2 * Copyright (c) 2005-2011 Atheros Communications Inc.
3 * Copyright (c) 2011-2013 Qualcomm Atheros, Inc.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <linux/log2.h>
28 /* slightly larger than one large A-MPDU */
29 #define HTT_RX_RING_SIZE_MIN 128
31 /* roughly 20 ms @ 1 Gbps of 1500B MSDUs */
32 #define HTT_RX_RING_SIZE_MAX 2048
34 #define HTT_RX_AVG_FRM_BYTES 1000
36 /* ms, very conservative */
37 #define HTT_RX_HOST_LATENCY_MAX_MS 20
39 /* ms, conservative */
40 #define HTT_RX_HOST_LATENCY_WORST_LIKELY_MS 10
42 /* when under memory pressure rx ring refill may fail and needs a retry */
43 #define HTT_RX_RING_REFILL_RETRY_MS 50
45 static int ath10k_htt_rx_get_csum_state(struct sk_buff
*skb
);
46 static void ath10k_htt_txrx_compl_task(unsigned long ptr
);
48 static int ath10k_htt_rx_ring_size(struct ath10k_htt
*htt
)
53 * It is expected that the host CPU will typically be able to
54 * service the rx indication from one A-MPDU before the rx
55 * indication from the subsequent A-MPDU happens, roughly 1-2 ms
56 * later. However, the rx ring should be sized very conservatively,
57 * to accomodate the worst reasonable delay before the host CPU
58 * services a rx indication interrupt.
60 * The rx ring need not be kept full of empty buffers. In theory,
61 * the htt host SW can dynamically track the low-water mark in the
62 * rx ring, and dynamically adjust the level to which the rx ring
63 * is filled with empty buffers, to dynamically meet the desired
66 * In contrast, it's difficult to resize the rx ring itself, once
67 * it's in use. Thus, the ring itself should be sized very
68 * conservatively, while the degree to which the ring is filled
69 * with empty buffers should be sized moderately conservatively.
72 /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
74 htt
->max_throughput_mbps
+
76 (8 * HTT_RX_AVG_FRM_BYTES
) * HTT_RX_HOST_LATENCY_MAX_MS
;
78 if (size
< HTT_RX_RING_SIZE_MIN
)
79 size
= HTT_RX_RING_SIZE_MIN
;
81 if (size
> HTT_RX_RING_SIZE_MAX
)
82 size
= HTT_RX_RING_SIZE_MAX
;
84 size
= roundup_pow_of_two(size
);
89 static int ath10k_htt_rx_ring_fill_level(struct ath10k_htt
*htt
)
93 /* 1e6 bps/mbps / 1e3 ms per sec = 1000 */
95 htt
->max_throughput_mbps
*
97 (8 * HTT_RX_AVG_FRM_BYTES
) * HTT_RX_HOST_LATENCY_WORST_LIKELY_MS
;
100 * Make sure the fill level is at least 1 less than the ring size.
101 * Leaving 1 element empty allows the SW to easily distinguish
102 * between a full ring vs. an empty ring.
104 if (size
>= htt
->rx_ring
.size
)
105 size
= htt
->rx_ring
.size
- 1;
110 static void ath10k_htt_rx_ring_free(struct ath10k_htt
*htt
)
113 struct ath10k_skb_cb
*cb
;
116 for (i
= 0; i
< htt
->rx_ring
.fill_cnt
; i
++) {
117 skb
= htt
->rx_ring
.netbufs_ring
[i
];
118 cb
= ATH10K_SKB_CB(skb
);
119 dma_unmap_single(htt
->ar
->dev
, cb
->paddr
,
120 skb
->len
+ skb_tailroom(skb
),
122 dev_kfree_skb_any(skb
);
125 htt
->rx_ring
.fill_cnt
= 0;
128 static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt
*htt
, int num
)
130 struct htt_rx_desc
*rx_desc
;
135 idx
= __le32_to_cpu(*htt
->rx_ring
.alloc_idx
.vaddr
);
137 skb
= dev_alloc_skb(HTT_RX_BUF_SIZE
+ HTT_RX_DESC_ALIGN
);
143 if (!IS_ALIGNED((unsigned long)skb
->data
, HTT_RX_DESC_ALIGN
))
145 PTR_ALIGN(skb
->data
, HTT_RX_DESC_ALIGN
) -
148 /* Clear rx_desc attention word before posting to Rx ring */
149 rx_desc
= (struct htt_rx_desc
*)skb
->data
;
150 rx_desc
->attention
.flags
= __cpu_to_le32(0);
152 paddr
= dma_map_single(htt
->ar
->dev
, skb
->data
,
153 skb
->len
+ skb_tailroom(skb
),
156 if (unlikely(dma_mapping_error(htt
->ar
->dev
, paddr
))) {
157 dev_kfree_skb_any(skb
);
162 ATH10K_SKB_CB(skb
)->paddr
= paddr
;
163 htt
->rx_ring
.netbufs_ring
[idx
] = skb
;
164 htt
->rx_ring
.paddrs_ring
[idx
] = __cpu_to_le32(paddr
);
165 htt
->rx_ring
.fill_cnt
++;
169 idx
&= htt
->rx_ring
.size_mask
;
173 *htt
->rx_ring
.alloc_idx
.vaddr
= __cpu_to_le32(idx
);
177 static int ath10k_htt_rx_ring_fill_n(struct ath10k_htt
*htt
, int num
)
179 lockdep_assert_held(&htt
->rx_ring
.lock
);
180 return __ath10k_htt_rx_ring_fill_n(htt
, num
);
183 static void ath10k_htt_rx_msdu_buff_replenish(struct ath10k_htt
*htt
)
185 int ret
, num_deficit
, num_to_fill
;
187 /* Refilling the whole RX ring buffer proves to be a bad idea. The
188 * reason is RX may take up significant amount of CPU cycles and starve
189 * other tasks, e.g. TX on an ethernet device while acting as a bridge
190 * with ath10k wlan interface. This ended up with very poor performance
191 * once CPU the host system was overwhelmed with RX on ath10k.
193 * By limiting the number of refills the replenishing occurs
194 * progressively. This in turns makes use of the fact tasklets are
195 * processed in FIFO order. This means actual RX processing can starve
196 * out refilling. If there's not enough buffers on RX ring FW will not
197 * report RX until it is refilled with enough buffers. This
198 * automatically balances load wrt to CPU power.
200 * This probably comes at a cost of lower maximum throughput but
201 * improves the avarage and stability. */
202 spin_lock_bh(&htt
->rx_ring
.lock
);
203 num_deficit
= htt
->rx_ring
.fill_level
- htt
->rx_ring
.fill_cnt
;
204 num_to_fill
= min(ATH10K_HTT_MAX_NUM_REFILL
, num_deficit
);
205 num_deficit
-= num_to_fill
;
206 ret
= ath10k_htt_rx_ring_fill_n(htt
, num_to_fill
);
207 if (ret
== -ENOMEM
) {
209 * Failed to fill it to the desired level -
210 * we'll start a timer and try again next time.
211 * As long as enough buffers are left in the ring for
212 * another A-MPDU rx, no special recovery is needed.
