Path: blob/main/sys/contrib/dev/athk/ath10k/htt_rx.c
105337 views
// SPDX-License-Identifier: ISC1/*2* Copyright (c) 2005-2011 Atheros Communications Inc.3* Copyright (c) 2011-2017 Qualcomm Atheros, Inc.4* Copyright (c) 2018, The Linux Foundation. All rights reserved.5* Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved.6* Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.7*/89#include <linux/export.h>1011#include "core.h"12#include "htc.h"13#include "htt.h"14#include "txrx.h"15#include "debug.h"16#include "trace.h"17#include "mac.h"1819#include <linux/log2.h>20#include <linux/bitfield.h>2122/* when under memory pressure rx ring refill may fail and needs a retry */23#define HTT_RX_RING_REFILL_RETRY_MS 502425#define HTT_RX_RING_REFILL_RESCHED_MS 52627/* shortcut to interpret a raw memory buffer as a rx descriptor */28#define HTT_RX_BUF_TO_RX_DESC(hw, buf) ath10k_htt_rx_desc_from_raw_buffer(hw, buf)2930static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *skb);3132static struct sk_buff *33ath10k_htt_rx_find_skb_paddr(struct ath10k *ar, u64 paddr)34{35struct ath10k_skb_rxcb *rxcb;3637hash_for_each_possible(ar->htt.rx_ring.skb_table, rxcb, hlist, paddr)38if (rxcb->paddr == paddr)39return ATH10K_RXCB_SKB(rxcb);4041WARN_ON_ONCE(1);42return NULL;43}4445static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt)46{47struct sk_buff *skb;48struct ath10k_skb_rxcb *rxcb;49struct hlist_node *n;50int i;5152if (htt->rx_ring.in_ord_rx) {53hash_for_each_safe(htt->rx_ring.skb_table, i, n, rxcb, hlist) {54skb = ATH10K_RXCB_SKB(rxcb);55dma_unmap_single(htt->ar->dev, rxcb->paddr,56skb->len + skb_tailroom(skb),57DMA_FROM_DEVICE);58hash_del(&rxcb->hlist);59dev_kfree_skb_any(skb);60}61} else {62for (i = 0; i < htt->rx_ring.size; i++) {63skb = htt->rx_ring.netbufs_ring[i];64if (!skb)65continue;6667rxcb = ATH10K_SKB_RXCB(skb);68dma_unmap_single(htt->ar->dev, rxcb->paddr,69skb->len + skb_tailroom(skb),70DMA_FROM_DEVICE);71dev_kfree_skb_any(skb);72}73}7475htt->rx_ring.fill_cnt = 0;76hash_init(htt->rx_ring.skb_table);77memset(htt->rx_ring.netbufs_ring, 0,78htt->rx_ring.size * sizeof(htt->rx_ring.netbufs_ring[0]));79}8081static size_t ath10k_htt_get_rx_ring_size_32(struct ath10k_htt *htt)82{83return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_32);84}8586static size_t ath10k_htt_get_rx_ring_size_64(struct ath10k_htt *htt)87{88return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_64);89}9091static void ath10k_htt_config_paddrs_ring_32(struct ath10k_htt *htt,92void *vaddr)93{94htt->rx_ring.paddrs_ring_32 = vaddr;95}9697static void ath10k_htt_config_paddrs_ring_64(struct ath10k_htt *htt,98void *vaddr)99{100htt->rx_ring.paddrs_ring_64 = vaddr;101}102103static void ath10k_htt_set_paddrs_ring_32(struct ath10k_htt *htt,104dma_addr_t paddr, int idx)105{106htt->rx_ring.paddrs_ring_32[idx] = __cpu_to_le32(paddr);107}108109static void ath10k_htt_set_paddrs_ring_64(struct ath10k_htt *htt,110dma_addr_t paddr, int idx)111{112htt->rx_ring.paddrs_ring_64[idx] = __cpu_to_le64(paddr);113}114115static void ath10k_htt_reset_paddrs_ring_32(struct ath10k_htt *htt, int idx)116{117htt->rx_ring.paddrs_ring_32[idx] = 0;118}119120static void ath10k_htt_reset_paddrs_ring_64(struct ath10k_htt *htt, int idx)121{122htt->rx_ring.paddrs_ring_64[idx] = 0;123}124125static void *ath10k_htt_get_vaddr_ring_32(struct ath10k_htt *htt)126{127return (void *)htt->rx_ring.paddrs_ring_32;128}129130static void *ath10k_htt_get_vaddr_ring_64(struct ath10k_htt *htt)131{132return (void *)htt->rx_ring.paddrs_ring_64;133}134135static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)136{137struct ath10k_hw_params *hw = &htt->ar->hw_params;138struct htt_rx_desc *rx_desc;139struct ath10k_skb_rxcb *rxcb;140struct sk_buff *skb;141dma_addr_t paddr;142int ret = 0, idx;143144/* The Full Rx Reorder firmware has no way of telling the host145* implicitly when it copied HTT Rx Ring buffers to MAC Rx Ring.146* To keep things simple make sure ring is always half empty. This147* guarantees there'll be no replenishment overruns possible.148*/149BUILD_BUG_ON(HTT_RX_RING_FILL_LEVEL >= HTT_RX_RING_SIZE / 2);150151idx = __le32_to_cpu(*htt->rx_ring.alloc_idx.vaddr);152153if (idx < 0 || idx >= htt->rx_ring.size) {154ath10k_err(htt->ar, "rx ring index is not valid, firmware malfunctioning?\n");155idx &= htt->rx_ring.size_mask;156ret = -ENOMEM;157goto fail;158}159160while (num > 0) {161skb = dev_alloc_skb(HTT_RX_BUF_SIZE + HTT_RX_DESC_ALIGN);162if (!skb) {163ret = -ENOMEM;164goto fail;165}166167if (!IS_ALIGNED((unsigned long)skb->data, HTT_RX_DESC_ALIGN))168skb_pull(skb,169PTR_ALIGN(skb->data, HTT_RX_DESC_ALIGN) -170skb->data);171172/* Clear rx_desc attention word before posting to Rx ring */173rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, skb->data);174ath10k_htt_rx_desc_get_attention(hw, rx_desc)->flags = __cpu_to_le32(0);175176paddr = dma_map_single(htt->ar->dev, skb->data,177skb->len + skb_tailroom(skb),178DMA_FROM_DEVICE);179180if (unlikely(dma_mapping_error(htt->ar->dev, paddr))) {181dev_kfree_skb_any(skb);182ret = -ENOMEM;183goto fail;184}185186rxcb = ATH10K_SKB_RXCB(skb);187rxcb->paddr = paddr;188htt->rx_ring.netbufs_ring[idx] = skb;189ath10k_htt_set_paddrs_ring(htt, paddr, idx);190htt->rx_ring.fill_cnt++;191192if (htt->rx_ring.in_ord_rx) {193hash_add(htt->rx_ring.skb_table,194&ATH10K_SKB_RXCB(skb)->hlist,195paddr);196}197198num--;199idx++;200idx &= htt->rx_ring.size_mask;201}202203fail:204/*205* Make sure the rx buffer is updated before available buffer206* index to avoid any potential rx ring corruption.207*/208mb();209*htt->rx_ring.alloc_idx.vaddr = __cpu_to_le32(idx);210return ret;211}212213static int ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)214{215lockdep_assert_held(&htt->rx_ring.lock);216return __ath10k_htt_rx_ring_fill_n(htt, num);217}218219static void ath10k_htt_rx_msdu_buff_replenish(struct ath10k_htt *htt)220{221int ret, num_deficit, num_to_fill;222223/* Refilling the whole RX ring buffer proves to be a bad idea. The224* reason is RX may take up significant amount of CPU cycles and starve225* other tasks, e.g. TX on an ethernet device while acting as a bridge226* with ath10k wlan interface. This ended up with very poor performance227* once CPU the host system was overwhelmed with RX on ath10k.228*229* By limiting the number of refills the replenishing occurs230* progressively. This in turns makes use of the fact tasklets are231* processed in FIFO order. This means actual RX processing can starve232* out refilling. If there's not enough buffers on RX ring FW will not233* report RX until it is refilled with enough buffers. This234* automatically balances load wrt to CPU power.235*236* This probably comes at a cost of lower maximum throughput but237* improves the average and stability.238*/239spin_lock_bh(&htt->rx_ring.lock);240num_deficit = htt->rx_ring.fill_level - htt->rx_ring.fill_cnt;241num_to_fill = min(ATH10K_HTT_MAX_NUM_REFILL, num_deficit);242num_deficit -= num_to_fill;243ret = ath10k_htt_rx_ring_fill_n(htt, num_to_fill);244if (ret == -ENOMEM) {245/*246* Failed to fill it to the desired level -247* we'll start a timer and try again next time.248* As long as enough buffers are left in the ring for249* another A-MPDU rx, no special recovery is needed.250*/251mod_timer(&htt->rx_ring.refill_retry_timer, jiffies +252msecs_to_jiffies(HTT_RX_RING_REFILL_RETRY_MS));253} else if (num_deficit > 0) {254mod_timer(&htt->rx_ring.refill_retry_timer, jiffies +255msecs_to_jiffies(HTT_RX_RING_REFILL_RESCHED_MS));256}257spin_unlock_bh(&htt->rx_ring.lock);258}259260static void ath10k_htt_rx_ring_refill_retry(struct timer_list *t)261{262struct ath10k_htt *htt = timer_container_of(htt, t,263rx_ring.refill_retry_timer);264265ath10k_htt_rx_msdu_buff_replenish(htt);266}267268int ath10k_htt_rx_ring_refill(struct ath10k *ar)269{270struct ath10k_htt *htt = &ar->htt;271int ret;272273if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)274return 0;275276spin_lock_bh(&htt->rx_ring.lock);277ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level -278htt->rx_ring.fill_cnt));279280if (ret)281ath10k_htt_rx_ring_free(htt);282283spin_unlock_bh(&htt->rx_ring.lock);284285return ret;286}287288void ath10k_htt_rx_free(struct ath10k_htt *htt)289{290if (htt->ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)291return;292293timer_delete_sync(&htt->rx_ring.refill_retry_timer);294295skb_queue_purge(&htt->rx_msdus_q);296skb_queue_purge(&htt->rx_in_ord_compl_q);297skb_queue_purge(&htt->tx_fetch_ind_q);298299spin_lock_bh(&htt->rx_ring.lock);300ath10k_htt_rx_ring_free(htt);301spin_unlock_bh(&htt->rx_ring.lock);302303dma_free_coherent(htt->ar->dev,304ath10k_htt_get_rx_ring_size(htt),305ath10k_htt_get_vaddr_ring(htt),306htt->rx_ring.base_paddr);307308ath10k_htt_config_paddrs_ring(htt, NULL);309310dma_free_coherent(htt->ar->dev,311sizeof(*htt->rx_ring.alloc_idx.vaddr),312htt->rx_ring.alloc_idx.vaddr,313htt->rx_ring.alloc_idx.paddr);314htt->rx_ring.alloc_idx.vaddr = NULL;315316kfree(htt->rx_ring.netbufs_ring);317htt->rx_ring.netbufs_ring = NULL;318}319320static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)321{322struct ath10k *ar = htt->ar;323int idx;324struct sk_buff *msdu;325326lockdep_assert_held(&htt->rx_ring.lock);327328if (htt->rx_ring.fill_cnt == 0) {329ath10k_warn(ar, "tried to pop sk_buff from an empty rx ring\n");330return NULL;331}332333idx = htt->rx_ring.sw_rd_idx.msdu_payld;334msdu = htt->rx_ring.netbufs_ring[idx];335htt->rx_ring.netbufs_ring[idx] = NULL;336ath10k_htt_reset_paddrs_ring(htt, idx);337338idx++;339idx &= htt->rx_ring.size_mask;340htt->rx_ring.sw_rd_idx.msdu_payld = idx;341htt->rx_ring.fill_cnt--;342343dma_unmap_single(htt->ar->dev,344ATH10K_SKB_RXCB(msdu)->paddr,345msdu->len + skb_tailroom(msdu),346DMA_FROM_DEVICE);347ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",348msdu->data, msdu->len + skb_tailroom(msdu));349350return msdu;351}352353/* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */354static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,355struct sk_buff_head *amsdu)356{357struct ath10k *ar = htt->ar;358struct ath10k_hw_params *hw = &ar->hw_params;359int msdu_len, msdu_chaining = 0;360struct sk_buff *msdu;361struct htt_rx_desc *rx_desc;362struct rx_attention *rx_desc_attention;363struct rx_frag_info_common *rx_desc_frag_info_common;364struct rx_msdu_start_common *rx_desc_msdu_start_common;365struct rx_msdu_end_common *rx_desc_msdu_end_common;366367lockdep_assert_held(&htt->rx_ring.lock);368369for (;;) {370int last_msdu, msdu_len_invalid, msdu_chained;371372msdu = ath10k_htt_rx_netbuf_pop(htt);373if (!msdu) {374__skb_queue_purge(amsdu);375return -ENOENT;376}377378__skb_queue_tail(amsdu, msdu);379380rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);381rx_desc_attention = ath10k_htt_rx_desc_get_attention(hw, rx_desc);382rx_desc_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw,383rx_desc);384rx_desc_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rx_desc);385rx_desc_frag_info_common = ath10k_htt_rx_desc_get_frag_info(hw, rx_desc);386387/* FIXME: we must report msdu payload since this is what caller388* expects now389*/390skb_put(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset);391skb_pull(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset);392393/*394* Sanity check - confirm the HW is finished filling in the395* rx data.396* If the HW and SW are working correctly, then it's guaranteed397* that the HW's MAC DMA is done before this point in the SW.398* To prevent the case that we handle a stale Rx descriptor,399* just assert for now until we have a way to recover.400*/401if (!(__le32_to_cpu(rx_desc_attention->flags)402& RX_ATTENTION_FLAGS_MSDU_DONE)) {403__skb_queue_purge(amsdu);404return -EIO;405}406407msdu_len_invalid = !!(__le32_to_cpu(rx_desc_attention->flags)408& (RX_ATTENTION_FLAGS_MPDU_LENGTH_ERR |409RX_ATTENTION_FLAGS_MSDU_LENGTH_ERR));410msdu_len = MS(__le32_to_cpu(rx_desc_msdu_start_common->info0),411RX_MSDU_START_INFO0_MSDU_LENGTH);412msdu_chained = rx_desc_frag_info_common->ring2_more_count;413414if (msdu_len_invalid)415msdu_len = 0;416417skb_trim(msdu, 0);418skb_put(msdu, min(msdu_len, ath10k_htt_rx_msdu_size(hw)));419msdu_len -= msdu->len;420421/* Note: Chained buffers do not contain rx descriptor */422while (msdu_chained--) {423msdu = ath10k_htt_rx_netbuf_pop(htt);424if (!msdu) {425__skb_queue_purge(amsdu);426return -ENOENT;427}428429__skb_queue_tail(amsdu, msdu);430skb_trim(msdu, 0);431skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE));432msdu_len -= msdu->len;433msdu_chaining = 1;434}435436last_msdu = __le32_to_cpu(rx_desc_msdu_end_common->info0) &437RX_MSDU_END_INFO0_LAST_MSDU;438439/* FIXME: why are we skipping the first part of the rx_desc? */440#if defined(__linux__)441trace_ath10k_htt_rx_desc(ar, (void *)rx_desc + sizeof(u32),442#elif defined(__FreeBSD__)443trace_ath10k_htt_rx_desc(ar, (u8 *)rx_desc + sizeof(u32),444#endif445hw->rx_desc_ops->rx_desc_size - sizeof(u32));446447if (last_msdu)448break;449}450451if (skb_queue_empty(amsdu))452msdu_chaining = -1;453454/*455* Don't refill the ring yet.456*457* First, the elements popped here are still in use - it is not458* safe to overwrite them until the matching call to459* mpdu_desc_list_next. Second, for efficiency it is preferable to460* refill the rx ring with 1 PPDU's worth of rx buffers (something461* like 32 x 3 buffers), rather than one MPDU's worth of rx buffers462* (something like 3 buffers). Consequently, we'll rely on the txrx463* SW to tell us when it is done pulling all the PPDU's rx buffers464* out of the rx ring, and then refill it just once.465*/466467return msdu_chaining;468}469470static struct sk_buff *ath10k_htt_rx_pop_paddr(struct ath10k_htt *htt,471u64 paddr)472{473struct ath10k *ar = htt->ar;474struct ath10k_skb_rxcb *rxcb;475struct sk_buff *msdu;476477lockdep_assert_held(&htt->rx_ring.lock);478479msdu = ath10k_htt_rx_find_skb_paddr(ar, paddr);480if (!msdu)481return NULL;482483rxcb = ATH10K_SKB_RXCB(msdu);484hash_del(&rxcb->hlist);485htt->rx_ring.fill_cnt--;486487dma_unmap_single(htt->ar->dev, rxcb->paddr,488msdu->len + skb_tailroom(msdu),489DMA_FROM_DEVICE);490ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",491msdu->data, msdu->len + skb_tailroom(msdu));492493return msdu;494}495496static inline void ath10k_htt_append_frag_list(struct sk_buff *skb_head,497struct sk_buff *frag_list,498unsigned int frag_len)499{500skb_shinfo(skb_head)->frag_list = frag_list;501skb_head->data_len = frag_len;502skb_head->len += skb_head->data_len;503}504505static int ath10k_htt_rx_handle_amsdu_mon_32(struct ath10k_htt *htt,506struct sk_buff *msdu,507struct htt_rx_in_ord_msdu_desc **msdu_desc)508{509struct ath10k *ar = htt->ar;510struct ath10k_hw_params *hw = &ar->hw_params;511u32 paddr;512struct sk_buff *frag_buf;513struct sk_buff *prev_frag_buf;514u8 last_frag;515struct htt_rx_in_ord_msdu_desc *ind_desc = *msdu_desc;516struct htt_rx_desc *rxd;517int amsdu_len = __le16_to_cpu(ind_desc->msdu_len);518519rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);520trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);521522skb_put(msdu, hw->rx_desc_ops->rx_desc_size);523skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);524skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw)));525amsdu_len -= msdu->len;526527last_frag = ind_desc->reserved;528if (last_frag) {529if (amsdu_len) {530ath10k_warn(ar, "invalid amsdu len %u, left %d",531__le16_to_cpu(ind_desc->msdu_len),532amsdu_len);533}534return 0;535}536537ind_desc++;538paddr = __le32_to_cpu(ind_desc->msdu_paddr);539frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);540if (!frag_buf) {541ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%x", paddr);542return -ENOENT;543}544545skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));546ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len);547548amsdu_len -= frag_buf->len;549prev_frag_buf = frag_buf;550last_frag = ind_desc->reserved;551while (!last_frag) {552ind_desc++;553paddr = __le32_to_cpu(ind_desc->msdu_paddr);554frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);555if (!frag_buf) {556ath10k_warn(ar, "failed to pop frag-n paddr: 0x%x",557paddr);558prev_frag_buf->next = NULL;559return -ENOENT;560}561562skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));563last_frag = ind_desc->reserved;564amsdu_len -= frag_buf->len;565566prev_frag_buf->next = frag_buf;567prev_frag_buf = frag_buf;568}569570if (amsdu_len) {571ath10k_warn(ar, "invalid amsdu len %u, left %d",572__le16_to_cpu(ind_desc->msdu_len), amsdu_len);573}574575*msdu_desc = ind_desc;576577prev_frag_buf->next = NULL;578return 0;579}580581static int582ath10k_htt_rx_handle_amsdu_mon_64(struct ath10k_htt *htt,583struct sk_buff *msdu,584struct htt_rx_in_ord_msdu_desc_ext **msdu_desc)585{586struct ath10k *ar = htt->ar;587struct ath10k_hw_params *hw = &ar->hw_params;588u64 paddr;589struct sk_buff *frag_buf;590struct sk_buff *prev_frag_buf;591u8 last_frag;592struct htt_rx_in_ord_msdu_desc_ext *ind_desc = *msdu_desc;593struct htt_rx_desc *rxd;594int amsdu_len = __le16_to_cpu(ind_desc->msdu_len);595596rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);597trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);598599skb_put(msdu, hw->rx_desc_ops->rx_desc_size);600skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);601skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw)));602amsdu_len -= msdu->len;603604last_frag = ind_desc->reserved;605if (last_frag) {606if (amsdu_len) {607ath10k_warn(ar, "invalid amsdu len %u, left %d",608__le16_to_cpu(ind_desc->msdu_len),609amsdu_len);610}611return 0;612}613614ind_desc++;615paddr = __le64_to_cpu(ind_desc->msdu_paddr);616frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);617if (!frag_buf) {618#if defined(__linux__)619ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%llx", paddr);620#elif defined(__FreeBSD__)621ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%jx", (uintmax_t)paddr);622#endif623return -ENOENT;624}625626skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));627ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len);628629amsdu_len -= frag_buf->len;630prev_frag_buf = frag_buf;631last_frag = ind_desc->reserved;632while (!last_frag) {633ind_desc++;634paddr = __le64_to_cpu(ind_desc->msdu_paddr);635frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr);636if (!frag_buf) {637#if defined(__linux__)638ath10k_warn(ar, "failed to pop frag-n paddr: 0x%llx",639paddr);640#elif defined(__FreeBSD__)641ath10k_warn(ar, "failed to pop frag-n paddr: 0x%jx",642(uintmax_t)paddr);643#endif644prev_frag_buf->next = NULL;645return -ENOENT;646}647648skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE));649last_frag = ind_desc->reserved;650amsdu_len -= frag_buf->len;651652prev_frag_buf->next = frag_buf;653prev_frag_buf = frag_buf;654}655656if (amsdu_len) {657ath10k_warn(ar, "invalid amsdu len %u, left %d",658__le16_to_cpu(ind_desc->msdu_len), amsdu_len);659}660661*msdu_desc = ind_desc;662663prev_frag_buf->next = NULL;664return 0;665}666667static int ath10k_htt_rx_pop_paddr32_list(struct ath10k_htt *htt,668struct htt_rx_in_ord_ind *ev,669struct sk_buff_head *list)670{671struct ath10k *ar = htt->ar;672struct ath10k_hw_params *hw = &ar->hw_params;673struct htt_rx_in_ord_msdu_desc *msdu_desc = ev->msdu_descs32;674struct htt_rx_desc *rxd;675struct rx_attention *rxd_attention;676struct sk_buff *msdu;677int msdu_count, ret;678bool is_offload;679u32 paddr;680681lockdep_assert_held(&htt->rx_ring.lock);682683msdu_count = __le16_to_cpu(ev->msdu_count);684is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);685686while (msdu_count--) {687paddr = __le32_to_cpu(msdu_desc->msdu_paddr);688689msdu = ath10k_htt_rx_pop_paddr(htt, paddr);690if (!msdu) {691__skb_queue_purge(list);692return -ENOENT;693}694695if (!is_offload && ar->monitor_arvif) {696ret = ath10k_htt_rx_handle_amsdu_mon_32(htt, msdu,697&msdu_desc);698if (ret) {699__skb_queue_purge(list);700return ret;701}702__skb_queue_tail(list, msdu);703msdu_desc++;704continue;705}706707__skb_queue_tail(list, msdu);708709if (!is_offload) {710rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);711rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);712713trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);714715skb_put(msdu, hw->rx_desc_ops->rx_desc_size);716skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);717skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));718719if (!(__le32_to_cpu(rxd_attention->flags) &720RX_ATTENTION_FLAGS_MSDU_DONE)) {721ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");722return -EIO;723}724}725726msdu_desc++;727}728729return 0;730}731732static int ath10k_htt_rx_pop_paddr64_list(struct ath10k_htt *htt,733struct htt_rx_in_ord_ind *ev,734struct sk_buff_head *list)735{736struct ath10k *ar = htt->ar;737struct ath10k_hw_params *hw = &ar->hw_params;738struct htt_rx_in_ord_msdu_desc_ext *msdu_desc = ev->msdu_descs64;739struct htt_rx_desc *rxd;740struct rx_attention *rxd_attention;741struct sk_buff *msdu;742int msdu_count, ret;743bool is_offload;744u64 paddr;745746lockdep_assert_held(&htt->rx_ring.lock);747748msdu_count = __le16_to_cpu(ev->msdu_count);749is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);750751while (msdu_count--) {752paddr = __le64_to_cpu(msdu_desc->msdu_paddr);753msdu = ath10k_htt_rx_pop_paddr(htt, paddr);754if (!msdu) {755__skb_queue_purge(list);756return -ENOENT;757}758759if (!is_offload && ar->monitor_arvif) {760ret = ath10k_htt_rx_handle_amsdu_mon_64(htt, msdu,761&msdu_desc);762if (ret) {763__skb_queue_purge(list);764return ret;765}766__skb_queue_tail(list, msdu);767msdu_desc++;768continue;769}770771__skb_queue_tail(list, msdu);772773if (!is_offload) {774rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data);775rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);776777trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size);778779skb_put(msdu, hw->rx_desc_ops->rx_desc_size);780skb_pull(msdu, hw->rx_desc_ops->rx_desc_size);781skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));782783if (!(__le32_to_cpu(rxd_attention->flags) &784RX_ATTENTION_FLAGS_MSDU_DONE)) {785ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");786return -EIO;787}788}789790msdu_desc++;791}792793return 0;794}795796int ath10k_htt_rx_alloc(struct ath10k_htt *htt)797{798struct ath10k *ar = htt->ar;799dma_addr_t paddr;800void *vaddr, *vaddr_ring;801size_t size;802struct timer_list *timer = &htt->rx_ring.refill_retry_timer;803804if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)805return 0;806807htt->rx_confused = false;808809/* XXX: The fill level could be changed during runtime in response to810* the host processing latency. Is this really worth it?811*/812htt->rx_ring.size = HTT_RX_RING_SIZE;813htt->rx_ring.size_mask = htt->rx_ring.size - 1;814htt->rx_ring.fill_level = ar->hw_params.rx_ring_fill_level;815816if (!is_power_of_2(htt->rx_ring.size)) {817ath10k_warn(ar, "htt rx ring size is not power of 2\n");818return -EINVAL;819}820821htt->rx_ring.netbufs_ring =822kcalloc(htt->rx_ring.size, sizeof(struct sk_buff *),823GFP_KERNEL);824if (!htt->rx_ring.netbufs_ring)825goto err_netbuf;826827size = ath10k_htt_get_rx_ring_size(htt);828829vaddr_ring = dma_alloc_coherent(htt->ar->dev, size, &paddr, GFP_KERNEL);830if (!vaddr_ring)831goto err_dma_ring;832833ath10k_htt_config_paddrs_ring(htt, vaddr_ring);834htt->rx_ring.base_paddr = paddr;835836vaddr = dma_alloc_coherent(htt->ar->dev,837sizeof(*htt->rx_ring.alloc_idx.vaddr),838&paddr, GFP_KERNEL);839if (!vaddr)840goto err_dma_idx;841842htt->rx_ring.alloc_idx.vaddr = vaddr;843htt->rx_ring.alloc_idx.paddr = paddr;844htt->rx_ring.sw_rd_idx.msdu_payld = htt->rx_ring.size_mask;845*htt->rx_ring.alloc_idx.vaddr = 0;846847/* Initialize the Rx refill retry timer */848timer_setup(timer, ath10k_htt_rx_ring_refill_retry, 0);849850spin_lock_init(&htt->rx_ring.lock);851852htt->rx_ring.fill_cnt = 0;853htt->rx_ring.sw_rd_idx.msdu_payld = 0;854hash_init(htt->rx_ring.skb_table);855856skb_queue_head_init(&htt->rx_msdus_q);857skb_queue_head_init(&htt->rx_in_ord_compl_q);858skb_queue_head_init(&htt->tx_fetch_ind_q);859atomic_set(&htt->num_mpdus_ready, 0);860861ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n",862htt->rx_ring.size, htt->rx_ring.fill_level);863return 0;864865err_dma_idx:866dma_free_coherent(htt->ar->dev,867ath10k_htt_get_rx_ring_size(htt),868vaddr_ring,869htt->rx_ring.base_paddr);870ath10k_htt_config_paddrs_ring(htt, NULL);871err_dma_ring:872kfree(htt->rx_ring.netbufs_ring);873htt->rx_ring.netbufs_ring = NULL;874err_netbuf:875return -ENOMEM;876}877878static int ath10k_htt_rx_crypto_param_len(struct ath10k *ar,879enum htt_rx_mpdu_encrypt_type type)880{881switch (type) {882case HTT_RX_MPDU_ENCRYPT_NONE:883return 0;884case HTT_RX_MPDU_ENCRYPT_WEP40:885case HTT_RX_MPDU_ENCRYPT_WEP104:886return IEEE80211_WEP_IV_LEN;887case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:888case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:889return IEEE80211_TKIP_IV_LEN;890case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:891return IEEE80211_CCMP_HDR_LEN;892case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:893return IEEE80211_CCMP_256_HDR_LEN;894case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:895case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:896return IEEE80211_GCMP_HDR_LEN;897case HTT_RX_MPDU_ENCRYPT_WEP128:898case HTT_RX_MPDU_ENCRYPT_WAPI:899break;900}901902ath10k_warn(ar, "unsupported encryption type %d\n", type);903return 0;904}905906#define MICHAEL_MIC_LEN 8907908static int ath10k_htt_rx_crypto_mic_len(struct ath10k *ar,909enum htt_rx_mpdu_encrypt_type type)910{911switch (type) {912case HTT_RX_MPDU_ENCRYPT_NONE:913case HTT_RX_MPDU_ENCRYPT_WEP40:914case HTT_RX_MPDU_ENCRYPT_WEP104:915case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:916case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:917return 0;918case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:919return IEEE80211_CCMP_MIC_LEN;920case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:921return IEEE80211_CCMP_256_MIC_LEN;922case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:923case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:924return IEEE80211_GCMP_MIC_LEN;925case HTT_RX_MPDU_ENCRYPT_WEP128:926case HTT_RX_MPDU_ENCRYPT_WAPI:927break;928}929930ath10k_warn(ar, "unsupported encryption type %d\n", type);931return 0;932}933934static int ath10k_htt_rx_crypto_icv_len(struct ath10k *ar,935enum htt_rx_mpdu_encrypt_type type)936{937switch (type) {938case HTT_RX_MPDU_ENCRYPT_NONE:939case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:940case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2:941case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2:942case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2:943return 0;944case HTT_RX_MPDU_ENCRYPT_WEP40:945case HTT_RX_MPDU_ENCRYPT_WEP104:946return IEEE80211_WEP_ICV_LEN;947case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:948case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:949return IEEE80211_TKIP_ICV_LEN;950case HTT_RX_MPDU_ENCRYPT_WEP128:951case HTT_RX_MPDU_ENCRYPT_WAPI:952break;953}954955ath10k_warn(ar, "unsupported encryption type %d\n", type);956return 0;957}958959struct amsdu_subframe_hdr {960u8 dst[ETH_ALEN];961u8 src[ETH_ALEN];962__be16 len;963} __packed;964965#define GROUP_ID_IS_SU_MIMO(x) ((x) == 0 || (x) == 63)966967static inline u8 ath10k_bw_to_mac80211_bw(u8 bw)968{969u8 ret = 0;970971switch (bw) {972case 0:973ret = RATE_INFO_BW_20;974break;975case 1:976ret = RATE_INFO_BW_40;977break;978case 2:979ret = RATE_INFO_BW_80;980break;981case 3:982ret = RATE_INFO_BW_160;983break;984}985986return ret;987}988989static void ath10k_htt_rx_h_rates(struct ath10k *ar,990struct ieee80211_rx_status *status,991struct htt_rx_desc *rxd)992{993struct ath10k_hw_params *hw = &ar->hw_params;994struct rx_attention *rxd_attention;995struct rx_mpdu_start *rxd_mpdu_start;996struct rx_mpdu_end *rxd_mpdu_end;997struct rx_msdu_start_common *rxd_msdu_start_common;998struct rx_msdu_end_common *rxd_msdu_end_common;999struct rx_ppdu_start *rxd_ppdu_start;1000struct ieee80211_supported_band *sband;1001u8 cck, rate, bw, sgi, mcs, nss;1002u8 *rxd_msdu_payload;1003u8 preamble = 0;1004u8 group_id;1005u32 info1, info2, info3;1006u32 stbc, nsts_su;10071008rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1009rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);1010rxd_mpdu_end = ath10k_htt_rx_desc_get_mpdu_end(hw, rxd);1011rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1012rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1013rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd);1014rxd_msdu_payload = ath10k_htt_rx_desc_get_msdu_payload(hw, rxd);10151016info1 = __le32_to_cpu(rxd_ppdu_start->info1);1017info2 = __le32_to_cpu(rxd_ppdu_start->info2);1018info3 = __le32_to_cpu(rxd_ppdu_start->info3);10191020preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE);10211022switch (preamble) {1023case HTT_RX_LEGACY:1024/* To get legacy rate index band is required. Since band can't1025* be undefined check if freq is non-zero.1026*/1027if (!status->freq)1028return;10291030cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT;1031rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE);1032rate &= ~RX_PPDU_START_RATE_FLAG;10331034sband = &ar->mac.sbands[status->band];1035status->rate_idx = ath10k_mac_hw_rate_to_idx(sband, rate, cck);1036break;1037case HTT_RX_HT:1038case HTT_RX_HT_WITH_TXBF:1039/* HT-SIG - Table 20-11 in info2 and info3 */1040mcs = info2 & 0x1F;1041nss = mcs >> 3;1042bw = (info2 >> 7) & 1;1043sgi = (info3 >> 7) & 1;10441045status->rate_idx = mcs;1046status->encoding = RX_ENC_HT;1047if (sgi)1048status->enc_flags |= RX_ENC_FLAG_SHORT_GI;1049if (bw)1050status->bw = RATE_INFO_BW_40;1051break;1052case HTT_RX_VHT:1053case HTT_RX_VHT_WITH_TXBF:1054/* VHT-SIG-A1 in info2, VHT-SIG-A2 in info31055* TODO check this1056*/1057bw = info2 & 3;1058sgi = info3 & 1;1059stbc = (info2 >> 3) & 1;1060group_id = (info2 >> 4) & 0x3F;10611062if (GROUP_ID_IS_SU_MIMO(group_id)) {1063mcs = (info3 >> 4) & 0x0F;1064nsts_su = ((info2 >> 10) & 0x07);1065if (stbc)1066nss = (nsts_su >> 2) + 1;1067else1068nss = (nsts_su + 1);1069} else {1070/* Hardware doesn't decode VHT-SIG-B into Rx descriptor1071* so it's impossible to decode MCS. Also since1072* firmware consumes Group Id Management frames host1073* has no knowledge regarding group/user position1074* mapping so it's impossible to pick the correct Nsts1075* from VHT-SIG-A1.1076*1077* Bandwidth and SGI are valid so report the rateinfo1078* on best-effort basis.1079*/1080mcs = 0;1081nss = 1;1082}10831084if (mcs > 0x09) {1085ath10k_warn(ar, "invalid MCS received %u\n", mcs);1086ath10k_warn(ar, "rxd %08x mpdu start %08x %08x msdu start %08x %08x ppdu start %08x %08x %08x %08x %08x\n",1087__le32_to_cpu(rxd_attention->flags),1088__le32_to_cpu(rxd_mpdu_start->info0),1089__le32_to_cpu(rxd_mpdu_start->info1),1090__le32_to_cpu(rxd_msdu_start_common->info0),1091__le32_to_cpu(rxd_msdu_start_common->info1),1092rxd_ppdu_start->info0,1093__le32_to_cpu(rxd_ppdu_start->info1),1094__le32_to_cpu(rxd_ppdu_start->info2),1095__le32_to_cpu(rxd_ppdu_start->info3),1096__le32_to_cpu(rxd_ppdu_start->info4));10971098ath10k_warn(ar, "msdu end %08x mpdu end %08x\n",1099__le32_to_cpu(rxd_msdu_end_common->info0),1100__le32_to_cpu(rxd_mpdu_end->info0));11011102ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL,1103"rx desc msdu payload: ",1104rxd_msdu_payload, 50);1105}11061107status->rate_idx = mcs;1108status->nss = nss;11091110if (sgi)1111status->enc_flags |= RX_ENC_FLAG_SHORT_GI;11121113status->bw = ath10k_bw_to_mac80211_bw(bw);1114status->encoding = RX_ENC_VHT;1115break;1116default:1117break;1118}1119}11201121static struct ieee80211_channel *1122ath10k_htt_rx_h_peer_channel(struct ath10k *ar, struct htt_rx_desc *rxd)1123{1124struct ath10k_hw_params *hw = &ar->hw_params;1125struct rx_attention *rxd_attention;1126struct rx_msdu_end_common *rxd_msdu_end_common;1127struct rx_mpdu_start *rxd_mpdu_start;1128struct ath10k_peer *peer;1129struct ath10k_vif *arvif;1130struct cfg80211_chan_def def;1131u16 peer_id;11321133lockdep_assert_held(&ar->data_lock);11341135if (!rxd)1136return NULL;11371138rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1139rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1140rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);11411142if (rxd_attention->flags &1143__cpu_to_le32(RX_ATTENTION_FLAGS_PEER_IDX_INVALID))1144return NULL;11451146if (!