1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2024-2025 Intel Corporation 4 */ 5 6 #include <net/mac80211.h> 7 #include <kunit/static_stub.h> 8 9 #include "mld.h" 10 #include "sta.h" 11 #include "agg.h" 12 #include "rx.h" 13 #include "hcmd.h" 14 #include "iface.h" 15 #include "time_sync.h" 16 #include "fw/dbg.h" 17 #include "fw/api/rx.h" 18 19 /* stores relevant PHY data fields extracted from iwl_rx_mpdu_desc */ 20 struct iwl_mld_rx_phy_data { 21 struct iwl_rx_phy_air_sniffer_ntfy *ntfy; 22 bool first_subframe; 23 bool with_data; 24 u32 rate_n_flags; 25 u32 gp2_on_air_rise; 26 /* phy_info is only valid when we have a frame, i.e. with_data=true */ 27 u16 phy_info; 28 u8 energy_a, energy_b; 29 }; 30 31 static void 32 iwl_mld_fill_phy_data_from_mpdu(struct iwl_mld *mld, 33 struct iwl_rx_mpdu_desc *desc, 34 struct iwl_mld_rx_phy_data *phy_data) 35 { 36 if (unlikely(mld->monitor.phy.valid)) { 37 mld->monitor.phy.used = true; 38 phy_data->ntfy = &mld->monitor.phy.data; 39 } 40 41 phy_data->phy_info = le16_to_cpu(desc->phy_info); 42 phy_data->rate_n_flags = iwl_v3_rate_from_v2_v3(desc->v3.rate_n_flags, 43 mld->fw_rates_ver_3); 44 phy_data->gp2_on_air_rise = le32_to_cpu(desc->v3.gp2_on_air_rise); 45 phy_data->energy_a = desc->v3.energy_a; 46 phy_data->energy_b = desc->v3.energy_b; 47 phy_data->with_data = true; 48 } 49 50 static inline int iwl_mld_check_pn(struct iwl_mld *mld, struct sk_buff *skb, 51 int queue, struct ieee80211_sta *sta) 52 { 53 struct ieee80211_hdr *hdr = (void *)skb_mac_header(skb); 54 struct ieee80211_rx_status *stats = IEEE80211_SKB_RXCB(skb); 55 struct iwl_mld_sta *mld_sta; 56 struct iwl_mld_ptk_pn *ptk_pn; 57 int res; 58 u8 tid, keyidx; 59 u8 pn[IEEE80211_CCMP_PN_LEN]; 60 u8 *extiv; 61 62 /* multicast and non-data only arrives on default queue; avoid checking 63 * for default queue - we don't want to replicate all the logic that's 64 * necessary for checking the PN on fragmented frames, leave that 65 * to mac80211 66 */ 67 if (queue == 0 || !ieee80211_is_data(hdr->frame_control) || 68 is_multicast_ether_addr(hdr->addr1)) 69 return 0; 70 71 if (!(stats->flag & RX_FLAG_DECRYPTED)) 72 return 0; 73 74 /* if we are here - this for sure is either CCMP or GCMP */ 75 if (!sta) { 76 IWL_DEBUG_DROP(mld, 77 "expected hw-decrypted unicast frame for station\n"); 78 return -1; 79 } 80 81 mld_sta = iwl_mld_sta_from_mac80211(sta); 82 83 extiv = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); 84 keyidx = extiv[3] >> 6; 85 86 ptk_pn = rcu_dereference(mld_sta->ptk_pn[keyidx]); 87 if (!ptk_pn) 88 return -1; 89 90 if (ieee80211_is_data_qos(hdr->frame_control)) 91 tid = ieee80211_get_tid(hdr); 92 else 93 tid = 0; 94 95 /* we don't use HCCA/802.11 QoS TSPECs, so drop such frames */ 96 if (tid >= IWL_MAX_TID_COUNT) 97 return -1; 98 99 /* load pn */ 100 pn[0] = extiv[7]; 101 pn[1] = extiv[6]; 102 pn[2] = extiv[5]; 103 pn[3] = extiv[4]; 104 pn[4] = extiv[1]; 105 pn[5] = extiv[0]; 106 107 res = memcmp(pn, ptk_pn->q[queue].pn[tid], IEEE80211_CCMP_PN_LEN); 108 if (res < 0) 109 return -1; 110 if (!res && !(stats->flag & RX_FLAG_ALLOW_SAME_PN)) 111 return -1; 112 113 memcpy(ptk_pn->q[queue].pn[tid], pn, IEEE80211_CCMP_PN_LEN); 114 stats->flag |= RX_FLAG_PN_VALIDATED; 115 116 return 0; 117 } 118 119 /* iwl_mld_pass_packet_to_mac80211 - passes the packet for mac80211 */ 120 void iwl_mld_pass_packet_to_mac80211(struct iwl_mld *mld, 121 struct napi_struct *napi, 122 struct sk_buff *skb, int queue, 123 struct ieee80211_sta *sta) 124 { 125 KUNIT_STATIC_STUB_REDIRECT(iwl_mld_pass_packet_to_mac80211, 126 mld, napi, skb, queue, sta); 127 128 if (unlikely(iwl_mld_check_pn(mld, skb, queue, sta))) { 129 kfree_skb(skb); 130 return; 131 } 132 133 ieee80211_rx_napi(mld->hw, sta, skb, napi); 134 } 135 EXPORT_SYMBOL_IF_IWLWIFI_KUNIT(iwl_mld_pass_packet_to_mac80211); 136 137 static bool iwl_mld_used_average_energy(struct iwl_mld *mld, int link_id, 138 struct ieee80211_hdr *hdr, 139 struct ieee80211_rx_status *rx_status) 140 { 141 struct ieee80211_bss_conf *link_conf; 142 struct iwl_mld_link *mld_link; 143 144 if (unlikely(!hdr || link_id < 0)) 145 return false; 146 147 if (likely(!ieee80211_is_beacon(hdr->frame_control))) 148 return false; 149 150 /* 151 * if link ID is >= valid ones then that means the RX 152 * was on the AUX link and no correction is needed 153 */ 154 if (link_id >= mld->fw->ucode_capa.num_links) 155 return false; 156 157 /* for the link conf lookup */ 158 guard(rcu)(); 159 160 link_conf = rcu_dereference(mld->fw_id_to_bss_conf[link_id]); 161 if (!link_conf) 162 return false; 163 164 mld_link = iwl_mld_link_from_mac80211(link_conf); 165 if (!mld_link) 166 return false; 167 168 /* 169 * If we know the link by link ID then the frame was 170 * received for the link, so by filtering it means it 171 * was from the AP the link is connected to. 172 */ 173 174 /* skip also in case we don't have it (yet) */ 175 if (!mld_link->average_beacon_energy) 176 return false; 177 178 IWL_DEBUG_STATS(mld, "energy override by average %d\n", 179 mld_link->average_beacon_energy); 180 rx_status->signal = -mld_link->average_beacon_energy; 181 return true; 182 } 183 184 static void iwl_mld_fill_signal(struct iwl_mld *mld, int link_id, 185 struct ieee80211_hdr *hdr, 186 struct ieee80211_rx_status *rx_status, 187 struct iwl_mld_rx_phy_data *phy_data) 188 { 189 u32 rate_n_flags = phy_data->rate_n_flags; 190 int energy_a = phy_data->energy_a; 191 int energy_b = phy_data->energy_b; 192 int max_energy; 193 194 energy_a = energy_a ? -energy_a : S8_MIN; 195 energy_b = energy_b ? -energy_b : S8_MIN; 196 max_energy = max(energy_a, energy_b); 197 198 IWL_DEBUG_STATS(mld, "energy in A %d B %d, and max %d\n", 199 energy_a, energy_b, max_energy); 200 201 if (iwl_mld_used_average_energy(mld, link_id, hdr, rx_status)) 202 return; 203 204 rx_status->signal = max_energy; 205 rx_status->chains = u32_get_bits(rate_n_flags, RATE_MCS_ANT_AB_MSK); 206 rx_status->chain_signal[0] = energy_a; 207 rx_status->chain_signal[1] = energy_b; 208 } 209 210 static void 211 iwl_mld_he_set_ru_alloc(struct ieee80211_rx_status *rx_status, 212 struct ieee80211_radiotap_he *he, 213 u8 ru_with_p80) 214 { 215 u8 ru = ru_with_p80 >> 1; 216 u8 p80 = ru_with_p80 & 1; 217 u8 offs = 0; 218 219 rx_status->bw = RATE_INFO_BW_HE_RU; 220 221 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN); 222 he->data2 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_PRISEC_80_KNOWN | 223 IEEE80211_RADIOTAP_HE_DATA2_RU_OFFSET_KNOWN); 224 225 switch (ru) { 226 case 0 ... 36: 227 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_26; 228 offs = ru; 229 break; 230 case 37 ... 52: 231 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_52; 232 offs = ru - 37; 233 break; 234 case 53 ... 60: 235 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_106; 236 offs = ru - 53; 237 break; 238 case 61 ... 64: 239 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_242; 240 offs = ru - 61; 241 break; 242 case 65 ... 66: 243 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_484; 244 offs = ru - 65; 245 break; 246 case 67: 247 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_996; 248 break; 249 case 68: 250 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_2x996; 251 break; 252 } 253 254 he->data2 |= le16_encode_bits(offs, 255 IEEE80211_RADIOTAP_HE_DATA2_RU_OFFSET); 256 257 he->data2 |= le16_encode_bits(p80, IEEE80211_RADIOTAP_HE_DATA2_PRISEC_80_SEC); 258 } 259 260 #define RTAP_ENC_HE(src, src_msk, dst_msk) \ 261 le16_encode_bits(le32_get_bits(src, src_msk), dst_msk) 262 263 static void 264 iwl_mld_decode_he_mu(struct iwl_mld_rx_phy_data *phy_data, 265 struct ieee80211_radiotap_he *he, 266 struct ieee80211_radiotap_he_mu *he_mu, 267 struct ieee80211_rx_status *rx_status) 268 { 269 u32 rate_n_flags = phy_data->rate_n_flags; 270 271 he_mu->flags1 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.b, 272 OFDM_RX_FRAME_HE_SIGB_DCM, 273 IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_DCM); 274 he_mu->flags1 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.b, 275 OFDM_RX_FRAME_HE_SIGB_MCS, 276 IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_MCS); 277 he_mu->flags2 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a1, 278 OFDM_RX_FRAME_HE_PRMBL_PUNC_TYPE, 279 IEEE80211_RADIOTAP_HE_MU_FLAGS2_PUNC_FROM_SIG_A_BW); 280 he_mu->flags2 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 281 OFDM_RX_FRAME_HE_MU_NUM_OF_SIGB_SYM_OR_USER_NUM, 282 IEEE80211_RADIOTAP_HE_MU_FLAGS2_SIG_B_SYMS_USERS); 283 he_mu->flags2 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.b, 284 OFDM_RX_FRAME_HE_MU_SIGB_COMP, 285 IEEE80211_RADIOTAP_HE_MU_FLAGS2_SIG_B_COMP); 286 287 if (phy_data->ntfy->flags & IWL_SNIF_FLAG_VALID_RU && 288 le32_get_bits(phy_data->ntfy->sigs.he.cmn[2], 289 OFDM_RX_FRAME_HE_COMMON_CC1_CRC_OK)) { 290 he_mu->flags1 |= 291 cpu_to_le16(IEEE80211_RADIOTAP_HE_MU_FLAGS1_CH1_RU_KNOWN | 292 IEEE80211_RADIOTAP_HE_MU_FLAGS1_CH1_CTR_26T_RU_KNOWN); 293 294 he_mu->flags1 |= 295 RTAP_ENC_HE(phy_data->ntfy->sigs.he.cmn[2], 296 OFDM_RX_FRAME_HE_CENTER_RU_CC1, 297 IEEE80211_RADIOTAP_HE_MU_FLAGS1_CH1_CTR_26T_RU); 298 299 he_mu->ru_ch1[0] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[0], 300 OFDM_RX_FRAME_HE_RU_ALLOC_0_A1); 301 he_mu->ru_ch1[1] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[1], 302 OFDM_RX_FRAME_HE_RU_ALLOC_1_C1); 303 he_mu->ru_ch1[2] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[0], 304 OFDM_RX_FRAME_HE_RU_ALLOC_0_A2); 305 he_mu->ru_ch1[3] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[1], 306 OFDM_RX_FRAME_HE_RU_ALLOC_1_C2); 307 } 308 309 if (phy_data->ntfy->flags & IWL_SNIF_FLAG_VALID_RU && 310 le32_get_bits(phy_data->ntfy->sigs.he.cmn[2], 311 OFDM_RX_FRAME_HE_COMMON_CC2_CRC_OK) && 312 (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) != RATE_MCS_CHAN_WIDTH_20) { 313 he_mu->flags1 |= 314 cpu_to_le16(IEEE80211_RADIOTAP_HE_MU_FLAGS1_CH2_RU_KNOWN | 315 IEEE80211_RADIOTAP_HE_MU_FLAGS1_CH2_CTR_26T_RU_KNOWN); 316 317 he_mu->flags2 |= 318 RTAP_ENC_HE(phy_data->ntfy->sigs.he.cmn[2], 319 OFDM_RX_FRAME_HE_CENTER_RU_CC2, 320 IEEE80211_RADIOTAP_HE_MU_FLAGS2_CH2_CTR_26T_RU); 321 322 he_mu->ru_ch2[0] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[0], 323 OFDM_RX_FRAME_HE_RU_ALLOC_0_B1); 324 he_mu->ru_ch2[1] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[1], 325 OFDM_RX_FRAME_HE_RU_ALLOC_1_D1); 326 he_mu->ru_ch2[2] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[0], 327 OFDM_RX_FRAME_HE_RU_ALLOC_0_B2); 328 he_mu->ru_ch2[3] = le32_get_bits(phy_data->ntfy->sigs.he.cmn[1], 329 OFDM_RX_FRAME_HE_RU_ALLOC_1_D2); 330 } 331 332 #define CHECK_BW(bw) \ 333 BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_MU_FLAGS2_BW_FROM_SIG_A_BW_ ## bw ## MHZ != \ 334 RATE_MCS_CHAN_WIDTH_##bw >> RATE_MCS_CHAN_WIDTH_POS) 335 CHECK_BW(20); 336 CHECK_BW(40); 337 CHECK_BW(80); 338 CHECK_BW(160); 339 #undef CHECK_BW 340 341 he_mu->flags2 |= 342 le16_encode_bits(u32_get_bits(rate_n_flags, RATE_MCS_CHAN_WIDTH_MSK), 343 IEEE80211_RADIOTAP_HE_MU_FLAGS2_BW_FROM_SIG_A_BW); 344 345 iwl_mld_he_set_ru_alloc(rx_status, he, 346 le32_get_bits(phy_data->ntfy->sigs.he.b, 347 OFDM_RX_FRAME_HE_SIGB_STA_RU)); 348 } 349 350 static void 351 iwl_mld_decode_he_tb_phy_data(struct iwl_mld_rx_phy_data *phy_data, 352 struct ieee80211_radiotap_he *he, 353 struct ieee80211_rx_status *rx_status) 354 { 355 u32 rate_n_flags = phy_data->rate_n_flags; 356 u32 nsts; 357 358 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_BSS_COLOR_KNOWN | 359 IEEE80211_RADIOTAP_HE_DATA1_SPTL_REUSE_KNOWN | 360 IEEE80211_RADIOTAP_HE_DATA1_SPTL_REUSE2_KNOWN | 361 IEEE80211_RADIOTAP_HE_DATA1_SPTL_REUSE3_KNOWN | 362 IEEE80211_RADIOTAP_HE_DATA1_SPTL_REUSE4_KNOWN); 363 364 he->data4 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a1, 365 OFDM_RX_HE_TRIG_SPATIAL_REUSE_1, 366 IEEE80211_RADIOTAP_HE_DATA4_TB_SPTL_REUSE1); 367 he->data4 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a1, 368 OFDM_RX_HE_TRIG_SPATIAL_REUSE_2, 369 IEEE80211_RADIOTAP_HE_DATA4_TB_SPTL_REUSE2); 370 he->data4 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a1, 371 OFDM_RX_HE_TRIG_SPATIAL_REUSE_3, 372 IEEE80211_RADIOTAP_HE_DATA4_TB_SPTL_REUSE3); 373 he->data4 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a1, 374 OFDM_RX_HE_TRIG_SPATIAL_REUSE_4, 375 IEEE80211_RADIOTAP_HE_DATA4_TB_SPTL_REUSE4); 376 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a1, 377 OFDM_RX_HE_TRIG_BSS_COLOR, 378 IEEE80211_RADIOTAP_HE_DATA3_BSS_COLOR); 379 380 #define CHECK_BW(bw) \ 381 BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA6_TB_PPDU_BW_ ## bw ## MHZ != \ 382 RATE_MCS_CHAN_WIDTH_##bw >> RATE_MCS_CHAN_WIDTH_POS) 383 CHECK_BW(20); 384 CHECK_BW(40); 385 CHECK_BW(80); 386 CHECK_BW(160); 387 #undef CHECK_BW 388 389 he->data6 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA6_TB_PPDU_BW_KNOWN) | 390 le16_encode_bits(u32_get_bits(rate_n_flags, RATE_MCS_CHAN_WIDTH_MSK), 391 IEEE80211_RADIOTAP_HE_DATA6_TB_PPDU_BW); 392 393 if (!(phy_data->ntfy->flags & IWL_SNIF_FLAG_VALID_TB_RX)) 394 return; 395 396 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_LDPC_XSYMSEG_KNOWN | 397 IEEE80211_RADIOTAP_HE_DATA1_DOPPLER_KNOWN); 398 he->data2 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_PRE_FEC_PAD_KNOWN | 399 IEEE80211_RADIOTAP_HE_DATA2_PE_DISAMBIG_KNOWN | 400 IEEE80211_RADIOTAP_HE_DATA2_TXOP_KNOWN | 401 IEEE80211_RADIOTAP_HE_DATA2_NUM_LTF_SYMS_KNOWN); 402 403 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.tb_rx1, 404 OFDM_UCODE_TRIG_BASE_RX_CODING_EXTRA_SYM, 405 IEEE80211_RADIOTAP_HE_DATA3_LDPC_XSYMSEG); 406 he->data6 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.tb_rx1, 407 OFDM_UCODE_TRIG_BASE_RX_DOPPLER, 408 IEEE80211_RADIOTAP_HE_DATA6_DOPPLER); 409 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.tb_rx1, 410 OFDM_UCODE_TRIG_BASE_RX_PRE_FEC_PAD_FACTOR, 411 IEEE80211_RADIOTAP_HE_DATA5_PRE_FEC_PAD); 412 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.tb_rx1, 413 OFDM_UCODE_TRIG_BASE_RX_PE_DISAMBIG, 414 IEEE80211_RADIOTAP_HE_DATA5_PE_DISAMBIG); 415 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.tb_rx1, 416 OFDM_UCODE_TRIG_BASE_RX_NUM_OF_LTF_SYM, 417 IEEE80211_RADIOTAP_HE_DATA5_NUM_LTF_SYMS); 418 he->data6 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he_tb.a2, 419 OFDM_RX_HE_TRIG_TXOP_DURATION, 420 IEEE80211_RADIOTAP_HE_DATA6_TXOP); 421 422 iwl_mld_he_set_ru_alloc(rx_status, he, 423 le32_get_bits(phy_data->ntfy->sigs.he_tb.tb_rx1, 424 OFDM_UCODE_TRIG_BASE_RX_RU)); 425 426 nsts = le32_get_bits(phy_data->ntfy->sigs.he_tb.tb_rx1, 427 OFDM_UCODE_TRIG_BASE_RX_NSTS) + 1; 428 rx_status->nss = nsts >> !!(rate_n_flags & RATE_MCS_STBC_MSK); 429 } 430 431 static void 432 iwl_mld_decode_he_phy_data(struct iwl_mld_rx_phy_data *phy_data, 433 struct ieee80211_radiotap_he *he, 434 struct ieee80211_radiotap_he_mu *he_mu, 435 struct ieee80211_rx_status *rx_status) 436 { 437 u32 rate_n_flags = phy_data->rate_n_flags; 438 u32 he_type = rate_n_flags & RATE_MCS_HE_TYPE_MSK; 439 u32 nsts; 440 441 switch (he_type) { 442 case RATE_MCS_HE_TYPE_TRIG: 443 iwl_mld_decode_he_tb_phy_data(phy_data, he, rx_status); 444 /* that's it, below is only for SU/MU */ 445 return; 446 case RATE_MCS_HE_TYPE_MU: 447 iwl_mld_decode_he_mu(phy_data, he, he_mu, rx_status); 448 449 nsts = le32_get_bits(phy_data->ntfy->sigs.he.b, 450 OFDM_RX_FRAME_HE_SIGB_NSTS) + 1; 451 break; 452 case RATE_MCS_HE_TYPE_SU: 453 case RATE_MCS_HE_TYPE_EXT_SU: 454 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_BEAM_CHANGE_KNOWN); 455 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a1, 456 OFDM_RX_FRAME_HE_BEAM_CHANGE, 457 IEEE80211_RADIOTAP_HE_DATA3_BEAM_CHANGE); 458 459 nsts = le32_get_bits(phy_data->ntfy->sigs.he.a1, 460 OFDM_RX_FRAME_HE_NSTS) + 1; 461 break; 462 } 463 464 rx_status->nss = nsts >> !!(rate_n_flags & RATE_MCS_STBC_MSK); 465 466 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_LDPC_XSYMSEG_KNOWN | 467 IEEE80211_RADIOTAP_HE_DATA1_DOPPLER_KNOWN); 468 he->data2 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_PRE_FEC_PAD_KNOWN | 469 IEEE80211_RADIOTAP_HE_DATA2_PE_DISAMBIG_KNOWN | 470 IEEE80211_RADIOTAP_HE_DATA2_TXOP_KNOWN | 471 IEEE80211_RADIOTAP_HE_DATA2_NUM_LTF_SYMS_KNOWN); 472 473 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 474 OFDM_RX_FRAME_HE_CODING_EXTRA_SYM, 475 IEEE80211_RADIOTAP_HE_DATA3_LDPC_XSYMSEG); 476 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 477 OFDM_RX_FRAME_HE_PRE_FEC_PAD_FACTOR, 478 IEEE80211_RADIOTAP_HE_DATA5_PRE_FEC_PAD); 479 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 480 OFDM_RX_FRAME_HE_PE_DISAMBIG, 481 IEEE80211_RADIOTAP_HE_DATA5_PE_DISAMBIG); 482 he->data5 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 483 OFDM_RX_FRAME_HE_MU_NUM_OF_LTF_SYM, 484 IEEE80211_RADIOTAP_HE_DATA5_NUM_LTF_SYMS); 485 he->data6 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 486 OFDM_RX_FRAME_HE_TXOP_DURATION, 487 IEEE80211_RADIOTAP_HE_DATA6_TXOP); 488 he->data6 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a2, 489 OFDM_RX_FRAME_HE_DOPPLER, 490 IEEE80211_RADIOTAP_HE_DATA6_DOPPLER); 491 492 he->data1 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_UL_DL_KNOWN | 493 IEEE80211_RADIOTAP_HE_DATA1_BSS_COLOR_KNOWN | 494 IEEE80211_RADIOTAP_HE_DATA1_SPTL_REUSE_KNOWN); 495 496 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a1, 497 OFDM_RX_FRAME_HE_BSS_COLOR, 498 IEEE80211_RADIOTAP_HE_DATA3_BSS_COLOR); 499 he->data3 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a1, 500 OFDM_RX_FRAME_HE_UL_FLAG, 501 IEEE80211_RADIOTAP_HE_DATA3_UL_DL); 502 he->data4 |= RTAP_ENC_HE(phy_data->ntfy->sigs.he.a1, 503 OFDM_RX_FRAME_HE_SPATIAL_REUSE, 504 IEEE80211_RADIOTAP_HE_DATA4_SU_MU_SPTL_REUSE); 505 } 506 507 static void iwl_mld_rx_he(struct sk_buff *skb, 508 struct iwl_mld_rx_phy_data *phy_data) 509 { 510 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 511 struct ieee80211_radiotap_he *he = NULL; 512 struct ieee80211_radiotap_he_mu *he_mu = NULL; 513 u32 rate_n_flags = phy_data->rate_n_flags; 514 u32 he_type = rate_n_flags & RATE_MCS_HE_TYPE_MSK; 515 u8 ltf; 516 static const struct ieee80211_radiotap_he known = { 517 .data1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_DATA_MCS_KNOWN | 518 IEEE80211_RADIOTAP_HE_DATA1_DATA_DCM_KNOWN | 519 IEEE80211_RADIOTAP_HE_DATA1_STBC_KNOWN | 520 IEEE80211_RADIOTAP_HE_DATA1_CODING_KNOWN), 521 .data2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA2_GI_KNOWN | 522 IEEE80211_RADIOTAP_HE_DATA2_TXBF_KNOWN), 523 }; 524 static const struct ieee80211_radiotap_he_mu mu_known = { 525 .flags1 = cpu_to_le16(IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_MCS_KNOWN | 526 IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_DCM_KNOWN | 527 IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_SYMS_USERS_KNOWN | 528 IEEE80211_RADIOTAP_HE_MU_FLAGS1_SIG_B_COMP_KNOWN), 529 .flags2 = cpu_to_le16(IEEE80211_RADIOTAP_HE_MU_FLAGS2_PUNC_FROM_SIG_A_BW_KNOWN | 530 IEEE80211_RADIOTAP_HE_MU_FLAGS2_BW_FROM_SIG_A_BW_KNOWN), 531 }; 532 533 he = skb_put_data(skb, &known, sizeof(known)); 534 rx_status->flag |= RX_FLAG_RADIOTAP_HE; 535 536 switch (he_type) { 537 case RATE_MCS_HE_TYPE_EXT_SU: 538 /* 539 * Except for this special case we won't have 540 * HE RU allocation info outside of monitor mode 541 * since we don't get the PHY notif. 