1 /*- 2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer, 10 * without modification. 11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 13 * redistribution must be conditioned upon including a substantially 14 * similar Disclaimer requirement for further binary redistribution. 15 * 16 * NO WARRANTY 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 27 * THE POSSIBILITY OF SUCH DAMAGES. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 /* 34 * Driver for the Atheros Wireless LAN controller. 35 * 36 * This software is derived from work of Atsushi Onoe; his contribution 37 * is greatly appreciated. 38 */ 39 40 #include "opt_inet.h" 41 #include "opt_ath.h" 42 #include "opt_wlan.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/sysctl.h> 47 #include <sys/mbuf.h> 48 #include <sys/malloc.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/kernel.h> 52 #include <sys/socket.h> 53 #include <sys/sockio.h> 54 #include <sys/errno.h> 55 #include <sys/callout.h> 56 #include <sys/bus.h> 57 #include <sys/endian.h> 58 #include <sys/kthread.h> 59 #include <sys/taskqueue.h> 60 #include <sys/priv.h> 61 62 #include <machine/bus.h> 63 64 #include <net/if.h> 65 #include <net/if_dl.h> 66 #include <net/if_media.h> 67 #include <net/if_types.h> 68 #include <net/if_arp.h> 69 #include <net/ethernet.h> 70 #include <net/if_llc.h> 71 72 #include <net80211/ieee80211_var.h> 73 #include <net80211/ieee80211_regdomain.h> 74 #ifdef IEEE80211_SUPPORT_SUPERG 75 #include <net80211/ieee80211_superg.h> 76 #endif 77 #ifdef IEEE80211_SUPPORT_TDMA 78 #include <net80211/ieee80211_tdma.h> 79 #endif 80 #include <net80211/ieee80211_ht.h> 81 82 #include <net/bpf.h> 83 84 #ifdef INET 85 #include <netinet/in.h> 86 #include <netinet/if_ether.h> 87 #endif 88 89 #include <dev/ath/if_athvar.h> 90 #include <dev/ath/ath_hal/ah_devid.h> /* XXX for softled */ 91 #include <dev/ath/ath_hal/ah_diagcodes.h> 92 93 #include <dev/ath/if_ath_debug.h> 94 95 #ifdef ATH_TX99_DIAG 96 #include <dev/ath/ath_tx99/ath_tx99.h> 97 #endif 98 99 #include <dev/ath/if_ath_misc.h> 100 #include <dev/ath/if_ath_tx.h> 101 #include <dev/ath/if_ath_tx_ht.h> 102 103 /* 104 * How many retries to perform in software 105 */ 106 #define SWMAX_RETRIES 10 107 108 static int ath_tx_ampdu_pending(struct ath_softc *sc, struct ath_node *an, 109 int tid); 110 static int ath_tx_ampdu_running(struct ath_softc *sc, struct ath_node *an, 111 int tid); 112 static ieee80211_seq ath_tx_tid_seqno_assign(struct ath_softc *sc, 113 struct ieee80211_node *ni, struct ath_buf *bf, struct mbuf *m0); 114 static int ath_tx_action_frame_override_queue(struct ath_softc *sc, 115 struct ieee80211_node *ni, struct mbuf *m0, int *tid); 116 117 /* 118 * Whether to use the 11n rate scenario functions or not 119 */ 120 static inline int 121 ath_tx_is_11n(struct ath_softc *sc) 122 { 123 return (sc->sc_ah->ah_magic == 0x20065416); 124 } 125 126 /* 127 * Obtain the current TID from the given frame. 128 * 129 * Non-QoS frames need to go into TID 16 (IEEE80211_NONQOS_TID.) 130 * This has implications for which AC/priority the packet is placed 131 * in. 132 */ 133 static int 134 ath_tx_gettid(struct ath_softc *sc, const struct mbuf *m0) 135 { 136 const struct ieee80211_frame *wh; 137 int pri = M_WME_GETAC(m0); 138 139 wh = mtod(m0, const struct ieee80211_frame *); 140 if (! IEEE80211_QOS_HAS_SEQ(wh)) 141 return IEEE80211_NONQOS_TID; 142 else 143 return WME_AC_TO_TID(pri); 144 } 145 146 /* 147 * Determine what the correct AC queue for the given frame 148 * should be. 149 * 150 * This code assumes that the TIDs map consistently to 151 * the underlying hardware (or software) ath_txq. 152 * Since the sender may try to set an AC which is 153 * arbitrary, non-QoS TIDs may end up being put on 154 * completely different ACs. There's no way to put a 155 * TID into multiple ath_txq's for scheduling, so 156 * for now we override the AC/TXQ selection and set 157 * non-QOS TID frames into the BE queue. 158 * 159 * This may be completely incorrect - specifically, 160 * some management frames may end up out of order 161 * compared to the QoS traffic they're controlling. 162 * I'll look into this later. 163 */ 164 static int 165 ath_tx_getac(struct ath_softc *sc, const struct mbuf *m0) 166 { 167 const struct ieee80211_frame *wh; 168 int pri = M_WME_GETAC(m0); 169 wh = mtod(m0, const struct ieee80211_frame *); 170 if (IEEE80211_QOS_HAS_SEQ(wh)) 171 return pri; 172 173 return WME_AC_BE; 174 } 175 176 void 177 ath_txfrag_cleanup(struct ath_softc *sc, 178 ath_bufhead *frags, struct ieee80211_node *ni) 179 { 180 struct ath_buf *bf, *next; 181 182 ATH_TXBUF_LOCK_ASSERT(sc); 183 184 TAILQ_FOREACH_SAFE(bf, frags, bf_list, next) { 185 /* NB: bf assumed clean */ 186 TAILQ_REMOVE(frags, bf, bf_list); 187 TAILQ_INSERT_HEAD(&sc->sc_txbuf, bf, bf_list); 188 ieee80211_node_decref(ni); 189 } 190 } 191 192 /* 193 * Setup xmit of a fragmented frame. Allocate a buffer 194 * for each frag and bump the node reference count to 195 * reflect the held reference to be setup by ath_tx_start. 196 */ 197 int 198 ath_txfrag_setup(struct ath_softc *sc, ath_bufhead *frags, 199 struct mbuf *m0, struct ieee80211_node *ni) 200 { 201 struct mbuf *m; 202 struct ath_buf *bf; 203 204 ATH_TXBUF_LOCK(sc); 205 for (m = m0->m_nextpkt; m != NULL; m = m->m_nextpkt) { 206 bf = _ath_getbuf_locked(sc); 207 if (bf == NULL) { /* out of buffers, cleanup */ 208 ath_txfrag_cleanup(sc, frags, ni); 209 break; 210 } 211 ieee80211_node_incref(ni); 212 TAILQ_INSERT_TAIL(frags, bf, bf_list); 213 } 214 ATH_TXBUF_UNLOCK(sc); 215 216 return !TAILQ_EMPTY(frags); 217 } 218 219 /* 220 * Reclaim mbuf resources. For fragmented frames we 221 * need to claim each frag chained with m_nextpkt. 222 */ 223 void 224 ath_freetx(struct mbuf *m) 225 { 226 struct mbuf *next; 227 228 do { 229 next = m->m_nextpkt; 230 m->m_nextpkt = NULL; 231 m_freem(m); 232 } while ((m = next) != NULL); 233 } 234 235 static int 236 ath_tx_dmasetup(struct ath_softc *sc, struct ath_buf *bf, struct mbuf *m0) 237 { 238 struct mbuf *m; 239 int error; 240 241 /* 242 * Load the DMA map so any coalescing is done. This 243 * also calculates the number of descriptors we need. 244 */ 245 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 246 bf->bf_segs, &bf->bf_nseg, 247 BUS_DMA_NOWAIT); 248 if (error == EFBIG) { 249 /* XXX packet requires too many descriptors */ 250 bf->bf_nseg = ATH_TXDESC+1; 251 } else if (error != 0) { 252 sc->sc_stats.ast_tx_busdma++; 253 ath_freetx(m0); 254 return error; 255 } 256 /* 257 * Discard null packets and check for packets that 258 * require too many TX descriptors. We try to convert 259 * the latter to a cluster. 260 */ 261 if (bf->bf_nseg > ATH_TXDESC) { /* too many desc's, linearize */ 262 sc->sc_stats.ast_tx_linear++; 263 m = m_collapse(m0, M_DONTWAIT, ATH_TXDESC); 264 if (m == NULL) { 265 ath_freetx(m0); 266 sc->sc_stats.ast_tx_nombuf++; 267 return ENOMEM; 268 } 269 m0 = m; 270 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 271 bf->bf_segs, &bf->bf_nseg, 272 BUS_DMA_NOWAIT); 273 if (error != 0) { 274 sc->sc_stats.ast_tx_busdma++; 275 ath_freetx(m0); 276 return error; 277 } 278 KASSERT(bf->bf_nseg <= ATH_TXDESC, 279 ("too many segments after defrag; nseg %u", bf->bf_nseg)); 280 } else if (bf->bf_nseg == 0) { /* null packet, discard */ 281 sc->sc_stats.ast_tx_nodata++; 282 ath_freetx(m0); 283 return EIO; 284 } 285 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: m %p len %u\n", 286 __func__, m0, m0->m_pkthdr.len); 287 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 288 bf->bf_m = m0; 289 290 return 0; 291 } 292 293 /* 294 * Chain together segments+descriptors for a non-11n frame. 295 */ 296 static void 297 ath_tx_chaindesclist(struct ath_softc *sc, struct ath_buf *bf) 298 { 299 struct ath_hal *ah = sc->sc_ah; 300 struct ath_desc *ds, *ds0; 301 int i; 302 303 /* 304 * Fillin the remainder of the descriptor info. 305 */ 306 ds0 = ds = bf->bf_desc; 307 for (i = 0; i < bf->bf_nseg; i++, ds++) { 308 ds->ds_data = bf->bf_segs[i].ds_addr; 309 if (i == bf->bf_nseg - 1) 310 ds->ds_link = 0; 311 else 312 ds->ds_link = bf->bf_daddr + sizeof(*ds) * (i + 1); 313 ath_hal_filltxdesc(ah, ds 314 , bf->bf_segs[i].ds_len /* segment length */ 315 , i == 0 /* first segment */ 316 , i == bf->bf_nseg - 1 /* last segment */ 317 , ds0 /* first descriptor */ 318 ); 319 DPRINTF(sc, ATH_DEBUG_XMIT, 320 "%s: %d: %08x %08x %08x %08x %08x %08x\n", 321 __func__, i, ds->ds_link, ds->ds_data, 322 ds->ds_ctl0, ds->ds_ctl1, ds->ds_hw[0], ds->ds_hw[1]); 323 bf->bf_lastds = ds; 324 } 325 } 326 327 /* 328 * Fill in the descriptor list for a aggregate subframe. 329 * 330 * The subframe is returned with the ds_link field in the last subframe 331 * pointing to 0. 332 */ 333 static void 334 ath_tx_chaindesclist_subframe(struct ath_softc *sc, struct ath_buf *bf) 335 { 336 struct ath_hal *ah = sc->sc_ah; 337 struct ath_desc *ds, *ds0; 338 int i; 339 340 ds0 = ds = bf->bf_desc; 341 342 /* 343 * There's no need to call ath_hal_setupfirsttxdesc here; 344 * That's only going to occur for the first frame in an aggregate. 345 */ 346 for (i = 0; i < bf->bf_nseg; i++, ds++) { 347 ds->ds_data = bf->bf_segs[i].ds_addr; 348 if (i == bf->bf_nseg - 1) 349 ds->ds_link = 0; 350 else 351 ds->ds_link = bf->bf_daddr + sizeof(*ds) * (i + 1); 352 353 /* 354 * This performs the setup for an aggregate frame. 355 * This includes enabling the aggregate flags if needed. 356 */ 357 ath_hal_chaintxdesc(ah, ds, 358 bf->bf_state.bfs_pktlen, 359 bf->bf_state.bfs_hdrlen, 360 HAL_PKT_TYPE_AMPDU, /* forces aggregate bits to be set */ 361 bf->bf_state.bfs_keyix, 362 0, /* cipher, calculated from keyix */ 363 bf->bf_state.bfs_ndelim, 364 bf->bf_segs[i].ds_len, /* segment length */ 365 i == 0, /* first segment */ 366 i == bf->bf_nseg - 1 /* last segment */ 367 ); 368 369 DPRINTF(sc, ATH_DEBUG_XMIT, 370 "%s: %d: %08x %08x %08x %08x %08x %08x\n", 371 __func__, i, ds->ds_link, ds->ds_data, 372 ds->ds_ctl0, ds->ds_ctl1, ds->ds_hw[0], ds->ds_hw[1]); 373 bf->bf_lastds = ds; 374 } 375 } 376 377 /* 378 * Setup segments+descriptors for an 11n aggregate. 379 * bf_first is the first buffer in the aggregate. 380 * The descriptor list must already been linked together using 381 * bf->bf_next. 382 */ 383 static void 384 ath_tx_setds_11n(struct ath_softc *sc, struct ath_buf *bf_first) 385 { 386 struct ath_buf *bf, *bf_prev = NULL; 387 388 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: nframes=%d, al=%d\n", 389 __func__, bf_first->bf_state.bfs_nframes, 390 bf_first->bf_state.bfs_al); 391 392 /* 393 * Setup all descriptors of all subframes. 394 */ 395 bf = bf_first; 396 while (bf != NULL) { 397 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 398 "%s: bf=%p, nseg=%d, pktlen=%d, seqno=%d\n", 399 __func__, bf, bf->bf_nseg, bf->bf_state.bfs_pktlen, 400 SEQNO(bf->bf_state.bfs_seqno)); 401 402 /* Sub-frame setup */ 403 ath_tx_chaindesclist_subframe(sc, bf); 404 405 /* 406 * Link the last descriptor of the previous frame 407 * to the beginning descriptor of this frame. 408 */ 409 if (bf_prev != NULL) 410 bf_prev->bf_lastds->ds_link = bf->bf_daddr; 411 412 /* Save a copy so we can link the next descriptor in */ 413 bf_prev = bf; 414 bf = bf->bf_next; 415 } 416 417 /* 418 * Setup first descriptor of first frame. 419 * chaintxdesc() overwrites the descriptor entries; 420 * setupfirsttxdesc() merges in things. 421 * Otherwise various fields aren't set correctly (eg flags). 422 */ 423 ath_hal_setupfirsttxdesc(sc->sc_ah, 424 bf_first->bf_desc, 425 bf_first->bf_state.bfs_al, 426 bf_first->bf_state.bfs_flags | HAL_TXDESC_INTREQ, 427 bf_first->bf_state.bfs_txpower, 428 bf_first->bf_state.bfs_txrate0, 429 bf_first->bf_state.bfs_try0, 430 bf_first->bf_state.bfs_txantenna, 431 bf_first->bf_state.bfs_ctsrate, 432 bf_first->bf_state.bfs_ctsduration); 433 434 /* 435 * Setup the last descriptor in the list. 436 * bf_prev points to the last; bf is NULL here. 437 */ 438 ath_hal_setuplasttxdesc(sc->sc_ah, bf_prev->bf_desc, 439 bf_first->bf_desc); 440 441 /* 442 * Set the first descriptor bf_lastds field to point to 443 * the last descriptor in the last subframe, that's where 444 * the status update will occur. 445 */ 446 bf_first->bf_lastds = bf_prev->bf_lastds; 447 448 /* 449 * And bf_last in the first descriptor points to the end of 450 * the aggregate list. 451 */ 452 bf_first->bf_last = bf_prev; 453 454 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: end\n", __func__); 455 } 456 457 static void 458 ath_tx_handoff_mcast(struct ath_softc *sc, struct ath_txq *txq, 459 struct ath_buf *bf) 460 { 461 ATH_TXQ_LOCK_ASSERT(txq); 462 KASSERT((bf->bf_flags & ATH_BUF_BUSY) == 0, 463 ("%s: busy status 0x%x", __func__, bf->bf_flags)); 464 if (txq->axq_link != NULL) { 465 struct ath_buf *last = ATH_TXQ_LAST(txq, axq_q_s); 466 struct ieee80211_frame *wh; 467 468 /* mark previous frame */ 469 wh = mtod(last->bf_m, struct ieee80211_frame *); 470 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 471 bus_dmamap_sync(sc->sc_dmat, last->bf_dmamap, 472 BUS_DMASYNC_PREWRITE); 473 474 /* link descriptor */ 475 *txq->axq_link = bf->bf_daddr; 476 } 477 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 478 txq->axq_link = &bf->bf_lastds->ds_link; 479 } 480 481 /* 482 * Hand-off packet to a hardware queue. 483 */ 484 static void 485 ath_tx_handoff_hw(struct ath_softc *sc, struct ath_txq *txq, 486 struct ath_buf *bf) 487 { 488 struct ath_hal *ah = sc->sc_ah; 489 490 /* 491 * Insert the frame on the outbound list and pass it on 492 * to the hardware. Multicast frames buffered for power 493 * save stations and transmit from the CAB queue are stored 494 * on a s/w only queue and loaded on to the CAB queue in 495 * the SWBA handler since frames only go out on DTIM and 496 * to avoid possible races. 497 */ 498 ATH_TXQ_LOCK_ASSERT(txq); 499 KASSERT((bf->bf_flags & ATH_BUF_BUSY) == 0, 500 ("%s: busy status 0x%x", __func__, bf->bf_flags)); 501 KASSERT(txq->axq_qnum != ATH_TXQ_SWQ, 502 ("ath_tx_handoff_hw called for mcast queue")); 503 504 #if 0 505 /* 506 * This causes a LOR. Find out where the PCU lock is being 507 * held whilst the TXQ lock is grabbed - that shouldn't 508 * be occuring. 509 */ 510 ATH_PCU_LOCK(sc); 511 if (sc->sc_inreset_cnt) { 512 ATH_PCU_UNLOCK(sc); 513 DPRINTF(sc, ATH_DEBUG_RESET, 514 "%s: called with sc_in_reset != 0\n", 515 __func__); 516 DPRINTF(sc, ATH_DEBUG_XMIT, 517 "%s: queued: TXDP[%u] = %p (%p) depth %d\n", 518 __func__, txq->axq_qnum, 519 (caddr_t)bf->bf_daddr, bf->bf_desc, 520 txq->axq_depth); 521 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 522 if (bf->bf_state.bfs_aggr) 523 txq->axq_aggr_depth++; 524 /* 525 * There's no need to update axq_link; the hardware 526 * is in reset and once the reset is complete, any 527 * non-empty queues will simply have DMA restarted. 