1 /* 2 * Marvell Wireless LAN device driver: 802.11n RX Re-ordering 3 * 4 * Copyright (C) 2011-2014, Marvell International Ltd. 5 * 6 * This software file (the "File") is distributed by Marvell International 7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991 8 * (the "License"). You may use, redistribute and/or modify this File in 9 * accordance with the terms and conditions of the License, a copy of which 10 * is available by writing to the Free Software Foundation, Inc., 11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the 12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. 13 * 14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE 15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE 16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about 17 * this warranty disclaimer. 18 */ 19 20 #include "decl.h" 21 #include "ioctl.h" 22 #include "util.h" 23 #include "fw.h" 24 #include "main.h" 25 #include "wmm.h" 26 #include "11n.h" 27 #include "11n_rxreorder.h" 28 29 /* This function will dispatch amsdu packet and forward it to kernel/upper 30 * layer. 31 */ 32 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv, 33 struct sk_buff *skb) 34 { 35 struct rxpd *local_rx_pd = (struct rxpd *)(skb->data); 36 int ret; 37 38 if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) { 39 struct sk_buff_head list; 40 struct sk_buff *rx_skb; 41 42 __skb_queue_head_init(&list); 43 44 skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset)); 45 skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length)); 46 47 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr, 48 priv->wdev.iftype, 0, NULL, NULL); 49 50 while (!skb_queue_empty(&list)) { 51 struct rx_packet_hdr *rx_hdr; 52 53 rx_skb = __skb_dequeue(&list); 54 rx_hdr = (struct rx_packet_hdr *)rx_skb->data; 55 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 56 ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) { 57 mwifiex_process_tdls_action_frame(priv, 58 (u8 *)rx_hdr, 59 skb->len); 60 } 61 62 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 63 ret = mwifiex_uap_recv_packet(priv, rx_skb); 64 else 65 ret = mwifiex_recv_packet(priv, rx_skb); 66 if (ret == -1) 67 mwifiex_dbg(priv->adapter, ERROR, 68 "Rx of A-MSDU failed"); 69 } 70 return 0; 71 } 72 73 return -1; 74 } 75 76 /* This function will process the rx packet and forward it to kernel/upper 77 * layer. 78 */ 79 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv, void *payload) 80 { 81 82 int ret; 83 84 if (!payload) { 85 mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n"); 86 return 0; 87 } 88 89 ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload); 90 if (!ret) 91 return 0; 92 93 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 94 return mwifiex_handle_uap_rx_forward(priv, payload); 95 96 return mwifiex_process_rx_packet(priv, payload); 97 } 98 99 /* 100 * This function dispatches all packets in the Rx reorder table until the 101 * start window. 102 * 103 * There could be holes in the buffer, which are skipped by the function. 104 * Since the buffer is linear, the function uses rotation to simulate 105 * circular buffer. 106 * 107 * The caller must hold rx_reorder_tbl_lock spinlock. 108 */ 109 static void 110 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv, 111 struct mwifiex_rx_reorder_tbl *tbl, 112 int start_win) 113 { 114 int pkt_to_send, i; 115 void *rx_tmp_ptr; 116 117 pkt_to_send = (start_win > tbl->start_win) ? 118 min((start_win - tbl->start_win), tbl->win_size) : 119 tbl->win_size; 120 121 for (i = 0; i < pkt_to_send; ++i) { 122 rx_tmp_ptr = NULL; 123 if (tbl->rx_reorder_ptr[i]) { 124 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 125 tbl->rx_reorder_ptr[i] = NULL; 126 } 127 if (rx_tmp_ptr) 128 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 129 } 130 131 /* 132 * We don't have a circular buffer, hence use rotation to simulate 133 * circular buffer 134 */ 135 for (i = 0; i < tbl->win_size - pkt_to_send; ++i) { 136 tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i]; 137 tbl->rx_reorder_ptr[pkt_to_send + i] = NULL; 138 } 139 140 tbl->start_win = start_win; 141 } 142 143 /* 144 * This function dispatches all packets in the Rx reorder table until 145 * a hole is found. 146 * 147 * The start window is adjusted automatically when a hole is located. 148 * Since the buffer is linear, the function uses rotation to simulate 149 * circular buffer. 