542 */ 543 if (rate_n_flags & RATE_MCS_HE_106T_MSK) { 544 rx_status->bw = RATE_INFO_BW_HE_RU; 545 rx_status->he_ru = NL80211_RATE_INFO_HE_RU_ALLOC_106; 546 } 547 fallthrough; 548 case RATE_MCS_HE_TYPE_SU: 549 /* actual data is filled in mac80211 */ 550 he->data1 |= 551 cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA1_BW_RU_ALLOC_KNOWN); 552 break; 553 } 554 555 #define CHECK_TYPE(F) \ 556 BUILD_BUG_ON(IEEE80211_RADIOTAP_HE_DATA1_FORMAT_ ## F != \ 557 (RATE_MCS_HE_TYPE_ ## F >> RATE_MCS_HE_TYPE_POS)) 558 559 CHECK_TYPE(SU); 560 CHECK_TYPE(EXT_SU); 561 CHECK_TYPE(MU); 562 CHECK_TYPE(TRIG); 563 564 he->data1 |= cpu_to_le16(he_type >> RATE_MCS_HE_TYPE_POS); 565 566 if (rate_n_flags & RATE_MCS_BF_MSK) 567 he->data5 |= cpu_to_le16(IEEE80211_RADIOTAP_HE_DATA5_TXBF); 568 569 switch (u32_get_bits(rate_n_flags, RATE_MCS_HE_GI_LTF_MSK)) { 570 case 0: 571 if (he_type == RATE_MCS_HE_TYPE_TRIG) 572 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_1_6; 573 else 574 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_0_8; 575 if (he_type == RATE_MCS_HE_TYPE_MU) 576 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 577 else 578 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_1X; 579 break; 580 case 1: 581 if (he_type == RATE_MCS_HE_TYPE_TRIG) 582 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_1_6; 583 else 584 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_0_8; 585 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_2X; 586 break; 587 case 2: 588 if (he_type == RATE_MCS_HE_TYPE_TRIG) { 589 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_3_2; 590 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 591 } else { 592 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_1_6; 593 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_2X; 594 } 595 break; 596 case 3: 597 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_3_2; 598 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 599 break; 600 case 4: 601 rx_status->he_gi = NL80211_RATE_INFO_HE_GI_0_8; 602 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 603 break; 604 default: 605 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_UNKNOWN; 606 } 607 608 he->data5 |= le16_encode_bits(ltf, 609 IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE); 610 611 if (likely(!phy_data->ntfy)) 612 return; 613 614 if (he_type == RATE_MCS_HE_TYPE_MU) { 615 he_mu = skb_put_data(skb, &mu_known, sizeof(mu_known)); 616 rx_status->flag |= RX_FLAG_RADIOTAP_HE_MU; 617 } 618 619 iwl_mld_decode_he_phy_data(phy_data, he, he_mu, rx_status); 620 } 621 622 static void iwl_mld_decode_lsig(struct sk_buff *skb, 623 struct iwl_mld_rx_phy_data *phy_data) 624 { 625 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 626 u32 format = phy_data->rate_n_flags & RATE_MCS_MOD_TYPE_MSK; 627 struct ieee80211_radiotap_lsig *lsig; 628 u32 lsig_len, rate; 629 630 if (likely(!phy_data->ntfy)) 631 return; 632 633 /* 634 * Technically legacy CCK/OFDM frames don't have an L-SIG 635 * since that's the compat format for HT (non-greenfield) 636 * and up. However, it's meant to be compatible with the 637 * LENGTH and RATE fields in Clause 17 and 18 OFDM frames 638 * so include the field for any non-CCK frame. For CCK it 639 * cannot work, since the LENGTH field for them is 16-bit 640 * and the radiotap field only has 12 bits. 641 */ 642 if (format == RATE_MCS_MOD_TYPE_CCK) 643 return; 644 645 lsig_len = le32_get_bits(phy_data->ntfy->legacy_sig.ofdm, 646 OFDM_RX_LEGACY_LENGTH); 647 rate = le32_get_bits(phy_data->ntfy->legacy_sig.ofdm, OFDM_RX_RATE); 648 649 lsig = skb_put(skb, sizeof(*lsig)); 650 lsig->data1 = cpu_to_le16(IEEE80211_RADIOTAP_LSIG_DATA1_LENGTH_KNOWN) | 651 cpu_to_le16(IEEE80211_RADIOTAP_LSIG_DATA1_RATE_KNOWN); 652 lsig->data2 = le16_encode_bits(lsig_len, 653 IEEE80211_RADIOTAP_LSIG_DATA2_LENGTH) | 654 le16_encode_bits(rate, IEEE80211_RADIOTAP_LSIG_DATA2_RATE); 655 rx_status->flag |= RX_FLAG_RADIOTAP_LSIG; 656 } 657 658 /* Put a TLV on the skb and return data pointer 659 * 660 * Also pad the len to 4 and zero out all data part 661 */ 662 static void * 663 iwl_mld_radiotap_put_tlv(struct sk_buff *skb, u16 type, u16 len) 664 { 665 struct ieee80211_radiotap_tlv *tlv; 666 667 tlv = skb_put(skb, sizeof(*tlv)); 668 tlv->type = cpu_to_le16(type); 669 tlv->len = cpu_to_le16(len); 670 return skb_put_zero(skb, ALIGN(len, 4)); 671 } 672 673 #define LE32_DEC_ENC(value, dec_bits, enc_bits) \ 674 le32_encode_bits(le32_get_bits(value, dec_bits), enc_bits) 675 676 #define IWL_MLD_ENC_USIG_VALUE_MASK(usig, in_value, dec_bits, enc_bits) do { \ 677 typeof(enc_bits) _enc_bits = enc_bits; \ 678 typeof(usig) _usig = usig; \ 679 (_usig)->mask |= cpu_to_le32(_enc_bits); \ 680 (_usig)->value |= LE32_DEC_ENC(in_value, dec_bits, _enc_bits); \ 681 } while (0) 682 683 static void iwl_mld_decode_eht_usig_tb(struct iwl_mld_rx_phy_data *phy_data, 684 struct ieee80211_radiotap_eht_usig *usig) 685 { 686 __le32 usig_a1 = phy_data->ntfy->sigs.eht_tb.usig_a1; 687 __le32 usig_a2 = phy_data->ntfy->sigs.eht_tb.usig_a2_eht; 688 689 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a1, 690 OFDM_RX_FRAME_EHT_USIG1_DISREGARD, 691 IEEE80211_RADIOTAP_EHT_USIG1_TB_B20_B25_DISREGARD); 692 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 693 OFDM_RX_FRAME_EHT_PPDU_TYPE, 694 IEEE80211_RADIOTAP_EHT_USIG2_TB_B0_B1_PPDU_TYPE); 695 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 696 OFDM_RX_FRAME_EHT_USIG2_VALIDATE_B2, 697 IEEE80211_RADIOTAP_EHT_USIG2_TB_B2_VALIDATE); 698 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 699 OFDM_RX_FRAME_EHT_TRIG_SPATIAL_REUSE_1, 700 IEEE80211_RADIOTAP_EHT_USIG2_TB_B3_B6_SPATIAL_REUSE_1); 701 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 702 OFDM_RX_FRAME_EHT_TRIG_SPATIAL_REUSE_2, 703 IEEE80211_RADIOTAP_EHT_USIG2_TB_B7_B10_SPATIAL_REUSE_2); 704 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 705 OFDM_RX_FRAME_EHT_TRIG_USIG2_DISREGARD, 706 IEEE80211_RADIOTAP_EHT_USIG2_TB_B11_B15_DISREGARD); 707 } 708 709 static void iwl_mld_decode_eht_usig_non_tb(struct iwl_mld_rx_phy_data *phy_data, 710 struct ieee80211_radiotap_eht_usig *usig) 711 { 712 __le32 usig_a1 = phy_data->ntfy->sigs.eht.usig_a1; 713 __le32 usig_a2 = phy_data->ntfy->sigs.eht.usig_a2_eht; 714 715 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a1, 716 OFDM_RX_FRAME_EHT_USIG1_DISREGARD, 717 IEEE80211_RADIOTAP_EHT_USIG1_MU_B20_B24_DISREGARD); 718 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a1, 719 OFDM_RX_FRAME_EHT_USIG1_VALIDATE, 720 IEEE80211_RADIOTAP_EHT_USIG1_MU_B25_VALIDATE); 721 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 722 OFDM_RX_FRAME_EHT_PPDU_TYPE, 723 IEEE80211_RADIOTAP_EHT_USIG2_MU_B0_B1_PPDU_TYPE); 724 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 725 OFDM_RX_FRAME_EHT_USIG2_VALIDATE_B2, 726 IEEE80211_RADIOTAP_EHT_USIG2_MU_B2_VALIDATE); 727 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 728 OFDM_RX_FRAME_EHT_PUNC_CHANNEL, 729 IEEE80211_RADIOTAP_EHT_USIG2_MU_B3_B7_PUNCTURED_INFO); 730 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 731 OFDM_RX_FRAME_EHT_USIG2_VALIDATE_B8, 732 IEEE80211_RADIOTAP_EHT_USIG2_MU_B8_VALIDATE); 733 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 734 OFDM_RX_FRAME_EHT_SIG_MCS, 735 IEEE80211_RADIOTAP_EHT_USIG2_MU_B9_B10_SIG_MCS); 736 IWL_MLD_ENC_USIG_VALUE_MASK(usig, usig_a2, 737 OFDM_RX_FRAME_EHT_SIG_SYM_NUM, 738 IEEE80211_RADIOTAP_EHT_USIG2_MU_B11_B15_EHT_SIG_SYMBOLS); 739 } 740 741 static void iwl_mld_decode_eht_usig(struct iwl_mld_rx_phy_data *phy_data, 742 struct sk_buff *skb) 743 { 744 u32 he_type = phy_data->rate_n_flags & RATE_MCS_HE_TYPE_MSK; 745 __le32 usig_a1 = phy_data->ntfy->sigs.eht.usig_a1; 746 __le32 usig_a2 = phy_data->ntfy->sigs.eht.usig_a2_eht; 747 struct ieee80211_radiotap_eht_usig *usig; 748 u32 bw; 749 750 usig = iwl_mld_radiotap_put_tlv(skb, IEEE80211_RADIOTAP_EHT_USIG, 751 sizeof(*usig)); 752 753 BUILD_BUG_ON(offsetof(union iwl_sigs, eht.usig_a1) != 754 offsetof(union iwl_sigs, eht_tb.usig_a1)); 755 BUILD_BUG_ON(offsetof(union iwl_sigs, eht.usig_a2_eht) != 756 offsetof(union iwl_sigs, eht_tb.usig_a2_eht)); 757 758 usig->common |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_USIG_COMMON_UL_DL_KNOWN | 759 IEEE80211_RADIOTAP_EHT_USIG_COMMON_BSS_COLOR_KNOWN | 760 IEEE80211_RADIOTAP_EHT_USIG_COMMON_VALIDATE_BITS_CHECKED | 761 IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_KNOWN | 762 IEEE80211_RADIOTAP_EHT_USIG_COMMON_TXOP_KNOWN); 763 764 #define CHECK_BW(bw) \ 765 BUILD_BUG_ON(IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_ ## bw ## MHZ != \ 766 RATE_MCS_CHAN_WIDTH_ ## bw ## _VAL) 767 CHECK_BW(20); 768 CHECK_BW(40); 769 CHECK_BW(80); 770 CHECK_BW(160); 771 #undef CHECK_BW 772 BUILD_BUG_ON(IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW_320MHZ_1 != 773 RATE_MCS_CHAN_WIDTH_320_VAL); 774 bw = u32_get_bits(phy_data->rate_n_flags, RATE_MCS_CHAN_WIDTH_MSK); 775 /* specific handling for 320MHz-1/320MHz-2 */ 776 if (bw == RATE_MCS_CHAN_WIDTH_320_VAL) 777 bw += le32_get_bits(usig_a1, OFDM_RX_FRAME_EHT_BW320_SLOT); 778 usig->common |= le32_encode_bits(bw, 779 IEEE80211_RADIOTAP_EHT_USIG_COMMON_BW); 780 781 usig->common |= LE32_DEC_ENC(usig_a1, OFDM_RX_FRAME_ENHANCED_WIFI_UL_FLAG, 782 IEEE80211_RADIOTAP_EHT_USIG_COMMON_UL_DL); 783 usig->common |= LE32_DEC_ENC(usig_a1, OFDM_RX_FRAME_ENHANCED_WIFI_BSS_COLOR, 784 IEEE80211_RADIOTAP_EHT_USIG_COMMON_BSS_COLOR); 785 786 if (le32_get_bits(usig_a1, OFDM_RX_FRAME_EHT_USIG1_VALIDATE) && 787 le32_get_bits(usig_a2, OFDM_RX_FRAME_EHT_USIG2_VALIDATE_B2) && 788 le32_get_bits(usig_a2, OFDM_RX_FRAME_EHT_USIG2_VALIDATE_B8)) 789 usig->common |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_USIG_COMMON_VALIDATE_BITS_OK); 790 791 usig->common |= LE32_DEC_ENC(usig_a1, 792 OFDM_RX_FRAME_ENHANCED_WIFI_TXOP_DURATION, 793 IEEE80211_RADIOTAP_EHT_USIG_COMMON_TXOP); 794 795 if (!le32_get_bits(usig_a2, OFDM_RX_USIG_CRC_OK)) 796 usig->common |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_USIG_COMMON_BAD_USIG_CRC); 797 798 usig->common |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_USIG_COMMON_PHY_VER_KNOWN); 799 usig->common |= LE32_DEC_ENC(usig_a1, 800 OFDM_RX_FRAME_ENHANCED_WIFI_VER_ID, 801 IEEE80211_RADIOTAP_EHT_USIG_COMMON_PHY_VER); 802 803 if (he_type == RATE_MCS_HE_TYPE_TRIG) 804 iwl_mld_decode_eht_usig_tb(phy_data, usig); 805 else 806 iwl_mld_decode_eht_usig_non_tb(phy_data, usig); 807 } 808 809 static void 810 iwl_mld_eht_set_ru_alloc(struct ieee80211_rx_status *rx_status, 811 u32 ru_with_p80) 812 { 813 enum nl80211_eht_ru_alloc nl_ru; 814 u32 ru = ru_with_p80 >> 1; 815 816 /* 817 * HW always uses trigger frame format: 818 * 819 * Draft PIEEE802.11be D7.0 Table 9-46l - Encoding of the PS160 and 820 * RU Allocation subfields in an EHT variant User Info field 821 */ 822 823 switch (ru) { 824 case 0 ... 