214 mod_timer(&htt
->rx_ring
.refill_retry_timer
, jiffies
+
215 msecs_to_jiffies(HTT_RX_RING_REFILL_RETRY_MS
));
216 } else if (num_deficit
> 0) {
217 tasklet_schedule(&htt
->rx_replenish_task
);
219 spin_unlock_bh(&htt
->rx_ring
.lock
);
222 static void ath10k_htt_rx_ring_refill_retry(unsigned long arg
)
224 struct ath10k_htt
*htt
= (struct ath10k_htt
*)arg
;
226 ath10k_htt_rx_msdu_buff_replenish(htt
);
229 static void ath10k_htt_rx_ring_clean_up(struct ath10k_htt
*htt
)
234 for (i
= 0; i
< htt
->rx_ring
.size
; i
++) {
235 skb
= htt
->rx_ring
.netbufs_ring
[i
];
239 dma_unmap_single(htt
->ar
->dev
, ATH10K_SKB_CB(skb
)->paddr
,
240 skb
->len
+ skb_tailroom(skb
),
242 dev_kfree_skb_any(skb
);
243 htt
->rx_ring
.netbufs_ring
[i
] = NULL
;
247 void ath10k_htt_rx_free(struct ath10k_htt
*htt
)
249 del_timer_sync(&htt
->rx_ring
.refill_retry_timer
);
250 tasklet_kill(&htt
->rx_replenish_task
);
251 tasklet_kill(&htt
->txrx_compl_task
);
253 skb_queue_purge(&htt
->tx_compl_q
);
254 skb_queue_purge(&htt
->rx_compl_q
);
256 ath10k_htt_rx_ring_clean_up(htt
);
258 dma_free_coherent(htt
->ar
->dev
,
260 sizeof(htt
->rx_ring
.paddrs_ring
)),
261 htt
->rx_ring
.paddrs_ring
,
262 htt
->rx_ring
.base_paddr
);
264 dma_free_coherent(htt
->ar
->dev
,
265 sizeof(*htt
->rx_ring
.alloc_idx
.vaddr
),
266 htt
->rx_ring
.alloc_idx
.vaddr
,
267 htt
->rx_ring
.alloc_idx
.paddr
);
269 kfree(htt
->rx_ring
.netbufs_ring
);
272 static inline struct sk_buff
*ath10k_htt_rx_netbuf_pop(struct ath10k_htt
*htt
)
274 struct ath10k
*ar
= htt
->ar
;
276 struct sk_buff
*msdu
;
278 lockdep_assert_held(&htt
->rx_ring
.lock
);
280 if (htt
->rx_ring
.fill_cnt
== 0) {
281 ath10k_warn(ar
, "tried to pop sk_buff from an empty rx ring\n");
285 idx
= htt
->rx_ring
.sw_rd_idx
.msdu_payld
;
286 msdu
= htt
->rx_ring
.netbufs_ring
[idx
];
287 htt
->rx_ring
.netbufs_ring
[idx
] = NULL
;
290 idx
&= htt
->rx_ring
.size_mask
;
291 htt
->rx_ring
.sw_rd_idx
.msdu_payld
= idx
;
292 htt
->rx_ring
.fill_cnt
--;
294 dma_unmap_single(htt
->ar
->dev
,
295 ATH10K_SKB_CB(msdu
)->paddr
,
296 msdu
->len
+ skb_tailroom(msdu
),
298 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "htt rx netbuf pop: ",
299 msdu
->data
, msdu
->len
+ skb_tailroom(msdu
));
304 static void ath10k_htt_rx_free_msdu_chain(struct sk_buff
*skb
)
306 struct sk_buff
*next
;
310 dev_kfree_skb_any(skb
);
315 /* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */
316 static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt
*htt
,
317 u8
**fw_desc
, int *fw_desc_len
,
318 struct sk_buff
**head_msdu
,
319 struct sk_buff
**tail_msdu
,
322 struct ath10k
*ar
= htt
->ar
;
323 int msdu_len
, msdu_chaining
= 0;
324 struct sk_buff
*msdu
, *next
;
325 struct htt_rx_desc
*rx_desc
;
327 lockdep_assert_held(&htt
->rx_ring
.lock
);
329 if (htt
->rx_confused
) {
330 ath10k_warn(ar
, "htt is confused. refusing rx\n");
334 msdu
= *head_msdu
= ath10k_htt_rx_netbuf_pop(htt
);
336 int last_msdu
, msdu_len_invalid
, msdu_chained
;
338 rx_desc
= (struct htt_rx_desc
*)msdu
->data
;
340 /* FIXME: we must report msdu payload since this is what caller
342 skb_put(msdu
, offsetof(struct htt_rx_desc
, msdu_payload
));
343 skb_pull(msdu
, offsetof(struct htt_rx_desc
, msdu_payload
));
346 * Sanity check - confirm the HW is finished filling in the
348 * If the HW and SW are working correctly, then it's guaranteed
349 * that the HW's MAC DMA is done before this point in the SW.
350 * To prevent the case that we handle a stale Rx descriptor,
351 * just assert for now until we have a way to recover.
353 if (!(__le32_to_cpu(rx_desc
->attention
.flags
)
354 & RX_ATTENTION_FLAGS_MSDU_DONE
)) {
355 ath10k_htt_rx_free_msdu_chain(*head_msdu
);
358 ath10k_err(ar
, "htt rx stopped. cannot recover\n");
359 htt
->rx_confused
= true;
363 *attention
|= __le32_to_cpu(rx_desc
->attention
.flags
) &
364 (RX_ATTENTION_FLAGS_TKIP_MIC_ERR
|
365 RX_ATTENTION_FLAGS_DECRYPT_ERR
|
366 RX_ATTENTION_FLAGS_FCS_ERR
|
367 RX_ATTENTION_FLAGS_MGMT_TYPE
);
369 * Copy the FW rx descriptor for this MSDU from the rx
370 * indication message into the MSDU's netbuf. HL uses the
371 * same rx indication message definition as LL, and simply
372 * appends new info (fields from the HW rx desc, and the
373 * MSDU payload itself). So, the offset into the rx
374 * indication message only has to account for the standard
375 * offset of the per-MSDU FW rx desc info within the
376 * message, and how many bytes of the per-MSDU FW rx desc
377 * info have already been consumed. (And the endianness of
378 * the host, since for a big-endian host, the rx ind
379 * message contents, including the per-MSDU rx desc bytes,
380 * were byteswapped during upload.)
382 if (*fw_desc_len
> 0) {
383 rx_desc
->fw_desc
.info0
= **fw_desc
;
385 * The target is expected to only provide the basic
386 * per-MSDU rx descriptors. Just to be sure, verify
387 * that the target has not attached extension data
388 * (e.g. LRO flow ID).
391 /* or more, if there's extension data */
396 * When an oversized AMSDU happened, FW will lost
397 * some of MSDU status - in this case, the FW
398 * descriptors provided will be less than the
399 * actual MSDUs inside this MPDU. Mark the FW
400 * descriptors so that it will still deliver to
401 * upper stack, if no CRC error for this MPDU.
403 * FIX THIS - the FW descriptors are actually for
404 * MSDUs in the end of this A-MSDU instead of the
407 rx_desc
->fw_desc
.info0
= 0;
410 msdu_len_invalid
= !!(__le32_to_cpu(rx_desc
->attention
.flags
)
411 & (RX_ATTENTION_FLAGS_MPDU_LENGTH_ERR
|
412 RX_ATTENTION_FLAGS_MSDU_LENGTH_ERR
));
413 msdu_len
= MS(__le32_to_cpu(rx_desc
->msdu_start
.info0
),
414 RX_MSDU_START_INFO0_MSDU_LENGTH
);
415 msdu_chained
= rx_desc
->frag_info
.ring2_more_count
;
417 if (msdu_len_invalid
)
421 skb_put(msdu
, min(msdu_len
, HTT_RX_MSDU_SIZE
));
422 msdu_len
-= msdu
->len
;
424 /* FIXME: Do chained buffers include htt_rx_desc or not? */
425 while (msdu_chained
--) {
426 struct sk_buff
*next
= ath10k_htt_rx_netbuf_pop(htt
);
429 ath10k_warn(ar
, "failed to pop chained msdu\n");
430 ath10k_htt_rx_free_msdu_chain(*head_msdu
);
433 htt
->rx_confused
= true;
438 skb_put(next
, min(msdu_len
, HTT_RX_BUF_SIZE
));
439 msdu_len
-= next
->len
;
446 last_msdu
= __le32_to_cpu(rx_desc
->msdu_end
.info0
) &
447 RX_MSDU_END_INFO0_LAST_MSDU
;
449 trace_ath10k_htt_rx_desc(ar
, &rx_desc
->attention
,
450 sizeof(*rx_desc
) - sizeof(u32
));
456 next
= ath10k_htt_rx_netbuf_pop(htt
);
462 if (*head_msdu
== NULL
)
466 * Don't refill the ring yet.