528 */ 529 return; 530 } 531 ATH_PCU_UNLOCK(sc); 532 #endif 533 534 /* For now, so not to generate whitespace diffs */ 535 if (1) { 536 #ifdef IEEE80211_SUPPORT_TDMA 537 int qbusy; 538 539 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 540 qbusy = ath_hal_txqenabled(ah, txq->axq_qnum); 541 if (txq->axq_link == NULL) { 542 /* 543 * Be careful writing the address to TXDP. If 544 * the tx q is enabled then this write will be 545 * ignored. Normally this is not an issue but 546 * when tdma is in use and the q is beacon gated 547 * this race can occur. If the q is busy then 548 * defer the work to later--either when another 549 * packet comes along or when we prepare a beacon 550 * frame at SWBA. 551 */ 552 if (!qbusy) { 553 ath_hal_puttxbuf(ah, txq->axq_qnum, 554 bf->bf_daddr); 555 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 556 DPRINTF(sc, ATH_DEBUG_XMIT, 557 "%s: TXDP[%u] = %p (%p) depth %d\n", 558 __func__, txq->axq_qnum, 559 (caddr_t)bf->bf_daddr, bf->bf_desc, 560 txq->axq_depth); 561 } else { 562 txq->axq_flags |= ATH_TXQ_PUTPENDING; 563 DPRINTF(sc, ATH_DEBUG_TDMA | ATH_DEBUG_XMIT, 564 "%s: Q%u busy, defer enable\n", __func__, 565 txq->axq_qnum); 566 } 567 } else { 568 *txq->axq_link = bf->bf_daddr; 569 DPRINTF(sc, ATH_DEBUG_XMIT, 570 "%s: link[%u](%p)=%p (%p) depth %d\n", __func__, 571 txq->axq_qnum, txq->axq_link, 572 (caddr_t)bf->bf_daddr, bf->bf_desc, 573 txq->axq_depth); 574 if ((txq->axq_flags & ATH_TXQ_PUTPENDING) && !qbusy) { 575 /* 576 * The q was busy when we previously tried 577 * to write the address of the first buffer 578 * in the chain. Since it's not busy now 579 * handle this chore. We are certain the 580 * buffer at the front is the right one since 581 * axq_link is NULL only when the buffer list 582 * is/was empty. 583 */ 584 ath_hal_puttxbuf(ah, txq->axq_qnum, 585 TAILQ_FIRST(&txq->axq_q)->bf_daddr); 586 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 587 DPRINTF(sc, ATH_DEBUG_TDMA | ATH_DEBUG_XMIT, 588 "%s: Q%u restarted\n", __func__, 589 txq->axq_qnum); 590 } 591 } 592 #else 593 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 594 if (txq->axq_link == NULL) { 595 ath_hal_puttxbuf(ah, txq->axq_qnum, bf->bf_daddr); 596 DPRINTF(sc, ATH_DEBUG_XMIT, 597 "%s: TXDP[%u] = %p (%p) depth %d\n", 598 __func__, txq->axq_qnum, 599 (caddr_t)bf->bf_daddr, bf->bf_desc, 600 txq->axq_depth); 601 } else { 602 *txq->axq_link = bf->bf_daddr; 603 DPRINTF(sc, ATH_DEBUG_XMIT, 604 "%s: link[%u](%p)=%p (%p) depth %d\n", __func__, 605 txq->axq_qnum, txq->axq_link, 606 (caddr_t)bf->bf_daddr, bf->bf_desc, 607 txq->axq_depth); 608 } 609 #endif /* IEEE80211_SUPPORT_TDMA */ 610 if (bf->bf_state.bfs_aggr) 611 txq->axq_aggr_depth++; 612 txq->axq_link = &bf->bf_lastds->ds_link; 613 ath_hal_txstart(ah, txq->axq_qnum); 614 } 615 } 616 617 /* 618 * Restart TX DMA for the given TXQ. 619 * 620 * This must be called whether the queue is empty or not. 621 */ 622 void 623 ath_txq_restart_dma(struct ath_softc *sc, struct ath_txq *txq) 624 { 625 struct ath_hal *ah = sc->sc_ah; 626 struct ath_buf *bf; 627 628 ATH_TXQ_LOCK_ASSERT(txq); 629 630 /* This is always going to be cleared, empty or not */ 631 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 632 633 bf = TAILQ_FIRST(&txq->axq_q); 634 if (bf == NULL) 635 return; 636 637 ath_hal_puttxbuf(ah, txq->axq_qnum, bf->bf_daddr); 638 txq->axq_link = &bf->bf_lastds->ds_link; 639 ath_hal_txstart(ah, txq->axq_qnum); 640 } 641 642 /* 643 * Hand off a packet to the hardware (or mcast queue.) 644 * 645 * The relevant hardware txq should be locked. 646 */ 647 static void 648 ath_tx_handoff(struct ath_softc *sc, struct ath_txq *txq, struct ath_buf *bf) 649 { 650 ATH_TXQ_LOCK_ASSERT(txq); 651 652 if (txq->axq_qnum == ATH_TXQ_SWQ) 653 ath_tx_handoff_mcast(sc, txq, bf); 654 else 655 ath_tx_handoff_hw(sc, txq, bf); 656 } 657 658 static int 659 ath_tx_tag_crypto(struct ath_softc *sc, struct ieee80211_node *ni, 660 struct mbuf *m0, int iswep, int isfrag, int *hdrlen, int *pktlen, 661 int *keyix) 662 { 663 if (iswep) { 664 const struct ieee80211_cipher *cip; 665 struct ieee80211_key *k; 666 667 /* 668 * Construct the 802.11 header+trailer for an encrypted 669 * frame. The only reason this can fail is because of an 670 * unknown or unsupported cipher/key type. 671 */ 672 k = ieee80211_crypto_encap(ni, m0); 673 if (k == NULL) { 674 /* 675 * This can happen when the key is yanked after the 676 * frame was queued. Just discard the frame; the 677 * 802.11 layer counts failures and provides 678 * debugging/diagnostics. 679 */ 680 return (0); 681 } 682 /* 683 * Adjust the packet + header lengths for the crypto 684 * additions and calculate the h/w key index. When 685 * a s/w mic is done the frame will have had any mic 686 * added to it prior to entry so m0->m_pkthdr.len will 687 * account for it. Otherwise we need to add it to the 688 * packet length. 689 */ 690 cip = k->wk_cipher; 691 (*hdrlen) += cip->ic_header; 692 (*pktlen) += cip->ic_header + cip->ic_trailer; 693 /* NB: frags always have any TKIP MIC done in s/w */ 694 if ((k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && !isfrag) 695 (*pktlen) += cip->ic_miclen; 696 (*keyix) = k->wk_keyix; 697 } else if (ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { 698 /* 699 * Use station key cache slot, if assigned. 700 */ 701 (*keyix) = ni->ni_ucastkey.wk_keyix; 702 if ((*keyix) == IEEE80211_KEYIX_NONE) 703 (*keyix) = HAL_TXKEYIX_INVALID; 704 } else 705 (*keyix) = HAL_TXKEYIX_INVALID; 706 707 return (1); 708 } 709 710 static uint8_t 711 ath_tx_get_rtscts_rate(struct ath_hal *ah, const HAL_RATE_TABLE *rt, 712 int cix, int shortPreamble) 713 { 714 uint8_t ctsrate; 715 716 /* 717 * CTS transmit rate is derived from the transmit rate 718 * by looking in the h/w rate table. We must also factor 719 * in whether or not a short preamble is to be used. 720 */ 721 /* NB: cix is set above where RTS/CTS is enabled */ 722 KASSERT(cix != 0xff, ("cix not setup")); 723 ctsrate = rt->info[cix].rateCode; 724 725 /* XXX this should only matter for legacy rates */ 726 if (shortPreamble) 727 ctsrate |= rt->info[cix].shortPreamble; 728 729 return (ctsrate); 730 } 731 732 /* 733 * Calculate the RTS/CTS duration for legacy frames. 734 */ 735 static int 736 ath_tx_calc_ctsduration(struct ath_hal *ah, int rix, int cix, 737 int shortPreamble, int pktlen, const HAL_RATE_TABLE *rt, 738 int flags) 739 { 740 int ctsduration = 0; 741 742 /* This mustn't be called for HT modes */ 743 if (rt->info[cix].phy == IEEE80211_T_HT) { 744 printf("%s: HT rate where it shouldn't be (0x%x)\n", 745 __func__, rt->info[cix].rateCode); 746 return (-1); 747 } 748 749 /* 750 * Compute the transmit duration based on the frame 751 * size and the size of an ACK frame. We call into the 752 * HAL to do the computation since it depends on the 753 * characteristics of the actual PHY being used. 754 * 755 * NB: CTS is assumed the same size as an ACK so we can 756 * use the precalculated ACK durations. 757 */ 758 if (shortPreamble) { 759 if (flags & HAL_TXDESC_RTSENA) /* SIFS + CTS */ 760 ctsduration += rt->info[cix].spAckDuration; 761 ctsduration += ath_hal_computetxtime(ah, 762 rt, pktlen, rix, AH_TRUE); 763 if ((flags & HAL_TXDESC_NOACK) == 0) /* SIFS + ACK */ 764 ctsduration += rt->info[rix].spAckDuration; 765 } else { 766 if (flags & HAL_TXDESC_RTSENA) /* SIFS + CTS */ 767 ctsduration += rt->info[cix].lpAckDuration; 768 ctsduration += ath_hal_computetxtime(ah, 769 rt, pktlen, rix, AH_FALSE); 770 if ((flags & HAL_TXDESC_NOACK) == 0) /* SIFS + ACK */ 771 ctsduration += rt->info[rix].lpAckDuration; 772 } 773 774 return (ctsduration); 775 } 776 777 /* 778 * Update the given ath_buf with updated rts/cts setup and duration 779 * values. 780 * 781 * To support rate lookups for each software retry, the rts/cts rate 782 * and cts duration must be re-calculated. 783 * 784 * This function assumes the RTS/CTS flags have been set as needed; 785 * mrr has been disabled; and the rate control lookup has been done. 786 * 787 * XXX TODO: MRR need only be disabled for the pre-11n NICs. 788 * XXX The 11n NICs support per-rate RTS/CTS configuration. 789 */ 790 static void 791 ath_tx_set_rtscts(struct ath_softc *sc, struct ath_buf *bf) 792 { 793 uint16_t ctsduration = 0; 794 uint8_t ctsrate = 0; 795 uint8_t rix = bf->bf_state.bfs_rc[0].rix; 796 uint8_t cix = 0; 797 const HAL_RATE_TABLE *rt = sc->sc_currates; 798 799 /* 800 * No RTS/CTS enabled? Don't bother. 801 */ 802 if ((bf->bf_state.bfs_flags & 803 (HAL_TXDESC_RTSENA | HAL_TXDESC_CTSENA)) == 0) { 804 /* XXX is this really needed? */ 805 bf->bf_state.bfs_ctsrate = 0; 806 bf->bf_state.bfs_ctsduration = 0; 807 return; 808 } 809 810 /* 811 * If protection is enabled, use the protection rix control 812 * rate. Otherwise use the rate0 control rate. 813 */ 814 if (bf->bf_state.bfs_doprot) 815 rix = sc->sc_protrix; 816 else 817 rix = bf->bf_state.bfs_rc[0].rix; 818 819 /* 820 * If the raw path has hard-coded ctsrate0 to something, 821 * use it. 822 */ 823 if (bf->bf_state.bfs_ctsrate0 != 0) 824 cix = ath_tx_findrix(sc, bf->bf_state.bfs_ctsrate0); 825 else 826 /* Control rate from above */ 827 cix = rt->info[rix].controlRate; 828 829 /* Calculate the rtscts rate for the given cix */ 830 ctsrate = ath_tx_get_rtscts_rate(sc->sc_ah, rt, cix, 831 bf->bf_state.bfs_shpream); 832 833 /* The 11n chipsets do ctsduration calculations for you */ 834 if (! ath_tx_is_11n(sc)) 835 ctsduration = ath_tx_calc_ctsduration(sc->sc_ah, rix, cix, 836 bf->bf_state.bfs_shpream, bf->bf_state.bfs_pktlen, 837 rt, bf->bf_state.bfs_flags); 838 839 /* Squirrel away in ath_buf */ 840 bf->bf_state.bfs_ctsrate = ctsrate; 841 bf->bf_state.bfs_ctsduration = ctsduration; 842 843 /* 844 * Must disable multi-rate retry when using RTS/CTS. 845 * XXX TODO: only for pre-11n NICs. 846 */ 847 bf->bf_state.bfs_ismrr = 0; 848 bf->bf_state.bfs_try0 = 849 bf->bf_state.bfs_rc[0].tries = ATH_TXMGTTRY; /* XXX ew */ 850 } 851 852 /* 853 * Setup the descriptor chain for a normal or fast-frame 854 * frame. 855 */ 856 static void 857 ath_tx_setds(struct ath_softc *sc, struct ath_buf *bf) 858 { 859 struct ath_desc *ds = bf->bf_desc; 860 struct ath_hal *ah = sc->sc_ah; 861 862 ath_hal_setuptxdesc(ah, ds 863 , bf->bf_state.bfs_pktlen /* packet length */ 864 , bf->bf_state.bfs_hdrlen /* header length */ 865 , bf->bf_state.bfs_atype /* Atheros packet type */ 866 , bf->bf_state.bfs_txpower /* txpower */ 867 , bf->bf_state.bfs_txrate0 868 , bf->bf_state.bfs_try0 /* series 0 rate/tries */ 869 , bf->bf_state.bfs_keyix /* key cache index */ 870 , bf->bf_state.bfs_txantenna /* antenna mode */ 871 , bf->bf_state.bfs_flags /* flags */ 872 , bf->bf_state.bfs_ctsrate /* rts/cts rate */ 873 , bf->bf_state.bfs_ctsduration /* rts/cts duration */ 874 ); 875 876 /* 877 * This will be overriden when the descriptor chain is written. 878 */ 879 bf->bf_lastds = ds; 880 bf->bf_last = bf; 881 882 /* XXX TODO: Setup descriptor chain */ 883 } 884 885 /* 886 * Do a rate lookup. 887 * 888 * This performs a rate lookup for the given ath_buf only if it's required. 889 * Non-data frames and raw frames don't require it. 890 * 891 * This populates the primary and MRR entries; MRR values are 892 * then disabled later on if something requires it (eg RTS/CTS on 893 * pre-11n chipsets. 894 * 895 * This needs to be done before the RTS/CTS fields are calculated 896 * as they may depend upon the rate chosen. 897 */ 898 static void 899 ath_tx_do_ratelookup(struct ath_softc *sc, struct ath_buf *bf) 900 { 901 uint8_t rate, rix; 902 int try0; 903 904 if (! bf->bf_state.bfs_doratelookup) 905 return; 906 907 /* Get rid of any previous state */ 908 bzero(bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 909 910 ATH_NODE_LOCK(ATH_NODE(bf->bf_node)); 911 ath_rate_findrate(sc, ATH_NODE(bf->bf_node), bf->bf_state.bfs_shpream, 912 bf->bf_state.bfs_pktlen, &rix, &try0, &rate); 913 914 /* In case MRR is disabled, make sure rc[0] is setup correctly */ 915 bf->bf_state.bfs_rc[0].rix = rix; 916 bf->bf_state.bfs_rc[0].ratecode = rate; 917 bf->bf_state.bfs_rc[0].tries = try0; 918 919 if (bf->bf_state.bfs_ismrr && try0 != ATH_TXMAXTRY) 920 ath_rate_getxtxrates(sc, ATH_NODE(bf->bf_node), rix, 921 bf->bf_state.bfs_rc); 922 ATH_NODE_UNLOCK(ATH_NODE(bf->bf_node)); 923 924 sc->sc_txrix = rix; /* for LED blinking */ 925 sc->sc_lastdatarix = rix; /* for fast frames */ 926 bf->bf_state.bfs_try0 = try0; 927 bf->bf_state.bfs_txrate0 = rate; 928 } 929 930 /* 931 * Set the rate control fields in the given descriptor based on 932 * the bf_state fields and node state. 933 * 934 * The bfs fields should already be set with the relevant rate 935 * control information, including whether MRR is to be enabled. 936 * 937 * Since the FreeBSD HAL currently sets up the first TX rate 938 * in ath_hal_setuptxdesc(), this will setup the MRR 939 * conditionally for the pre-11n chips, and call ath_buf_set_rate 940 * unconditionally for 11n chips. These require the 11n rate 941 * scenario to be set if MCS rates are enabled, so it's easier 942 * to just always call it. The caller can then only set rates 2, 3 943 * and 4 if multi-rate retry is needed. 944 */ 945 static void 946 ath_tx_set_ratectrl(struct ath_softc *sc, struct ieee80211_node *ni, 947 struct ath_buf *bf) 948 { 949 struct ath_rc_series *rc = bf->bf_state.bfs_rc; 950 951 /* If mrr is disabled, blank tries 1, 2, 3 */ 952 if (! bf->bf_state.bfs_ismrr) 953 rc[1].tries = rc[2].tries = rc[3].tries = 0; 954 955 /* 956 * Always call - that way a retried descriptor will 957 * have the MRR fields overwritten. 958 * 959 * XXX TODO: see if this is really needed - setting up 960 * the first descriptor should set the MRR fields to 0 961 * for us anyway. 962 */ 963 if (ath_tx_is_11n(sc)) { 964 ath_buf_set_rate(sc, ni, bf); 965 } else { 966 ath_hal_setupxtxdesc(sc->sc_ah, bf->bf_desc 967 , rc[1].ratecode, rc[1].tries 968 , rc[2].ratecode, rc[2].tries 969 , rc[3].ratecode, rc[3].tries 970 ); 971 } 972 } 973 974 /* 975 * Transmit the given frame to the hardware. 976 * 977 * The frame must already be setup; rate control must already have 978 * been done. 979 * 980 * XXX since the TXQ lock is being held here (and I dislike holding 981 * it for this long when not doing software aggregation), later on 982 * break this function into "setup_normal" and "xmit_normal". The 983 * lock only needs to be held for the ath_tx_handoff call. 984 */ 985 static void 986 ath_tx_xmit_normal(struct ath_softc *sc, struct ath_txq *txq, 987 struct ath_buf *bf) 988 { 989 990 ATH_TXQ_LOCK_ASSERT(txq); 991 992 /* Setup the descriptor before handoff */ 993 ath_tx_do_ratelookup(sc, bf); 994 ath_tx_rate_fill_rcflags(sc, bf); 995 ath_tx_set_rtscts(sc, bf); 996 ath_tx_setds(sc, bf); 997 ath_tx_set_ratectrl(sc, bf->bf_node, bf); 998 ath_tx_chaindesclist(sc, bf); 999 1000 /* Hand off to hardware */ 1001 ath_tx_handoff(sc, txq, bf); 1002 } 1003 1004 1005 1006 static int 1007 ath_tx_normal_setup(struct ath_softc *sc, struct ieee80211_node *ni, 1008 struct ath_buf *bf, struct mbuf *m0) 1009 { 1010 struct ieee80211vap *vap = ni->ni_vap; 1011 struct ath_vap *avp = ATH_VAP(vap); 1012 struct ath_hal *ah = sc->sc_ah; 1013 struct ifnet *ifp = sc->sc_ifp; 1014 struct ieee80211com *ic = ifp->if_l2com; 1015 const struct chanAccParams *cap = &ic->ic_wme.wme_chanParams; 1016 int error, iswep, ismcast, isfrag, ismrr; 1017 int keyix, hdrlen, pktlen, try0 = 0; 1018 u_int8_t rix = 0, txrate = 0; 1019 struct ath_desc *ds; 1020 struct ath_txq *txq; 1021 struct ieee80211_frame *wh; 1022 u_int subtype, flags; 1023 HAL_PKT_TYPE atype; 1024 const HAL_RATE_TABLE *rt; 1025 HAL_BOOL shortPreamble; 1026 struct ath_node *an; 1027 u_int pri; 1028 1029 wh = mtod(m0, struct ieee80211_frame *); 1030 iswep = wh->i_fc[1] & IEEE80211_FC1_WEP; 1031 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1032 isfrag = m0->m_flags & M_FRAG; 1033 hdrlen = ieee80211_anyhdrsize(wh); 1034 /* 1035 * Packet length must not include any 1036 * pad bytes; deduct them here. 1037 */ 1038 pktlen = m0->m_pkthdr.len - (hdrlen & 3); 1039 1040 /* Handle encryption twiddling if needed */ 1041 if (! ath_tx_tag_crypto(sc, ni, m0, iswep, isfrag, &hdrlen, 1042 &pktlen, &keyix)) { 1043 ath_freetx(m0); 1044 return EIO; 1045 } 1046 1047 /* packet header may have moved, reset our local pointer */ 1048 wh = mtod(m0, struct ieee80211_frame *); 1049 1050 pktlen += IEEE80211_CRC_LEN; 1051 1052 /* 1053 * Load the DMA map so any coalescing is done. This 1054 * also calculates the number of descriptors we need. 1055 */ 1056 error = ath_tx_dmasetup(sc, bf, m0); 1057 if (error != 0) 1058 return error; 1059 bf->bf_node = ni; /* NB: held reference */ 1060 m0 = bf->bf_m; /* NB: may have changed */ 1061 wh = mtod(m0, struct ieee80211_frame *); 1062 1063 /* setup descriptors */ 1064 ds = bf->bf_desc; 1065 rt = sc->sc_currates; 1066 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 1067 1068 /* 1069 * NB: the 802.11 layer marks whether or not we should 1070 * use short preamble based on the current mode and 1071 * negotiated parameters. 