150 * 151 * The caller must hold rx_reorder_tbl_lock spinlock. 152 */ 153 static void 154 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv, 155 struct mwifiex_rx_reorder_tbl *tbl) 156 { 157 int i, j, xchg; 158 void *rx_tmp_ptr; 159 160 for (i = 0; i < tbl->win_size; ++i) { 161 if (!tbl->rx_reorder_ptr[i]) 162 break; 163 rx_tmp_ptr = tbl->rx_reorder_ptr[i]; 164 tbl->rx_reorder_ptr[i] = NULL; 165 mwifiex_11n_dispatch_pkt(priv, rx_tmp_ptr); 166 } 167 168 /* 169 * We don't have a circular buffer, hence use rotation to simulate 170 * circular buffer 171 */ 172 if (i > 0) { 173 xchg = tbl->win_size - i; 174 for (j = 0; j < xchg; ++j) { 175 tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j]; 176 tbl->rx_reorder_ptr[i + j] = NULL; 177 } 178 } 179 tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1); 180 } 181 182 /* 183 * This function deletes the Rx reorder table and frees the memory. 184 * 185 * The function stops the associated timer and dispatches all the 186 * pending packets in the Rx reorder table before deletion. 187 * 188 * The caller must hold rx_reorder_tbl_lock spinlock. 189 */ 190 static void 191 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv, 192 struct mwifiex_rx_reorder_tbl *tbl) 193 { 194 unsigned long flags; 195 int start_win; 196 197 if (!tbl) 198 return; 199 200 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 201 priv->adapter->rx_locked = true; 202 if (priv->adapter->rx_processing) { 203 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 204 flush_workqueue(priv->adapter->rx_workqueue); 205 } else { 206 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 207 } 208 209 start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1); 210 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 211 212 del_timer_sync(&tbl->timer_context.timer); 213 tbl->timer_context.timer_is_set = false; 214 list_del(&tbl->list); 215 kfree(tbl->rx_reorder_ptr); 216 kfree(tbl); 217 218 spin_lock_irqsave(&priv->adapter->rx_proc_lock, flags); 219 priv->adapter->rx_locked = false; 220 spin_unlock_irqrestore(&priv->adapter->rx_proc_lock, flags); 221 222 } 223 224 /* 225 * This function returns the pointer to an entry in Rx reordering 226 * table which matches the given TA/TID pair. 227 * 228 * The caller must hold rx_reorder_tbl_lock spinlock. 229 */ 230 struct mwifiex_rx_reorder_tbl * 231 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta) 232 { 233 struct mwifiex_rx_reorder_tbl *tbl; 234 235 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) 236 if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) 237 return tbl; 238 239 return NULL; 240 } 241 242 /* This function retrieves the pointer to an entry in Rx reordering 243 * table which matches the given TA and deletes it. 244 */ 245 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta) 246 { 247 struct mwifiex_rx_reorder_tbl *tbl, *tmp; 248 unsigned long flags; 249 250 if (!ta) 251 return; 252 253 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 254 list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) 255 if (!memcmp(tbl->ta, ta, ETH_ALEN)) 256 mwifiex_del_rx_reorder_entry(priv, tbl); 257 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 258 259 return; 260 } 261 262 /* 263 * This function finds the last sequence number used in the packets 264 * buffered in Rx reordering table. 265 * 266 * The caller must hold rx_reorder_tbl_lock spinlock. 267 */ 268 static int 269 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx) 270 { 271 struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr; 272 int i; 273 274 for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) 275 if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) 276 return i; 277 278 return -1; 279 } 280 281 /* 282 * This function flushes all the packets in Rx reordering table. 283 * 284 * The function checks if any packets are currently buffered in the 285 * table or not. In case there are packets available, it dispatches 286 * them and then dumps the Rx reordering table. 