468 * First, the elements popped here are still in use - it is not
469 * safe to overwrite them until the matching call to
470 * mpdu_desc_list_next. Second, for efficiency it is preferable to
471 * refill the rx ring with 1 PPDU's worth of rx buffers (something
472 * like 32 x 3 buffers), rather than one MPDU's worth of rx buffers
473 * (something like 3 buffers). Consequently, we'll rely on the txrx
474 * SW to tell us when it is done pulling all the PPDU's rx buffers
475 * out of the rx ring, and then refill it just once.
478 return msdu_chaining
;
481 static void ath10k_htt_rx_replenish_task(unsigned long ptr
)
483 struct ath10k_htt
*htt
= (struct ath10k_htt
*)ptr
;
485 ath10k_htt_rx_msdu_buff_replenish(htt
);
488 int ath10k_htt_rx_alloc(struct ath10k_htt
*htt
)
490 struct ath10k
*ar
= htt
->ar
;
494 struct timer_list
*timer
= &htt
->rx_ring
.refill_retry_timer
;
496 htt
->rx_confused
= false;
498 htt
->rx_ring
.size
= ath10k_htt_rx_ring_size(htt
);
499 if (!is_power_of_2(htt
->rx_ring
.size
)) {
500 ath10k_warn(ar
, "htt rx ring size is not power of 2\n");
504 htt
->rx_ring
.size_mask
= htt
->rx_ring
.size
- 1;
507 * Set the initial value for the level to which the rx ring
508 * should be filled, based on the max throughput and the
509 * worst likely latency for the host to fill the rx ring
510 * with new buffers. In theory, this fill level can be
511 * dynamically adjusted from the initial value set here, to
512 * reflect the actual host latency rather than a
513 * conservative assumption about the host latency.
515 htt
->rx_ring
.fill_level
= ath10k_htt_rx_ring_fill_level(htt
);
517 htt
->rx_ring
.netbufs_ring
=
518 kzalloc(htt
->rx_ring
.size
* sizeof(struct sk_buff
*),
520 if (!htt
->rx_ring
.netbufs_ring
)
523 size
= htt
->rx_ring
.size
* sizeof(htt
->rx_ring
.paddrs_ring
);
525 vaddr
= dma_alloc_coherent(htt
->ar
->dev
, size
, &paddr
, GFP_DMA
);
529 htt
->rx_ring
.paddrs_ring
= vaddr
;
530 htt
->rx_ring
.base_paddr
= paddr
;
532 vaddr
= dma_alloc_coherent(htt
->ar
->dev
,
533 sizeof(*htt
->rx_ring
.alloc_idx
.vaddr
),
538 htt
->rx_ring
.alloc_idx
.vaddr
= vaddr
;
539 htt
->rx_ring
.alloc_idx
.paddr
= paddr
;
540 htt
->rx_ring
.sw_rd_idx
.msdu_payld
= 0;
541 *htt
->rx_ring
.alloc_idx
.vaddr
= 0;
543 /* Initialize the Rx refill retry timer */
544 setup_timer(timer
, ath10k_htt_rx_ring_refill_retry
, (unsigned long)htt
);
546 spin_lock_init(&htt
->rx_ring
.lock
);
548 htt
->rx_ring
.fill_cnt
= 0;
549 if (__ath10k_htt_rx_ring_fill_n(htt
, htt
->rx_ring
.fill_level
))
552 tasklet_init(&htt
->rx_replenish_task
, ath10k_htt_rx_replenish_task
,
555 skb_queue_head_init(&htt
->tx_compl_q
);
556 skb_queue_head_init(&htt
->rx_compl_q
);
558 tasklet_init(&htt
->txrx_compl_task
, ath10k_htt_txrx_compl_task
,
561 ath10k_dbg(ar
, ATH10K_DBG_BOOT
, "htt rx ring size %d fill_level %d\n",
562 htt
->rx_ring
.size
, htt
->rx_ring
.fill_level
);
566 ath10k_htt_rx_ring_free(htt
);
567 dma_free_coherent(htt
->ar
->dev
,
568 sizeof(*htt
->rx_ring
.alloc_idx
.vaddr
),
569 htt
->rx_ring
.alloc_idx
.vaddr
,
570 htt
->rx_ring
.alloc_idx
.paddr
);
572 dma_free_coherent(htt
->ar
->dev
,
574 sizeof(htt
->rx_ring
.paddrs_ring
)),
575 htt
->rx_ring
.paddrs_ring
,
576 htt
->rx_ring
.base_paddr
);
578 kfree(htt
->rx_ring
.netbufs_ring
);
583 static int ath10k_htt_rx_crypto_param_len(struct ath10k
*ar
,
584 enum htt_rx_mpdu_encrypt_type type
)
587 case HTT_RX_MPDU_ENCRYPT_NONE
:
589 case HTT_RX_MPDU_ENCRYPT_WEP40
:
590 case HTT_RX_MPDU_ENCRYPT_WEP104
:
591 return IEEE80211_WEP_IV_LEN
;
592 case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC
:
593 case HTT_RX_MPDU_ENCRYPT_TKIP_WPA
:
594 return IEEE80211_TKIP_IV_LEN
;
595 case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2
:
596 return IEEE80211_CCMP_HDR_LEN
;
597 case HTT_RX_MPDU_ENCRYPT_WEP128
:
598 case HTT_RX_MPDU_ENCRYPT_WAPI
:
602 ath10k_warn(ar
, "unsupported encryption type %d\n", type
);
606 #define MICHAEL_MIC_LEN 8
608 static int ath10k_htt_rx_crypto_tail_len(struct ath10k
*ar
,
609 enum htt_rx_mpdu_encrypt_type type
)
612 case HTT_RX_MPDU_ENCRYPT_NONE
:
614 case HTT_RX_MPDU_ENCRYPT_WEP40
:
615 case HTT_RX_MPDU_ENCRYPT_WEP104
:
616 return IEEE80211_WEP_ICV_LEN
;
617 case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC
:
618 case HTT_RX_MPDU_ENCRYPT_TKIP_WPA
:
619 return IEEE80211_TKIP_ICV_LEN
;
620 case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2
:
621 return IEEE80211_CCMP_MIC_LEN
;
622 case HTT_RX_MPDU_ENCRYPT_WEP128
:
623 case HTT_RX_MPDU_ENCRYPT_WAPI
:
627 ath10k_warn(ar
, "unsupported encryption type %d\n", type
);
631 /* Applies for first msdu in chain, before altering it. */
632 static struct ieee80211_hdr
*ath10k_htt_rx_skb_get_hdr(struct sk_buff
*skb
)
634 struct htt_rx_desc
*rxd
;
635 enum rx_msdu_decap_format fmt
