1 /****************************************************************************** 2 * 3 * This file is provided under a dual BSD/GPLv2 license. When using or 4 * redistributing this file, you may do so under either license. 5 * 6 * GPL LICENSE SUMMARY 7 * 8 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 9 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of version 2 of the GNU General Public License as 13 * published by the Free Software Foundation. 14 * 15 * This program is distributed in the hope that it will be useful, but 16 * WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 * General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; if not, write to the Free Software 22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 23 * USA 24 * 25 * The full GNU General Public License is included in this distribution 26 * in the file called COPYING. 27 * 28 * Contact Information: 29 * Intel Linux Wireless <linuxwifi@intel.com> 30 * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 31 * 32 * BSD LICENSE 33 * 34 * Copyright(c) 2012 - 2014 Intel Corporation. All rights reserved. 35 * Copyright(c) 2013 - 2015 Intel Mobile Communications GmbH 36 * All rights reserved. 37 * 38 * Redistribution and use in source and binary forms, with or without 39 * modification, are permitted provided that the following conditions 40 * are met: 41 * 42 * * Redistributions of source code must retain the above copyright 43 * notice, this list of conditions and the following disclaimer. 44 * * Redistributions in binary form must reproduce the above copyright 45 * notice, this list of conditions and the following disclaimer in 46 * the documentation and/or other materials provided with the 47 * distribution. 48 * * Neither the name Intel Corporation nor the names of its 49 * contributors may be used to endorse or promote products derived 50 * from this software without specific prior written permission. 51 * 52 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 53 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 54 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 55 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 56 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 57 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 58 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 59 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 60 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 61 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 62 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 63 * 64 *****************************************************************************/ 65 #include <linux/ieee80211.h> 66 #include <linux/etherdevice.h> 67 #include <linux/tcp.h> 68 69 #include "iwl-trans.h" 70 #include "iwl-eeprom-parse.h" 71 #include "mvm.h" 72 #include "sta.h" 73 #include "fw-dbg.h" 74 75 static void 76 iwl_mvm_bar_check_trigger(struct iwl_mvm *mvm, const u8 *addr, 77 u16 tid, u16 ssn) 78 { 79 struct iwl_fw_dbg_trigger_tlv *trig; 80 struct iwl_fw_dbg_trigger_ba *ba_trig; 81 82 if (!iwl_fw_dbg_trigger_enabled(mvm->fw, FW_DBG_TRIGGER_BA)) 83 return; 84 85 trig = iwl_fw_dbg_get_trigger(mvm->fw, FW_DBG_TRIGGER_BA); 86 ba_trig = (void *)trig->data; 87 88 if (!iwl_fw_dbg_trigger_check_stop(mvm, NULL, trig)) 89 return; 90 91 if (!(le16_to_cpu(ba_trig->tx_bar) & BIT(tid))) 92 return; 93 94 iwl_mvm_fw_dbg_collect_trig(mvm, trig, 95 "BAR sent to %pM, tid %d, ssn %d", 96 addr, tid, ssn); 97 } 98 99 /* 100 * Sets most of the Tx cmd's fields 101 */ 102 void iwl_mvm_set_tx_cmd(struct iwl_mvm *mvm, struct sk_buff *skb, 103 struct iwl_tx_cmd *tx_cmd, 104 struct ieee80211_tx_info *info, u8 sta_id) 105 { 106 struct ieee80211_hdr *hdr = (void *)skb->data; 107 __le16 fc = hdr->frame_control; 108 u32 tx_flags = le32_to_cpu(tx_cmd->tx_flags); 109 u32 len = skb->len + FCS_LEN; 110 u8 ac; 111 112 if (!(info->flags & IEEE80211_TX_CTL_NO_ACK)) 113 tx_flags |= TX_CMD_FLG_ACK; 114 else 115 tx_flags &= ~TX_CMD_FLG_ACK; 116 117 if (ieee80211_is_probe_resp(fc)) 118 tx_flags |= TX_CMD_FLG_TSF; 119 120 if (ieee80211_has_morefrags(fc)) 121 tx_flags |= TX_CMD_FLG_MORE_FRAG; 122 123 if (ieee80211_is_data_qos(fc)) { 124 u8 *qc = ieee80211_get_qos_ctl(hdr); 125 tx_cmd->tid_tspec = qc[0] & 0xf; 126 tx_flags &= ~TX_CMD_FLG_SEQ_CTL; 127 } else if (ieee80211_is_back_req(fc)) { 128 struct ieee80211_bar *bar = (void *)skb->data; 129 u16 control = le16_to_cpu(bar->control); 130 u16 ssn = le16_to_cpu(bar->start_seq_num); 131 132 tx_flags |= TX_CMD_FLG_ACK | TX_CMD_FLG_BAR; 133 tx_cmd->tid_tspec = (control & 134 IEEE80211_BAR_CTRL_TID_INFO_MASK) >> 135 IEEE80211_BAR_CTRL_TID_INFO_SHIFT; 136 WARN_ON_ONCE(tx_cmd->tid_tspec >= IWL_MAX_TID_COUNT); 137 iwl_mvm_bar_check_trigger(mvm, bar->ra, tx_cmd->tid_tspec, 138 ssn); 139 } else { 140 tx_cmd->tid_tspec = IWL_TID_NON_QOS; 141 if (info->flags & IEEE80211_TX_CTL_ASSIGN_SEQ) 142 tx_flags |= TX_CMD_FLG_SEQ_CTL; 143 else 144 tx_flags &= ~TX_CMD_FLG_SEQ_CTL; 145 } 146 147 /* Default to 0 (BE) when tid_spec is set to IWL_TID_NON_QOS */ 148 if (tx_cmd->tid_tspec < IWL_MAX_TID_COUNT) 149 ac = tid_to_mac80211_ac[tx_cmd->tid_tspec]; 150 else 151 ac = tid_to_mac80211_ac[0]; 152 153 tx_flags |= iwl_mvm_bt_coex_tx_prio(mvm, hdr, info, ac) << 154 TX_CMD_FLG_BT_PRIO_POS; 155 156 if (ieee80211_is_mgmt(fc)) { 157 if (ieee80211_is_assoc_req(fc) || ieee80211_is_reassoc_req(fc)) 158 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_ASSOC); 159 else if (ieee80211_is_action(fc)) 160 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE); 161 else 162 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT); 163 164 /* The spec allows Action frames in A-MPDU, we don't support 165 * it 166 */ 167 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU); 168 } else if (info->control.flags & IEEE80211_TX_CTRL_PORT_CTRL_PROTO) { 169 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_MGMT); 170 } else { 171 tx_cmd->pm_frame_timeout = cpu_to_le16(PM_FRAME_NONE); 172 } 173 174 if (ieee80211_is_data(fc) && len > mvm->rts_threshold && 175 !is_multicast_ether_addr(ieee80211_get_DA(hdr))) 176 tx_flags |= TX_CMD_FLG_PROT_REQUIRE; 177 178 if (fw_has_capa(&mvm->fw->ucode_capa, 179 IWL_UCODE_TLV_CAPA_TXPOWER_INSERTION_SUPPORT) && 180 ieee80211_action_contains_tpc(skb)) 181 tx_flags |= TX_CMD_FLG_WRITE_TX_POWER; 182 183 tx_cmd->tx_flags = cpu_to_le32(tx_flags); 184 /* Total # bytes to be transmitted */ 185 tx_cmd->len = cpu_to_le16((u16)skb->len); 186 tx_cmd->next_frame_len = 0; 187 tx_cmd->life_time = cpu_to_le32(TX_CMD_LIFE_TIME_INFINITE); 188 tx_cmd->sta_id = sta_id; 189 } 190 191 /* 192 * Sets the fields in the Tx cmd that are rate related 193 */ 194 void iwl_mvm_set_tx_cmd_rate(struct iwl_mvm *mvm, struct iwl_tx_cmd *tx_cmd, 195 struct ieee80211_tx_info *info, 196 struct ieee80211_sta *sta, __le16 fc) 197 { 198 u32 rate_flags; 199 int rate_idx; 200 u8 rate_plcp; 201 202 /* Set retry limit on RTS packets */ 203 tx_cmd->rts_retry_limit = IWL_RTS_DFAULT_RETRY_LIMIT; 204 205 /* Set retry limit on DATA packets and Probe Responses*/ 206 if (ieee80211_is_probe_resp(fc)) { 207 tx_cmd->data_retry_limit = IWL_MGMT_DFAULT_RETRY_LIMIT; 208 tx_cmd->rts_retry_limit = 209 min(tx_cmd->data_retry_limit, tx_cmd->rts_retry_limit); 210 } else if (ieee80211_is_back_req(fc)) { 211 tx_cmd->data_retry_limit = IWL_BAR_DFAULT_RETRY_LIMIT; 212 } else { 213 tx_cmd->data_retry_limit = IWL_DEFAULT_TX_RETRY; 214 } 215 216 /* 217 * for data packets, rate info comes from the table inside the fw. This 218 * table is controlled by LINK_QUALITY commands 219 */ 220 221 if (ieee80211_is_data(fc) && sta) { 222 tx_cmd->initial_rate_index = 0; 223 tx_cmd->tx_flags |= cpu_to_le32(TX_CMD_FLG_STA_RATE); 224 return; 225 } else if (ieee80211_is_back_req(fc)) { 226 tx_cmd->tx_flags |= 227 cpu_to_le32(TX_CMD_FLG_ACK | TX_CMD_FLG_BAR); 228 } 229 230 /* HT rate doesn't make sense for a non data frame */ 231 WARN_ONCE(info->control.rates[0].flags & IEEE80211_TX_RC_MCS, 232 "Got an HT rate (flags:0x%x/mcs:%d) for a non data frame (fc:0x%x)\n", 233 info->control.rates[0].flags, 234 info->control.rates[0].idx, 235 le16_to_cpu(fc)); 236 237 rate_idx = info->control.rates[0].idx; 238 /* if the rate isn't a well known legacy rate, take the lowest one */ 239 if (rate_idx < 0 || rate_idx > IWL_RATE_COUNT_LEGACY) 240 rate_idx = rate_lowest_index( 241 &mvm->nvm_data->bands[info->band], sta); 242 243 /* For 5 GHZ band, remap mac80211 rate indices into driver indices */ 244 if (info->band == IEEE80211_BAND_5GHZ) 245 rate_idx += IWL_FIRST_OFDM_RATE; 246 247 /* For 2.4 GHZ band, check that there is no need to remap */ 248 BUILD_BUG_ON(IWL_FIRST_CCK_RATE != 0); 249 250 /* Get PLCP rate for tx_cmd->rate_n_flags */ 251 rate_plcp = iwl_mvm_mac80211_idx_to_hwrate(rate_idx); 252 253 mvm->mgmt_last_antenna_idx = 254 iwl_mvm_next_antenna(mvm, iwl_mvm_get_valid_tx_ant(mvm), 255 mvm->mgmt_last_antenna_idx); 256 257 if (info->band == IEEE80211_BAND_2GHZ && 258 !iwl_mvm_bt_coex_is_shared_ant_avail(mvm)) 259 rate_flags = mvm->cfg->non_shared_ant << RATE_MCS_ANT_POS; 260 else 261 rate_flags = 262 BIT(mvm->mgmt_last_antenna_idx) << RATE_MCS_ANT_POS; 263 264 /* Set CCK flag as needed */ 265 if ((rate_idx >= IWL_FIRST_CCK_RATE) && (rate_idx <= IWL_LAST_CCK_RATE)) 266 rate_flags |= RATE_MCS_CCK_MSK; 267 268 /* Set the rate in the TX cmd */ 269 tx_cmd->rate_n_flags = cpu_to_le32((u32)rate_plcp | rate_flags); 270 } 271 272 /* 273 * Sets the fields in the Tx cmd that are crypto related 274 */ 275 static void iwl_mvm_set_tx_cmd_crypto(struct iwl_mvm *mvm, 276 struct ieee80211_tx_info *info, 277 struct iwl_tx_cmd *tx_cmd, 278 struct sk_buff *skb_frag, 279 int hdrlen) 280 { 281 struct ieee80211_key_conf *keyconf = info->control.hw_key; 282 u8 *crypto_hdr = skb_frag->data + hdrlen; 283 u64 pn; 284 285 switch (keyconf->cipher) { 286 case WLAN_CIPHER_SUITE_CCMP: 287 case WLAN_CIPHER_SUITE_CCMP_256: 288 iwl_mvm_set_tx_cmd_ccmp(info, tx_cmd); 289 pn = atomic64_inc_return(&keyconf->tx_pn); 290 crypto_hdr[0] = pn; 291 crypto_hdr[2] = 0; 292 crypto_hdr[3] = 0x20 | (keyconf->keyidx << 6); 293 crypto_hdr[1] = pn >> 8; 294 crypto_hdr[4] = pn >> 16; 295 crypto_hdr[5] = pn >> 24; 296 crypto_hdr[6] = pn >> 32; 297 crypto_hdr[7] = pn >> 40; 298 break; 299 300 case WLAN_CIPHER_SUITE_TKIP: 301 tx_cmd->sec_ctl = TX_CMD_SEC_TKIP; 302 ieee80211_get_tkip_p2k(keyconf, skb_frag, tx_cmd->key); 303 break; 304 305 case WLAN_CIPHER_SUITE_WEP104: 306 tx_cmd->sec_ctl |= TX_CMD_SEC_KEY128; 307 /* fall through */ 308 case WLAN_CIPHER_SUITE_WEP40: 309 tx_cmd->sec_ctl |= TX_CMD_SEC_WEP | 310 ((keyconf->keyidx << TX_CMD_SEC_WEP_KEY_IDX_POS) & 311 TX_CMD_SEC_WEP_KEY_IDX_MSK); 312 313 memcpy(&tx_cmd->key[3], keyconf->key, keyconf->keylen); 314 break; 315 default: 316 tx_cmd->sec_ctl |= TX_CMD_SEC_EXT; 317 } 318 } 319 320 /* 321 * Allocates and sets the Tx cmd the driver data pointers in the skb 322 */ 323 static struct iwl_device_cmd * 324 iwl_mvm_set_tx_params(struct iwl_mvm *mvm, struct sk_buff *skb, 325 int hdrlen, struct ieee80211_sta *sta, u8 sta_id) 326 { 327 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 328 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 329 struct iwl_device_cmd *dev_cmd; 330 struct iwl_tx_cmd *tx_cmd; 331 332 dev_cmd = iwl_trans_alloc_tx_cmd(mvm->trans); 333 334 if (unlikely(!dev_cmd)) 335 return NULL; 336 337 memset(dev_cmd, 0, sizeof(*dev_cmd)); 338 dev_cmd->hdr.cmd = TX_CMD; 339 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 340 341 if (info->control.hw_key) 342 iwl_mvm_set_tx_cmd_crypto(mvm, info, tx_cmd, skb, hdrlen); 343 344 iwl_mvm_set_tx_cmd(mvm, skb, tx_cmd, info, sta_id); 345 346 iwl_mvm_set_tx_cmd_rate(mvm, tx_cmd, info, sta, hdr->frame_control); 347 348 memset(&info->status, 0, sizeof(info->status)); 349 memset(info->driver_data, 0, sizeof(info->driver_data)); 350 351 info->driver_data[1] = dev_cmd; 352 353 return dev_cmd; 354 } 355 356 int iwl_mvm_tx_skb_non_sta(struct iwl_mvm *mvm, struct sk_buff *skb) 357 { 358 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 359 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 360 struct iwl_device_cmd *dev_cmd; 361 struct iwl_tx_cmd *tx_cmd; 362 u8 sta_id; 363 int hdrlen = ieee80211_hdrlen(hdr->frame_control); 364 365 if (WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_AMPDU)) 366 return -1; 367 368 if (WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM && 369 (!info->control.vif || 370 info->hw_queue != info->control.vif->cab_queue))) 371 return -1; 372 373 /* 374 * IWL_MVM_OFFCHANNEL_QUEUE is used for ROC packets that can be used 375 * in 2 different types of vifs, P2P & STATION. P2P uses the offchannel 376 * queue. STATION (HS2.0) uses the auxiliary context of the FW, 377 * and hence needs to be sent on the aux queue 378 */ 379 if (IEEE80211_SKB_CB(skb)->hw_queue == IWL_MVM_OFFCHANNEL_QUEUE && 380 info->control.vif->type == NL80211_IFTYPE_STATION) 381 IEEE80211_SKB_CB(skb)->hw_queue = mvm->aux_queue; 382 383 /* 384 * If the interface on which the frame is sent is the P2P_DEVICE 385 * or an AP/GO interface use the broadcast station associated 386 * with it; otherwise if the interface is a managed interface 387 * use the AP station associated with it for multicast traffic 388 * (this is not possible for unicast packets as a TLDS discovery 389 * response are sent without a station entry); otherwise use the 390 * AUX station. 391 */ 392 sta_id = mvm->aux_sta.sta_id; 393 if (info->control.vif) { 394 struct iwl_mvm_vif *mvmvif = 395 iwl_mvm_vif_from_mac80211(info->control.vif); 396 397 if (info->control.vif->type == NL80211_IFTYPE_P2P_DEVICE || 398 info->control.vif->type == NL80211_IFTYPE_AP) 399 sta_id = mvmvif->bcast_sta.sta_id; 400 else if (info->control.vif->type == NL80211_IFTYPE_STATION && 401 is_multicast_ether_addr(hdr->addr1)) { 402 u8 ap_sta_id = ACCESS_ONCE(mvmvif->ap_sta_id); 403 404 if (ap_sta_id != IWL_MVM_STATION_COUNT) 405 sta_id = ap_sta_id; 406 } 407 } 408 409 IWL_DEBUG_TX(mvm, "station Id %d, queue=%d\n", sta_id, info->hw_queue); 410 411 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, hdrlen, NULL, sta_id); 412 if (!dev_cmd) 413 return -1; 414 415 /* From now on, we cannot access info->control */ 416 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 417 418 /* Copy MAC header from skb into command buffer */ 419 memcpy(tx_cmd->hdr, hdr, hdrlen); 420 421 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, info->hw_queue)) { 422 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); 423 return -1; 424 } 425 426 return 0; 427 } 428 429 static int iwl_mvm_tx_tso(struct iwl_mvm *mvm, struct sk_buff *skb_gso, 430 struct ieee80211_sta *sta, 431 struct sk_buff_head *mpdus_skb) 432 { 433 struct sk_buff *tmp, *next; 434 char cb[sizeof(skb_gso->cb)]; 435 436 memcpy(cb, skb_gso->cb, sizeof(cb)); 437 next = skb_gso_segment(skb_gso, 0); 438 if (IS_ERR(next)) 439 return -EINVAL; 440 else if (next) 441 consume_skb(skb_gso); 442 443 while (next) { 444 tmp = next; 445 next = tmp->next; 446 memcpy(tmp->cb, cb, sizeof(tmp->cb)); 447 448 tmp->prev = NULL; 449 tmp->next = NULL; 450 451 __skb_queue_tail(mpdus_skb, tmp); 452 } 453 454 return 0; 455 } 456 457 /* 458 * Sets the fields in the Tx cmd that are crypto related 459 */ 460 static int iwl_mvm_tx_mpdu(struct iwl_mvm *mvm, struct sk_buff *skb, 461 struct ieee80211_sta *sta) 462 { 463 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 464 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 465 struct iwl_mvm_sta *mvmsta; 466 struct iwl_device_cmd *dev_cmd; 467 struct iwl_tx_cmd *tx_cmd; 468 __le16 fc; 469 u16 seq_number = 0; 470 u8 tid = IWL_MAX_TID_COUNT; 471 u8 txq_id = info->hw_queue; 472 bool is_data_qos = false, is_ampdu = false; 473 int hdrlen; 474 475 mvmsta = iwl_mvm_sta_from_mac80211(sta); 476 fc = hdr->frame_control; 477 hdrlen = ieee80211_hdrlen(fc); 478 479 if (WARN_ON_ONCE(!mvmsta)) 480 return -1; 481 482 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_STATION_COUNT)) 483 return -1; 484 485 dev_cmd = iwl_mvm_set_tx_params(mvm, skb, hdrlen, sta, mvmsta->sta_id); 486 if (!dev_cmd) 487 goto drop; 488 489 tx_cmd = (struct iwl_tx_cmd *)dev_cmd->payload; 490 /* From now on, we cannot access info->control */ 491 492 /* 493 * we handle that entirely ourselves -- for uAPSD the firmware 494 * will always send a notification, and for PS-Poll responses 495 * we'll notify mac80211 when getting frame status 496 */ 497 info->flags &= ~IEEE80211_TX_STATUS_EOSP; 498 499 spin_lock(&mvmsta->lock); 500 501 if (ieee80211_is_data_qos(fc) && !ieee80211_is_qos_nullfunc(fc)) { 502 u8 *qc = NULL; 503 qc = ieee80211_get_qos_ctl(hdr); 504 tid = qc[0] & IEEE80211_QOS_CTL_TID_MASK; 505 if (WARN_ON_ONCE(tid >= IWL_MAX_TID_COUNT)) 506 goto drop_unlock_sta; 507 508 seq_number = mvmsta->tid_data[tid].seq_number; 509 seq_number &= IEEE80211_SCTL_SEQ; 510 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); 511 hdr->seq_ctrl |= cpu_to_le16(seq_number); 512 is_data_qos = true; 513 is_ampdu = info->flags & IEEE80211_TX_CTL_AMPDU; 514 } 515 516 /* Copy MAC header from skb into command buffer */ 517 memcpy(tx_cmd->hdr, hdr, hdrlen); 518 519 WARN_ON_ONCE(info->flags & IEEE80211_TX_CTL_SEND_AFTER_DTIM); 520 521 if (sta->tdls) { 522 /* default to TID 0 for non-QoS packets */ 523 u8 tdls_tid = tid == IWL_MAX_TID_COUNT ? 0 : tid; 524 525 txq_id = mvmsta->hw_queue[tid_to_mac80211_ac[tdls_tid]]; 526 } 527 528 if (is_ampdu) { 529 if (WARN_ON_ONCE(mvmsta->tid_data[tid].state != IWL_AGG_ON)) 530 goto drop_unlock_sta; 531 txq_id = mvmsta->tid_data[tid].txq_id; 532 } 533 534 IWL_DEBUG_TX(mvm, "TX to [%d|%d] Q:%d - seq: 0x%x\n", mvmsta->sta_id, 535 tid, txq_id, IEEE80211_SEQ_TO_SN(seq_number)); 536 537 if (iwl_trans_tx(mvm->trans, skb, dev_cmd, txq_id)) 538 goto drop_unlock_sta; 539 540 if (is_data_qos && !ieee80211_has_morefrags(fc)) 541 mvmsta->tid_data[tid].seq_number = seq_number + 0x10; 542 543 spin_unlock(&mvmsta->lock); 544 545 if (txq_id < mvm->first_agg_queue) 546 atomic_inc(&mvm->pending_frames[mvmsta->sta_id]); 547 548 return 0; 549 550 drop_unlock_sta: 551 iwl_trans_free_tx_cmd(mvm->trans, dev_cmd); 552 spin_unlock(&mvmsta->lock); 553 drop: 554 return -1; 555 } 556 557 int iwl_mvm_tx_skb(struct iwl_mvm *mvm, struct sk_buff *skb, 558 struct ieee80211_sta *sta) 559 { 560 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 561 struct sk_buff_head mpdus_skbs; 562 unsigned int payload_len; 563 int ret; 564 565 if (WARN_ON_ONCE(!mvmsta)) 566 return -1; 567 568 if (WARN_ON_ONCE(mvmsta->sta_id == IWL_MVM_STATION_COUNT)) 569 return -1; 570 571 if (!skb_is_gso(skb)) 572 return iwl_mvm_tx_mpdu(mvm, skb, sta); 573 574 payload_len = skb_tail_pointer(skb) - skb_transport_header(skb) - 575 tcp_hdrlen(skb) + skb->data_len; 576 577 if (payload_len <= skb_shinfo(skb)->gso_size) 578 return iwl_mvm_tx_mpdu(mvm, skb, sta); 579 580 __skb_queue_head_init(&mpdus_skbs); 581 582 ret = iwl_mvm_tx_tso(mvm, skb, sta, &mpdus_skbs); 583 if (ret) 584 return ret; 585 586 if (WARN_ON(skb_queue_empty(&mpdus_skbs))) 587 return ret; 588 589 while (!skb_queue_empty(&mpdus_skbs)) { 590 struct sk_buff *skb = __skb_dequeue(&mpdus_skbs); 591 592 ret = iwl_mvm_tx_mpdu(mvm, skb, sta); 593 if (ret) { 594 __skb_queue_purge(&mpdus_skbs); 595 return ret; 596 } 597 } 598 599 return 0; 600 } 601 602 static void iwl_mvm_check_ratid_empty(struct iwl_mvm *mvm, 603 struct ieee80211_sta *sta, u8 tid) 604 { 605 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 606 struct iwl_mvm_tid_data *tid_data = &mvmsta->tid_data[tid]; 607 struct ieee80211_vif *vif = mvmsta->vif; 608 609 lockdep_assert_held(&mvmsta->lock); 610 611 if ((tid_data->state == IWL_AGG_ON || 612 tid_data->state == IWL_EMPTYING_HW_QUEUE_DELBA) && 613 iwl_mvm_tid_queued(tid_data) == 0) { 614 /* 615 * Now that this aggregation queue is empty tell mac80211 so it 616 * knows we no longer have frames buffered for the station on 617 * this TID (for the TIM bitmap calculation.) 