1 /* 2 * Marvell Wireless LAN device driver: 802.11n RX Re-ordering 3 * 4 * Copyright (C) 2011-2014, Marvell International Ltd. 5 * 6 * This software file (the "File") is distributed by Marvell International 7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991 8 * (the "License"). You may use, redistribute and/or modify this File in 9 * accordance with the terms and conditions of the License, a copy of which 10 * is available by writing to the Free Software Foundation, Inc., 11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the 12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 13 * 14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE 16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about 17 * this warranty disclaimer. 18 */ 19 20 #include "decl.h" 21 #include "ioctl.h" 22 #include "util.h" 23 #include "fw.h" 24 #include "main.h" 25 #include "wmm.h" 26 #include "11n.h" 27 #include "11n_rxreorder.h" 28 29 /* This function will dispatch amsdu packet and forward it to kernel/upper 30 * layer. 31 */ 32 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv, 33 struct sk_buff *skb) 34 { 35 struct rxpd *local_rx_pd = (struct rxpd *)(skb->data); 36 int ret; 37 38 if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) { 39 struct sk_buff_head list; 40 struct sk_buff *rx_skb; 41 42 __skb_queue_head_init(&list); 43 44 skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset)); 45 skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length)); 46 47 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr, 48 priv->wdev.iftype, 0, NULL, NULL); 49 50 while (!skb_queue_empty(&list)) { 51 struct rx_packet_hdr *rx_hdr; 52 53 rx_skb = __skb_dequeue(&list); 54 rx_hdr = (struct rx_packet_hdr *)rx_skb->data; 55 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 56 ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) { 57 mwifiex_process_tdls_action_frame(priv, 58 (u8 *)rx_hdr, 59 skb->len); 60 } 61 62 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 63 ret = mwifiex_uap_recv_packet(priv, rx_skb); 64 else 65 ret = mwifiex_recv_packet(priv, rx_skb); 66 if (ret == -1) 67 mwifiex_dbg(priv->adapter, ERROR, 68 "Rx of A-MSDU failed"); 69 } 70 return 0; 71 } 72 73 return -1; 74 } 75 76 /* This function will process the rx packet and forward it to kernel/upper 77 * layer. 78 */ 79 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv, void *payload) 80 { 81 82 int ret; 83 84 if (!payload) { 85 mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n"); 86 return 0; 87 } 88 89 ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload); 90 if (!ret) 91 return 0; 92 93 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 94 return mwifiex_handle_uap_rx_forward(priv, payload); 95 96 return mwifiex_process_rx_packet(priv, payload); 97 } 98 99 /* 100 * This function dispatches all packets in the Rx reorder table until the 101 * start window. 102 * 103 * There could be holes in the buffer, which are skipped by the function. 104 * Since the buffer is linear, the function uses rotation to simulate 105 * circular buffer. 106 */ 107 static void 108 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv, 109 struct mwifiex_rx_reorder_tbl *tbl, 110 int start_win) 111 { 112 int pkt_to_send, i; 113 void *rx_tmp_ptr; 114 unsigned long flags; 115 116 pkt_to_send = (start_win > tbl->start_win) ? 117 min((start_win - tbl->start_win), tbl->win_size) : 118 tbl->win_size; 119 120 for (i = 0; i < pkt_to_send; ++i) { 121 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 122 rx_tmp_ptr = NULL; 123 if (tbl->rx_reorder_ptr[i]) { 124 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 125 tbl->rx_reorder_ptr[i] = NULL; 126 } 127 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 128 if (rx_tmp_ptr) 129 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 130 } 131 132 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 133 /* 134 * We don't have a circular buffer, hence use rotation to simulate 135 * circular buffer 136 */ 137 for (i = 0; i < tbl->win_size - pkt_to_send; ++i) { 138 tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i]; 139 tbl->rx_reorder_ptr[pkt_to_send + i] = NULL; 140 } 141 142 tbl->start_win = start_win; 143 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 144 } 145 146 /* 147 * This function dispatches all packets in the Rx reorder table until 148 * a hole is found. 