1 /* 2 * Atheros CARL9170 driver 3 * 4 * 802.11 & command trap routines 5 * 6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; see the file COPYING. If not, see 21 * http://www.gnu.org/licenses/. 22 * 23 * This file incorporates work covered by the following copyright and 24 * permission notice: 25 * Copyright (c) 2007-2008 Atheros Communications, Inc. 26 * 27 * Permission to use, copy, modify, and/or distribute this software for any 28 * purpose with or without fee is hereby granted, provided that the above 29 * copyright notice and this permission notice appear in all copies. 30 * 31 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 32 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 33 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 34 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 35 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 36 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 37 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 38 */ 39 40 #include <linux/init.h> 41 #include <linux/slab.h> 42 #include <linux/module.h> 43 #include <linux/etherdevice.h> 44 #include <linux/crc32.h> 45 #include <net/mac80211.h> 46 #include "carl9170.h" 47 #include "hw.h" 48 #include "cmd.h" 49 50 static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len) 51 { 52 bool restart = false; 53 enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON; 54 55 if (len > 3) { 56 if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) { 57 ar->fw.err_counter++; 58 if (ar->fw.err_counter > 3) { 59 restart = true; 60 reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS; 61 } 62 } 63 64 if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) { 65 ar->fw.bug_counter++; 66 restart = true; 67 reason = CARL9170_RR_FATAL_FIRMWARE_ERROR; 68 } 69 } 70 71 wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf); 72 73 if (restart) 74 carl9170_restart(ar, reason); 75 } 76 77 static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp) 78 { 79 u32 ps; 80 bool new_ps; 81 82 ps = le32_to_cpu(rsp->psm.state); 83 84 new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE; 85 if (ar->ps.state != new_ps) { 86 if (!new_ps) { 87 ar->ps.sleep_ms = jiffies_to_msecs(jiffies - 88 ar->ps.last_action); 89 } 90 91 ar->ps.last_action = jiffies; 92 93 ar->ps.state = new_ps; 94 } 95 } 96 97 static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq) 98 { 99 if (ar->cmd_seq < -1) 100 return 0; 101 102 /* 103 * Initialize Counter 104 */ 105 if (ar->cmd_seq < 0) 106 ar->cmd_seq = seq; 107 108 /* 109 * The sequence is strictly monotonic increasing and it never skips! 110 * 111 * Therefore we can safely assume that whenever we received an 112 * unexpected sequence we have lost some valuable data. 113 */ 114 if (seq != ar->cmd_seq) { 115 int count; 116 117 count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs; 118 119 wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! " 120 "w:%d g:%d\n", count, ar->cmd_seq, seq); 121 122 carl9170_restart(ar, CARL9170_RR_LOST_RSP); 123 return -EIO; 124 } 125 126 ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs; 127 return 0; 128 } 129 130 static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer) 131 { 132 /* 133 * Some commands may have a variable response length 134 * and we cannot predict the correct length in advance. 