1/* 2 * Copyright (c) 2004-2011 Atheros Communications Inc. 3 * Copyright (c) 2011-2012 Qualcomm Atheros, Inc. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 19 20#include "core.h" 21#include "debug.h" 22#include "htc-ops.h" 23#include "trace.h" 24 25/* 26 * tid - tid_mux0..tid_mux3 27 * aid - tid_mux4..tid_mux7 28 */ 29#define ATH6KL_TID_MASK 0xf 30#define ATH6KL_AID_SHIFT 4 31 32static inline u8 ath6kl_get_tid(u8 tid_mux) 33{ 34 return tid_mux & ATH6KL_TID_MASK; 35} 36 37static inline u8 ath6kl_get_aid(u8 tid_mux) 38{ 39 return tid_mux >> ATH6KL_AID_SHIFT; 40} 41 42static u8 ath6kl_ibss_map_epid(struct sk_buff *skb, struct net_device *dev, 43 u32 *map_no) 44{ 45 struct ath6kl *ar = ath6kl_priv(dev); 46 struct ethhdr *eth_hdr; 47 u32 i, ep_map = -1; 48 u8 *datap; 49 50 *map_no = 0; 51 datap = skb->data; 52 eth_hdr = (struct ethhdr *) (datap + sizeof(struct wmi_data_hdr)); 53 54 if (is_multicast_ether_addr(eth_hdr->h_dest)) 55 return ENDPOINT_2; 56 57 for (i = 0; i < ar->node_num; i++) { 58 if (memcmp(eth_hdr->h_dest, ar->node_map[i].mac_addr, 59 ETH_ALEN) == 0) { 60 *map_no = i + 1; 61 ar->node_map[i].tx_pend++; 62 return ar->node_map[i].ep_id; 63 } 64 65 if ((ep_map == -1) && !ar->node_map[i].tx_pend) 66 ep_map = i; 67 } 68 69 if (ep_map == -1) { 70 ep_map = ar->node_num; 71 ar->node_num++; 72 if (ar->node_num > MAX_NODE_NUM) 73 return ENDPOINT_UNUSED; 74 } 75 76 memcpy(ar->node_map[ep_map].mac_addr, eth_hdr->h_dest, ETH_ALEN); 77 78 for (i = ENDPOINT_2; i <= ENDPOINT_5; i++) { 79 if (!ar->tx_pending[i]) { 80 ar->node_map[ep_map].ep_id = i; 81 break; 82 } 83 84 /* 85 * No free endpoint is available, start redistribution on 86 * the inuse endpoints. 87 */ 88 if (i == ENDPOINT_5) { 89 ar->node_map[ep_map].ep_id = ar->next_ep_id; 90 ar->next_ep_id++; 91 if (ar->next_ep_id > ENDPOINT_5) 92 ar->next_ep_id = ENDPOINT_2; 93 } 94 } 95 96 *map_no = ep_map + 1; 97 ar->node_map[ep_map].tx_pend++; 98 99 return ar->node_map[ep_map].ep_id; 100} 101 102static bool ath6kl_process_uapsdq(struct ath6kl_sta *conn, 103 struct ath6kl_vif *vif, 104 struct sk_buff *skb, 105 u32 *flags) 106{ 107 struct ath6kl *ar = vif->ar; 108 bool is_apsdq_empty = false; 109 struct ethhdr *datap = (struct ethhdr *) skb->data; 110 u8 up = 0, traffic_class, *ip_hdr; 111 u16 ether_type; 112 struct ath6kl_llc_snap_hdr *llc_hdr; 113 114 if (conn->sta_flags & STA_PS_APSD_TRIGGER) { 115 /* 116 * This tx is because of a uAPSD trigger, determine 117 * more and EOSP bit. Set EOSP if queue is empty 118 * or sufficient frames are delivered for this trigger. 119 */ 120 spin_lock_bh(&conn->psq_lock); 121 if (!skb_queue_empty(&conn->apsdq)) 122 *flags |= WMI_DATA_HDR_FLAGS_MORE; 123 else if (conn->sta_flags & STA_PS_APSD_EOSP) 124 *flags |= WMI_DATA_HDR_FLAGS_EOSP; 125 *flags |= WMI_DATA_HDR_FLAGS_UAPSD; 126 spin_unlock_bh(&conn->psq_lock); 127 return false; 128 } else if (!conn->apsd_info) { 129 return false; 130 } 131 132 if (test_bit(WMM_ENABLED, &vif->flags)) { 133 ether_type = be16_to_cpu(datap->h_proto); 134 if (is_ethertype(ether_type)) { 135 /* packet is in DIX format */ 136 ip_hdr = (u8 *)(datap + 1); 137 } else { 138 /* packet is in 802.3 format */ 139 llc_hdr = (struct ath6kl_llc_snap_hdr *) 140 (datap + 1); 141 ether_type = be16_to_cpu(llc_hdr->eth_type); 142 ip_hdr = (u8 *)(llc_hdr + 1); 143 } 144 145 if (ether_type == IP_ETHERTYPE) 146 up = ath6kl_wmi_determine_user_priority( 147 ip_hdr, 0); 148 } 149 150 traffic_class = ath6kl_wmi_get_traffic_class(up); 151 152 if ((conn->apsd_info & (1 << traffic_class)) == 0) 153 return false; 154 155 /* Queue the frames if the STA is sleeping */ 156 spin_lock_bh(&conn->psq_lock); 157 is_apsdq_empty = skb_queue_empty(&conn->apsdq); 158 skb_queue_tail(&conn->apsdq, skb); 159 spin_unlock_bh(&conn->psq_lock); 160 161 /* 162 * If this is the first pkt getting queued 163 * for this STA, update the PVB for this STA 164 */ 165 if (is_apsdq_empty) { 166 ath6kl_wmi_set_apsd_bfrd_traf(ar->wmi, 167 vif->fw_vif_idx, 168 conn->aid, 1, 0); 169 } 170 *flags |= WMI_DATA_HDR_FLAGS_UAPSD; 171 172 return true; 173} 174 175static bool ath6kl_process_psq(struct ath6kl_sta *conn, 176 struct ath6kl_vif *vif, 177 struct sk_buff *skb, 178 u32 *flags) 179{ 180 bool is_psq_empty = false; 181 struct ath6kl *ar = vif->ar; 182 183 if (conn->sta_flags & STA_PS_POLLED) { 184 spin_lock_bh(&conn->psq_lock); 185 if (!skb_queue_empty(&conn->psq)) 186 *flags |= WMI_DATA_HDR_FLAGS_MORE; 187 spin_unlock_bh(&conn->psq_lock); 188 return false; 189 } 190 191 /* Queue the frames if the STA is sleeping */ 192 spin_lock_bh(&conn->psq_lock); 193 is_psq_empty = skb_queue_empty(&conn->psq); 194 skb_queue_tail(&conn->psq, skb); 195 spin_unlock_bh(&conn->psq_lock); 196 197 /* 198 * If this is the first pkt getting queued 199 * for this STA, update the PVB for this 200 * STA. 201 */ 202 if (is_psq_empty) 203 ath6kl_wmi_set_pvb_cmd(ar->wmi, 204 vif->fw_vif_idx, 205 conn->aid, 1); 206 return true; 207} 208 209static bool ath6kl_powersave_ap(struct ath6kl_vif *vif, struct sk_buff *skb, 210 u32 *flags) 211{ 212 struct ethhdr *datap = (struct ethhdr *) skb->data; 213 struct ath6kl_sta *conn = NULL; 214 bool ps_queued = false; 215 struct ath6kl *ar = vif->ar; 216 217 if (is_multicast_ether_addr(datap->h_dest)) { 218 u8 ctr = 0; 219 bool q_mcast = false; 220 221 for (ctr = 0; ctr < AP_MAX_NUM_STA; ctr++) { 222 if (ar->sta_list[ctr].sta_flags & STA_PS_SLEEP) { 223 q_mcast = true; 224 break; 225 } 226 } 227 228 if (q_mcast) { 229 /* 230 * If this transmit is not because of a Dtim Expiry 231 * q it. 232 */ 233 if (!test_bit(DTIM_EXPIRED, &vif->flags)) { 234 bool is_mcastq_empty = false; 235 236 spin_lock_bh(&ar->mcastpsq_lock); 237 is_mcastq_empty = 238 skb_queue_empty(&ar->mcastpsq); 239 skb_queue_tail(&ar->mcastpsq, skb); 240 spin_unlock_bh(&ar->mcastpsq_lock); 241 242 /* 243 * If this is the first Mcast pkt getting 244 * queued indicate to the target to set the 245 * BitmapControl LSB of the TIM IE. 246 */ 247 if (is_mcastq_empty) 248 ath6kl_wmi_set_pvb_cmd(ar->wmi, 249 vif->fw_vif_idx, 250 MCAST_AID, 1); 251 252 ps_queued = true; 253 } else { 254 /* 255 * This transmit is because of Dtim expiry. 