1 /****************************************************************************** 2 * 3 * This file is provided under a dual BSD/GPLv2 license. When using or 4 * redistributing this file, you may do so under either license. 5 * 6 * GPL LICENSE SUMMARY 7 * 8 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 9 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of version 2 of the GNU General Public License as 13 * published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 23 * USA 24 * 25 * The full GNU General Public License is included in this distribution 26 * in the file called COPYING. 27 * 28 * Contact Information: 29 * Intel Linux Wireless <linuxwifi@intel.com> 30 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 31 * 32 * BSD LICENSE 33 * 34 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 35 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 42 * * Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * * Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in 46 * the documentation and/or other materials provided with the 47 * distribution. 48 * * Neither the name Intel Corporation nor the names of its 49 * contributors may be used to endorse or promote products derived 50 * from this software without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 53 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 54 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 55 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 56 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 58 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 59 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 60 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 61 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 62 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 63 * 64 *****************************************************************************/ 65 #include <linux/ieee80211.h> 66 #include <linux/etherdevice.h> 67 #include <linux/tcp.h> 68 69 #include "iwl-trans.h" 70 #include "iwl-eeprom-parse.h" 71 #include "mvm.h" 72 #include "sta.h" 73 #include "fw-dbg.h" 74 75 static void 76 iwl_mvm_bar_check_trigger(struct iwl_mvm *mvm, const u8 *addr, 77 u16 tid, u16 ssn) 78 { 79 struct iwl_fw_dbg_trigger_tlv *trig; 80 struct iwl_fw_dbg_trigger_ba *ba_trig; 81 82 if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_BA)) 83 return; 84 85 trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_BA); 86 ba_trig = (void *)trig->data; 87 88 if (!iwl_fw_dbg_trigger_check_stop(mvm, NULL, trig)) 89 return; 90 91 if (!(le16_to_cpu(ba_trig->tx_bar) & BIT(tid))) 92 return; 93 94 iwl_mvm_fw_dbg_collect_trig(mvm, trig, 95 "BAR sent to %pM, tid %d, ssn %d", 96 addr, tid, ssn); 97 } 98 99 /* 100 * Sets most of the Tx cmd's fields 101 */ 102 void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb, 103 struct iwl_tx_cmd *tx_cmd, 104 struct ieee80211_tx_info *info, u8 sta_id) 105 { 106 struct ieee80211_hdr *hdr = (void *)skb->data; 107 __le16 fc = hdr->frame_control; 108 u32 tx_flags = le32_to_cpu(tx_cmd->tx_flags); 109 u32 len = skb->len + FCS_LEN; 110 u8 ac; 111 112 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK)) 113 tx_flags |= TX_CMD_FLG_ACK; 114 else 115 tx_flags &= ~TX_CMD_FLG_ACK; 116 117 if (ieee80211_is_probe_resp(fc)) 118 tx_flags |= TX_CMD_FLG_TSF; 119 120 if (ieee80211_has_morefrags(fc)) 121 tx_flags |= TX_CMD_FLG_MORE_FRAG; 122 123 if (ieee80211_is_data_qos(fc)) { 124 u8 *qc = ieee80211_get_qos_ctl(hdr); 125 tx_cmd->tid_tspec = qc[0] & 0xf; 126 tx_flags &= ~TX_CMD_FLG_SEQ_CTL; 127 } else if (ieee80211_is_back_req(fc)) { 128 struct ieee80211_bar *bar = (void *)skb->data; 129 u16 control = le16_to_cpu(bar->control); 130 u16 ssn = le16_to_cpu(bar->start_seq_num); 131 132 tx_flags |= TX_CMD_FLG_ACK | TX_CMD_FLG_BAR; 133 tx_cmd->tid_tspec = (control & 134 IEEE80211_BAR_CTRL_TID_INFO_MASK) >> 135 IEEE80211_BAR_CTRL_TID_INFO_SHIFT; 136 WARN_ON_ONCE(tx_cmd->tid_tspec >= IWL_MAX_TID_COUNT); 137 iwl_mvm_bar_check_trigger(mvm, bar->ra, tx_cmd->tid_tspec, 138 ssn); 139 } else { 140 tx_cmd->tid_tspec = IWL_TID_NON_QOS; 141 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) 142 tx_flags |= TX_CMD_FLG_SEQ_CTL; 143 else 144 tx_flags &= ~TX_CMD_FLG_SEQ_CTL; 145 } 146 147 /* Default to 0 (BE) when tid_spec is set to IWL_TID_NON_QOS */ 148 if (tx_cmd->tid_tspec < IWL_MAX_TID_COUNT) 149 ac = tid_to_mac80211_ac[tx_cmd->tid_tspec]; 150 else 151 ac = tid_to_mac80211_ac[0]; 152 153 tx_flags |= iwl_mvm_bt_coex_tx_prio(mvm, hdr, info, ac) << 154 TX_CMD_FLG_BT_PRIO_POS; 155 156 if (ieee80211_is_mgmt(fc)) { 157 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc)) 158 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_ASSOC); 159 else if (ieee80211_is_action(fc)) 160 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE); 161 else 162 