135 * So we only check if we provided enough space for the data. 136 */ 137 if (unlikely(ar->readlen != (len - 4))) { 138 dev_warn(&ar->udev->dev, "received invalid command response:" 139 "got %d, instead of %d\n", len - 4, ar->readlen); 140 print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET, 141 ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f); 142 print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET, 143 buffer, len); 144 /* 145 * Do not complete. The command times out, 146 * and we get a stack trace from there. 147 */ 148 carl9170_restart(ar, CARL9170_RR_INVALID_RSP); 149 } 150 151 spin_lock(&ar->cmd_lock); 152 if (ar->readbuf) { 153 if (len >= 4) 154 memcpy(ar->readbuf, buffer + 4, len - 4); 155 156 ar->readbuf = NULL; 157 } 158 complete(&ar->cmd_wait); 159 spin_unlock(&ar->cmd_lock); 160 } 161 162 void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len) 163 { 164 struct carl9170_rsp *cmd = buf; 165 struct ieee80211_vif *vif; 166 167 if (carl9170_check_sequence(ar, cmd->hdr.seq)) 168 return; 169 170 if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) { 171 if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG)) 172 carl9170_cmd_callback(ar, len, buf); 173 174 return; 175 } 176 177 if (unlikely(cmd->hdr.len != (len - 4))) { 178 if (net_ratelimit()) { 179 wiphy_err(ar->hw->wiphy, "FW: received over-/under" 180 "sized event %x (%d, but should be %d).\n", 181 cmd->hdr.cmd, cmd->hdr.len, len - 4); 182 183 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, 184 buf, len); 185 } 186 187 return; 188 } 189 190 /* hardware event handlers */ 191 switch (cmd->hdr.cmd) { 192 case CARL9170_RSP_PRETBTT: 193 /* pre-TBTT event */ 194 rcu_read_lock(); 195 vif = carl9170_get_main_vif(ar); 196 197 if (!vif) { 198 rcu_read_unlock(); 199 break; 200 } 201 202 switch (vif->type) { 203 case NL80211_IFTYPE_STATION: 204 carl9170_handle_ps(ar, cmd); 205 break; 206 207 case NL80211_IFTYPE_AP: 208 case NL80211_IFTYPE_ADHOC: 209 carl9170_update_beacon(ar, true); 210 break; 211 212 default: 213 break; 214 } 215 rcu_read_unlock(); 216 217 break; 218 219 220 case CARL9170_RSP_TXCOMP: 221 /* TX status notification */ 222 carl9170_tx_process_status(ar, cmd); 223 break; 224 225 case CARL9170_RSP_BEACON_CONFIG: 226 /* 227 * (IBSS) beacon send notification 228 * bytes: 04 c2 XX YY B4 B3 B2 B1 229 * 230 * XX always 80 231 * YY always 00 232 * B1-B4 "should" be the number of send out beacons. 233 */ 234 break; 235 236 case CARL9170_RSP_ATIM: 237 /* End of Atim Window */ 238 break; 239 240 case CARL9170_RSP_WATCHDOG: 241 /* Watchdog Interrupt */ 242 carl9170_restart(ar, CARL9170_RR_WATCHDOG); 243 break; 244 245 case CARL9170_RSP_TEXT: 246 /* firmware debug */ 247 carl9170_dbg_message(ar, (char *)buf + 4, len - 4); 248 break; 249 250 case CARL9170_RSP_HEXDUMP: 251 wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4); 252 print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE, 253 (char *)buf + 4, len - 4); 254 break; 255 256 case CARL9170_RSP_RADAR: 257 if (!net_ratelimit()) 258 break; 259 260 wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this " 261 "incident to linux-wireless@vger.kernel.org !\n"); 262 break; 263 264 case CARL9170_RSP_GPIO: 265 #ifdef CONFIG_CARL9170_WPC 266 if (ar->wps.pbc) { 267 bool state = !!