1 // SPDX-License-Identifier: BSD-3-Clause-Clear 2 /* 3 * Copyright (C) 2022 MediaTek Inc. 4 */ 5 6 #include <linux/etherdevice.h> 7 #include <linux/timekeeping.h> 8 #include "coredump.h" 9 #include "mt7996.h" 10 #include "../dma.h" 11 #include "mac.h" 12 #include "mcu.h" 13 14 #define to_rssi(field, rcpi) ((FIELD_GET(field, rcpi) - 220) / 2) 15 16 static struct mt76_wcid *mt7996_rx_get_wcid(struct mt7996_dev *dev, 17 u16 idx, u8 band_idx) 18 { 19 struct mt7996_sta_link *msta_link; 20 struct mt7996_sta *msta; 21 struct mt7996_vif *mvif; 22 struct mt76_wcid *wcid; 23 int i; 24 25 wcid = mt76_wcid_ptr(dev, idx); 26 if (!wcid || !wcid->sta) 27 return NULL; 28 29 if (!mt7996_band_valid(dev, band_idx)) 30 return NULL; 31 32 if (wcid->phy_idx == band_idx) 33 return wcid; 34 35 msta_link = container_of(wcid, struct mt7996_sta_link, wcid); 36 msta = msta_link->sta; 37 if (!msta || !msta->vif) 38 return NULL; 39 40 mvif = msta->vif; 41 for (i = 0; i < ARRAY_SIZE(mvif->mt76.link); i++) { 42 struct mt76_vif_link *mlink; 43 44 mlink = rcu_dereference(mvif->mt76.link[i]); 45 if (!mlink) 46 continue; 47 48 if (mlink->band_idx != band_idx) 49 continue; 50 51 msta_link = mt7996_sta_link(msta, i); 52 break; 53 } 54 55 return &msta_link->wcid; 56 } 57 58 bool mt7996_mac_wtbl_update(struct mt7996_dev *dev, int idx, u32 mask) 59 { 60 mt76_rmw(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_WLAN_IDX, 61 FIELD_PREP(MT_WTBL_UPDATE_WLAN_IDX, idx) | mask); 62 63 return mt76_poll(dev, MT_WTBL_UPDATE, MT_WTBL_UPDATE_BUSY, 64 0, 5000); 65 } 66 67 u32 mt7996_mac_wtbl_lmac_addr(struct mt7996_dev *dev, u16 wcid, u8 dw) 68 { 69 mt76_wr(dev, MT_WTBLON_TOP_WDUCR, 70 FIELD_PREP(MT_WTBLON_TOP_WDUCR_GROUP, (wcid >> 7))); 71 72 return MT_WTBL_LMAC_OFFS(wcid, dw); 73 } 74 75 static void mt7996_mac_sta_poll(struct mt7996_dev *dev) 76 { 77 static const u8 ac_to_tid[] = { 78 [IEEE80211_AC_BE] = 0, 79 [IEEE80211_AC_BK] = 1, 80 [IEEE80211_AC_VI] = 4, 81 [IEEE80211_AC_VO] = 6 82 }; 83 struct mt7996_sta_link *msta_link; 84 struct mt76_vif_link *mlink; 85 struct ieee80211_sta *sta; 86 struct mt7996_sta *msta; 87 u32 tx_time[IEEE80211_NUM_ACS], rx_time[IEEE80211_NUM_ACS]; 88 LIST_HEAD(sta_poll_list); 89 struct mt76_wcid *wcid; 90 int i; 91 92 spin_lock_bh(&dev->mt76.sta_poll_lock); 93 list_splice_init(&dev->mt76.sta_poll_list, &sta_poll_list); 94 spin_unlock_bh(&dev->mt76.sta_poll_lock); 95 96 rcu_read_lock(); 97 98 while (true) { 99 bool clear = false; 100 u32 addr, val; 101 u16 idx; 102 s8 rssi[4]; 103 104 spin_lock_bh(&dev->mt76.sta_poll_lock); 105 if (list_empty(&sta_poll_list)) { 106 spin_unlock_bh(&dev->mt76.sta_poll_lock); 107 break; 108 } 109 msta_link = list_first_entry(&sta_poll_list, 110 struct mt7996_sta_link, 111 wcid.poll_list); 112 msta = msta_link->sta; 113 wcid = &msta_link->wcid; 114 list_del_init(&wcid->poll_list); 115 spin_unlock_bh(&dev->mt76.sta_poll_lock); 116 117 idx = wcid->idx; 118 119 /* refresh peer's airtime reporting */ 120 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 20); 121 122 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 123 u32 tx_last = msta_link->airtime_ac[i]; 124 u32 rx_last = msta_link->airtime_ac[i + 4]; 125 126 msta_link->airtime_ac[i] = mt76_rr(dev, addr); 127 msta_link->airtime_ac[i + 4] = mt76_rr(dev, addr + 4); 128 129 tx_time[i] = msta_link->airtime_ac[i] - tx_last; 130 rx_time[i] = msta_link->airtime_ac[i + 4] - rx_last; 131 132 if ((tx_last | rx_last) & BIT(30)) 133 clear = true; 134 135 addr += 8; 136 } 137 138 if (clear) { 139 mt7996_mac_wtbl_update(dev, idx, 140 MT_WTBL_UPDATE_ADM_COUNT_CLEAR); 141 memset(msta_link->airtime_ac, 0, 142 sizeof(msta_link->airtime_ac)); 143 } 144 145 if (!wcid->sta) 146 continue; 147 148 sta = container_of((void *)msta, struct ieee80211_sta, 149 drv_priv); 150 for (i = 0; i < IEEE80211_NUM_ACS; i++) { 151 u8 q = mt76_connac_lmac_mapping(i); 152 u32 tx_cur = tx_time[q]; 153 u32 rx_cur = rx_time[q]; 154 u8 tid = ac_to_tid[i]; 155 156 if (!tx_cur && !rx_cur) 157 continue; 158 159 ieee80211_sta_register_airtime(sta, tid, tx_cur, rx_cur); 160 } 161 162 /* get signal strength of resp frames (CTS/BA/ACK) */ 163 addr = mt7996_mac_wtbl_lmac_addr(dev, idx, 34); 164 val = mt76_rr(dev, addr); 165 166 rssi[0] = to_rssi(GENMASK(7, 0), val); 167 rssi[1] = to_rssi(GENMASK(15, 8), val); 168 rssi[2] = to_rssi(GENMASK(23, 16), val); 169 rssi[3] = to_rssi(GENMASK(31, 14), val); 170 171 mlink = rcu_dereference(msta->vif->mt76.link[wcid->link_id]); 172 if (mlink) { 173 struct mt76_phy *mphy = mt76_vif_link_phy(mlink); 174 175 if (mphy) 176 msta_link->ack_signal = 177 mt76_rx_signal(mphy->antenna_mask, 178 rssi); 179 } 180 181 ewma_avg_signal_add(&msta_link->avg_ack_signal, 182 -msta_link->ack_signal); 183 } 184 185 rcu_read_unlock(); 186 } 187 188 /* The HW does not translate the mac header to 802.3 for mesh point */ 189 static int mt7996_reverse_frag0_hdr_trans(struct sk_buff *skb, u16 hdr_gap) 190 { 191 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb; 192 struct ethhdr *eth_hdr = (struct ethhdr *)(skb->data + hdr_gap); 193 struct mt7996_sta_link *msta_link = (void *)status->wcid; 194 struct mt7996_sta *msta = msta_link->sta; 195 struct ieee80211_bss_conf *link_conf; 196 __le32 *rxd = (__le32 *)skb->data; 197 struct ieee80211_sta *sta; 198 struct ieee80211_vif *vif; 199 struct ieee80211_hdr hdr; 200 u16 frame_control; 201 202 if (le32_get_bits(rxd[3], MT_RXD3_NORMAL_ADDR_TYPE) != 203 MT_RXD3_NORMAL_U2M) 204 return -EINVAL; 205 206 if (!(le32_to_cpu(rxd[1]) & MT_RXD1_NORMAL_GROUP_4)) 207 return -EINVAL; 208 209 if (!msta || !msta->vif) 210 return -EINVAL; 211 212 sta = wcid_to_sta(status->wcid); 213 vif = container_of((void *)msta->vif, struct ieee80211_vif, drv_priv); 214 link_conf = rcu_dereference(vif->link_conf[msta_link->wcid.link_id]); 215 if (!link_conf) 216 return -EINVAL; 217 218 /* store the info from RXD and ethhdr to avoid being overridden */ 219 frame_control = le32_get_bits(rxd[8], MT_RXD8_FRAME_CONTROL); 220 hdr.frame_control = cpu_to_le16(frame_control); 221 hdr.seq_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_SEQ_CTRL)); 222 hdr.duration_id = 0; 223 224 ether_addr_copy(hdr.addr1, vif->addr); 225 ether_addr_copy(hdr.addr2, sta->addr); 226 switch (frame_control & (IEEE80211_FCTL_TODS | 227 IEEE80211_FCTL_FROMDS)) { 228 case 0: 229 ether_addr_copy(hdr.addr3, link_conf->bssid); 230 break; 231 case IEEE80211_FCTL_FROMDS: 232 ether_addr_copy(hdr.addr3, eth_hdr->h_source); 233 break; 234 case IEEE80211_FCTL_TODS: 235 ether_addr_copy(hdr.addr3, eth_hdr->h_dest); 236 break; 237 case IEEE80211_FCTL_TODS | IEEE80211_FCTL_FROMDS: 238 ether_addr_copy(hdr.addr3, eth_hdr->h_dest); 239 ether_addr_copy(hdr.addr4, eth_hdr->h_source); 240 break; 241 default: 242 return -EINVAL; 243 } 244 245 skb_pull(skb, hdr_gap + sizeof(struct ethhdr) - 2); 246 if (eth_hdr->h_proto == cpu_to_be16(ETH_P_AARP) || 247 eth_hdr->h_proto == cpu_to_be16(ETH_P_IPX)) 248 ether_addr_copy(skb_push(skb, ETH_ALEN), bridge_tunnel_header); 249 else if (be16_to_cpu(eth_hdr->h_proto) >= ETH_P_802_3_MIN) 250 ether_addr_copy(skb_push(skb, ETH_ALEN), rfc1042_header); 251 else 252 skb_pull(skb, 2); 253 254 if (ieee80211_has_order(hdr.frame_control)) 255 memcpy(skb_push(skb, IEEE80211_HT_CTL_LEN), &rxd[11], 256 IEEE80211_HT_CTL_LEN); 257 if (ieee80211_is_data_qos(hdr.frame_control)) { 258 __le16 qos_ctrl; 259 260 qos_ctrl = cpu_to_le16(le32_get_bits(rxd[10], MT_RXD10_QOS_CTL)); 261 memcpy(skb_push(skb, IEEE80211_QOS_CTL_LEN), &qos_ctrl, 262 IEEE80211_QOS_CTL_LEN); 263 } 264 265 if (ieee80211_has_a4(hdr.frame_control)) 266 memcpy(skb_push(skb, sizeof(hdr)), &hdr, sizeof(hdr)); 267 else 268 memcpy(skb_push(skb, sizeof(hdr) - 6), &hdr, sizeof(hdr) - 6); 269 270 return 0; 271 } 272 273 static int 274 mt7996_mac_fill_rx_rate(struct mt7996_dev *dev, 275 struct mt76_rx_status *status, 276 struct ieee80211_supported_band *sband, 277 __le32 *rxv, u8 *mode) 278 { 279 u32 v0, v2; 280 u8 stbc, gi, bw, dcm, nss; 281 int i, idx; 282 bool cck = false; 283 284 v0 = le32_to_cpu(rxv[0]); 285 v2 = le32_to_cpu(rxv[2]); 286 287 idx = FIELD_GET(MT_PRXV_TX_RATE, v0); 288 i = idx; 289 nss = FIELD_GET(MT_PRXV_NSTS, v0) + 1; 290 291 stbc = FIELD_GET(MT_PRXV_HT_STBC, v2); 292 gi = FIELD_GET(MT_PRXV_HT_SHORT_GI, v2); 293 *mode = FIELD_GET(MT_PRXV_TX_MODE, v2); 294 dcm = FIELD_GET(MT_PRXV_DCM, v2); 295 bw = FIELD_GET(MT_PRXV_FRAME_MODE, v2); 296 297 switch (*mode) { 298 case MT_PHY_TYPE_CCK: 299 cck = true; 300 fallthrough; 301 case MT_PHY_TYPE_OFDM: 302 i = mt76_get_rate(&dev->mt76, sband, i, cck); 303 break; 304 case MT_PHY_TYPE_HT_GF: 305 case MT_PHY_TYPE_HT: 306 status->encoding = RX_ENC_HT; 307 if (gi) 308 status->enc_flags |= RX_ENC_FLAG_SHORT_GI; 309 if (i > 31) 310 return -EINVAL; 311 break; 312 case MT_PHY_TYPE_VHT: 313 status->nss = nss; 314 status->encoding = RX_ENC_VHT; 315 if (gi) 316 status->enc_flags |= RX_ENC_FLAG_SHORT_GI; 317 if (i > 11) 318 return -EINVAL; 319 break; 320 case MT_PHY_TYPE_HE_MU: 321 case MT_PHY_TYPE_HE_SU: 322 case MT_PHY_TYPE_HE_EXT_SU: 323 case MT_PHY_TYPE_HE_TB: 324 status->nss = nss; 325 status->encoding = RX_ENC_HE; 326 i &= GENMASK(3, 0); 327 328 if (gi <= NL80211_RATE_INFO_HE_GI_3_2) 329 status->he_gi = gi; 330 331 status->he_dcm = dcm; 332 break; 333 case MT_PHY_TYPE_EHT_SU: 334 case MT_PHY_TYPE_EHT_TRIG: 335 case MT_PHY_TYPE_EHT_MU: 336 status->nss = nss; 337 status->encoding = RX_ENC_EHT; 338 i &= GENMASK(3, 0); 339 340 if (gi <= NL80211_RATE_INFO_EHT_GI_3_2) 341 status->eht.gi = gi; 342 break; 343 default: 344 return -EINVAL; 345 } 346 status->rate_idx = i; 347 348 switch (bw) { 349 case IEEE80211_STA_RX_BW_20: 350 break; 351 case IEEE80211_STA_RX_BW_40: 352 if (*mode & MT_PHY_TYPE_HE_EXT_SU && 353 (idx & MT_PRXV_TX_ER_SU_106T)) { 354 status->bw = RATE_INFO_BW_HE_RU; 355 status->he_ru = 356 NL80211_RATE_INFO_HE_RU_ALLOC_106; 357 } else { 358 status->bw = RATE_INFO_BW_40; 359 } 360 break; 361 case IEEE80211_STA_RX_BW_80: 362 status->bw = RATE_INFO_BW_80; 363 break; 364 case IEEE80211_STA_RX_BW_160: 365 status->bw = RATE_INFO_BW_160; 366 break; 367 /* rxv reports bw 320-1 and 320-2 separately */ 368 case IEEE80211_STA_RX_BW_320: 369 case IEEE80211_STA_RX_BW_320 + 1: 370 status->bw = RATE_INFO_BW_320; 371 break; 372 default: 373 return -EINVAL; 374 } 375 376 status->enc_flags |= RX_ENC_FLAG_STBC_MASK * stbc; 377 if (*mode < MT_PHY_TYPE_HE_SU && gi) 378 status->enc_flags |= RX_ENC_FLAG_SHORT_GI; 379 380 return 0; 381 } 382 383 static void 384 mt7996_wed_check_ppe(struct mt7996_dev *dev, struct mt76_queue *q, 385 struct mt7996_sta *msta, struct sk_buff *skb, 386 u32 info) 387 { 388 struct ieee80211_vif *vif; 389 struct wireless_dev *wdev; 390 391 if (!msta || !msta->vif) 392 return; 393 394 if (!mt76_queue_is_wed_rx(q)) 395 return; 396 397 if (!