1072 */ 1073 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1074 (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) { 1075 shortPreamble = AH_TRUE; 1076 sc->sc_stats.ast_tx_shortpre++; 1077 } else { 1078 shortPreamble = AH_FALSE; 1079 } 1080 1081 an = ATH_NODE(ni); 1082 flags = HAL_TXDESC_CLRDMASK; /* XXX needed for crypto errs */ 1083 ismrr = 0; /* default no multi-rate retry*/ 1084 pri = M_WME_GETAC(m0); /* honor classification */ 1085 /* XXX use txparams instead of fixed values */ 1086 /* 1087 * Calculate Atheros packet type from IEEE80211 packet header, 1088 * setup for rate calculations, and select h/w transmit queue. 1089 */ 1090 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 1091 case IEEE80211_FC0_TYPE_MGT: 1092 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1093 if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) 1094 atype = HAL_PKT_TYPE_BEACON; 1095 else if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1096 atype = HAL_PKT_TYPE_PROBE_RESP; 1097 else if (subtype == IEEE80211_FC0_SUBTYPE_ATIM) 1098 atype = HAL_PKT_TYPE_ATIM; 1099 else 1100 atype = HAL_PKT_TYPE_NORMAL; /* XXX */ 1101 rix = an->an_mgmtrix; 1102 txrate = rt->info[rix].rateCode; 1103 if (shortPreamble) 1104 txrate |= rt->info[rix].shortPreamble; 1105 try0 = ATH_TXMGTTRY; 1106 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1107 break; 1108 case IEEE80211_FC0_TYPE_CTL: 1109 atype = HAL_PKT_TYPE_PSPOLL; /* stop setting of duration */ 1110 rix = an->an_mgmtrix; 1111 txrate = rt->info[rix].rateCode; 1112 if (shortPreamble) 1113 txrate |= rt->info[rix].shortPreamble; 1114 try0 = ATH_TXMGTTRY; 1115 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1116 break; 1117 case IEEE80211_FC0_TYPE_DATA: 1118 atype = HAL_PKT_TYPE_NORMAL; /* default */ 1119 /* 1120 * Data frames: multicast frames go out at a fixed rate, 1121 * EAPOL frames use the mgmt frame rate; otherwise consult 1122 * the rate control module for the rate to use. 1123 */ 1124 if (ismcast) { 1125 rix = an->an_mcastrix; 1126 txrate = rt->info[rix].rateCode; 1127 if (shortPreamble) 1128 txrate |= rt->info[rix].shortPreamble; 1129 try0 = 1; 1130 } else if (m0->m_flags & M_EAPOL) { 1131 /* XXX? maybe always use long preamble? */ 1132 rix = an->an_mgmtrix; 1133 txrate = rt->info[rix].rateCode; 1134 if (shortPreamble) 1135 txrate |= rt->info[rix].shortPreamble; 1136 try0 = ATH_TXMAXTRY; /* XXX?too many? */ 1137 } else { 1138 /* 1139 * Do rate lookup on each TX, rather than using 1140 * the hard-coded TX information decided here. 1141 */ 1142 ismrr = 1; 1143 bf->bf_state.bfs_doratelookup = 1; 1144 } 1145 if (cap->cap_wmeParams[pri].wmep_noackPolicy) 1146 flags |= HAL_TXDESC_NOACK; 1147 break; 1148 default: 1149 if_printf(ifp, "bogus frame type 0x%x (%s)\n", 1150 wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK, __func__); 1151 /* XXX statistic */ 1152 ath_freetx(m0); 1153 return EIO; 1154 } 1155 txq = sc->sc_ac2q[pri]; 1156 1157 /* 1158 * When servicing one or more stations in power-save mode 1159 * (or) if there is some mcast data waiting on the mcast 1160 * queue (to prevent out of order delivery) multicast 1161 * frames must be buffered until after the beacon. 1162 */ 1163 if (ismcast && (vap->iv_ps_sta || avp->av_mcastq.axq_depth)) 1164 txq = &avp->av_mcastq; 1165 1166 /* 1167 * Calculate miscellaneous flags. 1168 */ 1169 if (ismcast) { 1170 flags |= HAL_TXDESC_NOACK; /* no ack on broad/multicast */ 1171 } else if (pktlen > vap->iv_rtsthreshold && 1172 (ni->ni_ath_flags & IEEE80211_NODE_FF) == 0) { 1173 flags |= HAL_TXDESC_RTSENA; /* RTS based on frame length */ 1174 sc->sc_stats.ast_tx_rts++; 1175 } 1176 if (flags & HAL_TXDESC_NOACK) /* NB: avoid double counting */ 1177 sc->sc_stats.ast_tx_noack++; 1178 #ifdef IEEE80211_SUPPORT_TDMA 1179 if (sc->sc_tdma && (flags & HAL_TXDESC_NOACK) == 0) { 1180 DPRINTF(sc, ATH_DEBUG_TDMA, 1181 "%s: discard frame, ACK required w/ TDMA\n", __func__); 1182 sc->sc_stats.ast_tdma_ack++; 1183 ath_freetx(m0); 1184 return EIO; 1185 } 1186 #endif 1187 1188 /* 1189 * If 802.11g protection is enabled, determine whether 1190 * to use RTS/CTS or just CTS. Note that this is only 1191 * done for OFDM unicast frames. 1192 */ 1193 if ((ic->ic_flags & IEEE80211_F_USEPROT) && 1194 rt->info[rix].phy == IEEE80211_T_OFDM && 1195 (flags & HAL_TXDESC_NOACK) == 0) { 1196 bf->bf_state.bfs_doprot = 1; 1197 /* XXX fragments must use CCK rates w/ protection */ 1198 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) { 1199 flags |= HAL_TXDESC_RTSENA; 1200 } else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) { 1201 flags |= HAL_TXDESC_CTSENA; 1202 } 1203 /* 1204 * For frags it would be desirable to use the 1205 * highest CCK rate for RTS/CTS. But stations 1206 * farther away may detect it at a lower CCK rate 1207 * so use the configured protection rate instead 1208 * (for now). 1209 */ 1210 sc->sc_stats.ast_tx_protect++; 1211 } 1212 1213 #if 0 1214 /* 1215 * If 11n protection is enabled and it's a HT frame, 1216 * enable RTS. 1217 * 1218 * XXX ic_htprotmode or ic_curhtprotmode? 1219 * XXX should it_htprotmode only matter if ic_curhtprotmode 1220 * XXX indicates it's not a HT pure environment? 1221 */ 1222 if ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 1223 rt->info[rix].phy == IEEE80211_T_HT && 1224 (flags & HAL_TXDESC_NOACK) == 0) { 1225 cix = rt->info[sc->sc_protrix].controlRate; 1226 flags |= HAL_TXDESC_RTSENA; 1227 sc->sc_stats.ast_tx_htprotect++; 1228 } 1229 #endif 1230 1231 /* 1232 * Calculate duration. This logically belongs in the 802.11 1233 * layer but it lacks sufficient information to calculate it. 1234 */ 1235 if ((flags & HAL_TXDESC_NOACK) == 0 && 1236 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_CTL) { 1237 u_int16_t dur; 1238 if (shortPreamble) 1239 dur = rt->info[rix].spAckDuration; 1240 else 1241 dur = rt->info[rix].lpAckDuration; 1242 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) { 1243 dur += dur; /* additional SIFS+ACK */ 1244 KASSERT(m0->m_nextpkt != NULL, ("no fragment")); 1245 /* 1246 * Include the size of next fragment so NAV is 1247 * updated properly. The last fragment uses only 1248 * the ACK duration 1249 */ 1250 dur += ath_hal_computetxtime(ah, rt, 1251 m0->m_nextpkt->m_pkthdr.len, 1252 rix, shortPreamble); 1253 } 1254 if (isfrag) { 1255 /* 1256 * Force hardware to use computed duration for next 1257 * fragment by disabling multi-rate retry which updates 1258 * duration based on the multi-rate duration table. 1259 */ 1260 ismrr = 0; 1261 try0 = ATH_TXMGTTRY; /* XXX? */ 1262 } 1263 *(u_int16_t *)wh->i_dur = htole16(dur); 1264 } 1265 1266 /* 1267 * Determine if a tx interrupt should be generated for 1268 * this descriptor. We take a tx interrupt to reap 1269 * descriptors when the h/w hits an EOL condition or 1270 * when the descriptor is specifically marked to generate 1271 * an interrupt. We periodically mark descriptors in this 1272 * way to insure timely replenishing of the supply needed 1273 * for sending frames. Defering interrupts reduces system 1274 * load and potentially allows more concurrent work to be 1275 * done but if done to aggressively can cause senders to 1276 * backup. 1277 * 1278 * NB: use >= to deal with sc_txintrperiod changing 1279 * dynamically through sysctl. 1280 */ 1281 if (flags & HAL_TXDESC_INTREQ) { 1282 txq->axq_intrcnt = 0; 1283 } else if (++txq->axq_intrcnt >= sc->sc_txintrperiod) { 1284 flags |= HAL_TXDESC_INTREQ; 1285 txq->axq_intrcnt = 0; 1286 } 1287 1288 /* This point forward is actual TX bits */ 1289 1290 /* 1291 * At this point we are committed to sending the frame 1292 * and we don't need to look at m_nextpkt; clear it in 1293 * case this frame is part of frag chain. 1294 */ 1295 m0->m_nextpkt = NULL; 1296 1297 if (IFF_DUMPPKTS(sc, ATH_DEBUG_XMIT)) 1298 ieee80211_dump_pkt(ic, mtod(m0, const uint8_t *), m0->m_len, 1299 sc->sc_hwmap[rix].ieeerate, -1); 1300 1301 if (ieee80211_radiotap_active_vap(vap)) { 1302 u_int64_t tsf = ath_hal_gettsf64(ah); 1303 1304 sc->sc_tx_th.wt_tsf = htole64(tsf); 1305 sc->sc_tx_th.wt_flags = sc->sc_hwmap[rix].txflags; 1306 if (iswep) 1307 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1308 if (isfrag) 1309 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_FRAG; 1310 sc->sc_tx_th.wt_rate = sc->sc_hwmap[rix].ieeerate; 1311 sc->sc_tx_th.wt_txpower = ni->ni_txpower; 1312 sc->sc_tx_th.wt_antenna = sc->sc_txantenna; 1313 1314 ieee80211_radiotap_tx(vap, m0); 1315 } 1316 1317 /* Blank the legacy rate array */ 1318 bzero(&bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 1319 1320 /* 1321 * ath_buf_set_rate needs at least one rate/try to setup 1322 * the rate scenario. 1323 */ 1324 bf->bf_state.bfs_rc[0].rix = rix; 1325 bf->bf_state.bfs_rc[0].tries = try0; 1326 bf->bf_state.bfs_rc[0].ratecode = txrate; 1327 1328 /* Store the decided rate index values away */ 1329 bf->bf_state.bfs_pktlen = pktlen; 1330 bf->bf_state.bfs_hdrlen = hdrlen; 1331 bf->bf_state.bfs_atype = atype; 1332 bf->bf_state.bfs_txpower = ni->ni_txpower; 1333 bf->bf_state.bfs_txrate0 = txrate; 1334 bf->bf_state.bfs_try0 = try0; 1335 bf->bf_state.bfs_keyix = keyix; 1336 bf->bf_state.bfs_txantenna = sc->sc_txantenna; 1337 bf->bf_state.bfs_flags = flags; 1338 bf->bf_txflags = flags; 1339 bf->bf_state.bfs_shpream = shortPreamble; 1340 1341 /* XXX this should be done in ath_tx_setrate() */ 1342 bf->bf_state.bfs_ctsrate0 = 0; /* ie, no hard-coded ctsrate */ 1343 bf->bf_state.bfs_ctsrate = 0; /* calculated later */ 1344 bf->bf_state.bfs_ctsduration = 0; 1345 bf->bf_state.bfs_ismrr = ismrr; 1346 1347 return 0; 1348 } 1349 1350 /* 1351 * Direct-dispatch the current frame to the hardware. 1352 * 1353 * This can be called by the net80211 code. 1354 * 1355 * XXX what about locking? Or, push the seqno assign into the 1356 * XXX aggregate scheduler so its serialised? 1357 */ 1358 int 1359 ath_tx_start(struct ath_softc *sc, struct ieee80211_node *ni, 1360 struct ath_buf *bf, struct mbuf *m0) 1361 { 1362 struct ieee80211vap *vap = ni->ni_vap; 1363 struct ath_vap *avp = ATH_VAP(vap); 1364 int r; 1365 u_int pri; 1366 int tid; 1367 struct ath_txq *txq; 1368 int ismcast; 1369 const struct ieee80211_frame *wh; 1370 int is_ampdu, is_ampdu_tx, is_ampdu_pending; 1371 ieee80211_seq seqno; 1372 uint8_t type, subtype; 1373 1374 /* 1375 * Determine the target hardware queue. 1376 * 1377 * For multicast frames, the txq gets overridden to be the 1378 * software TXQ and it's done via direct-dispatch. 1379 * 1380 * For any other frame, we do a TID/QoS lookup inside the frame 1381 * to see what the TID should be. If it's a non-QoS frame, the 1382 * AC and TID are overridden. The TID/TXQ code assumes the 1383 * TID is on a predictable hardware TXQ, so we don't support 1384 * having a node TID queued to multiple hardware TXQs. 1385 * This may change in the future but would require some locking 1386 * fudgery. 1387 */ 1388 pri = ath_tx_getac(sc, m0); 1389 tid = ath_tx_gettid(sc, m0); 1390 1391 txq = sc->sc_ac2q[pri]; 1392 wh = mtod(m0, struct ieee80211_frame *); 1393 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1394 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1395 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1396 1397 /* A-MPDU TX */ 1398 is_ampdu_tx = ath_tx_ampdu_running(sc, ATH_NODE(ni), tid); 1399 is_ampdu_pending = ath_tx_ampdu_pending(sc, ATH_NODE(ni), tid); 1400 is_ampdu = is_ampdu_tx | is_ampdu_pending; 1401 1402 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d, ac=%d, is_ampdu=%d\n", 1403 __func__, tid, pri, is_ampdu); 1404 1405 /* Multicast frames go onto the software multicast queue */ 1406 if (ismcast) 1407 txq = &avp->av_mcastq; 1408 1409 if ((! is_ampdu) && (vap->iv_ps_sta || avp->av_mcastq.axq_depth)) 1410 txq = &avp->av_mcastq; 1411 1412 /* Do the generic frame setup */ 1413 /* XXX should just bzero the bf_state? */ 1414 bf->bf_state.bfs_dobaw = 0; 1415 1416 /* A-MPDU TX? Manually set sequence number */ 1417 /* Don't do it whilst pending; the net80211 layer still assigns them */ 1418 /* XXX do we need locking here? */ 1419 if (is_ampdu_tx) { 1420 ATH_TXQ_LOCK(txq); 1421 /* 1422 * Always call; this function will 1423 * handle making sure that null data frames 1424 * don't get a sequence number from the current 1425 * TID and thus mess with the BAW. 1426 */ 1427 seqno = ath_tx_tid_seqno_assign(sc, ni, bf, m0); 1428 if (IEEE80211_QOS_HAS_SEQ(wh) && 1429 subtype != IEEE80211_FC0_SUBTYPE_QOS_NULL) { 1430 bf->bf_state.bfs_dobaw = 1; 1431 } 1432 ATH_TXQ_UNLOCK(txq); 1433 } 1434 1435 /* 1436 * If needed, the sequence number has been assigned. 1437 * Squirrel it away somewhere easy to get to. 1438 */ 1439 bf->bf_state.bfs_seqno = M_SEQNO_GET(m0) << IEEE80211_SEQ_SEQ_SHIFT; 1440 1441 /* Is ampdu pending? fetch the seqno and print it out */ 1442 if (is_ampdu_pending) 1443 DPRINTF(sc, ATH_DEBUG_SW_TX, 1444 "%s: tid %d: ampdu pending, seqno %d\n", 1445 __func__, tid, M_SEQNO_GET(m0)); 1446 1447 /* This also sets up the DMA map */ 1448 r = ath_tx_normal_setup(sc, ni, bf, m0); 1449 1450 if (r != 0) 1451 return r; 1452 1453 /* At this point m0 could have changed! */ 1454 m0 = bf->bf_m; 1455 1456 #if 1 1457 /* 1458 * If it's a multicast frame, do a direct-dispatch to the 1459 * destination hardware queue. Don't bother software 1460 * queuing it. 1461 */ 1462 /* 1463 * If it's a BAR frame, do a direct dispatch to the 1464 * destination hardware queue. Don't bother software 1465 * queuing it, as the TID will now be paused. 1466 * Sending a BAR frame can occur from the net80211 txa timer 1467 * (ie, retries) or from the ath txtask (completion call.) 1468 * It queues directly to hardware because the TID is paused 1469 * at this point (and won't be unpaused until the BAR has 1470 * either been TXed successfully or max retries has been 1471 * reached.) 1472 */ 1473 if (txq == &avp->av_mcastq) { 1474 ATH_TXQ_LOCK(txq); 1475 ath_tx_xmit_normal(sc, txq, bf); 1476 ATH_TXQ_UNLOCK(txq); 1477 } else if (type == IEEE80211_FC0_TYPE_CTL && 1478 subtype == IEEE80211_FC0_SUBTYPE_BAR) { 1479 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 1480 "%s: BAR: TX'ing direct\n", __func__); 1481 ATH_TXQ_LOCK(txq); 1482 ath_tx_xmit_normal(sc, txq, bf); 1483 ATH_TXQ_UNLOCK(txq); 1484 } else { 1485 /* add to software queue */ 1486 ath_tx_swq(sc, ni, txq, bf); 1487 } 1488 #else 1489 /* 1490 * For now, since there's no software queue, 1491 * direct-dispatch to the hardware. 