Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
[platform/adaptation/renesas_rcar/renesas_kernel.git] / net / mac80211 / mesh_plink.c
1 /*
2  * Copyright (c) 2008, 2009 open80211s Ltd.
3  * Author:     Luis Carlos Cobo <luisca@cozybit.com>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License version 2 as
7  * published by the Free Software Foundation.
8  */
9 #include <linux/gfp.h>
10 #include <linux/kernel.h>
11 #include <linux/random.h>
12 #include "ieee80211_i.h"
13 #include "rate.h"
14 #include "mesh.h"
15
16 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
17 #define mpl_dbg(fmt, args...)   printk(KERN_DEBUG fmt, ##args)
18 #else
19 #define mpl_dbg(fmt, args...)   do { (void)(0); } while (0)
20 #endif
21
22 #define PLINK_GET_LLID(p) (p + 2)
23 #define PLINK_GET_PLID(p) (p + 4)
24
25 #define mod_plink_timer(s, t) (mod_timer(&s->plink_timer, \
26                                 jiffies + HZ * t / 1000))
27
28 #define dot11MeshMaxRetries(s) (s->u.mesh.mshcfg.dot11MeshMaxRetries)
29 #define dot11MeshRetryTimeout(s) (s->u.mesh.mshcfg.dot11MeshRetryTimeout)
30 #define dot11MeshConfirmTimeout(s) (s->u.mesh.mshcfg.dot11MeshConfirmTimeout)
31 #define dot11MeshHoldingTimeout(s) (s->u.mesh.mshcfg.dot11MeshHoldingTimeout)
32 #define dot11MeshMaxPeerLinks(s) (s->u.mesh.mshcfg.dot11MeshMaxPeerLinks)
33
34 /* We only need a valid sta if user configured a minimum rssi_threshold. */
35 #define rssi_threshold_check(sta, sdata) \
36                 (sdata->u.mesh.mshcfg.rssi_threshold == 0 ||\
37                 (sta && (s8) -ewma_read(&sta->avg_signal) > \
38                 sdata->u.mesh.mshcfg.rssi_threshold))
39
40 enum plink_event {
41         PLINK_UNDEFINED,
42         OPN_ACPT,
43         OPN_RJCT,
44         OPN_IGNR,
45         CNF_ACPT,
46         CNF_RJCT,
47         CNF_IGNR,
48         CLS_ACPT,
49         CLS_IGNR
50 };
51
52 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
53                 enum ieee80211_self_protected_actioncode action,
54                 u8 *da, __le16 llid, __le16 plid, __le16 reason);
55
56 static inline
57 void mesh_plink_inc_estab_count(struct ieee80211_sub_if_data *sdata)
58 {
59         atomic_inc(&sdata->u.mesh.mshstats.estab_plinks);
60         mesh_accept_plinks_update(sdata);
61 }
62
63 static inline
64 void mesh_plink_dec_estab_count(struct ieee80211_sub_if_data *sdata)
65 {
66         atomic_dec(&sdata->u.mesh.mshstats.estab_plinks);
67         mesh_accept_plinks_update(sdata);
68 }
69
70 /**
71  * mesh_plink_fsm_restart - restart a mesh peer link finite state machine
72  *
73  * @sta: mesh peer link to restart
74  *
75  * Locking: this function must be called holding sta->lock
76  */
77 static inline void mesh_plink_fsm_restart(struct sta_info *sta)
78 {
79         sta->plink_state = NL80211_PLINK_LISTEN;
80         sta->llid = sta->plid = sta->reason = 0;
81         sta->plink_retries = 0;
82 }
83
84 /*
85  * NOTE: This is just an alias for sta_info_alloc(), see notes
86  *       on it in the lifecycle management section!
