1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * Copyright 2002-2005, Instant802 Networks, Inc.
4 * Copyright 2005-2006, Devicescape Software, Inc.
5 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
6 * Copyright 2007 Johannes Berg <johannes@sipsolutions.net>
7 * Copyright 2013-2014 Intel Mobile Communications GmbH
8 * Copyright (C) 2018-2024 Intel Corporation
9 *
10 * Transmit and frame generation functions.
11 */
12
13#include <linux/kernel.h>
14#include <linux/slab.h>
15#include <linux/skbuff.h>
16#include <linux/if_vlan.h>
17#include <linux/etherdevice.h>
18#include <linux/bitmap.h>
19#include <linux/rcupdate.h>
20#include <linux/export.h>
21#include <net/net_namespace.h>
22#include <net/ieee80211_radiotap.h>
23#include <net/cfg80211.h>
24#include <net/mac80211.h>
25#include <net/codel.h>
26#include <net/codel_impl.h>
27#include <asm/unaligned.h>
28#include <net/fq_impl.h>
29#include <net/gso.h>
30
31#include "ieee80211_i.h"
32#include "driver-ops.h"
33#include "led.h"
34#include "mesh.h"
35#include "wep.h"
36#include "wpa.h"
37#include "wme.h"
38#include "rate.h"
39
40/* misc utils */
41
42static __le16 ieee80211_duration(struct ieee80211_tx_data *tx,
43 struct sk_buff *skb, int group_addr,
44 int next_frag_len)
45{
46 int rate, mrate, erp, dur, i;
47 struct ieee80211_rate *txrate;
48 struct ieee80211_local *local = tx->local;
49 struct ieee80211_supported_band *sband;
50 struct ieee80211_hdr *hdr;
51 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
52 struct ieee80211_chanctx_conf *chanctx_conf;
53 u32 rate_flags = 0;
54
55 /* assume HW handles this */
56 if (tx->rate.flags & (IEEE80211_TX_RC_MCS | IEEE80211_TX_RC_VHT_MCS))
57 return 0;
58
59 rcu_read_lock();
60 chanctx_conf = rcu_dereference(tx->sdata->vif.bss_conf.chanctx_conf);
61 if (chanctx_conf)
62 rate_flags = ieee80211_chandef_rate_flags(chandef: &chanctx_conf->def);
63 rcu_read_unlock();
64
65 /* uh huh? */
66 if (WARN_ON_ONCE(tx->rate.idx < 0))
67 return 0;
68
69 sband = local->hw.wiphy->bands[info->band];
70 txrate = &sband->bitrates[tx->rate.idx];
71
72 erp = txrate->flags & IEEE80211_RATE_ERP_G;
73
74 /* device is expected to do this */
75 if (sband->band == NL80211_BAND_S1GHZ)
76 return 0;
77
78 /*
79 * data and mgmt (except PS Poll):
80 * - during CFP: 32768
81 * - during contention period:
82 * if addr1 is group address: 0
83 * if more fragments = 0 and addr1 is individual address: time to
84 * transmit one ACK plus SIFS
85 * if more fragments = 1 and addr1 is individual address: time to
86 * transmit next fragment plus 2 x ACK plus 3 x SIFS
87 *
88 * IEEE 802.11, 9.6:
89 * - control response frame (CTS or ACK) shall be transmitted using the
90 * same rate as the immediately previous frame in the frame exchange
91 * sequence, if this rate belongs to the PHY mandatory rates, or else
92 * at the highest possible rate belonging to the PHY rates in the
93 * BSSBasicRateSet
94 */
95 hdr = (struct ieee80211_hdr *)skb->data;
96 if (ieee80211_is_ctl(fc: hdr->frame_control)) {
97 /* TODO: These control frames are not currently sent by
98 * mac80211, but should they be implemented, this function
99 * needs to be updated to support duration field calculation.
100 *
101 * RTS: time needed to transmit pending data/mgmt frame plus
102 * one CTS frame plus one ACK frame plus 3 x SIFS
103 * CTS: duration of immediately previous RTS minus time
104 * required to transmit CTS and its SIFS
105 * ACK: 0 if immediately previous directed data/mgmt had
106 * more=0, with more=1 duration in ACK frame is duration
107 * from previous frame minus time needed to transmit ACK
108 * and its SIFS
109 * PS Poll: BIT(15) | BIT(14) | aid
110 */
111 return 0;
112 }
113
114 /* data/mgmt */
115 if (0 /* FIX: data/mgmt during CFP */)
116 return cpu_to_le16(32768);
117
118 if (group_addr) /* Group address as the destination - no ACK */
119 return 0;
120
121 /* Individual destination address:
122 * IEEE 802.11, Ch. 9.6 (after IEEE 802.11g changes)
123 * CTS and ACK frames shall be transmitted using the highest rate in
124 * basic rate set that is less than or equal to the rate of the
125 * immediately previous frame and that is using the same modulation
126 * (CCK or OFDM). If no basic rate set matches with these requirements,
127 * the highest mandatory rate of the PHY that is less than or equal to
128 * the rate of the previous frame is used.
129 * Mandatory rates for IEEE 802.11g PHY: 1, 2, 5.5, 11, 6, 12, 24 Mbps
130 */
131 rate = -1;
132 /* use lowest available if everything fails */
133 mrate = sband->bitrates[0].bitrate;
134 for (i = 0; i < sband->n_bitrates; i++) {
135 struct ieee80211_rate *r = &sband->bitrates[i];
136 u32 flag;
137
138 if (r->bitrate > txrate->bitrate)
139 break;
140
141 if ((rate_flags & r->flags) != rate_flags)
142 continue;
143
144 if (tx->sdata->vif.bss_conf.basic_rates & BIT(i))
145 rate = r->bitrate;
146
147 switch (sband->band) {
148 case NL80211_BAND_2GHZ:
149 case NL80211_BAND_LC:
150 if (tx->sdata->deflink.operating_11g_mode)
151 flag = IEEE80211_RATE_MANDATORY_G;
152 else
153 flag = IEEE80211_RATE_MANDATORY_B;
154 break;
155 case NL80211_BAND_5GHZ:
156 case NL80211_BAND_6GHZ:
157 flag = IEEE80211_RATE_MANDATORY_A;
158 break;
159 default:
160 flag = 0;
161 WARN_ON(1);
162 break;
163 }
164
165 if (r->flags & flag)
166 mrate = r->bitrate;
167 }
168 if (rate == -1) {
169 /* No matching basic rate found; use highest suitable mandatory
170 * PHY rate */
171 rate = mrate;
172 }
173
174 /* Don't calculate ACKs for QoS Frames with NoAck Policy set */
175 if (ieee80211_is_data_qos(fc: hdr->frame_control) &&
176 *(ieee80211_get_qos_ctl(hdr)) & IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
177 dur = 0;
178 else
179 /* Time needed to transmit ACK
180 * (10 bytes + 4-byte FCS = 112 bits) plus SIFS; rounded up
181 * to closest integer */
182 dur = ieee80211_frame_duration(band: sband->band, len: 10, rate, erp,
183 short_preamble: tx->sdata->vif.bss_conf.use_short_preamble);
184
185 if (next_frag_len) {
186 /* Frame is fragmented: duration increases with time needed to
187 * transmit next fragment plus ACK and 2 x SIFS. */
188 dur *= 2; /* ACK + SIFS */
189 /* next fragment */
190 dur += ieee80211_frame_duration(band: sband->band, len: next_frag_len,
191 rate: txrate->bitrate, erp,
192 short_preamble: tx->sdata->vif.bss_conf.use_short_preamble);
193 }
194
195 return cpu_to_le16(dur);
196}
197
198/* tx handlers */
199static ieee80211_tx_result debug_noinline
200ieee80211_tx_h_dynamic_ps(struct ieee80211_tx_data *tx)
201{
202 struct ieee80211_local *local = tx->local;
203 struct ieee80211_if_managed *ifmgd;
204 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
205
206 /* driver doesn't support power save */
207 if (!ieee80211_hw_check(&local->hw, SUPPORTS_PS))
208 return TX_CONTINUE;
209
210 /* hardware does dynamic power save */
211 if (ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS))
212 return TX_CONTINUE;
213
214 /* dynamic power save disabled */
215 if (local->hw.conf.dynamic_ps_timeout <= 0)
216 return TX_CONTINUE;
217
218 /* we are scanning, don't enable power save */
219 if (local->scanning)
220 return TX_CONTINUE;
221
222 if (!local->ps_sdata)
223 return TX_CONTINUE;
224
225 /* No point if we're going to suspend */
226 if (local->quiescing)
227 return TX_CONTINUE;
228
229 /* dynamic ps is supported only in managed mode */
230 if (tx->sdata->vif.type != NL80211_IFTYPE_STATION)
231 return TX_CONTINUE;
232
233 if (unlikely(info->flags & IEEE80211_TX_INTFL_OFFCHAN_TX_OK))
234 return TX_CONTINUE;
235
236 ifmgd = &tx->sdata->u.mgd;
237
238 /*
239 * Don't wakeup from power save if u-apsd is enabled, voip ac has
240 * u-apsd enabled and the frame is in voip class. This effectively
241 * means that even if all access categories have u-apsd enabled, in
242 * practise u-apsd is only used with the voip ac. This is a
243 * workaround for the case when received voip class packets do not
244 * have correct qos tag for some reason, due the network or the
245 * peer application.
246 *
247 * Note: ifmgd->uapsd_queues access is racy here. If the value is
248 * changed via debugfs, user needs to reassociate manually to have
249 * everything in sync.
250 */
251 if ((ifmgd->flags & IEEE80211_STA_UAPSD_ENABLED) &&
252 (ifmgd->uapsd_queues & IEEE80211_WMM_IE_STA_QOSINFO_AC_VO) &&
253 skb_get_queue_mapping(skb: tx->skb) == IEEE80211_AC_VO)
254 return TX_CONTINUE;
255
256 if (local->hw.conf.flags & IEEE80211_CONF_PS) {
257 ieee80211_stop_queues_by_reason(hw: &local->hw,
258 queues: IEEE80211_MAX_QUEUE_MAP,
259 reason: IEEE80211_QUEUE_STOP_REASON_PS,
260 refcounted: false);
261 ifmgd->flags &= ~IEEE80211_STA_NULLFUNC_ACKED;
262 wiphy_work_queue(wiphy: local->hw.wiphy,
263 work: &local->dynamic_ps_disable_work);
264 }
265
266 /* Don't restart the timer if we're not disassociated */
267 if (!ifmgd->associated)
268 return TX_CONTINUE;
269
270 mod_timer(timer: &local->dynamic_ps_timer, expires: jiffies +
271 msecs_to_jiffies(m: local->hw.conf.dynamic_ps_timeout));
272
273 return TX_CONTINUE;
274}
275
276static ieee80211_tx_result debug_noinline
277ieee80211_tx_h_check_assoc(struct ieee80211_tx_data *tx)
278{
279
280 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
281 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
282 bool assoc = false;
283
284 if (unlikely(info->flags & IEEE80211_TX_CTL_INJECTED))
285 return TX_CONTINUE;
286
287 if (unlikely(test_bit(SCAN_SW_SCANNING, &tx->local->scanning)) &&
288 test_bit(SDATA_STATE_OFFCHANNEL, &tx->sdata->state) &&
289 !ieee80211_is_probe_req(fc: hdr->frame_control) &&
290 !ieee80211_is_any_nullfunc(fc: hdr->frame_control))
291 /*
292 * When software scanning only nullfunc frames (to notify
293 * the sleep state to the AP) and probe requests (for the
294 * active scan) are allowed, all other frames should not be
295 * sent and we should not get here, but if we do
296 * nonetheless, drop them to avoid sending them
297 * off-channel. See the link below and
298 * ieee80211_start_scan() for more.
299 *
300 * http://article.gmane.org/gmane.linux.kernel.wireless.general/30089
301 */
302 return TX_DROP;
303
304 if (tx->sdata->vif.type == NL80211_IFTYPE_OCB)
305 return TX_CONTINUE;
306
307 if (tx->flags & IEEE80211_TX_PS_BUFFERED)
308 return TX_CONTINUE;
309
310 if (tx->sta)
311 assoc = test_sta_flag(sta: tx->sta, flag: WLAN_STA_ASSOC);
312
313 if (likely(tx->flags & IEEE80211_TX_UNICAST)) {
314 if (unlikely(!assoc &&
315 ieee80211_is_data(hdr->frame_control))) {
316#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
317 sdata_info(tx->sdata,
318 "dropped data frame to not associated station %pM\n",
319 hdr->addr1);
320#endif
321 I802_DEBUG_INC(tx->local->tx_handlers_drop_not_assoc);
322 return TX_DROP;
323 }
324 } else if (unlikely(ieee80211_is_data(hdr->frame_control) &&
325 ieee80211_vif_get_num_mcast_if(tx->sdata) == 0)) {
326 /*
327 * No associated STAs - no need to send multicast
328 * frames.
329 */
330 return TX_DROP;
331 }
332
333 return TX_CONTINUE;
334}
335
336/* This function is called whenever the AP is about to exceed the maximum limit
337 * of buffered frames for power saving STAs. This situation should not really
338 * happen often during normal operation, so dropping the oldest buffered packet
339 * from each queue should be OK to make some room for new frames. */
340static void purge_old_ps_buffers(struct ieee80211_local *local)
341{
342 int total = 0, purged = 0;
343 struct sk_buff *skb;
344 struct ieee80211_sub_if_data *sdata;
345 struct sta_info *sta;
346
347 list_for_each_entry_rcu(sdata, &local->interfaces, list) {
348 struct ps_data *ps;
349
350 if (sdata->vif.type == NL80211_IFTYPE_AP)
351 ps = &sdata->u.ap.ps;
352 else if (ieee80211_vif_is_mesh(vif: &sdata->vif))
353 ps = &sdata->u.mesh.ps;
354 else
355 continue;
356
357 skb = skb_dequeue(list: &ps->bc_buf);
358 if (skb) {
359 purged++;
360 ieee80211_free_txskb(hw: &local->hw, skb);
361 }
362 total += skb_queue_len(list_: &ps->bc_buf);
363 }
364
365 /*
366 * Drop one frame from each station from the lowest-priority
367 * AC that has frames at all.
368 */
369 list_for_each_entry_rcu(sta, &local->sta_list, list) {
370 int ac;
371
372 for (ac = IEEE80211_AC_BK; ac >= IEEE80211_AC_VO; ac--) {
373 skb = skb_dequeue(list: &sta->ps_tx_buf[ac]);
374 total += skb_queue_len(list_: &sta->ps_tx_buf[ac]);
375 if (skb) {
376 purged++;
377 ieee80211_free_txskb(hw: &local->hw, skb);
378 break;
379 }
380 }
381 }
382
383 local->total_ps_buffered = total;
384 ps_dbg_hw(&local->hw, "PS buffers full - purged %d frames\n", purged);
385}
386
387static ieee80211_tx_result
388ieee80211_tx_h_multicast_ps_buf(struct ieee80211_tx_data *tx)
389{
390 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
391 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
392 struct ps_data *ps;
393
394 /*
395 * broadcast/multicast frame
396 *
397 * If any of the associated/peer stations is in power save mode,
398 * the frame is buffered to be sent after DTIM beacon frame.
399 * This is done either by the hardware or us.
400 */
401
402 /* powersaving STAs currently only in AP/VLAN/mesh mode */
403 if (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
404 tx->sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
405 if (!tx->sdata->bss)
406 return TX_CONTINUE;
407
408 ps = &tx->sdata->bss->ps;
409 } else if (ieee80211_vif_is_mesh(vif: &tx->sdata->vif)) {
410 ps = &tx->sdata->u.mesh.ps;
411 } else {
412 return TX_CONTINUE;
413 }
414
415
416 /* no buffering for ordered frames */
417 if (ieee80211_has_order(fc: hdr->frame_control))
418 return TX_CONTINUE;
419
420 if (ieee80211_is_probe_req(fc: hdr->frame_control))
421 return TX_CONTINUE;
422
423 if (ieee80211_hw_check(&tx->local->hw, QUEUE_CONTROL))
424 info->hw_queue = tx->sdata->vif.cab_queue;
425
426 /* no stations in PS mode and no buffered packets */
427 if (!atomic_read(v: &ps->num_sta_ps) && skb_queue_empty(list: &ps->bc_buf))
428 return TX_CONTINUE;
429
430 info->flags |= IEEE80211_TX_CTL_SEND_AFTER_DTIM;
431
432 /* device releases frame after DTIM beacon */
433 if (!ieee80211_hw_check(&tx->local->hw, HOST_BROADCAST_PS_BUFFERING))
434 return TX_CONTINUE;
435
436 /* buffered in mac80211 */
437 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
438 purge_old_ps_buffers(local: tx->local);
439
440 if (skb_queue_len(list_: &ps->bc_buf) >= AP_MAX_BC_BUFFER) {
441 ps_dbg(tx->sdata,
442 "BC TX buffer full - dropping the oldest frame\n");
443 ieee80211_free_txskb(hw: &tx->local->hw, skb: skb_dequeue(list: &ps->bc_buf));
444 } else
445 tx->local->total_ps_buffered++;
446
447 skb_queue_tail(list: &ps->bc_buf, newsk: tx->skb);
448
449 return TX_QUEUED;
450}
451
452static int ieee80211_use_mfp(__le16 fc, struct sta_info *sta,
453 struct sk_buff *skb)
454{
455 if (!ieee80211_is_mgmt(fc))
456 return 0;
457
458 if (sta == NULL || !test_sta_flag(sta, flag: WLAN_STA_MFP))
459 return 0;
460
461 if (!ieee80211_is_robust_mgmt_frame(skb))
462 return 0;
463
464 return 1;
465}
466
467static ieee80211_tx_result
468ieee80211_tx_h_unicast_ps_buf(struct ieee80211_tx_data *tx)
469{
470 struct sta_info *sta = tx->sta;
471 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
472 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
473 struct ieee80211_local *local = tx->local;
474
475 if (unlikely(!sta))
476 return TX_CONTINUE;
477
478 if (unlikely((test_sta_flag(sta, WLAN_STA_PS_STA) ||
479 test_sta_flag(sta, WLAN_STA_PS_DRIVER) ||
480 test_sta_flag(sta, WLAN_STA_PS_DELIVER)) &&
481 !(info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER))) {
482 int ac = skb_get_queue_mapping(skb: tx->skb);
483
484 if (ieee80211_is_mgmt(fc: hdr->frame_control) &&
485 !ieee80211_is_bufferable_mmpdu(skb: tx->skb)) {
486 info->flags |= IEEE80211_TX_CTL_NO_PS_BUFFER;
487 return TX_CONTINUE;
488 }
489
490 ps_dbg(sta->sdata, "STA %pM aid %d: PS buffer for AC %d\n",
491 sta->sta.addr, sta->sta.aid, ac);
492 if (tx->local->total_ps_buffered >= TOTAL_MAX_TX_BUFFER)
493 purge_old_ps_buffers(local: tx->local);
494
495 /* sync with ieee80211_sta_ps_deliver_wakeup */
496 spin_lock(lock: &sta->ps_lock);
497 /*
498 * STA woke up the meantime and all the frames on ps_tx_buf have
499 * been queued to pending queue. No reordering can happen, go
500 * ahead and Tx the packet.
501 */
502 if (!test_sta_flag(sta, flag: WLAN_STA_PS_STA) &&
503 !test_sta_flag(sta, flag: WLAN_STA_PS_DRIVER) &&
504 !test_sta_flag(sta, flag: WLAN_STA_PS_DELIVER)) {
505 spin_unlock(lock: &sta->ps_lock);
506 return TX_CONTINUE;
507 }
508
509 if (skb_queue_len(list_: &sta->ps_tx_buf[ac]) >= STA_MAX_TX_BUFFER) {
510 struct sk_buff *old = skb_dequeue(list: &sta->ps_tx_buf[ac]);
511 ps_dbg(tx->sdata,
512 "STA %pM TX buffer for AC %d full - dropping oldest frame\n",
513 sta->sta.addr, ac);
514 ieee80211_free_txskb(hw: &local->hw, skb: old);
515 } else
516 tx->local->total_ps_buffered++;
517
518 info->control.jiffies = jiffies;
519 info->control.vif = &tx->sdata->vif;
520 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
521 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
522 skb_queue_tail(list: &sta->ps_tx_buf[ac], newsk: tx->skb);
523 spin_unlock(lock: &sta->ps_lock);
524
525 if (!timer_pending(timer: &local->sta_cleanup))
526 mod_timer(timer: &local->sta_cleanup,
527 expires: round_jiffies(j: jiffies +
528 STA_INFO_CLEANUP_INTERVAL));
529
530 /*
531 * We queued up some frames, so the TIM bit might
532 * need to be set, recalculate it.
533 */
534 sta_info_recalc_tim(sta);
535
536 return TX_QUEUED;
537 } else if (unlikely(test_sta_flag(sta, WLAN_STA_PS_STA))) {
538 ps_dbg(tx->sdata,
539 "STA %pM in PS mode, but polling/in SP -> send frame\n",
540 sta->sta.addr);
541 }
542
543 return TX_CONTINUE;
544}
545
546static ieee80211_tx_result debug_noinline
547ieee80211_tx_h_ps_buf(struct ieee80211_tx_data *tx)
548{
549 if (unlikely(tx->flags & IEEE80211_TX_PS_BUFFERED))
550 return TX_CONTINUE;
551
552 if (tx->flags & IEEE80211_TX_UNICAST)
553 return ieee80211_tx_h_unicast_ps_buf(tx);
554 else
555 return ieee80211_tx_h_multicast_ps_buf(tx);
556}
557
558static ieee80211_tx_result debug_noinline
559ieee80211_tx_h_check_control_port_protocol(struct ieee80211_tx_data *tx)
560{
561 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
562
563 if (unlikely(tx->sdata->control_port_protocol == tx->skb->protocol)) {
564 if (tx->sdata->control_port_no_encrypt)
565 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
566 info->control.flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO;
567 info->flags |= IEEE80211_TX_CTL_USE_MINRATE;
568 }
569
570 return TX_CONTINUE;
571}
572
573static struct ieee80211_key *
574ieee80211_select_link_key(struct ieee80211_tx_data *tx)
575{
576 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
577 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
578 struct ieee80211_link_data *link;
579 unsigned int link_id;
580
581 link_id = u32_get_bits(v: info->control.flags, field: IEEE80211_TX_CTRL_MLO_LINK);
582 if (link_id == IEEE80211_LINK_UNSPECIFIED) {
583 link = &tx->sdata->deflink;
584 } else {
585 link = rcu_dereference(tx->sdata->link[link_id]);
586 if (!link)
587 return NULL;
588 }
589
590 if (ieee80211_is_group_privacy_action(skb: tx->skb))
591 return rcu_dereference(link->default_multicast_key);
592 else if (ieee80211_is_mgmt(fc: hdr->frame_control) &&
593 is_multicast_ether_addr(addr: hdr->addr1) &&
594 ieee80211_is_robust_mgmt_frame(skb: tx->skb))
595 return rcu_dereference(link->default_mgmt_key);
596 else if (is_multicast_ether_addr(addr: hdr->addr1))
597 return rcu_dereference(link->default_multicast_key);
598
599 return NULL;
600}
601
602static ieee80211_tx_result debug_noinline
603ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx)
604{
605 struct ieee80211_key *key;
606 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
607 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
608
609 if (unlikely(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
610 tx->key = NULL;
611 return TX_CONTINUE;
612 }
613
614 if (tx->sta &&
615 (key = rcu_dereference(tx->sta->ptk[tx->sta->ptk_idx])))
616 tx->key = key;
617 else if ((key = ieee80211_select_link_key(tx)))
618 tx->key = key;
619 else if (!is_multicast_ether_addr(addr: hdr->addr1) &&
620 (key = rcu_dereference(tx->sdata->default_unicast_key)))
621 tx->key = key;
622 else
623 tx->key = NULL;
624
625 if (tx->key) {
626 bool skip_hw = false;
627
628 /* TODO: add threshold stuff again */
629
630 switch (tx->key->conf.cipher) {
631 case WLAN_CIPHER_SUITE_WEP40:
632 case WLAN_CIPHER_SUITE_WEP104:
633 case WLAN_CIPHER_SUITE_TKIP:
634 if (!ieee80211_is_data_present(fc: hdr->frame_control))
635 tx->key = NULL;
636 break;
637 case WLAN_CIPHER_SUITE_CCMP:
638 case WLAN_CIPHER_SUITE_CCMP_256:
639 case WLAN_CIPHER_SUITE_GCMP:
640 case WLAN_CIPHER_SUITE_GCMP_256:
641 if (!ieee80211_is_data_present(fc: hdr->frame_control) &&
642 !ieee80211_use_mfp(fc: hdr->frame_control, sta: tx->sta,
643 skb: tx->skb) &&
644 !ieee80211_is_group_privacy_action(skb: tx->skb))
645 tx->key = NULL;
646 else
647 skip_hw = (tx->key->conf.flags &
648 IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
649 ieee80211_is_mgmt(fc: hdr->frame_control);
650 break;
651 case WLAN_CIPHER_SUITE_AES_CMAC:
652 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
653 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
654 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
655 if (!ieee80211_is_mgmt(fc: hdr->frame_control))
656 tx->key = NULL;
657 break;
658 }
659
660 if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED &&
661 !ieee80211_is_deauth(hdr->frame_control)) &&
662 tx->skb->protocol != tx->sdata->control_port_protocol)
663 return TX_DROP;
664
665 if (!skip_hw && tx->key &&
666 tx->key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
667 info->control.hw_key = &tx->key->conf;
668 } else if (ieee80211_is_data_present(fc: hdr->frame_control) && tx->sta &&
669 test_sta_flag(sta: tx->sta, flag: WLAN_STA_USES_ENCRYPTION)) {
670 return TX_DROP;
671 }
672
673 return TX_CONTINUE;
674}
675
676static ieee80211_tx_result debug_noinline
677ieee80211_tx_h_rate_ctrl(struct ieee80211_tx_data *tx)
678{
679 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
680 struct ieee80211_hdr *hdr = (void *)tx->skb->data;
681 struct ieee80211_supported_band *sband;
682 u32 len;
683 struct ieee80211_tx_rate_control txrc;
684 struct ieee80211_sta_rates *ratetbl = NULL;
685 bool encap = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP;
686 bool assoc = false;
687
688 memset(&txrc, 0, sizeof(txrc));
689
690 sband = tx->local->hw.wiphy->bands[info->band];
691
692 len = min_t(u32, tx->skb->len + FCS_LEN,
693 tx->local->hw.wiphy->frag_threshold);
694
695 /* set up the tx rate control struct we give the RC algo */
696 txrc.hw = &tx->local->hw;
697 txrc.sband = sband;
698 txrc.bss_conf = &tx->sdata->vif.bss_conf;
699 txrc.skb = tx->skb;
700 txrc.reported_rate.idx = -1;
701 txrc.rate_idx_mask = tx->sdata->rc_rateidx_mask[info->band];
702
703 if (tx->sdata->rc_has_mcs_mask[info->band])
704 txrc.rate_idx_mcs_mask =
705 tx->sdata->rc_rateidx_mcs_mask[info->band];
706
707 txrc.bss = (tx->sdata->vif.type == NL80211_IFTYPE_AP ||
708 tx->sdata->vif.type == NL80211_IFTYPE_MESH_POINT ||
709 tx->sdata->vif.type == NL80211_IFTYPE_ADHOC ||
710 tx->sdata->vif.type == NL80211_IFTYPE_OCB);
711
712 /* set up RTS protection if desired */
713 if (len > tx->local->hw.wiphy->rts_threshold) {
714 txrc.rts = true;
715 }
716
717 info->control.use_rts = txrc.rts;
718 info->control.use_cts_prot = tx->sdata->vif.bss_conf.use_cts_prot;
719
720 /*
721 * Use short preamble if the BSS can handle it, but not for
722 * management frames unless we know the receiver can handle
723 * that -- the management frame might be to a station that
724 * just wants a probe response.
725 */
726 if (tx->sdata->vif.bss_conf.use_short_preamble &&
727 (ieee80211_is_tx_data(skb: tx->skb) ||
728 (tx->sta && test_sta_flag(sta: tx->sta, flag: WLAN_STA_SHORT_PREAMBLE))))
729 txrc.short_preamble = true;
730
731 info->control.short_preamble = txrc.short_preamble;
732
733 /* don't ask rate control when rate already injected via radiotap */
734 if (info->control.flags & IEEE80211_TX_CTRL_RATE_INJECT)
735 return TX_CONTINUE;
736
737 if (tx->sta)
738 assoc = test_sta_flag(sta: tx->sta, flag: WLAN_STA_ASSOC);
739
740 /*
741 * Lets not bother rate control if we're associated and cannot
742 * talk to the sta. This should not happen.
743 */
744 if (WARN(test_bit(SCAN_SW_SCANNING, &tx->local->scanning) && assoc &&
745 !rate_usable_index_exists(sband, &tx->sta->sta),
746 "%s: Dropped data frame as no usable bitrate found while "
747 "scanning and associated. Target station: "
748 "%pM on %d GHz band\n",
749 tx->sdata->name,
750 encap ? ((struct ethhdr *)hdr)->h_dest : hdr->addr1,
751 info->band ? 5 : 2))
752 return TX_DROP;
753
754 /*
755 * If we're associated with the sta at this point we know we can at
756 * least send the frame at the lowest bit rate.
