1 // SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause 2 /* 3 * Copyright (C) 2020 Intel Corporation 4 */ 5 #include <net/tso.h> 6 #include <linux/tcp.h> 7 8 #include "iwl-debug.h" 9 #include "iwl-io.h" 10 #include "fw/api/tx.h" 11 #include "queue/tx.h" 12 #include "iwl-fh.h" 13 #include "iwl-scd.h" 14 #include <linux/dmapool.h> 15 16 /* 17 * iwl_txq_gen2_tx_stop - Stop all Tx DMA channels 18 */ 19 void iwl_txq_gen2_tx_stop(struct iwl_trans *trans) 20 { 21 int txq_id; 22 23 /* 24 * This function can be called before the op_mode disabled the 25 * queues. This happens when we have an rfkill interrupt. 26 * Since we stop Tx altogether - mark the queues as stopped. 27 */ 28 memset(trans->txqs.queue_stopped, 0, 29 sizeof(trans->txqs.queue_stopped)); 30 memset(trans->txqs.queue_used, 0, sizeof(trans->txqs.queue_used)); 31 32 /* Unmap DMA from host system and free skb's */ 33 for (txq_id = 0; txq_id < ARRAY_SIZE(trans->txqs.txq); txq_id++) { 34 if (!trans->txqs.txq[txq_id]) 35 continue; 36 iwl_txq_gen2_unmap(trans, txq_id); 37 } 38 } 39 40 /* 41 * iwl_txq_update_byte_tbl - Set up entry in Tx byte-count array 42 */ 43 static void iwl_pcie_gen2_update_byte_tbl(struct iwl_trans *trans, 44 struct iwl_txq *txq, u16 byte_cnt, 45 int num_tbs) 46 { 47 int idx = iwl_txq_get_cmd_index(txq, txq->write_ptr); 48 u8 filled_tfd_size, num_fetch_chunks; 49 u16 len = byte_cnt; 50 __le16 bc_ent; 51 52 if (WARN(idx >= txq->n_window, "%d >= %d\n", idx, txq->n_window)) 53 return; 54 55 filled_tfd_size = offsetof(struct iwl_tfh_tfd, tbs) + 56 num_tbs * sizeof(struct iwl_tfh_tb); 57 /* 58 * filled_tfd_size contains the number of filled bytes in the TFD. 59 * Dividing it by 64 will give the number of chunks to fetch 60 * to SRAM- 0 for one chunk, 1 for 2 and so on. 61 * If, for example, TFD contains only 3 TBs then 32 bytes 62 * of the TFD are used, and only one chunk of 64 bytes should 63 * be fetched 64 */ 65 num_fetch_chunks = DIV_ROUND_UP(filled_tfd_size, 64) - 1; 66 67 if (trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210) { 68 struct iwl_gen3_bc_tbl *scd_bc_tbl_gen3 = txq->bc_tbl.addr; 69 70 /* Starting from AX210, the HW expects bytes */ 71 WARN_ON(trans->txqs.bc_table_dword); 72 WARN_ON(len > 0x3FFF); 73 bc_ent = cpu_to_le16(len | (num_fetch_chunks << 14)); 74 scd_bc_tbl_gen3->tfd_offset[idx] = bc_ent; 75 } else { 76 struct iwlagn_scd_bc_tbl *scd_bc_tbl = txq->bc_tbl.addr; 77 78 /* Before AX210, the HW expects DW */ 79 WARN_ON(!trans->txqs.bc_table_dword); 80 len = DIV_ROUND_UP(len, 4); 81 WARN_ON(len > 0xFFF); 82 bc_ent = cpu_to_le16(len | (num_fetch_chunks << 12)); 83 scd_bc_tbl->tfd_offset[idx] = bc_ent; 84 } 85 } 86 87 /* 88 * iwl_txq_inc_wr_ptr - Send new write index to hardware 89 */ 90 void iwl_txq_inc_wr_ptr(struct iwl_trans *trans, struct iwl_txq *txq) 91 { 92 lockdep_assert_held(&txq->lock); 93 94 IWL_DEBUG_TX(trans, "Q:%d WR: 0x%x\n", txq->id, txq->write_ptr); 95 96 /* 97 * if not in power-save mode, uCode will never sleep when we're 98 * trying to tx (during RFKILL, we're not trying to tx). 99 */ 100 iwl_write32(trans, HBUS_TARG_WRPTR, txq->write_ptr | (txq->id << 16)); 101 } 102 103 static u8 iwl_txq_gen2_get_num_tbs(struct iwl_trans *trans, 104 struct iwl_tfh_tfd *tfd) 105 { 106 return le16_to_cpu(tfd->num_tbs) & 0x1f; 107 } 108 109 void iwl_txq_gen2_tfd_unmap(struct iwl_trans *trans, struct iwl_cmd_meta *meta, 110 struct iwl_tfh_tfd *tfd) 111 { 112 int i, num_tbs; 113 114 /* Sanity check on number of chunks */ 115 num_tbs = iwl_txq_gen2_get_num_tbs(trans, tfd); 116 117 if (num_tbs > trans->txqs.tfd.max_tbs) { 118 IWL_ERR(trans, "Too many chunks: %i\n", num_tbs); 119 return; 120 } 121 122 /* first TB is never freed - it's the bidirectional DMA data */ 123 for (i = 1; i < num_tbs; i++) { 124 if (meta->tbs & BIT(i)) 125 dma_unmap_page(trans->dev, 126 le64_to_cpu(tfd->tbs[i].addr), 127 le16_to_cpu(tfd->tbs[i].tb_len), 128 DMA_TO_DEVICE); 129 else 130 dma_unmap_single(trans->dev, 131 le64_to_cpu(tfd->tbs[i].addr), 132 le16_to_cpu(tfd->tbs[i].tb_len), 133 DMA_TO_DEVICE); 134 } 135 136 tfd->num_tbs = 0; 137 } 138 139 void iwl_txq_gen2_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq) 140 { 141 /* rd_ptr is bounded by TFD_QUEUE_SIZE_MAX and 142 * idx is bounded by n_window 143 */ 144 int idx = iwl_txq_get_cmd_index(txq, txq->read_ptr); 145 struct sk_buff *skb; 146 147 lockdep_assert_held(&txq->lock); 148 149 if (!txq->entries) 150 return; 151 152 iwl_txq_gen2_tfd_unmap(trans, &txq->entries[idx].meta, 153 iwl_txq_get_tfd(trans, txq, idx)); 154 155 skb = txq->entries[idx].skb; 156 157 /* Can be called from irqs-disabled context 158 * If skb is not NULL, it means that the whole queue is being 159 * freed and that the queue is not empty - free the skb 160 */ 161 if (skb) { 162 iwl_op_mode_free_skb(trans->op_mode, skb); 163 txq->entries[idx].skb = NULL; 164 } 165 } 166 167 int iwl_txq_gen2_set_tb(struct iwl_trans *trans, struct iwl_tfh_tfd *tfd, 168 dma_addr_t addr, u16 len) 169 { 170 int idx = iwl_txq_gen2_get_num_tbs(trans, tfd); 171 struct iwl_tfh_tb *tb; 172 173 /* 174 * Only WARN here so we know about the issue, but we mess up our 175 * unmap path because not every place currently checks for errors 176 * returned from this function - it can only return an error if 177 * there's no more space, and so when we know there is enough we 178 * don't always check ... 