2 * Copyright (c) 2005-2011 Atheros Communications Inc.
3 * Copyright (c) 2011-2013 Qualcomm Atheros, Inc.
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <linux/log2.h>
28 #define HTT_RX_RING_SIZE HTT_RX_RING_SIZE_MAX
29 #define HTT_RX_RING_FILL_LEVEL (((HTT_RX_RING_SIZE) / 2) - 1)
31 /* when under memory pressure rx ring refill may fail and needs a retry */
32 #define HTT_RX_RING_REFILL_RETRY_MS 50
34 static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb);
35 static void ath10k_htt_txrx_compl_task(unsigned long ptr);
37 static struct sk_buff *
38 ath10k_htt_rx_find_skb_paddr(struct ath10k *ar, u32 paddr)
40 struct ath10k_skb_rxcb *rxcb;
42 hash_for_each_possible(ar->htt.rx_ring.skb_table, rxcb, hlist, paddr)
43 if (rxcb->paddr == paddr)
44 return ATH10K_RXCB_SKB(rxcb);
50 static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt)
53 struct ath10k_skb_rxcb *rxcb;
57 if (htt->rx_ring.in_ord_rx) {
58 hash_for_each_safe(htt->rx_ring.skb_table, i, n, rxcb, hlist) {
59 skb = ATH10K_RXCB_SKB(rxcb);
60 dma_unmap_single(htt->ar->dev, rxcb->paddr,
61 skb->len + skb_tailroom(skb),
63 hash_del(&rxcb->hlist);
64 dev_kfree_skb_any(skb);
67 for (i = 0; i < htt->rx_ring.size; i++) {
68 skb = htt->rx_ring.netbufs_ring[i];
72 rxcb = ATH10K_SKB_RXCB(skb);
73 dma_unmap_single(htt->ar->dev, rxcb->paddr,
74 skb->len + skb_tailroom(skb),
76 dev_kfree_skb_any(skb);
80 htt->rx_ring.fill_cnt = 0;
81 hash_init(htt->rx_ring.skb_table);
82 memset(htt->rx_ring.netbufs_ring, 0,
83 htt->rx_ring.size * sizeof(htt->rx_ring.netbufs_ring[0]));
86 static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)
88 struct htt_rx_desc *rx_desc;
89 struct ath10k_skb_rxcb *rxcb;
94 /* The Full Rx Reorder firmware has no way of telling the host
95 * implicitly when it copied HTT Rx Ring buffers to MAC Rx Ring.
96 * To keep things simple make sure ring is always half empty. This
97 * guarantees there'll be no replenishment overruns possible.
99 BUILD_BUG_ON(HTT_RX_RING_FILL_LEVEL >= HTT_RX_RING_SIZE / 2);
101 idx = __le32_to_cpu(*htt->rx_ring.alloc_idx.vaddr);
103 if (idx < 0 || idx >= htt->rx_ring.size) {
104 ath10k_err(htt->ar, "rx ring index is not valid, firmware malfunctioning?\n");
105 idx &= htt->rx_ring.size_mask;
111 skb = dev_alloc_skb(HTT_RX_BUF_SIZE + HTT_RX_DESC_ALIGN);
117 if (!IS_ALIGNED((unsigned long)skb->data, HTT_RX_DESC_ALIGN))
119 PTR_ALIGN(skb->data, HTT_RX_DESC_ALIGN) -
122 /* Clear rx_desc attention word before posting to Rx ring */
123 rx_desc = (struct htt_rx_desc *)skb->data;
124 rx_desc->attention.flags = __cpu_to_le32(0);
126 paddr = dma_map_single(htt->ar->dev, skb->data,
127 skb->len + skb_tailroom(skb),
130 if (unlikely(dma_mapping_error(htt->ar->dev, paddr))) {
131 dev_kfree_skb_any(skb);
136 rxcb = ATH10K_SKB_RXCB(skb);
138 htt->rx_ring.netbufs_ring[idx] = skb;
139 htt->rx_ring.paddrs_ring[idx] = __cpu_to_le32(paddr);
140 htt->rx_ring.fill_cnt++;
142 if (htt->rx_ring.in_ord_rx) {
143 hash_add(htt->rx_ring.skb_table,
144 &ATH10K_SKB_RXCB(skb)->hlist,
150 idx &= htt->rx_ring.size_mask;
155 * Make sure the rx buffer is updated before available buffer
156 * index to avoid any potential rx ring corruption.
159 *htt->rx_ring.alloc_idx.vaddr = __cpu_to_le32(idx);
163 static int ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num)
165 lockdep_assert_held(&htt->rx_ring.lock);
166 return __ath10k_htt_rx_ring_fill_n(htt, num);
169 static void ath10k_htt_rx_msdu_buff_replenish(struct ath10k_htt *htt)
171 int ret, num_deficit, num_to_fill;
173 /* Refilling the whole RX ring buffer proves to be a bad idea. The
174 * reason is RX may take up significant amount of CPU cycles and starve
175 * other tasks, e.g. TX on an ethernet device while acting as a bridge
176 * with ath10k wlan interface. This ended up with very poor performance
177 * once CPU the host system was overwhelmed with RX on ath10k.
179 * By limiting the number of refills the replenishing occurs
180 * progressively. This in turns makes use of the fact tasklets are
181 * processed in FIFO order. This means actual RX processing can starve
182 * out refilling. If there's not enough buffers on RX ring FW will not
183 * report RX until it is refilled with enough buffers. This
184 * automatically balances load wrt to CPU power.
186 * This probably comes at a cost of lower maximum throughput but
187 * improves the average and stability. */
188 spin_lock_bh(&htt->rx_ring.lock);
189 num_deficit = htt->rx_ring.fill_level - htt->rx_ring.fill_cnt;
190 num_to_fill = min(ATH10K_HTT_MAX_NUM_REFILL, num_deficit);
191 num_deficit -= num_to_fill;
192 ret = ath10k_htt_rx_ring_fill_n(htt, num_to_fill);
193 if (ret == -ENOMEM) {
195 * Failed to fill it to the desired level -
196 * we'll start a timer and try again next time.
197 * As long as enough buffers are left in the ring for
198 * another A-MPDU rx, no special recovery is needed.
200 mod_timer(&htt->rx_ring.refill_retry_timer, jiffies +
201 msecs_to_jiffies(HTT_RX_RING_REFILL_RETRY_MS));
202 } else if (num_deficit > 0) {
203 tasklet_schedule(&htt->rx_replenish_task);
205 spin_unlock_bh(&htt->rx_ring.lock);
208 static void ath10k_htt_rx_ring_refill_retry(unsigned long arg)
210 struct ath10k_htt *htt = (struct ath10k_htt *)arg;
212 ath10k_htt_rx_msdu_buff_replenish(htt);
215 int ath10k_htt_rx_ring_refill(struct ath10k *ar)
217 struct ath10k_htt *htt = &ar->htt;
220 spin_lock_bh(&htt->rx_ring.lock);
221 ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level -
222 htt->rx_ring.fill_cnt));
225 ath10k_htt_rx_ring_free(htt);
227 spin_unlock_bh(&htt->rx_ring.lock);
232 void ath10k_htt_rx_free(struct ath10k_htt *htt)
234 del_timer_sync(&htt->rx_ring.refill_retry_timer);
235 tasklet_kill(&htt->rx_replenish_task);
236 tasklet_kill(&htt->txrx_compl_task);
238 skb_queue_purge(&htt->tx_compl_q);
239 skb_queue_purge(&htt->rx_compl_q);
240 skb_queue_purge(&htt->rx_in_ord_compl_q);
242 spin_lock_bh(&htt->rx_ring.lock);
243 ath10k_htt_rx_ring_free(htt);
244 spin_unlock_bh(&htt->rx_ring.lock);
246 dma_free_coherent(htt->ar->dev,
248 sizeof(htt->rx_ring.paddrs_ring)),
249 htt->rx_ring.paddrs_ring,
250 htt->rx_ring.base_paddr);
252 dma_free_coherent(htt->ar->dev,
253 sizeof(*htt->rx_ring.alloc_idx.vaddr),
254 htt->rx_ring.alloc_idx.vaddr,
255 htt->rx_ring.alloc_idx.paddr);
257 kfree(htt->rx_ring.netbufs_ring);
260 static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt)
262 struct ath10k *ar = htt->ar;
264 struct sk_buff *msdu;
266 lockdep_assert_held(&htt->rx_ring.lock);
268 if (htt->rx_ring.fill_cnt == 0) {
269 ath10k_warn(ar, "tried to pop sk_buff from an empty rx ring\n");
273 idx = htt->rx_ring.sw_rd_idx.msdu_payld;
274 msdu = htt->rx_ring.netbufs_ring[idx];
275 htt->rx_ring.netbufs_ring[idx] = NULL;
276 htt->rx_ring.paddrs_ring[idx] = 0;
279 idx &= htt->rx_ring.size_mask;
280 htt->rx_ring.sw_rd_idx.msdu_payld = idx;
281 htt->rx_ring.fill_cnt--;
283 dma_unmap_single(htt->ar->dev,
284 ATH10K_SKB_RXCB(msdu)->paddr,
285 msdu->len + skb_tailroom(msdu),
287 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",
288 msdu->data, msdu->len + skb_tailroom(msdu));
293 /* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */
294 static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt,
295 u8 **fw_desc, int *fw_desc_len,
296 struct sk_buff_head *amsdu)
298 struct ath10k *ar = htt->ar;
299 int msdu_len, msdu_chaining = 0;
300 struct sk_buff *msdu;
301 struct htt_rx_desc *rx_desc;
303 lockdep_assert_held(&htt->rx_ring.lock);
306 int last_msdu, msdu_len_invalid, msdu_chained;
308 msdu = ath10k_htt_rx_netbuf_pop(htt);
310 __skb_queue_purge(amsdu);
314 __skb_queue_tail(amsdu, msdu);
316 rx_desc = (struct htt_rx_desc *)msdu->data;
318 /* FIXME: we must report msdu payload since this is what caller
320 skb_put(msdu, offsetof(struct htt_rx_desc, msdu_payload));
321 skb_pull(msdu, offsetof(struct htt_rx_desc, msdu_payload));
324 * Sanity check - confirm the HW is finished filling in the
326 * If the HW and SW are working correctly, then it's guaranteed
327 * that the HW's MAC DMA is done before this point in the SW.
