| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Linux/drivers/net/wireless/ath/ath10k/ (Open Source Betriebssystem Version 6.17.9©) Datei vom 24.10.2025 mit Größe 124 kB |
|
Quelle htt_rx.c Sprache: C |
|||||||||||||||
|
// SPDX-License-Identifier: ISC /* * Copyright (c) 2005-2011 Atheros Communications Inc. * Copyright (c) 2011-2017 Qualcomm Atheros, Inc. * Copyright (c) 2018, The Linux Foundation. All rights reserved. * Copyright (c) 2022 Qualcomm Innovation Center, Inc. All rights reserved. * Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries. */ #include <linux/export.h> #include "core.h" #include "htc.h" #include "htt.h" #include "txrx.h" #include "debug.h" #include "trace.h" #include "mac.h" #include <linux/log2.h> #include <linux/bitfield.h> /* when under memory pressure rx ring refill may fail and needs a retry */ #define HTT_RX_RING_REFILL_RETRY_MS 50 #define HTT_RX_RING_REFILL_RESCHED_MS 5 /* shortcut to interpret a raw memory buffer as a rx descriptor */ #define HTT_RX_BUF_TO_RX_DESC(hw, buf) ath10k_htt_rx_desc_from_raw_buffer(hw, buf) static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *sk static struct sk_buff * ath10k_htt_rx_find_skb_paddr(struct ath10k *ar, u64 paddr) { struct ath10k_skb_rxcb *rxcb; hash_for_each_possible(ar->htt.rx_ring.skb_table, rxcb, hlist, paddr) if (rxcb->paddr == paddr) return ATH10K_RXCB_SKB(rxcb); WARN_ON_ONCE(1); return NULL; } static void ath10k_htt_rx_ring_free(struct ath10k_htt *htt) { struct sk_buff *skb; struct ath10k_skb_rxcb *rxcb; struct hlist_node *n; int i; if (htt->rx_ring.in_ord_rx) { hash_for_each_safe(htt->rx_ring.skb_table, i, n, rxcb, hlist) { skb = ATH10K_RXCB_SKB(rxcb); dma_unmap_single(htt->ar->dev, rxcb->paddr, skb->len + skb_tailroom(skb), DMA_FROM_DEVICE); hash_del(&rxcb->hlist); dev_kfree_skb_any(skb); } } else { for (i = 0; i < htt->rx_ring.size; i++) { skb = htt->rx_ring.netbufs_ring[i]; if (!skb) continue; rxcb = ATH10K_SKB_RXCB(skb); dma_unmap_single(htt->ar->dev, rxcb->paddr, skb->len + skb_tailroom(skb), DMA_FROM_DEVICE); dev_kfree_skb_any(skb); } } htt->rx_ring.fill_cnt = 0; hash_init(htt->rx_ring.skb_table); memset(htt->rx_ring.netbufs_ring, 0, htt->rx_ring.size * sizeof(htt->rx_ring.netbufs_ring[0])); } static size_t ath10k_htt_get_rx_ring_size_32(struct ath10k_htt *htt) { return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_32); } static size_t ath10k_htt_get_rx_ring_size_64(struct ath10k_htt *htt) { return htt->rx_ring.size * sizeof(htt->rx_ring.paddrs_ring_64); } static void ath10k_htt_config_paddrs_ring_32(struct ath10k_htt *htt, void *vaddr) { htt->rx_ring.paddrs_ring_32 = vaddr; } static void ath10k_htt_config_paddrs_ring_64(struct ath10k_htt *htt, void *vaddr) { htt->rx_ring.paddrs_ring_64 = vaddr; } static void ath10k_htt_set_paddrs_ring_32(struct ath10k_htt *htt, dma_addr_t paddr, int idx) { htt->rx_ring.paddrs_ring_32[idx] = __cpu_to_le32(paddr); } static void ath10k_htt_set_paddrs_ring_64(struct ath10k_htt *htt, dma_addr_t paddr, int idx) { htt->rx_ring.paddrs_ring_64[idx] = __cpu_to_le64(paddr); } static void ath10k_htt_reset_paddrs_ring_32(struct ath10k_htt *htt, int idx) { htt->rx_ring.paddrs_ring_32[idx] = 0; } static void ath10k_htt_reset_paddrs_ring_64(struct ath10k_htt *htt, int idx) { htt->rx_ring.paddrs_ring_64[idx] = 0; } static void *ath10k_htt_get_vaddr_ring_32(struct ath10k_htt *htt) { return (void *)htt->rx_ring.paddrs_ring_32; } static void *ath10k_htt_get_vaddr_ring_64(struct ath10k_htt *htt) { return (void *)htt->rx_ring.paddrs_ring_64; } static int __ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num) { struct ath10k_hw_params *hw = &htt->ar->hw_params; struct htt_rx_desc *rx_desc; struct ath10k_skb_rxcb *rxcb; struct sk_buff *skb; dma_addr_t paddr; int ret = 0, idx; /* The Full Rx Reorder firmware has no way of telling the host * implicitly when it copied HTT Rx Ring buffers to MAC Rx Ring. * To keep things simple make sure ring is always half empty. This * guarantees there'll be no replenishment overruns possible. */ BUILD_BUG_ON(HTT_RX_RING_FILL_LEVEL >= HTT_RX_RING_SIZE / 2); idx = __le32_to_cpu(*htt->rx_ring.alloc_idx.vaddr); if (idx < 0 || idx >= htt->rx_ring.size) { ath10k_err(htt->ar, "rx ring index is not valid, firmware malfunctioning?\n"); idx &= htt->rx_ring.size_mask; ret = -ENOMEM; goto fail; } while (num > 0) { skb = dev_alloc_skb(HTT_RX_BUF_SIZE + HTT_RX_DESC_ALIGN); if (!skb) { ret = -ENOMEM; goto fail; } if (!IS_ALIGNED((unsigned long)skb->data, HTT_RX_DESC_ALIGN)) skb_pull(skb, PTR_ALIGN(skb->data, HTT_RX_DESC_ALIGN) - skb->data); /* Clear rx_desc attention word before posting to Rx ring */ rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, skb->data); ath10k_htt_rx_desc_get_attention(hw, rx_desc)->flags = __cpu_to_le32(0); paddr = dma_map_single(htt->ar->dev, skb->data, skb->len + skb_tailroom(skb), DMA_FROM_DEVICE); if (unlikely(dma_mapping_error(htt->ar->dev, paddr))) { dev_kfree_skb_any(skb); ret = -ENOMEM; goto fail; } rxcb = ATH10K_SKB_RXCB(skb); rxcb->paddr = paddr; htt->rx_ring.netbufs_ring[idx] = skb; ath10k_htt_set_paddrs_ring(htt, paddr, idx); htt->rx_ring.fill_cnt++; if (htt->rx_ring.in_ord_rx) { hash_add(htt->rx_ring.skb_table, &ATH10K_SKB_RXCB(skb)->hlist, paddr); } num--; idx++; idx &= htt->rx_ring.size_mask; } fail: /* * Make sure the rx buffer is updated before available buffer * index to avoid any potential rx ring corruption. */ mb(); *htt->rx_ring.alloc_idx.vaddr = __cpu_to_le32(idx); return ret; } static int ath10k_htt_rx_ring_fill_n(struct ath10k_htt *htt, int num) { lockdep_assert_held(&htt->rx_ring.lock); return __ath10k_htt_rx_ring_fill_n(htt, num); } static void ath10k_htt_rx_msdu_buff_replenish(struct ath10k_htt *htt) { int ret, num_deficit, num_to_fill; /* Refilling the whole RX ring buffer proves to be a bad idea. The * reason is RX may take up significant amount of CPU cycles and starve * other tasks, e.g. TX on an ethernet device while acting as a bridge * with ath10k wlan interface. This ended up with very poor performance * once CPU the host system was overwhelmed with RX on ath10k. * * By limiting the number of refills the replenishing occurs * progressively. This in turns makes use of the fact tasklets are * processed in FIFO order. This means actual RX processing can starve * out refilling. If there's not enough buffers on RX ring FW will not * report RX until it is refilled with enough buffers. This * automatically balances load wrt to CPU power. * * This probably comes at a cost of lower maximum throughput but * improves the average and stability. */ spin_lock_bh(&htt->rx_ring.lock); num_deficit = htt->rx_ring.fill_level - htt->rx_ring.fill_cnt; num_to_fill = min(ATH10K_HTT_MAX_NUM_REFILL, num_deficit); num_deficit -= num_to_fill; ret = ath10k_htt_rx_ring_fill_n(htt, num_to_fill); if (ret == -ENOMEM) { /* * Failed to fill it to the desired level - * we'll start a timer and try again next time. * As long as enough buffers are left in the ring for * another A-MPDU rx, no special recovery is needed. */ mod_timer(&htt->rx_ring.refill_retry_timer, jiffies + msecs_to_jiffies(HTT_RX_RING_REFILL_RETRY_MS)); } else if (num_deficit > 0) { mod_timer(&htt->rx_ring.refill_retry_timer, jiffies + msecs_to_jiffies(HTT_RX_RING_REFILL_RESCHED_MS)); } spin_unlock_bh(&htt->rx_ring.lock); } static void ath10k_htt_rx_ring_refill_retry(struct timer_list *t) { struct ath10k_htt *htt = timer_container_of(htt, t, rx_ring.refill_retry_timer); ath10k_htt_rx_msdu_buff_replenish(htt); } int ath10k_htt_rx_ring_refill(struct ath10k *ar) { struct ath10k_htt *htt = &ar->htt; int