;
637 rxd
= (void *)skb
->data
- sizeof(*rxd
);
638 fmt
= MS(__le32_to_cpu(rxd
->msdu_start
.info1
),
639 RX_MSDU_START_INFO1_DECAP_FORMAT
);
641 if (fmt
== RX_MSDU_DECAP_RAW
)
642 return (void *)skb
->data
;
644 return (void *)skb
->data
- RX_HTT_HDR_STATUS_LEN
;
647 /* This function only applies for first msdu in an msdu chain */
648 static bool ath10k_htt_rx_hdr_is_amsdu(struct ieee80211_hdr
*hdr
)
652 if (ieee80211_is_data_qos(hdr
->frame_control
)) {
653 qc
= ieee80211_get_qos_ctl(hdr
);
668 struct amsdu_subframe_hdr
{
674 static const u8 rx_legacy_rate_idx
[] = {
675 3, /* 0x00 - 11Mbps */
676 2, /* 0x01 - 5.5Mbps */
677 1, /* 0x02 - 2Mbps */
678 0, /* 0x03 - 1Mbps */
679 3, /* 0x04 - 11Mbps */
680 2, /* 0x05 - 5.5Mbps */
681 1, /* 0x06 - 2Mbps */
682 0, /* 0x07 - 1Mbps */
683 10, /* 0x08 - 48Mbps */
684 8, /* 0x09 - 24Mbps */
685 6, /* 0x0A - 12Mbps */
686 4, /* 0x0B - 6Mbps */
687 11, /* 0x0C - 54Mbps */
688 9, /* 0x0D - 36Mbps */
689 7, /* 0x0E - 18Mbps */
690 5, /* 0x0F - 9Mbps */
693 static void ath10k_htt_rx_h_rates(struct ath10k
*ar
,
694 enum ieee80211_band band
,
695 u8 info0
, u32 info1
, u32 info2
,
696 struct ieee80211_rx_status
*status
)
698 u8 cck
, rate
, rate_idx
, bw
, sgi
, mcs
, nss
;
701 /* Check if valid fields */
702 if (!(info0
& HTT_RX_INDICATION_INFO0_START_VALID
))
705 preamble
= MS(info1
, HTT_RX_INDICATION_INFO1_PREAMBLE_TYPE
);
709 cck
= info0
& HTT_RX_INDICATION_INFO0_LEGACY_RATE_CCK
;
710 rate
= MS(info0
, HTT_RX_INDICATION_INFO0_LEGACY_RATE
);
713 if (rate
< 0x08 || rate
> 0x0F)
717 case IEEE80211_BAND_2GHZ
:
720 rate_idx
= rx_legacy_rate_idx
[rate
];
722 case IEEE80211_BAND_5GHZ
:
723 rate_idx
= rx_legacy_rate_idx
[rate
];
724 /* We are using same rate table registering
725 HW - ath10k_rates[]. In case of 5GHz skip
726 CCK rates, so -4 here */
733 status
->rate_idx
= rate_idx
;
736 case HTT_RX_HT_WITH_TXBF
:
737 /* HT-SIG - Table 20-11 in info1 and info2 */
740 bw
= (info1
>> 7) & 1;
741 sgi
= (info2
>> 7) & 1;
743 status
->rate_idx
= mcs
;
744 status
->flag
|= RX_FLAG_HT
;
746 status
->flag
|= RX_FLAG_SHORT_GI
;
748 status
->flag
|= RX_FLAG_40MHZ
;
751 case HTT_RX_VHT_WITH_TXBF
:
752 /* VHT-SIG-A1 in info 1, VHT-SIG-A2 in info2
754 mcs
= (info2
>> 4) & 0x0F;
755 nss
= ((info1
>> 10) & 0x07) + 1;
759 status
->rate_idx
= mcs
;
760 status
->vht_nss
= nss
;
763 status
->flag
|= RX_FLAG_SHORT_GI
;
771 status
->flag
|= RX_FLAG_40MHZ
;
775 status
->vht_flag
|= RX_VHT_FLAG_80MHZ
;
778 status
->flag
|= RX_FLAG_VHT
;
785 static void ath10k_htt_rx_h_protected(struct ath10k_htt
*htt
,
786 struct ieee80211_rx_status
*rx_status
,
788 enum htt_rx_mpdu_encrypt_type enctype
,
789 enum rx_msdu_decap_format fmt
,
792 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
794 rx_status
->flag
&= ~(RX_FLAG_DECRYPTED
|
795 RX_FLAG_IV_STRIPPED
|
796 RX_FLAG_MMIC_STRIPPED
);
798 if (enctype
== HTT_RX_MPDU_ENCRYPT_NONE
)
802 * There's no explicit rx descriptor flag to indicate whether a given
803 * frame has been decrypted or not. We're forced to use the decap
804 * format as an implicit indication. However fragmentation rx is always
805 * raw and it probably never reports undecrypted raws.
807 * This makes sure sniffed frames are reported as-is without stripping
808 * the protected flag.
810 if (fmt
== RX_MSDU_DECAP_RAW
&& !dot11frag
)
813 rx_status
->flag
|= RX_FLAG_DECRYPTED
|
814 RX_FLAG_IV_STRIPPED
|
815 RX_FLAG_MMIC_STRIPPED
;
816 hdr
->frame_control
= __cpu_to_le16(__le16_to_cpu(hdr
->frame_control
) &
817 ~IEEE80211_FCTL_PROTECTED
);
820 static bool ath10k_htt_rx_h_channel(struct ath10k
*ar
,
821 struct ieee80211_rx_status
*status
)
823 struct ieee80211_channel
*ch
;
825 spin_lock_bh(&ar
->data_lock
);
826 ch
= ar
->scan_channel
;
829 spin_unlock_bh(&ar
->data_lock
);
834 status
->band
= ch
->band
;
835 status
->freq
= ch
->center_freq
;
840 static const char * const tid_to_ac
[] = {
851 static char *ath10k_get_tid(struct ieee80211_hdr
*hdr
, char *out
, size_t size
)
856 if (!ieee80211_is_data_qos(hdr
->frame_control
))
859 qc
= ieee80211_get_qos_ctl(hdr
);
860 tid
= *qc
& IEEE80211_QOS_CTL_TID_MASK
;
862 snprintf(out
, size
, "tid %d (%s)", tid
, tid_to_ac
[tid
]);
864 snprintf(out
, size
, "tid %d", tid
);
869 static void ath10k_process_rx(struct ath10k
*ar
,
870 struct ieee80211_rx_status
*rx_status
,
873 struct ieee80211_rx_status
*status
;
874 struct ieee80211_hdr
*hdr
= (struct ieee80211_hdr
*)skb
->data
;
877 status
= IEEE80211_SKB_RXCB(skb
);
878 *status
= *rx_status
;
880 ath10k_dbg(ar
, ATH10K_DBG_DATA
,
881 "rx skb %p len %u peer %pM %s %s sn %u %s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %i mic-err %i amsdu-more %i\n",
884 ieee80211_get_SA(hdr
),
885 ath10k_get_tid(hdr
, tid
, sizeof(tid
)),
886 is_multicast_ether_addr(ieee80211_get_DA(hdr
)) ?