328 * To prevent the case that we handle a stale Rx descriptor,
329 * just assert for now until we have a way to recover.
331 if (!(__le32_to_cpu(rx_desc->attention.flags)
332 & RX_ATTENTION_FLAGS_MSDU_DONE)) {
333 __skb_queue_purge(amsdu);
338 * Copy the FW rx descriptor for this MSDU from the rx
339 * indication message into the MSDU's netbuf. HL uses the
340 * same rx indication message definition as LL, and simply
341 * appends new info (fields from the HW rx desc, and the
342 * MSDU payload itself). So, the offset into the rx
343 * indication message only has to account for the standard
344 * offset of the per-MSDU FW rx desc info within the
345 * message, and how many bytes of the per-MSDU FW rx desc
346 * info have already been consumed. (And the endianness of
347 * the host, since for a big-endian host, the rx ind
348 * message contents, including the per-MSDU rx desc bytes,
349 * were byteswapped during upload.)
351 if (*fw_desc_len > 0) {
352 rx_desc->fw_desc.info0 = **fw_desc;
354 * The target is expected to only provide the basic
355 * per-MSDU rx descriptors. Just to be sure, verify
356 * that the target has not attached extension data
357 * (e.g. LRO flow ID).
360 /* or more, if there's extension data */
365 * When an oversized AMSDU happened, FW will lost
366 * some of MSDU status - in this case, the FW
367 * descriptors provided will be less than the
368 * actual MSDUs inside this MPDU. Mark the FW
369 * descriptors so that it will still deliver to
370 * upper stack, if no CRC error for this MPDU.
372 * FIX THIS - the FW descriptors are actually for
373 * MSDUs in the end of this A-MSDU instead of the
376 rx_desc->fw_desc.info0 = 0;
379 msdu_len_invalid = !!(__le32_to_cpu(rx_desc->attention.flags)
380 & (RX_ATTENTION_FLAGS_MPDU_LENGTH_ERR |
381 RX_ATTENTION_FLAGS_MSDU_LENGTH_ERR));
382 msdu_len = MS(__le32_to_cpu(rx_desc->msdu_start.common.info0),
383 RX_MSDU_START_INFO0_MSDU_LENGTH);
384 msdu_chained = rx_desc->frag_info.ring2_more_count;
386 if (msdu_len_invalid)
390 skb_put(msdu, min(msdu_len, HTT_RX_MSDU_SIZE));
391 msdu_len -= msdu->len;
393 /* Note: Chained buffers do not contain rx descriptor */
394 while (msdu_chained--) {
395 msdu = ath10k_htt_rx_netbuf_pop(htt);
397 __skb_queue_purge(amsdu);
401 __skb_queue_tail(amsdu, msdu);
403 skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE));
404 msdu_len -= msdu->len;
408 last_msdu = __le32_to_cpu(rx_desc->msdu_end.common.info0) &
409 RX_MSDU_END_INFO0_LAST_MSDU;
411 trace_ath10k_htt_rx_desc(ar, &rx_desc->attention,
412 sizeof(*rx_desc) - sizeof(u32));
418 if (skb_queue_empty(amsdu))
422 * Don't refill the ring yet.
424 * First, the elements popped here are still in use - it is not
425 * safe to overwrite them until the matching call to
426 * mpdu_desc_list_next. Second, for efficiency it is preferable to
427 * refill the rx ring with 1 PPDU's worth of rx buffers (something
428 * like 32 x 3 buffers), rather than one MPDU's worth of rx buffers
429 * (something like 3 buffers). Consequently, we'll rely on the txrx
430 * SW to tell us when it is done pulling all the PPDU's rx buffers
431 * out of the rx ring, and then refill it just once.
434 return msdu_chaining;
437 static void ath10k_htt_rx_replenish_task(unsigned long ptr)
439 struct ath10k_htt *htt = (struct ath10k_htt *)ptr;
441 ath10k_htt_rx_msdu_buff_replenish(htt);
444 static struct sk_buff *ath10k_htt_rx_pop_paddr(struct ath10k_htt *htt,
447 struct ath10k *ar = htt->ar;
448 struct ath10k_skb_rxcb *rxcb;
449 struct sk_buff *msdu;
451 lockdep_assert_held(&htt->rx_ring.lock);
453 msdu = ath10k_htt_rx_find_skb_paddr(ar, paddr);
457 rxcb = ATH10K_SKB_RXCB(msdu);
458 hash_del(&rxcb->hlist);
459 htt->rx_ring.fill_cnt--;
461 dma_unmap_single(htt->ar->dev, rxcb->paddr,
462 msdu->len + skb_tailroom(msdu),
464 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ",
465 msdu->data, msdu->len + skb_tailroom(msdu));
470 static int ath10k_htt_rx_pop_paddr_list(struct ath10k_htt *htt,
471 struct htt_rx_in_ord_ind *ev,
472 struct sk_buff_head *list)
474 struct ath10k *ar = htt->ar;
475 struct htt_rx_in_ord_msdu_desc *msdu_desc = ev->msdu_descs;
476 struct htt_rx_desc *rxd;
477 struct sk_buff *msdu;
482 lockdep_assert_held(&htt->rx_ring.lock);
484 msdu_count = __le16_to_cpu(ev->msdu_count);
485 is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);
487 while (msdu_count--) {
488 paddr = __le32_to_cpu(msdu_desc->msdu_paddr);
490 msdu = ath10k_htt_rx_pop_paddr(htt, paddr);
492 __skb_queue_purge(list);
496 __skb_queue_tail(list, msdu);
499 rxd = (void *)msdu->data;
501 trace_ath10k_htt_rx_desc(ar, rxd, sizeof(*rxd));
503 skb_put(msdu, sizeof(*rxd));
504 skb_pull(msdu, sizeof(*rxd));
505 skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len));
507 if (!(__le32_to_cpu(rxd->attention.flags) &
508 RX_ATTENTION_FLAGS_MSDU_DONE)) {
509 ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n");
520 int ath10k_htt_rx_alloc(struct ath10k_htt *htt)
522 struct ath10k *ar = htt->ar;
526 struct timer_list *timer = &htt->rx_ring.refill_retry_timer;
528 htt->rx_confused = false;
530 /* XXX: The fill level could be changed during runtime in response to
531 * the host processing latency. Is this really worth it?
