1 /*- 2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer, 10 * without modification. 11 * 2. Redistributions in binary form must reproduce at minimum a disclaimer 12 * similar to the "NO WARRANTY" disclaimer below ("Disclaimer") and any 13 * redistribution must be conditioned upon including a substantially 14 * similar Disclaimer requirement for further binary redistribution. 15 * 16 * NO WARRANTY 17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 * LIMITED TO, THE IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTIBILITY 20 * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL 21 * THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, 22 * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 25 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF 27 * THE POSSIBILITY OF SUCH DAMAGES. 28 */ 29 30 #include <sys/cdefs.h> 31 __FBSDID("$FreeBSD$"); 32 33 /* 34 * Driver for the Atheros Wireless LAN controller. 35 * 36 * This software is derived from work of Atsushi Onoe; his contribution 37 * is greatly appreciated. 38 */ 39 40 #include "opt_inet.h" 41 #include "opt_ath.h" 42 #include "opt_wlan.h" 43 44 #include <sys/param.h> 45 #include <sys/systm.h> 46 #include <sys/sysctl.h> 47 #include <sys/mbuf.h> 48 #include <sys/malloc.h> 49 #include <sys/lock.h> 50 #include <sys/mutex.h> 51 #include <sys/kernel.h> 52 #include <sys/socket.h> 53 #include <sys/sockio.h> 54 #include <sys/errno.h> 55 #include <sys/callout.h> 56 #include <sys/bus.h> 57 #include <sys/endian.h> 58 #include <sys/kthread.h> 59 #include <sys/taskqueue.h> 60 #include <sys/priv.h> 61 62 #include <machine/bus.h> 63 64 #include <net/if.h> 65 #include <net/if_dl.h> 66 #include <net/if_media.h> 67 #include <net/if_types.h> 68 #include <net/if_arp.h> 69 #include <net/ethernet.h> 70 #include <net/if_llc.h> 71 72 #include <net80211/ieee80211_var.h> 73 #include <net80211/ieee80211_regdomain.h> 74 #ifdef IEEE80211_SUPPORT_SUPERG 75 #include <net80211/ieee80211_superg.h> 76 #endif 77 #ifdef IEEE80211_SUPPORT_TDMA 78 #include <net80211/ieee80211_tdma.h> 79 #endif 80 #include <net80211/ieee80211_ht.h> 81 82 #include <net/bpf.h> 83 84 #ifdef INET 85 #include <netinet/in.h> 86 #include <netinet/if_ether.h> 87 #endif 88 89 #include <dev/ath/if_athvar.h> 90 #include <dev/ath/ath_hal/ah_devid.h> /* XXX for softled */ 91 #include <dev/ath/ath_hal/ah_diagcodes.h> 92 93 #include <dev/ath/if_ath_debug.h> 94 95 #ifdef ATH_TX99_DIAG 96 #include <dev/ath/ath_tx99/ath_tx99.h> 97 #endif 98 99 #include <dev/ath/if_ath_misc.h> 100 #include <dev/ath/if_ath_tx.h> 101 #include <dev/ath/if_ath_tx_ht.h> 102 103 /* 104 * How many retries to perform in software 105 */ 106 #define SWMAX_RETRIES 10 107 108 static int ath_tx_ampdu_pending(struct ath_softc *sc, struct ath_node *an, 109 int tid); 110 static int ath_tx_ampdu_running(struct ath_softc *sc, struct ath_node *an, 111 int tid); 112 static ieee80211_seq ath_tx_tid_seqno_assign(struct ath_softc *sc, 113 struct ieee80211_node *ni, struct ath_buf *bf, struct mbuf *m0); 114 static int ath_tx_action_frame_override_queue(struct ath_softc *sc, 115 struct ieee80211_node *ni, struct mbuf *m0, int *tid); 116 117 /* 118 * Whether to use the 11n rate scenario functions or not 119 */ 120 static inline int 121 ath_tx_is_11n(struct ath_softc *sc) 122 { 123 return ((sc->sc_ah->ah_magic == 0x20065416) || 124 (sc->sc_ah->ah_magic == 0x19741014)); 125 } 126 127 /* 128 * Obtain the current TID from the given frame. 129 * 130 * Non-QoS frames need to go into TID 16 (IEEE80211_NONQOS_TID.) 131 * This has implications for which AC/priority the packet is placed 132 * in. 133 */ 134 static int 135 ath_tx_gettid(struct ath_softc *sc, const struct mbuf *m0) 136 { 137 const struct ieee80211_frame *wh; 138 int pri = M_WME_GETAC(m0); 139 140 wh = mtod(m0, const struct ieee80211_frame *); 141 if (! IEEE80211_QOS_HAS_SEQ(wh)) 142 return IEEE80211_NONQOS_TID; 143 else 144 return WME_AC_TO_TID(pri); 145 } 146 147 /* 148 * Determine what the correct AC queue for the given frame 149 * should be. 150 * 151 * This code assumes that the TIDs map consistently to 152 * the underlying hardware (or software) ath_txq. 153 * Since the sender may try to set an AC which is 154 * arbitrary, non-QoS TIDs may end up being put on 155 * completely different ACs. There's no way to put a 156 * TID into multiple ath_txq's for scheduling, so 157 * for now we override the AC/TXQ selection and set 158 * non-QOS TID frames into the BE queue. 159 * 160 * This may be completely incorrect - specifically, 161 * some management frames may end up out of order 162 * compared to the QoS traffic they're controlling. 163 * I'll look into this later. 164 */ 165 static int 166 ath_tx_getac(struct ath_softc *sc, const struct mbuf *m0) 167 { 168 const struct ieee80211_frame *wh; 169 int pri = M_WME_GETAC(m0); 170 wh = mtod(m0, const struct ieee80211_frame *); 171 if (IEEE80211_QOS_HAS_SEQ(wh)) 172 return pri; 173 174 return WME_AC_BE; 175 } 176 177 void 178 ath_txfrag_cleanup(struct ath_softc *sc, 179 ath_bufhead *frags, struct ieee80211_node *ni) 180 { 181 struct ath_buf *bf, *next; 182 183 ATH_TXBUF_LOCK_ASSERT(sc); 184 185 TAILQ_FOREACH_SAFE(bf, frags, bf_list, next) { 186 /* NB: bf assumed clean */ 187 TAILQ_REMOVE(frags, bf, bf_list); 188 ath_returnbuf_head(sc, bf); 189 ieee80211_node_decref(ni); 190 } 191 } 192 193 /* 194 * Setup xmit of a fragmented frame. Allocate a buffer 195 * for each frag and bump the node reference count to 196 * reflect the held reference to be setup by ath_tx_start. 197 */ 198 int 199 ath_txfrag_setup(struct ath_softc *sc, ath_bufhead *frags, 200 struct mbuf *m0, struct ieee80211_node *ni) 201 { 202 struct mbuf *m; 203 struct ath_buf *bf; 204 205 ATH_TXBUF_LOCK(sc); 206 for (m = m0->m_nextpkt; m != NULL; m = m->m_nextpkt) { 207 /* XXX non-management? */ 208 bf = _ath_getbuf_locked(sc, ATH_BUFTYPE_NORMAL); 209 if (bf == NULL) { /* out of buffers, cleanup */ 210 device_printf(sc->sc_dev, "%s: no buffer?\n", 211 __func__); 212 ath_txfrag_cleanup(sc, frags, ni); 213 break; 214 } 215 ieee80211_node_incref(ni); 216 TAILQ_INSERT_TAIL(frags, bf, bf_list); 217 } 218 ATH_TXBUF_UNLOCK(sc); 219 220 return !TAILQ_EMPTY(frags); 221 } 222 223 /* 224 * Reclaim mbuf resources. For fragmented frames we 225 * need to claim each frag chained with m_nextpkt. 226 */ 227 void 228 ath_freetx(struct mbuf *m) 229 { 230 struct mbuf *next; 231 232 do { 233 next = m->m_nextpkt; 234 m->m_nextpkt = NULL; 235 m_freem(m); 236 } while ((m = next) != NULL); 237 } 238 239 static int 240 ath_tx_dmasetup(struct ath_softc *sc, struct ath_buf *bf, struct mbuf *m0) 241 { 242 struct mbuf *m; 243 int error; 244 245 /* 246 * Load the DMA map so any coalescing is done. This 247 * also calculates the number of descriptors we need. 248 */ 249 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 250 bf->bf_segs, &bf->bf_nseg, 251 BUS_DMA_NOWAIT); 252 if (error == EFBIG) { 253 /* XXX packet requires too many descriptors */ 254 bf->bf_nseg = ATH_TXDESC+1; 255 } else if (error != 0) { 256 sc->sc_stats.ast_tx_busdma++; 257 ath_freetx(m0); 258 return error; 259 } 260 /* 261 * Discard null packets and check for packets that 262 * require too many TX descriptors. We try to convert 263 * the latter to a cluster. 264 */ 265 if (bf->bf_nseg > ATH_TXDESC) { /* too many desc's, linearize */ 266 sc->sc_stats.ast_tx_linear++; 267 m = m_collapse(m0, M_DONTWAIT, ATH_TXDESC); 268 if (m == NULL) { 269 ath_freetx(m0); 270 sc->sc_stats.ast_tx_nombuf++; 271 return ENOMEM; 272 } 273 m0 = m; 274 error = bus_dmamap_load_mbuf_sg(sc->sc_dmat, bf->bf_dmamap, m0, 275 bf->bf_segs, &bf->bf_nseg, 276 BUS_DMA_NOWAIT); 277 if (error != 0) { 278 sc->sc_stats.ast_tx_busdma++; 279 ath_freetx(m0); 280 return error; 281 } 282 KASSERT(bf->bf_nseg <= ATH_TXDESC, 283 ("too many segments after defrag; nseg %u", bf->bf_nseg)); 284 } else if (bf->bf_nseg == 0) { /* null packet, discard */ 285 sc->sc_stats.ast_tx_nodata++; 286 ath_freetx(m0); 287 return EIO; 288 } 289 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: m %p len %u\n", 290 __func__, m0, m0->m_pkthdr.len); 291 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 292 bf->bf_m = m0; 293 294 return 0; 295 } 296 297 /* 298 * Chain together segments+descriptors for a non-11n frame. 299 */ 300 static void 301 ath_tx_chaindesclist(struct ath_softc *sc, struct ath_buf *bf) 302 { 303 struct ath_hal *ah = sc->sc_ah; 304 char *ds, *ds0; 305 int i, bp, dsp; 306 HAL_DMA_ADDR bufAddrList[4]; 307 uint32_t segLenList[4]; 308 int numTxMaps = 1; 309 int isFirstDesc = 1; 310 int qnum; 311 312 /* 313 * XXX There's txdma and txdma_mgmt; the descriptor 314 * sizes must match. 315 */ 316 struct ath_descdma *dd = &sc->sc_txdma; 317 318 /* 319 * Fillin the remainder of the descriptor info. 320 */ 321 322 /* 323 * For now the HAL doesn't implement halNumTxMaps for non-EDMA 324 * (ie it's 0.) So just work around it. 325 * 326 * XXX TODO: populate halNumTxMaps for each HAL chip and 327 * then undo this hack. 328 */ 329 if (sc->sc_ah->ah_magic == 0x19741014) 330 numTxMaps = 4; 331 332 /* 333 * For EDMA and later chips ensure the TX map is fully populated 334 * before advancing to the next descriptor. 335 */ 336 ds0 = ds = (char *) bf->bf_desc; 337 bp = dsp = 0; 338 bzero(bufAddrList, sizeof(bufAddrList)); 339 bzero(segLenList, sizeof(segLenList)); 340 for (i = 0; i < bf->bf_nseg; i++) { 341 bufAddrList[bp] = bf->bf_segs[i].ds_addr; 342 segLenList[bp] = bf->bf_segs[i].ds_len; 343 bp++; 344 345 /* 346 * Go to the next segment if this isn't the last segment 347 * and there's space in the current TX map. 348 */ 349 if ((i != bf->bf_nseg - 1) && (bp < numTxMaps)) 350 continue; 351 352 /* 353 * Last segment or we're out of buffer pointers. 354 */ 355 bp = 0; 356 357 if (i == bf->bf_nseg - 1) 358 ath_hal_settxdesclink(ah, (struct ath_desc *) ds, 0); 359 else 360 ath_hal_settxdesclink(ah, (struct ath_desc *) ds, 361 bf->bf_daddr + dd->dd_descsize * (dsp + 1)); 362 363 /* 364 * XXX this assumes that bfs_txq is the actual destination 365 * hardware queue at this point. It may not have been assigned, 366 * it may actually be pointing to the multicast software 367 * TXQ id. These must be fixed! 368 */ 369 qnum = bf->bf_state.bfs_txq->axq_qnum; 370 371 ath_hal_filltxdesc(ah, (struct ath_desc *) ds 372 , bufAddrList 373 , segLenList 374 , bf->bf_descid /* XXX desc id */ 375 , qnum 376 , isFirstDesc /* first segment */ 377 , i == bf->bf_nseg - 1 /* last segment */ 378 , (struct ath_desc *) ds0 /* first descriptor */ 379 ); 380 381 /* Make sure the 11n aggregate fields are cleared */ 382 if (ath_tx_is_11n(sc)) 383 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 384 385 isFirstDesc = 0; 386 #ifdef ATH_DEBUG 387 if (sc->sc_debug & ATH_DEBUG_XMIT) 388 ath_printtxbuf(sc, bf, qnum, 0, 0); 389 #endif 390 bf->bf_lastds = (struct ath_desc *) ds; 391 392 /* 393 * Don't forget to skip to the next descriptor. 394 */ 395 ds += sc->sc_tx_desclen; 396 dsp++; 397 398 /* 399 * .. and don't forget to blank these out! 400 */ 401 bzero(bufAddrList, sizeof(bufAddrList)); 402 bzero(segLenList, sizeof(segLenList)); 403 } 404 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, BUS_DMASYNC_PREWRITE); 405 } 406 407 /* 408 * Fill in the descriptor list for a aggregate subframe. 409 * 410 * The subframe is returned with the ds_link field in the last subframe 411 * pointing to 0. 412 */ 413 static void 414 ath_tx_chaindesclist_subframe(struct ath_softc *sc, struct ath_buf *bf) 415 { 416 struct ath_hal *ah = sc->sc_ah; 417 struct ath_desc *ds, *ds0; 418 int i; 419 HAL_DMA_ADDR bufAddrList[4]; 420 uint32_t segLenList[4]; 421 422 /* 423 * XXX There's txdma and txdma_mgmt; the descriptor 424 * sizes must match. 425 */ 426 struct ath_descdma *dd = &sc->sc_txdma; 427 428 ds0 = ds = bf->bf_desc; 429 430 /* 431 * There's no need to call ath_hal_setupfirsttxdesc here; 432 * That's only going to occur for the first frame in an aggregate. 433 */ 434 for (i = 0; i < bf->bf_nseg; i++, ds++) { 435 bzero(bufAddrList, sizeof(bufAddrList)); 436 bzero(segLenList, sizeof(segLenList)); 437 if (i == bf->bf_nseg - 1) 438 ath_hal_settxdesclink(ah, ds, 0); 439 else 440 ath_hal_settxdesclink(ah, ds, 441 bf->bf_daddr + dd->dd_descsize * (i + 1)); 442 443 bufAddrList[0] = bf->bf_segs[i].ds_addr; 444 segLenList[0] = bf->bf_segs[i].ds_len; 445 446 /* 447 * This performs the setup for an aggregate frame. 448 * This includes enabling the aggregate flags if needed. 449 */ 450 ath_hal_chaintxdesc(ah, ds, 451 bufAddrList, 452 segLenList, 453 bf->bf_state.bfs_pktlen, 454 bf->bf_state.bfs_hdrlen, 455 HAL_PKT_TYPE_AMPDU, /* forces aggregate bits to be set */ 456 bf->bf_state.bfs_keyix, 457 0, /* cipher, calculated from keyix */ 458 bf->bf_state.bfs_ndelim, 459 i == 0, /* first segment */ 460 i == bf->bf_nseg - 1, /* last segment */ 461 bf->bf_next == NULL /* last sub-frame in aggr */ 462 ); 463 464 DPRINTF(sc, ATH_DEBUG_XMIT, 465 "%s: %d: %08x %08x %08x %08x %08x %08x\n", 466 __func__, i, ds->ds_link, ds->ds_data, 467 ds->ds_ctl0, ds->ds_ctl1, ds->ds_hw[0], ds->ds_hw[1]); 468 bf->bf_lastds = ds; 469 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, 470 BUS_DMASYNC_PREWRITE); 471 } 472 } 473 474 /* 475 * Set the rate control fields in the given descriptor based on 476 * the bf_state fields and node state. 477 * 478 * The bfs fields should already be set with the relevant rate 479 * control information, including whether MRR is to be enabled. 480 * 481 * Since the FreeBSD HAL currently sets up the first TX rate 482 * in ath_hal_setuptxdesc(), this will setup the MRR 483 * conditionally for the pre-11n chips, and call ath_buf_set_rate 484 * unconditionally for 11n chips. These require the 11n rate 485 * scenario to be set if MCS rates are enabled, so it's easier 486 * to just always call it. The caller can then only set rates 2, 3 487 * and 4 if multi-rate retry is needed. 488 */ 489 static void 490 ath_tx_set_ratectrl(struct ath_softc *sc, struct ieee80211_node *ni, 491 struct ath_buf *bf) 492 { 493 struct ath_rc_series *rc = bf->bf_state.bfs_rc; 494 495 /* If mrr is disabled, blank tries 1, 2, 3 */ 496 if (! bf->bf_state.bfs_ismrr) 497 rc[1].tries = rc[2].tries = rc[3].tries = 0; 498 499 /* 500 * Always call - that way a retried descriptor will 501 * have the MRR fields overwritten. 502 * 503 * XXX TODO: see if this is really needed - setting up 504 * the first descriptor should set the MRR fields to 0 505 * for us anyway. 506 */ 507 if (ath_tx_is_11n(sc)) { 508 ath_buf_set_rate(sc, ni, bf); 509 } else { 510 ath_hal_setupxtxdesc(sc->sc_ah, bf->bf_desc 511 , rc[1].ratecode, rc[1].tries 512 , rc[2].ratecode, rc[2].tries 513 , rc[3].ratecode, rc[3].tries 514 ); 515 } 516 } 517 518 /* 519 * Setup segments+descriptors for an 11n aggregate. 520 * bf_first is the first buffer in the aggregate. 521 * The descriptor list must already been linked together using 522 * bf->bf_next. 523 */ 524 static void 525 ath_tx_setds_11n(struct ath_softc *sc, struct ath_buf *bf_first) 526 { 527 struct ath_buf *bf, *bf_prev = NULL; 528 529 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: nframes=%d, al=%d\n", 530 __func__, bf_first->bf_state.bfs_nframes, 531 bf_first->bf_state.bfs_al); 532 533 /* 534 * Setup all descriptors of all subframes. 535 */ 536 bf = bf_first; 537 while (bf != NULL) { 538 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 539 "%s: bf=%p, nseg=%d, pktlen=%d, seqno=%d\n", 540 __func__, bf, bf->bf_nseg, bf->bf_state.bfs_pktlen, 541 SEQNO(bf->bf_state.bfs_seqno)); 542 543 /* Sub-frame setup */ 544 ath_tx_chaindesclist_subframe(sc, bf); 545 546 /* 547 * Link the last descriptor of the previous frame 548 * to the beginning descriptor of this frame. 549 */ 550 if (bf_prev != NULL) 551 ath_hal_settxdesclink(sc->sc_ah, bf_prev->bf_lastds, 552 bf->bf_daddr); 553 554 /* Save a copy so we can link the next descriptor in */ 555 bf_prev = bf; 556 bf = bf->bf_next; 557 } 558 559 /* 560 * Setup first descriptor of first frame. 561 * chaintxdesc() overwrites the descriptor entries; 562 * setupfirsttxdesc() merges in things. 563 * Otherwise various fields aren't set correctly (eg flags). 564 */ 565 ath_hal_setupfirsttxdesc(sc->sc_ah, 566 bf_first->bf_desc, 567 bf_first->bf_state.bfs_al, 568 bf_first->bf_state.bfs_txflags | HAL_TXDESC_INTREQ, 569 bf_first->bf_state.bfs_txpower, 570 bf_first->bf_state.bfs_txrate0, 571 bf_first->bf_state.bfs_try0, 572 bf_first->bf_state.bfs_txantenna, 573 bf_first->bf_state.bfs_ctsrate, 574 bf_first->bf_state.bfs_ctsduration); 575 576 /* 577 * Set the first descriptor bf_lastds field to point to 578 * the last descriptor in the last subframe, that's where 579 * the status update will occur. 580 */ 581 bf_first->bf_lastds = bf_prev->bf_lastds; 582 583 /* 584 * And bf_last in the first descriptor points to the end of 585 * the aggregate list. 586 */ 587 bf_first->bf_last = bf_prev; 588 589 /* 590 * setup first desc with rate and aggr info 591 */ 592 ath_tx_set_ratectrl(sc, bf_first->bf_node, bf_first); 593 594 /* 595 * Setup the last descriptor in the list. 596 * 597 * bf_first->bf_lastds already points to it; the rate 598 * control information needs to be squirreled away here 599 * as well ans clearing the moreaggr/paddelim fields. 600 */ 601 ath_hal_setuplasttxdesc(sc->sc_ah, bf_first->bf_lastds, 602 bf_first->bf_desc); 603 604 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: end\n", __func__); 605 } 606 607 /* 608 * Hand-off a frame to the multicast TX queue. 609 * 610 * This is a software TXQ which will be appended to the CAB queue 611 * during the beacon setup code. 612 * 613 * XXX TODO: since the AR9300 EDMA TX queue support wants the QCU ID 614 * as part of the TX descriptor, bf_state.bfs_txq must be updated 615 * with the actual hardware txq, or all of this will fall apart. 616 * 617 * XXX It may not be a bad idea to just stuff the QCU ID into bf_state 618 * and retire bfs_txq; then make sure the CABQ QCU ID is populated 619 * correctly. 