36: 825 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_26; 826 break; 827 case 37 ... 52: 828 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_52; 829 break; 830 case 53 ... 60: 831 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_106; 832 break; 833 case 61 ... 64: 834 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_242; 835 break; 836 case 65 ... 66: 837 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_484; 838 break; 839 case 67: 840 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_996; 841 break; 842 case 68: 843 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_2x996; 844 break; 845 case 69: 846 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_4x996; 847 break; 848 case 70 ... 81: 849 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_52P26; 850 break; 851 case 82 ... 89: 852 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_106P26; 853 break; 854 case 90 ... 93: 855 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_484P242; 856 break; 857 case 94 ... 95: 858 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_996P484; 859 break; 860 case 96 ... 99: 861 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_996P484P242; 862 break; 863 case 100 ... 103: 864 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_2x996P484; 865 break; 866 case 104: 867 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_3x996; 868 break; 869 case 105 ... 106: 870 nl_ru = NL80211_RATE_INFO_EHT_RU_ALLOC_3x996P484; 871 break; 872 default: 873 return; 874 } 875 876 rx_status->bw = RATE_INFO_BW_EHT_RU; 877 rx_status->eht.ru = nl_ru; 878 } 879 880 static void iwl_mld_decode_eht_tb(struct iwl_mld_rx_phy_data *phy_data, 881 struct ieee80211_rx_status *rx_status, 882 struct ieee80211_radiotap_eht *eht) 883 { 884 if (!(phy_data->ntfy->flags & IWL_SNIF_FLAG_VALID_TB_RX)) 885 return; 886 887 eht->known |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_RU_ALLOC_TB_FMT | 888 IEEE80211_RADIOTAP_EHT_KNOWN_LDPC_EXTRA_SYM_OM | 889 IEEE80211_RADIOTAP_EHT_KNOWN_PRE_PADD_FACOR_OM | 890 IEEE80211_RADIOTAP_EHT_KNOWN_PE_DISAMBIGUITY_OM | 891 IEEE80211_RADIOTAP_EHT_KNOWN_EHT_LTF | 892 IEEE80211_RADIOTAP_EHT_KNOWN_PRIMARY_80); 893 894 eht->data[8] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx0, 895 OFDM_UCODE_TRIG_BASE_PS160, 896 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_PS_160); 897 eht->data[8] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx1, 898 OFDM_UCODE_TRIG_BASE_RX_RU, 899 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_B0 | 900 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_B7_B1); 901 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx1, 902 OFDM_UCODE_TRIG_BASE_RX_CODING_EXTRA_SYM, 903 IEEE80211_RADIOTAP_EHT_DATA0_LDPC_EXTRA_SYM_OM); 904 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx1, 905 OFDM_UCODE_TRIG_BASE_RX_PRE_FEC_PAD_FACTOR, 906 IEEE80211_RADIOTAP_EHT_DATA0_PRE_PADD_FACOR_OM); 907 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx1, 908 OFDM_UCODE_TRIG_BASE_RX_PE_DISAMBIG, 909 IEEE80211_RADIOTAP_EHT_DATA0_PE_DISAMBIGUITY_OM); 910 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx1, 911 OFDM_UCODE_TRIG_BASE_RX_NUM_OF_LTF_SYM, 912 IEEE80211_RADIOTAP_EHT_DATA0_EHT_LTF); 913 eht->data[1] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht_tb.tb_rx0, 914 OFDM_UCODE_TRIG_BASE_RX_RU_P80, 915 IEEE80211_RADIOTAP_EHT_DATA1_PRIMARY_80); 916 917 iwl_mld_eht_set_ru_alloc(rx_status, 918 le32_get_bits(phy_data->ntfy->sigs.eht_tb.tb_rx1, 919 OFDM_UCODE_TRIG_BASE_RX_RU)); 920 } 921 922 static void iwl_mld_eht_decode_user_ru(struct iwl_mld_rx_phy_data *phy_data, 923 struct ieee80211_radiotap_eht *eht) 924 { 925 u32 phy_bw = phy_data->rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK; 926 927 if (!(phy_data->ntfy->flags & IWL_SNIF_FLAG_VALID_RU)) 928 return; 929 930 #define __IWL_MLD_ENC_EHT_RU(rt_data, rt_ru, fw_data, fw_ru) \ 931 eht->data[(rt_data)] |= \ 932 (cpu_to_le32(IEEE80211_RADIOTAP_EHT_DATA ## rt_data ## _RU_ALLOC_CC_ ## rt_ru ## _KNOWN) | \ 933 LE32_DEC_ENC(phy_data->ntfy->sigs.eht.cmn[fw_data], \ 934 OFDM_RX_FRAME_EHT_RU_ALLOC_ ## fw_data ## _ ## fw_ru, \ 935 IEEE80211_RADIOTAP_EHT_DATA ## rt_data ## _RU_ALLOC_CC_ ## rt_ru)) 936 937 #define _IWL_MLD_ENC_EHT_RU(rt_data, rt_ru, fw_data, fw_ru) \ 938 __IWL_MLD_ENC_EHT_RU(rt_data, rt_ru, fw_data, fw_ru) 939 940 #define IEEE80211_RADIOTAP_RU_DATA_1_1_1 1 941 #define IEEE80211_RADIOTAP_RU_DATA_2_1_1 2 942 #define IEEE80211_RADIOTAP_RU_DATA_1_1_2 2 943 #define IEEE80211_RADIOTAP_RU_DATA_2_1_2 2 944 #define IEEE80211_RADIOTAP_RU_DATA_1_2_1 3 945 #define IEEE80211_RADIOTAP_RU_DATA_2_2_1 3 946 #define IEEE80211_RADIOTAP_RU_DATA_1_2_2 3 947 #define IEEE80211_RADIOTAP_RU_DATA_2_2_2 4 948 #define IEEE80211_RADIOTAP_RU_DATA_1_2_3 4 949 #define IEEE80211_RADIOTAP_RU_DATA_2_2_3 4 950 #define IEEE80211_RADIOTAP_RU_DATA_1_2_4 5 951 #define IEEE80211_RADIOTAP_RU_DATA_2_2_4 5 952 #define IEEE80211_RADIOTAP_RU_DATA_1_2_5 5 953 #define IEEE80211_RADIOTAP_RU_DATA_2_2_5 6 954 #define IEEE80211_RADIOTAP_RU_DATA_1_2_6 6 955 #define IEEE80211_RADIOTAP_RU_DATA_2_2_6 6 956 957 #define IWL_RX_RU_DATA_A1 0 958 #define IWL_RX_RU_DATA_A2 0 959 #define IWL_RX_RU_DATA_A3 0 960 #define IWL_RX_RU_DATA_A4 4 961 #define IWL_RX_RU_DATA_B1 1 962 #define IWL_RX_RU_DATA_B2 1 963 #define IWL_RX_RU_DATA_B3 1 964 #define IWL_RX_RU_DATA_B4 4 965 #define IWL_RX_RU_DATA_C1 2 966 #define IWL_RX_RU_DATA_C2 2 967 #define IWL_RX_RU_DATA_C3 2 968 #define IWL_RX_RU_DATA_C4 5 969 #define IWL_RX_RU_DATA_D1 3 970 #define IWL_RX_RU_DATA_D2 3 971 #define IWL_RX_RU_DATA_D3 3 972 #define IWL_RX_RU_DATA_D4 5 973 974 #define IWL_MLD_ENC_EHT_RU(rt_ru, fw_ru) \ 975 _IWL_MLD_ENC_EHT_RU(IEEE80211_RADIOTAP_RU_DATA_ ## rt_ru, \ 976 rt_ru, \ 977 IWL_RX_RU_DATA_ ## fw_ru, \ 978 fw_ru) 979 980 /* 981 * Hardware labels the content channels/RU allocation values 982 * as follows: 983 * 984 * Content Channel 1 Content Channel 2 985 * 20 MHz: A1 986 * 40 MHz: A1 B1 987 * 80 MHz: A1 C1 B1 D1 988 * 160 MHz: A1 C1 A2 C2 B1 D1 B2 D2 989 * 320 MHz: A1 C1 A2 C2 A3 C3 A4 C4 B1 D1 B2 D2 B3 D3 B4 D4 990 */ 991 992 switch (phy_bw) { 993 case RATE_MCS_CHAN_WIDTH_320: 994 /* content channel 1 */ 995 IWL_MLD_ENC_EHT_RU(1_2_3, A3); 996 IWL_MLD_ENC_EHT_RU(1_2_4, C3); 997 IWL_MLD_ENC_EHT_RU(1_2_5, A4); 998 IWL_MLD_ENC_EHT_RU(1_2_6, C4); 999 /* content channel 2 */ 1000 IWL_MLD_ENC_EHT_RU(2_2_3, B3); 1001 IWL_MLD_ENC_EHT_RU(2_2_4, D3); 1002 IWL_MLD_ENC_EHT_RU(2_2_5, B4); 1003 IWL_MLD_ENC_EHT_RU(2_2_6, D4); 1004 fallthrough; 1005 case RATE_MCS_CHAN_WIDTH_160: 1006 /* content channel 1 */ 1007 IWL_MLD_ENC_EHT_RU(1_2_1, A2); 1008 IWL_MLD_ENC_EHT_RU(1_2_2, C2); 1009 /* content channel 2 */ 1010 IWL_MLD_ENC_EHT_RU(2_2_1, B2); 1011 IWL_MLD_ENC_EHT_RU(2_2_2, D2); 1012 fallthrough; 1013 case RATE_MCS_CHAN_WIDTH_80: 1014 /* content channel 1 */ 1015 IWL_MLD_ENC_EHT_RU(1_1_2, C1); 1016 /* content channel 2 */ 1017 IWL_MLD_ENC_EHT_RU(2_1_2, D1); 1018 fallthrough; 1019 case RATE_MCS_CHAN_WIDTH_40: 1020 /* content channel 2 */ 1021 IWL_MLD_ENC_EHT_RU(2_1_1, B1); 1022 fallthrough; 1023 case RATE_MCS_CHAN_WIDTH_20: 1024 /* content channel 1 */ 1025 IWL_MLD_ENC_EHT_RU(1_1_1, A1); 1026 break; 1027 } 1028 } 1029 1030 static void iwl_mld_decode_eht_non_tb(struct iwl_mld_rx_phy_data *phy_data, 1031 struct ieee80211_rx_status *rx_status, 1032 struct ieee80211_radiotap_eht *eht) 1033 { 1034 eht->known |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_SPATIAL_REUSE | 1035 /* All RU allocating size/index is in TB format */ 1036 IEEE80211_RADIOTAP_EHT_KNOWN_RU_ALLOC_TB_FMT | 1037 IEEE80211_RADIOTAP_EHT_KNOWN_LDPC_EXTRA_SYM_OM | 1038 IEEE80211_RADIOTAP_EHT_KNOWN_PRE_PADD_FACOR_OM | 1039 IEEE80211_RADIOTAP_EHT_KNOWN_PE_DISAMBIGUITY_OM | 1040 IEEE80211_RADIOTAP_EHT_KNOWN_EHT_LTF | 1041 IEEE80211_RADIOTAP_EHT_KNOWN_PRIMARY_80 | 1042 IEEE80211_RADIOTAP_EHT_KNOWN_NR_NON_OFDMA_USERS_M); 1043 1044 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1045 OFDM_RX_FRAME_EHT_SPATIAL_REUSE, 1046 IEEE80211_RADIOTAP_EHT_DATA0_SPATIAL_REUSE); 1047 eht->data[8] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b2, 1048 OFDM_RX_FRAME_EHT_STA_RU_PS160, 1049 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_PS_160); 1050 eht->data[8] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b2, 1051 OFDM_RX_FRAME_EHT_STA_RU, 1052 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_B0 | 1053 IEEE80211_RADIOTAP_EHT_DATA8_RU_ALLOC_TB_FMT_B7_B1); 1054 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1055 OFDM_RX_FRAME_EHT_CODING_EXTRA_SYM, 1056 IEEE80211_RADIOTAP_EHT_DATA0_LDPC_EXTRA_SYM_OM); 1057 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1058 OFDM_RX_FRAME_EHT_PRE_FEC_PAD_FACTOR, 1059 IEEE80211_RADIOTAP_EHT_DATA0_PRE_PADD_FACOR_OM); 1060 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1061 OFDM_RX_FRAME_EHT_PE_DISAMBIG, 1062 IEEE80211_RADIOTAP_EHT_DATA0_PE_DISAMBIGUITY_OM); 1063 eht->data[0] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1064 OFDM_RX_FRAME_EHT_NUM_OF_LTF_SYM, 1065 IEEE80211_RADIOTAP_EHT_DATA0_EHT_LTF); 1066 eht->data[1] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b2, 1067 OFDM_RX_FRAME_EHT_STA_RU_P80, 1068 IEEE80211_RADIOTAP_EHT_DATA1_PRIMARY_80); 1069 eht->data[7] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1070 OFDM_RX_FRAME_EHT_NUM_OF_USERS, 1071 IEEE80211_RADIOTAP_EHT_DATA7_NUM_OF_NON_OFDMA_USERS); 1072 1073 iwl_mld_eht_decode_user_ru(phy_data, eht); 1074 1075 iwl_mld_eht_set_ru_alloc(rx_status, 