256 * Determine if MoreData bit has to be set. 257 */ 258 spin_lock_bh(&ar->mcastpsq_lock); 259 if (!skb_queue_empty(&ar->mcastpsq)) 260 *flags |= WMI_DATA_HDR_FLAGS_MORE; 261 spin_unlock_bh(&ar->mcastpsq_lock); 262 } 263 } 264 } else { 265 conn = ath6kl_find_sta(vif, datap->h_dest); 266 if (!conn) { 267 dev_kfree_skb(skb); 268 269 /* Inform the caller that the skb is consumed */ 270 return true; 271 } 272 273 if (conn->sta_flags & STA_PS_SLEEP) { 274 ps_queued = ath6kl_process_uapsdq(conn, 275 vif, skb, flags); 276 if (!(*flags & WMI_DATA_HDR_FLAGS_UAPSD)) 277 ps_queued = ath6kl_process_psq(conn, 278 vif, skb, flags); 279 } 280 } 281 return ps_queued; 282} 283 284/* Tx functions */ 285 286int ath6kl_control_tx(void *devt, struct sk_buff *skb, 287 enum htc_endpoint_id eid) 288{ 289 struct ath6kl *ar = devt; 290 int status = 0; 291 struct ath6kl_cookie *cookie = NULL; 292 293 trace_ath6kl_wmi_cmd(skb->data, skb->len); 294 295 if (WARN_ON_ONCE(ar->state == ATH6KL_STATE_WOW)) { 296 dev_kfree_skb(skb); 297 return -EACCES; 298 } 299 300 if (WARN_ON_ONCE(eid == ENDPOINT_UNUSED || 301 eid >= ENDPOINT_MAX)) { 302 status = -EINVAL; 303 goto fail_ctrl_tx; 304 } 305 306 spin_lock_bh(&ar->lock); 307 308 ath6kl_dbg(ATH6KL_DBG_WLAN_TX, 309 "%s: skb=0x%p, len=0x%x eid =%d\n", __func__, 310 skb, skb->len, eid); 311 312 if (test_bit(WMI_CTRL_EP_FULL, &ar->flag) && (eid == ar->ctrl_ep)) { 313 /* 314 * Control endpoint is full, don't allocate resources, we 315 * are just going to drop this packet. 316 */ 317 cookie = NULL; 318 ath6kl_err("wmi ctrl ep full, dropping pkt : 0x%p, len:%d\n", 319 skb, skb->len); 320 } else { 321 cookie = ath6kl_alloc_cookie(ar); 322 } 323 324 if (cookie == NULL) { 325 spin_unlock_bh(&ar->lock); 326 status = -ENOMEM; 327 goto fail_ctrl_tx; 328 } 329 330 ar->tx_pending[eid]++; 331 332 if (eid != ar->ctrl_ep) 333 ar->total_tx_data_pend++; 334 335 spin_unlock_bh(&ar->lock); 336 337 cookie->skb = skb; 338 cookie->map_no = 0; 339 set_htc_pkt_info(&cookie->htc_pkt, cookie, skb->data, skb->len, 340 eid, ATH6KL_CONTROL_PKT_TAG); 341 cookie->htc_pkt.skb = skb; 342 343 /* 344 * This interface is asynchronous, if there is an error, cleanup 345 * will happen in the TX completion callback. 346 */ 347 ath6kl_htc_tx(ar->htc_target, &cookie->htc_pkt); 348 349 return 0; 350 351fail_ctrl_tx: 352 dev_kfree_skb(skb); 353 return status; 354} 355 356int ath6kl_data_tx(struct sk_buff *skb, struct net_device *dev) 357{ 358 struct ath6kl *ar = ath6kl_priv(dev); 359 struct ath6kl_cookie *cookie = NULL; 360 enum htc_endpoint_id eid = ENDPOINT_UNUSED; 361 struct ath6kl_vif *vif = netdev_priv(dev); 362 u32 map_no = 0; 363 u16 htc_tag = ATH6KL_DATA_PKT_TAG; 364 u8 ac = 99; /* initialize to unmapped ac */ 365 bool chk_adhoc_ps_mapping = false; 366 int ret; 367 struct wmi_tx_meta_v2 meta_v2; 368 void *meta; 369 u8 csum_start = 0, csum_dest = 0, csum = skb->ip_summed; 370 u8 meta_ver = 0; 371 u32 flags = 0; 372 373 ath6kl_dbg(ATH6KL_DBG_WLAN_TX, 374 "%s: skb=0x%p, data=0x%p, len=0x%x\n", __func__, 375 skb, skb->data, skb->len); 376 377 /* If target is not associated */ 378 if (!test_bit(CONNECTED, &vif->flags)) 379 goto fail_tx; 380 381 if (WARN_ON_ONCE(ar->state != ATH6KL_STATE_ON)) 382 goto fail_tx; 383 384 if (!test_bit(WMI_READY, &ar->flag)) 385 goto fail_tx; 386 387 /* AP mode Power saving processing */ 388 if (vif->nw_type == AP_NETWORK) { 389 if (ath6kl_powersave_ap(vif, skb, &flags)) 390 return 0; 391 } 392 393 if (test_bit(WMI_ENABLED, &ar->flag)) { 394 if ((dev->features & NETIF_F_IP_CSUM) && 395 (csum == CHECKSUM_PARTIAL)) { 396 csum_start = skb->csum_start - 397 (skb_network_header(skb) - skb->head) + 398 sizeof(struct ath6kl_llc_snap_hdr); 399 csum_dest = skb->csum_offset + csum_start; 400 } 401 402 if (skb_headroom(skb) < dev->needed_headroom) { 403 struct sk_buff *tmp_skb = skb; 404 405 skb = skb_realloc_headroom(skb, dev->needed_headroom); 406 kfree_skb(tmp_skb); 407 if (skb == NULL) { 408 vif->net_stats.tx_dropped++; 409 return 0; 410 } 411 } 412 413 if (ath6kl_wmi_dix_2_dot3(ar->wmi, skb)) { 414 ath6kl_err("ath6kl_wmi_dix_2_dot3 failed\n"); 415 goto fail_tx; 416 } 417 418 if ((dev->features & NETIF_F_IP_CSUM) && 419 (csum == CHECKSUM_PARTIAL)) { 420 meta_v2.csum_start = csum_start; 421 meta_v2.csum_dest = csum_dest; 422 423 /* instruct target to calculate checksum */ 424 meta_v2.csum_flags = WMI_META_V2_FLAG_CSUM_OFFLOAD; 425 meta_ver = WMI_META_VERSION_2; 426 meta = &meta_v2; 427 } else { 428 meta_ver = 0; 429 meta = NULL; 430 } 431 432 ret = ath6kl_wmi_data_hdr_add(ar->wmi, skb, 433 DATA_MSGTYPE, flags, 0, 434 meta_ver, 435 meta, vif->fw_vif_idx); 436 437 if (ret) { 438 ath6kl_warn("failed to add wmi data header:%d\n" 439 , ret); 440 goto fail_tx; 441 } 442 443 if ((vif->nw_type == ADHOC_NETWORK) && 444 ar->ibss_ps_enable && test_bit(CONNECTED, &vif->flags)) 445 chk_adhoc_ps_mapping = true; 446 else { 447 /* get the stream mapping */ 448 ret = ath6kl_wmi_implicit_create_pstream(ar->wmi, 449 vif->fw_vif_idx, skb, 450 0, test_bit(WMM_ENABLED, &vif->flags), &ac); 451 if (ret) 452 goto fail_tx; 453 } 454 } else { 455 goto fail_tx; 456 } 457 458 spin_lock_bh(&ar->lock); 459 460 if (chk_adhoc_ps_mapping) 461 eid = ath6kl_ibss_map_epid(skb, dev, &map_no); 462 else 463 eid = ar->ac2ep_map[ac]; 464 465 if (eid == 0 || eid == ENDPOINT_UNUSED) { 466 ath6kl_err("eid %d is not mapped!\n", eid); 467 spin_unlock_bh(&ar->lock); 468 goto fail_tx; 469 } 470 471 /* allocate resource for this packet */ 472 cookie = ath6kl_alloc_cookie(ar); 473 474 if (!cookie) { 475 spin_unlock_bh(&ar->lock); 476 goto fail_tx; 477 } 478 479 /* update counts while the lock is held */ 480 ar->tx_pending[eid]++; 481 ar->total_tx_data_pend++; 482 483 spin_unlock_bh(&ar->lock); 484 485 if (!IS_ALIGNED((unsigned long) skb->data - HTC_HDR_LENGTH, 4) && 486 skb_cloned(skb)) { 487 /* 488 * We will touch (move the buffer data to align it. Since the 489 * skb buffer is cloned and not only the header is changed, we 490 * have to copy it to allow the changes. Since we are copying 491 * the data here, we may as well align it by reserving suitable 492 * headroom to avoid the memmove in ath6kl_htc_tx_buf_align(). 