1 /* 2 * Atheros CARL9170 driver 3 * 4 * 802.11 & command trap routines 5 * 6 * Copyright 2008, Johannes Berg <johannes@sipsolutions.net> 7 * Copyright 2009, 2010, Christian Lamparter <chunkeey@googlemail.com> 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License as published by 11 * the Free Software Foundation; either version 2 of the License, or 12 * (at your option) any later version. 13 * 14 * This program is distributed in the hope that it will be useful, 15 * but WITHOUT ANY WARRANTY; without even the implied warranty of 16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 * GNU General Public License for more details. 18 * 19 * You should have received a copy of the GNU General Public License 20 * along with this program; see the file COPYING. If not, see 21 * http://www.gnu.org/licenses/. 22 * 23 * This file incorporates work covered by the following copyright and 24 * permission notice: 25 * Copyright (c) 2007-2008 Atheros Communications, Inc. 26 * 27 * Permission to use, copy, modify, and/or distribute this software for any 28 * purpose with or without fee is hereby granted, provided that the above 29 * copyright notice and this permission notice appear in all copies. 30 * 31 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 32 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 33 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 34 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 35 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 36 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 37 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 38 */ 39 40 #include <linux/init.h> 41 #include <linux/slab.h> 42 #include <linux/module.h> 43 #include <linux/etherdevice.h> 44 #include <linux/crc32.h> 45 #include <net/mac80211.h> 46 #include "carl9170.h" 47 #include "hw.h" 48 #include "cmd.h" 49 50 static void carl9170_dbg_message(struct ar9170 *ar, const char *buf, u32 len) 51 { 52 bool restart = false; 53 enum carl9170_restart_reasons reason = CARL9170_RR_NO_REASON; 54 55 if (len > 3) { 56 if (memcmp(buf, CARL9170_ERR_MAGIC, 3) == 0) { 57 ar->fw.err_counter++; 58 if (ar->fw.err_counter > 3) { 59 restart = true; 60 reason = CARL9170_RR_TOO_MANY_FIRMWARE_ERRORS; 61 } 62 } 63 64 if (memcmp(buf, CARL9170_BUG_MAGIC, 3) == 0) { 65 ar->fw.bug_counter++; 66 restart = true; 67 reason = CARL9170_RR_FATAL_FIRMWARE_ERROR; 68 } 69 } 70 71 wiphy_info(ar->hw->wiphy, "FW: %.*s\n", len, buf); 72 73 if (restart) 74 carl9170_restart(ar, reason); 75 } 76 77 static void carl9170_handle_ps(struct ar9170 *ar, struct carl9170_rsp *rsp) 78 { 79 u32 ps; 80 bool new_ps; 81 82 ps = le32_to_cpu(rsp->psm.state); 83 84 new_ps = (ps & CARL9170_PSM_COUNTER) != CARL9170_PSM_WAKE; 85 if (ar->ps.state != new_ps) { 86 if (!new_ps) { 87 ar->ps.sleep_ms = jiffies_to_msecs(jiffies - 88 ar->ps.last_action); 89 } 90 91 ar->ps.last_action = jiffies; 92 93 ar->ps.state = new_ps; 94 } 95 } 96 97 static int carl9170_check_sequence(struct ar9170 *ar, unsigned int seq) 98 { 99 if (ar->cmd_seq < -1) 100 return 0; 101 102 /* 103 * Initialize Counter 104 */ 105 if (ar->cmd_seq < 0) 106 ar->cmd_seq = seq; 107 108 /* 109 * The sequence is strictly monotonic increasing and it never skips! 