mac80211: fix sta_info mesh timer bug

#include "ieee80211_rate.h"

#include "ieee80211_rate.h"

#include "mesh.h"

#include "mesh.h"

#define DEFAULT_RATES 0

static enum ieee80211_if_types

static enum ieee80211_if_types

nl80211_type_to_mac80211_type(enum nl80211_iftype type)

nl80211_type_to_mac80211_type(enum nl80211_iftype type)

{

{

	} else

	} else

		sdata = IEEE80211_DEV_TO_SUB_IF(dev);

		sdata = IEEE80211_DEV_TO_SUB_IF(dev);

	if (ieee80211_vif_is_mesh(&sdata->vif))

	if (compare_ether_addr(mac, dev->dev_addr) == 0)

		sta = mesh_plink_alloc(sdata, mac, DEFAULT_RATES, GFP_KERNEL);

		return -EINVAL;

	else

	if (is_multicast_ether_addr(mac))

		return -EINVAL;

	sta = sta_info_alloc(sdata, mac, GFP_KERNEL);

	sta = sta_info_alloc(sdata, mac, GFP_KERNEL);

	if (!sta)

	if (!sta)

		return -ENOMEM;

		return -ENOMEM;

bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie,

bool mesh_peer_accepts_plinks(struct ieee802_11_elems *ie,

			      struct net_device *dev);

			      struct net_device *dev);

void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);

void mesh_accept_plinks_update(struct ieee80211_sub_if_data *sdata);

struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,

				  u8 *hw_addr, u64 rates, gfp_t gfp);

void mesh_plink_broken(struct sta_info *sta);

void mesh_plink_broken(struct sta_info *sta);

void mesh_plink_deactivate(struct sta_info *sta);

void mesh_plink_deactivate(struct sta_info *sta);

int mesh_plink_open(struct sta_info *sta);

int mesh_plink_open(struct sta_info *sta);

	sta->llid = sta->plid = sta->reason = sta->plink_retries = 0;

	sta->llid = sta->plid = sta->reason = sta->plink_retries = 0;

}

}

/**

static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,

 * mesh_plink_alloc - allocate a new mesh peer link

					 u8 *hw_addr, u64 rates)

 *

 * @sdata: local mesh interface

 * @hw_addr: hardware address (ETH_ALEN length)

 * @rates: rates the mesh peer supports

 *

 * The initial state of the new plink is set to LISTEN

 *

 * Returns: NULL on error.

 */

struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,

				  u8 *hw_addr, u64 rates, gfp_t gfp)

{

{

	struct ieee80211_local *local = sdata->local;

	struct ieee80211_local *local = sdata->local;

	struct sta_info *sta;

	struct sta_info *sta;

	if (compare_ether_addr(hw_addr, sdata->dev->dev_addr) == 0)

		/* never add ourselves as neighbours */

		return NULL;

	if (is_multicast_ether_addr(hw_addr))

		return NULL;

	if (local->num_sta >= MESH_MAX_PLINKS)

	if (local->num_sta >= MESH_MAX_PLINKS)

		return NULL;

		return NULL;

	sta = sta_info_alloc(sdata, hw_addr, gfp);

	sta = sta_info_alloc(sdata, hw_addr, GFP_ATOMIC);

	if (!sta)

	if (!sta)

		return NULL;

		return NULL;

	sta->plink_state = LISTEN;

	spin_lock_init(&sta->plink_lock);

	init_timer(&sta->plink_timer);

	sta->flags |= WLAN_STA_AUTHORIZED;

	sta->flags |= WLAN_STA_AUTHORIZED;

	sta->supp_rates[local->hw.conf.channel->band] = rates;

	sta->supp_rates[local->hw.conf.channel->band] = rates;

	sta = sta_info_get(local, hw_addr);

	sta = sta_info_get(local, hw_addr);

	if (!sta) {

	if (!sta) {

		sta = mesh_plink_alloc(sdata, hw_addr, rates, GFP_ATOMIC);

		sta = mesh_plink_alloc(sdata, hw_addr, rates);

		if (!sta) {

		if (!sta) {

			rcu_read_unlock();

			rcu_read_unlock();

			return;

			return;

		}

		}

		rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);

		rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);

		sta = mesh_plink_alloc(sdata, mgmt->sa, rates, GFP_ATOMIC);

		sta = mesh_plink_alloc(sdata, mgmt->sa, rates);

		if (!sta) {

		if (!sta) {

			mpl_dbg("Mesh plink error: plink table full\n");

			mpl_dbg("Mesh plink error: plink table full\n");

			rcu_read_unlock();

			rcu_read_unlock();

 * for faster lookup and a list for iteration. They are managed using

 * for faster lookup and a list for iteration. They are managed using

 * RCU, i.e. access to the list and hash table is protected by RCU.

 * RCU, i.e. access to the list and hash table is protected by RCU.

 *

 *

 * Upon allocating a STA info structure with sta_info_alloc() or

 * Upon allocating a STA info structure with sta_info_alloc(), the caller owns

 * mesh_plink_alloc(), the caller owns that structure. It must then either

 * that structure. It must then either destroy it using sta_info_destroy()

 * destroy it using sta_info_destroy() (which is pretty useless) or insert

 * (which is pretty useless) or insert it into the hash table using

 * it into the hash table using sta_info_insert() which demotes the reference

 * sta_info_insert() which demotes the reference from ownership to a regular

 * from ownership to a regular RCU-protected reference; if the function

 * RCU-protected reference; if the function is called without protection by an

 * is called without protection by an RCU critical section the reference

 * RCU critical section the reference is instantly invalidated.

 * is instantly invalidated.

 *

 *

 * Because there are debugfs entries for each station, and adding those

 * Because there are debugfs entries for each station, and adding those

 * must be able to sleep, it is also possible to "pin" a station entry,

 * must be able to sleep, it is also possible to "pin" a station entry,

	       wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr));

	       wiphy_name(local->hw.wiphy), print_mac(mbuf, sta->addr));

#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */

#ifdef CONFIG_MAC80211_MESH

	sta->plink_state = LISTEN;

	spin_lock_init(&sta->plink_lock);

	init_timer(&sta->plink_timer);

#endif

	return sta;

	return sta;

}

}

	unsigned long flags;

	unsigned long flags;

	DECLARE_MAC_BUF(mac);

	DECLARE_MAC_BUF(mac);

	WARN_ON(!netif_running(sdata->dev));

	/*

	 * Can't be a WARN_ON because it can be triggered through a race:

	 * something inserts a STA (on one CPU) without holding the RTNL

	 * and another CPU turns off the net device.

	 */

	if (unlikely(!netif_running(sdata->dev)))

		return -ENETDOWN;

	if (WARN_ON(compare_ether_addr(sta->addr, sdata->dev->dev_addr) == 0))

		return -EINVAL;

	if (WARN_ON(is_multicast_ether_addr(sta->addr)))

		return -EINVAL;

	spin_lock_irqsave(&local->sta_lock, flags);

	spin_lock_irqsave(&local->sta_lock, flags);

	/* check if STA exists already */

	/* check if STA exists already */