493 */ 494 struct sk_buff *nskb; 495 496 nskb = skb_copy_expand(skb, HTC_HDR_LENGTH, 0, GFP_ATOMIC); 497 if (nskb == NULL) 498 goto fail_tx; 499 kfree_skb(skb); 500 skb = nskb; 501 } 502 503 cookie->skb = skb; 504 cookie->map_no = map_no; 505 set_htc_pkt_info(&cookie->htc_pkt, cookie, skb->data, skb->len, 506 eid, htc_tag); 507 cookie->htc_pkt.skb = skb; 508 509 ath6kl_dbg_dump(ATH6KL_DBG_RAW_BYTES, __func__, "tx ", 510 skb->data, skb->len); 511 512 /* 513 * HTC interface is asynchronous, if this fails, cleanup will 514 * happen in the ath6kl_tx_complete callback. 515 */ 516 ath6kl_htc_tx(ar->htc_target, &cookie->htc_pkt); 517 518 return 0; 519 520fail_tx: 521 dev_kfree_skb(skb); 522 523 vif->net_stats.tx_dropped++; 524 vif->net_stats.tx_aborted_errors++; 525 526 return 0; 527} 528 529/* indicate tx activity or inactivity on a WMI stream */ 530void ath6kl_indicate_tx_activity(void *devt, u8 traffic_class, bool active) 531{ 532 struct ath6kl *ar = devt; 533 enum htc_endpoint_id eid; 534 int i; 535 536 eid = ar->ac2ep_map[traffic_class]; 537 538 if (!test_bit(WMI_ENABLED, &ar->flag)) 539 goto notify_htc; 540 541 spin_lock_bh(&ar->lock); 542 543 ar->ac_stream_active[traffic_class] = active; 544 545 if (active) { 546 /* 547 * Keep track of the active stream with the highest 548 * priority. 549 */ 550 if (ar->ac_stream_pri_map[traffic_class] > 551 ar->hiac_stream_active_pri) 552 /* set the new highest active priority */ 553 ar->hiac_stream_active_pri = 554 ar->ac_stream_pri_map[traffic_class]; 555 556 } else { 557 /* 558 * We may have to search for the next active stream 559 * that is the highest priority. 560 */ 561 if (ar->hiac_stream_active_pri == 562 ar->ac_stream_pri_map[traffic_class]) { 563 /* 564 * The highest priority stream just went inactive 565 * reset and search for the "next" highest "active" 566 * priority stream. 567 */ 568 ar->hiac_stream_active_pri = 0; 569 570 for (i = 0; i < WMM_NUM_AC; i++) { 571 if (ar->ac_stream_active[i] && 572 (ar->ac_stream_pri_map[i] > 573 ar->hiac_stream_active_pri)) 574 /* 575 * Set the new highest active 576 * priority. 577 */ 578 ar->hiac_stream_active_pri = 579 ar->ac_stream_pri_map[i]; 580 } 581 } 582 } 583 584 spin_unlock_bh(&ar->lock); 585 586notify_htc: 587 /* notify HTC, this may cause credit distribution changes */ 588 ath6kl_htc_activity_changed(ar->htc_target, eid, active); 589} 590 591enum htc_send_full_action ath6kl_tx_queue_full(struct htc_target *target, 592 struct htc_packet *packet) 593{ 594 struct ath6kl *ar = target->dev->ar; 595 struct ath6kl_vif *vif; 596 enum htc_endpoint_id endpoint = packet->endpoint; 597 enum htc_send_full_action action = HTC_SEND_FULL_KEEP; 598 599 if (endpoint == ar->ctrl_ep) { 600 /* 601 * Under normal WMI if this is getting full, then something 602 * is running rampant the host should not be exhausting the 603 * WMI queue with too many commands the only exception to 604 * this is during testing using endpointping. 605 */ 606 set_bit(WMI_CTRL_EP_FULL, &ar->flag); 607 ath6kl_err("wmi ctrl ep is full\n"); 608 ath6kl_recovery_err_notify(ar, ATH6KL_FW_EP_FULL); 609 return action; 610 } 611 612 if (packet->info.tx.tag == ATH6KL_CONTROL_PKT_TAG) 613 return action; 614 615 /* 616 * The last MAX_HI_COOKIE_NUM "batch" of cookies are reserved for 617 * the highest active stream. 618 */ 619 if (ar->ac_stream_pri_map[ar->ep2ac_map[endpoint]] < 620 ar->hiac_stream_active_pri && 621 ar->cookie_count <= 622 target->endpoint[endpoint].tx_drop_packet_threshold) 623 /* 624 * Give preference to the highest priority stream by 625 * dropping the packets which overflowed. 626 */ 627 action = HTC_SEND_FULL_DROP; 628 629 /* FIXME: Locking */ 630 spin_lock_bh(&ar->list_lock); 631 list_for_each_entry(vif, &ar->vif_list, list) { 632 if (vif->nw_type == ADHOC_NETWORK || 633 action != HTC_SEND_FULL_DROP) { 634 spin_unlock_bh(&ar->list_lock); 635 636 set_bit(NETQ_STOPPED, &vif->flags); 637 netif_stop_queue(vif->ndev); 638 639 return action; 640 } 641 } 642 spin_unlock_bh(&ar->list_lock); 643 644 return action; 645} 646 647/* TODO this needs to be looked at */ 648static void ath6kl_tx_clear_node_map(struct ath6kl_vif *vif, 649 enum htc_endpoint_id eid, u32 map_no) 650{ 651 struct ath6kl *ar = vif->ar; 652 u32 i; 653 654 if (vif->nw_type != ADHOC_NETWORK) 655 return; 656 657 if (!ar->ibss_ps_enable) 658 return; 659 660 if (eid == ar->ctrl_ep) 661 return; 662 663 if (map_no == 0) 664 return; 665 666 map_no--; 667 ar->node_map[map_no].tx_pend--; 668 669 if (ar->node_map[map_no].tx_pend) 670 return; 671 672 if (map_no != (ar->node_num - 1)) 673 return; 674 675 for (i = ar->node_num; i > 0; i--) { 676 if (ar->node_map[i - 1].tx_pend) 677 break; 678 679 memset(&ar->node_map[i - 1], 0, 680 sizeof(struct ath6kl_node_mapping)); 681 ar->node_num--; 682 } 683} 684 685void ath6kl_tx_complete(struct htc_target *target, 686 struct list_head *packet_queue) 687{ 688 struct ath6kl *ar = target->dev->ar; 689 struct sk_buff_head skb_queue; 690 struct htc_packet *packet; 691 struct sk_buff *skb; 692 struct ath6kl_cookie *ath6kl_cookie; 693 u32 map_no = 0; 694 int status; 695 enum htc_endpoint_id eid; 696 bool wake_event = false; 697 bool flushing[ATH6KL_VIF_MAX] = {false}; 698 u8 if_idx; 699 struct ath6kl_vif *vif; 700 701 skb_queue_head_init(&skb_queue); 702 703 /* lock the driver as we update internal state */ 704 spin_lock_bh(&ar->lock); 705 706 /* reap completed packets */ 707 while (!list_empty(packet_queue)) { 708 packet = list_first_entry(packet_queue, struct htc_packet, 709 list); 710 list_del(&packet->list); 711 712 if (WARN_ON_ONCE(packet->endpoint == ENDPOINT_UNUSED || 713 packet->endpoint >= ENDPOINT_MAX)) 714 continue; 715 716 ath6kl_cookie = (struct ath6kl_cookie *)packet->pkt_cntxt; 717 if (WARN_ON_ONCE(!ath6kl_cookie)) 718 continue; 719 720 status = packet->status; 721 skb = ath6kl_cookie->skb; 722 eid = packet->endpoint; 723 map_no = ath6kl_cookie->map_no; 724 725 if (WARN_ON_ONCE(!skb || !skb->data)) { 726 dev_kfree_skb(skb); 727 ath6kl_free_cookie(ar, ath6kl_cookie); 728 continue; 729 } 730 731 __skb_queue_tail(&skb_queue, skb); 732 733 if (WARN_ON_ONCE(!status && (packet->act_len != skb->len))) { 734 