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT); 163 164 /* The spec allows Action frames in A-MPDU, we don't support 165 * it 166 */ 167 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU); 168 } else if (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) { 169 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT); 170 } else { 171 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE); 172 } 173 174 if (ieee80211_is_data(fc) && len > mvm->rts_threshold && 175 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) 176 tx_flags |= TX_CMD_FLG_PROT_REQUIRE; 177 178 if (fw_has_capa(&mvm->fw->ucode_capa, 179 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT) && 180 ieee80211_action_contains_tpc(skb)) 181 tx_flags |= TX_CMD_FLG_WRITE_TX_POWER; 182 183 tx_cmd->tx_flags = cpu_to_le32(tx_flags); 184 /* Total # bytes to be transmitted */ 185 tx_cmd->len = cpu_to_le16((u16)skb->len); 186 tx_cmd->next_frame_len = 0; 187 tx_cmd->life_time = cpu_to_le32(TX_CMD_LIFE_TIME_INFINITE); 188 tx_cmd->sta_id = sta_id; 189 } 190 191 /* 192 * Sets the fields in the Tx cmd that are rate related 193 */ 194 void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd, 195 struct ieee80211_tx_info *info, 196 struct ieee80211_sta *sta, __le16 fc) 197 { 198 u32 rate_flags; 199 int rate_idx; 200 u8 rate_plcp; 201 202 /* Set retry limit on RTS packets */ 203 tx_cmd->rts_retry_limit = IWL_RTS_DFAULT_RETRY_LIMIT; 204 205 /* Set retry limit on DATA packets and Probe Responses*/ 206 if (ieee80211_is_probe_resp(fc)) { 207 tx_cmd->data_retry_limit = IWL_MGMT_DFAULT_RETRY_LIMIT; 208 tx_cmd->rts_retry_limit = 209 min(tx_cmd->data_retry_limit, tx_cmd->rts_retry_limit); 210 } else if (ieee80211_is_back_req(fc)) { 211 tx_cmd->data_retry_limit = IWL_BAR_DFAULT_RETRY_LIMIT; 212 } else { 213 tx_cmd->data_retry_limit = IWL_DEFAULT_TX_RETRY; 214 } 215 216 /* 217 * for data packets, rate info comes from the table inside the fw. This 218 * table is controlled by LINK_QUALITY commands 219 */ 220 221 if (ieee80211_is_data(fc) && sta) { 222 tx_cmd->initial_rate_index = 0; 223 tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE); 224 return; 225 } else if (ieee80211_is_back_req(fc)) { 226 tx_cmd->tx_flags |= 227 cpu_to_le32(TX_CMD_FLG_ACK | TX_CMD_FLG_BAR); 228 } 229 230 /* HT rate doesn't make sense for a non data frame */ 231 WARN_ONCE(info->control.rates[0].flags & IEEE80211_TX_RC_MCS, 232 "Got an HT rate (flags:0x%x/mcs:%d) for a non data frame (fc:0x%x)\n", 233 info->control.rates[0].flags, 234 info->control.rates[0].idx, 235 le16_to_cpu(fc)); 236 237 rate_idx = info->control.rates[0].idx; 238 /* if the rate isn't a well known legacy rate, take the lowest one */ 239 if (rate_idx < 0 || rate_idx > IWL_RATE_COUNT_LEGACY) 240 rate_idx = rate_lowest_index( 241 &mvm->nvm_data->bands[info->band], sta); 242 243 /* For 5 GHZ band, remap mac80211 rate indices into driver indices */ 244 if (info->band == IEEE80211_BAND_5GHZ) 245 rate_idx += IWL_FIRST_OFDM_RATE; 246 247 /* For 2.4 GHZ band, check that there is no need to remap */ 248 BUILD_BUG_ON(IWL_FIRST_CCK_RATE != 0); 249 250 /* Get PLCP rate for tx_cmd->rate_n_flags */ 251 rate_plcp = iwl_mvm_mac80211_idx_to_hwrate(rate_idx); 252 253 mvm->mgmt_last_antenna_idx = 254 iwl_mvm_next_antenna(mvm, iwl_mvm_get_valid_tx_ant(mvm), 255 mvm->mgmt_last_antenna_idx); 256 257 if (info->band == IEEE80211_BAND_2GHZ && 258 !iwl_mvm_bt_coex_is_shared_ant_avail(mvm)) 259 rate_flags = mvm->cfg->non_shared_ant << RATE_MCS_ANT_POS; 260 else 261 rate_flags = 262 BIT(mvm->mgmt_last_antenna_idx) << RATE_MCS_ANT_POS; 263 264 /* Set CCK flag as needed */ 265 if ((rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE)) 266 rate_flags |= RATE_MCS_CCK_MSK; 267 268 /* Set the rate in the TX cmd */ 269 tx_cmd->rate_n_flags = cpu_to_le32((u32)rate_plcp | rate_flags); 270 } 271 272 /* 273 * Sets the fields in the Tx cmd that are crypto related 274 */ 275 static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm, 276 struct ieee80211_tx_info *info, 277 struct iwl_tx_cmd *tx_cmd, 278 struct sk_buff *skb_frag, 279 int hdrlen) 280 { 281 struct ieee80211_key_conf *keyconf = info->control.hw_key; 282 u8 *crypto_hdr = skb_frag->data + hdrlen; 283 u64 pn; 284 285 switch (keyconf->cipher) { 286 case WLAN_CIPHER_SUITE_CCMP: 287 case WLAN_CIPHER_SUITE_CCMP_256: 288 iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd); 289 pn = atomic64_inc_return(&keyconf->tx_pn); 290 crypto_hdr[0] = pn; 291 crypto_hdr[2] = 0; 292 crypto_hdr[3] = 0x20 | (keyconf->keyidx << 6); 293 crypto_hdr[1] = pn >> 8; 294 crypto_hdr[4] = pn >> 16; 295 crypto_hdr[5] = pn >> 24; 296 crypto_hdr[6] = pn >> 32; 297 crypto_hdr[7] = pn >> 40; 298 break; 299 300 case WLAN_CIPHER_SUITE_TKIP: 301 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP; 302 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key); 303 break; 304 305 