1076 le32_get_bits(phy_data->ntfy->sigs.eht.b2, 1077 OFDM_RX_FRAME_EHT_STA_RU)); 1078 } 1079 1080 static void iwl_mld_decode_eht_phy_data(struct iwl_mld_rx_phy_data *phy_data, 1081 struct ieee80211_rx_status *rx_status, 1082 struct ieee80211_radiotap_eht *eht) 1083 { 1084 u32 he_type = phy_data->rate_n_flags & RATE_MCS_HE_TYPE_MSK; 1085 1086 if (he_type == RATE_MCS_HE_TYPE_TRIG) 1087 iwl_mld_decode_eht_tb(phy_data, rx_status, eht); 1088 else 1089 iwl_mld_decode_eht_non_tb(phy_data, rx_status, eht); 1090 } 1091 1092 static void iwl_mld_rx_eht(struct iwl_mld *mld, struct sk_buff *skb, 1093 struct iwl_mld_rx_phy_data *phy_data) 1094 { 1095 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1096 struct ieee80211_radiotap_eht *eht; 1097 size_t eht_len = sizeof(*eht); 1098 u32 rate_n_flags = phy_data->rate_n_flags; 1099 u32 he_type = rate_n_flags & RATE_MCS_HE_TYPE_MSK; 1100 /* EHT and HE have the same values for LTF */ 1101 u8 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_UNKNOWN; 1102 1103 /* u32 for 1 user_info */ 1104 if (phy_data->with_data) 1105 eht_len += sizeof(u32); 1106 1107 eht = iwl_mld_radiotap_put_tlv(skb, IEEE80211_RADIOTAP_EHT, eht_len); 1108 1109 rx_status->flag |= RX_FLAG_RADIOTAP_TLV_AT_END; 1110 1111 switch (u32_get_bits(rate_n_flags, RATE_MCS_HE_GI_LTF_MSK)) { 1112 case 0: 1113 if (he_type == RATE_MCS_HE_TYPE_TRIG) { 1114 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_1_6; 1115 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_1X; 1116 } else { 1117 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_0_8; 1118 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_2X; 1119 } 1120 break; 1121 case 1: 1122 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_1_6; 1123 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_2X; 1124 break; 1125 case 2: 1126 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 1127 if (he_type == RATE_MCS_HE_TYPE_TRIG) 1128 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_3_2; 1129 else 1130 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_0_8; 1131 break; 1132 case 3: 1133 if (he_type != RATE_MCS_HE_TYPE_TRIG) { 1134 ltf = IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_4X; 1135 rx_status->eht.gi = NL80211_RATE_INFO_EHT_GI_3_2; 1136 } 1137 break; 1138 default: 1139 /* nothing here */ 1140 break; 1141 } 1142 1143 if (ltf != IEEE80211_RADIOTAP_HE_DATA5_LTF_SIZE_UNKNOWN) { 1144 eht->known |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_GI); 1145 eht->data[0] |= le32_encode_bits(ltf, 1146 IEEE80211_RADIOTAP_EHT_DATA0_LTF) | 1147 le32_encode_bits(rx_status->eht.gi, 1148 IEEE80211_RADIOTAP_EHT_DATA0_GI); 1149 } 1150 1151 if (!phy_data->with_data) { 1152 eht->known |= cpu_to_le32(IEEE80211_RADIOTAP_EHT_KNOWN_NSS_S | 1153 IEEE80211_RADIOTAP_EHT_KNOWN_BEAMFORMED_S); 1154 eht->data[7] |= LE32_DEC_ENC(phy_data->ntfy->sigs.eht.b1, 1155 OFDM_RX_FRAME_EHT_NSTS, 1156 IEEE80211_RADIOTAP_EHT_DATA7_NSS_S); 1157 if (rate_n_flags & RATE_MCS_BF_MSK) 1158 eht->data[7] |= 1159 cpu_to_le32(IEEE80211_RADIOTAP_EHT_DATA7_BEAMFORMED_S); 1160 } else { 1161 eht->user_info[0] |= 1162 cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_MCS_KNOWN | 1163 IEEE80211_RADIOTAP_EHT_USER_INFO_CODING_KNOWN | 1164 IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_KNOWN_O | 1165 IEEE80211_RADIOTAP_EHT_USER_INFO_BEAMFORMING_KNOWN_O | 1166 IEEE80211_RADIOTAP_EHT_USER_INFO_DATA_FOR_USER); 1167 1168 if (rate_n_flags & RATE_MCS_BF_MSK) 1169 eht->user_info[0] |= 1170 cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_BEAMFORMING_O); 1171 1172 if (rate_n_flags & RATE_MCS_LDPC_MSK) 1173 eht->user_info[0] |= 1174 cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_CODING); 1175 1176 eht->user_info[0] |= 1177 le32_encode_bits(u32_get_bits(rate_n_flags, 1178 RATE_VHT_MCS_RATE_CODE_MSK), 1179 IEEE80211_RADIOTAP_EHT_USER_INFO_MCS) | 1180 le32_encode_bits(u32_get_bits(rate_n_flags, 1181 RATE_MCS_NSS_MSK), 1182 IEEE80211_RADIOTAP_EHT_USER_INFO_NSS_O); 1183 } 1184 1185 if (likely(!phy_data->ntfy)) 1186 return; 1187 1188 if (phy_data->with_data) { 1189 eht->user_info[0] |= 1190 cpu_to_le32(IEEE80211_RADIOTAP_EHT_USER_INFO_STA_ID_KNOWN) | 1191 LE32_DEC_ENC(phy_data->ntfy->sigs.eht.user_id, 1192 OFDM_RX_FRAME_EHT_USER_FIELD_ID, 1193 IEEE80211_RADIOTAP_EHT_USER_INFO_STA_ID); 1194 } 1195 1196 iwl_mld_decode_eht_usig(phy_data, skb); 1197 iwl_mld_decode_eht_phy_data(phy_data, rx_status, eht); 1198 } 1199 1200 #ifdef CONFIG_IWLWIFI_DEBUGFS 1201 static void iwl_mld_add_rtap_sniffer_config(struct iwl_mld *mld, 1202 struct sk_buff *skb) 1203 { 1204 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1205 struct ieee80211_radiotap_vendor_content *radiotap; 1206 const u16 vendor_data_len = sizeof(mld->monitor.cur_aid); 1207 1208 if (!mld->monitor.cur_aid) 1209 return; 1210 1211 radiotap = 1212 iwl_mld_radiotap_put_tlv(skb, 1213 IEEE80211_RADIOTAP_VENDOR_NAMESPACE, 1214 sizeof(*radiotap) + vendor_data_len); 1215 1216 /* Intel OUI */ 1217 radiotap->oui[0] = 0xf6; 1218 radiotap->oui[1] = 0x54; 1219 radiotap->oui[2] = 0x25; 1220 /* Intel OUI default radiotap subtype */ 1221 radiotap->oui_subtype = 1; 1222 /* Sniffer config element type */ 1223 radiotap->vendor_type = 0; 1224 1225 /* fill the data now */ 1226 memcpy(radiotap->data, &mld->monitor.cur_aid, 1227 sizeof(mld->monitor.cur_aid)); 1228 1229 rx_status->flag |= RX_FLAG_RADIOTAP_TLV_AT_END; 1230 } 1231 #endif 1232 1233 static void iwl_mld_add_rtap_sniffer_phy_data(struct iwl_mld *mld, 1234 struct sk_buff *skb, 1235 struct iwl_rx_phy_air_sniffer_ntfy *ntfy) 1236 { 1237 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1238 struct ieee80211_radiotap_vendor_content *radiotap; 1239 const u16 vendor_data_len = sizeof(*ntfy); 1240 1241 radiotap = 1242 iwl_mld_radiotap_put_tlv(skb, 1243 IEEE80211_RADIOTAP_VENDOR_NAMESPACE, 1244 sizeof(*radiotap) + vendor_data_len); 1245 1246 /* Intel OUI */ 1247 radiotap->oui[0] = 0xf6; 1248 radiotap->oui[1] = 0x54; 1249 radiotap->oui[2] = 0x25; 1250 /* Intel OUI default radiotap subtype */ 1251 radiotap->oui_subtype = 1; 1252 /* PHY data element type */ 1253 radiotap->vendor_type = cpu_to_le16(1); 1254 1255 /* fill the data now */ 1256 memcpy(radiotap->data, ntfy, vendor_data_len); 1257 1258 rx_status->flag |= RX_FLAG_RADIOTAP_TLV_AT_END; 1259 } 1260 1261 static void 1262 iwl_mld_set_rx_nonlegacy_rate_info(u32 rate_n_flags, 1263 struct ieee80211_rx_status *rx_status) 1264 { 1265 u8 stbc = u32_get_bits(rate_n_flags, RATE_MCS_STBC_MSK); 1266 1267 /* NSS may be overridden by PHY ntfy with full value */ 1268 rx_status->nss = u32_get_bits(rate_n_flags, RATE_MCS_NSS_MSK) + 1; 1269 rx_status->rate_idx = rate_n_flags & RATE_MCS_CODE_MSK; 1270 rx_status->enc_flags |= stbc << RX_ENC_FLAG_STBC_SHIFT; 1271 if (rate_n_flags & RATE_MCS_LDPC_MSK) 1272 rx_status->enc_flags |= RX_ENC_FLAG_LDPC; 1273 } 1274 1275 static void iwl_mld_set_rx_rate(struct iwl_mld *mld, 1276 struct iwl_mld_rx_phy_data *phy_data, 1277 struct ieee80211_rx_status *rx_status) 1278 { 1279 u32 rate_n_flags = phy_data->rate_n_flags; 1280 u8 stbc = u32_get_bits(rate_n_flags, RATE_MCS_STBC_MSK); 1281 u32 format = rate_n_flags & RATE_MCS_MOD_TYPE_MSK; 1282 bool is_sgi = rate_n_flags & RATE_MCS_SGI_MSK; 1283 1284 /* bandwidth may be overridden to RU by PHY ntfy */ 1285 switch (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) { 1286 case RATE_MCS_CHAN_WIDTH_20: 1287 break; 1288 case RATE_MCS_CHAN_WIDTH_40: 1289 rx_status->bw = RATE_INFO_BW_40; 1290 break; 1291 case RATE_MCS_CHAN_WIDTH_80: 1292 rx_status->bw = RATE_INFO_BW_80; 1293 break; 1294 case RATE_MCS_CHAN_WIDTH_160: 1295 rx_status->bw = RATE_INFO_BW_160; 1296 break; 1297 case RATE_MCS_CHAN_WIDTH_320: 1298 rx_status->bw = RATE_INFO_BW_320; 1299 break; 1300 } 1301 1302 switch (format) { 1303 case RATE_MCS_MOD_TYPE_CCK: 1304 if (phy_data->phy_info & IWL_RX_MPDU_PHY_SHORT_PREAMBLE) 1305 rx_status->enc_flags |= RX_ENC_FLAG_SHORTPRE; 1306 fallthrough; 1307 case RATE_MCS_MOD_TYPE_LEGACY_OFDM: { 1308 int rate = 1309 iwl_mld_legacy_hw_idx_to_mac80211_idx(rate_n_flags, 1310 rx_status->band); 1311 1312 /* override BW - it could be DUP and indicate the wrong BW */ 1313 rx_status->bw = RATE_INFO_BW_20; 1314 1315 /* valid rate */ 1316 if (rate >= 0 && rate <= 0xFF) { 1317 rx_status->rate_idx = rate; 1318 break; 1319 } 1320 1321 /* invalid rate */ 1322 rx_status->rate_idx = 0; 1323 1324 /* 1325 * In monitor mode we can see CCK frames on 5 or 6 GHz, usually 1326 * just the (possibly malformed) PHY header by accident, since 1327 * the decoder doesn't seem to turn off CCK. We cannot correctly 1328 * encode the rate to mac80211 (and therefore not in radiotap) 1329 * since we give the per-band index which doesn't cover those 1330 * rates. 1331 */ 1332 if (!mld->monitor.on && net_ratelimit()) 1333 IWL_ERR(mld, "invalid rate_n_flags=0x%x, band=%d\n", 1334 rate_n_flags, rx_status->band); 1335 break; 1336 } 1337 case RATE_MCS_MOD_TYPE_HT: 1338 rx_status->encoding = RX_ENC_HT; 1339 rx_status->rate_idx = RATE_HT_MCS_INDEX(rate_n_flags); 1340 rx_status->enc_flags |= stbc << RX_ENC_FLAG_STBC_SHIFT; 1341 break; 1342 case RATE_MCS_MOD_TYPE_VHT: 1343 rx_status->encoding = RX_ENC_VHT; 1344 iwl_mld_set_rx_nonlegacy_rate_info(rate_n_flags, rx_status); 1345 break; 1346 case RATE_MCS_MOD_TYPE_HE: 1347 rx_status->encoding = RX_ENC_HE; 1348 rx_status->he_dcm = 1349 !!