757 */
758 rate_control_get_rate(sdata: tx->sdata, sta: tx->sta, txrc: &txrc);
759
760 if (tx->sta && !info->control.skip_table)
761 ratetbl = rcu_dereference(tx->sta->sta.rates);
762
763 if (unlikely(info->control.rates[0].idx < 0)) {
764 if (ratetbl) {
765 struct ieee80211_tx_rate rate = {
766 .idx = ratetbl->rate[0].idx,
767 .flags = ratetbl->rate[0].flags,
768 .count = ratetbl->rate[0].count
769 };
770
771 if (ratetbl->rate[0].idx < 0)
772 return TX_DROP;
773
774 tx->rate = rate;
775 } else {
776 return TX_DROP;
777 }
778 } else {
779 tx->rate = info->control.rates[0];
780 }
781
782 if (txrc.reported_rate.idx < 0) {
783 txrc.reported_rate = tx->rate;
784 if (tx->sta && ieee80211_is_tx_data(skb: tx->skb))
785 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
786 } else if (tx->sta)
787 tx->sta->deflink.tx_stats.last_rate = txrc.reported_rate;
788
789 if (ratetbl)
790 return TX_CONTINUE;
791
792 if (unlikely(!info->control.rates[0].count))
793 info->control.rates[0].count = 1;
794
795 if (WARN_ON_ONCE((info->control.rates[0].count > 1) &&
796 (info->flags & IEEE80211_TX_CTL_NO_ACK)))
797 info->control.rates[0].count = 1;
798
799 return TX_CONTINUE;
800}
801
802static __le16 ieee80211_tx_next_seq(struct sta_info *sta, int tid)
803{
804 u16 *seq = &sta->tid_seq[tid];
805 __le16 ret = cpu_to_le16(*seq);
806
807 /* Increase the sequence number. */
808 *seq = (*seq + 0x10) & IEEE80211_SCTL_SEQ;
809
810 return ret;
811}
812
813static ieee80211_tx_result debug_noinline
814ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
815{
816 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
817 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx->skb->data;
818 int tid;
819
820 /*
821 * Packet injection may want to control the sequence
822 * number, if we have no matching interface then we
823 * neither assign one ourselves nor ask the driver to.
824 */
825 if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
826 return TX_CONTINUE;
827
828 if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
829 return TX_CONTINUE;
830
831 if (ieee80211_hdrlen(fc: hdr->frame_control) < 24)
832 return TX_CONTINUE;
833
834 if (ieee80211_is_qos_nullfunc(fc: hdr->frame_control))
835 return TX_CONTINUE;
836
837 if (info->control.flags & IEEE80211_TX_CTRL_NO_SEQNO)
838 return TX_CONTINUE;
839
840 /* SNS11 from 802.11be 10.3.2.14 */
841 if (unlikely(is_multicast_ether_addr(hdr->addr1) &&
842 ieee80211_vif_is_mld(info->control.vif) &&
843 info->control.vif->type == NL80211_IFTYPE_AP)) {
844 if (info->control.flags & IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX)
845 tx->sdata->mld_mcast_seq += 0x10;
846 hdr->seq_ctrl = cpu_to_le16(tx->sdata->mld_mcast_seq);
847 return TX_CONTINUE;
848 }
849
850 /*
851 * Anything but QoS data that has a sequence number field
852 * (is long enough) gets a sequence number from the global
853 * counter. QoS data frames with a multicast destination
854 * also use the global counter (802.11-2012 9.3.2.10).
855 */
856 if (!ieee80211_is_data_qos(fc: hdr->frame_control) ||
857 is_multicast_ether_addr(addr: hdr->addr1)) {
858 /* driver should assign sequence number */
859 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
860 /* for pure STA mode without beacons, we can do it */
861 hdr->seq_ctrl = cpu_to_le16(tx->sdata->sequence_number);
862 tx->sdata->sequence_number += 0x10;
863 if (tx->sta)
864 tx->sta->deflink.tx_stats.msdu[IEEE80211_NUM_TIDS]++;
865 return TX_CONTINUE;
866 }
867
868 /*
869 * This should be true for injected/management frames only, for
870 * management frames we have set the IEEE80211_TX_CTL_ASSIGN_SEQ
871 * above since they are not QoS-data frames.
872 */
873 if (!tx->sta)
874 return TX_CONTINUE;
875
876 /* include per-STA, per-TID sequence counter */
877 tid = ieee80211_get_tid(hdr);
878 tx->sta->deflink.tx_stats.msdu[tid]++;
879
880 hdr->seq_ctrl = ieee80211_tx_next_seq(sta: tx->sta, tid);
881
882 return TX_CONTINUE;
883}
884
885static int ieee80211_fragment(struct ieee80211_tx_data *tx,
886 struct sk_buff *skb, int hdrlen,
887 int frag_threshold)
888{
889 struct ieee80211_local *local = tx->local;
890 struct ieee80211_tx_info *info;
891 struct sk_buff *tmp;
892 int per_fragm = frag_threshold - hdrlen - FCS_LEN;
893 int pos = hdrlen + per_fragm;
894 int rem = skb->len - hdrlen - per_fragm;
895
896 if (WARN_ON(rem < 0))
897 return -EINVAL;
898
899 /* first fragment was already added to queue by caller */
900
901 while (rem) {
902 int fraglen = per_fragm;
903
904 if (fraglen > rem)
905 fraglen = rem;
906 rem -= fraglen;
907 tmp = dev_alloc_skb(length: local->tx_headroom +
908 frag_threshold +
909 IEEE80211_ENCRYPT_HEADROOM +
910 IEEE80211_ENCRYPT_TAILROOM);
911 if (!tmp)
912 return -ENOMEM;
913
914 __skb_queue_tail(list: &tx->skbs, newsk: tmp);
915
916 skb_reserve(skb: tmp,
917 len: local->tx_headroom + IEEE80211_ENCRYPT_HEADROOM);
918
919 /* copy control information */
920 memcpy(tmp->cb, skb->cb, sizeof(tmp->cb));
921
922 info = IEEE80211_SKB_CB(skb: tmp);
923 info->flags &= ~(IEEE80211_TX_CTL_CLEAR_PS_FILT |
924 IEEE80211_TX_CTL_FIRST_FRAGMENT);
925
926 if (rem)
927 info->flags |= IEEE80211_TX_CTL_MORE_FRAMES;
928
929 skb_copy_queue_mapping(to: tmp, from: skb);
930 tmp->priority = skb->priority;
931 tmp->dev = skb->dev;
932
933 /* copy header and data */
934 skb_put_data(skb: tmp, data: skb->data, len: hdrlen);
935 skb_put_data(skb: tmp, data: skb->data + pos, len: fraglen);
936
937 pos += fraglen;
938 }
939
940 /* adjust first fragment's length */
941 skb_trim(skb, len: hdrlen + per_fragm);
942 return 0;
943}
944
945static ieee80211_tx_result debug_noinline
946ieee80211_tx_h_fragment(struct ieee80211_tx_data *tx)
947{
948 struct sk_buff *skb = tx->skb;
949 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
950 struct ieee80211_hdr *hdr = (void *)skb->data;
951 int frag_threshold = tx->local->hw.wiphy->frag_threshold;
952 int hdrlen;
953 int fragnum;
954
955 /* no matter what happens, tx->skb moves to tx->skbs */
956 __skb_queue_tail(list: &tx->skbs, newsk: skb);
957 tx->skb = NULL;
958
959 if (info->flags & IEEE80211_TX_CTL_DONTFRAG)
960 return TX_CONTINUE;
961
962 if (ieee80211_hw_check(&tx->local->hw, SUPPORTS_TX_FRAG))
963 return TX_CONTINUE;
964
965 /*
966 * Warn when submitting a fragmented A-MPDU frame and drop it.
967 * This scenario is handled in ieee80211_tx_prepare but extra
968 * caution taken here as fragmented ampdu may cause Tx stop.
969 */
970 if (WARN_ON(info->flags & IEEE80211_TX_CTL_AMPDU))
971 return TX_DROP;
972
973 hdrlen = ieee80211_hdrlen(fc: hdr->frame_control);
974
975 /* internal error, why isn't DONTFRAG set? */
976 if (WARN_ON(skb->len + FCS_LEN <= frag_threshold))
977 return TX_DROP;
978
979 /*
980 * Now fragment the frame. This will allocate all the fragments and
981 * chain them (using skb as the first fragment) to skb->next.
982 * During transmission, we will remove the successfully transmitted
983 * fragments from this list. When the low-level driver rejects one
984 * of the fragments then we will simply pretend to accept the skb
985 * but store it away as pending.
986 */
987 if (ieee80211_fragment(tx, skb, hdrlen, frag_threshold))
988 return TX_DROP;
989
990 /* update duration/seq/flags of fragments */
991 fragnum = 0;
992
993 skb_queue_walk(&tx->skbs, skb) {
994 const __le16 morefrags = cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
995
996 hdr = (void *)skb->data;
997 info = IEEE80211_SKB_CB(skb);
998
999 if (!skb_queue_is_last(list: &tx->skbs, skb)) {
1000 hdr->frame_control |= morefrags;
1001 /*
1002 * No multi-rate retries for fragmented frames, that
1003 * would completely throw off the NAV at other STAs.
1004 */
1005 info->control.rates[1].idx = -1;
1006 info->control.rates[2].idx = -1;
1007 info->control.rates[3].idx = -1;
1008 BUILD_BUG_ON(IEEE80211_TX_MAX_RATES != 4);
1009 info->flags &= ~IEEE80211_TX_CTL_RATE_CTRL_PROBE;
1010 } else {
1011 hdr->frame_control &= ~morefrags;
1012 }
1013 hdr->seq_ctrl |= cpu_to_le16(fragnum & IEEE80211_SCTL_FRAG);
1014 fragnum++;
1015 }
1016
1017 return TX_CONTINUE;
1018}
1019
1020static ieee80211_tx_result debug_noinline
1021ieee80211_tx_h_stats(struct ieee80211_tx_data *tx)
1022{
1023 struct sk_buff *skb;
1024 int ac = -1;
1025
1026 if (!tx->sta)
1027 return TX_CONTINUE;
1028
1029 skb_queue_walk(&tx->skbs, skb) {
1030 ac = skb_get_queue_mapping(skb);
1031 tx->sta->deflink.tx_stats.bytes[ac] += skb->len;
1032 }
1033 if (ac >= 0)
1034 tx->sta->deflink.tx_stats.packets[ac]++;
1035
1036 return TX_CONTINUE;
1037}
1038
1039static ieee80211_tx_result debug_noinline
1040ieee80211_tx_h_encrypt(struct ieee80211_tx_data *tx)
1041{
1042 if (!tx->key)
1043 return TX_CONTINUE;
1044
1045 switch (tx->key->conf.cipher) {
1046 case WLAN_CIPHER_SUITE_WEP40:
1047 case WLAN_CIPHER_SUITE_WEP104:
1048 return ieee80211_crypto_wep_encrypt(tx);
1049 case WLAN_CIPHER_SUITE_TKIP:
1050 return ieee80211_crypto_tkip_encrypt(tx);
1051 case WLAN_CIPHER_SUITE_CCMP:
1052 return ieee80211_crypto_ccmp_encrypt(
1053 tx, IEEE80211_CCMP_MIC_LEN);
1054 case WLAN_CIPHER_SUITE_CCMP_256:
1055 return ieee80211_crypto_ccmp_encrypt(
1056 tx, IEEE80211_CCMP_256_MIC_LEN);
1057 case WLAN_CIPHER_SUITE_AES_CMAC:
1058 return ieee80211_crypto_aes_cmac_encrypt(tx);
1059 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
1060 return ieee80211_crypto_aes_cmac_256_encrypt(tx);
1061 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
1062 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
1063 return ieee80211_crypto_aes_gmac_encrypt(tx);
1064 case WLAN_CIPHER_SUITE_GCMP:
1065 case WLAN_CIPHER_SUITE_GCMP_256:
1066 return ieee80211_crypto_gcmp_encrypt(tx);
1067 }
1068
1069 return TX_DROP;
1070}
1071
1072static ieee80211_tx_result debug_noinline
1073ieee80211_tx_h_calculate_duration(struct ieee80211_tx_data *tx)
1074{
1075 struct sk_buff *skb;
1076 struct ieee80211_hdr *hdr;
1077 int next_len;
1078 bool group_addr;
1079
1080 skb_queue_walk(&tx->skbs, skb) {
1081 hdr = (void *) skb->data;
1082 if (unlikely(ieee80211_is_pspoll(hdr->frame_control)))
1083 break; /* must not overwrite AID */
1084 if (!skb_queue_is_last(list: &tx->skbs, skb)) {
1085 struct sk_buff *next = skb_queue_next(list: &tx->skbs, skb);
1086 next_len = next->len;
1087 } else
1088 next_len = 0;
1089 group_addr = is_multicast_ether_addr(addr: hdr->addr1);
1090
1091 hdr->duration_id =
1092 ieee80211_duration(tx, skb, group_addr, next_frag_len: next_len);
1093 }
1094
1095 return TX_CONTINUE;
1096}
1097
1098/* actual transmit path */
1099
1100static bool ieee80211_tx_prep_agg(struct ieee80211_tx_data *tx,
1101 struct sk_buff *skb,
1102 struct ieee80211_tx_info *info,
1103 struct tid_ampdu_tx *tid_tx,
1104 int tid)
1105{
1106 bool queued = false;
1107 bool reset_agg_timer = false;
1108 struct sk_buff *purge_skb = NULL;
1109
1110 if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1111 reset_agg_timer = true;
1112 } else if (test_bit(HT_AGG_STATE_WANT_START, &tid_tx->state)) {
1113 /*
1114 * nothing -- this aggregation session is being started
1115 * but that might still fail with the driver
1116 */
1117 } else if (!tx->sta->sta.txq[tid]) {
1118 spin_lock(lock: &tx->sta->lock);
1119 /*
1120 * Need to re-check now, because we may get here
1121 *
1122 * 1) in the window during which the setup is actually
1123 * already done, but not marked yet because not all
1124 * packets are spliced over to the driver pending
1125 * queue yet -- if this happened we acquire the lock
1126 * either before or after the splice happens, but
1127 * need to recheck which of these cases happened.
1128 *
1129 * 2) during session teardown, if the OPERATIONAL bit
1130 * was cleared due to the teardown but the pointer
1131 * hasn't been assigned NULL yet (or we loaded it
1132 * before it was assigned) -- in this case it may
1133 * now be NULL which means we should just let the
1134 * packet pass through because splicing the frames
1135 * back is already done.
1136 */
1137 tid_tx = rcu_dereference_protected_tid_tx(tx->sta, tid);
1138
1139 if (!tid_tx) {
1140 /* do nothing, let packet pass through */
1141 } else if (test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
1142 reset_agg_timer = true;
1143 } else {
1144 queued = true;
1145 if (info->flags & IEEE80211_TX_CTL_NO_PS_BUFFER) {
1146 clear_sta_flag(sta: tx->sta, flag: WLAN_STA_SP);
1147 ps_dbg(tx->sta->sdata,
1148 "STA %pM aid %d: SP frame queued, close the SP w/o telling the peer\n",
1149 tx->sta->sta.addr, tx->sta->sta.aid);
1150 }
1151 info->control.vif = &tx->sdata->vif;
1152 info->control.flags |= IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1153 info->flags &= ~IEEE80211_TX_TEMPORARY_FLAGS;
1154 __skb_queue_tail(list: &tid_tx->pending, newsk: skb);
1155 if (skb_queue_len(list_: &tid_tx->pending) > STA_MAX_TX_BUFFER)
1156 purge_skb = __skb_dequeue(list: &tid_tx->pending);
1157 }
1158 spin_unlock(lock: &tx->sta->lock);
1159
1160 if (purge_skb)
1161 ieee80211_free_txskb(hw: &tx->local->hw, skb: purge_skb);
1162 }
1163
1164 /* reset session timer */
1165 if (reset_agg_timer)
1166 tid_tx->last_tx = jiffies;
1167
1168 return queued;
1169}
1170
1171void ieee80211_aggr_check(struct ieee80211_sub_if_data *sdata,
1172 struct sta_info *sta, struct sk_buff *skb)
1173{
1174 struct rate_control_ref *ref = sdata->local->rate_ctrl;
1175 u16 tid;
1176
1177 if (!ref || !(ref->ops->capa & RATE_CTRL_CAPA_AMPDU_TRIGGER))
1178 return;
1179
1180 if (!sta || !sta->sta.deflink.ht_cap.ht_supported ||
1181 !sta->sta.wme || skb_get_queue_mapping(skb) == IEEE80211_AC_VO ||
1182 skb->protocol == sdata->control_port_protocol)
1183 return;
1184
1185 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1186 if (likely(sta->ampdu_mlme.tid_tx[tid]))
1187 return;
1188
1189 ieee80211_start_tx_ba_session(sta: &sta->sta, tid, timeout: 0);
1190}
1191
1192/*
1193 * initialises @tx
1194 * pass %NULL for the station if unknown, a valid pointer if known
1195 * or an ERR_PTR() if the station is known not to exist
1196 */
1197static ieee80211_tx_result
1198ieee80211_tx_prepare(struct ieee80211_sub_if_data *sdata,
1199 struct ieee80211_tx_data *tx,
1200 struct sta_info *sta, struct sk_buff *skb)
1201{
1202 struct ieee80211_local *local = sdata->local;
1203 struct ieee80211_hdr *hdr;
1204 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1205 bool aggr_check = false;
1206 int tid;
1207
1208 memset(tx, 0, sizeof(*tx));
1209 tx->skb = skb;
1210 tx->local = local;
1211 tx->sdata = sdata;
1212 __skb_queue_head_init(list: &tx->skbs);
1213
1214 /*
1215 * If this flag is set to true anywhere, and we get here,
1216 * we are doing the needed processing, so remove the flag
1217 * now.
1218 */
1219 info->control.flags &= ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1220
1221 hdr = (struct ieee80211_hdr *) skb->data;
1222
1223 if (likely(sta)) {
1224 if (!IS_ERR(ptr: sta))
1225 tx->sta = sta;
1226 } else {
1227 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN) {
1228 tx->sta = rcu_dereference(sdata->u.vlan.sta);
1229 if (!tx->sta && sdata->wdev.use_4addr)
1230 return TX_DROP;
1231 } else if (tx->sdata->control_port_protocol == tx->skb->protocol) {
1232 tx->sta = sta_info_get_bss(sdata, addr: hdr->addr1);
1233 }
1234 if (!tx->sta && !is_multicast_ether_addr(addr: hdr->addr1)) {
1235 tx->sta = sta_info_get(sdata, addr: hdr->addr1);
1236 aggr_check = true;
1237 }
1238 }
1239
1240 if (tx->sta && ieee80211_is_data_qos(fc: hdr->frame_control) &&
1241 !ieee80211_is_qos_nullfunc(fc: hdr->frame_control) &&
1242 ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION) &&
1243 !ieee80211_hw_check(&local->hw, TX_AMPDU_SETUP_IN_HW)) {
1244 struct tid_ampdu_tx *tid_tx;
1245
1246 tid = ieee80211_get_tid(hdr);
1247 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1248 if (!tid_tx && aggr_check) {
1249 ieee80211_aggr_check(sdata, sta: tx->sta, skb);
1250 tid_tx = rcu_dereference(tx->sta->ampdu_mlme.tid_tx[tid]);
1251 }
1252
1253 if (tid_tx) {
1254 bool queued;
1255
1256 queued = ieee80211_tx_prep_agg(tx, skb, info,
1257 tid_tx, tid);
1258
1259 if (unlikely(queued))
1260 return TX_QUEUED;
1261 }
1262 }
1263
1264 if (is_multicast_ether_addr(addr: hdr->addr1)) {
1265 tx->flags &= ~IEEE80211_TX_UNICAST;
1266 info->flags |= IEEE80211_TX_CTL_NO_ACK;
1267 } else
1268 tx->flags |= IEEE80211_TX_UNICAST;
1269
1270 if (!(info->flags & IEEE80211_TX_CTL_DONTFRAG)) {
1271 if (!(tx->flags & IEEE80211_TX_UNICAST) ||
1272 skb->len + FCS_LEN <= local->hw.wiphy->frag_threshold ||
1273 info->flags & IEEE80211_TX_CTL_AMPDU)
1274 info->flags |= IEEE80211_TX_CTL_DONTFRAG;
1275 }
1276
1277 if (!tx->sta)
1278 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1279 else if (test_and_clear_sta_flag(sta: tx->sta, flag: WLAN_STA_CLEAR_PS_FILT)) {
1280 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT;
1281 ieee80211_check_fast_xmit(sta: tx->sta);
1282 }
1283
1284 info->flags |= IEEE80211_TX_CTL_FIRST_FRAGMENT;
1285
1286 return TX_CONTINUE;
1287}
1288
1289static struct txq_info *ieee80211_get_txq(struct ieee80211_local *local,
1290 struct ieee80211_vif *vif,
1291 struct sta_info *sta,
1292 struct sk_buff *skb)
1293{
1294 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1295 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1296 struct ieee80211_txq *txq = NULL;
1297
1298 if ((info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM) ||
1299 (info->control.flags & IEEE80211_TX_CTRL_PS_RESPONSE))
1300 return NULL;
1301
1302 if (!(info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) &&
1303 unlikely(!ieee80211_is_data_present(hdr->frame_control))) {
1304 if ((!ieee80211_is_mgmt(fc: hdr->frame_control) ||
1305 ieee80211_is_bufferable_mmpdu(skb) ||
1306 vif->type == NL80211_IFTYPE_STATION) &&
1307 sta && sta->uploaded) {
1308 /*
1309 * This will be NULL if the driver didn't set the
1310 * opt-in hardware flag.
1311 */
1312 txq = sta->sta.txq[IEEE80211_NUM_TIDS];
1313 }
1314 } else if (sta) {
1315 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK;
1316
1317 if (!sta->uploaded)
1318 return NULL;
1319
1320 txq = sta->sta.txq[tid];
1321 } else {
1322 txq = vif->txq;
1323 }
1324
1325 if (!txq)
1326 return NULL;
1327
1328 return to_txq_info(txq);
1329}
1330
1331static void ieee80211_set_skb_enqueue_time(struct sk_buff *skb)
1332{
1333 struct sk_buff *next;
1334 codel_time_t now = codel_get_time();
1335
1336 skb_list_walk_safe(skb, skb, next)
1337 IEEE80211_SKB_CB(skb)->control.enqueue_time = now;
1338}
1339
1340static u32 codel_skb_len_func(const struct sk_buff *skb)
1341{
1342 return skb->len;
1343}
1344
1345static codel_time_t codel_skb_time_func(const struct sk_buff *skb)
1346{
1347 const struct ieee80211_tx_info *info;
1348
1349 info = (const struct ieee80211_tx_info *)skb->cb;
1350 return info->control.enqueue_time;
1351}
1352
1353static struct sk_buff *codel_dequeue_func(struct codel_vars *cvars,
1354 void *ctx)
1355{
1356 struct ieee80211_local *local;
1357 struct txq_info *txqi;
1358 struct fq *fq;
1359 struct fq_flow *flow;
1360
1361 txqi = ctx;
1362 local = vif_to_sdata(p: txqi->txq.vif)->local;
1363 fq = &local->fq;
1364
1365 if (cvars == &txqi->def_cvars)
1366 flow = &txqi->tin.default_flow;
1367 else
1368 flow = &fq->flows[cvars - local->cvars];
1369
1370 return fq_flow_dequeue(fq, flow);
1371}
1372
1373static void codel_drop_func(struct sk_buff *skb,
1374 void *ctx)
1375{
1376 struct ieee80211_local *local;
1377 struct ieee80211_hw *hw;
1378 struct txq_info *txqi;
1379
1380 txqi = ctx;
1381 local = vif_to_sdata(p: txqi->txq.vif)->local;
1382 hw = &local->hw;
1383
1384 ieee80211_free_txskb(hw, skb);
1385}
1386
1387static struct sk_buff *fq_tin_dequeue_func(struct fq *fq,
1388 struct fq_tin *tin,
1389 struct fq_flow *flow)
1390{
1391 struct ieee80211_local *local;
1392 struct txq_info *txqi;
1393 struct codel_vars *cvars;
1394 struct codel_params *cparams;
1395 struct codel_stats *cstats;
1396
1397 local = container_of(fq, struct ieee80211_local, fq);
1398 txqi = container_of(tin, struct txq_info, tin);
1399 cstats = &txqi->cstats;
1400
1401 if (txqi->txq.sta) {
1402 struct sta_info *sta = container_of(txqi->txq.sta,
1403 struct sta_info, sta);
1404 cparams = &sta->cparams;
1405 } else {
1406 cparams = &local->cparams;
1407 }
1408
1409 if (flow == &tin->default_flow)
1410 cvars = &txqi->def_cvars;
1411 else
1412 cvars = &local->cvars[flow - fq->flows];
1413
1414 return codel_dequeue(ctx: txqi,
1415 backlog: &flow->backlog,
1416 params: cparams,
1417 vars: cvars,
1418 stats: cstats,
1419 skb_len_func: codel_skb_len_func,
1420 skb_time_func: codel_skb_time_func,
1421 drop_func: codel_drop_func,
1422 dequeue_func: codel_dequeue_func);
1423}
1424
1425static void fq_skb_free_func(struct fq *fq,
1426 struct fq_tin *tin,
1427 struct fq_flow *flow,
1428 struct sk_buff *skb)
1429{
1430 struct ieee80211_local *local;
1431
1432 local = container_of(fq, struct ieee80211_local, fq);
1433 ieee80211_free_txskb(hw: &local->hw, skb);
1434}
1435
1436static void ieee80211_txq_enqueue(struct ieee80211_local *local,
1437 struct txq_info *txqi,
1438 struct sk_buff *skb)
1439{
1440 struct fq *fq = &local->fq;
1441 struct fq_tin *tin = &txqi->tin;
1442 u32 flow_idx = fq_flow_idx(fq, skb);
1443
1444 ieee80211_set_skb_enqueue_time(skb);
1445
1446 spin_lock_bh(lock: &fq->lock);
1447 /*
1448 * For management frames, don't really apply codel etc.,
1449 * we don't want to apply any shaping or anything we just
1450 * want to simplify the driver API by having them on the
1451 * txqi.
1452 */
1453 if (unlikely(txqi->txq.tid == IEEE80211_NUM_TIDS)) {
1454 IEEE80211_SKB_CB(skb)->control.flags |=
1455 IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
1456 __skb_queue_tail(list: &txqi->frags, newsk: skb);
1457 } else {
1458 fq_tin_enqueue(fq, tin, idx: flow_idx, skb,
1459 free_func: fq_skb_free_func);
1460 }
1461 spin_unlock_bh(lock: &fq->lock);
1462}
1463
1464static bool fq_vlan_filter_func(struct fq *fq, struct fq_tin *tin,
1465 struct fq_flow *flow, struct sk_buff *skb,
1466 void *data)
1467{
1468 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1469
1470 return info->control.vif == data;
1471}
1472
1473void ieee80211_txq_remove_vlan(struct ieee80211_local *local,
1474 struct ieee80211_sub_if_data *sdata)
1475{
1476 struct fq *fq = &local->fq;
1477 struct txq_info *txqi;
1478 struct fq_tin *tin;
1479 struct ieee80211_sub_if_data *ap;
1480
1481 if (WARN_ON(sdata->vif.type != NL80211_IFTYPE_AP_VLAN))
1482 return;
1483
1484 ap = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
1485
1486 if (!ap->vif.txq)
1487 return;
1488
1489 txqi = to_txq_info(txq: ap->vif.txq);
1490 tin = &txqi->tin;
1491
1492 spin_lock_bh(lock: &fq->lock);
1493 fq_tin_filter(fq, tin, filter_func: fq_vlan_filter_func, filter_data: &sdata->vif,
1494 free_func: fq_skb_free_func);
1495 spin_unlock_bh(lock: &fq->lock);
1496}
1497
1498void ieee80211_txq_init(struct ieee80211_sub_if_data *sdata,
1499 struct sta_info *sta,
1500 struct txq_info *txqi, int tid)
1501{
1502 fq_tin_init(tin: &txqi->tin);
1503 codel_vars_init(vars: &txqi->def_cvars);
1504 codel_stats_init(stats: &txqi->cstats);
1505 __skb_queue_head_init(list: &txqi->frags);
1506 INIT_LIST_HEAD(list: &txqi->schedule_order);
1507
1508 txqi->txq.vif = &sdata->vif;
1509
1510 if (!sta) {
1511 sdata->vif.txq = &txqi->txq;
1512 txqi->txq.tid = 0;
1513 txqi->txq.ac = IEEE80211_AC_BE;
1514
1515 return;
1516 }
1517
1518 if (tid == IEEE80211_NUM_TIDS) {
1519 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
1520 /* Drivers need to opt in to the management MPDU TXQ */
1521 if (!ieee80211_hw_check(&sdata->local->hw,
1522 STA_MMPDU_TXQ))
1523 return;
1524 } else if (!ieee80211_hw_check(&sdata->local->hw,
1525 BUFF_MMPDU_TXQ)) {
1526 /* Drivers need to opt in to the bufferable MMPDU TXQ */
1527 return;
1528 }
1529 txqi->txq.ac = IEEE80211_AC_VO;
1530 } else {
1531 txqi->txq.ac = ieee80211_ac_from_tid(tid);
1532 }
1533
1534 txqi->txq.sta = &sta->sta;
1535 txqi->txq.tid = tid;
1536 sta->sta.txq[tid] = &txqi->txq;
1537}
1538
1539void ieee80211_txq_purge(struct ieee80211_local *local,
1540 struct txq_info *txqi)
1541{
1542 struct fq *fq = &local->fq;
1543 struct fq_tin *tin = &txqi->tin;
1544
1545 spin_lock_bh(lock: &fq->lock);
1546 fq_tin_reset(fq, tin, free_func: fq_skb_free_func);
1547 ieee80211_purge_tx_queue(hw: &local->hw, skbs: &txqi->frags);
1548 spin_unlock_bh(lock: &fq->lock);
1549
1550 spin_lock_bh(lock: &local->active_txq_lock[txqi->txq.ac]);
1551 list_del_init(entry: &txqi->schedule_order);
1552 spin_unlock_bh(lock: &local->active_txq_lock[txqi->txq.ac]);
1553}
1554
1555void ieee80211_txq_set_params(struct ieee80211_local *local)
1556{
1557 if (local->hw.wiphy->txq_limit)
1558 local->fq.limit = local->hw.wiphy->txq_limit;
1559 else
1560 local->hw.wiphy->txq_limit = local->fq.limit;
1561
1562 if (local->hw.wiphy->txq_memory_limit)
1563 local->fq.memory_limit = local->hw.wiphy->txq_memory_limit;
1564 else
1565 local->hw.wiphy->txq_memory_limit = local->fq.memory_limit;
1566
1567 if (local->hw.wiphy->txq_quantum)
1568 local->fq.quantum = local->hw.wiphy->txq_quantum;
1569 else
1570 local->hw.wiphy->txq_quantum = local->fq.quantum;
1571}
1572
1573int ieee80211_txq_setup_flows(struct ieee80211_local *local)
1574{
1575 struct fq *fq = &local->fq;
1576 int ret;
1577 int i;
1578 bool supp_vht = false;
1579 enum nl80211_band band;
1580
1581 ret = fq_init(fq, flows_cnt: 4096);
1582 if (ret)
1583 return ret;
1584
1585 /*
1586 * If the hardware doesn't support VHT, it is safe to limit the maximum
1587 * queue size. 4 Mbytes is 64 max-size aggregates in 802.11n.