ath6kl_free_cookie(ar, ath6kl_cookie); 735 continue; 736 } 737 738 ar->tx_pending[eid]--; 739 740 if (eid != ar->ctrl_ep) 741 ar->total_tx_data_pend--; 742 743 if (eid == ar->ctrl_ep) { 744 if (test_bit(WMI_CTRL_EP_FULL, &ar->flag)) 745 clear_bit(WMI_CTRL_EP_FULL, &ar->flag); 746 747 if (ar->tx_pending[eid] == 0) 748 wake_event = true; 749 } 750 751 if (eid == ar->ctrl_ep) { 752 if_idx = wmi_cmd_hdr_get_if_idx( 753 (struct wmi_cmd_hdr *) packet->buf); 754 } else { 755 if_idx = wmi_data_hdr_get_if_idx( 756 (struct wmi_data_hdr *) packet->buf); 757 } 758 759 vif = ath6kl_get_vif_by_index(ar, if_idx); 760 if (!vif) { 761 ath6kl_free_cookie(ar, ath6kl_cookie); 762 continue; 763 } 764 765 if (status) { 766 if (status == -ECANCELED) 767 /* a packet was flushed */ 768 flushing[if_idx] = true; 769 770 vif->net_stats.tx_errors++; 771 772 if (status != -ENOSPC && status != -ECANCELED) 773 ath6kl_warn("tx complete error: %d\n", status); 774 775 ath6kl_dbg(ATH6KL_DBG_WLAN_TX, 776 "%s: skb=0x%p data=0x%p len=0x%x eid=%d %s\n", 777 __func__, skb, packet->buf, packet->act_len, 778 eid, "error!"); 779 } else { 780 ath6kl_dbg(ATH6KL_DBG_WLAN_TX, 781 "%s: skb=0x%p data=0x%p len=0x%x eid=%d %s\n", 782 __func__, skb, packet->buf, packet->act_len, 783 eid, "OK"); 784 785 flushing[if_idx] = false; 786 vif->net_stats.tx_packets++; 787 vif->net_stats.tx_bytes += skb->len; 788 } 789 790 ath6kl_tx_clear_node_map(vif, eid, map_no); 791 792 ath6kl_free_cookie(ar, ath6kl_cookie); 793 794 if (test_bit(NETQ_STOPPED, &vif->flags)) 795 clear_bit(NETQ_STOPPED, &vif->flags); 796 } 797 798 spin_unlock_bh(&ar->lock); 799 800 __skb_queue_purge(&skb_queue); 801 802 /* FIXME: Locking */ 803 spin_lock_bh(&ar->list_lock); 804 list_for_each_entry(vif, &ar->vif_list, list) { 805 if (test_bit(CONNECTED, &vif->flags) && 806 !flushing[vif->fw_vif_idx]) { 807 spin_unlock_bh(&ar->list_lock); 808 netif_wake_queue(vif->ndev); 809 spin_lock_bh(&ar->list_lock); 810 } 811 } 812 spin_unlock_bh(&ar->list_lock); 813 814 if (wake_event) 815 wake_up(&ar->event_wq); 816 817 return; 818} 819 820void ath6kl_tx_data_cleanup(struct ath6kl *ar) 821{ 822 int i; 823 824 /* flush all the data (non-control) streams */ 825 for (i = 0; i < WMM_NUM_AC; i++) 826 ath6kl_htc_flush_txep(ar->htc_target, ar->ac2ep_map[i], 827 ATH6KL_DATA_PKT_TAG); 828} 829 830/* Rx functions */ 831 832static void ath6kl_deliver_frames_to_nw_stack(struct net_device *dev, 833 struct sk_buff *skb) 834{ 835 if (!skb) 836 return; 837 838 skb->dev = dev; 839 840 if (!(skb->dev->flags & IFF_UP)) { 841 dev_kfree_skb(skb); 842 return; 843 } 844 845 skb->protocol = eth_type_trans(skb, skb->dev); 846 847 netif_rx_ni(skb); 848} 849 850static void ath6kl_alloc_netbufs(struct sk_buff_head *q, u16 num) 851{ 852 struct sk_buff *skb; 853 854 while (num) { 855 skb = ath6kl_buf_alloc(ATH6KL_BUFFER_SIZE); 856 if (!skb) { 857 ath6kl_err("netbuf allocation failed\n"); 858 return; 859 } 860 skb_queue_tail(q, skb); 861 num--; 862 } 863} 864 865static struct sk_buff *aggr_get_free_skb(struct aggr_info *p_aggr) 866{ 867 struct sk_buff *skb = NULL; 868 869 if (skb_queue_len(&p_aggr->rx_amsdu_freeq) < 870 (AGGR_NUM_OF_FREE_NETBUFS >> 2)) 871 ath6kl_alloc_netbufs(&p_aggr->rx_amsdu_freeq, 872 AGGR_NUM_OF_FREE_NETBUFS); 873 874 skb = skb_dequeue(&p_aggr->rx_amsdu_freeq); 875 876 return skb; 877} 878 879void ath6kl_rx_refill(struct htc_target *target, enum htc_endpoint_id endpoint) 880{ 881 struct ath6kl *ar = target->dev->ar; 882 struct sk_buff *skb; 883 int rx_buf; 884 int n_buf_refill; 885 struct htc_packet *packet; 886 struct list_head queue; 887 888 n_buf_refill = ATH6KL_MAX_RX_BUFFERS - 889 ath6kl_htc_get_rxbuf_num(ar->htc_target, endpoint); 890 891 if (n_buf_refill <= 0) 892 return; 893 894 INIT_LIST_HEAD(&queue); 895 896 ath6kl_dbg(ATH6KL_DBG_WLAN_RX, 897 "%s: providing htc with %d buffers at eid=%d\n", 898 __func__, n_buf_refill, endpoint); 899 900 for (rx_buf = 0; rx_buf < n_buf_refill; rx_buf++) { 901 skb = ath6kl_buf_alloc(ATH6KL_BUFFER_SIZE); 902 if (!skb) 903 break; 904 905 packet = (struct htc_packet *) skb->head; 906 if (!IS_ALIGNED((unsigned long) skb->data, 4)) { 907 size_t len = skb_headlen(skb); 908 skb->data = PTR_ALIGN(skb->data - 4, 4); 909 skb_set_tail_pointer(skb, len); 910 } 911 set_htc_rxpkt_info(packet, skb, skb->data, 912 ATH6KL_BUFFER_SIZE, endpoint); 913 packet->skb = skb; 914 list_add_tail(&packet->list, &queue); 915 } 916 917 if (!list_empty(&queue)) 918 ath6kl_htc_add_rxbuf_multiple(ar->htc_target, &queue); 919} 920 921void ath6kl_refill_amsdu_rxbufs(struct ath6kl *ar, int count) 922{ 923 struct htc_packet *packet; 924 struct sk_buff *skb; 925 926 while (count) { 927 skb = ath6kl_buf_alloc(ATH6KL_AMSDU_BUFFER_SIZE); 928 if (!skb) 929 return; 930 931 packet = (struct htc_packet *) skb->head; 932 if (!IS_ALIGNED((unsigned long) skb->data, 4)) { 933 size_t len = skb_headlen(skb); 934 skb->data = PTR_ALIGN(skb->data - 4, 4); 935 skb_set_tail_pointer(skb, len); 936 } 937 set_htc_rxpkt_info(packet, skb, skb->data, 938 ATH6KL_AMSDU_BUFFER_SIZE, 0); 939 packet->skb = skb; 940 941 spin_lock_bh(&ar->lock); 942 list_add_tail(&packet->list, &ar->amsdu_rx_buffer_queue); 943 spin_unlock_bh(&ar->lock); 944 count--; 945 } 946} 947 948/* 949 * Callback to allocate a receive buffer for a pending packet. We use a 950 * pre-allocated list of buffers of maximum AMSDU size (4K). 