87  */
88 static struct sta_info *mesh_plink_alloc(struct ieee80211_sub_if_data *sdata,
89                                          u8 *hw_addr, u32 rates,
90                                          struct ieee802_11_elems *elems)
91 {
92         struct ieee80211_local *local = sdata->local;
93         struct ieee80211_supported_band *sband;
94         struct sta_info *sta;
95
96         sband = local->hw.wiphy->bands[local->oper_channel->band];
97
98         if (local->num_sta >= MESH_MAX_PLINKS)
99                 return NULL;
100
101         sta = sta_info_alloc(sdata, hw_addr, GFP_KERNEL);
102         if (!sta)
103                 return NULL;
104
105         sta_info_pre_move_state(sta, IEEE80211_STA_AUTH);
106         sta_info_pre_move_state(sta, IEEE80211_STA_ASSOC);
107         sta_info_pre_move_state(sta, IEEE80211_STA_AUTHORIZED);
108
109         set_sta_flag(sta, WLAN_STA_WME);
110
111         sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
112         if (elems->ht_cap_elem)
113                 ieee80211_ht_cap_ie_to_sta_ht_cap(sdata, sband,
114                                                   elems->ht_cap_elem,
115                                                   &sta->sta.ht_cap);
116         rate_control_rate_init(sta);
117
118         return sta;
119 }
120
121 /**
122  * __mesh_plink_deactivate - deactivate mesh peer link
123  *
124  * @sta: mesh peer link to deactivate
125  *
126  * All mesh paths with this peer as next hop will be flushed
127  *
128  * Locking: the caller must hold sta->lock
129  */
130 static bool __mesh_plink_deactivate(struct sta_info *sta)
131 {
132         struct ieee80211_sub_if_data *sdata = sta->sdata;
133         bool deactivated = false;
134
135         if (sta->plink_state == NL80211_PLINK_ESTAB) {
136                 mesh_plink_dec_estab_count(sdata);
137                 deactivated = true;
138         }
139         sta->plink_state = NL80211_PLINK_BLOCKED;
140         mesh_path_flush_by_nexthop(sta);
141
142         return deactivated;
143 }
144
145 /**
146  * mesh_plink_deactivate - deactivate mesh peer link
147  *
148  * @sta: mesh peer link to deactivate
149  *
150  * All mesh paths with this peer as next hop will be flushed
151  */
152 void mesh_plink_deactivate(struct sta_info *sta)
153 {
154         struct ieee80211_sub_if_data *sdata = sta->sdata;
155         bool deactivated;
156
157         spin_lock_bh(&sta->lock);
158         deactivated = __mesh_plink_deactivate(sta);
159         sta->reason = cpu_to_le16(WLAN_REASON_MESH_PEER_CANCELED);
160         mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
161                             sta->sta.addr, sta->llid, sta->plid,
162                             sta->reason);
163         spin_unlock_bh(&sta->lock);
164
165         if (deactivated)
166                 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
167 }
168
169 static int mesh_plink_frame_tx(struct ieee80211_sub_if_data *sdata,
170                 enum ieee80211_self_protected_actioncode action,
171                 u8 *da, __le16 llid, __le16 plid, __le16 reason) {
172         struct ieee80211_local *local = sdata->local;
173         struct sk_buff *skb;
174         struct ieee80211_mgmt *mgmt;
175         bool include_plid = false;
176         u16 peering_proto = 0;
177         u8 *pos, ie_len = 4;
178         int hdr_len = offsetof(struct ieee80211_mgmt, u.action.u.self_prot) +
179                       sizeof(mgmt->u.action.u.self_prot);
180
181         skb = dev_alloc_skb(local->tx_headroom +
182                             hdr_len +
183                             2 + /* capability info */
184                             2 + /* AID */
185                             2 + 8 + /* supported rates */
186                             2 + (IEEE80211_MAX_SUPP_RATES - 8) +
187                             2 + sdata->u.mesh.mesh_id_len +
188                             2 + sizeof(struct ieee80211_meshconf_ie) +
189                             2 + sizeof(struct ieee80211_ht_cap) +
190                             2 + sizeof(struct ieee80211_ht_info) +
191                             2 + 8 + /* peering IE */
192                             sdata->u.mesh.ie_len);
193         if (!skb)
194                 return -1;
195         skb_reserve(skb, local->tx_headroom);
196         mgmt = (struct ieee80211_mgmt *) skb_put(skb, hdr_len);
197         memset(mgmt, 0, hdr_len);
198         mgmt->frame_control = cpu_to_le16(IEEE80211_FTYPE_MGMT |
199                                           IEEE80211_STYPE_ACTION);
200         memcpy(mgmt->da, da, ETH_ALEN);
201         memcpy(mgmt->sa, sdata->vif.addr, ETH_ALEN);
202         memcpy(mgmt->bssid, sdata->vif.addr, ETH_ALEN);
