1 /* 2 * Marvell Wireless LAN device driver: 802.11n RX Re-ordering 3 * 4 * Copyright (C) 2011-2014, Marvell International Ltd. 5 * 6 * This software file (the "File") is distributed by Marvell International 7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991 8 * (the "License"). You may use, redistribute and/or modify this File in 9 * accordance with the terms and conditions of the License, a copy of which 10 * is available by writing to the Free Software Foundation, Inc., 11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the 12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 13 * 14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE 16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about 17 * this warranty disclaimer. 18 */ 19 20 #include "decl.h" 21 #include "ioctl.h" 22 #include "util.h" 23 #include "fw.h" 24 #include "main.h" 25 #include "wmm.h" 26 #include "11n.h" 27 #include "11n_rxreorder.h" 28 29 /* This function will dispatch amsdu packet and forward it to kernel/upper 30 * layer. 31 */ 32 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv, 33 struct sk_buff *skb) 34 { 35 struct rxpd *local_rx_pd = (struct rxpd *)(skb->data); 36 int ret; 37 38 if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) { 39 struct sk_buff_head list; 40 struct sk_buff *rx_skb; 41 42 __skb_queue_head_init(&list); 43 44 skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset)); 45 skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length)); 46 47 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr, 48 priv->wdev.iftype, 0, NULL, NULL); 49 50 while (!skb_queue_empty(&list)) { 51 struct rx_packet_hdr *rx_hdr; 52 53 rx_skb = __skb_dequeue(&list); 54 rx_hdr = (struct rx_packet_hdr *)rx_skb->data; 55 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 56 ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) { 57 mwifiex_process_tdls_action_frame(priv, 58 (u8 *)rx_hdr, 59 skb->len); 60 } 61 62 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 63 ret = mwifiex_uap_recv_packet(priv, rx_skb); 64 else 65 ret = mwifiex_recv_packet(priv, rx_skb); 66 if (ret == -1) 67 mwifiex_dbg(priv->adapter, ERROR, 68 "Rx of A-MSDU failed"); 69 } 70 return 0; 71 } 72 73 return -1; 74 } 75 76 /* This function will process the rx packet and forward it to kernel/upper 77 * layer. 78 */ 79 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv, void *payload) 80 { 81 82 int ret; 83 84 if (!payload) { 85 mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n"); 86 return 0; 87 } 88 89 ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload); 90 if (!ret) 91 return 0; 92 93 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 94 return mwifiex_handle_uap_rx_forward(priv, payload); 95 96 return mwifiex_process_rx_packet(priv, payload); 97 } 98 99 /* 100 * This function dispatches all packets in the Rx reorder table until the 101 * start window. 102 * 103 * There could be holes in the buffer, which are skipped by the function. 104 * Since the buffer is linear, the function uses rotation to simulate 105 * circular buffer. 106 */ 107 static void 108 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv, 109 struct mwifiex_rx_reorder_tbl *tbl, 110 int start_win) 111 { 112 int pkt_to_send, i; 113 void *rx_tmp_ptr; 114 unsigned long flags; 115 116 pkt_to_send = (start_win > tbl->start_win) ? 117 min((start_win - tbl->start_win), tbl->win_size) : 118 tbl->win_size; 119 120 for (i = 0; i < pkt_to_send; ++i) { 121 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 122 rx_tmp_ptr = NULL; 123 if (tbl->rx_reorder_ptr[i]) { 124 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 125 tbl->rx_reorder_ptr[i] = NULL; 126 } 127 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 128 if (rx_tmp_ptr) 129 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 130 } 131 132 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 133 /* 134 * We don't have a circular buffer, hence use rotation to simulate 135 * circular buffer 136 */ 137 for (i = 0; i < tbl->win_size - pkt_to_send; ++i) { 138 tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i]; 139 tbl->rx_reorder_ptr[pkt_to_send + i] = NULL; 140 } 141 142 tbl->start_win = start_win; 143 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 144 } 145 146 /* 147 * This function dispatches all packets in the Rx reorder table until 148 * a hole is found. 149 * 150 * The start window is adjusted automatically when a hole is located. 