xref: /linux/drivers/net/wireless/ath/ath12k/dp_rx.c (revision 06ce23ad57c8e378b86ef3f439b2e08bcb5d05eb)
1 // SPDX-License-Identifier: BSD-3-Clause-Clear
2 /*
3  * Copyright (c) 2018-2021 The Linux Foundation. All rights reserved.
4  * Copyright (c) 2021-2022 Qualcomm Innovation Center, Inc. All rights reserved.
5  */
6 
7 #include <linux/ieee80211.h>
8 #include <linux/kernel.h>
9 #include <linux/skbuff.h>
10 #include <crypto/hash.h>
11 #include "core.h"
12 #include "debug.h"
13 #include "hal_desc.h"
14 #include "hw.h"
15 #include "dp_rx.h"
16 #include "hal_rx.h"
17 #include "dp_tx.h"
18 #include "peer.h"
19 #include "dp_mon.h"
20 
21 #define ATH12K_DP_RX_FRAGMENT_TIMEOUT_MS (2 * HZ)
22 
23 static enum hal_encrypt_type ath12k_dp_rx_h_enctype(struct ath12k_base *ab,
24 						    struct hal_rx_desc *desc)
25 {
26 	if (!ab->hw_params->hal_ops->rx_desc_encrypt_valid(desc))
27 		return HAL_ENCRYPT_TYPE_OPEN;
28 
29 	return ab->hw_params->hal_ops->rx_desc_get_encrypt_type(desc);
30 }
31 
32 u8 ath12k_dp_rx_h_decap_type(struct ath12k_base *ab,
33 			     struct hal_rx_desc *desc)
34 {
35 	return ab->hw_params->hal_ops->rx_desc_get_decap_type(desc);
36 }
37 
38 static u8 ath12k_dp_rx_h_mesh_ctl_present(struct ath12k_base *ab,
39 					  struct hal_rx_desc *desc)
40 {
41 	return ab->hw_params->hal_ops->rx_desc_get_mesh_ctl(desc);
42 }
43 
44 static bool ath12k_dp_rx_h_seq_ctrl_valid(struct ath12k_base *ab,
45 					  struct hal_rx_desc *desc)
46 {
47 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_seq_ctl_vld(desc);
48 }
49 
50 static bool ath12k_dp_rx_h_fc_valid(struct ath12k_base *ab,
51 				    struct hal_rx_desc *desc)
52 {
53 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_fc_valid(desc);
54 }
55 
56 static bool ath12k_dp_rx_h_more_frags(struct ath12k_base *ab,
57 				      struct sk_buff *skb)
58 {
59 	struct ieee80211_hdr *hdr;
60 
61 	hdr = (struct ieee80211_hdr *)(skb->data + ab->hw_params->hal_desc_sz);
62 	return ieee80211_has_morefrags(hdr->frame_control);
63 }
64 
65 static u16 ath12k_dp_rx_h_frag_no(struct ath12k_base *ab,
66 				  struct sk_buff *skb)
67 {
68 	struct ieee80211_hdr *hdr;
69 
70 	hdr = (struct ieee80211_hdr *)(skb->data + ab->hw_params->hal_desc_sz);
71 	return le16_to_cpu(hdr->seq_ctrl) & IEEE80211_SCTL_FRAG;
72 }
73 
74 static u16 ath12k_dp_rx_h_seq_no(struct ath12k_base *ab,
75 				 struct hal_rx_desc *desc)
76 {
77 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_start_seq_no(desc);
78 }
79 
80 static bool ath12k_dp_rx_h_msdu_done(struct ath12k_base *ab,
81 				     struct hal_rx_desc *desc)
82 {
83 	return ab->hw_params->hal_ops->dp_rx_h_msdu_done(desc);
84 }
85 
86 static bool ath12k_dp_rx_h_l4_cksum_fail(struct ath12k_base *ab,
87 					 struct hal_rx_desc *desc)
88 {
89 	return ab->hw_params->hal_ops->dp_rx_h_l4_cksum_fail(desc);
90 }
91 
92 static bool ath12k_dp_rx_h_ip_cksum_fail(struct ath12k_base *ab,
93 					 struct hal_rx_desc *desc)
94 {
95 	return ab->hw_params->hal_ops->dp_rx_h_ip_cksum_fail(desc);
96 }
97 
98 static bool ath12k_dp_rx_h_is_decrypted(struct ath12k_base *ab,
99 					struct hal_rx_desc *desc)
100 {
101 	return ab->hw_params->hal_ops->dp_rx_h_is_decrypted(desc);
102 }
103 
104 u32 ath12k_dp_rx_h_mpdu_err(struct ath12k_base *ab,
105 			    struct hal_rx_desc *desc)
106 {
107 	return ab->hw_params->hal_ops->dp_rx_h_mpdu_err(desc);
108 }
109 
110 static u16 ath12k_dp_rx_h_msdu_len(struct ath12k_base *ab,
111 				   struct hal_rx_desc *desc)
112 {
113 	return ab->hw_params->hal_ops->rx_desc_get_msdu_len(desc);
114 }
115 
116 static u8 ath12k_dp_rx_h_sgi(struct ath12k_base *ab,
117 			     struct hal_rx_desc *desc)
118 {
119 	return ab->hw_params->hal_ops->rx_desc_get_msdu_sgi(desc);
120 }
121 
122 static u8 ath12k_dp_rx_h_rate_mcs(struct ath12k_base *ab,
123 				  struct hal_rx_desc *desc)
124 {
125 	return ab->hw_params->hal_ops->rx_desc_get_msdu_rate_mcs(desc);
126 }
127 
128 static u8 ath12k_dp_rx_h_rx_bw(struct ath12k_base *ab,
129 			       struct hal_rx_desc *desc)
130 {
131 	return ab->hw_params->hal_ops->rx_desc_get_msdu_rx_bw(desc);
132 }
133 
134 static u32 ath12k_dp_rx_h_freq(struct ath12k_base *ab,
135 			       struct hal_rx_desc *desc)
136 {
137 	return ab->hw_params->hal_ops->rx_desc_get_msdu_freq(desc);
138 }
139 
140 static u8 ath12k_dp_rx_h_pkt_type(struct ath12k_base *ab,
141 				  struct hal_rx_desc *desc)
142 {
143 	return ab->hw_params->hal_ops->rx_desc_get_msdu_pkt_type(desc);
144 }
145 
146 static u8 ath12k_dp_rx_h_nss(struct ath12k_base *ab,
147 			     struct hal_rx_desc *desc)
148 {
149 	return hweight8(ab->hw_params->hal_ops->rx_desc_get_msdu_nss(desc));
150 }
151 
152 static u8 ath12k_dp_rx_h_tid(struct ath12k_base *ab,
153 			     struct hal_rx_desc *desc)
154 {
155 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_tid(desc);
156 }
157 
158 static u16 ath12k_dp_rx_h_peer_id(struct ath12k_base *ab,
159 				  struct hal_rx_desc *desc)
160 {
161 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_peer_id(desc);
162 }
163 
164 u8 ath12k_dp_rx_h_l3pad(struct ath12k_base *ab,
165 			struct hal_rx_desc *desc)
166 {
167 	return ab->hw_params->hal_ops->rx_desc_get_l3_pad_bytes(desc);
168 }
169 
170 static bool ath12k_dp_rx_h_first_msdu(struct ath12k_base *ab,
171 				      struct hal_rx_desc *desc)
172 {
173 	return ab->hw_params->hal_ops->rx_desc_get_first_msdu(desc);
174 }
175 
176 static bool ath12k_dp_rx_h_last_msdu(struct ath12k_base *ab,
177 				     struct hal_rx_desc *desc)
178 {
179 	return ab->hw_params->hal_ops->rx_desc_get_last_msdu(desc);
180 }
181 
182 static void ath12k_dp_rx_desc_end_tlv_copy(struct ath12k_base *ab,
183 					   struct hal_rx_desc *fdesc,
184 					   struct hal_rx_desc *ldesc)
185 {
186 	ab->hw_params->hal_ops->rx_desc_copy_end_tlv(fdesc, ldesc);
187 }
188 
189 static void ath12k_dp_rxdesc_set_msdu_len(struct ath12k_base *ab,
190 					  struct hal_rx_desc *desc,
191 					  u16 len)
192 {
193 	ab->hw_params->hal_ops->rx_desc_set_msdu_len(desc, len);
194 }
195 
196 static bool ath12k_dp_rx_h_is_mcbc(struct ath12k_base *ab,
197 				   struct hal_rx_desc *desc)
198 {
199 	return ab->hw_params->hal_ops->rx_desc_is_mcbc(desc);
200 }
201 
202 static bool ath12k_dp_rxdesc_mac_addr2_valid(struct ath12k_base *ab,
203 					     struct hal_rx_desc *desc)
204 {
205 	return ab->hw_params->hal_ops->rx_desc_mac_addr2_valid(desc);
206 }
207 
208 static u8 *ath12k_dp_rxdesc_get_mpdu_start_addr2(struct ath12k_base *ab,
209 						 struct hal_rx_desc *desc)
210 {
211 	return ab->hw_params->hal_ops->rx_desc_mpdu_start_addr2(desc);
212 }
213 
214 static void ath12k_dp_rx_desc_get_dot11_hdr(struct ath12k_base *ab,
215 					    struct hal_rx_desc *desc,
216 					    struct ieee80211_hdr *hdr)
217 {
218 	ab->hw_params->hal_ops->rx_desc_get_dot11_hdr(desc, hdr);
219 }
220 
221 static void ath12k_dp_rx_desc_get_crypto_header(struct ath12k_base *ab,
222 						struct hal_rx_desc *desc,
223 						u8 *crypto_hdr,
224 						enum hal_encrypt_type enctype)
225 {
226 	ab->hw_params->hal_ops->rx_desc_get_crypto_header(desc, crypto_hdr, enctype);
227 }
228 
229 static u16 ath12k_dp_rxdesc_get_mpdu_frame_ctrl(struct ath12k_base *ab,
230 						struct hal_rx_desc *desc)
231 {
232 	return ab->hw_params->hal_ops->rx_desc_get_mpdu_frame_ctl(desc);
233 }
234 
235 static int ath12k_dp_purge_mon_ring(struct ath12k_base *ab)
236 {
237 	int i, reaped = 0;
238 	unsigned long timeout = jiffies + msecs_to_jiffies(DP_MON_PURGE_TIMEOUT_MS);
239 
240 	do {
241 		for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++)
242 			reaped += ath12k_dp_mon_process_ring(ab, i, NULL,
243 							     DP_MON_SERVICE_BUDGET,
244 							     ATH12K_DP_RX_MONITOR_MODE);
245 
246 		/* nothing more to reap */
247 		if (reaped < DP_MON_SERVICE_BUDGET)
248 			return 0;
249 
250 	} while (time_before(jiffies, timeout));
251 
252 	ath12k_warn(ab, "dp mon ring purge timeout");
253 
254 	return -ETIMEDOUT;
255 }
256 
257 /* Returns number of Rx buffers replenished */
258 int ath12k_dp_rx_bufs_replenish(struct ath12k_base *ab, int mac_id,
259 				struct dp_rxdma_ring *rx_ring,
260 				int req_entries,
261 				enum hal_rx_buf_return_buf_manager mgr,
262 				bool hw_cc)
263 {
264 	struct ath12k_buffer_addr *desc;
265 	struct hal_srng *srng;
266 	struct sk_buff *skb;
267 	int num_free;
268 	int num_remain;
269 	int buf_id;
270 	u32 cookie;
271 	dma_addr_t paddr;
272 	struct ath12k_dp *dp = &ab->dp;
273 	struct ath12k_rx_desc_info *rx_desc;
274 
275 	req_entries = min(req_entries, rx_ring->bufs_max);
276 
277 	srng = &ab->hal.srng_list[rx_ring->refill_buf_ring.ring_id];
278 
279 	spin_lock_bh(&srng->lock);
280 
281 	ath12k_hal_srng_access_begin(ab, srng);
282 
283 	num_free = ath12k_hal_srng_src_num_free(ab, srng, true);
284 	if (!req_entries && (num_free > (rx_ring->bufs_max * 3) / 4))
285 		req_entries = num_free;
286 
287 	req_entries = min(num_free, req_entries);
288 	num_remain = req_entries;
289 
290 	while (num_remain > 0) {
291 		skb = dev_alloc_skb(DP_RX_BUFFER_SIZE +
292 				    DP_RX_BUFFER_ALIGN_SIZE);
293 		if (!skb)
294 			break;
295 
296 		if (!IS_ALIGNED((unsigned long)skb->data,
297 				DP_RX_BUFFER_ALIGN_SIZE)) {
298 			skb_pull(skb,
299 				 PTR_ALIGN(skb->data, DP_RX_BUFFER_ALIGN_SIZE) -
300 				 skb->data);
301 		}
302 
303 		paddr = dma_map_single(ab->dev, skb->data,
304 				       skb->len + skb_tailroom(skb),
305 				       DMA_FROM_DEVICE);
306 		if (dma_mapping_error(ab->dev, paddr))
307 			goto fail_free_skb;
308 
309 		if (hw_cc) {
310 			spin_lock_bh(&dp->rx_desc_lock);
311 
312 			/* Get desc from free list and store in used list
313 			 * for cleanup purposes
314 			 *
315 			 * TODO: pass the removed descs rather than
316 			 * add/read to optimize
317 			 */
318 			rx_desc = list_first_entry_or_null(&dp->rx_desc_free_list,
319 							   struct ath12k_rx_desc_info,
320 							   list);
321 			if (!rx_desc) {
322 				spin_unlock_bh(&dp->rx_desc_lock);
323 				goto fail_dma_unmap;
324 			}
325 
326 			rx_desc->skb = skb;
327 			cookie = rx_desc->cookie;
328 			list_del(&rx_desc->list);
329 			list_add_tail(&rx_desc->list, &dp->rx_desc_used_list);
330 
331 			spin_unlock_bh(&dp->rx_desc_lock);
332 		} else {
333 			spin_lock_bh(&rx_ring->idr_lock);
334 			buf_id = idr_alloc(&rx_ring->bufs_idr, skb, 0,
335 					   rx_ring->bufs_max * 3, GFP_ATOMIC);
336 			spin_unlock_bh(&rx_ring->idr_lock);
337 			if (buf_id < 0)
338 				goto fail_dma_unmap;
339 			cookie = u32_encode_bits(mac_id,
340 						 DP_RXDMA_BUF_COOKIE_PDEV_ID) |
341 				 u32_encode_bits(buf_id,
342 						 DP_RXDMA_BUF_COOKIE_BUF_ID);
343 		}
344 
345 		desc = ath12k_hal_srng_src_get_next_entry(ab, srng);
346 		if (!desc)
347 			goto fail_buf_unassign;
348 
349 		ATH12K_SKB_RXCB(skb)->paddr = paddr;
350 
351 		num_remain--;
352 
353 		ath12k_hal_rx_buf_addr_info_set(desc, paddr, cookie, mgr);
354 	}
355 
356 	ath12k_hal_srng_access_end(ab, srng);
357 
358 	spin_unlock_bh(&srng->lock);
359 
360 	return req_entries - num_remain;
361 
362 fail_buf_unassign:
363 	if (hw_cc) {
364 		spin_lock_bh(&dp->rx_desc_lock);
365 		list_del(&rx_desc->list);
366 		list_add_tail(&rx_desc->list, &dp->rx_desc_free_list);
367 		rx_desc->skb = NULL;
368 		spin_unlock_bh(&dp->rx_desc_lock);
369 	} else {
370 		spin_lock_bh(&rx_ring->idr_lock);
371 		idr_remove(&rx_ring->bufs_idr, buf_id);
372 		spin_unlock_bh(&rx_ring->idr_lock);
373 	}
374 fail_dma_unmap:
375 	dma_unmap_single(ab->dev, paddr, skb->len + skb_tailroom(skb),
376 			 DMA_FROM_DEVICE);
377 fail_free_skb:
378 	dev_kfree_skb_any(skb);
379 
380 	ath12k_hal_srng_access_end(ab, srng);
381 
382 	spin_unlock_bh(&srng->lock);
383 
384 	return req_entries - num_remain;
385 }
386 
387 static int ath12k_dp_rxdma_buf_ring_free(struct ath12k_base *ab,
388 					 struct dp_rxdma_ring *rx_ring)
389 {
390 	struct sk_buff *skb;
391 	int buf_id;
392 
393 	spin_lock_bh(&rx_ring->idr_lock);
394 	idr_for_each_entry(&rx_ring->bufs_idr, skb, buf_id) {
395 		idr_remove(&rx_ring->bufs_idr, buf_id);
396 		/* TODO: Understand where internal driver does this dma_unmap
397 		 * of rxdma_buffer.
398 		 */
399 		dma_unmap_single(ab->dev, ATH12K_SKB_RXCB(skb)->paddr,
400 				 skb->len + skb_tailroom(skb), DMA_FROM_DEVICE);
401 		dev_kfree_skb_any(skb);
402 	}
403 
404 	idr_destroy(&rx_ring->bufs_idr);
405 	spin_unlock_bh(&rx_ring->idr_lock);
406 
407 	return 0;
408 }
409 
410 static int ath12k_dp_rxdma_buf_free(struct ath12k_base *ab)
411 {
412 	struct ath12k_dp *dp = &ab->dp;
413 	struct dp_rxdma_ring *rx_ring = &dp->rx_refill_buf_ring;
414 
415 	ath12k_dp_rxdma_buf_ring_free(ab, rx_ring);
416 
417 	rx_ring = &dp->rxdma_mon_buf_ring;
418 	ath12k_dp_rxdma_buf_ring_free(ab, rx_ring);
419 
420 	rx_ring = &dp->tx_mon_buf_ring;
421 	ath12k_dp_rxdma_buf_ring_free(ab, rx_ring);
422 
423 	return 0;
424 }
425 
426 static int ath12k_dp_rxdma_ring_buf_setup(struct ath12k_base *ab,
427 					  struct dp_rxdma_ring *rx_ring,
428 					  u32 ringtype)
429 {
430 	int num_entries;
431 
432 	num_entries = rx_ring->refill_buf_ring.size /
433 		ath12k_hal_srng_get_entrysize(ab, ringtype);
434 
435 	rx_ring->bufs_max = num_entries;
436 	if ((ringtype == HAL_RXDMA_MONITOR_BUF) || (ringtype == HAL_TX_MONITOR_BUF))
437 		ath12k_dp_mon_buf_replenish(ab, rx_ring, num_entries);
438 	else
439 		ath12k_dp_rx_bufs_replenish(ab, 0, rx_ring, num_entries,
440 					    ab->hw_params->hal_params->rx_buf_rbm,
441 					    ringtype == HAL_RXDMA_BUF);
442 	return 0;
443 }
444 
445 static int ath12k_dp_rxdma_buf_setup(struct ath12k_base *ab)
446 {
447 	struct ath12k_dp *dp = &ab->dp;
448 	struct dp_rxdma_ring *rx_ring = &dp->rx_refill_buf_ring;
449 	int ret;
450 
451 	ret = ath12k_dp_rxdma_ring_buf_setup(ab, rx_ring,
452 					     HAL_RXDMA_BUF);
453 	if (ret) {
454 		ath12k_warn(ab,
455 			    "failed to setup HAL_RXDMA_BUF\n");
456 		return ret;
457 	}
458 
459 	if (ab->hw_params->rxdma1_enable) {
460 		rx_ring = &dp->rxdma_mon_buf_ring;
461 		ret = ath12k_dp_rxdma_ring_buf_setup(ab, rx_ring,
462 						     HAL_RXDMA_MONITOR_BUF);
463 		if (ret) {
464 			ath12k_warn(ab,
465 				    "failed to setup HAL_RXDMA_MONITOR_BUF\n");
466 			return ret;
467 		}
468 
469 		rx_ring = &dp->tx_mon_buf_ring;
470 		ret = ath12k_dp_rxdma_ring_buf_setup(ab, rx_ring,
471 						     HAL_TX_MONITOR_BUF);
472 		if (ret) {
473 			ath12k_warn(ab,
474 				    "failed to setup HAL_TX_MONITOR_BUF\n");
475 			return ret;
476 		}
477 	}
478 
479 	return 0;
480 }
481 
482 static void ath12k_dp_rx_pdev_srng_free(struct ath12k *ar)
483 {
484 	struct ath12k_pdev_dp *dp = &ar->dp;
485 	struct ath12k_base *ab = ar->ab;
486 	int i;
487 
488 	for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
489 		ath12k_dp_srng_cleanup(ab, &dp->rxdma_mon_dst_ring[i]);
490 		ath12k_dp_srng_cleanup(ab, &dp->tx_mon_dst_ring[i]);
491 	}
492 }
493 
494 void ath12k_dp_rx_pdev_reo_cleanup(struct ath12k_base *ab)
495 {
496 	struct ath12k_dp *dp = &ab->dp;
497 	int i;
498 
499 	for (i = 0; i < DP_REO_DST_RING_MAX; i++)
500 		ath12k_dp_srng_cleanup(ab, &dp->reo_dst_ring[i]);
501 }
502 
503 int ath12k_dp_rx_pdev_reo_setup(struct ath12k_base *ab)
504 {
505 	struct ath12k_dp *dp = &ab->dp;
506 	int ret;
507 	int i;
508 
509 	for (i = 0; i < DP_REO_DST_RING_MAX; i++) {
510 		ret = ath12k_dp_srng_setup(ab, &dp->reo_dst_ring[i],
511 					   HAL_REO_DST, i, 0,
512 					   DP_REO_DST_RING_SIZE);
513 		if (ret) {
514 			ath12k_warn(ab, "failed to setup reo_dst_ring\n");
515 			goto err_reo_cleanup;
516 		}
517 	}
518 
519 	return 0;
520 
521 err_reo_cleanup:
522 	ath12k_dp_rx_pdev_reo_cleanup(ab);
523 
524 	return ret;
525 }
526 
527 static int ath12k_dp_rx_pdev_srng_alloc(struct ath12k *ar)
528 {
529 	struct ath12k_pdev_dp *dp = &ar->dp;
530 	struct ath12k_base *ab = ar->ab;
531 	int i;
532 	int ret;
533 	u32 mac_id = dp->mac_id;
534 
535 	for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
536 		ret = ath12k_dp_srng_setup(ar->ab,
537 					   &dp->rxdma_mon_dst_ring[i],
538 					   HAL_RXDMA_MONITOR_DST,
539 					   0, mac_id + i,
540 					   DP_RXDMA_MONITOR_DST_RING_SIZE);
541 		if (ret) {
542 			ath12k_warn(ar->ab,
543 				    "failed to setup HAL_RXDMA_MONITOR_DST\n");
544 			return ret;
545 		}
546 
547 		ret = ath12k_dp_srng_setup(ar->ab,
548 					   &dp->tx_mon_dst_ring[i],
549 					   HAL_TX_MONITOR_DST,
550 					   0, mac_id + i,
551 					   DP_TX_MONITOR_DEST_RING_SIZE);
552 		if (ret) {
553 			ath12k_warn(ar->ab,
554 				    "failed to setup HAL_TX_MONITOR_DST\n");
555 			return ret;
556 		}
557 	}
558 
559 	return 0;
560 }
561 
562 void ath12k_dp_rx_reo_cmd_list_cleanup(struct ath12k_base *ab)
563 {
564 	struct ath12k_dp *dp = &ab->dp;
565 	struct ath12k_dp_rx_reo_cmd *cmd, *tmp;
566 	struct ath12k_dp_rx_reo_cache_flush_elem *cmd_cache, *tmp_cache;
567 
568 	spin_lock_bh(&dp->reo_cmd_lock);
569 	list_for_each_entry_safe(cmd, tmp, &dp->reo_cmd_list, list) {
570 		list_del(&cmd->list);
571 		dma_unmap_single(ab->dev, cmd->data.paddr,
572 				 cmd->data.size, DMA_BIDIRECTIONAL);
573 		kfree(cmd->data.vaddr);
574 		kfree(cmd);
575 	}
576 
577 	list_for_each_entry_safe(cmd_cache, tmp_cache,
578 				 &dp->reo_cmd_cache_flush_list, list) {
579 		list_del(&cmd_cache->list);
580 		dp->reo_cmd_cache_flush_count--;
581 		dma_unmap_single(ab->dev, cmd_cache->data.paddr,
582 				 cmd_cache->data.size, DMA_BIDIRECTIONAL);
583 		kfree(cmd_cache->data.vaddr);
584 		kfree(cmd_cache);
585 	}
586 	spin_unlock_bh(&dp->reo_cmd_lock);
587 }
588 
589 static void ath12k_dp_reo_cmd_free(struct ath12k_dp *dp, void *ctx,
590 				   enum hal_reo_cmd_status status)
591 {
592 	struct ath12k_dp_rx_tid *rx_tid = ctx;
593 
594 	if (status != HAL_REO_CMD_SUCCESS)
595 		ath12k_warn(dp->ab, "failed to flush rx tid hw desc, tid %d status %d\n",
596 			    rx_tid->tid, status);
597 
598 	dma_unmap_single(dp->ab->dev, rx_tid->paddr, rx_tid->size,
599 			 DMA_BIDIRECTIONAL);
600 	kfree(rx_tid->vaddr);
601 	rx_tid->vaddr = NULL;
602 }
603 
604 static int ath12k_dp_reo_cmd_send(struct ath12k_base *ab, struct ath12k_dp_rx_tid *rx_tid,
605 				  enum hal_reo_cmd_type type,
606 				  struct ath12k_hal_reo_cmd *cmd,
607 				  void (*cb)(struct ath12k_dp *dp, void *ctx,
608 					     enum hal_reo_cmd_status status))
609 {
610 	struct ath12k_dp *dp = &ab->dp;
611 	struct ath12k_dp_rx_reo_cmd *dp_cmd;
612 	struct hal_srng *cmd_ring;
613 	int cmd_num;
614 
615 	cmd_ring = &ab->hal.srng_list[dp->reo_cmd_ring.ring_id];
616 	cmd_num = ath12k_hal_reo_cmd_send(ab, cmd_ring, type, cmd);
617 
618 	/* cmd_num should start from 1, during failure return the error code */
619 	if (cmd_num < 0)
620 		return cmd_num;
621 
622 	/* reo cmd ring descriptors has cmd_num starting from 1 */
623 	if (cmd_num == 0)
624 		return -EINVAL;
625 
626 	if (!cb)
627 		return 0;
628 
629 	/* Can this be optimized so that we keep the pending command list only
630 	 * for tid delete command to free up the resource on the command status
631 	 * indication?