287 */ 288 static void 289 mwifiex_flush_data(struct timer_list *t) 290 { 291 struct reorder_tmr_cnxt *ctx = 292 from_timer(ctx, t, timer); 293 int start_win, seq_num; 294 unsigned long flags; 295 296 ctx->timer_is_set = false; 297 spin_lock_irqsave(&ctx->priv->rx_reorder_tbl_lock, flags); 298 seq_num = mwifiex_11n_find_last_seq_num(ctx); 299 300 if (seq_num < 0) { 301 spin_unlock_irqrestore(&ctx->priv->rx_reorder_tbl_lock, flags); 302 return; 303 } 304 305 mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num); 306 start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1); 307 mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr, 308 start_win); 309 spin_unlock_irqrestore(&ctx->priv->rx_reorder_tbl_lock, flags); 310 } 311 312 /* 313 * This function creates an entry in Rx reordering table for the 314 * given TA/TID. 315 * 316 * The function also initializes the entry with sequence number, window 317 * size as well as initializes the timer. 318 * 319 * If the received TA/TID pair is already present, all the packets are 320 * dispatched and the window size is moved until the SSN. 321 */ 322 static void 323 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta, 324 int tid, int win_size, int seq_num) 325 { 326 int i; 327 struct mwifiex_rx_reorder_tbl *tbl, *new_node; 328 u16 last_seq = 0; 329 unsigned long flags; 330 struct mwifiex_sta_node *node; 331 332 /* 333 * If we get a TID, ta pair which is already present dispatch all the 334 * the packets and move the window size until the ssn 335 */ 336 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 337 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 338 if (tbl) { 339 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num); 340 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 341 return; 342 } 343 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 344 /* if !tbl then create one */ 345 new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL); 346 if (!new_node) 347 return; 348 349 INIT_LIST_HEAD(&new_node->list); 350 new_node->tid = tid; 351 memcpy(new_node->ta, ta, ETH_ALEN); 352 new_node->start_win = seq_num; 353 new_node->init_win = seq_num; 354 new_node->flags = 0; 355 356 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 357 if (mwifiex_queuing_ra_based(priv)) { 358 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) { 359 node = mwifiex_get_sta_entry(priv, ta); 360 if (node) 361 last_seq = node->rx_seq[tid]; 362 } 363 } else { 364 node = mwifiex_get_sta_entry(priv, ta); 365 if (node) 366 last_seq = node->rx_seq[tid]; 367 else 368 last_seq = priv->rx_seq[tid]; 369 } 370 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 371 372 mwifiex_dbg(priv->adapter, INFO, 373 "info: last_seq=%d start_win=%d\n", 374 last_seq, new_node->start_win); 375 376 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 377 last_seq >= new_node->start_win) { 378 new_node->start_win = last_seq + 1; 379 new_node->flags |= RXREOR_INIT_WINDOW_SHIFT; 380 } 381 382 new_node->win_size = win_size; 383 384 new_node->rx_reorder_ptr = kcalloc(win_size, sizeof(void *), 385 GFP_KERNEL); 386 if (!new_node->rx_reorder_ptr) { 387 kfree((u8 *) new_node); 388 mwifiex_dbg(priv->adapter, ERROR, 389 "%s: failed to alloc reorder_ptr\n", __func__); 390 return; 391 } 392 393 new_node->timer_context.ptr = new_node; 394 new_node->timer_context.priv = priv; 395 new_node->timer_context.timer_is_set = false; 396 397 timer_setup(&new_node->timer_context.timer, mwifiex_flush_data, 0); 398 399 for (i = 0; i < win_size; ++i) 400 new_node->rx_reorder_ptr[i] = NULL; 401 402 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 403 list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr); 404 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 405 } 406 407 static void 408 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl) 409 { 410 u32 min_flush_time; 411 412 if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32) 413 min_flush_time = MIN_FLUSH_TIMER_15_MS; 414 else 415 min_flush_time = MIN_FLUSH_TIMER_MS; 416 417 mod_timer(&tbl->timer_context.timer, 418 jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size)); 419 420 tbl->timer_context.timer_is_set = true; 421 } 422 423 /* 424 * This function prepares command for adding a BA request. 425 * 426 * Preparation includes - 427 * - Setting command ID and proper size 428 * - Setting add BA request buffer 429 * - Ensuring correct endian-ness 430 */ 431 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf) 432 { 433 struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req; 434 435 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ); 436 cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN); 437 memcpy(add_ba_req, data_buf, sizeof(*add_ba_req)); 438 439 return 0; 440 } 441 442 /* 443 * This function prepares command for adding a BA response. 