151 * Since the buffer is linear, the function uses rotation to simulate 152 * circular buffer. 153 */ 154 static void 155 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv, 156 struct mwifiex_rx_reorder_tbl *tbl) 157 { 158 int i, j, xchg; 159 void *rx_tmp_ptr; 160 unsigned long flags; 161 162 for (i = 0; i < tbl->win_size; ++i) { 163 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 164 if (!tbl->rx_reorder_ptr[i]) { 165 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 166 break; 167 } 168 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 169 tbl->rx_reorder_ptr[i] = NULL; 170 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 171 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 172 } 173 174 spin_lock_irqsave(&priv->rx_pkt_lock, flags); 175 /* 176 * We don't have a circular buffer, hence use rotation to simulate 177 * circular buffer 178 */ 179 if (i > 0) { 180 xchg = tbl->win_size - i; 181 for (j = 0; j < xchg; ++j) { 182 tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j]; 183 tbl->rx_reorder_ptr[i + j] = NULL; 184 } 185 } 186 tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1); 187 spin_unlock_irqrestore(&priv->rx_pkt_lock, flags); 188 } 189 190 /* 191 * This function deletes the Rx reorder table and frees the memory. 192 * 193 * The function stops the associated timer and dispatches all the 194 * pending packets in the Rx reorder table before deletion. 195 */ 196 static void 197 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv, 198 struct mwifiex_rx_reorder_tbl *tbl) 199 { 200 unsigned long flags; 201 int start_win; 202 203 if (!tbl) 204 return; 205 206 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 207 priv->adapter->rx_locked = true; 208 if (priv->adapter->rx_processing) { 209 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 210 flush_workqueue(priv->adapter->rx_workqueue); 211 } else { 212 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 213 } 214 215 start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1); 216 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 217 218 del_timer_sync(&tbl->timer_context.timer); 219 tbl->timer_context.timer_is_set = false; 220 221 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 222 list_del(&tbl->list); 223 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 224 225 kfree(tbl->rx_reorder_ptr); 226 kfree(tbl); 227 228 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 229 priv->adapter->rx_locked = false; 230 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 231 232 } 233 234 /* 235 * This function returns the pointer to an entry in Rx reordering 236 * table which matches the given TA/TID pair. 237 */ 238 struct mwifiex_rx_reorder_tbl * 239 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta) 240 { 241 struct mwifiex_rx_reorder_tbl *tbl; 242 unsigned long flags; 243 244 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 245 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) { 246 if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) { 247 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 248 flags); 249 return tbl; 250 } 251 } 252 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 253 254 return NULL; 255 } 256 257 /* This function retrieves the pointer to an entry in Rx reordering 258 * table which matches the given TA and deletes it. 259 */ 260 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta) 261 { 262 struct mwifiex_rx_reorder_tbl *tbl, *tmp; 263 unsigned long flags; 264 265 if (!ta) 266 return; 267 268 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 269 list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) { 270 if (!memcmp(tbl->ta, ta, ETH_ALEN)) { 271 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 272 flags); 273 mwifiex_del_rx_reorder_entry(priv, tbl); 274 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 275 } 276 } 277 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 278 279 return; 280 } 281 282 /* 283 * This function finds the last sequence number used in the packets 284 * buffered in Rx reordering table. 