951 */ 952struct htc_packet *ath6kl_alloc_amsdu_rxbuf(struct htc_target *target, 953 enum htc_endpoint_id endpoint, 954 int len) 955{ 956 struct ath6kl *ar = target->dev->ar; 957 struct htc_packet *packet = NULL; 958 struct list_head *pkt_pos; 959 int refill_cnt = 0, depth = 0; 960 961 ath6kl_dbg(ATH6KL_DBG_WLAN_RX, "%s: eid=%d, len:%d\n", 962 __func__, endpoint, len); 963 964 if ((len <= ATH6KL_BUFFER_SIZE) || 965 (len > ATH6KL_AMSDU_BUFFER_SIZE)) 966 return NULL; 967 968 spin_lock_bh(&ar->lock); 969 970 if (list_empty(&ar->amsdu_rx_buffer_queue)) { 971 spin_unlock_bh(&ar->lock); 972 refill_cnt = ATH6KL_MAX_AMSDU_RX_BUFFERS; 973 goto refill_buf; 974 } 975 976 packet = list_first_entry(&ar->amsdu_rx_buffer_queue, 977 struct htc_packet, list); 978 list_del(&packet->list); 979 list_for_each(pkt_pos, &ar->amsdu_rx_buffer_queue) 980 depth++; 981 982 refill_cnt = ATH6KL_MAX_AMSDU_RX_BUFFERS - depth; 983 spin_unlock_bh(&ar->lock); 984 985 /* set actual endpoint ID */ 986 packet->endpoint = endpoint; 987 988refill_buf: 989 if (refill_cnt >= ATH6KL_AMSDU_REFILL_THRESHOLD) 990 ath6kl_refill_amsdu_rxbufs(ar, refill_cnt); 991 992 return packet; 993} 994 995static void aggr_slice_amsdu(struct aggr_info *p_aggr, 996 struct rxtid *rxtid, struct sk_buff *skb) 997{ 998 struct sk_buff *new_skb; 999 struct ethhdr *hdr; 1000 u16 frame_8023_len, payload_8023_len, mac_hdr_len, amsdu_len; 1001 u8 *framep; 1002 1003 mac_hdr_len = sizeof(struct ethhdr); 1004 framep = skb->data + mac_hdr_len; 1005 amsdu_len = skb->len - mac_hdr_len; 1006 1007 while (amsdu_len > mac_hdr_len) { 1008 hdr = (struct ethhdr *) framep; 1009 payload_8023_len = ntohs(hdr->h_proto); 1010 1011 if (payload_8023_len < MIN_MSDU_SUBFRAME_PAYLOAD_LEN || 1012 payload_8023_len > MAX_MSDU_SUBFRAME_PAYLOAD_LEN) { 1013 ath6kl_err("802.3 AMSDU frame bound check failed. len %d\n", 1014 payload_8023_len); 1015 break; 1016 } 1017 1018 frame_8023_len = payload_8023_len + mac_hdr_len; 1019 new_skb = aggr_get_free_skb(p_aggr); 1020 if (!new_skb) { 1021 ath6kl_err("no buffer available\n"); 1022 break; 1023 } 1024 1025 memcpy(new_skb->data, framep, frame_8023_len); 1026 skb_put(new_skb, frame_8023_len); 1027 if (ath6kl_wmi_dot3_2_dix(new_skb)) { 1028 ath6kl_err("dot3_2_dix error\n"); 1029 dev_kfree_skb(new_skb); 1030 break; 1031 } 1032 1033 skb_queue_tail(&rxtid->q, new_skb); 1034 1035 /* Is this the last subframe within this aggregate ? */ 1036 if ((amsdu_len - frame_8023_len) == 0) 1037 break; 1038 1039 /* Add the length of A-MSDU subframe padding bytes - 1040 * Round to nearest word. 1041 */ 1042 frame_8023_len = ALIGN(frame_8023_len, 4); 1043 1044 framep += frame_8023_len; 1045 amsdu_len -= frame_8023_len; 1046 } 1047 1048 dev_kfree_skb(skb); 1049} 1050 1051static void aggr_deque_frms(struct aggr_info_conn *agg_conn, u8 tid, 1052 u16 seq_no, u8 order) 1053{ 1054 struct sk_buff *skb; 1055 struct rxtid *rxtid; 1056 struct skb_hold_q *node; 1057 u16 idx, idx_end, seq_end; 1058 struct rxtid_stats *stats; 1059 1060 rxtid = &agg_conn->rx_tid[tid]; 1061 stats = &agg_conn->stat[tid]; 1062 1063 spin_lock_bh(&rxtid->lock); 1064 idx = AGGR_WIN_IDX(rxtid->seq_next, rxtid->hold_q_sz); 1065 1066 /* 1067 * idx_end is typically the last possible frame in the window, 1068 * but changes to 'the' seq_no, when BAR comes. If seq_no 1069 * is non-zero, we will go up to that and stop. 1070 * Note: last seq no in current window will occupy the same 1071 * index position as index that is just previous to start. 1072 * An imp point : if win_sz is 7, for seq_no space of 4095, 1073 * then, there would be holes when sequence wrap around occurs. 1074 * Target should judiciously choose the win_sz, based on 1075 * this condition. For 4095, (TID_WINDOW_SZ = 2 x win_sz 1076 * 2, 4, 8, 16 win_sz works fine). 1077 * We must deque from "idx" to "idx_end", including both. 1078 */ 1079 seq_end = seq_no ? seq_no : rxtid->seq_next; 1080 idx_end = AGGR_WIN_IDX(seq_end, rxtid->hold_q_sz); 1081 1082 do { 1083 node = &rxtid->hold_q[idx]; 1084 if ((order == 1) && (!node->skb)) 1085 break; 1086 1087 if (node->skb) { 1088 if (node->is_amsdu) 1089 aggr_slice_amsdu(agg_conn->aggr_info, rxtid, 1090 node->skb); 1091 else 1092 skb_queue_tail(&rxtid->q, node->skb); 1093 node->skb = NULL; 1094 } else { 1095 stats->num_hole++; 1096 } 1097 1098 rxtid->seq_next = ATH6KL_NEXT_SEQ_NO(rxtid->seq_next); 1099 idx = AGGR_WIN_IDX(rxtid->seq_next, rxtid->hold_q_sz); 1100 } while (idx != idx_end); 1101 1102 spin_unlock_bh(&rxtid->lock); 1103 1104 stats->num_delivered += skb_queue_len(&rxtid->q); 1105 1106 while ((skb = skb_dequeue(&rxtid->q))) 1107 ath6kl_deliver_frames_to_nw_stack(agg_conn->dev, skb); 1108} 1109 1110static bool aggr_process_recv_frm(struct aggr_info_conn *agg_conn, u8 tid, 1111 u16 seq_no, 1112 bool is_amsdu, struct sk_buff *frame) 1113{ 1114 struct rxtid *rxtid; 1115 struct rxtid_stats *stats; 1116 struct sk_buff *skb; 1117 struct skb_hold_q *node; 1118 u16 idx, st, cur, end; 1119 bool is_queued = false; 1120 u16 extended_end; 1121 1122 rxtid = &agg_conn->rx_tid[tid]; 1123 stats = &agg_conn->stat[tid]; 1124 1125 stats->num_into_aggr++; 1126 1127 if (!rxtid->aggr) { 1128 if (is_amsdu) { 1129 aggr_slice_amsdu(agg_conn->aggr_info, rxtid, frame); 1130 is_queued = true; 1131 stats->num_amsdu++; 1132 while ((skb = skb_dequeue(&rxtid->q))) 1133 ath6kl_deliver_frames_to_nw_stack(agg_conn->dev, 1134 skb); 1135 } 1136 return is_queued; 1137 } 1138 1139 /* Check the incoming sequence no, if it's in the window */ 1140 st = rxtid->seq_next; 1141 cur = seq_no; 1142 end = (st + rxtid->hold_q_sz-1) & ATH6KL_MAX_SEQ_NO; 1143 1144 if (((st < end) && (cur < st || cur > end)) || 1145 ((st > end) && (cur > end) && (cur < st))) { 1146 extended_end = (end + rxtid->hold_q_sz - 1) & 1147 ATH6KL_MAX_SEQ_NO; 1148 1149 if (((end < extended_end) && 1150 (cur < end || cur > extended_end)) || 1151 ((end > extended_end) && (cur > extended_end) && 1152 (cur < end))) { 1153 aggr_deque_frms(agg_conn, tid, 0, 0); 1154 spin_lock_bh(&rxtid->lock); 1155 if (cur >= rxtid->hold_q_sz - 1) 1156 rxtid->seq_next = cur - (rxtid->hold_q_sz - 1); 1157 else 1158 rxtid->seq_next = ATH6KL_MAX_SEQ_NO - 1159 (rxtid->hold_q_sz - 2 - cur); 1160 spin_unlock_bh(&rxtid->lock); 1161 } else { 1162 /* 1163 * Dequeue only those frames that are outside the 1164 * new shifted window. 1165 */ 1166 if (cur >= rxtid->hold_q_sz - 1) 1167 st = cur - (rxtid->hold_q_sz - 1); 1168 else 1169 st = ATH6KL_MAX_SEQ_NO - 1170 (rxtid->hold_q_sz - 2 - cur); 1171 1172 aggr_deque_frms(agg_conn, tid, st, 0); 1173 } 1174 1175 stats->num_oow++; 1176 } 1177 1178 idx = AGGR_WIN_IDX(seq_no, rxtid->hold_q_sz); 1179 1180 node = &rxtid->hold_q[idx]; 1181 1182 spin_lock_bh(&rxtid->lock); 1183 1184 /* 1185 * Is the cur frame duplicate or something beyond our window(hold_q 1186 * -> which is 2x, already)? 1187 * 1188 * 1. Duplicate is easy - drop incoming frame. 1189 * 2. Not falling in current sliding window. 