Path: blob/main/sys/contrib/dev/athk/ath10k/htt_rx.c
48375 views
// SPDX-License-Identifier: ISC1/*2* Copyright (c) 2005-2011 Atheros Communications Inc.3* Copyright (c) 2011-2017 Qualcomm Atheros, Inc.4* Copyright (c) 2018, The Linux Foundation. All rights reserved.5*/67#include "core.h"8#include "htc.h"9#include "htt.h"10#include "txrx.h"11#include "debug.h"12#include "trace.h"13#include "mac.h"1415#include <linux/log2.h>16#include <linux/bitfield.h>1718/* when under memory pressure rx ring refill may fail and needs a retry */19#define HTT_RX_RING_REFILL_RETRY_MS 502021#define HTT_RX_RING_REFILL_RESCHED_MS 52223/* shortcut to interpret a raw memory buffer as a rx descriptor */24#define HTT_RX_BUF_TO_RX_DESC(hw, buf) ath10k_htt_rx_desc_from_raw_buffer(hw, buf)2526static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *skb);2728static struct sk_buff *29ath10k_htt_rx_find_skb_paddr(struct ath10k *ar, u64 paddr)30{31struct ath10k_skb_rxcb *rxcb;3233hash_for_each_possible(ar->htt.rx_ring.skb_table, rxcb, hlist, paddr)34if (rxcb->paddr == paddr)35return ATH10K_RXCB_SKB(rxcb);3637WARN_ON_ONCE(1);38return NULL;39}4041static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt)42{43struct sk_buff *skb;44struct ath10k_skb_rxcb *rxcb;45struct hlist_node *n;46int i;4748if (htt->rx_ring.in_ord_rx) {49hash_for_each_safe(htt->rx_ring.skb_table, i, n, rxcb, hlist) {50skb = ATH10K_RXCB_SKB(rxcb);51dma_unmap_single(htt->ar->dev, rxcb->paddr,52skb->len + skb_tailroom(skb),53DMA_FROM_DEVICE);54hash_del(&rxcb->hlist);55dev_kfree_skb_any(skb);56}57} else {58for (i = 0; i < htt->rx_ring.size; i++) {59skb = htt->rx_ring.netbufs_ring[i];60if (!skb)61continue;6263rxcb = ATH10K_SKB_RXCB(skb);64dma_unmap_single(htt->ar->dev, rxcb->paddr,65skb->len + skb_tailroom(skb),66DMA_FROM_DEVICE);67dev_kfree_skb_any(skb);68}69}7071htt->rx_ring.fill_cnt = 0;72hash_init(htt->rx_ring.skb_table);73memset(htt->rx_ring.netbufs_ring, 0,74htt->rx_ring.size * sizeof(htt->rx_ring.netbufs_ring[0]));75}7677static size_t ath10k_htt_get_rx_ring_size_32(struct ath10k_htt *htt)78{79return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_32);80}8182static size_t ath10k_htt_get_rx_ring_size_64(struct ath10k_htt *htt)83{84return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_64);85}8687static void ath10k_htt_config_paddrs_ring_32(struct ath10k_htt *htt,88void *vaddr)89{90htt->rx_ring.paddrs_ring_32 = vaddr;91}9293static void ath10k_htt_config_paddrs_ring_64(struct ath10k_htt *htt,94void *vaddr)95{96htt->rx_ring.paddrs_ring_64 = vaddr;97}9899static void ath10k_htt_set_paddrs_ring_32(struct ath10k_htt *htt,100dma_addr_t paddr, int idx)101{102htt->rx_ring.paddrs_ring_32[idx] = __cpu_to_le32(paddr);103}104105static void ath10k_htt_set_paddrs_ring_64(struct ath10k_htt *htt,106dma_addr_t paddr, int idx)107{108htt->rx_ring.paddrs_ring_64[idx] = __cpu_to_le64(paddr);109}110111static void ath10k_htt_reset_paddrs_ring_32(struct ath10k_htt *htt, int idx)112{113htt->rx_ring.paddrs_ring_32[idx] = 0;114}115116static void ath10k_htt_reset_paddrs_ring_64(struct ath10k_htt *htt, int idx)117{118htt->rx_ring.paddrs_ring_64[idx] = 0;119}120121static void *ath10k_htt_get_vaddr_ring_32(struct ath10k_htt *htt)122{123return (void *)htt->rx_ring.paddrs_ring_32;124}125126static void *ath10k_htt_get_vaddr_ring_64(struct ath10k_htt *htt)127{128return (void *)htt->rx_ring.paddrs_ring_64;129}130131static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)132{133struct ath10k_hw_params *hw = &htt->ar->hw_params;134struct htt_rx_desc *rx_desc;135struct ath10k_skb_rxcb *rxcb;136struct sk_buff *skb;137dma_addr_t paddr;138int ret = 0, idx;139140/* The Full Rx Reorder firmware has no way of telling the host141* implicitly when it copied HTT Rx Ring buffers to MAC Rx Ring.142* To keep things simple make sure ring is always half empty. This143* guarantees there'll be no replenishment overruns possible.144*/145BUILD_BUG_ON(HTT_RX_RING_FILL_LEVEL >= HTT_RX_RING_SIZE / 2);146147idx = __le32_to_cpu(*htt->rx_ring.alloc_idx.vaddr);148149if (idx < 0 || idx >= htt->rx_ring.size) {150ath10k_err(htt->ar, "rx ring index is not valid, firmware malfunctioning?\n");151idx &= htt->rx_ring.size_mask;152ret = -ENOMEM;153goto fail;154}155156while (num > 0) {157skb = dev_alloc_skb(HTT_RX_BUF_SIZE + HTT_RX_DESC_ALIGN);158if (!skb) {159ret = -ENOMEM;160goto fail;161}162163if (!IS_ALIGNED((unsigned long)skb->data, HTT_RX_DESC_ALIGN))164skb_pull(skb,165PTR_ALIGN(skb->data, HTT_RX_DESC_ALIGN) -166skb->data);167168/* Clear rx_desc attention word before posting to Rx ring */169rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, skb->data);170ath10k_htt_rx_desc_get_attention(hw, rx_desc)->flags = __cpu_to_le32(0);171172paddr = dma_map_single(htt->ar->dev, skb->data,173skb->len + skb_tailroom(skb),174DMA_FROM_DEVICE);175176if (unlikely(dma_mapping_error(htt->ar->dev, paddr))) {177dev_kfree_skb_any(skb);178ret = -ENOMEM;179goto fail;180}181182rxcb = ATH10K_SKB_RXCB(skb);183rxcb->paddr = paddr;184htt->rx_ring.netbufs_ring[idx] = skb;185ath10k_htt_set_paddrs_ring(htt, paddr, idx);186htt->rx_ring.fill_cnt++;187188if (htt->rx_ring.in_ord_rx) {189hash_add(htt->rx_ring.skb_table,190&ATH10K_SKB_RXCB(skb)->hlist,191paddr);192}193194num--;195idx++;196idx &= htt->rx_ring.size_mask;197}198199fail:200/*201* Make sure the rx buffer is updated before available buffer202* index to avoid any potential rx ring corruption.203*/204mb();205*htt->rx_ring.alloc_idx.vaddr = __cpu_to_le32(idx);206return ret;207}208209static int ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)210{211lockdep_assert_held(&htt->rx_ring.lock);212return __ath10k_htt_rx_ring_fill_n(htt, num);213}214215static void ath10k_htt_rx_msdu_buff_replenish(struct ath10k_htt *htt)216{217int ret, num_deficit, num_to_fill;218219/* Refilling the whole RX ring buffer proves to be a bad idea. The220* reason is RX may take up significant amount of CPU cycles and starve221* other tasks, e.g. TX on an ethernet device while acting as a bridge222* with ath10k wlan interface. This ended up with very poor performance223* once CPU the host system was overwhelmed with RX on ath10k.224*225* By limiting the number of refills the replenishing occurs226* progressively. This in turns makes use of the fact tasklets are227* processed in FIFO order. This means actual RX processing can starve228* out refilling. If there's not enough buffers on RX ring FW will not229* report RX until it is refilled with enough buffers. This230* automatically balances load wrt to CPU power.231*232* This probably comes at a cost of lower maximum throughput but233* improves the average and stability.234*/235spin_lock_bh(&htt->rx_ring.lock);236num_deficit = htt->rx_ring.fill_level - htt->rx_ring.fill_cnt;237num_to_fill = min(ATH10K_HTT_MAX_NUM_REFILL, num_deficit);238num_deficit -= num_to_fill;239ret = ath10k_htt_rx_ring_fill_n(htt, num_to_fill);240if (ret == -ENOMEM) {241/*242* Failed to fill it to the desired level -243* we'll start a timer and try again next time.244* As long as enough buffers are left in the ring for245* another A-MPDU rx, no special recovery is needed.246*/247mod_timer(&htt->rx_ring.refill_retry_timer, jiffies +248msecs_to_jiffies(HTT_RX_RING_REFILL_RETRY_MS));249} else if (num_deficit > 0) {250mod_timer(&htt->rx_ring.refill_retry_timer, jiffies +251msecs_to_jiffies(HTT_RX_RING_REFILL_RESCHED_MS));252}253spin_unlock_bh(&htt->rx_ring.lock);254}255256static void ath10k_htt_rx_ring_refill_retry(struct timer_list *t)257{258struct ath10k_htt *htt = from_timer(htt, t, rx_ring.refill_retry_timer);259260ath10k_htt_rx_msdu_buff_replenish(htt);261}262263int ath10k_htt_rx_ring_refill(struct ath10k *ar)264{265struct ath10k_htt *htt = &ar->htt;266int ret;267268if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)269return 0;270271spin_lock_bh(&htt->rx_ring.lock);272ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level -273htt->rx_ring.fill_cnt));274275if (ret)276ath10k_htt_rx_ring_free(htt);277278spin_unlock_bh(&htt->rx_ring.lock);279280return ret;281}282283void ath10k_htt_rx_free(struct ath10k_htt *htt)284{285if (htt->ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)286return;287288del_timer_sync(&htt->rx_ring.refill_retry_timer);289290skb_queue_purge(&htt->rx_msdus_q);291skb_queue_purge(&htt->rx_in_ord_compl_q);292skb_queue_purge(&htt->tx_fetch_ind_q);293294spin_lock_bh(&htt->rx_ring.lock);295ath10k_htt_rx_ring_free(htt);296spin_unlock_bh(&htt->rx_ring.lock);297298dma_free_coherent(htt->ar->dev,299ath10k_htt_get_rx_ring_size(htt),300ath10k_htt_get_vaddr_ring(htt),301htt->rx_ring.base_paddr);302303ath10k_htt_config_paddrs_ring(htt, NULL);304305dma_free_coherent(htt->ar->dev,306sizeof(*htt->rx_ring.alloc_idx.vaddr),307htt->rx_ring.alloc_idx.vaddr,308htt->rx_ring.alloc_idx.paddr);309htt->rx_ring.alloc_idx.vaddr = NULL;310311kfree(htt->rx_ring.netbufs_ring);312htt->rx_ring.netbufs_ring = NULL;313}314315static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)316{317struct ath10k *ar = htt->ar;318int idx;319struct sk_buff *msdu;320321lockdep_assert_held(&htt->rx_ring.lock);322323if (htt->rx_ring.fill_cnt == 0) {324ath10k_warn(ar, "tried to pop sk_buff from an empty rx ring\n");325return NULL;326}327328idx = htt->rx_ring.sw_rd_idx.msdu_payld;329msdu = htt->rx_ring.netbufs_ring[idx];330htt->rx_ring.netbufs_ring[idx] = NULL;331ath10k_htt_reset_paddrs_ring(htt, idx);332333idx++;334idx &= htt->rx_ring.size_mask;335htt->rx_ring.sw_rd_idx.msdu_payld = idx;336htt->rx_ring.fill_cnt--;337338dma_unmap_single(htt->ar->dev,339ATH10K_SKB_RXCB(msdu)->paddr,340msdu->len + skb_tailroom(msdu),341DMA_FROM_DEVICE);342ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",343msdu->data, msdu->len + skb_tailroom(msdu));344345return msdu;346}347348/* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */349static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,350struct sk_buff_head *amsdu)351{352struct ath10k *ar = htt->ar;353struct ath10k_hw_params *hw = &ar->hw_params;354int msdu_len, msdu_chaining = 0;355struct sk_buff *msdu;356struct htt_rx_desc *rx_desc;357struct rx_attention *rx_desc_attention;358struct rx_frag_info_common *rx_desc_frag_info_common;359struct rx_msdu_start_common *rx_desc_msdu_start_common;360struct rx_msdu_end_common *rx_desc_msdu_end_common;361362lockdep_assert_held(&htt->rx_ring.lock);363364for (;;) {365int last_msdu, msdu_len_invalid, msdu_chained;366367msdu = ath10k_htt_rx_netbuf_pop(htt);368if (!msdu) {369__skb_queue_purge(amsdu);370return -ENOENT;371}372373__skb_queue_tail(amsdu, msdu);374375rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);376rx_desc_attention = ath10k_htt_rx_desc_get_attention(hw, rx_desc);377rx_desc_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw,378rx_desc);379rx_desc_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rx_desc);380rx_desc_frag_info_common = ath10k_htt_rx_desc_get_frag_info(hw, rx_desc);381382/* FIXME: we must report msdu payload since this is what caller383* expects now384*/385skb_put(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset);386skb_pull(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset);387388/*389* Sanity check - confirm the HW is finished filling in the390* rx data.391* If the HW and SW are working correctly, then it's guaranteed392* that the HW's MAC DMA is done before this point in the SW.393* To prevent the case that we handle a stale Rx descriptor,394* just assert for now until we have a way to recover.395*/396if (!(__le32_to_cpu(rx_desc_attention->flags)397& RX_ATTENTION_FLAGS_MSDU_DONE)) {398__skb_queue_purge(amsdu);399return -EIO;400}401402msdu_len_invalid = !!(__le32_to_cpu(rx_desc_attention->flags)403& (RX_ATTENTION_FLAGS_MPDU_LENGTH_ERR |404RX_ATTENTION_FLAGS_MSDU_LENGTH_ERR));405msdu_len = MS(__le32_to_cpu(rx_desc_msdu_start_common->info0),406RX_MSDU_START_INFO0_MSDU_LENGTH);407msdu_chained = rx_desc_frag_info_common->ring2_more_count;408409if (msdu_len_invalid)410msdu_len = 0;411412skb_trim(msdu, 0);413skb_put(msdu, min(msdu_len, ath10k_htt_rx_msdu_size(hw)));414msdu_len -= msdu->len;415416/* Note: Chained buffers do not contain rx descriptor */417while (msdu_chained--) {418msdu = ath10k_htt_rx_netbuf_pop(htt);419if (!msdu) {420__skb_queue_purge(amsdu);421return -ENOENT;422}423424__skb_queue_tail(amsdu, msdu);425skb_trim(msdu, 0);426skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE));427msdu_len -= msdu->len;428msdu_chaining = 1;429}430431last_msdu = __le32_to_cpu(rx_desc_msdu_end_common->info0) &432RX_MSDU_END_INFO0_LAST_MSDU;433434/* FIXME: why are we skipping the first part of the rx_desc? */435#if defined(__linux__)436trace_ath10k_htt_rx_desc(ar, (void *)rx_desc + sizeof(u32),437#elif defined(__FreeBSD__)438trace_ath10k_htt_rx_desc(ar, (u8 *)rx_desc + sizeof(u32),439#endif440hw->rx_desc_ops->rx_desc_size - sizeof(u32));441442if (last_msdu)443break;444}445446if (skb_queue_empty(amsdu))447msdu_chaining = -1;448449/*450* Don't refill the ring yet.451*452* First, the elements popped here are still in use - it is not453* safe to overwrite them until the matching call to454* mpdu_desc_list_next. Second, for efficiency it is preferable to455* refill the rx ring with 1 PPDU's worth of rx buffers (something456* like 32 x 3 buffers), rather than one MPDU's worth of rx buffers457* (something like 3 buffers). Consequently, we'll rely on the txrx458* SW to tell us when it is done pulling all the PPDU's rx buffers459* out of the rx ring, and then refill it just once.460*/461462return msdu_chaining;463}464465static struct sk_buff *ath10k_htt_rx_pop_paddr(struct ath10k_htt *htt,466u64 paddr)467{468struct ath10k *ar = htt->ar;469struct ath10k_skb_rxcb *rxcb;470struct sk_buff *msdu;471472lockdep_assert_held(&htt->rx_ring.lock);473474msdu = ath10k_htt_rx_find_skb_paddr(ar, paddr);475if (!msdu)476return NULL;477478rxcb = ATH10K_SKB_RXCB(msdu);479hash_del(&rxcb->hlist);480htt->rx_ring.fill_cnt--;481482dma_unmap_single(htt->ar->dev, rxcb->paddr,483msdu->len + skb_tailroom(msdu),484DMA_FROM_DEVICE);485ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",486msdu->data, msdu->len + skb_tailroom(msdu));487488return msdu;489}490491static inline void ath10k_htt_append_frag_list(struct sk_buff *skb_head,492struct sk_buff *frag_list,493unsigned int frag_len)494{495skb_shinfo(skb_head)->frag_list = frag_list;496skb_head->data_len = frag_len;497skb_head->len += skb_head->data_len;498}499500static int ath10k_htt_rx_handle_amsdu_mon_32(struct ath10k_htt *htt,501struct sk_buff *msdu,502struct htt_rx_in_ord_msdu_desc **msdu_desc)503{504struct ath10k *ar = htt->ar;505struct ath10k_hw_params *hw = &ar->hw_params;506u32 paddr;507struct sk_buff *frag_buf;508struct sk_buff *prev_frag_buf;509u8 last_frag;510struct htt_rx_in_ord_msdu_desc *ind_desc = *msdu_desc;511struct htt_rx_desc *rxd;512int amsdu_len = __le16_to_cpu(ind_desc->msdu_len);513514rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);515trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);516517skb_put(msdu, hw->rx_desc_ops->rx_desc_size);518skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);519skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw)));520amsdu_len -= msdu->len;521522last_frag = ind_desc->reserved;523if (last_frag) {524if (amsdu_len) {525ath10k_warn(ar, "invalid amsdu len %u, left %d",526__le16_to_cpu(ind_desc->msdu_len),527amsdu_len);528}529return 0;530}531532ind_desc++;533paddr = __le32_to_cpu(ind_desc->msdu_paddr);534frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);535if (!frag_buf) {536ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%x", paddr);537return -ENOENT;538}539540skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));541ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len);542543amsdu_len -= frag_buf->len;544prev_frag_buf = frag_buf;545last_frag = ind_desc->reserved;546while (!last_frag) {547ind_desc++;548paddr = __le32_to_cpu(ind_desc->msdu_paddr);549frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);550if (!frag_buf) {551ath10k_warn(ar, "failed to pop frag-n paddr: 0x%x",552paddr);553prev_frag_buf->next = NULL;554return -ENOENT;555}556557skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));558last_frag = ind_desc->reserved;559amsdu_len -= frag_buf->len;560561prev_frag_buf->next = frag_buf;562prev_frag_buf = frag_buf;563}564565if (amsdu_len) {566ath10k_warn(ar, "invalid amsdu len %u, left %d",567__le16_to_cpu(ind_desc->msdu_len), amsdu_len);568}569570*msdu_desc = ind_desc;571572prev_frag_buf->next = NULL;573return 0;574}575576static int577ath10k_htt_rx_handle_amsdu_mon_64(struct ath10k_htt *htt,578struct sk_buff *msdu,579struct htt_rx_in_ord_msdu_desc_ext **msdu_desc)580{581struct ath10k *ar = htt->ar;582struct ath10k_hw_params *hw = &ar->hw_params;583u64 paddr;584struct sk_buff *frag_buf;585struct sk_buff *prev_frag_buf;586u8 last_frag;587struct htt_rx_in_ord_msdu_desc_ext *ind_desc = *msdu_desc;588struct htt_rx_desc *rxd;589int amsdu_len = __le16_to_cpu(ind_desc->msdu_len);590591rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);592trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);593594skb_put(msdu, hw->rx_desc_ops->rx_desc_size);595skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);596skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw)));597amsdu_len -= msdu->len;598599last_frag = ind_desc->reserved;600if (last_frag) {601if (amsdu_len) {602ath10k_warn(ar, "invalid amsdu len %u, left %d",603__le16_to_cpu(ind_desc->msdu_len),604amsdu_len);605}606return 0;607}608609ind_desc++;610paddr = __le64_to_cpu(ind_desc->msdu_paddr);611frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);612if (!frag_buf) {613#if defined(__linux__)614ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%llx", paddr);615#elif defined(__FreeBSD__)616ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%jx", (uintmax_t)paddr);617#endif618return -ENOENT;619}620621skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));622ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len);623624amsdu_len -= frag_buf->len;625prev_frag_buf = frag_buf;626last_frag = ind_desc->reserved;627while (!last_frag) {628ind_desc++;629paddr = __le64_to_cpu(ind_desc->msdu_paddr);630frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);631if (!frag_buf) {632#if defined(__linux__)633ath10k_warn(ar, "failed to pop frag-n paddr: 0x%llx",634paddr);635#elif defined(__FreeBSD__)636ath10k_warn(ar, "failed to pop frag-n paddr: 0x%jx",637(uintmax_t)paddr);638#endif639prev_frag_buf->next = NULL;640return -ENOENT;641}642643skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));644last_frag = ind_desc->reserved;645amsdu_len -= frag_buf->len;646647prev_frag_buf->next = frag_buf;648prev_frag_buf = frag_buf;649}650651if (amsdu_len) {652ath10k_warn(ar, "invalid amsdu len %u, left %d",653__le16_to_cpu(ind_desc->msdu_len), amsdu_len);654}655656*msdu_desc = ind_desc;657658prev_frag_buf->next = NULL;659return 0;660}661662static int ath10k_htt_rx_pop_paddr32_list(struct ath10k_htt *htt,663struct htt_rx_in_ord_ind *ev,664struct sk_buff_head *list)665{666struct ath10k *ar = htt->ar;667struct ath10k_hw_params *hw = &ar->hw_params;668struct htt_rx_in_ord_msdu_desc *msdu_desc = ev->msdu_descs32;669struct htt_rx_desc *rxd;670struct rx_attention *rxd_attention;671struct sk_buff *msdu;672int msdu_count, ret;673bool is_offload;674u32 paddr;675676lockdep_assert_held(&htt->rx_ring.lock);677678msdu_count = __le16_to_cpu(ev->msdu_count);679is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);680681while (msdu_count--) {682paddr = __le32_to_cpu(msdu_desc->msdu_paddr);683684msdu = ath10k_htt_rx_pop_paddr(htt, paddr);685if (!msdu) {686__skb_queue_purge(list);687return -ENOENT;688}689690if (!is_offload && ar->monitor_arvif) {691ret = ath10k_htt_rx_handle_amsdu_mon_32(htt, msdu,692&msdu_desc);693if (ret) {694__skb_queue_purge(list);695return ret;696}697__skb_queue_tail(list, msdu);698msdu_desc++;699continue;700}701702__skb_queue_tail(list, msdu);703704if (!is_offload) {705rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);706rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);707708trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);709710skb_put(msdu, hw->rx_desc_ops->rx_desc_size);711skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);712skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));713714if (!(__le32_to_cpu(rxd_attention->flags) &715RX_ATTENTION_FLAGS_MSDU_DONE)) {716ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");717return -EIO;718}719}720721msdu_desc++;722}723724return 0;725}726727static int ath10k_htt_rx_pop_paddr64_list(struct ath10k_htt *htt,728struct htt_rx_in_ord_ind *ev,729struct sk_buff_head *list)730{731struct ath10k *ar = htt->ar;732struct ath10k_hw_params *hw = &ar->hw_params;733struct htt_rx_in_ord_msdu_desc_ext *msdu_desc = ev->msdu_descs64;734struct htt_rx_desc *rxd;735struct rx_attention *rxd_attention;736struct sk_buff *msdu;737int msdu_count, ret;738bool is_offload;739u64 paddr;740741lockdep_assert_held(&htt->rx_ring.lock);742743msdu_count = __le16_to_cpu(ev->msdu_count);744is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);745746while (msdu_count--) {747paddr = __le64_to_cpu(msdu_desc->msdu_paddr);748msdu = ath10k_htt_rx_pop_paddr(htt, paddr);749if (!msdu) {750__skb_queue_purge(list);751return -ENOENT;752}753754if (!is_offload && ar->monitor_arvif) {755ret = ath10k_htt_rx_handle_amsdu_mon_64(htt, msdu,756&msdu_desc);757if (ret) {758__skb_queue_purge(list);759return ret;760}761__skb_queue_tail(list, msdu);762msdu_desc++;763continue;764}765766__skb_queue_tail(list, msdu);767768if (!is_offload) {769rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);770rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);771772trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);773774skb_put(msdu, hw->rx_desc_ops->rx_desc_size);775skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);776skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));777778if (!(__le32_to_cpu(rxd_attention->flags) &779RX_ATTENTION_FLAGS_MSDU_DONE)) {780ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");781return -EIO;782}783}784785msdu_desc++;786}787788return 0;789}790791int ath10k_htt_rx_alloc(struct ath10k_htt *htt)792{793struct ath10k *ar = htt->ar;794dma_addr_t paddr;795void *vaddr, *vaddr_ring;796size_t size;797struct timer_list *timer = &htt->rx_ring.refill_retry_timer;798799if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)800return 0;801802htt->rx_confused = false;803804/* XXX: The fill level could be changed during runtime in response to805* the host processing latency. Is this really worth it?806*/807htt->rx_ring.size = HTT_RX_RING_SIZE;808htt->rx_ring.size_mask = htt->rx_ring.size - 1;809htt->rx_ring.fill_level = ar->hw_params.rx_ring_fill_level;810811if (!is_power_of_2(htt->rx_ring.size)) {812ath10k_warn(ar, "htt rx ring size is not power of 2\n");813return -EINVAL;814}815816htt->rx_ring.netbufs_ring =817kcalloc(htt->rx_ring.size, sizeof(struct sk_buff *),818GFP_KERNEL);819if (!htt->rx_ring.netbufs_ring)820goto err_netbuf;821822size = ath10k_htt_get_rx_ring_size(htt);823824vaddr_ring = dma_alloc_coherent(htt->ar->dev, size, &paddr, GFP_KERNEL);825if (!vaddr_ring)826goto err_dma_ring;827828ath10k_htt_config_paddrs_ring(htt, vaddr_ring);829htt->rx_ring.base_paddr = paddr;830831vaddr = dma_alloc_coherent(htt->ar->dev,832sizeof(*htt->rx_ring.alloc_idx.vaddr),833&paddr, GFP_KERNEL);834if (!vaddr)835goto err_dma_idx;836837htt->rx_ring.alloc_idx.vaddr = vaddr;838htt->rx_ring.alloc_idx.paddr = paddr;839htt->rx_ring.sw_rd_idx.msdu_payld = htt->rx_ring.size_mask;840*htt->rx_ring.alloc_idx.vaddr = 0;841842/* Initialize the Rx refill retry timer */843timer_setup(timer, ath10k_htt_rx_ring_refill_retry, 0);844845spin_lock_init(&htt->rx_ring.lock);846#if defined(__FreeBSD__)847spin_lock_init(&htt->tx_fetch_ind_q.lock);848#endif849850htt->rx_ring.fill_cnt = 0;851htt->rx_ring.sw_rd_idx.msdu_payld = 0;852hash_init(htt->rx_ring.skb_table);853854skb_queue_head_init(&htt->rx_msdus_q);855skb_queue_head_init(&htt->rx_in_ord_compl_q);856skb_queue_head_init(&htt->tx_fetch_ind_q);857atomic_set(&htt->num_mpdus_ready, 0);858859ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n",860htt->rx_ring.size, htt->rx_ring.fill_level);861return 0;862863err_dma_idx:864dma_free_coherent(htt->ar->dev,865ath10k_htt_get_rx_ring_size(htt),866vaddr_ring,867htt->rx_ring.base_paddr);868ath10k_htt_config_paddrs_ring(htt, NULL);869err_dma_ring:870kfree(htt->rx_ring.netbufs_ring);871htt->rx_ring.netbufs_ring = NULL;872err_netbuf:873return -ENOMEM;874}875876static int ath10k_htt_rx_crypto_param_len(struct ath10k *ar,877enum htt_rx_mpdu_encrypt_type type)878{879switch (type) {880case HTT_RX_MPDU_ENCRYPT_NONE:881return 0;882case HTT_RX_MPDU_ENCRYPT_WEP40:883case HTT_RX_MPDU_ENCRYPT_WEP104:884return IEEE80211_WEP_IV_LEN;885case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:886case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:887return IEEE80211_TKIP_IV_LEN;888case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:889return IEEE80211_CCMP_HDR_LEN;890case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:891return IEEE80211_CCMP_256_HDR_LEN;892case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:893case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:894return IEEE80211_GCMP_HDR_LEN;895case HTT_RX_MPDU_ENCRYPT_WEP128:896case HTT_RX_MPDU_ENCRYPT_WAPI:897break;898}899900ath10k_warn(ar, "unsupported encryption type %d\n", type);901return 0;902}903904#define MICHAEL_MIC_LEN 8905906static int ath10k_htt_rx_crypto_mic_len(struct ath10k *ar,907enum htt_rx_mpdu_encrypt_type type)908{909switch (type) {910case HTT_RX_MPDU_ENCRYPT_NONE:911case HTT_RX_MPDU_ENCRYPT_WEP40:912case HTT_RX_MPDU_ENCRYPT_WEP104:913case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:914case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:915return 0;916case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:917return IEEE80211_CCMP_MIC_LEN;918case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:919return IEEE80211_CCMP_256_MIC_LEN;920case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:921case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:922return IEEE80211_GCMP_MIC_LEN;923case HTT_RX_MPDU_ENCRYPT_WEP128:924case HTT_RX_MPDU_ENCRYPT_WAPI:925break;926}927928ath10k_warn(ar, "unsupported encryption type %d\n", type);929return 0;930}931932static int ath10k_htt_rx_crypto_icv_len(struct ath10k *ar,933enum htt_rx_mpdu_encrypt_type type)934{935switch (type) {936case HTT_RX_MPDU_ENCRYPT_NONE:937case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:938case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:939case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:940case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:941return 0;942case HTT_RX_MPDU_ENCRYPT_WEP40:943case HTT_RX_MPDU_ENCRYPT_WEP104:944return IEEE80211_WEP_ICV_LEN;945case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:946case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:947return IEEE80211_TKIP_ICV_LEN;948case HTT_RX_MPDU_ENCRYPT_WEP128:949case HTT_RX_MPDU_ENCRYPT_WAPI:950break;951}952953ath10k_warn(ar, "unsupported encryption type %d\n", type);954return 0;955}956957struct amsdu_subframe_hdr {958u8 dst[ETH_ALEN];959u8 src[ETH_ALEN];960__be16 len;961} __packed;962963#define GROUP_ID_IS_SU_MIMO(x) ((x) == 0 || (x) == 63)964965static inline u8 ath10k_bw_to_mac80211_bw(u8 bw)966{967u8 ret = 0;968969switch (bw) {970case 0:971ret = RATE_INFO_BW_20;972break;973case 1:974ret = RATE_INFO_BW_40;975break;976case 2:977ret = RATE_INFO_BW_80;978break;979case 3:980ret = RATE_INFO_BW_160;981break;982}983984return ret;985}986987static void ath10k_htt_rx_h_rates(struct ath10k *ar,988struct ieee80211_rx_status *status,989struct htt_rx_desc *rxd)990{991struct ath10k_hw_params *hw = &ar->hw_params;992struct rx_attention *rxd_attention;993struct rx_mpdu_start *rxd_mpdu_start;994struct rx_mpdu_end *rxd_mpdu_end;995struct rx_msdu_start_common *rxd_msdu_start_common;996struct rx_msdu_end_common *rxd_msdu_end_common;997struct rx_ppdu_start *rxd_ppdu_start;998struct ieee80211_supported_band *sband;999u8 cck, rate, bw, sgi, mcs, nss;1000u8 *rxd_msdu_payload;1001u8 preamble = 0;1002u8 group_id;1003u32 info1, info2, info3;1004u32 stbc, nsts_su;10051006rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1007rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);1008rxd_mpdu_end = ath10k_htt_rx_desc_get_mpdu_end(hw, rxd);1009rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1010rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1011rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd);1012rxd_msdu_payload = ath10k_htt_rx_desc_get_msdu_payload(hw, rxd);10131014info1 = __le32_to_cpu(rxd_ppdu_start->info1);1015info2 = __le32_to_cpu(rxd_ppdu_start->info2);1016info3 = __le32_to_cpu(rxd_ppdu_start->info3);10171018preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE);10191020switch (preamble) {1021case HTT_RX_LEGACY:1022/* To get legacy rate index band is required. Since band can't1023* be undefined check if freq is non-zero.1024*/1025if (!status->freq)1026return;10271028cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT;1029rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE);1030rate &= ~RX_PPDU_START_RATE_FLAG;10311032sband = &ar->mac.sbands[status->band];1033status->rate_idx = ath10k_mac_hw_rate_to_idx(sband, rate, cck);1034break;1035case HTT_RX_HT:1036case HTT_RX_HT_WITH_TXBF:1037/* HT-SIG - Table 20-11 in info2 and info3 */1038mcs = info2 & 0x1F;1039nss = mcs >> 3;1040bw = (info2 >> 7) & 1;1041sgi = (info3 >> 7) & 1;10421043status->rate_idx = mcs;1044status->encoding = RX_ENC_HT;1045if (sgi)1046status->enc_flags |= RX_ENC_FLAG_SHORT_GI;1047if (bw)1048status->bw = RATE_INFO_BW_40;1049break;1050case HTT_RX_VHT:1051case HTT_RX_VHT_WITH_TXBF:1052/* VHT-SIG-A1 in info2, VHT-SIG-A2 in info31053* TODO check this1054*/1055bw = info2 & 3;1056sgi = info3 & 1;1057stbc = (info2 >> 3) & 1;1058group_id = (info2 >> 4) & 0x3F;10591060if (GROUP_ID_IS_SU_MIMO(group_id)) {1061mcs = (info3 >> 4) & 0x0F;1062nsts_su = ((info2 >> 10) & 0x07);1063if (stbc)1064nss = (nsts_su >> 2) + 1;1065else1066nss = (nsts_su + 1);1067} else {1068/* Hardware doesn't decode VHT-SIG-B into Rx descriptor1069* so it's impossible to decode MCS. Also since1070* firmware consumes Group Id Management frames host1071* has no knowledge regarding group/user position1072* mapping so it's impossible to pick the correct Nsts1073* from VHT-SIG-A1.1074*1075* Bandwidth and SGI are valid so report the rateinfo1076* on best-effort basis.1077*/1078mcs = 0;1079nss = 1;1080}10811082if (mcs > 0x09) {1083ath10k_warn(ar, "invalid MCS received %u\n", mcs);1084ath10k_warn(ar, "rxd %08x mpdu start %08x %08x msdu start %08x %08x ppdu start %08x %08x %08x %08x %08x\n",1085__le32_to_cpu(rxd_attention->flags),1086__le32_to_cpu(rxd_mpdu_start->info0),1087__le32_to_cpu(rxd_mpdu_start->info1),1088__le32_to_cpu(rxd_msdu_start_common->info0),1089__le32_to_cpu(rxd_msdu_start_common->info1),1090rxd_ppdu_start->info0,1091__le32_to_cpu(rxd_ppdu_start->info1),1092__le32_to_cpu(rxd_ppdu_start->info2),1093__le32_to_cpu(rxd_ppdu_start->info3),1094__le32_to_cpu(rxd_ppdu_start->info4));10951096ath10k_warn(ar, "msdu end %08x mpdu end %08x\n",1097__le32_to_cpu(rxd_msdu_end_common->info0),1098__le32_to_cpu(rxd_mpdu_end->info0));10991100ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL,1101"rx desc msdu payload: ",1102rxd_msdu_payload, 50);1103}11041105status->rate_idx = mcs;1106status->nss = nss;11071108if (sgi)1109status->enc_flags |= RX_ENC_FLAG_SHORT_GI;11101111status->bw = ath10k_bw_to_mac80211_bw(bw);1112status->encoding = RX_ENC_VHT;1113break;1114default:1115break;1116}1117}11181119static struct ieee80211_channel *1120ath10k_htt_rx_h_peer_channel(struct ath10k *ar, struct htt_rx_desc *rxd)1121{1122struct ath10k_hw_params *hw = &ar->hw_params;1123struct rx_attention *rxd_attention;1124struct rx_msdu_end_common *rxd_msdu_end_common;1125struct rx_mpdu_start *rxd_mpdu_start;1126struct ath10k_peer *peer;1127struct ath10k_vif *arvif;1128struct cfg80211_chan_def def;1129u16 peer_id;11301131lockdep_assert_held(&ar->data_lock);11321133if (!rxd)1134return NULL;11351136rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1137rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1138rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);11391140if (rxd_attention->flags &1141__cpu_to_le32(RX_ATTENTION_FLAGS_PEER_IDX_INVALID))1142return NULL;11431144if (!