1492 */ 1493 ATH_TXQ_LOCK(txq); 1494 ath_tx_xmit_normal(sc, txq, bf); 1495 ATH_TXQ_UNLOCK(txq); 1496 #endif 1497 1498 return 0; 1499 } 1500 1501 static int 1502 ath_tx_raw_start(struct ath_softc *sc, struct ieee80211_node *ni, 1503 struct ath_buf *bf, struct mbuf *m0, 1504 const struct ieee80211_bpf_params *params) 1505 { 1506 struct ifnet *ifp = sc->sc_ifp; 1507 struct ieee80211com *ic = ifp->if_l2com; 1508 struct ath_hal *ah = sc->sc_ah; 1509 struct ieee80211vap *vap = ni->ni_vap; 1510 int error, ismcast, ismrr; 1511 int keyix, hdrlen, pktlen, try0, txantenna; 1512 u_int8_t rix, txrate; 1513 struct ieee80211_frame *wh; 1514 u_int flags; 1515 HAL_PKT_TYPE atype; 1516 const HAL_RATE_TABLE *rt; 1517 struct ath_desc *ds; 1518 u_int pri; 1519 int o_tid = -1; 1520 int do_override; 1521 1522 wh = mtod(m0, struct ieee80211_frame *); 1523 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1524 hdrlen = ieee80211_anyhdrsize(wh); 1525 /* 1526 * Packet length must not include any 1527 * pad bytes; deduct them here. 1528 */ 1529 /* XXX honor IEEE80211_BPF_DATAPAD */ 1530 pktlen = m0->m_pkthdr.len - (hdrlen & 3) + IEEE80211_CRC_LEN; 1531 1532 1533 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: ismcast=%d\n", 1534 __func__, ismcast); 1535 1536 /* Handle encryption twiddling if needed */ 1537 if (! ath_tx_tag_crypto(sc, ni, 1538 m0, params->ibp_flags & IEEE80211_BPF_CRYPTO, 0, 1539 &hdrlen, &pktlen, &keyix)) { 1540 ath_freetx(m0); 1541 return EIO; 1542 } 1543 /* packet header may have moved, reset our local pointer */ 1544 wh = mtod(m0, struct ieee80211_frame *); 1545 1546 /* Do the generic frame setup */ 1547 /* XXX should just bzero the bf_state? */ 1548 bf->bf_state.bfs_dobaw = 0; 1549 1550 error = ath_tx_dmasetup(sc, bf, m0); 1551 if (error != 0) 1552 return error; 1553 m0 = bf->bf_m; /* NB: may have changed */ 1554 wh = mtod(m0, struct ieee80211_frame *); 1555 bf->bf_node = ni; /* NB: held reference */ 1556 1557 flags = HAL_TXDESC_CLRDMASK; /* XXX needed for crypto errs */ 1558 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1559 if (params->ibp_flags & IEEE80211_BPF_RTS) 1560 flags |= HAL_TXDESC_RTSENA; 1561 else if (params->ibp_flags & IEEE80211_BPF_CTS) { 1562 /* XXX assume 11g/11n protection? */ 1563 bf->bf_state.bfs_doprot = 1; 1564 flags |= HAL_TXDESC_CTSENA; 1565 } 1566 /* XXX leave ismcast to injector? */ 1567 if ((params->ibp_flags & IEEE80211_BPF_NOACK) || ismcast) 1568 flags |= HAL_TXDESC_NOACK; 1569 1570 rt = sc->sc_currates; 1571 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 1572 rix = ath_tx_findrix(sc, params->ibp_rate0); 1573 txrate = rt->info[rix].rateCode; 1574 if (params->ibp_flags & IEEE80211_BPF_SHORTPRE) 1575 txrate |= rt->info[rix].shortPreamble; 1576 sc->sc_txrix = rix; 1577 try0 = params->ibp_try0; 1578 ismrr = (params->ibp_try1 != 0); 1579 txantenna = params->ibp_pri >> 2; 1580 if (txantenna == 0) /* XXX? */ 1581 txantenna = sc->sc_txantenna; 1582 1583 /* 1584 * Since ctsrate is fixed, store it away for later 1585 * use when the descriptor fields are being set. 1586 */ 1587 if (flags & (HAL_TXDESC_RTSENA|HAL_TXDESC_CTSENA)) 1588 bf->bf_state.bfs_ctsrate0 = params->ibp_ctsrate; 1589 1590 pri = params->ibp_pri & 3; 1591 /* Override pri if the frame isn't a QoS one */ 1592 if (! IEEE80211_QOS_HAS_SEQ(wh)) 1593 pri = ath_tx_getac(sc, m0); 1594 1595 /* 1596 * NB: we mark all packets as type PSPOLL so the h/w won't 1597 * set the sequence number, duration, etc. 1598 */ 1599 atype = HAL_PKT_TYPE_PSPOLL; 1600 1601 if (IFF_DUMPPKTS(sc, ATH_DEBUG_XMIT)) 1602 ieee80211_dump_pkt(ic, mtod(m0, caddr_t), m0->m_len, 1603 sc->sc_hwmap[rix].ieeerate, -1); 1604 1605 if (ieee80211_radiotap_active_vap(vap)) { 1606 u_int64_t tsf = ath_hal_gettsf64(ah); 1607 1608 sc->sc_tx_th.wt_tsf = htole64(tsf); 1609 sc->sc_tx_th.wt_flags = sc->sc_hwmap[rix].txflags; 1610 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1611 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1612 if (m0->m_flags & M_FRAG) 1613 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_FRAG; 1614 sc->sc_tx_th.wt_rate = sc->sc_hwmap[rix].ieeerate; 1615 sc->sc_tx_th.wt_txpower = ni->ni_txpower; 1616 sc->sc_tx_th.wt_antenna = sc->sc_txantenna; 1617 1618 ieee80211_radiotap_tx(vap, m0); 1619 } 1620 1621 /* 1622 * Formulate first tx descriptor with tx controls. 1623 */ 1624 ds = bf->bf_desc; 1625 /* XXX check return value? */ 1626 1627 /* Store the decided rate index values away */ 1628 bf->bf_state.bfs_pktlen = pktlen; 1629 bf->bf_state.bfs_hdrlen = hdrlen; 1630 bf->bf_state.bfs_atype = atype; 1631 bf->bf_state.bfs_txpower = params->ibp_power; 1632 bf->bf_state.bfs_txrate0 = txrate; 1633 bf->bf_state.bfs_try0 = try0; 1634 bf->bf_state.bfs_keyix = keyix; 1635 bf->bf_state.bfs_txantenna = txantenna; 1636 bf->bf_state.bfs_flags = flags; 1637 bf->bf_txflags = flags; 1638 bf->bf_state.bfs_shpream = 1639 !! (params->ibp_flags & IEEE80211_BPF_SHORTPRE); 1640 1641 /* XXX this should be done in ath_tx_setrate() */ 1642 bf->bf_state.bfs_ctsrate = 0; 1643 bf->bf_state.bfs_ctsduration = 0; 1644 bf->bf_state.bfs_ismrr = ismrr; 1645 1646 /* Blank the legacy rate array */ 1647 bzero(&bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 1648 1649 bf->bf_state.bfs_rc[0].rix = 1650 ath_tx_findrix(sc, params->ibp_rate0); 1651 bf->bf_state.bfs_rc[0].tries = try0; 1652 bf->bf_state.bfs_rc[0].ratecode = txrate; 1653 1654 if (ismrr) { 1655 int rix; 1656 1657 rix = ath_tx_findrix(sc, params->ibp_rate1); 1658 bf->bf_state.bfs_rc[1].rix = rix; 1659 bf->bf_state.bfs_rc[1].tries = params->ibp_try1; 1660 1661 rix = ath_tx_findrix(sc, params->ibp_rate2); 1662 bf->bf_state.bfs_rc[2].rix = rix; 1663 bf->bf_state.bfs_rc[2].tries = params->ibp_try2; 1664 1665 rix = ath_tx_findrix(sc, params->ibp_rate3); 1666 bf->bf_state.bfs_rc[3].rix = rix; 1667 bf->bf_state.bfs_rc[3].tries = params->ibp_try3; 1668 } 1669 /* 1670 * All the required rate control decisions have been made; 1671 * fill in the rc flags. 1672 */ 1673 ath_tx_rate_fill_rcflags(sc, bf); 1674 1675 /* NB: no buffered multicast in power save support */ 1676 1677 /* XXX If it's an ADDBA, override the correct queue */ 1678 do_override = ath_tx_action_frame_override_queue(sc, ni, m0, &o_tid); 1679 1680 /* Map ADDBA to the correct priority */ 1681 if (do_override) { 1682 #if 0 1683 device_printf(sc->sc_dev, 1684 "%s: overriding tid %d pri %d -> %d\n", 1685 __func__, o_tid, pri, TID_TO_WME_AC(o_tid)); 1686 #endif 1687 pri = TID_TO_WME_AC(o_tid); 1688 } 1689 1690 /* 1691 * If we're overiding the ADDBA destination, dump directly 1692 * into the hardware queue, right after any pending 1693 * frames to that node are. 1694 */ 1695 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: dooverride=%d\n", 1696 __func__, do_override); 1697 1698 if (do_override) { 1699 ATH_TXQ_LOCK(sc->sc_ac2q[pri]); 1700 ath_tx_xmit_normal(sc, sc->sc_ac2q[pri], bf); 1701 ATH_TXQ_UNLOCK(sc->sc_ac2q[pri]); 1702 } else { 1703 /* Queue to software queue */ 1704 ath_tx_swq(sc, ni, sc->sc_ac2q[pri], bf); 1705 } 1706 1707 return 0; 1708 } 1709 1710 /* 1711 * Send a raw frame. 1712 * 1713 * This can be called by net80211. 1714 */ 1715 int 1716 ath_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 1717 const struct ieee80211_bpf_params *params) 1718 { 1719 struct ieee80211com *ic = ni->ni_ic; 1720 struct ifnet *ifp = ic->ic_ifp; 1721 struct ath_softc *sc = ifp->if_softc; 1722 struct ath_buf *bf; 1723 int error; 1724 1725 ATH_PCU_LOCK(sc); 1726 if (sc->sc_inreset_cnt > 0) { 1727 device_printf(sc->sc_dev, "%s: sc_inreset_cnt > 0; bailing\n", 1728 __func__); 1729 error = EIO; 1730 ATH_PCU_UNLOCK(sc); 1731 goto bad0; 1732 } 1733 sc->sc_txstart_cnt++; 1734 ATH_PCU_UNLOCK(sc); 1735 1736 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || sc->sc_invalid) { 1737 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: discard frame, %s", __func__, 1738 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ? 1739 "!running" : "invalid"); 1740 m_freem(m); 1741 error = ENETDOWN; 1742 goto bad; 1743 } 1744 /* 1745 * Grab a TX buffer and associated resources. 1746 */ 1747 bf = ath_getbuf(sc); 1748 if (bf == NULL) { 1749 sc->sc_stats.ast_tx_nobuf++; 1750 m_freem(m); 1751 error = ENOBUFS; 1752 goto bad; 1753 } 1754 1755 if (params == NULL) { 1756 /* 1757 * Legacy path; interpret frame contents to decide 1758 * precisely how to send the frame. 1759 */ 1760 if (ath_tx_start(sc, ni, bf, m)) { 1761 error = EIO; /* XXX */ 1762 goto bad2; 1763 } 1764 } else { 1765 /* 1766 * Caller supplied explicit parameters to use in 1767 * sending the frame. 1768 */ 1769 if (ath_tx_raw_start(sc, ni, bf, m, params)) { 1770 error = EIO; /* XXX */ 1771 goto bad2; 1772 } 1773 } 1774 sc->sc_wd_timer = 5; 1775 ifp->if_opackets++; 1776 sc->sc_stats.ast_tx_raw++; 1777 1778 ATH_PCU_LOCK(sc); 1779 sc->sc_txstart_cnt--; 1780 ATH_PCU_UNLOCK(sc); 1781 1782 return 0; 1783 bad2: 1784 ATH_TXBUF_LOCK(sc); 1785 TAILQ_INSERT_HEAD(&sc->sc_txbuf, bf, bf_list); 1786 ATH_TXBUF_UNLOCK(sc); 1787 bad: 1788 ATH_PCU_LOCK(sc); 1789 sc->sc_txstart_cnt--; 1790 ATH_PCU_UNLOCK(sc); 1791 bad0: 1792 ifp->if_oerrors++; 1793 sc->sc_stats.ast_tx_raw_fail++; 1794 ieee80211_free_node(ni); 1795 1796 return error; 1797 } 1798 1799 /* Some helper functions */ 1800 1801 /* 1802 * ADDBA (and potentially others) need to be placed in the same 1803 * hardware queue as the TID/node it's relating to. This is so 1804 * it goes out after any pending non-aggregate frames to the 1805 * same node/TID. 1806 * 1807 * If this isn't done, the ADDBA can go out before the frames 1808 * queued in hardware. Even though these frames have a sequence 1809 * number -earlier- than the ADDBA can be transmitted (but 1810 * no frames whose sequence numbers are after the ADDBA should 1811 * be!) they'll arrive after the ADDBA - and the receiving end 1812 * will simply drop them as being out of the BAW. 1813 * 1814 * The frames can't be appended to the TID software queue - it'll 1815 * never be sent out. So these frames have to be directly 1816 * dispatched to the hardware, rather than queued in software. 1817 * So if this function returns true, the TXQ has to be 1818 * overridden and it has to be directly dispatched. 1819 * 1820 * It's a dirty hack, but someone's gotta do it. 1821 */ 1822 1823 /* 1824 * XXX doesn't belong here! 1825 */ 1826 static int 1827 ieee80211_is_action(struct ieee80211_frame *wh) 1828 { 1829 /* Type: Management frame? */ 1830 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != 1831 IEEE80211_FC0_TYPE_MGT) 1832 return 0; 1833 1834 /* Subtype: Action frame? */ 1835 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) != 1836 IEEE80211_FC0_SUBTYPE_ACTION) 1837 return 0; 1838 1839 return 1; 1840 } 1841 1842 #define MS(_v, _f) (((_v) & _f) >> _f##_S) 1843 /* 1844 * Return an alternate TID for ADDBA request frames. 1845 * 1846 * Yes, this likely should be done in the net80211 layer. 1847 */ 1848 static int 1849 ath_tx_action_frame_override_queue(struct ath_softc *sc, 1850 struct ieee80211_node *ni, 1851 struct mbuf *m0, int *tid) 1852 { 1853 struct ieee80211_frame *wh = mtod(m0, struct ieee80211_frame *); 1854 struct ieee80211_action_ba_addbarequest *ia; 1855 uint8_t *frm; 1856 uint16_t baparamset; 1857 1858 /* Not action frame? Bail */ 1859 if (! ieee80211_is_action(wh)) 1860 return 0; 1861 1862 /* XXX Not needed for frames we send? */ 1863 #if 0 1864 /* Correct length? */ 1865 if (! ieee80211_parse_action(ni, m)) 1866 return 0; 1867 #endif 1868 1869 /* Extract out action frame */ 1870 frm = (u_int8_t *)&wh[1]; 1871 ia = (struct ieee80211_action_ba_addbarequest *) frm; 1872 1873 /* Not ADDBA? Bail */ 1874 if (ia->rq_header.ia_category != IEEE80211_ACTION_CAT_BA) 1875 return 0; 1876 if (ia->rq_header.ia_action != IEEE80211_ACTION_BA_ADDBA_REQUEST) 1877 return 0; 1878 1879 /* Extract TID, return it */ 1880 baparamset = le16toh(ia->rq_baparamset); 1881 *tid = (int) MS(baparamset, IEEE80211_BAPS_TID); 1882 1883 return 1; 1884 } 1885 #undef MS 1886 1887 /* Per-node software queue operations */ 1888 1889 /* 1890 * Add the current packet to the given BAW. 1891 * It is assumed that the current packet 1892 * 1893 * + fits inside the BAW; 1894 * + already has had a sequence number allocated. 1895 * 1896 * Since the BAW status may be modified by both the ath task and 1897 * the net80211/ifnet contexts, the TID must be locked. 1898 */ 1899 void 1900 ath_tx_addto_baw(struct ath_softc *sc, struct ath_node *an, 1901 struct ath_tid *tid, struct ath_buf *bf) 1902 { 1903 int index, cindex; 1904 struct ieee80211_tx_ampdu *tap; 1905 1906 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 1907 1908 if (bf->bf_state.bfs_isretried) 1909 return; 1910 1911 tap = ath_tx_get_tx_tid(an, tid->tid); 1912 1913 if (bf->bf_state.bfs_addedbaw) 1914 device_printf(sc->sc_dev, 1915 "%s: re-added? tid=%d, seqno %d; window %d:%d; " 1916 "baw head=%d tail=%d\n", 1917 __func__, tid->tid, SEQNO(bf->bf_state.bfs_seqno), 1918 tap->txa_start, tap->txa_wnd, tid->baw_head, 1919 tid->baw_tail); 1920 1921 /* 1922 * ni->ni_txseqs[] is the currently allocated seqno. 1923 * the txa state contains the current baw start. 1924 */ 1925 index = ATH_BA_INDEX(tap->txa_start, SEQNO(bf->bf_state.bfs_seqno)); 1926 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 1927 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 1928 "%s: tid=%d, seqno %d; window %d:%d; index=%d cindex=%d " 1929 "baw head=%d tail=%d\n", 1930 __func__, tid->tid, SEQNO(bf->bf_state.bfs_seqno), 1931 tap->txa_start, tap->txa_wnd, index, cindex, tid->baw_head, 1932 tid->baw_tail); 1933 1934 1935 #if 0 1936 assert(tid->tx_buf[cindex] == NULL); 1937 #endif 1938 if (tid->tx_buf[cindex] != NULL) { 1939 device_printf(sc->sc_dev, 1940 "%s: ba packet dup (index=%d, cindex=%d, " 1941 "head=%d, tail=%d)\n", 1942 __func__, index, cindex, tid->baw_head, tid->baw_tail); 1943 device_printf(sc->sc_dev, 1944 "%s: BA bf: %p; seqno=%d ; new bf: %p; seqno=%d\n", 1945 __func__, 1946 tid->tx_buf[cindex], 1947 SEQNO(tid->tx_buf[cindex]->bf_state.bfs_seqno), 1948 bf, 1949 SEQNO(bf->bf_state.bfs_seqno) 1950 ); 1951 } 1952 tid->tx_buf[cindex] = bf; 1953 1954 if (index >= ((tid->baw_tail - tid->baw_head) & 1955 (ATH_TID_MAX_BUFS - 1))) { 1956 tid->baw_tail = cindex; 1957 INCR(tid->baw_tail, ATH_TID_MAX_BUFS); 1958 } 1959 } 1960 1961 /* 1962 * Flip the BAW buffer entry over from the existing one to the new one. 1963 * 1964 * When software retransmitting a (sub-)frame, it is entirely possible that 1965 * the frame ath_buf is marked as BUSY and can't be immediately reused. 1966 * In that instance the buffer is cloned and the new buffer is used for 1967 * retransmit. We thus need to update the ath_buf slot in the BAW buf 1968 * tracking array to maintain consistency. 1969 */ 1970 static void 1971 ath_tx_switch_baw_buf(struct ath_softc *sc, struct ath_node *an, 1972 struct ath_tid *tid, struct ath_buf *old_bf, struct ath_buf *new_bf) 1973 { 1974 int index, cindex; 1975 struct ieee80211_tx_ampdu *tap; 1976 int seqno = SEQNO(old_bf->bf_state.bfs_seqno); 1977 1978 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 1979 1980 tap = ath_tx_get_tx_tid(an, tid->tid); 1981 index = ATH_BA_INDEX(tap->txa_start, seqno); 1982 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 1983 1984 /* 1985 * Just warn for now; if it happens then we should find out 1986 * about it. It's highly likely the aggregation session will 1987 * soon hang. 1988 */ 1989 if (old_bf->bf_state.bfs_seqno != new_bf->bf_state.bfs_seqno) { 1990 device_printf(sc->sc_dev, "%s: retransmitted buffer" 1991 " has mismatching seqno's, BA session may hang.