ret; if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) return 0; spin_lock_bh(&htt->rx_ring.lock); ret = ath10k_htt_rx_ring_fill_n(htt, (htt->rx_ring.fill_level - htt->rx_ring.fill_cnt)); if (ret) ath10k_htt_rx_ring_free(htt); spin_unlock_bh(&htt->rx_ring.lock); return ret; } void ath10k_htt_rx_free(struct ath10k_htt *htt) { if (htt->ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) return; timer_delete_sync(&htt->rx_ring.refill_retry_timer); skb_queue_purge(&htt->rx_msdus_q); skb_queue_purge(&htt->rx_in_ord_compl_q); skb_queue_purge(&htt->tx_fetch_ind_q); spin_lock_bh(&htt->rx_ring.lock); ath10k_htt_rx_ring_free(htt); spin_unlock_bh(&htt->rx_ring.lock); dma_free_coherent(htt->ar->dev, ath10k_htt_get_rx_ring_size(htt), ath10k_htt_get_vaddr_ring(htt), htt->rx_ring.base_paddr); ath10k_htt_config_paddrs_ring(htt, NULL); dma_free_coherent(htt->ar->dev, sizeof(*htt->rx_ring.alloc_idx.vaddr), htt->rx_ring.alloc_idx.vaddr, htt->rx_ring.alloc_idx.paddr); htt->rx_ring.alloc_idx.vaddr = NULL; kfree(htt->rx_ring.netbufs_ring); htt->rx_ring.netbufs_ring = NULL; } static inline struct sk_buff *ath10k_htt_rx_netbuf_pop(struct ath10k_htt *htt) { struct ath10k *ar = htt->ar; int idx; struct sk_buff *msdu; lockdep_assert_held(&htt->rx_ring.lock); if (htt->rx_ring.fill_cnt == 0) { ath10k_warn(ar, "tried to pop sk_buff from an empty rx ring\n"); return NULL; } idx = htt->rx_ring.sw_rd_idx.msdu_payld; msdu = htt->rx_ring.netbufs_ring[idx]; htt->rx_ring.netbufs_ring[idx] = NULL; ath10k_htt_reset_paddrs_ring(htt, idx); idx++; idx &= htt->rx_ring.size_mask; htt->rx_ring.sw_rd_idx.msdu_payld = idx; htt->rx_ring.fill_cnt--; dma_unmap_single(htt->ar->dev, ATH10K_SKB_RXCB(msdu)->paddr, msdu->len + skb_tailroom(msdu), DMA_FROM_DEVICE); ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ", msdu->data, msdu->len + skb_tailroom(msdu)); return msdu; } /* return: < 0 fatal error, 0 - non chained msdu, 1 chained msdu */ static int ath10k_htt_rx_amsdu_pop(struct ath10k_htt *htt, struct sk_buff_head *amsdu) { struct ath10k *ar = htt->ar; struct ath10k_hw_params *hw = &ar->hw_params; int msdu_len, msdu_chaining = 0; struct sk_buff *msdu; struct htt_rx_desc *rx_desc; struct rx_attention *rx_desc_attention; struct rx_frag_info_common *rx_desc_frag_info_common; struct rx_msdu_start_common *rx_desc_msdu_start_common; struct rx_msdu_end_common *rx_desc_msdu_end_common; lockdep_assert_held(&htt->rx_ring.lock); for (;;) { int last_msdu, msdu_len_invalid, msdu_chained; msdu = ath10k_htt_rx_netbuf_pop(htt); if (!msdu) { __skb_queue_purge(amsdu); return -ENOENT; } __skb_queue_tail(amsdu, msdu); rx_desc = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data); rx_desc_attention = ath10k_htt_rx_desc_get_attention(hw, rx_desc); rx_desc_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rx_desc); rx_desc_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rx_desc); rx_desc_frag_info_common = ath10k_htt_rx_desc_get_frag_info(hw, rx_desc); /* FIXME: we must report msdu payload since this is what caller * expects now */ skb_put(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset); skb_pull(msdu, hw->rx_desc_ops->rx_desc_msdu_payload_offset); /* * Sanity check - confirm the HW is finished filling in the * rx data. * If the HW and SW are working correctly, then it's guaranteed * that the HW's MAC DMA is done before this point in the SW. * To prevent the case that we handle a stale Rx descriptor, * just assert for now until we have a way to recover. */ if (!(__le32_to_cpu(rx_desc_attention->flags) & RX_ATTENTION_FLAGS_MSDU_DONE)) { __skb_queue_purge(amsdu); return -EIO; } msdu_len_invalid = !!(__le32_to_cpu(rx_desc_attention->flags) & (RX_ATTENTION_FLAGS_MPDU_LENGTH_ERR | RX_ATTENTION_FLAGS_MSDU_LENGTH_ERR)); msdu_len = MS(__le32_to_cpu(rx_desc_msdu_start_common->info0), RX_MSDU_START_INFO0_MSDU_LENGTH); msdu_chained = rx_desc_frag_info_common->ring2_more_count; if (msdu_len_invalid) msdu_len = 0; skb_trim(msdu, 0); skb_put(msdu, min(msdu_len, ath10k_htt_rx_msdu_size(hw))); msdu_len -= msdu->len; /* Note: Chained buffers do not contain rx descriptor */ while (msdu_chained--) { msdu = ath10k_htt_rx_netbuf_pop(htt); if (!msdu) { __skb_queue_purge(amsdu); return -ENOENT; } __skb_queue_tail(amsdu, msdu); skb_trim(msdu, 0); skb_put(msdu, min(msdu_len, HTT_RX_BUF_SIZE)); msdu_len -= msdu->len; msdu_chaining = 1; } last_msdu = __le32_to_cpu(rx_desc_msdu_end_common->info0) & RX_MSDU_END_INFO0_LAST_MSDU; /* FIXME: why are we skipping the first part of the rx_desc? */ trace_ath10k_htt_rx_desc(ar, (void *)rx_desc + sizeof(u32), hw->rx_desc_ops->rx_desc_size - sizeof(u32)); if (last_msdu) break; } if (skb_queue_empty(amsdu)) msdu_chaining = -1; /* * Don't refill the ring yet. * * First, the elements popped here are still in use - it is not * safe to overwrite them until the matching call to * mpdu_desc_list_next. Second, for efficiency it is preferable to * refill the rx ring with 1 PPDU's worth of rx buffers (something * like 32 x 3 buffers), rather than one MPDU's worth of rx buffers * (something like 3 buffers). Consequently, we'll rely on the txrx * SW to tell us when it is done pulling all the PPDU's rx buffers * out of the rx ring, and then refill it just once. */ return msdu_chaining; } static struct sk_buff *ath10k_htt_rx_pop_paddr(struct ath10k_htt *htt, u64 paddr) { struct ath10k *ar = htt->ar; struct ath10k_skb_rxcb *rxcb; struct sk_buff *msdu; lockdep_assert_held(&htt->rx_ring.lock); msdu = ath10k_htt_rx_find_skb_paddr(ar, paddr); if (!msdu) return NULL; rxcb = ATH10K_SKB_RXCB(msdu); hash_del(&rxcb->hlist); htt->rx_ring.fill_cnt--; dma_unmap_single(htt->ar->dev, rxcb->paddr, msdu->len + skb_tailroom(msdu), DMA_FROM_DEVICE); ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "htt rx netbuf pop: ", msdu->data, msdu->len + skb_tailroom(msdu)); return msdu; } static inline void ath10k_htt_append_frag_list(struct sk_buff *skb_head, struct sk_buff *frag_list, unsigned int frag_len) { skb_shinfo(skb_head)->frag_list = frag_list; skb_head->data_len = frag_len; skb_head->len += skb_head->data_len; } static int ath10k_htt_rx_handle_amsdu_mon_32(struct ath10k_htt *htt, struct sk_buff *msdu, struct htt_rx_in_ord_msdu_desc **msdu_desc) { struct ath10k *ar = htt->ar; struct ath10k_hw_params *hw = &ar->hw_params; u32 paddr; struct sk_buff *frag_buf; struct sk_buff *prev_frag_buf; u8 last_frag; struct htt_rx_in_ord_msdu_desc *ind_desc = *msdu_desc; struct htt_rx_desc *rxd; int amsdu_len = __le16_to_cpu(ind_desc->msdu_len); rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data); trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, hw->rx_desc_ops->rx_desc_size); skb_pull(msdu, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw))); amsdu_len -= msdu->len; last_frag = ind_desc->reserved; if (last_frag) { if (amsdu_len) { ath10k_warn(ar, "invalid amsdu len %u, left %d", __le16_to_cpu(ind_desc->msdu_len), amsdu_len); } return 0; } ind_desc++; paddr = __le32_to_cpu(ind_desc->msdu_paddr); frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr); if (!frag_buf) { ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%x", paddr); return -ENOENT; } skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE)); ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len); amsdu_len -= frag_buf->len; prev_frag_buf = frag_buf; last_frag = ind_desc->reserved; while (!last_frag) { ind_desc++; paddr = __le32_to_cpu(ind_desc->msdu_paddr); frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr); if (!frag_buf) { ath10k_warn(ar, "failed to pop frag-n paddr: 0x%x", paddr); prev_frag_buf->next = NULL; return -ENOENT; } skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE)); last_frag = ind_desc->reserved; amsdu_len -= frag_buf->len; prev_frag_buf->next = frag_buf; prev_frag_buf = frag_buf; } if (amsdu_len) { ath10k_warn(ar, "invalid amsdu len %u, left %d", __le16_to_cpu(ind_desc->msdu_len), amsdu_len); } *msdu_desc = ind_desc; prev_frag_buf->next = NULL; return 0; } static int ath10k_htt_rx_handle_amsdu_mon_64(struct ath10k_htt *htt, struct sk_buff *msdu, struct htt_rx_in_ord_msdu_desc_ext **msdu_desc) { struct ath10k *ar = htt->ar; struct ath10k_hw_params *hw = &ar->hw_params; u64 paddr; struct sk_buff *frag_buf; struct sk_buff *prev_frag_buf; u8 last_frag; struct htt_rx_in_ord_msdu_desc_ext *ind_desc = *msdu_desc; struct htt_rx_desc *rxd; int amsdu_len = __le16_to_cpu(ind_desc->msdu_len); rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data); trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, hw->rx_desc_ops->rx_desc_size); skb_pull(msdu, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, min(amsdu_len, ath10k_htt_rx_msdu_size(hw))); amsdu_len -= msdu->len; last_frag = ind_desc->reserved; if (last_frag) { if (amsdu_len) { ath10k_warn(ar, "invalid amsdu len %u, left %d", __le16_to_cpu(ind_desc->msdu_len), amsdu_len); } return 0; } ind_desc++; paddr = __le64_to_cpu(ind_desc->msdu_paddr); frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr); if (!frag_buf) { ath10k_warn(ar, "failed to pop frag-1 paddr: 0x%llx", paddr); return -ENOENT; } skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE)); ath10k_htt_append_frag_list(msdu, frag_buf, amsdu_len); amsdu_len -= frag_buf->len; prev_frag_buf = frag_buf; last_frag = ind_desc->reserved; while (!last_frag) { ind_desc++; paddr = __le64_to_cpu(ind_desc->msdu_paddr); frag_buf = ath10k_htt_rx_pop_paddr(htt, paddr); if (!frag_buf) { ath10k_warn(ar, "failed to pop frag-n paddr: 0x%llx", paddr); prev_frag_buf->next = NULL; return -ENOENT; } skb_put(frag_buf, min(amsdu_len, HTT_RX_BUF_SIZE)); last_frag = ind_desc->reserved; amsdu_len -= frag_buf->len; prev_frag_buf->next = frag_buf; prev_frag_buf = frag_buf; } if (amsdu_len) { ath10k_warn(ar, "invalid amsdu len %u, left %d", __le16_to_cpu(ind_desc->msdu_len), amsdu_len); } *msdu_desc = ind_desc; prev_frag_buf->next = NULL; return 0; } static int ath10k_htt_rx_pop_paddr32_list(struct ath10k_htt *htt, struct htt_rx_in_ord_ind *ev, struct sk_buff_head *list) { struct ath10k *ar = htt->ar; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_in_ord_msdu_desc *msdu_desc = ev->msdu_descs32; struct htt_rx_desc *rxd; struct rx_attention *rxd_attention; struct sk_buff *msdu; int msdu_count, ret; bool is_offload; u32 paddr; lockdep_assert_held(&htt->rx_ring.lock); msdu_count = __le16_to_cpu(ev->msdu_count); is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK); while (msdu_count--) { paddr = __le32_to_cpu(msdu_desc->msdu_paddr); msdu = ath10k_htt_rx_pop_paddr(htt, paddr); if (!msdu) { __skb_queue_purge(list); return -ENOENT; } if (!is_offload && ar->monitor_arvif) { ret = ath10k_htt_rx_handle_amsdu_mon_32(htt, msdu, &msdu_desc); if (ret) { __skb_queue_purge(list); return ret; } __skb_queue_tail(list, msdu); msdu_desc++; continue; } __skb_queue_tail(list, msdu); if (!is_offload) { rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, hw->rx_desc_ops->rx_desc_size); skb_pull(msdu, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len)); if (!(__le32_to_cpu(rxd_attention->flags) & RX_ATTENTION_FLAGS_MSDU_DONE)) { ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n"); return -EIO; } } msdu_desc++; } return 0; } static int ath10k_htt_rx_pop_paddr64_list(struct ath10k_htt *htt, struct htt_rx_in_ord_ind *ev, struct sk_buff_head *list) { struct ath10k *ar = htt->ar; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_in_ord_msdu_desc_ext *msdu_desc = ev->msdu_descs64; struct htt_rx_desc *rxd; struct rx_attention *rxd_attention; struct sk_buff *msdu; int msdu_count, ret; bool is_offload; u64 paddr; lockdep_assert_held(&htt->rx_ring.lock); msdu_count = __le16_to_cpu(ev->msdu_count); is_offload = !!(ev->info & HTT_RX_IN_ORD_IND_INFO_OFFLOAD_MASK); while (msdu_count--) { paddr = __le64_to_cpu(msdu_desc->msdu_paddr); msdu = ath10k_htt_rx_pop_paddr(htt, paddr); if (!msdu) { __skb_queue_purge(list); return -ENOENT; } if (!is_offload && ar->monitor_arvif) { ret = ath10k_htt_rx_handle_amsdu_mon_64(htt, msdu, &msdu_desc); if (ret) { __skb_queue_purge(list); return ret; } __skb_queue_tail(list, msdu); msdu_desc++; continue; } __skb_queue_tail(list, msdu); if (!is_offload) { rxd = HTT_RX_BUF_TO_RX_DESC(hw, msdu->data); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); trace_ath10k_htt_rx_desc(ar, rxd, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, hw->rx_desc_ops->rx_desc_size); skb_pull(msdu, hw->rx_desc_ops->rx_desc_size); skb_put(msdu, __le16_to_cpu(msdu_desc->msdu_len)); if (!(__le32_to_cpu(rxd_attention->flags) & RX_ATTENTION_FLAGS_MSDU_DONE)) { ath10k_warn(htt->ar, "tried to pop an incomplete frame, oops!\n"); return -EIO; } } msdu_desc++; } return 0; } int ath10k_htt_rx_alloc(struct ath10k_htt *htt) { struct ath10k *ar = htt->ar; dma_addr_t paddr; void *vaddr, *vaddr_ring; size_t size; struct timer_list *timer = &htt->rx_ring.refill_retry_timer; if (ar->bus_param.dev_type == ATH10K_DEV_TYPE_HL) return 0; htt->rx_confused = false; /* XXX: The fill level could be changed during runtime in response to * the host processing latency. Is this really worth it? */ htt->rx_ring.size = HTT_RX_RING_SIZE; htt->rx_ring.size_mask = htt->rx_ring.size - 1; htt->rx_ring.fill_level = ar->hw_params.rx_ring_fill_level; if (!is_power_of_2(htt->rx_ring.size)) { ath10k_warn(ar, "htt rx ring size is not power of 2\n"); return -EINVAL; } htt->rx_ring.netbufs_ring = kcalloc(htt->rx_ring.size, sizeof(struct sk_buff *), GFP_KERNEL); if (!htt->rx_ring.netbufs_ring) goto err_netbuf; size = ath10k_htt_get_rx_ring_size(htt); vaddr_ring = dma_alloc_coherent(htt->ar->dev, size, &paddr, GFP_KERNEL); if (!vaddr_ring) goto err_dma_ring; ath10k_htt_config_paddrs_ring(htt, vaddr_ring); htt->rx_ring.base_paddr = paddr; vaddr = dma_alloc_coherent(htt->ar->dev, sizeof(*htt->rx_ring.alloc_idx.vaddr), &paddr, GFP_KERNEL); if (!vaddr) goto err_dma_idx; htt->rx_ring.alloc_idx.vaddr = vaddr; htt->rx_ring.alloc_idx.paddr = paddr; htt->rx_ring.sw_rd_idx.msdu_payld = htt->rx_ring.size_mask; *htt->rx_ring.alloc_idx.vaddr = 0; /* Initialize the Rx refill retry timer */ timer_setup(timer, ath10k_htt_rx_ring_refill_retry, 0); spin_lock_init(&htt->rx_ring.lock); htt->rx_ring.fill_cnt = 0; htt->rx_ring.sw_rd_idx.msdu_payld = 0; hash_init(htt->rx_ring.skb_table); skb_queue_head_init(&htt->rx_msdus_q); skb_queue_head_init(&htt->rx_in_ord_compl_q); skb_queue_head_init(&htt->tx_fetch_ind_q); atomic_set(&htt->num_mpdus_ready, 0); ath10k_dbg(ar, ATH10K_DBG_BOOT, "htt rx ring size %d fill_level %d\n", htt->rx_ring.size, htt->rx_ring.fill_level); return 0; err_dma_idx: dma_free_coherent(htt->ar->dev, ath10k_htt_get_rx_ring_size(htt), vaddr_ring, htt->rx_ring.base_paddr); ath10k_htt_config_paddrs_ring(htt, NULL); err_dma_ring: kfree(htt->rx_ring.netbufs_ring); htt->rx_ring.netbufs_ring = NULL; err_netbuf: return -ENOMEM; } static int ath10k_htt_rx_crypto_param_len(struct ath10k *ar, enum htt_rx_mpdu_encrypt_type type) { switch (type) { case HTT_RX_MPDU_ENCRYPT_NONE: return 0; case HTT_RX_MPDU_ENCRYPT_WEP40: case HTT_RX_MPDU_ENCRYPT_WEP104: return IEEE80211_WEP_IV_LEN; case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC: case HTT_RX_MPDU_ENCRYPT_TKIP_WPA: return