444 * 445 * Preparation includes - 446 * - Setting command ID and proper size 447 * - Setting add BA response buffer 448 * - Ensuring correct endian-ness 449 */ 450 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv, 451 struct host_cmd_ds_command *cmd, 452 struct host_cmd_ds_11n_addba_req 453 *cmd_addba_req) 454 { 455 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp; 456 struct mwifiex_sta_node *sta_ptr; 457 u32 rx_win_size = priv->add_ba_param.rx_win_size; 458 u8 tid; 459 int win_size; 460 unsigned long flags; 461 uint16_t block_ack_param_set; 462 463 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) && 464 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 465 priv->adapter->is_hw_11ac_capable && 466 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) { 467 spin_lock_irqsave(&priv->sta_list_spinlock, flags); 468 sta_ptr = mwifiex_get_sta_entry(priv, 469 cmd_addba_req->peer_mac_addr); 470 if (!sta_ptr) { 471 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 472 mwifiex_dbg(priv->adapter, ERROR, 473 "BA setup with unknown TDLS peer %pM!\n", 474 cmd_addba_req->peer_mac_addr); 475 return -1; 476 } 477 if (sta_ptr->is_11ac_enabled) 478 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE; 479 spin_unlock_irqrestore(&priv->sta_list_spinlock, flags); 480 } 481 482 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP); 483 cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN); 484 485 memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr, 486 ETH_ALEN); 487 add_ba_rsp->dialog_token = cmd_addba_req->dialog_token; 488 add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo; 489 add_ba_rsp->ssn = cmd_addba_req->ssn; 490 491 block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set); 492 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 493 >> BLOCKACKPARAM_TID_POS; 494 add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT); 495 block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK; 496 497 /* If we don't support AMSDU inside AMPDU, reset the bit */ 498 if (!priv->add_ba_param.rx_amsdu || 499 (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED)) 500 block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK; 501 block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS; 502 add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set); 503 win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set) 504 & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 505 >> BLOCKACKPARAM_WINSIZE_POS; 506 cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set); 507 508 mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr, 509 tid, win_size, 510 le16_to_cpu(cmd_addba_req->ssn)); 511 return 0; 512 } 513 514 /* 515 * This function prepares command for deleting a BA request. 516 * 517 * Preparation includes - 518 * - Setting command ID and proper size 519 * - Setting del BA request buffer 520 * - Ensuring correct endian-ness 521 */ 522 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf) 523 { 524 struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba; 525 526 cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA); 527 cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN); 528 memcpy(del_ba, data_buf, sizeof(*del_ba)); 529 530 return 0; 531 } 532 533 /* 534 * This function identifies if Rx reordering is needed for a received packet. 535 * 536 * In case reordering is required, the function will do the reordering 537 * before sending it to kernel. 538 * 539 * The Rx reorder table is checked first with the received TID/TA pair. If 540 * not found, the received packet is dispatched immediately. But if found, 541 * the packet is reordered and all the packets in the updated Rx reordering 542 * table is dispatched until a hole is found. 543 * 544 * For sequence number less than the starting window, the packet is dropped. 