203         mgmt->u.action.category = WLAN_CATEGORY_SELF_PROTECTED;
204         mgmt->u.action.u.self_prot.action_code = action;
205
206         if (action != WLAN_SP_MESH_PEERING_CLOSE) {
207                 /* capability info */
208                 pos = skb_put(skb, 2);
209                 memset(pos, 0, 2);
210                 if (action == WLAN_SP_MESH_PEERING_CONFIRM) {
211                         /* AID */
212                         pos = skb_put(skb, 2);
213                         memcpy(pos + 2, &plid, 2);
214                 }
215                 if (ieee80211_add_srates_ie(&sdata->vif, skb) ||
216                     ieee80211_add_ext_srates_ie(&sdata->vif, skb) ||
217                     mesh_add_rsn_ie(skb, sdata) ||
218                     mesh_add_meshid_ie(skb, sdata) ||
219                     mesh_add_meshconf_ie(skb, sdata))
220                         return -1;
221         } else {        /* WLAN_SP_MESH_PEERING_CLOSE */
222                 if (mesh_add_meshid_ie(skb, sdata))
223                         return -1;
224         }
225
226         /* Add Mesh Peering Management element */
227         switch (action) {
228         case WLAN_SP_MESH_PEERING_OPEN:
229                 break;
230         case WLAN_SP_MESH_PEERING_CONFIRM:
231                 ie_len += 2;
232                 include_plid = true;
233                 break;
234         case WLAN_SP_MESH_PEERING_CLOSE:
235                 if (plid) {
236                         ie_len += 2;
237                         include_plid = true;
238                 }
239                 ie_len += 2;    /* reason code */
240                 break;
241         default:
242                 return -EINVAL;
243         }
244
245         if (WARN_ON(skb_tailroom(skb) < 2 + ie_len))
246                 return -ENOMEM;
247
248         pos = skb_put(skb, 2 + ie_len);
249         *pos++ = WLAN_EID_PEER_MGMT;
250         *pos++ = ie_len;
251         memcpy(pos, &peering_proto, 2);
252         pos += 2;
253         memcpy(pos, &llid, 2);
254         pos += 2;
255         if (include_plid) {
256                 memcpy(pos, &plid, 2);
257                 pos += 2;
258         }
259         if (action == WLAN_SP_MESH_PEERING_CLOSE) {
260                 memcpy(pos, &reason, 2);
261                 pos += 2;
262         }
263
264         if (action != WLAN_SP_MESH_PEERING_CLOSE) {
265                 if (mesh_add_ht_cap_ie(skb, sdata) ||
266                     mesh_add_ht_info_ie(skb, sdata))
267                         return -1;
268         }
269
270         if (mesh_add_vendor_ies(skb, sdata))
271                 return -1;
272
273         ieee80211_tx_skb(sdata, skb);
274         return 0;
275 }
276
277 void mesh_neighbour_update(u8 *hw_addr, u32 rates,
278                 struct ieee80211_sub_if_data *sdata,
279                 struct ieee802_11_elems *elems)
280 {
281         struct ieee80211_local *local = sdata->local;
282         struct sta_info *sta;
283
284         rcu_read_lock();
285
286         sta = sta_info_get(sdata, hw_addr);
287         if (!sta) {
288                 rcu_read_unlock();
289                 /* Userspace handles peer allocation when security is enabled
290                  * */
291                 if (sdata->u.mesh.security & IEEE80211_MESH_SEC_AUTHED)
292                         cfg80211_notify_new_peer_candidate(sdata->dev, hw_addr,
293                                         elems->ie_start, elems->total_len,
294                                         GFP_KERNEL);
295                 else
296                         sta = mesh_plink_alloc(sdata, hw_addr, rates, elems);
297                 if (!sta)
298                         return;
299                 if (sta_info_insert_rcu(sta)) {
300                         rcu_read_unlock();
301                         return;
302                 }
303         }
304
305         sta->last_rx = jiffies;
306         sta->sta.supp_rates[local->hw.conf.channel->band] = rates;
307         if (mesh_peer_accepts_plinks(elems) &&
308                         sta->plink_state == NL80211_PLINK_LISTEN &&
309                         sdata->u.mesh.accepting_plinks &&
310                         sdata->u.mesh.mshcfg.auto_open_plinks &&
311                         rssi_threshold_check(sta, sdata))
312                 mesh_plink_open(sta);
313
314         rcu_read_unlock();
315 }
316
317 static void mesh_plink_timer(unsigned long data)
318 {
319         struct sta_info *sta;
320         __le16 llid, plid, reason;
321         struct ieee80211_sub_if_data *sdata;
322
323         /*
324          * This STA is valid because sta_info_destroy() will
325          * del_timer_sync() this timer after having made sure
326          * it cannot be readded (by deleting the plink.)