IEEE80211_TKIP_IV_LEN; case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2: return IEEE80211_CCMP_HDR_LEN; case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2: return IEEE80211_CCMP_256_HDR_LEN; case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2: case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2: return IEEE80211_GCMP_HDR_LEN; case HTT_RX_MPDU_ENCRYPT_WEP128: case HTT_RX_MPDU_ENCRYPT_WAPI: break; } ath10k_warn(ar, "unsupported encryption type %d\n", type); return 0; } #define MICHAEL_MIC_LEN 8 static int ath10k_htt_rx_crypto_mic_len(struct ath10k *ar, enum htt_rx_mpdu_encrypt_type type) { switch (type) { case HTT_RX_MPDU_ENCRYPT_NONE: case HTT_RX_MPDU_ENCRYPT_WEP40: case HTT_RX_MPDU_ENCRYPT_WEP104: case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC: case HTT_RX_MPDU_ENCRYPT_TKIP_WPA: return 0; case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2: return IEEE80211_CCMP_MIC_LEN; case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2: return IEEE80211_CCMP_256_MIC_LEN; case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2: case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2: return IEEE80211_GCMP_MIC_LEN; case HTT_RX_MPDU_ENCRYPT_WEP128: case HTT_RX_MPDU_ENCRYPT_WAPI: break; } ath10k_warn(ar, "unsupported encryption type %d\n", type); return 0; } static int ath10k_htt_rx_crypto_icv_len(struct ath10k *ar, enum htt_rx_mpdu_encrypt_type type) { switch (type) { case HTT_RX_MPDU_ENCRYPT_NONE: case HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2: case HTT_RX_MPDU_ENCRYPT_AES_CCM256_WPA2: case HTT_RX_MPDU_ENCRYPT_AES_GCMP_WPA2: case HTT_RX_MPDU_ENCRYPT_AES_GCMP256_WPA2: return 0; case HTT_RX_MPDU_ENCRYPT_WEP40: case HTT_RX_MPDU_ENCRYPT_WEP104: return IEEE80211_WEP_ICV_LEN; case HTT_RX_MPDU_ENCRYPT_TKIP_WITHOUT_MIC: case HTT_RX_MPDU_ENCRYPT_TKIP_WPA: return IEEE80211_TKIP_ICV_LEN; case HTT_RX_MPDU_ENCRYPT_WEP128: case HTT_RX_MPDU_ENCRYPT_WAPI: break; } ath10k_warn(ar, "unsupported encryption type %d\n", type); return 0; } struct amsdu_subframe_hdr { u8 dst[ETH_ALEN]; u8 src[ETH_ALEN]; __be16 len; } __packed; #define GROUP_ID_IS_SU_MIMO(x) ((x) == 0 || (x) == 63) static inline u8 ath10k_bw_to_mac80211_bw(u8 bw) { u8 ret = 0; switch (bw) { case 0: ret = RATE_INFO_BW_20; break; case 1: ret = RATE_INFO_BW_40; break; case 2: ret = RATE_INFO_BW_80; break; case 3: ret = RATE_INFO_BW_160; break; } return ret; } static void ath10k_htt_rx_h_rates(struct ath10k *ar, struct ieee80211_rx_status *status, struct htt_rx_desc *rxd) { struct ath10k_hw_params *hw = &ar->hw_params; struct rx_attention *rxd_attention; struct rx_mpdu_start *rxd_mpdu_start; struct rx_mpdu_end *rxd_mpdu_end; struct rx_msdu_start_common *rxd_msdu_start_common; struct rx_msdu_end_common *rxd_msdu_end_common; struct rx_ppdu_start *rxd_ppdu_start; struct ieee80211_supported_band *sband; u8 cck, rate, bw, sgi, mcs, nss; u8 *rxd_msdu_payload; u8 preamble = 0; u8 group_id; u32 info1, info2, info3; u32 stbc, nsts_su; rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd); rxd_mpdu_end = ath10k_htt_rx_desc_get_mpdu_end(hw, rxd); rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd); rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd); rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd); rxd_msdu_payload = ath10k_htt_rx_desc_get_msdu_payload(hw, rxd); info1 = __le32_to_cpu(rxd_ppdu_start->info1); info2 = __le32_to_cpu(rxd_ppdu_start->info2); info3 = __le32_to_cpu(rxd_ppdu_start->info3); preamble = MS(info1, RX_PPDU_START_INFO1_PREAMBLE_TYPE); switch (preamble) { case HTT_RX_LEGACY: /* To get legacy rate index band is required. Since band can't * be undefined check if freq is non-zero. */ if (!status->freq) return; cck = info1 & RX_PPDU_START_INFO1_L_SIG_RATE_SELECT; rate = MS(info1, RX_PPDU_START_INFO1_L_SIG_RATE); rate &= ~RX_PPDU_START_RATE_FLAG; sband = &ar->mac.sbands[status->band]; status->rate_idx = ath10k_mac_hw_rate_to_idx(sband, rate, cck); break; case HTT_RX_HT: case HTT_RX_HT_WITH_TXBF: /* HT-SIG - Table 20-11 in info2 and info3 */ mcs = info2 & 0x1F; nss = mcs >> 3; bw = (info2 >> 7) & 1; sgi = (info3 >> 7) & 1; status->rate_idx = mcs; status->encoding = RX_ENC_HT; if (sgi) status->enc_flags |= RX_ENC_FLAG_SHORT_GI; if (bw) status->bw = RATE_INFO_BW_40; break; case HTT_RX_VHT: case HTT_RX_VHT_WITH_TXBF: /* VHT-SIG-A1 in info2, VHT-SIG-A2 in info3 * TODO check this */ bw = info2 & 3; sgi = info3 & 1; stbc = (info2 >> 3) & 1; group_id = (info2 >> 4) & 0x3F; if (GROUP_ID_IS_SU_MIMO(group_id)) { mcs = (info3 >> 4) & 0x0F; nsts_su = ((info2 >> 10) & 0x07); if (stbc) nss = (nsts_su >> 2) + 1; else nss = (nsts_su + 1); } else { /* Hardware doesn't decode VHT-SIG-B into Rx descriptor * so it's impossible to decode MCS. Also since * firmware consumes Group Id Management frames host * has no knowledge regarding group/user position * mapping so it's impossible to pick the correct Nsts * from VHT-SIG-A1. * * Bandwidth and SGI are valid so report the rateinfo * on best-effort basis. */ mcs = 0; nss = 1; } if (mcs > 0x09) { ath10k_warn(ar, "invalid MCS received %u\n", mcs); ath10k_warn(ar, "rxd %08x mpdu start %08x %08x msdu start %08x %08x ppdu start %0 __le32_to_cpu(rxd_attention->flags), __le32_to_cpu(rxd_mpdu_start->info0), __le32_to_cpu(rxd_mpdu_start->info1), __le32_to_cpu(rxd_msdu_start_common->info0), __le32_to_cpu(rxd_msdu_start_common->info1), rxd_ppdu_start->info0, __le32_to_cpu(rxd_ppdu_start->info1), __le32_to_cpu(rxd_ppdu_start->info2), __le32_to_cpu(rxd_ppdu_start->info3), __le32_to_cpu(rxd_ppdu_start->info4)); ath10k_warn(ar, "msdu end %08x mpdu end %08x\n", __le32_to_cpu(rxd_msdu_end_common->info0), __le32_to_cpu(rxd_mpdu_end->info0)); ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx desc msdu payload: ", rxd_msdu_payload, 50); } status->rate_idx = mcs; status->nss = nss; if (sgi) status->enc_flags |= RX_ENC_FLAG_SHORT_GI; status->bw = ath10k_bw_to_mac80211_bw(bw); status->encoding = RX_ENC_VHT; break; default: break; } } static struct ieee80211_channel * ath10k_htt_rx_h_peer_channel(struct ath10k *ar, struct htt_rx_desc *rxd) { struct ath10k_hw_params *hw = &ar->hw_params; struct rx_attention *rxd_attention; struct rx_msdu_end_common *rxd_msdu_end_common; struct rx_mpdu_start *rxd_mpdu_start; struct ath10k_peer *peer; struct ath10k_vif *arvif; struct cfg80211_chan_def def; u16 peer_id; lockdep_assert_held(&ar->data_lock); if (!rxd) return NULL; rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd); rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd); if (rxd_attention->flags & __cpu_to_le32(RX_ATTENTION_FLAGS_PEER_IDX_INVALID)) return NULL; if (!