1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * NXP Wireless LAN device driver: AP TX and RX data handling 4 * 5 * Copyright 2011-2020 NXP 6 */ 7 8 #include "decl.h" 9 #include "ioctl.h" 10 #include "main.h" 11 #include "wmm.h" 12 #include "11n_aggr.h" 13 #include "11n_rxreorder.h" 14 15 /* This function checks if particular RA list has packets more than low bridge 16 * packet threshold and then deletes packet from this RA list. 17 * Function deletes packets from such RA list and returns true. If no such list 18 * is found, false is returned. 19 */ 20 static bool 21 mwifiex_uap_del_tx_pkts_in_ralist(struct mwifiex_private *priv, 22 struct list_head *ra_list_head, 23 int tid) 24 { 25 struct mwifiex_ra_list_tbl *ra_list; 26 struct sk_buff *skb, *tmp; 27 bool pkt_deleted = false; 28 struct mwifiex_txinfo *tx_info; 29 struct mwifiex_adapter *adapter = priv->adapter; 30 31 list_for_each_entry(ra_list, ra_list_head, list) { 32 if (skb_queue_empty(&ra_list->skb_head)) 33 continue; 34 35 skb_queue_walk_safe(&ra_list->skb_head, skb, tmp) { 36 tx_info = MWIFIEX_SKB_TXCB(skb); 37 if (tx_info->flags & MWIFIEX_BUF_FLAG_BRIDGED_PKT) { 38 __skb_unlink(skb, &ra_list->skb_head); 39 mwifiex_write_data_complete(adapter, skb, 0, 40 -1); 41 if (ra_list->tx_paused) 42 priv->wmm.pkts_paused[tid]--; 43 else 44 atomic_dec(&priv->wmm.tx_pkts_queued); 45 pkt_deleted = true; 46 } 47 if ((atomic_read(&adapter->pending_bridged_pkts) <= 48 MWIFIEX_BRIDGED_PKTS_THR_LOW)) 49 break; 50 } 51 } 52 53 return pkt_deleted; 54 } 55 56 /* This function deletes packets from particular RA List. RA list index 57 * from which packets are deleted is preserved so that packets from next RA 58 * list are deleted upon subsequent call thus maintaining fairness. 59 */ 60 static void mwifiex_uap_cleanup_tx_queues(struct mwifiex_private *priv) 61 { 62 struct list_head *ra_list; 63 int i; 64 65 spin_lock_bh(&priv->wmm.ra_list_spinlock); 66 67 for (i = 0; i < MAX_NUM_TID; i++, priv->del_list_idx++) { 68 if (priv->del_list_idx == MAX_NUM_TID) 69 priv->del_list_idx = 0; 70 ra_list = &priv->wmm.tid_tbl_ptr[priv->del_list_idx].ra_list; 71 if (mwifiex_uap_del_tx_pkts_in_ralist(priv, ra_list, i)) { 72 priv->del_list_idx++; 73 break; 74 } 75 } 76 77 spin_unlock_bh(&priv->wmm.ra_list_spinlock); 78 } 79 80 81 static void mwifiex_uap_queue_bridged_pkt(struct mwifiex_private *priv, 82 struct sk_buff *skb) 83 { 84 struct mwifiex_adapter *adapter = priv->adapter; 85 struct uap_rxpd *uap_rx_pd; 86 struct rx_packet_hdr *rx_pkt_hdr; 87 struct sk_buff *new_skb; 88 struct mwifiex_txinfo *tx_info; 89 int hdr_chop; 90 struct ethhdr *p_ethhdr; 91 struct mwifiex_sta_node *src_node; 92 int index; 93 94 uap_rx_pd = (struct uap_rxpd *)(skb->data); 95 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset); 96 97 if ((atomic_read(&adapter->pending_bridged_pkts) >= 98 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) { 99 mwifiex_dbg(priv->adapter, ERROR, 100 "Tx: Bridge packet limit reached. Drop packet!