632 	 */
633 	dp_cmd = kzalloc(sizeof(*dp_cmd), GFP_ATOMIC);
634 
635 	if (!dp_cmd)
636 		return -ENOMEM;
637 
638 	memcpy(&dp_cmd->data, rx_tid, sizeof(*rx_tid));
639 	dp_cmd->cmd_num = cmd_num;
640 	dp_cmd->handler = cb;
641 
642 	spin_lock_bh(&dp->reo_cmd_lock);
643 	list_add_tail(&dp_cmd->list, &dp->reo_cmd_list);
644 	spin_unlock_bh(&dp->reo_cmd_lock);
645 
646 	return 0;
647 }
648 
649 static void ath12k_dp_reo_cache_flush(struct ath12k_base *ab,
650 				      struct ath12k_dp_rx_tid *rx_tid)
651 {
652 	struct ath12k_hal_reo_cmd cmd = {0};
653 	unsigned long tot_desc_sz, desc_sz;
654 	int ret;
655 
656 	tot_desc_sz = rx_tid->size;
657 	desc_sz = ath12k_hal_reo_qdesc_size(0, HAL_DESC_REO_NON_QOS_TID);
658 
659 	while (tot_desc_sz > desc_sz) {
660 		tot_desc_sz -= desc_sz;
661 		cmd.addr_lo = lower_32_bits(rx_tid->paddr + tot_desc_sz);
662 		cmd.addr_hi = upper_32_bits(rx_tid->paddr);
663 		ret = ath12k_dp_reo_cmd_send(ab, rx_tid,
664 					     HAL_REO_CMD_FLUSH_CACHE, &cmd,
665 					     NULL);
666 		if (ret)
667 			ath12k_warn(ab,
668 				    "failed to send HAL_REO_CMD_FLUSH_CACHE, tid %d (%d)\n",
669 				    rx_tid->tid, ret);
670 	}
671 
672 	memset(&cmd, 0, sizeof(cmd));
673 	cmd.addr_lo = lower_32_bits(rx_tid->paddr);
674 	cmd.addr_hi = upper_32_bits(rx_tid->paddr);
675 	cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
676 	ret = ath12k_dp_reo_cmd_send(ab, rx_tid,
677 				     HAL_REO_CMD_FLUSH_CACHE,
678 				     &cmd, ath12k_dp_reo_cmd_free);
679 	if (ret) {
680 		ath12k_err(ab, "failed to send HAL_REO_CMD_FLUSH_CACHE cmd, tid %d (%d)\n",
681 			   rx_tid->tid, ret);
682 		dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
683 				 DMA_BIDIRECTIONAL);
684 		kfree(rx_tid->vaddr);
685 		rx_tid->vaddr = NULL;
686 	}
687 }
688 
689 static void ath12k_dp_rx_tid_del_func(struct ath12k_dp *dp, void *ctx,
690 				      enum hal_reo_cmd_status status)
691 {
692 	struct ath12k_base *ab = dp->ab;
693 	struct ath12k_dp_rx_tid *rx_tid = ctx;
694 	struct ath12k_dp_rx_reo_cache_flush_elem *elem, *tmp;
695 
696 	if (status == HAL_REO_CMD_DRAIN) {
697 		goto free_desc;
698 	} else if (status != HAL_REO_CMD_SUCCESS) {
699 		/* Shouldn't happen! Cleanup in case of other failure? */
700 		ath12k_warn(ab, "failed to delete rx tid %d hw descriptor %d\n",
701 			    rx_tid->tid, status);
702 		return;
703 	}
704 
705 	elem = kzalloc(sizeof(*elem), GFP_ATOMIC);
706 	if (!elem)
707 		goto free_desc;
708 
709 	elem->ts = jiffies;
710 	memcpy(&elem->data, rx_tid, sizeof(*rx_tid));
711 
712 	spin_lock_bh(&dp->reo_cmd_lock);
713 	list_add_tail(&elem->list, &dp->reo_cmd_cache_flush_list);
714 	dp->reo_cmd_cache_flush_count++;
715 
716 	/* Flush and invalidate aged REO desc from HW cache */
717 	list_for_each_entry_safe(elem, tmp, &dp->reo_cmd_cache_flush_list,
718 				 list) {
719 		if (dp->reo_cmd_cache_flush_count > ATH12K_DP_RX_REO_DESC_FREE_THRES ||
720 		    time_after(jiffies, elem->ts +
721 			       msecs_to_jiffies(ATH12K_DP_RX_REO_DESC_FREE_TIMEOUT_MS))) {
722 			list_del(&elem->list);
723 			dp->reo_cmd_cache_flush_count--;
724 
725 			/* Unlock the reo_cmd_lock before using ath12k_dp_reo_cmd_send()
726 			 * within ath12k_dp_reo_cache_flush. The reo_cmd_cache_flush_list
727 			 * is used in only two contexts, one is in this function called
728 			 * from napi and the other in ath12k_dp_free during core destroy.
729 			 * Before dp_free, the irqs would be disabled and would wait to
730 			 * synchronize. Hence there wouldn’t be any race against add or
731 			 * delete to this list. Hence unlock-lock is safe here.
732 			 */
733 			spin_unlock_bh(&dp->reo_cmd_lock);
734 
735 			ath12k_dp_reo_cache_flush(ab, &elem->data);
736 			kfree(elem);
737 			spin_lock_bh(&dp->reo_cmd_lock);
738 		}
739 	}
740 	spin_unlock_bh(&dp->reo_cmd_lock);
741 
742 	return;
743 free_desc:
744 	dma_unmap_single(ab->dev, rx_tid->paddr, rx_tid->size,
745 			 DMA_BIDIRECTIONAL);
746 	kfree(rx_tid->vaddr);
747 	rx_tid->vaddr = NULL;
748 }
749 
750 static void ath12k_peer_rx_tid_qref_setup(struct ath12k_base *ab, u16 peer_id, u16 tid,
751 					  dma_addr_t paddr)
752 {
753 	struct ath12k_reo_queue_ref *qref;
754 	struct ath12k_dp *dp = &ab->dp;
755 
756 	if (!ab->hw_params->reoq_lut_support)
757 		return;
758 
759 	/* TODO: based on ML peer or not, select the LUT. below assumes non
760 	 * ML peer
761 	 */
762 	qref = (struct ath12k_reo_queue_ref *)dp->reoq_lut.vaddr +
763 			(peer_id * (IEEE80211_NUM_TIDS + 1) + tid);
764 
765 	qref->info0 = u32_encode_bits(lower_32_bits(paddr),
766 				      BUFFER_ADDR_INFO0_ADDR);
767 	qref->info1 = u32_encode_bits(upper_32_bits(paddr),
768 				      BUFFER_ADDR_INFO1_ADDR) |
769 		      u32_encode_bits(tid, DP_REO_QREF_NUM);
770 }
771 
772 static void ath12k_peer_rx_tid_qref_reset(struct ath12k_base *ab, u16 peer_id, u16 tid)
773 {
774 	struct ath12k_reo_queue_ref *qref;
775 	struct ath12k_dp *dp = &ab->dp;
776 
777 	if (!ab->hw_params->reoq_lut_support)
778 		return;
779 
780 	/* TODO: based on ML peer or not, select the LUT. below assumes non
781 	 * ML peer
782 	 */
783 	qref = (struct ath12k_reo_queue_ref *)dp->reoq_lut.vaddr +
784 			(peer_id * (IEEE80211_NUM_TIDS + 1) + tid);
785 
786 	qref->info0 = u32_encode_bits(0, BUFFER_ADDR_INFO0_ADDR);
787 	qref->info1 = u32_encode_bits(0, BUFFER_ADDR_INFO1_ADDR) |
788 		      u32_encode_bits(tid, DP_REO_QREF_NUM);
789 }
790 
791 void ath12k_dp_rx_peer_tid_delete(struct ath12k *ar,
792 				  struct ath12k_peer *peer, u8 tid)
793 {
794 	struct ath12k_hal_reo_cmd cmd = {0};
795 	struct ath12k_dp_rx_tid *rx_tid = &peer->rx_tid[tid];
796 	int ret;
797 
798 	if (!rx_tid->active)
799 		return;
800 
801 	cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
802 	cmd.addr_lo = lower_32_bits(rx_tid->paddr);
803 	cmd.addr_hi = upper_32_bits(rx_tid->paddr);
804 	cmd.upd0 = HAL_REO_CMD_UPD0_VLD;
805 	ret = ath12k_dp_reo_cmd_send(ar->ab, rx_tid,
806 				     HAL_REO_CMD_UPDATE_RX_QUEUE, &cmd,
807 				     ath12k_dp_rx_tid_del_func);
808 	if (ret) {
809 		ath12k_err(ar->ab, "failed to send HAL_REO_CMD_UPDATE_RX_QUEUE cmd, tid %d (%d)\n",
810 			   tid, ret);
811 		dma_unmap_single(ar->ab->dev, rx_tid->paddr, rx_tid->size,
812 				 DMA_BIDIRECTIONAL);
813 		kfree(rx_tid->vaddr);
814 		rx_tid->vaddr = NULL;
815 	}
816 
817 	ath12k_peer_rx_tid_qref_reset(ar->ab, peer->peer_id, tid);
818 
819 	rx_tid->active = false;
820 }
821 
822 /* TODO: it's strange (and ugly) that struct hal_reo_dest_ring is converted
823  * to struct hal_wbm_release_ring, I couldn't figure out the logic behind
824  * that.
825  */
826 static int ath12k_dp_rx_link_desc_return(struct ath12k_base *ab,
827 					 struct hal_reo_dest_ring *ring,
828 					 enum hal_wbm_rel_bm_act action)
829 {
830 	struct hal_wbm_release_ring *link_desc = (struct hal_wbm_release_ring *)ring;
831 	struct hal_wbm_release_ring *desc;
832 	struct ath12k_dp *dp = &ab->dp;
833 	struct hal_srng *srng;
834 	int ret = 0;
835 
836 	srng = &ab->hal.srng_list[dp->wbm_desc_rel_ring.ring_id];
837 
838 	spin_lock_bh(&srng->lock);
839 
840 	ath12k_hal_srng_access_begin(ab, srng);
841 
842 	desc = ath12k_hal_srng_src_get_next_entry(ab, srng);
843 	if (!desc) {
844 		ret = -ENOBUFS;
845 		goto exit;
846 	}
847 
848 	ath12k_hal_rx_msdu_link_desc_set(ab, desc, link_desc, action);
849 
850 exit:
851 	ath12k_hal_srng_access_end(ab, srng);
852 
853 	spin_unlock_bh(&srng->lock);
854 
855 	return ret;
856 }
857 
858 static void ath12k_dp_rx_frags_cleanup(struct ath12k_dp_rx_tid *rx_tid,
859 				       bool rel_link_desc)
860 {
861 	struct ath12k_base *ab = rx_tid->ab;
862 
863 	lockdep_assert_held(&ab->base_lock);
864 
865 	if (rx_tid->dst_ring_desc) {
866 		if (rel_link_desc)
867 			ath12k_dp_rx_link_desc_return(ab, rx_tid->dst_ring_desc,
868 						      HAL_WBM_REL_BM_ACT_PUT_IN_IDLE);
869 		kfree(rx_tid->dst_ring_desc);
870 		rx_tid->dst_ring_desc = NULL;
871 	}
872 
873 	rx_tid->cur_sn = 0;
874 	rx_tid->last_frag_no = 0;
875 	rx_tid->rx_frag_bitmap = 0;
876 	__skb_queue_purge(&rx_tid->rx_frags);
877 }
878 
879 void ath12k_dp_rx_peer_tid_cleanup(struct ath12k *ar, struct ath12k_peer *peer)
880 {
881 	struct ath12k_dp_rx_tid *rx_tid;
882 	int i;
883 
884 	lockdep_assert_held(&ar->ab->base_lock);
885 
886 	for (i = 0; i <= IEEE80211_NUM_TIDS; i++) {
887 		rx_tid = &peer->rx_tid[i];
888 
889 		ath12k_dp_rx_peer_tid_delete(ar, peer, i);
890 		ath12k_dp_rx_frags_cleanup(rx_tid, true);
891 
892 		spin_unlock_bh(&ar->ab->base_lock);
893 		del_timer_sync(&rx_tid->frag_timer);
894 		spin_lock_bh(&ar->ab->base_lock);
895 	}
896 }
897 
898 static int ath12k_peer_rx_tid_reo_update(struct ath12k *ar,
899 					 struct ath12k_peer *peer,
900 					 struct ath12k_dp_rx_tid *rx_tid,
901 					 u32 ba_win_sz, u16 ssn,
902 					 bool update_ssn)
903 {
904 	struct ath12k_hal_reo_cmd cmd = {0};
905 	int ret;
906 
907 	cmd.addr_lo = lower_32_bits(rx_tid->paddr);
908 	cmd.addr_hi = upper_32_bits(rx_tid->paddr);
909 	cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
910 	cmd.upd0 = HAL_REO_CMD_UPD0_BA_WINDOW_SIZE;
911 	cmd.ba_window_size = ba_win_sz;
912 
913 	if (update_ssn) {
914 		cmd.upd0 |= HAL_REO_CMD_UPD0_SSN;
915 		cmd.upd2 = u32_encode_bits(ssn, HAL_REO_CMD_UPD2_SSN);
916 	}
917 
918 	ret = ath12k_dp_reo_cmd_send(ar->ab, rx_tid,
919 				     HAL_REO_CMD_UPDATE_RX_QUEUE, &cmd,
920 				     NULL);
921 	if (ret) {
922 		ath12k_warn(ar->ab, "failed to update rx tid queue, tid %d (%d)\n",
923 			    rx_tid->tid, ret);
924 		return ret;
925 	}
926 
927 	rx_tid->ba_win_sz = ba_win_sz;
928 
929 	return 0;
930 }
931 
932 int ath12k_dp_rx_peer_tid_setup(struct ath12k *ar, const u8 *peer_mac, int vdev_id,
933 				u8 tid, u32 ba_win_sz, u16 ssn,
934 				enum hal_pn_type pn_type)
935 {
936 	struct ath12k_base *ab = ar->ab;
937 	struct ath12k_dp *dp = &ab->dp;
938 	struct hal_rx_reo_queue *addr_aligned;
939 	struct ath12k_peer *peer;
940 	struct ath12k_dp_rx_tid *rx_tid;
941 	u32 hw_desc_sz;
942 	void *vaddr;
943 	dma_addr_t paddr;
944 	int ret;
945 
946 	spin_lock_bh(&ab->base_lock);
947 
948 	peer = ath12k_peer_find(ab, vdev_id, peer_mac);
949 	if (!peer) {
950 		spin_unlock_bh(&ab->base_lock);
951 		ath12k_warn(ab, "failed to find the peer to set up rx tid\n");
952 		return -ENOENT;
953 	}
954 
955 	if (ab->hw_params->reoq_lut_support && !dp->reoq_lut.vaddr) {
956 		spin_unlock_bh(&ab->base_lock);
957 		ath12k_warn(ab, "reo qref table is not setup\n");
958 		return -EINVAL;
959 	}
960 
961 	if (peer->peer_id > DP_MAX_PEER_ID || tid > IEEE80211_NUM_TIDS) {
962 		ath12k_warn(ab, "peer id of peer %d or tid %d doesn't allow reoq setup\n",
963 			    peer->peer_id, tid);
964 		spin_unlock_bh(&ab->base_lock);
965 		return -EINVAL;
966 	}
967 
968 	rx_tid = &peer->rx_tid[tid];
969 	/* Update the tid queue if it is already setup */
970 	if (rx_tid->active) {
971 		paddr = rx_tid->paddr;
972 		ret = ath12k_peer_rx_tid_reo_update(ar, peer, rx_tid,
973 						    ba_win_sz, ssn, true);
974 		spin_unlock_bh(&ab->base_lock);
975 		if (ret) {
976 			ath12k_warn(ab, "failed to update reo for rx tid %d\n", tid);
977 			return ret;
978 		}
979 
980 		return ret;
981 	}
982 
983 	rx_tid->tid = tid;
984 
985 	rx_tid->ba_win_sz = ba_win_sz;
986 
987 	/* TODO: Optimize the memory allocation for qos tid based on
988 	 * the actual BA window size in REO tid update path.
989 	 */
990 	if (tid == HAL_DESC_REO_NON_QOS_TID)
991 		hw_desc_sz = ath12k_hal_reo_qdesc_size(ba_win_sz, tid);
992 	else
993 		hw_desc_sz = ath12k_hal_reo_qdesc_size(DP_BA_WIN_SZ_MAX, tid);
994 
995 	vaddr = kzalloc(hw_desc_sz + HAL_LINK_DESC_ALIGN - 1, GFP_ATOMIC);
996 	if (!vaddr) {
997 		spin_unlock_bh(&ab->base_lock);
998 		return -ENOMEM;
999 	}
1000 
1001 	addr_aligned = PTR_ALIGN(vaddr, HAL_LINK_DESC_ALIGN);
1002 
1003 	ath12k_hal_reo_qdesc_setup(addr_aligned, tid, ba_win_sz,
1004 				   ssn, pn_type);
1005 
1006 	paddr = dma_map_single(ab->dev, addr_aligned, hw_desc_sz,
1007 			       DMA_BIDIRECTIONAL);
1008 
1009 	ret = dma_mapping_error(ab->dev, paddr);
1010 	if (ret) {
1011 		spin_unlock_bh(&ab->base_lock);
1012 		goto err_mem_free;
1013 	}
1014 
1015 	rx_tid->vaddr = vaddr;
1016 	rx_tid->paddr = paddr;
1017 	rx_tid->size = hw_desc_sz;
1018 	rx_tid->active = true;
1019 
1020 	if (ab->hw_params->reoq_lut_support) {
1021 		/* Update the REO queue LUT at the corresponding peer id
1022 		 * and tid with qaddr.
1023 		 */
1024 		ath12k_peer_rx_tid_qref_setup(ab, peer->peer_id, tid, paddr);
1025 		spin_unlock_bh(&ab->base_lock);
1026 	} else {
1027 		spin_unlock_bh(&ab->base_lock);
1028 		ret = ath12k_wmi_peer_rx_reorder_queue_setup(ar, vdev_id, peer_mac,
1029 							     paddr, tid, 1, ba_win_sz);
1030 	}
1031 
1032 	return ret;
1033 
1034 err_mem_free:
1035 	kfree(vaddr);
1036 
1037 	return ret;
1038 }
1039 
1040 int ath12k_dp_rx_ampdu_start(struct ath12k *ar,
1041 			     struct ieee80211_ampdu_params *params)
1042 {
1043 	struct ath12k_base *ab = ar->ab;
1044 	struct ath12k_sta *arsta = (void *)params->sta->drv_priv;
1045 	int vdev_id = arsta->arvif->vdev_id;
1046 	int ret;
1047 
1048 	ret = ath12k_dp_rx_peer_tid_setup(ar, params->sta->addr, vdev_id,
1049 					  params->tid, params->buf_size,
1050 					  params->ssn, arsta->pn_type);
1051 	if (ret)
1052 		ath12k_warn(ab, "failed to setup rx tid %d\n", ret);
1053 
1054 	return ret;
1055 }
1056 
1057 int ath12k_dp_rx_ampdu_stop(struct ath12k *ar,
1058 			    struct ieee80211_ampdu_params *params)
1059 {
1060 	struct ath12k_base *ab = ar->ab;
1061 	struct ath12k_peer *peer;
1062 	struct ath12k_sta *arsta = (void *)params->sta->drv_priv;
1063 	int vdev_id = arsta->arvif->vdev_id;
1064 	bool active;
1065 	int ret;
1066 
1067 	spin_lock_bh(&ab->base_lock);
1068 
1069 	peer = ath12k_peer_find(ab, vdev_id, params->sta->addr);
1070 	if (!peer) {
1071 		spin_unlock_bh(&ab->base_lock);
1072 		ath12k_warn(ab, "failed to find the peer to stop rx aggregation\n");
1073 		return -ENOENT;
1074 	}
1075 
1076 	active = peer->rx_tid[params->tid].active;
1077 
1078 	if (!active) {
1079 		spin_unlock_bh(&ab->base_lock);
1080 		return 0;
1081 	}
1082 
1083 	ret = ath12k_peer_rx_tid_reo_update(ar, peer, peer->rx_tid, 1, 0, false);
1084 	spin_unlock_bh(&ab->base_lock);
1085 	if (ret) {
1086 		ath12k_warn(ab, "failed to update reo for rx tid %d: %d\n",
1087 			    params->tid, ret);
1088 		return ret;
1089 	}
1090 
1091 	return ret;
1092 }
1093 
1094 int ath12k_dp_rx_peer_pn_replay_config(struct ath12k_vif *arvif,
1095 				       const u8 *peer_addr,
1096 				       enum set_key_cmd key_cmd,
1097 				       struct ieee80211_key_conf *key)
1098 {
1099 	struct ath12k *ar = arvif->ar;
1100 	struct ath12k_base *ab = ar->ab;
1101 	struct ath12k_hal_reo_cmd cmd = {0};
1102 	struct ath12k_peer *peer;
1103 	struct ath12k_dp_rx_tid *rx_tid;
1104 	u8 tid;
1105 	int ret = 0;
1106 
1107 	/* NOTE: Enable PN/TSC replay check offload only for unicast frames.
1108 	 * We use mac80211 PN/TSC replay check functionality for bcast/mcast
1109 	 * for now.