1588 */
1589 for (band = 0; band < NUM_NL80211_BANDS; band++) {
1590 struct ieee80211_supported_band *sband;
1591
1592 sband = local->hw.wiphy->bands[band];
1593 if (!sband)
1594 continue;
1595
1596 supp_vht = supp_vht || sband->vht_cap.vht_supported;
1597 }
1598
1599 if (!supp_vht)
1600 fq->memory_limit = 4 << 20; /* 4 Mbytes */
1601
1602 codel_params_init(params: &local->cparams);
1603 local->cparams.interval = MS2TIME(100);
1604 local->cparams.target = MS2TIME(20);
1605 local->cparams.ecn = true;
1606
1607 local->cvars = kcalloc(n: fq->flows_cnt, size: sizeof(local->cvars[0]),
1608 GFP_KERNEL);
1609 if (!local->cvars) {
1610 spin_lock_bh(lock: &fq->lock);
1611 fq_reset(fq, free_func: fq_skb_free_func);
1612 spin_unlock_bh(lock: &fq->lock);
1613 return -ENOMEM;
1614 }
1615
1616 for (i = 0; i < fq->flows_cnt; i++)
1617 codel_vars_init(vars: &local->cvars[i]);
1618
1619 ieee80211_txq_set_params(local);
1620
1621 return 0;
1622}
1623
1624void ieee80211_txq_teardown_flows(struct ieee80211_local *local)
1625{
1626 struct fq *fq = &local->fq;
1627
1628 kfree(objp: local->cvars);
1629 local->cvars = NULL;
1630
1631 spin_lock_bh(lock: &fq->lock);
1632 fq_reset(fq, free_func: fq_skb_free_func);
1633 spin_unlock_bh(lock: &fq->lock);
1634}
1635
1636static bool ieee80211_queue_skb(struct ieee80211_local *local,
1637 struct ieee80211_sub_if_data *sdata,
1638 struct sta_info *sta,
1639 struct sk_buff *skb)
1640{
1641 struct ieee80211_vif *vif;
1642 struct txq_info *txqi;
1643
1644 if (sdata->vif.type == NL80211_IFTYPE_MONITOR)
1645 return false;
1646
1647 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
1648 sdata = container_of(sdata->bss,
1649 struct ieee80211_sub_if_data, u.ap);
1650
1651 vif = &sdata->vif;
1652 txqi = ieee80211_get_txq(local, vif, sta, skb);
1653
1654 if (!txqi)
1655 return false;
1656
1657 ieee80211_txq_enqueue(local, txqi, skb);
1658
1659 schedule_and_wake_txq(local, txqi);
1660
1661 return true;
1662}
1663
1664static bool ieee80211_tx_frags(struct ieee80211_local *local,
1665 struct ieee80211_vif *vif,
1666 struct sta_info *sta,
1667 struct sk_buff_head *skbs,
1668 bool txpending)
1669{
1670 struct ieee80211_tx_control control = {};
1671 struct sk_buff *skb, *tmp;
1672 unsigned long flags;
1673
1674 skb_queue_walk_safe(skbs, skb, tmp) {
1675 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1676 int q = info->hw_queue;
1677
1678#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
1679 if (WARN_ON_ONCE(q >= local->hw.queues)) {
1680 __skb_unlink(skb, list: skbs);
1681 ieee80211_free_txskb(hw: &local->hw, skb);
1682 continue;
1683 }
1684#endif
1685
1686 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
1687 if (local->queue_stop_reasons[q] ||
1688 (!txpending && !skb_queue_empty(list: &local->pending[q]))) {
1689 if (unlikely(info->flags &
1690 IEEE80211_TX_INTFL_OFFCHAN_TX_OK)) {
1691 if (local->queue_stop_reasons[q] &
1692 ~BIT(IEEE80211_QUEUE_STOP_REASON_OFFCHANNEL)) {
1693 /*
1694 * Drop off-channel frames if queues
1695 * are stopped for any reason other
1696 * than off-channel operation. Never
1697 * queue them.
1698 */
1699 spin_unlock_irqrestore(
1700 lock: &local->queue_stop_reason_lock,
1701 flags);
1702 ieee80211_purge_tx_queue(hw: &local->hw,
1703 skbs);
1704 return true;
1705 }
1706 } else {
1707
1708 /*
1709 * Since queue is stopped, queue up frames for
1710 * later transmission from the tx-pending
1711 * tasklet when the queue is woken again.
1712 */
1713 if (txpending)
1714 skb_queue_splice_init(list: skbs,
1715 head: &local->pending[q]);
1716 else
1717 skb_queue_splice_tail_init(list: skbs,
1718 head: &local->pending[q]);
1719
1720 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock,
1721 flags);
1722 return false;
1723 }
1724 }
1725 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
1726
1727 info->control.vif = vif;
1728 control.sta = sta ? &sta->sta : NULL;
1729
1730 __skb_unlink(skb, list: skbs);
1731 drv_tx(local, control: &control, skb);
1732 }
1733
1734 return true;
1735}
1736
1737/*
1738 * Returns false if the frame couldn't be transmitted but was queued instead.
1739 */
1740static bool __ieee80211_tx(struct ieee80211_local *local,
1741 struct sk_buff_head *skbs, struct sta_info *sta,
1742 bool txpending)
1743{
1744 struct ieee80211_tx_info *info;
1745 struct ieee80211_sub_if_data *sdata;
1746 struct ieee80211_vif *vif;
1747 struct sk_buff *skb;
1748 bool result;
1749
1750 if (WARN_ON(skb_queue_empty(skbs)))
1751 return true;
1752
1753 skb = skb_peek(list_: skbs);
1754 info = IEEE80211_SKB_CB(skb);
1755 sdata = vif_to_sdata(p: info->control.vif);
1756 if (sta && !sta->uploaded)
1757 sta = NULL;
1758
1759 switch (sdata->vif.type) {
1760 case NL80211_IFTYPE_MONITOR:
1761 if (sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
1762 vif = &sdata->vif;
1763 break;
1764 }
1765 sdata = rcu_dereference(local->monitor_sdata);
1766 if (sdata) {
1767 vif = &sdata->vif;
1768 info->hw_queue =
1769 vif->hw_queue[skb_get_queue_mapping(skb)];
1770 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
1771 ieee80211_purge_tx_queue(hw: &local->hw, skbs);
1772 return true;
1773 } else
1774 vif = NULL;
1775 break;
1776 case NL80211_IFTYPE_AP_VLAN:
1777 sdata = container_of(sdata->bss,
1778 struct ieee80211_sub_if_data, u.ap);
1779 fallthrough;
1780 default:
1781 vif = &sdata->vif;
1782 break;
1783 }
1784
1785 result = ieee80211_tx_frags(local, vif, sta, skbs, txpending);
1786
1787 WARN_ON_ONCE(!skb_queue_empty(skbs));
1788
1789 return result;
1790}
1791
1792/*
1793 * Invoke TX handlers, return 0 on success and non-zero if the
1794 * frame was dropped or queued.
1795 *
1796 * The handlers are split into an early and late part. The latter is everything
1797 * that can be sensitive to reordering, and will be deferred to after packets
1798 * are dequeued from the intermediate queues (when they are enabled).
1799 */
1800static int invoke_tx_handlers_early(struct ieee80211_tx_data *tx)
1801{
1802 ieee80211_tx_result res = TX_DROP;
1803
1804#define CALL_TXH(txh) \
1805 do { \
1806 res = txh(tx); \
1807 if (res != TX_CONTINUE) \
1808 goto txh_done; \
1809 } while (0)
1810
1811 CALL_TXH(ieee80211_tx_h_dynamic_ps);
1812 CALL_TXH(ieee80211_tx_h_check_assoc);
1813 CALL_TXH(ieee80211_tx_h_ps_buf);
1814 CALL_TXH(ieee80211_tx_h_check_control_port_protocol);
1815 CALL_TXH(ieee80211_tx_h_select_key);
1816
1817 txh_done:
1818 if (unlikely(res == TX_DROP)) {
1819 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1820 if (tx->skb)
1821 ieee80211_free_txskb(hw: &tx->local->hw, skb: tx->skb);
1822 else
1823 ieee80211_purge_tx_queue(hw: &tx->local->hw, skbs: &tx->skbs);
1824 return -1;
1825 } else if (unlikely(res == TX_QUEUED)) {
1826 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1827 return -1;
1828 }
1829
1830 return 0;
1831}
1832
1833/*
1834 * Late handlers can be called while the sta lock is held. Handlers that can
1835 * cause packets to be generated will cause deadlock!
1836 */
1837static int invoke_tx_handlers_late(struct ieee80211_tx_data *tx)
1838{
1839 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb: tx->skb);
1840 ieee80211_tx_result res = TX_CONTINUE;
1841
1842 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1843 CALL_TXH(ieee80211_tx_h_rate_ctrl);
1844
1845 if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) {
1846 __skb_queue_tail(list: &tx->skbs, newsk: tx->skb);
1847 tx->skb = NULL;
1848 goto txh_done;
1849 }
1850
1851 CALL_TXH(ieee80211_tx_h_michael_mic_add);
1852 CALL_TXH(ieee80211_tx_h_sequence);
1853 CALL_TXH(ieee80211_tx_h_fragment);
1854 /* handlers after fragment must be aware of tx info fragmentation! */
1855 CALL_TXH(ieee80211_tx_h_stats);
1856 CALL_TXH(ieee80211_tx_h_encrypt);
1857 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL))
1858 CALL_TXH(ieee80211_tx_h_calculate_duration);
1859#undef CALL_TXH
1860
1861 txh_done:
1862 if (unlikely(res == TX_DROP)) {
1863 I802_DEBUG_INC(tx->local->tx_handlers_drop);
1864 if (tx->skb)
1865 ieee80211_free_txskb(hw: &tx->local->hw, skb: tx->skb);
1866 else
1867 ieee80211_purge_tx_queue(hw: &tx->local->hw, skbs: &tx->skbs);
1868 return -1;
1869 } else if (unlikely(res == TX_QUEUED)) {
1870 I802_DEBUG_INC(tx->local->tx_handlers_queued);
1871 return -1;
1872 }
1873
1874 return 0;
1875}
1876
1877static int invoke_tx_handlers(struct ieee80211_tx_data *tx)
1878{
1879 int r = invoke_tx_handlers_early(tx);
1880
1881 if (r)
1882 return r;
1883 return invoke_tx_handlers_late(tx);
1884}
1885
1886bool ieee80211_tx_prepare_skb(struct ieee80211_hw *hw,
1887 struct ieee80211_vif *vif, struct sk_buff *skb,
1888 int band, struct ieee80211_sta **sta)
1889{
1890 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
1891 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1892 struct ieee80211_tx_data tx;
1893 struct sk_buff *skb2;
1894
1895 if (ieee80211_tx_prepare(sdata, tx: &tx, NULL, skb) == TX_DROP)
1896 return false;
1897
1898 info->band = band;
1899 info->control.vif = vif;
1900 info->hw_queue = vif->hw_queue[skb_get_queue_mapping(skb)];
1901
1902 if (invoke_tx_handlers(tx: &tx))
1903 return false;
1904
1905 if (sta) {
1906 if (tx.sta)
1907 *sta = &tx.sta->sta;
1908 else
1909 *sta = NULL;
1910 }
1911
1912 /* this function isn't suitable for fragmented data frames */
1913 skb2 = __skb_dequeue(list: &tx.skbs);
1914 if (WARN_ON(skb2 != skb || !skb_queue_empty(&tx.skbs))) {
1915 ieee80211_free_txskb(hw, skb: skb2);
1916 ieee80211_purge_tx_queue(hw, skbs: &tx.skbs);
1917 return false;
1918 }
1919
1920 return true;
1921}
1922EXPORT_SYMBOL(ieee80211_tx_prepare_skb);
1923
1924/*
1925 * Returns false if the frame couldn't be transmitted but was queued instead.
1926 */
1927static bool ieee80211_tx(struct ieee80211_sub_if_data *sdata,
1928 struct sta_info *sta, struct sk_buff *skb,
1929 bool txpending)
1930{
1931 struct ieee80211_local *local = sdata->local;
1932 struct ieee80211_tx_data tx;
1933 ieee80211_tx_result res_prepare;
1934 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1935 bool result = true;
1936
1937 if (unlikely(skb->len < 10)) {
1938 dev_kfree_skb(skb);
1939 return true;
1940 }
1941
1942 /* initialises tx */
1943 res_prepare = ieee80211_tx_prepare(sdata, tx: &tx, sta, skb);
1944
1945 if (unlikely(res_prepare == TX_DROP)) {
1946 ieee80211_free_txskb(hw: &local->hw, skb);
1947 return true;
1948 } else if (unlikely(res_prepare == TX_QUEUED)) {
1949 return true;
1950 }
1951
1952 /* set up hw_queue value early */
1953 if (!(info->flags & IEEE80211_TX_CTL_TX_OFFCHAN) ||
1954 !ieee80211_hw_check(&local->hw, QUEUE_CONTROL))
1955 info->hw_queue =
1956 sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
1957
1958 if (invoke_tx_handlers_early(tx: &tx))
1959 return true;
1960
1961 if (ieee80211_queue_skb(local, sdata, sta: tx.sta, skb: tx.skb))
1962 return true;
1963
1964 if (!invoke_tx_handlers_late(tx: &tx))
1965 result = __ieee80211_tx(local, skbs: &tx.skbs, sta: tx.sta, txpending);
1966
1967 return result;
1968}
1969
1970/* device xmit handlers */
1971
1972enum ieee80211_encrypt {
1973 ENCRYPT_NO,
1974 ENCRYPT_MGMT,
1975 ENCRYPT_DATA,
1976};
1977
1978static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
1979 struct sk_buff *skb,
1980 int head_need,
1981 enum ieee80211_encrypt encrypt)
1982{
1983 struct ieee80211_local *local = sdata->local;
1984 bool enc_tailroom;
1985 int tail_need = 0;
1986
1987 enc_tailroom = encrypt == ENCRYPT_MGMT ||
1988 (encrypt == ENCRYPT_DATA &&
1989 sdata->crypto_tx_tailroom_needed_cnt);
1990
1991 if (enc_tailroom) {
1992 tail_need = IEEE80211_ENCRYPT_TAILROOM;
1993 tail_need -= skb_tailroom(skb);
1994 tail_need = max_t(int, tail_need, 0);
1995 }
1996
1997 if (skb_cloned(skb) &&
1998 (!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
1999 !skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
2000 I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
2001 else if (head_need || tail_need)
2002 I802_DEBUG_INC(local->tx_expand_skb_head);
2003 else
2004 return 0;
2005
2006 if (pskb_expand_head(skb, nhead: head_need, ntail: tail_need, GFP_ATOMIC)) {
2007 wiphy_debug(local->hw.wiphy,
2008 "failed to reallocate TX buffer\n");
2009 return -ENOMEM;
2010 }
2011
2012 return 0;
2013}
2014
2015void ieee80211_xmit(struct ieee80211_sub_if_data *sdata,
2016 struct sta_info *sta, struct sk_buff *skb)
2017{
2018 struct ieee80211_local *local = sdata->local;
2019 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2020 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
2021 int headroom;
2022 enum ieee80211_encrypt encrypt;
2023
2024 if (info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)
2025 encrypt = ENCRYPT_NO;
2026 else if (ieee80211_is_mgmt(fc: hdr->frame_control))
2027 encrypt = ENCRYPT_MGMT;
2028 else
2029 encrypt = ENCRYPT_DATA;
2030
2031 headroom = local->tx_headroom;
2032 if (encrypt != ENCRYPT_NO)
2033 headroom += IEEE80211_ENCRYPT_HEADROOM;
2034 headroom -= skb_headroom(skb);
2035 headroom = max_t(int, 0, headroom);
2036
2037 if (ieee80211_skb_resize(sdata, skb, head_need: headroom, encrypt)) {
2038 ieee80211_free_txskb(hw: &local->hw, skb);
2039 return;
2040 }
2041
2042 /* reload after potential resize */
2043 hdr = (struct ieee80211_hdr *) skb->data;
2044 info->control.vif = &sdata->vif;
2045
2046 if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
2047 if (ieee80211_is_data(fc: hdr->frame_control) &&
2048 is_unicast_ether_addr(addr: hdr->addr1)) {
2049 if (mesh_nexthop_resolve(sdata, skb))
2050 return; /* skb queued: don't free */
2051 } else {
2052 ieee80211_mps_set_frame_flags(sdata, NULL, hdr);
2053 }
2054 }
2055
2056 ieee80211_set_qos_hdr(sdata, skb);
2057 ieee80211_tx(sdata, sta, skb, txpending: false);
2058}
2059
2060static bool ieee80211_validate_radiotap_len(struct sk_buff *skb)
2061{
2062 struct ieee80211_radiotap_header *rthdr =
2063 (struct ieee80211_radiotap_header *)skb->data;
2064
2065 /* check for not even having the fixed radiotap header part */
2066 if (unlikely(skb->len < sizeof(struct ieee80211_radiotap_header)))
2067 return false; /* too short to be possibly valid */
2068
2069 /* is it a header version we can trust to find length from? */
2070 if (unlikely(rthdr->it_version))
2071 return false; /* only version 0 is supported */
2072
2073 /* does the skb contain enough to deliver on the alleged length? */
2074 if (unlikely(skb->len < ieee80211_get_radiotap_len(skb->data)))
2075 return false; /* skb too short for claimed rt header extent */
2076
2077 return true;
2078}
2079
2080bool ieee80211_parse_tx_radiotap(struct sk_buff *skb,
2081 struct net_device *dev)
2082{
2083 struct ieee80211_local *local = wdev_priv(wdev: dev->ieee80211_ptr);
2084 struct ieee80211_radiotap_iterator iterator;
2085 struct ieee80211_radiotap_header *rthdr =
2086 (struct ieee80211_radiotap_header *) skb->data;
2087 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2088 int ret = ieee80211_radiotap_iterator_init(iterator: &iterator, radiotap_header: rthdr, max_length: skb->len,
2089 NULL);
2090 u16 txflags;
2091 u16 rate = 0;
2092 bool rate_found = false;
2093 u8 rate_retries = 0;
2094 u16 rate_flags = 0;
2095 u8 mcs_known, mcs_flags, mcs_bw;
2096 u16 vht_known;
2097 u8 vht_mcs = 0, vht_nss = 0;
2098 int i;
2099
2100 if (!ieee80211_validate_radiotap_len(skb))
2101 return false;
2102
2103 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT |
2104 IEEE80211_TX_CTL_DONTFRAG;
2105
2106 /*
2107 * for every radiotap entry that is present
2108 * (ieee80211_radiotap_iterator_next returns -ENOENT when no more
2109 * entries present, or -EINVAL on error)
2110 */
2111
2112 while (!ret) {
2113 ret = ieee80211_radiotap_iterator_next(iterator: &iterator);
2114
2115 if (ret)
2116 continue;
2117
2118 /* see if this argument is something we can use */
2119 switch (iterator.this_arg_index) {
2120 /*
2121 * You must take care when dereferencing iterator.this_arg
2122 * for multibyte types... the pointer is not aligned. Use
2123 * get_unaligned((type *)iterator.this_arg) to dereference
2124 * iterator.this_arg for type "type" safely on all arches.
2125 */
2126 case IEEE80211_RADIOTAP_FLAGS:
2127 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FCS) {
2128 /*
2129 * this indicates that the skb we have been
2130 * handed has the 32-bit FCS CRC at the end...
2131 * we should react to that by snipping it off
2132 * because it will be recomputed and added
2133 * on transmission
2134 */
2135 if (skb->len < (iterator._max_length + FCS_LEN))
2136 return false;
2137
2138 skb_trim(skb, len: skb->len - FCS_LEN);
2139 }
2140 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_WEP)
2141 info->flags &= ~IEEE80211_TX_INTFL_DONT_ENCRYPT;
2142 if (*iterator.this_arg & IEEE80211_RADIOTAP_F_FRAG)
2143 info->flags &= ~IEEE80211_TX_CTL_DONTFRAG;
2144 break;
2145
2146 case IEEE80211_RADIOTAP_TX_FLAGS:
2147 txflags = get_unaligned_le16(p: iterator.this_arg);
2148 if (txflags & IEEE80211_RADIOTAP_F_TX_NOACK)
2149 info->flags |= IEEE80211_TX_CTL_NO_ACK;
2150 if (txflags & IEEE80211_RADIOTAP_F_TX_NOSEQNO)
2151 info->control.flags |= IEEE80211_TX_CTRL_NO_SEQNO;
2152 if (txflags & IEEE80211_RADIOTAP_F_TX_ORDER)
2153 info->control.flags |=
2154 IEEE80211_TX_CTRL_DONT_REORDER;
2155 break;
2156
2157 case IEEE80211_RADIOTAP_RATE:
2158 rate = *iterator.this_arg;
2159 rate_flags = 0;
2160 rate_found = true;
2161 break;
2162
2163 case IEEE80211_RADIOTAP_ANTENNA:
2164 /* this can appear multiple times, keep a bitmap */
2165 info->control.antennas |= BIT(*iterator.this_arg);
2166 break;
2167
2168 case IEEE80211_RADIOTAP_DATA_RETRIES:
2169 rate_retries = *iterator.this_arg;
2170 break;
2171
2172 case IEEE80211_RADIOTAP_MCS:
2173 mcs_known = iterator.this_arg[0];
2174 mcs_flags = iterator.this_arg[1];
2175 if (!(mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_MCS))
2176 break;
2177
2178 rate_found = true;
2179 rate = iterator.this_arg[2];
2180 rate_flags = IEEE80211_TX_RC_MCS;
2181
2182 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_GI &&
2183 mcs_flags & IEEE80211_RADIOTAP_MCS_SGI)
2184 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2185
2186 mcs_bw = mcs_flags & IEEE80211_RADIOTAP_MCS_BW_MASK;
2187 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_BW &&
2188 mcs_bw == IEEE80211_RADIOTAP_MCS_BW_40)
2189 rate_flags |= IEEE80211_TX_RC_40_MHZ_WIDTH;
2190
2191 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_FEC &&
2192 mcs_flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC)
2193 info->flags |= IEEE80211_TX_CTL_LDPC;
2194
2195 if (mcs_known & IEEE80211_RADIOTAP_MCS_HAVE_STBC) {
2196 u8 stbc = u8_get_bits(v: mcs_flags,
2197 field: IEEE80211_RADIOTAP_MCS_STBC_MASK);
2198
2199 info->flags |=
2200 u32_encode_bits(v: stbc,
2201 field: IEEE80211_TX_CTL_STBC);
2202 }
2203 break;
2204
2205 case IEEE80211_RADIOTAP_VHT:
2206 vht_known = get_unaligned_le16(p: iterator.this_arg);
2207 rate_found = true;
2208
2209 rate_flags = IEEE80211_TX_RC_VHT_MCS;
2210 if ((vht_known & IEEE80211_RADIOTAP_VHT_KNOWN_GI) &&
2211 (iterator.this_arg[2] &
2212 IEEE80211_RADIOTAP_VHT_FLAG_SGI))
2213 rate_flags |= IEEE80211_TX_RC_SHORT_GI;
2214 if (vht_known &
2215 IEEE80211_RADIOTAP_VHT_KNOWN_BANDWIDTH) {
2216 if (iterator.this_arg[3] == 1)
2217 rate_flags |=
2218 IEEE80211_TX_RC_40_MHZ_WIDTH;
2219 else if (iterator.this_arg[3] == 4)
2220 rate_flags |=
2221 IEEE80211_TX_RC_80_MHZ_WIDTH;
2222 else if (iterator.this_arg[3] == 11)
2223 rate_flags |=
2224 IEEE80211_TX_RC_160_MHZ_WIDTH;
2225 }
2226
2227 vht_mcs = iterator.this_arg[4] >> 4;
2228 if (vht_mcs > 11)
2229 vht_mcs = 0;
2230 vht_nss = iterator.this_arg[4] & 0xF;
2231 if (!vht_nss || vht_nss > 8)
2232 vht_nss = 1;
2233 break;
2234
2235 /*
2236 * Please update the file
2237 * Documentation/networking/mac80211-injection.rst
2238 * when parsing new fields here.
2239 */
2240
2241 default:
2242 break;
2243 }
2244 }
2245
2246 if (ret != -ENOENT) /* ie, if we didn't simply run out of fields */
2247 return false;
2248
2249 if (rate_found) {
2250 struct ieee80211_supported_band *sband =
2251 local->hw.wiphy->bands[info->band];
2252
2253 info->control.flags |= IEEE80211_TX_CTRL_RATE_INJECT;
2254
2255 for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2256 info->control.rates[i].idx = -1;
2257 info->control.rates[i].flags = 0;
2258 info->control.rates[i].count = 0;
2259 }
2260
2261 if (rate_flags & IEEE80211_TX_RC_MCS) {
2262 /* reset antennas if not enough */
2263 if (IEEE80211_HT_MCS_CHAINS(rate) >
2264 hweight8(info->control.antennas))
2265 info->control.antennas = 0;
2266
2267 info->control.rates[0].idx = rate;
2268 } else if (rate_flags & IEEE80211_TX_RC_VHT_MCS) {
2269 /* reset antennas if not enough */
2270 if (vht_nss > hweight8(info->control.antennas))
2271 info->control.antennas = 0;
2272
2273 ieee80211_rate_set_vht(rate: info->control.rates, mcs: vht_mcs,
2274 nss: vht_nss);
2275 } else if (sband) {
2276 for (i = 0; i < sband->n_bitrates; i++) {
2277 if (rate * 5 != sband->bitrates[i].bitrate)
2278 continue;
2279
2280 info->control.rates[0].idx = i;
2281 break;
2282 }
2283 }
2284
2285 if (info->control.rates[0].idx < 0)
2286 info->control.flags &= ~IEEE80211_TX_CTRL_RATE_INJECT;
2287
2288 info->control.rates[0].flags = rate_flags;
2289 info->control.rates[0].count = min_t(u8, rate_retries + 1,
2290 local->hw.max_rate_tries);
2291 }
2292
2293 return true;
2294}
2295
2296netdev_tx_t ieee80211_monitor_start_xmit(struct sk_buff *skb,
2297 struct net_device *dev)
2298{
2299 struct ieee80211_local *local = wdev_priv(wdev: dev->ieee80211_ptr);
2300 struct ieee80211_chanctx_conf *chanctx_conf;
2301 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
2302 struct ieee80211_hdr *hdr;
2303 struct ieee80211_sub_if_data *tmp_sdata, *sdata;
2304 struct cfg80211_chan_def *chandef;
2305 u16 len_rthdr;
2306 int hdrlen;
2307
2308 sdata = IEEE80211_DEV_TO_SUB_IF(dev);
2309 if (unlikely(!ieee80211_sdata_running(sdata)))
2310 goto fail;
2311
2312 memset(info, 0, sizeof(*info));
2313 info->flags = IEEE80211_TX_CTL_REQ_TX_STATUS |
2314 IEEE80211_TX_CTL_INJECTED;
2315
2316 /* Sanity-check the length of the radiotap header */
2317 if (!ieee80211_validate_radiotap_len(skb))
2318 goto fail;
2319
2320 /* we now know there is a radiotap header with a length we can use */
2321 len_rthdr = ieee80211_get_radiotap_len(data: skb->data);
2322
2323 /*
2324 * fix up the pointers accounting for the radiotap
2325 * header still being in there. We are being given
2326 * a precooked IEEE80211 header so no need for
2327 * normal processing
2328 */
2329 skb_set_mac_header(skb, offset: len_rthdr);
2330 /*
2331 * these are just fixed to the end of the rt area since we
2332 * don't have any better information and at this point, nobody cares
2333 */
2334 skb_set_network_header(skb, offset: len_rthdr);
2335 skb_set_transport_header(skb, offset: len_rthdr);
2336
2337 if (skb->len < len_rthdr + 2)
2338 goto fail;
2339
2340 hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
2341 hdrlen = ieee80211_hdrlen(fc: hdr->frame_control);
2342
2343 if (skb->len < len_rthdr + hdrlen)
2344 goto fail;
2345
2346 /*
2347 * Initialize skb->protocol if the injected frame is a data frame
2348 * carrying a rfc1042 header
2349 */
2350 if (ieee80211_is_data(fc: hdr->frame_control) &&
2351 skb->len >= len_rthdr + hdrlen + sizeof(rfc1042_header) + 2) {
2352 u8 *payload = (u8 *)hdr + hdrlen;
2353
2354 if (ether_addr_equal(addr1: payload, addr2: rfc1042_header))
2355 skb->protocol = cpu_to_be16((payload[6] << 8) |
2356 payload[7]);
2357 }
2358
2359 rcu_read_lock();
2360
2361 /*
2362 * We process outgoing injected frames that have a local address
2363 * we handle as though they are non-injected frames.
2364 * This code here isn't entirely correct, the local MAC address
2365 * isn't always enough to find the interface to use; for proper
2366 * VLAN support we have an nl80211-based mechanism.
2367 *
2368 * This is necessary, for example, for old hostapd versions that
2369 * don't use nl80211-based management TX/RX.