149 * 150 * The start window is adjusted automatically when a hole is located. 151 * Since the buffer is linear, the function uses rotation to simulate 152 * circular buffer. 153 */ 154 static void 155 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv, 156 struct mwifiex_rx_reorder_tbl *tbl) 157 { 158 int i, j, xchg; 159 void *rx_tmp_ptr; 160 unsigned long flags; 161 162 for (i = 0; i < tbl->win_size; ++i) { 163 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 164 if (!tbl->rx_reorder_ptr[i]) { 165 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 166 break; 167 } 168 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 169 tbl->rx_reorder_ptr[i] = NULL; 170 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 171 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 172 } 173 174 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 175 /* 176 * We don't have a circular buffer, hence use rotation to simulate 177 * circular buffer 178 */ 179 if (i > 0) { 180 xchg = tbl->win_size - i; 181 for (j = 0; j < xchg; ++j) { 182 tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j]; 183 tbl->rx_reorder_ptr[i + j] = NULL; 184 } 185 } 186 tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1); 187 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 188 } 189 190 /* 191 * This function deletes the Rx reorder table and frees the memory. 192 * 193 * The function stops the associated timer and dispatches all the 194 * pending packets in the Rx reorder table before deletion. 195 */ 196 static void 197 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv, 198 struct mwifiex_rx_reorder_tbl *tbl) 199 { 200 unsigned long flags; 201 int start_win; 202 203 if (!tbl) 204 return; 205 206 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 207 priv->adapter->rx_locked = true; 208 if (priv->adapter->rx_processing) { 209 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 210 flush_workqueue(priv->adapter->rx_workqueue); 211 } else { 212 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 213 } 214 215 start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1); 216 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 217 218 del_timer_sync(&tbl->timer_context.timer); 219 tbl->timer_context.timer_is_set = false; 220 221 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 222 list_del(&tbl->list); 223 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 224 225 kfree(tbl->rx_reorder_ptr); 226 kfree(tbl); 227 228 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 229 priv->adapter->rx_locked = false; 230 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 231 232 } 233 234 /* 235 * This function returns the pointer to an entry in Rx reordering 236 * table which matches the given TA/TID pair. 237 */ 238 struct mwifiex_rx_reorder_tbl * 239 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta) 240 { 241 struct mwifiex_rx_reorder_tbl *tbl; 242 unsigned long flags; 243 244 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 245 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) { 246 if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) { 247 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 248 flags); 249 return tbl; 250 } 251 } 252 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 253 254 return NULL; 255 } 256 257 /* This function retrieves the pointer to an entry in Rx reordering 258 * table which matches the given TA and deletes it. 259 */ 260 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta) 261 { 262 struct mwifiex_rx_reorder_tbl *tbl, *tmp; 263 unsigned long flags; 264 265 if (!ta) 266 return; 267 268 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 269 list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) { 270 if (!memcmp(tbl->ta, ta, ETH_ALEN)) { 271 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 272 flags); 273 mwifiex_del_rx_reorder_entry(priv, tbl); 274 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 275 } 276 } 277 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 278 279 return; 280 } 281 282 /* 283 * This function finds the last sequence number used in the packets 284 * buffered in Rx reordering table. 