533 htt->rx_ring.size = HTT_RX_RING_SIZE;
534 htt->rx_ring.size_mask = htt->rx_ring.size - 1;
535 htt->rx_ring.fill_level = HTT_RX_RING_FILL_LEVEL;
537 if (!is_power_of_2(htt->rx_ring.size)) {
538 ath10k_warn(ar, "htt rx ring size is not power of 2\n");
542 htt->rx_ring.netbufs_ring =
543 kzalloc(htt->rx_ring.size * sizeof(struct sk_buff *),
545 if (!htt->rx_ring.netbufs_ring)
548 size = htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring);
550 vaddr = dma_alloc_coherent(htt->ar->dev, size, &paddr, GFP_DMA);
554 htt->rx_ring.paddrs_ring = vaddr;
555 htt->rx_ring.base_paddr = paddr;
557 vaddr = dma_alloc_coherent(htt->ar->dev,
558 sizeof(*htt->rx_ring.alloc_idx.vaddr),
563 htt->rx_ring.alloc_idx.vaddr = vaddr;
564 htt->rx_ring.alloc_idx.paddr = paddr;
565 htt->rx_ring.sw_rd_idx.msdu_payld = htt->rx_ring.size_mask;
566 *htt->rx_ring.alloc_idx.vaddr = 0;
568 /* Initialize the Rx refill retry timer */
569 setup_timer(timer, ath10k_htt_rx_ring_refill_retry, (unsigned long)htt);
571 spin_lock_init(&htt->rx_ring.lock);
573 htt->rx_ring.fill_cnt = 0;
574 htt->rx_ring.sw_rd_idx.msdu_payld = 0;
575 hash_init(htt->rx_ring.skb_table);
577 tasklet_init(&htt->rx_replenish_task, ath10k_htt_rx_replenish_task,
580 skb_queue_head_init(&htt->tx_compl_q);
581 skb_queue_head_init(&htt->rx_compl_q);
582 skb_queue_head_init(&htt->rx_in_ord_compl_q);
584 tasklet_init(&htt->txrx_compl_task, ath10k_htt_txrx_compl_task,
587 ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n",
588 htt->rx_ring.size, htt->rx_ring.fill_level);
592 dma_free_coherent(htt->ar->dev,
594 sizeof(htt->rx_ring.paddrs_ring)),
595 htt->rx_ring.paddrs_ring,
596 htt->rx_ring.base_paddr);
598 kfree(htt->rx_ring.netbufs_ring);
603 static int ath10k_htt_rx_crypto_param_len(struct ath10k *ar,
604 enum htt_rx_mpdu_encrypt_type type)
607 case HTT_RX_MPDU_ENCRYPT_NONE:
609 case HTT_RX_MPDU_ENCRYPT_WEP40:
610 case HTT_RX_MPDU_ENCRYPT_WEP104:
611 return IEEE80211_WEP_IV_LEN;
612 case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:
613 case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:
614 return IEEE80211_TKIP_IV_LEN;
615 case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:
616 return IEEE80211_CCMP_HDR_LEN;
617 case HTT_RX_MPDU_ENCRYPT_WEP128:
618 case HTT_RX_MPDU_ENCRYPT_WAPI:
622 ath10k_warn(ar, "unsupported encryption type %d\n", type);
626 #define MICHAEL_MIC_LEN 8
628 static int ath10k_htt_rx_crypto_tail_len(struct ath10k *ar,
629 enum htt_rx_mpdu_encrypt_type type)
632 case HTT_RX_MPDU_ENCRYPT_NONE:
634 case HTT_RX_MPDU_ENCRYPT_WEP40:
635 case HTT_RX_MPDU_ENCRYPT_WEP104:
636 return IEEE80211_WEP_ICV_LEN;
637 case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC:
638 case HTT_RX_MPDU_ENCRYPT_TKIP_WPA:
639 return IEEE80211_TKIP_ICV_LEN;
640 case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2:
641 return IEEE80211_CCMP_MIC_LEN;
642 case HTT_RX_MPDU_ENCRYPT_WEP128:
643 case HTT_RX_MPDU_ENCRYPT_WAPI:
647 ath10k_warn(ar, "unsupported encryption type %d\n", type);
651 struct amsdu_subframe_hdr {
657 #define GROUP_ID_IS_SU_MIMO(x) ((x) == 0 || (x) == 63)
659 static void ath10k_htt_rx_h_rates(struct ath10k *ar,
660 struct ieee80211_rx_status *status,
661 struct htt_rx_desc *rxd)
663 struct ieee80211_supported_band *sband;
664 u8 cck, rate, bw, sgi, mcs, nss;
667 u32 info1, info2, info3;
670 info1 = __le32_to_cpu(rxd->ppdu_start.info1);
671 info2 = __le32_to_cpu(rxd->ppdu_start.info2);
672 info3 = __le32_to_cpu(rxd->ppdu_start.info3);
674 preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE);
678 /* To get legacy rate index band is required. Since band can't
679 * be undefined check if freq is non-zero.
684 cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT;
685 rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE);
686 rate &= ~RX_PPDU_START_RATE_FLAG;
688 sband = &ar->mac.sbands[status->band];
689 status->rate_idx = ath10k_mac_hw_rate_to_idx(sband, rate);
692 case HTT_RX_HT_WITH_TXBF:
693 /* HT-SIG - Table 20-11 in info2 and info3 */
696 bw = (info2 >> 7) & 1;
697 sgi = (info3 >> 7) & 1;
699 status->rate_idx = mcs;
700 status->flag |= RX_FLAG_HT;
702 status->flag |= RX_FLAG_SHORT_GI;
704 status->flag |= RX_FLAG_40MHZ;
707 case HTT_RX_VHT_WITH_TXBF:
708 /* VHT-SIG-A1 in info2, VHT-SIG-A2 in info3
712 stbc = (info2 >> 3) & 1;
713 group_id = (info2 >> 4) & 0x3F;
715 if (GROUP_ID_IS_SU_MIMO(group_id)) {
716 mcs = (info3 >> 4) & 0x0F;
717 nsts_su = ((info2 >> 10) & 0x07);
719 nss = (nsts_su >> 2) + 1;
723 /* Hardware doesn't decode VHT-SIG-B into Rx descriptor
724 * so it's impossible to decode MCS. Also since
725 * firmware consumes Group Id Management frames host
726 * has no knowledge regarding group/user position
727 * mapping so it's impossible to pick the correct Nsts
730 * Bandwidth and SGI are valid so report the rateinfo
731 * on best-effort basis.
738 ath10k_warn(ar, "invalid MCS received %u\n", mcs);
739 ath10k_warn(ar, "rxd %08x mpdu start %08x %08x msdu start %08x %08x ppdu start %08x %08x %08x %08x %08x\n",
740 __le32_to_cpu(rxd->attention.flags),
741 __le32_to_cpu(rxd->mpdu_start.info0),
742 __le32_to_cpu(rxd->mpdu_start.info1),
743 __le32_to_cpu(rxd->msdu_start.common.info0),
744 __le32_to_cpu(rxd->msdu_start.common.info1),
745 rxd->ppdu_start.info0,
746 __le32_to_cpu(rxd->ppdu_start.info1),
747 __le32_to_cpu(rxd->ppdu_start.info2),
748 __le32_to_cpu(rxd->ppdu_start.info3),
749 __le32_to_cpu(rxd->ppdu_start.info4));
751 ath10k_warn(ar, "msdu end %08x mpdu end %08x\n",
752 __le32_to_cpu(rxd->msdu_end.common.info0),
753 __le32_to_cpu(rxd->mpdu_end.info0));
755 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL,
756 "rx desc msdu payload: ",
757 rxd->msdu_payload, 50);
760 status->rate_idx = mcs;
761 status->vht_nss = nss;
764 status->flag |= RX_FLAG_SHORT_GI;
772 status->flag |= RX_FLAG_40MHZ;
776 status->vht_flag |= RX_VHT_FLAG_80MHZ;
779 status->flag |= RX_FLAG_VHT;
786 static struct ieee80211_channel *
787 ath10k_htt_rx_h_peer_channel(struct ath10k *ar, struct htt_rx_desc *rxd)
789 struct ath10k_peer *peer;
790 struct ath10k_vif *arvif;
791 struct cfg80211_chan_def def;
794 lockdep_assert_held(&ar->data_lock);
799 if (rxd->attention.flags &
800 __cpu_to_le32(RX_ATTENTION_FLAGS_PEER_IDX_INVALID))
803 if (!(rxd->msdu_end.common.info0 &
804 __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)))
807 peer_id = MS(__le32_to_cpu(rxd->mpdu_start.info0),
808 RX_MPDU_START_INFO0_PEER_IDX);
810 peer = ath10k_peer_find_by_id(ar, peer_id);
814 arvif = ath10k_get_arvif(ar, peer->vdev_id);
815 if (WARN_ON_ONCE(!arvif))
818 if (WARN_ON(ath10k_mac_vif_chan(arvif->vif, &def)))
824 static struct ieee80211_channel *
825 ath10k_htt_rx_h_vdev_channel(struct ath10k *ar, u32 vdev_id)
827 struct ath10k_vif *arvif;
828 struct cfg80211_chan_def def;
830 lockdep_assert_held(&ar->data_lock);
832 list_for_each_entry(arvif, &ar->arvifs, list) {
833 if (arvif->vdev_id == vdev_id &&
834 ath10k_mac_vif_chan(arvif->vif, &def) == 0)
842 ath10k_htt_rx_h_any_chan_iter(struct ieee80211_hw *hw,
843 struct ieee80211_chanctx_conf *conf,
846 struct cfg80211_chan_def *def = data;
851 static struct ieee80211_channel *
852 ath10k_htt_rx_h_any_channel(struct ath10k *ar)
854 struct cfg80211_chan_def def = {};
856 ieee80211_iter_chan_contexts_atomic(ar->hw,
857 ath10k_htt_rx_h_any_chan_iter,
863 static bool ath10k_htt_rx_h_channel(struct ath10k *ar,
864 struct ieee80211_rx_status *status,
865 struct htt_rx_desc *rxd,
868 struct ieee80211_channel *ch;
870 spin_lock_bh(&ar->data_lock);
871 ch = ar->scan_channel;
875 ch = ath10k_htt_rx_h_peer_channel(ar, rxd);
877 ch = ath10k_htt_rx_h_vdev_channel(ar, vdev_id);
879 ch = ath10k_htt_rx_h_any_channel(ar);
880 spin_unlock_bh(&ar->data_lock);
885 status->band = ch->band;
886 status->freq = ch->center_freq;
891 static void ath10k_htt_rx_h_signal(struct ath10k *ar,
892 struct ieee80211_rx_status *status,
893 struct htt_rx_desc *rxd)
895 /* FIXME: Get real NF */
896 status->signal = ATH10K_DEFAULT_NOISE_FLOOR +
897 rxd->ppdu_start.rssi_comb;
898 status->flag &= ~RX_FLAG_NO_SIGNAL_VAL;
901 static void ath10k_htt_rx_h_mactime(struct ath10k *ar,
902 struct ieee80211_rx_status *status,
903 struct htt_rx_desc *rxd)
905 /* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This
906 * means all prior MSDUs in a PPDU are reported to mac80211 without the
907 * TSF. Is it worth holding frames until end of PPDU is known?