\n"); 101 kfree_skb(skb); 102 mwifiex_uap_cleanup_tx_queues(priv); 103 return; 104 } 105 106 if (sizeof(*rx_pkt_hdr) + 107 le16_to_cpu(uap_rx_pd->rx_pkt_offset) > skb->len) { 108 mwifiex_dbg(adapter, ERROR, 109 "wrong rx packet offset: len=%d,rx_pkt_offset=%d\n", 110 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset)); 111 priv->stats.rx_dropped++; 112 dev_kfree_skb_any(skb); 113 } 114 115 if ((!memcmp(&rx_pkt_hdr->rfc1042_hdr, bridge_tunnel_header, 116 sizeof(bridge_tunnel_header))) || 117 (!memcmp(&rx_pkt_hdr->rfc1042_hdr, rfc1042_header, 118 sizeof(rfc1042_header)) && 119 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_AARP && 120 ntohs(rx_pkt_hdr->rfc1042_hdr.snap_type) != ETH_P_IPX)) { 121 /* Replace the 803 header and rfc1042 header (llc/snap) with 122 * an Ethernet II header, keep the src/dst and snap_type 123 * (ethertype). 124 * 125 * The firmware only passes up SNAP frames converting all RX 126 * data from 802.11 to 802.2/LLC/SNAP frames. 127 * 128 * To create the Ethernet II, just move the src, dst address 129 * right before the snap_type. 130 */ 131 p_ethhdr = (struct ethhdr *) 132 ((u8 *)(&rx_pkt_hdr->eth803_hdr) 133 + sizeof(rx_pkt_hdr->eth803_hdr) 134 + sizeof(rx_pkt_hdr->rfc1042_hdr) 135 - sizeof(rx_pkt_hdr->eth803_hdr.h_dest) 136 - sizeof(rx_pkt_hdr->eth803_hdr.h_source) 137 - sizeof(rx_pkt_hdr->rfc1042_hdr.snap_type)); 138 memcpy(p_ethhdr->h_source, rx_pkt_hdr->eth803_hdr.h_source, 139 sizeof(p_ethhdr->h_source)); 140 memcpy(p_ethhdr->h_dest, rx_pkt_hdr->eth803_hdr.h_dest, 141 sizeof(p_ethhdr->h_dest)); 142 /* Chop off the rxpd + the excess memory from 143 * 802.2/llc/snap header that was removed. 144 */ 145 hdr_chop = (u8 *)p_ethhdr - (u8 *)uap_rx_pd; 146 } else { 147 /* Chop off the rxpd */ 148 hdr_chop = (u8 *)&rx_pkt_hdr->eth803_hdr - (u8 *)uap_rx_pd; 149 } 150 151 /* Chop off the leading header bytes so that it points 152 * to the start of either the reconstructed EthII frame 153 * or the 802.2/llc/snap frame. 154 */ 155 skb_pull(skb, hdr_chop); 156 157 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) { 158 mwifiex_dbg(priv->adapter, ERROR, 159 "data: Tx: insufficient skb headroom %d\n", 160 skb_headroom(skb)); 161 /* Insufficient skb headroom - allocate a new skb */ 162 new_skb = 163 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN); 164 if (unlikely(!new_skb)) { 165 mwifiex_dbg(priv->adapter, ERROR, 166 "Tx: cannot allocate new_skb\n"); 167 kfree_skb(skb); 168 priv->stats.tx_dropped++; 169 return; 170 } 171 172 kfree_skb(skb); 173 skb = new_skb; 174 mwifiex_dbg(priv->adapter, INFO, 175 "info: new skb headroom %d\n", 176 skb_headroom(skb)); 177 } 178 179 tx_info = MWIFIEX_SKB_TXCB(skb); 180 memset(tx_info, 0, sizeof(*tx_info)); 181 tx_info->bss_num = priv->bss_num; 182 tx_info->bss_type = priv->bss_type; 