110 * 111 * Therefore we can safely assume that whenever we received an 112 * unexpected sequence we have lost some valuable data. 113 */ 114 if (seq != ar->cmd_seq) { 115 int count; 116 117 count = (seq - ar->cmd_seq) % ar->fw.cmd_bufs; 118 119 wiphy_err(ar->hw->wiphy, "lost %d command responses/traps! " 120 "w:%d g:%d\n", count, ar->cmd_seq, seq); 121 122 carl9170_restart(ar, CARL9170_RR_LOST_RSP); 123 return -EIO; 124 } 125 126 ar->cmd_seq = (ar->cmd_seq + 1) % ar->fw.cmd_bufs; 127 return 0; 128 } 129 130 static void carl9170_cmd_callback(struct ar9170 *ar, u32 len, void *buffer) 131 { 132 /* 133 * Some commands may have a variable response length 134 * and we cannot predict the correct length in advance. 135 * So we only check if we provided enough space for the data. 136 */ 137 if (unlikely(ar->readlen != (len - 4))) { 138 dev_warn(&ar->udev->dev, "received invalid command response:" 139 "got %d, instead of %d\n", len - 4, ar->readlen); 140 print_hex_dump_bytes("carl9170 cmd:", DUMP_PREFIX_OFFSET, 141 ar->cmd_buf, (ar->cmd.hdr.len + 4) & 0x3f); 142 print_hex_dump_bytes("carl9170 rsp:", DUMP_PREFIX_OFFSET, 143 buffer, len); 144 /* 145 * Do not complete. The command times out, 146 * and we get a stack trace from there. 147 */ 148 carl9170_restart(ar, CARL9170_RR_INVALID_RSP); 149 } 150 151 spin_lock(&ar->cmd_lock); 152 if (ar->readbuf) { 153 if (len >= 4) 154 memcpy(ar->readbuf, buffer + 4, len - 4); 155 156 ar->readbuf = NULL; 157 } 158 complete(&ar->cmd_wait); 159 spin_unlock(&ar->cmd_lock); 160 } 161 162 void carl9170_handle_command_response(struct ar9170 *ar, void *buf, u32 len) 163 { 164 struct carl9170_rsp *cmd = buf; 165 struct ieee80211_vif *vif; 166 167 if (carl9170_check_sequence(ar, cmd->hdr.seq)) 168 return; 169 170 if ((cmd->hdr.cmd & CARL9170_RSP_FLAG) != CARL9170_RSP_FLAG) { 171 if (!(cmd->hdr.cmd & CARL9170_CMD_ASYNC_FLAG)) 172 carl9170_cmd_callback(ar, len, buf); 173 174 return; 175 } 176 177 if (unlikely(cmd->hdr.len != (len - 4))) { 178 if (net_ratelimit()) { 179 wiphy_err(ar->hw->wiphy, "FW: received over-/under" 180 "sized event %x (%d, but should be %d).\n", 181 cmd->hdr.cmd, cmd->hdr.len, len - 4); 182 183 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, 184 buf, len); 185 } 186 187 return; 188 } 189 190 /* hardware event handlers */ 191 switch (cmd->hdr.cmd) { 192 case CARL9170_RSP_PRETBTT: 193 /* pre-TBTT event */ 194 rcu_read_lock(); 195 vif = carl9170_get_main_vif(ar); 196 197 if (!vif) { 198 rcu_read_unlock(); 199 break; 200 } 201 202 switch (vif->type) { 203 case NL80211_IFTYPE_STATION: 204 carl9170_handle_ps(ar, cmd); 205 break; 206 207 case NL80211_IFTYPE_AP: 208 case NL80211_IFTYPE_ADHOC: 209 case NL80211_IFTYPE_MESH_POINT: 210 carl9170_update_beacon(ar, true); 211 break; 212 213 default: 214 break; 215 } 216 rcu_read_unlock(); 217 218 break; 219 220 221 case CARL9170_RSP_TXCOMP: 222 /* TX status notification */ 223 carl9170_tx_process_status(ar, cmd); 224 break; 225 226 case CARL9170_RSP_BEACON_CONFIG: 227 /* 228 * (IBSS) beacon send notification 229 * bytes: 04 c2 XX YY B4 B3 B2 B1 230 * 231 * XX always 80 232 * YY always 00 233 * B1-B4 "should" be the number of send out beacons. 