620 */ 621 static void 622 ath_tx_handoff_mcast(struct ath_softc *sc, struct ath_txq *txq, 623 struct ath_buf *bf) 624 { 625 ATH_TXQ_LOCK_ASSERT(txq); 626 KASSERT((bf->bf_flags & ATH_BUF_BUSY) == 0, 627 ("%s: busy status 0x%x", __func__, bf->bf_flags)); 628 if (txq->axq_link != NULL) { 629 struct ath_buf *last = ATH_TXQ_LAST(txq, axq_q_s); 630 struct ieee80211_frame *wh; 631 632 /* mark previous frame */ 633 wh = mtod(last->bf_m, struct ieee80211_frame *); 634 wh->i_fc[1] |= IEEE80211_FC1_MORE_DATA; 635 bus_dmamap_sync(sc->sc_dmat, last->bf_dmamap, 636 BUS_DMASYNC_PREWRITE); 637 638 /* link descriptor */ 639 *txq->axq_link = bf->bf_daddr; 640 } 641 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 642 ath_hal_gettxdesclinkptr(sc->sc_ah, bf->bf_lastds, &txq->axq_link); 643 } 644 645 /* 646 * Hand-off packet to a hardware queue. 647 */ 648 static void 649 ath_tx_handoff_hw(struct ath_softc *sc, struct ath_txq *txq, 650 struct ath_buf *bf) 651 { 652 struct ath_hal *ah = sc->sc_ah; 653 654 /* 655 * Insert the frame on the outbound list and pass it on 656 * to the hardware. Multicast frames buffered for power 657 * save stations and transmit from the CAB queue are stored 658 * on a s/w only queue and loaded on to the CAB queue in 659 * the SWBA handler since frames only go out on DTIM and 660 * to avoid possible races. 661 */ 662 ATH_TXQ_LOCK_ASSERT(txq); 663 KASSERT((bf->bf_flags & ATH_BUF_BUSY) == 0, 664 ("%s: busy status 0x%x", __func__, bf->bf_flags)); 665 KASSERT(txq->axq_qnum != ATH_TXQ_SWQ, 666 ("ath_tx_handoff_hw called for mcast queue")); 667 668 #if 0 669 /* 670 * This causes a LOR. Find out where the PCU lock is being 671 * held whilst the TXQ lock is grabbed - that shouldn't 672 * be occuring. 673 */ 674 ATH_PCU_LOCK(sc); 675 if (sc->sc_inreset_cnt) { 676 ATH_PCU_UNLOCK(sc); 677 DPRINTF(sc, ATH_DEBUG_RESET, 678 "%s: called with sc_in_reset != 0\n", 679 __func__); 680 DPRINTF(sc, ATH_DEBUG_XMIT, 681 "%s: queued: TXDP[%u] = %p (%p) depth %d\n", 682 __func__, txq->axq_qnum, 683 (caddr_t)bf->bf_daddr, bf->bf_desc, 684 txq->axq_depth); 685 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 686 if (bf->bf_state.bfs_aggr) 687 txq->axq_aggr_depth++; 688 /* 689 * There's no need to update axq_link; the hardware 690 * is in reset and once the reset is complete, any 691 * non-empty queues will simply have DMA restarted. 692 */ 693 return; 694 } 695 ATH_PCU_UNLOCK(sc); 696 #endif 697 698 /* For now, so not to generate whitespace diffs */ 699 if (1) { 700 #ifdef IEEE80211_SUPPORT_TDMA 701 int qbusy; 702 703 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 704 qbusy = ath_hal_txqenabled(ah, txq->axq_qnum); 705 if (txq->axq_link == NULL) { 706 /* 707 * Be careful writing the address to TXDP. If 708 * the tx q is enabled then this write will be 709 * ignored. Normally this is not an issue but 710 * when tdma is in use and the q is beacon gated 711 * this race can occur. If the q is busy then 712 * defer the work to later--either when another 713 * packet comes along or when we prepare a beacon 714 * frame at SWBA. 715 */ 716 if (!qbusy) { 717 ath_hal_puttxbuf(ah, txq->axq_qnum, 718 bf->bf_daddr); 719 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 720 DPRINTF(sc, ATH_DEBUG_XMIT, 721 "%s: TXDP[%u] = %p (%p) depth %d\n", 722 __func__, txq->axq_qnum, 723 (caddr_t)bf->bf_daddr, bf->bf_desc, 724 txq->axq_depth); 725 } else { 726 txq->axq_flags |= ATH_TXQ_PUTPENDING; 727 DPRINTF(sc, ATH_DEBUG_TDMA | ATH_DEBUG_XMIT, 728 "%s: Q%u busy, defer enable\n", __func__, 729 txq->axq_qnum); 730 } 731 } else { 732 *txq->axq_link = bf->bf_daddr; 733 DPRINTF(sc, ATH_DEBUG_XMIT, 734 "%s: link[%u](%p)=%p (%p) depth %d\n", __func__, 735 txq->axq_qnum, txq->axq_link, 736 (caddr_t)bf->bf_daddr, bf->bf_desc, 737 txq->axq_depth); 738 if ((txq->axq_flags & ATH_TXQ_PUTPENDING) && !qbusy) { 739 /* 740 * The q was busy when we previously tried 741 * to write the address of the first buffer 742 * in the chain. Since it's not busy now 743 * handle this chore. We are certain the 744 * buffer at the front is the right one since 745 * axq_link is NULL only when the buffer list 746 * is/was empty. 747 */ 748 ath_hal_puttxbuf(ah, txq->axq_qnum, 749 TAILQ_FIRST(&txq->axq_q)->bf_daddr); 750 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 751 DPRINTF(sc, ATH_DEBUG_TDMA | ATH_DEBUG_XMIT, 752 "%s: Q%u restarted\n", __func__, 753 txq->axq_qnum); 754 } 755 } 756 #else 757 ATH_TXQ_INSERT_TAIL(txq, bf, bf_list); 758 if (txq->axq_link == NULL) { 759 ath_hal_puttxbuf(ah, txq->axq_qnum, bf->bf_daddr); 760 DPRINTF(sc, ATH_DEBUG_XMIT, 761 "%s: TXDP[%u] = %p (%p) depth %d\n", 762 __func__, txq->axq_qnum, 763 (caddr_t)bf->bf_daddr, bf->bf_desc, 764 txq->axq_depth); 765 } else { 766 *txq->axq_link = bf->bf_daddr; 767 DPRINTF(sc, ATH_DEBUG_XMIT, 768 "%s: link[%u](%p)=%p (%p) depth %d\n", __func__, 769 txq->axq_qnum, txq->axq_link, 770 (caddr_t)bf->bf_daddr, bf->bf_desc, 771 txq->axq_depth); 772 } 773 #endif /* IEEE80211_SUPPORT_TDMA */ 774 if (bf->bf_state.bfs_aggr) 775 txq->axq_aggr_depth++; 776 ath_hal_gettxdesclinkptr(ah, bf->bf_lastds, &txq->axq_link); 777 ath_hal_txstart(ah, txq->axq_qnum); 778 } 779 } 780 781 /* 782 * Restart TX DMA for the given TXQ. 783 * 784 * This must be called whether the queue is empty or not. 785 */ 786 static void 787 ath_legacy_tx_dma_restart(struct ath_softc *sc, struct ath_txq *txq) 788 { 789 struct ath_hal *ah = sc->sc_ah; 790 struct ath_buf *bf, *bf_last; 791 792 ATH_TXQ_LOCK_ASSERT(txq); 793 794 /* This is always going to be cleared, empty or not */ 795 txq->axq_flags &= ~ATH_TXQ_PUTPENDING; 796 797 /* XXX make this ATH_TXQ_FIRST */ 798 bf = TAILQ_FIRST(&txq->axq_q); 799 bf_last = ATH_TXQ_LAST(txq, axq_q_s); 800 801 if (bf == NULL) 802 return; 803 804 ath_hal_puttxbuf(ah, txq->axq_qnum, bf->bf_daddr); 805 ath_hal_gettxdesclinkptr(ah, bf_last->bf_lastds, &txq->axq_link); 806 ath_hal_txstart(ah, txq->axq_qnum); 807 } 808 809 /* 810 * Hand off a packet to the hardware (or mcast queue.) 811 * 812 * The relevant hardware txq should be locked. 813 */ 814 static void 815 ath_legacy_xmit_handoff(struct ath_softc *sc, struct ath_txq *txq, 816 struct ath_buf *bf) 817 { 818 ATH_TXQ_LOCK_ASSERT(txq); 819 820 if (txq->axq_qnum == ATH_TXQ_SWQ) 821 ath_tx_handoff_mcast(sc, txq, bf); 822 else 823 ath_tx_handoff_hw(sc, txq, bf); 824 } 825 826 static int 827 ath_tx_tag_crypto(struct ath_softc *sc, struct ieee80211_node *ni, 828 struct mbuf *m0, int iswep, int isfrag, int *hdrlen, int *pktlen, 829 int *keyix) 830 { 831 DPRINTF(sc, ATH_DEBUG_XMIT, 832 "%s: hdrlen=%d, pktlen=%d, isfrag=%d, iswep=%d, m0=%p\n", 833 __func__, 834 *hdrlen, 835 *pktlen, 836 isfrag, 837 iswep, 838 m0); 839 840 if (iswep) { 841 const struct ieee80211_cipher *cip; 842 struct ieee80211_key *k; 843 844 /* 845 * Construct the 802.11 header+trailer for an encrypted 846 * frame. The only reason this can fail is because of an 847 * unknown or unsupported cipher/key type. 848 */ 849 k = ieee80211_crypto_encap(ni, m0); 850 if (k == NULL) { 851 /* 852 * This can happen when the key is yanked after the 853 * frame was queued. Just discard the frame; the 854 * 802.11 layer counts failures and provides 855 * debugging/diagnostics. 856 */ 857 return (0); 858 } 859 /* 860 * Adjust the packet + header lengths for the crypto 861 * additions and calculate the h/w key index. When 862 * a s/w mic is done the frame will have had any mic 863 * added to it prior to entry so m0->m_pkthdr.len will 864 * account for it. Otherwise we need to add it to the 865 * packet length. 866 */ 867 cip = k->wk_cipher; 868 (*hdrlen) += cip->ic_header; 869 (*pktlen) += cip->ic_header + cip->ic_trailer; 870 /* NB: frags always have any TKIP MIC done in s/w */ 871 if ((k->wk_flags & IEEE80211_KEY_SWMIC) == 0 && !isfrag) 872 (*pktlen) += cip->ic_miclen; 873 (*keyix) = k->wk_keyix; 874 } else if (ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { 875 /* 876 * Use station key cache slot, if assigned. 877 */ 878 (*keyix) = ni->ni_ucastkey.wk_keyix; 879 if ((*keyix) == IEEE80211_KEYIX_NONE) 880 (*keyix) = HAL_TXKEYIX_INVALID; 881 } else 882 (*keyix) = HAL_TXKEYIX_INVALID; 883 884 return (1); 885 } 886 887 /* 888 * Calculate whether interoperability protection is required for 889 * this frame. 890 * 891 * This requires the rate control information be filled in, 892 * as the protection requirement depends upon the current 893 * operating mode / PHY. 894 */ 895 static void 896 ath_tx_calc_protection(struct ath_softc *sc, struct ath_buf *bf) 897 { 898 struct ieee80211_frame *wh; 899 uint8_t rix; 900 uint16_t flags; 901 int shortPreamble; 902 const HAL_RATE_TABLE *rt = sc->sc_currates; 903 struct ifnet *ifp = sc->sc_ifp; 904 struct ieee80211com *ic = ifp->if_l2com; 905 906 flags = bf->bf_state.bfs_txflags; 907 rix = bf->bf_state.bfs_rc[0].rix; 908 shortPreamble = bf->bf_state.bfs_shpream; 909 wh = mtod(bf->bf_m, struct ieee80211_frame *); 910 911 /* 912 * If 802.11g protection is enabled, determine whether 913 * to use RTS/CTS or just CTS. Note that this is only 914 * done for OFDM unicast frames. 915 */ 916 if ((ic->ic_flags & IEEE80211_F_USEPROT) && 917 rt->info[rix].phy == IEEE80211_T_OFDM && 918 (flags & HAL_TXDESC_NOACK) == 0) { 919 bf->bf_state.bfs_doprot = 1; 920 /* XXX fragments must use CCK rates w/ protection */ 921 if (ic->ic_protmode == IEEE80211_PROT_RTSCTS) { 922 flags |= HAL_TXDESC_RTSENA; 923 } else if (ic->ic_protmode == IEEE80211_PROT_CTSONLY) { 924 flags |= HAL_TXDESC_CTSENA; 925 } 926 /* 927 * For frags it would be desirable to use the 928 * highest CCK rate for RTS/CTS. But stations 929 * farther away may detect it at a lower CCK rate 930 * so use the configured protection rate instead 931 * (for now). 932 */ 933 sc->sc_stats.ast_tx_protect++; 934 } 935 936 /* 937 * If 11n protection is enabled and it's a HT frame, 938 * enable RTS. 939 * 940 * XXX ic_htprotmode or ic_curhtprotmode? 941 * XXX should it_htprotmode only matter if ic_curhtprotmode 942 * XXX indicates it's not a HT pure environment? 943 */ 944 if ((ic->ic_htprotmode == IEEE80211_PROT_RTSCTS) && 945 rt->info[rix].phy == IEEE80211_T_HT && 946 (flags & HAL_TXDESC_NOACK) == 0) { 947 flags |= HAL_TXDESC_RTSENA; 948 sc->sc_stats.ast_tx_htprotect++; 949 } 950 bf->bf_state.bfs_txflags = flags; 951 } 952 953 /* 954 * Update the frame duration given the currently selected rate. 955 * 956 * This also updates the frame duration value, so it will require 957 * a DMA flush. 958 */ 959 static void 960 ath_tx_calc_duration(struct ath_softc *sc, struct ath_buf *bf) 961 { 962 struct ieee80211_frame *wh; 963 uint8_t rix; 964 uint16_t flags; 965 int shortPreamble; 966 struct ath_hal *ah = sc->sc_ah; 967 const HAL_RATE_TABLE *rt = sc->sc_currates; 968 int isfrag = bf->bf_m->m_flags & M_FRAG; 969 970 flags = bf->bf_state.bfs_txflags; 971 rix = bf->bf_state.bfs_rc[0].rix; 972 shortPreamble = bf->bf_state.bfs_shpream; 973 wh = mtod(bf->bf_m, struct ieee80211_frame *); 974 975 /* 976 * Calculate duration. This logically belongs in the 802.11 977 * layer but it lacks sufficient information to calculate it. 978 */ 979 if ((flags & HAL_TXDESC_NOACK) == 0 && 980 (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != IEEE80211_FC0_TYPE_CTL) { 981 u_int16_t dur; 982 if (shortPreamble) 983 dur = rt->info[rix].spAckDuration; 984 else 985 dur = rt->info[rix].lpAckDuration; 986 if (wh->i_fc[1] & IEEE80211_FC1_MORE_FRAG) { 987 dur += dur; /* additional SIFS+ACK */ 988 KASSERT(bf->bf_m->m_nextpkt != NULL, ("no fragment")); 989 /* 990 * Include the size of next fragment so NAV is 991 * updated properly. The last fragment uses only 992 * the ACK duration 993 */ 994 dur += ath_hal_computetxtime(ah, rt, 995 bf->bf_m->m_nextpkt->m_pkthdr.len, 996 rix, shortPreamble); 997 } 998 if (isfrag) { 999 /* 1000 * Force hardware to use computed duration for next 1001 * fragment by disabling multi-rate retry which updates 1002 * duration based on the multi-rate duration table. 1003 */ 1004 bf->bf_state.bfs_ismrr = 0; 1005 bf->bf_state.bfs_try0 = ATH_TXMGTTRY; 1006 /* XXX update bfs_rc[0].try? */ 1007 } 1008 1009 /* Update the duration field itself */ 1010 *(u_int16_t *)wh->i_dur = htole16(dur); 1011 } 1012 } 1013 1014 static uint8_t 1015 ath_tx_get_rtscts_rate(struct ath_hal *ah, const HAL_RATE_TABLE *rt, 1016 int cix, int shortPreamble) 1017 { 1018 uint8_t ctsrate; 1019 1020 /* 1021 * CTS transmit rate is derived from the transmit rate 1022 * by looking in the h/w rate table. We must also factor 1023 * in whether or not a short preamble is to be used. 1024 */ 1025 /* NB: cix is set above where RTS/CTS is enabled */ 1026 KASSERT(cix != 0xff, ("cix not setup")); 1027 ctsrate = rt->info[cix].rateCode; 1028 1029 /* XXX this should only matter for legacy rates */ 1030 if (shortPreamble) 1031 ctsrate |= rt->info[cix].shortPreamble; 1032 1033 return (ctsrate); 1034 } 1035 1036 /* 1037 * Calculate the RTS/CTS duration for legacy frames. 1038 */ 1039 static int 1040 ath_tx_calc_ctsduration(struct ath_hal *ah, int rix, int cix, 1041 int shortPreamble, int pktlen, const HAL_RATE_TABLE *rt, 1042 int flags) 1043 { 1044 int ctsduration = 0; 1045 1046 /* This mustn't be called for HT modes */ 1047 if (rt->info[cix].phy == IEEE80211_T_HT) { 1048 printf("%s: HT rate where it shouldn't be (0x%x)\n", 1049 __func__, rt->info[cix].rateCode); 1050 return (-1); 1051 } 1052 1053 /* 1054 * Compute the transmit duration based on the frame 1055 * size and the size of an ACK frame. We call into the 1056 * HAL to do the computation since it depends on the 1057 * characteristics of the actual PHY being used. 1058 * 1059 * NB: CTS is assumed the same size as an ACK so we can 1060 * use the precalculated ACK durations. 1061 */ 1062 if (shortPreamble) { 1063 if (flags & HAL_TXDESC_RTSENA) /* SIFS + CTS */ 1064 ctsduration += rt->info[cix].spAckDuration; 1065 ctsduration += ath_hal_computetxtime(ah, 1066 rt, pktlen, rix, AH_TRUE); 1067 if ((flags & HAL_TXDESC_NOACK) == 0) /* SIFS + ACK */ 1068 ctsduration += rt->info[rix].spAckDuration; 1069 } else { 1070 if (flags & HAL_TXDESC_RTSENA) /* SIFS + CTS */ 1071 ctsduration += rt->info[cix].lpAckDuration; 1072 ctsduration += ath_hal_computetxtime(ah, 1073 rt, pktlen, rix, AH_FALSE); 1074 if ((flags & HAL_TXDESC_NOACK) == 0) /* SIFS + ACK */ 1075 ctsduration += rt->info[rix].lpAckDuration; 1076 } 1077 1078 return (ctsduration); 1079 } 1080 1081 /* 1082 * Update the given ath_buf with updated rts/cts setup and duration 1083 * values. 1084 * 1085 * To support rate lookups for each software retry, the rts/cts rate 1086 * and cts duration must be re-calculated. 1087 * 1088 * This function assumes the RTS/CTS flags have been set as needed; 1089 * mrr has been disabled; and the rate control lookup has been done. 1090 * 1091 * XXX TODO: MRR need only be disabled for the pre-11n NICs. 1092 * XXX The 11n NICs support per-rate RTS/CTS configuration. 1093 */ 1094 static void 1095 ath_tx_set_rtscts(struct ath_softc *sc, struct ath_buf *bf) 1096 { 1097 uint16_t ctsduration = 0; 1098 uint8_t ctsrate = 0; 1099 uint8_t rix = bf->bf_state.bfs_rc[0].rix; 1100 uint8_t cix = 0; 1101 const HAL_RATE_TABLE *rt = sc->sc_currates; 1102 1103 /* 1104 * No RTS/CTS enabled? Don't bother. 1105 */ 1106 if ((bf->bf_state.bfs_txflags & 1107 (HAL_TXDESC_RTSENA | HAL_TXDESC_CTSENA)) == 0) { 1108 /* XXX is this really needed? */ 1109 bf->bf_state.bfs_ctsrate = 0; 1110 bf->bf_state.bfs_ctsduration = 0; 1111 return; 1112 } 1113 1114 /* 1115 * If protection is enabled, use the protection rix control 1116 * rate. Otherwise use the rate0 control rate. 1117 */ 1118 if (bf->bf_state.bfs_doprot) 1119 rix = sc->sc_protrix; 1120 else 1121 rix = bf->bf_state.bfs_rc[0].rix; 1122 1123 /* 1124 * If the raw path has hard-coded ctsrate0 to something, 1125 * use it. 1126 */ 1127 if (bf->bf_state.bfs_ctsrate0 != 0) 1128 cix = ath_tx_findrix(sc, bf->bf_state.bfs_ctsrate0); 1129 else 1130 /* Control rate from above */ 1131 cix = rt->info[rix].controlRate; 1132 1133 /* Calculate the rtscts rate for the given cix */ 1134 ctsrate = ath_tx_get_rtscts_rate(sc->sc_ah, rt, cix, 1135 bf->bf_state.bfs_shpream); 1136 1137 /* The 11n chipsets do ctsduration calculations for you */ 1138 if (! ath_tx_is_11n(sc)) 1139 ctsduration = ath_tx_calc_ctsduration(sc->sc_ah, rix, cix, 1140 bf->bf_state.bfs_shpream, bf->bf_state.bfs_pktlen, 1141 rt, bf->bf_state.bfs_txflags); 1142 1143 /* Squirrel away in ath_buf */ 1144 bf->bf_state.bfs_ctsrate = ctsrate; 1145 bf->bf_state.bfs_ctsduration = ctsduration; 1146 1147 /* 1148 * Must disable multi-rate retry when using RTS/CTS. 1149 */ 1150 if (!sc->sc_mrrprot) { 1151 bf->bf_state.bfs_ismrr = 0; 1152 bf->bf_state.bfs_try0 = 1153 bf->bf_state.bfs_rc[0].tries = ATH_TXMGTTRY; /* XXX ew */ 1154 } 1155 } 1156 1157 /* 1158 * Setup the descriptor chain for a normal or fast-frame 1159 * frame. 1160 * 1161 * XXX TODO: extend to include the destination hardware QCU ID. 1162 * Make sure that is correct. Make sure that when being added 1163 * to the mcastq, the CABQ QCUID is set or things will get a bit 1164 * odd. 1165 */ 1166 static void 1167 ath_tx_setds(struct ath_softc *sc, struct ath_buf *bf) 1168 { 1169 struct ath_desc *ds = bf->bf_desc; 1170 struct ath_hal *ah = sc->sc_ah; 1171 1172 ath_hal_setuptxdesc(ah, ds 1173 , bf->bf_state.bfs_pktlen /* packet length */ 1174 , bf->bf_state.bfs_hdrlen /* header length */ 1175 , bf->bf_state.bfs_atype /* Atheros packet type */ 1176 , bf->bf_state.bfs_txpower /* txpower */ 1177 , bf->bf_state.bfs_txrate0 1178 , bf->bf_state.bfs_try0 /* series 0 rate/tries */ 1179 , bf->bf_state.bfs_keyix /* key cache index */ 1180 , bf->bf_state.bfs_txantenna /* antenna mode */ 1181 , bf->bf_state.bfs_txflags /* flags */ 1182 , bf->bf_state.bfs_ctsrate /* rts/cts rate */ 1183 , bf->bf_state.bfs_ctsduration /* rts/cts duration */ 1184 ); 1185 1186 /* 1187 * This will be overriden when the descriptor chain is written. 1188 */ 1189 bf->bf_lastds = ds; 1190 bf->bf_last = bf; 1191 1192 /* Set rate control and descriptor chain for this frame */ 1193 ath_tx_set_ratectrl(sc, bf->bf_node, bf); 1194 ath_tx_chaindesclist(sc, bf); 1195 } 1196 1197 /* 1198 * Do a rate lookup. 1199 * 1200 * This performs a rate lookup for the given ath_buf only if it's required. 