1190 * 2a. is the frame_seq_no preceding current tid_seq_no? 1191 * -> drop the frame. perhaps sender did not get our ACK. 1192 * this is taken care of above. 1193 * 2b. is the frame_seq_no beyond window(st, TID_WINDOW_SZ); 1194 * -> Taken care of it above, by moving window forward. 1195 */ 1196 dev_kfree_skb(node->skb); 1197 stats->num_dups++; 1198 1199 node->skb = frame; 1200 is_queued = true; 1201 node->is_amsdu = is_amsdu; 1202 node->seq_no = seq_no; 1203 1204 if (node->is_amsdu) 1205 stats->num_amsdu++; 1206 else 1207 stats->num_mpdu++; 1208 1209 spin_unlock_bh(&rxtid->lock); 1210 1211 aggr_deque_frms(agg_conn, tid, 0, 1); 1212 1213 if (agg_conn->timer_scheduled) 1214 return is_queued; 1215 1216 spin_lock_bh(&rxtid->lock); 1217 for (idx = 0; idx < rxtid->hold_q_sz; idx++) { 1218 if (rxtid->hold_q[idx].skb) { 1219 /* 1220 * There is a frame in the queue and no 1221 * timer so start a timer to ensure that 1222 * the frame doesn't remain stuck 1223 * forever. 1224 */ 1225 agg_conn->timer_scheduled = true; 1226 mod_timer(&agg_conn->timer, 1227 (jiffies + (HZ * AGGR_RX_TIMEOUT) / 1000)); 1228 rxtid->timer_mon = true; 1229 break; 1230 } 1231 } 1232 spin_unlock_bh(&rxtid->lock); 1233 1234 return is_queued; 1235} 1236 1237static void ath6kl_uapsd_trigger_frame_rx(struct ath6kl_vif *vif, 1238 struct ath6kl_sta *conn) 1239{ 1240 struct ath6kl *ar = vif->ar; 1241 bool is_apsdq_empty, is_apsdq_empty_at_start; 1242 u32 num_frames_to_deliver, flags; 1243 struct sk_buff *skb = NULL; 1244 1245 /* 1246 * If the APSD q for this STA is not empty, dequeue and 1247 * send a pkt from the head of the q. Also update the 1248 * More data bit in the WMI_DATA_HDR if there are 1249 * more pkts for this STA in the APSD q. 1250 * If there are no more pkts for this STA, 1251 * update the APSD bitmap for this STA. 1252 */ 1253 1254 num_frames_to_deliver = (conn->apsd_info >> ATH6KL_APSD_NUM_OF_AC) & 1255 ATH6KL_APSD_FRAME_MASK; 1256 /* 1257 * Number of frames to send in a service period is 1258 * indicated by the station 1259 * in the QOS_INFO of the association request 1260 * If it is zero, send all frames 1261 */ 1262 if (!num_frames_to_deliver) 1263 num_frames_to_deliver = ATH6KL_APSD_ALL_FRAME; 1264 1265 spin_lock_bh(&conn->psq_lock); 1266 is_apsdq_empty = skb_queue_empty(&conn->apsdq); 1267 spin_unlock_bh(&conn->psq_lock); 1268 is_apsdq_empty_at_start = is_apsdq_empty; 1269 1270 while ((!is_apsdq_empty) && (num_frames_to_deliver)) { 1271 spin_lock_bh(&conn->psq_lock); 1272 skb = skb_dequeue(&conn->apsdq); 1273 is_apsdq_empty = skb_queue_empty(&conn->apsdq); 1274 spin_unlock_bh(&conn->psq_lock); 1275 1276 /* 1277 * Set the STA flag to Trigger delivery, 1278 * so that the frame will go out 1279 */ 1280 conn->sta_flags |= STA_PS_APSD_TRIGGER; 1281 num_frames_to_deliver--; 1282 1283 /* Last frame in the service period, set EOSP or queue empty */ 1284 if ((is_apsdq_empty) || (!num_frames_to_deliver)) 1285 conn->sta_flags |= STA_PS_APSD_EOSP; 1286 1287 ath6kl_data_tx(skb, vif->ndev); 1288 conn->sta_flags &= ~(STA_PS_APSD_TRIGGER); 1289 conn->sta_flags &= ~(STA_PS_APSD_EOSP); 1290 } 1291 1292 if (is_apsdq_empty) { 1293 if (is_apsdq_empty_at_start) 1294 flags = WMI_AP_APSD_NO_DELIVERY_FRAMES; 1295 else 1296 flags = 0; 1297 1298 ath6kl_wmi_set_apsd_bfrd_traf(ar->wmi, 1299 vif->fw_vif_idx, 1300 conn->aid, 0, flags); 1301 } 1302 1303 return; 1304} 1305 1306void ath6kl_rx(struct htc_target *target, struct htc_packet *packet) 1307{ 1308 struct ath6kl *ar = target->dev->ar; 1309 struct sk_buff *skb = packet->pkt_cntxt; 1310 struct wmi_rx_meta_v2 *meta; 1311 struct wmi_data_hdr *dhdr; 1312 int min_hdr_len; 1313 u8 meta_type, dot11_hdr = 0; 1314 u8 pad_before_data_start; 1315 int status = packet->status; 1316 enum htc_endpoint_id ept = packet->endpoint; 1317 bool is_amsdu, prev_ps, ps_state = false; 1318 bool trig_state = false; 1319 struct ath6kl_sta *conn = NULL; 1320 struct sk_buff *skb1 = NULL; 1321 struct ethhdr *datap = NULL; 1322 struct ath6kl_vif *vif; 1323 struct aggr_info_conn *aggr_conn; 1324 u16 seq_no, offset; 1325 u8 tid, if_idx; 1326 1327 ath6kl_dbg(ATH6KL_DBG_WLAN_RX, 1328 "%s: ar=0x%p eid=%d, skb=0x%p, data=0x%p, len=0x%x status:%d", 1329 __func__, ar, ept, skb, packet->buf, 1330 packet->act_len, status); 1331 1332 if (status || packet->act_len < HTC_HDR_LENGTH) { 1333 dev_kfree_skb(skb); 1334 return; 1335 } 1336 1337 skb_put(skb, packet->act_len + HTC_HDR_LENGTH); 1338 skb_pull(skb, HTC_HDR_LENGTH); 1339 1340 ath6kl_dbg_dump(ATH6KL_DBG_RAW_BYTES, __func__, "rx ", 1341 skb->data, skb->len); 1342 1343 if (ept == ar->ctrl_ep) { 1344 if (test_bit(WMI_ENABLED, &ar->flag)) { 1345 ath6kl_check_wow_status(ar); 1346 ath6kl_wmi_control_rx(ar->wmi, skb); 1347 return; 1348 } 1349 if_idx = 1350 wmi_cmd_hdr_get_if_idx((struct wmi_cmd_hdr *) skb->data); 1351 } else { 1352 if_idx = 1353 wmi_data_hdr_get_if_idx((struct wmi_data_hdr *) skb->data); 1354 } 1355 1356 vif = ath6kl_get_vif_by_index(ar, if_idx); 1357 if (!vif) { 1358 dev_kfree_skb(skb); 1359 return; 1360 } 1361 1362 /* 1363 * Take lock to protect buffer counts and adaptive power throughput 1364 * state. 1365 */ 1366 spin_lock_bh(&vif->if_lock); 1367 1368 vif->net_stats.rx_packets++; 1369 vif->net_stats.rx_bytes += packet->act_len; 1370 1371 spin_unlock_bh(&vif->if_lock); 1372 1373 skb->dev = vif->ndev; 1374 1375 if (!test_bit(WMI_ENABLED, &ar->flag)) { 1376 if (EPPING_ALIGNMENT_PAD > 0) 1377 skb_pull(skb, EPPING_ALIGNMENT_PAD); 1378 ath6kl_deliver_frames_to_nw_stack(vif->ndev, skb); 1379 return; 1380 } 1381 1382 ath6kl_check_wow_status(ar); 1383 1384 min_hdr_len = sizeof(struct ethhdr) + sizeof(struct wmi_data_hdr) + 1385 sizeof(struct ath6kl_llc_snap_hdr); 1386 1387 dhdr = (struct wmi_data_hdr *) skb->data; 1388 1389 /* 1390 * In the case of AP mode we may receive NULL data frames 1391 * that do not have LLC hdr. They are 16 bytes in size. 1392 * Allow these frames in the AP mode. 1393 */ 1394 if (vif->nw_type != AP_NETWORK && 1395 ((packet->act_len < min_hdr_len) || 1396 (packet->act_len > WMI_MAX_AMSDU_RX_DATA_FRAME_LENGTH))) { 1397 ath6kl_info("frame len is too short or too long\n"); 1398 vif->net_stats.rx_errors++; 1399 vif->net_stats.rx_length_errors++; 1400 dev_kfree_skb(skb); 1401 return; 1402 } 1403 1404 /* Get the Power save state of the STA */ 1405 if (vif->nw_type == AP_NETWORK) { 1406 meta_type = wmi_data_hdr_get_meta(dhdr); 1407 1408 ps_state = !!