1110 	 */
1111 	if (!(key->flags & IEEE80211_KEY_FLAG_PAIRWISE))
1112 		return 0;
1113 
1114 	cmd.flag = HAL_REO_CMD_FLG_NEED_STATUS;
1115 	cmd.upd0 = HAL_REO_CMD_UPD0_PN |
1116 		    HAL_REO_CMD_UPD0_PN_SIZE |
1117 		    HAL_REO_CMD_UPD0_PN_VALID |
1118 		    HAL_REO_CMD_UPD0_PN_CHECK |
1119 		    HAL_REO_CMD_UPD0_SVLD;
1120 
1121 	switch (key->cipher) {
1122 	case WLAN_CIPHER_SUITE_TKIP:
1123 	case WLAN_CIPHER_SUITE_CCMP:
1124 	case WLAN_CIPHER_SUITE_CCMP_256:
1125 	case WLAN_CIPHER_SUITE_GCMP:
1126 	case WLAN_CIPHER_SUITE_GCMP_256:
1127 		if (key_cmd == SET_KEY) {
1128 			cmd.upd1 |= HAL_REO_CMD_UPD1_PN_CHECK;
1129 			cmd.pn_size = 48;
1130 		}
1131 		break;
1132 	default:
1133 		break;
1134 	}
1135 
1136 	spin_lock_bh(&ab->base_lock);
1137 
1138 	peer = ath12k_peer_find(ab, arvif->vdev_id, peer_addr);
1139 	if (!peer) {
1140 		spin_unlock_bh(&ab->base_lock);
1141 		ath12k_warn(ab, "failed to find the peer %pM to configure pn replay detection\n",
1142 			    peer_addr);
1143 		return -ENOENT;
1144 	}
1145 
1146 	for (tid = 0; tid <= IEEE80211_NUM_TIDS; tid++) {
1147 		rx_tid = &peer->rx_tid[tid];
1148 		if (!rx_tid->active)
1149 			continue;
1150 		cmd.addr_lo = lower_32_bits(rx_tid->paddr);
1151 		cmd.addr_hi = upper_32_bits(rx_tid->paddr);
1152 		ret = ath12k_dp_reo_cmd_send(ab, rx_tid,
1153 					     HAL_REO_CMD_UPDATE_RX_QUEUE,
1154 					     &cmd, NULL);
1155 		if (ret) {
1156 			ath12k_warn(ab, "failed to configure rx tid %d queue of peer %pM for pn replay detection %d\n",
1157 				    tid, peer_addr, ret);
1158 			break;
1159 		}
1160 	}
1161 
1162 	spin_unlock_bh(&ab->base_lock);
1163 
1164 	return ret;
1165 }
1166 
1167 static int ath12k_get_ppdu_user_index(struct htt_ppdu_stats *ppdu_stats,
1168 				      u16 peer_id)
1169 {
1170 	int i;
1171 
1172 	for (i = 0; i < HTT_PPDU_STATS_MAX_USERS - 1; i++) {
1173 		if (ppdu_stats->user_stats[i].is_valid_peer_id) {
1174 			if (peer_id == ppdu_stats->user_stats[i].peer_id)
1175 				return i;
1176 		} else {
1177 			return i;
1178 		}
1179 	}
1180 
1181 	return -EINVAL;
1182 }
1183 
1184 static int ath12k_htt_tlv_ppdu_stats_parse(struct ath12k_base *ab,
1185 					   u16 tag, u16 len, const void *ptr,
1186 					   void *data)
1187 {
1188 	const struct htt_ppdu_stats_usr_cmpltn_ack_ba_status *ba_status;
1189 	const struct htt_ppdu_stats_usr_cmpltn_cmn *cmplt_cmn;
1190 	const struct htt_ppdu_stats_user_rate *user_rate;
1191 	struct htt_ppdu_stats_info *ppdu_info;
1192 	struct htt_ppdu_user_stats *user_stats;
1193 	int cur_user;
1194 	u16 peer_id;
1195 
1196 	ppdu_info = data;
1197 
1198 	switch (tag) {
1199 	case HTT_PPDU_STATS_TAG_COMMON:
1200 		if (len < sizeof(struct htt_ppdu_stats_common)) {
1201 			ath12k_warn(ab, "Invalid len %d for the tag 0x%x\n",
1202 				    len, tag);
1203 			return -EINVAL;
1204 		}
1205 		memcpy(&ppdu_info->ppdu_stats.common, ptr,
1206 		       sizeof(struct htt_ppdu_stats_common));
1207 		break;
1208 	case HTT_PPDU_STATS_TAG_USR_RATE:
1209 		if (len < sizeof(struct htt_ppdu_stats_user_rate)) {
1210 			ath12k_warn(ab, "Invalid len %d for the tag 0x%x\n",
1211 				    len, tag);
1212 			return -EINVAL;
1213 		}
1214 		user_rate = ptr;
1215 		peer_id = le16_to_cpu(user_rate->sw_peer_id);
1216 		cur_user = ath12k_get_ppdu_user_index(&ppdu_info->ppdu_stats,
1217 						      peer_id);
1218 		if (cur_user < 0)
1219 			return -EINVAL;
1220 		user_stats = &ppdu_info->ppdu_stats.user_stats[cur_user];
1221 		user_stats->peer_id = peer_id;
1222 		user_stats->is_valid_peer_id = true;
1223 		memcpy(&user_stats->rate, ptr,
1224 		       sizeof(struct htt_ppdu_stats_user_rate));
1225 		user_stats->tlv_flags |= BIT(tag);
1226 		break;
1227 	case HTT_PPDU_STATS_TAG_USR_COMPLTN_COMMON:
1228 		if (len < sizeof(struct htt_ppdu_stats_usr_cmpltn_cmn)) {
1229 			ath12k_warn(ab, "Invalid len %d for the tag 0x%x\n",
1230 				    len, tag);
1231 			return -EINVAL;
1232 		}
1233 
1234 		cmplt_cmn = ptr;
1235 		peer_id = le16_to_cpu(cmplt_cmn->sw_peer_id);
1236 		cur_user = ath12k_get_ppdu_user_index(&ppdu_info->ppdu_stats,
1237 						      peer_id);
1238 		if (cur_user < 0)
1239 			return -EINVAL;
1240 		user_stats = &ppdu_info->ppdu_stats.user_stats[cur_user];
1241 		user_stats->peer_id = peer_id;
1242 		user_stats->is_valid_peer_id = true;
1243 		memcpy(&user_stats->cmpltn_cmn, ptr,
1244 		       sizeof(struct htt_ppdu_stats_usr_cmpltn_cmn));
1245 		user_stats->tlv_flags |= BIT(tag);
1246 		break;
1247 	case HTT_PPDU_STATS_TAG_USR_COMPLTN_ACK_BA_STATUS:
1248 		if (len <
1249 		    sizeof(struct htt_ppdu_stats_usr_cmpltn_ack_ba_status)) {
1250 			ath12k_warn(ab, "Invalid len %d for the tag 0x%x\n",
1251 				    len, tag);
1252 			return -EINVAL;
1253 		}
1254 
1255 		ba_status = ptr;
1256 		peer_id = le16_to_cpu(ba_status->sw_peer_id);
1257 		cur_user = ath12k_get_ppdu_user_index(&ppdu_info->ppdu_stats,
1258 						      peer_id);
1259 		if (cur_user < 0)
1260 			return -EINVAL;
1261 		user_stats = &ppdu_info->ppdu_stats.user_stats[cur_user];
1262 		user_stats->peer_id = peer_id;
1263 		user_stats->is_valid_peer_id = true;
1264 		memcpy(&user_stats->ack_ba, ptr,
1265 		       sizeof(struct htt_ppdu_stats_usr_cmpltn_ack_ba_status));
1266 		user_stats->tlv_flags |= BIT(tag);
1267 		break;
1268 	}
1269 	return 0;
1270 }
1271 
1272 static int ath12k_dp_htt_tlv_iter(struct ath12k_base *ab, const void *ptr, size_t len,
1273 				  int (*iter)(struct ath12k_base *ar, u16 tag, u16 len,
1274 					      const void *ptr, void *data),
1275 				  void *data)
1276 {
1277 	const struct htt_tlv *tlv;
1278 	const void *begin = ptr;
1279 	u16 tlv_tag, tlv_len;
1280 	int ret = -EINVAL;
1281 
1282 	while (len > 0) {
1283 		if (len < sizeof(*tlv)) {
1284 			ath12k_err(ab, "htt tlv parse failure at byte %zd (%zu bytes left, %zu expected)\n",
1285 				   ptr - begin, len, sizeof(*tlv));
1286 			return -EINVAL;
1287 		}
1288 		tlv = (struct htt_tlv *)ptr;
1289 		tlv_tag = le32_get_bits(tlv->header, HTT_TLV_TAG);
1290 		tlv_len = le32_get_bits(tlv->header, HTT_TLV_LEN);
1291 		ptr += sizeof(*tlv);
1292 		len -= sizeof(*tlv);
1293 
1294 		if (tlv_len > len) {
1295 			ath12k_err(ab, "htt tlv parse failure of tag %u at byte %zd (%zu bytes left, %u expected)\n",
1296 				   tlv_tag, ptr - begin, len, tlv_len);
1297 			return -EINVAL;
1298 		}
1299 		ret = iter(ab, tlv_tag, tlv_len, ptr, data);
1300 		if (ret == -ENOMEM)
1301 			return ret;
1302 
1303 		ptr += tlv_len;
1304 		len -= tlv_len;
1305 	}
1306 	return 0;
1307 }
1308 
1309 static void
1310 ath12k_update_per_peer_tx_stats(struct ath12k *ar,
1311 				struct htt_ppdu_stats *ppdu_stats, u8 user)
1312 {
1313 	struct ath12k_base *ab = ar->ab;
1314 	struct ath12k_peer *peer;
1315 	struct ieee80211_sta *sta;
1316 	struct ath12k_sta *arsta;
1317 	struct htt_ppdu_stats_user_rate *user_rate;
1318 	struct ath12k_per_peer_tx_stats *peer_stats = &ar->peer_tx_stats;
1319 	struct htt_ppdu_user_stats *usr_stats = &ppdu_stats->user_stats[user];
1320 	struct htt_ppdu_stats_common *common = &ppdu_stats->common;
1321 	int ret;
1322 	u8 flags, mcs, nss, bw, sgi, dcm, rate_idx = 0;
1323 	u32 v, succ_bytes = 0;
1324 	u16 tones, rate = 0, succ_pkts = 0;
1325 	u32 tx_duration = 0;
1326 	u8 tid = HTT_PPDU_STATS_NON_QOS_TID;
1327 	bool is_ampdu = false;
1328 
1329 	if (!usr_stats)
1330 		return;
1331 
1332 	if (!(usr_stats->tlv_flags & BIT(HTT_PPDU_STATS_TAG_USR_RATE)))
1333 		return;
1334 
1335 	if (usr_stats->tlv_flags & BIT(HTT_PPDU_STATS_TAG_USR_COMPLTN_COMMON))
1336 		is_ampdu =
1337 			HTT_USR_CMPLTN_IS_AMPDU(usr_stats->cmpltn_cmn.flags);
1338 
1339 	if (usr_stats->tlv_flags &
1340 	    BIT(HTT_PPDU_STATS_TAG_USR_COMPLTN_ACK_BA_STATUS)) {
1341 		succ_bytes = le32_to_cpu(usr_stats->ack_ba.success_bytes);
1342 		succ_pkts = le32_get_bits(usr_stats->ack_ba.info,
1343 					  HTT_PPDU_STATS_ACK_BA_INFO_NUM_MSDU_M);
1344 		tid = le32_get_bits(usr_stats->ack_ba.info,
1345 				    HTT_PPDU_STATS_ACK_BA_INFO_TID_NUM);
1346 	}
1347 
1348 	if (common->fes_duration_us)
1349 		tx_duration = le32_to_cpu(common->fes_duration_us);
1350 
1351 	user_rate = &usr_stats->rate;
1352 	flags = HTT_USR_RATE_PREAMBLE(user_rate->rate_flags);
1353 	bw = HTT_USR_RATE_BW(user_rate->rate_flags) - 2;
1354 	nss = HTT_USR_RATE_NSS(user_rate->rate_flags) + 1;
1355 	mcs = HTT_USR_RATE_MCS(user_rate->rate_flags);
1356 	sgi = HTT_USR_RATE_GI(user_rate->rate_flags);
1357 	dcm = HTT_USR_RATE_DCM(user_rate->rate_flags);
1358 
1359 	/* Note: If host configured fixed rates and in some other special
1360 	 * cases, the broadcast/management frames are sent in different rates.
1361 	 * Firmware rate's control to be skipped for this?
1362 	 */
1363 
1364 	if (flags == WMI_RATE_PREAMBLE_HE && mcs > 11) {
1365 		ath12k_warn(ab, "Invalid HE mcs %d peer stats",  mcs);
1366 		return;
1367 	}
1368 
1369 	if (flags == WMI_RATE_PREAMBLE_HE && mcs > ATH12K_HE_MCS_MAX) {
1370 		ath12k_warn(ab, "Invalid HE mcs %d peer stats",  mcs);
1371 		return;
1372 	}
1373 
1374 	if (flags == WMI_RATE_PREAMBLE_VHT && mcs > ATH12K_VHT_MCS_MAX) {
1375 		ath12k_warn(ab, "Invalid VHT mcs %d peer stats",  mcs);
1376 		return;
1377 	}
1378 
1379 	if (flags == WMI_RATE_PREAMBLE_HT && (mcs > ATH12K_HT_MCS_MAX || nss < 1)) {
1380 		ath12k_warn(ab, "Invalid HT mcs %d nss %d peer stats",
1381 			    mcs, nss);
1382 		return;
1383 	}
1384 
1385 	if (flags == WMI_RATE_PREAMBLE_CCK || flags == WMI_RATE_PREAMBLE_OFDM) {
1386 		ret = ath12k_mac_hw_ratecode_to_legacy_rate(mcs,
1387 							    flags,
1388 							    &rate_idx,
1389 							    &rate);
1390 		if (ret < 0)
1391 			return;
1392 	}
1393 
1394 	rcu_read_lock();
1395 	spin_lock_bh(&ab->base_lock);
1396 	peer = ath12k_peer_find_by_id(ab, usr_stats->peer_id);
1397 
1398 	if (!peer || !peer->sta) {
1399 		spin_unlock_bh(&ab->base_lock);
1400 		rcu_read_unlock();
1401 		return;
1402 	}
1403 
1404 	sta = peer->sta;
1405 	arsta = (struct ath12k_sta *)sta->drv_priv;
1406 
1407 	memset(&arsta->txrate, 0, sizeof(arsta->txrate));
1408 
1409 	switch (flags) {
1410 	case WMI_RATE_PREAMBLE_OFDM:
1411 		arsta->txrate.legacy = rate;
1412 		break;
1413 	case WMI_RATE_PREAMBLE_CCK:
1414 		arsta->txrate.legacy = rate;
1415 		break;
1416 	case WMI_RATE_PREAMBLE_HT:
1417 		arsta->txrate.mcs = mcs + 8 * (nss - 1);
1418 		arsta->txrate.flags = RATE_INFO_FLAGS_MCS;
1419 		if (sgi)
1420 			arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
1421 		break;
1422 	case WMI_RATE_PREAMBLE_VHT:
1423 		arsta->txrate.mcs = mcs;
1424 		arsta->txrate.flags = RATE_INFO_FLAGS_VHT_MCS;
1425 		if (sgi)
1426 			arsta->txrate.flags |= RATE_INFO_FLAGS_SHORT_GI;
1427 		break;
1428 	case WMI_RATE_PREAMBLE_HE:
1429 		arsta->txrate.mcs = mcs;
1430 		arsta->txrate.flags = RATE_INFO_FLAGS_HE_MCS;
1431 		arsta->txrate.he_dcm = dcm;
1432 		arsta->txrate.he_gi = ath12k_he_gi_to_nl80211_he_gi(sgi);
1433 		tones = le16_to_cpu(user_rate->ru_end) -
1434 			le16_to_cpu(user_rate->ru_start) + 1;
1435 		v = ath12k_he_ru_tones_to_nl80211_he_ru_alloc(tones);
1436 		arsta->txrate.he_ru_alloc = v;
1437 		break;
1438 	}
1439 
1440 	arsta->txrate.nss = nss;
1441 	arsta->txrate.bw = ath12k_mac_bw_to_mac80211_bw(bw);
1442 	arsta->tx_duration += tx_duration;
1443 	memcpy(&arsta->last_txrate, &arsta->txrate, sizeof(struct rate_info));
1444 
1445 	/* PPDU stats reported for mgmt packet doesn't have valid tx bytes.
1446 	 * So skip peer stats update for mgmt packets.
1447 	 */
1448 	if (tid < HTT_PPDU_STATS_NON_QOS_TID) {
1449 		memset(peer_stats, 0, sizeof(*peer_stats));
1450 		peer_stats->succ_pkts = succ_pkts;
1451 		peer_stats->succ_bytes = succ_bytes;
1452 		peer_stats->is_ampdu = is_ampdu;
1453 		peer_stats->duration = tx_duration;
1454 		peer_stats->ba_fails =
1455 			HTT_USR_CMPLTN_LONG_RETRY(usr_stats->cmpltn_cmn.flags) +
1456 			HTT_USR_CMPLTN_SHORT_RETRY(usr_stats->cmpltn_cmn.flags);
1457 	}
1458 
1459 	spin_unlock_bh(&ab->base_lock);
1460 	rcu_read_unlock();
1461 }
1462 
1463 static void ath12k_htt_update_ppdu_stats(struct ath12k *ar,
1464 					 struct htt_ppdu_stats *ppdu_stats)
1465 {
1466 	u8 user;
1467 
1468 	for (user = 0; user < HTT_PPDU_STATS_MAX_USERS - 1; user++)
1469 		ath12k_update_per_peer_tx_stats(ar, ppdu_stats, user);
1470 }
1471 
1472 static
1473 struct htt_ppdu_stats_info *ath12k_dp_htt_get_ppdu_desc(struct ath12k *ar,
1474 							u32 ppdu_id)
1475 {
1476 	struct htt_ppdu_stats_info *ppdu_info;
1477 
1478 	lockdep_assert_held(&ar->data_lock);
1479 	if (!list_empty(&ar->ppdu_stats_info)) {
1480 		list_for_each_entry(ppdu_info, &ar->ppdu_stats_info, list) {
1481 			if (ppdu_info->ppdu_id == ppdu_id)
1482 				return ppdu_info;
1483 		}
1484 
1485 		if (ar->ppdu_stat_list_depth > HTT_PPDU_DESC_MAX_DEPTH) {
1486 			ppdu_info = list_first_entry(&ar->ppdu_stats_info,
1487 						     typeof(*ppdu_info), list);
1488 			list_del(&ppdu_info->list);
1489 			ar->ppdu_stat_list_depth--;
1490 			ath12k_htt_update_ppdu_stats(ar, &ppdu_info->ppdu_stats);
1491 			kfree(ppdu_info);
1492 		}
1493 	}
1494 
1495 	ppdu_info = kzalloc(sizeof(*ppdu_info), GFP_ATOMIC);
1496 	if (!ppdu_info)
1497 		return NULL;
1498 
1499 	list_add_tail(&ppdu_info->list, &ar->ppdu_stats_info);
1500 	ar->ppdu_stat_list_depth++;
1501 
1502 	return ppdu_info;
1503 }
1504 
1505 static void ath12k_copy_to_delay_stats(struct ath12k_peer *peer,
1506 				       struct htt_ppdu_user_stats *usr_stats)
1507 {
1508 	peer->ppdu_stats_delayba.sw_peer_id = le16_to_cpu(usr_stats->rate.sw_peer_id);
1509 	peer->ppdu_stats_delayba.info0 = le32_to_cpu(usr_stats->rate.info0);
1510 	peer->ppdu_stats_delayba.ru_end = le16_to_cpu(usr_stats->rate.ru_end);
1511 	peer->ppdu_stats_delayba.ru_start = le16_to_cpu(usr_stats->rate.ru_start);
1512 	peer->ppdu_stats_delayba.info1 = le32_to_cpu(usr_stats->rate.info1);
1513 	peer->ppdu_stats_delayba.rate_flags = le32_to_cpu(usr_stats->rate.rate_flags);
1514 	peer->ppdu_stats_delayba.resp_rate_flags =
1515 		le32_to_cpu(usr_stats->rate.resp_rate_flags);
1516 
1517 	peer->delayba_flag = true;
1518 }
1519 
1520 static void ath12k_copy_to_bar(struct ath12k_peer *peer,
1521 			       struct htt_ppdu_user_stats *usr_stats)
1522 {
1523 	usr_stats->rate.sw_peer_id = cpu_to_le16(peer->ppdu_stats_delayba.sw_peer_id);
1524 	usr_stats->rate.info0 = cpu_to_le32(peer->ppdu_stats_delayba.info0);
1525 	usr_stats->rate.ru_end = cpu_to_le16(peer->ppdu_stats_delayba.ru_end);
1526 	usr_stats->rate.ru_start = cpu_to_le16(peer->ppdu_stats_delayba.ru_start);
1527 	usr_stats->rate.info1 = cpu_to_le32(peer->ppdu_stats_delayba.info1);
1528 	usr_stats->rate.rate_flags = cpu_to_le32(peer->ppdu_stats_delayba.rate_flags);
1529 	usr_stats->rate.resp_rate_flags =
1530 		cpu_to_le32(peer->ppdu_stats_delayba.resp_rate_flags);
1531 
1532 	peer->delayba_flag = false;
1533 }
1534 
1535 static int ath12k_htt_pull_ppdu_stats(struct ath12k_base *ab,
1536 				      struct sk_buff *skb)
1537 {
1538 	struct ath12k_htt_ppdu_stats_msg *msg;
1539 	struct htt_ppdu_stats_info *ppdu_info;
1540 	struct ath12k_peer *peer = NULL;
1541 	struct htt_ppdu_user_stats *usr_stats = NULL;
1542 	u32 peer_id = 0;
1543 	struct ath12k *ar;
1544 	int ret, i;
1545 	u8 pdev_id;
1546 	u32 ppdu_id, len;
1547 
1548 	msg = (struct ath12k_htt_ppdu_stats_msg *)skb->data;
1549 	len = le32_get_bits(msg->info, HTT_T2H_PPDU_STATS_INFO_PAYLOAD_SIZE);
1550 	pdev_id = le32_get_bits(msg->info, HTT_T2H_PPDU_STATS_INFO_PDEV_ID);
1551 	ppdu_id = le32_to_cpu(msg->ppdu_id);
1552 
1553 	rcu_read_lock();
1554 	ar = ath12k_mac_get_ar_by_pdev_id(ab, pdev_id);
1555 	if (!ar) {
1556 		ret = -EINVAL;
1557 		goto exit;
1558 	}
1559 
1560 	spin_lock_bh(&ar->data_lock);
1561 	ppdu_info = ath12k_dp_htt_get_ppdu_desc(ar, ppdu_id);
1562 	if (!ppdu_info) {
1563 		spin_unlock_bh(&ar->data_lock);
1564 		ret = -EINVAL;
1565 		goto exit;
1566 	}
1567 
1568 	ppdu_info->ppdu_id = ppdu_id;
1569 	ret = ath12k_dp_htt_tlv_iter(ab, msg->data, len,
1570 				     ath12k_htt_tlv_ppdu_stats_parse,
1571 				     (void *)ppdu_info);
1572 	if (ret) {
1573 		spin_unlock_bh(&ar->data_lock);
1574 		ath12k_warn(ab, "Failed to parse tlv %d\n", ret);
1575 		goto exit;
1576 	}
1577 
1578 	/* back up data rate tlv for all peers */
1579 	if (ppdu_info->frame_type == HTT_STATS_PPDU_FTYPE_DATA &&
1580 	    (ppdu_info->tlv_bitmap & (1 << HTT_PPDU_STATS_TAG_USR_COMMON)) &&
1581 	    ppdu_info->delay_ba) {
1582 		for (i = 0; i < ppdu_info->ppdu_stats.common.num_users; i++) {
1583 			peer_id = ppdu_info->ppdu_stats.user_stats[i].peer_id;
1584 			spin_lock_bh(&ab->base_lock);
1585 			peer = ath12k_peer_find_by_id(ab, peer_id);
1586 			if (!peer) {
1587 				spin_unlock_bh(&ab->base_lock);
1588 				continue;
1589 			}
1590 
1591 			usr_stats = &ppdu_info->ppdu_stats.user_stats[i];
1592 			if (usr_stats->delay_ba)
1593 				ath12k_copy_to_delay_stats(peer, usr_stats);
1594 			spin_unlock_bh(&ab->base_lock);
1595 		}
1596 	}
1597 
1598 	/* restore all peers' data rate tlv to mu-bar tlv */
1599 	if (ppdu_info->frame_type == HTT_STATS_PPDU_FTYPE_BAR &&
1600 	    (ppdu_info->tlv_bitmap & (1 << HTT_PPDU_STATS_TAG_USR_COMMON))) {
1601 		for (i = 0; i < ppdu_info->bar_num_users; i++) {
1602 			peer_id = ppdu_info->ppdu_stats.user_stats[i].peer_id;
1603 			spin_lock_bh(&ab->base_lock);
1604 			peer = ath12k_peer_find_by_id(ab, peer_id);
1605 			if (!peer) {
1606 				spin_unlock_bh(&ab->base_lock);
1607 				continue;
1608 			}
1609 
1610 			usr_stats = &ppdu_info->ppdu_stats.user_stats[i];
1611 			if (peer->delayba_flag)
1612 				ath12k_copy_to_bar(peer, usr_stats);
1613 			spin_unlock_bh(&ab->base_lock);
1614 		}
1615 	}
1616 
1617 	spin_unlock_bh(&ar->data_lock);
1618 
1619 exit:
1620 	rcu_read_unlock();
1621 
1622 	return ret;
1623 }
1624 
1625 static void ath12k_htt_mlo_offset_event_handler(struct ath12k_base *ab,
1626 						struct sk_buff *skb)
1627 {
1628 	struct ath12k_htt_mlo_offset_msg *msg;
1629 	struct ath12k_pdev *pdev;
1630 	struct ath12k *ar;
1631 	u8 pdev_id;
1632 
1633 	msg = (struct ath12k_htt_mlo_offset_msg *)skb->data;
1634 	pdev_id = u32_get_bits(__le32_to_cpu(msg->info),
1635 			       HTT_T2H_MLO_OFFSET_INFO_PDEV_ID);
1636 	ar = ath12k_mac_get_ar_by_pdev_id(ab, pdev_id);
1637 
1638 	if (!ar) {
1639 		ath12k_warn(ab, "invalid pdev id %d on htt mlo offset\n", pdev_id);
1640 		return;
1641 	}
1642 
1643 	spin_lock_bh(&ar->data_lock);
1644 	pdev = ar->pdev;
1645 
1646 	pdev->timestamp.info = __le32_to_cpu(msg->info);
1647 	pdev->timestamp.sync_timestamp_lo_us = __le32_to_cpu(msg->sync_timestamp_lo_us);
1648 	pdev->timestamp.sync_timestamp_hi_us = __le32_to_cpu(msg->sync_timestamp_hi_us);
1649 	pdev->timestamp.mlo_offset_lo = __le32_to_cpu(msg->mlo_offset_lo);
1650 	pdev->timestamp.mlo_offset_hi = __le32_to_cpu(msg->mlo_offset_hi);
1651 	pdev->timestamp.mlo_offset_clks = __le32_to_cpu(msg->mlo_offset_clks);
1652 	pdev->timestamp.mlo_comp_clks = __le32_to_cpu(msg->mlo_comp_clks);
1653 	pdev->timestamp.mlo_comp_timer = __le32_to_cpu(msg->mlo_comp_timer);
1654 
1655 	spin_unlock_bh(&ar->data_lock);
1656 }
1657 
1658 void ath12k_dp_htt_htc_t2h_msg_handler(struct ath12k_base *ab,
1659 				       struct sk_buff *skb)
1660 {
1661 	struct ath12k_dp *dp = &ab->dp;
1662 	struct htt_resp_msg *resp = (struct htt_resp_msg *)skb->data;
1663 	enum htt_t2h_msg_type type;
1664 	u16 peer_id;
1665 	u8 vdev_id;
1666 	u8 mac_addr[ETH_ALEN];
1667 	u16 peer_mac_h16;
1668 	u16 ast_hash = 0;
1669 	u16 hw_peer_id;
1670 
1671 	type = le32_get_bits(resp->version_msg.version, HTT_T2H_MSG_TYPE);
1672 
1673 	ath12k_dbg(ab, ATH12K_DBG_DP_HTT, "dp_htt rx msg type :0x%0x\n", type);
1674 
1675 	switch (type) {
1676 	case HTT_T2H_MSG_TYPE_VERSION_CONF:
1677 		dp->htt_tgt_ver_major = le32_get_bits(resp->version_msg.version,
1678 						      HTT_T2H_VERSION_CONF_MAJOR);
1679 		dp->htt_tgt_ver_minor = le32_get_bits(resp->version_msg.version,
1680 						      HTT_T2H_VERSION_CONF_MINOR);
1681 		complete(&dp->htt_tgt_version_received);
1682 		break;
1683 	/* TODO: remove unused peer map versions after testing */
1684 	case HTT_T2H_MSG_TYPE_PEER_MAP:
1685 		vdev_id = le32_get_bits(resp->peer_map_ev.info,
1686 					HTT_T2H_PEER_MAP_INFO_VDEV_ID);
1687 		peer_id = le32_get_bits(resp->peer_map_ev.info,
1688 					HTT_T2H_PEER_MAP_INFO_PEER_ID);
1689 		peer_mac_h16 = le32_get_bits(resp->peer_map_ev.info1,
1690 					     HTT_T2H_PEER_MAP_INFO1_MAC_ADDR_H16);
1691 		ath12k_dp_get_mac_addr(le32_to_cpu(resp->peer_map_ev.mac_addr_l32),
1692 				       peer_mac_h16, mac_addr);
1693 		ath12k_peer_map_event(ab, vdev_id, peer_id, mac_addr, 0, 0);
1694 		break;
1695 	case HTT_T2H_MSG_TYPE_PEER_MAP2:
1696 		vdev_id = le32_get_bits(resp->peer_map_ev.info,
1697 					HTT_T2H_PEER_MAP_INFO_VDEV_ID);
1698 		peer_id = le32_get_bits(resp->peer_map_ev.info,
1699 					HTT_T2H_PEER_MAP_INFO_PEER_ID);
1700 		peer_mac_h16 = le32_get_bits(resp->peer_map_ev.info1,
1701 					     HTT_T2H_PEER_MAP_INFO1_MAC_ADDR_H16);
1702 		ath12k_dp_get_mac_addr(le32_to_cpu(resp->peer_map_ev.mac_addr_l32),
1703 				       peer_mac_h16, mac_addr);
1704 		ast_hash = le32_get_bits(resp->peer_map_ev.info2,
1705 					 HTT_T2H_PEER_MAP_INFO2_AST_HASH_VAL);
1706 		hw_peer_id = le32_get_bits(resp->peer_map_ev.info1,
1707 					   HTT_T2H_PEER_MAP_INFO1_HW_PEER_ID);
1708 		ath12k_peer_map_event(ab, vdev_id, peer_id, mac_addr, ast_hash,
1709 				      hw_peer_id);
1710 		break;
1711 	case HTT_T2H_MSG_TYPE_PEER_MAP3:
1712 		vdev_id = le32_get_bits(resp->peer_map_ev.info,
1713 					HTT_T2H_PEER_MAP_INFO_VDEV_ID);
1714 		peer_id = le32_get_bits(resp->peer_map_ev.info,
1715 					HTT_T2H_PEER_MAP_INFO_PEER_ID);
1716 		peer_mac_h16 = le32_get_bits(resp->peer_map_ev.info1,
1717 					     HTT_T2H_PEER_MAP_INFO1_MAC_ADDR_H16);
1718 		ath12k_dp_get_mac_addr(le32_to_cpu(resp->peer_map_ev.mac_addr_l32),
1719 				       peer_mac_h16, mac_addr);
1720 		ath12k_peer_map_event(ab, vdev_id, peer_id, mac_addr, ast_hash,
1721 				      peer_id);
1722 		break;
1723 	case HTT_T2H_MSG_TYPE_PEER_UNMAP:
1724 	case HTT_T2H_MSG_TYPE_PEER_UNMAP2:
1725 		peer_id = le32_get_bits(resp->peer_unmap_ev.info,
1726 					HTT_T2H_PEER_UNMAP_INFO_PEER_ID);
1727 		ath12k_peer_unmap_event(ab, peer_id);
1728 		break;
1729 	case HTT_T2H_MSG_TYPE_PPDU_STATS_IND:
1730 		ath12k_htt_pull_ppdu_stats(ab, skb);
1731 		break;
1732 	case HTT_T2H_MSG_TYPE_EXT_STATS_CONF:
1733 		break;
1734 	case HTT_T2H_MSG_TYPE_MLO_TIMESTAMP_OFFSET_IND:
1735 		ath12k_htt_mlo_offset_event_handler(ab, skb);
1736 		break;
1737 	default:
1738 		ath12k_dbg(ab, ATH12K_DBG_DP_HTT, "dp_htt event %d not handled\n",
1739 			   type);
1740 		break;
1741 	}
1742 
1743 	dev_kfree_skb_any(skb);
1744 }
1745 
1746 static int ath12k_dp_rx_msdu_coalesce(struct ath12k *ar,
1747 				      struct sk_buff_head *msdu_list,
1748 				      struct sk_buff *first, struct sk_buff *last,
1749 				      u8 l3pad_bytes, int msdu_len)
1750 {
1751 	struct ath12k_base *ab = ar->ab;
1752 	struct sk_buff *skb;
1753 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(first);
1754 	int buf_first_hdr_len, buf_first_len;
1755 	struct hal_rx_desc *ldesc;
1756 	int space_extra, rem_len, buf_len;
1757 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
1758 
1759 	/* As the msdu is spread across multiple rx buffers,
1760 	 * find the offset to the start of msdu for computing
1761 	 * the length of the msdu in the first buffer.