327          */
328         sta = (struct sta_info *) data;
329
330         if (sta->sdata->local->quiescing) {
331                 sta->plink_timer_was_running = true;
332                 return;
333         }
334
335         spin_lock_bh(&sta->lock);
336         if (sta->ignore_plink_timer) {
337                 sta->ignore_plink_timer = false;
338                 spin_unlock_bh(&sta->lock);
339                 return;
340         }
341         mpl_dbg("Mesh plink timer for %pM fired on state %d\n",
342                 sta->sta.addr, sta->plink_state);
343         reason = 0;
344         llid = sta->llid;
345         plid = sta->plid;
346         sdata = sta->sdata;
347
348         switch (sta->plink_state) {
349         case NL80211_PLINK_OPN_RCVD:
350         case NL80211_PLINK_OPN_SNT:
351                 /* retry timer */
352                 if (sta->plink_retries < dot11MeshMaxRetries(sdata)) {
353                         u32 rand;
354                         mpl_dbg("Mesh plink for %pM (retry, timeout): %d %d\n",
355                                 sta->sta.addr, sta->plink_retries,
356                                 sta->plink_timeout);
357                         get_random_bytes(&rand, sizeof(u32));
358                         sta->plink_timeout = sta->plink_timeout +
359                                              rand % sta->plink_timeout;
360                         ++sta->plink_retries;
361                         mod_plink_timer(sta, sta->plink_timeout);
362                         spin_unlock_bh(&sta->lock);
363                         mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN,
364                                             sta->sta.addr, llid, 0, 0);
365                         break;
366                 }
367                 reason = cpu_to_le16(WLAN_REASON_MESH_MAX_RETRIES);
368                 /* fall through on else */
369         case NL80211_PLINK_CNF_RCVD:
370                 /* confirm timer */
371                 if (!reason)
372                         reason = cpu_to_le16(WLAN_REASON_MESH_CONFIRM_TIMEOUT);
373                 sta->plink_state = NL80211_PLINK_HOLDING;
374                 mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
375                 spin_unlock_bh(&sta->lock);
376                 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
377                                     sta->sta.addr, llid, plid, reason);
378                 break;
379         case NL80211_PLINK_HOLDING:
380                 /* holding timer */
381                 del_timer(&sta->plink_timer);
382                 mesh_plink_fsm_restart(sta);
383                 spin_unlock_bh(&sta->lock);
384                 break;
385         default:
386                 spin_unlock_bh(&sta->lock);
387                 break;
388         }
389 }
390
391 #ifdef CONFIG_PM
392 void mesh_plink_quiesce(struct sta_info *sta)
393 {
394         if (del_timer_sync(&sta->plink_timer))
395                 sta->plink_timer_was_running = true;
396 }
397
398 void mesh_plink_restart(struct sta_info *sta)
399 {
400         if (sta->plink_timer_was_running) {
401                 add_timer(&sta->plink_timer);
402                 sta->plink_timer_was_running = false;
403         }
404 }
405 #endif
406
407 static inline void mesh_plink_timer_set(struct sta_info *sta, int timeout)
408 {
409         sta->plink_timer.expires = jiffies + (HZ * timeout / 1000);
410         sta->plink_timer.data = (unsigned long) sta;
411         sta->plink_timer.function = mesh_plink_timer;
412         sta->plink_timeout = timeout;
413         add_timer(&sta->plink_timer);
414 }
415
416 int mesh_plink_open(struct sta_info *sta)
417 {
418         __le16 llid;
419         struct ieee80211_sub_if_data *sdata = sta->sdata;
420
421         if (!test_sta_flag(sta, WLAN_STA_AUTH))
422                 return -EPERM;
423
424         spin_lock_bh(&sta->lock);
425         get_random_bytes(&llid, 2);
426         sta->llid = llid;
427         if (sta->plink_state != NL80211_PLINK_LISTEN) {
428                 spin_unlock_bh(&sta->lock);