888 (__le16_to_cpu(hdr
->seq_ctrl
) & IEEE80211_SCTL_SEQ
) >> 4,
889 status
->flag
== 0 ? "legacy" : "",
890 status
->flag
& RX_FLAG_HT
? "ht" : "",
891 status
->flag
& RX_FLAG_VHT
? "vht" : "",
892 status
->flag
& RX_FLAG_40MHZ
? "40" : "",
893 status
->vht_flag
& RX_VHT_FLAG_80MHZ
? "80" : "",
894 status
->flag
& RX_FLAG_SHORT_GI
? "sgi " : "",
898 status
->band
, status
->flag
,
899 !!(status
->flag
& RX_FLAG_FAILED_FCS_CRC
),
900 !!(status
->flag
& RX_FLAG_MMIC_ERROR
),
901 !!(status
->flag
& RX_FLAG_AMSDU_MORE
));
902 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "rx skb: ",
903 skb
->data
, skb
->len
);
904 trace_ath10k_rx_hdr(ar
, skb
->data
, skb
->len
);
905 trace_ath10k_rx_payload(ar
, skb
->data
, skb
->len
);
907 ieee80211_rx(ar
->hw
, skb
);
910 static int ath10k_htt_rx_nwifi_hdrlen(struct ieee80211_hdr
*hdr
)
912 /* nwifi header is padded to 4 bytes. this fixes 4addr rx */
913 return round_up(ieee80211_hdrlen(hdr
->frame_control
), 4);
916 static void ath10k_htt_rx_amsdu(struct ath10k_htt
*htt
,
917 struct ieee80211_rx_status
*rx_status
,
918 struct sk_buff
*skb_in
)
920 struct ath10k
*ar
= htt
->ar
;
921 struct htt_rx_desc
*rxd
;
922 struct sk_buff
*skb
= skb_in
;
923 struct sk_buff
*first
;
924 enum rx_msdu_decap_format fmt
;
925 enum htt_rx_mpdu_encrypt_type enctype
;
926 struct ieee80211_hdr
*hdr
;
927 u8 hdr_buf
[64], da
[ETH_ALEN
], sa
[ETH_ALEN
], *qos
;
928 unsigned int hdr_len
;
930 rxd
= (void *)skb
->data
- sizeof(*rxd
);
931 enctype
= MS(__le32_to_cpu(rxd
->mpdu_start
.info0
),
932 RX_MPDU_START_INFO0_ENCRYPT_TYPE
);
934 hdr
= (struct ieee80211_hdr
*)rxd
->rx_hdr_status
;
935 hdr_len
= ieee80211_hdrlen(hdr
->frame_control
);
936 memcpy(hdr_buf
, hdr
, hdr_len
);
937 hdr
= (struct ieee80211_hdr
*)hdr_buf
;
944 rxd
= (void *)skb
->data
- sizeof(*rxd
);
945 fmt
= MS(__le32_to_cpu(rxd
->msdu_start
.info1
),
946 RX_MSDU_START_INFO1_DECAP_FORMAT
);
947 decap_hdr
= (void *)rxd
->rx_hdr_status
;
949 skb
->ip_summed
= ath10k_htt_rx_get_csum_state(skb
);
951 /* First frame in an A-MSDU chain has more decapped data. */
953 len
= round_up(ieee80211_hdrlen(hdr
->frame_control
), 4);
954 len
+= round_up(ath10k_htt_rx_crypto_param_len(ar
,
960 case RX_MSDU_DECAP_RAW
:
961 /* remove trailing FCS */
962 skb_trim(skb
, skb
->len
- FCS_LEN
);
964 case RX_MSDU_DECAP_NATIVE_WIFI
:
965 /* pull decapped header and copy SA & DA */
966 hdr
= (struct ieee80211_hdr
*)skb
->data
;
967 hdr_len
= ath10k_htt_rx_nwifi_hdrlen(hdr
);
968 ether_addr_copy(da
, ieee80211_get_DA(hdr
));
969 ether_addr_copy(sa
, ieee80211_get_SA(hdr
));
970 skb_pull(skb
, hdr_len
);
972 /* push original 802.11 header */
973 hdr
= (struct ieee80211_hdr
*)hdr_buf
;
974 hdr_len
= ieee80211_hdrlen(hdr
->frame_control
);
975 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
977 /* original A-MSDU header has the bit set but we're
978 * not including A-MSDU subframe header */
979 hdr
= (struct ieee80211_hdr
*)skb
->data
;
980 qos
= ieee80211_get_qos_ctl(hdr
);
981 qos
[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT
;
983 /* original 802.11 header has a different DA and in
984 * case of 4addr it may also have different SA
986 ether_addr_copy(ieee80211_get_DA(hdr
), da
);
987 ether_addr_copy(ieee80211_get_SA(hdr
), sa
);
989 case RX_MSDU_DECAP_ETHERNET2_DIX
:
990 /* strip ethernet header and insert decapped 802.11
991 * header, amsdu subframe header and rfc1042 header */
994 len
+= sizeof(struct rfc1042_hdr
);
995 len
+= sizeof(struct amsdu_subframe_hdr
);
997 skb_pull(skb
, sizeof(struct ethhdr
));
998 memcpy(skb_push(skb
, len
), decap_hdr
, len
);
999 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
1001 case RX_MSDU_DECAP_8023_SNAP_LLC
:
1002 /* insert decapped 802.11 header making a singly
1004 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
1009 ath10k_htt_rx_h_protected(htt
, rx_status
, skb_in
, enctype
, fmt
,
1012 skb_in
->next
= NULL
;
1015 rx_status
->flag
|= RX_FLAG_AMSDU_MORE
;
1017 rx_status
->flag
&= ~RX_FLAG_AMSDU_MORE
;
1019 ath10k_process_rx(htt
->ar
, rx_status
, skb_in
);
1022 /* FIXME: It might be nice to re-assemble the A-MSDU when there's a
1023 * monitor interface active for sniffing purposes. */
1026 static void ath10k_htt_rx_msdu(struct ath10k_htt
*htt
,
1027 struct ieee80211_rx_status
*rx_status
,
1028 struct sk_buff
*skb
)
1030 struct ath10k
*ar
= htt
->ar
;
1031 struct htt_rx_desc
*rxd
;
1032 struct ieee80211_hdr
*hdr
;
1033 enum rx_msdu_decap_format fmt
;
1034 enum htt_rx_mpdu_encrypt_type enctype
;
1038 /* This shouldn't happen. If it does than it may be a FW bug. */
1040 ath10k_warn(ar
, "htt rx received chained non A-MSDU frame\n");
1041 ath10k_htt_rx_free_msdu_chain(skb
->next
);
1045 rxd
= (void *)skb
->data
- sizeof(*rxd
);
1046 fmt
= MS(__le32_to_cpu(rxd
->msdu_start
.info1
),
1047 RX_MSDU_START_INFO1_DECAP_FORMAT
);
1048 enctype
= MS(__le32_to_cpu(rxd
->mpdu_start
.info0
),
1049 RX_MPDU_START_INFO0_ENCRYPT_TYPE
);
1050 hdr
= (struct ieee80211_hdr
*)rxd
->rx_hdr_status
;
1051 hdr_len
= ieee80211_hdrlen(hdr
->frame_control
);
1053 skb
->ip_summed
= ath10k_htt_rx_get_csum_state(skb
);
1056 case RX_MSDU_DECAP_RAW
:
1057 /* remove trailing FCS */
1058 skb_trim(skb
, skb
->len
- FCS_LEN
);
1060 case RX_MSDU_DECAP_NATIVE_WIFI
:
1061 /* Pull decapped header */
1062 hdr
= (struct ieee80211_hdr
*)skb
->data
;
1063 hdr_len
= ath10k_htt_rx_nwifi_hdrlen(hdr
);
1064 skb_pull(skb
, hdr_len
);
1066 /* Push original header */
1067 hdr
= (struct ieee80211_hdr
*)rxd
->rx_hdr_status
;
1068 hdr_len
= ieee80211_hdrlen(hdr
->frame_control
);
1069 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
1071 case RX_MSDU_DECAP_ETHERNET2_DIX
:
1072 /* strip ethernet header and insert decapped 802.11 header and
1076 rfc1042
+= roundup(hdr_len
, 4);
1077 rfc1042
+= roundup(ath10k_htt_rx_crypto_param_len(ar
,
1080 skb_pull(skb
, sizeof(struct ethhdr
));
1081 memcpy(skb_push(skb
, sizeof(struct rfc1042_hdr
)),
1082 rfc1042
, sizeof(struct rfc1042_hdr
));
1083 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
1085 case RX_MSDU_DECAP_8023_SNAP_LLC
:
1086 /* remove A-MSDU subframe header and insert
1087 * decapped 802.11 header. rfc1042 header is already there */
1089 skb_pull(skb
, sizeof(struct amsdu_subframe_hdr
));
1090 memcpy(skb_push(skb
, hdr_len
), hdr
, hdr_len
);
1094 ath10k_htt_rx_h_protected(htt
, rx_status
, skb
, enctype
, fmt
, false);
1096 ath10k_process_rx(htt
->ar
, rx_status
, skb
);
1099 static int ath10k_htt_rx_get_csum_state(struct sk_buff
*skb
)
1101 struct htt_rx_desc
*rxd
;
1103 bool is_ip4
, is_ip6
;
1104 bool is_tcp
, is_udp
;
1105 bool ip_csum_ok
, tcpudp_csum_ok
;
1107 rxd
= (void *)skb
->data
- sizeof(*rxd
);
1108 flags
= __le32_to_cpu(rxd
->attention
.flags
);
1109 info
= __le32_to_cpu(rxd
->msdu_start
.info1
);
1111 is_ip4
= !!(info
& RX_MSDU_START_INFO1_IPV4_PROTO
);
1112 is_ip6
= !!(info
& RX_MSDU_START_INFO1_IPV6_PROTO
);
1113 is_tcp
= !!(info
& RX_MSDU_START_INFO1_TCP_PROTO
);
1114 is_udp
= !!(info
& RX_MSDU_START_INFO1_UDP_PROTO
);
1115 ip_csum_ok
= !(flags
& RX_ATTENTION_FLAGS_IP_CHKSUM_FAIL
);
1116 tcpudp_csum_ok
= !(flags
& RX_ATTENTION_FLAGS_TCP_UDP_CHKSUM_FAIL
);
1118 if (!is_ip4
&& !is_ip6
)
1119 return CHECKSUM_NONE
;
1120 if (!is_tcp
&& !is_udp
)
1121 return CHECKSUM_NONE
;
1123 return CHECKSUM_NONE
;
1124 if (!tcpudp_csum_ok
)
1125 return CHECKSUM_NONE
;
1127 return CHECKSUM_UNNECESSARY
;
1130 static int ath10k_unchain_msdu(struct sk_buff
*msdu_head
)
1132 struct sk_buff
*next
= msdu_head
->next
;
1133 struct sk_buff
*to_free
= next
;
1137 /* TODO: Might could optimize this by using
1138 * skb_try_coalesce or similar method to
1139 * decrease copying, or maybe get mac80211 to
1140 * provide a way to just receive a list of
1144 msdu_head
->next
= NULL
;
1146 /* Allocate total length all at once. */
1148 total_len
+= next
->len
;
1152 space
= total_len
- skb_tailroom(msdu_head
);
1154 (pskb_expand_head(msdu_head
, 0, space
, GFP_ATOMIC
) < 0)) {
1155 /* TODO: bump some rx-oom error stat */
1156 /* put it back together so we can free the
1157 * whole list at once.