179 */ 180 WARN(iwl_txq_crosses_4g_boundary(addr, len), 181 "possible DMA problem with iova:0x%llx, len:%d\n", 182 (unsigned long long)addr, len); 183 184 if (WARN_ON(idx >= IWL_TFH_NUM_TBS)) 185 return -EINVAL; 186 tb = &tfd->tbs[idx]; 187 188 /* Each TFD can point to a maximum max_tbs Tx buffers */ 189 if (le16_to_cpu(tfd->num_tbs) >= trans->txqs.tfd.max_tbs) { 190 IWL_ERR(trans, "Error can not send more than %d chunks\n", 191 trans->txqs.tfd.max_tbs); 192 return -EINVAL; 193 } 194 195 put_unaligned_le64(addr, &tb->addr); 196 tb->tb_len = cpu_to_le16(len); 197 198 tfd->num_tbs = cpu_to_le16(idx + 1); 199 200 return idx; 201 } 202 203 static struct page *get_workaround_page(struct iwl_trans *trans, 204 struct sk_buff *skb) 205 { 206 struct page **page_ptr; 207 struct page *ret; 208 209 page_ptr = (void *)((u8 *)skb->cb + trans->txqs.page_offs); 210 211 ret = alloc_page(GFP_ATOMIC); 212 if (!ret) 213 return NULL; 214 215 /* set the chaining pointer to the previous page if there */ 216 *(void **)(page_address(ret) + PAGE_SIZE - sizeof(void *)) = *page_ptr; 217 *page_ptr = ret; 218 219 return ret; 220 } 221 222 /* 223 * Add a TB and if needed apply the FH HW bug workaround; 224 * meta != NULL indicates that it's a page mapping and we 225 * need to dma_unmap_page() and set the meta->tbs bit in 226 * this case. 227 */ 228 static int iwl_txq_gen2_set_tb_with_wa(struct iwl_trans *trans, 229 struct sk_buff *skb, 230 struct iwl_tfh_tfd *tfd, 231 dma_addr_t phys, void *virt, 232 u16 len, struct iwl_cmd_meta *meta) 233 { 234 dma_addr_t oldphys = phys; 235 struct page *page; 236 int ret; 237 238 if (unlikely(dma_mapping_error(trans->dev, phys))) 239 return -ENOMEM; 240 241 if (likely(!iwl_txq_crosses_4g_boundary(phys, len))) { 242 ret = iwl_txq_gen2_set_tb(trans, tfd, phys, len); 243 244 if (ret < 0) 245 goto unmap; 246 247 if (meta) 248 meta->tbs |= BIT(ret); 249 250 ret = 0; 251 goto trace; 252 } 253 254 /* 255 * Work around a hardware bug. If (as expressed in the 256 * condition above) the TB ends on a 32-bit boundary, 257 * then the next TB may be accessed with the wrong 258 * address. 259 * To work around it, copy the data elsewhere and make 260 * a new mapping for it so the device will not fail. 261 */ 262 263 if (WARN_ON(len > PAGE_SIZE - sizeof(void *))) { 264 ret = -ENOBUFS; 265 goto unmap; 266 } 267 268 page = get_workaround_page(trans, skb); 269 if (!page) { 270 ret = -ENOMEM; 271 goto unmap; 272 } 273 274 memcpy(page_address(page), virt, len); 275 276 phys = dma_map_single(trans->dev, page_address(page), len, 277 DMA_TO_DEVICE); 278 if (unlikely(dma_mapping_error(trans->dev, phys))) 279 return -ENOMEM; 280 ret = iwl_txq_gen2_set_tb(trans, tfd, phys, len); 281 if (ret < 0) { 282 /* unmap the new allocation as single */ 283 oldphys = phys; 284 meta = NULL; 285 goto unmap; 286 } 287 IWL_WARN(trans, 288 "TB bug workaround: copied %d bytes from 0x%llx to 0x%llx\n", 289 len, (unsigned long long)oldphys, (unsigned long long)phys); 290 291 ret = 0; 292 unmap: 293 if (meta) 294 dma_unmap_page(trans->dev, oldphys, len, DMA_TO_DEVICE); 295 else 296 dma_unmap_single(trans->dev, oldphys, len, DMA_TO_DEVICE); 297 trace: 298 trace_iwlwifi_dev_tx_tb(trans->dev, skb, virt, phys, len); 299 300 return ret; 301 } 302 303 #ifdef CONFIG_INET 304 struct iwl_tso_hdr_page *get_page_hdr(struct iwl_trans *trans, size_t len, 305 struct sk_buff *skb) 306 { 307 struct iwl_tso_hdr_page *p = this_cpu_ptr(trans->txqs.tso_hdr_page); 308 struct page **page_ptr; 309 310 page_ptr = (void *)((u8 *)skb->cb + trans->txqs.page_offs); 311 312 if (WARN_ON(*page_ptr)) 313 return NULL; 314 315 if (!p->page) 316 goto alloc; 317 318 /* 319 * Check if there's enough room on this page 320 * 321 * Note that we put a page chaining pointer *last* in the 322 * page - we need it somewhere, and if it's there then we 323 * avoid DMA mapping the last bits of the page which may 324 * trigger the 32-bit boundary hardware bug. 325 * 326 * (see also get_workaround_page() in tx-gen2.c) 327 */ 328 if (p->pos + len < (u8 *)page_address(p->page) + PAGE_SIZE - 329 sizeof(void *)) 330 goto out; 331 332 /* We don't have enough room on this page, get a new one. */ 333 __free_page(p->page); 334 335 alloc: 336 p->page = alloc_page(GFP_ATOMIC); 337 if (!p->page) 338 return NULL; 339 p->pos = page_address(p->page); 340 /* set the chaining pointer to NULL */ 341 *(void **)(page_address(p->page) + PAGE_SIZE - sizeof(void *)) = NULL; 342 out: 343 *page_ptr = p->page; 344 get_page(p->page); 345 return p; 346 } 347 #endif 348 349 static int iwl_txq_gen2_build_amsdu(struct iwl_trans *trans, 350 struct sk_buff *skb, 351 struct iwl_tfh_tfd *tfd, int start_len, 352 u8 hdr_len, 353 struct iwl_device_tx_cmd *dev_cmd) 354 { 355 #ifdef CONFIG_INET 356 struct iwl_tx_cmd_gen2 *tx_cmd = (void *)dev_cmd->payload; 357 struct ieee80211_hdr *hdr = (void *)skb->data; 358 unsigned int snap_ip_tcp_hdrlen, ip_hdrlen, total_len, hdr_room; 359 unsigned int mss = skb_shinfo(skb)->gso_size; 360 u16 length, amsdu_pad; 361 u8 *start_hdr; 362 struct iwl_tso_hdr_page *hdr_page; 363 struct tso_t tso; 364 365 trace_iwlwifi_dev_tx(trans->dev, skb, tfd, sizeof(*tfd), 366 &dev_cmd->hdr, start_len, 0); 367 368 ip_hdrlen = skb_transport_header(skb) - skb_network_header(skb); 369 snap_ip_tcp_hdrlen = 8 + ip_hdrlen + tcp_hdrlen(skb); 370 total_len = skb->len - snap_ip_tcp_hdrlen - hdr_len; 371 amsdu_pad = 0; 372 373 /* total amount of header we may need for this A-MSDU */ 374 hdr_room = DIV_ROUND_UP(total_len, mss) * 375 (3 + snap_ip_tcp_hdrlen + sizeof(struct ethhdr)); 376 377 /* Our device supports 9 segments at most, it will fit in 1 page */ 378 hdr_page = get_page_hdr(trans, hdr_room, skb); 379 if (!hdr_page) 380 return -ENOMEM; 381 382 start_hdr = hdr_page->pos; 383 384 /* 385 * Pull the ieee80211 header to be able to use TSO core, 386 * we will restore it for the tx_status flow. 387 */ 388 skb_pull(skb, hdr_len); 389 390 /* 391 * Remove the length of all the headers that we don't actually 392 * have in the MPDU by themselves, but that we duplicate into 393 * all the different MSDUs inside the A-MSDU. 394 */ 395 le16_add_cpu(&tx_cmd->len, -snap_ip_tcp_hdrlen); 396 397 tso_start(skb, &tso); 398 399 while (total_len) { 400 /* this is the data left for this subframe */ 401 unsigned int data_left = min_t(unsigned int, mss, total_len); 402 struct sk_buff *csum_skb = NULL; 403 unsigned int tb_len; 404 dma_addr_t tb_phys; 405 u8 *subf_hdrs_start = hdr_page->pos; 406 407 total_len -= data_left; 408 409 memset(hdr_page->pos, 0, amsdu_pad); 410 hdr_page->pos += amsdu_pad; 411 amsdu_pad = (4 - (sizeof(struct ethhdr) + snap_ip_tcp_hdrlen + 412 data_left)) & 0x3; 413 ether_addr_copy(hdr_page->pos, ieee80211_get_DA(hdr)); 414 hdr_page->pos += ETH_ALEN; 415 ether_addr_copy(hdr_page->pos, ieee80211_get_SA(hdr)); 416 hdr_page->pos += ETH_ALEN; 417 418 length = snap_ip_tcp_hdrlen + data_left; 419 *((__be16 *)hdr_page->pos) = cpu_to_be16(length); 420 hdr_page->pos += sizeof(length); 421 422 /* 423 * This will copy the SNAP as well which will be considered 424 * as MAC header. 