case WLAN_CIPHER_SUITE_WEP104: 306 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128; 307 /* fall through */ 308 case WLAN_CIPHER_SUITE_WEP40: 309 tx_cmd->sec_ctl |= TX_CMD_SEC_WEP | 310 ((keyconf->keyidx << TX_CMD_SEC_WEP_KEY_IDX_POS) & 311 TX_CMD_SEC_WEP_KEY_IDX_MSK); 312 313 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen); 314 break; 315 default: 316 tx_cmd->sec_ctl |= TX_CMD_SEC_EXT; 317 } 318 } 319 320 /* 321 * Allocates and sets the Tx cmd the driver data pointers in the skb 322 */ 323 static struct iwl_device_cmd * 324 iwl_mvm_set_tx_params(struct iwl_mvm *mvm, struct sk_buff *skb, 325 int hdrlen, struct ieee80211_sta *sta, u8 sta_id) 326 { 327 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 328 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 329 struct iwl_device_cmd *dev_cmd; 330 struct iwl_tx_cmd *tx_cmd; 331 332 dev_cmd = iwl_trans_alloc_tx_cmd(mvm->trans); 333 334 if (unlikely(!dev_cmd)) 335 return NULL; 336 337 memset(dev_cmd, 0, sizeof(*dev_cmd)); 338 dev_cmd->hdr.cmd = TX_CMD; 339 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 340 341 if (info->control.hw_key) 342 iwl_mvm_set_tx_cmd_crypto(mvm, info, tx_cmd, skb, hdrlen); 343 344 iwl_mvm_set_tx_cmd(mvm, skb, tx_cmd, info, sta_id); 345 346 iwl_mvm_set_tx_cmd_rate(mvm, tx_cmd, info, sta, hdr->frame_control); 347 348 memset(&info->status, 0, sizeof(info->status)); 349 memset(info->driver_data, 0, sizeof(info->driver_data)); 350 351 info->driver_data[1] = dev_cmd; 352 353 return dev_cmd; 354 } 355 356 int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb) 357 { 358 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 359 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 360 struct iwl_device_cmd *dev_cmd; 361 struct iwl_tx_cmd *tx_cmd; 362 u8 sta_id; 363 int hdrlen = ieee80211_hdrlen(hdr->frame_control); 364 365 if (WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU)) 366 return -1; 367 368 if (WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM && 369 (!info->control.vif || 370 info->hw_queue != info->control.vif->cab_queue))) 371 return -1; 372 373 /* 374 * IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets that can be used 375 * in 2 different types of vifs, P2P & STATION. P2P uses the offchannel 376 * queue. STATION (HS2.0) uses the auxiliary context of the FW, 377 * and hence needs to be sent on the aux queue 378 */ 379 if (IEEE80211_SKB_CB(skb)->hw_queue == IWL_MVM_OFFCHANNEL_QUEUE && 380 info->control.vif->type == NL80211_IFTYPE_STATION) 381 IEEE80211_SKB_CB(skb)->hw_queue = mvm->aux_queue; 382 383 /* 384 * If the interface on which the frame is sent is the P2P_DEVICE 385 * or an AP/GO interface use the broadcast station associated 386 * with it; otherwise if the interface is a managed interface 387 * use the AP station associated with it for multicast traffic 388 * (this is not possible for unicast packets as a TLDS discovery 389 * response are sent without a station entry); otherwise use the 390 * AUX station. 391 */ 392 sta_id = mvm->aux_sta.sta_id; 393 if (info->control.vif) { 394 struct iwl_mvm_vif *mvmvif = 395 iwl_mvm_vif_from_mac80211(info->control.vif); 396 397 if (info->control.vif->type == NL80211_IFTYPE_P2P_DEVICE || 398 info->control.vif->type == NL80211_IFTYPE_AP) 399 sta_id = mvmvif->bcast_sta.sta_id; 400 else if (info->control.vif->type == NL80211_IFTYPE_STATION && 401 is_multicast_ether_addr(hdr->addr1)) { 402 u8 ap_sta_id = ACCESS_ONCE(mvmvif->ap_sta_id); 403 404 if (ap_sta_id != IWL_MVM_STATION_COUNT) 405 sta_id = ap_sta_id; 406 } 407 } 408 409 IWL_DEBUG_TX(mvm, "station Id %d, queue=%d\n", sta_id, info->hw_queue); 410 411 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, hdrlen, NULL, sta_id); 412 if (!dev_cmd) 413 return -1; 414 415 /* From now on, we cannot access info->control */ 416 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 417 418 /* Copy MAC header from skb into command buffer */ 419 memcpy(tx_cmd->hdr, hdr, hdrlen); 420 421 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, info->hw_queue)) { 422 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); 423 return -1; 424 } 425 426 /* 427 * Increase the pending frames counter, so that later when a reply comes 428 * in and the counter is decreased - we don't start getting negative 429 * values. 