545 */ 546 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv, 547 u16 seq_num, u16 tid, 548 u8 *ta, u8 pkt_type, void *payload) 549 { 550 struct mwifiex_rx_reorder_tbl *tbl; 551 int prev_start_win, start_win, end_win, win_size; 552 u16 pkt_index; 553 bool init_window_shift = false; 554 unsigned long flags; 555 int ret = 0; 556 557 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 558 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 559 if (!tbl) { 560 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 561 if (pkt_type != PKT_TYPE_BAR) 562 mwifiex_11n_dispatch_pkt(priv, payload); 563 return ret; 564 } 565 566 if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) { 567 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 568 mwifiex_11n_dispatch_pkt(priv, payload); 569 return ret; 570 } 571 572 start_win = tbl->start_win; 573 prev_start_win = start_win; 574 win_size = tbl->win_size; 575 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 576 if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) { 577 init_window_shift = true; 578 tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT; 579 } 580 581 if (tbl->flags & RXREOR_FORCE_NO_DROP) { 582 mwifiex_dbg(priv->adapter, INFO, 583 "RXREOR_FORCE_NO_DROP when HS is activated\n"); 584 tbl->flags &= ~RXREOR_FORCE_NO_DROP; 585 } else if (init_window_shift && seq_num < start_win && 586 seq_num >= tbl->init_win) { 587 mwifiex_dbg(priv->adapter, INFO, 588 "Sender TID sequence number reset %d->%d for SSN %d\n", 589 start_win, seq_num, tbl->init_win); 590 tbl->start_win = start_win = seq_num; 591 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 592 } else { 593 /* 594 * If seq_num is less then starting win then ignore and drop 595 * the packet 596 */ 597 if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) { 598 if (seq_num >= ((start_win + TWOPOW11) & 599 (MAX_TID_VALUE - 1)) && 600 seq_num < start_win) { 601 ret = -1; 602 goto done; 603 } 604 } else if ((seq_num < start_win) || 605 (seq_num >= (start_win + TWOPOW11))) { 606 ret = -1; 607 goto done; 608 } 609 } 610 611 /* 612 * If this packet is a BAR we adjust seq_num as 613 * WinStart = seq_num 614 */ 615 if (pkt_type == PKT_TYPE_BAR) 616 seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1); 617 618 if (((end_win < start_win) && 619 (seq_num < start_win) && (seq_num > end_win)) || 620 ((end_win > start_win) && ((seq_num > end_win) || 621 (seq_num < start_win)))) { 622 end_win = seq_num; 623 if (((end_win - win_size) + 1) >= 0) 624 start_win = (end_win - win_size) + 1; 625 else 626 start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1; 627 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 628 } 629 630 if (pkt_type != PKT_TYPE_BAR) { 631 if (seq_num >= start_win) 632 pkt_index = seq_num - start_win; 633 else 634 pkt_index = (seq_num+MAX_TID_VALUE) - start_win; 635 636 if (tbl->rx_reorder_ptr[pkt_index]) { 637 ret = -1; 638 goto done; 639 } 640 641 tbl->rx_reorder_ptr[pkt_index] = payload; 642 } 643 644 /* 645 * Dispatch all packets sequentially from start_win until a 646 * hole is found and adjust the start_win appropriately 647 */ 648 mwifiex_11n_scan_and_dispatch(priv, tbl); 649 650 done: 651 if (!tbl->timer_context.timer_is_set || 652 prev_start_win != tbl->start_win) 653 mwifiex_11n_rxreorder_timer_restart(tbl); 654 655 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 656 return ret; 657 } 658 659 /* 660 * This function deletes an entry for a given TID/TA pair. 661 * 662 * The TID/TA are taken from del BA event body. 663 */ 664 void 665 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac, 666 u8 type, int initiator) 667 { 668 struct mwifiex_rx_reorder_tbl *tbl; 669 struct mwifiex_tx_ba_stream_tbl *ptx_tbl; 670 struct mwifiex_ra_list_tbl *ra_list; 671 u8 cleanup_rx_reorder_tbl; 672 unsigned long flags; 673 int tid_down; 674 675 if (type == TYPE_DELBA_RECEIVE) 676 cleanup_rx_reorder_tbl = (initiator) ? true : false; 677 else 678 cleanup_rx_reorder_tbl = (initiator) ? false : true; 679 680 mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n", 681 peer_mac, tid, initiator); 682 683 if (cleanup_rx_reorder_tbl) { 684 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 685 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 686 peer_mac); 687 if (!tbl) { 688 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 689 flags); 690 mwifiex_dbg(priv->adapter, EVENT, 691 "event: TID, TA not found in table\n"); 692 return; 693 } 694 mwifiex_del_rx_reorder_entry(priv, tbl); 695 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 696 } else { 697 ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac); 698 if (!ptx_tbl) { 699 mwifiex_dbg(priv->adapter, EVENT, 700 "event: TID, RA not found in table\n"); 701 return; 702 } 703 704 tid_down = mwifiex_wmm_downgrade_tid(priv, tid); 705 ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac); 706 if (ra_list) { 707 ra_list->amsdu_in_ampdu = false; 708 ra_list->ba_status = BA_SETUP_NONE; 709 } 710 spin_lock_irqsave(&priv->tx_ba_stream_tbl_lock, flags); 711 mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl); 712 spin_unlock_irqrestore(&priv->tx_ba_stream_tbl_lock, flags); 713 } 714 } 715 716 /* 717 * This function handles the command response of an add BA response. 