429                 return -EBUSY;
430         }
431         sta->plink_state = NL80211_PLINK_OPN_SNT;
432         mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
433         spin_unlock_bh(&sta->lock);
434         mpl_dbg("Mesh plink: starting establishment with %pM\n",
435                 sta->sta.addr);
436
437         return mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_OPEN,
438                                    sta->sta.addr, llid, 0, 0);
439 }
440
441 void mesh_plink_block(struct sta_info *sta)
442 {
443         struct ieee80211_sub_if_data *sdata = sta->sdata;
444         bool deactivated;
445
446         spin_lock_bh(&sta->lock);
447         deactivated = __mesh_plink_deactivate(sta);
448         sta->plink_state = NL80211_PLINK_BLOCKED;
449         spin_unlock_bh(&sta->lock);
450
451         if (deactivated)
452                 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
453 }
454
455
456 void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_mgmt *mgmt,
457                          size_t len, struct ieee80211_rx_status *rx_status)
458 {
459         struct ieee80211_local *local = sdata->local;
460         struct ieee802_11_elems elems;
461         struct sta_info *sta;
462         enum plink_event event;
463         enum ieee80211_self_protected_actioncode ftype;
464         size_t baselen;
465         bool deactivated, matches_local = true;
466         u8 ie_len;
467         u8 *baseaddr;
468         __le16 plid, llid, reason;
469 #ifdef CONFIG_MAC80211_VERBOSE_MPL_DEBUG
470         static const char *mplstates[] = {
471                 [NL80211_PLINK_LISTEN] = "LISTEN",
472                 [NL80211_PLINK_OPN_SNT] = "OPN-SNT",
473                 [NL80211_PLINK_OPN_RCVD] = "OPN-RCVD",
474                 [NL80211_PLINK_CNF_RCVD] = "CNF_RCVD",
475                 [NL80211_PLINK_ESTAB] = "ESTAB",
476                 [NL80211_PLINK_HOLDING] = "HOLDING",
477                 [NL80211_PLINK_BLOCKED] = "BLOCKED"
478         };
479 #endif
480
481         /* need action_code, aux */
482         if (len < IEEE80211_MIN_ACTION_SIZE + 3)
483                 return;
484
485         if (is_multicast_ether_addr(mgmt->da)) {
486                 mpl_dbg("Mesh plink: ignore frame from multicast address");
487                 return;
488         }
489
490         baseaddr = mgmt->u.action.u.self_prot.variable;
491         baselen = (u8 *) mgmt->u.action.u.self_prot.variable - (u8 *) mgmt;
492         if (mgmt->u.action.u.self_prot.action_code ==
493                                                 WLAN_SP_MESH_PEERING_CONFIRM) {
494                 baseaddr += 4;
495                 baselen += 4;
496         }
497         ieee802_11_parse_elems(baseaddr, len - baselen, &elems);
498         if (!elems.peering) {
499                 mpl_dbg("Mesh plink: missing necessary peer link ie\n");
500                 return;
501         }
502         if (elems.rsn_len &&
503                         sdata->u.mesh.security == IEEE80211_MESH_SEC_NONE) {
504                 mpl_dbg("Mesh plink: can't establish link with secure peer\n");
505                 return;
506         }
507
508         ftype = mgmt->u.action.u.self_prot.action_code;
509         ie_len = elems.peering_len;
510         if ((ftype == WLAN_SP_MESH_PEERING_OPEN && ie_len != 4) ||
511             (ftype == WLAN_SP_MESH_PEERING_CONFIRM && ie_len != 6) ||
512             (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len != 6
513                                                         && ie_len != 8)) {
514                 mpl_dbg("Mesh plink: incorrect plink ie length %d %d\n",
515                     ftype, ie_len);
516                 return;
517         }
518
519         if (ftype != WLAN_SP_MESH_PEERING_CLOSE &&
520                                 (!elems.mesh_id || !elems.mesh_config)) {
521                 mpl_dbg("Mesh plink: missing necessary ie\n");
522                 return;
523         }
524         /* Note the lines below are correct, the llid in the frame is the plid
525          * from the point of view of this host.