285 */ 286 static int 287 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx) 288 { 289 struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr; 290 struct mwifiex_private *priv = ctx->priv; 291 unsigned long flags; 292 int i; 293 294 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 295 for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) { 296 if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) { 297 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 298 flags); 299 return i; 300 } 301 } 302 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 303 304 return -1; 305 } 306 307 /* 308 * This function flushes all the packets in Rx reordering table. 309 * 310 * The function checks if any packets are currently buffered in the 311 * table or not. In case there are packets available, it dispatches 312 * them and then dumps the Rx reordering table. 313 */ 314 static void 315 mwifiex_flush_data(unsigned long context) 316 { 317 struct reorder_tmr_cnxt *ctx = 318 (struct reorder_tmr_cnxt *) context; 319 int start_win, seq_num; 320 321 ctx->timer_is_set = false; 322 seq_num = mwifiex_11n_find_last_seq_num(ctx); 323 324 if (seq_num < 0) 325 return; 326 327 mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num); 328 start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1); 329 mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr, 330 start_win); 331 } 332 333 /* 334 * This function creates an entry in Rx reordering table for the 335 * given TA/TID. 336 * 337 * The function also initializes the entry with sequence number, window 338 * size as well as initializes the timer. 339 * 340 * If the received TA/TID pair is already present, all the packets are 341 * dispatched and the window size is moved until the SSN. 342 */ 343 static void 344 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta, 345 int tid, int win_size, int seq_num) 346 { 347 int i; 348 struct mwifiex_rx_reorder_tbl *tbl, *new_node; 349 u16 last_seq = 0; 350 unsigned long flags; 351 struct mwifiex_sta_node *node; 352 353 /* 354 * If we get a TID, ta pair which is already present dispatch all the 355 * the packets and move the window size until the ssn 356 */ 357 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 358 if (tbl) { 359 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num); 360 return; 361 } 362 /* if !tbl then create one */ 363 new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL); 364 if (!new_node) 365 return; 366 367 INIT_LIST_HEAD(&new_node->list); 368 new_node->tid = tid; 369 memcpy(new_node->ta, ta, ETH_ALEN); 370 new_node->start_win = seq_num; 371 new_node->init_win = seq_num; 372 new_node->flags = 0; 373 374 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 375 if (mwifiex_queuing_ra_based(priv)) { 376 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) { 377 node = mwifiex_get_sta_entry(priv, ta); 378 if (node) 379 last_seq = node->rx_seq[tid]; 380 } 381 } else { 382 node = mwifiex_get_sta_entry(priv, ta); 383 if (node) 384 last_seq = node->rx_seq[tid]; 385 else 386 last_seq = priv->rx_seq[tid]; 387 } 388 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 389 390 mwifiex_dbg(priv->adapter, INFO, 391 "info: last_seq=%d start_win=%d\n", 392 last_seq, new_node->start_win); 393 394 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 395 last_seq >= new_node->start_win) { 396 new_node->start_win = last_seq + 1; 397 new_node->flags |= RXREOR_INIT_WINDOW_SHIFT; 398 } 399 400 new_node->win_size = win_size; 401 402 new_node->rx_reorder_ptr = kzalloc(sizeof(void *) * win_size, 403 GFP_KERNEL); 404 if (!new_node->rx_reorder_ptr) { 405 kfree((u8 *) new_node); 406 mwifiex_dbg(priv->adapter, ERROR, 407 "%s: failed to alloc reorder_ptr\n", __func__); 408 return; 409 } 410 411 new_node->timer_context.ptr = new_node; 412 new_node->timer_context.priv = priv; 413 new_node->timer_context.timer_is_set = false; 414 415 setup_timer(&new_node->timer_context.timer, mwifiex_flush_data, 416 (unsigned long)&new_node->timer_context); 417 418 for (i = 0; i < win_size; ++i) 419 new_node->rx_reorder_ptr[i] = NULL; 420 421 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 422 list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr); 423 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 424 } 425 426 static void 427 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl) 428 { 429 u32 min_flush_time; 430 431 if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32) 432 min_flush_time = MIN_FLUSH_TIMER_15_MS; 433 else 434 min_flush_time = MIN_FLUSH_TIMER_MS; 435 436 mod_timer(&tbl->timer_context.timer, 437 jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size)); 438 439 tbl->timer_context.timer_is_set = true; 440 } 441 442 /* 443 * This function prepares command for adding a BA request. 