(info & MT_DMA_INFO_PPE_VLD)) 398 return; 399 400 vif = container_of((void *)msta->vif, struct ieee80211_vif, 401 drv_priv); 402 wdev = ieee80211_vif_to_wdev(vif); 403 skb->dev = wdev->netdev; 404 405 mtk_wed_device_ppe_check(&dev->mt76.mmio.wed, skb, 406 FIELD_GET(MT_DMA_PPE_CPU_REASON, info), 407 FIELD_GET(MT_DMA_PPE_ENTRY, info)); 408 } 409 410 static int 411 mt7996_mac_fill_rx(struct mt7996_dev *dev, enum mt76_rxq_id q, 412 struct sk_buff *skb, u32 *info) 413 { 414 struct mt76_rx_status *status = (struct mt76_rx_status *)skb->cb; 415 struct mt76_phy *mphy = &dev->mt76.phy; 416 struct mt7996_phy *phy = &dev->phy; 417 struct ieee80211_supported_band *sband; 418 __le32 *rxd = (__le32 *)skb->data; 419 __le32 *rxv = NULL; 420 u32 rxd0 = le32_to_cpu(rxd[0]); 421 u32 rxd1 = le32_to_cpu(rxd[1]); 422 u32 rxd2 = le32_to_cpu(rxd[2]); 423 u32 rxd3 = le32_to_cpu(rxd[3]); 424 u32 rxd4 = le32_to_cpu(rxd[4]); 425 u32 csum_mask = MT_RXD3_NORMAL_IP_SUM | MT_RXD3_NORMAL_UDP_TCP_SUM; 426 u32 csum_status = *(u32 *)skb->cb; 427 u32 mesh_mask = MT_RXD0_MESH | MT_RXD0_MHCP; 428 bool is_mesh = (rxd0 & mesh_mask) == mesh_mask; 429 bool unicast, insert_ccmp_hdr = false; 430 u8 remove_pad, amsdu_info, band_idx; 431 u8 mode = 0, qos_ctl = 0; 432 bool hdr_trans; 433 u16 hdr_gap; 434 u16 seq_ctrl = 0; 435 __le16 fc = 0; 436 int idx; 437 u8 hw_aggr = false; 438 struct mt7996_sta *msta = NULL; 439 440 hw_aggr = status->aggr; 441 memset(status, 0, sizeof(*status)); 442 443 band_idx = FIELD_GET(MT_RXD1_NORMAL_BAND_IDX, rxd1); 444 mphy = dev->mt76.phys[band_idx]; 445 phy = mphy->priv; 446 status->phy_idx = mphy->band_idx; 447 448 if (!test_bit(MT76_STATE_RUNNING, &mphy->state)) 449 return -EINVAL; 450 451 if (rxd2 & MT_RXD2_NORMAL_AMSDU_ERR) 452 return -EINVAL; 453 454 hdr_trans = rxd2 & MT_RXD2_NORMAL_HDR_TRANS; 455 if (hdr_trans && (rxd1 & MT_RXD1_NORMAL_CM)) 456 return -EINVAL; 457 458 /* ICV error or CCMP/BIP/WPI MIC error */ 459 if (rxd1 & MT_RXD1_NORMAL_ICV_ERR) 460 status->flag |= RX_FLAG_ONLY_MONITOR; 461 462 unicast = FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) == MT_RXD3_NORMAL_U2M; 463 idx = FIELD_GET(MT_RXD1_NORMAL_WLAN_IDX, rxd1); 464 status->wcid = mt7996_rx_get_wcid(dev, idx, band_idx); 465 466 if (status->wcid) { 467 struct mt7996_sta_link *msta_link; 468 469 msta_link = container_of(status->wcid, struct mt7996_sta_link, 470 wcid); 471 msta = msta_link->sta; 472 mt76_wcid_add_poll(&dev->mt76, &msta_link->wcid); 473 } 474 475 status->freq = mphy->chandef.chan->center_freq; 476 status->band = mphy->chandef.chan->band; 477 if (status->band == NL80211_BAND_5GHZ) 478 sband = &mphy->sband_5g.sband; 479 else if (status->band == NL80211_BAND_6GHZ) 480 sband = &mphy->sband_6g.sband; 481 else 482 sband = &mphy->sband_2g.sband; 483 484 if (!sband->channels) 485 return -EINVAL; 486 487 if ((rxd3 & csum_mask) == csum_mask && 488 !(csum_status & (BIT(0) | BIT(2) | BIT(3)))) 489 skb->ip_summed = CHECKSUM_UNNECESSARY; 490 491 if (rxd3 & MT_RXD3_NORMAL_FCS_ERR) 492 status->flag |= RX_FLAG_FAILED_FCS_CRC; 493 494 if (rxd1 & MT_RXD1_NORMAL_TKIP_MIC_ERR) 495 status->flag |= RX_FLAG_MMIC_ERROR; 496 497 if (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2) != 0 && 498 !(rxd1 & (MT_RXD1_NORMAL_CLM | MT_RXD1_NORMAL_CM))) { 499 status->flag |= RX_FLAG_DECRYPTED; 500 status->flag |= RX_FLAG_IV_STRIPPED; 501 status->flag |= RX_FLAG_MMIC_STRIPPED | RX_FLAG_MIC_STRIPPED; 502 } 503 504 remove_pad = FIELD_GET(MT_RXD2_NORMAL_HDR_OFFSET, rxd2); 505 506 if (rxd2 & MT_RXD2_NORMAL_MAX_LEN_ERROR) 507 return -EINVAL; 508 509 rxd += 8; 510 if (rxd1 & MT_RXD1_NORMAL_GROUP_4) { 511 u32 v0 = le32_to_cpu(rxd[0]); 512 u32 v2 = le32_to_cpu(rxd[2]); 513 514 fc = cpu_to_le16(FIELD_GET(MT_RXD8_FRAME_CONTROL, v0)); 515 qos_ctl = FIELD_GET(MT_RXD10_QOS_CTL, v2); 516 seq_ctrl = FIELD_GET(MT_RXD10_SEQ_CTRL, v2); 517 518 rxd += 4; 519 if ((u8 *)rxd - skb->data >= skb->len) 520 return -EINVAL; 521 } 522 523 if (rxd1 & MT_RXD1_NORMAL_GROUP_1) { 524 u8 *data = (u8 *)rxd; 525 526 if (status->flag & RX_FLAG_DECRYPTED) { 527 switch (FIELD_GET(MT_RXD2_NORMAL_SEC_MODE, rxd2)) { 528 case MT_CIPHER_AES_CCMP: 529 case MT_CIPHER_CCMP_CCX: 530 case MT_CIPHER_CCMP_256: 531 insert_ccmp_hdr = 532 FIELD_GET(MT_RXD2_NORMAL_FRAG, rxd2); 533 fallthrough; 534 case MT_CIPHER_TKIP: 535 case MT_CIPHER_TKIP_NO_MIC: 536 case MT_CIPHER_GCMP: 537 case MT_CIPHER_GCMP_256: 538 status->iv[0] = data[5]; 539 status->iv[1] = data[4]; 540 status->iv[2] = data[3]; 541 status->iv[3] = data[2]; 542 status->iv[4] = data[1]; 543 status->iv[5] = data[0]; 544 break; 545 default: 546 break; 547 } 548 } 549 rxd += 4; 550 if ((u8 *)rxd - skb->data >= skb->len) 551 return -EINVAL; 552 } 553 554 if (rxd1 & MT_RXD1_NORMAL_GROUP_2) { 555 status->timestamp = le32_to_cpu(rxd[0]); 556 status->flag |= RX_FLAG_MACTIME_START; 557 558 if (!(rxd2 & MT_RXD2_NORMAL_NON_AMPDU)) { 559 status->flag |= RX_FLAG_AMPDU_DETAILS; 560 561 /* all subframes of an A-MPDU have the same timestamp */ 562 if (phy->rx_ampdu_ts != status->timestamp) { 563 if (!++phy->ampdu_ref) 564 phy->ampdu_ref++; 565 } 566 phy->rx_ampdu_ts = status->timestamp; 567 568 status->ampdu_ref = phy->ampdu_ref; 569 } 570 571 rxd += 4; 572 if ((u8 *)rxd - skb->data >= skb->len) 573 return -EINVAL; 574 } 575 576 /* RXD Group 3 - P-RXV */ 577 if (rxd1 & MT_RXD1_NORMAL_GROUP_3) { 578 u32 v3; 579 int ret; 580 581 rxv = rxd; 582 rxd += 4; 583 if ((u8 *)rxd - skb->data >= skb->len) 584 return -EINVAL; 585 586 v3 = le32_to_cpu(rxv[3]); 587 588 status->chains = mphy->antenna_mask; 589 status->chain_signal[0] = to_rssi(MT_PRXV_RCPI0, v3); 590 status->chain_signal[1] = to_rssi(MT_PRXV_RCPI1, v3); 591 status->chain_signal[2] = to_rssi(MT_PRXV_RCPI2, v3); 592 status->chain_signal[3] = to_rssi(MT_PRXV_RCPI3, v3); 593 594 /* RXD Group 5 - C-RXV */ 595 if (rxd1 & MT_RXD1_NORMAL_GROUP_5) { 596 rxd += 24; 597 if ((u8 *)rxd - skb->data >= skb->len) 598 return -EINVAL; 599 } 600 601 ret = mt7996_mac_fill_rx_rate(dev, status, sband, rxv, &mode); 602 if (ret < 0) 603 return ret; 604 } 605 606 amsdu_info = FIELD_GET(MT_RXD4_NORMAL_PAYLOAD_FORMAT, rxd4); 607 status->amsdu = !!amsdu_info; 608 if (status->amsdu) { 609 status->first_amsdu = amsdu_info == MT_RXD4_FIRST_AMSDU_FRAME; 610 status->last_amsdu = amsdu_info == MT_RXD4_LAST_AMSDU_FRAME; 611 } 612 613 /* IEEE 802.11 fragmentation can only be applied to unicast frames. 614 * Hence, drop fragments with multicast/broadcast RA. 615 * This check fixes vulnerabilities, like CVE-2020-26145. 616 */ 617 if ((ieee80211_has_morefrags(fc) || seq_ctrl & IEEE80211_SCTL_FRAG) && 618 FIELD_GET(MT_RXD3_NORMAL_ADDR_TYPE, rxd3) != MT_RXD3_NORMAL_U2M) 619 return -EINVAL; 620 621 hdr_gap = (u8 *)rxd - skb->data + 2 * remove_pad; 622 if (hdr_trans && ieee80211_has_morefrags(fc)) { 623 if (mt7996_reverse_frag0_hdr_trans(skb, hdr_gap)) 624 return -EINVAL; 625 hdr_trans = false; 626 } else { 627 int pad_start = 0; 628 629 skb_pull(skb, hdr_gap); 630 if (!hdr_trans && status->amsdu && !(ieee80211_has_a4(fc) && is_mesh)) { 631 pad_start = ieee80211_get_hdrlen_from_skb(skb); 632 } else if (hdr_trans && (rxd2 & MT_RXD2_NORMAL_HDR_TRANS_ERROR)) { 633 /* When header translation failure is indicated, 634 * the hardware will insert an extra 2-byte field 635 * containing the data length after the protocol 636 * type field. This happens either when the LLC-SNAP 637 * pattern did not match, or if a VLAN header was 638 * detected. 639 */ 640 pad_start = 12; 641 if (get_unaligned_be16(skb->data + pad_start) == ETH_P_8021Q) 642 pad_start += 4; 643 else 644 pad_start = 0; 645 } 646 647 if (pad_start) { 648 memmove(skb->data + 2, skb->data, pad_start); 649 skb_pull(skb, 2); 650 } 651 } 652 653 if (!hdr_trans) { 654 struct ieee80211_hdr *hdr; 655 656 if (insert_ccmp_hdr) { 657 u8 key_id = FIELD_GET(MT_RXD1_NORMAL_KEY_ID, rxd1); 658 659 mt76_insert_ccmp_hdr(skb, key_id); 660 } 661 662 hdr = mt76_skb_get_hdr(skb); 663 fc = hdr->frame_control; 664 if (ieee80211_is_beacon(fc)) 665 mt76_rx_beacon(mphy, skb); 666 if (ieee80211_is_data_qos(fc)) { 667 u8 *qos = ieee80211_get_qos_ctl(hdr); 668 669 seq_ctrl = le16_to_cpu(hdr->seq_ctrl); 670 qos_ctl = *qos; 671 672 /* Mesh DA/SA/Length will be stripped after hardware 673 * de-amsdu, so here needs to clear amsdu present bit 674 * to mark it as a normal mesh frame. 675 */ 676 if (ieee80211_has_a4(fc) && is_mesh && status->amsdu) 677 *qos &= ~IEEE80211_QOS_CTL_A_MSDU_PRESENT; 678 } 679 skb_set_mac_header(skb, (unsigned char *)hdr - skb->data); 680 } else { 681 status->flag |= RX_FLAG_8023; 682 mt7996_wed_check_ppe(dev, &dev->mt76.q_rx[q], msta, skb, 683 *info); 684 mt76_npu_check_ppe(&dev->mt76, skb, *info); 685 } 686 687 if (rxv && !(status->flag & RX_FLAG_8023)) { 688 switch (status->encoding) { 689 case RX_ENC_EHT: 690 mt76_connac3_mac_decode_eht_radiotap(skb, rxv, mode); 691 break; 692 case RX_ENC_HE: 693 mt76_connac3_mac_decode_he_radiotap(skb, rxv, mode); 694 break; 695 default: 696 break; 697 } 698 } 699 700 if (!status->wcid || !ieee80211_is_data_qos(fc) || hw_aggr) 701 return 0; 702 703 status->aggr = unicast && 704 !ieee80211_is_qos_nullfunc(fc); 705 status->qos_ctl = qos_ctl; 706 status->seqno = IEEE80211_SEQ_TO_SN(seq_ctrl); 707 708 return 0; 709 } 710 711 static void 712 mt7996_mac_write_txwi_8023(struct mt7996_dev *dev, __le32 *txwi, 713 struct sk_buff *skb, struct mt76_wcid *wcid) 714 { 715 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK; 716 u8 fc_type, fc_stype; 717 u16 ethertype; 718 bool wmm = false; 719 u32 val; 720 721 if (wcid->sta) { 722 struct ieee80211_sta *sta = wcid_to_sta(wcid); 723 724 wmm = sta->wme; 725 } 726 727 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3) | 728 FIELD_PREP(MT_TXD1_TID, tid); 729 730 ethertype = get_unaligned_be16(&skb->data[12]); 731 if (ethertype >= ETH_P_802_3_MIN) 732 val |= MT_TXD1_ETH_802_3; 733 734 txwi[1] |= cpu_to_le32(val); 735 736 fc_type = IEEE80211_FTYPE_DATA >> 2; 737 fc_stype = wmm ? IEEE80211_STYPE_QOS_DATA >> 4 : 0; 738 739 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) | 740 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype); 741 742 txwi[2] |= cpu_to_le32(val); 743 744 if (wcid->amsdu) 745 txwi[3] |= cpu_to_le32(MT_TXD3_HW_AMSDU); 746 } 747 748 static void 749 mt7996_mac_write_txwi_80211(struct mt7996_dev *dev, __le32 *txwi, 750 struct sk_buff *skb, 751 struct ieee80211_key_conf *key, 752 struct mt76_wcid *wcid) 753 { 754 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 755 struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *)skb->data; 756 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 757 bool multicast = is_multicast_ether_addr(hdr->addr1); 758 u8 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK; 759 __le16 fc = hdr->frame_control, sc = hdr->seq_ctrl; 760 struct ieee80211_vif *vif = info->control.vif; 761 u16 seqno = le16_to_cpu(sc); 762 bool hw_bigtk = false; 763 u8 fc_type, fc_stype; 764 u32 val; 765 766 if (ieee80211_is_action(fc) && 767 skb->len >= IEEE80211_MIN_ACTION_SIZE(action_code) && 768 mgmt->u.action.category == WLAN_CATEGORY_BACK && 769 mgmt->u.action.action_code == WLAN_ACTION_ADDBA_REQ) { 770 if (is_mt7990(&dev->mt76)) 771 txwi[6] |= cpu_to_le32(FIELD_PREP(MT_TXD6_TID_ADDBA, tid)); 772 else 773 txwi[7] |= cpu_to_le32(MT_TXD7_MAC_TXD); 774 775 tid = MT_TX_ADDBA; 776 } else if (ieee80211_is_mgmt(hdr->frame_control)) { 777 tid = MT_TX_NORMAL; 778 } 779 780 val = FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_11) | 781 FIELD_PREP(MT_TXD1_HDR_INFO, 782 ieee80211_get_hdrlen_from_skb(skb) / 2) | 783 FIELD_PREP(MT_TXD1_TID, tid); 784 785 if (!ieee80211_is_data(fc) || multicast || 786 info->flags & IEEE80211_TX_CTL_USE_MINRATE) 787 val |= MT_TXD1_FIXED_RATE; 788 789 if (is_mt7990(&dev->mt76) && ieee80211_is_beacon(fc) && 790 (wcid->hw_key_idx2 == 6 || wcid->hw_key_idx2 == 7)) 791 hw_bigtk = true; 792 793 if ((key && multicast && ieee80211_is_robust_mgmt_frame(skb)) || hw_bigtk) { 794 val |= MT_TXD1_BIP; 795 txwi[3] &= ~cpu_to_le32(MT_TXD3_PROTECT_FRAME); 796 } 797 798 txwi[1] |= cpu_to_le32(val); 799 800 fc_type = (le16_to_cpu(fc) & IEEE80211_FCTL_FTYPE) >> 2; 801 fc_stype = (le16_to_cpu(fc) & IEEE80211_FCTL_STYPE) >> 4; 802 803 val = FIELD_PREP(MT_TXD2_FRAME_TYPE, fc_type) | 804 FIELD_PREP(MT_TXD2_SUB_TYPE, fc_stype); 805 806 if (ieee80211_has_morefrags(fc) && ieee80211_is_first_frag(sc)) 807 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_FIRST); 808 else if (ieee80211_has_morefrags(fc) && !ieee80211_is_first_frag(sc)) 809 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_MID); 810 else if (!ieee80211_has_morefrags(fc) && !ieee80211_is_first_frag(sc)) 811 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_LAST); 812 else 813 val |= FIELD_PREP(MT_TXD2_FRAG, MT_TX_FRAG_NONE); 814 815 txwi[2] |= cpu_to_le32(val); 816 817 txwi[3] |= cpu_to_le32(FIELD_PREP(MT_TXD3_BCM, multicast)); 