1201 * Non-data frames and raw frames don't require it. 1202 * 1203 * This populates the primary and MRR entries; MRR values are 1204 * then disabled later on if something requires it (eg RTS/CTS on 1205 * pre-11n chipsets. 1206 * 1207 * This needs to be done before the RTS/CTS fields are calculated 1208 * as they may depend upon the rate chosen. 1209 */ 1210 static void 1211 ath_tx_do_ratelookup(struct ath_softc *sc, struct ath_buf *bf) 1212 { 1213 uint8_t rate, rix; 1214 int try0; 1215 1216 if (! bf->bf_state.bfs_doratelookup) 1217 return; 1218 1219 /* Get rid of any previous state */ 1220 bzero(bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 1221 1222 ATH_NODE_LOCK(ATH_NODE(bf->bf_node)); 1223 ath_rate_findrate(sc, ATH_NODE(bf->bf_node), bf->bf_state.bfs_shpream, 1224 bf->bf_state.bfs_pktlen, &rix, &try0, &rate); 1225 1226 /* In case MRR is disabled, make sure rc[0] is setup correctly */ 1227 bf->bf_state.bfs_rc[0].rix = rix; 1228 bf->bf_state.bfs_rc[0].ratecode = rate; 1229 bf->bf_state.bfs_rc[0].tries = try0; 1230 1231 if (bf->bf_state.bfs_ismrr && try0 != ATH_TXMAXTRY) 1232 ath_rate_getxtxrates(sc, ATH_NODE(bf->bf_node), rix, 1233 bf->bf_state.bfs_rc); 1234 ATH_NODE_UNLOCK(ATH_NODE(bf->bf_node)); 1235 1236 sc->sc_txrix = rix; /* for LED blinking */ 1237 sc->sc_lastdatarix = rix; /* for fast frames */ 1238 bf->bf_state.bfs_try0 = try0; 1239 bf->bf_state.bfs_txrate0 = rate; 1240 } 1241 1242 /* 1243 * Transmit the given frame to the hardware. 1244 * 1245 * The frame must already be setup; rate control must already have 1246 * been done. 1247 * 1248 * XXX since the TXQ lock is being held here (and I dislike holding 1249 * it for this long when not doing software aggregation), later on 1250 * break this function into "setup_normal" and "xmit_normal". The 1251 * lock only needs to be held for the ath_tx_handoff call. 1252 */ 1253 static void 1254 ath_tx_xmit_normal(struct ath_softc *sc, struct ath_txq *txq, 1255 struct ath_buf *bf) 1256 { 1257 1258 ATH_TXQ_LOCK_ASSERT(txq); 1259 1260 /* Setup the descriptor before handoff */ 1261 ath_tx_do_ratelookup(sc, bf); 1262 ath_tx_calc_duration(sc, bf); 1263 ath_tx_calc_protection(sc, bf); 1264 ath_tx_set_rtscts(sc, bf); 1265 ath_tx_rate_fill_rcflags(sc, bf); 1266 ath_tx_setds(sc, bf); 1267 1268 /* Hand off to hardware */ 1269 ath_tx_handoff(sc, txq, bf); 1270 } 1271 1272 1273 1274 static int 1275 ath_tx_normal_setup(struct ath_softc *sc, struct ieee80211_node *ni, 1276 struct ath_buf *bf, struct mbuf *m0, struct ath_txq *txq) 1277 { 1278 struct ieee80211vap *vap = ni->ni_vap; 1279 struct ath_hal *ah = sc->sc_ah; 1280 struct ifnet *ifp = sc->sc_ifp; 1281 struct ieee80211com *ic = ifp->if_l2com; 1282 const struct chanAccParams *cap = &ic->ic_wme.wme_chanParams; 1283 int error, iswep, ismcast, isfrag, ismrr; 1284 int keyix, hdrlen, pktlen, try0 = 0; 1285 u_int8_t rix = 0, txrate = 0; 1286 struct ath_desc *ds; 1287 struct ieee80211_frame *wh; 1288 u_int subtype, flags; 1289 HAL_PKT_TYPE atype; 1290 const HAL_RATE_TABLE *rt; 1291 HAL_BOOL shortPreamble; 1292 struct ath_node *an; 1293 u_int pri; 1294 1295 /* 1296 * To ensure that both sequence numbers and the CCMP PN handling 1297 * is "correct", make sure that the relevant TID queue is locked. 1298 * Otherwise the CCMP PN and seqno may appear out of order, causing 1299 * re-ordered frames to have out of order CCMP PN's, resulting 1300 * in many, many frame drops. 1301 */ 1302 ATH_TXQ_LOCK_ASSERT(txq); 1303 1304 wh = mtod(m0, struct ieee80211_frame *); 1305 iswep = wh->i_fc[1] & IEEE80211_FC1_WEP; 1306 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1307 isfrag = m0->m_flags & M_FRAG; 1308 hdrlen = ieee80211_anyhdrsize(wh); 1309 /* 1310 * Packet length must not include any 1311 * pad bytes; deduct them here. 1312 */ 1313 pktlen = m0->m_pkthdr.len - (hdrlen & 3); 1314 1315 /* Handle encryption twiddling if needed */ 1316 if (! ath_tx_tag_crypto(sc, ni, m0, iswep, isfrag, &hdrlen, 1317 &pktlen, &keyix)) { 1318 ath_freetx(m0); 1319 return EIO; 1320 } 1321 1322 /* packet header may have moved, reset our local pointer */ 1323 wh = mtod(m0, struct ieee80211_frame *); 1324 1325 pktlen += IEEE80211_CRC_LEN; 1326 1327 /* 1328 * Load the DMA map so any coalescing is done. This 1329 * also calculates the number of descriptors we need. 1330 */ 1331 error = ath_tx_dmasetup(sc, bf, m0); 1332 if (error != 0) 1333 return error; 1334 bf->bf_node = ni; /* NB: held reference */ 1335 m0 = bf->bf_m; /* NB: may have changed */ 1336 wh = mtod(m0, struct ieee80211_frame *); 1337 1338 /* setup descriptors */ 1339 ds = bf->bf_desc; 1340 rt = sc->sc_currates; 1341 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 1342 1343 /* 1344 * NB: the 802.11 layer marks whether or not we should 1345 * use short preamble based on the current mode and 1346 * negotiated parameters. 1347 */ 1348 if ((ic->ic_flags & IEEE80211_F_SHPREAMBLE) && 1349 (ni->ni_capinfo & IEEE80211_CAPINFO_SHORT_PREAMBLE)) { 1350 shortPreamble = AH_TRUE; 1351 sc->sc_stats.ast_tx_shortpre++; 1352 } else { 1353 shortPreamble = AH_FALSE; 1354 } 1355 1356 an = ATH_NODE(ni); 1357 flags = HAL_TXDESC_CLRDMASK; /* XXX needed for crypto errs */ 1358 ismrr = 0; /* default no multi-rate retry*/ 1359 pri = M_WME_GETAC(m0); /* honor classification */ 1360 /* XXX use txparams instead of fixed values */ 1361 /* 1362 * Calculate Atheros packet type from IEEE80211 packet header, 1363 * setup for rate calculations, and select h/w transmit queue. 1364 */ 1365 switch (wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) { 1366 case IEEE80211_FC0_TYPE_MGT: 1367 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1368 if (subtype == IEEE80211_FC0_SUBTYPE_BEACON) 1369 atype = HAL_PKT_TYPE_BEACON; 1370 else if (subtype == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 1371 atype = HAL_PKT_TYPE_PROBE_RESP; 1372 else if (subtype == IEEE80211_FC0_SUBTYPE_ATIM) 1373 atype = HAL_PKT_TYPE_ATIM; 1374 else 1375 atype = HAL_PKT_TYPE_NORMAL; /* XXX */ 1376 rix = an->an_mgmtrix; 1377 txrate = rt->info[rix].rateCode; 1378 if (shortPreamble) 1379 txrate |= rt->info[rix].shortPreamble; 1380 try0 = ATH_TXMGTTRY; 1381 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1382 break; 1383 case IEEE80211_FC0_TYPE_CTL: 1384 atype = HAL_PKT_TYPE_PSPOLL; /* stop setting of duration */ 1385 rix = an->an_mgmtrix; 1386 txrate = rt->info[rix].rateCode; 1387 if (shortPreamble) 1388 txrate |= rt->info[rix].shortPreamble; 1389 try0 = ATH_TXMGTTRY; 1390 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1391 break; 1392 case IEEE80211_FC0_TYPE_DATA: 1393 atype = HAL_PKT_TYPE_NORMAL; /* default */ 1394 /* 1395 * Data frames: multicast frames go out at a fixed rate, 1396 * EAPOL frames use the mgmt frame rate; otherwise consult 1397 * the rate control module for the rate to use. 1398 */ 1399 if (ismcast) { 1400 rix = an->an_mcastrix; 1401 txrate = rt->info[rix].rateCode; 1402 if (shortPreamble) 1403 txrate |= rt->info[rix].shortPreamble; 1404 try0 = 1; 1405 } else if (m0->m_flags & M_EAPOL) { 1406 /* XXX? maybe always use long preamble? */ 1407 rix = an->an_mgmtrix; 1408 txrate = rt->info[rix].rateCode; 1409 if (shortPreamble) 1410 txrate |= rt->info[rix].shortPreamble; 1411 try0 = ATH_TXMAXTRY; /* XXX?too many? */ 1412 } else { 1413 /* 1414 * Do rate lookup on each TX, rather than using 1415 * the hard-coded TX information decided here. 1416 */ 1417 ismrr = 1; 1418 bf->bf_state.bfs_doratelookup = 1; 1419 } 1420 if (cap->cap_wmeParams[pri].wmep_noackPolicy) 1421 flags |= HAL_TXDESC_NOACK; 1422 break; 1423 default: 1424 if_printf(ifp, "bogus frame type 0x%x (%s)\n", 1425 wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK, __func__); 1426 /* XXX statistic */ 1427 ath_freetx(m0); 1428 return EIO; 1429 } 1430 1431 /* 1432 * There are two known scenarios where the frame AC doesn't match 1433 * what the destination TXQ is. 1434 * 1435 * + non-QoS frames (eg management?) that the net80211 stack has 1436 * assigned a higher AC to, but since it's a non-QoS TID, it's 1437 * being thrown into TID 16. TID 16 gets the AC_BE queue. 1438 * It's quite possible that management frames should just be 1439 * direct dispatched to hardware rather than go via the software 1440 * queue; that should be investigated in the future. There are 1441 * some specific scenarios where this doesn't make sense, mostly 1442 * surrounding ADDBA request/response - hence why that is special 1443 * cased. 1444 * 1445 * + Multicast frames going into the VAP mcast queue. That shows up 1446 * as "TXQ 11". 1447 * 1448 * This driver should eventually support separate TID and TXQ locking, 1449 * allowing for arbitrary AC frames to appear on arbitrary software 1450 * queues, being queued to the "correct" hardware queue when needed. 1451 */ 1452 #if 0 1453 if (txq != sc->sc_ac2q[pri]) { 1454 device_printf(sc->sc_dev, 1455 "%s: txq=%p (%d), pri=%d, pri txq=%p (%d)\n", 1456 __func__, 1457 txq, 1458 txq->axq_qnum, 1459 pri, 1460 sc->sc_ac2q[pri], 1461 sc->sc_ac2q[pri]->axq_qnum); 1462 } 1463 #endif 1464 1465 /* 1466 * Calculate miscellaneous flags. 1467 */ 1468 if (ismcast) { 1469 flags |= HAL_TXDESC_NOACK; /* no ack on broad/multicast */ 1470 } else if (pktlen > vap->iv_rtsthreshold && 1471 (ni->ni_ath_flags & IEEE80211_NODE_FF) == 0) { 1472 flags |= HAL_TXDESC_RTSENA; /* RTS based on frame length */ 1473 sc->sc_stats.ast_tx_rts++; 1474 } 1475 if (flags & HAL_TXDESC_NOACK) /* NB: avoid double counting */ 1476 sc->sc_stats.ast_tx_noack++; 1477 #ifdef IEEE80211_SUPPORT_TDMA 1478 if (sc->sc_tdma && (flags & HAL_TXDESC_NOACK) == 0) { 1479 DPRINTF(sc, ATH_DEBUG_TDMA, 1480 "%s: discard frame, ACK required w/ TDMA\n", __func__); 1481 sc->sc_stats.ast_tdma_ack++; 1482 ath_freetx(m0); 1483 return EIO; 1484 } 1485 #endif 1486 1487 /* 1488 * Determine if a tx interrupt should be generated for 1489 * this descriptor. We take a tx interrupt to reap 1490 * descriptors when the h/w hits an EOL condition or 1491 * when the descriptor is specifically marked to generate 1492 * an interrupt. We periodically mark descriptors in this 1493 * way to insure timely replenishing of the supply needed 1494 * for sending frames. Defering interrupts reduces system 1495 * load and potentially allows more concurrent work to be 1496 * done but if done to aggressively can cause senders to 1497 * backup. 1498 * 1499 * NB: use >= to deal with sc_txintrperiod changing 1500 * dynamically through sysctl. 1501 */ 1502 if (flags & HAL_TXDESC_INTREQ) { 1503 txq->axq_intrcnt = 0; 1504 } else if (++txq->axq_intrcnt >= sc->sc_txintrperiod) { 1505 flags |= HAL_TXDESC_INTREQ; 1506 txq->axq_intrcnt = 0; 1507 } 1508 1509 /* This point forward is actual TX bits */ 1510 1511 /* 1512 * At this point we are committed to sending the frame 1513 * and we don't need to look at m_nextpkt; clear it in 1514 * case this frame is part of frag chain. 1515 */ 1516 m0->m_nextpkt = NULL; 1517 1518 if (IFF_DUMPPKTS(sc, ATH_DEBUG_XMIT)) 1519 ieee80211_dump_pkt(ic, mtod(m0, const uint8_t *), m0->m_len, 1520 sc->sc_hwmap[rix].ieeerate, -1); 1521 1522 if (ieee80211_radiotap_active_vap(vap)) { 1523 u_int64_t tsf = ath_hal_gettsf64(ah); 1524 1525 sc->sc_tx_th.wt_tsf = htole64(tsf); 1526 sc->sc_tx_th.wt_flags = sc->sc_hwmap[rix].txflags; 1527 if (iswep) 1528 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1529 if (isfrag) 1530 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_FRAG; 1531 sc->sc_tx_th.wt_rate = sc->sc_hwmap[rix].ieeerate; 1532 sc->sc_tx_th.wt_txpower = ni->ni_txpower; 1533 sc->sc_tx_th.wt_antenna = sc->sc_txantenna; 1534 1535 ieee80211_radiotap_tx(vap, m0); 1536 } 1537 1538 /* Blank the legacy rate array */ 1539 bzero(&bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 1540 1541 /* 1542 * ath_buf_set_rate needs at least one rate/try to setup 1543 * the rate scenario. 1544 */ 1545 bf->bf_state.bfs_rc[0].rix = rix; 1546 bf->bf_state.bfs_rc[0].tries = try0; 1547 bf->bf_state.bfs_rc[0].ratecode = txrate; 1548 1549 /* Store the decided rate index values away */ 1550 bf->bf_state.bfs_pktlen = pktlen; 1551 bf->bf_state.bfs_hdrlen = hdrlen; 1552 bf->bf_state.bfs_atype = atype; 1553 bf->bf_state.bfs_txpower = ni->ni_txpower; 1554 bf->bf_state.bfs_txrate0 = txrate; 1555 bf->bf_state.bfs_try0 = try0; 1556 bf->bf_state.bfs_keyix = keyix; 1557 bf->bf_state.bfs_txantenna = sc->sc_txantenna; 1558 bf->bf_state.bfs_txflags = flags; 1559 bf->bf_state.bfs_shpream = shortPreamble; 1560 1561 /* XXX this should be done in ath_tx_setrate() */ 1562 bf->bf_state.bfs_ctsrate0 = 0; /* ie, no hard-coded ctsrate */ 1563 bf->bf_state.bfs_ctsrate = 0; /* calculated later */ 1564 bf->bf_state.bfs_ctsduration = 0; 1565 bf->bf_state.bfs_ismrr = ismrr; 1566 1567 return 0; 1568 } 1569 1570 /* 1571 * Direct-dispatch the current frame to the hardware. 1572 * 1573 * This can be called by the net80211 code. 1574 * 1575 * XXX what about locking? Or, push the seqno assign into the 1576 * XXX aggregate scheduler so its serialised? 1577 */ 1578 int 1579 ath_tx_start(struct ath_softc *sc, struct ieee80211_node *ni, 1580 struct ath_buf *bf, struct mbuf *m0) 1581 { 1582 struct ieee80211vap *vap = ni->ni_vap; 1583 struct ath_vap *avp = ATH_VAP(vap); 1584 int r = 0; 1585 u_int pri; 1586 int tid; 1587 struct ath_txq *txq; 1588 int ismcast; 1589 const struct ieee80211_frame *wh; 1590 int is_ampdu, is_ampdu_tx, is_ampdu_pending; 1591 ieee80211_seq seqno; 1592 uint8_t type, subtype; 1593 1594 /* 1595 * Determine the target hardware queue. 1596 * 1597 * For multicast frames, the txq gets overridden appropriately 1598 * depending upon the state of PS. 1599 * 1600 * For any other frame, we do a TID/QoS lookup inside the frame 1601 * to see what the TID should be. If it's a non-QoS frame, the 1602 * AC and TID are overridden. The TID/TXQ code assumes the 1603 * TID is on a predictable hardware TXQ, so we don't support 1604 * having a node TID queued to multiple hardware TXQs. 1605 * This may change in the future but would require some locking 1606 * fudgery. 1607 */ 1608 pri = ath_tx_getac(sc, m0); 1609 tid = ath_tx_gettid(sc, m0); 1610 1611 txq = sc->sc_ac2q[pri]; 1612 wh = mtod(m0, struct ieee80211_frame *); 1613 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1614 type = wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK; 1615 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 1616 1617 /* 1618 * Enforce how deep the multicast queue can grow. 1619 * 1620 * XXX duplicated in ath_raw_xmit(). 1621 */ 1622 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 1623 ATH_TXQ_LOCK(sc->sc_cabq); 1624 1625 if (sc->sc_cabq->axq_depth > sc->sc_txq_mcastq_maxdepth) { 1626 sc->sc_stats.ast_tx_mcastq_overflow++; 1627 r = ENOBUFS; 1628 } 1629 1630 ATH_TXQ_UNLOCK(sc->sc_cabq); 1631 1632 if (r != 0) { 1633 m_freem(m0); 1634 return r; 1635 } 1636 } 1637 1638 /* A-MPDU TX */ 1639 is_ampdu_tx = ath_tx_ampdu_running(sc, ATH_NODE(ni), tid); 1640 is_ampdu_pending = ath_tx_ampdu_pending(sc, ATH_NODE(ni), tid); 1641 is_ampdu = is_ampdu_tx | is_ampdu_pending; 1642 1643 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d, ac=%d, is_ampdu=%d\n", 1644 __func__, tid, pri, is_ampdu); 1645 1646 /* Set local packet state, used to queue packets to hardware */ 1647 bf->bf_state.bfs_tid = tid; 1648 bf->bf_state.bfs_txq = txq; 1649 bf->bf_state.bfs_pri = pri; 1650 1651 /* 1652 * When servicing one or more stations in power-save mode 1653 * (or) if there is some mcast data waiting on the mcast 1654 * queue (to prevent out of order delivery) multicast frames 1655 * must be bufferd until after the beacon. 1656 * 1657 * TODO: we should lock the mcastq before we check the length. 1658 */ 1659 if (ismcast && (vap->iv_ps_sta || avp->av_mcastq.axq_depth)) { 1660 txq = &avp->av_mcastq; 1661 /* 1662 * Mark the frame as eventually belonging on the CAB 1663 * queue, so the descriptor setup functions will 1664 * correctly initialise the descriptor 'qcuId' field. 1665 */ 1666 bf->bf_state.bfs_txq = sc->sc_cabq; 1667 } 1668 1669 /* Do the generic frame setup */ 1670 /* XXX should just bzero the bf_state? */ 1671 bf->bf_state.bfs_dobaw = 0; 1672 1673 /* 1674 * Acquire the TXQ lock early, so both the encap and seqno 1675 * are allocated together. 1676 * 1677 * XXX should TXQ for CABQ traffic be the multicast queue, 1678 * or the TXQ the given PRI would allocate from? (eg for 1679 * sequence number allocation locking.) 1680 */ 1681 ATH_TXQ_LOCK(txq); 1682 1683 /* A-MPDU TX? Manually set sequence number */ 1684 /* 1685 * Don't do it whilst pending; the net80211 layer still 1686 * assigns them. 1687 */ 1688 if (is_ampdu_tx) { 1689 /* 1690 * Always call; this function will 1691 * handle making sure that null data frames 1692 * don't get a sequence number from the current 1693 * TID and thus mess with the BAW. 1694 */ 1695 seqno = ath_tx_tid_seqno_assign(sc, ni, bf, m0); 1696 1697 /* 1698 * Don't add QoS NULL frames to the BAW. 1699 */ 1700 if (IEEE80211_QOS_HAS_SEQ(wh) && 1701 subtype != IEEE80211_FC0_SUBTYPE_QOS_NULL) { 1702 bf->bf_state.bfs_dobaw = 1; 1703 } 1704 } 1705 1706 /* 1707 * If needed, the sequence number has been assigned. 1708 * Squirrel it away somewhere easy to get to. 1709 */ 1710 bf->bf_state.bfs_seqno = M_SEQNO_GET(m0) << IEEE80211_SEQ_SEQ_SHIFT; 1711 1712 /* Is ampdu pending? fetch the seqno and print it out */ 1713 if (is_ampdu_pending) 1714 DPRINTF(sc, ATH_DEBUG_SW_TX, 1715 "%s: tid %d: ampdu pending, seqno %d\n", 1716 __func__, tid, M_SEQNO_GET(m0)); 1717 1718 /* This also sets up the DMA map */ 1719 r = ath_tx_normal_setup(sc, ni, bf, m0, txq); 1720 1721 if (r != 0) 1722 goto done; 1723 1724 /* At this point m0 could have changed! */ 1725 m0 = bf->bf_m; 1726 1727 #if 1 1728 /* 1729 * If it's a multicast frame, do a direct-dispatch to the 1730 * destination hardware queue. Don't bother software 1731 * queuing it. 1732 */ 1733 /* 1734 * If it's a BAR frame, do a direct dispatch to the 1735 * destination hardware queue. Don't bother software 1736 * queuing it, as the TID will now be paused. 1737 * Sending a BAR frame can occur from the net80211 txa timer 1738 * (ie, retries) or from the ath txtask (completion call.) 1739 * It queues directly to hardware because the TID is paused 1740 * at this point (and won't be unpaused until the BAR has 1741 * either been TXed successfully or max retries has been 1742 * reached.) 