526          */
527         memcpy(&plid, PLINK_GET_LLID(elems.peering), 2);
528         if (ftype == WLAN_SP_MESH_PEERING_CONFIRM ||
529             (ftype == WLAN_SP_MESH_PEERING_CLOSE && ie_len == 8))
530                 memcpy(&llid, PLINK_GET_PLID(elems.peering), 2);
531
532         rcu_read_lock();
533
534         sta = sta_info_get(sdata, mgmt->sa);
535         if (!sta && ftype != WLAN_SP_MESH_PEERING_OPEN) {
536                 mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
537                 rcu_read_unlock();
538                 return;
539         }
540
541         if (ftype == WLAN_SP_MESH_PEERING_OPEN &&
542             !rssi_threshold_check(sta, sdata)) {
543                 mpl_dbg("Mesh plink: %pM does not meet rssi threshold\n",
544                         mgmt->sa);
545                 rcu_read_unlock();
546                 return;
547         }
548
549         if (sta && !test_sta_flag(sta, WLAN_STA_AUTH)) {
550                 mpl_dbg("Mesh plink: Action frame from non-authed peer\n");
551                 rcu_read_unlock();
552                 return;
553         }
554
555         if (sta && sta->plink_state == NL80211_PLINK_BLOCKED) {
556                 rcu_read_unlock();
557                 return;
558         }
559
560         /* Now we will figure out the appropriate event... */
561         event = PLINK_UNDEFINED;
562         if (ftype != WLAN_SP_MESH_PEERING_CLOSE &&
563             (!mesh_matches_local(&elems, sdata))) {
564                 matches_local = false;
565                 switch (ftype) {
566                 case WLAN_SP_MESH_PEERING_OPEN:
567                         event = OPN_RJCT;
568                         break;
569                 case WLAN_SP_MESH_PEERING_CONFIRM:
570                         event = CNF_RJCT;
571                         break;
572                 default:
573                         break;
574                 }
575         }
576
577         if (!sta && !matches_local) {
578                 rcu_read_unlock();
579                 reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
580                 llid = 0;
581                 mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
582                                     mgmt->sa, llid, plid, reason);
583                 return;
584         } else if (!sta) {
585                 /* ftype == WLAN_SP_MESH_PEERING_OPEN */
586                 u32 rates;
587
588                 rcu_read_unlock();
589
590                 if (!mesh_plink_free_count(sdata)) {
591                         mpl_dbg("Mesh plink error: no more free plinks\n");
592                         return;
593                 }
594
595                 rates = ieee80211_sta_get_rates(local, &elems, rx_status->band);
596                 sta = mesh_plink_alloc(sdata, mgmt->sa, rates, &elems);
597                 if (!sta) {
598                         mpl_dbg("Mesh plink error: plink table full\n");
599                         return;
600                 }
601                 if (sta_info_insert_rcu(sta)) {
602                         rcu_read_unlock();
603                         return;
604                 }
605                 event = OPN_ACPT;
606                 spin_lock_bh(&sta->lock);
607         } else if (matches_local) {
608                 spin_lock_bh(&sta->lock);
609                 switch (ftype) {
610                 case WLAN_SP_MESH_PEERING_OPEN:
611                         if (!mesh_plink_free_count(sdata) ||
612                             (sta->plid && sta->plid != plid))
613                                 event = OPN_IGNR;
614                         else
615                                 event = OPN_ACPT;
616                         break;
617                 case WLAN_SP_MESH_PEERING_CONFIRM:
618                         if (!mesh_plink_free_count(sdata) ||
619                             (sta->llid != llid || sta->plid != plid))
620                                 event = CNF_IGNR;
621                         else
622                                 event = CNF_ACPT;
623                         break;
624                 case WLAN_SP_MESH_PEERING_CLOSE:
625                         if (sta->plink_state == NL80211_PLINK_ESTAB)
626                                 /* Do not check for llid or plid. This does not
627                                  * follow the standard but since multiple plinks
628                                  * per sta are not supported, it is necessary in
629                                  * order to avoid a livelock when MP A sees an
630                                  * establish peer link to MP B but MP B does not
631                                  * see it. This can be caused by a timeout in
632                                  * B's peer link establishment or B beign
633                                  * restarted.