618 */ 619 ieee80211_sta_set_buffered(sta, tid, false); 620 } 621 622 if (tid_data->ssn != tid_data->next_reclaimed) 623 return; 624 625 switch (tid_data->state) { 626 case IWL_EMPTYING_HW_QUEUE_ADDBA: 627 IWL_DEBUG_TX_QUEUES(mvm, 628 "Can continue addBA flow ssn = next_recl = %d\n", 629 tid_data->next_reclaimed); 630 tid_data->state = IWL_AGG_STARTING; 631 ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid); 632 break; 633 634 case IWL_EMPTYING_HW_QUEUE_DELBA: 635 IWL_DEBUG_TX_QUEUES(mvm, 636 "Can continue DELBA flow ssn = next_recl = %d\n", 637 tid_data->next_reclaimed); 638 iwl_mvm_disable_txq(mvm, tid_data->txq_id, 639 vif->hw_queue[tid_to_mac80211_ac[tid]], tid, 640 CMD_ASYNC); 641 tid_data->state = IWL_AGG_OFF; 642 ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid); 643 break; 644 645 default: 646 break; 647 } 648 } 649 650 #ifdef CONFIG_IWLWIFI_DEBUG 651 const char *iwl_mvm_get_tx_fail_reason(u32 status) 652 { 653 #define TX_STATUS_FAIL(x) case TX_STATUS_FAIL_ ## x: return #x 654 #define TX_STATUS_POSTPONE(x) case TX_STATUS_POSTPONE_ ## x: return #x 655 656 switch (status & TX_STATUS_MSK) { 657 case TX_STATUS_SUCCESS: 658 return "SUCCESS"; 659 TX_STATUS_POSTPONE(DELAY); 660 TX_STATUS_POSTPONE(FEW_BYTES); 661 TX_STATUS_POSTPONE(BT_PRIO); 662 TX_STATUS_POSTPONE(QUIET_PERIOD); 663 TX_STATUS_POSTPONE(CALC_TTAK); 664 TX_STATUS_FAIL(INTERNAL_CROSSED_RETRY); 665 TX_STATUS_FAIL(SHORT_LIMIT); 666 TX_STATUS_FAIL(LONG_LIMIT); 667 TX_STATUS_FAIL(UNDERRUN); 668 TX_STATUS_FAIL(DRAIN_FLOW); 669 TX_STATUS_FAIL(RFKILL_FLUSH); 670 TX_STATUS_FAIL(LIFE_EXPIRE); 671 TX_STATUS_FAIL(DEST_PS); 672 TX_STATUS_FAIL(HOST_ABORTED); 673 TX_STATUS_FAIL(BT_RETRY); 674 TX_STATUS_FAIL(STA_INVALID); 675 TX_STATUS_FAIL(FRAG_DROPPED); 676 TX_STATUS_FAIL(TID_DISABLE); 677 TX_STATUS_FAIL(FIFO_FLUSHED); 678 TX_STATUS_FAIL(SMALL_CF_POLL); 679 TX_STATUS_FAIL(FW_DROP); 680 TX_STATUS_FAIL(STA_COLOR_MISMATCH); 681 } 682 683 return "UNKNOWN"; 684 685 #undef TX_STATUS_FAIL 686 #undef TX_STATUS_POSTPONE 687 } 688 #endif /* CONFIG_IWLWIFI_DEBUG */ 689 690 void iwl_mvm_hwrate_to_tx_rate(u32 rate_n_flags, 691 enum ieee80211_band band, 692 struct ieee80211_tx_rate *r) 693 { 694 if (rate_n_flags & RATE_HT_MCS_GF_MSK) 695 r->flags |= IEEE80211_TX_RC_GREEN_FIELD; 696 switch (rate_n_flags & RATE_MCS_CHAN_WIDTH_MSK) { 697 case RATE_MCS_CHAN_WIDTH_20: 698 break; 699 case RATE_MCS_CHAN_WIDTH_40: 700 r->flags |= IEEE80211_TX_RC_40_MHZ_WIDTH; 701 break; 702 case RATE_MCS_CHAN_WIDTH_80: 703 r->flags |= IEEE80211_TX_RC_80_MHZ_WIDTH; 704 break; 705 case RATE_MCS_CHAN_WIDTH_160: 706 r->flags |= IEEE80211_TX_RC_160_MHZ_WIDTH; 707 break; 708 } 709 if (rate_n_flags & RATE_MCS_SGI_MSK) 710 r->flags |= IEEE80211_TX_RC_SHORT_GI; 711 if (rate_n_flags & RATE_MCS_HT_MSK) { 712 r->flags |= IEEE80211_TX_RC_MCS; 713 r->idx = rate_n_flags & RATE_HT_MCS_INDEX_MSK; 714 } else if (rate_n_flags & RATE_MCS_VHT_MSK) { 715 ieee80211_rate_set_vht( 716 r, rate_n_flags & RATE_VHT_MCS_RATE_CODE_MSK, 717 ((rate_n_flags & RATE_VHT_MCS_NSS_MSK) >> 718 RATE_VHT_MCS_NSS_POS) + 1); 719 r->flags |= IEEE80211_TX_RC_VHT_MCS; 720 } else { 721 r->idx = iwl_mvm_legacy_rate_to_mac80211_idx(rate_n_flags, 722 band); 723 } 724 } 725 726 /** 727 * translate ucode response to mac80211 tx status control values 728 */ 729 static void iwl_mvm_hwrate_to_tx_status(u32 rate_n_flags, 730 struct ieee80211_tx_info *info) 731 { 732 struct ieee80211_tx_rate *r = &info->status.rates[0]; 733 734 info->status.antenna = 735 ((rate_n_flags & RATE_MCS_ANT_ABC_MSK) >> RATE_MCS_ANT_POS); 736 iwl_mvm_hwrate_to_tx_rate(rate_n_flags, info->band, r); 737 } 738 739 static void iwl_mvm_rx_tx_cmd_single(struct iwl_mvm *mvm, 740 struct iwl_rx_packet *pkt) 741 { 742 struct ieee80211_sta *sta; 743 u16 sequence = le16_to_cpu(pkt->hdr.sequence); 744 int txq_id = SEQ_TO_QUEUE(sequence); 745 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 746 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid); 747 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid); 748 u32 status = le16_to_cpu(tx_resp->status.status); 749 u16 ssn = iwl_mvm_get_scd_ssn(tx_resp); 750 struct iwl_mvm_sta *mvmsta; 751 struct sk_buff_head skbs; 752 u8 skb_freed = 0; 753 u16 next_reclaimed, seq_ctl; 754 755 __skb_queue_head_init(&skbs); 756 757 seq_ctl = le16_to_cpu(tx_resp->seq_ctl); 758 759 /* we can free until ssn % q.n_bd not inclusive */ 760 iwl_trans_reclaim(mvm->trans, txq_id, ssn, &skbs); 761 762 while (!skb_queue_empty(&skbs)) { 