(cmd->gpio.gpio & cpu_to_le32( 268 AR9170_GPIO_PORT_WPS_BUTTON_PRESSED)); 269 270 if (state != ar->wps.pbc_state) { 271 ar->wps.pbc_state = state; 272 input_report_key(ar->wps.pbc, KEY_WPS_BUTTON, 273 state); 274 input_sync(ar->wps.pbc); 275 } 276 } 277 #endif /* CONFIG_CARL9170_WPC */ 278 break; 279 280 case CARL9170_RSP_BOOT: 281 complete(&ar->fw_boot_wait); 282 break; 283 284 default: 285 wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n", 286 cmd->hdr.cmd); 287 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len); 288 break; 289 } 290 } 291 292 static int carl9170_rx_mac_status(struct ar9170 *ar, 293 struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac, 294 struct ieee80211_rx_status *status) 295 { 296 struct ieee80211_channel *chan; 297 u8 error, decrypt; 298 299 BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12); 300 BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4); 301 302 error = mac->error; 303 304 if (error & AR9170_RX_ERROR_WRONG_RA) { 305 if (!ar->sniffer_enabled) 306 return -EINVAL; 307 } 308 309 if (error & AR9170_RX_ERROR_PLCP) { 310 if (!(ar->filter_state & FIF_PLCPFAIL)) 311 return -EINVAL; 312 313 status->flag |= RX_FLAG_FAILED_PLCP_CRC; 314 } 315 316 if (error & AR9170_RX_ERROR_FCS) { 317 ar->tx_fcs_errors++; 318 319 if (!(ar->filter_state & FIF_FCSFAIL)) 320 return -EINVAL; 321 322 status->flag |= RX_FLAG_FAILED_FCS_CRC; 323 } 324 325 decrypt = ar9170_get_decrypt_type(mac); 326 if (!(decrypt & AR9170_RX_ENC_SOFTWARE) && 327 decrypt != AR9170_ENC_ALG_NONE) { 328 if ((decrypt == AR9170_ENC_ALG_TKIP) && 329 (error & AR9170_RX_ERROR_MMIC)) 330 status->flag |= RX_FLAG_MMIC_ERROR; 331 332 status->flag |= RX_FLAG_DECRYPTED; 333 } 334 335 if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled) 336 return -ENODATA; 337 338 error &= ~(AR9170_RX_ERROR_MMIC | 339 AR9170_RX_ERROR_FCS | 340 AR9170_RX_ERROR_WRONG_RA | 341 AR9170_RX_ERROR_DECRYPT | 342 AR9170_RX_ERROR_PLCP); 343 344 /* drop any other error frames */ 345 if (unlikely(error)) { 346 /* TODO: update netdevice's RX dropped/errors statistics */ 347 348 if (net_ratelimit()) 349 wiphy_dbg(ar->hw->wiphy, "received frame with " 350 "suspicious error code (%#x).\n", error); 351 352 return -EINVAL; 353 } 354 355 chan = ar->channel; 356 if (chan) { 357 status->band = chan->band; 358 status->freq = chan->center_freq; 359 } 360 361 switch (mac->status & AR9170_RX_STATUS_MODULATION) { 362 case AR9170_RX_STATUS_MODULATION_CCK: 363 if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE) 364 status->flag |= RX_FLAG_SHORTPRE; 365 switch (head->plcp[0]) { 366 case AR9170_RX_PHY_RATE_CCK_1M: 367 status->rate_idx = 0; 368 break; 369 case AR9170_RX_PHY_RATE_CCK_2M: 370 status->rate_idx = 1; 371 break; 372 case AR9170_RX_PHY_RATE_CCK_5M: 373 status->rate_idx = 2; 374 break; 375 case AR9170_RX_PHY_RATE_CCK_11M: 376 status->rate_idx = 3; 377 break; 378 default: 379 if (net_ratelimit()) { 380 wiphy_err(ar->hw->wiphy, "invalid plcp cck " 381 "rate (%x).\n", head->plcp[0]); 382 } 383 384 return -EINVAL; 385 } 386 break; 387 388 case AR9170_RX_STATUS_MODULATION_DUPOFDM: 389 case AR9170_RX_STATUS_MODULATION_OFDM: 390 switch (head->plcp[0] & 0xf) { 391 case AR9170_TXRX_PHY_RATE_OFDM_6M: 392 status->rate_idx = 0; 393 break; 394 case AR9170_TXRX_PHY_RATE_OFDM_9M: 395 status->rate_idx = 1; 396 break; 397 case AR9170_TXRX_PHY_RATE_OFDM_12M: 398 status->rate_idx = 2; 399 break; 400 case AR9170_TXRX_PHY_RATE_OFDM_18M: 401 status->rate_idx = 3; 402 break; 403 case AR9170_TXRX_PHY_RATE_OFDM_24M: 404 status->rate_idx = 4; 405 break; 406 case AR9170_TXRX_PHY_RATE_OFDM_36M: 407 status->rate_idx = 5; 408 break; 409 case AR9170_TXRX_PHY_RATE_OFDM_48M: 410 status->rate_idx = 6; 411 break; 412 case AR9170_TXRX_PHY_RATE_OFDM_54M: 413 status->rate_idx = 7; 414 break; 415 default: 416 if (net_ratelimit()) { 417 wiphy_err(ar->hw->wiphy, "invalid plcp ofdm " 418 "rate (%x).