285 */ 286 static int 287 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx) 288 { 289 struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr; 290 struct mwifiex_private *priv = ctx->priv; 291 unsigned long flags; 292 int i; 293 294 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 295 for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) { 296 if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) { 297 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 298 flags); 299 return i; 300 } 301 } 302 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 303 304 return -1; 305 } 306 307 /* 308 * This function flushes all the packets in Rx reordering table. 309 * 310 * The function checks if any packets are currently buffered in the 311 * table or not. In case there are packets available, it dispatches 312 * them and then dumps the Rx reordering table. 313 */ 314 static void 315 mwifiex_flush_data(struct timer_list *t) 316 { 317 struct reorder_tmr_cnxt *ctx = 318 from_timer(ctx, t, timer); 319 int start_win, seq_num; 320 321 ctx->timer_is_set = false; 322 seq_num = mwifiex_11n_find_last_seq_num(ctx); 323 324 if (seq_num < 0) 325 return; 326 327 mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num); 328 start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1); 329 mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr, 330 start_win); 331 } 332 333 /* 334 * This function creates an entry in Rx reordering table for the 335 * given TA/TID. 336 * 337 * The function also initializes the entry with sequence number, window 338 * size as well as initializes the timer. 339 * 340 * If the received TA/TID pair is already present, all the packets are 341 * dispatched and the window size is moved until the SSN. 342 */ 343 static void 344 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta, 345 int tid, int win_size, int seq_num) 346 { 347 int i; 348 struct mwifiex_rx_reorder_tbl *tbl, *new_node; 349 u16 last_seq = 0; 350 unsigned long flags; 351 struct mwifiex_sta_node *node; 352 353 /* 354 * If we get a TID, ta pair which is already present dispatch all the 355 * the packets and move the window size until the ssn 356 */ 357 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 358 if (tbl) { 359 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num); 360 return; 361 } 362 /* if !tbl then create one */ 363 new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL); 364 if (!new_node) 365 return; 366 367 INIT_LIST_HEAD(&new_node->list); 368 new_node->tid = tid; 369 memcpy(new_node->ta, ta, ETH_ALEN); 370 new_node->start_win = seq_num; 371 new_node->init_win = seq_num; 372 new_node->flags = 0; 373 374 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 375 if (mwifiex_queuing_ra_based(priv)) { 376 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) { 377 node = mwifiex_get_sta_entry(priv, ta); 378 if (node) 379 last_seq = node->rx_seq[tid]; 380 } 381 } else { 382 node = mwifiex_get_sta_entry(priv, ta); 383 if (node) 384 last_seq = node->rx_seq[tid]; 385 else 386 last_seq = priv->rx_seq[tid]; 387 } 388 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 389 390 mwifiex_dbg(priv->adapter, INFO, 391 "info: last_seq=%d start_win=%d\n", 392 last_seq, new_node->start_win); 393 394 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 395 last_seq >= new_node->start_win) { 396 new_node->start_win = last_seq + 1; 397 new_node->flags |= RXREOR_INIT_WINDOW_SHIFT; 398 } 399 400 new_node->win_size = win_size; 401 402 new_node->rx_reorder_ptr = kzalloc(sizeof(void *) * win_size, 403 GFP_KERNEL); 404 if (!new_node->rx_reorder_ptr) { 405 kfree((u8 *) new_node); 406 mwifiex_dbg(priv->adapter, ERROR, 407 "%s: failed to alloc reorder_ptr\n", __func__); 408 return; 409 } 410 411 new_node->timer_context.ptr = new_node; 412 new_node->timer_context.priv = priv; 413 new_node->timer_context.timer_is_set = false; 414 415 timer_setup(&new_node->timer_context.timer, mwifiex_flush_data, 0); 416 417 for (i = 0; i < win_size; ++i) 418 new_node->rx_reorder_ptr[i] = NULL; 419 420 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 421 list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr); 422 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 423 } 424 425 static void 426 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl) 427 { 428 u32 min_flush_time; 429 430 if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32) 431 min_flush_time = MIN_FLUSH_TIMER_15_MS; 432 else 433 min_flush_time = MIN_FLUSH_TIMER_MS; 434 435 mod_timer(&tbl->timer_context.timer, 436 jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size)); 437 438 tbl->timer_context.timer_is_set = true; 439 } 440 441 /* 442 * This function prepares command for adding a BA request. 