(rxd_msdu_end_common->info0 &1145__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)))1146return NULL;11471148peer_id = MS(__le32_to_cpu(rxd_mpdu_start->info0),1149RX_MPDU_START_INFO0_PEER_IDX);11501151peer = ath10k_peer_find_by_id(ar, peer_id);1152if (!peer)1153return NULL;11541155arvif = ath10k_get_arvif(ar, peer->vdev_id);1156if (WARN_ON_ONCE(!arvif))1157return NULL;11581159if (ath10k_mac_vif_chan(arvif->vif, &def))1160return NULL;11611162return def.chan;1163}11641165static struct ieee80211_channel *1166ath10k_htt_rx_h_vdev_channel(struct ath10k *ar, u32 vdev_id)1167{1168struct ath10k_vif *arvif;1169struct cfg80211_chan_def def;11701171lockdep_assert_held(&ar->data_lock);11721173list_for_each_entry(arvif, &ar->arvifs, list) {1174if (arvif->vdev_id == vdev_id &&1175ath10k_mac_vif_chan(arvif->vif, &def) == 0)1176return def.chan;1177}11781179return NULL;1180}11811182static void1183ath10k_htt_rx_h_any_chan_iter(struct ieee80211_hw *hw,1184struct ieee80211_chanctx_conf *conf,1185void *data)1186{1187struct cfg80211_chan_def *def = data;11881189*def = conf->def;1190}11911192static struct ieee80211_channel *1193ath10k_htt_rx_h_any_channel(struct ath10k *ar)1194{1195struct cfg80211_chan_def def = {};11961197ieee80211_iter_chan_contexts_atomic(ar->hw,1198ath10k_htt_rx_h_any_chan_iter,1199&def);12001201return def.chan;1202}12031204static bool ath10k_htt_rx_h_channel(struct ath10k *ar,1205struct ieee80211_rx_status *status,1206struct htt_rx_desc *rxd,1207u32 vdev_id)1208{1209struct ieee80211_channel *ch;12101211spin_lock_bh(&ar->data_lock);1212ch = ar->scan_channel;1213if (!ch)1214ch = ar->rx_channel;1215if (!ch)1216ch = ath10k_htt_rx_h_peer_channel(ar, rxd);1217if (!ch)1218ch = ath10k_htt_rx_h_vdev_channel(ar, vdev_id);1219if (!ch)1220ch = ath10k_htt_rx_h_any_channel(ar);1221if (!ch)1222ch = ar->tgt_oper_chan;1223spin_unlock_bh(&ar->data_lock);12241225if (!ch)1226return false;12271228status->band = ch->band;1229status->freq = ch->center_freq;12301231return true;1232}12331234static void ath10k_htt_rx_h_signal(struct ath10k *ar,1235struct ieee80211_rx_status *status,1236struct htt_rx_desc *rxd)1237{1238struct ath10k_hw_params *hw = &ar->hw_params;1239struct rx_ppdu_start *rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd);1240int i;12411242for (i = 0; i < IEEE80211_MAX_CHAINS ; i++) {1243status->chains &= ~BIT(i);12441245if (rxd_ppdu_start->rssi_chains[i].pri20_mhz != 0x80) {1246status->chain_signal[i] = ATH10K_DEFAULT_NOISE_FLOOR +1247rxd_ppdu_start->rssi_chains[i].pri20_mhz;12481249status->chains |= BIT(i);1250}1251}12521253/* FIXME: Get real NF */1254status->signal = ATH10K_DEFAULT_NOISE_FLOOR +1255rxd_ppdu_start->rssi_comb;1256status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;1257}12581259static void ath10k_htt_rx_h_mactime(struct ath10k *ar,1260struct ieee80211_rx_status *status,1261struct htt_rx_desc *rxd)1262{1263struct ath10k_hw_params *hw = &ar->hw_params;1264struct rx_ppdu_end_common *rxd_ppdu_end_common;12651266rxd_ppdu_end_common = ath10k_htt_rx_desc_get_ppdu_end(hw, rxd);12671268/* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This1269* means all prior MSDUs in a PPDU are reported to mac80211 without the1270* TSF. Is it worth holding frames until end of PPDU is known?1271*1272* FIXME: Can we get/compute 64bit TSF?1273*/1274status->mactime = __le32_to_cpu(rxd_ppdu_end_common->tsf_timestamp);1275status->flag |= RX_FLAG_MACTIME_END;1276}12771278static void ath10k_htt_rx_h_ppdu(struct ath10k *ar,1279struct sk_buff_head *amsdu,1280struct ieee80211_rx_status *status,1281u32 vdev_id)1282{1283struct sk_buff *first;1284struct ath10k_hw_params *hw = &ar->hw_params;1285struct htt_rx_desc *rxd;1286struct rx_attention *rxd_attention;1287bool is_first_ppdu;1288bool is_last_ppdu;12891290if (skb_queue_empty(amsdu))1291return;12921293first = skb_peek(amsdu);1294rxd = HTT_RX_BUF_TO_RX_DESC(hw,1295#if defined(__linux__)1296(void *)first->data - hw->rx_desc_ops->rx_desc_size);1297#elif defined(__FreeBSD__)1298(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);1299#endif13001301rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);13021303is_first_ppdu = !!(rxd_attention->flags &1304__cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU));1305is_last_ppdu = !!(rxd_attention->flags &1306__cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU));13071308if (is_first_ppdu) {1309/* New PPDU starts so clear out the old per-PPDU status. */1310status->freq = 0;1311status->rate_idx = 0;1312status->nss = 0;1313status->encoding = RX_ENC_LEGACY;1314status->bw = RATE_INFO_BW_20;13151316status->flag &= ~RX_FLAG_MACTIME_END;1317status->flag |= RX_FLAG_NO_SIGNAL_VAL;13181319status->flag &= ~(RX_FLAG_AMPDU_IS_LAST);1320status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN;1321status->ampdu_reference = ar->ampdu_reference;13221323ath10k_htt_rx_h_signal(ar, status, rxd);1324ath10k_htt_rx_h_channel(ar, status, rxd, vdev_id);1325ath10k_htt_rx_h_rates(ar, status, rxd);1326}13271328if (is_last_ppdu) {1329ath10k_htt_rx_h_mactime(ar, status, rxd);13301331/* set ampdu last segment flag */1332status->flag |= RX_FLAG_AMPDU_IS_LAST;1333ar->ampdu_reference++;1334}1335}13361337static const char * const tid_to_ac[] = {1338"BE",1339"BK",1340"BK",1341"BE",1342"VI",1343"VI",1344"VO",1345"VO",1346};13471348static char *ath10k_get_tid(struct ieee80211_hdr *hdr, char *out, size_t size)1349{1350u8 *qc;1351int tid;13521353if (!ieee80211_is_data_qos(hdr->frame_control))1354return "";13551356qc = ieee80211_get_qos_ctl(hdr);1357tid = *qc & IEEE80211_QOS_CTL_TID_MASK;1358if (tid < 8)1359snprintf(out, size, "tid %d (%s)", tid, tid_to_ac[tid]);1360else1361snprintf(out, size, "tid %d", tid);13621363return out;1364}13651366static void ath10k_htt_rx_h_queue_msdu(struct ath10k *ar,1367struct ieee80211_rx_status *rx_status,1368struct sk_buff *skb)1369{1370struct ieee80211_rx_status *status;13711372status = IEEE80211_SKB_RXCB(skb);1373*status = *rx_status;13741375skb_queue_tail(&ar->htt.rx_msdus_q, skb);1376}13771378static void ath10k_process_rx(struct ath10k *ar, struct sk_buff *skb)1379{1380struct ieee80211_rx_status *status;1381struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;1382char tid[32];13831384status = IEEE80211_SKB_RXCB(skb);13851386if (!(ar->filter_flags & FIF_FCSFAIL) &&1387status->flag & RX_FLAG_FAILED_FCS_CRC) {1388ar->stats.rx_crc_err_drop++;1389dev_kfree_skb_any(skb);1390return;1391}13921393ath10k_dbg(ar, ATH10K_DBG_DATA,1394"rx skb %pK len %u peer %pM %s %s sn %u %s%s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %i mic-err %i amsdu-more %i\n",1395skb,1396skb->len,1397ieee80211_get_SA(hdr),1398ath10k_get_tid(hdr, tid, sizeof(tid)),1399is_multicast_ether_addr(ieee80211_get_DA(hdr)) ?1400"mcast" : "ucast",1401IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl)),1402(status->encoding == RX_ENC_LEGACY) ? "legacy" : "",1403(status->encoding == RX_ENC_HT) ? "ht" : "",1404(status->encoding == RX_ENC_VHT) ? "vht" : "",1405(status->bw == RATE_INFO_BW_40) ? "40" : "",1406(status->bw == RATE_INFO_BW_80) ? "80" : "",1407(status->bw == RATE_INFO_BW_160) ? "160" : "",1408status->enc_flags & RX_ENC_FLAG_SHORT_GI ? "sgi " : "",1409status->rate_idx,1410status->nss,1411status->freq,1412status->band, status->flag,1413!!(status->flag & RX_FLAG_FAILED_FCS_CRC),1414!!(status->flag & RX_FLAG_MMIC_ERROR),1415!!(status->flag & RX_FLAG_AMSDU_MORE));1416ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ",1417skb->data, skb->len);1418trace_ath10k_rx_hdr(ar, skb->data, skb->len);1419trace_ath10k_rx_payload(ar, skb->data, skb->len);14201421ieee80211_rx_napi(ar->hw, NULL, skb, &ar->napi);1422}14231424static int ath10k_htt_rx_nwifi_hdrlen(struct ath10k *ar,1425struct ieee80211_hdr *hdr)1426{1427int len = ieee80211_hdrlen(hdr->frame_control);14281429if (!test_bit(ATH10K_FW_FEATURE_NO_NWIFI_DECAP_4ADDR_PADDING,1430ar->running_fw->fw_file.fw_features))1431len = round_up(len, 4);14321433return len;1434}14351436static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar,1437struct sk_buff *msdu,1438struct ieee80211_rx_status *status,1439enum htt_rx_mpdu_encrypt_type enctype,1440bool is_decrypted,1441const u8 first_hdr[64])1442{1443struct ieee80211_hdr *hdr;1444struct ath10k_hw_params *hw = &ar->hw_params;1445struct htt_rx_desc *rxd;1446struct rx_msdu_end_common *rxd_msdu_end_common;1447size_t hdr_len;1448size_t crypto_len;1449bool is_first;1450bool is_last;1451bool msdu_limit_err;1452int bytes_aligned = ar->hw_params.decap_align_bytes;1453u8 *qos;14541455rxd = HTT_RX_BUF_TO_RX_DESC(hw,1456#if defined(__linux__)1457(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1458#elif defined(__FreeBSD__)1459(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1460#endif14611462rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1463is_first = !!(rxd_msdu_end_common->info0 &1464__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));1465is_last = !!(rxd_msdu_end_common->info0 &1466__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));14671468/* Delivered decapped frame:1469* [802.11 header]1470* [crypto param] <-- can be trimmed if !fcs_err &&1471* !decrypt_err && !peer_idx_invalid1472* [amsdu header] <-- only if A-MSDU1473* [rfc1042/llc]1474* [payload]1475* [FCS] <-- at end, needs to be trimmed1476*/14771478/* Some hardwares(QCA99x0 variants) limit number of msdus in a-msdu when1479* deaggregate, so that unwanted MSDU-deaggregation is avoided for1480* error packets. If limit exceeds, hw sends all remaining MSDUs as1481* a single last MSDU with this msdu limit error set.1482*/1483msdu_limit_err = ath10k_htt_rx_desc_msdu_limit_error(hw, rxd);14841485/* If MSDU limit error happens, then don't warn on, the partial raw MSDU1486* without first MSDU is expected in that case, and handled later here.1487*/1488/* This probably shouldn't happen but warn just in case */1489if (WARN_ON_ONCE(!is_first && !msdu_limit_err))1490return;14911492/* This probably shouldn't happen but warn just in case */1493if (WARN_ON_ONCE(!(is_first && is_last) && !msdu_limit_err))1494return;14951496skb_trim(msdu, msdu->len - FCS_LEN);14971498/* Push original 80211 header */1499if (unlikely(msdu_limit_err)) {1500#if defined(__linux__)1501hdr = (struct ieee80211_hdr *)first_hdr;1502#elif defined(__FreeBSD__)1503hdr = __DECONST(struct ieee80211_hdr *, first_hdr);1504#endif1505hdr_len = ieee80211_hdrlen(hdr->frame_control);1506crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);15071508if (ieee80211_is_data_qos(hdr->frame_control)) {1509qos = ieee80211_get_qos_ctl(hdr);1510qos[0] |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;1511}15121513if (crypto_len)1514memcpy(skb_push(msdu, crypto_len),1515#if defined(__linux__)1516(void *)hdr + round_up(hdr_len, bytes_aligned),1517#elif defined(__FreeBSD__)1518(u8 *)hdr + round_up(hdr_len, bytes_aligned),1519#endif1520crypto_len);15211522memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);1523}15241525/* In most cases this will be true for sniffed frames. It makes sense1526* to deliver them as-is without stripping the crypto param. This is1527* necessary for software based decryption.1528*1529* If there's no error then the frame is decrypted. At least that is1530* the case for frames that come in via fragmented rx indication.1531*/1532if (!is_decrypted)1533return;15341535/* The payload is decrypted so strip crypto params. Start from tail1536* since hdr is used to compute some stuff.1537*/15381539hdr = (void *)msdu->data;15401541/* Tail */1542if (status->flag & RX_FLAG_IV_STRIPPED) {1543skb_trim(msdu, msdu->len -1544ath10k_htt_rx_crypto_mic_len(ar, enctype));15451546skb_trim(msdu, msdu->len -1547ath10k_htt_rx_crypto_icv_len(ar, enctype));1548} else {1549/* MIC */1550if (status->flag & RX_FLAG_MIC_STRIPPED)1551skb_trim(msdu, msdu->len -1552ath10k_htt_rx_crypto_mic_len(ar, enctype));15531554/* ICV */1555if (status->flag & RX_FLAG_ICV_STRIPPED)1556skb_trim(msdu, msdu->len -1557ath10k_htt_rx_crypto_icv_len(ar, enctype));1558}15591560/* MMIC */1561if ((status->flag & RX_FLAG_MMIC_STRIPPED) &&1562!ieee80211_has_morefrags(hdr->frame_control) &&1563enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)1564skb_trim(msdu, msdu->len - MICHAEL_MIC_LEN);15651566/* Head */1567if (status->flag & RX_FLAG_IV_STRIPPED) {1568hdr_len = ieee80211_hdrlen(hdr->frame_control);1569crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);15701571#if defined(__linux__)1572memmove((void *)msdu->data + crypto_len,1573#elif defined(__FreeBSD__)1574memmove((u8 *)msdu->data + crypto_len,1575#endif1576(void *)msdu->data, hdr_len);1577skb_pull(msdu, crypto_len);1578}1579}15801581static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar,1582struct sk_buff *msdu,1583struct ieee80211_rx_status *status,1584const u8 first_hdr[64],1585enum htt_rx_mpdu_encrypt_type enctype)1586{1587struct ath10k_hw_params *hw = &ar->hw_params;1588#if defined(__linux__)1589struct ieee80211_hdr *hdr;1590#elif defined(__FreeBSD__)1591const struct ieee80211_hdr *hdr;1592struct ieee80211_hdr *hdr2;1593#endif1594struct htt_rx_desc *rxd;1595size_t hdr_len;1596u8 da[ETH_ALEN];1597u8 sa[ETH_ALEN];1598int l3_pad_bytes;1599int bytes_aligned = ar->hw_params.decap_align_bytes;16001601/* Delivered decapped frame:1602* [nwifi 802.11 header] <-- replaced with 802.11 hdr1603* [rfc1042/llc]1604*1605* Note: The nwifi header doesn't have QoS Control and is1606* (always?) a 3addr frame.1607*1608* Note2: There's no A-MSDU subframe header. Even if it's part1609* of an A-MSDU.1610*/16111612/* pull decapped header and copy SA & DA */1613#if defined(__linux__)1614rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data -1615#elif defined(__FreeBSD__)1616rxd = HTT_RX_BUF_TO_RX_DESC(hw, (u8 *)msdu->data -1617#endif1618hw->rx_desc_ops->rx_desc_size);16191620l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);1621skb_put(msdu, l3_pad_bytes);16221623#if defined(__linux__)1624hdr = (struct ieee80211_hdr *)(msdu->data + l3_pad_bytes);16251626hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr);1627ether_addr_copy(da, ieee80211_get_DA(hdr));1628ether_addr_copy(sa, ieee80211_get_SA(hdr));1629#elif defined(__FreeBSD__)1630hdr2 = (struct ieee80211_hdr *)(msdu->data + l3_pad_bytes);16311632hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr2);1633ether_addr_copy(da, ieee80211_get_DA(hdr2));1634ether_addr_copy(sa, ieee80211_get_SA(hdr2));1635#endif1636skb_pull(msdu, hdr_len);16371638/* push original 802.11 header */1639#if defined(__linux__)1640hdr = (struct ieee80211_hdr *)first_hdr;1641#elif defined(__FreeBSD__)1642hdr = (const struct ieee80211_hdr *)first_hdr;1643#endif1644hdr_len = ieee80211_hdrlen(hdr->frame_control);16451646if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1647memcpy(skb_push(msdu,1648ath10k_htt_rx_crypto_param_len(ar, enctype)),1649#if defined(__linux__)1650(void *)hdr + round_up(hdr_len, bytes_aligned),1651#elif defined(__FreeBSD__)1652(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1653#endif1654ath10k_htt_rx_crypto_param_len(ar, enctype));1655}16561657memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);16581659/* original 802.11 header has a different DA and in1660* case of 4addr it may also have different SA1661*/1662#if defined(__linux__)1663hdr = (struct ieee80211_hdr *)msdu->data;1664ether_addr_copy(ieee80211_get_DA(hdr), da);1665ether_addr_copy(ieee80211_get_SA(hdr), sa);1666#elif defined(__FreeBSD__)1667hdr2 = (struct ieee80211_hdr *)msdu->data;1668ether_addr_copy(ieee80211_get_DA(hdr2), da);1669ether_addr_copy(ieee80211_get_SA(hdr2), sa);1670#endif1671}16721673static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar,1674struct sk_buff *msdu,1675enum htt_rx_mpdu_encrypt_type enctype)1676{1677struct ieee80211_hdr *hdr;1678struct ath10k_hw_params *hw = &ar->hw_params;1679struct htt_rx_desc *rxd;1680struct rx_msdu_end_common *rxd_msdu_end_common;1681u8 *rxd_rx_hdr_status;1682size_t hdr_len, crypto_len;1683#if defined(__linux__)1684void *rfc1042;1685#elif defined(__FreeBSD__)1686u8 *rfc1042;1687#endif1688bool is_first, is_last, is_amsdu;1689int bytes_aligned = ar->hw_params.decap_align_bytes;16901691rxd = HTT_RX_BUF_TO_RX_DESC(hw,1692#if defined(__linux__)1693(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1694#elif defined(__FreeBSD__)1695(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1696#endif16971698rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1699rxd_rx_hdr_status = ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);1700hdr = (void *)rxd_rx_hdr_status;17011702is_first = !!(rxd_msdu_end_common->info0 &1703__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));1704is_last = !!(rxd_msdu_end_common->info0 &1705__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));1706is_amsdu = !