234 */ 235 break; 236 237 case CARL9170_RSP_ATIM: 238 /* End of Atim Window */ 239 break; 240 241 case CARL9170_RSP_WATCHDOG: 242 /* Watchdog Interrupt */ 243 carl9170_restart(ar, CARL9170_RR_WATCHDOG); 244 break; 245 246 case CARL9170_RSP_TEXT: 247 /* firmware debug */ 248 carl9170_dbg_message(ar, (char *)buf + 4, len - 4); 249 break; 250 251 case CARL9170_RSP_HEXDUMP: 252 wiphy_dbg(ar->hw->wiphy, "FW: HD %d\n", len - 4); 253 print_hex_dump_bytes("FW:", DUMP_PREFIX_NONE, 254 (char *)buf + 4, len - 4); 255 break; 256 257 case CARL9170_RSP_RADAR: 258 if (!net_ratelimit()) 259 break; 260 261 wiphy_info(ar->hw->wiphy, "FW: RADAR! Please report this " 262 "incident to linux-wireless@vger.kernel.org !\n"); 263 break; 264 265 case CARL9170_RSP_GPIO: 266 #ifdef CONFIG_CARL9170_WPC 267 if (ar->wps.pbc) { 268 bool state = !!(cmd->gpio.gpio & cpu_to_le32( 269 AR9170_GPIO_PORT_WPS_BUTTON_PRESSED)); 270 271 if (state != ar->wps.pbc_state) { 272 ar->wps.pbc_state = state; 273 input_report_key(ar->wps.pbc, KEY_WPS_BUTTON, 274 state); 275 input_sync(ar->wps.pbc); 276 } 277 } 278 #endif /* CONFIG_CARL9170_WPC */ 279 break; 280 281 case CARL9170_RSP_BOOT: 282 complete(&ar->fw_boot_wait); 283 break; 284 285 default: 286 wiphy_err(ar->hw->wiphy, "FW: received unhandled event %x\n", 287 cmd->hdr.cmd); 288 print_hex_dump_bytes("dump:", DUMP_PREFIX_NONE, buf, len); 289 break; 290 } 291 } 292 293 static int carl9170_rx_mac_status(struct ar9170 *ar, 294 struct ar9170_rx_head *head, struct ar9170_rx_macstatus *mac, 295 struct ieee80211_rx_status *status) 296 { 297 struct ieee80211_channel *chan; 298 u8 error, decrypt; 299 300 BUILD_BUG_ON(sizeof(struct ar9170_rx_head) != 12); 301 BUILD_BUG_ON(sizeof(struct ar9170_rx_macstatus) != 4); 302 303 error = mac->error; 304 305 if (error & AR9170_RX_ERROR_WRONG_RA) { 306 if (!ar->sniffer_enabled) 307 return -EINVAL; 308 } 309 310 if (error & AR9170_RX_ERROR_PLCP) { 311 if (!(ar->filter_state & FIF_PLCPFAIL)) 312 return -EINVAL; 313 314 status->flag |= RX_FLAG_FAILED_PLCP_CRC; 315 } 316 317 if (error & AR9170_RX_ERROR_FCS) { 318 ar->tx_fcs_errors++; 319 320 if (!(ar->filter_state & FIF_FCSFAIL)) 321 return -EINVAL; 322 323 status->flag |= RX_FLAG_FAILED_FCS_CRC; 324 } 325 326 decrypt = ar9170_get_decrypt_type(mac); 327 if (!(decrypt & AR9170_RX_ENC_SOFTWARE) && 328 decrypt != AR9170_ENC_ALG_NONE) { 329 if ((decrypt == AR9170_ENC_ALG_TKIP) && 330 (error & AR9170_RX_ERROR_MMIC)) 331 status->flag |= RX_FLAG_MMIC_ERROR; 332 333 status->flag |= RX_FLAG_DECRYPTED; 334 } 335 336 if (error & AR9170_RX_ERROR_DECRYPT && !ar->sniffer_enabled) 337 return -ENODATA; 338 339 error &= ~(AR9170_RX_ERROR_MMIC | 340 AR9170_RX_ERROR_FCS | 341 AR9170_RX_ERROR_WRONG_RA | 342 AR9170_RX_ERROR_DECRYPT | 343 AR9170_RX_ERROR_PLCP); 344 345 /* drop any other error frames */ 346 if (unlikely(error)) { 347 /* TODO: update netdevice's RX dropped/errors statistics */ 348 349 if (net_ratelimit()) 350 wiphy_dbg(ar->hw->wiphy, "received frame with " 351 "suspicious error code (%#x).