443 * 444 * Preparation includes - 445 * - Setting command ID and proper size 446 * - Setting add BA request buffer 447 * - Ensuring correct endian-ness 448 */ 449 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf) 450 { 451 struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req; 452 453 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ); 454 cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN); 455 memcpy(add_ba_req, data_buf, sizeof(*add_ba_req)); 456 457 return 0; 458 } 459 460 /* 461 * This function prepares command for adding a BA response. 462 * 463 * Preparation includes - 464 * - Setting command ID and proper size 465 * - Setting add BA response buffer 466 * - Ensuring correct endian-ness 467 */ 468 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv, 469 struct host_cmd_ds_command *cmd, 470 struct host_cmd_ds_11n_addba_req 471 *cmd_addba_req) 472 { 473 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp; 474 struct mwifiex_sta_node *sta_ptr; 475 u32 rx_win_size = priv->add_ba_param.rx_win_size; 476 u8 tid; 477 int win_size; 478 unsigned long flags; 479 uint16_t block_ack_param_set; 480 481 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) && 482 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 483 priv->adapter->is_hw_11ac_capable && 484 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) { 485 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 486 sta_ptr = mwifiex_get_sta_entry(priv, 487 cmd_addba_req->peer_mac_addr); 488 if (!sta_ptr) { 489 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 490 mwifiex_dbg(priv->adapter, ERROR, 491 "BA setup with unknown TDLS peer %pM!\n", 492 cmd_addba_req->peer_mac_addr); 493 return -1; 494 } 495 if (sta_ptr->is_11ac_enabled) 496 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE; 497 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 498 } 499 500 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP); 501 cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN); 502 503 memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr, 504 ETH_ALEN); 505 add_ba_rsp->dialog_token = cmd_addba_req->dialog_token; 506 add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo; 507 add_ba_rsp->ssn = cmd_addba_req->ssn; 508 509 block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set); 510 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 511 >> BLOCKACKPARAM_TID_POS; 512 add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT); 513 block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK; 514 515 /* If we don't support AMSDU inside AMPDU, reset the bit */ 516 if (!priv->add_ba_param.rx_amsdu || 517 (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED)) 518 block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK; 519 block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS; 520 add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set); 521 win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set) 522 & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 523 >> BLOCKACKPARAM_WINSIZE_POS; 524 cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set); 525 526 mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr, 527 tid, win_size, 528 le16_to_cpu(cmd_addba_req->ssn)); 529 return 0; 530 } 531 532 /* 533 * This function prepares command for deleting a BA request. 534 * 535 * Preparation includes - 536 * - Setting command ID and proper size 537 * - Setting del BA request buffer 538 * - Ensuring correct endian-ness 539 */ 540 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf) 541 { 542 struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba; 543 544 cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA); 545 cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN); 546 memcpy(del_ba, data_buf, sizeof(*del_ba)); 547 548 return 0; 549 } 550 551 /* 552 * This function identifies if Rx reordering is needed for a received packet. 553 * 554 * In case reordering is required, the function will do the reordering 555 * before sending it to kernel. 556 * 557 * The Rx reorder table is checked first with the received TID/TA pair. If 558 * not found, the received packet is dispatched immediately. But if found, 559 * the packet is reordered and all the packets in the updated Rx reordering 560 * table is dispatched until a hole is found. 