1743 */ 1744 if (txq == &avp->av_mcastq) { 1745 DPRINTF(sc, ATH_DEBUG_SW_TX, 1746 "%s: bf=%p: mcastq: TX'ing\n", __func__, bf); 1747 ath_tx_xmit_normal(sc, txq, bf); 1748 } else if (type == IEEE80211_FC0_TYPE_CTL && 1749 subtype == IEEE80211_FC0_SUBTYPE_BAR) { 1750 DPRINTF(sc, ATH_DEBUG_SW_TX, 1751 "%s: BAR: TX'ing direct\n", __func__); 1752 ath_tx_xmit_normal(sc, txq, bf); 1753 } else { 1754 /* add to software queue */ 1755 DPRINTF(sc, ATH_DEBUG_SW_TX, 1756 "%s: bf=%p: swq: TX'ing\n", __func__, bf); 1757 ath_tx_swq(sc, ni, txq, bf); 1758 } 1759 #else 1760 /* 1761 * For now, since there's no software queue, 1762 * direct-dispatch to the hardware. 1763 */ 1764 ath_tx_xmit_normal(sc, txq, bf); 1765 #endif 1766 done: 1767 ATH_TXQ_UNLOCK(txq); 1768 1769 return 0; 1770 } 1771 1772 static int 1773 ath_tx_raw_start(struct ath_softc *sc, struct ieee80211_node *ni, 1774 struct ath_buf *bf, struct mbuf *m0, 1775 const struct ieee80211_bpf_params *params) 1776 { 1777 struct ifnet *ifp = sc->sc_ifp; 1778 struct ieee80211com *ic = ifp->if_l2com; 1779 struct ath_hal *ah = sc->sc_ah; 1780 struct ieee80211vap *vap = ni->ni_vap; 1781 int error, ismcast, ismrr; 1782 int keyix, hdrlen, pktlen, try0, txantenna; 1783 u_int8_t rix, txrate; 1784 struct ieee80211_frame *wh; 1785 u_int flags; 1786 HAL_PKT_TYPE atype; 1787 const HAL_RATE_TABLE *rt; 1788 struct ath_desc *ds; 1789 u_int pri; 1790 int o_tid = -1; 1791 int do_override; 1792 1793 wh = mtod(m0, struct ieee80211_frame *); 1794 ismcast = IEEE80211_IS_MULTICAST(wh->i_addr1); 1795 hdrlen = ieee80211_anyhdrsize(wh); 1796 /* 1797 * Packet length must not include any 1798 * pad bytes; deduct them here. 1799 */ 1800 /* XXX honor IEEE80211_BPF_DATAPAD */ 1801 pktlen = m0->m_pkthdr.len - (hdrlen & 3) + IEEE80211_CRC_LEN; 1802 1803 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: ismcast=%d\n", 1804 __func__, ismcast); 1805 1806 pri = params->ibp_pri & 3; 1807 /* Override pri if the frame isn't a QoS one */ 1808 if (! IEEE80211_QOS_HAS_SEQ(wh)) 1809 pri = ath_tx_getac(sc, m0); 1810 1811 /* XXX If it's an ADDBA, override the correct queue */ 1812 do_override = ath_tx_action_frame_override_queue(sc, ni, m0, &o_tid); 1813 1814 /* Map ADDBA to the correct priority */ 1815 if (do_override) { 1816 #if 0 1817 device_printf(sc->sc_dev, 1818 "%s: overriding tid %d pri %d -> %d\n", 1819 __func__, o_tid, pri, TID_TO_WME_AC(o_tid)); 1820 #endif 1821 pri = TID_TO_WME_AC(o_tid); 1822 } 1823 1824 ATH_TXQ_LOCK(sc->sc_ac2q[pri]); 1825 1826 /* Handle encryption twiddling if needed */ 1827 if (! ath_tx_tag_crypto(sc, ni, 1828 m0, params->ibp_flags & IEEE80211_BPF_CRYPTO, 0, 1829 &hdrlen, &pktlen, &keyix)) { 1830 ath_freetx(m0); 1831 return EIO; 1832 } 1833 /* packet header may have moved, reset our local pointer */ 1834 wh = mtod(m0, struct ieee80211_frame *); 1835 1836 /* Do the generic frame setup */ 1837 /* XXX should just bzero the bf_state? */ 1838 bf->bf_state.bfs_dobaw = 0; 1839 1840 error = ath_tx_dmasetup(sc, bf, m0); 1841 if (error != 0) 1842 return error; 1843 m0 = bf->bf_m; /* NB: may have changed */ 1844 wh = mtod(m0, struct ieee80211_frame *); 1845 bf->bf_node = ni; /* NB: held reference */ 1846 1847 flags = HAL_TXDESC_CLRDMASK; /* XXX needed for crypto errs */ 1848 flags |= HAL_TXDESC_INTREQ; /* force interrupt */ 1849 if (params->ibp_flags & IEEE80211_BPF_RTS) 1850 flags |= HAL_TXDESC_RTSENA; 1851 else if (params->ibp_flags & IEEE80211_BPF_CTS) { 1852 /* XXX assume 11g/11n protection? */ 1853 bf->bf_state.bfs_doprot = 1; 1854 flags |= HAL_TXDESC_CTSENA; 1855 } 1856 /* XXX leave ismcast to injector? */ 1857 if ((params->ibp_flags & IEEE80211_BPF_NOACK) || ismcast) 1858 flags |= HAL_TXDESC_NOACK; 1859 1860 rt = sc->sc_currates; 1861 KASSERT(rt != NULL, ("no rate table, mode %u", sc->sc_curmode)); 1862 rix = ath_tx_findrix(sc, params->ibp_rate0); 1863 txrate = rt->info[rix].rateCode; 1864 if (params->ibp_flags & IEEE80211_BPF_SHORTPRE) 1865 txrate |= rt->info[rix].shortPreamble; 1866 sc->sc_txrix = rix; 1867 try0 = params->ibp_try0; 1868 ismrr = (params->ibp_try1 != 0); 1869 txantenna = params->ibp_pri >> 2; 1870 if (txantenna == 0) /* XXX? */ 1871 txantenna = sc->sc_txantenna; 1872 1873 /* 1874 * Since ctsrate is fixed, store it away for later 1875 * use when the descriptor fields are being set. 1876 */ 1877 if (flags & (HAL_TXDESC_RTSENA|HAL_TXDESC_CTSENA)) 1878 bf->bf_state.bfs_ctsrate0 = params->ibp_ctsrate; 1879 1880 /* 1881 * NB: we mark all packets as type PSPOLL so the h/w won't 1882 * set the sequence number, duration, etc. 1883 */ 1884 atype = HAL_PKT_TYPE_PSPOLL; 1885 1886 if (IFF_DUMPPKTS(sc, ATH_DEBUG_XMIT)) 1887 ieee80211_dump_pkt(ic, mtod(m0, caddr_t), m0->m_len, 1888 sc->sc_hwmap[rix].ieeerate, -1); 1889 1890 if (ieee80211_radiotap_active_vap(vap)) { 1891 u_int64_t tsf = ath_hal_gettsf64(ah); 1892 1893 sc->sc_tx_th.wt_tsf = htole64(tsf); 1894 sc->sc_tx_th.wt_flags = sc->sc_hwmap[rix].txflags; 1895 if (wh->i_fc[1] & IEEE80211_FC1_WEP) 1896 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_WEP; 1897 if (m0->m_flags & M_FRAG) 1898 sc->sc_tx_th.wt_flags |= IEEE80211_RADIOTAP_F_FRAG; 1899 sc->sc_tx_th.wt_rate = sc->sc_hwmap[rix].ieeerate; 1900 sc->sc_tx_th.wt_txpower = ni->ni_txpower; 1901 sc->sc_tx_th.wt_antenna = sc->sc_txantenna; 1902 1903 ieee80211_radiotap_tx(vap, m0); 1904 } 1905 1906 /* 1907 * Formulate first tx descriptor with tx controls. 1908 */ 1909 ds = bf->bf_desc; 1910 /* XXX check return value? */ 1911 1912 /* Store the decided rate index values away */ 1913 bf->bf_state.bfs_pktlen = pktlen; 1914 bf->bf_state.bfs_hdrlen = hdrlen; 1915 bf->bf_state.bfs_atype = atype; 1916 bf->bf_state.bfs_txpower = params->ibp_power; 1917 bf->bf_state.bfs_txrate0 = txrate; 1918 bf->bf_state.bfs_try0 = try0; 1919 bf->bf_state.bfs_keyix = keyix; 1920 bf->bf_state.bfs_txantenna = txantenna; 1921 bf->bf_state.bfs_txflags = flags; 1922 bf->bf_state.bfs_shpream = 1923 !! (params->ibp_flags & IEEE80211_BPF_SHORTPRE); 1924 1925 /* Set local packet state, used to queue packets to hardware */ 1926 bf->bf_state.bfs_tid = WME_AC_TO_TID(pri); 1927 bf->bf_state.bfs_txq = sc->sc_ac2q[pri]; 1928 bf->bf_state.bfs_pri = pri; 1929 1930 /* XXX this should be done in ath_tx_setrate() */ 1931 bf->bf_state.bfs_ctsrate = 0; 1932 bf->bf_state.bfs_ctsduration = 0; 1933 bf->bf_state.bfs_ismrr = ismrr; 1934 1935 /* Blank the legacy rate array */ 1936 bzero(&bf->bf_state.bfs_rc, sizeof(bf->bf_state.bfs_rc)); 1937 1938 bf->bf_state.bfs_rc[0].rix = 1939 ath_tx_findrix(sc, params->ibp_rate0); 1940 bf->bf_state.bfs_rc[0].tries = try0; 1941 bf->bf_state.bfs_rc[0].ratecode = txrate; 1942 1943 if (ismrr) { 1944 int rix; 1945 1946 rix = ath_tx_findrix(sc, params->ibp_rate1); 1947 bf->bf_state.bfs_rc[1].rix = rix; 1948 bf->bf_state.bfs_rc[1].tries = params->ibp_try1; 1949 1950 rix = ath_tx_findrix(sc, params->ibp_rate2); 1951 bf->bf_state.bfs_rc[2].rix = rix; 1952 bf->bf_state.bfs_rc[2].tries = params->ibp_try2; 1953 1954 rix = ath_tx_findrix(sc, params->ibp_rate3); 1955 bf->bf_state.bfs_rc[3].rix = rix; 1956 bf->bf_state.bfs_rc[3].tries = params->ibp_try3; 1957 } 1958 /* 1959 * All the required rate control decisions have been made; 1960 * fill in the rc flags. 1961 */ 1962 ath_tx_rate_fill_rcflags(sc, bf); 1963 1964 /* NB: no buffered multicast in power save support */ 1965 1966 /* 1967 * If we're overiding the ADDBA destination, dump directly 1968 * into the hardware queue, right after any pending 1969 * frames to that node are. 1970 */ 1971 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: dooverride=%d\n", 1972 __func__, do_override); 1973 1974 if (do_override) { 1975 ath_tx_xmit_normal(sc, sc->sc_ac2q[pri], bf); 1976 } else { 1977 /* Queue to software queue */ 1978 ath_tx_swq(sc, ni, sc->sc_ac2q[pri], bf); 1979 } 1980 ATH_TXQ_UNLOCK(sc->sc_ac2q[pri]); 1981 1982 return 0; 1983 } 1984 1985 /* 1986 * Send a raw frame. 1987 * 1988 * This can be called by net80211. 1989 */ 1990 int 1991 ath_raw_xmit(struct ieee80211_node *ni, struct mbuf *m, 1992 const struct ieee80211_bpf_params *params) 1993 { 1994 struct ieee80211com *ic = ni->ni_ic; 1995 struct ifnet *ifp = ic->ic_ifp; 1996 struct ath_softc *sc = ifp->if_softc; 1997 struct ath_buf *bf; 1998 struct ieee80211_frame *wh = mtod(m, struct ieee80211_frame *); 1999 int error = 0; 2000 2001 ATH_PCU_LOCK(sc); 2002 if (sc->sc_inreset_cnt > 0) { 2003 device_printf(sc->sc_dev, "%s: sc_inreset_cnt > 0; bailing\n", 2004 __func__); 2005 error = EIO; 2006 ATH_PCU_UNLOCK(sc); 2007 goto bad0; 2008 } 2009 sc->sc_txstart_cnt++; 2010 ATH_PCU_UNLOCK(sc); 2011 2012 if ((ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 || sc->sc_invalid) { 2013 DPRINTF(sc, ATH_DEBUG_XMIT, "%s: discard frame, %s", __func__, 2014 (ifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ? 2015 "!running" : "invalid"); 2016 m_freem(m); 2017 error = ENETDOWN; 2018 goto bad; 2019 } 2020 2021 /* 2022 * Enforce how deep the multicast queue can grow. 2023 * 2024 * XXX duplicated in ath_tx_start(). 2025 */ 2026 if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { 2027 ATH_TXQ_LOCK(sc->sc_cabq); 2028 2029 if (sc->sc_cabq->axq_depth > sc->sc_txq_mcastq_maxdepth) { 2030 sc->sc_stats.ast_tx_mcastq_overflow++; 2031 error = ENOBUFS; 2032 } 2033 2034 ATH_TXQ_UNLOCK(sc->sc_cabq); 2035 2036 if (error != 0) { 2037 m_freem(m); 2038 goto bad; 2039 } 2040 } 2041 2042 /* 2043 * Grab a TX buffer and associated resources. 2044 */ 2045 bf = ath_getbuf(sc, ATH_BUFTYPE_MGMT); 2046 if (bf == NULL) { 2047 sc->sc_stats.ast_tx_nobuf++; 2048 m_freem(m); 2049 error = ENOBUFS; 2050 goto bad; 2051 } 2052 2053 if (params == NULL) { 2054 /* 2055 * Legacy path; interpret frame contents to decide 2056 * precisely how to send the frame. 2057 */ 2058 if (ath_tx_start(sc, ni, bf, m)) { 2059 error = EIO; /* XXX */ 2060 goto bad2; 2061 } 2062 } else { 2063 /* 2064 * Caller supplied explicit parameters to use in 2065 * sending the frame. 2066 */ 2067 if (ath_tx_raw_start(sc, ni, bf, m, params)) { 2068 error = EIO; /* XXX */ 2069 goto bad2; 2070 } 2071 } 2072 sc->sc_wd_timer = 5; 2073 ifp->if_opackets++; 2074 sc->sc_stats.ast_tx_raw++; 2075 2076 ATH_PCU_LOCK(sc); 2077 sc->sc_txstart_cnt--; 2078 ATH_PCU_UNLOCK(sc); 2079 2080 return 0; 2081 bad2: 2082 ATH_TXBUF_LOCK(sc); 2083 ath_returnbuf_head(sc, bf); 2084 ATH_TXBUF_UNLOCK(sc); 2085 bad: 2086 ATH_PCU_LOCK(sc); 2087 sc->sc_txstart_cnt--; 2088 ATH_PCU_UNLOCK(sc); 2089 bad0: 2090 ifp->if_oerrors++; 2091 sc->sc_stats.ast_tx_raw_fail++; 2092 ieee80211_free_node(ni); 2093 2094 return error; 2095 } 2096 2097 /* Some helper functions */ 2098 2099 /* 2100 * ADDBA (and potentially others) need to be placed in the same 2101 * hardware queue as the TID/node it's relating to. This is so 2102 * it goes out after any pending non-aggregate frames to the 2103 * same node/TID. 2104 * 2105 * If this isn't done, the ADDBA can go out before the frames 2106 * queued in hardware. Even though these frames have a sequence 2107 * number -earlier- than the ADDBA can be transmitted (but 2108 * no frames whose sequence numbers are after the ADDBA should 2109 * be!) they'll arrive after the ADDBA - and the receiving end 2110 * will simply drop them as being out of the BAW. 2111 * 2112 * The frames can't be appended to the TID software queue - it'll 2113 * never be sent out. So these frames have to be directly 2114 * dispatched to the hardware, rather than queued in software. 2115 * So if this function returns true, the TXQ has to be 2116 * overridden and it has to be directly dispatched. 2117 * 2118 * It's a dirty hack, but someone's gotta do it. 2119 */ 2120 2121 /* 2122 * XXX doesn't belong here! 2123 */ 2124 static int 2125 ieee80211_is_action(struct ieee80211_frame *wh) 2126 { 2127 /* Type: Management frame? */ 2128 if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) != 2129 IEEE80211_FC0_TYPE_MGT) 2130 return 0; 2131 2132 /* Subtype: Action frame? */ 2133 if ((wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK) != 2134 IEEE80211_FC0_SUBTYPE_ACTION) 2135 return 0; 2136 2137 return 1; 2138 } 2139 2140 #define MS(_v, _f) (((_v) & _f) >> _f##_S) 2141 /* 2142 * Return an alternate TID for ADDBA request frames. 2143 * 2144 * Yes, this likely should be done in the net80211 layer. 2145 */ 2146 static int 2147 ath_tx_action_frame_override_queue(struct ath_softc *sc, 2148 struct ieee80211_node *ni, 2149 struct mbuf *m0, int *tid) 2150 { 2151 struct ieee80211_frame *wh = mtod(m0, struct ieee80211_frame *); 2152 struct ieee80211_action_ba_addbarequest *ia; 2153 uint8_t *frm; 2154 uint16_t baparamset; 2155 2156 /* Not action frame? Bail */ 2157 if (! ieee80211_is_action(wh)) 2158 return 0; 2159 2160 /* XXX Not needed for frames we send? */ 2161 #if 0 2162 /* Correct length? */ 2163 if (! ieee80211_parse_action(ni, m)) 2164 return 0; 2165 #endif 2166 2167 /* Extract out action frame */ 2168 frm = (u_int8_t *)&wh[1]; 2169 ia = (struct ieee80211_action_ba_addbarequest *) frm; 2170 2171 /* Not ADDBA? Bail */ 2172 if (ia->rq_header.ia_category != IEEE80211_ACTION_CAT_BA) 2173 return 0; 2174 if (ia->rq_header.ia_action != IEEE80211_ACTION_BA_ADDBA_REQUEST) 2175 return 0; 2176 2177 /* Extract TID, return it */ 2178 baparamset = le16toh(ia->rq_baparamset); 2179 *tid = (int) MS(baparamset, IEEE80211_BAPS_TID); 2180 2181 return 1; 2182 } 2183 #undef MS 2184 2185 /* Per-node software queue operations */ 2186 2187 /* 2188 * Add the current packet to the given BAW. 2189 * It is assumed that the current packet 2190 * 2191 * + fits inside the BAW; 2192 * + already has had a sequence number allocated. 2193 * 2194 * Since the BAW status may be modified by both the ath task and 2195 * the net80211/ifnet contexts, the TID must be locked. 2196 */ 2197 void 2198 ath_tx_addto_baw(struct ath_softc *sc, struct ath_node *an, 2199 struct ath_tid *tid, struct ath_buf *bf) 2200 { 2201 int index, cindex; 2202 struct ieee80211_tx_ampdu *tap; 2203 2204 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2205 ATH_TID_LOCK_ASSERT(sc, tid); 2206 2207 if (bf->bf_state.bfs_isretried) 2208 return; 2209 2210 tap = ath_tx_get_tx_tid(an, tid->tid); 2211 2212 if (! bf->bf_state.bfs_dobaw) { 2213 device_printf(sc->sc_dev, 2214 "%s: dobaw=0, seqno=%d, window %d:%d\n", 2215 __func__, 2216 SEQNO(bf->bf_state.bfs_seqno), 2217 tap->txa_start, 2218 tap->txa_wnd); 2219 } 2220 2221 if (bf->bf_state.bfs_addedbaw) 2222 device_printf(sc->sc_dev, 2223 "%s: re-added? tid=%d, seqno %d; window %d:%d; " 2224 "baw head=%d tail=%d\n", 2225 __func__, tid->tid, SEQNO(bf->bf_state.bfs_seqno), 2226 tap->txa_start, tap->txa_wnd, tid->baw_head, 2227 tid->baw_tail); 2228 2229 /* 2230 * Verify that the given sequence number is not outside of the 2231 * BAW. Complain loudly if that's the case. 2232 */ 2233 if (! BAW_WITHIN(tap->txa_start, tap->txa_wnd, 2234 SEQNO(bf->bf_state.bfs_seqno))) { 2235 device_printf(sc->sc_dev, 2236 "%s: bf=%p: outside of BAW?? tid=%d, seqno %d; window %d:%d; " 2237 "baw head=%d tail=%d\n", 2238 __func__, bf, tid->tid, SEQNO(bf->bf_state.bfs_seqno), 2239 tap->txa_start, tap->txa_wnd, tid->baw_head, 2240 tid->baw_tail); 2241 } 2242 2243 /* 2244 * ni->ni_txseqs[] is the currently allocated seqno. 2245 * the txa state contains the current baw start. 2246 */ 2247 index = ATH_BA_INDEX(tap->txa_start, SEQNO(bf->bf_state.bfs_seqno)); 2248 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 2249 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 2250 "%s: tid=%d, seqno %d; window %d:%d; index=%d cindex=%d " 2251 "baw head=%d tail=%d\n", 2252 __func__, tid->tid, SEQNO(bf->bf_state.bfs_seqno), 2253 tap->txa_start, tap->txa_wnd, index, cindex, tid->baw_head, 2254 tid->baw_tail); 2255 2256 2257 #if 0 2258 assert(tid->tx_buf[cindex] == NULL); 2259 #endif 2260 if (tid->tx_buf[cindex] != NULL) { 2261 device_printf(sc->sc_dev, 2262 "%s: ba packet dup (index=%d, cindex=%d, " 2263 "head=%d, tail=%d)\n", 2264 __func__, index, cindex, tid->baw_head, tid->baw_tail); 2265 device_printf(sc->sc_dev, 2266 "%s: BA bf: %p; seqno=%d ; new bf: %p; seqno=%d\n", 2267 __func__, 2268 tid->tx_buf[cindex], 2269 SEQNO(tid->tx_buf[cindex]->bf_state.bfs_seqno), 2270 bf, 2271 SEQNO(bf->bf_state.bfs_seqno) 2272 ); 2273 } 2274 tid->tx_buf[cindex] = bf; 2275 2276 if (index >= ((tid->baw_tail - tid->baw_head) & 2277 (ATH_TID_MAX_BUFS - 1))) { 2278 tid->baw_tail = cindex; 2279 INCR(tid->baw_tail, ATH_TID_MAX_BUFS); 2280 } 2281 } 2282 2283 /* 2284 * Flip the BAW buffer entry over from the existing one to the new one. 2285 * 2286 * When software retransmitting a (sub-)frame, it is entirely possible that 2287 * the frame ath_buf is marked as BUSY and can't be immediately reused. 2288 * In that instance the buffer is cloned and the new buffer is used for 2289 * retransmit. We thus need to update the ath_buf slot in the BAW buf 2290 * tracking array to maintain consistency. 2291 */ 2292 static void 2293 ath_tx_switch_baw_buf(struct ath_softc *sc, struct ath_node *an, 2294 struct ath_tid *tid, struct ath_buf *old_bf, struct ath_buf *new_bf) 2295 { 2296 int index, cindex; 2297 struct ieee80211_tx_ampdu *tap; 2298 int seqno = SEQNO(old_bf->bf_state.bfs_seqno); 2299 2300 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2301 ATH_TID_LOCK_ASSERT(sc, tid); 2302 2303 tap = ath_tx_get_tx_tid(an, tid->tid); 2304 index = ATH_BA_INDEX(tap->txa_start, seqno); 2305 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 2306 2307 /* 2308 * Just warn for now; if it happens then we should find out 2309 * about it. It's highly likely the aggregation session will 2310 * soon hang. 2311 */ 2312 if (old_bf->bf_state.bfs_seqno != new_bf->bf_state.bfs_seqno) { 2313 device_printf(sc->sc_dev, "%s: retransmitted buffer" 2314 " has mismatching seqno's, BA session may hang.\n", 2315 __func__); 2316 device_printf(sc->sc_dev, "%s: old seqno=%d, new_seqno=%d\n", 2317 __func__, 2318 old_bf->bf_state.bfs_seqno, 2319 new_bf->bf_state.bfs_seqno); 2320 } 2321 2322 if (tid->tx_buf[cindex] != old_bf) { 2323 device_printf(sc->sc_dev, "%s: ath_buf pointer incorrect; " 2324 " has m BA session may hang.