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU))) return NULL; peer_id = MS(__le32_to_cpu(rxd_mpdu_start->info0), RX_MPDU_START_INFO0_PEER_IDX); peer = ath10k_peer_find_by_id(ar, peer_id); if (!peer) return NULL; arvif = ath10k_get_arvif(ar, peer->vdev_id); if (WARN_ON_ONCE(!arvif)) return NULL; if (ath10k_mac_vif_chan(arvif->vif, &def)) return NULL; return def.chan; } static struct ieee80211_channel * ath10k_htt_rx_h_vdev_channel(struct ath10k *ar, u32 vdev_id) { struct ath10k_vif *arvif; struct cfg80211_chan_def def; lockdep_assert_held(&ar->data_lock); list_for_each_entry(arvif, &ar->arvifs, list) { if (arvif->vdev_id == vdev_id && ath10k_mac_vif_chan(arvif->vif, &def) == 0) return def.chan; } return NULL; } static void ath10k_htt_rx_h_any_chan_iter(struct ieee80211_hw *hw, struct ieee80211_chanctx_conf *conf, void *data) { struct cfg80211_chan_def *def = data; *def = conf->def; } static struct ieee80211_channel * ath10k_htt_rx_h_any_channel(struct ath10k *ar) { struct cfg80211_chan_def def = {}; ieee80211_iter_chan_contexts_atomic(ar->hw, ath10k_htt_rx_h_any_chan_iter, &def); return def.chan; } static bool ath10k_htt_rx_h_channel(struct ath10k *ar, struct ieee80211_rx_status *status, struct htt_rx_desc *rxd, u32 vdev_id) { struct ieee80211_channel *ch; spin_lock_bh(&ar->data_lock); ch = ar->scan_channel; if (!ch) ch = ar->rx_channel; if (!ch) ch = ath10k_htt_rx_h_peer_channel(ar, rxd); if (!ch) ch = ath10k_htt_rx_h_vdev_channel(ar, vdev_id); if (!ch) ch = ath10k_htt_rx_h_any_channel(ar); if (!ch) ch = ar->tgt_oper_chan; spin_unlock_bh(&ar->data_lock); if (!ch) return false; status->band = ch->band; status->freq = ch->center_freq; return true; } static void ath10k_htt_rx_h_signal(struct ath10k *ar, struct ieee80211_rx_status *status, struct htt_rx_desc *rxd) { struct ath10k_hw_params *hw = &ar->hw_params; struct rx_ppdu_start *rxd_ppdu_start = ath10k_htt_rx_desc_get_ppdu_start(hw, rxd); int i; for (i = 0; i < IEEE80211_MAX_CHAINS ; i++) { status->chains &= ~BIT(i); if (rxd_ppdu_start->rssi_chains[i].pri20_mhz != 0x80) { status->chain_signal[i] = ATH10K_DEFAULT_NOISE_FLOOR + rxd_ppdu_start->rssi_chains[i].pri20_mhz; status->chains |= BIT(i); } } /* FIXME: Get real NF */ status->signal = ATH10K_DEFAULT_NOISE_FLOOR + rxd_ppdu_start->rssi_comb; status->flag &= ~RX_FLAG_NO_SIGNAL_VAL; } static void ath10k_htt_rx_h_mactime(struct ath10k *ar, struct ieee80211_rx_status *status, struct htt_rx_desc *rxd) { struct ath10k_hw_params *hw = &ar->hw_params; struct rx_ppdu_end_common *rxd_ppdu_end_common; rxd_ppdu_end_common = ath10k_htt_rx_desc_get_ppdu_end(hw, rxd); /* FIXME: TSF is known only at the end of PPDU, in the last MPDU. This * means all prior MSDUs in a PPDU are reported to mac80211 without the * TSF. Is it worth holding frames until end of PPDU is known? * * FIXME: Can we get/compute 64bit TSF? */ status->mactime = __le32_to_cpu(rxd_ppdu_end_common->tsf_timestamp); status->flag |= RX_FLAG_MACTIME_END; } static void ath10k_htt_rx_h_ppdu(struct ath10k *ar, struct sk_buff_head *amsdu, struct ieee80211_rx_status *status, u32 vdev_id) { struct sk_buff *first; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_attention *rxd_attention; bool is_first_ppdu; bool is_last_ppdu; if (skb_queue_empty(amsdu)) return; first = skb_peek(amsdu); rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)first->data - hw->rx_desc_ops->rx_desc_size); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); is_first_ppdu = !!(rxd_attention->flags & __cpu_to_le32(RX_ATTENTION_FLAGS_FIRST_MPDU)); is_last_ppdu = !!(rxd_attention->flags & __cpu_to_le32(RX_ATTENTION_FLAGS_LAST_MPDU)); if (is_first_ppdu) { /* New PPDU starts so clear out the old per-PPDU status. */ status->freq = 0; status->rate_idx = 0; status->nss = 0; status->encoding = RX_ENC_LEGACY; status->bw = RATE_INFO_BW_20; status->flag &= ~RX_FLAG_MACTIME; status->flag |= RX_FLAG_NO_SIGNAL_VAL; status->flag &= ~(RX_FLAG_AMPDU_IS_LAST); status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN; status->ampdu_reference = ar->ampdu_reference; ath10k_htt_rx_h_signal(ar, status, rxd); ath10k_htt_rx_h_channel(ar, status, rxd, vdev_id); ath10k_htt_rx_h_rates(ar, status, rxd); } if (is_last_ppdu) { ath10k_htt_rx_h_mactime(ar, status, rxd); /* set ampdu last segment flag */ status->flag |= RX_FLAG_AMPDU_IS_LAST; ar->ampdu_reference++; } } static const char * const tid_to_ac[] = { "BE", "BK", "BK", "BE", "VI", "VI", "VO", "VO", }; static char *ath10k_get_tid(struct ieee80211_hdr *hdr, char *out, size_t size) { u8 *qc; int tid; if (!ieee80211_is_data_qos(hdr->frame_control)) return ""; qc = ieee80211_get_qos_ctl(hdr); tid = *qc & IEEE80211_QOS_CTL_TID_MASK; if (tid < 8) snprintf(out, size, "tid %d (%s)", tid, tid_to_ac[tid]); else snprintf(out, size, "tid %d", tid); return out; } static void ath10k_htt_rx_h_queue_msdu(struct ath10k *ar, struct ieee80211_rx_status *rx_status, struct sk_buff *skb) { struct ieee80211_rx_status *status; status = IEEE80211_SKB_RXCB(skb); *status = *rx_status; skb_queue_tail(&ar->htt.rx_msdus_q, skb); } static void ath10k_process_rx(struct ath10k *ar, struct sk_buff *skb) { struct ieee80211_rx_status *status; struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; char tid[32]; status = IEEE80211_SKB_RXCB(skb); if (!(ar->filter_flags & FIF_FCSFAIL) && status->flag & RX_FLAG_FAILED_FCS_CRC) { ar->stats.rx_crc_err_drop++; dev_kfree_skb_any(skb); return; } ath10k_dbg(ar, ATH10K_DBG_DATA, "rx skb %p len %u peer %pM %s %s sn %u %s%s%s%s%s%s %srate_idx %u vht_nss %u fre skb, skb->len, ieee80211_get_SA(hdr), ath10k_get_tid(hdr, tid, sizeof(tid)), is_multicast_ether_addr(ieee80211_get_DA(hdr)) ? "mcast" : "ucast", IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl)), (status->encoding == RX_ENC_LEGACY) ? "legacy" : "", (status->encoding == RX_ENC_HT) ? "ht" : "", (status->encoding == RX_ENC_VHT) ? "vht" : "", (status->bw == RATE_INFO_BW_40) ? "40" : "", (status->bw == RATE_INFO_BW_80) ? "80" : "", (status->bw == RATE_INFO_BW_160) ? "160" : "", status->enc_flags & RX_ENC_FLAG_SHORT_GI ? "sgi " : "", status->rate_idx, status->nss, status->freq, status->band, status->flag, !!(status->flag & RX_FLAG_FAILED_FCS_CRC), !!(status->flag & RX_FLAG_MMIC_ERROR), !!(status->flag & RX_FLAG_AMSDU_MORE)); ath10k_dbg_dump(ar, ATH10K_DBG_HTT_DUMP, NULL, "rx skb: ", skb->data, skb->len); trace_ath10k_rx_hdr(ar, skb->data, skb->len); trace_ath10k_rx_payload(ar, skb->data, skb->len); ieee80211_rx_napi(ar->hw, NULL, skb, &ar->napi); } static int ath10k_htt_rx_nwifi_hdrlen(struct ath10k *ar, struct ieee80211_hdr *hdr) { int len = ieee80211_hdrlen(hdr->frame_control); if (!test_bit(ATH10K_FW_FEATURE_NO_NWIFI_DECAP_4ADDR_PADDING, ar->running_fw->fw_file.fw_features)) len = round_up(len, 4); return len; } static void ath10k_htt_rx_h_undecap_raw(struct ath10k *ar, struct sk_buff *msdu, struct ieee80211_rx_status *status, enum htt_rx_mpdu_encrypt_type enctype, bool is_decrypted, const u8 first_hdr[64]) { struct ieee80211_hdr *hdr; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_msdu_end_common *rxd_msdu_end_common; size_t hdr_len; size_t crypto_len; bool is_first; bool is_last; bool msdu_limit_err; int bytes_aligned = ar->hw_params.decap_align_bytes; u8 *qos; rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd); is_first = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)); is_last = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU)); /* Delivered decapped frame: * [802.11 header] * [crypto param] <-- can be trimmed if !fcs_err && * !decrypt_err && !peer_idx_invalid * [amsdu header] <-- only if A-MSDU * [rfc1042/llc] * [payload] * [FCS] <-- at end, needs to be trimmed */ /* Some hardwares(QCA99x0 variants) limit number of msdus in a-msdu when * deaggregate, so that unwanted MSDU-deaggregation is avoided for * error packets. If limit exceeds, hw sends all remaining MSDUs as * a single last MSDU with this msdu limit error set. */ msdu_limit_err = ath10k_htt_rx_desc_msdu_limit_error(hw, rxd); /* If MSDU limit error happens, then don't warn on, the partial raw MSDU * without first MSDU is expected in that case, and handled later here. */ /* This probably shouldn't happen but warn just in case */ if (WARN_ON_ONCE(!is_first && !msdu_limit_err)) return; /* This probably shouldn't happen but warn just in case */ if (WARN_ON_ONCE(!