818 if (ieee80211_is_beacon(fc)) { 819 txwi[3] &= ~cpu_to_le32(MT_TXD3_SW_POWER_MGMT); 820 txwi[3] |= cpu_to_le32(MT_TXD3_REM_TX_COUNT); 821 } 822 823 if (multicast && vif && ieee80211_vif_is_mld(vif)) { 824 val = MT_TXD3_SN_VALID | 825 FIELD_PREP(MT_TXD3_SEQ, IEEE80211_SEQ_TO_SN(seqno)); 826 txwi[3] |= cpu_to_le32(val); 827 } 828 829 if (info->flags & IEEE80211_TX_CTL_INJECTED) { 830 if (ieee80211_is_back_req(hdr->frame_control)) { 831 struct ieee80211_bar *bar; 832 833 bar = (struct ieee80211_bar *)skb->data; 834 seqno = le16_to_cpu(bar->start_seq_num); 835 } 836 837 val = MT_TXD3_SN_VALID | 838 FIELD_PREP(MT_TXD3_SEQ, IEEE80211_SEQ_TO_SN(seqno)); 839 txwi[3] |= cpu_to_le32(val); 840 txwi[3] &= ~cpu_to_le32(MT_TXD3_HW_AMSDU); 841 } 842 843 if (vif && ieee80211_vif_is_mld(vif) && 844 (multicast || unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE)))) 845 txwi[5] |= cpu_to_le32(MT_TXD5_FL); 846 847 if (ieee80211_is_nullfunc(fc) && ieee80211_has_a4(fc) && 848 vif && ieee80211_vif_is_mld(vif)) { 849 txwi[5] |= cpu_to_le32(MT_TXD5_FL); 850 txwi[6] |= cpu_to_le32(MT_TXD6_DIS_MAT); 851 } 852 853 if (!wcid->sta && ieee80211_is_mgmt(fc)) 854 txwi[6] |= cpu_to_le32(MT_TXD6_DIS_MAT); 855 } 856 857 void mt7996_mac_write_txwi(struct mt7996_dev *dev, __le32 *txwi, 858 struct sk_buff *skb, struct mt76_wcid *wcid, 859 struct ieee80211_key_conf *key, int pid, 860 enum mt76_txq_id qid, u32 changed, 861 unsigned int link_id) 862 { 863 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 864 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 865 struct ieee80211_vif *vif = info->control.vif; 866 u8 band_idx = (info->hw_queue & MT_TX_HW_QUEUE_PHY) >> 2; 867 u8 p_fmt, q_idx, omac_idx = 0, wmm_idx = 0; 868 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP; 869 struct mt76_vif_link *mlink = NULL; 870 struct mt7996_vif *mvif; 871 u16 tx_count = 15; 872 u32 val; 873 bool inband_disc = !!(changed & (BSS_CHANGED_UNSOL_BCAST_PROBE_RESP | 874 BSS_CHANGED_FILS_DISCOVERY)); 875 bool beacon = !!(changed & (BSS_CHANGED_BEACON | 876 BSS_CHANGED_BEACON_ENABLED)) && (!inband_disc); 877 878 mvif = vif ? (struct mt7996_vif *)vif->drv_priv : NULL; 879 if (mvif) { 880 if (wcid->offchannel) 881 mlink = rcu_dereference(mvif->mt76.offchannel_link); 882 if (!mlink && link_id != IEEE80211_LINK_UNSPECIFIED) 883 mlink = rcu_dereference(mvif->mt76.link[link_id]); 884 } 885 886 if (mlink) { 887 omac_idx = mlink->omac_idx; 888 wmm_idx = mlink->wmm_idx; 889 band_idx = mlink->band_idx; 890 } 891 892 if (inband_disc) { 893 p_fmt = MT_TX_TYPE_FW; 894 q_idx = MT_LMAC_ALTX0; 895 } else if (beacon) { 896 p_fmt = MT_TX_TYPE_FW; 897 q_idx = MT_LMAC_BCN0; 898 } else if (qid >= MT_TXQ_PSD) { 899 p_fmt = MT_TX_TYPE_CT; 900 q_idx = MT_LMAC_ALTX0; 901 } else { 902 p_fmt = MT_TX_TYPE_CT; 903 q_idx = wmm_idx * MT7996_MAX_WMM_SETS + 904 mt76_connac_lmac_mapping(skb_get_queue_mapping(skb)); 905 } 906 907 val = FIELD_PREP(MT_TXD0_TX_BYTES, skb->len + MT_TXD_SIZE) | 908 FIELD_PREP(MT_TXD0_PKT_FMT, p_fmt) | 909 FIELD_PREP(MT_TXD0_Q_IDX, q_idx); 910 txwi[0] = cpu_to_le32(val); 911 912 val = FIELD_PREP(MT_TXD1_WLAN_IDX, wcid->idx) | 913 FIELD_PREP(MT_TXD1_OWN_MAC, omac_idx); 914 915 if (band_idx) 916 val |= FIELD_PREP(MT_TXD1_TGID, band_idx); 917 918 txwi[1] = cpu_to_le32(val); 919 txwi[2] = 0; 920 921 val = MT_TXD3_SW_POWER_MGMT | 922 FIELD_PREP(MT_TXD3_REM_TX_COUNT, tx_count); 923 if (key) 924 val |= MT_TXD3_PROTECT_FRAME; 925 if (info->flags & IEEE80211_TX_CTL_NO_ACK) 926 val |= MT_TXD3_NO_ACK; 927 928 txwi[3] = cpu_to_le32(val); 929 txwi[4] = 0; 930 931 val = FIELD_PREP(MT_TXD5_PID, pid); 932 if (pid >= MT_PACKET_ID_FIRST) 933 val |= MT_TXD5_TX_STATUS_HOST; 934 txwi[5] = cpu_to_le32(val); 935 936 val = MT_TXD6_DAS | MT_TXD6_VTA; 937 if ((q_idx >= MT_LMAC_ALTX0 && q_idx <= MT_LMAC_BCN0) || 938 skb->protocol == cpu_to_be16(ETH_P_PAE)) 939 val |= MT_TXD6_DIS_MAT; 940 941 if (is_mt7996(&dev->mt76)) 942 val |= FIELD_PREP(MT_TXD6_MSDU_CNT, 1); 943 else if (is_8023 || !ieee80211_is_mgmt(hdr->frame_control)) 944 val |= FIELD_PREP(MT_TXD6_MSDU_CNT_V2, 1); 945 946 txwi[6] = cpu_to_le32(val); 947 txwi[7] = 0; 948 949 if (is_8023) 950 mt7996_mac_write_txwi_8023(dev, txwi, skb, wcid); 951 else 952 mt7996_mac_write_txwi_80211(dev, txwi, skb, key, wcid); 953 954 if (txwi[1] & cpu_to_le32(MT_TXD1_FIXED_RATE)) { 955 bool mcast = ieee80211_is_data(hdr->frame_control) && 956 is_multicast_ether_addr(hdr->addr1); 957 u8 idx = MT7996_BASIC_RATES_TBL; 958 959 if (mlink) { 960 if (mcast && mlink->mcast_rates_idx) 961 idx = mlink->mcast_rates_idx; 962 else if (beacon && mlink->beacon_rates_idx) 963 idx = mlink->beacon_rates_idx; 964 else 965 idx = mlink->basic_rates_idx; 966 } 967 968 val = FIELD_PREP(MT_TXD6_TX_RATE, idx) | MT_TXD6_FIXED_BW; 969 if (mcast) 970 val |= MT_TXD6_DIS_MAT; 971 txwi[6] |= cpu_to_le32(val); 972 txwi[3] |= cpu_to_le32(MT_TXD3_BA_DISABLE); 973 } 974 } 975 976 static bool 977 mt7996_tx_use_mgmt(struct mt7996_dev *dev, struct sk_buff *skb) 978 { 979 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 980 981 if (ieee80211_is_mgmt(hdr->frame_control)) 982 return true; 983 984 /* for SDO to bypass specific data frame */ 985 if (!mt7996_has_wa(dev)) { 986 if (unlikely(skb->protocol == cpu_to_be16(ETH_P_PAE))) 987 return true; 988 989 if (ieee80211_has_a4(hdr->frame_control) && 990 !ieee80211_is_data_present(hdr->frame_control)) 991 return true; 992 } 993 994 return false; 995 } 996 997 int mt7996_tx_prepare_skb(struct mt76_dev *mdev, void *txwi_ptr, 998 enum mt76_txq_id qid, struct mt76_wcid *wcid, 999 struct ieee80211_sta *sta, 1000 struct mt76_tx_info *tx_info) 1001 { 1002 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)tx_info->skb->data; 1003 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76); 1004 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_info->skb); 1005 struct ieee80211_key_conf *key = info->control.hw_key; 1006 struct ieee80211_vif *vif = info->control.vif; 1007 struct mt7996_vif *mvif = vif ? (struct mt7996_vif *)vif->drv_priv : NULL; 1008 struct mt7996_sta *msta = sta ? (struct mt7996_sta *)sta->drv_priv : NULL; 1009 struct mt76_vif_link *mlink = NULL; 1010 struct mt76_txwi_cache *t; 1011 int id, i, pid, nbuf = tx_info->nbuf - 1; 1012 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP; 1013 __le32 *ptr = (__le32 *)txwi_ptr; 1014 u8 *txwi = (u8 *)txwi_ptr; 1015 u8 link_id; 1016 1017 if (unlikely(tx_info->skb->len <= ETH_HLEN)) 1018 return -EINVAL; 1019 1020 if (!wcid) 1021 wcid = &dev->mt76.global_wcid; 1022 1023 if ((is_8023 || ieee80211_is_data_qos(hdr->frame_control)) && sta->mlo && 1024 likely(tx_info->skb->protocol != cpu_to_be16(ETH_P_PAE))) { 1025 u8 tid = tx_info->skb->priority & IEEE80211_QOS_CTL_TID_MASK; 1026 1027 link_id = (tid % 2) ? msta->seclink_id : msta->deflink_id; 1028 } else { 1029 link_id = u32_get_bits(info->control.flags, 1030 IEEE80211_TX_CTRL_MLO_LINK); 1031 } 1032 1033 if (link_id != wcid->link_id && link_id != IEEE80211_LINK_UNSPECIFIED) { 1034 if (msta) { 1035 struct mt7996_sta_link *msta_link = 1036 mt7996_sta_link(msta, link_id); 1037 1038 if (msta_link) 1039 wcid = &msta_link->wcid; 1040 } else if (mvif) { 1041 mlink = rcu_dereference(mvif->mt76.link[link_id]); 1042 if (mlink && mlink->wcid) 1043 wcid = mlink->wcid; 1044 } 1045 } 1046 1047 t = (struct mt76_txwi_cache *)(txwi + mdev->drv->txwi_size); 1048 t->skb = tx_info->skb; 1049 1050 id = mt76_token_consume(mdev, &t); 1051 if (id < 0) 1052 return id; 1053 1054 /* Since the rules of HW MLD address translation are not fully 1055 * compatible with 802.11 EAPOL frame, we do the translation by 1056 * software 1057 */ 1058 if (tx_info->skb->protocol == cpu_to_be16(ETH_P_PAE) && sta->mlo) { 1059 struct ieee80211_hdr *hdr = (void *)tx_info->skb->data; 1060 struct ieee80211_bss_conf *link_conf; 1061 struct ieee80211_link_sta *link_sta; 1062 1063 link_conf = rcu_dereference(vif->link_conf[wcid->link_id]); 1064 if (!link_conf) 1065 goto error_release_token; 1066 1067 link_sta = rcu_dereference(sta->link[wcid->link_id]); 1068 if (!link_sta) 1069 goto error_release_token; 1070 1071 dma_sync_single_for_cpu(mdev->dma_dev, tx_info->buf[1].addr, 1072 tx_info->buf[1].len, DMA_TO_DEVICE); 1073 1074 memcpy(hdr->addr1, link_sta->addr, ETH_ALEN); 1075 memcpy(hdr->addr2, link_conf->addr, ETH_ALEN); 1076 if (ieee80211_has_a4(hdr->frame_control)) { 1077 memcpy(hdr->addr3, sta->addr, ETH_ALEN); 1078 memcpy(hdr->addr4, vif->addr, ETH_ALEN); 1079 } else if (ieee80211_has_tods(hdr->frame_control)) { 1080 memcpy(hdr->addr3, sta->addr, ETH_ALEN); 1081 } else if (ieee80211_has_fromds(hdr->frame_control)) { 1082 memcpy(hdr->addr3, vif->addr, ETH_ALEN); 1083 } 1084 1085 dma_sync_single_for_device(mdev->dma_dev, tx_info->buf[1].addr, 1086 tx_info->buf[1].len, DMA_TO_DEVICE); 1087 } 1088 1089 pid = mt76_tx_status_skb_add(mdev, wcid, tx_info->skb); 1090 memset(txwi_ptr, 0, MT_TXD_SIZE); 1091 /* Transmit non qos data by 802.11 header and need to fill txd by host*/ 1092 if (!is_8023 || pid >= MT_PACKET_ID_FIRST) 1093 mt7996_mac_write_txwi(dev, txwi_ptr, tx_info->skb, wcid, key, 1094 pid, qid, 0, link_id); 1095 1096 /* MT7996 and MT7992 require driver to provide the MAC TXP for AddBA 1097 * req 1098 */ 1099 if (le32_to_cpu(ptr[7]) & MT_TXD7_MAC_TXD) { 1100 u32 val, mac_txp_size = sizeof(struct mt76_connac_hw_txp); 1101 1102 ptr = (__le32 *)(txwi + MT_TXD_SIZE); 1103 memset((void *)ptr, 0, mac_txp_size); 1104 1105 val = FIELD_PREP(MT_TXP0_TOKEN_ID0, id) | 1106 MT_TXP0_TOKEN_ID0_VALID_MASK; 1107 ptr[0] = cpu_to_le32(val); 1108 1109 val = FIELD_PREP(MT_TXP1_TID_ADDBA, 1110 tx_info->skb->priority & 1111 IEEE80211_QOS_CTL_TID_MASK); 1112 ptr[1] = cpu_to_le32(val); 1113 ptr[2] = cpu_to_le32(tx_info->buf[1].addr & 0xFFFFFFFF); 1114 1115 val = FIELD_PREP(MT_TXP_BUF_LEN, tx_info->buf[1].len) | 1116 MT_TXP3_ML0_MASK; 1117 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT 1118 val |= FIELD_PREP(MT_TXP3_DMA_ADDR_H, 1119 tx_info->buf[1].addr >> 32); 1120 #endif 1121 ptr[3] = cpu_to_le32(val); 1122 1123 tx_info->buf[0].len = MT_TXD_SIZE + mac_txp_size; 1124 } else { 1125 struct mt76_connac_txp_common *txp; 1126 1127 txp = (struct mt76_connac_txp_common *)(txwi + MT_TXD_SIZE); 1128 for (i = 0; i < nbuf; i++) { 1129 u16 len; 1130 1131 len = FIELD_PREP(MT_TXP_BUF_LEN, tx_info->buf[i + 1].len); 1132 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT 1133 len |= FIELD_PREP(MT_TXP_DMA_ADDR_H, 1134 tx_info->buf[i + 1].addr >> 32); 1135 #endif 1136 1137 txp->fw.buf[i] = cpu_to_le32(tx_info->buf[i + 1].addr); 1138 txp->fw.len[i] = cpu_to_le16(len); 1139 } 1140 txp->fw.nbuf = nbuf; 1141 1142 txp->fw.flags = cpu_to_le16(MT_CT_INFO_FROM_HOST); 1143 1144 if (!is_8023 || pid >= MT_PACKET_ID_FIRST) 1145 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_APPLY_TXD); 1146 1147 if (!key) 1148 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_NONE_CIPHER_FRAME); 1149 1150 if (!is_8023 && mt7996_tx_use_mgmt(dev, tx_info->skb)) 1151 txp->fw.flags |= cpu_to_le16(MT_CT_INFO_MGMT_FRAME); 1152 1153 if (mvif) { 1154 if (wcid->offchannel) 1155 mlink = rcu_dereference(mvif->mt76.offchannel_link); 1156 if (!mlink) 1157 mlink = rcu_dereference(mvif->mt76.link[wcid->link_id]); 1158 1159 txp->fw.bss_idx = mlink ? mlink->idx : mvif->deflink.mt76.idx; 1160 } 1161 1162 txp->fw.token = cpu_to_le16(id); 1163 txp->fw.rept_wds_wcid = cpu_to_le16(sta ? wcid->idx : 0xfff); 1164 } 1165 1166 tx_info->skb = NULL; 1167 1168 /* pass partial skb header to fw */ 1169 tx_info->buf[1].len = MT_CT_PARSE_LEN; 1170 tx_info->buf[1].skip_unmap = true; 1171 tx_info->nbuf = MT_CT_DMA_BUF_NUM; 1172 1173 return 0; 1174 1175 error_release_token: 1176 mt76_token_release(mdev, id, NULL); 1177 return -EINVAL; 1178 } 1179 1180 u32 mt7996_wed_init_buf(void *ptr, dma_addr_t phys, int token_id) 1181 { 1182 struct mt76_connac_fw_txp *txp = ptr + MT_TXD_SIZE; 1183 __le32 *txwi = ptr; 1184 u32 val; 1185 1186 memset(ptr, 0, MT_TXD_SIZE + sizeof(*txp)); 1187 1188 val = FIELD_PREP(MT_TXD0_TX_BYTES, MT_TXD_SIZE) | 1189 FIELD_PREP(MT_TXD0_PKT_FMT, MT_TX_TYPE_CT); 1190 txwi[0] = cpu_to_le32(val); 1191 1192 val = BIT(31) | 1193 FIELD_PREP(MT_TXD1_HDR_FORMAT, MT_HDR_FORMAT_802_3); 1194 txwi[1] = cpu_to_le32(val); 1195 1196 txp->token = cpu_to_le16(token_id); 1197 txp->nbuf = 1; 1198 txp->buf[0] = cpu_to_le32(phys + MT_TXD_SIZE + sizeof(*txp)); 1199 1200 return MT_TXD_SIZE + sizeof(*txp); 1201 } 1202 1203 static void 1204 mt7996_tx_check_aggr(struct ieee80211_link_sta *link_sta, 1205 struct mt76_wcid *wcid, struct sk_buff *skb) 1206 { 1207 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1208 bool is_8023 = info->flags & IEEE80211_TX_CTL_HW_80211_ENCAP; 1209 u16 fc, tid; 1210 1211 if (!