1762 	 */
1763 	buf_first_hdr_len = hal_rx_desc_sz + l3pad_bytes;
1764 	buf_first_len = DP_RX_BUFFER_SIZE - buf_first_hdr_len;
1765 
1766 	if (WARN_ON_ONCE(msdu_len <= buf_first_len)) {
1767 		skb_put(first, buf_first_hdr_len + msdu_len);
1768 		skb_pull(first, buf_first_hdr_len);
1769 		return 0;
1770 	}
1771 
1772 	ldesc = (struct hal_rx_desc *)last->data;
1773 	rxcb->is_first_msdu = ath12k_dp_rx_h_first_msdu(ab, ldesc);
1774 	rxcb->is_last_msdu = ath12k_dp_rx_h_last_msdu(ab, ldesc);
1775 
1776 	/* MSDU spans over multiple buffers because the length of the MSDU
1777 	 * exceeds DP_RX_BUFFER_SIZE - HAL_RX_DESC_SIZE. So assume the data
1778 	 * in the first buf is of length DP_RX_BUFFER_SIZE - HAL_RX_DESC_SIZE.
1779 	 */
1780 	skb_put(first, DP_RX_BUFFER_SIZE);
1781 	skb_pull(first, buf_first_hdr_len);
1782 
1783 	/* When an MSDU spread over multiple buffers MSDU_END
1784 	 * tlvs are valid only in the last buffer. Copy those tlvs.
1785 	 */
1786 	ath12k_dp_rx_desc_end_tlv_copy(ab, rxcb->rx_desc, ldesc);
1787 
1788 	space_extra = msdu_len - (buf_first_len + skb_tailroom(first));
1789 	if (space_extra > 0 &&
1790 	    (pskb_expand_head(first, 0, space_extra, GFP_ATOMIC) < 0)) {
1791 		/* Free up all buffers of the MSDU */
1792 		while ((skb = __skb_dequeue(msdu_list)) != NULL) {
1793 			rxcb = ATH12K_SKB_RXCB(skb);
1794 			if (!rxcb->is_continuation) {
1795 				dev_kfree_skb_any(skb);
1796 				break;
1797 			}
1798 			dev_kfree_skb_any(skb);
1799 		}
1800 		return -ENOMEM;
1801 	}
1802 
1803 	rem_len = msdu_len - buf_first_len;
1804 	while ((skb = __skb_dequeue(msdu_list)) != NULL && rem_len > 0) {
1805 		rxcb = ATH12K_SKB_RXCB(skb);
1806 		if (rxcb->is_continuation)
1807 			buf_len = DP_RX_BUFFER_SIZE - hal_rx_desc_sz;
1808 		else
1809 			buf_len = rem_len;
1810 
1811 		if (buf_len > (DP_RX_BUFFER_SIZE - hal_rx_desc_sz)) {
1812 			WARN_ON_ONCE(1);
1813 			dev_kfree_skb_any(skb);
1814 			return -EINVAL;
1815 		}
1816 
1817 		skb_put(skb, buf_len + hal_rx_desc_sz);
1818 		skb_pull(skb, hal_rx_desc_sz);
1819 		skb_copy_from_linear_data(skb, skb_put(first, buf_len),
1820 					  buf_len);
1821 		dev_kfree_skb_any(skb);
1822 
1823 		rem_len -= buf_len;
1824 		if (!rxcb->is_continuation)
1825 			break;
1826 	}
1827 
1828 	return 0;
1829 }
1830 
1831 static struct sk_buff *ath12k_dp_rx_get_msdu_last_buf(struct sk_buff_head *msdu_list,
1832 						      struct sk_buff *first)
1833 {
1834 	struct sk_buff *skb;
1835 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(first);
1836 
1837 	if (!rxcb->is_continuation)
1838 		return first;
1839 
1840 	skb_queue_walk(msdu_list, skb) {
1841 		rxcb = ATH12K_SKB_RXCB(skb);
1842 		if (!rxcb->is_continuation)
1843 			return skb;
1844 	}
1845 
1846 	return NULL;
1847 }
1848 
1849 static void ath12k_dp_rx_h_csum_offload(struct ath12k *ar, struct sk_buff *msdu)
1850 {
1851 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
1852 	struct ath12k_base *ab = ar->ab;
1853 	bool ip_csum_fail, l4_csum_fail;
1854 
1855 	ip_csum_fail = ath12k_dp_rx_h_ip_cksum_fail(ab, rxcb->rx_desc);
1856 	l4_csum_fail = ath12k_dp_rx_h_l4_cksum_fail(ab, rxcb->rx_desc);
1857 
1858 	msdu->ip_summed = (ip_csum_fail || l4_csum_fail) ?
1859 			  CHECKSUM_NONE : CHECKSUM_UNNECESSARY;
1860 }
1861 
1862 static int ath12k_dp_rx_crypto_mic_len(struct ath12k *ar,
1863 				       enum hal_encrypt_type enctype)
1864 {
1865 	switch (enctype) {
1866 	case HAL_ENCRYPT_TYPE_OPEN:
1867 	case HAL_ENCRYPT_TYPE_TKIP_NO_MIC:
1868 	case HAL_ENCRYPT_TYPE_TKIP_MIC:
1869 		return 0;
1870 	case HAL_ENCRYPT_TYPE_CCMP_128:
1871 		return IEEE80211_CCMP_MIC_LEN;
1872 	case HAL_ENCRYPT_TYPE_CCMP_256:
1873 		return IEEE80211_CCMP_256_MIC_LEN;
1874 	case HAL_ENCRYPT_TYPE_GCMP_128:
1875 	case HAL_ENCRYPT_TYPE_AES_GCMP_256:
1876 		return IEEE80211_GCMP_MIC_LEN;
1877 	case HAL_ENCRYPT_TYPE_WEP_40:
1878 	case HAL_ENCRYPT_TYPE_WEP_104:
1879 	case HAL_ENCRYPT_TYPE_WEP_128:
1880 	case HAL_ENCRYPT_TYPE_WAPI_GCM_SM4:
1881 	case HAL_ENCRYPT_TYPE_WAPI:
1882 		break;
1883 	}
1884 
1885 	ath12k_warn(ar->ab, "unsupported encryption type %d for mic len\n", enctype);
1886 	return 0;
1887 }
1888 
1889 static int ath12k_dp_rx_crypto_param_len(struct ath12k *ar,
1890 					 enum hal_encrypt_type enctype)
1891 {
1892 	switch (enctype) {
1893 	case HAL_ENCRYPT_TYPE_OPEN:
1894 		return 0;
1895 	case HAL_ENCRYPT_TYPE_TKIP_NO_MIC:
1896 	case HAL_ENCRYPT_TYPE_TKIP_MIC:
1897 		return IEEE80211_TKIP_IV_LEN;
1898 	case HAL_ENCRYPT_TYPE_CCMP_128:
1899 		return IEEE80211_CCMP_HDR_LEN;
1900 	case HAL_ENCRYPT_TYPE_CCMP_256:
1901 		return IEEE80211_CCMP_256_HDR_LEN;
1902 	case HAL_ENCRYPT_TYPE_GCMP_128:
1903 	case HAL_ENCRYPT_TYPE_AES_GCMP_256:
1904 		return IEEE80211_GCMP_HDR_LEN;
1905 	case HAL_ENCRYPT_TYPE_WEP_40:
1906 	case HAL_ENCRYPT_TYPE_WEP_104:
1907 	case HAL_ENCRYPT_TYPE_WEP_128:
1908 	case HAL_ENCRYPT_TYPE_WAPI_GCM_SM4:
1909 	case HAL_ENCRYPT_TYPE_WAPI:
1910 		break;
1911 	}
1912 
1913 	ath12k_warn(ar->ab, "unsupported encryption type %d\n", enctype);
1914 	return 0;
1915 }
1916 
1917 static int ath12k_dp_rx_crypto_icv_len(struct ath12k *ar,
1918 				       enum hal_encrypt_type enctype)
1919 {
1920 	switch (enctype) {
1921 	case HAL_ENCRYPT_TYPE_OPEN:
1922 	case HAL_ENCRYPT_TYPE_CCMP_128:
1923 	case HAL_ENCRYPT_TYPE_CCMP_256:
1924 	case HAL_ENCRYPT_TYPE_GCMP_128:
1925 	case HAL_ENCRYPT_TYPE_AES_GCMP_256:
1926 		return 0;
1927 	case HAL_ENCRYPT_TYPE_TKIP_NO_MIC:
1928 	case HAL_ENCRYPT_TYPE_TKIP_MIC:
1929 		return IEEE80211_TKIP_ICV_LEN;
1930 	case HAL_ENCRYPT_TYPE_WEP_40:
1931 	case HAL_ENCRYPT_TYPE_WEP_104:
1932 	case HAL_ENCRYPT_TYPE_WEP_128:
1933 	case HAL_ENCRYPT_TYPE_WAPI_GCM_SM4:
1934 	case HAL_ENCRYPT_TYPE_WAPI:
1935 		break;
1936 	}
1937 
1938 	ath12k_warn(ar->ab, "unsupported encryption type %d\n", enctype);
1939 	return 0;
1940 }
1941 
1942 static void ath12k_dp_rx_h_undecap_nwifi(struct ath12k *ar,
1943 					 struct sk_buff *msdu,
1944 					 enum hal_encrypt_type enctype,
1945 					 struct ieee80211_rx_status *status)
1946 {
1947 	struct ath12k_base *ab = ar->ab;
1948 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
1949 	u8 decap_hdr[DP_MAX_NWIFI_HDR_LEN];
1950 	struct ieee80211_hdr *hdr;
1951 	size_t hdr_len;
1952 	u8 *crypto_hdr;
1953 	u16 qos_ctl;
1954 
1955 	/* pull decapped header */
1956 	hdr = (struct ieee80211_hdr *)msdu->data;
1957 	hdr_len = ieee80211_hdrlen(hdr->frame_control);
1958 	skb_pull(msdu, hdr_len);
1959 
1960 	/*  Rebuild qos header */
1961 	hdr->frame_control |= __cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
1962 
1963 	/* Reset the order bit as the HT_Control header is stripped */
1964 	hdr->frame_control &= ~(__cpu_to_le16(IEEE80211_FCTL_ORDER));
1965 
1966 	qos_ctl = rxcb->tid;
1967 
1968 	if (ath12k_dp_rx_h_mesh_ctl_present(ab, rxcb->rx_desc))
1969 		qos_ctl |= IEEE80211_QOS_CTL_MESH_CONTROL_PRESENT;
1970 
1971 	/* TODO: Add other QoS ctl fields when required */
1972 
1973 	/* copy decap header before overwriting for reuse below */
1974 	memcpy(decap_hdr, hdr, hdr_len);
1975 
1976 	/* Rebuild crypto header for mac80211 use */
1977 	if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
1978 		crypto_hdr = skb_push(msdu, ath12k_dp_rx_crypto_param_len(ar, enctype));
1979 		ath12k_dp_rx_desc_get_crypto_header(ar->ab,
1980 						    rxcb->rx_desc, crypto_hdr,
1981 						    enctype);
1982 	}
1983 
1984 	memcpy(skb_push(msdu,
1985 			IEEE80211_QOS_CTL_LEN), &qos_ctl,
1986 			IEEE80211_QOS_CTL_LEN);
1987 	memcpy(skb_push(msdu, hdr_len), decap_hdr, hdr_len);
1988 }
1989 
1990 static void ath12k_dp_rx_h_undecap_raw(struct ath12k *ar, struct sk_buff *msdu,
1991 				       enum hal_encrypt_type enctype,
1992 				       struct ieee80211_rx_status *status,
1993 				       bool decrypted)
1994 {
1995 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
1996 	struct ieee80211_hdr *hdr;
1997 	size_t hdr_len;
1998 	size_t crypto_len;
1999 
2000 	if (!rxcb->is_first_msdu ||
2001 	    !(rxcb->is_first_msdu && rxcb->is_last_msdu)) {
2002 		WARN_ON_ONCE(1);
2003 		return;
2004 	}
2005 
2006 	skb_trim(msdu, msdu->len - FCS_LEN);
2007 
2008 	if (!decrypted)
2009 		return;
2010 
2011 	hdr = (void *)msdu->data;
2012 
2013 	/* Tail */
2014 	if (status->flag & RX_FLAG_IV_STRIPPED) {
2015 		skb_trim(msdu, msdu->len -
2016 			 ath12k_dp_rx_crypto_mic_len(ar, enctype));
2017 
2018 		skb_trim(msdu, msdu->len -
2019 			 ath12k_dp_rx_crypto_icv_len(ar, enctype));
2020 	} else {
2021 		/* MIC */
2022 		if (status->flag & RX_FLAG_MIC_STRIPPED)
2023 			skb_trim(msdu, msdu->len -
2024 				 ath12k_dp_rx_crypto_mic_len(ar, enctype));
2025 
2026 		/* ICV */
2027 		if (status->flag & RX_FLAG_ICV_STRIPPED)
2028 			skb_trim(msdu, msdu->len -
2029 				 ath12k_dp_rx_crypto_icv_len(ar, enctype));
2030 	}
2031 
2032 	/* MMIC */
2033 	if ((status->flag & RX_FLAG_MMIC_STRIPPED) &&
2034 	    !ieee80211_has_morefrags(hdr->frame_control) &&
2035 	    enctype == HAL_ENCRYPT_TYPE_TKIP_MIC)
2036 		skb_trim(msdu, msdu->len - IEEE80211_CCMP_MIC_LEN);
2037 
2038 	/* Head */
2039 	if (status->flag & RX_FLAG_IV_STRIPPED) {
2040 		hdr_len = ieee80211_hdrlen(hdr->frame_control);
2041 		crypto_len = ath12k_dp_rx_crypto_param_len(ar, enctype);
2042 
2043 		memmove(msdu->data + crypto_len, msdu->data, hdr_len);
2044 		skb_pull(msdu, crypto_len);
2045 	}
2046 }
2047 
2048 static void ath12k_get_dot11_hdr_from_rx_desc(struct ath12k *ar,
2049 					      struct sk_buff *msdu,
2050 					      struct ath12k_skb_rxcb *rxcb,
2051 					      struct ieee80211_rx_status *status,
2052 					      enum hal_encrypt_type enctype)
2053 {
2054 	struct hal_rx_desc *rx_desc = rxcb->rx_desc;
2055 	struct ath12k_base *ab = ar->ab;
2056 	size_t hdr_len, crypto_len;
2057 	struct ieee80211_hdr *hdr;
2058 	u16 qos_ctl;
2059 	__le16 fc;
2060 	u8 *crypto_hdr;
2061 
2062 	if (!(status->flag & RX_FLAG_IV_STRIPPED)) {
2063 		crypto_len = ath12k_dp_rx_crypto_param_len(ar, enctype);
2064 		crypto_hdr = skb_push(msdu, crypto_len);
2065 		ath12k_dp_rx_desc_get_crypto_header(ab, rx_desc, crypto_hdr, enctype);
2066 	}
2067 
2068 	fc = cpu_to_le16(ath12k_dp_rxdesc_get_mpdu_frame_ctrl(ab, rx_desc));
2069 	hdr_len = ieee80211_hdrlen(fc);
2070 	skb_push(msdu, hdr_len);
2071 	hdr = (struct ieee80211_hdr *)msdu->data;
2072 	hdr->frame_control = fc;
2073 
2074 	/* Get wifi header from rx_desc */
2075 	ath12k_dp_rx_desc_get_dot11_hdr(ab, rx_desc, hdr);
2076 
2077 	if (rxcb->is_mcbc)
2078 		status->flag &= ~RX_FLAG_PN_VALIDATED;
2079 
2080 	/* Add QOS header */
2081 	if (ieee80211_is_data_qos(hdr->frame_control)) {
2082 		qos_ctl = rxcb->tid;
2083 		if (ath12k_dp_rx_h_mesh_ctl_present(ab, rx_desc))
2084 			qos_ctl |= IEEE80211_QOS_CTL_MESH_CONTROL_PRESENT;
2085 
2086 		/* TODO: Add other QoS ctl fields when required */
2087 		memcpy(msdu->data + (hdr_len - IEEE80211_QOS_CTL_LEN),
2088 		       &qos_ctl, IEEE80211_QOS_CTL_LEN);
2089 	}
2090 }
2091 
2092 static void ath12k_dp_rx_h_undecap_eth(struct ath12k *ar,
2093 				       struct sk_buff *msdu,
2094 				       enum hal_encrypt_type enctype,
2095 				       struct ieee80211_rx_status *status)
2096 {
2097 	struct ieee80211_hdr *hdr;
2098 	struct ethhdr *eth;
2099 	u8 da[ETH_ALEN];
2100 	u8 sa[ETH_ALEN];
2101 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
2102 	struct ath12k_dp_rx_rfc1042_hdr rfc = {0xaa, 0xaa, 0x03, {0x00, 0x00, 0x00}};
2103 
2104 	eth = (struct ethhdr *)msdu->data;
2105 	ether_addr_copy(da, eth->h_dest);
2106 	ether_addr_copy(sa, eth->h_source);
2107 	rfc.snap_type = eth->h_proto;
2108 	skb_pull(msdu, sizeof(*eth));
2109 	memcpy(skb_push(msdu, sizeof(rfc)), &rfc,
2110 	       sizeof(rfc));
2111 	ath12k_get_dot11_hdr_from_rx_desc(ar, msdu, rxcb, status, enctype);
2112 
2113 	/* original 802.11 header has a different DA and in
2114 	 * case of 4addr it may also have different SA
2115 	 */
2116 	hdr = (struct ieee80211_hdr *)msdu->data;
2117 	ether_addr_copy(ieee80211_get_DA(hdr), da);
2118 	ether_addr_copy(ieee80211_get_SA(hdr), sa);
2119 }
2120 
2121 static void ath12k_dp_rx_h_undecap(struct ath12k *ar, struct sk_buff *msdu,
2122 				   struct hal_rx_desc *rx_desc,
2123 				   enum hal_encrypt_type enctype,
2124 				   struct ieee80211_rx_status *status,
2125 				   bool decrypted)
2126 {
2127 	struct ath12k_base *ab = ar->ab;
2128 	u8 decap;
2129 	struct ethhdr *ehdr;
2130 
2131 	decap = ath12k_dp_rx_h_decap_type(ab, rx_desc);
2132 
2133 	switch (decap) {
2134 	case DP_RX_DECAP_TYPE_NATIVE_WIFI:
2135 		ath12k_dp_rx_h_undecap_nwifi(ar, msdu, enctype, status);
2136 		break;
2137 	case DP_RX_DECAP_TYPE_RAW:
2138 		ath12k_dp_rx_h_undecap_raw(ar, msdu, enctype, status,
2139 					   decrypted);
2140 		break;
2141 	case DP_RX_DECAP_TYPE_ETHERNET2_DIX:
2142 		ehdr = (struct ethhdr *)msdu->data;
2143 
2144 		/* mac80211 allows fast path only for authorized STA */
2145 		if (ehdr->h_proto == cpu_to_be16(ETH_P_PAE)) {
2146 			ATH12K_SKB_RXCB(msdu)->is_eapol = true;
2147 			ath12k_dp_rx_h_undecap_eth(ar, msdu, enctype, status);
2148 			break;
2149 		}
2150 
2151 		/* PN for mcast packets will be validated in mac80211;
2152 		 * remove eth header and add 802.11 header.