1159 msdu_head
->next
= to_free
;
1163 /* Walk list again, copying contents into
1168 skb_copy_from_linear_data(next
, skb_put(msdu_head
, next
->len
),
1173 /* If here, we have consolidated skb. Free the
1174 * fragments and pass the main skb on up the
1177 ath10k_htt_rx_free_msdu_chain(to_free
);
1181 static bool ath10k_htt_rx_amsdu_allowed(struct ath10k_htt
*htt
,
1182 struct sk_buff
*head
,
1186 struct ath10k
*ar
= htt
->ar
;
1188 if (head
->len
== 0) {
1189 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1190 "htt rx dropping due to zero-len\n");
1194 if (attention
& RX_ATTENTION_FLAGS_DECRYPT_ERR
) {
1195 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1196 "htt rx dropping due to decrypt-err\n");
1201 ath10k_warn(ar
, "no channel configured; ignoring frame!\n");
1205 /* Skip mgmt frames while we handle this in WMI */
1206 if (attention
& RX_ATTENTION_FLAGS_MGMT_TYPE
) {
1207 ath10k_dbg(ar
, ATH10K_DBG_HTT
, "htt rx mgmt ctrl\n");
1211 if (test_bit(ATH10K_CAC_RUNNING
, &htt
->ar
->dev_flags
)) {
1212 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1213 "htt rx CAC running\n");
1220 static void ath10k_htt_rx_handler(struct ath10k_htt
*htt
,
1221 struct htt_rx_indication
*rx
)
1223 struct ath10k
*ar
= htt
->ar
;
1224 struct ieee80211_rx_status
*rx_status
= &htt
->rx_status
;
1225 struct htt_rx_indication_mpdu_range
*mpdu_ranges
;
1226 struct ieee80211_hdr
*hdr
;
1227 int num_mpdu_ranges
;
1235 lockdep_assert_held(&htt
->rx_ring
.lock
);
1237 fw_desc_len
= __le16_to_cpu(rx
->prefix
.fw_rx_desc_bytes
);
1238 fw_desc
= (u8
*)&rx
->fw_desc
;
1240 num_mpdu_ranges
= MS(__le32_to_cpu(rx
->hdr
.info1
),
1241 HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES
);
1242 mpdu_ranges
= htt_rx_ind_get_mpdu_ranges(rx
);
1244 /* Fill this once, while this is per-ppdu */
1245 if (rx
->ppdu
.info0
& HTT_RX_INDICATION_INFO0_START_VALID
) {
1246 memset(rx_status
, 0, sizeof(*rx_status
));
1247 rx_status
->signal
= ATH10K_DEFAULT_NOISE_FLOOR
+
1248 rx
->ppdu
.combined_rssi
;
1251 if (rx
->ppdu
.info0
& HTT_RX_INDICATION_INFO0_END_VALID
) {
1252 /* TSF available only in 32-bit */
1253 rx_status
->mactime
= __le32_to_cpu(rx
->ppdu
.tsf
) & 0xffffffff;
1254 rx_status
->flag
|= RX_FLAG_MACTIME_END
;
1257 channel_set
= ath10k_htt_rx_h_channel(htt
->ar
, rx_status
);
1260 ath10k_htt_rx_h_rates(htt
->ar
, rx_status
->band
,
1262 __le32_to_cpu(rx
->ppdu
.info1
),
1263 __le32_to_cpu(rx
->ppdu
.info2
),
1267 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "htt rx ind: ",
1269 (sizeof(struct htt_rx_indication_mpdu_range
) *
1272 for (i
= 0; i
< num_mpdu_ranges
; i
++) {
1273 for (j
= 0; j
< mpdu_ranges
[i
].mpdu_count
; j
++) {
1274 struct sk_buff
*msdu_head
, *msdu_tail
;
1279 ret
= ath10k_htt_rx_amsdu_pop(htt
,
1287 ath10k_warn(ar
, "failed to pop amsdu from htt rx ring %d\n",
1289 ath10k_htt_rx_free_msdu_chain(msdu_head
);
1293 if (!ath10k_htt_rx_amsdu_allowed(htt
, msdu_head
,
1296 ath10k_htt_rx_free_msdu_chain(msdu_head
);
1301 ath10k_unchain_msdu(msdu_head
) < 0) {
1302 ath10k_htt_rx_free_msdu_chain(msdu_head
);
1306 if (attention
& RX_ATTENTION_FLAGS_FCS_ERR
)
1307 rx_status
->flag
|= RX_FLAG_FAILED_FCS_CRC
;
1309 rx_status
->flag
&= ~RX_FLAG_FAILED_FCS_CRC
;
1311 if (attention
& RX_ATTENTION_FLAGS_TKIP_MIC_ERR
)
1312 rx_status
->flag
|= RX_FLAG_MMIC_ERROR
;
1314 rx_status
->flag
&= ~RX_FLAG_MMIC_ERROR
;
1316 hdr
= ath10k_htt_rx_skb_get_hdr(msdu_head
);
1318 if (ath10k_htt_rx_hdr_is_amsdu(hdr
))
1319 ath10k_htt_rx_amsdu(htt
, rx_status
, msdu_head
);
1321 ath10k_htt_rx_msdu(htt
, rx_status
, msdu_head
);
1325 tasklet_schedule(&htt
->rx_replenish_task
);
1328 static void ath10k_htt_rx_frag_handler(struct ath10k_htt
*htt
,
1329 struct htt_rx_fragment_indication
*frag
)
1331 struct ath10k
*ar
= htt
->ar
;
1332 struct sk_buff
*msdu_head
, *msdu_tail
;
1333 enum htt_rx_mpdu_encrypt_type enctype
;
1334 struct htt_rx_desc
*rxd
;
1335 enum rx_msdu_decap_format fmt
;
1336 struct ieee80211_rx_status
*rx_status
= &htt
->rx_status
;
1337 struct ieee80211_hdr
*hdr
;
1342 int fw_desc_len
, hdrlen
, paramlen
;
1346 fw_desc_len
= __le16_to_cpu(frag
->fw_rx_desc_bytes
);
1347 fw_desc
= (u8
*)frag
->fw_msdu_rx_desc
;
1352 spin_lock_bh(&htt
->rx_ring
.lock
);
1353 ret
= ath10k_htt_rx_amsdu_pop(htt
, &fw_desc
, &fw_desc_len
,
1354 &msdu_head
, &msdu_tail
,
1356 spin_unlock_bh(&htt
->rx_ring
.lock
);
1358 tasklet_schedule(&htt
->rx_replenish_task
);
1360 ath10k_dbg(ar
, ATH10K_DBG_HTT_DUMP
, "htt rx frag ahead\n");
1363 ath10k_warn(ar
, "failed to pop amsdu from httr rx ring for fragmented rx %d\n",
1365 ath10k_htt_rx_free_msdu_chain(msdu_head
);
1369 /* FIXME: implement signal strength */
1370 rx_status
->flag
|= RX_FLAG_NO_SIGNAL_VAL
;
1372 hdr
= (struct ieee80211_hdr
*)msdu_head
->data
;
1373 rxd
= (void *)msdu_head
->data
- sizeof(*rxd
);
1374 tkip_mic_err
= !!(attention
& RX_ATTENTION_FLAGS_TKIP_MIC_ERR
);