(link_sta->ht_cap.ht_supported || link_sta->he_cap.has_he)) 1212 return; 1213 1214 tid = skb->priority & IEEE80211_QOS_CTL_TID_MASK; 1215 if (tid >= 6) /* skip VO queue */ 1216 return; 1217 1218 if (is_8023) { 1219 fc = IEEE80211_FTYPE_DATA | 1220 (link_sta->sta->wme ? IEEE80211_STYPE_QOS_DATA 1221 : IEEE80211_STYPE_DATA); 1222 } else { 1223 /* No need to get precise TID for Action/Management Frame, 1224 * since it will not meet the following Frame Control 1225 * condition anyway. 1226 */ 1227 1228 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 1229 1230 fc = le16_to_cpu(hdr->frame_control) & 1231 (IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE); 1232 } 1233 1234 if (unlikely(fc != (IEEE80211_FTYPE_DATA | IEEE80211_STYPE_QOS_DATA))) 1235 return; 1236 1237 if (!test_and_set_bit(tid, &wcid->ampdu_state) && 1238 ieee80211_start_tx_ba_session(link_sta->sta, tid, 0)) 1239 clear_bit(tid, &wcid->ampdu_state); 1240 } 1241 1242 static void 1243 mt7996_txwi_free(struct mt7996_dev *dev, struct mt76_txwi_cache *t, 1244 struct ieee80211_link_sta *link_sta, 1245 struct mt76_wcid *wcid, struct list_head *free_list) 1246 { 1247 struct mt76_dev *mdev = &dev->mt76; 1248 __le32 *txwi; 1249 u16 wcid_idx; 1250 1251 mt76_connac_txp_skb_unmap(mdev, t); 1252 if (!t->skb) 1253 goto out; 1254 1255 txwi = (__le32 *)mt76_get_txwi_ptr(mdev, t); 1256 if (link_sta) { 1257 wcid_idx = wcid->idx; 1258 if (likely(t->skb->protocol != cpu_to_be16(ETH_P_PAE))) { 1259 struct mt7996_sta *msta; 1260 1261 /* AMPDU state is stored in the primary link */ 1262 msta = (void *)link_sta->sta->drv_priv; 1263 mt7996_tx_check_aggr(link_sta, &msta->deflink.wcid, 1264 t->skb); 1265 } 1266 } else { 1267 wcid_idx = le32_get_bits(txwi[9], MT_TXD9_WLAN_IDX); 1268 } 1269 1270 __mt76_tx_complete_skb(mdev, wcid_idx, t->skb, free_list); 1271 1272 out: 1273 t->skb = NULL; 1274 mt76_put_txwi(mdev, t); 1275 } 1276 1277 static void 1278 mt7996_mac_tx_free(struct mt7996_dev *dev, void *data, int len) 1279 { 1280 __le32 *tx_free = (__le32 *)data, *cur_info; 1281 struct mt76_dev *mdev = &dev->mt76; 1282 struct mt76_phy *phy2 = mdev->phys[MT_BAND1]; 1283 struct mt76_phy *phy3 = mdev->phys[MT_BAND2]; 1284 struct ieee80211_link_sta *link_sta = NULL; 1285 struct mt76_txwi_cache *txwi; 1286 struct mt76_wcid *wcid = NULL; 1287 LIST_HEAD(free_list); 1288 struct sk_buff *skb, *tmp; 1289 void *end = data + len; 1290 bool wake = false; 1291 u16 total, count = 0; 1292 u8 ver; 1293 1294 /* clean DMA queues and unmap buffers first */ 1295 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_PSD], false); 1296 mt76_queue_tx_cleanup(dev, dev->mphy.q_tx[MT_TXQ_BE], false); 1297 if (phy2) { 1298 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_PSD], false); 1299 mt76_queue_tx_cleanup(dev, phy2->q_tx[MT_TXQ_BE], false); 1300 } 1301 if (phy3) { 1302 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_PSD], false); 1303 mt76_queue_tx_cleanup(dev, phy3->q_tx[MT_TXQ_BE], false); 1304 } 1305 1306 ver = le32_get_bits(tx_free[1], MT_TXFREE1_VER); 1307 if (WARN_ON_ONCE(ver < 5)) 1308 return; 1309 1310 total = le32_get_bits(tx_free[0], MT_TXFREE0_MSDU_CNT); 1311 for (cur_info = &tx_free[2]; count < total; cur_info++) { 1312 u32 msdu, info; 1313 u8 i; 1314 1315 if (WARN_ON_ONCE((void *)cur_info >= end)) 1316 return; 1317 /* 1'b1: new wcid pair. 1318 * 1'b0: msdu_id with the same 'wcid pair' as above. 1319 */ 1320 info = le32_to_cpu(*cur_info); 1321 if (info & MT_TXFREE_INFO_PAIR) { 1322 struct ieee80211_sta *sta; 1323 unsigned long valid_links; 1324 struct mt7996_sta *msta; 1325 unsigned int id; 1326 u16 idx; 1327 1328 idx = FIELD_GET(MT_TXFREE_INFO_WLAN_ID, info); 1329 wcid = mt76_wcid_ptr(dev, idx); 1330 sta = wcid_to_sta(wcid); 1331 if (!sta) { 1332 link_sta = NULL; 1333 goto next; 1334 } 1335 1336 link_sta = rcu_dereference(sta->link[wcid->link_id]); 1337 if (!link_sta) 1338 goto next; 1339 1340 msta = (struct mt7996_sta *)sta->drv_priv; 1341 valid_links = sta->valid_links ?: BIT(0); 1342 1343 /* For MLD STA, add all link's wcid to sta_poll_list */ 1344 for_each_set_bit(id, &valid_links, 1345 IEEE80211_MLD_MAX_NUM_LINKS) { 1346 struct mt7996_sta_link *msta_link; 1347 1348 msta_link = mt7996_sta_link(msta, id); 1349 if (!msta_link) 1350 continue; 1351 1352 mt76_wcid_add_poll(&dev->mt76, 1353 &msta_link->wcid); 1354 } 1355 next: 1356 /* ver 7 has a new DW with pair = 1, skip it */ 1357 if (ver == 7 && ((void *)(cur_info + 1) < end) && 1358 (le32_to_cpu(*(cur_info + 1)) & MT_TXFREE_INFO_PAIR)) 1359 cur_info++; 1360 continue; 1361 } else if (info & MT_TXFREE_INFO_HEADER) { 1362 u32 tx_retries = 0, tx_failed = 0, count; 1363 1364 if (!wcid) 1365 continue; 1366 1367 count = FIELD_GET(MT_TXFREE_INFO_COUNT, info); 1368 tx_retries = count ? count - 1 : 0; 1369 tx_failed = tx_retries + 1370 !!FIELD_GET(MT_TXFREE_INFO_STAT, info); 1371 1372 wcid->stats.tx_retries += tx_retries; 1373 wcid->stats.tx_failed += tx_failed; 1374 continue; 1375 } 1376 1377 for (i = 0; i < 2; i++) { 1378 msdu = (info >> (15 * i)) & MT_TXFREE_INFO_MSDU_ID; 1379 if (msdu == MT_TXFREE_INFO_MSDU_ID) 1380 continue; 1381 1382 count++; 1383 txwi = mt76_token_release(mdev, msdu, &wake); 1384 if (!txwi) 1385 continue; 1386 1387 mt7996_txwi_free(dev, txwi, link_sta, wcid, 1388 &free_list); 1389 } 1390 } 1391 1392 mt7996_mac_sta_poll(dev); 1393 1394 if (wake) 1395 mt76_set_tx_blocked(&dev->mt76, false); 1396 1397 mt76_worker_schedule(&dev->mt76.tx_worker); 1398 1399 list_for_each_entry_safe(skb, tmp, &free_list, list) { 1400 skb_list_del_init(skb); 1401 napi_consume_skb(skb, 1); 1402 } 1403 } 1404 1405 static bool 1406 mt7996_mac_add_txs_skb(struct mt7996_dev *dev, struct mt76_wcid *wcid, 1407 int pid, __le32 *txs_data) 1408 { 1409 struct mt76_sta_stats *stats = &wcid->stats; 1410 struct ieee80211_supported_band *sband; 1411 struct mt76_dev *mdev = &dev->mt76; 1412 struct mt76_phy *mphy; 1413 struct ieee80211_tx_info *info; 1414 struct sk_buff_head list; 1415 struct rate_info rate = {}; 1416 struct sk_buff *skb = NULL; 1417 bool cck = false; 1418 u32 txrate, txs, mode, stbc; 1419 1420 txs = le32_to_cpu(txs_data[0]); 1421 1422 mt76_tx_status_lock(mdev, &list); 1423 1424 /* only report MPDU TXS */ 1425 if (le32_get_bits(txs_data[0], MT_TXS0_TXS_FORMAT) == 0) { 1426 skb = mt76_tx_status_skb_get(mdev, wcid, pid, &list); 1427 if (skb) { 1428 info = IEEE80211_SKB_CB(skb); 1429 if (!(txs & MT_TXS0_ACK_ERROR_MASK)) 1430 info->flags |= IEEE80211_TX_STAT_ACK; 1431 1432 info->status.ampdu_len = 1; 1433 info->status.ampdu_ack_len = 1434 !!(info->flags & IEEE80211_TX_STAT_ACK); 1435 1436 info->status.rates[0].idx = -1; 1437 } 1438 } 1439 1440 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && wcid->sta) { 1441 struct ieee80211_sta *sta; 1442 u8 tid; 1443 1444 sta = wcid_to_sta(wcid); 1445 tid = FIELD_GET(MT_TXS0_TID, txs); 1446 ieee80211_refresh_tx_agg_session_timer(sta, tid); 1447 } 1448 1449 txrate = FIELD_GET(MT_TXS0_TX_RATE, txs); 1450 1451 rate.mcs = FIELD_GET(MT_TX_RATE_IDX, txrate); 1452 rate.nss = FIELD_GET(MT_TX_RATE_NSS, txrate) + 1; 1453 stbc = le32_get_bits(txs_data[3], MT_TXS3_RATE_STBC); 1454 1455 if (stbc && rate.nss > 1) 1456 rate.nss >>= 1; 1457 1458 if (rate.nss - 1 < ARRAY_SIZE(stats->tx_nss)) 1459 stats->tx_nss[rate.nss - 1]++; 1460 if (rate.mcs < ARRAY_SIZE(stats->tx_mcs)) 1461 stats->tx_mcs[rate.mcs]++; 1462 1463 mode = FIELD_GET(MT_TX_RATE_MODE, txrate); 1464 switch (mode) { 1465 case MT_PHY_TYPE_CCK: 1466 cck = true; 1467 fallthrough; 1468 case MT_PHY_TYPE_OFDM: 1469 mphy = mt76_dev_phy(mdev, wcid->phy_idx); 1470 1471 if (mphy->chandef.chan->band == NL80211_BAND_5GHZ) 1472 sband = &mphy->sband_5g.sband; 1473 else if (mphy->chandef.chan->band == NL80211_BAND_6GHZ) 1474 sband = &mphy->sband_6g.sband; 1475 else 1476 sband = &mphy->sband_2g.sband; 1477 1478 rate.mcs = mt76_get_rate(mphy->dev, sband, rate.mcs, cck); 1479 rate.legacy = sband->bitrates[rate.mcs].bitrate; 1480 break; 1481 case MT_PHY_TYPE_HT: 1482 case MT_PHY_TYPE_HT_GF: 1483 if (rate.mcs > 31) 1484 goto out; 1485 1486 rate.flags = RATE_INFO_FLAGS_MCS; 1487 if (wcid->rate.flags & RATE_INFO_FLAGS_SHORT_GI) 1488 rate.flags |= RATE_INFO_FLAGS_SHORT_GI; 1489 break; 1490 case MT_PHY_TYPE_VHT: 1491 if (rate.mcs > 9) 1492 goto out; 1493 1494 rate.flags = RATE_INFO_FLAGS_VHT_MCS; 1495 if (wcid->rate.flags & RATE_INFO_FLAGS_SHORT_GI) 1496 rate.flags |= RATE_INFO_FLAGS_SHORT_GI; 1497 break; 1498 case MT_PHY_TYPE_HE_SU: 1499 case MT_PHY_TYPE_HE_EXT_SU: 1500 case MT_PHY_TYPE_HE_TB: 1501 case MT_PHY_TYPE_HE_MU: 1502 if (rate.mcs > 11) 1503 goto out; 1504 1505 rate.he_gi = wcid->rate.he_gi; 1506 rate.he_dcm = FIELD_GET(MT_TX_RATE_DCM, txrate); 1507 rate.flags = RATE_INFO_FLAGS_HE_MCS; 1508 break; 1509 case MT_PHY_TYPE_EHT_SU: 1510 case MT_PHY_TYPE_EHT_TRIG: 1511 case MT_PHY_TYPE_EHT_MU: 1512 if (rate.mcs > 13) 1513 goto out; 1514 1515 rate.eht_gi = wcid->rate.eht_gi; 1516 rate.flags = RATE_INFO_FLAGS_EHT_MCS; 1517 break; 1518 default: 1519 goto out; 1520 } 1521 1522 stats->tx_mode[mode]++; 1523 1524 switch (FIELD_GET(MT_TXS0_BW, txs)) { 1525 case IEEE80211_STA_RX_BW_320: 1526 rate.bw = RATE_INFO_BW_320; 1527 stats->tx_bw[4]++; 1528 break; 1529 case IEEE80211_STA_RX_BW_160: 1530 rate.bw = RATE_INFO_BW_160; 1531 stats->tx_bw[3]++; 1532 break; 1533 case IEEE80211_STA_RX_BW_80: 1534 rate.bw = RATE_INFO_BW_80; 1535 stats->tx_bw[2]++; 1536 break; 1537 case IEEE80211_STA_RX_BW_40: 1538 rate.bw = RATE_INFO_BW_40; 1539 stats->tx_bw[1]++; 1540 break; 1541 default: 1542 rate.bw = RATE_INFO_BW_20; 1543 stats->tx_bw[0]++; 1544 break; 1545 } 1546 wcid->rate = rate; 1547 1548 out: 1549 if (skb) 1550 mt76_tx_status_skb_done(mdev, skb, &list); 1551 mt76_tx_status_unlock(mdev, &list); 1552 1553 return !!skb; 1554 } 1555 1556 static void mt7996_mac_add_txs(struct mt7996_dev *dev, void *data) 1557 { 1558 struct mt7996_sta_link *msta_link; 1559 struct mt76_wcid *wcid; 1560 __le32 *txs_data = data; 1561 u16 wcidx; 1562 u8 pid; 1563 1564 wcidx = le32_get_bits(txs_data[2], MT_TXS2_WCID); 1565 pid = le32_get_bits(txs_data[3], MT_TXS3_PID); 1566 1567 if (pid < MT_PACKET_ID_NO_SKB) 1568 return; 1569 1570 rcu_read_lock(); 1571 1572 wcid = mt76_wcid_ptr(dev, wcidx); 1573 if (!wcid) 1574 goto out; 1575 1576 mt7996_mac_add_txs_skb(dev, wcid, pid, txs_data); 1577 1578 if (!wcid->sta) 1579 goto out; 1580 1581 msta_link = container_of(wcid, struct mt7996_sta_link, wcid); 1582 mt76_wcid_add_poll(&dev->mt76, &msta_link->wcid); 1583 1584 out: 1585 rcu_read_unlock(); 1586 } 1587 1588 bool mt7996_rx_check(struct mt76_dev *mdev, void *data, int len) 1589 { 1590 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76); 1591 __le32 *rxd = (__le32 *)data; 1592 __le32 *end = (__le32 *)&rxd[len / 4]; 1593 enum rx_pkt_type type; 1594 1595 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE); 1596 if (type != PKT_TYPE_NORMAL) { 1597 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK); 1598 1599 