(rate_n_flags & RATE_HE_DUAL_CARRIER_MODE_MSK); 1350 iwl_mld_set_rx_nonlegacy_rate_info(rate_n_flags, rx_status); 1351 break; 1352 case RATE_MCS_MOD_TYPE_EHT: 1353 rx_status->encoding = RX_ENC_EHT; 1354 iwl_mld_set_rx_nonlegacy_rate_info(rate_n_flags, rx_status); 1355 break; 1356 default: 1357 WARN_ON_ONCE(1); 1358 } 1359 1360 if (format != RATE_MCS_MOD_TYPE_CCK && is_sgi) 1361 rx_status->enc_flags |= RX_ENC_FLAG_SHORT_GI; 1362 } 1363 1364 /* Note: hdr can be NULL */ 1365 static void iwl_mld_rx_fill_status(struct iwl_mld *mld, int link_id, 1366 struct ieee80211_hdr *hdr, 1367 struct sk_buff *skb, 1368 struct iwl_mld_rx_phy_data *phy_data) 1369 { 1370 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb); 1371 u32 rate_n_flags = phy_data->rate_n_flags; 1372 u32 format = rate_n_flags & RATE_MCS_MOD_TYPE_MSK; 1373 1374 iwl_mld_fill_signal(mld, link_id, hdr, rx_status, phy_data); 1375 1376 rx_status->device_timestamp = phy_data->gp2_on_air_rise; 1377 1378 iwl_mld_set_rx_rate(mld, phy_data, rx_status); 1379 1380 /* must be before L-SIG data (radiotap field order) */ 1381 if (format == RATE_MCS_MOD_TYPE_HE) 1382 iwl_mld_rx_he(skb, phy_data); 1383 1384 iwl_mld_decode_lsig(skb, phy_data); 1385 1386 /* TLVs - must be after radiotap fixed fields */ 1387 if (format == RATE_MCS_MOD_TYPE_EHT) 1388 iwl_mld_rx_eht(mld, skb, phy_data); 1389 1390 #ifdef CONFIG_IWLWIFI_DEBUGFS 1391 if (unlikely(mld->monitor.on)) { 1392 iwl_mld_add_rtap_sniffer_config(mld, skb); 1393 1394 if (mld->monitor.ptp_time) { 1395 u64 adj_time = 1396 iwl_mld_ptp_get_adj_time(mld, 1397 phy_data->gp2_on_air_rise * 1398 NSEC_PER_USEC); 1399 1400 rx_status->mactime = div64_u64(adj_time, NSEC_PER_USEC); 1401 rx_status->flag |= RX_FLAG_MACTIME_IS_RTAP_TS64; 1402 rx_status->flag &= ~RX_FLAG_MACTIME; 1403 } 1404 } 1405 #endif 1406 1407 if (phy_data->ntfy) 1408 iwl_mld_add_rtap_sniffer_phy_data(mld, skb, phy_data->ntfy); 1409 } 1410 1411 /* iwl_mld_create_skb adds the rxb to a new skb */ 1412 static int iwl_mld_build_rx_skb(struct iwl_mld *mld, struct sk_buff *skb, 1413 struct ieee80211_hdr *hdr, u16 len, 1414 u8 crypt_len, struct iwl_rx_cmd_buffer *rxb) 1415 { 1416 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1417 struct iwl_rx_mpdu_desc *desc = (void *)pkt->data; 1418 unsigned int headlen, fraglen, pad_len = 0; 1419 unsigned int hdrlen = ieee80211_hdrlen(hdr->frame_control); 1420 u8 mic_crc_len = u8_get_bits(desc->mac_flags1, 1421 IWL_RX_MPDU_MFLG1_MIC_CRC_LEN_MASK) << 1; 1422 1423 if (desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) { 1424 len -= 2; 1425 pad_len = 2; 1426 } 1427 1428 /* For non monitor interface strip the bytes the RADA might not have 1429 * removed (it might be disabled, e.g. for mgmt frames). As a monitor 1430 * interface cannot exist with other interfaces, this removal is safe 1431 * and sufficient, in monitor mode there's no decryption being done. 1432 */ 1433 if (len > mic_crc_len && !ieee80211_hw_check(mld->hw, RX_INCLUDES_FCS)) 1434 len -= mic_crc_len; 1435 1436 /* If frame is small enough to fit in skb->head, pull it completely. 1437 * If not, only pull ieee80211_hdr (including crypto if present, and 1438 * an additional 8 bytes for SNAP/ethertype, see below) so that 1439 * splice() or TCP coalesce are more efficient. 1440 * 1441 * Since, in addition, ieee80211_data_to_8023() always pull in at 1442 * least 8 bytes (possibly more for mesh) we can do the same here 1443 * to save the cost of doing it later. That still doesn't pull in 1444 * the actual IP header since the typical case has a SNAP header. 1445 * If the latter changes (there are efforts in the standards group 1446 * to do so) we should revisit this and ieee80211_data_to_8023(). 1447 */ 1448 headlen = (len <= skb_tailroom(skb)) ? len : hdrlen + crypt_len + 8; 1449 1450 /* The firmware may align the packet to DWORD. 1451 * The padding is inserted after the IV. 1452 * After copying the header + IV skip the padding if 1453 * present before copying packet data. 1454 */ 1455 hdrlen += crypt_len; 1456 1457 if (unlikely(headlen < hdrlen)) 1458 return -EINVAL; 1459 1460 /* Since data doesn't move data while putting data on skb and that is 1461 * the only way we use, data + len is the next place that hdr would 1462 * be put 1463 */ 1464 skb_set_mac_header(skb, skb->len); 1465 skb_put_data(skb, hdr, hdrlen); 1466 skb_put_data(skb, (u8 *)hdr + hdrlen + pad_len, headlen - hdrlen); 1467 1468 if (skb->ip_summed == CHECKSUM_COMPLETE) { 1469 struct { 1470 u8 hdr[6]; 1471 __be16 type; 1472 } __packed *shdr = (void *)((u8 *)hdr + hdrlen + pad_len); 1473 1474 if (unlikely(headlen - hdrlen < sizeof(*shdr) || 1475 !ether_addr_equal(shdr->hdr, rfc1042_header) || 1476 (shdr->type != htons(ETH_P_IP) && 1477 shdr->type != htons(ETH_P_ARP) && 1478 shdr->type != htons(ETH_P_IPV6) && 1479 shdr->type != htons(ETH_P_8021Q) && 1480 shdr->type != htons(ETH_P_PAE) && 1481 shdr->type != htons(ETH_P_TDLS)))) 1482 skb->ip_summed = CHECKSUM_NONE; 1483 } 1484 1485 fraglen = len - headlen; 1486 1487 if (fraglen) { 1488 int offset = (u8 *)hdr + headlen + pad_len - 1489 (u8 *)rxb_addr(rxb) + rxb_offset(rxb); 1490 1491 skb_add_rx_frag(skb, 0, rxb_steal_page(rxb), offset, 1492 fraglen, rxb->truesize); 1493 } 1494 1495 return 0; 1496 } 1497 1498 /* returns true if a packet is a duplicate or invalid tid and 1499 * should be dropped. Updates AMSDU PN tracking info 1500 */ 1501 VISIBLE_IF_IWLWIFI_KUNIT 1502 bool 1503 iwl_mld_is_dup(struct iwl_mld *mld, struct ieee80211_sta *sta, 1504 struct ieee80211_hdr *hdr, 1505 const struct iwl_rx_mpdu_desc *mpdu_desc, 1506 struct ieee80211_rx_status *rx_status, int queue) 1507 { 1508 struct iwl_mld_sta *mld_sta; 1509 struct iwl_mld_rxq_dup_data *dup_data; 1510 u8 tid, sub_frame_idx; 1511 1512 if (WARN_ON(!sta)) 1513 return false; 1514 1515 mld_sta = iwl_mld_sta_from_mac80211(sta); 1516 1517 if (WARN_ON_ONCE(!mld_sta->dup_data)) 1518 return false; 1519 1520 dup_data = &mld_sta->dup_data[queue]; 1521 1522 /* Drop duplicate 802.11 retransmissions 1523 * (IEEE 802.11-2020: 10.3.2.14 "Duplicate detection and recovery") 1524 */ 1525 if (ieee80211_is_ctl(hdr->frame_control) || 1526 ieee80211_is_any_nullfunc(hdr->frame_control) || 1527 is_multicast_ether_addr(hdr->addr1)) 1528 return false; 1529 1530 if (ieee80211_is_data_qos(hdr->frame_control)) { 1531 /* frame has qos control */ 1532 tid = ieee80211_get_tid(hdr); 1533 if (tid >= IWL_MAX_TID_COUNT) 1534 return true; 1535 } else { 1536 tid = IWL_MAX_TID_COUNT; 1537 } 1538 1539 /* If this wasn't a part of an A-MSDU the sub-frame index will be 0 */ 1540 sub_frame_idx = mpdu_desc->amsdu_info & 1541 IWL_RX_MPDU_AMSDU_SUBFRAME_IDX_MASK; 1542 1543 if (IWL_FW_CHECK(mld, 1544 sub_frame_idx > 0 && 1545 !(mpdu_desc->mac_flags2 & IWL_RX_MPDU_MFLG2_AMSDU), 1546 "got sub_frame_idx=%d but A-MSDU flag is not set\n", 1547 sub_frame_idx)) 1548 return true; 1549 1550 if (unlikely(ieee80211_has_retry(hdr->frame_control) && 1551 dup_data->last_seq[tid] == hdr->seq_ctrl && 1552 dup_data->last_sub_frame_idx[tid] >= sub_frame_idx)) 1553 return true; 1554 1555 /* Allow same PN as the first subframe for following sub frames */ 1556 if (dup_data->last_seq[tid] == hdr->seq_ctrl && 1557 sub_frame_idx > dup_data->last_sub_frame_idx[tid]) 1558 rx_status->flag |= RX_FLAG_ALLOW_SAME_PN; 1559 1560 dup_data->last_seq[tid] = hdr->seq_ctrl; 1561 dup_data->last_sub_frame_idx[tid] = sub_frame_idx; 1562 1563 rx_status->flag |= RX_FLAG_DUP_VALIDATED; 1564 1565 return false; 1566 } 1567 EXPORT_SYMBOL_IF_IWLWIFI_KUNIT(iwl_mld_is_dup); 1568 1569 static void iwl_mld_update_last_rx_timestamp(struct iwl_mld *mld, u8 baid) 1570 { 1571 unsigned long now = jiffies; 1572 unsigned long timeout; 1573 struct iwl_mld_baid_data *ba_data; 1574 1575 ba_data = rcu_dereference(mld->fw_id_to_ba[baid]); 1576 if (!ba_data) { 1577 IWL_DEBUG_HT(mld, "BAID %d not found in map\n", baid); 1578 return; 1579 } 1580 1581 if (!ba_data->timeout) 1582 return; 1583 1584 /* To minimize cache bouncing between RX queues, avoid frequent updates 1585 * to last_rx_timestamp. update it only when the timeout period has 1586 * passed. The worst-case scenario is the session expiring after 1587 * approximately 2 * timeout, which is negligible (the update is 1588 * atomic). 1589 */ 1590 timeout = TU_TO_JIFFIES(ba_data->timeout); 1591 if (time_is_before_jiffies(ba_data->last_rx_timestamp + timeout)) 1592 ba_data->last_rx_timestamp = now; 1593 } 1594 1595 /* Processes received packets for a station. 1596 * Sets *drop to true if the packet should be dropped. 1597 * Returns the station if found, or NULL otherwise. 1598 */ 1599 static struct ieee80211_sta * 1600 iwl_mld_rx_with_sta(struct iwl_mld *mld, struct ieee80211_hdr *hdr, 1601 struct sk_buff *skb, 1602 const struct iwl_rx_mpdu_desc *mpdu_desc, 1603 const struct iwl_rx_packet *pkt, int queue, bool *drop) 1604 { 1605 struct ieee80211_sta *sta = NULL; 1606 struct ieee80211_link_sta *link_sta = NULL; 1607 struct ieee80211_rx_status *rx_status; 1608 u8 baid; 1609 1610 if (mpdu_desc->status & cpu_to_le32(IWL_RX_MPDU_STATUS_SRC_STA_FOUND)) { 1611 u8 sta_id = le32_get_bits(mpdu_desc->status, 1612 IWL_RX_MPDU_STATUS_STA_ID); 1613 1614 if (IWL_FW_CHECK(mld, 1615 sta_id >= mld->fw->ucode_capa.num_stations, 1616 "rx_mpdu: invalid sta_id %d\n", sta_id)) 1617 return NULL; 1618 1619 link_sta = rcu_dereference(mld->fw_id_to_link_sta[sta_id]); 1620 if (!IS_ERR_OR_NULL(link_sta)) 1621 sta = link_sta->sta; 1622 } else if (!is_multicast_ether_addr(hdr->addr2)) { 1623 /* Passing NULL is fine since we prevent two stations with the 1624 * same address from being added. 