909 * FIXME: Can we get/compute 64bit TSF?
911 status->mactime = __le32_to_cpu(rxd->ppdu_end.common.tsf_timestamp);
912 status->flag |= RX_FLAG_MACTIME_END;
915 static void ath10k_htt_rx_h_ppdu(struct ath10k *ar,
916 struct sk_buff_head *amsdu,
917 struct ieee80211_rx_status *status,
920 struct sk_buff *first;
921 struct htt_rx_desc *rxd;
925 if (skb_queue_empty(amsdu))
928 first = skb_peek(amsdu);
929 rxd = (void *)first->data - sizeof(*rxd);
931 is_first_ppdu = !!(rxd->attention.flags &
932 __cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU));
933 is_last_ppdu = !!(rxd->attention.flags &
934 __cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU));
937 /* New PPDU starts so clear out the old per-PPDU status. */
939 status->rate_idx = 0;
941 status->vht_flag &= ~RX_VHT_FLAG_80MHZ;
942 status->flag &= ~(RX_FLAG_HT |
946 RX_FLAG_MACTIME_END);
947 status->flag |= RX_FLAG_NO_SIGNAL_VAL;
949 ath10k_htt_rx_h_signal(ar, status, rxd);
950 ath10k_htt_rx_h_channel(ar, status, rxd, vdev_id);
951 ath10k_htt_rx_h_rates(ar, status, rxd);
955 ath10k_htt_rx_h_mactime(ar, status, rxd);
958 static const char * const tid_to_ac[] = {
969 static char *ath10k_get_tid(struct ieee80211_hdr *hdr, char *out, size_t size)
974 if (!ieee80211_is_data_qos(hdr->frame_control))
977 qc = ieee80211_get_qos_ctl(hdr);
978 tid = *qc & IEEE80211_QOS_CTL_TID_MASK;
980 snprintf(out, size, "tid %d (%s)", tid, tid_to_ac[tid]);
982 snprintf(out, size, "tid %d", tid);
987 static void ath10k_process_rx(struct ath10k *ar,
988 struct ieee80211_rx_status *rx_status,
991 struct ieee80211_rx_status *status;
992 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
995 status = IEEE80211_SKB_RXCB(skb);
996 *status = *rx_status;
998 ath10k_dbg(ar, ATH10K_DBG_DATA,
999 "rx skb %p len %u peer %pM %s %s sn %u %s%s%s%s%s %srate_idx %u vht_nss %u freq %u band %u flag 0x%llx fcs-err %i mic-err %i amsdu-more %i\n",
1002 ieee80211_get_SA(hdr),
1003 ath10k_get_tid(hdr, tid, sizeof(tid)),
1004 is_multicast_ether_addr(ieee80211_get_DA(hdr)) ?
1006 (__le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_SEQ) >> 4,
1007 status->flag == 0 ? "legacy" : "",
1008 status->flag & RX_FLAG_HT ? "ht" : "",
1009 status->flag & RX_FLAG_VHT ? "vht" : "",
1010 status->flag & RX_FLAG_40MHZ ? "40" : "",
1011 status->vht_flag & RX_VHT_FLAG_80MHZ ? "80" : "",
1012 status->flag & RX_FLAG_SHORT_GI ? "sgi " : "",
1016 status->band, status->flag,
1017 !!(status->flag & RX_FLAG_FAILED_FCS_CRC),
1018 !!(status->flag & RX_FLAG_MMIC_ERROR),
1019 !!(status->flag & RX_FLAG_AMSDU_MORE));
1020 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ",
1021 skb->data, skb->len);
1022 trace_ath10k_rx_hdr(ar, skb->data, skb->len);
1023 trace_ath10k_rx_payload(ar, skb->data, skb->len);
1025 ieee80211_rx(ar->hw, skb);
1028 static int ath10k_htt_rx_nwifi_hdrlen(struct ath10k *ar,
1029 struct ieee80211_hdr *hdr)
1031 int len = ieee80211_hdrlen(hdr->frame_control);
1033 if (!test_bit(ATH10K_FW_FEATURE_NO_NWIFI_DECAP_4ADDR_PADDING,
1035 len = round_up(len, 4);
1040 static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar,
1041 struct sk_buff *msdu,
1042 struct ieee80211_rx_status *status,
1043 enum htt_rx_mpdu_encrypt_type enctype,
1046 struct ieee80211_hdr *hdr;
1047 struct htt_rx_desc *rxd;
1053 rxd = (void *)msdu->data - sizeof(*rxd);
1054 is_first = !!(rxd->msdu_end.common.info0 &
1055 __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
1056 is_last = !!(rxd->msdu_end.common.info0 &
1057 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
1059 /* Delivered decapped frame:
1061 * [crypto param] <-- can be trimmed if !fcs_err &&
1062 * !decrypt_err && !peer_idx_invalid
1063 * [amsdu header] <-- only if A-MSDU
1066 * [FCS] <-- at end, needs to be trimmed
1069 /* This probably shouldn't happen but warn just in case */
1070 if (unlikely(WARN_ON_ONCE(!is_first)))
1073 /* This probably shouldn't happen but warn just in case */
1074 if (unlikely(WARN_ON_ONCE(!(is_first && is_last))))
1077 skb_trim(msdu, msdu->len - FCS_LEN);
1079 /* In most cases this will be true for sniffed frames. It makes sense
1080 * to deliver them as-is without stripping the crypto param. This is
1081 * necessary for software based decryption.
1083 * If there's no error then the frame is decrypted. At least that is
1084 * the case for frames that come in via fragmented rx indication.
1089 /* The payload is decrypted so strip crypto params. Start from tail
1090 * since hdr is used to compute some stuff.
1093 hdr = (void *)msdu->data;
1096 if (status->flag & RX_FLAG_IV_STRIPPED) {
1097 skb_trim(msdu, msdu->len -
1098 ath10k_htt_rx_crypto_tail_len(ar, enctype));
1101 if ((status->flag & RX_FLAG_MIC_STRIPPED) &&
1102 enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)
1103 skb_trim(msdu, msdu->len - 8);
1106 if (status->flag & RX_FLAG_ICV_STRIPPED &&
1107 enctype != HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2)
1108 skb_trim(msdu, msdu->len -
1109 ath10k_htt_rx_crypto_tail_len(ar, enctype));
1113 if (!ieee80211_has_morefrags(hdr->frame_control) &&
1114 enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA)
1115 skb_trim(msdu, msdu->len - 8);
1118 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1119 crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
1121 memmove((void *)msdu->data + crypto_len,
1122 (void *)msdu->data, hdr_len);
1123 skb_pull(msdu, crypto_len);
1126 static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar,
1127 struct sk_buff *msdu,
1128 struct ieee80211_rx_status *status,
1129 const u8 first_hdr[64],
1130 enum htt_rx_mpdu_encrypt_type enctype)
1132 struct ieee80211_hdr *hdr;
1136 int bytes_aligned = ar->hw_params.decap_align_bytes;
1138 /* Delivered decapped frame:
1139 * [nwifi 802.11 header] <-- replaced with 802.11 hdr
1142 * Note: The nwifi header doesn't have QoS Control and is
1143 * (always?) a 3addr frame.