430 * Note that we don't need to make sure it isn't agg'd, since we're 431 * TXing non-sta 432 */ 433 atomic_inc(&mvm->pending_frames[sta_id]); 434 435 return 0; 436 } 437 438 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb_gso, 439 struct ieee80211_sta *sta, 440 struct sk_buff_head *mpdus_skb) 441 { 442 struct sk_buff *tmp, *next; 443 char cb[sizeof(skb_gso->cb)]; 444 445 memcpy(cb, skb_gso->cb, sizeof(cb)); 446 next = skb_gso_segment(skb_gso, 0); 447 if (IS_ERR(next)) 448 return -EINVAL; 449 else if (next) 450 consume_skb(skb_gso); 451 452 while (next) { 453 tmp = next; 454 next = tmp->next; 455 memcpy(tmp->cb, cb, sizeof(tmp->cb)); 456 457 tmp->prev = NULL; 458 tmp->next = NULL; 459 460 __skb_queue_tail(mpdus_skb, tmp); 461 } 462 463 return 0; 464 } 465 466 /* 467 * Sets the fields in the Tx cmd that are crypto related 468 */ 469 static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb, 470 struct ieee80211_sta *sta) 471 { 472 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 473 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 474 struct iwl_mvm_sta *mvmsta; 475 struct iwl_device_cmd *dev_cmd; 476 struct iwl_tx_cmd *tx_cmd; 477 __le16 fc; 478 u16 seq_number = 0; 479 u8 tid = IWL_MAX_TID_COUNT; 480 u8 txq_id = info->hw_queue; 481 bool is_data_qos = false, is_ampdu = false; 482 int hdrlen; 483 484 mvmsta = iwl_mvm_sta_from_mac80211(sta); 485 fc = hdr->frame_control; 486 hdrlen = ieee80211_hdrlen(fc); 487 488 if (WARN_ON_ONCE(!mvmsta)) 489 return -1; 490 491 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_STATION_COUNT)) 492 return -1; 493 494 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, hdrlen, sta, mvmsta->sta_id); 495 if (!dev_cmd) 496 goto drop; 497 498 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 499 /* From now on, we cannot access info->control */ 500 501 /* 502 * we handle that entirely ourselves -- for uAPSD the firmware 503 * will always send a notification, and for PS-Poll responses 504 * we'll notify mac80211 when getting frame status 505 */ 506 info->flags &= ~IEEE80211_TX_STATUS_EOSP; 507 508 spin_lock(&mvmsta->lock); 509 510 if (ieee80211_is_data_qos(fc) && !ieee80211_is_qos_nullfunc(fc)) { 511 u8 *qc = NULL; 512 qc = ieee80211_get_qos_ctl(hdr); 513 tid = qc[0] & IEEE80211_QOS_CTL_TID_MASK; 514 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT)) 515 goto drop_unlock_sta; 516 517 seq_number = mvmsta->tid_data[tid].seq_number; 518 seq_number &= IEEE80211_SCTL_SEQ; 519 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); 520 hdr->seq_ctrl |= cpu_to_le16(seq_number); 521 is_data_qos = true; 522 is_ampdu = info->flags & IEEE80211_TX_CTL_AMPDU; 523 } 524 525 /* Copy MAC header from skb into command buffer */ 526 memcpy(tx_cmd->hdr, hdr, hdrlen); 527 528 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM); 529 530 if (sta->tdls) { 531 /* default to TID 0 for non-QoS packets */ 532 u8 tdls_tid = tid == IWL_MAX_TID_COUNT ? 0 : tid; 533 534 txq_id = mvmsta->hw_queue[tid_to_mac80211_ac[tdls_tid]]; 535 } 536 537 if (is_ampdu) { 538 if (WARN_ON_ONCE(mvmsta->tid_data[tid].state != IWL_AGG_ON)) 539 goto drop_unlock_sta; 540 txq_id = mvmsta->tid_data[tid].txq_id; 541 } 542 543 IWL_DEBUG_TX(mvm, "TX to [%d|%d] Q:%d - seq: 0x%x\n", mvmsta->sta_id, 544 tid, txq_id, IEEE80211_SEQ_TO_SN(seq_number)); 545 546 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, txq_id)) 547 goto drop_unlock_sta; 548 549 if (is_data_qos && !ieee80211_has_morefrags(fc)) 550 mvmsta->tid_data[tid].seq_number = seq_number + 0x10; 551 552 spin_unlock(&mvmsta->lock); 553 554 if (txq_id < mvm->first_agg_queue) 555 atomic_inc(&mvm->pending_frames[mvmsta->sta_id]); 556 557 return 0; 558 559 drop_unlock_sta: 560 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); 561 spin_unlock(&mvmsta->lock); 562 drop: 563 return -1; 564 } 565 566 int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, 567 struct ieee80211_sta *sta) 568 { 569 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 570 struct sk_buff_head mpdus_skbs; 571 unsigned int payload_len; 572 int ret; 573 574 if (WARN_ON_ONCE(!mvmsta)) 575 return -1; 576 577 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_STATION_COUNT)) 578 return -1; 579 580 if (!skb_is_gso(skb)) 581 return iwl_mvm_tx_mpdu(mvm, skb, sta); 582 583 payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) - 584 tcp_hdrlen(skb) + skb->data_len; 585 586 if (payload_len <= skb_shinfo(skb)->gso_size) 587 return iwl_mvm_tx_mpdu(mvm, skb, sta); 588 589 __skb_queue_head_init(&mpdus_skbs); 590 591 ret = iwl_mvm_tx_tso(mvm, skb, sta, &mpdus_skbs); 592 if (ret) 593 return ret; 594 595 if (WARN_ON(skb_queue_empty(&mpdus_skbs))) 596 return ret; 597 598 while (!skb_queue_empty(&mpdus_skbs)) { 599 struct sk_buff *skb = __skb_dequeue(&mpdus_skbs); 600 601 ret = iwl_mvm_tx_mpdu(mvm, skb, sta); 602 if (ret) { 603 __skb_queue_purge(&mpdus_skbs); 604 return ret; 605 } 606 } 607 608 return 0; 609 } 610 611 static void iwl_mvm_check_ratid_empty(struct iwl_mvm *mvm, 612 struct ieee80211_sta *sta, u8 tid) 613 { 614 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 615 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 616 struct ieee80211_vif *vif = mvmsta->vif; 617 618 lockdep_assert_held(&mvmsta->lock); 619 620 if ((tid_data->state == IWL_AGG_ON || 621 tid_data->state == IWL_EMPTYING_HW_QUEUE_DELBA) && 622 iwl_mvm_tid_queued(tid_data) == 0) { 623 /* 624 * Now that this aggregation queue is empty tell mac80211 so it 625 * knows we no longer have frames buffered for the station on 626 * this TID (for the TIM bitmap calculation.) 