763 struct sk_buff *skb = __skb_dequeue(&skbs); 764 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 765 766 skb_freed++; 767 768 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]); 769 770 memset(&info->status, 0, sizeof(info->status)); 771 772 info->flags &= ~IEEE80211_TX_CTL_AMPDU; 773 774 /* inform mac80211 about what happened with the frame */ 775 switch (status & TX_STATUS_MSK) { 776 case TX_STATUS_SUCCESS: 777 case TX_STATUS_DIRECT_DONE: 778 info->flags |= IEEE80211_TX_STAT_ACK; 779 break; 780 case TX_STATUS_FAIL_DEST_PS: 781 info->flags |= IEEE80211_TX_STAT_TX_FILTERED; 782 break; 783 default: 784 break; 785 } 786 787 info->status.rates[0].count = tx_resp->failure_frame + 1; 788 iwl_mvm_hwrate_to_tx_status(le32_to_cpu(tx_resp->initial_rate), 789 info); 790 info->status.status_driver_data[1] = 791 (void *)(uintptr_t)le32_to_cpu(tx_resp->initial_rate); 792 793 /* Single frame failure in an AMPDU queue => send BAR */ 794 if (txq_id >= mvm->first_agg_queue && 795 !(info->flags & IEEE80211_TX_STAT_ACK) && 796 !(info->flags & IEEE80211_TX_STAT_TX_FILTERED)) 797 info->flags |= IEEE80211_TX_STAT_AMPDU_NO_BACK; 798 799 /* W/A FW bug: seq_ctl is wrong when the status isn't success */ 800 if (status != TX_STATUS_SUCCESS) { 801 struct ieee80211_hdr *hdr = (void *)skb->data; 802 seq_ctl = le16_to_cpu(hdr->seq_ctrl); 803 } 804 805 /* 806 * TODO: this is not accurate if we are freeing more than one 807 * packet. 808 */ 809 info->status.tx_time = 810 le16_to_cpu(tx_resp->wireless_media_time); 811 BUILD_BUG_ON(ARRAY_SIZE(info->status.status_driver_data) < 1); 812 info->status.status_driver_data[0] = 813 (void *)(uintptr_t)tx_resp->reduced_tpc; 814 815 ieee80211_tx_status(mvm->hw, skb); 816 } 817 818 if (txq_id >= mvm->first_agg_queue) { 819 /* If this is an aggregation queue, we use the ssn since: 820 * ssn = wifi seq_num % 256. 821 * The seq_ctl is the sequence control of the packet to which 822 * this Tx response relates. But if there is a hole in the 823 * bitmap of the BA we received, this Tx response may allow to 824 * reclaim the hole and all the subsequent packets that were 825 * already acked. In that case, seq_ctl != ssn, and the next 826 * packet to be reclaimed will be ssn and not seq_ctl. In that 827 * case, several packets will be reclaimed even if 828 * frame_count = 1. 829 * 830 * The ssn is the index (% 256) of the latest packet that has 831 * treated (acked / dropped) + 1. 832 */ 833 next_reclaimed = ssn; 834 } else { 835 /* The next packet to be reclaimed is the one after this one */ 836 next_reclaimed = IEEE80211_SEQ_TO_SN(seq_ctl + 0x10); 837 } 838 839 IWL_DEBUG_TX_REPLY(mvm, 840 "TXQ %d status %s (0x%08x)\n", 841 txq_id, iwl_mvm_get_tx_fail_reason(status), status); 842 843 IWL_DEBUG_TX_REPLY(mvm, 844 "\t\t\t\tinitial_rate 0x%x retries %d, idx=%d ssn=%d next_reclaimed=0x%x seq_ctl=0x%x\n", 845 le32_to_cpu(tx_resp->initial_rate), 846 tx_resp->failure_frame, SEQ_TO_INDEX(sequence), 847 ssn, next_reclaimed, seq_ctl); 848 849 rcu_read_lock(); 850 851 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 852 /* 853 * sta can't be NULL otherwise it'd mean that the sta has been freed in 854 * the firmware while we still have packets for it in the Tx queues. 855 */ 856 if (WARN_ON_ONCE(!sta)) 857 goto out; 858 859 if (!IS_ERR(sta)) { 860 mvmsta = iwl_mvm_sta_from_mac80211(sta); 861 862 if (tid != IWL_TID_NON_QOS) { 863 struct iwl_mvm_tid_data *tid_data = 864 &mvmsta->tid_data[tid]; 865 bool send_eosp_ndp = false; 866 867 spin_lock_bh(&mvmsta->lock); 868 tid_data->next_reclaimed = next_reclaimed; 869 IWL_DEBUG_TX_REPLY(mvm, "Next reclaimed packet:%d\n", 870 next_reclaimed); 871 iwl_mvm_check_ratid_empty(mvm, sta, tid); 872 873 if (mvmsta->sleep_tx_count) { 874 mvmsta->sleep_tx_count--; 875 if (mvmsta->sleep_tx_count && 876 !iwl_mvm_tid_queued(tid_data)) { 877 /* 878 * The number of frames in the queue 879 * dropped to 0 even if we sent less 880 * frames than we thought we had on the 881 * Tx queue. 882 * This means we had holes in the BA 883 * window that we just filled, ask 884 * mac80211 to send EOSP since the 885 * firmware won't know how to do that. 886 * Send NDP and the firmware will send 887 * EOSP notification that will trigger 888 * a call to ieee80211_sta_eosp(). 889 */ 890 send_eosp_ndp = true; 891 } 892 } 893 894 spin_unlock_bh(&mvmsta->lock); 895 if (send_eosp_ndp) { 896 iwl_mvm_sta_modify_sleep_tx_count(mvm, sta, 897 IEEE80211_FRAME_RELEASE_UAPSD, 898 1, tid, false, false); 899 mvmsta->sleep_tx_count = 0; 900 ieee80211_send_eosp_nullfunc(sta, tid); 901 } 902 } 903 904 if (mvmsta->next_status_eosp) { 905 mvmsta->next_status_eosp = false; 906 ieee80211_sta_eosp(sta); 907 } 908 } else { 909 mvmsta = NULL; 910 } 911 912 /* 913 * If the txq is not an AMPDU queue, there is no chance we freed 914 * several skbs. Check that out... 915 */ 916 if (txq_id >= mvm->first_agg_queue) 917 goto out; 918 919 /* We can't free more than one frame at once on a shared queue */ 920 WARN_ON(skb_freed > 1); 921 922 /* If we have still frames for this STA nothing to do here */ 923 if (!atomic_sub_and_test(skb_freed, &mvm->pending_frames[sta_id])) 924 goto out; 925 926 if (mvmsta && mvmsta->vif->type == NL80211_IFTYPE_AP) { 927 928 /* 929 * If there are no pending frames for this STA and 930 * the tx to this station is not disabled, notify 931 * mac80211 that this station can now wake up in its 932 * STA table. 