1145 * Note2: There's no A-MSDU subframe header. Even if it's part
1149 /* pull decapped header and copy SA & DA */
1150 hdr = (struct ieee80211_hdr *)msdu->data;
1151 hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr);
1152 ether_addr_copy(da, ieee80211_get_DA(hdr));
1153 ether_addr_copy(sa, ieee80211_get_SA(hdr));
1154 skb_pull(msdu, hdr_len);
1156 /* push original 802.11 header */
1157 hdr = (struct ieee80211_hdr *)first_hdr;
1158 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1160 if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
1161 memcpy(skb_push(msdu,
1162 ath10k_htt_rx_crypto_param_len(ar, enctype)),
1163 (void *)hdr + round_up(hdr_len, bytes_aligned),
1164 ath10k_htt_rx_crypto_param_len(ar, enctype));
1167 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
1169 /* original 802.11 header has a different DA and in
1170 * case of 4addr it may also have different SA
1172 hdr = (struct ieee80211_hdr *)msdu->data;
1173 ether_addr_copy(ieee80211_get_DA(hdr), da);
1174 ether_addr_copy(ieee80211_get_SA(hdr), sa);
1177 static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar,
1178 struct sk_buff *msdu,
1179 enum htt_rx_mpdu_encrypt_type enctype)
1181 struct ieee80211_hdr *hdr;
1182 struct htt_rx_desc *rxd;
1183 size_t hdr_len, crypto_len;
1185 bool is_first, is_last, is_amsdu;
1186 int bytes_aligned = ar->hw_params.decap_align_bytes;
1188 rxd = (void *)msdu->data - sizeof(*rxd);
1189 hdr = (void *)rxd->rx_hdr_status;
1191 is_first = !!(rxd->msdu_end.common.info0 &
1192 __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU));
1193 is_last = !!(rxd->msdu_end.common.info0 &
1194 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU));
1195 is_amsdu = !(is_first && is_last);
1200 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1201 crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype);
1203 rfc1042 += round_up(hdr_len, bytes_aligned) +
1204 round_up(crypto_len, bytes_aligned);
1208 rfc1042 += sizeof(struct amsdu_subframe_hdr);
1213 static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar,
1214 struct sk_buff *msdu,
1215 struct ieee80211_rx_status *status,
1216 const u8 first_hdr[64],
1217 enum htt_rx_mpdu_encrypt_type enctype)
1219 struct ieee80211_hdr *hdr;
1225 int bytes_aligned = ar->hw_params.decap_align_bytes;
1227 /* Delivered decapped frame:
1228 * [eth header] <-- replaced with 802.11 hdr & rfc1042/llc
1232 rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype);
1233 if (WARN_ON_ONCE(!rfc1042))
1236 /* pull decapped header and copy SA & DA */
1237 eth = (struct ethhdr *)msdu->data;
1238 ether_addr_copy(da, eth->h_dest);
1239 ether_addr_copy(sa, eth->h_source);
1240 skb_pull(msdu, sizeof(struct ethhdr));
1242 /* push rfc1042/llc/snap */
1243 memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042,
1244 sizeof(struct rfc1042_hdr));
1246 /* push original 802.11 header */
1247 hdr = (struct ieee80211_hdr *)first_hdr;
1248 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1250 if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
1251 memcpy(skb_push(msdu,
1252 ath10k_htt_rx_crypto_param_len(ar, enctype)),
1253 (void *)hdr + round_up(hdr_len, bytes_aligned),
1254 ath10k_htt_rx_crypto_param_len(ar, enctype));
1257 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
1259 /* original 802.11 header has a different DA and in
1260 * case of 4addr it may also have different SA
1262 hdr = (struct ieee80211_hdr *)msdu->data;
1263 ether_addr_copy(ieee80211_get_DA(hdr), da);
1264 ether_addr_copy(ieee80211_get_SA(hdr), sa);
1267 static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar,
1268 struct sk_buff *msdu,
1269 struct ieee80211_rx_status *status,
1270 const u8 first_hdr[64],
1271 enum htt_rx_mpdu_encrypt_type enctype)
1273 struct ieee80211_hdr *hdr;
1275 int bytes_aligned = ar->hw_params.decap_align_bytes;
1277 /* Delivered decapped frame:
1278 * [amsdu header] <-- replaced with 802.11 hdr
1283 skb_pull(msdu, sizeof(struct amsdu_subframe_hdr));
1285 hdr = (struct ieee80211_hdr *)first_hdr;
1286 hdr_len = ieee80211_hdrlen(hdr->frame_control);
1288 if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
1289 memcpy(skb_push(msdu,
1290 ath10k_htt_rx_crypto_param_len(ar, enctype)),
1291 (void *)hdr + round_up(hdr_len, bytes_aligned),
1292 ath10k_htt_rx_crypto_param_len(ar, enctype));
1295 memcpy(skb_push(msdu, hdr_len), hdr, hdr_len);
1298 static void ath10k_htt_rx_h_undecap(struct ath10k *ar,
1299 struct sk_buff *msdu,
1300 struct ieee80211_rx_status *status,
1302 enum htt_rx_mpdu_encrypt_type enctype,
1305 struct htt_rx_desc *rxd;
1306 enum rx_msdu_decap_format decap;
1308 /* First msdu's decapped header:
1309 * [802.11 header] <-- padded to 4 bytes long
1310 * [crypto param] <-- padded to 4 bytes long
1311 * [amsdu header] <-- only if A-MSDU
1314 * Other (2nd, 3rd, ..) msdu's decapped header:
1315 * [amsdu header] <-- only if A-MSDU
1319 rxd = (void *)msdu->data - sizeof(*rxd);
1320 decap = MS(__le32_to_cpu(rxd->msdu_start.common.info1),
1321 RX_MSDU_START_INFO1_DECAP_FORMAT);
1324 case RX_MSDU_DECAP_RAW:
1325 ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype,
1328 case RX_MSDU_DECAP_NATIVE_WIFI:
1329 ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr,
1332 case RX_MSDU_DECAP_ETHERNET2_DIX:
1333 ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype);
1335 case RX_MSDU_DECAP_8023_SNAP_LLC:
1336 ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr,
1342 static int ath10k_htt_rx_get_csum_state(struct sk_buff *skb)
1344 struct htt_rx_desc *rxd;
1346 bool is_ip4, is_ip6;
1347 bool is_tcp, is_udp;
1348 bool ip_csum_ok, tcpudp_csum_ok;
1350 rxd = (void *)skb->data - sizeof(*rxd);
1351 flags = __le32_to_cpu(rxd->attention.flags);
1352 info = __le32_to_cpu(rxd->msdu_start.common.info1);
1354 is_ip4 = !!(info & RX_MSDU_START_INFO1_IPV4_PROTO);
1355 is_ip6 = !!(info & RX_MSDU_START_INFO1_IPV6_PROTO);
1356 is_tcp = !!(info & RX_MSDU_START_INFO1_TCP_PROTO);
1357 is_udp = !!(info & RX_MSDU_START_INFO1_UDP_PROTO);
1358 ip_csum_ok = !(flags & RX_ATTENTION_FLAGS_IP_CHKSUM_FAIL);
1359 tcpudp_csum_ok = !(flags & RX_ATTENTION_FLAGS_TCP_UDP_CHKSUM_FAIL);
1361 if (!is_ip4 && !is_ip6)
1362 return CHECKSUM_NONE;
1363 if (!is_tcp && !is_udp)
1364 return CHECKSUM_NONE;
1366 return CHECKSUM_NONE;
1367 if (!tcpudp_csum_ok)
1368 return CHECKSUM_NONE;
1370 return CHECKSUM_UNNECESSARY;
1373 static void ath10k_htt_rx_h_csum_offload(struct sk_buff *msdu)
1375 msdu->ip_summed = ath10k_htt_rx_get_csum_state(msdu);
1378 static void ath10k_htt_rx_h_mpdu(struct ath10k *ar,
1379 struct sk_buff_head *amsdu,
1380 struct ieee80211_rx_status *status,
1381 bool fill_crypt_header)
1383 struct sk_buff *first;
1384 struct sk_buff *last;
1385 struct sk_buff *msdu;
1386 struct htt_rx_desc *rxd;
1387 struct ieee80211_hdr *hdr;
1388 enum htt_rx_mpdu_encrypt_type enctype;
1392 bool has_crypto_err;
1394 bool has_peer_idx_invalid;
1398 if (skb_queue_empty(amsdu))
1401 first = skb_peek(amsdu);
1402 rxd = (void *)first->data - sizeof(*rxd);
1404 enctype = MS(__le32_to_cpu(rxd->mpdu_start.info0),
1405 RX_MPDU_START_INFO0_ENCRYPT_TYPE);
1407 /* First MSDU's Rx descriptor in an A-MSDU contains full 802.11
1408 * decapped header. It'll be used for undecapping of each MSDU.
1410 hdr = (void *)rxd->rx_hdr_status;
1411 memcpy(first_hdr, hdr, RX_HTT_HDR_STATUS_LEN);
1413 /* Each A-MSDU subframe will use the original header as the base and be
1414 * reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl.
1416 hdr = (void *)first_hdr;
1418 if (ieee80211_is_data_qos(hdr->frame_control)) {
1419 qos = ieee80211_get_qos_ctl(hdr);
1420 qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT;
1423 /* Some attention flags are valid only in the last MSDU. */
1424 last = skb_peek_tail(amsdu);
1425 rxd = (void *)last->data - sizeof(*rxd);
1426 attention = __le32_to_cpu(rxd->attention.flags);
1428 has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR);
1429 has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR);
1430 has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR);
1431 has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID);
1433 /* Note: If hardware captures an encrypted frame that it can't decrypt,
1434 * e.g. due to fcs error, missing peer or invalid key data it will
1435 * report the frame as raw.
1437 is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE &&
1440 !has_peer_idx_invalid);
1442 /* Clear per-MPDU flags while leaving per-PPDU flags intact. */
1443 status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |
1444 RX_FLAG_MMIC_ERROR |
1446 RX_FLAG_IV_STRIPPED |
1447 RX_FLAG_MMIC_STRIPPED);
1450 status->flag |= RX_FLAG_FAILED_FCS_CRC;
1453 status->flag |= RX_FLAG_MMIC_ERROR;
1456 status->flag |= RX_FLAG_DECRYPTED |
1457 RX_FLAG_MMIC_STRIPPED;
1459 if (fill_crypt_header)
1460 status->flag |= RX_FLAG_MIC_STRIPPED |
1461 RX_FLAG_ICV_STRIPPED;
1463 status->flag |= RX_FLAG_IV_STRIPPED;
1466 skb_queue_walk(amsdu, msdu) {
1467 ath10k_htt_rx_h_csum_offload(msdu);
1468 ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype,
1471 /* Undecapping involves copying the original 802.11 header back
1472 * to sk_buff. If frame is protected and hardware has decrypted
1473 * it then remove the protected bit.