627 */ 628 ieee80211_sta_set_buffered(sta, tid, false); 629 } 630 631 if (tid_data->ssn != tid_data->next_reclaimed) 632 return; 633 634 switch (tid_data->state) { 635 case IWL_EMPTYING_HW_QUEUE_ADDBA: 636 IWL_DEBUG_TX_QUEUES(mvm, 637 "Can continue addBA flow ssn = next_recl = %d\n", 638 tid_data->next_reclaimed); 639 tid_data->state = IWL_AGG_STARTING; 640 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid); 641 break; 642 643 case IWL_EMPTYING_HW_QUEUE_DELBA: 644 IWL_DEBUG_TX_QUEUES(mvm, 645 "Can continue DELBA flow ssn = next_recl = %d\n", 646 tid_data->next_reclaimed); 647 iwl_mvm_disable_txq(mvm, tid_data->txq_id, 648 vif->hw_queue[tid_to_mac80211_ac[tid]], tid, 649 CMD_ASYNC); 650 tid_data->state = IWL_AGG_OFF; 651 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 652 break; 653 654 default: 655 break; 656 } 657 } 658 659 #ifdef CONFIG_IWLWIFI_DEBUG 660 const char *iwl_mvm_get_tx_fail_reason(u32 status) 661 { 662 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x 663 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x 664 665 switch (status & TX_STATUS_MSK) { 666 case TX_STATUS_SUCCESS: 667 return "SUCCESS"; 668 TX_STATUS_POSTPONE(DELAY); 669 TX_STATUS_POSTPONE(FEW_BYTES); 670 TX_STATUS_POSTPONE(BT_PRIO); 671 TX_STATUS_POSTPONE(QUIET_PERIOD); 672 TX_STATUS_POSTPONE(CALC_TTAK); 673 TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY); 674 TX_STATUS_FAIL(SHORT_LIMIT); 675 TX_STATUS_FAIL(LONG_LIMIT); 676 TX_STATUS_FAIL(UNDERRUN); 677 TX_STATUS_FAIL(DRAIN_FLOW); 678 TX_STATUS_FAIL(RFKILL_FLUSH); 679 TX_STATUS_FAIL(LIFE_EXPIRE); 680 TX_STATUS_FAIL(DEST_PS); 681 TX_STATUS_FAIL(HOST_ABORTED); 682 TX_STATUS_FAIL(BT_RETRY); 683 TX_STATUS_FAIL(STA_INVALID); 684 TX_STATUS_FAIL(FRAG_DROPPED); 685 TX_STATUS_FAIL(TID_DISABLE); 686 TX_STATUS_FAIL(FIFO_FLUSHED); 687 TX_STATUS_FAIL(SMALL_CF_POLL); 688 TX_STATUS_FAIL(FW_DROP); 689 TX_STATUS_FAIL(STA_COLOR_MISMATCH); 690 } 691 692 return "UNKNOWN"; 693 694 #undef TX_STATUS_FAIL 695 #undef TX_STATUS_POSTPONE 696 } 697 #endif /* CONFIG_IWLWIFI_DEBUG */ 698 699 void iwl_mvm_hwrate_to_tx_rate(u32 rate_n_flags, 700 enum ieee80211_band band, 701 struct ieee80211_tx_rate *r) 702 { 703 if (rate_n_flags & RATE_HT_MCS_GF_MSK) 704 r->flags |= IEEE80211_TX_RC_GREEN_FIELD; 705 switch (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) { 706 case RATE_MCS_CHAN_WIDTH_20: 707 break; 708 case RATE_MCS_CHAN_WIDTH_40: 709 r->flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; 710 break; 711 case RATE_MCS_CHAN_WIDTH_80: 712 r->flags |= IEEE80211_TX_RC_80_MHZ_WIDTH; 713 break; 714 case RATE_MCS_CHAN_WIDTH_160: 715 r->flags |= IEEE80211_TX_RC_160_MHZ_WIDTH; 716 break; 717 } 718 if (rate_n_flags & RATE_MCS_SGI_MSK) 719 r->flags |= IEEE80211_TX_RC_SHORT_GI; 720 if (rate_n_flags & RATE_MCS_HT_MSK) { 721 r->flags |= IEEE80211_TX_RC_MCS; 722 r->idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK; 723 } else if (rate_n_flags & RATE_MCS_VHT_MSK) { 724 ieee80211_rate_set_vht( 725 r, rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK, 726 ((rate_n_flags & RATE_VHT_MCS_NSS_MSK) >> 727 RATE_VHT_MCS_NSS_POS) + 1); 728 r->flags |= IEEE80211_TX_RC_VHT_MCS; 729 } else { 730 r->idx = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags, 731 band); 732 } 733 } 734 735 /** 736 * translate ucode response to mac80211 tx status control values 737 */ 738 static void iwl_mvm_hwrate_to_tx_status(u32 rate_n_flags, 739 struct ieee80211_tx_info *info) 740 { 741 struct ieee80211_tx_rate *r = &info->status.rates[0]; 742 743 info->status.antenna = 744 ((rate_n_flags & RATE_MCS_ANT_ABC_MSK) >> RATE_MCS_ANT_POS); 745 iwl_mvm_hwrate_to_tx_rate(rate_n_flags, info->band, r); 746 } 747 748 static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm, 749 struct iwl_rx_packet *pkt) 750 { 751 struct ieee80211_sta *sta; 752 u16 sequence = le16_to_cpu(pkt->hdr.sequence); 753 int txq_id = SEQ_TO_QUEUE(sequence); 754 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 755 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid); 756 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid); 757 u32 status = le16_to_cpu(tx_resp->status.status); 758 u16 ssn = iwl_mvm_get_scd_ssn(tx_resp); 759 struct iwl_mvm_sta *mvmsta; 760 struct sk_buff_head skbs; 761 u8 skb_freed = 0; 762 u16 next_reclaimed, seq_ctl; 763 764 __skb_queue_head_init(&skbs); 765 766 seq_ctl = le16_to_cpu(tx_resp->seq_ctl); 767 768 /* we can free until ssn % q.n_bd not inclusive */ 769 iwl_trans_reclaim(mvm->trans, txq_id, ssn, &skbs); 770 771 while (!skb_queue_empty(&skbs)) { 772 struct sk_buff *skb = __skb_dequeue(&skbs); 773 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 774 775 skb_freed++; 776 777 