561 * 562 * For sequence number less than the starting window, the packet is dropped. 563 */ 564 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv, 565 u16 seq_num, u16 tid, 566 u8 *ta, u8 pkt_type, void *payload) 567 { 568 struct mwifiex_rx_reorder_tbl *tbl; 569 int prev_start_win, start_win, end_win, win_size; 570 u16 pkt_index; 571 bool init_window_shift = false; 572 int ret = 0; 573 574 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 575 if (!tbl) { 576 if (pkt_type != PKT_TYPE_BAR) 577 mwifiex_11n_dispatch_pkt(priv, payload); 578 return ret; 579 } 580 581 if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) { 582 mwifiex_11n_dispatch_pkt(priv, payload); 583 return ret; 584 } 585 586 start_win = tbl->start_win; 587 prev_start_win = start_win; 588 win_size = tbl->win_size; 589 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 590 if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) { 591 init_window_shift = true; 592 tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT; 593 } 594 595 if (tbl->flags & RXREOR_FORCE_NO_DROP) { 596 mwifiex_dbg(priv->adapter, INFO, 597 "RXREOR_FORCE_NO_DROP when HS is activated\n"); 598 tbl->flags &= ~RXREOR_FORCE_NO_DROP; 599 } else if (init_window_shift && seq_num < start_win && 600 seq_num >= tbl->init_win) { 601 mwifiex_dbg(priv->adapter, INFO, 602 "Sender TID sequence number reset %d->%d for SSN %d\n", 603 start_win, seq_num, tbl->init_win); 604 tbl->start_win = start_win = seq_num; 605 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 606 } else { 607 /* 608 * If seq_num is less then starting win then ignore and drop 609 * the packet 610 */ 611 if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) { 612 if (seq_num >= ((start_win + TWOPOW11) & 613 (MAX_TID_VALUE - 1)) && 614 seq_num < start_win) { 615 ret = -1; 616 goto done; 617 } 618 } else if ((seq_num < start_win) || 619 (seq_num >= (start_win + TWOPOW11))) { 620 ret = -1; 621 goto done; 622 } 623 } 624 625 /* 626 * If this packet is a BAR we adjust seq_num as 627 * WinStart = seq_num 628 */ 629 if (pkt_type == PKT_TYPE_BAR) 630 seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1); 631 632 if (((end_win < start_win) && 633 (seq_num < start_win) && (seq_num > end_win)) || 634 ((end_win > start_win) && ((seq_num > end_win) || 635 (seq_num < start_win)))) { 636 end_win = seq_num; 637 if (((end_win - win_size) + 1) >= 0) 638 start_win = (end_win - win_size) + 1; 639 else 640 start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1; 641 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 642 } 643 644 if (pkt_type != PKT_TYPE_BAR) { 645 if (seq_num >= start_win) 646 pkt_index = seq_num - start_win; 647 else 648 pkt_index = (seq_num+MAX_TID_VALUE) - start_win; 649 650 if (tbl->rx_reorder_ptr[pkt_index]) { 651 ret = -1; 652 goto done; 653 } 654 655 tbl->rx_reorder_ptr[pkt_index] = payload; 656 } 657 658 /* 659 * Dispatch all packets sequentially from start_win until a 660 * hole is found and adjust the start_win appropriately 661 */ 662 mwifiex_11n_scan_and_dispatch(priv, tbl); 663 664 done: 665 if (!tbl->timer_context.timer_is_set || 666 prev_start_win != tbl->start_win) 667 mwifiex_11n_rxreorder_timer_restart(tbl); 668 return ret; 669 } 670 671 /* 672 * This function deletes an entry for a given TID/TA pair. 673 * 674 * The TID/TA are taken from del BA event body. 675 */ 676 void 677 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac, 678 u8 type, int initiator) 679 { 680 struct mwifiex_rx_reorder_tbl *tbl; 681 struct mwifiex_tx_ba_stream_tbl *ptx_tbl; 682 struct mwifiex_ra_list_tbl *ra_list; 683 u8 cleanup_rx_reorder_tbl; 684 unsigned long flags; 685 int tid_down; 686 687 if (type == TYPE_DELBA_RECEIVE) 688 cleanup_rx_reorder_tbl = (initiator) ? true : false; 689 else 690 cleanup_rx_reorder_tbl = (initiator) ? false : true; 691 692 mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n", 693 peer_mac, tid, initiator); 694 695 if (cleanup_rx_reorder_tbl) { 696 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 697 peer_mac); 698 if (!tbl) { 699 mwifiex_dbg(priv->adapter, EVENT, 700 "event: TID, TA not found in table\n"); 701 return; 702 } 703 mwifiex_del_rx_reorder_entry(priv, tbl); 704 } else { 705 ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac); 706 if (!ptx_tbl) { 707 mwifiex_dbg(priv->adapter, EVENT, 708 "event: TID, RA not found in table\n"); 709 return; 710 } 711 712 tid_down = mwifiex_wmm_downgrade_tid(priv, tid); 713 ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac); 714 if (ra_list) { 715 ra_list->amsdu_in_ampdu = false; 716 ra_list->ba_status = BA_SETUP_NONE; 717 } 718 spin_lock_irqsave(&priv->tx_ba_stream_tbl_lock, flags); 719 mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl); 720 spin_unlock_irqrestore(&priv->tx_ba_stream_tbl_lock, flags); 721 } 722 } 723 724 /* 725 * This function handles the command response of an add BA response. 