2370 */
2371 list_for_each_entry_rcu(tmp_sdata, &local->interfaces, list) {
2372 if (!ieee80211_sdata_running(sdata: tmp_sdata))
2373 continue;
2374 if (tmp_sdata->vif.type == NL80211_IFTYPE_MONITOR ||
2375 tmp_sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
2376 continue;
2377 if (ether_addr_equal(addr1: tmp_sdata->vif.addr, addr2: hdr->addr2)) {
2378 sdata = tmp_sdata;
2379 break;
2380 }
2381 }
2382
2383 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2384 if (!chanctx_conf) {
2385 tmp_sdata = rcu_dereference(local->monitor_sdata);
2386 if (tmp_sdata)
2387 chanctx_conf =
2388 rcu_dereference(tmp_sdata->vif.bss_conf.chanctx_conf);
2389 }
2390
2391 if (chanctx_conf)
2392 chandef = &chanctx_conf->def;
2393 else
2394 goto fail_rcu;
2395
2396 /*
2397 * If driver/HW supports IEEE80211_CHAN_CAN_MONITOR we still
2398 * shouldn't transmit on disabled channels.
2399 */
2400 if (!cfg80211_chandef_usable(wiphy: local->hw.wiphy, chandef,
2401 prohibited_flags: IEEE80211_CHAN_DISABLED))
2402 goto fail_rcu;
2403
2404 /*
2405 * Frame injection is not allowed if beaconing is not allowed
2406 * or if we need radar detection. Beaconing is usually not allowed when
2407 * the mode or operation (Adhoc, AP, Mesh) does not support DFS.
2408 * Passive scan is also used in world regulatory domains where
2409 * your country is not known and as such it should be treated as
2410 * NO TX unless the channel is explicitly allowed in which case
2411 * your current regulatory domain would not have the passive scan
2412 * flag.
2413 *
2414 * Since AP mode uses monitor interfaces to inject/TX management
2415 * frames we can make AP mode the exception to this rule once it
2416 * supports radar detection as its implementation can deal with
2417 * radar detection by itself. We can do that later by adding a
2418 * monitor flag interfaces used for AP support.
2419 */
2420 if (!cfg80211_reg_can_beacon(wiphy: local->hw.wiphy, chandef,
2421 iftype: sdata->vif.type))
2422 goto fail_rcu;
2423
2424 info->band = chandef->chan->band;
2425
2426 /* Initialize skb->priority according to frame type and TID class,
2427 * with respect to the sub interface that the frame will actually
2428 * be transmitted on. If the DONT_REORDER flag is set, the original
2429 * skb-priority is preserved to assure frames injected with this
2430 * flag are not reordered relative to each other.
2431 */
2432 ieee80211_select_queue_80211(sdata, skb, hdr);
2433 skb_set_queue_mapping(skb, queue_mapping: ieee80211_ac_from_tid(tid: skb->priority));
2434
2435 /*
2436 * Process the radiotap header. This will now take into account the
2437 * selected chandef above to accurately set injection rates and
2438 * retransmissions.
2439 */
2440 if (!ieee80211_parse_tx_radiotap(skb, dev))
2441 goto fail_rcu;
2442
2443 /* remove the injection radiotap header */
2444 skb_pull(skb, len: len_rthdr);
2445
2446 ieee80211_xmit(sdata, NULL, skb);
2447 rcu_read_unlock();
2448
2449 return NETDEV_TX_OK;
2450
2451fail_rcu:
2452 rcu_read_unlock();
2453fail:
2454 dev_kfree_skb(skb);
2455 return NETDEV_TX_OK; /* meaning, we dealt with the skb */
2456}
2457
2458static inline bool ieee80211_is_tdls_setup(struct sk_buff *skb)
2459{
2460 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
2461
2462 return ethertype == ETH_P_TDLS &&
2463 skb->len > 14 &&
2464 skb->data[14] == WLAN_TDLS_SNAP_RFTYPE;
2465}
2466
2467int ieee80211_lookup_ra_sta(struct ieee80211_sub_if_data *sdata,
2468 struct sk_buff *skb,
2469 struct sta_info **sta_out)
2470{
2471 struct sta_info *sta;
2472
2473 switch (sdata->vif.type) {
2474 case NL80211_IFTYPE_AP_VLAN:
2475 sta = rcu_dereference(sdata->u.vlan.sta);
2476 if (sta) {
2477 *sta_out = sta;
2478 return 0;
2479 } else if (sdata->wdev.use_4addr) {
2480 return -ENOLINK;
2481 }
2482 fallthrough;
2483 case NL80211_IFTYPE_AP:
2484 case NL80211_IFTYPE_OCB:
2485 case NL80211_IFTYPE_ADHOC:
2486 if (is_multicast_ether_addr(addr: skb->data)) {
2487 *sta_out = ERR_PTR(error: -ENOENT);
2488 return 0;
2489 }
2490 sta = sta_info_get_bss(sdata, addr: skb->data);
2491 break;
2492#ifdef CONFIG_MAC80211_MESH
2493 case NL80211_IFTYPE_MESH_POINT:
2494 /* determined much later */
2495 *sta_out = NULL;
2496 return 0;
2497#endif
2498 case NL80211_IFTYPE_STATION:
2499 if (sdata->wdev.wiphy->flags & WIPHY_FLAG_SUPPORTS_TDLS) {
2500 sta = sta_info_get(sdata, addr: skb->data);
2501 if (sta && test_sta_flag(sta, flag: WLAN_STA_TDLS_PEER)) {
2502 if (test_sta_flag(sta,
2503 flag: WLAN_STA_TDLS_PEER_AUTH)) {
2504 *sta_out = sta;
2505 return 0;
2506 }
2507
2508 /*
2509 * TDLS link during setup - throw out frames to
2510 * peer. Allow TDLS-setup frames to unauthorized
2511 * peers for the special case of a link teardown
2512 * after a TDLS sta is removed due to being
2513 * unreachable.
2514 */
2515 if (!ieee80211_is_tdls_setup(skb))
2516 return -EINVAL;
2517 }
2518
2519 }
2520
2521 sta = sta_info_get(sdata, addr: sdata->vif.cfg.ap_addr);
2522 if (!sta)
2523 return -ENOLINK;
2524 break;
2525 default:
2526 return -EINVAL;
2527 }
2528
2529 *sta_out = sta ?: ERR_PTR(error: -ENOENT);
2530 return 0;
2531}
2532
2533static u16 ieee80211_store_ack_skb(struct ieee80211_local *local,
2534 struct sk_buff *skb,
2535 u32 *info_flags,
2536 u64 *cookie)
2537{
2538 struct sk_buff *ack_skb;
2539 u16 info_id = 0;
2540
2541 if (skb->sk)
2542 ack_skb = skb_clone_sk(skb);
2543 else
2544 ack_skb = skb_clone(skb, GFP_ATOMIC);
2545
2546 if (ack_skb) {
2547 unsigned long flags;
2548 int id;
2549
2550 spin_lock_irqsave(&local->ack_status_lock, flags);
2551 id = idr_alloc(&local->ack_status_frames, ptr: ack_skb,
2552 start: 1, end: 0x2000, GFP_ATOMIC);
2553 spin_unlock_irqrestore(lock: &local->ack_status_lock, flags);
2554
2555 if (id >= 0) {
2556 info_id = id;
2557 *info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2558 if (cookie) {
2559 *cookie = ieee80211_mgmt_tx_cookie(local);
2560 IEEE80211_SKB_CB(skb: ack_skb)->ack.cookie = *cookie;
2561 }
2562 } else {
2563 kfree_skb(skb: ack_skb);
2564 }
2565 }
2566
2567 return info_id;
2568}
2569
2570/**
2571 * ieee80211_build_hdr - build 802.11 header in the given frame
2572 * @sdata: virtual interface to build the header for
2573 * @skb: the skb to build the header in
2574 * @info_flags: skb flags to set
2575 * @sta: the station pointer
2576 * @ctrl_flags: info control flags to set
2577 * @cookie: cookie pointer to fill (if not %NULL)
2578 *
2579 * This function takes the skb with 802.3 header and reformats the header to
2580 * the appropriate IEEE 802.11 header based on which interface the packet is
2581 * being transmitted on.
2582 *
2583 * Note that this function also takes care of the TX status request and
2584 * potential unsharing of the SKB - this needs to be interleaved with the
2585 * header building.
2586 *
2587 * The function requires the read-side RCU lock held
2588 *
2589 * Returns: the (possibly reallocated) skb or an ERR_PTR() code
2590 */
2591static struct sk_buff *ieee80211_build_hdr(struct ieee80211_sub_if_data *sdata,
2592 struct sk_buff *skb, u32 info_flags,
2593 struct sta_info *sta, u32 ctrl_flags,
2594 u64 *cookie)
2595{
2596 struct ieee80211_local *local = sdata->local;
2597 struct ieee80211_tx_info *info;
2598 int head_need;
2599 u16 ethertype, hdrlen, meshhdrlen = 0;
2600 __le16 fc;
2601 struct ieee80211_hdr hdr;
2602 struct ieee80211s_hdr mesh_hdr __maybe_unused;
2603 struct mesh_path __maybe_unused *mppath = NULL, *mpath = NULL;
2604 const u8 *encaps_data;
2605 int encaps_len, skip_header_bytes;
2606 bool wme_sta = false, authorized = false;
2607 bool tdls_peer;
2608 bool multicast;
2609 u16 info_id = 0;
2610 struct ieee80211_chanctx_conf *chanctx_conf = NULL;
2611 enum nl80211_band band;
2612 int ret;
2613 u8 link_id = u32_get_bits(v: ctrl_flags, field: IEEE80211_TX_CTRL_MLO_LINK);
2614
2615 if (IS_ERR(ptr: sta))
2616 sta = NULL;
2617
2618#ifdef CONFIG_MAC80211_DEBUGFS
2619 if (local->force_tx_status)
2620 info_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
2621#endif
2622
2623 /* convert Ethernet header to proper 802.11 header (based on
2624 * operation mode) */
2625 ethertype = (skb->data[12] << 8) | skb->data[13];
2626 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
2627
2628 if (!ieee80211_vif_is_mld(vif: &sdata->vif))
2629 chanctx_conf =
2630 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
2631
2632 switch (sdata->vif.type) {
2633 case NL80211_IFTYPE_AP_VLAN:
2634 if (sdata->wdev.use_4addr) {
2635 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS | IEEE80211_FCTL_TODS);
2636 /* RA TA DA SA */
2637 memcpy(hdr.addr1, sta->sta.addr, ETH_ALEN);
2638 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2639 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2640 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2641 hdrlen = 30;
2642 authorized = test_sta_flag(sta, flag: WLAN_STA_AUTHORIZED);
2643 wme_sta = sta->sta.wme;
2644 }
2645 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
2646 struct ieee80211_sub_if_data *ap_sdata;
2647
2648 /* override chanctx_conf from AP (we don't have one) */
2649 ap_sdata = container_of(sdata->bss,
2650 struct ieee80211_sub_if_data,
2651 u.ap);
2652 chanctx_conf =
2653 rcu_dereference(ap_sdata->vif.bss_conf.chanctx_conf);
2654 }
2655 if (sdata->wdev.use_4addr)
2656 break;
2657 fallthrough;
2658 case NL80211_IFTYPE_AP:
2659 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
2660 /* DA BSSID SA */
2661 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2662
2663 if (ieee80211_vif_is_mld(vif: &sdata->vif) && sta && !sta->sta.mlo) {
2664 struct ieee80211_link_data *link;
2665
2666 link_id = sta->deflink.link_id;
2667 link = rcu_dereference(sdata->link[link_id]);
2668 if (WARN_ON(!link)) {
2669 ret = -ENOLINK;
2670 goto free;
2671 }
2672 memcpy(hdr.addr2, link->conf->addr, ETH_ALEN);
2673 } else if (link_id == IEEE80211_LINK_UNSPECIFIED ||
2674 (sta && sta->sta.mlo)) {
2675 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2676 } else {
2677 struct ieee80211_bss_conf *conf;
2678
2679 conf = rcu_dereference(sdata->vif.link_conf[link_id]);
2680 if (unlikely(!conf)) {
2681 ret = -ENOLINK;
2682 goto free;
2683 }
2684
2685 memcpy(hdr.addr2, conf->addr, ETH_ALEN);
2686 }
2687
2688 memcpy(hdr.addr3, skb->data + ETH_ALEN, ETH_ALEN);
2689 hdrlen = 24;
2690 break;
2691#ifdef CONFIG_MAC80211_MESH
2692 case NL80211_IFTYPE_MESH_POINT:
2693 if (!is_multicast_ether_addr(addr: skb->data)) {
2694 struct sta_info *next_hop;
2695 bool mpp_lookup = true;
2696
2697 mpath = mesh_path_lookup(sdata, dst: skb->data);
2698 if (mpath) {
2699 mpp_lookup = false;
2700 next_hop = rcu_dereference(mpath->next_hop);
2701 if (!next_hop ||
2702 !(mpath->flags & (MESH_PATH_ACTIVE |
2703 MESH_PATH_RESOLVING)))
2704 mpp_lookup = true;
2705 }
2706
2707 if (mpp_lookup) {
2708 mppath = mpp_path_lookup(sdata, dst: skb->data);
2709 if (mppath)
2710 mppath->exp_time = jiffies;
2711 }
2712
2713 if (mppath && mpath)
2714 mesh_path_del(sdata, addr: mpath->dst);
2715 }
2716
2717 /*
2718 * Use address extension if it is a packet from
2719 * another interface or if we know the destination
2720 * is being proxied by a portal (i.e. portal address
2721 * differs from proxied address)
2722 */
2723 if (ether_addr_equal(addr1: sdata->vif.addr, addr2: skb->data + ETH_ALEN) &&
2724 !(mppath && !ether_addr_equal(addr1: mppath->mpp, addr2: skb->data))) {
2725 hdrlen = ieee80211_fill_mesh_addresses(hdr: &hdr, fc: &fc,
2726 da: skb->data, sa: skb->data + ETH_ALEN);
2727 meshhdrlen = ieee80211_new_mesh_header(sdata, meshhdr: &mesh_hdr,
2728 NULL, NULL);
2729 } else {
2730 /* DS -> MBSS (802.11-2012 13.11.3.3).
2731 * For unicast with unknown forwarding information,
2732 * destination might be in the MBSS or if that fails
2733 * forwarded to another mesh gate. In either case
2734 * resolution will be handled in ieee80211_xmit(), so
2735 * leave the original DA. This also works for mcast */
2736 const u8 *mesh_da = skb->data;
2737
2738 if (mppath)
2739 mesh_da = mppath->mpp;
2740 else if (mpath)
2741 mesh_da = mpath->dst;
2742
2743 hdrlen = ieee80211_fill_mesh_addresses(hdr: &hdr, fc: &fc,
2744 da: mesh_da, sa: sdata->vif.addr);
2745 if (is_multicast_ether_addr(addr: mesh_da))
2746 /* DA TA mSA AE:SA */
2747 meshhdrlen = ieee80211_new_mesh_header(
2748 sdata, meshhdr: &mesh_hdr,
2749 addr4or5: skb->data + ETH_ALEN, NULL);
2750 else
2751 /* RA TA mDA mSA AE:DA SA */
2752 meshhdrlen = ieee80211_new_mesh_header(
2753 sdata, meshhdr: &mesh_hdr, addr4or5: skb->data,
2754 addr6: skb->data + ETH_ALEN);
2755
2756 }
2757
2758 /* For injected frames, fill RA right away as nexthop lookup
2759 * will be skipped.
2760 */
2761 if ((ctrl_flags & IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP) &&
2762 is_zero_ether_addr(addr: hdr.addr1))
2763 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2764 break;
2765#endif
2766 case NL80211_IFTYPE_STATION:
2767 /* we already did checks when looking up the RA STA */
2768 tdls_peer = test_sta_flag(sta, flag: WLAN_STA_TDLS_PEER);
2769
2770 if (tdls_peer) {
2771 /* For TDLS only one link can be valid with peer STA */
2772 int tdls_link_id = sta->sta.valid_links ?
2773 __ffs(sta->sta.valid_links) : 0;
2774 struct ieee80211_link_data *link;
2775
2776 /* DA SA BSSID */
2777 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2778 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2779 link = rcu_dereference(sdata->link[tdls_link_id]);
2780 if (WARN_ON_ONCE(!link)) {
2781 ret = -EINVAL;
2782 goto free;
2783 }
2784 memcpy(hdr.addr3, link->u.mgd.bssid, ETH_ALEN);
2785 hdrlen = 24;
2786 } else if (sdata->u.mgd.use_4addr &&
2787 cpu_to_be16(ethertype) != sdata->control_port_protocol) {
2788 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
2789 IEEE80211_FCTL_TODS);
2790 /* RA TA DA SA */
2791 memcpy(hdr.addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
2792 memcpy(hdr.addr2, sdata->vif.addr, ETH_ALEN);
2793 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2794 memcpy(hdr.addr4, skb->data + ETH_ALEN, ETH_ALEN);
2795 hdrlen = 30;
2796 } else {
2797 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
2798 /* BSSID SA DA */
2799 memcpy(hdr.addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
2800 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2801 memcpy(hdr.addr3, skb->data, ETH_ALEN);
2802 hdrlen = 24;
2803 }
2804 break;
2805 case NL80211_IFTYPE_OCB:
2806 /* DA SA BSSID */
2807 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2808 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2809 eth_broadcast_addr(addr: hdr.addr3);
2810 hdrlen = 24;
2811 break;
2812 case NL80211_IFTYPE_ADHOC:
2813 /* DA SA BSSID */
2814 memcpy(hdr.addr1, skb->data, ETH_ALEN);
2815 memcpy(hdr.addr2, skb->data + ETH_ALEN, ETH_ALEN);
2816 memcpy(hdr.addr3, sdata->u.ibss.bssid, ETH_ALEN);
2817 hdrlen = 24;
2818 break;
2819 default:
2820 ret = -EINVAL;
2821 goto free;
2822 }
2823
2824 if (!chanctx_conf) {
2825 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
2826 ret = -ENOTCONN;
2827 goto free;
2828 }
2829 /* MLD transmissions must not rely on the band */
2830 band = 0;
2831 } else {
2832 band = chanctx_conf->def.chan->band;
2833 }
2834
2835 multicast = is_multicast_ether_addr(addr: hdr.addr1);
2836
2837 /* sta is always NULL for mesh */
2838 if (sta) {
2839 authorized = test_sta_flag(sta, flag: WLAN_STA_AUTHORIZED);
2840 wme_sta = sta->sta.wme;
2841 } else if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
2842 /* For mesh, the use of the QoS header is mandatory */
2843 wme_sta = true;
2844 }
2845
2846 /* receiver does QoS (which also means we do) use it */
2847 if (wme_sta) {
2848 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
2849 hdrlen += 2;
2850 }
2851
2852 /*
2853 * Drop unicast frames to unauthorised stations unless they are
2854 * EAPOL frames from the local station.
2855 */
2856 if (unlikely(!ieee80211_vif_is_mesh(&sdata->vif) &&
2857 (sdata->vif.type != NL80211_IFTYPE_OCB) &&
2858 !multicast && !authorized &&
2859 (cpu_to_be16(ethertype) != sdata->control_port_protocol ||
2860 !ieee80211_is_our_addr(sdata, skb->data + ETH_ALEN, NULL)))) {
2861#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2862 net_info_ratelimited("%s: dropped frame to %pM (unauthorized port)\n",
2863 sdata->name, hdr.addr1);
2864#endif
2865
2866 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
2867
2868 ret = -EPERM;
2869 goto free;
2870 }
2871
2872 if (unlikely(!multicast &&
2873 ((skb->sk &&
2874 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS) ||
2875 ctrl_flags & IEEE80211_TX_CTL_REQ_TX_STATUS)))
2876 info_id = ieee80211_store_ack_skb(local, skb, info_flags: &info_flags,
2877 cookie);
2878
2879 /*
2880 * If the skb is shared we need to obtain our own copy.
2881 */
2882 skb = skb_share_check(skb, GFP_ATOMIC);
2883 if (unlikely(!skb)) {
2884 ret = -ENOMEM;
2885 goto free;
2886 }
2887
2888 hdr.frame_control = fc;
2889 hdr.duration_id = 0;
2890 hdr.seq_ctrl = 0;
2891
2892 skip_header_bytes = ETH_HLEN;
2893 if (ethertype == ETH_P_AARP || ethertype == ETH_P_IPX) {
2894 encaps_data = bridge_tunnel_header;
2895 encaps_len = sizeof(bridge_tunnel_header);
2896 skip_header_bytes -= 2;
2897 } else if (ethertype >= ETH_P_802_3_MIN) {
2898 encaps_data = rfc1042_header;
2899 encaps_len = sizeof(rfc1042_header);
2900 skip_header_bytes -= 2;
2901 } else {
2902 encaps_data = NULL;
2903 encaps_len = 0;
2904 }
2905
2906 skb_pull(skb, len: skip_header_bytes);
2907 head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
2908
2909 /*
2910 * So we need to modify the skb header and hence need a copy of
2911 * that. The head_need variable above doesn't, so far, include
2912 * the needed header space that we don't need right away. If we
2913 * can, then we don't reallocate right now but only after the
2914 * frame arrives at the master device (if it does...)
2915 *
2916 * If we cannot, however, then we will reallocate to include all
2917 * the ever needed space. Also, if we need to reallocate it anyway,
2918 * make it big enough for everything we may ever need.
2919 */
2920
2921 if (head_need > 0 || skb_cloned(skb)) {
2922 head_need += IEEE80211_ENCRYPT_HEADROOM;
2923 head_need += local->tx_headroom;
2924 head_need = max_t(int, 0, head_need);
2925 if (ieee80211_skb_resize(sdata, skb, head_need, encrypt: ENCRYPT_DATA)) {
2926 ieee80211_free_txskb(hw: &local->hw, skb);
2927 skb = NULL;
2928 return ERR_PTR(error: -ENOMEM);
2929 }
2930 }
2931
2932 if (encaps_data)
2933 memcpy(skb_push(skb, encaps_len), encaps_data, encaps_len);
2934
2935#ifdef CONFIG_MAC80211_MESH
2936 if (meshhdrlen > 0)
2937 memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
2938#endif
2939
2940 if (ieee80211_is_data_qos(fc)) {
2941 __le16 *qos_control;
2942
2943 qos_control = skb_push(skb, len: 2);
2944 memcpy(skb_push(skb, hdrlen - 2), &hdr, hdrlen - 2);
2945 /*
2946 * Maybe we could actually set some fields here, for now just
2947 * initialise to zero to indicate no special operation.
2948 */
2949 *qos_control = 0;
2950 } else
2951 memcpy(skb_push(skb, hdrlen), &hdr, hdrlen);
2952
2953 skb_reset_mac_header(skb);
2954
2955 info = IEEE80211_SKB_CB(skb);
2956 memset(info, 0, sizeof(*info));
2957
2958 info->flags = info_flags;
2959 if (info_id) {
2960 info->status_data = info_id;
2961 info->status_data_idr = 1;
2962 }
2963 info->band = band;
2964
2965 if (likely(!cookie)) {
2966 ctrl_flags |= u32_encode_bits(v: link_id,
2967 field: IEEE80211_TX_CTRL_MLO_LINK);
2968 } else {
2969 unsigned int pre_conf_link_id;
2970
2971 /*
2972 * ctrl_flags already have been set by
2973 * ieee80211_tx_control_port(), here
2974 * we just sanity check that
2975 */
2976
2977 pre_conf_link_id = u32_get_bits(v: ctrl_flags,
2978 field: IEEE80211_TX_CTRL_MLO_LINK);
2979
2980 if (pre_conf_link_id != link_id &&
2981 link_id != IEEE80211_LINK_UNSPECIFIED) {
2982#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
2983 net_info_ratelimited("%s: dropped frame to %pM with bad link ID request (%d vs. %d)\n",
2984 sdata->name, hdr.addr1,
2985 pre_conf_link_id, link_id);
2986#endif
2987 ret = -EINVAL;
2988 goto free;
2989 }
2990 }
2991
2992 info->control.flags = ctrl_flags;
2993
2994 return skb;
2995 free:
2996 kfree_skb(skb);
2997 return ERR_PTR(error: ret);
2998}
2999
3000/*
3001 * fast-xmit overview
3002 *
3003 * The core idea of this fast-xmit is to remove per-packet checks by checking
3004 * them out of band. ieee80211_check_fast_xmit() implements the out-of-band
3005 * checks that are needed to get the sta->fast_tx pointer assigned, after which
3006 * much less work can be done per packet. For example, fragmentation must be
3007 * disabled or the fast_tx pointer will not be set. All the conditions are seen
3008 * in the code here.
3009 *
3010 * Once assigned, the fast_tx data structure also caches the per-packet 802.11
3011 * header and other data to aid packet processing in ieee80211_xmit_fast().
3012 *
3013 * The most difficult part of this is that when any of these assumptions
3014 * change, an external trigger (i.e. a call to ieee80211_clear_fast_xmit(),
3015 * ieee80211_check_fast_xmit() or friends) is required to reset the data,
3016 * since the per-packet code no longer checks the conditions. This is reflected
3017 * by the calls to these functions throughout the rest of the code, and must be
3018 * maintained if any of the TX path checks change.
3019 */
3020
3021void ieee80211_check_fast_xmit(struct sta_info *sta)
3022{
3023 struct ieee80211_fast_tx build = {}, *fast_tx = NULL, *old;
3024 struct ieee80211_local *local = sta->local;
3025 struct ieee80211_sub_if_data *sdata = sta->sdata;
3026 struct ieee80211_hdr *hdr = (void *)build.hdr;
3027 struct ieee80211_chanctx_conf *chanctx_conf;
3028 __le16 fc;
3029
3030 if (!ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT))
3031 return;
3032
3033 if (ieee80211_vif_is_mesh(vif: &sdata->vif))
3034 mesh_fast_tx_flush_sta(sdata, sta);
3035
3036 /* Locking here protects both the pointer itself, and against concurrent
3037 * invocations winning data access races to, e.g., the key pointer that
3038 * is used.
3039 * Without it, the invocation of this function right after the key
3040 * pointer changes wouldn't be sufficient, as another CPU could access
3041 * the pointer, then stall, and then do the cache update after the CPU
3042 * that invalidated the key.
3043 * With the locking, such scenarios cannot happen as the check for the
3044 * key and the fast-tx assignment are done atomically, so the CPU that
3045 * modifies the key will either wait or other one will see the key
3046 * cleared/changed already.
3047 */
3048 spin_lock_bh(lock: &sta->lock);
3049 if (ieee80211_hw_check(&local->hw, SUPPORTS_PS) &&
3050 !ieee80211_hw_check(&local->hw, SUPPORTS_DYNAMIC_PS) &&
3051 sdata->vif.type == NL80211_IFTYPE_STATION)
3052 goto out;
3053
3054 if (!test_sta_flag(sta, flag: WLAN_STA_AUTHORIZED) || !sta->uploaded)
3055 goto out;
3056
3057 if (test_sta_flag(sta, flag: WLAN_STA_PS_STA) ||
3058 test_sta_flag(sta, flag: WLAN_STA_PS_DRIVER) ||
3059 test_sta_flag(sta, flag: WLAN_STA_PS_DELIVER) ||
3060 test_sta_flag(sta, flag: WLAN_STA_CLEAR_PS_FILT))
3061 goto out;
3062
3063 if (sdata->noack_map)
3064 goto out;
3065
3066 /* fast-xmit doesn't handle fragmentation at all */
3067 if (local->hw.wiphy->frag_threshold != (u32)-1 &&
3068 !ieee80211_hw_check(&local->hw, SUPPORTS_TX_FRAG))
3069 goto out;
3070
3071 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
3072 rcu_read_lock();
3073 chanctx_conf =
3074 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
3075 if (!chanctx_conf) {
3076 rcu_read_unlock();
3077 goto out;
3078 }
3079 build.band = chanctx_conf->def.chan->band;
3080 rcu_read_unlock();
3081 } else {
3082 /* MLD transmissions must not rely on the band */
3083 build.band = 0;
3084 }
3085
3086 fc = cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA);
3087
3088 switch (sdata->vif.type) {
3089 case NL80211_IFTYPE_ADHOC:
3090 /* DA SA BSSID */
3091 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3092 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3093 memcpy(hdr->addr3, sdata->u.ibss.bssid, ETH_ALEN);
3094 build.hdr_len = 24;
3095 break;
3096 case NL80211_IFTYPE_STATION:
3097 if (test_sta_flag(sta, flag: WLAN_STA_TDLS_PEER)) {
3098 /* For TDLS only one link can be valid with peer STA */
3099 int tdls_link_id = sta->sta.valid_links ?
3100 __ffs(sta->sta.valid_links) : 0;
3101 struct ieee80211_link_data *link;
3102
3103 /* DA SA BSSID */
3104 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3105 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3106 rcu_read_lock();
3107 link = rcu_dereference(sdata->link[tdls_link_id]);
3108 if (!WARN_ON_ONCE(!link))
3109 memcpy(hdr->addr3, link->u.mgd.bssid, ETH_ALEN);
3110 rcu_read_unlock();
3111 build.hdr_len = 24;
3112 break;
3113 }
3114
3115 if (sdata->u.mgd.use_4addr) {
3116 /* non-regular ethertype cannot use the fastpath */
3117 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3118 IEEE80211_FCTL_TODS);
3119 /* RA TA DA SA */
3120 memcpy(hdr->addr1, sdata->deflink.u.mgd.bssid, ETH_ALEN);
3121 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3122 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3123 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3124 build.hdr_len = 30;
3125 break;
3126 }
3127 fc |= cpu_to_le16(IEEE80211_FCTL_TODS);
3128 /* BSSID SA DA */
3129 memcpy(hdr->addr1, sdata->vif.cfg.ap_addr, ETH_ALEN);
3130 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3131 build.sa_offs = offsetof(struct ieee80211_hdr, addr2);
3132 build.hdr_len = 24;
3133 break;
3134 case NL80211_IFTYPE_AP_VLAN:
3135 if (sdata->wdev.use_4addr) {
3136 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS |
3137 IEEE80211_FCTL_TODS);
3138 /* RA TA DA SA */
3139 memcpy(hdr->addr1, sta->sta.addr, ETH_ALEN);
3140 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3141 build.da_offs = offsetof(struct ieee80211_hdr, addr3);
3142 build.sa_offs = offsetof(struct ieee80211_hdr, addr4);
3143 build.hdr_len = 30;
3144 break;
3145 }
3146 fallthrough;
3147 case NL80211_IFTYPE_AP:
3148 fc |= cpu_to_le16(IEEE80211_FCTL_FROMDS);
3149 /* DA BSSID SA */
3150 build.da_offs = offsetof(struct ieee80211_hdr, addr1);
3151 if (sta->sta.mlo || !ieee80211_vif_is_mld(vif: &sdata->vif)) {
3152 memcpy(hdr->addr2, sdata->vif.addr, ETH_ALEN);
3153 } else {
3154 unsigned int link_id = sta->deflink.link_id;
3155 struct ieee80211_link_data *link;
3156
3157 rcu_read_lock();
3158 link = rcu_dereference(sdata->link[link_id]);
3159 if (WARN_ON(!link)) {
3160 rcu_read_unlock();
3161 goto out;
3162 }
3163 memcpy(hdr->addr2, link->conf->addr, ETH_ALEN);
3164 rcu_read_unlock();
3165 }
3166 build.sa_offs = offsetof(struct ieee80211_hdr, addr3);
3167 build.hdr_len = 24;
3168 break;
3169 default:
3170 /* not handled on fast-xmit */
3171 goto out;
3172 }
3173
3174 if (sta->sta.wme) {
3175 build.hdr_len += 2;
3176 fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
3177 }
3178
3179 /* We store the key here so there's no point in using rcu_dereference()
3180 * but that's fine because the code that changes the pointers will call
3181 * this function after doing so. For a single CPU that would be enough,
3182 * for multiple see the comment above.