\n", 1992 __func__); 1993 device_printf(sc->sc_dev, "%s: old seqno=%d, new_seqno=%d\n", 1994 __func__, 1995 old_bf->bf_state.bfs_seqno, 1996 new_bf->bf_state.bfs_seqno); 1997 } 1998 1999 if (tid->tx_buf[cindex] != old_bf) { 2000 device_printf(sc->sc_dev, "%s: ath_buf pointer incorrect; " 2001 " has m BA session may hang.\n", 2002 __func__); 2003 device_printf(sc->sc_dev, "%s: old bf=%p, new bf=%p\n", 2004 __func__, 2005 old_bf, new_bf); 2006 } 2007 2008 tid->tx_buf[cindex] = new_bf; 2009 } 2010 2011 /* 2012 * seq_start - left edge of BAW 2013 * seq_next - current/next sequence number to allocate 2014 * 2015 * Since the BAW status may be modified by both the ath task and 2016 * the net80211/ifnet contexts, the TID must be locked. 2017 */ 2018 static void 2019 ath_tx_update_baw(struct ath_softc *sc, struct ath_node *an, 2020 struct ath_tid *tid, const struct ath_buf *bf) 2021 { 2022 int index, cindex; 2023 struct ieee80211_tx_ampdu *tap; 2024 int seqno = SEQNO(bf->bf_state.bfs_seqno); 2025 2026 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2027 2028 tap = ath_tx_get_tx_tid(an, tid->tid); 2029 index = ATH_BA_INDEX(tap->txa_start, seqno); 2030 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 2031 2032 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 2033 "%s: tid=%d, baw=%d:%d, seqno=%d, index=%d, cindex=%d, " 2034 "baw head=%d, tail=%d\n", 2035 __func__, tid->tid, tap->txa_start, tap->txa_wnd, seqno, index, 2036 cindex, tid->baw_head, tid->baw_tail); 2037 2038 /* 2039 * If this occurs then we have a big problem - something else 2040 * has slid tap->txa_start along without updating the BAW 2041 * tracking start/end pointers. Thus the TX BAW state is now 2042 * completely busted. 2043 * 2044 * But for now, since I haven't yet fixed TDMA and buffer cloning, 2045 * it's quite possible that a cloned buffer is making its way 2046 * here and causing it to fire off. Disable TDMA for now. 2047 */ 2048 if (tid->tx_buf[cindex] != bf) { 2049 device_printf(sc->sc_dev, 2050 "%s: comp bf=%p, seq=%d; slot bf=%p, seqno=%d\n", 2051 __func__, 2052 bf, SEQNO(bf->bf_state.bfs_seqno), 2053 tid->tx_buf[cindex], 2054 SEQNO(tid->tx_buf[cindex]->bf_state.bfs_seqno)); 2055 } 2056 2057 tid->tx_buf[cindex] = NULL; 2058 2059 while (tid->baw_head != tid->baw_tail && 2060 !tid->tx_buf[tid->baw_head]) { 2061 INCR(tap->txa_start, IEEE80211_SEQ_RANGE); 2062 INCR(tid->baw_head, ATH_TID_MAX_BUFS); 2063 } 2064 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 2065 "%s: baw is now %d:%d, baw head=%d\n", 2066 __func__, tap->txa_start, tap->txa_wnd, tid->baw_head); 2067 } 2068 2069 /* 2070 * Mark the current node/TID as ready to TX. 2071 * 2072 * This is done to make it easy for the software scheduler to 2073 * find which nodes have data to send. 2074 * 2075 * The TXQ lock must be held. 2076 */ 2077 static void 2078 ath_tx_tid_sched(struct ath_softc *sc, struct ath_tid *tid) 2079 { 2080 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2081 2082 ATH_TXQ_LOCK_ASSERT(txq); 2083 2084 if (tid->paused) 2085 return; /* paused, can't schedule yet */ 2086 2087 if (tid->sched) 2088 return; /* already scheduled */ 2089 2090 tid->sched = 1; 2091 2092 TAILQ_INSERT_TAIL(&txq->axq_tidq, tid, axq_qelem); 2093 } 2094 2095 /* 2096 * Mark the current node as no longer needing to be polled for 2097 * TX packets. 2098 * 2099 * The TXQ lock must be held. 2100 */ 2101 static void 2102 ath_tx_tid_unsched(struct ath_softc *sc, struct ath_tid *tid) 2103 { 2104 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2105 2106 ATH_TXQ_LOCK_ASSERT(txq); 2107 2108 if (tid->sched == 0) 2109 return; 2110 2111 tid->sched = 0; 2112 TAILQ_REMOVE(&txq->axq_tidq, tid, axq_qelem); 2113 } 2114 2115 /* 2116 * Assign a sequence number manually to the given frame. 2117 * 2118 * This should only be called for A-MPDU TX frames. 2119 */ 2120 static ieee80211_seq 2121 ath_tx_tid_seqno_assign(struct ath_softc *sc, struct ieee80211_node *ni, 2122 struct ath_buf *bf, struct mbuf *m0) 2123 { 2124 struct ieee80211_frame *wh; 2125 int tid, pri; 2126 ieee80211_seq seqno; 2127 uint8_t subtype; 2128 2129 /* TID lookup */ 2130 wh = mtod(m0, struct ieee80211_frame *); 2131 pri = M_WME_GETAC(m0); /* honor classification */ 2132 tid = WME_AC_TO_TID(pri); 2133 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: pri=%d, tid=%d, qos has seq=%d\n", 2134 __func__, pri, tid, IEEE80211_QOS_HAS_SEQ(wh)); 2135 2136 /* XXX Is it a control frame? Ignore */ 2137 2138 /* Does the packet require a sequence number? */ 2139 if (! IEEE80211_QOS_HAS_SEQ(wh)) 2140 return -1; 2141 2142 /* 2143 * Is it a QOS NULL Data frame? Give it a sequence number from 2144 * the default TID (IEEE80211_NONQOS_TID.) 2145 * 2146 * The RX path of everything I've looked at doesn't include the NULL 2147 * data frame sequence number in the aggregation state updates, so 2148 * assigning it a sequence number there will cause a BAW hole on the 2149 * RX side. 2150 */ 2151 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2152 if (subtype == IEEE80211_FC0_SUBTYPE_QOS_NULL) { 2153 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]; 2154 INCR(ni->ni_txseqs[IEEE80211_NONQOS_TID], IEEE80211_SEQ_RANGE); 2155 } else { 2156 /* Manually assign sequence number */ 2157 seqno = ni->ni_txseqs[tid]; 2158 INCR(ni->ni_txseqs[tid], IEEE80211_SEQ_RANGE); 2159 } 2160 *(uint16_t *)&wh->i_seq[0] = htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 2161 M_SEQNO_SET(m0, seqno); 2162 2163 /* Return so caller can do something with it if needed */ 2164 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: -> seqno=%d\n", __func__, seqno); 2165 return seqno; 2166 } 2167 2168 /* 2169 * Attempt to direct dispatch an aggregate frame to hardware. 2170 * If the frame is out of BAW, queue. 2171 * Otherwise, schedule it as a single frame. 2172 */ 2173 static void 2174 ath_tx_xmit_aggr(struct ath_softc *sc, struct ath_node *an, struct ath_buf *bf) 2175 { 2176 struct ath_tid *tid = &an->an_tid[bf->bf_state.bfs_tid]; 2177 struct ath_txq *txq = bf->bf_state.bfs_txq; 2178 struct ieee80211_tx_ampdu *tap; 2179 2180 ATH_TXQ_LOCK_ASSERT(txq); 2181 2182 tap = ath_tx_get_tx_tid(an, tid->tid); 2183 2184 /* paused? queue */ 2185 if (tid->paused) { 2186 ATH_TXQ_INSERT_TAIL(tid, bf, bf_list); 2187 return; 2188 } 2189 2190 /* outside baw? queue */ 2191 if (bf->bf_state.bfs_dobaw && 2192 (! BAW_WITHIN(tap->txa_start, tap->txa_wnd, 2193 SEQNO(bf->bf_state.bfs_seqno)))) { 2194 ATH_TXQ_INSERT_TAIL(tid, bf, bf_list); 2195 ath_tx_tid_sched(sc, tid); 2196 return; 2197 } 2198 2199 /* Direct dispatch to hardware */ 2200 ath_tx_do_ratelookup(sc, bf); 2201 ath_tx_rate_fill_rcflags(sc, bf); 2202 ath_tx_set_rtscts(sc, bf); 2203 ath_tx_setds(sc, bf); 2204 ath_tx_set_ratectrl(sc, bf->bf_node, bf); 2205 ath_tx_chaindesclist(sc, bf); 2206 2207 /* Statistics */ 2208 sc->sc_aggr_stats.aggr_low_hwq_single_pkt++; 2209 2210 /* Track per-TID hardware queue depth correctly */ 2211 tid->hwq_depth++; 2212 2213 /* Add to BAW */ 2214 if (bf->bf_state.bfs_dobaw) { 2215 ath_tx_addto_baw(sc, an, tid, bf); 2216 bf->bf_state.bfs_addedbaw = 1; 2217 } 2218 2219 /* Set completion handler, multi-frame aggregate or not */ 2220 bf->bf_comp = ath_tx_aggr_comp; 2221 2222 /* Hand off to hardware */ 2223 ath_tx_handoff(sc, txq, bf); 2224 } 2225 2226 /* 2227 * Attempt to send the packet. 2228 * If the queue isn't busy, direct-dispatch. 2229 * If the queue is busy enough, queue the given packet on the 2230 * relevant software queue. 2231 */ 2232 void 2233 ath_tx_swq(struct ath_softc *sc, struct ieee80211_node *ni, struct ath_txq *txq, 2234 struct ath_buf *bf) 2235 { 2236 struct ath_node *an = ATH_NODE(ni); 2237 struct ieee80211_frame *wh; 2238 struct ath_tid *atid; 2239 int pri, tid; 2240 struct mbuf *m0 = bf->bf_m; 2241 2242 /* Fetch the TID - non-QoS frames get assigned to TID 16 */ 2243 wh = mtod(m0, struct ieee80211_frame *); 2244 pri = ath_tx_getac(sc, m0); 2245 tid = ath_tx_gettid(sc, m0); 2246 atid = &an->an_tid[tid]; 2247 2248 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: bf=%p, pri=%d, tid=%d, qos=%d\n", 2249 __func__, bf, pri, tid, IEEE80211_QOS_HAS_SEQ(wh)); 2250 2251 /* Set local packet state, used to queue packets to hardware */ 2252 bf->bf_state.bfs_tid = tid; 2253 bf->bf_state.bfs_txq = txq; 2254 bf->bf_state.bfs_pri = pri; 2255 2256 /* 2257 * If the hardware queue isn't busy, queue it directly. 2258 * If the hardware queue is busy, queue it. 2259 * If the TID is paused or the traffic it outside BAW, software 2260 * queue it. 2261 */ 2262 ATH_TXQ_LOCK(txq); 2263 if (atid->paused) { 2264 /* TID is paused, queue */ 2265 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: paused\n", __func__); 2266 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2267 } else if (ath_tx_ampdu_pending(sc, an, tid)) { 2268 /* AMPDU pending; queue */ 2269 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: pending\n", __func__); 2270 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2271 /* XXX sched? */ 2272 } else if (ath_tx_ampdu_running(sc, an, tid)) { 2273 /* AMPDU running, attempt direct dispatch if possible */ 2274 if (txq->axq_depth < sc->sc_hwq_limit) { 2275 ath_tx_xmit_aggr(sc, an, bf); 2276 DPRINTF(sc, ATH_DEBUG_SW_TX, 2277 "%s: xmit_aggr\n", 2278 __func__); 2279 } else { 2280 DPRINTF(sc, ATH_DEBUG_SW_TX, 2281 "%s: ampdu; swq'ing\n", 2282 __func__); 2283 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2284 ath_tx_tid_sched(sc, atid); 2285 } 2286 } else if (txq->axq_depth < sc->sc_hwq_limit) { 2287 /* AMPDU not running, attempt direct dispatch */ 2288 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: xmit_normal\n", __func__); 2289 ath_tx_xmit_normal(sc, txq, bf); 2290 } else { 2291 /* Busy; queue */ 2292 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: swq'ing\n", __func__); 2293 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2294 ath_tx_tid_sched(sc, atid); 2295 } 2296 ATH_TXQ_UNLOCK(txq); 2297 } 2298 2299 /* 2300 * Do the basic frame setup stuff that's required before the frame 2301 * is added to a software queue. 2302 * 2303 * All frames get mostly the same treatment and it's done once. 2304 * Retransmits fiddle with things like the rate control setup, 2305 * setting the retransmit bit in the packet; doing relevant DMA/bus 2306 * syncing and relinking it (back) into the hardware TX queue. 2307 * 2308 * Note that this may cause the mbuf to be reallocated, so 2309 * m0 may not be valid. 2310 */ 2311 2312 2313 /* 2314 * Configure the per-TID node state. 2315 * 2316 * This likely belongs in if_ath_node.c but I can't think of anywhere 2317 * else to put it just yet. 2318 * 2319 * This sets up the SLISTs and the mutex as appropriate. 2320 */ 2321 void 2322 ath_tx_tid_init(struct ath_softc *sc, struct ath_node *an) 2323 { 2324 int i, j; 2325 struct ath_tid *atid; 2326 2327 for (i = 0; i < IEEE80211_TID_SIZE; i++) { 2328 atid = &an->an_tid[i]; 2329 TAILQ_INIT(&atid->axq_q); 2330 atid->tid = i; 2331 atid->an = an; 2332 for (j = 0; j < ATH_TID_MAX_BUFS; j++) 2333 atid->tx_buf[j] = NULL; 2334 atid->baw_head = atid->baw_tail = 0; 2335 atid->paused = 0; 2336 atid->sched = 0; 2337 atid->hwq_depth = 0; 2338 atid->cleanup_inprogress = 0; 2339 if (i == IEEE80211_NONQOS_TID) 2340 atid->ac = WME_AC_BE; 2341 else 2342 atid->ac = TID_TO_WME_AC(i); 2343 } 2344 } 2345 2346 /* 2347 * Pause the current TID. This stops packets from being transmitted 2348 * on it. 2349 * 2350 * Since this is also called from upper layers as well as the driver, 2351 * it will get the TID lock. 2352 */ 2353 static void 2354 ath_tx_tid_pause(struct ath_softc *sc, struct ath_tid *tid) 2355 { 2356 ATH_TXQ_LOCK(sc->sc_ac2q[tid->ac]); 2357 tid->paused++; 2358 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: paused = %d\n", 2359 __func__, tid->paused); 2360 ATH_TXQ_UNLOCK(sc->sc_ac2q[tid->ac]); 2361 } 2362 2363 /* 2364 * Unpause the current TID, and schedule it if needed. 2365 */ 2366 static void 2367 ath_tx_tid_resume(struct ath_softc *sc, struct ath_tid *tid) 2368 { 2369 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2370 2371 tid->paused--; 2372 2373 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: unpaused = %d\n", 2374 __func__, tid->paused); 2375 2376 if (tid->paused || tid->axq_depth == 0) { 2377 return; 2378 } 2379 2380 ath_tx_tid_sched(sc, tid); 2381 /* Punt some frames to the hardware if needed */ 2382 ath_txq_sched(sc, sc->sc_ac2q[tid->ac]); 2383 } 2384 2385 /* 2386 * Free any packets currently pending in the software TX queue. 2387 * 2388 * This will be called when a node is being deleted. 2389 * 2390 * It can also be called on an active node during an interface 2391 * reset or state transition. 2392 * 2393 * (From Linux/reference): 2394 * 2395 * TODO: For frame(s) that are in the retry state, we will reuse the 2396 * sequence number(s) without setting the retry bit. The 2397 * alternative is to give up on these and BAR the receiver's window 2398 * forward. 2399 */ 2400 static void 2401 ath_tx_tid_drain(struct ath_softc *sc, struct ath_node *an, 2402 struct ath_tid *tid, ath_bufhead *bf_cq) 2403 { 2404 struct ath_buf *bf; 2405 struct ieee80211_tx_ampdu *tap; 2406 struct ieee80211_node *ni = &an->an_node; 2407 int t = 0; 2408 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2409 2410 tap = ath_tx_get_tx_tid(an, tid->tid); 2411 2412 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2413 2414 /* Walk the queue, free frames */ 2415 for (;;) { 2416 bf = TAILQ_FIRST(&tid->axq_q); 2417 if (bf == NULL) { 2418 break; 2419 } 2420 2421 if (t == 0) { 2422 device_printf(sc->sc_dev, 2423 "%s: node %p: tid %d: txq_depth=%d, " 2424 "txq_aggr_depth=%d, sched=%d, paused=%d, " 2425 "hwq_depth=%d, incomp=%d, baw_head=%d, " 2426 "baw_tail=%d txa_start=%d, ni_txseqs=%d\n", 2427 __func__, ni, tid->tid, txq->axq_depth, 2428 txq->axq_aggr_depth, tid->sched, tid->paused, 2429 tid->hwq_depth, tid->incomp, tid->baw_head, 2430 tid->baw_tail, tap == NULL ? -1 : tap->txa_start, 2431 ni->ni_txseqs[tid->tid]); 2432 2433 /* XXX Dump the frame, see what it is? */ 2434 ieee80211_dump_pkt(ni->ni_ic, 2435 mtod(bf->bf_m, const uint8_t *), 2436 bf->bf_m->m_len, 0, -1); 2437 2438 t = 1; 2439 } 2440 2441 2442 /* 2443 * If the current TID is running AMPDU, update 2444 * the BAW. 2445 */ 2446 if (ath_tx_ampdu_running(sc, an, tid->tid) && 2447 bf->bf_state.bfs_dobaw) { 2448 /* 2449 * Only remove the frame from the BAW if it's 2450 * been transmitted at least once; this means 2451 * the frame was in the BAW to begin with. 2452 */ 2453 if (bf->bf_state.bfs_retries > 0) { 2454 ath_tx_update_baw(sc, an, tid, bf); 2455 bf->bf_state.bfs_dobaw = 0; 2456 } 2457 /* 2458 * This has become a non-fatal error now 2459 */ 2460 if (! bf->bf_state.bfs_addedbaw) 2461 device_printf(sc->sc_dev, 2462 "%s: wasn't added: seqno %d\n", 2463 __func__, SEQNO(bf->bf_state.bfs_seqno)); 2464 } 2465 ATH_TXQ_REMOVE(tid, bf, bf_list); 2466 TAILQ_INSERT_TAIL(bf_cq, bf, bf_list); 2467 } 2468 2469 /* 2470 * Now that it's completed, grab the TID lock and update 2471 * the sequence number and BAW window. 2472 * Because sequence numbers have been assigned to frames 2473 * that haven't been sent yet, it's entirely possible 2474 * we'll be called with some pending frames that have not 2475 * been transmitted. 2476 * 2477 * The cleaner solution is to do the sequence number allocation 2478 * when the packet is first transmitted - and thus the "retries" 2479 * check above would be enough to update the BAW/seqno. 