1625 */ 1626 sta = ieee80211_find_sta_by_ifaddr(mld->hw, hdr->addr2, NULL); 1627 } 1628 1629 /* we may not have any station yet */ 1630 if (!sta) 1631 return NULL; 1632 1633 rx_status = IEEE80211_SKB_RXCB(skb); 1634 1635 if (link_sta && sta->valid_links) { 1636 rx_status->link_valid = true; 1637 rx_status->link_id = link_sta->link_id; 1638 } 1639 1640 /* fill checksum */ 1641 if (ieee80211_is_data(hdr->frame_control) && 1642 pkt->len_n_flags & cpu_to_le32(FH_RSCSR_RPA_EN)) { 1643 u16 hwsum = be16_to_cpu(mpdu_desc->v3.raw_xsum); 1644 1645 skb->ip_summed = CHECKSUM_COMPLETE; 1646 skb->csum = csum_unfold(~(__force __sum16)hwsum); 1647 } 1648 1649 if (iwl_mld_is_dup(mld, sta, hdr, mpdu_desc, rx_status, queue)) { 1650 IWL_DEBUG_DROP(mld, "Dropping duplicate packet 0x%x\n", 1651 le16_to_cpu(hdr->seq_ctrl)); 1652 *drop = true; 1653 return NULL; 1654 } 1655 1656 baid = le32_get_bits(mpdu_desc->reorder_data, 1657 IWL_RX_MPDU_REORDER_BAID_MASK); 1658 if (baid != IWL_RX_REORDER_DATA_INVALID_BAID) 1659 iwl_mld_update_last_rx_timestamp(mld, baid); 1660 1661 if (link_sta && ieee80211_is_data(hdr->frame_control)) { 1662 u8 sub_frame_idx = mpdu_desc->amsdu_info & 1663 IWL_RX_MPDU_AMSDU_SUBFRAME_IDX_MASK; 1664 1665 /* 0 means not an A-MSDU, and 1 means a new A-MSDU */ 1666 if (!sub_frame_idx || sub_frame_idx == 1) 1667 iwl_mld_count_mpdu_rx(link_sta, queue, 1); 1668 1669 if (!is_multicast_ether_addr(hdr->addr1)) 1670 iwl_mld_low_latency_update_counters(mld, hdr, sta, 1671 queue); 1672 } 1673 1674 return sta; 1675 } 1676 1677 static int iwl_mld_rx_mgmt_prot(struct ieee80211_sta *sta, 1678 struct ieee80211_hdr *hdr, 1679 struct ieee80211_rx_status *rx_status, 1680 u32 mpdu_status, 1681 u32 mpdu_len) 1682 { 1683 struct iwl_mld_link *link; 1684 struct wireless_dev *wdev; 1685 struct iwl_mld_sta *mld_sta; 1686 struct iwl_mld_vif *mld_vif; 1687 u8 keyidx; 1688 struct ieee80211_key_conf *key; 1689 const u8 *frame = (void *)hdr; 1690 const u8 *mmie; 1691 u8 link_id; 1692 1693 if ((mpdu_status & IWL_RX_MPDU_STATUS_SEC_MASK) == 1694 IWL_RX_MPDU_STATUS_SEC_NONE) 1695 return 0; 1696 1697 /* For non-beacon, we don't really care. But beacons may 1698 * be filtered out, and we thus need the firmware's replay 1699 * detection, otherwise beacons the firmware previously 1700 * filtered could be replayed, or something like that, and 1701 * it can filter a lot - though usually only if nothing has 1702 * changed. 1703 */ 1704 if (!ieee80211_is_beacon(hdr->frame_control)) 1705 return 0; 1706 1707 if (!sta) 1708 return -1; 1709 1710 mld_sta = iwl_mld_sta_from_mac80211(sta); 1711 mld_vif = iwl_mld_vif_from_mac80211(mld_sta->vif); 1712 1713 /* key mismatch - will also report !MIC_OK but we shouldn't count it */ 1714 if (!(mpdu_status & IWL_RX_MPDU_STATUS_KEY_VALID)) 1715 goto report; 1716 1717 /* good cases */ 1718 if (likely(mpdu_status & IWL_RX_MPDU_STATUS_MIC_OK && 1719 !(mpdu_status & IWL_RX_MPDU_STATUS_REPLAY_ERROR))) { 1720 rx_status->flag |= RX_FLAG_DECRYPTED; 1721 return 0; 1722 } 1723 1724 link_id = rx_status->link_valid ? rx_status->link_id : 0; 1725 link = rcu_dereference(mld_vif->link[link_id]); 1726 if (WARN_ON_ONCE(!link)) 1727 return -1; 1728 1729 /* both keys will have the same cipher and MIC length, use 1730 * whichever one is available 1731 */ 1732 key = rcu_dereference(link->bigtks[0]); 1733 if (!key) { 1734 key = rcu_dereference(link->bigtks[1]); 1735 if (!key) 1736 goto report; 1737 } 1738 1739 /* get the real key ID */ 1740 if (mpdu_len < key->icv_len) 1741 goto report; 1742 1743 mmie = frame + (mpdu_len - key->icv_len); 1744 1745 /* the position of the key_id in ieee80211_mmie_16 is the same */ 1746 keyidx = le16_to_cpu(((const struct ieee80211_mmie *) mmie)->key_id); 1747 1748 /* and if that's the other key, look it up */ 1749 if (keyidx != key->keyidx) { 1750 /* shouldn't happen since firmware checked, but be safe 1751 * in case the MIC length is wrong too, for example 1752 */ 1753 if (keyidx != 6 && keyidx != 7) 1754 return -1; 1755 1756 key = rcu_dereference(link->bigtks[keyidx - 6]); 1757 if (!key) 1758 goto report; 1759 } 1760 1761 /* Report status to mac80211 */ 1762 if (!(mpdu_status & IWL_RX_MPDU_STATUS_MIC_OK)) 1763 ieee80211_key_mic_failure(key); 1764 else if (mpdu_status & IWL_RX_MPDU_STATUS_REPLAY_ERROR) 1765 ieee80211_key_replay(key); 1766 report: 1767 wdev = ieee80211_vif_to_wdev(mld_sta->vif); 1768 if (wdev->netdev) 1769 cfg80211_rx_unprot_mlme_mgmt(wdev->netdev, (void *)hdr, 1770 mpdu_len); 1771 1772 return -1; 1773 } 1774 1775 static int iwl_mld_rx_crypto(struct iwl_mld *mld, 1776 struct ieee80211_sta *sta, 1777 struct ieee80211_hdr *hdr, 1778 struct ieee80211_rx_status *rx_status, 1779 struct iwl_rx_mpdu_desc *desc, int queue, 1780 u32 pkt_flags, u8 *crypto_len) 1781 { 1782 u32 status = le32_to_cpu(desc->status); 1783 1784 if (unlikely(ieee80211_is_mgmt(hdr->frame_control) && 1785 !ieee80211_has_protected(hdr->frame_control))) 1786 return iwl_mld_rx_mgmt_prot(sta, hdr, rx_status, status, 1787 le16_to_cpu(desc->mpdu_len)); 1788 1789 if (!ieee80211_has_protected(hdr->frame_control) || 1790 (status & IWL_RX_MPDU_STATUS_SEC_MASK) == 1791 IWL_RX_MPDU_STATUS_SEC_NONE) 1792 return 0; 1793 1794 switch (status & IWL_RX_MPDU_STATUS_SEC_MASK) { 1795 case IWL_RX_MPDU_STATUS_SEC_CCM: 1796 case IWL_RX_MPDU_STATUS_SEC_GCM: 1797 BUILD_BUG_ON(IEEE80211_CCMP_PN_LEN != IEEE80211_GCMP_PN_LEN); 1798 if (!(status & IWL_RX_MPDU_STATUS_MIC_OK)) { 1799 IWL_DEBUG_DROP(mld, 1800 "Dropping packet, bad MIC (CCM/GCM)\n"); 1801 return -1; 1802 } 1803 1804 rx_status->flag |= RX_FLAG_DECRYPTED | RX_FLAG_MIC_STRIPPED; 1805 *crypto_len = IEEE80211_CCMP_HDR_LEN; 1806 return 0; 1807 case IWL_RX_MPDU_STATUS_SEC_TKIP: 1808 if (!(status & IWL_RX_MPDU_STATUS_ICV_OK)) 1809 return -1; 1810 1811 if (!(status & RX_MPDU_RES_STATUS_MIC_OK)) 1812 rx_status->flag |= RX_FLAG_MMIC_ERROR; 1813 1814 if (pkt_flags & FH_RSCSR_RADA_EN) { 1815 rx_status->flag |= RX_FLAG_ICV_STRIPPED; 1816 rx_status->flag |= RX_FLAG_MMIC_STRIPPED; 1817 } 1818 1819 *crypto_len = IEEE80211_TKIP_IV_LEN; 1820 rx_status->flag |= RX_FLAG_DECRYPTED; 1821 return 0; 1822 default: 1823 break; 1824 } 1825 1826 return 0; 1827 } 1828 1829 static void iwl_mld_rx_update_ampdu_data(struct iwl_mld *mld, 1830 struct iwl_mld_rx_phy_data *phy_data, 1831 struct ieee80211_rx_status *rx_status) 1832 { 1833 u32 format = phy_data->rate_n_flags & RATE_MCS_MOD_TYPE_MSK; 1834 bool toggle_bit = 1835 phy_data->phy_info & IWL_RX_MPDU_PHY_AMPDU_TOGGLE; 1836 1837 switch (format) { 1838 case RATE_MCS_MOD_TYPE_CCK: 1839 case RATE_MCS_MOD_TYPE_LEGACY_OFDM: 1840 /* no aggregation possible */ 1841 return; 1842 case RATE_MCS_MOD_TYPE_HT: 1843 case RATE_MCS_MOD_TYPE_VHT: 1844 /* single frames are not A-MPDU format */ 1845 if (!(phy_data->phy_info & IWL_RX_MPDU_PHY_AMPDU)) 1846 return; 1847 break; 1848 default: 1849 /* HE/EHT/UHR have A-MPDU format for single frames */ 1850 if (!(phy_data->phy_info & IWL_RX_MPDU_PHY_AMPDU)) { 1851 rx_status->flag |= RX_FLAG_AMPDU_DETAILS; 1852 rx_status->flag |= RX_FLAG_AMPDU_EOF_BIT_KNOWN; 1853 if (phy_data->phy_info & IWL_RX_MPDU_PHY_EOF_INDICATION) 1854 rx_status->flag |= RX_FLAG_AMPDU_EOF_BIT; 1855 return; 1856 } 1857 } 1858 1859 rx_status->flag |= RX_FLAG_AMPDU_DETAILS; 1860 /* Toggle is switched whenever new aggregation starts. Make 1861 * sure ampdu_reference is never 0 so we can later use it to 1862 * see if the frame was really part of an A-MPDU or not. 1863 */ 1864 if (toggle_bit != mld->monitor.ampdu_toggle) { 1865 mld->monitor.ampdu_ref++; 1866 if (mld->monitor.ampdu_ref == 0) 1867 mld->monitor.ampdu_ref++; 1868 mld->monitor.ampdu_toggle = toggle_bit; 1869 phy_data->first_subframe = true; 1870 1871 /* report EOF bit on the first subframe */ 1872 rx_status->flag |= RX_FLAG_AMPDU_EOF_BIT_KNOWN; 1873 if (phy_data->phy_info & IWL_RX_MPDU_PHY_EOF_INDICATION) 1874 rx_status->flag |= RX_FLAG_AMPDU_EOF_BIT; 1875 } 1876 rx_status->ampdu_reference = mld->monitor.ampdu_ref; 1877 } 1878 1879 static void 1880 iwl_mld_fill_rx_status_band_freq(struct ieee80211_rx_status *rx_status, 1881 u8 band, u8 channel) 1882 { 1883 rx_status->band = iwl_mld_phy_band_to_nl80211(band); 1884 rx_status->freq = ieee80211_channel_to_frequency(channel, 1885 rx_status->band); 1886 } 1887 1888 void iwl_mld_rx_mpdu(struct iwl_mld *mld, struct napi_struct *napi, 1889 struct iwl_rx_cmd_buffer *rxb, int queue) 1890 { 1891 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1892 struct iwl_mld_rx_phy_data phy_data = {}; 1893 struct iwl_rx_mpdu_desc *mpdu_desc = (void *)pkt->data; 1894 struct ieee80211_sta *sta; 1895 struct ieee80211_hdr *hdr; 1896 struct sk_buff *skb; 1897 size_t mpdu_desc_size = sizeof(*mpdu_desc); 1898 bool drop = false; 1899 u8 crypto_len = 0, band, link_id; 1900 u32 pkt_len = iwl_rx_packet_payload_len(pkt); 1901 u32 mpdu_len; 1902 enum iwl_mld_reorder_result reorder_res; 1903 struct ieee80211_rx_status *rx_status; 1904 unsigned int alloc_size = 128; 1905 1906 if (unlikely(mld->fw_status.in_hw_restart)) 1907 return; 1908 1909 if (IWL_FW_CHECK(mld, pkt_len < mpdu_desc_size, 1910 "Bad REPLY_RX_MPDU_CMD size (%d)\n", pkt_len)) 1911 return; 1912 1913 mpdu_len = le16_to_cpu(mpdu_desc->mpdu_len); 1914 1915 if (IWL_FW_CHECK(mld, mpdu_len + mpdu_desc_size > pkt_len, 1916 "FW lied about packet len (%d)\n", pkt_len)) 1917 return; 1918 1919 iwl_mld_fill_phy_data_from_mpdu(mld, mpdu_desc, &phy_data); 1920 1921 /* Don't use dev_alloc_skb(), we'll have enough headroom once 1922 * ieee80211_hdr pulled. 1923 * 1924 * For monitor mode we need more space to include the full PHY 1925 * notification data. 1926 */ 1927 if (unlikely(mld->monitor.on) && phy_data.ntfy) 1928 alloc_size += sizeof(struct iwl_rx_phy_air_sniffer_ntfy); 1929 skb = alloc_skb(alloc_size, GFP_ATOMIC); 1930 if (!skb) { 1931 IWL_ERR(mld, "alloc_skb failed\n"); 1932 return; 1933 } 1934 1935 hdr = (void *)(pkt->data + mpdu_desc_size); 1936 1937 if (mpdu_desc->mac_flags2 & IWL_RX_MPDU_MFLG2_PAD) { 1938 /* If the device inserted padding it means that (it thought) 1939 * the 802.11 header wasn't a multiple of 4 bytes long. In 1940 * this case, reserve two bytes at the start of the SKB to 1941 * align the payload properly in case we end up copying it. 1942 */ 1943 skb_reserve(skb, 2); 1944 } 1945 1946 rx_status = IEEE80211_SKB_RXCB(skb); 1947 1948 /* this is needed early */ 1949 band = u8_get_bits(mpdu_desc->mac_phy_band, 1950 IWL_RX_MPDU_MAC_PHY_BAND_BAND_MASK); 1951 iwl_mld_fill_rx_status_band_freq(rx_status, band, 1952 mpdu_desc->v3.channel); 1953 1954 1955 rcu_read_lock(); 1956 1957 sta = iwl_mld_rx_with_sta(mld, hdr, skb, mpdu_desc, pkt, queue, &drop); 1958 if (drop) 1959 goto drop; 1960 1961 if (unlikely(mld->monitor.on)) 1962 iwl_mld_rx_update_ampdu_data(mld, &phy_data, rx_status); 1963 1964 /* Keep packets with CRC errors (and with overrun) for monitor mode 1965 * (otherwise the firmware discards them) but mark them as bad. 1966 */ 1967 if (!