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) == 1600 MT_RXD0_SW_PKT_TYPE_FRAME)) 1601 return true; 1602 } 1603 1604 switch (type) { 1605 case PKT_TYPE_TXRX_NOTIFY: 1606 mt7996_mac_tx_free(dev, data, len); 1607 return false; 1608 case PKT_TYPE_TXS: 1609 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE) 1610 mt7996_mac_add_txs(dev, rxd); 1611 return false; 1612 case PKT_TYPE_RX_FW_MONITOR: 1613 mt7996_debugfs_rx_fw_monitor(dev, data, len); 1614 return false; 1615 default: 1616 return true; 1617 } 1618 } 1619 1620 void mt7996_queue_rx_skb(struct mt76_dev *mdev, enum mt76_rxq_id q, 1621 struct sk_buff *skb, u32 *info) 1622 { 1623 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76); 1624 __le32 *rxd = (__le32 *)skb->data; 1625 __le32 *end = (__le32 *)&skb->data[skb->len]; 1626 enum rx_pkt_type type; 1627 1628 type = le32_get_bits(rxd[0], MT_RXD0_PKT_TYPE); 1629 if (type != PKT_TYPE_NORMAL) { 1630 u32 sw_type = le32_get_bits(rxd[0], MT_RXD0_SW_PKT_TYPE_MASK); 1631 1632 if (unlikely((sw_type & MT_RXD0_SW_PKT_TYPE_MAP) == 1633 MT_RXD0_SW_PKT_TYPE_FRAME)) 1634 type = PKT_TYPE_NORMAL; 1635 } 1636 1637 switch (type) { 1638 case PKT_TYPE_TXRX_NOTIFY: 1639 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2) && 1640 q == MT_RXQ_TXFREE_BAND2) { 1641 dev_kfree_skb(skb); 1642 break; 1643 } 1644 1645 mt7996_mac_tx_free(dev, skb->data, skb->len); 1646 napi_consume_skb(skb, 1); 1647 break; 1648 case PKT_TYPE_RX_EVENT: 1649 mt7996_mcu_rx_event(dev, skb); 1650 break; 1651 case PKT_TYPE_TXS: 1652 for (rxd += MT_TXS_HDR_SIZE; rxd + MT_TXS_SIZE <= end; rxd += MT_TXS_SIZE) 1653 mt7996_mac_add_txs(dev, rxd); 1654 dev_kfree_skb(skb); 1655 break; 1656 case PKT_TYPE_RX_FW_MONITOR: 1657 mt7996_debugfs_rx_fw_monitor(dev, skb->data, skb->len); 1658 dev_kfree_skb(skb); 1659 break; 1660 case PKT_TYPE_NORMAL: 1661 if (!mt7996_mac_fill_rx(dev, q, skb, info)) { 1662 mt76_rx(&dev->mt76, q, skb); 1663 return; 1664 } 1665 fallthrough; 1666 default: 1667 dev_kfree_skb(skb); 1668 break; 1669 } 1670 } 1671 1672 static struct mt7996_msdu_page * 1673 mt7996_msdu_page_get_from_cache(struct mt7996_dev *dev) 1674 { 1675 struct mt7996_msdu_page *p = NULL; 1676 1677 spin_lock(&dev->wed_rro.lock); 1678 1679 if (!list_empty(&dev->wed_rro.page_cache)) { 1680 p = list_first_entry(&dev->wed_rro.page_cache, 1681 struct mt7996_msdu_page, list); 1682 list_del(&p->list); 1683 } 1684 1685 spin_unlock(&dev->wed_rro.lock); 1686 1687 return p; 1688 } 1689 1690 static struct mt7996_msdu_page *mt7996_msdu_page_get(struct mt7996_dev *dev) 1691 { 1692 struct mt7996_msdu_page *p; 1693 1694 p = mt7996_msdu_page_get_from_cache(dev); 1695 if (!p) { 1696 p = kzalloc(L1_CACHE_ALIGN(sizeof(*p)), GFP_ATOMIC); 1697 if (p) 1698 INIT_LIST_HEAD(&p->list); 1699 } 1700 1701 return p; 1702 } 1703 1704 static void mt7996_msdu_page_put_to_cache(struct mt7996_dev *dev, 1705 struct mt7996_msdu_page *p) 1706 { 1707 if (p->buf) { 1708 mt76_put_page_pool_buf(p->buf, false); 1709 p->buf = NULL; 1710 } 1711 1712 spin_lock(&dev->wed_rro.lock); 1713 list_add(&p->list, &dev->wed_rro.page_cache); 1714 spin_unlock(&dev->wed_rro.lock); 1715 } 1716 1717 static void mt7996_msdu_page_free_cache(struct mt7996_dev *dev) 1718 { 1719 while (true) { 1720 struct mt7996_msdu_page *p; 1721 1722 p = mt7996_msdu_page_get_from_cache(dev); 1723 if (!p) 1724 break; 1725 1726 if (p->buf) 1727 mt76_put_page_pool_buf(p->buf, false); 1728 1729 kfree(p); 1730 } 1731 } 1732 1733 static u32 mt7996_msdu_page_hash_from_addr(dma_addr_t dma_addr) 1734 { 1735 u32 val = 0; 1736 int i = 0; 1737 1738 while (dma_addr) { 1739 val += (u32)((dma_addr & 0xff) + i) % MT7996_RRO_MSDU_PG_HASH_SIZE; 1740 dma_addr >>= 8; 1741 i += 13; 1742 } 1743 1744 return val % MT7996_RRO_MSDU_PG_HASH_SIZE; 1745 } 1746 1747 static struct mt7996_msdu_page * 1748 mt7996_rro_msdu_page_get(struct mt7996_dev *dev, dma_addr_t dma_addr) 1749 { 1750 u32 hash = mt7996_msdu_page_hash_from_addr(dma_addr); 1751 struct mt7996_msdu_page *p, *tmp, *addr = NULL; 1752 1753 spin_lock(&dev->wed_rro.lock); 1754 1755 list_for_each_entry_safe(p, tmp, &dev->wed_rro.page_map[hash], 1756 list) { 1757 if (p->dma_addr == dma_addr) { 1758 list_del(&p->list); 1759 addr = p; 1760 break; 1761 } 1762 } 1763 1764 spin_unlock(&dev->wed_rro.lock); 1765 1766 return addr; 1767 } 1768 1769 static void mt7996_rx_token_put(struct mt7996_dev *dev) 1770 { 1771 int i; 1772 1773 for (i = 0; i < dev->mt76.rx_token_size; i++) { 1774 struct mt76_txwi_cache *t; 1775 1776 t = mt76_rx_token_release(&dev->mt76, i); 1777 if (!t || !t->ptr) 1778 continue; 1779 1780 mt76_put_page_pool_buf(t->ptr, false); 1781 t->dma_addr = 0; 1782 t->ptr = NULL; 1783 1784 mt76_put_rxwi(&dev->mt76, t); 1785 } 1786 } 1787 1788 void mt7996_rro_msdu_page_map_free(struct mt7996_dev *dev) 1789 { 1790 struct mt7996_msdu_page *p, *tmp; 1791 int i; 1792 1793 local_bh_disable(); 1794 1795 for (i = 0; i < ARRAY_SIZE(dev->wed_rro.page_map); i++) { 1796 list_for_each_entry_safe(p, tmp, &dev->wed_rro.page_map[i], 1797 list) { 1798 list_del_init(&p->list); 1799 if (p->buf) 1800 mt76_put_page_pool_buf(p->buf, false); 1801 kfree(p); 1802 } 1803 } 1804 mt7996_msdu_page_free_cache(dev); 1805 1806 local_bh_enable(); 1807 1808 mt7996_rx_token_put(dev); 1809 } 1810 1811 int mt7996_rro_msdu_page_add(struct mt76_dev *mdev, struct mt76_queue *q, 1812 dma_addr_t dma_addr, void *data) 1813 { 1814 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76); 1815 struct mt7996_msdu_page_info *pinfo = data; 1816 struct mt7996_msdu_page *p; 1817 u32 hash; 1818 1819 pinfo->data |= cpu_to_le32(FIELD_PREP(MSDU_PAGE_INFO_OWNER_MASK, 1)); 1820 p = mt7996_msdu_page_get(dev); 1821 if (!p) 1822 return -ENOMEM; 1823 1824 p->buf = data; 1825 p->dma_addr = dma_addr; 1826 p->q = q; 1827 1828 hash = mt7996_msdu_page_hash_from_addr(dma_addr); 1829 1830 spin_lock(&dev->wed_rro.lock); 1831 list_add_tail(&p->list, &dev->wed_rro.page_map[hash]); 1832 spin_unlock(&dev->wed_rro.lock); 1833 1834 return 0; 1835 } 1836 1837 static struct mt7996_wed_rro_addr * 1838 mt7996_rro_addr_elem_get(struct mt7996_dev *dev, u16 session_id, u16 seq_num) 1839 { 1840 u32 idx = 0; 1841 void *addr; 1842 1843 if (session_id == MT7996_RRO_MAX_SESSION) { 1844 addr = dev->wed_rro.session.ptr; 1845 } else { 1846 idx = session_id / MT7996_RRO_BA_BITMAP_SESSION_SIZE; 1847 addr = dev->wed_rro.addr_elem[idx].ptr; 1848 1849 idx = session_id % MT7996_RRO_BA_BITMAP_SESSION_SIZE; 1850 idx = idx * MT7996_RRO_WINDOW_MAX_LEN; 1851 } 1852 idx += seq_num % MT7996_RRO_WINDOW_MAX_LEN; 1853 1854 return addr + idx * sizeof(struct mt7996_wed_rro_addr); 1855 } 1856 1857 #define MT996_RRO_SN_MASK GENMASK(11, 0) 1858 1859 void mt7996_rro_rx_process(struct mt76_dev *mdev, void *data) 1860 { 1861 struct mt7996_dev *dev = container_of(mdev, struct mt7996_dev, mt76); 1862 struct mt76_wed_rro_ind *cmd = (struct mt76_wed_rro_ind *)data; 1863 u32 cmd_data0 = le32_to_cpu(cmd->data0); 1864 u32 cmd_data1 = le32_to_cpu(cmd->data1); 1865 u8 ind_reason = FIELD_GET(RRO_IND_DATA0_IND_REASON_MASK, cmd_data0); 1866 u16 start_seq = FIELD_GET(RRO_IND_DATA0_START_SEQ_MASK, cmd_data0); 1867 u16 seq_id = FIELD_GET(RRO_IND_DATA0_SEQ_ID_MASK, cmd_data0); 1868 u16 ind_count = FIELD_GET(RRO_IND_DATA1_IND_COUNT_MASK, cmd_data1); 1869 struct mt7996_msdu_page_info *pinfo = NULL; 1870 struct mt7996_msdu_page *p = NULL; 1871 int i, seq_num = 0; 1872 1873 for (i = 0; i < ind_count; i++) { 1874 struct mt7996_wed_rro_addr *e; 1875 struct mt76_rx_status *status; 1876 struct mt7996_rro_hif *rxd; 1877 int j, len, qid, data_len; 1878 struct mt76_txwi_cache *t; 1879 dma_addr_t dma_addr = 0; 1880 u16 rx_token_id, count; 1881 struct mt76_queue *q; 1882 struct sk_buff *skb; 1883 u32 info = 0, data; 1884 u8 signature; 1885 void *buf; 1886 bool ls; 1887 1888 seq_num = FIELD_GET(MT996_RRO_SN_MASK, start_seq + i); 1889 e = mt7996_rro_addr_elem_get(dev, seq_id, seq_num); 1890 data = le32_to_cpu(e->data); 1891 signature = FIELD_GET(WED_RRO_ADDR_SIGNATURE_MASK, data); 1892 if (signature != (seq_num / MT7996_RRO_WINDOW_MAX_LEN)) { 1893 u32 val = FIELD_PREP(WED_RRO_ADDR_SIGNATURE_MASK, 1894 0xff); 1895 1896 e->data |= cpu_to_le32(val); 1897 goto update_ack_seq_num; 1898 } 1899 1900 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT 1901 dma_addr = FIELD_GET(WED_RRO_ADDR_HEAD_HIGH_MASK, data); 1902 dma_addr <<= 32; 1903 #endif 1904 dma_addr |= le32_to_cpu(e->head_low); 1905 1906 count = FIELD_GET(WED_RRO_ADDR_COUNT_MASK, data); 1907 for (j = 0; j < count; j++) { 1908 if (!p) { 1909 p = mt7996_rro_msdu_page_get(dev, dma_addr); 1910 if (!p) 1911 continue; 1912 1913 dma_sync_single_for_cpu(mdev->dma_dev, p->dma_addr, 1914 SKB_WITH_OVERHEAD(p->q->buf_size), 1915 page_pool_get_dma_dir(p->q->page_pool)); 1916 pinfo = (struct mt7996_msdu_page_info *)p->buf; 1917 } 1918 1919 rxd = &pinfo->rxd[j % MT7996_MAX_HIF_RXD_IN_PG]; 1920 len = FIELD_GET(RRO_HIF_DATA1_SDL_MASK, 1921 le32_to_cpu(rxd->data1)); 1922 1923 rx_token_id = FIELD_GET(RRO_HIF_DATA4_RX_TOKEN_ID_MASK, 1924 le32_to_cpu(rxd->data4)); 1925 t = mt76_rx_token_release(mdev, rx_token_id); 1926 if (!t) 1927 goto next_page; 1928 1929 qid = t->qid; 1930 buf = t->ptr; 1931 q = &mdev->q_rx[qid]; 1932 dma_sync_single_for_cpu(mdev->dma_dev, t->dma_addr, 1933 SKB_WITH_OVERHEAD(q->buf_size), 1934 page_pool_get_dma_dir(q->page_pool)); 1935 1936 t->dma_addr = 0; 1937 t->ptr = NULL; 1938 mt76_put_rxwi(mdev, t); 1939 if (!buf) 1940 goto next_page; 1941 1942 if (q->rx_head) 1943 data_len = q->buf_size; 1944 else 1945 data_len = SKB_WITH_OVERHEAD(q->buf_size); 1946 1947 if (data_len < len + q->buf_offset) { 1948 dev_kfree_skb(q->rx_head); 1949 mt76_put_page_pool_buf(buf, false); 1950 q->rx_head = NULL; 1951 goto next_page; 1952 } 1953 1954 ls = FIELD_GET(RRO_HIF_DATA1_LS_MASK, 1955 le32_to_cpu(rxd->data1)); 1956 if (q->rx_head) { 1957 /* TODO: Take into account non-linear skb. */ 1958 mt76_put_page_pool_buf(buf, false); 1959 if (ls) { 1960 dev_kfree_skb(q->rx_head); 1961 q->rx_head = NULL; 1962 } 1963 goto next_page; 1964 } 1965 1966 if (ls && !mt7996_rx_check(mdev, buf, len)) 1967 goto next_page; 1968 1969 skb = build_skb(buf, q->buf_size); 1970 if (!skb) 1971 goto next_page; 1972 1973 skb_reserve(skb, q->buf_offset); 1974 skb_mark_for_recycle(skb); 1975 __skb_put(skb, len); 1976 1977 if (ind_reason == 1 || ind_reason == 2) { 1978 dev_kfree_skb(skb); 1979 goto next_page; 1980 } 1981 1982 if (!ls) { 1983 q->rx_head = skb; 1984 goto next_page; 1985 } 1986 1987 status = (struct mt76_rx_status *)skb->cb; 1988 if (seq_id != MT7996_RRO_MAX_SESSION) 1989 status->aggr = true; 1990 1991 mt7996_queue_rx_skb(mdev, qid, skb, &info); 1992 next_page: 1993 if ((j + 1) % MT7996_MAX_HIF_RXD_IN_PG == 0) { 1994 #ifdef CONFIG_ARCH_DMA_ADDR_T_64BIT 1995 dma_addr = 1996 FIELD_GET(MSDU_PAGE_INFO_PG_HIGH_MASK, 1997 le32_to_cpu(pinfo->data)); 1998 dma_addr <<= 32; 1999 dma_addr |= le32_to_cpu(pinfo->pg_low); 2000 #else 2001 dma_addr = le32_to_cpu(pinfo->pg_low); 2002 #endif 2003 mt7996_msdu_page_put_to_cache(dev, p); 2004 p = NULL; 2005 } 2006 } 2007 2008 update_ack_seq_num: 2009 if ((i + 1) % 4 == 0) 2010 mt76_wr(dev, MT_RRO_ACK_SN_CTRL, 2011 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SESSION_MASK, 2012 seq_id) | 2013 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SN_MASK, 2014 seq_num)); 2015 if (p) { 2016 mt7996_msdu_page_put_to_cache(dev, p); 2017 p = NULL; 2018 } 2019 } 2020 2021 /* Update ack_seq_num for remaining addr_elem */ 2022 if (i % 4) 2023 mt76_wr(dev, MT_RRO_ACK_SN_CTRL, 2024 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SESSION_MASK, seq_id) | 2025 FIELD_PREP(MT_RRO_ACK_SN_CTRL_SN_MASK, seq_num)); 2026 } 2027 2028 void mt7996_mac_cca_stats_reset(struct mt7996_phy *phy) 2029 { 2030 struct mt7996_dev *dev = phy->dev; 2031 u32 reg = MT_WF_PHYRX_BAND_RX_CTRL1(phy->mt76->band_idx); 2032 2033 