\n", error); 352 353 return -EINVAL; 354 } 355 356 chan = ar->channel; 357 if (chan) { 358 status->band = chan->band; 359 status->freq = chan->center_freq; 360 } 361 362 switch (mac->status & AR9170_RX_STATUS_MODULATION) { 363 case AR9170_RX_STATUS_MODULATION_CCK: 364 if (mac->status & AR9170_RX_STATUS_SHORT_PREAMBLE) 365 status->flag |= RX_FLAG_SHORTPRE; 366 switch (head->plcp[0]) { 367 case AR9170_RX_PHY_RATE_CCK_1M: 368 status->rate_idx = 0; 369 break; 370 case AR9170_RX_PHY_RATE_CCK_2M: 371 status->rate_idx = 1; 372 break; 373 case AR9170_RX_PHY_RATE_CCK_5M: 374 status->rate_idx = 2; 375 break; 376 case AR9170_RX_PHY_RATE_CCK_11M: 377 status->rate_idx = 3; 378 break; 379 default: 380 if (net_ratelimit()) { 381 wiphy_err(ar->hw->wiphy, "invalid plcp cck " 382 "rate (%x).\n", head->plcp[0]); 383 } 384 385 return -EINVAL; 386 } 387 break; 388 389 case AR9170_RX_STATUS_MODULATION_DUPOFDM: 390 case AR9170_RX_STATUS_MODULATION_OFDM: 391 switch (head->plcp[0] & 0xf) { 392 case AR9170_TXRX_PHY_RATE_OFDM_6M: 393 status->rate_idx = 0; 394 break; 395 case AR9170_TXRX_PHY_RATE_OFDM_9M: 396 status->rate_idx = 1; 397 break; 398 case AR9170_TXRX_PHY_RATE_OFDM_12M: 399 status->rate_idx = 2; 400 break; 401 case AR9170_TXRX_PHY_RATE_OFDM_18M: 402 status->rate_idx = 3; 403 break; 404 case AR9170_TXRX_PHY_RATE_OFDM_24M: 405 status->rate_idx = 4; 406 break; 407 case AR9170_TXRX_PHY_RATE_OFDM_36M: 408 status->rate_idx = 5; 409 break; 410 case AR9170_TXRX_PHY_RATE_OFDM_48M: 411 status->rate_idx = 6; 412 break; 413 case AR9170_TXRX_PHY_RATE_OFDM_54M: 414 status->rate_idx = 7; 415 break; 416 default: 417 if (net_ratelimit()) { 418 wiphy_err(ar->hw->wiphy, "invalid plcp ofdm " 419 "rate (%x).\n", head->plcp[0]); 420 } 421 422 return -EINVAL; 423 } 424 if (status->band == IEEE80211_BAND_2GHZ) 425 status->rate_idx += 4; 426 break; 427 428 case AR9170_RX_STATUS_MODULATION_HT: 429 if (head->plcp[3] & 0x80) 430 status->flag |= RX_FLAG_40MHZ; 431 if (head->plcp[6] & 0x80) 432 status->flag |= RX_FLAG_SHORT_GI; 433 434 status->rate_idx = clamp(0, 75, head->plcp[3] & 0x7f); 435 status->flag |= RX_FLAG_HT; 436 break; 437 438 default: 439 BUG(); 440 return -ENOSYS; 441 } 442 443 return 0; 444 } 445 446 static void carl9170_rx_phy_status(struct ar9170 *ar, 447 struct ar9170_rx_phystatus *phy, struct ieee80211_rx_status *status) 448 { 449 int i; 450 451 BUILD_BUG_ON(sizeof(struct ar9170_rx_phystatus) != 20); 452 453 for (i = 0; i < 3; i++) 454 if (phy->rssi[i] != 0x80) 455 status->antenna |= BIT(i); 456 457 /* post-process RSSI */ 458 for (i = 0; i < 7; i++) 459 if (phy->rssi[i] & 0x80) 460 phy->rssi[i] = ((phy->rssi[i] & 0x7f) + 1) & 0x7f; 461 462 /* TODO: we could do something with phy_errors */ 463 status->signal = ar->noise[0] + phy->rssi_combined; 464 } 465 466 static struct sk_buff *carl9170_rx_copy_data(u8 *buf, int len) 467 { 468 struct sk_buff *skb; 469 int reserved = 0; 470 struct ieee80211_hdr *hdr = (void *) buf; 471 472 if (ieee80211_is_data_qos(hdr->frame_control)) { 473 u8 *qc = ieee80211_get_qos_ctl(hdr); 474 reserved += NET_IP_ALIGN; 475 476 if (*qc & IEEE80211_QOS_CTL_A_MSDU_PRESENT) 477 reserved += NET_IP_ALIGN; 478 } 479 480 if (ieee80211_has_a4(hdr->frame_control)) 481 reserved += NET_IP_ALIGN; 482 483 reserved = 32 + (reserved & NET_IP_ALIGN); 484 485 skb = dev_alloc_skb(len + reserved); 486 if (likely(skb)) { 487 skb_reserve(skb, reserved); 488 memcpy(skb_put(skb, len), buf, len); 489 } 490 491 return skb; 492 } 493 494 static u8 *carl9170_find_ie(u8 *data, unsigned int len, u8 ie) 495 { 496 struct ieee80211_mgmt *mgmt = (void *)data; 497 u8 *pos, *end; 498 499 pos = (u8 *)mgmt->u.beacon.variable; 500 end = data + len; 501 while (pos < end) { 502 if (pos + 2 + pos[1] > end) 503 return NULL; 504 505 if (pos[0] == ie) 506 return pos; 507 508 pos += 2 + pos[1]; 509 } 510 return NULL; 511 } 512 513 /* 514 * NOTE: 515 * 516 * The firmware is in charge of waking up the device just before 517 * the AP is expected to transmit the next beacon. 