\n", head->plcp[0]); 419 } 420 421 return -EINVAL; 422 } 423 if (status->band == IEEE80211_BAND_2GHZ) 424 status->rate_idx += 4; 425 break; 426 427 case AR9170_RX_STATUS_MODULATION_HT: 428 if (head->plcp[3] & 0x80) 429 status->flag |= RX_FLAG_40MHZ; 430 if (head->plcp[6] & 0x80) 431 status->flag |= RX_FLAG_SHORT_GI; 432 433 status->rate_idx = clamp(0, 75, head->plcp[3] & 0x7f); 434 status->flag |= RX_FLAG_HT; 435 break; 436 437 default: 438 BUG(); 439 return -ENOSYS; 440 } 441 442 return 0; 443 } 444 445 static void carl9170_rx_phy_status(struct ar9170 *ar, 446 struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status) 447 { 448 int i; 449 450 BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20); 451 452 for (i = 0; i < 3; i++) 453 if (phy->rssi[i] != 0x80) 454 status->antenna |= BIT(i); 455 456 /* post-process RSSI */ 457 for (i = 0; i < 7; i++) 458 if (phy->rssi[i] & 0x80) 459 phy->rssi[i] = ((phy->rssi[i] & 0x7f) + 1) & 0x7f; 460 461 /* TODO: we could do something with phy_errors */ 462 status->signal = ar->noise[0] + phy->rssi_combined; 463 } 464 465 static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len) 466 { 467 struct sk_buff *skb; 468 int reserved = 0; 469 struct ieee80211_hdr *hdr = (void *) buf; 470 471 if (ieee80211_is_data_qos(hdr->frame_control)) { 472 u8 *qc = ieee80211_get_qos_ctl(hdr); 473 reserved += NET_IP_ALIGN; 474 475 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) 476 reserved += NET_IP_ALIGN; 477 } 478 479 if (ieee80211_has_a4(hdr->frame_control)) 480 reserved += NET_IP_ALIGN; 481 482 reserved = 32 + (reserved & NET_IP_ALIGN); 483 484 skb = dev_alloc_skb(len + reserved); 485 if (likely(skb)) { 486 skb_reserve(skb, reserved); 487 memcpy(skb_put(skb, len), buf, len); 488 } 489 490 return skb; 491 } 492 493 static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie) 494 { 495 struct ieee80211_mgmt *mgmt = (void *)data; 496 u8 *pos, *end; 497 498 pos = (u8 *)mgmt->u.beacon.variable; 499 end = data + len; 500 while (pos < end) { 501 if (pos + 2 + pos[1] > end) 502 return NULL; 503 504 if (pos[0] == ie) 505 return pos; 506 507 pos += 2 + pos[1]; 508 } 509 return NULL; 510 } 511 512 /* 513 * NOTE: 514 * 515 * The firmware is in charge of waking up the device just before 516 * the AP is expected to transmit the next beacon. 517 * 518 * This leaves the driver with the important task of deciding when 519 * to set the PHY back to bed again. 520 */ 521 static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len) 522 { 523 struct ieee80211_hdr *hdr = data; 524 struct ieee80211_tim_ie *tim_ie; 525 u8 *tim; 526 u8 tim_len; 527 bool cam; 528 529 if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS))) 530 return; 531 532 /* check if this really is a beacon */ 533 if (!ieee80211_is_beacon(hdr->frame_control)) 534 return; 535 536 /* min. beacon length + FCS_LEN */ 537 if (len <= 40 + FCS_LEN) 538 return; 539 540 /* and only beacons from the associated BSSID, please */ 541 if (!ether_addr_equal(hdr->addr3, ar->common.curbssid) || 542 !ar->common.curaid) 543 return; 544 545 ar->ps.last_beacon = jiffies; 546 547 tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM); 548 if (!tim) 549 return; 550 551 if (tim[1] < sizeof(*tim_ie)) 552 return; 553 554 tim_len = tim[1]; 555 tim_ie = (struct ieee80211_tim_ie *) &tim[2]; 556 557 if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period)) 558 ar->ps.dtim_counter = (tim_ie->dtim_count - 1) % 559 ar->hw->conf.ps_dtim_period; 560 561 /* Check whenever the PHY can be turned off again. */ 562 563 /* 1. What about buffered unicast traffic for our AID? */ 564 cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid); 565 566 /* 2. Maybe the AP wants to send multicast/broadcast data? */ 567 cam |= !!