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]); 778 779 memset(&info->status, 0, sizeof(info->status)); 780 781 info->flags &= ~IEEE80211_TX_CTL_AMPDU; 782 783 /* inform mac80211 about what happened with the frame */ 784 switch (status & TX_STATUS_MSK) { 785 case TX_STATUS_SUCCESS: 786 case TX_STATUS_DIRECT_DONE: 787 info->flags |= IEEE80211_TX_STAT_ACK; 788 break; 789 case TX_STATUS_FAIL_DEST_PS: 790 info->flags |= IEEE80211_TX_STAT_TX_FILTERED; 791 break; 792 default: 793 break; 794 } 795 796 info->status.rates[0].count = tx_resp->failure_frame + 1; 797 iwl_mvm_hwrate_to_tx_status(le32_to_cpu(tx_resp->initial_rate), 798 info); 799 info->status.status_driver_data[1] = 800 (void *)(uintptr_t)le32_to_cpu(tx_resp->initial_rate); 801 802 /* Single frame failure in an AMPDU queue => send BAR */ 803 if (txq_id >= mvm->first_agg_queue && 804 !(info->flags & IEEE80211_TX_STAT_ACK) && 805 !(info->flags & IEEE80211_TX_STAT_TX_FILTERED)) 806 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK; 807 808 /* W/A FW bug: seq_ctl is wrong when the status isn't success */ 809 if (status != TX_STATUS_SUCCESS) { 810 struct ieee80211_hdr *hdr = (void *)skb->data; 811 seq_ctl = le16_to_cpu(hdr->seq_ctrl); 812 } 813 814 /* 815 * TODO: this is not accurate if we are freeing more than one 816 * packet. 817 */ 818 info->status.tx_time = 819 le16_to_cpu(tx_resp->wireless_media_time); 820 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1); 821 info->status.status_driver_data[0] = 822 (void *)(uintptr_t)tx_resp->reduced_tpc; 823 824 ieee80211_tx_status(mvm->hw, skb); 825 } 826 827 if (txq_id >= mvm->first_agg_queue) { 828 /* If this is an aggregation queue, we use the ssn since: 829 * ssn = wifi seq_num % 256. 830 * The seq_ctl is the sequence control of the packet to which 831 * this Tx response relates. But if there is a hole in the 832 * bitmap of the BA we received, this Tx response may allow to 833 * reclaim the hole and all the subsequent packets that were 834 * already acked. In that case, seq_ctl != ssn, and the next 835 * packet to be reclaimed will be ssn and not seq_ctl. In that 836 * case, several packets will be reclaimed even if 837 * frame_count = 1. 838 * 839 * The ssn is the index (% 256) of the latest packet that has 840 * treated (acked / dropped) + 1. 841 */ 842 next_reclaimed = ssn; 843 } else { 844 /* The next packet to be reclaimed is the one after this one */ 845 next_reclaimed = IEEE80211_SEQ_TO_SN(seq_ctl + 0x10); 846 } 847 848 IWL_DEBUG_TX_REPLY(mvm, 849 "TXQ %d status %s (0x%08x)\n", 850 txq_id, iwl_mvm_get_tx_fail_reason(status), status); 851 852 IWL_DEBUG_TX_REPLY(mvm, 853 "\t\t\t\tinitial_rate 0x%x retries %d, idx=%d ssn=%d next_reclaimed=0x%x seq_ctl=0x%x\n", 854 le32_to_cpu(tx_resp->initial_rate), 855 tx_resp->failure_frame, SEQ_TO_INDEX(sequence), 856 ssn, next_reclaimed, seq_ctl); 857 858 rcu_read_lock(); 859 860 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 861 /* 862 * sta can't be NULL otherwise it'd mean that the sta has been freed in 863 * the firmware while we still have packets for it in the Tx queues. 864 */ 865 if (WARN_ON_ONCE(!sta)) 866 goto out; 867 868 if (!IS_ERR(sta)) { 869 mvmsta = iwl_mvm_sta_from_mac80211(sta); 870 871 if (tid != IWL_TID_NON_QOS) { 872 struct iwl_mvm_tid_data *tid_data = 873 &mvmsta->tid_data[tid]; 874 bool send_eosp_ndp = false; 875 876 spin_lock_bh(&mvmsta->lock); 877 tid_data->next_reclaimed = next_reclaimed; 878 IWL_DEBUG_TX_REPLY(mvm, "Next reclaimed packet:%d\n", 879 next_reclaimed); 880 iwl_mvm_check_ratid_empty(mvm, sta, tid); 881 882 if (mvmsta->sleep_tx_count) { 883 mvmsta->sleep_tx_count--; 884 if (mvmsta->sleep_tx_count && 885 !iwl_mvm_tid_queued(tid_data)) { 886 /* 887 * The number of frames in the queue 888 * dropped to 0 even if we sent less 889 * frames than we thought we had on the 890 * Tx queue. 891 * This means we had holes in the BA 892 * window that we just filled, ask 893 * mac80211 to send EOSP since the 894 * firmware won't know how to do that. 895 * Send NDP and the firmware will send 896 * EOSP notification that will trigger 897 * a call to ieee80211_sta_eosp(). 898 */ 899 send_eosp_ndp = true; 900 } 901 } 902 903 spin_unlock_bh(&mvmsta->lock); 904 if (send_eosp_ndp) { 905 iwl_mvm_sta_modify_sleep_tx_count(mvm, sta, 906 IEEE80211_FRAME_RELEASE_UAPSD, 907 1, tid, false, false); 908 mvmsta->sleep_tx_count = 0; 909 ieee80211_send_eosp_nullfunc(sta, tid); 910 } 911 } 912 913 if (mvmsta->next_status_eosp) { 914 mvmsta->next_status_eosp = false; 915 ieee80211_sta_eosp(sta); 916 } 917 } else { 918 mvmsta = NULL; 919 } 920 921 /* 922 * If the txq is not an AMPDU queue, there is no chance we freed 923 * several skbs. Check that out... 924 */ 925 if (txq_id >= mvm->first_agg_queue) 926 goto out; 927 928 /* We can't free more than one frame at once on a shared queue */ 929 WARN_ON(skb_freed > 1); 930 931 /* If we have still frames for this STA nothing to do here */ 932 if (!atomic_sub_and_test(skb_freed, &mvm->pending_frames[sta_id])) 933 goto out; 934 935 if (mvmsta && mvmsta->vif->type == NL80211_IFTYPE_AP) { 936 937 /* 938 * If there are no pending frames for this STA and 939 * the tx to this station is not disabled, notify 940 * mac80211 that this station can now wake up in its 941 * STA table. 