726 * 727 * Handling includes changing the header fields into CPU format and 728 * creating the stream, provided the add BA is accepted. 729 */ 730 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv, 731 struct host_cmd_ds_command *resp) 732 { 733 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp; 734 int tid, win_size; 735 struct mwifiex_rx_reorder_tbl *tbl; 736 uint16_t block_ack_param_set; 737 738 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set); 739 740 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 741 >> BLOCKACKPARAM_TID_POS; 742 /* 743 * Check if we had rejected the ADDBA, if yes then do not create 744 * the stream 745 */ 746 if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) { 747 mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n", 748 add_ba_rsp->peer_mac_addr, tid); 749 750 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 751 add_ba_rsp->peer_mac_addr); 752 if (tbl) 753 mwifiex_del_rx_reorder_entry(priv, tbl); 754 755 return 0; 756 } 757 758 win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 759 >> BLOCKACKPARAM_WINSIZE_POS; 760 761 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 762 add_ba_rsp->peer_mac_addr); 763 if (tbl) { 764 if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) && 765 priv->add_ba_param.rx_amsdu && 766 (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED)) 767 tbl->amsdu = true; 768 else 769 tbl->amsdu = false; 770 } 771 772 mwifiex_dbg(priv->adapter, CMD, 773 "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n", 774 add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size); 775 776 return 0; 777 } 778 779 /* 780 * This function handles BA stream timeout event by preparing and sending 781 * a command to the firmware. 782 */ 783 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv, 784 struct host_cmd_ds_11n_batimeout *event) 785 { 786 struct host_cmd_ds_11n_delba delba; 787 788 memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba)); 789 memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN); 790 791 delba.del_ba_param_set |= 792 cpu_to_le16((u16) event->tid << DELBA_TID_POS); 793 delba.del_ba_param_set |= cpu_to_le16( 794 (u16) event->origninator << DELBA_INITIATOR_POS); 795 delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT); 796 mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false); 797 } 798 799 /* 800 * This function cleans up the Rx reorder table by deleting all the entries 801 * and re-initializing. 802 */ 803 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv) 804 { 805 struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node; 806 unsigned long flags; 807 808 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 809 list_for_each_entry_safe(del_tbl_ptr, tmp_node, 810 &priv->rx_reorder_tbl_ptr, list) { 811 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 812 mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr); 813 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 814 } 815 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 816 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 817 818 mwifiex_reset_11n_rx_seq_num(priv); 819 } 820 821 /* 822 * This function updates all rx_reorder_tbl's flags. 