425 */ 426 tso_build_hdr(skb, hdr_page->pos, &tso, data_left, !total_len); 427 428 hdr_page->pos += snap_ip_tcp_hdrlen; 429 430 tb_len = hdr_page->pos - start_hdr; 431 tb_phys = dma_map_single(trans->dev, start_hdr, 432 tb_len, DMA_TO_DEVICE); 433 if (unlikely(dma_mapping_error(trans->dev, tb_phys))) { 434 dev_kfree_skb(csum_skb); 435 goto out_err; 436 } 437 /* 438 * No need for _with_wa, this is from the TSO page and 439 * we leave some space at the end of it so can't hit 440 * the buggy scenario. 441 */ 442 iwl_txq_gen2_set_tb(trans, tfd, tb_phys, tb_len); 443 trace_iwlwifi_dev_tx_tb(trans->dev, skb, start_hdr, 444 tb_phys, tb_len); 445 /* add this subframe's headers' length to the tx_cmd */ 446 le16_add_cpu(&tx_cmd->len, hdr_page->pos - subf_hdrs_start); 447 448 /* prepare the start_hdr for the next subframe */ 449 start_hdr = hdr_page->pos; 450 451 /* put the payload */ 452 while (data_left) { 453 int ret; 454 455 tb_len = min_t(unsigned int, tso.size, data_left); 456 tb_phys = dma_map_single(trans->dev, tso.data, 457 tb_len, DMA_TO_DEVICE); 458 ret = iwl_txq_gen2_set_tb_with_wa(trans, skb, tfd, 459 tb_phys, tso.data, 460 tb_len, NULL); 461 if (ret) { 462 dev_kfree_skb(csum_skb); 463 goto out_err; 464 } 465 466 data_left -= tb_len; 467 tso_build_data(skb, &tso, tb_len); 468 } 469 } 470 471 /* re -add the WiFi header */ 472 skb_push(skb, hdr_len); 473 474 return 0; 475 476 out_err: 477 #endif 478 return -EINVAL; 479 } 480 481 static struct 482 iwl_tfh_tfd *iwl_txq_gen2_build_tx_amsdu(struct iwl_trans *trans, 483 struct iwl_txq *txq, 484 struct iwl_device_tx_cmd *dev_cmd, 485 struct sk_buff *skb, 486 struct iwl_cmd_meta *out_meta, 487 int hdr_len, 488 int tx_cmd_len) 489 { 490 int idx = iwl_txq_get_cmd_index(txq, txq->write_ptr); 491 struct iwl_tfh_tfd *tfd = iwl_txq_get_tfd(trans, txq, idx); 492 dma_addr_t tb_phys; 493 int len; 494 void *tb1_addr; 495 496 tb_phys = iwl_txq_get_first_tb_dma(txq, idx); 497 498 /* 499 * No need for _with_wa, the first TB allocation is aligned up 500 * to a 64-byte boundary and thus can't be at the end or cross 501 * a page boundary (much less a 2^32 boundary). 502 */ 503 iwl_txq_gen2_set_tb(trans, tfd, tb_phys, IWL_FIRST_TB_SIZE); 504 505 /* 506 * The second TB (tb1) points to the remainder of the TX command 507 * and the 802.11 header - dword aligned size 508 * (This calculation modifies the TX command, so do it before the 509 * setup of the first TB) 510 */ 511 len = tx_cmd_len + sizeof(struct iwl_cmd_header) + hdr_len - 512 IWL_FIRST_TB_SIZE; 513 514 /* do not align A-MSDU to dword as the subframe header aligns it */ 515 516 /* map the data for TB1 */ 517 tb1_addr = ((u8 *)&dev_cmd->hdr) + IWL_FIRST_TB_SIZE; 518 tb_phys = dma_map_single(trans->dev, tb1_addr, len, DMA_TO_DEVICE); 519 if (unlikely(dma_mapping_error(trans->dev, tb_phys))) 520 goto out_err; 521 /* 522 * No need for _with_wa(), we ensure (via alignment) that the data 523 * here can never cross or end at a page boundary. 524 */ 525 iwl_txq_gen2_set_tb(trans, tfd, tb_phys, len); 526 527 if (iwl_txq_gen2_build_amsdu(trans, skb, tfd, len + IWL_FIRST_TB_SIZE, 528 hdr_len, dev_cmd)) 529 goto out_err; 530 531 /* building the A-MSDU might have changed this data, memcpy it now */ 532 memcpy(&txq->first_tb_bufs[idx], dev_cmd, IWL_FIRST_TB_SIZE); 533 return tfd; 534 535 out_err: 536 iwl_txq_gen2_tfd_unmap(trans, out_meta, tfd); 537 return NULL; 538 } 539 540 static int iwl_txq_gen2_tx_add_frags(struct iwl_trans *trans, 541 struct sk_buff *skb, 542 struct iwl_tfh_tfd *tfd, 543 struct iwl_cmd_meta *out_meta) 544 { 545 int i; 546 547 for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) { 548 const skb_frag_t *frag = &skb_shinfo(skb)->frags[i]; 549 dma_addr_t tb_phys; 550 unsigned int fragsz = skb_frag_size(frag); 551 int ret; 552 553 if (!fragsz) 554 continue; 555 556 tb_phys = skb_frag_dma_map(trans->dev, frag, 0, 557 fragsz, DMA_TO_DEVICE); 558 ret = iwl_txq_gen2_set_tb_with_wa(trans, skb, tfd, tb_phys, 559 skb_frag_address(frag), 560 fragsz, out_meta); 561 if (ret) 562 return ret; 563 } 564 565 return 0; 566 } 567 568 static struct 569 iwl_tfh_tfd *iwl_txq_gen2_build_tx(struct iwl_trans *trans, 570 struct iwl_txq *txq, 571 struct iwl_device_tx_cmd *dev_cmd, 572 struct sk_buff *skb, 573 struct iwl_cmd_meta *out_meta, 574 int hdr_len, 575 int tx_cmd_len, 576 bool pad) 577 { 578 int idx = iwl_txq_get_cmd_index(txq, txq->write_ptr); 579 struct iwl_tfh_tfd *tfd = iwl_txq_get_tfd(trans, txq, idx); 580 dma_addr_t tb_phys; 581 int len, tb1_len, tb2_len; 582 void *tb1_addr; 583 struct sk_buff *frag; 584 585 tb_phys = iwl_txq_get_first_tb_dma(txq, idx); 586 587 /* The first TB points to bi-directional DMA data */ 588 memcpy(&txq->first_tb_bufs[idx], dev_cmd, IWL_FIRST_TB_SIZE); 589 590 /* 591 * No need for _with_wa, the first TB allocation is aligned up 592 * to a 64-byte boundary and thus can't be at the end or cross 593 * a page boundary (much less a 2^32 boundary). 594 */ 595 iwl_txq_gen2_set_tb(trans, tfd, tb_phys, IWL_FIRST_TB_SIZE); 596 597 /* 598 * The second TB (tb1) points to the remainder of the TX command 599 * and the 802.11 header - dword aligned size 600 * (This calculation modifies the TX command, so do it before the 601 * setup of the first TB) 602 */ 603 len = tx_cmd_len + sizeof(struct iwl_cmd_header) + hdr_len - 604 IWL_FIRST_TB_SIZE; 605 606 if (pad) 607 tb1_len = ALIGN(len, 4); 608 else 609 tb1_len = len; 610 611 /* map the data for TB1 */ 612 tb1_addr = ((u8 *)&dev_cmd->hdr) + IWL_FIRST_TB_SIZE; 613 tb_phys = dma_map_single(trans->dev, tb1_addr, tb1_len, DMA_TO_DEVICE); 614 if (unlikely(dma_mapping_error(trans->dev, tb_phys))) 615 goto out_err; 616 /* 617 * No need for _with_wa(), we ensure (via alignment) that the data 618 * here can never cross or end at a page boundary. 