3183 */
3184 build.key = rcu_access_pointer(sta->ptk[sta->ptk_idx]);
3185 if (!build.key)
3186 build.key = rcu_access_pointer(sdata->default_unicast_key);
3187 if (build.key) {
3188 bool gen_iv, iv_spc, mmic;
3189
3190 gen_iv = build.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV;
3191 iv_spc = build.key->conf.flags & IEEE80211_KEY_FLAG_PUT_IV_SPACE;
3192 mmic = build.key->conf.flags &
3193 (IEEE80211_KEY_FLAG_GENERATE_MMIC |
3194 IEEE80211_KEY_FLAG_PUT_MIC_SPACE);
3195
3196 /* don't handle software crypto */
3197 if (!(build.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE))
3198 goto out;
3199
3200 /* Key is being removed */
3201 if (build.key->flags & KEY_FLAG_TAINTED)
3202 goto out;
3203
3204 switch (build.key->conf.cipher) {
3205 case WLAN_CIPHER_SUITE_CCMP:
3206 case WLAN_CIPHER_SUITE_CCMP_256:
3207 if (gen_iv)
3208 build.pn_offs = build.hdr_len;
3209 if (gen_iv || iv_spc)
3210 build.hdr_len += IEEE80211_CCMP_HDR_LEN;
3211 break;
3212 case WLAN_CIPHER_SUITE_GCMP:
3213 case WLAN_CIPHER_SUITE_GCMP_256:
3214 if (gen_iv)
3215 build.pn_offs = build.hdr_len;
3216 if (gen_iv || iv_spc)
3217 build.hdr_len += IEEE80211_GCMP_HDR_LEN;
3218 break;
3219 case WLAN_CIPHER_SUITE_TKIP:
3220 /* cannot handle MMIC or IV generation in xmit-fast */
3221 if (mmic || gen_iv)
3222 goto out;
3223 if (iv_spc)
3224 build.hdr_len += IEEE80211_TKIP_IV_LEN;
3225 break;
3226 case WLAN_CIPHER_SUITE_WEP40:
3227 case WLAN_CIPHER_SUITE_WEP104:
3228 /* cannot handle IV generation in fast-xmit */
3229 if (gen_iv)
3230 goto out;
3231 if (iv_spc)
3232 build.hdr_len += IEEE80211_WEP_IV_LEN;
3233 break;
3234 case WLAN_CIPHER_SUITE_AES_CMAC:
3235 case WLAN_CIPHER_SUITE_BIP_CMAC_256:
3236 case WLAN_CIPHER_SUITE_BIP_GMAC_128:
3237 case WLAN_CIPHER_SUITE_BIP_GMAC_256:
3238 WARN(1,
3239 "management cipher suite 0x%x enabled for data\n",
3240 build.key->conf.cipher);
3241 goto out;
3242 default:
3243 /* we don't know how to generate IVs for this at all */
3244 if (WARN_ON(gen_iv))
3245 goto out;
3246 }
3247
3248 fc |= cpu_to_le16(IEEE80211_FCTL_PROTECTED);
3249 }
3250
3251 hdr->frame_control = fc;
3252
3253 memcpy(build.hdr + build.hdr_len,
3254 rfc1042_header, sizeof(rfc1042_header));
3255 build.hdr_len += sizeof(rfc1042_header);
3256
3257 fast_tx = kmemdup(p: &build, size: sizeof(build), GFP_ATOMIC);
3258 /* if the kmemdup fails, continue w/o fast_tx */
3259
3260 out:
3261 /* we might have raced against another call to this function */
3262 old = rcu_dereference_protected(sta->fast_tx,
3263 lockdep_is_held(&sta->lock));
3264 rcu_assign_pointer(sta->fast_tx, fast_tx);
3265 if (old)
3266 kfree_rcu(old, rcu_head);
3267 spin_unlock_bh(lock: &sta->lock);
3268}
3269
3270void ieee80211_check_fast_xmit_all(struct ieee80211_local *local)
3271{
3272 struct sta_info *sta;
3273
3274 rcu_read_lock();
3275 list_for_each_entry_rcu(sta, &local->sta_list, list)
3276 ieee80211_check_fast_xmit(sta);
3277 rcu_read_unlock();
3278}
3279
3280void ieee80211_check_fast_xmit_iface(struct ieee80211_sub_if_data *sdata)
3281{
3282 struct ieee80211_local *local = sdata->local;
3283 struct sta_info *sta;
3284
3285 rcu_read_lock();
3286
3287 list_for_each_entry_rcu(sta, &local->sta_list, list) {
3288 if (sdata != sta->sdata &&
3289 (!sta->sdata->bss || sta->sdata->bss != sdata->bss))
3290 continue;
3291 ieee80211_check_fast_xmit(sta);
3292 }
3293
3294 rcu_read_unlock();
3295}
3296
3297void ieee80211_clear_fast_xmit(struct sta_info *sta)
3298{
3299 struct ieee80211_fast_tx *fast_tx;
3300
3301 spin_lock_bh(lock: &sta->lock);
3302 fast_tx = rcu_dereference_protected(sta->fast_tx,
3303 lockdep_is_held(&sta->lock));
3304 RCU_INIT_POINTER(sta->fast_tx, NULL);
3305 spin_unlock_bh(lock: &sta->lock);
3306
3307 if (fast_tx)
3308 kfree_rcu(fast_tx, rcu_head);
3309}
3310
3311static bool ieee80211_amsdu_realloc_pad(struct ieee80211_local *local,
3312 struct sk_buff *skb, int headroom)
3313{
3314 if (skb_headroom(skb) < headroom) {
3315 I802_DEBUG_INC(local->tx_expand_skb_head);
3316
3317 if (pskb_expand_head(skb, nhead: headroom, ntail: 0, GFP_ATOMIC)) {
3318 wiphy_debug(local->hw.wiphy,
3319 "failed to reallocate TX buffer\n");
3320 return false;
3321 }
3322 }
3323
3324 return true;
3325}
3326
3327static bool ieee80211_amsdu_prepare_head(struct ieee80211_sub_if_data *sdata,
3328 struct ieee80211_fast_tx *fast_tx,
3329 struct sk_buff *skb)
3330{
3331 struct ieee80211_local *local = sdata->local;
3332 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3333 struct ieee80211_hdr *hdr;
3334 struct ethhdr *amsdu_hdr;
3335 int hdr_len = fast_tx->hdr_len - sizeof(rfc1042_header);
3336 int subframe_len = skb->len - hdr_len;
3337 void *data;
3338 u8 *qc, *h_80211_src, *h_80211_dst;
3339 const u8 *bssid;
3340
3341 if (info->flags & IEEE80211_TX_CTL_RATE_CTRL_PROBE)
3342 return false;
3343
3344 if (info->control.flags & IEEE80211_TX_CTRL_AMSDU)
3345 return true;
3346
3347 if (!ieee80211_amsdu_realloc_pad(local, skb,
3348 headroom: sizeof(*amsdu_hdr) +
3349 local->hw.extra_tx_headroom))
3350 return false;
3351
3352 data = skb_push(skb, len: sizeof(*amsdu_hdr));
3353 memmove(data, data + sizeof(*amsdu_hdr), hdr_len);
3354 hdr = data;
3355 amsdu_hdr = data + hdr_len;
3356 /* h_80211_src/dst is addr* field within hdr */
3357 h_80211_src = data + fast_tx->sa_offs;
3358 h_80211_dst = data + fast_tx->da_offs;
3359
3360 amsdu_hdr->h_proto = cpu_to_be16(subframe_len);
3361 ether_addr_copy(dst: amsdu_hdr->h_source, src: h_80211_src);
3362 ether_addr_copy(dst: amsdu_hdr->h_dest, src: h_80211_dst);
3363
3364 /* according to IEEE 802.11-2012 8.3.2 table 8-19, the outer SA/DA
3365 * fields needs to be changed to BSSID for A-MSDU frames depending
3366 * on FromDS/ToDS values.
3367 */
3368 switch (sdata->vif.type) {
3369 case NL80211_IFTYPE_STATION:
3370 bssid = sdata->vif.cfg.ap_addr;
3371 break;
3372 case NL80211_IFTYPE_AP:
3373 case NL80211_IFTYPE_AP_VLAN:
3374 bssid = sdata->vif.addr;
3375 break;
3376 default:
3377 bssid = NULL;
3378 }
3379
3380 if (bssid && ieee80211_has_fromds(fc: hdr->frame_control))
3381 ether_addr_copy(dst: h_80211_src, src: bssid);
3382
3383 if (bssid && ieee80211_has_tods(fc: hdr->frame_control))
3384 ether_addr_copy(dst: h_80211_dst, src: bssid);
3385
3386 qc = ieee80211_get_qos_ctl(hdr);
3387 *qc |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;
3388
3389 info->control.flags |= IEEE80211_TX_CTRL_AMSDU;
3390
3391 return true;
3392}
3393
3394static bool ieee80211_amsdu_aggregate(struct ieee80211_sub_if_data *sdata,
3395 struct sta_info *sta,
3396 struct ieee80211_fast_tx *fast_tx,
3397 struct sk_buff *skb,
3398 const u8 *da, const u8 *sa)
3399{
3400 struct ieee80211_local *local = sdata->local;
3401 struct fq *fq = &local->fq;
3402 struct fq_tin *tin;
3403 struct fq_flow *flow;
3404 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3405 struct ieee80211_txq *txq = sta->sta.txq[tid];
3406 struct txq_info *txqi;
3407 struct sk_buff **frag_tail, *head;
3408 int subframe_len = skb->len - ETH_ALEN;
3409 u8 max_subframes = sta->sta.max_amsdu_subframes;
3410 int max_frags = local->hw.max_tx_fragments;
3411 int max_amsdu_len = sta->sta.cur->max_amsdu_len;
3412 int orig_truesize;
3413 u32 flow_idx;
3414 __be16 len;
3415 void *data;
3416 bool ret = false;
3417 unsigned int orig_len;
3418 int n = 2, nfrags, pad = 0;
3419 u16 hdrlen;
3420
3421 if (!ieee80211_hw_check(&local->hw, TX_AMSDU))
3422 return false;
3423
3424 if (sdata->vif.offload_flags & IEEE80211_OFFLOAD_ENCAP_ENABLED)
3425 return false;
3426
3427 if (ieee80211_vif_is_mesh(vif: &sdata->vif))
3428 return false;
3429
3430 if (skb_is_gso(skb))
3431 return false;
3432
3433 if (!txq)
3434 return false;
3435
3436 txqi = to_txq_info(txq);
3437 if (test_bit(IEEE80211_TXQ_NO_AMSDU, &txqi->flags))
3438 return false;
3439
3440 if (sta->sta.cur->max_rc_amsdu_len)
3441 max_amsdu_len = min_t(int, max_amsdu_len,
3442 sta->sta.cur->max_rc_amsdu_len);
3443
3444 if (sta->sta.cur->max_tid_amsdu_len[tid])
3445 max_amsdu_len = min_t(int, max_amsdu_len,
3446 sta->sta.cur->max_tid_amsdu_len[tid]);
3447
3448 flow_idx = fq_flow_idx(fq, skb);
3449
3450 spin_lock_bh(lock: &fq->lock);
3451
3452 /* TODO: Ideally aggregation should be done on dequeue to remain
3453 * responsive to environment changes.
3454 */
3455
3456 tin = &txqi->tin;
3457 flow = fq_flow_classify(fq, tin, idx: flow_idx, skb);
3458 head = skb_peek_tail(list_: &flow->queue);
3459 if (!head || skb_is_gso(skb: head))
3460 goto out;
3461
3462 orig_truesize = head->truesize;
3463 orig_len = head->len;
3464
3465 if (skb->len + head->len > max_amsdu_len)
3466 goto out;
3467
3468 nfrags = 1 + skb_shinfo(skb)->nr_frags;
3469 nfrags += 1 + skb_shinfo(head)->nr_frags;
3470 frag_tail = &skb_shinfo(head)->frag_list;
3471 while (*frag_tail) {
3472 nfrags += 1 + skb_shinfo(*frag_tail)->nr_frags;
3473 frag_tail = &(*frag_tail)->next;
3474 n++;
3475 }
3476
3477 if (max_subframes && n > max_subframes)
3478 goto out;
3479
3480 if (max_frags && nfrags > max_frags)
3481 goto out;
3482
3483 if (!drv_can_aggregate_in_amsdu(local, head, skb))
3484 goto out;
3485
3486 if (!ieee80211_amsdu_prepare_head(sdata, fast_tx, skb: head))
3487 goto out;
3488
3489 /* If n == 2, the "while (*frag_tail)" loop above didn't execute
3490 * and frag_tail should be &skb_shinfo(head)->frag_list.
3491 * However, ieee80211_amsdu_prepare_head() can reallocate it.
3492 * Reload frag_tail to have it pointing to the correct place.
3493 */
3494 if (n == 2)
3495 frag_tail = &skb_shinfo(head)->frag_list;
3496
3497 /*
3498 * Pad out the previous subframe to a multiple of 4 by adding the
3499 * padding to the next one, that's being added. Note that head->len
3500 * is the length of the full A-MSDU, but that works since each time
3501 * we add a new subframe we pad out the previous one to a multiple
3502 * of 4 and thus it no longer matters in the next round.
3503 */
3504 hdrlen = fast_tx->hdr_len - sizeof(rfc1042_header);
3505 if ((head->len - hdrlen) & 3)
3506 pad = 4 - ((head->len - hdrlen) & 3);
3507
3508 if (!ieee80211_amsdu_realloc_pad(local, skb, headroom: sizeof(rfc1042_header) +
3509 2 + pad))
3510 goto out_recalc;
3511
3512 ret = true;
3513 data = skb_push(skb, ETH_ALEN + 2);
3514 ether_addr_copy(dst: data, src: da);
3515 ether_addr_copy(dst: data + ETH_ALEN, src: sa);
3516
3517 data += 2 * ETH_ALEN;
3518 len = cpu_to_be16(subframe_len);
3519 memcpy(data, &len, 2);
3520 memcpy(data + 2, rfc1042_header, sizeof(rfc1042_header));
3521
3522 memset(skb_push(skb, pad), 0, pad);
3523
3524 head->len += skb->len;
3525 head->data_len += skb->len;
3526 *frag_tail = skb;
3527
3528out_recalc:
3529 fq->memory_usage += head->truesize - orig_truesize;
3530 if (head->len != orig_len) {
3531 flow->backlog += head->len - orig_len;
3532 tin->backlog_bytes += head->len - orig_len;
3533 }
3534out:
3535 spin_unlock_bh(lock: &fq->lock);
3536
3537 return ret;
3538}
3539
3540/*
3541 * Can be called while the sta lock is held. Anything that can cause packets to
3542 * be generated will cause deadlock!
3543 */
3544static ieee80211_tx_result
3545ieee80211_xmit_fast_finish(struct ieee80211_sub_if_data *sdata,
3546 struct sta_info *sta, u8 pn_offs,
3547 struct ieee80211_key *key,
3548 struct ieee80211_tx_data *tx)
3549{
3550 struct sk_buff *skb = tx->skb;
3551 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
3552 struct ieee80211_hdr *hdr = (void *)skb->data;
3553 u8 tid = IEEE80211_NUM_TIDS;
3554
3555 if (!ieee80211_hw_check(&tx->local->hw, HAS_RATE_CONTROL) &&
3556 ieee80211_tx_h_rate_ctrl(tx) != TX_CONTINUE)
3557 return TX_DROP;
3558
3559 if (key)
3560 info->control.hw_key = &key->conf;
3561
3562 dev_sw_netstats_tx_add(dev: skb->dev, packets: 1, len: skb->len);
3563
3564 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3565 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3566 hdr->seq_ctrl = ieee80211_tx_next_seq(sta, tid);
3567 } else {
3568 info->flags |= IEEE80211_TX_CTL_ASSIGN_SEQ;
3569 hdr->seq_ctrl = cpu_to_le16(sdata->sequence_number);
3570 sdata->sequence_number += 0x10;
3571 }
3572
3573 if (skb_shinfo(skb)->gso_size)
3574 sta->deflink.tx_stats.msdu[tid] +=
3575 DIV_ROUND_UP(skb->len, skb_shinfo(skb)->gso_size);
3576 else
3577 sta->deflink.tx_stats.msdu[tid]++;
3578
3579 info->hw_queue = sdata->vif.hw_queue[skb_get_queue_mapping(skb)];
3580
3581 /* statistics normally done by ieee80211_tx_h_stats (but that
3582 * has to consider fragmentation, so is more complex)
3583 */
3584 sta->deflink.tx_stats.bytes[skb_get_queue_mapping(skb)] += skb->len;
3585 sta->deflink.tx_stats.packets[skb_get_queue_mapping(skb)]++;
3586
3587 if (pn_offs) {
3588 u64 pn;
3589 u8 *crypto_hdr = skb->data + pn_offs;
3590
3591 switch (key->conf.cipher) {
3592 case WLAN_CIPHER_SUITE_CCMP:
3593 case WLAN_CIPHER_SUITE_CCMP_256:
3594 case WLAN_CIPHER_SUITE_GCMP:
3595 case WLAN_CIPHER_SUITE_GCMP_256:
3596 pn = atomic64_inc_return(v: &key->conf.tx_pn);
3597 crypto_hdr[0] = pn;
3598 crypto_hdr[1] = pn >> 8;
3599 crypto_hdr[3] = 0x20 | (key->conf.keyidx << 6);
3600 crypto_hdr[4] = pn >> 16;
3601 crypto_hdr[5] = pn >> 24;
3602 crypto_hdr[6] = pn >> 32;
3603 crypto_hdr[7] = pn >> 40;
3604 break;
3605 }
3606 }
3607
3608 return TX_CONTINUE;
3609}
3610
3611static netdev_features_t
3612ieee80211_sdata_netdev_features(struct ieee80211_sub_if_data *sdata)
3613{
3614 if (sdata->vif.type != NL80211_IFTYPE_AP_VLAN)
3615 return sdata->vif.netdev_features;
3616
3617 if (!sdata->bss)
3618 return 0;
3619
3620 sdata = container_of(sdata->bss, struct ieee80211_sub_if_data, u.ap);
3621 return sdata->vif.netdev_features;
3622}
3623
3624static struct sk_buff *
3625ieee80211_tx_skb_fixup(struct sk_buff *skb, netdev_features_t features)
3626{
3627 if (skb_is_gso(skb)) {
3628 struct sk_buff *segs;
3629
3630 segs = skb_gso_segment(skb, features);
3631 if (!segs)
3632 return skb;
3633 if (IS_ERR(ptr: segs))
3634 goto free;
3635
3636 consume_skb(skb);
3637 return segs;
3638 }
3639
3640 if (skb_needs_linearize(skb, features) && __skb_linearize(skb))
3641 goto free;
3642
3643 if (skb->ip_summed == CHECKSUM_PARTIAL) {
3644 int ofs = skb_checksum_start_offset(skb);
3645
3646 if (skb->encapsulation)
3647 skb_set_inner_transport_header(skb, offset: ofs);
3648 else
3649 skb_set_transport_header(skb, offset: ofs);
3650
3651 if (skb_csum_hwoffload_help(skb, features))
3652 goto free;
3653 }
3654
3655 skb_mark_not_on_list(skb);
3656 return skb;
3657
3658free:
3659 kfree_skb(skb);
3660 return NULL;
3661}
3662
3663void __ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3664 struct sta_info *sta,
3665 struct ieee80211_fast_tx *fast_tx,
3666 struct sk_buff *skb, bool ampdu,
3667 const u8 *da, const u8 *sa)
3668{
3669 struct ieee80211_local *local = sdata->local;
3670 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3671 struct ieee80211_tx_info *info;
3672 struct ieee80211_tx_data tx;
3673 ieee80211_tx_result r;
3674 int hw_headroom = sdata->local->hw.extra_tx_headroom;
3675 int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
3676
3677 skb = skb_share_check(skb, GFP_ATOMIC);
3678 if (unlikely(!skb))
3679 return;
3680
3681 if ((hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) &&
3682 ieee80211_amsdu_aggregate(sdata, sta, fast_tx, skb, da, sa))
3683 return;
3684
3685 /* will not be crypto-handled beyond what we do here, so use false
3686 * as the may-encrypt argument for the resize to not account for
3687 * more room than we already have in 'extra_head'
3688 */
3689 if (unlikely(ieee80211_skb_resize(sdata, skb,
3690 max_t(int, extra_head + hw_headroom -
3691 skb_headroom(skb), 0),
3692 ENCRYPT_NO)))
3693 goto free;
3694
3695 hdr = skb_push(skb, len: extra_head);
3696 memcpy(skb->data, fast_tx->hdr, fast_tx->hdr_len);
3697 memcpy(skb->data + fast_tx->da_offs, da, ETH_ALEN);
3698 memcpy(skb->data + fast_tx->sa_offs, sa, ETH_ALEN);
3699
3700 info = IEEE80211_SKB_CB(skb);
3701 memset(info, 0, sizeof(*info));
3702 info->band = fast_tx->band;
3703 info->control.vif = &sdata->vif;
3704 info->flags = IEEE80211_TX_CTL_FIRST_FRAGMENT |
3705 IEEE80211_TX_CTL_DONTFRAG;
3706 info->control.flags = IEEE80211_TX_CTRL_FAST_XMIT |
3707 u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
3708 field: IEEE80211_TX_CTRL_MLO_LINK);
3709
3710#ifdef CONFIG_MAC80211_DEBUGFS
3711 if (local->force_tx_status)
3712 info->flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
3713#endif
3714
3715 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3716 u8 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3717
3718 *ieee80211_get_qos_ctl(hdr) = tid;
3719 }
3720
3721 __skb_queue_head_init(list: &tx.skbs);
3722
3723 tx.flags = IEEE80211_TX_UNICAST;
3724 tx.local = local;
3725 tx.sdata = sdata;
3726 tx.sta = sta;
3727 tx.key = fast_tx->key;
3728
3729 if (ieee80211_queue_skb(local, sdata, sta, skb))
3730 return;
3731
3732 tx.skb = skb;
3733 r = ieee80211_xmit_fast_finish(sdata, sta, pn_offs: fast_tx->pn_offs,
3734 key: fast_tx->key, tx: &tx);
3735 tx.skb = NULL;
3736 if (r == TX_DROP)
3737 goto free;
3738
3739 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
3740 sdata = container_of(sdata->bss,
3741 struct ieee80211_sub_if_data, u.ap);
3742
3743 __skb_queue_tail(list: &tx.skbs, newsk: skb);
3744 ieee80211_tx_frags(local, vif: &sdata->vif, sta, skbs: &tx.skbs, txpending: false);
3745 return;
3746
3747free:
3748 kfree_skb(skb);
3749}
3750
3751static bool ieee80211_xmit_fast(struct ieee80211_sub_if_data *sdata,
3752 struct sta_info *sta,
3753 struct ieee80211_fast_tx *fast_tx,
3754 struct sk_buff *skb)
3755{
3756 u16 ethertype = (skb->data[12] << 8) | skb->data[13];
3757 struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
3758 struct tid_ampdu_tx *tid_tx = NULL;
3759 struct sk_buff *next;
3760 struct ethhdr eth;
3761 u8 tid = IEEE80211_NUM_TIDS;
3762
3763 /* control port protocol needs a lot of special handling */
3764 if (cpu_to_be16(ethertype) == sdata->control_port_protocol)
3765 return false;
3766
3767 /* only RFC 1042 SNAP */
3768 if (ethertype < ETH_P_802_3_MIN)
3769 return false;
3770
3771 /* don't handle TX status request here either */
3772 if (skb->sk && skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)
3773 return false;
3774
3775 if (hdr->frame_control & cpu_to_le16(IEEE80211_STYPE_QOS_DATA)) {
3776 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
3777 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
3778 if (tid_tx) {
3779 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state))
3780 return false;
3781 if (tid_tx->timeout)
3782 tid_tx->last_tx = jiffies;
3783 }
3784 }
3785
3786 memcpy(&eth, skb->data, ETH_HLEN - 2);
3787
3788 /* after this point (skb is modified) we cannot return false */
3789 skb = ieee80211_tx_skb_fixup(skb, features: ieee80211_sdata_netdev_features(sdata));
3790 if (!skb)
3791 return true;
3792
3793 skb_list_walk_safe(skb, skb, next) {
3794 skb_mark_not_on_list(skb);
3795 __ieee80211_xmit_fast(sdata, sta, fast_tx, skb, ampdu: tid_tx,
3796 da: eth.h_dest, sa: eth.h_source);
3797 }
3798
3799 return true;
3800}
3801
3802struct sk_buff *ieee80211_tx_dequeue(struct ieee80211_hw *hw,
3803 struct ieee80211_txq *txq)
3804{
3805 struct ieee80211_local *local = hw_to_local(hw);
3806 struct txq_info *txqi = container_of(txq, struct txq_info, txq);
3807 struct ieee80211_hdr *hdr;
3808 struct sk_buff *skb = NULL;
3809 struct fq *fq = &local->fq;
3810 struct fq_tin *tin = &txqi->tin;
3811 struct ieee80211_tx_info *info;
3812 struct ieee80211_tx_data tx;
3813 ieee80211_tx_result r;
3814 struct ieee80211_vif *vif = txq->vif;
3815 int q = vif->hw_queue[txq->ac];
3816 unsigned long flags;
3817 bool q_stopped;
3818
3819 WARN_ON_ONCE(softirq_count() == 0);
3820
3821 if (!ieee80211_txq_airtime_check(hw, txq))
3822 return NULL;
3823
3824begin:
3825 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
3826 q_stopped = local->queue_stop_reasons[q];
3827 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
3828
3829 if (unlikely(q_stopped)) {
3830 /* mark for waking later */
3831 set_bit(nr: IEEE80211_TXQ_DIRTY, addr: &txqi->flags);
3832 return NULL;
3833 }
3834
3835 spin_lock_bh(lock: &fq->lock);
3836
3837 /* Make sure fragments stay together. */
3838 skb = __skb_dequeue(list: &txqi->frags);
3839 if (unlikely(skb)) {
3840 if (!(IEEE80211_SKB_CB(skb)->control.flags &
3841 IEEE80211_TX_INTCFL_NEED_TXPROCESSING))
3842 goto out;
3843 IEEE80211_SKB_CB(skb)->control.flags &=
3844 ~IEEE80211_TX_INTCFL_NEED_TXPROCESSING;
3845 } else {
3846 if (unlikely(test_bit(IEEE80211_TXQ_STOP, &txqi->flags)))
3847 goto out;
3848
3849 skb = fq_tin_dequeue(fq, tin, dequeue_func: fq_tin_dequeue_func);
3850 }
3851
3852 if (!skb)
3853 goto out;
3854
3855 spin_unlock_bh(lock: &fq->lock);
3856
3857 hdr = (struct ieee80211_hdr *)skb->data;
3858 info = IEEE80211_SKB_CB(skb);
3859
3860 memset(&tx, 0, sizeof(tx));
3861 __skb_queue_head_init(list: &tx.skbs);
3862 tx.local = local;
3863 tx.skb = skb;
3864 tx.sdata = vif_to_sdata(p: info->control.vif);
3865
3866 if (txq->sta) {
3867 tx.sta = container_of(txq->sta, struct sta_info, sta);
3868 /*
3869 * Drop unicast frames to unauthorised stations unless they are
3870 * injected frames or EAPOL frames from the local station.
3871 */
3872 if (unlikely(!(info->flags & IEEE80211_TX_CTL_INJECTED) &&
3873 ieee80211_is_data(hdr->frame_control) &&
3874 !ieee80211_vif_is_mesh(&tx.sdata->vif) &&
3875 tx.sdata->vif.type != NL80211_IFTYPE_OCB &&
3876 !is_multicast_ether_addr(hdr->addr1) &&
3877 !test_sta_flag(tx.sta, WLAN_STA_AUTHORIZED) &&
3878 (!(info->control.flags &
3879 IEEE80211_TX_CTRL_PORT_CTRL_PROTO) ||
3880 !ieee80211_is_our_addr(tx.sdata, hdr->addr2,
3881 NULL)))) {
3882 I802_DEBUG_INC(local->tx_handlers_drop_unauth_port);
3883 ieee80211_free_txskb(hw: &local->hw, skb);
3884 goto begin;
3885 }
3886 }
3887
3888 /*
3889 * The key can be removed while the packet was queued, so need to call
3890 * this here to get the current key.