\n", 2325 __func__); 2326 device_printf(sc->sc_dev, "%s: old bf=%p, new bf=%p\n", 2327 __func__, 2328 old_bf, new_bf); 2329 } 2330 2331 tid->tx_buf[cindex] = new_bf; 2332 } 2333 2334 /* 2335 * seq_start - left edge of BAW 2336 * seq_next - current/next sequence number to allocate 2337 * 2338 * Since the BAW status may be modified by both the ath task and 2339 * the net80211/ifnet contexts, the TID must be locked. 2340 */ 2341 static void 2342 ath_tx_update_baw(struct ath_softc *sc, struct ath_node *an, 2343 struct ath_tid *tid, const struct ath_buf *bf) 2344 { 2345 int index, cindex; 2346 struct ieee80211_tx_ampdu *tap; 2347 int seqno = SEQNO(bf->bf_state.bfs_seqno); 2348 2349 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2350 ATH_TID_LOCK_ASSERT(sc, tid); 2351 2352 tap = ath_tx_get_tx_tid(an, tid->tid); 2353 index = ATH_BA_INDEX(tap->txa_start, seqno); 2354 cindex = (tid->baw_head + index) & (ATH_TID_MAX_BUFS - 1); 2355 2356 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 2357 "%s: tid=%d, baw=%d:%d, seqno=%d, index=%d, cindex=%d, " 2358 "baw head=%d, tail=%d\n", 2359 __func__, tid->tid, tap->txa_start, tap->txa_wnd, seqno, index, 2360 cindex, tid->baw_head, tid->baw_tail); 2361 2362 /* 2363 * If this occurs then we have a big problem - something else 2364 * has slid tap->txa_start along without updating the BAW 2365 * tracking start/end pointers. Thus the TX BAW state is now 2366 * completely busted. 2367 * 2368 * But for now, since I haven't yet fixed TDMA and buffer cloning, 2369 * it's quite possible that a cloned buffer is making its way 2370 * here and causing it to fire off. Disable TDMA for now. 2371 */ 2372 if (tid->tx_buf[cindex] != bf) { 2373 device_printf(sc->sc_dev, 2374 "%s: comp bf=%p, seq=%d; slot bf=%p, seqno=%d\n", 2375 __func__, 2376 bf, SEQNO(bf->bf_state.bfs_seqno), 2377 tid->tx_buf[cindex], 2378 SEQNO(tid->tx_buf[cindex]->bf_state.bfs_seqno)); 2379 } 2380 2381 tid->tx_buf[cindex] = NULL; 2382 2383 while (tid->baw_head != tid->baw_tail && 2384 !tid->tx_buf[tid->baw_head]) { 2385 INCR(tap->txa_start, IEEE80211_SEQ_RANGE); 2386 INCR(tid->baw_head, ATH_TID_MAX_BUFS); 2387 } 2388 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 2389 "%s: baw is now %d:%d, baw head=%d\n", 2390 __func__, tap->txa_start, tap->txa_wnd, tid->baw_head); 2391 } 2392 2393 /* 2394 * Mark the current node/TID as ready to TX. 2395 * 2396 * This is done to make it easy for the software scheduler to 2397 * find which nodes have data to send. 2398 * 2399 * The TXQ lock must be held. 2400 */ 2401 static void 2402 ath_tx_tid_sched(struct ath_softc *sc, struct ath_tid *tid) 2403 { 2404 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2405 2406 ATH_TXQ_LOCK_ASSERT(txq); 2407 2408 if (tid->paused) 2409 return; /* paused, can't schedule yet */ 2410 2411 if (tid->sched) 2412 return; /* already scheduled */ 2413 2414 tid->sched = 1; 2415 2416 TAILQ_INSERT_TAIL(&txq->axq_tidq, tid, axq_qelem); 2417 } 2418 2419 /* 2420 * Mark the current node as no longer needing to be polled for 2421 * TX packets. 2422 * 2423 * The TXQ lock must be held. 2424 */ 2425 static void 2426 ath_tx_tid_unsched(struct ath_softc *sc, struct ath_tid *tid) 2427 { 2428 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2429 2430 ATH_TXQ_LOCK_ASSERT(txq); 2431 2432 if (tid->sched == 0) 2433 return; 2434 2435 tid->sched = 0; 2436 TAILQ_REMOVE(&txq->axq_tidq, tid, axq_qelem); 2437 } 2438 2439 /* 2440 * Assign a sequence number manually to the given frame. 2441 * 2442 * This should only be called for A-MPDU TX frames. 2443 */ 2444 static ieee80211_seq 2445 ath_tx_tid_seqno_assign(struct ath_softc *sc, struct ieee80211_node *ni, 2446 struct ath_buf *bf, struct mbuf *m0) 2447 { 2448 struct ieee80211_frame *wh; 2449 int tid, pri; 2450 ieee80211_seq seqno; 2451 uint8_t subtype; 2452 2453 /* TID lookup */ 2454 wh = mtod(m0, struct ieee80211_frame *); 2455 pri = M_WME_GETAC(m0); /* honor classification */ 2456 tid = WME_AC_TO_TID(pri); 2457 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: pri=%d, tid=%d, qos has seq=%d\n", 2458 __func__, pri, tid, IEEE80211_QOS_HAS_SEQ(wh)); 2459 2460 /* XXX Is it a control frame? Ignore */ 2461 2462 /* Does the packet require a sequence number? */ 2463 if (! IEEE80211_QOS_HAS_SEQ(wh)) 2464 return -1; 2465 2466 ATH_TID_LOCK_ASSERT(sc, &(ATH_NODE(ni)->an_tid[tid])); 2467 2468 /* 2469 * Is it a QOS NULL Data frame? Give it a sequence number from 2470 * the default TID (IEEE80211_NONQOS_TID.) 2471 * 2472 * The RX path of everything I've looked at doesn't include the NULL 2473 * data frame sequence number in the aggregation state updates, so 2474 * assigning it a sequence number there will cause a BAW hole on the 2475 * RX side. 2476 */ 2477 subtype = wh->i_fc[0] & IEEE80211_FC0_SUBTYPE_MASK; 2478 if (subtype == IEEE80211_FC0_SUBTYPE_QOS_NULL) { 2479 /* XXX no locking for this TID? This is a bit of a problem. */ 2480 seqno = ni->ni_txseqs[IEEE80211_NONQOS_TID]; 2481 INCR(ni->ni_txseqs[IEEE80211_NONQOS_TID], IEEE80211_SEQ_RANGE); 2482 } else { 2483 /* Manually assign sequence number */ 2484 seqno = ni->ni_txseqs[tid]; 2485 INCR(ni->ni_txseqs[tid], IEEE80211_SEQ_RANGE); 2486 } 2487 *(uint16_t *)&wh->i_seq[0] = htole16(seqno << IEEE80211_SEQ_SEQ_SHIFT); 2488 M_SEQNO_SET(m0, seqno); 2489 2490 /* Return so caller can do something with it if needed */ 2491 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: -> seqno=%d\n", __func__, seqno); 2492 return seqno; 2493 } 2494 2495 /* 2496 * Attempt to direct dispatch an aggregate frame to hardware. 2497 * If the frame is out of BAW, queue. 2498 * Otherwise, schedule it as a single frame. 2499 */ 2500 static void 2501 ath_tx_xmit_aggr(struct ath_softc *sc, struct ath_node *an, 2502 struct ath_txq *txq, struct ath_buf *bf) 2503 { 2504 struct ath_tid *tid = &an->an_tid[bf->bf_state.bfs_tid]; 2505 // struct ath_txq *txq = bf->bf_state.bfs_txq; 2506 struct ieee80211_tx_ampdu *tap; 2507 2508 if (txq != bf->bf_state.bfs_txq) { 2509 device_printf(sc->sc_dev, "%s: txq %d != bfs_txq %d!\n", 2510 __func__, 2511 txq->axq_qnum, 2512 bf->bf_state.bfs_txq->axq_qnum); 2513 } 2514 2515 ATH_TXQ_LOCK_ASSERT(txq); 2516 ATH_TID_LOCK_ASSERT(sc, tid); 2517 2518 tap = ath_tx_get_tx_tid(an, tid->tid); 2519 2520 /* paused? queue */ 2521 if (tid->paused) { 2522 ATH_TXQ_INSERT_HEAD(tid, bf, bf_list); 2523 /* XXX don't sched - we're paused! */ 2524 return; 2525 } 2526 2527 /* outside baw? queue */ 2528 if (bf->bf_state.bfs_dobaw && 2529 (! BAW_WITHIN(tap->txa_start, tap->txa_wnd, 2530 SEQNO(bf->bf_state.bfs_seqno)))) { 2531 ATH_TXQ_INSERT_HEAD(tid, bf, bf_list); 2532 ath_tx_tid_sched(sc, tid); 2533 return; 2534 } 2535 2536 /* 2537 * This is a temporary check and should be removed once 2538 * all the relevant code paths have been fixed. 2539 * 2540 * During aggregate retries, it's possible that the head 2541 * frame will fail (which has the bfs_aggr and bfs_nframes 2542 * fields set for said aggregate) and will be retried as 2543 * a single frame. In this instance, the values should 2544 * be reset or the completion code will get upset with you. 2545 */ 2546 if (bf->bf_state.bfs_aggr != 0 || bf->bf_state.bfs_nframes > 1) { 2547 device_printf(sc->sc_dev, "%s: bfs_aggr=%d, bfs_nframes=%d\n", 2548 __func__, 2549 bf->bf_state.bfs_aggr, 2550 bf->bf_state.bfs_nframes); 2551 bf->bf_state.bfs_aggr = 0; 2552 bf->bf_state.bfs_nframes = 1; 2553 } 2554 2555 /* Direct dispatch to hardware */ 2556 ath_tx_do_ratelookup(sc, bf); 2557 ath_tx_calc_duration(sc, bf); 2558 ath_tx_calc_protection(sc, bf); 2559 ath_tx_set_rtscts(sc, bf); 2560 ath_tx_rate_fill_rcflags(sc, bf); 2561 ath_tx_setds(sc, bf); 2562 2563 /* Statistics */ 2564 sc->sc_aggr_stats.aggr_low_hwq_single_pkt++; 2565 2566 /* Track per-TID hardware queue depth correctly */ 2567 tid->hwq_depth++; 2568 2569 /* Add to BAW */ 2570 if (bf->bf_state.bfs_dobaw) { 2571 ath_tx_addto_baw(sc, an, tid, bf); 2572 bf->bf_state.bfs_addedbaw = 1; 2573 } 2574 2575 /* Set completion handler, multi-frame aggregate or not */ 2576 bf->bf_comp = ath_tx_aggr_comp; 2577 2578 /* Hand off to hardware */ 2579 ath_tx_handoff(sc, txq, bf); 2580 } 2581 2582 /* 2583 * Attempt to send the packet. 2584 * If the queue isn't busy, direct-dispatch. 2585 * If the queue is busy enough, queue the given packet on the 2586 * relevant software queue. 2587 */ 2588 void 2589 ath_tx_swq(struct ath_softc *sc, struct ieee80211_node *ni, struct ath_txq *txq, 2590 struct ath_buf *bf) 2591 { 2592 struct ath_node *an = ATH_NODE(ni); 2593 struct ieee80211_frame *wh; 2594 struct ath_tid *atid; 2595 int pri, tid; 2596 struct mbuf *m0 = bf->bf_m; 2597 2598 ATH_TXQ_LOCK_ASSERT(txq); 2599 2600 /* Fetch the TID - non-QoS frames get assigned to TID 16 */ 2601 wh = mtod(m0, struct ieee80211_frame *); 2602 pri = ath_tx_getac(sc, m0); 2603 tid = ath_tx_gettid(sc, m0); 2604 atid = &an->an_tid[tid]; 2605 2606 ATH_TID_LOCK_ASSERT(sc, atid); 2607 2608 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: bf=%p, pri=%d, tid=%d, qos=%d\n", 2609 __func__, bf, pri, tid, IEEE80211_QOS_HAS_SEQ(wh)); 2610 2611 /* Set local packet state, used to queue packets to hardware */ 2612 /* XXX potentially duplicate info, re-check */ 2613 /* XXX remember, txq must be the hardware queue, not the av_mcastq */ 2614 bf->bf_state.bfs_tid = tid; 2615 bf->bf_state.bfs_txq = txq; 2616 bf->bf_state.bfs_pri = pri; 2617 2618 /* 2619 * If the hardware queue isn't busy, queue it directly. 2620 * If the hardware queue is busy, queue it. 2621 * If the TID is paused or the traffic it outside BAW, software 2622 * queue it. 2623 */ 2624 if (atid->paused) { 2625 /* TID is paused, queue */ 2626 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: paused\n", __func__); 2627 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2628 } else if (ath_tx_ampdu_pending(sc, an, tid)) { 2629 /* AMPDU pending; queue */ 2630 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: pending\n", __func__); 2631 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2632 /* XXX sched? */ 2633 } else if (ath_tx_ampdu_running(sc, an, tid)) { 2634 /* AMPDU running, attempt direct dispatch if possible */ 2635 2636 /* 2637 * Always queue the frame to the tail of the list. 2638 */ 2639 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2640 2641 /* 2642 * If the hardware queue isn't busy, direct dispatch 2643 * the head frame in the list. Don't schedule the 2644 * TID - let it build some more frames first? 2645 * 2646 * Otherwise, schedule the TID. 2647 */ 2648 if (txq->axq_depth < sc->sc_hwq_limit) { 2649 bf = TAILQ_FIRST(&atid->axq_q); 2650 ATH_TXQ_REMOVE(atid, bf, bf_list); 2651 2652 /* 2653 * Ensure it's definitely treated as a non-AMPDU 2654 * frame - this information may have been left 2655 * over from a previous attempt. 2656 */ 2657 bf->bf_state.bfs_aggr = 0; 2658 bf->bf_state.bfs_nframes = 1; 2659 2660 /* Queue to the hardware */ 2661 ath_tx_xmit_aggr(sc, an, txq, bf); 2662 DPRINTF(sc, ATH_DEBUG_SW_TX, 2663 "%s: xmit_aggr\n", 2664 __func__); 2665 } else { 2666 DPRINTF(sc, ATH_DEBUG_SW_TX, 2667 "%s: ampdu; swq'ing\n", 2668 __func__); 2669 ath_tx_tid_sched(sc, atid); 2670 } 2671 } else if (txq->axq_depth < sc->sc_hwq_limit) { 2672 /* AMPDU not running, attempt direct dispatch */ 2673 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: xmit_normal\n", __func__); 2674 ath_tx_xmit_normal(sc, txq, bf); 2675 } else { 2676 /* Busy; queue */ 2677 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: swq'ing\n", __func__); 2678 ATH_TXQ_INSERT_TAIL(atid, bf, bf_list); 2679 ath_tx_tid_sched(sc, atid); 2680 } 2681 } 2682 2683 /* 2684 * Do the basic frame setup stuff that's required before the frame 2685 * is added to a software queue. 2686 * 2687 * All frames get mostly the same treatment and it's done once. 2688 * Retransmits fiddle with things like the rate control setup, 2689 * setting the retransmit bit in the packet; doing relevant DMA/bus 2690 * syncing and relinking it (back) into the hardware TX queue. 2691 * 2692 * Note that this may cause the mbuf to be reallocated, so 2693 * m0 may not be valid. 2694 */ 2695 2696 2697 /* 2698 * Configure the per-TID node state. 2699 * 2700 * This likely belongs in if_ath_node.c but I can't think of anywhere 2701 * else to put it just yet. 2702 * 2703 * This sets up the SLISTs and the mutex as appropriate. 2704 */ 2705 void 2706 ath_tx_tid_init(struct ath_softc *sc, struct ath_node *an) 2707 { 2708 int i, j; 2709 struct ath_tid *atid; 2710 2711 for (i = 0; i < IEEE80211_TID_SIZE; i++) { 2712 atid = &an->an_tid[i]; 2713 TAILQ_INIT(&atid->axq_q); 2714 atid->tid = i; 2715 atid->an = an; 2716 for (j = 0; j < ATH_TID_MAX_BUFS; j++) 2717 atid->tx_buf[j] = NULL; 2718 atid->baw_head = atid->baw_tail = 0; 2719 atid->paused = 0; 2720 atid->sched = 0; 2721 atid->hwq_depth = 0; 2722 atid->cleanup_inprogress = 0; 2723 if (i == IEEE80211_NONQOS_TID) 2724 atid->ac = WME_AC_BE; 2725 else 2726 atid->ac = TID_TO_WME_AC(i); 2727 } 2728 } 2729 2730 /* 2731 * Pause the current TID. This stops packets from being transmitted 2732 * on it. 2733 * 2734 * Since this is also called from upper layers as well as the driver, 2735 * it will get the TID lock. 2736 */ 2737 static void 2738 ath_tx_tid_pause(struct ath_softc *sc, struct ath_tid *tid) 2739 { 2740 2741 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2742 tid->paused++; 2743 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: paused = %d\n", 2744 __func__, tid->paused); 2745 } 2746 2747 /* 2748 * Unpause the current TID, and schedule it if needed. 2749 */ 2750 static void 2751 ath_tx_tid_resume(struct ath_softc *sc, struct ath_tid *tid) 2752 { 2753 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2754 2755 tid->paused--; 2756 2757 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: unpaused = %d\n", 2758 __func__, tid->paused); 2759 2760 if (tid->paused || tid->axq_depth == 0) { 2761 return; 2762 } 2763 2764 ath_tx_tid_sched(sc, tid); 2765 /* Punt some frames to the hardware if needed */ 2766 //ath_txq_sched(sc, sc->sc_ac2q[tid->ac]); 2767 taskqueue_enqueue(sc->sc_tq, &sc->sc_txqtask); 2768 } 2769 2770 /* 2771 * Suspend the queue because we need to TX a BAR. 2772 */ 2773 static void 2774 ath_tx_tid_bar_suspend(struct ath_softc *sc, struct ath_tid *tid) 2775 { 2776 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2777 2778 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 2779 "%s: tid=%p, bar_wait=%d, bar_tx=%d, called\n", 2780 __func__, 2781 tid, 2782 tid->bar_wait, 2783 tid->bar_tx); 2784 2785 /* We shouldn't be called when bar_tx is 1 */ 2786 if (tid->bar_tx) { 2787 device_printf(sc->sc_dev, "%s: bar_tx is 1?!\n", 2788 __func__); 2789 } 2790 2791 /* If we've already been called, just be patient. */ 2792 if (tid->bar_wait) 2793 return; 2794 2795 /* Wait! */ 2796 tid->bar_wait = 1; 2797 2798 /* Only one pause, no matter how many frames fail */ 2799 ath_tx_tid_pause(sc, tid); 2800 } 2801 2802 /* 2803 * We've finished with BAR handling - either we succeeded or 2804 * failed. Either way, unsuspend TX. 2805 */ 2806 static void 2807 ath_tx_tid_bar_unsuspend(struct ath_softc *sc, struct ath_tid *tid) 2808 { 2809 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2810 2811 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 2812 "%s: tid=%p, called\n", 2813 __func__, 2814 tid); 2815 2816 if (tid->bar_tx == 0 || tid->bar_wait == 0) { 2817 device_printf(sc->sc_dev, "%s: bar_tx=%d, bar_wait=%d: ?\n", 2818 __func__, tid->bar_tx, tid->bar_wait); 2819 } 2820 2821 tid->bar_tx = tid->bar_wait = 0; 2822 ath_tx_tid_resume(sc, tid); 2823 } 2824 2825 /* 2826 * Return whether we're ready to TX a BAR frame. 2827 * 2828 * Requires the TID lock be held. 2829 */ 2830 static int 2831 ath_tx_tid_bar_tx_ready(struct ath_softc *sc, struct ath_tid *tid) 2832 { 2833 2834 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2835 2836 if (tid->bar_wait == 0 || tid->hwq_depth > 0) 2837 return (0); 2838 2839 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, "%s: tid=%p (%d), bar ready\n", 2840 __func__, tid, tid->tid); 2841 2842 return (1); 2843 } 2844 2845 /* 2846 * Check whether the current TID is ready to have a BAR 2847 * TXed and if so, do the TX. 2848 * 2849 * Since the TID/TXQ lock can't be held during a call to 2850 * ieee80211_send_bar(), we have to do the dirty thing of unlocking it, 2851 * sending the BAR and locking it again. 2852 * 2853 * Eventually, the code to send the BAR should be broken out 2854 * from this routine so the lock doesn't have to be reacquired 2855 * just to be immediately dropped by the caller. 2856 */ 2857 static void 2858 ath_tx_tid_bar_tx(struct ath_softc *sc, struct ath_tid *tid) 2859 { 2860 struct ieee80211_tx_ampdu *tap; 2861 2862 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2863 2864 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 2865 "%s: tid=%p, called\n", 2866 __func__, 2867 tid); 2868 2869 tap = ath_tx_get_tx_tid(tid->an, tid->tid); 2870 2871 /* 2872 * This is an error condition! 2873 */ 2874 if (tid->bar_wait == 0 || tid->bar_tx == 1) { 2875 device_printf(sc->sc_dev, 2876 "%s: tid=%p, bar_tx=%d, bar_wait=%d: ?\n", 2877 __func__, 2878 tid, 2879 tid->bar_tx, 2880 tid->bar_wait); 2881 return; 2882 } 2883 2884 /* Don't do anything if we still have pending frames */ 2885 if (tid->hwq_depth > 0) { 2886 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 2887 "%s: tid=%p, hwq_depth=%d, waiting\n", 2888 __func__, 2889 tid, 2890 tid->hwq_depth); 2891 return; 2892 } 2893 2894 /* We're now about to TX */ 2895 tid->bar_tx = 1; 2896 2897 /* 2898 * Calculate new BAW left edge, now that all frames have either 2899 * succeeded or failed. 2900 * 2901 * XXX verify this is _actually_ the valid value to begin at! 2902 */ 2903 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 2904 "%s: tid=%p, new BAW left edge=%d\n", 2905 __func__, 2906 tid, 2907 tap->txa_start); 2908 2909 /* Try sending the BAR frame */ 2910 /* We can't hold the lock here! */ 2911 2912 ATH_TXQ_UNLOCK(sc->sc_ac2q[tid->ac]); 2913 if (ieee80211_send_bar(&tid->an->an_node, tap, tap->txa_start) == 0) { 2914 /* Success? Now we wait for notification that it's done */ 2915 ATH_TXQ_LOCK(sc->sc_ac2q[tid->ac]); 2916 return; 2917 } 2918 2919 /* Failure? For now, warn loudly and continue */ 2920 ATH_TXQ_LOCK(sc->sc_ac2q[tid->ac]); 2921 device_printf(sc->sc_dev, "%s: tid=%p, failed to TX BAR, continue!