(is_first && is_last);17071708#if defined(__linux__)1709rfc1042 = hdr;1710#elif defined(__FreeBSD__)1711rfc1042 = (void *)hdr;1712#endif17131714if (is_first) {1715hdr_len = ieee80211_hdrlen(hdr->frame_control);1716crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);17171718rfc1042 += round_up(hdr_len, bytes_aligned) +1719round_up(crypto_len, bytes_aligned);1720}17211722if (is_amsdu)1723rfc1042 += sizeof(struct amsdu_subframe_hdr);17241725return rfc1042;1726}17271728static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar,1729struct sk_buff *msdu,1730struct ieee80211_rx_status *status,1731const u8 first_hdr[64],1732enum htt_rx_mpdu_encrypt_type enctype)1733{1734struct ath10k_hw_params *hw = &ar->hw_params;1735#if defined(__linux__)1736struct ieee80211_hdr *hdr;1737#elif defined(__FreeBSD__)1738const struct ieee80211_hdr *hdr;1739struct ieee80211_hdr *hdr2;1740#endif1741struct ethhdr *eth;1742size_t hdr_len;1743void *rfc1042;1744u8 da[ETH_ALEN];1745u8 sa[ETH_ALEN];1746int l3_pad_bytes;1747struct htt_rx_desc *rxd;1748int bytes_aligned = ar->hw_params.decap_align_bytes;17491750/* Delivered decapped frame:1751* [eth header] <-- replaced with 802.11 hdr & rfc1042/llc1752* [payload]1753*/17541755rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype);1756if (WARN_ON_ONCE(!rfc1042))1757return;17581759rxd = HTT_RX_BUF_TO_RX_DESC(hw,1760#if defined(__linux__)1761(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1762#elif defined(__FreeBSD__)1763(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1764#endif17651766l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);1767skb_put(msdu, l3_pad_bytes);1768skb_pull(msdu, l3_pad_bytes);17691770/* pull decapped header and copy SA & DA */1771eth = (struct ethhdr *)msdu->data;1772ether_addr_copy(da, eth->h_dest);1773ether_addr_copy(sa, eth->h_source);1774skb_pull(msdu, sizeof(struct ethhdr));17751776/* push rfc1042/llc/snap */1777memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042,1778sizeof(struct rfc1042_hdr));17791780/* push original 802.11 header */1781#if defined(__linux__)1782hdr = (struct ieee80211_hdr *)first_hdr;1783#elif defined(__FreeBSD__)1784hdr = (const struct ieee80211_hdr *)first_hdr;1785#endif1786hdr_len = ieee80211_hdrlen(hdr->frame_control);17871788if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1789memcpy(skb_push(msdu,1790ath10k_htt_rx_crypto_param_len(ar, enctype)),1791#if defined(__linux__)1792(void *)hdr + round_up(hdr_len, bytes_aligned),1793#elif defined(__FreeBSD__)1794(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1795#endif1796ath10k_htt_rx_crypto_param_len(ar, enctype));1797}17981799memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);18001801/* original 802.11 header has a different DA and in1802* case of 4addr it may also have different SA1803*/1804#if defined(__linux__)1805hdr = (struct ieee80211_hdr *)msdu->data;1806ether_addr_copy(ieee80211_get_DA(hdr), da);1807ether_addr_copy(ieee80211_get_SA(hdr), sa);1808#elif defined(__FreeBSD__)1809hdr2 = (struct ieee80211_hdr *)msdu->data;1810ether_addr_copy(ieee80211_get_DA(hdr2), da);1811ether_addr_copy(ieee80211_get_SA(hdr2), sa);1812#endif1813}18141815static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar,1816struct sk_buff *msdu,1817struct ieee80211_rx_status *status,1818const u8 first_hdr[64],1819enum htt_rx_mpdu_encrypt_type enctype)1820{1821struct ath10k_hw_params *hw = &ar->hw_params;1822#if defined(__linux__)1823struct ieee80211_hdr *hdr;1824#elif defined(__FreeBSD__)1825const struct ieee80211_hdr *hdr;1826#endif1827size_t hdr_len;1828int l3_pad_bytes;1829struct htt_rx_desc *rxd;1830int bytes_aligned = ar->hw_params.decap_align_bytes;18311832/* Delivered decapped frame:1833* [amsdu header] <-- replaced with 802.11 hdr1834* [rfc1042/llc]1835* [payload]1836*/18371838rxd = HTT_RX_BUF_TO_RX_DESC(hw,1839#if defined(__linux__)1840(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1841#elif defined(__FreeBSD__)1842(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1843#endif18441845l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);18461847skb_put(msdu, l3_pad_bytes);1848skb_pull(msdu, sizeof(struct amsdu_subframe_hdr) + l3_pad_bytes);18491850#if defined(__linux__)1851hdr = (struct ieee80211_hdr *)first_hdr;1852#elif defined(__FreeBSD__)1853hdr = (const struct ieee80211_hdr *)first_hdr;1854#endif1855hdr_len = ieee80211_hdrlen(hdr->frame_control);18561857if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1858memcpy(skb_push(msdu,1859ath10k_htt_rx_crypto_param_len(ar, enctype)),1860#if defined(__linux__)1861(void *)hdr + round_up(hdr_len, bytes_aligned),1862#elif defined(__FreeBSD__)1863(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1864#endif1865ath10k_htt_rx_crypto_param_len(ar, enctype));1866}18671868memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);1869}18701871static void ath10k_htt_rx_h_undecap(struct ath10k *ar,1872struct sk_buff *msdu,1873struct ieee80211_rx_status *status,1874u8 first_hdr[64],1875enum htt_rx_mpdu_encrypt_type enctype,1876bool is_decrypted)1877{1878struct ath10k_hw_params *hw = &ar->hw_params;1879struct htt_rx_desc *rxd;1880struct rx_msdu_start_common *rxd_msdu_start_common;1881enum rx_msdu_decap_format decap;18821883/* First msdu's decapped header:1884* [802.11 header] <-- padded to 4 bytes long1885* [crypto param] <-- padded to 4 bytes long1886* [amsdu header] <-- only if A-MSDU1887* [rfc1042/llc]1888*1889* Other (2nd, 3rd, ..) msdu's decapped header:1890* [amsdu header] <-- only if A-MSDU1891* [rfc1042/llc]1892*/18931894rxd = HTT_RX_BUF_TO_RX_DESC(hw,1895#if defined(__linux__)1896(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1897#elif defined(__FreeBSD__)1898(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1899#endif19001901rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1902decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1),1903RX_MSDU_START_INFO1_DECAP_FORMAT);19041905switch (decap) {1906case RX_MSDU_DECAP_RAW:1907ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype,1908is_decrypted, first_hdr);1909break;1910case RX_MSDU_DECAP_NATIVE_WIFI:1911ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr,1912enctype);1913break;1914case RX_MSDU_DECAP_ETHERNET2_DIX:1915ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype);1916break;1917case RX_MSDU_DECAP_8023_SNAP_LLC:1918ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr,1919enctype);1920break;1921}1922}19231924static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *skb)1925{1926struct htt_rx_desc *rxd;1927struct rx_attention *rxd_attention;1928struct rx_msdu_start_common *rxd_msdu_start_common;1929u32 flags, info;1930bool is_ip4, is_ip6;1931bool is_tcp, is_udp;1932bool ip_csum_ok, tcpudp_csum_ok;19331934rxd = HTT_RX_BUF_TO_RX_DESC(hw,1935#if defined(__linux__)1936(void *)skb->data - hw->rx_desc_ops->rx_desc_size);1937#elif defined(__FreeBSD__)1938(u8 *)skb->data - hw->rx_desc_ops->rx_desc_size);1939#endif19401941rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1942rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1943flags = __le32_to_cpu(rxd_attention->flags);1944info = __le32_to_cpu(rxd_msdu_start_common->info1);19451946is_ip4 = !!(info & RX_MSDU_START_INFO1_IPV4_PROTO);1947is_ip6 = !!(info & RX_MSDU_START_INFO1_IPV6_PROTO);1948is_tcp = !!(info & RX_MSDU_START_INFO1_TCP_PROTO);1949is_udp = !!(info & RX_MSDU_START_INFO1_UDP_PROTO);1950ip_csum_ok = !(flags & RX_ATTENTION_FLAGS_IP_CHKSUM_FAIL);1951tcpudp_csum_ok = !(flags & RX_ATTENTION_FLAGS_TCP_UDP_CHKSUM_FAIL);19521953if (!is_ip4 && !is_ip6)1954return CHECKSUM_NONE;1955if (!is_tcp && !is_udp)1956return CHECKSUM_NONE;1957if (!ip_csum_ok)1958return CHECKSUM_NONE;1959if (!tcpudp_csum_ok)1960return CHECKSUM_NONE;19611962return CHECKSUM_UNNECESSARY;1963}19641965static void ath10k_htt_rx_h_csum_offload(struct ath10k_hw_params *hw,1966struct sk_buff *msdu)1967{1968msdu->ip_summed = ath10k_htt_rx_get_csum_state(hw, msdu);1969}19701971static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb,1972enum htt_rx_mpdu_encrypt_type enctype)1973{1974struct ieee80211_hdr *hdr;1975u64 pn = 0;1976u8 *ehdr;19771978hdr = (struct ieee80211_hdr *)skb->data;1979ehdr = skb->data + ieee80211_hdrlen(hdr->frame_control);19801981if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) {1982pn = ehdr[0];1983pn |= (u64)ehdr[1] << 8;1984pn |= (u64)ehdr[4] << 16;1985pn |= (u64)ehdr[5] << 24;1986pn |= (u64)ehdr[6] << 32;1987pn |= (u64)ehdr[7] << 40;1988}1989return pn;1990}19911992static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar,1993struct sk_buff *skb)1994{1995struct ieee80211_hdr *hdr;19961997hdr = (struct ieee80211_hdr *)skb->data;1998return !is_multicast_ether_addr(hdr->addr1);1999}20002001static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,2002struct sk_buff *skb,2003u16 peer_id,2004enum htt_rx_mpdu_encrypt_type enctype)2005{2006struct ath10k_peer *peer;2007union htt_rx_pn_t *last_pn, new_pn = {0};2008struct ieee80211_hdr *hdr;2009u8 tid, frag_number;2010u32 seq;20112012peer = ath10k_peer_find_by_id(ar, peer_id);2013if (!peer) {2014ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n");2015return false;2016}20172018hdr = (struct ieee80211_hdr *)skb->data;2019if (ieee80211_is_data_qos(hdr->frame_control))2020tid = ieee80211_get_tid(hdr);2021else2022tid = ATH10K_TXRX_NON_QOS_TID;20232024last_pn = &peer->frag_tids_last_pn[tid];2025new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, enctype);2026frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;2027seq = IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl));20282029if (frag_number == 0) {2030last_pn->pn48 = new_pn.pn48;2031peer->frag_tids_seq[tid] = seq;2032} else {2033if (seq != peer->frag_tids_seq[tid])2034return false;20352036if (new_pn.pn48 != last_pn->pn48 + 1)2037return false;20382039last_pn->pn48 = new_pn.pn48;2040}20412042return true;2043}20442045static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,2046struct sk_buff_head *amsdu,2047struct ieee80211_rx_status *status,2048bool fill_crypt_header,2049u8 *rx_hdr,2050enum ath10k_pkt_rx_err *err,2051u16 peer_id,2052bool frag)2053{2054struct sk_buff *first;2055struct sk_buff *last;2056struct sk_buff *msdu, *temp;2057struct ath10k_hw_params *hw = &ar->hw_params;2058struct htt_rx_desc *rxd;2059struct rx_attention *rxd_attention;2060struct rx_mpdu_start *rxd_mpdu_start;20612062struct ieee80211_hdr *hdr;2063enum htt_rx_mpdu_encrypt_type enctype;2064u8 first_hdr[64];2065u8 *qos;2066bool has_fcs_err;2067bool has_crypto_err;2068bool has_tkip_err;2069bool has_peer_idx_invalid;2070bool is_decrypted;2071bool is_mgmt;2072u32 attention;2073bool frag_pn_check = true, multicast_check = true;20742075if (skb_queue_empty(amsdu))2076return;20772078first = skb_peek(amsdu);2079rxd = HTT_RX_BUF_TO_RX_DESC(hw,2080#if defined(__linux__)2081(void *)first->data - hw->rx_desc_ops->rx_desc_size);2082#elif defined(__FreeBSD__)2083(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2084#endif20852086rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);2087rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);20882089is_mgmt = !!(rxd_attention->flags &2090__cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE));20912092enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0),2093RX_MPDU_START_INFO0_ENCRYPT_TYPE);20942095/* First MSDU's Rx descriptor in an A-MSDU contains full 802.112096* decapped header. It'll be used for undecapping of each MSDU.2097*/2098hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);2099memcpy(first_hdr, hdr, RX_HTT_HDR_STATUS_LEN);21002101if (rx_hdr)2102memcpy(rx_hdr, hdr, RX_HTT_HDR_STATUS_LEN);21032104/* Each A-MSDU subframe will use the original header as the base and be2105* reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl.2106*/2107hdr = (void *)first_hdr;21082109if (ieee80211_is_data_qos(hdr->frame_control)) {2110qos = ieee80211_get_qos_ctl(hdr);2111qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;2112}21132114/* Some attention flags are valid only in the last MSDU. */2115last = skb_peek_tail(amsdu);2116rxd = HTT_RX_BUF_TO_RX_DESC(hw,2117#if defined(__linux__)2118(void *)last->data - hw->rx_desc_ops->rx_desc_size);2119#elif defined(__FreeBSD__)2120(u8 *)last->data - hw->rx_desc_ops->rx_desc_size);2121#endif21222123rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);2124attention = __le32_to_cpu(rxd_attention->flags);21252126has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR);2127has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);2128has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);2129has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID);21302131/* Note: If hardware captures an encrypted frame that it can't decrypt,2132* e.g. due to fcs error, missing peer or invalid key data it will2133* report the frame as raw.2134*/2135is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE &&2136!has_fcs_err &&2137!has_crypto_err &&2138!has_peer_idx_invalid);21392140/* Clear per-MPDU flags while leaving per-PPDU flags intact. */2141status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |2142RX_FLAG_MMIC_ERROR |2143RX_FLAG_DECRYPTED |2144RX_FLAG_IV_STRIPPED |2145RX_FLAG_ONLY_MONITOR |2146RX_FLAG_MMIC_STRIPPED);21472148if (has_fcs_err)2149status->flag |= RX_FLAG_FAILED_FCS_CRC;21502151if (has_tkip_err)2152status->flag |= RX_FLAG_MMIC_ERROR;21532154if (err) {2155if (has_fcs_err)2156*err = ATH10K_PKT_RX_ERR_FCS;2157else if (has_tkip_err)2158*err = ATH10K_PKT_RX_ERR_TKIP;2159else if (has_crypto_err)2160*err = ATH10K_PKT_RX_ERR_CRYPT;2161else if (has_peer_idx_invalid)2162*err = ATH10K_PKT_RX_ERR_PEER_IDX_INVAL;2163}21642165/* Firmware reports all necessary management frames via WMI already.2166* They are not reported to monitor interfaces at all so pass the ones2167* coming via HTT to monitor interfaces instead. This simplifies2168* matters a lot.2169*/2170if (is_mgmt)2171status->flag |= RX_FLAG_ONLY_MONITOR;21722173if (is_decrypted) {2174status->flag |= RX_FLAG_DECRYPTED;21752176if (likely(!is_mgmt))2177status->flag |= RX_FLAG_MMIC_STRIPPED;21782179if (fill_crypt_header)2180status->flag |= RX_FLAG_MIC_STRIPPED |2181RX_FLAG_ICV_STRIPPED;2182else2183status->flag |= RX_FLAG_IV_STRIPPED;2184}21852186skb_queue_walk(amsdu, msdu) {2187if (frag && !fill_crypt_header && is_decrypted &&2188enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)2189frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar,2190msdu,2191peer_id,2192enctype);21932194if (frag)2195multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar,2196msdu);21972198if (!frag_pn_check || !multicast_check) {2199/* Discard the fragment with invalid PN or multicast DA2200*/2201temp = msdu->prev;2202__skb_unlink(msdu, amsdu);2203dev_kfree_skb_any(msdu);2204msdu = temp;2205frag_pn_check = true;2206multicast_check = true;2207continue;2208}22092210ath10k_htt_rx_h_csum_offload(&ar->hw_params, msdu);22112212if (frag && !fill_crypt_header &&2213enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)2214status->flag &= ~RX_FLAG_MMIC_STRIPPED;22152216ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,2217is_decrypted);22182219/* Undecapping involves copying the original 802.11 header back2220* to sk_buff. If frame is protected and hardware has decrypted2221* it then remove the protected bit.2222*/2223if (!is_decrypted)2224continue;2225if (is_mgmt)2226continue;22272228if (fill_crypt_header)2229continue;22302231hdr = (void *)msdu->data;2232hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);22332234if (frag && !fill_crypt_header &&2235enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)2236status->flag &= ~RX_FLAG_IV_STRIPPED &2237~RX_FLAG_MMIC_STRIPPED;2238}2239}22402241static void ath10k_htt_rx_h_enqueue(struct ath10k *ar,2242struct sk_buff_head *amsdu,2243struct ieee80211_rx_status *status)2244{2245struct sk_buff *msdu;2246struct sk_buff *first_subframe;22472248first_subframe = skb_peek(amsdu);22492250while ((msdu = __skb_dequeue(amsdu))) {2251/* Setup per-MSDU flags */2252if (skb_queue_empty(amsdu))2253status->flag &= ~RX_FLAG_AMSDU_MORE;2254else2255status->flag |= RX_FLAG_AMSDU_MORE;22562257if (msdu == first_subframe) {2258first_subframe = NULL;2259status->flag &= ~RX_FLAG_ALLOW_SAME_PN;2260} else {2261status->flag |= RX_FLAG_ALLOW_SAME_PN;2262}22632264ath10k_htt_rx_h_queue_msdu(ar, status, msdu);2265}2266}22672268static int ath10k_unchain_msdu(struct sk_buff_head *amsdu,2269unsigned long *unchain_cnt)2270{2271struct sk_buff *skb, *first;2272int space;2273int total_len = 0;2274int amsdu_len = skb_queue_len(amsdu);22752276/* TODO: Might could optimize this by using2277* skb_try_coalesce or similar method to2278* decrease copying, or maybe get mac80211 to2279* provide a way to just receive a list of2280* skb?2281*/22822283first = __skb_dequeue(amsdu);22842285/* Allocate total length all at once. */2286skb_queue_walk(amsdu, skb)2287total_len += skb->len;22882289space = total_len - skb_tailroom(first);2290if ((space > 0) &&2291(pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) {2292/* TODO: bump some rx-oom error stat */2293/* put it back together so we can free the2294* whole list at once.2295*/2296__skb_queue_head(amsdu, first);2297return -1;2298}22992300/* Walk list again, copying contents into2301* msdu_head2302*/2303while ((skb = __skb_dequeue(amsdu))) {2304skb_copy_from_linear_data(skb, skb_put(first, skb->len),2305skb->len);2306dev_kfree_skb_any(skb);2307}23082309__skb_queue_head(amsdu, first);23102311*unchain_cnt += amsdu_len - 1;23122313return 0;2314}23152316static void ath10k_htt_rx_h_unchain(struct ath10k *ar,2317struct sk_buff_head *amsdu,2318unsigned long *drop_cnt,2319unsigned long *unchain_cnt)2320{2321struct sk_buff *first;2322struct ath10k_hw_params *hw = &ar->hw_params;2323struct htt_rx_desc *rxd;2324struct rx_msdu_start_common *rxd_msdu_start_common;2325struct rx_frag_info_common *rxd_frag_info;2326enum rx_msdu_decap_format decap;23272328first = skb_peek(amsdu);2329rxd = HTT_RX_BUF_TO_RX_DESC(hw,2330#if defined(__linux__)2331(void *)first->data - hw->rx_desc_ops->rx_desc_size);2332#elif defined(__FreeBSD__)2333(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2334#endif23352336rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);2337rxd_frag_info = ath10k_htt_rx_desc_get_frag_info(hw, rxd);2338decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1),2339RX_MSDU_START_INFO1_DECAP_FORMAT);23402341/* FIXME: Current unchaining logic can only handle simple case of raw2342* msdu chaining. If decapping is other than raw the chaining may be2343* more complex and this isn't handled by the current code. Don't even2344* try re-constructing such frames - it'll be pretty much garbage.2345*/2346if (decap != RX_MSDU_DECAP_RAW ||2347skb_queue_len(amsdu) != 1 + rxd_frag_info->ring2_more_count) {2348*drop_cnt += skb_queue_len(amsdu);2349__skb_queue_purge(amsdu);2350return;2351}23522353ath10k_unchain_msdu(amsdu, unchain_cnt);2354}23552356static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar,2357struct sk_buff_head *amsdu)2358{2359u8 *subframe_hdr;2360struct sk_buff *first;2361bool is_first, is_last;2362struct ath10k_hw_params *hw = &ar->hw_params;2363struct htt_rx_desc *rxd;2364struct rx_msdu_end_common *rxd_msdu_end_common;2365struct rx_mpdu_start *rxd_mpdu_start;2366struct ieee80211_hdr *hdr;2367size_t hdr_len, crypto_len;2368enum htt_rx_mpdu_encrypt_type enctype;2369int bytes_aligned = ar->hw_params.decap_align_bytes;23702371first = skb_peek(amsdu);23722373rxd = HTT_RX_BUF_TO_RX_DESC(hw,2374#if defined(__linux__)2375(void *)first->data - hw->rx_desc_ops->rx_desc_size);2376#elif defined(__FreeBSD__)2377(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2378#endif23792380rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);2381rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);2382hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);23832384is_first = !!