mt76_clear(dev, reg, MT_WF_PHYRX_BAND_RX_CTRL1_STSCNT_EN); 2034 mt76_set(dev, reg, BIT(11) | BIT(9)); 2035 } 2036 2037 void mt7996_mac_reset_counters(struct mt7996_phy *phy) 2038 { 2039 struct mt7996_dev *dev = phy->dev; 2040 u8 band_idx = phy->mt76->band_idx; 2041 int i; 2042 2043 for (i = 0; i < 16; i++) 2044 mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i)); 2045 2046 phy->mt76->survey_time = ktime_get_boottime(); 2047 2048 memset(phy->mt76->aggr_stats, 0, sizeof(phy->mt76->aggr_stats)); 2049 2050 /* reset airtime counters */ 2051 mt76_set(dev, MT_WF_RMAC_MIB_AIRTIME0(band_idx), 2052 MT_WF_RMAC_MIB_RXTIME_CLR); 2053 2054 mt7996_mcu_get_chan_mib_info(phy, true); 2055 } 2056 2057 void mt7996_mac_set_coverage_class(struct mt7996_phy *phy) 2058 { 2059 s16 coverage_class = phy->coverage_class; 2060 struct mt7996_dev *dev = phy->dev; 2061 u32 reg_offset; 2062 u32 cck = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 231) | 2063 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 48); 2064 u32 ofdm = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, 60) | 2065 FIELD_PREP(MT_TIMEOUT_VAL_CCA, 28); 2066 u8 band_idx = phy->mt76->band_idx; 2067 int offset; 2068 2069 if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state)) 2070 return; 2071 2072 offset = 3 * coverage_class; 2073 reg_offset = FIELD_PREP(MT_TIMEOUT_VAL_PLCP, offset) | 2074 FIELD_PREP(MT_TIMEOUT_VAL_CCA, offset); 2075 2076 mt76_wr(dev, MT_TMAC_CDTR(band_idx), cck + reg_offset); 2077 mt76_wr(dev, MT_TMAC_ODTR(band_idx), ofdm + reg_offset); 2078 } 2079 2080 void mt7996_mac_enable_nf(struct mt7996_dev *dev, u8 band) 2081 { 2082 mt76_set(dev, MT_WF_PHYRX_CSD_BAND_RXTD12(band), 2083 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR_ONLY | 2084 MT_WF_PHYRX_CSD_BAND_RXTD12_IRPI_SW_CLR); 2085 2086 mt76_set(dev, MT_WF_PHYRX_BAND_RX_CTRL1(band), 2087 FIELD_PREP(MT_WF_PHYRX_BAND_RX_CTRL1_IPI_EN, 0x5)); 2088 } 2089 2090 static u8 2091 mt7996_phy_get_nf(struct mt7996_phy *phy, u8 band_idx) 2092 { 2093 static const u8 nf_power[] = { 92, 89, 86, 83, 80, 75, 70, 65, 60, 55, 52 }; 2094 struct mt7996_dev *dev = phy->dev; 2095 u32 val, sum = 0, n = 0; 2096 int ant, i; 2097 2098 for (ant = 0; ant < hweight8(phy->mt76->antenna_mask); ant++) { 2099 u32 reg = MT_WF_PHYRX_CSD_IRPI(band_idx, ant); 2100 2101 for (i = 0; i < ARRAY_SIZE(nf_power); i++, reg += 4) { 2102 val = mt76_rr(dev, reg); 2103 sum += val * nf_power[i]; 2104 n += val; 2105 } 2106 } 2107 2108 return n ? sum / n : 0; 2109 } 2110 2111 void mt7996_update_channel(struct mt76_phy *mphy) 2112 { 2113 struct mt7996_phy *phy = mphy->priv; 2114 struct mt76_channel_state *state = mphy->chan_state; 2115 int nf; 2116 2117 mt7996_mcu_get_chan_mib_info(phy, false); 2118 2119 nf = mt7996_phy_get_nf(phy, mphy->band_idx); 2120 if (!phy->noise) 2121 phy->noise = nf << 4; 2122 else if (nf) 2123 phy->noise += nf - (phy->noise >> 4); 2124 2125 state->noise = -(phy->noise >> 4); 2126 } 2127 2128 static bool 2129 mt7996_wait_reset_state(struct mt7996_dev *dev, u32 state) 2130 { 2131 bool ret; 2132 2133 ret = wait_event_timeout(dev->reset_wait, 2134 (READ_ONCE(dev->recovery.state) & state), 2135 MT7996_RESET_TIMEOUT); 2136 2137 WARN(!ret, "Timeout waiting for MCU reset state %x\n", state); 2138 return ret; 2139 } 2140 2141 static void 2142 mt7996_update_vif_beacon(void *priv, u8 *mac, struct ieee80211_vif *vif) 2143 { 2144 struct ieee80211_bss_conf *link_conf; 2145 struct mt7996_phy *phy = priv; 2146 struct mt7996_dev *dev = phy->dev; 2147 unsigned int link_id; 2148 2149 2150 switch (vif->type) { 2151 case NL80211_IFTYPE_MESH_POINT: 2152 case NL80211_IFTYPE_ADHOC: 2153 case NL80211_IFTYPE_AP: 2154 break; 2155 default: 2156 return; 2157 } 2158 2159 for_each_vif_active_link(vif, link_conf, link_id) { 2160 struct mt7996_vif_link *link; 2161 struct mt7996_phy *link_phy; 2162 2163 link = mt7996_vif_link(dev, vif, link_id); 2164 if (!link) 2165 continue; 2166 2167 link_phy = mt7996_vif_link_phy(link); 2168 if (link_phy != phy) 2169 continue; 2170 2171 mt7996_mcu_add_beacon(dev->mt76.hw, vif, link_conf, 2172 link_conf->enable_beacon); 2173 } 2174 } 2175 2176 void mt7996_mac_update_beacons(struct mt7996_phy *phy) 2177 { 2178 ieee80211_iterate_active_interfaces(phy->mt76->hw, 2179 IEEE80211_IFACE_ITER_RESUME_ALL, 2180 mt7996_update_vif_beacon, phy); 2181 } 2182 2183 static void 2184 mt7996_update_beacons(struct mt7996_dev *dev) 2185 { 2186 struct mt76_phy *phy2, *phy3; 2187 2188 mt7996_mac_update_beacons(&dev->phy); 2189 2190 phy2 = dev->mt76.phys[MT_BAND1]; 2191 if (phy2) 2192 mt7996_mac_update_beacons(phy2->priv); 2193 2194 phy3 = dev->mt76.phys[MT_BAND2]; 2195 if (phy3) 2196 mt7996_mac_update_beacons(phy3->priv); 2197 } 2198 2199 void mt7996_tx_token_put(struct mt7996_dev *dev) 2200 { 2201 struct mt76_txwi_cache *txwi; 2202 int id; 2203 2204 spin_lock_bh(&dev->mt76.token_lock); 2205 idr_for_each_entry(&dev->mt76.token, txwi, id) { 2206 mt7996_txwi_free(dev, txwi, NULL, NULL, NULL); 2207 dev->mt76.token_count--; 2208 } 2209 spin_unlock_bh(&dev->mt76.token_lock); 2210 idr_destroy(&dev->mt76.token); 2211 2212 for (id = 0; id < __MT_MAX_BAND; id++) { 2213 struct mt76_phy *phy = dev->mt76.phys[id]; 2214 if (phy) 2215 atomic_set(&phy->mgmt_tx_pending, 0); 2216 } 2217 } 2218 2219 static int 2220 mt7996_mac_restart(struct mt7996_dev *dev) 2221 { 2222 struct mt76_dev *mdev = &dev->mt76; 2223 struct mt7996_phy *phy; 2224 int i, ret; 2225 2226 if (dev->hif2) { 2227 mt76_wr(dev, MT_INT1_MASK_CSR, 0x0); 2228 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0); 2229 } 2230 2231 if (dev_is_pci(mdev->dev)) { 2232 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0x0); 2233 if (dev->hif2) 2234 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0x0); 2235 } 2236 2237 set_bit(MT76_MCU_RESET, &dev->mphy.state); 2238 mt7996_for_each_phy(dev, phy) 2239 set_bit(MT76_RESET, &phy->mt76->state); 2240 wake_up(&dev->mt76.mcu.wait); 2241 2242 /* lock/unlock all queues to ensure that no tx is pending */ 2243 mt7996_for_each_phy(dev, phy) 2244 mt76_txq_schedule_all(phy->mt76); 2245 2246 /* disable all tx/rx napi */ 2247 mt76_worker_disable(&dev->mt76.tx_worker); 2248 mt76_for_each_q_rx(mdev, i) { 2249 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && 2250 mt76_queue_is_wed_rro(&mdev->q_rx[i])) 2251 continue; 2252 2253 if (mdev->q_rx[i].ndesc) 2254 napi_disable(&dev->mt76.napi[i]); 2255 } 2256 napi_disable(&dev->mt76.tx_napi); 2257 2258 /* token reinit */ 2259 mt7996_tx_token_put(dev); 2260 idr_init(&dev->mt76.token); 2261 2262 mt7996_dma_reset(dev, true); 2263 2264 mt76_for_each_q_rx(mdev, i) { 2265 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && 2266 mt76_queue_is_wed_rro(&mdev->q_rx[i])) 2267 continue; 2268 2269 if (mdev->q_rx[i].ndesc) { 2270 napi_enable(&dev->mt76.napi[i]); 2271 local_bh_disable(); 2272 napi_schedule(&dev->mt76.napi[i]); 2273 local_bh_enable(); 2274 } 2275 } 2276 clear_bit(MT76_MCU_RESET, &dev->mphy.state); 2277 clear_bit(MT76_STATE_MCU_RUNNING, &dev->mphy.state); 2278 2279 mt76_wr(dev, MT_INT_MASK_CSR, dev->mt76.mmio.irqmask); 2280 mt76_wr(dev, MT_INT_SOURCE_CSR, ~0); 2281 if (dev->hif2) { 2282 mt76_wr(dev, MT_INT1_MASK_CSR, dev->mt76.mmio.irqmask); 2283 mt76_wr(dev, MT_INT1_SOURCE_CSR, ~0); 2284 } 2285 if (dev_is_pci(mdev->dev)) { 2286 mt76_wr(dev, MT_PCIE_MAC_INT_ENABLE, 0xff); 2287 if (dev->hif2) 2288 mt76_wr(dev, MT_PCIE1_MAC_INT_ENABLE, 0xff); 2289 } 2290 2291 /* load firmware */ 2292 ret = mt7996_mcu_init_firmware(dev); 2293 if (ret) 2294 goto out; 2295 2296 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && 2297 mt7996_has_hwrro(dev)) { 2298 u32 wed_irq_mask = dev->mt76.mmio.irqmask | 2299 MT_INT_TX_DONE_BAND2; 2300 2301 mt7996_rro_hw_init(dev); 2302 mt76_for_each_q_rx(&dev->mt76, i) { 2303 if (mt76_queue_is_wed_rro_ind(&dev->mt76.q_rx[i]) || 2304 mt76_queue_is_wed_rro_msdu_pg(&dev->mt76.q_rx[i])) 2305 mt76_queue_rx_reset(dev, i); 2306 } 2307 2308 mt76_wr(dev, MT_INT_MASK_CSR, wed_irq_mask); 2309 mtk_wed_device_start_hw_rro(&dev->mt76.mmio.wed, wed_irq_mask, 2310 false); 2311 mt7996_irq_enable(dev, wed_irq_mask); 2312 mt7996_irq_disable(dev, 0); 2313 } 2314 2315 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2)) { 2316 mt76_wr(dev, MT_INT_PCIE1_MASK_CSR, 2317 MT_INT_TX_RX_DONE_EXT); 2318 mtk_wed_device_start(&dev->mt76.mmio.wed_hif2, 2319 MT_INT_TX_RX_DONE_EXT); 2320 } 2321 2322 /* set the necessary init items */ 2323 ret = mt7996_mcu_set_eeprom(dev); 2324 if (ret) 2325 goto out; 2326 2327 mt7996_mac_init(dev); 2328 mt7996_for_each_phy(dev, phy) 2329 mt7996_init_txpower(phy); 2330 ret = mt7996_txbf_init(dev); 2331 if (ret) 2332 goto out; 2333 2334 mt7996_for_each_phy(dev, phy) { 2335 if (!test_bit(MT76_STATE_RUNNING, &phy->mt76->state)) 2336 continue; 2337 2338 ret = mt7996_run(phy); 2339 if (ret) 2340 goto out; 2341 } 2342 2343 out: 2344 /* reset done */ 2345 mt7996_for_each_phy(dev, phy) 2346 clear_bit(MT76_RESET, &phy->mt76->state); 2347 2348 napi_enable(&dev->mt76.tx_napi); 2349 local_bh_disable(); 2350 napi_schedule(&dev->mt76.tx_napi); 2351 local_bh_enable(); 2352 2353 mt76_worker_enable(&dev->mt76.tx_worker); 2354 return ret; 2355 } 2356 2357 static void 2358 mt7996_mac_reset_sta_iter(void *data, struct ieee80211_sta *sta) 2359 { 2360 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv; 2361 struct mt7996_dev *dev = data; 2362 int i; 2363 2364 for (i = 0; i < ARRAY_SIZE(msta->link); i++) 2365 mt7996_mac_sta_remove_link(dev, sta, i, true); 2366 } 2367 2368 static void 2369 mt7996_mac_reset_vif_iter(void *data, u8 *mac, struct ieee80211_vif *vif) 2370 { 2371 struct mt76_vif_link *mlink = (struct mt76_vif_link *)vif->drv_priv; 2372 struct mt76_vif_data *mvif = mlink->mvif; 2373 struct mt7996_dev *dev = data; 2374 int i; 2375 2376 rcu_read_lock(); 2377 for (i = 0; i < ARRAY_SIZE(mvif->link); i++) { 2378 2379 mlink = mt76_dereference(mvif->link[i], &dev->mt76); 2380 if (!mlink || mlink == (struct mt76_vif_link *)vif->drv_priv) 2381 continue; 2382 2383 rcu_assign_pointer(mvif->link[i], NULL); 2384 kfree_rcu(mlink, rcu_head); 2385 } 2386 rcu_read_unlock(); 2387 } 2388 2389 static void 2390 mt7996_mac_full_reset(struct mt7996_dev *dev) 2391 { 2392 struct ieee80211_hw *hw = mt76_hw(dev); 2393 struct mt7996_phy *phy; 2394 LIST_HEAD(list); 2395 int i; 2396 2397 dev->recovery.hw_full_reset = true; 2398 2399 wake_up(&dev->mt76.mcu.wait); 2400 ieee80211_stop_queues(hw); 2401 2402 cancel_work_sync(&dev->wed_rro.work); 2403 mt7996_for_each_phy(dev, phy) 2404 cancel_delayed_work_sync(&phy->mt76->mac_work); 2405 2406 mt76_abort_scan(&dev->mt76); 2407 2408 mutex_lock(&dev->mt76.mutex); 2409 for (i = 0; i < 10; i++) { 2410 if (!mt7996_mac_restart(dev)) 2411 break; 2412 } 2413 2414 if (i == 10) 2415 dev_err(dev->mt76.dev, "chip full reset failed\n"); 2416 2417 mt7996_for_each_phy(dev, phy) 2418 phy->omac_mask = 0; 2419 2420 ieee80211_iterate_stations_atomic(hw, mt7996_mac_reset_sta_iter, dev); 2421 ieee80211_iterate_active_interfaces_atomic(hw, 2422 IEEE80211_IFACE_SKIP_SDATA_NOT_IN_DRIVER, 2423 mt7996_mac_reset_vif_iter, dev); 2424 mt76_reset_device(&dev->mt76); 2425 2426 INIT_LIST_HEAD(&dev->sta_rc_list); 2427 INIT_LIST_HEAD(&dev->twt_list); 2428 2429 spin_lock_bh(&dev->wed_rro.lock); 2430 list_splice_init(&dev->wed_rro.poll_list, &list); 2431 spin_unlock_bh(&dev->wed_rro.lock); 2432 2433 while (!list_empty(&list)) { 2434 struct mt7996_wed_rro_session_id *e; 2435 2436 e = list_first_entry(&list, struct mt7996_wed_rro_session_id, 2437 list); 2438 list_del_init(&e->list); 2439 kfree(e); 2440 } 2441 2442 i = mt76_wcid_alloc(dev->mt76.wcid_mask, MT7996_WTBL_STA); 2443 dev->mt76.global_wcid.idx = i; 2444 dev->recovery.hw_full_reset = false; 2445 2446 mutex_unlock(&dev->mt76.mutex); 2447 2448 ieee80211_restart_hw(mt76_hw(dev)); 2449 } 2450 2451 void mt7996_mac_reset_work(struct work_struct *work) 2452 { 2453 struct ieee80211_hw *hw; 2454 struct mt7996_dev *dev; 2455 struct mt7996_phy *phy; 2456 int i; 2457 2458 dev = container_of(work, struct mt7996_dev, reset_work); 2459 hw = mt76_hw(dev); 2460 2461 /* chip full reset */ 2462 if (dev->recovery.restart) { 2463 /* disable WA/WM WDT */ 2464 mt76_clear(dev, MT_WFDMA0_MCU_HOST_INT_ENA, 2465 MT_MCU_CMD_WDT_MASK); 2466 2467 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WA_WDT) 2468 dev->recovery.wa_reset_count++; 2469 else 2470 dev->recovery.wm_reset_count++; 2471 2472 mt7996_mac_full_reset(dev); 2473 2474 /* enable mcu irq */ 2475 mt7996_irq_enable(dev, MT_INT_MCU_CMD); 2476 mt7996_irq_disable(dev, 0); 2477 2478 /* enable WA/WM WDT */ 2479 mt76_set(dev, MT_WFDMA0_MCU_HOST_INT_ENA, MT_MCU_CMD_WDT_MASK); 2480 2481 dev->recovery.state = MT_MCU_CMD_NORMAL_STATE; 2482 dev->recovery.restart = false; 2483 return; 2484 } 2485 2486 if (!