(rxd_msdu_end_common->info0 &1147__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)))1148return NULL;11491150peer_id = MS(__le32_to_cpu(rxd_mpdu_start->info0),1151RX_MPDU_START_INFO0_PEER_IDX);11521153peer = ath10k_peer_find_by_id(ar, peer_id);1154if (!peer)1155return NULL;11561157arvif = ath10k_get_arvif(ar, peer->vdev_id);1158if (WARN_ON_ONCE(!arvif))1159return NULL;11601161if (ath10k_mac_vif_chan(arvif->vif, &def))1162return NULL;11631164return def.chan;1165}11661167static struct ieee80211_channel *1168ath10k_htt_rx_h_vdev_channel(struct ath10k *ar, u32 vdev_id)1169{1170struct ath10k_vif *arvif;1171struct cfg80211_chan_def def;11721173lockdep_assert_held(&ar->data_lock);11741175list_for_each_entry(arvif, &ar->arvifs, list) {1176if (arvif->vdev_id == vdev_id &&1177ath10k_mac_vif_chan(arvif->vif, &def) == 0)1178return def.chan;1179}11801181return NULL;1182}11831184static void1185ath10k_htt_rx_h_any_chan_iter(struct ieee80211_hw *hw,1186struct ieee80211_chanctx_conf *conf,1187void *data)1188{1189struct cfg80211_chan_def *def = data;11901191*def = conf->def;1192}11931194static struct ieee80211_channel *1195ath10k_htt_rx_h_any_channel(struct ath10k *ar)1196{1197struct cfg80211_chan_def def = {};11981199ieee80211_iter_chan_contexts_atomic(ar->hw,1200ath10k_htt_rx_h_any_chan_iter,1201&def);12021203return def.chan;1204}12051206static bool ath10k_htt_rx_h_channel(struct ath10k *ar,1207struct ieee80211_rx_status *status,1208struct htt_rx_desc *rxd,1209u32 vdev_id)1210{1211struct ieee80211_channel *ch;12121213spin_lock_bh(&ar->data_lock);1214ch = ar->scan_channel;1215if (!ch)1216ch = ar->rx_channel;1217if (!ch)1218ch = ath10k_htt_rx_h_peer_channel(ar, rxd);1219if (!ch)1220ch = ath10k_htt_rx_h_vdev_channel(ar, vdev_id);1221if (!ch)1222ch = ath10k_htt_rx_h_any_channel(ar);1223if (!ch)1224ch = ar->tgt_oper_chan;1225spin_unlock_bh(&ar->data_lock);12261227if (!ch)1228return false;12291230status->band = ch->band;1231status->freq = ch->center_freq;12321233return true;1234}12351236static void ath10k_htt_rx_h_signal(struct ath10k *ar,1237struct ieee80211_rx_status *status,1238struct htt_rx_desc *rxd)1239{1240struct ath10k_hw_params *hw = &ar->hw_params;1241struct rx_ppdu_start *rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd);1242int i;12431244for (i = 0; i < IEEE80211_MAX_CHAINS ; i++) {1245status->chains &= ~BIT(i);12461247if (rxd_ppdu_start->rssi_chains[i].pri20_mhz != 0x80) {1248status->chain_signal[i] = ATH10K_DEFAULT_NOISE_FLOOR +1249rxd_ppdu_start->rssi_chains[i].pri20_mhz;12501251status->chains |= BIT(i);1252}1253}12541255/* FIXME: Get real NF */1256status->signal = ATH10K_DEFAULT_NOISE_FLOOR +1257rxd_ppdu_start->rssi_comb;1258status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;1259}12601261static void ath10k_htt_rx_h_mactime(struct ath10k *ar,1262struct ieee80211_rx_status *status,1263struct htt_rx_desc *rxd)1264{1265struct ath10k_hw_params *hw = &ar->hw_params;1266struct rx_ppdu_end_common *rxd_ppdu_end_common;12671268rxd_ppdu_end_common = ath10k_htt_rx_desc_get_ppdu_end(hw, rxd);12691270/* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This1271* means all prior MSDUs in a PPDU are reported to mac80211 without the1272* TSF. Is it worth holding frames until end of PPDU is known?1273*1274* FIXME: Can we get/compute 64bit TSF?1275*/1276status->mactime = __le32_to_cpu(rxd_ppdu_end_common->tsf_timestamp);1277status->flag |= RX_FLAG_MACTIME_END;1278}12791280static void ath10k_htt_rx_h_ppdu(struct ath10k *ar,1281struct sk_buff_head *amsdu,1282struct ieee80211_rx_status *status,1283u32 vdev_id)1284{1285struct sk_buff *first;1286struct ath10k_hw_params *hw = &ar->hw_params;1287struct htt_rx_desc *rxd;1288struct rx_attention *rxd_attention;1289bool is_first_ppdu;1290bool is_last_ppdu;12911292if (skb_queue_empty(amsdu))1293return;12941295first = skb_peek(amsdu);1296rxd = HTT_RX_BUF_TO_RX_DESC(hw,1297#if defined(__linux__)1298(void *)first->data - hw->rx_desc_ops->rx_desc_size);1299#elif defined(__FreeBSD__)1300(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);1301#endif13021303rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);13041305is_first_ppdu = !!(rxd_attention->flags &1306__cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU));1307is_last_ppdu = !!(rxd_attention->flags &1308__cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU));13091310if (is_first_ppdu) {1311/* New PPDU starts so clear out the old per-PPDU status. */1312status->freq = 0;1313status->rate_idx = 0;1314status->nss = 0;1315status->encoding = RX_ENC_LEGACY;1316status->bw = RATE_INFO_BW_20;13171318status->flag &= ~RX_FLAG_MACTIME;1319status->flag |= RX_FLAG_NO_SIGNAL_VAL;13201321status->flag &= ~(RX_FLAG_AMPDU_IS_LAST);1322status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN;1323status->ampdu_reference = ar->ampdu_reference;13241325ath10k_htt_rx_h_signal(ar, status, rxd);1326ath10k_htt_rx_h_channel(ar, status, rxd, vdev_id);1327ath10k_htt_rx_h_rates(ar, status, rxd);1328}13291330if (is_last_ppdu) {1331ath10k_htt_rx_h_mactime(ar, status, rxd);13321333/* set ampdu last segment flag */1334status->flag |= RX_FLAG_AMPDU_IS_LAST;1335ar->ampdu_reference++;1336}1337}13381339static const char * const tid_to_ac[] = {1340"BE",1341"BK",1342"BK",1343"BE",1344"VI",1345"VI",1346"VO",1347"VO",1348};13491350static char *ath10k_get_tid(struct ieee80211_hdr *hdr, char *out, size_t size)1351{1352u8 *qc;1353int tid;13541355if (!ieee80211_is_data_qos(hdr->frame_control))1356return "";13571358qc = ieee80211_get_qos_ctl(hdr);1359tid = *qc & IEEE80211_QOS_CTL_TID_MASK;1360if (tid < 8)1361snprintf(out, size, "tid %d (%s)", tid, tid_to_ac[tid]);1362else1363snprintf(out, size, "tid %d", tid);13641365return out;1366}13671368static void ath10k_htt_rx_h_queue_msdu(struct ath10k *ar,1369struct ieee80211_rx_status *rx_status,1370struct sk_buff *skb)1371{1372struct ieee80211_rx_status *status;13731374status = IEEE80211_SKB_RXCB(skb);1375*status = *rx_status;13761377skb_queue_tail(&ar->htt.rx_msdus_q, skb);1378}13791380static void ath10k_process_rx(struct ath10k *ar, struct sk_buff *skb)1381{1382struct ieee80211_rx_status *status;1383struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;1384char tid[32];13851386status = IEEE80211_SKB_RXCB(skb);13871388if (!(ar->filter_flags & FIF_FCSFAIL) &&1389status->flag & RX_FLAG_FAILED_FCS_CRC) {1390ar->stats.rx_crc_err_drop++;1391dev_kfree_skb_any(skb);1392return;1393}13941395ath10k_dbg(ar, ATH10K_DBG_DATA,1396"rx skb %p len %u peer %pM %s %s sn %u %s%s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %i mic-err %i amsdu-more %i\n",1397skb,1398skb->len,1399ieee80211_get_SA(hdr),1400ath10k_get_tid(hdr, tid, sizeof(tid)),1401is_multicast_ether_addr(ieee80211_get_DA(hdr)) ?1402"mcast" : "ucast",1403IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl)),1404(status->encoding == RX_ENC_LEGACY) ? "legacy" : "",1405(status->encoding == RX_ENC_HT) ? "ht" : "",1406(status->encoding == RX_ENC_VHT) ? "vht" : "",1407(status->bw == RATE_INFO_BW_40) ? "40" : "",1408(status->bw == RATE_INFO_BW_80) ? "80" : "",1409(status->bw == RATE_INFO_BW_160) ? "160" : "",1410status->enc_flags & RX_ENC_FLAG_SHORT_GI ? "sgi " : "",1411status->rate_idx,1412status->nss,1413status->freq,1414status->band, status->flag,1415!!(status->flag & RX_FLAG_FAILED_FCS_CRC),1416!!(status->flag & RX_FLAG_MMIC_ERROR),1417!!(status->flag & RX_FLAG_AMSDU_MORE));1418ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ",1419skb->data, skb->len);1420trace_ath10k_rx_hdr(ar, skb->data, skb->len);1421trace_ath10k_rx_payload(ar, skb->data, skb->len);14221423ieee80211_rx_napi(ar->hw, NULL, skb, &ar->napi);1424}14251426static int ath10k_htt_rx_nwifi_hdrlen(struct ath10k *ar,1427struct ieee80211_hdr *hdr)1428{1429int len = ieee80211_hdrlen(hdr->frame_control);14301431if (!test_bit(ATH10K_FW_FEATURE_NO_NWIFI_DECAP_4ADDR_PADDING,1432ar->running_fw->fw_file.fw_features))1433len = round_up(len, 4);14341435return len;1436}14371438static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar,1439struct sk_buff *msdu,1440struct ieee80211_rx_status *status,1441enum htt_rx_mpdu_encrypt_type enctype,1442bool is_decrypted,1443const u8 first_hdr[64])1444{1445struct ieee80211_hdr *hdr;1446struct ath10k_hw_params *hw = &ar->hw_params;1447struct htt_rx_desc *rxd;1448struct rx_msdu_end_common *rxd_msdu_end_common;1449size_t hdr_len;1450size_t crypto_len;1451bool is_first;1452bool is_last;1453bool msdu_limit_err;1454int bytes_aligned = ar->hw_params.decap_align_bytes;1455u8 *qos;14561457rxd = HTT_RX_BUF_TO_RX_DESC(hw,1458#if defined(__linux__)1459(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1460#elif defined(__FreeBSD__)1461(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1462#endif14631464rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1465is_first = !!(rxd_msdu_end_common->info0 &1466__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));1467is_last = !!(rxd_msdu_end_common->info0 &1468__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));14691470/* Delivered decapped frame:1471* [802.11 header]1472* [crypto param] <-- can be trimmed if !fcs_err &&1473* !decrypt_err && !peer_idx_invalid1474* [amsdu header] <-- only if A-MSDU1475* [rfc1042/llc]1476* [payload]1477* [FCS] <-- at end, needs to be trimmed1478*/14791480/* Some hardwares(QCA99x0 variants) limit number of msdus in a-msdu when1481* deaggregate, so that unwanted MSDU-deaggregation is avoided for1482* error packets. If limit exceeds, hw sends all remaining MSDUs as1483* a single last MSDU with this msdu limit error set.1484*/1485msdu_limit_err = ath10k_htt_rx_desc_msdu_limit_error(hw, rxd);14861487/* If MSDU limit error happens, then don't warn on, the partial raw MSDU1488* without first MSDU is expected in that case, and handled later here.1489*/1490/* This probably shouldn't happen but warn just in case */1491if (WARN_ON_ONCE(!is_first && !msdu_limit_err))1492return;14931494/* This probably shouldn't happen but warn just in case */1495if (WARN_ON_ONCE(!(is_first && is_last) && !msdu_limit_err))1496return;14971498skb_trim(msdu, msdu->len - FCS_LEN);14991500/* Push original 80211 header */1501if (unlikely(msdu_limit_err)) {1502#if defined(__linux__)1503hdr = (struct ieee80211_hdr *)first_hdr;1504#elif defined(__FreeBSD__)1505hdr = __DECONST(struct ieee80211_hdr *, first_hdr);1506#endif1507hdr_len = ieee80211_hdrlen(hdr->frame_control);1508crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);15091510if (ieee80211_is_data_qos(hdr->frame_control)) {1511qos = ieee80211_get_qos_ctl(hdr);1512qos[0] |= IEEE80211_QOS_CTL_A_MSDU_PRESENT;1513}15141515if (crypto_len)1516memcpy(skb_push(msdu, crypto_len),1517#if defined(__linux__)1518(void *)hdr + round_up(hdr_len, bytes_aligned),1519#elif defined(__FreeBSD__)1520(u8 *)hdr + round_up(hdr_len, bytes_aligned),1521#endif1522crypto_len);15231524memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);1525}15261527/* In most cases this will be true for sniffed frames. It makes sense1528* to deliver them as-is without stripping the crypto param. This is1529* necessary for software based decryption.1530*1531* If there's no error then the frame is decrypted. At least that is1532* the case for frames that come in via fragmented rx indication.1533*/1534if (!is_decrypted)1535return;15361537/* The payload is decrypted so strip crypto params. Start from tail1538* since hdr is used to compute some stuff.1539*/15401541hdr = (void *)msdu->data;15421543/* Tail */1544if (status->flag & RX_FLAG_IV_STRIPPED) {1545skb_trim(msdu, msdu->len -1546ath10k_htt_rx_crypto_mic_len(ar, enctype));15471548skb_trim(msdu, msdu->len -1549ath10k_htt_rx_crypto_icv_len(ar, enctype));1550} else {1551/* MIC */1552if (status->flag & RX_FLAG_MIC_STRIPPED)1553skb_trim(msdu, msdu->len -1554ath10k_htt_rx_crypto_mic_len(ar, enctype));15551556/* ICV */1557if (status->flag & RX_FLAG_ICV_STRIPPED)1558skb_trim(msdu, msdu->len -1559ath10k_htt_rx_crypto_icv_len(ar, enctype));1560}15611562/* MMIC */1563if ((status->flag & RX_FLAG_MMIC_STRIPPED) &&1564!ieee80211_has_morefrags(hdr->frame_control) &&1565enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)1566skb_trim(msdu, msdu->len - MICHAEL_MIC_LEN);15671568/* Head */1569if (status->flag & RX_FLAG_IV_STRIPPED) {1570hdr_len = ieee80211_hdrlen(hdr->frame_control);1571crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);15721573#if defined(__linux__)1574memmove((void *)msdu->data + crypto_len,1575#elif defined(__FreeBSD__)1576memmove((u8 *)msdu->data + crypto_len,1577#endif1578(void *)msdu->data, hdr_len);1579skb_pull(msdu, crypto_len);1580}1581}15821583static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar,1584struct sk_buff *msdu,1585struct ieee80211_rx_status *status,1586const u8 first_hdr[64],1587enum htt_rx_mpdu_encrypt_type enctype)1588{1589struct ath10k_hw_params *hw = &ar->hw_params;1590#if defined(__linux__)1591struct ieee80211_hdr *hdr;1592#elif defined(__FreeBSD__)1593const struct ieee80211_hdr *hdr;1594struct ieee80211_hdr *hdr2;1595#endif1596struct htt_rx_desc *rxd;1597size_t hdr_len;1598u8 da[ETH_ALEN];1599u8 sa[ETH_ALEN];1600int l3_pad_bytes;1601int bytes_aligned = ar->hw_params.decap_align_bytes;16021603/* Delivered decapped frame:1604* [nwifi 802.11 header] <-- replaced with 802.11 hdr1605* [rfc1042/llc]1606*1607* Note: The nwifi header doesn't have QoS Control and is1608* (always?) a 3addr frame.1609*1610* Note2: There's no A-MSDU subframe header. Even if it's part1611* of an A-MSDU.1612*/16131614/* pull decapped header and copy SA & DA */1615#if defined(__linux__)1616rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data -1617#elif defined(__FreeBSD__)1618rxd = HTT_RX_BUF_TO_RX_DESC(hw, (u8 *)msdu->data -1619#endif1620hw->rx_desc_ops->rx_desc_size);16211622l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);1623skb_put(msdu, l3_pad_bytes);16241625#if defined(__linux__)1626hdr = (struct ieee80211_hdr *)(msdu->data + l3_pad_bytes);16271628hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr);1629ether_addr_copy(da, ieee80211_get_DA(hdr));1630ether_addr_copy(sa, ieee80211_get_SA(hdr));1631#elif defined(__FreeBSD__)1632hdr2 = (struct ieee80211_hdr *)(msdu->data + l3_pad_bytes);16331634hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr2);1635ether_addr_copy(da, ieee80211_get_DA(hdr2));1636ether_addr_copy(sa, ieee80211_get_SA(hdr2));1637#endif1638skb_pull(msdu, hdr_len);16391640/* push original 802.11 header */1641#if defined(__linux__)1642hdr = (struct ieee80211_hdr *)first_hdr;1643#elif defined(__FreeBSD__)1644hdr = (const struct ieee80211_hdr *)first_hdr;1645#endif1646hdr_len = ieee80211_hdrlen(hdr->frame_control);16471648if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1649memcpy(skb_push(msdu,1650ath10k_htt_rx_crypto_param_len(ar, enctype)),1651#if defined(__linux__)1652(void *)hdr + round_up(hdr_len, bytes_aligned),1653#elif defined(__FreeBSD__)1654(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1655#endif1656ath10k_htt_rx_crypto_param_len(ar, enctype));1657}16581659memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);16601661/* original 802.11 header has a different DA and in1662* case of 4addr it may also have different SA1663*/1664#if defined(__linux__)1665hdr = (struct ieee80211_hdr *)msdu->data;1666ether_addr_copy(ieee80211_get_DA(hdr), da);1667ether_addr_copy(ieee80211_get_SA(hdr), sa);1668#elif defined(__FreeBSD__)1669/* ieee80211_get_[DS]A() do not take a const argument. */1670hdr2 = (struct ieee80211_hdr *)msdu->data;1671ether_addr_copy(ieee80211_get_DA(hdr2), da);1672ether_addr_copy(ieee80211_get_SA(hdr2), sa);1673#endif1674}16751676static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar,1677struct sk_buff *msdu,1678enum htt_rx_mpdu_encrypt_type enctype)1679{1680struct ieee80211_hdr *hdr;1681struct ath10k_hw_params *hw = &ar->hw_params;1682struct htt_rx_desc *rxd;1683struct rx_msdu_end_common *rxd_msdu_end_common;1684u8 *rxd_rx_hdr_status;1685size_t hdr_len, crypto_len;1686#if defined(__linux__)1687void *rfc1042;1688#elif defined(__FreeBSD__)1689u8 *rfc1042;1690#endif1691bool is_first, is_last, is_amsdu;1692int bytes_aligned = ar->hw_params.decap_align_bytes;16931694rxd = HTT_RX_BUF_TO_RX_DESC(hw,1695#if defined(__linux__)1696(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1697#elif defined(__FreeBSD__)1698(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1699#endif17001701rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);1702rxd_rx_hdr_status = ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);1703hdr = (void *)rxd_rx_hdr_status;17041705is_first = !!(rxd_msdu_end_common->info0 &1706__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));1707is_last = !!(rxd_msdu_end_common->info0 &1708__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));1709is_amsdu = !