183 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT; 184 185 src_node = mwifiex_get_sta_entry(priv, rx_pkt_hdr->eth803_hdr.h_source); 186 if (src_node) { 187 src_node->stats.last_rx = jiffies; 188 src_node->stats.rx_bytes += skb->len; 189 src_node->stats.rx_packets++; 190 src_node->stats.last_tx_rate = uap_rx_pd->rx_rate; 191 src_node->stats.last_tx_htinfo = uap_rx_pd->ht_info; 192 } 193 194 if (is_unicast_ether_addr(rx_pkt_hdr->eth803_hdr.h_dest)) { 195 /* Update bridge packet statistics as the 196 * packet is not going to kernel/upper layer. 197 */ 198 priv->stats.rx_bytes += skb->len; 199 priv->stats.rx_packets++; 200 201 /* Sending bridge packet to TX queue, so save the packet 202 * length in TXCB to update statistics in TX complete. 203 */ 204 tx_info->pkt_len = skb->len; 205 } 206 207 __net_timestamp(skb); 208 209 index = mwifiex_1d_to_wmm_queue[skb->priority]; 210 atomic_inc(&priv->wmm_tx_pending[index]); 211 mwifiex_wmm_add_buf_txqueue(priv, skb); 212 atomic_inc(&adapter->tx_pending); 213 atomic_inc(&adapter->pending_bridged_pkts); 214 215 mwifiex_queue_main_work(priv->adapter); 216 217 return; 218 } 219 220 /* 221 * This function contains logic for AP packet forwarding. 222 * 223 * If a packet is multicast/broadcast, it is sent to kernel/upper layer 224 * as well as queued back to AP TX queue so that it can be sent to other 225 * associated stations. 226 * If a packet is unicast and RA is present in associated station list, 227 * it is again requeued into AP TX queue. 228 * If a packet is unicast and RA is not in associated station list, 229 * packet is forwarded to kernel to handle routing logic. 230 */ 231 int mwifiex_handle_uap_rx_forward(struct mwifiex_private *priv, 232 struct sk_buff *skb) 233 { 234 struct mwifiex_adapter *adapter = priv->adapter; 235 struct uap_rxpd *uap_rx_pd; 236 struct rx_packet_hdr *rx_pkt_hdr; 237 u8 ra[ETH_ALEN]; 238 struct sk_buff *skb_uap; 239 240 uap_rx_pd = (struct uap_rxpd *)(skb->data); 241 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset); 242 243 /* don't do packet forwarding in disconnected state */ 244 if (!priv->media_connected) { 245 mwifiex_dbg(adapter, ERROR, 246 "drop packet in disconnected state.\n"); 247 dev_kfree_skb_any(skb); 248 return 0; 249 } 250 251 memcpy(ra, rx_pkt_hdr->eth803_hdr.h_dest, ETH_ALEN); 252 253 if (is_multicast_ether_addr(ra)) { 254 skb_uap = skb_copy(skb, GFP_ATOMIC); 255 mwifiex_uap_queue_bridged_pkt(priv, skb_uap); 256 } else { 257 if (mwifiex_get_sta_entry(priv, ra)) { 258 /* Requeue Intra-BSS packet */ 259 mwifiex_uap_queue_bridged_pkt(priv, skb); 260 return 0; 261 } 262 } 263 264 /* Forward unicat/Inter-BSS packets to kernel. */ 265 return mwifiex_process_rx_packet(priv, skb); 266 } 267 268 int mwifiex_uap_recv_packet(struct mwifiex_private *priv, 269 struct sk_buff *skb) 270 { 271 struct mwifiex_adapter *adapter = priv->adapter; 272 struct