619 */ 620 iwl_txq_gen2_set_tb(trans, tfd, tb_phys, tb1_len); 621 trace_iwlwifi_dev_tx(trans->dev, skb, tfd, sizeof(*tfd), &dev_cmd->hdr, 622 IWL_FIRST_TB_SIZE + tb1_len, hdr_len); 623 624 /* set up TFD's third entry to point to remainder of skb's head */ 625 tb2_len = skb_headlen(skb) - hdr_len; 626 627 if (tb2_len > 0) { 628 int ret; 629 630 tb_phys = dma_map_single(trans->dev, skb->data + hdr_len, 631 tb2_len, DMA_TO_DEVICE); 632 ret = iwl_txq_gen2_set_tb_with_wa(trans, skb, tfd, tb_phys, 633 skb->data + hdr_len, tb2_len, 634 NULL); 635 if (ret) 636 goto out_err; 637 } 638 639 if (iwl_txq_gen2_tx_add_frags(trans, skb, tfd, out_meta)) 640 goto out_err; 641 642 skb_walk_frags(skb, frag) { 643 int ret; 644 645 tb_phys = dma_map_single(trans->dev, frag->data, 646 skb_headlen(frag), DMA_TO_DEVICE); 647 ret = iwl_txq_gen2_set_tb_with_wa(trans, skb, tfd, tb_phys, 648 frag->data, 649 skb_headlen(frag), NULL); 650 if (ret) 651 goto out_err; 652 if (iwl_txq_gen2_tx_add_frags(trans, frag, tfd, out_meta)) 653 goto out_err; 654 } 655 656 return tfd; 657 658 out_err: 659 iwl_txq_gen2_tfd_unmap(trans, out_meta, tfd); 660 return NULL; 661 } 662 663 static 664 struct iwl_tfh_tfd *iwl_txq_gen2_build_tfd(struct iwl_trans *trans, 665 struct iwl_txq *txq, 666 struct iwl_device_tx_cmd *dev_cmd, 667 struct sk_buff *skb, 668 struct iwl_cmd_meta *out_meta) 669 { 670 struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; 671 int idx = iwl_txq_get_cmd_index(txq, txq->write_ptr); 672 struct iwl_tfh_tfd *tfd = iwl_txq_get_tfd(trans, txq, idx); 673 int len, hdr_len; 674 bool amsdu; 675 676 /* There must be data left over for TB1 or this code must be changed */ 677 BUILD_BUG_ON(sizeof(struct iwl_tx_cmd_gen2) < IWL_FIRST_TB_SIZE); 678 679 memset(tfd, 0, sizeof(*tfd)); 680 681 if (trans->trans_cfg->device_family < IWL_DEVICE_FAMILY_AX210) 682 len = sizeof(struct iwl_tx_cmd_gen2); 683 else 684 len = sizeof(struct iwl_tx_cmd_gen3); 685 686 amsdu = ieee80211_is_data_qos(hdr->frame_control) && 687 (*ieee80211_get_qos_ctl(hdr) & 688 IEEE80211_QOS_CTL_A_MSDU_PRESENT); 689 690 hdr_len = ieee80211_hdrlen(hdr->frame_control); 691 692 /* 693 * Only build A-MSDUs here if doing so by GSO, otherwise it may be 694 * an A-MSDU for other reasons, e.g. NAN or an A-MSDU having been 695 * built in the higher layers already. 696 */ 697 if (amsdu && skb_shinfo(skb)->gso_size) 698 return iwl_txq_gen2_build_tx_amsdu(trans, txq, dev_cmd, skb, 699 out_meta, hdr_len, len); 700 return iwl_txq_gen2_build_tx(trans, txq, dev_cmd, skb, out_meta, 701 hdr_len, len, !amsdu); 702 } 703 704 int iwl_txq_space(struct iwl_trans *trans, const struct iwl_txq *q) 705 { 706 unsigned int max; 707 unsigned int used; 708 709 /* 710 * To avoid ambiguity between empty and completely full queues, there 711 * should always be less than max_tfd_queue_size elements in the queue. 712 * If q->n_window is smaller than max_tfd_queue_size, there is no need 713 * to reserve any queue entries for this purpose. 714 */ 715 if (q->n_window < trans->trans_cfg->base_params->max_tfd_queue_size) 716 max = q->n_window; 717 else 718 max = trans->trans_cfg->base_params->max_tfd_queue_size - 1; 719 720 /* 721 * max_tfd_queue_size is a power of 2, so the following is equivalent to 722 * modulo by max_tfd_queue_size and is well defined. 723 */ 724 used = (q->write_ptr - q->read_ptr) & 725 (trans->trans_cfg->base_params->max_tfd_queue_size - 1); 726 727 if (WARN_ON(used > max)) 728 return 0; 729 730 return max - used; 731 } 732 733 int iwl_txq_gen2_tx(struct iwl_trans *trans, struct sk_buff *skb, 734 struct iwl_device_tx_cmd *dev_cmd, int txq_id) 735 { 736 struct iwl_cmd_meta *out_meta; 737 struct iwl_txq *txq = trans->txqs.txq[txq_id]; 738 u16 cmd_len; 739 int idx; 740 void *tfd; 741 742 if (WARN_ONCE(txq_id >= IWL_MAX_TVQM_QUEUES, 743 "queue %d out of range", txq_id)) 744 return -EINVAL; 745 746 if (WARN_ONCE(!test_bit(txq_id, trans->txqs.queue_used), 747 "TX on unused queue %d\n", txq_id)) 748 return -EINVAL; 749 750 if (skb_is_nonlinear(skb) && 751 skb_shinfo(skb)->nr_frags > IWL_TRANS_MAX_FRAGS(trans) && 752 __skb_linearize(skb)) 753 return -ENOMEM; 754 755 spin_lock(&txq->lock); 756 757 if (iwl_txq_space(trans, txq) < txq->high_mark) { 758 iwl_txq_stop(trans, txq); 759 760 /* don't put the packet on the ring, if there is no room */ 761 if (unlikely(iwl_txq_space(trans, txq) < 3)) { 762 struct iwl_device_tx_cmd **dev_cmd_ptr; 763 764 dev_cmd_ptr = (void *)((u8 *)skb->cb + 765 trans->txqs.dev_cmd_offs); 766 767 *dev_cmd_ptr = dev_cmd; 768 __skb_queue_tail(&txq->overflow_q, skb); 769 spin_unlock(&txq->lock); 770 return 0; 771 } 772 } 773 774 idx = iwl_txq_get_cmd_index(txq, txq->write_ptr); 775 776 /* Set up driver data for this TFD */ 777 txq->entries[idx].skb = skb; 778 txq->entries[idx].cmd = dev_cmd; 779 780 dev_cmd->hdr.sequence = 781 cpu_to_le16((u16)(QUEUE_TO_SEQ(txq_id) | 782 INDEX_TO_SEQ(idx))); 783 784 /* Set up first empty entry in queue's array of Tx/cmd buffers */ 785 out_meta = &txq->entries[idx].meta; 786 out_meta->flags = 0; 787 788 tfd = iwl_txq_gen2_build_tfd(trans, txq, dev_cmd, skb, out_meta); 789 if (!tfd) { 790 spin_unlock(&txq->lock); 791 return -1; 792 } 793 794 if (trans->trans_cfg->device_family >= IWL_DEVICE_FAMILY_AX210) { 795 struct iwl_tx_cmd_gen3 *tx_cmd_gen3 = 796 (void *)dev_cmd->payload; 797 798 cmd_len = le16_to_cpu(tx_cmd_gen3->len); 799 } else { 800 struct iwl_tx_cmd_gen2 *tx_cmd_gen2 = 801 (void *)dev_cmd->payload; 802 803 cmd_len = le16_to_cpu(tx_cmd_gen2->len); 804 } 805 806 /* Set up entry for this TFD in Tx byte-count array */ 807 iwl_pcie_gen2_update_byte_tbl(trans, txq, cmd_len, 808 iwl_txq_gen2_get_num_tbs(trans, tfd)); 809 810 /* start timer if queue currently empty */ 811 if (txq->read_ptr == txq->write_ptr && txq->wd_timeout) 812 mod_timer(&txq->stuck_timer, jiffies + txq->wd_timeout); 813 814 /* Tell device the write index *just past* this latest filled TFD */ 815 txq->write_ptr = iwl_txq_inc_wrap(trans, txq->write_ptr); 816 iwl_txq_inc_wr_ptr(trans, txq); 817 /* 818 * At this point the frame is "transmitted" successfully 819 * and we will get a TX status notification eventually. 