518 * 519 * This leaves the driver with the important task of deciding when 520 * to set the PHY back to bed again. 521 */ 522 static void carl9170_ps_beacon(struct ar9170 *ar, void *data, unsigned int len) 523 { 524 struct ieee80211_hdr *hdr = data; 525 struct ieee80211_tim_ie *tim_ie; 526 u8 *tim; 527 u8 tim_len; 528 bool cam; 529 530 if (likely(!(ar->hw->conf.flags & IEEE80211_CONF_PS))) 531 return; 532 533 /* check if this really is a beacon */ 534 if (!ieee80211_is_beacon(hdr->frame_control)) 535 return; 536 537 /* min. beacon length + FCS_LEN */ 538 if (len <= 40 + FCS_LEN) 539 return; 540 541 /* and only beacons from the associated BSSID, please */ 542 if (!ether_addr_equal(hdr->addr3, ar->common.curbssid) || 543 !ar->common.curaid) 544 return; 545 546 ar->ps.last_beacon = jiffies; 547 548 tim = carl9170_find_ie(data, len - FCS_LEN, WLAN_EID_TIM); 549 if (!tim) 550 return; 551 552 if (tim[1] < sizeof(*tim_ie)) 553 return; 554 555 tim_len = tim[1]; 556 tim_ie = (struct ieee80211_tim_ie *) &tim[2]; 557 558 if (!WARN_ON_ONCE(!ar->hw->conf.ps_dtim_period)) 559 ar->ps.dtim_counter = (tim_ie->dtim_count - 1) % 560 ar->hw->conf.ps_dtim_period; 561 562 /* Check whenever the PHY can be turned off again. */ 563 564 /* 1. What about buffered unicast traffic for our AID? */ 565 cam = ieee80211_check_tim(tim_ie, tim_len, ar->common.curaid); 566 567 /* 2. Maybe the AP wants to send multicast/broadcast data? */ 568 cam |= !!(tim_ie->bitmap_ctrl & 0x01); 569 570 if (!cam) { 571 /* back to low-power land. */ 572 ar->ps.off_override &= ~PS_OFF_BCN; 573 carl9170_ps_check(ar); 574 } else { 575 /* force CAM */ 576 ar->ps.off_override |= PS_OFF_BCN; 577 } 578 } 579 580 static void carl9170_ba_check(struct ar9170 *ar, void *data, unsigned int len) 581 { 582 struct ieee80211_bar *bar = (void *) data; 583 struct carl9170_bar_list_entry *entry; 584 unsigned int queue; 585 586 if (likely(!ieee80211_is_back(bar->frame_control))) 587 return; 588 589 if (len <= sizeof(*bar) + FCS_LEN) 590 return; 591 592 queue = TID_TO_WME_AC(((le16_to_cpu(bar->control) & 593 IEEE80211_BAR_CTRL_TID_INFO_MASK) >> 594 IEEE80211_BAR_CTRL_TID_INFO_SHIFT) & 7); 595 596 rcu_read_lock(); 597 list_for_each_entry_rcu(entry, &ar->bar_list[queue], list) { 598 struct sk_buff *entry_skb = entry->skb; 599 struct _carl9170_tx_superframe *super = (void *)entry_skb->data; 600 struct ieee80211_bar *entry_bar = (void *)super->frame_data; 601 602 #define TID_CHECK(a, b) ( \ 603 ((a) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK)) == \ 604 ((b) & cpu_to_le16(IEEE80211_BAR_CTRL_TID_INFO_MASK))) \ 605 606 if (bar->start_seq_num == entry_bar->start_seq_num && 607 TID_CHECK(bar->control, entry_bar->control) && 608 compare_ether_addr(bar->ra, entry_bar->ta) == 0 && 609 