(rxd_msdu_end_common->info0 &2385__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));2386is_last = !!(rxd_msdu_end_common->info0 &2387__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));23882389/* Return in case of non-aggregated msdu */2390if (is_first && is_last)2391return true;23922393/* First msdu flag is not set for the first msdu of the list */2394if (!is_first)2395return false;23962397enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0),2398RX_MPDU_START_INFO0_ENCRYPT_TYPE);23992400hdr_len = ieee80211_hdrlen(hdr->frame_control);2401crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);24022403subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) +2404crypto_len;24052406/* Validate if the amsdu has a proper first subframe.2407* There are chances a single msdu can be received as amsdu when2408* the unauthenticated amsdu flag of a QoS header2409* gets flipped in non-SPP AMSDU's, in such cases the first2410* subframe has llc/snap header in place of a valid da.2411* return false if the da matches rfc1042 pattern2412*/2413if (ether_addr_equal(subframe_hdr, rfc1042_header))2414return false;24152416return true;2417}24182419static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,2420struct sk_buff_head *amsdu,2421struct ieee80211_rx_status *rx_status)2422{2423if (!rx_status->freq) {2424ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n");2425return false;2426}24272428if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {2429ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n");2430return false;2431}24322433if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) {2434ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n");2435return false;2436}24372438return true;2439}24402441static void ath10k_htt_rx_h_filter(struct ath10k *ar,2442struct sk_buff_head *amsdu,2443struct ieee80211_rx_status *rx_status,2444unsigned long *drop_cnt)2445{2446if (skb_queue_empty(amsdu))2447return;24482449if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status))2450return;24512452if (drop_cnt)2453*drop_cnt += skb_queue_len(amsdu);24542455__skb_queue_purge(amsdu);2456}24572458static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt)2459{2460struct ath10k *ar = htt->ar;2461struct ieee80211_rx_status *rx_status = &htt->rx_status;2462struct sk_buff_head amsdu;2463int ret;2464unsigned long drop_cnt = 0;2465unsigned long unchain_cnt = 0;2466unsigned long drop_cnt_filter = 0;2467unsigned long msdus_to_queue, num_msdus;2468enum ath10k_pkt_rx_err err = ATH10K_PKT_RX_ERR_MAX;2469u8 first_hdr[RX_HTT_HDR_STATUS_LEN];24702471__skb_queue_head_init(&amsdu);24722473spin_lock_bh(&htt->rx_ring.lock);2474if (htt->rx_confused) {2475spin_unlock_bh(&htt->rx_ring.lock);2476return -EIO;2477}2478ret = ath10k_htt_rx_amsdu_pop(htt, &amsdu);2479spin_unlock_bh(&htt->rx_ring.lock);24802481if (ret < 0) {2482ath10k_warn(ar, "rx ring became corrupted: %d\n", ret);2483__skb_queue_purge(&amsdu);2484/* FIXME: It's probably a good idea to reboot the2485* device instead of leaving it inoperable.2486*/2487htt->rx_confused = true;2488return ret;2489}24902491num_msdus = skb_queue_len(&amsdu);24922493ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff);24942495/* only for ret = 1 indicates chained msdus */2496if (ret > 0)2497ath10k_htt_rx_h_unchain(ar, &amsdu, &drop_cnt, &unchain_cnt);24982499ath10k_htt_rx_h_filter(ar, &amsdu, rx_status, &drop_cnt_filter);2500ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err, 0,2501false);2502msdus_to_queue = skb_queue_len(&amsdu);2503ath10k_htt_rx_h_enqueue(ar, &amsdu, rx_status);25042505ath10k_sta_update_rx_tid_stats(ar, first_hdr, num_msdus, err,2506unchain_cnt, drop_cnt, drop_cnt_filter,2507msdus_to_queue);25082509return 0;2510}25112512static void ath10k_htt_rx_mpdu_desc_pn_hl(struct htt_hl_rx_desc *rx_desc,2513union htt_rx_pn_t *pn,2514int pn_len_bits)2515{2516switch (pn_len_bits) {2517case 48:2518pn->pn48 = __le32_to_cpu(rx_desc->pn_31_0) +2519((u64)(__le32_to_cpu(rx_desc->u0.pn_63_32) & 0xFFFF) << 32);2520break;2521case 24:2522pn->pn24 = __le32_to_cpu(rx_desc->pn_31_0);2523break;2524}2525}25262527static bool ath10k_htt_rx_pn_cmp48(union htt_rx_pn_t *new_pn,2528union htt_rx_pn_t *old_pn)2529{2530return ((new_pn->pn48 & 0xffffffffffffULL) <=2531(old_pn->pn48 & 0xffffffffffffULL));2532}25332534static bool ath10k_htt_rx_pn_check_replay_hl(struct ath10k *ar,2535struct ath10k_peer *peer,2536struct htt_rx_indication_hl *rx)2537{2538bool last_pn_valid, pn_invalid = false;2539enum htt_txrx_sec_cast_type sec_index;2540enum htt_security_types sec_type;2541union htt_rx_pn_t new_pn = {0};2542struct htt_hl_rx_desc *rx_desc;2543union htt_rx_pn_t *last_pn;2544u32 rx_desc_info, tid;2545int num_mpdu_ranges;25462547lockdep_assert_held(&ar->data_lock);25482549if (!peer)2550return false;25512552if (!(rx->fw_desc.flags & FW_RX_DESC_FLAGS_FIRST_MSDU))2553return false;25542555num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),2556HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);25572558rx_desc = (struct htt_hl_rx_desc *)&rx->mpdu_ranges[num_mpdu_ranges];2559rx_desc_info = __le32_to_cpu(rx_desc->info);25602561if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED))2562return false;25632564tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);2565last_pn_valid = peer->tids_last_pn_valid[tid];2566last_pn = &peer->tids_last_pn[tid];25672568if (MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST))2569sec_index = HTT_TXRX_SEC_MCAST;2570else2571sec_index = HTT_TXRX_SEC_UCAST;25722573sec_type = peer->rx_pn[sec_index].sec_type;2574ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);25752576if (sec_type != HTT_SECURITY_AES_CCMP &&2577sec_type != HTT_SECURITY_TKIP &&2578sec_type != HTT_SECURITY_TKIP_NOMIC)2579return false;25802581if (last_pn_valid)2582pn_invalid = ath10k_htt_rx_pn_cmp48(&new_pn, last_pn);2583else2584peer->tids_last_pn_valid[tid] = true;25852586if (!pn_invalid)2587last_pn->pn48 = new_pn.pn48;25882589return pn_invalid;2590}25912592static bool ath10k_htt_rx_proc_rx_ind_hl(struct ath10k_htt *htt,2593struct htt_rx_indication_hl *rx,2594struct sk_buff *skb,2595enum htt_rx_pn_check_type check_pn_type,2596enum htt_rx_tkip_demic_type tkip_mic_type)2597{2598struct ath10k *ar = htt->ar;2599struct ath10k_peer *peer;2600struct htt_rx_indication_mpdu_range *mpdu_ranges;2601struct fw_rx_desc_hl *fw_desc;2602enum htt_txrx_sec_cast_type sec_index;2603enum htt_security_types sec_type;2604union htt_rx_pn_t new_pn = {0};2605struct htt_hl_rx_desc *rx_desc;2606struct ieee80211_hdr *hdr;2607struct ieee80211_rx_status *rx_status;2608u16 peer_id;2609u8 rx_desc_len;2610int num_mpdu_ranges;2611size_t tot_hdr_len;2612struct ieee80211_channel *ch;2613bool pn_invalid, qos, first_msdu;2614u32 tid, rx_desc_info;26152616peer_id = __le16_to_cpu(rx->hdr.peer_id);2617tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);26182619spin_lock_bh(&ar->data_lock);2620peer = ath10k_peer_find_by_id(ar, peer_id);2621spin_unlock_bh(&ar->data_lock);2622if (!peer && peer_id != HTT_INVALID_PEERID)2623ath10k_warn(ar, "Got RX ind from invalid peer: %u\n", peer_id);26242625if (!peer)2626return true;26272628num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),2629HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);2630mpdu_ranges = htt_rx_ind_get_mpdu_ranges_hl(rx);2631fw_desc = &rx->fw_desc;2632rx_desc_len = fw_desc->len;26332634if (fw_desc->u.bits.discard) {2635ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");2636goto err;2637}26382639/* I have not yet seen any case where num_mpdu_ranges > 1.2640* qcacld does not seem handle that case either, so we introduce the2641* same limitation here as well.2642*/2643if (num_mpdu_ranges > 1)2644ath10k_warn(ar,2645"Unsupported number of MPDU ranges: %d, ignoring all but the first\n",2646num_mpdu_ranges);26472648if (mpdu_ranges->mpdu_range_status !=2649HTT_RX_IND_MPDU_STATUS_OK &&2650mpdu_ranges->mpdu_range_status !=2651HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR) {2652ath10k_dbg(ar, ATH10K_DBG_HTT, "htt mpdu_range_status %d\n",2653mpdu_ranges->mpdu_range_status);2654goto err;2655}26562657rx_desc = (struct htt_hl_rx_desc *)&rx->mpdu_ranges[num_mpdu_ranges];2658rx_desc_info = __le32_to_cpu(rx_desc->info);26592660if (MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST))2661sec_index = HTT_TXRX_SEC_MCAST;2662else2663sec_index = HTT_TXRX_SEC_UCAST;26642665sec_type = peer->rx_pn[sec_index].sec_type;2666first_msdu = rx->fw_desc.flags & FW_RX_DESC_FLAGS_FIRST_MSDU;26672668ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);26692670if (check_pn_type == HTT_RX_PN_CHECK && tid >= IEEE80211_NUM_TIDS) {2671spin_lock_bh(&ar->data_lock);2672pn_invalid = ath10k_htt_rx_pn_check_replay_hl(ar, peer, rx);2673spin_unlock_bh(&ar->data_lock);26742675if (pn_invalid)2676goto err;2677}26782679/* Strip off all headers before the MAC header before delivery to2680* mac802112681*/2682tot_hdr_len = sizeof(struct htt_resp_hdr) + sizeof(rx->hdr) +2683sizeof(rx->ppdu) + sizeof(rx->prefix) +2684sizeof(rx->fw_desc) +2685sizeof(*mpdu_ranges) * num_mpdu_ranges + rx_desc_len;26862687skb_pull(skb, tot_hdr_len);26882689hdr = (struct ieee80211_hdr *)skb->data;2690qos = ieee80211_is_data_qos(hdr->frame_control);26912692rx_status = IEEE80211_SKB_RXCB(skb);2693memset(rx_status, 0, sizeof(*rx_status));26942695if (rx->ppdu.combined_rssi == 0) {2696/* SDIO firmware does not provide signal */2697rx_status->signal = 0;2698rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;2699} else {2700rx_status->signal = ATH10K_DEFAULT_NOISE_FLOOR +2701rx->ppdu.combined_rssi;2702rx_status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;2703}27042705spin_lock_bh(&ar->data_lock);2706ch = ar->scan_channel;2707if (!ch)2708ch = ar->rx_channel;2709if (!ch)2710ch = ath10k_htt_rx_h_any_channel(ar);2711if (!ch)2712ch = ar->tgt_oper_chan;2713spin_unlock_bh(&ar->data_lock);27142715if (ch) {2716rx_status->band = ch->band;2717rx_status->freq = ch->center_freq;2718}2719if (rx->fw_desc.flags & FW_RX_DESC_FLAGS_LAST_MSDU)2720rx_status->flag &= ~RX_FLAG_AMSDU_MORE;2721else2722rx_status->flag |= RX_FLAG_AMSDU_MORE;27232724/* Not entirely sure about this, but all frames from the chipset has2725* the protected flag set even though they have already been decrypted.2726* Unmasking this flag is necessary in order for mac80211 not to drop2727* the frame.2728* TODO: Verify this is always the case or find out a way to check2729* if there has been hw decryption.2730*/2731if (ieee80211_has_protected(hdr->frame_control)) {2732hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);2733rx_status->flag |= RX_FLAG_DECRYPTED |2734RX_FLAG_IV_STRIPPED |2735RX_FLAG_MMIC_STRIPPED;27362737if (tid < IEEE80211_NUM_TIDS &&2738first_msdu &&2739check_pn_type == HTT_RX_PN_CHECK &&2740(sec_type == HTT_SECURITY_AES_CCMP ||2741sec_type == HTT_SECURITY_TKIP ||2742sec_type == HTT_SECURITY_TKIP_NOMIC)) {2743u8 offset, *ivp, i;2744s8 keyidx = 0;2745__le64 pn48 = cpu_to_le64(new_pn.pn48);27462747hdr = (struct ieee80211_hdr *)skb->data;2748offset = ieee80211_hdrlen(hdr->frame_control);2749hdr->frame_control |= __cpu_to_le16(IEEE80211_FCTL_PROTECTED);2750rx_status->flag &= ~RX_FLAG_IV_STRIPPED;27512752memmove(skb->data - IEEE80211_CCMP_HDR_LEN,2753skb->data, offset);2754skb_push(skb, IEEE80211_CCMP_HDR_LEN);2755ivp = skb->data + offset;2756memset(skb->data + offset, 0, IEEE80211_CCMP_HDR_LEN);2757/* Ext IV */2758ivp[IEEE80211_WEP_IV_LEN - 1] |= ATH10K_IEEE80211_EXTIV;27592760for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {2761if (peer->keys[i] &&2762peer->keys[i]->flags & IEEE80211_KEY_FLAG_PAIRWISE)2763keyidx = peer->keys[i]->keyidx;2764}27652766/* Key ID */2767ivp[IEEE80211_WEP_IV_LEN - 1] |= keyidx << 6;27682769if (sec_type == HTT_SECURITY_AES_CCMP) {2770rx_status->flag |= RX_FLAG_MIC_STRIPPED;2771/* pn 0, pn 1 */2772memcpy(skb->data + offset, &pn48, 2);2773/* pn 1, pn 3 , pn 34 , pn 5 */2774memcpy(skb->data + offset + 4, ((u8 *)&pn48) + 2, 4);2775} else {2776rx_status->flag |= RX_FLAG_ICV_STRIPPED;2777/* TSC 0 */2778memcpy(skb->data + offset + 2, &pn48, 1);2779/* TSC 1 */2780memcpy(skb->data + offset, ((u8 *)&pn48) + 1, 1);2781/* TSC 2 , TSC 3 , TSC 4 , TSC 5*/2782memcpy(skb->data + offset + 4, ((u8 *)&pn48) + 2, 4);2783}2784}2785}27862787if (tkip_mic_type == HTT_RX_TKIP_MIC)2788rx_status->flag &= ~RX_FLAG_IV_STRIPPED &2789~RX_FLAG_MMIC_STRIPPED;27902791if (mpdu_ranges->mpdu_range_status == HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR)2792rx_status->flag |= RX_FLAG_MMIC_ERROR;27932794if (!qos && tid < IEEE80211_NUM_TIDS) {2795u8 offset;2796__le16 qos_ctrl = 0;27972798hdr = (struct ieee80211_hdr *)skb->data;2799offset = ieee80211_hdrlen(hdr->frame_control);28002801hdr->frame_control |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);2802memmove(skb->data - IEEE80211_QOS_CTL_LEN, skb->data, offset);2803skb_push(skb, IEEE80211_QOS_CTL_LEN);2804qos_ctrl = cpu_to_le16(tid);2805memcpy(skb->data + offset, &qos_ctrl, IEEE80211_QOS_CTL_LEN);2806}28072808if (ar->napi.dev)2809ieee80211_rx_napi(ar->hw, NULL, skb, &ar->napi);2810else2811ieee80211_rx_ni(ar->hw, skb);28122813/* We have delivered the skb to the upper layers (mac80211) so we2814* must not free it.2815*/2816return false;2817err:2818/* Tell the caller that it must free the skb since we have not2819* consumed it2820*/2821return true;2822}28232824static int ath10k_htt_rx_frag_tkip_decap_nomic(struct sk_buff *skb,2825u16 head_len,2826u16 hdr_len)2827{2828u8 *ivp, *orig_hdr;28292830orig_hdr = skb->data;2831ivp = orig_hdr + hdr_len + head_len;28322833/* the ExtIV bit is always set to 1 for TKIP */2834if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2835return -EINVAL;28362837memmove(orig_hdr + IEEE80211_TKIP_IV_LEN, orig_hdr, head_len + hdr_len);2838skb_pull(skb, IEEE80211_TKIP_IV_LEN);2839skb_trim(skb, skb->len - ATH10K_IEEE80211_TKIP_MICLEN);2840return 0;2841}28422843static int ath10k_htt_rx_frag_tkip_decap_withmic(struct sk_buff *skb,2844u16 head_len,2845u16 hdr_len)2846{2847u8 *ivp, *orig_hdr;28482849orig_hdr = skb->data;2850ivp = orig_hdr + hdr_len + head_len;28512852/* the ExtIV bit is always set to 1 for TKIP */2853if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2854return -EINVAL;28552856memmove(orig_hdr + IEEE80211_TKIP_IV_LEN, orig_hdr, head_len + hdr_len);2857skb_pull(skb, IEEE80211_TKIP_IV_LEN);2858skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);2859return 0;2860}28612862static int ath10k_htt_rx_frag_ccmp_decap(struct sk_buff *skb,2863u16 head_len,2864u16 hdr_len)2865{2866u8 *ivp, *orig_hdr;28672868orig_hdr = skb->data;2869ivp = orig_hdr + hdr_len + head_len;28702871/* the ExtIV bit is always set to 1 for CCMP */2872if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2873return -EINVAL;28742875skb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN);2876memmove(orig_hdr + IEEE80211_CCMP_HDR_LEN, orig_hdr, head_len + hdr_len);2877skb_pull(skb, IEEE80211_CCMP_HDR_LEN);2878return 0;2879}28802881static int ath10k_htt_rx_frag_wep_decap(struct sk_buff *skb,2882u16 head_len,2883u16 hdr_len)2884{2885u8 *orig_hdr;28862887orig_hdr = skb->data;28882889memmove(orig_hdr + IEEE80211_WEP_IV_LEN,2890orig_hdr, head_len + hdr_len);2891skb_pull(skb, IEEE80211_WEP_IV_LEN);2892skb_trim(skb, skb->len - IEEE80211_WEP_ICV_LEN);2893return 0;2894}28952896static bool ath10k_htt_rx_proc_rx_frag_ind_hl(struct ath10k_htt *htt,2897struct htt_rx_fragment_indication *rx,2898struct sk_buff *skb)2899{2900struct ath10k *ar = htt->ar;2901enum htt_rx_tkip_demic_type tkip_mic = HTT_RX_NON_TKIP_MIC;2902enum htt_txrx_sec_cast_type sec_index;2903struct htt_rx_indication_hl *rx_hl;2904enum htt_security_types sec_type;2905u32 tid, frag, seq, rx_desc_info;2906union htt_rx_pn_t new_pn = {0};2907struct htt_hl_rx_desc *rx_desc;2908u16 peer_id, sc, hdr_space;2909union htt_rx_pn_t *last_pn;2910struct ieee80211_hdr *hdr;2911int ret, num_mpdu_ranges;2912struct ath10k_peer *peer;2913struct htt_resp *resp;2914size_t tot_hdr_len;29152916resp = (struct htt_resp *)(skb->data + HTT_RX_FRAG_IND_INFO0_HEADER_LEN);2917skb_pull(skb, HTT_RX_FRAG_IND_INFO0_HEADER_LEN);2918skb_trim(skb, skb->len - FCS_LEN);29192920peer_id = __le16_to_cpu(rx->peer_id);2921rx_hl = (struct htt_rx_indication_hl *)(&resp->rx_ind_hl);29222923spin_lock_bh(&ar->data_lock);2924peer = ath10k_peer_find_by_id(ar, peer_id);2925if (!peer) {2926ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer: %u\n", peer_id);2927goto err;2928}29292930num_mpdu_ranges = MS(__le32_to_cpu(rx_hl->hdr.info1),2931HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);29322933tot_hdr_len = sizeof(struct htt_resp_hdr) +2934sizeof(rx_hl->hdr) +2935sizeof(rx_hl->ppdu) +2936sizeof(rx_hl->prefix) +2937sizeof(rx_hl->fw_desc) +2938sizeof(struct htt_rx_indication_mpdu_range) * num_mpdu_ranges;29392940tid = MS(rx_hl->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);2941rx_desc = (struct htt_hl_rx_desc *)(skb->data + tot_hdr_len);2942rx_desc_info = __le32_to_cpu(rx_desc->info);29432944hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);29452946if (is_multicast_ether_addr(hdr->addr1)) {2947/* Discard the fragment with multicast DA */2948goto err;2949}29502951if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED)) {2952spin_unlock_bh(&ar->data_lock);2953return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,2954HTT_RX_NON_PN_CHECK,2955HTT_RX_NON_TKIP_MIC);2956}29572958if (ieee80211_has_retry(hdr->frame_control))2959goto err;29602961hdr_space = ieee80211_hdrlen(hdr->frame_control);2962sc = __le16_to_cpu(hdr->seq_ctrl);2963seq = IEEE80211_SEQ_TO_SN(sc);2964frag = sc & IEEE80211_SCTL_FRAG;29652966sec_index = MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST) ?2967HTT_TXRX_SEC_MCAST : HTT_TXRX_SEC_UCAST;2968sec_type = peer->rx_pn[sec_index].sec_type;2969ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);29702971switch (sec_type) {2972case HTT_SECURITY_TKIP:2973tkip_mic = HTT_RX_TKIP_MIC;2974ret = ath10k_htt_rx_frag_tkip_decap_withmic(skb,2975tot_hdr_len +2976rx_hl->fw_desc.len,2977hdr_space);2978if (ret)2979goto err;2980break;2981case HTT_SECURITY_TKIP_NOMIC:2982ret = ath10k_htt_rx_frag_tkip_decap_nomic(skb,2983tot_hdr_len +2984rx_hl->fw_desc.len,2985hdr_space);2986if (ret)2987goto err;2988break;2989case HTT_SECURITY_AES_CCMP:2990ret = ath10k_htt_rx_frag_ccmp_decap(skb,2991tot_hdr_len + rx_hl->fw_desc.len,2992hdr_space);2993if (ret)2994goto err;2995break;2996case HTT_SECURITY_WEP128:2997case HTT_SECURITY_WEP104:2998case HTT_SECURITY_WEP40:2999ret = ath10k_htt_rx_frag_wep_decap(skb,3000tot_hdr_len + rx_hl->fw_desc.len,3001hdr_space);3002if (ret)3003goto err;3004break;3005default:3006break;3007}30083009resp = (struct htt_resp *)(skb->data);30103011if (sec_type != HTT_SECURITY_AES_CCMP &&3012sec_type != HTT_SECURITY_TKIP &&3013sec_type != HTT_SECURITY_TKIP_NOMIC) {3014spin_unlock_bh(&ar->data_lock);3015return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,3016HTT_RX_NON_PN_CHECK,3017HTT_RX_NON_TKIP_MIC);3018}30193020last_pn = &peer->frag_tids_last_pn[tid];30213022if (frag == 0) {3023if (ath10k_htt_rx_pn_check_replay_hl(ar, peer, &resp->rx_ind_hl))3024goto err;30253026last_pn->pn48 = new_pn.pn48;3027peer->frag_tids_seq[tid] = seq;3028} else if (sec_type == HTT_SECURITY_AES_CCMP) {3029if (seq != peer->frag_tids_seq[tid])3030goto err;30313032if (new_pn.pn48 != last_pn->pn48 + 1)3033goto err;30343035last_pn->pn48 = new_pn.pn48;3036last_pn = &peer->tids_last_pn[tid];3037last_pn->pn48 = new_pn.pn48;3038}30393040spin_unlock_bh(&ar->data_lock);30413042return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,3043HTT_RX_NON_PN_CHECK, tkip_mic);30443045err:3046spin_unlock_bh(&ar->data_lock);30473048/* Tell the caller that it must free the skb since we have not3049* consumed it3050*/3051return true;3052}30533054static void ath10k_htt_rx_proc_rx_ind_ll(struct ath10k_htt *htt,3055struct htt_rx_indication *rx)3056{3057struct ath10k *ar = htt->ar;3058struct htt_rx_indication_mpdu_range *mpdu_ranges;3059int num_mpdu_ranges;3060int i, mpdu_count = 0;3061u16 peer_id;3062u8 tid;30633064num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),3065HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);3066peer_id = __le16_to_cpu(rx->hdr.peer_id);3067tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);30683069mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx);30703071ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",3072rx, struct_size(rx, mpdu_ranges, num_mpdu_ranges));30733074for (i = 0; i < num_mpdu_ranges; i++)3075mpdu_count += mpdu_ranges[i].mpdu_count;30763077atomic_add(mpdu_count, &htt->num_mpdus_ready);30783079ath10k_sta_update_rx_tid_stats_ampdu(ar, peer_id, tid, mpdu_ranges,3080num_mpdu_ranges);3081}30823083static void ath10k_htt_rx_tx_compl_ind(struct ath10k *ar,3084struct sk_buff *skb)3085{3086struct ath10k_htt *htt = &ar->htt;3087struct htt_resp *resp = (struct htt_resp *)skb->data;3088struct htt_tx_done tx_done = {};3089int status = MS(resp->data_tx_completion.flags, HTT_DATA_TX_STATUS);3090__le16 msdu_id, *msdus;3091bool rssi_enabled = false;3092u8 msdu_count = 0, num_airtime_records, tid;3093int i, htt_pad = 0;3094struct htt_data_tx_compl_ppdu_dur *ppdu_info;3095struct ath10k_peer *peer;3096u16 ppdu_info_offset = 0, peer_id;3097u32 tx_duration;30983099switch (status) {3100case HTT_DATA_TX_STATUS_NO_ACK:3101tx_done.status = HTT_TX_COMPL_STATE_NOACK;3102break;3103case HTT_DATA_TX_STATUS_OK:3104tx_done.status = HTT_TX_COMPL_STATE_ACK;3105break;3106case HTT_DATA_TX_STATUS_DISCARD:3107case HTT_DATA_TX_STATUS_POSTPONE:3108case HTT_DATA_TX_STATUS_DOWNLOAD_FAIL:3109tx_done.status = HTT_TX_COMPL_STATE_DISCARD;3110break;3111default:3112ath10k_warn(ar, "unhandled tx completion status %d\n", status);3113tx_done.status = HTT_TX_COMPL_STATE_DISCARD;3114break;3115}31163117ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx completion num_msdus %d\n",3118resp->data_tx_completion.num_msdus);31193120msdu_count = resp->data_tx_completion.num_msdus;3121msdus = resp->data_tx_completion.msdus;3122rssi_enabled = ath10k_is_rssi_enable(&ar->hw_params, resp);31233124if (rssi_enabled)3125htt_pad = ath10k_tx_data_rssi_get_pad_bytes(&ar->hw_params,3126resp);31273128for (i = 0; i < msdu_count; i++) {3129msdu_id = msdus[i];3130tx_done.msdu_id = __le16_to_cpu(msdu_id);31313132if (rssi_enabled) {3133/* Total no of MSDUs should be even,3134* if odd MSDUs are sent firmware fills3135* last msdu id with 0xffff3136*/3137if (msdu_count & 0x01) {3138msdu_id = msdus[msdu_count + i + 1 + htt_pad];3139tx_done.ack_rssi = __le16_to_cpu(msdu_id);3140} else {3141msdu_id = msdus[msdu_count + i + htt_pad];3142tx_done.ack_rssi = __le16_to_cpu(msdu_id);3143}3144}31453146/* kfifo_put: In practice firmware shouldn't fire off per-CE3147* interrupt and main interrupt (MSI/-X range case) for the same3148* HTC service so it should be safe to use kfifo_put w/o lock.3149*3150* From kfifo_put() documentation:3151* Note that with only one concurrent reader and one concurrent3152* writer, you don't need extra locking to use these macro.3153*/3154if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {3155ath10k_txrx_tx_unref(htt, &tx_done);3156} else if (!kfifo_put(&htt->txdone_fifo, tx_done)) {3157ath10k_warn(ar, "txdone fifo overrun, msdu_id %d status %d\n",3158tx_done.msdu_id, tx_done.status);3159ath10k_txrx_tx_unref(htt, &tx_done);3160}3161}31623163if (!(resp->data_tx_completion.flags2 & HTT_TX_CMPL_FLAG_PPDU_DURATION_PRESENT))3164return;31653166ppdu_info_offset = (msdu_count & 0x01) ? msdu_count + 1 : msdu_count;31673168if (rssi_enabled)3169ppdu_info_offset += ppdu_info_offset;31703171if (resp->data_tx_completion.flags2 &3172(HTT_TX_CMPL_FLAG_PPID_PRESENT | HTT_TX_CMPL_FLAG_PA_PRESENT))3173ppdu_info_offset += 2;31743175ppdu_info = (struct htt_data_tx_compl_ppdu_dur *)&msdus[ppdu_info_offset];3176num_airtime_records = FIELD_GET(HTT_TX_COMPL_PPDU_DUR_INFO0_NUM_ENTRIES_MASK,3177__le32_to_cpu(ppdu_info->info0));31783179for (i = 0; i < num_airtime_records; i++) {3180struct htt_data_tx_ppdu_dur *ppdu_dur;3181u32 info0;31823183ppdu_dur = &ppdu_info->ppdu_dur[i];3184info0 = __le32_to_cpu(ppdu_dur->info0);31853186peer_id = FIELD_GET(HTT_TX_PPDU_DUR_INFO0_PEER_ID_MASK,3187info0);3188rcu_read_lock();3189spin_lock_bh(&ar->data_lock);31903191peer = ath10k_peer_find_by_id(ar, peer_id);3192if (!peer || !peer->sta) {3193spin_unlock_bh(&ar->data_lock);3194rcu_read_unlock();3195continue;3196}31973198tid = FIELD_GET(HTT_TX_PPDU_DUR_INFO0_TID_MASK, info0) &3199IEEE80211_QOS_CTL_TID_MASK;3200tx_duration = __le32_to_cpu(ppdu_dur->tx_duration);32013202ieee80211_sta_register_airtime(peer->sta, tid, tx_duration, 0);32033204spin_unlock_bh(&ar->data_lock);3205rcu_read_unlock();3206}3207}32083209static void ath10k_htt_rx_addba(struct ath10k *ar, struct htt_resp *resp)3210{3211struct htt_rx_addba *ev = &resp->rx_addba;3212struct ath10k_peer *peer;3213struct ath10k_vif *arvif;3214u16 info0, tid, peer_id;32153216info0 = __le16_to_cpu(ev->info0);3217tid = MS(info0, HTT_RX_BA_INFO0_TID);3218peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);32193220ath10k_dbg(ar, ATH10K_DBG_HTT,3221"htt rx addba tid %u peer_id %u size %u\n",3222tid, peer_id, ev->window_size);32233224spin_lock_bh(&ar->data_lock);3225peer = ath10k_peer_find_by_id(ar, peer_id);3226if (!peer) {3227ath10k_warn(ar, "received addba event for invalid peer_id: %u\n",3228peer_id);3229spin_unlock_bh(&ar->data_lock);3230return;3231}32323233arvif = ath10k_get_arvif(ar, peer->vdev_id);3234if (!arvif) {3235ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",3236peer->vdev_id);3237spin_unlock_bh(&ar->data_lock);3238return;3239}32403241ath10k_dbg(ar, ATH10K_DBG_HTT,3242"htt rx start rx ba session sta %pM tid %u size %u\n",3243peer->addr, tid, ev->window_size);32443245ieee80211_start_rx_ba_session_offl(arvif->vif, peer->addr, tid);3246spin_unlock_bh(&ar->data_lock);3247}32483249static void ath10k_htt_rx_delba(struct ath10k *ar, struct htt_resp *resp)3250{3251struct htt_rx_delba *ev = &resp->rx_delba;3252struct ath10k_peer *peer;3253struct ath10k_vif *arvif;3254u16 info0, tid, peer_id;32553256info0 = __le16_to_cpu(ev->info0);3257tid = MS(info0, HTT_RX_BA_INFO0_TID);3258peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);32593260ath10k_dbg(ar, ATH10K_DBG_HTT,3261"htt rx delba tid %u peer_id %u\n",3262tid, peer_id);32633264spin_lock_bh(&ar->data_lock);3265peer = ath10k_peer_find_by_id(ar, peer_id);3266if (!peer) {3267ath10k_warn(ar, "received addba event for invalid peer_id: %u\n",3268peer_id);3269spin_unlock_bh(&ar->data_lock);3270return;3271}32723273arvif = ath10k_get_arvif(ar, peer->vdev_id);3274if (!arvif) {3275ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",3276peer->vdev_id);3277spin_unlock_bh(&ar->data_lock);3278return;3279}32803281ath10k_dbg(ar, ATH10K_DBG_HTT,3282"htt rx stop rx ba session sta %pM tid %u\n",3283peer->addr, tid);32843285ieee80211_stop_rx_ba_session_offl(arvif->vif, peer->addr, tid);3286spin_unlock_bh(&ar->data_lock);3287}32883289static int ath10k_htt_rx_extract_amsdu(struct ath10k_hw_params *hw,3290struct sk_buff_head *list,3291struct sk_buff_head *amsdu)3292{3293struct sk_buff *msdu;3294struct htt_rx_desc *rxd;3295struct rx_msdu_end_common *rxd_msdu_end_common;32963297if (skb_queue_empty(list))3298return -ENOBUFS;32993300if (WARN_ON(!skb_queue_empty(amsdu)))3301return -EINVAL;33023303while ((msdu = __skb_dequeue(list))) {3304__skb_queue_tail(amsdu, msdu);33053306rxd = HTT_RX_BUF_TO_RX_DESC(hw,3307#if defined(__linux__)3308(void *)msdu->data -3309#elif defined(__FreeBSD__)3310(u8 *)msdu->data -3311#endif3312hw->rx_desc_ops->rx_desc_size);33133314rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);3315if (rxd_msdu_end_common->info0 &3316__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))3317break;3318}33193320msdu = skb_peek_tail(amsdu);3321rxd = HTT_RX_BUF_TO_RX_DESC(hw,3322#if defined(__linux__)3323(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);3324#elif defined(__FreeBSD__)3325(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);3326#endif33273328rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);3329if (!(rxd_msdu_end_common->info0 &3330__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))) {3331skb_queue_splice_init(amsdu, list);3332return -EAGAIN;3333}33343335return 0;3336}33373338static void ath10k_htt_rx_h_rx_offload_prot(struct ieee80211_rx_status *status,3339struct sk_buff *skb)3340{3341struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;33423343if (!ieee80211_has_protected(hdr->frame_control))3344return;33453346/* Offloaded frames are already decrypted but firmware insists they are3347* protected in the 802.11 header. Strip the flag. Otherwise mac802113348* will drop the frame.3349*/33503351hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);3352status->flag |= RX_FLAG_DECRYPTED |3353RX_FLAG_IV_STRIPPED |3354RX_FLAG_MMIC_STRIPPED;3355}33563357static void ath10k_htt_rx_h_rx_offload(struct ath10k *ar,3358struct sk_buff_head *list)3359{3360struct ath10k_htt *htt = &ar->htt;3361struct ieee80211_rx_status *status = &htt->rx_status;3362struct htt_rx_offload_msdu *rx;3363struct sk_buff *msdu;3364size_t offset;33653366while ((msdu = __skb_dequeue(list))) {3367/* Offloaded frames don't have Rx descriptor. Instead they have3368* a short meta information header.3369*/33703371rx = (void *)msdu->data;33723373skb_put(msdu, sizeof(*rx));3374skb_pull(msdu, sizeof(*rx));33753376if (skb_tailroom(msdu) < __le16_to_cpu(rx->msdu_len)) {3377ath10k_warn(ar, "dropping frame: offloaded rx msdu is too long!\n");3378dev_kfree_skb_any(msdu);3379continue;3380}33813382skb_put(msdu, __le16_to_cpu(rx->msdu_len));33833384/* Offloaded rx header length isn't multiple of 2 nor 4 so the3385* actual payload is unaligned. Align the frame. Otherwise3386* mac80211 complains. This shouldn't reduce performance much3387* because these offloaded frames are rare.3388*/3389offset = 4 - ((unsigned long)msdu->data & 3);3390skb_put(msdu, offset);3391memmove(msdu->data + offset, msdu->data, msdu->len);3392skb_pull(msdu, offset);33933394/* FIXME: The frame is NWifi. Re-construct QoS Control3395* if possible later.3396*/33973398memset(status, 0, sizeof(*status));3399status->flag |= RX_FLAG_NO_SIGNAL_VAL;34003401ath10k_htt_rx_h_rx_offload_prot(status, msdu);3402ath10k_htt_rx_h_channel(ar, status, NULL, rx->vdev_id);3403ath10k_htt_rx_h_queue_msdu(ar, status, msdu);3404}3405}34063407static int ath10k_htt_rx_in_ord_ind(struct ath10k *ar, struct sk_buff *skb)3408{3409struct ath10k_htt *htt = &ar->htt;3410struct htt_resp *resp = (void *)skb->data;3411struct ieee80211_rx_status *status = &htt->rx_status;3412struct sk_buff_head list;3413struct sk_buff_head amsdu;3414u16 peer_id;3415u16 msdu_count;3416u8 vdev_id;3417u8 tid;3418bool offload;3419bool frag;3420int ret;34213422lockdep_assert_held(&htt->rx_ring.lock);34233424if (htt->rx_confused)3425return -EIO;34263427skb_pull(skb, sizeof(resp->hdr));3428skb_pull(skb, sizeof(resp->rx_in_ord_ind));34293430peer_id = __le16_to_cpu(resp->rx_in_ord_ind.peer_id);3431msdu_count = __le16_to_cpu(resp->rx_in_ord_ind.msdu_count);3432vdev_id = resp->rx_in_ord_ind.vdev_id;3433tid = SM(resp->rx_in_ord_ind.info, HTT_RX_IN_ORD_IND_INFO_TID);3434offload = !!(resp->rx_in_ord_ind.info &3435HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);3436frag = !!