(tim_ie->bitmap_ctrl & 0x01); 568 569 if (!cam) { 570 /* back to low-power land. */ 571 ar->ps.off_override &= ~PS_OFF_BCN; 572 carl9170_ps_check(ar); 573 } else { 574 /* force CAM */ 575 ar->ps.off_override |= PS_OFF_BCN; 576 } 577 } 578 579 static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len) 580 { 581 struct ieee80211_bar *bar = (void *) data; 582 struct carl9170_bar_list_entry *entry; 583 unsigned int queue; 584 585 if (likely(!ieee80211_is_back(bar->frame_control))) 586 return; 587 588 if (len <= sizeof(*bar) + FCS_LEN) 589 return; 590 591 queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) & 592 IEEE80211_BAR_CTRL_TID_INFO_MASK) >> 593 IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7); 594 595 rcu_read_lock(); 596 list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) { 597 struct sk_buff *entry_skb = entry->skb; 598 struct _carl9170_tx_superframe *super = (void *)entry_skb->data; 599 struct ieee80211_bar *entry_bar = (void *)super->frame_data; 600 601 #define TID_CHECK(a, b) ( \ 602 ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) == \ 603 ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK))) \ 604 605 if (bar->start_seq_num == entry_bar->start_seq_num && 606 TID_CHECK(bar->control, entry_bar->control) && 607 compare_ether_addr(bar->ra, entry_bar->ta) == 0 && 608 compare_ether_addr(bar->ta, entry_bar->ra) == 0) { 609 struct ieee80211_tx_info *tx_info; 610 611 tx_info = IEEE80211_SKB_CB(entry_skb); 612 tx_info->flags |= IEEE80211_TX_STAT_ACK; 613 614 spin_lock_bh(&ar->bar_list_lock[queue]); 615 list_del_rcu(&entry->list); 616 spin_unlock_bh(&ar->bar_list_lock[queue]); 617 kfree_rcu(entry, head); 618 break; 619 } 620 } 621 rcu_read_unlock(); 622 623 #undef TID_CHECK 624 } 625 626 static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms) 627 { 628 __le16 fc; 629 630 if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) { 631 /* 632 * This frame is not part of an aMPDU. 633 * Therefore it is not subjected to any 634 * of the following content restrictions. 635 */ 636 return true; 637 } 638 639 /* 640 * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts 641 * certain frame types can be part of an aMPDU. 642 * 643 * In order to keep the processing cost down, I opted for a 644 * stateless filter solely based on the frame control field. 645 */ 646 647 fc = ((struct ieee80211_hdr *)buf)->frame_control; 648 if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc)) 649 return true; 650 651 if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) || 652 ieee80211_is_back_req(fc)) 653 return true; 654 655 if (ieee80211_is_action(fc)) 656 return true; 657 658 return false; 659 } 660 661 /* 662 * If the frame alignment is right (or the kernel has 663 * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there 664 * is only a single MPDU in the USB frame, then we could 665 * submit to mac80211 the SKB directly. However, since 666 * there may be multiple packets in one SKB in stream 667 * mode, and we need to observe the proper ordering, 668 * this is non-trivial. 669 */ 670 671 static void carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len) 672 { 673 struct ar9170_rx_head *head; 674 struct ar9170_rx_macstatus *mac; 675 struct ar9170_rx_phystatus *phy = NULL; 676 struct ieee80211_rx_status status; 677 struct sk_buff *skb; 678 int mpdu_len; 679 u8 mac_status; 680 681 if (!IS_STARTED(ar)) 682 return; 683 684 if (unlikely(len < sizeof(*mac))) 685 goto drop; 686 687 mpdu_len = len - sizeof(*mac); 688 689 mac = (void *)(buf + mpdu_len); 690 mac_status = mac->status; 691 switch (mac_status & AR9170_RX_STATUS_MPDU) { 692 case AR9170_RX_STATUS_MPDU_FIRST: 693 /* Aggregated MPDUs start with an PLCP header */ 694 if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) { 695 head = (void *) buf; 696 697 /* 698 * The PLCP header needs to be cached for the 699 * following MIDDLE + LAST A-MPDU packets. 