compare_ether_addr(bar->ta, entry_bar->ra) == 0) { 610 struct ieee80211_tx_info *tx_info; 611 612 tx_info = IEEE80211_SKB_CB(entry_skb); 613 tx_info->flags |= IEEE80211_TX_STAT_ACK; 614 615 spin_lock_bh(&ar->bar_list_lock[queue]); 616 list_del_rcu(&entry->list); 617 spin_unlock_bh(&ar->bar_list_lock[queue]); 618 kfree_rcu(entry, head); 619 break; 620 } 621 } 622 rcu_read_unlock(); 623 624 #undef TID_CHECK 625 } 626 627 static bool carl9170_ampdu_check(struct ar9170 *ar, u8 *buf, u8 ms, 628 struct ieee80211_rx_status *rx_status) 629 { 630 __le16 fc; 631 632 if ((ms & AR9170_RX_STATUS_MPDU) == AR9170_RX_STATUS_MPDU_SINGLE) { 633 /* 634 * This frame is not part of an aMPDU. 635 * Therefore it is not subjected to any 636 * of the following content restrictions. 637 */ 638 return true; 639 } 640 641 rx_status->flag |= RX_FLAG_AMPDU_DETAILS | RX_FLAG_AMPDU_LAST_KNOWN; 642 rx_status->ampdu_reference = ar->ampdu_ref; 643 644 /* 645 * "802.11n - 7.4a.3 A-MPDU contents" describes in which contexts 646 * certain frame types can be part of an aMPDU. 647 * 648 * In order to keep the processing cost down, I opted for a 649 * stateless filter solely based on the frame control field. 650 */ 651 652 fc = ((struct ieee80211_hdr *)buf)->frame_control; 653 if (ieee80211_is_data_qos(fc) && ieee80211_is_data_present(fc)) 654 return true; 655 656 if (ieee80211_is_ack(fc) || ieee80211_is_back(fc) || 657 ieee80211_is_back_req(fc)) 658 return true; 659 660 if (ieee80211_is_action(fc)) 661 return true; 662 663 return false; 664 } 665 666 /* 667 * If the frame alignment is right (or the kernel has 668 * CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS), and there 669 * is only a single MPDU in the USB frame, then we could 670 * submit to mac80211 the SKB directly. However, since 671 * there may be multiple packets in one SKB in stream 672 * mode, and we need to observe the proper ordering, 673 * this is non-trivial. 674 */ 675 676 static void carl9170_handle_mpdu(struct ar9170 *ar, u8 *buf, int len) 677 { 678 struct ar9170_rx_head *head; 679 struct ar9170_rx_macstatus *mac; 680 struct ar9170_rx_phystatus *phy = NULL; 681 struct ieee80211_rx_status status; 682 struct sk_buff *skb; 683 int mpdu_len; 684 u8 mac_status; 685 686 if (!IS_STARTED(ar)) 687 return; 688 689 if (unlikely(len < sizeof(*mac))) 690 goto drop; 691 692 memset(&status, 0, sizeof(status)); 693 694 mpdu_len = len - sizeof(*mac); 695 696 mac = (void *)(buf + mpdu_len); 697 mac_status = mac->status; 698 switch (mac_status & AR9170_RX_STATUS_MPDU) { 699 case AR9170_RX_STATUS_MPDU_FIRST: 700 ar->ampdu_ref++; 701 /* Aggregated MPDUs start with an PLCP header */ 702 if (likely(mpdu_len >= sizeof(struct ar9170_rx_head))) { 703 head = (void *) buf; 704 705 /* 706 * The PLCP header needs to be cached for the 707 * following MIDDLE + LAST A-MPDU packets. 708 * 709 * So, if you are wondering why all frames seem 710 * to share a common RX status information, 711 * then you have the answer right here... 712 */ 713 memcpy(&ar->rx_plcp, (void *) buf, 714 sizeof(struct ar9170_rx_head)); 715 716 mpdu_len -= sizeof(struct ar9170_rx_head); 717 buf += sizeof(struct ar9170_rx_head); 718 719 ar->rx_has_plcp = true; 720 } else { 721 if (net_ratelimit()) { 722 wiphy_err(ar->hw->wiphy, "plcp info " 723 "is clipped.