(READ_ONCE(dev->recovery.state) & MT_MCU_CMD_STOP_DMA)) 2487 return; 2488 2489 dev_info(dev->mt76.dev,"\n%s L1 SER recovery start.", 2490 wiphy_name(hw->wiphy)); 2491 2492 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2)) 2493 mtk_wed_device_stop(&dev->mt76.mmio.wed_hif2); 2494 2495 if (mtk_wed_device_active(&dev->mt76.mmio.wed)) 2496 mtk_wed_device_stop(&dev->mt76.mmio.wed); 2497 2498 mt7996_npu_hw_stop(dev); 2499 ieee80211_stop_queues(mt76_hw(dev)); 2500 2501 set_bit(MT76_RESET, &dev->mphy.state); 2502 set_bit(MT76_MCU_RESET, &dev->mphy.state); 2503 mt76_abort_scan(&dev->mt76); 2504 wake_up(&dev->mt76.mcu.wait); 2505 2506 cancel_work_sync(&dev->wed_rro.work); 2507 mt7996_for_each_phy(dev, phy) { 2508 mt76_abort_roc(phy->mt76); 2509 set_bit(MT76_RESET, &phy->mt76->state); 2510 cancel_delayed_work_sync(&phy->mt76->mac_work); 2511 } 2512 2513 mt76_worker_disable(&dev->mt76.tx_worker); 2514 mt76_for_each_q_rx(&dev->mt76, i) { 2515 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && 2516 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i])) 2517 continue; 2518 2519 if (mt76_npu_device_active(&dev->mt76) && 2520 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i])) 2521 continue; 2522 2523 if (mt76_queue_is_npu_txfree(&dev->mt76.q_rx[i])) 2524 continue; 2525 2526 napi_disable(&dev->mt76.napi[i]); 2527 } 2528 napi_disable(&dev->mt76.tx_napi); 2529 2530 mutex_lock(&dev->mt76.mutex); 2531 2532 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_STOPPED); 2533 2534 if (mt7996_wait_reset_state(dev, MT_MCU_CMD_RESET_DONE)) { 2535 mt7996_dma_reset(dev, false); 2536 2537 mt7996_tx_token_put(dev); 2538 idr_init(&dev->mt76.token); 2539 2540 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_DMA_INIT); 2541 mt7996_wait_reset_state(dev, MT_MCU_CMD_RECOVERY_DONE); 2542 } 2543 2544 mt76_wr(dev, MT_MCU_INT_EVENT, MT_MCU_INT_EVENT_RESET_DONE); 2545 mt7996_wait_reset_state(dev, MT_MCU_CMD_NORMAL_STATE); 2546 2547 /* enable DMA Rx/Tx and interrupt */ 2548 mt7996_dma_start(dev, false, false); 2549 2550 if (!is_mt7996(&dev->mt76) && dev->mt76.hwrro_mode == MT76_HWRRO_V3) 2551 mt76_set(dev, MT_RRO_3_0_EMU_CONF, MT_RRO_3_0_EMU_CONF_EN_MASK); 2552 2553 if (mtk_wed_device_active(&dev->mt76.mmio.wed)) { 2554 u32 wed_irq_mask = MT_INT_TX_DONE_BAND2 | 2555 dev->mt76.mmio.irqmask; 2556 2557 mt76_wr(dev, MT_INT_MASK_CSR, wed_irq_mask); 2558 mtk_wed_device_start_hw_rro(&dev->mt76.mmio.wed, wed_irq_mask, 2559 true); 2560 mt7996_irq_enable(dev, wed_irq_mask); 2561 mt7996_irq_disable(dev, 0); 2562 } 2563 2564 if (mtk_wed_device_active(&dev->mt76.mmio.wed_hif2)) { 2565 mt76_wr(dev, MT_INT_PCIE1_MASK_CSR, MT_INT_TX_RX_DONE_EXT); 2566 mtk_wed_device_start(&dev->mt76.mmio.wed_hif2, 2567 MT_INT_TX_RX_DONE_EXT); 2568 } 2569 2570 __mt7996_npu_hw_init(dev); 2571 2572 clear_bit(MT76_MCU_RESET, &dev->mphy.state); 2573 mt7996_for_each_phy(dev, phy) 2574 clear_bit(MT76_RESET, &phy->mt76->state); 2575 2576 mt76_for_each_q_rx(&dev->mt76, i) { 2577 if (mtk_wed_device_active(&dev->mt76.mmio.wed) && 2578 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i])) 2579 continue; 2580 2581 if (mt76_npu_device_active(&dev->mt76) && 2582 mt76_queue_is_wed_rro(&dev->mt76.q_rx[i])) 2583 continue; 2584 2585 if (mt76_queue_is_npu_txfree(&dev->mt76.q_rx[i])) 2586 continue; 2587 2588 napi_enable(&dev->mt76.napi[i]); 2589 local_bh_disable(); 2590 napi_schedule(&dev->mt76.napi[i]); 2591 local_bh_enable(); 2592 } 2593 2594 tasklet_schedule(&dev->mt76.irq_tasklet); 2595 2596 mt76_worker_enable(&dev->mt76.tx_worker); 2597 2598 napi_enable(&dev->mt76.tx_napi); 2599 local_bh_disable(); 2600 napi_schedule(&dev->mt76.tx_napi); 2601 local_bh_enable(); 2602 2603 ieee80211_wake_queues(hw); 2604 mt7996_update_beacons(dev); 2605 2606 mutex_unlock(&dev->mt76.mutex); 2607 2608 mt7996_for_each_phy(dev, phy) 2609 ieee80211_queue_delayed_work(hw, &phy->mt76->mac_work, 2610 MT7996_WATCHDOG_TIME); 2611 dev_info(dev->mt76.dev,"\n%s L1 SER recovery completed.", 2612 wiphy_name(dev->mt76.hw->wiphy)); 2613 } 2614 2615 /* firmware coredump */ 2616 void mt7996_mac_dump_work(struct work_struct *work) 2617 { 2618 const struct mt7996_mem_region *mem_region; 2619 struct mt7996_crash_data *crash_data; 2620 struct mt7996_dev *dev; 2621 struct mt7996_mem_hdr *hdr; 2622 size_t buf_len; 2623 int i; 2624 u32 num; 2625 u8 *buf; 2626 2627 dev = container_of(work, struct mt7996_dev, dump_work); 2628 2629 mutex_lock(&dev->dump_mutex); 2630 2631 crash_data = mt7996_coredump_new(dev); 2632 if (!crash_data) { 2633 mutex_unlock(&dev->dump_mutex); 2634 goto skip_coredump; 2635 } 2636 2637 mem_region = mt7996_coredump_get_mem_layout(dev, &num); 2638 if (!mem_region || !crash_data->memdump_buf_len) { 2639 mutex_unlock(&dev->dump_mutex); 2640 goto skip_memdump; 2641 } 2642 2643 buf = crash_data->memdump_buf; 2644 buf_len = crash_data->memdump_buf_len; 2645 2646 /* dumping memory content... */ 2647 memset(buf, 0, buf_len); 2648 for (i = 0; i < num; i++) { 2649 if (mem_region->len > buf_len) { 2650 dev_warn(dev->mt76.dev, "%s len %zu is too large\n", 2651 mem_region->name, mem_region->len); 2652 break; 2653 } 2654 2655 /* reserve space for the header */ 2656 hdr = (void *)buf; 2657 buf += sizeof(*hdr); 2658 buf_len -= sizeof(*hdr); 2659 2660 mt7996_memcpy_fromio(dev, buf, mem_region->start, 2661 mem_region->len); 2662 2663 hdr->start = mem_region->start; 2664 hdr->len = mem_region->len; 2665 2666 if (!mem_region->len) 2667 /* note: the header remains, just with zero length */ 2668 break; 2669 2670 buf += mem_region->len; 2671 buf_len -= mem_region->len; 2672 2673 mem_region++; 2674 } 2675 2676 mutex_unlock(&dev->dump_mutex); 2677 2678 skip_memdump: 2679 mt7996_coredump_submit(dev); 2680 skip_coredump: 2681 queue_work(dev->mt76.wq, &dev->reset_work); 2682 } 2683 2684 void mt7996_reset(struct mt7996_dev *dev) 2685 { 2686 if (!dev->recovery.hw_init_done) 2687 return; 2688 2689 if (dev->recovery.hw_full_reset) 2690 return; 2691 2692 /* wm/wa exception: do full recovery */ 2693 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_WDT_MASK) { 2694 dev->recovery.restart = true; 2695 dev_info(dev->mt76.dev, 2696 "%s indicated firmware crash, attempting recovery\n", 2697 wiphy_name(dev->mt76.hw->wiphy)); 2698 2699 mt7996_irq_disable(dev, MT_INT_MCU_CMD); 2700 queue_work(dev->mt76.wq, &dev->dump_work); 2701 return; 2702 } 2703 2704 if (READ_ONCE(dev->recovery.state) & MT_MCU_CMD_STOP_DMA) { 2705 set_bit(MT76_MCU_RESET, &dev->mphy.state); 2706 wake_up(&dev->mt76.mcu.wait); 2707 } 2708 2709 queue_work(dev->mt76.wq, &dev->reset_work); 2710 wake_up(&dev->reset_wait); 2711 } 2712 2713 void mt7996_mac_update_stats(struct mt7996_phy *phy) 2714 { 2715 struct mt76_mib_stats *mib = &phy->mib; 2716 struct mt7996_dev *dev = phy->dev; 2717 u8 band_idx = phy->mt76->band_idx; 2718 u32 cnt; 2719 int i; 2720 2721 cnt = mt76_rr(dev, MT_MIB_RSCR1(band_idx)); 2722 mib->fcs_err_cnt += cnt; 2723 2724 cnt = mt76_rr(dev, MT_MIB_RSCR33(band_idx)); 2725 mib->rx_fifo_full_cnt += cnt; 2726 2727 cnt = mt76_rr(dev, MT_MIB_RSCR31(band_idx)); 2728 mib->rx_mpdu_cnt += cnt; 2729 2730 cnt = mt76_rr(dev, MT_MIB_SDR6(band_idx)); 2731 mib->channel_idle_cnt += FIELD_GET(MT_MIB_SDR6_CHANNEL_IDL_CNT_MASK, cnt); 2732 2733 cnt = mt76_rr(dev, MT_MIB_RVSR0(band_idx)); 2734 mib->rx_vector_mismatch_cnt += cnt; 2735 2736 cnt = mt76_rr(dev, MT_MIB_RSCR35(band_idx)); 2737 mib->rx_delimiter_fail_cnt += cnt; 2738 2739 cnt = mt76_rr(dev, MT_MIB_RSCR36(band_idx)); 2740 mib->rx_len_mismatch_cnt += cnt; 2741 2742 cnt = mt76_rr(dev, MT_MIB_TSCR0(band_idx)); 2743 mib->tx_ampdu_cnt += cnt; 2744 2745 cnt = mt76_rr(dev, MT_MIB_TSCR2(band_idx)); 2746 mib->tx_stop_q_empty_cnt += cnt; 2747 2748 cnt = mt76_rr(dev, MT_MIB_TSCR3(band_idx)); 2749 mib->tx_mpdu_attempts_cnt += cnt; 2750 2751 cnt = mt76_rr(dev, MT_MIB_TSCR4(band_idx)); 2752 mib->tx_mpdu_success_cnt += cnt; 2753 2754 cnt = mt76_rr(dev, MT_MIB_RSCR27(band_idx)); 2755 mib->rx_ampdu_cnt += cnt; 2756 2757 cnt = mt76_rr(dev, MT_MIB_RSCR28(band_idx)); 2758 mib->rx_ampdu_bytes_cnt += cnt; 2759 2760 cnt = mt76_rr(dev, MT_MIB_RSCR29(band_idx)); 2761 mib->rx_ampdu_valid_subframe_cnt += cnt; 2762 2763 cnt = mt76_rr(dev, MT_MIB_RSCR30(band_idx)); 2764 mib->rx_ampdu_valid_subframe_bytes_cnt += cnt; 2765 2766 cnt = mt76_rr(dev, MT_MIB_SDR27(band_idx)); 2767 mib->tx_rwp_fail_cnt += FIELD_GET(MT_MIB_SDR27_TX_RWP_FAIL_CNT, cnt); 2768 2769 cnt = mt76_rr(dev, MT_MIB_SDR28(band_idx)); 2770 mib->tx_rwp_need_cnt += FIELD_GET(MT_MIB_SDR28_TX_RWP_NEED_CNT, cnt); 2771 2772 cnt = mt76_rr(dev, MT_UMIB_RPDCR(band_idx)); 2773 mib->rx_pfdrop_cnt += cnt; 2774 2775 cnt = mt76_rr(dev, MT_MIB_RVSR1(band_idx)); 2776 mib->rx_vec_queue_overflow_drop_cnt += cnt; 2777 2778 cnt = mt76_rr(dev, MT_MIB_TSCR1(band_idx)); 2779 mib->rx_ba_cnt += cnt; 2780 2781 cnt = mt76_rr(dev, MT_MIB_BSCR0(band_idx)); 2782 mib->tx_bf_ebf_ppdu_cnt += cnt; 2783 2784 cnt = mt76_rr(dev, MT_MIB_BSCR1(band_idx)); 2785 mib->tx_bf_ibf_ppdu_cnt += cnt; 2786 2787 cnt = mt76_rr(dev, MT_MIB_BSCR2(band_idx)); 2788 mib->tx_mu_bf_cnt += cnt; 2789 2790 cnt = mt76_rr(dev, MT_MIB_TSCR5(band_idx)); 2791 mib->tx_mu_mpdu_cnt += cnt; 2792 2793 cnt = mt76_rr(dev, MT_MIB_TSCR6(band_idx)); 2794 mib->tx_mu_acked_mpdu_cnt += cnt; 2795 2796 cnt = mt76_rr(dev, MT_MIB_TSCR7(band_idx)); 2797 mib->tx_su_acked_mpdu_cnt += cnt; 2798 2799 cnt = mt76_rr(dev, MT_MIB_BSCR3(band_idx)); 2800 mib->tx_bf_rx_fb_ht_cnt += cnt; 2801 mib->tx_bf_rx_fb_all_cnt += cnt; 2802 2803 cnt = mt76_rr(dev, MT_MIB_BSCR4(band_idx)); 2804 mib->tx_bf_rx_fb_vht_cnt += cnt; 2805 mib->tx_bf_rx_fb_all_cnt += cnt; 2806 2807 cnt = mt76_rr(dev, MT_MIB_BSCR5(band_idx)); 2808 mib->tx_bf_rx_fb_he_cnt += cnt; 2809 mib->tx_bf_rx_fb_all_cnt += cnt; 2810 2811 cnt = mt76_rr(dev, MT_MIB_BSCR6(band_idx)); 2812 mib->tx_bf_rx_fb_eht_cnt += cnt; 2813 mib->tx_bf_rx_fb_all_cnt += cnt; 2814 2815 cnt = mt76_rr(dev, MT_ETBF_RX_FB_CONT(band_idx)); 2816 mib->tx_bf_rx_fb_bw = FIELD_GET(MT_ETBF_RX_FB_BW, cnt); 2817 mib->tx_bf_rx_fb_nc_cnt += FIELD_GET(MT_ETBF_RX_FB_NC, cnt); 2818 mib->tx_bf_rx_fb_nr_cnt += FIELD_GET(MT_ETBF_RX_FB_NR, cnt); 2819 2820 cnt = mt76_rr(dev, MT_MIB_BSCR7(band_idx)); 2821 mib->tx_bf_fb_trig_cnt += cnt; 2822 2823 cnt = mt76_rr(dev, MT_MIB_BSCR17(band_idx)); 2824 mib->tx_bf_fb_cpl_cnt += cnt; 2825 2826 for (i = 0; i < ARRAY_SIZE(mib->tx_amsdu); i++) { 2827 cnt = mt76_rr(dev, MT_PLE_AMSDU_PACK_MSDU_CNT(i)); 2828 mib->tx_amsdu[i] += cnt; 2829 mib->tx_amsdu_cnt += cnt; 2830 } 2831 2832 /* rts count */ 2833 cnt = mt76_rr(dev, MT_MIB_BTSCR5(band_idx)); 2834 mib->rts_cnt += cnt; 2835 2836 /* rts retry count */ 2837 cnt = mt76_rr(dev, MT_MIB_BTSCR6(band_idx)); 2838 mib->rts_retries_cnt += cnt; 2839 2840 /* ba miss count */ 2841 cnt = mt76_rr(dev, MT_MIB_BTSCR0(band_idx)); 2842 mib->ba_miss_cnt += cnt; 2843 2844 /* ack fail count */ 2845 cnt = mt76_rr(dev, MT_MIB_BFTFCR(band_idx)); 2846 mib->ack_fail_cnt += cnt; 2847 2848 for (i = 0; i < 