444 * 445 * Preparation includes - 446 * - Setting command ID and proper size 447 * - Setting add BA request buffer 448 * - Ensuring correct endian-ness 449 */ 450 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf) 451 { 452 struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req; 453 454 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ); 455 cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN); 456 memcpy(add_ba_req, data_buf, sizeof(*add_ba_req)); 457 458 return 0; 459 } 460 461 /* 462 * This function prepares command for adding a BA response. 463 * 464 * Preparation includes - 465 * - Setting command ID and proper size 466 * - Setting add BA response buffer 467 * - Ensuring correct endian-ness 468 */ 469 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv, 470 struct host_cmd_ds_command *cmd, 471 struct host_cmd_ds_11n_addba_req 472 *cmd_addba_req) 473 { 474 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp; 475 struct mwifiex_sta_node *sta_ptr; 476 u32 rx_win_size = priv->add_ba_param.rx_win_size; 477 u8 tid; 478 int win_size; 479 unsigned long flags; 480 uint16_t block_ack_param_set; 481 482 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) && 483 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 484 priv->adapter->is_hw_11ac_capable && 485 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) { 486 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 487 sta_ptr = mwifiex_get_sta_entry(priv, 488 cmd_addba_req->peer_mac_addr); 489 if (!sta_ptr) { 490 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 491 mwifiex_dbg(priv->adapter, ERROR, 492 "BA setup with unknown TDLS peer %pM!\n", 493 cmd_addba_req->peer_mac_addr); 494 return -1; 495 } 496 if (sta_ptr->is_11ac_enabled) 497 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE; 498 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 499 } 500 501 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP); 502 cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN); 503 504 memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr, 505 ETH_ALEN); 506 add_ba_rsp->dialog_token = cmd_addba_req->dialog_token; 507 add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo; 508 add_ba_rsp->ssn = cmd_addba_req->ssn; 509 510 block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set); 511 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 512 >> BLOCKACKPARAM_TID_POS; 513 add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT); 514 block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK; 515 516 /* If we don't support AMSDU inside AMPDU, reset the bit */ 517 if (!priv->add_ba_param.rx_amsdu || 518 (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED)) 519 block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK; 520 block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS; 521 add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set); 522 win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set) 523 & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 524 >> BLOCKACKPARAM_WINSIZE_POS; 525 cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set); 526 527 mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr, 528 tid, win_size, 529 le16_to_cpu(cmd_addba_req->ssn)); 530 return 0; 531 } 532 533 /* 534 * This function prepares command for deleting a BA request. 535 * 536 * Preparation includes - 537 * - Setting command ID and proper size 538 * - Setting del BA request buffer 539 * - Ensuring correct endian-ness 540 */ 541 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf) 542 { 543 struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba; 544 545 cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA); 546 cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN); 547 memcpy(del_ba, data_buf, sizeof(*del_ba)); 548 549 return 0; 550 } 551 552 /* 553 * This function identifies if Rx reordering is needed for a received packet. 554 * 555 * In case reordering is required, the function will do the reordering 556 * before sending it to kernel. 557 * 558 * The Rx reorder table is checked first with the received TID/TA pair. If 559 * not found, the received packet is dispatched immediately. But if found, 560 * the packet is reordered and all the packets in the updated Rx reordering 561 * table is dispatched until a hole is found. 