718 * 719 * Handling includes changing the header fields into CPU format and 720 * creating the stream, provided the add BA is accepted. 721 */ 722 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv, 723 struct host_cmd_ds_command *resp) 724 { 725 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp; 726 int tid, win_size; 727 struct mwifiex_rx_reorder_tbl *tbl; 728 uint16_t block_ack_param_set; 729 unsigned long flags; 730 731 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set); 732 733 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 734 >> BLOCKACKPARAM_TID_POS; 735 /* 736 * Check if we had rejected the ADDBA, if yes then do not create 737 * the stream 738 */ 739 if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) { 740 mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n", 741 add_ba_rsp->peer_mac_addr, tid); 742 743 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 744 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 745 add_ba_rsp->peer_mac_addr); 746 if (tbl) 747 mwifiex_del_rx_reorder_entry(priv, tbl); 748 749 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 750 return 0; 751 } 752 753 win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 754 >> BLOCKACKPARAM_WINSIZE_POS; 755 756 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 757 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 758 add_ba_rsp->peer_mac_addr); 759 if (tbl) { 760 if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) && 761 priv->add_ba_param.rx_amsdu && 762 (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED)) 763 tbl->amsdu = true; 764 else 765 tbl->amsdu = false; 766 } 767 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 768 769 mwifiex_dbg(priv->adapter, CMD, 770 "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n", 771 add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size); 772 773 return 0; 774 } 775 776 /* 777 * This function handles BA stream timeout event by preparing and sending 778 * a command to the firmware. 779 */ 780 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv, 781 struct host_cmd_ds_11n_batimeout *event) 782 { 783 struct host_cmd_ds_11n_delba delba; 784 785 memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba)); 786 memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN); 787 788 delba.del_ba_param_set |= 789 cpu_to_le16((u16) event->tid << DELBA_TID_POS); 790 delba.del_ba_param_set |= cpu_to_le16( 791 (u16) event->origninator << DELBA_INITIATOR_POS); 792 delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT); 793 mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false); 794 } 795 796 /* 797 * This function cleans up the Rx reorder table by deleting all the entries 798 * and re-initializing. 799 */ 800 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv) 801 { 802 struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node; 803 unsigned long flags; 804 805 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 806 list_for_each_entry_safe(del_tbl_ptr, tmp_node, 807 &priv->rx_reorder_tbl_ptr, list) 808 mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr); 809 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 810 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 811 812 mwifiex_reset_11n_rx_seq_num(priv); 813 } 814 815 /* 816 * This function updates all rx_reorder_tbl's flags. 817 */ 818 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags) 819 { 820 struct mwifiex_private *priv; 821 struct mwifiex_rx_reorder_tbl *tbl; 822 unsigned long lock_flags; 823 int i; 824 825 for (i = 0; i < adapter->priv_num; i++) { 826 priv = adapter->priv[i]; 827 if (!priv) 828 continue; 829 830 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, lock_flags); 831 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) 832 tbl->flags = flags; 833 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, lock_flags); 834 } 835 836 return; 837 } 838 839 /* This function update all the rx_win_size based on coex flag 840 */ 841 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter, 842 bool coex_flag) 843 { 844 u8 i; 845 u32 rx_win_size; 846 struct mwifiex_private *priv; 847 848 dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag); 