3891 */
3892 r = ieee80211_tx_h_select_key(tx: &tx);
3893 if (r != TX_CONTINUE) {
3894 ieee80211_free_txskb(hw: &local->hw, skb);
3895 goto begin;
3896 }
3897
3898 if (test_bit(IEEE80211_TXQ_AMPDU, &txqi->flags))
3899 info->flags |= (IEEE80211_TX_CTL_AMPDU |
3900 IEEE80211_TX_CTL_DONTFRAG);
3901
3902 if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
3903 if (!ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3904 r = ieee80211_tx_h_rate_ctrl(tx: &tx);
3905 if (r != TX_CONTINUE) {
3906 ieee80211_free_txskb(hw: &local->hw, skb);
3907 goto begin;
3908 }
3909 }
3910 goto encap_out;
3911 }
3912
3913 if (info->control.flags & IEEE80211_TX_CTRL_FAST_XMIT) {
3914 struct sta_info *sta = container_of(txq->sta, struct sta_info,
3915 sta);
3916 u8 pn_offs = 0;
3917
3918 if (tx.key &&
3919 (tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
3920 pn_offs = ieee80211_hdrlen(fc: hdr->frame_control);
3921
3922 r = ieee80211_xmit_fast_finish(sdata: sta->sdata, sta, pn_offs,
3923 key: tx.key, tx: &tx);
3924 if (r != TX_CONTINUE) {
3925 ieee80211_free_txskb(hw: &local->hw, skb);
3926 goto begin;
3927 }
3928 } else {
3929 if (invoke_tx_handlers_late(tx: &tx))
3930 goto begin;
3931
3932 skb = __skb_dequeue(list: &tx.skbs);
3933 info = IEEE80211_SKB_CB(skb);
3934
3935 if (!skb_queue_empty(list: &tx.skbs)) {
3936 spin_lock_bh(lock: &fq->lock);
3937 skb_queue_splice_tail(list: &tx.skbs, head: &txqi->frags);
3938 spin_unlock_bh(lock: &fq->lock);
3939 }
3940 }
3941
3942 if (skb_has_frag_list(skb) &&
3943 !ieee80211_hw_check(&local->hw, TX_FRAG_LIST)) {
3944 if (skb_linearize(skb)) {
3945 ieee80211_free_txskb(hw: &local->hw, skb);
3946 goto begin;
3947 }
3948 }
3949
3950 switch (tx.sdata->vif.type) {
3951 case NL80211_IFTYPE_MONITOR:
3952 if (tx.sdata->u.mntr.flags & MONITOR_FLAG_ACTIVE) {
3953 vif = &tx.sdata->vif;
3954 break;
3955 }
3956 tx.sdata = rcu_dereference(local->monitor_sdata);
3957 if (tx.sdata) {
3958 vif = &tx.sdata->vif;
3959 info->hw_queue =
3960 vif->hw_queue[skb_get_queue_mapping(skb)];
3961 } else if (ieee80211_hw_check(&local->hw, QUEUE_CONTROL)) {
3962 ieee80211_free_txskb(hw: &local->hw, skb);
3963 goto begin;
3964 } else {
3965 info->control.vif = NULL;
3966 return skb;
3967 }
3968 break;
3969 case NL80211_IFTYPE_AP_VLAN:
3970 tx.sdata = container_of(tx.sdata->bss,
3971 struct ieee80211_sub_if_data, u.ap);
3972 fallthrough;
3973 default:
3974 vif = &tx.sdata->vif;
3975 break;
3976 }
3977
3978encap_out:
3979 info->control.vif = vif;
3980
3981 if (tx.sta &&
3982 wiphy_ext_feature_isset(wiphy: local->hw.wiphy, ftidx: NL80211_EXT_FEATURE_AQL)) {
3983 bool ampdu = txq->ac != IEEE80211_AC_VO;
3984 u32 airtime;
3985
3986 airtime = ieee80211_calc_expected_tx_airtime(hw, vif, pubsta: txq->sta,
3987 len: skb->len, ampdu);
3988 if (airtime) {
3989 airtime = ieee80211_info_set_tx_time_est(info, tx_time_est: airtime);
3990 ieee80211_sta_update_pending_airtime(local, sta: tx.sta,
3991 ac: txq->ac,
3992 tx_airtime: airtime,
3993 tx_completed: false);
3994 }
3995 }
3996
3997 return skb;
3998
3999out:
4000 spin_unlock_bh(lock: &fq->lock);
4001
4002 return skb;
4003}
4004EXPORT_SYMBOL(ieee80211_tx_dequeue);
4005
4006static inline s32 ieee80211_sta_deficit(struct sta_info *sta, u8 ac)
4007{
4008 struct airtime_info *air_info = &sta->airtime[ac];
4009
4010 return air_info->deficit - atomic_read(v: &air_info->aql_tx_pending);
4011}
4012
4013static void
4014ieee80211_txq_set_active(struct txq_info *txqi)
4015{
4016 struct sta_info *sta;
4017
4018 if (!txqi->txq.sta)
4019 return;
4020
4021 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4022 sta->airtime[txqi->txq.ac].last_active = jiffies;
4023}
4024
4025static bool
4026ieee80211_txq_keep_active(struct txq_info *txqi)
4027{
4028 struct sta_info *sta;
4029
4030 if (!txqi->txq.sta)
4031 return false;
4032
4033 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4034 if (ieee80211_sta_deficit(sta, ac: txqi->txq.ac) >= 0)
4035 return false;
4036
4037 return ieee80211_sta_keep_active(sta, ac: txqi->txq.ac);
4038}
4039
4040struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
4041{
4042 struct ieee80211_local *local = hw_to_local(hw);
4043 struct ieee80211_txq *ret = NULL;
4044 struct txq_info *txqi = NULL, *head = NULL;
4045 bool found_eligible_txq = false;
4046
4047 spin_lock_bh(lock: &local->active_txq_lock[ac]);
4048
4049 if (!local->schedule_round[ac])
4050 goto out;
4051
4052 begin:
4053 txqi = list_first_entry_or_null(&local->active_txqs[ac],
4054 struct txq_info,
4055 schedule_order);
4056 if (!txqi)
4057 goto out;
4058
4059 if (txqi == head) {
4060 if (!found_eligible_txq)
4061 goto out;
4062 else
4063 found_eligible_txq = false;
4064 }
4065
4066 if (!head)
4067 head = txqi;
4068
4069 if (txqi->txq.sta) {
4070 struct sta_info *sta = container_of(txqi->txq.sta,
4071 struct sta_info, sta);
4072 bool aql_check = ieee80211_txq_airtime_check(hw, txq: &txqi->txq);
4073 s32 deficit = ieee80211_sta_deficit(sta, ac: txqi->txq.ac);
4074
4075 if (aql_check)
4076 found_eligible_txq = true;
4077
4078 if (deficit < 0)
4079 sta->airtime[txqi->txq.ac].deficit +=
4080 sta->airtime_weight;
4081
4082 if (deficit < 0 || !aql_check) {
4083 list_move_tail(list: &txqi->schedule_order,
4084 head: &local->active_txqs[txqi->txq.ac]);
4085 goto begin;
4086 }
4087 }
4088
4089 if (txqi->schedule_round == local->schedule_round[ac])
4090 goto out;
4091
4092 list_del_init(entry: &txqi->schedule_order);
4093 txqi->schedule_round = local->schedule_round[ac];
4094 ret = &txqi->txq;
4095
4096out:
4097 spin_unlock_bh(lock: &local->active_txq_lock[ac]);
4098 return ret;
4099}
4100EXPORT_SYMBOL(ieee80211_next_txq);
4101
4102void __ieee80211_schedule_txq(struct ieee80211_hw *hw,
4103 struct ieee80211_txq *txq,
4104 bool force)
4105{
4106 struct ieee80211_local *local = hw_to_local(hw);
4107 struct txq_info *txqi = to_txq_info(txq);
4108 bool has_queue;
4109
4110 spin_lock_bh(lock: &local->active_txq_lock[txq->ac]);
4111
4112 has_queue = force || txq_has_queue(txq);
4113 if (list_empty(head: &txqi->schedule_order) &&
4114 (has_queue || ieee80211_txq_keep_active(txqi))) {
4115 /* If airtime accounting is active, always enqueue STAs at the
4116 * head of the list to ensure that they only get moved to the
4117 * back by the airtime DRR scheduler once they have a negative
4118 * deficit. A station that already has a negative deficit will
4119 * get immediately moved to the back of the list on the next
4120 * call to ieee80211_next_txq().
4121 */
4122 if (txqi->txq.sta && local->airtime_flags && has_queue &&
4123 wiphy_ext_feature_isset(wiphy: local->hw.wiphy,
4124 ftidx: NL80211_EXT_FEATURE_AIRTIME_FAIRNESS))
4125 list_add(new: &txqi->schedule_order,
4126 head: &local->active_txqs[txq->ac]);
4127 else
4128 list_add_tail(new: &txqi->schedule_order,
4129 head: &local->active_txqs[txq->ac]);
4130 if (has_queue)
4131 ieee80211_txq_set_active(txqi);
4132 }
4133
4134 spin_unlock_bh(lock: &local->active_txq_lock[txq->ac]);
4135}
4136EXPORT_SYMBOL(__ieee80211_schedule_txq);
4137
4138DEFINE_STATIC_KEY_FALSE(aql_disable);
4139
4140bool ieee80211_txq_airtime_check(struct ieee80211_hw *hw,
4141 struct ieee80211_txq *txq)
4142{
4143 struct sta_info *sta;
4144 struct ieee80211_local *local = hw_to_local(hw);
4145
4146 if (!wiphy_ext_feature_isset(wiphy: local->hw.wiphy, ftidx: NL80211_EXT_FEATURE_AQL))
4147 return true;
4148
4149 if (static_branch_unlikely(&aql_disable))
4150 return true;
4151
4152 if (!txq->sta)
4153 return true;
4154
4155 if (unlikely(txq->tid == IEEE80211_NUM_TIDS))
4156 return true;
4157
4158 sta = container_of(txq->sta, struct sta_info, sta);
4159 if (atomic_read(v: &sta->airtime[txq->ac].aql_tx_pending) <
4160 sta->airtime[txq->ac].aql_limit_low)
4161 return true;
4162
4163 if (atomic_read(v: &local->aql_total_pending_airtime) <
4164 local->aql_threshold &&
4165 atomic_read(v: &sta->airtime[txq->ac].aql_tx_pending) <
4166 sta->airtime[txq->ac].aql_limit_high)
4167 return true;
4168
4169 return false;
4170}
4171EXPORT_SYMBOL(ieee80211_txq_airtime_check);
4172
4173static bool
4174ieee80211_txq_schedule_airtime_check(struct ieee80211_local *local, u8 ac)
4175{
4176 unsigned int num_txq = 0;
4177 struct txq_info *txq;
4178 u32 aql_limit;
4179
4180 if (!wiphy_ext_feature_isset(wiphy: local->hw.wiphy, ftidx: NL80211_EXT_FEATURE_AQL))
4181 return true;
4182
4183 list_for_each_entry(txq, &local->active_txqs[ac], schedule_order)
4184 num_txq++;
4185
4186 aql_limit = (num_txq - 1) * local->aql_txq_limit_low[ac] / 2 +
4187 local->aql_txq_limit_high[ac];
4188
4189 return atomic_read(v: &local->aql_ac_pending_airtime[ac]) < aql_limit;
4190}
4191
4192bool ieee80211_txq_may_transmit(struct ieee80211_hw *hw,
4193 struct ieee80211_txq *txq)
4194{
4195 struct ieee80211_local *local = hw_to_local(hw);
4196 struct txq_info *iter, *tmp, *txqi = to_txq_info(txq);
4197 struct sta_info *sta;
4198 u8 ac = txq->ac;
4199
4200 spin_lock_bh(lock: &local->active_txq_lock[ac]);
4201
4202 if (!txqi->txq.sta)
4203 goto out;
4204
4205 if (list_empty(head: &txqi->schedule_order))
4206 goto out;
4207
4208 if (!ieee80211_txq_schedule_airtime_check(local, ac))
4209 goto out;
4210
4211 list_for_each_entry_safe(iter, tmp, &local->active_txqs[ac],
4212 schedule_order) {
4213 if (iter == txqi)
4214 break;
4215
4216 if (!iter->txq.sta) {
4217 list_move_tail(list: &iter->schedule_order,
4218 head: &local->active_txqs[ac]);
4219 continue;
4220 }
4221 sta = container_of(iter->txq.sta, struct sta_info, sta);
4222 if (ieee80211_sta_deficit(sta, ac) < 0)
4223 sta->airtime[ac].deficit += sta->airtime_weight;
4224 list_move_tail(list: &iter->schedule_order, head: &local->active_txqs[ac]);
4225 }
4226
4227 sta = container_of(txqi->txq.sta, struct sta_info, sta);
4228 if (sta->airtime[ac].deficit >= 0)
4229 goto out;
4230
4231 sta->airtime[ac].deficit += sta->airtime_weight;
4232 list_move_tail(list: &txqi->schedule_order, head: &local->active_txqs[ac]);
4233 spin_unlock_bh(lock: &local->active_txq_lock[ac]);
4234
4235 return false;
4236out:
4237 if (!list_empty(head: &txqi->schedule_order))
4238 list_del_init(entry: &txqi->schedule_order);
4239 spin_unlock_bh(lock: &local->active_txq_lock[ac]);
4240
4241 return true;
4242}
4243EXPORT_SYMBOL(ieee80211_txq_may_transmit);
4244
4245void ieee80211_txq_schedule_start(struct ieee80211_hw *hw, u8 ac)
4246{
4247 struct ieee80211_local *local = hw_to_local(hw);
4248
4249 spin_lock_bh(lock: &local->active_txq_lock[ac]);
4250
4251 if (ieee80211_txq_schedule_airtime_check(local, ac)) {
4252 local->schedule_round[ac]++;
4253 if (!local->schedule_round[ac])
4254 local->schedule_round[ac]++;
4255 } else {
4256 local->schedule_round[ac] = 0;
4257 }
4258
4259 spin_unlock_bh(lock: &local->active_txq_lock[ac]);
4260}
4261EXPORT_SYMBOL(ieee80211_txq_schedule_start);
4262
4263void __ieee80211_subif_start_xmit(struct sk_buff *skb,
4264 struct net_device *dev,
4265 u32 info_flags,
4266 u32 ctrl_flags,
4267 u64 *cookie)
4268{
4269 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4270 struct ieee80211_local *local = sdata->local;
4271 struct sta_info *sta;
4272 struct sk_buff *next;
4273 int len = skb->len;
4274
4275 if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4276 kfree_skb(skb);
4277 return;
4278 }
4279
4280 sk_pacing_shift_update(sk: skb->sk, val: sdata->local->hw.tx_sk_pacing_shift);
4281
4282 rcu_read_lock();
4283
4284 if (ieee80211_vif_is_mesh(vif: &sdata->vif) &&
4285 ieee80211_hw_check(&local->hw, SUPPORT_FAST_XMIT) &&
4286 ieee80211_mesh_xmit_fast(sdata, skb, ctrl_flags))
4287 goto out;
4288
4289 if (ieee80211_lookup_ra_sta(sdata, skb, sta_out: &sta))
4290 goto out_free;
4291
4292 if (IS_ERR(ptr: sta))
4293 sta = NULL;
4294
4295 skb_set_queue_mapping(skb, queue_mapping: ieee80211_select_queue(sdata, sta, skb));
4296 ieee80211_aggr_check(sdata, sta, skb);
4297
4298 if (sta) {
4299 struct ieee80211_fast_tx *fast_tx;
4300
4301 fast_tx = rcu_dereference(sta->fast_tx);
4302
4303 if (fast_tx &&
4304 ieee80211_xmit_fast(sdata, sta, fast_tx, skb))
4305 goto out;
4306 }
4307
4308 /* the frame could be fragmented, software-encrypted, and other
4309 * things so we cannot really handle checksum or GSO offload.
4310 * fix it up in software before we handle anything else.
4311 */
4312 skb = ieee80211_tx_skb_fixup(skb, features: 0);
4313 if (!skb) {
4314 len = 0;
4315 goto out;
4316 }
4317
4318 skb_list_walk_safe(skb, skb, next) {
4319 skb_mark_not_on_list(skb);
4320
4321 if (skb->protocol == sdata->control_port_protocol)
4322 ctrl_flags |= IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
4323
4324 skb = ieee80211_build_hdr(sdata, skb, info_flags,
4325 sta, ctrl_flags, cookie);
4326 if (IS_ERR(ptr: skb)) {
4327 kfree_skb_list(segs: next);
4328 goto out;
4329 }
4330
4331 dev_sw_netstats_tx_add(dev, packets: 1, len: skb->len);
4332
4333 ieee80211_xmit(sdata, sta, skb);
4334 }
4335 goto out;
4336 out_free:
4337 kfree_skb(skb);
4338 len = 0;
4339 out:
4340 if (len)
4341 ieee80211_tpt_led_trig_tx(local, bytes: len);
4342 rcu_read_unlock();
4343}
4344
4345static int ieee80211_change_da(struct sk_buff *skb, struct sta_info *sta)
4346{
4347 struct ethhdr *eth;
4348 int err;
4349
4350 err = skb_ensure_writable(skb, ETH_HLEN);
4351 if (unlikely(err))
4352 return err;
4353
4354 eth = (void *)skb->data;
4355 ether_addr_copy(dst: eth->h_dest, src: sta->sta.addr);
4356
4357 return 0;
4358}
4359
4360static bool ieee80211_multicast_to_unicast(struct sk_buff *skb,
4361 struct net_device *dev)
4362{
4363 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4364 const struct ethhdr *eth = (void *)skb->data;
4365 const struct vlan_ethhdr *ethvlan = (void *)skb->data;
4366 __be16 ethertype;
4367
4368 switch (sdata->vif.type) {
4369 case NL80211_IFTYPE_AP_VLAN:
4370 if (sdata->u.vlan.sta)
4371 return false;
4372 if (sdata->wdev.use_4addr)
4373 return false;
4374 fallthrough;
4375 case NL80211_IFTYPE_AP:
4376 /* check runtime toggle for this bss */
4377 if (!sdata->bss->multicast_to_unicast)
4378 return false;
4379 break;
4380 default:
4381 return false;
4382 }
4383
4384 /* multicast to unicast conversion only for some payload */
4385 ethertype = eth->h_proto;
4386 if (ethertype == htons(ETH_P_8021Q) && skb->len >= VLAN_ETH_HLEN)
4387 ethertype = ethvlan->h_vlan_encapsulated_proto;
4388 switch (ethertype) {
4389 case htons(ETH_P_ARP):
4390 case htons(ETH_P_IP):
4391 case htons(ETH_P_IPV6):
4392 break;
4393 default:
4394 return false;
4395 }
4396
4397 return true;
4398}
4399
4400static void
4401ieee80211_convert_to_unicast(struct sk_buff *skb, struct net_device *dev,
4402 struct sk_buff_head *queue)
4403{
4404 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4405 struct ieee80211_local *local = sdata->local;
4406 const struct ethhdr *eth = (struct ethhdr *)skb->data;
4407 struct sta_info *sta, *first = NULL;
4408 struct sk_buff *cloned_skb;
4409
4410 rcu_read_lock();
4411
4412 list_for_each_entry_rcu(sta, &local->sta_list, list) {
4413 if (sdata != sta->sdata)
4414 /* AP-VLAN mismatch */
4415 continue;
4416 if (unlikely(ether_addr_equal(eth->h_source, sta->sta.addr)))
4417 /* do not send back to source */
4418 continue;
4419 if (!first) {
4420 first = sta;
4421 continue;
4422 }
4423 cloned_skb = skb_clone(skb, GFP_ATOMIC);
4424 if (!cloned_skb)
4425 goto multicast;
4426 if (unlikely(ieee80211_change_da(cloned_skb, sta))) {
4427 dev_kfree_skb(cloned_skb);
4428 goto multicast;
4429 }
4430 __skb_queue_tail(list: queue, newsk: cloned_skb);
4431 }
4432
4433 if (likely(first)) {
4434 if (unlikely(ieee80211_change_da(skb, first)))
4435 goto multicast;
4436 __skb_queue_tail(list: queue, newsk: skb);
4437 } else {
4438 /* no STA connected, drop */
4439 kfree_skb(skb);
4440 skb = NULL;
4441 }
4442
4443 goto out;
4444multicast:
4445 __skb_queue_purge(list: queue);
4446 __skb_queue_tail(list: queue, newsk: skb);
4447out:
4448 rcu_read_unlock();
4449}
4450
4451static void ieee80211_mlo_multicast_tx_one(struct ieee80211_sub_if_data *sdata,
4452 struct sk_buff *skb, u32 ctrl_flags,
4453 unsigned int link_id)
4454{
4455 struct sk_buff *out;
4456
4457 out = skb_copy(skb, GFP_ATOMIC);
4458 if (!out)
4459 return;
4460
4461 ctrl_flags |= u32_encode_bits(v: link_id, field: IEEE80211_TX_CTRL_MLO_LINK);
4462 __ieee80211_subif_start_xmit(skb: out, dev: sdata->dev, info_flags: 0, ctrl_flags, NULL);
4463}
4464
4465static void ieee80211_mlo_multicast_tx(struct net_device *dev,
4466 struct sk_buff *skb)
4467{
4468 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4469 unsigned long links = sdata->vif.active_links;
4470 unsigned int link;
4471 u32 ctrl_flags = IEEE80211_TX_CTRL_MCAST_MLO_FIRST_TX;
4472
4473 if (hweight16(links) == 1) {
4474 ctrl_flags |= u32_encode_bits(__ffs(links),
4475 field: IEEE80211_TX_CTRL_MLO_LINK);
4476
4477 __ieee80211_subif_start_xmit(skb, dev: sdata->dev, info_flags: 0, ctrl_flags,
4478 NULL);
4479 return;
4480 }
4481
4482 for_each_set_bit(link, &links, IEEE80211_MLD_MAX_NUM_LINKS) {
4483 ieee80211_mlo_multicast_tx_one(sdata, skb, ctrl_flags, link_id: link);
4484 ctrl_flags = 0;
4485 }
4486 kfree_skb(skb);
4487}
4488
4489/**
4490 * ieee80211_subif_start_xmit - netif start_xmit function for 802.3 vifs
4491 * @skb: packet to be sent
4492 * @dev: incoming interface
4493 *
4494 * On failure skb will be freed.
4495 *
4496 * Returns: the netdev TX status (but really only %NETDEV_TX_OK)
4497 */
4498netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
4499 struct net_device *dev)
4500{
4501 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4502 const struct ethhdr *eth = (void *)skb->data;
4503
4504 if (likely(!is_multicast_ether_addr(eth->h_dest)))
4505 goto normal;
4506
4507 if (unlikely(!ieee80211_sdata_running(sdata))) {
4508 kfree_skb(skb);
4509 return NETDEV_TX_OK;
4510 }
4511
4512 if (unlikely(ieee80211_multicast_to_unicast(skb, dev))) {
4513 struct sk_buff_head queue;
4514
4515 __skb_queue_head_init(list: &queue);
4516 ieee80211_convert_to_unicast(skb, dev, queue: &queue);
4517 while ((skb = __skb_dequeue(list: &queue)))
4518 __ieee80211_subif_start_xmit(skb, dev, info_flags: 0,
4519 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4520 NULL);
4521 } else if (ieee80211_vif_is_mld(vif: &sdata->vif) &&
4522 sdata->vif.type == NL80211_IFTYPE_AP &&
4523 !ieee80211_hw_check(&sdata->local->hw, MLO_MCAST_MULTI_LINK_TX)) {
4524 ieee80211_mlo_multicast_tx(dev, skb);
4525 } else {
4526normal:
4527 __ieee80211_subif_start_xmit(skb, dev, info_flags: 0,
4528 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4529 NULL);
4530 }
4531
4532 return NETDEV_TX_OK;
4533}
4534
4535
4536
4537static bool __ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4538 struct sk_buff *skb, struct sta_info *sta,
4539 bool txpending)
4540{
4541 struct ieee80211_local *local = sdata->local;
4542 struct ieee80211_tx_control control = {};
4543 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4544 struct ieee80211_sta *pubsta = NULL;
4545 unsigned long flags;
4546 int q = info->hw_queue;
4547
4548 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4549
4550 if (local->queue_stop_reasons[q] ||
4551 (!txpending && !skb_queue_empty(list: &local->pending[q]))) {
4552 if (txpending)
4553 skb_queue_head(list: &local->pending[q], newsk: skb);
4554 else
4555 skb_queue_tail(list: &local->pending[q], newsk: skb);
4556
4557 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
4558
4559 return false;
4560 }
4561
4562 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
4563
4564 if (sta && sta->uploaded)
4565 pubsta = &sta->sta;
4566
4567 control.sta = pubsta;
4568
4569 drv_tx(local, control: &control, skb);
4570
4571 return true;
4572}
4573
4574static bool ieee80211_tx_8023(struct ieee80211_sub_if_data *sdata,
4575 struct sk_buff *skb, struct sta_info *sta,
4576 bool txpending)
4577{
4578 struct ieee80211_local *local = sdata->local;
4579 struct sk_buff *next;
4580 bool ret = true;
4581
4582 if (ieee80211_queue_skb(local, sdata, sta, skb))
4583 return true;
4584
4585 skb_list_walk_safe(skb, skb, next) {
4586 skb_mark_not_on_list(skb);
4587 if (!__ieee80211_tx_8023(sdata, skb, sta, txpending))
4588 ret = false;
4589 }
4590
4591 return ret;
4592}
4593
4594static void ieee80211_8023_xmit(struct ieee80211_sub_if_data *sdata,
4595 struct net_device *dev, struct sta_info *sta,
4596 struct ieee80211_key *key, struct sk_buff *skb)
4597{
4598 struct ieee80211_tx_info *info;
4599 struct ieee80211_local *local = sdata->local;
4600 struct tid_ampdu_tx *tid_tx;
4601 struct sk_buff *seg, *next;
4602 unsigned int skbs = 0, len = 0;
4603 u16 queue;
4604 u8 tid;
4605
4606 queue = ieee80211_select_queue(sdata, sta, skb);
4607 skb_set_queue_mapping(skb, queue_mapping: queue);
4608
4609 if (unlikely(test_bit(SCAN_SW_SCANNING, &local->scanning)) &&
4610 test_bit(SDATA_STATE_OFFCHANNEL, &sdata->state))
4611 goto out_free;
4612
4613 skb = skb_share_check(skb, GFP_ATOMIC);
4614 if (unlikely(!skb))
4615 return;
4616
4617 ieee80211_aggr_check(sdata, sta, skb);
4618
4619 tid = skb->priority & IEEE80211_QOS_CTL_TAG1D_MASK;
4620 tid_tx = rcu_dereference(sta->ampdu_mlme.tid_tx[tid]);
4621 if (tid_tx) {
4622 if (!test_bit(HT_AGG_STATE_OPERATIONAL, &tid_tx->state)) {
4623 /* fall back to non-offload slow path */
4624 __ieee80211_subif_start_xmit(skb, dev, info_flags: 0,
4625 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC,
4626 NULL);
4627 return;
4628 }
4629
4630 if (tid_tx->timeout)
4631 tid_tx->last_tx = jiffies;
4632 }
4633
4634 skb = ieee80211_tx_skb_fixup(skb, features: ieee80211_sdata_netdev_features(sdata));
4635 if (!skb)
4636 return;
4637
4638 info = IEEE80211_SKB_CB(skb);
4639 memset(info, 0, sizeof(*info));
4640
4641 info->hw_queue = sdata->vif.hw_queue[queue];
4642
4643 if (sdata->vif.type == NL80211_IFTYPE_AP_VLAN)
4644 sdata = container_of(sdata->bss,
4645 struct ieee80211_sub_if_data, u.ap);
4646
4647 info->flags |= IEEE80211_TX_CTL_HW_80211_ENCAP;
4648 info->control.vif = &sdata->vif;
4649
4650 if (key)
4651 info->control.hw_key = &key->conf;
4652
4653 skb_list_walk_safe(skb, seg, next) {
4654 skbs++;
4655 len += seg->len;
4656 if (seg != skb)
4657 memcpy(IEEE80211_SKB_CB(seg), info, sizeof(*info));
4658 }
4659
4660 if (unlikely(skb->sk &&
4661 skb_shinfo(skb)->tx_flags & SKBTX_WIFI_STATUS)) {
4662 info->status_data = ieee80211_store_ack_skb(local, skb,
4663 info_flags: &info->flags, NULL);
4664 if (info->status_data)
4665 info->status_data_idr = 1;
4666 }
4667
4668 dev_sw_netstats_tx_add(dev, packets: skbs, len);
4669 sta->deflink.tx_stats.packets[queue] += skbs;
4670 sta->deflink.tx_stats.bytes[queue] += len;
4671
4672 ieee80211_tpt_led_trig_tx(local, bytes: len);
4673
4674 ieee80211_tx_8023(sdata, skb, sta, txpending: false);
4675
4676 return;
4677
4678out_free:
4679 kfree_skb(skb);
4680}
4681
4682netdev_tx_t ieee80211_subif_start_xmit_8023(struct sk_buff *skb,
4683 struct net_device *dev)
4684{
4685 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
4686 struct ethhdr *ehdr = (struct ethhdr *)skb->data;
4687 struct ieee80211_key *key;
4688 struct sta_info *sta;
4689
4690 if (unlikely(!ieee80211_sdata_running(sdata) || skb->len < ETH_HLEN)) {
4691 kfree_skb(skb);
4692 return NETDEV_TX_OK;
4693 }
4694
4695 rcu_read_lock();
4696
4697 if (ieee80211_lookup_ra_sta(sdata, skb, sta_out: &sta)) {
4698 kfree_skb(skb);
4699 goto out;
4700 }
4701
4702 if (unlikely(IS_ERR_OR_NULL(sta) || !sta->uploaded ||
4703 !test_sta_flag(sta, WLAN_STA_AUTHORIZED) ||
4704 sdata->control_port_protocol == ehdr->h_proto))
4705 goto skip_offload;
4706
4707 key = rcu_dereference(sta->ptk[sta->ptk_idx]);
4708 if (!key)
4709 key = rcu_dereference(sdata->default_unicast_key);
4710
4711 if (key && (!(key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) ||
4712 key->conf.cipher == WLAN_CIPHER_SUITE_TKIP))
4713 goto skip_offload;
4714
4715 sk_pacing_shift_update(sk: skb->sk, val: sdata->local->hw.tx_sk_pacing_shift);
4716 ieee80211_8023_xmit(sdata, dev, sta, key, skb);
4717 goto out;
4718
4719skip_offload:
4720 ieee80211_subif_start_xmit(skb, dev);
4721out:
4722 rcu_read_unlock();
4723
4724 return NETDEV_TX_OK;
4725}
4726
4727struct sk_buff *
4728ieee80211_build_data_template(struct ieee80211_sub_if_data *sdata,
4729 struct sk_buff *skb, u32 info_flags)
4730{
4731 struct ieee80211_hdr *hdr;
4732 struct ieee80211_tx_data tx = {
4733 .local = sdata->local,
4734 .sdata = sdata,
4735 };
4736 struct sta_info *sta;
4737
4738 rcu_read_lock();
4739
4740 if (ieee80211_lookup_ra_sta(sdata, skb, sta_out: &sta)) {
4741 kfree_skb(skb);
4742 skb = ERR_PTR(error: -EINVAL);
4743 goto out;
4744 }
4745
4746 skb = ieee80211_build_hdr(sdata, skb, info_flags, sta,
4747 IEEE80211_TX_CTRL_MLO_LINK_UNSPEC, NULL);
4748 if (IS_ERR(ptr: skb))
4749 goto out;
4750
4751 hdr = (void *)skb->data;
4752 tx.sta = sta_info_get(sdata, addr: hdr->addr1);
4753 tx.skb = skb;
4754
4755 if (ieee80211_tx_h_select_key(tx: &tx) != TX_CONTINUE) {
4756 rcu_read_unlock();
4757 kfree_skb(skb);
4758 return ERR_PTR(error: -EINVAL);
4759 }
4760
4761out:
4762 rcu_read_unlock();
4763 return skb;
4764}
4765
4766/*
4767 * ieee80211_clear_tx_pending may not be called in a context where
4768 * it is possible that it packets could come in again.