(is_first && is_last);17101711#if defined(__linux__)1712rfc1042 = hdr;1713#elif defined(__FreeBSD__)1714rfc1042 = (void *)hdr;1715#endif17161717if (is_first) {1718hdr_len = ieee80211_hdrlen(hdr->frame_control);1719crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);17201721rfc1042 += round_up(hdr_len, bytes_aligned) +1722round_up(crypto_len, bytes_aligned);1723}17241725if (is_amsdu)1726rfc1042 += sizeof(struct amsdu_subframe_hdr);17271728return rfc1042;1729}17301731static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar,1732struct sk_buff *msdu,1733struct ieee80211_rx_status *status,1734const u8 first_hdr[64],1735enum htt_rx_mpdu_encrypt_type enctype)1736{1737struct ath10k_hw_params *hw = &ar->hw_params;1738#if defined(__linux__)1739struct ieee80211_hdr *hdr;1740#elif defined(__FreeBSD__)1741const struct ieee80211_hdr *hdr;1742struct ieee80211_hdr *hdr2;1743#endif1744struct ethhdr *eth;1745size_t hdr_len;1746void *rfc1042;1747u8 da[ETH_ALEN];1748u8 sa[ETH_ALEN];1749int l3_pad_bytes;1750struct htt_rx_desc *rxd;1751int bytes_aligned = ar->hw_params.decap_align_bytes;17521753/* Delivered decapped frame:1754* [eth header] <-- replaced with 802.11 hdr & rfc1042/llc1755* [payload]1756*/17571758rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype);1759if (WARN_ON_ONCE(!rfc1042))1760return;17611762rxd = HTT_RX_BUF_TO_RX_DESC(hw,1763#if defined(__linux__)1764(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1765#elif defined(__FreeBSD__)1766(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1767#endif17681769l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);1770skb_put(msdu, l3_pad_bytes);1771skb_pull(msdu, l3_pad_bytes);17721773/* pull decapped header and copy SA & DA */1774eth = (struct ethhdr *)msdu->data;1775ether_addr_copy(da, eth->h_dest);1776ether_addr_copy(sa, eth->h_source);1777skb_pull(msdu, sizeof(struct ethhdr));17781779/* push rfc1042/llc/snap */1780memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042,1781sizeof(struct rfc1042_hdr));17821783/* push original 802.11 header */1784#if defined(__linux__)1785hdr = (struct ieee80211_hdr *)first_hdr;1786#elif defined(__FreeBSD__)1787hdr = (const struct ieee80211_hdr *)first_hdr;1788#endif1789hdr_len = ieee80211_hdrlen(hdr->frame_control);17901791if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1792memcpy(skb_push(msdu,1793ath10k_htt_rx_crypto_param_len(ar, enctype)),1794#if defined(__linux__)1795(void *)hdr + round_up(hdr_len, bytes_aligned),1796#elif defined(__FreeBSD__)1797(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1798#endif1799ath10k_htt_rx_crypto_param_len(ar, enctype));1800}18011802memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);18031804/* original 802.11 header has a different DA and in1805* case of 4addr it may also have different SA1806*/1807#if defined(__linux__)1808hdr = (struct ieee80211_hdr *)msdu->data;1809ether_addr_copy(ieee80211_get_DA(hdr), da);1810ether_addr_copy(ieee80211_get_SA(hdr), sa);1811#elif defined(__FreeBSD__)1812/* ieee80211_get_[DS]A() do not take a const argument. */1813hdr2 = (struct ieee80211_hdr *)msdu->data;1814ether_addr_copy(ieee80211_get_DA(hdr2), da);1815ether_addr_copy(ieee80211_get_SA(hdr2), sa);1816#endif1817}18181819static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar,1820struct sk_buff *msdu,1821struct ieee80211_rx_status *status,1822const u8 first_hdr[64],1823enum htt_rx_mpdu_encrypt_type enctype)1824{1825struct ath10k_hw_params *hw = &ar->hw_params;1826#if defined(__linux__)1827struct ieee80211_hdr *hdr;1828#elif defined(__FreeBSD__)1829const struct ieee80211_hdr *hdr;1830#endif1831size_t hdr_len;1832int l3_pad_bytes;1833struct htt_rx_desc *rxd;1834int bytes_aligned = ar->hw_params.decap_align_bytes;18351836/* Delivered decapped frame:1837* [amsdu header] <-- replaced with 802.11 hdr1838* [rfc1042/llc]1839* [payload]1840*/18411842rxd = HTT_RX_BUF_TO_RX_DESC(hw,1843#if defined(__linux__)1844(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1845#elif defined(__FreeBSD__)1846(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1847#endif18481849l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd);18501851skb_put(msdu, l3_pad_bytes);1852skb_pull(msdu, sizeof(struct amsdu_subframe_hdr) + l3_pad_bytes);18531854#if defined(__linux__)1855hdr = (struct ieee80211_hdr *)first_hdr;1856#elif defined(__FreeBSD__)1857hdr = (const struct ieee80211_hdr *)first_hdr;1858#endif1859hdr_len = ieee80211_hdrlen(hdr->frame_control);18601861if (!(status->flag & RX_FLAG_IV_STRIPPED)) {1862memcpy(skb_push(msdu,1863ath10k_htt_rx_crypto_param_len(ar, enctype)),1864#if defined(__linux__)1865(void *)hdr + round_up(hdr_len, bytes_aligned),1866#elif defined(__FreeBSD__)1867(const u8 *)hdr + round_up(hdr_len, bytes_aligned),1868#endif1869ath10k_htt_rx_crypto_param_len(ar, enctype));1870}18711872memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);1873}18741875static void ath10k_htt_rx_h_undecap(struct ath10k *ar,1876struct sk_buff *msdu,1877struct ieee80211_rx_status *status,1878u8 first_hdr[64],1879enum htt_rx_mpdu_encrypt_type enctype,1880bool is_decrypted)1881{1882struct ath10k_hw_params *hw = &ar->hw_params;1883struct htt_rx_desc *rxd;1884struct rx_msdu_start_common *rxd_msdu_start_common;1885enum rx_msdu_decap_format decap;18861887/* First msdu's decapped header:1888* [802.11 header] <-- padded to 4 bytes long1889* [crypto param] <-- padded to 4 bytes long1890* [amsdu header] <-- only if A-MSDU1891* [rfc1042/llc]1892*1893* Other (2nd, 3rd, ..) msdu's decapped header:1894* [amsdu header] <-- only if A-MSDU1895* [rfc1042/llc]1896*/18971898rxd = HTT_RX_BUF_TO_RX_DESC(hw,1899#if defined(__linux__)1900(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);1901#elif defined(__FreeBSD__)1902(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);1903#endif19041905rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1906decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1),1907RX_MSDU_START_INFO1_DECAP_FORMAT);19081909switch (decap) {1910case RX_MSDU_DECAP_RAW:1911ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype,1912is_decrypted, first_hdr);1913break;1914case RX_MSDU_DECAP_NATIVE_WIFI:1915ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr,1916enctype);1917break;1918case RX_MSDU_DECAP_ETHERNET2_DIX:1919ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype);1920break;1921case RX_MSDU_DECAP_8023_SNAP_LLC:1922ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr,1923enctype);1924break;1925}1926}19271928static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *skb)1929{1930struct htt_rx_desc *rxd;1931struct rx_attention *rxd_attention;1932struct rx_msdu_start_common *rxd_msdu_start_common;1933u32 flags, info;1934bool is_ip4, is_ip6;1935bool is_tcp, is_udp;1936bool ip_csum_ok, tcpudp_csum_ok;19371938rxd = HTT_RX_BUF_TO_RX_DESC(hw,1939#if defined(__linux__)1940(void *)skb->data - hw->rx_desc_ops->rx_desc_size);1941#elif defined(__FreeBSD__)1942(u8 *)skb->data - hw->rx_desc_ops->rx_desc_size);1943#endif19441945rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);1946rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);1947flags = __le32_to_cpu(rxd_attention->flags);1948info = __le32_to_cpu(rxd_msdu_start_common->info1);19491950is_ip4 = !!(info & RX_MSDU_START_INFO1_IPV4_PROTO);1951is_ip6 = !!(info & RX_MSDU_START_INFO1_IPV6_PROTO);1952is_tcp = !!(info & RX_MSDU_START_INFO1_TCP_PROTO);1953is_udp = !!(info & RX_MSDU_START_INFO1_UDP_PROTO);1954ip_csum_ok = !(flags & RX_ATTENTION_FLAGS_IP_CHKSUM_FAIL);1955tcpudp_csum_ok = !(flags & RX_ATTENTION_FLAGS_TCP_UDP_CHKSUM_FAIL);19561957if (!is_ip4 && !is_ip6)1958return CHECKSUM_NONE;1959if (!is_tcp && !is_udp)1960return CHECKSUM_NONE;1961if (!ip_csum_ok)1962return CHECKSUM_NONE;1963if (!tcpudp_csum_ok)1964return CHECKSUM_NONE;19651966return CHECKSUM_UNNECESSARY;1967}19681969static void ath10k_htt_rx_h_csum_offload(struct ath10k_hw_params *hw,1970struct sk_buff *msdu)1971{1972msdu->ip_summed = ath10k_htt_rx_get_csum_state(hw, msdu);1973}19741975static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb,1976enum htt_rx_mpdu_encrypt_type enctype)1977{1978struct ieee80211_hdr *hdr;1979u64 pn = 0;1980u8 *ehdr;19811982hdr = (struct ieee80211_hdr *)skb->data;1983ehdr = skb->data + ieee80211_hdrlen(hdr->frame_control);19841985if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) {1986pn = ehdr[0];1987pn |= (u64)ehdr[1] << 8;1988pn |= (u64)ehdr[4] << 16;1989pn |= (u64)ehdr[5] << 24;1990pn |= (u64)ehdr[6] << 32;1991pn |= (u64)ehdr[7] << 40;1992}1993return pn;1994}19951996static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar,1997struct sk_buff *skb)1998{1999struct ieee80211_hdr *hdr;20002001hdr = (struct ieee80211_hdr *)skb->data;2002return !is_multicast_ether_addr(hdr->addr1);2003}20042005static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar,2006struct sk_buff *skb,2007u16 peer_id,2008enum htt_rx_mpdu_encrypt_type enctype)2009{2010struct ath10k_peer *peer;2011union htt_rx_pn_t *last_pn, new_pn = {};2012struct ieee80211_hdr *hdr;2013u8 tid, frag_number;2014u32 seq;20152016peer = ath10k_peer_find_by_id(ar, peer_id);2017if (!peer) {2018ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n");2019return false;2020}20212022hdr = (struct ieee80211_hdr *)skb->data;2023if (ieee80211_is_data_qos(hdr->frame_control))2024tid = ieee80211_get_tid(hdr);2025else2026tid = ATH10K_TXRX_NON_QOS_TID;20272028last_pn = &peer->frag_tids_last_pn[tid];2029new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, enctype);2030frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;2031seq = IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl));20322033if (frag_number == 0) {2034last_pn->pn48 = new_pn.pn48;2035peer->frag_tids_seq[tid] = seq;2036} else {2037if (seq != peer->frag_tids_seq[tid])2038return false;20392040if (new_pn.pn48 != last_pn->pn48 + 1)2041return false;20422043last_pn->pn48 = new_pn.pn48;2044}20452046return true;2047}20482049static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,2050struct sk_buff_head *amsdu,2051struct ieee80211_rx_status *status,2052bool fill_crypt_header,2053u8 *rx_hdr,2054enum ath10k_pkt_rx_err *err,2055u16 peer_id,2056bool frag)2057{2058struct sk_buff *first;2059struct sk_buff *last;2060struct sk_buff *msdu, *temp;2061struct ath10k_hw_params *hw = &ar->hw_params;2062struct htt_rx_desc *rxd;2063struct rx_attention *rxd_attention;2064struct rx_mpdu_start *rxd_mpdu_start;20652066struct ieee80211_hdr *hdr;2067enum htt_rx_mpdu_encrypt_type enctype;2068u8 first_hdr[64];2069u8 *qos;2070bool has_fcs_err;2071bool has_crypto_err;2072bool has_tkip_err;2073bool has_peer_idx_invalid;2074bool is_decrypted;2075bool is_mgmt;2076u32 attention;2077bool frag_pn_check = true, multicast_check = true;20782079if (skb_queue_empty(amsdu))2080return;20812082first = skb_peek(amsdu);2083rxd = HTT_RX_BUF_TO_RX_DESC(hw,2084#if defined(__linux__)2085(void *)first->data - hw->rx_desc_ops->rx_desc_size);2086#elif defined(__FreeBSD__)2087(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2088#endif20892090rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);2091rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);20922093is_mgmt = !!(rxd_attention->flags &2094__cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE));20952096enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0),2097RX_MPDU_START_INFO0_ENCRYPT_TYPE);20982099/* First MSDU's Rx descriptor in an A-MSDU contains full 802.112100* decapped header. It'll be used for undecapping of each MSDU.2101*/2102hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);2103memcpy(first_hdr, hdr, RX_HTT_HDR_STATUS_LEN);21042105if (rx_hdr)2106memcpy(rx_hdr, hdr, RX_HTT_HDR_STATUS_LEN);21072108/* Each A-MSDU subframe will use the original header as the base and be2109* reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl.2110*/2111hdr = (void *)first_hdr;21122113if (ieee80211_is_data_qos(hdr->frame_control)) {2114qos = ieee80211_get_qos_ctl(hdr);2115qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;2116}21172118/* Some attention flags are valid only in the last MSDU. */2119last = skb_peek_tail(amsdu);2120rxd = HTT_RX_BUF_TO_RX_DESC(hw,2121#if defined(__linux__)2122(void *)last->data - hw->rx_desc_ops->rx_desc_size);2123#elif defined(__FreeBSD__)2124(u8 *)last->data - hw->rx_desc_ops->rx_desc_size);2125#endif21262127rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd);2128attention = __le32_to_cpu(rxd_attention->flags);21292130has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR);2131has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);2132has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);2133has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID);21342135/* Note: If hardware captures an encrypted frame that it can't decrypt,2136* e.g. due to fcs error, missing peer or invalid key data it will2137* report the frame as raw.2138*/2139is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE &&2140!has_fcs_err &&2141!has_crypto_err &&2142!has_peer_idx_invalid);21432144/* Clear per-MPDU flags while leaving per-PPDU flags intact. */2145status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |2146RX_FLAG_MMIC_ERROR |2147RX_FLAG_DECRYPTED |2148RX_FLAG_IV_STRIPPED |2149RX_FLAG_ONLY_MONITOR |2150RX_FLAG_MMIC_STRIPPED);21512152if (has_fcs_err)2153status->flag |= RX_FLAG_FAILED_FCS_CRC;21542155if (has_tkip_err)2156status->flag |= RX_FLAG_MMIC_ERROR;21572158if (err) {2159if (has_fcs_err)2160*err = ATH10K_PKT_RX_ERR_FCS;2161else if (has_tkip_err)2162*err = ATH10K_PKT_RX_ERR_TKIP;2163else if (has_crypto_err)2164*err = ATH10K_PKT_RX_ERR_CRYPT;2165else if (has_peer_idx_invalid)2166*err = ATH10K_PKT_RX_ERR_PEER_IDX_INVAL;2167}21682169/* Firmware reports all necessary management frames via WMI already.2170* They are not reported to monitor interfaces at all so pass the ones2171* coming via HTT to monitor interfaces instead. This simplifies2172* matters a lot.2173*/2174if (is_mgmt)2175status->flag |= RX_FLAG_ONLY_MONITOR;21762177if (is_decrypted) {2178status->flag |= RX_FLAG_DECRYPTED;21792180if (likely(!is_mgmt))2181status->flag |= RX_FLAG_MMIC_STRIPPED;21822183if (fill_crypt_header)2184status->flag |= RX_FLAG_MIC_STRIPPED |2185RX_FLAG_ICV_STRIPPED;2186else2187status->flag |= RX_FLAG_IV_STRIPPED;2188}21892190skb_queue_walk(amsdu, msdu) {2191if (frag && !fill_crypt_header && is_decrypted &&2192enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)2193frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar,2194msdu,2195peer_id,2196enctype);21972198if (frag)2199multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar,2200msdu);22012202if (!frag_pn_check || !multicast_check) {2203/* Discard the fragment with invalid PN or multicast DA2204*/2205temp = msdu->prev;2206__skb_unlink(msdu, amsdu);2207dev_kfree_skb_any(msdu);2208msdu = temp;2209frag_pn_check = true;2210multicast_check = true;2211continue;2212}22132214ath10k_htt_rx_h_csum_offload(&ar->hw_params, msdu);22152216if (frag && !fill_crypt_header &&2217enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)2218status->flag &= ~RX_FLAG_MMIC_STRIPPED;22192220ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,2221is_decrypted);22222223/* Undecapping involves copying the original 802.11 header back2224* to sk_buff. If frame is protected and hardware has decrypted2225* it then remove the protected bit.2226*/2227if (!is_decrypted)2228continue;2229if (is_mgmt)2230continue;22312232if (fill_crypt_header)2233continue;22342235hdr = (void *)msdu->data;2236hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);22372238if (frag && !fill_crypt_header &&2239enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)2240status->flag &= ~RX_FLAG_IV_STRIPPED &2241~RX_FLAG_MMIC_STRIPPED;2242}2243}22442245static void ath10k_htt_rx_h_enqueue(struct ath10k *ar,2246struct sk_buff_head *amsdu,2247struct ieee80211_rx_status *status)2248{2249struct sk_buff *msdu;2250struct sk_buff *first_subframe;22512252first_subframe = skb_peek(amsdu);22532254while ((msdu = __skb_dequeue(amsdu))) {2255/* Setup per-MSDU flags */2256if (skb_queue_empty(amsdu))2257status->flag &= ~RX_FLAG_AMSDU_MORE;2258else2259status->flag |= RX_FLAG_AMSDU_MORE;22602261if (msdu == first_subframe) {2262first_subframe = NULL;2263status->flag &= ~RX_FLAG_ALLOW_SAME_PN;2264} else {2265status->flag |= RX_FLAG_ALLOW_SAME_PN;2266}22672268ath10k_htt_rx_h_queue_msdu(ar, status, msdu);2269}2270}22712272static int ath10k_unchain_msdu(struct sk_buff_head *amsdu,2273unsigned long *unchain_cnt)2274{2275struct sk_buff *skb, *first;2276int space;2277int total_len = 0;2278int amsdu_len = skb_queue_len(amsdu);22792280/* TODO: Might could optimize this by using2281* skb_try_coalesce or similar method to2282* decrease copying, or maybe get mac80211 to2283* provide a way to just receive a list of2284* skb?2285*/22862287first = __skb_dequeue(amsdu);22882289/* Allocate total length all at once. */2290skb_queue_walk(amsdu, skb)2291total_len += skb->len;22922293space = total_len - skb_tailroom(first);2294if ((space > 0) &&2295(pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) {2296/* TODO: bump some rx-oom error stat */2297/* put it back together so we can free the2298* whole list at once.2299*/2300__skb_queue_head(amsdu, first);2301return -1;2302}23032304/* Walk list again, copying contents into2305* msdu_head2306*/2307while ((skb = __skb_dequeue(amsdu))) {2308skb_copy_from_linear_data(skb, skb_put(first, skb->len),2309skb->len);2310dev_kfree_skb_any(skb);2311}23122313__skb_queue_head(amsdu, first);23142315*unchain_cnt += amsdu_len - 1;23162317return 0;2318}23192320static void ath10k_htt_rx_h_unchain(struct ath10k *ar,2321struct sk_buff_head *amsdu,2322unsigned long *drop_cnt,2323unsigned long *unchain_cnt)2324{2325struct sk_buff *first;2326struct ath10k_hw_params *hw = &ar->hw_params;2327struct htt_rx_desc *rxd;2328struct rx_msdu_start_common *rxd_msdu_start_common;2329struct rx_frag_info_common *rxd_frag_info;2330enum rx_msdu_decap_format decap;23312332first = skb_peek(amsdu);2333rxd = HTT_RX_BUF_TO_RX_DESC(hw,2334#if defined(__linux__)2335(void *)first->data - hw->rx_desc_ops->rx_desc_size);2336#elif defined(__FreeBSD__)2337(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2338#endif23392340rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd);2341rxd_frag_info = ath10k_htt_rx_desc_get_frag_info(hw, rxd);2342decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1),2343RX_MSDU_START_INFO1_DECAP_FORMAT);23442345/* FIXME: Current unchaining logic can only handle simple case of raw2346* msdu chaining. If decapping is other than raw the chaining may be2347* more complex and this isn't handled by the current code. Don't even2348* try re-constructing such frames - it'll be pretty much garbage.2349*/2350if (decap != RX_MSDU_DECAP_RAW ||2351skb_queue_len(amsdu) != 1 + rxd_frag_info->ring2_more_count) {2352*drop_cnt += skb_queue_len(amsdu);2353__skb_queue_purge(amsdu);2354return;2355}23562357ath10k_unchain_msdu(amsdu, unchain_cnt);2358}23592360static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar,2361struct sk_buff_head *amsdu)2362{2363u8 *subframe_hdr;2364struct sk_buff *first;2365bool is_first, is_last;2366struct ath10k_hw_params *hw = &ar->hw_params;2367struct htt_rx_desc *rxd;2368struct rx_msdu_end_common *rxd_msdu_end_common;2369struct rx_mpdu_start *rxd_mpdu_start;2370struct ieee80211_hdr *hdr;2371size_t hdr_len, crypto_len;2372enum htt_rx_mpdu_encrypt_type enctype;2373int bytes_aligned = ar->hw_params.decap_align_bytes;23742375first = skb_peek(amsdu);23762377rxd = HTT_RX_BUF_TO_RX_DESC(hw,2378#if defined(__linux__)2379(void *)first->data - hw->rx_desc_ops->rx_desc_size);2380#elif defined(__FreeBSD__)2381(u8 *)first->data - hw->rx_desc_ops->rx_desc_size);2382#endif23832384rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);2385rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd);2386hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd);23872388is_first = !!