((dhdr->info >> WMI_DATA_HDR_PS_SHIFT) & 1409 WMI_DATA_HDR_PS_MASK); 1410 1411 offset = sizeof(struct wmi_data_hdr); 1412 trig_state = !!(le16_to_cpu(dhdr->info3) & WMI_DATA_HDR_TRIG); 1413 1414 switch (meta_type) { 1415 case 0: 1416 break; 1417 case WMI_META_VERSION_1: 1418 offset += sizeof(struct wmi_rx_meta_v1); 1419 break; 1420 case WMI_META_VERSION_2: 1421 offset += sizeof(struct wmi_rx_meta_v2); 1422 break; 1423 default: 1424 break; 1425 } 1426 1427 datap = (struct ethhdr *) (skb->data + offset); 1428 conn = ath6kl_find_sta(vif, datap->h_source); 1429 1430 if (!conn) { 1431 dev_kfree_skb(skb); 1432 return; 1433 } 1434 1435 /* 1436 * If there is a change in PS state of the STA, 1437 * take appropriate steps: 1438 * 1439 * 1. If Sleep-->Awake, flush the psq for the STA 1440 * Clear the PVB for the STA. 1441 * 2. If Awake-->Sleep, Starting queueing frames 1442 * the STA. 1443 */ 1444 prev_ps = !!(conn->sta_flags & STA_PS_SLEEP); 1445 1446 if (ps_state) 1447 conn->sta_flags |= STA_PS_SLEEP; 1448 else 1449 conn->sta_flags &= ~STA_PS_SLEEP; 1450 1451 /* Accept trigger only when the station is in sleep */ 1452 if ((conn->sta_flags & STA_PS_SLEEP) && trig_state) 1453 ath6kl_uapsd_trigger_frame_rx(vif, conn); 1454 1455 if (prev_ps ^ !!(conn->sta_flags & STA_PS_SLEEP)) { 1456 if (!(conn->sta_flags & STA_PS_SLEEP)) { 1457 struct sk_buff *skbuff = NULL; 1458 bool is_apsdq_empty; 1459 struct ath6kl_mgmt_buff *mgmt; 1460 u8 idx; 1461 1462 spin_lock_bh(&conn->psq_lock); 1463 while (conn->mgmt_psq_len > 0) { 1464 mgmt = list_first_entry( 1465 &conn->mgmt_psq, 1466 struct ath6kl_mgmt_buff, 1467 list); 1468 list_del(&mgmt->list); 1469 conn->mgmt_psq_len--; 1470 spin_unlock_bh(&conn->psq_lock); 1471 idx = vif->fw_vif_idx; 1472 1473 ath6kl_wmi_send_mgmt_cmd(ar->wmi, 1474 idx, 1475 mgmt->id, 1476 mgmt->freq, 1477 mgmt->wait, 1478 mgmt->buf, 1479 mgmt->len, 1480 mgmt->no_cck); 1481 1482 kfree(mgmt); 1483 spin_lock_bh(&conn->psq_lock); 1484 } 1485 conn->mgmt_psq_len = 0; 1486 while ((skbuff = skb_dequeue(&conn->psq))) { 1487 spin_unlock_bh(&conn->psq_lock); 1488 ath6kl_data_tx(skbuff, vif->ndev); 1489 spin_lock_bh(&conn->psq_lock); 1490 } 1491 1492 is_apsdq_empty = skb_queue_empty(&conn->apsdq); 1493 while ((skbuff = skb_dequeue(&conn->apsdq))) { 1494 spin_unlock_bh(&conn->psq_lock); 1495 ath6kl_data_tx(skbuff, vif->ndev); 1496 spin_lock_bh(&conn->psq_lock); 1497 } 1498 spin_unlock_bh(&conn->psq_lock); 1499 1500 if (!is_apsdq_empty) 1501 ath6kl_wmi_set_apsd_bfrd_traf( 1502 ar->wmi, 1503 vif->fw_vif_idx, 1504 conn->aid, 0, 0); 1505 1506 /* Clear the PVB for this STA */ 1507 ath6kl_wmi_set_pvb_cmd(ar->wmi, vif->fw_vif_idx, 1508 conn->aid, 0); 1509 } 1510 } 1511 1512 /* drop NULL data frames here */ 1513 if ((packet->act_len < min_hdr_len) || 1514 (packet->act_len > 1515 WMI_MAX_AMSDU_RX_DATA_FRAME_LENGTH)) { 1516 dev_kfree_skb(skb); 1517 return; 1518 } 1519 } 1520 1521 is_amsdu = wmi_data_hdr_is_amsdu(dhdr) ? true : false; 1522 tid = wmi_data_hdr_get_up(dhdr); 1523 seq_no = wmi_data_hdr_get_seqno(dhdr); 1524 meta_type = wmi_data_hdr_get_meta(dhdr); 1525 dot11_hdr = wmi_data_hdr_get_dot11(dhdr); 1526 pad_before_data_start = 1527 (le16_to_cpu(dhdr->info3) >> WMI_DATA_HDR_PAD_BEFORE_DATA_SHIFT) 1528 & WMI_DATA_HDR_PAD_BEFORE_DATA_MASK; 1529 1530 skb_pull(skb, sizeof(struct wmi_data_hdr)); 1531 1532 switch (meta_type) { 1533 case WMI_META_VERSION_1: 1534 skb_pull(skb, sizeof(struct wmi_rx_meta_v1)); 1535 break; 1536 case WMI_META_VERSION_2: 1537 meta = (struct wmi_rx_meta_v2 *) skb->data; 1538 if (meta->csum_flags & 0x1) { 1539 skb->ip_summed = CHECKSUM_COMPLETE; 1540 skb->csum = (__force __wsum) meta->csum; 1541 } 1542 skb_pull(skb, sizeof(struct wmi_rx_meta_v2)); 1543 break; 1544 default: 1545 break; 1546 } 1547 1548 skb_pull(skb, pad_before_data_start); 1549 1550 if (dot11_hdr) 1551 status = ath6kl_wmi_dot11_hdr_remove(ar->wmi, skb); 1552 else if (!is_amsdu) 1553 status = ath6kl_wmi_dot3_2_dix(skb); 1554 1555 if (status) { 1556 /* 1557 * Drop frames that could not be processed (lack of 1558 * memory, etc.) 1559 */ 1560 dev_kfree_skb(skb); 1561 return; 1562 } 1563 1564 if (!(vif->ndev->flags & IFF_UP)) { 1565 dev_kfree_skb(skb); 1566 return; 1567 } 1568 1569 if (vif->nw_type == AP_NETWORK) { 1570 datap = (struct ethhdr *) skb->data; 1571 if (is_multicast_ether_addr(datap->h_dest)) 1572 /* 1573 * Bcast/Mcast frames should be sent to the 1574 * OS stack as well as on the air. 1575 */ 1576 skb1 = skb_copy(skb, GFP_ATOMIC); 1577 else { 1578 /* 1579 * Search for a connected STA with dstMac 1580 * as the Mac address. If found send the 1581 * frame to it on the air else send the 1582 * frame up the stack. 1583 */ 1584 conn = ath6kl_find_sta(vif, datap->h_dest); 1585 1586 if (conn && ar->intra_bss) { 1587 skb1 = skb; 1588 skb = NULL; 1589 } else if (conn && !ar->intra_bss) { 1590 dev_kfree_skb(skb); 1591 skb = NULL; 1592 } 1593 } 1594 if (skb1) 1595 ath6kl_data_tx(skb1, vif->ndev); 1596 1597 if (skb == NULL) { 1598 /* nothing to deliver up the stack */ 1599 return; 1600 } 1601 } 1602 1603 datap = (struct ethhdr *) skb->data; 1604 1605 if (is_unicast_ether_addr(datap->h_dest)) { 1606 if (vif->nw_type == AP_NETWORK) { 1607 conn = ath6kl_find_sta(vif, datap->h_source); 1608 if (!conn) 1609 return; 1610 aggr_conn = conn->aggr_conn; 1611 } else { 1612 aggr_conn = vif->aggr_cntxt->aggr_conn; 1613 } 1614 1615 if (aggr_process_recv_frm(aggr_conn, tid, seq_no, 1616 is_amsdu, skb)) { 1617 /* aggregation code will handle the skb */ 1618 return; 1619 } 1620 } else if (!is_broadcast_ether_addr(datap->h_dest)) { 1621 vif->net_stats.multicast++; 1622 } 1623 1624 ath6kl_deliver_frames_to_nw_stack(vif->ndev, skb); 1625} 1626 1627static void aggr_timeout(unsigned long arg) 1628{ 1629 u8 i, j; 1630 struct aggr_info_conn *aggr_conn = (struct aggr_info_conn *) arg; 1631 struct rxtid *rxtid; 1632 struct rxtid_stats *stats; 1633 1634 for (i = 0; i < NUM_OF_TIDS; i++) { 1635 rxtid = &aggr_conn->rx_tid[i]; 1636 stats = &aggr_conn->stat[i]; 1637 