(is_first && is_last) && !msdu_limit_err)) return; skb_trim(msdu, msdu->len - FCS_LEN); /* Push original 80211 header */ if (unlikely(msdu_limit_err)) { hdr = (struct ieee80211_hdr *)first_hdr; hdr_len = ieee80211_hdrlen(hdr->frame_control); crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); if (ieee80211_is_data_qos(hdr->frame_control)) { qos = ieee80211_get_qos_ctl(hdr); qos[0] |= IEEE80211_QOS_CTL_A_MSDU_PRESENT; } if (crypto_len) memcpy(skb_push(msdu, crypto_len), (void *)hdr + round_up(hdr_len, bytes_aligned), crypto_len); memcpy(skb_push(msdu, hdr_len), hdr, hdr_len); } /* In most cases this will be true for sniffed frames. It makes sense * to deliver them as-is without stripping the crypto param. This is * necessary for software based decryption. * * If there's no error then the frame is decrypted. At least that is * the case for frames that come in via fragmented rx indication. */ if (!is_decrypted) return; /* The payload is decrypted so strip crypto params. Start from tail * since hdr is used to compute some stuff. */ hdr = (void *)msdu->data; /* Tail */ if (status->flag & RX_FLAG_IV_STRIPPED) { skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_mic_len(ar, enctype)); skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_icv_len(ar, enctype)); } else { /* MIC */ if (status->flag & RX_FLAG_MIC_STRIPPED) skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_mic_len(ar, enctype)); /* ICV */ if (status->flag & RX_FLAG_ICV_STRIPPED) skb_trim(msdu, msdu->len - ath10k_htt_rx_crypto_icv_len(ar, enctype)); } /* MMIC */ if ((status->flag & RX_FLAG_MMIC_STRIPPED) && !ieee80211_has_morefrags(hdr->frame_control) && enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA) skb_trim(msdu, msdu->len - MICHAEL_MIC_LEN); /* Head */ if (status->flag & RX_FLAG_IV_STRIPPED) { hdr_len = ieee80211_hdrlen(hdr->frame_control); crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); memmove((void *)msdu->data + crypto_len, (void *)msdu->data, hdr_len); skb_pull(msdu, crypto_len); } } static void ath10k_htt_rx_h_undecap_nwifi(struct ath10k *ar, struct sk_buff *msdu, struct ieee80211_rx_status *status, const u8 first_hdr[64], enum htt_rx_mpdu_encrypt_type enctype) { struct ath10k_hw_params *hw = &ar->hw_params; struct ieee80211_hdr *hdr; struct htt_rx_desc *rxd; size_t hdr_len; u8 da[ETH_ALEN]; u8 sa[ETH_ALEN]; int l3_pad_bytes; int bytes_aligned = ar->hw_params.decap_align_bytes; /* Delivered decapped frame: * [nwifi 802.11 header] <-- replaced with 802.11 hdr * [rfc1042/llc] * * Note: The nwifi header doesn't have QoS Control and is * (always?) a 3addr frame. * * Note2: There's no A-MSDU subframe header. Even if it's part * of an A-MSDU. */ /* pull decapped header and copy SA & DA */ rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd); skb_put(msdu, l3_pad_bytes); hdr = (struct ieee80211_hdr *)(msdu->data + l3_pad_bytes); hdr_len = ath10k_htt_rx_nwifi_hdrlen(ar, hdr); ether_addr_copy(da, ieee80211_get_DA(hdr)); ether_addr_copy(sa, ieee80211_get_SA(hdr)); skb_pull(msdu, hdr_len); /* push original 802.11 header */ hdr = (struct ieee80211_hdr *)first_hdr; hdr_len = ieee80211_hdrlen(hdr->frame_control); if (!(status->flag & RX_FLAG_IV_STRIPPED)) { memcpy(skb_push(msdu, ath10k_htt_rx_crypto_param_len(ar, enctype)), (void *)hdr + round_up(hdr_len, bytes_aligned), ath10k_htt_rx_crypto_param_len(ar, enctype)); } memcpy(skb_push(msdu, hdr_len), hdr, hdr_len); /* original 802.11 header has a different DA and in * case of 4addr it may also have different SA */ hdr = (struct ieee80211_hdr *)msdu->data; ether_addr_copy(ieee80211_get_DA(hdr), da); ether_addr_copy(ieee80211_get_SA(hdr), sa); } static void *ath10k_htt_rx_h_find_rfc1042(struct ath10k *ar, struct sk_buff *msdu, enum htt_rx_mpdu_encrypt_type enctype) { struct ieee80211_hdr *hdr; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_msdu_end_common *rxd_msdu_end_common; u8 *rxd_rx_hdr_status; size_t hdr_len, crypto_len; void *rfc1042; bool is_first, is_last, is_amsdu; int bytes_aligned = ar->hw_params.decap_align_bytes; rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd); rxd_rx_hdr_status = ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd); hdr = (void *)rxd_rx_hdr_status; is_first = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)); is_last = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU)); is_amsdu = !(is_first && is_last); rfc1042 = hdr; if (is_first) { hdr_len = ieee80211_hdrlen(hdr->frame_control); crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); rfc1042 += round_up(hdr_len, bytes_aligned) + round_up(crypto_len, bytes_aligned); } if (is_amsdu) rfc1042 += sizeof(struct amsdu_subframe_hdr); return rfc1042; } static void ath10k_htt_rx_h_undecap_eth(struct ath10k *ar, struct sk_buff *msdu, struct ieee80211_rx_status *status, const u8 first_hdr[64], enum htt_rx_mpdu_encrypt_type enctype) { struct ath10k_hw_params *hw = &ar->hw_params; struct ieee80211_hdr *hdr; struct ethhdr *eth; size_t hdr_len; void *rfc1042; u8 da[ETH_ALEN]; u8 sa[ETH_ALEN]; int l3_pad_bytes; struct htt_rx_desc *rxd; int bytes_aligned = ar->hw_params.decap_align_bytes; /* Delivered decapped frame: * [eth header] <-- replaced with 802.11 hdr & rfc1042/llc * [payload] */ rfc1042 = ath10k_htt_rx_h_find_rfc1042(ar, msdu, enctype); if (WARN_ON_ONCE(!rfc1042)) return; rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd); skb_put(msdu, l3_pad_bytes); skb_pull(msdu, l3_pad_bytes); /* pull decapped header and copy SA & DA */ eth = (struct ethhdr *)msdu->data; ether_addr_copy(da, eth->h_dest); ether_addr_copy(sa, eth->h_source); skb_pull(msdu, sizeof(struct ethhdr)); /* push rfc1042/llc/snap */ memcpy(skb_push(msdu, sizeof(struct rfc1042_hdr)), rfc1042, sizeof(struct rfc1042_hdr)); /* push original 802.11 header */ hdr = (struct ieee80211_hdr *)first_hdr; hdr_len = ieee80211_hdrlen(hdr->frame_control); if (!(status->flag & RX_FLAG_IV_STRIPPED)) { memcpy(skb_push(msdu, ath10k_htt_rx_crypto_param_len(ar, enctype)), (void *)hdr + round_up(hdr_len, bytes_aligned), ath10k_htt_rx_crypto_param_len(ar, enctype)); } memcpy(skb_push(msdu, hdr_len), hdr, hdr_len); /* original 802.11 header has a different DA and in * case of 4addr it may also have different SA */ hdr = (struct ieee80211_hdr *)msdu->data; ether_addr_copy(ieee80211_get_DA(hdr), da); ether_addr_copy(ieee80211_get_SA(hdr), sa); } static void ath10k_htt_rx_h_undecap_snap(struct ath10k *ar, struct sk_buff *msdu, struct ieee80211_rx_status *status, const u8 first_hdr[64], enum htt_rx_mpdu_encrypt_type enctype) { struct ath10k_hw_params *hw = &ar->hw_params; struct ieee80211_hdr *hdr; size_t hdr_len; int l3_pad_bytes; struct htt_rx_desc *rxd; int bytes_aligned = ar->hw_params.decap_align_bytes; /* Delivered decapped frame: * [amsdu header] <-- replaced with 802.11 hdr * [rfc1042/llc] * [payload] */ rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); l3_pad_bytes = ath10k_htt_rx_desc_get_l3_pad_bytes(&ar->hw_params, rxd); skb_put(msdu, l3_pad_bytes); skb_pull(msdu, sizeof(struct amsdu_subframe_hdr) + l3_pad_bytes); hdr = (struct ieee80211_hdr *)first_hdr; hdr_len = ieee80211_hdrlen(hdr->frame_control); if (!