820 */ 821 spin_unlock(&txq->lock); 822 return 0; 823 } 824 825 /*************** HOST COMMAND QUEUE FUNCTIONS *****/ 826 827 /* 828 * iwl_txq_gen2_unmap - Unmap any remaining DMA mappings and free skb's 829 */ 830 void iwl_txq_gen2_unmap(struct iwl_trans *trans, int txq_id) 831 { 832 struct iwl_txq *txq = trans->txqs.txq[txq_id]; 833 834 spin_lock_bh(&txq->lock); 835 while (txq->write_ptr != txq->read_ptr) { 836 IWL_DEBUG_TX_REPLY(trans, "Q %d Free %d\n", 837 txq_id, txq->read_ptr); 838 839 if (txq_id != trans->txqs.cmd.q_id) { 840 int idx = iwl_txq_get_cmd_index(txq, txq->read_ptr); 841 struct sk_buff *skb = txq->entries[idx].skb; 842 843 if (!WARN_ON_ONCE(!skb)) 844 iwl_txq_free_tso_page(trans, skb); 845 } 846 iwl_txq_gen2_free_tfd(trans, txq); 847 txq->read_ptr = iwl_txq_inc_wrap(trans, txq->read_ptr); 848 } 849 850 while (!skb_queue_empty(&txq->overflow_q)) { 851 struct sk_buff *skb = __skb_dequeue(&txq->overflow_q); 852 853 iwl_op_mode_free_skb(trans->op_mode, skb); 854 } 855 856 spin_unlock_bh(&txq->lock); 857 858 /* just in case - this queue may have been stopped */ 859 iwl_wake_queue(trans, txq); 860 } 861 862 static void iwl_txq_gen2_free_memory(struct iwl_trans *trans, 863 struct iwl_txq *txq) 864 { 865 struct device *dev = trans->dev; 866 867 /* De-alloc circular buffer of TFDs */ 868 if (txq->tfds) { 869 dma_free_coherent(dev, 870 trans->txqs.tfd.size * txq->n_window, 871 txq->tfds, txq->dma_addr); 872 dma_free_coherent(dev, 873 sizeof(*txq->first_tb_bufs) * txq->n_window, 874 txq->first_tb_bufs, txq->first_tb_dma); 875 } 876 877 kfree(txq->entries); 878 if (txq->bc_tbl.addr) 879 dma_pool_free(trans->txqs.bc_pool, 880 txq->bc_tbl.addr, txq->bc_tbl.dma); 881 kfree(txq); 882 } 883 884 /* 885 * iwl_pcie_txq_free - Deallocate DMA queue. 886 * @txq: Transmit queue to deallocate. 887 * 888 * Empty queue by removing and destroying all BD's. 889 * Free all buffers. 890 * 0-fill, but do not free "txq" descriptor structure. 891 */ 892 static void iwl_txq_gen2_free(struct iwl_trans *trans, int txq_id) 893 { 894 struct iwl_txq *txq; 895 int i; 896 897 if (WARN_ONCE(txq_id >= IWL_MAX_TVQM_QUEUES, 898 "queue %d out of range", txq_id)) 899 return; 900 901 txq = trans->txqs.txq[txq_id]; 902 903 if (WARN_ON(!txq)) 904 return; 905 906 iwl_txq_gen2_unmap(trans, txq_id); 907 908 /* De-alloc array of command/tx buffers */ 909 if (txq_id == trans->txqs.cmd.q_id) 910 for (i = 0; i < txq->n_window; i++) { 911 kfree_sensitive(txq->entries[i].cmd); 912 kfree_sensitive(txq->entries[i].free_buf); 913 } 914 del_timer_sync(&txq->stuck_timer); 915 916 iwl_txq_gen2_free_memory(trans, txq); 917 918 trans->txqs.txq[txq_id] = NULL; 919 920 clear_bit(txq_id, trans->txqs.queue_used); 921 } 922 923 /* 924 * iwl_queue_init - Initialize queue's high/low-water and read/write indexes 925 */ 926 static int iwl_queue_init(struct iwl_txq *q, int slots_num) 927 { 928 q->n_window = slots_num; 929 930 /* slots_num must be power-of-two size, otherwise 931 * iwl_txq_get_cmd_index is broken. */ 932 if (WARN_ON(!is_power_of_2(slots_num))) 933 return -EINVAL; 934 935 q->low_mark = q->n_window / 4; 936 if (q->low_mark < 4) 937 q->low_mark = 4; 938 939 q->high_mark = q->n_window / 8; 940 if (q->high_mark < 2) 941 q->high_mark = 2; 942 943 q->write_ptr = 0; 944 q->read_ptr = 0; 945 946 return 0; 947 } 948 949 int iwl_txq_init(struct iwl_trans *trans, struct iwl_txq *txq, int slots_num, 950 bool cmd_queue) 951 { 952 int ret; 953 u32 tfd_queue_max_size = 954 trans->trans_cfg->base_params->max_tfd_queue_size; 955 956 txq->need_update = false; 957 958 /* max_tfd_queue_size must be power-of-two size, otherwise 959 * iwl_txq_inc_wrap and iwl_txq_dec_wrap are broken. */ 960 if (WARN_ONCE(tfd_queue_max_size & (tfd_queue_max_size - 1), 961 "Max tfd queue size must be a power of two, but is %d", 962 tfd_queue_max_size)) 963 return -EINVAL; 964 965 /* Initialize queue's high/low-water marks, and head/tail indexes */ 966 ret = iwl_queue_init(txq, slots_num); 967 if (ret) 968 return ret; 969 970 spin_lock_init(&txq->lock); 971 972 if (cmd_queue) { 973 static struct lock_class_key iwl_txq_cmd_queue_lock_class; 974 975 lockdep_set_class(&txq->lock, &iwl_txq_cmd_queue_lock_class); 976 } 977 978 __skb_queue_head_init(&txq->overflow_q); 979 980 return 0; 981 } 982 983 void iwl_txq_free_tso_page(struct iwl_trans *trans, struct sk_buff *skb) 984 { 985 struct page **page_ptr; 986 struct page *next; 987 988 page_ptr = (void *)((u8 *)skb->cb + trans->txqs.page_offs); 989 next = *page_ptr; 990 *page_ptr = NULL; 991 992 while (next) { 993 struct page *tmp = next; 994 995 next = *(void **)(page_address(next) + PAGE_SIZE - 996 sizeof(void *)); 997 __free_page(tmp); 998 } 999 } 1000 1001 void iwl_txq_log_scd_error(struct iwl_trans *trans, struct iwl_txq *txq) 1002 { 1003 u32 txq_id = txq->id; 1004 u32 status; 1005 bool active; 1006 u8 fifo; 1007 1008 if (trans->trans_cfg->use_tfh) { 1009 IWL_ERR(trans, "Queue %d is stuck %d %d\n", txq_id, 1010 txq->read_ptr, txq->write_ptr); 1011 /* TODO: access new SCD registers and dump them */ 1012 return; 1013 } 1014 1015 status = iwl_read_prph(trans, SCD_QUEUE_STATUS_BITS(txq_id)); 1016 fifo = (status >> SCD_QUEUE_STTS_REG_POS_TXF) & 0x7; 1017 active = !!(status & BIT(SCD_QUEUE_STTS_REG_POS_ACTIVE)); 1018 1019 IWL_ERR(trans, 1020 "Queue %d is %sactive on fifo %d and stuck for %u ms. SW [%d, %d] HW [%d, %d] FH TRB=0x0%x\n", 1021 txq_id, active ? "" : "in", fifo, 1022 jiffies_to_msecs(txq->wd_timeout), 1023 txq->read_ptr, txq->write_ptr, 1024 iwl_read_prph(trans, SCD_QUEUE_RDPTR(txq_id)) & 1025 (trans->trans_cfg->base_params->max_tfd_queue_size - 1), 1026 iwl_read_prph(trans, SCD_QUEUE_WRPTR(txq_id)) & 1027 (trans->trans_cfg->base_params->max_tfd_queue_size - 1), 1028 iwl_read_direct32(trans, FH_TX_TRB_REG(fifo))); 1029 } 1030 1031 static void iwl_txq_stuck_timer(struct timer_list *t) 1032 { 1033 struct iwl_txq *txq = from_timer(txq, t, stuck_timer); 1034 struct iwl_trans *trans = txq->trans; 1035 1036 spin_lock(&txq->lock); 1037 /* check if triggered erroneously */ 1038 if (txq->read_ptr == txq->write_ptr) { 1039 spin_unlock(&txq->lock); 1040 return; 1041 } 1042 spin_unlock(&txq->lock); 1043 1044 iwl_txq_log_scd_error(trans, txq); 1045 1046 iwl_force_nmi(trans); 1047 } 1048 1049 int iwl_txq_alloc(struct iwl_trans *trans, struct iwl_txq *txq, int slots_num, 1050 bool cmd_queue) 1051 { 1052 size_t tfd_sz = trans->txqs.tfd.size * 1053 trans->trans_cfg->base_params->max_tfd_queue_size; 1054 size_t tb0_buf_sz; 1055 int i; 1056 1057 if (WARN_ON(txq->entries || txq->tfds)) 1058 return -EINVAL; 1059 1060 if (trans->trans_cfg->use_tfh) 1061 tfd_sz = trans->txqs.tfd.size * slots_num; 1062 1063 timer_setup(&txq->stuck_timer, iwl_txq_stuck_timer, 0); 1064 txq->trans = trans; 1065 1066 txq->n_window = slots_num; 1067 1068 txq->entries = kcalloc(slots_num, 1069 sizeof(struct iwl_pcie_txq_entry), 1070 GFP_KERNEL); 1071 1072 if (!txq->entries) 1073 goto error; 1074 1075 if (cmd_queue) 1076 for (i = 0; i < slots_num; i++) { 1077 txq->entries[i].cmd = 1078 kmalloc(sizeof(struct iwl_device_cmd), 1079 GFP_KERNEL); 1080 if (!txq->entries[i].cmd) 1081 goto error; 1082 } 1083 1084 /* Circular buffer of transmit frame descriptors (TFDs), 1085 * shared with device */ 1086 txq->tfds = dma_alloc_coherent(trans->dev, tfd_sz, 1087 &txq->dma_addr, GFP_KERNEL); 1088 if (!txq->tfds) 1089 goto error; 1090 1091 BUILD_BUG_ON(sizeof(*txq->first_tb_bufs) != IWL_FIRST_TB_SIZE_ALIGN); 1092 1093 tb0_buf_sz = sizeof(*txq->first_tb_bufs) * slots_num; 1094 1095 txq->first_tb_bufs = dma_alloc_coherent(trans->dev, tb0_buf_sz, 1096 &txq->first_tb_dma, 1097 GFP_KERNEL); 1098 if (!txq->first_tb_bufs) 1099 goto err_free_tfds; 1100 1101 return 0; 1102 err_free_tfds: 1103 dma_free_coherent(trans->dev, tfd_sz, txq->tfds, txq->dma_addr); 1104 error: 1105 if (txq->entries && cmd_queue) 1106 for (i = 0; i < slots_num; i++) 1107 kfree(txq->entries[i].cmd); 1108 kfree(txq->entries); 1109 txq->entries = NULL; 1110 1111 return -ENOMEM; 1112 } 1113 1114 static int iwl_txq_dyn_alloc_dma(struct iwl_trans *trans, 1115 struct iwl_txq **intxq, int size, 1116 unsigned int timeout) 1117 { 1118 size_t bc_tbl_size, bc_tbl_entries; 1119 struct iwl_txq *txq; 1120 int ret; 1121 1122 WARN_ON(!trans->txqs.bc_tbl_size); 1123 1124 bc_tbl_size = trans->txqs.bc_tbl_size; 1125 bc_tbl_entries = bc_tbl_size / sizeof(u16); 1126 1127 if (WARN_ON(size > bc_tbl_entries)) 1128 return -EINVAL; 1129 1130 txq = kzalloc(sizeof(*txq), GFP_KERNEL); 1131 if (!txq) 1132 return -ENOMEM; 1133 1134 txq->bc_tbl.addr = dma_pool_alloc(trans->txqs.bc_pool, GFP_KERNEL, 1135 &txq->bc_tbl.dma); 1136 if (!txq->bc_tbl.addr) { 1137 IWL_ERR(trans, "Scheduler BC Table allocation failed\n"); 1138 kfree(txq); 1139 return -ENOMEM; 1140 } 1141 1142 ret = iwl_txq_alloc(trans, txq, size, false); 1143 if (ret) { 1144 IWL_ERR(trans, "Tx queue alloc failed\n"); 1145 goto error; 1146 } 1147 ret = iwl_txq_init(trans, txq, size, false); 1148 if (ret) { 1149 IWL_ERR(trans, "Tx queue init failed\n"); 1150 goto error; 1151 } 1152 1153 txq->wd_timeout = msecs_to_jiffies(timeout); 1154 1155 *intxq = txq; 1156 return 0; 1157 1158 error: 1159 iwl_txq_gen2_free_memory(trans, txq); 1160 return ret; 1161 } 1162 1163 static int iwl_txq_alloc_response(struct iwl_trans *trans, struct iwl_txq *txq, 1164 struct iwl_host_cmd *hcmd) 1165 { 1166 struct iwl_tx_queue_cfg_rsp *rsp; 1167 int ret, qid; 1168 u32 wr_ptr; 1169 1170 if (WARN_ON(iwl_rx_packet_payload_len(hcmd->resp_pkt) != 1171 sizeof(*rsp))) { 1172 ret = -EINVAL; 1173 goto error_free_resp; 1174 } 1175 1176 rsp = (void *)hcmd->resp_pkt->data; 1177 qid = le16_to_cpu(rsp->queue_number); 1178 wr_ptr = le16_to_cpu(rsp->write_pointer); 1179 1180 if (qid >= ARRAY_SIZE(trans->txqs.txq)) { 1181 WARN_ONCE(1, "queue index %d unsupported", qid); 1182 ret = -EIO; 1183 goto error_free_resp; 1184 } 1185 1186 if (test_and_set_bit(qid, trans->txqs.queue_used)) { 1187 WARN_ONCE(1, "queue %d already used", qid); 1188 ret = -EIO; 1189 goto error_free_resp; 1190 } 1191 1192 txq->id = qid; 1193 trans->txqs.txq[qid] = txq; 1194 wr_ptr &= (trans->trans_cfg->base_params->max_tfd_queue_size - 1); 1195 1196 /* Place first TFD at index corresponding to start sequence number */ 1197 txq->read_ptr = wr_ptr; 1198 txq->write_ptr = wr_ptr; 1199 1200 IWL_DEBUG_TX_QUEUES(trans, "Activate queue %d\n", qid); 1201 1202 iwl_free_resp(hcmd); 1203 return qid; 1204 1205 error_free_resp: 1206 iwl_free_resp(hcmd); 1207 iwl_txq_gen2_free_memory(trans, txq); 1208 return ret; 1209 } 1210 1211 int iwl_txq_dyn_alloc(struct iwl_trans *trans, __le16 flags, u8 sta_id, u8 tid, 1212 int cmd_id, int size, unsigned int timeout) 1213 { 1214 struct iwl_txq *txq = NULL; 1215 struct iwl_tx_queue_cfg_cmd cmd = { 1216 .flags = flags, 1217 .sta_id = sta_id, 1218 .tid = tid, 1219 }; 1220 struct iwl_host_cmd hcmd = { 1221 .id = cmd_id, 1222 .len = { sizeof(cmd) }, 1223 .data = { &cmd, }, 1224 .flags = CMD_WANT_SKB, 1225 }; 1226 int ret; 1227 1228 ret = iwl_txq_dyn_alloc_dma(trans, &txq, size, timeout); 1229 if (ret) 1230 return ret; 1231 1232 cmd.tfdq_addr = cpu_to_le64(txq->dma_addr); 1233 cmd.byte_cnt_addr = cpu_to_le64(txq->bc_tbl.dma); 1234 cmd.cb_size = cpu_to_le32(TFD_QUEUE_CB_SIZE(size)); 1235 1236 ret = iwl_trans_send_cmd(trans, &hcmd); 1237 if (ret) 1238 goto error; 1239 1240 return iwl_txq_alloc_response(trans, txq, &hcmd); 1241 1242 error: 1243 iwl_txq_gen2_free_memory(trans, txq); 1244 return ret; 1245 } 1246 1247 void iwl_txq_dyn_free(struct iwl_trans *trans, int queue) 1248 { 1249 if (WARN(queue >= IWL_MAX_TVQM_QUEUES, 1250 "queue %d out of range", queue)) 1251 return; 1252 1253 /* 1254 * Upon HW Rfkill - we stop the device, and then stop the queues 1255 * in the op_mode. Just for the sake of the simplicity of the op_mode, 1256 * allow the op_mode to call txq_disable after it already called 1257 * stop_device. 