562 * 563 * For sequence number less than the starting window, the packet is dropped. 564 */ 565 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv, 566 u16 seq_num, u16 tid, 567 u8 *ta, u8 pkt_type, void *payload) 568 { 569 struct mwifiex_rx_reorder_tbl *tbl; 570 int prev_start_win, start_win, end_win, win_size; 571 u16 pkt_index; 572 bool init_window_shift = false; 573 int ret = 0; 574 575 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 576 if (!tbl) { 577 if (pkt_type != PKT_TYPE_BAR) 578 mwifiex_11n_dispatch_pkt(priv, payload); 579 return ret; 580 } 581 582 if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) { 583 mwifiex_11n_dispatch_pkt(priv, payload); 584 return ret; 585 } 586 587 start_win = tbl->start_win; 588 prev_start_win = start_win; 589 win_size = tbl->win_size; 590 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 591 if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) { 592 init_window_shift = true; 593 tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT; 594 } 595 596 if (tbl->flags & RXREOR_FORCE_NO_DROP) { 597 mwifiex_dbg(priv->adapter, INFO, 598 "RXREOR_FORCE_NO_DROP when HS is activated\n"); 599 tbl->flags &= ~RXREOR_FORCE_NO_DROP; 600 } else if (init_window_shift && seq_num < start_win && 601 seq_num >= tbl->init_win) { 602 mwifiex_dbg(priv->adapter, INFO, 603 "Sender TID sequence number reset %d->%d for SSN %d\n", 604 start_win, seq_num, tbl->init_win); 605 tbl->start_win = start_win = seq_num; 606 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 607 } else { 608 /* 609 * If seq_num is less then starting win then ignore and drop 610 * the packet 611 */ 612 if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) { 613 if (seq_num >= ((start_win + TWOPOW11) & 614 (MAX_TID_VALUE - 1)) && 615 seq_num < start_win) { 616 ret = -1; 617 goto done; 618 } 619 } else if ((seq_num < start_win) || 620 (seq_num >= (start_win + TWOPOW11))) { 621 ret = -1; 622 goto done; 623 } 624 } 625 626 /* 627 * If this packet is a BAR we adjust seq_num as 628 * WinStart = seq_num 629 */ 630 if (pkt_type == PKT_TYPE_BAR) 631 seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1); 632 633 if (((end_win < start_win) && 634 (seq_num < start_win) && (seq_num > end_win)) || 635 ((end_win > start_win) && ((seq_num > end_win) || 636 (seq_num < start_win)))) { 637 end_win = seq_num; 638 if (((end_win - win_size) + 1) >= 0) 639 start_win = (end_win - win_size) + 1; 640 else 641 start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1; 642 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 643 } 644 645 if (pkt_type != PKT_TYPE_BAR) { 646 if (seq_num >= start_win) 647 pkt_index = seq_num - start_win; 648 else 649 pkt_index = (seq_num+MAX_TID_VALUE) - start_win; 650 651 if (tbl->rx_reorder_ptr[pkt_index]) { 652 ret = -1; 653 goto done; 654 } 655 656 tbl->rx_reorder_ptr[pkt_index] = payload; 657 } 658 659 /* 660 * Dispatch all packets sequentially from start_win until a 661 * hole is found and adjust the start_win appropriately 662 */ 663 mwifiex_11n_scan_and_dispatch(priv, tbl); 664 665 done: 666 if (!tbl->timer_context.timer_is_set || 667 prev_start_win != tbl->start_win) 668 mwifiex_11n_rxreorder_timer_restart(tbl); 669 return ret; 670 } 671 672 /* 673 * This function deletes an entry for a given TID/TA pair. 674 * 675 * The TID/TA are taken from del BA event body. 676 */ 677 void 678 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac, 679 u8 type, int initiator) 680 { 681 struct mwifiex_rx_reorder_tbl *tbl; 682 struct mwifiex_tx_ba_stream_tbl *ptx_tbl; 683 struct mwifiex_ra_list_tbl *ra_list; 684 u8 cleanup_rx_reorder_tbl; 685 unsigned long flags; 686 int tid_down; 687 688 if (type == TYPE_DELBA_RECEIVE) 689 cleanup_rx_reorder_tbl = (initiator) ? true : false; 690 else 691 cleanup_rx_reorder_tbl = (initiator) ? false : true; 692 693 mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n", 694 peer_mac, tid, initiator); 695 696 if (cleanup_rx_reorder_tbl) { 697 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 698 peer_mac); 699 if (!tbl) { 700 mwifiex_dbg(priv->adapter, EVENT, 701 "event: TID, TA not found in table\n"); 702 return; 703 } 704 mwifiex_del_rx_reorder_entry(priv, tbl); 705 } else { 706 ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac); 707 if (!ptx_tbl) { 708 mwifiex_dbg(priv->adapter, EVENT, 709 "event: TID, RA not found in table\n"); 710 return; 711 } 712 713 tid_down = mwifiex_wmm_downgrade_tid(priv, tid); 714 ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac); 715 if (ra_list) { 716 ra_list->amsdu_in_ampdu = false; 717 ra_list->ba_status = BA_SETUP_NONE; 718 } 719 spin_lock_irqsave(&priv->tx_ba_stream_tbl_lock, flags); 720 mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl); 721 spin_unlock_irqrestore(&priv->tx_ba_stream_tbl_lock, flags); 722 } 723 } 724 725 /* 726 * This function handles the command response of an add BA response. 