(rxd_msdu_end_common->info0 &2389__cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));2390is_last = !!(rxd_msdu_end_common->info0 &2391__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));23922393/* Return in case of non-aggregated msdu */2394if (is_first && is_last)2395return true;23962397/* First msdu flag is not set for the first msdu of the list */2398if (!is_first)2399return false;24002401enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0),2402RX_MPDU_START_INFO0_ENCRYPT_TYPE);24032404hdr_len = ieee80211_hdrlen(hdr->frame_control);2405crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);24062407subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) +2408crypto_len;24092410/* Validate if the amsdu has a proper first subframe.2411* There are chances a single msdu can be received as amsdu when2412* the unauthenticated amsdu flag of a QoS header2413* gets flipped in non-SPP AMSDU's, in such cases the first2414* subframe has llc/snap header in place of a valid da.2415* return false if the da matches rfc1042 pattern2416*/2417if (ether_addr_equal(subframe_hdr, rfc1042_header))2418return false;24192420return true;2421}24222423static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,2424struct sk_buff_head *amsdu,2425struct ieee80211_rx_status *rx_status)2426{2427if (!rx_status->freq) {2428ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n");2429return false;2430}24312432if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {2433ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n");2434return false;2435}24362437if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) {2438ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n");2439return false;2440}24412442return true;2443}24442445static void ath10k_htt_rx_h_filter(struct ath10k *ar,2446struct sk_buff_head *amsdu,2447struct ieee80211_rx_status *rx_status,2448unsigned long *drop_cnt)2449{2450if (skb_queue_empty(amsdu))2451return;24522453if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status))2454return;24552456if (drop_cnt)2457*drop_cnt += skb_queue_len(amsdu);24582459__skb_queue_purge(amsdu);2460}24612462static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt)2463{2464struct ath10k *ar = htt->ar;2465struct ieee80211_rx_status *rx_status = &htt->rx_status;2466struct sk_buff_head amsdu;2467int ret;2468unsigned long drop_cnt = 0;2469unsigned long unchain_cnt = 0;2470unsigned long drop_cnt_filter = 0;2471unsigned long msdus_to_queue, num_msdus;2472enum ath10k_pkt_rx_err err = ATH10K_PKT_RX_ERR_MAX;2473u8 first_hdr[RX_HTT_HDR_STATUS_LEN];24742475__skb_queue_head_init(&amsdu);24762477spin_lock_bh(&htt->rx_ring.lock);2478if (htt->rx_confused) {2479spin_unlock_bh(&htt->rx_ring.lock);2480return -EIO;2481}2482ret = ath10k_htt_rx_amsdu_pop(htt, &amsdu);2483spin_unlock_bh(&htt->rx_ring.lock);24842485if (ret < 0) {2486ath10k_warn(ar, "rx ring became corrupted: %d\n", ret);2487__skb_queue_purge(&amsdu);2488/* FIXME: It's probably a good idea to reboot the2489* device instead of leaving it inoperable.2490*/2491htt->rx_confused = true;2492return ret;2493}24942495num_msdus = skb_queue_len(&amsdu);24962497ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff);24982499/* only for ret = 1 indicates chained msdus */2500if (ret > 0)2501ath10k_htt_rx_h_unchain(ar, &amsdu, &drop_cnt, &unchain_cnt);25022503ath10k_htt_rx_h_filter(ar, &amsdu, rx_status, &drop_cnt_filter);2504ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true, first_hdr, &err, 0,2505false);2506msdus_to_queue = skb_queue_len(&amsdu);2507ath10k_htt_rx_h_enqueue(ar, &amsdu, rx_status);25082509ath10k_sta_update_rx_tid_stats(ar, first_hdr, num_msdus, err,2510unchain_cnt, drop_cnt, drop_cnt_filter,2511msdus_to_queue);25122513return 0;2514}25152516static void ath10k_htt_rx_mpdu_desc_pn_hl(struct htt_hl_rx_desc *rx_desc,2517union htt_rx_pn_t *pn,2518int pn_len_bits)2519{2520switch (pn_len_bits) {2521case 48:2522pn->pn48 = __le32_to_cpu(rx_desc->pn_31_0) +2523((u64)(__le32_to_cpu(rx_desc->u0.pn_63_32) & 0xFFFF) << 32);2524break;2525case 24:2526pn->pn24 = __le32_to_cpu(rx_desc->pn_31_0);2527break;2528}2529}25302531static bool ath10k_htt_rx_pn_cmp48(union htt_rx_pn_t *new_pn,2532union htt_rx_pn_t *old_pn)2533{2534return ((new_pn->pn48 & 0xffffffffffffULL) <=2535(old_pn->pn48 & 0xffffffffffffULL));2536}25372538static bool ath10k_htt_rx_pn_check_replay_hl(struct ath10k *ar,2539struct ath10k_peer *peer,2540struct htt_rx_indication_hl *rx)2541{2542bool last_pn_valid, pn_invalid = false;2543enum htt_txrx_sec_cast_type sec_index;2544enum htt_security_types sec_type;2545union htt_rx_pn_t new_pn = {};2546struct htt_hl_rx_desc *rx_desc;2547union htt_rx_pn_t *last_pn;2548u32 rx_desc_info, tid;2549int num_mpdu_ranges;25502551lockdep_assert_held(&ar->data_lock);25522553if (!peer)2554return false;25552556if (!(rx->fw_desc.flags & FW_RX_DESC_FLAGS_FIRST_MSDU))2557return false;25582559num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),2560HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);25612562rx_desc = (struct htt_hl_rx_desc *)&rx->mpdu_ranges[num_mpdu_ranges];2563rx_desc_info = __le32_to_cpu(rx_desc->info);25642565if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED))2566return false;25672568tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);2569last_pn_valid = peer->tids_last_pn_valid[tid];2570last_pn = &peer->tids_last_pn[tid];25712572if (MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST))2573sec_index = HTT_TXRX_SEC_MCAST;2574else2575sec_index = HTT_TXRX_SEC_UCAST;25762577sec_type = peer->rx_pn[sec_index].sec_type;2578ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);25792580if (sec_type != HTT_SECURITY_AES_CCMP &&2581sec_type != HTT_SECURITY_TKIP &&2582sec_type != HTT_SECURITY_TKIP_NOMIC)2583return false;25842585if (last_pn_valid)2586pn_invalid = ath10k_htt_rx_pn_cmp48(&new_pn, last_pn);2587else2588peer->tids_last_pn_valid[tid] = true;25892590if (!pn_invalid)2591last_pn->pn48 = new_pn.pn48;25922593return pn_invalid;2594}25952596static bool ath10k_htt_rx_proc_rx_ind_hl(struct ath10k_htt *htt,2597struct htt_rx_indication_hl *rx,2598struct sk_buff *skb,2599enum htt_rx_pn_check_type check_pn_type,2600enum htt_rx_tkip_demic_type tkip_mic_type)2601{2602struct ath10k *ar = htt->ar;2603struct ath10k_peer *peer;2604struct htt_rx_indication_mpdu_range *mpdu_ranges;2605struct fw_rx_desc_hl *fw_desc;2606enum htt_txrx_sec_cast_type sec_index;2607enum htt_security_types sec_type;2608union htt_rx_pn_t new_pn = {};2609struct htt_hl_rx_desc *rx_desc;2610struct ieee80211_hdr *hdr;2611struct ieee80211_rx_status *rx_status;2612u16 peer_id;2613u8 rx_desc_len;2614int num_mpdu_ranges;2615size_t tot_hdr_len;2616struct ieee80211_channel *ch;2617bool pn_invalid, qos, first_msdu;2618u32 tid, rx_desc_info;26192620peer_id = __le16_to_cpu(rx->hdr.peer_id);2621tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);26222623spin_lock_bh(&ar->data_lock);2624peer = ath10k_peer_find_by_id(ar, peer_id);2625spin_unlock_bh(&ar->data_lock);2626if (!peer && peer_id != HTT_INVALID_PEERID)2627ath10k_warn(ar, "Got RX ind from invalid peer: %u\n", peer_id);26282629if (!peer)2630return true;26312632num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),2633HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);2634mpdu_ranges = htt_rx_ind_get_mpdu_ranges_hl(rx);2635fw_desc = &rx->fw_desc;2636rx_desc_len = fw_desc->len;26372638if (fw_desc->u.bits.discard) {2639ath10k_dbg(ar, ATH10K_DBG_HTT, "htt discard mpdu\n");2640goto err;2641}26422643/* I have not yet seen any case where num_mpdu_ranges > 1.2644* qcacld does not seem handle that case either, so we introduce the2645* same limitation here as well.2646*/2647if (num_mpdu_ranges > 1)2648ath10k_warn(ar,2649"Unsupported number of MPDU ranges: %d, ignoring all but the first\n",2650num_mpdu_ranges);26512652if (mpdu_ranges->mpdu_range_status !=2653HTT_RX_IND_MPDU_STATUS_OK &&2654mpdu_ranges->mpdu_range_status !=2655HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR) {2656ath10k_dbg(ar, ATH10K_DBG_HTT, "htt mpdu_range_status %d\n",2657mpdu_ranges->mpdu_range_status);2658goto err;2659}26602661rx_desc = (struct htt_hl_rx_desc *)&rx->mpdu_ranges[num_mpdu_ranges];2662rx_desc_info = __le32_to_cpu(rx_desc->info);26632664if (MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST))2665sec_index = HTT_TXRX_SEC_MCAST;2666else2667sec_index = HTT_TXRX_SEC_UCAST;26682669sec_type = peer->rx_pn[sec_index].sec_type;2670first_msdu = rx->fw_desc.flags & FW_RX_DESC_FLAGS_FIRST_MSDU;26712672ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);26732674if (check_pn_type == HTT_RX_PN_CHECK && tid >= IEEE80211_NUM_TIDS) {2675spin_lock_bh(&ar->data_lock);2676pn_invalid = ath10k_htt_rx_pn_check_replay_hl(ar, peer, rx);2677spin_unlock_bh(&ar->data_lock);26782679if (pn_invalid)2680goto err;2681}26822683/* Strip off all headers before the MAC header before delivery to2684* mac802112685*/2686tot_hdr_len = sizeof(struct htt_resp_hdr) + sizeof(rx->hdr) +2687sizeof(rx->ppdu) + sizeof(rx->prefix) +2688sizeof(rx->fw_desc) +2689sizeof(*mpdu_ranges) * num_mpdu_ranges + rx_desc_len;26902691skb_pull(skb, tot_hdr_len);26922693hdr = (struct ieee80211_hdr *)skb->data;2694qos = ieee80211_is_data_qos(hdr->frame_control);26952696rx_status = IEEE80211_SKB_RXCB(skb);2697memset(rx_status, 0, sizeof(*rx_status));26982699if (rx->ppdu.combined_rssi == 0) {2700/* SDIO firmware does not provide signal */2701rx_status->signal = 0;2702rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;2703} else {2704rx_status->signal = ATH10K_DEFAULT_NOISE_FLOOR +2705rx->ppdu.combined_rssi;2706rx_status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;2707}27082709spin_lock_bh(&ar->data_lock);2710ch = ar->scan_channel;2711if (!ch)2712ch = ar->rx_channel;2713if (!ch)2714ch = ath10k_htt_rx_h_any_channel(ar);2715if (!ch)2716ch = ar->tgt_oper_chan;2717spin_unlock_bh(&ar->data_lock);27182719if (ch) {2720rx_status->band = ch->band;2721rx_status->freq = ch->center_freq;2722}2723if (rx->fw_desc.flags & FW_RX_DESC_FLAGS_LAST_MSDU)2724rx_status->flag &= ~RX_FLAG_AMSDU_MORE;2725else2726rx_status->flag |= RX_FLAG_AMSDU_MORE;27272728/* Not entirely sure about this, but all frames from the chipset has2729* the protected flag set even though they have already been decrypted.2730* Unmasking this flag is necessary in order for mac80211 not to drop2731* the frame.2732* TODO: Verify this is always the case or find out a way to check2733* if there has been hw decryption.2734*/2735if (ieee80211_has_protected(hdr->frame_control)) {2736hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);2737rx_status->flag |= RX_FLAG_DECRYPTED |2738RX_FLAG_IV_STRIPPED |2739RX_FLAG_MMIC_STRIPPED;27402741if (tid < IEEE80211_NUM_TIDS &&2742first_msdu &&2743check_pn_type == HTT_RX_PN_CHECK &&2744(sec_type == HTT_SECURITY_AES_CCMP ||2745sec_type == HTT_SECURITY_TKIP ||2746sec_type == HTT_SECURITY_TKIP_NOMIC)) {2747u8 offset, *ivp, i;2748s8 keyidx = 0;2749__le64 pn48 = cpu_to_le64(new_pn.pn48);27502751hdr = (struct ieee80211_hdr *)skb->data;2752offset = ieee80211_hdrlen(hdr->frame_control);2753hdr->frame_control |= __cpu_to_le16(IEEE80211_FCTL_PROTECTED);2754rx_status->flag &= ~RX_FLAG_IV_STRIPPED;27552756memmove(skb->data - IEEE80211_CCMP_HDR_LEN,2757skb->data, offset);2758skb_push(skb, IEEE80211_CCMP_HDR_LEN);2759ivp = skb->data + offset;2760memset(skb->data + offset, 0, IEEE80211_CCMP_HDR_LEN);2761/* Ext IV */2762ivp[IEEE80211_WEP_IV_LEN - 1] |= ATH10K_IEEE80211_EXTIV;27632764for (i = 0; i < ARRAY_SIZE(peer->keys); i++) {2765if (peer->keys[i] &&2766peer->keys[i]->flags & IEEE80211_KEY_FLAG_PAIRWISE)2767keyidx = peer->keys[i]->keyidx;2768}27692770/* Key ID */2771ivp[IEEE80211_WEP_IV_LEN - 1] |= keyidx << 6;27722773if (sec_type == HTT_SECURITY_AES_CCMP) {2774rx_status->flag |= RX_FLAG_MIC_STRIPPED;2775/* pn 0, pn 1 */2776memcpy(skb->data + offset, &pn48, 2);2777/* pn 1, pn 3 , pn 34 , pn 5 */2778memcpy(skb->data + offset + 4, ((u8 *)&pn48) + 2, 4);2779} else {2780rx_status->flag |= RX_FLAG_ICV_STRIPPED;2781/* TSC 0 */2782memcpy(skb->data + offset + 2, &pn48, 1);2783/* TSC 1 */2784memcpy(skb->data + offset, ((u8 *)&pn48) + 1, 1);2785/* TSC 2 , TSC 3 , TSC 4 , TSC 5*/2786memcpy(skb->data + offset + 4, ((u8 *)&pn48) + 2, 4);2787}2788}2789}27902791if (tkip_mic_type == HTT_RX_TKIP_MIC)2792rx_status->flag &= ~RX_FLAG_IV_STRIPPED &2793~RX_FLAG_MMIC_STRIPPED;27942795if (mpdu_ranges->mpdu_range_status == HTT_RX_IND_MPDU_STATUS_TKIP_MIC_ERR)2796rx_status->flag |= RX_FLAG_MMIC_ERROR;27972798if (!qos && tid < IEEE80211_NUM_TIDS) {2799u8 offset;2800__le16 qos_ctrl = 0;28012802hdr = (struct ieee80211_hdr *)skb->data;2803offset = ieee80211_hdrlen(hdr->frame_control);28042805hdr->frame_control |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);2806memmove(skb->data - IEEE80211_QOS_CTL_LEN, skb->data, offset);2807skb_push(skb, IEEE80211_QOS_CTL_LEN);2808qos_ctrl = cpu_to_le16(tid);2809memcpy(skb->data + offset, &qos_ctrl, IEEE80211_QOS_CTL_LEN);2810}28112812if (ar->napi.dev)2813ieee80211_rx_napi(ar->hw, NULL, skb, &ar->napi);2814else2815ieee80211_rx_ni(ar->hw, skb);28162817/* We have delivered the skb to the upper layers (mac80211) so we2818* must not free it.2819*/2820return false;2821err:2822/* Tell the caller that it must free the skb since we have not2823* consumed it2824*/2825return true;2826}28272828static int ath10k_htt_rx_frag_tkip_decap_nomic(struct sk_buff *skb,2829u16 head_len,2830u16 hdr_len)2831{2832u8 *ivp, *orig_hdr;28332834orig_hdr = skb->data;2835ivp = orig_hdr + hdr_len + head_len;28362837/* the ExtIV bit is always set to 1 for TKIP */2838if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2839return -EINVAL;28402841memmove(orig_hdr + IEEE80211_TKIP_IV_LEN, orig_hdr, head_len + hdr_len);2842skb_pull(skb, IEEE80211_TKIP_IV_LEN);2843skb_trim(skb, skb->len - ATH10K_IEEE80211_TKIP_MICLEN);2844return 0;2845}28462847static int ath10k_htt_rx_frag_tkip_decap_withmic(struct sk_buff *skb,2848u16 head_len,2849u16 hdr_len)2850{2851u8 *ivp, *orig_hdr;28522853orig_hdr = skb->data;2854ivp = orig_hdr + hdr_len + head_len;28552856/* the ExtIV bit is always set to 1 for TKIP */2857if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2858return -EINVAL;28592860memmove(orig_hdr + IEEE80211_TKIP_IV_LEN, orig_hdr, head_len + hdr_len);2861skb_pull(skb, IEEE80211_TKIP_IV_LEN);2862skb_trim(skb, skb->len - IEEE80211_TKIP_ICV_LEN);2863return 0;2864}28652866static int ath10k_htt_rx_frag_ccmp_decap(struct sk_buff *skb,2867u16 head_len,2868u16 hdr_len)2869{2870u8 *ivp, *orig_hdr;28712872orig_hdr = skb->data;2873ivp = orig_hdr + hdr_len + head_len;28742875/* the ExtIV bit is always set to 1 for CCMP */2876if (!