933 * If mvmsta is not NULL, sta is valid. 934 */ 935 936 spin_lock_bh(&mvmsta->lock); 937 938 if (!mvmsta->disable_tx) 939 ieee80211_sta_block_awake(mvm->hw, sta, false); 940 941 spin_unlock_bh(&mvmsta->lock); 942 } 943 944 if (PTR_ERR(sta) == -EBUSY || PTR_ERR(sta) == -ENOENT) { 945 /* 946 * We are draining and this was the last packet - pre_rcu_remove 947 * has been called already. We might be after the 948 * synchronize_net already. 949 * Don't rely on iwl_mvm_rm_sta to see the empty Tx queues. 950 */ 951 set_bit(sta_id, mvm->sta_drained); 952 schedule_work(&mvm->sta_drained_wk); 953 } 954 955 out: 956 rcu_read_unlock(); 957 } 958 959 #ifdef CONFIG_IWLWIFI_DEBUG 960 #define AGG_TX_STATE_(x) case AGG_TX_STATE_ ## x: return #x 961 static const char *iwl_get_agg_tx_status(u16 status) 962 { 963 switch (status & AGG_TX_STATE_STATUS_MSK) { 964 AGG_TX_STATE_(TRANSMITTED); 965 AGG_TX_STATE_(UNDERRUN); 966 AGG_TX_STATE_(BT_PRIO); 967 AGG_TX_STATE_(FEW_BYTES); 968 AGG_TX_STATE_(ABORT); 969 AGG_TX_STATE_(LAST_SENT_TTL); 970 AGG_TX_STATE_(LAST_SENT_TRY_CNT); 971 AGG_TX_STATE_(LAST_SENT_BT_KILL); 972 AGG_TX_STATE_(SCD_QUERY); 973 AGG_TX_STATE_(TEST_BAD_CRC32); 974 AGG_TX_STATE_(RESPONSE); 975 AGG_TX_STATE_(DUMP_TX); 976 AGG_TX_STATE_(DELAY_TX); 977 } 978 979 return "UNKNOWN"; 980 } 981 982 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm, 983 struct iwl_rx_packet *pkt) 984 { 985 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 986 struct agg_tx_status *frame_status = &tx_resp->status; 987 int i; 988 989 for (i = 0; i < tx_resp->frame_count; i++) { 990 u16 fstatus = le16_to_cpu(frame_status[i].status); 991 992 IWL_DEBUG_TX_REPLY(mvm, 993 "status %s (0x%04x), try-count (%d) seq (0x%x)\n", 994 iwl_get_agg_tx_status(fstatus), 995 fstatus & AGG_TX_STATE_STATUS_MSK, 996 (fstatus & AGG_TX_STATE_TRY_CNT_MSK) >> 997 AGG_TX_STATE_TRY_CNT_POS, 998 le16_to_cpu(frame_status[i].sequence)); 999 } 1000 } 1001 #else 1002 static void iwl_mvm_rx_tx_cmd_agg_dbg(struct iwl_mvm *mvm, 1003 struct iwl_rx_packet *pkt) 1004 {} 1005 #endif /* CONFIG_IWLWIFI_DEBUG */ 1006 1007 static void iwl_mvm_rx_tx_cmd_agg(struct iwl_mvm *mvm, 1008 struct iwl_rx_packet *pkt) 1009 { 1010 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 1011 int sta_id = IWL_MVM_TX_RES_GET_RA(tx_resp->ra_tid); 1012 int tid = IWL_MVM_TX_RES_GET_TID(tx_resp->ra_tid); 1013 u16 sequence = le16_to_cpu(pkt->hdr.sequence); 1014 struct ieee80211_sta *sta; 1015 1016 if (WARN_ON_ONCE(SEQ_TO_QUEUE(sequence) < mvm->first_agg_queue)) 1017 return; 1018 1019 if (WARN_ON_ONCE(tid == IWL_TID_NON_QOS)) 1020 return; 1021 1022 iwl_mvm_rx_tx_cmd_agg_dbg(mvm, pkt); 1023 1024 rcu_read_lock(); 1025 1026 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1027 1028 if (!WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 1029 struct iwl_mvm_sta *mvmsta = iwl_mvm_sta_from_mac80211(sta); 1030 mvmsta->tid_data[tid].rate_n_flags = 1031 le32_to_cpu(tx_resp->initial_rate); 1032 mvmsta->tid_data[tid].reduced_tpc = tx_resp->reduced_tpc; 1033 mvmsta->tid_data[tid].tx_time = 1034 le16_to_cpu(tx_resp->wireless_media_time); 1035 } 1036 1037 rcu_read_unlock(); 1038 } 1039 1040 void iwl_mvm_rx_tx_cmd(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb) 1041 { 1042 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1043 struct iwl_mvm_tx_resp *tx_resp = (void *)pkt->data; 1044 1045 if (tx_resp->frame_count == 1) 1046 iwl_mvm_rx_tx_cmd_single(mvm, pkt); 1047 else 1048 iwl_mvm_rx_tx_cmd_agg(mvm, pkt); 1049 } 1050 1051 static void iwl_mvm_tx_info_from_ba_notif(struct ieee80211_tx_info *info, 1052 struct iwl_mvm_ba_notif *ba_notif, 1053 struct iwl_mvm_tid_data *tid_data) 1054 { 1055 info->flags |= IEEE80211_TX_STAT_AMPDU; 1056 info->status.ampdu_ack_len = ba_notif->txed_2_done; 1057 info->status.ampdu_len = ba_notif->txed; 1058 iwl_mvm_hwrate_to_tx_status(tid_data->rate_n_flags, 1059 info); 1060 /* TODO: not accounted if the whole A-MPDU failed */ 1061 info->status.tx_time = tid_data->tx_time; 1062 info->status.status_driver_data[0] = 1063 (void *)(uintptr_t)tid_data->reduced_tpc; 1064 info->status.status_driver_data[1] = 1065 (void *)(uintptr_t)tid_data->rate_n_flags; 1066 } 1067 1068 void iwl_mvm_rx_ba_notif(struct iwl_mvm *mvm, struct iwl_rx_cmd_buffer *rxb) 1069 { 1070 struct iwl_rx_packet *pkt = rxb_addr(rxb); 1071 struct iwl_mvm_ba_notif *ba_notif = (void *)pkt->data; 1072 struct sk_buff_head reclaimed_skbs; 1073 struct iwl_mvm_tid_data *tid_data; 1074 struct ieee80211_sta *sta; 1075 struct iwl_mvm_sta *mvmsta; 1076 struct sk_buff *skb; 1077 int sta_id, tid, freed; 1078 /* "flow" corresponds to Tx queue */ 1079 u16 scd_flow = le16_to_cpu(ba_notif->scd_flow); 1080 /* "ssn" is start of block-ack Tx window, corresponds to index 1081 * (in Tx queue's circular buffer) of first TFD/frame in window */ 1082 u16 ba_resp_scd_ssn = le16_to_cpu(ba_notif->scd_ssn); 1083 1084 sta_id = ba_notif->sta_id; 1085 tid = ba_notif->tid; 1086 1087 if (WARN_ONCE(sta_id >= IWL_MVM_STATION_COUNT || 1088 tid >= IWL_MAX_TID_COUNT, 1089 "sta_id %d tid %d", sta_id, tid)) 1090 return; 1091 1092 rcu_read_lock(); 1093 1094 sta = rcu_dereference(mvm->fw_id_to_mac_id[sta_id]); 1095 1096 /* Reclaiming frames for a station that has been deleted ? */ 1097 if (WARN_ON_ONCE(IS_ERR_OR_NULL(sta))) { 1098 rcu_read_unlock(); 1099 return; 1100 } 1101 1102 mvmsta = iwl_mvm_sta_from_mac80211(sta); 1103 tid_data = &mvmsta->tid_data[tid]; 1104 1105 if (tid_data->txq_id != scd_flow) { 1106 IWL_ERR(mvm, 1107 "invalid BA notification: Q %d, tid %d, flow %d\n", 1108 tid_data->txq_id, tid, scd_flow); 1109 rcu_read_unlock(); 1110 return; 1111 } 1112 1113 spin_lock_bh(&mvmsta->lock); 1114 1115 __skb_queue_head_init(&reclaimed_skbs); 1116 1117 /* 1118 * Release all TFDs before the SSN, i.e. all TFDs in front of 1119 * block-ack window (we assume that they've been successfully 1120 * transmitted ... if not, it's too late anyway). 1121 */ 1122 iwl_trans_reclaim(mvm->trans, scd_flow, ba_resp_scd_ssn, 1123 &reclaimed_skbs); 1124 1125 IWL_DEBUG_TX_REPLY(mvm, 1126 "BA_NOTIFICATION Received from %pM, sta_id = %d\n", 1127 (u8 *)&ba_notif->sta_addr_lo32, 1128 ba_notif->sta_id); 1129 IWL_DEBUG_TX_REPLY(mvm, 1130 "TID = %d, SeqCtl = %d, bitmap = 0x%llx, scd_flow = %d, scd_ssn = %d sent:%d, acked:%d\n", 1131 ba_notif->tid, le16_to_cpu(ba_notif->seq_ctl), 1132 (unsigned long long)le64_to_cpu(ba_notif->bitmap), 1133 scd_flow, ba_resp_scd_ssn, ba_notif->txed, 1134 ba_notif->txed_2_done); 1135 1136 tid_data->next_reclaimed = ba_resp_scd_ssn; 1137 1138 iwl_mvm_check_ratid_empty(mvm, sta, tid); 1139 1140 freed = 0; 1141 1142 skb_queue_walk(&reclaimed_skbs, skb) { 1143 struct ieee80211_hdr *hdr = (void *)skb->data; 1144 struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb); 1145 1146 if (ieee80211_is_data_qos(hdr->frame_control)) 1147 freed++; 1148 else 1149 WARN_ON_ONCE(1); 1150 1151 iwl_trans_free_tx_cmd(mvm->trans, info->driver_data[1]); 1152 1153 memset(&info->status, 0, sizeof(info->status)); 1154 /* Packet was transmitted successfully, failures come as single 1155 * frames because before failing a frame the firmware transmits 1156 * it without aggregation at least once. 1157 */ 1158 info->flags |= IEEE80211_TX_STAT_ACK; 1159 1160 /* this is the first skb we deliver in this batch */ 1161 /* put the rate scaling data there */ 1162 if (freed == 1) 1163 iwl_mvm_tx_info_from_ba_notif(info, ba_notif, tid_data); 1164 } 1165 1166 spin_unlock_bh(&mvmsta->lock); 1167 1168 /* We got a BA notif with 0 acked or scd_ssn didn't progress which is 1169 * possible (i.e. first MPDU in the aggregation wasn't acked) 1170 * Still it's important to update RS about sent vs. acked. 1171 */ 1172 if (skb_queue_empty(&reclaimed_skbs)) { 1173 struct ieee80211_tx_info ba_info = {}; 1174 struct ieee80211_chanctx_conf *chanctx_conf = NULL; 1175 1176 if (mvmsta->vif) 1177 chanctx_conf = 1178 rcu_dereference(mvmsta->vif->chanctx_conf); 1179 1180 if (WARN_ON_ONCE(!chanctx_conf)) 1181 goto out; 1182 1183 ba_info.band = chanctx_conf->def.chan->band; 1184 iwl_mvm_tx_info_from_ba_notif(&ba_info, ba_notif, tid_data); 1185 1186 IWL_DEBUG_TX_REPLY(mvm, "No reclaim. Update rs directly\n"); 1187 iwl_mvm_rs_tx_status(mvm, sta, tid, &ba_info); 1188 } 1189 1190 out: 1191 rcu_read_unlock(); 1192 1193 while (!skb_queue_empty(&reclaimed_skbs)) { 1194 skb = __skb_dequeue(&reclaimed_skbs); 1195 ieee80211_tx_status(mvm->hw, skb); 1196 } 1197 } 1198 1199 /* 1200 * Note that there are transports that buffer frames before they reach 1201 * the firmware. This means that after flush_tx_path is called, the 1202 * queue might not be empty. The race-free way to handle this is to: 1203 * 1) set the station as draining 1204 * 2) flush the Tx path 1205 * 3) wait for the transport queues to be empty 1206 */ 1207 int iwl_mvm_flush_tx_path(struct iwl_mvm *mvm, u32 tfd_msk, u32 flags) 1208 { 1209 int ret; 1210 struct iwl_tx_path_flush_cmd flush_cmd = { 1211 .queues_ctl = cpu_to_le32(tfd_msk), 1212 .flush_ctl = cpu_to_le16(DUMP_TX_FIFO_FLUSH), 1213 }; 1214 1215 ret = iwl_mvm_send_cmd_pdu(mvm, TXPATH_FLUSH, flags, 1216 sizeof(flush_cmd), &flush_cmd); 1217 if (ret) 1218 IWL_ERR(mvm, "Failed to send flush command (%d)\n", ret); 1219 return ret; 1220 } 1221