\n", 2922 __func__, tid); 2923 ath_tx_tid_bar_unsuspend(sc, tid); 2924 } 2925 2926 2927 /* 2928 * Free any packets currently pending in the software TX queue. 2929 * 2930 * This will be called when a node is being deleted. 2931 * 2932 * It can also be called on an active node during an interface 2933 * reset or state transition. 2934 * 2935 * (From Linux/reference): 2936 * 2937 * TODO: For frame(s) that are in the retry state, we will reuse the 2938 * sequence number(s) without setting the retry bit. The 2939 * alternative is to give up on these and BAR the receiver's window 2940 * forward. 2941 */ 2942 static void 2943 ath_tx_tid_drain(struct ath_softc *sc, struct ath_node *an, 2944 struct ath_tid *tid, ath_bufhead *bf_cq) 2945 { 2946 struct ath_buf *bf; 2947 struct ieee80211_tx_ampdu *tap; 2948 struct ieee80211_node *ni = &an->an_node; 2949 int t = 0; 2950 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 2951 2952 tap = ath_tx_get_tx_tid(an, tid->tid); 2953 2954 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[tid->ac]); 2955 2956 /* Walk the queue, free frames */ 2957 for (;;) { 2958 bf = TAILQ_FIRST(&tid->axq_q); 2959 if (bf == NULL) { 2960 break; 2961 } 2962 2963 if (t == 0) { 2964 device_printf(sc->sc_dev, 2965 "%s: node %p: bf=%p: addbaw=%d, dobaw=%d, " 2966 "seqno=%d, retry=%d\n", 2967 __func__, ni, bf, 2968 bf->bf_state.bfs_addedbaw, 2969 bf->bf_state.bfs_dobaw, 2970 SEQNO(bf->bf_state.bfs_seqno), 2971 bf->bf_state.bfs_retries); 2972 device_printf(sc->sc_dev, 2973 "%s: node %p: bf=%p: tid txq_depth=%d hwq_depth=%d, bar_wait=%d\n", 2974 __func__, ni, bf, 2975 tid->axq_depth, 2976 tid->hwq_depth, 2977 tid->bar_wait); 2978 device_printf(sc->sc_dev, 2979 "%s: node %p: tid %d: txq_depth=%d, " 2980 "txq_aggr_depth=%d, sched=%d, paused=%d, " 2981 "hwq_depth=%d, incomp=%d, baw_head=%d, " 2982 "baw_tail=%d txa_start=%d, ni_txseqs=%d\n", 2983 __func__, ni, tid->tid, txq->axq_depth, 2984 txq->axq_aggr_depth, tid->sched, tid->paused, 2985 tid->hwq_depth, tid->incomp, tid->baw_head, 2986 tid->baw_tail, tap == NULL ? -1 : tap->txa_start, 2987 ni->ni_txseqs[tid->tid]); 2988 2989 /* XXX Dump the frame, see what it is? */ 2990 ieee80211_dump_pkt(ni->ni_ic, 2991 mtod(bf->bf_m, const uint8_t *), 2992 bf->bf_m->m_len, 0, -1); 2993 2994 t = 1; 2995 } 2996 2997 2998 /* 2999 * If the current TID is running AMPDU, update 3000 * the BAW. 3001 */ 3002 if (ath_tx_ampdu_running(sc, an, tid->tid) && 3003 bf->bf_state.bfs_dobaw) { 3004 /* 3005 * Only remove the frame from the BAW if it's 3006 * been transmitted at least once; this means 3007 * the frame was in the BAW to begin with. 3008 */ 3009 if (bf->bf_state.bfs_retries > 0) { 3010 ath_tx_update_baw(sc, an, tid, bf); 3011 bf->bf_state.bfs_dobaw = 0; 3012 } 3013 /* 3014 * This has become a non-fatal error now 3015 */ 3016 if (! bf->bf_state.bfs_addedbaw) 3017 device_printf(sc->sc_dev, 3018 "%s: wasn't added: seqno %d\n", 3019 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3020 } 3021 ATH_TXQ_REMOVE(tid, bf, bf_list); 3022 TAILQ_INSERT_TAIL(bf_cq, bf, bf_list); 3023 } 3024 3025 /* 3026 * Now that it's completed, grab the TID lock and update 3027 * the sequence number and BAW window. 3028 * Because sequence numbers have been assigned to frames 3029 * that haven't been sent yet, it's entirely possible 3030 * we'll be called with some pending frames that have not 3031 * been transmitted. 3032 * 3033 * The cleaner solution is to do the sequence number allocation 3034 * when the packet is first transmitted - and thus the "retries" 3035 * check above would be enough to update the BAW/seqno. 3036 */ 3037 3038 /* But don't do it for non-QoS TIDs */ 3039 if (tap) { 3040 #if 0 3041 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3042 "%s: node %p: TID %d: sliding BAW left edge to %d\n", 3043 __func__, an, tid->tid, tap->txa_start); 3044 #endif 3045 ni->ni_txseqs[tid->tid] = tap->txa_start; 3046 tid->baw_tail = tid->baw_head; 3047 } 3048 } 3049 3050 /* 3051 * Flush all software queued packets for the given node. 3052 * 3053 * This occurs when a completion handler frees the last buffer 3054 * for a node, and the node is thus freed. This causes the node 3055 * to be cleaned up, which ends up calling ath_tx_node_flush. 3056 */ 3057 void 3058 ath_tx_node_flush(struct ath_softc *sc, struct ath_node *an) 3059 { 3060 int tid; 3061 ath_bufhead bf_cq; 3062 struct ath_buf *bf; 3063 3064 TAILQ_INIT(&bf_cq); 3065 3066 for (tid = 0; tid < IEEE80211_TID_SIZE; tid++) { 3067 struct ath_tid *atid = &an->an_tid[tid]; 3068 struct ath_txq *txq = sc->sc_ac2q[atid->ac]; 3069 3070 /* Remove this tid from the list of active tids */ 3071 ATH_TXQ_LOCK(txq); 3072 ath_tx_tid_unsched(sc, atid); 3073 3074 /* Free packets */ 3075 ath_tx_tid_drain(sc, an, atid, &bf_cq); 3076 ATH_TXQ_UNLOCK(txq); 3077 } 3078 3079 /* Handle completed frames */ 3080 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3081 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3082 ath_tx_default_comp(sc, bf, 0); 3083 } 3084 } 3085 3086 /* 3087 * Drain all the software TXQs currently with traffic queued. 3088 */ 3089 void 3090 ath_tx_txq_drain(struct ath_softc *sc, struct ath_txq *txq) 3091 { 3092 struct ath_tid *tid; 3093 ath_bufhead bf_cq; 3094 struct ath_buf *bf; 3095 3096 TAILQ_INIT(&bf_cq); 3097 ATH_TXQ_LOCK(txq); 3098 3099 /* 3100 * Iterate over all active tids for the given txq, 3101 * flushing and unsched'ing them 3102 */ 3103 while (! TAILQ_EMPTY(&txq->axq_tidq)) { 3104 tid = TAILQ_FIRST(&txq->axq_tidq); 3105 ath_tx_tid_drain(sc, tid->an, tid, &bf_cq); 3106 ath_tx_tid_unsched(sc, tid); 3107 } 3108 3109 ATH_TXQ_UNLOCK(txq); 3110 3111 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3112 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3113 ath_tx_default_comp(sc, bf, 0); 3114 } 3115 } 3116 3117 /* 3118 * Handle completion of non-aggregate session frames. 3119 */ 3120 void 3121 ath_tx_normal_comp(struct ath_softc *sc, struct ath_buf *bf, int fail) 3122 { 3123 struct ieee80211_node *ni = bf->bf_node; 3124 struct ath_node *an = ATH_NODE(ni); 3125 int tid = bf->bf_state.bfs_tid; 3126 struct ath_tid *atid = &an->an_tid[tid]; 3127 struct ath_tx_status *ts = &bf->bf_status.ds_txstat; 3128 3129 /* The TID state is protected behind the TXQ lock */ 3130 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3131 3132 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: bf=%p: fail=%d, hwq_depth now %d\n", 3133 __func__, bf, fail, atid->hwq_depth - 1); 3134 3135 atid->hwq_depth--; 3136 if (atid->hwq_depth < 0) 3137 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 3138 __func__, atid->hwq_depth); 3139 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3140 3141 /* 3142 * punt to rate control if we're not being cleaned up 3143 * during a hw queue drain and the frame wanted an ACK. 3144 */ 3145 if (fail == 0 && ((bf->bf_state.bfs_txflags & HAL_TXDESC_NOACK) == 0)) 3146 ath_tx_update_ratectrl(sc, ni, bf->bf_state.bfs_rc, 3147 ts, bf->bf_state.bfs_pktlen, 3148 1, (ts->ts_status == 0) ? 0 : 1); 3149 3150 ath_tx_default_comp(sc, bf, fail); 3151 } 3152 3153 /* 3154 * Handle cleanup of aggregate session packets that aren't 3155 * an A-MPDU. 3156 * 3157 * There's no need to update the BAW here - the session is being 3158 * torn down. 3159 */ 3160 static void 3161 ath_tx_comp_cleanup_unaggr(struct ath_softc *sc, struct ath_buf *bf) 3162 { 3163 struct ieee80211_node *ni = bf->bf_node; 3164 struct ath_node *an = ATH_NODE(ni); 3165 int tid = bf->bf_state.bfs_tid; 3166 struct ath_tid *atid = &an->an_tid[tid]; 3167 3168 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: TID %d: incomp=%d\n", 3169 __func__, tid, atid->incomp); 3170 3171 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3172 atid->incomp--; 3173 if (atid->incomp == 0) { 3174 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3175 "%s: TID %d: cleaned up! resume!\n", 3176 __func__, tid); 3177 atid->cleanup_inprogress = 0; 3178 ath_tx_tid_resume(sc, atid); 3179 } 3180 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3181 3182 ath_tx_default_comp(sc, bf, 0); 3183 } 3184 3185 /* 3186 * Performs transmit side cleanup when TID changes from aggregated to 3187 * unaggregated. 3188 * 3189 * - Discard all retry frames from the s/w queue. 3190 * - Fix the tx completion function for all buffers in s/w queue. 3191 * - Count the number of unacked frames, and let transmit completion 3192 * handle it later. 3193 * 3194 * The caller is responsible for pausing the TID. 3195 */ 3196 static void 3197 ath_tx_tid_cleanup(struct ath_softc *sc, struct ath_node *an, int tid) 3198 { 3199 struct ath_tid *atid = &an->an_tid[tid]; 3200 struct ieee80211_tx_ampdu *tap; 3201 struct ath_buf *bf, *bf_next; 3202 ath_bufhead bf_cq; 3203 3204 DPRINTF(sc, ATH_DEBUG_SW_TX_BAW, 3205 "%s: TID %d: called\n", __func__, tid); 3206 3207 TAILQ_INIT(&bf_cq); 3208 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3209 3210 /* 3211 * Update the frames in the software TX queue: 3212 * 3213 * + Discard retry frames in the queue 3214 * + Fix the completion function to be non-aggregate 3215 */ 3216 bf = TAILQ_FIRST(&atid->axq_q); 3217 while (bf) { 3218 if (bf->bf_state.bfs_isretried) { 3219 bf_next = TAILQ_NEXT(bf, bf_list); 3220 TAILQ_REMOVE(&atid->axq_q, bf, bf_list); 3221 atid->axq_depth--; 3222 if (bf->bf_state.bfs_dobaw) { 3223 ath_tx_update_baw(sc, an, atid, bf); 3224 if (! bf->bf_state.bfs_addedbaw) 3225 device_printf(sc->sc_dev, 3226 "%s: wasn't added: seqno %d\n", 3227 __func__, 3228 SEQNO(bf->bf_state.bfs_seqno)); 3229 } 3230 bf->bf_state.bfs_dobaw = 0; 3231 /* 3232 * Call the default completion handler with "fail" just 3233 * so upper levels are suitably notified about this. 3234 */ 3235 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3236 bf = bf_next; 3237 continue; 3238 } 3239 /* Give these the default completion handler */ 3240 bf->bf_comp = ath_tx_normal_comp; 3241 bf = TAILQ_NEXT(bf, bf_list); 3242 } 3243 3244 /* The caller is required to pause the TID */ 3245 #if 0 3246 /* Pause the TID */ 3247 ath_tx_tid_pause(sc, atid); 3248 #endif 3249 3250 /* 3251 * Calculate what hardware-queued frames exist based 3252 * on the current BAW size. Ie, what frames have been 3253 * added to the TX hardware queue for this TID but 3254 * not yet ACKed. 3255 */ 3256 tap = ath_tx_get_tx_tid(an, tid); 3257 /* Need the lock - fiddling with BAW */ 3258 while (atid->baw_head != atid->baw_tail) { 3259 if (atid->tx_buf[atid->baw_head]) { 3260 atid->incomp++; 3261 atid->cleanup_inprogress = 1; 3262 atid->tx_buf[atid->baw_head] = NULL; 3263 } 3264 INCR(atid->baw_head, ATH_TID_MAX_BUFS); 3265 INCR(tap->txa_start, IEEE80211_SEQ_RANGE); 3266 } 3267 3268 /* 3269 * If cleanup is required, defer TID scheduling 3270 * until all the HW queued packets have been 3271 * sent. 3272 */ 3273 if (! atid->cleanup_inprogress) 3274 ath_tx_tid_resume(sc, atid); 3275 3276 if (atid->cleanup_inprogress) 3277 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3278 "%s: TID %d: cleanup needed: %d packets\n", 3279 __func__, tid, atid->incomp); 3280 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3281 3282 /* Handle completing frames and fail them */ 3283 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3284 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3285 ath_tx_default_comp(sc, bf, 1); 3286 } 3287 } 3288 3289 static void 3290 ath_tx_set_retry(struct ath_softc *sc, struct ath_buf *bf) 3291 { 3292 struct ieee80211_frame *wh; 3293 3294 wh = mtod(bf->bf_m, struct ieee80211_frame *); 3295 /* Only update/resync if needed */ 3296 if (bf->bf_state.bfs_isretried == 0) { 3297 wh->i_fc[1] |= IEEE80211_FC1_RETRY; 3298 bus_dmamap_sync(sc->sc_dmat, bf->bf_dmamap, 3299 BUS_DMASYNC_PREWRITE); 3300 } 3301 sc->sc_stats.ast_tx_swretries++; 3302 bf->bf_state.bfs_isretried = 1; 3303 bf->bf_state.bfs_retries ++; 3304 } 3305 3306 static struct ath_buf * 3307 ath_tx_retry_clone(struct ath_softc *sc, struct ath_node *an, 3308 struct ath_tid *tid, struct ath_buf *bf) 3309 { 3310 struct ath_buf *nbf; 3311 int error; 3312 3313 nbf = ath_buf_clone(sc, bf); 3314 3315 #if 0 3316 device_printf(sc->sc_dev, "%s: ATH_BUF_BUSY; cloning\n", 3317 __func__); 3318 #endif 3319 3320 if (nbf == NULL) { 3321 /* Failed to clone */ 3322 device_printf(sc->sc_dev, 3323 "%s: failed to clone a busy buffer\n", 3324 __func__); 3325 return NULL; 3326 } 3327 3328 /* Setup the dma for the new buffer */ 3329 error = ath_tx_dmasetup(sc, nbf, nbf->bf_m); 3330 if (error != 0) { 3331 device_printf(sc->sc_dev, 3332 "%s: failed to setup dma for clone\n", 3333 __func__); 3334 /* 3335 * Put this at the head of the list, not tail; 3336 * that way it doesn't interfere with the 3337 * busy buffer logic (which uses the tail of 3338 * the list.) 3339 */ 3340 ATH_TXBUF_LOCK(sc); 3341 ath_returnbuf_head(sc, nbf); 3342 ATH_TXBUF_UNLOCK(sc); 3343 return NULL; 3344 } 3345 3346 /* Update BAW if required, before we free the original buf */ 3347 if (bf->bf_state.bfs_dobaw) 3348 ath_tx_switch_baw_buf(sc, an, tid, bf, nbf); 3349 3350 /* Free current buffer; return the older buffer */ 3351 bf->bf_m = NULL; 3352 bf->bf_node = NULL; 3353 ath_freebuf(sc, bf); 3354 return nbf; 3355 } 3356 3357 /* 3358 * Handle retrying an unaggregate frame in an aggregate 3359 * session. 3360 * 3361 * If too many retries occur, pause the TID, wait for 3362 * any further retransmits (as there's no reason why 3363 * non-aggregate frames in an aggregate session are 3364 * transmitted in-order; they just have to be in-BAW) 3365 * and then queue a BAR. 3366 */ 3367 static void 3368 ath_tx_aggr_retry_unaggr(struct ath_softc *sc, struct ath_buf *bf) 3369 { 3370 struct ieee80211_node *ni = bf->bf_node; 3371 struct ath_node *an = ATH_NODE(ni); 3372 int tid = bf->bf_state.bfs_tid; 3373 struct ath_tid *atid = &an->an_tid[tid]; 3374 struct ieee80211_tx_ampdu *tap; 3375 3376 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3377 3378 tap = ath_tx_get_tx_tid(an, tid); 3379 3380 /* 3381 * If the buffer is marked as busy, we can't directly 3382 * reuse it. Instead, try to clone the buffer. 3383 * If the clone is successful, recycle the old buffer. 3384 * If the clone is unsuccessful, set bfs_retries to max 3385 * to force the next bit of code to free the buffer 3386 * for us. 3387 */ 3388 if ((bf->bf_state.bfs_retries < SWMAX_RETRIES) && 3389 (bf->bf_flags & ATH_BUF_BUSY)) { 3390 struct ath_buf *nbf; 3391 nbf = ath_tx_retry_clone(sc, an, atid, bf); 3392 if (nbf) 3393 /* bf has been freed at this point */ 3394 bf = nbf; 3395 else 3396 bf->bf_state.bfs_retries = SWMAX_RETRIES + 1; 3397 } 3398 3399 if (bf->bf_state.bfs_retries >= SWMAX_RETRIES) { 3400 DPRINTF(sc, ATH_DEBUG_SW_TX_RETRIES, 3401 "%s: exceeded retries; seqno %d\n", 3402 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3403 sc->sc_stats.ast_tx_swretrymax++; 3404 3405 /* Update BAW anyway */ 3406 if (bf->bf_state.bfs_dobaw) { 3407 ath_tx_update_baw(sc, an, atid, bf); 3408 if (! bf->bf_state.bfs_addedbaw) 3409 device_printf(sc->sc_dev, 3410 "%s: wasn't added: seqno %d\n", 3411 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3412 } 3413 bf->bf_state.bfs_dobaw = 0; 3414 3415 /* Suspend the TX queue and get ready to send the BAR */ 3416 ath_tx_tid_bar_suspend(sc, atid); 3417 3418 /* Send the BAR if there are no other frames waiting */ 3419 if (ath_tx_tid_bar_tx_ready(sc, atid)) 3420 ath_tx_tid_bar_tx(sc, atid); 3421 3422 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3423 3424 /* Free buffer, bf is free after this call */ 3425 ath_tx_default_comp(sc, bf, 0); 3426 return; 3427 } 3428 3429 /* 3430 * This increments the retry counter as well as 3431 * sets the retry flag in the ath_buf and packet 3432 * body. 3433 */ 3434 ath_tx_set_retry(sc, bf); 3435 3436 /* 3437 * Insert this at the head of the queue, so it's 3438 * retried before any current/subsequent frames. 3439 */ 3440 ATH_TXQ_INSERT_HEAD(atid, bf, bf_list); 3441 ath_tx_tid_sched(sc, atid); 3442 /* Send the BAR if there are no other frames waiting */ 3443 if (ath_tx_tid_bar_tx_ready(sc, atid)) 3444 ath_tx_tid_bar_tx(sc, atid); 3445 3446 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3447 } 3448 3449 /* 3450 * Common code for aggregate excessive retry/subframe retry. 3451 * If retrying, queues buffers to bf_q. If not, frees the 3452 * buffers. 3453 * 3454 * XXX should unify this with ath_tx_aggr_retry_unaggr() 3455 */ 3456 static int 3457 ath_tx_retry_subframe(struct ath_softc *sc, struct ath_buf *bf, 3458 ath_bufhead *bf_q) 3459 { 3460 struct ieee80211_node *ni = bf->bf_node; 3461 struct ath_node *an = ATH_NODE(ni); 3462 int tid = bf->bf_state.bfs_tid; 3463 struct ath_tid *atid = &an->an_tid[tid]; 3464 3465 ATH_TXQ_LOCK_ASSERT(sc->sc_ac2q[atid->ac]); 3466 3467 /* XXX clr11naggr should be done for all subframes */ 3468 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 3469 ath_hal_set11nburstduration(sc->sc_ah, bf->bf_desc, 0); 3470 /* ath_hal_set11n_virtualmorefrag(sc->sc_ah, bf->bf_desc, 0); */ 3471 3472 /* 3473 * If the buffer is marked as busy, we can't directly 3474 * reuse it. Instead, try to clone the buffer. 3475 * If the clone is successful, recycle the old buffer. 