mwifiex_sta_node *src_node; 273 struct ethhdr *p_ethhdr; 274 struct sk_buff *skb_uap; 275 struct mwifiex_txinfo *tx_info; 276 277 if (!skb) 278 return -1; 279 280 p_ethhdr = (void *)skb->data; 281 src_node = mwifiex_get_sta_entry(priv, p_ethhdr->h_source); 282 if (src_node) { 283 src_node->stats.last_rx = jiffies; 284 src_node->stats.rx_bytes += skb->len; 285 src_node->stats.rx_packets++; 286 } 287 288 if (is_multicast_ether_addr(p_ethhdr->h_dest) || 289 mwifiex_get_sta_entry(priv, p_ethhdr->h_dest)) { 290 if (skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN) 291 skb_uap = 292 skb_realloc_headroom(skb, MWIFIEX_MIN_DATA_HEADER_LEN); 293 else 294 skb_uap = skb_copy(skb, GFP_ATOMIC); 295 296 if (likely(skb_uap)) { 297 tx_info = MWIFIEX_SKB_TXCB(skb_uap); 298 memset(tx_info, 0, sizeof(*tx_info)); 299 tx_info->bss_num = priv->bss_num; 300 tx_info->bss_type = priv->bss_type; 301 tx_info->flags |= MWIFIEX_BUF_FLAG_BRIDGED_PKT; 302 __net_timestamp(skb_uap); 303 mwifiex_wmm_add_buf_txqueue(priv, skb_uap); 304 atomic_inc(&adapter->tx_pending); 305 atomic_inc(&adapter->pending_bridged_pkts); 306 if ((atomic_read(&adapter->pending_bridged_pkts) >= 307 MWIFIEX_BRIDGED_PKTS_THR_HIGH)) { 308 mwifiex_dbg(adapter, ERROR, 309 "Tx: Bridge packet limit reached. Drop packet!\n"); 310 mwifiex_uap_cleanup_tx_queues(priv); 311 } 312 313 } else { 314 mwifiex_dbg(adapter, ERROR, "failed to allocate skb_uap"); 315 } 316 317 mwifiex_queue_main_work(adapter); 318 /* Don't forward Intra-BSS unicast packet to upper layer*/ 319 if (mwifiex_get_sta_entry(priv, p_ethhdr->h_dest)) 320 return 0; 321 } 322 323 skb->dev = priv->netdev; 324 skb->protocol = eth_type_trans(skb, priv->netdev); 325 skb->ip_summed = CHECKSUM_NONE; 326 327 /* This is required only in case of 11n and USB/PCIE as we alloc 328 * a buffer of 4K only if its 11N (to be able to receive 4K 329 * AMSDU packets). In case of SD we allocate buffers based 330 * on the size of packet and hence this is not needed. 331 * 332 * Modifying the truesize here as our allocation for each 333 * skb is 4K but we only receive 2K packets and this cause 334 * the kernel to start dropping packets in case where 335 * application has allocated buffer based on 2K size i.e. 336 * if there a 64K packet received (in IP fragments and 337 * application allocates 64K to receive this packet but 338 * this packet would almost double up because we allocate 339 * each 1.5K fragment in 4K and pass it up. As soon as the 340 * 64K limit hits kernel will start to drop rest of the 341 * fragments. Currently we fail the Filesndl-ht.scr script 342 * for UDP, hence this fix 343 */ 344 if ((adapter->iface_type == MWIFIEX_USB || 345 adapter->iface_type == MWIFIEX_PCIE) && 346 skb->truesize > MWIFIEX_RX_DATA_BUF_SIZE) 347 skb->truesize += (skb->len - MWIFIEX_RX_DATA_BUF_SIZE); 348 349 /* Forward multicast/broadcast packet to upper layer*/ 350 netif_rx(skb); 351 return 0; 352 } 353 354 /* 355 * This function processes the packet received on AP interface. 