(mpdu_desc->status & cpu_to_le32(IWL_RX_MPDU_STATUS_CRC_OK)) || 1968 !(mpdu_desc->status & cpu_to_le32(IWL_RX_MPDU_STATUS_OVERRUN_OK))) { 1969 IWL_DEBUG_RX(mld, "Bad CRC or FIFO: 0x%08X.\n", 1970 le32_to_cpu(mpdu_desc->status)); 1971 rx_status->flag |= RX_FLAG_FAILED_FCS_CRC; 1972 } 1973 1974 if (likely(!(phy_data.phy_info & IWL_RX_MPDU_PHY_TSF_OVERLOAD))) { 1975 rx_status->mactime = 1976 le64_to_cpu(mpdu_desc->v3.tsf_on_air_rise); 1977 1978 /* TSF as indicated by the firmware is at INA time */ 1979 rx_status->flag |= RX_FLAG_MACTIME_PLCP_START; 1980 } 1981 1982 /* management stuff on default queue */ 1983 if (!queue && unlikely(ieee80211_is_beacon(hdr->frame_control) || 1984 ieee80211_is_probe_resp(hdr->frame_control))) { 1985 rx_status->boottime_ns = ktime_get_boottime_ns(); 1986 1987 if (mld->scan.pass_all_sched_res == 1988 SCHED_SCAN_PASS_ALL_STATE_ENABLED) 1989 mld->scan.pass_all_sched_res = 1990 SCHED_SCAN_PASS_ALL_STATE_FOUND; 1991 } 1992 1993 link_id = u8_get_bits(mpdu_desc->mac_phy_band, 1994 IWL_RX_MPDU_MAC_PHY_BAND_LINK_MASK); 1995 1996 iwl_mld_rx_fill_status(mld, link_id, hdr, skb, &phy_data); 1997 1998 if (iwl_mld_rx_crypto(mld, sta, hdr, rx_status, mpdu_desc, queue, 1999 le32_to_cpu(pkt->len_n_flags), &crypto_len)) 2000 goto drop; 2001 2002 if (iwl_mld_build_rx_skb(mld, skb, hdr, mpdu_len, crypto_len, rxb)) 2003 goto drop; 2004 2005 /* time sync frame is saved and will be released later when the 2006 * notification with the timestamps arrives. 2007 */ 2008 if (iwl_mld_time_sync_frame(mld, skb, hdr->addr2)) 2009 goto out; 2010 2011 reorder_res = iwl_mld_reorder(mld, napi, queue, sta, skb, mpdu_desc); 2012 switch (reorder_res) { 2013 case IWL_MLD_PASS_SKB: 2014 break; 2015 case IWL_MLD_DROP_SKB: 2016 goto drop; 2017 case IWL_MLD_BUFFERED_SKB: 2018 goto out; 2019 default: 2020 WARN_ON(1); 2021 goto drop; 2022 } 2023 2024 iwl_mld_pass_packet_to_mac80211(mld, napi, skb, queue, sta); 2025 2026 goto out; 2027 2028 drop: 2029 kfree_skb(skb); 2030 out: 2031 rcu_read_unlock(); 2032 } 2033 2034 #define SYNC_RX_QUEUE_TIMEOUT (HZ) 2035 void iwl_mld_sync_rx_queues(struct iwl_mld *mld, 2036 enum iwl_mld_internal_rxq_notif_type type, 2037 const void *notif_payload, u32 notif_payload_size) 2038 { 2039 u8 num_rx_queues = mld->trans->info.num_rxqs; 2040 struct { 2041 struct iwl_rxq_sync_cmd sync_cmd; 2042 struct iwl_mld_internal_rxq_notif notif; 2043 } __packed cmd = { 2044 .sync_cmd.rxq_mask = cpu_to_le32(BIT(num_rx_queues) - 1), 2045 .sync_cmd.count = 2046 cpu_to_le32(sizeof(struct iwl_mld_internal_rxq_notif) + 2047 notif_payload_size), 2048 .notif.type = type, 2049 .notif.cookie = mld->rxq_sync.cookie, 2050 }; 2051 struct iwl_host_cmd hcmd = { 2052 .id = WIDE_ID(DATA_PATH_GROUP, TRIGGER_RX_QUEUES_NOTIF_CMD), 2053 .data[0] = &cmd, 2054 .len[0] = sizeof(cmd), 2055 .data[1] = notif_payload, 2056 .len[1] = notif_payload_size, 2057 }; 2058 int ret; 2059 2060 /* size must be a multiple of DWORD */ 2061 if (WARN_ON(cmd.sync_cmd.count & cpu_to_le32(3))) 2062 return; 2063 2064 mld->rxq_sync.state = (1 << num_rx_queues) - 1; 2065 2066 ret = iwl_mld_send_cmd(mld, &hcmd); 2067 if (ret) { 2068 IWL_ERR(mld, "Failed to trigger RX queues sync (%d)\n", ret); 2069 goto out; 2070 } 2071 2072 ret = wait_event_timeout(mld->rxq_sync.waitq, 2073 READ_ONCE(mld->rxq_sync.state) == 0, 2074 SYNC_RX_QUEUE_TIMEOUT); 2075 WARN_ONCE(!ret, "RXQ sync failed: state=0x%lx, cookie=%d\n", 2076 mld->rxq_sync.state, mld->rxq_sync.cookie); 2077 2078 out: 2079 mld->rxq_sync.state = 0; 2080 mld->rxq_sync.cookie++; 2081 } 2082 2083 void iwl_mld_handle_rx_queues_sync_notif(struct iwl_mld *mld, 2084 struct napi_struct *napi, 2085 struct iwl_rx_packet *pkt, int queue) 2086 { 2087 struct iwl_rxq_sync_notification *notif; 2088 struct iwl_mld_internal_rxq_notif *internal_notif; 2089 u32 len = iwl_rx_packet_payload_len(pkt); 2090 size_t combined_notif_len = sizeof(*notif) + sizeof(*internal_notif); 2091 2092 notif = (void *)pkt->data; 2093 internal_notif = (void *)notif->payload; 2094 2095 if (IWL_FW_CHECK(mld, len < combined_notif_len, 2096 "invalid notification size %u (%zu)\n", 2097 len, combined_notif_len)) 2098 return; 2099 2100 len -= combined_notif_len; 2101 2102 if (IWL_FW_CHECK(mld, mld->rxq_sync.cookie != internal_notif->cookie, 2103 "received expired RX queue sync message (cookie=%d expected=%d q[%d])\n", 2104 internal_notif->cookie, mld->rxq_sync.cookie, queue)) 2105 return; 2106 2107 switch (internal_notif->type) { 2108 case IWL_MLD_RXQ_EMPTY: 2109 IWL_FW_CHECK(mld, len, 2110 "invalid empty notification size %d\n", len); 2111 break; 2112 case IWL_MLD_RXQ_NOTIF_DEL_BA: 2113 if (IWL_FW_CHECK(mld, len != sizeof(struct iwl_mld_delba_data), 2114 "invalid delba notification size %u (%zu)\n", 2115 len, sizeof(struct iwl_mld_delba_data))) 2116 break; 2117 iwl_mld_del_ba(mld, queue, (void *)internal_notif->payload); 2118 break; 2119 default: 2120 WARN_ON_ONCE(1); 2121 } 2122 2123 IWL_FW_CHECK(mld, !test_and_clear_bit(queue, &mld->rxq_sync.state), 2124 "RXQ sync: queue %d responded a second time!\n", queue); 2125 2126 if (READ_ONCE(mld->rxq_sync.state) == 0) 2127 wake_up(&mld->rxq_sync.waitq); 2128 } 2129 2130 static void iwl_mld_no_data_rx(struct iwl_mld *mld, 2131 struct napi_struct *napi, 2132 struct iwl_rx_phy_air_sniffer_ntfy *ntfy) 2133 { 2134 struct ieee80211_rx_status *rx_status; 2135 struct iwl_mld_rx_phy_data phy_data = { 2136 .ntfy = ntfy, 2137 .phy_info = 0, /* short preamble set below */ 2138 .rate_n_flags = le32_to_cpu(ntfy->rate), 2139 .gp2_on_air_rise = le32_to_cpu(ntfy->on_air_rise_time), 2140 .energy_a = ntfy->rssi_a, 2141 .energy_b = ntfy->rssi_b, 2142 }; 2143 u32 format = phy_data.rate_n_flags & RATE_MCS_MOD_TYPE_MSK; 2144 struct sk_buff *skb; 2145 2146 skb = alloc_skb(128 + sizeof(struct iwl_rx_phy_air_sniffer_ntfy), 2147 GFP_ATOMIC); 2148 if (!skb) 2149 return; 2150 2151 rx_status = IEEE80211_SKB_RXCB(skb); 2152 2153 /* 0-length PSDU */ 2154 rx_status->flag |= RX_FLAG_NO_PSDU; 2155 2156 switch (ntfy->status) { 2157 case IWL_SNIF_STAT_PLCP_RX_OK: 2158 /* we only get here with sounding PPDUs */ 2159 rx_status->zero_length_psdu_type = 2160 IEEE80211_RADIOTAP_ZERO_LEN_PSDU_SOUNDING; 2161 break; 2162 case IWL_SNIF_STAT_AID_NOT_FOR_US: 2163 rx_status->zero_length_psdu_type = 2164 IEEE80211_RADIOTAP_ZERO_LEN_PSDU_NOT_CAPTURED; 2165 break; 2166 case IWL_SNIF_STAT_PLCP_RX_LSIG_ERR: 2167 case IWL_SNIF_STAT_PLCP_RX_SIGA_ERR: 2168 case IWL_SNIF_STAT_PLCP_RX_SIGB_ERR: 2169 case IWL_SNIF_STAT_UNKNOWN_ERROR: 2170 default: 2171 rx_status->flag |= RX_FLAG_FAILED_PLCP_CRC; 2172 fallthrough; 2173 case IWL_SNIF_STAT_UNEXPECTED_TB: 2174 case IWL_SNIF_STAT_UNSUPPORTED_RATE: 2175 rx_status->zero_length_psdu_type = 2176 IEEE80211_RADIOTAP_ZERO_LEN_PSDU_VENDOR; 2177 /* we could include the real reason in a vendor TLV */ 2178 } 2179 2180 if (format == RATE_MCS_MOD_TYPE_CCK && 2181 ntfy->legacy_sig.cck & cpu_to_le32(CCK_CRFR_SHORT_PREAMBLE)) 2182 phy_data.phy_info |= IWL_RX_MPDU_PHY_SHORT_PREAMBLE; 2183 2184 iwl_mld_fill_rx_status_band_freq(IEEE80211_SKB_RXCB(skb), 2185 ntfy->band, ntfy->channel); 2186 2187 /* link ID is ignored for NULL header */ 2188 iwl_mld_rx_fill_status(mld, -1, NULL, skb, &phy_data); 2189 2190 /* No more radiotap info should be added after this point. 2191 * Mark it as mac header for upper layers to know where 2192 * the radiotap header ends. 2193 */ 2194 skb_set_mac_header(skb, skb->len); 2195 2196 /* pass the packet to mac80211 */ 2197 rcu_read_lock(); 2198 ieee80211_rx_napi(mld->hw, NULL, skb, napi); 2199 rcu_read_unlock(); 2200 } 2201 2202 void iwl_mld_handle_phy_air_sniffer_notif(struct iwl_mld *mld, 2203 struct napi_struct *napi, 2204 struct iwl_rx_packet *pkt) 2205 { 2206 struct iwl_rx_phy_air_sniffer_ntfy *ntfy = (void *)pkt->data; 2207 bool is_ndp = false; 2208 u32 he_type; 2209 2210 if (IWL_FW_CHECK(mld, iwl_rx_packet_payload_len(pkt) < sizeof(*ntfy), 2211 "invalid air sniffer notification size\n")) 2212 return; 2213 2214 /* check if there's an old one to release as errored */ 2215 if (mld->monitor.phy.valid && !mld->monitor.phy.used) { 2216 /* didn't capture data, so override status */ 2217 mld->monitor.phy.data.status = IWL_SNIF_STAT_AID_NOT_FOR_US; 2218 iwl_mld_no_data_rx(mld, napi, &mld->monitor.phy.data); 2219 } 2220 2221 /* old data is no longer valid now */ 2222 mld->monitor.phy.valid = false; 2223 2224 he_type = le32_to_cpu(ntfy->rate) & RATE_MCS_HE_TYPE_MSK; 2225 2226 switch (le32_to_cpu(ntfy->rate) & RATE_MCS_MOD_TYPE_MSK) { 2227 case RATE_MCS_MOD_TYPE_HT: 2228 is_ndp = !le32_get_bits(ntfy->sigs.ht.a1, 2229 OFDM_RX_FRAME_HT_LENGTH); 2230 break; 2231 case RATE_MCS_MOD_TYPE_VHT: 2232 is_ndp = le32_get_bits(ntfy->sigs.vht.a0, 2233 OFDM_RX_FRAME_VHT_NUM_OF_DATA_SYM_VALID) && 2234 !le32_get_bits(ntfy->sigs.vht.a0, 2235 OFDM_RX_FRAME_VHT_NUM_OF_DATA_SYM); 2236 break; 2237 case RATE_MCS_MOD_TYPE_HE: 2238 if (he_type == RATE_MCS_HE_TYPE_TRIG) 2239 break; 2240 is_ndp = le32_get_bits(ntfy->sigs.he.a3, 2241 OFDM_RX_FRAME_HE_NUM_OF_DATA_SYM_VALID) && 2242 !le32_get_bits(ntfy->sigs.he.a3, 2243 OFDM_RX_FRAME_HE_NUM_OF_DATA_SYM); 2244 break; 2245 case RATE_MCS_MOD_TYPE_EHT: 2246 if (he_type == RATE_MCS_HE_TYPE_TRIG) 2247 break; 2248 is_ndp = le32_get_bits(ntfy->sigs.eht.sig2, 2249 OFDM_RX_FRAME_EHT_NUM_OF_DATA_SYM_VALID) && 2250 !le32_get_bits(ntfy->sigs.eht.sig2, 2251 OFDM_RX_FRAME_EHT_NUM_OF_DATA_SYM); 2252 break; 2253 } 2254 2255 if (ntfy->status != IWL_SNIF_STAT_PLCP_RX_OK || is_ndp) { 2256 iwl_mld_no_data_rx(mld, napi, ntfy); 2257 return; 2258 } 2259 2260 /* hang on to it for the RX_MPDU data packet(s) */ 2261 mld->monitor.phy.data = *ntfy; 2262 mld->monitor.phy.valid = true; 2263 mld->monitor.phy.used = false; 2264 } 2265