3476 * If the clone is unsuccessful, set bfs_retries to max 3477 * to force the next bit of code to free the buffer 3478 * for us. 3479 */ 3480 if ((bf->bf_state.bfs_retries < SWMAX_RETRIES) && 3481 (bf->bf_flags & ATH_BUF_BUSY)) { 3482 struct ath_buf *nbf; 3483 nbf = ath_tx_retry_clone(sc, an, atid, bf); 3484 if (nbf) 3485 /* bf has been freed at this point */ 3486 bf = nbf; 3487 else 3488 bf->bf_state.bfs_retries = SWMAX_RETRIES + 1; 3489 } 3490 3491 if (bf->bf_state.bfs_retries >= SWMAX_RETRIES) { 3492 sc->sc_stats.ast_tx_swretrymax++; 3493 DPRINTF(sc, ATH_DEBUG_SW_TX_RETRIES, 3494 "%s: max retries: seqno %d\n", 3495 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3496 ath_tx_update_baw(sc, an, atid, bf); 3497 if (! bf->bf_state.bfs_addedbaw) 3498 device_printf(sc->sc_dev, 3499 "%s: wasn't added: seqno %d\n", 3500 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3501 bf->bf_state.bfs_dobaw = 0; 3502 return 1; 3503 } 3504 3505 ath_tx_set_retry(sc, bf); 3506 bf->bf_next = NULL; /* Just to make sure */ 3507 3508 /* Clear the aggregate state */ 3509 bf->bf_state.bfs_aggr = 0; 3510 bf->bf_state.bfs_ndelim = 0; /* ??? needed? */ 3511 bf->bf_state.bfs_nframes = 1; 3512 3513 TAILQ_INSERT_TAIL(bf_q, bf, bf_list); 3514 return 0; 3515 } 3516 3517 /* 3518 * error pkt completion for an aggregate destination 3519 */ 3520 static void 3521 ath_tx_comp_aggr_error(struct ath_softc *sc, struct ath_buf *bf_first, 3522 struct ath_tid *tid) 3523 { 3524 struct ieee80211_node *ni = bf_first->bf_node; 3525 struct ath_node *an = ATH_NODE(ni); 3526 struct ath_buf *bf_next, *bf; 3527 ath_bufhead bf_q; 3528 int drops = 0; 3529 struct ieee80211_tx_ampdu *tap; 3530 ath_bufhead bf_cq; 3531 3532 TAILQ_INIT(&bf_q); 3533 TAILQ_INIT(&bf_cq); 3534 3535 /* 3536 * Update rate control - all frames have failed. 3537 * 3538 * XXX use the length in the first frame in the series; 3539 * XXX just so things are consistent for now. 3540 */ 3541 ath_tx_update_ratectrl(sc, ni, bf_first->bf_state.bfs_rc, 3542 &bf_first->bf_status.ds_txstat, 3543 bf_first->bf_state.bfs_pktlen, 3544 bf_first->bf_state.bfs_nframes, bf_first->bf_state.bfs_nframes); 3545 3546 ATH_TXQ_LOCK(sc->sc_ac2q[tid->ac]); 3547 tap = ath_tx_get_tx_tid(an, tid->tid); 3548 sc->sc_stats.ast_tx_aggr_failall++; 3549 3550 /* Retry all subframes */ 3551 bf = bf_first; 3552 while (bf) { 3553 bf_next = bf->bf_next; 3554 bf->bf_next = NULL; /* Remove it from the aggr list */ 3555 sc->sc_stats.ast_tx_aggr_fail++; 3556 if (ath_tx_retry_subframe(sc, bf, &bf_q)) { 3557 drops++; 3558 bf->bf_next = NULL; 3559 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3560 } 3561 bf = bf_next; 3562 } 3563 3564 /* Prepend all frames to the beginning of the queue */ 3565 while ((bf = TAILQ_LAST(&bf_q, ath_bufhead_s)) != NULL) { 3566 TAILQ_REMOVE(&bf_q, bf, bf_list); 3567 ATH_TXQ_INSERT_HEAD(tid, bf, bf_list); 3568 } 3569 3570 /* 3571 * Schedule the TID to be re-tried. 3572 */ 3573 ath_tx_tid_sched(sc, tid); 3574 3575 /* 3576 * send bar if we dropped any frames 3577 * 3578 * Keep the txq lock held for now, as we need to ensure 3579 * that ni_txseqs[] is consistent (as it's being updated 3580 * in the ifnet TX context or raw TX context.) 3581 */ 3582 if (drops) { 3583 /* Suspend the TX queue and get ready to send the BAR */ 3584 ath_tx_tid_bar_suspend(sc, tid); 3585 } 3586 3587 /* 3588 * Send BAR if required 3589 */ 3590 if (ath_tx_tid_bar_tx_ready(sc, tid)) 3591 ath_tx_tid_bar_tx(sc, tid); 3592 ATH_TXQ_UNLOCK(sc->sc_ac2q[tid->ac]); 3593 3594 /* Complete frames which errored out */ 3595 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3596 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3597 ath_tx_default_comp(sc, bf, 0); 3598 } 3599 } 3600 3601 /* 3602 * Handle clean-up of packets from an aggregate list. 3603 * 3604 * There's no need to update the BAW here - the session is being 3605 * torn down. 3606 */ 3607 static void 3608 ath_tx_comp_cleanup_aggr(struct ath_softc *sc, struct ath_buf *bf_first) 3609 { 3610 struct ath_buf *bf, *bf_next; 3611 struct ieee80211_node *ni = bf_first->bf_node; 3612 struct ath_node *an = ATH_NODE(ni); 3613 int tid = bf_first->bf_state.bfs_tid; 3614 struct ath_tid *atid = &an->an_tid[tid]; 3615 3616 bf = bf_first; 3617 3618 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3619 3620 /* update incomp */ 3621 while (bf) { 3622 atid->incomp--; 3623 bf = bf->bf_next; 3624 } 3625 3626 if (atid->incomp == 0) { 3627 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 3628 "%s: TID %d: cleaned up! resume!\n", 3629 __func__, tid); 3630 atid->cleanup_inprogress = 0; 3631 ath_tx_tid_resume(sc, atid); 3632 } 3633 3634 /* Send BAR if required */ 3635 if (ath_tx_tid_bar_tx_ready(sc, atid)) 3636 ath_tx_tid_bar_tx(sc, atid); 3637 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3638 3639 /* Handle frame completion */ 3640 while (bf) { 3641 bf_next = bf->bf_next; 3642 ath_tx_default_comp(sc, bf, 1); 3643 bf = bf_next; 3644 } 3645 } 3646 3647 /* 3648 * Handle completion of an set of aggregate frames. 3649 * 3650 * XXX for now, simply complete each sub-frame. 3651 * 3652 * Note: the completion handler is the last descriptor in the aggregate, 3653 * not the last descriptor in the first frame. 3654 */ 3655 static void 3656 ath_tx_aggr_comp_aggr(struct ath_softc *sc, struct ath_buf *bf_first, 3657 int fail) 3658 { 3659 //struct ath_desc *ds = bf->bf_lastds; 3660 struct ieee80211_node *ni = bf_first->bf_node; 3661 struct ath_node *an = ATH_NODE(ni); 3662 int tid = bf_first->bf_state.bfs_tid; 3663 struct ath_tid *atid = &an->an_tid[tid]; 3664 struct ath_tx_status ts; 3665 struct ieee80211_tx_ampdu *tap; 3666 ath_bufhead bf_q; 3667 ath_bufhead bf_cq; 3668 int seq_st, tx_ok; 3669 int hasba, isaggr; 3670 uint32_t ba[2]; 3671 struct ath_buf *bf, *bf_next; 3672 int ba_index; 3673 int drops = 0; 3674 int nframes = 0, nbad = 0, nf; 3675 int pktlen; 3676 /* XXX there's too much on the stack? */ 3677 struct ath_rc_series rc[ATH_RC_NUM]; 3678 int txseq; 3679 3680 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, "%s: called; hwq_depth=%d\n", 3681 __func__, atid->hwq_depth); 3682 3683 /* The TID state is kept behind the TXQ lock */ 3684 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3685 3686 atid->hwq_depth--; 3687 if (atid->hwq_depth < 0) 3688 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 3689 __func__, atid->hwq_depth); 3690 3691 /* 3692 * Punt cleanup to the relevant function, not our problem now 3693 */ 3694 if (atid->cleanup_inprogress) { 3695 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3696 ath_tx_comp_cleanup_aggr(sc, bf_first); 3697 return; 3698 } 3699 3700 /* 3701 * Take a copy; this may be needed -after- bf_first 3702 * has been completed and freed. 3703 */ 3704 ts = bf_first->bf_status.ds_txstat; 3705 /* 3706 * XXX for now, use the first frame in the aggregate for 3707 * XXX rate control completion; it's at least consistent. 3708 */ 3709 pktlen = bf_first->bf_state.bfs_pktlen; 3710 3711 /* 3712 * Handle errors first! 3713 * 3714 * Here, handle _any_ error as a "exceeded retries" error. 3715 * Later on (when filtered frames are to be specially handled) 3716 * it'll have to be expanded. 3717 */ 3718 #if 0 3719 if (ts.ts_status & HAL_TXERR_XRETRY) { 3720 #endif 3721 if (ts.ts_status != 0) { 3722 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3723 ath_tx_comp_aggr_error(sc, bf_first, atid); 3724 return; 3725 } 3726 3727 TAILQ_INIT(&bf_q); 3728 TAILQ_INIT(&bf_cq); 3729 tap = ath_tx_get_tx_tid(an, tid); 3730 3731 /* 3732 * extract starting sequence and block-ack bitmap 3733 */ 3734 /* XXX endian-ness of seq_st, ba? */ 3735 seq_st = ts.ts_seqnum; 3736 hasba = !! (ts.ts_flags & HAL_TX_BA); 3737 tx_ok = (ts.ts_status == 0); 3738 isaggr = bf_first->bf_state.bfs_aggr; 3739 ba[0] = ts.ts_ba_low; 3740 ba[1] = ts.ts_ba_high; 3741 3742 /* 3743 * Copy the TX completion status and the rate control 3744 * series from the first descriptor, as it may be freed 3745 * before the rate control code can get its grubby fingers 3746 * into things. 3747 */ 3748 memcpy(rc, bf_first->bf_state.bfs_rc, sizeof(rc)); 3749 3750 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3751 "%s: txa_start=%d, tx_ok=%d, status=%.8x, flags=%.8x, " 3752 "isaggr=%d, seq_st=%d, hasba=%d, ba=%.8x, %.8x\n", 3753 __func__, tap->txa_start, tx_ok, ts.ts_status, ts.ts_flags, 3754 isaggr, seq_st, hasba, ba[0], ba[1]); 3755 3756 /* Occasionally, the MAC sends a tx status for the wrong TID. */ 3757 if (tid != ts.ts_tid) { 3758 device_printf(sc->sc_dev, "%s: tid %d != hw tid %d\n", 3759 __func__, tid, ts.ts_tid); 3760 tx_ok = 0; 3761 } 3762 3763 /* AR5416 BA bug; this requires an interface reset */ 3764 if (isaggr && tx_ok && (! hasba)) { 3765 device_printf(sc->sc_dev, 3766 "%s: AR5416 bug: hasba=%d; txok=%d, isaggr=%d, " 3767 "seq_st=%d\n", 3768 __func__, hasba, tx_ok, isaggr, seq_st); 3769 /* XXX TODO: schedule an interface reset */ 3770 #ifdef ATH_DEBUG 3771 ath_printtxbuf(sc, bf_first, 3772 sc->sc_ac2q[atid->ac]->axq_qnum, 0, 0); 3773 #endif 3774 } 3775 3776 /* 3777 * Walk the list of frames, figure out which ones were correctly 3778 * sent and which weren't. 3779 */ 3780 bf = bf_first; 3781 nf = bf_first->bf_state.bfs_nframes; 3782 3783 /* bf_first is going to be invalid once this list is walked */ 3784 bf_first = NULL; 3785 3786 /* 3787 * Walk the list of completed frames and determine 3788 * which need to be completed and which need to be 3789 * retransmitted. 3790 * 3791 * For completed frames, the completion functions need 3792 * to be called at the end of this function as the last 3793 * node reference may free the node. 3794 * 3795 * Finally, since the TXQ lock can't be held during the 3796 * completion callback (to avoid lock recursion), 3797 * the completion calls have to be done outside of the 3798 * lock. 3799 */ 3800 while (bf) { 3801 nframes++; 3802 ba_index = ATH_BA_INDEX(seq_st, 3803 SEQNO(bf->bf_state.bfs_seqno)); 3804 bf_next = bf->bf_next; 3805 bf->bf_next = NULL; /* Remove it from the aggr list */ 3806 3807 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3808 "%s: checking bf=%p seqno=%d; ack=%d\n", 3809 __func__, bf, SEQNO(bf->bf_state.bfs_seqno), 3810 ATH_BA_ISSET(ba, ba_index)); 3811 3812 if (tx_ok && ATH_BA_ISSET(ba, ba_index)) { 3813 sc->sc_stats.ast_tx_aggr_ok++; 3814 ath_tx_update_baw(sc, an, atid, bf); 3815 bf->bf_state.bfs_dobaw = 0; 3816 if (! bf->bf_state.bfs_addedbaw) 3817 device_printf(sc->sc_dev, 3818 "%s: wasn't added: seqno %d\n", 3819 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3820 bf->bf_next = NULL; 3821 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3822 } else { 3823 sc->sc_stats.ast_tx_aggr_fail++; 3824 if (ath_tx_retry_subframe(sc, bf, &bf_q)) { 3825 drops++; 3826 bf->bf_next = NULL; 3827 TAILQ_INSERT_TAIL(&bf_cq, bf, bf_list); 3828 } 3829 nbad++; 3830 } 3831 bf = bf_next; 3832 } 3833 3834 /* 3835 * Now that the BAW updates have been done, unlock 3836 * 3837 * txseq is grabbed before the lock is released so we 3838 * have a consistent view of what -was- in the BAW. 3839 * Anything after this point will not yet have been 3840 * TXed. 3841 */ 3842 txseq = tap->txa_start; 3843 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3844 3845 if (nframes != nf) 3846 device_printf(sc->sc_dev, 3847 "%s: num frames seen=%d; bf nframes=%d\n", 3848 __func__, nframes, nf); 3849 3850 /* 3851 * Now we know how many frames were bad, call the rate 3852 * control code. 3853 */ 3854 if (fail == 0) 3855 ath_tx_update_ratectrl(sc, ni, rc, &ts, pktlen, nframes, 3856 nbad); 3857 3858 /* 3859 * send bar if we dropped any frames 3860 */ 3861 if (drops) { 3862 /* Suspend the TX queue and get ready to send the BAR */ 3863 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3864 ath_tx_tid_bar_suspend(sc, atid); 3865 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3866 } 3867 3868 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 3869 "%s: txa_start now %d\n", __func__, tap->txa_start); 3870 3871 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3872 3873 /* Prepend all frames to the beginning of the queue */ 3874 while ((bf = TAILQ_LAST(&bf_q, ath_bufhead_s)) != NULL) { 3875 TAILQ_REMOVE(&bf_q, bf, bf_list); 3876 ATH_TXQ_INSERT_HEAD(atid, bf, bf_list); 3877 } 3878 3879 /* 3880 * Reschedule to grab some further frames. 3881 */ 3882 ath_tx_tid_sched(sc, atid); 3883 3884 /* 3885 * Send BAR if required 3886 */ 3887 if (ath_tx_tid_bar_tx_ready(sc, atid)) 3888 ath_tx_tid_bar_tx(sc, atid); 3889 3890 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3891 3892 /* Do deferred completion */ 3893 while ((bf = TAILQ_FIRST(&bf_cq)) != NULL) { 3894 TAILQ_REMOVE(&bf_cq, bf, bf_list); 3895 ath_tx_default_comp(sc, bf, 0); 3896 } 3897 } 3898 3899 /* 3900 * Handle completion of unaggregated frames in an ADDBA 3901 * session. 3902 * 3903 * Fail is set to 1 if the entry is being freed via a call to 3904 * ath_tx_draintxq(). 3905 */ 3906 static void 3907 ath_tx_aggr_comp_unaggr(struct ath_softc *sc, struct ath_buf *bf, int fail) 3908 { 3909 struct ieee80211_node *ni = bf->bf_node; 3910 struct ath_node *an = ATH_NODE(ni); 3911 int tid = bf->bf_state.bfs_tid; 3912 struct ath_tid *atid = &an->an_tid[tid]; 3913 struct ath_tx_status *ts = &bf->bf_status.ds_txstat; 3914 3915 /* 3916 * Update rate control status here, before we possibly 3917 * punt to retry or cleanup. 3918 * 3919 * Do it outside of the TXQ lock. 3920 */ 3921 if (fail == 0 && ((bf->bf_state.bfs_txflags & HAL_TXDESC_NOACK) == 0)) 3922 ath_tx_update_ratectrl(sc, ni, bf->bf_state.bfs_rc, 3923 &bf->bf_status.ds_txstat, 3924 bf->bf_state.bfs_pktlen, 3925 1, (ts->ts_status == 0) ? 0 : 1); 3926 3927 /* 3928 * This is called early so atid->hwq_depth can be tracked. 3929 * This unfortunately means that it's released and regrabbed 3930 * during retry and cleanup. That's rather inefficient. 3931 */ 3932 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 3933 3934 if (tid == IEEE80211_NONQOS_TID) 3935 device_printf(sc->sc_dev, "%s: TID=16!\n", __func__); 3936 3937 DPRINTF(sc, ATH_DEBUG_SW_TX, 3938 "%s: bf=%p: tid=%d, hwq_depth=%d, seqno=%d\n", 3939 __func__, bf, bf->bf_state.bfs_tid, atid->hwq_depth, 3940 SEQNO(bf->bf_state.bfs_seqno)); 3941 3942 atid->hwq_depth--; 3943 if (atid->hwq_depth < 0) 3944 device_printf(sc->sc_dev, "%s: hwq_depth < 0: %d\n", 3945 __func__, atid->hwq_depth); 3946 3947 /* 3948 * If a cleanup is in progress, punt to comp_cleanup; 3949 * rather than handling it here. It's thus their 3950 * responsibility to clean up, call the completion 3951 * function in net80211, etc. 3952 */ 3953 if (atid->cleanup_inprogress) { 3954 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3955 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: cleanup_unaggr\n", 3956 __func__); 3957 ath_tx_comp_cleanup_unaggr(sc, bf); 3958 return; 3959 } 3960 3961 /* 3962 * Don't bother with the retry check if all frames 3963 * are being failed (eg during queue deletion.) 3964 */ 3965 #if 0 3966 if (fail == 0 && ts->ts_status & HAL_TXERR_XRETRY) { 3967 #endif 3968 if (fail == 0 && ts->ts_status != 0) { 3969 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3970 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: retry_unaggr\n", 3971 __func__); 3972 ath_tx_aggr_retry_unaggr(sc, bf); 3973 return; 3974 } 3975 3976 /* Success? Complete */ 3977 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: TID=%d, seqno %d\n", 3978 __func__, tid, SEQNO(bf->bf_state.bfs_seqno)); 3979 if (bf->bf_state.bfs_dobaw) { 3980 ath_tx_update_baw(sc, an, atid, bf); 3981 bf->bf_state.bfs_dobaw = 0; 3982 if (! bf->bf_state.bfs_addedbaw) 3983 device_printf(sc->sc_dev, 3984 "%s: wasn't added: seqno %d\n", 3985 __func__, SEQNO(bf->bf_state.bfs_seqno)); 3986 } 3987 3988 /* 3989 * Send BAR if required 3990 */ 3991 if (ath_tx_tid_bar_tx_ready(sc, atid)) 3992 ath_tx_tid_bar_tx(sc, atid); 3993 3994 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 3995 3996 ath_tx_default_comp(sc, bf, fail); 3997 /* bf is freed at this point */ 3998 } 3999 4000 void 4001 ath_tx_aggr_comp(struct ath_softc *sc, struct ath_buf *bf, int fail) 4002 { 4003 if (bf->bf_state.bfs_aggr) 4004 ath_tx_aggr_comp_aggr(sc, bf, fail); 4005 else 4006 ath_tx_aggr_comp_unaggr(sc, bf, fail); 4007 } 4008 4009 /* 4010 * Schedule some packets from the given node/TID to the hardware. 4011 * 4012 * This is the aggregate version. 4013 */ 4014 void 4015 ath_tx_tid_hw_queue_aggr(struct ath_softc *sc, struct ath_node *an, 4016 struct ath_tid *tid) 4017 { 4018 struct ath_buf *bf; 4019 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 4020 struct ieee80211_tx_ampdu *tap; 4021 ATH_AGGR_STATUS status; 4022 ath_bufhead bf_q; 4023 4024 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d\n", __func__, tid->tid); 4025 ATH_TXQ_LOCK_ASSERT(txq); 4026 4027 tap = ath_tx_get_tx_tid(an, tid->tid); 4028 4029 if (tid->tid == IEEE80211_NONQOS_TID) 4030 device_printf(sc->sc_dev, "%s: called for TID=NONQOS_TID?\n", 4031 __func__); 4032 4033 for (;;) { 4034 status = ATH_AGGR_DONE; 4035 4036 /* 4037 * If the upper layer has paused the TID, don't 4038 * queue any further packets. 4039 * 4040 * This can also occur from the completion task because 4041 * of packet loss; but as its serialised with this code, 4042 * it won't "appear" half way through queuing packets. 4043 */ 4044 if (tid->paused) 4045 break; 4046 4047 bf = TAILQ_FIRST(&tid->axq_q); 4048 if (bf == NULL) { 4049 break; 4050 } 4051 4052 /* 4053 * If the packet doesn't fall within the BAW (eg a NULL 4054 * data frame), schedule it directly; continue. 4055 */ 4056 if (! bf->bf_state.bfs_dobaw) { 4057 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 4058 "%s: non-baw packet\n", 4059 __func__); 4060 ATH_TXQ_REMOVE(tid, bf, bf_list); 4061 4062 if (bf->bf_state.bfs_nframes > 1) 4063 device_printf(sc->sc_dev, 4064 "%s: aggr=%d, nframes=%d\n", 4065 __func__, 4066 bf->bf_state.bfs_aggr, 4067 bf->bf_state.bfs_nframes); 4068 4069 /* 4070 * This shouldn't happen - such frames shouldn't 4071 * ever have been queued as an aggregate in the 4072 * first place. However, make sure the fields 4073 * are correctly setup just to be totally sure. 4074 */ 4075 bf->bf_state.bfs_aggr = 0; 4076 bf->bf_state.bfs_nframes = 1; 4077 4078 ath_tx_do_ratelookup(sc, bf); 4079 ath_tx_calc_duration(sc, bf); 4080 ath_tx_calc_protection(sc, bf); 4081 ath_tx_set_rtscts(sc, bf); 4082 ath_tx_rate_fill_rcflags(sc, bf); 4083 ath_tx_setds(sc, bf); 4084 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 4085 4086 sc->sc_aggr_stats.aggr_nonbaw_pkt++; 4087 4088 /* Queue the packet; continue */ 4089 goto queuepkt; 4090 } 4091 4092 TAILQ_INIT(&bf_q); 4093 4094 /* 4095 * Do a rate control lookup on the first frame in the 4096 * list. The rate control code needs that to occur 4097 * before it can determine whether to TX. 4098 * It's inaccurate because the rate control code doesn't 4099 * really "do" aggregate lookups, so it only considers 4100 * the size of the first frame. 