1478 if (fill_crypt_header)
1481 hdr = (void *)msdu->data;
1482 hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
1486 static void ath10k_htt_rx_h_deliver(struct ath10k *ar,
1487 struct sk_buff_head *amsdu,
1488 struct ieee80211_rx_status *status)
1490 struct sk_buff *msdu;
1491 struct sk_buff *first_subframe;
1493 first_subframe = skb_peek(amsdu);
1495 while ((msdu = __skb_dequeue(amsdu))) {
1496 /* Setup per-MSDU flags */
1497 if (skb_queue_empty(amsdu))
1498 status->flag &= ~RX_FLAG_AMSDU_MORE;
1500 status->flag |= RX_FLAG_AMSDU_MORE;
1502 if (msdu == first_subframe) {
1503 first_subframe = NULL;
1504 status->flag &= ~RX_FLAG_ALLOW_SAME_PN;
1506 status->flag |= RX_FLAG_ALLOW_SAME_PN;
1509 ath10k_process_rx(ar, status, msdu);
1513 static int ath10k_unchain_msdu(struct sk_buff_head *amsdu)
1515 struct sk_buff *skb, *first;
1519 /* TODO: Might could optimize this by using
1520 * skb_try_coalesce or similar method to
1521 * decrease copying, or maybe get mac80211 to
1522 * provide a way to just receive a list of
1526 first = __skb_dequeue(amsdu);
1528 /* Allocate total length all at once. */
1529 skb_queue_walk(amsdu, skb)
1530 total_len += skb->len;
1532 space = total_len - skb_tailroom(first);
1534 (pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) {
1535 /* TODO: bump some rx-oom error stat */
1536 /* put it back together so we can free the
1537 * whole list at once.
1539 __skb_queue_head(amsdu, first);
1543 /* Walk list again, copying contents into
1546 while ((skb = __skb_dequeue(amsdu))) {
1547 skb_copy_from_linear_data(skb, skb_put(first, skb->len),
1549 dev_kfree_skb_any(skb);
1552 __skb_queue_head(amsdu, first);
1556 static void ath10k_htt_rx_h_unchain(struct ath10k *ar,
1557 struct sk_buff_head *amsdu,
1560 struct sk_buff *first;
1561 struct htt_rx_desc *rxd;
1562 enum rx_msdu_decap_format decap;
1564 first = skb_peek(amsdu);
1565 rxd = (void *)first->data - sizeof(*rxd);
1566 decap = MS(__le32_to_cpu(rxd->msdu_start.common.info1),
1567 RX_MSDU_START_INFO1_DECAP_FORMAT);
1572 /* FIXME: Current unchaining logic can only handle simple case of raw
1573 * msdu chaining. If decapping is other than raw the chaining may be
1574 * more complex and this isn't handled by the current code. Don't even
1575 * try re-constructing such frames - it'll be pretty much garbage.
1577 if (decap != RX_MSDU_DECAP_RAW ||
1578 skb_queue_len(amsdu) != 1 + rxd->frag_info.ring2_more_count) {
1579 __skb_queue_purge(amsdu);
1583 ath10k_unchain_msdu(amsdu);
1586 static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar,
1587 struct sk_buff_head *amsdu,
1588 struct ieee80211_rx_status *rx_status)
1590 struct sk_buff *msdu;
1591 struct htt_rx_desc *rxd;
1595 msdu = skb_peek(amsdu);
1596 rxd = (void *)msdu->data - sizeof(*rxd);
1598 /* FIXME: It might be a good idea to do some fuzzy-testing to drop
1599 * invalid/dangerous frames.
1602 if (!rx_status->freq) {
1603 ath10k_warn(ar, "no channel configured; ignoring frame(s)!\n");
1607 is_mgmt = !!(rxd->attention.flags &
1608 __cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE));
1609 has_fcs_err = !!(rxd->attention.flags &
1610 __cpu_to_le32(RX_ATTENTION_FLAGS_FCS_ERR));
1612 /* Management frames are handled via WMI events. The pros of such
1613 * approach is that channel is explicitly provided in WMI events
1614 * whereas HTT doesn't provide channel information for Rxed frames.
1616 * However some firmware revisions don't report corrupted frames via
1617 * WMI so don't drop them.
1619 if (is_mgmt && !has_fcs_err) {
1620 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx mgmt ctrl\n");
1624 if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) {
1625 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n");
1632 static void ath10k_htt_rx_h_filter(struct ath10k *ar,
1633 struct sk_buff_head *amsdu,
1634 struct ieee80211_rx_status *rx_status)
1636 if (skb_queue_empty(amsdu))
1639 if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status))
1642 __skb_queue_purge(amsdu);
1645 static void ath10k_htt_rx_handler(struct ath10k_htt *htt,
1646 struct htt_rx_indication *rx)
1648 struct ath10k *ar = htt->ar;
1649 struct ieee80211_rx_status *rx_status = &htt->rx_status;
1650 struct htt_rx_indication_mpdu_range *mpdu_ranges;
1651 struct sk_buff_head amsdu;
1652 int num_mpdu_ranges;
1655 int i, ret, mpdu_count = 0;
1657 lockdep_assert_held(&htt->rx_ring.lock);
1659 if (htt->rx_confused)
1662 fw_desc_len = __le16_to_cpu(rx->prefix.fw_rx_desc_bytes);
1663 fw_desc = (u8 *)&rx->fw_desc;
1665 num_mpdu_ranges = MS(__le32_to_cpu(rx->hdr.info1),
1666 HTT_RX_INDICATION_INFO1_NUM_MPDU_RANGES);
1667 mpdu_ranges = htt_rx_ind_get_mpdu_ranges(rx);
1669 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx ind: ",
1671 (sizeof(struct htt_rx_indication_mpdu_range) *
1674 for (i = 0; i < num_mpdu_ranges; i++)
1675 mpdu_count += mpdu_ranges[i].mpdu_count;
1677 while (mpdu_count--) {
1678 __skb_queue_head_init(&amsdu);
1679 ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc,
1680 &fw_desc_len, &amsdu);
1682 ath10k_warn(ar, "rx ring became corrupted: %d\n", ret);
1683 __skb_queue_purge(&amsdu);
1684 /* FIXME: It's probably a good idea to reboot the
1685 * device instead of leaving it inoperable.