634                                  */
635                                 event = CLS_ACPT;
636                         else if (sta->plid != plid)
637                                 event = CLS_IGNR;
638                         else if (ie_len == 7 && sta->llid != llid)
639                                 event = CLS_IGNR;
640                         else
641                                 event = CLS_ACPT;
642                         break;
643                 default:
644                         mpl_dbg("Mesh plink: unknown frame subtype\n");
645                         spin_unlock_bh(&sta->lock);
646                         rcu_read_unlock();
647                         return;
648                 }
649         } else {
650                 spin_lock_bh(&sta->lock);
651         }
652
653         mpl_dbg("Mesh plink (peer, state, llid, plid, event): %pM %s %d %d %d\n",
654                 mgmt->sa, mplstates[sta->plink_state],
655                 le16_to_cpu(sta->llid), le16_to_cpu(sta->plid),
656                 event);
657         reason = 0;
658         switch (sta->plink_state) {
659                 /* spin_unlock as soon as state is updated at each case */
660         case NL80211_PLINK_LISTEN:
661                 switch (event) {
662                 case CLS_ACPT:
663                         mesh_plink_fsm_restart(sta);
664                         spin_unlock_bh(&sta->lock);
665                         break;
666                 case OPN_ACPT:
667                         sta->plink_state = NL80211_PLINK_OPN_RCVD;
668                         sta->plid = plid;
669                         get_random_bytes(&llid, 2);
670                         sta->llid = llid;
671                         mesh_plink_timer_set(sta, dot11MeshRetryTimeout(sdata));
672                         spin_unlock_bh(&sta->lock);
673                         mesh_plink_frame_tx(sdata,
674                                             WLAN_SP_MESH_PEERING_OPEN,
675                                             sta->sta.addr, llid, 0, 0);
676                         mesh_plink_frame_tx(sdata,
677                                             WLAN_SP_MESH_PEERING_CONFIRM,
678                                             sta->sta.addr, llid, plid, 0);
679                         break;
680                 default:
681                         spin_unlock_bh(&sta->lock);
682                         break;
683                 }
684                 break;
685
686         case NL80211_PLINK_OPN_SNT:
687                 switch (event) {
688                 case OPN_RJCT:
689                 case CNF_RJCT:
690                         reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
691                 case CLS_ACPT:
692                         if (!reason)
693                                 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
694                         sta->reason = reason;
695                         sta->plink_state = NL80211_PLINK_HOLDING;
696                         if (!mod_plink_timer(sta,
697                                              dot11MeshHoldingTimeout(sdata)))
698                                 sta->ignore_plink_timer = true;
699
700                         llid = sta->llid;
701                         spin_unlock_bh(&sta->lock);
702                         mesh_plink_frame_tx(sdata,
703                                             WLAN_SP_MESH_PEERING_CLOSE,
704                                             sta->sta.addr, llid, plid, reason);
705                         break;
706                 case OPN_ACPT:
707                         /* retry timer is left untouched */
708                         sta->plink_state = NL80211_PLINK_OPN_RCVD;
709                         sta->plid = plid;
710                         llid = sta->llid;
711                         spin_unlock_bh(&sta->lock);
712                         mesh_plink_frame_tx(sdata,
713                                             WLAN_SP_MESH_PEERING_CONFIRM,
714                                             sta->sta.addr, llid, plid, 0);
715                         break;
716                 case CNF_ACPT:
717                         sta->plink_state = NL80211_PLINK_CNF_RCVD;
718                         if (!mod_plink_timer(sta,
719                                              dot11MeshConfirmTimeout(sdata)))
720                                 sta->ignore_plink_timer = true;
721
722                         spin_unlock_bh(&sta->lock);
723                         break;
724                 default:
725                         spin_unlock_bh(&sta->lock);
726                         break;
727                 }
728                 break;
729
730         case NL80211_PLINK_OPN_RCVD:
731                 switch (event) {
732                 case OPN_RJCT:
733                 case CNF_RJCT:
734                         reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
735                 case CLS_ACPT:
736                         if (!reason)
737                                 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
738                         sta->reason = reason;
739                         sta->plink_state = NL80211_PLINK_HOLDING;
740                         if (!mod_plink_timer(sta,
741                                              dot11MeshHoldingTimeout(sdata)))
742                                 sta->ignore_plink_timer = true;
743
744                         llid = sta->llid;
745                         spin_unlock_bh(&sta->lock);
746                         mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
747                                             sta->sta.addr, llid, plid, reason);
748                         break;
749                 case OPN_ACPT:
750                         llid = sta->llid;