(status->flag & RX_FLAG_IV_STRIPPED)) { memcpy(skb_push(msdu, ath10k_htt_rx_crypto_param_len(ar, enctype)), (void *)hdr + round_up(hdr_len, bytes_aligned), ath10k_htt_rx_crypto_param_len(ar, enctype)); } memcpy(skb_push(msdu, hdr_len), hdr, hdr_len); } static void ath10k_htt_rx_h_undecap(struct ath10k *ar, struct sk_buff *msdu, struct ieee80211_rx_status *status, u8 first_hdr[64], enum htt_rx_mpdu_encrypt_type enctype, bool is_decrypted) { struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_msdu_start_common *rxd_msdu_start_common; enum rx_msdu_decap_format decap; /* First msdu's decapped header: * [802.11 header] <-- padded to 4 bytes long * [crypto param] <-- padded to 4 bytes long * [amsdu header] <-- only if A-MSDU * [rfc1042/llc] * * Other (2nd, 3rd, ..) msdu's decapped header: * [amsdu header] <-- only if A-MSDU * [rfc1042/llc] */ rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)msdu->data - hw->rx_desc_ops->rx_desc_size); rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd); decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1), RX_MSDU_START_INFO1_DECAP_FORMAT); switch (decap) { case RX_MSDU_DECAP_RAW: ath10k_htt_rx_h_undecap_raw(ar, msdu, status, enctype, is_decrypted, first_hdr); break; case RX_MSDU_DECAP_NATIVE_WIFI: ath10k_htt_rx_h_undecap_nwifi(ar, msdu, status, first_hdr, enctype); break; case RX_MSDU_DECAP_ETHERNET2_DIX: ath10k_htt_rx_h_undecap_eth(ar, msdu, status, first_hdr, enctype); break; case RX_MSDU_DECAP_8023_SNAP_LLC: ath10k_htt_rx_h_undecap_snap(ar, msdu, status, first_hdr, enctype); break; } } static int ath10k_htt_rx_get_csum_state(struct ath10k_hw_params *hw, struct sk_buff *sk { struct htt_rx_desc *rxd; struct rx_attention *rxd_attention; struct rx_msdu_start_common *rxd_msdu_start_common; u32 flags, info; bool is_ip4, is_ip6; bool is_tcp, is_udp; bool ip_csum_ok, tcpudp_csum_ok; rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)skb->data - hw->rx_desc_ops->rx_desc_size); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd); flags = __le32_to_cpu(rxd_attention->flags); info = __le32_to_cpu(rxd_msdu_start_common->info1); is_ip4 = !!(info & RX_MSDU_START_INFO1_IPV4_PROTO); is_ip6 = !!(info & RX_MSDU_START_INFO1_IPV6_PROTO); is_tcp = !!(info & RX_MSDU_START_INFO1_TCP_PROTO); is_udp = !!(info & RX_MSDU_START_INFO1_UDP_PROTO); ip_csum_ok = !(flags & RX_ATTENTION_FLAGS_IP_CHKSUM_FAIL); tcpudp_csum_ok = !(flags & RX_ATTENTION_FLAGS_TCP_UDP_CHKSUM_FAIL); if (!is_ip4 && !is_ip6) return CHECKSUM_NONE; if (!is_tcp && !is_udp) return CHECKSUM_NONE; if (!ip_csum_ok) return CHECKSUM_NONE; if (!tcpudp_csum_ok) return CHECKSUM_NONE; return CHECKSUM_UNNECESSARY; } static void ath10k_htt_rx_h_csum_offload(struct ath10k_hw_params *hw, struct sk_buff *msdu) { msdu->ip_summed = ath10k_htt_rx_get_csum_state(hw, msdu); } static u64 ath10k_htt_rx_h_get_pn(struct ath10k *ar, struct sk_buff *skb, enum htt_rx_mpdu_encrypt_type enctype) { struct ieee80211_hdr *hdr; u64 pn = 0; u8 *ehdr; hdr = (struct ieee80211_hdr *)skb->data; ehdr = skb->data + ieee80211_hdrlen(hdr->frame_control); if (enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) { pn = ehdr[0]; pn |= (u64)ehdr[1] << 8; pn |= (u64)ehdr[4] << 16; pn |= (u64)ehdr[5] << 24; pn |= (u64)ehdr[6] << 32; pn |= (u64)ehdr[7] << 40; } return pn; } static bool ath10k_htt_rx_h_frag_multicast_check(struct ath10k *ar, struct sk_buff *skb) { struct ieee80211_hdr *hdr; hdr = (struct ieee80211_hdr *)skb->data; return !is_multicast_ether_addr(hdr->addr1); } static bool ath10k_htt_rx_h_frag_pn_check(struct ath10k *ar, struct sk_buff *skb, u16 peer_id, enum htt_rx_mpdu_encrypt_type enctype) { struct ath10k_peer *peer; union htt_rx_pn_t *last_pn, new_pn = {}; struct ieee80211_hdr *hdr; u8 tid, frag_number; u32 seq; peer = ath10k_peer_find_by_id(ar, peer_id); if (!peer) { ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid peer for frag pn check\n"); return false; } hdr = (struct ieee80211_hdr *)skb->data; if (ieee80211_is_data_qos(hdr->frame_control)) tid = ieee80211_get_tid(hdr); else tid = ATH10K_TXRX_NON_QOS_TID; last_pn = &peer->frag_tids_last_pn[tid]; new_pn.pn48 = ath10k_htt_rx_h_get_pn(ar, skb, enctype); frag_number = le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG; seq = IEEE80211_SEQ_TO_SN(__le16_to_cpu(hdr->seq_ctrl)); if (frag_number == 0) { last_pn->pn48 = new_pn.pn48; peer->frag_tids_seq[tid] = seq; } else { if (seq != peer->frag_tids_seq[tid]) return false; if (new_pn.pn48 != last_pn->pn48 + 1) return false; last_pn->pn48 = new_pn.pn48; } return true; } static void ath10k_htt_rx_h_mpdu(struct ath10k *ar, struct sk_buff_head *amsdu, struct ieee80211_rx_status *status, bool fill_crypt_header, u8 *rx_hdr, enum ath10k_pkt_rx_err *err, u16 peer_id, bool frag) { struct sk_buff *first; struct sk_buff *last; struct sk_buff *msdu, *temp; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_attention *rxd_attention; struct rx_mpdu_start *rxd_mpdu_start; struct ieee80211_hdr *hdr; enum htt_rx_mpdu_encrypt_type enctype; u8 first_hdr[64]; u8 *qos; bool has_fcs_err; bool has_crypto_err; bool has_tkip_err; bool has_peer_idx_invalid; bool is_decrypted; bool is_mgmt; u32 attention; bool frag_pn_check = true, multicast_check = true; if (skb_queue_empty(amsdu)) return; first = skb_peek(amsdu); rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)first->data - hw->rx_desc_ops->rx_desc_size); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd); is_mgmt = !!(rxd_attention->flags & __cpu_to_le32(RX_ATTENTION_FLAGS_MGMT_TYPE)); enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0), RX_MPDU_START_INFO0_ENCRYPT_TYPE); /* First MSDU's Rx descriptor in an A-MSDU contains full 802.11 * decapped header. It'll be used for undecapping of each MSDU. */ hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd); memcpy(first_hdr, hdr, RX_HTT_HDR_STATUS_LEN); if (rx_hdr) memcpy(rx_hdr, hdr, RX_HTT_HDR_STATUS_LEN); /* Each A-MSDU subframe will use the original header as the base and be * reported as a separate MSDU so strip the A-MSDU bit from QoS Ctl. */ hdr = (void *)first_hdr; if (ieee80211_is_data_qos(hdr->frame_control)) { qos = ieee80211_get_qos_ctl(hdr); qos[0] &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT; } /* Some attention flags are valid only in the last MSDU. */ last = skb_peek_tail(amsdu); rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)last->data - hw->rx_desc_ops->rx_desc_size); rxd_attention = ath10k_htt_rx_desc_get_attention(hw, rxd); attention = __le32_to_cpu(rxd_attention->flags); has_fcs_err = !!(attention & RX_ATTENTION_FLAGS_FCS_ERR); has_crypto_err = !!(attention & RX_ATTENTION_FLAGS_DECRYPT_ERR); has_tkip_err = !!(attention & RX_ATTENTION_FLAGS_TKIP_MIC_ERR); has_peer_idx_invalid = !!(attention & RX_ATTENTION_FLAGS_PEER_IDX_INVALID); /* Note: If hardware captures an encrypted frame that it can't decrypt, * e.g. due to fcs error, missing peer or invalid key data it will * report the frame as raw. */ is_decrypted = (enctype != HTT_RX_MPDU_ENCRYPT_NONE && !has_fcs_err && !has_crypto_err && !has_peer_idx_invalid); /* Clear per-MPDU flags while leaving per-PPDU flags intact. */ status->flag &= ~(RX_FLAG_FAILED_FCS_CRC | RX_FLAG_MMIC_ERROR | RX_FLAG_DECRYPTED | RX_FLAG_IV_STRIPPED | RX_FLAG_ONLY_MONITOR | RX_FLAG_MMIC_STRIPPED); if (has_fcs_err) status->flag |= RX_FLAG_FAILED_FCS_CRC; if (has_tkip_err) status->flag |= RX_FLAG_MMIC_ERROR; if (err) { if (has_fcs_err) *err = ATH10K_PKT_RX_ERR_FCS; else if (has_tkip_err) *err = ATH10K_PKT_RX_ERR_TKIP; else if (has_crypto_err) *err = ATH10K_PKT_RX_ERR_CRYPT; else if (has_peer_idx_invalid) *err = ATH10K_PKT_RX_ERR_PEER_IDX_INVAL; } /* Firmware reports all necessary management frames via WMI already. * They are not reported to monitor interfaces at all so pass the ones * coming via HTT to monitor interfaces instead. This simplifies * matters a lot. */ if (is_mgmt) status->flag |= RX_FLAG_ONLY_MONITOR; if (is_decrypted) { status->flag |= RX_FLAG_DECRYPTED; if (likely(!is_mgmt)) status->flag |= RX_FLAG_MMIC_STRIPPED; if (fill_crypt_header) status->flag |= RX_FLAG_MIC_STRIPPED | RX_FLAG_ICV_STRIPPED; else status->flag |= RX_FLAG_IV_STRIPPED; } skb_queue_walk(amsdu, msdu) { if (frag && !fill_crypt_header && is_decrypted && enctype == HTT_RX_MPDU_ENCRYPT_AES_CCM_WPA2) frag_pn_check = ath10k_htt_rx_h_frag_pn_check(ar, msdu, peer_id, enctype); if (frag) multicast_check = ath10k_htt_rx_h_frag_multicast_check(ar, msdu); if (!frag_pn_check || !multicast_check) { /* Discard the fragment with invalid PN or multicast DA */ temp = msdu->prev; __skb_unlink(msdu, amsdu); dev_kfree_skb_any(msdu); msdu = temp; frag_pn_check = true; multicast_check = true; continue; } ath10k_htt_rx_h_csum_offload(&ar->hw_params, msdu); if (frag && !fill_crypt_header && enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA) status->flag &= ~RX_FLAG_MMIC_STRIPPED; ath10k_htt_rx_h_undecap(ar, msdu, status, first_hdr, enctype, is_decrypted); /* Undecapping involves copying the original 802.11 header back * to sk_buff. If frame is protected and hardware has decrypted * it then remove the protected bit. */ if (!is_decrypted) continue; if (is_mgmt) continue; if (fill_crypt_header) continue; hdr = (void *)msdu->data; hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED); if (frag && !fill_crypt_header && enctype == HTT_RX_MPDU_ENCRYPT_TKIP_WPA) status->flag &= ~RX_FLAG_IV_STRIPPED & ~RX_FLAG_MMIC_STRIPPED; } } static void ath10k_htt_rx_h_enqueue(struct ath10k *ar, struct sk_buff_head *amsdu, struct ieee80211_rx_status *status) { struct sk_buff *msdu; struct sk_buff *first_subframe; first_subframe = skb_peek(amsdu); while ((msdu = __skb_dequeue(amsdu))) { /* Setup per-MSDU flags */ if (skb_queue_empty(amsdu)) status->flag &= ~RX_FLAG_AMSDU_MORE; else status->flag |= RX_FLAG_AMSDU_MORE; if (msdu == first_subframe) { first_subframe = NULL; status->flag &= ~RX_FLAG_ALLOW_SAME_PN; } else { status->flag |= RX_FLAG_ALLOW_SAME_PN; } ath10k_htt_rx_h_queue_msdu(ar, status, msdu); } } static int ath10k_unchain_msdu(struct sk_buff_head *amsdu, unsigned long *unchain_cnt) { struct sk_buff *skb, *first; int space; int total_len = 0; int amsdu_len = skb_queue_len(amsdu); /* TODO: Might could optimize this by using * skb_try_coalesce or similar method to * decrease copying, or maybe get mac80211 to * provide a way to just receive a list of * skb? */ first = __skb_dequeue(amsdu); /* Allocate total length all at once. */ skb_queue_walk(amsdu, skb) total_len += skb->len; space = total_len - skb_tailroom(first); if ((space > 0) && (pskb_expand_head(first, 0, space, GFP_ATOMIC) < 0)) { /* TODO: bump some rx-oom error stat */ /* put it back together so we can free the * whole list at once. */ __skb_queue_head(amsdu, first); return -1; } /* Walk list again, copying contents into * msdu_head */ while ((skb = __skb_dequeue(amsdu))) { skb_copy_from_linear_data(skb, skb_put(first, skb->len), skb->len); dev_kfree_skb_any(skb); } __skb_queue_head(amsdu, first); *unchain_cnt += amsdu_len - 1; return 0; } static void ath10k_htt_rx_h_unchain(struct ath10k *ar, struct sk_buff_head *amsdu, unsigned long *drop_cnt, unsigned long *unchain_cnt) { struct sk_buff *first; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_msdu_start_common *rxd_msdu_start_common; struct rx_frag_info_common *rxd_frag_info; enum rx_msdu_decap_format decap; first = skb_peek(amsdu); rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)first->data - hw->rx_desc_ops->rx_desc_size); rxd_msdu_start_common = ath10k_htt_rx_desc_get_msdu_start(hw, rxd); rxd_frag_info = ath10k_htt_rx_desc_get_frag_info(hw, rxd); decap = MS(__le32_to_cpu(rxd_msdu_start_common->info1), RX_MSDU_START_INFO1_DECAP_FORMAT); /* FIXME: Current unchaining logic can only handle simple case of raw * msdu chaining. If decapping is other than raw the chaining may be * more complex and this isn't handled by the current code. Don't even * try re-constructing such frames - it'll be pretty much garbage. */ if (decap != RX_MSDU_DECAP_RAW || skb_queue_len(amsdu) != 1 + rxd_frag_info->ring2_more_count) { *drop_cnt += skb_queue_len(amsdu); __skb_queue_purge(amsdu); return; } ath10k_unchain_msdu(amsdu, unchain_cnt); } static bool ath10k_htt_rx_validate_amsdu(struct ath10k *ar, struct sk_buff_head *amsdu) { u8 *subframe_hdr; struct sk_buff *first; bool is_first, is_last; struct ath10k_hw_params *hw = &ar->hw_params; struct htt_rx_desc *rxd; struct rx_msdu_end_common *rxd_msdu_end_common; struct rx_mpdu_start *rxd_mpdu_start; struct ieee80211_hdr *hdr; size_t hdr_len, crypto_len; enum htt_rx_mpdu_encrypt_type enctype; int bytes_aligned = ar->hw_params.decap_align_bytes; first = skb_peek(amsdu); rxd = HTT_RX_BUF_TO_RX_DESC(hw, (void *)first->data - hw->rx_desc_ops->rx_desc_size); rxd_msdu_end_common = ath10k_htt_rx_desc_get_msdu_end(hw, rxd); rxd_mpdu_start = ath10k_htt_rx_desc_get_mpdu_start(hw, rxd); hdr = (void *)ath10k_htt_rx_desc_get_rx_hdr_status(hw, rxd); is_first = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_FIRST_MSDU)); is_last = !!(rxd_msdu_end_common->info0 & __cpu_to_le32(RX_MSDU_END_INFO0_LAST_MSDU)); /* Return in case of non-aggregated msdu */ if (is_first && is_last) return true; /* First msdu flag is not set for the first msdu of the list */ if (!is_first) return false; enctype = MS(__le32_to_cpu(rxd_mpdu_start->info0), RX_MPDU_START_INFO0_ENCRYPT_TYPE); hdr_len = ieee80211_hdrlen(hdr->frame_control); crypto_len = ath10k_htt_rx_crypto_param_len(ar, enctype); subframe_hdr = (u8 *)hdr + round_up(hdr_len, bytes_aligned) + crypto_len; /* Validate if the amsdu has a proper first subframe. * There are chances a single msdu can be received as amsdu when * the unauthenticated amsdu flag of a QoS header * gets flipped in non-SPP AMSDU's, in such cases the first * subframe has llc/snap header in place of a valid da. * return false if the da matches rfc1042 pattern */ if (ether_addr_equal(subframe_hdr, rfc1042_header)) return false; return true; } static bool ath10k_htt_rx_amsdu_allowed(struct ath10k *ar, struct sk_buff_head *amsdu, struct ieee80211_rx_status *rx_status) { if (!rx_status->freq) { ath10k_dbg(ar, ATH10K_DBG_HTT, "no channel configured; ignoring frame(s)!\n"); return false; } if (test_bit(ATH10K_CAC_RUNNING, &ar->dev_flags)) { ath10k_dbg(ar, ATH10K_DBG_HTT, "htt rx cac running\n"); return false; } if (!ath10k_htt_rx_validate_amsdu(ar, amsdu)) { ath10k_dbg(ar, ATH10K_DBG_HTT, "invalid amsdu received\n"); return false; } return true; } static void ath10k_htt_rx_h_filter(struct ath10k *ar, struct sk_buff_head *amsdu, struct ieee80211_rx_status *rx_status, unsigned long *drop_cnt) { if (skb_queue_empty(amsdu)) return; if (ath10k_htt_rx_amsdu_allowed(ar, amsdu, rx_status)) return; if (drop_cnt) *drop_cnt += skb_queue_len(amsdu); __skb_queue_purge(amsdu); } static int ath10k_htt_rx_handle_amsdu(struct ath10k_htt *htt) { struct ath10k *ar = htt->ar; struct ieee80211_rx_status *rx_status = &htt->rx_status; struct sk_buff_head amsdu; int ret; unsigned long drop_cnt = 0; unsigned long unchain_cnt = 0; unsigned long drop_cnt_filter = 0; unsigned long msdus_to_queue, num_msdus; enum ath10k_pkt_rx_err err = ATH10K_PKT_RX_ERR_MAX; u8 first_hdr[RX_HTT_HDR_STATUS_LEN]; __skb_queue_head_init(&amsdu); spin_lock_bh(&htt->rx_ring.lock); if (htt->rx_confused) { spin_unlock_bh(&htt->rx_ring.lock); return -EIO; } ret = ath10k_htt_rx_amsdu_pop(htt, &amsdu); spin_unlock_bh(&htt->rx_ring.lock); if (ret < 0) { ath10k_warn(ar, "rx ring became corrupted: %d\n", ret); __skb_queue_purge(&amsdu); /* FIXME: It's probably a good idea to reboot the * device instead of leaving it inoperable. */ htt->rx_confused = true; return ret; } num_msdus = skb_queue_len(&amsdu); --> -------------------- --> maximum size reached --> --------------------
¤ Dauer der Verarbeitung: 0.11 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-06