4769 */
4770void ieee80211_clear_tx_pending(struct ieee80211_local *local)
4771{
4772 struct sk_buff *skb;
4773 int i;
4774
4775 for (i = 0; i < local->hw.queues; i++) {
4776 while ((skb = skb_dequeue(list: &local->pending[i])) != NULL)
4777 ieee80211_free_txskb(hw: &local->hw, skb);
4778 }
4779}
4780
4781/*
4782 * Returns false if the frame couldn't be transmitted but was queued instead,
4783 * which in this case means re-queued -- take as an indication to stop sending
4784 * more pending frames.
4785 */
4786static bool ieee80211_tx_pending_skb(struct ieee80211_local *local,
4787 struct sk_buff *skb)
4788{
4789 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4790 struct ieee80211_sub_if_data *sdata;
4791 struct sta_info *sta;
4792 struct ieee80211_hdr *hdr;
4793 bool result;
4794 struct ieee80211_chanctx_conf *chanctx_conf;
4795
4796 sdata = vif_to_sdata(p: info->control.vif);
4797
4798 if (info->control.flags & IEEE80211_TX_INTCFL_NEED_TXPROCESSING) {
4799 /* update band only for non-MLD */
4800 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
4801 chanctx_conf =
4802 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
4803 if (unlikely(!chanctx_conf)) {
4804 dev_kfree_skb(skb);
4805 return true;
4806 }
4807 info->band = chanctx_conf->def.chan->band;
4808 }
4809 result = ieee80211_tx(sdata, NULL, skb, txpending: true);
4810 } else if (info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP) {
4811 if (ieee80211_lookup_ra_sta(sdata, skb, sta_out: &sta)) {
4812 dev_kfree_skb(skb);
4813 return true;
4814 }
4815
4816 if (IS_ERR(ptr: sta) || (sta && !sta->uploaded))
4817 sta = NULL;
4818
4819 result = ieee80211_tx_8023(sdata, skb, sta, txpending: true);
4820 } else {
4821 struct sk_buff_head skbs;
4822
4823 __skb_queue_head_init(list: &skbs);
4824 __skb_queue_tail(list: &skbs, newsk: skb);
4825
4826 hdr = (struct ieee80211_hdr *)skb->data;
4827 sta = sta_info_get(sdata, addr: hdr->addr1);
4828
4829 result = __ieee80211_tx(local, skbs: &skbs, sta, txpending: true);
4830 }
4831
4832 return result;
4833}
4834
4835/*
4836 * Transmit all pending packets. Called from tasklet.
4837 */
4838void ieee80211_tx_pending(struct tasklet_struct *t)
4839{
4840 struct ieee80211_local *local = from_tasklet(local, t,
4841 tx_pending_tasklet);
4842 unsigned long flags;
4843 int i;
4844 bool txok;
4845
4846 rcu_read_lock();
4847
4848 spin_lock_irqsave(&local->queue_stop_reason_lock, flags);
4849 for (i = 0; i < local->hw.queues; i++) {
4850 /*
4851 * If queue is stopped by something other than due to pending
4852 * frames, or we have no pending frames, proceed to next queue.
4853 */
4854 if (local->queue_stop_reasons[i] ||
4855 skb_queue_empty(list: &local->pending[i]))
4856 continue;
4857
4858 while (!skb_queue_empty(list: &local->pending[i])) {
4859 struct sk_buff *skb = __skb_dequeue(list: &local->pending[i]);
4860 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
4861
4862 if (WARN_ON(!info->control.vif)) {
4863 ieee80211_free_txskb(hw: &local->hw, skb);
4864 continue;
4865 }
4866
4867 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock,
4868 flags);
4869
4870 txok = ieee80211_tx_pending_skb(local, skb);
4871 spin_lock_irqsave(&local->queue_stop_reason_lock,
4872 flags);
4873 if (!txok)
4874 break;
4875 }
4876 }
4877 spin_unlock_irqrestore(lock: &local->queue_stop_reason_lock, flags);
4878
4879 rcu_read_unlock();
4880}
4881
4882/* functions for drivers to get certain frames */
4883
4884static void __ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4885 struct ieee80211_link_data *link,
4886 struct ps_data *ps, struct sk_buff *skb,
4887 bool is_template)
4888{
4889 u8 *pos, *tim;
4890 int aid0 = 0;
4891 int i, have_bits = 0, n1, n2;
4892 struct ieee80211_bss_conf *link_conf = link->conf;
4893
4894 /* Generate bitmap for TIM only if there are any STAs in power save
4895 * mode. */
4896 if (atomic_read(v: &ps->num_sta_ps) > 0)
4897 /* in the hope that this is faster than
4898 * checking byte-for-byte */
4899 have_bits = !bitmap_empty(src: (unsigned long *)ps->tim,
4900 IEEE80211_MAX_AID+1);
4901 if (!is_template) {
4902 if (ps->dtim_count == 0)
4903 ps->dtim_count = link_conf->dtim_period - 1;
4904 else
4905 ps->dtim_count--;
4906 }
4907
4908 tim = pos = skb_put(skb, len: 5);
4909 *pos++ = WLAN_EID_TIM;
4910 *pos++ = 3;
4911 *pos++ = ps->dtim_count;
4912 *pos++ = link_conf->dtim_period;
4913
4914 if (ps->dtim_count == 0 && !skb_queue_empty(list: &ps->bc_buf))
4915 aid0 = 1;
4916
4917 ps->dtim_bc_mc = aid0 == 1;
4918
4919 if (have_bits) {
4920 /* Find largest even number N1 so that bits numbered 1 through
4921 * (N1 x 8) - 1 in the bitmap are 0 and number N2 so that bits
4922 * (N2 + 1) x 8 through 2007 are 0. */
4923 n1 = 0;
4924 for (i = 0; i < IEEE80211_MAX_TIM_LEN; i++) {
4925 if (ps->tim[i]) {
4926 n1 = i & 0xfe;
4927 break;
4928 }
4929 }
4930 n2 = n1;
4931 for (i = IEEE80211_MAX_TIM_LEN - 1; i >= n1; i--) {
4932 if (ps->tim[i]) {
4933 n2 = i;
4934 break;
4935 }
4936 }
4937
4938 /* Bitmap control */
4939 *pos++ = n1 | aid0;
4940 /* Part Virt Bitmap */
4941 skb_put_data(skb, data: ps->tim + n1, len: n2 - n1 + 1);
4942
4943 tim[1] = n2 - n1 + 4;
4944 } else {
4945 *pos++ = aid0; /* Bitmap control */
4946
4947 if (ieee80211_get_link_sband(link)->band != NL80211_BAND_S1GHZ) {
4948 tim[1] = 4;
4949 /* Part Virt Bitmap */
4950 skb_put_u8(skb, val: 0);
4951 }
4952 }
4953}
4954
4955static int ieee80211_beacon_add_tim(struct ieee80211_sub_if_data *sdata,
4956 struct ieee80211_link_data *link,
4957 struct ps_data *ps, struct sk_buff *skb,
4958 bool is_template)
4959{
4960 struct ieee80211_local *local = sdata->local;
4961
4962 /*
4963 * Not very nice, but we want to allow the driver to call
4964 * ieee80211_beacon_get() as a response to the set_tim()
4965 * callback. That, however, is already invoked under the
4966 * sta_lock to guarantee consistent and race-free update
4967 * of the tim bitmap in mac80211 and the driver.
4968 */
4969 if (local->tim_in_locked_section) {
4970 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4971 } else {
4972 spin_lock_bh(lock: &local->tim_lock);
4973 __ieee80211_beacon_add_tim(sdata, link, ps, skb, is_template);
4974 spin_unlock_bh(lock: &local->tim_lock);
4975 }
4976
4977 return 0;
4978}
4979
4980static void ieee80211_set_beacon_cntdwn(struct ieee80211_sub_if_data *sdata,
4981 struct beacon_data *beacon,
4982 struct ieee80211_link_data *link)
4983{
4984 u8 *beacon_data, count, max_count = 1;
4985 struct probe_resp *resp;
4986 size_t beacon_data_len;
4987 u16 *bcn_offsets;
4988 int i;
4989
4990 switch (sdata->vif.type) {
4991 case NL80211_IFTYPE_AP:
4992 beacon_data = beacon->tail;
4993 beacon_data_len = beacon->tail_len;
4994 break;
4995 case NL80211_IFTYPE_ADHOC:
4996 beacon_data = beacon->head;
4997 beacon_data_len = beacon->head_len;
4998 break;
4999 case NL80211_IFTYPE_MESH_POINT:
5000 beacon_data = beacon->head;
5001 beacon_data_len = beacon->head_len;
5002 break;
5003 default:
5004 return;
5005 }
5006
5007 resp = rcu_dereference(link->u.ap.probe_resp);
5008
5009 bcn_offsets = beacon->cntdwn_counter_offsets;
5010 count = beacon->cntdwn_current_counter;
5011 if (link->conf->csa_active)
5012 max_count = IEEE80211_MAX_CNTDWN_COUNTERS_NUM;
5013
5014 for (i = 0; i < max_count; ++i) {
5015 if (bcn_offsets[i]) {
5016 if (WARN_ON_ONCE(bcn_offsets[i] >= beacon_data_len))
5017 return;
5018 beacon_data[bcn_offsets[i]] = count;
5019 }
5020
5021 if (sdata->vif.type == NL80211_IFTYPE_AP && resp) {
5022 u16 *resp_offsets = resp->cntdwn_counter_offsets;
5023
5024 resp->data[resp_offsets[i]] = count;
5025 }
5026 }
5027}
5028
5029static u8 __ieee80211_beacon_update_cntdwn(struct beacon_data *beacon)
5030{
5031 beacon->cntdwn_current_counter--;
5032
5033 /* the counter should never reach 0 */
5034 WARN_ON_ONCE(!beacon->cntdwn_current_counter);
5035
5036 return beacon->cntdwn_current_counter;
5037}
5038
5039u8 ieee80211_beacon_update_cntdwn(struct ieee80211_vif *vif, unsigned int link_id)
5040{
5041 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5042 struct ieee80211_link_data *link;
5043 struct beacon_data *beacon = NULL;
5044 u8 count = 0;
5045
5046 if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5047 return 0;
5048
5049 rcu_read_lock();
5050
5051 link = rcu_dereference(sdata->link[link_id]);
5052 if (!link)
5053 goto unlock;
5054
5055 if (sdata->vif.type == NL80211_IFTYPE_AP)
5056 beacon = rcu_dereference(link->u.ap.beacon);
5057 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
5058 beacon = rcu_dereference(sdata->u.ibss.presp);
5059 else if (ieee80211_vif_is_mesh(vif: &sdata->vif))
5060 beacon = rcu_dereference(sdata->u.mesh.beacon);
5061
5062 if (!beacon)
5063 goto unlock;
5064
5065 count = __ieee80211_beacon_update_cntdwn(beacon);
5066
5067unlock:
5068 rcu_read_unlock();
5069 return count;
5070}
5071EXPORT_SYMBOL(ieee80211_beacon_update_cntdwn);
5072
5073void ieee80211_beacon_set_cntdwn(struct ieee80211_vif *vif, u8 counter)
5074{
5075 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5076 struct beacon_data *beacon = NULL;
5077
5078 rcu_read_lock();
5079
5080 if (sdata->vif.type == NL80211_IFTYPE_AP)
5081 beacon = rcu_dereference(sdata->deflink.u.ap.beacon);
5082 else if (sdata->vif.type == NL80211_IFTYPE_ADHOC)
5083 beacon = rcu_dereference(sdata->u.ibss.presp);
5084 else if (ieee80211_vif_is_mesh(vif: &sdata->vif))
5085 beacon = rcu_dereference(sdata->u.mesh.beacon);
5086
5087 if (!beacon)
5088 goto unlock;
5089
5090 if (counter < beacon->cntdwn_current_counter)
5091 beacon->cntdwn_current_counter = counter;
5092
5093unlock:
5094 rcu_read_unlock();
5095}
5096EXPORT_SYMBOL(ieee80211_beacon_set_cntdwn);
5097
5098bool ieee80211_beacon_cntdwn_is_complete(struct ieee80211_vif *vif,
5099 unsigned int link_id)
5100{
5101 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5102 struct ieee80211_link_data *link;
5103 struct beacon_data *beacon = NULL;
5104 u8 *beacon_data;
5105 size_t beacon_data_len;
5106 int ret = false;
5107
5108 if (!ieee80211_sdata_running(sdata))
5109 return false;
5110
5111 if (WARN_ON(link_id >= IEEE80211_MLD_MAX_NUM_LINKS))
5112 return 0;
5113
5114 rcu_read_lock();
5115
5116 link = rcu_dereference(sdata->link[link_id]);
5117 if (!link)
5118 goto out;
5119
5120 if (vif->type == NL80211_IFTYPE_AP) {
5121 beacon = rcu_dereference(link->u.ap.beacon);
5122 if (WARN_ON(!beacon || !beacon->tail))
5123 goto out;
5124 beacon_data = beacon->tail;
5125 beacon_data_len = beacon->tail_len;
5126 } else if (vif->type == NL80211_IFTYPE_ADHOC) {
5127 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5128
5129 beacon = rcu_dereference(ifibss->presp);
5130 if (!beacon)
5131 goto out;
5132
5133 beacon_data = beacon->head;
5134 beacon_data_len = beacon->head_len;
5135 } else if (vif->type == NL80211_IFTYPE_MESH_POINT) {
5136 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5137
5138 beacon = rcu_dereference(ifmsh->beacon);
5139 if (!beacon)
5140 goto out;
5141
5142 beacon_data = beacon->head;
5143 beacon_data_len = beacon->head_len;
5144 } else {
5145 WARN_ON(1);
5146 goto out;
5147 }
5148
5149 if (!beacon->cntdwn_counter_offsets[0])
5150 goto out;
5151
5152 if (WARN_ON_ONCE(beacon->cntdwn_counter_offsets[0] > beacon_data_len))
5153 goto out;
5154
5155 if (beacon_data[beacon->cntdwn_counter_offsets[0]] == 1)
5156 ret = true;
5157
5158 out:
5159 rcu_read_unlock();
5160
5161 return ret;
5162}
5163EXPORT_SYMBOL(ieee80211_beacon_cntdwn_is_complete);
5164
5165static int ieee80211_beacon_protect(struct sk_buff *skb,
5166 struct ieee80211_local *local,
5167 struct ieee80211_sub_if_data *sdata,
5168 struct ieee80211_link_data *link)
5169{
5170 ieee80211_tx_result res;
5171 struct ieee80211_tx_data tx;
5172 struct sk_buff *check_skb;
5173
5174 memset(&tx, 0, sizeof(tx));
5175 tx.key = rcu_dereference(link->default_beacon_key);
5176 if (!tx.key)
5177 return 0;
5178
5179 if (unlikely(tx.key->flags & KEY_FLAG_TAINTED)) {
5180 tx.key = NULL;
5181 return -EINVAL;
5182 }
5183
5184 if (!(tx.key->conf.flags & IEEE80211_KEY_FLAG_SW_MGMT_TX) &&
5185 tx.key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE)
5186 IEEE80211_SKB_CB(skb)->control.hw_key = &tx.key->conf;
5187
5188 tx.local = local;
5189 tx.sdata = sdata;
5190 __skb_queue_head_init(list: &tx.skbs);
5191 __skb_queue_tail(list: &tx.skbs, newsk: skb);
5192 res = ieee80211_tx_h_encrypt(tx: &tx);
5193 check_skb = __skb_dequeue(list: &tx.skbs);
5194 /* we may crash after this, but it'd be a bug in crypto */
5195 WARN_ON(check_skb != skb);
5196 if (WARN_ON_ONCE(res != TX_CONTINUE))
5197 return -EINVAL;
5198
5199 return 0;
5200}
5201
5202static void
5203ieee80211_beacon_get_finish(struct ieee80211_hw *hw,
5204 struct ieee80211_vif *vif,
5205 struct ieee80211_link_data *link,
5206 struct ieee80211_mutable_offsets *offs,
5207 struct beacon_data *beacon,
5208 struct sk_buff *skb,
5209 struct ieee80211_chanctx_conf *chanctx_conf,
5210 u16 csa_off_base)
5211{
5212 struct ieee80211_local *local = hw_to_local(hw);
5213 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5214 struct ieee80211_tx_info *info;
5215 enum nl80211_band band;
5216 struct ieee80211_tx_rate_control txrc;
5217
5218 /* CSA offsets */
5219 if (offs && beacon) {
5220 u16 i;
5221
5222 for (i = 0; i < IEEE80211_MAX_CNTDWN_COUNTERS_NUM; i++) {
5223 u16 csa_off = beacon->cntdwn_counter_offsets[i];
5224
5225 if (!csa_off)
5226 continue;
5227
5228 offs->cntdwn_counter_offs[i] = csa_off_base + csa_off;
5229 }
5230 }
5231
5232 band = chanctx_conf->def.chan->band;
5233 info = IEEE80211_SKB_CB(skb);
5234 info->flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
5235 info->flags |= IEEE80211_TX_CTL_NO_ACK;
5236 info->band = band;
5237
5238 memset(&txrc, 0, sizeof(txrc));
5239 txrc.hw = hw;
5240 txrc.sband = local->hw.wiphy->bands[band];
5241 txrc.bss_conf = link->conf;
5242 txrc.skb = skb;
5243 txrc.reported_rate.idx = -1;
5244 if (sdata->beacon_rate_set && sdata->beacon_rateidx_mask[band])
5245 txrc.rate_idx_mask = sdata->beacon_rateidx_mask[band];
5246 else
5247 txrc.rate_idx_mask = sdata->rc_rateidx_mask[band];
5248 txrc.bss = true;
5249 rate_control_get_rate(sdata, NULL, txrc: &txrc);
5250
5251 info->control.vif = vif;
5252 info->control.flags |= u32_encode_bits(v: link->link_id,
5253 field: IEEE80211_TX_CTRL_MLO_LINK);
5254 info->flags |= IEEE80211_TX_CTL_CLEAR_PS_FILT |
5255 IEEE80211_TX_CTL_ASSIGN_SEQ |
5256 IEEE80211_TX_CTL_FIRST_FRAGMENT;
5257}
5258
5259static void
5260ieee80211_beacon_add_mbssid(struct sk_buff *skb, struct beacon_data *beacon,
5261 u8 i)
5262{
5263 if (!beacon->mbssid_ies || !beacon->mbssid_ies->cnt ||
5264 i > beacon->mbssid_ies->cnt)
5265 return;
5266
5267 if (i < beacon->mbssid_ies->cnt) {
5268 skb_put_data(skb, data: beacon->mbssid_ies->elem[i].data,
5269 len: beacon->mbssid_ies->elem[i].len);
5270
5271 if (beacon->rnr_ies && beacon->rnr_ies->cnt) {
5272 skb_put_data(skb, data: beacon->rnr_ies->elem[i].data,
5273 len: beacon->rnr_ies->elem[i].len);
5274
5275 for (i = beacon->mbssid_ies->cnt; i < beacon->rnr_ies->cnt; i++)
5276 skb_put_data(skb, data: beacon->rnr_ies->elem[i].data,
5277 len: beacon->rnr_ies->elem[i].len);
5278 }
5279 return;
5280 }
5281
5282 /* i == beacon->mbssid_ies->cnt, include all MBSSID elements */
5283 for (i = 0; i < beacon->mbssid_ies->cnt; i++)
5284 skb_put_data(skb, data: beacon->mbssid_ies->elem[i].data,
5285 len: beacon->mbssid_ies->elem[i].len);
5286}
5287
5288static struct sk_buff *
5289ieee80211_beacon_get_ap(struct ieee80211_hw *hw,
5290 struct ieee80211_vif *vif,
5291 struct ieee80211_link_data *link,
5292 struct ieee80211_mutable_offsets *offs,
5293 bool is_template,
5294 struct beacon_data *beacon,
5295 struct ieee80211_chanctx_conf *chanctx_conf,
5296 u8 ema_index)
5297{
5298 struct ieee80211_local *local = hw_to_local(hw);
5299 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5300 struct ieee80211_if_ap *ap = &sdata->u.ap;
5301 struct sk_buff *skb = NULL;
5302 u16 csa_off_base = 0;
5303 int mbssid_len;
5304
5305 if (beacon->cntdwn_counter_offsets[0]) {
5306 if (!is_template)
5307 ieee80211_beacon_update_cntdwn(vif, link->link_id);
5308
5309 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5310 }
5311
5312 /* headroom, head length,
5313 * tail length, maximum TIM length and multiple BSSID length
5314 */
5315 mbssid_len = ieee80211_get_mbssid_beacon_len(elems: beacon->mbssid_ies,
5316 rnr_elems: beacon->rnr_ies,
5317 i: ema_index);
5318
5319 skb = dev_alloc_skb(length: local->tx_headroom + beacon->head_len +
5320 beacon->tail_len + 256 +
5321 local->hw.extra_beacon_tailroom + mbssid_len);
5322 if (!skb)
5323 return NULL;
5324
5325 skb_reserve(skb, len: local->tx_headroom);
5326 skb_put_data(skb, data: beacon->head, len: beacon->head_len);
5327
5328 ieee80211_beacon_add_tim(sdata, link, ps: &ap->ps, skb, is_template);
5329
5330 if (offs) {
5331 offs->tim_offset = beacon->head_len;
5332 offs->tim_length = skb->len - beacon->head_len;
5333 offs->cntdwn_counter_offs[0] = beacon->cntdwn_counter_offsets[0];
5334
5335 if (mbssid_len) {
5336 ieee80211_beacon_add_mbssid(skb, beacon, i: ema_index);
5337 offs->mbssid_off = skb->len - mbssid_len;
5338 }
5339
5340 /* for AP the csa offsets are from tail */
5341 csa_off_base = skb->len;
5342 }
5343
5344 if (beacon->tail)
5345 skb_put_data(skb, data: beacon->tail, len: beacon->tail_len);
5346
5347 if (ieee80211_beacon_protect(skb, local, sdata, link) < 0)
5348 return NULL;
5349
5350 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5351 chanctx_conf, csa_off_base);
5352 return skb;
5353}
5354
5355static struct ieee80211_ema_beacons *
5356ieee80211_beacon_get_ap_ema_list(struct ieee80211_hw *hw,
5357 struct ieee80211_vif *vif,
5358 struct ieee80211_link_data *link,
5359 struct ieee80211_mutable_offsets *offs,
5360 bool is_template, struct beacon_data *beacon,
5361 struct ieee80211_chanctx_conf *chanctx_conf)
5362{
5363 struct ieee80211_ema_beacons *ema = NULL;
5364
5365 if (!beacon->mbssid_ies || !beacon->mbssid_ies->cnt)
5366 return NULL;
5367
5368 ema = kzalloc(struct_size(ema, bcn, beacon->mbssid_ies->cnt),
5369 GFP_ATOMIC);
5370 if (!ema)
5371 return NULL;
5372
5373 for (ema->cnt = 0; ema->cnt < beacon->mbssid_ies->cnt; ema->cnt++) {
5374 ema->bcn[ema->cnt].skb =
5375 ieee80211_beacon_get_ap(hw, vif, link,
5376 offs: &ema->bcn[ema->cnt].offs,
5377 is_template, beacon,
5378 chanctx_conf, ema_index: ema->cnt);
5379 if (!ema->bcn[ema->cnt].skb)
5380 break;
5381 }
5382
5383 if (ema->cnt == beacon->mbssid_ies->cnt)
5384 return ema;
5385
5386 ieee80211_beacon_free_ema_list(ema_beacons: ema);
5387 return NULL;
5388}
5389
5390#define IEEE80211_INCLUDE_ALL_MBSSID_ELEMS -1
5391
5392static struct sk_buff *
5393__ieee80211_beacon_get(struct ieee80211_hw *hw,
5394 struct ieee80211_vif *vif,
5395 struct ieee80211_mutable_offsets *offs,
5396 bool is_template,
5397 unsigned int link_id,
5398 int ema_index,
5399 struct ieee80211_ema_beacons **ema_beacons)
5400{
5401 struct ieee80211_local *local = hw_to_local(hw);
5402 struct beacon_data *beacon = NULL;
5403 struct sk_buff *skb = NULL;
5404 struct ieee80211_sub_if_data *sdata = NULL;
5405 struct ieee80211_chanctx_conf *chanctx_conf;
5406 struct ieee80211_link_data *link;
5407
5408 rcu_read_lock();
5409
5410 sdata = vif_to_sdata(p: vif);
5411 link = rcu_dereference(sdata->link[link_id]);
5412 if (!link)
5413 goto out;
5414 chanctx_conf =
5415 rcu_dereference(link->conf->chanctx_conf);
5416
5417 if (!ieee80211_sdata_running(sdata) || !chanctx_conf)
5418 goto out;
5419
5420 if (offs)
5421 memset(offs, 0, sizeof(*offs));
5422
5423 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5424 beacon = rcu_dereference(link->u.ap.beacon);
5425 if (!beacon)
5426 goto out;
5427
5428 if (ema_beacons) {
5429 *ema_beacons =
5430 ieee80211_beacon_get_ap_ema_list(hw, vif, link,
5431 offs,
5432 is_template,
5433 beacon,
5434 chanctx_conf);
5435 } else {
5436 if (beacon->mbssid_ies && beacon->mbssid_ies->cnt) {
5437 if (ema_index >= beacon->mbssid_ies->cnt)
5438 goto out; /* End of MBSSID elements */
5439
5440 if (ema_index <= IEEE80211_INCLUDE_ALL_MBSSID_ELEMS)
5441 ema_index = beacon->mbssid_ies->cnt;
5442 } else {
5443 ema_index = 0;
5444 }
5445
5446 skb = ieee80211_beacon_get_ap(hw, vif, link, offs,
5447 is_template, beacon,
5448 chanctx_conf,
5449 ema_index);
5450 }
5451 } else if (sdata->vif.type == NL80211_IFTYPE_ADHOC) {
5452 struct ieee80211_if_ibss *ifibss = &sdata->u.ibss;
5453 struct ieee80211_hdr *hdr;
5454
5455 beacon = rcu_dereference(ifibss->presp);
5456 if (!beacon)
5457 goto out;
5458
5459 if (beacon->cntdwn_counter_offsets[0]) {
5460 if (!is_template)
5461 __ieee80211_beacon_update_cntdwn(beacon);
5462
5463 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5464 }
5465
5466 skb = dev_alloc_skb(length: local->tx_headroom + beacon->head_len +
5467 local->hw.extra_beacon_tailroom);
5468 if (!skb)
5469 goto out;
5470 skb_reserve(skb, len: local->tx_headroom);
5471 skb_put_data(skb, data: beacon->head, len: beacon->head_len);
5472
5473 hdr = (struct ieee80211_hdr *) skb->data;
5474 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5475 IEEE80211_STYPE_BEACON);
5476
5477 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5478 chanctx_conf, csa_off_base: 0);
5479 } else if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
5480 struct ieee80211_if_mesh *ifmsh = &sdata->u.mesh;
5481
5482 beacon = rcu_dereference(ifmsh->beacon);
5483 if (!beacon)
5484 goto out;
5485
5486 if (beacon->cntdwn_counter_offsets[0]) {
5487 if (!is_template)
5488 /* TODO: For mesh csa_counter is in TU, so
5489 * decrementing it by one isn't correct, but
5490 * for now we leave it consistent with overall
5491 * mac80211's behavior.