727 * 728 * Handling includes changing the header fields into CPU format and 729 * creating the stream, provided the add BA is accepted. 730 */ 731 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv, 732 struct host_cmd_ds_command *resp) 733 { 734 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp; 735 int tid, win_size; 736 struct mwifiex_rx_reorder_tbl *tbl; 737 uint16_t block_ack_param_set; 738 739 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set); 740 741 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 742 >> BLOCKACKPARAM_TID_POS; 743 /* 744 * Check if we had rejected the ADDBA, if yes then do not create 745 * the stream 746 */ 747 if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) { 748 mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n", 749 add_ba_rsp->peer_mac_addr, tid); 750 751 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 752 add_ba_rsp->peer_mac_addr); 753 if (tbl) 754 mwifiex_del_rx_reorder_entry(priv, tbl); 755 756 return 0; 757 } 758 759 win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 760 >> BLOCKACKPARAM_WINSIZE_POS; 761 762 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 763 add_ba_rsp->peer_mac_addr); 764 if (tbl) { 765 if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) && 766 priv->add_ba_param.rx_amsdu && 767 (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED)) 768 tbl->amsdu = true; 769 else 770 tbl->amsdu = false; 771 } 772 773 mwifiex_dbg(priv->adapter, CMD, 774 "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n", 775 add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size); 776 777 return 0; 778 } 779 780 /* 781 * This function handles BA stream timeout event by preparing and sending 782 * a command to the firmware. 783 */ 784 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv, 785 struct host_cmd_ds_11n_batimeout *event) 786 { 787 struct host_cmd_ds_11n_delba delba; 788 789 memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba)); 790 memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN); 791 792 delba.del_ba_param_set |= 793 cpu_to_le16((u16) event->tid << DELBA_TID_POS); 794 delba.del_ba_param_set |= cpu_to_le16( 795 (u16) event->origninator << DELBA_INITIATOR_POS); 796 delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT); 797 mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false); 798 } 799 800 /* 801 * This function cleans up the Rx reorder table by deleting all the entries 802 * and re-initializing. 803 */ 804 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv) 805 { 806 struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node; 807 unsigned long flags; 808 809 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 810 list_for_each_entry_safe(del_tbl_ptr, tmp_node, 811 &priv->rx_reorder_tbl_ptr, list) { 812 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 813 mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr); 814 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 815 } 816 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 817 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 818 819 mwifiex_reset_11n_rx_seq_num(priv); 820 } 821 822 /* 823 * This function updates all rx_reorder_tbl's flags. 824 */ 825 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags) 826 { 827 struct mwifiex_private *priv; 828 struct mwifiex_rx_reorder_tbl *tbl; 829 unsigned long lock_flags; 830 int i; 831 832 for (i = 0; i < adapter->priv_num; i++) { 833 priv = adapter->priv[i]; 834 if (!priv) 835 continue; 836 837 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, lock_flags); 838 if (list_empty(&priv->rx_reorder_tbl_ptr)) { 839 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 840 lock_flags); 841 continue; 842 } 843 844 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) 845 tbl->flags = flags; 846 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, lock_flags); 847 } 848 849 return; 850 } 851 852 /* This function update all the rx_win_size based