2480 */ 2481 2482 /* But don't do it for non-QoS TIDs */ 2483 if (tap) { 2484 #if 0 2485 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 2486 "%s: node %p: TID %d: sliding BAW left edge to %d\n", 2487 __func__, an, tid->tid, tap->txa_start); 2488 #endif 2489 ni->ni_txseqs[tid->tid] = tap->txa_start; 2490 tid->baw_tail = tid->baw_head; 2491 } 2492 } 2493 2494 /* 2495 * Flush all software queued packets for the given node. 2496 * 2497 * This occurs when a completion handler frees the last buffer 2498 * for a node, and the node is thus freed. This causes the node 2499 * to be cleaned up, which ends up calling ath_tx_node_flush. 2500 */ 2501 void 2502 ath_tx_node_flush(struct ath_softc *sc, struct ath_node *an) 2503 { 2504 int tid; 2505 ath_bufhead bf_cq; 2506 struct ath_buf *bf; 2507 2508 TAILQ_INIT(&bf_cq); 2509 2510 for (tid = 0; tid < IEEE80211_TID_SIZE; tid++) { 2511 struct ath_tid *atid = &an->an_tid[tid]; 2512 struct ath_txq *txq = sc->sc_ac2q[atid->ac]; 2513 2514 /* Remove this tid from the list of active tids */ 2515 ATH_TXQ_LOCK(txq); 2516 ath_tx_tid_unsched(sc, atid); 2517 2518 /* Free packets */ 2519 ath_tx_tid_drain(sc, an, atid, &bf_cq); 2520 ATH_TXQ_UNLOCK(txq); 2521 } 2522 2523 /* Handle completed frames */ 2524 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 2525 TAILQ_REMOVE(&bf_cq, bf, bf_list); 2526 ath_tx_default_comp(sc, bf, 0); 2527 } 2528 } 2529 2530 /* 2531 * Drain all the software TXQs currently with traffic queued. 2532 */ 2533 void 2534 ath_tx_txq_drain(struct ath_softc *sc, struct ath_txq *txq) 2535 { 2536 struct ath_tid *tid; 2537 ath_bufhead bf_cq; 2538 struct ath_buf *bf; 2539 2540 TAILQ_INIT(&bf_cq); 2541 ATH_TXQ_LOCK(txq); 2542 2543 /* 2544 * Iterate over all active tids for the given txq, 2545 * flushing and unsched'ing them 2546 */ 2547 while (! TAILQ_EMPTY(&txq->axq_tidq)) { 2548 tid = TAILQ_FIRST(&txq->axq_tidq); 2549 ath_tx_tid_drain(sc, tid->an, tid, &bf_cq); 2550 ath_tx_tid_unsched(sc, tid); 2551 } 2552 2553 ATH_TXQ_UNLOCK(txq); 2554 2555 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 2556 TAILQ_REMOVE(&bf_cq, bf, bf_list); 2557 ath_tx_default_comp(sc, bf, 0); 2558 } 2559 } 2560 2561 /* 2562 * Handle completion of non-aggregate session frames. 2563 */ 2564 void 2565 ath_tx_normal_comp(struct ath_softc *sc, struct ath_buf *bf, int fail) 2566 { 2567 struct ieee80211_node *ni = bf->bf_node; 2568 struct ath_node *an = ATH_NODE(ni); 2569 int tid = bf->bf_state.bfs_tid; 2570 struct ath_tid *atid = &an->an_tid[tid]; 2571 struct ath_tx_status *ts = &bf->bf_status.ds_txstat; 2572 2573 /* The TID state is protected behind the TXQ lock */ 2574 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 2575 2576 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: bf=%p: fail=%d, hwq_depth now %d\n", 2577 __func__, bf, fail, atid->hwq_depth - 1); 2578 2579 atid->hwq_depth--; 2580 if (atid->hwq_depth < 0) 2581 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 2582 __func__, atid->hwq_depth); 2583 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 2584 2585 /* 2586 * punt to rate control if we're not being cleaned up 2587 * during a hw queue drain and the frame wanted an ACK. 2588 */ 2589 if (fail == 0 && ((bf->bf_txflags & HAL_TXDESC_NOACK) == 0)) 2590 ath_tx_update_ratectrl(sc, ni, bf->bf_state.bfs_rc, 2591 ts, bf->bf_state.bfs_pktlen, 2592 1, (ts->ts_status == 0) ? 0 : 1); 2593 2594 ath_tx_default_comp(sc, bf, fail); 2595 } 2596 2597 /* 2598 * Handle cleanup of aggregate session packets that aren't 2599 * an A-MPDU. 2600 * 2601 * There's no need to update the BAW here - the session is being 2602 * torn down. 2603 */ 2604 static void 2605 ath_tx_comp_cleanup_unaggr(struct ath_softc *sc, struct ath_buf *bf) 2606 { 2607 struct ieee80211_node *ni = bf->bf_node; 2608 struct ath_node *an = ATH_NODE(ni); 2609 int tid = bf->bf_state.bfs_tid; 2610 struct ath_tid *atid = &an->an_tid[tid]; 2611 2612 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: TID %d: incomp=%d\n", 2613 __func__, tid, atid->incomp); 2614 2615 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 2616 atid->incomp--; 2617 if (atid->incomp == 0) { 2618 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 2619 "%s: TID %d: cleaned up! resume!\n", 2620 __func__, tid); 2621 atid->cleanup_inprogress = 0; 2622 ath_tx_tid_resume(sc, atid); 2623 } 2624 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 2625 2626 ath_tx_default_comp(sc, bf, 0); 2627 } 2628 2629 /* 2630 * Performs transmit side cleanup when TID changes from aggregated to 2631 * unaggregated. 2632 * 2633 * - Discard all retry frames from the s/w queue. 2634 * - Fix the tx completion function for all buffers in s/w queue. 2635 * - Count the number of unacked frames, and let transmit completion 2636 * handle it later. 2637 * 2638 * The caller is responsible for pausing the TID. 2639 */ 2640 static void 2641 ath_tx_cleanup(struct ath_softc *sc, struct ath_node *an, int tid) 2642 { 2643 struct ath_tid *atid = &an->an_tid[tid]; 2644 struct ieee80211_tx_ampdu *tap; 2645 struct ath_buf *bf, *bf_next; 2646 ath_bufhead bf_cq; 2647 2648 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 2649 "%s: TID %d: called\n", __func__, tid); 2650 2651 TAILQ_INIT(&bf_cq); 2652 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 2653 2654 /* 2655 * Update the frames in the software TX queue: 2656 * 2657 * + Discard retry frames in the queue 2658 * + Fix the completion function to be non-aggregate 2659 */ 2660 bf = TAILQ_FIRST(&atid->axq_q); 2661 while (bf) { 2662 if (bf->bf_state.bfs_isretried) { 2663 bf_next = TAILQ_NEXT(bf, bf_list); 2664 TAILQ_REMOVE(&atid->axq_q, bf, bf_list); 2665 atid->axq_depth--; 2666 if (bf->bf_state.bfs_dobaw) { 2667 ath_tx_update_baw(sc, an, atid, bf); 2668 if (! bf->bf_state.bfs_addedbaw) 2669 device_printf(sc->sc_dev, 2670 "%s: wasn't added: seqno %d\n", 2671 __func__, 2672 SEQNO(bf->bf_state.bfs_seqno)); 2673 } 2674 bf->bf_state.bfs_dobaw = 0; 2675 /* 2676 * Call the default completion handler with "fail" just 2677 * so upper levels are suitably notified about this. 2678 */ 2679 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 2680 bf = bf_next; 2681 continue; 2682 } 2683 /* Give these the default completion handler */ 2684 bf->bf_comp = ath_tx_normal_comp; 2685 bf = TAILQ_NEXT(bf, bf_list); 2686 } 2687 2688 /* The caller is required to pause the TID */ 2689 #if 0 2690 /* Pause the TID */ 2691 ath_tx_tid_pause(sc, atid); 2692 #endif 2693 2694 /* 2695 * Calculate what hardware-queued frames exist based 2696 * on the current BAW size. Ie, what frames have been 2697 * added to the TX hardware queue for this TID but 2698 * not yet ACKed. 2699 */ 2700 tap = ath_tx_get_tx_tid(an, tid); 2701 /* Need the lock - fiddling with BAW */ 2702 while (atid->baw_head != atid->baw_tail) { 2703 if (atid->tx_buf[atid->baw_head]) { 2704 atid->incomp++; 2705 atid->cleanup_inprogress = 1; 2706 atid->tx_buf[atid->baw_head] = NULL; 2707 } 2708 INCR(atid->baw_head, ATH_TID_MAX_BUFS); 2709 INCR(tap->txa_start, IEEE80211_SEQ_RANGE); 2710 } 2711 2712 /* 2713 * If cleanup is required, defer TID scheduling 2714 * until all the HW queued packets have been 2715 * sent. 2716 */ 2717 if (! atid->cleanup_inprogress) 2718 ath_tx_tid_resume(sc, atid); 2719 2720 if (atid->cleanup_inprogress) 2721 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 2722 "%s: TID %d: cleanup needed: %d packets\n", 2723 __func__, tid, atid->incomp); 2724 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 2725 2726 /* Handle completing frames and fail them */ 2727 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 2728 TAILQ_REMOVE(&bf_cq, bf, bf_list); 2729 ath_tx_default_comp(sc, bf, 1); 2730 } 2731 } 2732 2733 static void 2734 ath_tx_set_retry(struct ath_softc *sc, struct ath_buf *bf) 2735 { 2736 struct ieee80211_frame *wh; 2737 2738 wh = mtod(bf->bf_m, struct ieee80211_frame *); 2739 /* Only update/resync if needed */ 2740 if (bf->bf_state.bfs_isretried == 0) { 2741 wh->i_fc[1] |= IEEE80211_FC1_RETRY; 2742 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, 2743 BUS_DMASYNC_PREWRITE); 2744 } 2745 sc->sc_stats.ast_tx_swretries++; 2746 bf->bf_state.bfs_isretried = 1; 2747 bf->bf_state.bfs_retries ++; 2748 } 2749 2750 static struct ath_buf * 2751 ath_tx_retry_clone(struct ath_softc *sc, struct ath_node *an, 2752 struct ath_tid *tid, struct ath_buf *bf) 2753 { 2754 struct ath_buf *nbf; 2755 int error; 2756 2757 nbf = ath_buf_clone(sc, bf); 2758 2759 #if 0 2760 device_printf(sc->sc_dev, "%s: ATH_BUF_BUSY; cloning\n", 2761 __func__); 2762 #endif 2763 2764 if (nbf == NULL) { 2765 /* Failed to clone */ 2766 device_printf(sc->sc_dev, 2767 "%s: failed to clone a busy buffer\n", 2768 __func__); 2769 return NULL; 2770 } 2771 2772 /* Setup the dma for the new buffer */ 2773 error = ath_tx_dmasetup(sc, nbf, nbf->bf_m); 2774 if (error != 0) { 2775 device_printf(sc->sc_dev, 2776 "%s: failed to setup dma for clone\n", 2777 __func__); 2778 /* 2779 * Put this at the head of the list, not tail; 2780 * that way it doesn't interfere with the 2781 * busy buffer logic (which uses the tail of 2782 * the list.) 2783 */ 2784 ATH_TXBUF_LOCK(sc); 2785 TAILQ_INSERT_HEAD(&sc->sc_txbuf, nbf, bf_list); 2786 ATH_TXBUF_UNLOCK(sc); 2787 return NULL; 2788 } 2789 2790 /* Update BAW if required, before we free the original buf */ 2791 if (bf->bf_state.bfs_dobaw) 2792 ath_tx_switch_baw_buf(sc, an, tid, bf, nbf); 2793 2794 /* Free current buffer; return the older buffer */ 2795 bf->bf_m = NULL; 2796 bf->bf_node = NULL; 2797 ath_freebuf(sc, bf); 2798 return nbf; 2799 } 2800 2801 /* 2802 * Handle retrying an unaggregate frame in an aggregate 2803 * session. 2804 * 2805 * If too many retries occur, pause the TID, wait for 2806 * any further retransmits (as there's no reason why 2807 * non-aggregate frames in an aggregate session are 2808 * transmitted in-order; they just have to be in-BAW) 2809 * and then queue a BAR. 2810 */ 2811 static void 2812 ath_tx_aggr_retry_unaggr(struct ath_softc *sc, struct ath_buf *bf) 2813 { 2814 struct ieee80211_node *ni = bf->bf_node; 2815 struct ath_node *an = ATH_NODE(ni); 2816 int tid = bf->bf_state.bfs_tid; 2817 struct ath_tid *atid = &an->an_tid[tid]; 2818 struct ieee80211_tx_ampdu *tap; 2819 int txseq; 2820 2821 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 2822 2823 tap = ath_tx_get_tx_tid(an, tid); 2824 2825 /* 2826 * If the buffer is marked as busy, we can't directly 2827 * reuse it. Instead, try to clone the buffer. 2828 * If the clone is successful, recycle the old buffer. 2829 * If the clone is unsuccessful, set bfs_retries to max 2830 * to force the next bit of code to free the buffer 2831 * for us. 2832 */ 2833 if ((bf->bf_state.bfs_retries < SWMAX_RETRIES) && 2834 (bf->bf_flags & ATH_BUF_BUSY)) { 2835 struct ath_buf *nbf; 2836 nbf = ath_tx_retry_clone(sc, an, atid, bf); 2837 if (nbf) 2838 /* bf has been freed at this point */ 2839 bf = nbf; 2840 else 2841 bf->bf_state.bfs_retries = SWMAX_RETRIES + 1; 2842 } 2843 2844 if (bf->bf_state.bfs_retries >= SWMAX_RETRIES) { 2845 DPRINTF(sc, ATH_DEBUG_SW_TX_RETRIES, 2846 "%s: exceeded retries; seqno %d\n", 2847 __func__, SEQNO(bf->bf_state.bfs_seqno)); 2848 sc->sc_stats.ast_tx_swretrymax++; 2849 2850 /* Update BAW anyway */ 2851 if (bf->bf_state.bfs_dobaw) { 2852 ath_tx_update_baw(sc, an, atid, bf); 2853 if (! bf->bf_state.bfs_addedbaw) 2854 device_printf(sc->sc_dev, 2855 "%s: wasn't added: seqno %d\n", 2856 __func__, SEQNO(bf->bf_state.bfs_seqno)); 2857 } 2858 bf->bf_state.bfs_dobaw = 0; 2859 2860 /* Send BAR frame */ 2861 /* 2862 * This'll end up going into net80211 and back out 2863 * again, via ic->ic_raw_xmit(). 2864 */ 2865 txseq = tap->txa_start; 2866 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 2867 2868 device_printf(sc->sc_dev, 2869 "%s: TID %d: send BAR; seq %d\n", __func__, tid, txseq); 2870 2871 /* XXX TODO: send BAR */ 2872 2873 /* Free buffer, bf is free after this call */ 2874 ath_tx_default_comp(sc, bf, 0); 2875 return; 2876 } 2877 2878 /* 2879 * This increments the retry counter as well as 2880 * sets the retry flag in the ath_buf and packet 2881 * body. 2882 */ 2883 ath_tx_set_retry(sc, bf); 2884 2885 /* 2886 * Insert this at the head of the queue, so it's 2887 * retried before any current/subsequent frames. 2888 */ 2889 ATH_TXQ_INSERT_HEAD(atid, bf, bf_list); 2890 ath_tx_tid_sched(sc, atid); 2891 2892 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 2893 } 2894 2895 /* 2896 * Common code for aggregate excessive retry/subframe retry. 2897 * If retrying, queues buffers to bf_q. If not, frees the 2898 * buffers. 2899 * 2900 * XXX should unify this with ath_tx_aggr_retry_unaggr() 2901 */ 2902 static int 2903 ath_tx_retry_subframe(struct ath_softc *sc, struct ath_buf *bf, 2904 ath_bufhead *bf_q) 2905 { 2906 struct ieee80211_node *ni = bf->bf_node; 2907 struct ath_node *an = ATH_NODE(ni); 2908 int tid = bf->bf_state.bfs_tid; 2909 struct ath_tid *atid = &an->an_tid[tid]; 2910 2911 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[atid->ac]); 2912 2913 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 2914 ath_hal_set11nburstduration(sc->sc_ah, bf->bf_desc, 0); 2915 /* ath_hal_set11n_virtualmorefrag(sc->sc_ah, bf->bf_desc, 0); */ 2916 2917 /* 2918 * If the buffer is marked as busy, we can't directly 2919 * reuse it. Instead, try to clone the buffer. 2920 * If the clone is successful, recycle the old buffer. 2921 * If the clone is unsuccessful, set bfs_retries to max 2922 * to force the next bit of code to free the buffer 2923 * for us. 2924 */ 2925 if ((bf->bf_state.bfs_retries < SWMAX_RETRIES) && 2926 (bf->bf_flags & ATH_BUF_BUSY)) { 2927 struct ath_buf *nbf; 2928 nbf = ath_tx_retry_clone(sc, an, atid, bf); 2929 if (nbf) 2930 /* bf has been freed at this point */ 2931 bf = nbf; 2932 else 2933 bf->bf_state.bfs_retries = SWMAX_RETRIES + 1; 2934 } 2935 2936 if (bf->bf_state.bfs_retries >= SWMAX_RETRIES) { 2937 sc->sc_stats.ast_tx_swretrymax++; 2938 DPRINTF(sc, ATH_DEBUG_SW_TX_RETRIES, 2939 "%s: max retries: seqno %d\n", 2940 __func__, SEQNO(bf->bf_state.bfs_seqno)); 2941 ath_tx_update_baw(sc, an, atid, bf); 2942 if (! bf->bf_state.bfs_addedbaw) 2943 device_printf(sc->sc_dev, 2944 "%s: wasn't added: seqno %d\n", 2945 __func__, SEQNO(bf->bf_state.bfs_seqno)); 2946 bf->bf_state.bfs_dobaw = 0; 2947 return 1; 2948 } 2949 2950 ath_tx_set_retry(sc, bf); 2951 bf->bf_next = NULL; /* Just to make sure */ 2952 2953 TAILQ_INSERT_TAIL(bf_q, bf, bf_list); 2954 return 0; 2955 } 2956 2957 /* 2958 * error pkt completion for an aggregate destination 2959 */ 2960 static void 2961 ath_tx_comp_aggr_error(struct ath_softc *sc, struct ath_buf *bf_first, 2962 struct ath_tid *tid) 2963 { 2964 struct ieee80211_node *ni = bf_first->bf_node; 2965 struct ath_node *an = ATH_NODE(ni); 2966 struct ath_buf *bf_next, *bf; 2967 ath_bufhead bf_q; 2968 int drops = 0; 2969 struct ieee80211_tx_ampdu *tap; 2970 ath_bufhead bf_cq; 2971 2972 TAILQ_INIT(&bf_q); 2973 TAILQ_INIT(&bf_cq); 2974 2975 /* 2976 * Update rate control - all frames have failed. 