1258 */ 1259 if (!test_and_clear_bit(queue, trans->txqs.queue_used)) { 1260 WARN_ONCE(test_bit(STATUS_DEVICE_ENABLED, &trans->status), 1261 "queue %d not used", queue); 1262 return; 1263 } 1264 1265 iwl_txq_gen2_free(trans, queue); 1266 1267 IWL_DEBUG_TX_QUEUES(trans, "Deactivate queue %d\n", queue); 1268 } 1269 1270 void iwl_txq_gen2_tx_free(struct iwl_trans *trans) 1271 { 1272 int i; 1273 1274 memset(trans->txqs.queue_used, 0, sizeof(trans->txqs.queue_used)); 1275 1276 /* Free all TX queues */ 1277 for (i = 0; i < ARRAY_SIZE(trans->txqs.txq); i++) { 1278 if (!trans->txqs.txq[i]) 1279 continue; 1280 1281 iwl_txq_gen2_free(trans, i); 1282 } 1283 } 1284 1285 int iwl_txq_gen2_init(struct iwl_trans *trans, int txq_id, int queue_size) 1286 { 1287 struct iwl_txq *queue; 1288 int ret; 1289 1290 /* alloc and init the tx queue */ 1291 if (!trans->txqs.txq[txq_id]) { 1292 queue = kzalloc(sizeof(*queue), GFP_KERNEL); 1293 if (!queue) { 1294 IWL_ERR(trans, "Not enough memory for tx queue\n"); 1295 return -ENOMEM; 1296 } 1297 trans->txqs.txq[txq_id] = queue; 1298 ret = iwl_txq_alloc(trans, queue, queue_size, true); 1299 if (ret) { 1300 IWL_ERR(trans, "Tx %d queue init failed\n", txq_id); 1301 goto error; 1302 } 1303 } else { 1304 queue = trans->txqs.txq[txq_id]; 1305 } 1306 1307 ret = iwl_txq_init(trans, queue, queue_size, 1308 (txq_id == trans->txqs.cmd.q_id)); 1309 if (ret) { 1310 IWL_ERR(trans, "Tx %d queue alloc failed\n", txq_id); 1311 goto error; 1312 } 1313 trans->txqs.txq[txq_id]->id = txq_id; 1314 set_bit(txq_id, trans->txqs.queue_used); 1315 1316 return 0; 1317 1318 error: 1319 iwl_txq_gen2_tx_free(trans); 1320 return ret; 1321 } 1322 1323 static inline dma_addr_t iwl_txq_gen1_tfd_tb_get_addr(struct iwl_trans *trans, 1324 void *_tfd, u8 idx) 1325 { 1326 struct iwl_tfd *tfd; 1327 struct iwl_tfd_tb *tb; 1328 dma_addr_t addr; 1329 dma_addr_t hi_len; 1330 1331 if (trans->trans_cfg->use_tfh) { 1332 struct iwl_tfh_tfd *tfd = _tfd; 1333 struct iwl_tfh_tb *tb = &tfd->tbs[idx]; 1334 1335 return (dma_addr_t)(le64_to_cpu(tb->addr)); 1336 } 1337 1338 tfd = _tfd; 1339 tb = &tfd->tbs[idx]; 1340 addr = get_unaligned_le32(&tb->lo); 1341 1342 if (sizeof(dma_addr_t) <= sizeof(u32)) 1343 return addr; 1344 1345 hi_len = le16_to_cpu(tb->hi_n_len) & 0xF; 1346 1347 /* 1348 * shift by 16 twice to avoid warnings on 32-bit 1349 * (where this code never runs anyway due to the 1350 * if statement above) 1351 */ 1352 return addr | ((hi_len << 16) << 16); 1353 } 1354 1355 void iwl_txq_gen1_tfd_unmap(struct iwl_trans *trans, 1356 struct iwl_cmd_meta *meta, 1357 struct iwl_txq *txq, int index) 1358 { 1359 int i, num_tbs; 1360 void *tfd = iwl_txq_get_tfd(trans, txq, index); 1361 1362 /* Sanity check on number of chunks */ 1363 num_tbs = iwl_txq_gen1_tfd_get_num_tbs(trans, tfd); 1364 1365 if (num_tbs > trans->txqs.tfd.max_tbs) { 1366 IWL_ERR(trans, "Too many chunks: %i\n", num_tbs); 1367 /* @todo issue fatal error, it is quite serious situation */ 1368 return; 1369 } 1370 1371 /* first TB is never freed - it's the bidirectional DMA data */ 1372 1373 for (i = 1; i < num_tbs; i++) { 1374 if (meta->tbs & BIT(i)) 1375 dma_unmap_page(trans->dev, 1376 iwl_txq_gen1_tfd_tb_get_addr(trans, 1377 tfd, i), 1378 iwl_txq_gen1_tfd_tb_get_len(trans, 1379 tfd, i), 1380 DMA_TO_DEVICE); 1381 else 1382 dma_unmap_single(trans->dev, 1383 iwl_txq_gen1_tfd_tb_get_addr(trans, 1384 tfd, i), 1385 iwl_txq_gen1_tfd_tb_get_len(trans, 1386 tfd, i), 1387 DMA_TO_DEVICE); 1388 } 1389 1390 meta->tbs = 0; 1391 1392 if (trans->trans_cfg->use_tfh) { 1393 struct iwl_tfh_tfd *tfd_fh = (void *)tfd; 1394 1395 tfd_fh->num_tbs = 0; 1396 } else { 1397 struct iwl_tfd *tfd_fh = (void *)tfd; 1398 1399 tfd_fh->num_tbs = 0; 1400 } 1401 } 1402 1403 #define IWL_TX_CRC_SIZE 4 1404 #define IWL_TX_DELIMITER_SIZE 4 1405 1406 /* 1407 * iwl_txq_gen1_update_byte_cnt_tbl - Set up entry in Tx byte-count array 1408 */ 1409 void iwl_txq_gen1_update_byte_cnt_tbl(struct iwl_trans *trans, 1410 struct iwl_txq *txq, u16 byte_cnt, 1411 int num_tbs) 1412 { 1413 struct iwlagn_scd_bc_tbl *scd_bc_tbl; 1414 int write_ptr = txq->write_ptr; 1415 int txq_id = txq->id; 1416 u8 sec_ctl = 0; 1417 u16 len = byte_cnt + IWL_TX_CRC_SIZE + IWL_TX_DELIMITER_SIZE; 1418 __le16 bc_ent; 1419 struct iwl_device_tx_cmd *dev_cmd = txq->entries[txq->write_ptr].cmd; 1420 struct iwl_tx_cmd *tx_cmd = (void *)dev_cmd->payload; 1421 u8 sta_id = tx_cmd->sta_id; 1422 1423 scd_bc_tbl = trans->txqs.scd_bc_tbls.addr; 1424 1425 sec_ctl = tx_cmd->sec_ctl; 1426 1427 switch (sec_ctl & TX_CMD_SEC_MSK) { 1428 case TX_CMD_SEC_CCM: 1429 len += IEEE80211_CCMP_MIC_LEN; 1430 break; 1431 case TX_CMD_SEC_TKIP: 1432 len += IEEE80211_TKIP_ICV_LEN; 1433 break; 1434 case TX_CMD_SEC_WEP: 1435 len += IEEE80211_WEP_IV_LEN + IEEE80211_WEP_ICV_LEN; 1436 break; 1437 } 1438 if (trans->txqs.bc_table_dword) 1439 len = DIV_ROUND_UP(len, 4); 1440 1441 if (WARN_ON(len > 0xFFF || write_ptr >= TFD_QUEUE_SIZE_MAX)) 1442 return; 1443 1444 bc_ent = cpu_to_le16(len | (sta_id << 12)); 1445 1446 scd_bc_tbl[txq_id].tfd_offset[write_ptr] = bc_ent; 1447 1448 if (write_ptr < TFD_QUEUE_SIZE_BC_DUP) 1449 scd_bc_tbl[txq_id].tfd_offset[TFD_QUEUE_SIZE_MAX + write_ptr] = 1450 bc_ent; 1451 } 1452 1453 void iwl_txq_gen1_inval_byte_cnt_tbl(struct iwl_trans *trans, 1454 struct iwl_txq *txq) 1455 { 1456 struct iwlagn_scd_bc_tbl *scd_bc_tbl = trans->txqs.scd_bc_tbls.addr; 1457 int txq_id = txq->id; 1458 int read_ptr = txq->read_ptr; 1459 u8 sta_id = 0; 1460 __le16 bc_ent; 1461 struct iwl_device_tx_cmd *dev_cmd = txq->entries[read_ptr].cmd; 1462 struct iwl_tx_cmd *tx_cmd = (void *)dev_cmd->payload; 1463 1464 WARN_ON(read_ptr >= TFD_QUEUE_SIZE_MAX); 1465 1466 if (txq_id != trans->txqs.cmd.q_id) 1467 sta_id = tx_cmd->sta_id; 1468 1469 bc_ent = cpu_to_le16(1 | (sta_id << 12)); 1470 1471 scd_bc_tbl[txq_id].tfd_offset[read_ptr] = bc_ent; 1472 1473 if (read_ptr < TFD_QUEUE_SIZE_BC_DUP) 1474 scd_bc_tbl[txq_id].tfd_offset[TFD_QUEUE_SIZE_MAX + read_ptr] = 1475 bc_ent; 1476 } 1477 1478 /* 1479 * iwl_txq_free_tfd - Free all chunks referenced by TFD [txq->q.read_ptr] 1480 * @trans - transport private data 1481 * @txq - tx queue 1482 * @dma_dir - the direction of the DMA mapping 1483 * 1484 * Does NOT advance any TFD circular buffer read/write indexes 1485 * Does NOT free the TFD itself (which is within circular buffer) 1486 */ 1487 void iwl_txq_free_tfd(struct iwl_trans *trans, struct iwl_txq *txq) 1488 { 1489 /* rd_ptr is bounded by TFD_QUEUE_SIZE_MAX and 1490 * idx is bounded by n_window 1491 */ 1492 int rd_ptr = txq->read_ptr; 1493 int idx = iwl_txq_get_cmd_index(txq, rd_ptr); 1494 struct sk_buff *skb; 1495 1496 lockdep_assert_held(&txq->lock); 1497 1498 if (!txq->entries) 1499 return; 1500 1501 /* We have only q->n_window txq->entries, but we use 1502 * TFD_QUEUE_SIZE_MAX tfds 1503 */ 1504 iwl_txq_gen1_tfd_unmap(trans, &txq->entries[idx].meta, txq, rd_ptr); 1505 1506 /* free SKB */ 1507 skb = txq->entries[idx].skb; 1508 1509 /* Can be called from irqs-disabled context 1510 * If skb is not NULL, it means that the whole queue is being 1511 * freed and that the queue is not empty - free the skb 1512 */ 1513 if (skb) { 1514 iwl_op_mode_free_skb(trans->op_mode, skb); 1515 txq->entries[idx].skb = NULL; 1516 } 1517 } 1518 1519 void iwl_txq_progress(struct iwl_txq *txq) 1520 { 1521 lockdep_assert_held(&txq->lock); 1522 1523 if (!txq->wd_timeout) 1524 return; 1525 1526 /* 1527 * station is asleep and we send data - that must 1528 * be uAPSD or PS-Poll. Don't rearm the timer. 