on coex flag 853 */ 854 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter, 855 bool coex_flag) 856 { 857 u8 i; 858 u32 rx_win_size; 859 struct mwifiex_private *priv; 860 861 dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag); 862 863 for (i = 0; i < adapter->priv_num; i++) { 864 if (!adapter->priv[i]) 865 continue; 866 priv = adapter->priv[i]; 867 rx_win_size = priv->add_ba_param.rx_win_size; 868 if (coex_flag) { 869 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 870 priv->add_ba_param.rx_win_size = 871 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 872 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 873 priv->add_ba_param.rx_win_size = 874 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 875 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 876 priv->add_ba_param.rx_win_size = 877 MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE; 878 } else { 879 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 880 priv->add_ba_param.rx_win_size = 881 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 882 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 883 priv->add_ba_param.rx_win_size = 884 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 885 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 886 priv->add_ba_param.rx_win_size = 887 MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE; 888 } 889 890 if (adapter->coex_win_size && adapter->coex_rx_win_size) 891 priv->add_ba_param.rx_win_size = 892 adapter->coex_rx_win_size; 893 894 if (rx_win_size != priv->add_ba_param.rx_win_size) { 895 if (!priv->media_connected) 896 continue; 897 for (i = 0; i < MAX_NUM_TID; i++) 898 mwifiex_11n_delba(priv, i); 899 } 900 } 901 } 902 903 /* This function check coex for RX BA 904 */ 905 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter) 906 { 907 u8 i; 908 struct mwifiex_private *priv; 909 u8 count = 0; 910 911 for (i = 0; i < adapter->priv_num; i++) { 912 if (adapter->priv[i]) { 913 priv = adapter->priv[i]; 914 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) { 915 if (priv->media_connected) 916 count++; 917 } 918 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) { 919 if (priv->bss_started) 920 count++; 921 } 922 } 923 if (count >= MWIFIEX_BSS_COEX_COUNT) 924 break; 925 } 926 if (count >= MWIFIEX_BSS_COEX_COUNT) 927 mwifiex_update_ampdu_rxwinsize(adapter, true); 928 else 929 mwifiex_update_ampdu_rxwinsize(adapter, false); 930 } 931 932 /* This function handles rxba_sync event 933 */ 934 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv, 935 u8 *event_buf, u16 len) 936 { 937 struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf; 938 u16 tlv_type, tlv_len; 939 struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr; 940 u8 i, j; 941 u16 seq_num, tlv_seq_num, tlv_bitmap_len; 942 int tlv_buf_left = len; 943 int ret; 944 u8 *tmp; 945 946 mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:", 947 event_buf, len); 948 while (tlv_buf_left >= sizeof(*tlv_rxba)) { 949 tlv_type = le16_to_cpu(tlv_rxba->header.type); 950 tlv_len = le16_to_cpu(tlv_rxba->header.len); 951 if (tlv_type != TLV_TYPE_RXBA_SYNC) { 952 mwifiex_dbg(priv->adapter, ERROR, 953 "Wrong TLV id=0x%x\n", tlv_type); 954 return; 955 } 956 957 tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num); 958 tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len); 959 mwifiex_dbg(priv->adapter, INFO, 960 "%pM tid=%d seq_num=%d bitmap_len=%d\n", 961 tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num, 962 tlv_bitmap_len); 963 964 rx_reor_tbl_ptr = 965 mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid, 966 tlv_rxba->mac); 967 if (!rx_reor_tbl_ptr) { 968 mwifiex_dbg(priv->adapter, ERROR, 969 "Can not find rx_reorder_tbl!"); 970 return; 971 } 972 973 for (i = 0; i < tlv_bitmap_len; i++) { 974 for (j = 0 ; j < 8; j++) { 975 if (tlv_rxba->bitmap[i] & (1 << j)) { 976 seq_num = (MAX_TID_VALUE - 1) & 977 (tlv_seq_num + i * 8 + j); 978 979 mwifiex_dbg(priv->adapter, ERROR, 980 "drop packet,seq=%d\n", 981 seq_num); 982 983 ret = mwifiex_11n_rx_reorder_pkt 984 (priv, seq_num, tlv_rxba->tid, 985 tlv_rxba->mac, 0, NULL); 986 987 if (ret) 988 mwifiex_dbg(priv->adapter, 989 ERROR, 990 "Fail to drop packet"); 991 } 992 } 993 } 994 995 tlv_buf_left -= (sizeof(*tlv_rxba) + tlv_len); 996 tmp = (u8 *)tlv_rxba + tlv_len + sizeof(*tlv_rxba); 997 tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp; 998 } 999 } 1000