(ivp[IEEE80211_WEP_IV_LEN - 1] & ATH10K_IEEE80211_EXTIV))2877return -EINVAL;28782879skb_trim(skb, skb->len - IEEE80211_CCMP_MIC_LEN);2880memmove(orig_hdr + IEEE80211_CCMP_HDR_LEN, orig_hdr, head_len + hdr_len);2881skb_pull(skb, IEEE80211_CCMP_HDR_LEN);2882return 0;2883}28842885static int ath10k_htt_rx_frag_wep_decap(struct sk_buff *skb,2886u16 head_len,2887u16 hdr_len)2888{2889u8 *orig_hdr;28902891orig_hdr = skb->data;28922893memmove(orig_hdr + IEEE80211_WEP_IV_LEN,2894orig_hdr, head_len + hdr_len);2895skb_pull(skb, IEEE80211_WEP_IV_LEN);2896skb_trim(skb, skb->len - IEEE80211_WEP_ICV_LEN);2897return 0;2898}28992900static bool ath10k_htt_rx_proc_rx_frag_ind_hl(struct ath10k_htt *htt,2901struct htt_rx_fragment_indication *rx,2902struct sk_buff *skb)2903{2904struct ath10k *ar = htt->ar;2905enum htt_rx_tkip_demic_type tkip_mic = HTT_RX_NON_TKIP_MIC;2906enum htt_txrx_sec_cast_type sec_index;2907struct htt_rx_indication_hl *rx_hl;2908enum htt_security_types sec_type;2909u32 tid, frag, seq, rx_desc_info;2910union htt_rx_pn_t new_pn = {};2911struct htt_hl_rx_desc *rx_desc;2912u16 peer_id, sc, hdr_space;2913union htt_rx_pn_t *last_pn;2914struct ieee80211_hdr *hdr;2915int ret, num_mpdu_ranges;2916struct ath10k_peer *peer;2917struct htt_resp *resp;2918size_t tot_hdr_len;29192920resp = (struct htt_resp *)(skb->data + HTT_RX_FRAG_IND_INFO0_HEADER_LEN);2921skb_pull(skb, HTT_RX_FRAG_IND_INFO0_HEADER_LEN);2922skb_trim(skb, skb->len - FCS_LEN);29232924peer_id = __le16_to_cpu(rx->peer_id);2925rx_hl = (struct htt_rx_indication_hl *)(&resp->rx_ind_hl);29262927spin_lock_bh(&ar->data_lock);2928peer = ath10k_peer_find_by_id(ar, peer_id);2929if (!peer) {2930ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer: %u\n", peer_id);2931goto err;2932}29332934num_mpdu_ranges = MS(__le32_to_cpu(rx_hl->hdr.info1),2935HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);29362937tot_hdr_len = sizeof(struct htt_resp_hdr) +2938sizeof(rx_hl->hdr) +2939sizeof(rx_hl->ppdu) +2940sizeof(rx_hl->prefix) +2941sizeof(rx_hl->fw_desc) +2942sizeof(struct htt_rx_indication_mpdu_range) * num_mpdu_ranges;29432944tid = MS(rx_hl->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);2945rx_desc = (struct htt_hl_rx_desc *)(skb->data + tot_hdr_len);2946rx_desc_info = __le32_to_cpu(rx_desc->info);29472948hdr = (struct ieee80211_hdr *)((u8 *)rx_desc + rx_hl->fw_desc.len);29492950if (is_multicast_ether_addr(hdr->addr1)) {2951/* Discard the fragment with multicast DA */2952goto err;2953}29542955if (!MS(rx_desc_info, HTT_RX_DESC_HL_INFO_ENCRYPTED)) {2956spin_unlock_bh(&ar->data_lock);2957return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,2958HTT_RX_NON_PN_CHECK,2959HTT_RX_NON_TKIP_MIC);2960}29612962if (ieee80211_has_retry(hdr->frame_control))2963goto err;29642965hdr_space = ieee80211_hdrlen(hdr->frame_control);2966sc = __le16_to_cpu(hdr->seq_ctrl);2967seq = IEEE80211_SEQ_TO_SN(sc);2968frag = sc & IEEE80211_SCTL_FRAG;29692970sec_index = MS(rx_desc_info, HTT_RX_DESC_HL_INFO_MCAST_BCAST) ?2971HTT_TXRX_SEC_MCAST : HTT_TXRX_SEC_UCAST;2972sec_type = peer->rx_pn[sec_index].sec_type;2973ath10k_htt_rx_mpdu_desc_pn_hl(rx_desc, &new_pn, peer->rx_pn[sec_index].pn_len);29742975switch (sec_type) {2976case HTT_SECURITY_TKIP:2977tkip_mic = HTT_RX_TKIP_MIC;2978ret = ath10k_htt_rx_frag_tkip_decap_withmic(skb,2979tot_hdr_len +2980rx_hl->fw_desc.len,2981hdr_space);2982if (ret)2983goto err;2984break;2985case HTT_SECURITY_TKIP_NOMIC:2986ret = ath10k_htt_rx_frag_tkip_decap_nomic(skb,2987tot_hdr_len +2988rx_hl->fw_desc.len,2989hdr_space);2990if (ret)2991goto err;2992break;2993case HTT_SECURITY_AES_CCMP:2994ret = ath10k_htt_rx_frag_ccmp_decap(skb,2995tot_hdr_len + rx_hl->fw_desc.len,2996hdr_space);2997if (ret)2998goto err;2999break;3000case HTT_SECURITY_WEP128:3001case HTT_SECURITY_WEP104:3002case HTT_SECURITY_WEP40:3003ret = ath10k_htt_rx_frag_wep_decap(skb,3004tot_hdr_len + rx_hl->fw_desc.len,3005hdr_space);3006if (ret)3007goto err;3008break;3009default:3010break;3011}30123013resp = (struct htt_resp *)(skb->data);30143015if (sec_type != HTT_SECURITY_AES_CCMP &&3016sec_type != HTT_SECURITY_TKIP &&3017sec_type != HTT_SECURITY_TKIP_NOMIC) {3018spin_unlock_bh(&ar->data_lock);3019return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,3020HTT_RX_NON_PN_CHECK,3021HTT_RX_NON_TKIP_MIC);3022}30233024last_pn = &peer->frag_tids_last_pn[tid];30253026if (frag == 0) {3027if (ath10k_htt_rx_pn_check_replay_hl(ar, peer, &resp->rx_ind_hl))3028goto err;30293030last_pn->pn48 = new_pn.pn48;3031peer->frag_tids_seq[tid] = seq;3032} else if (sec_type == HTT_SECURITY_AES_CCMP) {3033if (seq != peer->frag_tids_seq[tid])3034goto err;30353036if (new_pn.pn48 != last_pn->pn48 + 1)3037goto err;30383039last_pn->pn48 = new_pn.pn48;3040last_pn = &peer->tids_last_pn[tid];3041last_pn->pn48 = new_pn.pn48;3042}30433044spin_unlock_bh(&ar->data_lock);30453046return ath10k_htt_rx_proc_rx_ind_hl(htt, &resp->rx_ind_hl, skb,3047HTT_RX_NON_PN_CHECK, tkip_mic);30483049err:3050spin_unlock_bh(&ar->data_lock);30513052/* Tell the caller that it must free the skb since we have not3053* consumed it3054*/3055return true;3056}30573058static void ath10k_htt_rx_proc_rx_ind_ll(struct ath10k_htt *htt,3059struct htt_rx_indication *rx)3060{3061struct ath10k *ar = htt->ar;3062struct htt_rx_indication_mpdu_range *mpdu_ranges;3063int num_mpdu_ranges;3064int i, mpdu_count = 0;3065u16 peer_id;3066u8 tid;30673068num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),3069HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);3070peer_id = __le16_to_cpu(rx->hdr.peer_id);3071tid = MS(rx->hdr.info0, HTT_RX_INDICATION_INFO0_EXT_TID);30723073mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx);30743075ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",3076rx, struct_size(rx, mpdu_ranges, num_mpdu_ranges));30773078for (i = 0; i < num_mpdu_ranges; i++)3079mpdu_count += mpdu_ranges[i].mpdu_count;30803081atomic_add(mpdu_count, &htt->num_mpdus_ready);30823083ath10k_sta_update_rx_tid_stats_ampdu(ar, peer_id, tid, mpdu_ranges,3084num_mpdu_ranges);3085}30863087static void ath10k_htt_rx_tx_compl_ind(struct ath10k *ar,3088struct sk_buff *skb)3089{3090struct ath10k_htt *htt = &ar->htt;3091struct htt_resp *resp = (struct htt_resp *)skb->data;3092struct htt_tx_done tx_done = {};3093int status = MS(resp->data_tx_completion.flags, HTT_DATA_TX_STATUS);3094__le16 msdu_id, *msdus;3095bool rssi_enabled = false;3096u8 msdu_count = 0, num_airtime_records, tid;3097int i, htt_pad = 0;3098struct htt_data_tx_compl_ppdu_dur *ppdu_info;3099struct ath10k_peer *peer;3100u16 ppdu_info_offset = 0, peer_id;3101u32 tx_duration;31023103switch (status) {3104case HTT_DATA_TX_STATUS_NO_ACK:3105tx_done.status = HTT_TX_COMPL_STATE_NOACK;3106break;3107case HTT_DATA_TX_STATUS_OK:3108tx_done.status = HTT_TX_COMPL_STATE_ACK;3109break;3110case HTT_DATA_TX_STATUS_DISCARD:3111case HTT_DATA_TX_STATUS_POSTPONE:3112tx_done.status = HTT_TX_COMPL_STATE_DISCARD;3113break;3114default:3115ath10k_warn(ar, "unhandled tx completion status %d\n", status);3116tx_done.status = HTT_TX_COMPL_STATE_DISCARD;3117break;3118}31193120ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx completion num_msdus %d\n",3121resp->data_tx_completion.num_msdus);31223123msdu_count = resp->data_tx_completion.num_msdus;3124msdus = resp->data_tx_completion.msdus;3125rssi_enabled = ath10k_is_rssi_enable(&ar->hw_params, resp);31263127if (rssi_enabled)3128htt_pad = ath10k_tx_data_rssi_get_pad_bytes(&ar->hw_params,3129resp);31303131for (i = 0; i < msdu_count; i++) {3132msdu_id = msdus[i];3133tx_done.msdu_id = __le16_to_cpu(msdu_id);31343135if (rssi_enabled) {3136/* Total no of MSDUs should be even,3137* if odd MSDUs are sent firmware fills3138* last msdu id with 0xffff3139*/3140if (msdu_count & 0x01) {3141msdu_id = msdus[msdu_count + i + 1 + htt_pad];3142tx_done.ack_rssi = __le16_to_cpu(msdu_id);3143} else {3144msdu_id = msdus[msdu_count + i + htt_pad];3145tx_done.ack_rssi = __le16_to_cpu(msdu_id);3146}3147}31483149/* kfifo_put: In practice firmware shouldn't fire off per-CE3150* interrupt and main interrupt (MSI/-X range case) for the same3151* HTC service so it should be safe to use kfifo_put w/o lock.3152*3153* From kfifo_put() documentation:3154* Note that with only one concurrent reader and one concurrent3155* writer, you don't need extra locking to use these macro.3156*/3157if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) {3158ath10k_txrx_tx_unref(htt, &tx_done);3159} else if (!kfifo_put(&htt->txdone_fifo, tx_done)) {3160ath10k_warn(ar, "txdone fifo overrun, msdu_id %d status %d\n",3161tx_done.msdu_id, tx_done.status);3162ath10k_txrx_tx_unref(htt, &tx_done);3163}3164}31653166if (!(resp->data_tx_completion.flags2 & HTT_TX_CMPL_FLAG_PPDU_DURATION_PRESENT))3167return;31683169ppdu_info_offset = (msdu_count & 0x01) ? msdu_count + 1 : msdu_count;31703171if (rssi_enabled)3172ppdu_info_offset += ppdu_info_offset;31733174if (resp->data_tx_completion.flags2 &3175(HTT_TX_CMPL_FLAG_PPID_PRESENT | HTT_TX_CMPL_FLAG_PA_PRESENT))3176ppdu_info_offset += 2;31773178ppdu_info = (struct htt_data_tx_compl_ppdu_dur *)&msdus[ppdu_info_offset];3179num_airtime_records = FIELD_GET(HTT_TX_COMPL_PPDU_DUR_INFO0_NUM_ENTRIES_MASK,3180__le32_to_cpu(ppdu_info->info0));31813182for (i = 0; i < num_airtime_records; i++) {3183struct htt_data_tx_ppdu_dur *ppdu_dur;3184u32 info0;31853186ppdu_dur = &ppdu_info->ppdu_dur[i];3187info0 = __le32_to_cpu(ppdu_dur->info0);31883189peer_id = FIELD_GET(HTT_TX_PPDU_DUR_INFO0_PEER_ID_MASK,3190info0);3191rcu_read_lock();3192spin_lock_bh(&ar->data_lock);31933194peer = ath10k_peer_find_by_id(ar, peer_id);3195if (!peer || !peer->sta) {3196spin_unlock_bh(&ar->data_lock);3197rcu_read_unlock();3198continue;3199}32003201tid = FIELD_GET(HTT_TX_PPDU_DUR_INFO0_TID_MASK, info0) &3202IEEE80211_QOS_CTL_TID_MASK;3203tx_duration = __le32_to_cpu(ppdu_dur->tx_duration);32043205ieee80211_sta_register_airtime(peer->sta, tid, tx_duration, 0);32063207spin_unlock_bh(&ar->data_lock);3208rcu_read_unlock();3209}3210}32113212static void ath10k_htt_rx_addba(struct ath10k *ar, struct htt_resp *resp)3213{3214struct htt_rx_addba *ev = &resp->rx_addba;3215struct ath10k_peer *peer;3216struct ath10k_vif *arvif;3217u16 info0, tid, peer_id;32183219info0 = __le16_to_cpu(ev->info0);3220tid = MS(info0, HTT_RX_BA_INFO0_TID);3221peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);32223223ath10k_dbg(ar, ATH10K_DBG_HTT,3224"htt rx addba tid %u peer_id %u size %u\n",3225tid, peer_id, ev->window_size);32263227spin_lock_bh(&ar->data_lock);3228peer = ath10k_peer_find_by_id(ar, peer_id);3229if (!peer) {3230ath10k_warn(ar, "received addba event for invalid peer_id: %u\n",3231peer_id);3232spin_unlock_bh(&ar->data_lock);3233return;3234}32353236arvif = ath10k_get_arvif(ar, peer->vdev_id);3237if (!arvif) {3238ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",3239peer->vdev_id);3240spin_unlock_bh(&ar->data_lock);3241return;3242}32433244ath10k_dbg(ar, ATH10K_DBG_HTT,3245"htt rx start rx ba session sta %pM tid %u size %u\n",3246peer->addr, tid, ev->window_size);32473248ieee80211_start_rx_ba_session_offl(arvif->vif, peer->addr, tid);3249spin_unlock_bh(&ar->data_lock);3250}32513252static void ath10k_htt_rx_delba(struct ath10k *ar, struct htt_resp *resp)3253{3254struct htt_rx_delba *ev = &resp->rx_delba;3255struct ath10k_peer *peer;3256struct ath10k_vif *arvif;3257u16 info0, tid, peer_id;32583259info0 = __le16_to_cpu(ev->info0);3260tid = MS(info0, HTT_RX_BA_INFO0_TID);3261peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);32623263ath10k_dbg(ar, ATH10K_DBG_HTT,3264"htt rx delba tid %u peer_id %u\n",3265tid, peer_id);32663267spin_lock_bh(&ar->data_lock);3268peer = ath10k_peer_find_by_id(ar, peer_id);3269if (!peer) {3270ath10k_warn(ar, "received addba event for invalid peer_id: %u\n",3271peer_id);3272spin_unlock_bh(&ar->data_lock);3273return;3274}32753276arvif = ath10k_get_arvif(ar, peer->vdev_id);3277if (!arvif) {3278ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",3279peer->vdev_id);3280spin_unlock_bh(&ar->data_lock);3281return;3282}32833284ath10k_dbg(ar, ATH10K_DBG_HTT,3285"htt rx stop rx ba session sta %pM tid %u\n",3286peer->addr, tid);32873288ieee80211_stop_rx_ba_session_offl(arvif->vif, peer->addr, tid);3289spin_unlock_bh(&ar->data_lock);3290}32913292static int ath10k_htt_rx_extract_amsdu(struct ath10k_hw_params *hw,3293struct sk_buff_head *list,3294struct sk_buff_head *amsdu)3295{3296struct sk_buff *msdu;3297struct htt_rx_desc *rxd;3298struct rx_msdu_end_common *rxd_msdu_end_common;32993300if (skb_queue_empty(list))3301return -ENOBUFS;33023303if (WARN_ON(!skb_queue_empty(amsdu)))3304return -EINVAL;33053306while ((msdu = __skb_dequeue(list))) {3307__skb_queue_tail(amsdu, msdu);33083309rxd = HTT_RX_BUF_TO_RX_DESC(hw,3310#if defined(__linux__)3311(void *)msdu->data -3312#elif defined(__FreeBSD__)3313(u8 *)msdu->data -3314#endif3315hw->rx_desc_ops->rx_desc_size);33163317rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);3318if (rxd_msdu_end_common->info0 &3319__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))3320break;3321}33223323msdu = skb_peek_tail(amsdu);3324rxd = HTT_RX_BUF_TO_RX_DESC(hw,3325#if defined(__linux__)3326(void *)msdu->data - hw->rx_desc_ops->rx_desc_size);3327#elif defined(__FreeBSD__)3328(u8 *)msdu->data - hw->rx_desc_ops->rx_desc_size);3329#endif33303331rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd);3332if (!(rxd_msdu_end_common->info0 &3333__cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))) {3334skb_queue_splice_init(amsdu, list);3335return -EAGAIN;3336}33373338return 0;3339}33403341static void ath10k_htt_rx_h_rx_offload_prot(struct ieee80211_rx_status *status,3342struct sk_buff *skb)3343{3344struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;33453346if (!ieee80211_has_protected(hdr->frame_control))3347return;33483349/* Offloaded frames are already decrypted but firmware insists they are3350* protected in the 802.11 header. Strip the flag. Otherwise mac802113351* will drop the frame.3352*/33533354hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);3355status->flag |= RX_FLAG_DECRYPTED |3356RX_FLAG_IV_STRIPPED |3357RX_FLAG_MMIC_STRIPPED;3358}33593360static void ath10k_htt_rx_h_rx_offload(struct ath10k *ar,3361struct sk_buff_head *list)3362{3363struct ath10k_htt *htt = &ar->htt;3364struct ieee80211_rx_status *status = &htt->rx_status;3365struct htt_rx_offload_msdu *rx;3366struct sk_buff *msdu;3367size_t offset;33683369while ((msdu = __skb_dequeue(list))) {3370/* Offloaded frames don't have Rx descriptor. Instead they have3371* a short meta information header.3372*/33733374rx = (void *)msdu->data;33753376skb_put(msdu, sizeof(*rx));3377skb_pull(msdu, sizeof(*rx));33783379if (skb_tailroom(msdu) < __le16_to_cpu(rx->msdu_len)) {3380ath10k_warn(ar, "dropping frame: offloaded rx msdu is too long!\n");3381dev_kfree_skb_any(msdu);3382continue;3383}33843385skb_put(msdu, __le16_to_cpu(rx->msdu_len));33863387/* Offloaded rx header length isn't multiple of 2 nor 4 so the3388* actual payload is unaligned. Align the frame. Otherwise3389* mac80211 complains. This shouldn't reduce performance much3390* because these offloaded frames are rare.3391*/3392offset = 4 - ((unsigned long)msdu->data & 3);3393skb_put(msdu, offset);3394memmove(msdu->data + offset, msdu->data, msdu->len);3395skb_pull(msdu, offset);33963397/* FIXME: The frame is NWifi. Re-construct QoS Control3398* if possible later.3399*/34003401memset(status, 0, sizeof(*status));3402status->flag |= RX_FLAG_NO_SIGNAL_VAL;34033404ath10k_htt_rx_h_rx_offload_prot(status, msdu);3405ath10k_htt_rx_h_channel(ar, status, NULL, rx->vdev_id);3406ath10k_htt_rx_h_queue_msdu(ar, status, msdu);3407}3408}34093410static int ath10k_htt_rx_in_ord_ind(struct ath10k *ar, struct sk_buff *skb)3411{3412struct ath10k_htt *htt = &ar->htt;3413struct htt_resp *resp = (void *)skb->data;3414struct ieee80211_rx_status *status = &htt->rx_status;3415struct sk_buff_head list;3416struct sk_buff_head amsdu;3417u16 peer_id;3418u16 msdu_count;3419u8 vdev_id;3420u8 tid;3421bool offload;3422bool frag;3423int ret;34243425lockdep_assert_held(&htt->rx_ring.lock);34263427if (htt->rx_confused)3428return -EIO;34293430skb_pull(skb, sizeof(resp->hdr));3431skb_pull(skb, sizeof(resp->rx_in_ord_ind));34323433peer_id = __le16_to_cpu(resp->rx_in_ord_ind.peer_id);3434msdu_count = __le16_to_cpu(resp->rx_in_ord_ind.msdu_count);3435vdev_id = resp->rx_in_ord_ind.vdev_id;3436tid = SM(resp->rx_in_ord_ind.info, HTT_RX_IN_ORD_IND_INFO_TID);3437offload = !!(resp->rx_in_ord_ind.info &3438HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);3439frag = !!