5492 */
5493 __ieee80211_beacon_update_cntdwn(beacon);
5494
5495 ieee80211_set_beacon_cntdwn(sdata, beacon, link);
5496 }
5497
5498 if (ifmsh->sync_ops)
5499 ifmsh->sync_ops->adjust_tsf(sdata, beacon);
5500
5501 skb = dev_alloc_skb(length: local->tx_headroom +
5502 beacon->head_len +
5503 256 + /* TIM IE */
5504 beacon->tail_len +
5505 local->hw.extra_beacon_tailroom);
5506 if (!skb)
5507 goto out;
5508 skb_reserve(skb, len: local->tx_headroom);
5509 skb_put_data(skb, data: beacon->head, len: beacon->head_len);
5510 ieee80211_beacon_add_tim(sdata, link, ps: &ifmsh->ps, skb,
5511 is_template);
5512
5513 if (offs) {
5514 offs->tim_offset = beacon->head_len;
5515 offs->tim_length = skb->len - beacon->head_len;
5516 }
5517
5518 skb_put_data(skb, data: beacon->tail, len: beacon->tail_len);
5519 ieee80211_beacon_get_finish(hw, vif, link, offs, beacon, skb,
5520 chanctx_conf, csa_off_base: 0);
5521 } else {
5522 WARN_ON(1);
5523 goto out;
5524 }
5525
5526 out:
5527 rcu_read_unlock();
5528 return skb;
5529
5530}
5531
5532struct sk_buff *
5533ieee80211_beacon_get_template(struct ieee80211_hw *hw,
5534 struct ieee80211_vif *vif,
5535 struct ieee80211_mutable_offsets *offs,
5536 unsigned int link_id)
5537{
5538 return __ieee80211_beacon_get(hw, vif, offs, is_template: true, link_id,
5539 IEEE80211_INCLUDE_ALL_MBSSID_ELEMS, NULL);
5540}
5541EXPORT_SYMBOL(ieee80211_beacon_get_template);
5542
5543struct sk_buff *
5544ieee80211_beacon_get_template_ema_index(struct ieee80211_hw *hw,
5545 struct ieee80211_vif *vif,
5546 struct ieee80211_mutable_offsets *offs,
5547 unsigned int link_id, u8 ema_index)
5548{
5549 return __ieee80211_beacon_get(hw, vif, offs, is_template: true, link_id, ema_index,
5550 NULL);
5551}
5552EXPORT_SYMBOL(ieee80211_beacon_get_template_ema_index);
5553
5554void ieee80211_beacon_free_ema_list(struct ieee80211_ema_beacons *ema_beacons)
5555{
5556 u8 i;
5557
5558 if (!ema_beacons)
5559 return;
5560
5561 for (i = 0; i < ema_beacons->cnt; i++)
5562 kfree_skb(skb: ema_beacons->bcn[i].skb);
5563
5564 kfree(objp: ema_beacons);
5565}
5566EXPORT_SYMBOL(ieee80211_beacon_free_ema_list);
5567
5568struct ieee80211_ema_beacons *
5569ieee80211_beacon_get_template_ema_list(struct ieee80211_hw *hw,
5570 struct ieee80211_vif *vif,
5571 unsigned int link_id)
5572{
5573 struct ieee80211_ema_beacons *ema_beacons = NULL;
5574
5575 WARN_ON(__ieee80211_beacon_get(hw, vif, NULL, true, link_id, 0,
5576 &ema_beacons));
5577
5578 return ema_beacons;
5579}
5580EXPORT_SYMBOL(ieee80211_beacon_get_template_ema_list);
5581
5582struct sk_buff *ieee80211_beacon_get_tim(struct ieee80211_hw *hw,
5583 struct ieee80211_vif *vif,
5584 u16 *tim_offset, u16 *tim_length,
5585 unsigned int link_id)
5586{
5587 struct ieee80211_mutable_offsets offs = {};
5588 struct sk_buff *bcn = __ieee80211_beacon_get(hw, vif, offs: &offs, is_template: false,
5589 link_id,
5590 IEEE80211_INCLUDE_ALL_MBSSID_ELEMS,
5591 NULL);
5592 struct sk_buff *copy;
5593
5594 if (!bcn)
5595 return bcn;
5596
5597 if (tim_offset)
5598 *tim_offset = offs.tim_offset;
5599
5600 if (tim_length)
5601 *tim_length = offs.tim_length;
5602
5603 if (ieee80211_hw_check(hw, BEACON_TX_STATUS) ||
5604 !hw_to_local(hw)->monitors)
5605 return bcn;
5606
5607 /* send a copy to monitor interfaces */
5608 copy = skb_copy(skb: bcn, GFP_ATOMIC);
5609 if (!copy)
5610 return bcn;
5611
5612 ieee80211_tx_monitor(local: hw_to_local(hw), skb: copy, retry_count: 1, send_to_cooked: false, NULL);
5613
5614 return bcn;
5615}
5616EXPORT_SYMBOL(ieee80211_beacon_get_tim);
5617
5618struct sk_buff *ieee80211_proberesp_get(struct ieee80211_hw *hw,
5619 struct ieee80211_vif *vif)
5620{
5621 struct sk_buff *skb = NULL;
5622 struct probe_resp *presp = NULL;
5623 struct ieee80211_hdr *hdr;
5624 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5625
5626 if (sdata->vif.type != NL80211_IFTYPE_AP)
5627 return NULL;
5628
5629 rcu_read_lock();
5630 presp = rcu_dereference(sdata->deflink.u.ap.probe_resp);
5631 if (!presp)
5632 goto out;
5633
5634 skb = dev_alloc_skb(length: presp->len);
5635 if (!skb)
5636 goto out;
5637
5638 skb_put_data(skb, data: presp->data, len: presp->len);
5639
5640 hdr = (struct ieee80211_hdr *) skb->data;
5641 memset(hdr->addr1, 0, sizeof(hdr->addr1));
5642
5643out:
5644 rcu_read_unlock();
5645 return skb;
5646}
5647EXPORT_SYMBOL(ieee80211_proberesp_get);
5648
5649struct sk_buff *ieee80211_get_fils_discovery_tmpl(struct ieee80211_hw *hw,
5650 struct ieee80211_vif *vif)
5651{
5652 struct sk_buff *skb = NULL;
5653 struct fils_discovery_data *tmpl = NULL;
5654 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5655
5656 if (sdata->vif.type != NL80211_IFTYPE_AP)
5657 return NULL;
5658
5659 rcu_read_lock();
5660 tmpl = rcu_dereference(sdata->deflink.u.ap.fils_discovery);
5661 if (!tmpl) {
5662 rcu_read_unlock();
5663 return NULL;
5664 }
5665
5666 skb = dev_alloc_skb(length: sdata->local->hw.extra_tx_headroom + tmpl->len);
5667 if (skb) {
5668 skb_reserve(skb, len: sdata->local->hw.extra_tx_headroom);
5669 skb_put_data(skb, data: tmpl->data, len: tmpl->len);
5670 }
5671
5672 rcu_read_unlock();
5673 return skb;
5674}
5675EXPORT_SYMBOL(ieee80211_get_fils_discovery_tmpl);
5676
5677struct sk_buff *
5678ieee80211_get_unsol_bcast_probe_resp_tmpl(struct ieee80211_hw *hw,
5679 struct ieee80211_vif *vif)
5680{
5681 struct sk_buff *skb = NULL;
5682 struct unsol_bcast_probe_resp_data *tmpl = NULL;
5683 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5684
5685 if (sdata->vif.type != NL80211_IFTYPE_AP)
5686 return NULL;
5687
5688 rcu_read_lock();
5689 tmpl = rcu_dereference(sdata->deflink.u.ap.unsol_bcast_probe_resp);
5690 if (!tmpl) {
5691 rcu_read_unlock();
5692 return NULL;
5693 }
5694
5695 skb = dev_alloc_skb(length: sdata->local->hw.extra_tx_headroom + tmpl->len);
5696 if (skb) {
5697 skb_reserve(skb, len: sdata->local->hw.extra_tx_headroom);
5698 skb_put_data(skb, data: tmpl->data, len: tmpl->len);
5699 }
5700
5701 rcu_read_unlock();
5702 return skb;
5703}
5704EXPORT_SYMBOL(ieee80211_get_unsol_bcast_probe_resp_tmpl);
5705
5706struct sk_buff *ieee80211_pspoll_get(struct ieee80211_hw *hw,
5707 struct ieee80211_vif *vif)
5708{
5709 struct ieee80211_sub_if_data *sdata;
5710 struct ieee80211_pspoll *pspoll;
5711 struct ieee80211_local *local;
5712 struct sk_buff *skb;
5713
5714 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5715 return NULL;
5716
5717 sdata = vif_to_sdata(p: vif);
5718 local = sdata->local;
5719
5720 skb = dev_alloc_skb(length: local->hw.extra_tx_headroom + sizeof(*pspoll));
5721 if (!skb)
5722 return NULL;
5723
5724 skb_reserve(skb, len: local->hw.extra_tx_headroom);
5725
5726 pspoll = skb_put_zero(skb, len: sizeof(*pspoll));
5727 pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
5728 IEEE80211_STYPE_PSPOLL);
5729 pspoll->aid = cpu_to_le16(sdata->vif.cfg.aid);
5730
5731 /* aid in PS-Poll has its two MSBs each set to 1 */
5732 pspoll->aid |= cpu_to_le16(1 << 15 | 1 << 14);
5733
5734 memcpy(pspoll->bssid, sdata->deflink.u.mgd.bssid, ETH_ALEN);
5735 memcpy(pspoll->ta, vif->addr, ETH_ALEN);
5736
5737 return skb;
5738}
5739EXPORT_SYMBOL(ieee80211_pspoll_get);
5740
5741struct sk_buff *ieee80211_nullfunc_get(struct ieee80211_hw *hw,
5742 struct ieee80211_vif *vif,
5743 int link_id, bool qos_ok)
5744{
5745 struct ieee80211_sub_if_data *sdata = vif_to_sdata(p: vif);
5746 struct ieee80211_local *local = sdata->local;
5747 struct ieee80211_link_data *link = NULL;
5748 struct ieee80211_hdr_3addr *nullfunc;
5749 struct sk_buff *skb;
5750 bool qos = false;
5751
5752 if (WARN_ON(vif->type != NL80211_IFTYPE_STATION))
5753 return NULL;
5754
5755 skb = dev_alloc_skb(length: local->hw.extra_tx_headroom +
5756 sizeof(*nullfunc) + 2);
5757 if (!skb)
5758 return NULL;
5759
5760 rcu_read_lock();
5761 if (qos_ok) {
5762 struct sta_info *sta;
5763
5764 sta = sta_info_get(sdata, addr: vif->cfg.ap_addr);
5765 qos = sta && sta->sta.wme;
5766 }
5767
5768 if (link_id >= 0) {
5769 link = rcu_dereference(sdata->link[link_id]);
5770 if (WARN_ON_ONCE(!link)) {
5771 rcu_read_unlock();
5772 kfree_skb(skb);
5773 return NULL;
5774 }
5775 }
5776
5777 skb_reserve(skb, len: local->hw.extra_tx_headroom);
5778
5779 nullfunc = skb_put_zero(skb, len: sizeof(*nullfunc));
5780 nullfunc->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
5781 IEEE80211_STYPE_NULLFUNC |
5782 IEEE80211_FCTL_TODS);
5783 if (qos) {
5784 __le16 qoshdr = cpu_to_le16(7);
5785
5786 BUILD_BUG_ON((IEEE80211_STYPE_QOS_NULLFUNC |
5787 IEEE80211_STYPE_NULLFUNC) !=
5788 IEEE80211_STYPE_QOS_NULLFUNC);
5789 nullfunc->frame_control |=
5790 cpu_to_le16(IEEE80211_STYPE_QOS_NULLFUNC);
5791 skb->priority = 7;
5792 skb_set_queue_mapping(skb, queue_mapping: IEEE80211_AC_VO);
5793 skb_put_data(skb, data: &qoshdr, len: sizeof(qoshdr));
5794 }
5795
5796 if (link) {
5797 memcpy(nullfunc->addr1, link->conf->bssid, ETH_ALEN);
5798 memcpy(nullfunc->addr2, link->conf->addr, ETH_ALEN);
5799 memcpy(nullfunc->addr3, link->conf->bssid, ETH_ALEN);
5800 } else {
5801 memcpy(nullfunc->addr1, vif->cfg.ap_addr, ETH_ALEN);
5802 memcpy(nullfunc->addr2, vif->addr, ETH_ALEN);
5803 memcpy(nullfunc->addr3, vif->cfg.ap_addr, ETH_ALEN);
5804 }
5805 rcu_read_unlock();
5806
5807 return skb;
5808}
5809EXPORT_SYMBOL(ieee80211_nullfunc_get);
5810
5811struct sk_buff *ieee80211_probereq_get(struct ieee80211_hw *hw,
5812 const u8 *src_addr,
5813 const u8 *ssid, size_t ssid_len,
5814 size_t tailroom)
5815{
5816 struct ieee80211_local *local = hw_to_local(hw);
5817 struct ieee80211_hdr_3addr *hdr;
5818 struct sk_buff *skb;
5819 size_t ie_ssid_len;
5820 u8 *pos;
5821
5822 ie_ssid_len = 2 + ssid_len;
5823
5824 skb = dev_alloc_skb(length: local->hw.extra_tx_headroom + sizeof(*hdr) +
5825 ie_ssid_len + tailroom);
5826 if (!skb)
5827 return NULL;
5828
5829 skb_reserve(skb, len: local->hw.extra_tx_headroom);
5830
5831 hdr = skb_put_zero(skb, len: sizeof(*hdr));
5832 hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
5833 IEEE80211_STYPE_PROBE_REQ);
5834 eth_broadcast_addr(addr: hdr->addr1);
5835 memcpy(hdr->addr2, src_addr, ETH_ALEN);
5836 eth_broadcast_addr(addr: hdr->addr3);
5837
5838 pos = skb_put(skb, len: ie_ssid_len);
5839 *pos++ = WLAN_EID_SSID;
5840 *pos++ = ssid_len;
5841 if (ssid_len)
5842 memcpy(pos, ssid, ssid_len);
5843 pos += ssid_len;
5844
5845 return skb;
5846}
5847EXPORT_SYMBOL(ieee80211_probereq_get);
5848
5849void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5850 const void *frame, size_t frame_len,
5851 const struct ieee80211_tx_info *frame_txctl,
5852 struct ieee80211_rts *rts)
5853{
5854 const struct ieee80211_hdr *hdr = frame;
5855
5856 rts->frame_control =
5857 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_RTS);
5858 rts->duration = ieee80211_rts_duration(hw, vif, frame_len,
5859 frame_txctl);
5860 memcpy(rts->ra, hdr->addr1, sizeof(rts->ra));
5861 memcpy(rts->ta, hdr->addr2, sizeof(rts->ta));
5862}
5863EXPORT_SYMBOL(ieee80211_rts_get);
5864
5865void ieee80211_ctstoself_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
5866 const void *frame, size_t frame_len,
5867 const struct ieee80211_tx_info *frame_txctl,
5868 struct ieee80211_cts *cts)
5869{
5870 const struct ieee80211_hdr *hdr = frame;
5871
5872 cts->frame_control =
5873 cpu_to_le16(IEEE80211_FTYPE_CTL | IEEE80211_STYPE_CTS);
5874 cts->duration = ieee80211_ctstoself_duration(hw, vif,
5875 frame_len, frame_txctl);
5876 memcpy(cts->ra, hdr->addr1, sizeof(cts->ra));
5877}
5878EXPORT_SYMBOL(ieee80211_ctstoself_get);
5879
5880struct sk_buff *
5881ieee80211_get_buffered_bc(struct ieee80211_hw *hw,
5882 struct ieee80211_vif *vif)
5883{
5884 struct ieee80211_local *local = hw_to_local(hw);
5885 struct sk_buff *skb = NULL;
5886 struct ieee80211_tx_data tx;
5887 struct ieee80211_sub_if_data *sdata;
5888 struct ps_data *ps;
5889 struct ieee80211_tx_info *info;
5890 struct ieee80211_chanctx_conf *chanctx_conf;
5891
5892 sdata = vif_to_sdata(p: vif);
5893
5894 rcu_read_lock();
5895 chanctx_conf = rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
5896
5897 if (!chanctx_conf)
5898 goto out;
5899
5900 if (sdata->vif.type == NL80211_IFTYPE_AP) {
5901 struct beacon_data *beacon =
5902 rcu_dereference(sdata->deflink.u.ap.beacon);
5903
5904 if (!beacon || !beacon->head)
5905 goto out;
5906
5907 ps = &sdata->u.ap.ps;
5908 } else if (ieee80211_vif_is_mesh(vif: &sdata->vif)) {
5909 ps = &sdata->u.mesh.ps;
5910 } else {
5911 goto out;
5912 }
5913
5914 if (ps->dtim_count != 0 || !ps->dtim_bc_mc)
5915 goto out; /* send buffered bc/mc only after DTIM beacon */
5916
5917 while (1) {
5918 skb = skb_dequeue(list: &ps->bc_buf);
5919 if (!skb)
5920 goto out;
5921 local->total_ps_buffered--;
5922
5923 if (!skb_queue_empty(list: &ps->bc_buf) && skb->len >= 2) {
5924 struct ieee80211_hdr *hdr =
5925 (struct ieee80211_hdr *) skb->data;
5926 /* more buffered multicast/broadcast frames ==> set
5927 * MoreData flag in IEEE 802.11 header to inform PS
5928 * STAs */
5929 hdr->frame_control |=
5930 cpu_to_le16(IEEE80211_FCTL_MOREDATA);
5931 }
5932
5933 if (sdata->vif.type == NL80211_IFTYPE_AP)
5934 sdata = IEEE80211_DEV_TO_SUB_IF(dev: skb->dev);
5935 if (!ieee80211_tx_prepare(sdata, tx: &tx, NULL, skb))
5936 break;
5937 ieee80211_free_txskb(hw, skb);
5938 }
5939
5940 info = IEEE80211_SKB_CB(skb);
5941
5942 tx.flags |= IEEE80211_TX_PS_BUFFERED;
5943 info->band = chanctx_conf->def.chan->band;
5944
5945 if (invoke_tx_handlers(tx: &tx))
5946 skb = NULL;
5947 out:
5948 rcu_read_unlock();
5949
5950 return skb;
5951}
5952EXPORT_SYMBOL(ieee80211_get_buffered_bc);
5953
5954int ieee80211_reserve_tid(struct ieee80211_sta *pubsta, u8 tid)
5955{
5956 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
5957 struct ieee80211_sub_if_data *sdata = sta->sdata;
5958 struct ieee80211_local *local = sdata->local;
5959 int ret;
5960 u32 queues;
5961
5962 lockdep_assert_wiphy(local->hw.wiphy);
5963
5964 /* only some cases are supported right now */
5965 switch (sdata->vif.type) {
5966 case NL80211_IFTYPE_STATION:
5967 case NL80211_IFTYPE_AP:
5968 case NL80211_IFTYPE_AP_VLAN:
5969 break;
5970 default:
5971 WARN_ON(1);
5972 return -EINVAL;
5973 }
5974
5975 if (WARN_ON(tid >= IEEE80211_NUM_UPS))
5976 return -EINVAL;
5977
5978 if (sta->reserved_tid == tid) {
5979 ret = 0;
5980 goto out;
5981 }
5982
5983 if (sta->reserved_tid != IEEE80211_TID_UNRESERVED) {
5984 sdata_err(sdata, "TID reservation already active\n");
5985 ret = -EALREADY;
5986 goto out;
5987 }
5988
5989 ieee80211_stop_vif_queues(local: sdata->local, sdata,
5990 reason: IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
5991
5992 synchronize_net();
5993
5994 /* Tear down BA sessions so we stop aggregating on this TID */
5995 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION)) {
5996 set_sta_flag(sta, flag: WLAN_STA_BLOCK_BA);
5997 __ieee80211_stop_tx_ba_session(sta, tid,
5998 reason: AGG_STOP_LOCAL_REQUEST);
5999 }
6000
6001 queues = BIT(sdata->vif.hw_queue[ieee802_1d_to_ac[tid]]);
6002 __ieee80211_flush_queues(local, sdata, queues, drop: false);
6003
6004 sta->reserved_tid = tid;
6005
6006 ieee80211_wake_vif_queues(local, sdata,
6007 reason: IEEE80211_QUEUE_STOP_REASON_RESERVE_TID);
6008
6009 if (ieee80211_hw_check(&local->hw, AMPDU_AGGREGATION))
6010 clear_sta_flag(sta, flag: WLAN_STA_BLOCK_BA);
6011
6012 ret = 0;
6013 out:
6014 return ret;
6015}
6016EXPORT_SYMBOL(ieee80211_reserve_tid);
6017
6018void ieee80211_unreserve_tid(struct ieee80211_sta *pubsta, u8 tid)
6019{
6020 struct sta_info *sta = container_of(pubsta, struct sta_info, sta);
6021 struct ieee80211_sub_if_data *sdata = sta->sdata;
6022
6023 lockdep_assert_wiphy(sdata->local->hw.wiphy);
6024
6025 /* only some cases are supported right now */
6026 switch (sdata->vif.type) {
6027 case NL80211_IFTYPE_STATION:
6028 case NL80211_IFTYPE_AP:
6029 case NL80211_IFTYPE_AP_VLAN:
6030 break;
6031 default:
6032 WARN_ON(1);
6033 return;
6034 }
6035
6036 if (tid != sta->reserved_tid) {
6037 sdata_err(sdata, "TID to unreserve (%d) isn't reserved\n", tid);
6038 return;
6039 }
6040
6041 sta->reserved_tid = IEEE80211_TID_UNRESERVED;
6042}
6043EXPORT_SYMBOL(ieee80211_unreserve_tid);
6044
6045void __ieee80211_tx_skb_tid_band(struct ieee80211_sub_if_data *sdata,
6046 struct sk_buff *skb, int tid, int link_id,
6047 enum nl80211_band band)
6048{
6049 const struct ieee80211_hdr *hdr = (void *)skb->data;
6050 int ac = ieee80211_ac_from_tid(tid);
6051 unsigned int link;
6052
6053 skb_reset_mac_header(skb);
6054 skb_set_queue_mapping(skb, queue_mapping: ac);
6055 skb->priority = tid;
6056
6057 skb->dev = sdata->dev;
6058
6059 BUILD_BUG_ON(IEEE80211_LINK_UNSPECIFIED < IEEE80211_MLD_MAX_NUM_LINKS);
6060 BUILD_BUG_ON(!FIELD_FIT(IEEE80211_TX_CTRL_MLO_LINK,
6061 IEEE80211_LINK_UNSPECIFIED));
6062
6063 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
6064 link = 0;
6065 } else if (link_id >= 0) {
6066 link = link_id;
6067 } else if (memcmp(p: sdata->vif.addr, q: hdr->addr2, ETH_ALEN) == 0) {
6068 /* address from the MLD */
6069 link = IEEE80211_LINK_UNSPECIFIED;
6070 } else {
6071 /* otherwise must be addressed from a link */
6072 rcu_read_lock();
6073 for (link = 0; link < ARRAY_SIZE(sdata->vif.link_conf); link++) {
6074 struct ieee80211_bss_conf *link_conf;
6075
6076 link_conf = rcu_dereference(sdata->vif.link_conf[link]);
6077 if (!link_conf)
6078 continue;
6079 if (memcmp(p: link_conf->addr, q: hdr->addr2, ETH_ALEN) == 0)
6080 break;
6081 }
6082 rcu_read_unlock();
6083
6084 if (WARN_ON_ONCE(link == ARRAY_SIZE(sdata->vif.link_conf)))
6085 link = ffs(sdata->vif.active_links) - 1;
6086 }
6087
6088 IEEE80211_SKB_CB(skb)->control.flags |=
6089 u32_encode_bits(v: link, field: IEEE80211_TX_CTRL_MLO_LINK);
6090
6091 /*
6092 * The other path calling ieee80211_xmit is from the tasklet,
6093 * and while we can handle concurrent transmissions locking
6094 * requirements are that we do not come into tx with bhs on.
6095 */
6096 local_bh_disable();
6097 IEEE80211_SKB_CB(skb)->band = band;
6098 ieee80211_xmit(sdata, NULL, skb);
6099 local_bh_enable();
6100}
6101
6102void ieee80211_tx_skb_tid(struct ieee80211_sub_if_data *sdata,
6103 struct sk_buff *skb, int tid, int link_id)
6104{
6105 struct ieee80211_chanctx_conf *chanctx_conf;
6106 enum nl80211_band band;
6107
6108 rcu_read_lock();
6109 if (!ieee80211_vif_is_mld(vif: &sdata->vif)) {
6110 WARN_ON(link_id >= 0);
6111 chanctx_conf =
6112 rcu_dereference(sdata->vif.bss_conf.chanctx_conf);
6113 if (WARN_ON(!chanctx_conf)) {
6114 rcu_read_unlock();
6115 kfree_skb(skb);
6116 return;
6117 }
6118 band = chanctx_conf->def.chan->band;
6119 } else {
6120 WARN_ON(link_id >= 0 &&
6121 !(sdata->vif.active_links & BIT(link_id)));
6122 /* MLD transmissions must not rely on the band */
6123 band = 0;
6124 }
6125
6126 __ieee80211_tx_skb_tid_band(sdata, skb, tid, link_id, band);
6127 rcu_read_unlock();
6128}
6129
6130int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
6131 const u8 *buf, size_t len,
6132 const u8 *dest, __be16 proto, bool unencrypted,
6133 int link_id, u64 *cookie)
6134{
6135 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
6136 struct ieee80211_local *local = sdata->local;
6137 struct sta_info *sta;
6138 struct sk_buff *skb;
6139 struct ethhdr *ehdr;
6140 u32 ctrl_flags = 0;
6141 u32 flags = 0;
6142 int err;
6143
6144 /* mutex lock is only needed for incrementing the cookie counter */
6145 lockdep_assert_wiphy(local->hw.wiphy);
6146
6147 /* Only accept CONTROL_PORT_PROTOCOL configured in CONNECT/ASSOCIATE
6148 * or Pre-Authentication
6149 */
6150 if (proto != sdata->control_port_protocol &&
6151 proto != cpu_to_be16(ETH_P_PREAUTH))
6152 return -EINVAL;
6153
6154 if (proto == sdata->control_port_protocol)
6155 ctrl_flags |= IEEE80211_TX_CTRL_PORT_CTRL_PROTO |
6156 IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP;
6157
6158 if (unencrypted)
6159 flags |= IEEE80211_TX_INTFL_DONT_ENCRYPT;
6160
6161 if (cookie)
6162 ctrl_flags |= IEEE80211_TX_CTL_REQ_TX_STATUS;
6163
6164 flags |= IEEE80211_TX_INTFL_NL80211_FRAME_TX;
6165
6166 skb = dev_alloc_skb(length: local->hw.extra_tx_headroom +
6167 sizeof(struct ethhdr) + len);
6168 if (!skb)
6169 return -ENOMEM;
6170
6171 skb_reserve(skb, len: local->hw.extra_tx_headroom + sizeof(struct ethhdr));
6172
6173 skb_put_data(skb, data: buf, len);
6174
6175 ehdr = skb_push(skb, len: sizeof(struct ethhdr));
6176 memcpy(ehdr->h_dest, dest, ETH_ALEN);
6177
6178 /* we may override the SA for MLO STA later */
6179 if (link_id < 0) {
6180 ctrl_flags |= u32_encode_bits(IEEE80211_LINK_UNSPECIFIED,
6181 field: IEEE80211_TX_CTRL_MLO_LINK);
6182 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
6183 } else {
6184 struct ieee80211_bss_conf *link_conf;
6185
6186 ctrl_flags |= u32_encode_bits(v: link_id,
6187 field: IEEE80211_TX_CTRL_MLO_LINK);
6188
6189 rcu_read_lock();
6190 link_conf = rcu_dereference(sdata->vif.link_conf[link_id]);
6191 if (!link_conf) {
6192 dev_kfree_skb(skb);
6193 rcu_read_unlock();
6194 return -ENOLINK;
6195 }
6196 memcpy(ehdr->h_source, link_conf->addr, ETH_ALEN);
6197 rcu_read_unlock();
6198 }
6199
6200 ehdr->h_proto = proto;
6201
6202 skb->dev = dev;
6203 skb->protocol = proto;
6204 skb_reset_network_header(skb);
6205 skb_reset_mac_header(skb);
6206
6207 if (local->hw.queues < IEEE80211_NUM_ACS)
6208 goto start_xmit;
6209
6210 /* update QoS header to prioritize control port frames if possible,
6211 * priorization also happens for control port frames send over
6212 * AF_PACKET
6213 */
6214 rcu_read_lock();
6215 err = ieee80211_lookup_ra_sta(sdata, skb, sta_out: &sta);
6216 if (err) {
6217 dev_kfree_skb(skb);
6218 rcu_read_unlock();
6219 return err;
6220 }
6221
6222 if (!IS_ERR(ptr: sta)) {
6223 u16 queue = ieee80211_select_queue(sdata, sta, skb);
6224
6225 skb_set_queue_mapping(skb, queue_mapping: queue);
6226
6227 /*
6228 * for MLO STA, the SA should be the AP MLD address, but
6229 * the link ID has been selected already
6230 */
6231 if (sta && sta->sta.mlo)
6232 memcpy(ehdr->h_source, sdata->vif.addr, ETH_ALEN);
6233 }
6234 rcu_read_unlock();
6235
6236start_xmit:
6237 local_bh_disable();
6238 __ieee80211_subif_start_xmit(skb, dev: skb->dev, info_flags: flags, ctrl_flags, cookie);
6239 local_bh_enable();
6240
6241 return 0;
6242}
6243
6244int ieee80211_probe_mesh_link(struct wiphy *wiphy, struct net_device *dev,
6245 const u8 *buf, size_t len)
6246{
6247 struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
6248 struct ieee80211_local *local = sdata->local;
6249 struct sk_buff *skb;
6250
6251 skb = dev_alloc_skb(length: local->hw.extra_tx_headroom + len +
6252 30 + /* header size */
6253 18); /* 11s header size */
6254 if (!skb)
6255 return -ENOMEM;
6256
6257 skb_reserve(skb, len: local->hw.extra_tx_headroom);
6258 skb_put_data(skb, data: buf, len);
6259
6260 skb->dev = dev;
6261 skb->protocol = htons(ETH_P_802_3);
6262 skb_reset_network_header(skb);
6263 skb_reset_mac_header(skb);
6264
6265 local_bh_disable();
6266 __ieee80211_subif_start_xmit(skb, dev: skb->dev, info_flags: 0,
6267 ctrl_flags: IEEE80211_TX_CTRL_SKIP_MPATH_LOOKUP,
6268 NULL);
6269 local_bh_enable();
6270
6271 return 0;
6272}
6273

source code of linux/net/mac80211/tx.c