942 * If mvmsta is not NULL, sta is valid. 943 */ 944 945 spin_lock_bh(&mvmsta->lock); 946 947 if (!mvmsta->disable_tx) 948 ieee80211_sta_block_awake(mvm->hw, sta, false); 949 950 spin_unlock_bh(&mvmsta->lock); 951 } 952 953 if (PTR_ERR(sta) == -EBUSY || PTR_ERR(sta) == -ENOENT) { 954 /* 955 * We are draining and this was the last packet - pre_rcu_remove 956 * has been called already. We might be after the 957 * synchronize_net already. 958 * Don't rely on iwl_mvm_rm_sta to see the empty Tx queues. 959 */ 960 set_bit(sta_id, mvm->sta_drained); 961 schedule_work(&mvm->sta_drained_wk); 962 } 963 964 out: 965 rcu_read_unlock(); 966 } 967 968 #ifdef CONFIG_IWLWIFI_DEBUG 969 #define AGG_TX_STATE_(x) case AGG_TX_STATE_ ## x: return #x 970 static const char *iwl_get_agg_tx_status(u16 status) 971 { 972 switch (status & AGG_TX_STATE_STATUS_MSK) { 973 AGG_TX_STATE_(TRANSMITTED); 974 AGG_TX_STATE_(UNDERRUN); 975 AGG_TX_STATE_(BT_PRIO); 976 AGG_TX_STATE_(FEW_BYTES); 977 AGG_TX_STATE_(ABORT); 978 AGG_TX_STATE_(LAST_SENT_TTL); 979 AGG_TX_STATE_(LAST_SENT_TRY_CNT); 980 AGG_TX_STATE_(LAST_SENT_BT_KILL); 981 AGG_TX_STATE_(SCD_QUERY); 982 AGG_TX_STATE_(TEST_BAD_CRC32); 983 AGG_TX_STATE_(RESPONSE); 984 AGG_TX_STATE_(DUMP_TX); 985 AGG_TX_STATE_(DELAY_TX); 986 } 987 988 return "UNKNOWN"; 989 } 990 991 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm, 992 struct iwl_rx_packet *pkt) 993 { 994 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 995 struct agg_tx_status *frame_status = &tx_resp->status; 996 int i; 997 998 for (i = 0; i < tx_resp->frame_count; i++) { 999 u16 fstatus = le16_to_cpu(frame_status[i].status); 1000 1001 IWL_DEBUG_TX_REPLY(mvm, 1002 "status %s (0x%04x), try-count (%d) seq (0x%x)\n", 1003 iwl_get_agg_tx_status(fstatus), 1004 fstatus & AGG_TX_STATE_STATUS_MSK, 1005 (fstatus & AGG_TX_STATE_TRY_CNT_MSK) >> 1006 AGG_TX_STATE_TRY_CNT_POS, 1007 le16_to_cpu(frame_status[i].sequence)); 1008 } 1009 } 1010 #else 1011 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm, 1012 struct iwl_rx_packet *pkt) 1013 {} 1014 #endif /* CONFIG_IWLWIFI_DEBUG */ 1015 1016 static void iwl_mvm_rx_tx_cmd_agg(struct iwl_mvm *mvm, 1017 struct iwl_rx_packet *pkt) 1018 { 1019 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 1020 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid); 1021 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid); 1022 u16 sequence = le16_to_cpu(pkt->hdr.sequence); 1023 struct ieee80211_sta *sta; 1024 1025 if (WARN_ON_ONCE(SEQ_TO_QUEUE(sequence) < mvm->first_agg_queue)) 1026 return; 1027 1028 if (WARN_ON_ONCE(tid == IWL_TID_NON_QOS)) 1029 return; 1030 1031 iwl_mvm_rx_tx_cmd_agg_dbg(mvm, pkt); 1032 1033 rcu_read_lock(); 1034 1035 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1036 1037 if (!WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 1038 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1039 mvmsta->tid_data[tid].rate_n_flags = 1040 le32_to_cpu(tx_resp->initial_rate); 1041 mvmsta->tid_data[tid].tx_time = 1042 le16_to_cpu(tx_resp->wireless_media_time); 1043 } 1044 1045 rcu_read_unlock(); 1046 } 1047 1048 void iwl_mvm_rx_tx_cmd(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb) 1049 { 1050 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1051 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 1052 1053 if (tx_resp->frame_count == 1) 1054 iwl_mvm_rx_tx_cmd_single(mvm, pkt); 1055 else 1056 iwl_mvm_rx_tx_cmd_agg(mvm, pkt); 1057 } 1058 1059 static void iwl_mvm_tx_info_from_ba_notif(struct ieee80211_tx_info *info, 1060 struct iwl_mvm_ba_notif *ba_notif, 1061 struct iwl_mvm_tid_data *tid_data) 1062 { 1063 info->flags |= IEEE80211_TX_STAT_AMPDU; 1064 info->status.ampdu_ack_len = ba_notif->txed_2_done; 1065 info->status.ampdu_len = ba_notif->txed; 1066 iwl_mvm_hwrate_to_tx_status(tid_data->rate_n_flags, 1067 info); 1068 /* TODO: not accounted if the whole A-MPDU failed */ 1069 info->status.tx_time = tid_data->tx_time; 1070 info->status.status_driver_data[0] = 1071 (void *)(uintptr_t)ba_notif->reduced_txp; 1072 info->status.status_driver_data[1] = 1073 (void *)(uintptr_t)tid_data->rate_n_flags; 1074 } 1075 1076 void iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb) 1077 { 1078 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1079 struct iwl_mvm_ba_notif *ba_notif = (void *)pkt->data; 1080 struct sk_buff_head reclaimed_skbs; 1081 struct iwl_mvm_tid_data *tid_data; 1082 struct ieee80211_sta *sta; 1083 struct iwl_mvm_sta *mvmsta; 1084 struct sk_buff *skb; 1085 int sta_id, tid, freed; 1086 /* "flow" corresponds to Tx queue */ 1087 u16 scd_flow = le16_to_cpu(ba_notif->scd_flow); 1088 /* "ssn" is start of block-ack Tx window, corresponds to index 1089 * (in Tx queue's circular buffer) of first TFD/frame in window */ 1090 u16 ba_resp_scd_ssn = le16_to_cpu(ba_notif->scd_ssn); 1091 1092 sta_id = ba_notif->sta_id; 1093 tid = ba_notif->tid; 1094 1095 if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT || 1096 tid >= IWL_MAX_TID_COUNT, 1097 "sta_id %d tid %d", sta_id, tid)) 1098 return; 1099 1100 rcu_read_lock(); 1101 1102 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1103 1104 /* Reclaiming frames for a station that has been deleted ? */ 1105 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 1106 rcu_read_unlock(); 1107 return; 1108 } 1109 1110 mvmsta = iwl_mvm_sta_from_mac80211(sta); 1111 tid_data = &mvmsta->tid_data[tid]; 1112 1113 if (tid_data->txq_id != scd_flow) { 1114 IWL_ERR(mvm, 1115 "invalid BA notification: Q %d, tid %d, flow %d\n", 1116 tid_data->txq_id, tid, scd_flow); 1117 rcu_read_unlock(); 1118 return; 1119 } 1120 1121 spin_lock_bh(&mvmsta->lock); 1122 1123 __skb_queue_head_init(&reclaimed_skbs); 1124 1125 /* 1126 * Release all TFDs before the SSN, i.e. all TFDs in front of 1127 * block-ack window (we assume that they've been successfully 1128 * transmitted ... if not, it's too late anyway). 1129 */ 1130 iwl_trans_reclaim(mvm->trans, scd_flow, ba_resp_scd_ssn, 1131 &reclaimed_skbs); 1132 1133 IWL_DEBUG_TX_REPLY(mvm, 1134 "BA_NOTIFICATION Received from %pM, sta_id = %d\n", 1135 (u8 *)&ba_notif->sta_addr_lo32, 1136 ba_notif->sta_id); 1137 IWL_DEBUG_TX_REPLY(mvm, 1138 "TID = %d, SeqCtl = %d, bitmap = 0x%llx, scd_flow = %d, scd_ssn = %d sent:%d, acked:%d\n", 1139 ba_notif->tid, le16_to_cpu(ba_notif->seq_ctl), 1140 (unsigned long long)le64_to_cpu(ba_notif->bitmap), 1141 scd_flow, ba_resp_scd_ssn, ba_notif->txed, 1142 ba_notif->txed_2_done); 1143 1144 IWL_DEBUG_TX_REPLY(mvm, "reduced txp from ba notif %d\n", 1145 ba_notif->reduced_txp); 1146 tid_data->next_reclaimed = ba_resp_scd_ssn; 1147 1148 iwl_mvm_check_ratid_empty(mvm, sta, tid); 1149 1150 freed = 0; 1151 1152 skb_queue_walk(&reclaimed_skbs, skb) { 1153 struct ieee80211_hdr *hdr = (void *)skb->data; 1154 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1155 1156 if (ieee80211_is_data_qos(hdr->frame_control)) 1157 freed++; 1158 else 1159 WARN_ON_ONCE(1); 1160 1161 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]); 1162 1163 memset(&info->status, 0, sizeof(info->status)); 1164 /* Packet was transmitted successfully, failures come as single 1165 * frames because before failing a frame the firmware transmits 1166 * it without aggregation at least once. 1167 */ 1168 info->flags |= IEEE80211_TX_STAT_ACK; 1169 1170 /* this is the first skb we deliver in this batch */ 1171 /* put the rate scaling data there */ 1172 if (freed == 1) 1173 iwl_mvm_tx_info_from_ba_notif(info, ba_notif, tid_data); 1174 } 1175 1176 spin_unlock_bh(&mvmsta->lock); 1177 1178 /* We got a BA notif with 0 acked or scd_ssn didn't progress which is 1179 * possible (i.e. first MPDU in the aggregation wasn't acked) 1180 * Still it's important to update RS about sent vs. acked. 1181 */ 1182 if (skb_queue_empty(&reclaimed_skbs)) { 1183 struct ieee80211_tx_info ba_info = {}; 1184 struct ieee80211_chanctx_conf *chanctx_conf = NULL; 1185 1186 if (mvmsta->vif) 1187 chanctx_conf = 1188 rcu_dereference(mvmsta->vif->chanctx_conf); 1189 1190 if (WARN_ON_ONCE(!chanctx_conf)) 1191 goto out; 1192 1193 ba_info.band = chanctx_conf->def.chan->band; 1194 iwl_mvm_tx_info_from_ba_notif(&ba_info, ba_notif, tid_data); 1195 1196 IWL_DEBUG_TX_REPLY(mvm, "No reclaim. Update rs directly\n"); 1197 iwl_mvm_rs_tx_status(mvm, sta, tid, &ba_info); 1198 } 1199 1200 out: 1201 rcu_read_unlock(); 1202 1203 while (!skb_queue_empty(&reclaimed_skbs)) { 1204 skb = __skb_dequeue(&reclaimed_skbs); 1205 ieee80211_tx_status(mvm->hw, skb); 1206 } 1207 } 1208 1209 /* 1210 * Note that there are transports that buffer frames before they reach 1211 * the firmware. This means that after flush_tx_path is called, the 1212 * queue might not be empty. The race-free way to handle this is to: 1213 * 1) set the station as draining 1214 * 2) flush the Tx path 1215 * 3) wait for the transport queues to be empty 1216 */ 1217 int iwl_mvm_flush_tx_path(struct iwl_mvm *mvm, u32 tfd_msk, u32 flags) 1218 { 1219 int ret; 1220 struct iwl_tx_path_flush_cmd flush_cmd = { 1221 .queues_ctl = cpu_to_le32(tfd_msk), 1222 .flush_ctl = cpu_to_le16(DUMP_TX_FIFO_FLUSH), 1223 }; 1224 1225 ret = iwl_mvm_send_cmd_pdu(mvm, TXPATH_FLUSH, flags, 1226 sizeof(flush_cmd), &flush_cmd); 1227 if (ret) 1228 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret); 1229 return ret; 1230 } 1231