1687 htt->rx_confused = true;
1691 ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff);
1692 ath10k_htt_rx_h_unchain(ar, &amsdu, ret > 0);
1693 ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
1694 ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true);
1695 ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
1698 tasklet_schedule(&htt->rx_replenish_task);
1701 static void ath10k_htt_rx_frag_handler(struct ath10k_htt *htt,
1702 struct htt_rx_fragment_indication *frag)
1704 struct ath10k *ar = htt->ar;
1705 struct ieee80211_rx_status *rx_status = &htt->rx_status;
1706 struct sk_buff_head amsdu;
1711 fw_desc_len = __le16_to_cpu(frag->fw_rx_desc_bytes);
1712 fw_desc = (u8 *)frag->fw_msdu_rx_desc;
1714 __skb_queue_head_init(&amsdu);
1716 spin_lock_bh(&htt->rx_ring.lock);
1717 ret = ath10k_htt_rx_amsdu_pop(htt, &fw_desc, &fw_desc_len,
1719 spin_unlock_bh(&htt->rx_ring.lock);
1721 tasklet_schedule(&htt->rx_replenish_task);
1723 ath10k_dbg(ar, ATH10K_DBG_HTT_DUMP, "htt rx frag ahead\n");
1726 ath10k_warn(ar, "failed to pop amsdu from httr rx ring for fragmented rx %d\n",
1728 __skb_queue_purge(&amsdu);
1732 if (skb_queue_len(&amsdu) != 1) {
1733 ath10k_warn(ar, "failed to pop frag amsdu: too many msdus\n");
1734 __skb_queue_purge(&amsdu);
1738 ath10k_htt_rx_h_ppdu(ar, &amsdu, rx_status, 0xffff);
1739 ath10k_htt_rx_h_filter(ar, &amsdu, rx_status);
1740 ath10k_htt_rx_h_mpdu(ar, &amsdu, rx_status, true);
1741 ath10k_htt_rx_h_deliver(ar, &amsdu, rx_status);
1743 if (fw_desc_len > 0) {
1744 ath10k_dbg(ar, ATH10K_DBG_HTT,
1745 "expecting more fragmented rx in one indication %d\n",
1750 static void ath10k_htt_rx_frm_tx_compl(struct ath10k *ar,
1751 struct sk_buff *skb)
1753 struct ath10k_htt *htt = &ar->htt;
1754 struct htt_resp *resp = (struct htt_resp *)skb->data;
1755 struct htt_tx_done tx_done = {};
1756 int status = MS(resp->data_tx_completion.flags, HTT_DATA_TX_STATUS);
1761 case HTT_DATA_TX_STATUS_NO_ACK:
1762 tx_done.no_ack = true;
1764 case HTT_DATA_TX_STATUS_OK:
1765 tx_done.success = true;
1767 case HTT_DATA_TX_STATUS_DISCARD:
1768 case HTT_DATA_TX_STATUS_POSTPONE:
1769 case HTT_DATA_TX_STATUS_DOWNLOAD_FAIL:
1770 tx_done.discard = true;
1773 ath10k_warn(ar, "unhandled tx completion status %d\n", status);
1774 tx_done.discard = true;
1778 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt tx completion num_msdus %d\n",
1779 resp->data_tx_completion.num_msdus);
1781 for (i = 0; i < resp->data_tx_completion.num_msdus; i++) {
1782 msdu_id = resp->data_tx_completion.msdus[i];
1783 tx_done.msdu_id = __le16_to_cpu(msdu_id);
1784 ath10k_txrx_tx_unref(htt, &tx_done);
1788 static void ath10k_htt_rx_addba(struct ath10k *ar, struct htt_resp *resp)
1790 struct htt_rx_addba *ev = &resp->rx_addba;
1791 struct ath10k_peer *peer;
1792 struct ath10k_vif *arvif;
1793 u16 info0, tid, peer_id;
1795 info0 = __le16_to_cpu(ev->info0);
1796 tid = MS(info0, HTT_RX_BA_INFO0_TID);
1797 peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);
1799 ath10k_dbg(ar, ATH10K_DBG_HTT,
1800 "htt rx addba tid %hu peer_id %hu size %hhu\n",
1801 tid, peer_id, ev->window_size);
1803 spin_lock_bh(&ar->data_lock);
1804 peer = ath10k_peer_find_by_id(ar, peer_id);
1806 ath10k_warn(ar, "received addba event for invalid peer_id: %hu\n",
1808 spin_unlock_bh(&ar->data_lock);
1812 arvif = ath10k_get_arvif(ar, peer->vdev_id);
1814 ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",
1816 spin_unlock_bh(&ar->data_lock);
1820 ath10k_dbg(ar, ATH10K_DBG_HTT,
1821 "htt rx start rx ba session sta %pM tid %hu size %hhu\n",
1822 peer->addr, tid, ev->window_size);
1824 ieee80211_start_rx_ba_session_offl(arvif->vif, peer->addr, tid);
1825 spin_unlock_bh(&ar->data_lock);
1828 static void ath10k_htt_rx_delba(struct ath10k *ar, struct htt_resp *resp)
1830 struct htt_rx_delba *ev = &resp->rx_delba;
1831 struct ath10k_peer *peer;
1832 struct ath10k_vif *arvif;
1833 u16 info0, tid, peer_id;
1835 info0 = __le16_to_cpu(ev->info0);
1836 tid = MS(info0, HTT_RX_BA_INFO0_TID);
1837 peer_id = MS(info0, HTT_RX_BA_INFO0_PEER_ID);
1839 ath10k_dbg(ar, ATH10K_DBG_HTT,
1840 "htt rx delba tid %hu peer_id %hu\n",
1843 spin_lock_bh(&ar->data_lock);
1844 peer = ath10k_peer_find_by_id(ar, peer_id);
1846 ath10k_warn(ar, "received addba event for invalid peer_id: %hu\n",
1848 spin_unlock_bh(&ar->data_lock);
1852 arvif = ath10k_get_arvif(ar, peer->vdev_id);
1854 ath10k_warn(ar, "received addba event for invalid vdev_id: %u\n",
1856 spin_unlock_bh(&ar->data_lock);
1860 ath10k_dbg(ar, ATH10K_DBG_HTT,
1861 "htt rx stop rx ba session sta %pM tid %hu\n",
1864 ieee80211_stop_rx_ba_session_offl(arvif->vif, peer->addr, tid);
1865 spin_unlock_bh(&ar->data_lock);
1868 static int ath10k_htt_rx_extract_amsdu(struct sk_buff_head *list,
1869 struct sk_buff_head *amsdu)
1871 struct sk_buff *msdu;
1872 struct htt_rx_desc *rxd;
1874 if (skb_queue_empty(list))
1877 if (WARN_ON(!skb_queue_empty(amsdu)))
1880 while ((msdu = __skb_dequeue(list))) {
1881 __skb_queue_tail(amsdu, msdu);
1883 rxd = (void *)msdu->data - sizeof(*rxd);
1884 if (rxd->msdu_end.common.info0 &
1885 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))
1889 msdu = skb_peek_tail(amsdu);
1890 rxd = (void *)msdu->data - sizeof(*rxd);
1891 if (!(rxd->msdu_end.common.info0 &
1892 __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU))) {
1893 skb_queue_splice_init(amsdu, list);
1900 static void ath10k_htt_rx_h_rx_offload_prot(struct ieee80211_rx_status *status,
1901 struct sk_buff *skb)
1903 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data;
1905 if (!ieee80211_has_protected(hdr->frame_control))
1908 /* Offloaded frames are already decrypted but firmware insists they are
1909 * protected in the 802.11 header. Strip the flag. Otherwise mac80211
1910 * will drop the frame.
1913 hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
1914 status->flag |= RX_FLAG_DECRYPTED |
1915 RX_FLAG_IV_STRIPPED |
1916 RX_FLAG_MMIC_STRIPPED;
1919 static void ath10k_htt_rx_h_rx_offload(struct ath10k *ar,
1920 struct sk_buff_head *list)
1922 struct ath10k_htt *htt = &ar->htt;
1923 struct ieee80211_rx_status *status = &htt->rx_status;
1924 struct htt_rx_offload_msdu *rx;
1925 struct sk_buff *msdu;
1928 while ((msdu = __skb_dequeue(list))) {
1929 /* Offloaded frames don't have Rx descriptor. Instead they have
1930 * a short meta information header.
1933 rx = (void *)msdu->data;
1935 skb_put(msdu, sizeof(*rx));
1936 skb_pull(msdu, sizeof(*rx));
1938 if (skb_tailroom(msdu) < __le16_to_cpu(rx->msdu_len)) {
1939 ath10k_warn(ar, "dropping frame: offloaded rx msdu is too long!\n");
1940 dev_kfree_skb_any(msdu);
1944 skb_put(msdu, __le16_to_cpu(rx->msdu_len));
1946 /* Offloaded rx header length isn't multiple of 2 nor 4 so the
1947 * actual payload is unaligned. Align the frame. Otherwise
1948 * mac80211 complains. This shouldn't reduce performance much
1949 * because these offloaded frames are rare.
1951 offset = 4 - ((unsigned long)msdu->data & 3);
1952 skb_put(msdu, offset);
1953 memmove(msdu->data + offset, msdu->data, msdu->len);
1954 skb_pull(msdu, offset);
1956 /* FIXME: The frame is NWifi. Re-construct QoS Control
1957 * if possible later.
1960 memset(status, 0, sizeof(*status));
1961 status->flag |= RX_FLAG_NO_SIGNAL_VAL;
1963 ath10k_htt_rx_h_rx_offload_prot(status, msdu);
1964 ath10k_htt_rx_h_channel(ar, status, NULL, rx->vdev_id);
1965 ath10k_process_rx(ar, status, msdu);
1969 static void ath10k_htt_rx_in_ord_ind(struct ath10k *ar, struct sk_buff *skb)
1971 struct ath10k_htt *htt = &ar->htt;
1972 struct htt_resp *resp = (void *)skb->data;
1973 struct ieee80211_rx_status *status = &htt->rx_status;
1974 struct sk_buff_head list;
1975 struct sk_buff_head amsdu;
1984 lockdep_assert_held(&htt->rx_ring.lock);
1986 if (htt->rx_confused)
1989 skb_pull(skb, sizeof(resp->hdr));
1990 skb_pull(skb, sizeof(resp->rx_in_ord_ind));
1992 peer_id = __le16_to_cpu(resp->rx_in_ord_ind.peer_id);
1993 msdu_count = __le16_to_cpu(resp->rx_in_ord_ind.msdu_count);
1994 vdev_id = resp->rx_in_ord_ind.vdev_id;
1995 tid = SM(resp->rx_in_ord_ind.info, HTT_RX_IN_ORD_IND_INFO_TID);
1996 offload = !!(resp->rx_in_ord_ind.info &
1997 HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK);
1998 frag = !!(resp->rx_in_ord_ind.info & HTT_RX_IN_ORD_IND_INFO_FRAG_MASK);
2000 ath10k_dbg(ar, ATH10K_DBG_HTT,
2001 "htt rx in ord vdev %i peer %i tid %i offload %i frag %i msdu count %i\n",
2002 vdev_id, peer_id, tid, offload, frag, msdu_count);
2004 if (skb->len < msdu_count * sizeof(*resp->rx_in_ord_ind.msdu_descs)) {
2005 ath10k_warn(ar, "dropping invalid in order rx indication\n");
2009 /* The event can deliver more than 1 A-MSDU. Each A-MSDU is later
2010 * extracted and processed.