356 * 357 * The function looks into the RxPD and performs sanity tests on the 358 * received buffer to ensure its a valid packet before processing it 359 * further. If the packet is determined to be aggregated, it is 360 * de-aggregated accordingly. Then skb is passed to AP packet forwarding logic. 361 * 362 * The completion callback is called after processing is complete. 363 */ 364 int mwifiex_process_uap_rx_packet(struct mwifiex_private *priv, 365 struct sk_buff *skb) 366 { 367 struct mwifiex_adapter *adapter = priv->adapter; 368 int ret; 369 struct uap_rxpd *uap_rx_pd; 370 struct rx_packet_hdr *rx_pkt_hdr; 371 u16 rx_pkt_type; 372 u8 ta[ETH_ALEN], pkt_type; 373 struct mwifiex_sta_node *node; 374 375 uap_rx_pd = (struct uap_rxpd *)(skb->data); 376 rx_pkt_type = le16_to_cpu(uap_rx_pd->rx_pkt_type); 377 rx_pkt_hdr = (void *)uap_rx_pd + le16_to_cpu(uap_rx_pd->rx_pkt_offset); 378 379 if (le16_to_cpu(uap_rx_pd->rx_pkt_offset) + 380 sizeof(rx_pkt_hdr->eth803_hdr) > skb->len) { 381 mwifiex_dbg(adapter, ERROR, 382 "wrong rx packet for struct ethhdr: len=%d, offset=%d\n", 383 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset)); 384 priv->stats.rx_dropped++; 385 dev_kfree_skb_any(skb); 386 return 0; 387 } 388 389 ether_addr_copy(ta, rx_pkt_hdr->eth803_hdr.h_source); 390 391 if ((le16_to_cpu(uap_rx_pd->rx_pkt_offset) + 392 le16_to_cpu(uap_rx_pd->rx_pkt_length)) > (u16) skb->len) { 393 mwifiex_dbg(adapter, ERROR, 394 "wrong rx packet: len=%d, offset=%d, length=%d\n", 395 skb->len, le16_to_cpu(uap_rx_pd->rx_pkt_offset), 396 le16_to_cpu(uap_rx_pd->rx_pkt_length)); 397 priv->stats.rx_dropped++; 398 399 node = mwifiex_get_sta_entry(priv, ta); 400 if (node) 401 node->stats.tx_failed++; 402 403 dev_kfree_skb_any(skb); 404 return 0; 405 } 406 407 if (rx_pkt_type == PKT_TYPE_MGMT) { 408 ret = mwifiex_process_mgmt_packet(priv, skb); 409 if (ret) 410 mwifiex_dbg(adapter, DATA, "Rx of mgmt packet failed"); 411 dev_kfree_skb_any(skb); 412 return ret; 413 } 414 415 416 if (rx_pkt_type != PKT_TYPE_BAR && uap_rx_pd->priority < MAX_NUM_TID) { 417 spin_lock_bh(&priv->sta_list_spinlock); 418 node = mwifiex_get_sta_entry(priv, ta); 419 if (node) 420 node->rx_seq[uap_rx_pd->priority] = 421 le16_to_cpu(uap_rx_pd->seq_num); 422 spin_unlock_bh(&priv->sta_list_spinlock); 423 } 424 425 if (!priv->ap_11n_enabled || 426 (!mwifiex_11n_get_rx_reorder_tbl(priv, uap_rx_pd->priority, ta) && 427 (le16_to_cpu(uap_rx_pd->rx_pkt_type) != PKT_TYPE_AMSDU))) { 428 ret = mwifiex_handle_uap_rx_forward(priv, skb); 429 return ret; 430 } 431 432 /* Reorder and send to kernel */ 433 pkt_type = (u8)le16_to_cpu(uap_rx_pd->rx_pkt_type); 434 ret = mwifiex_11n_rx_reorder_pkt(priv, le16_to_cpu(uap_rx_pd->seq_num), 435 uap_rx_pd->priority, ta, pkt_type, 436 skb); 437 438 if (ret || (rx_pkt_type == PKT_TYPE_BAR)) 439 dev_kfree_skb_any(skb); 440 441 if (ret) 442 priv->stats.rx_dropped++; 443 444 return ret; 445 } 446 447 /* 448 * This function fills the TxPD for AP tx packets. 