\n"); 724 } 725 726 goto drop; 727 } 728 break; 729 730 case AR9170_RX_STATUS_MPDU_LAST: 731 status.flag |= RX_FLAG_AMPDU_IS_LAST; 732 733 /* 734 * The last frame of an A-MPDU has an extra tail 735 * which does contain the phy status of the whole 736 * aggregate. 737 */ 738 if (likely(mpdu_len >= sizeof(struct ar9170_rx_phystatus))) { 739 mpdu_len -= sizeof(struct ar9170_rx_phystatus); 740 phy = (void *)(buf + mpdu_len); 741 } else { 742 if (net_ratelimit()) { 743 wiphy_err(ar->hw->wiphy, "frame tail " 744 "is clipped.\n"); 745 } 746 747 goto drop; 748 } 749 750 case AR9170_RX_STATUS_MPDU_MIDDLE: 751 /* These are just data + mac status */ 752 if (unlikely(!ar->rx_has_plcp)) { 753 if (!net_ratelimit()) 754 return; 755 756 wiphy_err(ar->hw->wiphy, "rx stream does not start " 757 "with a first_mpdu frame tag.\n"); 758 759 goto drop; 760 } 761 762 head = &ar->rx_plcp; 763 break; 764 765 case AR9170_RX_STATUS_MPDU_SINGLE: 766 /* single mpdu has both: plcp (head) and phy status (tail) */ 767 head = (void *) buf; 768 769 mpdu_len -= sizeof(struct ar9170_rx_head); 770 mpdu_len -= sizeof(struct ar9170_rx_phystatus); 771 772 buf += sizeof(struct ar9170_rx_head); 773 phy = (void *)(buf + mpdu_len); 774 break; 775 776 default: 777 BUG_ON(1); 778 break; 779 } 780 781 /* FC + DU + RA + FCS */ 782 if (unlikely(mpdu_len < (2 + 2 + ETH_ALEN + FCS_LEN))) 783 goto drop; 784 785 if (unlikely(carl9170_rx_mac_status(ar, head, mac, &status))) 786 goto drop; 787 788 if (!carl9170_ampdu_check(ar, buf, mac_status, &status)) 789 goto drop; 790 791 if (phy) 792 carl9170_rx_phy_status(ar, phy, &status); 793 794 carl9170_ps_beacon(ar, buf, mpdu_len); 795 796 carl9170_ba_check(ar, buf, mpdu_len); 797 798 skb = carl9170_rx_copy_data(buf, mpdu_len); 799 if (!skb) 800 goto drop; 801 802 memcpy(IEEE80211_SKB_RXCB(skb), &status, sizeof(status)); 803 ieee80211_rx(ar->hw, skb); 804 return; 805 806 drop: 807 ar->rx_dropped++; 808 } 809 810 static void carl9170_rx_untie_cmds(struct ar9170 *ar, const u8 *respbuf, 811 const unsigned int resplen) 812 { 813 struct carl9170_rsp *cmd; 814 int i = 0; 815 816 while (i < resplen) { 817 cmd = (void *) &respbuf[i]; 818 819 i += cmd->hdr.len + 4; 820 if (unlikely(i > resplen)) 821 break; 822 823 carl9170_handle_command_response(ar, cmd, cmd->hdr.len + 4); 824 } 825 826 if (unlikely(i != resplen)) { 827 if (!net_ratelimit()) 828 return; 829 830 wiphy_err(ar->hw->wiphy, "malformed firmware trap:\n"); 831 print_hex_dump_bytes("rxcmd:", DUMP_PREFIX_OFFSET, 832 respbuf, resplen); 833 } 834 } 835 836 static void __carl9170_rx(struct ar9170 *ar, u8 *buf, unsigned int len) 837 { 838 unsigned int i = 0; 839 840 /* weird thing, but this is the same in the original driver */ 841 while (len > 2 && i < 12 && buf[0] == 0xff && buf[1] == 0xff) { 842 i += 2; 843 len -= 2; 844 buf += 2; 845 } 846 847 if (unlikely(len < 4)) 848 return; 849 850 /* found the 6 * 0xffff marker? */ 851 if (i == 12) 852 carl9170_rx_untie_cmds(ar, buf, len); 853 else 854 carl9170_handle_mpdu(ar, buf, len); 855 } 856 857 static void carl9170_rx_stream(struct ar9170 *ar, void *buf, unsigned int len) 858 { 859 unsigned int tlen, wlen = 0, clen = 0; 860 struct ar9170_stream *rx_stream; 861 u8 *tbuf; 862 863 tbuf = buf; 864 tlen = len; 865 866 while (tlen >= 4) { 867 rx_stream = (void *) tbuf; 868 clen = le16_to_cpu(rx_stream->length); 869 wlen = ALIGN(clen, 4); 870 871 /* check if this is stream has a valid tag.