16; i++) { 2849 cnt = mt76_rr(dev, MT_TX_AGG_CNT(band_idx, i)); 2850 phy->mt76->aggr_stats[i] += cnt; 2851 } 2852 } 2853 2854 void mt7996_mac_sta_rc_work(struct work_struct *work) 2855 { 2856 struct mt7996_dev *dev = container_of(work, struct mt7996_dev, rc_work); 2857 struct mt7996_sta_link *msta_link; 2858 struct ieee80211_vif *vif; 2859 struct mt7996_vif *mvif; 2860 LIST_HEAD(list); 2861 u32 changed; 2862 2863 mutex_lock(&dev->mt76.mutex); 2864 2865 spin_lock_bh(&dev->mt76.sta_poll_lock); 2866 list_splice_init(&dev->sta_rc_list, &list); 2867 2868 while (!list_empty(&list)) { 2869 msta_link = list_first_entry(&list, struct mt7996_sta_link, 2870 rc_list); 2871 list_del_init(&msta_link->rc_list); 2872 2873 changed = msta_link->changed; 2874 msta_link->changed = 0; 2875 mvif = msta_link->sta->vif; 2876 vif = container_of((void *)mvif, struct ieee80211_vif, 2877 drv_priv); 2878 2879 spin_unlock_bh(&dev->mt76.sta_poll_lock); 2880 2881 if (changed & (IEEE80211_RC_SUPP_RATES_CHANGED | 2882 IEEE80211_RC_NSS_CHANGED | 2883 IEEE80211_RC_BW_CHANGED)) 2884 mt7996_mcu_add_rate_ctrl(dev, msta_link->sta, vif, 2885 msta_link->wcid.link_id, 2886 true); 2887 2888 if (changed & IEEE80211_RC_SMPS_CHANGED) 2889 mt7996_mcu_set_fixed_field(dev, msta_link->sta, NULL, 2890 msta_link->wcid.link_id, 2891 RATE_PARAM_MMPS_UPDATE); 2892 2893 spin_lock_bh(&dev->mt76.sta_poll_lock); 2894 } 2895 2896 spin_unlock_bh(&dev->mt76.sta_poll_lock); 2897 2898 mutex_unlock(&dev->mt76.mutex); 2899 } 2900 2901 void mt7996_mac_work(struct work_struct *work) 2902 { 2903 struct mt7996_phy *phy; 2904 struct mt76_phy *mphy; 2905 2906 mphy = (struct mt76_phy *)container_of(work, struct mt76_phy, 2907 mac_work.work); 2908 phy = mphy->priv; 2909 2910 mutex_lock(&mphy->dev->mutex); 2911 2912 mt76_update_survey(mphy); 2913 if (++mphy->mac_work_count == 5) { 2914 mphy->mac_work_count = 0; 2915 2916 mt7996_mac_update_stats(phy); 2917 2918 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_RATE); 2919 if (mtk_wed_device_active(&phy->dev->mt76.mmio.wed)) { 2920 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_ADM_STAT); 2921 mt7996_mcu_get_all_sta_info(phy, UNI_ALL_STA_TXRX_MSDU_COUNT); 2922 } 2923 } 2924 2925 mutex_unlock(&mphy->dev->mutex); 2926 2927 mt76_beacon_mon_check(mphy); 2928 mt76_tx_status_check(mphy->dev, false); 2929 2930 ieee80211_queue_delayed_work(mphy->hw, &mphy->mac_work, 2931 MT7996_WATCHDOG_TIME); 2932 } 2933 2934 static void mt7996_dfs_stop_radar_detector(struct mt7996_phy *phy) 2935 { 2936 struct mt7996_dev *dev = phy->dev; 2937 int rdd_idx = mt7996_get_rdd_idx(phy, false); 2938 2939 if (rdd_idx < 0) 2940 return; 2941 2942 mt7996_mcu_rdd_cmd(dev, RDD_STOP, rdd_idx, 0); 2943 } 2944 2945 static int mt7996_dfs_start_rdd(struct mt7996_dev *dev, int rdd_idx) 2946 { 2947 int region; 2948 2949 switch (dev->mt76.region) { 2950 case NL80211_DFS_ETSI: 2951 region = 0; 2952 break; 2953 case NL80211_DFS_JP: 2954 region = 2; 2955 break; 2956 case NL80211_DFS_FCC: 2957 default: 2958 region = 1; 2959 break; 2960 } 2961 2962 return mt7996_mcu_rdd_cmd(dev, RDD_START, rdd_idx, region); 2963 } 2964 2965 static int mt7996_dfs_start_radar_detector(struct mt7996_phy *phy) 2966 { 2967 struct mt7996_dev *dev = phy->dev; 2968 int err, rdd_idx; 2969 2970 rdd_idx = mt7996_get_rdd_idx(phy, false); 2971 if (rdd_idx < 0) 2972 return -EINVAL; 2973 2974 /* start CAC */ 2975 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_START, rdd_idx, 0); 2976 if (err < 0) 2977 return err; 2978 2979 err = mt7996_dfs_start_rdd(dev, rdd_idx); 2980 2981 return err; 2982 } 2983 2984 int mt7996_dfs_init_radar_detector(struct mt7996_phy *phy) 2985 { 2986 struct mt7996_dev *dev = phy->dev; 2987 enum mt76_dfs_state dfs_state, prev_state; 2988 int err, rdd_idx = mt7996_get_rdd_idx(phy, false); 2989 2990 prev_state = phy->mt76->dfs_state; 2991 dfs_state = mt76_phy_dfs_state(phy->mt76); 2992 2993 if (prev_state == dfs_state || rdd_idx < 0) 2994 return 0; 2995 2996 if (prev_state == MT_DFS_STATE_UNKNOWN) 2997 mt7996_dfs_stop_radar_detector(phy); 2998 2999 if (dfs_state == MT_DFS_STATE_DISABLED) 3000 goto stop; 3001 3002 if (prev_state <= MT_DFS_STATE_DISABLED) { 3003 err = mt7996_dfs_start_radar_detector(phy); 3004 if (err < 0) 3005 return err; 3006 3007 phy->mt76->dfs_state = MT_DFS_STATE_CAC; 3008 } 3009 3010 if (dfs_state == MT_DFS_STATE_CAC) 3011 return 0; 3012 3013 err = mt7996_mcu_rdd_cmd(dev, RDD_CAC_END, rdd_idx, 0); 3014 if (err < 0) { 3015 phy->mt76->dfs_state = MT_DFS_STATE_UNKNOWN; 3016 return err; 3017 } 3018 3019 phy->mt76->dfs_state = MT_DFS_STATE_ACTIVE; 3020 return 0; 3021 3022 stop: 3023 err = mt7996_mcu_rdd_cmd(dev, RDD_NORMAL_START, rdd_idx, 0); 3024 if (err < 0) 3025 return err; 3026 3027 mt7996_dfs_stop_radar_detector(phy); 3028 phy->mt76->dfs_state = MT_DFS_STATE_DISABLED; 3029 3030 return 0; 3031 } 3032 3033 static int 3034 mt7996_mac_twt_duration_align(int duration) 3035 { 3036 return duration << 8; 3037 } 3038 3039 static u64 3040 mt7996_mac_twt_sched_list_add(struct mt7996_dev *dev, 3041 struct mt7996_twt_flow *flow) 3042 { 3043 struct mt7996_twt_flow *iter, *iter_next; 3044 u32 duration = flow->duration << 8; 3045 u64 start_tsf; 3046 3047 iter = list_first_entry_or_null(&dev->twt_list, 3048 struct mt7996_twt_flow, list); 3049 if (!iter || !iter->sched || iter->start_tsf > duration) { 3050 /* add flow as first entry in the list */ 3051 list_add(&flow->list, &dev->twt_list); 3052 return 0; 3053 } 3054 3055 list_for_each_entry_safe(iter, iter_next, &dev->twt_list, list) { 3056 start_tsf = iter->start_tsf + 3057 mt7996_mac_twt_duration_align(iter->duration); 3058 if (list_is_last(&iter->list, &dev->twt_list)) 3059 break; 3060 3061 if (!iter_next->sched || 3062 iter_next->start_tsf > start_tsf + duration) { 3063 list_add(&flow->list, &iter->list); 3064 goto out; 3065 } 3066 } 3067 3068 /* add flow as last entry in the list */ 3069 list_add_tail(&flow->list, &dev->twt_list); 3070 out: 3071 return start_tsf; 3072 } 3073 3074 static int mt7996_mac_check_twt_req(struct ieee80211_twt_setup *twt) 3075 { 3076 struct ieee80211_twt_params *twt_agrt; 3077 u64 interval, duration; 3078 u16 mantissa; 3079 u8 exp; 3080 3081 /* only individual agreement supported */ 3082 if (twt->control & IEEE80211_TWT_CONTROL_NEG_TYPE_BROADCAST) 3083 return -EOPNOTSUPP; 3084 3085 /* only 256us unit supported */ 3086 if (twt->control & IEEE80211_TWT_CONTROL_WAKE_DUR_UNIT) 3087 return -EOPNOTSUPP; 3088 3089 twt_agrt = (struct ieee80211_twt_params *)twt->params; 3090 3091 /* explicit agreement not supported */ 3092 if (!(twt_agrt->req_type & cpu_to_le16(IEEE80211_TWT_REQTYPE_IMPLICIT))) 3093 return -EOPNOTSUPP; 3094 3095 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, 3096 le16_to_cpu(twt_agrt->req_type)); 3097 mantissa = le16_to_cpu(twt_agrt->mantissa); 3098 duration = twt_agrt->min_twt_dur << 8; 3099 3100 interval = (u64)mantissa << exp; 3101 if (interval < duration) 3102 return -EOPNOTSUPP; 3103 3104 return 0; 3105 } 3106 3107 static bool 3108 mt7996_mac_twt_param_equal(struct mt7996_sta_link *msta_link, 3109 struct ieee80211_twt_params *twt_agrt) 3110 { 3111 u16 type = le16_to_cpu(twt_agrt->req_type); 3112 u8 exp; 3113 int i; 3114 3115 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, type); 3116 for (i = 0; i < MT7996_MAX_STA_TWT_AGRT; i++) { 3117 struct mt7996_twt_flow *f; 3118 3119 if (!(msta_link->twt.flowid_mask & BIT(i))) 3120 continue; 3121 3122 f = &msta_link->twt.flow[i]; 3123 if (f->duration == twt_agrt->min_twt_dur && 3124 f->mantissa == twt_agrt->mantissa && 3125 f->exp == exp && 3126 f->protection == !!(type & IEEE80211_TWT_REQTYPE_PROTECTION) && 3127 f->flowtype == !!(type & IEEE80211_TWT_REQTYPE_FLOWTYPE) && 3128 f->trigger == !!(type & IEEE80211_TWT_REQTYPE_TRIGGER)) 3129 return true; 3130 } 3131 3132 return false; 3133 } 3134 3135 void mt7996_mac_add_twt_setup(struct ieee80211_hw *hw, 3136 struct ieee80211_sta *sta, 3137 struct ieee80211_twt_setup *twt) 3138 { 3139 enum ieee80211_twt_setup_cmd setup_cmd = TWT_SETUP_CMD_REJECT; 3140 struct mt7996_sta *msta = (struct mt7996_sta *)sta->drv_priv; 3141 struct ieee80211_twt_params *twt_agrt = (void *)twt->params; 3142 struct mt7996_sta_link *msta_link = &msta->deflink; 3143 u16 req_type = le16_to_cpu(twt_agrt->req_type); 3144 enum ieee80211_twt_setup_cmd sta_setup_cmd; 3145 struct mt7996_dev *dev = mt7996_hw_dev(hw); 3146 struct mt7996_twt_flow *flow; 3147 u8 flowid, table_id, exp; 3148 3149 if (mt7996_mac_check_twt_req(twt)) 3150 goto out; 3151 3152 mutex_lock(&dev->mt76.mutex); 3153 3154 if (dev->twt.n_agrt == MT7996_MAX_TWT_AGRT) 3155 goto unlock; 3156 3157 if (hweight8(msta_link->twt.flowid_mask) == 3158 ARRAY_SIZE(msta_link->twt.flow)) 3159 goto unlock; 3160 3161 if (twt_agrt->min_twt_dur < MT7996_MIN_TWT_DUR) { 3162 setup_cmd = TWT_SETUP_CMD_DICTATE; 3163 twt_agrt->min_twt_dur = MT7996_MIN_TWT_DUR; 3164 goto unlock; 3165 } 3166 3167 if (mt7996_mac_twt_param_equal(msta_link, twt_agrt)) 3168 goto unlock; 3169 3170 flowid = ffs(~msta_link->twt.flowid_mask) - 1; 3171 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_FLOWID); 3172 twt_agrt->req_type |= le16_encode_bits(flowid, 3173 IEEE80211_TWT_REQTYPE_FLOWID); 3174 3175 table_id = ffs(~dev->twt.table_mask) - 1; 3176 exp = FIELD_GET(IEEE80211_TWT_REQTYPE_WAKE_INT_EXP, req_type); 3177 sta_setup_cmd = FIELD_GET(IEEE80211_TWT_REQTYPE_SETUP_CMD, req_type); 3178 3179 flow = &msta_link->twt.flow[flowid]; 3180 memset(flow, 0, sizeof(*flow)); 3181 INIT_LIST_HEAD(&flow->list); 3182 flow->wcid = msta_link->wcid.idx; 3183 flow->table_id = table_id; 3184 flow->id = flowid; 3185 flow->duration = twt_agrt->min_twt_dur; 3186 flow->mantissa = twt_agrt->mantissa; 3187 flow->exp = exp; 3188 flow->protection = !!(req_type & IEEE80211_TWT_REQTYPE_PROTECTION); 3189 flow->flowtype = !!(req_type & IEEE80211_TWT_REQTYPE_FLOWTYPE); 3190 flow->trigger = !!(req_type & IEEE80211_TWT_REQTYPE_TRIGGER); 3191 3192 if (sta_setup_cmd == TWT_SETUP_CMD_REQUEST || 3193 sta_setup_cmd == TWT_SETUP_CMD_SUGGEST) { 3194 u64 interval = (u64)le16_to_cpu(twt_agrt->mantissa) << exp; 3195 u64 flow_tsf, curr_tsf; 3196 u32 rem; 3197 3198 flow->sched = true; 3199 flow->start_tsf = mt7996_mac_twt_sched_list_add(dev, flow); 3200 curr_tsf = __mt7996_get_tsf(hw, &msta->vif->deflink); 3201 div_u64_rem(curr_tsf - flow->start_tsf, interval, &rem); 3202 flow_tsf = curr_tsf + interval - rem; 3203 twt_agrt->twt = cpu_to_le64(flow_tsf); 3204 } else { 3205 list_add_tail(&flow->list, &dev->twt_list); 3206 } 3207 flow->tsf = le64_to_cpu(twt_agrt->twt); 3208 3209 if (mt7996_mcu_twt_agrt_update(dev, &msta->vif->deflink, flow, 3210 MCU_TWT_AGRT_ADD)) 3211 goto unlock; 3212 3213 setup_cmd = TWT_SETUP_CMD_ACCEPT; 3214 dev->twt.table_mask |= BIT(table_id); 3215 msta_link->twt.flowid_mask |= BIT(flowid); 3216 dev->twt.n_agrt++; 3217 3218 unlock: 3219 mutex_unlock(&dev->mt76.mutex); 3220 out: 3221 twt_agrt->req_type &= ~cpu_to_le16(IEEE80211_TWT_REQTYPE_SETUP_CMD); 3222 twt_agrt->req_type |= 3223 le16_encode_bits(setup_cmd, IEEE80211_TWT_REQTYPE_SETUP_CMD); 3224 twt->control = twt->control & IEEE80211_TWT_CONTROL_RX_DISABLED; 3225 } 3226 3227 void mt7996_mac_twt_teardown_flow(struct mt7996_dev *dev, 3228 struct mt7996_vif_link *link, 3229 struct mt7996_sta_link *msta_link, 3230 u8 flowid) 3231 { 3232 struct mt7996_twt_flow *flow; 3233 3234 lockdep_assert_held(&dev->mt76.mutex); 3235 3236 if (flowid >= ARRAY_SIZE(msta_link->twt.flow)) 3237 return; 3238 3239 if (!(msta_link->twt.flowid_mask & BIT(flowid))) 3240 return; 3241 3242 flow = &msta_link->twt.flow[flowid]; 3243 if (mt7996_mcu_twt_agrt_update(dev, link, flow, MCU_TWT_AGRT_DELETE)) 3244 return; 3245 3246 list_del_init(&flow->list); 3247 msta_link->twt.flowid_mask &= ~BIT(flowid); 3248 dev->twt.table_mask &= ~BIT(flow->table_id); 3249 dev->twt.n_agrt--; 3250 } 3251