449 * 450 * The Tx buffer received by this function should already have the 451 * header space allocated for TxPD. 452 * 453 * This function inserts the TxPD in between interface header and actual 454 * data and adjusts the buffer pointers accordingly. 455 * 456 * The following TxPD fields are set by this function, as required - 457 * - BSS number 458 * - Tx packet length and offset 459 * - Priority 460 * - Packet delay 461 * - Priority specific Tx control 462 * - Flags 463 */ 464 void *mwifiex_process_uap_txpd(struct mwifiex_private *priv, 465 struct sk_buff *skb) 466 { 467 struct mwifiex_adapter *adapter = priv->adapter; 468 struct uap_txpd *txpd; 469 struct mwifiex_txinfo *tx_info = MWIFIEX_SKB_TXCB(skb); 470 int pad; 471 u16 pkt_type, pkt_offset; 472 int hroom = adapter->intf_hdr_len; 473 474 if (!skb->len) { 475 mwifiex_dbg(adapter, ERROR, 476 "Tx: bad packet length: %d\n", skb->len); 477 tx_info->status_code = -1; 478 return skb->data; 479 } 480 481 BUG_ON(skb_headroom(skb) < MWIFIEX_MIN_DATA_HEADER_LEN); 482 483 pkt_type = mwifiex_is_skb_mgmt_frame(skb) ? PKT_TYPE_MGMT : 0; 484 485 pad = ((uintptr_t)skb->data - (sizeof(*txpd) + hroom)) & 486 (MWIFIEX_DMA_ALIGN_SZ - 1); 487 488 skb_push(skb, sizeof(*txpd) + pad); 489 490 txpd = (struct uap_txpd *)skb->data; 491 memset(txpd, 0, sizeof(*txpd)); 492 txpd->bss_num = priv->bss_num; 493 txpd->bss_type = priv->bss_type; 494 txpd->tx_pkt_length = cpu_to_le16((u16)(skb->len - (sizeof(*txpd) + 495 pad))); 496 txpd->priority = (u8)skb->priority; 497 498 txpd->pkt_delay_2ms = mwifiex_wmm_compute_drv_pkt_delay(priv, skb); 499 500 if (tx_info->flags & MWIFIEX_BUF_FLAG_EAPOL_TX_STATUS || 501 tx_info->flags & MWIFIEX_BUF_FLAG_ACTION_TX_STATUS) { 502 txpd->tx_token_id = tx_info->ack_frame_id; 503 txpd->flags |= MWIFIEX_TXPD_FLAGS_REQ_TX_STATUS; 504 } 505 506 if (txpd->priority < ARRAY_SIZE(priv->wmm.user_pri_pkt_tx_ctrl)) 507 /* 508 * Set the priority specific tx_control field, setting of 0 will 509 * cause the default value to be used later in this function. 510 */ 511 txpd->tx_control = 512 cpu_to_le32(priv->wmm.user_pri_pkt_tx_ctrl[txpd->priority]); 513 514 /* Offset of actual data */ 515 pkt_offset = sizeof(*txpd) + pad; 516 if (pkt_type == PKT_TYPE_MGMT) { 517 /* Set the packet type and add header for management frame */ 518 txpd->tx_pkt_type = cpu_to_le16(pkt_type); 519 pkt_offset += MWIFIEX_MGMT_FRAME_HEADER_SIZE; 520 } 521 522 txpd->tx_pkt_offset = cpu_to_le16(pkt_offset); 523 524 /* make space for adapter->intf_hdr_len */ 525 skb_push(skb, hroom); 526 527 if (!txpd->tx_control) 528 /* TxCtrl set by user or default */ 529 txpd->tx_control = cpu_to_le32(priv->pkt_tx_ctrl); 530 531 return skb->data; 532 } 533