1375 decrypt_err
= !!(attention
& RX_ATTENTION_FLAGS_DECRYPT_ERR
);
1376 fmt
= MS(__le32_to_cpu(rxd
->msdu_start
.info1
),
1377 RX_MSDU_START_INFO1_DECAP_FORMAT
);
1379 if (fmt
!= RX_MSDU_DECAP_RAW
) {
1380 ath10k_warn(ar
, "we dont support non-raw fragmented rx yet\n");
1381 dev_kfree_skb_any(msdu_head
);
1385 enctype
= MS(__le32_to_cpu(rxd
->mpdu_start
.info0
),
1386 RX_MPDU_START_INFO0_ENCRYPT_TYPE
);
1387 ath10k_htt_rx_h_protected(htt
, rx_status
, msdu_head
, enctype
, fmt
,
1389 msdu_head
->ip_summed
= ath10k_htt_rx_get_csum_state(msdu_head
);
1392 ath10k_warn(ar
, "tkip mic error\n");
1395 ath10k_warn(ar
, "decryption err in fragmented rx\n");
1396 dev_kfree_skb_any(msdu_head
);
1400 if (enctype
!= HTT_RX_MPDU_ENCRYPT_NONE
) {
1401 hdrlen
= ieee80211_hdrlen(hdr
->frame_control
);
1402 paramlen
= ath10k_htt_rx_crypto_param_len(ar
, enctype
);
1404 /* It is more efficient to move the header than the payload */
1405 memmove((void *)msdu_head
->data
+ paramlen
,
1406 (void *)msdu_head
->data
,
1408 skb_pull(msdu_head
, paramlen
);
1409 hdr
= (struct ieee80211_hdr
*)msdu_head
->data
;
1412 /* remove trailing FCS */
1415 /* remove crypto trailer */
1416 trim
+= ath10k_htt_rx_crypto_tail_len(ar
, enctype
);
1418 /* last fragment of TKIP frags has MIC */
1419 if (!ieee80211_has_morefrags(hdr
->frame_control
) &&
1420 enctype
== HTT_RX_MPDU_ENCRYPT_TKIP_WPA
)
1421 trim
+= MICHAEL_MIC_LEN
;
1423 if (trim
> msdu_head
->len
) {
1424 ath10k_warn(ar
, "htt rx fragment: trailer longer than the frame itself? drop\n");
1425 dev_kfree_skb_any(msdu_head
);
1429 skb_trim(msdu_head
, msdu_head
->len
- trim
);
1431 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "htt rx frag mpdu: ",
1432 msdu_head
->data
, msdu_head
->len
);
1433 ath10k_process_rx(htt
->ar
, rx_status
, msdu_head
);
1436 if (fw_desc_len
> 0) {
1437 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1438 "expecting more fragmented rx in one indication %d\n",
1443 static void ath10k_htt_rx_frm_tx_compl(struct ath10k
*ar
,
1444 struct sk_buff
*skb
)
1446 struct ath10k_htt
*htt
= &ar
->htt
;
1447 struct htt_resp
*resp
= (struct htt_resp
*)skb
->data
;
1448 struct htt_tx_done tx_done
= {};
1449 int status
= MS(resp
->data_tx_completion
.flags
, HTT_DATA_TX_STATUS
);
1453 lockdep_assert_held(&htt
->tx_lock
);
1456 case HTT_DATA_TX_STATUS_NO_ACK
:
1457 tx_done
.no_ack
= true;
1459 case HTT_DATA_TX_STATUS_OK
:
1461 case HTT_DATA_TX_STATUS_DISCARD
:
1462 case HTT_DATA_TX_STATUS_POSTPONE
:
1463 case HTT_DATA_TX_STATUS_DOWNLOAD_FAIL
:
1464 tx_done
.discard
= true;
1467 ath10k_warn(ar
, "unhandled tx completion status %d\n", status
);
1468 tx_done
.discard
= true;
1472 ath10k_dbg(ar
, ATH10K_DBG_HTT
, "htt tx completion num_msdus %d\n",
1473 resp
->data_tx_completion
.num_msdus
);
1475 for (i
= 0; i
< resp
->data_tx_completion
.num_msdus
; i
++) {
1476 msdu_id
= resp
->data_tx_completion
.msdus
[i
];
1477 tx_done
.msdu_id
= __le16_to_cpu(msdu_id
);
1478 ath10k_txrx_tx_unref(htt
, &tx_done
);
1482 static void ath10k_htt_rx_addba(struct ath10k
*ar
, struct htt_resp
*resp
)
1484 struct htt_rx_addba
*ev
= &resp
->rx_addba
;
1485 struct ath10k_peer
*peer
;
1486 struct ath10k_vif
*arvif
;
1487 u16 info0
, tid
, peer_id
;
1489 info0
= __le16_to_cpu(ev
->info0
);
1490 tid
= MS(info0
, HTT_RX_BA_INFO0_TID
);
1491 peer_id
= MS(info0
, HTT_RX_BA_INFO0_PEER_ID
);
1493 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1494 "htt rx addba tid %hu peer_id %hu size %hhu\n",
1495 tid
, peer_id
, ev
->window_size
);
1497 spin_lock_bh(&ar
->data_lock
);
1498 peer
= ath10k_peer_find_by_id(ar
, peer_id
);
1500 ath10k_warn(ar
, "received addba event for invalid peer_id: %hu\n",
1502 spin_unlock_bh(&ar
->data_lock
);
1506 arvif
= ath10k_get_arvif(ar
, peer
->vdev_id
);
1508 ath10k_warn(ar
, "received addba event for invalid vdev_id: %u\n",
1510 spin_unlock_bh(&ar
->data_lock
);
1514 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1515 "htt rx start rx ba session sta %pM tid %hu size %hhu\n",
1516 peer
->addr
, tid
, ev
->window_size
);
1518 ieee80211_start_rx_ba_session_offl(arvif
->vif
, peer
->addr
, tid
);
1519 spin_unlock_bh(&ar
->data_lock
);
1522 static void ath10k_htt_rx_delba(struct ath10k
*ar
, struct htt_resp
*resp
)
1524 struct htt_rx_delba
*ev
= &resp
->rx_delba
;
1525 struct ath10k_peer
*peer
;
1526 struct ath10k_vif
*arvif
;
1527 u16 info0
, tid
, peer_id
;
1529 info0
= __le16_to_cpu(ev
->info0
);
1530 tid
= MS(info0
, HTT_RX_BA_INFO0_TID
);
1531 peer_id
= MS(info0
, HTT_RX_BA_INFO0_PEER_ID
);
1533 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1534 "htt rx delba tid %hu peer_id %hu\n",
1537 spin_lock_bh(&ar
->data_lock
);
1538 peer
= ath10k_peer_find_by_id(ar
, peer_id
);
1540 ath10k_warn(ar
, "received addba event for invalid peer_id: %hu\n",
1542 spin_unlock_bh(&ar
->data_lock
);
1546 arvif
= ath10k_get_arvif(ar
, peer
->vdev_id
);
1548 ath10k_warn(ar