2153 		 */
2154 		if (ATH12K_SKB_RXCB(msdu)->is_mcbc && decrypted)
2155 			ath12k_dp_rx_h_undecap_eth(ar, msdu, enctype, status);
2156 		break;
2157 	case DP_RX_DECAP_TYPE_8023:
2158 		/* TODO: Handle undecap for these formats */
2159 		break;
2160 	}
2161 }
2162 
2163 struct ath12k_peer *
2164 ath12k_dp_rx_h_find_peer(struct ath12k_base *ab, struct sk_buff *msdu)
2165 {
2166 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
2167 	struct hal_rx_desc *rx_desc = rxcb->rx_desc;
2168 	struct ath12k_peer *peer = NULL;
2169 
2170 	lockdep_assert_held(&ab->base_lock);
2171 
2172 	if (rxcb->peer_id)
2173 		peer = ath12k_peer_find_by_id(ab, rxcb->peer_id);
2174 
2175 	if (peer)
2176 		return peer;
2177 
2178 	if (!rx_desc || !(ath12k_dp_rxdesc_mac_addr2_valid(ab, rx_desc)))
2179 		return NULL;
2180 
2181 	peer = ath12k_peer_find_by_addr(ab,
2182 					ath12k_dp_rxdesc_get_mpdu_start_addr2(ab,
2183 									      rx_desc));
2184 	return peer;
2185 }
2186 
2187 static void ath12k_dp_rx_h_mpdu(struct ath12k *ar,
2188 				struct sk_buff *msdu,
2189 				struct hal_rx_desc *rx_desc,
2190 				struct ieee80211_rx_status *rx_status)
2191 {
2192 	bool  fill_crypto_hdr;
2193 	struct ath12k_base *ab = ar->ab;
2194 	struct ath12k_skb_rxcb *rxcb;
2195 	enum hal_encrypt_type enctype;
2196 	bool is_decrypted = false;
2197 	struct ieee80211_hdr *hdr;
2198 	struct ath12k_peer *peer;
2199 	u32 err_bitmap;
2200 
2201 	/* PN for multicast packets will be checked in mac80211 */
2202 	rxcb = ATH12K_SKB_RXCB(msdu);
2203 	fill_crypto_hdr = ath12k_dp_rx_h_is_mcbc(ar->ab, rx_desc);
2204 	rxcb->is_mcbc = fill_crypto_hdr;
2205 
2206 	if (rxcb->is_mcbc)
2207 		rxcb->peer_id = ath12k_dp_rx_h_peer_id(ar->ab, rx_desc);
2208 
2209 	spin_lock_bh(&ar->ab->base_lock);
2210 	peer = ath12k_dp_rx_h_find_peer(ar->ab, msdu);
2211 	if (peer) {
2212 		if (rxcb->is_mcbc)
2213 			enctype = peer->sec_type_grp;
2214 		else
2215 			enctype = peer->sec_type;
2216 	} else {
2217 		enctype = HAL_ENCRYPT_TYPE_OPEN;
2218 	}
2219 	spin_unlock_bh(&ar->ab->base_lock);
2220 
2221 	err_bitmap = ath12k_dp_rx_h_mpdu_err(ab, rx_desc);
2222 	if (enctype != HAL_ENCRYPT_TYPE_OPEN && !err_bitmap)
2223 		is_decrypted = ath12k_dp_rx_h_is_decrypted(ab, rx_desc);
2224 
2225 	/* Clear per-MPDU flags while leaving per-PPDU flags intact */
2226 	rx_status->flag &= ~(RX_FLAG_FAILED_FCS_CRC |
2227 			     RX_FLAG_MMIC_ERROR |
2228 			     RX_FLAG_DECRYPTED |
2229 			     RX_FLAG_IV_STRIPPED |
2230 			     RX_FLAG_MMIC_STRIPPED);
2231 
2232 	if (err_bitmap & HAL_RX_MPDU_ERR_FCS)
2233 		rx_status->flag |= RX_FLAG_FAILED_FCS_CRC;
2234 	if (err_bitmap & HAL_RX_MPDU_ERR_TKIP_MIC)
2235 		rx_status->flag |= RX_FLAG_MMIC_ERROR;
2236 
2237 	if (is_decrypted) {
2238 		rx_status->flag |= RX_FLAG_DECRYPTED | RX_FLAG_MMIC_STRIPPED;
2239 
2240 		if (fill_crypto_hdr)
2241 			rx_status->flag |= RX_FLAG_MIC_STRIPPED |
2242 					RX_FLAG_ICV_STRIPPED;
2243 		else
2244 			rx_status->flag |= RX_FLAG_IV_STRIPPED |
2245 					   RX_FLAG_PN_VALIDATED;
2246 	}
2247 
2248 	ath12k_dp_rx_h_csum_offload(ar, msdu);
2249 	ath12k_dp_rx_h_undecap(ar, msdu, rx_desc,
2250 			       enctype, rx_status, is_decrypted);
2251 
2252 	if (!is_decrypted || fill_crypto_hdr)
2253 		return;
2254 
2255 	if (ath12k_dp_rx_h_decap_type(ar->ab, rx_desc) !=
2256 	    DP_RX_DECAP_TYPE_ETHERNET2_DIX) {
2257 		hdr = (void *)msdu->data;
2258 		hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_PROTECTED);
2259 	}
2260 }
2261 
2262 static void ath12k_dp_rx_h_rate(struct ath12k *ar, struct hal_rx_desc *rx_desc,
2263 				struct ieee80211_rx_status *rx_status)
2264 {
2265 	struct ath12k_base *ab = ar->ab;
2266 	struct ieee80211_supported_band *sband;
2267 	enum rx_msdu_start_pkt_type pkt_type;
2268 	u8 bw;
2269 	u8 rate_mcs, nss;
2270 	u8 sgi;
2271 	bool is_cck;
2272 
2273 	pkt_type = ath12k_dp_rx_h_pkt_type(ab, rx_desc);
2274 	bw = ath12k_dp_rx_h_rx_bw(ab, rx_desc);
2275 	rate_mcs = ath12k_dp_rx_h_rate_mcs(ab, rx_desc);
2276 	nss = ath12k_dp_rx_h_nss(ab, rx_desc);
2277 	sgi = ath12k_dp_rx_h_sgi(ab, rx_desc);
2278 
2279 	switch (pkt_type) {
2280 	case RX_MSDU_START_PKT_TYPE_11A:
2281 	case RX_MSDU_START_PKT_TYPE_11B:
2282 		is_cck = (pkt_type == RX_MSDU_START_PKT_TYPE_11B);
2283 		sband = &ar->mac.sbands[rx_status->band];
2284 		rx_status->rate_idx = ath12k_mac_hw_rate_to_idx(sband, rate_mcs,
2285 								is_cck);
2286 		break;
2287 	case RX_MSDU_START_PKT_TYPE_11N:
2288 		rx_status->encoding = RX_ENC_HT;
2289 		if (rate_mcs > ATH12K_HT_MCS_MAX) {
2290 			ath12k_warn(ar->ab,
2291 				    "Received with invalid mcs in HT mode %d\n",
2292 				     rate_mcs);
2293 			break;
2294 		}
2295 		rx_status->rate_idx = rate_mcs + (8 * (nss - 1));
2296 		if (sgi)
2297 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2298 		rx_status->bw = ath12k_mac_bw_to_mac80211_bw(bw);
2299 		break;
2300 	case RX_MSDU_START_PKT_TYPE_11AC:
2301 		rx_status->encoding = RX_ENC_VHT;
2302 		rx_status->rate_idx = rate_mcs;
2303 		if (rate_mcs > ATH12K_VHT_MCS_MAX) {
2304 			ath12k_warn(ar->ab,
2305 				    "Received with invalid mcs in VHT mode %d\n",
2306 				     rate_mcs);
2307 			break;
2308 		}
2309 		rx_status->nss = nss;
2310 		if (sgi)
2311 			rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI;
2312 		rx_status->bw = ath12k_mac_bw_to_mac80211_bw(bw);
2313 		break;
2314 	case RX_MSDU_START_PKT_TYPE_11AX:
2315 		rx_status->rate_idx = rate_mcs;
2316 		if (rate_mcs > ATH12K_HE_MCS_MAX) {
2317 			ath12k_warn(ar->ab,
2318 				    "Received with invalid mcs in HE mode %d\n",
2319 				    rate_mcs);
2320 			break;
2321 		}
2322 		rx_status->encoding = RX_ENC_HE;
2323 		rx_status->nss = nss;
2324 		rx_status->he_gi = ath12k_he_gi_to_nl80211_he_gi(sgi);
2325 		rx_status->bw = ath12k_mac_bw_to_mac80211_bw(bw);
2326 		break;
2327 	}
2328 }
2329 
2330 void ath12k_dp_rx_h_ppdu(struct ath12k *ar, struct hal_rx_desc *rx_desc,
2331 			 struct ieee80211_rx_status *rx_status)
2332 {
2333 	struct ath12k_base *ab = ar->ab;
2334 	u8 channel_num;
2335 	u32 center_freq, meta_data;
2336 	struct ieee80211_channel *channel;
2337 
2338 	rx_status->freq = 0;
2339 	rx_status->rate_idx = 0;
2340 	rx_status->nss = 0;
2341 	rx_status->encoding = RX_ENC_LEGACY;
2342 	rx_status->bw = RATE_INFO_BW_20;
2343 	rx_status->enc_flags = 0;
2344 
2345 	rx_status->flag |= RX_FLAG_NO_SIGNAL_VAL;
2346 
2347 	meta_data = ath12k_dp_rx_h_freq(ab, rx_desc);
2348 	channel_num = meta_data;
2349 	center_freq = meta_data >> 16;
2350 
2351 	if (center_freq >= 5935 && center_freq <= 7105) {
2352 		rx_status->band = NL80211_BAND_6GHZ;
2353 	} else if (channel_num >= 1 && channel_num <= 14) {
2354 		rx_status->band = NL80211_BAND_2GHZ;
2355 	} else if (channel_num >= 36 && channel_num <= 173) {
2356 		rx_status->band = NL80211_BAND_5GHZ;
2357 	} else {
2358 		spin_lock_bh(&ar->data_lock);
2359 		channel = ar->rx_channel;
2360 		if (channel) {
2361 			rx_status->band = channel->band;
2362 			channel_num =
2363 				ieee80211_frequency_to_channel(channel->center_freq);
2364 		}
2365 		spin_unlock_bh(&ar->data_lock);
2366 		ath12k_dbg_dump(ar->ab, ATH12K_DBG_DATA, NULL, "rx_desc: ",
2367 				rx_desc, sizeof(*rx_desc));
2368 	}
2369 
2370 	rx_status->freq = ieee80211_channel_to_frequency(channel_num,
2371 							 rx_status->band);
2372 
2373 	ath12k_dp_rx_h_rate(ar, rx_desc, rx_status);
2374 }
2375 
2376 static void ath12k_dp_rx_deliver_msdu(struct ath12k *ar, struct napi_struct *napi,
2377 				      struct sk_buff *msdu,
2378 				      struct ieee80211_rx_status *status)
2379 {
2380 	struct ath12k_base *ab = ar->ab;
2381 	static const struct ieee80211_radiotap_he known = {
2382 		.data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN |
2383 				     IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN),
2384 		.data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN),
2385 	};
2386 	struct ieee80211_radiotap_he *he;
2387 	struct ieee80211_rx_status *rx_status;
2388 	struct ieee80211_sta *pubsta;
2389 	struct ath12k_peer *peer;
2390 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
2391 	u8 decap = DP_RX_DECAP_TYPE_RAW;
2392 	bool is_mcbc = rxcb->is_mcbc;
2393 	bool is_eapol = rxcb->is_eapol;
2394 
2395 	if (status->encoding == RX_ENC_HE && !(status->flag & RX_FLAG_RADIOTAP_HE) &&
2396 	    !(status->flag & RX_FLAG_SKIP_MONITOR)) {
2397 		he = skb_push(msdu, sizeof(known));
2398 		memcpy(he, &known, sizeof(known));
2399 		status->flag |= RX_FLAG_RADIOTAP_HE;
2400 	}
2401 
2402 	if (!(status->flag & RX_FLAG_ONLY_MONITOR))
2403 		decap = ath12k_dp_rx_h_decap_type(ab, rxcb->rx_desc);
2404 
2405 	spin_lock_bh(&ab->base_lock);
2406 	peer = ath12k_dp_rx_h_find_peer(ab, msdu);
2407 
2408 	pubsta = peer ? peer->sta : NULL;
2409 
2410 	spin_unlock_bh(&ab->base_lock);
2411 
2412 	ath12k_dbg(ab, ATH12K_DBG_DATA,
2413 		   "rx skb %pK len %u peer %pM %d %s sn %u %s%s%s%s%s%s%s%s rate_idx %u vht_nss %u freq %u band %u flag 0x%x fcs-err %i mic-err %i amsdu-more %i\n",
2414 		   msdu,
2415 		   msdu->len,
2416 		   peer ? peer->addr : NULL,
2417 		   rxcb->tid,
2418 		   is_mcbc ? "mcast" : "ucast",
2419 		   ath12k_dp_rx_h_seq_no(ab, rxcb->rx_desc),
2420 		   (status->encoding == RX_ENC_LEGACY) ? "legacy" : "",
2421 		   (status->encoding == RX_ENC_HT) ? "ht" : "",
2422 		   (status->encoding == RX_ENC_VHT) ? "vht" : "",
2423 		   (status->encoding == RX_ENC_HE) ? "he" : "",
2424 		   (status->bw == RATE_INFO_BW_40) ? "40" : "",
2425 		   (status->bw == RATE_INFO_BW_80) ? "80" : "",
2426 		   (status->bw == RATE_INFO_BW_160) ? "160" : "",
2427 		   status->enc_flags & RX_ENC_FLAG_SHORT_GI ? "sgi " : "",
2428 		   status->rate_idx,
2429 		   status->nss,
2430 		   status->freq,
2431 		   status->band, status->flag,
2432 		   !!(status->flag & RX_FLAG_FAILED_FCS_CRC),
2433 		   !!(status->flag & RX_FLAG_MMIC_ERROR),
2434 		   !!(status->flag & RX_FLAG_AMSDU_MORE));
2435 
2436 	ath12k_dbg_dump(ab, ATH12K_DBG_DP_RX, NULL, "dp rx msdu: ",
2437 			msdu->data, msdu->len);
2438 
2439 	rx_status = IEEE80211_SKB_RXCB(msdu);
2440 	*rx_status = *status;
2441 
2442 	/* TODO: trace rx packet */
2443 
2444 	/* PN for multicast packets are not validate in HW,
2445 	 * so skip 802.3 rx path
2446 	 * Also, fast_rx expects the STA to be authorized, hence
2447 	 * eapol packets are sent in slow path.
2448 	 */
2449 	if (decap == DP_RX_DECAP_TYPE_ETHERNET2_DIX && !is_eapol &&
2450 	    !(is_mcbc && rx_status->flag & RX_FLAG_DECRYPTED))
2451 		rx_status->flag |= RX_FLAG_8023;
2452 
2453 	ieee80211_rx_napi(ar->hw, pubsta, msdu, napi);
2454 }
2455 
2456 static int ath12k_dp_rx_process_msdu(struct ath12k *ar,
2457 				     struct sk_buff *msdu,
2458 				     struct sk_buff_head *msdu_list,
2459 				     struct ieee80211_rx_status *rx_status)
2460 {
2461 	struct ath12k_base *ab = ar->ab;
2462 	struct hal_rx_desc *rx_desc, *lrx_desc;
2463 	struct ath12k_skb_rxcb *rxcb;
2464 	struct sk_buff *last_buf;
2465 	u8 l3_pad_bytes;
2466 	u16 msdu_len;
2467 	int ret;
2468 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
2469 
2470 	last_buf = ath12k_dp_rx_get_msdu_last_buf(msdu_list, msdu);
2471 	if (!last_buf) {
2472 		ath12k_warn(ab,
2473 			    "No valid Rx buffer to access MSDU_END tlv\n");
2474 		ret = -EIO;
2475 		goto free_out;
2476 	}
2477 
2478 	rx_desc = (struct hal_rx_desc *)msdu->data;
2479 	lrx_desc = (struct hal_rx_desc *)last_buf->data;
2480 	if (!ath12k_dp_rx_h_msdu_done(ab, lrx_desc)) {
2481 		ath12k_warn(ab, "msdu_done bit in msdu_end is not set\n");
2482 		ret = -EIO;
2483 		goto free_out;
2484 	}
2485 
2486 	rxcb = ATH12K_SKB_RXCB(msdu);
2487 	rxcb->rx_desc = rx_desc;
2488 	msdu_len = ath12k_dp_rx_h_msdu_len(ab, lrx_desc);
2489 	l3_pad_bytes = ath12k_dp_rx_h_l3pad(ab, lrx_desc);
2490 
2491 	if (rxcb->is_frag) {
2492 		skb_pull(msdu, hal_rx_desc_sz);
2493 	} else if (!rxcb->is_continuation) {
2494 		if ((msdu_len + hal_rx_desc_sz) > DP_RX_BUFFER_SIZE) {
2495 			ret = -EINVAL;
2496 			ath12k_warn(ab, "invalid msdu len %u\n", msdu_len);
2497 			ath12k_dbg_dump(ab, ATH12K_DBG_DATA, NULL, "", rx_desc,
2498 					sizeof(*rx_desc));
2499 			goto free_out;
2500 		}
2501 		skb_put(msdu, hal_rx_desc_sz + l3_pad_bytes + msdu_len);
2502 		skb_pull(msdu, hal_rx_desc_sz + l3_pad_bytes);
2503 	} else {
2504 		ret = ath12k_dp_rx_msdu_coalesce(ar, msdu_list,
2505 						 msdu, last_buf,
2506 						 l3_pad_bytes, msdu_len);
2507 		if (ret) {
2508 			ath12k_warn(ab,
2509 				    "failed to coalesce msdu rx buffer%d\n", ret);
2510 			goto free_out;
2511 		}
2512 	}
2513 
2514 	ath12k_dp_rx_h_ppdu(ar, rx_desc, rx_status);
2515 	ath12k_dp_rx_h_mpdu(ar, msdu, rx_desc, rx_status);
2516 
2517 	rx_status->flag |= RX_FLAG_SKIP_MONITOR | RX_FLAG_DUP_VALIDATED;
2518 
2519 	return 0;
2520 
2521 free_out:
2522 	return ret;
2523 }
2524 
2525 static void ath12k_dp_rx_process_received_packets(struct ath12k_base *ab,
2526 						  struct napi_struct *napi,
2527 						  struct sk_buff_head *msdu_list,
2528 						  int ring_id)
2529 {
2530 	struct ieee80211_rx_status rx_status = {0};
2531 	struct ath12k_skb_rxcb *rxcb;
2532 	struct sk_buff *msdu;
2533 	struct ath12k *ar;
2534 	u8 mac_id;
2535 	int ret;
2536 
2537 	if (skb_queue_empty(msdu_list))
2538 		return;
2539 
2540 	rcu_read_lock();
2541 
2542 	while ((msdu = __skb_dequeue(msdu_list))) {
2543 		rxcb = ATH12K_SKB_RXCB(msdu);
2544 		mac_id = rxcb->mac_id;
2545 		ar = ab->pdevs[mac_id].ar;
2546 		if (!rcu_dereference(ab->pdevs_active[mac_id])) {
2547 			dev_kfree_skb_any(msdu);
2548 			continue;
2549 		}
2550 
2551 		if (test_bit(ATH12K_CAC_RUNNING, &ar->dev_flags)) {
2552 			dev_kfree_skb_any(msdu);
2553 			continue;
2554 		}
2555 
2556 		ret = ath12k_dp_rx_process_msdu(ar, msdu, msdu_list, &rx_status);
2557 		if (ret) {
2558 			ath12k_dbg(ab, ATH12K_DBG_DATA,
2559 				   "Unable to process msdu %d", ret);
2560 			dev_kfree_skb_any(msdu);
2561 			continue;
2562 		}
2563 
2564 		ath12k_dp_rx_deliver_msdu(ar, napi, msdu, &rx_status);
2565 	}
2566 
2567 	rcu_read_unlock();
2568 }
2569 
2570 int ath12k_dp_rx_process(struct ath12k_base *ab, int ring_id,
2571 			 struct napi_struct *napi, int budget)
2572 {
2573 	struct ath12k_rx_desc_info *desc_info;
2574 	struct ath12k_dp *dp = &ab->dp;
2575 	struct dp_rxdma_ring *rx_ring = &dp->rx_refill_buf_ring;
2576 	struct hal_reo_dest_ring *desc;
2577 	int num_buffs_reaped = 0;
2578 	struct sk_buff_head msdu_list;
2579 	struct ath12k_skb_rxcb *rxcb;
2580 	int total_msdu_reaped = 0;
2581 	struct hal_srng *srng;
2582 	struct sk_buff *msdu;
2583 	bool done = false;
2584 	int mac_id;
2585 	u64 desc_va;
2586 
2587 	__skb_queue_head_init(&msdu_list);
2588 
2589 	srng = &ab->hal.srng_list[dp->reo_dst_ring[ring_id].ring_id];
2590 
2591 	spin_lock_bh(&srng->lock);
2592 
2593 try_again:
2594 	ath12k_hal_srng_access_begin(ab, srng);
2595 
2596 	while ((desc = ath12k_hal_srng_dst_get_next_entry(ab, srng))) {
2597 		enum hal_reo_dest_ring_push_reason push_reason;
2598 		u32 cookie;
2599 
2600 		cookie = le32_get_bits(desc->buf_addr_info.info1,
2601 				       BUFFER_ADDR_INFO1_SW_COOKIE);
2602 
2603 		mac_id = le32_get_bits(desc->info0,
2604 				       HAL_REO_DEST_RING_INFO0_SRC_LINK_ID);
2605 
2606 		desc_va = ((u64)le32_to_cpu(desc->buf_va_hi) << 32 |
2607 			   le32_to_cpu(desc->buf_va_lo));
2608 		desc_info = (struct ath12k_rx_desc_info *)((unsigned long)desc_va);
2609 
2610 		/* retry manual desc retrieval */
2611 		if (!desc_info) {
2612 			desc_info = ath12k_dp_get_rx_desc(ab, cookie);
2613 			if (!desc_info) {
2614 				ath12k_warn(ab, "Invalid cookie in manual desc retrieval");
2615 				continue;
2616 			}
2617 		}
2618 
2619 		if (desc_info->magic != ATH12K_DP_RX_DESC_MAGIC)
2620 			ath12k_warn(ab, "Check HW CC implementation");
2621 
2622 		msdu = desc_info->skb;
2623 		desc_info->skb = NULL;
2624 
2625 		spin_lock_bh(&dp->rx_desc_lock);
2626 		list_move_tail(&desc_info->list, &dp->rx_desc_free_list);
2627 		spin_unlock_bh(&dp->rx_desc_lock);
2628 
2629 		rxcb = ATH12K_SKB_RXCB(msdu);
2630 		dma_unmap_single(ab->dev, rxcb->paddr,
2631 				 msdu->len + skb_tailroom(msdu),
2632 				 DMA_FROM_DEVICE);
2633 
2634 		num_buffs_reaped++;
2635 
2636 		push_reason = le32_get_bits(desc->info0,
2637 					    HAL_REO_DEST_RING_INFO0_PUSH_REASON);
2638 		if (push_reason !=
2639 		    HAL_REO_DEST_RING_PUSH_REASON_ROUTING_INSTRUCTION) {
2640 			dev_kfree_skb_any(msdu);
2641 			ab->soc_stats.hal_reo_error[dp->reo_dst_ring[ring_id].ring_id]++;
2642 			continue;
2643 		}
2644 
2645 		rxcb->is_first_msdu = !!(le32_to_cpu(desc->rx_msdu_info.info0) &
2646 					 RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU);
2647 		rxcb->is_last_msdu = !!(le32_to_cpu(desc->rx_msdu_info.info0) &
2648 					RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU);
2649 		rxcb->is_continuation = !!(le32_to_cpu(desc->rx_msdu_info.info0) &
2650 					   RX_MSDU_DESC_INFO0_MSDU_CONTINUATION);
2651 		rxcb->mac_id = mac_id;
2652 		rxcb->peer_id = le32_get_bits(desc->rx_mpdu_info.peer_meta_data,
2653 					      RX_MPDU_DESC_META_DATA_PEER_ID);
2654 		rxcb->tid = le32_get_bits(desc->rx_mpdu_info.info0,
2655 					  RX_MPDU_DESC_INFO0_TID);
2656 
2657 		__skb_queue_tail(&msdu_list, msdu);
2658 
2659 		if (!rxcb->is_continuation) {
2660 			total_msdu_reaped++;
2661 			done = true;
2662 		} else {
2663 			done = false;
2664 		}
2665 
2666 		if (total_msdu_reaped >= budget)
2667 			break;
2668 	}
2669 
2670 	/* Hw might have updated the head pointer after we cached it.