2012 __skb_queue_head_init(&list);
2013 ret = ath10k_htt_rx_pop_paddr_list(htt, &resp->rx_in_ord_ind, &list);
2015 ath10k_warn(ar, "failed to pop paddr list: %d\n", ret);
2016 htt->rx_confused = true;
2020 /* Offloaded frames are very different and need to be handled
2024 ath10k_htt_rx_h_rx_offload(ar, &list);
2026 while (!skb_queue_empty(&list)) {
2027 __skb_queue_head_init(&amsdu);
2028 ret = ath10k_htt_rx_extract_amsdu(&list, &amsdu);
2031 /* Note: The in-order indication may report interleaved
2032 * frames from different PPDUs meaning reported rx rate
2033 * to mac80211 isn't accurate/reliable. It's still
2034 * better to report something than nothing though. This
2035 * should still give an idea about rx rate to the user.
2037 ath10k_htt_rx_h_ppdu(ar, &amsdu, status, vdev_id);
2038 ath10k_htt_rx_h_filter(ar, &amsdu, status);
2039 ath10k_htt_rx_h_mpdu(ar, &amsdu, status, false);
2040 ath10k_htt_rx_h_deliver(ar, &amsdu, status);
2045 /* Should not happen. */
2046 ath10k_warn(ar, "failed to extract amsdu: %d\n", ret);
2047 htt->rx_confused = true;
2048 __skb_queue_purge(&list);
2053 tasklet_schedule(&htt->rx_replenish_task);
2056 void ath10k_htt_t2h_msg_handler(struct ath10k *ar, struct sk_buff *skb)
2058 struct ath10k_htt *htt = &ar->htt;
2059 struct htt_resp *resp = (struct htt_resp *)skb->data;
2060 enum htt_t2h_msg_type type;
2062 /* confirm alignment */
2063 if (!IS_ALIGNED((unsigned long)skb->data, 4))
2064 ath10k_warn(ar, "unaligned htt message, expect trouble\n");
2066 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, msg_type: 0x%0X\n",
2067 resp->hdr.msg_type);
2069 if (resp->hdr.msg_type >= ar->htt.t2h_msg_types_max) {
2070 ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx, unsupported msg_type: 0x%0X\n max: 0x%0X",
2071 resp->hdr.msg_type, ar->htt.t2h_msg_types_max);
2072 dev_kfree_skb_any(skb);
2075 type = ar->htt.t2h_msg_types[resp->hdr.msg_type];
2078 case HTT_T2H_MSG_TYPE_VERSION_CONF: {
2079 htt->target_version_major = resp->ver_resp.major;
2080 htt->target_version_minor = resp->ver_resp.minor;
2081 complete(&htt->target_version_received);
2084 case HTT_T2H_MSG_TYPE_RX_IND:
2085 spin_lock_bh(&htt->rx_ring.lock);
2086 __skb_queue_tail(&htt->rx_compl_q, skb);
2087 spin_unlock_bh(&htt->rx_ring.lock);
2088 tasklet_schedule(&htt->txrx_compl_task);
2090 case HTT_T2H_MSG_TYPE_PEER_MAP: {
2091 struct htt_peer_map_event ev = {
2092 .vdev_id = resp->peer_map.vdev_id,
2093 .peer_id = __le16_to_cpu(resp->peer_map.peer_id),
2095 memcpy(ev.addr, resp->peer_map.addr, sizeof(ev.addr));
2096 ath10k_peer_map_event(htt, &ev);
2099 case HTT_T2H_MSG_TYPE_PEER_UNMAP: {
2100 struct htt_peer_unmap_event ev = {
2101 .peer_id = __le16_to_cpu(resp->peer_unmap.peer_id),
2103 ath10k_peer_unmap_event(htt, &ev);
2106 case HTT_T2H_MSG_TYPE_MGMT_TX_COMPLETION: {
2107 struct htt_tx_done tx_done = {};
2108 int status = __le32_to_cpu(resp->mgmt_tx_completion.status);
2111 __le32_to_cpu(resp->mgmt_tx_completion.desc_id);
2114 case HTT_MGMT_TX_STATUS_OK:
2115 tx_done.success = true;
2117 case HTT_MGMT_TX_STATUS_RETRY:
2118 tx_done.no_ack = true;
2120 case HTT_MGMT_TX_STATUS_DROP:
2121 tx_done.discard = true;
2125 ath10k_txrx_tx_unref(htt, &tx_done);
2128 case HTT_T2H_MSG_TYPE_TX_COMPL_IND:
2129 skb_queue_tail(&htt->tx_compl_q, skb);
2130 tasklet_schedule(&htt->txrx_compl_task);
2132 case HTT_T2H_MSG_TYPE_SEC_IND: {
2133 struct ath10k *ar = htt->ar;
2134 struct htt_security_indication *ev = &resp->security_indication;
2136 ath10k_dbg(ar, ATH10K_DBG_HTT,
2137 "sec ind peer_id %d unicast %d type %d\n",
2138 __le16_to_cpu(ev->peer_id),
2139 !!(ev->flags & HTT_SECURITY_IS_UNICAST),
2140 MS(ev->flags, HTT_SECURITY_TYPE));
2141 complete(&ar->install_key_done);
2144 case HTT_T2H_MSG_TYPE_RX_FRAG_IND: {
2145 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
2146 skb->data, skb->len);
2147 ath10k_htt_rx_frag_handler(htt, &resp->rx_frag_ind);
2150 case HTT_T2H_MSG_TYPE_TEST:
2152 case HTT_T2H_MSG_TYPE_STATS_CONF:
2153 trace_ath10k_htt_stats(ar, skb->data, skb->len);
2155 case HTT_T2H_MSG_TYPE_TX_INSPECT_IND:
2156 /* Firmware can return tx frames if it's unable to fully
2157 * process them and suspects host may be able to fix it. ath10k
2158 * sends all tx frames as already inspected so this shouldn't
2159 * happen unless fw has a bug.
2161 ath10k_warn(ar, "received an unexpected htt tx inspect event\n");
2163 case HTT_T2H_MSG_TYPE_RX_ADDBA:
2164 ath10k_htt_rx_addba(ar, resp);
2166 case HTT_T2H_MSG_TYPE_RX_DELBA:
2167 ath10k_htt_rx_delba(ar, resp);
2169 case HTT_T2H_MSG_TYPE_PKTLOG: {
2170 struct ath10k_pktlog_hdr *hdr =
2171 (struct ath10k_pktlog_hdr *)resp->pktlog_msg.payload;
2173 trace_ath10k_htt_pktlog(ar, resp->pktlog_msg.payload,
2175 __le16_to_cpu(hdr->size));
2178 case HTT_T2H_MSG_TYPE_RX_FLUSH: {
2179 /* Ignore this event because mac80211 takes care of Rx
2180 * aggregation reordering.
2184 case HTT_T2H_MSG_TYPE_RX_IN_ORD_PADDR_IND: {
2185 spin_lock_bh(&htt->rx_ring.lock);
2186 __skb_queue_tail(&htt->rx_in_ord_compl_q, skb);
2187 spin_unlock_bh(&htt->rx_ring.lock);
2188 tasklet_schedule(&htt->txrx_compl_task);
2191 case HTT_T2H_MSG_TYPE_TX_CREDIT_UPDATE_IND:
2193 case HTT_T2H_MSG_TYPE_CHAN_CHANGE:
2195 case HTT_T2H_MSG_TYPE_AGGR_CONF:
2197 case HTT_T2H_MSG_TYPE_EN_STATS:
2198 case HTT_T2H_MSG_TYPE_TX_FETCH_IND:
2199 case HTT_T2H_MSG_TYPE_TX_FETCH_CONF:
2200 case HTT_T2H_MSG_TYPE_TX_LOW_LATENCY_IND:
2202 ath10k_warn(ar, "htt event (%d) not handled\n",
2203 resp->hdr.msg_type);
2204 ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt event: ",
2205 skb->data, skb->len);
2209 /* Free the indication buffer */
2210 dev_kfree_skb_any(skb);
2212 EXPORT_SYMBOL(ath10k_htt_t2h_msg_handler);
2214 static void ath10k_htt_txrx_compl_task(unsigned long ptr)
2216 struct ath10k_htt *htt = (struct ath10k_htt *)ptr;
2217 struct ath10k *ar = htt->ar;
2218 struct htt_resp *resp;
2219 struct sk_buff *skb;
2221 while ((skb = skb_dequeue(&htt->tx_compl_q))) {
2222 ath10k_htt_rx_frm_tx_compl(htt->ar, skb);
2223 dev_kfree_skb_any(skb);
2226 spin_lock_bh(&htt->rx_ring.lock);
2227 while ((skb = __skb_dequeue(&htt->rx_compl_q))) {
2228 resp = (struct htt_resp *)skb->data;
2229 ath10k_htt_rx_handler(htt, &resp->rx_ind);
2230 dev_kfree_skb_any(skb);
2233 while ((skb = __skb_dequeue(&htt->rx_in_ord_compl_q))) {
2234 ath10k_htt_rx_in_ord_ind(ar, skb);
2235 dev_kfree_skb_any(skb);
2237 spin_unlock_bh(&htt->rx_ring.lock);
projects / releases.git / blob