700 * 701 * So, if you are wondering why all frames seem 702 * to share a common RX status information, 703 * then you have the answer right here... 704 */ 705 memcpy(&ar->rx_plcp, (void *) buf, 706 sizeof(struct ar9170_rx_head)); 707 708 mpdu_len -= sizeof(struct ar9170_rx_head); 709 buf += sizeof(struct ar9170_rx_head); 710 711 ar->rx_has_plcp = true; 712 } else { 713 if (net_ratelimit()) { 714 wiphy_err(ar->hw->wiphy, "plcp info " 715 "is clipped.\n"); 716 } 717 718 goto drop; 719 } 720 break; 721 722 case AR9170_RX_STATUS_MPDU_LAST: 723 /* 724 * The last frame of an A-MPDU has an extra tail 725 * which does contain the phy status of the whole 726 * aggregate. 727 */ 728 729 if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) { 730 mpdu_len -= sizeof(struct ar9170_rx_phystatus); 731 phy = (void *)(buf + mpdu_len); 732 } else { 733 if (net_ratelimit()) { 734 wiphy_err(ar->hw->wiphy, "frame tail " 735 "is clipped.\n"); 736 } 737 738 goto drop; 739 } 740 741 case AR9170_RX_STATUS_MPDU_MIDDLE: 742 /* These are just data + mac status */ 743 if (unlikely(!ar->rx_has_plcp)) { 744 if (!net_ratelimit()) 745 return; 746 747 wiphy_err(ar->hw->wiphy, "rx stream does not start " 748 "with a first_mpdu frame tag.\n"); 749 750 goto drop; 751 } 752 753 head = &ar->rx_plcp; 754 break; 755 756 case AR9170_RX_STATUS_MPDU_SINGLE: 757 /* single mpdu has both: plcp (head) and phy status (tail) */ 758 head = (void *) buf; 759 760 mpdu_len -= sizeof(struct ar9170_rx_head); 761 mpdu_len -= sizeof(struct ar9170_rx_phystatus); 762 763 buf += sizeof(struct ar9170_rx_head); 764 phy = (void *)(buf + mpdu_len); 765 break; 766 767 default: 768 BUG_ON(1); 769 break; 770 } 771 772 /* FC + DU + RA + FCS */ 773 if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN))) 774 goto drop; 775 776 memset(&status, 0, sizeof(status)); 777 if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status))) 778 goto drop; 779 780 if (!carl9170_ampdu_check(ar, buf, mac_status)) 781 goto drop; 782 783 if (phy) 784 carl9170_rx_phy_status(ar, phy, &status); 785 786 carl9170_ps_beacon(ar, buf, mpdu_len); 787 788 carl9170_ba_check(ar, buf, mpdu_len); 789 790 skb = carl9170_rx_copy_data(buf, mpdu_len); 791 if (!skb) 792 goto drop; 793 794 memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status)); 795 ieee80211_rx(ar->hw, skb); 796 return; 797 798 drop: 799 ar->rx_dropped++; 800 } 801 802 static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf, 803 const unsigned int resplen) 804 { 805 struct carl9170_rsp *cmd; 806 int i = 0; 807 808 while (i < resplen) { 809 cmd = (void *) &respbuf[i]; 810 811 i += cmd->hdr.len + 4; 812 if (unlikely(i > resplen)) 813 break; 814 815 carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4); 816 } 817 818 if (unlikely(i != resplen)) { 819 if (!net_ratelimit()) 820 return; 821 822 wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n"); 823 print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET, 824 respbuf, resplen); 825 } 826 } 827 828 static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len) 829 { 830 unsigned int i = 0; 831 832 /* weird thing, but this is the same in the original driver */ 833 while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) { 834 i += 2; 835 len -= 2; 836 buf += 2; 837 } 838 839 if (unlikely(len < 4)) 