2671 	 * In this case, even though there are entries in the ring we'll
2672 	 * get rx_desc NULL. Give the read another try with updated cached
2673 	 * head pointer so that we can reap complete MPDU in the current
2674 	 * rx processing.
2675 	 */
2676 	if (!done && ath12k_hal_srng_dst_num_free(ab, srng, true)) {
2677 		ath12k_hal_srng_access_end(ab, srng);
2678 		goto try_again;
2679 	}
2680 
2681 	ath12k_hal_srng_access_end(ab, srng);
2682 
2683 	spin_unlock_bh(&srng->lock);
2684 
2685 	if (!total_msdu_reaped)
2686 		goto exit;
2687 
2688 	/* TODO: Move to implicit BM? */
2689 	ath12k_dp_rx_bufs_replenish(ab, 0, rx_ring, num_buffs_reaped,
2690 				    ab->hw_params->hal_params->rx_buf_rbm, true);
2691 
2692 	ath12k_dp_rx_process_received_packets(ab, napi, &msdu_list,
2693 					      ring_id);
2694 
2695 exit:
2696 	return total_msdu_reaped;
2697 }
2698 
2699 static void ath12k_dp_rx_frag_timer(struct timer_list *timer)
2700 {
2701 	struct ath12k_dp_rx_tid *rx_tid = from_timer(rx_tid, timer, frag_timer);
2702 
2703 	spin_lock_bh(&rx_tid->ab->base_lock);
2704 	if (rx_tid->last_frag_no &&
2705 	    rx_tid->rx_frag_bitmap == GENMASK(rx_tid->last_frag_no, 0)) {
2706 		spin_unlock_bh(&rx_tid->ab->base_lock);
2707 		return;
2708 	}
2709 	ath12k_dp_rx_frags_cleanup(rx_tid, true);
2710 	spin_unlock_bh(&rx_tid->ab->base_lock);
2711 }
2712 
2713 int ath12k_dp_rx_peer_frag_setup(struct ath12k *ar, const u8 *peer_mac, int vdev_id)
2714 {
2715 	struct ath12k_base *ab = ar->ab;
2716 	struct crypto_shash *tfm;
2717 	struct ath12k_peer *peer;
2718 	struct ath12k_dp_rx_tid *rx_tid;
2719 	int i;
2720 
2721 	tfm = crypto_alloc_shash("michael_mic", 0, 0);
2722 	if (IS_ERR(tfm))
2723 		return PTR_ERR(tfm);
2724 
2725 	spin_lock_bh(&ab->base_lock);
2726 
2727 	peer = ath12k_peer_find(ab, vdev_id, peer_mac);
2728 	if (!peer) {
2729 		spin_unlock_bh(&ab->base_lock);
2730 		ath12k_warn(ab, "failed to find the peer to set up fragment info\n");
2731 		return -ENOENT;
2732 	}
2733 
2734 	for (i = 0; i <= IEEE80211_NUM_TIDS; i++) {
2735 		rx_tid = &peer->rx_tid[i];
2736 		rx_tid->ab = ab;
2737 		timer_setup(&rx_tid->frag_timer, ath12k_dp_rx_frag_timer, 0);
2738 		skb_queue_head_init(&rx_tid->rx_frags);
2739 	}
2740 
2741 	peer->tfm_mmic = tfm;
2742 	spin_unlock_bh(&ab->base_lock);
2743 
2744 	return 0;
2745 }
2746 
2747 static int ath12k_dp_rx_h_michael_mic(struct crypto_shash *tfm, u8 *key,
2748 				      struct ieee80211_hdr *hdr, u8 *data,
2749 				      size_t data_len, u8 *mic)
2750 {
2751 	SHASH_DESC_ON_STACK(desc, tfm);
2752 	u8 mic_hdr[16] = {0};
2753 	u8 tid = 0;
2754 	int ret;
2755 
2756 	if (!tfm)
2757 		return -EINVAL;
2758 
2759 	desc->tfm = tfm;
2760 
2761 	ret = crypto_shash_setkey(tfm, key, 8);
2762 	if (ret)
2763 		goto out;
2764 
2765 	ret = crypto_shash_init(desc);
2766 	if (ret)
2767 		goto out;
2768 
2769 	/* TKIP MIC header */
2770 	memcpy(mic_hdr, ieee80211_get_DA(hdr), ETH_ALEN);
2771 	memcpy(mic_hdr + ETH_ALEN, ieee80211_get_SA(hdr), ETH_ALEN);
2772 	if (ieee80211_is_data_qos(hdr->frame_control))
2773 		tid = ieee80211_get_tid(hdr);
2774 	mic_hdr[12] = tid;
2775 
2776 	ret = crypto_shash_update(desc, mic_hdr, 16);
2777 	if (ret)
2778 		goto out;
2779 	ret = crypto_shash_update(desc, data, data_len);
2780 	if (ret)
2781 		goto out;
2782 	ret = crypto_shash_final(desc, mic);
2783 out:
2784 	shash_desc_zero(desc);
2785 	return ret;
2786 }
2787 
2788 static int ath12k_dp_rx_h_verify_tkip_mic(struct ath12k *ar, struct ath12k_peer *peer,
2789 					  struct sk_buff *msdu)
2790 {
2791 	struct ath12k_base *ab = ar->ab;
2792 	struct hal_rx_desc *rx_desc = (struct hal_rx_desc *)msdu->data;
2793 	struct ieee80211_rx_status *rxs = IEEE80211_SKB_RXCB(msdu);
2794 	struct ieee80211_key_conf *key_conf;
2795 	struct ieee80211_hdr *hdr;
2796 	u8 mic[IEEE80211_CCMP_MIC_LEN];
2797 	int head_len, tail_len, ret;
2798 	size_t data_len;
2799 	u32 hdr_len, hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
2800 	u8 *key, *data;
2801 	u8 key_idx;
2802 
2803 	if (ath12k_dp_rx_h_enctype(ab, rx_desc) != HAL_ENCRYPT_TYPE_TKIP_MIC)
2804 		return 0;
2805 
2806 	hdr = (struct ieee80211_hdr *)(msdu->data + hal_rx_desc_sz);
2807 	hdr_len = ieee80211_hdrlen(hdr->frame_control);
2808 	head_len = hdr_len + hal_rx_desc_sz + IEEE80211_TKIP_IV_LEN;
2809 	tail_len = IEEE80211_CCMP_MIC_LEN + IEEE80211_TKIP_ICV_LEN + FCS_LEN;
2810 
2811 	if (!is_multicast_ether_addr(hdr->addr1))
2812 		key_idx = peer->ucast_keyidx;
2813 	else
2814 		key_idx = peer->mcast_keyidx;
2815 
2816 	key_conf = peer->keys[key_idx];
2817 
2818 	data = msdu->data + head_len;
2819 	data_len = msdu->len - head_len - tail_len;
2820 	key = &key_conf->key[NL80211_TKIP_DATA_OFFSET_RX_MIC_KEY];
2821 
2822 	ret = ath12k_dp_rx_h_michael_mic(peer->tfm_mmic, key, hdr, data, data_len, mic);
2823 	if (ret || memcmp(mic, data + data_len, IEEE80211_CCMP_MIC_LEN))
2824 		goto mic_fail;
2825 
2826 	return 0;
2827 
2828 mic_fail:
2829 	(ATH12K_SKB_RXCB(msdu))->is_first_msdu = true;
2830 	(ATH12K_SKB_RXCB(msdu))->is_last_msdu = true;
2831 
2832 	rxs->flag |= RX_FLAG_MMIC_ERROR | RX_FLAG_MMIC_STRIPPED |
2833 		    RX_FLAG_IV_STRIPPED | RX_FLAG_DECRYPTED;
2834 	skb_pull(msdu, hal_rx_desc_sz);
2835 
2836 	ath12k_dp_rx_h_ppdu(ar, rx_desc, rxs);
2837 	ath12k_dp_rx_h_undecap(ar, msdu, rx_desc,
2838 			       HAL_ENCRYPT_TYPE_TKIP_MIC, rxs, true);
2839 	ieee80211_rx(ar->hw, msdu);
2840 	return -EINVAL;
2841 }
2842 
2843 static void ath12k_dp_rx_h_undecap_frag(struct ath12k *ar, struct sk_buff *msdu,
2844 					enum hal_encrypt_type enctype, u32 flags)
2845 {
2846 	struct ieee80211_hdr *hdr;
2847 	size_t hdr_len;
2848 	size_t crypto_len;
2849 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
2850 
2851 	if (!flags)
2852 		return;
2853 
2854 	hdr = (struct ieee80211_hdr *)(msdu->data + hal_rx_desc_sz);
2855 
2856 	if (flags & RX_FLAG_MIC_STRIPPED)
2857 		skb_trim(msdu, msdu->len -
2858 			 ath12k_dp_rx_crypto_mic_len(ar, enctype));
2859 
2860 	if (flags & RX_FLAG_ICV_STRIPPED)
2861 		skb_trim(msdu, msdu->len -
2862 			 ath12k_dp_rx_crypto_icv_len(ar, enctype));
2863 
2864 	if (flags & RX_FLAG_IV_STRIPPED) {
2865 		hdr_len = ieee80211_hdrlen(hdr->frame_control);
2866 		crypto_len = ath12k_dp_rx_crypto_param_len(ar, enctype);
2867 
2868 		memmove(msdu->data + hal_rx_desc_sz + crypto_len,
2869 			msdu->data + hal_rx_desc_sz, hdr_len);
2870 		skb_pull(msdu, crypto_len);
2871 	}
2872 }
2873 
2874 static int ath12k_dp_rx_h_defrag(struct ath12k *ar,
2875 				 struct ath12k_peer *peer,
2876 				 struct ath12k_dp_rx_tid *rx_tid,
2877 				 struct sk_buff **defrag_skb)
2878 {
2879 	struct ath12k_base *ab = ar->ab;
2880 	struct hal_rx_desc *rx_desc;
2881 	struct sk_buff *skb, *first_frag, *last_frag;
2882 	struct ieee80211_hdr *hdr;
2883 	enum hal_encrypt_type enctype;
2884 	bool is_decrypted = false;
2885 	int msdu_len = 0;
2886 	int extra_space;
2887 	u32 flags, hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
2888 
2889 	first_frag = skb_peek(&rx_tid->rx_frags);
2890 	last_frag = skb_peek_tail(&rx_tid->rx_frags);
2891 
2892 	skb_queue_walk(&rx_tid->rx_frags, skb) {
2893 		flags = 0;
2894 		rx_desc = (struct hal_rx_desc *)skb->data;
2895 		hdr = (struct ieee80211_hdr *)(skb->data + hal_rx_desc_sz);
2896 
2897 		enctype = ath12k_dp_rx_h_enctype(ab, rx_desc);
2898 		if (enctype != HAL_ENCRYPT_TYPE_OPEN)
2899 			is_decrypted = ath12k_dp_rx_h_is_decrypted(ab,
2900 								   rx_desc);
2901 
2902 		if (is_decrypted) {
2903 			if (skb != first_frag)
2904 				flags |= RX_FLAG_IV_STRIPPED;
2905 			if (skb != last_frag)
2906 				flags |= RX_FLAG_ICV_STRIPPED |
2907 					 RX_FLAG_MIC_STRIPPED;
2908 		}
2909 
2910 		/* RX fragments are always raw packets */
2911 		if (skb != last_frag)
2912 			skb_trim(skb, skb->len - FCS_LEN);
2913 		ath12k_dp_rx_h_undecap_frag(ar, skb, enctype, flags);
2914 
2915 		if (skb != first_frag)
2916 			skb_pull(skb, hal_rx_desc_sz +
2917 				      ieee80211_hdrlen(hdr->frame_control));
2918 		msdu_len += skb->len;
2919 	}
2920 
2921 	extra_space = msdu_len - (DP_RX_BUFFER_SIZE + skb_tailroom(first_frag));
2922 	if (extra_space > 0 &&
2923 	    (pskb_expand_head(first_frag, 0, extra_space, GFP_ATOMIC) < 0))
2924 		return -ENOMEM;
2925 
2926 	__skb_unlink(first_frag, &rx_tid->rx_frags);
2927 	while ((skb = __skb_dequeue(&rx_tid->rx_frags))) {
2928 		skb_put_data(first_frag, skb->data, skb->len);
2929 		dev_kfree_skb_any(skb);
2930 	}
2931 
2932 	hdr = (struct ieee80211_hdr *)(first_frag->data + hal_rx_desc_sz);
2933 	hdr->frame_control &= ~__cpu_to_le16(IEEE80211_FCTL_MOREFRAGS);
2934 	ATH12K_SKB_RXCB(first_frag)->is_frag = 1;
2935 
2936 	if (ath12k_dp_rx_h_verify_tkip_mic(ar, peer, first_frag))
2937 		first_frag = NULL;
2938 
2939 	*defrag_skb = first_frag;
2940 	return 0;
2941 }
2942 
2943 static int ath12k_dp_rx_h_defrag_reo_reinject(struct ath12k *ar,
2944 					      struct ath12k_dp_rx_tid *rx_tid,
2945 					      struct sk_buff *defrag_skb)
2946 {
2947 	struct ath12k_base *ab = ar->ab;
2948 	struct ath12k_dp *dp = &ab->dp;
2949 	struct hal_rx_desc *rx_desc = (struct hal_rx_desc *)defrag_skb->data;
2950 	struct hal_reo_entrance_ring *reo_ent_ring;
2951 	struct hal_reo_dest_ring *reo_dest_ring;
2952 	struct dp_link_desc_bank *link_desc_banks;
2953 	struct hal_rx_msdu_link *msdu_link;
2954 	struct hal_rx_msdu_details *msdu0;
2955 	struct hal_srng *srng;
2956 	dma_addr_t link_paddr, buf_paddr;
2957 	u32 desc_bank, msdu_info, msdu_ext_info, mpdu_info;
2958 	u32 cookie, hal_rx_desc_sz, dest_ring_info0;
2959 	int ret;
2960 	struct ath12k_rx_desc_info *desc_info;
2961 	u8 dst_ind;
2962 
2963 	hal_rx_desc_sz = ab->hw_params->hal_desc_sz;
2964 	link_desc_banks = dp->link_desc_banks;
2965 	reo_dest_ring = rx_tid->dst_ring_desc;
2966 
2967 	ath12k_hal_rx_reo_ent_paddr_get(ab, &reo_dest_ring->buf_addr_info,
2968 					&link_paddr, &cookie);
2969 	desc_bank = u32_get_bits(cookie, DP_LINK_DESC_BANK_MASK);
2970 
2971 	msdu_link = (struct hal_rx_msdu_link *)(link_desc_banks[desc_bank].vaddr +
2972 			(link_paddr - link_desc_banks[desc_bank].paddr));
2973 	msdu0 = &msdu_link->msdu_link[0];
2974 	msdu_ext_info = le32_to_cpu(msdu0->rx_msdu_ext_info.info0);
2975 	dst_ind = u32_get_bits(msdu_ext_info, RX_MSDU_EXT_DESC_INFO0_REO_DEST_IND);
2976 
2977 	memset(msdu0, 0, sizeof(*msdu0));
2978 
2979 	msdu_info = u32_encode_bits(1, RX_MSDU_DESC_INFO0_FIRST_MSDU_IN_MPDU) |
2980 		    u32_encode_bits(1, RX_MSDU_DESC_INFO0_LAST_MSDU_IN_MPDU) |
2981 		    u32_encode_bits(0, RX_MSDU_DESC_INFO0_MSDU_CONTINUATION) |
2982 		    u32_encode_bits(defrag_skb->len - hal_rx_desc_sz,
2983 				    RX_MSDU_DESC_INFO0_MSDU_LENGTH) |
2984 		    u32_encode_bits(1, RX_MSDU_DESC_INFO0_VALID_SA) |
2985 		    u32_encode_bits(1, RX_MSDU_DESC_INFO0_VALID_DA);
2986 	msdu0->rx_msdu_info.info0 = cpu_to_le32(msdu_info);
2987 	msdu0->rx_msdu_ext_info.info0 = cpu_to_le32(msdu_ext_info);
2988 
2989 	/* change msdu len in hal rx desc */
2990 	ath12k_dp_rxdesc_set_msdu_len(ab, rx_desc, defrag_skb->len - hal_rx_desc_sz);
2991 
2992 	buf_paddr = dma_map_single(ab->dev, defrag_skb->data,
2993 				   defrag_skb->len + skb_tailroom(defrag_skb),
2994 				   DMA_FROM_DEVICE);
2995 	if (dma_mapping_error(ab->dev, buf_paddr))
2996 		return -ENOMEM;
2997 
2998 	spin_lock_bh(&dp->rx_desc_lock);
2999 	desc_info = list_first_entry_or_null(&dp->rx_desc_free_list,
3000 					     struct ath12k_rx_desc_info,
3001 					     list);
3002 	if (!desc_info) {
3003 		spin_unlock_bh(&dp->rx_desc_lock);
3004 		ath12k_warn(ab, "failed to find rx desc for reinject\n");
3005 		ret = -ENOMEM;
3006 		goto err_unmap_dma;
3007 	}
3008 
3009 	desc_info->skb = defrag_skb;
3010 
3011 	list_del(&desc_info->list);
3012 	list_add_tail(&desc_info->list, &dp->rx_desc_used_list);
3013 	spin_unlock_bh(&dp->rx_desc_lock);
3014 
3015 	ATH12K_SKB_RXCB(defrag_skb)->paddr = buf_paddr;
3016 
3017 	ath12k_hal_rx_buf_addr_info_set(&msdu0->buf_addr_info, buf_paddr,
3018 					desc_info->cookie,
3019 					HAL_RX_BUF_RBM_SW3_BM);
3020 
3021 	/* Fill mpdu details into reo entrace ring */
3022 	srng = &ab->hal.srng_list[dp->reo_reinject_ring.ring_id];
3023 
3024 	spin_lock_bh(&srng->lock);
3025 	ath12k_hal_srng_access_begin(ab, srng);
3026 
3027 	reo_ent_ring = ath12k_hal_srng_src_get_next_entry(ab, srng);
3028 	if (!reo_ent_ring) {
3029 		ath12k_hal_srng_access_end(ab, srng);
3030 		spin_unlock_bh(&srng->lock);
3031 		ret = -ENOSPC;
3032 		goto err_free_desc;
3033 	}
3034 	memset(reo_ent_ring, 0, sizeof(*reo_ent_ring));
3035 
3036 	ath12k_hal_rx_buf_addr_info_set(&reo_ent_ring->buf_addr_info, link_paddr,
3037 					cookie,
3038 					HAL_RX_BUF_RBM_WBM_CHIP0_IDLE_DESC_LIST);
3039 
3040 	mpdu_info = u32_encode_bits(1, RX_MPDU_DESC_INFO0_MSDU_COUNT) |
3041 		    u32_encode_bits(0, RX_MPDU_DESC_INFO0_FRAG_FLAG) |
3042 		    u32_encode_bits(1, RX_MPDU_DESC_INFO0_RAW_MPDU) |
3043 		    u32_encode_bits(1, RX_MPDU_DESC_INFO0_VALID_PN) |
3044 		    u32_encode_bits(rx_tid->tid, RX_MPDU_DESC_INFO0_TID);
3045 
3046 	reo_ent_ring->rx_mpdu_info.info0 = cpu_to_le32(mpdu_info);
3047 	reo_ent_ring->rx_mpdu_info.peer_meta_data =
3048 		reo_dest_ring->rx_mpdu_info.peer_meta_data;
3049 
3050 	reo_ent_ring->queue_addr_lo = cpu_to_le32(lower_32_bits(rx_tid->paddr));
3051 	reo_ent_ring->info0 = le32_encode_bits(upper_32_bits(rx_tid->paddr),
3052 					       HAL_REO_ENTR_RING_INFO0_QUEUE_ADDR_HI) |
3053 		le32_encode_bits(dst_ind, HAL_REO_ENTR_RING_INFO0_DEST_IND);
3054 
3055 	reo_ent_ring->info1 = le32_encode_bits(rx_tid->cur_sn,
3056 					       HAL_REO_ENTR_RING_INFO1_MPDU_SEQ_NUM);
3057 	dest_ring_info0 = le32_get_bits(reo_dest_ring->info0,
3058 					HAL_REO_DEST_RING_INFO0_SRC_LINK_ID);
3059 	reo_ent_ring->info2 =
3060 		cpu_to_le32(u32_get_bits(dest_ring_info0,
3061 					 HAL_REO_ENTR_RING_INFO2_SRC_LINK_ID));
3062 
3063 	ath12k_hal_srng_access_end(ab, srng);
3064 	spin_unlock_bh(&srng->lock);
3065 
3066 	return 0;
3067 
3068 err_free_desc:
3069 	spin_lock_bh(&dp->rx_desc_lock);
3070 	list_del(&desc_info->list);
3071 	list_add_tail(&desc_info->list, &dp->rx_desc_free_list);
3072 	desc_info->skb = NULL;
3073 	spin_unlock_bh(&dp->rx_desc_lock);
3074 err_unmap_dma:
3075 	dma_unmap_single(ab->dev, buf_paddr, defrag_skb->len + skb_tailroom(defrag_skb),
3076 			 DMA_FROM_DEVICE);
3077 	return ret;
3078 }
3079 
3080 static int ath12k_dp_rx_h_cmp_frags(struct ath12k_base *ab,
3081 				    struct sk_buff *a, struct sk_buff *b)
3082 {
3083 	int frag1, frag2;
3084 
3085 	frag1 = ath12k_dp_rx_h_frag_no(ab, a);
3086 	frag2 = ath12k_dp_rx_h_frag_no(ab, b);
3087 
3088 	return frag1 - frag2;
3089 }
3090 
3091 static void ath12k_dp_rx_h_sort_frags(struct ath12k_base *ab,
3092 				      struct sk_buff_head *frag_list,
3093 				      struct sk_buff *cur_frag)
3094 {
3095 	struct sk_buff *skb;
3096 	int cmp;
3097 
3098 	skb_queue_walk(frag_list, skb) {
3099 		cmp = ath12k_dp_rx_h_cmp_frags(ab, skb, cur_frag);
3100 		if (cmp < 0)
3101 			continue;
3102 		__skb_queue_before(frag_list, skb, cur_frag);
3103 		return;
3104 	}
3105 	__skb_queue_tail(frag_list, cur_frag);
3106 }
3107 
3108 static u64 ath12k_dp_rx_h_get_pn(struct ath12k *ar, struct sk_buff *skb)
3109 {
3110 	struct ieee80211_hdr *hdr;
3111 	u64 pn = 0;
3112 	u8 *ehdr;
3113 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
3114 
3115 	hdr = (struct ieee80211_hdr *)(skb->data + hal_rx_desc_sz);
3116 	ehdr = skb->data + hal_rx_desc_sz + ieee80211_hdrlen(hdr->frame_control);
3117 
3118 	pn = ehdr[0];
3119 	pn |= (u64)ehdr[1] << 8;
3120 	pn |= (u64)ehdr[4] << 16;
3121 	pn |= (u64)ehdr[5] << 24;
3122 	pn |= (u64)ehdr[6] << 32;
3123 	pn |= (u64)ehdr[7] << 40;
3124 
3125 	return pn;
3126 }
3127 
3128 static bool
3129 ath12k_dp_rx_h_defrag_validate_incr_pn(struct ath12k *ar, struct ath12k_dp_rx_tid *rx_tid)
3130 {
3131 	struct ath12k_base *ab = ar->ab;
3132 	enum hal_encrypt_type encrypt_type;
3133 	struct sk_buff *first_frag, *skb;
3134 	struct hal_rx_desc *desc;
3135 	u64 last_pn;
3136 	u64 cur_pn;
3137 
3138 	first_frag = skb_peek(&rx_tid->rx_frags);
3139 	desc = (struct hal_rx_desc *)first_frag->data;
3140 
3141 	encrypt_type = ath12k_dp_rx_h_enctype(ab, desc);
3142 	if (encrypt_type != HAL_ENCRYPT_TYPE_CCMP_128 &&
3143 	    encrypt_type != HAL_ENCRYPT_TYPE_CCMP_256 &&
3144 	    encrypt_type != HAL_ENCRYPT_TYPE_GCMP_128 &&
3145 	    encrypt_type != HAL_ENCRYPT_TYPE_AES_GCMP_256)
3146 		return true;
3147 
3148 	last_pn = ath12k_dp_rx_h_get_pn(ar, first_frag);
3149 	skb_queue_walk(&rx_tid->rx_frags, skb) {
3150 		if (skb == first_frag)
3151 			continue;
3152 
3153 		cur_pn = ath12k_dp_rx_h_get_pn(ar, skb);
3154 		if (cur_pn != last_pn + 1)
3155 			return false;
3156 		last_pn = cur_pn;
3157 	}
3158 	return true;
3159 }
3160 
3161 static int ath12k_dp_rx_frag_h_mpdu(struct ath12k *ar,
3162 				    struct sk_buff *msdu,
3163 				    struct hal_reo_dest_ring *ring_desc)
3164 {
3165 	struct ath12k_base *ab = ar->ab;
3166 	struct hal_rx_desc *rx_desc;
3167 	struct ath12k_peer *peer;
3168 	struct ath12k_dp_rx_tid *rx_tid;
3169 	struct sk_buff *defrag_skb = NULL;
3170 	u32 peer_id;
3171 	u16 seqno, frag_no;
3172 	u8 tid;
3173 	int ret = 0;
3174 	bool more_frags;
3175 
3176 	rx_desc = (struct hal_rx_desc *)msdu->data;
3177 	peer_id = ath12k_dp_rx_h_peer_id(ab, rx_desc);
3178 	tid = ath12k_dp_rx_h_tid(ab, rx_desc);
3179 	seqno = ath12k_dp_rx_h_seq_no(ab, rx_desc);
3180 	frag_no = ath12k_dp_rx_h_frag_no(ab, msdu);
3181 	more_frags = ath12k_dp_rx_h_more_frags(ab, msdu);
3182 
3183 	if (!ath12k_dp_rx_h_seq_ctrl_valid(ab, rx_desc) ||
3184 	    !ath12k_dp_rx_h_fc_valid(ab, rx_desc) ||
3185 	    tid > IEEE80211_NUM_TIDS)
3186 		return -EINVAL;
3187 
3188 	/* received unfragmented packet in reo
3189 	 * exception ring, this shouldn't happen
3190 	 * as these packets typically come from
3191 	 * reo2sw srngs.
