130aad2de10..cedd73a0c87 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -439,8 +439,39 @@ void __sta_info_unlink(struct sta_info **sta) return; } + list_del(&(*sta)->list); + + if ((*sta)->flags & WLAN_STA_PS) { + (*sta)->flags &= ~WLAN_STA_PS; + if (sdata->bss) + atomic_dec(&sdata->bss->num_sta_ps); + __sta_info_clear_tim_bit(sdata->bss, *sta); + } + + local->num_sta--; + + if (local->ops->sta_notify) { + if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) + sdata = sdata->u.vlan.ap; + + local->ops->sta_notify(local_to_hw(local), &sdata->vif, + STA_NOTIFY_REMOVE, (*sta)->addr); + } + + if (ieee80211_vif_is_mesh(&sdata->vif)) { + mesh_accept_plinks_update(sdata); +#ifdef CONFIG_MAC80211_MESH + del_timer(&(*sta)->plink_timer); +#endif + } + +#ifdef CONFIG_MAC80211_VERBOSE_DEBUG + printk(KERN_DEBUG "%s: Removed STA %s\n", + wiphy_name(local->hw.wiphy), print_mac(mbuf, (*sta)->addr)); +#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ + /* - * Also pull caller's reference if the STA is pinned by the + * Finally, pull caller's reference if the STA is pinned by the * task that is adding the debugfs entries. In that case, we * leave the STA "to be freed". * @@ -472,37 +503,6 @@ void __sta_info_unlink(struct sta_info **sta) *sta = NULL; return; } - - list_del(&(*sta)->list); - - if ((*sta)->flags & WLAN_STA_PS) { - (*sta)->flags &= ~WLAN_STA_PS; - if (sdata->bss) - atomic_dec(&sdata->bss->num_sta_ps); - __sta_info_clear_tim_bit(sdata->bss, *sta); - } - - local->num_sta--; - - if (local->ops->sta_notify) { - if (sdata->vif.type == IEEE80211_IF_TYPE_VLAN) - sdata = sdata->u.vlan.ap; - - local->ops->sta_notify(local_to_hw(local), &sdata->vif, - STA_NOTIFY_REMOVE, (*sta)->addr); - } - - if (ieee80211_vif_is_mesh(&sdata->vif)) { - mesh_accept_plinks_update(sdata); -#ifdef CONFIG_MAC80211_MESH - del_timer(&(*sta)->plink_timer); -#endif - } - -#ifdef CONFIG_MAC80211_VERBOSE_DEBUG - printk(KERN_DEBUG "%s: Removed STA %s\n", - wiphy_name(local->hw.wiphy), print_mac(mbuf, (*sta)->addr)); -#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */ } void sta_info_unlink(struct sta_info **sta) -- cgit v1.2.3 From 3b96766f0e643f52ae19e134664df6730c737e87 Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 8 Apr 2008 17:56:52 +0200 Subject: mac80211: fix key vs. sta locking problems Up to now, key manipulation is supposed to run under RTNL to avoid concurrent manipulations and also allow the set_key() hardware callback to sleep. This is not feasible because STA structs are rcu-protected and thus a lot of operations there cannot take the RTNL. Also, key references are rcu-protected so we cannot do things atomically. This patch changes key locking completely: * key operations are now atomic * hardware crypto offload is enabled and disabled from a workqueue, due to that key freeing is also delayed * debugfs code is also run from a workqueue * keys reference STAs (and vice versa!) so during STA unlink the STAs key reference is removed but not the keys STA reference, to avoid races key todo work is run before STA destruction. * fewer STA operations now need the RTNL which was required due to key operations This fixes the locking problems lockdep pointed out and also makes things more light-weight because the rtnl isn't required as much. Note that the key todo lock/key mutex are global locks, this is not required, of course, they could be per-hardware instead. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 48 ++++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 26 deletions(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index cedd73a0c87..5540cbf7c44 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -51,17 +51,15 @@ * * In order to remove a STA info structure, the caller needs to first * unlink it (sta_info_unlink()) from the list and hash tables and - * then destroy it while holding the RTNL; sta_info_destroy() will wait - * for an RCU grace period to elapse before actually freeing it. Due to - * the pinning and the possibility of multiple callers trying to remove - * the same STA info at the same time, sta_info_unlink() can clear the - * STA info pointer it is passed to indicate that the STA info is owned - * by somebody else now. + * then destroy it; sta_info_destroy() will wait for an RCU grace period + * to elapse before actually freeing it. Due to the pinning and the + * possibility of multiple callers trying to remove the same STA info at + * the same time, sta_info_unlink() can clear the STA info pointer it is + * passed to indicate that the STA info is owned by somebody else now. * * If sta_info_unlink() did not clear the pointer then the caller owns * the STA info structure now and is responsible of destroying it with - * a call to sta_info_destroy(), not before RCU synchronisation, of - * course. Note that sta_info_destroy() must be protected by the RTNL. + * a call to sta_info_destroy(). * * In all other cases, there is no concept of ownership on a STA entry, * each structure is owned by the global hash table/list until it is @@ -164,7 +162,6 @@ void sta_info_destroy(struct sta_info *sta) struct sk_buff *skb; int i; - ASSERT_RTNL(); might_sleep(); if (!sta) @@ -180,22 +177,16 @@ void sta_info_destroy(struct sta_info *sta) mesh_plink_deactivate(sta); #endif - if (sta->key) { - /* - * NOTE: This will call synchronize_rcu() internally to - * make sure no key references can be in use. We rely on - * that when we take this branch to make sure nobody can - * reference this STA struct any longer! - */ - ieee80211_key_free(sta->key); - WARN_ON(sta->key); - } else { - /* - * Make sure that nobody can reference this STA struct - * any longer. - */ - synchronize_rcu(); - } + /* + * We have only unlinked the key, and actually destroying it + * may mean it is removed from hardware which requires that + * the key->sta pointer is still valid, so flush the key todo + * list here. + * + * ieee80211_key_todo() will synchronize_rcu() so after this + * nothing can reference this sta struct any more. + */ + ieee80211_key_todo(); #ifdef CONFIG_MAC80211_MESH if (ieee80211_vif_is_mesh(&sta->sdata->vif)) @@ -439,6 +430,11 @@ void __sta_info_unlink(struct sta_info **sta) return; } + if ((*sta)->key) { + ieee80211_key_free((*sta)->key); + WARN_ON((*sta)->key); + } + list_del(&(*sta)->list); if ((*sta)->flags & WLAN_STA_PS) { @@ -652,7 +648,7 @@ static void sta_info_debugfs_add_work(struct work_struct *work) } #endif -void __ieee80211_run_pending_flush(struct ieee80211_local *local) +static void __ieee80211_run_pending_flush(struct ieee80211_local *local) { struct sta_info *sta; unsigned long flags; -- cgit v1.2.3 From 2c8dccc77420fb7433da5674818959d3499d35be Mon Sep 17 00:00:00 2001 From: Johannes Berg Date: Tue, 8 Apr 2008 15:14:40 -0400 Subject: mac80211: rename files This patch renames all mac80211 files (except ieee80211_i.h) to get rid of the useless ieee80211_ prefix. Signed-off-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/sta_info.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'net/mac80211/sta_info.c') diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c index 5540cbf7c44..7d4fe4a5292 100644 --- a/net/mac80211/sta_info.c +++ b/net/mac80211/sta_info.c @@ -19,7 +19,7 @@ #include #include "ieee80211_i.h" -#include "ieee80211_rate.h" +#include "rate.h" #include "sta_info.h" #include "debugfs_sta.h" #include "mesh.h" -- cgit v1.2.3