840 return; 841 842 /* found the 6 * 0xffff marker? */ 843 if (i == 12) 844 carl9170_rx_untie_cmds(ar, buf, len); 845 else 846 carl9170_handle_mpdu(ar, buf, len); 847 } 848 849 static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len) 850 { 851 unsigned int tlen, wlen = 0, clen = 0; 852 struct ar9170_stream *rx_stream; 853 u8 *tbuf; 854 855 tbuf = buf; 856 tlen = len; 857 858 while (tlen >= 4) { 859 rx_stream = (void *) tbuf; 860 clen = le16_to_cpu(rx_stream->length); 861 wlen = ALIGN(clen, 4); 862 863 /* check if this is stream has a valid tag.*/ 864 if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) { 865 /* 866 * TODO: handle the highly unlikely event that the 867 * corrupted stream has the TAG at the right position. 868 */ 869 870 /* check if the frame can be repaired. */ 871 if (!ar->rx_failover_missing) { 872 873 /* this is not "short read". */ 874 if (net_ratelimit()) { 875 wiphy_err(ar->hw->wiphy, 876 "missing tag!\n"); 877 } 878 879 __carl9170_rx(ar, tbuf, tlen); 880 return; 881 } 882 883 if (ar->rx_failover_missing > tlen) { 884 if (net_ratelimit()) { 885 wiphy_err(ar->hw->wiphy, 886 "possible multi " 887 "stream corruption!\n"); 888 goto err_telluser; 889 } else { 890 goto err_silent; 891 } 892 } 893 894 memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); 895 ar->rx_failover_missing -= tlen; 896 897 if (ar->rx_failover_missing <= 0) { 898 /* 899 * nested carl9170_rx_stream call! 900 * 901 * termination is guaranteed, even when the 902 * combined frame also have an element with 903 * a bad tag. 904 */ 905 906 ar->rx_failover_missing = 0; 907 carl9170_rx_stream(ar, ar->rx_failover->data, 908 ar->rx_failover->len); 909 910 skb_reset_tail_pointer(ar->rx_failover); 911 skb_trim(ar->rx_failover, 0); 912 } 913 914 return; 915 } 916 917 /* check if stream is clipped */ 918 if (wlen > tlen - 4) { 919 if (ar->rx_failover_missing) { 920 /* TODO: handle double stream corruption. */ 921 if (net_ratelimit()) { 922 wiphy_err(ar->hw->wiphy, "double rx " 923 "stream corruption!\n"); 924 goto err_telluser; 925 } else { 926 goto err_silent; 927 } 928 } 929 930 /* 931 * save incomplete data set. 932 * the firmware will resend the missing bits when 933 * the rx - descriptor comes round again. 934 */ 935 936 memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); 937 ar->rx_failover_missing = clen - tlen; 938 return; 939 } 940 __carl9170_rx(ar, rx_stream->payload, clen); 941 942 tbuf += wlen + 4; 943 tlen -= wlen + 4; 944 } 945 946 if (tlen) { 947 if (net_ratelimit()) { 948 wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed " 949 "data left in rx stream!\n", tlen); 950 } 951 952 goto err_telluser; 953 } 954 955 return; 956 957 err_telluser: 958 wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, " 959 "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen, 960 ar->rx_failover_missing); 961 962 if (ar->rx_failover_missing) 963 print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET, 964 ar->rx_failover->data, 965 ar->rx_failover->len); 966 967 print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET, 968 buf, len); 969 970 wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if " 971 "you see this message frequently.\n"); 972 973 err_silent: 974 if (ar->rx_failover_missing) { 975 skb_reset_tail_pointer(ar->rx_failover); 976 skb_trim(ar->rx_failover, 0); 977 ar->rx_failover_missing = 0; 978 } 979 } 980 981 void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len) 982 { 983 if (ar->fw.rx_stream) 984 carl9170_rx_stream(ar, buf, len); 985 else 986 __carl9170_rx(ar, buf, len); 987 } 988