1529 */ 1530 if (txq->frozen) 1531 return; 1532 1533 /* 1534 * if empty delete timer, otherwise move timer forward 1535 * since we're making progress on this queue 1536 */ 1537 if (txq->read_ptr == txq->write_ptr) 1538 del_timer(&txq->stuck_timer); 1539 else 1540 mod_timer(&txq->stuck_timer, jiffies + txq->wd_timeout); 1541 } 1542 1543 /* Frees buffers until index _not_ inclusive */ 1544 void iwl_txq_reclaim(struct iwl_trans *trans, int txq_id, int ssn, 1545 struct sk_buff_head *skbs) 1546 { 1547 struct iwl_txq *txq = trans->txqs.txq[txq_id]; 1548 int tfd_num = iwl_txq_get_cmd_index(txq, ssn); 1549 int read_ptr = iwl_txq_get_cmd_index(txq, txq->read_ptr); 1550 int last_to_free; 1551 1552 /* This function is not meant to release cmd queue*/ 1553 if (WARN_ON(txq_id == trans->txqs.cmd.q_id)) 1554 return; 1555 1556 spin_lock_bh(&txq->lock); 1557 1558 if (!test_bit(txq_id, trans->txqs.queue_used)) { 1559 IWL_DEBUG_TX_QUEUES(trans, "Q %d inactive - ignoring idx %d\n", 1560 txq_id, ssn); 1561 goto out; 1562 } 1563 1564 if (read_ptr == tfd_num) 1565 goto out; 1566 1567 IWL_DEBUG_TX_REPLY(trans, "[Q %d] %d -> %d (%d)\n", 1568 txq_id, txq->read_ptr, tfd_num, ssn); 1569 1570 /*Since we free until index _not_ inclusive, the one before index is 1571 * the last we will free. This one must be used */ 1572 last_to_free = iwl_txq_dec_wrap(trans, tfd_num); 1573 1574 if (!iwl_txq_used(txq, last_to_free)) { 1575 IWL_ERR(trans, 1576 "%s: Read index for txq id (%d), last_to_free %d is out of range [0-%d] %d %d.\n", 1577 __func__, txq_id, last_to_free, 1578 trans->trans_cfg->base_params->max_tfd_queue_size, 1579 txq->write_ptr, txq->read_ptr); 1580 goto out; 1581 } 1582 1583 if (WARN_ON(!skb_queue_empty(skbs))) 1584 goto out; 1585 1586 for (; 1587 read_ptr != tfd_num; 1588 txq->read_ptr = iwl_txq_inc_wrap(trans, txq->read_ptr), 1589 read_ptr = iwl_txq_get_cmd_index(txq, txq->read_ptr)) { 1590 struct sk_buff *skb = txq->entries[read_ptr].skb; 1591 1592 if (WARN_ON_ONCE(!skb)) 1593 continue; 1594 1595 iwl_txq_free_tso_page(trans, skb); 1596 1597 __skb_queue_tail(skbs, skb); 1598 1599 txq->entries[read_ptr].skb = NULL; 1600 1601 if (!trans->trans_cfg->use_tfh) 1602 iwl_txq_gen1_inval_byte_cnt_tbl(trans, txq); 1603 1604 iwl_txq_free_tfd(trans, txq); 1605 } 1606 1607 iwl_txq_progress(txq); 1608 1609 if (iwl_txq_space(trans, txq) > txq->low_mark && 1610 test_bit(txq_id, trans->txqs.queue_stopped)) { 1611 struct sk_buff_head overflow_skbs; 1612 1613 __skb_queue_head_init(&overflow_skbs); 1614 skb_queue_splice_init(&txq->overflow_q, &overflow_skbs); 1615 1616 /* 1617 * We are going to transmit from the overflow queue. 1618 * Remember this state so that wait_for_txq_empty will know we 1619 * are adding more packets to the TFD queue. It cannot rely on 1620 * the state of &txq->overflow_q, as we just emptied it, but 1621 * haven't TXed the content yet. 1622 */ 1623 txq->overflow_tx = true; 1624 1625 /* 1626 * This is tricky: we are in reclaim path which is non 1627 * re-entrant, so noone will try to take the access the 1628 * txq data from that path. We stopped tx, so we can't 1629 * have tx as well. Bottom line, we can unlock and re-lock 1630 * later. 1631 */ 1632 spin_unlock_bh(&txq->lock); 1633 1634 while (!skb_queue_empty(&overflow_skbs)) { 1635 struct sk_buff *skb = __skb_dequeue(&overflow_skbs); 1636 struct iwl_device_tx_cmd *dev_cmd_ptr; 1637 1638 dev_cmd_ptr = *(void **)((u8 *)skb->cb + 1639 trans->txqs.dev_cmd_offs); 1640 1641 /* 1642 * Note that we can very well be overflowing again. 1643 * In that case, iwl_txq_space will be small again 1644 * and we won't wake mac80211's queue. 1645 */ 1646 iwl_trans_tx(trans, skb, dev_cmd_ptr, txq_id); 1647 } 1648 1649 if (iwl_txq_space(trans, txq) > txq->low_mark) 1650 iwl_wake_queue(trans, txq); 1651 1652 spin_lock_bh(&txq->lock); 1653 txq->overflow_tx = false; 1654 } 1655 1656 out: 1657 spin_unlock_bh(&txq->lock); 1658 } 1659 1660 /* Set wr_ptr of specific device and txq */ 1661 void iwl_txq_set_q_ptrs(struct iwl_trans *trans, int txq_id, int ptr) 1662 { 1663 struct iwl_txq *txq = trans->txqs.txq[txq_id]; 1664 1665 spin_lock_bh(&txq->lock); 1666 1667 txq->write_ptr = ptr; 1668 txq->read_ptr = txq->write_ptr; 1669 1670 spin_unlock_bh(&txq->lock); 1671 } 1672 1673 void iwl_trans_txq_freeze_timer(struct iwl_trans *trans, unsigned long txqs, 1674 bool freeze) 1675 { 1676 int queue; 1677 1678 for_each_set_bit(queue, &txqs, BITS_PER_LONG) { 1679 struct iwl_txq *txq = trans->txqs.txq[queue]; 1680 unsigned long now; 1681 1682 spin_lock_bh(&txq->lock); 1683 1684 now = jiffies; 1685 1686 if (txq->frozen == freeze) 1687 goto next_queue; 1688 1689 IWL_DEBUG_TX_QUEUES(trans, "%s TXQ %d\n", 1690 freeze ? "Freezing" : "Waking", queue); 1691 1692 txq->frozen = freeze; 1693 1694 if (txq->read_ptr == txq->write_ptr) 1695 goto next_queue; 1696 1697 if (freeze) { 1698 if (unlikely(time_after(now, 1699 txq->stuck_timer.expires))) { 1700 /* 1701 * The timer should have fired, maybe it is 1702 * spinning right now on the lock. 1703 */ 1704 goto next_queue; 1705 } 1706 /* remember how long until the timer fires */ 1707 txq->frozen_expiry_remainder = 1708 txq->stuck_timer.expires - now; 1709 del_timer(&txq->stuck_timer); 1710 goto next_queue; 1711 } 1712 1713 /* 1714 * Wake a non-empty queue -> arm timer with the 1715 * remainder before it froze 1716 */ 1717 mod_timer(&txq->stuck_timer, 1718 now + txq->frozen_expiry_remainder); 1719 1720 next_queue: 1721 spin_unlock_bh(&txq->lock); 1722 } 1723 } 1724 1725