3192 	 */
3193 	if (WARN_ON_ONCE(!frag_no && !more_frags))
3194 		return -EINVAL;
3195 
3196 	spin_lock_bh(&ab->base_lock);
3197 	peer = ath12k_peer_find_by_id(ab, peer_id);
3198 	if (!peer) {
3199 		ath12k_warn(ab, "failed to find the peer to de-fragment received fragment peer_id %d\n",
3200 			    peer_id);
3201 		ret = -ENOENT;
3202 		goto out_unlock;
3203 	}
3204 	rx_tid = &peer->rx_tid[tid];
3205 
3206 	if ((!skb_queue_empty(&rx_tid->rx_frags) && seqno != rx_tid->cur_sn) ||
3207 	    skb_queue_empty(&rx_tid->rx_frags)) {
3208 		/* Flush stored fragments and start a new sequence */
3209 		ath12k_dp_rx_frags_cleanup(rx_tid, true);
3210 		rx_tid->cur_sn = seqno;
3211 	}
3212 
3213 	if (rx_tid->rx_frag_bitmap & BIT(frag_no)) {
3214 		/* Fragment already present */
3215 		ret = -EINVAL;
3216 		goto out_unlock;
3217 	}
3218 
3219 	if (frag_no > __fls(rx_tid->rx_frag_bitmap))
3220 		__skb_queue_tail(&rx_tid->rx_frags, msdu);
3221 	else
3222 		ath12k_dp_rx_h_sort_frags(ab, &rx_tid->rx_frags, msdu);
3223 
3224 	rx_tid->rx_frag_bitmap |= BIT(frag_no);
3225 	if (!more_frags)
3226 		rx_tid->last_frag_no = frag_no;
3227 
3228 	if (frag_no == 0) {
3229 		rx_tid->dst_ring_desc = kmemdup(ring_desc,
3230 						sizeof(*rx_tid->dst_ring_desc),
3231 						GFP_ATOMIC);
3232 		if (!rx_tid->dst_ring_desc) {
3233 			ret = -ENOMEM;
3234 			goto out_unlock;
3235 		}
3236 	} else {
3237 		ath12k_dp_rx_link_desc_return(ab, ring_desc,
3238 					      HAL_WBM_REL_BM_ACT_PUT_IN_IDLE);
3239 	}
3240 
3241 	if (!rx_tid->last_frag_no ||
3242 	    rx_tid->rx_frag_bitmap != GENMASK(rx_tid->last_frag_no, 0)) {
3243 		mod_timer(&rx_tid->frag_timer, jiffies +
3244 					       ATH12K_DP_RX_FRAGMENT_TIMEOUT_MS);
3245 		goto out_unlock;
3246 	}
3247 
3248 	spin_unlock_bh(&ab->base_lock);
3249 	del_timer_sync(&rx_tid->frag_timer);
3250 	spin_lock_bh(&ab->base_lock);
3251 
3252 	peer = ath12k_peer_find_by_id(ab, peer_id);
3253 	if (!peer)
3254 		goto err_frags_cleanup;
3255 
3256 	if (!ath12k_dp_rx_h_defrag_validate_incr_pn(ar, rx_tid))
3257 		goto err_frags_cleanup;
3258 
3259 	if (ath12k_dp_rx_h_defrag(ar, peer, rx_tid, &defrag_skb))
3260 		goto err_frags_cleanup;
3261 
3262 	if (!defrag_skb)
3263 		goto err_frags_cleanup;
3264 
3265 	if (ath12k_dp_rx_h_defrag_reo_reinject(ar, rx_tid, defrag_skb))
3266 		goto err_frags_cleanup;
3267 
3268 	ath12k_dp_rx_frags_cleanup(rx_tid, false);
3269 	goto out_unlock;
3270 
3271 err_frags_cleanup:
3272 	dev_kfree_skb_any(defrag_skb);
3273 	ath12k_dp_rx_frags_cleanup(rx_tid, true);
3274 out_unlock:
3275 	spin_unlock_bh(&ab->base_lock);
3276 	return ret;
3277 }
3278 
3279 static int
3280 ath12k_dp_process_rx_err_buf(struct ath12k *ar, struct hal_reo_dest_ring *desc,
3281 			     bool drop, u32 cookie)
3282 {
3283 	struct ath12k_base *ab = ar->ab;
3284 	struct sk_buff *msdu;
3285 	struct ath12k_skb_rxcb *rxcb;
3286 	struct hal_rx_desc *rx_desc;
3287 	u16 msdu_len;
3288 	u32 hal_rx_desc_sz = ab->hw_params->hal_desc_sz;
3289 	struct ath12k_rx_desc_info *desc_info;
3290 	u64 desc_va;
3291 
3292 	desc_va = ((u64)le32_to_cpu(desc->buf_va_hi) << 32 |
3293 		   le32_to_cpu(desc->buf_va_lo));
3294 	desc_info = (struct ath12k_rx_desc_info *)((unsigned long)desc_va);
3295 
3296 	/* retry manual desc retrieval */
3297 	if (!desc_info) {
3298 		desc_info = ath12k_dp_get_rx_desc(ab, cookie);
3299 		if (!desc_info) {
3300 			ath12k_warn(ab, "Invalid cookie in manual desc retrieval");
3301 			return -EINVAL;
3302 		}
3303 	}
3304 
3305 	if (desc_info->magic != ATH12K_DP_RX_DESC_MAGIC)
3306 		ath12k_warn(ab, " RX Exception, Check HW CC implementation");
3307 
3308 	msdu = desc_info->skb;
3309 	desc_info->skb = NULL;
3310 	spin_lock_bh(&ab->dp.rx_desc_lock);
3311 	list_move_tail(&desc_info->list, &ab->dp.rx_desc_free_list);
3312 	spin_unlock_bh(&ab->dp.rx_desc_lock);
3313 
3314 	rxcb = ATH12K_SKB_RXCB(msdu);
3315 	dma_unmap_single(ar->ab->dev, rxcb->paddr,
3316 			 msdu->len + skb_tailroom(msdu),
3317 			 DMA_FROM_DEVICE);
3318 
3319 	if (drop) {
3320 		dev_kfree_skb_any(msdu);
3321 		return 0;
3322 	}
3323 
3324 	rcu_read_lock();
3325 	if (!rcu_dereference(ar->ab->pdevs_active[ar->pdev_idx])) {
3326 		dev_kfree_skb_any(msdu);
3327 		goto exit;
3328 	}
3329 
3330 	if (test_bit(ATH12K_CAC_RUNNING, &ar->dev_flags)) {
3331 		dev_kfree_skb_any(msdu);
3332 		goto exit;
3333 	}
3334 
3335 	rx_desc = (struct hal_rx_desc *)msdu->data;
3336 	msdu_len = ath12k_dp_rx_h_msdu_len(ar->ab, rx_desc);
3337 	if ((msdu_len + hal_rx_desc_sz) > DP_RX_BUFFER_SIZE) {
3338 		ath12k_warn(ar->ab, "invalid msdu leng %u", msdu_len);
3339 		ath12k_dbg_dump(ar->ab, ATH12K_DBG_DATA, NULL, "", rx_desc,
3340 				sizeof(*rx_desc));
3341 		dev_kfree_skb_any(msdu);
3342 		goto exit;
3343 	}
3344 
3345 	skb_put(msdu, hal_rx_desc_sz + msdu_len);
3346 
3347 	if (ath12k_dp_rx_frag_h_mpdu(ar, msdu, desc)) {
3348 		dev_kfree_skb_any(msdu);
3349 		ath12k_dp_rx_link_desc_return(ar->ab, desc,
3350 					      HAL_WBM_REL_BM_ACT_PUT_IN_IDLE);
3351 	}
3352 exit:
3353 	rcu_read_unlock();
3354 	return 0;
3355 }
3356 
3357 int ath12k_dp_rx_process_err(struct ath12k_base *ab, struct napi_struct *napi,
3358 			     int budget)
3359 {
3360 	u32 msdu_cookies[HAL_NUM_RX_MSDUS_PER_LINK_DESC];
3361 	struct dp_link_desc_bank *link_desc_banks;
3362 	enum hal_rx_buf_return_buf_manager rbm;
3363 	struct hal_rx_msdu_link *link_desc_va;
3364 	int tot_n_bufs_reaped, quota, ret, i;
3365 	struct hal_reo_dest_ring *reo_desc;
3366 	struct dp_rxdma_ring *rx_ring;
3367 	struct dp_srng *reo_except;
3368 	u32 desc_bank, num_msdus;
3369 	struct hal_srng *srng;
3370 	struct ath12k_dp *dp;
3371 	int mac_id;
3372 	struct ath12k *ar;
3373 	dma_addr_t paddr;
3374 	bool is_frag;
3375 	bool drop = false;
3376 
3377 	tot_n_bufs_reaped = 0;
3378 	quota = budget;
3379 
3380 	dp = &ab->dp;
3381 	reo_except = &dp->reo_except_ring;
3382 	link_desc_banks = dp->link_desc_banks;
3383 
3384 	srng = &ab->hal.srng_list[reo_except->ring_id];
3385 
3386 	spin_lock_bh(&srng->lock);
3387 
3388 	ath12k_hal_srng_access_begin(ab, srng);
3389 
3390 	while (budget &&
3391 	       (reo_desc = ath12k_hal_srng_dst_get_next_entry(ab, srng))) {
3392 		ab->soc_stats.err_ring_pkts++;
3393 		ret = ath12k_hal_desc_reo_parse_err(ab, reo_desc, &paddr,
3394 						    &desc_bank);
3395 		if (ret) {
3396 			ath12k_warn(ab, "failed to parse error reo desc %d\n",
3397 				    ret);
3398 			continue;
3399 		}
3400 		link_desc_va = link_desc_banks[desc_bank].vaddr +
3401 			       (paddr - link_desc_banks[desc_bank].paddr);
3402 		ath12k_hal_rx_msdu_link_info_get(link_desc_va, &num_msdus, msdu_cookies,
3403 						 &rbm);
3404 		if (rbm != HAL_RX_BUF_RBM_WBM_CHIP0_IDLE_DESC_LIST &&
3405 		    rbm != HAL_RX_BUF_RBM_SW3_BM &&
3406 		    rbm != ab->hw_params->hal_params->rx_buf_rbm) {
3407 			ab->soc_stats.invalid_rbm++;
3408 			ath12k_warn(ab, "invalid return buffer manager %d\n", rbm);
3409 			ath12k_dp_rx_link_desc_return(ab, reo_desc,
3410 						      HAL_WBM_REL_BM_ACT_REL_MSDU);
3411 			continue;
3412 		}
3413 
3414 		is_frag = !!(le32_to_cpu(reo_desc->rx_mpdu_info.info0) &
3415 			     RX_MPDU_DESC_INFO0_FRAG_FLAG);
3416 
3417 		/* Process only rx fragments with one msdu per link desc below, and drop
3418 		 * msdu's indicated due to error reasons.
3419 		 */
3420 		if (!is_frag || num_msdus > 1) {
3421 			drop = true;
3422 			/* Return the link desc back to wbm idle list */
3423 			ath12k_dp_rx_link_desc_return(ab, reo_desc,
3424 						      HAL_WBM_REL_BM_ACT_PUT_IN_IDLE);
3425 		}
3426 
3427 		for (i = 0; i < num_msdus; i++) {
3428 			mac_id = le32_get_bits(reo_desc->info0,
3429 					       HAL_REO_DEST_RING_INFO0_SRC_LINK_ID);
3430 
3431 			ar = ab->pdevs[mac_id].ar;
3432 
3433 			if (!ath12k_dp_process_rx_err_buf(ar, reo_desc, drop,
3434 							  msdu_cookies[i]))
3435 				tot_n_bufs_reaped++;
3436 		}
3437 
3438 		if (tot_n_bufs_reaped >= quota) {
3439 			tot_n_bufs_reaped = quota;
3440 			goto exit;
3441 		}
3442 
3443 		budget = quota - tot_n_bufs_reaped;
3444 	}
3445 
3446 exit:
3447 	ath12k_hal_srng_access_end(ab, srng);
3448 
3449 	spin_unlock_bh(&srng->lock);
3450 
3451 	rx_ring = &dp->rx_refill_buf_ring;
3452 
3453 	ath12k_dp_rx_bufs_replenish(ab, 0, rx_ring, tot_n_bufs_reaped,
3454 				    ab->hw_params->hal_params->rx_buf_rbm, true);
3455 
3456 	return tot_n_bufs_reaped;
3457 }
3458 
3459 static void ath12k_dp_rx_null_q_desc_sg_drop(struct ath12k *ar,
3460 					     int msdu_len,
3461 					     struct sk_buff_head *msdu_list)
3462 {
3463 	struct sk_buff *skb, *tmp;
3464 	struct ath12k_skb_rxcb *rxcb;
3465 	int n_buffs;
3466 
3467 	n_buffs = DIV_ROUND_UP(msdu_len,
3468 			       (DP_RX_BUFFER_SIZE - ar->ab->hw_params->hal_desc_sz));
3469 
3470 	skb_queue_walk_safe(msdu_list, skb, tmp) {
3471 		rxcb = ATH12K_SKB_RXCB(skb);
3472 		if (rxcb->err_rel_src == HAL_WBM_REL_SRC_MODULE_REO &&
3473 		    rxcb->err_code == HAL_REO_DEST_RING_ERROR_CODE_DESC_ADDR_ZERO) {
3474 			if (!n_buffs)
3475 				break;
3476 			__skb_unlink(skb, msdu_list);
3477 			dev_kfree_skb_any(skb);
3478 			n_buffs--;
3479 		}
3480 	}
3481 }
3482 
3483 static int ath12k_dp_rx_h_null_q_desc(struct ath12k *ar, struct sk_buff *msdu,
3484 				      struct ieee80211_rx_status *status,
3485 				      struct sk_buff_head *msdu_list)
3486 {
3487 	struct ath12k_base *ab = ar->ab;
3488 	u16 msdu_len, peer_id;
3489 	struct hal_rx_desc *desc = (struct hal_rx_desc *)msdu->data;
3490 	u8 l3pad_bytes;
3491 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
3492 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
3493 
3494 	msdu_len = ath12k_dp_rx_h_msdu_len(ab, desc);
3495 	peer_id = ath12k_dp_rx_h_peer_id(ab, desc);
3496 
3497 	spin_lock(&ab->base_lock);
3498 	if (!ath12k_peer_find_by_id(ab, peer_id)) {
3499 		spin_unlock(&ab->base_lock);
3500 		ath12k_dbg(ab, ATH12K_DBG_DATA, "invalid peer id received in wbm err pkt%d\n",
3501 			   peer_id);
3502 		return -EINVAL;
3503 	}
3504 	spin_unlock(&ab->base_lock);
3505 
3506 	if (!rxcb->is_frag && ((msdu_len + hal_rx_desc_sz) > DP_RX_BUFFER_SIZE)) {
3507 		/* First buffer will be freed by the caller, so deduct it's length */
3508 		msdu_len = msdu_len - (DP_RX_BUFFER_SIZE - hal_rx_desc_sz);
3509 		ath12k_dp_rx_null_q_desc_sg_drop(ar, msdu_len, msdu_list);
3510 		return -EINVAL;
3511 	}
3512 
3513 	/* Even after cleaning up the sg buffers in the msdu list with above check
3514 	 * any msdu received with continuation flag needs to be dropped as invalid.
3515 	 * This protects against some random err frame with continuation flag.
3516 	 */
3517 	if (rxcb->is_continuation)
3518 		return -EINVAL;
3519 
3520 	if (!ath12k_dp_rx_h_msdu_done(ab, desc)) {
3521 		ath12k_warn(ar->ab,
3522 			    "msdu_done bit not set in null_q_des processing\n");
3523 		__skb_queue_purge(msdu_list);
3524 		return -EIO;
3525 	}
3526 
3527 	/* Handle NULL queue descriptor violations arising out a missing
3528 	 * REO queue for a given peer or a given TID. This typically
3529 	 * may happen if a packet is received on a QOS enabled TID before the
3530 	 * ADDBA negotiation for that TID, when the TID queue is setup. Or
3531 	 * it may also happen for MC/BC frames if they are not routed to the
3532 	 * non-QOS TID queue, in the absence of any other default TID queue.
3533 	 * This error can show up both in a REO destination or WBM release ring.
3534 	 */
3535 
3536 	if (rxcb->is_frag) {
3537 		skb_pull(msdu, hal_rx_desc_sz);
3538 	} else {
3539 		l3pad_bytes = ath12k_dp_rx_h_l3pad(ab, desc);
3540 
3541 		if ((hal_rx_desc_sz + l3pad_bytes + msdu_len) > DP_RX_BUFFER_SIZE)
3542 			return -EINVAL;
3543 
3544 		skb_put(msdu, hal_rx_desc_sz + l3pad_bytes + msdu_len);
3545 		skb_pull(msdu, hal_rx_desc_sz + l3pad_bytes);
3546 	}
3547 	ath12k_dp_rx_h_ppdu(ar, desc, status);
3548 
3549 	ath12k_dp_rx_h_mpdu(ar, msdu, desc, status);
3550 
3551 	rxcb->tid = ath12k_dp_rx_h_tid(ab, desc);
3552 
3553 	/* Please note that caller will having the access to msdu and completing
3554 	 * rx with mac80211. Need not worry about cleaning up amsdu_list.
3555 	 */
3556 
3557 	return 0;
3558 }
3559 
3560 static bool ath12k_dp_rx_h_reo_err(struct ath12k *ar, struct sk_buff *msdu,
3561 				   struct ieee80211_rx_status *status,
3562 				   struct sk_buff_head *msdu_list)
3563 {
3564 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
3565 	bool drop = false;
3566 
3567 	ar->ab->soc_stats.reo_error[rxcb->err_code]++;
3568 
3569 	switch (rxcb->err_code) {
3570 	case HAL_REO_DEST_RING_ERROR_CODE_DESC_ADDR_ZERO:
3571 		if (ath12k_dp_rx_h_null_q_desc(ar, msdu, status, msdu_list))
3572 			drop = true;
3573 		break;
3574 	case HAL_REO_DEST_RING_ERROR_CODE_PN_CHECK_FAILED:
3575 		/* TODO: Do not drop PN failed packets in the driver;
3576 		 * instead, it is good to drop such packets in mac80211
3577 		 * after incrementing the replay counters.
3578 		 */
3579 		fallthrough;
3580 	default:
3581 		/* TODO: Review other errors and process them to mac80211
3582 		 * as appropriate.
3583 		 */
3584 		drop = true;
3585 		break;
3586 	}
3587 
3588 	return drop;
3589 }
3590 
3591 static void ath12k_dp_rx_h_tkip_mic_err(struct ath12k *ar, struct sk_buff *msdu,
3592 					struct ieee80211_rx_status *status)
3593 {
3594 	struct ath12k_base *ab = ar->ab;
3595 	u16 msdu_len;
3596 	struct hal_rx_desc *desc = (struct hal_rx_desc *)msdu->data;
3597 	u8 l3pad_bytes;
3598 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
3599 	u32 hal_rx_desc_sz = ar->ab->hw_params->hal_desc_sz;
3600 
3601 	rxcb->is_first_msdu = ath12k_dp_rx_h_first_msdu(ab, desc);
3602 	rxcb->is_last_msdu = ath12k_dp_rx_h_last_msdu(ab, desc);
3603 
3604 	l3pad_bytes = ath12k_dp_rx_h_l3pad(ab, desc);
3605 	msdu_len = ath12k_dp_rx_h_msdu_len(ab, desc);
3606 	skb_put(msdu, hal_rx_desc_sz + l3pad_bytes + msdu_len);
3607 	skb_pull(msdu, hal_rx_desc_sz + l3pad_bytes);
3608 
3609 	ath12k_dp_rx_h_ppdu(ar, desc, status);
3610 
3611 	status->flag |= (RX_FLAG_MMIC_STRIPPED | RX_FLAG_MMIC_ERROR |
3612 			 RX_FLAG_DECRYPTED);
3613 
3614 	ath12k_dp_rx_h_undecap(ar, msdu, desc,
3615 			       HAL_ENCRYPT_TYPE_TKIP_MIC, status, false);
3616 }
3617 
3618 static bool ath12k_dp_rx_h_rxdma_err(struct ath12k *ar,  struct sk_buff *msdu,
3619 				     struct ieee80211_rx_status *status)
3620 {
3621 	struct ath12k_base *ab = ar->ab;
3622 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
3623 	struct hal_rx_desc *rx_desc = (struct hal_rx_desc *)msdu->data;
3624 	bool drop = false;
3625 	u32 err_bitmap;
3626 
3627 	ar->ab->soc_stats.rxdma_error[rxcb->err_code]++;
3628 
3629 	switch (rxcb->err_code) {
3630 	case HAL_REO_ENTR_RING_RXDMA_ECODE_DECRYPT_ERR:
3631 	case HAL_REO_ENTR_RING_RXDMA_ECODE_TKIP_MIC_ERR:
3632 		err_bitmap = ath12k_dp_rx_h_mpdu_err(ab, rx_desc);
3633 		if (err_bitmap & HAL_RX_MPDU_ERR_TKIP_MIC) {
3634 			ath12k_dp_rx_h_tkip_mic_err(ar, msdu, status);
3635 			break;
3636 		}
3637 		fallthrough;
3638 	default:
3639 		/* TODO: Review other rxdma error code to check if anything is
3640 		 * worth reporting to mac80211
3641 		 */
3642 		drop = true;
3643 		break;
3644 	}
3645 
3646 	return drop;
3647 }
3648 
3649 static void ath12k_dp_rx_wbm_err(struct ath12k *ar,
3650 				 struct napi_struct *napi,
3651 				 struct sk_buff *msdu,
3652 				 struct sk_buff_head *msdu_list)
3653 {
3654 	struct ath12k_skb_rxcb *rxcb = ATH12K_SKB_RXCB(msdu);
3655 	struct ieee80211_rx_status rxs = {0};
3656 	bool drop = true;
3657 
3658 	switch (rxcb->err_rel_src) {
3659 	case HAL_WBM_REL_SRC_MODULE_REO:
3660 		drop = ath12k_dp_rx_h_reo_err(ar, msdu, &rxs, msdu_list);
3661 		break;
3662 	case HAL_WBM_REL_SRC_MODULE_RXDMA:
3663 		drop = ath12k_dp_rx_h_rxdma_err(ar, msdu, &rxs);
3664 		break;
3665 	default:
3666 		/* msdu will get freed */
3667 		break;
3668 	}
3669 
3670 	if (drop) {
3671 		dev_kfree_skb_any(msdu);
3672 		return;
3673 	}
3674 
3675 	ath12k_dp_rx_deliver_msdu(ar, napi, msdu, &rxs);
3676 }
3677 
3678 int ath12k_dp_rx_process_wbm_err(struct ath12k_base *ab,
3679 				 struct napi_struct *napi, int budget)
3680 {
3681 	struct ath12k *ar;
3682 	struct ath12k_dp *dp = &ab->dp;
3683 	struct dp_rxdma_ring *rx_ring;
3684 	struct hal_rx_wbm_rel_info err_info;
3685 	struct hal_srng *srng;
3686 	struct sk_buff *msdu;
3687 	struct sk_buff_head msdu_list[MAX_RADIOS];
3688 	struct ath12k_skb_rxcb *rxcb;
3689 	void *rx_desc;
3690 	int mac_id;
3691 	int num_buffs_reaped = 0;
3692 	struct ath12k_rx_desc_info *desc_info;
3693 	int ret, i;
3694 
3695 	for (i = 0; i < ab->num_radios; i++)
3696 		__skb_queue_head_init(&msdu_list[i]);
3697 
3698 	srng = &ab->hal.srng_list[dp->rx_rel_ring.ring_id];
3699 	rx_ring = &dp->rx_refill_buf_ring;
3700 
3701 	spin_lock_bh(&srng->lock);
3702 
3703 	ath12k_hal_srng_access_begin(ab, srng);
3704 
3705 	while (budget) {
3706 		rx_desc = ath12k_hal_srng_dst_get_next_entry(ab, srng);
3707 		if (!rx_desc)
3708 			break;
3709 
3710 		ret = ath12k_hal_wbm_desc_parse_err(ab, rx_desc, &err_info);
3711 		if (ret) {
3712 			ath12k_warn(ab,
3713 				    "failed to parse rx error in wbm_rel ring desc %d\n",
3714 				    ret);
3715 			continue;
3716 		}
3717 
3718 		desc_info = (struct ath12k_rx_desc_info *)err_info.rx_desc;
3719 
3720 		/* retry manual desc retrieval if hw cc is not done */
3721 		if (!desc_info) {
3722 			desc_info = ath12k_dp_get_rx_desc(ab, err_info.cookie);
3723 			if (!desc_info) {
3724 				ath12k_warn(ab, "Invalid cookie in manual desc retrieval");
3725 				continue;
3726 			}
3727 		}
3728 
3729 		/* FIXME: Extract mac id correctly. Since descs are not tied
3730 		 * to mac, we can extract from vdev id in ring desc.