751                         spin_unlock_bh(&sta->lock);
752                         mesh_plink_frame_tx(sdata,
753                                             WLAN_SP_MESH_PEERING_CONFIRM,
754                                             sta->sta.addr, llid, plid, 0);
755                         break;
756                 case CNF_ACPT:
757                         del_timer(&sta->plink_timer);
758                         sta->plink_state = NL80211_PLINK_ESTAB;
759                         spin_unlock_bh(&sta->lock);
760                         mesh_plink_inc_estab_count(sdata);
761                         ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
762                         mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
763                                 sta->sta.addr);
764                         break;
765                 default:
766                         spin_unlock_bh(&sta->lock);
767                         break;
768                 }
769                 break;
770
771         case NL80211_PLINK_CNF_RCVD:
772                 switch (event) {
773                 case OPN_RJCT:
774                 case CNF_RJCT:
775                         reason = cpu_to_le16(WLAN_REASON_MESH_CONFIG);
776                 case CLS_ACPT:
777                         if (!reason)
778                                 reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
779                         sta->reason = reason;
780                         sta->plink_state = NL80211_PLINK_HOLDING;
781                         if (!mod_plink_timer(sta,
782                                              dot11MeshHoldingTimeout(sdata)))
783                                 sta->ignore_plink_timer = true;
784
785                         llid = sta->llid;
786                         spin_unlock_bh(&sta->lock);
787                         mesh_plink_frame_tx(sdata,
788                                             WLAN_SP_MESH_PEERING_CLOSE,
789                                             sta->sta.addr, llid, plid, reason);
790                         break;
791                 case OPN_ACPT:
792                         del_timer(&sta->plink_timer);
793                         sta->plink_state = NL80211_PLINK_ESTAB;
794                         spin_unlock_bh(&sta->lock);
795                         mesh_plink_inc_estab_count(sdata);
796                         ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
797                         mpl_dbg("Mesh plink with %pM ESTABLISHED\n",
798                                 sta->sta.addr);
799                         mesh_plink_frame_tx(sdata,
800                                             WLAN_SP_MESH_PEERING_CONFIRM,
801                                             sta->sta.addr, llid, plid, 0);
802                         break;
803                 default:
804                         spin_unlock_bh(&sta->lock);
805                         break;
806                 }
807                 break;
808
809         case NL80211_PLINK_ESTAB:
810                 switch (event) {
811                 case CLS_ACPT:
812                         reason = cpu_to_le16(WLAN_REASON_MESH_CLOSE);
813                         sta->reason = reason;
814                         deactivated = __mesh_plink_deactivate(sta);
815                         sta->plink_state = NL80211_PLINK_HOLDING;
816                         llid = sta->llid;
817                         mod_plink_timer(sta, dot11MeshHoldingTimeout(sdata));
818                         spin_unlock_bh(&sta->lock);
819                         if (deactivated)
820                                 ieee80211_bss_info_change_notify(sdata, BSS_CHANGED_BEACON);
821                         mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
822                                             sta->sta.addr, llid, plid, reason);
823                         break;
824                 case OPN_ACPT:
825                         llid = sta->llid;
826                         spin_unlock_bh(&sta->lock);
827                         mesh_plink_frame_tx(sdata,
828                                             WLAN_SP_MESH_PEERING_CONFIRM,
829                                             sta->sta.addr, llid, plid, 0);
830                         break;
831                 default:
832                         spin_unlock_bh(&sta->lock);
833                         break;
834                 }
835                 break;
836         case NL80211_PLINK_HOLDING:
837                 switch (event) {
838                 case CLS_ACPT:
839                         if (del_timer(&sta->plink_timer))
840                                 sta->ignore_plink_timer = 1;
841                         mesh_plink_fsm_restart(sta);
842                         spin_unlock_bh(&sta->lock);
843                         break;
844                 case OPN_ACPT:
845                 case CNF_ACPT:
846                 case OPN_RJCT:
847                 case CNF_RJCT:
848                         llid = sta->llid;
849                         reason = sta->reason;
850                         spin_unlock_bh(&sta->lock);
851                         mesh_plink_frame_tx(sdata, WLAN_SP_MESH_PEERING_CLOSE,
852                                             sta->sta.addr, llid, plid, reason);
853                         break;
854                 default:
855                         spin_unlock_bh(&sta->lock);
856                 }
857                 break;
858         default:
859                 /* should not get here, PLINK_BLOCKED is dealt with at the
860                  * beginning of the function
861                  */
862                 spin_unlock_bh(&sta->lock);
863                 break;
864         }
865
866         rcu_read_unlock();
867 }