2977 * 2978 * XXX use the length in the first frame in the series; 2979 * XXX just so things are consistent for now. 2980 */ 2981 ath_tx_update_ratectrl(sc, ni, bf_first->bf_state.bfs_rc, 2982 &bf_first->bf_status.ds_txstat, 2983 bf_first->bf_state.bfs_pktlen, 2984 bf_first->bf_state.bfs_nframes, bf_first->bf_state.bfs_nframes); 2985 2986 ATH_TXQ_LOCK(sc->sc_ac2q[tid->ac]); 2987 tap = ath_tx_get_tx_tid(an, tid->tid); 2988 sc->sc_stats.ast_tx_aggr_failall++; 2989 2990 /* Retry all subframes */ 2991 bf = bf_first; 2992 while (bf) { 2993 bf_next = bf->bf_next; 2994 bf->bf_next = NULL; /* Remove it from the aggr list */ 2995 sc->sc_stats.ast_tx_aggr_fail++; 2996 if (ath_tx_retry_subframe(sc, bf, &bf_q)) { 2997 drops++; 2998 bf->bf_next = NULL; 2999 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3000 } 3001 bf = bf_next; 3002 } 3003 3004 /* Prepend all frames to the beginning of the queue */ 3005 while ((bf = TAILQ_LAST(&bf_q, ath_bufhead_s)) != NULL) { 3006 TAILQ_REMOVE(&bf_q, bf, bf_list); 3007 ATH_TXQ_INSERT_HEAD(tid, bf, bf_list); 3008 } 3009 3010 ath_tx_tid_sched(sc, tid); 3011 3012 /* 3013 * send bar if we dropped any frames 3014 * 3015 * Keep the txq lock held for now, as we need to ensure 3016 * that ni_txseqs[] is consistent (as it's being updated 3017 * in the ifnet TX context or raw TX context.) 3018 */ 3019 if (drops) { 3020 int txseq = tap->txa_start; 3021 ATH_TXQ_UNLOCK(sc->sc_ac2q[tid->ac]); 3022 device_printf(sc->sc_dev, 3023 "%s: TID %d: send BAR; seq %d\n", 3024 __func__, tid->tid, txseq); 3025 3026 /* XXX TODO: send BAR */ 3027 } else { 3028 ATH_TXQ_UNLOCK(sc->sc_ac2q[tid->ac]); 3029 } 3030 3031 /* Complete frames which errored out */ 3032 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3033 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3034 ath_tx_default_comp(sc, bf, 0); 3035 } 3036 } 3037 3038 /* 3039 * Handle clean-up of packets from an aggregate list. 3040 * 3041 * There's no need to update the BAW here - the session is being 3042 * torn down. 3043 */ 3044 static void 3045 ath_tx_comp_cleanup_aggr(struct ath_softc *sc, struct ath_buf *bf_first) 3046 { 3047 struct ath_buf *bf, *bf_next; 3048 struct ieee80211_node *ni = bf_first->bf_node; 3049 struct ath_node *an = ATH_NODE(ni); 3050 int tid = bf_first->bf_state.bfs_tid; 3051 struct ath_tid *atid = &an->an_tid[tid]; 3052 3053 bf = bf_first; 3054 3055 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3056 3057 /* update incomp */ 3058 while (bf) { 3059 atid->incomp--; 3060 bf = bf->bf_next; 3061 } 3062 3063 if (atid->incomp == 0) { 3064 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3065 "%s: TID %d: cleaned up! resume!\n", 3066 __func__, tid); 3067 atid->cleanup_inprogress = 0; 3068 ath_tx_tid_resume(sc, atid); 3069 } 3070 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3071 3072 /* Handle frame completion */ 3073 while (bf) { 3074 bf_next = bf->bf_next; 3075 ath_tx_default_comp(sc, bf, 1); 3076 bf = bf_next; 3077 } 3078 } 3079 3080 /* 3081 * Handle completion of an set of aggregate frames. 3082 * 3083 * XXX for now, simply complete each sub-frame. 3084 * 3085 * Note: the completion handler is the last descriptor in the aggregate, 3086 * not the last descriptor in the first frame. 3087 */ 3088 static void 3089 ath_tx_aggr_comp_aggr(struct ath_softc *sc, struct ath_buf *bf_first, 3090 int fail) 3091 { 3092 //struct ath_desc *ds = bf->bf_lastds; 3093 struct ieee80211_node *ni = bf_first->bf_node; 3094 struct ath_node *an = ATH_NODE(ni); 3095 int tid = bf_first->bf_state.bfs_tid; 3096 struct ath_tid *atid = &an->an_tid[tid]; 3097 struct ath_tx_status ts; 3098 struct ieee80211_tx_ampdu *tap; 3099 ath_bufhead bf_q; 3100 ath_bufhead bf_cq; 3101 int seq_st, tx_ok; 3102 int hasba, isaggr; 3103 uint32_t ba[2]; 3104 struct ath_buf *bf, *bf_next; 3105 int ba_index; 3106 int drops = 0; 3107 int nframes = 0, nbad = 0, nf; 3108 int pktlen; 3109 /* XXX there's too much on the stack? */ 3110 struct ath_rc_series rc[4]; 3111 int txseq; 3112 3113 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: called; hwq_depth=%d\n", 3114 __func__, atid->hwq_depth); 3115 3116 /* The TID state is kept behind the TXQ lock */ 3117 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3118 3119 atid->hwq_depth--; 3120 if (atid->hwq_depth < 0) 3121 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 3122 __func__, atid->hwq_depth); 3123 3124 /* 3125 * Punt cleanup to the relevant function, not our problem now 3126 */ 3127 if (atid->cleanup_inprogress) { 3128 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3129 ath_tx_comp_cleanup_aggr(sc, bf_first); 3130 return; 3131 } 3132 3133 /* 3134 * Take a copy; this may be needed -after- bf_first 3135 * has been completed and freed. 3136 */ 3137 ts = bf_first->bf_status.ds_txstat; 3138 /* 3139 * XXX for now, use the first frame in the aggregate for 3140 * XXX rate control completion; it's at least consistent. 3141 */ 3142 pktlen = bf_first->bf_state.bfs_pktlen; 3143 3144 /* 3145 * handle errors first 3146 */ 3147 if (ts.ts_status & HAL_TXERR_XRETRY) { 3148 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3149 ath_tx_comp_aggr_error(sc, bf_first, atid); 3150 return; 3151 } 3152 3153 TAILQ_INIT(&bf_q); 3154 TAILQ_INIT(&bf_cq); 3155 tap = ath_tx_get_tx_tid(an, tid); 3156 3157 /* 3158 * extract starting sequence and block-ack bitmap 3159 */ 3160 /* XXX endian-ness of seq_st, ba? */ 3161 seq_st = ts.ts_seqnum; 3162 hasba = !! (ts.ts_flags & HAL_TX_BA); 3163 tx_ok = (ts.ts_status == 0); 3164 isaggr = bf_first->bf_state.bfs_aggr; 3165 ba[0] = ts.ts_ba_low; 3166 ba[1] = ts.ts_ba_high; 3167 3168 /* 3169 * Copy the TX completion status and the rate control 3170 * series from the first descriptor, as it may be freed 3171 * before the rate control code can get its grubby fingers 3172 * into things. 3173 */ 3174 memcpy(rc, bf_first->bf_state.bfs_rc, sizeof(rc)); 3175 3176 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3177 "%s: txa_start=%d, tx_ok=%d, status=%.8x, flags=%.8x, " 3178 "isaggr=%d, seq_st=%d, hasba=%d, ba=%.8x, %.8x\n", 3179 __func__, tap->txa_start, tx_ok, ts.ts_status, ts.ts_flags, 3180 isaggr, seq_st, hasba, ba[0], ba[1]); 3181 3182 /* Occasionally, the MAC sends a tx status for the wrong TID. */ 3183 if (tid != ts.ts_tid) { 3184 device_printf(sc->sc_dev, "%s: tid %d != hw tid %d\n", 3185 __func__, tid, ts.ts_tid); 3186 tx_ok = 0; 3187 } 3188 3189 /* AR5416 BA bug; this requires an interface reset */ 3190 if (isaggr && tx_ok && (! hasba)) { 3191 device_printf(sc->sc_dev, 3192 "%s: AR5416 bug: hasba=%d; txok=%d, isaggr=%d, " 3193 "seq_st=%d\n", 3194 __func__, hasba, tx_ok, isaggr, seq_st); 3195 /* XXX TODO: schedule an interface reset */ 3196 } 3197 3198 /* 3199 * Walk the list of frames, figure out which ones were correctly 3200 * sent and which weren't. 3201 */ 3202 bf = bf_first; 3203 nf = bf_first->bf_state.bfs_nframes; 3204 3205 /* bf_first is going to be invalid once this list is walked */ 3206 bf_first = NULL; 3207 3208 /* 3209 * Walk the list of completed frames and determine 3210 * which need to be completed and which need to be 3211 * retransmitted. 3212 * 3213 * For completed frames, the completion functions need 3214 * to be called at the end of this function as the last 3215 * node reference may free the node. 3216 * 3217 * Finally, since the TXQ lock can't be held during the 3218 * completion callback (to avoid lock recursion), 3219 * the completion calls have to be done outside of the 3220 * lock. 3221 */ 3222 while (bf) { 3223 nframes++; 3224 ba_index = ATH_BA_INDEX(seq_st, 3225 SEQNO(bf->bf_state.bfs_seqno)); 3226 bf_next = bf->bf_next; 3227 bf->bf_next = NULL; /* Remove it from the aggr list */ 3228 3229 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3230 "%s: checking bf=%p seqno=%d; ack=%d\n", 3231 __func__, bf, SEQNO(bf->bf_state.bfs_seqno), 3232 ATH_BA_ISSET(ba, ba_index)); 3233 3234 if (tx_ok && ATH_BA_ISSET(ba, ba_index)) { 3235 sc->sc_stats.ast_tx_aggr_ok++; 3236 ath_tx_update_baw(sc, an, atid, bf); 3237 bf->bf_state.bfs_dobaw = 0; 3238 if (! bf->bf_state.bfs_addedbaw) 3239 device_printf(sc->sc_dev, 3240 "%s: wasn't added: seqno %d\n", 3241 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3242 bf->bf_next = NULL; 3243 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3244 } else { 3245 sc->sc_stats.ast_tx_aggr_fail++; 3246 if (ath_tx_retry_subframe(sc, bf, &bf_q)) { 3247 drops++; 3248 bf->bf_next = NULL; 3249 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3250 } 3251 nbad++; 3252 } 3253 bf = bf_next; 3254 } 3255 3256 /* 3257 * Now that the BAW updates have been done, unlock 3258 * 3259 * txseq is grabbed before the lock is released so we 3260 * have a consistent view of what -was- in the BAW. 3261 * Anything after this point will not yet have been 3262 * TXed. 3263 */ 3264 txseq = tap->txa_start; 3265 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3266 3267 if (nframes != nf) 3268 device_printf(sc->sc_dev, 3269 "%s: num frames seen=%d; bf nframes=%d\n", 3270 __func__, nframes, nf); 3271 3272 /* 3273 * Now we know how many frames were bad, call the rate 3274 * control code. 3275 */ 3276 if (fail == 0) 3277 ath_tx_update_ratectrl(sc, ni, rc, &ts, pktlen, nframes, 3278 nbad); 3279 3280 /* 3281 * send bar if we dropped any frames 3282 */ 3283 if (drops) { 3284 device_printf(sc->sc_dev, 3285 "%s: TID %d: send BAR; seq %d\n", __func__, tid, txseq); 3286 /* XXX TODO: send BAR */ 3287 } 3288 3289 /* Prepend all frames to the beginning of the queue */ 3290 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3291 while ((bf = TAILQ_LAST(&bf_q, ath_bufhead_s)) != NULL) { 3292 TAILQ_REMOVE(&bf_q, bf, bf_list); 3293 ATH_TXQ_INSERT_HEAD(atid, bf, bf_list); 3294 } 3295 ath_tx_tid_sched(sc, atid); 3296 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3297 3298 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3299 "%s: txa_start now %d\n", __func__, tap->txa_start); 3300 3301 /* Do deferred completion */ 3302 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3303 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3304 ath_tx_default_comp(sc, bf, 0); 3305 } 3306 } 3307 3308 /* 3309 * Handle completion of unaggregated frames in an ADDBA 3310 * session. 3311 * 3312 * Fail is set to 1 if the entry is being freed via a call to 3313 * ath_tx_draintxq(). 3314 */ 3315 static void 3316 ath_tx_aggr_comp_unaggr(struct ath_softc *sc, struct ath_buf *bf, int fail) 3317 { 3318 struct ieee80211_node *ni = bf->bf_node; 3319 struct ath_node *an = ATH_NODE(ni); 3320 int tid = bf->bf_state.bfs_tid; 3321 struct ath_tid *atid = &an->an_tid[tid]; 3322 struct ath_tx_status *ts = &bf->bf_status.ds_txstat; 3323 3324 /* 3325 * Update rate control status here, before we possibly 3326 * punt to retry or cleanup. 3327 * 3328 * Do it outside of the TXQ lock. 3329 */ 3330 if (fail == 0 && ((bf->bf_txflags & HAL_TXDESC_NOACK) == 0)) 3331 ath_tx_update_ratectrl(sc, ni, bf->bf_state.bfs_rc, 3332 &bf->bf_status.ds_txstat, 3333 bf->bf_state.bfs_pktlen, 3334 1, (ts->ts_status == 0) ? 0 : 1); 3335 3336 /* 3337 * This is called early so atid->hwq_depth can be tracked. 3338 * This unfortunately means that it's released and regrabbed 3339 * during retry and cleanup. That's rather inefficient. 3340 */ 3341 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3342 3343 if (tid == IEEE80211_NONQOS_TID) 3344 device_printf(sc->sc_dev, "%s: TID=16!\n", __func__); 3345 3346 DPRINTF(sc, ATH_DEBUG_SW_TX, 3347 "%s: bf=%p: tid=%d, hwq_depth=%d, seqno=%d\n", 3348 __func__, bf, bf->bf_state.bfs_tid, atid->hwq_depth, 3349 SEQNO(bf->bf_state.bfs_seqno)); 3350 3351 atid->hwq_depth--; 3352 if (atid->hwq_depth < 0) 3353 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 3354 __func__, atid->hwq_depth); 3355 3356 /* 3357 * If a cleanup is in progress, punt to comp_cleanup; 3358 * rather than handling it here. It's thus their 3359 * responsibility to clean up, call the completion 3360 * function in net80211, etc. 3361 */ 3362 if (atid->cleanup_inprogress) { 3363 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3364 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: cleanup_unaggr\n", 3365 __func__); 3366 ath_tx_comp_cleanup_unaggr(sc, bf); 3367 return; 3368 } 3369 3370 /* 3371 * Don't bother with the retry check if all frames 3372 * are being failed (eg during queue deletion.) 3373 */ 3374 if (fail == 0 && ts->ts_status & HAL_TXERR_XRETRY) { 3375 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3376 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: retry_unaggr\n", 3377 __func__); 3378 ath_tx_aggr_retry_unaggr(sc, bf); 3379 return; 3380 } 3381 3382 /* Success? Complete */ 3383 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: TID=%d, seqno %d\n", 3384 __func__, tid, SEQNO(bf->bf_state.bfs_seqno)); 3385 if (bf->bf_state.bfs_dobaw) { 3386 ath_tx_update_baw(sc, an, atid, bf); 3387 bf->bf_state.bfs_dobaw = 0; 3388 if (! bf->bf_state.bfs_addedbaw) 3389 device_printf(sc->sc_dev, 3390 "%s: wasn't added: seqno %d\n", 3391 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3392 } 3393 3394 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3395 3396 ath_tx_default_comp(sc, bf, fail); 3397 /* bf is freed at this point */ 3398 } 3399 3400 void 3401 ath_tx_aggr_comp(struct ath_softc *sc, struct ath_buf *bf, int fail) 3402 { 3403 if (bf->bf_state.bfs_aggr) 3404 ath_tx_aggr_comp_aggr(sc, bf, fail); 3405 else 3406 ath_tx_aggr_comp_unaggr(sc, bf, fail); 3407 } 3408 3409 /* 3410 * Schedule some packets from the given node/TID to the hardware. 3411 * 3412 * This is the aggregate version. 3413 */ 3414 void 3415 ath_tx_tid_hw_queue_aggr(struct ath_softc *sc, struct ath_node *an, 3416 struct ath_tid *tid) 3417 { 3418 struct ath_buf *bf; 3419 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 3420 struct ieee80211_tx_ampdu *tap; 3421 struct ieee80211_node *ni = &an->an_node; 3422 ATH_AGGR_STATUS status; 3423 ath_bufhead bf_q; 3424 3425 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d\n", __func__, tid->tid); 3426 ATH_TXQ_LOCK_ASSERT(txq); 3427 3428 tap = ath_tx_get_tx_tid(an, tid->tid); 3429 3430 if (tid->tid == IEEE80211_NONQOS_TID) 3431 device_printf(sc->sc_dev, "%s: called for TID=NONQOS_TID?\n", 3432 __func__); 3433 3434 for (;;) { 3435 status = ATH_AGGR_DONE; 3436 3437 /* 3438 * If the upper layer has paused the TID, don't 3439 * queue any further packets. 3440 * 3441 * This can also occur from the completion task because 3442 * of packet loss; but as its serialised with this code, 3443 * it won't "appear" half way through queuing packets. 3444 */ 3445 if (tid->paused) 3446 break; 3447 3448 bf = TAILQ_FIRST(&tid->axq_q); 3449 if (bf == NULL) { 3450 break; 3451 } 3452 3453 /* 3454 * If the packet doesn't fall within the BAW (eg a NULL 3455 * data frame), schedule it directly; continue. 3456 */ 3457 if (! bf->bf_state.bfs_dobaw) { 3458 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3459 "%s: non-baw packet\n", 3460 __func__); 3461 ATH_TXQ_REMOVE(tid, bf, bf_list); 3462 bf->bf_state.bfs_aggr = 0; 3463 ath_tx_do_ratelookup(sc, bf); 3464 ath_tx_rate_fill_rcflags(sc, bf); 3465 ath_tx_set_rtscts(sc, bf); 3466 ath_tx_setds(sc, bf); 3467 ath_tx_chaindesclist(sc, bf); 3468 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 3469 ath_tx_set_ratectrl(sc, ni, bf); 3470 3471 sc->sc_aggr_stats.aggr_nonbaw_pkt++; 3472 3473 /* Queue the packet; continue */ 3474 goto queuepkt; 3475 } 3476 3477 TAILQ_INIT(&bf_q); 3478 3479 /* 3480 * Do a rate control lookup on the first frame in the 3481 * list. The rate control code needs that to occur 3482 * before it can determine whether to TX. 3483 * It's inaccurate because the rate control code doesn't 3484 * really "do" aggregate lookups, so it only considers 3485 * the size of the first frame. 