3731 		 */
3732 		mac_id = 0;
3733 
3734 		if (desc_info->magic != ATH12K_DP_RX_DESC_MAGIC)
3735 			ath12k_warn(ab, "WBM RX err, Check HW CC implementation");
3736 
3737 		msdu = desc_info->skb;
3738 		desc_info->skb = NULL;
3739 
3740 		spin_lock_bh(&dp->rx_desc_lock);
3741 		list_move_tail(&desc_info->list, &dp->rx_desc_free_list);
3742 		spin_unlock_bh(&dp->rx_desc_lock);
3743 
3744 		rxcb = ATH12K_SKB_RXCB(msdu);
3745 		dma_unmap_single(ab->dev, rxcb->paddr,
3746 				 msdu->len + skb_tailroom(msdu),
3747 				 DMA_FROM_DEVICE);
3748 
3749 		num_buffs_reaped++;
3750 
3751 		if (!err_info.continuation)
3752 			budget--;
3753 
3754 		if (err_info.push_reason !=
3755 		    HAL_REO_DEST_RING_PUSH_REASON_ERR_DETECTED) {
3756 			dev_kfree_skb_any(msdu);
3757 			continue;
3758 		}
3759 
3760 		rxcb->err_rel_src = err_info.err_rel_src;
3761 		rxcb->err_code = err_info.err_code;
3762 		rxcb->rx_desc = (struct hal_rx_desc *)msdu->data;
3763 		__skb_queue_tail(&msdu_list[mac_id], msdu);
3764 
3765 		rxcb->is_first_msdu = err_info.first_msdu;
3766 		rxcb->is_last_msdu = err_info.last_msdu;
3767 		rxcb->is_continuation = err_info.continuation;
3768 	}
3769 
3770 	ath12k_hal_srng_access_end(ab, srng);
3771 
3772 	spin_unlock_bh(&srng->lock);
3773 
3774 	if (!num_buffs_reaped)
3775 		goto done;
3776 
3777 	ath12k_dp_rx_bufs_replenish(ab, 0, rx_ring, num_buffs_reaped,
3778 				    ab->hw_params->hal_params->rx_buf_rbm, true);
3779 
3780 	rcu_read_lock();
3781 	for (i = 0; i <  ab->num_radios; i++) {
3782 		if (!rcu_dereference(ab->pdevs_active[i])) {
3783 			__skb_queue_purge(&msdu_list[i]);
3784 			continue;
3785 		}
3786 
3787 		ar = ab->pdevs[i].ar;
3788 
3789 		if (test_bit(ATH12K_CAC_RUNNING, &ar->dev_flags)) {
3790 			__skb_queue_purge(&msdu_list[i]);
3791 			continue;
3792 		}
3793 
3794 		while ((msdu = __skb_dequeue(&msdu_list[i])) != NULL)
3795 			ath12k_dp_rx_wbm_err(ar, napi, msdu, &msdu_list[i]);
3796 	}
3797 	rcu_read_unlock();
3798 done:
3799 	return num_buffs_reaped;
3800 }
3801 
3802 void ath12k_dp_rx_process_reo_status(struct ath12k_base *ab)
3803 {
3804 	struct ath12k_dp *dp = &ab->dp;
3805 	struct hal_tlv_64_hdr *hdr;
3806 	struct hal_srng *srng;
3807 	struct ath12k_dp_rx_reo_cmd *cmd, *tmp;
3808 	bool found = false;
3809 	u16 tag;
3810 	struct hal_reo_status reo_status;
3811 
3812 	srng = &ab->hal.srng_list[dp->reo_status_ring.ring_id];
3813 
3814 	memset(&reo_status, 0, sizeof(reo_status));
3815 
3816 	spin_lock_bh(&srng->lock);
3817 
3818 	ath12k_hal_srng_access_begin(ab, srng);
3819 
3820 	while ((hdr = ath12k_hal_srng_dst_get_next_entry(ab, srng))) {
3821 		tag = u64_get_bits(hdr->tl, HAL_SRNG_TLV_HDR_TAG);
3822 
3823 		switch (tag) {
3824 		case HAL_REO_GET_QUEUE_STATS_STATUS:
3825 			ath12k_hal_reo_status_queue_stats(ab, hdr,
3826 							  &reo_status);
3827 			break;
3828 		case HAL_REO_FLUSH_QUEUE_STATUS:
3829 			ath12k_hal_reo_flush_queue_status(ab, hdr,
3830 							  &reo_status);
3831 			break;
3832 		case HAL_REO_FLUSH_CACHE_STATUS:
3833 			ath12k_hal_reo_flush_cache_status(ab, hdr,
3834 							  &reo_status);
3835 			break;
3836 		case HAL_REO_UNBLOCK_CACHE_STATUS:
3837 			ath12k_hal_reo_unblk_cache_status(ab, hdr,
3838 							  &reo_status);
3839 			break;
3840 		case HAL_REO_FLUSH_TIMEOUT_LIST_STATUS:
3841 			ath12k_hal_reo_flush_timeout_list_status(ab, hdr,
3842 								 &reo_status);
3843 			break;
3844 		case HAL_REO_DESCRIPTOR_THRESHOLD_REACHED_STATUS:
3845 			ath12k_hal_reo_desc_thresh_reached_status(ab, hdr,
3846 								  &reo_status);
3847 			break;
3848 		case HAL_REO_UPDATE_RX_REO_QUEUE_STATUS:
3849 			ath12k_hal_reo_update_rx_reo_queue_status(ab, hdr,
3850 								  &reo_status);
3851 			break;
3852 		default:
3853 			ath12k_warn(ab, "Unknown reo status type %d\n", tag);
3854 			continue;
3855 		}
3856 
3857 		spin_lock_bh(&dp->reo_cmd_lock);
3858 		list_for_each_entry_safe(cmd, tmp, &dp->reo_cmd_list, list) {
3859 			if (reo_status.uniform_hdr.cmd_num == cmd->cmd_num) {
3860 				found = true;
3861 				list_del(&cmd->list);
3862 				break;
3863 			}
3864 		}
3865 		spin_unlock_bh(&dp->reo_cmd_lock);
3866 
3867 		if (found) {
3868 			cmd->handler(dp, (void *)&cmd->data,
3869 				     reo_status.uniform_hdr.cmd_status);
3870 			kfree(cmd);
3871 		}
3872 
3873 		found = false;
3874 	}
3875 
3876 	ath12k_hal_srng_access_end(ab, srng);
3877 
3878 	spin_unlock_bh(&srng->lock);
3879 }
3880 
3881 void ath12k_dp_rx_free(struct ath12k_base *ab)
3882 {
3883 	struct ath12k_dp *dp = &ab->dp;
3884 	int i;
3885 
3886 	ath12k_dp_srng_cleanup(ab, &dp->rx_refill_buf_ring.refill_buf_ring);
3887 
3888 	for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
3889 		if (ab->hw_params->rx_mac_buf_ring)
3890 			ath12k_dp_srng_cleanup(ab, &dp->rx_mac_buf_ring[i]);
3891 	}
3892 
3893 	for (i = 0; i < ab->hw_params->num_rxdma_dst_ring; i++)
3894 		ath12k_dp_srng_cleanup(ab, &dp->rxdma_err_dst_ring[i]);
3895 
3896 	ath12k_dp_srng_cleanup(ab, &dp->rxdma_mon_buf_ring.refill_buf_ring);
3897 	ath12k_dp_srng_cleanup(ab, &dp->tx_mon_buf_ring.refill_buf_ring);
3898 
3899 	ath12k_dp_rxdma_buf_free(ab);
3900 }
3901 
3902 void ath12k_dp_rx_pdev_free(struct ath12k_base *ab, int mac_id)
3903 {
3904 	struct ath12k *ar = ab->pdevs[mac_id].ar;
3905 
3906 	ath12k_dp_rx_pdev_srng_free(ar);
3907 }
3908 
3909 int ath12k_dp_rxdma_ring_sel_config_qcn9274(struct ath12k_base *ab)
3910 {
3911 	struct ath12k_dp *dp = &ab->dp;
3912 	struct htt_rx_ring_tlv_filter tlv_filter = {0};
3913 	u32 ring_id;
3914 	int ret;
3915 	u32 hal_rx_desc_sz = ab->hw_params->hal_desc_sz;
3916 
3917 	ring_id = dp->rx_refill_buf_ring.refill_buf_ring.ring_id;
3918 
3919 	tlv_filter.rx_filter = HTT_RX_TLV_FLAGS_RXDMA_RING;
3920 	tlv_filter.pkt_filter_flags2 = HTT_RX_FP_CTRL_PKT_FILTER_TLV_FLAGS2_BAR;
3921 	tlv_filter.pkt_filter_flags3 = HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_MCAST |
3922 					HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_UCAST |
3923 					HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_NULL_DATA;
3924 	tlv_filter.offset_valid = true;
3925 	tlv_filter.rx_packet_offset = hal_rx_desc_sz;
3926 
3927 	tlv_filter.rx_mpdu_start_offset =
3928 			ab->hw_params->hal_ops->rx_desc_get_mpdu_start_offset();
3929 	tlv_filter.rx_msdu_end_offset =
3930 		ab->hw_params->hal_ops->rx_desc_get_msdu_end_offset();
3931 
3932 	/* TODO: Selectively subscribe to required qwords within msdu_end
3933 	 * and mpdu_start and setup the mask in below msg
3934 	 * and modify the rx_desc struct
3935 	 */
3936 	ret = ath12k_dp_tx_htt_rx_filter_setup(ab, ring_id, 0,
3937 					       HAL_RXDMA_BUF,
3938 					       DP_RXDMA_REFILL_RING_SIZE,
3939 					       &tlv_filter);
3940 
3941 	return ret;
3942 }
3943 
3944 int ath12k_dp_rxdma_ring_sel_config_wcn7850(struct ath12k_base *ab)
3945 {
3946 	struct ath12k_dp *dp = &ab->dp;
3947 	struct htt_rx_ring_tlv_filter tlv_filter = {0};
3948 	u32 ring_id;
3949 	int ret;
3950 	u32 hal_rx_desc_sz = ab->hw_params->hal_desc_sz;
3951 	int i;
3952 
3953 	ring_id = dp->rx_refill_buf_ring.refill_buf_ring.ring_id;
3954 
3955 	tlv_filter.rx_filter = HTT_RX_TLV_FLAGS_RXDMA_RING;
3956 	tlv_filter.pkt_filter_flags2 = HTT_RX_FP_CTRL_PKT_FILTER_TLV_FLAGS2_BAR;
3957 	tlv_filter.pkt_filter_flags3 = HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_MCAST |
3958 					HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_UCAST |
3959 					HTT_RX_FP_DATA_PKT_FILTER_TLV_FLASG3_NULL_DATA;
3960 	tlv_filter.offset_valid = true;
3961 	tlv_filter.rx_packet_offset = hal_rx_desc_sz;
3962 
3963 	tlv_filter.rx_header_offset = offsetof(struct hal_rx_desc_wcn7850, pkt_hdr_tlv);
3964 
3965 	tlv_filter.rx_mpdu_start_offset =
3966 			ab->hw_params->hal_ops->rx_desc_get_mpdu_start_offset();
3967 	tlv_filter.rx_msdu_end_offset =
3968 		ab->hw_params->hal_ops->rx_desc_get_msdu_end_offset();
3969 
3970 	/* TODO: Selectively subscribe to required qwords within msdu_end
3971 	 * and mpdu_start and setup the mask in below msg
3972 	 * and modify the rx_desc struct
3973 	 */
3974 
3975 	for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
3976 		ring_id = dp->rx_mac_buf_ring[i].ring_id;
3977 		ret = ath12k_dp_tx_htt_rx_filter_setup(ab, ring_id, i,
3978 						       HAL_RXDMA_BUF,
3979 						       DP_RXDMA_REFILL_RING_SIZE,
3980 						       &tlv_filter);
3981 	}
3982 
3983 	return ret;
3984 }
3985 
3986 int ath12k_dp_rx_htt_setup(struct ath12k_base *ab)
3987 {
3988 	struct ath12k_dp *dp = &ab->dp;
3989 	u32 ring_id;
3990 	int i, ret;
3991 
3992 	/* TODO: Need to verify the HTT setup for QCN9224 */
3993 	ring_id = dp->rx_refill_buf_ring.refill_buf_ring.ring_id;
3994 	ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id, 0, HAL_RXDMA_BUF);
3995 	if (ret) {
3996 		ath12k_warn(ab, "failed to configure rx_refill_buf_ring %d\n",
3997 			    ret);
3998 		return ret;
3999 	}
4000 
4001 	if (ab->hw_params->rx_mac_buf_ring) {
4002 		for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
4003 			ring_id = dp->rx_mac_buf_ring[i].ring_id;
4004 			ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4005 							  i, HAL_RXDMA_BUF);
4006 			if (ret) {
4007 				ath12k_warn(ab, "failed to configure rx_mac_buf_ring%d %d\n",
4008 					    i, ret);
4009 				return ret;
4010 			}
4011 		}
4012 	}
4013 
4014 	for (i = 0; i < ab->hw_params->num_rxdma_dst_ring; i++) {
4015 		ring_id = dp->rxdma_err_dst_ring[i].ring_id;
4016 		ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4017 						  i, HAL_RXDMA_DST);
4018 		if (ret) {
4019 			ath12k_warn(ab, "failed to configure rxdma_err_dest_ring%d %d\n",
4020 				    i, ret);
4021 			return ret;
4022 		}
4023 	}
4024 
4025 	if (ab->hw_params->rxdma1_enable) {
4026 		ring_id = dp->rxdma_mon_buf_ring.refill_buf_ring.ring_id;
4027 		ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4028 						  0, HAL_RXDMA_MONITOR_BUF);
4029 		if (ret) {
4030 			ath12k_warn(ab, "failed to configure rxdma_mon_buf_ring %d\n",
4031 				    ret);
4032 			return ret;
4033 		}
4034 
4035 		ring_id = dp->tx_mon_buf_ring.refill_buf_ring.ring_id;
4036 		ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4037 						  0, HAL_TX_MONITOR_BUF);
4038 		if (ret) {
4039 			ath12k_warn(ab, "failed to configure rxdma_mon_buf_ring %d\n",
4040 				    ret);
4041 			return ret;
4042 		}
4043 	}
4044 
4045 	ret = ab->hw_params->hw_ops->rxdma_ring_sel_config(ab);
4046 	if (ret) {
4047 		ath12k_warn(ab, "failed to setup rxdma ring selection config\n");
4048 		return ret;
4049 	}
4050 
4051 	return 0;
4052 }
4053 
4054 int ath12k_dp_rx_alloc(struct ath12k_base *ab)
4055 {
4056 	struct ath12k_dp *dp = &ab->dp;
4057 	int i, ret;
4058 
4059 	idr_init(&dp->rx_refill_buf_ring.bufs_idr);
4060 	spin_lock_init(&dp->rx_refill_buf_ring.idr_lock);
4061 
4062 	idr_init(&dp->rxdma_mon_buf_ring.bufs_idr);
4063 	spin_lock_init(&dp->rxdma_mon_buf_ring.idr_lock);
4064 
4065 	idr_init(&dp->tx_mon_buf_ring.bufs_idr);
4066 	spin_lock_init(&dp->tx_mon_buf_ring.idr_lock);
4067 
4068 	ret = ath12k_dp_srng_setup(ab,
4069 				   &dp->rx_refill_buf_ring.refill_buf_ring,
4070 				   HAL_RXDMA_BUF, 0, 0,
4071 				   DP_RXDMA_BUF_RING_SIZE);
4072 	if (ret) {
4073 		ath12k_warn(ab, "failed to setup rx_refill_buf_ring\n");
4074 		return ret;
4075 	}
4076 
4077 	if (ab->hw_params->rx_mac_buf_ring) {
4078 		for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
4079 			ret = ath12k_dp_srng_setup(ab,
4080 						   &dp->rx_mac_buf_ring[i],
4081 						   HAL_RXDMA_BUF, 1,
4082 						   i, 1024);
4083 			if (ret) {
4084 				ath12k_warn(ab, "failed to setup rx_mac_buf_ring %d\n",
4085 					    i);
4086 				return ret;
4087 			}
4088 		}
4089 	}
4090 
4091 	for (i = 0; i < ab->hw_params->num_rxdma_dst_ring; i++) {
4092 		ret = ath12k_dp_srng_setup(ab, &dp->rxdma_err_dst_ring[i],
4093 					   HAL_RXDMA_DST, 0, i,
4094 					   DP_RXDMA_ERR_DST_RING_SIZE);
4095 		if (ret) {
4096 			ath12k_warn(ab, "failed to setup rxdma_err_dst_ring %d\n", i);
4097 			return ret;
4098 		}
4099 	}
4100 
4101 	if (ab->hw_params->rxdma1_enable) {
4102 		ret = ath12k_dp_srng_setup(ab,
4103 					   &dp->rxdma_mon_buf_ring.refill_buf_ring,
4104 					   HAL_RXDMA_MONITOR_BUF, 0, 0,
4105 					   DP_RXDMA_MONITOR_BUF_RING_SIZE);
4106 		if (ret) {
4107 			ath12k_warn(ab, "failed to setup HAL_RXDMA_MONITOR_BUF\n");
4108 			return ret;
4109 		}
4110 
4111 		ret = ath12k_dp_srng_setup(ab,
4112 					   &dp->tx_mon_buf_ring.refill_buf_ring,
4113 					   HAL_TX_MONITOR_BUF, 0, 0,
4114 					   DP_TX_MONITOR_BUF_RING_SIZE);
4115 		if (ret) {
4116 			ath12k_warn(ab, "failed to setup DP_TX_MONITOR_BUF_RING_SIZE\n");
4117 			return ret;
4118 		}
4119 	}
4120 
4121 	ret = ath12k_dp_rxdma_buf_setup(ab);
4122 	if (ret) {
4123 		ath12k_warn(ab, "failed to setup rxdma ring\n");
4124 		return ret;
4125 	}
4126 
4127 	return 0;
4128 }
4129 
4130 int ath12k_dp_rx_pdev_alloc(struct ath12k_base *ab, int mac_id)
4131 {
4132 	struct ath12k *ar = ab->pdevs[mac_id].ar;
4133 	struct ath12k_pdev_dp *dp = &ar->dp;
4134 	u32 ring_id;
4135 	int i;
4136 	int ret;
4137 
4138 	if (!ab->hw_params->rxdma1_enable)
4139 		goto out;
4140 
4141 	ret = ath12k_dp_rx_pdev_srng_alloc(ar);
4142 	if (ret) {
4143 		ath12k_warn(ab, "failed to setup rx srngs\n");
4144 		return ret;
4145 	}
4146 
4147 	for (i = 0; i < ab->hw_params->num_rxmda_per_pdev; i++) {
4148 		ring_id = dp->rxdma_mon_dst_ring[i].ring_id;
4149 		ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4150 						  mac_id + i,
4151 						  HAL_RXDMA_MONITOR_DST);
4152 		if (ret) {
4153 			ath12k_warn(ab,
4154 				    "failed to configure rxdma_mon_dst_ring %d %d\n",
4155 				    i, ret);
4156 			return ret;
4157 		}
4158 
4159 		ring_id = dp->tx_mon_dst_ring[i].ring_id;
4160 		ret = ath12k_dp_tx_htt_srng_setup(ab, ring_id,
4161 						  mac_id + i,
4162 						  HAL_TX_MONITOR_DST);
4163 		if (ret) {
4164 			ath12k_warn(ab,
4165 				    "failed to configure tx_mon_dst_ring %d %d\n",
4166 				    i, ret);
4167 			return ret;
4168 		}
4169 	}
4170 out:
4171 	return 0;
4172 }
4173 
4174 static int ath12k_dp_rx_pdev_mon_status_attach(struct ath12k *ar)
4175 {
4176 	struct ath12k_pdev_dp *dp = &ar->dp;
4177 	struct ath12k_mon_data *pmon = (struct ath12k_mon_data *)&dp->mon_data;
4178 
4179 	skb_queue_head_init(&pmon->rx_status_q);
4180 
4181 	pmon->mon_ppdu_status = DP_PPDU_STATUS_START;
4182 
4183 	memset(&pmon->rx_mon_stats, 0,
4184 	       sizeof(pmon->rx_mon_stats));
4185 	return 0;
4186 }
4187 
4188 int ath12k_dp_rx_pdev_mon_attach(struct ath12k *ar)
4189 {
4190 	struct ath12k_pdev_dp *dp = &ar->dp;
4191 	struct ath12k_mon_data *pmon = &dp->mon_data;
4192 	int ret = 0;
4193 
4194 	ret = ath12k_dp_rx_pdev_mon_status_attach(ar);
4195 	if (ret) {
4196 		ath12k_warn(ar->ab, "pdev_mon_status_attach() failed");
4197 		return ret;
4198 	}
4199 
4200 	/* if rxdma1_enable is false, no need to setup
4201 	 * rxdma_mon_desc_ring.
4202 	 */
4203 	if (!ar->ab->hw_params->rxdma1_enable)
4204 		return 0;
4205 
4206 	pmon->mon_last_linkdesc_paddr = 0;
4207 	pmon->mon_last_buf_cookie = DP_RX_DESC_COOKIE_MAX + 1;
4208 	spin_lock_init(&pmon->mon_lock);
4209 
4210 	return 0;
4211 }
4212 
4213 int ath12k_dp_rx_pktlog_start(struct ath12k_base *ab)
4214 {
4215 	/* start reap timer */
4216 	mod_timer(&ab->mon_reap_timer,
4217 		  jiffies + msecs_to_jiffies(ATH12K_MON_TIMER_INTERVAL));
4218 
4219 	return 0;
4220 }
4221 
4222 int ath12k_dp_rx_pktlog_stop(struct ath12k_base *ab, bool stop_timer)
4223 {
4224 	int ret;
4225 
4226 	if (stop_timer)
4227 		del_timer_sync(&ab->mon_reap_timer);
4228 
4229 	/* reap all the monitor related rings */
4230 	ret = ath12k_dp_purge_mon_ring(ab);
4231 	if (ret) {
4232 		ath12k_warn(ab, "failed to purge dp mon ring: %d\n", ret);
4233 		return ret;
4234 	}
4235 
4236 	return 0;
4237 }
4238