*/ 872 if (rx_stream->tag != cpu_to_le16(AR9170_RX_STREAM_TAG)) { 873 /* 874 * TODO: handle the highly unlikely event that the 875 * corrupted stream has the TAG at the right position. 876 */ 877 878 /* check if the frame can be repaired. */ 879 if (!ar->rx_failover_missing) { 880 881 /* this is not "short read". */ 882 if (net_ratelimit()) { 883 wiphy_err(ar->hw->wiphy, 884 "missing tag!\n"); 885 } 886 887 __carl9170_rx(ar, tbuf, tlen); 888 return; 889 } 890 891 if (ar->rx_failover_missing > tlen) { 892 if (net_ratelimit()) { 893 wiphy_err(ar->hw->wiphy, 894 "possible multi " 895 "stream corruption!\n"); 896 goto err_telluser; 897 } else { 898 goto err_silent; 899 } 900 } 901 902 memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); 903 ar->rx_failover_missing -= tlen; 904 905 if (ar->rx_failover_missing <= 0) { 906 /* 907 * nested carl9170_rx_stream call! 908 * 909 * termination is guaranteed, even when the 910 * combined frame also have an element with 911 * a bad tag. 912 */ 913 914 ar->rx_failover_missing = 0; 915 carl9170_rx_stream(ar, ar->rx_failover->data, 916 ar->rx_failover->len); 917 918 skb_reset_tail_pointer(ar->rx_failover); 919 skb_trim(ar->rx_failover, 0); 920 } 921 922 return; 923 } 924 925 /* check if stream is clipped */ 926 if (wlen > tlen - 4) { 927 if (ar->rx_failover_missing) { 928 /* TODO: handle double stream corruption. */ 929 if (net_ratelimit()) { 930 wiphy_err(ar->hw->wiphy, "double rx " 931 "stream corruption!\n"); 932 goto err_telluser; 933 } else { 934 goto err_silent; 935 } 936 } 937 938 /* 939 * save incomplete data set. 940 * the firmware will resend the missing bits when 941 * the rx - descriptor comes round again. 942 */ 943 944 memcpy(skb_put(ar->rx_failover, tlen), tbuf, tlen); 945 ar->rx_failover_missing = clen - tlen; 946 return; 947 } 948 __carl9170_rx(ar, rx_stream->payload, clen); 949 950 tbuf += wlen + 4; 951 tlen -= wlen + 4; 952 } 953 954 if (tlen) { 955 if (net_ratelimit()) { 956 wiphy_err(ar->hw->wiphy, "%d bytes of unprocessed " 957 "data left in rx stream!\n", tlen); 958 } 959 960 goto err_telluser; 961 } 962 963 return; 964 965 err_telluser: 966 wiphy_err(ar->hw->wiphy, "damaged RX stream data [want:%d, " 967 "data:%d, rx:%d, pending:%d ]\n", clen, wlen, tlen, 968 ar->rx_failover_missing); 969 970 if (ar->rx_failover_missing) 971 print_hex_dump_bytes("rxbuf:", DUMP_PREFIX_OFFSET, 972 ar->rx_failover->data, 973 ar->rx_failover->len); 974 975 print_hex_dump_bytes("stream:", DUMP_PREFIX_OFFSET, 976 buf, len); 977 978 wiphy_err(ar->hw->wiphy, "please check your hardware and cables, if " 979 "you see this message frequently.\n"); 980 981 err_silent: 982 if (ar->rx_failover_missing) { 983 skb_reset_tail_pointer(ar->rx_failover); 984 skb_trim(ar->rx_failover, 0); 985 ar->rx_failover_missing = 0; 986 } 987 } 988 989 void carl9170_rx(struct ar9170 *ar, void *buf, unsigned int len) 990 { 991 if (ar->fw.rx_stream) 992 carl9170_rx_stream(ar, buf, len); 993 else 994 __carl9170_rx(ar, buf, len); 995 } 996