3486 */ 3487 ath_tx_do_ratelookup(sc, bf); 3488 bf->bf_state.bfs_rc[3].rix = 0; 3489 bf->bf_state.bfs_rc[3].tries = 0; 3490 ath_tx_rate_fill_rcflags(sc, bf); 3491 3492 status = ath_tx_form_aggr(sc, an, tid, &bf_q); 3493 3494 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3495 "%s: ath_tx_form_aggr() status=%d\n", __func__, status); 3496 3497 /* 3498 * No frames to be picked up - out of BAW 3499 */ 3500 if (TAILQ_EMPTY(&bf_q)) 3501 break; 3502 3503 /* 3504 * This assumes that the descriptor list in the ath_bufhead 3505 * are already linked together via bf_next pointers. 3506 */ 3507 bf = TAILQ_FIRST(&bf_q); 3508 3509 /* 3510 * If it's the only frame send as non-aggregate 3511 * assume that ath_tx_form_aggr() has checked 3512 * whether it's in the BAW and added it appropriately. 3513 */ 3514 if (bf->bf_state.bfs_nframes == 1) { 3515 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3516 "%s: single-frame aggregate\n", __func__); 3517 bf->bf_state.bfs_aggr = 0; 3518 ath_tx_set_rtscts(sc, bf); 3519 ath_tx_setds(sc, bf); 3520 ath_tx_chaindesclist(sc, bf); 3521 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 3522 ath_tx_set_ratectrl(sc, ni, bf); 3523 if (status == ATH_AGGR_BAW_CLOSED) 3524 sc->sc_aggr_stats.aggr_baw_closed_single_pkt++; 3525 else 3526 sc->sc_aggr_stats.aggr_single_pkt++; 3527 } else { 3528 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3529 "%s: multi-frame aggregate: %d frames, " 3530 "length %d\n", 3531 __func__, bf->bf_state.bfs_nframes, 3532 bf->bf_state.bfs_al); 3533 bf->bf_state.bfs_aggr = 1; 3534 sc->sc_aggr_stats.aggr_pkts[bf->bf_state.bfs_nframes]++; 3535 sc->sc_aggr_stats.aggr_aggr_pkt++; 3536 3537 /* 3538 * Update the rate and rtscts information based on the 3539 * rate decision made by the rate control code; 3540 * the first frame in the aggregate needs it. 3541 */ 3542 ath_tx_set_rtscts(sc, bf); 3543 3544 /* 3545 * Setup the relevant descriptor fields 3546 * for aggregation. The first descriptor 3547 * already points to the rest in the chain. 3548 */ 3549 ath_tx_setds_11n(sc, bf); 3550 3551 /* 3552 * setup first desc with rate and aggr info 3553 */ 3554 ath_tx_set_ratectrl(sc, ni, bf); 3555 } 3556 queuepkt: 3557 //txq = bf->bf_state.bfs_txq; 3558 3559 /* Set completion handler, multi-frame aggregate or not */ 3560 bf->bf_comp = ath_tx_aggr_comp; 3561 3562 if (bf->bf_state.bfs_tid == IEEE80211_NONQOS_TID) 3563 device_printf(sc->sc_dev, "%s: TID=16?\n", __func__); 3564 3565 /* Punt to txq */ 3566 ath_tx_handoff(sc, txq, bf); 3567 3568 /* Track outstanding buffer count to hardware */ 3569 /* aggregates are "one" buffer */ 3570 tid->hwq_depth++; 3571 3572 /* 3573 * Break out if ath_tx_form_aggr() indicated 3574 * there can't be any further progress (eg BAW is full.) 3575 * Checking for an empty txq is done above. 3576 * 3577 * XXX locking on txq here? 3578 */ 3579 if (txq->axq_aggr_depth >= sc->sc_hwq_limit || 3580 status == ATH_AGGR_BAW_CLOSED) 3581 break; 3582 } 3583 } 3584 3585 /* 3586 * Schedule some packets from the given node/TID to the hardware. 3587 */ 3588 void 3589 ath_tx_tid_hw_queue_norm(struct ath_softc *sc, struct ath_node *an, 3590 struct ath_tid *tid) 3591 { 3592 struct ath_buf *bf; 3593 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 3594 struct ieee80211_node *ni = &an->an_node; 3595 3596 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: node %p: TID %d: called\n", 3597 __func__, an, tid->tid); 3598 3599 ATH_TXQ_LOCK_ASSERT(txq); 3600 3601 /* Check - is AMPDU pending or running? then print out something */ 3602 if (ath_tx_ampdu_pending(sc, an, tid->tid)) 3603 device_printf(sc->sc_dev, "%s: tid=%d, ampdu pending?\n", 3604 __func__, tid->tid); 3605 if (ath_tx_ampdu_running(sc, an, tid->tid)) 3606 device_printf(sc->sc_dev, "%s: tid=%d, ampdu running?\n", 3607 __func__, tid->tid); 3608 3609 for (;;) { 3610 3611 /* 3612 * If the upper layers have paused the TID, don't 3613 * queue any further packets. 3614 */ 3615 if (tid->paused) 3616 break; 3617 3618 bf = TAILQ_FIRST(&tid->axq_q); 3619 if (bf == NULL) { 3620 break; 3621 } 3622 3623 ATH_TXQ_REMOVE(tid, bf, bf_list); 3624 3625 KASSERT(txq == bf->bf_state.bfs_txq, ("txqs not equal!\n")); 3626 3627 /* Sanity check! */ 3628 if (tid->tid != bf->bf_state.bfs_tid) { 3629 device_printf(sc->sc_dev, "%s: bfs_tid %d !=" 3630 " tid %d\n", 3631 __func__, bf->bf_state.bfs_tid, tid->tid); 3632 } 3633 /* Normal completion handler */ 3634 bf->bf_comp = ath_tx_normal_comp; 3635 3636 /* Program descriptors + rate control */ 3637 ath_tx_do_ratelookup(sc, bf); 3638 ath_tx_rate_fill_rcflags(sc, bf); 3639 ath_tx_set_rtscts(sc, bf); 3640 ath_tx_setds(sc, bf); 3641 ath_tx_chaindesclist(sc, bf); 3642 ath_tx_set_ratectrl(sc, ni, bf); 3643 3644 /* Track outstanding buffer count to hardware */ 3645 /* aggregates are "one" buffer */ 3646 tid->hwq_depth++; 3647 3648 /* Punt to hardware or software txq */ 3649 ath_tx_handoff(sc, txq, bf); 3650 } 3651 } 3652 3653 /* 3654 * Schedule some packets to the given hardware queue. 3655 * 3656 * This function walks the list of TIDs (ie, ath_node TIDs 3657 * with queued traffic) and attempts to schedule traffic 3658 * from them. 3659 * 3660 * TID scheduling is implemented as a FIFO, with TIDs being 3661 * added to the end of the queue after some frames have been 3662 * scheduled. 3663 */ 3664 void 3665 ath_txq_sched(struct ath_softc *sc, struct ath_txq *txq) 3666 { 3667 struct ath_tid *tid, *next, *last; 3668 3669 ATH_TXQ_LOCK_ASSERT(txq); 3670 3671 /* 3672 * Don't schedule if the hardware queue is busy. 3673 * This (hopefully) gives some more time to aggregate 3674 * some packets in the aggregation queue. 3675 */ 3676 if (txq->axq_aggr_depth >= sc->sc_hwq_limit) { 3677 sc->sc_aggr_stats.aggr_sched_nopkt++; 3678 return; 3679 } 3680 3681 last = TAILQ_LAST(&txq->axq_tidq, axq_t_s); 3682 3683 TAILQ_FOREACH_SAFE(tid, &txq->axq_tidq, axq_qelem, next) { 3684 /* 3685 * Suspend paused queues here; they'll be resumed 3686 * once the addba completes or times out. 3687 */ 3688 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d, paused=%d\n", 3689 __func__, tid->tid, tid->paused); 3690 ath_tx_tid_unsched(sc, tid); 3691 if (tid->paused) { 3692 continue; 3693 } 3694 if (ath_tx_ampdu_running(sc, tid->an, tid->tid)) 3695 ath_tx_tid_hw_queue_aggr(sc, tid->an, tid); 3696 else 3697 ath_tx_tid_hw_queue_norm(sc, tid->an, tid); 3698 3699 /* Not empty? Re-schedule */ 3700 if (tid->axq_depth != 0) 3701 ath_tx_tid_sched(sc, tid); 3702 3703 /* Give the software queue time to aggregate more packets */ 3704 if (txq->axq_aggr_depth >= sc->sc_hwq_limit) { 3705 break; 3706 } 3707 3708 /* 3709 * If this was the last entry on the original list, stop. 3710 * Otherwise nodes that have been rescheduled onto the end 3711 * of the TID FIFO list will just keep being rescheduled. 3712 */ 3713 if (tid == last) 3714 break; 3715 } 3716 } 3717 3718 /* 3719 * TX addba handling 3720 */ 3721 3722 /* 3723 * Return net80211 TID struct pointer, or NULL for none 3724 */ 3725 struct ieee80211_tx_ampdu * 3726 ath_tx_get_tx_tid(struct ath_node *an, int tid) 3727 { 3728 struct ieee80211_node *ni = &an->an_node; 3729 struct ieee80211_tx_ampdu *tap; 3730 int ac; 3731 3732 if (tid == IEEE80211_NONQOS_TID) 3733 return NULL; 3734 3735 ac = TID_TO_WME_AC(tid); 3736 3737 tap = &ni->ni_tx_ampdu[ac]; 3738 return tap; 3739 } 3740 3741 /* 3742 * Is AMPDU-TX running? 3743 */ 3744 static int 3745 ath_tx_ampdu_running(struct ath_softc *sc, struct ath_node *an, int tid) 3746 { 3747 struct ieee80211_tx_ampdu *tap; 3748 3749 if (tid == IEEE80211_NONQOS_TID) 3750 return 0; 3751 3752 tap = ath_tx_get_tx_tid(an, tid); 3753 if (tap == NULL) 3754 return 0; /* Not valid; default to not running */ 3755 3756 return !! (tap->txa_flags & IEEE80211_AGGR_RUNNING); 3757 } 3758 3759 /* 3760 * Is AMPDU-TX negotiation pending? 3761 */ 3762 static int 3763 ath_tx_ampdu_pending(struct ath_softc *sc, struct ath_node *an, int tid) 3764 { 3765 struct ieee80211_tx_ampdu *tap; 3766 3767 if (tid == IEEE80211_NONQOS_TID) 3768 return 0; 3769 3770 tap = ath_tx_get_tx_tid(an, tid); 3771 if (tap == NULL) 3772 return 0; /* Not valid; default to not pending */ 3773 3774 return !! (tap->txa_flags & IEEE80211_AGGR_XCHGPEND); 3775 } 3776 3777 /* 3778 * Is AMPDU-TX pending for the given TID? 3779 */ 3780 3781 3782 /* 3783 * Method to handle sending an ADDBA request. 3784 * 3785 * We tap this so the relevant flags can be set to pause the TID 3786 * whilst waiting for the response. 3787 * 3788 * XXX there's no timeout handler we can override? 3789 */ 3790 int 3791 ath_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 3792 int dialogtoken, int baparamset, int batimeout) 3793 { 3794 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 3795 int tid = WME_AC_TO_TID(tap->txa_ac); 3796 struct ath_node *an = ATH_NODE(ni); 3797 struct ath_tid *atid = &an->an_tid[tid]; 3798 3799 /* 3800 * XXX danger Will Robinson! 3801 * 3802 * Although the taskqueue may be running and scheduling some more 3803 * packets, these should all be _before_ the addba sequence number. 3804 * However, net80211 will keep self-assigning sequence numbers 3805 * until addba has been negotiated. 3806 * 3807 * In the past, these packets would be "paused" (which still works 3808 * fine, as they're being scheduled to the driver in the same 3809 * serialised method which is calling the addba request routine) 3810 * and when the aggregation session begins, they'll be dequeued 3811 * as aggregate packets and added to the BAW. However, now there's 3812 * a "bf->bf_state.bfs_dobaw" flag, and this isn't set for these 3813 * packets. Thus they never get included in the BAW tracking and 3814 * this can cause the initial burst of packets after the addba 3815 * negotiation to "hang", as they quickly fall outside the BAW. 3816 * 3817 * The "eventual" solution should be to tag these packets with 3818 * dobaw. Although net80211 has given us a sequence number, 3819 * it'll be "after" the left edge of the BAW and thus it'll 3820 * fall within it. 3821 */ 3822 ath_tx_tid_pause(sc, atid); 3823 3824 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3825 "%s: called; dialogtoken=%d, baparamset=%d, batimeout=%d\n", 3826 __func__, dialogtoken, baparamset, batimeout); 3827 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3828 "%s: txa_start=%d, ni_txseqs=%d\n", 3829 __func__, tap->txa_start, ni->ni_txseqs[tid]); 3830 3831 return sc->sc_addba_request(ni, tap, dialogtoken, baparamset, 3832 batimeout); 3833 } 3834 3835 /* 3836 * Handle an ADDBA response. 3837 * 3838 * We unpause the queue so TX'ing can resume. 3839 * 3840 * Any packets TX'ed from this point should be "aggregate" (whether 3841 * aggregate or not) so the BAW is updated. 3842 * 3843 * Note! net80211 keeps self-assigning sequence numbers until 3844 * ampdu is negotiated. This means the initially-negotiated BAW left 3845 * edge won't match the ni->ni_txseq. 3846 * 3847 * So, being very dirty, the BAW left edge is "slid" here to match 3848 * ni->ni_txseq. 3849 * 3850 * What likely SHOULD happen is that all packets subsequent to the 3851 * addba request should be tagged as aggregate and queued as non-aggregate 3852 * frames; thus updating the BAW. For now though, I'll just slide the 3853 * window. 3854 */ 3855 int 3856 ath_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 3857 int status, int code, int batimeout) 3858 { 3859 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 3860 int tid = WME_AC_TO_TID(tap->txa_ac); 3861 struct ath_node *an = ATH_NODE(ni); 3862 struct ath_tid *atid = &an->an_tid[tid]; 3863 int r; 3864 3865 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3866 "%s: called; status=%d, code=%d, batimeout=%d\n", __func__, 3867 status, code, batimeout); 3868 3869 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3870 "%s: txa_start=%d, ni_txseqs=%d\n", 3871 __func__, tap->txa_start, ni->ni_txseqs[tid]); 3872 3873 /* 3874 * Call this first, so the interface flags get updated 3875 * before the TID is unpaused. Otherwise a race condition 3876 * exists where the unpaused TID still doesn't yet have 3877 * IEEE80211_AGGR_RUNNING set. 3878 */ 3879 r = sc->sc_addba_response(ni, tap, status, code, batimeout); 3880 3881 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3882 /* 3883 * XXX dirty! 3884 * Slide the BAW left edge to wherever net80211 left it for us. 3885 * Read above for more information. 3886 */ 3887 tap->txa_start = ni->ni_txseqs[tid]; 3888 ath_tx_tid_resume(sc, atid); 3889 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3890 return r; 3891 } 3892 3893 3894 /* 3895 * Stop ADDBA on a queue. 3896 */ 3897 void 3898 ath_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 3899 { 3900 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 3901 int tid = WME_AC_TO_TID(tap->txa_ac); 3902 struct ath_node *an = ATH_NODE(ni); 3903 struct ath_tid *atid = &an->an_tid[tid]; 3904 3905 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: called\n", __func__); 3906 3907 /* Pause TID traffic early, so there aren't any races */ 3908 ath_tx_tid_pause(sc, atid); 3909 3910 /* There's no need to hold the TXQ lock here */ 3911 sc->sc_addba_stop(ni, tap); 3912 3913 /* 3914 * ath_tx_cleanup will resume the TID if possible, otherwise 3915 * it'll set the cleanup flag, and it'll be unpaused once 3916 * things have been cleaned up. 3917 */ 3918 ath_tx_cleanup(sc, an, tid); 3919 } 3920 3921 /* 3922 * Note: net80211 bar_timeout() doesn't call this function on BAR failure; 3923 * it simply tears down the aggregation session. Ew. 3924 * 3925 * It however will call ieee80211_ampdu_stop() which will call 3926 * ic->ic_addba_stop(). 3927 * 3928 * XXX This uses a hard-coded max BAR count value; the whole 3929 * XXX BAR TX success or failure should be better handled! 3930 */ 3931 void 3932 ath_bar_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 3933 int status) 3934 { 3935 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 3936 int tid = WME_AC_TO_TID(tap->txa_ac); 3937 struct ath_node *an = ATH_NODE(ni); 3938 struct ath_tid *atid = &an->an_tid[tid]; 3939 int attempts = tap->txa_attempts; 3940 3941 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3942 "%s: called; status=%d\n", __func__, status); 3943 3944 /* Note: This may update the BAW details */ 3945 sc->sc_bar_response(ni, tap, status); 3946 3947 /* Unpause the TID */ 3948 /* 3949 * XXX if this is attempt=50, the TID will be downgraded 3950 * XXX to a non-aggregate session. So we must unpause the 3951 * XXX TID here or it'll never be done. 3952 */ 3953 if (status == 0 || attempts == 50) { 3954 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3955 ath_tx_tid_resume(sc, atid); 3956 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3957 } 3958 } 3959 3960 /* 3961 * This is called whenever the pending ADDBA request times out. 3962 * Unpause and reschedule the TID. 3963 */ 3964 void 3965 ath_addba_response_timeout(struct ieee80211_node *ni, 3966 struct ieee80211_tx_ampdu *tap) 3967 { 3968 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 3969 int tid = WME_AC_TO_TID(tap->txa_ac); 3970 struct ath_node *an = ATH_NODE(ni); 3971 struct ath_tid *atid = &an->an_tid[tid]; 3972 3973 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3974 "%s: called; resuming\n", __func__); 3975 3976 /* Note: This updates the aggregate state to (again) pending */ 3977 sc->sc_addba_response_timeout(ni, tap); 3978 3979 /* Unpause the TID; which reschedules it */ 3980 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3981 ath_tx_tid_resume(sc, atid); 3982 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3983 } 3984