, "received addba event for invalid vdev_id: %u\n",
1550 spin_unlock_bh(&ar
->data_lock
);
1554 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1555 "htt rx stop rx ba session sta %pM tid %hu\n",
1558 ieee80211_stop_rx_ba_session_offl(arvif
->vif
, peer
->addr
, tid
);
1559 spin_unlock_bh(&ar
->data_lock
);
1562 void ath10k_htt_t2h_msg_handler(struct ath10k
*ar
, struct sk_buff
*skb
)
1564 struct ath10k_htt
*htt
= &ar
->htt
;
1565 struct htt_resp
*resp
= (struct htt_resp
*)skb
->data
;
1567 /* confirm alignment */
1568 if (!IS_ALIGNED((unsigned long)skb
->data
, 4))
1569 ath10k_warn(ar
, "unaligned htt message, expect trouble\n");
1571 ath10k_dbg(ar
, ATH10K_DBG_HTT
, "htt rx, msg_type: 0x%0X\n",
1572 resp
->hdr
.msg_type
);
1573 switch (resp
->hdr
.msg_type
) {
1574 case HTT_T2H_MSG_TYPE_VERSION_CONF
: {
1575 htt
->target_version_major
= resp
->ver_resp
.major
;
1576 htt
->target_version_minor
= resp
->ver_resp
.minor
;
1577 complete(&htt
->target_version_received
);
1580 case HTT_T2H_MSG_TYPE_RX_IND
:
1581 spin_lock_bh(&htt
->rx_ring
.lock
);
1582 __skb_queue_tail(&htt
->rx_compl_q
, skb
);
1583 spin_unlock_bh(&htt
->rx_ring
.lock
);
1584 tasklet_schedule(&htt
->txrx_compl_task
);
1586 case HTT_T2H_MSG_TYPE_PEER_MAP
: {
1587 struct htt_peer_map_event ev
= {
1588 .vdev_id
= resp
->peer_map
.vdev_id
,
1589 .peer_id
= __le16_to_cpu(resp
->peer_map
.peer_id
),
1591 memcpy(ev
.addr
, resp
->peer_map
.addr
, sizeof(ev
.addr
));
1592 ath10k_peer_map_event(htt
, &ev
);
1595 case HTT_T2H_MSG_TYPE_PEER_UNMAP
: {
1596 struct htt_peer_unmap_event ev
= {
1597 .peer_id
= __le16_to_cpu(resp
->peer_unmap
.peer_id
),
1599 ath10k_peer_unmap_event(htt
, &ev
);
1602 case HTT_T2H_MSG_TYPE_MGMT_TX_COMPLETION
: {
1603 struct htt_tx_done tx_done
= {};
1604 int status
= __le32_to_cpu(resp
->mgmt_tx_completion
.status
);
1607 __le32_to_cpu(resp
->mgmt_tx_completion
.desc_id
);
1610 case HTT_MGMT_TX_STATUS_OK
:
1612 case HTT_MGMT_TX_STATUS_RETRY
:
1613 tx_done
.no_ack
= true;
1615 case HTT_MGMT_TX_STATUS_DROP
:
1616 tx_done
.discard
= true;
1620 spin_lock_bh(&htt
->tx_lock
);
1621 ath10k_txrx_tx_unref(htt
, &tx_done
);
1622 spin_unlock_bh(&htt
->tx_lock
);
1625 case HTT_T2H_MSG_TYPE_TX_COMPL_IND
:
1626 spin_lock_bh(&htt
->tx_lock
);
1627 __skb_queue_tail(&htt
->tx_compl_q
, skb
);
1628 spin_unlock_bh(&htt
->tx_lock
);
1629 tasklet_schedule(&htt
->txrx_compl_task
);
1631 case HTT_T2H_MSG_TYPE_SEC_IND
: {
1632 struct ath10k
*ar
= htt
->ar
;
1633 struct htt_security_indication
*ev
= &resp
->security_indication
;
1635 ath10k_dbg(ar
, ATH10K_DBG_HTT
,
1636 "sec ind peer_id %d unicast %d type %d\n",
1637 __le16_to_cpu(ev
->peer_id
),
1638 !!(ev
->flags
& HTT_SECURITY_IS_UNICAST
),
1639 MS(ev
->flags
, HTT_SECURITY_TYPE
));
1640 complete(&ar
->install_key_done
);
1643 case HTT_T2H_MSG_TYPE_RX_FRAG_IND
: {
1644 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "htt event: ",
1645 skb
->data
, skb
->len
);
1646 ath10k_htt_rx_frag_handler(htt
, &resp
->rx_frag_ind
);
1649 case HTT_T2H_MSG_TYPE_TEST
:
1652 case HTT_T2H_MSG_TYPE_STATS_CONF
:
1653 trace_ath10k_htt_stats(ar
, skb
->data
, skb
->len
);
1655 case HTT_T2H_MSG_TYPE_TX_INSPECT_IND
:
1656 /* Firmware can return tx frames if it's unable to fully
1657 * process them and suspects host may be able to fix it. ath10k
1658 * sends all tx frames as already inspected so this shouldn't
1659 * happen unless fw has a bug.
1661 ath10k_warn(ar
, "received an unexpected htt tx inspect event\n");
1663 case HTT_T2H_MSG_TYPE_RX_ADDBA
:
1664 ath10k_htt_rx_addba(ar
, resp
);
1666 case HTT_T2H_MSG_TYPE_RX_DELBA
:
1667 ath10k_htt_rx_delba(ar
, resp
);
1669 case HTT_T2H_MSG_TYPE_PKTLOG
: {
1670 struct ath10k_pktlog_hdr
*hdr
=
1671 (struct ath10k_pktlog_hdr
*)resp
->pktlog_msg
.payload
;
1673 trace_ath10k_htt_pktlog(ar
, resp
->pktlog_msg
.payload
,
1675 __le16_to_cpu(hdr
->size
));
1678 case HTT_T2H_MSG_TYPE_RX_FLUSH
: {
1679 /* Ignore this event because mac80211 takes care of Rx
1680 * aggregation reordering.
1685 ath10k_warn(ar
, "htt event (%d) not handled\n",
1686 resp
->hdr
.msg_type
);
1687 ath10k_dbg_dump(ar
, ATH10K_DBG_HTT_DUMP
, NULL
, "htt event: ",
1688 skb
->data
, skb
->len
);
1692 /* Free the indication buffer */
1693 dev_kfree_skb_any(skb
);
1696 static void ath10k_htt_txrx_compl_task(unsigned long ptr
)
1698 struct ath10k_htt
*htt
= (struct ath10k_htt
*)ptr
;
1699 struct htt_resp
*resp
;
1700 struct sk_buff
*skb
;
1702 spin_lock_bh(&htt
->tx_lock
);
1703 while ((skb
= __skb_dequeue(&htt
->tx_compl_q
))) {
1704 ath10k_htt_rx_frm_tx_compl(htt
->ar
, skb
);
1705 dev_kfree_skb_any(skb
);
1707 spin_unlock_bh(&htt
->tx_lock
);
1709 spin_lock_bh(&htt
->rx_ring
.lock
);
1710 while ((skb
= __skb_dequeue(&htt
->rx_compl_q
))) {
1711 resp
= (struct htt_resp
*)skb
->data
;
1712 ath10k_htt_rx_handler(htt
, &resp
->rx_ind
);
1713 dev_kfree_skb_any(skb
);
1715 spin_unlock_bh(&htt
->rx_ring
.lock
);