(resp->rx_in_ord_ind.info & HTT_RX_IN_ORD_IND_INFO_FRAG_MASK);34403441ath10k_dbg(ar, ATH10K_DBG_HTT,3442"htt rx in ord vdev %i peer %i tid %i offload %i frag %i msdu count %i\n",3443vdev_id, peer_id, tid, offload, frag, msdu_count);34443445if (skb->len < msdu_count * sizeof(*resp->rx_in_ord_ind.msdu_descs32)) {3446ath10k_warn(ar, "dropping invalid in order rx indication\n");3447return -EINVAL;3448}34493450/* The event can deliver more than 1 A-MSDU. Each A-MSDU is later3451* extracted and processed.3452*/3453__skb_queue_head_init(&list);3454if (ar->hw_params.target_64bit)3455ret = ath10k_htt_rx_pop_paddr64_list(htt, &resp->rx_in_ord_ind,3456&list);3457else3458ret = ath10k_htt_rx_pop_paddr32_list(htt, &resp->rx_in_ord_ind,3459&list);34603461if (ret < 0) {3462ath10k_warn(ar, "failed to pop paddr list: %d\n", ret);3463htt->rx_confused = true;3464return -EIO;3465}34663467/* Offloaded frames are very different and need to be handled3468* separately.3469*/3470if (offload)3471ath10k_htt_rx_h_rx_offload(ar, &list);34723473while (!skb_queue_empty(&list)) {3474__skb_queue_head_init(&amsdu);3475ret = ath10k_htt_rx_extract_amsdu(&ar->hw_params, &list, &amsdu);3476switch (ret) {3477case 0:3478/* Note: The in-order indication may report interleaved3479* frames from different PPDUs meaning reported rx rate3480* to mac80211 isn't accurate/reliable. It's still3481* better to report something than nothing though. This3482* should still give an idea about rx rate to the user.3483*/3484ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);3485ath10k_htt_rx_h_filter(ar, &amsdu, status, NULL);3486ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false, NULL,3487NULL, peer_id, frag);3488ath10k_htt_rx_h_enqueue(ar, &amsdu, status);3489break;3490case -EAGAIN:3491fallthrough;3492default:3493/* Should not happen. */3494ath10k_warn(ar, "failed to extract amsdu: %d\n", ret);3495htt->rx_confused = true;3496__skb_queue_purge(&list);3497return -EIO;3498}3499}3500return ret;3501}35023503static void ath10k_htt_rx_tx_fetch_resp_id_confirm(struct ath10k *ar,3504const __le32 *resp_ids,3505int num_resp_ids)3506{3507int i;3508u32 resp_id;35093510ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm num_resp_ids %d\n",3511num_resp_ids);35123513for (i = 0; i < num_resp_ids; i++) {3514resp_id = le32_to_cpu(resp_ids[i]);35153516ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm resp_id %u\n",3517resp_id);35183519/* TODO: free resp_id */3520}3521}35223523static void ath10k_htt_rx_tx_fetch_ind(struct ath10k *ar, struct sk_buff *skb)3524{3525struct ieee80211_hw *hw = ar->hw;3526struct ieee80211_txq *txq;3527struct htt_resp *resp = (struct htt_resp *)skb->data;3528struct htt_tx_fetch_record *record;3529size_t len;3530size_t max_num_bytes;3531size_t max_num_msdus;3532size_t num_bytes;3533size_t num_msdus;3534const __le32 *resp_ids;3535u16 num_records;3536u16 num_resp_ids;3537u16 peer_id;3538u8 tid;3539int ret;3540int i;3541bool may_tx;35423543ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch ind\n");35443545len = sizeof(resp->hdr) + sizeof(resp->tx_fetch_ind);3546if (unlikely(skb->len < len)) {3547ath10k_warn(ar, "received corrupted tx_fetch_ind event: buffer too short\n");3548return;3549}35503551num_records = le16_to_cpu(resp->tx_fetch_ind.num_records);3552num_resp_ids = le16_to_cpu(resp->tx_fetch_ind.num_resp_ids);35533554len += sizeof(resp->tx_fetch_ind.records[0]) * num_records;3555len += sizeof(resp->tx_fetch_ind.resp_ids[0]) * num_resp_ids;35563557if (unlikely(skb->len < len)) {3558ath10k_warn(ar, "received corrupted tx_fetch_ind event: too many records/resp_ids\n");3559return;3560}35613562ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch ind num records %u num resps %u seq %u\n",3563num_records, num_resp_ids,3564le16_to_cpu(resp->tx_fetch_ind.fetch_seq_num));35653566if (!ar->htt.tx_q_state.enabled) {3567ath10k_warn(ar, "received unexpected tx_fetch_ind event: not enabled\n");3568return;3569}35703571if (ar->htt.tx_q_state.mode == HTT_TX_MODE_SWITCH_PUSH) {3572ath10k_warn(ar, "received unexpected tx_fetch_ind event: in push mode\n");3573return;3574}35753576rcu_read_lock();35773578for (i = 0; i < num_records; i++) {3579record = &resp->tx_fetch_ind.records[i];3580peer_id = MS(le16_to_cpu(record->info),3581HTT_TX_FETCH_RECORD_INFO_PEER_ID);3582tid = MS(le16_to_cpu(record->info),3583HTT_TX_FETCH_RECORD_INFO_TID);3584max_num_msdus = le16_to_cpu(record->num_msdus);3585max_num_bytes = le32_to_cpu(record->num_bytes);35863587ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch record %i peer_id %u tid %u msdus %zu bytes %zu\n",3588i, peer_id, tid, max_num_msdus, max_num_bytes);35893590if (unlikely(peer_id >= ar->htt.tx_q_state.num_peers) ||3591unlikely(tid >= ar->htt.tx_q_state.num_tids)) {3592ath10k_warn(ar, "received out of range peer_id %u tid %u\n",3593peer_id, tid);3594continue;3595}35963597spin_lock_bh(&ar->data_lock);3598txq = ath10k_mac_txq_lookup(ar, peer_id, tid);3599spin_unlock_bh(&ar->data_lock);36003601/* It is okay to release the lock and use txq because RCU read3602* lock is held.3603*/36043605if (unlikely(!txq)) {3606ath10k_warn(ar, "failed to lookup txq for peer_id %u tid %u\n",3607peer_id, tid);3608continue;3609}36103611num_msdus = 0;3612num_bytes = 0;36133614ieee80211_txq_schedule_start(hw, txq->ac);3615may_tx = ieee80211_txq_may_transmit(hw, txq);3616while (num_msdus < max_num_msdus &&3617num_bytes < max_num_bytes) {3618if (!may_tx)3619break;36203621ret = ath10k_mac_tx_push_txq(hw, txq);3622if (ret < 0)3623break;36243625num_msdus++;3626num_bytes += ret;3627}3628ieee80211_return_txq(hw, txq, false);3629ieee80211_txq_schedule_end(hw, txq->ac);36303631record->num_msdus = cpu_to_le16(num_msdus);3632record->num_bytes = cpu_to_le32(num_bytes);36333634ath10k_htt_tx_txq_recalc(hw, txq);3635}36363637rcu_read_unlock();36383639resp_ids = ath10k_htt_get_tx_fetch_ind_resp_ids(&resp->tx_fetch_ind);3640ath10k_htt_rx_tx_fetch_resp_id_confirm(ar, resp_ids, num_resp_ids);36413642ret = ath10k_htt_tx_fetch_resp(ar,3643resp->tx_fetch_ind.token,3644resp->tx_fetch_ind.fetch_seq_num,3645resp->tx_fetch_ind.records,3646num_records);3647if (unlikely(ret)) {3648ath10k_warn(ar, "failed to submit tx fetch resp for token 0x%08x: %d\n",3649le32_to_cpu(resp->tx_fetch_ind.token), ret);3650/* FIXME: request fw restart */3651}36523653ath10k_htt_tx_txq_sync(ar);3654}36553656static void ath10k_htt_rx_tx_fetch_confirm(struct ath10k *ar,3657struct sk_buff *skb)3658{3659const struct htt_resp *resp = (void *)skb->data;3660size_t len;3661int num_resp_ids;36623663ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx fetch confirm\n");36643665len = sizeof(resp->hdr) + sizeof(resp->tx_fetch_confirm);3666if (unlikely(skb->len < len)) {3667ath10k_warn(ar, "received corrupted tx_fetch_confirm event: buffer too short\n");3668return;3669}36703671num_resp_ids = le16_to_cpu(resp->tx_fetch_confirm.num_resp_ids);3672len += sizeof(resp->tx_fetch_confirm.resp_ids[0]) * num_resp_ids;36733674if (unlikely(skb->len < len)) {3675ath10k_warn(ar, "received corrupted tx_fetch_confirm event: resp_ids buffer overflow\n");3676return;3677}36783679ath10k_htt_rx_tx_fetch_resp_id_confirm(ar,3680resp->tx_fetch_confirm.resp_ids,3681num_resp_ids);3682}36833684static void ath10k_htt_rx_tx_mode_switch_ind(struct ath10k *ar,3685struct sk_buff *skb)3686{3687const struct htt_resp *resp = (void *)skb->data;3688const struct htt_tx_mode_switch_record *record;3689struct ieee80211_txq *txq;3690struct ath10k_txq *artxq;3691size_t len;3692size_t num_records;3693enum htt_tx_mode_switch_mode mode;3694bool enable;3695u16 info0;3696u16 info1;3697u16 threshold;3698u16 peer_id;3699u8 tid;3700int i;37013702ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx tx mode switch ind\n");37033704len = sizeof(resp->hdr) + sizeof(resp->tx_mode_switch_ind);3705if (unlikely(skb->len < len)) {3706ath10k_warn(ar, "received corrupted tx_mode_switch_ind event: buffer too short\n");3707return;3708}37093710info0 = le16_to_cpu(resp->tx_mode_switch_ind.info0);3711info1 = le16_to_cpu(resp->tx_mode_switch_ind.info1);37123713enable = !!(info0 & HTT_TX_MODE_SWITCH_IND_INFO0_ENABLE);3714num_records = MS(info0, HTT_TX_MODE_SWITCH_IND_INFO1_THRESHOLD);3715mode = MS(info1, HTT_TX_MODE_SWITCH_IND_INFO1_MODE);3716threshold = MS(info1, HTT_TX_MODE_SWITCH_IND_INFO1_THRESHOLD);37173718ath10k_dbg(ar, ATH10K_DBG_HTT,3719"htt rx tx mode switch ind info0 0x%04x info1 0x%04x enable %d num records %zd mode %d threshold %u\n",3720info0, info1, enable, num_records, mode, threshold);37213722len += sizeof(resp->tx_mode_switch_ind.records[0]) * num_records;37233724if (unlikely(skb->len < len)) {3725ath10k_warn(ar, "received corrupted tx_mode_switch_mode_ind event: too many records\n");3726return;3727}37283729switch (mode) {3730case HTT_TX_MODE_SWITCH_PUSH:3731case HTT_TX_MODE_SWITCH_PUSH_PULL:3732break;3733default:3734ath10k_warn(ar, "received invalid tx_mode_switch_mode_ind mode %d, ignoring\n",3735mode);3736return;3737}37383739if (!enable)3740return;37413742ar->htt.tx_q_state.enabled = enable;3743ar->htt.tx_q_state.mode = mode;3744ar->htt.tx_q_state.num_push_allowed = threshold;37453746rcu_read_lock();37473748for (i = 0; i < num_records; i++) {3749record = &resp->tx_mode_switch_ind.records[i];3750info0 = le16_to_cpu(record->info0);3751peer_id = MS(info0, HTT_TX_MODE_SWITCH_RECORD_INFO0_PEER_ID);3752tid = MS(info0, HTT_TX_MODE_SWITCH_RECORD_INFO0_TID);37533754if (unlikely(peer_id >= ar->htt.tx_q_state.num_peers) ||3755unlikely(tid >= ar->htt.tx_q_state.num_tids)) {3756ath10k_warn(ar, "received out of range peer_id %u tid %u\n",3757peer_id, tid);3758continue;3759}37603761spin_lock_bh(&ar->data_lock);3762txq = ath10k_mac_txq_lookup(ar, peer_id, tid);3763spin_unlock_bh(&ar->data_lock);37643765/* It is okay to release the lock and use txq because RCU read3766* lock is held.3767*/37683769if (unlikely(!txq)) {3770ath10k_warn(ar, "failed to lookup txq for peer_id %u tid %u\n",3771peer_id, tid);3772continue;3773}37743775spin_lock_bh(&ar->htt.tx_lock);3776artxq = (void *)txq->drv_priv;3777artxq->num_push_allowed = le16_to_cpu(record->num_max_msdus);3778spin_unlock_bh(&ar->htt.tx_lock);3779}37803781rcu_read_unlock();37823783ath10k_mac_tx_push_pending(ar);3784}37853786void ath10k_htt_htc_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)3787{3788bool release;37893790release = ath10k_htt_t2h_msg_handler(ar, skb);37913792/* Free the indication buffer */3793if (release)3794dev_kfree_skb_any(skb);3795}37963797static inline s8 ath10k_get_legacy_rate_idx(struct ath10k *ar, u8 rate)3798{3799static const u8 legacy_rates[] = {1, 2, 5, 11, 6, 9, 12,380018, 24, 36, 48, 54};3801int i;38023803for (i = 0; i < ARRAY_SIZE(legacy_rates); i++) {3804if (rate == legacy_rates[i])3805return i;3806}38073808ath10k_warn(ar, "Invalid legacy rate %d peer stats", rate);3809return -EINVAL;3810}38113812static void3813ath10k_accumulate_per_peer_tx_stats(struct ath10k *ar,3814struct ath10k_sta *arsta,3815struct ath10k_per_peer_tx_stats *pstats,3816s8 legacy_rate_idx)3817{3818struct rate_info *txrate = &arsta->txrate;3819struct ath10k_htt_tx_stats *tx_stats;3820int idx, ht_idx, gi, mcs, bw, nss;3821unsigned long flags;38223823if (!arsta->tx_stats)3824return;38253826tx_stats = arsta->tx_stats;3827flags = txrate->flags;3828gi = test_bit(ATH10K_RATE_INFO_FLAGS_SGI_BIT, &flags);3829mcs = ATH10K_HW_MCS_RATE(pstats->ratecode);3830bw = txrate->bw;3831nss = txrate->nss;3832ht_idx = mcs + (nss - 1) * 8;3833idx = mcs * 8 + 8 * 10 * (nss - 1);3834idx += bw * 2 + gi;38353836#define STATS_OP_FMT(name) tx_stats->stats[ATH10K_STATS_TYPE_##name]38373838if (txrate->flags & RATE_INFO_FLAGS_VHT_MCS) {3839STATS_OP_FMT(SUCC).vht[0][mcs] += pstats->succ_bytes;3840STATS_OP_FMT(SUCC).vht[1][mcs] += pstats->succ_pkts;3841STATS_OP_FMT(FAIL).vht[0][mcs] += pstats->failed_bytes;3842STATS_OP_FMT(FAIL).vht[1][mcs] += pstats->failed_pkts;3843STATS_OP_FMT(RETRY).vht[0][mcs] += pstats->retry_bytes;3844STATS_OP_FMT(RETRY).vht[1][mcs] += pstats->retry_pkts;3845} else if (txrate->flags & RATE_INFO_FLAGS_MCS) {3846STATS_OP_FMT(SUCC).ht[0][ht_idx] += pstats->succ_bytes;3847STATS_OP_FMT(SUCC).ht[1][ht_idx] += pstats->succ_pkts;3848STATS_OP_FMT(FAIL).ht[0][ht_idx] += pstats->failed_bytes;3849STATS_OP_FMT(FAIL).ht[1][ht_idx] += pstats->failed_pkts;3850STATS_OP_FMT(RETRY).ht[0][ht_idx] += pstats->retry_bytes;3851STATS_OP_FMT(RETRY).ht[1][ht_idx] += pstats->retry_pkts;3852} else {3853mcs = legacy_rate_idx;38543855STATS_OP_FMT(SUCC).legacy[0][mcs] += pstats->succ_bytes;3856STATS_OP_FMT(SUCC).legacy[1][mcs] += pstats->succ_pkts;3857STATS_OP_FMT(FAIL).legacy[0][mcs] += pstats->failed_bytes;3858STATS_OP_FMT(FAIL).legacy[1][mcs] += pstats->failed_pkts;3859STATS_OP_FMT(RETRY).legacy[0][mcs] += pstats->retry_bytes;3860STATS_OP_FMT(RETRY).legacy[1][mcs] += pstats->retry_pkts;3861}38623863if (ATH10K_HW_AMPDU(pstats->flags)) {3864tx_stats->ba_fails += ATH10K_HW_BA_FAIL(pstats->flags);38653866if (txrate->flags & RATE_INFO_FLAGS_MCS) {3867STATS_OP_FMT(AMPDU).ht[0][ht_idx] +=3868pstats->succ_bytes + pstats->retry_bytes;3869STATS_OP_FMT(AMPDU).ht[1][ht_idx] +=3870pstats->succ_pkts + pstats->retry_pkts;3871} else {3872STATS_OP_FMT(AMPDU).vht[0][mcs] +=3873pstats->succ_bytes + pstats->retry_bytes;3874STATS_OP_FMT(AMPDU).vht[1][mcs] +=3875pstats->succ_pkts + pstats->retry_pkts;3876}3877STATS_OP_FMT(AMPDU).bw[0][bw] +=3878pstats->succ_bytes + pstats->retry_bytes;3879STATS_OP_FMT(AMPDU).nss[0][nss - 1] +=3880pstats->succ_bytes + pstats->retry_bytes;3881STATS_OP_FMT(AMPDU).gi[0][gi] +=3882pstats->succ_bytes + pstats->retry_bytes;3883STATS_OP_FMT(AMPDU).rate_table[0][idx] +=3884pstats->succ_bytes + pstats->retry_bytes;3885STATS_OP_FMT(AMPDU).bw[1][bw] +=3886pstats->succ_pkts + pstats->retry_pkts;3887STATS_OP_FMT(AMPDU).nss[1][nss - 1] +=3888pstats->succ_pkts + pstats->retry_pkts;3889STATS_OP_FMT(AMPDU).gi[1][gi] +=3890pstats->succ_pkts + pstats->retry_pkts;3891STATS_OP_FMT(AMPDU).rate_table[1][idx] +=3892pstats->succ_pkts + pstats->retry_pkts;3893} else {3894tx_stats->ack_fails +=3895ATH10K_HW_BA_FAIL(pstats->flags);3896}38973898STATS_OP_FMT(SUCC).bw[0][bw] += pstats->succ_bytes;3899STATS_OP_FMT(SUCC).nss[0][nss - 1] += pstats->succ_bytes;3900STATS_OP_FMT(SUCC).gi[0][gi] += pstats->succ_bytes;39013902STATS_OP_FMT(SUCC).bw[1][bw] += pstats->succ_pkts;3903STATS_OP_FMT(SUCC).nss[1][nss - 1] += pstats->succ_pkts;3904STATS_OP_FMT(SUCC).gi[1][gi] += pstats->succ_pkts;39053906STATS_OP_FMT(FAIL).bw[0][bw] += pstats->failed_bytes;3907STATS_OP_FMT(FAIL).nss[0][nss - 1] += pstats->failed_bytes;3908STATS_OP_FMT(FAIL).gi[0][gi] += pstats->failed_bytes;39093910STATS_OP_FMT(FAIL).bw[1][bw] += pstats->failed_pkts;3911STATS_OP_FMT(FAIL).nss[1][nss - 1] += pstats->failed_pkts;3912STATS_OP_FMT(FAIL).gi[1][gi] += pstats->failed_pkts;39133914STATS_OP_FMT(RETRY).bw[0][bw] += pstats->retry_bytes;3915STATS_OP_FMT(RETRY).nss[0][nss - 1] += pstats->retry_bytes;3916STATS_OP_FMT(RETRY).gi[0][gi] += pstats->retry_bytes;39173918STATS_OP_FMT(RETRY).bw[1][bw] += pstats->retry_pkts;3919STATS_OP_FMT(RETRY).nss[1][nss - 1] += pstats->retry_pkts;3920STATS_OP_FMT(RETRY).gi[1][gi] += pstats->retry_pkts;39213922if (txrate->flags >= RATE_INFO_FLAGS_MCS) {3923STATS_OP_FMT(SUCC).rate_table[0][idx] += pstats->succ_bytes;3924STATS_OP_FMT(SUCC).rate_table[1][idx] += pstats->succ_pkts;3925STATS_OP_FMT(FAIL).rate_table[0][idx] += pstats->failed_bytes;3926STATS_OP_FMT(FAIL).rate_table[1][idx] += pstats->failed_pkts;3927STATS_OP_FMT(RETRY).rate_table[0][idx] += pstats->retry_bytes;3928STATS_OP_FMT(RETRY).rate_table[1][idx] += pstats->retry_pkts;3929}39303931tx_stats->tx_duration += pstats->duration;3932}39333934static void3935ath10k_update_per_peer_tx_stats(struct ath10k *ar,3936struct ieee80211_sta *sta,3937struct ath10k_per_peer_tx_stats *peer_stats)3938{3939struct ath10k_sta *arsta = (struct ath10k_sta *)sta->drv_priv;3940struct ieee80211_chanctx_conf *conf = NULL;3941u8 rate = 0, sgi;3942s8 rate_idx = 0;3943bool skip_auto_rate;3944struct rate_info txrate;39453946lockdep_assert_held(&ar->data_lock);39473948txrate.flags = ATH10K_HW_PREAMBLE(peer_stats->ratecode);3949txrate.bw = ATH10K_HW_BW(peer_stats->flags);3950txrate.nss = ATH10K_HW_NSS(peer_stats->ratecode);3951txrate.mcs = ATH10K_HW_MCS_RATE(peer_stats->ratecode);3952sgi = ATH10K_HW_GI(peer_stats->flags);3953skip_auto_rate = ATH10K_FW_SKIPPED_RATE_CTRL(peer_stats->flags);39543955/* Firmware's rate control skips broadcast/management frames,3956* if host has configure fixed rates and in some other special cases.3957*/3958if (skip_auto_rate)3959return;39603961if (txrate.flags == WMI_RATE_PREAMBLE_VHT && txrate.mcs > 9) {3962ath10k_warn(ar, "Invalid VHT mcs %d peer stats", txrate.mcs);3963return;3964}39653966if (txrate.flags == WMI_RATE_PREAMBLE_HT &&3967(txrate.mcs > 7 || txrate.nss < 1)) {3968ath10k_warn(ar, "Invalid HT mcs %d nss %d peer stats",3969txrate.mcs, txrate.nss);3970return;3971}39723973memset(&arsta->txrate, 0, sizeof(arsta->txrate));3974memset(&arsta->tx_info.status, 0, sizeof(arsta->tx_info.status));3975if (txrate.flags == WMI_RATE_PREAMBLE_CCK ||3976txrate.flags == WMI_RATE_PREAMBLE_OFDM) {3977rate = ATH10K_HW_LEGACY_RATE(peer_stats->ratecode);3978/* This is hacky, FW sends CCK rate 5.5Mbps as 6 */3979if (rate == 6 && txrate.flags == WMI_RATE_PREAMBLE_CCK)3980rate = 5;3981rate_idx = ath10k_get_legacy_rate_idx(ar, rate);3982if (rate_idx < 0)3983return;3984arsta->txrate.legacy = rate;3985} else if (txrate.flags == WMI_RATE_PREAMBLE_HT) {3986arsta->txrate.flags = RATE_INFO_FLAGS_MCS;3987arsta->txrate.mcs = txrate.mcs + 8 * (txrate.nss - 1);3988} else {3989arsta->txrate.flags = RATE_INFO_FLAGS_VHT_MCS;3990arsta->txrate.mcs = txrate.mcs;3991}39923993switch (txrate.flags) {3994case WMI_RATE_PREAMBLE_OFDM:3995if (arsta->arvif && arsta->arvif->vif)3996conf = rcu_dereference(arsta->arvif->vif->bss_conf.chanctx_conf);3997if (conf && conf->def.chan->band == NL80211_BAND_5GHZ)3998arsta->tx_info.status.rates[0].idx = rate_idx - 4;3999break;4000case WMI_RATE_PREAMBLE_CCK:4001arsta->tx_info.status.rates[0].idx = rate_idx;4002if (sgi)4003arsta->tx_info.status.rates[0].flags |=4004(IEEE80211_TX_RC_USE_SHORT_PREAMBLE |4005IEEE80211_TX_RC_SHORT_GI);4006break;4007case WMI_RATE_PREAMBLE_HT:4008arsta->tx_info.status.rates[0].idx =4009txrate.mcs + ((txrate.nss - 1) * 8);4010if (sgi)4011arsta->tx_info.status.rates[0].flags |=4012IEEE80211_TX_RC_SHORT_GI;4013arsta->tx_info.status.rates[0].flags |= IEEE80211_TX_RC_MCS;4014break;4015case WMI_RATE_PREAMBLE_VHT:4016ieee80211_rate_set_vht(&arsta->tx_info.status.rates[0],4017txrate.mcs, txrate.nss);4018if (sgi)4019arsta->tx_info.status.rates[0].flags |=4020IEEE80211_TX_RC_SHORT_GI;4021arsta->tx_info.status.rates[0].flags |= IEEE80211_TX_RC_VHT_MCS;4022break;4023}40244025arsta->txrate.nss = txrate.nss;4026arsta->txrate.bw = ath10k_bw_to_mac80211_bw(txrate.bw);4027arsta->last_tx_bitrate = cfg80211_calculate_bitrate(&arsta->txrate);4028if (sgi)4029arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;40304031switch (arsta->txrate.bw) {4032case RATE_INFO_BW_40:4033arsta->tx_info.status.rates[0].flags |=4034IEEE80211_TX_RC_40_MHZ_WIDTH;4035break;4036case RATE_INFO_BW_80:4037arsta->tx_info.status.rates[0].flags |=4038IEEE80211_TX_RC_80_MHZ_WIDTH;4039break;4040case RATE_INFO_BW_160:4041arsta->tx_info.status.rates[0].flags |=4042IEEE80211_TX_RC_160_MHZ_WIDTH;4043break;4044}40454046if (peer_stats->succ_pkts) {4047arsta->tx_info.flags = IEEE80211_TX_STAT_ACK;4048arsta->tx_info.status.rates[0].count = 1;4049ieee80211_tx_rate_update(ar->hw, sta, &arsta->tx_info);4050}40514052if (ar->htt.disable_tx_comp) {4053arsta->tx_failed += peer_stats->failed_pkts;4054ath10k_dbg(ar, ATH10K_DBG_HTT, "tx failed %d\n",4055arsta->tx_failed);4056}40574058arsta->tx_retries += peer_stats->retry_pkts;4059ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx retries %d", arsta->tx_retries);40604061if (ath10k_debug_is_extd_tx_stats_enabled(ar))4062ath10k_accumulate_per_peer_tx_stats(ar, arsta, peer_stats,4063rate_idx);4064}40654066static void ath10k_htt_fetch_peer_stats(struct ath10k *ar,4067struct sk_buff *skb)4068{4069struct htt_resp *resp = (struct htt_resp *)skb->data;4070struct ath10k_per_peer_tx_stats *p_tx_stats = &ar->peer_tx_stats;4071struct htt_per_peer_tx_stats_ind *tx_stats;4072struct ieee80211_sta *sta;4073struct ath10k_peer *peer;4074int peer_id, i;4075u8 ppdu_len, num_ppdu;40764077num_ppdu = resp->peer_tx_stats.num_ppdu;4078ppdu_len = resp->peer_tx_stats.ppdu_len * sizeof(__le32);40794080if (skb->len < sizeof(struct htt_resp_hdr) + num_ppdu * ppdu_len) {4081ath10k_warn(ar, "Invalid peer stats buf length %d\n", skb->len);4082return;4083}40844085tx_stats = (struct htt_per_peer_tx_stats_ind *)4086(resp->peer_tx_stats.payload);4087peer_id = __le16_to_cpu(tx_stats->peer_id);40884089rcu_read_lock();4090spin_lock_bh(&ar->data_lock);4091peer = ath10k_peer_find_by_id(ar, peer_id);4092if (!peer || !peer->sta) {4093ath10k_warn(ar, "Invalid peer id %d peer stats buffer\n",4094peer_id);4095goto out;4096}40974098sta = peer->sta;4099for (i = 0; i < num_ppdu; i++) {4100tx_stats = (struct htt_per_peer_tx_stats_ind *)4101(resp->peer_tx_stats.payload + i * ppdu_len);41024103p_tx_stats->succ_bytes = __le32_to_cpu(tx_stats->succ_bytes);4104p_tx_stats->retry_bytes = __le32_to_cpu(tx_stats->retry_bytes);4105p_tx_stats->failed_bytes =4106__le32_to_cpu(tx_stats->failed_bytes);4107p_tx_stats->ratecode = tx_stats->ratecode;4108p_tx_stats->flags = tx_stats->flags;4109p_tx_stats->succ_pkts = __le16_to_cpu(tx_stats->succ_pkts);4110p_tx_stats->retry_pkts = __le16_to_cpu(tx_stats->retry_pkts);4111p_tx_stats->failed_pkts = __le16_to_cpu(tx_stats->failed_pkts);4112p_tx_stats->duration = __le16_to_cpu(tx_stats->tx_duration);41134114ath10k_update_per_peer_tx_stats(ar, sta, p_tx_stats);4115}41164117out:4118spin_unlock_bh(&ar->data_lock);4119rcu_read_unlock();4120}41214122static void ath10k_fetch_10_2_tx_stats(struct ath10k *ar, u8 *data)4123{4124struct ath10k_pktlog_hdr *hdr = (struct ath10k_pktlog_hdr *)data;4125struct ath10k_per_peer_tx_stats *p_tx_stats = &ar->peer_tx_stats;4126struct ath10k_10_2_peer_tx_stats *tx_stats;4127struct ieee80211_sta *sta;4128struct ath10k_peer *peer;4129u16 log_type = __le16_to_cpu(hdr->log_type);4130u32 peer_id = 0, i;41314132if (log_type != ATH_PKTLOG_TYPE_TX_STAT)4133return;41344135tx_stats = (struct ath10k_10_2_peer_tx_stats *)((hdr->payload) +4136ATH10K_10_2_TX_STATS_OFFSET);41374138if (!tx_stats->tx_ppdu_cnt)4139return;41404141peer_id = tx_stats->peer_id;41424143rcu_read_lock();4144spin_lock_bh(&ar->data_lock);4145peer = ath10k_peer_find_by_id(ar, peer_id);4146if (!peer || !peer->sta) {4147ath10k_warn(ar, "Invalid peer id %d in peer stats buffer\n",4148peer_id);4149goto out;4150}41514152sta = peer->sta;4153for (i = 0; i < tx_stats->tx_ppdu_cnt; i++) {4154p_tx_stats->succ_bytes =4155__le16_to_cpu(tx_stats->success_bytes[i]);4156p_tx_stats->retry_bytes =4157__le16_to_cpu(tx_stats->retry_bytes[i]);4158p_tx_stats->failed_bytes =4159__le16_to_cpu(tx_stats->failed_bytes[i]);4160p_tx_stats->ratecode = tx_stats->ratecode[i];4161p_tx_stats->flags = tx_stats->flags[i];4162p_tx_stats->succ_pkts = tx_stats->success_pkts[i];4163p_tx_stats->retry_pkts = tx_stats->retry_pkts[i];4164p_tx_stats->failed_pkts = tx_stats->failed_pkts[i];41654166ath10k_update_per_peer_tx_stats(ar, sta, p_tx_stats);4167}4168spin_unlock_bh(&ar->data_lock);4169rcu_read_unlock();41704171return;41724173out:4174spin_unlock_bh(&ar->data_lock);4175rcu_read_unlock();4176}41774178static int ath10k_htt_rx_pn_len(enum htt_security_types sec_type)4179{4180switch (sec_type) {4181case HTT_SECURITY_TKIP:4182case HTT_SECURITY_TKIP_NOMIC:4183case HTT_SECURITY_AES_CCMP:4184return 48;4185default:4186return 0;4187}4188}41894190static void ath10k_htt_rx_sec_ind_handler(struct ath10k *ar,4191struct htt_security_indication *ev)4192{4193enum htt_txrx_sec_cast_type sec_index;4194enum htt_security_types sec_type;4195struct ath10k_peer *peer;41964197spin_lock_bh(&ar->data_lock);41984199peer = ath10k_peer_find_by_id(ar, __le16_to_cpu(ev->peer_id));4200if (!peer) {4201ath10k_warn(ar, "failed to find peer id %d for security indication",4202__le16_to_cpu(ev->peer_id));4203goto out;4204}42054206sec_type = MS(ev->flags, HTT_SECURITY_TYPE);42074208if (ev->flags & HTT_SECURITY_IS_UNICAST)4209sec_index = HTT_TXRX_SEC_UCAST;4210else4211sec_index = HTT_TXRX_SEC_MCAST;42124213peer->rx_pn[sec_index].sec_type = sec_type;4214peer->rx_pn[sec_index].pn_len = ath10k_htt_rx_pn_len(sec_type);42154216memset(peer->tids_last_pn_valid, 0, sizeof(peer->tids_last_pn_valid));4217memset(peer->tids_last_pn, 0, sizeof(peer->tids_last_pn));42184219out:4220spin_unlock_bh(&ar->data_lock);4221}42224223bool ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)4224{4225struct ath10k_htt *htt = &ar->htt;4226struct htt_resp *resp = (struct htt_resp *)skb->data;4227enum htt_t2h_msg_type type;42284229/* confirm alignment */4230if (!IS_ALIGNED((unsigned long)skb->data, 4))4231ath10k_warn(ar, "unaligned htt message, expect trouble\n");42324233ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, msg_type: 0x%0X\n",4234resp->hdr.msg_type);42354236if (resp->hdr.msg_type >= ar->htt.t2h_msg_types_max) {4237ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, unsupported msg_type: 0x%0X\n max: 0x%0X",4238resp->hdr.msg_type, ar->htt.t2h_msg_types_max);4239return true;4240}4241type = ar->htt.t2h_msg_types[resp->hdr.msg_type];42424243switch (type) {4244case HTT_T2H_MSG_TYPE_VERSION_CONF: {4245htt->target_version_major = resp->ver_resp.major;4246htt->target_version_minor = resp->ver_resp.minor;4247complete(&htt->target_version_received);4248break;4249}4250case HTT_T2H_MSG_TYPE_RX_IND:4251if (ar->bus_param.dev_type != ATH10K_DEV_TYPE_HL) {4252ath10k_htt_rx_proc_rx_ind_ll(htt, &resp->rx_ind);4253} else {4254skb_queue_tail(&htt->rx_indication_head, skb);4255return false;4256}4257break;4258case HTT_T2H_MSG_TYPE_PEER_MAP: {4259struct htt_peer_map_event ev = {4260.vdev_id = resp->peer_map.vdev_id,4261.peer_id = __le16_to_cpu(resp->peer_map.peer_id),4262};4263memcpy(ev.addr, resp->peer_map.addr, sizeof(ev.addr));4264ath10k_peer_map_event(htt, &ev);4265break;4266}4267case HTT_T2H_MSG_TYPE_PEER_UNMAP: {4268struct htt_peer_unmap_event ev = {4269.peer_id = __le16_to_cpu(resp->peer_unmap.peer_id),4270};4271ath10k_peer_unmap_event(htt, &ev);4272break;4273}4274case HTT_T2H_MSG_TYPE_MGMT_TX_COMPLETION: {4275struct htt_tx_done tx_done = {};4276struct ath10k_htt *htt = &ar->htt;4277struct ath10k_htc *htc = &ar->htc;4278struct ath10k_htc_ep *ep = &ar->htc.endpoint[htt->eid];4279int status = __le32_to_cpu(resp->mgmt_tx_completion.status);4280int info = __le32_to_cpu(resp->mgmt_tx_completion.info);42814282tx_done.msdu_id = __le32_to_cpu(resp->mgmt_tx_completion.desc_id);42834284switch (status) {4285case HTT_MGMT_TX_STATUS_OK:4286tx_done.status = HTT_TX_COMPL_STATE_ACK;4287if (test_bit(WMI_SERVICE_HTT_MGMT_TX_COMP_VALID_FLAGS,4288ar->wmi.svc_map) &&4289(resp->mgmt_tx_completion.flags &4290HTT_MGMT_TX_CMPL_FLAG_ACK_RSSI)) {4291tx_done.ack_rssi =4292FIELD_GET(HTT_MGMT_TX_CMPL_INFO_ACK_RSSI_MASK,4293info);4294}4295break;4296case HTT_MGMT_TX_STATUS_RETRY:4297tx_done.status = HTT_TX_COMPL_STATE_NOACK;4298break;4299case HTT_MGMT_TX_STATUS_DROP:4300tx_done.status = HTT_TX_COMPL_STATE_DISCARD;4301break;4302}43034304if (htt->disable_tx_comp) {4305spin_lock_bh(&htc->tx_lock);4306ep->tx_credits++;4307spin_unlock_bh(&htc->tx_lock);4308}43094310status = ath10k_txrx_tx_unref(htt, &tx_done);4311if (!status) {4312spin_lock_bh(&htt->tx_lock);4313ath10k_htt_tx_mgmt_dec_pending(htt);4314spin_unlock_bh(&htt->tx_lock);4315}4316break;4317}4318case HTT_T2H_MSG_TYPE_TX_COMPL_IND:4319ath10k_htt_rx_tx_compl_ind(htt->ar, skb);4320break;4321case HTT_T2H_MSG_TYPE_SEC_IND: {4322struct ath10k *ar = htt->ar;4323struct htt_security_indication *ev = &resp->security_indication;43244325ath10k_htt_rx_sec_ind_handler(ar, ev);4326ath10k_dbg(ar, ATH10K_DBG_HTT,4327"sec ind peer_id %d unicast %d type %d\n",4328__le16_to_cpu(ev->peer_id),4329!!(ev->flags & HTT_SECURITY_IS_UNICAST),4330MS(ev->flags, HTT_SECURITY_TYPE));4331complete(&ar->install_key_done);4332break;4333}4334case HTT_T2H_MSG_TYPE_RX_FRAG_IND: {4335ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",4336skb->data, skb->len);4337atomic_inc(&htt->num_mpdus_ready);43384339return ath10k_htt_rx_proc_rx_frag_ind(htt,4340&resp->rx_frag_ind,4341skb);4342}4343case HTT_T2H_MSG_TYPE_TEST:4344break;4345case HTT_T2H_MSG_TYPE_STATS_CONF:4346trace_ath10k_htt_stats(ar, skb->data, skb->len);4347break;4348case HTT_T2H_MSG_TYPE_TX_INSPECT_IND:4349/* Firmware can return tx frames if it's unable to fully4350* process them and suspects host may be able to fix it. ath10k4351* sends all tx frames as already inspected so this shouldn't4352* happen unless fw has a bug.4353*/4354ath10k_warn(ar, "received an unexpected htt tx inspect event\n");4355break;4356case HTT_T2H_MSG_TYPE_RX_ADDBA:4357ath10k_htt_rx_addba(ar, resp);4358break;4359case HTT_T2H_MSG_TYPE_RX_DELBA:4360ath10k_htt_rx_delba(ar, resp);4361break;4362case HTT_T2H_MSG_TYPE_PKTLOG: {4363trace_ath10k_htt_pktlog(ar, resp->pktlog_msg.payload,4364skb->len -4365offsetof(struct htt_resp,4366pktlog_msg.payload));43674368if (ath10k_peer_stats_enabled(ar))4369ath10k_fetch_10_2_tx_stats(ar,4370resp->pktlog_msg.payload);4371break;4372}4373case HTT_T2H_MSG_TYPE_RX_FLUSH: {4374/* Ignore this event because mac80211 takes care of Rx4375* aggregation reordering.4376*/4377break;4378}4379case HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND: {4380skb_queue_tail(&htt->rx_in_ord_compl_q, skb);4381return false;4382}4383case HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND: {4384struct ath10k_htt *htt = &ar->htt;4385struct ath10k_htc *htc = &ar->htc;4386struct ath10k_htc_ep *ep = &ar->htc.endpoint[htt->eid];4387u32 msg_word = __le32_to_cpu(*(__le32 *)resp);4388int htt_credit_delta;43894390htt_credit_delta = HTT_TX_CREDIT_DELTA_ABS_GET(msg_word);4391if (HTT_TX_CREDIT_SIGN_BIT_GET(msg_word))4392htt_credit_delta = -htt_credit_delta;43934394ath10k_dbg(ar, ATH10K_DBG_HTT,4395"htt credit update delta %d\n",4396htt_credit_delta);43974398if (htt->disable_tx_comp) {4399spin_lock_bh(&htc->tx_lock);4400ep->tx_credits += htt_credit_delta;4401spin_unlock_bh(&htc->tx_lock);4402ath10k_dbg(ar, ATH10K_DBG_HTT,4403"htt credit total %d\n",4404ep->tx_credits);4405ep->ep_ops.ep_tx_credits(htc->ar);4406}4407break;4408}4409case HTT_T2H_MSG_TYPE_CHAN_CHANGE: {4410u32 phymode = __le32_to_cpu(resp->chan_change.phymode);4411u32 freq = __le32_to_cpu(resp->chan_change.freq);44124413ar->tgt_oper_chan = ieee80211_get_channel(ar->hw->wiphy, freq);4414ath10k_dbg(ar, ATH10K_DBG_HTT,4415"htt chan change freq %u phymode %s\n",4416freq, ath10k_wmi_phymode_str(phymode));4417break;4418}4419case HTT_T2H_MSG_TYPE_AGGR_CONF:4420break;4421case HTT_T2H_MSG_TYPE_TX_FETCH_IND: {4422struct sk_buff *tx_fetch_ind = skb_copy(skb, GFP_ATOMIC);44234424if (!tx_fetch_ind) {4425ath10k_warn(ar, "failed to copy htt tx fetch ind\n");4426break;4427}4428skb_queue_tail(&htt->tx_fetch_ind_q, tx_fetch_ind);4429break;4430}4431case HTT_T2H_MSG_TYPE_TX_FETCH_CONFIRM:4432ath10k_htt_rx_tx_fetch_confirm(ar, skb);4433break;4434case HTT_T2H_MSG_TYPE_TX_MODE_SWITCH_IND:4435ath10k_htt_rx_tx_mode_switch_ind(ar, skb);4436break;4437case HTT_T2H_MSG_TYPE_PEER_STATS:4438ath10k_htt_fetch_peer_stats(ar, skb);4439break;4440case HTT_T2H_MSG_TYPE_EN_STATS:4441default:4442ath10k_warn(ar, "htt event (%d) not handled\n",4443resp->hdr.msg_type);4444ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",4445skb->data, skb->len);4446break;4447}4448return true;4449}4450EXPORT_SYMBOL(ath10k_htt_t2h_msg_handler);44514452void ath10k_htt_rx_pktlog_completion_handler(struct ath10k *ar,4453struct sk_buff *skb)4454{4455trace_ath10k_htt_pktlog(ar, skb->data, skb->len);4456dev_kfree_skb_any(skb);4457}4458EXPORT_SYMBOL(ath10k_htt_rx_pktlog_completion_handler);44594460static int ath10k_htt_rx_deliver_msdu(struct ath10k *ar, int quota, int budget)4461{4462struct sk_buff *skb;44634464while (quota < budget) {4465if (skb_queue_empty(&ar->htt.rx_msdus_q))4466break;44674468skb = skb_dequeue(&ar->htt.rx_msdus_q);4469if (!skb)4470break;4471ath10k_process_rx(ar, skb);4472quota++;4473}44744475return quota;4476}44774478int ath10k_htt_rx_hl_indication(struct ath10k *ar, int budget)4479{4480struct htt_resp *resp;4481struct ath10k_htt *htt = &ar->htt;4482struct sk_buff *skb;4483bool release;4484int quota;44854486for (quota = 0; quota < budget; quota++) {4487skb = skb_dequeue(&htt->rx_indication_head);4488if (!skb)4489break;44904491resp = (struct htt_resp *)skb->data;44924493release = ath10k_htt_rx_proc_rx_ind_hl(htt,4494&resp->rx_ind_hl,4495skb,4496HTT_RX_PN_CHECK,4497HTT_RX_NON_TKIP_MIC);44984499if (release)4500dev_kfree_skb_any(skb);45014502ath10k_dbg(ar, ATH10K_DBG_HTT, "rx indication poll pending count:%d\n",4503skb_queue_len(&htt->rx_indication_head));4504}4505return quota;4506}4507EXPORT_SYMBOL(ath10k_htt_rx_hl_indication);45084509int ath10k_htt_txrx_compl_task(struct ath10k *ar, int budget)4510{4511struct ath10k_htt *htt = &ar->htt;4512struct htt_tx_done tx_done = {};4513struct sk_buff_head tx_ind_q;4514struct sk_buff *skb;4515unsigned long flags;4516int quota = 0, done, ret;4517bool resched_napi = false;45184519__skb_queue_head_init(&tx_ind_q);45204521/* Process pending frames before dequeuing more data4522* from hardware.4523*/4524quota = ath10k_htt_rx_deliver_msdu(ar, quota, budget);4525if (quota == budget) {4526resched_napi = true;4527goto exit;4528}45294530while ((skb = skb_dequeue(&htt->rx_in_ord_compl_q))) {4531spin_lock_bh(&htt->rx_ring.lock);4532ret = ath10k_htt_rx_in_ord_ind(ar, skb);4533spin_unlock_bh(&htt->rx_ring.lock);45344535dev_kfree_skb_any(skb);4536if (ret == -EIO) {4537resched_napi = true;4538goto exit;4539}4540}45414542while (atomic_read(&htt->num_mpdus_ready)) {4543ret = ath10k_htt_rx_handle_amsdu(htt);4544if (ret == -EIO) {4545resched_napi = true;4546goto exit;4547}4548atomic_dec(&htt->num_mpdus_ready);4549}45504551/* Deliver received data after processing data from hardware */4552quota = ath10k_htt_rx_deliver_msdu(ar, quota, budget);45534554/* From NAPI documentation:4555* The napi poll() function may also process TX completions, in which4556* case if it processes the entire TX ring then it should count that4557* work as the rest of the budget.4558*/4559if ((quota < budget) && !kfifo_is_empty(&htt->txdone_fifo))4560quota = budget;45614562/* kfifo_get: called only within txrx_tasklet so it's neatly serialized.4563* From kfifo_get() documentation:4564* Note that with only one concurrent reader and one concurrent writer,4565* you don't need extra locking to use these macro.4566*/4567while (kfifo_get(&htt->txdone_fifo, &tx_done))4568ath10k_txrx_tx_unref(htt, &tx_done);45694570ath10k_mac_tx_push_pending(ar);45714572spin_lock_irqsave(&htt->tx_fetch_ind_q.lock, flags);4573skb_queue_splice_init(&htt->tx_fetch_ind_q, &tx_ind_q);4574spin_unlock_irqrestore(&htt->tx_fetch_ind_q.lock, flags);45754576while ((skb = __skb_dequeue(&tx_ind_q))) {4577ath10k_htt_rx_tx_fetch_ind(ar, skb);4578dev_kfree_skb_any(skb);4579}45804581exit:4582ath10k_htt_rx_msdu_buff_replenish(htt);4583/* In case of rx failure or more data to read, report budget4584* to reschedule NAPI poll4585*/4586done = resched_napi ? budget : quota;45874588return done;4589}4590EXPORT_SYMBOL(ath10k_htt_txrx_compl_task);45914592static const struct ath10k_htt_rx_ops htt_rx_ops_32 = {4593.htt_get_rx_ring_size = ath10k_htt_get_rx_ring_size_32,4594.htt_config_paddrs_ring = ath10k_htt_config_paddrs_ring_32,4595.htt_set_paddrs_ring = ath10k_htt_set_paddrs_ring_32,4596.htt_get_vaddr_ring = ath10k_htt_get_vaddr_ring_32,4597.htt_reset_paddrs_ring = ath10k_htt_reset_paddrs_ring_32,4598};45994600static const struct ath10k_htt_rx_ops htt_rx_ops_64 = {4601.htt_get_rx_ring_size = ath10k_htt_get_rx_ring_size_64,4602.htt_config_paddrs_ring = ath10k_htt_config_paddrs_ring_64,4603.htt_set_paddrs_ring = ath10k_htt_set_paddrs_ring_64,4604.htt_get_vaddr_ring = ath10k_htt_get_vaddr_ring_64,4605.htt_reset_paddrs_ring = ath10k_htt_reset_paddrs_ring_64,4606};46074608static const struct ath10k_htt_rx_ops htt_rx_ops_hl = {4609.htt_rx_proc_rx_frag_ind = ath10k_htt_rx_proc_rx_frag_ind_hl,4610};46114612void ath10k_htt_set_rx_ops(struct ath10k_htt *htt)4613{4614struct ath10k *ar = htt->ar;46154616if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL)4617htt->rx_ops = &htt_rx_ops_hl;4618else if (ar->hw_params.target_64bit)4619htt->rx_ops = &htt_rx_ops_64;4620else4621htt->rx_ops = &htt_rx_ops_32;4622}462346244625