823 */ 824 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags) 825 { 826 struct mwifiex_private *priv; 827 struct mwifiex_rx_reorder_tbl *tbl; 828 unsigned long lock_flags; 829 int i; 830 831 for (i = 0; i < adapter->priv_num; i++) { 832 priv = adapter->priv[i]; 833 if (!priv) 834 continue; 835 836 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, lock_flags); 837 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) 838 tbl->flags = flags; 839 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, lock_flags); 840 } 841 842 return; 843 } 844 845 /* This function update all the rx_win_size based on coex flag 846 */ 847 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter, 848 bool coex_flag) 849 { 850 u8 i; 851 u32 rx_win_size; 852 struct mwifiex_private *priv; 853 854 dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag); 855 856 for (i = 0; i < adapter->priv_num; i++) { 857 if (!adapter->priv[i]) 858 continue; 859 priv = adapter->priv[i]; 860 rx_win_size = priv->add_ba_param.rx_win_size; 861 if (coex_flag) { 862 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 863 priv->add_ba_param.rx_win_size = 864 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 865 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 866 priv->add_ba_param.rx_win_size = 867 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 868 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 869 priv->add_ba_param.rx_win_size = 870 MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE; 871 } else { 872 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 873 priv->add_ba_param.rx_win_size = 874 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 875 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 876 priv->add_ba_param.rx_win_size = 877 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 878 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 879 priv->add_ba_param.rx_win_size = 880 MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE; 881 } 882 883 if (adapter->coex_win_size && adapter->coex_rx_win_size) 884 priv->add_ba_param.rx_win_size = 885 adapter->coex_rx_win_size; 886 887 if (rx_win_size != priv->add_ba_param.rx_win_size) { 888 if (!priv->media_connected) 889 continue; 890 for (i = 0; i < MAX_NUM_TID; i++) 891 mwifiex_11n_delba(priv, i); 892 } 893 } 894 } 895 896 /* This function check coex for RX BA 897 */ 898 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter) 899 { 900 u8 i; 901 struct mwifiex_private *priv; 902 u8 count = 0; 903 904 for (i = 0; i < adapter->priv_num; i++) { 905 if (adapter->priv[i]) { 906 priv = adapter->priv[i]; 907 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) { 908 if (priv->media_connected) 909 count++; 910 } 911 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) { 912 if (priv->bss_started) 913 count++; 914 } 915 } 916 if (count >= MWIFIEX_BSS_COEX_COUNT) 917 break; 918 } 919 if (count >= MWIFIEX_BSS_COEX_COUNT) 920 mwifiex_update_ampdu_rxwinsize(adapter, true); 921 else 922 mwifiex_update_ampdu_rxwinsize(adapter, false); 923 } 924 925 /* This function handles rxba_sync event 926 */ 927 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv, 928 u8 *event_buf, u16 len) 929 { 930 struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf; 931 u16 tlv_type, tlv_len; 932 struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr; 933 u8 i, j; 934 u16 seq_num, tlv_seq_num, tlv_bitmap_len; 935 int tlv_buf_left = len; 936 int ret; 937 u8 *tmp; 938 939 mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:", 940 event_buf, len); 941 while (tlv_buf_left >= sizeof(*tlv_rxba)) { 942 tlv_type = le16_to_cpu(tlv_rxba->header.type); 943 tlv_len = le16_to_cpu(tlv_rxba->header.len); 944 if (tlv_type != TLV_TYPE_RXBA_SYNC) { 945 mwifiex_dbg(priv->adapter, ERROR, 946 "Wrong TLV id=0x%x\n", tlv_type); 947 return; 948 } 949 950 tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num); 951 tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len); 952 mwifiex_dbg(priv->adapter, INFO, 953 "%pM tid=%d seq_num=%d bitmap_len=%d\n", 954 tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num, 955 tlv_bitmap_len); 956 957 rx_reor_tbl_ptr = 958 mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid, 959 tlv_rxba->mac); 960 if (!rx_reor_tbl_ptr) { 961 mwifiex_dbg(priv->adapter, ERROR, 962 "Can not find rx_reorder_tbl!"); 963 return; 964 } 965 966 for (i = 0; i < tlv_bitmap_len; i++) { 967 for (j = 0 ; j < 8; j++) { 968 if (tlv_rxba->bitmap[i] & (1 << j)) { 969 seq_num = (MAX_TID_VALUE - 1) & 970 (tlv_seq_num + i * 8 + j); 971 972 mwifiex_dbg(priv->adapter, ERROR, 973 "drop packet,seq=%d\n", 974 seq_num); 975 976 ret = mwifiex_11n_rx_reorder_pkt 977 (priv, seq_num, tlv_rxba->tid, 978 tlv_rxba->mac, 0, NULL); 979 980 if (ret) 981 mwifiex_dbg(priv->adapter, 982 ERROR, 983 "Fail to drop packet"); 984 } 985 } 986 } 987 988 tlv_buf_left -= (sizeof(*tlv_rxba) + tlv_len); 989 tmp = (u8 *)tlv_rxba + tlv_len + sizeof(*tlv_rxba); 990 tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp; 991 } 992 } 993