1638 if (!rxtid->aggr || !rxtid->timer_mon) 1639 continue; 1640 1641 stats->num_timeouts++; 1642 ath6kl_dbg(ATH6KL_DBG_AGGR, 1643 "aggr timeout (st %d end %d)\n", 1644 rxtid->seq_next, 1645 ((rxtid->seq_next + rxtid->hold_q_sz-1) & 1646 ATH6KL_MAX_SEQ_NO)); 1647 aggr_deque_frms(aggr_conn, i, 0, 0); 1648 } 1649 1650 aggr_conn->timer_scheduled = false; 1651 1652 for (i = 0; i < NUM_OF_TIDS; i++) { 1653 rxtid = &aggr_conn->rx_tid[i]; 1654 1655 if (rxtid->aggr && rxtid->hold_q) { 1656 spin_lock_bh(&rxtid->lock); 1657 for (j = 0; j < rxtid->hold_q_sz; j++) { 1658 if (rxtid->hold_q[j].skb) { 1659 aggr_conn->timer_scheduled = true; 1660 rxtid->timer_mon = true; 1661 break; 1662 } 1663 } 1664 spin_unlock_bh(&rxtid->lock); 1665 1666 if (j >= rxtid->hold_q_sz) 1667 rxtid->timer_mon = false; 1668 } 1669 } 1670 1671 if (aggr_conn->timer_scheduled) 1672 mod_timer(&aggr_conn->timer, 1673 jiffies + msecs_to_jiffies(AGGR_RX_TIMEOUT)); 1674} 1675 1676static void aggr_delete_tid_state(struct aggr_info_conn *aggr_conn, u8 tid) 1677{ 1678 struct rxtid *rxtid; 1679 struct rxtid_stats *stats; 1680 1681 if (!aggr_conn || tid >= NUM_OF_TIDS) 1682 return; 1683 1684 rxtid = &aggr_conn->rx_tid[tid]; 1685 stats = &aggr_conn->stat[tid]; 1686 1687 if (rxtid->aggr) 1688 aggr_deque_frms(aggr_conn, tid, 0, 0); 1689 1690 rxtid->aggr = false; 1691 rxtid->timer_mon = false; 1692 rxtid->win_sz = 0; 1693 rxtid->seq_next = 0; 1694 rxtid->hold_q_sz = 0; 1695 1696 kfree(rxtid->hold_q); 1697 rxtid->hold_q = NULL; 1698 1699 memset(stats, 0, sizeof(struct rxtid_stats)); 1700} 1701 1702void aggr_recv_addba_req_evt(struct ath6kl_vif *vif, u8 tid_mux, u16 seq_no, 1703 u8 win_sz) 1704{ 1705 struct ath6kl_sta *sta; 1706 struct aggr_info_conn *aggr_conn = NULL; 1707 struct rxtid *rxtid; 1708 struct rxtid_stats *stats; 1709 u16 hold_q_size; 1710 u8 tid, aid; 1711 1712 if (vif->nw_type == AP_NETWORK) { 1713 aid = ath6kl_get_aid(tid_mux); 1714 sta = ath6kl_find_sta_by_aid(vif->ar, aid); 1715 if (sta) 1716 aggr_conn = sta->aggr_conn; 1717 } else { 1718 aggr_conn = vif->aggr_cntxt->aggr_conn; 1719 } 1720 1721 if (!aggr_conn) 1722 return; 1723 1724 tid = ath6kl_get_tid(tid_mux); 1725 if (tid >= NUM_OF_TIDS) 1726 return; 1727 1728 rxtid = &aggr_conn->rx_tid[tid]; 1729 stats = &aggr_conn->stat[tid]; 1730 1731 if (win_sz < AGGR_WIN_SZ_MIN || win_sz > AGGR_WIN_SZ_MAX) 1732 ath6kl_dbg(ATH6KL_DBG_WLAN_RX, "%s: win_sz %d, tid %d\n", 1733 __func__, win_sz, tid); 1734 1735 if (rxtid->aggr) 1736 aggr_delete_tid_state(aggr_conn, tid); 1737 1738 rxtid->seq_next = seq_no; 1739 hold_q_size = TID_WINDOW_SZ(win_sz) * sizeof(struct skb_hold_q); 1740 rxtid->hold_q = kzalloc(hold_q_size, GFP_KERNEL); 1741 if (!rxtid->hold_q) 1742 return; 1743 1744 rxtid->win_sz = win_sz; 1745 rxtid->hold_q_sz = TID_WINDOW_SZ(win_sz); 1746 if (!skb_queue_empty(&rxtid->q)) 1747 return; 1748 1749 rxtid->aggr = true; 1750} 1751 1752void aggr_conn_init(struct ath6kl_vif *vif, struct aggr_info *aggr_info, 1753 struct aggr_info_conn *aggr_conn) 1754{ 1755 struct rxtid *rxtid; 1756 u8 i; 1757 1758 aggr_conn->aggr_sz = AGGR_SZ_DEFAULT; 1759 aggr_conn->dev = vif->ndev; 1760 init_timer(&aggr_conn->timer); 1761 aggr_conn->timer.function = aggr_timeout; 1762 aggr_conn->timer.data = (unsigned long) aggr_conn; 1763 aggr_conn->aggr_info = aggr_info; 1764 1765 aggr_conn->timer_scheduled = false; 1766 1767 for (i = 0; i < NUM_OF_TIDS; i++) { 1768 rxtid = &aggr_conn->rx_tid[i]; 1769 rxtid->aggr = false; 1770 rxtid->timer_mon = false; 1771 skb_queue_head_init(&rxtid->q); 1772 spin_lock_init(&rxtid->lock); 1773 } 1774} 1775 1776struct aggr_info *aggr_init(struct ath6kl_vif *vif) 1777{ 1778 struct aggr_info *p_aggr = NULL; 1779 1780 p_aggr = kzalloc(sizeof(struct aggr_info), GFP_KERNEL); 1781 if (!p_aggr) { 1782 ath6kl_err("failed to alloc memory for aggr_node\n"); 1783 return NULL; 1784 } 1785 1786 p_aggr->aggr_conn = kzalloc(sizeof(struct aggr_info_conn), GFP_KERNEL); 1787 if (!p_aggr->aggr_conn) { 1788 ath6kl_err("failed to alloc memory for connection specific aggr info\n"); 1789 kfree(p_aggr); 1790 return NULL; 1791 } 1792 1793 aggr_conn_init(vif, p_aggr, p_aggr->aggr_conn); 1794 1795 skb_queue_head_init(&p_aggr->rx_amsdu_freeq); 1796 ath6kl_alloc_netbufs(&p_aggr->rx_amsdu_freeq, AGGR_NUM_OF_FREE_NETBUFS); 1797 1798 return p_aggr; 1799} 1800 1801void aggr_recv_delba_req_evt(struct ath6kl_vif *vif, u8 tid_mux) 1802{ 1803 struct ath6kl_sta *sta; 1804 struct rxtid *rxtid; 1805 struct aggr_info_conn *aggr_conn = NULL; 1806 u8 tid, aid; 1807 1808 if (vif->nw_type == AP_NETWORK) { 1809 aid = ath6kl_get_aid(tid_mux); 1810 sta = ath6kl_find_sta_by_aid(vif->ar, aid); 1811 if (sta) 1812 aggr_conn = sta->aggr_conn; 1813 } else { 1814 aggr_conn = vif->aggr_cntxt->aggr_conn; 1815 } 1816 1817 if (!aggr_conn) 1818 return; 1819 1820 tid = ath6kl_get_tid(tid_mux); 1821 if (tid >= NUM_OF_TIDS) 1822 return; 1823 1824 rxtid = &aggr_conn->rx_tid[tid]; 1825 1826 if (rxtid->aggr) 1827 aggr_delete_tid_state(aggr_conn, tid); 1828} 1829 1830void aggr_reset_state(struct aggr_info_conn *aggr_conn) 1831{ 1832 u8 tid; 1833 1834 if (!aggr_conn) 1835 return; 1836 1837 if (aggr_conn->timer_scheduled) { 1838 del_timer(&aggr_conn->timer); 1839 aggr_conn->timer_scheduled = false; 1840 } 1841 1842 for (tid = 0; tid < NUM_OF_TIDS; tid++) 1843 aggr_delete_tid_state(aggr_conn, tid); 1844} 1845 1846/* clean up our amsdu buffer list */ 1847void ath6kl_cleanup_amsdu_rxbufs(struct ath6kl *ar) 1848{ 1849 struct htc_packet *packet, *tmp_pkt; 1850 1851 spin_lock_bh(&ar->lock); 1852 if (list_empty(&ar->amsdu_rx_buffer_queue)) { 1853 spin_unlock_bh(&ar->lock); 1854 return; 1855 } 1856 1857 list_for_each_entry_safe(packet, tmp_pkt, &ar->amsdu_rx_buffer_queue, 1858 list) { 1859 list_del(&packet->list); 1860 spin_unlock_bh(&ar->lock); 1861 dev_kfree_skb(packet->pkt_cntxt); 1862 spin_lock_bh(&ar->lock); 1863 } 1864 1865 spin_unlock_bh(&ar->lock); 1866} 1867 1868void aggr_module_destroy(struct aggr_info *aggr_info) 1869{ 1870 if (!aggr_info) 1871 return; 1872 1873 aggr_reset_state(aggr_info->aggr_conn); 1874 skb_queue_purge(&aggr_info->rx_amsdu_freeq); 1875 kfree(aggr_info->aggr_conn); 1876 kfree(aggr_info); 1877} 1878