4101 */ 4102 ath_tx_do_ratelookup(sc, bf); 4103 bf->bf_state.bfs_rc[3].rix = 0; 4104 bf->bf_state.bfs_rc[3].tries = 0; 4105 4106 ath_tx_calc_duration(sc, bf); 4107 ath_tx_calc_protection(sc, bf); 4108 4109 ath_tx_set_rtscts(sc, bf); 4110 ath_tx_rate_fill_rcflags(sc, bf); 4111 4112 status = ath_tx_form_aggr(sc, an, tid, &bf_q); 4113 4114 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 4115 "%s: ath_tx_form_aggr() status=%d\n", __func__, status); 4116 4117 /* 4118 * No frames to be picked up - out of BAW 4119 */ 4120 if (TAILQ_EMPTY(&bf_q)) 4121 break; 4122 4123 /* 4124 * This assumes that the descriptor list in the ath_bufhead 4125 * are already linked together via bf_next pointers. 4126 */ 4127 bf = TAILQ_FIRST(&bf_q); 4128 4129 if (status == ATH_AGGR_8K_LIMITED) 4130 sc->sc_aggr_stats.aggr_rts_aggr_limited++; 4131 4132 /* 4133 * If it's the only frame send as non-aggregate 4134 * assume that ath_tx_form_aggr() has checked 4135 * whether it's in the BAW and added it appropriately. 4136 */ 4137 if (bf->bf_state.bfs_nframes == 1) { 4138 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 4139 "%s: single-frame aggregate\n", __func__); 4140 bf->bf_state.bfs_aggr = 0; 4141 bf->bf_state.bfs_ndelim = 0; 4142 ath_tx_setds(sc, bf); 4143 ath_hal_clr11n_aggr(sc->sc_ah, bf->bf_desc); 4144 if (status == ATH_AGGR_BAW_CLOSED) 4145 sc->sc_aggr_stats.aggr_baw_closed_single_pkt++; 4146 else 4147 sc->sc_aggr_stats.aggr_single_pkt++; 4148 } else { 4149 DPRINTF(sc, ATH_DEBUG_SW_TX_AGGR, 4150 "%s: multi-frame aggregate: %d frames, " 4151 "length %d\n", 4152 __func__, bf->bf_state.bfs_nframes, 4153 bf->bf_state.bfs_al); 4154 bf->bf_state.bfs_aggr = 1; 4155 sc->sc_aggr_stats.aggr_pkts[bf->bf_state.bfs_nframes]++; 4156 sc->sc_aggr_stats.aggr_aggr_pkt++; 4157 4158 /* 4159 * Calculate the duration/protection as required. 4160 */ 4161 ath_tx_calc_duration(sc, bf); 4162 ath_tx_calc_protection(sc, bf); 4163 4164 /* 4165 * Update the rate and rtscts information based on the 4166 * rate decision made by the rate control code; 4167 * the first frame in the aggregate needs it. 4168 */ 4169 ath_tx_set_rtscts(sc, bf); 4170 4171 /* 4172 * Setup the relevant descriptor fields 4173 * for aggregation. The first descriptor 4174 * already points to the rest in the chain. 4175 */ 4176 ath_tx_setds_11n(sc, bf); 4177 4178 } 4179 queuepkt: 4180 //txq = bf->bf_state.bfs_txq; 4181 4182 /* Set completion handler, multi-frame aggregate or not */ 4183 bf->bf_comp = ath_tx_aggr_comp; 4184 4185 if (bf->bf_state.bfs_tid == IEEE80211_NONQOS_TID) 4186 device_printf(sc->sc_dev, "%s: TID=16?\n", __func__); 4187 4188 /* Punt to txq */ 4189 ath_tx_handoff(sc, txq, bf); 4190 4191 /* Track outstanding buffer count to hardware */ 4192 /* aggregates are "one" buffer */ 4193 tid->hwq_depth++; 4194 4195 /* 4196 * Break out if ath_tx_form_aggr() indicated 4197 * there can't be any further progress (eg BAW is full.) 4198 * Checking for an empty txq is done above. 4199 * 4200 * XXX locking on txq here? 4201 */ 4202 if (txq->axq_aggr_depth >= sc->sc_hwq_limit || 4203 status == ATH_AGGR_BAW_CLOSED) 4204 break; 4205 } 4206 } 4207 4208 /* 4209 * Schedule some packets from the given node/TID to the hardware. 4210 */ 4211 void 4212 ath_tx_tid_hw_queue_norm(struct ath_softc *sc, struct ath_node *an, 4213 struct ath_tid *tid) 4214 { 4215 struct ath_buf *bf; 4216 struct ath_txq *txq = sc->sc_ac2q[tid->ac]; 4217 4218 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: node %p: TID %d: called\n", 4219 __func__, an, tid->tid); 4220 4221 ATH_TXQ_LOCK_ASSERT(txq); 4222 4223 /* Check - is AMPDU pending or running? then print out something */ 4224 if (ath_tx_ampdu_pending(sc, an, tid->tid)) 4225 device_printf(sc->sc_dev, "%s: tid=%d, ampdu pending?\n", 4226 __func__, tid->tid); 4227 if (ath_tx_ampdu_running(sc, an, tid->tid)) 4228 device_printf(sc->sc_dev, "%s: tid=%d, ampdu running?\n", 4229 __func__, tid->tid); 4230 4231 for (;;) { 4232 4233 /* 4234 * If the upper layers have paused the TID, don't 4235 * queue any further packets. 4236 */ 4237 if (tid->paused) 4238 break; 4239 4240 bf = TAILQ_FIRST(&tid->axq_q); 4241 if (bf == NULL) { 4242 break; 4243 } 4244 4245 ATH_TXQ_REMOVE(tid, bf, bf_list); 4246 4247 KASSERT(txq == bf->bf_state.bfs_txq, ("txqs not equal!\n")); 4248 4249 /* Sanity check! */ 4250 if (tid->tid != bf->bf_state.bfs_tid) { 4251 device_printf(sc->sc_dev, "%s: bfs_tid %d !=" 4252 " tid %d\n", 4253 __func__, bf->bf_state.bfs_tid, tid->tid); 4254 } 4255 /* Normal completion handler */ 4256 bf->bf_comp = ath_tx_normal_comp; 4257 4258 /* Program descriptors + rate control */ 4259 ath_tx_do_ratelookup(sc, bf); 4260 ath_tx_calc_duration(sc, bf); 4261 ath_tx_calc_protection(sc, bf); 4262 ath_tx_set_rtscts(sc, bf); 4263 ath_tx_rate_fill_rcflags(sc, bf); 4264 ath_tx_setds(sc, bf); 4265 4266 /* Track outstanding buffer count to hardware */ 4267 /* aggregates are "one" buffer */ 4268 tid->hwq_depth++; 4269 4270 /* Punt to hardware or software txq */ 4271 ath_tx_handoff(sc, txq, bf); 4272 } 4273 } 4274 4275 /* 4276 * Schedule some packets to the given hardware queue. 4277 * 4278 * This function walks the list of TIDs (ie, ath_node TIDs 4279 * with queued traffic) and attempts to schedule traffic 4280 * from them. 4281 * 4282 * TID scheduling is implemented as a FIFO, with TIDs being 4283 * added to the end of the queue after some frames have been 4284 * scheduled. 4285 */ 4286 void 4287 ath_txq_sched(struct ath_softc *sc, struct ath_txq *txq) 4288 { 4289 struct ath_tid *tid, *next, *last; 4290 4291 ATH_TXQ_LOCK_ASSERT(txq); 4292 4293 /* 4294 * Don't schedule if the hardware queue is busy. 4295 * This (hopefully) gives some more time to aggregate 4296 * some packets in the aggregation queue. 4297 */ 4298 if (txq->axq_aggr_depth >= sc->sc_hwq_limit) { 4299 sc->sc_aggr_stats.aggr_sched_nopkt++; 4300 return; 4301 } 4302 4303 last = TAILQ_LAST(&txq->axq_tidq, axq_t_s); 4304 4305 TAILQ_FOREACH_SAFE(tid, &txq->axq_tidq, axq_qelem, next) { 4306 /* 4307 * Suspend paused queues here; they'll be resumed 4308 * once the addba completes or times out. 4309 */ 4310 DPRINTF(sc, ATH_DEBUG_SW_TX, "%s: tid=%d, paused=%d\n", 4311 __func__, tid->tid, tid->paused); 4312 ath_tx_tid_unsched(sc, tid); 4313 if (tid->paused) { 4314 continue; 4315 } 4316 if (ath_tx_ampdu_running(sc, tid->an, tid->tid)) 4317 ath_tx_tid_hw_queue_aggr(sc, tid->an, tid); 4318 else 4319 ath_tx_tid_hw_queue_norm(sc, tid->an, tid); 4320 4321 /* Not empty? Re-schedule */ 4322 if (tid->axq_depth != 0) 4323 ath_tx_tid_sched(sc, tid); 4324 4325 /* Give the software queue time to aggregate more packets */ 4326 if (txq->axq_aggr_depth >= sc->sc_hwq_limit) { 4327 break; 4328 } 4329 4330 /* 4331 * If this was the last entry on the original list, stop. 4332 * Otherwise nodes that have been rescheduled onto the end 4333 * of the TID FIFO list will just keep being rescheduled. 4334 */ 4335 if (tid == last) 4336 break; 4337 } 4338 } 4339 4340 /* 4341 * TX addba handling 4342 */ 4343 4344 /* 4345 * Return net80211 TID struct pointer, or NULL for none 4346 */ 4347 struct ieee80211_tx_ampdu * 4348 ath_tx_get_tx_tid(struct ath_node *an, int tid) 4349 { 4350 struct ieee80211_node *ni = &an->an_node; 4351 struct ieee80211_tx_ampdu *tap; 4352 4353 if (tid == IEEE80211_NONQOS_TID) 4354 return NULL; 4355 4356 tap = &ni->ni_tx_ampdu[tid]; 4357 return tap; 4358 } 4359 4360 /* 4361 * Is AMPDU-TX running? 4362 */ 4363 static int 4364 ath_tx_ampdu_running(struct ath_softc *sc, struct ath_node *an, int tid) 4365 { 4366 struct ieee80211_tx_ampdu *tap; 4367 4368 if (tid == IEEE80211_NONQOS_TID) 4369 return 0; 4370 4371 tap = ath_tx_get_tx_tid(an, tid); 4372 if (tap == NULL) 4373 return 0; /* Not valid; default to not running */ 4374 4375 return !! (tap->txa_flags & IEEE80211_AGGR_RUNNING); 4376 } 4377 4378 /* 4379 * Is AMPDU-TX negotiation pending? 4380 */ 4381 static int 4382 ath_tx_ampdu_pending(struct ath_softc *sc, struct ath_node *an, int tid) 4383 { 4384 struct ieee80211_tx_ampdu *tap; 4385 4386 if (tid == IEEE80211_NONQOS_TID) 4387 return 0; 4388 4389 tap = ath_tx_get_tx_tid(an, tid); 4390 if (tap == NULL) 4391 return 0; /* Not valid; default to not pending */ 4392 4393 return !! (tap->txa_flags & IEEE80211_AGGR_XCHGPEND); 4394 } 4395 4396 /* 4397 * Is AMPDU-TX pending for the given TID? 4398 */ 4399 4400 4401 /* 4402 * Method to handle sending an ADDBA request. 4403 * 4404 * We tap this so the relevant flags can be set to pause the TID 4405 * whilst waiting for the response. 4406 * 4407 * XXX there's no timeout handler we can override? 4408 */ 4409 int 4410 ath_addba_request(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 4411 int dialogtoken, int baparamset, int batimeout) 4412 { 4413 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4414 int tid = tap->txa_tid; 4415 struct ath_node *an = ATH_NODE(ni); 4416 struct ath_tid *atid = &an->an_tid[tid]; 4417 4418 /* 4419 * XXX danger Will Robinson! 4420 * 4421 * Although the taskqueue may be running and scheduling some more 4422 * packets, these should all be _before_ the addba sequence number. 4423 * However, net80211 will keep self-assigning sequence numbers 4424 * until addba has been negotiated. 4425 * 4426 * In the past, these packets would be "paused" (which still works 4427 * fine, as they're being scheduled to the driver in the same 4428 * serialised method which is calling the addba request routine) 4429 * and when the aggregation session begins, they'll be dequeued 4430 * as aggregate packets and added to the BAW. However, now there's 4431 * a "bf->bf_state.bfs_dobaw" flag, and this isn't set for these 4432 * packets. Thus they never get included in the BAW tracking and 4433 * this can cause the initial burst of packets after the addba 4434 * negotiation to "hang", as they quickly fall outside the BAW. 4435 * 4436 * The "eventual" solution should be to tag these packets with 4437 * dobaw. Although net80211 has given us a sequence number, 4438 * it'll be "after" the left edge of the BAW and thus it'll 4439 * fall within it. 4440 */ 4441 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4442 /* 4443 * This is a bit annoying. Until net80211 HT code inherits some 4444 * (any) locking, we may have this called in parallel BUT only 4445 * one response/timeout will be called. Grr. 4446 */ 4447 if (atid->addba_tx_pending == 0) { 4448 ath_tx_tid_pause(sc, atid); 4449 atid->addba_tx_pending = 1; 4450 } 4451 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4452 4453 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 4454 "%s: called; dialogtoken=%d, baparamset=%d, batimeout=%d\n", 4455 __func__, dialogtoken, baparamset, batimeout); 4456 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 4457 "%s: txa_start=%d, ni_txseqs=%d\n", 4458 __func__, tap->txa_start, ni->ni_txseqs[tid]); 4459 4460 return sc->sc_addba_request(ni, tap, dialogtoken, baparamset, 4461 batimeout); 4462 } 4463 4464 /* 4465 * Handle an ADDBA response. 4466 * 4467 * We unpause the queue so TX'ing can resume. 4468 * 4469 * Any packets TX'ed from this point should be "aggregate" (whether 4470 * aggregate or not) so the BAW is updated. 4471 * 4472 * Note! net80211 keeps self-assigning sequence numbers until 4473 * ampdu is negotiated. This means the initially-negotiated BAW left 4474 * edge won't match the ni->ni_txseq. 4475 * 4476 * So, being very dirty, the BAW left edge is "slid" here to match 4477 * ni->ni_txseq. 4478 * 4479 * What likely SHOULD happen is that all packets subsequent to the 4480 * addba request should be tagged as aggregate and queued as non-aggregate 4481 * frames; thus updating the BAW. For now though, I'll just slide the 4482 * window. 4483 */ 4484 int 4485 ath_addba_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 4486 int status, int code, int batimeout) 4487 { 4488 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4489 int tid = tap->txa_tid; 4490 struct ath_node *an = ATH_NODE(ni); 4491 struct ath_tid *atid = &an->an_tid[tid]; 4492 int r; 4493 4494 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 4495 "%s: called; status=%d, code=%d, batimeout=%d\n", __func__, 4496 status, code, batimeout); 4497 4498 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 4499 "%s: txa_start=%d, ni_txseqs=%d\n", 4500 __func__, tap->txa_start, ni->ni_txseqs[tid]); 4501 4502 /* 4503 * Call this first, so the interface flags get updated 4504 * before the TID is unpaused. Otherwise a race condition 4505 * exists where the unpaused TID still doesn't yet have 4506 * IEEE80211_AGGR_RUNNING set. 4507 */ 4508 r = sc->sc_addba_response(ni, tap, status, code, batimeout); 4509 4510 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4511 atid->addba_tx_pending = 0; 4512 /* 4513 * XXX dirty! 4514 * Slide the BAW left edge to wherever net80211 left it for us. 4515 * Read above for more information. 4516 */ 4517 tap->txa_start = ni->ni_txseqs[tid]; 4518 ath_tx_tid_resume(sc, atid); 4519 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4520 return r; 4521 } 4522 4523 4524 /* 4525 * Stop ADDBA on a queue. 4526 * 4527 * This can be called whilst BAR TX is currently active on the queue, 4528 * so make sure this is unblocked before continuing. 4529 */ 4530 void 4531 ath_addba_stop(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap) 4532 { 4533 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4534 int tid = tap->txa_tid; 4535 struct ath_node *an = ATH_NODE(ni); 4536 struct ath_tid *atid = &an->an_tid[tid]; 4537 4538 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, "%s: called\n", __func__); 4539 4540 /* 4541 * Pause TID traffic early, so there aren't any races 4542 * Unblock the pending BAR held traffic, if it's currently paused. 4543 */ 4544 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4545 ath_tx_tid_pause(sc, atid); 4546 if (atid->bar_wait) { 4547 /* 4548 * bar_unsuspend() expects bar_tx == 1, as it should be 4549 * called from the TX completion path. This quietens 4550 * the warning. It's cleared for us anyway. 4551 */ 4552 atid->bar_tx = 1; 4553 ath_tx_tid_bar_unsuspend(sc, atid); 4554 } 4555 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4556 4557 /* There's no need to hold the TXQ lock here */ 4558 sc->sc_addba_stop(ni, tap); 4559 4560 /* 4561 * ath_tx_tid_cleanup will resume the TID if possible, otherwise 4562 * it'll set the cleanup flag, and it'll be unpaused once 4563 * things have been cleaned up. 4564 */ 4565 ath_tx_tid_cleanup(sc, an, tid); 4566 } 4567 4568 /* 4569 * Note: net80211 bar_timeout() doesn't call this function on BAR failure; 4570 * it simply tears down the aggregation session. Ew. 4571 * 4572 * It however will call ieee80211_ampdu_stop() which will call 4573 * ic->ic_addba_stop(). 4574 * 4575 * XXX This uses a hard-coded max BAR count value; the whole 4576 * XXX BAR TX success or failure should be better handled! 4577 */ 4578 void 4579 ath_bar_response(struct ieee80211_node *ni, struct ieee80211_tx_ampdu *tap, 4580 int status) 4581 { 4582 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4583 int tid = tap->txa_tid; 4584 struct ath_node *an = ATH_NODE(ni); 4585 struct ath_tid *atid = &an->an_tid[tid]; 4586 int attempts = tap->txa_attempts; 4587 4588 DPRINTF(sc, ATH_DEBUG_SW_TX_BAR, 4589 "%s: called; tap=%p, atid=%p, txa_tid=%d, atid->tid=%d, status=%d, attempts=%d\n", 4590 __func__, 4591 tap, 4592 atid, 4593 tap->txa_tid, 4594 atid->tid, 4595 status, 4596 attempts); 4597 4598 /* Note: This may update the BAW details */ 4599 sc->sc_bar_response(ni, tap, status); 4600 4601 /* Unpause the TID */ 4602 /* 4603 * XXX if this is attempt=50, the TID will be downgraded 4604 * XXX to a non-aggregate session. So we must unpause the 4605 * XXX TID here or it'll never be done. 4606 */ 4607 if (status == 0 || attempts == 50) { 4608 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4609 ath_tx_tid_bar_unsuspend(sc, atid); 4610 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4611 } 4612 } 4613 4614 /* 4615 * This is called whenever the pending ADDBA request times out. 4616 * Unpause and reschedule the TID. 4617 */ 4618 void 4619 ath_addba_response_timeout(struct ieee80211_node *ni, 4620 struct ieee80211_tx_ampdu *tap) 4621 { 4622 struct ath_softc *sc = ni->ni_ic->ic_ifp->if_softc; 4623 int tid = tap->txa_tid; 4624 struct ath_node *an = ATH_NODE(ni); 4625 struct ath_tid *atid = &an->an_tid[tid]; 4626 4627 DPRINTF(sc, ATH_DEBUG_SW_TX_CTRL, 4628 "%s: called; resuming\n", __func__); 4629 4630 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4631 atid->addba_tx_pending = 0; 4632 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4633 4634 /* Note: This updates the aggregate state to (again) pending */ 4635 sc->sc_addba_response_timeout(ni, tap); 4636 4637 /* Unpause the TID; which reschedules it */ 4638 ATH_TXQ_LOCK(sc->sc_ac2q[atid->ac]); 4639 ath_tx_tid_resume(sc, atid); 4640 ATH_TXQ_UNLOCK(sc->sc_ac2q[atid->ac]); 4641 } 4642 4643 static int 4644 ath_legacy_dma_txsetup(struct ath_softc *sc) 4645 { 4646 4647 /* nothing new needed */ 4648 return (0); 4649 } 4650 4651 static int 4652 ath_legacy_dma_txteardown(struct ath_softc *sc) 4653 { 4654 4655 /* nothing new needed */ 4656 return (0); 4657 } 4658 4659 void 4660 ath_xmit_setup_legacy(struct ath_softc *sc) 4661 { 4662 /* 4663 * For now, just set the descriptor length to sizeof(ath_desc); 4664 * worry about extracting the real length out of the HAL later. 4665 */ 4666 sc->sc_tx_desclen = sizeof(struct ath_desc); 4667 sc->sc_tx_statuslen = 0; 4668 sc->sc_tx_nmaps = 1; /* only one buffer per TX desc */ 4669 4670 sc->sc_tx.xmit_setup = ath_legacy_dma_txsetup; 4671 sc->sc_tx.xmit_teardown = ath_legacy_dma_txteardown; 4672 sc->sc_tx.xmit_attach_comp_func = ath_legacy_attach_comp_func; 4673 4674 sc->sc_tx.xmit_dma_restart = ath_legacy_tx_dma_restart; 4675 sc->sc_tx.xmit_handoff = ath_legacy_xmit_handoff; 4676 4677 sc->sc_tx.xmit_drain = ath_legacy_tx_drain; 4678 } 4679