849 850 for (i = 0; i < adapter->priv_num; i++) { 851 if (!adapter->priv[i]) 852 continue; 853 priv = adapter->priv[i]; 854 rx_win_size = priv->add_ba_param.rx_win_size; 855 if (coex_flag) { 856 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 857 priv->add_ba_param.rx_win_size = 858 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 859 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 860 priv->add_ba_param.rx_win_size = 861 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 862 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 863 priv->add_ba_param.rx_win_size = 864 MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE; 865 } else { 866 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 867 priv->add_ba_param.rx_win_size = 868 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 869 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 870 priv->add_ba_param.rx_win_size = 871 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 872 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 873 priv->add_ba_param.rx_win_size = 874 MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE; 875 } 876 877 if (adapter->coex_win_size && adapter->coex_rx_win_size) 878 priv->add_ba_param.rx_win_size = 879 adapter->coex_rx_win_size; 880 881 if (rx_win_size != priv->add_ba_param.rx_win_size) { 882 if (!priv->media_connected) 883 continue; 884 for (i = 0; i < MAX_NUM_TID; i++) 885 mwifiex_11n_delba(priv, i); 886 } 887 } 888 } 889 890 /* This function check coex for RX BA 891 */ 892 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter) 893 { 894 u8 i; 895 struct mwifiex_private *priv; 896 u8 count = 0; 897 898 for (i = 0; i < adapter->priv_num; i++) { 899 if (adapter->priv[i]) { 900 priv = adapter->priv[i]; 901 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) { 902 if (priv->media_connected) 903 count++; 904 } 905 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) { 906 if (priv->bss_started) 907 count++; 908 } 909 } 910 if (count >= MWIFIEX_BSS_COEX_COUNT) 911 break; 912 } 913 if (count >= MWIFIEX_BSS_COEX_COUNT) 914 mwifiex_update_ampdu_rxwinsize(adapter, true); 915 else 916 mwifiex_update_ampdu_rxwinsize(adapter, false); 917 } 918 919 /* This function handles rxba_sync event 920 */ 921 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv, 922 u8 *event_buf, u16 len) 923 { 924 struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf; 925 u16 tlv_type, tlv_len; 926 struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr; 927 u8 i, j; 928 u16 seq_num, tlv_seq_num, tlv_bitmap_len; 929 int tlv_buf_left = len; 930 int ret; 931 u8 *tmp; 932 unsigned long flags; 933 934 mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:", 935 event_buf, len); 936 while (tlv_buf_left >= sizeof(*tlv_rxba)) { 937 tlv_type = le16_to_cpu(tlv_rxba->header.type); 938 tlv_len = le16_to_cpu(tlv_rxba->header.len); 939 if (tlv_type != TLV_TYPE_RXBA_SYNC) { 940 mwifiex_dbg(priv->adapter, ERROR, 941 "Wrong TLV id=0x%x\n", tlv_type); 942 return; 943 } 944 945 tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num); 946 tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len); 947 mwifiex_dbg(priv->adapter, INFO, 948 "%pM tid=%d seq_num=%d bitmap_len=%d\n", 949 tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num, 950 tlv_bitmap_len); 951 952 spin_lock_irqsave(&priv->rx_reorder_tbl_lock, flags); 953 rx_reor_tbl_ptr = 954 mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid, 955 tlv_rxba->mac); 956 if (!rx_reor_tbl_ptr) { 957 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, 958 flags); 959 mwifiex_dbg(priv->adapter, ERROR, 960 "Can not find rx_reorder_tbl!"); 961 return; 962 } 963 spin_unlock_irqrestore(&priv->rx_reorder_tbl_lock, flags); 964 965 for (i = 0; i < tlv_bitmap_len; i++) { 966 for (j = 0 ; j < 8; j++) { 967 if (tlv_rxba->bitmap[i] & (1 << j)) { 968 seq_num = (MAX_TID_VALUE - 1) & 969 (tlv_seq_num + i * 8 + j); 970 971 mwifiex_dbg(priv->adapter, ERROR, 972 "drop packet,seq=%d\n", 973 seq_num); 974 975 ret = mwifiex_11n_rx_reorder_pkt 976 (priv, seq_num, tlv_rxba->tid, 977 tlv_rxba->mac, 0, NULL); 978 979 if (ret) 980 mwifiex_dbg(priv->adapter, 981 ERROR, 982 "Fail to drop packet"); 983 } 984 } 985 } 986 987 tlv_buf_left -= (sizeof(*tlv_rxba) + tlv_len); 988 tmp = (u8 *)tlv_rxba + tlv_len + sizeof(*tlv_rxba); 989 tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp; 990 } 991 } 992