(resp->rx_in_ord_ind.info & HTT_RX_IN_ORD_IND_INFO_FRAG_MASK);34373438ath10k_dbg(ar, ATH10K_DBG_HTT,3439"htt rx in ord vdev %i peer %i tid %i offload %i frag %i msdu count %i\n",3440vdev_id, peer_id, tid, offload, frag, msdu_count);34413442if (skb->len < msdu_count * sizeof(*resp->rx_in_ord_ind.msdu_descs32)) {3443ath10k_warn(ar, "dropping invalid in order rx indication\n");3444return -EINVAL;3445}34463447/* The event can deliver more than 1 A-MSDU. Each A-MSDU is later3448* extracted and processed.3449*/3450__skb_queue_head_init(&list);3451if (ar->hw_params.target_64bit)3452ret = ath10k_htt_rx_pop_paddr64_list(htt, &resp->rx_in_ord_ind,3453&list);3454else3455ret = ath10k_htt_rx_pop_paddr32_list(htt, &resp->rx_in_ord_ind,3456&list);34573458if (ret < 0) {3459ath10k_warn(ar, "failed to pop paddr list: %d\n", ret);3460htt->rx_confused = true;3461return -EIO;3462}34633464/* Offloaded frames are very different and need to be handled3465* separately.3466*/3467if (offload)3468ath10k_htt_rx_h_rx_offload(ar, &list);34693470while (!skb_queue_empty(&list)) {3471__skb_queue_head_init(&amsdu);3472ret = ath10k_htt_rx_extract_amsdu(&ar->hw_params, &list, &amsdu);3473switch (ret) {3474case 0:3475/* Note: The in-order indication may report interleaved3476* frames from different PPDUs meaning reported rx rate3477* to mac80211 isn't accurate/reliable. It's still3478* better to report something than nothing though. This3479* should still give an idea about rx rate to the user.3480*/3481ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);3482ath10k_htt_rx_h_filter(ar, &amsdu, status, NULL);3483ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false, NULL,3484NULL, peer_id, frag);3485ath10k_htt_rx_h_enqueue(ar, &amsdu, status);3486break;3487case -EAGAIN:3488fallthrough;3489default:3490/* Should not happen. */3491ath10k_warn(ar, "failed to extract amsdu: %d\n", ret);3492htt->rx_confused = true;3493__skb_queue_purge(&list);3494return -EIO;3495}3496}3497return ret;3498}34993500static void ath10k_htt_rx_tx_fetch_resp_id_confirm(struct ath10k *ar,3501const __le32 *resp_ids,3502int num_resp_ids)3503{3504int i;3505u32 resp_id;35063507ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm num_resp_ids %d\n",3508num_resp_ids);35093510for (i = 0; i < num_resp_ids; i++) {3511resp_id = le32_to_cpu(resp_ids[i]);35123513ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm resp_id %u\n",3514resp_id);35153516/* TODO: free resp_id */3517}3518}35193520static void ath10k_htt_rx_tx_fetch_ind(struct ath10k *ar, struct sk_buff *skb)3521{3522struct ieee80211_hw *hw = ar->hw;3523struct ieee80211_txq *txq;3524struct htt_resp *resp = (struct htt_resp *)skb->data;3525struct htt_tx_fetch_record *record;3526size_t len;3527size_t max_num_bytes;3528size_t max_num_msdus;3529size_t num_bytes;3530size_t num_msdus;3531const __le32 *resp_ids;3532u16 num_records;3533u16 num_resp_ids;3534u16 peer_id;3535u8 tid;3536int ret;3537int i;3538bool may_tx;35393540ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch ind\n");35413542len = sizeof(resp->hdr) + sizeof(resp->tx_fetch_ind);3543if (unlikely(skb->len < len)) {3544ath10k_warn(ar, "received corrupted tx_fetch_ind event: buffer too short\n");3545return;3546}35473548num_records = le16_to_cpu(resp->tx_fetch_ind.num_records);3549num_resp_ids = le16_to_cpu(resp->tx_fetch_ind.num_resp_ids);35503551len += sizeof(resp->tx_fetch_ind.records[0]) * num_records;3552len += sizeof(resp->tx_fetch_ind.resp_ids[0]) * num_resp_ids;35533554if (unlikely(skb->len < len)) {3555ath10k_warn(ar, "received corrupted tx_fetch_ind event: too many records/resp_ids\n");3556return;3557}35583559ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch ind num records %u num resps %u seq %u\n",3560num_records, num_resp_ids,3561le16_to_cpu(resp->tx_fetch_ind.fetch_seq_num));35623563if (!ar->htt.tx_q_state.enabled) {3564ath10k_warn(ar, "received unexpected tx_fetch_ind event: not enabled\n");3565return;3566}35673568if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH) {3569ath10k_warn(ar, "received unexpected tx_fetch_ind event: in push mode\n");3570return;3571}35723573rcu_read_lock();35743575for (i = 0; i < num_records; i++) {3576record = &resp->tx_fetch_ind.records[i];3577peer_id = MS(le16_to_cpu(record->info),3578HTT_TX_FETCH_RECORD_INFO_PEER_ID);3579tid = MS(le16_to_cpu(record->info),3580HTT_TX_FETCH_RECORD_INFO_TID);3581max_num_msdus = le16_to_cpu(record->num_msdus);3582max_num_bytes = le32_to_cpu(record->num_bytes);35833584ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch record %i peer_id %u tid %u msdus %zu bytes %zu\n",3585i, peer_id, tid, max_num_msdus, max_num_bytes);35863587if (unlikely(peer_id >= ar->htt.tx_q_state.num_peers) ||3588unlikely(tid >= ar->htt.tx_q_state.num_tids)) {3589ath10k_warn(ar, "received out of range peer_id %u tid %u\n",3590peer_id, tid);3591continue;3592}35933594spin_lock_bh(&ar->data_lock);3595txq = ath10k_mac_txq_lookup(ar, peer_id, tid);3596spin_unlock_bh(&ar->data_lock);35973598/* It is okay to release the lock and use txq because RCU read3599* lock is held.3600*/36013602if (unlikely(!txq)) {3603ath10k_warn(ar, "failed to lookup txq for peer_id %u tid %u\n",3604peer_id, tid);3605continue;3606}36073608num_msdus = 0;3609num_bytes = 0;36103611ieee80211_txq_schedule_start(hw, txq->ac);3612may_tx = ieee80211_txq_may_transmit(hw, txq);3613while (num_msdus < max_num_msdus &&3614num_bytes < max_num_bytes) {3615if (!may_tx)3616break;36173618ret = ath10k_mac_tx_push_txq(hw, txq);3619if (ret < 0)3620break;36213622num_msdus++;3623num_bytes += ret;3624}3625ieee80211_return_txq(hw, txq, false);3626ieee80211_txq_schedule_end(hw, txq->ac);36273628record->num_msdus = cpu_to_le16(num_msdus);3629record->num_bytes = cpu_to_le32(num_bytes);36303631ath10k_htt_tx_txq_recalc(hw, txq);3632}36333634rcu_read_unlock();36353636resp_ids = ath10k_htt_get_tx_fetch_ind_resp_ids(&resp->tx_fetch_ind);3637ath10k_htt_rx_tx_fetch_resp_id_confirm(ar, resp_ids, num_resp_ids);36383639ret = ath10k_htt_tx_fetch_resp(ar,3640resp->tx_fetch_ind.token,3641resp->tx_fetch_ind.fetch_seq_num,3642resp->tx_fetch_ind.records,3643num_records);3644if (unlikely(ret)) {3645ath10k_warn(ar, "failed to submit tx fetch resp for token 0x%08x: %d\n",3646le32_to_cpu(resp->tx_fetch_ind.token), ret);3647/* FIXME: request fw restart */3648}36493650ath10k_htt_tx_txq_sync(ar);3651}36523653static void ath10k_htt_rx_tx_fetch_confirm(struct ath10k *ar,3654struct sk_buff *skb)3655{3656const struct htt_resp *resp = (void *)skb->data;3657size_t len;3658int num_resp_ids;36593660ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm\n");36613662len = sizeof(resp->hdr) + sizeof(resp->tx_fetch_confirm);3663if (unlikely(skb->len < len)) {3664ath10k_warn(ar, "received corrupted tx_fetch_confirm event: buffer too short\n");3665return;3666}36673668num_resp_ids = le16_to_cpu(resp->tx_fetch_confirm.num_resp_ids);3669len += sizeof(resp->tx_fetch_confirm.resp_ids[0]) * num_resp_ids;36703671if (unlikely(skb->len < len)) {3672ath10k_warn(ar, "received corrupted tx_fetch_confirm event: resp_ids buffer overflow\n");3673return;3674}36753676ath10k_htt_rx_tx_fetch_resp_id_confirm(ar,3677resp->tx_fetch_confirm.resp_ids,3678num_resp_ids);3679}36803681static void ath10k_htt_rx_tx_mode_switch_ind(struct ath10k *ar,3682struct sk_buff *skb)3683{3684const struct htt_resp *resp = (void *)skb->data;3685const struct htt_tx_mode_switch_record *record;3686struct ieee80211_txq *txq;3687struct ath10k_txq *artxq;3688size_t len;3689size_t num_records;3690enum htt_tx_mode_switch_mode mode;3691bool enable;3692u16 info0;3693u16 info1;3694u16 threshold;3695u16 peer_id;3696u8 tid;3697int i;36983699ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx mode switch ind\n");37003701len = sizeof(resp->hdr) + sizeof(resp->tx_mode_switch_ind);3702if (unlikely(skb->len < len)) {3703ath10k_warn(ar, "received corrupted tx_mode_switch_ind event: buffer too short\n");3704return;3705}37063707info0 = le16_to_cpu(resp->tx_mode_switch_ind.info0);3708info1 = le16_to_cpu(resp->tx_mode_switch_ind.info1);37093710enable = !!(info0 & HTT_TX_MODE_SWITCH_IND_INFO0_ENABLE);3711num_records = MS(info0, HTT_TX_MODE_SWITCH_IND_INFO1_THRESHOLD);3712mode = MS(info1, HTT_TX_MODE_SWITCH_IND_INFO1_MODE);3713threshold = MS(info1, HTT_TX_MODE_SWITCH_IND_INFO1_THRESHOLD);37143715ath10k_dbg(ar, ATH10K_DBG_HTT,3716"htt rx tx mode switch ind info0 0x%04x info1 0x%04x enable %d num records %zd mode %d threshold %u\n",3717info0, info1, enable, num_records, mode, threshold);37183719len += sizeof(resp->tx_mode_switch_ind.records[0]) * num_records;37203721if (unlikely(skb->len < len)) {3722ath10k_warn(ar, "received corrupted tx_mode_switch_mode_ind event: too many records\n");3723return;3724}37253726switch (mode) {3727case HTT_TX_MODE_SWITCH_PUSH:3728case HTT_TX_MODE_SWITCH_PUSH_PULL:3729break;3730default:3731ath10k_warn(ar, "received invalid tx_mode_switch_mode_ind mode %d, ignoring\n",3732mode);3733return;3734}37353736if (!enable)3737return;37383739ar->htt.tx_q_state.enabled = enable;3740ar->htt.tx_q_state.mode = mode;3741ar->htt.tx_q_state.num_push_allowed = threshold;37423743rcu_read_lock();37443745for (i = 0; i < num_records; i++) {3746record = &resp->tx_mode_switch_ind.records[i];3747info0 = le16_to_cpu(record->info0);3748peer_id = MS(info0, HTT_TX_MODE_SWITCH_RECORD_INFO0_PEER_ID);3749tid = MS(info0, HTT_TX_MODE_SWITCH_RECORD_INFO0_TID);37503751if (unlikely(peer_id >= ar->htt.tx_q_state.num_peers) ||3752unlikely(tid >= ar->htt.tx_q_state.num_tids)) {3753ath10k_warn(ar, "received out of range peer_id %u tid %u\n",3754peer_id, tid);3755continue;3756}37573758spin_lock_bh(&ar->data_lock);3759txq = ath10k_mac_txq_lookup(ar, peer_id, tid);3760spin_unlock_bh(&ar->data_lock);37613762/* It is okay to release the lock and use txq because RCU read3763* lock is held.3764*/37653766if (unlikely(!txq)) {3767ath10k_warn(ar, "failed to lookup txq for peer_id %u tid %u\n",3768peer_id, tid);3769continue;3770}37713772spin_lock_bh(&ar->htt.tx_lock);3773artxq = (void *)txq->drv_priv;3774artxq->num_push_allowed = le16_to_cpu(record->num_max_msdus);3775spin_unlock_bh(&ar->htt.tx_lock);3776}37773778rcu_read_unlock();37793780ath10k_mac_tx_push_pending(ar);3781}37823783void ath10k_htt_htc_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)3784{3785bool release;37863787release = ath10k_htt_t2h_msg_handler(ar, skb);37883789/* Free the indication buffer */3790if (release)3791dev_kfree_skb_any(skb);3792}37933794static inline s8 ath10k_get_legacy_rate_idx(struct ath10k *ar, u8 rate)3795{3796static const u8 legacy_rates[] = {1, 2, 5, 11, 6, 9, 12,379718, 24, 36, 48, 54};3798int i;37993800for (i = 0; i < ARRAY_SIZE(legacy_rates); i++) {3801if (rate == legacy_rates[i])3802return i;3803}38043805ath10k_warn(ar, "Invalid legacy rate %d peer stats", rate);3806return -EINVAL;3807}38083809static void3810ath10k_accumulate_per_peer_tx_stats(struct ath10k *ar,3811struct ath10k_sta *arsta,3812struct ath10k_per_peer_tx_stats *pstats,3813s8 legacy_rate_idx)3814{3815struct rate_info *txrate = &arsta->txrate;3816struct ath10k_htt_tx_stats *tx_stats;3817int idx, ht_idx, gi, mcs, bw, nss;3818unsigned long flags;38193820if (!arsta->tx_stats)3821return;38223823tx_stats = arsta->tx_stats;3824flags = txrate->flags;3825gi = test_bit(ATH10K_RATE_INFO_FLAGS_SGI_BIT, &flags);3826mcs = ATH10K_HW_MCS_RATE(pstats->ratecode);3827bw = txrate->bw;3828nss = txrate->nss;3829ht_idx = mcs + (nss - 1) * 8;3830idx = mcs * 8 + 8 * 10 * (nss - 1);3831idx += bw * 2 + gi;38323833#define STATS_OP_FMT(name) tx_stats->stats[ATH10K_STATS_TYPE_##name]38343835if (txrate->flags & RATE_INFO_FLAGS_VHT_MCS) {3836STATS_OP_FMT(SUCC).vht[0][mcs] += pstats->succ_bytes;3837STATS_OP_FMT(SUCC).vht[1][mcs] += pstats->succ_pkts;3838STATS_OP_FMT(FAIL).vht[0][mcs] += pstats->failed_bytes;3839STATS_OP_FMT(FAIL).vht[1][mcs] += pstats->failed_pkts;3840STATS_OP_FMT(RETRY).vht[0][mcs] += pstats->retry_bytes;3841STATS_OP_FMT(RETRY).vht[1][mcs] += pstats->retry_pkts;3842} else if (txrate->flags & RATE_INFO_FLAGS_MCS) {3843STATS_OP_FMT(SUCC).ht[0][ht_idx] += pstats->succ_bytes;3844STATS_OP_FMT(SUCC).ht[1][ht_idx] += pstats->succ_pkts;3845STATS_OP_FMT(FAIL).ht[0][ht_idx] += pstats->failed_bytes;3846STATS_OP_FMT(FAIL).ht[1][ht_idx] += pstats->failed_pkts;3847STATS_OP_FMT(RETRY).ht[0][ht_idx] += pstats->retry_bytes;3848STATS_OP_FMT(RETRY).ht[1][ht_idx] += pstats->retry_pkts;3849} else {3850mcs = legacy_rate_idx;38513852STATS_OP_FMT(SUCC).legacy[0][mcs] += pstats->succ_bytes;3853STATS_OP_FMT(SUCC).legacy[1][mcs] += pstats->succ_pkts;3854STATS_OP_FMT(FAIL).legacy[0][mcs] += pstats->failed_bytes;3855STATS_OP_FMT(FAIL).legacy[1][mcs] += pstats->failed_pkts;3856STATS_OP_FMT(RETRY).legacy[0][mcs] += pstats->retry_bytes;3857STATS_OP_FMT(RETRY).legacy[1][mcs] += pstats->retry_pkts;3858}38593860if (ATH10K_HW_AMPDU(pstats->flags)) {3861tx_stats->ba_fails += ATH10K_HW_BA_FAIL(pstats->flags);38623863if (txrate->flags & RATE_INFO_FLAGS_MCS) {3864STATS_OP_FMT(AMPDU).ht[0][ht_idx] +=3865pstats->succ_bytes + pstats->retry_bytes;3866STATS_OP_FMT(AMPDU).ht[1][ht_idx] +=3867pstats->succ_pkts + pstats->retry_pkts;3868} else {3869STATS_OP_FMT(AMPDU).vht[0][mcs] +=3870pstats->succ_bytes + pstats->retry_bytes;3871STATS_OP_FMT(AMPDU).vht[1][mcs] +=3872pstats->succ_pkts + pstats->retry_pkts;3873}3874STATS_OP_FMT(AMPDU).bw[0][bw] +=3875pstats->succ_bytes + pstats->retry_bytes;3876STATS_OP_FMT(AMPDU).nss[0][nss - 1] +=3877pstats->succ_bytes + pstats->retry_bytes;3878STATS_OP_FMT(AMPDU).gi[0][gi] +=3879pstats->succ_bytes + pstats->retry_bytes;3880STATS_OP_FMT(AMPDU).rate_table[0][idx] +=3881pstats->succ_bytes + pstats->retry_bytes;3882STATS_OP_FMT(AMPDU).bw[1][bw] +=3883pstats->succ_pkts + pstats->retry_pkts;3884STATS_OP_FMT(AMPDU).nss[1][nss - 1] +=3885pstats->succ_pkts + pstats->retry_pkts;3886STATS_OP_FMT(AMPDU).gi[1][gi] +=3887pstats->succ_pkts + pstats->retry_pkts;3888STATS_OP_FMT(AMPDU).rate_table[1][idx] +=3889pstats->succ_pkts + pstats->retry_pkts;3890} else {3891tx_stats->ack_fails +=3892ATH10K_HW_BA_FAIL(pstats->flags);3893}38943895STATS_OP_FMT(SUCC).bw[0][bw] += pstats->succ_bytes;3896STATS_OP_FMT(SUCC).nss[0][nss - 1] += pstats->succ_bytes;3897STATS_OP_FMT(SUCC).gi[0][gi] += pstats->succ_bytes;38983899STATS_OP_FMT(SUCC).bw[1][bw] += pstats->succ_pkts;3900STATS_OP_FMT(SUCC).nss[1][nss - 1] += pstats->succ_pkts;3901STATS_OP_FMT(SUCC).gi[1][gi] += pstats->succ_pkts;39023903STATS_OP_FMT(FAIL).bw[0][bw] += pstats->failed_bytes;3904STATS_OP_FMT(FAIL).nss[0][nss - 1] += pstats->failed_bytes;3905STATS_OP_FMT(FAIL).gi[0][gi] += pstats->failed_bytes;39063907STATS_OP_FMT(FAIL).bw[1][bw] += pstats->failed_pkts;3908STATS_OP_FMT(FAIL).nss[1][nss - 1] += pstats->failed_pkts;3909STATS_OP_FMT(FAIL).gi[1][gi] += pstats->failed_pkts;39103911STATS_OP_FMT(RETRY).bw[0][bw] += pstats->retry_bytes;3912STATS_OP_FMT(RETRY).nss[0][nss - 1] += pstats->retry_bytes;3913STATS_OP_FMT(RETRY).gi[0][gi] += pstats->retry_bytes;39143915STATS_OP_FMT(RETRY).bw[1][bw] += pstats->retry_pkts;3916STATS_OP_FMT(RETRY).nss[1][nss - 1] += pstats->retry_pkts;3917STATS_OP_FMT(RETRY).gi[1][gi] += pstats->retry_pkts;39183919if (txrate->flags >= RATE_INFO_FLAGS_MCS) {3920STATS_OP_FMT(SUCC).rate_table[0][idx] += pstats->succ_bytes;3921STATS_OP_FMT(SUCC).rate_table[1][idx] += pstats->succ_pkts;3922STATS_OP_FMT(FAIL).rate_table[0][idx] += pstats->failed_bytes;3923STATS_OP_FMT(FAIL).rate_table[1][idx] += pstats->failed_pkts;3924STATS_OP_FMT(RETRY).rate_table[0][idx] += pstats->retry_bytes;3925STATS_OP_FMT(RETRY).rate_table[1][idx] += pstats->retry_pkts;3926}39273928tx_stats->tx_duration += pstats->duration;3929}39303931static void3932ath10k_update_per_peer_tx_stats(struct ath10k *ar,3933struct ieee80211_sta *sta,3934struct ath10k_per_peer_tx_stats *peer_stats)3935{3936struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;3937struct ieee80211_chanctx_conf *conf = NULL;3938u8 rate = 0, sgi;3939s8 rate_idx = 0;3940bool skip_auto_rate;3941struct rate_info txrate;39423943lockdep_assert_held(&ar->data_lock);39443945txrate.flags = ATH10K_HW_PREAMBLE(peer_stats->ratecode);3946txrate.bw = ATH10K_HW_BW(peer_stats->flags);3947txrate.nss = ATH10K_HW_NSS(peer_stats->ratecode);3948txrate.mcs = ATH10K_HW_MCS_RATE(peer_stats->ratecode);3949sgi = ATH10K_HW_GI(peer_stats->flags);3950skip_auto_rate = ATH10K_FW_SKIPPED_RATE_CTRL(peer_stats->flags);39513952/* Firmware's rate control skips broadcast/management frames,3953* if host has configure fixed rates and in some other special cases.3954*/3955if (skip_auto_rate)3956return;39573958if (txrate.flags == WMI_RATE_PREAMBLE_VHT && txrate.mcs > 9) {3959ath10k_warn(ar, "Invalid VHT mcs %d peer stats", txrate.mcs);3960return;3961}39623963if (txrate.flags == WMI_RATE_PREAMBLE_HT &&3964(txrate.mcs > 7 || txrate.nss < 1)) {3965ath10k_warn(ar, "Invalid HT mcs %d nss %d peer stats",3966txrate.mcs, txrate.nss);3967return;3968}39693970memset(&arsta->txrate, 0, sizeof(arsta->txrate));3971memset(&arsta->tx_info.status, 0, sizeof(arsta->tx_info.status));3972if (txrate.flags == WMI_RATE_PREAMBLE_CCK ||3973txrate.flags == WMI_RATE_PREAMBLE_OFDM) {3974rate = ATH10K_HW_LEGACY_RATE(peer_stats->ratecode);3975/* This is hacky, FW sends CCK rate 5.5Mbps as 6 */3976if (rate == 6 && txrate.flags == WMI_RATE_PREAMBLE_CCK)3977rate = 5;3978rate_idx = ath10k_get_legacy_rate_idx(ar, rate);3979if (rate_idx < 0)3980return;3981arsta->txrate.legacy = rate;3982} else if (txrate.flags == WMI_RATE_PREAMBLE_HT) {3983arsta->txrate.flags = RATE_INFO_FLAGS_MCS;3984arsta->txrate.mcs = txrate.mcs + 8 * (txrate.nss - 1);3985} else {3986arsta->txrate.flags = RATE_INFO_FLAGS_VHT_MCS;3987arsta->txrate.mcs = txrate.mcs;3988}39893990switch (txrate.flags) {3991case WMI_RATE_PREAMBLE_OFDM:3992if (arsta->arvif && arsta->arvif->vif)3993conf = rcu_dereference(arsta->arvif->vif->bss_conf.chanctx_conf);3994if (conf && conf->def.chan->band == NL80211_BAND_5GHZ)3995arsta->tx_info.status.rates[0].idx = rate_idx - 4;3996break;3997case WMI_RATE_PREAMBLE_CCK:3998arsta->tx_info.status.rates[0].idx = rate_idx;3999if (sgi)4000arsta->tx_info.status.rates[0].flags |=4001(IEEE80211_TX_RC_USE_SHORT_PREAMBLE |4002IEEE80211_TX_RC_SHORT_GI);4003break;4004case WMI_RATE_PREAMBLE_HT:4005arsta->tx_info.status.rates[0].idx =4006txrate.mcs + ((txrate.nss - 1) * 8);4007if (sgi)4008arsta->tx_info.status.rates[0].flags |=4009IEEE80211_TX_RC_SHORT_GI;4010arsta->tx_info.status.rates[0].flags |= IEEE80211_TX_RC_MCS;4011break;4012case WMI_RATE_PREAMBLE_VHT:4013ieee80211_rate_set_vht(&arsta->tx_info.status.rates[0],4014txrate.mcs, txrate.nss);4015if (sgi)4016arsta->tx_info.status.rates[0].flags |=4017IEEE80211_TX_RC_SHORT_GI;4018arsta->tx_info.status.rates[0].flags |= IEEE80211_TX_RC_VHT_MCS;4019break;4020}40214022arsta->txrate.nss = txrate.nss;4023arsta->txrate.bw = ath10k_bw_to_mac80211_bw(txrate.bw);4024arsta->last_tx_bitrate = cfg80211_calculate_bitrate(&arsta->txrate);4025if (sgi)4026arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;40274028switch (arsta->txrate.bw) {4029case RATE_INFO_BW_40:4030arsta->tx_info.status.rates[0].flags |=4031IEEE80211_TX_RC_40_MHZ_WIDTH;4032break;4033case RATE_INFO_BW_80:4034arsta->tx_info.status.rates[0].flags |=4035IEEE80211_TX_RC_80_MHZ_WIDTH;4036break;4037case RATE_INFO_BW_160:4038arsta->tx_info.status.rates[0].flags |=4039IEEE80211_TX_RC_160_MHZ_WIDTH;4040break;4041}40424043if (peer_stats->succ_pkts) {4044arsta->tx_info.flags = IEEE80211_TX_STAT_ACK;4045arsta->tx_info.status.rates[0].count = 1;4046ieee80211_tx_rate_update(ar->hw, sta, &arsta->tx_info);4047}40484049if (ar->htt.disable_tx_comp) {4050arsta->tx_failed += peer_stats->failed_pkts;4051ath10k_dbg(ar, ATH10K_DBG_HTT, "tx failed %d\n",4052arsta->tx_failed);4053}40544055arsta->tx_retries += peer_stats->retry_pkts;4056ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx retries %d", arsta->tx_retries);40574058if (ath10k_debug_is_extd_tx_stats_enabled(ar))4059ath10k_accumulate_per_peer_tx_stats(ar, arsta, peer_stats,4060rate_idx);4061}40624063static void ath10k_htt_fetch_peer_stats(struct ath10k *ar,4064struct sk_buff *skb)4065{4066struct htt_resp *resp = (struct htt_resp *)skb->data;4067struct ath10k_per_peer_tx_stats *p_tx_stats = &ar->peer_tx_stats;4068struct htt_per_peer_tx_stats_ind *tx_stats;4069struct ieee80211_sta *sta;4070struct ath10k_peer *peer;4071int peer_id, i;4072u8 ppdu_len, num_ppdu;40734074num_ppdu = resp->peer_tx_stats.num_ppdu;4075ppdu_len = resp->peer_tx_stats.ppdu_len * sizeof(__le32);40764077if (skb->len < sizeof(struct htt_resp_hdr) + num_ppdu * ppdu_len) {4078ath10k_warn(ar, "Invalid peer stats buf length %d\n", skb->len);4079return;4080}40814082tx_stats = (struct htt_per_peer_tx_stats_ind *)4083(resp->peer_tx_stats.payload);4084peer_id = __le16_to_cpu(tx_stats->peer_id);40854086rcu_read_lock();4087spin_lock_bh(&ar->data_lock);4088peer = ath10k_peer_find_by_id(ar, peer_id);4089if (!peer || !peer->sta) {4090ath10k_warn(ar, "Invalid peer id %d peer stats buffer\n",4091peer_id);4092goto out;4093}40944095sta = peer->sta;4096for (i = 0; i < num_ppdu; i++) {4097tx_stats = (struct htt_per_peer_tx_stats_ind *)4098(resp->peer_tx_stats.payload + i * ppdu_len);40994100p_tx_stats->succ_bytes = __le32_to_cpu(tx_stats->succ_bytes);4101p_tx_stats->retry_bytes = __le32_to_cpu(tx_stats->retry_bytes);4102p_tx_stats->failed_bytes =4103__le32_to_cpu(tx_stats->failed_bytes);4104p_tx_stats->ratecode = tx_stats->ratecode;4105p_tx_stats->flags = tx_stats->flags;4106p_tx_stats->succ_pkts = __le16_to_cpu(tx_stats->succ_pkts);4107p_tx_stats->retry_pkts = __le16_to_cpu(tx_stats->retry_pkts);4108p_tx_stats->failed_pkts = __le16_to_cpu(tx_stats->failed_pkts);4109p_tx_stats->duration = __le16_to_cpu(tx_stats->tx_duration);41104111ath10k_update_per_peer_tx_stats(ar, sta, p_tx_stats);4112}41134114out:4115spin_unlock_bh(&ar->data_lock);4116rcu_read_unlock();4117}41184119static void ath10k_fetch_10_2_tx_stats(struct ath10k *ar, u8 *data)4120{4121struct ath10k_pktlog_hdr *hdr = (struct ath10k_pktlog_hdr *)data;4122struct ath10k_per_peer_tx_stats *p_tx_stats = &ar->peer_tx_stats;4123struct ath10k_10_2_peer_tx_stats *tx_stats;4124struct ieee80211_sta *sta;4125struct ath10k_peer *peer;4126u16 log_type = __le16_to_cpu(hdr->log_type);4127u32 peer_id = 0, i;41284129if (log_type != ATH_PKTLOG_TYPE_TX_STAT)4130return;41314132tx_stats = (struct ath10k_10_2_peer_tx_stats *)((hdr->payload) +4133ATH10K_10_2_TX_STATS_OFFSET);41344135if (!tx_stats->tx_ppdu_cnt)4136return;41374138peer_id = tx_stats->peer_id;41394140rcu_read_lock();4141spin_lock_bh(&ar->data_lock);4142peer = ath10k_peer_find_by_id(ar, peer_id);4143if (!peer || !peer->sta) {4144ath10k_warn(ar, "Invalid peer id %d in peer stats buffer\n",4145peer_id);4146goto out;4147}41484149sta = peer->sta;4150for (i = 0; i < tx_stats->tx_ppdu_cnt; i++) {4151p_tx_stats->succ_bytes =4152__le16_to_cpu(tx_stats->success_bytes[i]);4153p_tx_stats->retry_bytes =4154__le16_to_cpu(tx_stats->retry_bytes[i]);4155p_tx_stats->failed_bytes =4156__le16_to_cpu(tx_stats->failed_bytes[i]);4157p_tx_stats->ratecode = tx_stats->ratecode[i];4158p_tx_stats->flags = tx_stats->flags[i];4159p_tx_stats->succ_pkts = tx_stats->success_pkts[i];4160p_tx_stats->retry_pkts = tx_stats->retry_pkts[i];4161p_tx_stats->failed_pkts = tx_stats->failed_pkts[i];41624163ath10k_update_per_peer_tx_stats(ar, sta, p_tx_stats);4164}4165spin_unlock_bh(&ar->data_lock);4166rcu_read_unlock();41674168return;41694170out:4171spin_unlock_bh(&ar->data_lock);4172rcu_read_unlock();4173}41744175static int ath10k_htt_rx_pn_len(enum htt_security_types sec_type)4176{4177switch (sec_type) {4178case HTT_SECURITY_TKIP:4179case HTT_SECURITY_TKIP_NOMIC:4180case HTT_SECURITY_AES_CCMP:4181return 48;4182default:4183return 0;4184}4185}41864187static void ath10k_htt_rx_sec_ind_handler(struct ath10k *ar,4188struct htt_security_indication *ev)4189{4190enum htt_txrx_sec_cast_type sec_index;4191enum htt_security_types sec_type;4192struct ath10k_peer *peer;41934194spin_lock_bh(&ar->data_lock);41954196peer = ath10k_peer_find_by_id(ar, __le16_to_cpu(ev->peer_id));4197if (!peer) {4198ath10k_warn(ar, "failed to find peer id %d for security indication",4199__le16_to_cpu(ev->peer_id));4200goto out;4201}42024203sec_type = MS(ev->flags, HTT_SECURITY_TYPE);42044205if (ev->flags & HTT_SECURITY_IS_UNICAST)4206sec_index = HTT_TXRX_SEC_UCAST;4207else4208sec_index = HTT_TXRX_SEC_MCAST;42094210peer->rx_pn[sec_index].sec_type = sec_type;4211peer->rx_pn[sec_index].pn_len = ath10k_htt_rx_pn_len(sec_type);42124213memset(peer->tids_last_pn_valid, 0, sizeof(peer->tids_last_pn_valid));4214memset(peer->tids_last_pn, 0, sizeof(peer->tids_last_pn));42154216out:4217spin_unlock_bh(&ar->data_lock);4218}42194220bool ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)4221{4222struct ath10k_htt *htt = &ar->htt;4223struct htt_resp *resp = (struct htt_resp *)skb->data;4224enum htt_t2h_msg_type type;42254226/* confirm alignment */4227if (!IS_ALIGNED((unsigned long)skb->data, 4))4228ath10k_warn(ar, "unaligned htt message, expect trouble\n");42294230ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, msg_type: 0x%0X\n",4231resp->hdr.msg_type);42324233if (resp->hdr.msg_type >= ar->htt.t2h_msg_types_max) {4234ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, unsupported msg_type: 0x%0X\n max: 0x%0X",4235resp->hdr.msg_type, ar->htt.t2h_msg_types_max);4236return true;4237}4238type = ar->htt.t2h_msg_types[resp->hdr.msg_type];42394240switch (type) {4241case HTT_T2H_MSG_TYPE_VERSION_CONF: {4242htt->target_version_major = resp->ver_resp.major;4243htt->target_version_minor = resp->ver_resp.minor;4244complete(&htt->target_version_received);4245break;4246}4247case HTT_T2H_MSG_TYPE_RX_IND:4248if (ar->bus_param.dev_type != ATH10K_DEV_TYPE_HL) {4249ath10k_htt_rx_proc_rx_ind_ll(htt, &resp->rx_ind);4250} else {4251skb_queue_tail(&htt->rx_indication_head, skb);4252return false;4253}4254break;4255case HTT_T2H_MSG_TYPE_PEER_MAP: {4256struct htt_peer_map_event ev = {4257.vdev_id = resp->peer_map.vdev_id,4258.peer_id = __le16_to_cpu(resp->peer_map.peer_id),4259};4260memcpy(ev.addr, resp->peer_map.addr, sizeof(ev.addr));4261ath10k_peer_map_event(htt, &ev);4262break;4263}4264case HTT_T2H_MSG_TYPE_PEER_UNMAP: {4265struct htt_peer_unmap_event ev = {4266.peer_id = __le16_to_cpu(resp->peer_unmap.peer_id),4267};4268ath10k_peer_unmap_event(htt, &ev);4269break;4270}4271case HTT_T2H_MSG_TYPE_MGMT_TX_COMPLETION: {4272struct htt_tx_done tx_done = {};4273struct ath10k_htt *htt = &ar->htt;4274struct ath10k_htc *htc = &ar->htc;4275struct ath10k_htc_ep *ep = &ar->htc.endpoint[htt->eid];4276int status = __le32_to_cpu(resp->mgmt_tx_completion.status);4277int info = __le32_to_cpu(resp->mgmt_tx_completion.info);42784279tx_done.msdu_id = __le32_to_cpu(resp->mgmt_tx_completion.desc_id);42804281switch (status) {4282case HTT_MGMT_TX_STATUS_OK:4283tx_done.status = HTT_TX_COMPL_STATE_ACK;4284if (test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS,4285ar->wmi.svc_map) &&4286(resp->mgmt_tx_completion.flags &4287HTT_MGMT_TX_CMPL_FLAG_ACK_RSSI)) {4288tx_done.ack_rssi =4289FIELD_GET(HTT_MGMT_TX_CMPL_INFO_ACK_RSSI_MASK,4290info);4291}4292break;4293case HTT_MGMT_TX_STATUS_RETRY:4294tx_done.status = HTT_TX_COMPL_STATE_NOACK;4295break;4296case HTT_MGMT_TX_STATUS_DROP:4297tx_done.status = HTT_TX_COMPL_STATE_DISCARD;4298break;4299}43004301if (htt->disable_tx_comp) {4302spin_lock_bh(&htc->tx_lock);4303ep->tx_credits++;4304spin_unlock_bh(&htc->tx_lock);4305}43064307status = ath10k_txrx_tx_unref(htt, &tx_done);4308if (!status) {4309spin_lock_bh(&htt->tx_lock);4310ath10k_htt_tx_mgmt_dec_pending(htt);4311spin_unlock_bh(&htt->tx_lock);4312}4313break;4314}4315case HTT_T2H_MSG_TYPE_TX_COMPL_IND:4316ath10k_htt_rx_tx_compl_ind(htt->ar, skb);4317break;4318case HTT_T2H_MSG_TYPE_SEC_IND: {4319struct ath10k *ar = htt->ar;4320struct htt_security_indication *ev = &resp->security_indication;43214322ath10k_htt_rx_sec_ind_handler(ar, ev);4323ath10k_dbg(ar, ATH10K_DBG_HTT,4324"sec ind peer_id %d unicast %d type %d\n",4325__le16_to_cpu(ev->peer_id),4326!!(ev->flags & HTT_SECURITY_IS_UNICAST),4327MS(ev->flags, HTT_SECURITY_TYPE));4328complete(&ar->install_key_done);4329break;4330}4331case HTT_T2H_MSG_TYPE_RX_FRAG_IND: {4332ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",4333skb->data, skb->len);4334atomic_inc(&htt->num_mpdus_ready);43354336return ath10k_htt_rx_proc_rx_frag_ind(htt,4337&resp->rx_frag_ind,4338skb);4339}4340case HTT_T2H_MSG_TYPE_TEST:4341break;4342case HTT_T2H_MSG_TYPE_STATS_CONF:4343trace_ath10k_htt_stats(ar, skb->data, skb->len);4344break;4345case HTT_T2H_MSG_TYPE_TX_INSPECT_IND:4346/* Firmware can return tx frames if it's unable to fully4347* process them and suspects host may be able to fix it. ath10k4348* sends all tx frames as already inspected so this shouldn't4349* happen unless fw has a bug.4350*/4351ath10k_warn(ar, "received an unexpected htt tx inspect event\n");4352break;4353case HTT_T2H_MSG_TYPE_RX_ADDBA:4354ath10k_htt_rx_addba(ar, resp);4355break;4356case HTT_T2H_MSG_TYPE_RX_DELBA:4357ath10k_htt_rx_delba(ar, resp);4358break;4359case HTT_T2H_MSG_TYPE_PKTLOG: {4360trace_ath10k_htt_pktlog(ar, resp->pktlog_msg.payload,4361skb->len -4362offsetof(struct htt_resp,4363pktlog_msg.payload));43644365if (ath10k_peer_stats_enabled(ar))4366ath10k_fetch_10_2_tx_stats(ar,4367resp->pktlog_msg.payload);4368break;4369}4370case HTT_T2H_MSG_TYPE_RX_FLUSH: {4371/* Ignore this event because mac80211 takes care of Rx4372* aggregation reordering.4373*/4374break;4375}4376case HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND: {4377skb_queue_tail(&htt->rx_in_ord_compl_q, skb);4378return false;4379}4380case HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND: {4381struct ath10k_htt *htt = &ar->htt;4382struct ath10k_htc *htc = &ar->htc;4383struct ath10k_htc_ep *ep = &ar->htc.endpoint[htt->eid];4384u32 msg_word = __le32_to_cpu(*(__le32 *)resp);4385int htt_credit_delta;43864387htt_credit_delta = HTT_TX_CREDIT_DELTA_ABS_GET(msg_word);4388if (HTT_TX_CREDIT_SIGN_BIT_GET(msg_word))4389htt_credit_delta = -htt_credit_delta;43904391ath10k_dbg(ar, ATH10K_DBG_HTT,4392"htt credit update delta %d\n",4393htt_credit_delta);43944395if (htt->disable_tx_comp) {4396spin_lock_bh(&htc->tx_lock);4397ep->tx_credits += htt_credit_delta;4398spin_unlock_bh(&htc->tx_lock);4399ath10k_dbg(ar, ATH10K_DBG_HTT,4400"htt credit total %d\n",4401ep->tx_credits);4402ep->ep_ops.ep_tx_credits(htc->ar);4403}4404break;4405}4406case HTT_T2H_MSG_TYPE_CHAN_CHANGE: {4407u32 phymode = __le32_to_cpu(resp->chan_change.phymode);4408u32 freq = __le32_to_cpu(resp->chan_change.freq);44094410ar->tgt_oper_chan = ieee80211_get_channel(ar->hw->wiphy, freq);4411ath10k_dbg(ar, ATH10K_DBG_HTT,4412"htt chan change freq %u phymode %s\n",4413freq, ath10k_wmi_phymode_str(phymode));4414break;4415}4416case HTT_T2H_MSG_TYPE_AGGR_CONF:4417break;4418case HTT_T2H_MSG_TYPE_TX_FETCH_IND: {4419struct sk_buff *tx_fetch_ind = skb_copy(skb, GFP_ATOMIC);44204421if (!tx_fetch_ind) {4422ath10k_warn(ar, "failed to copy htt tx fetch ind\n");4423break;4424}4425skb_queue_tail(&htt->tx_fetch_ind_q, tx_fetch_ind);4426break;4427}4428case HTT_T2H_MSG_TYPE_TX_FETCH_CONFIRM:4429ath10k_htt_rx_tx_fetch_confirm(ar, skb);4430break;4431case HTT_T2H_MSG_TYPE_TX_MODE_SWITCH_IND:4432ath10k_htt_rx_tx_mode_switch_ind(ar, skb);4433break;4434case HTT_T2H_MSG_TYPE_PEER_STATS:4435ath10k_htt_fetch_peer_stats(ar, skb);4436break;4437case HTT_T2H_MSG_TYPE_EN_STATS:4438default:4439ath10k_warn(ar, "htt event (%d) not handled\n",4440resp->hdr.msg_type);4441ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",4442skb->data, skb->len);4443break;4444}4445return true;4446}4447EXPORT_SYMBOL(ath10k_htt_t2h_msg_handler);44484449void ath10k_htt_rx_pktlog_completion_handler(struct ath10k *ar,4450struct sk_buff *skb)4451{4452trace_ath10k_htt_pktlog(ar, skb->data, skb->len);4453dev_kfree_skb_any(skb);4454}4455EXPORT_SYMBOL(ath10k_htt_rx_pktlog_completion_handler);44564457static int ath10k_htt_rx_deliver_msdu(struct ath10k *ar, int quota, int budget)4458{4459struct sk_buff *skb;44604461while (quota < budget) {4462if (skb_queue_empty(&ar->htt.rx_msdus_q))4463break;44644465skb = skb_dequeue(&ar->htt.rx_msdus_q);4466if (!skb)4467break;4468ath10k_process_rx(ar, skb);4469quota++;4470}44714472return quota;4473}44744475int ath10k_htt_rx_hl_indication(struct ath10k *ar, int budget)4476{4477struct htt_resp *resp;4478struct ath10k_htt *htt = &ar->htt;4479struct sk_buff *skb;4480bool release;4481int quota;44824483for (quota = 0; quota < budget; quota++) {4484skb = skb_dequeue(&htt->rx_indication_head);4485if (!skb)4486break;44874488resp = (struct htt_resp *)skb->data;44894490release = ath10k_htt_rx_proc_rx_ind_hl(htt,4491&resp->rx_ind_hl,4492skb,4493HTT_RX_PN_CHECK,4494HTT_RX_NON_TKIP_MIC);44954496if (release)4497dev_kfree_skb_any(skb);44984499ath10k_dbg(ar, ATH10K_DBG_HTT, "rx indication poll pending count:%d\n",4500skb_queue_len(&htt->rx_indication_head));4501}4502return quota;4503}4504EXPORT_SYMBOL(ath10k_htt_rx_hl_indication);45054506int ath10k_htt_txrx_compl_task(struct ath10k *ar, int budget)4507{4508struct ath10k_htt *htt = &ar->htt;4509struct htt_tx_done tx_done = {};4510struct sk_buff_head tx_ind_q;4511struct sk_buff *skb;4512unsigned long flags;4513int quota = 0, done, ret;4514bool resched_napi = false;45154516__skb_queue_head_init(&tx_ind_q);45174518/* Process pending frames before dequeuing more data4519* from hardware.4520*/4521quota = ath10k_htt_rx_deliver_msdu(ar, quota, budget);4522if (quota == budget) {4523resched_napi = true;4524goto exit;4525}45264527while ((skb = skb_dequeue(&htt->rx_in_ord_compl_q))) {4528spin_lock_bh(&htt->rx_ring.lock);4529ret = ath10k_htt_rx_in_ord_ind(ar, skb);4530spin_unlock_bh(&htt->rx_ring.lock);45314532dev_kfree_skb_any(skb);4533if (ret == -EIO) {4534resched_napi = true;4535goto exit;4536}4537}45384539while (atomic_read(&htt->num_mpdus_ready)) {4540ret = ath10k_htt_rx_handle_amsdu(htt);4541if (ret == -EIO) {4542resched_napi = true;4543goto exit;4544}4545atomic_dec(&htt->num_mpdus_ready);4546}45474548/* Deliver received data after processing data from hardware */4549quota = ath10k_htt_rx_deliver_msdu(ar, quota, budget);45504551/* From NAPI documentation:4552* The napi poll() function may also process TX completions, in which4553* case if it processes the entire TX ring then it should count that4554* work as the rest of the budget.4555*/4556if ((quota < budget) && !kfifo_is_empty(&htt->txdone_fifo))4557quota = budget;45584559/* kfifo_get: called only within txrx_tasklet so it's neatly serialized.4560* From kfifo_get() documentation:4561* Note that with only one concurrent reader and one concurrent writer,4562* you don't need extra locking to use these macro.4563*/4564while (kfifo_get(&htt->txdone_fifo, &tx_done))4565ath10k_txrx_tx_unref(htt, &tx_done);45664567ath10k_mac_tx_push_pending(ar);45684569spin_lock_irqsave(&htt->tx_fetch_ind_q.lock, flags);4570skb_queue_splice_init(&htt->tx_fetch_ind_q, &tx_ind_q);4571spin_unlock_irqrestore(&htt->tx_fetch_ind_q.lock, flags);45724573while ((skb = __skb_dequeue(&tx_ind_q))) {4574ath10k_htt_rx_tx_fetch_ind(ar, skb);4575dev_kfree_skb_any(skb);4576}45774578exit:4579ath10k_htt_rx_msdu_buff_replenish(htt);4580/* In case of rx failure or more data to read, report budget4581* to reschedule NAPI poll4582*/4583done = resched_napi ? budget : quota;45844585return done;4586}4587EXPORT_SYMBOL(ath10k_htt_txrx_compl_task);45884589static const struct ath10k_htt_rx_ops htt_rx_ops_32 = {4590.htt_get_rx_ring_size = ath10k_htt_get_rx_ring_size_32,4591.htt_config_paddrs_ring = ath10k_htt_config_paddrs_ring_32,4592.htt_set_paddrs_ring = ath10k_htt_set_paddrs_ring_32,4593.htt_get_vaddr_ring = ath10k_htt_get_vaddr_ring_32,4594.htt_reset_paddrs_ring = ath10k_htt_reset_paddrs_ring_32,4595};45964597static const struct ath10k_htt_rx_ops htt_rx_ops_64 = {4598.htt_get_rx_ring_size = ath10k_htt_get_rx_ring_size_64,4599.htt_config_paddrs_ring = ath10k_htt_config_paddrs_ring_64,4600.htt_set_paddrs_ring = ath10k_htt_set_paddrs_ring_64,4601.htt_get_vaddr_ring = ath10k_htt_get_vaddr_ring_64,4602.htt_reset_paddrs_ring = ath10k_htt_reset_paddrs_ring_64,4603};46044605static const struct ath10k_htt_rx_ops htt_rx_ops_hl = {4606.htt_rx_proc_rx_frag_ind = ath10k_htt_rx_proc_rx_frag_ind_hl,4607};46084609void ath10k_htt_set_rx_ops(struct ath10k_htt *htt)4610{4611struct ath10k *ar = htt->ar;46124613if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)4614htt->rx_ops = &htt_rx_ops_hl;4615else if (ar->hw_params.target_64bit)4616htt->rx_ops = &htt_rx_ops_64;4617else4618htt->rx_ops = &htt_rx_ops_32;4619}462046214622